From adaa05bc0e2621f9a162621eccafe1a163d08d66 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 9 Nov 2023 22:02:07 +0000
Subject: [PATCH 01/23] Bump github.com/sigstore/cosign/v2 from 2.1.1 to 2.2.1

Bumps [github.com/sigstore/cosign/v2](https://github.com/sigstore/cosign) from 2.1.1 to 2.2.1.
- [Release notes](https://github.com/sigstore/cosign/releases)
- [Changelog](https://github.com/sigstore/cosign/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sigstore/cosign/compare/v2.1.1...v2.2.1)

---
updated-dependencies:
- dependency-name: github.com/sigstore/cosign/v2
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 go.mod                                        |  277 +-
 go.sum                                        |  709 +-
 .../go/compute/internal/version.go            |    2 +-
 .../github.com/Azure/go-ansiterm/SECURITY.md  |   41 +
 .../Azure/go-autorest/autorest/adal/token.go  |   42 +-
 .../DataDog/appsec-internal-go/LICENSE        |  200 +
 .../appsec-internal-go/httpsec/client_ip.go   |  126 +
 .../appsec-internal-go/netip/ip_default.go    |   32 +
 .../appsec-internal-go/netip/ip_go119.go      |   34 +
 .../datadog-agent/pkg/obfuscate/LICENSE       |  200 +
 .../datadog-agent/pkg/obfuscate/cache.go      |   90 +
 .../pkg/obfuscate/credit_cards.go             |  211 +
 .../datadog-agent/pkg/obfuscate/http.go       |   60 +
 .../datadog-agent/pkg/obfuscate/json.go       |  229 +
 .../pkg/obfuscate/json_scanner.go             |  560 ++
 .../datadog-agent/pkg/obfuscate/memcached.go  |   19 +
 .../datadog-agent/pkg/obfuscate/obfuscate.go  |  267 +
 .../datadog-agent/pkg/obfuscate/redis.go      |  301 +
 .../pkg/obfuscate/redis_tokenizer.go          |  187 +
 .../datadog-agent/pkg/obfuscate/sql.go        |  416 +
 .../pkg/obfuscate/sql_tokenizer.go            |  912 ++
 .../pkg/remoteconfig/state/LICENSE            |  200 +
 .../pkg/remoteconfig/state/README.md          |    5 +
 .../pkg/remoteconfig/state/agent_config.go    |  159 +
 .../pkg/remoteconfig/state/configs.go         |  123 +
 .../remoteconfig/state/configs_agent_task.go  |   59 +
 .../pkg/remoteconfig/state/configs_asm.go     |  159 +
 .../pkg/remoteconfig/state/path.go            |  100 +
 .../pkg/remoteconfig/state/products.go        |   45 +
 .../pkg/remoteconfig/state/repository.go      |  442 +
 .../pkg/remoteconfig/state/tuf.go             |  233 +
 .../DataDog/datadog-go/v5/LICENSE.txt         |   19 +
 .../DataDog/datadog-go/v5/statsd/README.md    |    4 +
 .../datadog-go/v5/statsd/aggregator.go        |  290 +
 .../DataDog/datadog-go/v5/statsd/buffer.go    |  197 +
 .../datadog-go/v5/statsd/buffer_pool.go       |   40 +
 .../v5/statsd/buffered_metric_context.go      |   82 +
 .../DataDog/datadog-go/v5/statsd/container.go |   82 +
 .../DataDog/datadog-go/v5/statsd/event.go     |   75 +
 .../DataDog/datadog-go/v5/statsd/fnv1a.go     |   39 +
 .../DataDog/datadog-go/v5/statsd/format.go    |  280 +
 .../DataDog/datadog-go/v5/statsd/metrics.go   |  181 +
 .../DataDog/datadog-go/v5/statsd/noop.go      |  106 +
 .../DataDog/datadog-go/v5/statsd/options.go   |  348 +
 .../DataDog/datadog-go/v5/statsd/pipe.go      |   13 +
 .../datadog-go/v5/statsd/pipe_windows.go      |   75 +
 .../DataDog/datadog-go/v5/statsd/sender.go    |  111 +
 .../datadog-go/v5/statsd/service_check.go     |   57 +
 .../DataDog/datadog-go/v5/statsd/statsd.go    |  838 ++
 .../DataDog/datadog-go/v5/statsd/telemetry.go |  274 +
 .../DataDog/datadog-go/v5/statsd/udp.go       |   34 +
 .../DataDog/datadog-go/v5/statsd/uds.go       |   88 +
 .../datadog-go/v5/statsd/uds_windows.go       |   14 +
 .../DataDog/datadog-go/v5/statsd/utils.go     |   32 +
 .../DataDog/datadog-go/v5/statsd/worker.go    |  150 +
 .../DataDog/go-libddwaf/.gitattributes        |    3 +
 .../github.com/DataDog/go-libddwaf/.gitignore |   15 +
 vendor/github.com/DataDog/go-libddwaf/LICENSE |  200 +
 .../github.com/DataDog/go-libddwaf/README.md  |  120 +
 .../DataDog/go-libddwaf/cgo_ref_pool.go       |   90 +
 .../github.com/DataDog/go-libddwaf/context.go |  155 +
 .../github.com/DataDog/go-libddwaf/ctypes.go  |  176 +
 .../github.com/DataDog/go-libddwaf/decoder.go |   73 +
 .../DataDog/go-libddwaf/embed_darwin_amd64.go |   13 +
 .../DataDog/go-libddwaf/embed_darwin_arm64.go |   13 +
 .../DataDog/go-libddwaf/embed_linux_amd64.go  |   13 +
 .../DataDog/go-libddwaf/embed_linux_arm64.go  |   13 +
 .../github.com/DataDog/go-libddwaf/encoder.go |  256 +
 .../github.com/DataDog/go-libddwaf/handle.go  |  206 +
 .../go-libddwaf/internal/noopfree/noopfree.go |   15 +
 .../go-libddwaf/internal/noopfree/noopfree.s  |   10 +
 .../lib/darwin-amd64/_libddwaf.dylib          |  Bin 0 -> 1375472 bytes
 .../lib/darwin-arm64/_libddwaf.dylib          |  Bin 0 -> 1289856 bytes
 .../go-libddwaf/lib/linux-amd64/libddwaf.so   |  Bin 0 -> 2269984 bytes
 .../go-libddwaf/lib/linux-arm64/libddwaf.so   |  Bin 0 -> 2122824 bytes
 .../github.com/DataDog/go-libddwaf/lib_dl.go  |   88 +
 vendor/github.com/DataDog/go-libddwaf/safe.go |   68 +
 .../DataDog/go-libddwaf/symbols_linux_cgo.go  |   21 +
 .../go-libddwaf/symbols_linux_purego.go       |   15 +
 vendor/github.com/DataDog/go-libddwaf/waf.go  |  130 +
 .../github.com/DataDog/go-libddwaf/waf_dl.go  |  176 +
 .../DataDog/go-libddwaf/waf_dl_unsupported.go |   58 +
 .../DataDog/go-libddwaf/waf_unsupported_go.go |   17 +
 .../go-libddwaf/waf_unsupported_target.go     |   17 +
 vendor/github.com/DataDog/go-tuf/LICENSE      |   27 +
 .../DataDog/go-tuf/client/client.go           |  982 ++
 .../DataDog/go-tuf/client/delegations.go      |  152 +
 .../DataDog/go-tuf/client/errors.go           |  107 +
 .../DataDog/go-tuf/client/file_store.go       |   90 +
 .../DataDog/go-tuf/client/local_store.go      |   29 +
 .../DataDog/go-tuf/client/remote_store.go     |  109 +
 .../DataDog/go-tuf/data/hex_bytes.go          |   42 +
 .../github.com/DataDog/go-tuf/data/types.go   |  348 +
 .../DataDog/go-tuf/internal/roles/roles.go    |   48 +
 .../DataDog/go-tuf/internal/sets/strings.go   |   24 +
 .../go-tuf/pkg/keys/deprecated_ecdsa.go       |  101 +
 .../DataDog/go-tuf/pkg/keys/ecdsa.go          |  173 +
 .../DataDog/go-tuf/pkg/keys/ed25519.go        |  161 +
 .../DataDog/go-tuf/pkg/keys/keys.go           |   82 +
 .../DataDog/go-tuf/pkg/keys/pkix.go           |   56 +
 .../github.com/DataDog/go-tuf/pkg/keys/rsa.go |  162 +
 .../DataDog/go-tuf/pkg/targets/delegation.go  |  102 +
 .../DataDog/go-tuf/pkg/targets/hash_bins.go   |  113 +
 vendor/github.com/DataDog/go-tuf/util/util.go |  332 +
 vendor/github.com/DataDog/go-tuf/verify/db.go |  104 +
 .../DataDog/go-tuf/verify/errors.go           |   73 +
 .../DataDog/go-tuf/verify/verify.go           |  187 +
 .../DataDog/gostackparse/gostackparse.go      |   11 +
 vendor/github.com/DataDog/sketches-go/LICENSE |   13 +
 .../DataDog/sketches-go/LICENSE-3rdparty.csv  |    3 +
 vendor/github.com/DataDog/sketches-go/NOTICE  |    4 +
 .../DataDog/sketches-go/ddsketch/ddsketch.go  |  767 ++
 .../sketches-go/ddsketch/encoding/encoding.go |  208 +
 .../sketches-go/ddsketch/encoding/flag.go     |  160 +
 .../ddsketch/mapping/bit_operation_helper.go  |   35 +
 .../mapping/cubically_interpolated_mapping.go |  146 +
 .../ddsketch/mapping/index_mapping.go         |   95 +
 .../mapping/linearly_interpolated_mapping.go  |  142 +
 .../ddsketch/mapping/logarithmic_mapping.go   |  119 +
 .../ddsketch/pb/sketchpb/ddsketch.pb.go       |  448 +
 .../sketches-go/ddsketch/stat/summary.go      |  171 +
 .../DataDog/sketches-go/ddsketch/store/bin.go |   28 +
 .../ddsketch/store/buffered_paginated.go      |  667 ++
 .../store/collapsing_highest_dense_store.go   |  188 +
 .../store/collapsing_lowest_dense_store.go    |  207 +
 .../sketches-go/ddsketch/store/dense_store.go |  330 +
 .../sketches-go/ddsketch/store/sparse.go      |  184 +
 .../sketches-go/ddsketch/store/store.go       |  153 +
 .../go-crypto/openpgp/armor/armor.go          |   11 +-
 .../go-crypto/openpgp/internal/ecc/x448.go    |    4 +-
 .../ProtonMail/go-crypto/openpgp/keys.go      |    4 +-
 .../go-crypto/openpgp/packet/public_key.go    |    4 +
 .../go-crypto/openpgp/packet/signature.go     |    2 +-
 .../openpgp/packet/symmetric_key_encrypted.go |   31 +-
 .../openpgp/packet/symmetrically_encrypted.go |    8 +-
 .../packet/symmetrically_encrypted_aead.go    |   35 +-
 .../ProtonMail/go-crypto/openpgp/write.go     |    2 +-
 .../darabonba-openapi/client/client.go        |  107 +-
 .../tea-utils/service/service.go              |    6 +
 .../alibabacloud-go/tea-xml/LICENSE           |  201 +
 .../github.com/alibabacloud-go/tea/tea/tea.go |   83 +-
 .../credentials/access_key_credential.go      |    9 +
 .../credentials/bearer_token_credential.go    |    8 +
 .../credentials-go/credentials/credential.go  |   21 +-
 .../credentials/credential_model.go           |   50 +
 .../credentials/ecs_ram_role.go               |   16 +
 .../credentials/oidc_credential.go            |   25 +-
 .../credentials/oidc_credential_provider.go   |   37 +
 .../credentials/profile_provider.go           |    3 +-
 .../credentials-go/credentials/provider.go    |    4 +
 .../credentials/provider_chain.go             |    2 +-
 .../credentials/rsa_key_pair_credential.go    |   18 +
 .../credentials/sts_credential.go             |   10 +
 .../credentials/sts_role_arn_credential.go    |   37 +
 .../credentials/uri_credential.go             |   16 +
 .../credentials/utils/runtime.go              |    1 +
 .../github.com/aws/aws-sdk-go-v2/CHANGELOG.md | 1614 +++
 vendor/github.com/aws/aws-sdk-go-v2/Makefile  |   14 +-
 .../aws/aws-sdk-go-v2/aws/config.go           |   14 +
 .../aws-sdk-go-v2/aws/go_module_metadata.go   |    2 +-
 .../aws-sdk-go-v2/aws/middleware/metadata.go  |   33 +-
 .../aws/middleware/user_agent.go              |   26 +-
 .../aws/protocol/eventstream/CHANGELOG.md     |   20 +
 .../eventstream/go_module_metadata.go         |    2 +-
 .../aws/protocol/query/object.go              |   13 +
 .../aws-sdk-go-v2/aws/protocol/query/value.go |    9 +
 .../aws/retry/retryable_error.go              |   16 +-
 .../aws/signer/internal/v4/headers.go         |    1 +
 .../aws-sdk-go-v2/aws/signer/v4/middleware.go |   15 +-
 .../aws/aws-sdk-go-v2/aws/signer/v4/v4.go     |    2 +-
 .../aws/aws-sdk-go-v2/ci-find-smithy-go.sh    |   58 +
 .../aws/aws-sdk-go-v2/config/CHANGELOG.md     |   83 +
 .../aws/aws-sdk-go-v2/config/config.go        |   28 +-
 .../aws/aws-sdk-go-v2/config/env_config.go    |   14 +-
 .../config/go_module_metadata.go              |    2 +-
 .../aws/aws-sdk-go-v2/config/load_options.go  |   41 +
 .../aws/aws-sdk-go-v2/config/provider.go      |   37 +
 .../aws/aws-sdk-go-v2/config/resolve.go       |   11 +
 .../aws/aws-sdk-go-v2/config/shared_config.go |   81 +-
 .../aws-sdk-go-v2/credentials/CHANGELOG.md    |   68 +
 .../credentials/go_module_metadata.go         |    2 +-
 .../feature/ec2/imds/CHANGELOG.md             |   36 +
 .../feature/ec2/imds/go_module_metadata.go    |    2 +-
 .../aws/aws-sdk-go-v2/internal/auth/scheme.go |  186 +
 .../internal/configsources/CHANGELOG.md       |   36 +
 .../configsources/go_module_metadata.go       |    2 +-
 .../internal/endpoints/awsrulesfn/arn.go      |   94 +
 .../internal/endpoints/awsrulesfn/doc.go      |    3 +
 .../internal/endpoints/awsrulesfn/generate.go |    7 +
 .../internal/endpoints/awsrulesfn/host.go     |   51 +
 .../endpoints/awsrulesfn/partition.go         |   75 +
 .../endpoints/awsrulesfn/partitions.go        |  343 +
 .../endpoints/awsrulesfn/partitions.json      |  213 +
 .../internal/endpoints/v2/CHANGELOG.md        |   36 +
 .../endpoints/v2/go_module_metadata.go        |    2 +-
 .../aws-sdk-go-v2/internal/ini/CHANGELOG.md   |   41 +
 .../internal/ini/go_module_metadata.go        |    2 +-
 .../internal/ini/literal_tokens.go            |  186 +-
 .../internal/ini/number_helper.go             |  152 -
 .../aws-sdk-go-v2/internal/ini/value_util.go  |  161 -
 .../aws/aws-sdk-go-v2/internal/ini/visitor.go |    6 +-
 .../aws-sdk-go-v2/internal/v4a/CHANGELOG.md   |   77 +
 .../internal/v4a/go_module_metadata.go        |    2 +-
 .../aws-sdk-go-v2/internal/v4a/middleware.go  |   27 +-
 .../github.com/aws/aws-sdk-go-v2/modman.toml  |    2 +-
 .../aws-sdk-go-v2/service/ecr/CHANGELOG.md    |   69 +
 .../aws-sdk-go-v2/service/ecr/api_client.go   |  108 +-
 .../ecr/api_op_BatchCheckLayerAvailability.go |  146 +-
 .../service/ecr/api_op_BatchDeleteImage.go    |  150 +-
 .../service/ecr/api_op_BatchGetImage.go       |  146 +-
 ...BatchGetRepositoryScanningConfiguration.go |  142 +-
 .../service/ecr/api_op_CompleteLayerUpload.go |  142 +-
 .../ecr/api_op_CreatePullThroughCacheRule.go  |  142 +-
 .../service/ecr/api_op_CreateRepository.go    |  157 +-
 .../ecr/api_op_DeleteLifecyclePolicy.go       |  142 +-
 .../ecr/api_op_DeletePullThroughCacheRule.go  |  142 +-
 .../ecr/api_op_DeleteRegistryPolicy.go        |  142 +-
 .../service/ecr/api_op_DeleteRepository.go    |  142 +-
 .../ecr/api_op_DeleteRepositoryPolicy.go      |  142 +-
 .../api_op_DescribeImageReplicationStatus.go  |  142 +-
 .../ecr/api_op_DescribeImageScanFindings.go   |  177 +-
 .../service/ecr/api_op_DescribeImages.go      |  189 +-
 .../api_op_DescribePullThroughCacheRules.go   |  143 +-
 .../service/ecr/api_op_DescribeRegistry.go    |  142 +-
 .../ecr/api_op_DescribeRepositories.go        |  175 +-
 .../ecr/api_op_GetAuthorizationToken.go       |  145 +-
 .../ecr/api_op_GetDownloadUrlForLayer.go      |  152 +-
 .../service/ecr/api_op_GetLifecyclePolicy.go  |  142 +-
 .../ecr/api_op_GetLifecyclePolicyPreview.go   |  165 +-
 .../service/ecr/api_op_GetRegistryPolicy.go   |  142 +-
 ...api_op_GetRegistryScanningConfiguration.go |  142 +-
 .../service/ecr/api_op_GetRepositoryPolicy.go |  142 +-
 .../service/ecr/api_op_InitiateLayerUpload.go |  142 +-
 .../service/ecr/api_op_ListImages.go          |  145 +-
 .../service/ecr/api_op_ListTagsForResource.go |  142 +-
 .../service/ecr/api_op_PutImage.go            |  154 +-
 .../api_op_PutImageScanningConfiguration.go   |  144 +-
 .../ecr/api_op_PutImageTagMutability.go       |  147 +-
 .../service/ecr/api_op_PutLifecyclePolicy.go  |  146 +-
 .../service/ecr/api_op_PutRegistryPolicy.go   |  150 +-
 ...api_op_PutRegistryScanningConfiguration.go |  151 +-
 .../ecr/api_op_PutReplicationConfiguration.go |  147 +-
 .../service/ecr/api_op_SetRepositoryPolicy.go |  152 +-
 .../service/ecr/api_op_StartImageScan.go      |  147 +-
 .../ecr/api_op_StartLifecyclePolicyPreview.go |  146 +-
 .../service/ecr/api_op_TagResource.go         |  142 +-
 .../service/ecr/api_op_UntagResource.go       |  142 +-
 .../service/ecr/api_op_UploadLayerPart.go     |  148 +-
 .../service/ecr/deserializers.go              |   15 +
 .../aws/aws-sdk-go-v2/service/ecr/doc.go      |   20 +-
 .../aws-sdk-go-v2/service/ecr/endpoints.go    |  380 +-
 .../aws-sdk-go-v2/service/ecr/generated.json  |    2 +
 .../service/ecr/go_module_metadata.go         |    2 +-
 .../ecr/internal/endpoints/endpoints.go       |   56 +-
 .../aws-sdk-go-v2/service/ecr/types/enums.go  |   20 +-
 .../aws-sdk-go-v2/service/ecr/types/errors.go |   29 +-
 .../aws-sdk-go-v2/service/ecr/types/types.go  |   81 +-
 .../aws-sdk-go-v2/service/ecr/validators.go   |   44 +
 .../service/ecrpublic/CHANGELOG.md            |  200 +
 .../service/ecrpublic/api_client.go           |  108 +-
 .../api_op_BatchCheckLayerAvailability.go     |  166 +-
 .../ecrpublic/api_op_BatchDeleteImage.go      |  164 +-
 .../ecrpublic/api_op_CompleteLayerUpload.go   |  159 +-
 .../ecrpublic/api_op_CreateRepository.go      |  161 +-
 .../ecrpublic/api_op_DeleteRepository.go      |  156 +-
 .../api_op_DeleteRepositoryPolicy.go          |  156 +-
 .../ecrpublic/api_op_DescribeImageTags.go     |  195 +-
 .../ecrpublic/api_op_DescribeImages.go        |  205 +-
 .../ecrpublic/api_op_DescribeRegistries.go    |  189 +-
 .../ecrpublic/api_op_DescribeRepositories.go  |  205 +-
 .../ecrpublic/api_op_GetAuthorizationToken.go |  144 +-
 .../api_op_GetRegistryCatalogData.go          |  142 +-
 .../api_op_GetRepositoryCatalogData.go        |  148 +-
 .../ecrpublic/api_op_GetRepositoryPolicy.go   |  156 +-
 .../ecrpublic/api_op_InitiateLayerUpload.go   |  161 +-
 .../ecrpublic/api_op_ListTagsForResource.go   |  146 +-
 .../service/ecrpublic/api_op_PutImage.go      |  172 +-
 .../api_op_PutRegistryCatalogData.go          |  144 +-
 .../api_op_PutRepositoryCatalogData.go        |  147 +-
 .../ecrpublic/api_op_SetRepositoryPolicy.go   |  166 +-
 .../service/ecrpublic/api_op_TagResource.go   |  154 +-
 .../service/ecrpublic/api_op_UntagResource.go |  146 +-
 .../ecrpublic/api_op_UploadLayerPart.go       |  165 +-
 .../service/ecrpublic/deserializers.go        |  402 +-
 .../aws-sdk-go-v2/service/ecrpublic/doc.go    |   10 +-
 .../service/ecrpublic/endpoints.go            |  342 +-
 .../service/ecrpublic/generated.json          |    4 +-
 .../service/ecrpublic/go_module_metadata.go   |    2 +-
 .../ecrpublic/internal/endpoints/endpoints.go |   66 +-
 .../service/ecrpublic/types/errors.go         |  267 +-
 .../service/ecrpublic/types/types.go          |  199 +-
 .../internal/accept-encoding/CHANGELOG.md     |   20 +
 .../accept-encoding/go_module_metadata.go     |    2 +-
 .../service/internal/checksum/CHANGELOG.md    |   72 +
 .../internal/checksum/go_module_metadata.go   |    2 +-
 .../internal/presigned-url/CHANGELOG.md       |   36 +
 .../presigned-url/go_module_metadata.go       |    2 +-
 .../service/internal/s3shared/CHANGELOG.md    |   74 +
 .../internal/s3shared/arn/arn_member.go       |   32 +
 .../internal/s3shared/config/config.go        |   19 +
 .../internal/s3shared/go_module_metadata.go   |    2 +-
 .../internal/s3shared/s3100continue.go        |   54 +
 .../aws/aws-sdk-go-v2/service/s3/CHANGELOG.md |  152 +
 .../aws-sdk-go-v2/service/s3/api_client.go    |  171 +-
 .../service/s3/api_op_AbortMultipartUpload.go |  231 +-
 .../s3/api_op_CompleteMultipartUpload.go      |  387 +-
 .../service/s3/api_op_CopyObject.go           |  588 +-
 .../service/s3/api_op_CreateBucket.go         |  333 +-
 .../s3/api_op_CreateMultipartUpload.go        |  647 +-
 .../service/s3/api_op_DeleteBucket.go         |  177 +-
 ...i_op_DeleteBucketAnalyticsConfiguration.go |  198 +-
 .../service/s3/api_op_DeleteBucketCors.go     |  180 +-
 .../s3/api_op_DeleteBucketEncryption.go       |  194 +-
 ...teBucketIntelligentTieringConfiguration.go |  186 +-
 ...i_op_DeleteBucketInventoryConfiguration.go |  192 +-
 .../s3/api_op_DeleteBucketLifecycle.go        |  186 +-
 ...api_op_DeleteBucketMetricsConfiguration.go |  202 +-
 .../api_op_DeleteBucketOwnershipControls.go   |  181 +-
 .../service/s3/api_op_DeleteBucketPolicy.go   |  191 +-
 .../s3/api_op_DeleteBucketReplication.go      |  190 +-
 .../service/s3/api_op_DeleteBucketTagging.go  |  177 +-
 .../service/s3/api_op_DeleteBucketWebsite.go  |  180 +-
 .../service/s3/api_op_DeleteObject.go         |  247 +-
 .../service/s3/api_op_DeleteObjectTagging.go  |  214 +-
 .../service/s3/api_op_DeleteObjects.go        |  248 +-
 .../s3/api_op_DeletePublicAccessBlock.go      |  200 +-
 ...api_op_GetBucketAccelerateConfiguration.go |  200 +-
 .../service/s3/api_op_GetBucketAcl.go         |  200 +-
 .../api_op_GetBucketAnalyticsConfiguration.go |  193 +-
 .../service/s3/api_op_GetBucketCors.go        |  197 +-
 .../service/s3/api_op_GetBucketEncryption.go  |  203 +-
 ...etBucketIntelligentTieringConfiguration.go |  186 +-
 .../api_op_GetBucketInventoryConfiguration.go |  196 +-
 .../api_op_GetBucketLifecycleConfiguration.go |  220 +-
 .../service/s3/api_op_GetBucketLocation.go    |  212 +-
 .../service/s3/api_op_GetBucketLogging.go     |  186 +-
 .../api_op_GetBucketMetricsConfiguration.go   |  202 +-
 ...i_op_GetBucketNotificationConfiguration.go |  209 +-
 .../s3/api_op_GetBucketOwnershipControls.go   |  187 +-
 .../service/s3/api_op_GetBucketPolicy.go      |  202 +-
 .../s3/api_op_GetBucketPolicyStatus.go        |  196 +-
 .../service/s3/api_op_GetBucketReplication.go |  195 +-
 .../s3/api_op_GetBucketRequestPayment.go      |  177 +-
 .../service/s3/api_op_GetBucketTagging.go     |  185 +-
 .../service/s3/api_op_GetBucketVersioning.go  |  185 +-
 .../service/s3/api_op_GetBucketWebsite.go     |  190 +-
 .../service/s3/api_op_GetObject.go            |  426 +-
 .../service/s3/api_op_GetObjectAcl.go         |  218 +-
 .../service/s3/api_op_GetObjectAttributes.go  |  361 +-
 .../service/s3/api_op_GetObjectLegalHold.go   |  188 +-
 .../s3/api_op_GetObjectLockConfiguration.go   |  189 +-
 .../service/s3/api_op_GetObjectRetention.go   |  188 +-
 .../service/s3/api_op_GetObjectTagging.go     |  226 +-
 .../service/s3/api_op_GetObjectTorrent.go     |  192 +-
 .../service/s3/api_op_GetPublicAccessBlock.go |  200 +-
 .../service/s3/api_op_HeadBucket.go           |  246 +-
 .../service/s3/api_op_HeadObject.go           |  488 +-
 ...pi_op_ListBucketAnalyticsConfigurations.go |  198 +-
 ...tBucketIntelligentTieringConfigurations.go |  190 +-
 ...pi_op_ListBucketInventoryConfigurations.go |  200 +-
 .../api_op_ListBucketMetricsConfigurations.go |  206 +-
 .../service/s3/api_op_ListBuckets.go          |  157 +-
 .../service/s3/api_op_ListMultipartUploads.go |  303 +-
 .../service/s3/api_op_ListObjectVersions.go   |  262 +-
 .../service/s3/api_op_ListObjects.go          |  269 +-
 .../service/s3/api_op_ListObjectsV2.go        |  310 +-
 .../service/s3/api_op_ListParts.go            |  292 +-
 ...api_op_PutBucketAccelerateConfiguration.go |  205 +-
 .../service/s3/api_op_PutBucketAcl.go         |  405 +-
 .../api_op_PutBucketAnalyticsConfiguration.go |  237 +-
 .../service/s3/api_op_PutBucketCors.go        |  249 +-
 .../service/s3/api_op_PutBucketEncryption.go  |  234 +-
 ...utBucketIntelligentTieringConfiguration.go |  223 +-
 .../api_op_PutBucketInventoryConfiguration.go |  245 +-
 .../api_op_PutBucketLifecycleConfiguration.go |  258 +-
 .../service/s3/api_op_PutBucketLogging.go     |  233 +-
 .../api_op_PutBucketMetricsConfiguration.go   |  228 +-
 ...i_op_PutBucketNotificationConfiguration.go |  215 +-
 .../s3/api_op_PutBucketOwnershipControls.go   |  187 +-
 .../service/s3/api_op_PutBucketPolicy.go      |  201 +-
 .../service/s3/api_op_PutBucketReplication.go |  249 +-
 .../s3/api_op_PutBucketRequestPayment.go      |  196 +-
 .../service/s3/api_op_PutBucketTagging.go     |  256 +-
 .../service/s3/api_op_PutBucketVersioning.go  |  222 +-
 .../service/s3/api_op_PutBucketWebsite.go     |  284 +-
 .../service/s3/api_op_PutObject.go            |  482 +-
 .../service/s3/api_op_PutObjectAcl.go         |  419 +-
 .../service/s3/api_op_PutObjectLegalHold.go   |  188 +-
 .../s3/api_op_PutObjectLockConfiguration.go   |  206 +-
 .../service/s3/api_op_PutObjectRetention.go   |  208 +-
 .../service/s3/api_op_PutObjectTagging.go     |  276 +-
 .../service/s3/api_op_PutPublicAccessBlock.go |  213 +-
 .../service/s3/api_op_RestoreObject.go        |  532 +-
 .../service/s3/api_op_SelectObjectContent.go  |  316 +-
 .../service/s3/api_op_UploadPart.go           |  409 +-
 .../service/s3/api_op_UploadPartCopy.go       |  445 +-
 .../s3/api_op_WriteGetObjectResponse.go       |  286 +-
 .../aws/aws-sdk-go-v2/service/s3/bucketer.go  |   15 +
 .../aws-sdk-go-v2/service/s3/deserializers.go |  169 +
 .../aws/aws-sdk-go-v2/service/s3/endpoints.go | 4181 +++++++-
 .../aws-sdk-go-v2/service/s3/generated.json   |    4 +-
 .../service/s3/go_module_metadata.go          |    2 +-
 .../service/s3/handwritten_paginators.go      |  204 +
 .../service/s3/internal/customizations/doc.go |    1 -
 .../customizations/process_arn_resource.go    |    4 +
 .../remove_bucket_middleware.go               |    5 +
 .../customizations/s3_object_lambda.go        |    4 +
 .../internal/customizations/signer_wrapper.go |   20 +-
 .../customizations/update_endpoint.go         |    8 +-
 .../s3/internal/endpoints/endpoints.go        |  125 +-
 .../s3/serialize_immutable_hostname_bucket.go |   72 +
 .../aws-sdk-go-v2/service/s3/serializers.go   | 1901 ++--
 .../aws-sdk-go-v2/service/s3/types/enums.go   |  153 +-
 .../aws-sdk-go-v2/service/s3/types/errors.go  |   91 +-
 .../aws-sdk-go-v2/service/s3/types/types.go   | 2201 ++--
 .../aws-sdk-go-v2/service/sso/CHANGELOG.md    |   58 +
 .../aws-sdk-go-v2/service/sso/api_client.go   |  106 +-
 .../service/sso/api_op_GetRoleCredentials.go  |  139 +-
 .../service/sso/api_op_ListAccountRoles.go    |  138 +-
 .../service/sso/api_op_ListAccounts.go        |  138 +-
 .../service/sso/api_op_Logout.go              |  139 +-
 .../aws-sdk-go-v2/service/sso/endpoints.go    |  361 +-
 .../aws-sdk-go-v2/service/sso/generated.json  |    4 +-
 .../service/sso/go_module_metadata.go         |    2 +-
 .../sso/internal/endpoints/endpoints.go       |   36 +-
 .../aws-sdk-go-v2/service/sso/serializers.go  |   36 +-
 .../service/ssooidc/CHANGELOG.md              |   58 +
 .../service/ssooidc/api_client.go             |  106 +-
 .../service/ssooidc/api_op_CreateToken.go     |  139 +-
 .../service/ssooidc/api_op_RegisterClient.go  |  139 +-
 .../api_op_StartDeviceAuthorization.go        |  139 +-
 .../service/ssooidc/endpoints.go              |  361 +-
 .../service/ssooidc/generated.json            |    4 +-
 .../service/ssooidc/go_module_metadata.go     |    2 +-
 .../ssooidc/internal/endpoints/endpoints.go   |   36 +-
 .../service/ssooidc/serializers.go            |   27 +-
 .../aws-sdk-go-v2/service/sts/CHANGELOG.md    |   54 +
 .../aws-sdk-go-v2/service/sts/api_client.go   |  106 +-
 .../service/sts/api_op_AssumeRole.go          |  142 +-
 .../service/sts/api_op_AssumeRoleWithSAML.go  |  139 +-
 .../sts/api_op_AssumeRoleWithWebIdentity.go   |  142 +-
 .../sts/api_op_DecodeAuthorizationMessage.go  |  139 +-
 .../service/sts/api_op_GetAccessKeyInfo.go    |  139 +-
 .../service/sts/api_op_GetCallerIdentity.go   |  139 +-
 .../service/sts/api_op_GetFederationToken.go  |  139 +-
 .../service/sts/api_op_GetSessionToken.go     |  139 +-
 .../aws-sdk-go-v2/service/sts/endpoints.go    |  838 +-
 .../aws-sdk-go-v2/service/sts/generated.json  |    4 +-
 .../service/sts/go_module_metadata.go         |    2 +-
 .../sts/internal/endpoints/endpoints.go       |    5 +-
 .../aws-sdk-go-v2/service/sts/serializers.go  |   36 +
 .../aws-sdk-go-v2/service/sts/types/types.go  |   12 +
 vendor/github.com/aws/smithy-go/.gitignore    |    4 +
 vendor/github.com/aws/smithy-go/CHANGELOG.md  |   21 +
 vendor/github.com/aws/smithy-go/README.md     |   15 +
 .../smithy-go/encoding/httpbinding/encode.go  |   13 +-
 .../aws/smithy-go/endpoints/endpoint.go       |   23 +
 .../endpoints/private/rulesfn/doc.go          |    4 +
 .../endpoints/private/rulesfn/strings.go      |   26 +
 .../endpoints/private/rulesfn/uri.go          |  130 +
 .../aws/smithy-go/go_module_metadata.go       |    2 +-
 vendor/github.com/aws/smithy-go/properties.go |   52 +
 .../http/middleware_header_comment.go         |   81 +
 .../ecr-login/api/client.go                   |    7 +-
 .../ecr-login/cache/file.go                   |    3 +-
 .../buildkite/agent/v3/api/annotations.go     |    4 +-
 .../buildkite/agent/v3/api/artifacts.go       |    6 +-
 .../buildkite/agent/v3/api/chunks.go          |    8 +-
 .../buildkite/agent/v3/api/client.go          |    5 +
 .../buildkite/agent/v3/api/header_times.go    |    2 +-
 .../github.com/buildkite/agent/v3/api/jobs.go |   41 +-
 .../buildkite/agent/v3/api/meta_data.go       |    8 +-
 .../github.com/buildkite/agent/v3/api/oidc.go |    2 +-
 .../buildkite/agent/v3/api/pipelines.go       |    4 +-
 .../buildkite/agent/v3/api/steps.go           |    4 +-
 .../buildkite/agent/v3/env/environment.go     |  298 +
 .../agent/v3/internal/ordered/map.go          |  417 +
 .../agent/v3/internal/ordered/slice.go        |   30 +
 .../agent/v3/internal/ordered/strings.go      |   39 +
 .../agent/v3/internal/ordered/tuple.go        |   15 +
 .../agent/v3/internal/ordered/unmarshal.go    |  384 +
 .../agent/v3/internal/ordered/yaml.go         |  260 +
 .../agent/v3/internal/pipeline/doc.go         |   13 +
 .../agent/v3/internal/pipeline/interpolate.go |  161 +
 .../internal/pipeline/interpolate_matrix.go   |   55 +
 .../agent/v3/internal/pipeline/json.go        |   98 +
 .../agent/v3/internal/pipeline/parser.go      |   32 +
 .../agent/v3/internal/pipeline/pipeline.go    |  131 +
 .../internal/pipeline/pipeline_invariants.go  |   82 +
 .../agent/v3/internal/pipeline/plugin.go      |  112 +
 .../agent/v3/internal/pipeline/plugins.go     |  106 +
 .../agent/v3/internal/pipeline/sign.go        |  185 +
 .../agent/v3/internal/pipeline/step.go        |   13 +
 .../v3/internal/pipeline/step_command.go      |  125 +
 .../internal/pipeline/step_command_matrix.go  |  365 +
 .../agent/v3/internal/pipeline/step_group.go  |   57 +
 .../agent/v3/internal/pipeline/step_input.go  |   34 +
 .../agent/v3/internal/pipeline/step_scalar.go |   41 +
 .../v3/internal/pipeline/step_trigger.go      |   23 +
 .../v3/internal/pipeline/step_unknown.go      |   40 +
 .../agent/v3/internal/pipeline/step_wait.go   |   35 +
 .../agent/v3/internal/pipeline/steps.go       |  170 +
 .../buildkite/agent/v3/logger/buffer.go       |   14 +
 .../buildkite/agent/v3/logger/log.go          |    6 +-
 .../buildkite/agent/v3/tracetools/doc.go      |    5 +
 .../agent/v3/tracetools/propagate.go          |   55 +
 .../buildkite/agent/v3/tracetools/span.go     |  129 +
 .../buildkite/agent/v3/version/VERSION        |    1 +
 .../buildkite/agent/v3/version/version.go     |   81 +
 .../buildkite/interpolate/LICENSE.txt         |   24 +
 .../buildkite/interpolate/README.md           |   61 +
 .../github.com/buildkite/interpolate/env.go   |   49 +
 .../buildkite/interpolate/interpolate.go      |  212 +
 .../buildkite/interpolate/parser.go           |  287 +
 .../pkg/token/token.go                        |   44 +-
 vendor/github.com/clbanning/mxj/v2/doc.go     |    5 +
 .../github.com/clbanning/mxj/v2/leafnode.go   |    2 +-
 vendor/github.com/clbanning/mxj/v2/readme.md  |    4 +-
 vendor/github.com/clbanning/mxj/v2/xml.go     |   38 +-
 vendor/github.com/clbanning/mxj/v2/xmlseq.go  |  111 +-
 .../cloudflare/circl/ecc/goldilocks/twist.go  |    2 +-
 .../cloudflare/circl/internal/sha3/keccakf.go |   12 +-
 .../cloudflare/circl/internal/sha3/sha3.go    |   11 +-
 .../cloudflare/circl/internal/sha3/shake.go   |   40 +
 .../cloudflare/circl/math/primes.go           |   34 +
 .../cloudflare/circl/sign/ed25519/ed25519.go  |    2 +-
 .../github.com/coreos/go-oidc/v3/oidc/jwks.go |    8 +-
 .../github.com/coreos/go-oidc/v3/oidc/oidc.go |    6 +-
 .../coreos/go-oidc/v3/oidc/verify.go          |    4 +-
 .../decred/dcrd/dcrec/secp256k1/v4/LICENSE    |   17 +
 .../decred/dcrd/dcrec/secp256k1/v4/README.md  |   72 +
 .../secp256k1/v4/compressedbytepoints.go      |   18 +
 .../decred/dcrd/dcrec/secp256k1/v4/curve.go   | 1272 +++
 .../decred/dcrd/dcrec/secp256k1/v4/doc.go     |   59 +
 .../decred/dcrd/dcrec/secp256k1/v4/ecdh.go    |   21 +
 .../dcrec/secp256k1/v4/ellipticadaptor.go     |  255 +
 .../decred/dcrd/dcrec/secp256k1/v4/error.go   |   67 +
 .../decred/dcrd/dcrec/secp256k1/v4/field.go   | 1681 ++++
 .../dcrec/secp256k1/v4/loadprecomputed.go     |   91 +
 .../dcrd/dcrec/secp256k1/v4/modnscalar.go     | 1101 ++
 .../decred/dcrd/dcrec/secp256k1/v4/nonce.go   |  263 +
 .../decred/dcrd/dcrec/secp256k1/v4/privkey.go |  111 +
 .../decred/dcrd/dcrec/secp256k1/v4/pubkey.go  |  237 +
 vendor/github.com/digitorus/pkcs7/Makefile    |    2 +-
 vendor/github.com/digitorus/pkcs7/ber.go      |   34 +-
 vendor/github.com/digitorus/pkcs7/pkcs7.go    |    4 +-
 .../digitorus/timestamp/rfc3161_struct.go     |    2 +-
 .../digitorus/timestamp/timestamp.go          |   60 +-
 .../distribution/reference/.gitattributes     |    1 +
 .../distribution/reference/.gitignore         |    2 +
 .../distribution/reference/.golangci.yml      |   18 +
 .../distribution/reference/CODE-OF-CONDUCT.md |    5 +
 .../distribution/reference/CONTRIBUTING.md    |  114 +
 .../distribution/reference/GOVERNANCE.md      |  144 +
 .../github.com/distribution/reference/LICENSE |  202 +
 .../distribution/reference/MAINTAINERS        |   26 +
 .../distribution/reference/Makefile           |   25 +
 .../distribution/reference/README.md          |   30 +
 .../distribution/reference/SECURITY.md        |    7 +
 .../reference/distribution-logo.svg           |    1 +
 .../distribution/reference/helpers.go         |    2 +-
 .../distribution/reference/normalize.go       |  131 +-
 .../distribution/reference/reference.go       |   27 +-
 .../distribution/reference/regexp.go          |  163 +
 .../github.com/distribution/reference/sort.go |   75 +
 .../github.com/docker/cli/cli/command/cli.go  |   18 +-
 .../docker/cli/cli/command/events_utils.go    |   14 +-
 .../docker/cli/cli/command/registry.go        |  101 +-
 .../docker/cli/cli/command/streams.go         |   32 -
 .../docker/cli/cli/config/configfile/file.go  |    4 +-
 .../cli/cli/config/credentials/file_store.go  |    3 +-
 .../cli/connhelper/commandconn/commandconn.go |  208 +-
 .../docker/cli/cli/connhelper/connhelper.go   |   16 +-
 .../docker/cli/cli/connhelper/ssh/ssh.go      |    5 +-
 .../docker/cli/cli/context/docker/load.go     |    6 -
 .../docker/cli/cli/context/store/store.go     |   14 -
 .../docker/cli/cli/flags/options.go           |    2 +-
 .../cli/cli/flags/options_deprecated.go       |   11 -
 .../github.com/docker/cli/cli/hints/hints.go  |   18 +
 .../docker/cli/cli/registry/client/client.go  |   10 +-
 .../cli/cli/registry/client/endpoint.go       |   13 +-
 .../docker/cli/cli/registry/client/fetcher.go |    8 +-
 .../github.com/docker/cli/cli/streams/in.go   |   27 +-
 .../github.com/docker/cli/cli/streams/out.go  |   30 +-
 .../docker/cli/cli/streams/stream.go          |   13 +-
 .../github.com/docker/cli/cli/trust/trust.go  |   30 +-
 .../docker/cli/opts/capabilities.go           |   14 +-
 .../docker/distribution/.golangci.yml         |   10 +-
 .../github.com/docker/distribution/.mailmap   |    3 +
 .../docker/distribution/BUILDING.md           |    2 +-
 .../github.com/docker/distribution/Dockerfile |    8 +-
 .../github.com/docker/distribution/Makefile   |    2 +-
 .../github.com/docker/distribution/blobs.go   |    2 +-
 .../reference/helpers_deprecated.go           |   34 +
 .../reference/normalize_deprecated.go         |   92 +
 .../reference/reference_deprecated.go         |  172 +
 .../docker/distribution/reference/regexp.go   |  143 -
 .../reference/regexp_deprecated.go            |   50 +
 .../distribution/reference/sort_deprecated.go |   10 +
 .../docker/distribution/registry.go           |    2 +-
 .../registry/api/v2/descriptors.go            |    2 +-
 .../distribution/registry/api/v2/urls.go      |    2 +-
 .../registry/client/blob_writer.go            |    2 +
 .../distribution/registry/client/errors.go    |   51 +-
 .../registry/client/repository.go             |    2 +-
 .../registry/storage/cache/memory/memory.go   |    2 +-
 .../docker/distribution/vendor.conf           |    3 +-
 .../client/client.go                          |    8 +-
 .../client/command.go                         |   13 +-
 .../credentials/credentials.go                |   69 +-
 .../credentials/error.go                      |   31 +-
 vendor/github.com/docker/docker/AUTHORS       |   18 +
 vendor/github.com/docker/docker/api/common.go |    2 +-
 .../github.com/docker/docker/api/swagger.yaml |  149 +-
 .../docker/docker/api/types/auth.go           |   25 +-
 .../docker/docker/api/types/client.go         |    3 +-
 .../docker/docker/api/types/configs.go        |    4 +-
 .../container/change_response_deprecated.go   |    6 +
 .../docker/api/types/container/change_type.go |   15 +
 .../api/types/container/change_types.go       |   23 +
 .../api/types/container/container_changes.go  |   20 -
 .../docker/api/types/container/deprecated.go  |   16 -
 .../api/types/container/filesystem_change.go  |   19 +
 .../{host_config.go => hostconfig.go}         |  129 +-
 .../docker/docker/api/types/deprecated.go     |   14 -
 .../docker/docker/api/types/filters/errors.go |   37 +
 .../docker/docker/api/types/filters/parse.go  |   51 +-
 .../docker/docker/api/types/image/opts.go     |    9 +
 .../docker/docker/api/types/image_summary.go  |   13 +-
 .../docker/api/types/registry/authconfig.go   |   99 +
 .../docker/api/types/registry/registry.go     |    6 +-
 .../docker/docker/api/types/time/timestamp.go |   40 +-
 .../docker/docker/api/types/types.go          |   34 +-
 .../docker/api/types/versions/compare.go      |    8 +-
 .../docker/api/types/volume/deprecated.go     |   11 -
 .../docker/docker/client/build_prune.go       |   10 +-
 .../github.com/docker/docker/client/client.go |   53 +-
 .../docker/docker/client/client_unix.go       |    7 +-
 .../docker/docker/client/client_windows.go    |    3 -
 .../docker/docker/client/container_create.go  |    6 +-
 .../docker/docker/client/container_diff.go    |    4 +-
 .../docker/client/distribution_inspect.go     |    8 +-
 .../github.com/docker/docker/client/errors.go |   25 -
 .../github.com/docker/docker/client/hijack.go |   13 +-
 .../docker/docker/client/image_create.go      |    3 +-
 .../docker/docker/client/image_push.go        |    3 +-
 .../docker/docker/client/image_search.go      |    2 +-
 .../docker/docker/client/interface.go         |   10 +-
 .../github.com/docker/docker/client/login.go  |    3 +-
 .../github.com/docker/docker/client/ping.go   |    6 +-
 .../docker/docker/client/plugin_install.go    |    7 +-
 .../docker/docker/client/plugin_push.go       |    4 +-
 .../docker/docker/client/plugin_upgrade.go    |    3 +-
 .../docker/docker/client/request.go           |   10 +-
 .../docker/docker/client/service_create.go    |    3 +-
 .../docker/docker/client/service_update.go    |    3 +-
 .../docker/docker/client/volume_list.go       |    6 +-
 .../docker/pkg/homedir/homedir_linux.go       |    9 +-
 .../docker/docker/pkg/ioutils/temp_unix.go    |   11 -
 .../docker/docker/pkg/ioutils/temp_windows.go |   16 -
 .../docker/pkg/ioutils/tempdir_deprecated.go  |   10 +
 .../docker/pkg/jsonmessage/jsonmessage.go     |   92 +-
 .../docker/docker/pkg/longpath/longpath.go    |   27 +-
 .../github.com/docker/docker/registry/auth.go |   13 +-
 .../docker/docker/registry/endpoint_v1.go     |    8 +-
 .../docker/docker/registry/search.go          |  139 +
 .../docker/docker/registry/service.go         |  108 +-
 .../docker/docker/registry/service_v2.go      |    2 +-
 .../docker/docker/registry/session.go         |   11 +-
 .../github.com/dustin/go-humanize/.travis.yml |   21 +
 vendor/github.com/dustin/go-humanize/LICENSE  |   21 +
 .../dustin/go-humanize/README.markdown        |  124 +
 vendor/github.com/dustin/go-humanize/big.go   |   31 +
 .../github.com/dustin/go-humanize/bigbytes.go |  189 +
 vendor/github.com/dustin/go-humanize/bytes.go |  143 +
 vendor/github.com/dustin/go-humanize/comma.go |  116 +
 .../github.com/dustin/go-humanize/commaf.go   |   41 +
 vendor/github.com/dustin/go-humanize/ftoa.go  |   49 +
 .../github.com/dustin/go-humanize/humanize.go |    8 +
 .../github.com/dustin/go-humanize/number.go   |  192 +
 .../github.com/dustin/go-humanize/ordinals.go |   25 +
 vendor/github.com/dustin/go-humanize/si.go    |  127 +
 vendor/github.com/dustin/go-humanize/times.go |  117 +
 .../github.com/ebitengine/purego/.gitignore   |    1 +
 .../purego}/LICENSE                           |    0
 vendor/github.com/ebitengine/purego/README.md |   74 +
 .../github.com/ebitengine/purego/abi_amd64.h  |   99 +
 .../github.com/ebitengine/purego/abi_arm64.h  |   39 +
 vendor/github.com/ebitengine/purego/cgo.go    |   15 +
 .../github.com/ebitengine/purego/dlerror.go   |   15 +
 vendor/github.com/ebitengine/purego/dlfcn.go  |   94 +
 .../ebitengine/purego/dlfcn_darwin.go         |   19 +
 .../ebitengine/purego/dlfcn_freebsd.go        |   18 +
 .../ebitengine/purego/dlfcn_linux.go          |   14 +
 .../ebitengine/purego/dlfcn_nocgo_linux.go    |   19 +
 .../ebitengine/purego/dlfcn_stubs.s           |   26 +
 vendor/github.com/ebitengine/purego/func.go   |  305 +
 .../ebitengine/purego/go_runtime.go           |   17 +
 .../purego/internal/cgo/syscall_cgo_unix.go   |   58 +
 .../purego/internal/fakecgo/abi_amd64.h       |   99 +
 .../purego/internal/fakecgo/abi_arm64.h       |   39 +
 .../purego/internal/fakecgo/asm_amd64.s       |   39 +
 .../purego/internal/fakecgo/asm_arm64.s       |   36 +
 .../purego/internal/fakecgo/callbacks.go      |   93 +
 .../ebitengine/purego/internal/fakecgo/doc.go |   33 +
 .../purego/internal/fakecgo/freebsd.go        |   27 +
 .../internal/fakecgo/go_darwin_amd64.go       |   71 +
 .../internal/fakecgo/go_darwin_arm64.go       |   86 +
 .../internal/fakecgo/go_freebsd_amd64.go      |   93 +
 .../internal/fakecgo/go_freebsd_arm64.go      |   96 +
 .../purego/internal/fakecgo/go_libinit.go     |   66 +
 .../purego/internal/fakecgo/go_linux_amd64.go |   93 +
 .../purego/internal/fakecgo/go_linux_arm64.go |   96 +
 .../purego/internal/fakecgo/go_setenv.go      |   18 +
 .../purego/internal/fakecgo/go_util.go        |   33 +
 .../purego/internal/fakecgo/iscgo.go          |   19 +
 .../purego/internal/fakecgo/libcgo.go         |   35 +
 .../purego/internal/fakecgo/libcgo_darwin.go  |   20 +
 .../purego/internal/fakecgo/libcgo_freebsd.go |   14 +
 .../purego/internal/fakecgo/libcgo_linux.go   |   14 +
 .../purego/internal/fakecgo/setenv.go         |   19 +
 .../purego/internal/fakecgo/symbols.go        |  184 +
 .../purego/internal/fakecgo/symbols_darwin.go |   27 +
 .../internal/fakecgo/symbols_freebsd.go       |   27 +
 .../purego/internal/fakecgo/symbols_linux.go  |   27 +
 .../internal/fakecgo/trampolines_amd64.s      |  104 +
 .../internal/fakecgo/trampolines_arm64.s      |   72 +
 .../internal/fakecgo/trampolines_stubs.s      |   90 +
 .../purego/internal/strings/strings.go        |   40 +
 vendor/github.com/ebitengine/purego/is_ios.go |   13 +
 vendor/github.com/ebitengine/purego/nocgo.go  |   25 +
 .../github.com/ebitengine/purego/sys_amd64.s  |  143 +
 .../github.com/ebitengine/purego/sys_arm64.s  |   63 +
 .../ebitengine/purego/sys_unix_arm64.s        |   70 +
 .../github.com/ebitengine/purego/syscall.go   |   40 +
 .../ebitengine/purego/syscall_cgo_linux.go    |   30 +
 .../ebitengine/purego/syscall_sysv.go         |  214 +
 .../ebitengine/purego/syscall_windows.go      |   45 +
 .../ebitengine/purego/zcallback_amd64.s       | 2014 ++++
 .../ebitengine/purego/zcallback_arm64.s       | 4014 ++++++++
 .../emicklei/go-restful/v3/CHANGES.md         |   11 +-
 .../emicklei/go-restful/v3/README.md          |    5 +-
 .../emicklei/go-restful/v3/route.go           |   17 +-
 .../emicklei/go-restful/v3/route_builder.go   |   45 +-
 vendor/github.com/fatih/color/README.md       |   14 +-
 vendor/github.com/fatih/color/color.go        |   46 +-
 .../github.com/fatih/color/color_windows.go   |   19 +
 vendor/github.com/fatih/color/doc.go          |  137 +-
 .../github.com/fsnotify/fsnotify/.cirrus.yml  |   13 +
 .../github.com/fsnotify/fsnotify/.gitignore   |    1 +
 .../github.com/fsnotify/fsnotify/CHANGELOG.md |   83 +-
 vendor/github.com/fsnotify/fsnotify/README.md |   81 +-
 .../fsnotify/fsnotify/backend_fen.go          |  552 +-
 .../fsnotify/fsnotify/backend_inotify.go      |  377 +-
 .../fsnotify/fsnotify/backend_kqueue.go       |  295 +-
 .../fsnotify/fsnotify/backend_other.go        |  205 +-
 .../fsnotify/fsnotify/backend_windows.go      |  247 +-
 .../github.com/fsnotify/fsnotify/fsnotify.go  |   91 +-
 vendor/github.com/fsnotify/fsnotify/mkdoc.zsh |  125 +-
 .../gabriel-vasile/mimetype/README.md         |    3 -
 .../mimetype/internal/magic/binary.go         |   38 +-
 .../mimetype/internal/magic/magic.go          |    4 +-
 .../mimetype/internal/magic/text_csv.go       |   18 +-
 .../gabriel-vasile/mimetype/mimetype.go       |    3 +-
 .../mimetype/supported_mimes.md               |    2 +-
 vendor/github.com/go-logr/logr/README.md      |  113 +-
 vendor/github.com/go-logr/logr/SECURITY.md    |   18 +
 vendor/github.com/go-logr/logr/funcr/funcr.go |   48 +-
 vendor/github.com/go-logr/logr/logr.go        |   35 +-
 vendor/github.com/go-openapi/errors/api.go    |    2 +-
 .../go-openapi/jsonpointer/pointer.go         |  147 +-
 .../go-playground/validator/v10/Makefile      |    2 +-
 .../go-playground/validator/v10/README.md     |  140 +-
 .../go-playground/validator/v10/baked_in.go   |  126 +-
 .../go-playground/validator/v10/doc.go        |   26 +-
 .../go-playground/validator/v10/options.go    |   16 +
 .../go-playground/validator/v10/regexes.go    |    6 +
 .../go-playground/validator/v10/util.go       |   12 +-
 .../go-playground/validator/v10/validator.go  |  113 +-
 .../validator/v10/validator_instance.go       |   34 +-
 vendor/github.com/goccy/go-json/.codecov.yml  |   32 +
 vendor/github.com/goccy/go-json/.gitignore    |    2 +
 vendor/github.com/goccy/go-json/.golangci.yml |   83 +
 vendor/github.com/goccy/go-json/CHANGELOG.md  |  425 +
 vendor/github.com/goccy/go-json/LICENSE       |   21 +
 vendor/github.com/goccy/go-json/Makefile      |   39 +
 vendor/github.com/goccy/go-json/README.md     |  529 +
 vendor/github.com/goccy/go-json/color.go      |   68 +
 vendor/github.com/goccy/go-json/decode.go     |  263 +
 .../goccy/go-json/docker-compose.yml          |   13 +
 vendor/github.com/goccy/go-json/encode.go     |  326 +
 vendor/github.com/goccy/go-json/error.go      |   41 +
 .../internal/decoder/anonymous_field.go       |   41 +
 .../goccy/go-json/internal/decoder/array.go   |  176 +
 .../goccy/go-json/internal/decoder/assign.go  |  438 +
 .../goccy/go-json/internal/decoder/bool.go    |   83 +
 .../goccy/go-json/internal/decoder/bytes.go   |  118 +
 .../goccy/go-json/internal/decoder/compile.go |  487 +
 .../internal/decoder/compile_norace.go        |   29 +
 .../go-json/internal/decoder/compile_race.go  |   37 +
 .../goccy/go-json/internal/decoder/context.go |  254 +
 .../goccy/go-json/internal/decoder/float.go   |  170 +
 .../goccy/go-json/internal/decoder/func.go    |  146 +
 .../goccy/go-json/internal/decoder/int.go     |  246 +
 .../go-json/internal/decoder/interface.go     |  528 +
 .../goccy/go-json/internal/decoder/invalid.go |   55 +
 .../goccy/go-json/internal/decoder/map.go     |  280 +
 .../goccy/go-json/internal/decoder/number.go  |  123 +
 .../goccy/go-json/internal/decoder/option.go  |   17 +
 .../goccy/go-json/internal/decoder/path.go    |  670 ++
 .../goccy/go-json/internal/decoder/ptr.go     |   96 +
 .../goccy/go-json/internal/decoder/slice.go   |  380 +
 .../goccy/go-json/internal/decoder/stream.go  |  556 ++
 .../goccy/go-json/internal/decoder/string.go  |  452 +
 .../goccy/go-json/internal/decoder/struct.go  |  845 ++
 .../goccy/go-json/internal/decoder/type.go    |   30 +
 .../goccy/go-json/internal/decoder/uint.go    |  194 +
 .../internal/decoder/unmarshal_json.go        |  104 +
 .../internal/decoder/unmarshal_text.go        |  285 +
 .../internal/decoder/wrapped_string.go        |   73 +
 .../goccy/go-json/internal/encoder/code.go    | 1023 ++
 .../goccy/go-json/internal/encoder/compact.go |  286 +
 .../go-json/internal/encoder/compiler.go      |  935 ++
 .../internal/encoder/compiler_norace.go       |   32 +
 .../go-json/internal/encoder/compiler_race.go |   45 +
 .../goccy/go-json/internal/encoder/context.go |  105 +
 .../go-json/internal/encoder/decode_rune.go   |  126 +
 .../goccy/go-json/internal/encoder/encoder.go |  596 ++
 .../goccy/go-json/internal/encoder/indent.go  |  211 +
 .../goccy/go-json/internal/encoder/int.go     |  152 +
 .../goccy/go-json/internal/encoder/map112.go  |    9 +
 .../goccy/go-json/internal/encoder/map113.go  |    9 +
 .../goccy/go-json/internal/encoder/opcode.go  |  752 ++
 .../goccy/go-json/internal/encoder/option.go  |   48 +
 .../goccy/go-json/internal/encoder/optype.go  |  932 ++
 .../goccy/go-json/internal/encoder/query.go   |  135 +
 .../goccy/go-json/internal/encoder/string.go  |  459 +
 .../go-json/internal/encoder/string_table.go  |  415 +
 .../go-json/internal/encoder/vm/debug_vm.go   |   41 +
 .../goccy/go-json/internal/encoder/vm/hack.go |    9 +
 .../goccy/go-json/internal/encoder/vm/util.go |  207 +
 .../goccy/go-json/internal/encoder/vm/vm.go   | 4859 +++++++++
 .../internal/encoder/vm_color/debug_vm.go     |   35 +
 .../go-json/internal/encoder/vm_color/hack.go |    9 +
 .../go-json/internal/encoder/vm_color/util.go |  274 +
 .../go-json/internal/encoder/vm_color/vm.go   | 4859 +++++++++
 .../encoder/vm_color_indent/debug_vm.go       |   35 +
 .../internal/encoder/vm_color_indent/util.go  |  297 +
 .../internal/encoder/vm_color_indent/vm.go    | 4859 +++++++++
 .../internal/encoder/vm_indent/debug_vm.go    |   35 +
 .../internal/encoder/vm_indent/hack.go        |    9 +
 .../internal/encoder/vm_indent/util.go        |  230 +
 .../go-json/internal/encoder/vm_indent/vm.go  | 4859 +++++++++
 .../goccy/go-json/internal/errors/error.go    |  183 +
 .../goccy/go-json/internal/runtime/rtype.go   |  263 +
 .../go-json/internal/runtime/struct_field.go  |   91 +
 .../goccy/go-json/internal/runtime/type.go    |  100 +
 vendor/github.com/goccy/go-json/json.go       |  371 +
 vendor/github.com/goccy/go-json/option.go     |   79 +
 vendor/github.com/goccy/go-json/path.go       |   84 +
 vendor/github.com/goccy/go-json/query.go      |   47 +
 .../certificate-transparency-go/CHANGELOG.md  |  143 +-
 .../certificate-transparency-go/README.md     |    4 +-
 .../cloudbuild.yaml                           |    1 -
 .../cloudbuild_master.yaml                    |    1 -
 .../cloudbuild_tag.yaml                       |    1 -
 .../certificate-transparency-go/tls/tls.go    |    2 +-
 .../certificate-transparency-go/types.go      |    2 +-
 .../x509/root_unix.go                         |    4 +-
 .../x509/root_wasip1.go                       |   19 +
 .../x509/root_zos.go                          |   13 +
 .../github.com/google/gnostic-models/LICENSE  |  203 +
 .../google/gnostic-models/compiler/README.md  |    4 +
 .../google/gnostic-models/compiler/context.go |   49 +
 .../google/gnostic-models/compiler/error.go   |   70 +
 .../gnostic-models/compiler/extensions.go     |   86 +
 .../google/gnostic-models/compiler/helpers.go |  397 +
 .../google/gnostic-models/compiler/main.go    |   16 +
 .../google/gnostic-models/compiler/reader.go  |  307 +
 .../gnostic-models/extensions/README.md       |   13 +
 .../gnostic-models/extensions/extension.pb.go |  461 +
 .../gnostic-models/extensions/extension.proto |   97 +
 .../gnostic-models/extensions/extensions.go   |   64 +
 .../gnostic-models/jsonschema/README.md       |    4 +
 .../google/gnostic-models/jsonschema/base.go  |   97 +
 .../gnostic-models/jsonschema/display.go      |  229 +
 .../gnostic-models/jsonschema/models.go       |  228 +
 .../gnostic-models/jsonschema/operations.go   |  394 +
 .../gnostic-models/jsonschema/reader.go       |  442 +
 .../gnostic-models/jsonschema/schema.json     |  150 +
 .../gnostic-models/jsonschema/writer.go       |  369 +
 .../gnostic-models/openapiv2/OpenAPIv2.go     | 8820 +++++++++++++++++
 .../gnostic-models/openapiv2/OpenAPIv2.pb.go  | 7342 ++++++++++++++
 .../gnostic-models/openapiv2/OpenAPIv2.proto  |  666 ++
 .../google/gnostic-models/openapiv2/README.md |   14 +
 .../gnostic-models/openapiv2/document.go      |   42 +
 .../gnostic-models/openapiv2/openapi-2.0.json | 1610 +++
 .../openapiv3/OpenAPIv3.go                    |    9 +-
 .../openapiv3/OpenAPIv3.pb.go                 |   13 +-
 .../openapiv3/OpenAPIv3.proto                 |    2 +-
 .../openapiv3/README.md                       |    4 -
 .../openapiv3/annotations.pb.go               |   21 +-
 .../openapiv3/annotations.proto               |   12 +-
 .../openapiv3/document.go                     |    2 +-
 .../google/gnostic/openapiv3/openapi-3.0.json | 1251 ---
 .../google/gnostic/openapiv3/openapi-3.1.json | 1250 ---
 .../github.com/google/go-cmp/cmp/compare.go   |   38 +-
 .../cmp/{export_unsafe.go => export.go}       |    5 -
 .../google/go-cmp/cmp/export_panic.go         |   16 -
 .../value/{pointer_unsafe.go => pointer.go}   |    3 -
 .../cmp/internal/value/pointer_purego.go      |   34 -
 .../github.com/google/go-cmp/cmp/options.go   |   84 +-
 vendor/github.com/google/go-cmp/cmp/path.go   |   46 +-
 .../google/go-cmp/cmp/report_reflect.go       |    2 +-
 .../pkg/v1/layout/write.go                    |    1 +
 .../pkg/v1/mutate/mutate.go                   |    4 +-
 .../pkg/v1/remote/descriptor.go               |   14 +-
 .../pkg/v1/remote/fetcher.go                  |    8 +-
 .../pkg/v1/remote/options.go                  |    3 +-
 .../pkg/v1/remote/transport/bearer.go         |  137 +-
 .../pkg/v1/remote/transport/ping.go           |   60 +-
 .../pkg/v1/remote/transport/schemer.go        |    2 +-
 .../pkg/v1/remote/transport/transport.go      |   47 +-
 .../pkg/v1/remote/write.go                    |   12 +-
 .../google/go-github/v50/github/event.go      |  163 -
 .../go-github/v50/github/orgs_audit_log.go    |  119 -
 .../google/go-github/{v50 => v55}/AUTHORS     |   54 +
 .../google/go-github/{v50 => v55}/LICENSE     |    0
 .../go-github/{v50 => v55}/github/actions.go  |    0
 .../{v50 => v55}/github/actions_artifacts.go  |    0
 .../{v50 => v55}/github/actions_cache.go      |    0
 .../{v50 => v55}/github/actions_oidc.go       |    0
 .../v55/github/actions_required_workflows.go  |  247 +
 .../github/actions_runner_groups.go           |    0
 .../{v50 => v55}/github/actions_runners.go    |   55 +
 .../{v50 => v55}/github/actions_secrets.go    |    0
 .../{v50 => v55}/github/actions_variables.go  |    0
 .../github/actions_workflow_jobs.go           |    1 +
 .../github/actions_workflow_runs.go           |   36 +-
 .../{v50 => v55}/github/actions_workflows.go  |    0
 .../go-github/{v50 => v55}/github/activity.go |    0
 .../{v50 => v55}/github/activity_events.go    |    0
 .../github/activity_notifications.go          |    0
 .../{v50 => v55}/github/activity_star.go      |    0
 .../{v50 => v55}/github/activity_watching.go  |    0
 .../go-github/{v50 => v55}/github/admin.go    |    0
 .../{v50 => v55}/github/admin_orgs.go         |    0
 .../{v50 => v55}/github/admin_stats.go        |    3 +-
 .../{v50 => v55}/github/admin_users.go        |    0
 .../go-github/{v50 => v55}/github/apps.go     |   25 +-
 .../{v50 => v55}/github/apps_hooks.go         |    0
 .../github/apps_hooks_deliveries.go           |    0
 .../{v50 => v55}/github/apps_installation.go  |    0
 .../{v50 => v55}/github/apps_manifest.go      |    0
 .../{v50 => v55}/github/apps_marketplace.go   |    0
 .../{v50 => v55}/github/authorizations.go     |    0
 .../go-github/{v50 => v55}/github/billing.go  |    9 +-
 .../go-github/{v50 => v55}/github/checks.go   |    0
 .../{v50 => v55}/github/code-scanning.go      |  264 +-
 .../google/go-github/v55/github/codespaces.go |  254 +
 .../v55/github/codespaces_secrets.go          |  405 +
 .../{v50 => v55}/github/dependabot.go         |    0
 .../{v50 => v55}/github/dependabot_alerts.go  |   10 +-
 .../{v50 => v55}/github/dependabot_secrets.go |   21 +-
 .../go-github/v55/github/dependency_graph.go  |   80 +
 .../go-github/{v50 => v55}/github/doc.go      |   28 +-
 .../{v50 => v55}/github/enterprise.go         |    0
 .../github/enterprise_actions_runners.go      |    0
 .../github/enterprise_audit_log.go            |    0
 .../enterprise_code_security_and_analysis.go  |    0
 .../google/go-github/v55/github/event.go      |   54 +
 .../{v50 => v55}/github/event_types.go        |  264 +-
 .../go-github/{v50 => v55}/github/gists.go    |    0
 .../{v50 => v55}/github/gists_comments.go     |    0
 .../go-github/{v50 => v55}/github/git.go      |    0
 .../{v50 => v55}/github/git_blobs.go          |    0
 .../{v50 => v55}/github/git_commits.go        |    0
 .../go-github/{v50 => v55}/github/git_refs.go |    0
 .../go-github/{v50 => v55}/github/git_tags.go |    0
 .../{v50 => v55}/github/git_trees.go          |    0
 .../{v50 => v55}/github/github-accessors.go   | 2952 +++++-
 .../go-github/{v50 => v55}/github/github.go   |  275 +-
 .../{v50 => v55}/github/gitignore.go          |    0
 .../{v50 => v55}/github/interactions.go       |    0
 .../{v50 => v55}/github/interactions_orgs.go  |    0
 .../{v50 => v55}/github/interactions_repos.go |    0
 .../{v50 => v55}/github/issue_import.go       |    9 +-
 .../go-github/{v50 => v55}/github/issues.go   |    0
 .../{v50 => v55}/github/issues_assignees.go   |    0
 .../{v50 => v55}/github/issues_comments.go    |    0
 .../{v50 => v55}/github/issues_events.go      |    0
 .../{v50 => v55}/github/issues_labels.go      |    0
 .../{v50 => v55}/github/issues_milestones.go  |    0
 .../{v50 => v55}/github/issues_timeline.go    |    0
 .../go-github/{v50 => v55}/github/licenses.go |    0
 .../go-github/{v50 => v55}/github/messages.go |  176 +-
 .../{v50 => v55}/github/migrations.go         |    0
 .../github/migrations_source_import.go        |    0
 .../{v50 => v55}/github/migrations_user.go    |    0
 .../go-github/{v50 => v55}/github/misc.go     |    0
 .../go-github/{v50 => v55}/github/orgs.go     |   19 +-
 .../github/orgs_actions_allowed.go            |    0
 .../github/orgs_actions_permissions.go        |    0
 .../go-github/v55/github/orgs_audit_log.go    |  156 +
 .../github/orgs_credential_authorizations.go  |   95 +
 .../{v50 => v55}/github/orgs_custom_roles.go  |    0
 .../{v50 => v55}/github/orgs_hooks.go         |    0
 .../v55/github/orgs_hooks_configuration.go    |   49 +
 .../github/orgs_hooks_deliveries.go           |    0
 .../{v50 => v55}/github/orgs_members.go       |    4 +-
 .../github/orgs_outside_collaborators.go      |    0
 .../{v50 => v55}/github/orgs_packages.go      |    0
 .../v55/github/orgs_personal_access_tokens.go |   34 +
 .../{v50 => v55}/github/orgs_projects.go      |    0
 .../google/go-github/v55/github/orgs_rules.go |  105 +
 .../github/orgs_security_managers.go          |    0
 .../github/orgs_users_blocking.go             |    0
 .../go-github/{v50 => v55}/github/packages.go |    0
 .../go-github/{v50 => v55}/github/projects.go |    0
 .../go-github/{v50 => v55}/github/pulls.go    |    3 +-
 .../{v50 => v55}/github/pulls_comments.go     |    2 +
 .../{v50 => v55}/github/pulls_reviewers.go    |    0
 .../{v50 => v55}/github/pulls_reviews.go      |    0
 .../{v50 => v55}/github/pulls_threads.go      |    0
 .../{v50 => v55}/github/reactions.go          |    0
 .../go-github/{v50 => v55}/github/repos.go    |   94 +-
 .../github/repos_actions_access.go            |    0
 .../github/repos_actions_allowed.go           |    0
 .../github/repos_actions_permissions.go       |    0
 .../{v50 => v55}/github/repos_autolinks.go    |    0
 .../{v50 => v55}/github/repos_codeowners.go   |    0
 .../github/repos_collaborators.go             |    0
 .../{v50 => v55}/github/repos_comments.go     |    0
 .../{v50 => v55}/github/repos_commits.go      |    0
 .../github/repos_community_health.go          |    0
 .../{v50 => v55}/github/repos_contents.go     |   22 +-
 .../repos_deployment_branch_policies.go       |    0
 .../{v50 => v55}/github/repos_deployments.go  |    0
 .../{v50 => v55}/github/repos_environments.go |    6 +
 .../{v50 => v55}/github/repos_forks.go        |    0
 .../{v50 => v55}/github/repos_hooks.go        |    0
 .../v55/github/repos_hooks_configuration.go   |   49 +
 .../github/repos_hooks_deliveries.go          |    4 +-
 .../{v50 => v55}/github/repos_invitations.go  |    0
 .../{v50 => v55}/github/repos_keys.go         |    0
 .../{v50 => v55}/github/repos_lfs.go          |    0
 .../{v50 => v55}/github/repos_merging.go      |    0
 .../{v50 => v55}/github/repos_pages.go        |   68 +-
 .../github/repos_prereceive_hooks.go          |    0
 .../{v50 => v55}/github/repos_projects.go     |    0
 .../{v50 => v55}/github/repos_releases.go     |    0
 .../go-github/v55/github/repos_rules.go       |  464 +
 .../{v50 => v55}/github/repos_stats.go        |    0
 .../{v50 => v55}/github/repos_statuses.go     |    0
 .../{v50 => v55}/github/repos_tags.go         |    0
 .../{v50 => v55}/github/repos_traffic.go      |    0
 .../go-github/{v50 => v55}/github/scim.go     |    0
 .../go-github/{v50 => v55}/github/search.go   |    0
 .../{v50 => v55}/github/secret_scanning.go    |   24 +-
 .../v55/github/security_advisories.go         |   37 +
 .../go-github/{v50 => v55}/github/strings.go  |    0
 .../go-github/{v50 => v55}/github/teams.go    |    0
 .../github/teams_discussion_comments.go       |    0
 .../{v50 => v55}/github/teams_discussions.go  |    0
 .../{v50 => v55}/github/teams_members.go      |    0
 .../{v50 => v55}/github/timestamp.go          |    8 +
 .../go-github/{v50 => v55}/github/users.go    |    4 +-
 .../github/users_administration.go            |    0
 .../{v50 => v55}/github/users_blocking.go     |    0
 .../{v50 => v55}/github/users_emails.go       |   25 +
 .../{v50 => v55}/github/users_followers.go    |    0
 .../{v50 => v55}/github/users_gpg_keys.go     |    0
 .../{v50 => v55}/github/users_keys.go         |    2 +
 .../{v50 => v55}/github/users_packages.go     |    0
 .../{v50 => v55}/github/users_projects.go     |    0
 .../github/users_ssh_signing_keys.go          |    0
 .../{v50 => v55}/github/with_appengine.go     |    0
 .../{v50 => v55}/github/without_appengine.go  |    0
 .../github.com/google/pprof/profile/encode.go |    6 +-
 .../github.com/google/pprof/profile/merge.go  |   99 +
 .../google/pprof/profile/profile.go           |   47 +-
 vendor/github.com/google/s2a-go/README.md     |    7 +-
 .../internal/handshaker/service/service.go    |   53 +-
 .../s2a-go/internal/record/ticketsender.go    |    8 +-
 .../google/s2a-go/internal/v2/s2av2.go        |  105 +-
 .../github.com/google/s2a-go/retry/retry.go   |  144 +
 vendor/github.com/google/s2a-go/s2a.go        |   47 +-
 .../github.com/google/s2a-go/s2a_options.go   |    7 +
 .../s2a-go/testdata/mds_client_cert.pem       |   19 +
 .../google/s2a-go/testdata/mds_client_key.pem |   28 +
 .../google/s2a-go/testdata/mds_root_cert.pem  |   21 +
 .../s2a-go/testdata/mds_server_cert.pem       |   21 +
 .../google/s2a-go/testdata/mds_server_key.pem |   28 +
 .../s2a-go/testdata/self_signed_cert.pem      |   19 +
 .../s2a-go/testdata/self_signed_key.pem       |   28 +
 vendor/github.com/google/uuid/.travis.yml     |    9 -
 vendor/github.com/google/uuid/CHANGELOG.md    |   21 +
 vendor/github.com/google/uuid/CONTRIBUTING.md |   16 +
 vendor/github.com/google/uuid/README.md       |   10 +-
 vendor/github.com/google/uuid/node_js.go      |    2 +-
 vendor/github.com/google/uuid/uuid.go         |   36 +-
 .../client/client.go                          |   42 +-
 .../client/util/util.go                       |    9 +
 vendor/github.com/gowebpki/jcs/.gitignore     |   34 +
 vendor/github.com/gowebpki/jcs/LICENSE        |  202 +
 vendor/github.com/gowebpki/jcs/README.md      |   72 +
 vendor/github.com/gowebpki/jcs/es6numfmt.go   |   59 +
 vendor/github.com/gowebpki/jcs/jcs.go         |  489 +
 .../hashicorp/go-retryablehttp/CHANGELOG.md   |    9 +
 .../hashicorp/go-retryablehttp/CODEOWNERS     |    1 +
 .../hashicorp/go-retryablehttp/LICENSE        |    2 +
 .../hashicorp/go-retryablehttp/client.go      |   16 +-
 .../go-retryablehttp/roundtripper.go          |    3 +
 vendor/github.com/hashicorp/hcl/decoder.go    |   46 +-
 .../github.com/hashicorp/hcl/hcl/ast/ast.go   |   15 +-
 vendor/github.com/imdario/mergo/README.md     |   20 +-
 .../github.com/jedisct1/go-minisign/LICENSE   |    2 +-
 .../klauspost/compress/.goreleaser.yml        |   20 +-
 .../github.com/klauspost/compress/README.md   |   29 +
 .../github.com/klauspost/compress/SECURITY.md |   25 +
 .../klauspost/compress/flate/deflate.go       |   34 +-
 .../klauspost/compress/flate/fast_encoder.go  |   23 -
 .../compress/flate/huffman_bit_writer.go      |    5 -
 .../compress/flate/huffman_sortByFreq.go      |   19 -
 .../klauspost/compress/flate/inflate.go       |   66 +-
 .../klauspost/compress/flate/inflate_gen.go   |   34 +-
 .../klauspost/compress/flate/level5.go        |  398 +
 .../compress/flate/matchlen_amd64.go          |   16 +
 .../klauspost/compress/flate/matchlen_amd64.s |   68 +
 .../compress/flate/matchlen_generic.go        |   33 +
 .../klauspost/compress/fse/bitwriter.go       |    3 +-
 .../klauspost/compress/fse/compress.go        |    3 +-
 .../klauspost/compress/huff0/bitwriter.go     |   11 +-
 .../klauspost/compress/huff0/compress.go      |   20 +-
 .../klauspost/compress/huff0/decompress.go    |    2 +-
 .../compress/internal/snapref/encode_other.go |   12 -
 .../klauspost/compress/zstd/README.md         |    2 +-
 .../klauspost/compress/zstd/bitreader.go      |   34 +-
 .../klauspost/compress/zstd/bitwriter.go      |    3 +-
 .../klauspost/compress/zstd/blockdec.go       |    2 +-
 .../klauspost/compress/zstd/blockenc.go       |   29 +-
 .../compress/zstd/decoder_options.go          |    2 +-
 .../klauspost/compress/zstd/dict.go           |  379 +-
 .../klauspost/compress/zstd/enc_base.go       |    1 +
 .../klauspost/compress/zstd/enc_best.go       |   11 +-
 .../klauspost/compress/zstd/enc_dfast.go      |    2 +-
 .../klauspost/compress/zstd/enc_fast.go       |   17 +-
 .../klauspost/compress/zstd/encoder.go        |   13 +-
 .../compress/zstd/encoder_options.go          |    2 +-
 .../klauspost/compress/zstd/framedec.go       |    8 +-
 .../klauspost/compress/zstd/frameenc.go       |    4 +-
 .../klauspost/compress/zstd/matchlen_amd64.go |   16 +
 .../klauspost/compress/zstd/matchlen_amd64.s  |   68 +
 .../compress/zstd/matchlen_generic.go         |   33 +
 .../klauspost/compress/zstd/seqdec.go         |   17 +-
 .../klauspost/compress/zstd/seqdec_amd64.s    |  128 +-
 .../klauspost/compress/zstd/seqdec_generic.go |    2 +-
 .../klauspost/compress/zstd/snappy.go         |    5 +-
 .../klauspost/compress/zstd/zstd.go           |   22 -
 vendor/github.com/klauspost/pgzip/.travis.yml |    4 +
 vendor/github.com/klauspost/pgzip/LICENSE     |    3 +-
 vendor/github.com/klauspost/pgzip/README.md   |   13 +-
 vendor/github.com/klauspost/pgzip/gunzip.go   |   13 +
 .../lestrrat-go/blackmagic/.gitignore         |   15 +
 .../github.com/lestrrat-go/blackmagic/LICENSE |   21 +
 .../lestrrat-go/blackmagic/README.md          |    3 +
 .../lestrrat-go/blackmagic/blackmagic.go      |   90 +
 .../github.com/lestrrat-go/httpcc/.gitignore  |   15 +
 vendor/github.com/lestrrat-go/httpcc/LICENSE  |   21 +
 .../github.com/lestrrat-go/httpcc/README.md   |   35 +
 .../lestrrat-go/httpcc/directives.go          |  117 +
 .../github.com/lestrrat-go/httpcc/httpcc.go   |  310 +
 .../github.com/lestrrat-go/httprc/.gitignore  |   15 +
 .../lestrrat-go/httprc/.golangci.yml          |   84 +
 vendor/github.com/lestrrat-go/httprc/Changes  |   17 +
 vendor/github.com/lestrrat-go/httprc/LICENSE  |   21 +
 .../github.com/lestrrat-go/httprc/README.md   |  130 +
 vendor/github.com/lestrrat-go/httprc/cache.go |  172 +
 .../github.com/lestrrat-go/httprc/fetcher.go  |  182 +
 .../github.com/lestrrat-go/httprc/httprc.go   |   22 +
 .../lestrrat-go/httprc/options.yaml           |  119 +
 .../lestrrat-go/httprc/options_gen.go         |  221 +
 vendor/github.com/lestrrat-go/httprc/queue.go |  459 +
 .../lestrrat-go/httprc/whitelist.go           |   73 +
 vendor/github.com/lestrrat-go/iter/LICENSE    |   21 +
 .../lestrrat-go/iter/arrayiter/arrayiter.go   |  192 +
 .../lestrrat-go/iter/mapiter/mapiter.go       |  195 +
 .../jwx/v2}/LICENSE                           |    5 +-
 .../lestrrat-go/jwx/v2/cert/BUILD.bazel       |   32 +
 .../lestrrat-go/jwx/v2/cert/cert.go           |   48 +
 .../lestrrat-go/jwx/v2/cert/chain.go          |   78 +
 .../jwx/v2/internal/base64/BUILD.bazel        |   21 +
 .../jwx/v2/internal/base64/asmbase64.go       |   39 +
 .../jwx/v2/internal/base64/base64.go          |  134 +
 .../jwx/v2/internal/ecutil/BUILD.bazel        |   15 +
 .../jwx/v2/internal/ecutil/ecutil.go          |  114 +
 .../jwx/v2/internal/iter/BUILD.bazel          |   15 +
 .../jwx/v2/internal/iter/mapiter.go           |   36 +
 .../jwx/v2/internal/json/BUILD.bazel          |   19 +
 .../lestrrat-go/jwx/v2/internal/json/goccy.go |   51 +
 .../lestrrat-go/jwx/v2/internal/json/json.go  |  112 +
 .../jwx/v2/internal/json/registry.go          |   52 +
 .../jwx/v2/internal/json/stdlib.go            |   49 +
 .../jwx/v2/internal/keyconv/BUILD.bazel       |   31 +
 .../jwx/v2/internal/keyconv/keyconv.go        |  177 +
 .../jwx/v2/internal/pool/BUILD.bazel          |   14 +
 .../lestrrat-go/jwx/v2/internal/pool/pool.go  |   61 +
 .../lestrrat-go/jwx/v2/jwa/BUILD.bazel        |   39 +
 .../lestrrat-go/jwx/v2/jwa/README.md          |    3 +
 .../lestrrat-go/jwx/v2/jwa/compression_gen.go |  101 +
 .../jwx/v2/jwa/content_encryption_gen.go      |  109 +
 .../lestrrat-go/jwx/v2/jwa/elliptic_gen.go    |  112 +
 .../github.com/lestrrat-go/jwx/v2/jwa/jwa.go  |   61 +
 .../jwx/v2/jwa/key_encryption_gen.go          |  140 +
 .../lestrrat-go/jwx/v2/jwa/key_type_gen.go    |  106 +
 .../lestrrat-go/jwx/v2/jwa/secp2561k.go       |   11 +
 .../lestrrat-go/jwx/v2/jwa/signature_gen.go   |  127 +
 .../lestrrat-go/jwx/v2/jwk/BUILD.bazel        |   78 +
 .../lestrrat-go/jwx/v2/jwk/README.md          |  217 +
 .../lestrrat-go/jwx/v2/jwk/cache.go           |  410 +
 .../lestrrat-go/jwx/v2/jwk/ecdsa.go           |  273 +
 .../lestrrat-go/jwx/v2/jwk/ecdsa_gen.go       | 1189 +++
 .../lestrrat-go/jwx/v2/jwk/es256k.go          |   14 +
 .../lestrrat-go/jwx/v2/jwk/fetch.go           |  134 +
 .../lestrrat-go/jwx/v2/jwk/interface.go       |  144 +
 .../lestrrat-go/jwx/v2/jwk/interface_gen.go   |  130 +
 .../github.com/lestrrat-go/jwx/v2/jwk/io.go   |   39 +
 .../github.com/lestrrat-go/jwx/v2/jwk/jwk.go  |  789 ++
 .../lestrrat-go/jwx/v2/jwk/key_ops.go         |   58 +
 .../github.com/lestrrat-go/jwx/v2/jwk/okp.go  |  227 +
 .../lestrrat-go/jwx/v2/jwk/okp_gen.go         | 1127 +++
 .../lestrrat-go/jwx/v2/jwk/options.go         |   38 +
 .../lestrrat-go/jwx/v2/jwk/options.yaml       |  142 +
 .../lestrrat-go/jwx/v2/jwk/options_gen.go     |  274 +
 .../github.com/lestrrat-go/jwx/v2/jwk/rsa.go  |  283 +
 .../lestrrat-go/jwx/v2/jwk/rsa_gen.go         | 1258 +++
 .../github.com/lestrrat-go/jwx/v2/jwk/set.go  |  338 +
 .../lestrrat-go/jwx/v2/jwk/symmetric.go       |   67 +
 .../lestrrat-go/jwx/v2/jwk/symmetric_gen.go   |  520 +
 .../lestrrat-go/jwx/v2/jwk/usage.go           |   30 +
 .../lestrrat-go/jwx/v2/jwk/whitelist.go       |   69 +
 .../lestrrat-go/jwx/v2/jws/BUILD.bazel        |   71 +
 .../lestrrat-go/jwx/v2/jws/README.md          |  111 +
 .../lestrrat-go/jwx/v2/jws/ecdsa.go           |  206 +
 .../lestrrat-go/jwx/v2/jws/eddsa.go           |   77 +
 .../lestrrat-go/jwx/v2/jws/es256k.go          |   12 +
 .../lestrrat-go/jwx/v2/jws/headers.go         |   71 +
 .../lestrrat-go/jwx/v2/jws/headers_gen.go     |  565 ++
 .../github.com/lestrrat-go/jwx/v2/jws/hmac.go |   77 +
 .../lestrrat-go/jwx/v2/jws/interface.go       |  106 +
 .../github.com/lestrrat-go/jwx/v2/jws/io.go   |   33 +
 .../github.com/lestrrat-go/jwx/v2/jws/jws.go  |  856 ++
 .../lestrrat-go/jwx/v2/jws/key_provider.go    |  276 +
 .../lestrrat-go/jwx/v2/jws/message.go         |  503 +
 .../lestrrat-go/jwx/v2/jws/options.go         |  226 +
 .../lestrrat-go/jwx/v2/jws/options.yaml       |  193 +
 .../lestrrat-go/jwx/v2/jws/options_gen.go     |  362 +
 .../github.com/lestrrat-go/jwx/v2/jws/rsa.go  |  146 +
 .../lestrrat-go/jwx/v2/jws/signer.go          |  106 +
 .../lestrrat-go/jwx/v2/jws/verifier.go        |   96 +
 .../lestrrat-go/jwx/v2/x25519/BUILD.bazel     |   24 +
 .../lestrrat-go/jwx/v2/x25519/x25519.go       |  115 +
 .../github.com/lestrrat-go/option/.gitignore  |   15 +
 vendor/github.com/lestrrat-go/option/LICENSE  |   21 +
 .../github.com/lestrrat-go/option/README.md   |  245 +
 .../github.com/lestrrat-go/option/option.go   |   38 +
 .../letsencrypt/boulder/core/challenges.go    |   18 +
 .../letsencrypt/boulder/core/interfaces.go    |    7 +-
 .../letsencrypt/boulder/core/objects.go       |  139 +-
 .../letsencrypt/boulder/core/proto/core.pb.go | 1182 ---
 .../letsencrypt/boulder/core/proto/core.proto |  101 -
 .../letsencrypt/boulder/core/util.go          |   47 +-
 .../letsencrypt/boulder/errors/errors.go      |  194 -
 .../boulder/features/featureflag_string.go    |   56 -
 .../letsencrypt/boulder/features/features.go  |  203 -
 .../letsencrypt/boulder/goodkey/blocked.go    |    5 +-
 .../letsencrypt/boulder/goodkey/good_key.go   |   53 +-
 .../letsencrypt/boulder/probs/probs.go        |  328 +-
 .../letsencrypt/boulder/sa/proto/sa.pb.go     | 4261 --------
 .../letsencrypt/boulder/sa/proto/sa.proto     |  353 -
 .../boulder/sa/proto/sa_grpc.pb.go            | 2937 ------
 .../letsencrypt/boulder/sa/proto/subsets.go   |   47 -
 .../letsencrypt/boulder/strictyaml/yaml.go    |   46 +
 .../github.com/mattn/go-isatty/isatty_bsd.go  |    3 +-
 .../mattn/go-isatty/isatty_others.go          |    5 +-
 .../mattn/go-isatty/isatty_tcgets.go          |    3 +-
 .../golang_protobuf_extensions/v2/LICENSE     |  201 +
 .../{ => v2}/NOTICE                           |    0
 .../{ => v2}/pbutil/.gitignore                |    0
 .../{ => v2}/pbutil/Makefile                  |    0
 .../{ => v2}/pbutil/decode.go                 |   16 +-
 .../{ => v2}/pbutil/doc.go                    |    0
 .../{ => v2}/pbutil/encode.go                 |    5 +-
 .../reflections}/.gitignore                   |    2 -
 .../github.com/oleiade/reflections/AUTHORS.md |    9 +
 vendor/github.com/oleiade/reflections/LICENSE |   20 +
 .../github.com/oleiade/reflections/README.md  |  235 +
 .../oleiade/reflections/reflections.go        |  301 +
 .../go-digest}/digestset/set.go               |   15 +
 .../image-spec/specs-go/v1/annotations.go     |    6 -
 .../image-spec/specs-go/v1/descriptor.go      |   12 +-
 .../image-spec/specs-go/v1/index.go           |    6 +
 .../image-spec/specs-go/v1/layout.go          |    6 +-
 .../image-spec/specs-go/v1/manifest.go        |    8 -
 .../image-spec/specs-go/v1/mediatype.go       |    4 +-
 .../image-spec/specs-go/version.go            |    2 +-
 .../outcaste-io/ristretto/.deepsource.toml    |   17 +
 .../github.com/outcaste-io/ristretto/.mailmap |    1 +
 .../outcaste-io/ristretto/CHANGELOG.md        |  172 +
 .../github.com/outcaste-io/ristretto/LICENSE  |  176 +
 .../outcaste-io/ristretto/README.md           |  237 +
 .../github.com/outcaste-io/ristretto/cache.go |  520 +
 .../outcaste-io/ristretto/metrics.go          |  249 +
 .../outcaste-io/ristretto/policy.go           |  388 +
 .../github.com/outcaste-io/ristretto/ring.go  |   91 +
 .../outcaste-io/ristretto/sketch.go           |  155 +
 .../github.com/outcaste-io/ristretto/store.go |  225 +
 .../github.com/outcaste-io/ristretto/test.sh  |   20 +
 .../github.com/outcaste-io/ristretto/ttl.go   |  155 +
 .../outcaste-io/ristretto/z/LICENSE           |   64 +
 .../outcaste-io/ristretto/z/README.md         |  129 +
 .../outcaste-io/ristretto/z/allocator.go      |  403 +
 .../outcaste-io/ristretto/z/bbloom.go         |  209 +
 .../outcaste-io/ristretto/z/btree.go          |  710 ++
 .../outcaste-io/ristretto/z/buffer.go         |  543 +
 .../outcaste-io/ristretto/z/calloc.go         |   42 +
 .../outcaste-io/ristretto/z/calloc_32bit.go   |   14 +
 .../outcaste-io/ristretto/z/calloc_64bit.go   |   14 +
 .../ristretto/z/calloc_jemalloc.go            |  173 +
 .../ristretto/z/calloc_nojemalloc.go          |   37 +
 .../outcaste-io/ristretto/z/file.go           |  217 +
 .../outcaste-io/ristretto/z/file_default.go   |   39 +
 .../outcaste-io/ristretto/z/file_linux.go     |   37 +
 .../outcaste-io/ristretto/z/flags.go          |  324 +
 .../outcaste-io/ristretto/z/histogram.go      |  205 +
 .../outcaste-io/ristretto/z/mmap.go           |   44 +
 .../outcaste-io/ristretto/z/mmap_darwin.go    |   59 +
 .../outcaste-io/ristretto/z/mmap_linux.go     |   97 +
 .../outcaste-io/ristretto/z/mmap_plan9.go     |   44 +
 .../outcaste-io/ristretto/z/mmap_unix.go      |   56 +
 .../outcaste-io/ristretto/z/mmap_wasip1.go    |   40 +
 .../outcaste-io/ristretto/z/mmap_windows.go   |   95 +
 .../outcaste-io/ristretto/z/rtutil.go         |   75 +
 .../outcaste-io/ristretto/z/rtutil.s          |    0
 .../outcaste-io/ristretto/z/simd/baseline.go  |  127 +
 .../outcaste-io/ristretto/z/simd/search.go    |   51 +
 .../ristretto/z/simd/search_amd64.s           |   60 +
 .../ristretto/z/simd/stub_search_amd64.go     |    6 +
 .../github.com/outcaste-io/ristretto/z/z.go   |  163 +
 .../pelletier/go-toml/v2/.goreleaser.yaml     |    3 +
 .../github.com/pelletier/go-toml/v2/LICENSE   |    3 +-
 .../github.com/pelletier/go-toml/v2/README.md |   44 +-
 vendor/github.com/pelletier/go-toml/v2/ci.sh  |    1 +
 .../github.com/pelletier/go-toml/v2/decode.go |    2 +-
 .../pelletier/go-toml/v2/marshaler.go         |   40 +-
 .../pelletier/go-toml/v2/unmarshaler.go       |   16 +-
 .../pelletier/go-toml/v2/unstable/parser.go   |    6 +
 vendor/github.com/philhofer/fwd/LICENSE.md    |    7 +
 vendor/github.com/philhofer/fwd/README.md     |  359 +
 vendor/github.com/philhofer/fwd/reader.go     |  383 +
 vendor/github.com/philhofer/fwd/writer.go     |  236 +
 .../philhofer/fwd/writer_appengine.go         |    6 +
 .../github.com/philhofer/fwd/writer_tinygo.go |   19 +
 .../github.com/philhofer/fwd/writer_unsafe.go |   20 +
 .../prometheus/collectors/expvar_collector.go |    2 +-
 .../collectors/go_collector_latest.go         |    9 +-
 .../client_golang/prometheus/counter.go       |   26 +-
 .../client_golang/prometheus/desc.go          |   32 +-
 .../prometheus/expvar_collector.go            |    2 +-
 .../client_golang/prometheus/gauge.go         |    8 +-
 .../client_golang/prometheus/histogram.go     |  126 +-
 .../prometheus/internal/difflib.go            |    2 +-
 .../client_golang/prometheus/labels.go        |   58 +-
 .../client_golang/prometheus/metric.go        |    3 +
 .../client_golang/prometheus/promhttp/http.go |   19 +-
 .../prometheus/promhttp/instrument_server.go  |    9 +-
 .../client_golang/prometheus/registry.go      |    6 +-
 .../client_golang/prometheus/summary.go       |   41 +-
 .../client_golang/prometheus/value.go         |   55 +-
 .../client_golang/prometheus/vec.go           |   87 +-
 .../prometheus/client_model/go/metrics.pb.go  |  350 +-
 .../prometheus/common/expfmt/decode.go        |    7 +-
 .../prometheus/common/expfmt/encode.go        |   15 +-
 .../prometheus/common/expfmt/expfmt.go        |   26 +-
 .../prometheus/common/expfmt/text_parse.go    |    2 +-
 .../prometheus/procfs/.golangci.yml           |    3 +
 .../prometheus/procfs/Makefile.common         |   22 +-
 vendor/github.com/prometheus/procfs/README.md |    4 +-
 vendor/github.com/prometheus/procfs/arp.go    |    6 +-
 .../github.com/prometheus/procfs/buddyinfo.go |    6 +-
 .../github.com/prometheus/procfs/cpuinfo.go   |   17 +-
 vendor/github.com/prometheus/procfs/crypto.go |    7 +-
 vendor/github.com/prometheus/procfs/fs.go     |   11 +-
 .../prometheus/procfs/fs_statfs_notype.go     |   23 +
 .../prometheus/procfs/fs_statfs_type.go       |   33 +
 .../github.com/prometheus/procfs/fscache.go   |    6 +-
 .../prometheus/procfs/internal/util/parse.go  |   15 +
 vendor/github.com/prometheus/procfs/ipvs.go   |    7 +-
 .../github.com/prometheus/procfs/loadavg.go   |    4 +-
 vendor/github.com/prometheus/procfs/mdstat.go |   36 +-
 .../github.com/prometheus/procfs/meminfo.go   |    4 +-
 .../github.com/prometheus/procfs/mountinfo.go |   10 +-
 .../prometheus/procfs/mountstats.go           |  117 +-
 .../prometheus/procfs/net_conntrackstat.go    |   91 +-
 .../prometheus/procfs/net_ip_socket.go        |   32 +-
 .../prometheus/procfs/net_protocols.go        |    4 +-
 .../github.com/prometheus/procfs/net_route.go |  143 +
 .../prometheus/procfs/net_sockstat.go         |    9 +-
 .../prometheus/procfs/net_softnet.go          |    9 +-
 .../github.com/prometheus/procfs/net_unix.go  |   16 +-
 .../prometheus/procfs/net_wireless.go         |  182 +
 .../github.com/prometheus/procfs/net_xfrm.go  |    2 +-
 .../github.com/prometheus/procfs/netstat.go   |   25 +-
 vendor/github.com/prometheus/procfs/proc.go   |   37 +-
 .../prometheus/procfs/proc_cgroup.go          |    4 +-
 .../prometheus/procfs/proc_cgroups.go         |    8 +-
 .../prometheus/procfs/proc_fdinfo.go          |   10 +-
 .../prometheus/procfs/proc_interrupts.go      |    2 +-
 .../prometheus/procfs/proc_limits.go          |    4 +-
 .../github.com/prometheus/procfs/proc_maps.go |   24 +-
 .../prometheus/procfs/proc_netstat.go         |    4 +-
 .../github.com/prometheus/procfs/proc_ns.go   |    6 +-
 .../github.com/prometheus/procfs/proc_psi.go  |    6 +-
 .../prometheus/procfs/proc_smaps.go           |    4 +-
 .../github.com/prometheus/procfs/proc_snmp.go |    4 +-
 .../github.com/prometheus/procfs/proc_stat.go |    8 +-
 .../prometheus/procfs/proc_status.go          |   53 +-
 .../github.com/prometheus/procfs/proc_sys.go  |    2 +-
 vendor/github.com/prometheus/procfs/slab.go   |    2 +-
 .../github.com/prometheus/procfs/softirqs.go  |   24 +-
 vendor/github.com/prometheus/procfs/stat.go   |   28 +-
 vendor/github.com/prometheus/procfs/swaps.go  |    8 +-
 vendor/github.com/prometheus/procfs/thread.go |   11 +-
 vendor/github.com/prometheus/procfs/vm.go     |    2 +-
 .../github.com/prometheus/procfs/zoneinfo.go  |    4 +-
 .../github.com/puzpuzpuz/xsync/v2/.gitignore  |   15 +
 .../puzpuzpuz/xsync/v2/BENCHMARKS.md          |  131 +
 vendor/github.com/puzpuzpuz/xsync/v2/LICENSE  |   21 +
 .../github.com/puzpuzpuz/xsync/v2/README.md   |  148 +
 .../github.com/puzpuzpuz/xsync/v2/counter.go  |   99 +
 vendor/github.com/puzpuzpuz/xsync/v2/map.go   |  785 ++
 vendor/github.com/puzpuzpuz/xsync/v2/mapof.go |  688 ++
 .../puzpuzpuz/xsync/v2/mpmcqueue.go           |  137 +
 .../puzpuzpuz/xsync/v2/mpmcqueueof.go         |  150 +
 .../github.com/puzpuzpuz/xsync/v2/rbmutex.go  |  145 +
 vendor/github.com/puzpuzpuz/xsync/v2/util.go  |   63 +
 .../puzpuzpuz/xsync/v2/util_mapof.go          |   22 +
 vendor/github.com/rivo/uniseg/README.md       |    7 +
 vendor/github.com/rivo/uniseg/doc.go          |    6 +-
 vendor/github.com/rivo/uniseg/grapheme.go     |   25 +-
 .../github.com/rivo/uniseg/graphemerules.go   |    2 +-
 vendor/github.com/rivo/uniseg/line.go         |    7 +-
 vendor/github.com/rivo/uniseg/sentence.go     |    4 +-
 vendor/github.com/rivo/uniseg/step.go         |    4 +-
 vendor/github.com/rivo/uniseg/word.go         |    4 +-
 .../sagikazarmark/locafero/.editorconfig      |   21 +
 .../github.com/sagikazarmark/locafero/.envrc  |    4 +
 .../sagikazarmark/locafero/.gitignore         |    8 +
 .../sagikazarmark/locafero/.golangci.yaml     |   27 +
 .../github.com/sagikazarmark/locafero/LICENSE |   19 +
 .../sagikazarmark/locafero/README.md          |   37 +
 .../sagikazarmark/locafero/file_type.go       |   28 +
 .../sagikazarmark/locafero/finder.go          |  165 +
 .../sagikazarmark/locafero/flake.lock         |  273 +
 .../sagikazarmark/locafero/flake.nix          |   47 +
 .../sagikazarmark/locafero/helpers.go         |   41 +
 .../sagikazarmark/locafero/justfile           |   11 +
 .../sagikazarmark/slog-shim/.editorconfig     |   18 +
 .../github.com/sagikazarmark/slog-shim/.envrc |    4 +
 .../sagikazarmark/slog-shim/.gitignore        |    4 +
 .../sagikazarmark/slog-shim/LICENSE           |   27 +
 .../sagikazarmark/slog-shim/README.md         |   81 +
 .../sagikazarmark/slog-shim/attr.go           |   74 +
 .../sagikazarmark/slog-shim/attr_120.go       |   75 +
 .../sagikazarmark/slog-shim/flake.lock        |  273 +
 .../sagikazarmark/slog-shim/flake.nix         |   57 +
 .../sagikazarmark/slog-shim/handler.go        |   45 +
 .../sagikazarmark/slog-shim/handler_120.go    |   45 +
 .../sagikazarmark/slog-shim/json_handler.go   |   23 +
 .../slog-shim/json_handler_120.go             |   24 +
 .../sagikazarmark/slog-shim/level.go          |   61 +
 .../sagikazarmark/slog-shim/level_120.go      |   61 +
 .../sagikazarmark/slog-shim/logger.go         |   98 +
 .../sagikazarmark/slog-shim/logger_120.go     |   99 +
 .../sagikazarmark/slog-shim/record.go         |   31 +
 .../sagikazarmark/slog-shim/record_120.go     |   32 +
 .../sagikazarmark/slog-shim/text_handler.go   |   23 +
 .../slog-shim/text_handler_120.go             |   24 +
 .../sagikazarmark/slog-shim/value.go          |  109 +
 .../sagikazarmark/slog-shim/value_120.go      |  110 +
 .../encrypted/encrypted.go                    |  102 +-
 vendor/github.com/segmentio/asm/LICENSE       |   21 +
 .../github.com/segmentio/asm/base64/base64.go |   67 +
 .../segmentio/asm/base64/base64_amd64.go      |   78 +
 .../segmentio/asm/base64/base64_arm64.go      |   42 +
 .../segmentio/asm/base64/base64_asm.go        |   94 +
 .../segmentio/asm/base64/base64_default.go    |   14 +
 .../segmentio/asm/base64/decode_amd64.go      |    9 +
 .../segmentio/asm/base64/decode_amd64.s       |  143 +
 .../segmentio/asm/base64/decode_arm64.go      |    7 +
 .../segmentio/asm/base64/decode_arm64.s       |  203 +
 .../segmentio/asm/base64/encode_amd64.go      |    7 +
 .../segmentio/asm/base64/encode_amd64.s       |   87 +
 .../segmentio/asm/base64/encode_arm64.go      |    6 +
 .../segmentio/asm/base64/encode_arm64.s       |   97 +
 .../github.com/segmentio/asm/cpu/arm/arm.go   |   80 +
 .../segmentio/asm/cpu/arm64/arm64.go          |   74 +
 vendor/github.com/segmentio/asm/cpu/cpu.go    |   22 +
 .../segmentio/asm/cpu/cpuid/cpuid.go          |   32 +
 .../github.com/segmentio/asm/cpu/x86/x86.go   |   76 +
 .../asm/internal/unsafebytes/unsafebytes.go   |   20 +
 .../v2/cmd/cosign/cli/options/attach.go       |    3 +
 .../cosign/v2/cmd/cosign/cli/options/clean.go |    2 +-
 .../cosign/v2/cmd/cosign/cli/options/copy.go  |   10 +-
 .../cosign/cli/options/deprecate.go}          |   27 +-
 .../cosign/v2/cmd/cosign/cli/options/key.go   |    4 +
 .../v2/cmd/cosign/cli/options/predicate.go    |   11 +-
 .../v2/cmd/cosign/cli/options/registry.go     |   14 +
 .../cosign/v2/cmd/cosign/cli/options/sign.go  |   20 +-
 .../v2/cmd/cosign/cli/options/signblob.go     |   16 +
 .../v2/cmd/cosign/cli/options/triangulate.go  |    2 +-
 .../v2/cmd/cosign/cli/options/verify.go       |    8 +-
 .../v2/pkg/cosign/attestation/attestation.go  |   35 +-
 .../cosign/v2/pkg/cosign/bundle/rekor.go      |    4 +-
 .../sigstore/cosign/v2/pkg/cosign/env/env.go  |   18 +-
 .../sigstore/cosign/v2/pkg/cosign/fetch.go    |   10 +
 .../cosign/v2/pkg/cosign/git/github/github.go |    4 +-
 .../sigstore/cosign/v2/pkg/cosign/keys.go     |    3 +-
 .../cosign/v2/pkg/cosign/kubernetes/secret.go |    5 +-
 .../v2/pkg/cosign/pkcs11key/pkcs11key.go      |   13 +-
 .../sigstore/cosign/v2/pkg/cosign/tlog.go     |   14 +-
 .../sigstore/cosign/v2/pkg/cosign/verify.go   |   81 +-
 .../cosign/v2/pkg/oci/mutate/mutate.go        |  146 +-
 .../cosign/v2/pkg/oci/mutate/signatures.go    |   14 +-
 .../cosign/v2/pkg/oci/remote/remote.go        |   48 +-
 .../sigstore/cosign/v2/pkg/oci/static/file.go |   11 -
 .../cosign/v2/pkg/providers/github/github.go  |   23 +-
 .../generated/models/alpine_v001_schema.go    |    7 +
 .../pkg/generated/models/cose_v001_schema.go  |   11 +
 .../pkg/generated/models/dsse_v001_schema.go  |   20 +
 .../models/hashedrekord_v001_schema.go        |   12 +
 .../pkg/generated/models/helm_v001_schema.go  |   13 +
 .../generated/models/intoto_v001_schema.go    |   11 +
 .../generated/models/intoto_v002_schema.go    |   17 +
 .../pkg/generated/models/jar_v001_schema.go   |   12 +
 .../rekor/pkg/generated/models/log_entry.go   |   17 +-
 .../rekor/pkg/generated/models/log_info.go    |    5 +
 .../generated/models/rekord_v001_schema.go    |    8 +
 .../generated/models/rfc3161_v001_schema.go   |    1 +
 .../pkg/generated/models/rpm_v001_schema.go   |    7 +
 .../pkg/generated/models/search_index.go      |    5 +
 .../pkg/generated/models/search_log_query.go  |    4 +
 .../pkg/generated/models/tuf_v001_schema.go   |    2 +
 .../rekor/pkg/pki/identity/identity.go        |   38 +
 .../rekor/pkg/pki/minisign/minisign.go        |   18 +-
 .../sigstore/rekor/pkg/pki/pgp/pgp.go         |   44 +-
 .../sigstore/rekor/pkg/pki/pkcs7/pkcs7.go     |   33 +-
 .../github.com/sigstore/rekor/pkg/pki/pki.go  |    5 +-
 .../sigstore/rekor/pkg/pki/ssh/ssh.go         |  112 +-
 .../sigstore/rekor/pkg/pki/tuf/tuf.go         |   59 +-
 .../sigstore/rekor/pkg/pki/x509/x509.go       |   53 +-
 .../rekor/pkg/types/dsse/v0.0.1/entry.go      |   20 +-
 .../sigstore/rekor/pkg/types/entries.go       |    5 +-
 .../pkg/types/hashedrekord/v0.0.1/entry.go    |   15 +-
 .../sigstore/rekor/pkg/types/intoto/README.md |    2 +-
 .../rekor/pkg/types/intoto/v0.0.1/entry.go    |   15 +-
 .../rekor/pkg/types/intoto/v0.0.2/entry.go    |   19 +-
 .../rekor/pkg/types/rekord/v0.0.1/entry.go    |   23 +-
 .../sigstore/rekor/pkg/types/test_util.go     |    6 +-
 .../sigstore/rekor/pkg/util/checkpoint.go     |    2 +-
 .../sigstore/pkg/cryptoutils/privatekey.go    |    2 +-
 .../sigstore/pkg/signature/payload/payload.go |    2 +-
 .../sigstore/sigstore/pkg/tuf/client.go       |   21 +-
 .../sigstore/pkg/tuf/repository/root.json     |  144 +-
 .../pkg/tuf/repository/targets/ctfe_2022.pub  |    4 +
 .../targets/fulcio_intermediate_v1.crt.pem    |   14 +
 .../pkg/tuf/repository/targets/rekor.0.pub    |    4 -
 .../pkg/tuf/repository/targets/rekor.json     |   23 -
 .../tuf/repository/targets/trusted_root.json  |  114 +
 .../github.com/sourcegraph/conc/.golangci.yml |   11 +
 vendor/github.com/sourcegraph/conc/LICENSE    |   21 +
 vendor/github.com/sourcegraph/conc/README.md  |  464 +
 .../internal/multierror/multierror_go119.go   |   10 +
 .../internal/multierror/multierror_go120.go   |   10 +
 .../github.com/sourcegraph/conc/iter/iter.go  |   85 +
 .../github.com/sourcegraph/conc/iter/map.go   |   65 +
 .../sourcegraph/conc/panics/panics.go         |  102 +
 .../github.com/sourcegraph/conc/panics/try.go |   11 +
 .../github.com/sourcegraph/conc/waitgroup.go  |   52 +
 vendor/github.com/spf13/afero/const_bsds.go   |    4 +-
 .../github.com/spf13/afero/const_win_unix.go  |    4 +-
 vendor/github.com/spf13/afero/memmap.go       |   65 +-
 vendor/github.com/spf13/cobra/.golangci.yml   |    8 +-
 vendor/github.com/spf13/cobra/README.md       |    8 +-
 vendor/github.com/spf13/cobra/active_help.go  |   10 +-
 vendor/github.com/spf13/cobra/active_help.md  |  157 -
 .../spf13/cobra/bash_completions.go           |    2 +-
 .../spf13/cobra/bash_completions.md           |   93 -
 .../spf13/cobra/bash_completionsV2.go         |    2 +-
 vendor/github.com/spf13/cobra/cobra.go        |   13 +-
 vendor/github.com/spf13/cobra/command.go      |   69 +-
 vendor/github.com/spf13/cobra/completions.go  |   29 +-
 .../spf13/cobra/fish_completions.go           |    2 +-
 .../spf13/cobra/fish_completions.md           |    4 -
 vendor/github.com/spf13/cobra/flag_groups.go  |   68 +-
 .../spf13/cobra/powershell_completions.go     |    6 +-
 .../spf13/cobra/powershell_completions.md     |    3 -
 .../spf13/cobra/projects_using_cobra.md       |   64 -
 .../spf13/cobra/shell_completions.md          |  576 --
 vendor/github.com/spf13/cobra/user_guide.md   |  726 --
 .../github.com/spf13/cobra/zsh_completions.md |   48 -
 .../spf13/jwalterweatherman/README.md         |  148 -
 .../jwalterweatherman/default_notepad.go      |  111 -
 .../spf13/jwalterweatherman/log_counter.go    |   46 -
 .../spf13/jwalterweatherman/notepad.go        |  225 -
 vendor/github.com/spf13/viper/.editorconfig   |    3 +
 vendor/github.com/spf13/viper/.envrc          |    4 +
 vendor/github.com/spf13/viper/.gitignore      |    3 +
 vendor/github.com/spf13/viper/.yamlignore     |    2 +
 vendor/github.com/spf13/viper/.yamllint.yaml  |    6 +
 vendor/github.com/spf13/viper/Makefile        |   45 +-
 vendor/github.com/spf13/viper/README.md       |   61 +-
 .../spf13/viper/experimental_logger.go        |   11 -
 vendor/github.com/spf13/viper/flags.go        |    2 +-
 vendor/github.com/spf13/viper/flake.lock      |  255 +
 vendor/github.com/spf13/viper/flake.nix       |   56 +
 vendor/github.com/spf13/viper/fs.go           |   65 -
 .../spf13/viper/internal/encoding/decoder.go  |    6 +-
 .../viper/internal/encoding/dotenv/codec.go   |    6 +-
 .../internal/encoding/dotenv/map_utils.go     |   16 +-
 .../spf13/viper/internal/encoding/encoder.go  |    6 +-
 .../viper/internal/encoding/hcl/codec.go      |    4 +-
 .../viper/internal/encoding/ini/codec.go      |    6 +-
 .../viper/internal/encoding/ini/map_utils.go  |   24 +-
 .../internal/encoding/javaproperties/codec.go |    6 +-
 .../encoding/javaproperties/map_utils.go      |   24 +-
 .../viper/internal/encoding/json/codec.go     |    4 +-
 .../viper/internal/encoding/toml/codec.go     |    4 +-
 .../viper/internal/encoding/yaml/codec.go     |    4 +-
 vendor/github.com/spf13/viper/logger.go       |   57 +-
 vendor/github.com/spf13/viper/util.go         |   45 +-
 vendor/github.com/spf13/viper/viper.go        |  243 +-
 vendor/github.com/spf13/viper/viper_go1_15.go |    3 +-
 vendor/github.com/spf13/viper/viper_go1_16.go |   28 +-
 vendor/github.com/spf13/viper/watch.go        |    1 -
 .../spf13/viper/watch_unsupported.go          |    1 -
 .../github.com/subosito/gotenv/CHANGELOG.md   |   37 +
 vendor/github.com/subosito/gotenv/gotenv.go   |   50 +-
 .../theupdateframework/go-tuf/.golangci.yml   |    6 -
 .../theupdateframework/go-tuf/README.md       |    9 +-
 .../theupdateframework/go-tuf/data/types.go   |    9 +-
 .../theupdateframework/go-tuf/local_store.go  |    2 +-
 .../pkg/deprecated/set_ecdsa/set_ecdsa.go     |   23 -
 .../go-tuf/pkg/keys/ecdsa.go                  |    2 +
 .../theupdateframework/go-tuf/repo.go         |   41 +-
 .../go-tuf/requirements-test.txt              |    8 +-
 .../theupdateframework/go-tuf/sign/sign.go    |   61 +-
 vendor/github.com/tinylib/msgp/LICENSE        |    8 +
 .../tinylib/msgp/msgp/advise_linux.go         |   25 +
 .../tinylib/msgp/msgp/advise_other.go         |   18 +
 .../github.com/tinylib/msgp/msgp/circular.go  |   39 +
 vendor/github.com/tinylib/msgp/msgp/defs.go   |  147 +
 vendor/github.com/tinylib/msgp/msgp/edit.go   |  242 +
 vendor/github.com/tinylib/msgp/msgp/elsize.go |  128 +
 .../tinylib/msgp/msgp/elsize_default.go       |   21 +
 .../tinylib/msgp/msgp/elsize_tinygo.go        |   13 +
 vendor/github.com/tinylib/msgp/msgp/errors.go |  359 +
 .../tinylib/msgp/msgp/errors_default.go       |   25 +
 .../tinylib/msgp/msgp/errors_tinygo.go        |   42 +
 .../github.com/tinylib/msgp/msgp/extension.go |  550 +
 vendor/github.com/tinylib/msgp/msgp/file.go   |   93 +
 .../github.com/tinylib/msgp/msgp/file_port.go |   48 +
 .../github.com/tinylib/msgp/msgp/integers.go  |  174 +
 vendor/github.com/tinylib/msgp/msgp/json.go   |  568 ++
 .../tinylib/msgp/msgp/json_bytes.go           |  341 +
 vendor/github.com/tinylib/msgp/msgp/number.go |  266 +
 vendor/github.com/tinylib/msgp/msgp/purego.go |   16 +
 vendor/github.com/tinylib/msgp/msgp/read.go   | 1374 +++
 .../tinylib/msgp/msgp/read_bytes.go           | 1303 +++
 vendor/github.com/tinylib/msgp/msgp/size.go   |   39 +
 vendor/github.com/tinylib/msgp/msgp/unsafe.go |   37 +
 vendor/github.com/tinylib/msgp/msgp/write.go  |  813 ++
 .../tinylib/msgp/msgp/write_bytes.go          |  436 +
 vendor/github.com/tjfoc/gmsm/sm3/ifile        |    1 +
 vendor/github.com/tjfoc/gmsm/sm3/sm3.go       |   25 +-
 vendor/github.com/ulikunitz/xz/.gitignore     |    3 +
 vendor/github.com/ulikunitz/xz/LICENSE        |    2 +-
 vendor/github.com/ulikunitz/xz/README.md      |    4 +
 vendor/github.com/ulikunitz/xz/TODO.md        |   11 +-
 vendor/github.com/ulikunitz/xz/bits.go        |    2 +-
 vendor/github.com/ulikunitz/xz/crc.go         |    2 +-
 vendor/github.com/ulikunitz/xz/format.go      |    2 +-
 .../ulikunitz/xz/internal/hash/cyclic_poly.go |    2 +-
 .../ulikunitz/xz/internal/hash/doc.go         |    2 +-
 .../ulikunitz/xz/internal/hash/rabin_karp.go  |    2 +-
 .../ulikunitz/xz/internal/hash/roller.go      |    2 +-
 .../ulikunitz/xz/internal/xlog/xlog.go        |    5 +-
 .../github.com/ulikunitz/xz/lzma/bintree.go   |    2 +-
 vendor/github.com/ulikunitz/xz/lzma/bitops.go |    2 +-
 .../github.com/ulikunitz/xz/lzma/breader.go   |    2 +-
 vendor/github.com/ulikunitz/xz/lzma/buffer.go |    2 +-
 .../ulikunitz/xz/lzma/bytewriter.go           |    2 +-
 .../github.com/ulikunitz/xz/lzma/decoder.go   |    2 +-
 .../ulikunitz/xz/lzma/decoderdict.go          |    2 +-
 .../ulikunitz/xz/lzma/directcodec.go          |    2 +-
 .../github.com/ulikunitz/xz/lzma/distcodec.go |    2 +-
 .../github.com/ulikunitz/xz/lzma/encoder.go   |    2 +-
 .../ulikunitz/xz/lzma/encoderdict.go          |    2 +-
 .../github.com/ulikunitz/xz/lzma/hashtable.go |    2 +-
 vendor/github.com/ulikunitz/xz/lzma/header.go |    2 +-
 .../github.com/ulikunitz/xz/lzma/header2.go   |    2 +-
 .../ulikunitz/xz/lzma/lengthcodec.go          |    5 +-
 .../ulikunitz/xz/lzma/literalcodec.go         |    2 +-
 .../ulikunitz/xz/lzma/matchalgorithm.go       |    2 +-
 .../github.com/ulikunitz/xz/lzma/operation.go |    2 +-
 vendor/github.com/ulikunitz/xz/lzma/prob.go   |    2 +-
 .../ulikunitz/xz/lzma/properties.go           |    2 +-
 .../ulikunitz/xz/lzma/rangecodec.go           |    2 +-
 vendor/github.com/ulikunitz/xz/lzma/reader.go |    4 +-
 .../github.com/ulikunitz/xz/lzma/reader2.go   |    2 +-
 vendor/github.com/ulikunitz/xz/lzma/state.go  |    2 +-
 .../ulikunitz/xz/lzma/treecodecs.go           |    2 +-
 vendor/github.com/ulikunitz/xz/lzma/writer.go |    2 +-
 .../github.com/ulikunitz/xz/lzma/writer2.go   |    2 +-
 vendor/github.com/ulikunitz/xz/lzmafilter.go  |    2 +-
 vendor/github.com/ulikunitz/xz/none-check.go  |    2 +-
 vendor/github.com/ulikunitz/xz/reader.go      |    2 +-
 vendor/github.com/ulikunitz/xz/writer.go      |    2 +-
 .../vbatts/tar-split/archive/tar/reader.go    |    7 +-
 .../xanzy/go-gitlab/CONTRIBUTING.md           |   35 +-
 vendor/github.com/xanzy/go-gitlab/README.md   |    1 +
 .../github.com/xanzy/go-gitlab/appearance.go  |  110 +
 vendor/github.com/xanzy/go-gitlab/commits.go  |    6 +-
 .../github.com/xanzy/go-gitlab/deployments.go |   18 +
 .../github.com/xanzy/go-gitlab/discussions.go |   37 +-
 .../xanzy/go-gitlab/event_webhook_types.go    |    7 +
 vendor/github.com/xanzy/go-gitlab/gitlab.go   |  240 +-
 .../xanzy/go-gitlab/group_access_tokens.go    |   25 +
 .../xanzy/go-gitlab/group_badges.go           |    9 +-
 .../xanzy/go-gitlab/group_epic_boards.go      |  104 +
 .../go-gitlab/group_protected_environments.go |  278 +
 .../group_repository_storage_move.go          |  195 +
 vendor/github.com/xanzy/go-gitlab/groups.go   |   37 +-
 vendor/github.com/xanzy/go-gitlab/issues.go   |    2 +
 .../xanzy/go-gitlab/job_token_scope.go        |  186 +
 vendor/github.com/xanzy/go-gitlab/jobs.go     |   19 +
 vendor/github.com/xanzy/go-gitlab/keys.go     |   31 +
 .../xanzy/go-gitlab/merge_requests.go         |  225 +-
 .../xanzy/go-gitlab/merge_trains.go           |  170 +
 .../github.com/xanzy/go-gitlab/milestones.go  |    1 +
 .../xanzy/go-gitlab/notifications.go          |   64 +-
 .../xanzy/go-gitlab/personal_access_tokens.go |   21 +
 .../github.com/xanzy/go-gitlab/pipelines.go   |    3 +-
 .../xanzy/go-gitlab/project_access_tokens.go  |   25 +
 .../project_repository_storage_move.go        |  199 +
 vendor/github.com/xanzy/go-gitlab/projects.go |   41 +-
 .../xanzy/go-gitlab/protected_environments.go |   67 +
 .../xanzy/go-gitlab/protected_tags.go         |    1 +
 vendor/github.com/xanzy/go-gitlab/releases.go |   25 +
 .../xanzy/go-gitlab/repositories.go           |    1 +
 .../go-gitlab/resource_iteration_events.go    |  122 +
 vendor/github.com/xanzy/go-gitlab/services.go |  183 +-
 vendor/github.com/xanzy/go-gitlab/settings.go |    6 +-
 .../snippet_repository_storage_move.go        |  203 +
 vendor/github.com/xanzy/go-gitlab/snippets.go |   31 +
 .../github.com/xanzy/go-gitlab/time_stats.go  |    1 +
 vendor/github.com/xanzy/go-gitlab/todos.go    |    2 +-
 vendor/github.com/xanzy/go-gitlab/types.go    |    5 +-
 vendor/github.com/xanzy/go-gitlab/users.go    |  135 +-
 .../bson/bsoncodec/array_codec.go             |   10 +-
 .../mongo-driver/bson/bsoncodec/bsoncodec.go  |  156 +-
 .../bson/bsoncodec/byte_slice_codec.go        |   20 +-
 .../bson/bsoncodec/default_value_decoders.go  |  146 +-
 .../bson/bsoncodec/default_value_encoders.go  |  178 +-
 .../mongo-driver/bson/bsoncodec/doc.go        |   73 +-
 .../bson/bsoncodec/empty_interface_codec.go   |   16 +-
 .../mongo-driver/bson/bsoncodec/map_codec.go  |   36 +-
 .../bson/bsoncodec/pointer_codec.go           |    6 +
 .../mongo-driver/bson/bsoncodec/registry.go   |  456 +-
 .../bson/bsoncodec/slice_codec.go             |   30 +-
 .../bson/bsoncodec/string_codec.go            |   21 +-
 .../bson/bsoncodec/struct_codec.go            |  157 +-
 .../bson/bsoncodec/struct_tag_parser.go       |   11 +-
 .../mongo-driver/bson/bsoncodec/time_codec.go |   16 +-
 .../mongo-driver/bson/bsoncodec/uint_codec.go |   13 +-
 .../bsonoptions/byte_slice_codec_options.go   |   11 +
 .../empty_interface_codec_options.go          |   11 +
 .../bson/bsonoptions/map_codec_options.go     |   15 +
 .../bson/bsonoptions/slice_codec_options.go   |   11 +
 .../bson/bsonoptions/string_codec_options.go  |   11 +
 .../bson/bsonoptions/struct_codec_options.go  |   20 +
 .../bson/bsonoptions/time_codec_options.go    |   11 +
 .../bson/bsonoptions/uint_codec_options.go    |   11 +
 .../mongo-driver/bson/bsonrw/copier.go        |   43 +
 .../bson/bsonrw/extjson_reader.go             |    8 +
 .../bson/bsonrw/extjson_writer.go             |   23 +-
 .../mongo-driver/bson/bsonrw/reader.go        |    2 +
 .../mongo-driver/bson/bsonrw/value_reader.go  |    8 +
 .../mongo-driver/bson/bsonrw/value_writer.go  |   10 +
 .../mongo-driver/bson/bsonrw/writer.go        |    9 +
 .../mongo-driver/bson/bsontype/bsontype.go    |   20 +-
 .../mongo-driver/bson/decoder.go              |   79 +-
 .../go.mongodb.org/mongo-driver/bson/doc.go   |    5 +-
 .../mongo-driver/bson/encoder.go              |  110 +-
 .../mongo-driver/bson/marshal.go              |  193 +-
 .../mongo-driver/bson/primitive/decimal.go    |   14 +
 .../mongo-driver/bson/primitive/objectid.go   |    8 +-
 .../mongo-driver/bson/primitive/primitive.go  |   46 +-
 .../mongo-driver/bson/primitive_codecs.go     |   40 +-
 .../go.mongodb.org/mongo-driver/bson/raw.go   |   23 +-
 .../mongo-driver/bson/raw_element.go          |    7 +-
 .../mongo-driver/bson/raw_value.go            |   19 +-
 .../mongo-driver/bson/registry.go             |   15 +-
 .../go.mongodb.org/mongo-driver/bson/types.go |   15 +-
 .../mongo-driver/bson/unmarshal.go            |   92 +-
 .../mongo-driver/x/bsonx/bsoncore/array.go    |   10 +-
 .../mongo-driver/x/bsonx/bsoncore/bsoncore.go |   22 +-
 .../mongo-driver/x/bsonx/bsoncore/doc.go      |   29 +
 .../mongo-driver/x/bsonx/bsoncore/document.go |   10 +-
 .../mongo-driver/x/bsonx/bsoncore/element.go  |    2 +-
 .../mongo-driver/x/bsonx/bsoncore/value.go    |   23 +-
 vendor/go.opentelemetry.io/otel/.gitignore    |    1 +
 vendor/go.opentelemetry.io/otel/.golangci.yml |   79 +-
 vendor/go.opentelemetry.io/otel/CHANGELOG.md  |  172 +-
 vendor/go.opentelemetry.io/otel/CODEOWNERS    |    2 +-
 .../go.opentelemetry.io/otel/CONTRIBUTING.md  |   90 +-
 vendor/go.opentelemetry.io/otel/Makefile      |   62 +-
 vendor/go.opentelemetry.io/otel/README.md     |   42 +-
 vendor/go.opentelemetry.io/otel/RELEASING.md  |   31 +-
 .../otel/attribute/filter.go                  |   60 +
 .../go.opentelemetry.io/otel/attribute/set.go |    7 -
 .../otel/baggage/baggage.go                   |   14 +-
 .../go.opentelemetry.io/otel/internal/gen.go  |   29 +
 .../otel/internal/global/handler.go           |    7 +-
 .../otel/internal/global/internal_logging.go  |    7 +-
 .../otel/metric/instrument.go                 |    2 +
 .../go.opentelemetry.io/otel/metric/meter.go  |    2 +
 .../go.opentelemetry.io/otel/requirements.txt |    2 +-
 vendor/go.opentelemetry.io/otel/version.go    |    2 +-
 vendor/go.opentelemetry.io/otel/versions.yaml |   18 +-
 vendor/go.step.sm/crypto/jose/parse.go        |    2 +-
 vendor/go.step.sm/crypto/pemutil/pem.go       |   42 +-
 vendor/go.uber.org/atomic/CHANGELOG.md        |   10 +
 vendor/go.uber.org/atomic/bool.go             |    2 +-
 vendor/go.uber.org/atomic/duration.go         |    2 +-
 vendor/go.uber.org/atomic/error.go            |   14 +-
 vendor/go.uber.org/atomic/float32.go          |    2 +-
 vendor/go.uber.org/atomic/float64.go          |    2 +-
 vendor/go.uber.org/atomic/int32.go            |    2 +-
 vendor/go.uber.org/atomic/int64.go            |    2 +-
 vendor/go.uber.org/atomic/pointer_go118.go    |   41 +-
 .../atomic/pointer_go118_pre119.go            |   60 +
 vendor/go.uber.org/atomic/string.go           |   23 +-
 vendor/go.uber.org/atomic/string_ext.go       |   15 +-
 vendor/go.uber.org/atomic/time.go             |    2 +-
 vendor/go.uber.org/atomic/uint32.go           |    2 +-
 vendor/go.uber.org/atomic/uint64.go           |    2 +-
 vendor/go.uber.org/atomic/uintptr.go          |    2 +-
 vendor/go.uber.org/zap/.golangci.yml          |   77 +
 vendor/go.uber.org/zap/CHANGELOG.md           |  242 +-
 vendor/go.uber.org/zap/Makefile               |   87 +-
 vendor/go.uber.org/zap/README.md              |   62 +-
 vendor/go.uber.org/zap/array.go               |  127 +
 vendor/go.uber.org/zap/array_go118.go         |  156 -
 vendor/go.uber.org/zap/buffer/buffer.go       |    5 +
 vendor/go.uber.org/zap/buffer/pool.go         |   20 +-
 vendor/go.uber.org/zap/config.go              |   84 +-
 vendor/go.uber.org/zap/error.go               |   14 +-
 vendor/go.uber.org/zap/field.go               |  194 +-
 vendor/go.uber.org/zap/http_handler.go        |   19 +-
 .../go.uber.org/zap/internal/level_enabler.go |    2 +
 vendor/go.uber.org/zap/internal/pool/pool.go  |   58 +
 .../stacktrace/stack.go}                      |   81 +-
 vendor/go.uber.org/zap/level.go               |    9 +-
 vendor/go.uber.org/zap/logger.go              |   48 +-
 vendor/go.uber.org/zap/sink.go                |    5 +-
 vendor/go.uber.org/zap/sugar.go               |   69 +-
 vendor/go.uber.org/zap/writer.go              |   12 +-
 .../zap/zapcore/console_encoder.go            |   14 +-
 vendor/go.uber.org/zap/zapcore/core.go        |    6 +-
 vendor/go.uber.org/zap/zapcore/entry.go       |   22 +-
 vendor/go.uber.org/zap/zapcore/error.go       |   14 +-
 .../go.uber.org/zap/zapcore/json_encoder.go   |  155 +-
 vendor/go.uber.org/zap/zapcore/lazy_with.go   |   54 +
 vendor/go.uber.org/zap/zapcore/sampler.go     |    9 +-
 vendor/go4.org/intern/LICENSE                 |   29 +
 vendor/go4.org/intern/README.md               |   19 +
 vendor/go4.org/intern/intern.go               |  183 +
 .../unsafe/assume-no-moving-gc/LICENSE        |   29 +
 .../unsafe/assume-no-moving-gc/README.md      |   13 +
 .../assume-no-moving-gc.go                    |   32 +
 .../unsafe/assume-no-moving-gc/check.go       |   36 +
 vendor/golang.org/x/exp/slices/cmp.go         |   44 +
 vendor/golang.org/x/exp/slices/slices.go      |  381 +-
 vendor/golang.org/x/exp/slices/sort.go        |  125 +-
 .../slices/{zsortfunc.go => zsortanyfunc.go}  |  154 +-
 .../golang.org/x/exp/slices/zsortordered.go   |   34 +-
 vendor/golang.org/x/exp/slog/attr.go          |  102 +
 vendor/golang.org/x/exp/slog/doc.go           |  316 +
 vendor/golang.org/x/exp/slog/handler.go       |  559 ++
 .../x/exp/slog/internal/buffer/buffer.go      |   84 +
 .../x/exp/slog/internal/ignorepc.go           |    9 +
 vendor/golang.org/x/exp/slog/json_handler.go  |  336 +
 vendor/golang.org/x/exp/slog/level.go         |  201 +
 vendor/golang.org/x/exp/slog/logger.go        |  343 +
 vendor/golang.org/x/exp/slog/noplog.bench     |   36 +
 vendor/golang.org/x/exp/slog/record.go        |  207 +
 vendor/golang.org/x/exp/slog/text_handler.go  |  161 +
 vendor/golang.org/x/exp/slog/value.go         |  456 +
 vendor/golang.org/x/exp/slog/value_119.go     |   53 +
 vendor/golang.org/x/exp/slog/value_120.go     |   39 +
 .../x/mod/internal/lazyregexp/lazyre.go       |    2 +-
 vendor/golang.org/x/mod/modfile/read.go       |    2 +-
 vendor/golang.org/x/mod/modfile/rule.go       |   24 +-
 vendor/golang.org/x/mod/modfile/work.go       |    4 +-
 vendor/golang.org/x/mod/module/module.go      |   30 +-
 vendor/golang.org/x/mod/module/pseudo.go      |    2 +-
 vendor/golang.org/x/mod/semver/semver.go      |    6 +-
 vendor/golang.org/x/mod/sumdb/note/note.go    |   38 +-
 vendor/golang.org/x/oauth2/deviceauth.go      |  198 +
 .../x/oauth2/google/appengine_gen1.go         |    1 -
 .../x/oauth2/google/appengine_gen2_flex.go    |    1 -
 vendor/golang.org/x/oauth2/google/default.go  |   31 +-
 vendor/golang.org/x/oauth2/google/google.go   |   46 +-
 .../google/internal/externalaccount/aws.go    |   47 +-
 .../externalaccount/basecredentials.go        |   45 +-
 .../externalaccount/executablecredsource.go   |    4 +
 .../externalaccount/filecredsource.go         |    4 +
 .../google/internal/externalaccount/header.go |   64 +
 .../internal/externalaccount/urlcredsource.go |    4 +
 .../externalaccountauthorizeduser.go          |  114 +
 .../clientauth.go                             |    8 +-
 .../sts_exchange.go                           |   42 +-
 .../x/oauth2/internal/client_appengine.go     |    1 -
 vendor/golang.org/x/oauth2/internal/token.go  |   70 +-
 vendor/golang.org/x/oauth2/oauth2.go          |   33 +-
 vendor/golang.org/x/oauth2/pkce.go            |   68 +
 vendor/golang.org/x/oauth2/token.go           |    2 +-
 vendor/golang.org/x/sync/errgroup/go120.go    |    1 -
 .../golang.org/x/sync/errgroup/pre_go120.go   |    1 -
 .../golang.org/x/sys/windows/registry/key.go  |  206 +
 .../x/sys/windows/registry/mksyscall.go       |   10 +
 .../x/sys/windows/registry/syscall.go         |   33 +
 .../x/sys/windows/registry/value.go           |  387 +
 .../sys/windows/registry/zsyscall_windows.go  |  117 +
 .../x/tools/cmd/stringer/stringer.go          |    5 +-
 .../x/tools/go/ast/inspector/inspector.go     |    4 +-
 .../tools/go/internal/packagesdriver/sizes.go |   11 +-
 vendor/golang.org/x/tools/go/packages/doc.go  |    2 +-
 .../golang.org/x/tools/go/packages/golist.go  |   19 +-
 .../x/tools/go/packages/packages.go           |   16 +-
 .../x/tools/go/types/objectpath/objectpath.go |  827 ++
 vendor/golang.org/x/tools/imports/forward.go  |    4 +-
 .../x/tools/internal/event/tag/tag.go         |    2 +-
 .../x/tools/internal/fastwalk/fastwalk.go     |   16 +-
 .../internal/fastwalk/fastwalk_portable.go    |   11 +-
 .../x/tools/internal/gcimporter/gcimporter.go |    3 +-
 .../x/tools/internal/gcimporter/iexport.go    |  175 +-
 .../x/tools/internal/gcimporter/iimport.go    |  188 +-
 .../x/tools/internal/gocommand/invoke.go      |    4 +-
 .../x/tools/internal/gopathwalk/walk.go       |   20 +-
 .../x/tools/internal/imports/fix.go           |    7 +-
 .../x/tools/internal/imports/mod.go           |   13 +-
 .../x/tools/internal/imports/mod_cache.go     |    2 +-
 .../x/tools/internal/imports/zstdlib.go       |  230 +
 .../x/tools/internal/typeparams/common.go     |   26 +
 .../x/tools/internal/typeparams/coretype.go   |    8 +-
 .../x/tools/internal/typeparams/termlist.go   |    2 +-
 .../internal/typeparams/typeparams_go117.go   |    2 +-
 .../internal/typeparams/typeparams_go118.go   |    2 +-
 .../x/tools/internal/typeparams/typeterm.go   |    9 +-
 .../internal/typesinternal/objectpath.go      |   24 +
 vendor/golang.org/x/xerrors/LICENSE           |   27 +
 vendor/golang.org/x/xerrors/PATENTS           |   22 +
 vendor/golang.org/x/xerrors/README            |    2 +
 vendor/golang.org/x/xerrors/adaptor.go        |  193 +
 vendor/golang.org/x/xerrors/codereview.cfg    |    1 +
 vendor/golang.org/x/xerrors/doc.go            |   23 +
 vendor/golang.org/x/xerrors/errors.go         |   33 +
 vendor/golang.org/x/xerrors/fmt.go            |  190 +
 vendor/golang.org/x/xerrors/format.go         |   34 +
 vendor/golang.org/x/xerrors/frame.go          |   56 +
 .../golang.org/x/xerrors/internal/internal.go |    8 +
 vendor/golang.org/x/xerrors/wrap.go           |  112 +
 .../google.golang.org/api/idtoken/validate.go |   19 +-
 vendor/google.golang.org/api/internal/cba.go  |   40 +-
 .../google.golang.org/api/internal/creds.go   |    5 +-
 vendor/google.golang.org/api/internal/s2a.go  |    2 +-
 .../api/internal/settings.go                  |   17 +
 .../google.golang.org/api/internal/version.go |    2 +-
 .../option/internaloption/internaloption.go   |   13 +
 .../api/transport/http/dial.go                |   17 +-
 .../api/transport/http/dial_appengine.go      |   21 -
 .../google.golang.org/appengine/.travis.yml   |   18 -
 .../appengine/CONTRIBUTING.md                 |    6 +-
 vendor/google.golang.org/appengine/README.md  |    6 +-
 .../google.golang.org/appengine/appengine.go  |   23 +-
 .../appengine/appengine_vm.go                 |   12 +-
 .../google.golang.org/appengine/identity.go   |    3 +-
 .../appengine/internal/api.go                 |  347 +-
 .../appengine/internal/api_classic.go         |   29 +-
 .../appengine/internal/api_common.go          |   50 +-
 .../appengine/internal/identity.go            |    7 +-
 .../appengine/internal/identity_classic.go    |   23 +-
 .../appengine/internal/identity_flex.go       |    1 +
 .../appengine/internal/identity_vm.go         |   20 +-
 .../appengine/internal/main.go                |    1 +
 .../appengine/internal/main_vm.go             |    3 +-
 .../internal/socket/socket_service.pb.go      | 2822 ------
 .../internal/socket/socket_service.proto      |  460 -
 .../appengine/internal/transaction.go         |   10 +-
 .../google.golang.org/appengine/namespace.go  |    3 +-
 .../google.golang.org/appengine/socket/doc.go |   10 -
 .../appengine/socket/socket_classic.go        |  290 -
 .../appengine/socket/socket_vm.go             |   64 -
 vendor/google.golang.org/appengine/timeout.go |    2 +-
 .../appengine/travis_install.sh               |   18 -
 .../appengine/travis_test.sh                  |   12 -
 .../appengine/urlfetch/urlfetch.go            |    9 +-
 vendor/google.golang.org/grpc/README.md       |   60 +-
 .../grpc/attributes/attributes.go             |   59 +-
 .../grpc/balancer/balancer.go                 |   62 +-
 .../grpc/balancer/base/balancer.go            |   22 +-
 .../grpc/balancer_conn_wrappers.go            |   75 +-
 .../grpc_binarylog_v1/binarylog.pb.go         |    2 +-
 vendor/google.golang.org/grpc/call.go         |   11 +-
 vendor/google.golang.org/grpc/clientconn.go   |  248 +-
 vendor/google.golang.org/grpc/codec.go        |    8 +-
 vendor/google.golang.org/grpc/dialoptions.go  |   42 +-
 .../grpc/encoding/encoding.go                 |   17 +-
 .../grpc/encoding/proto/proto.go              |    4 +-
 .../grpc/grpclog/component.go                 |   40 +-
 .../google.golang.org/grpc/grpclog/grpclog.go |   30 +-
 .../google.golang.org/grpc/grpclog/logger.go  |   30 +-
 .../grpc/grpclog/loggerv2.go                  |   56 +-
 vendor/google.golang.org/grpc/interceptor.go  |   12 +-
 .../grpc/internal/backoff/backoff.go          |   36 +
 .../balancer/gracefulswitch/gracefulswitch.go |   59 +-
 .../grpc/internal/balancerload/load.go        |    4 +-
 .../grpc/internal/binarylog/method_logger.go  |    4 +-
 .../grpc/internal/buffer/unbounded.go         |   18 +-
 .../grpc/internal/channelz/funcs.go           |   69 +-
 .../grpc/internal/channelz/logging.go         |   12 +-
 .../grpc/internal/channelz/types.go           |    5 +
 .../grpc/internal/channelz/util_linux.go      |    2 +-
 .../grpc/internal/channelz/util_nonlinux.go   |    2 +-
 .../grpc/internal/credentials/credentials.go  |    8 +-
 .../grpc/internal/envconfig/envconfig.go      |   12 +-
 .../grpc/internal/grpclog/grpclog.go          |   40 +-
 .../grpc/internal/grpclog/prefixLogger.go     |    8 +-
 .../grpc/internal/grpcrand/grpcrand.go        |    7 +
 .../internal/grpcsync/callback_serializer.go  |   54 +-
 .../grpc/internal/grpcsync/pubsub.go          |  121 +
 .../grpc/{ => internal/idle}/idle.go          |  188 +-
 .../grpc/internal/internal.go                 |   51 +-
 .../grpc/internal/metadata/metadata.go        |    2 +-
 .../grpc/internal/pretty/pretty.go            |    2 +-
 .../grpc/internal/resolver/config_selector.go |    4 +-
 .../internal/resolver/dns/dns_resolver.go     |   74 +-
 .../grpc/internal/status/status.go            |   36 +-
 .../grpc/internal/transport/controlbuf.go     |   16 +-
 .../grpc/internal/transport/handler_server.go |   13 +-
 .../grpc/internal/transport/http2_client.go   |   56 +-
 .../grpc/internal/transport/http2_server.go   |   22 +-
 .../grpc/internal/transport/http_util.go      |   77 +-
 .../grpc/internal/transport/transport.go      |   19 +-
 .../google.golang.org/grpc/picker_wrapper.go  |   34 +-
 vendor/google.golang.org/grpc/pickfirst.go    |   88 +-
 vendor/google.golang.org/grpc/preloader.go    |    2 +-
 vendor/google.golang.org/grpc/resolver/map.go |   10 +-
 .../grpc/resolver/resolver.go                 |   84 +-
 .../grpc/resolver_conn_wrapper.go             |   10 +-
 vendor/google.golang.org/grpc/rpc_util.go     |   44 +-
 vendor/google.golang.org/grpc/server.go       |  231 +-
 .../grpc/shared_buffer_pool.go                |  154 +
 vendor/google.golang.org/grpc/stats/stats.go  |   14 +-
 .../google.golang.org/grpc/status/status.go   |   14 +-
 vendor/google.golang.org/grpc/stream.go       |  130 +-
 vendor/google.golang.org/grpc/tap/tap.go      |    6 +
 vendor/google.golang.org/grpc/trace.go        |    6 +-
 vendor/google.golang.org/grpc/version.go      |    2 +-
 vendor/google.golang.org/grpc/vet.sh          |   10 +-
 .../protobuf/encoding/protojson/encode.go     |   14 +-
 .../protobuf/encoding/prototext/encode.go     |   14 +-
 .../protobuf/internal/encoding/json/encode.go |   10 +-
 .../protobuf/internal/encoding/text/encode.go |   10 +-
 .../protobuf/internal/genid/descriptor_gen.go |   48 +
 .../protobuf/internal/genid/type_gen.go       |    6 +
 .../protobuf/internal/order/order.go          |    2 +-
 .../protobuf/internal/version/version.go      |    2 +-
 .../google.golang.org/protobuf/proto/size.go  |   10 +-
 .../reflect/protoreflect/source_gen.go        |   27 +
 .../types/descriptorpb/descriptor.pb.go       | 1011 +-
 .../protobuf/types/known/anypb/any.pb.go      |   70 +-
 .../protobuf/types/known/emptypb/empty.pb.go  |  166 -
 .../types/known/structpb/struct.pb.go         |    2 +-
 .../types/known/timestamppb/timestamp.pb.go   |    2 +-
 .../gopkg.in/DataDog/dd-trace-go.v1/LICENSE   |  234 +
 .../dd-trace-go.v1/LICENSE-3rdparty.csv       |    4 +
 .../DataDog/dd-trace-go.v1/LICENSE-APACHE     |  200 +
 .../DataDog/dd-trace-go.v1/LICENSE-BSD3       |   24 +
 vendor/gopkg.in/DataDog/dd-trace-go.v1/NOTICE |    4 +
 .../datastreams/options/options.go            |   10 +
 .../DataDog/dd-trace-go.v1/ddtrace/ddtrace.go |  158 +
 .../dd-trace-go.v1/ddtrace/ext/app_types.go   |   81 +
 .../DataDog/dd-trace-go.v1/ddtrace/ext/db.go  |   87 +
 .../dd-trace-go.v1/ddtrace/ext/messaging.go   |   25 +
 .../dd-trace-go.v1/ddtrace/ext/peer.go        |   20 +
 .../dd-trace-go.v1/ddtrace/ext/priority.go    |   27 +
 .../DataDog/dd-trace-go.v1/ddtrace/ext/rpc.go |   34 +
 .../dd-trace-go.v1/ddtrace/ext/span_kind.go   |   32 +
 .../dd-trace-go.v1/ddtrace/ext/system.go      |   12 +
 .../dd-trace-go.v1/ddtrace/ext/tags.go        |  120 +
 .../ddtrace/internal/globaltracer.go          |  104 +
 .../ddtrace/tracer/abandonedspans.go          |  300 +
 .../dd-trace-go.v1/ddtrace/tracer/context.go  |   59 +
 .../ddtrace/tracer/data_streams.go            |   64 +
 .../dd-trace-go.v1/ddtrace/tracer/doc.go      |  110 +
 .../dd-trace-go.v1/ddtrace/tracer/log.go      |  136 +
 .../dd-trace-go.v1/ddtrace/tracer/metrics.go  |  101 +
 .../dd-trace-go.v1/ddtrace/tracer/option.go   | 1292 +++
 .../dd-trace-go.v1/ddtrace/tracer/payload.go  |  153 +
 .../ddtrace/tracer/propagating_tags.go        |   68 +
 .../ddtrace/tracer/propagator.go              |   57 +
 .../dd-trace-go.v1/ddtrace/tracer/rand.go     |   56 +
 .../ddtrace/tracer/rules_sampler.go           |  593 ++
 .../dd-trace-go.v1/ddtrace/tracer/sampler.go  |  150 +
 .../dd-trace-go.v1/ddtrace/tracer/span.go     |  735 ++
 .../ddtrace/tracer/span_msgp.go               |  453 +
 .../ddtrace/tracer/spancontext.go             |  559 ++
 .../ddtrace/tracer/sqlcomment.go              |  300 +
 .../dd-trace-go.v1/ddtrace/tracer/stats.go    |  351 +
 .../ddtrace/tracer/stats_payload.go           |   56 +
 .../ddtrace/tracer/stats_payload_msgp.go      |  450 +
 .../ddtrace/tracer/telemetry.go               |  101 +
 .../dd-trace-go.v1/ddtrace/tracer/textmap.go  | 1037 ++
 .../dd-trace-go.v1/ddtrace/tracer/time.go     |   17 +
 .../ddtrace/tracer/time_windows.go            |   48 +
 .../dd-trace-go.v1/ddtrace/tracer/tracer.go   |  716 ++
 .../ddtrace/tracer/transport.go               |  214 +
 .../dd-trace-go.v1/ddtrace/tracer/util.go     |  124 +
 .../dd-trace-go.v1/ddtrace/tracer/writer.go   |  340 +
 .../internal/active_span_key.go               |   11 +
 .../DataDog/dd-trace-go.v1/internal/agent.go  |   36 +
 .../dd-trace-go.v1/internal/appsec/appsec.go  |  183 +
 .../internal/appsec/appsec_disabled.go        |   38 +
 .../dd-trace-go.v1/internal/appsec/config.go  |  189 +
 .../appsec/dyngo/instrumentation/common.go    |  166 +
 .../dyngo/instrumentation/grpcsec/grpc.go     |  209 +
 .../dyngo/instrumentation/grpcsec/tags.go     |   36 +
 .../dyngo/instrumentation/httpsec/http.go     |  337 +
 .../dyngo/instrumentation/httpsec/tags.go     |  133 +
 .../instrumentation/sharedsec/actions.go      |  135 +
 .../sharedsec/blocked-template.html           |    1 +
 .../sharedsec/blocked-template.json           |    1 +
 .../dyngo/instrumentation/sharedsec/shared.go |   80 +
 .../internal/appsec/dyngo/operation.go        |  353 +
 .../dd-trace-go.v1/internal/appsec/limiter.go |  143 +
 .../internal/appsec/remoteconfig.go           |  381 +
 .../dd-trace-go.v1/internal/appsec/rules.go   |   17 +
 .../dd-trace-go.v1/internal/appsec/rules.json | 7079 +++++++++++++
 .../internal/appsec/rules_manager.go          |  147 +
 .../dd-trace-go.v1/internal/appsec/waf.go     |  555 ++
 .../dd-trace-go.v1/internal/container.go      |   71 +
 .../internal/datastreams/pathway.go           |   96 +
 .../internal/datastreams/payload.go           |   84 +
 .../internal/datastreams/payload_msgp.go      |  907 ++
 .../internal/datastreams/processor.go         |  472 +
 .../internal/datastreams/propagator.go        |   87 +
 .../internal/datastreams/transport.go         |  115 +
 .../DataDog/dd-trace-go.v1/internal/env.go    |   94 +
 .../dd-trace-go.v1/internal/gitmetadata.go    |  123 +
 .../internal/gitmetadatabinary.go             |   41 +
 .../internal/gitmetadatabinary_legacy.go      |   19 +
 .../internal/globalconfig/globalconfig.go     |   95 +
 .../internal/hostname/azure/azure.go          |   63 +
 .../internal/hostname/cachedfetch/fetcher.go  |   86 +
 .../internal/hostname/ec2/ec2.go              |   72 +
 .../internal/hostname/ecs/aws.go              |   54 +
 .../internal/hostname/fqdn_nix.go             |   28 +
 .../internal/hostname/fqdn_windows.go         |   14 +
 .../internal/hostname/gce/gce.go              |  120 +
 .../internal/hostname/httputils/helpers.go    |   74 +
 .../internal/hostname/providers.go            |  245 +
 .../internal/hostname/validate/validate.go    |   57 +
 .../dd-trace-go.v1/internal/log/log.go        |  243 +
 .../internal/namingschema/namingschema.go     |  117 +
 .../internal/namingschema/op_cache.go         |   46 +
 .../internal/namingschema/op_client_server.go |   85 +
 .../internal/namingschema/op_db.go            |   50 +
 .../internal/namingschema/op_messaging.go     |   84 +
 .../internal/namingschema/option.go           |   20 +
 .../internal/namingschema/service_name.go     |   50 +
 .../internal/normalizer/normalizer.go         |   50 +
 .../dd-trace-go.v1/internal/osinfo/osinfo.go  |   21 +
 .../internal/osinfo/osinfo_darwin.go          |   24 +
 .../internal/osinfo/osinfo_default.go         |   21 +
 .../internal/osinfo/osinfo_freebsd.go         |   24 +
 .../internal/osinfo/osinfo_linux.go           |   52 +
 .../internal/osinfo/osinfo_windows.go         |   54 +
 .../internal/remoteconfig/config.go           |   75 +
 .../internal/remoteconfig/remoteconfig.go     |  414 +
 .../internal/remoteconfig/types.go            |   83 +
 .../internal/samplernames/samplernames.go     |   37 +
 .../DataDog/dd-trace-go.v1/internal/statsd.go |   17 +
 .../internal/telemetry/client.go              |  580 ++
 .../internal/telemetry/message.go             |  257 +
 .../internal/telemetry/option.go              |  142 +
 .../internal/telemetry/telemetry.go           |  115 +
 .../internal/telemetry/utils.go               |   50 +
 .../dd-trace-go.v1/internal/trace_context.go  |   47 +
 .../internal/traceprof/endpoint_counter.go    |  105 +
 .../internal/traceprof/profiler.go            |   35 +
 .../internal/traceprof/traceprof.go           |   21 +
 .../DataDog/dd-trace-go.v1/internal/utils.go  |   64 +
 .../internal/version/version.go               |   43 +
 .../go-jose/go-jose.v2/.gitcookies.sh.enc     |    1 +
 vendor/gopkg.in/go-jose/go-jose.v2/.gitignore |    8 +
 .../gopkg.in/go-jose/go-jose.v2/.travis.yml   |   45 +
 .../go-jose/go-jose.v2/CONTRIBUTING.md        |   14 +
 vendor/gopkg.in/go-jose/go-jose.v2/LICENSE    |  202 +
 vendor/gopkg.in/go-jose/go-jose.v2/README.md  |  118 +
 .../gopkg.in/go-jose/go-jose.v2/asymmetric.go |  592 ++
 .../go-jose/go-jose.v2/cipher/cbc_hmac.go     |  196 +
 .../go-jose/go-jose.v2/cipher/concat_kdf.go   |   75 +
 .../go-jose/go-jose.v2/cipher/ecdh_es.go      |   86 +
 .../go-jose/go-jose.v2/cipher/key_wrap.go     |  109 +
 vendor/gopkg.in/go-jose/go-jose.v2/crypter.go |  542 +
 vendor/gopkg.in/go-jose/go-jose.v2/doc.go     |   27 +
 .../gopkg.in/go-jose/go-jose.v2/encoding.go   |  185 +
 .../gopkg.in/go-jose/go-jose.v2/json/LICENSE  |   27 +
 .../go-jose/go-jose.v2/json/README.md         |   13 +
 .../go-jose/go-jose.v2/json/decode.go         | 1217 +++
 .../go-jose/go-jose.v2/json/encode.go         | 1197 +++
 .../go-jose/go-jose.v2/json/indent.go         |  141 +
 .../go-jose/go-jose.v2/json/scanner.go        |  623 ++
 .../go-jose/go-jose.v2/json/stream.go         |  485 +
 .../gopkg.in/go-jose/go-jose.v2/json/tags.go  |   44 +
 vendor/gopkg.in/go-jose/go-jose.v2/jwe.go     |  294 +
 vendor/gopkg.in/go-jose/go-jose.v2/jwk.go     |  760 ++
 vendor/gopkg.in/go-jose/go-jose.v2/jws.go     |  366 +
 vendor/gopkg.in/go-jose/go-jose.v2/opaque.go  |  144 +
 vendor/gopkg.in/go-jose/go-jose.v2/shared.go  |  520 +
 vendor/gopkg.in/go-jose/go-jose.v2/signing.go |  441 +
 .../gopkg.in/go-jose/go-jose.v2/symmetric.go  |  482 +
 vendor/inet.af/netaddr/.gitignore             |    3 +
 vendor/inet.af/netaddr/.gitmodules            |    3 +
 vendor/inet.af/netaddr/AUTHORS                |    4 +
 vendor/inet.af/netaddr/LICENSE                |   27 +
 vendor/inet.af/netaddr/README.md              |   46 +
 vendor/inet.af/netaddr/fuzz.go                |  203 +
 vendor/inet.af/netaddr/ipset.go               |  497 +
 vendor/inet.af/netaddr/mask6.go               |  141 +
 vendor/inet.af/netaddr/netaddr.go             | 1919 ++++
 vendor/inet.af/netaddr/uint128.go             |   82 +
 .../admissionregistration/v1/generated.proto  |    4 +-
 .../api/admissionregistration/v1/types.go     |    4 +-
 .../v1/types_swagger_doc_generated.go         |    4 +-
 .../v1alpha1/generated.pb.go                  |  541 +-
 .../v1alpha1/generated.proto                  |   92 +-
 .../admissionregistration/v1alpha1/types.go   |  105 +-
 .../v1alpha1/types_swagger_doc_generated.go   |   25 +-
 .../v1alpha1/zz_generated.deepcopy.go         |   33 +-
 .../v1beta1/generated.pb.go                   | 5927 +++++++++--
 .../v1beta1/generated.proto                   |  564 +-
 .../admissionregistration/v1beta1/register.go |    4 +
 .../admissionregistration/v1beta1/types.go    |  594 +-
 .../v1beta1/types_swagger_doc_generated.go    |  178 +-
 .../v1beta1/zz_generated.deepcopy.go          |  448 +-
 .../zz_generated.prerelease-lifecycle.go      |   72 +
 .../api/apidiscovery/v2beta1/generated.proto  |    4 +-
 .../k8s.io/api/apidiscovery/v2beta1/types.go  |    4 +-
 .../v1alpha1/generated.pb.go                  |  148 +-
 .../v1alpha1/generated.proto                  |    5 +
 .../api/apiserverinternal/v1alpha1/types.go   |    5 +
 .../v1alpha1/types_swagger_doc_generated.go   |    1 +
 .../v1alpha1/zz_generated.deepcopy.go         |    5 +
 vendor/k8s.io/api/apps/v1/types.go            |    3 +-
 .../api/authentication/v1/generated.pb.go     |  511 +-
 .../api/authentication/v1/generated.proto     |   20 +
 .../k8s.io/api/authentication/v1/register.go  |    1 +
 vendor/k8s.io/api/authentication/v1/types.go  |   25 +
 .../v1/types_swagger_doc_generated.go         |   19 +
 .../v1/zz_generated.deepcopy.go               |   44 +
 vendor/k8s.io/api/batch/v1/generated.pb.go    |  398 +-
 vendor/k8s.io/api/batch/v1/generated.proto    |   63 +
 vendor/k8s.io/api/batch/v1/types.go           |   93 +
 .../batch/v1/types_swagger_doc_generated.go   |    7 +-
 .../api/batch/v1/zz_generated.deepcopy.go     |   25 +
 .../api/core/v1/annotation_key_constants.go   |    6 +-
 vendor/k8s.io/api/core/v1/generated.pb.go     | 3017 +++---
 vendor/k8s.io/api/core/v1/generated.proto     |  193 +-
 vendor/k8s.io/api/core/v1/types.go            |  235 +-
 .../core/v1/types_swagger_doc_generated.go    |   66 +-
 .../k8s.io/api/core/v1/well_known_labels.go   |    4 +
 .../api/core/v1/zz_generated.deepcopy.go      |   75 +-
 .../k8s.io/api/discovery/v1/generated.proto   |    2 +
 vendor/k8s.io/api/discovery/v1/types.go       |    2 +
 .../v1/types_swagger_doc_generated.go         |    2 +-
 .../api/extensions/v1beta1/generated.pb.go    |  610 +-
 .../api/extensions/v1beta1/generated.proto    |   17 -
 vendor/k8s.io/api/extensions/v1beta1/types.go |   50 +-
 .../v1beta1/types_swagger_doc_generated.go    |   10 -
 .../v1beta1/zz_generated.deepcopy.go          |   24 -
 .../api/flowcontrol/v1alpha1/generated.pb.go  |  477 +-
 .../api/flowcontrol/v1alpha1/generated.proto  |   42 +
 .../k8s.io/api/flowcontrol/v1alpha1/types.go  |   45 +
 .../v1alpha1/types_swagger_doc_generated.go   |   11 +
 .../v1alpha1/zz_generated.deepcopy.go         |   31 +
 .../api/flowcontrol/v1beta1/generated.pb.go   |  476 +-
 .../api/flowcontrol/v1beta1/generated.proto   |   42 +
 .../k8s.io/api/flowcontrol/v1beta1/types.go   |   49 +-
 .../v1beta1/types_swagger_doc_generated.go    |   11 +
 .../v1beta1/zz_generated.deepcopy.go          |   31 +
 .../api/flowcontrol/v1beta2/generated.pb.go   |  477 +-
 .../api/flowcontrol/v1beta2/generated.proto   |   42 +
 .../k8s.io/api/flowcontrol/v1beta2/types.go   |   49 +-
 .../v1beta2/types_swagger_doc_generated.go    |   11 +
 .../v1beta2/zz_generated.deepcopy.go          |   31 +
 .../api/flowcontrol/v1beta3/generated.pb.go   |  475 +-
 .../api/flowcontrol/v1beta3/generated.proto   |   46 +-
 .../k8s.io/api/flowcontrol/v1beta3/types.go   |   53 +-
 .../v1beta3/types_swagger_doc_generated.go    |   13 +-
 .../v1beta3/zz_generated.deepcopy.go          |   31 +
 .../k8s.io/api/networking/v1/generated.pb.go  |  443 +-
 .../k8s.io/api/networking/v1/generated.proto  |   17 -
 vendor/k8s.io/api/networking/v1/types.go      |   50 +-
 .../v1/types_swagger_doc_generated.go         |   10 -
 .../networking/v1/zz_generated.deepcopy.go    |   24 -
 vendor/k8s.io/api/rbac/v1/generated.proto     |    2 +
 vendor/k8s.io/api/rbac/v1/types.go            |    2 +
 .../rbac/v1/types_swagger_doc_generated.go    |    4 +-
 .../k8s.io/apimachinery/pkg/api/errors/OWNERS |    1 -
 .../k8s.io/apimachinery/pkg/api/meta/help.go  |   83 +-
 .../apimachinery/pkg/api/resource/OWNERS      |    1 -
 .../pkg/apis/meta/v1/generated.proto          |    2 -
 .../apimachinery/pkg/apis/meta/v1/types.go    |   22 +-
 .../apis/meta/v1/unstructured/unstructured.go |    5 +
 .../meta/v1/unstructured/unstructured_list.go |    9 +
 .../k8s.io/apimachinery/pkg/runtime/codec.go  |    1 -
 .../apimachinery/pkg/runtime/converter.go     |    4 +-
 .../apimachinery/pkg/runtime/interfaces.go    |    5 +
 .../pkg/runtime/schema/group_version.go       |    2 +-
 .../k8s.io/apimachinery/pkg/runtime/splice.go |   76 +
 .../apimachinery/pkg/util/cache/expiring.go   |   12 +-
 .../k8s.io/apimachinery/pkg/util/diff/diff.go |   37 +-
 .../k8s.io/apimachinery/pkg/util/dump/dump.go |   54 +
 .../pkg/util/httpstream/spdy/roundtripper.go  |    4 +-
 .../apimachinery/pkg/util/intstr/intstr.go    |    7 +-
 .../managedfields/internal/fieldmanager.go    |   25 +-
 .../managedfields/internal/skipnonapplied.go  |   14 +-
 .../managedfields/internal/structuredmerge.go |    3 +
 .../managedfields/internal/versioncheck.go    |   52 +
 .../apimachinery/pkg/util/mergepatch/util.go  |    4 +-
 .../k8s.io/apimachinery/pkg/util/net/util.go  |    6 +
 .../apimachinery/pkg/util/runtime/runtime.go  |   15 +-
 .../pkg/util/strategicpatch/patch.go          |   63 +-
 .../apimachinery/pkg/util/version/version.go  |    5 +
 .../k8s.io/apimachinery/pkg/util/wait/loop.go |   19 +-
 .../k8s.io/apimachinery/pkg/util/wait/poll.go |   28 +-
 .../v1alpha1/paramref.go                      |   27 +-
 .../v1alpha1/validatingadmissionpolicyspec.go |   14 +
 .../v1alpha1/variable.go                      |   48 +
 .../v1beta1/auditannotation.go                |   48 +
 .../v1beta1/expressionwarning.go              |   48 +
 .../v1beta1/matchresources.go                 |   90 +
 .../v1beta1/namedrulewithoperations.go        |   95 +
 .../v1beta1/paramkind.go                      |   48 +
 .../admissionregistration/v1beta1/paramref.go |   71 +
 .../v1beta1/typechecking.go                   |   44 +
 .../v1beta1/validatingadmissionpolicy.go      |  256 +
 .../validatingadmissionpolicybinding.go       |  247 +
 .../validatingadmissionpolicybindingspec.go   |   72 +
 .../v1beta1/validatingadmissionpolicyspec.go  |  117 +
 .../validatingadmissionpolicystatus.go        |   66 +
 .../v1beta1/validation.go                     |   70 +
 .../admissionregistration/v1beta1/variable.go |   48 +
 .../v1alpha1/serverstorageversion.go          |   11 +
 .../applyconfigurations/batch/v1/jobspec.go   |   27 +
 .../applyconfigurations/batch/v1/jobstatus.go |   18 +
 .../applyconfigurations/core/v1/container.go  |    9 +
 .../core/v1/ephemeralcontainer.go             |    8 +
 .../core/v1/ephemeralcontainercommon.go       |    9 +
 .../applyconfigurations/core/v1/hostip.go     |   39 +
 .../core/v1/persistentvolumeclaimstatus.go    |   28 +-
 .../core/v1/persistentvolumestatus.go         |   16 +-
 .../core/v1/podresourceclaimstatus.go         |   48 +
 .../applyconfigurations/core/v1/podstatus.go  |   56 +-
 .../extensions/v1beta1/networkpolicy.go       |   11 +-
 .../extensions/v1beta1/networkpolicystatus.go |   48 -
 .../exemptprioritylevelconfiguration.go       |   48 +
 .../prioritylevelconfigurationspec.go         |    9 +
 .../exemptprioritylevelconfiguration.go       |   48 +
 .../v1beta1/prioritylevelconfigurationspec.go |    9 +
 .../exemptprioritylevelconfiguration.go       |   48 +
 .../v1beta2/prioritylevelconfigurationspec.go |    9 +
 .../exemptprioritylevelconfiguration.go       |   48 +
 .../v1beta3/prioritylevelconfigurationspec.go |    9 +
 .../applyconfigurations/internal/internal.go  |  440 +-
 .../networking/v1/networkpolicy.go            |   11 +-
 .../networking/v1/networkpolicystatus.go      |   48 -
 .../discovery/aggregated_discovery.go         |    6 +-
 .../discovery/cached/disk/cached_discovery.go |    2 +-
 .../discovery/cached/memory/memcache.go       |    2 +-
 .../client-go/discovery/discovery_client.go   |   48 +-
 .../v1beta1/admissionregistration_client.go   |   10 +
 .../v1beta1/generated_expansion.go            |    4 +
 .../v1beta1/validatingadmissionpolicy.go      |  243 +
 .../validatingadmissionpolicybinding.go       |  197 +
 .../v1/authentication_client.go               |    5 +
 .../authentication/v1/generated_expansion.go  |    2 +
 .../authentication/v1/selfsubjectreview.go    |   64 +
 .../typed/extensions/v1beta1/networkpolicy.go |   48 -
 .../typed/networking/v1/networkpolicy.go      |   48 -
 .../k8s.io/client-go/openapi/typeconverter.go |   48 +
 .../plugin/pkg/client/auth/exec/exec.go       |    6 +-
 vendor/k8s.io/client-go/rest/config.go        |   10 +-
 vendor/k8s.io/client-go/rest/request.go       |   28 +-
 vendor/k8s.io/client-go/rest/url_utils.go     |    4 +-
 vendor/k8s.io/client-go/tools/cache/OWNERS    |    4 +-
 .../client-go/tools/cache/controller.go       |    4 -
 .../client-go/tools/cache/object-names.go     |   65 +
 .../k8s.io/client-go/tools/cache/reflector.go |   30 +-
 .../client-go/tools/cache/shared_informer.go  |   37 +-
 vendor/k8s.io/client-go/tools/cache/store.go  |   31 +-
 .../client-go/tools/clientcmd/api/types.go    |   14 +-
 .../client-go/tools/clientcmd/loader.go       |   24 +-
 .../tools/leaderelection/leaderelection.go    |    5 +
 .../resourcelock/configmaplock.go             |  126 -
 .../resourcelock/endpointslock.go             |  121 -
 .../leaderelection/resourcelock/interface.go  |   42 +-
 .../k8s.io/client-go/tools/metrics/metrics.go |   48 +
 vendor/k8s.io/client-go/tools/pager/pager.go  |   36 +-
 vendor/k8s.io/client-go/tools/record/event.go |    5 +-
 .../client-go/tools/watch/retrywatcher.go     |    7 +-
 vendor/k8s.io/client-go/transport/cache.go    |    6 +
 vendor/k8s.io/client-go/util/cert/cert.go     |   34 +-
 .../kube-openapi/pkg/builder3/util/util.go    |   51 -
 .../k8s.io/kube-openapi/pkg/cached/cache.go   |  330 +-
 .../k8s.io/kube-openapi/pkg/common/common.go  |   38 -
 .../kube-openapi/pkg/handler3/handler.go      |   79 +-
 .../k8s.io/kube-openapi/pkg/internal/flags.go |    1 +
 .../kube-openapi/pkg/openapiconv/convert.go   |  322 -
 .../kube-openapi/pkg/schemamutation/walker.go |  519 -
 .../k8s.io/kube-openapi/pkg/spec3/encoding.go |   21 +
 .../k8s.io/kube-openapi/pkg/spec3/example.go  |   14 +
 .../pkg/spec3/external_documentation.go       |   13 +
 vendor/k8s.io/kube-openapi/pkg/spec3/fuzz.go  |   27 +
 .../k8s.io/kube-openapi/pkg/spec3/header.go   |   31 +
 .../kube-openapi/pkg/spec3/media_type.go      |   20 +
 .../kube-openapi/pkg/spec3/operation.go       |   27 +
 .../kube-openapi/pkg/spec3/parameter.go       |   31 +
 vendor/k8s.io/kube-openapi/pkg/spec3/path.go  |   47 +-
 .../kube-openapi/pkg/spec3/request_body.go    |   21 +
 .../k8s.io/kube-openapi/pkg/spec3/response.go |   52 +
 .../kube-openapi/pkg/spec3/security_scheme.go |   17 +
 .../k8s.io/kube-openapi/pkg/spec3/server.go   |   26 +
 vendor/k8s.io/kube-openapi/pkg/spec3/spec.go  |   25 +
 .../kube-openapi/pkg/util/proto/document.go   |    2 +-
 .../pkg/util/proto/document_v3.go             |    2 +-
 .../kube-openapi/pkg/validation/spec/fuzz.go  |  502 -
 .../pkg/validation/spec/gnostic.go            |    2 +-
 vendor/k8s.io/utils/pointer/pointer.go        |  283 +-
 vendor/k8s.io/utils/ptr/OWNERS                |   10 +
 vendor/k8s.io/utils/ptr/README.md             |    3 +
 vendor/k8s.io/utils/ptr/ptr.go                |   73 +
 vendor/modules.txt                            |  558 +-
 .../release-utils/version/version.go          |   68 +-
 .../v4/merge/conflict.go                      |    2 +-
 .../structured-merge-diff/v4/merge/update.go  |   51 +-
 .../v4/schema/elements.go                     |    3 +-
 .../v4/schema/schemaschema.go                 |    2 +-
 .../structured-merge-diff/v4/typed/merge.go   |   11 +-
 .../structured-merge-diff/v4/typed/typed.go   |    7 +-
 .../v4/typed/validate.go                      |    6 +
 .../v4/value/mapreflect.go                    |    2 +-
 .../v4/value/mapunstructured.go               |    8 +-
 .../v4/value/reflectcache.go                  |    4 +-
 vendor/sigs.k8s.io/yaml/LICENSE               |  256 +
 vendor/sigs.k8s.io/yaml/OWNERS                |    8 +-
 vendor/sigs.k8s.io/yaml/fields.go             |   55 +-
 vendor/sigs.k8s.io/yaml/goyaml.v2/LICENSE     |  201 +
 .../yaml/goyaml.v2/LICENSE.libyaml            |   31 +
 vendor/sigs.k8s.io/yaml/goyaml.v2/NOTICE      |   13 +
 vendor/sigs.k8s.io/yaml/goyaml.v2/OWNERS      |   24 +
 vendor/sigs.k8s.io/yaml/goyaml.v2/README.md   |  143 +
 vendor/sigs.k8s.io/yaml/goyaml.v2/apic.go     |  744 ++
 vendor/sigs.k8s.io/yaml/goyaml.v2/decode.go   |  815 ++
 vendor/sigs.k8s.io/yaml/goyaml.v2/emitterc.go | 1685 ++++
 vendor/sigs.k8s.io/yaml/goyaml.v2/encode.go   |  390 +
 vendor/sigs.k8s.io/yaml/goyaml.v2/parserc.go  | 1095 ++
 vendor/sigs.k8s.io/yaml/goyaml.v2/readerc.go  |  412 +
 vendor/sigs.k8s.io/yaml/goyaml.v2/resolve.go  |  258 +
 vendor/sigs.k8s.io/yaml/goyaml.v2/scannerc.go | 2711 +++++
 vendor/sigs.k8s.io/yaml/goyaml.v2/sorter.go   |  113 +
 vendor/sigs.k8s.io/yaml/goyaml.v2/writerc.go  |   26 +
 vendor/sigs.k8s.io/yaml/goyaml.v2/yaml.go     |  478 +
 vendor/sigs.k8s.io/yaml/goyaml.v2/yamlh.go    |  739 ++
 .../yaml/goyaml.v2/yamlprivateh.go            |  173 +
 vendor/sigs.k8s.io/yaml/yaml.go               |  145 +-
 vendor/sigs.k8s.io/yaml/yaml_go110.go         |   17 +
 2501 files changed, 284567 insertions(+), 43461 deletions(-)
 create mode 100644 vendor/github.com/Azure/go-ansiterm/SECURITY.md
 create mode 100644 vendor/github.com/DataDog/appsec-internal-go/LICENSE
 create mode 100644 vendor/github.com/DataDog/appsec-internal-go/httpsec/client_ip.go
 create mode 100644 vendor/github.com/DataDog/appsec-internal-go/netip/ip_default.go
 create mode 100644 vendor/github.com/DataDog/appsec-internal-go/netip/ip_go119.go
 create mode 100644 vendor/github.com/DataDog/datadog-agent/pkg/obfuscate/LICENSE
 create mode 100644 vendor/github.com/DataDog/datadog-agent/pkg/obfuscate/cache.go
 create mode 100644 vendor/github.com/DataDog/datadog-agent/pkg/obfuscate/credit_cards.go
 create mode 100644 vendor/github.com/DataDog/datadog-agent/pkg/obfuscate/http.go
 create mode 100644 vendor/github.com/DataDog/datadog-agent/pkg/obfuscate/json.go
 create mode 100644 vendor/github.com/DataDog/datadog-agent/pkg/obfuscate/json_scanner.go
 create mode 100644 vendor/github.com/DataDog/datadog-agent/pkg/obfuscate/memcached.go
 create mode 100644 vendor/github.com/DataDog/datadog-agent/pkg/obfuscate/obfuscate.go
 create mode 100644 vendor/github.com/DataDog/datadog-agent/pkg/obfuscate/redis.go
 create mode 100644 vendor/github.com/DataDog/datadog-agent/pkg/obfuscate/redis_tokenizer.go
 create mode 100644 vendor/github.com/DataDog/datadog-agent/pkg/obfuscate/sql.go
 create mode 100644 vendor/github.com/DataDog/datadog-agent/pkg/obfuscate/sql_tokenizer.go
 create mode 100644 vendor/github.com/DataDog/datadog-agent/pkg/remoteconfig/state/LICENSE
 create mode 100644 vendor/github.com/DataDog/datadog-agent/pkg/remoteconfig/state/README.md
 create mode 100644 vendor/github.com/DataDog/datadog-agent/pkg/remoteconfig/state/agent_config.go
 create mode 100644 vendor/github.com/DataDog/datadog-agent/pkg/remoteconfig/state/configs.go
 create mode 100644 vendor/github.com/DataDog/datadog-agent/pkg/remoteconfig/state/configs_agent_task.go
 create mode 100644 vendor/github.com/DataDog/datadog-agent/pkg/remoteconfig/state/configs_asm.go
 create mode 100644 vendor/github.com/DataDog/datadog-agent/pkg/remoteconfig/state/path.go
 create mode 100644 vendor/github.com/DataDog/datadog-agent/pkg/remoteconfig/state/products.go
 create mode 100644 vendor/github.com/DataDog/datadog-agent/pkg/remoteconfig/state/repository.go
 create mode 100644 vendor/github.com/DataDog/datadog-agent/pkg/remoteconfig/state/tuf.go
 create mode 100644 vendor/github.com/DataDog/datadog-go/v5/LICENSE.txt
 create mode 100644 vendor/github.com/DataDog/datadog-go/v5/statsd/README.md
 create mode 100644 vendor/github.com/DataDog/datadog-go/v5/statsd/aggregator.go
 create mode 100644 vendor/github.com/DataDog/datadog-go/v5/statsd/buffer.go
 create mode 100644 vendor/github.com/DataDog/datadog-go/v5/statsd/buffer_pool.go
 create mode 100644 vendor/github.com/DataDog/datadog-go/v5/statsd/buffered_metric_context.go
 create mode 100644 vendor/github.com/DataDog/datadog-go/v5/statsd/container.go
 create mode 100644 vendor/github.com/DataDog/datadog-go/v5/statsd/event.go
 create mode 100644 vendor/github.com/DataDog/datadog-go/v5/statsd/fnv1a.go
 create mode 100644 vendor/github.com/DataDog/datadog-go/v5/statsd/format.go
 create mode 100644 vendor/github.com/DataDog/datadog-go/v5/statsd/metrics.go
 create mode 100644 vendor/github.com/DataDog/datadog-go/v5/statsd/noop.go
 create mode 100644 vendor/github.com/DataDog/datadog-go/v5/statsd/options.go
 create mode 100644 vendor/github.com/DataDog/datadog-go/v5/statsd/pipe.go
 create mode 100644 vendor/github.com/DataDog/datadog-go/v5/statsd/pipe_windows.go
 create mode 100644 vendor/github.com/DataDog/datadog-go/v5/statsd/sender.go
 create mode 100644 vendor/github.com/DataDog/datadog-go/v5/statsd/service_check.go
 create mode 100644 vendor/github.com/DataDog/datadog-go/v5/statsd/statsd.go
 create mode 100644 vendor/github.com/DataDog/datadog-go/v5/statsd/telemetry.go
 create mode 100644 vendor/github.com/DataDog/datadog-go/v5/statsd/udp.go
 create mode 100644 vendor/github.com/DataDog/datadog-go/v5/statsd/uds.go
 create mode 100644 vendor/github.com/DataDog/datadog-go/v5/statsd/uds_windows.go
 create mode 100644 vendor/github.com/DataDog/datadog-go/v5/statsd/utils.go
 create mode 100644 vendor/github.com/DataDog/datadog-go/v5/statsd/worker.go
 create mode 100644 vendor/github.com/DataDog/go-libddwaf/.gitattributes
 create mode 100644 vendor/github.com/DataDog/go-libddwaf/.gitignore
 create mode 100644 vendor/github.com/DataDog/go-libddwaf/LICENSE
 create mode 100644 vendor/github.com/DataDog/go-libddwaf/README.md
 create mode 100644 vendor/github.com/DataDog/go-libddwaf/cgo_ref_pool.go
 create mode 100644 vendor/github.com/DataDog/go-libddwaf/context.go
 create mode 100644 vendor/github.com/DataDog/go-libddwaf/ctypes.go
 create mode 100644 vendor/github.com/DataDog/go-libddwaf/decoder.go
 create mode 100644 vendor/github.com/DataDog/go-libddwaf/embed_darwin_amd64.go
 create mode 100644 vendor/github.com/DataDog/go-libddwaf/embed_darwin_arm64.go
 create mode 100644 vendor/github.com/DataDog/go-libddwaf/embed_linux_amd64.go
 create mode 100644 vendor/github.com/DataDog/go-libddwaf/embed_linux_arm64.go
 create mode 100644 vendor/github.com/DataDog/go-libddwaf/encoder.go
 create mode 100644 vendor/github.com/DataDog/go-libddwaf/handle.go
 create mode 100644 vendor/github.com/DataDog/go-libddwaf/internal/noopfree/noopfree.go
 create mode 100644 vendor/github.com/DataDog/go-libddwaf/internal/noopfree/noopfree.s
 create mode 100644 vendor/github.com/DataDog/go-libddwaf/lib/darwin-amd64/_libddwaf.dylib
 create mode 100644 vendor/github.com/DataDog/go-libddwaf/lib/darwin-arm64/_libddwaf.dylib
 create mode 100644 vendor/github.com/DataDog/go-libddwaf/lib/linux-amd64/libddwaf.so
 create mode 100644 vendor/github.com/DataDog/go-libddwaf/lib/linux-arm64/libddwaf.so
 create mode 100644 vendor/github.com/DataDog/go-libddwaf/lib_dl.go
 create mode 100644 vendor/github.com/DataDog/go-libddwaf/safe.go
 create mode 100644 vendor/github.com/DataDog/go-libddwaf/symbols_linux_cgo.go
 create mode 100644 vendor/github.com/DataDog/go-libddwaf/symbols_linux_purego.go
 create mode 100644 vendor/github.com/DataDog/go-libddwaf/waf.go
 create mode 100644 vendor/github.com/DataDog/go-libddwaf/waf_dl.go
 create mode 100644 vendor/github.com/DataDog/go-libddwaf/waf_dl_unsupported.go
 create mode 100644 vendor/github.com/DataDog/go-libddwaf/waf_unsupported_go.go
 create mode 100644 vendor/github.com/DataDog/go-libddwaf/waf_unsupported_target.go
 create mode 100644 vendor/github.com/DataDog/go-tuf/LICENSE
 create mode 100644 vendor/github.com/DataDog/go-tuf/client/client.go
 create mode 100644 vendor/github.com/DataDog/go-tuf/client/delegations.go
 create mode 100644 vendor/github.com/DataDog/go-tuf/client/errors.go
 create mode 100644 vendor/github.com/DataDog/go-tuf/client/file_store.go
 create mode 100644 vendor/github.com/DataDog/go-tuf/client/local_store.go
 create mode 100644 vendor/github.com/DataDog/go-tuf/client/remote_store.go
 create mode 100644 vendor/github.com/DataDog/go-tuf/data/hex_bytes.go
 create mode 100644 vendor/github.com/DataDog/go-tuf/data/types.go
 create mode 100644 vendor/github.com/DataDog/go-tuf/internal/roles/roles.go
 create mode 100644 vendor/github.com/DataDog/go-tuf/internal/sets/strings.go
 create mode 100644 vendor/github.com/DataDog/go-tuf/pkg/keys/deprecated_ecdsa.go
 create mode 100644 vendor/github.com/DataDog/go-tuf/pkg/keys/ecdsa.go
 create mode 100644 vendor/github.com/DataDog/go-tuf/pkg/keys/ed25519.go
 create mode 100644 vendor/github.com/DataDog/go-tuf/pkg/keys/keys.go
 create mode 100644 vendor/github.com/DataDog/go-tuf/pkg/keys/pkix.go
 create mode 100644 vendor/github.com/DataDog/go-tuf/pkg/keys/rsa.go
 create mode 100644 vendor/github.com/DataDog/go-tuf/pkg/targets/delegation.go
 create mode 100644 vendor/github.com/DataDog/go-tuf/pkg/targets/hash_bins.go
 create mode 100644 vendor/github.com/DataDog/go-tuf/util/util.go
 create mode 100644 vendor/github.com/DataDog/go-tuf/verify/db.go
 create mode 100644 vendor/github.com/DataDog/go-tuf/verify/errors.go
 create mode 100644 vendor/github.com/DataDog/go-tuf/verify/verify.go
 create mode 100644 vendor/github.com/DataDog/sketches-go/LICENSE
 create mode 100644 vendor/github.com/DataDog/sketches-go/LICENSE-3rdparty.csv
 create mode 100644 vendor/github.com/DataDog/sketches-go/NOTICE
 create mode 100644 vendor/github.com/DataDog/sketches-go/ddsketch/ddsketch.go
 create mode 100644 vendor/github.com/DataDog/sketches-go/ddsketch/encoding/encoding.go
 create mode 100644 vendor/github.com/DataDog/sketches-go/ddsketch/encoding/flag.go
 create mode 100644 vendor/github.com/DataDog/sketches-go/ddsketch/mapping/bit_operation_helper.go
 create mode 100644 vendor/github.com/DataDog/sketches-go/ddsketch/mapping/cubically_interpolated_mapping.go
 create mode 100644 vendor/github.com/DataDog/sketches-go/ddsketch/mapping/index_mapping.go
 create mode 100644 vendor/github.com/DataDog/sketches-go/ddsketch/mapping/linearly_interpolated_mapping.go
 create mode 100644 vendor/github.com/DataDog/sketches-go/ddsketch/mapping/logarithmic_mapping.go
 create mode 100644 vendor/github.com/DataDog/sketches-go/ddsketch/pb/sketchpb/ddsketch.pb.go
 create mode 100644 vendor/github.com/DataDog/sketches-go/ddsketch/stat/summary.go
 create mode 100644 vendor/github.com/DataDog/sketches-go/ddsketch/store/bin.go
 create mode 100644 vendor/github.com/DataDog/sketches-go/ddsketch/store/buffered_paginated.go
 create mode 100644 vendor/github.com/DataDog/sketches-go/ddsketch/store/collapsing_highest_dense_store.go
 create mode 100644 vendor/github.com/DataDog/sketches-go/ddsketch/store/collapsing_lowest_dense_store.go
 create mode 100644 vendor/github.com/DataDog/sketches-go/ddsketch/store/dense_store.go
 create mode 100644 vendor/github.com/DataDog/sketches-go/ddsketch/store/sparse.go
 create mode 100644 vendor/github.com/DataDog/sketches-go/ddsketch/store/store.go
 create mode 100644 vendor/github.com/alibabacloud-go/tea-xml/LICENSE
 create mode 100644 vendor/github.com/aliyun/credentials-go/credentials/credential_model.go
 create mode 100644 vendor/github.com/aliyun/credentials-go/credentials/oidc_credential_provider.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go-v2/ci-find-smithy-go.sh
 create mode 100644 vendor/github.com/aws/aws-sdk-go-v2/internal/auth/scheme.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn/arn.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn/doc.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn/generate.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn/host.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn/partition.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn/partitions.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn/partitions.json
 delete mode 100644 vendor/github.com/aws/aws-sdk-go-v2/internal/ini/number_helper.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go-v2/service/internal/s3shared/arn/arn_member.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go-v2/service/internal/s3shared/s3100continue.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go-v2/service/s3/bucketer.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go-v2/service/s3/handwritten_paginators.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go-v2/service/s3/serialize_immutable_hostname_bucket.go
 create mode 100644 vendor/github.com/aws/smithy-go/endpoints/endpoint.go
 create mode 100644 vendor/github.com/aws/smithy-go/endpoints/private/rulesfn/doc.go
 create mode 100644 vendor/github.com/aws/smithy-go/endpoints/private/rulesfn/strings.go
 create mode 100644 vendor/github.com/aws/smithy-go/endpoints/private/rulesfn/uri.go
 create mode 100644 vendor/github.com/aws/smithy-go/properties.go
 create mode 100644 vendor/github.com/aws/smithy-go/transport/http/middleware_header_comment.go
 create mode 100644 vendor/github.com/buildkite/agent/v3/env/environment.go
 create mode 100644 vendor/github.com/buildkite/agent/v3/internal/ordered/map.go
 create mode 100644 vendor/github.com/buildkite/agent/v3/internal/ordered/slice.go
 create mode 100644 vendor/github.com/buildkite/agent/v3/internal/ordered/strings.go
 create mode 100644 vendor/github.com/buildkite/agent/v3/internal/ordered/tuple.go
 create mode 100644 vendor/github.com/buildkite/agent/v3/internal/ordered/unmarshal.go
 create mode 100644 vendor/github.com/buildkite/agent/v3/internal/ordered/yaml.go
 create mode 100644 vendor/github.com/buildkite/agent/v3/internal/pipeline/doc.go
 create mode 100644 vendor/github.com/buildkite/agent/v3/internal/pipeline/interpolate.go
 create mode 100644 vendor/github.com/buildkite/agent/v3/internal/pipeline/interpolate_matrix.go
 create mode 100644 vendor/github.com/buildkite/agent/v3/internal/pipeline/json.go
 create mode 100644 vendor/github.com/buildkite/agent/v3/internal/pipeline/parser.go
 create mode 100644 vendor/github.com/buildkite/agent/v3/internal/pipeline/pipeline.go
 create mode 100644 vendor/github.com/buildkite/agent/v3/internal/pipeline/pipeline_invariants.go
 create mode 100644 vendor/github.com/buildkite/agent/v3/internal/pipeline/plugin.go
 create mode 100644 vendor/github.com/buildkite/agent/v3/internal/pipeline/plugins.go
 create mode 100644 vendor/github.com/buildkite/agent/v3/internal/pipeline/sign.go
 create mode 100644 vendor/github.com/buildkite/agent/v3/internal/pipeline/step.go
 create mode 100644 vendor/github.com/buildkite/agent/v3/internal/pipeline/step_command.go
 create mode 100644 vendor/github.com/buildkite/agent/v3/internal/pipeline/step_command_matrix.go
 create mode 100644 vendor/github.com/buildkite/agent/v3/internal/pipeline/step_group.go
 create mode 100644 vendor/github.com/buildkite/agent/v3/internal/pipeline/step_input.go
 create mode 100644 vendor/github.com/buildkite/agent/v3/internal/pipeline/step_scalar.go
 create mode 100644 vendor/github.com/buildkite/agent/v3/internal/pipeline/step_trigger.go
 create mode 100644 vendor/github.com/buildkite/agent/v3/internal/pipeline/step_unknown.go
 create mode 100644 vendor/github.com/buildkite/agent/v3/internal/pipeline/step_wait.go
 create mode 100644 vendor/github.com/buildkite/agent/v3/internal/pipeline/steps.go
 create mode 100644 vendor/github.com/buildkite/agent/v3/tracetools/doc.go
 create mode 100644 vendor/github.com/buildkite/agent/v3/tracetools/propagate.go
 create mode 100644 vendor/github.com/buildkite/agent/v3/tracetools/span.go
 create mode 100644 vendor/github.com/buildkite/agent/v3/version/VERSION
 create mode 100644 vendor/github.com/buildkite/agent/v3/version/version.go
 create mode 100644 vendor/github.com/buildkite/interpolate/LICENSE.txt
 create mode 100644 vendor/github.com/buildkite/interpolate/README.md
 create mode 100644 vendor/github.com/buildkite/interpolate/env.go
 create mode 100644 vendor/github.com/buildkite/interpolate/interpolate.go
 create mode 100644 vendor/github.com/buildkite/interpolate/parser.go
 create mode 100644 vendor/github.com/cloudflare/circl/math/primes.go
 create mode 100644 vendor/github.com/decred/dcrd/dcrec/secp256k1/v4/LICENSE
 create mode 100644 vendor/github.com/decred/dcrd/dcrec/secp256k1/v4/README.md
 create mode 100644 vendor/github.com/decred/dcrd/dcrec/secp256k1/v4/compressedbytepoints.go
 create mode 100644 vendor/github.com/decred/dcrd/dcrec/secp256k1/v4/curve.go
 create mode 100644 vendor/github.com/decred/dcrd/dcrec/secp256k1/v4/doc.go
 create mode 100644 vendor/github.com/decred/dcrd/dcrec/secp256k1/v4/ecdh.go
 create mode 100644 vendor/github.com/decred/dcrd/dcrec/secp256k1/v4/ellipticadaptor.go
 create mode 100644 vendor/github.com/decred/dcrd/dcrec/secp256k1/v4/error.go
 create mode 100644 vendor/github.com/decred/dcrd/dcrec/secp256k1/v4/field.go
 create mode 100644 vendor/github.com/decred/dcrd/dcrec/secp256k1/v4/loadprecomputed.go
 create mode 100644 vendor/github.com/decred/dcrd/dcrec/secp256k1/v4/modnscalar.go
 create mode 100644 vendor/github.com/decred/dcrd/dcrec/secp256k1/v4/nonce.go
 create mode 100644 vendor/github.com/decred/dcrd/dcrec/secp256k1/v4/privkey.go
 create mode 100644 vendor/github.com/decred/dcrd/dcrec/secp256k1/v4/pubkey.go
 create mode 100644 vendor/github.com/distribution/reference/.gitattributes
 create mode 100644 vendor/github.com/distribution/reference/.gitignore
 create mode 100644 vendor/github.com/distribution/reference/.golangci.yml
 create mode 100644 vendor/github.com/distribution/reference/CODE-OF-CONDUCT.md
 create mode 100644 vendor/github.com/distribution/reference/CONTRIBUTING.md
 create mode 100644 vendor/github.com/distribution/reference/GOVERNANCE.md
 create mode 100644 vendor/github.com/distribution/reference/LICENSE
 create mode 100644 vendor/github.com/distribution/reference/MAINTAINERS
 create mode 100644 vendor/github.com/distribution/reference/Makefile
 create mode 100644 vendor/github.com/distribution/reference/README.md
 create mode 100644 vendor/github.com/distribution/reference/SECURITY.md
 create mode 100644 vendor/github.com/distribution/reference/distribution-logo.svg
 rename vendor/github.com/{docker => }/distribution/reference/helpers.go (94%)
 rename vendor/github.com/{docker => }/distribution/reference/normalize.go (52%)
 rename vendor/github.com/{docker => }/distribution/reference/reference.go (93%)
 create mode 100644 vendor/github.com/distribution/reference/regexp.go
 create mode 100644 vendor/github.com/distribution/reference/sort.go
 delete mode 100644 vendor/github.com/docker/cli/cli/command/streams.go
 delete mode 100644 vendor/github.com/docker/cli/cli/flags/options_deprecated.go
 create mode 100644 vendor/github.com/docker/cli/cli/hints/hints.go
 create mode 100644 vendor/github.com/docker/distribution/reference/helpers_deprecated.go
 create mode 100644 vendor/github.com/docker/distribution/reference/normalize_deprecated.go
 create mode 100644 vendor/github.com/docker/distribution/reference/reference_deprecated.go
 delete mode 100644 vendor/github.com/docker/distribution/reference/regexp.go
 create mode 100644 vendor/github.com/docker/distribution/reference/regexp_deprecated.go
 create mode 100644 vendor/github.com/docker/distribution/reference/sort_deprecated.go
 create mode 100644 vendor/github.com/docker/docker/api/types/container/change_response_deprecated.go
 create mode 100644 vendor/github.com/docker/docker/api/types/container/change_type.go
 create mode 100644 vendor/github.com/docker/docker/api/types/container/change_types.go
 delete mode 100644 vendor/github.com/docker/docker/api/types/container/container_changes.go
 delete mode 100644 vendor/github.com/docker/docker/api/types/container/deprecated.go
 create mode 100644 vendor/github.com/docker/docker/api/types/container/filesystem_change.go
 rename vendor/github.com/docker/docker/api/types/container/{host_config.go => hostconfig.go} (84%)
 delete mode 100644 vendor/github.com/docker/docker/api/types/deprecated.go
 create mode 100644 vendor/github.com/docker/docker/api/types/filters/errors.go
 create mode 100644 vendor/github.com/docker/docker/api/types/image/opts.go
 create mode 100644 vendor/github.com/docker/docker/api/types/registry/authconfig.go
 delete mode 100644 vendor/github.com/docker/docker/api/types/volume/deprecated.go
 delete mode 100644 vendor/github.com/docker/docker/pkg/ioutils/temp_unix.go
 delete mode 100644 vendor/github.com/docker/docker/pkg/ioutils/temp_windows.go
 create mode 100644 vendor/github.com/docker/docker/pkg/ioutils/tempdir_deprecated.go
 create mode 100644 vendor/github.com/docker/docker/registry/search.go
 create mode 100644 vendor/github.com/dustin/go-humanize/.travis.yml
 create mode 100644 vendor/github.com/dustin/go-humanize/LICENSE
 create mode 100644 vendor/github.com/dustin/go-humanize/README.markdown
 create mode 100644 vendor/github.com/dustin/go-humanize/big.go
 create mode 100644 vendor/github.com/dustin/go-humanize/bigbytes.go
 create mode 100644 vendor/github.com/dustin/go-humanize/bytes.go
 create mode 100644 vendor/github.com/dustin/go-humanize/comma.go
 create mode 100644 vendor/github.com/dustin/go-humanize/commaf.go
 create mode 100644 vendor/github.com/dustin/go-humanize/ftoa.go
 create mode 100644 vendor/github.com/dustin/go-humanize/humanize.go
 create mode 100644 vendor/github.com/dustin/go-humanize/number.go
 create mode 100644 vendor/github.com/dustin/go-humanize/ordinals.go
 create mode 100644 vendor/github.com/dustin/go-humanize/si.go
 create mode 100644 vendor/github.com/dustin/go-humanize/times.go
 create mode 100644 vendor/github.com/ebitengine/purego/.gitignore
 rename vendor/github.com/{matttproud/golang_protobuf_extensions => ebitengine/purego}/LICENSE (100%)
 create mode 100644 vendor/github.com/ebitengine/purego/README.md
 create mode 100644 vendor/github.com/ebitengine/purego/abi_amd64.h
 create mode 100644 vendor/github.com/ebitengine/purego/abi_arm64.h
 create mode 100644 vendor/github.com/ebitengine/purego/cgo.go
 create mode 100644 vendor/github.com/ebitengine/purego/dlerror.go
 create mode 100644 vendor/github.com/ebitengine/purego/dlfcn.go
 create mode 100644 vendor/github.com/ebitengine/purego/dlfcn_darwin.go
 create mode 100644 vendor/github.com/ebitengine/purego/dlfcn_freebsd.go
 create mode 100644 vendor/github.com/ebitengine/purego/dlfcn_linux.go
 create mode 100644 vendor/github.com/ebitengine/purego/dlfcn_nocgo_linux.go
 create mode 100644 vendor/github.com/ebitengine/purego/dlfcn_stubs.s
 create mode 100644 vendor/github.com/ebitengine/purego/func.go
 create mode 100644 vendor/github.com/ebitengine/purego/go_runtime.go
 create mode 100644 vendor/github.com/ebitengine/purego/internal/cgo/syscall_cgo_unix.go
 create mode 100644 vendor/github.com/ebitengine/purego/internal/fakecgo/abi_amd64.h
 create mode 100644 vendor/github.com/ebitengine/purego/internal/fakecgo/abi_arm64.h
 create mode 100644 vendor/github.com/ebitengine/purego/internal/fakecgo/asm_amd64.s
 create mode 100644 vendor/github.com/ebitengine/purego/internal/fakecgo/asm_arm64.s
 create mode 100644 vendor/github.com/ebitengine/purego/internal/fakecgo/callbacks.go
 create mode 100644 vendor/github.com/ebitengine/purego/internal/fakecgo/doc.go
 create mode 100644 vendor/github.com/ebitengine/purego/internal/fakecgo/freebsd.go
 create mode 100644 vendor/github.com/ebitengine/purego/internal/fakecgo/go_darwin_amd64.go
 create mode 100644 vendor/github.com/ebitengine/purego/internal/fakecgo/go_darwin_arm64.go
 create mode 100644 vendor/github.com/ebitengine/purego/internal/fakecgo/go_freebsd_amd64.go
 create mode 100644 vendor/github.com/ebitengine/purego/internal/fakecgo/go_freebsd_arm64.go
 create mode 100644 vendor/github.com/ebitengine/purego/internal/fakecgo/go_libinit.go
 create mode 100644 vendor/github.com/ebitengine/purego/internal/fakecgo/go_linux_amd64.go
 create mode 100644 vendor/github.com/ebitengine/purego/internal/fakecgo/go_linux_arm64.go
 create mode 100644 vendor/github.com/ebitengine/purego/internal/fakecgo/go_setenv.go
 create mode 100644 vendor/github.com/ebitengine/purego/internal/fakecgo/go_util.go
 create mode 100644 vendor/github.com/ebitengine/purego/internal/fakecgo/iscgo.go
 create mode 100644 vendor/github.com/ebitengine/purego/internal/fakecgo/libcgo.go
 create mode 100644 vendor/github.com/ebitengine/purego/internal/fakecgo/libcgo_darwin.go
 create mode 100644 vendor/github.com/ebitengine/purego/internal/fakecgo/libcgo_freebsd.go
 create mode 100644 vendor/github.com/ebitengine/purego/internal/fakecgo/libcgo_linux.go
 create mode 100644 vendor/github.com/ebitengine/purego/internal/fakecgo/setenv.go
 create mode 100644 vendor/github.com/ebitengine/purego/internal/fakecgo/symbols.go
 create mode 100644 vendor/github.com/ebitengine/purego/internal/fakecgo/symbols_darwin.go
 create mode 100644 vendor/github.com/ebitengine/purego/internal/fakecgo/symbols_freebsd.go
 create mode 100644 vendor/github.com/ebitengine/purego/internal/fakecgo/symbols_linux.go
 create mode 100644 vendor/github.com/ebitengine/purego/internal/fakecgo/trampolines_amd64.s
 create mode 100644 vendor/github.com/ebitengine/purego/internal/fakecgo/trampolines_arm64.s
 create mode 100644 vendor/github.com/ebitengine/purego/internal/fakecgo/trampolines_stubs.s
 create mode 100644 vendor/github.com/ebitengine/purego/internal/strings/strings.go
 create mode 100644 vendor/github.com/ebitengine/purego/is_ios.go
 create mode 100644 vendor/github.com/ebitengine/purego/nocgo.go
 create mode 100644 vendor/github.com/ebitengine/purego/sys_amd64.s
 create mode 100644 vendor/github.com/ebitengine/purego/sys_arm64.s
 create mode 100644 vendor/github.com/ebitengine/purego/sys_unix_arm64.s
 create mode 100644 vendor/github.com/ebitengine/purego/syscall.go
 create mode 100644 vendor/github.com/ebitengine/purego/syscall_cgo_linux.go
 create mode 100644 vendor/github.com/ebitengine/purego/syscall_sysv.go
 create mode 100644 vendor/github.com/ebitengine/purego/syscall_windows.go
 create mode 100644 vendor/github.com/ebitengine/purego/zcallback_amd64.s
 create mode 100644 vendor/github.com/ebitengine/purego/zcallback_arm64.s
 create mode 100644 vendor/github.com/fatih/color/color_windows.go
 create mode 100644 vendor/github.com/fsnotify/fsnotify/.cirrus.yml
 create mode 100644 vendor/github.com/go-logr/logr/SECURITY.md
 create mode 100644 vendor/github.com/go-playground/validator/v10/options.go
 create mode 100644 vendor/github.com/goccy/go-json/.codecov.yml
 create mode 100644 vendor/github.com/goccy/go-json/.gitignore
 create mode 100644 vendor/github.com/goccy/go-json/.golangci.yml
 create mode 100644 vendor/github.com/goccy/go-json/CHANGELOG.md
 create mode 100644 vendor/github.com/goccy/go-json/LICENSE
 create mode 100644 vendor/github.com/goccy/go-json/Makefile
 create mode 100644 vendor/github.com/goccy/go-json/README.md
 create mode 100644 vendor/github.com/goccy/go-json/color.go
 create mode 100644 vendor/github.com/goccy/go-json/decode.go
 create mode 100644 vendor/github.com/goccy/go-json/docker-compose.yml
 create mode 100644 vendor/github.com/goccy/go-json/encode.go
 create mode 100644 vendor/github.com/goccy/go-json/error.go
 create mode 100644 vendor/github.com/goccy/go-json/internal/decoder/anonymous_field.go
 create mode 100644 vendor/github.com/goccy/go-json/internal/decoder/array.go
 create mode 100644 vendor/github.com/goccy/go-json/internal/decoder/assign.go
 create mode 100644 vendor/github.com/goccy/go-json/internal/decoder/bool.go
 create mode 100644 vendor/github.com/goccy/go-json/internal/decoder/bytes.go
 create mode 100644 vendor/github.com/goccy/go-json/internal/decoder/compile.go
 create mode 100644 vendor/github.com/goccy/go-json/internal/decoder/compile_norace.go
 create mode 100644 vendor/github.com/goccy/go-json/internal/decoder/compile_race.go
 create mode 100644 vendor/github.com/goccy/go-json/internal/decoder/context.go
 create mode 100644 vendor/github.com/goccy/go-json/internal/decoder/float.go
 create mode 100644 vendor/github.com/goccy/go-json/internal/decoder/func.go
 create mode 100644 vendor/github.com/goccy/go-json/internal/decoder/int.go
 create mode 100644 vendor/github.com/goccy/go-json/internal/decoder/interface.go
 create mode 100644 vendor/github.com/goccy/go-json/internal/decoder/invalid.go
 create mode 100644 vendor/github.com/goccy/go-json/internal/decoder/map.go
 create mode 100644 vendor/github.com/goccy/go-json/internal/decoder/number.go
 create mode 100644 vendor/github.com/goccy/go-json/internal/decoder/option.go
 create mode 100644 vendor/github.com/goccy/go-json/internal/decoder/path.go
 create mode 100644 vendor/github.com/goccy/go-json/internal/decoder/ptr.go
 create mode 100644 vendor/github.com/goccy/go-json/internal/decoder/slice.go
 create mode 100644 vendor/github.com/goccy/go-json/internal/decoder/stream.go
 create mode 100644 vendor/github.com/goccy/go-json/internal/decoder/string.go
 create mode 100644 vendor/github.com/goccy/go-json/internal/decoder/struct.go
 create mode 100644 vendor/github.com/goccy/go-json/internal/decoder/type.go
 create mode 100644 vendor/github.com/goccy/go-json/internal/decoder/uint.go
 create mode 100644 vendor/github.com/goccy/go-json/internal/decoder/unmarshal_json.go
 create mode 100644 vendor/github.com/goccy/go-json/internal/decoder/unmarshal_text.go
 create mode 100644 vendor/github.com/goccy/go-json/internal/decoder/wrapped_string.go
 create mode 100644 vendor/github.com/goccy/go-json/internal/encoder/code.go
 create mode 100644 vendor/github.com/goccy/go-json/internal/encoder/compact.go
 create mode 100644 vendor/github.com/goccy/go-json/internal/encoder/compiler.go
 create mode 100644 vendor/github.com/goccy/go-json/internal/encoder/compiler_norace.go
 create mode 100644 vendor/github.com/goccy/go-json/internal/encoder/compiler_race.go
 create mode 100644 vendor/github.com/goccy/go-json/internal/encoder/context.go
 create mode 100644 vendor/github.com/goccy/go-json/internal/encoder/decode_rune.go
 create mode 100644 vendor/github.com/goccy/go-json/internal/encoder/encoder.go
 create mode 100644 vendor/github.com/goccy/go-json/internal/encoder/indent.go
 create mode 100644 vendor/github.com/goccy/go-json/internal/encoder/int.go
 create mode 100644 vendor/github.com/goccy/go-json/internal/encoder/map112.go
 create mode 100644 vendor/github.com/goccy/go-json/internal/encoder/map113.go
 create mode 100644 vendor/github.com/goccy/go-json/internal/encoder/opcode.go
 create mode 100644 vendor/github.com/goccy/go-json/internal/encoder/option.go
 create mode 100644 vendor/github.com/goccy/go-json/internal/encoder/optype.go
 create mode 100644 vendor/github.com/goccy/go-json/internal/encoder/query.go
 create mode 100644 vendor/github.com/goccy/go-json/internal/encoder/string.go
 create mode 100644 vendor/github.com/goccy/go-json/internal/encoder/string_table.go
 create mode 100644 vendor/github.com/goccy/go-json/internal/encoder/vm/debug_vm.go
 create mode 100644 vendor/github.com/goccy/go-json/internal/encoder/vm/hack.go
 create mode 100644 vendor/github.com/goccy/go-json/internal/encoder/vm/util.go
 create mode 100644 vendor/github.com/goccy/go-json/internal/encoder/vm/vm.go
 create mode 100644 vendor/github.com/goccy/go-json/internal/encoder/vm_color/debug_vm.go
 create mode 100644 vendor/github.com/goccy/go-json/internal/encoder/vm_color/hack.go
 create mode 100644 vendor/github.com/goccy/go-json/internal/encoder/vm_color/util.go
 create mode 100644 vendor/github.com/goccy/go-json/internal/encoder/vm_color/vm.go
 create mode 100644 vendor/github.com/goccy/go-json/internal/encoder/vm_color_indent/debug_vm.go
 create mode 100644 vendor/github.com/goccy/go-json/internal/encoder/vm_color_indent/util.go
 create mode 100644 vendor/github.com/goccy/go-json/internal/encoder/vm_color_indent/vm.go
 create mode 100644 vendor/github.com/goccy/go-json/internal/encoder/vm_indent/debug_vm.go
 create mode 100644 vendor/github.com/goccy/go-json/internal/encoder/vm_indent/hack.go
 create mode 100644 vendor/github.com/goccy/go-json/internal/encoder/vm_indent/util.go
 create mode 100644 vendor/github.com/goccy/go-json/internal/encoder/vm_indent/vm.go
 create mode 100644 vendor/github.com/goccy/go-json/internal/errors/error.go
 create mode 100644 vendor/github.com/goccy/go-json/internal/runtime/rtype.go
 create mode 100644 vendor/github.com/goccy/go-json/internal/runtime/struct_field.go
 create mode 100644 vendor/github.com/goccy/go-json/internal/runtime/type.go
 create mode 100644 vendor/github.com/goccy/go-json/json.go
 create mode 100644 vendor/github.com/goccy/go-json/option.go
 create mode 100644 vendor/github.com/goccy/go-json/path.go
 create mode 100644 vendor/github.com/goccy/go-json/query.go
 create mode 100644 vendor/github.com/google/certificate-transparency-go/x509/root_wasip1.go
 create mode 100644 vendor/github.com/google/certificate-transparency-go/x509/root_zos.go
 create mode 100644 vendor/github.com/google/gnostic-models/LICENSE
 create mode 100644 vendor/github.com/google/gnostic-models/compiler/README.md
 create mode 100644 vendor/github.com/google/gnostic-models/compiler/context.go
 create mode 100644 vendor/github.com/google/gnostic-models/compiler/error.go
 create mode 100644 vendor/github.com/google/gnostic-models/compiler/extensions.go
 create mode 100644 vendor/github.com/google/gnostic-models/compiler/helpers.go
 create mode 100644 vendor/github.com/google/gnostic-models/compiler/main.go
 create mode 100644 vendor/github.com/google/gnostic-models/compiler/reader.go
 create mode 100644 vendor/github.com/google/gnostic-models/extensions/README.md
 create mode 100644 vendor/github.com/google/gnostic-models/extensions/extension.pb.go
 create mode 100644 vendor/github.com/google/gnostic-models/extensions/extension.proto
 create mode 100644 vendor/github.com/google/gnostic-models/extensions/extensions.go
 create mode 100644 vendor/github.com/google/gnostic-models/jsonschema/README.md
 create mode 100644 vendor/github.com/google/gnostic-models/jsonschema/base.go
 create mode 100644 vendor/github.com/google/gnostic-models/jsonschema/display.go
 create mode 100644 vendor/github.com/google/gnostic-models/jsonschema/models.go
 create mode 100644 vendor/github.com/google/gnostic-models/jsonschema/operations.go
 create mode 100644 vendor/github.com/google/gnostic-models/jsonschema/reader.go
 create mode 100644 vendor/github.com/google/gnostic-models/jsonschema/schema.json
 create mode 100644 vendor/github.com/google/gnostic-models/jsonschema/writer.go
 create mode 100644 vendor/github.com/google/gnostic-models/openapiv2/OpenAPIv2.go
 create mode 100644 vendor/github.com/google/gnostic-models/openapiv2/OpenAPIv2.pb.go
 create mode 100644 vendor/github.com/google/gnostic-models/openapiv2/OpenAPIv2.proto
 create mode 100644 vendor/github.com/google/gnostic-models/openapiv2/README.md
 create mode 100644 vendor/github.com/google/gnostic-models/openapiv2/document.go
 create mode 100644 vendor/github.com/google/gnostic-models/openapiv2/openapi-2.0.json
 rename vendor/github.com/google/{gnostic => gnostic-models}/openapiv3/OpenAPIv3.go (99%)
 rename vendor/github.com/google/{gnostic => gnostic-models}/openapiv3/OpenAPIv3.pb.go (99%)
 rename vendor/github.com/google/{gnostic => gnostic-models}/openapiv3/OpenAPIv3.proto (99%)
 rename vendor/github.com/google/{gnostic => gnostic-models}/openapiv3/README.md (89%)
 rename vendor/github.com/google/{gnostic => gnostic-models}/openapiv3/annotations.pb.go (90%)
 rename vendor/github.com/google/{gnostic => gnostic-models}/openapiv3/annotations.proto (96%)
 rename vendor/github.com/google/{gnostic => gnostic-models}/openapiv3/document.go (96%)
 delete mode 100644 vendor/github.com/google/gnostic/openapiv3/openapi-3.0.json
 delete mode 100644 vendor/github.com/google/gnostic/openapiv3/openapi-3.1.json
 rename vendor/github.com/google/go-cmp/cmp/{export_unsafe.go => export.go} (94%)
 delete mode 100644 vendor/github.com/google/go-cmp/cmp/export_panic.go
 rename vendor/github.com/google/go-cmp/cmp/internal/value/{pointer_unsafe.go => pointer.go} (95%)
 delete mode 100644 vendor/github.com/google/go-cmp/cmp/internal/value/pointer_purego.go
 delete mode 100644 vendor/github.com/google/go-github/v50/github/event.go
 delete mode 100644 vendor/github.com/google/go-github/v50/github/orgs_audit_log.go
 rename vendor/github.com/google/go-github/{v50 => v55}/AUTHORS (89%)
 rename vendor/github.com/google/go-github/{v50 => v55}/LICENSE (100%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/actions.go (100%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/actions_artifacts.go (100%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/actions_cache.go (100%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/actions_oidc.go (100%)
 create mode 100644 vendor/github.com/google/go-github/v55/github/actions_required_workflows.go
 rename vendor/github.com/google/go-github/{v50 => v55}/github/actions_runner_groups.go (100%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/actions_runners.go (85%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/actions_secrets.go (100%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/actions_variables.go (100%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/actions_workflow_jobs.go (98%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/actions_workflow_runs.go (89%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/actions_workflows.go (100%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/activity.go (100%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/activity_events.go (100%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/activity_notifications.go (100%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/activity_star.go (100%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/activity_watching.go (100%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/admin.go (100%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/admin_orgs.go (100%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/admin_stats.go (99%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/admin_users.go (100%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/apps.go (93%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/apps_hooks.go (100%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/apps_hooks_deliveries.go (100%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/apps_installation.go (100%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/apps_manifest.go (100%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/apps_marketplace.go (100%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/authorizations.go (100%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/billing.go (95%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/checks.go (100%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/code-scanning.go (57%)
 create mode 100644 vendor/github.com/google/go-github/v55/github/codespaces.go
 create mode 100644 vendor/github.com/google/go-github/v55/github/codespaces_secrets.go
 rename vendor/github.com/google/go-github/{v50 => v55}/github/dependabot.go (100%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/dependabot_alerts.go (93%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/dependabot_secrets.go (94%)
 create mode 100644 vendor/github.com/google/go-github/v55/github/dependency_graph.go
 rename vendor/github.com/google/go-github/{v50 => v55}/github/doc.go (87%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/enterprise.go (100%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/enterprise_actions_runners.go (100%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/enterprise_audit_log.go (100%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/enterprise_code_security_and_analysis.go (100%)
 create mode 100644 vendor/github.com/google/go-github/v55/github/event.go
 rename vendor/github.com/google/go-github/{v50 => v55}/github/event_types.go (83%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/gists.go (100%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/gists_comments.go (100%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/git.go (100%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/git_blobs.go (100%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/git_commits.go (100%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/git_refs.go (100%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/git_tags.go (100%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/git_trees.go (100%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/github-accessors.go (88%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/github.go (88%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/gitignore.go (100%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/interactions.go (100%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/interactions_orgs.go (100%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/interactions_repos.go (100%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/issue_import.go (97%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/issues.go (100%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/issues_assignees.go (100%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/issues_comments.go (100%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/issues_events.go (100%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/issues_labels.go (100%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/issues_milestones.go (100%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/issues_timeline.go (100%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/licenses.go (100%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/messages.go (59%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/migrations.go (100%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/migrations_source_import.go (100%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/migrations_user.go (100%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/misc.go (100%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/orgs.go (95%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/orgs_actions_allowed.go (100%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/orgs_actions_permissions.go (100%)
 create mode 100644 vendor/github.com/google/go-github/v55/github/orgs_audit_log.go
 create mode 100644 vendor/github.com/google/go-github/v55/github/orgs_credential_authorizations.go
 rename vendor/github.com/google/go-github/{v50 => v55}/github/orgs_custom_roles.go (100%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/orgs_hooks.go (100%)
 create mode 100644 vendor/github.com/google/go-github/v55/github/orgs_hooks_configuration.go
 rename vendor/github.com/google/go-github/{v50 => v55}/github/orgs_hooks_deliveries.go (100%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/orgs_members.go (99%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/orgs_outside_collaborators.go (100%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/orgs_packages.go (100%)
 create mode 100644 vendor/github.com/google/go-github/v55/github/orgs_personal_access_tokens.go
 rename vendor/github.com/google/go-github/{v50 => v55}/github/orgs_projects.go (100%)
 create mode 100644 vendor/github.com/google/go-github/v55/github/orgs_rules.go
 rename vendor/github.com/google/go-github/{v50 => v55}/github/orgs_security_managers.go (100%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/orgs_users_blocking.go (100%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/packages.go (100%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/projects.go (100%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/pulls.go (99%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/pulls_comments.go (97%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/pulls_reviewers.go (100%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/pulls_reviews.go (100%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/pulls_threads.go (100%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/reactions.go (100%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/repos.go (96%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/repos_actions_access.go (100%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/repos_actions_allowed.go (100%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/repos_actions_permissions.go (100%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/repos_autolinks.go (100%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/repos_codeowners.go (100%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/repos_collaborators.go (100%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/repos_comments.go (100%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/repos_commits.go (100%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/repos_community_health.go (100%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/repos_contents.go (94%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/repos_deployment_branch_policies.go (100%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/repos_deployments.go (100%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/repos_environments.go (96%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/repos_forks.go (100%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/repos_hooks.go (100%)
 create mode 100644 vendor/github.com/google/go-github/v55/github/repos_hooks_configuration.go
 rename vendor/github.com/google/go-github/{v50 => v55}/github/repos_hooks_deliveries.go (97%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/repos_invitations.go (100%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/repos_keys.go (100%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/repos_lfs.go (100%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/repos_merging.go (100%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/repos_pages.go (68%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/repos_prereceive_hooks.go (100%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/repos_projects.go (100%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/repos_releases.go (100%)
 create mode 100644 vendor/github.com/google/go-github/v55/github/repos_rules.go
 rename vendor/github.com/google/go-github/{v50 => v55}/github/repos_stats.go (100%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/repos_statuses.go (100%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/repos_tags.go (100%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/repos_traffic.go (100%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/scim.go (100%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/search.go (100%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/secret_scanning.go (91%)
 create mode 100644 vendor/github.com/google/go-github/v55/github/security_advisories.go
 rename vendor/github.com/google/go-github/{v50 => v55}/github/strings.go (100%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/teams.go (100%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/teams_discussion_comments.go (100%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/teams_discussions.go (100%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/teams_members.go (100%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/timestamp.go (90%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/users.go (98%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/users_administration.go (100%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/users_blocking.go (100%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/users_emails.go (73%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/users_followers.go (100%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/users_gpg_keys.go (100%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/users_keys.go (96%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/users_packages.go (100%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/users_projects.go (100%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/users_ssh_signing_keys.go (100%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/with_appengine.go (100%)
 rename vendor/github.com/google/go-github/{v50 => v55}/github/without_appengine.go (100%)
 create mode 100644 vendor/github.com/google/s2a-go/retry/retry.go
 create mode 100644 vendor/github.com/google/s2a-go/testdata/mds_client_cert.pem
 create mode 100644 vendor/github.com/google/s2a-go/testdata/mds_client_key.pem
 create mode 100644 vendor/github.com/google/s2a-go/testdata/mds_root_cert.pem
 create mode 100644 vendor/github.com/google/s2a-go/testdata/mds_server_cert.pem
 create mode 100644 vendor/github.com/google/s2a-go/testdata/mds_server_key.pem
 create mode 100644 vendor/github.com/google/s2a-go/testdata/self_signed_cert.pem
 create mode 100644 vendor/github.com/google/s2a-go/testdata/self_signed_key.pem
 delete mode 100644 vendor/github.com/google/uuid/.travis.yml
 create mode 100644 vendor/github.com/google/uuid/CHANGELOG.md
 create mode 100644 vendor/github.com/gowebpki/jcs/.gitignore
 create mode 100644 vendor/github.com/gowebpki/jcs/LICENSE
 create mode 100644 vendor/github.com/gowebpki/jcs/README.md
 create mode 100644 vendor/github.com/gowebpki/jcs/es6numfmt.go
 create mode 100644 vendor/github.com/gowebpki/jcs/jcs.go
 create mode 100644 vendor/github.com/hashicorp/go-retryablehttp/CHANGELOG.md
 create mode 100644 vendor/github.com/hashicorp/go-retryablehttp/CODEOWNERS
 create mode 100644 vendor/github.com/klauspost/compress/SECURITY.md
 create mode 100644 vendor/github.com/klauspost/compress/flate/matchlen_amd64.go
 create mode 100644 vendor/github.com/klauspost/compress/flate/matchlen_amd64.s
 create mode 100644 vendor/github.com/klauspost/compress/flate/matchlen_generic.go
 create mode 100644 vendor/github.com/klauspost/compress/zstd/matchlen_amd64.go
 create mode 100644 vendor/github.com/klauspost/compress/zstd/matchlen_amd64.s
 create mode 100644 vendor/github.com/klauspost/compress/zstd/matchlen_generic.go
 create mode 100644 vendor/github.com/lestrrat-go/blackmagic/.gitignore
 create mode 100644 vendor/github.com/lestrrat-go/blackmagic/LICENSE
 create mode 100644 vendor/github.com/lestrrat-go/blackmagic/README.md
 create mode 100644 vendor/github.com/lestrrat-go/blackmagic/blackmagic.go
 create mode 100644 vendor/github.com/lestrrat-go/httpcc/.gitignore
 create mode 100644 vendor/github.com/lestrrat-go/httpcc/LICENSE
 create mode 100644 vendor/github.com/lestrrat-go/httpcc/README.md
 create mode 100644 vendor/github.com/lestrrat-go/httpcc/directives.go
 create mode 100644 vendor/github.com/lestrrat-go/httpcc/httpcc.go
 create mode 100644 vendor/github.com/lestrrat-go/httprc/.gitignore
 create mode 100644 vendor/github.com/lestrrat-go/httprc/.golangci.yml
 create mode 100644 vendor/github.com/lestrrat-go/httprc/Changes
 create mode 100644 vendor/github.com/lestrrat-go/httprc/LICENSE
 create mode 100644 vendor/github.com/lestrrat-go/httprc/README.md
 create mode 100644 vendor/github.com/lestrrat-go/httprc/cache.go
 create mode 100644 vendor/github.com/lestrrat-go/httprc/fetcher.go
 create mode 100644 vendor/github.com/lestrrat-go/httprc/httprc.go
 create mode 100644 vendor/github.com/lestrrat-go/httprc/options.yaml
 create mode 100644 vendor/github.com/lestrrat-go/httprc/options_gen.go
 create mode 100644 vendor/github.com/lestrrat-go/httprc/queue.go
 create mode 100644 vendor/github.com/lestrrat-go/httprc/whitelist.go
 create mode 100644 vendor/github.com/lestrrat-go/iter/LICENSE
 create mode 100644 vendor/github.com/lestrrat-go/iter/arrayiter/arrayiter.go
 create mode 100644 vendor/github.com/lestrrat-go/iter/mapiter/mapiter.go
 rename vendor/github.com/{spf13/jwalterweatherman => lestrrat-go/jwx/v2}/LICENSE (96%)
 create mode 100644 vendor/github.com/lestrrat-go/jwx/v2/cert/BUILD.bazel
 create mode 100644 vendor/github.com/lestrrat-go/jwx/v2/cert/cert.go
 create mode 100644 vendor/github.com/lestrrat-go/jwx/v2/cert/chain.go
 create mode 100644 vendor/github.com/lestrrat-go/jwx/v2/internal/base64/BUILD.bazel
 create mode 100644 vendor/github.com/lestrrat-go/jwx/v2/internal/base64/asmbase64.go
 create mode 100644 vendor/github.com/lestrrat-go/jwx/v2/internal/base64/base64.go
 create mode 100644 vendor/github.com/lestrrat-go/jwx/v2/internal/ecutil/BUILD.bazel
 create mode 100644 vendor/github.com/lestrrat-go/jwx/v2/internal/ecutil/ecutil.go
 create mode 100644 vendor/github.com/lestrrat-go/jwx/v2/internal/iter/BUILD.bazel
 create mode 100644 vendor/github.com/lestrrat-go/jwx/v2/internal/iter/mapiter.go
 create mode 100644 vendor/github.com/lestrrat-go/jwx/v2/internal/json/BUILD.bazel
 create mode 100644 vendor/github.com/lestrrat-go/jwx/v2/internal/json/goccy.go
 create mode 100644 vendor/github.com/lestrrat-go/jwx/v2/internal/json/json.go
 create mode 100644 vendor/github.com/lestrrat-go/jwx/v2/internal/json/registry.go
 create mode 100644 vendor/github.com/lestrrat-go/jwx/v2/internal/json/stdlib.go
 create mode 100644 vendor/github.com/lestrrat-go/jwx/v2/internal/keyconv/BUILD.bazel
 create mode 100644 vendor/github.com/lestrrat-go/jwx/v2/internal/keyconv/keyconv.go
 create mode 100644 vendor/github.com/lestrrat-go/jwx/v2/internal/pool/BUILD.bazel
 create mode 100644 vendor/github.com/lestrrat-go/jwx/v2/internal/pool/pool.go
 create mode 100644 vendor/github.com/lestrrat-go/jwx/v2/jwa/BUILD.bazel
 create mode 100644 vendor/github.com/lestrrat-go/jwx/v2/jwa/README.md
 create mode 100644 vendor/github.com/lestrrat-go/jwx/v2/jwa/compression_gen.go
 create mode 100644 vendor/github.com/lestrrat-go/jwx/v2/jwa/content_encryption_gen.go
 create mode 100644 vendor/github.com/lestrrat-go/jwx/v2/jwa/elliptic_gen.go
 create mode 100644 vendor/github.com/lestrrat-go/jwx/v2/jwa/jwa.go
 create mode 100644 vendor/github.com/lestrrat-go/jwx/v2/jwa/key_encryption_gen.go
 create mode 100644 vendor/github.com/lestrrat-go/jwx/v2/jwa/key_type_gen.go
 create mode 100644 vendor/github.com/lestrrat-go/jwx/v2/jwa/secp2561k.go
 create mode 100644 vendor/github.com/lestrrat-go/jwx/v2/jwa/signature_gen.go
 create mode 100644 vendor/github.com/lestrrat-go/jwx/v2/jwk/BUILD.bazel
 create mode 100644 vendor/github.com/lestrrat-go/jwx/v2/jwk/README.md
 create mode 100644 vendor/github.com/lestrrat-go/jwx/v2/jwk/cache.go
 create mode 100644 vendor/github.com/lestrrat-go/jwx/v2/jwk/ecdsa.go
 create mode 100644 vendor/github.com/lestrrat-go/jwx/v2/jwk/ecdsa_gen.go
 create mode 100644 vendor/github.com/lestrrat-go/jwx/v2/jwk/es256k.go
 create mode 100644 vendor/github.com/lestrrat-go/jwx/v2/jwk/fetch.go
 create mode 100644 vendor/github.com/lestrrat-go/jwx/v2/jwk/interface.go
 create mode 100644 vendor/github.com/lestrrat-go/jwx/v2/jwk/interface_gen.go
 create mode 100644 vendor/github.com/lestrrat-go/jwx/v2/jwk/io.go
 create mode 100644 vendor/github.com/lestrrat-go/jwx/v2/jwk/jwk.go
 create mode 100644 vendor/github.com/lestrrat-go/jwx/v2/jwk/key_ops.go
 create mode 100644 vendor/github.com/lestrrat-go/jwx/v2/jwk/okp.go
 create mode 100644 vendor/github.com/lestrrat-go/jwx/v2/jwk/okp_gen.go
 create mode 100644 vendor/github.com/lestrrat-go/jwx/v2/jwk/options.go
 create mode 100644 vendor/github.com/lestrrat-go/jwx/v2/jwk/options.yaml
 create mode 100644 vendor/github.com/lestrrat-go/jwx/v2/jwk/options_gen.go
 create mode 100644 vendor/github.com/lestrrat-go/jwx/v2/jwk/rsa.go
 create mode 100644 vendor/github.com/lestrrat-go/jwx/v2/jwk/rsa_gen.go
 create mode 100644 vendor/github.com/lestrrat-go/jwx/v2/jwk/set.go
 create mode 100644 vendor/github.com/lestrrat-go/jwx/v2/jwk/symmetric.go
 create mode 100644 vendor/github.com/lestrrat-go/jwx/v2/jwk/symmetric_gen.go
 create mode 100644 vendor/github.com/lestrrat-go/jwx/v2/jwk/usage.go
 create mode 100644 vendor/github.com/lestrrat-go/jwx/v2/jwk/whitelist.go
 create mode 100644 vendor/github.com/lestrrat-go/jwx/v2/jws/BUILD.bazel
 create mode 100644 vendor/github.com/lestrrat-go/jwx/v2/jws/README.md
 create mode 100644 vendor/github.com/lestrrat-go/jwx/v2/jws/ecdsa.go
 create mode 100644 vendor/github.com/lestrrat-go/jwx/v2/jws/eddsa.go
 create mode 100644 vendor/github.com/lestrrat-go/jwx/v2/jws/es256k.go
 create mode 100644 vendor/github.com/lestrrat-go/jwx/v2/jws/headers.go
 create mode 100644 vendor/github.com/lestrrat-go/jwx/v2/jws/headers_gen.go
 create mode 100644 vendor/github.com/lestrrat-go/jwx/v2/jws/hmac.go
 create mode 100644 vendor/github.com/lestrrat-go/jwx/v2/jws/interface.go
 create mode 100644 vendor/github.com/lestrrat-go/jwx/v2/jws/io.go
 create mode 100644 vendor/github.com/lestrrat-go/jwx/v2/jws/jws.go
 create mode 100644 vendor/github.com/lestrrat-go/jwx/v2/jws/key_provider.go
 create mode 100644 vendor/github.com/lestrrat-go/jwx/v2/jws/message.go
 create mode 100644 vendor/github.com/lestrrat-go/jwx/v2/jws/options.go
 create mode 100644 vendor/github.com/lestrrat-go/jwx/v2/jws/options.yaml
 create mode 100644 vendor/github.com/lestrrat-go/jwx/v2/jws/options_gen.go
 create mode 100644 vendor/github.com/lestrrat-go/jwx/v2/jws/rsa.go
 create mode 100644 vendor/github.com/lestrrat-go/jwx/v2/jws/signer.go
 create mode 100644 vendor/github.com/lestrrat-go/jwx/v2/jws/verifier.go
 create mode 100644 vendor/github.com/lestrrat-go/jwx/v2/x25519/BUILD.bazel
 create mode 100644 vendor/github.com/lestrrat-go/jwx/v2/x25519/x25519.go
 create mode 100644 vendor/github.com/lestrrat-go/option/.gitignore
 create mode 100644 vendor/github.com/lestrrat-go/option/LICENSE
 create mode 100644 vendor/github.com/lestrrat-go/option/README.md
 create mode 100644 vendor/github.com/lestrrat-go/option/option.go
 delete mode 100644 vendor/github.com/letsencrypt/boulder/core/proto/core.pb.go
 delete mode 100644 vendor/github.com/letsencrypt/boulder/core/proto/core.proto
 delete mode 100644 vendor/github.com/letsencrypt/boulder/errors/errors.go
 delete mode 100644 vendor/github.com/letsencrypt/boulder/features/featureflag_string.go
 delete mode 100644 vendor/github.com/letsencrypt/boulder/features/features.go
 delete mode 100644 vendor/github.com/letsencrypt/boulder/sa/proto/sa.pb.go
 delete mode 100644 vendor/github.com/letsencrypt/boulder/sa/proto/sa.proto
 delete mode 100644 vendor/github.com/letsencrypt/boulder/sa/proto/sa_grpc.pb.go
 delete mode 100644 vendor/github.com/letsencrypt/boulder/sa/proto/subsets.go
 create mode 100644 vendor/github.com/letsencrypt/boulder/strictyaml/yaml.go
 create mode 100644 vendor/github.com/matttproud/golang_protobuf_extensions/v2/LICENSE
 rename vendor/github.com/matttproud/golang_protobuf_extensions/{ => v2}/NOTICE (100%)
 rename vendor/github.com/matttproud/golang_protobuf_extensions/{ => v2}/pbutil/.gitignore (100%)
 rename vendor/github.com/matttproud/golang_protobuf_extensions/{ => v2}/pbutil/Makefile (100%)
 rename vendor/github.com/matttproud/golang_protobuf_extensions/{ => v2}/pbutil/decode.go (83%)
 rename vendor/github.com/matttproud/golang_protobuf_extensions/{ => v2}/pbutil/doc.go (100%)
 rename vendor/github.com/matttproud/golang_protobuf_extensions/{ => v2}/pbutil/encode.go (91%)
 rename vendor/github.com/{spf13/jwalterweatherman => oleiade/reflections}/.gitignore (94%)
 create mode 100644 vendor/github.com/oleiade/reflections/AUTHORS.md
 create mode 100644 vendor/github.com/oleiade/reflections/LICENSE
 create mode 100644 vendor/github.com/oleiade/reflections/README.md
 create mode 100644 vendor/github.com/oleiade/reflections/reflections.go
 rename vendor/github.com/{docker/distribution => opencontainers/go-digest}/digestset/set.go (91%)
 create mode 100644 vendor/github.com/outcaste-io/ristretto/.deepsource.toml
 create mode 100644 vendor/github.com/outcaste-io/ristretto/.mailmap
 create mode 100644 vendor/github.com/outcaste-io/ristretto/CHANGELOG.md
 create mode 100644 vendor/github.com/outcaste-io/ristretto/LICENSE
 create mode 100644 vendor/github.com/outcaste-io/ristretto/README.md
 create mode 100644 vendor/github.com/outcaste-io/ristretto/cache.go
 create mode 100644 vendor/github.com/outcaste-io/ristretto/metrics.go
 create mode 100644 vendor/github.com/outcaste-io/ristretto/policy.go
 create mode 100644 vendor/github.com/outcaste-io/ristretto/ring.go
 create mode 100644 vendor/github.com/outcaste-io/ristretto/sketch.go
 create mode 100644 vendor/github.com/outcaste-io/ristretto/store.go
 create mode 100644 vendor/github.com/outcaste-io/ristretto/test.sh
 create mode 100644 vendor/github.com/outcaste-io/ristretto/ttl.go
 create mode 100644 vendor/github.com/outcaste-io/ristretto/z/LICENSE
 create mode 100644 vendor/github.com/outcaste-io/ristretto/z/README.md
 create mode 100644 vendor/github.com/outcaste-io/ristretto/z/allocator.go
 create mode 100644 vendor/github.com/outcaste-io/ristretto/z/bbloom.go
 create mode 100644 vendor/github.com/outcaste-io/ristretto/z/btree.go
 create mode 100644 vendor/github.com/outcaste-io/ristretto/z/buffer.go
 create mode 100644 vendor/github.com/outcaste-io/ristretto/z/calloc.go
 create mode 100644 vendor/github.com/outcaste-io/ristretto/z/calloc_32bit.go
 create mode 100644 vendor/github.com/outcaste-io/ristretto/z/calloc_64bit.go
 create mode 100644 vendor/github.com/outcaste-io/ristretto/z/calloc_jemalloc.go
 create mode 100644 vendor/github.com/outcaste-io/ristretto/z/calloc_nojemalloc.go
 create mode 100644 vendor/github.com/outcaste-io/ristretto/z/file.go
 create mode 100644 vendor/github.com/outcaste-io/ristretto/z/file_default.go
 create mode 100644 vendor/github.com/outcaste-io/ristretto/z/file_linux.go
 create mode 100644 vendor/github.com/outcaste-io/ristretto/z/flags.go
 create mode 100644 vendor/github.com/outcaste-io/ristretto/z/histogram.go
 create mode 100644 vendor/github.com/outcaste-io/ristretto/z/mmap.go
 create mode 100644 vendor/github.com/outcaste-io/ristretto/z/mmap_darwin.go
 create mode 100644 vendor/github.com/outcaste-io/ristretto/z/mmap_linux.go
 create mode 100644 vendor/github.com/outcaste-io/ristretto/z/mmap_plan9.go
 create mode 100644 vendor/github.com/outcaste-io/ristretto/z/mmap_unix.go
 create mode 100644 vendor/github.com/outcaste-io/ristretto/z/mmap_wasip1.go
 create mode 100644 vendor/github.com/outcaste-io/ristretto/z/mmap_windows.go
 create mode 100644 vendor/github.com/outcaste-io/ristretto/z/rtutil.go
 create mode 100644 vendor/github.com/outcaste-io/ristretto/z/rtutil.s
 create mode 100644 vendor/github.com/outcaste-io/ristretto/z/simd/baseline.go
 create mode 100644 vendor/github.com/outcaste-io/ristretto/z/simd/search.go
 create mode 100644 vendor/github.com/outcaste-io/ristretto/z/simd/search_amd64.s
 create mode 100644 vendor/github.com/outcaste-io/ristretto/z/simd/stub_search_amd64.go
 create mode 100644 vendor/github.com/outcaste-io/ristretto/z/z.go
 create mode 100644 vendor/github.com/philhofer/fwd/LICENSE.md
 create mode 100644 vendor/github.com/philhofer/fwd/README.md
 create mode 100644 vendor/github.com/philhofer/fwd/reader.go
 create mode 100644 vendor/github.com/philhofer/fwd/writer.go
 create mode 100644 vendor/github.com/philhofer/fwd/writer_appengine.go
 create mode 100644 vendor/github.com/philhofer/fwd/writer_tinygo.go
 create mode 100644 vendor/github.com/philhofer/fwd/writer_unsafe.go
 create mode 100644 vendor/github.com/prometheus/procfs/fs_statfs_notype.go
 create mode 100644 vendor/github.com/prometheus/procfs/fs_statfs_type.go
 create mode 100644 vendor/github.com/prometheus/procfs/net_route.go
 create mode 100644 vendor/github.com/prometheus/procfs/net_wireless.go
 create mode 100644 vendor/github.com/puzpuzpuz/xsync/v2/.gitignore
 create mode 100644 vendor/github.com/puzpuzpuz/xsync/v2/BENCHMARKS.md
 create mode 100644 vendor/github.com/puzpuzpuz/xsync/v2/LICENSE
 create mode 100644 vendor/github.com/puzpuzpuz/xsync/v2/README.md
 create mode 100644 vendor/github.com/puzpuzpuz/xsync/v2/counter.go
 create mode 100644 vendor/github.com/puzpuzpuz/xsync/v2/map.go
 create mode 100644 vendor/github.com/puzpuzpuz/xsync/v2/mapof.go
 create mode 100644 vendor/github.com/puzpuzpuz/xsync/v2/mpmcqueue.go
 create mode 100644 vendor/github.com/puzpuzpuz/xsync/v2/mpmcqueueof.go
 create mode 100644 vendor/github.com/puzpuzpuz/xsync/v2/rbmutex.go
 create mode 100644 vendor/github.com/puzpuzpuz/xsync/v2/util.go
 create mode 100644 vendor/github.com/puzpuzpuz/xsync/v2/util_mapof.go
 create mode 100644 vendor/github.com/sagikazarmark/locafero/.editorconfig
 create mode 100644 vendor/github.com/sagikazarmark/locafero/.envrc
 create mode 100644 vendor/github.com/sagikazarmark/locafero/.gitignore
 create mode 100644 vendor/github.com/sagikazarmark/locafero/.golangci.yaml
 create mode 100644 vendor/github.com/sagikazarmark/locafero/LICENSE
 create mode 100644 vendor/github.com/sagikazarmark/locafero/README.md
 create mode 100644 vendor/github.com/sagikazarmark/locafero/file_type.go
 create mode 100644 vendor/github.com/sagikazarmark/locafero/finder.go
 create mode 100644 vendor/github.com/sagikazarmark/locafero/flake.lock
 create mode 100644 vendor/github.com/sagikazarmark/locafero/flake.nix
 create mode 100644 vendor/github.com/sagikazarmark/locafero/helpers.go
 create mode 100644 vendor/github.com/sagikazarmark/locafero/justfile
 create mode 100644 vendor/github.com/sagikazarmark/slog-shim/.editorconfig
 create mode 100644 vendor/github.com/sagikazarmark/slog-shim/.envrc
 create mode 100644 vendor/github.com/sagikazarmark/slog-shim/.gitignore
 create mode 100644 vendor/github.com/sagikazarmark/slog-shim/LICENSE
 create mode 100644 vendor/github.com/sagikazarmark/slog-shim/README.md
 create mode 100644 vendor/github.com/sagikazarmark/slog-shim/attr.go
 create mode 100644 vendor/github.com/sagikazarmark/slog-shim/attr_120.go
 create mode 100644 vendor/github.com/sagikazarmark/slog-shim/flake.lock
 create mode 100644 vendor/github.com/sagikazarmark/slog-shim/flake.nix
 create mode 100644 vendor/github.com/sagikazarmark/slog-shim/handler.go
 create mode 100644 vendor/github.com/sagikazarmark/slog-shim/handler_120.go
 create mode 100644 vendor/github.com/sagikazarmark/slog-shim/json_handler.go
 create mode 100644 vendor/github.com/sagikazarmark/slog-shim/json_handler_120.go
 create mode 100644 vendor/github.com/sagikazarmark/slog-shim/level.go
 create mode 100644 vendor/github.com/sagikazarmark/slog-shim/level_120.go
 create mode 100644 vendor/github.com/sagikazarmark/slog-shim/logger.go
 create mode 100644 vendor/github.com/sagikazarmark/slog-shim/logger_120.go
 create mode 100644 vendor/github.com/sagikazarmark/slog-shim/record.go
 create mode 100644 vendor/github.com/sagikazarmark/slog-shim/record_120.go
 create mode 100644 vendor/github.com/sagikazarmark/slog-shim/text_handler.go
 create mode 100644 vendor/github.com/sagikazarmark/slog-shim/text_handler_120.go
 create mode 100644 vendor/github.com/sagikazarmark/slog-shim/value.go
 create mode 100644 vendor/github.com/sagikazarmark/slog-shim/value_120.go
 rename vendor/github.com/{theupdateframework/go-tuf => secure-systems-lab/go-securesystemslib}/encrypted/encrypted.go (64%)
 create mode 100644 vendor/github.com/segmentio/asm/LICENSE
 create mode 100644 vendor/github.com/segmentio/asm/base64/base64.go
 create mode 100644 vendor/github.com/segmentio/asm/base64/base64_amd64.go
 create mode 100644 vendor/github.com/segmentio/asm/base64/base64_arm64.go
 create mode 100644 vendor/github.com/segmentio/asm/base64/base64_asm.go
 create mode 100644 vendor/github.com/segmentio/asm/base64/base64_default.go
 create mode 100644 vendor/github.com/segmentio/asm/base64/decode_amd64.go
 create mode 100644 vendor/github.com/segmentio/asm/base64/decode_amd64.s
 create mode 100644 vendor/github.com/segmentio/asm/base64/decode_arm64.go
 create mode 100644 vendor/github.com/segmentio/asm/base64/decode_arm64.s
 create mode 100644 vendor/github.com/segmentio/asm/base64/encode_amd64.go
 create mode 100644 vendor/github.com/segmentio/asm/base64/encode_amd64.s
 create mode 100644 vendor/github.com/segmentio/asm/base64/encode_arm64.go
 create mode 100644 vendor/github.com/segmentio/asm/base64/encode_arm64.s
 create mode 100644 vendor/github.com/segmentio/asm/cpu/arm/arm.go
 create mode 100644 vendor/github.com/segmentio/asm/cpu/arm64/arm64.go
 create mode 100644 vendor/github.com/segmentio/asm/cpu/cpu.go
 create mode 100644 vendor/github.com/segmentio/asm/cpu/cpuid/cpuid.go
 create mode 100644 vendor/github.com/segmentio/asm/cpu/x86/x86.go
 create mode 100644 vendor/github.com/segmentio/asm/internal/unsafebytes/unsafebytes.go
 rename vendor/github.com/sigstore/cosign/v2/{internal/pkg/now/now.go => cmd/cosign/cli/options/deprecate.go} (55%)
 create mode 100644 vendor/github.com/sigstore/rekor/pkg/pki/identity/identity.go
 create mode 100644 vendor/github.com/sigstore/sigstore/pkg/tuf/repository/targets/ctfe_2022.pub
 create mode 100644 vendor/github.com/sigstore/sigstore/pkg/tuf/repository/targets/fulcio_intermediate_v1.crt.pem
 delete mode 100644 vendor/github.com/sigstore/sigstore/pkg/tuf/repository/targets/rekor.0.pub
 delete mode 100644 vendor/github.com/sigstore/sigstore/pkg/tuf/repository/targets/rekor.json
 create mode 100644 vendor/github.com/sigstore/sigstore/pkg/tuf/repository/targets/trusted_root.json
 create mode 100644 vendor/github.com/sourcegraph/conc/.golangci.yml
 create mode 100644 vendor/github.com/sourcegraph/conc/LICENSE
 create mode 100644 vendor/github.com/sourcegraph/conc/README.md
 create mode 100644 vendor/github.com/sourcegraph/conc/internal/multierror/multierror_go119.go
 create mode 100644 vendor/github.com/sourcegraph/conc/internal/multierror/multierror_go120.go
 create mode 100644 vendor/github.com/sourcegraph/conc/iter/iter.go
 create mode 100644 vendor/github.com/sourcegraph/conc/iter/map.go
 create mode 100644 vendor/github.com/sourcegraph/conc/panics/panics.go
 create mode 100644 vendor/github.com/sourcegraph/conc/panics/try.go
 create mode 100644 vendor/github.com/sourcegraph/conc/waitgroup.go
 delete mode 100644 vendor/github.com/spf13/cobra/active_help.md
 delete mode 100644 vendor/github.com/spf13/cobra/bash_completions.md
 delete mode 100644 vendor/github.com/spf13/cobra/fish_completions.md
 delete mode 100644 vendor/github.com/spf13/cobra/powershell_completions.md
 delete mode 100644 vendor/github.com/spf13/cobra/projects_using_cobra.md
 delete mode 100644 vendor/github.com/spf13/cobra/shell_completions.md
 delete mode 100644 vendor/github.com/spf13/cobra/user_guide.md
 delete mode 100644 vendor/github.com/spf13/cobra/zsh_completions.md
 delete mode 100644 vendor/github.com/spf13/jwalterweatherman/README.md
 delete mode 100644 vendor/github.com/spf13/jwalterweatherman/default_notepad.go
 delete mode 100644 vendor/github.com/spf13/jwalterweatherman/log_counter.go
 delete mode 100644 vendor/github.com/spf13/jwalterweatherman/notepad.go
 create mode 100644 vendor/github.com/spf13/viper/.envrc
 create mode 100644 vendor/github.com/spf13/viper/.yamlignore
 create mode 100644 vendor/github.com/spf13/viper/.yamllint.yaml
 delete mode 100644 vendor/github.com/spf13/viper/experimental_logger.go
 create mode 100644 vendor/github.com/spf13/viper/flake.lock
 create mode 100644 vendor/github.com/spf13/viper/flake.nix
 delete mode 100644 vendor/github.com/spf13/viper/fs.go
 delete mode 100644 vendor/github.com/theupdateframework/go-tuf/pkg/deprecated/set_ecdsa/set_ecdsa.go
 create mode 100644 vendor/github.com/tinylib/msgp/LICENSE
 create mode 100644 vendor/github.com/tinylib/msgp/msgp/advise_linux.go
 create mode 100644 vendor/github.com/tinylib/msgp/msgp/advise_other.go
 create mode 100644 vendor/github.com/tinylib/msgp/msgp/circular.go
 create mode 100644 vendor/github.com/tinylib/msgp/msgp/defs.go
 create mode 100644 vendor/github.com/tinylib/msgp/msgp/edit.go
 create mode 100644 vendor/github.com/tinylib/msgp/msgp/elsize.go
 create mode 100644 vendor/github.com/tinylib/msgp/msgp/elsize_default.go
 create mode 100644 vendor/github.com/tinylib/msgp/msgp/elsize_tinygo.go
 create mode 100644 vendor/github.com/tinylib/msgp/msgp/errors.go
 create mode 100644 vendor/github.com/tinylib/msgp/msgp/errors_default.go
 create mode 100644 vendor/github.com/tinylib/msgp/msgp/errors_tinygo.go
 create mode 100644 vendor/github.com/tinylib/msgp/msgp/extension.go
 create mode 100644 vendor/github.com/tinylib/msgp/msgp/file.go
 create mode 100644 vendor/github.com/tinylib/msgp/msgp/file_port.go
 create mode 100644 vendor/github.com/tinylib/msgp/msgp/integers.go
 create mode 100644 vendor/github.com/tinylib/msgp/msgp/json.go
 create mode 100644 vendor/github.com/tinylib/msgp/msgp/json_bytes.go
 create mode 100644 vendor/github.com/tinylib/msgp/msgp/number.go
 create mode 100644 vendor/github.com/tinylib/msgp/msgp/purego.go
 create mode 100644 vendor/github.com/tinylib/msgp/msgp/read.go
 create mode 100644 vendor/github.com/tinylib/msgp/msgp/read_bytes.go
 create mode 100644 vendor/github.com/tinylib/msgp/msgp/size.go
 create mode 100644 vendor/github.com/tinylib/msgp/msgp/unsafe.go
 create mode 100644 vendor/github.com/tinylib/msgp/msgp/write.go
 create mode 100644 vendor/github.com/tinylib/msgp/msgp/write_bytes.go
 create mode 100644 vendor/github.com/tjfoc/gmsm/sm3/ifile
 create mode 100644 vendor/github.com/xanzy/go-gitlab/appearance.go
 create mode 100644 vendor/github.com/xanzy/go-gitlab/group_epic_boards.go
 create mode 100644 vendor/github.com/xanzy/go-gitlab/group_protected_environments.go
 create mode 100644 vendor/github.com/xanzy/go-gitlab/group_repository_storage_move.go
 create mode 100644 vendor/github.com/xanzy/go-gitlab/job_token_scope.go
 create mode 100644 vendor/github.com/xanzy/go-gitlab/merge_trains.go
 create mode 100644 vendor/github.com/xanzy/go-gitlab/project_repository_storage_move.go
 create mode 100644 vendor/github.com/xanzy/go-gitlab/resource_iteration_events.go
 create mode 100644 vendor/github.com/xanzy/go-gitlab/snippet_repository_storage_move.go
 create mode 100644 vendor/go.mongodb.org/mongo-driver/x/bsonx/bsoncore/doc.go
 create mode 100644 vendor/go.opentelemetry.io/otel/attribute/filter.go
 create mode 100644 vendor/go.opentelemetry.io/otel/internal/gen.go
 create mode 100644 vendor/go.uber.org/atomic/pointer_go118_pre119.go
 create mode 100644 vendor/go.uber.org/zap/.golangci.yml
 delete mode 100644 vendor/go.uber.org/zap/array_go118.go
 create mode 100644 vendor/go.uber.org/zap/internal/pool/pool.go
 rename vendor/go.uber.org/zap/{stacktrace.go => internal/stacktrace/stack.go} (73%)
 create mode 100644 vendor/go.uber.org/zap/zapcore/lazy_with.go
 create mode 100644 vendor/go4.org/intern/LICENSE
 create mode 100644 vendor/go4.org/intern/README.md
 create mode 100644 vendor/go4.org/intern/intern.go
 create mode 100644 vendor/go4.org/unsafe/assume-no-moving-gc/LICENSE
 create mode 100644 vendor/go4.org/unsafe/assume-no-moving-gc/README.md
 create mode 100644 vendor/go4.org/unsafe/assume-no-moving-gc/assume-no-moving-gc.go
 create mode 100644 vendor/go4.org/unsafe/assume-no-moving-gc/check.go
 create mode 100644 vendor/golang.org/x/exp/slices/cmp.go
 rename vendor/golang.org/x/exp/slices/{zsortfunc.go => zsortanyfunc.go} (64%)
 create mode 100644 vendor/golang.org/x/exp/slog/attr.go
 create mode 100644 vendor/golang.org/x/exp/slog/doc.go
 create mode 100644 vendor/golang.org/x/exp/slog/handler.go
 create mode 100644 vendor/golang.org/x/exp/slog/internal/buffer/buffer.go
 create mode 100644 vendor/golang.org/x/exp/slog/internal/ignorepc.go
 create mode 100644 vendor/golang.org/x/exp/slog/json_handler.go
 create mode 100644 vendor/golang.org/x/exp/slog/level.go
 create mode 100644 vendor/golang.org/x/exp/slog/logger.go
 create mode 100644 vendor/golang.org/x/exp/slog/noplog.bench
 create mode 100644 vendor/golang.org/x/exp/slog/record.go
 create mode 100644 vendor/golang.org/x/exp/slog/text_handler.go
 create mode 100644 vendor/golang.org/x/exp/slog/value.go
 create mode 100644 vendor/golang.org/x/exp/slog/value_119.go
 create mode 100644 vendor/golang.org/x/exp/slog/value_120.go
 create mode 100644 vendor/golang.org/x/oauth2/deviceauth.go
 create mode 100644 vendor/golang.org/x/oauth2/google/internal/externalaccount/header.go
 create mode 100644 vendor/golang.org/x/oauth2/google/internal/externalaccountauthorizeduser/externalaccountauthorizeduser.go
 rename vendor/golang.org/x/oauth2/google/internal/{externalaccount => stsexchange}/clientauth.go (88%)
 rename vendor/golang.org/x/oauth2/google/internal/{externalaccount => stsexchange}/sts_exchange.go (68%)
 create mode 100644 vendor/golang.org/x/oauth2/pkce.go
 create mode 100644 vendor/golang.org/x/sys/windows/registry/key.go
 create mode 100644 vendor/golang.org/x/sys/windows/registry/mksyscall.go
 create mode 100644 vendor/golang.org/x/sys/windows/registry/syscall.go
 create mode 100644 vendor/golang.org/x/sys/windows/registry/value.go
 create mode 100644 vendor/golang.org/x/sys/windows/registry/zsyscall_windows.go
 create mode 100644 vendor/golang.org/x/tools/go/types/objectpath/objectpath.go
 create mode 100644 vendor/golang.org/x/tools/internal/typesinternal/objectpath.go
 create mode 100644 vendor/golang.org/x/xerrors/LICENSE
 create mode 100644 vendor/golang.org/x/xerrors/PATENTS
 create mode 100644 vendor/golang.org/x/xerrors/README
 create mode 100644 vendor/golang.org/x/xerrors/adaptor.go
 create mode 100644 vendor/golang.org/x/xerrors/codereview.cfg
 create mode 100644 vendor/golang.org/x/xerrors/doc.go
 create mode 100644 vendor/golang.org/x/xerrors/errors.go
 create mode 100644 vendor/golang.org/x/xerrors/fmt.go
 create mode 100644 vendor/golang.org/x/xerrors/format.go
 create mode 100644 vendor/golang.org/x/xerrors/frame.go
 create mode 100644 vendor/golang.org/x/xerrors/internal/internal.go
 create mode 100644 vendor/golang.org/x/xerrors/wrap.go
 delete mode 100644 vendor/google.golang.org/api/transport/http/dial_appengine.go
 delete mode 100644 vendor/google.golang.org/appengine/.travis.yml
 delete mode 100644 vendor/google.golang.org/appengine/internal/socket/socket_service.pb.go
 delete mode 100644 vendor/google.golang.org/appengine/internal/socket/socket_service.proto
 delete mode 100644 vendor/google.golang.org/appengine/socket/doc.go
 delete mode 100644 vendor/google.golang.org/appengine/socket/socket_classic.go
 delete mode 100644 vendor/google.golang.org/appengine/socket/socket_vm.go
 delete mode 100644 vendor/google.golang.org/appengine/travis_install.sh
 delete mode 100644 vendor/google.golang.org/appengine/travis_test.sh
 create mode 100644 vendor/google.golang.org/grpc/internal/grpcsync/pubsub.go
 rename vendor/google.golang.org/grpc/{ => internal/idle}/idle.go (61%)
 create mode 100644 vendor/google.golang.org/grpc/shared_buffer_pool.go
 delete mode 100644 vendor/google.golang.org/protobuf/types/known/emptypb/empty.pb.go
 create mode 100644 vendor/gopkg.in/DataDog/dd-trace-go.v1/LICENSE
 create mode 100644 vendor/gopkg.in/DataDog/dd-trace-go.v1/LICENSE-3rdparty.csv
 create mode 100644 vendor/gopkg.in/DataDog/dd-trace-go.v1/LICENSE-APACHE
 create mode 100644 vendor/gopkg.in/DataDog/dd-trace-go.v1/LICENSE-BSD3
 create mode 100644 vendor/gopkg.in/DataDog/dd-trace-go.v1/NOTICE
 create mode 100644 vendor/gopkg.in/DataDog/dd-trace-go.v1/datastreams/options/options.go
 create mode 100644 vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/ddtrace.go
 create mode 100644 vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/ext/app_types.go
 create mode 100644 vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/ext/db.go
 create mode 100644 vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/ext/messaging.go
 create mode 100644 vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/ext/peer.go
 create mode 100644 vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/ext/priority.go
 create mode 100644 vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/ext/rpc.go
 create mode 100644 vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/ext/span_kind.go
 create mode 100644 vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/ext/system.go
 create mode 100644 vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/ext/tags.go
 create mode 100644 vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/internal/globaltracer.go
 create mode 100644 vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/abandonedspans.go
 create mode 100644 vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/context.go
 create mode 100644 vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/data_streams.go
 create mode 100644 vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/doc.go
 create mode 100644 vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/log.go
 create mode 100644 vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/metrics.go
 create mode 100644 vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/option.go
 create mode 100644 vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/payload.go
 create mode 100644 vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/propagating_tags.go
 create mode 100644 vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/propagator.go
 create mode 100644 vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/rand.go
 create mode 100644 vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/rules_sampler.go
 create mode 100644 vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/sampler.go
 create mode 100644 vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/span.go
 create mode 100644 vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/span_msgp.go
 create mode 100644 vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/spancontext.go
 create mode 100644 vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/sqlcomment.go
 create mode 100644 vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/stats.go
 create mode 100644 vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/stats_payload.go
 create mode 100644 vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/stats_payload_msgp.go
 create mode 100644 vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/telemetry.go
 create mode 100644 vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/textmap.go
 create mode 100644 vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/time.go
 create mode 100644 vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/time_windows.go
 create mode 100644 vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/tracer.go
 create mode 100644 vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/transport.go
 create mode 100644 vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/util.go
 create mode 100644 vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/writer.go
 create mode 100644 vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/active_span_key.go
 create mode 100644 vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/agent.go
 create mode 100644 vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/appsec.go
 create mode 100644 vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/appsec_disabled.go
 create mode 100644 vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/config.go
 create mode 100644 vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/dyngo/instrumentation/common.go
 create mode 100644 vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/dyngo/instrumentation/grpcsec/grpc.go
 create mode 100644 vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/dyngo/instrumentation/grpcsec/tags.go
 create mode 100644 vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/dyngo/instrumentation/httpsec/http.go
 create mode 100644 vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/dyngo/instrumentation/httpsec/tags.go
 create mode 100644 vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/dyngo/instrumentation/sharedsec/actions.go
 create mode 100644 vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/dyngo/instrumentation/sharedsec/blocked-template.html
 create mode 100644 vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/dyngo/instrumentation/sharedsec/blocked-template.json
 create mode 100644 vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/dyngo/instrumentation/sharedsec/shared.go
 create mode 100644 vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/dyngo/operation.go
 create mode 100644 vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/limiter.go
 create mode 100644 vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/remoteconfig.go
 create mode 100644 vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/rules.go
 create mode 100644 vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/rules.json
 create mode 100644 vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/rules_manager.go
 create mode 100644 vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/waf.go
 create mode 100644 vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/container.go
 create mode 100644 vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/datastreams/pathway.go
 create mode 100644 vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/datastreams/payload.go
 create mode 100644 vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/datastreams/payload_msgp.go
 create mode 100644 vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/datastreams/processor.go
 create mode 100644 vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/datastreams/propagator.go
 create mode 100644 vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/datastreams/transport.go
 create mode 100644 vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/env.go
 create mode 100644 vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/gitmetadata.go
 create mode 100644 vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/gitmetadatabinary.go
 create mode 100644 vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/gitmetadatabinary_legacy.go
 create mode 100644 vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/globalconfig/globalconfig.go
 create mode 100644 vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/hostname/azure/azure.go
 create mode 100644 vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/hostname/cachedfetch/fetcher.go
 create mode 100644 vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/hostname/ec2/ec2.go
 create mode 100644 vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/hostname/ecs/aws.go
 create mode 100644 vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/hostname/fqdn_nix.go
 create mode 100644 vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/hostname/fqdn_windows.go
 create mode 100644 vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/hostname/gce/gce.go
 create mode 100644 vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/hostname/httputils/helpers.go
 create mode 100644 vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/hostname/providers.go
 create mode 100644 vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/hostname/validate/validate.go
 create mode 100644 vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/log/log.go
 create mode 100644 vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/namingschema/namingschema.go
 create mode 100644 vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/namingschema/op_cache.go
 create mode 100644 vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/namingschema/op_client_server.go
 create mode 100644 vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/namingschema/op_db.go
 create mode 100644 vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/namingschema/op_messaging.go
 create mode 100644 vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/namingschema/option.go
 create mode 100644 vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/namingschema/service_name.go
 create mode 100644 vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/normalizer/normalizer.go
 create mode 100644 vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/osinfo/osinfo.go
 create mode 100644 vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/osinfo/osinfo_darwin.go
 create mode 100644 vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/osinfo/osinfo_default.go
 create mode 100644 vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/osinfo/osinfo_freebsd.go
 create mode 100644 vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/osinfo/osinfo_linux.go
 create mode 100644 vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/osinfo/osinfo_windows.go
 create mode 100644 vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/remoteconfig/config.go
 create mode 100644 vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/remoteconfig/remoteconfig.go
 create mode 100644 vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/remoteconfig/types.go
 create mode 100644 vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/samplernames/samplernames.go
 create mode 100644 vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/statsd.go
 create mode 100644 vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/telemetry/client.go
 create mode 100644 vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/telemetry/message.go
 create mode 100644 vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/telemetry/option.go
 create mode 100644 vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/telemetry/telemetry.go
 create mode 100644 vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/telemetry/utils.go
 create mode 100644 vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/trace_context.go
 create mode 100644 vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/traceprof/endpoint_counter.go
 create mode 100644 vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/traceprof/profiler.go
 create mode 100644 vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/traceprof/traceprof.go
 create mode 100644 vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/utils.go
 create mode 100644 vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/version/version.go
 create mode 100644 vendor/gopkg.in/go-jose/go-jose.v2/.gitcookies.sh.enc
 create mode 100644 vendor/gopkg.in/go-jose/go-jose.v2/.gitignore
 create mode 100644 vendor/gopkg.in/go-jose/go-jose.v2/.travis.yml
 create mode 100644 vendor/gopkg.in/go-jose/go-jose.v2/CONTRIBUTING.md
 create mode 100644 vendor/gopkg.in/go-jose/go-jose.v2/LICENSE
 create mode 100644 vendor/gopkg.in/go-jose/go-jose.v2/README.md
 create mode 100644 vendor/gopkg.in/go-jose/go-jose.v2/asymmetric.go
 create mode 100644 vendor/gopkg.in/go-jose/go-jose.v2/cipher/cbc_hmac.go
 create mode 100644 vendor/gopkg.in/go-jose/go-jose.v2/cipher/concat_kdf.go
 create mode 100644 vendor/gopkg.in/go-jose/go-jose.v2/cipher/ecdh_es.go
 create mode 100644 vendor/gopkg.in/go-jose/go-jose.v2/cipher/key_wrap.go
 create mode 100644 vendor/gopkg.in/go-jose/go-jose.v2/crypter.go
 create mode 100644 vendor/gopkg.in/go-jose/go-jose.v2/doc.go
 create mode 100644 vendor/gopkg.in/go-jose/go-jose.v2/encoding.go
 create mode 100644 vendor/gopkg.in/go-jose/go-jose.v2/json/LICENSE
 create mode 100644 vendor/gopkg.in/go-jose/go-jose.v2/json/README.md
 create mode 100644 vendor/gopkg.in/go-jose/go-jose.v2/json/decode.go
 create mode 100644 vendor/gopkg.in/go-jose/go-jose.v2/json/encode.go
 create mode 100644 vendor/gopkg.in/go-jose/go-jose.v2/json/indent.go
 create mode 100644 vendor/gopkg.in/go-jose/go-jose.v2/json/scanner.go
 create mode 100644 vendor/gopkg.in/go-jose/go-jose.v2/json/stream.go
 create mode 100644 vendor/gopkg.in/go-jose/go-jose.v2/json/tags.go
 create mode 100644 vendor/gopkg.in/go-jose/go-jose.v2/jwe.go
 create mode 100644 vendor/gopkg.in/go-jose/go-jose.v2/jwk.go
 create mode 100644 vendor/gopkg.in/go-jose/go-jose.v2/jws.go
 create mode 100644 vendor/gopkg.in/go-jose/go-jose.v2/opaque.go
 create mode 100644 vendor/gopkg.in/go-jose/go-jose.v2/shared.go
 create mode 100644 vendor/gopkg.in/go-jose/go-jose.v2/signing.go
 create mode 100644 vendor/gopkg.in/go-jose/go-jose.v2/symmetric.go
 create mode 100644 vendor/inet.af/netaddr/.gitignore
 create mode 100644 vendor/inet.af/netaddr/.gitmodules
 create mode 100644 vendor/inet.af/netaddr/AUTHORS
 create mode 100644 vendor/inet.af/netaddr/LICENSE
 create mode 100644 vendor/inet.af/netaddr/README.md
 create mode 100644 vendor/inet.af/netaddr/fuzz.go
 create mode 100644 vendor/inet.af/netaddr/ipset.go
 create mode 100644 vendor/inet.af/netaddr/mask6.go
 create mode 100644 vendor/inet.af/netaddr/netaddr.go
 create mode 100644 vendor/inet.af/netaddr/uint128.go
 create mode 100644 vendor/k8s.io/apimachinery/pkg/runtime/splice.go
 create mode 100644 vendor/k8s.io/apimachinery/pkg/util/dump/dump.go
 create mode 100644 vendor/k8s.io/apimachinery/pkg/util/managedfields/internal/versioncheck.go
 create mode 100644 vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1alpha1/variable.go
 create mode 100644 vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1/auditannotation.go
 create mode 100644 vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1/expressionwarning.go
 create mode 100644 vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1/matchresources.go
 create mode 100644 vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1/namedrulewithoperations.go
 create mode 100644 vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1/paramkind.go
 create mode 100644 vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1/paramref.go
 create mode 100644 vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1/typechecking.go
 create mode 100644 vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1/validatingadmissionpolicy.go
 create mode 100644 vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1/validatingadmissionpolicybinding.go
 create mode 100644 vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1/validatingadmissionpolicybindingspec.go
 create mode 100644 vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1/validatingadmissionpolicyspec.go
 create mode 100644 vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1/validatingadmissionpolicystatus.go
 create mode 100644 vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1/validation.go
 create mode 100644 vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1/variable.go
 create mode 100644 vendor/k8s.io/client-go/applyconfigurations/core/v1/hostip.go
 create mode 100644 vendor/k8s.io/client-go/applyconfigurations/core/v1/podresourceclaimstatus.go
 delete mode 100644 vendor/k8s.io/client-go/applyconfigurations/extensions/v1beta1/networkpolicystatus.go
 create mode 100644 vendor/k8s.io/client-go/applyconfigurations/flowcontrol/v1alpha1/exemptprioritylevelconfiguration.go
 create mode 100644 vendor/k8s.io/client-go/applyconfigurations/flowcontrol/v1beta1/exemptprioritylevelconfiguration.go
 create mode 100644 vendor/k8s.io/client-go/applyconfigurations/flowcontrol/v1beta2/exemptprioritylevelconfiguration.go
 create mode 100644 vendor/k8s.io/client-go/applyconfigurations/flowcontrol/v1beta3/exemptprioritylevelconfiguration.go
 delete mode 100644 vendor/k8s.io/client-go/applyconfigurations/networking/v1/networkpolicystatus.go
 create mode 100644 vendor/k8s.io/client-go/kubernetes/typed/admissionregistration/v1beta1/validatingadmissionpolicy.go
 create mode 100644 vendor/k8s.io/client-go/kubernetes/typed/admissionregistration/v1beta1/validatingadmissionpolicybinding.go
 create mode 100644 vendor/k8s.io/client-go/kubernetes/typed/authentication/v1/selfsubjectreview.go
 create mode 100644 vendor/k8s.io/client-go/openapi/typeconverter.go
 create mode 100644 vendor/k8s.io/client-go/tools/cache/object-names.go
 delete mode 100644 vendor/k8s.io/client-go/tools/leaderelection/resourcelock/configmaplock.go
 delete mode 100644 vendor/k8s.io/client-go/tools/leaderelection/resourcelock/endpointslock.go
 delete mode 100644 vendor/k8s.io/kube-openapi/pkg/builder3/util/util.go
 delete mode 100644 vendor/k8s.io/kube-openapi/pkg/openapiconv/convert.go
 delete mode 100644 vendor/k8s.io/kube-openapi/pkg/schemamutation/walker.go
 delete mode 100644 vendor/k8s.io/kube-openapi/pkg/validation/spec/fuzz.go
 create mode 100644 vendor/k8s.io/utils/ptr/OWNERS
 create mode 100644 vendor/k8s.io/utils/ptr/README.md
 create mode 100644 vendor/k8s.io/utils/ptr/ptr.go
 create mode 100644 vendor/sigs.k8s.io/yaml/goyaml.v2/LICENSE
 create mode 100644 vendor/sigs.k8s.io/yaml/goyaml.v2/LICENSE.libyaml
 create mode 100644 vendor/sigs.k8s.io/yaml/goyaml.v2/NOTICE
 create mode 100644 vendor/sigs.k8s.io/yaml/goyaml.v2/OWNERS
 create mode 100644 vendor/sigs.k8s.io/yaml/goyaml.v2/README.md
 create mode 100644 vendor/sigs.k8s.io/yaml/goyaml.v2/apic.go
 create mode 100644 vendor/sigs.k8s.io/yaml/goyaml.v2/decode.go
 create mode 100644 vendor/sigs.k8s.io/yaml/goyaml.v2/emitterc.go
 create mode 100644 vendor/sigs.k8s.io/yaml/goyaml.v2/encode.go
 create mode 100644 vendor/sigs.k8s.io/yaml/goyaml.v2/parserc.go
 create mode 100644 vendor/sigs.k8s.io/yaml/goyaml.v2/readerc.go
 create mode 100644 vendor/sigs.k8s.io/yaml/goyaml.v2/resolve.go
 create mode 100644 vendor/sigs.k8s.io/yaml/goyaml.v2/scannerc.go
 create mode 100644 vendor/sigs.k8s.io/yaml/goyaml.v2/sorter.go
 create mode 100644 vendor/sigs.k8s.io/yaml/goyaml.v2/writerc.go
 create mode 100644 vendor/sigs.k8s.io/yaml/goyaml.v2/yaml.go
 create mode 100644 vendor/sigs.k8s.io/yaml/goyaml.v2/yamlh.go
 create mode 100644 vendor/sigs.k8s.io/yaml/goyaml.v2/yamlprivateh.go

diff --git a/go.mod b/go.mod
index e794d134f..cfe07fa6f 100644
--- a/go.mod
+++ b/go.mod
@@ -6,17 +6,17 @@ require (
 	github.com/Masterminds/sprig/v3 v3.2.3
 	github.com/ahmetb/gen-crd-api-reference-docs v0.3.0
 	github.com/containerd/containerd v1.7.0
-	github.com/docker/cli v23.0.5+incompatible
+	github.com/docker/cli v24.0.7+incompatible
 	github.com/gardener/component-cli v0.44.0
 	github.com/gardener/component-spec/bindings-go v0.0.95
 	github.com/gardener/image-vector v0.10.0
 	github.com/gardener/landscaper/apis v0.0.0-00010101000000-000000000000
 	github.com/gardener/landscaper/controller-utils v0.0.0-00010101000000-000000000000
-	github.com/go-logr/logr v1.2.4
+	github.com/go-logr/logr v1.3.0
 	github.com/golang/mock v1.6.0
-	github.com/google/uuid v1.3.0
+	github.com/google/uuid v1.4.0
 	github.com/hashicorp/go-multierror v1.1.1
-	github.com/imdario/mergo v0.3.15
+	github.com/imdario/mergo v0.3.16
 	github.com/mandelsoft/filepath v0.0.0-20230412200429-36b1eb66bd27
 	github.com/mandelsoft/spiff v1.7.0-beta-5
 	github.com/mandelsoft/vfs v0.0.0-20230713123140-269aa4fb1338
@@ -25,125 +25,137 @@ require (
 	github.com/onsi/gomega v1.27.7
 	github.com/open-component-model/ocm v0.4.1
 	github.com/opencontainers/go-digest v1.0.0
-	github.com/opencontainers/image-spec v1.1.0-rc3
+	github.com/opencontainers/image-spec v1.1.0-rc5
 	github.com/pkg/errors v0.9.1
-	github.com/prometheus/client_golang v1.15.1
+	github.com/prometheus/client_golang v1.17.0
 	github.com/robfig/cron/v3 v3.0.1
-	github.com/spf13/cobra v1.7.0
+	github.com/spf13/cobra v1.8.0
 	github.com/spf13/pflag v1.0.5
 	github.com/xeipuuv/gojsonschema v1.2.0
 	golang.org/x/crypto v0.14.0
 	golang.org/x/lint v0.0.0-20210508222113-6edffad5e616
-	golang.org/x/oauth2 v0.9.0
-	golang.org/x/sync v0.3.0
+	golang.org/x/oauth2 v0.13.0
+	golang.org/x/sync v0.5.0
 	golang.org/x/sys v0.13.0
 	gopkg.in/yaml.v3 v3.0.1
 	helm.sh/helm/v3 v3.12.2
-	k8s.io/api v0.27.3
+	k8s.io/api v0.28.3
 	k8s.io/apiextensions-apiserver v0.27.2
-	k8s.io/apimachinery v0.27.3
-	k8s.io/client-go v0.27.3
-	k8s.io/utils v0.0.0-20230406110748-d93618cff8a2
+	k8s.io/apimachinery v0.28.3
+	k8s.io/client-go v0.28.3
+	k8s.io/utils v0.0.0-20230726121419-3b25d923346b
 	sigs.k8s.io/controller-runtime v0.15.1
-	sigs.k8s.io/yaml v1.3.0
+	sigs.k8s.io/yaml v1.4.0
 )
 
 require (
-	cloud.google.com/go/compute v1.19.3 // indirect
+	cloud.google.com/go/compute v1.23.2 // indirect
 	cloud.google.com/go/compute/metadata v0.2.3 // indirect
 	filippo.io/edwards25519 v1.0.0 // indirect
 	github.com/AdaLogics/go-fuzz-headers v0.0.0-20230106234847-43070de90fa1 // indirect
 	github.com/AliyunContainerService/ack-ram-tool/pkg/credentials/alibabacloudsdkgo/helper v0.2.0 // indirect
 	github.com/Azure/azure-sdk-for-go v68.0.0+incompatible // indirect
-	github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 // indirect
+	github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 // indirect
 	github.com/Azure/go-autorest v14.2.0+incompatible // indirect
 	github.com/Azure/go-autorest/autorest v0.11.29 // indirect
-	github.com/Azure/go-autorest/autorest/adal v0.9.22 // indirect
+	github.com/Azure/go-autorest/autorest/adal v0.9.23 // indirect
 	github.com/Azure/go-autorest/autorest/azure/auth v0.5.12 // indirect
 	github.com/Azure/go-autorest/autorest/azure/cli v0.4.6 // indirect
 	github.com/Azure/go-autorest/autorest/date v0.3.0 // indirect
 	github.com/Azure/go-autorest/logger v0.2.1 // indirect
 	github.com/Azure/go-autorest/tracing v0.6.0 // indirect
 	github.com/BurntSushi/toml v1.2.1 // indirect
-	github.com/DataDog/gostackparse v0.6.0 // indirect
+	github.com/DataDog/appsec-internal-go v1.0.0 // indirect
+	github.com/DataDog/datadog-agent/pkg/obfuscate v0.48.1 // indirect
+	github.com/DataDog/datadog-agent/pkg/remoteconfig/state v0.48.1 // indirect
+	github.com/DataDog/datadog-go/v5 v5.3.0 // indirect
+	github.com/DataDog/go-libddwaf v1.5.0 // indirect
+	github.com/DataDog/go-tuf v1.0.2-0.5.2 // indirect
+	github.com/DataDog/gostackparse v0.7.0 // indirect
+	github.com/DataDog/sketches-go v1.4.3 // indirect
 	github.com/MakeNowJust/heredoc v1.0.0 // indirect
 	github.com/Masterminds/goutils v1.1.1 // indirect
 	github.com/Masterminds/semver/v3 v3.2.1 // indirect
 	github.com/Masterminds/squirrel v1.5.4 // indirect
 	github.com/Microsoft/go-winio v0.6.1 // indirect
-	github.com/ProtonMail/go-crypto v0.0.0-20230518184743-7afd39499903 // indirect
+	github.com/ProtonMail/go-crypto v0.0.0-20230923063757-afb1ddc0824c // indirect
 	github.com/ThalesIgnite/crypto11 v1.2.5 // indirect
 	github.com/alibabacloud-go/alibabacloud-gateway-spi v0.0.4 // indirect
 	github.com/alibabacloud-go/cr-20160607 v1.0.1 // indirect
 	github.com/alibabacloud-go/cr-20181201 v1.0.10 // indirect
-	github.com/alibabacloud-go/darabonba-openapi v0.1.18 // indirect
-	github.com/alibabacloud-go/debug v0.0.0-20190504072949-9472017b5c68 // indirect
+	github.com/alibabacloud-go/darabonba-openapi v0.2.1 // indirect
+	github.com/alibabacloud-go/debug v1.0.0 // indirect
 	github.com/alibabacloud-go/endpoint-util v1.1.1 // indirect
-	github.com/alibabacloud-go/openapi-util v0.0.11 // indirect
-	github.com/alibabacloud-go/tea v1.1.18 // indirect
-	github.com/alibabacloud-go/tea-utils v1.4.4 // indirect
-	github.com/alibabacloud-go/tea-xml v1.1.2 // indirect
-	github.com/aliyun/credentials-go v1.2.3 // indirect
+	github.com/alibabacloud-go/openapi-util v0.1.0 // indirect
+	github.com/alibabacloud-go/tea v1.2.1 // indirect
+	github.com/alibabacloud-go/tea-utils v1.4.5 // indirect
+	github.com/alibabacloud-go/tea-xml v1.1.3 // indirect
+	github.com/aliyun/credentials-go v1.3.1 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
-	github.com/aws/aws-sdk-go-v2 v1.18.1 // indirect
-	github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.4.8 // indirect
-	github.com/aws/aws-sdk-go-v2/config v1.18.27 // indirect
-	github.com/aws/aws-sdk-go-v2/credentials v1.13.26 // indirect
-	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.4 // indirect
+	github.com/aws/aws-sdk-go-v2 v1.21.2 // indirect
+	github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.4.13 // indirect
+	github.com/aws/aws-sdk-go-v2/config v1.19.1 // indirect
+	github.com/aws/aws-sdk-go-v2/credentials v1.13.43 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.13 // indirect
 	github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.11.33 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.34 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.28 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/ini v1.3.35 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/v4a v1.0.14 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ecr v1.18.7 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.12.0 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.9.9 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.1.18 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.28 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.13.17 // indirect
-	github.com/aws/aws-sdk-go-v2/service/s3 v1.27.11 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sso v1.12.12 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.12 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sts v1.19.2 // indirect
-	github.com/aws/smithy-go v1.13.5 // indirect
-	github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20220228164355-396b2034c795 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.43 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.37 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/ini v1.3.45 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/v4a v1.1.4 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ecr v1.20.2 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.18.2 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.9.14 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.1.36 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.37 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.15.4 // indirect
+	github.com/aws/aws-sdk-go-v2/service/s3 v1.40.0 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.15.2 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.17.3 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sts v1.23.2 // indirect
+	github.com/aws/smithy-go v1.15.0 // indirect
+	github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20231024185945-8841054dbdb8 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/blang/semver v3.5.1+incompatible // indirect
-	github.com/buildkite/agent/v3 v3.49.0 // indirect
+	github.com/buildkite/agent/v3 v3.58.0 // indirect
+	github.com/buildkite/interpolate v0.0.0-20200526001904-07f35b4ae251 // indirect
 	github.com/cespare/xxhash/v2 v2.2.0 // indirect
 	github.com/chai2010/gettext-go v1.0.2 // indirect
-	github.com/chrismellard/docker-credential-acr-env v0.0.0-20220119192733-fe33c00cee21 // indirect
-	github.com/clbanning/mxj/v2 v2.5.6 // indirect
-	github.com/cloudflare/circl v1.3.3 // indirect
+	github.com/chrismellard/docker-credential-acr-env v0.0.0-20230304212654-82a0ddb27589 // indirect
+	github.com/clbanning/mxj/v2 v2.7.0 // indirect
+	github.com/cloudflare/circl v1.3.5 // indirect
 	github.com/common-nighthawk/go-figure v0.0.0-20210622060536-734e95fb86be // indirect
 	github.com/containerd/stargz-snapshotter/estargz v0.14.3 // indirect
 	github.com/containers/image/v5 v5.21.1 // indirect
 	github.com/containers/libtrust v0.0.0-20200511145503-9c3a6c22cd9a // indirect
 	github.com/containers/ocicrypt v1.1.6 // indirect
 	github.com/containers/storage v1.42.0 // indirect
-	github.com/coreos/go-oidc/v3 v3.6.0 // indirect
-	github.com/cyberphone/json-canonicalization v0.0.0-20220623050100-57a0ce2678a7 // indirect
+	github.com/coreos/go-oidc/v3 v3.7.0 // indirect
+	github.com/cyberphone/json-canonicalization v0.0.0-20231011164504-785e29786b46 // indirect
 	github.com/cyphar/filepath-securejoin v0.2.4 // indirect
-	github.com/davecgh/go-spew v1.1.1 // indirect
-	github.com/digitorus/pkcs7 v0.0.0-20221212123742-001c36b64ec3 // indirect
-	github.com/digitorus/timestamp v0.0.0-20221019182153-ef3b63b79b31 // indirect
+	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
+	github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0 // indirect
+	github.com/digitorus/pkcs7 v0.0.0-20230818184609-3a137a874352 // indirect
+	github.com/digitorus/timestamp v0.0.0-20230902153158-687734543647 // indirect
 	github.com/dimchansky/utfbom v1.1.1 // indirect
-	github.com/docker/distribution v2.8.2+incompatible // indirect
-	github.com/docker/docker v23.0.5+incompatible // indirect
-	github.com/docker/docker-credential-helpers v0.7.0 // indirect
+	github.com/distribution/reference v0.5.0 // indirect
+	github.com/docker/distribution v2.8.3+incompatible // indirect
+	github.com/docker/docker v24.0.7+incompatible // indirect
+	github.com/docker/docker-credential-helpers v0.8.0 // indirect
 	github.com/docker/go v1.5.1-1.0.20160303222718-d30aec9fd63c // indirect
 	github.com/docker/go-connections v0.4.0 // indirect
 	github.com/docker/go-metrics v0.0.1 // indirect
 	github.com/docker/go-units v0.5.0 // indirect
 	github.com/drone/envsubst v1.0.3 // indirect
-	github.com/emicklei/go-restful/v3 v3.10.1 // indirect
+	github.com/dustin/go-humanize v1.0.1 // indirect
+	github.com/ebitengine/purego v0.5.0 // indirect
+	github.com/emicklei/go-restful/v3 v3.11.0 // indirect
 	github.com/evanphx/json-patch v5.6.0+incompatible // indirect
 	github.com/evanphx/json-patch/v5 v5.6.0 // indirect
 	github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f // indirect
-	github.com/fatih/color v1.13.0 // indirect
-	github.com/fsnotify/fsnotify v1.6.0 // indirect
+	github.com/fatih/color v1.15.0 // indirect
+	github.com/fsnotify/fsnotify v1.7.0 // indirect
 	github.com/fvbommel/sortorder v1.0.2 // indirect
-	github.com/gabriel-vasile/mimetype v1.4.2 // indirect
+	github.com/gabriel-vasile/mimetype v1.4.3 // indirect
 	github.com/ghodss/yaml v1.0.0 // indirect
 	github.com/go-chi/chi v4.1.2+incompatible // indirect
 	github.com/go-errors/errors v1.4.2 // indirect
@@ -152,8 +164,8 @@ require (
 	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/go-logr/zapr v1.2.4 // indirect
 	github.com/go-openapi/analysis v0.21.4 // indirect
-	github.com/go-openapi/errors v0.20.3 // indirect
-	github.com/go-openapi/jsonpointer v0.19.6 // indirect
+	github.com/go-openapi/errors v0.20.4 // indirect
+	github.com/go-openapi/jsonpointer v0.20.0 // indirect
 	github.com/go-openapi/jsonreference v0.20.2 // indirect
 	github.com/go-openapi/loads v0.21.2 // indirect
 	github.com/go-openapi/runtime v0.26.0 // indirect
@@ -163,49 +175,58 @@ require (
 	github.com/go-openapi/validate v0.22.1 // indirect
 	github.com/go-playground/locales v0.14.1 // indirect
 	github.com/go-playground/universal-translator v0.18.1 // indirect
-	github.com/go-playground/validator/v10 v10.14.0 // indirect
+	github.com/go-playground/validator/v10 v10.15.5 // indirect
 	github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect
 	github.com/go-test/deep v1.1.0 // indirect
 	github.com/gobwas/glob v0.2.3 // indirect
+	github.com/goccy/go-json v0.10.2 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang-jwt/jwt/v4 v4.5.0 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/protobuf v1.5.3 // indirect
 	github.com/golang/snappy v0.0.4 // indirect
 	github.com/google/btree v1.1.2 // indirect
-	github.com/google/certificate-transparency-go v1.1.6 // indirect
+	github.com/google/certificate-transparency-go v1.1.7 // indirect
 	github.com/google/gnostic v0.6.9 // indirect
-	github.com/google/go-cmp v0.5.9 // indirect
-	github.com/google/go-containerregistry v0.15.2 // indirect
+	github.com/google/gnostic-models v0.6.9-0.20230804172637-c7be7c783f49 // indirect
+	github.com/google/go-cmp v0.6.0 // indirect
+	github.com/google/go-containerregistry v0.16.1 // indirect
 	github.com/google/go-github/v45 v45.2.0 // indirect
-	github.com/google/go-github/v50 v50.2.0 // indirect
+	github.com/google/go-github/v55 v55.0.0 // indirect
 	github.com/google/go-querystring v1.1.0 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
-	github.com/google/pprof v0.0.0-20221103000818-d260c55eee4c // indirect
-	github.com/google/s2a-go v0.1.4 // indirect
+	github.com/google/pprof v0.0.0-20231023181126-ff6d637d2a7b // indirect
+	github.com/google/s2a-go v0.1.7 // indirect
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
-	github.com/googleapis/enterprise-certificate-proxy v0.2.4 // indirect
+	github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect
 	github.com/gorilla/mux v1.8.0 // indirect
 	github.com/gosuri/uitable v0.0.4 // indirect
+	github.com/gowebpki/jcs v1.0.1 // indirect
 	github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
-	github.com/hashicorp/go-retryablehttp v0.7.2 // indirect
-	github.com/hashicorp/hcl v1.0.0 // indirect
+	github.com/hashicorp/go-retryablehttp v0.7.4 // indirect
+	github.com/hashicorp/hcl v1.0.1-vault-5 // indirect
 	github.com/huandu/xstrings v1.4.0 // indirect
 	github.com/in-toto/in-toto-golang v0.9.0 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
-	github.com/jedisct1/go-minisign v0.0.0-20211028175153-1c139d1cc84b // indirect
+	github.com/jedisct1/go-minisign v0.0.0-20230811132847-661be99b8267 // indirect
 	github.com/jmespath/go-jmespath v0.4.0 // indirect
 	github.com/jmoiron/sqlx v1.3.5 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
-	github.com/klauspost/compress v1.16.5 // indirect
-	github.com/klauspost/pgzip v1.2.5 // indirect
+	github.com/klauspost/compress v1.17.2 // indirect
+	github.com/klauspost/pgzip v1.2.6 // indirect
 	github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 // indirect
 	github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 // indirect
 	github.com/leodido/go-urn v1.2.4 // indirect
-	github.com/letsencrypt/boulder v0.0.0-20221109233200-85aa52084eaf // indirect
+	github.com/lestrrat-go/blackmagic v1.0.2 // indirect
+	github.com/lestrrat-go/httpcc v1.0.1 // indirect
+	github.com/lestrrat-go/httprc v1.0.4 // indirect
+	github.com/lestrrat-go/iter v1.0.2 // indirect
+	github.com/lestrrat-go/jwx/v2 v2.0.16 // indirect
+	github.com/lestrrat-go/option v1.0.1 // indirect
+	github.com/letsencrypt/boulder v0.0.0-20231026200631-000cd05d5491 // indirect
 	github.com/lib/pq v1.10.9 // indirect
 	github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect
 	github.com/magiconair/properties v1.8.7 // indirect
@@ -213,9 +234,9 @@ require (
 	github.com/mandelsoft/logging v0.0.0-20230905123808-7042ee3aae45 // indirect
 	github.com/marstr/guid v1.1.0 // indirect
 	github.com/mattn/go-colorable v0.1.13 // indirect
-	github.com/mattn/go-isatty v0.0.19 // indirect
-	github.com/mattn/go-runewidth v0.0.14 // indirect
-	github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect
+	github.com/mattn/go-isatty v0.0.20 // indirect
+	github.com/mattn/go-runewidth v0.0.15 // indirect
+	github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0 // indirect
 	github.com/miekg/pkcs11 v1.1.1 // indirect
 	github.com/mitchellh/copystructure v1.2.0 // indirect
 	github.com/mitchellh/go-homedir v1.1.0 // indirect
@@ -235,95 +256,109 @@ require (
 	github.com/nozzle/throttler v0.0.0-20180817012639-2ea982251481 // indirect
 	github.com/nxadm/tail v1.4.8 // indirect
 	github.com/oklog/ulid v1.3.1 // indirect
+	github.com/oleiade/reflections v1.0.1 // indirect
 	github.com/opencontainers/distribution-spec v1.0.1 // indirect
 	github.com/opentracing/opentracing-go v1.2.0 // indirect
+	github.com/outcaste-io/ristretto v0.2.3 // indirect
 	github.com/pborman/uuid v1.2.1 // indirect
 	github.com/pelletier/go-toml v1.9.5 // indirect
-	github.com/pelletier/go-toml/v2 v2.0.8 // indirect
+	github.com/pelletier/go-toml/v2 v2.1.0 // indirect
 	github.com/peterbourgon/diskv v2.0.1+incompatible // indirect
-	github.com/prometheus/client_model v0.4.0 // indirect
-	github.com/prometheus/common v0.42.0 // indirect
-	github.com/prometheus/procfs v0.9.0 // indirect
-	github.com/rivo/uniseg v0.4.2 // indirect
+	github.com/philhofer/fwd v1.1.2 // indirect
+	github.com/prometheus/client_model v0.5.0 // indirect
+	github.com/prometheus/common v0.45.0 // indirect
+	github.com/prometheus/procfs v0.12.0 // indirect
+	github.com/puzpuzpuz/xsync/v2 v2.5.1 // indirect
+	github.com/rivo/uniseg v0.4.4 // indirect
 	github.com/rubenv/sql-migrate v1.3.1 // indirect
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
+	github.com/sagikazarmark/locafero v0.3.0 // indirect
+	github.com/sagikazarmark/slog-shim v0.1.0 // indirect
 	github.com/sassoftware/relic v7.2.1+incompatible // indirect
-	github.com/secure-systems-lab/go-securesystemslib v0.6.0 // indirect
+	github.com/secure-systems-lab/go-securesystemslib v0.7.0 // indirect
+	github.com/segmentio/asm v1.2.0 // indirect
 	github.com/segmentio/ksuid v1.0.4 // indirect
 	github.com/shibumi/go-pathspec v1.3.0 // indirect
 	github.com/shopspring/decimal v1.3.1 // indirect
-	github.com/sigstore/cosign/v2 v2.1.1 // indirect
-	github.com/sigstore/fulcio v1.3.1 // indirect
-	github.com/sigstore/rekor v1.2.2-0.20230530122220-67cc9e58bd23 // indirect
-	github.com/sigstore/sigstore v1.7.1 // indirect
-	github.com/sigstore/timestamp-authority v1.1.1 // indirect
+	github.com/sigstore/cosign/v2 v2.2.1 // indirect
+	github.com/sigstore/fulcio v1.4.3 // indirect
+	github.com/sigstore/rekor v1.3.3 // indirect
+	github.com/sigstore/sigstore v1.7.5 // indirect
+	github.com/sigstore/timestamp-authority v1.2.0 // indirect
 	github.com/sirupsen/logrus v1.9.3 // indirect
 	github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966 // indirect
-	github.com/spf13/afero v1.9.5 // indirect
+	github.com/sourcegraph/conc v0.3.0 // indirect
+	github.com/spf13/afero v1.10.0 // indirect
 	github.com/spf13/cast v1.5.1 // indirect
-	github.com/spf13/jwalterweatherman v1.1.0 // indirect
-	github.com/spf13/viper v1.16.0 // indirect
+	github.com/spf13/viper v1.17.0 // indirect
 	github.com/spiffe/go-spiffe/v2 v2.1.6 // indirect
-	github.com/subosito/gotenv v1.4.2 // indirect
+	github.com/subosito/gotenv v1.6.0 // indirect
 	github.com/syndtr/goleveldb v1.0.1-0.20220721030215-126854af5e6d // indirect
 	github.com/thales-e-security/pool v0.0.2 // indirect
-	github.com/theupdateframework/go-tuf v0.5.2 // indirect
+	github.com/theupdateframework/go-tuf v0.6.1 // indirect
 	github.com/theupdateframework/notary v0.7.0 // indirect
+	github.com/tinylib/msgp v1.1.8 // indirect
 	github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 // indirect
-	github.com/tjfoc/gmsm v1.3.2 // indirect
+	github.com/tjfoc/gmsm v1.4.1 // indirect
 	github.com/tonglil/buflogr v1.0.1 // indirect
 	github.com/transparency-dev/merkle v0.0.2 // indirect
-	github.com/ulikunitz/xz v0.5.10 // indirect
+	github.com/ulikunitz/xz v0.5.11 // indirect
 	github.com/valyala/bytebufferpool v1.0.0 // indirect
 	github.com/valyala/fasttemplate v1.2.2 // indirect
-	github.com/vbatts/tar-split v0.11.3 // indirect
-	github.com/xanzy/go-gitlab v0.86.0 // indirect
+	github.com/vbatts/tar-split v0.11.5 // indirect
+	github.com/xanzy/go-gitlab v0.93.2 // indirect
 	github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
 	github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
 	github.com/xlab/treeprint v1.1.0 // indirect
 	github.com/zeebo/errs v1.3.0 // indirect
-	go.mongodb.org/mongo-driver v1.11.3 // indirect
+	go.mongodb.org/mongo-driver v1.12.1 // indirect
 	go.opencensus.io v0.24.0 // indirect
-	go.opentelemetry.io/otel v1.16.0 // indirect
-	go.opentelemetry.io/otel/metric v1.16.0 // indirect
-	go.opentelemetry.io/otel/trace v1.16.0 // indirect
+	go.opentelemetry.io/otel v1.19.0 // indirect
+	go.opentelemetry.io/otel/metric v1.19.0 // indirect
+	go.opentelemetry.io/otel/trace v1.19.0 // indirect
 	go.starlark.net v0.0.0-20221028183056-acb66ad56dd2 // indirect
-	go.step.sm/crypto v0.32.1 // indirect
-	go.uber.org/atomic v1.10.0 // indirect
+	go.step.sm/crypto v0.36.1 // indirect
+	go.uber.org/atomic v1.11.0 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
-	go.uber.org/zap v1.24.0 // indirect
-	golang.org/x/exp v0.0.0-20230321023759-10a507213a29 // indirect
-	golang.org/x/mod v0.11.0 // indirect
+	go.uber.org/zap v1.26.0 // indirect
+	go4.org/intern v0.0.0-20230525184215-6c62f75575cb // indirect
+	go4.org/unsafe/assume-no-moving-gc v0.0.0-20230525183740-e7c30c78aeb2 // indirect
+	golang.org/x/exp v0.0.0-20231006140011-7918f672742d // indirect
+	golang.org/x/mod v0.13.0 // indirect
 	golang.org/x/net v0.17.0 // indirect
 	golang.org/x/term v0.13.0 // indirect
 	golang.org/x/text v0.13.0 // indirect
 	golang.org/x/time v0.3.0 // indirect
-	golang.org/x/tools v0.9.3 // indirect
+	golang.org/x/tools v0.14.0 // indirect
+	golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 // indirect
 	gomodules.xyz/jsonpatch/v2 v2.3.0 // indirect
-	google.golang.org/api v0.128.0 // indirect
-	google.golang.org/appengine v1.6.7 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20230530153820-e85fd2cbaebc // indirect
-	google.golang.org/grpc v1.56.3 // indirect
-	google.golang.org/protobuf v1.30.0 // indirect
+	google.golang.org/api v0.149.0 // indirect
+	google.golang.org/appengine v1.6.8 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20231016165738-49dd2c1f3d0b // indirect
+	google.golang.org/grpc v1.59.0 // indirect
+	google.golang.org/protobuf v1.31.0 // indirect
+	gopkg.in/DataDog/dd-trace-go.v1 v1.56.1 // indirect
+	gopkg.in/go-jose/go-jose.v2 v2.6.1 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/square/go-jose.v2 v2.6.0 // indirect
 	gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
+	inet.af/netaddr v0.0.0-20230525184311-b8eac61e914a // indirect
 	k8s.io/apiserver v0.27.2 // indirect
 	k8s.io/cli-runtime v0.27.2 // indirect
 	k8s.io/component-base v0.27.2 // indirect
-	k8s.io/gengo v0.0.0-20220902162205-c0856e24416d // indirect
+	k8s.io/gengo v0.0.0-20230829151522-9cce18d56c01 // indirect
 	k8s.io/klog v1.0.0 // indirect
 	k8s.io/klog/v2 v2.100.1 // indirect
-	k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f // indirect
+	k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00 // indirect
 	k8s.io/kubectl v0.27.2 // indirect
 	oras.land/oras-go v1.2.3 // indirect
 	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
 	sigs.k8s.io/kustomize/api v0.13.2 // indirect
 	sigs.k8s.io/kustomize/kyaml v0.14.1 // indirect
-	sigs.k8s.io/release-utils v0.7.4 // indirect
-	sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect
+	sigs.k8s.io/release-utils v0.7.6 // indirect
+	sigs.k8s.io/structured-merge-diff/v4 v4.3.0 // indirect
 )
 
 replace (
diff --git a/go.sum b/go.sum
index b46492cc1..45208b409 100644
--- a/go.sum
+++ b/go.sum
@@ -22,22 +22,22 @@ cloud.google.com/go v0.75.0/go.mod h1:VGuuCn7PG0dwsd5XPVm2Mm3wlh3EL55/79EKB6hlPT
 cloud.google.com/go v0.78.0/go.mod h1:QjdrLG0uq+YwhjoVOLsS1t7TW8fs36kLs4XO5R5ECHg=
 cloud.google.com/go v0.79.0/go.mod h1:3bzgcEeQlzbuEAYu4mrWhKqWjmpprinYgKJLgKHnbb8=
 cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E0=
-cloud.google.com/go v0.110.0 h1:Zc8gqp3+a9/Eyph2KDmcGaPtbKRIoqq4YTlL4NMD0Ys=
+cloud.google.com/go v0.110.9 h1:e7ITSqGFFk4rbz/JFIqZh3G4VEHguhAL4BQcFlWtU68=
 cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o=
 cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE=
 cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc=
 cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg=
 cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc=
 cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ=
-cloud.google.com/go/compute v1.19.3 h1:DcTwsFgGev/wV5+q8o2fzgcHOaac+DKGC91ZlvpsQds=
-cloud.google.com/go/compute v1.19.3/go.mod h1:qxvISKp/gYnXkSAD1ppcSOveRAmzxicEv/JlizULFrI=
+cloud.google.com/go/compute v1.23.2 h1:nWEMDhgbBkBJjfpVySqU4jgWdc22PLR0o4vEexZHers=
+cloud.google.com/go/compute v1.23.2/go.mod h1:JJ0atRC0J/oWYiiVBmsSsrRnh92DhZPG4hFDcR04Rns=
 cloud.google.com/go/compute/metadata v0.2.3 h1:mg4jlk7mCAj6xXp9UJ4fjI9VUI5rubuGBW5aJ7UnBMY=
 cloud.google.com/go/compute/metadata v0.2.3/go.mod h1:VAV5nSsACxMJvgaAuX6Pk2AawlZn8kiOGuCv6gTkwuA=
 cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE=
 cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk=
 cloud.google.com/go/firestore v1.1.0/go.mod h1:ulACoGHTpvq5r8rxGJ4ddJZBZqakUQqClKRT5SZwBmk=
-cloud.google.com/go/iam v1.1.0 h1:67gSqaPukx7O8WLLHMa0PNs3EBGd2eE4d+psbO/CO94=
-cloud.google.com/go/kms v1.12.1 h1:xZmZuwy2cwzsocmKDOPu4BL7umg8QXagQx6fKVmf45U=
+cloud.google.com/go/iam v1.1.4 h1:K6n/GZHFTtEoKT5aUG3l9diPi0VduZNQ1PfdnpkkIFk=
+cloud.google.com/go/kms v1.15.4 h1:gEZzC54ZBI+aeW8/jg9tgz9KR4Aa+WEDPbdGIV3iJ7A=
 cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I=
 cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw=
 cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA=
@@ -55,43 +55,39 @@ github.com/14rcole/gopopulate v0.0.0-20180821133914-b175b219e774/go.mod h1:6/0dY
 github.com/AdaLogics/go-fuzz-headers v0.0.0-20210715213245-6c3934b029d8/go.mod h1:CzsSbkDixRphAF5hS6wbMKq0eI6ccJRb7/A0M6JBnwg=
 github.com/AdaLogics/go-fuzz-headers v0.0.0-20230106234847-43070de90fa1 h1:EKPd1INOIyr5hWOWhvpmQpY6tKjeG0hT1s3AMC/9fic=
 github.com/AdaLogics/go-fuzz-headers v0.0.0-20230106234847-43070de90fa1/go.mod h1:VzwV+t+dZ9j/H867F1M2ziD+yLHtB46oM35FxxMJ4d0=
-github.com/AdamKorcz/go-fuzz-headers-1 v0.0.0-20230329111138-12e09aba5ebd h1:1tbEqR4NyQLgiod7vLXSswHteGetAVZrMGCqrJxLKRs=
+github.com/AdamKorcz/go-fuzz-headers-1 v0.0.0-20230618160516-e936619f9f18 h1:rd389Q26LMy03gG4anandGFC2LW/xvjga5GezeeaxQk=
 github.com/AliyunContainerService/ack-ram-tool/pkg/credentials/alibabacloudsdkgo/helper v0.2.0 h1:8+4G8JaejP8Xa6W46PzJEwisNgBXMvFcz78N6zG/ARw=
 github.com/AliyunContainerService/ack-ram-tool/pkg/credentials/alibabacloudsdkgo/helper v0.2.0/go.mod h1:GgeIE+1be8Ivm7Sh4RgwI42aTtC9qrcj+Y9Y6CjJhJs=
 github.com/Azure/azure-sdk-for-go v16.2.1+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
-github.com/Azure/azure-sdk-for-go v46.4.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
 github.com/Azure/azure-sdk-for-go v68.0.0+incompatible h1:fcYLmCpyNYRnvJbPerq7U0hS+6+I79yEDJBqVNcqUzU=
 github.com/Azure/azure-sdk-for-go v68.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
-github.com/Azure/azure-sdk-for-go/sdk/azcore v1.6.1 h1:SEy2xmstIphdPwNBUi7uhvjyjhVKISfwjfOJmuy7kg4=
-github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.3.0 h1:vcYCAze6p19qBW7MhZybIsqD8sMV8js0NyQM8JDnVtg=
-github.com/Azure/azure-sdk-for-go/sdk/internal v1.3.0 h1:sXr+ck84g/ZlZUOZiNELInmMgOsuGwdjjVkEIde0OtY=
-github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v0.12.0 h1:4Kynh6Hn2ekyIsBgNQJb3dn1+/MyvzfUJebti2emB/A=
-github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v0.8.0 h1:T028gtTPiYt/RMUfs8nVsAL7FDQrfLlrm/NnRG/zcC4=
+github.com/Azure/azure-sdk-for-go/sdk/azcore v1.8.0 h1:9kDVnTz3vbfweTqAUmk/a/pH5pWFCHtvRpHYC0G/dcA=
+github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.4.0 h1:BMAjVKJM0U/CYF27gA0ZMmXGkOcvfFtD0oHVZ1TIPRI=
+github.com/Azure/azure-sdk-for-go/sdk/internal v1.4.0 h1:TuEMD+E+1aTjjLICGQOW6vLe8UWES7kopac9mUXL56Y=
+github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v1.0.1 h1:MyVTgWR8qd/Jw1Le0NZebGBUCLbtak3bJ3z1OlqZBpw=
+github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.0.0 h1:D3occbWoio4EBLkbkevetNMAVX197GkzbUMtqjGWn80=
 github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8=
 github.com/Azure/go-ansiterm v0.0.0-20210608223527-2377c96fe795/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8=
-github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 h1:UQHMgLO+TxOElx5B5HZ4hJQsoJ/PvUvKRhJHDQXO8P8=
 github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E=
+github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 h1:L/gRVlceqvL25UVaW/CKtUDjefjrs0SPonmDGUVOYP0=
+github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E=
 github.com/Azure/go-autorest v10.8.1+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24=
 github.com/Azure/go-autorest v14.2.0+incompatible h1:V5VMDjClD3GiElqLWO7mz2MxNAK/vTfRHdAubSIPRgs=
 github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24=
 github.com/Azure/go-autorest/autorest v0.11.1/go.mod h1:JFgpikqFJ/MleTTxwepExTKnFUKKszPS8UavbQYUMuw=
-github.com/Azure/go-autorest/autorest v0.11.6/go.mod h1:V6p3pKZx1KKkJubbxnDWrzNhEIfOy/pTGasLqzHIPHs=
-github.com/Azure/go-autorest/autorest v0.11.8/go.mod h1:V6p3pKZx1KKkJubbxnDWrzNhEIfOy/pTGasLqzHIPHs=
 github.com/Azure/go-autorest/autorest v0.11.18/go.mod h1:dSiJPy22c3u0OtOKDNttNgqpNFY/GeWa7GH/Pz56QRA=
 github.com/Azure/go-autorest/autorest v0.11.24/go.mod h1:G6kyRlFnTuSbEYkQGawPfsCswgme4iYf6rfSKUDzbCc=
 github.com/Azure/go-autorest/autorest v0.11.29 h1:I4+HL/JDvErx2LjyzaVxllw2lRDB5/BT2Bm4g20iqYw=
 github.com/Azure/go-autorest/autorest v0.11.29/go.mod h1:ZtEzC4Jy2JDrZLxvWs8LrBWEBycl1hbT1eknI8MtfAs=
 github.com/Azure/go-autorest/autorest/adal v0.9.0/go.mod h1:/c022QCutn2P7uY+/oQWWNcK9YU+MH96NgK+jErpbcg=
-github.com/Azure/go-autorest/autorest/adal v0.9.4/go.mod h1:/3SMAM86bP6wC9Ev35peQDUeqFZBMH07vvUOmg4z/fE=
 github.com/Azure/go-autorest/autorest/adal v0.9.5/go.mod h1:B7KF7jKIeC9Mct5spmyCB/A8CG/sEz1vwIRGv/bbw7A=
 github.com/Azure/go-autorest/autorest/adal v0.9.13/go.mod h1:W/MM4U6nLxnIskrw4UwWzlHfGjwUS50aOsc/I3yuU8M=
 github.com/Azure/go-autorest/autorest/adal v0.9.18/go.mod h1:XVVeme+LZwABT8K5Lc3hA4nAe8LDBVle26gTrguhhPQ=
-github.com/Azure/go-autorest/autorest/adal v0.9.22 h1:/GblQdIudfEM3AWWZ0mrYJQSd7JS4S/Mbzh6F0ov0Xc=
 github.com/Azure/go-autorest/autorest/adal v0.9.22/go.mod h1:XuAbAEUv2Tta//+voMI038TrJBqjKam0me7qR+L8Cmk=
-github.com/Azure/go-autorest/autorest/azure/auth v0.5.2/go.mod h1:q98IH4qgc3eWM4/WOeR5+YPmBuy8Lq0jNRDwSM0CuFk=
+github.com/Azure/go-autorest/autorest/adal v0.9.23 h1:Yepx8CvFxwNKpH6ja7RZ+sKX+DWYNldbLiALMC3BTz8=
+github.com/Azure/go-autorest/autorest/adal v0.9.23/go.mod h1:5pcMqFkdPhviJdlEy3kC/v1ZLnQl0MH6XA5YCcMhy4c=
 github.com/Azure/go-autorest/autorest/azure/auth v0.5.12 h1:wkAZRgT/pn8HhFyzfe9UnqOjJYqlembgCTi72Bm/xKk=
 github.com/Azure/go-autorest/autorest/azure/auth v0.5.12/go.mod h1:84w/uV8E37feW2NCJ08uT9VBfjfUHpgLVnG2InYD6cg=
-github.com/Azure/go-autorest/autorest/azure/cli v0.4.1/go.mod h1:JfDgiIO1/RPu6z42AdQTyjOoCM2MFhLqSBDvMEkDgcg=
 github.com/Azure/go-autorest/autorest/azure/cli v0.4.5/go.mod h1:ADQAXrkgm7acgWVUNamOgh8YNrv4p27l3Wc55oVfpzg=
 github.com/Azure/go-autorest/autorest/azure/cli v0.4.6 h1:w77/uPk80ZET2F+AfQExZyEWtn+0Rk/uw17m9fv5Ajc=
 github.com/Azure/go-autorest/autorest/azure/cli v0.4.6/go.mod h1:piCfgPho7BiIDdEQ1+g4VmKyD5y+p/XtSNqE6Hc4QD0=
@@ -106,7 +102,7 @@ github.com/Azure/go-autorest/logger v0.2.1 h1:IG7i4p/mDa2Ce4TRyAO8IHnVhAVF3RFU+Z
 github.com/Azure/go-autorest/logger v0.2.1/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8=
 github.com/Azure/go-autorest/tracing v0.6.0 h1:TYi4+3m5t6K48TGI9AUdb+IzbnSxvnvUMfuitfgcfuo=
 github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU=
-github.com/AzureAD/microsoft-authentication-library-for-go v1.0.0 h1:OBhqkivkhkMqLPymWEppkm7vgPQY2XsHoEkaMQ0AdZY=
+github.com/AzureAD/microsoft-authentication-library-for-go v1.2.0 h1:hVeq+yCyUi+MsoO/CU95yqCIcdzra5ovzk8Q2BBpV2M=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/BurntSushi/toml v1.1.0/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
 github.com/BurntSushi/toml v1.2.0/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
@@ -114,8 +110,22 @@ github.com/BurntSushi/toml v1.2.1 h1:9F2/+DoOYIOksmaJFPw1tGFy1eDnIJXg+UHjuD8lTak
 github.com/BurntSushi/toml v1.2.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
 github.com/DATA-DOG/go-sqlmock v1.5.0 h1:Shsta01QNfFxHCfpW6YH2STWB0MudeXXEWMr20OEh60=
-github.com/DataDog/gostackparse v0.6.0 h1:egCGQviIabPwsyoWpGvIBGrEnNWez35aEO7OJ1vBI4o=
-github.com/DataDog/gostackparse v0.6.0/go.mod h1:lTfqcJKqS9KnXQGnyQMCugq3u1FP6UZMfWR0aitKFMM=
+github.com/DataDog/appsec-internal-go v1.0.0 h1:2u5IkF4DBj3KVeQn5Vg2vjPUtt513zxEYglcqnd500U=
+github.com/DataDog/appsec-internal-go v1.0.0/go.mod h1:+Y+4klVWKPOnZx6XESG7QHydOaUGEXyH2j/vSg9JiNM=
+github.com/DataDog/datadog-agent/pkg/obfuscate v0.48.1 h1:uS2NzlwpCs+ZBHE9MLK1tGgxJOe2fVbwwjEEu34Kll4=
+github.com/DataDog/datadog-agent/pkg/obfuscate v0.48.1/go.mod h1:HzySONXnAgSmIQfL6gOv9hWprKJkx8CicuXuUbmgWfo=
+github.com/DataDog/datadog-agent/pkg/remoteconfig/state v0.48.1 h1:5nE6N3JSs2IG3xzMthNFhXfOaXlrsdgqmJ73lndFf8c=
+github.com/DataDog/datadog-agent/pkg/remoteconfig/state v0.48.1/go.mod h1:Vc+snp0Bey4MrrJyiV2tVxxJb6BmLomPvN1RgAvjGaQ=
+github.com/DataDog/datadog-go/v5 v5.3.0 h1:2q2qjFOb3RwAZNU+ez27ZVDwErJv5/VpbBPprz7Z+s8=
+github.com/DataDog/datadog-go/v5 v5.3.0/go.mod h1:XRDJk1pTc00gm+ZDiBKsjh7oOOtJfYfglVCmFb8C2+Q=
+github.com/DataDog/go-libddwaf v1.5.0 h1:lrHP3VrEriy1M5uQuaOcKphf5GU40mBhihMAp6Ik55c=
+github.com/DataDog/go-libddwaf v1.5.0/go.mod h1:Fpnmoc2k53h6desQrH1P0/gR52CUzkLNFugE5zWwUBQ=
+github.com/DataDog/go-tuf v1.0.2-0.5.2 h1:EeZr937eKAWPxJ26IykAdWA4A0jQXJgkhUjqEI/w7+I=
+github.com/DataDog/go-tuf v1.0.2-0.5.2/go.mod h1:zBcq6f654iVqmkk8n2Cx81E1JnNTMOAx1UEO/wZR+P0=
+github.com/DataDog/gostackparse v0.7.0 h1:i7dLkXHvYzHV308hnkvVGDL3BR4FWl7IsXNPz/IGQh4=
+github.com/DataDog/gostackparse v0.7.0/go.mod h1:lTfqcJKqS9KnXQGnyQMCugq3u1FP6UZMfWR0aitKFMM=
+github.com/DataDog/sketches-go v1.4.3 h1:ZB9nijteJRFUQixkQfatCqASartGNfiolIlMiEv3u/w=
+github.com/DataDog/sketches-go v1.4.3/go.mod h1:XR0ns2RtEEF09mDKXiKZiQg+nfZStrq1ZuL1eezeZe0=
 github.com/MakeNowJust/heredoc v1.0.0 h1:cXCdzVdstXyiTqTvfqk9SDHpKNjxuom+DOlyEeQ4pzQ=
 github.com/MakeNowJust/heredoc v1.0.0/go.mod h1:mG5amYoWBHf8vpLOuehzbGGw0EHxpZZ6lCpQ4fNJ8LE=
 github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI=
@@ -137,6 +147,7 @@ github.com/Microsoft/go-winio v0.4.16/go.mod h1:XB6nPKklQyQ7GC9LdcBEcBl8PF76WugX
 github.com/Microsoft/go-winio v0.4.17-0.20210211115548-6eac466e5fa3/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84=
 github.com/Microsoft/go-winio v0.4.17-0.20210324224401-5516f17a5958/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84=
 github.com/Microsoft/go-winio v0.4.17/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84=
+github.com/Microsoft/go-winio v0.5.0/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84=
 github.com/Microsoft/go-winio v0.5.1/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84=
 github.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v8QkMxJ6pZY=
 github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migciow=
@@ -160,8 +171,8 @@ github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb0
 github.com/NYTimes/gziphandler v1.1.1/go.mod h1:n/CVRwUEOgIxrgPvAQhUUr9oeUtvrhMomdKFjzJNB0c=
 github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
 github.com/ProtonMail/go-crypto v0.0.0-20220407094043-a94812496cf5/go.mod h1:z4/9nQmJSSwwds7ejkxaJwO37dru3geImFUdJlaLzQo=
-github.com/ProtonMail/go-crypto v0.0.0-20230518184743-7afd39499903 h1:ZK3C5DtzV2nVAQTx5S5jQvMeDqWtD1By5mOoyY/xJek=
-github.com/ProtonMail/go-crypto v0.0.0-20230518184743-7afd39499903/go.mod h1:8TI4H3IbrackdNgv+92dI+rhpCaLqM0IfpgCgenFvRE=
+github.com/ProtonMail/go-crypto v0.0.0-20230923063757-afb1ddc0824c h1:kMFnB0vCcX7IL/m9Y5LO+KQYv+t1CQOiFe6+SV2J7bE=
+github.com/ProtonMail/go-crypto v0.0.0-20230923063757-afb1ddc0824c/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0=
 github.com/PuerkitoBio/purell v1.0.0/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
 github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
 github.com/PuerkitoBio/urlesc v0.0.0-20160726150825-5bd2802263f2/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=
@@ -181,6 +192,7 @@ github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuy
 github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
 github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
 github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho=
+github.com/alessio/shellescape v1.4.1 h1:V7yhSDDn8LP4lc4jS8pFkt0zCnzVJlG5JXy9BVKJUX0=
 github.com/alexflint/go-filemutex v0.0.0-20171022225611-72bdc8eae2ae/go.mod h1:CgnQgUtFrFz9mxFNtED3jI5tLDjKlOM+oUF/sTk6ps0=
 github.com/alexflint/go-filemutex v1.1.0/go.mod h1:7P4iRhttt/nUvUOrYIhcpMzv2G6CY9UnI16Z+UJqRyk=
 github.com/alibabacloud-go/alibabacloud-gateway-spi v0.0.2/go.mod h1:sCavSAvdzOjul4cEqeVtvlSaSScfNsTQ+46HwlTL1hc=
@@ -192,35 +204,39 @@ github.com/alibabacloud-go/cr-20181201 v1.0.10 h1:B60f6S1imsgn2fgC6X6FrVNrONDrbC
 github.com/alibabacloud-go/cr-20181201 v1.0.10/go.mod h1:VN9orB/w5G20FjytoSpZROqu9ZqxwycASmGqYUJSoDc=
 github.com/alibabacloud-go/darabonba-openapi v0.1.12/go.mod h1:sTAjsFJmVsmcVeklL9d9uDBlFsgl43wZ6jhI6BHqHqU=
 github.com/alibabacloud-go/darabonba-openapi v0.1.14/go.mod h1:w4CosR7O/kapCtEEMBm3JsQqWBU/CnZ2o0pHorsTWDI=
-github.com/alibabacloud-go/darabonba-openapi v0.1.18 h1:3eUVmAr7WCJp7fgIvmCd9ZUyuwtJYbtUqJIed5eXCmk=
-github.com/alibabacloud-go/darabonba-openapi v0.1.18/go.mod h1:PB4HffMhJVmAgNKNq3wYbTUlFvPgxJpTzd1F5pTuUsc=
+github.com/alibabacloud-go/darabonba-openapi v0.2.1 h1:WyzxxKvhdVDlwpAMOHgAiCJ+NXa6g5ZWPFEzaK/ewwY=
+github.com/alibabacloud-go/darabonba-openapi v0.2.1/go.mod h1:zXOqLbpIqq543oioL9IuuZYOQgHQ5B8/n5OPrnko8aY=
 github.com/alibabacloud-go/darabonba-string v1.0.0/go.mod h1:93cTfV3vuPhhEwGGpKKqhVW4jLe7tDpo3LUM0i0g6mA=
-github.com/alibabacloud-go/debug v0.0.0-20190504072949-9472017b5c68 h1:NqugFkGxx1TXSh/pBcU00Y6bljgDPaFdh5MUSeJ7e50=
 github.com/alibabacloud-go/debug v0.0.0-20190504072949-9472017b5c68/go.mod h1:6pb/Qy8c+lqua8cFpEy7g39NRRqOWc3rOwAy8m5Y2BY=
+github.com/alibabacloud-go/debug v1.0.0 h1:3eIEQWfay1fB24PQIEzXAswlVJtdQok8f3EVN5VrBnA=
+github.com/alibabacloud-go/debug v1.0.0/go.mod h1:8gfgZCCAC3+SCzjWtY053FrOcd4/qlH6IHTI4QyICOc=
 github.com/alibabacloud-go/endpoint-util v1.1.0/go.mod h1:O5FuCALmCKs2Ff7JFJMudHs0I5EBgecXXxZRyswlEjE=
 github.com/alibabacloud-go/endpoint-util v1.1.1 h1:ZkBv2/jnghxtU0p+upSU0GGzW1VL9GQdZO3mcSUTUy8=
 github.com/alibabacloud-go/endpoint-util v1.1.1/go.mod h1:O5FuCALmCKs2Ff7JFJMudHs0I5EBgecXXxZRyswlEjE=
 github.com/alibabacloud-go/openapi-util v0.0.9/go.mod h1:sQuElr4ywwFRlCCberQwKRFhRzIyG4QTP/P4y1CJ6Ws=
 github.com/alibabacloud-go/openapi-util v0.0.10/go.mod h1:sQuElr4ywwFRlCCberQwKRFhRzIyG4QTP/P4y1CJ6Ws=
-github.com/alibabacloud-go/openapi-util v0.0.11 h1:iYnqOPR5hyEEnNZmebGyRMkkEJRWUEjDiiaOHZ5aNhA=
 github.com/alibabacloud-go/openapi-util v0.0.11/go.mod h1:sQuElr4ywwFRlCCberQwKRFhRzIyG4QTP/P4y1CJ6Ws=
+github.com/alibabacloud-go/openapi-util v0.1.0 h1:0z75cIULkDrdEhkLWgi9tnLe+KhAFE/r5Pb3312/eAY=
+github.com/alibabacloud-go/openapi-util v0.1.0/go.mod h1:sQuElr4ywwFRlCCberQwKRFhRzIyG4QTP/P4y1CJ6Ws=
 github.com/alibabacloud-go/tea v1.1.0/go.mod h1:IkGyUSX4Ba1V+k4pCtJUc6jDpZLFph9QMy2VUPTwukg=
 github.com/alibabacloud-go/tea v1.1.7/go.mod h1:/tmnEaQMyb4Ky1/5D+SE1BAsa5zj/KeGOFfwYm3N/p4=
 github.com/alibabacloud-go/tea v1.1.8/go.mod h1:/tmnEaQMyb4Ky1/5D+SE1BAsa5zj/KeGOFfwYm3N/p4=
 github.com/alibabacloud-go/tea v1.1.11/go.mod h1:/tmnEaQMyb4Ky1/5D+SE1BAsa5zj/KeGOFfwYm3N/p4=
 github.com/alibabacloud-go/tea v1.1.17/go.mod h1:nXxjm6CIFkBhwW4FQkNrolwbfon8Svy6cujmKFUq98A=
-github.com/alibabacloud-go/tea v1.1.18 h1:+6GJ06eu5Cr/Mkj09vWrf6QAfrPepctY2OxcWNclRC0=
-github.com/alibabacloud-go/tea v1.1.18/go.mod h1:nXxjm6CIFkBhwW4FQkNrolwbfon8Svy6cujmKFUq98A=
+github.com/alibabacloud-go/tea v1.1.19/go.mod h1:nXxjm6CIFkBhwW4FQkNrolwbfon8Svy6cujmKFUq98A=
+github.com/alibabacloud-go/tea v1.2.1 h1:rFF1LnrAdhaiPmKwH5xwYOKlMh66CqRwPUTzIK74ask=
+github.com/alibabacloud-go/tea v1.2.1/go.mod h1:qbzof29bM/IFhLMtJPrgTGK3eauV5J2wSyEUo4OEmnA=
 github.com/alibabacloud-go/tea-utils v1.3.1/go.mod h1:EI/o33aBfj3hETm4RLiAxF/ThQdSngxrpF8rKUDJjPE=
 github.com/alibabacloud-go/tea-utils v1.3.9/go.mod h1:EI/o33aBfj3hETm4RLiAxF/ThQdSngxrpF8rKUDJjPE=
 github.com/alibabacloud-go/tea-utils v1.4.3/go.mod h1:KNcT0oXlZZxOXINnZBs6YvgOd5aYp9U67G+E3R8fcQw=
-github.com/alibabacloud-go/tea-utils v1.4.4 h1:lxCDvNCdTo9FaXKKq45+4vGETQUKNOW/qKTcX9Sk53o=
-github.com/alibabacloud-go/tea-utils v1.4.4/go.mod h1:KNcT0oXlZZxOXINnZBs6YvgOd5aYp9U67G+E3R8fcQw=
-github.com/alibabacloud-go/tea-xml v1.1.2 h1:oLxa7JUXm2EDFzMg+7oRsYc+kutgCVwm+bZlhhmvW5M=
+github.com/alibabacloud-go/tea-utils v1.4.5 h1:h0/6Xd2f3bPE4XHTvkpjwxowIwRCJAJOqY6Eq8f3zfA=
+github.com/alibabacloud-go/tea-utils v1.4.5/go.mod h1:KNcT0oXlZZxOXINnZBs6YvgOd5aYp9U67G+E3R8fcQw=
 github.com/alibabacloud-go/tea-xml v1.1.2/go.mod h1:Rq08vgCcCAjHyRi/M7xlHKUykZCEtyBy9+DPF6GgEu8=
+github.com/alibabacloud-go/tea-xml v1.1.3 h1:7LYnm+JbOq2B+T/B0fHC4Ies4/FofC4zHzYtqw7dgt0=
+github.com/alibabacloud-go/tea-xml v1.1.3/go.mod h1:Rq08vgCcCAjHyRi/M7xlHKUykZCEtyBy9+DPF6GgEu8=
 github.com/aliyun/credentials-go v1.1.2/go.mod h1:ozcZaMR5kLM7pwtCMEpVmQ242suV6qTJya2bDq4X1Tw=
-github.com/aliyun/credentials-go v1.2.3 h1:Vmodnr52Rz1mcbwn0kzMhLRKb6soizewuKXdfZiNemU=
-github.com/aliyun/credentials-go v1.2.3/go.mod h1:/KowD1cfGSLrLsH28Jr8W+xwoId0ywIy5lNzDz6O1vw=
+github.com/aliyun/credentials-go v1.3.1 h1:uq/0v7kWrxmoLGpqjx7vtQ/s03f0zR//0br/xWDTE28=
+github.com/aliyun/credentials-go v1.3.1/go.mod h1:8jKYhQuDawt8x2+fusqa1Y6mPxemTsBEN04dgcAcYz0=
 github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
 github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o=
 github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8=
@@ -233,85 +249,77 @@ github.com/asaskevich/govalidator v0.0.0-20200907205600-7a23bdc65eef/go.mod h1:W
 github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so=
 github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
 github.com/aws/aws-sdk-go v1.15.11/go.mod h1:mFuSZ37Z9YOHbQEwBWztmVzqXrEkub65tZoCYDt7FT0=
-github.com/aws/aws-sdk-go v1.44.288 h1:Ln7fIao/nl0ACtelgR1I4AiEw/GLNkKcXfCaHupUW5Q=
-github.com/aws/aws-sdk-go-v2 v1.7.1/go.mod h1:L5LuPC1ZgDr2xQS7AmIec/Jlc7O/Y1u2KxJyNVab250=
-github.com/aws/aws-sdk-go-v2 v1.14.0/go.mod h1:ZA3Y8V0LrlWj63MQAnRHgKf/5QB//LSZCPNWlWrNGLU=
+github.com/aws/aws-sdk-go v1.47.0 h1:/JUg9V1+xh+qBn8A6ec/l15ETPaMaBqxkjz+gg63dNk=
 github.com/aws/aws-sdk-go-v2 v1.16.16/go.mod h1:SwiyXi/1zTUZ6KIAmLK5V5ll8SiURNUYOqTerZPaF9k=
-github.com/aws/aws-sdk-go-v2 v1.17.7/go.mod h1:uzbQtefpm44goOPmdKyAlXSNcwlRgF3ePWVW6EtJvvw=
-github.com/aws/aws-sdk-go-v2 v1.18.1 h1:+tefE750oAb7ZQGzla6bLkOwfcQCEtC5y2RqoqCeqKo=
-github.com/aws/aws-sdk-go-v2 v1.18.1/go.mod h1:uzbQtefpm44goOPmdKyAlXSNcwlRgF3ePWVW6EtJvvw=
-github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.4.8 h1:tcFliCWne+zOuUfKNRn8JdFBuWPDuISDH08wD2ULkhk=
+github.com/aws/aws-sdk-go-v2 v1.21.0/go.mod h1:/RfNgGmRxI+iFOB1OeJUyxiU+9s88k3pfHvDagGEp0M=
+github.com/aws/aws-sdk-go-v2 v1.21.2 h1:+LXZ0sgo8quN9UOKXXzAWRT3FWd4NxeXWOZom9pE7GA=
+github.com/aws/aws-sdk-go-v2 v1.21.2/go.mod h1:ErQhvNuEMhJjweavOYhxVkn2RUx7kQXVATHrjKtxIpM=
 github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.4.8/go.mod h1:JTnlBSot91steJeti4ryyu/tLd4Sk84O5W22L7O2EQU=
-github.com/aws/aws-sdk-go-v2/config v1.5.0/go.mod h1:RWlPOAW3E3tbtNAqTwvSW54Of/yP3oiZXMI0xfUdjyA=
+github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.4.13 h1:OPLEkmhXf6xFPiz0bLeDArZIDx1NNS4oJyG4nv3Gct0=
+github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.4.13/go.mod h1:gpAbvyDGQFozTEmlTFO8XcQKHzubdq0LzRyJpG6MiXM=
 github.com/aws/aws-sdk-go-v2/config v1.17.7/go.mod h1:dN2gja/QXxFF15hQreyrqYhLBaQo1d9ZKe/v/uplQoI=
-github.com/aws/aws-sdk-go-v2/config v1.18.27 h1:Az9uLwmssTE6OGTpsFqOnaGpLnKDqNYOJzWuC6UAYzA=
-github.com/aws/aws-sdk-go-v2/config v1.18.27/go.mod h1:0My+YgmkGxeqjXZb5BYme5pc4drjTnM+x1GJ3zv42Nw=
-github.com/aws/aws-sdk-go-v2/credentials v1.3.1/go.mod h1:r0n73xwsIVagq8RsxmZbGSRQFj9As3je72C2WzUIToc=
+github.com/aws/aws-sdk-go-v2/config v1.19.1 h1:oe3vqcGftyk40icfLymhhhNysAwk0NfiwkDi2GTPMXs=
+github.com/aws/aws-sdk-go-v2/config v1.19.1/go.mod h1:ZwDUgFnQgsazQTnWfeLWk5GjeqTQTL8lMkoE1UXzxdE=
 github.com/aws/aws-sdk-go-v2/credentials v1.12.20/go.mod h1:UKY5HyIux08bbNA7Blv4PcXQ8cTkGh7ghHMFklaviR4=
-github.com/aws/aws-sdk-go-v2/credentials v1.13.26 h1:qmU+yhKmOCyujmuPY7tf5MxR/RKyZrOPO3V4DobiTUk=
-github.com/aws/aws-sdk-go-v2/credentials v1.13.26/go.mod h1:GoXt2YC8jHUBbA4jr+W3JiemnIbkXOfxSXcisUsZ3os=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.3.0/go.mod h1:2LAuqPx1I6jNfaGDucWfA2zqQCYCOMCDHiCOciALyNw=
+github.com/aws/aws-sdk-go-v2/credentials v1.13.43 h1:LU8vo40zBlo3R7bAvBVy/ku4nxGEyZe9N8MqAeFTzF8=
+github.com/aws/aws-sdk-go-v2/credentials v1.13.43/go.mod h1:zWJBz1Yf1ZtX5NGax9ZdNjhhI4rgjfgsyk6vTY1yfVg=
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.17/go.mod h1:yIkQcCDYNsZfXpd5UX2Cy+sWA1jPgIhGTw9cOBzfVnQ=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.4 h1:LxK/bitrAr4lnh9LnIS6i7zWbCOdMsfzKFBI6LUCS0I=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.4/go.mod h1:E1hLXN/BL2e6YizK1zFlYd8vsfi2GTjbjBazinMmeaM=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.13 h1:PIktER+hwIG286DqXyvVENjgLTAwGgoeriLDD5C+YlQ=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.13/go.mod h1:f/Ib/qYjhV2/qdsf79H3QP/eRE4AkVyEf6sk7XfZ1tg=
 github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.11.33 h1:fAoVmNGhir6BR+RU0/EI+6+D7abM+MCwWf8v4ip5jNI=
 github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.11.33/go.mod h1:84XgODVR8uRhmOnUkKGUZKqIMxmjmLOR8Uyp7G/TPwc=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.5/go.mod h1:2hXc8ooJqF2nAznsbJQIn+7h851/bu8GVC80OVTTqf8=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.23/go.mod h1:2DFxAQ9pfIRy0imBCJv+vZ2X6RKxves6fbnEuSry6b4=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.31/go.mod h1:QT0BqUvX1Bh2ABdTGnjqEjvjzrCfIniM9Sc8zn9Yndo=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.34 h1:A5UqQEmPaCFpedKouS4v+dHCTUo2sKqhoKO9U5kxyWo=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.34/go.mod h1:wZpTEecJe0Btj3IYnDx/VlUzor9wm3fJHyvLpQF0VwY=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.3.0/go.mod h1:miRSv9l093jX/t/j+mBCaLqFHo9xKYzJ7DGm1BsGoJM=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.41/go.mod h1:CrObHAuPneJBlfEJ5T3szXOUkLEThaGfvnhTf33buas=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.43 h1:nFBQlGtkbPzp/NjZLuFxRqmT91rLJkgvsEQs68h962Y=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.43/go.mod h1:auo+PiyLl0n1l8A0e8RIeR8tOzYPfZZH/JNlrJ8igTQ=
 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.17/go.mod h1:pRwaTYCJemADaqCbUAxltMoHKata7hmB5PjEXeu0kfg=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.25/go.mod h1:zBHOPwhBc3FlQjQJE/D3IfPWiWaQmT06Vq9aNukDo0k=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.28 h1:srIVS45eQuewqz6fKKu6ZGXaq6FuFg5NzgQBAM6g8Y4=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.28/go.mod h1:7VRpKQQedkfIEXb4k52I7swUnZP0wohVajJMRn3vsUw=
-github.com/aws/aws-sdk-go-v2/internal/ini v1.1.1/go.mod h1:Zy8smImhTdOETZqfyn01iNOe0CNggVbPjCajyaz6Gvg=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.35/go.mod h1:SJC1nEVVva1g3pHAIdCp7QsRIkMmLAgoDquQ9Rr8kYw=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.37 h1:JRVhO25+r3ar2mKGP7E0LDl8K9/G36gjlqca5iQbaqc=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.37/go.mod h1:Qe+2KtKml+FEsQF/DHmDV+xjtche/hwoF75EG4UlHW8=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.3.24/go.mod h1:jULHjqqjDlbyTa7pfM7WICATnOv+iOhjletM3N0Xbu8=
-github.com/aws/aws-sdk-go-v2/internal/ini v1.3.35 h1:LWA+3kDM8ly001vJ1X1waCuLJdtTl48gwkPKWy9sosI=
-github.com/aws/aws-sdk-go-v2/internal/ini v1.3.35/go.mod h1:0Eg1YjxE0Bhn56lx+SHJwCzhW+2JGtizsrx+lCqrfm0=
-github.com/aws/aws-sdk-go-v2/internal/v4a v1.0.14 h1:ZSIPAkAsCCjYrhqfw2+lNzWDzxzHXEckFkTePL5RSWQ=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.3.45 h1:hze8YsjSh8Wl1rYa1CJpRmXP21BvOBuc76YhW0HsuQ4=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.3.45/go.mod h1:lD5M20o09/LCuQ2mE62Mb/iSdSlCNuj6H5ci7tW7OsE=
 github.com/aws/aws-sdk-go-v2/internal/v4a v1.0.14/go.mod h1:AyGgqiKv9ECM6IZeNQtdT8NnMvUb3/2wokeq2Fgryto=
-github.com/aws/aws-sdk-go-v2/service/ecr v1.4.1/go.mod h1:FglZcyeiBqcbvyinl+n14aT/EWC7S1MIH+Gan2iizt0=
-github.com/aws/aws-sdk-go-v2/service/ecr v1.18.7 h1:oQ1Esut3iaL2Dydt2RBd9gbuUevToXpdTI+Uh1xXryI=
-github.com/aws/aws-sdk-go-v2/service/ecr v1.18.7/go.mod h1:RHhgOMnMIkgB4TmxQat9obSnZ6fF1fuA27+itZKUi1o=
-github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.4.1/go.mod h1:eD5Eo4drVP2FLTw0G+SMIPWNWvQRGGTtIZR2XeAagoA=
-github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.12.0 h1:LsqBpyRofMG6eDs6YGud6FhdGyIyXelAasPOZ6wWLro=
-github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.12.0/go.mod h1:IArQ3IBR00FkuraKwudKZZU32OxJfdTdwV+W5iZh3Y4=
-github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.9.9 h1:Lh1AShsuIJTwMkoxVCAYPJgNG5H+eN6SmoUn8nOZ5wE=
+github.com/aws/aws-sdk-go-v2/internal/v4a v1.1.4 h1:6lJvvkQ9HmbHZ4h/IEwclwv2mrTW8Uq1SOB/kXy0mfw=
+github.com/aws/aws-sdk-go-v2/internal/v4a v1.1.4/go.mod h1:1PrKYwxTM+zjpw9Y41KFtoJCQrJ34Z47Y4VgVbfndjo=
+github.com/aws/aws-sdk-go-v2/service/ecr v1.20.2 h1:y6LX9GUoEA3mO0qpFl1ZQHj1rFyPWVphlzebiSt2tKE=
+github.com/aws/aws-sdk-go-v2/service/ecr v1.20.2/go.mod h1:Q0LcmaN/Qr8+4aSBrdrXXePqoX0eOuYpJLbYpilmWnA=
+github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.18.2 h1:PpbXaecV3sLAS6rjQiaKw4/jyq3Z8gNzmoJupHAoBp0=
+github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.18.2/go.mod h1:fUHpGXr4DrXkEDpGAjClPsviWf+Bszeb0daKE0blxv8=
 github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.9.9/go.mod h1:a9j48l6yL5XINLHLcOKInjdvknN+vWqPBxqeIDw7ktw=
-github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.1.18 h1:BBYoNQt2kUZUUK4bIPsKrCcjVPUMNsgQpNAwhznK/zo=
+github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.9.14 h1:m0QTSI6pZYJTk5WSKx3fm5cNW/DCicVzULBgU/6IyD0=
+github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.9.14/go.mod h1:dDilntgHy9WnHXsh7dDtUPgHKEfTJIBUTHM8OWm0f/0=
 github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.1.18/go.mod h1:NS55eQ4YixUJPTC+INxi2/jCqe1y2Uw3rnh9wEOVJxY=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.2.1/go.mod h1:zceowr5Z1Nh2WVP8bf/3ikB41IZW59E4yIYbg+pC6mw=
+github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.1.36 h1:eev2yZX7esGRjqRbnVk1UxMLw4CyVZDpZXRCcy75oQk=
+github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.1.36/go.mod h1:lGnOkH9NJATw0XEPcAknFBj3zzNTEGRHtSw+CwC1YTg=
 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.17/go.mod h1:4nYOrY41Lrbk2170/BGkcJKBhws9Pfn8MG3aGqjjeFI=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.28 h1:bkRyG4a929RCnpVSTvLM2j/T4ls015ZhhYApbmYs15s=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.28/go.mod h1:jj7znCIg05jXlaGBlFMGP8+7UN3VtCkRBG2spnmRQkU=
-github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.13.17 h1:HfVVR1vItaG6le+Bpw6P4midjBDMKnjMyZnw9MXYUcE=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.35/go.mod h1:QGF2Rs33W5MaN9gYdEQOBBFPLwTZkEhRwI33f7KIG0o=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.37 h1:WWZA/I2K4ptBS1kg0kV1JbBtG/umed0vwHRrmcr9z7k=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.37/go.mod h1:vBmDnwWXWxNPFRMmG2m/3MKOe+xEcMDo1tanpaWCcck=
 github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.13.17/go.mod h1:YqMdV+gEKCQ59NrB7rzrJdALeBIsYiVi8Inj3+KcqHI=
-github.com/aws/aws-sdk-go-v2/service/kms v1.22.2 h1:jwmtdM1/l1DRNy5jQrrYpsQm8zwetkgeqhAqefDr1yI=
-github.com/aws/aws-sdk-go-v2/service/s3 v1.27.11 h1:3/gm/JTX9bX8CpzTgIlrtYpB3EVBDxyg/GY/QdcIEZw=
+github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.15.4 h1:v0jkRigbSD6uOdwcaUQmgEwG1BkPfAPDqaeNt/29ghg=
+github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.15.4/go.mod h1:LhTyt8J04LL+9cIt7pYJ5lbS/U98ZmXovLOR/4LUsk8=
+github.com/aws/aws-sdk-go-v2/service/kms v1.24.7 h1:uRGw0UKo5hc7M2T7uGsK/Yg2qwecq/dnVjQbbq9RCzY=
 github.com/aws/aws-sdk-go-v2/service/s3 v1.27.11/go.mod h1:fmgDANqTUCxciViKl9hb/zD5LFbvPINFRgWhDbR+vZo=
-github.com/aws/aws-sdk-go-v2/service/sso v1.3.1/go.mod h1:J3A3RGUvuCZjvSuZEcOpHDnzZP/sKbhDWV2T1EOzFIM=
+github.com/aws/aws-sdk-go-v2/service/s3 v1.40.0 h1:wl5dxN1NONhTDQD9uaEvNsDRX29cBmGED/nl0jkWlt4=
+github.com/aws/aws-sdk-go-v2/service/s3 v1.40.0/go.mod h1:rDGMZA7f4pbmTtPOk5v5UM2lmX6UAbRnMDJeDvnH7AM=
 github.com/aws/aws-sdk-go-v2/service/sso v1.11.23/go.mod h1:/w0eg9IhFGjGyyncHIQrXtU8wvNsTJOP0R6PPj0wf80=
-github.com/aws/aws-sdk-go-v2/service/sso v1.12.12 h1:nneMBM2p79PGWBQovYO/6Xnc2ryRMw3InnDJq1FHkSY=
-github.com/aws/aws-sdk-go-v2/service/sso v1.12.12/go.mod h1:HuCOxYsF21eKrerARYO6HapNeh9GBNq7fius2AcwodY=
+github.com/aws/aws-sdk-go-v2/service/sso v1.15.2 h1:JuPGc7IkOP4AaqcZSIcyqLpFSqBWK32rM9+a1g6u73k=
+github.com/aws/aws-sdk-go-v2/service/sso v1.15.2/go.mod h1:gsL4keucRCgW+xA85ALBpRFfdSLH4kHOVSnLMSuBECo=
 github.com/aws/aws-sdk-go-v2/service/ssooidc v1.13.5/go.mod h1:csZuQY65DAdFBt1oIjO5hhBR49kQqop4+lcuCjf2arA=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.12 h1:2qTR7IFk7/0IN/adSFhYu9Xthr0zVFTgBrmPldILn80=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.12/go.mod h1:E4VrHCPzmVB/KFXtqBGKb3c8zpbNBgKe3fisDNLAW5w=
-github.com/aws/aws-sdk-go-v2/service/sts v1.6.0/go.mod h1:q7o0j7d7HrJk/vr9uUt3BVRASvcU7gYZB9PUgPiByXg=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.17.3 h1:HFiiRkf1SdaAmV3/BHOFZ9DjFynPHj8G/UIO1lQS+fk=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.17.3/go.mod h1:a7bHA82fyUXOm+ZSWKU6PIoBxrjSprdLoM8xPYvzYVg=
 github.com/aws/aws-sdk-go-v2/service/sts v1.16.19/go.mod h1:h4J3oPZQbxLhzGnk+j9dfYHi5qIOVJ5kczZd658/ydM=
-github.com/aws/aws-sdk-go-v2/service/sts v1.19.2 h1:XFJ2Z6sNUUcAz9poj+245DMkrHE4h2j5I9/xD50RHfE=
-github.com/aws/aws-sdk-go-v2/service/sts v1.19.2/go.mod h1:dp0yLPsLBOi++WTxzCjA/oZqi6NPIhoR+uF7GeMU9eg=
-github.com/aws/smithy-go v1.6.0/go.mod h1:SObp3lf9smib00L/v3U2eAKG8FyQ7iLrJnQiAmR5n+E=
-github.com/aws/smithy-go v1.11.0/go.mod h1:3xHYmszWVx2c0kIwQeEVf9uSm4fYZt67FBJnwub1bgM=
+github.com/aws/aws-sdk-go-v2/service/sts v1.23.2 h1:0BkLfgeDjfZnZ+MhB3ONb01u9pwFYTCZVhlsSSBvlbU=
+github.com/aws/aws-sdk-go-v2/service/sts v1.23.2/go.mod h1:Eows6e1uQEsc4ZaHANmsPRzAKcVDrcmjjWiih2+HUUQ=
 github.com/aws/smithy-go v1.13.3/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=
-github.com/aws/smithy-go v1.13.5 h1:hgz0X/DX0dGqTYpGALqXJoRKRj5oQ7150i5FdTePzO8=
-github.com/aws/smithy-go v1.13.5/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=
-github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20220228164355-396b2034c795 h1:IWeCJzU+IYaO2rVEBlGPTBfe90cmGXFTLdhUFlzDGsY=
-github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20220228164355-396b2034c795/go.mod h1:8vJsEZ4iRqG+Vx6pKhWK6U00qcj0KC37IsfszMkY6UE=
+github.com/aws/smithy-go v1.14.2/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=
+github.com/aws/smithy-go v1.15.0 h1:PS/durmlzvAFpQHDs4wi4sNNP9ExsqZh6IlfdHXgKK8=
+github.com/aws/smithy-go v1.15.0/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=
+github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20231024185945-8841054dbdb8 h1:SoFYaT9UyGkR0+nogNyD/Lj+bsixB+SNuAS4ABlEs6M=
+github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20231024185945-8841054dbdb8/go.mod h1:2JF49jcDOrLStIXN/j/K1EKRq8a8R2qRnlZA6/o/c7c=
 github.com/b4b4r07/go-pipe v0.0.0-20191010045404-84b446f57366/go.mod h1:1ymsiQNa3qebVEEVtuIdhtAXRfjO4qFCFq1bBUOT2HE=
 github.com/benbjohnson/clock v1.0.3/go.mod h1:bGMdMPoPVvcYyt1gHDf4J2KE153Yf9BuiUKYMaxlTDM=
-github.com/benbjohnson/clock v1.1.0 h1:Q92kusRqC1XV2MjkWETPvjJVqKetz1OzxZB7mHJLju8=
 github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA=
 github.com/beorn7/perks v0.0.0-20150223135152-b965b613227f/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
 github.com/beorn7/perks v0.0.0-20160804104726-4c0e84591b9a/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
@@ -340,9 +348,11 @@ github.com/bugsnag/osext v0.0.0-20130617224835-0dd3f918b21b h1:otBG+dV+YK+Soembj
 github.com/bugsnag/osext v0.0.0-20130617224835-0dd3f918b21b/go.mod h1:obH5gd0BsqsP2LwDJ9aOkm/6J86V6lyAXCoQWGw3K50=
 github.com/bugsnag/panicwrap v0.0.0-20151223152923-e2c28503fcd0 h1:nvj0OLI3YqYXer/kZD8Ri1aaunCxIEsOst1BVJswV0o=
 github.com/bugsnag/panicwrap v0.0.0-20151223152923-e2c28503fcd0/go.mod h1:D/8v3kj0zr8ZAKg1AQ6crr+5VwKN5eIywRkfhyM/+dE=
-github.com/buildkite/agent/v3 v3.49.0 h1:FSmRQz8YFhaCXg4MfE7JucPcY7mQ/HWM55ir1j3E9qM=
-github.com/buildkite/agent/v3 v3.49.0/go.mod h1:iasSyh3KPjOPCnyvnZB1trkkX7jrdL8PnLBgjdVJxgU=
-github.com/bwesterb/go-ristretto v1.2.0/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0=
+github.com/buildkite/agent/v3 v3.58.0 h1:yyhsY47GZcuaKS5nlRo2jil4OSiNIP0GcNjqWD67y1Q=
+github.com/buildkite/agent/v3 v3.58.0/go.mod h1:DfwabLiZUtIJII2WVc0jufwun74iOVidQG/R46E+z+w=
+github.com/buildkite/interpolate v0.0.0-20200526001904-07f35b4ae251 h1:k6UDF1uPYOs0iy1HPeotNa155qXRWrzKnqAaGXHLZCE=
+github.com/buildkite/interpolate v0.0.0-20200526001904-07f35b4ae251/go.mod h1:gbPR1gPu9dB96mucYIR7T3B7p/78hRVSOuzIWLHK2Y4=
+github.com/bwesterb/go-ristretto v1.2.3/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0=
 github.com/cenkalti/backoff/v3 v3.2.2 h1:cfUAAO3yvKMYKPrvhDuHSwQnhZNk/RMHKdZqKTxfm6M=
 github.com/cenkalti/backoff/v4 v4.1.1/go.mod h1:scbssz8iZGpm3xbr14ovlUdkxfGXNInqkPWOWmG2CLw=
 github.com/cenkalti/backoff/v4 v4.1.2/go.mod h1:scbssz8iZGpm3xbr14ovlUdkxfGXNInqkPWOWmG2CLw=
@@ -359,8 +369,8 @@ github.com/chai2010/gettext-go v1.0.2/go.mod h1:y+wnP2cHYaVj19NZhYKAwEMH2CI1gNHe
 github.com/checkpoint-restore/go-criu/v4 v4.1.0/go.mod h1:xUQBLp4RLc5zJtWY++yjOoMoB5lihDt7fai+75m+rGw=
 github.com/checkpoint-restore/go-criu/v5 v5.0.0/go.mod h1:cfwC0EG7HMUenopBsUf9d89JlCLQIfgVcNsNN0t6T2M=
 github.com/checkpoint-restore/go-criu/v5 v5.3.0/go.mod h1:E/eQpaFtUKGOOSEBZgmKAcn+zUUwWxqcaKZlF54wK8E=
-github.com/chrismellard/docker-credential-acr-env v0.0.0-20220119192733-fe33c00cee21 h1:XlpL9EHrPOBJMLDDOf35/G4t5rGAFNNAZQ3cDcWavtc=
-github.com/chrismellard/docker-credential-acr-env v0.0.0-20220119192733-fe33c00cee21/go.mod h1:Zlre/PVxuSI9y6/UV4NwGixQ48RHQDSPiUkofr6rbMU=
+github.com/chrismellard/docker-credential-acr-env v0.0.0-20230304212654-82a0ddb27589 h1:krfRl01rzPzxSxyLyrChD+U+MzsBXbm0OwYYB67uF+4=
+github.com/chrismellard/docker-credential-acr-env v0.0.0-20230304212654-82a0ddb27589/go.mod h1:OuDyvmLnMCwa2ep4Jkm6nyA0ocJuZlGyk2gGseVzERM=
 github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
 github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
 github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
@@ -370,14 +380,15 @@ github.com/cilium/ebpf v0.2.0/go.mod h1:To2CFviqOWL/M0gIMsvSMlqe7em/l1ALkX1PyjrX
 github.com/cilium/ebpf v0.4.0/go.mod h1:4tRaxcgiL706VnOzHOdBlY8IEAIdxINsQBcU4xJJXRs=
 github.com/cilium/ebpf v0.6.2/go.mod h1:4tRaxcgiL706VnOzHOdBlY8IEAIdxINsQBcU4xJJXRs=
 github.com/cilium/ebpf v0.7.0/go.mod h1:/oI2+1shJiTGAMgl6/RgJr36Eo1jzrRcAWbcXO2usCA=
-github.com/clbanning/mxj/v2 v2.5.6 h1:Jm4VaCI/+Ug5Q57IzEoZbwx4iQFA6wkXv72juUSeK+g=
-github.com/clbanning/mxj/v2 v2.5.6/go.mod h1:hNiWqW14h+kc+MdF9C6/YoRfjEJoR3ou6tn/Qo+ve2s=
+github.com/clbanning/mxj/v2 v2.5.5/go.mod h1:hNiWqW14h+kc+MdF9C6/YoRfjEJoR3ou6tn/Qo+ve2s=
+github.com/clbanning/mxj/v2 v2.7.0 h1:WA/La7UGCanFe5NpHF0Q3DNtnCsVoxbPKuyBNHWRyME=
+github.com/clbanning/mxj/v2 v2.7.0/go.mod h1:hNiWqW14h+kc+MdF9C6/YoRfjEJoR3ou6tn/Qo+ve2s=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
 github.com/cloudflare/cfssl v0.0.0-20180223231731-4e2dcbde5004 h1:lkAMpLVBDaj17e85keuznYcH5rqI438v41pKcBl4ZxQ=
 github.com/cloudflare/cfssl v0.0.0-20180223231731-4e2dcbde5004/go.mod h1:yMWuSON2oQp+43nFtAV/uvKQIFpSPerB57DCt9t8sSA=
-github.com/cloudflare/circl v1.1.0/go.mod h1:prBCrKB9DV4poKZY1l9zBXg2QJY7mvgRvtMxxK7fi4I=
-github.com/cloudflare/circl v1.3.3 h1:fE/Qz0QdIGqeWfnwq0RE0R7MI51s0M2E4Ga9kq5AEMs=
 github.com/cloudflare/circl v1.3.3/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUKZrLbUZFA=
+github.com/cloudflare/circl v1.3.5 h1:g+wWynZqVALYAlpSQFAa7TscDnUK8mKYtrxMpw6AUKo=
+github.com/cloudflare/circl v1.3.5/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUKZrLbUZFA=
 github.com/cloudfoundry-incubator/candiedyaml v0.0.0-20170901234223-a41693b7b7af h1:6Cpkahw28+gcBdnXQL7LcMTX488+6jl6hfoTMRT6Hm4=
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
 github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
@@ -515,8 +526,8 @@ github.com/coreos/go-iptables v0.4.5/go.mod h1:/mVI274lEDI2ns62jHCDnCyBF9Iwsmeka
 github.com/coreos/go-iptables v0.5.0/go.mod h1:/mVI274lEDI2ns62jHCDnCyBF9Iwsmekav8Dbxlm1MU=
 github.com/coreos/go-iptables v0.6.0/go.mod h1:Qe8Bv2Xik5FyTXwgIbLAnv2sWSBmvWdFETJConOQ//Q=
 github.com/coreos/go-oidc v2.1.0+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc=
-github.com/coreos/go-oidc/v3 v3.6.0 h1:AKVxfYw1Gmkn/w96z0DbT/B/xFnzTd3MkZvWLjF4n/o=
-github.com/coreos/go-oidc/v3 v3.6.0/go.mod h1:ZpHUsHBucTUj6WOkrP4E20UPynbLZzhTQ1XKCXkxyPc=
+github.com/coreos/go-oidc/v3 v3.7.0 h1:FTdj0uexT4diYIPlF4yoFVI5MRO1r5+SEcIpEw9vC0o=
+github.com/coreos/go-oidc/v3 v3.7.0/go.mod h1:yQzSCqBnK3e6Fs5l+f5i0F8Kwf0zpH9bPEsbY00KanM=
 github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
 github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
 github.com/coreos/go-systemd v0.0.0-20161114122254-48702e0da86b/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
@@ -530,13 +541,13 @@ github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfc
 github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
 github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
 github.com/cpuguy83/go-md2man/v2 v2.0.1/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
-github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
+github.com/cpuguy83/go-md2man/v2 v2.0.3/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
 github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY=
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/creack/pty v1.1.11/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
-github.com/creack/pty v1.1.18 h1:n56/Zwd5o6whRC5PMGretI4IdRLlmBXYNjScPaBgsbY=
-github.com/cyberphone/json-canonicalization v0.0.0-20220623050100-57a0ce2678a7 h1:vU+EP9ZuFUCYE0NYLwTSob+3LNEJATzNfP/DC7SWGWI=
-github.com/cyberphone/json-canonicalization v0.0.0-20220623050100-57a0ce2678a7/go.mod h1:uzvlm1mxhHkdfqitSA92i7Se+S9ksOn3a3qmv/kyOCw=
+github.com/creack/pty v1.1.20 h1:VIPb/a2s17qNeQgDnkfZC35RScx+blkKF8GV68n80J4=
+github.com/cyberphone/json-canonicalization v0.0.0-20231011164504-785e29786b46 h1:2Dx4IHfC1yHWI12AxQDJM1QbRCDfk6M+blLzlZCXdrc=
+github.com/cyberphone/json-canonicalization v0.0.0-20231011164504-785e29786b46/go.mod h1:uzvlm1mxhHkdfqitSA92i7Se+S9ksOn3a3qmv/kyOCw=
 github.com/cyphar/filepath-securejoin v0.2.2/go.mod h1:FpkQEhXnPnOthhzymB7CGsFk2G9VLXONKD9G7QGMM+4=
 github.com/cyphar/filepath-securejoin v0.2.3/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4=
 github.com/cyphar/filepath-securejoin v0.2.4 h1:Ugdm7cg7i6ZK6x3xDF1oEu1nfkyfH53EtKeQYTC3kyg=
@@ -546,43 +557,51 @@ github.com/d2g/dhcp4client v1.0.0/go.mod h1:j0hNfjhrt2SxUOw55nL0ATM/z4Yt3t2Kd1mW
 github.com/d2g/dhcp4server v0.0.0-20181031114812-7d4a0a7f59a5/go.mod h1:Eo87+Kg/IX2hfWJfwxMzLyuSZyxSoAug2nGa1G2QAi8=
 github.com/d2g/hardwareaddr v0.0.0-20190221164911-e7d9fbe030e4/go.mod h1:bMl4RjIciD2oAxI7DmWRx6gbeqrkoLqv3MV0vzNad+I=
 github.com/danieljoos/wincred v1.1.0/go.mod h1:XYlo+eRTsVA9aHGp7NGjFkPla4m+DCL7hqDjlFjiygg=
+github.com/danieljoos/wincred v1.2.0 h1:ozqKHaLK0W/ii4KVbbvluM91W2H3Sh0BncbUNPS7jLE=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
+github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/decred/dcrd/crypto/blake256 v1.0.1/go.mod h1:2OfgNZ5wDpcsFmHmCK5gZTPcCXqlm2ArzUIkw9czNJo=
+github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0 h1:8UrgZ3GkP4i/CLijOJx79Yu+etlyjdBU4sfcs2WYQMs=
+github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0/go.mod h1:v57UDF4pDQJcEfFUCRop3lJL149eHGSe9Jvczhzjo/0=
 github.com/denisenkom/go-mssqldb v0.0.0-20191128021309-1d7a30a10f73/go.mod h1:xbL0rPBG9cCiLr28tMa8zpbdarY27NDyej4t/EjAShU=
 github.com/denisenkom/go-mssqldb v0.9.0/go.mod h1:xbL0rPBG9cCiLr28tMa8zpbdarY27NDyej4t/EjAShU=
 github.com/denverdino/aliyungo v0.0.0-20190125010748-a747050bb1ba/go.mod h1:dV8lFg6daOBZbT6/BDGIz6Y3WFGn8juu6G+CQ6LHtl0=
 github.com/depcheck-test/depcheck-test v0.0.0-20220607135614-199033aaa936 h1:foGzavPWwtoyBvjWyKJYDYsyzy+23iBV7NKTwdk+LRY=
 github.com/dgrijalva/jwt-go v0.0.0-20170104182250-a601269ab70c/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
 github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
+github.com/dgryski/go-farm v0.0.0-20190423205320-6a90982ecee2 h1:tdlZCpZ/P9DhczCTSixgIKmwPv6+wP5DGjqLYw5SUiA=
+github.com/dgryski/go-farm v0.0.0-20190423205320-6a90982ecee2/go.mod h1:SqUrOPUnsFjfmXRMNPybcSiG0BgUW2AuFH8PAnS2iTw=
 github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no=
-github.com/digitorus/pkcs7 v0.0.0-20221019075359-21b8b40e6bb4/go.mod h1:SKVExuS+vpu2l9IoOc0RwqE7NYnb0JlcFHFnEJkVDzc=
-github.com/digitorus/pkcs7 v0.0.0-20221212123742-001c36b64ec3 h1:rjCXeRWazGsbcBlExMcAW8H1LGdgJ9r619y7+aeKgds=
-github.com/digitorus/pkcs7 v0.0.0-20221212123742-001c36b64ec3/go.mod h1:SKVExuS+vpu2l9IoOc0RwqE7NYnb0JlcFHFnEJkVDzc=
-github.com/digitorus/timestamp v0.0.0-20221019182153-ef3b63b79b31 h1:3go0tpsBpbs9L/oysk3jDwRprlLRRkpSU7YxKlTfU+o=
-github.com/digitorus/timestamp v0.0.0-20221019182153-ef3b63b79b31/go.mod h1:6V2ND8Yf8TOJ4h+9pmUlx8kXvNLBB2QplToVVZQ3rF0=
-github.com/dimchansky/utfbom v1.1.0/go.mod h1:rO41eb7gLfo8SF1jd9F8HplJm1Fewwi4mQvIirEdv+8=
+github.com/digitorus/pkcs7 v0.0.0-20230713084857-e76b763bdc49/go.mod h1:SKVExuS+vpu2l9IoOc0RwqE7NYnb0JlcFHFnEJkVDzc=
+github.com/digitorus/pkcs7 v0.0.0-20230818184609-3a137a874352 h1:ge14PCmCvPjpMQMIAH7uKg0lrtNSOdpYsRXlwk3QbaE=
+github.com/digitorus/pkcs7 v0.0.0-20230818184609-3a137a874352/go.mod h1:SKVExuS+vpu2l9IoOc0RwqE7NYnb0JlcFHFnEJkVDzc=
+github.com/digitorus/timestamp v0.0.0-20230902153158-687734543647 h1:WOk5Aclr/+sZ2/SX2YyxulNFwZOUhSrDJLw5KbHKmdE=
+github.com/digitorus/timestamp v0.0.0-20230902153158-687734543647/go.mod h1:GvWntX9qiTlOud0WkQ6ewFm0LPy5JUR1Xo0Ngbd1w6Y=
 github.com/dimchansky/utfbom v1.1.1 h1:vV6w1AhK4VMnhBno/TPVCoK9U/LP0PkLCS9tbxHdi/U=
 github.com/dimchansky/utfbom v1.1.1/go.mod h1:SxdoEBH5qIqFocHMyGOXVAybYJdr71b1Q/j0mACtrfE=
 github.com/distribution/distribution/v3 v3.0.0-20221208165359-362910506bc2 h1:aBfCb7iqHmDEIp6fBvC/hQUddQfg+3qdYjwzaiP9Hnc=
+github.com/distribution/reference v0.5.0 h1:/FUIFXtfc/x2gpa5/VGfiGLuOIdYa1t65IKK2OFGvA0=
+github.com/distribution/reference v0.5.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E=
 github.com/dnaeon/go-vcr v1.0.1/go.mod h1:aBB1+wY4s93YsC3HHjMBMrwTj2R9FHDzUr9KyGc8n1E=
 github.com/docker/cli v0.0.0-20191017083524-a8ff7f821017/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
-github.com/docker/cli v23.0.5+incompatible h1:ufWmAOuD3Vmr7JP2G5K3cyuNC4YZWiAsuDEvFVVDafE=
-github.com/docker/cli v23.0.5+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
+github.com/docker/cli v24.0.7+incompatible h1:wa/nIwYFW7BVTGa7SWPVyyXU9lgORqUb1xfI36MSkFg=
+github.com/docker/cli v24.0.7+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
 github.com/docker/distribution v0.0.0-20190905152932-14b96e55d84c/go.mod h1:0+TTO4EOBfRPhZXAeF1Vu+W3hHZ8eLp8PgKVZlcvtFY=
 github.com/docker/distribution v2.7.1-0.20190205005809-0d3efadf0154+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
 github.com/docker/distribution v2.7.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
 github.com/docker/distribution v2.8.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
-github.com/docker/distribution v2.8.2+incompatible h1:T3de5rq0dB1j30rp0sA2rER+m322EBzniBPB6ZIzuh8=
-github.com/docker/distribution v2.8.2+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
+github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk=
+github.com/docker/distribution v2.8.3+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
 github.com/docker/docker v1.4.2-0.20190924003213-a8608b5b67c7/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
 github.com/docker/docker v20.10.14+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
-github.com/docker/docker v23.0.5+incompatible h1:DaxtlTJjFSnLOXVNUBU1+6kXGz2lpDoEAH6QoxaSg8k=
-github.com/docker/docker v23.0.5+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
+github.com/docker/docker v24.0.7+incompatible h1:Wo6l37AuwP3JaMnZa226lzVXGA3F9Ig1seQen0cKYlM=
+github.com/docker/docker v24.0.7+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
 github.com/docker/docker-credential-helpers v0.6.3/go.mod h1:WRaJzqw3CTB9bk10avuGsjVBZsD05qeibJ1/TYlvc0Y=
 github.com/docker/docker-credential-helpers v0.6.4/go.mod h1:ofX3UI0Gz1TteYBjtgs07O36Pyasyp66D2uKT7H8W1c=
-github.com/docker/docker-credential-helpers v0.7.0 h1:xtCHsjxogADNZcdv1pKUHXryefjlVRqWqIhk/uXJp0A=
-github.com/docker/docker-credential-helpers v0.7.0/go.mod h1:rETQfLdHNT3foU5kuNkFR1R1V12OJRRO5lzt2D1b5X0=
+github.com/docker/docker-credential-helpers v0.8.0 h1:YQFtbBQb4VrpoPxhFuzEBPQ9E16qz5SpHLS+uswaCp8=
+github.com/docker/docker-credential-helpers v0.8.0/go.mod h1:UGFXcuoQ5TxPiB54nHOZ32AWRqQdECoh/Mg0AlEYb40=
 github.com/docker/go v1.5.1-1.0.20160303222718-d30aec9fd63c h1:lzqkGL9b3znc+ZUgi7FlLnqjQhcXxkNM/quxIjBVMD0=
 github.com/docker/go v1.5.1-1.0.20160303222718-d30aec9fd63c/go.mod h1:CADgU4DSXK5QUlFslkQu2yW2TKzFZcXq/leZfM0UH5Q=
 github.com/docker/go-connections v0.4.0 h1:El9xVISelRB7BuFusrZozjnkIM5YnzCViNKohAFqRJQ=
@@ -605,12 +624,17 @@ github.com/drone/envsubst v1.0.3 h1:PCIBwNDYjs50AsLZPYdfhSATKaRg/FJmDc2D6+C2x8g=
 github.com/drone/envsubst v1.0.3/go.mod h1:N2jZmlMufstn1KEqvbHjw40h1KyTmnVzHcSc9bFiJ2g=
 github.com/dustin/go-humanize v0.0.0-20171111073723-bb3d318650d4/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
 github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
+github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkpeCY=
+github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto=
 github.com/dvsekhvalnov/jose2go v0.0.0-20170216131308-f21a8cedbbae/go.mod h1:7BvyPhdbLxMXIYTFPLsyJRFMsKmOZnQmzh6Gb+uquuM=
+github.com/dvyukov/go-fuzz v0.0.0-20210103155950-6a8e9d1f2415/go.mod h1:11Gm+ccJnvAhCNLlf5+cS9KjtbaD5I5zaZpFMsTHWTw=
+github.com/ebitengine/purego v0.5.0 h1:JrMGKfRIAM4/QVKaesIIT7m/UVjTj5GYhRSQYwfVdpo=
+github.com/ebitengine/purego v0.5.0/go.mod h1:ah1In8AOtksoNK6yk5z1HTJeUkC1Ez4Wk2idgGslMwQ=
 github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc=
 github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs=
 github.com/emicklei/go-restful v2.9.5+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs=
-github.com/emicklei/go-restful/v3 v3.10.1 h1:rc42Y5YTp7Am7CS630D7JmhRjq4UlEUuEKfrDac4bSQ=
-github.com/emicklei/go-restful/v3 v3.10.1/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
+github.com/emicklei/go-restful/v3 v3.11.0 h1:rAQeMHw1c7zTmncogyy8VvRZwtkmkZ4FxERmMY4rD+g=
+github.com/emicklei/go-restful/v3 v3.11.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
 github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
@@ -630,13 +654,11 @@ github.com/evanphx/json-patch/v5 v5.6.0 h1:b91NhWfaz02IuVxO9faSllyAtNXHMPkC5J8sJ
 github.com/evanphx/json-patch/v5 v5.6.0/go.mod h1:G79N1coSVB93tBe7j6PhzjmR3/2VvlbKOFpnXhI9Bw4=
 github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f h1:Wl78ApPPB2Wvf/TIe2xdyJxTlb6obmF18d8QdkxNDu4=
 github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f/go.mod h1:OSYXu++VVOHnXeitef/D8n/6y4QV8uLHSFXX4NeXMGc=
-github.com/facebookgo/clock v0.0.0-20150410010913-600d898af40a h1:yDWHCSQ40h88yih2JAcL6Ls/kVkSE8GFACTGVnMPruw=
-github.com/facebookgo/limitgroup v0.0.0-20150612190941-6abd8d71ec01 h1:IeaD1VDVBPlx3viJT9Md8if8IxxJnO+x0JCGb054heg=
-github.com/facebookgo/muster v0.0.0-20150708232844-fd3d7953fd52 h1:a4DFiKFJiDRGFD1qIcqGLX/WlUMD9dyLSLDt+9QZgt8=
 github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
 github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU=
-github.com/fatih/color v1.13.0 h1:8LOYc1KYPPmyKMuN8QV2DNRWNbLo6LZ0iLs8+mlH53w=
 github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk=
+github.com/fatih/color v1.15.0 h1:kOqh6YHBtK8aywxGerMG2Eq3H6Qgoqeo13Bk2Mv/nBs=
+github.com/fatih/color v1.15.0/go.mod h1:0h5ZqXfHYED7Bhv2ZJamyIOUej9KtShiJESRwBDUSsw=
 github.com/felixge/httpsnoop v1.0.1/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
 github.com/felixge/httpsnoop v1.0.3 h1:s/nj+GCswXYzN5v2DpNMuMQYe+0DDwt5WVCU6CWBdXk=
 github.com/flowstack/go-jsonschema v0.1.1/go.mod h1:yL7fNggx1o8rm9RlgXv7hTBWxdBM0rVwpMwimd3F3N0=
@@ -650,13 +672,13 @@ github.com/frankban/quicktest v1.14.4 h1:g2rn0vABPOOXmZUj+vbmUp0lPoXEMuhTpIluN0X
 github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
 github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
 github.com/fsnotify/fsnotify v1.5.4/go.mod h1:OVB6XrOHzAwXMpEM7uPOzcehqUV2UqJxmVXmkdnm1bU=
-github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4HY=
-github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw=
+github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA=
+github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM=
 github.com/fullsailor/pkcs7 v0.0.0-20190404230743-d7302db945fa/go.mod h1:KnogPXtdwXqoenmZCw6S+25EAm2MkxbG0deNDu4cbSA=
 github.com/fvbommel/sortorder v1.0.2 h1:mV4o8B2hKboCdkJm+a7uX/SIpZob4JzUpc5GGnM45eo=
 github.com/fvbommel/sortorder v1.0.2/go.mod h1:uk88iVf1ovNn1iLfgUVU2F9o5eO30ui720w+kxuqRs0=
-github.com/gabriel-vasile/mimetype v1.4.2 h1:w5qFW6JKBz9Y393Y4q372O9A7cUSequkh1Q7OhCmWKU=
-github.com/gabriel-vasile/mimetype v1.4.2/go.mod h1:zApsH/mKG4w07erKIaJPFiX0Tsq9BFQgN3qGY5GnNgA=
+github.com/gabriel-vasile/mimetype v1.4.3 h1:in2uUcidCuFcDKtdcBxlR0rJ1+fsokWf+uqxgUFjbI0=
+github.com/gabriel-vasile/mimetype v1.4.3/go.mod h1:d8uq/6HKRL6CGdk+aubisF/M5GcPfT7nKyLpA0lbSSk=
 github.com/gardener/component-cli v0.44.0 h1:19w703QNyV0VRhoqbRv6NgibK/t6OZxoLqkBWO/JrFM=
 github.com/gardener/component-cli v0.44.0/go.mod h1:TMYFZYiopyvbgVzaMALgUcJvup3LP/qOl/NQpS7uvjM=
 github.com/gardener/component-spec/bindings-go v0.0.52/go.mod h1:kQFMTWowNAp9tOp6aImQa/NoLzfvX29jN5Qgud9rpQU=
@@ -695,8 +717,9 @@ github.com/go-logr/logr v0.4.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTg
 github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
 github.com/go-logr/logr v1.2.1/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
 github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
-github.com/go-logr/logr v1.2.4 h1:g01GSCwiDw2xSZfjJ2/T9M+S6pFdcNtFYsp+Y43HYDQ=
 github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
+github.com/go-logr/logr v1.3.0 h1:2y3SDp0ZXuc6/cjLSZ+Q3ir+QB9T/iG5yYRXqsagWSY=
+github.com/go-logr/logr v1.3.0/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
 github.com/go-logr/stdr v1.2.0/go.mod h1:YkVgnZu1ZjjL7xTxrfm/LLZBfkhTqSR1ydtm6jTKKwI=
 github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
 github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
@@ -708,14 +731,15 @@ github.com/go-openapi/analysis v0.21.4/go.mod h1:4zQ35W4neeZTqh3ol0rv/O8JBbka9Qy
 github.com/go-openapi/errors v0.19.8/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M=
 github.com/go-openapi/errors v0.19.9/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M=
 github.com/go-openapi/errors v0.20.2/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M=
-github.com/go-openapi/errors v0.20.3 h1:rz6kiC84sqNQoqrtulzaL/VERgkoCyB6WdEkc2ujzUc=
-github.com/go-openapi/errors v0.20.3/go.mod h1:Z3FlZ4I8jEGxjUK+bugx3on2mIAk4txuAOhlsB1FSgk=
+github.com/go-openapi/errors v0.20.4 h1:unTcVm6PispJsMECE3zWgvG4xTiKda1LIR5rCRWLG6M=
+github.com/go-openapi/errors v0.20.4/go.mod h1:Z3FlZ4I8jEGxjUK+bugx3on2mIAk4txuAOhlsB1FSgk=
 github.com/go-openapi/jsonpointer v0.0.0-20160704185906-46af16f9f7b1/go.mod h1:+35s3my2LFTysnkMfxsJBAMHj/DoqoB9knIWoYG/Vk0=
 github.com/go-openapi/jsonpointer v0.19.2/go.mod h1:3akKfEdA7DF1sugOqz1dVQHBcuDBPKZGEoHC/NkiQRg=
 github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
 github.com/go-openapi/jsonpointer v0.19.5/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
-github.com/go-openapi/jsonpointer v0.19.6 h1:eCs3fxoIi3Wh6vtgmLTOjdhSpiqphQ+DaPn38N2ZdrE=
 github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs=
+github.com/go-openapi/jsonpointer v0.20.0 h1:ESKJdU9ASRfaPNOPRx12IUyA1vn3R9GiE3KYD14BXdQ=
+github.com/go-openapi/jsonpointer v0.20.0/go.mod h1:6PGzBjjIIumbLYysB73Klnms1mwnU4G3YHOECG3CedA=
 github.com/go-openapi/jsonreference v0.0.0-20160704190145-13c6e3589ad9/go.mod h1:W3Z9FmVs9qj+KR4zFKmDPGiLdk1D9Rlm7cyMvf57TTg=
 github.com/go-openapi/jsonreference v0.19.2/go.mod h1:jMjeRr2HHw6nAVajTXJ4eiUwohSTlpa0o73RUL1owJc=
 github.com/go-openapi/jsonreference v0.19.3/go.mod h1:rjx6GuL8TTa9VaixXglHmQmIL98+wF9xc8zWvFonSJ8=
@@ -756,9 +780,9 @@ github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/o
 github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY=
 github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY=
 github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY=
-github.com/go-playground/validator/v10 v10.14.0 h1:vgvQWe3XCz3gIeFDm/HnTIbj6UGmg/+t63MyGU2n5js=
-github.com/go-playground/validator/v10 v10.14.0/go.mod h1:9iXMNT7sEkjXb0I+enO7QXmzG6QCsPWY4zveKFVRSyU=
-github.com/go-rod/rod v0.113.3 h1:oLiKZW721CCMwA5g7977cWfcAKQ+FuosP47Zf1QiDrA=
+github.com/go-playground/validator/v10 v10.15.5 h1:LEBecTWb/1j5TNY1YYG2RcOUN3R7NLylN+x8TTueE24=
+github.com/go-playground/validator/v10 v10.15.5/go.mod h1:9iXMNT7sEkjXb0I+enO7QXmzG6QCsPWY4zveKFVRSyU=
+github.com/go-rod/rod v0.114.4 h1:FpkNFukjCuZLwnoLs+S9aCL95o/EMec6M+41UmvQay8=
 github.com/go-sql-driver/mysql v1.3.0/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w=
 github.com/go-sql-driver/mysql v1.6.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=
 github.com/go-sql-driver/mysql v1.7.1 h1:lUIinVbN1DY0xBg0eMOzmmtGoHwWBbvnWubQUrtU8EI=
@@ -800,12 +824,16 @@ github.com/gobuffalo/packr/v2 v2.8.3/go.mod h1:0SahksCVcx4IMnigTjiFuyldmTrdTctXs
 github.com/gobuffalo/syncx v0.0.0-20190224160051-33c29581e754/go.mod h1:HhnNqWY95UYwwW3uSASeV7vtgYkT2t16hJgV3AEPUpw=
 github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y=
 github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8=
+github.com/goccy/go-json v0.10.2 h1:CrxCmQqYDkv1z7lO7Wbh2HN93uovUHgrECaO5ZrCXAU=
+github.com/goccy/go-json v0.10.2/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I=
 github.com/godbus/dbus v0.0.0-20151105175453-c7fdd8b5cd55/go.mod h1:/YcGZj5zSblfDWMMoOzV4fas9FZnQYTkDnsGvmh2Grw=
 github.com/godbus/dbus v0.0.0-20180201030542-885f9cc04c9c/go.mod h1:/YcGZj5zSblfDWMMoOzV4fas9FZnQYTkDnsGvmh2Grw=
+github.com/godbus/dbus v0.0.0-20190422162347-ade71ed3457e h1:BWhy2j3IXJhjCbC68FptL43tDKIq8FladmaTs3Xs7Z8=
 github.com/godbus/dbus v0.0.0-20190422162347-ade71ed3457e/go.mod h1:bBOAhwG1umN6/6ZUMtDFBMQR8jRg9O75tm9K00oMsK4=
 github.com/godbus/dbus/v5 v5.0.3/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
 github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
 github.com/godbus/dbus/v5 v5.0.6/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
+github.com/godbus/dbus/v5 v5.1.0 h1:4KLkAxT3aOY8Li4FRJe/KvhoNFFxo0m6fNuFUO8QJUk=
 github.com/godror/godror v0.24.2/go.mod h1:wZv/9vPiUib6tkoDl+AZ/QLf5YZgMravZ7jxH2eQWAE=
 github.com/gogo/googleapis v1.2.0/go.mod h1:Njal3psf3qN6dwBtQfUmBZh2ybovJ0tlu3o/AC7HYjU=
 github.com/gogo/googleapis v1.4.0/go.mod h1:5YRNX2z1oM5gXdAkurHa942MDgEJyk02w4OecKY87+c=
@@ -821,6 +849,7 @@ github.com/golang-jwt/jwt/v4 v4.0.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzw
 github.com/golang-jwt/jwt/v4 v4.2.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg=
 github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg=
 github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
+github.com/golang-jwt/jwt/v5 v5.0.0 h1:1n1XNM9hk7O9mnQoNBGolZvzebBQ7p93ULHRc28XJUE=
 github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe/go.mod h1:8vg3r2VgvsThLBIFL93Qb5yWzgyZWhEmBwUJWevAkK0=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
 github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
@@ -863,17 +892,19 @@ github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiu
 github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
 github.com/golang/snappy v0.0.4 h1:yAGX7huGHXlcLOEtBnF4w7FQwA26wojNCwOYAEhLjQM=
 github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
-github.com/gomodule/redigo v1.8.2 h1:H5XSIre1MB5NbPYFp+i1NBbb5qN1W8Y8YAQoAYbkm8k=
+github.com/gomodule/redigo v1.8.9 h1:Sl3u+2BI/kk+VEatbj0scLdrFhjPmbxOc1myhDP41ws=
 github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
 github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
 github.com/google/btree v1.0.1/go.mod h1:xXMiIv4Fb/0kKde4SpL7qlzvu5cMJDRkFDxJfI9uaxA=
 github.com/google/btree v1.1.2 h1:xf4v41cLI2Z6FxbKm+8Bu+m8ifhj15JuZ9sa0jZCMUU=
 github.com/google/btree v1.1.2/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4=
 github.com/google/certificate-transparency-go v1.0.10-0.20180222191210-5ab67e519c93/go.mod h1:QeJfpSbVSfYc7RgB3gJFj9cbuQMMchQxrWXz8Ruopmg=
-github.com/google/certificate-transparency-go v1.1.6 h1:SW5K3sr7ptST/pIvNkSVWMiJqemRmkjJPPT0jzXdOOY=
-github.com/google/certificate-transparency-go v1.1.6/go.mod h1:0OJjOsOk+wj6aYQgP7FU0ioQ0AJUmnWPFMqTjQeazPQ=
+github.com/google/certificate-transparency-go v1.1.7 h1:IASD+NtgSTJLPdzkthwvAG1ZVbF2WtFg4IvoA68XGSw=
+github.com/google/certificate-transparency-go v1.1.7/go.mod h1:FSSBo8fyMVgqptbfF6j5p/XNdgQftAhSmXcIxV9iphE=
 github.com/google/gnostic v0.6.9 h1:ZK/5VhkoX835RikCHpSUJV9a+S3e1zLh59YnyWeBW+0=
 github.com/google/gnostic v0.6.9/go.mod h1:Nm8234We1lq6iB9OmlgNv3nH91XLLVZHCDayfA3xq+E=
+github.com/google/gnostic-models v0.6.9-0.20230804172637-c7be7c783f49 h1:0VpGH+cDhbDtdcweoyCVsF3fhN8kejK6rFe/2FFX2nU=
+github.com/google/gnostic-models v0.6.9-0.20230804172637-c7be7c783f49/go.mod h1:BkkQ4L1KS1xMt2aWSPStnn55ChGC0DPOn2FQYj+f25M=
 github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
 github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
 github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
@@ -888,15 +919,16 @@ github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
 github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.7/go.mod h1:n+brtR0CgQNWTVd5ZUFpTBC8YFBDLK/h/bpaJ8/DtOE=
 github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
-github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
 github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
+github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-containerregistry v0.5.1/go.mod h1:Ct15B4yir3PLOP5jsy0GNeYVaIZs/MK/Jz5any1wFW0=
-github.com/google/go-containerregistry v0.15.2 h1:MMkSh+tjSdnmJZO7ljvEqV1DjfekB6VUEAZgy3a+TQE=
-github.com/google/go-containerregistry v0.15.2/go.mod h1:wWK+LnOv4jXMM23IT/F1wdYftGWGr47Is8CG+pmHK1Q=
+github.com/google/go-containerregistry v0.16.1 h1:rUEt426sR6nyrL3gt+18ibRcvYpKYdpsa5ZW7MA08dQ=
+github.com/google/go-containerregistry v0.16.1/go.mod h1:u0qB2l7mvtWVR5kNcbFIhFY1hLbf8eeGapA+vbFDCtQ=
 github.com/google/go-github/v45 v45.2.0 h1:5oRLszbrkvxDDqBCNj2hjDZMKmvexaZ1xw/FCD+K3FI=
 github.com/google/go-github/v45 v45.2.0/go.mod h1:FObaZJEDSTa/WGCzZ2Z3eoCDXWJKMenWWTrd8jrta28=
-github.com/google/go-github/v50 v50.2.0 h1:j2FyongEHlO9nxXLc+LP3wuBSVU9mVxfpdYUexMpIfk=
-github.com/google/go-github/v50 v50.2.0/go.mod h1:VBY8FB6yPIjrtKhozXv4FQupxKLS6H4m6xFZlT43q8Q=
+github.com/google/go-github/v55 v55.0.0 h1:4pp/1tNMB9X/LuAhs5i0KQAE40NmiR/y6prLNb9x9cg=
+github.com/google/go-github/v55 v55.0.0/go.mod h1:JLahOTA1DnXzhxEymmFF5PP2tSS9JVNj68mSZNDwskA=
 github.com/google/go-intervals v0.0.2/go.mod h1:MkaR3LNRfeKLPmqgJYs4E66z5InYjmCjbbr4TQlcT6Y=
 github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8=
 github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU=
@@ -920,25 +952,27 @@ github.com/google/pprof v0.0.0-20201218002935-b9804c9f04c2/go.mod h1:kpwsk12EmLe
 github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
 github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
 github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
-github.com/google/pprof v0.0.0-20221103000818-d260c55eee4c h1:lvddKcYTQ545ADhBujtIJmqQrZBDsGo7XIMbAQe/sNY=
-github.com/google/pprof v0.0.0-20221103000818-d260c55eee4c/go.mod h1:dDKJzRmX4S37WGHujM7tX//fmj1uioxKzKxz3lo4HJo=
+github.com/google/pprof v0.0.0-20231023181126-ff6d637d2a7b h1:RMpPgZTSApbPf7xaVel+QkoGPRLFLrwFO89uDUHEGf0=
+github.com/google/pprof v0.0.0-20231023181126-ff6d637d2a7b/go.mod h1:czg5+yv1E0ZGTi6S6vVK1mke0fV+FaUhNGcd6VRS9Ik=
 github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
-github.com/google/s2a-go v0.1.4 h1:1kZ/sQM3srePvKs3tXAvQzo66XfcReoqFpIpIccE7Oc=
-github.com/google/s2a-go v0.1.4/go.mod h1:Ej+mSEMGRnqRzjc7VtF+jdBwYG5fuJfiZ8ELkjEwM0A=
+github.com/google/s2a-go v0.1.7 h1:60BLSyTrOV4/haCDW4zb1guZItoSq8foHCXrAnjBo/o=
+github.com/google/s2a-go v0.1.7/go.mod h1:50CgR4k1jNlWBu4UfS4AcfhVe1r6pdZPygJ3R8F0Qdw=
 github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4=
 github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ=
 github.com/google/tink/go v1.7.0 h1:6Eox8zONGebBFcCBqkVmt60LaWZa6xg1cl/DwAh/J1w=
+github.com/google/trillian v1.5.3 h1:3ioA5p09qz+U9/t2riklZtaQdZclaStp0/eQNfewNRg=
 github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.2.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
 github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/googleapis/enterprise-certificate-proxy v0.2.4 h1:uGy6JWR/uMIILU8wbf+OkstIrNiMjGpEIyhx8f6W7s4=
-github.com/googleapis/enterprise-certificate-proxy v0.2.4/go.mod h1:AwSRAtLfXpU5Nm3pW+v7rGDHp09LsPtGY9MduiEsR9k=
+github.com/google/uuid v1.4.0 h1:MtMxsa51/r9yyhkyLsVeVt0B+BGQZzpQiTQ4eHZ8bc4=
+github.com/google/uuid v1.4.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/googleapis/enterprise-certificate-proxy v0.3.2 h1:Vie5ybvEvT75RniqhfFxPRy3Bf7vr3h0cechB90XaQs=
+github.com/googleapis/enterprise-certificate-proxy v0.3.2/go.mod h1:VLSiSSBs/ksPL8kq3OBOQ6WRI2QnaFynd1DCjZ62+V0=
 github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
 github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
-github.com/googleapis/gax-go/v2 v2.11.0 h1:9V9PWXEsWnPpQhu/PeQIkS4eGzMlTLGgt80cUUI8Ki4=
+github.com/googleapis/gax-go/v2 v2.12.0 h1:A+gCJKdRfqXkr+BIRGtZLibNXf0m1f9E4HG56etFpas=
 github.com/googleapis/gnostic v0.4.1/go.mod h1:LRhVm6pbyptWbWbuZ38d1eyptfvIytN3ir6b65WBswg=
 github.com/googleapis/google-cloud-go-testing v0.0.0-20200911160855-bcd43fbb19e8/go.mod h1:dvDLG8qkwmyD9a/MJJN3XJcT3xFxOKAvTZGvuZmac9g=
 github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
@@ -956,6 +990,8 @@ github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoA
 github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
 github.com/gosuri/uitable v0.0.4 h1:IG2xLKRvErL3uhY6e1BylFzG+aJiwQviDDTfOKeKTpY=
 github.com/gosuri/uitable v0.0.4/go.mod h1:tKR86bXuXPZazfOTG1FIzvjIdXzd0mo4Vtn16vt0PJo=
+github.com/gowebpki/jcs v1.0.1 h1:Qjzg8EOkrOTuWP7DqQ1FbYtcpEbeTzUoTN9bptp8FOU=
+github.com/gowebpki/jcs v1.0.1/go.mod h1:CID1cNZ+sHp1CCpAR8mPf6QRtagFBgPJE0FCUQ6+BrI=
 github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA=
 github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 h1:+ngKgrYPPJrOjhax5N+uePQ0Fh1Z7PheYoUI/0nzkPA=
 github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA=
@@ -978,37 +1014,37 @@ github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtng
 github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ=
 github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48=
 github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ=
-github.com/hashicorp/go-hclog v1.2.0 h1:La19f8d7WIlm4ogzNHB0JGqs5AUDAZ2UfCY4sJXcJdM=
+github.com/hashicorp/go-hclog v1.5.0 h1:bI2ocEMgcVlz55Oj1xZNBsVi900c7II+fWDyV9o+13c=
 github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60=
 github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM=
 github.com/hashicorp/go-multierror v0.0.0-20161216184304-ed905158d874/go.mod h1:JMRHfdO9jKNzS/+BTlxCjKNQHg/jZAft8U7LloJvN7I=
 github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk=
 github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo=
 github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM=
-github.com/hashicorp/go-retryablehttp v0.7.2 h1:AcYqCvkpalPnPF2pn0KamgwamS42TqUDDYFRKq/RAd0=
-github.com/hashicorp/go-retryablehttp v0.7.2/go.mod h1:Jy/gPYAdjqffZ/yFGCFV2doI5wjtH1ewM9u8iYVjtX8=
+github.com/hashicorp/go-retryablehttp v0.7.4 h1:ZQgVdpTdAL7WpMIwLzCfbalOcSUdkDZnpUv3/+BxzFA=
+github.com/hashicorp/go-retryablehttp v0.7.4/go.mod h1:Jy/gPYAdjqffZ/yFGCFV2doI5wjtH1ewM9u8iYVjtX8=
 github.com/hashicorp/go-rootcerts v1.0.0/go.mod h1:K6zTfqpRlCUIjkwsN4Z+hiSfzSTQa6eBIzfwKfwNnHU=
 github.com/hashicorp/go-rootcerts v1.0.2 h1:jzhAVGtqPKbwpyCPELlgNWhE1znq+qwJtW5Oi2viEzc=
 github.com/hashicorp/go-secure-stdlib/parseutil v0.1.7 h1:UpiO20jno/eV1eVZcxqWnUohyKRe1g8FPV/xH1s/2qs=
 github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 h1:kes8mmyCpxJsI7FTwtzRqEy9CdjCtrXrXGuOpxEA7Ts=
 github.com/hashicorp/go-sockaddr v1.0.0/go.mod h1:7Xibr9yA9JjQq1JpNB2Vw7kxv8xerXegt+ozgdvDeDU=
-github.com/hashicorp/go-sockaddr v1.0.2 h1:ztczhD1jLxIRjVejw8gFomI1BQZOe2WoVOu0SyteCQc=
+github.com/hashicorp/go-sockaddr v1.0.5 h1:dvk7TIXCZpmfOlM+9mlcrWmWjw/wlKT+VDq2wMvfPJU=
 github.com/hashicorp/go-syslog v1.0.0/go.mod h1:qPfqrKkXGihmCqbJM2mZgkZGvKG1dFdvsLplgctolz4=
 github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
 github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
 github.com/hashicorp/go.net v0.0.1/go.mod h1:hjKkEWcCURg++eb33jQU7oqQcI9XDCnUzHA0oac0k90=
 github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
 github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
-github.com/hashicorp/golang-lru v0.5.4 h1:YDjusn29QI/Das2iO9M0BHnIbxPeyuCHsjMW+lJfyTc=
-github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
+github.com/hashicorp/golang-lru v1.0.2 h1:dV3g9Z/unq5DpblPpw+Oqcv4dU/1omnb4Ok8iPY6p1c=
 github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
+github.com/hashicorp/hcl v1.0.1-vault-5 h1:kI3hhbbyzr4dldA8UdTb7ZlVVlI2DACdCfz31RPDgJM=
+github.com/hashicorp/hcl v1.0.1-vault-5/go.mod h1:XYhtn6ijBSAj6n4YqAaf7RBPS4I06AItNorpy+MoQNM=
 github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64=
 github.com/hashicorp/mdns v1.0.0/go.mod h1:tL+uN++7HEJ6SQLQ2/p+z2pH24WQKWjBPkE0mNTz8vQ=
 github.com/hashicorp/memberlist v0.1.3/go.mod h1:ajVTdAv/9Im8oMAAj5G31PhhMCZJV2pPBoIllUwCN7I=
 github.com/hashicorp/serf v0.8.2/go.mod h1:6hOLApaqBFA1NXqRQAsxw9QxuDEvNxSQRwA/JwenrHc=
-github.com/hashicorp/vault/api v1.9.2 h1:YjkZLJ7K3inKgMZ0wzCU9OHqc+UqMQyXsPXnf3Cl2as=
-github.com/honeycombio/beeline-go v1.10.0 h1:cUDe555oqvw8oD76BQJ8alk7FP0JZ/M/zXpNvOEDLDc=
-github.com/honeycombio/libhoney-go v1.16.0 h1:kPpqoz6vbOzgp7jC6SR7SkNj7rua7rgxvznI6M3KdHc=
+github.com/hashicorp/vault/api v1.10.0 h1:/US7sIjWN6Imp4o/Rj1Ce2Nr5bki/AXi9vAW3p2tOJQ=
+github.com/howeyc/gopass v0.0.0-20210920133722-c8aef6fb66ef h1:A9HsByNhogrvm9cWb28sjiS3i7tcKCkflWFEkHfuAgM=
 github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
 github.com/huandu/xstrings v1.3.1/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
 github.com/huandu/xstrings v1.3.2/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
@@ -1023,8 +1059,8 @@ github.com/imdario/mergo v0.3.10/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH
 github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
 github.com/imdario/mergo v0.3.12/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
 github.com/imdario/mergo v0.3.13/go.mod h1:4lJ1jqUDcsbIECGy0RUJAXNIhg+6ocWgb1ALK2O4oXg=
-github.com/imdario/mergo v0.3.15 h1:M8XP7IuFNsqUx6VPK2P9OSmsYsI/YFaGil0uD21V3dM=
-github.com/imdario/mergo v0.3.15/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY=
+github.com/imdario/mergo v0.3.16 h1:wwQJbIsHYGMUyLSPrEq1CT16AhnhNJQ51+4fdHUnCl4=
+github.com/imdario/mergo v0.3.16/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY=
 github.com/in-toto/in-toto-golang v0.9.0 h1:tHny7ac4KgtsfrG6ybU8gVOZux2H8jN05AXJ9EBM1XU=
 github.com/in-toto/in-toto-golang v0.9.0/go.mod h1:xsBVrVsHNsB61++S6Dy2vWosKhuA3lUTQd+eF9HdeMo=
 github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
@@ -1033,14 +1069,14 @@ github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLf
 github.com/intel/goresctrl v0.2.0/go.mod h1:+CZdzouYFn5EsxgqAQTEzMfwKwuc0fVdMrT9FCCAVRQ=
 github.com/j-keck/arping v0.0.0-20160618110441-2cf9dc699c56/go.mod h1:ymszkNOg6tORTn+6F6j+Jc8TOr5osrynvN6ivFWZ2GA=
 github.com/j-keck/arping v1.0.2/go.mod h1:aJbELhR92bSk7tp79AWM/ftfc90EfEi2bQJrbBFOsPw=
-github.com/jedisct1/go-minisign v0.0.0-20211028175153-1c139d1cc84b h1:ZGiXF8sz7PDk6RgkP+A/SFfUD0ZR/AgG6SpRNEDKZy8=
-github.com/jedisct1/go-minisign v0.0.0-20211028175153-1c139d1cc84b/go.mod h1:hQmNrgofl+IY/8L+n20H6E6PWBBTokdsv+q49j0QhsU=
-github.com/jellydator/ttlcache/v3 v3.0.1 h1:cHgCSMS7TdQcoprXnWUptJZzyFsqs18Lt8VVhRuZYVU=
+github.com/jedisct1/go-minisign v0.0.0-20230811132847-661be99b8267 h1:TMtDYDHKYY15rFihtRfck/bfFqNfvcabqvXAFQfAUpY=
+github.com/jedisct1/go-minisign v0.0.0-20230811132847-661be99b8267/go.mod h1:h1nSAbGFqGVzn6Jyl1R/iCcBUHN4g+gW1u9CoBTrb9E=
+github.com/jellydator/ttlcache/v3 v3.1.0 h1:0gPFG0IHHP6xyUyXq+JaD8fwkDCqgqwohXNJBcYE71g=
 github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI=
-github.com/jinzhu/gorm v0.0.0-20170222002820-5409931a1bb8 h1:CZkYfurY6KGhVtlalI4QwQ6T0Cu6iuY3e0x5RLu96WE=
 github.com/jinzhu/gorm v0.0.0-20170222002820-5409931a1bb8/go.mod h1:Vla75njaFJ8clLU1W44h34PjIkijhjHIYnZxMqCdxqo=
-github.com/jinzhu/inflection v0.0.0-20170102125226-1c35d901db3d h1:jRQLvyVGL+iVtDElaEIDdKwpPqUIZJfzkNLV34htpEc=
+github.com/jinzhu/gorm v1.9.16 h1:+IyIjPEABKRpsu/F8OvDPy9fyQlgsg2luMV2ZIH5i5o=
 github.com/jinzhu/inflection v0.0.0-20170102125226-1c35d901db3d/go.mod h1:h+uFLlag+Qp1Va5pdKtLDYj+kHp5pxUVkryuEj+Srlc=
+github.com/jinzhu/inflection v1.0.0 h1:K317FqzuhWc8YvSVlFMCCUb36O/S9MCKRDI7QkRKD/E=
 github.com/jinzhu/now v1.1.1/go.mod h1:d3SSVoowX0Lcu0IBviAWJpolVfI5UJVZZ7cO71lE/z8=
 github.com/jmespath/go-jmespath v0.0.0-20160202185014-0b12d6b521d8/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k=
 github.com/jmespath/go-jmespath v0.0.0-20160803190731-bd40a432e4c7/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k=
@@ -1048,7 +1084,7 @@ github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9Y
 github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo=
 github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8=
 github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U=
-github.com/jmhodges/clock v0.0.0-20160418191101-880ee4c33548 h1:dYTbLf4m0a5u0KLmPfB6mgxbcV7588bOCx79hxa5Sr4=
+github.com/jmhodges/clock v1.2.0 h1:eq4kys+NI0PLngzaHEe7AmPT90XMGIEySD1JfV1PDIs=
 github.com/jmoiron/sqlx v1.3.5 h1:vFFPA71p1o5gAeqtEAwLU4dnX2napprKtHr7PYIcN3g=
 github.com/jmoiron/sqlx v1.3.5/go.mod h1:nRVWtLre0KfCLJvgxzCsLVMogSvQ1zNJtpYr2Ccp0mQ=
 github.com/joefitzgerald/rainbow-reporter v0.1.0/go.mod h1:481CNgqmVHQZzdIbN52CupLJyoVwB10FQ/IQlF1pdL8=
@@ -1087,10 +1123,11 @@ github.com/klauspost/compress v1.15.1/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47e
 github.com/klauspost/compress v1.15.2/go.mod h1:PhcZ0MbTNciWF3rruxRgKxI5NkcHHrHUDtV4Yw2GlzU=
 github.com/klauspost/compress v1.15.7/go.mod h1:PhcZ0MbTNciWF3rruxRgKxI5NkcHHrHUDtV4Yw2GlzU=
 github.com/klauspost/compress v1.15.9/go.mod h1:PhcZ0MbTNciWF3rruxRgKxI5NkcHHrHUDtV4Yw2GlzU=
-github.com/klauspost/compress v1.16.5 h1:IFV2oUNUzZaz+XyusxpLzpzS8Pt5rh0Z16For/djlyI=
-github.com/klauspost/compress v1.16.5/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE=
-github.com/klauspost/pgzip v1.2.5 h1:qnWYvvKqedOF2ulHpMG72XQol4ILEJ8k2wwRl/Km8oE=
+github.com/klauspost/compress v1.17.2 h1:RlWWUY/Dr4fL8qk9YG7DTZ7PDgME2V4csBXA8L/ixi4=
+github.com/klauspost/compress v1.17.2/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE=
 github.com/klauspost/pgzip v1.2.5/go.mod h1:Ch1tH69qFZu15pkjo5kYi6mth2Zzwzt50oCQKQE9RUs=
+github.com/klauspost/pgzip v1.2.6 h1:8RXeL5crjEUFnR2/Sn6GJNWtSQ3Dk8pq4CL3jvdDyjU=
+github.com/klauspost/pgzip v1.2.6/go.mod h1:Ch1tH69qFZu15pkjo5kYi6mth2Zzwzt50oCQKQE9RUs=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
@@ -1115,8 +1152,21 @@ github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 h1:P6pPBnrTSX3DEVR4fDembhR
 github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0/go.mod h1:vmVJ0l/dxyfGW6FmdpVm2joNMFikkuWg0EoCKLGUMNw=
 github.com/leodido/go-urn v1.2.4 h1:XlAE/cm/ms7TE/VMVoduSpNBoyc2dOxHs5MZSwAN63Q=
 github.com/leodido/go-urn v1.2.4/go.mod h1:7ZrI8mTSeBSHl/UaRyKQW1qZeMgak41ANeCNaVckg+4=
-github.com/letsencrypt/boulder v0.0.0-20221109233200-85aa52084eaf h1:ndns1qx/5dL43g16EQkPV/i8+b3l5bYQwLeoSBe7tS8=
-github.com/letsencrypt/boulder v0.0.0-20221109233200-85aa52084eaf/go.mod h1:aGkAgvWY/IUcVFfuly53REpfv5edu25oij+qHRFaraA=
+github.com/lestrrat-go/blackmagic v1.0.2 h1:Cg2gVSc9h7sz9NOByczrbUvLopQmXrfFx//N+AkAr5k=
+github.com/lestrrat-go/blackmagic v1.0.2/go.mod h1:UrEqBzIR2U6CnzVyUtfM6oZNMt/7O7Vohk2J0OGSAtU=
+github.com/lestrrat-go/httpcc v1.0.1 h1:ydWCStUeJLkpYyjLDHihupbn2tYmZ7m22BGkcvZZrIE=
+github.com/lestrrat-go/httpcc v1.0.1/go.mod h1:qiltp3Mt56+55GPVCbTdM9MlqhvzyuL6W/NMDA8vA5E=
+github.com/lestrrat-go/httprc v1.0.4 h1:bAZymwoZQb+Oq8MEbyipag7iSq6YIga8Wj6GOiJGdI8=
+github.com/lestrrat-go/httprc v1.0.4/go.mod h1:mwwz3JMTPBjHUkkDv/IGJ39aALInZLrhBp0X7KGUZlo=
+github.com/lestrrat-go/iter v1.0.2 h1:gMXo1q4c2pHmC3dn8LzRhJfP1ceCbgSiT9lUydIzltI=
+github.com/lestrrat-go/iter v1.0.2/go.mod h1:Momfcq3AnRlRjI5b5O8/G5/BvpzrhoFTZcn06fEOPt4=
+github.com/lestrrat-go/jwx/v2 v2.0.16 h1:TuH3dBkYTy2giQg/9D8f20znS3JtMRuQJ372boS3lWk=
+github.com/lestrrat-go/jwx/v2 v2.0.16/go.mod h1:jBHyESp4e7QxfERM0UKkQ80/94paqNIEcdEfiUYz5zE=
+github.com/lestrrat-go/option v1.0.0/go.mod h1:5ZHFbivi4xwXxhxY9XHDe2FHo6/Z7WWmtT7T5nBBp3I=
+github.com/lestrrat-go/option v1.0.1 h1:oAzP2fvZGQKWkvHa1/SAcFolBEca1oN+mQ7eooNBEYU=
+github.com/lestrrat-go/option v1.0.1/go.mod h1:5ZHFbivi4xwXxhxY9XHDe2FHo6/Z7WWmtT7T5nBBp3I=
+github.com/letsencrypt/boulder v0.0.0-20231026200631-000cd05d5491 h1:WGrKdjHtWC67RX96eTkYD2f53NDHhrq/7robWTAfk4s=
+github.com/letsencrypt/boulder v0.0.0-20231026200631-000cd05d5491/go.mod h1:o158RFmdEbYyIZmXAbrvmJWesbyxlLKee6X64VPVuOc=
 github.com/lib/pq v0.0.0-20150723085316-0dad96c0b94f/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
 github.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
 github.com/lib/pq v1.10.7/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
@@ -1128,7 +1178,6 @@ github.com/linuxkit/virtsock v0.0.0-20201010232012-f8cee7dfc7a3/go.mod h1:3r6x7q
 github.com/magiconair/properties v1.5.3/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
 github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
 github.com/magiconair/properties v1.8.1/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
-github.com/magiconair/properties v1.8.4/go.mod h1:y3VJvCyxH9uVvJTWEGAELF3aiYNyPKd5NZ3oSwXrF60=
 github.com/magiconair/properties v1.8.5/go.mod h1:y3VJvCyxH9uVvJTWEGAELF3aiYNyPKd5NZ3oSwXrF60=
 github.com/magiconair/properties v1.8.7 h1:IeQXZAiQcpL9mgcAe1Nu6cX9LLw6ExEHKjN0VQdvPDY=
 github.com/magiconair/properties v1.8.7/go.mod h1:Dhd985XPs7jluiymwWYZ0G4Z61jb3vdS329zhj2hYo0=
@@ -1172,28 +1221,28 @@ github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Ky
 github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94=
 github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
 github.com/mattn/go-isatty v0.0.17/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
-github.com/mattn/go-isatty v0.0.19 h1:JITubQf0MOLdlGRuRq+jtsDlekdYPia9ZFsB8h/APPA=
-github.com/mattn/go-isatty v0.0.19/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
+github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
+github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
 github.com/mattn/go-oci8 v0.1.1/go.mod h1:wjDx6Xm9q7dFtHJvIlrI99JytznLw5wQ4R+9mNXJwGI=
 github.com/mattn/go-runewidth v0.0.2/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU=
 github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI=
 github.com/mattn/go-runewidth v0.0.13/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
-github.com/mattn/go-runewidth v0.0.14 h1:+xnbZSEeDbOIg5/mE6JF0w6n9duR1l3/WmbinWVwUuU=
-github.com/mattn/go-runewidth v0.0.14/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
+github.com/mattn/go-runewidth v0.0.15 h1:UNAjwbU9l54TA3KzvqLGxwWjHmMgBUVhBiTjelZgg3U=
+github.com/mattn/go-runewidth v0.0.15/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
 github.com/mattn/go-shellwords v1.0.3/go.mod h1:3xCvwCdWdlDJUrvuMn7Wuy9eWs4pE8vqg+NOMyg4B2o=
 github.com/mattn/go-shellwords v1.0.6/go.mod h1:3xCvwCdWdlDJUrvuMn7Wuy9eWs4pE8vqg+NOMyg4B2o=
 github.com/mattn/go-shellwords v1.0.12/go.mod h1:EZzvwXDESEeg03EKmM+RmDnNOPKG4lLtQsUlTZDWQ8Y=
 github.com/mattn/go-sqlite3 v1.6.0/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc=
 github.com/mattn/go-sqlite3 v1.14.6/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU=
 github.com/mattn/go-sqlite3 v1.14.15/go.mod h1:2eHXhiwb8IkHr+BDWZGa96P6+rkvnG63S2DGjv9HUNg=
-github.com/mattn/go-sqlite3 v1.14.16 h1:yOQRA0RpS5PFz/oikGwBEqvAWhWg5ufRz4ETLjwpU1Y=
+github.com/mattn/go-sqlite3 v1.14.17 h1:mCRHCLDUBXgpKAqIKsaAaAsrAlbkeomtRFKXh2L6YIM=
 github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
 github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4=
-github.com/matttproud/golang_protobuf_extensions v1.0.4 h1:mmDVorXM7PCGKw94cs5zkfA9PSy5pEvNWRP0ET0TIVo=
-github.com/matttproud/golang_protobuf_extensions v1.0.4/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4=
+github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0 h1:jWpvCLoY8Z/e3VKvlsiIGKtc+UG6U5vzxaoagmhXfyg=
+github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0/go.mod h1:QUyp042oQthUoa9bqDv0ER0wrtXnBruoNd7aNjkbP+k=
 github.com/maxbrunsfeld/counterfeiter/v6 v6.2.2/go.mod h1:eD9eIE7cdwcMi9rYluz88Jz2VyhSmden33/aXg4oVIY=
 github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg=
-github.com/miekg/dns v1.1.50 h1:DQUfb9uc6smULcREF09Uc+/Gd46YWqJd5DbpPE9xkcA=
+github.com/miekg/dns v1.1.55 h1:GoQ4hpsj0nFLYe+bWiCToyrBEJXkQfOOIvFGFy0lEgo=
 github.com/miekg/pkcs11 v1.0.2/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs=
 github.com/miekg/pkcs11 v1.0.3-0.20190429190417-a667d056470f/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs=
 github.com/miekg/pkcs11 v1.0.3/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs=
@@ -1275,6 +1324,8 @@ github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE=
 github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU=
 github.com/oklog/ulid v1.3.1 h1:EGfNDEx6MqHz8B3uNV6QAib1UR2Lm97sHi3ocA6ESJ4=
 github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U=
+github.com/oleiade/reflections v1.0.1 h1:D1XO3LVEYroYskEsoSiGItp9RUxG6jWnCVvrqH0HHQM=
+github.com/oleiade/reflections v1.0.1/go.mod h1:rdFxbxq4QXVZWj0F+e9jqjDkc7dbp97vkRixKo2JR60=
 github.com/olekukonko/tablewriter v0.0.0-20170122224234-a0225b3f23b5/go.mod h1:vsDQFd/mU46D+Z4whnwzcISnGGzXWMclvtLoiIKAKIo=
 github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY=
 github.com/onsi/ginkgo v0.0.0-20151202141238-7f8ab55aaf3b/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
@@ -1324,8 +1375,8 @@ github.com/opencontainers/image-spec v1.0.1/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zM
 github.com/opencontainers/image-spec v1.0.2-0.20211117181255-693428a734f5/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0=
 github.com/opencontainers/image-spec v1.0.2/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0=
 github.com/opencontainers/image-spec v1.0.3-0.20211202193544-a5463b7f9c84/go.mod h1:Qnt1q4cjDNQI9bT832ziho5Iw2BhK8o1KwLOwW56VP4=
-github.com/opencontainers/image-spec v1.1.0-rc3 h1:fzg1mXZFj8YdPeNkRXMg+zb88BFV0Ys52cJydRwBkb8=
-github.com/opencontainers/image-spec v1.1.0-rc3/go.mod h1:X4pATf0uXsnn3g5aiGIsVnJBR4mxhKzfwmvK/B2NTm8=
+github.com/opencontainers/image-spec v1.1.0-rc5 h1:Ygwkfw9bpDvs+c9E34SdgGOj41dX/cbdlwvlWt0pnFI=
+github.com/opencontainers/image-spec v1.1.0-rc5/go.mod h1:X4pATf0uXsnn3g5aiGIsVnJBR4mxhKzfwmvK/B2NTm8=
 github.com/opencontainers/runc v0.0.0-20190115041553-12f6a991201f/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U=
 github.com/opencontainers/runc v0.1.1/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U=
 github.com/opencontainers/runc v1.0.0-rc8.0.20190926000215-3e425f80a8c9/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U=
@@ -1351,6 +1402,8 @@ github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFSt
 github.com/opentracing/opentracing-go v1.2.0 h1:uEJPy/1a5RIPAJ0Ov+OIO8OxWu77jEv+1B0VhjKrZUs=
 github.com/opentracing/opentracing-go v1.2.0/go.mod h1:GxEUsuufX4nBwe+T+Wl9TAgYrxe9dPLANfrWvHYVTgc=
 github.com/ostreedev/ostree-go v0.0.0-20210805093236-719684c64e4f/go.mod h1:J6OG6YJVEWopen4avK3VNQSnALmmjvniMmni/YFYAwc=
+github.com/outcaste-io/ristretto v0.2.3 h1:AK4zt/fJ76kjlYObOeNwh4T3asEuaCmp26pOvUOL9w0=
+github.com/outcaste-io/ristretto v0.2.3/go.mod h1:W8HywhmtlopSB1jeMg3JtdIhf+DYkLAr0VN/s4+MHac=
 github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
 github.com/pborman/uuid v1.2.1 h1:+ZZIw58t/ozdjRaXh/3awHfmWRbzYxJoAdNJxe/3pvw=
 github.com/pborman/uuid v1.2.1/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k=
@@ -1360,11 +1413,13 @@ github.com/pelletier/go-toml v1.8.1/go.mod h1:T2/BmBdy8dvIRq1a/8aqjN41wvWlN4lrap
 github.com/pelletier/go-toml v1.9.3/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c=
 github.com/pelletier/go-toml v1.9.5 h1:4yBQzkHv+7BHq2PQUZF3Mx0IYxG7LsP222s7Agd3ve8=
 github.com/pelletier/go-toml v1.9.5/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c=
-github.com/pelletier/go-toml/v2 v2.0.8 h1:0ctb6s9mE31h0/lhu+J6OPmVeDxJn+kYnJc2jZR9tGQ=
-github.com/pelletier/go-toml/v2 v2.0.8/go.mod h1:vuYfssBdrU2XDZ9bYydBu6t+6a6PYNcZljzZR9VXg+4=
+github.com/pelletier/go-toml/v2 v2.1.0 h1:FnwAJ4oYMvbT/34k9zzHuZNrhlz48GB3/s6at6/MHO4=
+github.com/pelletier/go-toml/v2 v2.1.0/go.mod h1:tJU2Z3ZkXwnxa4DPO899bsyIoywizdUvyaeZurnPPDc=
 github.com/peterbourgon/diskv v2.0.1+incompatible h1:UBdAOUP5p4RWqPBg048CAvpKN+vxiaj6gdUUzhl4XmI=
 github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU=
 github.com/phayes/freeport v0.0.0-20220201140144-74d24b5ae9f5 h1:Ii+DKncOVM8Cu1Hc+ETb5K+23HdAMvESYE3ZJ5b5cMI=
+github.com/philhofer/fwd v1.1.2 h1:bnDivRJ1EWPjUIRXV5KfORO897HTbpFAQddBdE8t7Gw=
+github.com/philhofer/fwd v1.1.2/go.mod h1:qkPdfjR2SIEbspLqpe1tO4n5yICnr2DY7mqEx2tUTP0=
 github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8 h1:KoWmjvw+nsYOo29YJK9vDA65RGE3NrOnUtO7a+RF9HU=
 github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA=
 github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
@@ -1374,8 +1429,8 @@ github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/sftp v1.10.1/go.mod h1:lYOWFsE0bwd1+KfKJaKeuokY15vzFx25BLbzYYoAxZI=
 github.com/pkg/sftp v1.13.1/go.mod h1:3HaPG6Dq1ILlpPZRO0HVMrsydcdLt6HRDccSgb87qRg=
-github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
 github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI=
 github.com/posener/complete v1.2.3/go.mod h1:WZIdtGGp+qx0sLrYKtIRAruyNpv6hFCicSgv7Sy7s/s=
 github.com/poy/onpar v0.0.0-20200406201722-06f95a1c68e8/go.mod h1:nSbFQvMj97ZyhFRSJYtut+msi4sOY6zJDGCdSc+/rZU=
@@ -1391,15 +1446,15 @@ github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5Fsn
 github.com/prometheus/client_golang v1.1.0/go.mod h1:I1FGZT9+L76gKKOs5djB6ezCbFQP1xR9D75/vuwEF3g=
 github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M=
 github.com/prometheus/client_golang v1.11.0/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0=
-github.com/prometheus/client_golang v1.15.1 h1:8tXpTmJbyH5lydzFPoxSIJ0J46jdh3tylbvM1xCv0LI=
-github.com/prometheus/client_golang v1.15.1/go.mod h1:e9yaBhRPU2pPNsZwE+JdQl0KEt1N9XgF6zxWmaC0xOk=
+github.com/prometheus/client_golang v1.17.0 h1:rl2sfwZMtSthVU752MqfjQozy7blglC+1SOtjMAMh+Q=
+github.com/prometheus/client_golang v1.17.0/go.mod h1:VeL+gMmOAxkS2IqfCq0ZmHSL+LjWfWDUmp1mBz9JgUY=
 github.com/prometheus/client_model v0.0.0-20171117100541-99fa1f4be8e5/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
 github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
 github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
 github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
 github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
-github.com/prometheus/client_model v0.4.0 h1:5lQXD3cAg1OXBf4Wq03gTrXHeaV0TQvGfUooCfx1yqY=
-github.com/prometheus/client_model v0.4.0/go.mod h1:oMQmHW1/JoDwqLtg57MGgP/Fb1CJEYF2imWWhWtMkYU=
+github.com/prometheus/client_model v0.5.0 h1:VQw1hfvPvk3Uv6Qf29VrPF32JB6rtbgI6cYPYQjL0Qw=
+github.com/prometheus/client_model v0.5.0/go.mod h1:dTiFglRmd66nLR9Pv9f0mZi7B7fk5Pm3gvsjB5tr+kI=
 github.com/prometheus/common v0.0.0-20180110214958-89604d197083/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro=
 github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro=
 github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
@@ -1408,8 +1463,8 @@ github.com/prometheus/common v0.6.0/go.mod h1:eBmuwkDJBwy6iBfxCBob6t6dR6ENT/y+J+
 github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo=
 github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc=
 github.com/prometheus/common v0.30.0/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls=
-github.com/prometheus/common v0.42.0 h1:EKsfXEYo4JpWMHH5cg+KOUWeuJSov1Id8zGR8eeI1YM=
-github.com/prometheus/common v0.42.0/go.mod h1:xBwqVerjNdUDjgODMpudtOMwlOwf2SaTr1yjz4b7Zbc=
+github.com/prometheus/common v0.45.0 h1:2BGz0eBc2hdMDLnO/8n0jeB3oPrt2D08CekT0lneoxM=
+github.com/prometheus/common v0.45.0/go.mod h1:YJmSTw9BoKxJplESWWxlbyttQR4uaEcGyv9MZjVOJsY=
 github.com/prometheus/procfs v0.0.0-20180125133057-cb4147076ac7/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
 github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
 github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
@@ -1422,12 +1477,15 @@ github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4O
 github.com/prometheus/procfs v0.2.0/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU=
 github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA=
 github.com/prometheus/procfs v0.7.3/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA=
-github.com/prometheus/procfs v0.9.0 h1:wzCHvIvM5SxWqYvwgVL7yJY8Lz3PKn49KQtpgMYJfhI=
-github.com/prometheus/procfs v0.9.0/go.mod h1:+pB4zwohETzFnmlpe6yd2lSc+0/46IYZRB/chUwxUZY=
+github.com/prometheus/procfs v0.12.0 h1:jluTpSng7V9hY0O2R9DzzJHYb2xULk9VTR1V1R/k6Bo=
+github.com/prometheus/procfs v0.12.0/go.mod h1:pcuDEFsWDnvcgNzo4EEweacyhjeA9Zk3cnaOZAZEfOo=
 github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU=
+github.com/puzpuzpuz/xsync/v2 v2.5.1 h1:mVGYAvzDSu52+zaGyNjC+24Xw2bQi3kTr4QJ6N9pIIU=
+github.com/puzpuzpuz/xsync/v2 v2.5.1/go.mod h1:gD2H2krq/w52MfPLE+Uy64TzJDVY7lP2znR9qmR35kU=
+github.com/richardartoul/molecule v1.0.1-0.20221107223329-32cfee06a052 h1:Qp27Idfgi6ACvFQat5+VJvlYToylpM/hcyLBI3WaKPA=
 github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
-github.com/rivo/uniseg v0.4.2 h1:YwD0ulJSJytLpiaWua0sBDusfsCZohxjxzVTYjwxfV8=
-github.com/rivo/uniseg v0.4.2/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=
+github.com/rivo/uniseg v0.4.4 h1:8TfxU8dW6PdqD27gjM8MVNuicgxIjxpm4K7x4jp8sis=
+github.com/rivo/uniseg v0.4.4/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=
 github.com/robfig/cron/v3 v3.0.1 h1:WdRxkvbJztn8LMz/QEvLN5sBU+xKpSqwwUO1Pjr4qDs=
 github.com/robfig/cron/v3 v3.0.1/go.mod h1:eQICP3HwyT7UooqI/z+Ov+PtYAWygg1TEWWzGIFLtro=
 github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg=
@@ -1449,8 +1507,13 @@ github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb
 github.com/ryanuber/go-glob v1.0.0 h1:iQh3xXAumdQ+4Ufa5b25cRpC5TYKlno6hsv6Cb3pkBk=
 github.com/safchain/ethtool v0.0.0-20190326074333-42ed695e3de8/go.mod h1:Z0q5wiBQGYcxhMZ6gUqHn6pYNLypFAvaL3UvgZLR0U4=
 github.com/safchain/ethtool v0.0.0-20210803160452-9aa261dae9b1/go.mod h1:Z0q5wiBQGYcxhMZ6gUqHn6pYNLypFAvaL3UvgZLR0U4=
+github.com/sagikazarmark/locafero v0.3.0 h1:zT7VEGWC2DTflmccN/5T1etyKvxSxpHsjb9cJvm4SvQ=
+github.com/sagikazarmark/locafero v0.3.0/go.mod h1:w+v7UsPNFwzF1cHuOajOOzoq4U7v/ig1mpRjqV+Bu1U=
+github.com/sagikazarmark/slog-shim v0.1.0 h1:diDBnUNK9N/354PgrxMywXnAwEr1QZcOr6gto+ugjYE=
+github.com/sagikazarmark/slog-shim v0.1.0/go.mod h1:SrcSrq8aKtyuqEI1uvTDTK1arOWRIczQRv+GVI1AkeQ=
 github.com/sassoftware/relic v7.2.1+incompatible h1:Pwyh1F3I0r4clFJXkSI8bOyJINGqpgjJU3DYAZeI05A=
 github.com/sassoftware/relic v7.2.1+incompatible/go.mod h1:CWfAxv73/iLZ17rbyhIEq3K9hs5w6FpNMdUT//qR+zk=
+github.com/sassoftware/relic/v7 v7.6.1 h1:O5s8ewCgq5QYNpv45dK4u6IpBmDM9RIcsbf/G1uXepQ=
 github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0=
 github.com/sclevine/agouti v3.0.0+incompatible/go.mod h1:b4WX9W9L1sfQKXeJf1mUTLZKJ48R1S7H23Ji7oFO5Bw=
 github.com/sclevine/spec v1.2.0/go.mod h1:W4J29eT/Kzv7/b9IWLB055Z+qvVC9vt0Arko24q7p+U=
@@ -1459,8 +1522,10 @@ github.com/sebdah/goldie/v2 v2.5.3/go.mod h1:oZ9fp0+se1eapSRjfYbsV/0Hqhbuu3bJVvK
 github.com/seccomp/libseccomp-golang v0.9.1/go.mod h1:GbW5+tmTXfcxTToHLXlScSlAvWlF4P2Ca7zGrPiEpWo=
 github.com/seccomp/libseccomp-golang v0.9.2-0.20210429002308-3879420cc921/go.mod h1:JA8cRccbGaA1s33RQf7Y1+q9gHmZX1yB/z9WDN1C6fg=
 github.com/seccomp/libseccomp-golang v0.9.2-0.20220502022130-f33da4d89646/go.mod h1:JA8cRccbGaA1s33RQf7Y1+q9gHmZX1yB/z9WDN1C6fg=
-github.com/secure-systems-lab/go-securesystemslib v0.6.0 h1:T65atpAVCJQK14UA57LMdZGpHi4QYSH/9FZyNGqMYIA=
-github.com/secure-systems-lab/go-securesystemslib v0.6.0/go.mod h1:8Mtpo9JKks/qhPG4HGZ2LGMvrPbzuxwfz/f/zLfEWkk=
+github.com/secure-systems-lab/go-securesystemslib v0.7.0 h1:OwvJ5jQf9LnIAS83waAjPbcMsODrTQUpJ02eNLUoxBg=
+github.com/secure-systems-lab/go-securesystemslib v0.7.0/go.mod h1:/2gYnlnHVQ6xeGtfIqFy7Do03K4cdCY0A/GlJLDKLHI=
+github.com/segmentio/asm v1.2.0 h1:9BQrFxC+YOHJlTlHGkTrFWf59nbL3XnCoFLTwDCI7ys=
+github.com/segmentio/asm v1.2.0/go.mod h1:BqMnlJP91P8d+4ibuonYZw9mfnzI9HfxselHZr5aAcs=
 github.com/segmentio/ksuid v1.0.4 h1:sBo2BdShXjmcugAMwjugoGUdUV0pcxY5mW4xKRn3v4c=
 github.com/segmentio/ksuid v1.0.4/go.mod h1:/XUiZBD3kVx5SmUOl55voK5yeAbBNNIed+2O73XgrPE=
 github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo=
@@ -1472,20 +1537,20 @@ github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFR
 github.com/shopspring/decimal v1.3.1 h1:2Usl1nmF/WZucqkFZhnfFYxxxu8LG21F6nPQBE5gKV8=
 github.com/shopspring/decimal v1.3.1/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o=
 github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
-github.com/sigstore/cosign/v2 v2.1.1 h1:HOI6pWaEie0wLituDWWaqC5U9MaXablKNf6QroVhj6k=
-github.com/sigstore/cosign/v2 v2.1.1/go.mod h1:S9KGmdQ/Dd29TdgUwGCNeXR7scJWZwREh4A9Za2PRPY=
-github.com/sigstore/fulcio v1.3.1 h1:0ntW9VbQbt2JytoSs8BOGB84A65eeyvGSavWteYp29Y=
-github.com/sigstore/fulcio v1.3.1/go.mod h1:/XfqazOec45ulJZpyL9sq+OsVQ8g2UOVoNVi7abFgqU=
-github.com/sigstore/rekor v1.2.2-0.20230530122220-67cc9e58bd23 h1:eZY7mQFcc0VvNr0fiAK3/n7kh73+T06KzBEIUYzFSDQ=
-github.com/sigstore/rekor v1.2.2-0.20230530122220-67cc9e58bd23/go.mod h1:h1tOLhldpfILtziWpUDgGBu0vulWk9Kh72t6XzBGJok=
-github.com/sigstore/sigstore v1.7.1 h1:fCATemikcBK0cG4+NcM940MfoIgmioY1vC6E66hXxks=
-github.com/sigstore/sigstore v1.7.1/go.mod h1:0PmMzfJP2Y9+lugD0wer4e7TihR5tM7NcIs3bQNk5xg=
-github.com/sigstore/sigstore/pkg/signature/kms/aws v1.7.1 h1:rDHrG/63b3nBq3G9plg7iYnWN6lBhOfq/XultlCZgII=
-github.com/sigstore/sigstore/pkg/signature/kms/azure v1.7.1 h1:X3ezwolP+b1jP3R6XPOWhUU0TZKONiv6EIRuySlZGrY=
-github.com/sigstore/sigstore/pkg/signature/kms/gcp v1.7.1 h1:mj1KhdzzP1me994bt1UXhq5KZGSR1SoqxTqcT+hfPMk=
-github.com/sigstore/sigstore/pkg/signature/kms/hashivault v1.7.1 h1:fhOToGY5fC5TY101an8i/oDYpoLzUJ1nUFwhnHA1+XY=
-github.com/sigstore/timestamp-authority v1.1.1 h1:EldrdeBED0edNzDMvYZDf5CyWgtSchtR9DKYyksNR8M=
-github.com/sigstore/timestamp-authority v1.1.1/go.mod h1:cEDLEHl/L3ppqKDaiZ3Cg4ikcaYleuq90I/BFNePzF0=
+github.com/sigstore/cosign/v2 v2.2.1 h1:HauwPOMYYaVdQsnvUbF0P+ZsVPrkTB0G7Eq65+z1bQc=
+github.com/sigstore/cosign/v2 v2.2.1/go.mod h1:4l1hELKWoFYzZ/p7+umrK6dhdBoBW0JbQRCIjOZIM9g=
+github.com/sigstore/fulcio v1.4.3 h1:9JcUCZjjVhRF9fmhVuz6i1RyhCc/EGCD7MOl+iqCJLQ=
+github.com/sigstore/fulcio v1.4.3/go.mod h1:BQPWo7cfxmJwgaHlphUHUpFkp5+YxeJes82oo39m5og=
+github.com/sigstore/rekor v1.3.3 h1:pLZ0UjutL7SUdeiysmJCabnRqvI7DsIxnJj8c/+e0Fk=
+github.com/sigstore/rekor v1.3.3/go.mod h1:GO3udo2Xiu3/Uz4/U3vgjVq7w5Yq7eSpAFP1z7gE+yA=
+github.com/sigstore/sigstore v1.7.5 h1:ij55dBhLwjICmLTBJZm7SqoQLdsu/oowDanACcJNs48=
+github.com/sigstore/sigstore v1.7.5/go.mod h1:9OCmYWhzuq/G4e1cy9m297tuMRJ1LExyrXY3ZC3Zt/s=
+github.com/sigstore/sigstore/pkg/signature/kms/aws v1.7.5 h1:ilufPp36exfpivctI3ElU4ZTckP3eVu6RxYebBb6u+M=
+github.com/sigstore/sigstore/pkg/signature/kms/azure v1.7.5 h1:gLdNJJo+xMf7+IeFRlyA/Pjavndo9rivmf5ioYeuPmM=
+github.com/sigstore/sigstore/pkg/signature/kms/gcp v1.7.5 h1:Ku3MD55VXR7+uezCS4LOY0+y2EZFlGCGFyzl+ZSoPyo=
+github.com/sigstore/sigstore/pkg/signature/kms/hashivault v1.7.5 h1:yWNBuL52Je3ukUGry1qwg00ujJF2UFWShzXFIAtmxZU=
+github.com/sigstore/timestamp-authority v1.2.0 h1:Ffk10QsHxu6aLwySQ7WuaoWkD63QkmcKtozlEFot/VI=
+github.com/sigstore/timestamp-authority v1.2.0/go.mod h1:ojKaftH78Ovfow9DzuNl5WgTCEYSa4m5622UkKDHRXc=
 github.com/sirupsen/logrus v1.0.4-0.20170822132746-89742aefa4b2/go.mod h1:pMByvHTf9Beacp5x1UXfOR9xyW/9antXMhjMPG0dEzc=
 github.com/sirupsen/logrus v1.0.6/go.mod h1:pMByvHTf9Beacp5x1UXfOR9xyW/9antXMhjMPG0dEzc=
 github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
@@ -1507,13 +1572,15 @@ github.com/smartystreets/goconvey v0.0.0-20190330032615-68dc04aab96a/go.mod h1:s
 github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
 github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM=
 github.com/soheilhy/cmux v0.1.5/go.mod h1:T7TcVDs9LWfQgPlPsdngu6I6QIoyIFZDDC6sNE1GqG0=
+github.com/sourcegraph/conc v0.3.0 h1:OQTbbt6P72L20UqAkXXuLOj79LfEanQ+YQFNpLA9ySo=
+github.com/sourcegraph/conc v0.3.0/go.mod h1:Sdozi7LEKbFPqYX2/J+iBAM6HpqSLTASQIKqDmF7Mt0=
 github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
+github.com/spaolacci/murmur3 v1.1.0 h1:7c1g84S4BPRrfL5Xrdp6fOJ206sU9y293DDHaoy0bLI=
 github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ=
 github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk=
-github.com/spf13/afero v1.4.1/go.mod h1:Ai8FlHk4v/PARR026UzYexafAt9roJ7LcLMAmO6Z93I=
 github.com/spf13/afero v1.6.0/go.mod h1:Ai8FlHk4v/PARR026UzYexafAt9roJ7LcLMAmO6Z93I=
-github.com/spf13/afero v1.9.5 h1:stMpOSZFs//0Lv29HduCmli3GUfpFoF3Y1Q/aXj/wVM=
-github.com/spf13/afero v1.9.5/go.mod h1:UBogFpq8E9Hx+xc5CNTTEpTnuHVmXDwZcZcE1eb/UhQ=
+github.com/spf13/afero v1.10.0 h1:EaGW2JJh15aKOejeuJ+wpFSHnbd7GE6Wvp3TsNhb6LY=
+github.com/spf13/afero v1.10.0/go.mod h1:UBogFpq8E9Hx+xc5CNTTEpTnuHVmXDwZcZcE1eb/UhQ=
 github.com/spf13/cast v0.0.0-20150508191742-4d07383ffe94/go.mod h1:r2rcYCSwa1IExKTDiTfzaxqT2FNHs8hODu4LnUfgKEg=
 github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
 github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
@@ -1528,11 +1595,10 @@ github.com/spf13/cobra v1.0.0/go.mod h1:/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHN
 github.com/spf13/cobra v1.1.3/go.mod h1:pGADOWyqRD/YMrPZigI/zbliZ2wVD/23d+is3pSWzOo=
 github.com/spf13/cobra v1.2.1/go.mod h1:ExllRjgxM/piMAM+3tAZvg8fsklGAf3tPfi+i8t68Nk=
 github.com/spf13/cobra v1.4.0/go.mod h1:Wo4iy3BUC+X2Fybo0PDqwJIv3dNRiZLHQymsfxlB84g=
-github.com/spf13/cobra v1.7.0 h1:hyqWnYt1ZQShIddO5kBpj3vu05/++x6tJ6dg8EC572I=
-github.com/spf13/cobra v1.7.0/go.mod h1:uLxZILRyS/50WlhOIKD7W6V5bgeIt+4sICxh6uRMrb0=
+github.com/spf13/cobra v1.8.0 h1:7aJaZx1B85qltLMc546zn58BxxfZdR/W22ej9CFoEf0=
+github.com/spf13/cobra v1.8.0/go.mod h1:WXLWApfZ71AjXPya3WOlMsY9yMs7YeiHhFVlvLyhcho=
 github.com/spf13/jwalterweatherman v0.0.0-20141219030609-3d60171a6431/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo=
 github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo=
-github.com/spf13/jwalterweatherman v1.1.0 h1:ue6voC5bR5F8YxI5S67j9i582FU4Qvo2bmqnqMYADFk=
 github.com/spf13/jwalterweatherman v1.1.0/go.mod h1:aNWZUN0dPAAO/Ljvb5BEdw96iTZ0EXowPYD95IqWIGo=
 github.com/spf13/pflag v0.0.0-20170130214245-9ff6c6923cff/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
 github.com/spf13/pflag v1.0.0/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
@@ -1544,10 +1610,9 @@ github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An
 github.com/spf13/viper v0.0.0-20150530192845-be5ff3e4840c/go.mod h1:A8kyI5cUJhb8N+3pkfONlcEcZbueH6nhAm0Fq7SrnBM=
 github.com/spf13/viper v1.4.0/go.mod h1:PTJ7Z/lr49W6bUbkmS1V3by4uWynFiR9p7+dSq/yZzE=
 github.com/spf13/viper v1.7.0/go.mod h1:8WkrPz2fc9jxqZNCJI/76HCieCp4Q8HaLFoCha5qpdg=
-github.com/spf13/viper v1.7.1/go.mod h1:8WkrPz2fc9jxqZNCJI/76HCieCp4Q8HaLFoCha5qpdg=
 github.com/spf13/viper v1.8.1/go.mod h1:o0Pch8wJ9BVSWGQMbra6iw0oQ5oktSIBaujf1rJH9Ns=
-github.com/spf13/viper v1.16.0 h1:rGGH0XDZhdUOryiDWjmIvUSWpbNqisK8Wk0Vyefw8hc=
-github.com/spf13/viper v1.16.0/go.mod h1:yg78JgCJcbrQOvV9YLXgkLaZqUidkY9K+Dd1FofRzQg=
+github.com/spf13/viper v1.17.0 h1:I5txKw7MJasPL/BrfkbA0Jyo/oELqVmux4pR/UxOMfI=
+github.com/spf13/viper v1.17.0/go.mod h1:BmMMMLQXSbcHK6KAOiFLz0l5JHrU89OdIRHvsk0+yVI=
 github.com/spiffe/go-spiffe/v2 v2.1.6 h1:4SdizuQieFyL9eNU+SPiCArH4kynzaKOOj0VvM8R7Xo=
 github.com/spiffe/go-spiffe/v2 v2.1.6/go.mod h1:eVDqm9xFvyqao6C+eQensb9ZPkyNEeaUbqbBpOhBnNk=
 github.com/stefanberger/go-pkcs11uri v0.0.0-20201008174630-78d3cae3a980/go.mod h1:AO3tvPzVZ/ayst6UlUKUv6rcPQInYe3IknH3jYhAKu8=
@@ -1557,8 +1622,8 @@ github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+
 github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE=
 github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
-github.com/stretchr/objx v0.5.0 h1:1zr/of2m5FGMsad5YfcqgdqdWrIhu+EBEJRhR1U7z/c=
 github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
+github.com/stretchr/objx v0.5.1 h1:4VhoImhV/Bm0ToFkXFi8hXNXwpDRZ/ynw3amt82mzq0=
 github.com/stretchr/testify v0.0.0-20180303142811-b89eecf5ca5d/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
@@ -1571,11 +1636,11 @@ github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1F
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
 github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
 github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
-github.com/stretchr/testify v1.8.3/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
 github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
+github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
 github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw=
-github.com/subosito/gotenv v1.4.2 h1:X1TuBLAMDFbaTAChgCBLu3DU3UPyELpnF2jjJ2cz/S8=
-github.com/subosito/gotenv v1.4.2/go.mod h1:ayKnFf/c6rvx/2iiLrJUk1e6plDbT3edrFNGqEflhK0=
+github.com/subosito/gotenv v1.6.0 h1:9NlTDc1FTs4qu0DDq7AEtTPNw6SVm7uBMsUCUjABIf8=
+github.com/subosito/gotenv v1.6.0/go.mod h1:Dk4QP5c2W3ibzajGcXpNraDfq2IrhjMIvMSWPKKo0FU=
 github.com/sylabs/sif/v2 v2.7.0/go.mod h1:TiyBWsgWeh5yBeQFNuQnvROwswqK7YJT8JA1L53bsXQ=
 github.com/syndtr/gocapability v0.0.0-20170704070218-db04d3cc01c8/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww=
 github.com/syndtr/gocapability v0.0.0-20180916011248-d98352740cb2/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww=
@@ -1586,16 +1651,18 @@ github.com/tchap/go-patricia v2.2.6+incompatible/go.mod h1:bmLyhP68RS6kStMGxByiQ
 github.com/tchap/go-patricia v2.3.0+incompatible/go.mod h1:bmLyhP68RS6kStMGxByiQ23RP/odRBOTVjwp2cDyi6I=
 github.com/thales-e-security/pool v0.0.2 h1:RAPs4q2EbWsTit6tpzuvTFlgFRJ3S8Evf5gtvVDbmPg=
 github.com/thales-e-security/pool v0.0.2/go.mod h1:qtpMm2+thHtqhLzTwgDBj/OuNnMpupY8mv0Phz0gjhU=
-github.com/theupdateframework/go-tuf v0.5.2 h1:habfDzTmpbzBLIFGWa2ZpVhYvFBoK0C1onC3a4zuPRA=
-github.com/theupdateframework/go-tuf v0.5.2/go.mod h1:SyMV5kg5n4uEclsyxXJZI2UxPFJNDc4Y+r7wv+MlvTA=
+github.com/theupdateframework/go-tuf v0.6.1 h1:6J89fGjQf7s0mLmTG7p7pO/MbKOg+bIXhaLyQdmbKuE=
+github.com/theupdateframework/go-tuf v0.6.1/go.mod h1:LAFusuQsFNBnEyYoTuA5zZrF7iaQ4TEgBXm8lb6Vj18=
 github.com/theupdateframework/notary v0.7.0 h1:QyagRZ7wlSpjT5N2qQAh/pN+DVqgekv4DzbAiAiEL3c=
 github.com/theupdateframework/notary v0.7.0/go.mod h1:c9DRxcmhHmVLDay4/2fUYdISnHqbFDGRSlXPO0AhYWw=
 github.com/tidwall/pretty v1.0.0/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk=
-github.com/tidwall/pretty v1.2.0 h1:RWIZEg2iJ8/g6fDDYzMpobmaoGh5OLl4AXtGUGPcqCs=
+github.com/tinylib/msgp v1.1.8 h1:FCXC1xanKO4I8plpHGH2P7koL/RzZs12l/+r7vakfm0=
+github.com/tinylib/msgp v1.1.8/go.mod h1:qkpG+2ldGg4xRFmx+jfTvZPxfGFhi64BcnL9vkCm/Tw=
 github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 h1:e/5i7d4oYZ+C1wj2THlRK+oAhjeS/TRQwMfkIuet3w0=
 github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399/go.mod h1:LdwHTNJT99C5fTAzDz0ud328OgXz+gierycbcIx2fRs=
-github.com/tjfoc/gmsm v1.3.2 h1:7JVkAn5bvUJ7HtU08iW6UiD+UTmJTIToHCfeFzkcCxM=
 github.com/tjfoc/gmsm v1.3.2/go.mod h1:HaUcFuY0auTiaHB9MHFGCPx5IaLhTUd2atbCFBQXn9w=
+github.com/tjfoc/gmsm v1.4.1 h1:aMe1GlZb+0bLjn+cKTPEvvn9oUEBlJitaZiiBwsbgho=
+github.com/tjfoc/gmsm v1.4.1/go.mod h1:j4INPkHWMrhJb38G+J6W4Tw0AbuN8Thu3PbdVYhVcTE=
 github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
 github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
 github.com/tmc/grpc-websocket-proxy v0.0.0-20201229170055-e5319fda7802/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
@@ -1605,21 +1672,21 @@ github.com/transparency-dev/merkle v0.0.2 h1:Q9nBoQcZcgPamMkGn7ghV8XiTZ/kRxn1yCG
 github.com/transparency-dev/merkle v0.0.2/go.mod h1:pqSy+OXefQ1EDUVmAJ8MUhHB9TXGuzVAT58PqBoHz1A=
 github.com/tv42/httpunix v0.0.0-20191220191345-2ba4b9c3382c/go.mod h1:hzIxponao9Kjc7aWznkXaL4U4TWaDSs8zcsY4Ka08nM=
 github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc=
-github.com/ulikunitz/xz v0.5.10 h1:t92gobL9l3HE202wg3rlk19F6X+JOxl9BBrCCMYEYd8=
 github.com/ulikunitz/xz v0.5.10/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=
+github.com/ulikunitz/xz v0.5.11 h1:kpFauv27b6ynzBNT/Xy+1k+fK4WswhN/6PN5WhFAGw8=
+github.com/ulikunitz/xz v0.5.11/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=
 github.com/urfave/cli v0.0.0-20171014202726-7bc6a0acffa5/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA=
 github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA=
 github.com/urfave/cli v1.22.1/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
 github.com/urfave/cli v1.22.2/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
 github.com/urfave/cli v1.22.4/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
-github.com/urfave/cli v1.22.12/go.mod h1:sSBEIC79qR6OvcmsD4U3KABeOTxDqQtdDnaFuUN30b8=
 github.com/valyala/bytebufferpool v1.0.0 h1:GqA5TC/0021Y/b9FG4Oi9Mr3q7XYx6KllzawFIhcdPw=
 github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc=
 github.com/valyala/fasttemplate v1.2.2 h1:lxLXG0uE3Qnshl9QyaK6XJxMXlQZELvChBOCmQD0Loo=
 github.com/valyala/fasttemplate v1.2.2/go.mod h1:KHLXt3tVN2HBp8eijSv/kGJopbvo7S+qRAEEKiv+SiQ=
 github.com/vbatts/tar-split v0.11.2/go.mod h1:vV3ZuO2yWSVsz+pfFzDG/upWH1JhjOiEaWq6kXyQ3VI=
-github.com/vbatts/tar-split v0.11.3 h1:hLFqsOLQ1SsppQNTMpkpPXClLDfC2A3Zgy9OUU+RVck=
-github.com/vbatts/tar-split v0.11.3/go.mod h1:9QlHN18E+fEH7RdG+QAJJcuya3rqT7eXSTY7wGrAokY=
+github.com/vbatts/tar-split v0.11.5 h1:3bHCTIheBm1qFTcgh9oPu+nNBtX+XJIupG/vacinCts=
+github.com/vbatts/tar-split v0.11.5/go.mod h1:yZbwRsSeGjusneWgA781EKej9HF8vme8okylkAeNKLk=
 github.com/vbauerster/mpb/v7 v7.4.1/go.mod h1:Ygg2mV9Vj9sQBWqsK2m2pidcf9H3s6bNKtqd3/M4gBo=
 github.com/vishvananda/netlink v0.0.0-20181108222139-023a6dafdcdf/go.mod h1:+SR5DhBJrl6ZM7CoCKvpw5BKroDKQ+PJqOg65H/2ktk=
 github.com/vishvananda/netlink v1.1.0/go.mod h1:cTgwzPIzzgDAYoQrMm0EdrjRUBkTqKYppBueQtXaqoE=
@@ -1629,17 +1696,17 @@ github.com/vishvananda/netns v0.0.0-20180720170159-13995c7128cc/go.mod h1:ZjcWmF
 github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df/go.mod h1:JP3t17pCcGlemwknint6hfoeCVQrEMVwxRLRjXpq+BU=
 github.com/vishvananda/netns v0.0.0-20200728191858-db3c7e526aae/go.mod h1:DD4vA1DwXk04H54A1oHXtwZmA0grkVMdPxx/VGLCah0=
 github.com/vishvananda/netns v0.0.0-20210104183010-2eb08e3e575f/go.mod h1:DD4vA1DwXk04H54A1oHXtwZmA0grkVMdPxx/VGLCah0=
-github.com/vmihailenco/msgpack/v5 v5.3.5 h1:5gO0H1iULLWGhs2H5tbAHIZTV8/cYafcFOr9znI5mJU=
-github.com/vmihailenco/tagparser/v2 v2.0.0 h1:y09buUbR+b5aycVFQs/g70pqKVZNBmxwAhO7/IwNM9g=
 github.com/willf/bitset v1.1.11-0.20200630133818-d5bec3311243/go.mod h1:RjeCKbqT1RxIR/KWY6phxZiaY1IyutSBfGjNPySAYV4=
 github.com/willf/bitset v1.1.11/go.mod h1:83CECat5yLh5zVOf4P1ErAgKA5UDvKtgyUABdr3+MjI=
-github.com/xanzy/go-gitlab v0.86.0 h1:jR8V9cK9jXRQDb46KOB20NCF3ksY09luaG0IfXE6p7w=
-github.com/xanzy/go-gitlab v0.86.0/go.mod h1:5ryv+MnpZStBH8I/77HuQBsMbBGANtVpLWC15qOjWAw=
+github.com/xanzy/go-gitlab v0.93.2 h1:kNNf3BYNYn/Zkig0B89fma12l36VLcYSGu7OnaRlRDg=
+github.com/xanzy/go-gitlab v0.93.2/go.mod h1:5ryv+MnpZStBH8I/77HuQBsMbBGANtVpLWC15qOjWAw=
 github.com/xdg-go/pbkdf2 v1.0.0/go.mod h1:jrpuAogTd400dnrH08LKmI/xc1MbPOebTwRqcT5RDeI=
 github.com/xdg-go/scram v1.0.2/go.mod h1:1WAq6h33pAW+iRreB34OORO2Nf7qel3VV3fjBj+hCSs=
 github.com/xdg-go/scram v1.1.1/go.mod h1:RaEWvsqvNKKvBPvcKeFjrG2cJqOkHTiyTpzz23ni57g=
+github.com/xdg-go/scram v1.1.2/go.mod h1:RT/sEzTbU5y00aCK8UOx6R7YryM0iF1N2MOmC3kKLN4=
 github.com/xdg-go/stringprep v1.0.2/go.mod h1:8F9zXuvzgwmyT5DUm4GUfZGDdT3W+LCvS6+da4O5kxM=
 github.com/xdg-go/stringprep v1.0.3/go.mod h1:W3f5j4i+9rC0kuIEJL0ky1VpHXQU3ocBgklLGvcBnW8=
+github.com/xdg-go/stringprep v1.0.4/go.mod h1:mPGuuIYwz7CmR2bT9j4GbQqutWS1zV24gijq1dTyGkM=
 github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
 github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb h1:zGWFAtiMcyryUHoUjUJX0/lt1H2+i2Ka2n+D3DImSNo=
 github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
@@ -1672,6 +1739,7 @@ github.com/yvasiyarov/gorelic v0.0.0-20141212073537-a9bba5b9ab50 h1:hlE8//ciYMzt
 github.com/yvasiyarov/gorelic v0.0.0-20141212073537-a9bba5b9ab50/go.mod h1:NUSPSUX/bi6SeDMUh6brw0nXpxHnc96TguQh0+r/ssA=
 github.com/yvasiyarov/newrelic_platform_go v0.0.0-20140908184405-b21fdbd4370f h1:ERexzlUfuTvpE74urLSbIQW0Z/6hF9t8U4NsJLaioAY=
 github.com/yvasiyarov/newrelic_platform_go v0.0.0-20140908184405-b21fdbd4370f/go.mod h1:GlGEuHIJweS1mbCqG+7vt2nvWLzLLnRHbXz5JKd/Qbg=
+github.com/zalando/go-keyring v0.2.2 h1:f0xmpYiSrHtSNAVgwip93Cg8tuF45HJM6rHq/A5RI/4=
 github.com/zeebo/errs v1.3.0 h1:hmiaKqgYZzcVgRL1Vkc1Mn2914BbzB0IBxs+ebeutGs=
 github.com/zeebo/errs v1.3.0/go.mod h1:sgbWHsvVuTPHcqJJGQ1WhI5KbWlHYz+2+2C/LSEtCw4=
 go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
@@ -1689,8 +1757,8 @@ go.etcd.io/etcd/server/v3 v3.5.0/go.mod h1:3Ah5ruV+M+7RZr0+Y/5mNLwC+eQlni+mQmOVd
 go.mongodb.org/mongo-driver v1.7.3/go.mod h1:NqaYOwnXWr5Pm7AOpO5QFxKJ503nbMse/R79oO62zWg=
 go.mongodb.org/mongo-driver v1.7.5/go.mod h1:VXEWRZ6URJIkUq2SCAyapmhH0ZLRBP+FT4xhp5Zvxng=
 go.mongodb.org/mongo-driver v1.10.0/go.mod h1:wsihk0Kdgv8Kqu1Anit4sfK+22vSFbUrAVEYRhCXrA8=
-go.mongodb.org/mongo-driver v1.11.3 h1:Ql6K6qYHEzB6xvu4+AU0BoRoqf9vFPcc4o7MUIdPW8Y=
-go.mongodb.org/mongo-driver v1.11.3/go.mod h1:PTSz5yu21bkT/wXpkS7WR5f0ddqw5quethTUn9WM+2g=
+go.mongodb.org/mongo-driver v1.12.1 h1:nLkghSU8fQNaK7oUmDhQFsnrtcoNy7Z6LVFKsEecqgE=
+go.mongodb.org/mongo-driver v1.12.1/go.mod h1:/rGBTebI3XYboVmgz+Wv3Bcbl3aD0QF9zl6kDDw18rQ=
 go.mozilla.org/pkcs7 v0.0.0-20200128120323-432b2356ecb1/go.mod h1:SNgMg+EgDFwmvSmLRTNKC5fegJjB7v23qTQ0XLGUNHk=
 go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
 go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
@@ -1707,49 +1775,57 @@ go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.2
 go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.20.0/go.mod h1:2AboqHi0CiIZU0qwhtUfCYD1GeUzvvIXWNkhDt7ZMG4=
 go.opentelemetry.io/otel v0.20.0/go.mod h1:Y3ugLH2oa81t5QO+Lty+zXf8zC9L26ax4Nzoxm/dooo=
 go.opentelemetry.io/otel v1.3.0/go.mod h1:PWIKzi6JCp7sM0k9yZ43VX+T345uNbAkDKwHVjb2PTs=
-go.opentelemetry.io/otel v1.16.0 h1:Z7GVAX/UkAXPKsy94IU+i6thsQS4nb7LviLpnaNeW8s=
-go.opentelemetry.io/otel v1.16.0/go.mod h1:vl0h9NUa1D5s1nv3A5vZOYWn8av4K8Ml6JDeHrT/bx4=
+go.opentelemetry.io/otel v1.19.0 h1:MuS/TNf4/j4IXsZuJegVzI1cwut7Qc00344rgH7p8bs=
+go.opentelemetry.io/otel v1.19.0/go.mod h1:i0QyjOq3UPoTzff0PJB2N66fb4S0+rSbSB15/oyH9fY=
 go.opentelemetry.io/otel/exporters/otlp v0.20.0/go.mod h1:YIieizyaN77rtLJra0buKiNBOm9XQfkPEKBeuhoMwAM=
 go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.3.0/go.mod h1:VpP4/RMn8bv8gNo9uK7/IMY4mtWLELsS+JIP0inH0h4=
 go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.3.0/go.mod h1:hO1KLR7jcKaDDKDkvI9dP/FIhpmna5lkqPUQdEjFAM8=
 go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.3.0/go.mod h1:keUU7UfnwWTWpJ+FWnyqmogPa82nuU5VUANFq49hlMY=
 go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.3.0/go.mod h1:QNX1aly8ehqqX1LEa6YniTU7VY9I6R3X/oPxhGdTceE=
 go.opentelemetry.io/otel/metric v0.20.0/go.mod h1:598I5tYlH1vzBjn+BTuhzTCSb/9debfNp6R3s7Pr1eU=
-go.opentelemetry.io/otel/metric v1.16.0 h1:RbrpwVG1Hfv85LgnZ7+txXioPDoh6EdbZHo26Q3hqOo=
-go.opentelemetry.io/otel/metric v1.16.0/go.mod h1:QE47cpOmkwipPiefDwo2wDzwJrlfxxNYodqc4xnGCo4=
+go.opentelemetry.io/otel/metric v1.19.0 h1:aTzpGtV0ar9wlV4Sna9sdJyII5jTVJEvKETPiOKwvpE=
+go.opentelemetry.io/otel/metric v1.19.0/go.mod h1:L5rUsV9kM1IxCj1MmSdS+JQAcVm319EUrDVLrt7jqt8=
 go.opentelemetry.io/otel/oteltest v0.20.0/go.mod h1:L7bgKf9ZB7qCwT9Up7i9/pn0PWIa9FqQ2IQ8LoxiGnw=
 go.opentelemetry.io/otel/sdk v0.20.0/go.mod h1:g/IcepuwNsoiX5Byy2nNV0ySUF1em498m7hBWC279Yc=
 go.opentelemetry.io/otel/sdk v1.3.0/go.mod h1:rIo4suHNhQwBIPg9axF8V9CA72Wz2mKF1teNrup8yzs=
-go.opentelemetry.io/otel/sdk v1.16.0 h1:Z1Ok1YsijYL0CSJpHt4cS3wDDh7p572grzNrBMiMWgE=
+go.opentelemetry.io/otel/sdk v1.19.0 h1:6USY6zH+L8uMH8L3t1enZPR3WFEmSTADlqldyHtJi3o=
 go.opentelemetry.io/otel/sdk/export/metric v0.20.0/go.mod h1:h7RBNMsDJ5pmI1zExLi+bJK+Dr8NQCh0qGhm1KDnNlE=
 go.opentelemetry.io/otel/sdk/metric v0.20.0/go.mod h1:knxiS8Xd4E/N+ZqKmUPf3gTTZ4/0TjTXukfxjzSTpHE=
 go.opentelemetry.io/otel/trace v0.20.0/go.mod h1:6GjCW8zgDjwGHGa6GkyeB8+/5vjT16gUEi0Nf1iBdgw=
 go.opentelemetry.io/otel/trace v1.3.0/go.mod h1:c/VDhno8888bvQYmbYLqe41/Ldmr/KKunbvWM4/fEjk=
-go.opentelemetry.io/otel/trace v1.16.0 h1:8JRpaObFoW0pxuVPapkgH8UhHQj+bJW8jJsCZEu5MQs=
-go.opentelemetry.io/otel/trace v1.16.0/go.mod h1:Yt9vYq1SdNz3xdjZZK7wcXv1qv2pwLkqr2QVwea0ef0=
+go.opentelemetry.io/otel/trace v1.19.0 h1:DFVQmlVbfVeOuBRrwdtaehRrWiL1JoVs9CPIQ1Dzxpg=
+go.opentelemetry.io/otel/trace v1.19.0/go.mod h1:mfaSyvGyEJEI0nyV2I4qhNQnbBOUUmYZpYojqMnX2vo=
 go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI=
 go.opentelemetry.io/proto/otlp v0.11.0/go.mod h1:QpEjXPrNQzrFDZgoTo49dgHR9RYRSrg3NAKnUGl9YpQ=
 go.starlark.net v0.0.0-20221028183056-acb66ad56dd2 h1:5/KzhcSqd4UgY51l17r7C5g/JiE6DRw1Vq7VJfQHuMc=
 go.starlark.net v0.0.0-20221028183056-acb66ad56dd2/go.mod h1:kIVgS18CjmEC3PqMd5kaJSGEifyV/CeB9x506ZJ1Vbk=
-go.step.sm/crypto v0.32.1 h1:kAiL21zTqAgYu1geOYxH+ApUCUX+oclB25TccnNEYTU=
-go.step.sm/crypto v0.32.1/go.mod h1:JwarCq+Sn6N8IbRSKfSJfjUNKfO8c4N1mcNxYXuxXzc=
+go.step.sm/crypto v0.36.1 h1:hrHIc0qVcOowJB/r1SgPGu10d59onUw3czYeMLJluBc=
+go.step.sm/crypto v0.36.1/go.mod h1:3b2wJhYMWzHpc8ke4CvTXOehx/FK5acd8rwXt+c8g68=
 go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
 go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
 go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
-go.uber.org/atomic v1.10.0 h1:9qC72Qh0+3MqyJbAn8YU5xVq1frD8bn3JtD2oXtafVQ=
-go.uber.org/atomic v1.10.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0=
+go.uber.org/atomic v1.9.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
+go.uber.org/atomic v1.11.0 h1:ZvwS0R+56ePWxUNi+Atn9dWONBPp/AUETXlHW0DxSjE=
+go.uber.org/atomic v1.11.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0=
 go.uber.org/goleak v1.1.10/go.mod h1:8a7PlsEVH3e/a/GLqe5IIrQx6GzcnRmZEufDUTk4A7A=
 go.uber.org/goleak v1.1.11/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ=
 go.uber.org/goleak v1.1.12/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ=
-go.uber.org/goleak v1.2.1 h1:NBol2c7O1ZokfZ0LEU9K6Whx/KnwvepVetCUhtKja4A=
+go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
 go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0=
 go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU=
 go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
 go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
 go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q=
 go.uber.org/zap v1.17.0/go.mod h1:MXVU+bhUf/A7Xi2HNOnopQOrmycQ5Ih87HtOu4q5SSo=
-go.uber.org/zap v1.24.0 h1:FiJd5l1UOLj0wCgbSE0rwwXHzEdAZS6hiiSnxJN/D60=
 go.uber.org/zap v1.24.0/go.mod h1:2kMP+WWQ8aoFoedH3T2sq6iJ2yDWpHbP0f6MQbS9Gkg=
+go.uber.org/zap v1.26.0 h1:sI7k6L95XOKS281NhVKOFCUNIvv9e0w4BF8N3u+tCRo=
+go.uber.org/zap v1.26.0/go.mod h1:dtElttAiwGvoJ/vj4IwHBS/gXsEu/pZ50mUIRWuG0so=
+go4.org/intern v0.0.0-20211027215823-ae77deb06f29/go.mod h1:cS2ma+47FKrLPdXFpr7CuxiTW3eyJbWew4qx0qtQWDA=
+go4.org/intern v0.0.0-20230525184215-6c62f75575cb h1:ae7kzL5Cfdmcecbh22ll7lYP3iuUdnfnhiPcSaDgH/8=
+go4.org/intern v0.0.0-20230525184215-6c62f75575cb/go.mod h1:Ycrt6raEcnF5FTsLiLKkhBTO6DPX3RCUCUVnks3gFJU=
+go4.org/unsafe/assume-no-moving-gc v0.0.0-20211027215541-db492cf91b37/go.mod h1:FftLjUGFEDu5k8lt0ddY+HcrH/qU/0qk+H8j9/nTl3E=
+go4.org/unsafe/assume-no-moving-gc v0.0.0-20230525183740-e7c30c78aeb2 h1:WJhcL4p+YeDxmZWg141nRm7XC8IDmhz7lk5GpadO1Sg=
+go4.org/unsafe/assume-no-moving-gc v0.0.0-20230525183740-e7c30c78aeb2/go.mod h1:FftLjUGFEDu5k8lt0ddY+HcrH/qU/0qk+H8j9/nTl3E=
 golang.org/x/crypto v0.0.0-20171113213409-9f005a07e0d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20181009213950-7c1a557ab941/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
@@ -1772,6 +1848,7 @@ golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPh
 golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20200820211705-5c72a883971a/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20201012173705-84dcc777aaee/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20201117144127-c1f2f97bffc9/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
 golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
 golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
@@ -1779,13 +1856,14 @@ golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm
 golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/crypto v0.0.0-20220314234659-1baeb1ce4c0b/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
+golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
 golang.org/x/crypto v0.5.0/go.mod h1:NK/OQwhpMQP3MwtdjgLlYHnH9ebylxKWv3e0fK+mkQU=
 golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58=
 golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
+golang.org/x/crypto v0.10.0/go.mod h1:o4eNf7Ede1fv+hwOwZsTHl9EsPFO6q6ZvYR8vYfY45I=
 golang.org/x/crypto v0.14.0 h1:wBqGXzWJW6m1XrIKlAH0Hs1JJ7+9KBwnIO8v66Q9cHc=
 golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
@@ -1798,8 +1876,8 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0
 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
 golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM=
 golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU=
-golang.org/x/exp v0.0.0-20230321023759-10a507213a29 h1:ooxPy7fPvB4kwsA2h+iBNHkAbp/4JxTSwCmvdjEYmug=
-golang.org/x/exp v0.0.0-20230321023759-10a507213a29/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc=
+golang.org/x/exp v0.0.0-20231006140011-7918f672742d h1:jtJma62tbqLibJ5sFQz8bKtEM8rJBtfilJ2qTU199MI=
+golang.org/x/exp v0.0.0-20231006140011-7918f672742d/go.mod h1:ldy0pHrwJyGW56pPQzzkH36rKxoZW1tw7ZJpeKx+hdo=
 golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
 golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
@@ -1827,9 +1905,10 @@ golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
+golang.org/x/mod v0.7.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
-golang.org/x/mod v0.11.0 h1:bUO06HqtnRcc/7l71XBe4WcqTZ+3AH1J59zWDDwLKgU=
-golang.org/x/mod v0.11.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
+golang.org/x/mod v0.13.0 h1:I/DsJXRlw/8l/0c24sM9yb0T4z9liZTduXvdAWYiysY=
+golang.org/x/mod v0.13.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
 golang.org/x/net v0.0.0-20170114055629-f2499483f923/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -1871,6 +1950,7 @@ golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81R
 golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
 golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
 golang.org/x/net v0.0.0-20201006153459-a7d1128ccaa0/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
+golang.org/x/net v0.0.0-20201010224723-4f7140c49acb/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20201031054903-ff519b6c9102/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
@@ -1894,9 +1974,13 @@ golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su
 golang.org/x/net v0.0.0-20220607020251-c690dde0001d/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
 golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
+golang.org/x/net v0.3.0/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE=
 golang.org/x/net v0.5.0/go.mod h1:DivGGAXEgPSlEBzxGzZI+ZLohi+xUj054jfeKui00ws=
 golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
+golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
+golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
+golang.org/x/net v0.11.0/go.mod h1:2L/ixqYpgIVXmeoSA/4Lu7BzTG4KIyPIryS4IsOd1oQ=
 golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM=
 golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
@@ -1913,8 +1997,8 @@ golang.org/x/oauth2 v0.0.0-20210313182246-cd4f82c27b84/go.mod h1:KelEdhl1UZF7XfJ
 golang.org/x/oauth2 v0.0.0-20210402161424-2e8d93401602/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20210819190943-2bc19b11175f/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.9.0 h1:BPpt2kU7oMRq3kCHAA1tbSEshXRw1LpG2ztgDwrzuAs=
-golang.org/x/oauth2 v0.9.0/go.mod h1:qYgFZaFiu6Wg24azG8bdV52QJXJGbZzIIsRCdVKzbLw=
+golang.org/x/oauth2 v0.13.0 h1:jDDenyj+WgFtmV3zYVoi8aE2BwtXFLWOA67ZfNWftiY=
+golang.org/x/oauth2 v0.13.0/go.mod h1:/JMhi4ZRXAf4HG9LiNmxvk+45+96RUlVThiH8FzNBn0=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -1929,8 +2013,8 @@ golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.3.0 h1:ftCYgMx6zT/asHUrPw8BLLscYtGznsLAnjq5RH9P66E=
-golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
+golang.org/x/sync v0.5.0 h1:60k92dhOjHxJkrqnwsfl8KuaHbn/5dl0lUPUklKo3qE=
+golang.org/x/sync v0.5.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sys v0.0.0-20170830134202-bb24a47a89ea/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -2006,7 +2090,6 @@ golang.org/x/sys v0.0.0-20200916030750-2334cc1a136f/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20200922070232-aee5d888a860/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200923182605-d9f96fdee20d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20201005172224-997123666555/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201112073958-5cba982894dd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201117170446-d9b008d0a637/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -2037,7 +2120,6 @@ golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20210831042530-f4d43177bf5e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210903071746-97244b99971b/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210906170528-6f6e22806c34/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20211007075335-d3039528d8ac/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211116061358-0a5406a5449c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
@@ -2045,16 +2127,18 @@ golang.org/x/sys v0.0.0-20220209214540-3681064d5158/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220412211240-33da011f77ad/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220422013727-9388b58f7150/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220627191245-f75cf1eec38b/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220906165534-d0df966e6959/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20221013171732-95e765b1cc43/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.4.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.9.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE=
 golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
@@ -2064,9 +2148,12 @@ golang.org/x/term v0.0.0-20210615171337-6886f2dfbf5b/go.mod h1:jbD1KX2456YbFQfuX
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.0.0-20220526004731-065cf7ba2467/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
+golang.org/x/term v0.3.0/go.mod h1:q750SLmJuPmVoN1blW3UFBPREJfb1KmY3vwxfr+nFDA=
 golang.org/x/term v0.4.0/go.mod h1:9P2UbLfCdcvo3p/nzKvsmas4TnlujnuoV9hGgYzW1lQ=
 golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
 golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U=
+golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo=
+golang.org/x/term v0.9.0/go.mod h1:M6DEAAIenWoTxdKrOltXcmDY3rSplQUkrvaDU5FcQyo=
 golang.org/x/term v0.13.0 h1:bb+I9cTfFazGW51MZqBVmZy7+JEJMouUHTUSKVQLBek=
 golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U=
 golang.org/x/text v0.0.0-20160726164857-2910a502d2bf/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -2081,9 +2168,12 @@ golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ=
 golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
+golang.org/x/text v0.5.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.6.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
+golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
+golang.org/x/text v0.10.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k=
 golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
@@ -2170,14 +2260,17 @@ golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.7/go.mod h1:LGqMHiF4EqQNHR1JncWGqT5BVaXmza+X+BDGol+dOxo=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
+golang.org/x/tools v0.4.0/go.mod h1:UE5sM2OK9E/d67R0ANs2xJizIymRP5gJU295PvKXxjQ=
 golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
-golang.org/x/tools v0.9.3 h1:Gn1I8+64MsuTb/HpH+LmQtNas23LhUVr3rYZ0eKuaMM=
-golang.org/x/tools v0.9.3/go.mod h1:owI94Op576fPu3cIGQeHs3joujW/2Oc6MtlxbF5dfNc=
+golang.org/x/tools v0.14.0 h1:jvNa2pY0M4r62jkRQ6RwEZZyPcymeL9XZMLBbV7U2nc=
+golang.org/x/tools v0.14.0/go.mod h1:uYBEerGOWcJyEORxN+Ek8+TT266gXkNlHdJBwexUsBg=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20220517211312-f3a8303e98df/go.mod h1:K8+ghG5WaK9qNqU5K3HdILfMLy1f3aNYFI/wnl100a8=
+golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 h1:+cNy6SZtPcJQH3LJVLOSmiC7MMxXNOb3PU/VUEz+EhU=
+golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028/go.mod h1:NDW/Ps6MPRej6fsCIbMTohpP40sJ/P/vI1MoTEGwX90=
 gomodules.xyz/jsonpatch/v2 v2.3.0 h1:8NFhfS6gzxNqjLIYnZxg319wZ5Qjnx4m/CcX+Klzazc=
 gomodules.xyz/jsonpatch/v2 v2.3.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY=
 google.golang.org/api v0.0.0-20160322025152-9bf6e6e569ff/go.mod h1:4mhQ8q/RsB7i+udVvVy5NUi08OU8ZlA0gRVgrF7VFY0=
@@ -2203,16 +2296,17 @@ google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjR
 google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU=
 google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94=
 google.golang.org/api v0.44.0/go.mod h1:EBOGZqzyhtvMDoxwS97ctnh0zUmYY6CxqXsc1AvkYD8=
-google.golang.org/api v0.128.0 h1:RjPESny5CnQRn9V6siglged+DZCgfu9l6mO9dkX9VOg=
-google.golang.org/api v0.128.0/go.mod h1:Y611qgqaE92On/7g65MQgxYul3c0rEB894kniWLY750=
+google.golang.org/api v0.149.0 h1:b2CqT6kG+zqJIVKRQ3ELJVLN1PwHZ6DJ3dW8yl82rgY=
+google.golang.org/api v0.149.0/go.mod h1:Mwn1B7JTXrzXtnvmzQE2BD6bYZQ8DShKZDZbeN9I7qI=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0=
 google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
 google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
-google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c=
 google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
+google.golang.org/appengine v1.6.8 h1:IhEN5q69dyKagZPYMSdIjS2HqprW324FRQZJcGqPAsM=
+google.golang.org/appengine v1.6.8/go.mod h1:1jJ3jBArFh5pcgW8gCtRJnepW8FzD1V44FJffLiz/Ds=
 google.golang.org/cloud v0.0.0-20151119220103-975617b05ea8/go.mod h1:0H1ncTHf11KCFhTc/+EFRbzSCOZx+VUbRMk55Yv5MYk=
 google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
 google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
@@ -2266,10 +2360,10 @@ google.golang.org/genproto v0.0.0-20210831024726-fe130286e0e2/go.mod h1:eFjDcFEc
 google.golang.org/genproto v0.0.0-20211208223120-3a66f561d7aa/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
 google.golang.org/genproto v0.0.0-20220107163113-42d7afdf6368/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
 google.golang.org/genproto v0.0.0-20220304144024-325a89244dc8/go.mod h1:kGP+zUP2Ddo0ayMi4YuN7C3WZyJvGLZRh8Z5wnAqvEI=
-google.golang.org/genproto v0.0.0-20230530153820-e85fd2cbaebc h1:8DyZCyvI8mE1IdLy/60bS+52xfymkE72wv1asokgtao=
-google.golang.org/genproto/googleapis/api v0.0.0-20230530153820-e85fd2cbaebc h1:kVKPf/IiYSBWEWtkIn6wZXwWGCnLKcC8oWfZvXjsGnM=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20230530153820-e85fd2cbaebc h1:XSJ8Vk1SWuNr8S18z1NZSziL0CPIXLCCMDOEFtHBOFc=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20230530153820-e85fd2cbaebc/go.mod h1:66JfowdXAEgad5O9NnYcsNPLCPZJD++2L9X0PCMODrA=
+google.golang.org/genproto v0.0.0-20231016165738-49dd2c1f3d0b h1:+YaDE2r2OG8t/z5qmsh7Y+XXwCbvadxxZ0YY6mTdrVA=
+google.golang.org/genproto/googleapis/api v0.0.0-20231016165738-49dd2c1f3d0b h1:CIC2YMXmIhYw6evmhPxBKJ4fmLbOFtXQN/GV3XOZR8k=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20231016165738-49dd2c1f3d0b h1:ZlWIi1wSK56/8hn4QcBp/j9M7Gt3U/3hZw3mC7vDICo=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20231016165738-49dd2c1f3d0b/go.mod h1:swOH3j0KzcDDgGUWr+SNpyTen5YrXjS3eyPzFYKc6lc=
 google.golang.org/grpc v0.0.0-20160317175043-d3ddb4469d5a/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw=
 google.golang.org/grpc v1.0.5/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
@@ -2300,9 +2394,8 @@ google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9K
 google.golang.org/grpc v1.42.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU=
 google.golang.org/grpc v1.43.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU=
 google.golang.org/grpc v1.44.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU=
-google.golang.org/grpc v1.45.0/go.mod h1:lN7owxKUQEqMfSyQikvvk5tf/6zMPsrK+ONuO11+0rQ=
-google.golang.org/grpc v1.56.3 h1:8I4C0Yq1EjstUzUJzpcRVbuYA2mODtEmpWiQoN/b2nc=
-google.golang.org/grpc v1.56.3/go.mod h1:I9bI3vqKfayGqPUAwGdOSu7kt6oIJLixfffKrpXqQ9s=
+google.golang.org/grpc v1.59.0 h1:Z5Iec2pjwb+LEOqzpB2MR12/eKFhDPhuqW91O+4bwUk=
+google.golang.org/grpc v1.59.0/go.mod h1:aUPDwccQo6OTjy7Hct4AfBPD1GptF4fyUjIkQ9YtF98=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
 google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
 google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
@@ -2316,11 +2409,13 @@ google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlba
 google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
 google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-google.golang.org/protobuf v1.30.0 h1:kPPoIgf3TsEvrm0PFe15JQ+570QVxYzEvvHqChK+cng=
-google.golang.org/protobuf v1.30.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
+google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
+google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs8=
+google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
+gopkg.in/DataDog/dd-trace-go.v1 v1.56.1 h1:AUe/ZF7xm6vYnigPe+TY54DmfWYJxhMRaw/TfvrbzvE=
+gopkg.in/DataDog/dd-trace-go.v1 v1.56.1/go.mod h1:KDLJ3CWVOSuVVwu+0ZR5KZo2rP6c7YyBV3v387dIpUU=
 gopkg.in/airbrake/gobrake.v2 v2.0.9/go.mod h1:/h5ZAUhDkGaJfjzjKLSjv6zCL6O0LLBxU4K+aSYdM/U=
 gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
-gopkg.in/alexcesaro/statsd.v2 v2.0.0 h1:FXkZSCZIH17vLCO5sO2UucTHsH9pc+17F6pl3JVCwMc=
 gopkg.in/cenkalti/backoff.v2 v2.2.1 h1:eJ9UAg01/HIHG987TwxvnzK2MgxXq97YY6rYDpY9aII=
 gopkg.in/cenkalti/backoff.v2 v2.2.1/go.mod h1:S0QdOvT2AlerfSBkp0O+dk+bbIMaNbEmVk876gPCthU=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
@@ -2334,6 +2429,8 @@ gopkg.in/cheggaaa/pb.v1 v1.0.25/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qS
 gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
 gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
 gopkg.in/gemnasium/logrus-airbrake-hook.v2 v2.1.2/go.mod h1:Xk6kEKp8OKb+X14hQBKWaSkCsqBpgog8nAV2xsGOxlo=
+gopkg.in/go-jose/go-jose.v2 v2.6.1 h1:qEzJlIDmG9q5VO0M/o8tGS65QMHMS1w01TQJB1VPJ4U=
+gopkg.in/go-jose/go-jose.v2 v2.6.1/go.mod h1:zzZDPkNNw/c9IE7Z9jr11mBZQhKQTMzoEEIoEdZlFBI=
 gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
 gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
 gopkg.in/ini.v1 v1.51.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
@@ -2374,7 +2471,7 @@ gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo=
 gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw=
 gotest.tools/v3 v3.0.2/go.mod h1:3SzNCllyD9/Y+b5r9JIKQ474KzkZyqLqEfYqMsX94Bk=
 gotest.tools/v3 v3.0.3/go.mod h1:Z7Lb0S5l+klDB31fvDQX8ss/FlKDxtlFlw3Oa8Ymbl8=
-gotest.tools/v3 v3.4.0 h1:ZazjZUfuVeZGLAmlKKuyv3IKP5orXcwtOwDQH6YVr6o=
+gotest.tools/v3 v3.5.1 h1:EENdUnS3pdur5nybKYIh2Vfgc8IUNBjxDPSjtiJcOzU=
 helm.sh/helm/v3 v3.12.2 h1:kFyDBr/mgJUlyGzVTCieG4wW0zmo7fcNRWK0+FKkxqU=
 helm.sh/helm/v3 v3.12.2/go.mod h1:v1PMayudIfZAvec3Wp4wAErensvK/rv5fu/xCiE6t3I=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
@@ -2384,13 +2481,14 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh
 honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
 honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
 honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
-honnef.co/go/tools v0.0.1-2020.1.5/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
+inet.af/netaddr v0.0.0-20230525184311-b8eac61e914a h1:1XCVEdxrvL6c0TGOhecLuB7U9zYNdxZEjvOqJreKZiM=
+inet.af/netaddr v0.0.0-20230525184311-b8eac61e914a/go.mod h1:e83i32mAQOW1LAqEIweALsuK2Uw4mhQadA5r7b0Wobo=
 k8s.io/api v0.20.1/go.mod h1:KqwcCVogGxQY3nBlRpwt+wpAMF/KjaCc7RpywacvqUo=
 k8s.io/api v0.20.4/go.mod h1:++lNL1AJMkDymriNniQsWRkMDzRaX2Y/POTUi8yvqYQ=
 k8s.io/api v0.20.6/go.mod h1:X9e8Qag6JV/bL5G6bU8sdVRltWKmdHsFUGS3eVndqE8=
 k8s.io/api v0.22.5/go.mod h1:mEhXyLaSD1qTOf40rRiKXkc+2iCem09rWLlFwhCEiAs=
-k8s.io/api v0.27.3 h1:yR6oQXXnUEBWEWcvPWS0jQL575KoAboQPfJAuKNrw5Y=
-k8s.io/api v0.27.3/go.mod h1:C4BNvZnQOF7JA/0Xed2S+aUyJSfTGkGFxLXz9MnpIpg=
+k8s.io/api v0.28.3 h1:Gj1HtbSdB4P08C8rs9AR94MfSGpRhJgsS+GF9V26xMM=
+k8s.io/api v0.28.3/go.mod h1:MRCV/jr1dW87/qJnZ57U5Pak65LGmQVkKTzf3AtKFHc=
 k8s.io/apiextensions-apiserver v0.27.2 h1:iwhyoeS4xj9Y7v8YExhUwbVuBhMr3Q4bd/laClBV6Bo=
 k8s.io/apiextensions-apiserver v0.27.2/go.mod h1:Oz9UdvGguL3ULgRdY9QMUzL2RZImotgxvGjdWRq6ZXQ=
 k8s.io/apimachinery v0.18.6/go.mod h1:OaXp26zu/5J7p0f92ASynJa1pZo06YlV9fG7BoWbCko=
@@ -2400,8 +2498,8 @@ k8s.io/apimachinery v0.20.4/go.mod h1:WlLqWAHZGg07AeltaI0MV5uk1Omp8xaN0JGLY6gkRp
 k8s.io/apimachinery v0.20.6/go.mod h1:ejZXtW1Ra6V1O5H8xPBGz+T3+4gfkTCeExAHKU57MAc=
 k8s.io/apimachinery v0.22.1/go.mod h1:O3oNtNadZdeOMxHFVxOreoznohCpy0z6mocxbZr7oJ0=
 k8s.io/apimachinery v0.22.5/go.mod h1:xziclGKwuuJ2RM5/rSFQSYAj0zdbci3DH8kj+WvyN0U=
-k8s.io/apimachinery v0.27.3 h1:Ubye8oBufD04l9QnNtW05idcOe9Z3GQN8+7PqmuVcUM=
-k8s.io/apimachinery v0.27.3/go.mod h1:XNfZ6xklnMCOGGFNqXG7bUrQCoR04dh/E7FprV6pb+E=
+k8s.io/apimachinery v0.28.3 h1:B1wYx8txOaCQG0HmYF6nbpU8dg6HvA06x5tEffvOe7A=
+k8s.io/apimachinery v0.28.3/go.mod h1:uQTKmIqs+rAYaq+DFaoD2X7pcjLOqbQX2AOiO0nIpb8=
 k8s.io/apiserver v0.20.1/go.mod h1:ro5QHeQkgMS7ZGpvf4tSMx6bBOgPfE+f52KwvXfScaU=
 k8s.io/apiserver v0.20.4/go.mod h1:Mc80thBKOyy7tbvFtB4kJv1kbdD0eIH8k8vianJcbFM=
 k8s.io/apiserver v0.20.6/go.mod h1:QIJXNt6i6JB+0YQRNcS0hdRHJlMhflFmsBDeSgT1r8Q=
@@ -2414,8 +2512,8 @@ k8s.io/client-go v0.20.1/go.mod h1:/zcHdt1TeWSd5HoUe6elJmHSQ6uLLgp4bIJHVEuy+/Y=
 k8s.io/client-go v0.20.4/go.mod h1:LiMv25ND1gLUdBeYxBIwKpkSC5IsozMMmOOeSJboP+k=
 k8s.io/client-go v0.20.6/go.mod h1:nNQMnOvEUEsOzRRFIIkdmYOjAZrC8bgq0ExboWSU1I0=
 k8s.io/client-go v0.22.5/go.mod h1:cs6yf/61q2T1SdQL5Rdcjg9J1ElXSwbjSrW2vFImM4Y=
-k8s.io/client-go v0.27.3 h1:7dnEGHZEJld3lYwxvLl7WoehK6lAq7GvgjxpA3nv1E8=
-k8s.io/client-go v0.27.3/go.mod h1:2MBEKuTo6V1lbKy3z1euEGnhPfGZLKTS9tiJ2xodM48=
+k8s.io/client-go v0.28.3 h1:2OqNb72ZuTZPKCl+4gTKvqao0AMOl9f3o2ijbAj3LI4=
+k8s.io/client-go v0.28.3/go.mod h1:LTykbBp9gsA7SwqirlCXBWtK0guzfhpoW4qSm7i9dxo=
 k8s.io/code-generator v0.18.2/go.mod h1:+UHX5rSbxmR8kzS+FAv7um6dtYrZokQvjHpDSYRVkTc=
 k8s.io/code-generator v0.19.7/go.mod h1:lwEq3YnLYb/7uVXLorOJfxg+cUu2oihFhHZ0n9NIla0=
 k8s.io/component-base v0.20.1/go.mod h1:guxkoJnNoh8LNrbtiQOlyp2Y2XFCZQmrcg2n/DeYNLk=
@@ -2435,8 +2533,8 @@ k8s.io/gengo v0.0.0-20200413195148-3a45101e95ac/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8
 k8s.io/gengo v0.0.0-20200428234225-8167cfdcfc14/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
 k8s.io/gengo v0.0.0-20201113003025-83324d819ded/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E=
 k8s.io/gengo v0.0.0-20201203183100-97869a43a9d9/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E=
-k8s.io/gengo v0.0.0-20220902162205-c0856e24416d h1:U9tB195lKdzwqicbJvyJeOXV7Klv+wNAWENRnXEGi08=
-k8s.io/gengo v0.0.0-20220902162205-c0856e24416d/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E=
+k8s.io/gengo v0.0.0-20230829151522-9cce18d56c01 h1:pWEwq4Asjm4vjW7vcsmijwBhOr1/shsbSYiWXmNGlks=
+k8s.io/gengo v0.0.0-20230829151522-9cce18d56c01/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E=
 k8s.io/klog v0.0.0-20181102134211-b9b56d5dfc92/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk=
 k8s.io/klog v0.2.0/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk=
 k8s.io/klog v1.0.0 h1:Pt+yjF5aB1xDSVbau4VsWe+dQNzA0qv1LlXdC2dF6Q8=
@@ -2454,16 +2552,16 @@ k8s.io/kube-openapi v0.0.0-20200805222855-6aeccd4b50c6/go.mod h1:UuqjUnNftUyPE5H
 k8s.io/kube-openapi v0.0.0-20201113171705-d219536bb9fd/go.mod h1:WOJ3KddDSol4tAGcJo0Tvi+dK12EcqSLqcWsryKMpfM=
 k8s.io/kube-openapi v0.0.0-20210421082810-95288971da7e/go.mod h1:vHXdDvt9+2spS2Rx9ql3I8tycm3H9FDfdUoIuKCefvw=
 k8s.io/kube-openapi v0.0.0-20211109043538-20434351676c/go.mod h1:vHXdDvt9+2spS2Rx9ql3I8tycm3H9FDfdUoIuKCefvw=
-k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f h1:2kWPakN3i/k81b0gvD5C5FJ2kxm1WrQFanWchyKuqGg=
-k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f/go.mod h1:byini6yhqGC14c3ebc/QwanvYwhuMWF6yz2F8uwW8eg=
+k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00 h1:aVUu9fTY98ivBPKR9Y5w/AuzbMm96cd3YHRTU83I780=
+k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00/go.mod h1:AsvuZPBlUDVuCdzJ87iajxtXuR9oktsTctW/R9wwouA=
 k8s.io/kubectl v0.27.2 h1:sSBM2j94MHBFRWfHIWtEXWCicViQzZsb177rNsKBhZg=
 k8s.io/kubectl v0.27.2/go.mod h1:GCOODtxPcrjh+EC611MqREkU8RjYBh10ldQCQ6zpFKw=
 k8s.io/kubernetes v1.13.0/go.mod h1:ocZa8+6APFNC2tX1DZASIbocyYT5jHzqFVsY5aoB7Jk=
 k8s.io/utils v0.0.0-20201110183641-67b214c5f920/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
 k8s.io/utils v0.0.0-20210819203725-bdf08cb9a70a/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
 k8s.io/utils v0.0.0-20210930125809-cb0fa318a74b/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
-k8s.io/utils v0.0.0-20230406110748-d93618cff8a2 h1:qY1Ad8PODbnymg2pRbkyMT/ylpTrCM8P2RJ0yroCyIk=
-k8s.io/utils v0.0.0-20230406110748-d93618cff8a2/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
+k8s.io/utils v0.0.0-20230726121419-3b25d923346b h1:sgn3ZU783SCgtaSJjpcVVlRqd6GSnlTLKgpAAttJvpI=
+k8s.io/utils v0.0.0-20230726121419-3b25d923346b/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
 oras.land/oras-go v1.2.3 h1:v8PJl+gEAntI1pJ/LCrDgsuk+1PKVavVEPsYIHFE5uY=
 oras.land/oras-go v1.2.3/go.mod h1:M/uaPdYklze0Vf3AakfarnpoEckvw0ESbRdN8Z1vdJg=
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
@@ -2481,17 +2579,18 @@ sigs.k8s.io/kustomize/api v0.13.2 h1:kejWfLeJhUsTGioDoFNJET5LQe/ajzXhJGYoU+pJsiA
 sigs.k8s.io/kustomize/api v0.13.2/go.mod h1:DUp325VVMFVcQSq+ZxyDisA8wtldwHxLZbr1g94UHsw=
 sigs.k8s.io/kustomize/kyaml v0.14.1 h1:c8iibius7l24G2wVAGZn/Va2wNys03GXLjYVIcFVxKA=
 sigs.k8s.io/kustomize/kyaml v0.14.1/go.mod h1:AN1/IpawKilWD7V+YvQwRGUvuUOOWpjsHu6uHwonSF4=
-sigs.k8s.io/release-utils v0.7.4 h1:17LmJrydpUloTCtaoWj95uKlcrUp4h2A9Sa+ZL+lV9w=
-sigs.k8s.io/release-utils v0.7.4/go.mod h1:JEt2QPHItd5Pg2UKLAU8PEaSlF4bUjCZimpxFDgymVU=
+sigs.k8s.io/release-utils v0.7.6 h1:mQxQRAIulbyz6y7eOCzklAelcpYjBj8MMGFcxNnyqto=
+sigs.k8s.io/release-utils v0.7.6/go.mod h1:GZGWmbINwsLGKsoZKTeWUGp4F+Rbwhq4XDtJ45N+dLw=
 sigs.k8s.io/structured-merge-diff/v3 v3.0.0-20200116222232-67a7b8c61874/go.mod h1:PlARxl6Hbt/+BC80dRLi1qAmnMqwqDg62YvvVkZjemw=
 sigs.k8s.io/structured-merge-diff/v3 v3.0.0/go.mod h1:PlARxl6Hbt/+BC80dRLi1qAmnMqwqDg62YvvVkZjemw=
 sigs.k8s.io/structured-merge-diff/v4 v4.0.1/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw=
 sigs.k8s.io/structured-merge-diff/v4 v4.0.2/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw=
 sigs.k8s.io/structured-merge-diff/v4 v4.0.3/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw=
 sigs.k8s.io/structured-merge-diff/v4 v4.1.2/go.mod h1:j/nl6xW8vLS49O8YvXW1ocPhZawJtm+Yrr7PPRQ0Vg4=
-sigs.k8s.io/structured-merge-diff/v4 v4.2.3 h1:PRbqxJClWWYMNV1dhaG4NsibJbArud9kFxnAMREiWFE=
-sigs.k8s.io/structured-merge-diff/v4 v4.2.3/go.mod h1:qjx8mGObPmV2aSZepjQjbmb2ihdVs8cGKBraizNC69E=
+sigs.k8s.io/structured-merge-diff/v4 v4.3.0 h1:UZbZAZfX0wV2zr7YZorDz6GXROfDFj6LvqCRm4VUVKk=
+sigs.k8s.io/structured-merge-diff/v4 v4.3.0/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08=
 sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o=
 sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc=
-sigs.k8s.io/yaml v1.3.0 h1:a2VclLzOGrwOHDiV8EfBGhvjHvP46CtW5j6POvhYGGo=
-sigs.k8s.io/yaml v1.3.0/go.mod h1:GeOyir5tyXNByN85N/dRIT9es5UQNerPYEKK56eTBm8=
+sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E=
+sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY=
+software.sslmate.com/src/go-pkcs12 v0.2.0 h1:nlFkj7bTysH6VkC4fGphtjXRbezREPgrHuJG20hBGPE=
diff --git a/vendor/cloud.google.com/go/compute/internal/version.go b/vendor/cloud.google.com/go/compute/internal/version.go
index 7513e24cc..5692fd4ad 100644
--- a/vendor/cloud.google.com/go/compute/internal/version.go
+++ b/vendor/cloud.google.com/go/compute/internal/version.go
@@ -15,4 +15,4 @@
 package internal
 
 // Version is the current tagged release of the library.
-const Version = "1.19.3"
+const Version = "1.23.2"
diff --git a/vendor/github.com/Azure/go-ansiterm/SECURITY.md b/vendor/github.com/Azure/go-ansiterm/SECURITY.md
new file mode 100644
index 000000000..e138ec5d6
--- /dev/null
+++ b/vendor/github.com/Azure/go-ansiterm/SECURITY.md
@@ -0,0 +1,41 @@
+<!-- BEGIN MICROSOFT SECURITY.MD V0.0.8 BLOCK -->
+
+## Security
+
+Microsoft takes the security of our software products and services seriously, which includes all source code repositories managed through our GitHub organizations, which include [Microsoft](https://github.com/microsoft), [Azure](https://github.com/Azure), [DotNet](https://github.com/dotnet), [AspNet](https://github.com/aspnet), [Xamarin](https://github.com/xamarin), and [our GitHub organizations](https://opensource.microsoft.com/).
+
+If you believe you have found a security vulnerability in any Microsoft-owned repository that meets [Microsoft's definition of a security vulnerability](https://aka.ms/opensource/security/definition), please report it to us as described below.
+
+## Reporting Security Issues
+
+**Please do not report security vulnerabilities through public GitHub issues.**
+
+Instead, please report them to the Microsoft Security Response Center (MSRC) at [https://msrc.microsoft.com/create-report](https://aka.ms/opensource/security/create-report).
+
+If you prefer to submit without logging in, send email to [secure@microsoft.com](mailto:secure@microsoft.com).  If possible, encrypt your message with our PGP key; please download it from the [Microsoft Security Response Center PGP Key page](https://aka.ms/opensource/security/pgpkey).
+
+You should receive a response within 24 hours. If for some reason you do not, please follow up via email to ensure we received your original message. Additional information can be found at [microsoft.com/msrc](https://aka.ms/opensource/security/msrc). 
+
+Please include the requested information listed below (as much as you can provide) to help us better understand the nature and scope of the possible issue:
+
+  * Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.)
+  * Full paths of source file(s) related to the manifestation of the issue
+  * The location of the affected source code (tag/branch/commit or direct URL)
+  * Any special configuration required to reproduce the issue
+  * Step-by-step instructions to reproduce the issue
+  * Proof-of-concept or exploit code (if possible)
+  * Impact of the issue, including how an attacker might exploit the issue
+
+This information will help us triage your report more quickly.
+
+If you are reporting for a bug bounty, more complete reports can contribute to a higher bounty award. Please visit our [Microsoft Bug Bounty Program](https://aka.ms/opensource/security/bounty) page for more details about our active programs.
+
+## Preferred Languages
+
+We prefer all communications to be in English.
+
+## Policy
+
+Microsoft follows the principle of [Coordinated Vulnerability Disclosure](https://aka.ms/opensource/security/cvd).
+
+<!-- END MICROSOFT SECURITY.MD BLOCK -->
diff --git a/vendor/github.com/Azure/go-autorest/autorest/adal/token.go b/vendor/github.com/Azure/go-autorest/autorest/adal/token.go
index c90209a94..2a24ab80c 100644
--- a/vendor/github.com/Azure/go-autorest/autorest/adal/token.go
+++ b/vendor/github.com/Azure/go-autorest/autorest/adal/token.go
@@ -127,6 +127,9 @@ type TokenRefreshCallback func(Token) error
 // TokenRefresh is a type representing a custom callback to refresh a token
 type TokenRefresh func(ctx context.Context, resource string) (*Token, error)
 
+// JWTCallback is the type representing callback that will be called to get the federated OIDC JWT
+type JWTCallback func() (string, error)
+
 // Token encapsulates the access token used to authorize Azure requests.
 // https://docs.microsoft.com/en-us/azure/active-directory/develop/v1-oauth2-client-creds-grant-flow#service-to-service-access-token-response
 type Token struct {
@@ -367,14 +370,18 @@ func (secret ServicePrincipalAuthorizationCodeSecret) MarshalJSON() ([]byte, err
 
 // ServicePrincipalFederatedSecret implements ServicePrincipalSecret for Federated JWTs.
 type ServicePrincipalFederatedSecret struct {
-	jwt string
+	jwtCallback JWTCallback
 }
 
 // SetAuthenticationValues is a method of the interface ServicePrincipalSecret.
 // It will populate the form submitted during OAuth Token Acquisition using a JWT signed by an OIDC issuer.
-func (secret *ServicePrincipalFederatedSecret) SetAuthenticationValues(spt *ServicePrincipalToken, v *url.Values) error {
+func (secret *ServicePrincipalFederatedSecret) SetAuthenticationValues(_ *ServicePrincipalToken, v *url.Values) error {
+	jwt, err := secret.jwtCallback()
+	if err != nil {
+		return err
+	}
 
-	v.Set("client_assertion", secret.jwt)
+	v.Set("client_assertion", jwt)
 	v.Set("client_assertion_type", "urn:ietf:params:oauth:client-assertion-type:jwt-bearer")
 	return nil
 }
@@ -687,6 +694,8 @@ func NewServicePrincipalTokenFromAuthorizationCode(oauthConfig OAuthConfig, clie
 }
 
 // NewServicePrincipalTokenFromFederatedToken creates a ServicePrincipalToken from the supplied federated OIDC JWT.
+//
+// Deprecated: Use NewServicePrincipalTokenFromFederatedTokenWithCallback to refresh jwt dynamically.
 func NewServicePrincipalTokenFromFederatedToken(oauthConfig OAuthConfig, clientID string, jwt string, resource string, callbacks ...TokenRefreshCallback) (*ServicePrincipalToken, error) {
 	if err := validateOAuthConfig(oauthConfig); err != nil {
 		return nil, err
@@ -700,12 +709,37 @@ func NewServicePrincipalTokenFromFederatedToken(oauthConfig OAuthConfig, clientI
 	if jwt == "" {
 		return nil, fmt.Errorf("parameter 'jwt' cannot be empty")
 	}
+	return NewServicePrincipalTokenFromFederatedTokenCallback(
+		oauthConfig,
+		clientID,
+		func() (string, error) {
+			return jwt, nil
+		},
+		resource,
+		callbacks...,
+	)
+}
+
+// NewServicePrincipalTokenFromFederatedTokenCallback creates a ServicePrincipalToken from the supplied federated OIDC JWTCallback.
+func NewServicePrincipalTokenFromFederatedTokenCallback(oauthConfig OAuthConfig, clientID string, jwtCallback JWTCallback, resource string, callbacks ...TokenRefreshCallback) (*ServicePrincipalToken, error) {
+	if err := validateOAuthConfig(oauthConfig); err != nil {
+		return nil, err
+	}
+	if err := validateStringParam(clientID, "clientID"); err != nil {
+		return nil, err
+	}
+	if err := validateStringParam(resource, "resource"); err != nil {
+		return nil, err
+	}
+	if jwtCallback == nil {
+		return nil, fmt.Errorf("parameter 'jwtCallback' cannot be empty")
+	}
 	return NewServicePrincipalTokenWithSecret(
 		oauthConfig,
 		clientID,
 		resource,
 		&ServicePrincipalFederatedSecret{
-			jwt: jwt,
+			jwtCallback: jwtCallback,
 		},
 		callbacks...,
 	)
diff --git a/vendor/github.com/DataDog/appsec-internal-go/LICENSE b/vendor/github.com/DataDog/appsec-internal-go/LICENSE
new file mode 100644
index 000000000..9301dd7ab
--- /dev/null
+++ b/vendor/github.com/DataDog/appsec-internal-go/LICENSE
@@ -0,0 +1,200 @@
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright 2016-present Datadog, Inc.
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
diff --git a/vendor/github.com/DataDog/appsec-internal-go/httpsec/client_ip.go b/vendor/github.com/DataDog/appsec-internal-go/httpsec/client_ip.go
new file mode 100644
index 000000000..3761a7739
--- /dev/null
+++ b/vendor/github.com/DataDog/appsec-internal-go/httpsec/client_ip.go
@@ -0,0 +1,126 @@
+package httpsec
+
+import (
+	"net"
+	"net/textproto"
+	"strings"
+
+	"github.com/DataDog/appsec-internal-go/netip"
+)
+
+const (
+	// RemoteIPTag is the tag name used for the remote HTTP request IP address.
+	RemoteIPTag = "network.client.ip"
+	// ClientIPTag is the tag name used for the client IP deduced from the HTTP
+	// request headers with ClientIP().
+	ClientIPTag = "http.client_ip"
+)
+
+// ClientIPTags returns the resulting Datadog span tags `http.client_ip`
+// containing the client IP and `network.client.ip` containing the remote IP.
+// The tags are present only if a valid ip address has been returned by
+// ClientIP().
+func ClientIPTags(remoteIP, clientIP netip.Addr) (tags map[string]string) {
+	remoteIPValid := remoteIP.IsValid()
+	clientIPValid := clientIP.IsValid()
+	if !remoteIPValid && !clientIPValid {
+		return nil
+	}
+
+	tags = make(map[string]string, 2)
+	if remoteIPValid {
+		tags[RemoteIPTag] = remoteIP.String()
+	}
+	if clientIPValid {
+		tags[ClientIPTag] = clientIP.String()
+	}
+	return tags
+}
+
+// ClientIP returns the first public IP address found in the given headers. If
+// none is present, it returns the first valid IP address present, possibly
+// being a local IP address. The remote address, when valid, is used as fallback
+// when no IP address has been found at all.
+func ClientIP(hdrs map[string][]string, hasCanonicalHeaders bool, remoteAddr string, monitoredHeaders []string) (remoteIP, clientIP netip.Addr) {
+	// Walk IP-related headers
+	var foundIP netip.Addr
+headersLoop:
+	for _, headerName := range monitoredHeaders {
+		if hasCanonicalHeaders {
+			headerName = textproto.CanonicalMIMEHeaderKey(headerName)
+		}
+
+		headerValues, exists := hdrs[headerName]
+		if !exists {
+			continue // this monitored header is not present
+		}
+
+		// Assuming a list of comma-separated IP addresses, split them and build
+		// the list of values to try to parse as IP addresses
+		var ips []string
+		for _, ip := range headerValues {
+			ips = append(ips, strings.Split(ip, ",")...)
+		}
+
+		// Look for the first valid or global IP address in the comma-separated list
+		for _, ipstr := range ips {
+			ip := parseIP(strings.TrimSpace(ipstr))
+			if !ip.IsValid() {
+				continue
+			}
+			// Replace foundIP if still not valid in order to keep the oldest
+			if !foundIP.IsValid() {
+				foundIP = ip
+			}
+			if isGlobal(ip) {
+				foundIP = ip
+				break headersLoop
+			}
+		}
+	}
+
+	// Decide which IP address is the client one by starting with the remote IP
+	if ip := parseIP(remoteAddr); ip.IsValid() {
+		remoteIP = ip
+		clientIP = ip
+	}
+
+	// The IP address found in the headers supersedes a private remote IP address.
+	if foundIP.IsValid() && !isGlobal(remoteIP) || isGlobal(foundIP) {
+		clientIP = foundIP
+	}
+
+	return remoteIP, clientIP
+}
+
+func parseIP(s string) netip.Addr {
+	if ip, err := netip.ParseAddr(s); err == nil {
+		return ip
+	}
+	if h, _, err := net.SplitHostPort(s); err == nil {
+		if ip, err := netip.ParseAddr(h); err == nil {
+			return ip
+		}
+	}
+	return netip.Addr{}
+}
+
+var ipv6SpecialNetworks = [...]netip.Prefix{
+	netip.MustParsePrefix("fec0::/10"), // site local
+}
+
+func isGlobal(ip netip.Addr) bool {
+	// IsPrivate also checks for ipv6 ULA.
+	// We care to check for these addresses are not considered public, hence not global.
+	// See https://www.rfc-editor.org/rfc/rfc4193.txt for more details.
+	isGlobal := ip.IsValid() && !ip.IsPrivate() && !ip.IsLoopback() && !ip.IsLinkLocalUnicast()
+	if !isGlobal || !ip.Is6() {
+		return isGlobal
+	}
+	for _, n := range ipv6SpecialNetworks {
+		if n.Contains(ip) {
+			return false
+		}
+	}
+	return isGlobal
+}
diff --git a/vendor/github.com/DataDog/appsec-internal-go/netip/ip_default.go b/vendor/github.com/DataDog/appsec-internal-go/netip/ip_default.go
new file mode 100644
index 000000000..f2906a0cb
--- /dev/null
+++ b/vendor/github.com/DataDog/appsec-internal-go/netip/ip_default.go
@@ -0,0 +1,32 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2022 Datadog, Inc.
+
+//go:build !go1.19
+// +build !go1.19
+
+package netip
+
+import "inet.af/netaddr"
+
+// Addr wraps an netaddr.IP value
+type Addr = netaddr.IP
+
+// Prefix wraps an netaddr.IPPrefix value
+type Prefix = netaddr.IPPrefix
+
+var (
+	// ParseAddr wraps the netaddr.ParseIP function
+	ParseAddr = netaddr.ParseIP
+	// ParsePrefix wraps the netaddr.ParseIPPrefix function
+	ParsePrefix = netaddr.ParseIPPrefix
+	// MustParsePrefix wraps the netaddr.MustParseIPPrefix function
+	MustParsePrefix = netaddr.MustParseIPPrefix
+	// MustParseAddr wraps the netaddr.MustParseIP function
+	MustParseAddr = netaddr.MustParseIP
+	// IPv4 wraps the netaddr.IPv4 function
+	IPv4 = netaddr.IPv4
+	// AddrFrom16 wraps the netaddr.IPv6Raw function
+	AddrFrom16 = netaddr.IPv6Raw
+)
diff --git a/vendor/github.com/DataDog/appsec-internal-go/netip/ip_go119.go b/vendor/github.com/DataDog/appsec-internal-go/netip/ip_go119.go
new file mode 100644
index 000000000..2c185de6f
--- /dev/null
+++ b/vendor/github.com/DataDog/appsec-internal-go/netip/ip_go119.go
@@ -0,0 +1,34 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2022 Datadog, Inc.
+
+//go:build go1.19
+// +build go1.19
+
+package netip
+
+import "net/netip"
+
+// Addr wraps a netip.Addr value
+type Addr = netip.Addr
+
+// Prefix wraps a netip.Prefix value
+type Prefix = netip.Prefix
+
+var (
+	// ParseAddr wraps the netip.ParseAddr function
+	ParseAddr = netip.ParseAddr
+	// MustParsePrefix wraps the netip.MustParsePrefix function
+	MustParsePrefix = netip.MustParsePrefix
+	// MustParseAddr wraps the netip.MustParseAddr function
+	MustParseAddr = netip.MustParseAddr
+	// AddrFrom16 wraps the netIP.AddrFrom16 function
+	AddrFrom16 = netip.AddrFrom16
+)
+
+// IPv4 wraps the netip.AddrFrom4 function
+func IPv4(a, b, c, d byte) Addr {
+	e := [4]byte{a, b, c, d}
+	return netip.AddrFrom4(e)
+}
diff --git a/vendor/github.com/DataDog/datadog-agent/pkg/obfuscate/LICENSE b/vendor/github.com/DataDog/datadog-agent/pkg/obfuscate/LICENSE
new file mode 100644
index 000000000..b370545be
--- /dev/null
+++ b/vendor/github.com/DataDog/datadog-agent/pkg/obfuscate/LICENSE
@@ -0,0 +1,200 @@
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "{}"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright 2016-present Datadog, Inc.
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
diff --git a/vendor/github.com/DataDog/datadog-agent/pkg/obfuscate/cache.go b/vendor/github.com/DataDog/datadog-agent/pkg/obfuscate/cache.go
new file mode 100644
index 000000000..3993390d2
--- /dev/null
+++ b/vendor/github.com/DataDog/datadog-agent/pkg/obfuscate/cache.go
@@ -0,0 +1,90 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016-present Datadog, Inc.
+
+package obfuscate
+
+import (
+	"fmt"
+	"time"
+
+	"github.com/outcaste-io/ristretto"
+)
+
+// measuredCache is a wrapper on top of *ristretto.Cache which additionally
+// sends metrics (hits and misses) every 10 seconds.
+type measuredCache struct {
+	*ristretto.Cache
+
+	// close allows sending shutdown notification.
+	close  chan struct{}
+	statsd StatsClient
+}
+
+// Close gracefully closes the cache when active.
+func (c *measuredCache) Close() {
+	if c.Cache == nil {
+		return
+	}
+	c.close <- struct{}{}
+	<-c.close
+}
+
+func (c *measuredCache) statsLoop() {
+	defer func() {
+		c.close <- struct{}{}
+	}()
+	tick := time.NewTicker(10 * time.Second)
+	defer tick.Stop()
+	mx := c.Cache.Metrics
+	for {
+		select {
+		case <-tick.C:
+			c.statsd.Gauge("datadog.trace_agent.ofuscation.sql_cache.hits", float64(mx.Hits()), nil, 1)     //nolint:errcheck
+			c.statsd.Gauge("datadog.trace_agent.ofuscation.sql_cache.misses", float64(mx.Misses()), nil, 1) //nolint:errcheck
+		case <-c.close:
+			c.Cache.Close()
+			return
+		}
+	}
+}
+
+type cacheOptions struct {
+	On     bool
+	Statsd StatsClient
+}
+
+// newMeasuredCache returns a new measuredCache.
+func newMeasuredCache(opts cacheOptions) *measuredCache {
+	if !opts.On {
+		// a nil *ristretto.Cache is a no-op cache
+		return &measuredCache{}
+	}
+	cfg := &ristretto.Config{
+		// We know that the maximum allowed resource length is 5K. This means that
+		// in 5MB we can store a minimum of 1000 queries.
+		MaxCost: 5000000,
+
+		// An appromixated worst-case scenario when the cache is filled with small
+		// queries averaged as being of length 11 ("LOCK TABLES"), we would be able
+		// to fit 476K of them into 5MB of cost.
+		//
+		// We average it to 500K and multiply 10x as the documentation recommends.
+		NumCounters: 500000 * 10,
+
+		BufferItems: 64,   // default recommended value
+		Metrics:     true, // enable hit/miss counters
+	}
+	cache, err := ristretto.NewCache(cfg)
+	if err != nil {
+		panic(fmt.Errorf("Error starting obfuscator query cache: %v", err))
+	}
+	c := measuredCache{
+		close:  make(chan struct{}),
+		statsd: opts.Statsd,
+		Cache:  cache,
+	}
+	go c.statsLoop()
+	return &c
+}
diff --git a/vendor/github.com/DataDog/datadog-agent/pkg/obfuscate/credit_cards.go b/vendor/github.com/DataDog/datadog-agent/pkg/obfuscate/credit_cards.go
new file mode 100644
index 000000000..03adf1544
--- /dev/null
+++ b/vendor/github.com/DataDog/datadog-agent/pkg/obfuscate/credit_cards.go
@@ -0,0 +1,211 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016-present Datadog, Inc.
+
+package obfuscate
+
+// IsCardNumber checks if b could be a credit card number by checking the digit count and IIN prefix.
+// If validateLuhn is true, the Luhn checksum is also applied to potential candidates.
+func IsCardNumber(b string, validateLuhn bool) (ok bool) {
+	//
+	// Just credit card numbers for now, based on:
+	// • https://baymard.com/checkout-usability/credit-card-patterns
+	// • https://www.regular-expressions.info/creditcard.html
+	//
+	if len(b) == 0 {
+		return false
+	}
+	if len(b) < 12 {
+		// fast path: can not be a credit card
+		return false
+	}
+	if b[0] != ' ' && b[0] != '-' && (b[0] < '0' || b[0] > '9') {
+		// fast path: only valid characters are 0-9, space (" ") and dash("-")
+		return false
+	}
+	prefix := 0                 // holds up to b[:6] digits as a numeric value (for example []byte{"523"} becomes int(523)) for checking prefixes
+	count := 0                  // counts digits encountered
+	foundPrefix := false        // reports whether we've detected a valid prefix
+	recdigit := func(_ byte) {} // callback on each found digit; no-op by default (we only need this for Luhn)
+	if validateLuhn {
+		// we need Luhn checksum validation, so we have to take additional action
+		// and record all digits found
+		buf := make([]byte, 0, len(b))
+		recdigit = func(b byte) { buf = append(buf, b) }
+		defer func() {
+			if !ok {
+				// if isCardNumber returned false, it means that b can not be
+				// a credit card number
+				return
+			}
+			// potentially a credit card number, run the Luhn checksum
+			ok = luhnValid(buf)
+		}()
+	}
+loop:
+	for i := range b {
+		// We traverse and search b for a valid IIN credit card prefix based
+		// on the digits found, ignoring spaces and dashes.
+		// Source: https://www.regular-expressions.info/creditcard.html
+		switch b[i] {
+		case ' ', '-':
+			// ignore space (' ') and dash ('-')
+			continue loop
+		}
+		if b[i] < '0' || b[i] > '9' {
+			// not a 0 to 9 digit; can not be a credit card number; abort
+			return false
+		}
+		count++
+		recdigit(b[i])
+		if !foundPrefix {
+			// we have not yet found a valid prefix so we convert the digits
+			// that we have so far into a numeric value:
+			prefix = prefix*10 + (int(b[i]) - '0')
+			maybe, yes := validCardPrefix(prefix)
+			if yes {
+				// we've found a valid prefix; continue counting
+				foundPrefix = true
+			} else if !maybe {
+				// this is not a valid prefix and we should not continue looking
+				return false
+			}
+		}
+		if count > 16 {
+			// too many digits
+			return false
+		}
+	}
+	if count < 12 {
+		// too few digits
+		return false
+	}
+	return foundPrefix
+}
+
+// luhnValid checks that the number represented in the given string validates the Luhn Checksum algorithm.
+// str is expected to contain exclusively digits at all positions.
+//
+// See:
+// • https://en.wikipedia.org/wiki/Luhn_algorithm
+// • https://dev.to/shiraazm/goluhn-a-simple-library-for-generating-calculating-and-verifying-luhn-numbers-588j
+func luhnValid(str []byte) bool {
+	var (
+		sum int
+		alt bool
+	)
+	n := len(str)
+	for i := n - 1; i > -1; i-- {
+		if str[i] < '0' || str[i] > '9' {
+			return false // not a number!
+		}
+		mod := int(str[i] - 0x30) // convert byte to int
+		if alt {
+			mod *= 2
+			if mod > 9 {
+				mod = (mod % 10) + 1
+			}
+		}
+		alt = !alt
+		sum += mod
+	}
+	return sum%10 == 0
+}
+
+// validCardPrefix validates whether b is a valid card prefix. Maybe returns true if
+// the prefix could be an IIN once more digits are revealed and yes reports whether
+// b is a fully valid IIN.
+//
+// If yes is false and maybe is false, there is no reason to continue searching. The
+// prefix is invalid.
+//
+// IMPORTANT: If adding new prefixes to this algorithm, make sure that you update
+// the "maybe" clauses above, in the shorter prefixes than the one you are adding.
+// This refers to the cases which return true, false.
+//
+// TODO(x): this whole code could be code generated from a prettier data structure.
+// Ultimately, it could even be user-configurable.
+func validCardPrefix(n int) (maybe, yes bool) {
+	// Validates IIN prefix possibilities
+	// Source: https://www.regular-expressions.info/creditcard.html
+	if n > 699999 {
+		// too long for any known prefix; stop looking
+		return false, false
+	}
+	if n < 10 {
+		switch n {
+		case 1, 4:
+			// 1 & 4 are valid IIN
+			return false, true
+		case 2, 3, 5, 6:
+			// 2, 3, 5, 6 could be the start of valid IIN
+			return true, false
+		default:
+			// invalid IIN
+			return false, false
+		}
+	}
+	if n < 100 {
+		if (n >= 34 && n <= 39) ||
+			(n >= 51 && n <= 55) ||
+			n == 62 ||
+			n == 65 {
+			// 34-39, 51-55, 62, 65 are valid IIN
+			return false, true
+		}
+		if n == 30 || n == 63 || n == 64 || n == 50 || n == 60 ||
+			(n >= 22 && n <= 27) || (n >= 56 && n <= 58) || (n >= 60 && n <= 69) {
+			// 30, 63, 64, 50, 60, 22-27, 56-58, 60-69 may end up as valid IIN
+			return true, false
+		}
+	}
+	if n < 1000 {
+		if (n >= 300 && n <= 305) ||
+			(n >= 644 && n <= 649) ||
+			n == 309 ||
+			n == 636 {
+			// 300‑305, 309, 636, 644‑649 are valid IIN
+			return false, true
+		}
+		if (n >= 352 && n <= 358) || n == 501 || n == 601 ||
+			(n >= 222 && n <= 272) || (n >= 500 && n <= 509) ||
+			(n >= 560 && n <= 589) || (n >= 600 && n <= 699) {
+			// 352-358, 501, 601, 222-272, 500-509, 560-589, 600-699 may be a 4 or 6 digit IIN prefix
+			return true, false
+		}
+	}
+	if n < 10000 {
+		if (n >= 3528 && n <= 3589) ||
+			n == 5019 ||
+			n == 6011 {
+			// 3528‑3589, 5019, 6011 are valid IINs
+			return false, true
+		}
+		if (n >= 2221 && n <= 2720) || (n >= 5000 && n <= 5099) ||
+			(n >= 5600 && n <= 5899) || (n >= 6000 && n <= 6999) {
+			// maybe a 6-digit IIN
+			return true, false
+		}
+	}
+	if n < 100000 {
+		if (n >= 22210 && n <= 27209) ||
+			(n >= 50000 && n <= 50999) ||
+			(n >= 56000 && n <= 58999) ||
+			(n >= 60000 && n <= 69999) {
+			// maybe a 6-digit IIN
+			return true, false
+		}
+	}
+	if n < 1000000 {
+		if (n >= 222100 && n <= 272099) ||
+			(n >= 500000 && n <= 509999) ||
+			(n >= 560000 && n <= 589999) ||
+			(n >= 600000 && n <= 699999) {
+			// 222100‑272099, 500000‑509999, 560000‑589999, 600000‑699999 are valid IIN
+			return false, true
+		}
+	}
+	// unknown IIN
+	return false, false
+}
diff --git a/vendor/github.com/DataDog/datadog-agent/pkg/obfuscate/http.go b/vendor/github.com/DataDog/datadog-agent/pkg/obfuscate/http.go
new file mode 100644
index 000000000..d9a00084f
--- /dev/null
+++ b/vendor/github.com/DataDog/datadog-agent/pkg/obfuscate/http.go
@@ -0,0 +1,60 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016-present Datadog, Inc.
+
+package obfuscate
+
+import (
+	"net/url"
+	"strings"
+)
+
+// obfuscateUserInfo returns a URL string that obfuscates any userinfo by setting url.User to nil.
+func obfuscateUserInfo(val string) string {
+	u, err := url.Parse(val)
+	if err != nil {
+		return val
+	}
+	u.User = nil
+	return u.String()
+}
+
+// ObfuscateURLString obfuscates the given URL. It must be a valid URL.
+func (o *Obfuscator) ObfuscateURLString(val string) string {
+	if !o.opts.HTTP.RemoveQueryString && !o.opts.HTTP.RemovePathDigits {
+		// nothing to do
+		return obfuscateUserInfo(val)
+	}
+	u, err := url.Parse(val)
+	if err != nil {
+		// should not happen for valid URLs, but better obfuscate everything
+		// rather than expose sensitive information when this option is on.
+		return "?"
+	}
+	u.User = nil
+	if o.opts.HTTP.RemoveQueryString && u.RawQuery != "" {
+		u.ForceQuery = true // add the '?'
+		u.RawQuery = ""
+	}
+	if o.opts.HTTP.RemovePathDigits {
+		segs := strings.Split(u.Path, "/")
+		var changed bool
+		for i, seg := range segs {
+			for _, ch := range []byte(seg) {
+				if ch >= '0' && ch <= '9' {
+					// we can not set the question mark directly here because the url
+					// package will escape it into %3F, so we use this placeholder and
+					// replace it further down.
+					segs[i] = "/REDACTED/"
+					changed = true
+					break
+				}
+			}
+		}
+		if changed {
+			u.Path = strings.Join(segs, "/")
+		}
+	}
+	return strings.Replace(u.String(), "/REDACTED/", "?", -1)
+}
diff --git a/vendor/github.com/DataDog/datadog-agent/pkg/obfuscate/json.go b/vendor/github.com/DataDog/datadog-agent/pkg/obfuscate/json.go
new file mode 100644
index 000000000..8252a9f0f
--- /dev/null
+++ b/vendor/github.com/DataDog/datadog-agent/pkg/obfuscate/json.go
@@ -0,0 +1,229 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016-present Datadog, Inc.
+
+package obfuscate
+
+import (
+	"bytes"
+	"strconv"
+	"strings"
+	"sync"
+)
+
+// ObfuscateMongoDBString obfuscates the given MongoDB JSON query.
+func (o *Obfuscator) ObfuscateMongoDBString(cmd string) string {
+	return obfuscateJSONString(cmd, o.mongo)
+}
+
+// ObfuscateElasticSearchString obfuscates the given ElasticSearch JSON query.
+func (o *Obfuscator) ObfuscateElasticSearchString(cmd string) string {
+	return obfuscateJSONString(cmd, o.es)
+}
+
+// obfuscateJSONString obfuscates the given span's tag using the given obfuscator. If the obfuscator is
+// nil it is considered disabled.
+func obfuscateJSONString(cmd string, obfuscator *jsonObfuscator) string {
+	if obfuscator == nil || cmd == "" {
+		// obfuscator is disabled or string is empty
+		return cmd
+	}
+	out, _ := obfuscator.obfuscate([]byte(cmd))
+	// we should accept whatever the obfuscator returns, even if it's an error: a parsing
+	// error simply means that the JSON was invalid, meaning that we've only obfuscated
+	// as much of it as we could. It is safe to accept the output, even if partial.
+	return out
+}
+
+type jsonObfuscator struct {
+	buffPool      sync.Pool       // pool for fixed-length buffers (50 showed to be the optimal running benchmarks with different length)
+	statePool     sync.Pool       // pool for jsonObfuscatorState values
+	keepKeys      map[string]bool // the values for these keys will not be obfuscated
+	transformKeys map[string]bool // the values for these keys pass through the transformer
+	transformer   func(string) string
+}
+
+func newJSONObfuscator(cfg *JSONConfig, o *Obfuscator) *jsonObfuscator {
+	keepValue := make(map[string]bool, len(cfg.KeepValues))
+	for _, v := range cfg.KeepValues {
+		keepValue[v] = true
+	}
+	var (
+		transformKeys map[string]bool
+		transformer   func(string) string
+	)
+	if len(cfg.ObfuscateSQLValues) > 0 {
+		transformer = sqlObfuscationTransformer(o)
+		transformKeys = make(map[string]bool, len(cfg.ObfuscateSQLValues))
+		for _, v := range cfg.ObfuscateSQLValues {
+			transformKeys[v] = true
+		}
+	}
+	return &jsonObfuscator{
+		keepKeys:      keepValue,
+		transformKeys: transformKeys,
+		transformer:   transformer,
+		buffPool: sync.Pool{
+			New: func() any {
+				return new(bytes.Buffer)
+			},
+		},
+		statePool: sync.Pool{
+			New: func() any {
+				return &jsonObfuscatorState{
+					closures: []bool{},
+				}
+			},
+		},
+	}
+}
+
+func sqlObfuscationTransformer(o *Obfuscator) func(string) string {
+	return func(s string) string {
+		result, err := o.ObfuscateSQLString(s)
+		if err != nil {
+			o.log.Debugf("Failed to obfuscate SQL string '%s': %s", s, err.Error())
+			// instead of returning an empty string we explicitly return an error string here within the result in order
+			// to surface the problem clearly to the user
+			return "Datadog-agent failed to obfuscate SQL string. Enable agent debug logs for more info."
+		}
+		return result.Query
+	}
+}
+
+type jsonObfuscatorState struct {
+	scan              scanner // scanner
+	closures          []bool  // closure stack, true if object (e.g. {[{ => []bool{true, false, true})
+	keepDepth         int     // the depth at which we've stopped obfuscating
+	key               bool    // true if scanning a key
+	wiped             bool    // true if obfuscation string (`"?"`) was already written for current value
+	keeping           bool    // true if not obfuscating
+	transformingValue bool    // true if collecting the next literal for transformation
+}
+
+func (st *jsonObfuscatorState) reset() {
+	st.scan.reset()
+	st.closures = st.closures[0:0]
+	st.keepDepth = 0
+	st.key = false
+	st.wiped = false
+	st.keeping = false
+	st.transformingValue = false
+}
+
+// setKey verifies if we are currently scanning a key based on the current state
+// and updates the state accordingly. It must be called only after a closure or a
+// value scan has ended.
+func (st *jsonObfuscatorState) setKey() {
+	n := len(st.closures)
+	st.key = n == 0 || st.closures[n-1] // true if we are at top level or in an object
+	st.wiped = false
+}
+
+func (p *jsonObfuscator) obfuscate(data []byte) (string, error) {
+	if len(data) == 0 {
+		return "", nil
+	}
+
+	var out strings.Builder
+	st := p.statePool.Get().(*jsonObfuscatorState)
+	st.reset()
+
+	buf := p.buffPool.Get().(*bytes.Buffer) // recording current token
+	buf.Reset()
+	defer func() {
+		p.statePool.Put(st)
+		p.buffPool.Put(buf)
+	}()
+
+	out.Grow(len(data))
+	buf.Grow(len(data) / 10) // Benchmarks show that the optimal point is a tenth of the data length.
+	for _, c := range data {
+		st.scan.bytes++
+		op := st.scan.step(&st.scan, c)
+		depth := len(st.closures)
+		switch op {
+		case scanBeginObject:
+			// object begins: {
+			st.closures = append(st.closures, true)
+			st.setKey()
+			st.transformingValue = false
+		case scanBeginArray:
+			// array begins: [
+			st.closures = append(st.closures, false)
+			st.setKey()
+			st.transformingValue = false
+		case scanEndArray, scanEndObject:
+			// array or object closing
+			if n := len(st.closures) - 1; n > 0 {
+				st.closures = st.closures[:n]
+			}
+			fallthrough
+		case scanObjectValue, scanArrayValue:
+			// done scanning value
+			st.setKey()
+			if st.transformingValue && p.transformer != nil {
+				v, err := strconv.Unquote(buf.String())
+				if err != nil {
+					v = buf.String()
+				}
+				result := p.transformer(v)
+				out.WriteByte('"')
+				out.WriteString(result)
+				out.WriteByte('"')
+				st.transformingValue = false
+				buf.Reset()
+			} else if st.keeping && depth < st.keepDepth {
+				st.keeping = false
+			}
+		case scanBeginLiteral, scanContinue:
+			// starting or continuing a literal
+			if st.transformingValue {
+				buf.WriteByte(c)
+				continue
+			} else if st.key {
+				// it's a key
+				buf.WriteByte(c)
+			} else if !st.keeping {
+				// it's a value we're not keeping
+				if !st.wiped {
+					out.WriteString(`"?"`)
+					st.wiped = true
+				}
+				continue
+			}
+		case scanObjectKey:
+			// done scanning key
+			k := string(bytes.Trim(buf.Bytes(), `"`))
+			if !st.keeping && p.keepKeys[k] {
+				// we should not obfuscate values of this key
+				st.keeping = true
+				st.keepDepth = depth + 1
+			} else if !st.transformingValue && p.transformer != nil && p.transformKeys[k] {
+				// the string value immediately following this key will be passed through the value transformer
+				// if anything other than a literal is found then sql obfuscation is stopped and json obfuscation
+				// proceeds as usual
+				st.transformingValue = true
+			}
+			buf.Reset()
+			st.key = false
+		case scanSkipSpace:
+			continue
+		case scanError:
+			// we've encountered an error, mark that there might be more JSON
+			// using the ellipsis and return whatever we've managed to obfuscate
+			// thus far.
+			out.WriteString("...")
+			return out.String(), st.scan.err
+		}
+		out.WriteByte(c)
+	}
+	if st.scan.eof() == scanError {
+		// if an error occurred it's fine, simply add the ellipsis to indicate
+		// that the input has been truncated.
+		out.Write([]byte("..."))
+		return out.String(), st.scan.err
+	}
+	return out.String(), nil
+}
diff --git a/vendor/github.com/DataDog/datadog-agent/pkg/obfuscate/json_scanner.go b/vendor/github.com/DataDog/datadog-agent/pkg/obfuscate/json_scanner.go
new file mode 100644
index 000000000..e642aa2c9
--- /dev/null
+++ b/vendor/github.com/DataDog/datadog-agent/pkg/obfuscate/json_scanner.go
@@ -0,0 +1,560 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016-present Datadog, Inc.
+
+// Copyright 2010 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//
+// The code that follows is copied from go/src/encoding/json/scanner.go
+// It may contain minor edits, such as allowing multiple JSON objects within
+// the same input string (see stateEndTop)
+//
+
+package obfuscate
+
+import "strconv"
+
+// A SyntaxError is a description of a JSON syntax error.
+type SyntaxError struct {
+	msg    string // description of error
+	Offset int64  // error occurred after reading Offset bytes
+}
+
+func (e *SyntaxError) Error() string { return e.msg }
+
+// A scanner is a JSON scanning state machine.
+// Callers call scan.reset() and then pass bytes in one at a time
+// by calling scan.step(&scan, c) for each byte.
+// The return value, referred to as an opcode, tells the
+// caller about significant parsing events like beginning
+// and ending literals, objects, and arrays, so that the
+// caller can follow along if it wishes.
+// The return value scanEnd indicates that a single top-level
+// JSON value has been completed, *before* the byte that
+// just got passed in.  (The indication must be delayed in order
+// to recognize the end of numbers: is 123 a whole value or
+// the beginning of 12345e+6?).
+type scanner struct {
+	// The step is a func to be called to execute the next transition.
+	// Also tried using an integer constant and a single func
+	// with a switch, but using the func directly was 10% faster
+	// on a 64-bit Mac Mini, and it's nicer to read.
+	step func(*scanner, byte) int
+
+	// Reached end of top-level value.
+	endTop bool
+
+	// Stack of what we're in the middle of - array values, object keys, object values.
+	parseState []int
+
+	// Error that happened, if any.
+	err error
+
+	// total bytes consumed, updated by decoder.Decode
+	bytes int64
+}
+
+// These values are returned by the state transition functions
+// assigned to scanner.state and the method scanner.eof.
+// They give details about the current state of the scan that
+// callers might be interested to know about.
+// It is okay to ignore the return value of any particular
+// call to scanner.state: if one call returns scanError,
+// every subsequent call will return scanError too.
+const (
+	// Continue.
+	scanContinue     = iota // uninteresting byte
+	scanBeginLiteral        // end implied by next result != scanContinue
+	scanBeginObject         // begin object
+	scanObjectKey           // just finished object key (string)
+	scanObjectValue         // just finished non-last object value
+	scanEndObject           // end object (implies scanObjectValue if possible)
+	scanBeginArray          // begin array
+	scanArrayValue          // just finished array value
+	scanEndArray            // end array (implies scanArrayValue if possible)
+	scanSkipSpace           // space byte; can skip; known to be last "continue" result
+
+	// Stop.
+	scanEnd   // top-level value ended *before* this byte; known to be first "stop" result
+	scanError // hit an error, scanner.err.
+)
+
+// These values are stored in the parseState stack.
+// They give the current state of a composite value
+// being scanned. If the parser is inside a nested value
+// the parseState describes the nested state, outermost at entry 0.
+const (
+	parseObjectKey   = iota // parsing object key (before colon)
+	parseObjectValue        // parsing object value (after colon)
+	parseArrayValue         // parsing array value
+)
+
+// reset prepares the scanner for use.
+// It must be called before calling s.step.
+func (s *scanner) reset() {
+	s.step = stateBeginValue
+	s.parseState = s.parseState[0:0]
+	s.err = nil
+	s.endTop = false
+}
+
+// eof tells the scanner that the end of input has been reached.
+// It returns a scan status just as s.step does.
+func (s *scanner) eof() int {
+	if s.err != nil {
+		return scanError
+	}
+	if s.endTop {
+		return scanEnd
+	}
+	s.step(s, ' ')
+	if s.endTop {
+		return scanEnd
+	}
+	if s.err == nil {
+		s.err = &SyntaxError{"unexpected end of JSON input", s.bytes}
+	}
+	return scanError
+}
+
+// pushParseState pushes a new parse state p onto the parse stack.
+func (s *scanner) pushParseState(p int) {
+	s.parseState = append(s.parseState, p)
+}
+
+// popParseState pops a parse state (already obtained) off the stack
+// and updates s.step accordingly.
+func (s *scanner) popParseState() {
+	n := len(s.parseState) - 1
+	if n == 0 {
+		s.step = stateEndTop
+		s.endTop = true
+		return
+	}
+	s.parseState = s.parseState[0:n]
+	s.step = stateEndValue
+}
+
+func isSpace(c byte) bool {
+	return c == ' ' || c == '\t' || c == '\r' || c == '\n'
+}
+
+// stateBeginValueOrEmpty is the state after reading `[`.
+func stateBeginValueOrEmpty(s *scanner, c byte) int {
+	if c <= ' ' && isSpace(c) {
+		return scanSkipSpace
+	}
+	if c == ']' {
+		return stateEndValue(s, c)
+	}
+	return stateBeginValue(s, c)
+}
+
+// stateBeginValue is the state at the beginning of the input.
+func stateBeginValue(s *scanner, c byte) int {
+	if c <= ' ' && isSpace(c) {
+		return scanSkipSpace
+	}
+	switch c {
+	case '{':
+		s.step = stateBeginStringOrEmpty
+		s.pushParseState(parseObjectKey)
+		return scanBeginObject
+	case '[':
+		s.step = stateBeginValueOrEmpty
+		s.pushParseState(parseArrayValue)
+		return scanBeginArray
+	case '"':
+		s.step = stateInString
+		return scanBeginLiteral
+	case '-':
+		s.step = stateNeg
+		return scanBeginLiteral
+	case '0': // beginning of 0.123
+		s.step = state0
+		return scanBeginLiteral
+	case 't': // beginning of true
+		s.step = stateT
+		return scanBeginLiteral
+	case 'f': // beginning of false
+		s.step = stateF
+		return scanBeginLiteral
+	case 'n': // beginning of null
+		s.step = stateN
+		return scanBeginLiteral
+	}
+	if '1' <= c && c <= '9' { // beginning of 1234.5
+		s.step = state1
+		return scanBeginLiteral
+	}
+	return s.error(c, "looking for beginning of value")
+}
+
+// stateBeginStringOrEmpty is the state after reading `{`.
+func stateBeginStringOrEmpty(s *scanner, c byte) int {
+	if c <= ' ' && isSpace(c) {
+		return scanSkipSpace
+	}
+	n := len(s.parseState)
+	if c == '}' && n > 0 {
+		s.parseState[n-1] = parseObjectValue
+		return stateEndValue(s, c)
+	}
+	return stateBeginString(s, c)
+}
+
+// stateBeginString is the state after reading `{"key": value,`.
+func stateBeginString(s *scanner, c byte) int {
+	if c <= ' ' && isSpace(c) {
+		return scanSkipSpace
+	}
+	if c == '"' {
+		s.step = stateInString
+		return scanBeginLiteral
+	}
+	return s.error(c, "looking for beginning of object key string")
+}
+
+// stateEndValue is the state after completing a value,
+// such as after reading `{}` or `true` or `["x"`.
+func stateEndValue(s *scanner, c byte) int {
+	n := len(s.parseState)
+	if n == 0 {
+		// Completed top-level before the current byte.
+		s.step = stateEndTop
+		s.endTop = true
+		return stateEndTop(s, c)
+	}
+	if c <= ' ' && isSpace(c) {
+		s.step = stateEndValue
+		return scanSkipSpace
+	}
+	ps := s.parseState[n-1]
+	switch ps {
+	case parseObjectKey:
+		if c == ':' {
+			s.parseState[n-1] = parseObjectValue
+			s.step = stateBeginValue
+			return scanObjectKey
+		}
+		return s.error(c, "after object key")
+	case parseObjectValue:
+		if c == ',' {
+			s.parseState[n-1] = parseObjectKey
+			s.step = stateBeginString
+			return scanObjectValue
+		}
+		if c == '}' {
+			s.popParseState()
+			return scanEndObject
+		}
+		return s.error(c, "after object key:value pair")
+	case parseArrayValue:
+		if c == ',' {
+			s.step = stateBeginValue
+			return scanArrayValue
+		}
+		if c == ']' {
+			s.popParseState()
+			return scanEndArray
+		}
+		return s.error(c, "after array element")
+	}
+	return s.error(c, "")
+}
+
+// stateEndTop is the state after finishing the top-level value,
+// such as after reading `{}` or `[1,2,3]`.
+// Only space characters should be seen now.
+func stateEndTop(s *scanner, c byte) int {
+	if c != ' ' && c != '\t' && c != '\r' && c != '\n' {
+		// The former behaviour has been removed. Now, if anything
+		// other than whitespace follows, we assume a new JSON string
+		// might be starting. This allows us to continue obfuscating
+		// further strings in cases where there are multiple JSON
+		// objects enumerated sequentially within the same input.
+		// This is a common case for ElasticSearch response bodies.
+		s.reset()
+		return s.step(s, c)
+	}
+	return scanEnd
+}
+
+// stateInString is the state after reading `"`.
+func stateInString(s *scanner, c byte) int {
+	if c == '"' {
+		s.step = stateEndValue
+		return scanContinue
+	}
+	if c == '\\' {
+		s.step = stateInStringEsc
+		return scanContinue
+	}
+	if c < 0x20 {
+		return s.error(c, "in string literal")
+	}
+	return scanContinue
+}
+
+// stateInStringEsc is the state after reading `"\` during a quoted string.
+func stateInStringEsc(s *scanner, c byte) int {
+	switch c {
+	case 'b', 'f', 'n', 'r', 't', '\\', '/', '"':
+		s.step = stateInString
+		return scanContinue
+	case 'u':
+		s.step = stateInStringEscU
+		return scanContinue
+	}
+	return s.error(c, "in string escape code")
+}
+
+// stateInStringEscU is the state after reading `"\u` during a quoted string.
+func stateInStringEscU(s *scanner, c byte) int {
+	if '0' <= c && c <= '9' || 'a' <= c && c <= 'f' || 'A' <= c && c <= 'F' {
+		s.step = stateInStringEscU1
+		return scanContinue
+	}
+	// numbers
+	return s.error(c, "in \\u hexadecimal character escape")
+}
+
+// stateInStringEscU1 is the state after reading `"\u1` during a quoted string.
+func stateInStringEscU1(s *scanner, c byte) int {
+	if '0' <= c && c <= '9' || 'a' <= c && c <= 'f' || 'A' <= c && c <= 'F' {
+		s.step = stateInStringEscU12
+		return scanContinue
+	}
+	// numbers
+	return s.error(c, "in \\u hexadecimal character escape")
+}
+
+// stateInStringEscU12 is the state after reading `"\u12` during a quoted string.
+func stateInStringEscU12(s *scanner, c byte) int {
+	if '0' <= c && c <= '9' || 'a' <= c && c <= 'f' || 'A' <= c && c <= 'F' {
+		s.step = stateInStringEscU123
+		return scanContinue
+	}
+	// numbers
+	return s.error(c, "in \\u hexadecimal character escape")
+}
+
+// stateInStringEscU123 is the state after reading `"\u123` during a quoted string.
+func stateInStringEscU123(s *scanner, c byte) int {
+	if '0' <= c && c <= '9' || 'a' <= c && c <= 'f' || 'A' <= c && c <= 'F' {
+		s.step = stateInString
+		return scanContinue
+	}
+	// numbers
+	return s.error(c, "in \\u hexadecimal character escape")
+}
+
+// stateNeg is the state after reading `-` during a number.
+func stateNeg(s *scanner, c byte) int {
+	if c == '0' {
+		s.step = state0
+		return scanContinue
+	}
+	if '1' <= c && c <= '9' {
+		s.step = state1
+		return scanContinue
+	}
+	return s.error(c, "in numeric literal")
+}
+
+// state1 is the state after reading a non-zero integer during a number,
+// such as after reading `1` or `100` but not `0`.
+func state1(s *scanner, c byte) int {
+	if '0' <= c && c <= '9' {
+		s.step = state1
+		return scanContinue
+	}
+	return state0(s, c)
+}
+
+// state0 is the state after reading `0` during a number.
+func state0(s *scanner, c byte) int {
+	if c == '.' {
+		s.step = stateDot
+		return scanContinue
+	}
+	if c == 'e' || c == 'E' {
+		s.step = stateE
+		return scanContinue
+	}
+	return stateEndValue(s, c)
+}
+
+// stateDot is the state after reading the integer and decimal point in a number,
+// such as after reading `1.`.
+func stateDot(s *scanner, c byte) int {
+	if '0' <= c && c <= '9' {
+		s.step = stateDot0
+		return scanContinue
+	}
+	return s.error(c, "after decimal point in numeric literal")
+}
+
+// stateDot0 is the state after reading the integer, decimal point, and subsequent
+// digits of a number, such as after reading `3.14`.
+func stateDot0(s *scanner, c byte) int {
+	if '0' <= c && c <= '9' {
+		return scanContinue
+	}
+	if c == 'e' || c == 'E' {
+		s.step = stateE
+		return scanContinue
+	}
+	return stateEndValue(s, c)
+}
+
+// stateE is the state after reading the mantissa and e in a number,
+// such as after reading `314e` or `0.314e`.
+func stateE(s *scanner, c byte) int {
+	if c == '+' || c == '-' {
+		s.step = stateESign
+		return scanContinue
+	}
+	return stateESign(s, c)
+}
+
+// stateESign is the state after reading the mantissa, e, and sign in a number,
+// such as after reading `314e-` or `0.314e+`.
+func stateESign(s *scanner, c byte) int {
+	if '0' <= c && c <= '9' {
+		s.step = stateE0
+		return scanContinue
+	}
+	return s.error(c, "in exponent of numeric literal")
+}
+
+// stateE0 is the state after reading the mantissa, e, optional sign,
+// and at least one digit of the exponent in a number,
+// such as after reading `314e-2` or `0.314e+1` or `3.14e0`.
+func stateE0(s *scanner, c byte) int {
+	if '0' <= c && c <= '9' {
+		return scanContinue
+	}
+	return stateEndValue(s, c)
+}
+
+// stateT is the state after reading `t`.
+func stateT(s *scanner, c byte) int {
+	if c == 'r' {
+		s.step = stateTr
+		return scanContinue
+	}
+	return s.error(c, "in literal true (expecting 'r')")
+}
+
+// stateTr is the state after reading `tr`.
+func stateTr(s *scanner, c byte) int {
+	if c == 'u' {
+		s.step = stateTru
+		return scanContinue
+	}
+	return s.error(c, "in literal true (expecting 'u')")
+}
+
+// stateTru is the state after reading `tru`.
+func stateTru(s *scanner, c byte) int {
+	if c == 'e' {
+		s.step = stateEndValue
+		return scanContinue
+	}
+	return s.error(c, "in literal true (expecting 'e')")
+}
+
+// stateF is the state after reading `f`.
+func stateF(s *scanner, c byte) int {
+	if c == 'a' {
+		s.step = stateFa
+		return scanContinue
+	}
+	return s.error(c, "in literal false (expecting 'a')")
+}
+
+// stateFa is the state after reading `fa`.
+func stateFa(s *scanner, c byte) int {
+	if c == 'l' {
+		s.step = stateFal
+		return scanContinue
+	}
+	return s.error(c, "in literal false (expecting 'l')")
+}
+
+// stateFal is the state after reading `fal`.
+func stateFal(s *scanner, c byte) int {
+	if c == 's' {
+		s.step = stateFals
+		return scanContinue
+	}
+	return s.error(c, "in literal false (expecting 's')")
+}
+
+// stateFals is the state after reading `fals`.
+func stateFals(s *scanner, c byte) int {
+	if c == 'e' {
+		s.step = stateEndValue
+		return scanContinue
+	}
+	return s.error(c, "in literal false (expecting 'e')")
+}
+
+// stateN is the state after reading `n`.
+func stateN(s *scanner, c byte) int {
+	if c == 'u' {
+		s.step = stateNu
+		return scanContinue
+	}
+	return s.error(c, "in literal null (expecting 'u')")
+}
+
+// stateNu is the state after reading `nu`.
+func stateNu(s *scanner, c byte) int {
+	if c == 'l' {
+		s.step = stateNul
+		return scanContinue
+	}
+	return s.error(c, "in literal null (expecting 'l')")
+}
+
+// stateNul is the state after reading `nul`.
+func stateNul(s *scanner, c byte) int {
+	if c == 'l' {
+		s.step = stateEndValue
+		return scanContinue
+	}
+	return s.error(c, "in literal null (expecting 'l')")
+}
+
+// stateError is the state after reaching a syntax error,
+// such as after reading `[1}` or `5.1.2`.
+func stateError(s *scanner, c byte) int {
+	return scanError
+}
+
+// error records an error and switches to the error state.
+func (s *scanner) error(c byte, context string) int {
+	s.step = stateError
+	s.err = &SyntaxError{"invalid character " + quoteChar(c) + " " + context, s.bytes}
+	return scanError
+}
+
+// quoteChar formats c as a quoted character literal
+func quoteChar(c byte) string {
+	// special cases - different from quoted strings
+	if c == '\'' {
+		return `'\''`
+	}
+	if c == '"' {
+		return `'"'`
+	}
+
+	// use quoted string with different quotation marks
+	s := strconv.Quote(string(c))
+	return "'" + s[1:len(s)-1] + "'"
+}
diff --git a/vendor/github.com/DataDog/datadog-agent/pkg/obfuscate/memcached.go b/vendor/github.com/DataDog/datadog-agent/pkg/obfuscate/memcached.go
new file mode 100644
index 000000000..ce5cfe3fd
--- /dev/null
+++ b/vendor/github.com/DataDog/datadog-agent/pkg/obfuscate/memcached.go
@@ -0,0 +1,19 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016-present Datadog, Inc.
+
+package obfuscate
+
+import "strings"
+
+// ObfuscateMemcachedString obfuscates the Memcached command cmd.
+func (*Obfuscator) ObfuscateMemcachedString(cmd string) string {
+	// All memcached commands end with new lines [1]. In the case of storage
+	// commands, key values follow after. Knowing this, all we have to do
+	// to obfuscate sensitive information is to remove everything that follows
+	// a new line. For non-storage commands, this will have no effect.
+	// [1]: https://github.com/memcached/memcached/blob/master/doc/protocol.txt
+	out := strings.SplitN(cmd, "\r\n", 2)[0]
+	return strings.TrimSpace(out)
+}
diff --git a/vendor/github.com/DataDog/datadog-agent/pkg/obfuscate/obfuscate.go b/vendor/github.com/DataDog/datadog-agent/pkg/obfuscate/obfuscate.go
new file mode 100644
index 000000000..62ad512bd
--- /dev/null
+++ b/vendor/github.com/DataDog/datadog-agent/pkg/obfuscate/obfuscate.go
@@ -0,0 +1,267 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016-present Datadog, Inc.
+
+// Package obfuscate implements quantizing and obfuscating of tags and resources for
+// a set of spans matching a certain criteria.
+//
+// This module is used in the Datadog Agent, the Go tracing client (dd-trace-go) and in the
+// OpenTelemetry Collector Datadog exporter./ End-user behavior is stable, but there are no
+// stability guarantees on its public Go API. Nonetheless, if editing try to avoid breaking
+// API changes if possible and double check the API usage on all module dependents.
+package obfuscate
+
+import (
+	"bytes"
+
+	"github.com/DataDog/datadog-go/v5/statsd"
+	"go.uber.org/atomic"
+)
+
+// Obfuscator quantizes and obfuscates spans. The obfuscator is not safe for
+// concurrent use.
+type Obfuscator struct {
+	opts                 *Config
+	es                   *jsonObfuscator // nil if disabled
+	mongo                *jsonObfuscator // nil if disabled
+	sqlExecPlan          *jsonObfuscator // nil if disabled
+	sqlExecPlanNormalize *jsonObfuscator // nil if disabled
+	// sqlLiteralEscapes reports whether we should treat escape characters literally or as escape characters.
+	// Different SQL engines behave in different ways and the tokenizer needs to be generic.
+	sqlLiteralEscapes *atomic.Bool
+	// queryCache keeps a cache of already obfuscated queries.
+	queryCache *measuredCache
+	log        Logger
+}
+
+// Logger is able to log certain log messages.
+type Logger interface {
+	// Debugf logs the given message using the given format.
+	Debugf(format string, params ...interface{})
+}
+
+type noopLogger struct{}
+
+func (noopLogger) Debugf(_ string, _ ...interface{}) {}
+
+// setSQLLiteralEscapes sets whether or not escape characters should be treated literally by the SQL obfuscator.
+func (o *Obfuscator) setSQLLiteralEscapes(ok bool) {
+	if ok {
+		o.sqlLiteralEscapes.Store(true)
+	} else {
+		o.sqlLiteralEscapes.Store(false)
+	}
+}
+
+// useSQLLiteralEscapes reports whether escape characters will be treated literally by the SQL obfuscator.
+// Some SQL engines require it and others don't. It will be detected as SQL queries are being obfuscated
+// through calls to ObfuscateSQLString and automatically set for future.
+func (o *Obfuscator) useSQLLiteralEscapes() bool {
+	return o.sqlLiteralEscapes.Load()
+}
+
+// Config holds the configuration for obfuscating sensitive data for various span types.
+type Config struct {
+	// SQL holds the obfuscation configuration for SQL queries.
+	SQL SQLConfig
+
+	// ES holds the obfuscation configuration for ElasticSearch bodies.
+	ES JSONConfig
+
+	// Mongo holds the obfuscation configuration for MongoDB queries.
+	Mongo JSONConfig
+
+	// SQLExecPlan holds the obfuscation configuration for SQL Exec Plans. This is strictly for safety related obfuscation,
+	// not normalization. Normalization of exec plans is configured in SQLExecPlanNormalize.
+	SQLExecPlan JSONConfig
+
+	// SQLExecPlanNormalize holds the normalization configuration for SQL Exec Plans.
+	SQLExecPlanNormalize JSONConfig
+
+	// HTTP holds the obfuscation settings for HTTP URLs.
+	HTTP HTTPConfig
+
+	// Redis holds the obfuscation settings for Redis commands.
+	Redis RedisConfig
+
+	// Statsd specifies the statsd client to use for reporting metrics.
+	Statsd StatsClient
+
+	// Logger specifies the logger to use when outputting messages.
+	// If unset, no logs will be outputted.
+	Logger Logger
+}
+
+// StatsClient implementations are able to emit stats.
+type StatsClient interface {
+	// Gauge reports a gauge stat with the given name, value, tags and rate.
+	Gauge(name string, value float64, tags []string, rate float64) error
+}
+
+// SQLConfig holds the config for obfuscating SQL.
+type SQLConfig struct {
+	// DBMS identifies the type of database management system (e.g. MySQL, Postgres, and SQL Server).
+	// Valid values for this can be found at https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/trace/semantic_conventions/database.md#connection-level-attributes
+	DBMS string `json:"dbms"`
+
+	// TableNames specifies whether the obfuscator should also extract the table names that a query addresses,
+	// in addition to obfuscating.
+	TableNames bool `json:"table_names" yaml:"table_names"`
+
+	// CollectCommands specifies whether the obfuscator should extract and return commands as SQL metadata when obfuscating.
+	CollectCommands bool `json:"collect_commands" yaml:"collect_commands"`
+
+	// CollectComments specifies whether the obfuscator should extract and return comments as SQL metadata when obfuscating.
+	CollectComments bool `json:"collect_comments" yaml:"collect_comments"`
+
+	// ReplaceDigits specifies whether digits in table names and identifiers should be obfuscated.
+	ReplaceDigits bool `json:"replace_digits" yaml:"replace_digits"`
+
+	// KeepSQLAlias reports whether SQL aliases ("AS") should be truncated.
+	KeepSQLAlias bool `json:"keep_sql_alias"`
+
+	// DollarQuotedFunc reports whether to treat "$func$" delimited dollar-quoted strings
+	// differently and not obfuscate them as a string. To read more about dollar quoted
+	// strings see:
+	//
+	// https://www.postgresql.org/docs/current/sql-syntax-lexical.html#SQL-SYNTAX-DOLLAR-QUOTING
+	DollarQuotedFunc bool `json:"dollar_quoted_func"`
+
+	// Cache reports whether the obfuscator should use a LRU look-up cache for SQL obfuscations.
+	Cache bool
+}
+
+// SQLMetadata holds metadata collected throughout the obfuscation of an SQL statement. It is only
+// collected when enabled via SQLConfig.
+type SQLMetadata struct {
+	// Size holds the byte size of the metadata collected.
+	Size int64
+	// TablesCSV is a comma-separated list of tables that the query addresses.
+	TablesCSV string `json:"tables_csv"`
+	// Commands holds commands executed in an SQL statement.
+	// e.g. SELECT, UPDATE, INSERT, DELETE, etc.
+	Commands []string `json:"commands"`
+	// Comments holds comments in an SQL statement.
+	Comments []string `json:"comments"`
+}
+
+// HTTPConfig holds the configuration settings for HTTP obfuscation.
+type HTTPConfig struct {
+	// RemoveQueryStrings determines query strings to be removed from HTTP URLs.
+	RemoveQueryString bool
+
+	// RemovePathDigits determines digits in path segments to be obfuscated.
+	RemovePathDigits bool
+}
+
+// RedisConfig holds the configuration settings for Redis obfuscation
+type RedisConfig struct {
+	// Enabled specifies whether this feature should be enabled.
+	Enabled bool
+
+	// RemoveAllArgs specifies whether all arguments to a given Redis
+	// command should be obfuscated.
+	RemoveAllArgs bool
+}
+
+// JSONConfig holds the obfuscation configuration for sensitive
+// data found in JSON objects.
+type JSONConfig struct {
+	// Enabled will specify whether obfuscation should be enabled.
+	Enabled bool
+
+	// KeepValues will specify a set of keys for which their values will
+	// not be obfuscated.
+	KeepValues []string
+
+	// ObfuscateSQLValues will specify a set of keys for which their values
+	// will be passed through SQL obfuscation
+	ObfuscateSQLValues []string
+}
+
+// NewObfuscator creates a new obfuscator
+func NewObfuscator(cfg Config) *Obfuscator {
+	if cfg.Logger == nil {
+		cfg.Logger = noopLogger{}
+	}
+	o := Obfuscator{
+		opts:              &cfg,
+		queryCache:        newMeasuredCache(cacheOptions{On: cfg.SQL.Cache, Statsd: cfg.Statsd}),
+		sqlLiteralEscapes: atomic.NewBool(false),
+		log:               cfg.Logger,
+	}
+	if cfg.ES.Enabled {
+		o.es = newJSONObfuscator(&cfg.ES, &o)
+	}
+	if cfg.Mongo.Enabled {
+		o.mongo = newJSONObfuscator(&cfg.Mongo, &o)
+	}
+	if cfg.SQLExecPlan.Enabled {
+		o.sqlExecPlan = newJSONObfuscator(&cfg.SQLExecPlan, &o)
+	}
+	if cfg.SQLExecPlanNormalize.Enabled {
+		o.sqlExecPlanNormalize = newJSONObfuscator(&cfg.SQLExecPlanNormalize, &o)
+	}
+	if cfg.Statsd == nil {
+		cfg.Statsd = &statsd.NoOpClient{}
+	}
+	return &o
+}
+
+// Stop cleans up after a finished Obfuscator.
+func (o *Obfuscator) Stop() {
+	o.queryCache.Close()
+}
+
+// compactWhitespaces compacts all whitespaces in t.
+func compactWhitespaces(t string) string {
+	n := len(t)
+	r := make([]byte, n)
+	spaceCode := uint8(32)
+	isWhitespace := func(char uint8) bool { return char == spaceCode }
+	nr := 0
+	offset := 0
+	for i := 0; i < n; i++ {
+		if isWhitespace(t[i]) {
+			copy(r[nr:], t[nr+offset:i])
+			r[i-offset] = spaceCode
+			nr = i + 1 - offset
+			for j := i + 1; j < n; j++ {
+				if !isWhitespace(t[j]) {
+					offset += j - i - 1
+					i = j
+					break
+				} else if j == n-1 {
+					offset += j - i
+					i = j
+					break
+				}
+			}
+		}
+	}
+	copy(r[nr:], t[nr+offset:n])
+	r = r[:n-offset]
+	return string(bytes.Trim(r, " "))
+}
+
+// replaceDigits replaces consecutive sequences of digits with '?',
+// example: "jobs_2020_1597876964" --> "jobs_?_?"
+func replaceDigits(buffer []byte) []byte {
+	scanningDigit := false
+	filtered := buffer[:0]
+	for _, b := range buffer {
+		// digits are encoded as 1 byte in utf8
+		if isDigit(rune(b)) {
+			if scanningDigit {
+				continue
+			}
+			scanningDigit = true
+			filtered = append(filtered, byte('?'))
+			continue
+		}
+		scanningDigit = false
+		filtered = append(filtered, b)
+	}
+	return filtered
+}
diff --git a/vendor/github.com/DataDog/datadog-agent/pkg/obfuscate/redis.go b/vendor/github.com/DataDog/datadog-agent/pkg/obfuscate/redis.go
new file mode 100644
index 000000000..f1cacac15
--- /dev/null
+++ b/vendor/github.com/DataDog/datadog-agent/pkg/obfuscate/redis.go
@@ -0,0 +1,301 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016-present Datadog, Inc.
+
+package obfuscate
+
+import (
+	"strings"
+)
+
+// redisTruncationMark is used as suffix by tracing libraries to indicate that a
+// command was truncated.
+const redisTruncationMark = "..."
+
+const maxRedisNbCommands = 3
+
+// Redis commands consisting in 2 words
+var redisCompoundCommandSet = map[string]bool{
+	"CLIENT": true, "CLUSTER": true, "COMMAND": true, "CONFIG": true, "DEBUG": true, "SCRIPT": true}
+
+// QuantizeRedisString returns a quantized version of a Redis query.
+//
+// TODO(gbbr): Refactor this method to use the tokenizer and
+// remove "compactWhitespaces". This method is buggy when commands
+// contain quoted strings with newlines.
+func (*Obfuscator) QuantizeRedisString(query string) string {
+	query = compactWhitespaces(query)
+
+	var resource strings.Builder
+	truncated := false
+	nbCmds := 0
+
+	for len(query) > 0 && nbCmds < maxRedisNbCommands {
+		var rawLine string
+
+		// Read the next command
+		idx := strings.IndexByte(query, '\n')
+		if idx == -1 {
+			rawLine = query
+			query = ""
+		} else {
+			rawLine = query[:idx]
+			query = query[idx+1:]
+		}
+
+		line := strings.Trim(rawLine, " ")
+		if len(line) == 0 {
+			continue
+		}
+
+		// Parse arguments
+		args := strings.SplitN(line, " ", 3)
+
+		if strings.HasSuffix(args[0], redisTruncationMark) {
+			truncated = true
+			continue
+		}
+
+		command := strings.ToUpper(args[0])
+
+		if redisCompoundCommandSet[command] && len(args) > 1 {
+			if strings.HasSuffix(args[1], redisTruncationMark) {
+				truncated = true
+				continue
+			}
+
+			command += " " + strings.ToUpper(args[1])
+		}
+
+		// Write the command representation
+		resource.WriteByte(' ')
+		resource.WriteString(command)
+
+		nbCmds++
+		truncated = false
+	}
+
+	if nbCmds == maxRedisNbCommands || truncated {
+		resource.WriteString(" ...")
+	}
+
+	return strings.Trim(resource.String(), " ")
+}
+
+// ObfuscateRedisString obfuscates the given Redis command.
+func (*Obfuscator) ObfuscateRedisString(rediscmd string) string {
+	t := newRedisTokenizer([]byte(rediscmd))
+	var (
+		str  strings.Builder
+		cmd  string
+		args []string
+	)
+	for {
+		tok, typ, done := t.scan()
+		switch typ {
+		case redisTokenCommand:
+			// new command starting
+			if cmd != "" {
+				// a previous command was buffered, obfuscate it
+				obfuscateRedisCmd(&str, cmd, args...)
+				str.WriteByte('\n')
+			}
+			cmd = tok
+			args = args[:0]
+		case redisTokenArgument:
+			args = append(args, tok)
+		}
+		if done {
+			// last command
+			obfuscateRedisCmd(&str, cmd, args...)
+			break
+		}
+	}
+	return str.String()
+}
+
+func obfuscateRedisCmd(out *strings.Builder, cmd string, args ...string) {
+	out.WriteString(cmd)
+	if len(args) == 0 {
+		return
+	}
+	out.WriteByte(' ')
+
+	switch strings.ToUpper(cmd) {
+	case "AUTH":
+		// Obfuscate everything after command
+		// • AUTH password
+		if len(args) > 0 {
+			args[0] = "?"
+			args = args[:1]
+		}
+
+	case "APPEND", "GETSET", "LPUSHX", "GEORADIUSBYMEMBER", "RPUSHX",
+		"SET", "SETNX", "SISMEMBER", "ZRANK", "ZREVRANK", "ZSCORE":
+		// Obfuscate 2nd argument:
+		// • APPEND key value
+		// • GETSET key value
+		// • LPUSHX key value
+		// • GEORADIUSBYMEMBER key member radius m|km|ft|mi [WITHCOORD] [WITHDIST] [WITHHASH] [COUNT count] [ASC|DESC] [STORE key] [STOREDIST key]
+		// • RPUSHX key value
+		// • SET key value [expiration EX seconds|PX milliseconds] [NX|XX]
+		// • SETNX key value
+		// • SISMEMBER key member
+		// • ZRANK key member
+		// • ZREVRANK key member
+		// • ZSCORE key member
+		obfuscateRedisArgN(args, 1)
+
+	case "HSET", "HSETNX", "LREM", "LSET", "SETBIT", "SETEX", "PSETEX",
+		"SETRANGE", "ZINCRBY", "SMOVE", "RESTORE":
+		// Obfuscate 3rd argument:
+		// • HSET key field value
+		// • HSETNX key field value
+		// • LREM key count value
+		// • LSET key index value
+		// • SETBIT key offset value
+		// • SETEX key seconds value
+		// • PSETEX key milliseconds value
+		// • SETRANGE key offset value
+		// • ZINCRBY key increment member
+		// • SMOVE source destination member
+		// • RESTORE key ttl serialized-value [REPLACE]
+		obfuscateRedisArgN(args, 2)
+
+	case "LINSERT":
+		// Obfuscate 4th argument:
+		// • LINSERT key BEFORE|AFTER pivot value
+		obfuscateRedisArgN(args, 3)
+
+	case "GEOHASH", "GEOPOS", "GEODIST", "LPUSH", "RPUSH", "SREM",
+		"ZREM", "SADD":
+		// Obfuscate all arguments after the first one.
+		// • GEOHASH key member [member ...]
+		// • GEOPOS key member [member ...]
+		// • GEODIST key member1 member2 [unit]
+		// • LPUSH key value [value ...]
+		// • RPUSH key value [value ...]
+		// • SREM key member [member ...]
+		// • ZREM key member [member ...]
+		// • SADD key member [member ...]
+		if len(args) > 1 {
+			args[1] = "?"
+			args = args[:2]
+		}
+
+	case "GEOADD":
+		// Obfuscating every 3rd argument starting from first
+		// • GEOADD key longitude latitude member [longitude latitude member ...]
+		obfuscateRedisArgsStep(args, 1, 3)
+
+	case "HMSET":
+		// Every 2nd argument starting from first.
+		// • HMSET key field value [field value ...]
+		obfuscateRedisArgsStep(args, 1, 2)
+
+	case "MSET", "MSETNX":
+		// Every 2nd argument starting from command.
+		// • MSET key value [key value ...]
+		// • MSETNX key value [key value ...]
+		obfuscateRedisArgsStep(args, 0, 2)
+
+	case "CONFIG":
+		// Obfuscate 2nd argument to SET sub-command.
+		// • CONFIG SET parameter value
+		if strings.ToUpper(args[0]) == "SET" {
+			obfuscateRedisArgN(args, 2)
+		}
+
+	case "BITFIELD":
+		// Obfuscate 3rd argument to SET sub-command:
+		// • BITFIELD key [GET type offset] [SET type offset value] [INCRBY type offset increment] [OVERFLOW WRAP|SAT|FAIL]
+		var n int
+		for i, arg := range args {
+			if strings.ToUpper(arg) == "SET" {
+				n = i
+			}
+			if n > 0 && i-n == 3 {
+				args[i] = "?"
+				break
+			}
+		}
+
+	case "ZADD":
+		// Obfuscate every 2nd argument after potential optional ones.
+		// • ZADD key [NX|XX] [CH] [INCR] score member [score member ...]
+		var i int
+	loop:
+		for i = range args {
+			if i == 0 {
+				continue // key
+			}
+			switch args[i] {
+			case "NX", "XX", "CH", "INCR":
+				// continue
+			default:
+				break loop
+			}
+		}
+		obfuscateRedisArgsStep(args, i, 2)
+
+	default:
+		// Obfuscate nothing.
+	}
+	out.WriteString(strings.Join(args, " "))
+}
+
+// removeAllRedisArgs will take in a command and obfuscate all arguments following
+// the command, regardless of if the command is valid Redis or not
+func (*Obfuscator) RemoveAllRedisArgs(rediscmd string) string {
+	fullCmd := strings.Fields(rediscmd)
+	if len(fullCmd) == 0 {
+		return ""
+	}
+	cmd, args := fullCmd[0], fullCmd[1:]
+
+	var out strings.Builder
+	out.WriteString(cmd)
+	if len(args) == 0 {
+		return out.String()
+	}
+
+	out.WriteByte(' ')
+	switch strings.ToUpper(cmd) {
+	case "BITFIELD":
+		out.WriteString("?")
+		for _, a := range args {
+			arg := strings.ToUpper(a)
+			if arg == "SET" || arg == "GET" || arg == "INCRBY" {
+				out.WriteString(strings.Join([]string{"", a, "?"}, " "))
+			}
+		}
+	case "CONFIG":
+		arg := strings.ToUpper(args[0])
+		if arg == "GET" || arg == "SET" || arg == "RESETSTAT" || arg == "REWRITE" {
+			out.WriteString(strings.Join([]string{args[0], "?"}, " "))
+		} else {
+			out.WriteString("?")
+		}
+	default:
+		out.WriteString("?")
+	}
+
+	return out.String()
+}
+
+func obfuscateRedisArgN(args []string, n int) {
+	if len(args) > n {
+		args[n] = "?"
+	}
+}
+
+func obfuscateRedisArgsStep(args []string, start, step int) {
+	if start+step-1 >= len(args) {
+		// can't reach target
+		return
+	}
+	for i := start + step - 1; i < len(args); i += step {
+		args[i] = "?"
+	}
+}
diff --git a/vendor/github.com/DataDog/datadog-agent/pkg/obfuscate/redis_tokenizer.go b/vendor/github.com/DataDog/datadog-agent/pkg/obfuscate/redis_tokenizer.go
new file mode 100644
index 000000000..d4ef2dc33
--- /dev/null
+++ b/vendor/github.com/DataDog/datadog-agent/pkg/obfuscate/redis_tokenizer.go
@@ -0,0 +1,187 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016-present Datadog, Inc.
+
+package obfuscate
+
+import (
+	"bytes"
+	"strings"
+)
+
+// redisTokenType specifies the token type returned by the tokenizer.
+type redisTokenType int
+
+const (
+	// redisTokenCommand is a command token. For compound tokens, it is
+	// only the first part up to a space.
+	redisTokenCommand redisTokenType = iota
+
+	// redisTokenArgument is an argument token.
+	redisTokenArgument
+)
+
+// String implements fmt.Stringer.
+func (t redisTokenType) String() string {
+	return map[redisTokenType]string{
+		redisTokenCommand:  "command",
+		redisTokenArgument: "argument",
+	}[t]
+}
+
+// redisTokenizer tokenizes a Redis command string. The string can be on
+// multiple lines. The tokenizer is capable of parsing quoted strings and escape
+// sequences inside them.
+type redisTokenizer struct {
+	data  []byte
+	ch    byte
+	off   int
+	done  bool
+	state redisParseState
+}
+
+// redisParseState specifies the current state of the tokenizer.
+type redisParseState int
+
+const (
+	// redisStateCommand specifies that we are about to parse a command.
+	// It is usually the state at the beginning of the scan or after a
+	// new line.
+	redisStateCommand redisParseState = iota
+
+	// redisStateArgument specifies that we are about to parse an argument
+	// to a command or the rest of the tokens in a compound command.
+	redisStateArgument
+)
+
+// newRedisTokenizer returns a new tokenizer for the given data.
+func newRedisTokenizer(data []byte) *redisTokenizer {
+	return &redisTokenizer{
+		data:  bytes.TrimSpace(data),
+		off:   -1,
+		state: redisStateCommand,
+	}
+}
+
+// scan returns the next token, it's type and a bool. The boolean specifies if
+// the returned token was the last one.
+func (t *redisTokenizer) scan() (tok string, typ redisTokenType, done bool) {
+	switch t.state {
+	case redisStateCommand:
+		return t.scanCommand()
+	default:
+		return t.scanArg()
+	}
+}
+
+// next advances the scanner to the next character.
+func (t *redisTokenizer) next() {
+	t.off++
+	if t.off <= len(t.data)-1 {
+		t.ch = t.data[t.off]
+		return
+	}
+	t.done = true
+}
+
+// scanCommand scans a command from the buffer.
+func (t *redisTokenizer) scanCommand() (tok string, typ redisTokenType, done bool) {
+	var (
+		str     strings.Builder
+		started bool
+	)
+	for {
+		t.next()
+		if t.done {
+			return str.String(), typ, t.done
+		}
+		switch t.ch {
+		case ' ':
+			if !started {
+				// skip spaces preceding token
+				t.skipSpace()
+				break
+			}
+			// done scanning command
+			t.state = redisStateArgument
+			t.skipSpace()
+			return str.String(), redisTokenCommand, t.done
+		case '\n':
+			return str.String(), redisTokenCommand, t.done
+		default:
+			str.WriteByte(t.ch)
+		}
+		started = true
+	}
+}
+
+// scanArg scans an argument from the buffer.
+func (t *redisTokenizer) scanArg() (tok string, typ redisTokenType, done bool) {
+	var (
+		str    strings.Builder
+		quoted bool // in quoted string
+		escape bool // escape sequence
+	)
+	for {
+		t.next()
+		if t.done {
+			return str.String(), redisTokenArgument, t.done
+		}
+		switch t.ch {
+		case '\\':
+			str.WriteByte('\\')
+			if !escape {
+				// next character could be escaped
+				escape = true
+				continue
+			}
+		case '\n':
+			if !quoted {
+				// last argument, new command follows
+				t.state = redisStateCommand
+				return str.String(), redisTokenArgument, t.done
+			}
+			str.WriteByte('\n')
+		case '"':
+			str.WriteByte('"')
+			if !escape {
+				// this quote wasn't escaped, toggle quoted mode
+				quoted = !quoted
+			}
+		case ' ':
+			if !quoted {
+				t.skipSpace()
+				return str.String(), redisTokenArgument, t.done
+			}
+			str.WriteByte(' ')
+		default:
+			str.WriteByte(t.ch)
+		}
+		escape = false
+	}
+}
+
+// unread is the reverse of next, unreading a character.
+func (t *redisTokenizer) unread() {
+	if t.off < 1 {
+		return
+	}
+	t.off--
+	t.ch = t.data[t.off]
+}
+
+// skipSpace moves the cursor forward until it meets the last space
+// in a sequence of contiguous spaces.
+func (t *redisTokenizer) skipSpace() {
+	for t.ch == ' ' || t.ch == '\t' || t.ch == '\r' && !t.done {
+		t.next()
+	}
+	if t.ch == '\n' {
+		// next token is a command
+		t.state = redisStateCommand
+	} else {
+		// don't steal the first non-space character
+		t.unread()
+	}
+}
diff --git a/vendor/github.com/DataDog/datadog-agent/pkg/obfuscate/sql.go b/vendor/github.com/DataDog/datadog-agent/pkg/obfuscate/sql.go
new file mode 100644
index 000000000..2a3bbdee7
--- /dev/null
+++ b/vendor/github.com/DataDog/datadog-agent/pkg/obfuscate/sql.go
@@ -0,0 +1,416 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016-present Datadog, Inc.
+
+package obfuscate
+
+import (
+	"bytes"
+	"errors"
+	"fmt"
+	"strings"
+	"unicode"
+	"unicode/utf8"
+)
+
+var questionMark = []byte("?")
+
+// metadataFinderFilter is a filter which attempts to collect metadata from a query, such as comments and tables.
+// It is meant to run before all the other filters.
+type metadataFinderFilter struct {
+	collectTableNames bool
+	collectCommands   bool
+	collectComments   bool
+	replaceDigits     bool
+
+	// size holds the byte size of the metadata collected by the filter.
+	size int64
+	// tablesSeen keeps track of unique table names encountered by the filter.
+	tablesSeen map[string]struct{}
+	// tablesCSV specifies a comma-separated list of tables.
+	tablesCSV strings.Builder
+	// commands keeps track of commands encountered by the filter.
+	commands []string
+	// comments keeps track of comments encountered by the filter.
+	comments []string
+}
+
+func (f *metadataFinderFilter) Filter(token, lastToken TokenKind, buffer []byte) (TokenKind, []byte, error) {
+	if f.collectComments && token == Comment {
+		// A comment with line-breaks will be brought to a single line.
+		comment := strings.TrimSpace(strings.Replace(string(buffer), "\n", " ", -1))
+		f.size += int64(len(comment))
+		f.comments = append(f.comments, comment)
+	}
+	if f.collectCommands {
+		switch token {
+		case Select, Update, Insert, Delete, Join, Alter, Drop, Create, Grant, Revoke, Commit, Begin, Truncate:
+			command := strings.ToUpper(token.String())
+			f.size += int64(len(command))
+			f.commands = append(f.commands, command)
+		}
+	}
+	if f.collectTableNames {
+		switch lastToken {
+		case From, Join:
+			// SELECT ... FROM [tableName]
+			// DELETE FROM [tableName]
+			// ... JOIN [tableName]
+			if r, _ := utf8.DecodeRune(buffer); !unicode.IsLetter(r) {
+				// first character in buffer is not a letter; we might have a nested
+				// query like SELECT * FROM (SELECT ...)
+				break
+			}
+			fallthrough
+		case Update, Into:
+			// UPDATE [tableName]
+			// INSERT INTO [tableName]
+			tableName := string(buffer)
+			if f.replaceDigits {
+				tableNameCopy := make([]byte, len(buffer))
+				copy(tableNameCopy, buffer)
+				tableName = string(replaceDigits(tableNameCopy))
+			}
+			f.storeTableName(tableName)
+			return TableName, buffer, nil
+		}
+	}
+	return token, buffer, nil
+}
+
+func (f *metadataFinderFilter) storeTableName(name string) {
+	if _, ok := f.tablesSeen[name]; ok {
+		return
+	}
+	if f.tablesSeen == nil {
+		f.tablesSeen = make(map[string]struct{}, 1)
+	}
+	f.tablesSeen[name] = struct{}{}
+	if f.tablesCSV.Len() > 0 {
+		f.size++
+		f.tablesCSV.WriteByte(',')
+	}
+	f.size += int64(len(name))
+	f.tablesCSV.WriteString(name)
+}
+
+// Results returns metadata collected by the filter for an SQL statement.
+func (f *metadataFinderFilter) Results() SQLMetadata {
+	return SQLMetadata{
+		Size:      f.size,
+		TablesCSV: f.tablesCSV.String(),
+		Commands:  f.commands,
+		Comments:  f.comments,
+	}
+}
+
+// Reset implements tokenFilter.
+func (f *metadataFinderFilter) Reset() {
+	for k := range f.tablesSeen {
+		delete(f.tablesSeen, k)
+	}
+	f.size = 0
+	f.tablesCSV.Reset()
+	f.commands = f.commands[:0]
+	f.comments = f.comments[:0]
+}
+
+// discardFilter is a token filter which discards certain elements from a query, such as
+// comments and AS aliases by returning a nil buffer.
+type discardFilter struct {
+	keepSQLAlias bool
+}
+
+// Filter the given token so that a `nil` slice is returned if the token is in the token filtered list.
+func (f *discardFilter) Filter(token, lastToken TokenKind, buffer []byte) (TokenKind, []byte, error) {
+	// filters based on previous token
+	switch lastToken {
+	case FilteredBracketedIdentifier:
+		if token != ']' {
+			// we haven't found the closing bracket yet, keep going
+			if token != ID {
+				// the token between the brackets *must* be an identifier,
+				// otherwise the query is invalid.
+				return LexError, nil, fmt.Errorf("expected identifier in bracketed filter, got %d", token)
+			}
+			return FilteredBracketedIdentifier, nil, nil
+		}
+		fallthrough
+	case As:
+		if token == '[' {
+			// the identifier followed by AS is an MSSQL bracketed identifier
+			// and will continue to be discarded until we find the corresponding
+			// closing bracket counter-part. See GitHub issue DataDog/datadog-trace-agent#475.
+			return FilteredBracketedIdentifier, nil, nil
+		}
+		if f.keepSQLAlias {
+			return token, buffer, nil
+		}
+		return Filtered, nil, nil
+	}
+
+	// filters based on the current token; if the next token should be ignored,
+	// return the same token value (not FilteredGroupable) and nil
+	switch token {
+	case Comment:
+		return Filtered, nil, nil
+	case ';':
+		return markFilteredGroupable(token), nil, nil
+	case As:
+		if !f.keepSQLAlias {
+			return As, nil, nil
+		}
+		fallthrough
+	default:
+		return token, buffer, nil
+	}
+}
+
+// Reset implements tokenFilter.
+func (f *discardFilter) Reset() {}
+
+// replaceFilter is a token filter which obfuscates strings and numbers in queries by replacing them
+// with the "?" character.
+type replaceFilter struct {
+	replaceDigits bool
+}
+
+// Filter the given token so that it will be replaced if in the token replacement list
+func (f *replaceFilter) Filter(token, lastToken TokenKind, buffer []byte) (tokenType TokenKind, tokenBytes []byte, err error) {
+	switch lastToken {
+	case Savepoint:
+		return markFilteredGroupable(token), questionMark, nil
+	case '=':
+		switch token {
+		case DoubleQuotedString:
+			// double-quoted strings after assignments are eligible for obfuscation
+			return markFilteredGroupable(token), questionMark, nil
+		}
+	}
+	switch token {
+	case DollarQuotedString, String, Number, Null, Variable, PreparedStatement, BooleanLiteral, EscapeSequence:
+		return markFilteredGroupable(token), questionMark, nil
+	case '?':
+		// Cases like 'ARRAY [ ?, ? ]' should be collapsed into 'ARRAY [ ? ]'
+		return markFilteredGroupable(token), questionMark, nil
+	case TableName, ID:
+		if f.replaceDigits {
+			return token, replaceDigits(buffer), nil
+		}
+		fallthrough
+	default:
+		return token, buffer, nil
+	}
+}
+
+// Reset implements tokenFilter.
+func (f *replaceFilter) Reset() {}
+
+// groupingFilter is a token filter which groups together items replaced by the replaceFilter. It is meant
+// to run immediately after it.
+type groupingFilter struct {
+	groupFilter int // counts the number of values, e.g. 3 = ?, ?, ?
+	groupMulti  int // counts the number of groups, e.g. 2 = (?, ?), (?, ?, ?)
+}
+
+// Filter the given token so that it will be discarded if a grouping pattern
+// has been recognized. A grouping is composed by items like:
+//   - '( ?, ?, ? )'
+//   - '( ?, ? ), ( ?, ? )'
+func (f *groupingFilter) Filter(token, lastToken TokenKind, buffer []byte) (tokenType TokenKind, tokenBytes []byte, err error) {
+	// increasing the number of groups means that we're filtering an entire group
+	// because it can be represented with a single '( ? )'
+	if (lastToken == '(' && isFilteredGroupable(token)) || (token == '(' && f.groupMulti > 0) {
+		f.groupMulti++
+	}
+
+	// Potential commands that could indicate the start of a subquery.
+	isStartOfSubquery := token == Select || token == Delete || token == Update || token == ID
+
+	switch {
+	case f.groupMulti > 0 && lastToken == FilteredGroupableParenthesis && isStartOfSubquery:
+		// this is the start of a new group that seems to be a nested query;
+		// cancel grouping.
+		f.Reset()
+		return token, append([]byte("( "), buffer...), nil
+	case isFilteredGroupable(token):
+		// the previous filter has dropped this token so we should start
+		// counting the group filter so that we accept only one '?' for
+		// the same group
+		f.groupFilter++
+
+		if f.groupFilter > 1 {
+			return markFilteredGroupable(token), nil, nil
+		}
+	case f.groupFilter > 0 && (token == ',' || token == '?'):
+		// if we are in a group drop all commas
+		return markFilteredGroupable(token), nil, nil
+	case f.groupMulti > 1:
+		// drop all tokens since we're in a counting group
+		// and they're duplicated
+		return markFilteredGroupable(token), nil, nil
+	case token != ',' && token != '(' && token != ')' && !isFilteredGroupable(token):
+		// when we're out of a group reset the filter state
+		f.Reset()
+	}
+
+	return token, buffer, nil
+}
+
+// isFilteredGroupable reports whether token is to be considered filtered groupable.
+func isFilteredGroupable(token TokenKind) bool {
+	switch token {
+	case FilteredGroupable, FilteredGroupableParenthesis:
+		return true
+	default:
+		return false
+	}
+}
+
+// markFilteredGroupable returns the appropriate TokenKind to mark this token as
+// filtered groupable.
+func markFilteredGroupable(token TokenKind) TokenKind {
+	switch token {
+	case '(':
+		return FilteredGroupableParenthesis
+	default:
+		return FilteredGroupable
+	}
+}
+
+// Reset resets the groupingFilter so that it may be used again.
+func (f *groupingFilter) Reset() {
+	f.groupFilter = 0
+	f.groupMulti = 0
+}
+
+// ObfuscateSQLString quantizes and obfuscates the given input SQL query string. Quantization removes
+// some elements such as comments and aliases and obfuscation attempts to hide sensitive information
+// in strings and numbers by redacting them.
+func (o *Obfuscator) ObfuscateSQLString(in string) (*ObfuscatedQuery, error) {
+	return o.ObfuscateSQLStringWithOptions(in, &o.opts.SQL)
+}
+
+// ObfuscateSQLStringWithOptions accepts an optional SQLOptions to change the behavior of the obfuscator
+// to quantize and obfuscate the given input SQL query string. Quantization removes some elements such as comments
+// and aliases and obfuscation attempts to hide sensitive information in strings and numbers by redacting them.
+func (o *Obfuscator) ObfuscateSQLStringWithOptions(in string, opts *SQLConfig) (*ObfuscatedQuery, error) {
+	if v, ok := o.queryCache.Get(in); ok {
+		return v.(*ObfuscatedQuery), nil
+	}
+	oq, err := o.obfuscateSQLString(in, opts)
+	if err != nil {
+		return oq, err
+	}
+	o.queryCache.Set(in, oq, oq.Cost())
+	return oq, nil
+}
+
+func (o *Obfuscator) obfuscateSQLString(in string, opts *SQLConfig) (*ObfuscatedQuery, error) {
+	lesc := o.useSQLLiteralEscapes()
+	tok := NewSQLTokenizer(in, lesc, opts)
+	out, err := attemptObfuscation(tok)
+	if err != nil && tok.SeenEscape() {
+		// If the tokenizer failed, but saw an escape character in the process,
+		// try again treating escapes differently
+		tok = NewSQLTokenizer(in, !lesc, opts)
+		if out, err2 := attemptObfuscation(tok); err2 == nil {
+			// If the second attempt succeeded, change the default behavior so that
+			// on the next run we get it right in the first run.
+			o.setSQLLiteralEscapes(!lesc)
+			return out, nil
+		}
+	}
+	return out, err
+}
+
+// ObfuscatedQuery specifies information about an obfuscated SQL query.
+type ObfuscatedQuery struct {
+	Query    string      `json:"query"`    // the obfuscated SQL query
+	Metadata SQLMetadata `json:"metadata"` // metadata extracted from the SQL query
+}
+
+// Cost returns the number of bytes needed to store all the fields
+// of this ObfuscatedQuery.
+func (oq *ObfuscatedQuery) Cost() int64 {
+	return int64(len(oq.Query)) + oq.Metadata.Size
+}
+
+// attemptObfuscation attempts to obfuscate the SQL query loaded into the tokenizer, using the given set of filters.
+func attemptObfuscation(tokenizer *SQLTokenizer) (*ObfuscatedQuery, error) {
+	var (
+		out       = bytes.NewBuffer(make([]byte, 0, len(tokenizer.buf)))
+		err       error
+		lastToken TokenKind
+		metadata  = metadataFinderFilter{
+			collectTableNames: tokenizer.cfg.TableNames,
+			collectCommands:   tokenizer.cfg.CollectCommands,
+			collectComments:   tokenizer.cfg.CollectComments,
+			replaceDigits:     tokenizer.cfg.ReplaceDigits,
+		}
+		discard  = discardFilter{keepSQLAlias: tokenizer.cfg.KeepSQLAlias}
+		replace  = replaceFilter{replaceDigits: tokenizer.cfg.ReplaceDigits}
+		grouping groupingFilter
+	)
+	defer metadata.Reset()
+	// call Scan() function until tokens are available or if a LEX_ERROR is raised. After
+	// retrieving a token, send it to the tokenFilter chains so that the token is discarded
+	// or replaced.
+	for {
+		token, buff := tokenizer.Scan()
+		if token == EndChar {
+			break
+		}
+		if token == LexError {
+			return nil, fmt.Errorf("%v", tokenizer.Err())
+		}
+
+		if token, buff, err = metadata.Filter(token, lastToken, buff); err != nil {
+			return nil, err
+		}
+		if token, buff, err = discard.Filter(token, lastToken, buff); err != nil {
+			return nil, err
+		}
+		if token, buff, err = replace.Filter(token, lastToken, buff); err != nil {
+			return nil, err
+		}
+		if token, buff, err = grouping.Filter(token, lastToken, buff); err != nil {
+			return nil, err
+		}
+		if buff != nil {
+			if out.Len() != 0 {
+				switch token {
+				case ',':
+				case '=':
+					if lastToken == ':' {
+						// do not add a space before an equals if a colon was
+						// present before it.
+						break
+					}
+					fallthrough
+				default:
+					out.WriteRune(' ')
+				}
+			}
+			out.Write(buff)
+		}
+		lastToken = token
+	}
+	if out.Len() == 0 {
+		return nil, errors.New("result is empty")
+	}
+	return &ObfuscatedQuery{
+		Query:    out.String(),
+		Metadata: metadata.Results(),
+	}, nil
+}
+
+// ObfuscateSQLExecPlan obfuscates query conditions in the provided JSON encoded execution plan. If normalize=True,
+// then cost and row estimates are also obfuscated away.
+func (o *Obfuscator) ObfuscateSQLExecPlan(jsonPlan string, normalize bool) (string, error) {
+	if normalize {
+		return o.sqlExecPlanNormalize.obfuscate([]byte(jsonPlan))
+	}
+	return o.sqlExecPlan.obfuscate([]byte(jsonPlan))
+}
diff --git a/vendor/github.com/DataDog/datadog-agent/pkg/obfuscate/sql_tokenizer.go b/vendor/github.com/DataDog/datadog-agent/pkg/obfuscate/sql_tokenizer.go
new file mode 100644
index 000000000..f9c1e39bc
--- /dev/null
+++ b/vendor/github.com/DataDog/datadog-agent/pkg/obfuscate/sql_tokenizer.go
@@ -0,0 +1,912 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016-present Datadog, Inc.
+
+package obfuscate
+
+import (
+	"bytes"
+	"fmt"
+	"strings"
+	"unicode"
+	"unicode/utf8"
+)
+
+// tokenizer.go implemenents a lexer-like iterator that tokenizes SQL and CQL
+// strings, so that an external component can filter or alter each token of the
+// string. This implementation can't be used as a real SQL lexer (so a parser
+// cannot build the AST) because many rules are ignored to make the tokenizer
+// simpler.
+// This implementation was inspired by https://github.com/youtube/vitess sql parser
+// TODO: add the license to the NOTICE file
+
+// TokenKind specifies the type of the token being scanned. It may be one of the defined
+// constants below or in some cases the actual rune itself.
+type TokenKind uint32
+
+// EndChar is used to signal that the scanner has finished reading the query. This happens when
+// there are no more characters left in the query or when invalid encoding is discovered. EndChar
+// is an invalid rune value that can not be found in any valid string.
+const EndChar = unicode.MaxRune + 1
+
+// list of available tokens; this list has been reduced because we don't
+// need a full-fledged tokenizer to implement a Lexer
+const (
+	LexError = TokenKind(57346) + iota
+
+	ID
+	Limit
+	Null
+	String
+	DoubleQuotedString
+	DollarQuotedString // https://www.postgresql.org/docs/current/sql-syntax-lexical.html#SQL-SYNTAX-DOLLAR-QUOTING
+	DollarQuotedFunc   // a dollar-quoted string delimited by the tag "$func$"; gets special treatment when feature "dollar_quoted_func" is set
+	Number
+	BooleanLiteral
+	ValueArg
+	ListArg
+	Comment
+	Variable
+	Savepoint
+	PreparedStatement
+	EscapeSequence
+	NullSafeEqual
+	LE
+	GE
+	NE
+	Not
+	As
+	Alter
+	Drop
+	Create
+	Grant
+	Revoke
+	Commit
+	Begin
+	Truncate
+	Select
+	From
+	Update
+	Delete
+	Insert
+	Into
+	Join
+	TableName
+	ColonCast
+
+	// PostgreSQL specific JSON operators
+	JSONSelect         // ->
+	JSONSelectText     // ->>
+	JSONSelectPath     // #>
+	JSONSelectPathText // #>>
+	JSONContains       // @>
+	JSONContainsLeft   // <@
+	JSONKeyExists      // ?
+	JSONAnyKeysExist   // ?|
+	JSONAllKeysExist   // ?&
+	JSONDelete         // #-
+
+	// FilteredGroupable specifies that the given token has been discarded by one of the
+	// token filters and that it is groupable together with consecutive FilteredGroupable
+	// tokens.
+	FilteredGroupable
+
+	// FilteredGroupableParenthesis is a parenthesis marked as filtered groupable. It is the
+	// beginning of either a group of values ('(') or a nested query. We track is as
+	// a special case for when it may start a nested query as opposed to just another
+	// value group to be obfuscated.
+	FilteredGroupableParenthesis
+
+	// Filtered specifies that the token is a comma and was discarded by one
+	// of the filters.
+	Filtered
+
+	// FilteredBracketedIdentifier specifies that we are currently discarding
+	// a bracketed identifier (MSSQL).
+	// See issue https://github.com/DataDog/datadog-trace-agent/issues/475.
+	FilteredBracketedIdentifier
+)
+
+var tokenKindStrings = map[TokenKind]string{
+	LexError:                     "LexError",
+	ID:                           "ID",
+	Limit:                        "Limit",
+	Null:                         "Null",
+	String:                       "String",
+	DoubleQuotedString:           "DoubleQuotedString",
+	DollarQuotedString:           "DollarQuotedString",
+	DollarQuotedFunc:             "DollarQuotedFunc",
+	Number:                       "Number",
+	BooleanLiteral:               "BooleanLiteral",
+	ValueArg:                     "ValueArg",
+	ListArg:                      "ListArg",
+	Comment:                      "Comment",
+	Variable:                     "Variable",
+	Savepoint:                    "Savepoint",
+	PreparedStatement:            "PreparedStatement",
+	EscapeSequence:               "EscapeSequence",
+	NullSafeEqual:                "NullSafeEqual",
+	LE:                           "LE",
+	GE:                           "GE",
+	NE:                           "NE",
+	Not:                          "NOT",
+	As:                           "As",
+	Alter:                        "Alter",
+	Drop:                         "Drop",
+	Create:                       "Create",
+	Grant:                        "Grant",
+	Revoke:                       "Revoke",
+	Commit:                       "Commit",
+	Begin:                        "Begin",
+	Truncate:                     "Truncate",
+	Select:                       "Select",
+	From:                         "From",
+	Update:                       "Update",
+	Delete:                       "Delete",
+	Insert:                       "Insert",
+	Into:                         "Into",
+	Join:                         "Join",
+	TableName:                    "TableName",
+	ColonCast:                    "ColonCast",
+	FilteredGroupable:            "FilteredGroupable",
+	FilteredGroupableParenthesis: "FilteredGroupableParenthesis",
+	Filtered:                     "Filtered",
+	FilteredBracketedIdentifier:  "FilteredBracketedIdentifier",
+	JSONSelect:                   "JSONSelect",
+	JSONSelectText:               "JSONSelectText",
+	JSONSelectPath:               "JSONSelectPath",
+	JSONSelectPathText:           "JSONSelectPathText",
+	JSONContains:                 "JSONContains",
+	JSONContainsLeft:             "JSONContainsLeft",
+	JSONKeyExists:                "JSONKeyExists",
+	JSONAnyKeysExist:             "JSONAnyKeysExist",
+	JSONAllKeysExist:             "JSONAllKeysExist",
+	JSONDelete:                   "JSONDelete",
+}
+
+func (k TokenKind) String() string {
+	str, ok := tokenKindStrings[k]
+	if !ok {
+		return "<unknown>"
+	}
+	return str
+}
+
+const (
+	// DBMSSQLServer is a MS SQL Server
+	DBMSSQLServer = "mssql"
+	// DBMSPostgres is a PostgreSQL Server
+	DBMSPostgres = "postgresql"
+)
+
+const escapeCharacter = '\\'
+
+// SQLTokenizer is the struct used to generate SQL
+// tokens for the parser.
+type SQLTokenizer struct {
+	pos      int    // byte offset of lastChar
+	lastChar rune   // last read rune
+	buf      []byte // buf holds the query that we are parsing
+	off      int    // off is the index into buf where the unread portion of the query begins.
+	err      error  // any error occurred while reading
+
+	curlys uint32 // number of active open curly braces in top-level SQL escape sequences.
+
+	literalEscapes bool // indicates we should not treat backslashes as escape characters
+	seenEscape     bool // indicates whether this tokenizer has seen an escape character within a string
+
+	cfg *SQLConfig
+}
+
+// NewSQLTokenizer creates a new SQLTokenizer for the given SQL string. The literalEscapes argument specifies
+// whether escape characters should be treated literally or as such.
+func NewSQLTokenizer(sql string, literalEscapes bool, cfg *SQLConfig) *SQLTokenizer {
+	if cfg == nil {
+		cfg = new(SQLConfig)
+	}
+	return &SQLTokenizer{
+		buf:            []byte(sql),
+		cfg:            cfg,
+		literalEscapes: literalEscapes,
+	}
+}
+
+// Reset the underlying buffer and positions
+func (tkn *SQLTokenizer) Reset(in string) {
+	tkn.pos = 0
+	tkn.lastChar = 0
+	tkn.buf = []byte(in)
+	tkn.off = 0
+	tkn.err = nil
+}
+
+// keywords used to recognize string tokens
+var keywords = map[string]TokenKind{
+	"NULL":      Null,
+	"TRUE":      BooleanLiteral,
+	"FALSE":     BooleanLiteral,
+	"SAVEPOINT": Savepoint,
+	"LIMIT":     Limit,
+	"AS":        As,
+	"ALTER":     Alter,
+	"CREATE":    Create,
+	"GRANT":     Grant,
+	"REVOKE":    Revoke,
+	"COMMIT":    Commit,
+	"BEGIN":     Begin,
+	"TRUNCATE":  Truncate,
+	"DROP":      Drop,
+	"SELECT":    Select,
+	"FROM":      From,
+	"UPDATE":    Update,
+	"DELETE":    Delete,
+	"INSERT":    Insert,
+	"INTO":      Into,
+	"JOIN":      Join,
+}
+
+// Err returns the last error that the tokenizer encountered, or nil.
+func (tkn *SQLTokenizer) Err() error { return tkn.err }
+
+func (tkn *SQLTokenizer) setErr(format string, args ...interface{}) {
+	if tkn.err != nil {
+		return
+	}
+	tkn.err = fmt.Errorf("at position %d: %v", tkn.pos, fmt.Errorf(format, args...))
+}
+
+// SeenEscape returns whether or not this tokenizer has seen an escape character within a scanned string
+func (tkn *SQLTokenizer) SeenEscape() bool { return tkn.seenEscape }
+
+// Scan scans the tokenizer for the next token and returns
+// the token type and the token buffer.
+func (tkn *SQLTokenizer) Scan() (TokenKind, []byte) {
+	if tkn.lastChar == 0 {
+		tkn.advance()
+	}
+	tkn.SkipBlank()
+
+	switch ch := tkn.lastChar; {
+	case isLeadingLetter(ch) &&
+		!(tkn.cfg.DBMS == DBMSPostgres && ch == '@'):
+		// The '@' symbol should not be considered part of an identifier in
+		// postgres, so we skip this in the case where the DBMS is postgres
+		// and ch is '@'.
+		return tkn.scanIdentifier()
+	case isDigit(ch):
+		return tkn.scanNumber(false)
+	default:
+		tkn.advance()
+		if tkn.lastChar == EndChar && tkn.err != nil {
+			// advance discovered an invalid encoding. We should return early.
+			return LexError, nil
+		}
+		switch ch {
+		case EndChar:
+			if tkn.err != nil {
+				return LexError, nil
+			}
+			return EndChar, nil
+		case ':':
+			if tkn.lastChar == ':' {
+				tkn.advance()
+				return ColonCast, []byte("::")
+			}
+			if unicode.IsSpace(tkn.lastChar) {
+				// example scenario: "autovacuum: VACUUM ANALYZE fake.table"
+				return TokenKind(ch), tkn.bytes()
+			}
+			if tkn.lastChar != '=' {
+				return tkn.scanBindVar()
+			}
+			fallthrough
+		case '~':
+			switch tkn.lastChar {
+			case '*':
+				tkn.advance()
+				return TokenKind('~'), []byte("~*")
+			default:
+				return TokenKind(ch), tkn.bytes()
+			}
+		case '?':
+			if tkn.cfg.DBMS == DBMSPostgres {
+				switch tkn.lastChar {
+				case '|':
+					tkn.advance()
+					return JSONAnyKeysExist, []byte("?|")
+				case '&':
+					tkn.advance()
+					return JSONAllKeysExist, []byte("?&")
+				default:
+					return JSONKeyExists, tkn.bytes()
+				}
+			}
+			fallthrough
+		case '=', ',', ';', '(', ')', '+', '*', '&', '|', '^', ']':
+			return TokenKind(ch), tkn.bytes()
+		case '[':
+			if tkn.cfg.DBMS == DBMSSQLServer {
+				return tkn.scanString(']', DoubleQuotedString)
+			}
+			return TokenKind(ch), tkn.bytes()
+		case '.':
+			if isDigit(tkn.lastChar) {
+				return tkn.scanNumber(true)
+			}
+			return TokenKind(ch), tkn.bytes()
+		case '/':
+			switch tkn.lastChar {
+			case '/':
+				tkn.advance()
+				return tkn.scanCommentType1("//")
+			case '*':
+				tkn.advance()
+				return tkn.scanCommentType2()
+			default:
+				return TokenKind(ch), tkn.bytes()
+			}
+		case '-':
+			switch {
+			case tkn.lastChar == '-':
+				tkn.advance()
+				return tkn.scanCommentType1("--")
+			case tkn.lastChar == '>':
+				if tkn.cfg.DBMS == DBMSPostgres {
+					tkn.advance()
+					switch tkn.lastChar {
+					case '>':
+						tkn.advance()
+						return JSONSelectText, []byte("->>")
+					default:
+						return JSONSelect, []byte("->")
+					}
+				}
+				fallthrough
+			case isDigit(tkn.lastChar):
+				return tkn.scanNumber(false)
+			case tkn.lastChar == '.':
+				tkn.advance()
+				if isDigit(tkn.lastChar) {
+					return tkn.scanNumber(true)
+				}
+				tkn.lastChar = '.'
+				tkn.pos--
+				fallthrough
+			default:
+				return TokenKind(ch), tkn.bytes()
+			}
+		case '#':
+			switch tkn.cfg.DBMS {
+			case DBMSSQLServer:
+				return tkn.scanIdentifier()
+			case DBMSPostgres:
+				switch tkn.lastChar {
+				case '>':
+					tkn.advance()
+					switch tkn.lastChar {
+					case '>':
+						tkn.advance()
+						return JSONSelectPathText, []byte("#>>")
+					default:
+						return JSONSelectPath, []byte("#>")
+					}
+				case '-':
+					tkn.advance()
+					return JSONDelete, []byte("#-")
+				default:
+					return TokenKind(ch), tkn.bytes()
+				}
+			default:
+				tkn.advance()
+				return tkn.scanCommentType1("#")
+			}
+		case '<':
+			switch tkn.lastChar {
+			case '>':
+				tkn.advance()
+				return NE, []byte("<>")
+			case '=':
+				tkn.advance()
+				switch tkn.lastChar {
+				case '>':
+					tkn.advance()
+					return NullSafeEqual, []byte("<=>")
+				default:
+					return LE, []byte("<=")
+				}
+			case '@':
+				if tkn.cfg.DBMS == DBMSPostgres {
+					// check for JSONContainsLeft (<@)
+					tkn.advance()
+					return JSONContainsLeft, []byte("<@")
+				}
+				fallthrough
+			default:
+				return TokenKind(ch), tkn.bytes()
+			}
+		case '>':
+			if tkn.lastChar == '=' {
+				tkn.advance()
+				return GE, []byte(">=")
+			}
+			return TokenKind(ch), tkn.bytes()
+		case '!':
+			switch tkn.lastChar {
+			case '=':
+				tkn.advance()
+				return NE, []byte("!=")
+			case '~':
+				tkn.advance()
+				switch tkn.lastChar {
+				case '*':
+					tkn.advance()
+					return NE, []byte("!~*")
+				default:
+					return NE, []byte("!~")
+				}
+			default:
+				if isValidCharAfterOperator(tkn.lastChar) {
+					return Not, tkn.bytes()
+				}
+				tkn.setErr(`unexpected char "%c" (%d) after "!"`, tkn.lastChar, tkn.lastChar)
+				return LexError, tkn.bytes()
+			}
+		case '\'':
+			return tkn.scanString(ch, String)
+		case '"':
+			return tkn.scanString(ch, DoubleQuotedString)
+		case '`':
+			return tkn.scanString(ch, ID)
+		case '%':
+			if tkn.lastChar == '(' {
+				return tkn.scanVariableIdentifier('%')
+			}
+			if isLetter(tkn.lastChar) {
+				// format parameter (e.g. '%s')
+				return tkn.scanFormatParameter('%')
+			}
+			// modulo operator (e.g. 'id % 8')
+			return TokenKind(ch), tkn.bytes()
+		case '$':
+			if isDigit(tkn.lastChar) {
+				// TODO(gbbr): the first digit after $ does not necessarily guarantee
+				// that this isn't a dollar-quoted string constant. We might eventually
+				// want to cover for this use-case too (e.g. $1$some text$1$).
+				return tkn.scanPreparedStatement('$')
+			}
+			kind, tok := tkn.scanDollarQuotedString()
+			if kind == DollarQuotedFunc {
+				// this is considered an embedded query, we should try and
+				// obfuscate it
+				out, err := attemptObfuscation(NewSQLTokenizer(string(tok), tkn.literalEscapes, tkn.cfg))
+				if err != nil {
+					// if we can't obfuscate it, treat it as a regular string
+					return DollarQuotedString, tok
+				}
+				tok = append(append([]byte("$func$"), []byte(out.Query)...), []byte("$func$")...)
+			}
+			return kind, tok
+		case '@':
+			if tkn.cfg.DBMS == DBMSPostgres {
+				// For postgres the @ symbol is reserved as an operator
+				// https://www.postgresql.org/docs/current/sql-syntax-lexical.html#SQL-SYNTAX-OPERATORS
+				// And is used as a json operator
+				// https://www.postgresql.org/docs/9.5/functions-json.html
+				switch tkn.lastChar {
+				case '>':
+					tkn.advance()
+					return JSONContains, []byte("@>")
+				default:
+					return TokenKind(ch), tkn.bytes()
+				}
+			}
+			fallthrough
+		case '{':
+			if tkn.pos == 1 || tkn.curlys > 0 {
+				// Do not fully obfuscate top-level SQL escape sequences like {{[?=]call procedure-name[([parameter][,parameter]...)]}.
+				// We want these to display a bit more context than just a plain '?'
+				// See: https://docs.oracle.com/cd/E13157_01/wlevs/docs30/jdbc_drivers/sqlescape.html
+				tkn.curlys++
+				return TokenKind(ch), tkn.bytes()
+			}
+			return tkn.scanEscapeSequence('{')
+		case '}':
+			if tkn.curlys == 0 {
+				// A closing curly brace has no place outside an in-progress top-level SQL escape sequence
+				// started by the '{' switch-case.
+				tkn.setErr(`unexpected byte %d`, ch)
+				return LexError, tkn.bytes()
+			}
+			tkn.curlys--
+			return TokenKind(ch), tkn.bytes()
+		default:
+			tkn.setErr(`unexpected byte %d`, ch)
+			return LexError, tkn.bytes()
+		}
+	}
+}
+
+// SkipBlank moves the tokenizer forward until hitting a non-whitespace character
+// The whitespace definition used here is the same as unicode.IsSpace
+func (tkn *SQLTokenizer) SkipBlank() {
+	for unicode.IsSpace(tkn.lastChar) {
+		tkn.advance()
+	}
+	tkn.bytes()
+}
+
+// toUpper is a modified version of bytes.ToUpper. It returns an upper-cased version of the byte
+// slice src with all Unicode letters mapped to their upper case. It is modified to also accept a
+// byte slice dst as an argument, the underlying storage of which (up to the capacity of dst)
+// will be used as the destination of the upper-case copy of src, if it fits. As a special case,
+// toUpper will return src if the byte slice is already upper-case. This function is used rather
+// than bytes.ToUpper to improve the memory performance of the obfuscator by saving unnecessary
+// allocations happening in bytes.ToUpper
+func toUpper(src, dst []byte) []byte {
+	dst = dst[:0]
+	isASCII, hasLower := true, false
+	for i := 0; i < len(src); i++ {
+		c := src[i]
+		if c >= utf8.RuneSelf {
+			isASCII = false
+			break
+		}
+		hasLower = hasLower || ('a' <= c && c <= 'z')
+	}
+	if cap(dst) < len(src) {
+		dst = make([]byte, 0, len(src))
+	}
+	if isASCII { // optimize for ASCII-only byte slices.
+		if !hasLower {
+			// Just return src.
+			return src
+		}
+		dst = dst[:len(src)]
+		for i := 0; i < len(src); i++ {
+			c := src[i]
+			if 'a' <= c && c <= 'z' {
+				c -= 'a' - 'A'
+			}
+			dst[i] = c
+		}
+		return dst
+	}
+	// This *could* be optimized, but it's an uncommon case.
+	return bytes.Map(unicode.ToUpper, src)
+}
+
+func (tkn *SQLTokenizer) scanIdentifier() (TokenKind, []byte) {
+	tkn.advance()
+	for isLetter(tkn.lastChar) || isDigit(tkn.lastChar) || strings.ContainsRune(".*$", tkn.lastChar) {
+		tkn.advance()
+	}
+
+	t := tkn.bytes()
+	// Space allows us to upper-case identifiers 256 bytes long or less without allocating heap
+	// storage for them, since space is allocated on the stack. A size of 256 bytes was chosen
+	// based on the allowed length of sql identifiers in various sql implementations.
+	var space [256]byte
+	upper := toUpper(t, space[:0])
+	if keywordID, found := keywords[string(upper)]; found {
+		return keywordID, t
+	}
+	return ID, t
+}
+
+func (tkn *SQLTokenizer) scanVariableIdentifier(prefix rune) (TokenKind, []byte) {
+	for tkn.advance(); tkn.lastChar != ')' && tkn.lastChar != EndChar; tkn.advance() {
+	}
+	tkn.advance()
+	if !isLetter(tkn.lastChar) {
+		tkn.setErr(`invalid character after variable identifier: "%c" (%d)`, tkn.lastChar, tkn.lastChar)
+		return LexError, tkn.bytes()
+	}
+	tkn.advance()
+	return Variable, tkn.bytes()
+}
+
+func (tkn *SQLTokenizer) scanFormatParameter(prefix rune) (TokenKind, []byte) {
+	tkn.advance()
+	return Variable, tkn.bytes()
+}
+
+// scanDollarQuotedString scans a Postgres dollar-quoted string constant.
+// See: https://www.postgresql.org/docs/current/sql-syntax-lexical.html#SQL-SYNTAX-DOLLAR-QUOTING
+func (tkn *SQLTokenizer) scanDollarQuotedString() (TokenKind, []byte) {
+	kind, tag := tkn.scanString('$', String)
+	if kind == LexError {
+		return kind, tkn.bytes()
+	}
+	var (
+		got int
+		buf bytes.Buffer
+	)
+	delim := tag
+	// on empty strings, tkn.scanString returns the delimiters
+	if string(delim) != "$$" {
+		// on non-empty strings, the delimiter is $tag$
+		delim = append([]byte{'$'}, delim...)
+		delim = append(delim, '$')
+	}
+	for {
+		ch := tkn.lastChar
+		tkn.advance()
+		if ch == EndChar {
+			tkn.setErr("unexpected EOF in dollar-quoted string")
+			return LexError, buf.Bytes()
+		}
+		if byte(ch) == delim[got] {
+			got++
+			if got == len(delim) {
+				break
+			}
+			continue
+		}
+		if got > 0 {
+			_, err := buf.Write(delim[:got])
+			if err != nil {
+				tkn.setErr("error reading dollar-quoted string: %v", err)
+				return LexError, buf.Bytes()
+			}
+			got = 0
+		}
+		buf.WriteRune(ch)
+	}
+	if tkn.cfg.DollarQuotedFunc && string(delim) == "$func$" {
+		return DollarQuotedFunc, buf.Bytes()
+	}
+	return DollarQuotedString, buf.Bytes()
+}
+
+func (tkn *SQLTokenizer) scanPreparedStatement(prefix rune) (TokenKind, []byte) {
+	// a prepared statement expect a digit identifier like $1
+	if !isDigit(tkn.lastChar) {
+		tkn.setErr(`prepared statements must start with digits, got "%c" (%d)`, tkn.lastChar, tkn.lastChar)
+		return LexError, tkn.bytes()
+	}
+
+	// scanNumber keeps the prefix rune intact.
+	// read numbers and return an error if any
+	token, buff := tkn.scanNumber(false)
+	if token == LexError {
+		tkn.setErr("invalid number")
+		return LexError, tkn.bytes()
+	}
+	return PreparedStatement, buff
+}
+
+func (tkn *SQLTokenizer) scanEscapeSequence(braces rune) (TokenKind, []byte) {
+	for tkn.lastChar != '}' && tkn.lastChar != EndChar {
+		tkn.advance()
+	}
+
+	// we've reached the end of the string without finding
+	// the closing curly braces
+	if tkn.lastChar == EndChar {
+		tkn.setErr("unexpected EOF in escape sequence")
+		return LexError, tkn.bytes()
+	}
+
+	tkn.advance()
+	return EscapeSequence, tkn.bytes()
+}
+
+func (tkn *SQLTokenizer) scanBindVar() (TokenKind, []byte) {
+	token := ValueArg
+	if tkn.lastChar == ':' {
+		token = ListArg
+		tkn.advance()
+	}
+	if !isLetter(tkn.lastChar) && !isDigit(tkn.lastChar) {
+		tkn.setErr(`bind variables should start with letters or digits, got "%c" (%d)`, tkn.lastChar, tkn.lastChar)
+		return LexError, tkn.bytes()
+	}
+	for isLetter(tkn.lastChar) || isDigit(tkn.lastChar) || tkn.lastChar == '.' {
+		tkn.advance()
+	}
+	return token, tkn.bytes()
+}
+
+func (tkn *SQLTokenizer) scanMantissa(base int) {
+	for digitVal(tkn.lastChar) < base {
+		tkn.advance()
+	}
+}
+
+func (tkn *SQLTokenizer) scanNumber(seenDecimalPoint bool) (TokenKind, []byte) {
+	if seenDecimalPoint {
+		tkn.scanMantissa(10)
+		goto exponent
+	}
+
+	if tkn.lastChar == '0' {
+		// int or float
+		tkn.advance()
+		if tkn.lastChar == 'x' || tkn.lastChar == 'X' {
+			// hexadecimal int
+			tkn.advance()
+			tkn.scanMantissa(16)
+		} else {
+			// octal int or float
+			tkn.scanMantissa(8)
+			if tkn.lastChar == '8' || tkn.lastChar == '9' {
+				tkn.scanMantissa(10)
+			}
+			if tkn.lastChar == '.' || tkn.lastChar == 'e' || tkn.lastChar == 'E' {
+				goto fraction
+			}
+		}
+		goto exit
+	}
+
+	// decimal int or float
+	tkn.scanMantissa(10)
+
+fraction:
+	if tkn.lastChar == '.' {
+		tkn.advance()
+		tkn.scanMantissa(10)
+	}
+
+exponent:
+	if tkn.lastChar == 'e' || tkn.lastChar == 'E' {
+		tkn.advance()
+		if tkn.lastChar == '+' || tkn.lastChar == '-' {
+			tkn.advance()
+		}
+		tkn.scanMantissa(10)
+	}
+
+exit:
+	t := tkn.bytes()
+	if len(t) == 0 {
+		tkn.setErr("Parse error: ended up with zero-length number.")
+		return LexError, nil
+	}
+	return Number, t
+}
+
+func (tkn *SQLTokenizer) scanString(delim rune, kind TokenKind) (TokenKind, []byte) {
+	buf := bytes.NewBuffer(tkn.buf[:0])
+	for {
+		ch := tkn.lastChar
+		tkn.advance()
+		if ch == delim {
+			if tkn.lastChar == delim {
+				// doubling a delimiter is the default way to embed the delimiter within a string
+				tkn.advance()
+			} else {
+				// a single delimiter denotes the end of the string
+				break
+			}
+		} else if ch == escapeCharacter {
+			tkn.seenEscape = true
+
+			if !tkn.literalEscapes {
+				// treat as an escape character
+				ch = tkn.lastChar
+				tkn.advance()
+			}
+		}
+		if ch == EndChar {
+			tkn.setErr("unexpected EOF in string")
+			return LexError, buf.Bytes()
+		}
+		buf.WriteRune(ch)
+	}
+	if kind == ID && buf.Len() == 0 || bytes.IndexFunc(buf.Bytes(), func(r rune) bool { return !unicode.IsSpace(r) }) == -1 {
+		// This string is an empty or white-space only identifier.
+		// We should keep the start and end delimiters in order to
+		// avoid creating invalid queries.
+		// See: https://github.com/DataDog/datadog-trace-agent/issues/316
+		return kind, append(runeBytes(delim), runeBytes(delim)...)
+	}
+	return kind, buf.Bytes()
+}
+
+func (tkn *SQLTokenizer) scanCommentType1(prefix string) (TokenKind, []byte) {
+	for tkn.lastChar != EndChar {
+		if tkn.lastChar == '\n' {
+			tkn.advance()
+			break
+		}
+		tkn.advance()
+	}
+	return Comment, tkn.bytes()
+}
+
+func (tkn *SQLTokenizer) scanCommentType2() (TokenKind, []byte) {
+	for {
+		if tkn.lastChar == '*' {
+			tkn.advance()
+			if tkn.lastChar == '/' {
+				tkn.advance()
+				break
+			}
+			continue
+		}
+		if tkn.lastChar == EndChar {
+			tkn.setErr("unexpected EOF in comment")
+			return LexError, tkn.bytes()
+		}
+		tkn.advance()
+	}
+	return Comment, tkn.bytes()
+}
+
+// advance advances the tokenizer to the next rune. If the decoder encounters an error decoding, or
+// the end of the buffer is reached, tkn.lastChar will be set to EndChar. In case of a decoding
+// error, tkn.err will also be set.
+func (tkn *SQLTokenizer) advance() {
+	ch, n := utf8.DecodeRune(tkn.buf[tkn.off:])
+	if ch == utf8.RuneError && n < 2 {
+		tkn.pos++
+		tkn.lastChar = EndChar
+		if n == 1 {
+			tkn.setErr("invalid UTF-8 encoding beginning with 0x%x", tkn.buf[tkn.off])
+		}
+		return
+	}
+	if tkn.lastChar != 0 || tkn.pos > 0 {
+		// we are past the first character
+		tkn.pos += n
+	}
+	tkn.off += n
+	tkn.lastChar = ch
+}
+
+// bytes returns all the bytes that were advanced over since its last call.
+// This excludes tkn.lastChar, which will remain in the buffer
+func (tkn *SQLTokenizer) bytes() []byte {
+	if tkn.lastChar == EndChar {
+		ret := tkn.buf[:tkn.off]
+		tkn.buf = tkn.buf[tkn.off:]
+		tkn.off = 0
+		return ret
+	}
+	lastLen := utf8.RuneLen(tkn.lastChar)
+	ret := tkn.buf[:tkn.off-lastLen]
+	tkn.buf = tkn.buf[tkn.off-lastLen:]
+	tkn.off = lastLen
+	return ret
+}
+
+// Position exports the tokenizer's current position in the query
+func (tkn *SQLTokenizer) Position() int {
+	return tkn.pos
+}
+
+func isLeadingLetter(ch rune) bool {
+	return unicode.IsLetter(ch) || ch == '_' || ch == '@'
+}
+
+func isLetter(ch rune) bool {
+	return isLeadingLetter(ch) || ch == '#'
+}
+
+func digitVal(ch rune) int {
+	switch {
+	case '0' <= ch && ch <= '9':
+		return int(ch) - '0'
+	case 'a' <= ch && ch <= 'f':
+		return int(ch) - 'a' + 10
+	case 'A' <= ch && ch <= 'F':
+		return int(ch) - 'A' + 10
+	}
+	return 16 // larger than any legal digit val
+}
+
+func isDigit(ch rune) bool { return '0' <= ch && ch <= '9' }
+
+// runeBytes converts the given rune to a slice of bytes.
+func runeBytes(r rune) []byte {
+	buf := make([]byte, utf8.UTFMax)
+	n := utf8.EncodeRune(buf, r)
+	return buf[:n]
+}
+
+// isValidCharAfterOperator returns true if c is a valid character after an operator
+func isValidCharAfterOperator(c rune) bool {
+	return c == '(' || c == '`' || c == '\'' || c == '"' || c == '+' || c == '-' || unicode.IsSpace(c) || isLetter(c) || isDigit(c)
+}
diff --git a/vendor/github.com/DataDog/datadog-agent/pkg/remoteconfig/state/LICENSE b/vendor/github.com/DataDog/datadog-agent/pkg/remoteconfig/state/LICENSE
new file mode 100644
index 000000000..b370545be
--- /dev/null
+++ b/vendor/github.com/DataDog/datadog-agent/pkg/remoteconfig/state/LICENSE
@@ -0,0 +1,200 @@
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "{}"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright 2016-present Datadog, Inc.
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
diff --git a/vendor/github.com/DataDog/datadog-agent/pkg/remoteconfig/state/README.md b/vendor/github.com/DataDog/datadog-agent/pkg/remoteconfig/state/README.md
new file mode 100644
index 000000000..a42ffb54e
--- /dev/null
+++ b/vendor/github.com/DataDog/datadog-agent/pkg/remoteconfig/state/README.md
@@ -0,0 +1,5 @@
+# Remote Config Go client
+
+This package powers the Remote Config client shipped in the Go tracer and in all the agent processes (core-agent, trace-agent, system-probe, ...).
+
+To add a new product simply add it to `products.go` as a constant and in the `validProducts` set.
diff --git a/vendor/github.com/DataDog/datadog-agent/pkg/remoteconfig/state/agent_config.go b/vendor/github.com/DataDog/datadog-agent/pkg/remoteconfig/state/agent_config.go
new file mode 100644
index 000000000..f6df6a937
--- /dev/null
+++ b/vendor/github.com/DataDog/datadog-agent/pkg/remoteconfig/state/agent_config.go
@@ -0,0 +1,159 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2023-present Datadog, Inc.
+
+package state
+
+import (
+	"encoding/json"
+	"fmt"
+	"regexp"
+
+	"github.com/pkg/errors"
+)
+
+const agentConfigOrderID = "configuration_order"
+
+var datadogConfigIDRegexp = regexp.MustCompile(`^datadog/\d+/AGENT_CONFIG/([^/]+)/[^/]+$`)
+
+// AgentConfig is a deserialized agent configuration file
+// along with the associated metadata
+type AgentConfig struct {
+	Config   agentConfigData
+	Metadata Metadata
+}
+
+// ConfigContent contains the configurations set by remote-config
+type ConfigContent struct {
+	LogLevel string `json:"log_level"`
+}
+
+type agentConfigData struct {
+	Name   string        `json:"name"`
+	Config ConfigContent `json:"config"`
+}
+
+// AgentConfigOrder is a deserialized agent configuration file
+// along with the associated metadata
+type AgentConfigOrder struct {
+	Config   agentConfigOrderData
+	Metadata Metadata
+}
+
+type agentConfigOrderData struct {
+	Order         []string `json:"order"`
+	InternalOrder []string `json:"internal_order"`
+}
+
+// AgentConfigState contains the state of the config in case of fallback or override
+type AgentConfigState struct {
+	FallbackLogLevel string
+	LatestLogLevel   string
+}
+
+// parseConfigAgentConfig parses an agent task config
+func parseConfigAgentConfig(data []byte, metadata Metadata) (AgentConfig, error) {
+	var d agentConfigData
+
+	err := json.Unmarshal(data, &d)
+	if err != nil {
+		return AgentConfig{}, fmt.Errorf("Unexpected AGENT_CONFIG received through remote-config: %s", err)
+	}
+
+	return AgentConfig{
+		Config:   d,
+		Metadata: metadata,
+	}, nil
+}
+
+// parseConfigAgentConfig parses an agent task config
+func parseConfigAgentConfigOrder(data []byte, metadata Metadata) (AgentConfigOrder, error) {
+	var d agentConfigOrderData
+
+	err := json.Unmarshal(data, &d)
+	if err != nil {
+		return AgentConfigOrder{}, fmt.Errorf("Unexpected AGENT_CONFIG received through remote-config: %s", err)
+	}
+
+	return AgentConfigOrder{
+		Config:   d,
+		Metadata: metadata,
+	}, nil
+}
+
+// MergeRCAgentConfig is the callback function called when there is an AGENT_CONFIG config update
+// The RCClient can directly call back listeners, because there would be no way to send back
+// RCTE2 configuration applied state to RC backend.
+func MergeRCAgentConfig(applyStatus func(cfgPath string, status ApplyStatus), updates map[string]RawConfig) (ConfigContent, error) {
+	var orderFile AgentConfigOrder
+	var hasError bool
+	var fullErr error
+	parsedLayers := map[string]AgentConfig{}
+
+	for configPath, c := range updates {
+		var err error
+		matched := datadogConfigIDRegexp.FindStringSubmatch(configPath)
+		if len(matched) != 2 {
+			err = fmt.Errorf("config file path '%s' has wrong format", configPath)
+			hasError = true
+			fullErr = errors.Wrap(fullErr, err.Error())
+			applyStatus(configPath, ApplyStatus{
+				State: ApplyStateError,
+				Error: err.Error(),
+			})
+			// If a layer is wrong, fail later to parse the rest and check them all
+			continue
+		}
+
+		parsedConfigID := matched[1]
+
+		// Ignore the configuration order file
+		if parsedConfigID == agentConfigOrderID {
+			orderFile, err = parseConfigAgentConfigOrder(c.Config, c.Metadata)
+			if err != nil {
+				hasError = true
+				fullErr = errors.Wrap(fullErr, err.Error())
+				applyStatus(configPath, ApplyStatus{
+					State: ApplyStateError,
+					Error: err.Error(),
+				})
+				// If a layer is wrong, fail later to parse the rest and check them all
+				continue
+			}
+		} else {
+			cfg, err := parseConfigAgentConfig(c.Config, c.Metadata)
+			if err != nil {
+				hasError = true
+				applyStatus(configPath, ApplyStatus{
+					State: ApplyStateError,
+					Error: err.Error(),
+				})
+				// If a layer is wrong, fail later to parse the rest and check them all
+				continue
+			}
+			parsedLayers[parsedConfigID] = cfg
+		}
+	}
+
+	// If there was at least one error, don't apply any config
+	if hasError || (len(orderFile.Config.Order) == 0 && len(orderFile.Config.InternalOrder) == 0) {
+		return ConfigContent{}, fullErr
+	}
+
+	// Go through all the layers that were sent, and apply them one by one to the merged structure
+	mergedConfig := ConfigContent{}
+	for i := len(orderFile.Config.Order) - 1; i >= 0; i-- {
+		if layer, found := parsedLayers[orderFile.Config.Order[i]]; found {
+			mergedConfig.LogLevel = layer.Config.Config.LogLevel
+		}
+	}
+	// Same for internal config
+	for i := len(orderFile.Config.InternalOrder) - 1; i >= 0; i-- {
+		if layer, found := parsedLayers[orderFile.Config.InternalOrder[i]]; found {
+			mergedConfig.LogLevel = layer.Config.Config.LogLevel
+		}
+	}
+
+	return mergedConfig, nil
+}
diff --git a/vendor/github.com/DataDog/datadog-agent/pkg/remoteconfig/state/configs.go b/vendor/github.com/DataDog/datadog-agent/pkg/remoteconfig/state/configs.go
new file mode 100644
index 000000000..06fdb2730
--- /dev/null
+++ b/vendor/github.com/DataDog/datadog-agent/pkg/remoteconfig/state/configs.go
@@ -0,0 +1,123 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2022-present Datadog, Inc.
+
+package state
+
+import (
+	"encoding/json"
+	"errors"
+	"fmt"
+
+	"github.com/DataDog/go-tuf/data"
+)
+
+// ErrNoConfigVersion occurs when a target file's custom meta is missing the config version
+var ErrNoConfigVersion = errors.New("version missing in custom file meta")
+
+func parseConfig(product string, raw []byte, metadata Metadata) (interface{}, error) {
+	if _, validProduct := validProducts[product]; !validProduct {
+		return nil, fmt.Errorf("unknown product: %s", product)
+	}
+
+	switch product {
+	// ASM products are parsed directly in this client
+	case ProductASMFeatures:
+		return parseASMFeaturesConfig(raw, metadata)
+	case ProductASMDD:
+		return parseConfigASMDD(raw, metadata)
+	case ProductASMData:
+		return parseConfigASMData(raw, metadata)
+	// case ProductAgentTask:
+	// 	return ParseConfigAgentTask(raw, metadata)
+	// Other products are parsed separately
+	default:
+		return RawConfig{
+			Config:   raw,
+			Metadata: metadata,
+		}, nil
+	}
+}
+
+// RawConfig holds a config that will be parsed separately
+type RawConfig struct {
+	Config   []byte
+	Metadata Metadata
+}
+
+// GetConfigs returns the current configs of a given product
+func (r *Repository) GetConfigs(product string) map[string]RawConfig {
+	typedConfigs := make(map[string]RawConfig)
+	configs := r.getConfigs(product)
+
+	for path, conf := range configs {
+		// We control this, so if this has gone wrong something has gone horribly wrong
+		typed, ok := conf.(RawConfig)
+		if !ok {
+			panic("unexpected config stored as RawConfig")
+		}
+
+		typedConfigs[path] = typed
+	}
+
+	return typedConfigs
+}
+
+// Metadata stores remote config metadata for a given configuration
+type Metadata struct {
+	Product     string
+	ID          string
+	Name        string
+	Version     uint64
+	RawLength   uint64
+	Hashes      map[string][]byte
+	ApplyStatus ApplyStatus
+}
+
+func newConfigMetadata(parsedPath configPath, tfm data.TargetFileMeta) (Metadata, error) {
+	var m Metadata
+	m.ID = parsedPath.ConfigID
+	m.Product = parsedPath.Product
+	m.Name = parsedPath.Name
+	m.RawLength = uint64(tfm.Length)
+	m.Hashes = make(map[string][]byte)
+	for k, v := range tfm.Hashes {
+		m.Hashes[k] = []byte(v)
+	}
+	v, err := fileMetaVersion(tfm)
+	if err != nil {
+		return Metadata{}, err
+	}
+	m.Version = v
+
+	return m, nil
+}
+
+type fileMetaCustom struct {
+	Version *uint64 `json:"v"`
+}
+
+func fileMetaVersion(fm data.TargetFileMeta) (uint64, error) {
+	if fm.Custom == nil {
+		return 0, ErrNoConfigVersion
+	}
+	fmc, err := parseFileMetaCustom(*fm.Custom)
+	if err != nil {
+		return 0, err
+	}
+
+	return *fmc.Version, nil
+}
+
+func parseFileMetaCustom(rawCustom []byte) (fileMetaCustom, error) {
+	var custom fileMetaCustom
+	err := json.Unmarshal(rawCustom, &custom)
+	if err != nil {
+		return fileMetaCustom{}, err
+	}
+	if custom.Version == nil {
+		return fileMetaCustom{}, ErrNoConfigVersion
+	}
+	return custom, nil
+}
diff --git a/vendor/github.com/DataDog/datadog-agent/pkg/remoteconfig/state/configs_agent_task.go b/vendor/github.com/DataDog/datadog-agent/pkg/remoteconfig/state/configs_agent_task.go
new file mode 100644
index 000000000..618bf7335
--- /dev/null
+++ b/vendor/github.com/DataDog/datadog-agent/pkg/remoteconfig/state/configs_agent_task.go
@@ -0,0 +1,59 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2023-present Datadog, Inc.
+
+package state
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// AgentTaskConfig is a deserialized agent task configuration file
+// along with the associated metadata
+type AgentTaskConfig struct {
+	Config   AgentTaskData
+	Metadata Metadata
+}
+
+// AgentTaskData is the content of a agent task configuration file
+type AgentTaskData struct {
+	TaskType string            `json:"task_type"`
+	UUID     string            `json:"uuid"`
+	TaskArgs map[string]string `json:"args"`
+}
+
+// ParseConfigAgentTask parses an agent task config
+func ParseConfigAgentTask(data []byte, metadata Metadata) (AgentTaskConfig, error) {
+	var d AgentTaskData
+
+	err := json.Unmarshal(data, &d)
+	if err != nil {
+		return AgentTaskConfig{}, fmt.Errorf("Unexpected AGENT_TASK received through remote-config: %s", err)
+	}
+
+	return AgentTaskConfig{
+		Config:   d,
+		Metadata: metadata,
+	}, nil
+}
+
+// AgentTaskConfigs returns the currently active AGENT_TASK configs
+func (r *Repository) AgentTaskConfigs() map[string]AgentTaskConfig {
+	typedConfigs := make(map[string]AgentTaskConfig)
+
+	configs := r.getConfigs(ProductAgentTask)
+
+	for path, conf := range configs {
+		// We control this, so if this has gone wrong something has gone horribly wrong
+		typed, ok := conf.(AgentTaskConfig)
+		if !ok {
+			panic("unexpected config stored as AgentTaskConfigs")
+		}
+
+		typedConfigs[path] = typed
+	}
+
+	return typedConfigs
+}
diff --git a/vendor/github.com/DataDog/datadog-agent/pkg/remoteconfig/state/configs_asm.go b/vendor/github.com/DataDog/datadog-agent/pkg/remoteconfig/state/configs_asm.go
new file mode 100644
index 000000000..ac7a918e8
--- /dev/null
+++ b/vendor/github.com/DataDog/datadog-agent/pkg/remoteconfig/state/configs_asm.go
@@ -0,0 +1,159 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2022-present Datadog, Inc.
+
+package state
+
+import (
+	"encoding/json"
+)
+
+// ConfigASMDD is a deserialized ASM DD configuration file along with its
+// associated remote config metadata
+type ConfigASMDD struct {
+	Config   []byte
+	Metadata Metadata
+}
+
+func parseConfigASMDD(data []byte, metadata Metadata) (ConfigASMDD, error) {
+	return ConfigASMDD{
+		Config:   data,
+		Metadata: metadata,
+	}, nil
+}
+
+// ASMDDConfigs returns the currently active ASMDD configs
+func (r *Repository) ASMDDConfigs() map[string]ConfigASMDD {
+	typedConfigs := make(map[string]ConfigASMDD)
+
+	configs := r.getConfigs(ProductASMDD)
+
+	for path, conf := range configs {
+		// We control this, so if this has gone wrong something has gone horribly wrong
+		typed, ok := conf.(ConfigASMDD)
+		if !ok {
+			panic("unexpected config stored as ASMDD Config")
+		}
+
+		typedConfigs[path] = typed
+	}
+
+	return typedConfigs
+}
+
+// ASMFeaturesConfig is a deserialized configuration file that indicates whether ASM should be enabled
+// within a tracer, along with its associated remote config metadata.
+type ASMFeaturesConfig struct {
+	Config   ASMFeaturesData
+	Metadata Metadata
+}
+
+// ASMFeaturesData describes the enabled state of ASM features
+type ASMFeaturesData struct {
+	ASM struct {
+		Enabled bool `json:"enabled"`
+	} `json:"asm"`
+}
+
+func parseASMFeaturesConfig(data []byte, metadata Metadata) (ASMFeaturesConfig, error) {
+	var f ASMFeaturesData
+
+	err := json.Unmarshal(data, &f)
+	if err != nil {
+		return ASMFeaturesConfig{}, nil
+	}
+
+	return ASMFeaturesConfig{
+		Config:   f,
+		Metadata: metadata,
+	}, nil
+}
+
+// ASMFeaturesConfigs returns the currently active ASMFeatures configs
+func (r *Repository) ASMFeaturesConfigs() map[string]ASMFeaturesConfig {
+	typedConfigs := make(map[string]ASMFeaturesConfig)
+
+	configs := r.getConfigs(ProductASMFeatures)
+
+	for path, conf := range configs {
+		// We control this, so if this has gone wrong something has gone horribly wrong
+		typed, ok := conf.(ASMFeaturesConfig)
+		if !ok {
+			panic("unexpected config stored as ASMFeaturesConfig")
+		}
+
+		typedConfigs[path] = typed
+	}
+
+	return typedConfigs
+}
+
+// ApplyState represents the status of a configuration application by a remote configuration client
+// Clients need to either ack the correct application of received configurations, or communicate that
+// they haven't applied it yet, or communicate any error that may have happened while doing so
+type ApplyState uint64
+
+const (
+	ApplyStateUnknown ApplyState = iota
+	ApplyStateUnacknowledged
+	ApplyStateAcknowledged
+	ApplyStateError
+)
+
+// ApplyStatus is the processing status for a given configuration.
+// It basically represents whether a config was successfully processed and apply, or if an error occurred
+type ApplyStatus struct {
+	State ApplyState
+	Error string
+}
+
+// ASMDataConfig is a deserialized configuration file that holds rules data that can be used
+// by the ASM WAF for specific features (example: ip blocking).
+type ASMDataConfig struct {
+	Config   ASMDataRulesData
+	Metadata Metadata
+}
+
+// ASMDataRulesData is a serializable array of rules data entries
+type ASMDataRulesData struct {
+	RulesData []ASMDataRuleData `json:"rules_data"`
+}
+
+// ASMDataRuleData is an entry in the rules data list held by an ASMData configuration
+type ASMDataRuleData struct {
+	ID   string                 `json:"id"`
+	Type string                 `json:"type"`
+	Data []ASMDataRuleDataEntry `json:"data"`
+}
+
+// ASMDataRuleDataEntry represents a data entry in a rule data file
+type ASMDataRuleDataEntry struct {
+	Expiration int64  `json:"expiration,omitempty"`
+	Value      string `json:"value"`
+}
+
+func parseConfigASMData(data []byte, metadata Metadata) (ASMDataConfig, error) {
+	cfg := ASMDataConfig{
+		Metadata: metadata,
+	}
+	err := json.Unmarshal(data, &cfg.Config)
+	return cfg, err
+}
+
+// ASMDataConfigs returns the currently active ASMData configs
+func (r *Repository) ASMDataConfigs() map[string]ASMDataConfig {
+	typedConfigs := make(map[string]ASMDataConfig)
+	configs := r.getConfigs(ProductASMData)
+
+	for path, cfg := range configs {
+		// We control this, so if this has gone wrong something has gone horribly wrong
+		typed, ok := cfg.(ASMDataConfig)
+		if !ok {
+			panic("unexpected config stored as ASMDataConfig")
+		}
+		typedConfigs[path] = typed
+	}
+
+	return typedConfigs
+}
diff --git a/vendor/github.com/DataDog/datadog-agent/pkg/remoteconfig/state/path.go b/vendor/github.com/DataDog/datadog-agent/pkg/remoteconfig/state/path.go
new file mode 100644
index 000000000..d1a4d69e2
--- /dev/null
+++ b/vendor/github.com/DataDog/datadog-agent/pkg/remoteconfig/state/path.go
@@ -0,0 +1,100 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2022-present Datadog, Inc.
+
+package state
+
+import (
+	"fmt"
+	"regexp"
+	"strconv"
+	"strings"
+)
+
+var (
+	// matches datadog/<int>/<string>/<string>/<string> for datadog/<org_id>/<product>/<config_id>/<file>
+	datadogPathRegexp       = regexp.MustCompile(`^datadog/(\d+)/([^/]+)/([^/]+)/([^/]+)$`)
+	datadogPathRegexpGroups = 4
+
+	// matches employee/<string>/<string>/<string> for employee/<org_id>/<product>/<config_id>/<file>
+	employeePathRegexp       = regexp.MustCompile(`^employee/([^/]+)/([^/]+)/([^/]+)$`)
+	employeePathRegexpGroups = 3
+)
+
+type source uint
+
+const (
+	sourceUnknown source = iota
+	sourceDatadog
+	sourceEmployee
+)
+
+type configPath struct {
+	Source   source
+	OrgID    int64
+	Product  string
+	ConfigID string
+	Name     string
+}
+
+func parseConfigPath(path string) (configPath, error) {
+	configType := parseConfigPathSource(path)
+	switch configType {
+	case sourceDatadog:
+		return parseDatadogConfigPath(path)
+	case sourceEmployee:
+		return parseEmployeeConfigPath(path)
+	}
+	return configPath{}, fmt.Errorf("config path '%s' has unknown source", path)
+}
+
+func parseDatadogConfigPath(path string) (configPath, error) {
+	matchedGroups := datadogPathRegexp.FindStringSubmatch(path)
+	if len(matchedGroups) != datadogPathRegexpGroups+1 {
+		return configPath{}, fmt.Errorf("config file path '%s' has wrong format", path)
+	}
+	rawOrgID := matchedGroups[1]
+	orgID, err := strconv.ParseInt(rawOrgID, 10, 64)
+	if err != nil {
+		return configPath{}, fmt.Errorf("could not parse orgID '%s' in config file path: %v", rawOrgID, err)
+	}
+	rawProduct := matchedGroups[2]
+	if len(rawProduct) == 0 {
+		return configPath{}, fmt.Errorf("product is empty")
+	}
+	return configPath{
+		Source:   sourceDatadog,
+		OrgID:    orgID,
+		Product:  rawProduct,
+		ConfigID: matchedGroups[3],
+		Name:     matchedGroups[4],
+	}, nil
+}
+
+func parseEmployeeConfigPath(path string) (configPath, error) {
+	matchedGroups := employeePathRegexp.FindStringSubmatch(path)
+	if len(matchedGroups) != employeePathRegexpGroups+1 {
+		return configPath{}, fmt.Errorf("config file path '%s' has wrong format", path)
+	}
+	rawProduct := matchedGroups[1]
+	if len(rawProduct) == 0 {
+		return configPath{}, fmt.Errorf("product is empty")
+	}
+	return configPath{
+		Source:   sourceEmployee,
+		Product:  rawProduct,
+		ConfigID: matchedGroups[2],
+		Name:     matchedGroups[3],
+	}, nil
+}
+
+func parseConfigPathSource(path string) source {
+	switch {
+	case strings.HasPrefix(path, "datadog/"):
+		return sourceDatadog
+	case strings.HasPrefix(path, "employee/"):
+		return sourceEmployee
+	}
+	return sourceUnknown
+}
diff --git a/vendor/github.com/DataDog/datadog-agent/pkg/remoteconfig/state/products.go b/vendor/github.com/DataDog/datadog-agent/pkg/remoteconfig/state/products.go
new file mode 100644
index 000000000..96f635df6
--- /dev/null
+++ b/vendor/github.com/DataDog/datadog-agent/pkg/remoteconfig/state/products.go
@@ -0,0 +1,45 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2022-present Datadog, Inc.
+
+package state
+
+var validProducts = map[string]struct{}{
+	ProductAgentConfig: {},
+	ProductAgentTask:   {},
+	ProductAPMSampling: {},
+	ProductCWSDD:       {},
+	ProductCWSCustom:   {},
+	ProductCWSProfiles: {},
+	ProductASM:         {},
+	ProductASMFeatures: {},
+	ProductASMDD:       {},
+	ProductASMData:     {},
+	ProductAPMTracing:  {},
+}
+
+const (
+	// ProductAgentConfig is to receive agent configurations, like the log level
+	ProductAgentConfig = "AGENT_CONFIG"
+	// ProductAgentTask is to receive agent task instruction, like a flare
+	ProductAgentTask = "AGENT_TASK"
+	// ProductAPMSampling is the apm sampling product
+	ProductAPMSampling = "APM_SAMPLING"
+	// ProductCWSDD is the cloud workload security product managed by datadog employees
+	ProductCWSDD = "CWS_DD"
+	// ProductCWSCustom is the cloud workload security product managed by datadog customers
+	ProductCWSCustom = "CWS_CUSTOM"
+	// ProductCWSProfiles is the cloud workload security profile product
+	ProductCWSProfiles = "CWS_SECURITY_PROFILES"
+	// ProductASM is the ASM product used by customers to issue rules configurations
+	ProductASM = "ASM"
+	// ProductASMFeatures is the ASM product used form ASM activation through remote config
+	ProductASMFeatures = "ASM_FEATURES"
+	// ProductASMDD is the application security monitoring product managed by datadog employees
+	ProductASMDD = "ASM_DD"
+	// ProductASMData is the ASM product used to configure WAF rules data
+	ProductASMData = "ASM_DATA"
+	// ProductAPMTracing is the apm tracing product
+	ProductAPMTracing = "APM_TRACING"
+)
diff --git a/vendor/github.com/DataDog/datadog-agent/pkg/remoteconfig/state/repository.go b/vendor/github.com/DataDog/datadog-agent/pkg/remoteconfig/state/repository.go
new file mode 100644
index 000000000..ced2a3db2
--- /dev/null
+++ b/vendor/github.com/DataDog/datadog-agent/pkg/remoteconfig/state/repository.go
@@ -0,0 +1,442 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2022-present Datadog, Inc.
+
+package state
+
+import (
+	"bytes"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"log"
+	"strings"
+
+	"github.com/DataDog/go-tuf/data"
+)
+
+var (
+	// ErrMalformedEmbeddedRoot occurs when the TUF root provided is invalid
+	ErrMalformedEmbeddedRoot = errors.New("malformed embedded TUF root file provided")
+)
+
+// RepositoryState contains all of the information about the current config files
+// stored by the client to be able to make an update request to an Agent
+type RepositoryState struct {
+	Configs            []ConfigState
+	CachedFiles        []CachedFile
+	TargetsVersion     int64
+	RootsVersion       int64
+	OpaqueBackendState []byte
+}
+
+// ConfigState describes an applied config by the agent client.
+type ConfigState struct {
+	Product     string
+	ID          string
+	Version     uint64
+	ApplyStatus ApplyStatus
+}
+
+// CachedFile describes a cached file stored by the agent client
+//
+// Note: You may be wondering why this exists when `ConfigState` exists
+// as well. The API for requesting updates does not mandate that a client
+// cache config files. This implementation just happens to do so.
+type CachedFile struct {
+	Path   string
+	Length uint64
+	Hashes map[string][]byte
+}
+
+// An Update contains all the data needed to update a client's remote config repository state
+type Update struct {
+	// TUFRoots contains, in order, updated roots that this repository needs to keep up with TUF validation
+	TUFRoots [][]byte
+	// TUFTargets is the latest TUF Targets file and is used to validate raw config files
+	TUFTargets []byte
+	// TargetFiles stores the raw config files by their full TUF path
+	TargetFiles map[string][]byte
+	// ClientcConfigs is a list of TUF path's corresponding to config files designated for this repository
+	ClientConfigs []string
+}
+
+// isEmpty returns whether or not all the fields of `Update` are empty
+func (u *Update) isEmpty() bool {
+	return len(u.TUFRoots) == 0 && len(u.TUFTargets) == 0 && (u.TargetFiles == nil || len(u.TargetFiles) == 0) && len(u.ClientConfigs) == 0
+}
+
+// Repository is a remote config client used in a downstream process to retrieve
+// remote config updates from an Agent.
+type Repository struct {
+	// TUF related data
+	latestTargets      *data.Targets
+	tufRootsClient     *tufRootsClient
+	opaqueBackendState []byte
+
+	// Unverified mode
+	tufVerificationEnabled bool
+	latestRootVersion      int64
+
+	// Config file storage
+	metadata map[string]Metadata
+	configs  map[string]map[string]interface{}
+}
+
+// NewRepository creates a new remote config repository that will track
+// both TUF metadata and raw config files for a client.
+func NewRepository(embeddedRoot []byte) (*Repository, error) {
+	if embeddedRoot == nil {
+		return nil, ErrMalformedEmbeddedRoot
+	}
+
+	configs := make(map[string]map[string]interface{})
+	for product := range validProducts {
+		configs[product] = make(map[string]interface{})
+	}
+
+	tufRootsClient, err := newTufRootsClient(embeddedRoot)
+	if err != nil {
+		return nil, err
+	}
+
+	return &Repository{
+		latestTargets:          data.NewTargets(),
+		tufRootsClient:         tufRootsClient,
+		metadata:               make(map[string]Metadata),
+		configs:                configs,
+		tufVerificationEnabled: true,
+	}, nil
+}
+
+// NewUnverifiedRepository creates a new remote config repository that will
+// track config files for a client WITHOUT verifying any TUF related metadata.
+//
+// When creating this we pretend we have a root version of 1, as the backend expects
+// to not have to send the initial "embedded" root.
+func NewUnverifiedRepository() (*Repository, error) {
+	configs := make(map[string]map[string]interface{})
+	for product := range validProducts {
+		configs[product] = make(map[string]interface{})
+	}
+
+	return &Repository{
+		latestTargets:          data.NewTargets(),
+		metadata:               make(map[string]Metadata),
+		configs:                configs,
+		tufVerificationEnabled: false,
+		latestRootVersion:      1, // The backend expects us to start with a root version of 1.
+	}, nil
+}
+
+// Update processes the ClientGetConfigsResponse from the Agent and updates the
+// configuration state
+func (r *Repository) Update(update Update) ([]string, error) {
+	var err error
+	var updatedTargets *data.Targets
+	var tmpRootClient *tufRootsClient
+
+	// If there's literally nothing in the update, it's not an error.
+	if update.isEmpty() {
+		return []string{}, nil
+	}
+
+	// TUF: Update the roots and verify the TUF Targets file (optional)
+	//
+	// We don't want to partially update the state, so we need a temporary client to hold the new root
+	// data until we know it's valid. Since verification is optional, if the repository was configured
+	// to not do TUF verification we only deserialize the TUF targets file.
+	if r.tufVerificationEnabled {
+		tmpRootClient, err = r.tufRootsClient.clone()
+		if err != nil {
+			return nil, err
+		}
+		err = tmpRootClient.updateRoots(update.TUFRoots)
+		if err != nil {
+			return nil, err
+		}
+
+		updatedTargets, err = tmpRootClient.validateTargets(update.TUFTargets)
+		if err != nil {
+			return nil, err
+		}
+	} else {
+		updatedTargets, err = unsafeUnmarshalTargets(update.TUFTargets)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	clientConfigsMap := make(map[string]struct{})
+	for _, f := range update.ClientConfigs {
+		clientConfigsMap[f] = struct{}{}
+	}
+
+	result := newUpdateResult()
+
+	// 2: Check the config list and mark any missing configs as "to be removed"
+	for _, configs := range r.configs {
+		for path := range configs {
+			if _, ok := clientConfigsMap[path]; !ok {
+				result.removed = append(result.removed, path)
+				parsedPath, err := parseConfigPath(path)
+				if err != nil {
+					return nil, err
+				}
+				result.productsUpdated[parsedPath.Product] = true
+			}
+		}
+	}
+
+	// 3: For all the files referenced in this update
+	for _, path := range update.ClientConfigs {
+		targetFileMetadata, ok := updatedTargets.Targets[path]
+		if !ok {
+			return nil, fmt.Errorf("missing config file in TUF targets - %s", path)
+		}
+
+		// 3.a: Extract the product and ID from the path
+		parsedPath, err := parseConfigPath(path)
+		if err != nil {
+			return nil, err
+		}
+
+		// 3.b and 3.c: Check if this configuration is either new or has been modified
+		storedMetadata, exists := r.metadata[path]
+		if exists && hashesEqual(targetFileMetadata.Hashes, storedMetadata.Hashes) {
+			continue
+		}
+
+		// 3.d: Ensure that the raw configuration file is present in the
+		// update payload.
+		raw, ok := update.TargetFiles[path]
+		if !ok {
+			return nil, fmt.Errorf("missing update file - %s", path)
+		}
+
+		// TUF: Validate the hash of the raw target file and ensure that it matches
+		// the TUF metadata
+		err = validateTargetFileHash(targetFileMetadata, raw)
+		if err != nil {
+			return nil, fmt.Errorf("error validating %s hash with TUF metadata - %v", path, err)
+		}
+
+		// 3.e: Deserialize the configuration.
+		// 3.f: Store the update details for application later
+		//
+		// Note: We don't have to worry about extra fields as mentioned
+		// in the RFC because the encoding/json library handles that for us.
+		m, err := newConfigMetadata(parsedPath, targetFileMetadata)
+		if err != nil {
+			return nil, err
+		}
+		config, err := parseConfig(parsedPath.Product, raw, m)
+		if err != nil {
+			return nil, err
+		}
+		result.metadata[path] = m
+		result.changed[parsedPath.Product][path] = config
+		result.productsUpdated[parsedPath.Product] = true
+	}
+
+	// 4.a: Store the new targets.signed.custom.opaque_client_state
+	// TUF: Store the updated roots now that everything has validated
+	if r.tufVerificationEnabled {
+		r.tufRootsClient = tmpRootClient
+	} else if update.TUFRoots != nil && len(update.TUFRoots) > 0 {
+		v, err := extractRootVersion(update.TUFRoots[len(update.TUFRoots)-1])
+		if err != nil {
+			return nil, err
+		}
+		r.latestRootVersion = v
+	}
+	r.latestTargets = updatedTargets
+	if r.latestTargets.Custom != nil {
+		r.opaqueBackendState = extractOpaqueBackendState(*r.latestTargets.Custom)
+	}
+
+	// Upstream may not want to take any actions if the update result doesn't
+	// change any configs.
+	if result.isEmpty() {
+		return nil, nil
+	}
+
+	changedProducts := make([]string, 0)
+	for product, updated := range result.productsUpdated {
+		if updated {
+			changedProducts = append(changedProducts, product)
+		}
+	}
+
+	// 4.b/4.rave the new state and apply cleanups
+	r.applyUpdateResult(update, result)
+
+	return changedProducts, nil
+}
+
+// UpdateApplyStatus updates the config's metadata to reflect its processing state
+// Can be used after a call to Update() in order to tell the repository which config was acked, which
+// wasn't and which errors occurred while processing.
+// Note: it is the responsibility of the caller to ensure that no new Update() call was made between
+// the first Update() call and the call to UpdateApplyStatus() so as to keep the repository state accurate.
+func (r *Repository) UpdateApplyStatus(cfgPath string, status ApplyStatus) {
+	if m, ok := r.metadata[cfgPath]; ok {
+		m.ApplyStatus = status
+		r.metadata[cfgPath] = m
+	}
+}
+
+func (r *Repository) getConfigs(product string) map[string]interface{} {
+	configs, ok := r.configs[product]
+	if !ok {
+		return nil
+	}
+
+	return configs
+}
+
+// applyUpdateResult changes the state of the client based on the given update.
+//
+// The update is guaranteed to succeed at this point, having been vetted and the details
+// needed to apply the update stored in the `updateResult`.
+func (r *Repository) applyUpdateResult(update Update, result updateResult) {
+	// 4.b Save all the updated and new config files
+	for product, configs := range result.changed {
+		for path, config := range configs {
+			m := r.configs[product]
+			m[path] = config
+		}
+	}
+	for path, metadata := range result.metadata {
+		r.metadata[path] = metadata
+	}
+
+	// 5.b Clean up the cache of any removed configs
+	for _, path := range result.removed {
+		delete(r.metadata, path)
+		for _, configs := range r.configs {
+			delete(configs, path)
+		}
+	}
+}
+
+// CurrentState returns all of the information needed to
+// make an update for new configurations.
+func (r *Repository) CurrentState() (RepositoryState, error) {
+	var configs []ConfigState
+	var cached []CachedFile
+
+	for path, metadata := range r.metadata {
+		configs = append(configs, configStateFromMetadata(metadata))
+		cached = append(cached, cachedFileFromMetadata(path, metadata))
+	}
+
+	var latestRootVersion int64
+	if r.tufVerificationEnabled {
+		root, err := r.tufRootsClient.latestRoot()
+		if err != nil {
+			return RepositoryState{}, err
+		}
+		latestRootVersion = root.Version
+	} else {
+		latestRootVersion = r.latestRootVersion
+	}
+
+	return RepositoryState{
+		Configs:            configs,
+		CachedFiles:        cached,
+		TargetsVersion:     r.latestTargets.Version,
+		RootsVersion:       latestRootVersion,
+		OpaqueBackendState: r.opaqueBackendState,
+	}, nil
+}
+
+// An updateResult allows the client to apply the update as a transaction
+// after validating all required preconditions
+type updateResult struct {
+	removed         []string
+	metadata        map[string]Metadata
+	changed         map[string]map[string]interface{}
+	productsUpdated map[string]bool
+}
+
+func newUpdateResult() updateResult {
+	changed := make(map[string]map[string]interface{})
+
+	for product := range validProducts {
+		changed[product] = make(map[string]interface{})
+	}
+
+	return updateResult{
+		removed:         make([]string, 0),
+		metadata:        make(map[string]Metadata),
+		changed:         changed,
+		productsUpdated: map[string]bool{},
+	}
+}
+
+func (ur updateResult) Log() {
+	log.Printf("Removed Configs: %v", ur.removed)
+
+	var b strings.Builder
+	b.WriteString("Changed configs: [")
+	for path := range ur.metadata {
+		b.WriteString(path)
+		b.WriteString(" ")
+	}
+	b.WriteString("]")
+
+	log.Println(b.String())
+}
+
+func (ur updateResult) isEmpty() bool {
+	return len(ur.removed) == 0 && len(ur.metadata) == 0
+}
+
+func configStateFromMetadata(m Metadata) ConfigState {
+	return ConfigState{
+		Product:     m.Product,
+		ID:          m.ID,
+		Version:     m.Version,
+		ApplyStatus: m.ApplyStatus,
+	}
+}
+
+func cachedFileFromMetadata(path string, m Metadata) CachedFile {
+	return CachedFile{
+		Path:   path,
+		Length: m.RawLength,
+		Hashes: m.Hashes,
+	}
+}
+
+// hashesEqual checks if the hash values in the TUF metadata file match the stored
+// hash values for a given config
+func hashesEqual(tufHashes data.Hashes, storedHashes map[string][]byte) bool {
+	for algorithm, value := range tufHashes {
+		v, ok := storedHashes[algorithm]
+		if !ok {
+			continue
+		}
+
+		if !bytes.Equal(value, v) {
+			return false
+		}
+	}
+
+	return true
+}
+
+func extractOpaqueBackendState(targetsCustom []byte) []byte {
+	state := struct {
+		State []byte `json:"opaque_backend_state"`
+	}{nil}
+
+	err := json.Unmarshal(targetsCustom, &state)
+	if err != nil {
+		return []byte{}
+	}
+
+	return state.State
+}
diff --git a/vendor/github.com/DataDog/datadog-agent/pkg/remoteconfig/state/tuf.go b/vendor/github.com/DataDog/datadog-agent/pkg/remoteconfig/state/tuf.go
new file mode 100644
index 000000000..f67ab9c19
--- /dev/null
+++ b/vendor/github.com/DataDog/datadog-agent/pkg/remoteconfig/state/tuf.go
@@ -0,0 +1,233 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2022-present Datadog, Inc.
+
+package state
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"io"
+	"strconv"
+	"strings"
+
+	"github.com/DataDog/go-tuf/client"
+	"github.com/DataDog/go-tuf/data"
+	"github.com/DataDog/go-tuf/util"
+	"github.com/DataDog/go-tuf/verify"
+)
+
+type tufRootsClient struct {
+	rootClient      *client.Client
+	rootLocalStore  client.LocalStore
+	rootRemoteStore *rootClientRemoteStore
+}
+
+func newTufRootsClient(root []byte) (*tufRootsClient, error) {
+	rootLocalStore := client.MemoryLocalStore()
+	rootRemoteStore := &rootClientRemoteStore{}
+	rootClient := client.NewClient(rootLocalStore, rootRemoteStore)
+
+	err := rootClient.Init(root)
+	if err != nil {
+		return nil, err
+	}
+
+	return &tufRootsClient{
+		rootClient:      rootClient,
+		rootLocalStore:  rootLocalStore,
+		rootRemoteStore: rootRemoteStore,
+	}, nil
+}
+
+func (trc *tufRootsClient) clone() (*tufRootsClient, error) {
+	root, err := trc.latestRootRaw()
+	if err != nil {
+		return nil, err
+	}
+
+	return newTufRootsClient(root)
+}
+
+func (trc *tufRootsClient) updateRoots(newRoots [][]byte) error {
+	if len(newRoots) == 0 {
+		return nil
+	}
+
+	trc.rootRemoteStore.roots = append(trc.rootRemoteStore.roots, newRoots...)
+
+	return trc.rootClient.UpdateRoots()
+}
+
+func (trc *tufRootsClient) latestRoot() (*data.Root, error) {
+	raw, err := trc.latestRootRaw()
+	if err != nil {
+		return nil, err
+	}
+
+	return unsafeUnmarshalRoot(raw)
+}
+
+func (trc *tufRootsClient) latestRootRaw() ([]byte, error) {
+	metas, err := trc.rootLocalStore.GetMeta()
+	if err != nil {
+		return nil, err
+	}
+	rawRoot := metas["root.json"]
+
+	return rawRoot, nil
+}
+
+func (trc *tufRootsClient) validateTargets(rawTargets []byte) (*data.Targets, error) {
+	root, err := trc.latestRoot()
+	if err != nil {
+		return nil, err
+	}
+
+	db := verify.NewDB()
+	for _, key := range root.Keys {
+		for _, id := range key.IDs() {
+			if err := db.AddKey(id, key); err != nil {
+				return nil, err
+			}
+		}
+	}
+	targetsRole, hasRoleTargets := root.Roles["targets"]
+	if !hasRoleTargets {
+		return nil, fmt.Errorf("root is missing a targets role")
+	}
+	role := &data.Role{Threshold: targetsRole.Threshold, KeyIDs: targetsRole.KeyIDs}
+	if err := db.AddRole("targets", role); err != nil {
+		return nil, fmt.Errorf("could not add targets role to db: %v", err)
+	}
+	var targets data.Targets
+	err = db.Unmarshal(rawTargets, &targets, "targets", 0)
+	if err != nil {
+		return nil, err
+	}
+
+	return &targets, nil
+}
+
+type rootClientRemoteStore struct {
+	roots [][]byte
+}
+
+func (s *rootClientRemoteStore) GetMeta(name string) (stream io.ReadCloser, size int64, err error) {
+	metaPath, err := parseMetaPath(name)
+	if err != nil {
+		return nil, 0, err
+	}
+	if metaPath.role != roleRoot || !metaPath.versionSet {
+		return nil, 0, client.ErrNotFound{File: name}
+	}
+	for _, root := range s.roots {
+		parsedRoot, err := unsafeUnmarshalRoot(root)
+		if err != nil {
+			return nil, 0, err
+		}
+		if parsedRoot.Version == metaPath.version {
+			return io.NopCloser(bytes.NewReader(root)), int64(len(root)), nil
+		}
+	}
+	return nil, 0, client.ErrNotFound{File: name}
+}
+
+func (s *rootClientRemoteStore) GetTarget(path string) (stream io.ReadCloser, size int64, err error) {
+	return nil, 0, client.ErrNotFound{File: path}
+}
+
+type role string
+
+const (
+	roleRoot role = "root"
+)
+
+type metaPath struct {
+	role       role
+	version    int64
+	versionSet bool
+}
+
+func parseMetaPath(rawMetaPath string) (metaPath, error) {
+	splitRawMetaPath := strings.SplitN(rawMetaPath, ".", 3)
+	if len(splitRawMetaPath) != 2 && len(splitRawMetaPath) != 3 {
+		return metaPath{}, fmt.Errorf("invalid metadata path '%s'", rawMetaPath)
+	}
+	suffix := splitRawMetaPath[len(splitRawMetaPath)-1]
+	if suffix != "json" {
+		return metaPath{}, fmt.Errorf("invalid metadata path (suffix) '%s'", rawMetaPath)
+	}
+	rawRole := splitRawMetaPath[len(splitRawMetaPath)-2]
+	if rawRole == "" {
+		return metaPath{}, fmt.Errorf("invalid metadata path (role) '%s'", rawMetaPath)
+	}
+	if len(splitRawMetaPath) == 2 {
+		return metaPath{
+			role: role(rawRole),
+		}, nil
+	}
+	rawVersion, err := strconv.ParseInt(splitRawMetaPath[0], 10, 64)
+	if err != nil {
+		return metaPath{}, fmt.Errorf("invalid metadata path (version) '%s': %w", rawMetaPath, err)
+	}
+	return metaPath{
+		role:       role(rawRole),
+		version:    rawVersion,
+		versionSet: true,
+	}, nil
+}
+
+func validateTargetFileHash(targetMeta data.TargetFileMeta, targetFile []byte) error {
+	if len(targetMeta.HashAlgorithms()) == 0 {
+		return fmt.Errorf("target file has no hash")
+	}
+	generatedMeta, err := util.GenerateFileMeta(bytes.NewBuffer(targetFile), targetMeta.HashAlgorithms()...)
+	if err != nil {
+		return err
+	}
+	err = util.FileMetaEqual(targetMeta.FileMeta, generatedMeta)
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
+func unsafeUnmarshalRoot(raw []byte) (*data.Root, error) {
+	var signedRoot data.Signed
+	err := json.Unmarshal(raw, &signedRoot)
+	if err != nil {
+		return nil, err
+	}
+	var root data.Root
+	err = json.Unmarshal(signedRoot.Signed, &root)
+	if err != nil {
+		return nil, err
+	}
+	return &root, err
+}
+
+func unsafeUnmarshalTargets(raw []byte) (*data.Targets, error) {
+	var signedTargets data.Signed
+	err := json.Unmarshal(raw, &signedTargets)
+	if err != nil {
+		return nil, err
+	}
+	var targets data.Targets
+	err = json.Unmarshal(signedTargets.Signed, &targets)
+	if err != nil {
+		return nil, err
+	}
+	return &targets, err
+}
+
+func extractRootVersion(raw []byte) (int64, error) {
+	root, err := unsafeUnmarshalRoot(raw)
+	if err != nil {
+		return 0, err
+	}
+
+	return root.Version, nil
+}
diff --git a/vendor/github.com/DataDog/datadog-go/v5/LICENSE.txt b/vendor/github.com/DataDog/datadog-go/v5/LICENSE.txt
new file mode 100644
index 000000000..97cd06d7f
--- /dev/null
+++ b/vendor/github.com/DataDog/datadog-go/v5/LICENSE.txt
@@ -0,0 +1,19 @@
+Copyright (c) 2015 Datadog, Inc
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/vendor/github.com/DataDog/datadog-go/v5/statsd/README.md b/vendor/github.com/DataDog/datadog-go/v5/statsd/README.md
new file mode 100644
index 000000000..2fc899687
--- /dev/null
+++ b/vendor/github.com/DataDog/datadog-go/v5/statsd/README.md
@@ -0,0 +1,4 @@
+## Overview
+
+Package `statsd` provides a Go [dogstatsd](http://docs.datadoghq.com/guides/dogstatsd/) client.  Dogstatsd extends Statsd, adding tags
+and histograms.
diff --git a/vendor/github.com/DataDog/datadog-go/v5/statsd/aggregator.go b/vendor/github.com/DataDog/datadog-go/v5/statsd/aggregator.go
new file mode 100644
index 000000000..ae4723c42
--- /dev/null
+++ b/vendor/github.com/DataDog/datadog-go/v5/statsd/aggregator.go
@@ -0,0 +1,290 @@
+package statsd
+
+import (
+	"strings"
+	"sync"
+	"sync/atomic"
+	"time"
+)
+
+type (
+	countsMap         map[string]*countMetric
+	gaugesMap         map[string]*gaugeMetric
+	setsMap           map[string]*setMetric
+	bufferedMetricMap map[string]*bufferedMetric
+)
+
+type aggregator struct {
+	nbContextGauge uint64
+	nbContextCount uint64
+	nbContextSet   uint64
+
+	countsM sync.RWMutex
+	gaugesM sync.RWMutex
+	setsM   sync.RWMutex
+
+	gauges        gaugesMap
+	counts        countsMap
+	sets          setsMap
+	histograms    bufferedMetricContexts
+	distributions bufferedMetricContexts
+	timings       bufferedMetricContexts
+
+	closed chan struct{}
+
+	client *Client
+
+	// aggregator implements channelMode mechanism to receive histograms,
+	// distributions and timings. Since they need sampling they need to
+	// lock for random. When using both channelMode and ExtendedAggregation
+	// we don't want goroutine to fight over the lock.
+	inputMetrics    chan metric
+	stopChannelMode chan struct{}
+	wg              sync.WaitGroup
+}
+
+func newAggregator(c *Client) *aggregator {
+	return &aggregator{
+		client:          c,
+		counts:          countsMap{},
+		gauges:          gaugesMap{},
+		sets:            setsMap{},
+		histograms:      newBufferedContexts(newHistogramMetric),
+		distributions:   newBufferedContexts(newDistributionMetric),
+		timings:         newBufferedContexts(newTimingMetric),
+		closed:          make(chan struct{}),
+		stopChannelMode: make(chan struct{}),
+	}
+}
+
+func (a *aggregator) start(flushInterval time.Duration) {
+	ticker := time.NewTicker(flushInterval)
+
+	go func() {
+		for {
+			select {
+			case <-ticker.C:
+				a.flush()
+			case <-a.closed:
+				ticker.Stop()
+				return
+			}
+		}
+	}()
+}
+
+func (a *aggregator) startReceivingMetric(bufferSize int, nbWorkers int) {
+	a.inputMetrics = make(chan metric, bufferSize)
+	for i := 0; i < nbWorkers; i++ {
+		a.wg.Add(1)
+		go a.pullMetric()
+	}
+}
+
+func (a *aggregator) stopReceivingMetric() {
+	close(a.stopChannelMode)
+	a.wg.Wait()
+}
+
+func (a *aggregator) stop() {
+	a.closed <- struct{}{}
+}
+
+func (a *aggregator) pullMetric() {
+	for {
+		select {
+		case m := <-a.inputMetrics:
+			switch m.metricType {
+			case histogram:
+				a.histogram(m.name, m.fvalue, m.tags, m.rate)
+			case distribution:
+				a.distribution(m.name, m.fvalue, m.tags, m.rate)
+			case timing:
+				a.timing(m.name, m.fvalue, m.tags, m.rate)
+			}
+		case <-a.stopChannelMode:
+			a.wg.Done()
+			return
+		}
+	}
+}
+
+func (a *aggregator) flush() {
+	for _, m := range a.flushMetrics() {
+		a.client.sendBlocking(m)
+	}
+}
+
+func (a *aggregator) flushTelemetryMetrics(t *Telemetry) {
+	if a == nil {
+		// aggregation is disabled
+		return
+	}
+
+	t.AggregationNbContextGauge = atomic.LoadUint64(&a.nbContextGauge)
+	t.AggregationNbContextCount = atomic.LoadUint64(&a.nbContextCount)
+	t.AggregationNbContextSet = atomic.LoadUint64(&a.nbContextSet)
+	t.AggregationNbContextHistogram = a.histograms.getNbContext()
+	t.AggregationNbContextDistribution = a.distributions.getNbContext()
+	t.AggregationNbContextTiming = a.timings.getNbContext()
+}
+
+func (a *aggregator) flushMetrics() []metric {
+	metrics := []metric{}
+
+	// We reset the values to avoid sending 'zero' values for metrics not
+	// sampled during this flush interval
+
+	a.setsM.Lock()
+	sets := a.sets
+	a.sets = setsMap{}
+	a.setsM.Unlock()
+
+	for _, s := range sets {
+		metrics = append(metrics, s.flushUnsafe()...)
+	}
+
+	a.gaugesM.Lock()
+	gauges := a.gauges
+	a.gauges = gaugesMap{}
+	a.gaugesM.Unlock()
+
+	for _, g := range gauges {
+		metrics = append(metrics, g.flushUnsafe())
+	}
+
+	a.countsM.Lock()
+	counts := a.counts
+	a.counts = countsMap{}
+	a.countsM.Unlock()
+
+	for _, c := range counts {
+		metrics = append(metrics, c.flushUnsafe())
+	}
+
+	metrics = a.histograms.flush(metrics)
+	metrics = a.distributions.flush(metrics)
+	metrics = a.timings.flush(metrics)
+
+	atomic.AddUint64(&a.nbContextCount, uint64(len(counts)))
+	atomic.AddUint64(&a.nbContextGauge, uint64(len(gauges)))
+	atomic.AddUint64(&a.nbContextSet, uint64(len(sets)))
+	return metrics
+}
+
+func getContext(name string, tags []string) string {
+	c, _ := getContextAndTags(name, tags)
+	return c
+}
+
+func getContextAndTags(name string, tags []string) (string, string) {
+	if len(tags) == 0 {
+		return name + nameSeparatorSymbol, ""
+	}
+	n := len(name) + len(nameSeparatorSymbol) + len(tagSeparatorSymbol)*(len(tags)-1)
+	for _, s := range tags {
+		n += len(s)
+	}
+
+	var sb strings.Builder
+	sb.Grow(n)
+	sb.WriteString(name)
+	sb.WriteString(nameSeparatorSymbol)
+	sb.WriteString(tags[0])
+	for _, s := range tags[1:] {
+		sb.WriteString(tagSeparatorSymbol)
+		sb.WriteString(s)
+	}
+
+	s := sb.String()
+
+	return s, s[len(name)+len(nameSeparatorSymbol):]
+}
+
+func (a *aggregator) count(name string, value int64, tags []string) error {
+	context := getContext(name, tags)
+	a.countsM.RLock()
+	if count, found := a.counts[context]; found {
+		count.sample(value)
+		a.countsM.RUnlock()
+		return nil
+	}
+	a.countsM.RUnlock()
+
+	a.countsM.Lock()
+	// Check if another goroutines hasn't created the value betwen the RUnlock and 'Lock'
+	if count, found := a.counts[context]; found {
+		count.sample(value)
+		a.countsM.Unlock()
+		return nil
+	}
+
+	a.counts[context] = newCountMetric(name, value, tags)
+	a.countsM.Unlock()
+	return nil
+}
+
+func (a *aggregator) gauge(name string, value float64, tags []string) error {
+	context := getContext(name, tags)
+	a.gaugesM.RLock()
+	if gauge, found := a.gauges[context]; found {
+		gauge.sample(value)
+		a.gaugesM.RUnlock()
+		return nil
+	}
+	a.gaugesM.RUnlock()
+
+	gauge := newGaugeMetric(name, value, tags)
+
+	a.gaugesM.Lock()
+	// Check if another goroutines hasn't created the value betwen the 'RUnlock' and 'Lock'
+	if gauge, found := a.gauges[context]; found {
+		gauge.sample(value)
+		a.gaugesM.Unlock()
+		return nil
+	}
+	a.gauges[context] = gauge
+	a.gaugesM.Unlock()
+	return nil
+}
+
+func (a *aggregator) set(name string, value string, tags []string) error {
+	context := getContext(name, tags)
+	a.setsM.RLock()
+	if set, found := a.sets[context]; found {
+		set.sample(value)
+		a.setsM.RUnlock()
+		return nil
+	}
+	a.setsM.RUnlock()
+
+	a.setsM.Lock()
+	// Check if another goroutines hasn't created the value betwen the 'RUnlock' and 'Lock'
+	if set, found := a.sets[context]; found {
+		set.sample(value)
+		a.setsM.Unlock()
+		return nil
+	}
+	a.sets[context] = newSetMetric(name, value, tags)
+	a.setsM.Unlock()
+	return nil
+}
+
+// Only histograms, distributions and timings are sampled with a rate since we
+// only pack them in on message instead of aggregating them. Discarding the
+// sample rate will have impacts on the CPU and memory usage of the Agent.
+
+// type alias for Client.sendToAggregator
+type bufferedMetricSampleFunc func(name string, value float64, tags []string, rate float64) error
+
+func (a *aggregator) histogram(name string, value float64, tags []string, rate float64) error {
+	return a.histograms.sample(name, value, tags, rate)
+}
+
+func (a *aggregator) distribution(name string, value float64, tags []string, rate float64) error {
+	return a.distributions.sample(name, value, tags, rate)
+}
+
+func (a *aggregator) timing(name string, value float64, tags []string, rate float64) error {
+	return a.timings.sample(name, value, tags, rate)
+}
diff --git a/vendor/github.com/DataDog/datadog-go/v5/statsd/buffer.go b/vendor/github.com/DataDog/datadog-go/v5/statsd/buffer.go
new file mode 100644
index 000000000..f7bb8b0aa
--- /dev/null
+++ b/vendor/github.com/DataDog/datadog-go/v5/statsd/buffer.go
@@ -0,0 +1,197 @@
+package statsd
+
+import (
+	"strconv"
+)
+
+// MessageTooLongError is an error returned when a sample, event or service check is too large once serialized. See
+// WithMaxBytesPerPayload option for more details.
+type MessageTooLongError struct{}
+
+func (e MessageTooLongError) Error() string {
+	return "message too long. See 'WithMaxBytesPerPayload' documentation."
+}
+
+var errBufferFull = MessageTooLongError{}
+
+type partialWriteError string
+
+func (e partialWriteError) Error() string { return string(e) }
+
+const errPartialWrite = partialWriteError("value partially written")
+
+const metricOverhead = 512
+
+// statsdBuffer is a buffer containing statsd messages
+// this struct methods are NOT safe for concurent use
+type statsdBuffer struct {
+	buffer       []byte
+	maxSize      int
+	maxElements  int
+	elementCount int
+}
+
+func newStatsdBuffer(maxSize, maxElements int) *statsdBuffer {
+	return &statsdBuffer{
+		buffer:      make([]byte, 0, maxSize+metricOverhead), // pre-allocate the needed size + metricOverhead to avoid having Go re-allocate on it's own if an element does not fit
+		maxSize:     maxSize,
+		maxElements: maxElements,
+	}
+}
+
+func (b *statsdBuffer) writeGauge(namespace string, globalTags []string, name string, value float64, tags []string, rate float64, timestamp int64) error {
+	if b.elementCount >= b.maxElements {
+		return errBufferFull
+	}
+	originalBuffer := b.buffer
+	b.buffer = appendGauge(b.buffer, namespace, globalTags, name, value, tags, rate)
+	b.buffer = appendTimestamp(b.buffer, timestamp)
+	b.writeSeparator()
+	return b.validateNewElement(originalBuffer)
+}
+
+func (b *statsdBuffer) writeCount(namespace string, globalTags []string, name string, value int64, tags []string, rate float64, timestamp int64) error {
+	if b.elementCount >= b.maxElements {
+		return errBufferFull
+	}
+	originalBuffer := b.buffer
+	b.buffer = appendCount(b.buffer, namespace, globalTags, name, value, tags, rate)
+	b.buffer = appendTimestamp(b.buffer, timestamp)
+	b.writeSeparator()
+	return b.validateNewElement(originalBuffer)
+}
+
+func (b *statsdBuffer) writeHistogram(namespace string, globalTags []string, name string, value float64, tags []string, rate float64) error {
+	if b.elementCount >= b.maxElements {
+		return errBufferFull
+	}
+	originalBuffer := b.buffer
+	b.buffer = appendHistogram(b.buffer, namespace, globalTags, name, value, tags, rate)
+	b.writeSeparator()
+	return b.validateNewElement(originalBuffer)
+}
+
+// writeAggregated serialized as many values as possible in the current buffer and return the position in values where it stopped.
+func (b *statsdBuffer) writeAggregated(metricSymbol []byte, namespace string, globalTags []string, name string, values []float64, tags string, tagSize int, precision int) (int, error) {
+	if b.elementCount >= b.maxElements {
+		return 0, errBufferFull
+	}
+
+	originalBuffer := b.buffer
+	b.buffer = appendHeader(b.buffer, namespace, name)
+
+	// buffer already full
+	if len(b.buffer)+tagSize > b.maxSize {
+		b.buffer = originalBuffer
+		return 0, errBufferFull
+	}
+
+	// We add as many value as possible
+	var position int
+	for idx, v := range values {
+		previousBuffer := b.buffer
+		if idx != 0 {
+			b.buffer = append(b.buffer, ':')
+		}
+
+		b.buffer = strconv.AppendFloat(b.buffer, v, 'f', precision, 64)
+
+		// Should we stop serializing and switch to another buffer
+		if len(b.buffer)+tagSize > b.maxSize {
+			b.buffer = previousBuffer
+			break
+		}
+		position = idx + 1
+	}
+
+	// we could not add a single value
+	if position == 0 {
+		b.buffer = originalBuffer
+		return 0, errBufferFull
+	}
+
+	b.buffer = append(b.buffer, '|')
+	b.buffer = append(b.buffer, metricSymbol...)
+	b.buffer = appendTagsAggregated(b.buffer, globalTags, tags)
+	b.buffer = appendContainerID(b.buffer)
+	b.writeSeparator()
+	b.elementCount++
+
+	if position != len(values) {
+		return position, errPartialWrite
+	}
+	return position, nil
+
+}
+
+func (b *statsdBuffer) writeDistribution(namespace string, globalTags []string, name string, value float64, tags []string, rate float64) error {
+	if b.elementCount >= b.maxElements {
+		return errBufferFull
+	}
+	originalBuffer := b.buffer
+	b.buffer = appendDistribution(b.buffer, namespace, globalTags, name, value, tags, rate)
+	b.writeSeparator()
+	return b.validateNewElement(originalBuffer)
+}
+
+func (b *statsdBuffer) writeSet(namespace string, globalTags []string, name string, value string, tags []string, rate float64) error {
+	if b.elementCount >= b.maxElements {
+		return errBufferFull
+	}
+	originalBuffer := b.buffer
+	b.buffer = appendSet(b.buffer, namespace, globalTags, name, value, tags, rate)
+	b.writeSeparator()
+	return b.validateNewElement(originalBuffer)
+}
+
+func (b *statsdBuffer) writeTiming(namespace string, globalTags []string, name string, value float64, tags []string, rate float64) error {
+	if b.elementCount >= b.maxElements {
+		return errBufferFull
+	}
+	originalBuffer := b.buffer
+	b.buffer = appendTiming(b.buffer, namespace, globalTags, name, value, tags, rate)
+	b.writeSeparator()
+	return b.validateNewElement(originalBuffer)
+}
+
+func (b *statsdBuffer) writeEvent(event *Event, globalTags []string) error {
+	if b.elementCount >= b.maxElements {
+		return errBufferFull
+	}
+	originalBuffer := b.buffer
+	b.buffer = appendEvent(b.buffer, event, globalTags)
+	b.writeSeparator()
+	return b.validateNewElement(originalBuffer)
+}
+
+func (b *statsdBuffer) writeServiceCheck(serviceCheck *ServiceCheck, globalTags []string) error {
+	if b.elementCount >= b.maxElements {
+		return errBufferFull
+	}
+	originalBuffer := b.buffer
+	b.buffer = appendServiceCheck(b.buffer, serviceCheck, globalTags)
+	b.writeSeparator()
+	return b.validateNewElement(originalBuffer)
+}
+
+func (b *statsdBuffer) validateNewElement(originalBuffer []byte) error {
+	if len(b.buffer) > b.maxSize {
+		b.buffer = originalBuffer
+		return errBufferFull
+	}
+	b.elementCount++
+	return nil
+}
+
+func (b *statsdBuffer) writeSeparator() {
+	b.buffer = append(b.buffer, '\n')
+}
+
+func (b *statsdBuffer) reset() {
+	b.buffer = b.buffer[:0]
+	b.elementCount = 0
+}
+
+func (b *statsdBuffer) bytes() []byte {
+	return b.buffer
+}
diff --git a/vendor/github.com/DataDog/datadog-go/v5/statsd/buffer_pool.go b/vendor/github.com/DataDog/datadog-go/v5/statsd/buffer_pool.go
new file mode 100644
index 000000000..7a3e3c9d2
--- /dev/null
+++ b/vendor/github.com/DataDog/datadog-go/v5/statsd/buffer_pool.go
@@ -0,0 +1,40 @@
+package statsd
+
+type bufferPool struct {
+	pool              chan *statsdBuffer
+	bufferMaxSize     int
+	bufferMaxElements int
+}
+
+func newBufferPool(poolSize, bufferMaxSize, bufferMaxElements int) *bufferPool {
+	p := &bufferPool{
+		pool:              make(chan *statsdBuffer, poolSize),
+		bufferMaxSize:     bufferMaxSize,
+		bufferMaxElements: bufferMaxElements,
+	}
+	for i := 0; i < poolSize; i++ {
+		p.addNewBuffer()
+	}
+	return p
+}
+
+func (p *bufferPool) addNewBuffer() {
+	p.pool <- newStatsdBuffer(p.bufferMaxSize, p.bufferMaxElements)
+}
+
+func (p *bufferPool) borrowBuffer() *statsdBuffer {
+	select {
+	case b := <-p.pool:
+		return b
+	default:
+		return newStatsdBuffer(p.bufferMaxSize, p.bufferMaxElements)
+	}
+}
+
+func (p *bufferPool) returnBuffer(buffer *statsdBuffer) {
+	buffer.reset()
+	select {
+	case p.pool <- buffer:
+	default:
+	}
+}
diff --git a/vendor/github.com/DataDog/datadog-go/v5/statsd/buffered_metric_context.go b/vendor/github.com/DataDog/datadog-go/v5/statsd/buffered_metric_context.go
new file mode 100644
index 000000000..41404d98e
--- /dev/null
+++ b/vendor/github.com/DataDog/datadog-go/v5/statsd/buffered_metric_context.go
@@ -0,0 +1,82 @@
+package statsd
+
+import (
+	"math/rand"
+	"sync"
+	"sync/atomic"
+	"time"
+)
+
+// bufferedMetricContexts represent the contexts for Histograms, Distributions
+// and Timing. Since those 3 metric types behave the same way and are sampled
+// with the same type they're represented by the same class.
+type bufferedMetricContexts struct {
+	nbContext uint64
+	mutex     sync.RWMutex
+	values    bufferedMetricMap
+	newMetric func(string, float64, string) *bufferedMetric
+
+	// Each bufferedMetricContexts uses its own random source and random
+	// lock to prevent goroutines from contending for the lock on the
+	// "math/rand" package-global random source (e.g. calls like
+	// "rand.Float64()" must acquire a shared lock to get the next
+	// pseudorandom number).
+	random     *rand.Rand
+	randomLock sync.Mutex
+}
+
+func newBufferedContexts(newMetric func(string, float64, string) *bufferedMetric) bufferedMetricContexts {
+	return bufferedMetricContexts{
+		values:    bufferedMetricMap{},
+		newMetric: newMetric,
+		// Note that calling "time.Now().UnixNano()" repeatedly quickly may return
+		// very similar values. That's fine for seeding the worker-specific random
+		// source because we just need an evenly distributed stream of float values.
+		// Do not use this random source for cryptographic randomness.
+		random: rand.New(rand.NewSource(time.Now().UnixNano())),
+	}
+}
+
+func (bc *bufferedMetricContexts) flush(metrics []metric) []metric {
+	bc.mutex.Lock()
+	values := bc.values
+	bc.values = bufferedMetricMap{}
+	bc.mutex.Unlock()
+
+	for _, d := range values {
+		metrics = append(metrics, d.flushUnsafe())
+	}
+	atomic.AddUint64(&bc.nbContext, uint64(len(values)))
+	return metrics
+}
+
+func (bc *bufferedMetricContexts) sample(name string, value float64, tags []string, rate float64) error {
+	if !shouldSample(rate, bc.random, &bc.randomLock) {
+		return nil
+	}
+
+	context, stringTags := getContextAndTags(name, tags)
+
+	bc.mutex.RLock()
+	if v, found := bc.values[context]; found {
+		v.sample(value)
+		bc.mutex.RUnlock()
+		return nil
+	}
+	bc.mutex.RUnlock()
+
+	bc.mutex.Lock()
+	// Check if another goroutines hasn't created the value betwen the 'RUnlock' and 'Lock'
+	if v, found := bc.values[context]; found {
+		v.sample(value)
+		bc.mutex.Unlock()
+		return nil
+	}
+	bc.values[context] = bc.newMetric(name, value, stringTags)
+	bc.mutex.Unlock()
+	return nil
+}
+
+func (bc *bufferedMetricContexts) getNbContext() uint64 {
+	return atomic.LoadUint64(&bc.nbContext)
+}
diff --git a/vendor/github.com/DataDog/datadog-go/v5/statsd/container.go b/vendor/github.com/DataDog/datadog-go/v5/statsd/container.go
new file mode 100644
index 000000000..b2331e829
--- /dev/null
+++ b/vendor/github.com/DataDog/datadog-go/v5/statsd/container.go
@@ -0,0 +1,82 @@
+package statsd
+
+import (
+	"bufio"
+	"fmt"
+	"io"
+	"os"
+	"regexp"
+	"sync"
+)
+
+const (
+	// cgroupPath is the path to the cgroup file where we can find the container id if one exists.
+	cgroupPath = "/proc/self/cgroup"
+)
+
+const (
+	uuidSource      = "[0-9a-f]{8}[-_][0-9a-f]{4}[-_][0-9a-f]{4}[-_][0-9a-f]{4}[-_][0-9a-f]{12}"
+	containerSource = "[0-9a-f]{64}"
+	taskSource      = "[0-9a-f]{32}-\\d+"
+)
+
+var (
+	// expLine matches a line in the /proc/self/cgroup file. It has a submatch for the last element (path), which contains the container ID.
+	expLine = regexp.MustCompile(`^\d+:[^:]*:(.+)$`)
+
+	// expContainerID matches contained IDs and sources. Source: https://github.com/Qard/container-info/blob/master/index.js
+	expContainerID = regexp.MustCompile(fmt.Sprintf(`(%s|%s|%s)(?:.scope)?$`, uuidSource, containerSource, taskSource))
+
+	// containerID holds the container ID.
+	containerID = ""
+)
+
+// parseContainerID finds the first container ID reading from r and returns it.
+func parseContainerID(r io.Reader) string {
+	scn := bufio.NewScanner(r)
+	for scn.Scan() {
+		path := expLine.FindStringSubmatch(scn.Text())
+		if len(path) != 2 {
+			// invalid entry, continue
+			continue
+		}
+		if parts := expContainerID.FindStringSubmatch(path[1]); len(parts) == 2 {
+			return parts[1]
+		}
+	}
+	return ""
+}
+
+// readContainerID attempts to return the container ID from the provided file path or empty on failure.
+func readContainerID(fpath string) string {
+	f, err := os.Open(fpath)
+	if err != nil {
+		return ""
+	}
+	defer f.Close()
+	return parseContainerID(f)
+}
+
+// getContainerID returns the container ID configured at the client creation
+// It can either be auto-discovered with origin detection or provided by the user.
+// User-defined container ID is prioritized.
+func getContainerID() string {
+	return containerID
+}
+
+var initOnce sync.Once
+
+// initContainerID initializes the container ID.
+// It can either be provided by the user or read from cgroups.
+func initContainerID(userProvidedID string, cgroupFallback bool) {
+	initOnce.Do(func() {
+		if userProvidedID != "" {
+			containerID = userProvidedID
+			return
+		}
+
+		if cgroupFallback {
+			containerID = readContainerID(cgroupPath)
+		}
+	})
+}
diff --git a/vendor/github.com/DataDog/datadog-go/v5/statsd/event.go b/vendor/github.com/DataDog/datadog-go/v5/statsd/event.go
new file mode 100644
index 000000000..a2ca4faf7
--- /dev/null
+++ b/vendor/github.com/DataDog/datadog-go/v5/statsd/event.go
@@ -0,0 +1,75 @@
+package statsd
+
+import (
+	"fmt"
+	"time"
+)
+
+// Events support
+// EventAlertType and EventAlertPriority became exported types after this issue was submitted: https://github.com/DataDog/datadog-go/issues/41
+// The reason why they got exported is so that client code can directly use the types.
+
+// EventAlertType is the alert type for events
+type EventAlertType string
+
+const (
+	// Info is the "info" AlertType for events
+	Info EventAlertType = "info"
+	// Error is the "error" AlertType for events
+	Error EventAlertType = "error"
+	// Warning is the "warning" AlertType for events
+	Warning EventAlertType = "warning"
+	// Success is the "success" AlertType for events
+	Success EventAlertType = "success"
+)
+
+// EventPriority is the event priority for events
+type EventPriority string
+
+const (
+	// Normal is the "normal" Priority for events
+	Normal EventPriority = "normal"
+	// Low is the "low" Priority for events
+	Low EventPriority = "low"
+)
+
+// An Event is an object that can be posted to your DataDog event stream.
+type Event struct {
+	// Title of the event.  Required.
+	Title string
+	// Text is the description of the event.
+	Text string
+	// Timestamp is a timestamp for the event.  If not provided, the dogstatsd
+	// server will set this to the current time.
+	Timestamp time.Time
+	// Hostname for the event.
+	Hostname string
+	// AggregationKey groups this event with others of the same key.
+	AggregationKey string
+	// Priority of the event.  Can be statsd.Low or statsd.Normal.
+	Priority EventPriority
+	// SourceTypeName is a source type for the event.
+	SourceTypeName string
+	// AlertType can be statsd.Info, statsd.Error, statsd.Warning, or statsd.Success.
+	// If absent, the default value applied by the dogstatsd server is Info.
+	AlertType EventAlertType
+	// Tags for the event.
+	Tags []string
+}
+
+// NewEvent creates a new event with the given title and text.  Error checking
+// against these values is done at send-time, or upon running e.Check.
+func NewEvent(title, text string) *Event {
+	return &Event{
+		Title: title,
+		Text:  text,
+	}
+}
+
+// Check verifies that an event is valid.
+func (e *Event) Check() error {
+	if len(e.Title) == 0 {
+		return fmt.Errorf("statsd.Event title is required")
+	}
+	return nil
+}
diff --git a/vendor/github.com/DataDog/datadog-go/v5/statsd/fnv1a.go b/vendor/github.com/DataDog/datadog-go/v5/statsd/fnv1a.go
new file mode 100644
index 000000000..03dc8a07c
--- /dev/null
+++ b/vendor/github.com/DataDog/datadog-go/v5/statsd/fnv1a.go
@@ -0,0 +1,39 @@
+package statsd
+
+const (
+	// FNV-1a
+	offset32 = uint32(2166136261)
+	prime32  = uint32(16777619)
+
+	// init32 is what 32 bits hash values should be initialized with.
+	init32 = offset32
+)
+
+// HashString32 returns the hash of s.
+func hashString32(s string) uint32 {
+	return addString32(init32, s)
+}
+
+// AddString32 adds the hash of s to the precomputed hash value h.
+func addString32(h uint32, s string) uint32 {
+	i := 0
+	n := (len(s) / 8) * 8
+
+	for i != n {
+		h = (h ^ uint32(s[i])) * prime32
+		h = (h ^ uint32(s[i+1])) * prime32
+		h = (h ^ uint32(s[i+2])) * prime32
+		h = (h ^ uint32(s[i+3])) * prime32
+		h = (h ^ uint32(s[i+4])) * prime32
+		h = (h ^ uint32(s[i+5])) * prime32
+		h = (h ^ uint32(s[i+6])) * prime32
+		h = (h ^ uint32(s[i+7])) * prime32
+		i += 8
+	}
+
+	for _, c := range s[i:] {
+		h = (h ^ uint32(c)) * prime32
+	}
+
+	return h
+}
diff --git a/vendor/github.com/DataDog/datadog-go/v5/statsd/format.go b/vendor/github.com/DataDog/datadog-go/v5/statsd/format.go
new file mode 100644
index 000000000..f3ab9231f
--- /dev/null
+++ b/vendor/github.com/DataDog/datadog-go/v5/statsd/format.go
@@ -0,0 +1,280 @@
+package statsd
+
+import (
+	"strconv"
+	"strings"
+)
+
+var (
+	gaugeSymbol         = []byte("g")
+	countSymbol         = []byte("c")
+	histogramSymbol     = []byte("h")
+	distributionSymbol  = []byte("d")
+	setSymbol           = []byte("s")
+	timingSymbol        = []byte("ms")
+	tagSeparatorSymbol  = ","
+	nameSeparatorSymbol = ":"
+)
+
+func appendHeader(buffer []byte, namespace string, name string) []byte {
+	if namespace != "" {
+		buffer = append(buffer, namespace...)
+	}
+	buffer = append(buffer, name...)
+	buffer = append(buffer, ':')
+	return buffer
+}
+
+func appendRate(buffer []byte, rate float64) []byte {
+	if rate < 1 {
+		buffer = append(buffer, "|@"...)
+		buffer = strconv.AppendFloat(buffer, rate, 'f', -1, 64)
+	}
+	return buffer
+}
+
+func appendWithoutNewlines(buffer []byte, s string) []byte {
+	// fastpath for strings without newlines
+	if strings.IndexByte(s, '\n') == -1 {
+		return append(buffer, s...)
+	}
+
+	for _, b := range []byte(s) {
+		if b != '\n' {
+			buffer = append(buffer, b)
+		}
+	}
+	return buffer
+}
+
+func appendTags(buffer []byte, globalTags []string, tags []string) []byte {
+	if len(globalTags) == 0 && len(tags) == 0 {
+		return buffer
+	}
+	buffer = append(buffer, "|#"...)
+	firstTag := true
+
+	for _, tag := range globalTags {
+		if !firstTag {
+			buffer = append(buffer, tagSeparatorSymbol...)
+		}
+		buffer = appendWithoutNewlines(buffer, tag)
+		firstTag = false
+	}
+	for _, tag := range tags {
+		if !firstTag {
+			buffer = append(buffer, tagSeparatorSymbol...)
+		}
+		buffer = appendWithoutNewlines(buffer, tag)
+		firstTag = false
+	}
+	return buffer
+}
+
+func appendTagsAggregated(buffer []byte, globalTags []string, tags string) []byte {
+	if len(globalTags) == 0 && tags == "" {
+		return buffer
+	}
+
+	buffer = append(buffer, "|#"...)
+	firstTag := true
+
+	for _, tag := range globalTags {
+		if !firstTag {
+			buffer = append(buffer, tagSeparatorSymbol...)
+		}
+		buffer = appendWithoutNewlines(buffer, tag)
+		firstTag = false
+	}
+	if tags != "" {
+		if !firstTag {
+			buffer = append(buffer, tagSeparatorSymbol...)
+		}
+		buffer = appendWithoutNewlines(buffer, tags)
+	}
+	return buffer
+}
+
+func appendFloatMetric(buffer []byte, typeSymbol []byte, namespace string, globalTags []string, name string, value float64, tags []string, rate float64, precision int) []byte {
+	buffer = appendHeader(buffer, namespace, name)
+	buffer = strconv.AppendFloat(buffer, value, 'f', precision, 64)
+	buffer = append(buffer, '|')
+	buffer = append(buffer, typeSymbol...)
+	buffer = appendRate(buffer, rate)
+	buffer = appendTags(buffer, globalTags, tags)
+	buffer = appendContainerID(buffer)
+	return buffer
+}
+
+func appendIntegerMetric(buffer []byte, typeSymbol []byte, namespace string, globalTags []string, name string, value int64, tags []string, rate float64) []byte {
+	buffer = appendHeader(buffer, namespace, name)
+	buffer = strconv.AppendInt(buffer, value, 10)
+	buffer = append(buffer, '|')
+	buffer = append(buffer, typeSymbol...)
+	buffer = appendRate(buffer, rate)
+	buffer = appendTags(buffer, globalTags, tags)
+	buffer = appendContainerID(buffer)
+	return buffer
+}
+
+func appendStringMetric(buffer []byte, typeSymbol []byte, namespace string, globalTags []string, name string, value string, tags []string, rate float64) []byte {
+	buffer = appendHeader(buffer, namespace, name)
+	buffer = append(buffer, value...)
+	buffer = append(buffer, '|')
+	buffer = append(buffer, typeSymbol...)
+	buffer = appendRate(buffer, rate)
+	buffer = appendTags(buffer, globalTags, tags)
+	buffer = appendContainerID(buffer)
+	return buffer
+}
+
+func appendGauge(buffer []byte, namespace string, globalTags []string, name string, value float64, tags []string, rate float64) []byte {
+	return appendFloatMetric(buffer, gaugeSymbol, namespace, globalTags, name, value, tags, rate, -1)
+}
+
+func appendCount(buffer []byte, namespace string, globalTags []string, name string, value int64, tags []string, rate float64) []byte {
+	return appendIntegerMetric(buffer, countSymbol, namespace, globalTags, name, value, tags, rate)
+}
+
+func appendHistogram(buffer []byte, namespace string, globalTags []string, name string, value float64, tags []string, rate float64) []byte {
+	return appendFloatMetric(buffer, histogramSymbol, namespace, globalTags, name, value, tags, rate, -1)
+}
+
+func appendDistribution(buffer []byte, namespace string, globalTags []string, name string, value float64, tags []string, rate float64) []byte {
+	return appendFloatMetric(buffer, distributionSymbol, namespace, globalTags, name, value, tags, rate, -1)
+}
+
+func appendSet(buffer []byte, namespace string, globalTags []string, name string, value string, tags []string, rate float64) []byte {
+	return appendStringMetric(buffer, setSymbol, namespace, globalTags, name, value, tags, rate)
+}
+
+func appendTiming(buffer []byte, namespace string, globalTags []string, name string, value float64, tags []string, rate float64) []byte {
+	return appendFloatMetric(buffer, timingSymbol, namespace, globalTags, name, value, tags, rate, 6)
+}
+
+func escapedEventTextLen(text string) int {
+	return len(text) + strings.Count(text, "\n")
+}
+
+func appendEscapedEventText(buffer []byte, text string) []byte {
+	for _, b := range []byte(text) {
+		if b != '\n' {
+			buffer = append(buffer, b)
+		} else {
+			buffer = append(buffer, "\\n"...)
+		}
+	}
+	return buffer
+}
+
+func appendEvent(buffer []byte, event *Event, globalTags []string) []byte {
+	escapedTextLen := escapedEventTextLen(event.Text)
+
+	buffer = append(buffer, "_e{"...)
+	buffer = strconv.AppendInt(buffer, int64(len(event.Title)), 10)
+	buffer = append(buffer, tagSeparatorSymbol...)
+	buffer = strconv.AppendInt(buffer, int64(escapedTextLen), 10)
+	buffer = append(buffer, "}:"...)
+	buffer = append(buffer, event.Title...)
+	buffer = append(buffer, '|')
+	if escapedTextLen != len(event.Text) {
+		buffer = appendEscapedEventText(buffer, event.Text)
+	} else {
+		buffer = append(buffer, event.Text...)
+	}
+
+	if !event.Timestamp.IsZero() {
+		buffer = append(buffer, "|d:"...)
+		buffer = strconv.AppendInt(buffer, int64(event.Timestamp.Unix()), 10)
+	}
+
+	if len(event.Hostname) != 0 {
+		buffer = append(buffer, "|h:"...)
+		buffer = append(buffer, event.Hostname...)
+	}
+
+	if len(event.AggregationKey) != 0 {
+		buffer = append(buffer, "|k:"...)
+		buffer = append(buffer, event.AggregationKey...)
+	}
+
+	if len(event.Priority) != 0 {
+		buffer = append(buffer, "|p:"...)
+		buffer = append(buffer, event.Priority...)
+	}
+
+	if len(event.SourceTypeName) != 0 {
+		buffer = append(buffer, "|s:"...)
+		buffer = append(buffer, event.SourceTypeName...)
+	}
+
+	if len(event.AlertType) != 0 {
+		buffer = append(buffer, "|t:"...)
+		buffer = append(buffer, string(event.AlertType)...)
+	}
+
+	buffer = appendTags(buffer, globalTags, event.Tags)
+	buffer = appendContainerID(buffer)
+	return buffer
+}
+
+func appendEscapedServiceCheckText(buffer []byte, text string) []byte {
+	for i := 0; i < len(text); i++ {
+		if text[i] == '\n' {
+			buffer = append(buffer, "\\n"...)
+		} else if text[i] == 'm' && i+1 < len(text) && text[i+1] == ':' {
+			buffer = append(buffer, "m\\:"...)
+			i++
+		} else {
+			buffer = append(buffer, text[i])
+		}
+	}
+	return buffer
+}
+
+func appendServiceCheck(buffer []byte, serviceCheck *ServiceCheck, globalTags []string) []byte {
+	buffer = append(buffer, "_sc|"...)
+	buffer = append(buffer, serviceCheck.Name...)
+	buffer = append(buffer, '|')
+	buffer = strconv.AppendInt(buffer, int64(serviceCheck.Status), 10)
+
+	if !serviceCheck.Timestamp.IsZero() {
+		buffer = append(buffer, "|d:"...)
+		buffer = strconv.AppendInt(buffer, int64(serviceCheck.Timestamp.Unix()), 10)
+	}
+
+	if len(serviceCheck.Hostname) != 0 {
+		buffer = append(buffer, "|h:"...)
+		buffer = append(buffer, serviceCheck.Hostname...)
+	}
+
+	buffer = appendTags(buffer, globalTags, serviceCheck.Tags)
+
+	if len(serviceCheck.Message) != 0 {
+		buffer = append(buffer, "|m:"...)
+		buffer = appendEscapedServiceCheckText(buffer, serviceCheck.Message)
+	}
+
+	buffer = appendContainerID(buffer)
+	return buffer
+}
+
+func appendSeparator(buffer []byte) []byte {
+	return append(buffer, '\n')
+}
+
+func appendContainerID(buffer []byte) []byte {
+	if containerID := getContainerID(); len(containerID) > 0 {
+		buffer = append(buffer, "|c:"...)
+		buffer = append(buffer, containerID...)
+	}
+	return buffer
+}
+
+func appendTimestamp(buffer []byte, timestamp int64) []byte {
+	if timestamp > noTimestamp {
+		buffer = append(buffer, "|T"...)
+		buffer = strconv.AppendInt(buffer, timestamp, 10)
+	}
+	return buffer
+}
diff --git a/vendor/github.com/DataDog/datadog-go/v5/statsd/metrics.go b/vendor/github.com/DataDog/datadog-go/v5/statsd/metrics.go
new file mode 100644
index 000000000..82f11ac18
--- /dev/null
+++ b/vendor/github.com/DataDog/datadog-go/v5/statsd/metrics.go
@@ -0,0 +1,181 @@
+package statsd
+
+import (
+	"math"
+	"sync"
+	"sync/atomic"
+)
+
+/*
+Those are metrics type that can be aggregated on the client side:
+  - Gauge
+  - Count
+  - Set
+*/
+
+type countMetric struct {
+	value int64
+	name  string
+	tags  []string
+}
+
+func newCountMetric(name string, value int64, tags []string) *countMetric {
+	return &countMetric{
+		value: value,
+		name:  name,
+		tags:  copySlice(tags),
+	}
+}
+
+func (c *countMetric) sample(v int64) {
+	atomic.AddInt64(&c.value, v)
+}
+
+func (c *countMetric) flushUnsafe() metric {
+	return metric{
+		metricType: count,
+		name:       c.name,
+		tags:       c.tags,
+		rate:       1,
+		ivalue:     c.value,
+	}
+}
+
+// Gauge
+
+type gaugeMetric struct {
+	value uint64
+	name  string
+	tags  []string
+}
+
+func newGaugeMetric(name string, value float64, tags []string) *gaugeMetric {
+	return &gaugeMetric{
+		value: math.Float64bits(value),
+		name:  name,
+		tags:  copySlice(tags),
+	}
+}
+
+func (g *gaugeMetric) sample(v float64) {
+	atomic.StoreUint64(&g.value, math.Float64bits(v))
+}
+
+func (g *gaugeMetric) flushUnsafe() metric {
+	return metric{
+		metricType: gauge,
+		name:       g.name,
+		tags:       g.tags,
+		rate:       1,
+		fvalue:     math.Float64frombits(g.value),
+	}
+}
+
+// Set
+
+type setMetric struct {
+	data map[string]struct{}
+	name string
+	tags []string
+	sync.Mutex
+}
+
+func newSetMetric(name string, value string, tags []string) *setMetric {
+	set := &setMetric{
+		data: map[string]struct{}{},
+		name: name,
+		tags: copySlice(tags),
+	}
+	set.data[value] = struct{}{}
+	return set
+}
+
+func (s *setMetric) sample(v string) {
+	s.Lock()
+	defer s.Unlock()
+	s.data[v] = struct{}{}
+}
+
+// Sets are aggregated on the agent side too. We flush the keys so a set from
+// multiple application can be correctly aggregated on the agent side.
+func (s *setMetric) flushUnsafe() []metric {
+	if len(s.data) == 0 {
+		return nil
+	}
+
+	metrics := make([]metric, len(s.data))
+	i := 0
+	for value := range s.data {
+		metrics[i] = metric{
+			metricType: set,
+			name:       s.name,
+			tags:       s.tags,
+			rate:       1,
+			svalue:     value,
+		}
+		i++
+	}
+	return metrics
+}
+
+// Histograms, Distributions and Timings
+
+type bufferedMetric struct {
+	sync.Mutex
+
+	data []float64
+	name string
+	// Histograms and Distributions store tags as one string since we need
+	// to compute its size multiple time when serializing.
+	tags  string
+	mtype metricType
+}
+
+func (s *bufferedMetric) sample(v float64) {
+	s.Lock()
+	defer s.Unlock()
+	s.data = append(s.data, v)
+}
+
+func (s *bufferedMetric) flushUnsafe() metric {
+	return metric{
+		metricType: s.mtype,
+		name:       s.name,
+		stags:      s.tags,
+		rate:       1,
+		fvalues:    s.data,
+	}
+}
+
+type histogramMetric = bufferedMetric
+
+func newHistogramMetric(name string, value float64, stringTags string) *histogramMetric {
+	return &histogramMetric{
+		data:  []float64{value},
+		name:  name,
+		tags:  stringTags,
+		mtype: histogramAggregated,
+	}
+}
+
+type distributionMetric = bufferedMetric
+
+func newDistributionMetric(name string, value float64, stringTags string) *distributionMetric {
+	return &distributionMetric{
+		data:  []float64{value},
+		name:  name,
+		tags:  stringTags,
+		mtype: distributionAggregated,
+	}
+}
+
+type timingMetric = bufferedMetric
+
+func newTimingMetric(name string, value float64, stringTags string) *timingMetric {
+	return &timingMetric{
+		data:  []float64{value},
+		name:  name,
+		tags:  stringTags,
+		mtype: timingAggregated,
+	}
+}
diff --git a/vendor/github.com/DataDog/datadog-go/v5/statsd/noop.go b/vendor/github.com/DataDog/datadog-go/v5/statsd/noop.go
new file mode 100644
index 000000000..e92744f40
--- /dev/null
+++ b/vendor/github.com/DataDog/datadog-go/v5/statsd/noop.go
@@ -0,0 +1,106 @@
+package statsd
+
+import "time"
+
+// NoOpClient is a statsd client that does nothing. Can be useful in testing
+// situations for library users.
+type NoOpClient struct{}
+
+// Gauge does nothing and returns nil
+func (n *NoOpClient) Gauge(name string, value float64, tags []string, rate float64) error {
+	return nil
+}
+
+// GaugeWithTimestamp does nothing and returns nil
+func (n *NoOpClient) GaugeWithTimestamp(name string, value float64, tags []string, rate float64, timestamp time.Time) error {
+	return nil
+}
+
+// Count does nothing and returns nil
+func (n *NoOpClient) Count(name string, value int64, tags []string, rate float64) error {
+	return nil
+}
+
+// CountWithTimestamp does nothing and returns nil
+func (n *NoOpClient) CountWithTimestamp(name string, value int64, tags []string, rate float64, timestamp time.Time) error {
+	return nil
+}
+
+// Histogram does nothing and returns nil
+func (n *NoOpClient) Histogram(name string, value float64, tags []string, rate float64) error {
+	return nil
+}
+
+// Distribution does nothing and returns nil
+func (n *NoOpClient) Distribution(name string, value float64, tags []string, rate float64) error {
+	return nil
+}
+
+// Decr does nothing and returns nil
+func (n *NoOpClient) Decr(name string, tags []string, rate float64) error {
+	return nil
+}
+
+// Incr does nothing and returns nil
+func (n *NoOpClient) Incr(name string, tags []string, rate float64) error {
+	return nil
+}
+
+// Set does nothing and returns nil
+func (n *NoOpClient) Set(name string, value string, tags []string, rate float64) error {
+	return nil
+}
+
+// Timing does nothing and returns nil
+func (n *NoOpClient) Timing(name string, value time.Duration, tags []string, rate float64) error {
+	return nil
+}
+
+// TimeInMilliseconds does nothing and returns nil
+func (n *NoOpClient) TimeInMilliseconds(name string, value float64, tags []string, rate float64) error {
+	return nil
+}
+
+// Event does nothing and returns nil
+func (n *NoOpClient) Event(e *Event) error {
+	return nil
+}
+
+// SimpleEvent does nothing and returns nil
+func (n *NoOpClient) SimpleEvent(title, text string) error {
+	return nil
+}
+
+// ServiceCheck does nothing and returns nil
+func (n *NoOpClient) ServiceCheck(sc *ServiceCheck) error {
+	return nil
+}
+
+// SimpleServiceCheck does nothing and returns nil
+func (n *NoOpClient) SimpleServiceCheck(name string, status ServiceCheckStatus) error {
+	return nil
+}
+
+// Close does nothing and returns nil
+func (n *NoOpClient) Close() error {
+	return nil
+}
+
+// Flush does nothing and returns nil
+func (n *NoOpClient) Flush() error {
+	return nil
+}
+
+// IsClosed does nothing and return false
+func (n *NoOpClient) IsClosed() bool {
+	return false
+}
+
+// GetTelemetry does nothing and returns an empty Telemetry
+func (n *NoOpClient) GetTelemetry() Telemetry {
+	return Telemetry{}
+}
+
+// Verify that NoOpClient implements the ClientInterface.
+// https://golang.org/doc/faq#guarantee_satisfies_interface
+var _ ClientInterface = &NoOpClient{}
diff --git a/vendor/github.com/DataDog/datadog-go/v5/statsd/options.go b/vendor/github.com/DataDog/datadog-go/v5/statsd/options.go
new file mode 100644
index 000000000..0728a976b
--- /dev/null
+++ b/vendor/github.com/DataDog/datadog-go/v5/statsd/options.go
@@ -0,0 +1,348 @@
+package statsd
+
+import (
+	"fmt"
+	"math"
+	"strings"
+	"time"
+)
+
+var (
+	defaultNamespace                = ""
+	defaultTags                     = []string{}
+	defaultMaxBytesPerPayload       = 0
+	defaultMaxMessagesPerPayload    = math.MaxInt32
+	defaultBufferPoolSize           = 0
+	defaultBufferFlushInterval      = 100 * time.Millisecond
+	defaultWorkerCount              = 32
+	defaultSenderQueueSize          = 0
+	defaultWriteTimeout             = 100 * time.Millisecond
+	defaultTelemetry                = true
+	defaultReceivingMode            = mutexMode
+	defaultChannelModeBufferSize    = 4096
+	defaultAggregationFlushInterval = 2 * time.Second
+	defaultAggregation              = true
+	defaultExtendedAggregation      = false
+	defaultOriginDetection          = true
+)
+
+// Options contains the configuration options for a client.
+type Options struct {
+	namespace                string
+	tags                     []string
+	maxBytesPerPayload       int
+	maxMessagesPerPayload    int
+	bufferPoolSize           int
+	bufferFlushInterval      time.Duration
+	workersCount             int
+	senderQueueSize          int
+	writeTimeout             time.Duration
+	telemetry                bool
+	receiveMode              receivingMode
+	channelModeBufferSize    int
+	aggregationFlushInterval time.Duration
+	aggregation              bool
+	extendedAggregation      bool
+	telemetryAddr            string
+	originDetection          bool
+	containerID              string
+}
+
+func resolveOptions(options []Option) (*Options, error) {
+	o := &Options{
+		namespace:                defaultNamespace,
+		tags:                     defaultTags,
+		maxBytesPerPayload:       defaultMaxBytesPerPayload,
+		maxMessagesPerPayload:    defaultMaxMessagesPerPayload,
+		bufferPoolSize:           defaultBufferPoolSize,
+		bufferFlushInterval:      defaultBufferFlushInterval,
+		workersCount:             defaultWorkerCount,
+		senderQueueSize:          defaultSenderQueueSize,
+		writeTimeout:             defaultWriteTimeout,
+		telemetry:                defaultTelemetry,
+		receiveMode:              defaultReceivingMode,
+		channelModeBufferSize:    defaultChannelModeBufferSize,
+		aggregationFlushInterval: defaultAggregationFlushInterval,
+		aggregation:              defaultAggregation,
+		extendedAggregation:      defaultExtendedAggregation,
+		originDetection:          defaultOriginDetection,
+	}
+
+	for _, option := range options {
+		err := option(o)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	return o, nil
+}
+
+// Option is a client option. Can return an error if validation fails.
+type Option func(*Options) error
+
+// WithNamespace sets a string to be prepend to all metrics, events and service checks name.
+//
+// A '.' will automatically be added after the namespace if needed. For example a metrics 'test' with a namespace 'prod'
+// will produce a final metric named 'prod.test'.
+func WithNamespace(namespace string) Option {
+	return func(o *Options) error {
+		if strings.HasSuffix(namespace, ".") {
+			o.namespace = namespace
+		} else {
+			o.namespace = namespace + "."
+		}
+		return nil
+	}
+}
+
+// WithTags sets global tags to be applied to every metrics, events and service checks.
+func WithTags(tags []string) Option {
+	return func(o *Options) error {
+		o.tags = tags
+		return nil
+	}
+}
+
+// WithMaxMessagesPerPayload sets the maximum number of metrics, events and/or service checks that a single payload can
+// contain.
+//
+// The default is 'math.MaxInt32' which will most likely let the WithMaxBytesPerPayload option take precedence. This
+// option can be set to `1` to create an unbuffered client (each metrics/event/service check will be send in its own
+// payload to the agent).
+func WithMaxMessagesPerPayload(maxMessagesPerPayload int) Option {
+	return func(o *Options) error {
+		o.maxMessagesPerPayload = maxMessagesPerPayload
+		return nil
+	}
+}
+
+// WithMaxBytesPerPayload sets the maximum number of bytes a single payload can contain. Each sample, even and service
+// check must be lower than this value once serialized or an `MessageTooLongError` is returned.
+//
+// The default value 0 which will set the option to the optimal size for the transport protocol used: 1432 for UDP and
+// named pipe and 8192 for UDS. Those values offer the best performances.
+// Be careful when changing this option, see
+// https://docs.datadoghq.com/developers/dogstatsd/high_throughput/#ensure-proper-packet-sizes.
+func WithMaxBytesPerPayload(MaxBytesPerPayload int) Option {
+	return func(o *Options) error {
+		o.maxBytesPerPayload = MaxBytesPerPayload
+		return nil
+	}
+}
+
+// WithBufferPoolSize sets the size of the pool of buffers used to serialized metrics, events and service_checks.
+//
+// The default, 0, will set the option to the optimal size for the transport protocol used: 2048 for UDP and named pipe
+// and 512 for UDS.
+func WithBufferPoolSize(bufferPoolSize int) Option {
+	return func(o *Options) error {
+		o.bufferPoolSize = bufferPoolSize
+		return nil
+	}
+}
+
+// WithBufferFlushInterval sets the interval after which the current buffer is flushed.
+//
+// A buffers are used to serialized data, they're flushed either when full (see WithMaxBytesPerPayload) or when it's
+// been open for longer than this interval.
+//
+// With apps sending a high number of metrics/events/service_checks the interval rarely timeout. But with slow sending
+// apps increasing this value will reduce the number of payload sent on the wire as more data is serialized in the same
+// payload.
+//
+// Default is 100ms
+func WithBufferFlushInterval(bufferFlushInterval time.Duration) Option {
+	return func(o *Options) error {
+		o.bufferFlushInterval = bufferFlushInterval
+		return nil
+	}
+}
+
+// WithWorkersCount sets the number of workers that will be used to serialized data.
+//
+// Those workers allow the use of multiple buffers at the same time (see WithBufferPoolSize) to reduce lock contention.
+//
+// Default is 32.
+func WithWorkersCount(workersCount int) Option {
+	return func(o *Options) error {
+		if workersCount < 1 {
+			return fmt.Errorf("workersCount must be a positive integer")
+		}
+		o.workersCount = workersCount
+		return nil
+	}
+}
+
+// WithSenderQueueSize sets the size of the sender queue in number of buffers.
+//
+// After data has been serialized in a buffer they're pushed to a queue that the sender will consume and then each one
+// ot the agent.
+//
+// The default value 0 will set the option to the optimal size for the transport protocol used: 2048 for UDP and named
+// pipe and 512 for UDS.
+func WithSenderQueueSize(senderQueueSize int) Option {
+	return func(o *Options) error {
+		o.senderQueueSize = senderQueueSize
+		return nil
+	}
+}
+
+// WithWriteTimeout sets the timeout for network communication with the Agent, after this interval a payload is
+// dropped. This is only used for UDS and named pipes connection.
+func WithWriteTimeout(writeTimeout time.Duration) Option {
+	return func(o *Options) error {
+		o.writeTimeout = writeTimeout
+		return nil
+	}
+}
+
+// WithChannelMode make the client use channels to receive metrics
+//
+// This determines how the client receive metrics from the app (for example when calling the `Gauge()` method).
+// The client will either drop the metrics if its buffers are full (WithChannelMode option) or block the caller until the
+// metric can be handled (WithMutexMode option). By default the client use mutexes.
+//
+// WithChannelMode uses a channel (see WithChannelModeBufferSize to configure its size) to receive metrics and drops metrics if
+// the channel is full. Sending metrics in this mode is much slower that WithMutexMode (because of the channel), but will not
+// block the application. This mode is made for application using many goroutines, sending the same metrics, at a very
+// high volume. The goal is to not slow down the application at the cost of dropping metrics and having a lower max
+// throughput.
+func WithChannelMode() Option {
+	return func(o *Options) error {
+		o.receiveMode = channelMode
+		return nil
+	}
+}
+
+// WithMutexMode will use mutex to receive metrics from the app throught the API.
+//
+// This determines how the client receive metrics from the app (for example when calling the `Gauge()` method).
+// The client will either drop the metrics if its buffers are full (WithChannelMode option) or block the caller until the
+// metric can be handled (WithMutexMode option). By default the client use mutexes.
+//
+// WithMutexMode uses mutexes to receive metrics which is much faster than channels but can cause some lock contention
+// when used with a high number of goroutines sendint the same metrics. Mutexes are sharded based on the metrics name
+// which limit mutex contention when multiple goroutines send different metrics (see WithWorkersCount). This is the
+// default behavior which will produce the best throughput.
+func WithMutexMode() Option {
+	return func(o *Options) error {
+		o.receiveMode = mutexMode
+		return nil
+	}
+}
+
+// WithChannelModeBufferSize sets the size of the channel holding incoming metrics when WithChannelMode is used.
+func WithChannelModeBufferSize(bufferSize int) Option {
+	return func(o *Options) error {
+		o.channelModeBufferSize = bufferSize
+		return nil
+	}
+}
+
+// WithAggregationInterval sets the interval at which aggregated metrics are flushed. See WithClientSideAggregation and
+// WithExtendedClientSideAggregation for more.
+//
+// The default interval is 2s. The interval must divide the Agent reporting period (default=10s) evenly to reduce "aliasing"
+// that can cause values to appear irregular/spiky.
+//
+// For example a 3s aggregation interval will create spikes in the final graph: a application sending a count metric
+// that increments at a constant 1000 time per second will appear noisy with an interval of 3s. This is because
+// client-side aggregation would report every 3 seconds, while the agent is reporting every 10 seconds. This means in
+// each agent bucket, the values are: 9000, 9000, 12000.
+func WithAggregationInterval(interval time.Duration) Option {
+	return func(o *Options) error {
+		o.aggregationFlushInterval = interval
+		return nil
+	}
+}
+
+// WithClientSideAggregation enables client side aggregation for Gauges, Counts and Sets.
+func WithClientSideAggregation() Option {
+	return func(o *Options) error {
+		o.aggregation = true
+		return nil
+	}
+}
+
+// WithoutClientSideAggregation disables client side aggregation.
+func WithoutClientSideAggregation() Option {
+	return func(o *Options) error {
+		o.aggregation = false
+		o.extendedAggregation = false
+		return nil
+	}
+}
+
+// WithExtendedClientSideAggregation enables client side aggregation for all types. This feature is only compatible with
+// Agent's version >=6.25.0 && <7.0.0 or Agent's versions >=7.25.0.
+func WithExtendedClientSideAggregation() Option {
+	return func(o *Options) error {
+		o.aggregation = true
+		o.extendedAggregation = true
+		return nil
+	}
+}
+
+// WithoutTelemetry disables the client telemetry.
+//
+// More on this here: https://docs.datadoghq.com/developers/dogstatsd/high_throughput/#client-side-telemetry
+func WithoutTelemetry() Option {
+	return func(o *Options) error {
+		o.telemetry = false
+		return nil
+	}
+}
+
+// WithTelemetryAddr sets a different address for telemetry metrics. By default the same address as the client is used
+// for telemetry.
+//
+// More on this here: https://docs.datadoghq.com/developers/dogstatsd/high_throughput/#client-side-telemetry
+func WithTelemetryAddr(addr string) Option {
+	return func(o *Options) error {
+		o.telemetryAddr = addr
+		return nil
+	}
+}
+
+// WithoutOriginDetection disables the client origin detection.
+// When enabled, the client tries to discover its container ID and sends it to the Agent
+// to enrich the metrics with container tags.
+// Origin detection can also be disabled by configuring the environment variabe DD_ORIGIN_DETECTION_ENABLED=false
+// The client tries to read the container ID by parsing the file /proc/self/cgroup, this is not supported on Windows.
+// The client prioritizes the value passed via DD_ENTITY_ID (if set) over the container ID.
+//
+// More on this here: https://docs.datadoghq.com/developers/dogstatsd/?tab=kubernetes#origin-detection-over-udp
+func WithoutOriginDetection() Option {
+	return func(o *Options) error {
+		o.originDetection = false
+		return nil
+	}
+}
+
+// WithOriginDetection enables the client origin detection.
+// This feature requires Datadog Agent version >=6.35.0 && <7.0.0 or Agent versions >=7.35.0.
+// When enabled, the client tries to discover its container ID and sends it to the Agent
+// to enrich the metrics with container tags.
+// Origin detection can be disabled by configuring the environment variabe DD_ORIGIN_DETECTION_ENABLED=false
+// The client tries to read the container ID by parsing the file /proc/self/cgroup, this is not supported on Windows.
+// The client prioritizes the value passed via DD_ENTITY_ID (if set) over the container ID.
+//
+// More on this here: https://docs.datadoghq.com/developers/dogstatsd/?tab=kubernetes#origin-detection-over-udp
+func WithOriginDetection() Option {
+	return func(o *Options) error {
+		o.originDetection = true
+		return nil
+	}
+}
+
+// WithContainerID allows passing the container ID, this will be used by the Agent to enrich metrics with container tags.
+// This feature requires Datadog Agent version >=6.35.0 && <7.0.0 or Agent versions >=7.35.0.
+// When configured, the provided container ID is prioritized over the container ID discovered via Origin Detection.
+// The client prioritizes the value passed via DD_ENTITY_ID (if set) over the container ID.
+func WithContainerID(id string) Option {
+	return func(o *Options) error {
+		o.containerID = id
+		return nil
+	}
+}
diff --git a/vendor/github.com/DataDog/datadog-go/v5/statsd/pipe.go b/vendor/github.com/DataDog/datadog-go/v5/statsd/pipe.go
new file mode 100644
index 000000000..84c38e966
--- /dev/null
+++ b/vendor/github.com/DataDog/datadog-go/v5/statsd/pipe.go
@@ -0,0 +1,13 @@
+// +build !windows
+
+package statsd
+
+import (
+	"errors"
+	"io"
+	"time"
+)
+
+func newWindowsPipeWriter(pipepath string, writeTimeout time.Duration) (io.WriteCloser, error) {
+	return nil, errors.New("Windows Named Pipes are only supported on Windows")
+}
diff --git a/vendor/github.com/DataDog/datadog-go/v5/statsd/pipe_windows.go b/vendor/github.com/DataDog/datadog-go/v5/statsd/pipe_windows.go
new file mode 100644
index 000000000..5ab60f00c
--- /dev/null
+++ b/vendor/github.com/DataDog/datadog-go/v5/statsd/pipe_windows.go
@@ -0,0 +1,75 @@
+// +build windows
+
+package statsd
+
+import (
+	"net"
+	"sync"
+	"time"
+
+	"github.com/Microsoft/go-winio"
+)
+
+type pipeWriter struct {
+	mu       sync.RWMutex
+	conn     net.Conn
+	timeout  time.Duration
+	pipepath string
+}
+
+func (p *pipeWriter) Write(data []byte) (n int, err error) {
+	conn, err := p.ensureConnection()
+	if err != nil {
+		return 0, err
+	}
+
+	p.mu.RLock()
+	conn.SetWriteDeadline(time.Now().Add(p.timeout))
+	p.mu.RUnlock()
+
+	n, err = conn.Write(data)
+	if err != nil {
+		if e, ok := err.(net.Error); !ok || !e.Temporary() {
+			// disconnected; retry again on next attempt
+			p.mu.Lock()
+			p.conn = nil
+			p.mu.Unlock()
+		}
+	}
+	return n, err
+}
+
+func (p *pipeWriter) ensureConnection() (net.Conn, error) {
+	p.mu.RLock()
+	conn := p.conn
+	p.mu.RUnlock()
+	if conn != nil {
+		return conn, nil
+	}
+
+	// looks like we might need to connect - try again with write locking.
+	p.mu.Lock()
+	defer p.mu.Unlock()
+	if p.conn != nil {
+		return p.conn, nil
+	}
+	newconn, err := winio.DialPipe(p.pipepath, nil)
+	if err != nil {
+		return nil, err
+	}
+	p.conn = newconn
+	return newconn, nil
+}
+
+func (p *pipeWriter) Close() error {
+	return p.conn.Close()
+}
+
+func newWindowsPipeWriter(pipepath string, writeTimeout time.Duration) (*pipeWriter, error) {
+	// Defer connection establishment to first write
+	return &pipeWriter{
+		conn:     nil,
+		timeout:  writeTimeout,
+		pipepath: pipepath,
+	}, nil
+}
diff --git a/vendor/github.com/DataDog/datadog-go/v5/statsd/sender.go b/vendor/github.com/DataDog/datadog-go/v5/statsd/sender.go
new file mode 100644
index 000000000..500d53c40
--- /dev/null
+++ b/vendor/github.com/DataDog/datadog-go/v5/statsd/sender.go
@@ -0,0 +1,111 @@
+package statsd
+
+import (
+	"io"
+	"sync/atomic"
+)
+
+// senderTelemetry contains telemetry about the health of the sender
+type senderTelemetry struct {
+	totalPayloadsSent             uint64
+	totalPayloadsDroppedQueueFull uint64
+	totalPayloadsDroppedWriter    uint64
+	totalBytesSent                uint64
+	totalBytesDroppedQueueFull    uint64
+	totalBytesDroppedWriter       uint64
+}
+
+type sender struct {
+	transport   io.WriteCloser
+	pool        *bufferPool
+	queue       chan *statsdBuffer
+	telemetry   *senderTelemetry
+	stop        chan struct{}
+	flushSignal chan struct{}
+}
+
+func newSender(transport io.WriteCloser, queueSize int, pool *bufferPool) *sender {
+	sender := &sender{
+		transport:   transport,
+		pool:        pool,
+		queue:       make(chan *statsdBuffer, queueSize),
+		telemetry:   &senderTelemetry{},
+		stop:        make(chan struct{}),
+		flushSignal: make(chan struct{}),
+	}
+
+	go sender.sendLoop()
+	return sender
+}
+
+func (s *sender) send(buffer *statsdBuffer) {
+	select {
+	case s.queue <- buffer:
+	default:
+		atomic.AddUint64(&s.telemetry.totalPayloadsDroppedQueueFull, 1)
+		atomic.AddUint64(&s.telemetry.totalBytesDroppedQueueFull, uint64(len(buffer.bytes())))
+		s.pool.returnBuffer(buffer)
+	}
+}
+
+func (s *sender) write(buffer *statsdBuffer) {
+	_, err := s.transport.Write(buffer.bytes())
+	if err != nil {
+		atomic.AddUint64(&s.telemetry.totalPayloadsDroppedWriter, 1)
+		atomic.AddUint64(&s.telemetry.totalBytesDroppedWriter, uint64(len(buffer.bytes())))
+	} else {
+		atomic.AddUint64(&s.telemetry.totalPayloadsSent, 1)
+		atomic.AddUint64(&s.telemetry.totalBytesSent, uint64(len(buffer.bytes())))
+	}
+	s.pool.returnBuffer(buffer)
+}
+
+func (s *sender) flushTelemetryMetrics(t *Telemetry) {
+	t.TotalPayloadsSent = atomic.LoadUint64(&s.telemetry.totalPayloadsSent)
+	t.TotalPayloadsDroppedQueueFull = atomic.LoadUint64(&s.telemetry.totalPayloadsDroppedQueueFull)
+	t.TotalPayloadsDroppedWriter = atomic.LoadUint64(&s.telemetry.totalPayloadsDroppedWriter)
+
+	t.TotalBytesSent = atomic.LoadUint64(&s.telemetry.totalBytesSent)
+	t.TotalBytesDroppedQueueFull = atomic.LoadUint64(&s.telemetry.totalBytesDroppedQueueFull)
+	t.TotalBytesDroppedWriter = atomic.LoadUint64(&s.telemetry.totalBytesDroppedWriter)
+}
+
+func (s *sender) sendLoop() {
+	defer close(s.stop)
+	for {
+		select {
+		case buffer := <-s.queue:
+			s.write(buffer)
+		case <-s.stop:
+			return
+		case <-s.flushSignal:
+			// At that point we know that the workers are paused (the statsd client
+			// will pause them before calling sender.flush()).
+			// So we can fully flush the input queue
+			s.flushInputQueue()
+			s.flushSignal <- struct{}{}
+		}
+	}
+}
+
+func (s *sender) flushInputQueue() {
+	for {
+		select {
+		case buffer := <-s.queue:
+			s.write(buffer)
+		default:
+			return
+		}
+	}
+}
+func (s *sender) flush() {
+	s.flushSignal <- struct{}{}
+	<-s.flushSignal
+}
+
+func (s *sender) close() error {
+	s.stop <- struct{}{}
+	<-s.stop
+	s.flushInputQueue()
+	return s.transport.Close()
+}
diff --git a/vendor/github.com/DataDog/datadog-go/v5/statsd/service_check.go b/vendor/github.com/DataDog/datadog-go/v5/statsd/service_check.go
new file mode 100644
index 000000000..e2850465c
--- /dev/null
+++ b/vendor/github.com/DataDog/datadog-go/v5/statsd/service_check.go
@@ -0,0 +1,57 @@
+package statsd
+
+import (
+	"fmt"
+	"time"
+)
+
+// ServiceCheckStatus support
+type ServiceCheckStatus byte
+
+const (
+	// Ok is the "ok" ServiceCheck status
+	Ok ServiceCheckStatus = 0
+	// Warn is the "warning" ServiceCheck status
+	Warn ServiceCheckStatus = 1
+	// Critical is the "critical" ServiceCheck status
+	Critical ServiceCheckStatus = 2
+	// Unknown is the "unknown" ServiceCheck status
+	Unknown ServiceCheckStatus = 3
+)
+
+// A ServiceCheck is an object that contains status of DataDog service check.
+type ServiceCheck struct {
+	// Name of the service check.  Required.
+	Name string
+	// Status of service check.  Required.
+	Status ServiceCheckStatus
+	// Timestamp is a timestamp for the serviceCheck.  If not provided, the dogstatsd
+	// server will set this to the current time.
+	Timestamp time.Time
+	// Hostname for the serviceCheck.
+	Hostname string
+	// A message describing the current state of the serviceCheck.
+	Message string
+	// Tags for the serviceCheck.
+	Tags []string
+}
+
+// NewServiceCheck creates a new serviceCheck with the given name and status. Error checking
+// against these values is done at send-time, or upon running sc.Check.
+func NewServiceCheck(name string, status ServiceCheckStatus) *ServiceCheck {
+	return &ServiceCheck{
+		Name:   name,
+		Status: status,
+	}
+}
+
+// Check verifies that a service check is valid.
+func (sc *ServiceCheck) Check() error {
+	if len(sc.Name) == 0 {
+		return fmt.Errorf("statsd.ServiceCheck name is required")
+	}
+	if byte(sc.Status) < 0 || byte(sc.Status) > 3 {
+		return fmt.Errorf("statsd.ServiceCheck status has invalid value")
+	}
+	return nil
+}
diff --git a/vendor/github.com/DataDog/datadog-go/v5/statsd/statsd.go b/vendor/github.com/DataDog/datadog-go/v5/statsd/statsd.go
new file mode 100644
index 000000000..378581b9b
--- /dev/null
+++ b/vendor/github.com/DataDog/datadog-go/v5/statsd/statsd.go
@@ -0,0 +1,838 @@
+// Copyright 2013 Ooyala, Inc.
+
+/*
+Package statsd provides a Go dogstatsd client. Dogstatsd extends the popular statsd,
+adding tags and histograms and pushing upstream to Datadog.
+
+Refer to http://docs.datadoghq.com/guides/dogstatsd/ for information about DogStatsD.
+
+statsd is based on go-statsd-client.
+*/
+package statsd
+
+//go:generate mockgen -source=statsd.go -destination=mocks/statsd.go
+
+import (
+	"errors"
+	"fmt"
+	"io"
+	"net/url"
+	"os"
+	"strconv"
+	"strings"
+	"sync"
+	"sync/atomic"
+	"time"
+)
+
+/*
+OptimalUDPPayloadSize defines the optimal payload size for a UDP datagram, 1432 bytes
+is optimal for regular networks with an MTU of 1500 so datagrams don't get
+fragmented. It's generally recommended not to fragment UDP datagrams as losing
+a single fragment will cause the entire datagram to be lost.
+*/
+const OptimalUDPPayloadSize = 1432
+
+/*
+MaxUDPPayloadSize defines the maximum payload size for a UDP datagram.
+Its value comes from the calculation: 65535 bytes Max UDP datagram size -
+8byte UDP header - 60byte max IP headers
+any number greater than that will see frames being cut out.
+*/
+const MaxUDPPayloadSize = 65467
+
+// DefaultUDPBufferPoolSize is the default size of the buffer pool for UDP clients.
+const DefaultUDPBufferPoolSize = 2048
+
+// DefaultUDSBufferPoolSize is the default size of the buffer pool for UDS clients.
+const DefaultUDSBufferPoolSize = 512
+
+/*
+DefaultMaxAgentPayloadSize is the default maximum payload size the agent
+can receive. This can be adjusted by changing dogstatsd_buffer_size in the
+agent configuration file datadog.yaml. This is also used as the optimal payload size
+for UDS datagrams.
+*/
+const DefaultMaxAgentPayloadSize = 8192
+
+/*
+UnixAddressPrefix holds the prefix to use to enable Unix Domain Socket
+traffic instead of UDP.
+*/
+const UnixAddressPrefix = "unix://"
+
+/*
+WindowsPipeAddressPrefix holds the prefix to use to enable Windows Named Pipes
+traffic instead of UDP.
+*/
+const WindowsPipeAddressPrefix = `\\.\pipe\`
+
+const (
+	agentHostEnvVarName = "DD_AGENT_HOST"
+	agentPortEnvVarName = "DD_DOGSTATSD_PORT"
+	agentURLEnvVarName  = "DD_DOGSTATSD_URL"
+	defaultUDPPort      = "8125"
+)
+
+const (
+	// ddEntityID specifies client-side user-specified entity ID injection.
+	// This env var can be set to the Pod UID on Kubernetes via the downward API.
+	// Docs: https://docs.datadoghq.com/developers/dogstatsd/?tab=kubernetes#origin-detection-over-udp
+	ddEntityID = "DD_ENTITY_ID"
+
+	// ddEntityIDTag specifies the tag name for the client-side entity ID injection
+	// The Agent expects this tag to contain a non-prefixed Kubernetes Pod UID.
+	ddEntityIDTag = "dd.internal.entity_id"
+
+	// originDetectionEnabled specifies the env var to enable/disable sending the container ID field.
+	originDetectionEnabled = "DD_ORIGIN_DETECTION_ENABLED"
+)
+
+/*
+ddEnvTagsMapping is a mapping of each "DD_" prefixed environment variable
+to a specific tag name. We use a slice to keep the order and simplify tests.
+*/
+var ddEnvTagsMapping = []struct{ envName, tagName string }{
+	{ddEntityID, ddEntityIDTag}, // Client-side entity ID injection for container tagging.
+	{"DD_ENV", "env"},           // The name of the env in which the service runs.
+	{"DD_SERVICE", "service"},   // The name of the running service.
+	{"DD_VERSION", "version"},   // The current version of the running service.
+}
+
+type metricType int
+
+const (
+	gauge metricType = iota
+	count
+	histogram
+	histogramAggregated
+	distribution
+	distributionAggregated
+	set
+	timing
+	timingAggregated
+	event
+	serviceCheck
+)
+
+type receivingMode int
+
+const (
+	mutexMode receivingMode = iota
+	channelMode
+)
+
+const (
+	writerNameUDP     string = "udp"
+	writerNameUDS     string = "uds"
+	writerWindowsPipe string = "pipe"
+)
+
+// noTimestamp is used as a value for metric without a given timestamp.
+const noTimestamp = int64(0)
+
+type metric struct {
+	metricType metricType
+	namespace  string
+	globalTags []string
+	name       string
+	fvalue     float64
+	fvalues    []float64
+	ivalue     int64
+	svalue     string
+	evalue     *Event
+	scvalue    *ServiceCheck
+	tags       []string
+	stags      string
+	rate       float64
+	timestamp  int64
+}
+
+type noClientErr string
+
+// ErrNoClient is returned if statsd reporting methods are invoked on
+// a nil client.
+const ErrNoClient = noClientErr("statsd client is nil")
+
+func (e noClientErr) Error() string {
+	return string(e)
+}
+
+type invalidTimestampErr string
+
+// InvalidTimestamp is returned if a provided timestamp is invalid.
+const InvalidTimestamp = invalidTimestampErr("invalid timestamp")
+
+func (e invalidTimestampErr) Error() string {
+	return string(e)
+}
+
+// ClientInterface is an interface that exposes the common client functions for the
+// purpose of being able to provide a no-op client or even mocking. This can aid
+// downstream users' with their testing.
+type ClientInterface interface {
+	// Gauge measures the value of a metric at a particular time.
+	Gauge(name string, value float64, tags []string, rate float64) error
+
+	// GaugeWithTimestamp measures the value of a metric at a given time.
+	// BETA - Please contact our support team for more information to use this feature: https://www.datadoghq.com/support/
+	// The value will bypass any aggregation on the client side and agent side, this is
+	// useful when sending points in the past.
+	//
+	// Minimum Datadog Agent version: 7.40.0
+	GaugeWithTimestamp(name string, value float64, tags []string, rate float64, timestamp time.Time) error
+
+	// Count tracks how many times something happened per second.
+	Count(name string, value int64, tags []string, rate float64) error
+
+	// CountWithTimestamp tracks how many times something happened at the given second.
+	// BETA - Please contact our support team for more information to use this feature: https://www.datadoghq.com/support/
+	// The value will bypass any aggregation on the client side and agent side, this is
+	// useful when sending points in the past.
+	//
+	// Minimum Datadog Agent version: 7.40.0
+	CountWithTimestamp(name string, value int64, tags []string, rate float64, timestamp time.Time) error
+
+	// Histogram tracks the statistical distribution of a set of values on each host.
+	Histogram(name string, value float64, tags []string, rate float64) error
+
+	// Distribution tracks the statistical distribution of a set of values across your infrastructure.
+	Distribution(name string, value float64, tags []string, rate float64) error
+
+	// Decr is just Count of -1
+	Decr(name string, tags []string, rate float64) error
+
+	// Incr is just Count of 1
+	Incr(name string, tags []string, rate float64) error
+
+	// Set counts the number of unique elements in a group.
+	Set(name string, value string, tags []string, rate float64) error
+
+	// Timing sends timing information, it is an alias for TimeInMilliseconds
+	Timing(name string, value time.Duration, tags []string, rate float64) error
+
+	// TimeInMilliseconds sends timing information in milliseconds.
+	// It is flushed by statsd with percentiles, mean and other info (https://github.com/etsy/statsd/blob/master/docs/metric_types.md#timing)
+	TimeInMilliseconds(name string, value float64, tags []string, rate float64) error
+
+	// Event sends the provided Event.
+	Event(e *Event) error
+
+	// SimpleEvent sends an event with the provided title and text.
+	SimpleEvent(title, text string) error
+
+	// ServiceCheck sends the provided ServiceCheck.
+	ServiceCheck(sc *ServiceCheck) error
+
+	// SimpleServiceCheck sends an serviceCheck with the provided name and status.
+	SimpleServiceCheck(name string, status ServiceCheckStatus) error
+
+	// Close the client connection.
+	Close() error
+
+	// Flush forces a flush of all the queued dogstatsd payloads.
+	Flush() error
+
+	// IsClosed returns if the client has been closed.
+	IsClosed() bool
+
+	// GetTelemetry return the telemetry metrics for the client since it started.
+	GetTelemetry() Telemetry
+}
+
+// A Client is a handle for sending messages to dogstatsd.  It is safe to
+// use one Client from multiple goroutines simultaneously.
+type Client struct {
+	// Sender handles the underlying networking protocol
+	sender *sender
+	// namespace to prepend to all statsd calls
+	namespace string
+	// tags are global tags to be added to every statsd call
+	tags            []string
+	flushTime       time.Duration
+	telemetry       *statsdTelemetry
+	telemetryClient *telemetryClient
+	stop            chan struct{}
+	wg              sync.WaitGroup
+	workers         []*worker
+	closerLock      sync.Mutex
+	workersMode     receivingMode
+	aggregatorMode  receivingMode
+	agg             *aggregator
+	aggExtended     *aggregator
+	options         []Option
+	addrOption      string
+	isClosed        bool
+}
+
+// statsdTelemetry contains telemetry metrics about the client
+type statsdTelemetry struct {
+	totalMetricsGauge        uint64
+	totalMetricsCount        uint64
+	totalMetricsHistogram    uint64
+	totalMetricsDistribution uint64
+	totalMetricsSet          uint64
+	totalMetricsTiming       uint64
+	totalEvents              uint64
+	totalServiceChecks       uint64
+	totalDroppedOnReceive    uint64
+}
+
+// Verify that Client implements the ClientInterface.
+// https://golang.org/doc/faq#guarantee_satisfies_interface
+var _ ClientInterface = &Client{}
+
+func resolveAddr(addr string) string {
+	envPort := ""
+
+	if addr == "" {
+		addr = os.Getenv(agentHostEnvVarName)
+		envPort = os.Getenv(agentPortEnvVarName)
+		agentURL, _ := os.LookupEnv(agentURLEnvVarName)
+		agentURL = parseAgentURL(agentURL)
+
+		// agentURLEnvVarName has priority over agentHostEnvVarName
+		if agentURL != "" {
+			return agentURL
+		}
+	}
+
+	if addr == "" {
+		return ""
+	}
+
+	if !strings.HasPrefix(addr, WindowsPipeAddressPrefix) && !strings.HasPrefix(addr, UnixAddressPrefix) {
+		if !strings.Contains(addr, ":") {
+			if envPort != "" {
+				addr = fmt.Sprintf("%s:%s", addr, envPort)
+			} else {
+				addr = fmt.Sprintf("%s:%s", addr, defaultUDPPort)
+			}
+		}
+	}
+	return addr
+}
+
+func parseAgentURL(agentURL string) string {
+	if agentURL != "" {
+		if strings.HasPrefix(agentURL, WindowsPipeAddressPrefix) {
+			return agentURL
+		}
+
+		parsedURL, err := url.Parse(agentURL)
+		if err != nil {
+			return ""
+		}
+
+		if parsedURL.Scheme == "udp" {
+			if strings.Contains(parsedURL.Host, ":") {
+				return parsedURL.Host
+			}
+			return fmt.Sprintf("%s:%s", parsedURL.Host, defaultUDPPort)
+		}
+
+		if parsedURL.Scheme == "unix" {
+			return agentURL
+		}
+	}
+	return ""
+}
+
+func createWriter(addr string, writeTimeout time.Duration) (io.WriteCloser, string, error) {
+	addr = resolveAddr(addr)
+	if addr == "" {
+		return nil, "", errors.New("No address passed and autodetection from environment failed")
+	}
+
+	switch {
+	case strings.HasPrefix(addr, WindowsPipeAddressPrefix):
+		w, err := newWindowsPipeWriter(addr, writeTimeout)
+		return w, writerWindowsPipe, err
+	case strings.HasPrefix(addr, UnixAddressPrefix):
+		w, err := newUDSWriter(addr[len(UnixAddressPrefix):], writeTimeout)
+		return w, writerNameUDS, err
+	default:
+		w, err := newUDPWriter(addr, writeTimeout)
+		return w, writerNameUDP, err
+	}
+}
+
+// New returns a pointer to a new Client given an addr in the format "hostname:port" for UDP,
+// "unix:///path/to/socket" for UDS or "\\.\pipe\path\to\pipe" for Windows Named Pipes.
+func New(addr string, options ...Option) (*Client, error) {
+	o, err := resolveOptions(options)
+	if err != nil {
+		return nil, err
+	}
+
+	w, writerType, err := createWriter(addr, o.writeTimeout)
+	if err != nil {
+		return nil, err
+	}
+
+	client, err := newWithWriter(w, o, writerType)
+	if err == nil {
+		client.options = append(client.options, options...)
+		client.addrOption = addr
+	}
+	return client, err
+}
+
+// NewWithWriter creates a new Client with given writer. Writer is a
+// io.WriteCloser
+func NewWithWriter(w io.WriteCloser, options ...Option) (*Client, error) {
+	o, err := resolveOptions(options)
+	if err != nil {
+		return nil, err
+	}
+	return newWithWriter(w, o, "custom")
+}
+
+// CloneWithExtraOptions create a new Client with extra options
+func CloneWithExtraOptions(c *Client, options ...Option) (*Client, error) {
+	if c == nil {
+		return nil, ErrNoClient
+	}
+
+	if c.addrOption == "" {
+		return nil, fmt.Errorf("can't clone client with no addrOption")
+	}
+	opt := append(c.options, options...)
+	return New(c.addrOption, opt...)
+}
+
+func newWithWriter(w io.WriteCloser, o *Options, writerName string) (*Client, error) {
+	c := Client{
+		namespace: o.namespace,
+		tags:      o.tags,
+		telemetry: &statsdTelemetry{},
+	}
+
+	hasEntityID := false
+	// Inject values of DD_* environment variables as global tags.
+	for _, mapping := range ddEnvTagsMapping {
+		if value := os.Getenv(mapping.envName); value != "" {
+			if mapping.envName == ddEntityID {
+				hasEntityID = true
+			}
+			c.tags = append(c.tags, fmt.Sprintf("%s:%s", mapping.tagName, value))
+		}
+	}
+
+	if !hasEntityID {
+		initContainerID(o.containerID, isOriginDetectionEnabled(o, hasEntityID))
+	}
+
+	if o.maxBytesPerPayload == 0 {
+		if writerName == writerNameUDS {
+			o.maxBytesPerPayload = DefaultMaxAgentPayloadSize
+		} else {
+			o.maxBytesPerPayload = OptimalUDPPayloadSize
+		}
+	}
+	if o.bufferPoolSize == 0 {
+		if writerName == writerNameUDS {
+			o.bufferPoolSize = DefaultUDSBufferPoolSize
+		} else {
+			o.bufferPoolSize = DefaultUDPBufferPoolSize
+		}
+	}
+	if o.senderQueueSize == 0 {
+		if writerName == writerNameUDS {
+			o.senderQueueSize = DefaultUDSBufferPoolSize
+		} else {
+			o.senderQueueSize = DefaultUDPBufferPoolSize
+		}
+	}
+
+	bufferPool := newBufferPool(o.bufferPoolSize, o.maxBytesPerPayload, o.maxMessagesPerPayload)
+	c.sender = newSender(w, o.senderQueueSize, bufferPool)
+	c.aggregatorMode = o.receiveMode
+
+	c.workersMode = o.receiveMode
+	// channelMode mode at the worker level is not enabled when
+	// ExtendedAggregation is since the user app will not directly
+	// use the worker (the aggregator sit between the app and the
+	// workers).
+	if o.extendedAggregation {
+		c.workersMode = mutexMode
+	}
+
+	if o.aggregation || o.extendedAggregation {
+		c.agg = newAggregator(&c)
+		c.agg.start(o.aggregationFlushInterval)
+
+		if o.extendedAggregation {
+			c.aggExtended = c.agg
+
+			if c.aggregatorMode == channelMode {
+				c.agg.startReceivingMetric(o.channelModeBufferSize, o.workersCount)
+			}
+		}
+	}
+
+	for i := 0; i < o.workersCount; i++ {
+		w := newWorker(bufferPool, c.sender)
+		c.workers = append(c.workers, w)
+
+		if c.workersMode == channelMode {
+			w.startReceivingMetric(o.channelModeBufferSize)
+		}
+	}
+
+	c.flushTime = o.bufferFlushInterval
+	c.stop = make(chan struct{}, 1)
+
+	c.wg.Add(1)
+	go func() {
+		defer c.wg.Done()
+		c.watch()
+	}()
+
+	if o.telemetry {
+		if o.telemetryAddr == "" {
+			c.telemetryClient = newTelemetryClient(&c, writerName, c.agg != nil)
+		} else {
+			var err error
+			c.telemetryClient, err = newTelemetryClientWithCustomAddr(&c, writerName, o.telemetryAddr, c.agg != nil, bufferPool, o.writeTimeout)
+			if err != nil {
+				return nil, err
+			}
+		}
+		c.telemetryClient.run(&c.wg, c.stop)
+	}
+
+	return &c, nil
+}
+
+func (c *Client) watch() {
+	ticker := time.NewTicker(c.flushTime)
+
+	for {
+		select {
+		case <-ticker.C:
+			for _, w := range c.workers {
+				w.flush()
+			}
+		case <-c.stop:
+			ticker.Stop()
+			return
+		}
+	}
+}
+
+// Flush forces a flush of all the queued dogstatsd payloads This method is
+// blocking and will not return until everything is sent through the network.
+// In mutexMode, this will also block sampling new data to the client while the
+// workers and sender are flushed.
+func (c *Client) Flush() error {
+	if c == nil {
+		return ErrNoClient
+	}
+	if c.agg != nil {
+		c.agg.flush()
+	}
+	for _, w := range c.workers {
+		w.pause()
+		defer w.unpause()
+		w.flushUnsafe()
+	}
+	// Now that the worker are pause the sender can flush the queue between
+	// worker and senders
+	c.sender.flush()
+	return nil
+}
+
+// IsClosed returns if the client has been closed.
+func (c *Client) IsClosed() bool {
+	c.closerLock.Lock()
+	defer c.closerLock.Unlock()
+	return c.isClosed
+}
+
+func (c *Client) flushTelemetryMetrics(t *Telemetry) {
+	t.TotalMetricsGauge = atomic.LoadUint64(&c.telemetry.totalMetricsGauge)
+	t.TotalMetricsCount = atomic.LoadUint64(&c.telemetry.totalMetricsCount)
+	t.TotalMetricsSet = atomic.LoadUint64(&c.telemetry.totalMetricsSet)
+	t.TotalMetricsHistogram = atomic.LoadUint64(&c.telemetry.totalMetricsHistogram)
+	t.TotalMetricsDistribution = atomic.LoadUint64(&c.telemetry.totalMetricsDistribution)
+	t.TotalMetricsTiming = atomic.LoadUint64(&c.telemetry.totalMetricsTiming)
+	t.TotalEvents = atomic.LoadUint64(&c.telemetry.totalEvents)
+	t.TotalServiceChecks = atomic.LoadUint64(&c.telemetry.totalServiceChecks)
+	t.TotalDroppedOnReceive = atomic.LoadUint64(&c.telemetry.totalDroppedOnReceive)
+}
+
+// GetTelemetry return the telemetry metrics for the client since it started.
+func (c *Client) GetTelemetry() Telemetry {
+	return c.telemetryClient.getTelemetry()
+}
+
+func (c *Client) send(m metric) error {
+	h := hashString32(m.name)
+	worker := c.workers[h%uint32(len(c.workers))]
+
+	if c.workersMode == channelMode {
+		select {
+		case worker.inputMetrics <- m:
+		default:
+			atomic.AddUint64(&c.telemetry.totalDroppedOnReceive, 1)
+		}
+		return nil
+	}
+	return worker.processMetric(m)
+}
+
+// sendBlocking is used by the aggregator to inject aggregated metrics.
+func (c *Client) sendBlocking(m metric) error {
+	m.globalTags = c.tags
+	m.namespace = c.namespace
+
+	h := hashString32(m.name)
+	worker := c.workers[h%uint32(len(c.workers))]
+	return worker.processMetric(m)
+}
+
+func (c *Client) sendToAggregator(mType metricType, name string, value float64, tags []string, rate float64, f bufferedMetricSampleFunc) error {
+	if c.aggregatorMode == channelMode {
+		select {
+		case c.aggExtended.inputMetrics <- metric{metricType: mType, name: name, fvalue: value, tags: tags, rate: rate}:
+		default:
+			atomic.AddUint64(&c.telemetry.totalDroppedOnReceive, 1)
+		}
+		return nil
+	}
+	return f(name, value, tags, rate)
+}
+
+// Gauge measures the value of a metric at a particular time.
+func (c *Client) Gauge(name string, value float64, tags []string, rate float64) error {
+	if c == nil {
+		return ErrNoClient
+	}
+	atomic.AddUint64(&c.telemetry.totalMetricsGauge, 1)
+	if c.agg != nil {
+		return c.agg.gauge(name, value, tags)
+	}
+	return c.send(metric{metricType: gauge, name: name, fvalue: value, tags: tags, rate: rate, globalTags: c.tags, namespace: c.namespace})
+}
+
+// GaugeWithTimestamp measures the value of a metric at a given time.
+// BETA - Please contact our support team for more information to use this feature: https://www.datadoghq.com/support/
+// The value will bypass any aggregation on the client side and agent side, this is
+// useful when sending points in the past.
+//
+// Minimum Datadog Agent version: 7.40.0
+func (c *Client) GaugeWithTimestamp(name string, value float64, tags []string, rate float64, timestamp time.Time) error {
+	if c == nil {
+		return ErrNoClient
+	}
+
+	if timestamp.IsZero() || timestamp.Unix() <= noTimestamp {
+		return InvalidTimestamp
+	}
+
+	atomic.AddUint64(&c.telemetry.totalMetricsGauge, 1)
+	return c.send(metric{metricType: gauge, name: name, fvalue: value, tags: tags, rate: rate, globalTags: c.tags, namespace: c.namespace, timestamp: timestamp.Unix()})
+}
+
+// Count tracks how many times something happened per second.
+func (c *Client) Count(name string, value int64, tags []string, rate float64) error {
+	if c == nil {
+		return ErrNoClient
+	}
+	atomic.AddUint64(&c.telemetry.totalMetricsCount, 1)
+	if c.agg != nil {
+		return c.agg.count(name, value, tags)
+	}
+	return c.send(metric{metricType: count, name: name, ivalue: value, tags: tags, rate: rate, globalTags: c.tags, namespace: c.namespace})
+}
+
+// CountWithTimestamp tracks how many times something happened at the given second.
+// BETA - Please contact our support team for more information to use this feature: https://www.datadoghq.com/support/
+// The value will bypass any aggregation on the client side and agent side, this is
+// useful when sending points in the past.
+//
+// Minimum Datadog Agent version: 7.40.0
+func (c *Client) CountWithTimestamp(name string, value int64, tags []string, rate float64, timestamp time.Time) error {
+	if c == nil {
+		return ErrNoClient
+	}
+
+	if timestamp.IsZero() || timestamp.Unix() <= noTimestamp {
+		return InvalidTimestamp
+	}
+
+	atomic.AddUint64(&c.telemetry.totalMetricsCount, 1)
+	return c.send(metric{metricType: count, name: name, ivalue: value, tags: tags, rate: rate, globalTags: c.tags, namespace: c.namespace, timestamp: timestamp.Unix()})
+}
+
+// Histogram tracks the statistical distribution of a set of values on each host.
+func (c *Client) Histogram(name string, value float64, tags []string, rate float64) error {
+	if c == nil {
+		return ErrNoClient
+	}
+	atomic.AddUint64(&c.telemetry.totalMetricsHistogram, 1)
+	if c.aggExtended != nil {
+		return c.sendToAggregator(histogram, name, value, tags, rate, c.aggExtended.histogram)
+	}
+	return c.send(metric{metricType: histogram, name: name, fvalue: value, tags: tags, rate: rate, globalTags: c.tags, namespace: c.namespace})
+}
+
+// Distribution tracks the statistical distribution of a set of values across your infrastructure.
+func (c *Client) Distribution(name string, value float64, tags []string, rate float64) error {
+	if c == nil {
+		return ErrNoClient
+	}
+	atomic.AddUint64(&c.telemetry.totalMetricsDistribution, 1)
+	if c.aggExtended != nil {
+		return c.sendToAggregator(distribution, name, value, tags, rate, c.aggExtended.distribution)
+	}
+	return c.send(metric{metricType: distribution, name: name, fvalue: value, tags: tags, rate: rate, globalTags: c.tags, namespace: c.namespace})
+}
+
+// Decr is just Count of -1
+func (c *Client) Decr(name string, tags []string, rate float64) error {
+	return c.Count(name, -1, tags, rate)
+}
+
+// Incr is just Count of 1
+func (c *Client) Incr(name string, tags []string, rate float64) error {
+	return c.Count(name, 1, tags, rate)
+}
+
+// Set counts the number of unique elements in a group.
+func (c *Client) Set(name string, value string, tags []string, rate float64) error {
+	if c == nil {
+		return ErrNoClient
+	}
+	atomic.AddUint64(&c.telemetry.totalMetricsSet, 1)
+	if c.agg != nil {
+		return c.agg.set(name, value, tags)
+	}
+	return c.send(metric{metricType: set, name: name, svalue: value, tags: tags, rate: rate, globalTags: c.tags, namespace: c.namespace})
+}
+
+// Timing sends timing information, it is an alias for TimeInMilliseconds
+func (c *Client) Timing(name string, value time.Duration, tags []string, rate float64) error {
+	return c.TimeInMilliseconds(name, value.Seconds()*1000, tags, rate)
+}
+
+// TimeInMilliseconds sends timing information in milliseconds.
+// It is flushed by statsd with percentiles, mean and other info (https://github.com/etsy/statsd/blob/master/docs/metric_types.md#timing)
+func (c *Client) TimeInMilliseconds(name string, value float64, tags []string, rate float64) error {
+	if c == nil {
+		return ErrNoClient
+	}
+	atomic.AddUint64(&c.telemetry.totalMetricsTiming, 1)
+	if c.aggExtended != nil {
+		return c.sendToAggregator(timing, name, value, tags, rate, c.aggExtended.timing)
+	}
+	return c.send(metric{metricType: timing, name: name, fvalue: value, tags: tags, rate: rate, globalTags: c.tags, namespace: c.namespace})
+}
+
+// Event sends the provided Event.
+func (c *Client) Event(e *Event) error {
+	if c == nil {
+		return ErrNoClient
+	}
+	atomic.AddUint64(&c.telemetry.totalEvents, 1)
+	return c.send(metric{metricType: event, evalue: e, rate: 1, globalTags: c.tags, namespace: c.namespace})
+}
+
+// SimpleEvent sends an event with the provided title and text.
+func (c *Client) SimpleEvent(title, text string) error {
+	e := NewEvent(title, text)
+	return c.Event(e)
+}
+
+// ServiceCheck sends the provided ServiceCheck.
+func (c *Client) ServiceCheck(sc *ServiceCheck) error {
+	if c == nil {
+		return ErrNoClient
+	}
+	atomic.AddUint64(&c.telemetry.totalServiceChecks, 1)
+	return c.send(metric{metricType: serviceCheck, scvalue: sc, rate: 1, globalTags: c.tags, namespace: c.namespace})
+}
+
+// SimpleServiceCheck sends an serviceCheck with the provided name and status.
+func (c *Client) SimpleServiceCheck(name string, status ServiceCheckStatus) error {
+	sc := NewServiceCheck(name, status)
+	return c.ServiceCheck(sc)
+}
+
+// Close the client connection.
+func (c *Client) Close() error {
+	if c == nil {
+		return ErrNoClient
+	}
+
+	// Acquire closer lock to ensure only one thread can close the stop channel
+	c.closerLock.Lock()
+	defer c.closerLock.Unlock()
+
+	if c.isClosed {
+		return nil
+	}
+
+	// Notify all other threads that they should stop
+	select {
+	case <-c.stop:
+		return nil
+	default:
+	}
+	close(c.stop)
+
+	if c.workersMode == channelMode {
+		for _, w := range c.workers {
+			w.stopReceivingMetric()
+		}
+	}
+
+	// flush the aggregator first
+	if c.agg != nil {
+		if c.aggExtended != nil && c.aggregatorMode == channelMode {
+			c.agg.stopReceivingMetric()
+		}
+		c.agg.stop()
+	}
+
+	// Wait for the threads to stop
+	c.wg.Wait()
+
+	c.Flush()
+
+	c.isClosed = true
+	return c.sender.close()
+}
+
+// isOriginDetectionEnabled returns whether the clients should fill the container field.
+//
+// If DD_ENTITY_ID is set, we don't send the container ID
+// If a user-defined container ID is provided, we don't ignore origin detection
+// as dd.internal.entity_id is prioritized over the container field for backward compatibility.
+// If DD_ENTITY_ID is not set, we try to fill the container field automatically unless
+// DD_ORIGIN_DETECTION_ENABLED is explicitly set to false.
+func isOriginDetectionEnabled(o *Options, hasEntityID bool) bool {
+	if !o.originDetection || hasEntityID || o.containerID != "" {
+		// originDetection is explicitly disabled
+		// or DD_ENTITY_ID was found
+		// or a user-defined container ID was provided
+		return false
+	}
+
+	envVarValue := os.Getenv(originDetectionEnabled)
+	if envVarValue == "" {
+		// DD_ORIGIN_DETECTION_ENABLED is not set
+		// default to true
+		return true
+	}
+
+	enabled, err := strconv.ParseBool(envVarValue)
+	if err != nil {
+		// Error due to an unsupported DD_ORIGIN_DETECTION_ENABLED value
+		// default to true
+		return true
+	}
+
+	return enabled
+}
diff --git a/vendor/github.com/DataDog/datadog-go/v5/statsd/telemetry.go b/vendor/github.com/DataDog/datadog-go/v5/statsd/telemetry.go
new file mode 100644
index 000000000..1e2bc0a3f
--- /dev/null
+++ b/vendor/github.com/DataDog/datadog-go/v5/statsd/telemetry.go
@@ -0,0 +1,274 @@
+package statsd
+
+import (
+	"fmt"
+	"sync"
+	"time"
+)
+
+/*
+telemetryInterval is the interval at which telemetry will be sent by the client.
+*/
+const telemetryInterval = 10 * time.Second
+
+/*
+clientTelemetryTag is a tag identifying this specific client.
+*/
+var clientTelemetryTag = "client:go"
+
+/*
+clientVersionTelemetryTag is a tag identifying this specific client version.
+*/
+var clientVersionTelemetryTag = "client_version:5.3.0"
+
+// Telemetry represents internal metrics about the client behavior since it started.
+type Telemetry struct {
+	//
+	// Those are produced by the 'Client'
+	//
+
+	// TotalMetrics is the total number of metrics sent by the client before aggregation and sampling.
+	TotalMetrics uint64
+	// TotalMetricsGauge is the total number of gauges sent by the client before aggregation and sampling.
+	TotalMetricsGauge uint64
+	// TotalMetricsCount is the total number of counts sent by the client before aggregation and sampling.
+	TotalMetricsCount uint64
+	// TotalMetricsHistogram is the total number of histograms sent by the client before aggregation and sampling.
+	TotalMetricsHistogram uint64
+	// TotalMetricsDistribution is the total number of distributions sent by the client before aggregation and
+	// sampling.
+	TotalMetricsDistribution uint64
+	// TotalMetricsSet is the total number of sets sent by the client before aggregation and sampling.
+	TotalMetricsSet uint64
+	// TotalMetricsTiming is the total number of timings sent by the client before aggregation and sampling.
+	TotalMetricsTiming uint64
+	// TotalEvents is the total number of events sent by the client before aggregation and sampling.
+	TotalEvents uint64
+	// TotalServiceChecks is the total number of service_checks sent by the client before aggregation and sampling.
+	TotalServiceChecks uint64
+
+	// TotalDroppedOnReceive is the total number metrics/event/service_checks dropped when using ChannelMode (see
+	// WithChannelMode option).
+	TotalDroppedOnReceive uint64
+
+	//
+	// Those are produced by the 'sender'
+	//
+
+	// TotalPayloadsSent is the total number of payload (packet on the network) succesfully sent by the client. When
+	// using UDP we don't know if packet dropped or not, so all packet are considered as succesfully sent.
+	TotalPayloadsSent uint64
+	// TotalPayloadsDropped is the total number of payload dropped by the client. This includes all cause of dropped
+	// (TotalPayloadsDroppedQueueFull and TotalPayloadsDroppedWriter). When using UDP This won't includes the
+	// network dropped.
+	TotalPayloadsDropped uint64
+	// TotalPayloadsDroppedWriter is the total number of payload dropped by the writer (when using UDS or named
+	// pipe) due to network timeout or error.
+	TotalPayloadsDroppedWriter uint64
+	// TotalPayloadsDroppedQueueFull is the total number of payload dropped internally because the queue of payloads
+	// waiting to be sent on the wire is full. This means the client is generating more metrics than can be sent on
+	// the wire. If your app sends metrics in batch look at WithSenderQueueSize option to increase the queue size.
+	TotalPayloadsDroppedQueueFull uint64
+
+	// TotalBytesSent is the total number of bytes succesfully sent by the client. When using UDP we don't know if
+	// packet dropped or not, so all packet are considered as succesfully sent.
+	TotalBytesSent uint64
+	// TotalBytesDropped is the total number of bytes dropped by the client. This includes all cause of dropped
+	// (TotalBytesDroppedQueueFull and TotalBytesDroppedWriter). When using UDP This
+	// won't includes the network dropped.
+	TotalBytesDropped uint64
+	// TotalBytesDroppedWriter is the total number of bytes dropped by the writer (when using UDS or named pipe) due
+	// to network timeout or error.
+	TotalBytesDroppedWriter uint64
+	// TotalBytesDroppedQueueFull is the total number of bytes dropped internally because the queue of payloads
+	// waiting to be sent on the wire is full. This means the client is generating more metrics than can be sent on
+	// the wire. If your app sends metrics in batch look at WithSenderQueueSize option to increase the queue size.
+	TotalBytesDroppedQueueFull uint64
+
+	//
+	// Those are produced by the 'aggregator'
+	//
+
+	// AggregationNbContext is the total number of contexts flushed by the aggregator when either
+	// WithClientSideAggregation or WithExtendedClientSideAggregation options are enabled.
+	AggregationNbContext uint64
+	// AggregationNbContextGauge is the total number of contexts for gauges flushed by the aggregator when either
+	// WithClientSideAggregation or WithExtendedClientSideAggregation options are enabled.
+	AggregationNbContextGauge uint64
+	// AggregationNbContextCount is the total number of contexts for counts flushed by the aggregator when either
+	// WithClientSideAggregation or WithExtendedClientSideAggregation options are enabled.
+	AggregationNbContextCount uint64
+	// AggregationNbContextSet is the total number of contexts for sets flushed by the aggregator when either
+	// WithClientSideAggregation or WithExtendedClientSideAggregation options are enabled.
+	AggregationNbContextSet uint64
+	// AggregationNbContextHistogram is the total number of contexts for histograms flushed by the aggregator when either
+	// WithClientSideAggregation or WithExtendedClientSideAggregation options are enabled.
+	AggregationNbContextHistogram uint64
+	// AggregationNbContextDistribution is the total number of contexts for distributions flushed by the aggregator when either
+	// WithClientSideAggregation or WithExtendedClientSideAggregation options are enabled.
+	AggregationNbContextDistribution uint64
+	// AggregationNbContextTiming is the total number of contexts for timings flushed by the aggregator when either
+	// WithClientSideAggregation or WithExtendedClientSideAggregation options are enabled.
+	AggregationNbContextTiming uint64
+}
+
+type telemetryClient struct {
+	c          *Client
+	tags       []string
+	aggEnabled bool // is aggregation enabled and should we sent aggregation telemetry.
+	tagsByType map[metricType][]string
+	sender     *sender
+	worker     *worker
+	lastSample Telemetry // The previous sample of telemetry sent
+}
+
+func newTelemetryClient(c *Client, transport string, aggregationEnabled bool) *telemetryClient {
+	t := &telemetryClient{
+		c:          c,
+		tags:       append(c.tags, clientTelemetryTag, clientVersionTelemetryTag, "client_transport:"+transport),
+		aggEnabled: aggregationEnabled,
+		tagsByType: map[metricType][]string{},
+	}
+
+	t.tagsByType[gauge] = append(append([]string{}, t.tags...), "metrics_type:gauge")
+	t.tagsByType[count] = append(append([]string{}, t.tags...), "metrics_type:count")
+	t.tagsByType[set] = append(append([]string{}, t.tags...), "metrics_type:set")
+	t.tagsByType[timing] = append(append([]string{}, t.tags...), "metrics_type:timing")
+	t.tagsByType[histogram] = append(append([]string{}, t.tags...), "metrics_type:histogram")
+	t.tagsByType[distribution] = append(append([]string{}, t.tags...), "metrics_type:distribution")
+	return t
+}
+
+func newTelemetryClientWithCustomAddr(c *Client, transport string, telemetryAddr string, aggregationEnabled bool, pool *bufferPool, writeTimeout time.Duration) (*telemetryClient, error) {
+	telemetryWriter, _, err := createWriter(telemetryAddr, writeTimeout)
+	if err != nil {
+		return nil, fmt.Errorf("Could not resolve telemetry address: %v", err)
+	}
+
+	t := newTelemetryClient(c, transport, aggregationEnabled)
+
+	// Creating a custom sender/worker with 1 worker in mutex mode for the
+	// telemetry that share the same bufferPool.
+	// FIXME due to performance pitfall, we're always using UDP defaults
+	// even for UDS.
+	t.sender = newSender(telemetryWriter, DefaultUDPBufferPoolSize, pool)
+	t.worker = newWorker(pool, t.sender)
+	return t, nil
+}
+
+func (t *telemetryClient) run(wg *sync.WaitGroup, stop chan struct{}) {
+	wg.Add(1)
+	go func() {
+		defer wg.Done()
+		ticker := time.NewTicker(telemetryInterval)
+		for {
+			select {
+			case <-ticker.C:
+				t.sendTelemetry()
+			case <-stop:
+				ticker.Stop()
+				if t.sender != nil {
+					t.sender.close()
+				}
+				return
+			}
+		}
+	}()
+}
+
+func (t *telemetryClient) sendTelemetry() {
+	for _, m := range t.flush() {
+		if t.worker != nil {
+			t.worker.processMetric(m)
+		} else {
+			t.c.send(m)
+		}
+	}
+
+	if t.worker != nil {
+		t.worker.flush()
+	}
+}
+
+func (t *telemetryClient) getTelemetry() Telemetry {
+	if t == nil {
+		// telemetry was disabled through the WithoutTelemetry option
+		return Telemetry{}
+	}
+
+	tlm := Telemetry{}
+	t.c.flushTelemetryMetrics(&tlm)
+	t.c.sender.flushTelemetryMetrics(&tlm)
+	t.c.agg.flushTelemetryMetrics(&tlm)
+
+	tlm.TotalMetrics = tlm.TotalMetricsGauge +
+		tlm.TotalMetricsCount +
+		tlm.TotalMetricsSet +
+		tlm.TotalMetricsHistogram +
+		tlm.TotalMetricsDistribution +
+		tlm.TotalMetricsTiming
+
+	tlm.TotalPayloadsDropped = tlm.TotalPayloadsDroppedQueueFull + tlm.TotalPayloadsDroppedWriter
+	tlm.TotalBytesDropped = tlm.TotalBytesDroppedQueueFull + tlm.TotalBytesDroppedWriter
+
+	if t.aggEnabled {
+		tlm.AggregationNbContext = tlm.AggregationNbContextGauge +
+			tlm.AggregationNbContextCount +
+			tlm.AggregationNbContextSet +
+			tlm.AggregationNbContextHistogram +
+			tlm.AggregationNbContextDistribution +
+			tlm.AggregationNbContextTiming
+	}
+	return tlm
+}
+
+// flushTelemetry returns Telemetry metrics to be flushed. It's its own function to ease testing.
+func (t *telemetryClient) flush() []metric {
+	m := []metric{}
+
+	// same as Count but without global namespace
+	telemetryCount := func(name string, value int64, tags []string) {
+		m = append(m, metric{metricType: count, name: name, ivalue: value, tags: tags, rate: 1})
+	}
+
+	tlm := t.getTelemetry()
+
+	// We send the diff between now and the previous telemetry flush. This keep the same telemetry behavior from V4
+	// so users dashboard's aren't broken when upgrading to V5. It also allow to graph on the same dashboard a mix
+	// of V4 and V5 apps.
+	telemetryCount("datadog.dogstatsd.client.metrics", int64(tlm.TotalMetrics-t.lastSample.TotalMetrics), t.tags)
+	telemetryCount("datadog.dogstatsd.client.metrics_by_type", int64(tlm.TotalMetricsGauge-t.lastSample.TotalMetricsGauge), t.tagsByType[gauge])
+	telemetryCount("datadog.dogstatsd.client.metrics_by_type", int64(tlm.TotalMetricsCount-t.lastSample.TotalMetricsCount), t.tagsByType[count])
+	telemetryCount("datadog.dogstatsd.client.metrics_by_type", int64(tlm.TotalMetricsHistogram-t.lastSample.TotalMetricsHistogram), t.tagsByType[histogram])
+	telemetryCount("datadog.dogstatsd.client.metrics_by_type", int64(tlm.TotalMetricsDistribution-t.lastSample.TotalMetricsDistribution), t.tagsByType[distribution])
+	telemetryCount("datadog.dogstatsd.client.metrics_by_type", int64(tlm.TotalMetricsSet-t.lastSample.TotalMetricsSet), t.tagsByType[set])
+	telemetryCount("datadog.dogstatsd.client.metrics_by_type", int64(tlm.TotalMetricsTiming-t.lastSample.TotalMetricsTiming), t.tagsByType[timing])
+	telemetryCount("datadog.dogstatsd.client.events", int64(tlm.TotalEvents-t.lastSample.TotalEvents), t.tags)
+	telemetryCount("datadog.dogstatsd.client.service_checks", int64(tlm.TotalServiceChecks-t.lastSample.TotalServiceChecks), t.tags)
+
+	telemetryCount("datadog.dogstatsd.client.metric_dropped_on_receive", int64(tlm.TotalDroppedOnReceive-t.lastSample.TotalDroppedOnReceive), t.tags)
+
+	telemetryCount("datadog.dogstatsd.client.packets_sent", int64(tlm.TotalPayloadsSent-t.lastSample.TotalPayloadsSent), t.tags)
+	telemetryCount("datadog.dogstatsd.client.packets_dropped", int64(tlm.TotalPayloadsDropped-t.lastSample.TotalPayloadsDropped), t.tags)
+	telemetryCount("datadog.dogstatsd.client.packets_dropped_queue", int64(tlm.TotalPayloadsDroppedQueueFull-t.lastSample.TotalPayloadsDroppedQueueFull), t.tags)
+	telemetryCount("datadog.dogstatsd.client.packets_dropped_writer", int64(tlm.TotalPayloadsDroppedWriter-t.lastSample.TotalPayloadsDroppedWriter), t.tags)
+
+	telemetryCount("datadog.dogstatsd.client.bytes_dropped", int64(tlm.TotalBytesDropped-t.lastSample.TotalBytesDropped), t.tags)
+	telemetryCount("datadog.dogstatsd.client.bytes_sent", int64(tlm.TotalBytesSent-t.lastSample.TotalBytesSent), t.tags)
+	telemetryCount("datadog.dogstatsd.client.bytes_dropped_queue", int64(tlm.TotalBytesDroppedQueueFull-t.lastSample.TotalBytesDroppedQueueFull), t.tags)
+	telemetryCount("datadog.dogstatsd.client.bytes_dropped_writer", int64(tlm.TotalBytesDroppedWriter-t.lastSample.TotalBytesDroppedWriter), t.tags)
+
+	if t.aggEnabled {
+		telemetryCount("datadog.dogstatsd.client.aggregated_context", int64(tlm.AggregationNbContext-t.lastSample.AggregationNbContext), t.tags)
+		telemetryCount("datadog.dogstatsd.client.aggregated_context_by_type", int64(tlm.AggregationNbContextGauge-t.lastSample.AggregationNbContextGauge), t.tagsByType[gauge])
+		telemetryCount("datadog.dogstatsd.client.aggregated_context_by_type", int64(tlm.AggregationNbContextSet-t.lastSample.AggregationNbContextSet), t.tagsByType[set])
+		telemetryCount("datadog.dogstatsd.client.aggregated_context_by_type", int64(tlm.AggregationNbContextCount-t.lastSample.AggregationNbContextCount), t.tagsByType[count])
+		telemetryCount("datadog.dogstatsd.client.aggregated_context_by_type", int64(tlm.AggregationNbContextHistogram-t.lastSample.AggregationNbContextHistogram), t.tagsByType[histogram])
+		telemetryCount("datadog.dogstatsd.client.aggregated_context_by_type", int64(tlm.AggregationNbContextDistribution-t.lastSample.AggregationNbContextDistribution), t.tagsByType[distribution])
+		telemetryCount("datadog.dogstatsd.client.aggregated_context_by_type", int64(tlm.AggregationNbContextTiming-t.lastSample.AggregationNbContextTiming), t.tagsByType[timing])
+	}
+
+	t.lastSample = tlm
+
+	return m
+}
diff --git a/vendor/github.com/DataDog/datadog-go/v5/statsd/udp.go b/vendor/github.com/DataDog/datadog-go/v5/statsd/udp.go
new file mode 100644
index 000000000..e2922a911
--- /dev/null
+++ b/vendor/github.com/DataDog/datadog-go/v5/statsd/udp.go
@@ -0,0 +1,34 @@
+package statsd
+
+import (
+	"net"
+	"time"
+)
+
+// udpWriter is an internal class wrapping around management of UDP connection
+type udpWriter struct {
+	conn net.Conn
+}
+
+// New returns a pointer to a new udpWriter given an addr in the format "hostname:port".
+func newUDPWriter(addr string, _ time.Duration) (*udpWriter, error) {
+	udpAddr, err := net.ResolveUDPAddr("udp", addr)
+	if err != nil {
+		return nil, err
+	}
+	conn, err := net.DialUDP("udp", nil, udpAddr)
+	if err != nil {
+		return nil, err
+	}
+	writer := &udpWriter{conn: conn}
+	return writer, nil
+}
+
+// Write data to the UDP connection with no error handling
+func (w *udpWriter) Write(data []byte) (int, error) {
+	return w.conn.Write(data)
+}
+
+func (w *udpWriter) Close() error {
+	return w.conn.Close()
+}
diff --git a/vendor/github.com/DataDog/datadog-go/v5/statsd/uds.go b/vendor/github.com/DataDog/datadog-go/v5/statsd/uds.go
new file mode 100644
index 000000000..fa5f5917f
--- /dev/null
+++ b/vendor/github.com/DataDog/datadog-go/v5/statsd/uds.go
@@ -0,0 +1,88 @@
+// +build !windows
+
+package statsd
+
+import (
+	"net"
+	"sync"
+	"time"
+)
+
+// udsWriter is an internal class wrapping around management of UDS connection
+type udsWriter struct {
+	// Address to send metrics to, needed to allow reconnection on error
+	addr net.Addr
+	// Established connection object, or nil if not connected yet
+	conn net.Conn
+	// write timeout
+	writeTimeout time.Duration
+	sync.RWMutex // used to lock conn / writer can replace it
+}
+
+// newUDSWriter returns a pointer to a new udsWriter given a socket file path as addr.
+func newUDSWriter(addr string, writeTimeout time.Duration) (*udsWriter, error) {
+	udsAddr, err := net.ResolveUnixAddr("unixgram", addr)
+	if err != nil {
+		return nil, err
+	}
+	// Defer connection to first Write
+	writer := &udsWriter{addr: udsAddr, conn: nil, writeTimeout: writeTimeout}
+	return writer, nil
+}
+
+// Write data to the UDS connection with write timeout and minimal error handling:
+// create the connection if nil, and destroy it if the statsd server has disconnected
+func (w *udsWriter) Write(data []byte) (int, error) {
+	conn, err := w.ensureConnection()
+	if err != nil {
+		return 0, err
+	}
+
+	conn.SetWriteDeadline(time.Now().Add(w.writeTimeout))
+	n, e := conn.Write(data)
+
+	if err, isNetworkErr := e.(net.Error); err != nil && (!isNetworkErr || !err.Temporary()) {
+		// Statsd server disconnected, retry connecting at next packet
+		w.unsetConnection()
+		return 0, e
+	}
+	return n, e
+}
+
+func (w *udsWriter) Close() error {
+	if w.conn != nil {
+		return w.conn.Close()
+	}
+	return nil
+}
+
+func (w *udsWriter) ensureConnection() (net.Conn, error) {
+	// Check if we've already got a socket we can use
+	w.RLock()
+	currentConn := w.conn
+	w.RUnlock()
+
+	if currentConn != nil {
+		return currentConn, nil
+	}
+
+	// Looks like we might need to connect - try again with write locking.
+	w.Lock()
+	defer w.Unlock()
+	if w.conn != nil {
+		return w.conn, nil
+	}
+
+	newConn, err := net.Dial(w.addr.Network(), w.addr.String())
+	if err != nil {
+		return nil, err
+	}
+	w.conn = newConn
+	return newConn, nil
+}
+
+func (w *udsWriter) unsetConnection() {
+	w.Lock()
+	defer w.Unlock()
+	w.conn = nil
+}
diff --git a/vendor/github.com/DataDog/datadog-go/v5/statsd/uds_windows.go b/vendor/github.com/DataDog/datadog-go/v5/statsd/uds_windows.go
new file mode 100644
index 000000000..077894a33
--- /dev/null
+++ b/vendor/github.com/DataDog/datadog-go/v5/statsd/uds_windows.go
@@ -0,0 +1,14 @@
+// +build windows
+
+package statsd
+
+import (
+	"fmt"
+	"io"
+	"time"
+)
+
+// newUDSWriter is disabled on Windows as Unix sockets are not available.
+func newUDSWriter(_ string, _ time.Duration) (io.WriteCloser, error) {
+	return nil, fmt.Errorf("Unix socket is not available on Windows")
+}
diff --git a/vendor/github.com/DataDog/datadog-go/v5/statsd/utils.go b/vendor/github.com/DataDog/datadog-go/v5/statsd/utils.go
new file mode 100644
index 000000000..8c3ac8426
--- /dev/null
+++ b/vendor/github.com/DataDog/datadog-go/v5/statsd/utils.go
@@ -0,0 +1,32 @@
+package statsd
+
+import (
+	"math/rand"
+	"sync"
+)
+
+func shouldSample(rate float64, r *rand.Rand, lock *sync.Mutex) bool {
+	if rate >= 1 {
+		return true
+	}
+	// sources created by rand.NewSource() (ie. w.random) are not thread safe.
+	// TODO: use defer once the lowest Go version we support is 1.14 (defer
+	// has an overhead before that).
+	lock.Lock()
+	if r.Float64() > rate {
+		lock.Unlock()
+		return false
+	}
+	lock.Unlock()
+	return true
+}
+
+func copySlice(src []string) []string {
+	if src == nil {
+		return nil
+	}
+
+	c := make([]string, len(src))
+	copy(c, src)
+	return c
+}
diff --git a/vendor/github.com/DataDog/datadog-go/v5/statsd/worker.go b/vendor/github.com/DataDog/datadog-go/v5/statsd/worker.go
new file mode 100644
index 000000000..952a9fe36
--- /dev/null
+++ b/vendor/github.com/DataDog/datadog-go/v5/statsd/worker.go
@@ -0,0 +1,150 @@
+package statsd
+
+import (
+	"math/rand"
+	"sync"
+	"time"
+)
+
+type worker struct {
+	pool       *bufferPool
+	buffer     *statsdBuffer
+	sender     *sender
+	random     *rand.Rand
+	randomLock sync.Mutex
+	sync.Mutex
+
+	inputMetrics chan metric
+	stop         chan struct{}
+}
+
+func newWorker(pool *bufferPool, sender *sender) *worker {
+	// Each worker uses its own random source and random lock to prevent
+	// workers in separate goroutines from contending for the lock on the
+	// "math/rand" package-global random source (e.g. calls like
+	// "rand.Float64()" must acquire a shared lock to get the next
+	// pseudorandom number).
+	// Note that calling "time.Now().UnixNano()" repeatedly quickly may return
+	// very similar values. That's fine for seeding the worker-specific random
+	// source because we just need an evenly distributed stream of float values.
+	// Do not use this random source for cryptographic randomness.
+	random := rand.New(rand.NewSource(time.Now().UnixNano()))
+	return &worker{
+		pool:   pool,
+		sender: sender,
+		buffer: pool.borrowBuffer(),
+		random: random,
+		stop:   make(chan struct{}),
+	}
+}
+
+func (w *worker) startReceivingMetric(bufferSize int) {
+	w.inputMetrics = make(chan metric, bufferSize)
+	go w.pullMetric()
+}
+
+func (w *worker) stopReceivingMetric() {
+	w.stop <- struct{}{}
+}
+
+func (w *worker) pullMetric() {
+	for {
+		select {
+		case m := <-w.inputMetrics:
+			w.processMetric(m)
+		case <-w.stop:
+			return
+		}
+	}
+}
+
+func (w *worker) processMetric(m metric) error {
+	if !shouldSample(m.rate, w.random, &w.randomLock) {
+		return nil
+	}
+	w.Lock()
+	var err error
+	if err = w.writeMetricUnsafe(m); err == errBufferFull {
+		w.flushUnsafe()
+		err = w.writeMetricUnsafe(m)
+	}
+	w.Unlock()
+	return err
+}
+
+func (w *worker) writeAggregatedMetricUnsafe(m metric, metricSymbol []byte, precision int) error {
+	globalPos := 0
+
+	// first check how much data we can write to the buffer:
+	//   +3 + len(metricSymbol) because the message will include '|<metricSymbol>|#' before the tags
+	//   +1 for the potential line break at the start of the metric
+	tagsSize := len(m.stags) + 4 + len(metricSymbol)
+	for _, t := range m.globalTags {
+		tagsSize += len(t) + 1
+	}
+
+	for {
+		pos, err := w.buffer.writeAggregated(metricSymbol, m.namespace, m.globalTags, m.name, m.fvalues[globalPos:], m.stags, tagsSize, precision)
+		if err == errPartialWrite {
+			// We successfully wrote part of the histogram metrics.
+			// We flush the current buffer and finish the histogram
+			// in a new one.
+			w.flushUnsafe()
+			globalPos += pos
+		} else {
+			return err
+		}
+	}
+}
+
+func (w *worker) writeMetricUnsafe(m metric) error {
+	switch m.metricType {
+	case gauge:
+		return w.buffer.writeGauge(m.namespace, m.globalTags, m.name, m.fvalue, m.tags, m.rate, m.timestamp)
+	case count:
+		return w.buffer.writeCount(m.namespace, m.globalTags, m.name, m.ivalue, m.tags, m.rate, m.timestamp)
+	case histogram:
+		return w.buffer.writeHistogram(m.namespace, m.globalTags, m.name, m.fvalue, m.tags, m.rate)
+	case distribution:
+		return w.buffer.writeDistribution(m.namespace, m.globalTags, m.name, m.fvalue, m.tags, m.rate)
+	case set:
+		return w.buffer.writeSet(m.namespace, m.globalTags, m.name, m.svalue, m.tags, m.rate)
+	case timing:
+		return w.buffer.writeTiming(m.namespace, m.globalTags, m.name, m.fvalue, m.tags, m.rate)
+	case event:
+		return w.buffer.writeEvent(m.evalue, m.globalTags)
+	case serviceCheck:
+		return w.buffer.writeServiceCheck(m.scvalue, m.globalTags)
+	case histogramAggregated:
+		return w.writeAggregatedMetricUnsafe(m, histogramSymbol, -1)
+	case distributionAggregated:
+		return w.writeAggregatedMetricUnsafe(m, distributionSymbol, -1)
+	case timingAggregated:
+		return w.writeAggregatedMetricUnsafe(m, timingSymbol, 6)
+	default:
+		return nil
+	}
+}
+
+func (w *worker) flush() {
+	w.Lock()
+	w.flushUnsafe()
+	w.Unlock()
+}
+
+func (w *worker) pause() {
+	w.Lock()
+}
+
+func (w *worker) unpause() {
+	w.Unlock()
+}
+
+// flush the current buffer. Lock must be held by caller.
+// flushed buffer written to the network asynchronously.
+func (w *worker) flushUnsafe() {
+	if len(w.buffer.bytes()) > 0 {
+		w.sender.send(w.buffer)
+		w.buffer = w.pool.borrowBuffer()
+	}
+}
diff --git a/vendor/github.com/DataDog/go-libddwaf/.gitattributes b/vendor/github.com/DataDog/go-libddwaf/.gitattributes
new file mode 100644
index 000000000..003a80079
--- /dev/null
+++ b/vendor/github.com/DataDog/go-libddwaf/.gitattributes
@@ -0,0 +1,3 @@
+*.dylib -diff
+*.so -diff
+*.a -diff
diff --git a/vendor/github.com/DataDog/go-libddwaf/.gitignore b/vendor/github.com/DataDog/go-libddwaf/.gitignore
new file mode 100644
index 000000000..95311a668
--- /dev/null
+++ b/vendor/github.com/DataDog/go-libddwaf/.gitignore
@@ -0,0 +1,15 @@
+# Binaries for programs and plugins
+*.exe
+*.exe~
+
+# Test binary, built with `go test -c`
+*.test
+
+# Output of the go coverage tool, specifically when used with LiteIDE
+*.out
+
+# Dependency directories (remove the comment below to include it)
+# vendor/
+
+.vscode/
+.idea/
diff --git a/vendor/github.com/DataDog/go-libddwaf/LICENSE b/vendor/github.com/DataDog/go-libddwaf/LICENSE
new file mode 100644
index 000000000..9301dd7ab
--- /dev/null
+++ b/vendor/github.com/DataDog/go-libddwaf/LICENSE
@@ -0,0 +1,200 @@
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright 2016-present Datadog, Inc.
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
diff --git a/vendor/github.com/DataDog/go-libddwaf/README.md b/vendor/github.com/DataDog/go-libddwaf/README.md
new file mode 100644
index 000000000..84cb1f89d
--- /dev/null
+++ b/vendor/github.com/DataDog/go-libddwaf/README.md
@@ -0,0 +1,120 @@
+# go-libddwaf
+
+This project's goal is to produce a higher level API for the go bindings to [libddwaf](https://github.com/DataDog/libddwaf): DataDog in-app WAF.
+It consists of 2 separate entities: the bindings for the calls to libddwaf, and the encoder whose job is to convert _any_ go value to its libddwaf object representation.
+
+An example usage would be:
+
+```go
+import waf "github.com/DataDog/go-libddwaf"
+
+//go:embed
+var ruleset []byte
+
+func main() {
+    var parsedRuleset any
+
+    if err := json.Unmarshal(ruleset, &parsedRuleset); err != nil {
+        return 1
+    }
+
+    wafHandle, err := waf.NewHandle(parsedRuleset, "", "")
+    if err != nil {
+        return 1
+    }
+
+    defer wafHandle.Close()
+
+    wafCtx := wafHandle.NewContext()
+    defer wafCtx.Close()
+
+    matches, actions := wafCtx.Run(map[string]any{
+        "server.request.path_params": "/rfiinc.txt",
+    }, time.Minute)
+}
+```
+
+The API documentation details can be found on [pkg.go.dev](https://pkg.go.dev/github.com/DataDog/go-libddwaf).
+
+Originally this project was only here to provide CGO Wrappers to the calls to libddwaf.
+But with the appearance of `ddwaf_object` tree like structure,
+but also with the intention to build CGO-less bindings, this project size has grown to be a fully integrated brick in the DataDog tracer structure.
+Which in turn made it necessary to document the project, to maintain it in an orderly fashion.
+
+## Design
+
+The WAF bindings have multiple moving parts that are necessary to understand:
+
+- Handle: a object wrapper over the pointer to the C WAF Handle
+- Context: a object wrapper over a pointer to the C WAF Context
+- Encoder: whose goal is to construct a tree of Waf Objects to send to the WAF
+- Allocator: Does all writing and allocation operations for the construction of Waf Objects
+- Decoder: Transforms Waf Objects returned from the WAF to usual go objects (e.g. maps, arrays, ...)
+- Library: The library which wraps all calls to C code
+
+```mermaid
+flowchart LR
+
+    START:::hidden -->|NewHandle| Handle -->|NewContext| Context
+
+    Context -->|Encode Inputs| Encoder
+
+    Handle -->|Encode Ruleset| Encoder
+    Handle -->|Init WAF| Library
+    Context -->|Decode Result| Decoder
+
+    Handle -->|Decode Init Errors| Decoder
+
+    Context -->|Run| Library
+    Context -->|Store Go References| ContextAllocator
+
+    Encoder -->|Allocate Waf Objects| EncoderAllocator
+
+    EncoderAllocator -->|Copy after each encoding| ContextAllocator
+
+    Library -->|Call C code| libddwaf
+
+    classDef hidden display: none;
+```
+
+### Allocator
+
+The cgoRefPool is a pure Go cgoRefPool of `ddwaf_object` C values on the Go memory heap.
+the `cgoRefPool` go type is a way to make sure we can safely send go allocated data to the C side of the WAF
+The main issue is the following: the `wafObject` uses a C union to store the tree structure of the full object,
+union equivalent in go are interfaces and they are not compatible with C unions. The only way to be 100% sure
+that the Go `wafObject` struct has the same layout as the C one is to only use primitive types. So the only way to
+store a raw pointer is to use the `uintptr` type. But since `uintptr` do not have pointer semantics (and are just
+basically integers), we need another structure to store the value as Go pointer because the GC is lurking. That's
+where the `cgoRefPool` object comes into play: all new `wafObject` elements are created via this API whose especially
+built to make sure there is no gap for the Garbage Collector to exploit. From there, since underlying values of the
+`wafObject` are either arrays (for maps, structs and arrays) or string (for all ints, booleans and strings),
+we can store 2 slices of arrays and use `runtime.KeepAlive` in each code path to protect them from the GC.
+
+### Typical call to Run()
+
+Here is an example of the flow of operations on a simple call to Run():
+
+- Encode input data into Waf Objects
+- Lock the context mutex until the end of the call
+- Call `ddwaf_run`
+- Decode the matches and actions
+
+### CGO-less C Bindings
+
+The main component used to build C bindings without using CGO is called [purego](https://github.com/ebitengine/purego). The flow of execution on our side is to embed the C shared library using `go:embed`. Then to dump it into a file, load it using `dlopen` and to load the symbols using `dlsym`. And finally to call them.
+
+⚠️ Keep in mind that **purego only works on linux/darwin for amd64/arm64 and so does go-libddwaf.**
+
+Another requirement of `libddwaf` is to have a FHS filesystem on your machine and, for linux, to provide `libc.so.6`, `libpthread.so.0` and `libm.so.6`, `libdl.so.2` as dynamic libraries.
+
+## Contributing usual pitfalls
+
+- Cannot dlopen twice in the app lifetime on OSX
+- `runtime.KeepAlive()` calls are here to prevent the GC from destroying objects too early
+- Since there is a stack switch between the go code and the C code, usually the only C stacktrace you will ever get is from gdb
+- If a segfault happens during a call to the C code, the goroutine stacktrace which has done the call is the one annotated with `[syscall]`.
+- [GoLand](https://www.jetbrains.com/go/) does not support `CGO_ENABLED=0` (as of June 2023)
+- Keep in mind that we fully escape the type system. If you send the wrong data it will segfaults in the best cases but not always!
+- The structs in `ctypes.go` are here to reproduce the memory layout of the structs in `include/ddwaf.h` because pointer to these structs will be passed directly.
+- Do not use `uintptr` as function arguments or results types, coming from `unsafe.Pointer` casts of Go values, because they escape the pointer analysis which can create wrongly optimized code and crash. Pointer arithmetic is of course necessary in such a library but must be kept in the same function scope.
diff --git a/vendor/github.com/DataDog/go-libddwaf/cgo_ref_pool.go b/vendor/github.com/DataDog/go-libddwaf/cgo_ref_pool.go
new file mode 100644
index 000000000..fccd41c9e
--- /dev/null
+++ b/vendor/github.com/DataDog/go-libddwaf/cgo_ref_pool.go
@@ -0,0 +1,90 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016-present Datadog, Inc.
+
+package waf
+
+import (
+	"strconv"
+)
+
+// cgoRefPool is a way to make sure we can safely send go allocated data on the C side of the WAF
+// The main issue is the following: the wafObject uses a C union to store the tree structure of the full object,
+// union equivalent in go are interfaces and they are not compatible with C unions. The only way to be 100% sure
+// that the Go wafObject struct have the same layout as the C one is to only use primitive types. So the only way to
+// store a raw pointer is to use the uintptr type. But since uintptr do not have pointer semantics (and are just
+// basically integers), we need another structure to store the value as Go pointer because the GC is lurking. That's
+// where the cgoRefPool object comes into play: All new wafObject elements are created via this API whose especially
+// built to make sure there is no gap for the Garbage Collector to exploit. From there, since underlying values of the
+// wafObject are either arrays (for maps, structs and arrays) or string (for all ints, booleans and strings),
+// we can store 2 slices of arrays and use runtime.KeepAlive in each code path to protect them from the GC.
+type cgoRefPool struct {
+	stringRefs [][]byte
+	arrayRefs  [][]wafObject
+}
+
+func (refPool *cgoRefPool) append(newRefs cgoRefPool) {
+	refPool.stringRefs = append(refPool.stringRefs, newRefs.stringRefs...)
+	refPool.arrayRefs = append(refPool.arrayRefs, newRefs.arrayRefs...)
+}
+
+func (refPool *cgoRefPool) AllocCString(str string) uintptr {
+	goArray := make([]byte, len(str)+1)
+	copy(goArray, str)
+	refPool.stringRefs = append(refPool.stringRefs, goArray)
+	goArray[len(str)] = 0 // Null termination byte for C strings
+
+	return sliceToUintptr(goArray)
+}
+
+func (refPool *cgoRefPool) AllocWafString(obj *wafObject, str string) {
+	obj._type = wafStringType
+
+	if len(str) == 0 {
+		obj.nbEntries = 0
+		obj.value = 0
+		return
+	}
+
+	goArray := make([]byte, len(str))
+	copy(goArray, str)
+	refPool.stringRefs = append(refPool.stringRefs, goArray)
+
+	obj.value = sliceToUintptr(goArray)
+	obj.nbEntries = uint64(len(goArray))
+}
+
+func (refPool *cgoRefPool) AllocWafArray(obj *wafObject, typ wafObjectType, size uint64) []wafObject {
+	if typ != wafMapType && typ != wafArrayType {
+		panic("Cannot allocate this waf object data type as an array: " + strconv.Itoa(int(typ)))
+	}
+
+	obj._type = typ
+	obj.nbEntries = size
+
+	// If the array size is zero no need to allocate anything
+	if size == 0 {
+		obj.value = 0
+		return nil
+	}
+
+	goArray := make([]wafObject, size)
+	refPool.arrayRefs = append(refPool.arrayRefs, goArray)
+
+	obj.value = sliceToUintptr(goArray)
+	return goArray
+}
+
+func (refPool *cgoRefPool) AllocWafMapKey(obj *wafObject, str string) {
+	if len(str) == 0 {
+		return
+	}
+
+	goArray := make([]byte, len(str))
+	copy(goArray, str)
+	refPool.stringRefs = append(refPool.stringRefs, goArray)
+
+	obj.parameterName = sliceToUintptr(goArray)
+	obj.parameterNameLength = uint64(len(goArray))
+}
diff --git a/vendor/github.com/DataDog/go-libddwaf/context.go b/vendor/github.com/DataDog/go-libddwaf/context.go
new file mode 100644
index 000000000..8fc632d1c
--- /dev/null
+++ b/vendor/github.com/DataDog/go-libddwaf/context.go
@@ -0,0 +1,155 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016-present Datadog, Inc.
+
+package waf
+
+import (
+	"sync"
+	"time"
+
+	"go.uber.org/atomic"
+)
+
+// Context is a WAF execution context. It allows running the WAF incrementally
+// when calling it multiple times to run its rules every time new addresses
+// become available. Each request must have its own Context.
+type Context struct {
+	// Instance of the WAF
+	handle   *Handle
+	cContext wafContext
+	// cgoRefs is used to retain go references to WafObjects until the context is destroyed.
+	// As per libddwaf documentation, WAF Objects must be alive during all the context lifetime
+	cgoRefs cgoRefPool
+	// Mutex protecting the use of cContext which is not thread-safe and cgoRefs.
+	mutex sync.Mutex
+
+	// Stats
+	// Cumulated internal WAF run time - in nanoseconds - for this context.
+	totalRuntimeNs atomic.Uint64
+	// Cumulated overall run time - in nanoseconds - for this context.
+	totalOverallRuntimeNs atomic.Uint64
+	// Cumulated timeout count for this context.
+	timeoutCount atomic.Uint64
+}
+
+// NewContext returns a new WAF context of to the given WAF handle.
+// A nil value is returned when the WAF handle was released or when the
+// WAF context couldn't be created.
+// handle. A nil value is returned when the WAF handle can no longer be used
+// or the WAF context couldn't be created.
+func NewContext(handle *Handle) *Context {
+	// Handle has been released
+	if handle.addRefCounter(1) == 0 {
+		return nil
+	}
+
+	cContext := wafLib.wafContextInit(handle.cHandle)
+	if cContext == 0 {
+		handle.addRefCounter(-1)
+		return nil
+	}
+
+	return &Context{handle: handle, cContext: cContext}
+}
+
+// Run encodes the given addressesToData values and runs them against the WAF rules within the given
+// timeout value. It returns the matches as a JSON string (usually opaquely used) along with the corresponding
+// actions in any. In case of an error, matches and actions can still be returned, for instance in the case of a
+// timeout error. Errors can be tested against the RunError type.
+func (context *Context) Run(addressesToData map[string]any, timeout time.Duration) (matches []byte, actions []string, err error) {
+	if len(addressesToData) == 0 {
+		return
+	}
+
+	now := time.Now()
+	defer func() {
+		dt := time.Since(now)
+		context.totalOverallRuntimeNs.Add(uint64(dt.Nanoseconds()))
+	}()
+
+	encoder := encoder{
+		stringMaxSize:    wafMaxStringLength,
+		containerMaxSize: wafMaxContainerSize,
+		objectMaxDepth:   wafMaxContainerDepth,
+	}
+	obj, err := encoder.Encode(addressesToData)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	// ddwaf_run cannot run concurrently and the next append write on the context state so we need a mutex
+	context.mutex.Lock()
+	defer context.mutex.Unlock()
+
+	// Save the Go pointer references to addressesToData that were referenced by the encoder
+	// into C ddwaf_objects. libddwaf's API requires to keep this data for the lifetime of the ddwaf_context.
+	defer context.cgoRefs.append(encoder.cgoRefs)
+
+	return context.run(obj, timeout, &encoder.cgoRefs)
+}
+
+func (context *Context) run(obj *wafObject, timeout time.Duration, cgoRefs *cgoRefPool) ([]byte, []string, error) {
+	// RLock the handle to safely get read access to the WAF handle and prevent concurrent changes of it
+	// such as a rules-data update.
+	context.handle.mutex.RLock()
+	defer context.handle.mutex.RUnlock()
+
+	result := new(wafResult)
+	defer wafLib.wafResultFree(result)
+
+	ret := wafLib.wafRun(context.cContext, obj, result, uint64(timeout/time.Microsecond))
+
+	context.totalRuntimeNs.Add(result.total_runtime)
+	matches, actions, err := unwrapWafResult(ret, result)
+	if err == ErrTimeout {
+		context.timeoutCount.Inc()
+	}
+
+	return matches, actions, err
+}
+
+func unwrapWafResult(ret wafReturnCode, result *wafResult) (matches []byte, actions []string, err error) {
+	if result.timeout > 0 {
+		err = ErrTimeout
+	}
+
+	if ret == wafOK {
+		return nil, nil, err
+	}
+
+	if ret != wafMatch {
+		return nil, nil, goRunError(ret)
+	}
+
+	if result.data != 0 {
+		matches = []byte(gostring(cast[byte](result.data)))
+	}
+
+	if size := result.actions.size; size > 0 {
+		actions = decodeActions(result.actions.array, uint64(size))
+	}
+
+	return matches, actions, err
+}
+
+// Close calls handle.closeContext which calls ddwaf_context_destroy and maybe also close the handle if it in termination state.
+func (context *Context) Close() {
+	defer context.handle.closeContext(context)
+	// Keep the Go pointer references until the end of the context
+	keepAlive(context.cgoRefs)
+	// The context is no longer used so we can try releasing the Go pointer references asap by nulling them
+	context.cgoRefs = cgoRefPool{}
+}
+
+// TotalRuntime returns the cumulated WAF runtime across various run calls within the same WAF context.
+// Returned time is in nanoseconds.
+func (context *Context) TotalRuntime() (overallRuntimeNs, internalRuntimeNs uint64) {
+	return context.totalOverallRuntimeNs.Load(), context.totalRuntimeNs.Load()
+}
+
+// TotalTimeouts returns the cumulated amount of WAF timeouts across various run calls within the same WAF context.
+func (context *Context) TotalTimeouts() uint64 {
+	return context.timeoutCount.Load()
+}
diff --git a/vendor/github.com/DataDog/go-libddwaf/ctypes.go b/vendor/github.com/DataDog/go-libddwaf/ctypes.go
new file mode 100644
index 000000000..f5ab1ea26
--- /dev/null
+++ b/vendor/github.com/DataDog/go-libddwaf/ctypes.go
@@ -0,0 +1,176 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016-present Datadog, Inc.
+
+package waf
+
+import (
+	"reflect"
+	"unsafe"
+)
+
+const (
+	wafMaxStringLength   = 4096
+	wafMaxContainerDepth = 20
+	wafMaxContainerSize  = 256
+	wafRunTimeout        = 5000
+)
+
+type wafReturnCode int32
+
+const (
+	wafErrInternal        wafReturnCode = -3
+	wafErrInvalidObject                 = -2
+	wafErrInvalidArgument               = -1
+	wafOK                               = 0
+	wafMatch                            = 1
+)
+
+// wafObjectType is an enum in C which has the size of DWORD.
+// But DWORD is 4 bytes in amd64 and arm64 so uint32 it is.
+type wafObjectType uint32
+
+const (
+	wafInvalidType wafObjectType = 0
+	wafIntType                   = 1 << 0
+	wafUintType                  = 1 << 1
+	wafStringType                = 1 << 2
+	wafArrayType                 = 1 << 3
+	wafMapType                   = 1 << 4
+)
+
+type wafObject struct {
+	parameterName       uintptr
+	parameterNameLength uint64
+	value               uintptr
+	nbEntries           uint64
+	_type               wafObjectType
+	_                   [4]byte
+	// Forced padding
+	// We only support 2 archs and cgo generated the same padding to both.
+	// We don't want the C struct to be packed because actually go will do the same padding itself,
+	// we just add it explicitly to not take any chance.
+	// And we cannot pack a struct in go so it will get tricky if the struct is
+	// packed (apart from breaking all tracers of course)
+}
+
+type wafConfig struct {
+	limits     wafConfigLimits
+	obfuscator wafConfigObfuscator
+	freeFn     uintptr
+}
+
+type wafConfigLimits struct {
+	maxContainerSize  uint32
+	maxContainerDepth uint32
+	maxStringLength   uint32
+}
+
+type wafConfigObfuscator struct {
+	keyRegex   uintptr // char *
+	valueRegex uintptr // char *
+}
+
+type wafResult struct {
+	timeout       byte
+	data          uintptr
+	actions       wafResultActions
+	total_runtime uint64
+}
+
+type wafResultActions struct {
+	array uintptr // char **
+	size  uint32
+	_     [4]byte // Forced padding
+}
+
+type wafRulesetInfo struct {
+	loaded  uint16
+	failed  uint16
+	errors  wafObject
+	version uintptr // char *
+}
+
+// wafHandle is a forward declaration in ddwaf.h header
+// We basically don't need to modify it, only to give it to the waf
+type wafHandle uintptr
+
+// wafContext is a forward declaration in ddwaf.h header
+// We basically don't need to modify it, only to give it to the waf
+type wafContext uintptr
+
+// gostring copies a char* to a Go string.
+func gostring(ptr *byte) string {
+	if ptr == nil {
+		return ""
+	}
+	var length int
+	for {
+		if *(*byte)(unsafe.Add(unsafe.Pointer(ptr), uintptr(length))) == '\x00' {
+			break
+		}
+		length++
+	}
+	//string builtin copies the slice
+	return string(unsafe.Slice(ptr, length))
+}
+
+func gostringSized(ptr *byte, size uint64) string {
+	if ptr == nil {
+		return ""
+	}
+	return string(unsafe.Slice(ptr, size))
+}
+
+// cstring converts a go string to *byte that can be passed to C code.
+func cstring(name string) *byte {
+	var b = make([]byte, len(name)+1)
+	copy(b, name)
+	return &b[0]
+}
+
+// cast is used to centralize unsafe use C of allocated pointer.
+// We take the address and then dereference it to trick go vet from creating a possible misuse of unsafe.Pointer
+func cast[T any](ptr uintptr) *T {
+	return (*T)(*(*unsafe.Pointer)(unsafe.Pointer(&ptr)))
+}
+
+// castWithOffset is the same as cast but adding an offset to the pointer by a multiple of the size
+// of the type pointed.
+func castWithOffset[T any](ptr uintptr, offset uint64) *T {
+	return (*T)(unsafe.Add(*(*unsafe.Pointer)(unsafe.Pointer(&ptr)), offset*uint64(unsafe.Sizeof(*new(T)))))
+}
+
+// ptrToUintptr is a helper to centralize of usage of unsafe.Pointer
+// do not use this function to cast interfaces
+func ptrToUintptr[T any](arg *T) uintptr {
+	return uintptr(unsafe.Pointer(arg))
+}
+
+func sliceToUintptr[T any](arg []T) uintptr {
+	return (*reflect.SliceHeader)(unsafe.Pointer(&arg)).Data
+}
+
+func stringToUintptr(arg string) uintptr {
+	return (*reflect.StringHeader)(unsafe.Pointer(&arg)).Data
+}
+
+// keepAlive() globals
+var (
+	alwaysFalse bool
+	escapeSink  any
+)
+
+// keepAlive is a copy of runtime.KeepAlive
+// keepAlive has 2 usages:
+// - It forces the deallocation of the memory to take place later than expected (just like runtime.KeepAlive)
+// - It forces the given argument x to be escaped on the heap by saving it into a global value (Go doesn't provide a standard way to do it as of today)
+// It is implemented so that the compiler cannot optimize it.
+//
+//go:noinline
+func keepAlive[T any](x T) {
+	if alwaysFalse {
+		escapeSink = x
+	}
+}
diff --git a/vendor/github.com/DataDog/go-libddwaf/decoder.go b/vendor/github.com/DataDog/go-libddwaf/decoder.go
new file mode 100644
index 000000000..b87702539
--- /dev/null
+++ b/vendor/github.com/DataDog/go-libddwaf/decoder.go
@@ -0,0 +1,73 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016-present Datadog, Inc.
+
+package waf
+
+// decodeErrors transforms the wafObject received by the wafRulesetInfo after the call to wafDl.wafInit to a map where
+// keys are the error message and the value is a array of all the rule ids which triggered this specific error
+func decodeErrors(obj *wafObject) (map[string][]string, error) {
+	if obj._type != wafMapType {
+		return nil, errInvalidObjectType
+	}
+
+	if obj.value == 0 && obj.nbEntries > 0 {
+		return nil, errNilObjectPtr
+	}
+
+	wafErrors := map[string][]string{}
+	for i := uint64(0); i < obj.nbEntries; i++ {
+		objElem := castWithOffset[wafObject](obj.value, i)
+		if objElem._type != wafArrayType {
+			return nil, errInvalidObjectType
+		}
+
+		errorMessage := gostringSized(cast[byte](objElem.parameterName), objElem.parameterNameLength)
+		ruleIds, err := decodeRuleIdArray(objElem)
+		if err != nil {
+			return nil, err
+		}
+
+		wafErrors[errorMessage] = ruleIds
+	}
+
+	return wafErrors, nil
+}
+
+func decodeRuleIdArray(obj *wafObject) ([]string, error) {
+	if obj._type != wafArrayType {
+		return nil, errInvalidObjectType
+	}
+
+	if obj.value == 0 && obj.nbEntries > 0 {
+		return nil, errNilObjectPtr
+	}
+
+	var ruleIds []string
+	for i := uint64(0); i < obj.nbEntries; i++ {
+		objElem := castWithOffset[wafObject](obj.value, i)
+		if objElem._type != wafStringType {
+			return nil, errInvalidObjectType
+		}
+
+		ruleIds = append(ruleIds, gostringSized(cast[byte](objElem.value), objElem.nbEntries))
+	}
+
+	return ruleIds, nil
+}
+
+func decodeActions(cActions uintptr, size uint64) []string {
+	if size == 0 {
+		return nil
+	}
+
+	actions := make([]string, size)
+	for i := uint64(0); i < size; i++ {
+		// This line does the following operation without casts:
+		// gostring(*(cActions + i * sizeof(ptr)))
+		actions[i] = gostring(*castWithOffset[*byte](cActions, i))
+	}
+
+	return actions
+}
diff --git a/vendor/github.com/DataDog/go-libddwaf/embed_darwin_amd64.go b/vendor/github.com/DataDog/go-libddwaf/embed_darwin_amd64.go
new file mode 100644
index 000000000..272d90c90
--- /dev/null
+++ b/vendor/github.com/DataDog/go-libddwaf/embed_darwin_amd64.go
@@ -0,0 +1,13 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016-present Datadog, Inc.
+
+//go:build darwin && amd64 && !go1.22
+
+package waf
+
+import _ "embed" // Needed for go:embed
+
+//go:embed lib/darwin-amd64/_libddwaf.dylib
+var libddwaf []byte
diff --git a/vendor/github.com/DataDog/go-libddwaf/embed_darwin_arm64.go b/vendor/github.com/DataDog/go-libddwaf/embed_darwin_arm64.go
new file mode 100644
index 000000000..1d3f614bd
--- /dev/null
+++ b/vendor/github.com/DataDog/go-libddwaf/embed_darwin_arm64.go
@@ -0,0 +1,13 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016-present Datadog, Inc.
+
+//go:build darwin && arm64 && !go1.22
+
+package waf
+
+import _ "embed" // Needed for go:embed
+
+//go:embed lib/darwin-arm64/_libddwaf.dylib
+var libddwaf []byte
diff --git a/vendor/github.com/DataDog/go-libddwaf/embed_linux_amd64.go b/vendor/github.com/DataDog/go-libddwaf/embed_linux_amd64.go
new file mode 100644
index 000000000..aea447835
--- /dev/null
+++ b/vendor/github.com/DataDog/go-libddwaf/embed_linux_amd64.go
@@ -0,0 +1,13 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016-present Datadog, Inc.
+
+//go:build linux && amd64 && !go1.22
+
+package waf
+
+import _ "embed" // Needed for go:embed
+
+//go:embed lib/linux-amd64/libddwaf.so
+var libddwaf []byte
diff --git a/vendor/github.com/DataDog/go-libddwaf/embed_linux_arm64.go b/vendor/github.com/DataDog/go-libddwaf/embed_linux_arm64.go
new file mode 100644
index 000000000..bdd2b37b8
--- /dev/null
+++ b/vendor/github.com/DataDog/go-libddwaf/embed_linux_arm64.go
@@ -0,0 +1,13 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016-present Datadog, Inc.
+
+//go:build linux && arm64 && !go1.22
+
+package waf
+
+import _ "embed" // Needed for go:embed
+
+//go:embed lib/linux-arm64/libddwaf.so
+var libddwaf []byte
diff --git a/vendor/github.com/DataDog/go-libddwaf/encoder.go b/vendor/github.com/DataDog/go-libddwaf/encoder.go
new file mode 100644
index 000000000..153c12450
--- /dev/null
+++ b/vendor/github.com/DataDog/go-libddwaf/encoder.go
@@ -0,0 +1,256 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016-present Datadog, Inc.
+
+package waf
+
+import (
+	"math"
+	"reflect"
+	"strconv"
+	"strings"
+	"unicode"
+)
+
+// Encode Go values into wafObjects. Only the subset of Go types representable into wafObjects
+// will be encoded while ignoring the rest of it.
+// The encoder allocates the memory required for new wafObjects into the Go memory, which must be kept
+// referenced for their lifetime in the C world. This lifetime depends on the ddwaf function being used with.
+// the encoded result. The Go references of the allocated wafObjects, along with every Go pointer they may
+// reference now or in the future, are stored and referenced in the `cgoRefs` field. The user MUST leverage
+// `keepAlive()` with it according to its ddwaf use-case.
+type encoder struct {
+	containerMaxSize int
+	stringMaxSize    int
+	objectMaxDepth   int
+	cgoRefs          cgoRefPool
+}
+
+func newMaxEncoder() *encoder {
+	return &encoder{
+		containerMaxSize: math.MaxInt,
+		stringMaxSize:    math.MaxInt,
+		objectMaxDepth:   math.MaxInt,
+	}
+}
+
+func (encoder *encoder) Encode(data any) (*wafObject, error) {
+	value := reflect.ValueOf(data)
+	wo := &wafObject{}
+
+	if err := encoder.encode(value, wo, encoder.objectMaxDepth); err != nil {
+		return nil, err
+	}
+
+	return wo, nil
+}
+
+func (encoder *encoder) encode(value reflect.Value, obj *wafObject, depth int) error {
+	switch kind := value.Kind(); {
+	// Terminal cases (leafs of the tree)
+	case kind == reflect.Invalid:
+		return errUnsupportedValue
+
+	// 		Booleans
+	case kind == reflect.Bool && value.Bool(): // true
+		return encoder.encodeString("true", wafStringType, obj)
+	case kind == reflect.Bool && !value.Bool(): // false
+		return encoder.encodeString("false", wafStringType, obj)
+
+	// 		Numbers
+	case value.CanInt(): // any int type or alias
+		return encoder.encodeString(strconv.FormatInt(value.Int(), 10), wafStringType, obj)
+	case value.CanUint(): // any Uint type or alias
+		return encoder.encodeString(strconv.FormatUint(value.Uint(), 10), wafStringType, obj)
+	case value.CanFloat(): // any float type or alias
+		return encoder.encodeString(strconv.FormatInt(int64(math.Round(value.Float())), 10), wafStringType, obj)
+
+	//		Strings
+	case kind == reflect.String: // string type
+		return encoder.encodeString(value.String(), wafStringType, obj)
+	case value.Type() == reflect.TypeOf([]byte(nil)): // byte array -> string
+		return encoder.encodeString(string(value.Bytes()), wafStringType, obj)
+
+	// Recursive cases (internal nodes of the tree)
+	case kind == reflect.Interface || kind == reflect.Pointer: // Pointer and interfaces are not taken into account
+		return encoder.encode(value.Elem(), obj, depth)
+	case kind == reflect.Array || kind == reflect.Slice: // either an array or a slice of an array
+		return encoder.encodeArray(value, obj, depth)
+	case kind == reflect.Map:
+		return encoder.encodeMap(value, obj, depth)
+	case kind == reflect.Struct:
+		return encoder.encodeStruct(value, obj, depth)
+
+	default:
+		return errUnsupportedValue
+	}
+}
+
+func (encoder *encoder) encodeString(str string, typ wafObjectType, obj *wafObject) error {
+	if len(str) > encoder.stringMaxSize {
+		str = str[:encoder.stringMaxSize]
+	}
+
+	encoder.cgoRefs.AllocWafString(obj, str)
+	return nil
+}
+
+func getFieldNameFromType(field reflect.StructField) (string, bool) {
+	fieldName := field.Name
+
+	// Private and synthetics fields
+	if len(fieldName) < 1 || unicode.IsLower(rune(fieldName[0])) {
+		return "", false
+	}
+
+	// Use the json tag name as field name if present
+	if tag, ok := field.Tag.Lookup("json"); ok {
+		if i := strings.IndexByte(tag, byte(',')); i > 0 {
+			tag = tag[:i]
+		}
+		if len(tag) > 0 {
+			fieldName = tag
+		}
+	}
+
+	return fieldName, true
+}
+
+// encodeStruct takes a reflect.Value and a wafObject pointer and iterates on the struct field to build
+// a wafObject map of type wafMapType. The specificities are the following:
+// - It will only take the first encoder.containerMaxSize elements of the struct
+// - If the field has a json tag it will become the field name
+// - Private fields and also values producing an error at encoding will be skipped
+func (encoder *encoder) encodeStruct(value reflect.Value, obj *wafObject, depth int) error {
+	if depth < 0 {
+		return errMaxDepth
+	}
+
+	typ := value.Type()
+	nbFields := typ.NumField()
+	capacity := nbFields
+	length := 0
+	if capacity > encoder.containerMaxSize {
+		capacity = encoder.containerMaxSize
+	}
+
+	objArray := encoder.cgoRefs.AllocWafArray(obj, wafMapType, uint64(capacity))
+	for i := 0; length < capacity && i < nbFields; i++ {
+		fieldType := typ.Field(i)
+		fieldName, usable := getFieldNameFromType(fieldType)
+		if !usable {
+			continue
+		}
+
+		objElem := &objArray[length]
+		if encoder.encodeMapKey(reflect.ValueOf(fieldName), objElem) != nil {
+			continue
+		}
+
+		if encoder.encode(value.Field(i), objElem, depth-1) != nil {
+			continue
+		}
+
+		length++
+	}
+
+	// Set the length to the final number of successfully encoded elements
+	obj.nbEntries = uint64(length)
+	return nil
+}
+
+// encodeMap takes a reflect.Value and a wafObject pointer and iterates on the map elements and returns
+// a wafObject map of type wafMapType. The specificities are the following:
+// - It will only take the first encoder.containerMaxSize elements of the map
+// - Values and keys producing an error at encoding will be skipped
+func (encoder *encoder) encodeMap(value reflect.Value, obj *wafObject, depth int) error {
+	if depth < 0 {
+		return errMaxDepth
+	}
+
+	capacity := value.Len()
+	length := 0
+	if capacity > encoder.containerMaxSize {
+		capacity = encoder.containerMaxSize
+	}
+
+	objArray := encoder.cgoRefs.AllocWafArray(obj, wafMapType, uint64(capacity))
+	for iter := value.MapRange(); iter.Next(); {
+		if length == capacity {
+			break
+		}
+
+		objElem := &objArray[length]
+		if encoder.encodeMapKey(iter.Key(), objElem) != nil {
+			continue
+		}
+
+		if encoder.encode(iter.Value(), objElem, depth-1) != nil {
+			continue
+		}
+
+		length++
+	}
+
+	// Fix the size because we skipped map entries
+	obj.nbEntries = uint64(length)
+	return nil
+}
+
+// encodeMapKey takes a reflect.Value and a wafObject and returns a wafObject ready to be considered a map key
+// We use the function cgoRefPool.AllocWafMapKey to store the key in the wafObject. But first we need
+// to grab the real underlying value by recursing through the pointer and interface values.
+func (encoder *encoder) encodeMapKey(value reflect.Value, obj *wafObject) error {
+	kind := value.Kind()
+	for ; kind == reflect.Pointer || kind == reflect.Interface; value, kind = value.Elem(), value.Elem().Kind() {
+		if value.IsNil() {
+			return errInvalidMapKey
+		}
+	}
+
+	if kind != reflect.String && value.Type() != reflect.TypeOf([]byte(nil)) {
+		return errInvalidMapKey
+	}
+
+	if value.Type() == reflect.TypeOf([]byte(nil)) {
+		encoder.cgoRefs.AllocWafMapKey(obj, string(value.Bytes()))
+	}
+
+	if reflect.String == kind {
+		encoder.cgoRefs.AllocWafMapKey(obj, value.String())
+	}
+
+	return nil
+}
+
+// encodeArray takes a reflect.Value and a wafObject pointer and iterates on the elements and returns
+// a wafObject array of type wafArrayType. The specificities are the following:
+// - It will only take the first encoder.containerMaxSize elements of the array
+// - Values producing an error at encoding will be skipped
+func (encoder *encoder) encodeArray(value reflect.Value, obj *wafObject, depth int) error {
+	if depth < 0 {
+		return errMaxDepth
+	}
+
+	length := value.Len()
+	capacity := length
+	if capacity > encoder.containerMaxSize {
+		capacity = encoder.containerMaxSize
+	}
+
+	currIndex := 0
+	objArray := encoder.cgoRefs.AllocWafArray(obj, wafArrayType, uint64(capacity))
+	for i := 0; currIndex < capacity && i < length; i++ {
+		objElem := &objArray[currIndex]
+		if encoder.encode(value.Index(i), objElem, depth-1) != nil {
+			continue
+		}
+
+		currIndex++
+	}
+
+	// Fix the size because we skipped map entries
+	obj.nbEntries = uint64(currIndex)
+	return nil
+}
diff --git a/vendor/github.com/DataDog/go-libddwaf/handle.go b/vendor/github.com/DataDog/go-libddwaf/handle.go
new file mode 100644
index 000000000..a77aa0e50
--- /dev/null
+++ b/vendor/github.com/DataDog/go-libddwaf/handle.go
@@ -0,0 +1,206 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016-present Datadog, Inc.
+
+package waf
+
+import (
+	"errors"
+	"fmt"
+	"sync"
+
+	"github.com/DataDog/go-libddwaf/internal/noopfree"
+	"go.uber.org/atomic"
+)
+
+// Handle represents an instance of the WAF for a given ruleset.
+type Handle struct {
+	// Instance of the WAF
+	cHandle wafHandle
+
+	// Lock-less reference counter avoiding blocking calls to the Close() method
+	// while WAF contexts are still using the WAF handle. Instead, we let the
+	// release actually happen only when the reference counter reaches 0.
+	// This can happen either from a request handler calling its WAF context's
+	// Close() method, or either from the appsec instance calling the WAF
+	// handle's Close() method when creating a new WAF handle with new rules.
+	// Note that this means several instances of the WAF can exist at the same
+	// time with their own set of rules. This choice was done to be able to
+	// efficiently update the security rules concurrently, without having to
+	// block the request handlers for the time of the security rules update.
+	refCounter *atomic.Int32
+
+	// RWMutex protecting the R/W accesses to the internal rules data (stored
+	// in the handle).
+	mutex sync.RWMutex
+
+	// rulesetInfo holds information about rules initialization
+	rulesetInfo RulesetInfo
+}
+
+// NewHandle creates and returns a new instance of the WAF with the given security rules and configuration
+// of the sensitive data obfuscator. The returned handle is nil in case of an error.
+// Rules-related metrics, including errors, are accessible with the `RulesetInfo()` method.
+func NewHandle(rules any, keyObfuscatorRegex string, valueObfuscatorRegex string) (*Handle, error) {
+	// The order of action is the following:
+	// - Open the ddwaf C library
+	// - Encode the security rules as a ddwaf_object
+	// - Create a ddwaf_config object and fill the values
+	// - Run ddwaf_init to create a new handle based on the given rules and config
+	// - Check for errors and streamline the ddwaf_ruleset_info returned
+
+	if ok, err := Load(); !ok {
+		return nil, err
+		// The case where ok == true && err != nil is ignored on purpose, as
+		// this is out of the scope of NewHandle which only requires a properly
+		// loaded libddwaf in order to use it
+	}
+
+	encoder := newMaxEncoder()
+	obj, err := encoder.Encode(rules)
+	if err != nil {
+		return nil, fmt.Errorf("could not encode the WAF ruleset into a WAF object: %w", err)
+	}
+
+	config := newConfig(&encoder.cgoRefs, keyObfuscatorRegex, valueObfuscatorRegex)
+	cRulesetInfo := new(wafRulesetInfo)
+
+	cHandle := wafLib.wafInit(obj, config, cRulesetInfo)
+	keepAlive(encoder.cgoRefs)
+	// Note that the encoded obj was copied by libddwaf, so we don't need to keep them alive
+	// for the lifetime of the handle (ddwaf API guarantee).
+	if cHandle == 0 {
+		return nil, errors.New("could not instantiate the WAF")
+	}
+
+	defer wafLib.wafRulesetInfoFree(cRulesetInfo)
+
+	errorsMap, err := decodeErrors(&cRulesetInfo.errors)
+	if err != nil { // Something is very wrong
+		return nil, fmt.Errorf("could not decode the WAF ruleset errors: %w", err)
+	}
+
+	return &Handle{
+		cHandle:    cHandle,
+		refCounter: atomic.NewInt32(1), // We count the handle itself in the counter
+		rulesetInfo: RulesetInfo{
+			Loaded:  cRulesetInfo.loaded,
+			Failed:  cRulesetInfo.failed,
+			Errors:  errorsMap,
+			Version: gostring(cast[byte](cRulesetInfo.version)),
+		},
+	}, nil
+}
+
+// RulesetInfo returns the rules initialization metrics for the current WAF handle
+func (handle *Handle) RulesetInfo() RulesetInfo {
+	return handle.rulesetInfo
+}
+
+// Addresses returns the list of addresses the WAF rule is expecting.
+func (handle *Handle) Addresses() []string {
+	return wafLib.wafRequiredAddresses(handle.cHandle)
+}
+
+// Update the ruleset of a WAF instance into a new handle on its own
+// the previous handle still needs to be closed manually
+func (handle *Handle) Update(newRules any) (*Handle, error) {
+
+	encoder := newMaxEncoder()
+	obj, err := encoder.Encode(newRules)
+	if err != nil {
+		return nil, fmt.Errorf("could not encode the WAF ruleset into a WAF object: %w", err)
+	}
+
+	cRulesetInfo := new(wafRulesetInfo)
+
+	cHandle := wafLib.wafUpdate(handle.cHandle, obj, cRulesetInfo)
+	keepAlive(encoder.cgoRefs)
+	if cHandle == 0 {
+		return nil, errors.New("could not update the WAF instance")
+	}
+
+	defer wafLib.wafRulesetInfoFree(cRulesetInfo)
+
+	errorsMap, err := decodeErrors(&cRulesetInfo.errors)
+	if err != nil { // Something is very wrong
+		return nil, fmt.Errorf("could not decode the WAF ruleset errors: %w", err)
+	}
+
+	return &Handle{
+		cHandle:    cHandle,
+		refCounter: atomic.NewInt32(1), // We count the handle itself in the counter
+		rulesetInfo: RulesetInfo{
+			Loaded:  cRulesetInfo.loaded,
+			Failed:  cRulesetInfo.failed,
+			Errors:  errorsMap,
+			Version: gostring(cast[byte](cRulesetInfo.version)),
+		},
+	}, nil
+}
+
+// closeContext calls ddwaf_context_destroy and eventually ddwaf_destroy on the handle
+func (handle *Handle) closeContext(context *Context) {
+	wafLib.wafContextDestroy(context.cContext)
+	if handle.addRefCounter(-1) == 0 {
+		wafLib.wafDestroy(handle.cHandle)
+	}
+}
+
+// Close puts the handle in termination state, when all the contexts are closed the handle will be destroyed
+func (handle *Handle) Close() {
+	if handle.addRefCounter(-1) > 0 {
+		// There are still Contexts that are not closed
+		return
+	}
+
+	wafLib.wafDestroy(handle.cHandle)
+}
+
+// addRefCounter add x to Handle.refCounter.
+// It relies on a CAS spin-loop implementation in order to avoid changing the
+// counter when 0 has been reached.
+func (handle *Handle) addRefCounter(x int32) int32 {
+	for {
+		current := handle.refCounter.Load()
+		if current == 0 {
+			// The object was released
+			return 0
+		}
+		if swapped := handle.refCounter.CompareAndSwap(current, current+x); swapped {
+			return current + x
+		}
+	}
+}
+
+func newConfig(cgoRefs *cgoRefPool, keyObfuscatorRegex string, valueObfuscatorRegex string) *wafConfig {
+	config := new(wafConfig)
+	*config = wafConfig{
+		limits: wafConfigLimits{
+			maxContainerDepth: wafMaxContainerDepth,
+			maxContainerSize:  wafMaxContainerSize,
+			maxStringLength:   wafMaxStringLength,
+		},
+		obfuscator: wafConfigObfuscator{
+			keyRegex:   cgoRefs.AllocCString(keyObfuscatorRegex),
+			valueRegex: cgoRefs.AllocCString(valueObfuscatorRegex),
+		},
+		// Prevent libddwaf from freeing our Go-memory-allocated ddwaf_objects
+		freeFn: noopfree.NoopFreeFn,
+	}
+	return config
+}
+
+func goRunError(rc wafReturnCode) error {
+	switch rc {
+	case wafErrInternal:
+		return ErrInternal
+	case wafErrInvalidObject:
+		return ErrInvalidObject
+	case wafErrInvalidArgument:
+		return ErrInvalidArgument
+	default:
+		return fmt.Errorf("unknown waf return code %d", int(rc))
+	}
+}
diff --git a/vendor/github.com/DataDog/go-libddwaf/internal/noopfree/noopfree.go b/vendor/github.com/DataDog/go-libddwaf/internal/noopfree/noopfree.go
new file mode 100644
index 000000000..3c6b7eac7
--- /dev/null
+++ b/vendor/github.com/DataDog/go-libddwaf/internal/noopfree/noopfree.go
@@ -0,0 +1,15 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016-present Datadog, Inc.
+
+// Package noopfree provides a noop-ed free function. A separate package is
+// needed to avoid the special go-build case with CGO enabled where it compiles
+// .s files with CC instead of the Go assembler that we want here.
+package noopfree
+
+import "unsafe"
+
+//go:linkname _noop_free _noop_free
+var _noop_free byte
+var NoopFreeFn uintptr = uintptr(unsafe.Pointer(&_noop_free))
diff --git a/vendor/github.com/DataDog/go-libddwaf/internal/noopfree/noopfree.s b/vendor/github.com/DataDog/go-libddwaf/internal/noopfree/noopfree.s
new file mode 100644
index 000000000..afabadb34
--- /dev/null
+++ b/vendor/github.com/DataDog/go-libddwaf/internal/noopfree/noopfree.s
@@ -0,0 +1,10 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016-present Datadog, Inc.
+
+#include "textflag.h"
+
+TEXT _noop_free(SB), NOSPLIT, $0-0
+	RET
+
diff --git a/vendor/github.com/DataDog/go-libddwaf/lib/darwin-amd64/_libddwaf.dylib b/vendor/github.com/DataDog/go-libddwaf/lib/darwin-amd64/_libddwaf.dylib
new file mode 100644
index 0000000000000000000000000000000000000000..0308564ae6d5fde57de14ad353ad473837e7a08c
GIT binary patch
literal 1375472
zcmeF43w#yTweWK!KtN=IAO>FqO*N>siS@w|#6$?pz#K#YrBwv0D83QS5iA9xIj1sC
zPn+IqOCMJHxR!f+Td7rwwa5uz60~YSt0*ee=N!jJ6bup6eE+p)<~%}t&`-a6uV3<0
z&di?uSbOcY*IsMwwf25|_nRN}E+`1~C@3iC#s3=ruO=Z;`$L`z3Wo6i!u<*gX3m^i
zGkvN`%KxXTxXbsRq{{zPrT%8ljLu#d^<VhetG-jbZ-4rAk@vuRVK%$G)aJg<oH;)l
z`_}wSQs?^a+2Yl+8rbDe-b3D_`nSlhPx>r>UVSs?%)V;w?0M=vzrR;)_3G>A110Z%
z)vEm7@LhcEHS@C_?hIe;Hm|<Ee-$hh6v%sCf4y2W|IVCw*~J&noW1bk*>j^aqZfUv
zbA8|YX@8Zs-#D*`yywA}smXhoIrHNA(Rr6&bD5vsxxQuFy!sZ5@vs)W2i0`0d*;m8
zH484k=8~D0UvufTWa?aB@lhU~IEQ&P$b08Hg1Y5b=xzi}&zw27dTRB|F=tJh;!$5f
zZz;cYr+1;_;D2cmyj`0eg^#aqMF0%-N%`PU=p(=U)z?ZVFOSZ=G<MC!d%?HjOs}6l
z6&J{RZhd`%iv3^4p%b0t_jhGb-<=+S^8QJ5B6uq&tB1GT#s+#XRY6+*dw{d-e7NeO
zne%VB`dimtHFIus-pAIrJkz;>dHs}mzcFZv-<dNnxhQ&3HlZ_o%X@h6Ecdg>d#37a
zvCI?vWX`<V7hN**`itfX7wBAHRiRg(?w64F-1_|9?_J-w=1X;Z)wk5IuOw5#qqE@k
zz~I6EojKF5DDy7kn$5J_uWxcTDGxqx)@45mom_qOwbukGo%`GB*B8*8<jd`E=lX<B
z1UEBhn#QDwHDe8Lb`=y<d6;San_r^SyQJpUbpY=b{4aRPO|P0a_oC>WuU&Qdw=TJ4
z!9|yzaLElklIKWRo#dBxRzS!r#ttml4zVmX2Nq0+H*B9XuwWrmX!;EU3u<pIP&`8F
zUU9&nf(z)-EPYTx{k;VR`;!*nE`X^Cx^L$H+ob-F`I|FlP{HZBfcp6k<yYEy?pQ0b
z=i8&_e0T7`6_vH$9CRXSrTnjo^rqENKlSY4wrRg(`3AU|zkWQ8;D4zLQ1}}PgAWya
zEjE9iU_<_&a>M-S?5j^WGlLXzNjbqwrd*GeU?;!a#m60YLZx5mX!1(CTY3yCsAABE
z`|l<Fz)u(b<8$|4HwL;f(2ap^40L0l8w1@K=*B=d2D&lOje%|qbYq|!1Kk+t#y~d)
zx-rm=fo=?RW1t%Y-5BV`KsN@uG0=^HZVYr|pc@0-80f}8HwL;f(2ap^40L0l8w1@K
z=*B=d2D&lOje%|q{4d79G~Ifo`n>9MtEW{@ouc3L#vFXd4QrQf?a}4mr*!LKr>Km0
zu#^_RiGJ$V9nBwgbXbY2IyyR5^fax-En56<M2#59TUJw6w`x`zb!%J11zn4O#J>@H
zZ8LA~0ou^9@_n0g?{A6<B8iUZnWnWTVxM8!^UEWNw&=@xQ;JGES`DpXT#=qg#Wovu
zFVou9F}aw3o&721uGP*<X#;xb)|T|shZhu>_Tm<!=@w}~{tWvkDFGs}S+^Ijj4sfV
z6FRJxy6rvmy7zm`FRa|?j@Rp6{Gf8<rP|QADxuq_>P>}@$+LPK`<RNL@Sl}uzyB<r
z`2~7iL!lmiIMxh!(GqPag$}0t!~VCBUYF{Kxj>{4K&p{kTSOdyZY^H!6#PQo@0`v%
zD4Hwb0b2Y4$z-pcBbmU-&`VDUKvVcK?NgmNF>xRO9K~9xTC&O?ot>phZH`{EcSlEi
z9o6lxXZy!vrhn?$@1J`9xc&|7vVRJCfQZ<CS;3FnR~uT(FYl)Srxrh&VK9>8ilK+q
z{Fd{(g5SCPrXu#Gb4@GO9I>xi=pLBc;VKZbp*RwLBYLV~7nYg!2-BWh6bbK&zUJ3o
z4Zf{y)>F<CKc|7ZrV)|wN3qx4<^XA?9cwm{=T;cWNqQvt{iT4U+p!gTa$HEa#+DW7
z)=6c0a?M=mjP%u}U6XQFe_aUa50Ylu|GtnPBN;0a3No$NP3xad?^DTO{b90vse5Py
zUzVHJTYB<#NpXx(bUX2~kfIj<fXR_V$I>EGC-Dl&sz=sqike?@PG4SBkbaD0Fjy|g
zvTvyn(iMD#8@2cfUd*I|Mo-=$u(`)5db>{m^pj*ZJ$$|(qOr;x8C$KzuTxcBUvAjv
zR`6A~BP;3Sa%a%#(nr<rNcgp=j0w1?X=WT!xnp2hO=fs|bXj%nl2Adkk7185t-iJY
z(jwkVq1M%Eh_5XLg|*UCu<iWE{Q~`rg?eIZ^r}d5_Cmu>)C%6iTVf@^;C?+j#Pz1t
zYKC`2OU&e4r>)8fMc>lxh3(F-?qqJiME?wX6vG}%8P*+AhqIIqO!;bUKw+8DG`37p
ztdAG1JRv~vt!ANaC+Y>qRzikcn8a}PQEyV|q*3)*493RjVOel4t=Fw)-R?tj?7eh>
zjITYu*bI-*;ya|ax~Af6W;GuTTQie46zg_%u^ujpwWc2-pA3D({#~)c{VgT@c*D3s
zi~mYqK5_i|epAM81LHS4Gk(!B25@Rw-UyyElA3Hq33@W2h#<T^dbg2OR4pSpJLPJ+
zwO&sqy|2yDA6D0Xr;KsztJ`B3$9`opkl!hjk^DUvG3_g5B$v|#HIm!@A`>{aP`L5T
zoRKuct+D=aAa^+9*UpTS@mrWXe*e59Z~Q=qbzdzlIL&<6d;IL#DF#p44F+$epgVW)
z6i`hGNv9rqK2Z%`Xa3lE{OBkHQ{s)EUbnvU`04ikdh#2c#;;ASX8UQ0I$H8xG%db`
zNI0f?i=Mo5h49(BwJG7etbjU%;tj27uayX6w>aQGG9#b-g<9XV_;Rx6uW{RRc!Rgb
zJ(jn|9Yay~fk^Uq+l7|u*0%G*U@bUU24-z5Z|*_46bUrjoJ+j+qF3j)^=a$r13#Db
zRQ0gwmLN`Aw|}zITU4Mmub+REPUkJ8r?ZeQ@t0nKN&Z-k93EMEwfLIBol0nRqe!aU
zn7%>2s1?}f=U>SBq&MB7h6=Fs<Si}IA1hHTY_o2yBV(w=ck(ZTw_OHrU>2kBgKf?r
z5F_%*N&AM+D}R=QPpMe`z~>feUnG({1cd0kd|Zl9a%O;%D)O@!2l9womy5h=)bqc%
zUV{(SZE7-;Yug2$y0yg;!l=a`S3s^U;;k$BL$`-Ig>($Oz~5u7x?R(vH`PjZ`P1!s
z2{Wa8(QohFuL-`el@Vz!tv9mrmU{H%5&v2B&wuV(9x=L-w|p8_Jpw4xzI!307)iXT
z#h)OyRKc8F>WQbx?ZWMnON#^xR?_j_WV-Rz>b+HX--?7{ddkdzd{XMu9VMih$@^qI
z*6p4z5QB-xSIqZzzPl6a{rRoiNm)%=b*&*J0ziC&)MDRPD&>-@7NNBMMBSS9)vF`+
z)dH?xu@*lZs0}+-W!Ten!Mv@YHtmFf>*yzEzrvOIDsb~v0CtY$D`iZp&6#<wYE)JO
z5ule(DJWPw7X&$Dm&u5(N6aZ!@^lr_j_QGK^^h8^87m$ACq+nbv2qrO$x`o;zoxR}
z7*_O}6io^uD5N@MB`f63N{mp6$#V6UtdbuV+~Zi0)E7%HX6f>ZB%}h>c!67zoq&Az
zvL;lO_Tm&B@g*$~=e6^Ub9+S(L8q5>o6~rX;PF0zQ`WAl5#y%Ib9iTLpsZVyGxB~U
z{AzThVP8<z&YIgQBFmcrOJ=Obh_n{ls@o_S+Yr?F*SYP-OzVt%soM%0rgfh*;H3Fz
zT34@bOU&gp6zu~k);dp+3ely;YOBht+a3z(_KcOFQL@DP>&f{;j7@L)`jA?JQGj$S
zhD`ao^S3i(^lF+}x{%NAD4>XtuW7FowyZ?!FtmyorEhZd`=|MT`Y_i2clF`xbgM<b
z|LguAsd~ff`{~0T)<b;Rq&K7s_0T4LwdVin!y5F}A^%U;?k0PB1iDga!Knz*9r{tz
zn%x=M!BO%jUCBjH>~`eXBR}lu0L7x;*}!hCLt>a$7CiTP7br@jy(>2xyV~3XDmPc}
zYRjybc0yNuq}S6{=yqX?Xjb3Q?GhQAvjIiBrAB(5yp*ARQ%n2?`prUA&w5{^kF05q
z_A!TT=V3+caJ_C(35?AWzGNRNT<h6vfwdKi{sG#sHUQvq1FfJqVqH~M!W&}e*s@X{
zR?0(pt6o=CB%{}CSQnHP8BK*~!m5ugx?L+v43j^!a3W;9L)VT?x#t3pv>08sH(Uub
zd}T?DxxA<tVM`5m1TdhtN7Bzzm5)EGLEn_F+aA*UG^;vyXwy?DCxRr?dWUagtyb?d
z#IUe*hoK$&6acsE(2AEfQ%$VQotW)zz0|?C=`26lJkjAhv~O(EPFS~qzRp--*by*Q
z_>9t2{!RzePeEcHJQI`sP7%h5F!E84dHsYcDpN+{Ded;u4(-B*OSRMbruu5-%`|^d
z#ZQY0c4!woOq<7V0)8FEK>gL~l`657CUtGhyLuSLIHuLK-gd6K+ry_%;HV`XMxqhD
zVc7Z{uwvn~oI?Wrp*+kx6z$*a)2cT(rCPiv>AWl2(yb?Q3TbgozS%{F)vqjlCC?C0
z?Aux7XhW;`?9<OtLb8K&tHJE^4zr*%daPe%i%^x8SPzN&l=U@Lt)i?{`uC(Oie}=G
zF}gMVQ*SZ^_65nO#p6=^W813CZ|giVD{5)TrIw*TQq=N?G$<>`ZSu+V(G(CIFtPGc
zkob_5A=_j09s72*lG*zi77Dg?q;3s*#;^;^WZFe^yQ&DynIU*A))VgGRtQ#(%fU+D
z08;lLAB1e}3ZD(zdl)@xU{H`2qC%aTCd{E4bnRK?sPh%BmMv26>H9mi`1*EHzJS9n
zG3_};X4s92K4`<gJ5cvuwi(L0^&^b%^D)=msOq+tEtioH^d66tq|!3WyyBdhWnS@^
z<Whf`_eB7InO7n}PZ8MsWt?TWM5bF(nFLtoJKD8inU|H8<s>7~WY+u0itJ*4uwp%G
zu@CBE`5k5oj5C&dEW)oHja^A7^C#=}l<D4TE}*lT3(U?1UzI|^*S9-K0;Bm#8H^Fm
z{7I5g83$xu-8(T@>!;Uyye>IEXRViRcm(h^dgE&6{2#DlC0U02#s1`<Np1VG$RGV_
zi~K-ueaKtiMR^s00v&u}71IM@C)omM48#`sfhKzeOn5OXTwrsdEs+GwWI}Q~yVCnH
zc7oYEykc9UNA0z$56D}#9{j#6(VhU2TqBh^H%-VBBCg62B9!twQRsW$<%g-X^s(~8
zfAG<?XLphxex!h_X%6Iv*bpNbEmKm%kSysbd`9f6%1R9zgMlw#AV`SW%9)SNN<_T6
z4MmJFE2{_*%S9K#R;9&HW#*XH_PvFO7e7ZK;zT1kwX8!Q_N+TSyWY=Ooi`9CCy^f>
z{~#kjSkIc_m*yc4!Q!_Ii^q83vG<+sfgX?BnZ*J8%v0=aIy)^D$PX77)(gG}F-eIK
zhth8$HleH{23v^|%iyEJli_jE1N5WR2Y7fYc8JgDugZ!LPy70+Y3=Yth!AiaRwH;t
zRv3o_ag7KN2nyp$`CZMgFFqL7g-8zSTqPL<1P9T@l;CiVCpFB<>rYmG*bA<k)uQm6
zzbL3-?h6=*5Y1_kMnpdAN`BDoX({ZON_f~F2oEnWJW7OzCj}@G9$Kj&c8ohZ3yjeF
zUh;!viw+6o2PEVt(qgI%#us^^%$FBF=rQjAMF1i&JlU1N&;e`O7l8rcyI5xGYyTkw
zmmz31uts7->_DW3^dUf#?E}Q5-P~K2i3~w$@$EA3K2fDl^T;7~oiD$7^nf_9-4_S`
znH2|iig*o$Xo;P&o_m7kIH}zeG#k>-kuD44PA?<kz{8|u;qfwR@q4AbPkVc{rNn`3
zTT98SMt)uH$QRpc<o}p%^u>Xo$tTkyKloF{dLrAlTAzdYg2tyLJ}6%#r2g)FzyG(3
zCaa5lz~0M=o_NqpIPo-3Ixx!+5B~0n2bF@Q<CS>eVM&Px0=YZb$3kxNq8}h1u&~H5
z>ODfHRiWlYothIN6S>&1$5rX}bX}zAgD<VOrxbevz)N)*EW2zVlt=9AE8L!0`C<Mi
z%MZVm;#v8@GxF`P#T}3*TIleaS}ewM0jsH|o-?Y>Q06WB&N(ty0p&1XH&^iNLLixv
z1CL?fS?}j7^YaDsA(Q{8{QRE1Woz_f^Y6Gh+g~GjBkWxn9h{%P5rWzl*NU;`K#}K$
zI+rYEEz8(vl$wdzTlzxhfW9Nz)2Skl+Ld#3m3ut~+@g%`-?L|HAmQ{dlk-a+lqrm0
z;T$8GlRfWxnMSQKC91%fQf<JP3jVKZ8Z%i?)ih?hG(^fQ{-3K2sH>HBo9aNM`fI8a
zRx4TgwwwokR`SzSm*QVPy_pBnw|GA?F4WM@kNh>&6#$W+vxrA>mhjV5SDsCm{S(rw
zRQlv>`gAXSj!IvcO|SLR>s9*lY`WrS1L_0^O?AzFI;(VxFd7D8QH36EkDk1vS}Pt~
zrthH7lVt@SQMuW<8X1BNv#RZ}Ws|Kj(<PmMrk2fePW%R@#-hxJ<h_bd3X;o@mc{Ab
zvh6e_?<MLzUZ!x6d|*5MmIjAOgYmK=a?z$jh+*GbCMcri9senn#LHF)Ato0s%qbyi
zp_Gt8kP>3iqD1v7azZvYH7%D9lx>l+*_MRWOSzO^PDEtNy}w4PL2HIX7`9nfA}^)6
zvYIuq)U+3|hL2%mw<9Zyv9UW|Sy%=bc5kM&+6wD%PE3d_mXLjAVF=drBK@WfGFs<X
zUr;@x`oij&GuHc-MC^y`-}weo?>S>Zln-McD+XA=^Il5iCD^mwARvCF6F)NSK~i7-
z2JY+ZvbL*n7rd;k5VTl}S2$-Zk@q`mdB--tj34X_e^u?R^%y`$^oZOBsu1o@bvDHF
z_HQMp{9!R)Dm7y}{eQoItAGaxk^b3%Y~j)Eh5Qig-?qJqg5d4nuH=`otXa<QTz)^F
z{o8?p%g?%hyZmGJZ)I;Y<+L9}Kf2n#U5y|t`?uqVNJn$`Z&ze>3CB9Zmx-0inDs#j
z_HNVArD&#RX7Bc<n~_;JldKFShV@XOY(U_>p)xHoLIyU+OqM>91Tq@-l5&qBA9a-?
z3g>rH*D1l*@4#OazrI9$e$81bpJ(zpE$k@$XZfe6yz2a;TTPBzt|~?}@>CyT_Peg!
zOS$>&>4Kw-h4eD^g2jLdyJ2@d*59oO_V3x;JJGObVjgW$=Fzu;zGcj#$e%gp(b!F>
zH|XPeX3@=(*n|G&+eIHB84Y-~yGU>*5A%3Pe~V7Z?>D7$Vm6U}4Gj8~r=va3Uc29x
z;He~I8TQPv7t-;(cKgdx>5K`$q0N<I(`~E;5Ppy4L;59|i!{I0|9wK{f}{k??4j8y
zt=8L}UTMSv*$?Szy&dJWkVo|JNjCzKREE|S{YrpK=)|M0*n#<!b&Ox^;GmeV()-Gt
z^E{itQthrKezks$x}CK@2x4RT+HMQgQB$c%UCA|K+;D#6*YpQ!lD>L$k7y>dATVVJ
zzM}WJ8?p%K>@Os%k#5~CH5=AW!}_qXW@WLy`s&%yi{!vp*u|e3Ywq_q<g3VqlvTk`
zQ(`jz%7P9+igJ_Fu#qdZ-g$bc8fD2Yqud$)QRz)q-jV8%cjSkW^W~k%<Y}u}=~?7c
zPPG(4j*0iDq_?%uq&6Dl{L%~r_emYjMogfxRGc5NUPVnS6>5Ct4brTH;0BEcmL0Kn
zMo;tiKTLaJiL7(SvhIeQ7ZpM`PzsED1)g;-r~T^2!ovz8)@2ox1(x!?VBw%pU{OH8
zYn*Bi4lVw3Nf$tpi=o~|XXy(ttYmDiQMYC(pIC$1_}8$N$AnPj1fwZYD_{6y3klB*
zHf5W5$={-z#D=V#m6{!0@rPjllOD*{CtX@)+9TV>lq)nY8sY3-3|7Y!hoW21L`of(
zSNGAH%8qoka3jyNDq|W``h;Phl3lKO%&gYx*<Y;HbKY9rECV3^RfauyujLv4s)Xve
z^a%YMjSSC;JEgP9NI6D&Xi^4M5k@k$5}Ri!0~fJcBUak!Tib(tYeX3Gk?maes8n=^
zM{iqWBbn5D6O|SpOTEsn@4zxn<0-J$Z*yKI3A=#oJUwKxf16xX?rezSNg$ZQ4gsbb
z$l^Z1fQi`4fW6PZ4A=?*f&nw=kvz+vVc))-pN|={QH)tVp9B3u#_N)7`+o`AADiEP
zwQ7Iw5u&yG6ecnvmH(O<r_8%QR+;y_@mek8b(k8j+x`0TMXJ~6q3XMI4bLi>*L@JG
zRy%hsVrs1QhOFn1n>tU>eo`PiDURPLs7Yz@DT?A`Qmhe!j?9a>aB!xidL60ELf#gD
z((e*7x_dDnpJ1qqMt~}LpOnU~sK!5_o3!(f#foTBDqn1+bMhn7)Qpr2-UX^ZO*N`}
z-s-*i+rn=%1a-y75Y&7jsJqCUzMLmd|7JXIBgLnu-v;B!5!|`-bRAjTC&0HF|7`vr
zlRsy^PT)(<d>tvJ9)$|G&=06^2meBaEz&DGGKMjdXZeE)oB2^x*dPyi4j`vMg}0LG
z@r##l$iTZMfOo@ndGI!n#eJe{`b$amS^D!{v-B6d7n4oMHF*D6`tve$66uBhRIjOo
z(NHu33HH-1&!kiefYo)6?-xwbSpO`V(tV`=J?~u7nKt`MWm(#+#}cDxb5IW+av1j0
zv>Y(1Xtj}?HaCYmIo2Q8%dT6aLwF4Pzn2T0#$oZorJQUF&e_bU^jt_4$O>e>Xz|;5
z^NTQ!?UI>sJfFVGv-~lRt^6>Kn6tgAe@)rE;neC%Nn%JZ<0rcqWazPQVP<^)o$)p8
ziz`H$!7(%itjb^4lV+j=6tO*`Sl(j`81huUc%zf1vaE2oW_$4qn#}><%maUo2R<md
zLcu-0!+O8&pE&fk_t5HIqidCIY1xnq{E3)9Q)$JYKlgric#r4;-euQk;q{0Y0#sv?
zrC0AYORvFuK(E1ji3~@ei{|o6zrMZsr5a=krIiO(-D@9IwxRzf{QQC!(B{96Z7u5b
z?zf-$?zi8F|MIRF?c)fk_;p@=dR-$v%ncnenJ+>6Sx%-UT4WHqS{_k5o{NEZkIM2{
z{CYkxxr&)Yvln%qME!v~XA(_Z&nt^bEO!F^_#e`0u+n=3oLSy+gHX)5SkcEFigQ~p
zIPcB|J;^oYD)l~@UCuU=gkk>fGN~?i5gO(}SO|ohzug(aPSgB9)+q?JcnpCp7s}Qr
zrP=^Wu|qS}WnU%`L`=kw{WmILt30sei!*1A<h(;H9!!c_ewf<7kvI19Bp)DexSZFf
zguKch(|WFa5y9>ndB|nYTHP+PFrQ_Ur;GV~QZ$$!TD(GxE}uB34_6ZwVHPoF_k8B`
z-?CMTKUc0|JcsWp`!e@&a4#d`oQ8JpBU?-SK$PYmi9(&}=(A)BdY|p@lY*13`}@ni
z`&&Vh&%gXNCL<qx5&m=lrbY=YBX5Wvjs77&GBmn9Qnz||a=^p$L=IRpi%*8NMvYig
zLf*WL$+_x7QYvE$MmhCj<QtG!DqXY_bJS-w=*(9wev9gPQY9xn(qO}0Po9UG^fVsp
z!&=hkNtSTCcJm~8u-55)c8l|k79YWT<z{^s&Rs3(O8Kb7^)JNVFb6-3^9mY+petqN
zO5Rb=8+5%~Ab_s_&Qv73yviSRy-dD*W`Dvj3VsDN0HwbTIF*}s?P5R29!T`SI%NY7
z1wF}h?>7qiOuu$s`f>gGZ}9&F!9joEPqlheO)b#oQEKU2q14z?!@5rmKvT_9FH2;Z
zVI`$B1X{CPQRhk-A-kp?e{D64EF}~5WTf7>=^^#5XcF(S#8a|M)Zz}q-)G)oiWogl
zFm{RbU2U>U)C<(MDb$+Q@jhyOhUshqh51~1(Y0zFVe4v*a@s(E+shxE{gA0-gSJEz
z68ns@E+GBEbySxq)zhgU&seJ+Lvs<m$uTsqEhUq4GN0Mq#h6j975A)<_Ge?E=1)yE
z4cEr5xumh?p@QnagmM_WbLcgKKBZ%@^IO7P7S7I8#>w06sXgWGu3#`nS=Q~7NB@Ha
z`=Gx(sUfKBaz3QAw!dL*$gx=bfV7%8VowryB-39>NZ0b>PI66m0=em%C^a6dd1<<0
zHEOBpYz!HrpvwroqXVJ$IMUq;Rg<?EmMM*FkR%Ur2e}8j#cqGMpWD|ha(lUj?tWs)
zl4b+!52%;@r<bq(bbP1CBSwwU*fsM(FP18Pm0LxyU`DWZe54bAHlDso;Shzhi;t2|
zJKLjHC~PGsgBR0ME;NSqm|^`xw|3BL;n8a)i*qIo66*pe*-fx^hJ*E-eU09Fa`AE<
zAz}<I@|+S6n^V>EnuV(BHfP;6kY`fyb__jAzUa7KC8;s+Y^~1szN_X6z5$WqTl?Hv
zP`#85lj@~o%Z7-gU|3_zDzx&N<xmQHC`wVSS<d`i35+twS|o?Al}983#w;7bK4pr}
zE#7A@&VyAFkR-*h%(BVM;#$LE+bKKEXE3cVD4XTY*|BAF>}kuYt*K>mMb6UMT%2Vl
zYnIAxv@TAc`!H>-Q4QL88v(7Ta;sLJl$A}vxsbUqmlwl|mkA$1@0M>lyOQJ<G?Dvz
zW%cC9OrChza<72GVw0LuB(NlGjm?Afq_5NyblD^RZ(;Xst4Vp*z7}T+uh_3k+G>`2
zNh_Tyl4xT(rA=#uY0Z*7CZU9!sjv3OS(65l*ViAuk8G5qPw&3Mmv4Og7q95k;sxT-
z0jy;JvaIyg**uMp*ueQXW2rztwoB+^lLheDEP*u^O)mzdEQx#ib)05=d)(jh?QvJ+
z!*jlZ$C)arf{ow1eP~}jE{Bu0IH##EG_=2au=)ai#6-T*DV3rEt<1CEUGB}d{Yezo
zW6gm-4Xp*Vg8cbb_r?g_iYzy*rwywO<FDr$^D4!0J*v@G9bMhFAr$S)eti-9^~G*)
z0@XssrZ-G$KHK^imzdU~QmB%tHimtVtg}~gaSLwWruCxpUk5Vu7L?h9PR(Od+`!bA
zf8&c`rSSXWf1Eb(!Zz#~MPOQs&qvn4!K1TxlWslxIeIr8hM}*+9EN0!I%W65pQ4>U
z#73pxV?{9~j&8ktT5zZdlzp~%?y4#EEhP&e4C(1?IW7L6e6raweN&6y!*kvH`<X;d
z!je~Nb@$VGllD-&V<l<4^L+cGA331KYbjyaHAUvIc9H)QB5X#&vrA&n8}?$5t#I}n
z11ZDJw%H0m#h(PHIlLP_&0DViGF2|+yw5|r4?_{i*GApql7i@8GGKUy%>az(_Ot`2
z0`$Q2uXw7@WE2)A@De4c{A~0-&nQ2eQ+?F5s9yZ1l$KsJ<@923elPwjeKPY6L1G7j
z1iROdy9=^2NWrJY2a>~YI(C?QUN-YKcS1I^(uem3X;ThJ(LcIF##)RYt>unh;!LGT
zErtfim#~P07WVd>yAJBwBg=XQZ!Bwz=ZwV=EF37=pTGkqCENUGmBtQskB}tgyq!&s
z_VHb>uD?o8_B(Vnqs*GM2iI&pIR)2jJ@EvdR^mLK@y<qYJK%O$npRF-7i^-^;~&;#
z*INE^T(cYUT(dizvoSfc6UfY!P|+`VG95%{Nry2kMSRZ$yKtRMq+{K22E=i2cKSqz
z@~j5Kuv)S?qeu8IOjr6NQ=R)Y_M(v-Uu@V5Sl3U9SPP0LScU5h<}3W>ba82taECtl
z2H~i<MP$`2BC9q8^r&Q2rm82a3W+HXXWSPmjJok9SW7mH$XP?g<ubF!d)8!s+N`@o
zIN~;^>SFnAa!%P__*0W}0>8QBSJf4Noz@Hsz<F~?v3n5m)*=R@(b*t;v5pM}0_fSO
z(c*_e3Dw%F@x?1bu|tgHS;d%fLNLHi@q$901j3fWw&5(;DpY`DY=!d@23yLXRo>PR
z5`WY4%JsT+RFHNDWg!%O|EvnbJ`c7(Z8deIWSc7)TkVvI=wrd~2t>6@3F$AA?T~6S
zd1aBC<FiWnUJ>g(!ToR+n@IT5(gknKKOmC4rU=I`n0G4XFlFH{iKCdZ?tx~KnymNy
zG>x>i<&dp&Gnix*S0d8@p5`*THSo6my=YznznG7@wLdJTAl)R-`QsGuuf5hYSng^)
zIo|V)!dnH@gC~Zdw;p~<i%$d1fjAjSxnE_l)p(pVfb_a?#i1;+Jo{<gdL3VOEgoV?
zvU}9E?-xC+u00fcO<Oglh@m=NPZHSb57h|P`{a~TGb!OA#C3t!eqv){j9}nSeW^Uh
z@LkyDJb5^Zz^{?n5T7TO$RZ4sE6AB*IF>uF6p<Aq*RnUsXv`+o{-iQSB=%J{HI2Ga
zWgz$>LGbCF;8o+ZQ;J@w#%GB?K9}Z>k1Bp-W-Qt+lCfBrHx?4SA8Rpeqzj3z_QnG@
zL$MdB@n93whvOMW$Gy+AZzxuTyoKSd+#0d3EtQq&tWNMzYja+_n2pf#g1{St{P2<#
zc!vqqD0x=sDL1^mUdkie8FixzVpBX)I#q!`#|IzxBS?wWd`3%#nxefFC6VY&zVRB^
zmC5Il^#!RbdT-!Ap{8SWuuKFzko|6GiLrw0n>!Jqr&6hD1C`keikuG*rDhn#!81kT
z!e3J8Q@+edzsRRc>ofGqX&rTMF!&c13!1JsEOxD8E$+dc@a4xNoePzef{}74Md*2p
zV9a-|#}P}YYrm63{FuE(O#2)6GVRA!$;crb`o|Y60YK=F(;9^Nc`jNq{TEZS=-2Uy
z9><$>VXn%Sg<qgAF|5Z8Ibx($xAthO`oejleL1+G*sv!RAuA@&75)RK*#gwtp=*Ad
zoGb41NPB=Xy`tvB4ez>-*|0x|Gp&!DXAm@Gy{g+#a=r(dE3Bz*cPKVRa622&dG{23
zlNa<rDh3D0ht8EK1!(BEJ)|`B1NZ?y&iOJPG_YP;SuZKak>Zr9s<t_EW_W!4LS}33
z0C@a-%4GVd+dW4#dio{2q-}hWx2Im>+y#aJ3vi3hpOOCV$KXqy&obGx&+yiQ%Zl6s
z6@4HU;d4Ht#hFRLNce;3#EA6@PX8$*x!7@DI18p;yLfv+^krn@W}%d=a74tUEwKY=
z)ZIWJp`6FC+RQ(XVF0zcFG0jGo`pr?;9%ObO5OhO@5Rj#E7sz?O_%p-@0x6ToFmXI
zOMq$*PxjaWuq_w2h%H9=g(xg`dhYoFzoNEGd!-5&S>L}bMzi!2oL93HZh=RJI<iLQ
z(3!>BD!o`yl5S6i<n<C4ZGQ3qMM<|SE!0vLRPxDMCubu}9znhem2bG0Pn1_;QIxVN
z{1sU|dZYwKM#FHk*jb7_B*%EG1loz!BRveMShoxO=C%0gqJ#J#q)(NXq}RM~7LQVA
zvbmimc16^hW&UTO;PIq``xQ)5EiTcISl3d@PJ#AsMTn%j7+(2u?9}vhK4#IQ_JfJ9
zNV2W|XO0X&H(Ko%i`ZrGe*!<m5e;P$<?O1mVhK)-9v`te5<&t=N=PM=q`Iv!6g$?y
z*>yOqqTbl_mV0clUPhANDH}leYBp!|De?atAvq&>yH-HxcQ<I@p&$<QuQNUz5>$(N
zh7p3vx=l~cs1?)7iN(^%1NN+EQoxK(P}A9t)YCz7$Cip@LAIZZpkp8Kq@S&~H|rbp
zx*LiyDvx40hUqNRZP-Brgc@0`TZeJN3oB@{X0`L?VEG>5du+LGBeLKx2t!#WSOntb
zM9ZYacZzS#q^}^IS+ZFi%ck*>2;ih_@^6eCmi{%%l&sHEsD{x}=~~=Ya>j+l>F>&e
zefpnMT7h%O`Qn?e#rK1Z7y$UmAmCTlz@!M%z4YYiNA4zn@}Nbv*b4ssO?ZHP`T{BY
zGSBIaQkhS+ie41R%X4T}2hmj{pxL^VN3)_SVlnfHEJ>d|BKw&TnewWWit=dIy?Adr
z22&~bOhtVPZ$hjHRS|lPpkg6!FjzyR9^K*$6dxTPl`WSkq-H}UG20N~32N^L)I;CS
zFnNJ5-?Tv{ZNAJbt*R0q43Yu!OS~;FaO^(V|NQlJvUArrV7#;WC$m0g&#z)l!O&-5
zHMCD5o(_8!Mvu#(cx8bQ@>lw)F#FD-PYseZyg4U$+FB=p(+v*s)6IGaG&G=~5<gAI
zbT)pP0$s*W50;26tOFm3rePPhg0<KbcL`_j%pbrM&q+Pqox`CjL9o*ho+ZSR7z*Z9
zrf7*f25Yq!QjwD${i<oR7vF|wq4;Eq?0u!^GeXwdEz3YNOF;+H6oIcNyYnlzX4b`w
zV|6a~K;DojYMAxYo*!`ZagoZ6a8vBHNcftPSQ>E`nL|XV*PS0Ii*qbR&o;@~M71;*
zl>doe{s)=zM%|K<f|!Hsm0rNC@L)PJT}K(ezpP5FTH>3044jZB@f=iev;yFjTmbrK
z0eIBC%k#&QfRw*v15#qY@xxHuU+1;5llc|2BF5~Xm0}Ofm(x>a<_@hQ-gx`GM|0}C
zKd2A((d1l{7uzHGGxC`_Ppxiu>4F)0-R@%T7C8`$r#{-v2Nw#7Uof~`PZka&DE|or
z#r}F_gZ|*<Umf8Vy}s=ZBJm&7t;h9-x4$OomG65AMCUssH1pP|S8hqKmldaOca?U_
zg^CT1D>m)xS*XpytwwUx0Auwrm5==7g64l;Z)kV7>pezKN)9^JXjq5O%O1U9{h@jf
zQC;5G8ydoT=ovkPF?^5Fuzr{s+GK<t(R+*?yxk1#GJ8Y^w;RcRy~sz&^<K%bgB|29
zy`eE|hMJ8KPpM&gXpbJ+p;I)pUcdjWs`{^uyyBlf1K4LGp%)_B-K|FG1v#Xk;q|YX
zmG1&miy3+r#oFst3mF^It+Lpyp8xK$2d`cAZ}*baE3YPVaJwmL;@Y5R<oM3uRzNX_
z3p5Am51cpqmy?^GHa41-0_yQHaYI{VVmCA#sfXUtL+=Yp|C)p9hjr^Qz2Pkn)$dRv
z2|1`<mp&h$j5PsJ#sitM_ICzvG3~K~TTT0t!OXp>gIkDyD>Raa9jKG+=#_%{t%miC
z(U7M8^=9QGISEGPGoa-W(~b^K8KI{pBo8~)1bYqZkBfwMMnX?Utd|&%L6Oi7Bed0|
zvF%3aacQMJ5_&t5Jn4)`=qWSQZiZ5fiy3M$LLV3njmJ^JATzYbq?mU1ho&5%hZq-X
zLZ3$qev!=6nyc4VG4YTWBGzMO=ruj`_#}Jk=w>tYwBFEk=p_59(JjXPnI3C*zi)<~
znLrLuO_U`^NHjDIHmqjAZ!oO)>4<!EjL?&~+nb>VD8k5$BAK?BJ!Z5_u)i~Uiy7iS
z*eP9jHWGS0Vm+y#UPmvV0C)^MyMVeKdOFU4j6!>i(4&*=v7_53^tfO&{eM0ZdPs+C
zdH{w+uTpx$x<R^>edstd<eK5d&Cvl9>_O~tO>1EfpelWcFp<g)+1X`kcfX2hS?G{-
zqw+~FL4r*o%<T|BBb!e0nPUs|3>HY=WQOD<4Wn`^MWAJ|=~Bm5gOSZ9n3Y>p9ieu;
zlH(5UM!}JjH>ho$RHzbih`up*C9K<BIB$U6AL99-0Vk)>rt~BU6kMH|O~@vXYpeQ;
z>3GxI+Nx2bk=Rb`&>LPW()&D)MerW#Z`U6TW&v;S=#^}u$(aT~AmrWPCbLXm@vC#E
ztVI|raLzbKRFU<<*-!>yQYSyUTB$*!<%flMDj6^f$m4N5iXq}^Y+Tvulz!^zJIRxO
zbYA}g=U2)G*7NW82f7cgTcYW#_xQEaZ^IvHw~Z@_9WrBmJw#g4SdCeYRxo4VR#not
zUnu&jZci$%y@3UU-~*%%yO={5aX<qbvueMM0lL|p?)&4~ld&Rgj`mW?f6~L1T6~r2
z%h^~22xq*G&uvi{-z2J`D(g)3i@*{ts?u(!Z-XFmVvf%y{mf$bMyiPRghjX~>Grvl
z8z9y5JHao{8Hdz^RWe+p-Oed1C$&&F->)NmTyf*Ll2Bt+3Aog0e*hw-0<X|(7x_}P
zGr3sW-_L8m-@Cd+|Mg;`o~(x(&kQP{Jbkbbz&1xet$Z~ZrGl)zz*~<*K0;Z7An*fu
z%K4)#MTr#RHb)l@7v3vgi=3L~3*SfdR^PSw0U|>smx#W@mfbi^a-%t=fvl-=Bm5A@
z9?AklXpop%l^g<7u!oxA_oJQSiA4p)KW0myPpG}%DsYmD?L;#zHNxzJ&bvG<zSgpy
zMywCq^K<A6`y+To&<TfQN6AC>n`dvc5&DEe7`|}dD4e-8Q>|9_7L<@%fcg>BXnku$
z8~Ymn?^4E`LpVi*#Er3w+-q~QBOk3Tmx)q%7W2T4l!D}p)oa$LnvIHODvR03uU^G(
zveYOGS?oQx%-et9{K4{Q2?tGbsGPLIzR%@~#^k`kw^jIY{CkR|G3D6o@DWucsMZp9
zBFUs5=ASIkg6}HbdM09h<Z7zEeq|EZfX~KBhV^&dHcIty^E^inH)wSoA{7ZjB&<&%
z;JLIbY1RjnPs_0xlue5#g@GOu5Q8D+vKr3%5Q9rbuoONa#$|N4V{o7qUQuo4@`^6y
z_YrK@D-tD^1a+$CC4bfmZdID3Arw*EgB@^`9696QHRo-TO#7>=@AFj1GNE3rcuaAS
zM;O`p9*IYl;wZSPTP%uWvqE6co|)>!SB{OBUO`!@{|BV$_Tkh0`oALelV@CB1G_~E
zLnrbzQz8`?6&FOW#2V-8-bA6rR$@0n7JrC2JdpVXje;)=gIcnNp1h?7=pE;bB56<D
z0(v84bB4eI@-wL{CKWA|GrO4Ah<Q}#A-`8;n_D8u-s|`xiei)`LF&Mx-T6IJ7@dN_
z$=jx|Pw#sV%I0;9h$yPRVMwV0j(_F7ofXv^T&1XPz79q8DDtDIKK3Wdj^sIg1qDf1
zBMD`GW%p$&J7TZOj`u1{NM%onjnF>*CMo+C&*|?-Wnx8SLsejZyO(ek^uGxi{jZaJ
z-Icy~!%mUy*>UdH_dZvB?@mU6q51FA_m0Q{@ZY5GEqObaw|1fLbw!Wqce?5Ei?Bav
z`hPP$et&!hfd3|XeCv&_=uuCyOmL=6zle=R^xV=&c+>o9)9!Dee1}hs4vVn(UuIex
zg?<e*9otZA{mzJuMgPpw`3uOP#Z#=1rgflEx30*vT4t<|gdf)G{w#@T;1O9g{-km=
zWQ7gn3o%>x@=SWAd{3T>?1HQvu8eU46o$A%BFQQ2@JvL^84_)c*a!N}&a-s80@+-P
zi``1EYhtNucMs349r;U4CF~c`gQG-kw<jSnHqT3&;fDDK=we%C>qsQG7j^4Ik)M(H
zTm9ck)OsGpf&~@^3uLmN-PcTtsLz?sVGV!La8tCGIr6MhHl<l|C+XH{fFZ?HwMXdI
zeyA>)7{_|umTE<%_?jqL_I1GXj==Mnz=IfWD}_Vg>FdE!*GR_{Oeh%ul&wt0Lu&e}
zuasp>nGV7Dtg`bNh+WRJ@@#EmYimaOim^onc@=cFKfO_oqNK$~iv`2_kjM`$exiu^
z))QhBz+jxhRG1?}gO8e0ET;&CE%T4!g<hwk=Vf6;f?|_H#P#>mEg~L;*J(E|;DO_!
zOU3DlK}lj~PexWotnJR#h`hdul2bPs9_U6zI;Q`|AXC2*b}tfP*R&j=A5^>KnHaLJ
zC^o{=3Sw`kCG5wrnmobV9-|ac*^4y%la_ozh*u6_Iu%PbLNVvfDVb~tniR*$x`PDl
z@FQB{NGeNL@Q>{F**731J?`89f5w$V#Bv2-v@F}*dIPJk-(Q@js2Yr6|8!4{K-7_N
zWo}~hNZi}<4xDCwVSY)@r9V3T32}bEkJ3TDy)*}(?$-l+jQ<3DWMT959qjE4QK?^_
z5}&;Bp*|Tb^*#0)4^ViC?6a&#MMD9rWds6z>-IPKI#B5Uk?24p{GOJ0m!WeZ)%7IB
z-o)|7gjLjSD9;h`8LuwnG4WLyZ88@l;U+(3K`_U8GteCLwz%1?L|KnZ^WbMO$saj8
zSy_#`nqrOwY6GVrS@t!z;X~)e-J15-Fk(lm@Lwr4&<O_z_(MO6SZ@eJm}*#$Dy7WV
zXXX!qCQ)TPRqjQ(qJZ(RKBPFc(6a_X+zGh|W&T-2uX*ReyI&W6WxbKj9Q!BpV<sd!
z66FaO8%3`;e2OW+$Di-hP%V>`+EKSN^uu^~ju&NOkwT9}hm8(JR?i_B_=%!_-KNg)
zfLN;;9v$nUTm5x>OK_)!XqPB_!3qmJ%I_Vqu7&dD*!-(opdf}+#-H=ak*38dCc=^W
z>DxrK&R5Vf`qvbbAZzR02zG@-u~{g3(gXTn7bHXf=fL+j$118<hH9{P2#CzIa7*lD
z6RSvgw-)a!yv43A8hh)65<UEGY`A+F6^k9kz|K;Gds?PY^bylKJIIKNDr*Eb6%&UB
z3~J%8Yq!I_2R)<sy>E>XtI7nR+bHIbvx{$?RI*f>*`;e^ch|&OvX(NjaX--FH}X&;
z+mCV`Lhb+qonCzFWJ-migW{W`6+U0TA-zNpI<z28K$Tj57zcu@5?e`5Z&%-H`L_UD
zP6+!H_2k);07&df*nF&c>X)sSaDT54FTnaeGY_ls;{e+(DDoPP_7$s^w=KnHF`e5?
z5*95j{<hZ|Emc7Z?Xe~4hx6JevuBH<Z5at^d#?8z?k^rI<8a!StwymrVSJL^I=^{r
z?y7r1QwIy)#6SgVeSm~Ldv+_;dUQhVLd<NqFzd?H71C~lE($kg(Wxc=0Ewml#y{0!
zv%<nx3CnoeCj~8Wh<u*LKY~KOvaB}ZKPON59sh?kjS0|eejiO<M46<2LIr|I&jxsU
zwyu3MzfqOT)MNfu7vDO)Wa&3b)Zo)M8M}S8#i<^5S=YWB2B|CHpIz|ZX)sRDdUBr7
zlNNtY@R1uJsBXfE_>poMSw`^#b@;k>{=9z<J2nYn(_E92Ib2CSmq<FB?)mrOba_6z
z(KKG=7Us#b*qRxjt<iCp)^qDcvlee8K{ia`eT#~n?WYmugHJ)ZHKtr*6EOr~L^=~9
z6)y&M5XF(L(Jc~wu2NJTKc)^bUKM*z=ogJdIA>cVIS0vtLr&YA1v%AftELpUtqVn&
zFY`;0cS_u1-+qiUSzROEBCo5x<FCFf!WK)Y=YH;k@)w$N6W;oZdE#X%_MnOmQt<*D
z`@nijyyU}tai8nNcU|CWa<<7Q;%6xT+m9`Ot19n2&5y(fH9B`oLb;URv0b=(V|80i
zf%4&}wF~5<ia4Osvv?74@zD{2hbCt|`MX%Jbx+9DR-IdHCa)PFIKd&t$4M{Hpbko6
z7yYQ01QWPqjKLvziFgCz74vCs&L-Q7a$<FRaOh;mLQM{xd|G^*CzZwqx`$+ZoV}#1
zfAcl0)9j|5p<JAex(;>v^m*#^>8HDLalU6XNZKbC=UvYC@z;{xVC)kcS^kOYcm%Zn
zD;@zx=0tTig;GX?Gs3{*b3va-@+>@@-^XV(+;M$Rw$0q5;DKfzHoG|G6n8AO@xRNk
zHo1Mhz5ZR*)+PkVNp=~oR4<Fw509Q@TKo*A0%yZc!GC96NQ*zss|gLuS@QVVtf<Dz
zRJ(bz%omydazR5)<(mjzSRy0v<Y_qqKla>=Ymh6mP+5Mhhp{KmLwITS!PDYD;3My{
zi@wW5r%0@kgz)>Z2wuY+1}BVCob?`F5sLPd6YomQFtP$Ju2)oU&Mv`{c@T#a#a5hF
zI9R(a6~j*%H{<Z8*eh;N=(92<K1teb4HXS!eYAQFy`Zl(X<W6mxHtr`tS83t>z*Od
zRD00G=Sd3QxOg&2<)*dSwAMRsoXRAyr?E8~Nf~U{*^5^r8Qqq0e^$eWi}D*fs|a+3
z77zwC9tUt3bZn(KR7?Qx_~{weXx&yvdc{YJofmg;$*$d^!Y%5W@bDnqqFGA};cNO(
z{t-ib-N``h*A!cYS_+#%4Ym%}EpeYf*eXQp_NskNiA+JY`-!6FRhw><XPJQhh}NCJ
z;u%R^OAH93`VmctKSy>@k*=55=Z@#0O3sv{893E^7&_@jEzz4aktW9PHEM#koRK@4
zk&A#|HD3N$4GP98?e_8I!^%|KdT+S2RgXL%gQe9xqsB@`M8@h0e$(}Ut_FvJan3y@
zJ1WTf%d^As=Pbnu`n33u1(810v5m^eXo+u$An`l?F~jXbqwCBd##zKZMWEtUAfr-8
zLOLO-TsTk*aLDsndf$VFlS}V|vaLt23|dvRzDag&p!ESB)*$hN#p$iY9ax#lb+E@j
z3?8CLtO_SOMaEUys>dX>2gJOi5Oaf%7);<D=>^oBrQ_(&(wCAz$F!T9C?W&b2M>*O
zsTLP&O3=Bq#Klymm@m2gIWD(9!(LaAAM8VZFp!&N#p3XIm^!r4<#Z*K2yUOrxll;p
zPa_2a_zDs6DjwEWwI~Lx)vS}Xp+3Gb_Pz8vj%)UT_Q&KgQqluyOU+1y{a7EjfAA(o
zn^E}eu^Gx@sOPAVvNV-r(&#MDOqt9s<pazBM2wF@oYTU^06G@~Aj0iX96P+{`oq)x
z!7E#t&eRjtV()*@ZfT>ORyTyNYMn}?J~<kPrRTzNrQTfz5-oEXYi7<;vM%=`g9eG8
zNoglYv`m96OWMtM(3-c>>3_{$$nmfw4d0~yHFFz>ax=l3Y?D6hDLwR<w<(W9**p4Q
zvkql=9OO8Z;f9bNApt6*IPhe@c?YrNcIeug=DK&zXnV#B{&`}%PN11~<`y%&XZ~=O
ze1s*CT;%yar;ig9g5=6dP?X6y@9Auo90O8k|61bvScSzVh37OuFmmU@=~`k+A$2B4
zJx|pIPCFILt!)O|S)T9rlhRaT>tBWFb*+Z|W-iaj7eLFQySb`VaHody8vmKp#Vv12
z=1e~?9JkY<V*hW>|BSE-;$e$Q`3+!*;0ar7h#`+9g!!E_$n5vyT-1^~$PF^U%4-nM
zqh{C>o+J$Nx?Hcpmb^jE-n!C9Ckjd**61FshhLaCOc35j1rCaM(CUYwJ>?e3GXZFL
z0*X(5Ay(8%VU6+M%VHu`sJKBqfm!d}oa6H@Wqo)j$h?HiT*0W~pGwT5u3mxJC%Vl&
zF}qm9U$}2!9s!I_CV=rSMwNFz3hN(I=Jx`|gt}2qLG%<^HWMj~ip#x|QDHkQc}fgK
zHmGWA3PlTX@h{O5cX@;v!7KcPNmf4x$dEPD7s3^@5MY19@Oj2+p){r0|AOYdD5vNk
z;v&S#5IrP4oYX*mZ`3!vMXHt<M53sHe}i44uZ=Ht`-=ZAd#T8+m2F;r;Je_I0jC{S
zp(S3HHst)9@H+&Jd>6nfQ|aSXdkc#Na=0S*R7fuT;gx2!PF^s4BwFPGJ0I?erL4&-
zDU7Vu;ts@1N1{&oq=)xt37InRU~!R%0sq|6+~5>t{}lk_Xd3GY=Y+4R&Dn(5BRGz_
znL~5IEwT*G8WOytt;)a^{fUAp(^B+jZfvZK(ykrVmJE`XI8T<%4`n&PtUg`f68pwz
z>H%1A8yl<eqxgS}X-`}$=u2_9AO(G|_ULvLe!9L9Iyp#24rxZ5PJt+}=ZV1;YOo6(
z%CiX_ys4wUp-AP39Z99H7fA9qrJZZH=8k>FK9%R+OTdURyiG#F8b0h{+Q*pojVO5S
z=5YMC+IxsI%6C`DU|`l}AX<={qr=3@nQ&tf^PN+_3UBxBkZl^HG*OOZ5CT`6?M*4V
z8l1=<&S<Q?@AohoI`)f%-;QW!eyIP|`_!Q!vYOhMc6?*CTSOn6kR0_PKLw6+yjqKt
zA=(l@oX~`1VLOIqvA{4(m&`@y0}ajiLb{wCH?znb{t~XBN9YZEfd6@28@CR{j!r`R
z(P2t85jP5?SnFMe#W{)|h-#wbTCTqhKYu-z`k6%%+ML+DgcWid-c#Vo*#Rix258MB
zoJM>Kt;>it%k$EJ)>@objs+*4eAL;VFde>c+JBJ=XxeL2{NP$m`~k*YoQQ}v<Jyh+
z$Ee6kwc{S`-D=dqz(ZmR7v}}jS}BFoahZ)bHHj3%fe$i%!=Gmeah8lQ9mL;ql$J=z
zhJS#5%^1GTv^c(IcOfGHY92SWGvC+m_eX$uyoY53<e18#3^#~iDC(#|wDgA83Y`m&
zV<d<|bNAy0f`(TLCnWoo8+@2xom4)_x};n@1foNHctK}Mw|^$^nf5)Zzc}!*HAJ|I
z7XJmwP>t*tUEhjtS1Z5m{I-iX6yCNZ)-|+>eKx#9?hlJGO;>q!Jt%eQ*7sG<tsi@D
z-%XJyC+`mGbibBdt~rs>{LJU?zBe4DpYwNP3`JLMB+zqaERRC_yPT1XGshD()+{Y*
zs<EOs%$?m>lZ59rjliR3sZ+~QTr%&mTOUh&#{v}yq9tAgRCJPZ{wH?-EuuMAqKd9=
zt63U~4R*hRCZ%RjHkC6FP_3Ltfef~_l8`%b=U9rF9}0G!-7JO+HYPCgCzrNTxddI9
z_VRW?2_rK13wO@vUJ|YXF^4(u;THF-w9NX5y`Umu-^kGr*^X$5uS0C<Gx!HBtR)hD
zW!{mniojRDuUZH3)pv^&ujSSU@j4ZjD7@2_$HErHLv87%4d>)=f*W}zo=B_P!IV&t
z$Z`#5i1l@+`0;ud%D#;mb}+^qMPSFsnwHo^Gd$nFKg`Eue-O+@+~56x{95W|FxBN}
zyF?K1t|A*4RP}ODRrFae_HA^z;#8dLvr-#S1s9!zol7cV*tmh${;nL2ql`R#p?xvb
zq+IkZ(epifPLQhZDBJsfkptEJB4XG1elaycET`pJdsJ%l=-@7q!({^lwh8k3uzsM2
zpgnE?nzTrgpLDUvUg7R{!T53n_)iUYhhCc<jvj>y?h-Ooqr#0M0!?g?F$`)AK#HB5
zJ`Qk%7DO)cX+ewc5wyvQ3q44HaHfFwNleDp{^_Ywl#w2k{t@|+uY&tPJU=RL%=fwv
zq(apyN-c!In$3c&hyfG)B8E*(tI#ou817DgK*geWdDnroME{ZQFAI3)zH@bNSxNeR
zUs(&XotS=&l=^^J_JZMwd>H<!mTzb+_6KzmXfOegHgdY2=*iSElHV<$+lKvP`O&R`
zhV@H%A`U+-VJonkF=ALTlDSul94V0(hbslR^VK3;B<OWdXhrT5>A?zu!=$2Dq$kd_
zkT~$O7v5SO(ntQV7KB6xjM|SumaBbkYAT^|x5Q64nuIx$P{u=*0Ely;^PXrpUI5y%
zqhPRy^07YnIGqapk1;;7qE64zXq}&s=KNN1IlPGxltld+`-pHo&SF{Wok+9H`6F76
zFy-UPo)vgIufOF6E2WBO;vi=)p6RELN>xq1i(B-nFPvR!K`fJ7k^Un{fZ~W_ns=0l
zU46uD9_uB~K7l;t_U$TEi4_`I@>;>6&j&B&S?yPH3<2zw5cR7?7twB!6R!fkxLQJ&
z#=#kyefeJT#dh?eqlnX&fT6>rN{{R9%y7Nf)9FIek@po7)Z*{TnC(?oc1G0AI+z9*
z6|;x}$m`B38C1{FEtOtQodUy!3I>0Ev_}<rVlZkj`*`GebY^}CP`5~P9#C?4zXwHZ
zojWfeUEFiFxt9d+Mb8ajJ3`1lx8CgBCoJo03Rrfiv%vPr0{iE*tSC7xY!aB)jsO<t
zoFf&lhZolnhgjub1y`y!RaNkrAzc{o{)}b+voQUnSe*Z<Z2Z}arNl|Xv-3ZhvGbpp
z$N49fa+`^N1!ajuf!qDz`0p!@FJ49INBC!-IR3py?;FRLnKxH4d`>nHX+Z9e8ek0L
zoS6WW*s<<-p>qx($<R3}fk)?Z<WVLk@~2|&?ll4BSLc3?{nNk%EP?Hc`CTX{ki746
zzBB$c&Zo{G!9WeyQ#Q5rrDBN4_s$R{0<UAS$@I}J&LkgIDm1XoIf-BC|2;>@dy})G
zF}pr|2L3Z-V>kc#Lix`rL;n}?A4`bHW0s%9e>NX3w6^|B%YROSzwV2~srb+SB5?ly
z!+-vEsL;SR=U#rL|0f<I@7Vv>eLVkRbwH`&bP)VCmxN>sqMzKU1vi~qCjKq5KlYK@
zs=s*yQZeDrEY@25Ru*0O9|HN_o4U@wvZ?zq23uk;Vkna6*gb+M?^$UTEERrh{vf;#
zaz2bt?__zF12_7JwW*Xl<;0F_?0Sz-tekv9(|;!)*F4Kg{$B1U?_9V*eiBP8YI<Q=
zbsJ~>4T-QJ#n$|H%8F4g#r&n!ZD$oF8f24`NqLMEoC`bLp}xIGlwc89zCmSytQ1kt
zV~G21jBV3aO=Q_>7BpJxWc#R4+$GHLx)?5fh#?pS{M1FIv19R>_3m7#+~~<`+N!Dh
z52!wEkQV!uI^`(b9D5`E7Eq|1ukfJsmvs?qgEJa>z-bh2(k!aq)uMZgxz)!JTY3Ph
z%qYH4_gg-S;3R;ayH9``G#|a9a$|iKzW>a?=boLF$I-#(-J-<2wAzMCTnkj*z_g^V
z<XI}hNQVxl`ta=`d3`vC9GIWFh{F)V|JvG*wRi60{@1~ZyMAu_Uoh(&X7=US{~8R6
z_I>}WT!Q7<|6)6m<AMDBuM^P@vG=|Q`LX{c73ZA!{S@!0_-gmd&}yFItjkWDUteMK
zYo-+O&$LuqUw2A1O=G;BuXUN7uP@|$Yo$MkpX4`b$4rjF>+(hngsq)7w<IZlbE{Fd
zE`!Z2453|bZatW@g9*ys8X<eQ3;G}h;{em-4#)60k9{koYC&jLd&J`Xw7b7AL$@JA
z!xbl4g~a?HgJICy-m3cu<~D;9F;9R?VPwWK$AKjW2lfpym;1RF%NoF1!I7A4CT7)_
zg~!&7YAuLfCz}!|8^R@{^Ods-SB}b-PV_20{H&I^m4TIAayVaPwH&A<OUZ0DIasgu
zVERQ><fKRINyk1&SzW%xwihOCF=cS|FnM1zN6x}jwoPu0j6ULigYEBDK;xLA^bBDd
z)+;y;jNu21U~FWT-LT)~``2@EP@TA3zU3Z9HWwwNRqWV)oiNw9P#^FRDmY`MT0S_!
zM(mBU?IK>lvLdyZR;d{C(yxilNHCQbP*DZ<&EQMezIZiYcWm|jD%5e^TKtzZButnY
z(1LG56z3J97)Pxu@O)*}o-B4|Hns5BAg_<n3%yM;W&0GY3cHpDz-o<PRkjw`qRIAN
z_8Z04G2h4U)6Q{&6n;7Q7iae8Wg=dsO6@jBF5&dpU2;n+_`O^>GUtek<3wU62u_QS
zHAr8lklvIo@sZx<j`op$inl&tUXin6sQ4vaPAJLXn_YD9-R8HEgKt6%J_EkRKc$mC
z=G3P;Is*M_-}rlUz~{=}Z(+IkvheqbyJeu8oU@DfiNEg~{&#AhEB<@K>%T1cf27^R
z|EB(*8UIrz%c5%cEME|u36Xmq-j5Zow>jVOewjpaE?zBfvOg~KhYf5wKQGpoy$SX+
zQz3C7uPPCz=)L1n)VjSVSQBI)Pm~1M0v7z}4J;+FNaA^h`0_AIV>2sui=)w?WSMAM
zE)p|)Rf`<w`xLKT#BqABaKb4*nQc+dqZk9*X^r)VQ@9V+v#QA!9_Q&T%st<(0qn^6
zb~9klBfT>yFD`O^Pip>NH2QHbZ9orfa4<;%+0}6iy^N-D#k4Gz=G+MT03VtC@yVPI
zsLs%oFg-Y_X<x=Z?FX>~*%3`IC5`<{>pA>{qKgdsf-*eSw#FujTizCNy4j+dP{PQ8
z0A?gFC|h0KHnt4qVxwegarPWQFV^JoYtiRkCK)WDct!6q?c;LJOMjRz>OL5;ua-Iw
zNO@v(;K3X{Bm<i{E+Bm;-|~|f&Q9kk3Ed#7$YqOKycTfTh%TjXat<L5dox;GuG93-
zLp+Q6_Bx;NF}U)-bRJ?zAos^_5epBUd8;42wnxhL^8(or_u$ati-AkQLWoio>z#jI
z;##r`Jl|yf$(+w9J2^f)`*vR9b<_qtc_?HOc;sbqN@?Dg^qFM$*1KT+sh&E8nIYaa
zbvH`1Ndr)ed%luK0v~-2`t>3RelC5=iy$}-8TLvg4>A7x%lN+}d$-(wc$6A&-~XL2
z;{X2Q2Z28L1;-aKRd4{1uAG7IiRX@10}xE8B92igVkRjGn-fN{ESyy$_UUn@{5ycK
zGA5mO)WXJSMBEo7#7miHIe&E@Z$^+X2&<o5XhPM!gv`|ush#}mCL?!f@w)|Hi*p==
zUc@ePTVF_pJr<$zf8%4s9&IF-R5`^sSz<3L7errz=T-&$DK-#R=0-B|NhJJ6lt{}N
z_zyhP%3wx6?f%~T`Y=SItb6h#4ou|{>(UBG1BmK24m8%{>b@Zyo18u5O@C7)t32|`
zaUje;Z^rANcjR79|L&!lpntLh<MnT{Q?UobvVEa0U~}sy(vo)*E#VhpR`{XH>UDp1
z(0yzyuep=5ENS2SU-U8k2S~sFa<_*#b~$^<n?8-VY<nVRTiZAkR~X^teD?>)JIKym
z(+N`<{3!VY<H=;SiCIn~e1H}vL!OiArLx)gbiPM*4176RMmX!)aFxL!OL;bnv<S-7
zv^@#N>XW~;D#U-X?*w`#*}VBLV4lRAf1kwP)qN6~c$Gu=;y&k}nw#%`CH#T~<;GdU
z@WwD#<{)gxV1*s-@mX}#vkhT{w?#S5J@0(ihTc^C67bK0_0Mtc;T2<rE_Hnij7^qR
zilYxZ+=<z`RQqheM2U;NpbUcEpa}ZS&XghkHaUavaxa>~SB~1PC6k@;GzEq#gt47T
zYAFaT%_6Xz&kQrtgz`%EW@#oQiv2n8RY)EmUk@sLm3wFRj&NS5t(^63t2E8}wnVMc
zQdhc}q->Y=n*Sd2-3dG%c5x8vh>Zk9wcfL3<ndqG4$J4iGr8_;8L8mRxr8<%2sFZf
zBla<{ap`T8<AmTR_HpP_<w!53&hiEk)fj*Bd+T*<yJ6o5M#h&?m7==4ox#$H6+X|d
z|AOxC9ao|n%x5EeulLo~Q`Ms6T`N}I==nynhJCt+V&^Fzu(2T`i*|EFr>*JsVVh)t
z4<WKRGkA)A!t;x@xLla-88^i>X(9^l`y44out#_kYBnxA?nx3;d}73UKN9|M!9ex<
z_PoFn@g89~glkN&4{N3oE%8+pW%2H$%v$LO-U3QJ7)$(R-bN}B0?K{n6R(2cQb4tT
z>I5-TZ!Rnr$C-b~+GLiM;v!a-w|Poh^uS>Ew2x@O>1{wkJ!VMV5|3HrLlrGGO+`!n
zqpN7CIP5J)1^HAD8Q82-O26fpU^Yy>aX44G>WvLK)mU{d49v8qL|!}xM^m`Bgs^;j
ztvZL_--LfrEUQmuEvvDVZ&h{I$`}w^pEm&Pw)PXRQrROGZ(i}HaW9meTeTGc`^Bx~
zg0kGL)iK`IY6OybG}ebhTwV6)-IJwV&#y#TbfaAGpiJ;BuJS8+4=)?FyNZQKwpSU$
z&^`E<$nI*6yt*DUkIW@!KbcFroJ&Jl{Y2#PebX;*qcpo?pO^jicQCA+!TnO$Z?7u=
zMW4}rdoIxmds}UP2p7m$ZO;^p=U8n^dH-~)?d6@VwrPPXu-YCcY^GDZ!WUw{CD@OJ
zf*`Q_nUS#e;)p#Vu;1RFjX)uQ5&LcPJ|AiPaRH2;{kB2ux9^DkwmHXsODG=pL5W?2
zYx06QPI1j16Rc4z#-|~Ta6ACuRujiEpLx~Tkru7OuyzMu-%y-lyfQy}9x!rfWodL`
z*7VpM<#d_-F+DagU3N#$ko6hXe4tovi@4!s<h<hOn})^dt9U&Q!aeRliIEp)u)+r2
z8sXlSu@g2&6YjmHHHhO&cXP&vI+IxGYXLmbS%eH=I&OuXMe$Sf44y<XM03ow(mv~t
zoEPD>f1PT-uWGU%!Gt(ocrRZ2zokW-yQM{UnVjIV-dXftx#Faf4>65geQCxtG9z8`
zQEzM?o_sF)TVOxYvzeToANB?%+Z2<Ukv@kKS$z*Nvt&m4NDkri<c}HY6Z5`j><8S*
zFaq<cGD(at)&}&p$CX;+OLhBt*e!nIcZzd0zDEctqHAjLhvjw>_75=Vu8<?3tC&;h
zS^Xf6Qgu5HtJ8Ath8nNHPbomi#d*b%<Yg+@SmR<IG_UhY-2K&htu}ODWkWaR{OK+c
zR~r32UA3bbe_k!Uoi}x{*u4HZUhK8Mk(@>p&bx%dFuw1a;kV|o4b&QJ+j5wLw{7bl
z=<m^HWsZ8^?5;K!rmfcE5<e1b*vk6JR<F2L6S+%xVElGS9>-&@3AwCPT!L?|mjnrN
z+@GBp51(j1BWs$);mq+J!@PBCQm}5RZP5)B<VqQC|A`)kNeat*DmFBI6RU6*I8`6}
zxS~v5#uwi!?H6hBR`XY1DvSQby#YUO<)W-E@k=gdm$Qv{8(gE);{YsMCH?i`E7Bzr
zwl&6qv<iyB0Te^h5@#9EuWT_%`{Hcsx1V>P@Y*V1aelj}H=JREkz7Djx(HRfocnk8
zW}(I8vA&#S#$%gv7fIr5ZCGQGNrFH!bxKc_61><+UcK-D$l3Q@R`!al`?5;)e3$nU
z!46g;7`1a}R<T~nKE?9bp>B13MiR^W6fF<rv7sW586uGuz9St?xDpxp6rJ+s<0ndK
z**m+maxU;HKInyx-rT!-!NatA{3g7da|01oVykunM+}eQT(4GsTBUK(2-;YQxOyfd
zsBzgO;V{GS2g?F>4uH8;@<9mvm@I*F^p_&kjBi4AxF!A}TZ7mm@N!?F+xtoIpJ^S*
zi7oH=duzBoqt54uU|K@%977CC%P}n(dcZDdTCYlAz!_>dV-leqZ&qc+RauLt6{&pO
zG~g~bPkd9;V2zO4$9OEf8~X#E3b7=nsEm$~+5hhstIzEJrzg;Q&V2ZzAC&88H$N&}
z5T{Si8z6o!?*Rbnyfd+L`u(}~eIZXmxu8Pn(@xo`@Fn4ca{JWJn>t#e1B8A&^y>xs
zJ9D9jo&*1dezD(X;lGuZGVUX}BX%Jl(gsuC?;ZTjyUi@Ewo&rKvD|7lBinkYJ9)lS
zHp2OEm&`!o+Fo^@dZ~AT`xQP{xAh7|;o*ecJJ0i7j-Pl)bcL4SMdk^ctI9%gqW3bw
zk23Jgb9bp~-*(E{ShL`_+nn1}ik$KheN3IFk<qum&6gZ~`$}nq)A^g6SMCrNGqxaO
z|KB(Hdk}4Zj`H_0AFyC&kD~ZrEq}Y~p;|Ef&Q4JD8RhRl|51WOZ#_8iMXpLaZgg~x
z2<HuZIJQVaTSvt%W>?&~=RM*0Vx;AwftQGvMZvld)ehP^ugD#cu}`8;<8#zNH035a
ztSYR|*RzmX=3*&ni*6?l3uBJEMe6c2Hf7S06{KSaqaxQgVJ8#PLt<`oM*UMpp0z|i
zBERI>$Hm^YP;6A=4EwvaOm#7N9VBL|;TitbwY_T-*i!bcg%RsPDe0^w1^rH$&t_us
znj<E!!BUr=Wk<y4?z6pXCy*<9muFf#k9K?`s<L;Dz?d`w0DPO`2tH%)D#hOAnZ3@=
z7^gk?3tS8$PuKRY-L#c6|6FNW>|GVkb{<uQ(Yy2QU!>>uFTn4<&Clq&pX>a*rTxn@
zKPPVW=I7b(?9=@8?$4@wqkQl9lJL*5G<V0BbP->&Llk_qg8yH|mz*m@6~vd^DWcl{
zO?=6PS)jg%_>%u<%>eu7^t(uIB05OW7>a@yU!n_pd-rWMLp%F-6KYb?R8_^U`5AeZ
z(Q%$(^s|JR{ErAPnFdSDS<yd(xpbHFLv^^+m)X4=VV9i-x$g1yXJz;?KQxs(mwV67
zqi-sC(V6&$d~0&5ZzH}i;Qyb%fA0TrH~;xU<4c~B0SWle|Md8_;aOlmDZXT$o6moc
z6U&wODOaA3K_$Z{!gIG}>+-WRpZ_uOZBN2q_mu(F%hK|tjxUj|O-^@o8h<N7&^G6r
zX^-V>dCg-vkNu#t{VU)<`zC+xRP}vs`!l`Y${Wo8)%xKhEuQ?j=~Ym^kNV+fKHn=U
zm4ANwW4FLlawgONYWz=p+?W4f*(dxf|F4g_R?rvVU@3>`=nwq<KfOP04cnrx_TTz4
z%=2+`-{pKrn_{N*_4Z^TJM@L}isC+$!!+2+*%SRrR{g_Xg>6U<b9G+^+Pd}Z18pe5
zUnJ(>bEI}xGuryu<nV4>?kywF=UlaY+GZh$ZO+>mqVnpO`OW@GO(bXkWQ$bQ#r{cY
zHj{I&0F>E3IgpNJ_fORRi1L5Y?Hi|yz%wLkkFbY2FZ*S2Kxjqz)zP>`CiXS%M!ur>
zSBM?qT-fmlQT&OQ=KxFavG4kRA@wPJzXJc35zb}2qIj2tVtq22JV2BOFX?e)$fD?9
z<bN*;c0ND;2b=z~%)duC*g>S*O=3v;Z2S-U{KJGC`WyjvyQ0sf*-XwLH3Gr@-aOv2
z^y%&IvDo|jd%5&FbF#Ps9krLw6uY81K2s|J9#69h<!N>Uwp0jKylkV>AlOnN*nUE=
zqyH8A)KuzL^jZSFmO6joRjkJO<eIrfKK&EEXUR3AFYMcTJ$C!&O0Va!{CrvH^-!Ys
zg<gkk+ZTF$Wqc03E~RK!^qR_MaxRhTGyHTNZ=a1`?_4f>PvT`Yjt9ejP)=Pjn!YPP
z^5?0W^Qh0Tf4MNoJHg8<=eUqpezJMTd3h%Xc_(>!tGvAOlg)dGm$y8~dybb^4ve8*
z`N`&e>ji<~!2*@HBRbgYA7`66Px3|j?yUz8wo-=D@*{s<4_2zuzuck{=&fqPez2K$
z^2(3=d3odHjo1&aB!M}p#eYPT98|Pg-oqbgiPL#!dZyLkDlCdq$?w^3IfIeS9()#M
zTS_Y1uFF9XUnhh6kBq&yEGPe}uJZTD&%g8eZ2k9imH!Dc<kY_*C;uP2%Kw}E{I{w6
z;!m!{<#J|x%JDi-3+RCXBQvxHuJFJY><DF#Ch`pj$MdD0{P+aUOawLf=kl+!@j2go
z{Zsex;5^`cwztQrMEIFE9+o=Z&G{#Z49PNv#2u7nU*3M!2Kk6{Cf8)Vq|U3i7vaO*
zLByHw;~aD*#%bR<;2t6^JxEJSsTQh`ANljB;u_WDrE~XgZ|c9;-hXcO+FLRU31(Kd
zr9$cxxklRMx=EaB-z6uT4CO-N5wZ7Epd?%13GcJ)`9(7$rfUt#kvm!uh$a%RBSPG7
z$?oqr{5jtr`Bs655S#2$6_ibXh?R-*fjkq~lkn<)s?+rcau86y^K2o(3!^<xtuHtp
zA^*OE#j<|x<iK`NmA&rZoo57@W?8w!Mq*D(MSHP}RaJ!3;Y98~xUvER2E_knv@C~S
z)Wu9O!d+@W-P?-3-*(c}gu^eSE;6><ed1l1AfY+21WiXz){`?*x%6oyr%F8LHX_)a
zS$GJET}Y<NNq%7p;a`oEE{LDuM=@l!&prBnS(>%>2uc5g@gp<}aNDvY4|#i+${eWX
zDwmEjSMR2f+fZ-F_0+o*{JWgtq^T_b;coSANw{Bf<s4wE_J^a{_KeTm-WgrAcmI}b
zd(J#ED22nBz?0DBzdbF#P0rFAWyvJGhBFqMYEmAZOX!z)DIMDAWu8suF6dFmpUSX4
z`t<u1*59PoWybn{==}=kz+7{LpwDCi@4jCll5^g?E7P8dUWC)&m*akg?>!|9r~7_|
z|5^7dv^|*}mG1i$GFKIFAHx5i_bW6n%=%vj^3uNP(>q&ak^B7YKeASSN&KT8`K53F
zc^njdHv5lnpTXOjc+;mn0YPqM^iFDA0j`x%wHF>xMb(Xjg6YYH=r12R_t6Fy2bORn
zVX0w>#E9o>uEZ$0L-<!C(`AmzDpjX(xExmeYW8NUEzT6KA<1)`m0*Fo4H-ksdXap-
zf4!1?{HQ|l>uZ;8A{$-*n20+${!-JhC{I?xH|Le&=jcZc_v}*muJ(j)<fSiE{>H63
zbKjUKV2ecleou>wMj)OF#RTW70HO#;szIB{h~9!-(k}2&EPBqT+R&~7BZhq#Zm=A*
z@~ZQ7B|u-zP(CMG(k(O`oo6Oz=N)%aRp4D#b}wa_UkWBUol~x{R1jGcOOXh3A@fd0
z;RG%Q;|B|5c+jfyZYR4RF@v*Iu?@TzTkiS5Wkh!+Kc7Tvf{vFm`sjT0Q8@u6tB)#y
zUG&i$@%+|DML!g}IFcF!fImLayTA$a;@wU*fG2mjWSAE9W<`WwiIhU)^|V%#5<)*K
zsY{&lPWXGSxvx`vBr`;3pF#WuIdey%1k_1y%M?{MNjx`^Fa(3)?*19BBHN_G>{@~_
zyUh#L`P7^7vlb*TUdj2?hiBZoGpX4N$*$r+(gRmBti;#tR`GS`sQ9|gUB%axu|bi;
z;yzVc7M#p-#MU7lk|W4l#8o~&ny2Moiso4poW{g;WRB7B<_N+AL*mdbSCUN#t|Z%?
zdnFkma5-0!aqB?lO0svosGdposAlv%&N(2)VFf6`vv;{%2FZa*D@=QCNp;<aoN#_B
z*fNsyBz!=N*I=Qp+{*Q1D3~1FY{ix_|0C81UVKP&4qOe%nCnyC;ijtCH{_P8%1C%Y
zN$fa+REyERR*0AQ5D13nWn4PJq4CrH4}0GNA60ejok$`<fiuX%_^1Sp8Y*h2poyX+
zCIe@12CzKD2Z|36t009LrByJP3~)RhNxeR>tv1!Rm)2HOTQ%T=36D$^AHf$WRa2{S
zhOvsT5JbuM|F3<{oHHRPSnqf5cR%y{W%fDy?8n-#wbxpE?X}|UENEB5r`LhRM|<-}
z6~4139=R>m%|8@opcVjB`u+Mc`}#3~*x9z<FPIvBCma;@bvphUQRukn`Ue1~B0Do^
zOD3>Q)oWn&4?0k|>G%Y`CZEDjuymtVorkXgk7Y&v_SK%hXrs_A_71n$<W=}0T}Bgs
zZkMrr>HgAchRL<`af+MR$h#rU!5(Vl!nXG+++BgEwu6z7-m6ZL-aOIUn;V`Xso1$E
zd%6;Wz4fOi9@o<Ty;eX>r>=dm%J9#VcOk+Bh&`g!%wXRzRba=*;>_zEEgD0*<jeR8
zmbTbNr(T4^oC2+89NVsvs*YyICnqu1Bf;?WM<GhV?#TYY<sE5xA3}ka9~O{{*0(o8
zlQ=EB5c%iOr@MA^^`CHbb$^n6zW|taGbJ{n_Yc=TNdOney8~R3_Zl33G9GwtM`jxy
zOpT23fm?Ca4FcuWNJuFA+EB(*2Sb>w?t2Z5@6C}|_;$?b+T=;d?CJT(lHYS9=$s3E
zJQy*_IryRK-p5qkYj&J-@$IXfbD6WfDirDS7?HRAf4$$|2*J-c-S5|l&}hH+`(MNO
z<Tu#wD^c4w+3$a`-r4VefD*XhkNq3=`v6|lem@9LYQLX;4IxWdQxRtD_wWBz?e}q%
z#r^)Qb^E{HufP;U;s2xe`(Z$&`@7#4z@_SU`~BDK_k%HEzT5A4?DuW#_gmI{x8HZ^
z*z&vm{t~)mPguX4vG@HR{1}Xy@;rk!Gs&sMa4WpWRbrM3CR%V_tBgG*{>y!m3~+ps
zfJ4Py+wI`pBNI{!p-wfg4@4!N*fUcz#nh~FR01PIX-6fVMER)-$8`g}Dmq1mPYjxJ
zmUXPoGe|!;j;raT1k6iZTf);`D6n-5-NN&=;i-9D*?I0nZw3do@|N_bka;Ru?iZkq
z4D;2A2+R@A&W|K<mP$^inQll<UM-j}j+SlY<@zdAmu2U_%g(<noj*Y9r4b8$$i<d{
zg6ZgFHS&;9{Zw4y!hZGzU<OoX<xbft;5Y%`T`vF+K9vUGxzz8KegoZ;JSLQ|xIKy7
zZ(j#V-Ir0zry#tYT6l!-)Z$ZMzLT5?Fv!oaJlx>KjapUSN~gRAPR8C>cqii?@+R6V
zQ1%@~k#SFx1<lrxatULhPZTHa%mEc|n=7#U6XpjT!9v^`iMh}Ft8{P2$$Si$jXh^F
z2IuW>(b_;S8d?N5nM$1kewcQd;99E4buC5TI+oqJFQv3fzVHUlOG<wO_us|YSk7jO
zufX`x1|Y8gZwX%kh8q01zn&Hb#Ia63_)4100W}2!yficLJ4_Gn48>OK`W<T!zhmFC
z{n!L>@!!7u^tzjcW*t`RD8<?i$qq=r03B?adU3!QTc-K4G@tI%eB%osX`5V(pRs%z
z<qH|JabsUh^+9rg7N`sR^T%T#<ywB~Vn?5bm%ziz_k=6z`a{EtfxzTr>q~%u)v_UZ
z4;pIc-*<Oqh1z*9ipMfSB)9$}MX8Z)Q>DL|29D5R6=2GX>2%@4oa_HSSSd~}$Fy<y
zx36+yv&VJ+53%C+=ej>SznOxg)6iT_S{Yk9vgrYrWywAO1M<#ywVS)kJhsxl%33jA
z&ZL5`vgB60V>(1;<2>IU|2_PFeLuav#RpjqIcw$Ms2HW&6QeQtzRhMjZpF4FUq_7F
ziOvQ1b%@<-T|+bLT8^}?zcXjBeXC@!ACznNHrC*T4Zobc5*eIz0*7R7?Q9=sTb}J-
zE{v&)E62T4mpkK?wr2pj=MTmh{eY3_&^GK>mJGZe$_k0Q2D-RQS&|~6P4%$hL4EX3
zMn7fUAaW~~+N;a*v(q+FAVB&FZ5?#Fdfy8dFv%_%4dAeFrykB&3HN-c)O3V1^dX>c
zb_Eh)8c@u<U8T#sVPA>w)ah9BDAOgZhKv8*^PqR6q;Ks!XvY&7%+vqV`uLCkT9{R<
z@ey?P{+$OcdY{UK?vYSzZb>lqyLPNJ^4<+BFxLO(CwgHpw+?Ny3`QuCYn+&NFx)uO
zu`LWzmHDuuk$U*$NDU&b-a5-oT&EJ(W+v7i?aL!0SSz9c`a)l-JC3BXVU7pcacc0U
zb%0w!m6Q;rahS|PP~(@6v&JX+&3YQ*0tI1g8q*TU==eQy!LeuoYQes`+j<dMv_~g3
z+pt7nI2h*nx(ghUr%^DoTi3Y-m!%6X-lJfEbE5)>->lQ!Tm|V|zAkb-*-GpddxYPt
zGRYO)j;Me!Dqr(O`IWmE`YCtVkxDT(U>w*MW%}&M{I)2o%hsY*7=$)|GoF6NCuurf
zX!WN}dJiwZku<e<`lCG6<B8^*+oBwJxVzEKC-Vr$LV+Xq@gvd|>WkKK!Z<2%P*8f3
z?Xo5!r42*43X$w0Ya}BHOAU@>fO;2fwuVT$@pwfneVHKbG^Xt<ALghJm&k_&Ro0gf
z<+S+$Y0YF6RcCFJD1clOQc-bh6QdODT9h>>NAr`h*6E(fHfWJKs%vO`DBU&p$&0Ev
z8s`fujBb`Eb`7;?)5RZ*)^q<${)O{QHU2!QUj`t2Z>pzMtloh8RaXoXsGGCHOH**G
zzE<@Ljzd+i43GlG;}y*!Bye&~=<S$`C7tT0)Wd8m(;%t1dQnO37`7fAU1hChI_bI7
zSe~ks9a*GO)LFlg6zs@>ZVJBoREoHDlhh@1LaXV{M5-=3<}*wdv`=QrL?mUmyjb6T
zPyNU}`M1D@-|=t%7XL=8AYJfp*UGGnd_Dgr`TrgMjRkbUzkPu52em{1z7773wd^PV
zHWrw|rM@!ww@&uQH)37y-TwFk_?oH0I}G-3=Q9@b{ECN2-=yu2!ysajRr#MC9imG5
zrf8d%BT4F|&c+%4tMv~+J9c4@{E-KFa6nTx|KseDXPAWF?HLl>X&WsxMcO1hQF7*x
z%*K%H$xmW@*8Q2|BmMyzsGe+I4w=e3;l3Vq0~l~4mEA{%jQ&jvtXq*Q73Xm*$Q@A-
z-fHC`PLixhK`EJ5<^N0dN4g%r&;In^J${{(I@}ee^d}$|0jB}GjnED%(0tuB-#8d^
zgf}CtPfp>`4l9pCSG}%y>ROM!#l#8B2GL$Hwm`UyV}r3{kN7Kz%}?A4YDs#=tv{g)
zKpu8PwwJS>>h=O{32&k3v0l8KqF<h~NY8HWXw_q9UWOuAnM0){Z<p>n4HF5~KrP@0
zlJCrQ5BJJS6=OKlAC6WZR`bK5-VcYU53BG24w1ZN_fuul5>#*0eV?STc0a(&8CT*$
z8)Q1lKN0lut6_kV{<kZfe(DBA5VxPmeZ9p^l?DeP<cqulbHnCoPSK-P(f7MWher~B
zu~@gegrDAf`8Q>h?`_H2@~WGt_m%sfe<3+N{Fe;0%I#>>EqF{FiHCdn;KRco_|P2>
z*D{syYNt-=_+$61+Uro&t@x*3qWeKT#O;vJ{NL8;-HCTXzn#u`-`}tv`7`i8^~Ll>
z?~Cq;@k#Z<0-qM$3V{%X%hfmdvcliT(9n!!co2Dv!TwtOS0(&)v?YV+`NtqyiHe5e
zNu)~nIj}rI^X^q6lkY+D2j+Y)&gvh5PGkp7EZzWYEY=p4mBmJ{iN$7=Kg2e%h^_}E
z_uO{Q2)I4hYMz5IaVVT#-9u_GeO?csF(f@7g++1*i*IZOk1(+rGvE#qgPO0h*#{P=
z7|-C=wVLw;#z$uIJ+=TM&o_g{=T^hHWHr{oP0Ui!0-=X%YUgF@1A$%o_*)c1LZChw
zQpmScXS&l@<dJXV3JB$qt&X){XcD$kK+~2wq>@iC_3LJV{GkdK)$1XXZ{grw?h!~%
z5Fun1gjJ!~Z0H1a>{b5Q8ty^IlxO(sBS+cYUEzu!x46}Trg!9zbN-X^$Mw1~1-g>+
zaZWL%0AZ0<B;8FzM7k*q3B03~g^cNtKl*_PF-c7Sa?u}~ke*SOddAZ$fAqk$I9Pf^
zexwy!l@Byl3&(9CAONlPZ1OHN(UvdoZ3cp^g~;+FQAykGsHC+i%kQsZUWV#m_Z{|U
z)51oH3l}(o#zWzKF8OOr47V>tJ_&i_skV;VZqZSjEIMkhLPu>6abp#b*M5l`xdJx)
zi-*>cr2#tgi#A1i2L`Q64j>>>Kkql$@<wOEXf>_qWoObPD=^tH_K_dk@@vYQTf>ky
zZnw?bDyz>TZ=}OH&H^pk5BSNR38h5;$_iIw@(YOiWD2T;;VsE+h;ci`kvG1KSS4@l
zqArm)x^=BUS{Yp!kakD6?svAlk@}V1Dql`sj||RIC^ueqYbX8>RYBPJ53U8+qz2I!
z%1X_3Q(*Gd(p_KBm{qIC{Izfm{tsU2V*0U4<~SDp{Cp&r2JDBjmxhSQQT37-uP5ZG
z0X9f((W-wbf9&S33K~UvwSRfGZVI-+E~T4-x%AR``PvdcWsm?B_nWHFJV=uTK|(Z&
z$-OjSTn8Of|5APdLkoa;O66Zpd5AfwuH2Z6%cb$~;epu2u-EHHqoK(MbfQOJjTGpE
zT2dn@wmh5opZ8<`cE9kaBCkvh!ExB!Bk4)9hj<&L6jc{bgQ)|DzDTEjx^ZNq!tks-
z4WiN~or$uD8yBtPPU5+wwz>fC)+~I+p@e!FEA>Vx;?Rn6KmG#{zb%gP<zDcIURe~K
zt-N$j!SvbTx$q38`<lw~v&tXK#{PTDAGr+!L&xqIkL=b<_mQ=t>0wHQ{0)vc=){B4
z(i#6y^yu)5dLY8=|4N<)Fn3se0YZ|7&R35oc+aC4fY;=&Ixyj1H0#niSs+KM;~mxQ
z1Fydl#MD!q>JBm0<ZtMi@UNVA)s?enB>YcKzoN;%IxBUZ6CIv=6{BZgDbbf8IuEHY
zyY|{^n*2{@rN$z{r#D1qGyn7}a00Zl$={fjIu-G~kuWm*>e&hZ6SJ?qes+^To|QTZ
z@dqLP(z$alWw}4eN*#<Sz`2reO1DI+^w^{Zwkt9OzKEs4)o3Xi{6%-w;G@w(?cgNc
z{9sFK^EYHid~N=!?8ssMnvTfPN%}X!s5V=_{taa$RoP*9j#^M_)#4Q?!V#9f8ZQ)q
zX4kR1*3sh697Hi8W<lhHR4L0=5}L?4Echb(TX<mS^?>;|jCs@Y^3F4AfL+<`zh(_e
z&~pId2+bcTi%0!CtRbHIA4si4tOLzGsRt-zp8&BJ_Rn*Gw{F4zefYo34*AS~-pzKN
zy9%HCn(tlZ@y7iG`FY>Nu@_&DF~LR$xe@&Bl_(!Jx^)~nwXLE+y%t-C;uUhupQY1w
zYpcjpAM>rx*(d2+{jcNAxliKUzb%1$3B+8U7QG#F7dHWL8x)7Hp!4GxX|R5Z3a5lq
zt?BL#XQ?+_IYa&q43w_Zs#hTU*w~PFkq}-Rj{GyjV0Mc9{$hcmaZGI3pEqMM2D3lV
zS3UQv`hyv3eaG7YV;nH8re|*m7?=1Ox8+u^$p*jJE&M}$$Ll~B?xet(N`Y?t1Z+~4
z998xSfCWI>IM8Kdk>0T;@&=sO&YyQ&@<9O53FIUlqsqOB-Sf4ZV|Y0y*6+80Sie_2
z^urvK|KrZ(n{#x;>YA^t2-TKoeFFF|FVf99a}YlV@#7Ic4e|Id$8*_y&9{^Y7_alS
zJ_a9kvz{sly73nY7B$xKEmwX^TOu{=1*kiKuPE^%M!`H2@8wcTH2GIxk^jM7<bVE&
z2mf3T{3E=Xi+|$4KaDp2Sx@|v$Pxtu9xnanSHNtn8rVaUDSWh^_$ZN;0zQfZA2lj`
zv|jKLW}+7#H8%O57JL*3K5A6>Xr01G&4Q2O0JYHub-ltzap0py;-kL;OGj1!9mNUE
zd&gsohFhrNpLG*#G#dfqZ@-7wh^N#hc!-Yhn1FFpo>hq0)JVj(`QzD<!`u8TvLnaT
zYzYrxmI{32f{*@^>jLU7ZD=Tygx|nxgS8c}HCrMtGtH$)gEhYi>+U#A%(L*n8_x`#
ze~QkX=dMEN(tPFjuJU-}`Xj$PyFL89&2Om*V=vLWyJNlxvvrcgY#oa!4o0hv3|GQm
zZ!=rC9#J*F0G|}YbrKWx5p@f39R+UdXJFm-M(dKz>IZzeuWVMW)pm25+M5Fw$qzrg
zu~~8OTHL$c<|+Q&2b%ZM>KmI2a<u5-^iW}Z5;8srnpZT#ul0@1`D*h&7h@ANrU`E#
zHp*$poK*XmO4Mac1(D-VvjiAS`|A*V4H$8G+r=a>vA-PTYsh$CtGNkuJ{Q;?jM?Yk
zB4hTwP;6XB2+pcNDT0!02Bj4llgtqogZBX%L#2u9!Joy0Jz%xVf^zzLpiaD#N85p`
z8=d+qU5Zw-nhDJ!XfJ6sf5kIgJ_L;@xzV5zBU`H*LI!Hp_hDg&V%L*vjRf2R=??&1
zB2H4Y=o}Ogs9pdk%9qOhBM8-7lNTb=%}{H9&}u4}*pvAbzL!qTkGuhwnb@LUw@&^A
zSDXM4GzFZXDZrrvKy+-iuEG2zE5f;vJcaxrpu5_wjP#~dQQB^^7CXhE4BSAWXFxQI
zrz&diE2tlEpngW=m?WroNTTpt$=i{N<)z`TW;Vj#sqiyBg-0%x7Hx1^G!+2vtwq02
z4n~K2>RgvPrjmmQAmq-CJ8n^ZH))G1K!D=>@YNR2o<AVHItRHu0RF=x0g=Tk{w~;Q
z#!g{A+a2b!V}4(1zieV}lG&_}9GW`H<v-KW?uDq?Sa>6CX0t<>&GUrW+|(7b*%x?p
zKbg&1>w|@4HnHHuE%|@-N;?L+OSldd2XD@mwuUQhL~54XoxnFC4EGW4VheNO*$WNs
z;ma@{>Ac}ngx~8~m|TW|a>ug8lP2<aZ|RjXo^{HZ#`HSygLU8s*T|J5haZFt<@z2t
zF^8<Co%~?C%@3-nE&L#-w&DjdeLI)0_`zB@=m9^tBD-91g2by-vC)=1AYLj$wcz(^
z)dZVb1z&4m1DET@JhFk@LeNfJqB6)GWBwTxU<2!o35pBkRaS6;bzUy;`{V*gamx*Q
z0V+c|1FhfQfn{OS<NM7Ix`3kaTx$x;BA1BCvS=Ma^^!gXc(=}%>ej9<<ICytBCG>=
z!VkEC4;Cqr=F5%#l00D<Xt&%SsYf3k$H`+>qO7=J-t=%&*)W?$yz*DVBF4cYQr2hH
z-%d#UE$khzh}bYIs4#Hw7rkvF9Cy*kA)dYq5oZ6tevSad?MKL#+z!wbhxjMF3Y}I9
z;^*f!@pFflPV0hC?1D}spZMQKmqD_j=(4d#*>u@dw$|+b>dxNSsXDAL{)2RxxXE$I
zFpUT1k$jL=gOa4Ih4%U>(lI`4asF9X;}vw;k6FYo@k|=*jh_ok&HW*WD4D0=5syy|
zXUQ_O*^$xY5vSPS_Ry#5$9yh-*lC8f-KHuEqayH!A`W;PapVvGO#V>(0`~OOE&L(w
zz+%M!5}Q9frIg!i!a4!r{{TMG(SLLJIi3cAm)li+Q$bE7U!>Z=K=A!D0e5Z5Pl%yT
zHAnN%dNdo-0g+E+2qH4&8NIQ|d*m4{NWanMCte{xu}S0^Dq0ou3i$^_gMVlN|FBW<
z53dOS(2~hNY;5wsCj3JS_=k;(e|TB(51WO5Xu%TNXfL5x6#viy{$Zml&wzYq5=6N>
ztlu5s$TR-BLuTp_1pM$rjJj9}YV)^bNBW9D<4De?W4U;zEt477YHh6LL~Y0p^R{WT
zwFa-8AGrOx!}<s>OneFw*Y3hremc+vwMP!ILq7BWN1fiCcqd%&HQ$|ddkaZ$IOE-k
zf6s|5upPaH!#oo-uZF4CFSl#ek6|g|>CkxtDq@u<W|c2JFl2m+^RaBIz!%~GFE$na
zS^l}54SW*~gkS_RGDL024j4yK?H4N(ie6N3pNNjAXv!Iaj-}~=J(<*pqyS8;6__Z0
zn5SmMpE)BQ@-V8`f>G_CIkCDzfD768*|&E8Z(>lDz|7`QcUYB&ITP%MpUDK<@Tr<$
z9|1ypf`J*u1OqebPOy%j$pmY$<{+7Hp`2h1)}?q&Pq13Nu>W5~Vk+XFfpMOI|Gsv}
zXZ};=%X#i91o8Ei-@D4=jr%_Gr{|ZP_O)>K7++u;?AOLt15E#BoFG@X=Y;#hF{Bnf
z1AGnbp!t%$oF|ZBP{o(GiG}&WSU+$FP4xH(pJf~I=p`t!s?I8oXs~ku5l&-A<fD+W
zDK!H>!O~a57nj{~R%~2L)y{+Fjn@Z%9E{~05P+-|OTKyN76<?7#%pETqaD==?AxaY
zN;ijLs$yr~@EO{pH}=ksjc(Cn=cDK~?IRAF`*QiperQkm;MeF1YX@#|Xf-!t9uAF%
zN;g3x4v)!e@Ke6BuOxdqaQQ|(mh(ypx<${ng0V=mZa(n}4+8;9?_g|1Z_stw5b<l(
ze?ktu@$GKqkCS!`41TH7c)f93H%E+B0x=e((*KD~#@l+KACH2u=6pT-EpP?!fYg*n
z8CEh-y(@p7mYRZ0bCHR!bKzH$=MzT`K!zhh$OQ-F>DjyR67=EWHQl^ufDdmM`FxP0
z>E?|C^6_?~Ps)z<#FB0V3Av^q2xp)xLFhC~Gb;x_tzQm3&HmlE0q!V#CZv_Mqd&q!
z%WpZfY7KgIr=Hz7H@E8Z9@ihopAg#|D*ZfM3A-iTb6WU{&iz+vn4NTpp3MRxg}T}6
z%}+RMdgy0_HfvFGV4(3hryS*iwSm=+fLm=%vrM%$$r&Jc|0jo{x0|Bab33xiG0kjY
zyS7B+(6L@uW#Ex$KGO9}L=QutwyEg%@Q9r%IuK!2l2S?QJk-&YkyH?sBn7UrlirM^
zDpj5;P<Ap&l$DyPz7Rmx)f64X;#23U=-w)W>}b&=@kKVZXn~|TQKdOZrBS<^l!^_m
zkNS3?`j+129^sS&nab7?DK=mlD_XQ^yWpac2>4<8Ee<Y{=4D3)IJ%ohbIUu4NM_bj
zVx%Xj$!KjcfRv=Gv*B0U*0yXyBvI3gEb%kEFxP3wRa*z#MB4;M<9`F589M)?JkL&?
zH@xg?zI)Sl_52a)Bfpl$Pquul8N(#@YjWp)<Y1^48$%sZ-3|@Zs9>VezT~G&O3M_y
zoO!LpUJvv%Omsw!tQvV@Fm@%3@!TE{YW}Su<1?C4JT!S9a`}hGfdy5RRzo%`I2b-p
z`<;gM1k|v5sH;zaMRDYas$IpA-mvnVt(WeO{0sR~m*594;qzh@Eh7$^H%1@)Ipm+s
zL!X9W0qxNZ)s0way@?~|Lpi5!cy1upGe>*$qSEZj*g3#qI&m1zQ=8h$fez<BQ@%=J
zvS(7~2D7&Yj4yd@q~@1`%=|U+a5sI&W?IgPF6H_#drg*k!gbi9MJ>iHTF0LA@LJ`o
z6xLf4xE!de-x~_+Z41V5WySp48=QiH>@Pxq3sU}qK=pbczSp(t`%wxUz;!EsLLt7t
zR~r9pOm(Y<Dth%lyM+hqJGMY8=0WUm>bzMuOMsP5N2j4hz<0oT9cv>=s>9?iMXEsc
z7x{C~9g4B8LCFOENM<<lbl|%ZpgG7y9txgr<GT{Ucc&|S7cL>b3!e^r_a-ztPFMIY
z0etsb2EN;<@LgYSx(eSVY3t{d@>?cl3Bvm*jqr{q!qeH-Q0WKZkr-Ql7BSv>V!ZcL
zSWlAnI6Zqid%eF$7X_9^7GIA!n}V<5xMp07M}^_c#U2a?Ttx(D<Er6!B(9>;F|ZxB
zSvgtMmi&qx5$hG+KV(PJ&-xLnQ&`2pi(MhRpCPGA)djMftG;9q?}B3gFQdIi%|UxF
zqy+8h2#BO+N53BJU03a*y?1K5KzlDBGL80j<ArFi47q01-hsi(!k7@rQxA)w^G`i1
z=eeu!(y#g6RUU8Ld#KMP8Qk*$hu^bNU4N?dMeoKiRzVjF^1LMXFPjb2YO3Vr9I%2r
zb751qdS^~#&MkRWPZw0}3`b_%qG!wF+{lHu=m*GSBr^UMy<5GCpB^qrmD|Z@L{4*(
zUm6+WB)=vy2+1YqyvTrC%5r)ZjF=wjC5mmCyywr*ql)(gcbGoy&g43M8S~t)*h_Va
z{y&TBJh_)MBhO6AjC|BmGxF~@J2SE?u5()z=i-7^>p~>+aGgQCrkR2p@WLthBoag3
zuoLruD4F65pB?g<|2zP2p1TTf_?qus<?+THkNgfk&fI^i-=7akTAd&NAcx!QCD>k}
zD7OmIeQ}h{ljJ|+1t(HV15eoQN$5rn2UfJsOKK28+V`|2qmX}0Eax*u=&=!H*0@ES
zD(laQ<y;3cd_CiXAj6GWas1;RrN5>62A(1P0$Vu_oL~`*=S!l?=Whv`l^Z}KU$g=4
zN}yvVrxNpipjYn#v3>>Nsor&{R?YL^Sk4jUOZ_-4iDVP>C@V@nj~`p#X;M5e_?1B8
zm)-QI9QP_P%=JMa7Qznr4{b>vOB)P3PH@1YJ=6q(0_P&n2eq?5N?QZVg$19GR`IEv
zt4C3^G<XN#4jGAzHeZO*4jJvK=}vzK;i)}jV2l4d#k3BmJ`BmQig3PVbLvx(YdTo<
zf5M&-1n~7RBf0{pF-YOo>((!kyu2yrDD1B5VTf*4b8;k>*wFacSm7){lNHK-AKlq7
zHa4PF_0Twg#vYniAidK)6uXw46A7dyxyVTRhw$MvuF4DDoj1wAfyZbVYh2T6gE$bX
ze^q0Qi&}9cN8moRf!mGLGR9^I;+&q1<xQ2}14yxJ^Kn)bC!+!m%bhymA3^s>JMZcA
zdCJ`OfN_1h<~!ShQqO1${D`IX8Dr^*v)kD=JvP^ZQ}{q>TjV9o5qs{0FhLg7r+U=F
zscoS2&G4~$Y>L%ZW@U#zfQCW4)wmEx%&@nYnI7XuFSI+X`|#O57y|1WfYCE;@$0Be
z=6@^)r<-drGi$Deo|!t$yn`7GTZVm|yr}DVMY*SQ_ZqCUoP4=C(X<RZStE~>VLvaA
z(001A;JWFThp(LrZKso)%1+BFf0Wuzzd|OR*ZyL6@L<4tcLBlk*V&@%T3eJ|_AZc=
z=#xN{-3C$iweJYlvi^wxsOC7pl_W<c$HlH6V9duuaR!312(_TtrMdyeXJ#HXt{?`Q
z?;#=qMBEyEBZ{FiIQ4$Y_(Ew9Wxl8Ig%;PW^#@^*?M9C&qUbsREW1J{skuu8T^|Mk
zv=&)C;>a$fM#(CaX<f<E>+tm7FGJs99fU)B(QP=4-E8*1?QOM3G@vseL+6nP4h%$<
z!IhyOn|u!O*d$u4Q<2UiLq8s`HNdcc#&=G|33zAU-tkk+*uzo>q@W{_(5n|TWQ8k4
z)YNtZKEUh(?kCS`PMyrUWU{HNigP$$UP2OoO<N>4h5PUcPK7U-iT9Yf2087^Wg!Bi
zz!*l~)c0L|8MS`;cUnJ-nE#)sKOQt9&DLDJ63Fd8Aw4w;d)aOH|0Di?WQTm_|C&zk
zPP`Mo@-^R`bbAXIA-{{lTzblpr_N97LmdXZo>qoh4TP9hhI$w;opvy2%hETt7CqJ8
z>xi=(-^t;z#uAJS_OU?rIw09N{+olw^p<k$n%KPlhA9n%A6SKP;Gb5`Lw?Gnj3m|%
zP;0#luIz6)RY7xlOTY{_!4Ss8rhKq|^9Bcu2<n)W2Lz9`Ijb4QQ39nfdBRH`$^L}b
z=BGk~pTpH2apxVYzy{W$Euoc((BNl-aNOFsGbhmaMK>sPVgG8?8x%|(-SyH&>|bx=
zLIzAht_Yu{8&D-QCN+dgU)GkqCrxNVQ}xEJIo5KFF%C*X#&)++Fj=?)7^DHGl2xe#
zaEu0*;p`r8l)5o&pl(bY2n!znT6jEV*T(bMRG=`h&H5*b;x2~V-m>s9He?{13aSDV
zY?gFrDEf4`7$+b>;|1#gf#EGT6ZRhLi52+)W2fqx>yH!kgLi(iyK6BmzI(g7OlAOf
zrK)mp^X1hyK2NkhA9F~d^{3_w-cm=Czs8GhIB0zywlx>6|M(`s<wJnWFHny>r5vdq
ziQx<7F{`O;gnc~Oj0i7I@59o8(`^mbT1SKR>bHPZfYfoJS;>Tc@ur}ez6gjP&PBdt
z5JR*lQip!CgV0O93ZY+j9g66IBCOuIm`)w&B!#wDU*9#_cFB2S?FGoWFIf98AOJ<&
z^528CmB8OV`UGAD)T%=-eM36*^}nkQ%|fGrx5;bCWn@VGd&$}70Ls_~rhX_`y9#|K
zSbG~@>#QH+m83mf%IvV}@IoZ}b{I%<qFh$yww)ar$P$W)HF@&h1GBr?I?Yb}2ogg?
zC;0jpyR=tQFmkk(MTVG4<%=|@UO=q#wkp;5GtAe`_~(`QdOPGZ|MO6>^W0T<#MgZ9
zDvviVfjZn3)djv46Vy<9;vvIB($nZ0oWjS3-+v=lz&+${&|6gf>J>pNW5a*V59q(c
zrAx$yZN0LQP$!c-ZBPLMn*m~&0DjVdEGOrsx(8y{*+vrTtk!w#G|6A9@>gZ%M_up#
zRF+|t^=Bl$B~LfUgYKCG^B&`2REi|gcwc6opm|~zW(u)W$QV*szLfqWOyGSp1dE83
zg>cA&n|%QTM<ZZ=5|~8**B@s{b?V5BHh*1q<k~jToKk!AeDr{IvNSgLS6iIro>NFe
zL<Q0{yR9(*FA%%25DU4@I#U{!I}LE~%mzkQB4B+oDK#o>Z$Ua%7ydbBOTG0hUsb)4
zrK#JjlTan7vbJv7VJ%?ZSXgZR5h>)zT$<K~TcEH&!B6?tGJN807hw|MStw_sHHS)T
zPH;*+n{zewW0|Y9)<vw3)wib5E69MyR|Jx?`Ni&mXHz}-(SCahYe4#Apwzd+x(B7X
z6HM%#I{MRdURQmUsXzVRT$JtVPjA92rd}|e)~i3giXSo4>Qsn6%)4-E^0#<%_EX`9
zCr?=I!}wVbNis3ZHVp5eu+Mx=aL0q25uluPNPx!h@t1gHZ@e*QFYw2PcbnfU%jzS&
zl{><PPeHMEhVWmR{P?2xEz}!;tQjV_WB#QwHA%3`C9mZaFdv@4cF#F?cCmz%!Wx^b
zVVH@+xj)R0K;YQP$}sOVpSor_I9ANJ!E%bBHou1mnQ;$CLpNhgtSc=<T;VEU;vzeb
zGA5#~ZeW)OH1**L<>n;FI72zn7t2@EDn_N||2+Ei<NZ**=6?-e@}f_dKb3`k#g~r)
zjav(pk#)K33aiy|V8@2=nbu+G$5cr&A4LRKGdBx+ocSP8z86$9s*6Jq1)Ks~((=$O
zzYVD&>MhXYt&lmLdhX%goWTicm!DRFoNSfGC##E4wDmYf3j-+qT84F<JB%Z%wqJ<&
z6@UF9$Q+P5aI<3k1H5jF_1M$d80%SepoKvO35B5U`WD%WOsa>RE5A4ys0zkHb)dcL
zF-3s+jMq?3+`6O}sn7*0pwEiiK<s$e%6-}=S)UA_WQ(um^o}eADN$vOI{{+^HlFOC
zx`e~&;^E)Kmd#q!iz?c{KXkS)KQ!RAFaLd%ojS_SgQ;AAcTVXV#={%JCbbRKTk{x^
zmqO2}C>xwO4xG6Zn7+Ka1E<MkYM3dOoAV1??x`-pz0CtKo`~46yiZnjNshMcW2T{X
zzqfG790!-$^|)5t!JD0pxas^c%7VcC)@PBb+-M5LX26aUXmCW!x%A%<Paelp!1LGf
z(lk!i-cv<9#I&*De?l~hk0MwN$|P&$<@f=q9x^_%eh*F*SyER3unX>1kcKb9%drZ|
zo5rs`1gR~bsutXnu@*$$Xq1IZOEVH>zS*oIpsF|;LHWu)$e=2kjwk3aTV<$){nIcT
zR(z-9Cs~Qz6h&E6@RGv1U2BcS6Vu#z4a0=>vwnNoZ{@!DcyYD18>pdKp@wFz4s2vF
zMz>egaM)V38*;omzzDvh-LbY{ZPl*q2+We>I98@H+#uu>;zw?*+t=1HhvS?Jzv8-N
zf8+3+!hvUtIy#^uMqN5})nR=4ESU4-RgS)swhn38wku|Fe(c8lcu0C?9Xk4*yPWx<
z+{NWSaHl;#K4qG;6#|Ul2Vw67*@(h8L4X-JL2v~Q8~Iz-3`ENWc|@v6WR&nHlz`#J
zbze0@VoV$xz8ujg|8fLs;KImj&ybo%cZQVMu*wYSrr>mD$OjxZXlmIr<XDvDogu?j
z6<G+pGvqn}GHxA(TAb0hDo|ANxAqJ<6)$Rr43U}fmKFYynjt?r#5+Um{R`S-Wss8T
za$#Pp;aQ&ALLfucG0O0+k-l-09$`qZdtufBU9=Ki3{~60@~csg2?f*%FcI-$_`vOY
z_1W-^XGSdDz?2;i0ooieZgcW+er8U!fR9`x=J*_pWV*X;1n9uU)$7Wj$40ZKq;8Ru
z3Zxs(XS3e2?zoDZGWxP3Jlkm$m_e9QBy4Gix{hzV2+*X*RmLT#0n9#_(63K>ige^#
z1SNSlp4YnMhoWyue|$nfegOZ|5RoPFtvevn)J=9~o(_Bahv|c1n0{wBZZOa5jUN<f
zuokCPu1Ueu;m|m=cZJZPzr~FGeLM=)YR<rtvUnDlqz=Aryu@{120*HJrI*NhERn|B
zJ1vo=|B<mo98ZLp!W(|<T_O*nEYA{gaA*bFjrf}M67iH^pad@x{Sgz#hTn{6lwXEG
zEs^`&C2}clOFBrjzYVJ_k=EM;PG^a1z{q-*$N?zJyF>=6D&ClrxkP?zFOgkOswFZH
zrC0^{k%=U}%We0FM5EpDK`oarXR7(+zmj3XIz#g=7iCX>GEd(yhj%FtK)**8Qg!Az
z7+}~yFhZ?BtC*i@_cXwUt;B|B$u!uvN&hSWP>Oc&@zZ(M=bopw+QV#U@0!8cUzycu
zz61;)_?=vaVw9oJ*|;os07$<AbPoFTX(;jh1%myyh?Y8?ufu6Bqu39%gxL9c*0gzC
z+$Gi&gt`Hx(o!%~Pg{RDO)#fb&d)|k>L$#!Nf<J2*X2)vDCr1agQ&xQ&Qa`k)3ntm
zpfW3$kfKM<MR#K>yz5#Kh#Y~(Me31KkQwsGiL(Sxm^j@Ll&}0g3Rv9@KP&%&A8w7u
zKA}eS9&}QrXd`+@RQ8cZQ0)Ss4uQ}hr1NeeTpzyyfQrPhw~(2&ds`n5%=WI2TTxgS
z>*E+i?{$4#g%Z5$V+<3=hSwn)%`8Bm*2j}*puL5ZKklxN&j1=>mGu!{ma#q_z}S1%
z$J?_q*T<QviYF26-9lE|J-KC->d6Tx#md4@`BONx=t%zF-bns6-B}s`#1k>?30E+L
zN9vv(9lXyQK9WdEm@aGTDV!?MWfMl}2ITNyM@N4Leg80^nVNy$CQdLuu}&f|vE1%<
zYqc7ZYlwLMR<`&6Z5dZ}^{$-jefs5~5_|1#0rhS6Y^3@~uaIi!#VDHeAc(<tQGYbP
zaIS|CT*yXX8eR;d#8c2C-hy&eLH$vX8Zs313+9UrKN)ctuQ}IXyvRqb<f)H6UO!(c
z<7M?g()#Q)S>x^wPW!$7-f^ArHS{O^x6|Zt`1^iyM!p}M$YE4*#Ci^xBi^zeV~<0n
zCQ$nK$Oiz)`aL2*z)=QBpIES3HL3uBxO#P94r>^p@PWghYBF+O{`8(_*n$0fGr-Um
zB7x1H?z&uIm@_ZiD}Q?VRp3v5jPKxsezgH5sI#R#_)~oDmHym)YO)<!yzn{vx<x3Y
zjPBOUEH*unegI%R{4VgXZ0!ZQTxS&WGz_`-4(nfaxfnC(4HJ5E9z-k^`RoSn>;3rQ
zS(QLG@4urCL9Ol(W%^5jy_*sW$Bk!0Mw1bGStLHRr~V}nx{~|IrAkn?ORX0hK&{4d
zkGdK&#E7<F5$TEOW&}9@!JJtD7VHtmT8Gu+6Zg^gfYK!E)&mXzEt;T0ZOukRf*FG1
znh#Y6jJJePkG3PH)+cJIfW;=Fd03*n@R^AE<O!T}pJ+ZF5frJQ1OdR{1vGX;B0654
zszxHo6qRHqf<$z_8(*d3YgIs{Ka@}}-&sO~JV^;HDhYLB5@KbO&=5)$-!Acaz$SLQ
z50Cgv;Xp#v4(<376|YPD6#Uxp(^NcVo?_>sYGlxmJ`9*W3(0?g!i1?`P?%+;Fz;za
zw?GEL-oX&a8>q`u95yyhT@G^DKTP_|rvbzD?vzi)>kf_=l;0t{i&vWdm#qi$4#-;F
zLi+1rWC9A2!4W~gyk<3d14eiFR>o@0x5u07>QOP2G}RX}Bl#g?!9J0s&t5`|^Q26f
z#Z|z_cjpK$+;)q-6)ePTd&E#%!CW9E4a<>;uhQ5Fgp~w<z<uX?c$}LNB^^fV2eJNd
z&E!nQao?LN$7B2)8@`UwvHnXCs4c04>&Iv%-}@krtH@3thop+ye*#cCosfX}4g5jh
z@VzE>Mk7ch$Vi6g^Udu4^YsX@Z>(mPgOk)3NuG!w@_h-XrN6ofEj=8u#Lu5&74*h4
zQQjrUCFydLXtUb4>sVVXw|*%*AzNEki}$qj18vxFrFYxjgc8srvyC{YvwHYw1mg!)
z{A&=6h-UW8552i#$PH-=q&SeaK%gV?h1-}KB4~U=1(zX^^SYJCpla*`II60*mi`sH
z7_X6ZT#P;SPx!$yUR{EPZQXzur@PEvCwsaH_dcr|^T9>;1S<`@Z*t&njK@X2myPiS
z;F*fFK6){(x0T_4e4=a`*GQslChEnqFPo$Fsj8C4D)xe&sH#K2zeLpv3Ar+>>hXvm
zF7YjHJmo-$-z@R%Zajr)h^IzYqN)JDYGqaxsrV8V=qi|^f|&>sRrB#{C$3WQwGv<F
z#;;KE4HDn%#&dz8(pHJz?#8#Pc&tH`&r?gg`~o~8eX+!sx$(M+pCa)y-S{~wzDnY2
z-T37yeucz0xbbln-y-p?ZhX6nw<MlwKn^^3WTzoWR2AFtG$a%-r^3tyUBQ1n&->hk
zm^Nkvvn&LzqP#!}41L*}j}|Y|Jh<Qoo{dzab0Axkea93O$aywcBB&>Xx*?ShiKl@y
zH=M?Znf&&-s2k{1@aR5(dbA{80P%81m-bu2{O;b*TZ;3JrR*%G&$TA=>!Nif=*0|4
zWWt(@FR4C68INW|lQsv+4T1u2!I)Y5sr$PFt$tro{y|pT1t^884D5k@>G=uBz>(UQ
zw8tYYvD2ZDLS*t^j(tW*Jn4W1o<yPD6akU4)mi}p0JMl$k9!;Ux~=0M-3=7804S&<
ze3VO!IPDvTN<977fc|T6`)`1NfIZN)*|=7?(Y==UjuM%meXu_dBT3d)UD0~yPVv%u
z>GtR_sc&@GVFFc$2~>o@>!5pRQ(_d9xh8|k8YP%NXu#vAISO+XMkZ~N6z@fNFVfAi
z#kw)B*qmHqoL53-b4)Nct|%D8XOlbVxB@+PE(oKIG@aFw8U&p=+s@Q8bTFvwOnt<w
z(zG-6k<k(|dQuS#*fP%?Rc4GXgZh^aif{`1M)Qr;wLar?R6hmPPXVa-HcGw$<Y{=G
z#&iIA8q&-}nwf|bbc**mc%K81p$;-`zIkUAQW|&h*8zME07n7=eC9U-oYXt^mpi!>
z^u%IW5qJz5cS(%7Sn#;9M4@we!)L6^#mgBO;?71lZ>^KJWem(aSK!yUi@yYPLNK<B
ziGwkfN5GX`@|!~}!@h+3h@MyyN5DVLcPnGGKFj2Txj2qDfXG1Wvsk5G%s2j_(ai|Z
zXa@X4qb0^%+=4e`lprB*{EkL%Rv#oVZ*7&gWem(aE&LjH@z-fIQ=!o+F~?|`6!=Z%
zmorS;S$twK1O5SGi7^+q;|&l?kdQZi2gF&#$i@;0%v<y1Z5adePVT41UHo+*W-36e
z5(~sq;J*WLK8sH*X23r{EHUQd0)8--NRW^>eh0)w>VpL4t;O=TjDdM)34V>c`0GH-
zRDf6|7Ko+5e+S|+7N1zmfPa8kV$8)lKNw3SNXQ$%1LE=Og9PTSQ{-(K1M|*l_%-h0
zuLCht0b-R{AeI9E9f)VL_{3rc`~$=iV=kV<55^J+67t6HfOx+8Ac1*nmAoxu08D^i
ztbRt>i<hYYu}UluOM(9e#EWZLd_n>R@e+vvR^bO=74@9~{{V5F`XGUM>k4^W#=yL@
z9>2z2{3XOc)E70WR067$v?w7l`v)<c`Njp$90-%gnf_lXYJxoBvsGj;#5CH}<cc41
z^Q{qh)1oLOYH<@;HAv&i6W+#~D^H+=erl3*oku@~_Rhihtrqoe?8^gGda-|Dm&N@v
zU_M1MFo2cM0`RA(nku9TnZGBsnCk1cp_bg>75oMn50rua88QnCadW$f!XK|cZ|t+M
zW&(fS;3lEn54xelT6HccnWs=ADN)qOz^$>js<DAJ_DRcsSl_3}_f6^><J3or81*r5
z>$?|U0SoD8HrdlZHTdGtD@Z{)8@U;{xu>bzGws~@&iJu^D>L&?QTZ9T`3smo_Ea$<
zt)(Eb@tnu!8}W>O-;ODnI+*7{Z2$Og*nZ@b{%%ESXaNHkf_qu2`TJ(pl-b`k->|;d
z$JzBYsQMVV^__%L(aJJJS~Fm*5YIk7-*Psd&3k3L;Qa;KY(TGbI|R%O_@`#&Hq?N$
zvKcb%4^`SY5+E%D{;9N2skAF30%_?D8s#p>JJK@XpGte1N?RonNc&SsyKoNVl5^Zt
z*GQ^`Q<w(|KMSW>7f8&-AP12tsxlQJQ<0nLG?k=))cAnTk{qq(3S>%)TJ7=9K^Em-
zK&$x}GN_<=43-#d*mr~vaY}I1CBjFEefnlGVZUK42H;6|wW7R?1z3vjlKk$}3(oxm
z%&*%K4Ve$h*J>V=`p(c}@M$mymtrOP>r(nGmi~gb^h)#}@=x^S|Ai-iac2G#_m;n(
zC;wuVzpbK3*?=su+CnzaFAEe~@tS%%13$csC<p!<ocz9Q;3L}gf0P+EdnIO0e<ugy
zQ>XT1o>vBFisB|pwj-wo%(EO1ayT8}9Jt!$_mbmL6!{(Exk@}kf0`)knUHxrE>#qB
z^b6&?d4g`vD?<MkSXB@$vj6%az4BKOX~hNK0$8Xla3;`0R$CD8uW+l%*ikai%W$fP
zl1GD2fdZn5@Ql$Vv;vH`>UBk)BA~8_lV#e;4F4nWB*c^a8wj=Tc<N|xhm>J_Pk}5D
zT>nLdCAJU9hsxVV`LZL&LKP8*!?-?T%C{Q}%Yvo5=02Yq=$1fxZPyiKCit_!gR|tp
zFX2{@sB6PTAXK?6Z3)#01A{lwRv1o~1C1RAz{&wsx!cpK+?rD5{t`n1X?C+#6GaxN
zb3>K;Lrr*%F|iR}viGbP&H=J8)>Dy*@~?A@@Vi*<TNd`EUOII&aI>f!oy!Ec#3Y$;
zLF=4Y@Lh0))8irIn!;jgJL2*|WnmdkA>FRhYCgn7qvF|ls3rL}Ui?G<<y3LgJ*fx5
z54Tuf1Ry{w-HH=fXMf0;Ul=dQG@$vjD;UE;O8m-hpq5U&d!16h3>sI1VXY_@N}|Gt
zqkw`e2on(sda)Kw261H;SU+KCl;G$#@2T-XC#&+%dbR87Mz;Xnt%sTe=2#Sl>(g@T
zav)fFv_E0ZLV9R1v~YfYom6EP8`D!NE5Llp&zMh5kTkXsLlt$#P>}%{IOq|SA}W|x
z<0OJvAkBmodr}c-E@aCc;i2jNg1<~CTzn3{_WAH(hXq{>QyMe_p_|=1#^W-WkRFlE
zJRA8T!~krRzI}JbeLvmQtcj=$(%dfTv2vWp#Bz^bn<mM`l9+i(0hnkXd*%ng0}j4~
zk_9FX&dMPvI3i#!EXsf<U|dX0AK7dlc_*yLF;UzF(dm3f{M+uzluszaF&M)cA+%Y{
z0a#*a<__zC$I)G}$CqMoB}p~6Fs)BDBNEjs@T<gk)%AEld>lcdnp>qEzZnmRw-Df{
zhS74`QJsZ3fOu}kiRuFU+VMpyzC_}6JDzydESnGF4$6Qn^LZ0e+31AYz+QYG#O^0V
zdaRlNh@?6ub>cA|jQy3>&|>Fh#GplRglRiQ2=FMGe^tSu7V1blMj(oP1!R(dB4T1d
zvoDaqAiea*4DIxT;s;4xzWym-fOMUE)U?$~;rL6{lm|ffqbBxPMoo*pvL>AQ^+frd
z*VX#uXXpZDK-B7hwi574+&Yz@n1AI^x^qk9T~vT52%4u_m;aDSfEBv0%15%5dH9h9
z(*{>IxRj`y#X8X~QX$Jxy7?cic(#Vv*<cF>S>0S)t=m+c%aO{h6X)l4eV?40uCEwL
z+?=S7&QuaSMoiaLi)SltXUVKf5a;h;^d4RT_eq9%xu4tTht`BjwfqC`LmCM*P;Q5%
zb~qHFyZ(ef3Yu5?a2YJkqRptaPH@{%1|X#!P_0DQ;c6<k^wA-61P<?REG!}o;Mwd{
z|C9a)Kra6P<?=wHvXFy-=68heu?q1$b!Wgl)uAWQhd?Eh^Q;HQt4_@95h7YKf5ui_
zol>p49HCdgYH#hi&@K}5V9Hmwr)+QS2}{SmMZ5-n5qk7&4+q(9&qRFhx;<}>``Y&W
za+_+;e<1X<X983`cRx;+3FfeQjR5W+bhv+jIQ<hS8^8?euIs*+B(I<YH?BLIJ^rov
z2i=5?L@R>N-HSF7@%%sSAC$^VoHxHIM;Gm*e^Aj+;L83Hs1xh3v1$-w!-$HoEV~PZ
zLG5Mp6i^sUcm&lYtq(&gW#;q+l?k;NATiDVYLF&9V`DmumTLHksNUIa-dXVCb(0i}
zb8cXDl#nj(*Ikwe0*J^Ahp(6(on5REq(ly{zXMP_Rz5Fj?Ps4SUM<M##vCX#f*8W-
zDVTU<>Wlo(NV@7q7=ej*L{dR>0%+wIwHjzNVI#W%=ip;Nm2~!y)5xg7&HBny>_2*$
z7zF9RbpV`c=-DmYA{&!Au+O45X!akz1RApKKU~a@2O6!C04)E&>MC8H3~Edb4#DJA
zVbExHJmSDZcQcK^w!zwR>flPgz$uPc?d>+k7y)7r+HhdzdIH>XXl2ZUF}<da<S)^x
z0BI@p^#kdn(O62Eo=`$kv@%y5eu1j6)gu})hdvLN)4uOU-8_UEdGOo{66K7!zHlmF
z9KwDx`@w<9A-aLXIH=F&H0n^UyG=k-R*kDu4+o8YjRe7HOh&+RfIo2H313F4OPO{K
zCs|zeh&8BnXV~K)i1j~1gIti-+4cWe>c<PJ?Agd~hI&!;--jC4s2WpurirrSV3vf7
z;wXeJ_9uVl(C7Pye=5)VR`JhyK&b!Q@Xw$#zbXE?JHWMEqJKU9xz<kkZQ-ARU6%J9
z{`n67{G0ga_y17%=U#;02L4%B`mN%hO(XyJ;h*1>>^uHBuY9s&PXQu{T_i}ZBqgNz
z_Z1VpOVKEB*8X6kGlo8$nlFS(Co*VxmxZO#(0cO1;+$0Im;VC#2Vxh<K|oMkfU1Hq
z%4%+M=$}=S>_2_b8lit$^i?kX)1(i2Rnb2!FfvDasBs(UpEX|kr$v9tp?_e2XgjWx
zl#u3k=${1XpB<!s+CB77yG{RWBK?CGp?@}kQ6FpMK#T2oaB5o310WD_?}|n!wCa;U
z43P|i+#;Sj)RD(QpT$YN0I6Y?q7Xz#TM)JmVd)km>WJ-G;UDuh6(~f=8JolNV6_5w
zpUo-xq=K%|VMQ={3n?oTN=*>4HH3_Jp}#^K85|E|7cXyvscnD<J!`{h)ZvR<hRZv&
zs0gC-B1!vp@Qi7Ypu9!X7~u`6^L1myc7O)sRLQBJlThT)c&Y*cnXofllmYq)0#1<3
zaTvg?o)1?TAEb^%vecm%3s|ZE$Wmrno+gSgQ|m>dF$qF|oEBt<eiddb82+3V3gloi
zCApPyboSKu+{%=EJKbM2I4er5Bp?C&nqUv{sHWB2i|%lV$o4QuHbu^9H54BN%wgzF
zh&^$O&-RZhJ$f;FRI4#bm$FxXD`{by7b)4RVEtgxD8s`5K*u5HJiC84Sy!Jb{W}-S
zC}6z7g?o+U`aF2XLQ2snr9}T;m8MGDwdf`2;AA0w(CL`M==4M~-|qCb)LC|?pNcNT
zI^^AC^Hdi6PrZ7fr@x^Mh5p91RH?($-;m+$Lx0mxY9}E*3DgB!)J73OnAT^a{=Lwr
zI?R=Mhlh9q;>saGQyt)3iw?9dC{w5iY#T%YN}vH?MHaLx^+H!-h~w=nnb-^9;gU*P
z5b^fw3bfY|x<F*m&tDB+fhF**8kvSq-$(eC*jc_3zO!xkPTvcBL31QT%~}l&VaP1H
z1SoAc<O*<v`6GAys@E<Jl)e?71h&tzII-I*aLs=p_}w~8ym}zs-PVq?oF?E3g^1bO
zDwbx4*CNqUBw8+sUfd&5>OORS$XJ*M*$<9GKDHimli1?APJKT6HPz=c?C@fQZr^9}
zFRFdvYct!HpDOcaz{auGV*8G7tAO#aj{va+h}#9?0v8;+S*eyz5Px}Qy5(I%{KRGj
z@!t?;!be|ivFr1!RZ;{HrN7mB5YIuQ7~Zn1`#CK1&OADA6;Cy6LEH|^Td1?QTGh-3
z_3T*gRSzh^eSrSW&Cx!bw-w<T$YcvnBRa|JZ^}GBfV(z`@gT3y=xAKc!QIeCoZC?F
z{u)9a(|rU#TU?V#gz5Pq^L?`DS}aOXlx<z`g`90us&3ty;@S427TV&R9{_U{=;l$@
z+7V9AWyoiVMj$VJbTgZu5DhRqiA?0EfO%&to~@;J*39XT^YnUt-KOd!qUHYM)HlJc
zkD@zAKI_!C6mh7J0sokd_0{6p%HK<U3w_p?7^Z-EvB+uDXVZ>WZa7yl-08dOhPrh6
z@X4fB6IR`;szaCCVXYl5Md<9$4nCpx=IZz7gp76N#`AIye-|u%L5Eh(vqtk45k31A
z2=I{5Sn~i`4KAtl#W)BtU~)h%l&bx8fvcXiK+8}P1A|a{gAe)eowKkWekHIh9xvm2
z7{ZSmigAnoLcGZq3DqDYIv?8u4`BxT<4|U8QI$sOI7@CoLb;zXiLbiRWc4@*Sz*3F
zeALk6^4pLDS%2*(v2klv5eBNrUnPaX=N3TVDIH#`P&NlZa$7g&69Ru6Rv=&zr5P95
z*#XDtF|j9t13jF`d~SVlI$9Yy2_1X_S_wVYTi`5oY4`G_e+LM0>r51)d|<|MFFjw~
zLnwa&drwE0*C3CZ!kY-)Zko6HWK?VQVQ+!7fcH+`dCV!1JC6hLxa~A~<ekSC<Pk6q
z{}fNSRPZo@@|7o{0CndPt}W0bacd}4yxBv40CcH7Xa?c$QQp)&JB91?@4%rg7U3L^
zu$#*;ZrySy+Kp`CA;<;|YQTbv6_I~3?jRIp9gH72flWQ@(SH*A+STt*fw&U1+8iu$
ztp;ojAc1eU)tu*gOsSw6=<^s3`V2ojdoAO_!xxKzm>r4K<C+ENB3`5j#Z$+5(PtS(
zWa<j#^H;20KnYr_*^JvV<y9aKv}lTt)uZ~s^{Dk08W1>RRGt=VVJy^;%Z*X}?1XC&
zg%jKY)Y*UoE(~XbHSKscl}LC_U7<w>amJb#BF$zxUW@g713+S`Hs<L=8}+BII<X{`
zx9zQaKtw-JF<IlblNmpBBO?OF3xUQDPYw)y0WwCAOtdgs&&fp{fS*#*7&5-3f8|ku
zL7*r@&5)#xH4BqiI*|dX^V9e)P<m0JPpi2Vv@%t{cpx%@lrN-+JHv15gBpXS$?)r`
zB9iO}gJieKbeP5Aky93mw743@us8Pu>v7!1Rp(Ss6$2bsv>a*SGJ<#Qrn3AjnBp`;
zkC)>d{;+bK$R7zKn}r34{e>C2hY^MRG>EZ9i2aQj`YmIJFm`arxUmqP_HqiPx1bM*
z5OUq@`Q6pYWq<F<r9_F(GT6r6n8e*&$6s07{66$oMrYZ#u0Roy{;49S#xcQ^7oEs(
zf5%~V&k(f?rZy+HA?^Nn$-bc2J&@d}_kcJV1@Ny*ANmX`bk0FPh9hHLtJuy;xE9vD
zhi%G)XK?dTjw^?h<2f-fD3PXjXVg;7BDw?%-X6&HNNNux?0qtx*V5qTEBq$O`WEy}
zu!r*f{J2BXr&e)v`@5sN$z2n`k#J?!POQ<xc1H$o#)N+_6AoE&z{T<M+8Co}yUkO<
z7$4NS12K=+>7!Zm_dGSbUZ=a;gu5<o#kz@CF&WToE<Y|t_=W+2a6<vQVkuB9e4bm@
zn(VBa7kRFT>rL1abnMVUbEYqKDCEg>k*!gEqI$`8^hI{s;oi|m6*B$MT#R$IogM4P
zzQW9b!J(lz67np!jXDf}G=6~PwniWNF_s%5UeX&=h<FKaFn;q`E3#s#!N@%xWNe`O
zg5enlcjf`J&lt1c+hBeoho=_0eaZC^EXAGonk&hjD6#v+x;Ym%7~TxOs}E`lmcAE$
zBXy3O1>^h4yh8$J_84<mD>iX0dKdPi)L@_tdnLZ?{YX7GH?yqA6NaVNBlZf<dR&0@
zh&w2_i36<&&`nrU>PXj=j*}JDN0yIQ185)D76)ejG1_@AI!kO>J1U14t&v{vz~3;5
zXVFQr@Zrv)>jSm9WD+^k_-cPvUMmo^qYAJuE02~MM;ycM;>?mEwpSgS6Pc(FTARAW
zSu}7uuSM_00t=Ro!ie6%JD$QwYBfs{i#r<_)y?65aPGq*hQmxpR@*Z^^_1{`7~i=E
zJEMtNhS3Duz8ULHixx|naH`Iw2EE%-el&V+4qyx9eci+4`!`!`fo|E!SFs}WMG4s<
z;qI<_-4u@sP<hj+eAx2MJ@{PvdM9ltygE+qy~BnA$pNeJI7LsKtLTaMP8K5KC=e0P
zsYlWi56dIziC6K&ONt1}SDuIh)RlDz<%OR32WBr3-}xwYbpgx&@L0$#d94RTntPeE
zPmKJ5bD6W^XLvLFKVc#O4f-*%@Z=c#m~Nds)S3IMicy~D>_2q^6MqP=A(FTwe1vs?
zo0tp5PQ07^34m%khUF%#Cy>RR!ky`pMelPb(TzuVb(rQ7g<4s@oRK70Sg7orv8DBr
z5cV!(OXKn=Hn-qf1B6SAcaHU3Qm`OS$Kxd!dxW=+p(59iI^J8qORqrf4R%N+nN~9%
z6;=I|6w3@eRi6!l<@?r2g=hn<TAxu4q9uS2X1UKO?^pGcd`JOR&giKEqS#xL8o3rA
zD*f$Iga!77)?(^GZU*w@2OwX9=Inx?VJU>#^IvF4ntoaBL8veQnMuFA5CGK=3>z2<
z%j6I3V4nodx&~zD$bo*TECd0wBM@B|IU5@upl$&HGsZj;#zVG%p`YUL6T#A}vHE_+
zlVkG;eB<_W4)(i`h)+Sh>;yhN0p`s~ylm&%{gliGH7Lz26o-usn!Z$pvH3Y`7iP9i
zzf1u*Y5IkBEoUm)MGU5yv3VE}qv9~*oFkhmK)XcgdfAL!Be8>wa|)ZF*C(?VDt~<{
z$`TdhF(xDB#N0j@7aFRnSvn2$%f2XI!6+`Nm{y01d1roqqFCtC`k`v&TiSxcB8Pb>
z8SjU19|y7Kg^b<FR-^?!Efl?OI6CPzw^txGu~2-lzTA}$)@8@<A3`M}wSM|G=B+!v
zGPE35?37KZX)+{oHVw($O@dB2pc~jHGN4+`Rf0|{FsR#!PFsmiLBzm1aI!$5(@${;
z?<o#4_6ui_=|Y|IGnqNqK6AE{hRFkcpc@CLF40XfO|F}eCc}2y;lQzDjDFk65+YfJ
zqG5uCAi199{lDfEh?rKJh>@Ck{|~c?_y2^50SrRKu)c0U(;!+vAy>=j0;NY*I7^r}
z@u5TuNd#b!g)Y|g8mvBW{#CW04$SHCM9j8bKEO+-G=^9|gtBbpd&vWGI9+SdMQ9&X
z5YAAR5o=npAb~teh$v#`7wG1b3Jtw!y;p!QXxC6wDW9S5fHQZkW)`xz=tSh(<P`8N
z@>%MBIe!ojm00@LBJ#a7-3JciG1BsK-$m>ughb44Os}U6EgH$EL^X1Bs@A5*7zvsz
zPz}8)bOyg_H435OgE<348SPbrDC_yIv}&JtAl=xYh_VeJ%H9-eEQZ{Q8heA(*tv@N
zsTbVQGs$M<r>=1uO#1m!Ot;bOGNpzvRyWVZ&iy*^$C_a2HsBAhd_H5p4jANvP&!aa
zPm3KI9h*Uc&8S_S4~VRO1F5<Ui|5mT-KStPV<Uk)r`MA_&lg&&KX8R2w+dVUYxj}f
znty1T))K>a1(73C!$|*S&{yhH_y`9J90DzM;b+_m_lLf!!k)N)^wn1DqC)Z~IFxbt
znTttPL4FVI7eNDHXPN~Ka9kb|3Ww8Ct9e+^K>62ERc=%ELSOZSDTAEXuo`euAjRKN
zETeyb&{(JIM!(k-fyGG+=AtViYcQ$0LP0}{mvT9p-Zp*b$OpmL1iIxECcng*mi2VD
zPcKE&D!9h0*X$whHxI&HSRZcKBUxT#d-4dRbK6v_5X6D)oUf6k;CHYXaRcEfi%R5b
z-`Z3D=*h1uhv=}NG9RtxER?nQ$PN}bsml5SGKxJ9I+J(EcOW!Hlq_1e0y#a@VpF*g
zi*Jtd5Q~5CJH(<0pKd=ggIN6R*tGCzi+Uun7?(#9i|^tI#Nu!Sw(tpieAdd#@I&F#
z-{vS{aR^FP#NwJGx*`_ex!FrB4&a;Ff7v2MEUrhE01c(xP)1!zA4Kfdd5D9+21g0F
zj820;iDK*egCLfA`?z!mlQ0na5NHwfVQM%j!}}VQ^z#=8QD~|l1wll@GSw@UoWD36
z5-&RV<se3II<dpL_AruU7|1j}$9NWSJm<O95rs%~LW@G4+~pvKACdt)!_Jo}OitZK
zSm-T^;SPlM{7lPZZTVV>P%Iu_8<c{Ajx`pn0P$JR^U$D}=!~>b&D~s18M)B5uK-H;
zq^xr%8}SdAhNmkX`zXth1QE3rwtW=p2}1E6hVXr2F*Vlz%VS_6C2l=|o`PwV%V30v
zu3o4OJPA?U!p36fvGbrQLE{5Vl7z~&7)iwX38v2*h{Bh)qkCnotVK0qFlMK<V74+C
z^BMYG(FZXcHpV7!JGNRyW=ASgi&hFw5Hb;hH6B>V{zCF97+X;1j#n%<iRLK#FLwLt
z&-S#h+#HLW4x^j~o})nBg8I?GOF>n}u9o&iI1}vlIeF3z?5}eD4r!bQeu0*uf&JOQ
zyHo=M#%tEEa03Kqo>o6;U>P<;SQ?K_M*BLfEVNJE`RUxg`Crw(9-Z6QQoi^0Edx9l
zz+L&B+jj?I_S(MlRj&0&<FxNc)xP0_(7t=!_B{cQsBGUbB<1|_wr|>A+gInb?`avo
zSsCLu7{iq@e%s6T-o6(A588Kxr+t@;Mc+pbO}8(RF@A8&*#B;o>s_RA+BX7G_%f*g
z?fadyubt!f_p8~y4r?NkX14D`t15So@dJgK;rBSzGj$Lw8y~2QlaO1Z-5*HYK^VSe
zW%u9f{kRF^?eoQ-c0OP9NTaxaRj+O3`65h-&I85M2LD7nNIh0V4U91-wDaWikwJVf
z@mx7bt?zWyc-tOHGS2K0*10&xAhrr1Os}^Ld<B?cGqp=`-s2wb6Z`_Kn<kYw?-|gF
zxTv;CNzXTd`-D-}Yhh^hUtv8E^W%hYXCS&hQVH%+HxGro$7g^KB8Q}=D}EwaT7k{`
z5|`f$p~+xPJ{NkCwp8CposR2xIF?9_z#X=E(4@tI#gWZ|RpwzHrjD=$t)GeRt^08@
zKJrSJ%5BXpaJulRGK`;x5rwjeZU78QMk-*2sUkm7QKERu8$ervq$j?6&m}GQg|UoX
z4t<KGFqf9YT>fjmM&|OBPe3@1Er6e$V_aFCM1>D=NXZ`5#7Mq~no&wHJ8AQjUv`_@
zGZ333EafX;DIx#Ht(``7j|Ti|uMxyku4?`>`YJ+?KaX_05n^#iI!-*jyg%2$Y><$C
z@Mr7ENhVSkkc32+w!lsc+}H>S$)OU9jW#DqaUBk2L>vxI(y|3}+i1^4agv`YPV&R_
zS;uFbD&~QX4BX)#&j<O6gXys#=MTmmF+BDjW8}bhi?ENj2s{Mno=bC&md!mT$+s%*
zk>D!s5%rRL40OZDLb;owH}Z)%7!oCoi^^@=u%uQX<Twti8JAeB-Ps^a0u;@tn?Ysh
zI1gdM&g#_%cnPbh+e+^FX?<u%A5N#t5r*P<fplaj_87NwX8Rjt!6bh~-V?bB`+ptW
zs4IDfzh3L(kIOk})kwI%UV#kQh^+#y3ZfivfHC-Qs8tMOJ&rx=Iiy4vxL7c$!MgK%
z3gk>81-PmX%`On7tq>R^=;a3s^BX8233TfYPip9ASbnDYXK=(keE1yxwym)~G_iV}
z?x9E7;y$np=mjTxui$j=8XREE7c|v->mOt9L7tF-e{h1mxBd&0me|k!Yh@pK`fq#>
z_7aXk_UOOKM}C|Am&Zo#*?$`!&FsI%yuE>wz>)BtOaphEWxZAZMNwAQ{Rb^N+dl;E
zPnnaT00Q?kZ5TT8%gO?_$Q`HRxOUd^@YRs;=o_uHE5k{Y@_n;w8v06)nqo6nCC-d?
zW?$bM<Wfg)(C4WWlDA_(Fvoa0c9ch5@gV1<ES2ZzDhe$O-8;%gC$)res3YnslX1R+
zA%(V^IV%r^YfCP``U392#Pr9p=V;Nb9CQec9DdP8Pd)Twpo>u29D$<U4Ups3d@AWk
zoJO_;W3zqM4-Z$JZgziaJidAM2b5ih&RWrgWe54ha#~97Q{gMWC8uy{1y&bU4{v;7
zI8lOeP7yZ>AhHU%2j*j}+B%Gi66!`4=*EPya`5a$#ynj#`mU3m3JQu%5b5xE4)S^4
z<c*z&J6)S16JReZISOfn-xYegCLr{*LcP7EZSVpE88V_F!p)CBCJUWZT<fNvtq5lg
zZgfMl62~RUPl;Db+qIiN7J%32Jw7MK)@uHa_n|N9J7Bu3B}x7RJqlcfohVH&IOtx^
zAp3bZ_G2B9151w5J)3lNc$pGAMw*g$BF;IU#QAA!GAi4LYR^wRTgfq$26)RJo-SJ&
z8A4iVB(BrAjjZjJZsZ@61JDmnUC0w|N#;xKJ9c1WForc^uNNzf7*bH1>0KTYBwP-1
zBuM+R&F^^%?o&r}w%7=|av6I(&~12%v&oO+CeL$Tdpp#kAJ~%x(+7+#R0;TXtTCir
z?Sxv*Ku#6+Kv;{e;}{NVPVPeZ6~d-H2!+1b$M%m<*lOL>!Xsagu&F;N1rPj@A0$Vj
z<GH?}U)%1eBSS{-=s95TcUxNnPX(YKu=O0A8qG0>uqb_+e!Mg0sX_-Sl#_HwXOFB;
zz9?e~)n;e6hZZsf#R-2MIs?kgA{{0EYr>3w7(!%j|C!qwb!h6W-^)(>mQ~zCq1WU7
zA|!Gb`x9u0PlTdBm2@gHw^(=obvJrt21s70RPSWP<fB{n#Hy{|<nr5Iu<C$7EL;e*
zx|_tS62?a+q!xxsx6Xsm-Wz*nYNm{Z2!z9j*<%4g`>UR;`Kb!Kmp}E!hffTe#ngZ~
zmh%t#$U*aJ;$0kA!TI2F>Ev}CL$?r53{TC28%*h9ujvD?_yYYI9MlTEjL0V2RtD5-
zVPdefJ+d`aIy*m-guwt}E$mI(tkoP0&_1-2lsewV=XU<P?EK5p`2*B8j#xqCljQYW
z`~uU_$!fsJnS}O&lHIOFFW>})S}7&wWAW@1aGU_}t`~r_TmYU+{odhMTIW6{(^Q?8
z+)pgS^OE~AYWWm1)2YS6vr~&tf%#5yBB~}o%2SZ%Jmsx)%4;CWbuY}#cso$tzk@w(
zbD-{A7~c}Upz0=HR=5<5V-a}95^E;fjE5q}5{6ADPAIl!_vM$)*DkE{?C3pJpoLtf
zM~;Mb2w-7&PzFpwzwtioC#j>^9_wJYEFExUP|t9hu?1GKaPQQdS3syX0_Fk>ycXdt
zz>1>wsnvXlg3`TTPx~(7A_4NhKPxb*5qjuv>U+b>+-|5;L!$jjq=0(E0=?46PRj#r
zedShRvp;x=7JT;5S03#G0CY>U0A1)SAH7GS)P3xqZGTb#zKzg5&vxVi${<UoOrT$C
zw7b7{Ef46A>4Gjw%L9JbXOAxGEDyMOk0ff-qcM3QN<6(oxPM^7{e8lnzVXlT4VvSC
z+;C)YF?u6t4hRz6%Ha}e1dzH)!ETjDMDUFAd!iKVK7xqgnSik&0F9r(&<zj~ydH$(
zian^#=5G-{_6WtwJ3@mtr}~DB&7sl_WI#p5=c53iH@joUjf1+>YHpFqSB%-H)hxtw
z^-j4C+}M%2Os&t!zVOxdm4-{Hg%X4oN-_xJrHVp%TG&sGtN$b5m|$r<yfIb6RSXlR
zd|T@^pn&r+ln16wu1Me_uv6ZkW~SXrH&@%eMpzvFX#eipzI*`pv2X3Z|JJ+=S^>&k
z9C!RdsL%-VW=LE+i9&_OKy^nq?dE&%g(iwNCUwv4r)L;7c%%3B6J6ur>i0%og35+Y
zCeMCw`{^Tnm3#a9nT!n(S`Wz*aup+V+}obpA18esy7pvq^+zMyUK1IK{t`BrwYqlp
zW?WU6HyErm*&X5fc{L;H-1q+rSbaC)+)Zv0j{zxr{Sv?JBEFLQ{)2m~wfFV+Z996Y
zl$mTfww_f)EBk-n|Di6+OJ8*R?!Nzb_x;cKM)&<sg*O=P0Vg4JaX<0jclf_E{tuL{
z{Z{e6D(_py|6d&Vt>S-dCmvq$e+T~Gg)T~O6#Iq$MQ*n*_7*xQ^xcEp{x|S{m*stj
z|G%@h@Ne2%I2B%i1pg!46aT00)9$mqsfq31D*m~0_ksUw@XrIF{Mgk)ckB=TQU0e-
zR^7_%xP<`JGW^MlMFHm|1~?w5L;@aZ;qeGO^5AJ|+kqa9M6vIt{BgyGSAW?v%lbLK
z>t^l~m!JeuK*XJXI(PH>pH9=iV6w@efcraBi~a|MW-uoD86e5BZf0|Et(xYp==Eb7
z-oF~r9Sd^~kS(8)wra&}gIUaX_N%}ii}>?9dUpTmS?g(P_&M?((yux$W570Qf)f>o
zrXAq}rzYc{9ta18iofg3Z%-J%nrAr{)A0Nd%k3w8G>6Z=P?p<=7pUd-3SzzJ(v}zN
zr8~6S<8*(h=w}>jLMQ6XpB&XEtK-lrIC<3YHbLI7)_f4J#m>A)UYoL@&6~R%&k(k@
zBl<*@%3RP+V`0s;vVIkGJ^`uM<pjyTy<y}|W!Bj6$r7B|0m&nDVpbfsy8~YNJ~=Q;
z<rn{iqMx?t{UR*l07SlIlb_rU-Armh3>J5A2(TT{C%m|d8yu}-afxUgf%IfTG)uE`
zU>7w?S8;YEZnDdxQq{c*)v^=W``Joc$C`vVDm)t%dCJ3Tvm}Du6k{4>>U2n)C)yZg
z1-PeD%yMzbF&ob`!iwVVAw;<JiL;!0mg5m;IS`~6k*adrQw@M7v@;UXTM^`B;k}F!
z*TJG*4L5msp@xTjgC6SO#VoP3Nvpx>V3yv%I<vBJbM#oRsX&u@k49*M&t#fduXEE8
z?JA-?9Wh5m9F~rt@E2JQPDgB45r?KDN;;<~QxP3sIMwPZVplqX&H_>B$LWYHm10{u
zB2PuUm5%VKh|TGUd==4>jwnzO&!;1bRK%oo#56{j{wnMfII|I#f<fcS@rX@b>8v*h
z>{mGAp>A1$9<YxWTgrT^(BsnSkoUyKXB&4^A(pyEtvUKCOu{V6B%v&f<G35MA-QcT
z(9d|JSZa*13a#eleoO$xe_MJF-`Kock0Vsv1o|6_fKSklz!My|tSnfHHvKD77xUMQ
zJnIf<pvU?^4>_M%=|a>@(bGS2D~+CciOM`oXbP}y%*!(-=J^nTiWzZDUOvouJJ%=<
zLG_i|qv!a_+ZwYY$Lq0kVC}mxI{>LytfDArp8501Seej}FH9ZlB8i|FMn0#&PBTlT
z3FENu1?^E^+nVgi_o%(DZ`>9%PaG#-<B_9M1Ks|GjNGg!!PlYcEAy@|-L2i6kM<am
zXDegZXP0mMpgenbv_tOgS8A2pD}j=#x3f2mNpalM#<B2wj?HlN>Yyg$^Gf!?+qvuq
zxo2`Vbs}s*9}X}EJsaq;u9DVUq(gCouK}tj@#K9d)NNiZ6kBQmM9^po;pE8J3Xj4U
z=e4bcqrcNQT-8l^_($_n$&>LuqjqH$29EV%@Lsf@hvEZH&vft50CR9aFpp*m{P3_1
zJirk_lq^6)$C+PQ0dY3&W6Y6M<8k_-Fo$mFC7HF%q<V!Rw~m~7!KsQ{QBTSpiUxOL
zByh~a$%)$|mXr&>9f{F)?NL=bENQ^7f(@hU<8i2cwBRk>7+q3MpB-6`GnYJZjU@8`
zF3vA#fyiGQSdDM^>z0-9Kg)-7x79q2YB9^9x^rEAW;1?6g$27AX6`W)dz0V_<IeAP
zXV`$ga6j5^m8VZ%NVh7cS~V`uxWtzjE%O`@LjwV;*zB!6T3)asJ8}f(bphu#ME0ox
z?qG9&gJL}nodU&hpZP5A&ecL2{O$=d@54ASgz%QF5k%VKnJ&7?7+stgJ&Y-IdJTj6
zp*d~7ZdO%EjK3~Wx=s^&0oa|UpeKNDsAmsb@;Ga>k#r97`s-8UmHsjAu%wZ<j4AGu
zc$(f^X(Y?5*Jopz=TsWQGM77*FM?-GuhVM!L)}QJ!T;fXo1~tKb<^tC9)&*_xRxw$
zTZdCn+9Fu6G<;CdoDXI9X?f5_-}t^ByQdxq8V69mkTC-X#!xNWjjPtyoI7@RR2s9I
z1I8#QjGzX#+W9yEA7Kpx4Ww68>}AWDENDJif>$xb^K;B1oZfaiH^EWq=lb9^Jl=He
zs=}IT<2FdvpP?x+QPzZ5eWTZ?7%Z%IsjV|G5WA#9AM^<(yt>9AcV{EPWM9-y{SzF2
zm+rW}2wXt0M>~&!w3^qjlJQQ86;#Aa-U-5m<0(h0c@}BanX*<B$1{#waJ_RT+Nf2(
zfDVCrI$HZqq{2S$m4nkk7Owtk(ORUJ^V9J8>TEUgk0kDRc}TDswa%d{{f2n+PQ-ht
zbVh#UO?ATii0b9Ht@B}m0{Z`i00+%+prYm0{o4-Asx)Wev>Q(S%&BpV`mn<CHsXH&
zQmrNojZg<4D|HAe`~c(sdOT-7F2Y=j6v<2Q!=_x}b_o4F@WiLxK0JaO2k0&iwtEf-
z)M(`&(F@W_*c;%`%WfA*h*c6ED^Y_5M^JxHE<!@Pz2W&?m3ykE+{k2UJ+w`Dz@BdX
zg=neU`iGNWVvTt!*^nB@ab=}1bsEX&sYpuu08zOVM|%-{)pe^u-uB{X8|Oeu0aiYX
z?FjU1P_D4?kO+zgj)H8*{DIV-f%4MS<<Mr0kxYvm^MBZT6ZojAv++Me5(w)J8Z@p1
z1x-XGs3;N83`xixm|>}+w2ER`6w!(>BT=^CB$CT?lrFYZYfD@0OP9B$Z>xeWkOW8q
zDh9BM;%>z|4%L7f0x0=^pL6akS+LlDf4@)r`@DRNbC+|^@|@>9=h;uP0WI!KlU&5#
z-SMcocL6Ri*Eqhit;$#S2IVXJ3cj)lM_DJeedb49zf!!F8Qv(kY}+p$CqIH(nAl|D
zJO2-_$s0Z4Qr0AKHBM+%+99wk;0N}?)QZe)J+7|8&I1Z4&sjlYqvDrBXhMbJxUq0N
zUZ1#)v?#|2)-#Fx=AV^V%>J>7h5WLn@5ycYzpdSMq~7R6!Q*R`?}EnT+!($^^I}-@
za=SiPM<g`R!7x?7N>rg~1g<+lg-!5)pR`?bmET9G^X&SFMRt`>Eiz$y>fHrz7!UM1
zDlmAJ^V4@lUC&i+S4@vlytm+0Bl!0tyc3ttq&>Y(VyE9tvtE@wK(RW?{~^xmz}Bo2
z(%Bu-Ib~hszo{aD(d?$O53!XMYJQ_qam7}tS!~@s$-3n_6~M@Wl<QgjKwa2XwPnRN
z$ml7F%7DLO2&|Il6(^idYVB?gBQZi+vAo@Ii7f7xY2DO~<INX$BerLD23BMI!zzVj
zsr_*^J*h8QO?xTBw#RlqXIH!<xwT>#3u|Yrgz!9DRd<v3$Iz73)~;Z!%bK!U!RJ{S
zhp;a2=Ain_4ECg1)$EjIFpS=jPb$(~F@!E4APG?gD@Bfk$jiAl(|shwza3Mo9G>I9
zdX@3?slw!Do8bk*<dR|}?rNa-Z}F-kVWFt5=3Px*lIp;n;<`<YL|_YCQPw~{_n#py
z&G^P$H!vgGFS!PMLHz@zV)?$D@9Rn$Tou*Q<v=c<lSh&7jfz6GJ>Y_=95N#X+@dl7
zK2l!wTVC957VI%9s3k=hj%rU5!!e~w7>+{VxitpQ^fV<{RG&1vA>)#)PULc|kfa<)
z6PL*@6F3uL0zpEs-8)V(Q-q(Mt@<Y}yhP;7ZZk~3QnG`)V4Ly4JfIJ2vg>0PLiz@o
zGo$zj-k8A~cmd-9vr?Dbxt$j2M&C_yTVKd|Lhq!JJWMSIlTTxeTa5E3-mAnqz`AEc
zoKh9Z5ZnXQXE>nlH`<j_CGKIMhRk{#dX=@{G1;pUumhC%=T^g8X0LVmhngXYte%3a
z?>_%99uP0gu_vLjTsi0FYtb8$XP5aARl=^Q^FiRn*h#q#|D47;sAAkHkw41l6@My+
zsFV={Q16l$#BKnt#q2|1ctgs19N1HglD*#0d~gXjx=AP>R-&ayF-K+?EB*%Nqm0Oq
z#Pq@HY;$?7dS&6YL3c$;k(N@BPE5qyP5MTV;4rfJcmFQZ`$1{OV-)imfbowS2Q*pP
z^@Xy^8H|}hhiQ<0E3ze!fu){Q9J+6+89HYIJ%!W@E4`&%FJZ@2FYD!kUV6iq<6Ks!
zx+#z7W}FW;yOV4IsUXpZ2Ba#CNf4;8QYO%mVyi5(zR(c?NZuNksKP0V6q&ij*6sPl
z*7VE0R^f;Z0y}g|zdq1Q!BVZTOVk3@OAxMeSA?~Omjg@HZInoiL8#y2QW+6qifJ86
zz|8D^i1rGJ$D&71WvKS%0Ugdkzm8{&X3|s&Oviy=x}2#ybbH8GWtsDkL@m>AT4e|h
z5@0wL1}C-sWWFb}s=zb~Fx4l|rUND+hp^u*ZNaobCQ6e(sNXyiDBd(MUzomjGG!L7
z8KTk(^?r1$jBuZf@YUogs1cvgBrQlIQ=qqyN3zv;CNTx`5>tRstB_%GA(fV>N_R`8
zyFkC{(AUgl=pB^V!YxIhm!qMVYfZ|pFLXpJb3_7JMJEHS)%=CRxf+xvUN-T8nv=X%
z8R)0Td4X@W@jxAWU~%{!tykFTY_VFeaL@>@<?RVJS*28PcG-hH>EDTV+1sQJbO!{(
zuF=z&X)Zr1$^k9(8e?~nzc&L+ctiw1qhgPYmeeE6rBQi+o5=Yx#bAIpG{UpIRo3bT
z`JdMqdqjO|RP>cwlE<lUF61UMQ9WtXBu~_LW}?X{>jP)1I79ofH-%p&C57cCFBU0@
zh`w=p;U8|h-r_CGl>l<IBP8F1`4#85dc`XskDLY~lN*Wyu2G|`iTwN+yim1}6Lq_m
zTiwj%9hy<2j<qz({-G40CBg>70*`;(7?gcg<P};dAqg*ytNT~uE!Mt~7?|i~Wj#Bf
z@(;0do#xIb=|sChN$O$-1rthS!B61QN`|#Y)@l_z^qSUUi$HTE4x`dmmGLqQTl7Bh
zr6_tF8CLgNly@kMI;_jMQm9ZPaE4wwdZm(Li1om6QOs4?)CF=wzSWiq{hD_<v$GE3
zG9sjO#GywjC{fU8JWxnx(C{~ei`-MW+u1)~E#NFOvhxHl<Rz=CN@`1HCfl)+y%-6N
zs$x#)9UtK0rWDBX*m_*r(``py_)uzfsSH9DF0fsz-!lcp^D0vW1of3U{4f>_W0kpb
z35If+9eWzq<*Z84Iv9N`*Xy4Kekit=ALrw@<&rk)D{Zcdsiv;-fIKt98_Q)};iseu
zdjuO_MYVsP8G2kAfuWNg$h_x~=V80?&>y4+;UW|usuy*lY<)`l9Qz`;h2rXCZ{8<(
z+Pduh`$UaW&$dbSBRN^{10J~R($FY`98K~FzBZ+j%6$lj<wnIbGUo88H>CUald1yA
z2}v64kQR4D@%vp~QZalHJkgA7Pk8Y_mtCd`Z_}+wWukrw@UW<^co0&#1=}HUC;l7U
z8-)fZm<;4-a2dUhs&5hXEpyp<sygfy(s^CoQTqZ_UD_xHP_ll4#c@}hcNg52LA8Mm
zhzSCJ`;FIRS#7N5TH8fU{Xl?aSL<uxrS!|e`az-d;8fAKa9&oHJSO&yikqk`UtZTM
zkx3w<KW%!IGI|>A2KG^N`BpLQB!%!fQzSaVQ@nXiFh#JKAA4MksfqMm!Ht4#DS>QF
zf&NG8vtpPfT||x%?1NtAVX!K4IVVrTXbY!C4A*gcA{~u(vu(Z=y=J9C3D*_}6;x9j
z1(hP3frr?s9Vk5`jU_|rJpDjH=}~<hgHo}b&V%S^$IRWbSDU%-eT9dEqUQrA-q`Q(
zIC=&XX5UB>B>BCTUmeA*8;$|_+{D~#ezCv(1Rwt+c$Z5V2i{ZR5k%fN^m5m>@r+_F
zCylf5OlcphCiqUb;F0u&M0NG+$p_|)UMtbbwZ6lb!<y|hc5kk<7iug#HS!a}z<(u6
z)~FoJ|JUXim6rS#8kLXoi}lL+hD^RyKjTSaz9Y5JKi+O)t+IMxPgFxu(o!DYL`f|F
z`k5-wuH7r3qm;8BLP;q}f~W9-J9tfsQBf-x7pH%ulFlIC41!FiqpvfbDLVcuVVDAg
zSdQ^?N$Kl=t;M0aP06_r1>WB9j3#4K(HHKG^d`lfw@tbye4u?u_a8$=F~K0;$D3Vx
z@|=(!QJOZ}-+^SwBT@HA8tgWVn>%D6(xgiQ<1oqB=%88f99*;x03jkcr^y$(K)AVV
z3HZuMqHZCFx_K<(hw4(7L>{0!0*xjI8l@BvX!x)3`~__0pLBrq=mXwc<@D_{5M26p
zw$w%A(mz61bg$6G*3g^4o-gf&Es&OVrn@n19U;t;U_OQ%TQr!>q}e#XG{YV04>gQl
zeTew8Zik2~ZWMruuG#(>{1-Qej7+%XHdRHs63gH=HkJ1Nv&=#s(t<Mycj<3f+}3OD
zzUjgwyW<F$=vSlw!J^X_`H<SAa(&q<hgC-|0Di(ytJ8Kb=|GuA$KPGs;oUbq!BGQK
z0;g({)%ucbF=+z@U>Txz$UOnA8ZWf!7k`C9m~AT9bg~r;mI}Tp73A8-_z2YiZDyLT
zEfTYr4WW~qx;c^2V5t4tmlTjJm$O$LhYORe=-=Y+2mC$3(<}K@)<+xve}Y?780-SL
z1WevYtb{*8d~Y;K>#iK)`9BWvBp_8GCGcN_I+!7HAmSj_*R%|wgdRF1Uq(5PUNfe0
zTuJ#d4r@raFXpAtbA+8%`>{QW5Zd447sYYD-G{ea<O(WC!#(wR2a)*{(3eTh^GaV4
z>%WSRpG1Z+BI8B=^Rb&56-uK|R3BtASWiIu2Q4g?Zf5Yk7FYyt-cjShdssle(4C^}
zA@VnbG#<V@!<%<po%&kP>>tB9ol$K9F4AjFeXfuuF4Olq6H$5LH`|EGF0xph5fLM<
z>Eis2e6!%ty;qvytTVVUR!9aIZ<x4VEJCIW!ZDQym{xxuQl$tBKqB!A88S&BB8{?4
ztw|XXad1#aUlzQD$Z^aQB&%{9H)re?+ypO`QO6NMD!#)f_Vc`gl{YGa(q;$#I$3Cl
zT+LeXgwh6L06;upV=ZZH+s?6F@peiOPL{CH>$CkA+qdaP{O4)mB}pXl(R&k_qy*hz
zq&xMCe1Ni`4S^76unM}DqVe(iYqdYxPiYOBDo7=QCJr(~Mj-r#`u*feesDtjlj@H0
zM+<Q&MD&FhlYM5|_@jODGX7{Tl7E|_^ot9q;Y9vua{dtc?yX~+L^)|UK;GDFa<GeI
zm#XpRy+h!+v2?75td}rzglId-ttJ0;21U>BgzhiBG>O<QTIUi%rOxtz6XeY0W`9T0
zG%`+_zSe;>-AeQ`(|?L4O*3UsNLBp7r7p^cVB~F8-D}H5DazCxNVTI(1Nr`>NL#K@
zrUpt!2idpsBWzd^1Zk_+nvtUzutm9%zX@3?Qg1t_TZa_!DF?Q3`s2VG#wEp`%Km)v
z@Fw&0KZN&<|6+K5y7Mc*`$u48J9z(z?@u1yQ>B7I_CY>6F}(Mvw<iy8@z0v%7XI-I
zy?wt6uKPkugwud!Da~;>mf(>dOV0pxNt;rdT|yLFRhT&<<|!iCvpk_?YKJ(*%xm$6
zr^E3d02y$Ii=OX+g9)4tIo2pz^Mb5T4)^IsMQoq9#dpu17#TQY{%vfT!shR{Z)Yg5
z`7UQfY(28^(JR+hpLJVKa%U__>MFYay3`@=!*Ak0VxNhM(G!B~geGU3d3&{X^)nPI
z*&R3><e#?thk{3|hR1GrQeSAOCo~OklqA5>eJPQ!MLnQsDAy(U%U(-Jst0~Bxj|&m
zP8#%tmYe`wgFL|{Ftr><@4)Lj&pYrc0aHo<*sM6fdb9`FmB1E&HS&qD3MCp~^jiQn
zD<|RwNDlwpcDzb{h|Ry+2|JnpEH(fAWd5O3|MdJnccS_4*M2y+GY*-5XE>eAf4nov
z^Y1y#*&c`O*E*a3Xs6TBVg9u|<;*|m-P!z~s^&jS=AY(d{%=<;ww?b2oi_MY=6}Zt
z=Rd1Gz^(+gGXH$?)#e|D4>!15vi(cg+nPk-H@$pO3&i(A{~+Ot;<Af3Pm-}Ny@?b~
zT3~S3m84u8y>zW>{l&n^z40pkkHXfLEi37(gYwlFPk5~Us-)@?Gg#ErUec&59p#Ef
z<GbDP4!d2kKHRNxyX4#QFC>mPp<Xbp24!q+!)jl<y(5A3<ZV;kFQ|vwv@myZy~1Hi
z1HV=LIIOnEwasVA_+zYgs&Gch(!fEug7zfblUJvPs#{PDo$yGqXMSIr=qY!0UUD;a
zK1%==Yeq6oBr6Qs(I;3EIW4dK%y5qL(kX4G=3AziC{Xc-C!<B1l#S7^!;?EZKIuRq
z<8#tcr8A%nINrtIs3SN8;Aw4H5T(d@5a0pu{`{N(;B4w@n2|vMJ^>NM&&B<V;rBa(
zM<M6hTn&qsYCQC$>`}=$i&H~8z|8OPBoLjz*J;K>!ZEk`dUl7hglxB~uOnC&bSN|H
z#DMO|2A;fxI<4*`CqeOnE~cy<Uvl;dD@boUi<b#bS5rEgZ-1Sie>96_!V>16M8R;I
z1(3*Z5X*m-E$Poh>E#U#4X520zAmK;TO$<5#}3`#&BNN=Xnb2#*uwrobxN|)0uMY-
zq(PCO+}3NuwtGXpi-+`q%%zv`lfW+a11yYZ_rXxUuLxfN+yIbn=dp^GvWm*GD|QEZ
zSDh=Kir#`<^IwYISJ(BXc15aAD?b_tysn;NCJ4{x!+F_tUGh79;zjGhft+I2#Hg5P
zsOmI|yMyl;(hJnl$!{Wyg%l~VJ85~Jr!XoxF-p>2bHoh0#ktaSHE^JJbg1Sv&chzo
zpqMlKP#W!=t?;yDpA>TuU{hQNj8E>c?Vh~ny{>lwEFt)fB$Sfk9RF>-Y;WQl*6|Je
z=#58n9P}6ymaE2N`EuAoWr8AiDW1PAJtJ@-H)dvRS~lBbEQK5%_6#_T3m}It$m&Cy
z5A`Q23{}b*2Q{)01&?GK53SQ{6CG?(_PB6bfLmp;I<G{Gr?ZV4w$C;$X}I??Pk5S3
zHme~#O20%n3ye%QjLdzU?_T1(s!z$kq^___J`!PS^b)dco8dr%8J_aI2$>OTCS^=W
z-C=OFr@|>Gy6p)`hU&@L-aO!oJY4;OZ2d9<(kBMD<|Z^!TO57LY-3r;I=`^YXbhN_
zh&l$XB|3-+p@NYqfxen&4s$9MhA)PQtUX@%KlTs3jiE*$Bf^*l_E)thG95eZp<C2+
zH1L@c6f)Vyyq3UDO$WKdauWTXZQNb5E<%>UB=XvEy^SD52&edJ!4-3}09nk{vrS`Z
zwHcm><*5cA&C3T#B&s)jaY1FZ*C>vJ%U?j{<leNC{}&r2O(Yxix;|o-hOjPEye``<
z#|;_JzJK}r0dDKX!~(?MFMKw-&w30NsA%^3o1$G!YYS!E*6Z$?zx8m3$BJqOzoajW
z;s(#3Sql8S1|w|Ao5guY%4>Rf_Pn?L1)de>wV=g1WL(7G*V9X2jSd-8o!^VAXB+!T
zY`K5?A>$^JTi&pJm|#nd@xvNdP0f+iaM}xEwXt?$8QgFaea@?KTO6m9ehIl5yktZ2
z7#m+O$qC`v^S&7xoyk*UbJjvhZd~(GPO<fIiM7px>#C1qWQ^axEGbWo-`9JL-+#v6
z7iP`JIk?C-x~+pA*AZ+!t{3GquS-tq&5>hzmw!y_<x<Xc)w}a{y2ELw1*;30gEdyk
zT5{;0X6^N2>@t228&gM}pYpfOXZ-$sPtAcGTsd6t;cV~10Zr<|i}oXa>Zs-PVD%Lk
zpNg%$<Vv9vukl?YU99HYH>3{vq8L+<tG<{{yIQ1}$F)Zd#<ka6E^C2~MRLp``pTx?
zU_w?ONvjd8K{tr)^KhdXzAh8FjQo&coZ~po43ls*KK+gMKEx`P#fYS3kv#ux<r5~}
z+T*rJu5^5C_~P>`cb83Y2fygI4CUU^p`IC^o36udA@jH=xs8e2+=pLsySAcJgXn&u
zjx!UxTx7GXqBlJ=w#}|j>v~B(pa6xsL`Kt-l5n8a9Xy`3u(-qmK}TJIK8uefS$0X|
zxbWrq*51Q=%^8jMPoxq~_Zm}|cEu&du46{kV*tQ2W2>&s75Nx6afeINgDvR`=eU&x
zq$E#O>6!78t})PP-{4d;yS{7wB_-q&tlCaBhxZj195Wt@a_J7Xc3GUm3h1K!#oV}N
zmXGS1Z&YSW16F;oC3V?{^glJSL>?S|tEAwIC397Mbz_Bs@n(j+k%~$s7^2wqo;d>*
zqj)9eXcIW^Q-oM43$m=Bxc;qtR3F;<rM#EfbTx7`%d!vgXz#)bj`UC!f9?v5uN&){
zrL+N-DhfD7*~muO1#qS+r#@!n<zVe`H4pYogerlb9_quAZ>Yqz-!r2wI#xbnzUaA2
zCbLz*JyeQYZ`KvLE&;}M#o4Y|C}#2Btm{In_vO}g9U|qUr<pY^Ie5j-sAnFc-vR>i
zJk_m?PQahe%v?N_Q{>D!)%`1@lfmynVKcv~&)n*n?mP^H>Ej3WNf~22lQwU*H5R#~
zE;X9VM?DswPTz2hxtQ0yb<eiCO5@R<?((|);wtb2Z|#n1%(na~tGt20n_=4rPsoTR
zkMV|3@;+zo!N=@M^sDR8nzXuAzLwyz9`kQ?t5~Jrv6=I)cPl6^KW4Mt%s1W7if(NA
zvCIp(yUP8n*szu#Tl1hRW&XwPXT<=s{8-@_BW3=%?q?y!+?D@eb;|tA<;POq`7GW2
zY<HfygRh~3fd>ezH}jfk9noYzovii_*y$GTNQn55|7Kl8hdTNKcPOQNOTGjopgCUc
zt~$G02`2&V+3yRVeMK?ab{rTVTn$!~aB}oRqV0AEYgti8@oy6%Rx)h+_!-5I2+ePO
z+iksS?OXrC^UpsI<=P7wJ3pLuRyeIZB8GTtFR#rxd-W_u2hH6wGxF1<=X-qL%;b{`
z=4=soL_}Mx>-+lY&&UajQs0m{TLe7OJ9twQO*iN4+xCscJ$P~9oGk*W=;T-{!8gw;
z;`ya>wg}9k1+nLIcib|U=U2?xBG8Kth&{JP?w`W*f;n3RnhAon%AHpOYgzeMwo$-A
zy8vw1KJn4t#-j+H+@y;0;_(~3K>JtD*pZfx`>Wf^EUHQ)P%~?@cffvpizUD!uW2EK
zx*1G=T5xNREe<)ZSKOgY+*G%5+IeGivk=p~GlIuXH69iUBr6+z_<3lvCG|BF)(Zn1
z4Dl-Rs=Vh^n_^dHF|~(AFI2@w)th@hkdmH)=OoO^2nsJHxuwvSN!rezaqFAGljpp7
z`%KqyFI~zz<Q?p*W`8c&IUmL;Z5X*N?p;(=Ufd1+8-|qcR`X`T9cJD!KES!-mFUex
z(CF^Wzn1xVl{51ejPuMuVg9O_cM!je&9dX=kyLH3=kVT`{-08+e(WVR_nzf0FFqa5
zfV@{!{ckSl;mzB{S5kk{{vpQ@t;MFbjlVbe6OY4Fcs7{7BK~gVFIK<oFUwmEuw<dz
zc&5I_?lPx(5&D}NyRRAUl>%9?j^@=G&(xZ(>gBD1YQ_U1L;~ai1Nx+_%<55fnymfE
zk9cUcEN^Xn`?GXog;4Ql9ZV#7*@r`l=hO-+T1SfWYP@qA1m8S0kzwxOJIAR!xmlW&
z26vmT-NrLD$#1;jH0e-Yjq%KO)3tqhtKg*Zz>igT(!YyC-k6nX8C61<Tq=Ac*gDgA
zpoQ1+L2x_aB>nEB)XH8xs`@B`73zJHx_9aOV1vterol|@J(i~?N}843tNIWwJf~XY
zyInA+QSjY5lD7+ww;hj;G#>ab8Fw|vbc)oJRl2gc)Kzs_m7<+`6Ik9VYsz?FIMkpR
zYC|g&f3H8q)4J*2LU;G5`%HZ=@K(k8{Y5?QQq`5Ab)i-!2`;+9rS7_{OzTlK7Jj&i
z(WEgz1sELns?&APgRMP`pyXza4B&rh`A%zAleJ@$GdqXihK9^JE|ZgY#5-q)Gc%VO
z&m6D$xXYYYg$y6}o!dGy?|8BCOr7z}kv7i{&&)e$JOlprB131t-gI~D%B*o?S9-^}
zimNh<t4!C}mA%G{U0FPad$UV%RbguJ%C!3nS1!Jv2Zd>cRb}agD@V;Y!}Gdv-8Fd>
z8G01UTZLE|!I#0?$UFQmiQdHdBkWTe`4;*#J{v29Q$1On{ySyqzwg{+oPI|h;(Sqk
z_n`;RCwoo3vBHu^8@||iYenCM&;Ldu-4BzP^20ODIkkcr9_y$luh!bLUZCrp^PZxs
zF=G6j0`d-cQt<w7;QezokuGz#D+ovW&fPvU?>Qj+iO<z+JhLPDl{eh0yS(1P>sp_y
z8qO3?a(l>}Myb&^=cqJOZ0*Y1#i;<p+{-^Wu14NSOxm2?s`?N6&fPsTuaWQf`ds@u
ztgEcpy4uC6gC#1jdtzxgRgL(8GZbXfFFQvquN-H2oyJq^NNkDkk|jRpHMPQ9pqg`D
zRRgby4hz1=INJ<H4TNW`VB?uKU1WWqqPi(K4i_C;;E$*t^!vlvGB;;B^d>A1H{4Km
z>K}&Ada@us5tj)=SEJ`kpp;i1Jlfq@Az^UkwfWAsHaoha4X^V!K^rDX14*=@P~9if
z298GScM(s`@B~-nu!z0uQws0T{Nx*4fgKM#N`1xF+j{NxPLc1^T=6B|be004vkF<s
z@ZCZSdcVSp<bw6OphL<iSmPA@UAuxm(FId<6BLBH2$@T-l!Co7s``vs*=t1A1XnQ;
z2fUF-6T0v$yJ|uz#h;5mOygl@)r52&?ub9^s-AU|M1cen2Y0v>S%x&#bdMYnxg|#0
zM86~sD?5a;b(glYPS>zzO&vK??wx%i4(-wJ%Hv*!>S8y#80)<}o6u!tFP=f!q~$cA
z1ge;>qqLkJSthf0bcV4)2*2#(y?>}$aIY+OCz0M%`lRUJr9w8uHAIl4#_ny7eq=$d
zX$0?xKk8+Uo;)tx#|YjYf7H_){YIZi7b7To8vS7pbM%oek3fg!$|HyV2k+%3@_>G#
z$&?uNBU${<YE0g}mLL59gjqNuSPcTOj;)&HB`&L?LGV7*d;1vzFFl&;T~%Yd0D{!$
zm2(>)0F;mk3iW$J3Y|Sh$ZFNO><cT?#<8F%tmtQr+8)R(Q<o+ne6|g}dN+w)u|BNE
zKWk#u=n$(dinKH-Vs*$<^C4S76L}-&G%HH-QQx`EGxM6DB=kgW+)c6Pb!^-`mlI0f
zf;k*AXOBY=8qGPanjm~UEJmF6v?oq`_!P?2h9b;;ZD!tHo;OVtQ8bkPyKGrOXHOct
z^14Z`sxykKCcC&TWOpfaRehb!#htqH?0JPN{qwkGYq=+#*XEd&ev|vI+;>}f_6S~&
z;5LKX?!2DL>#5xL;JznytE#`=t7>xZF)Op?nc;hks>yxa!50NV;XVcXGgq=9qh5{s
zEUb$E6I8)*<#gGX#J9L_VWvTf5Zt3dRx+Td{fhiPmAKUZoF^!6#XX19rHR-&Y(KV6
z<UDb=<H%jf!5b0I)eNT>zm|yvN-h(6ly1D5nGzh~S~hd@Fy7inf6qtQs;GMlXOQiG
zwio&G3v;-9PG8E&Wb4!=c|G!}ZulPVaEx5Vk9$Ktl_&+<hO1SNs_oO#^yy>|QS-2B
z=?BSG%6Xa4SF+y*kGA?bI#(;8KR3hoyX?DlS9EIoHvY%A@kaR{YhS9gf#R}-9}NCm
zZj$-uh%^`Z75`&=H!wb8nDn7WkLYJ-?Nwto9<EgP{VM+4OUkHox9V$HZFtJs#WcdP
zRI}V@fx<T<L%e0b@jDG1&fThK#6JBQE;NYKX8gmR((mx_alEC_eH(f?0J(t1d{&DO
zEoT=9ia2TAPleG`nkK#^jsS6efy^)Yo@9EJUjTF4Q~CBxi*S${DxmcH8AyC4OI~R+
zlle|(oteCqemFBZR$t0Y4px`3nVi5KU9MZ-b|%NuaXDws+eOdh*8f&IQ1LQKPQMfL
z2a^8&LI6vD`-8&@bs_u<5l?Q&j-^}BUlVQhG~Gs{8Z1chf5`2!ml;KYYuTF`AMc>8
zBz$~~t~sM9*OxMiS?V%2ipRNQ6e;{9<Kx$zQ9S6<qd5NCq){aN-B?e-13A!#O<5xM
zv4To$S%udN@w1M}VDj+6tS?cn?X)wNb~x*;aZ^7UVBLW_-KEnr8uj9{`ynzxiod1m
z>u!$p*^-rEYmQn9qId3nZQ_;xefwHE)=7UZIm!O~`I!#=xsMtX{i(!Fkw)J<RmRt8
zf3_rE(Vs29ar)!Xqq77r+tMR;Q2;fMbVvzy8hKXJuTILdoqnbAIg~G~Izj!N&_~fQ
zOXl+v(a%ivUac=>Ct-fC4lc{d2#f$}jS9&_6I_~;!a<u{5we?O;{OK`?8@0s&|vRC
z{+Bk;K8tZEGlZmpO8@&ydNCRml2(lef7;`anfJNhEUU<V?AHpNjf&k;M3LC>Pb-uj
z2_6sEm-$?tsV{}_wmzi_2%`T@T~hb(LA(d~&f<Z4!#Js5V7g&1|06S7IDNX)8NVD=
zK3I2zqslMhy?vVQgwR`|@jZ1@XL8w`Xlh@)sb{&Osdaynrt;!V?c)mlf_=qt8OdAr
z?|$X1r(CE)9DjAby3j;?U$^^vHrI4xdkPh0Mkj49q{DWIk1)aDxKr)FlcaJ5?1&lW
z`q}zlR}>Y-iW>#WA-rX4-bqD$W7$v0N8)uUfuibbNz4<Tl8NAGnW6bPrsZz{a$Stf
zaWY#CGFx!7McFRLHZ1eido)l<B0ODp#|Y0g0;Gd$okm_)jR>G>HFSn@xmI7w^n~@L
zOwW9EDbw>`TmiGie-xO>PN=6x5G%Trwrgliw{2A1!G6P|2Y0FVjfdrwgUzF*4|nN4
z_;1n^^*!Cv5L#NKFQxtI`cm32QJ2#Gg<R48=l>(^kBYaygDaV{2R_$xcJ#lJXkc6Y
z>Lj%#<EY7&tdjG~mi#*9733RLMO(e$yCCXBp&Xa6phn)ZEuYOUH;ZPb;fLHlC?X=X
zFq~e?SoMzFM<zF%ZZ$ef1!R(ruK;jux8tX%oH>6;$Szy553{lCpyOga+9n_3&l>JG
zo^PE_#rNceQY<{&lvm+?@BbmTC(FtNAneJ}`{~9-PQUze^Vy54Ps_fw`ASOJZ~sz_
z-G7Uoi~_21cA|6jrOZI8x<r(_>(+TWb7$Qr=sA>zUt}U^_)Z#jZ@7Z$G(JRi^Y)>m
zdOq%;4MB@Gu>x)Q0rAg}9V$0IF?I=+ptTz&;P@};WC&9v$AW<zsYd4b1ifN9)J)ad
zqQQ%HQ7vIZRj#s*zn0=R{1?jJeI67sGjO&#<>+zRSmz4fFEmjZBjVflVW5<>imG?U
zR*}gk_HUka5awO(G~jw`XypT~LqNrW;Vb%5VE7kx2@L1ode<!ftoZ`NLST46!!UQ9
zz_671Gz>xIl<2)Ipu6HdF)D7-YwA+n8{=W|(%X!FBgH;L_sD;p?oDl?-T#WUdw0&Q
zIn1B5+n;v*y4`iZmv)7T)9u0xY5I3W&)x5yh|gUT{Zsxl!rvaqR}S=&txpW^)(%_T
zF_^bJZGBh!OZ)l4VV&$lhwN{%WjphgALkPj>ouwVS3K6IazX|557G5s<h8KMb4-#l
z@^{+IVS6%pI65>S`(v#C?2u)6hJX?&{<}S#4ZQgmEcQ@oPOv4-?+&(P`mxSs1PXnj
zg(?{2N>5ON63$b+?I)mcv4+xGCPEnzgIjWaBX7%|{~=fzO%q>N`%bFV9DON4=Y6|*
z;1vOPN_@l#=0ev;r@Big>Bh7z!>W^*kNEy0tlO#0r8(LD-ezzaN39TeQJO8KwfrRS
zdoilCK+=mO`9$8ICV?1iP<>=o;IuL^!?aN4N)^dHQu2(H&sO!F;*=&M7xpcJJlcPu
z<}cQM7uCK~rd|8eKi8MMH+Y{D=q@M8;1{8riN&8t{pYLkv+qu1pWW`yV!0M9WW&sQ
znhg{CPH9a79%{aw^N({CE^+>9H??+!@K^3fwsHqcbCF=l=iv+AInX6ZJ$fZ2_2{bd
zN^lk`{&)rBRAwx&f*1_s(30x^JEzty#e3p#bZBINY%h?#g68?S<TQD^Oa9v&a6zZM
zqDQYpyX%BE&2mB&vzrFfSZ(5xVN|>a^6As-jEYydCa+BzxumLH{zY;mBaXuaw~z&E
zzTXFWoK5`u`p6h~VQ2ng*#>{Cs=?2spvixsoRx)yUgPaf%D&j)m-NFq{8Em?;z*@C
zji-w;$*2M16lF(K#lMKGLBEUKhT6xo%a(&qzU{-&L)slG?P6(M7b%mrJNeM47|M4}
z*eoe9bXWfB9ne5q{uefj&~7jODWuxM8GIX&u$de)E$-qE|3t0wT#M)oybPd-gr86s
zy<iz(9B`F&)0w0CiBEfnY*Cn{8@vckk}0YwmMN-PAEo-T9Hlx@j#520o*7C%^7nRf
zLKzQ=6#rF@Mr#oo@|Dg|ZM9!QdnXu*e<`Pw*3swcKo&Whl;3$8Zno8d;gN^IBtavc
za7m$&QE{t6FO@xwDdbQt9F^4v9E&Tj)cI(UU#rVS_=J4qwQB8O08?Bx)@z3_IU~!c
zklJJDqO^q091T7xbTKLmp!Jf^5=D~Wid9QqOMe=NGG%)UY6DMlXH?z?>BSc(p0kI1
zKG*f^>%Qu`-YJ0~e78%ESd2zc*U*)CZ$Eondh1))zQ@9c#d`c_CE;qU>ZP#?KL;M3
zxJz3l@#gB}?#xc^&y(@~L>I=EXEJyzf5w14;Zj1&ZeY--62ia_pvPmBCE*-8iz8I!
z&iJ9T|8U)@LuXM`kZ`6n+a&=>ZC%U=K6W>kq`24!fRA19V^QAlP^6!WxnU=>fBmSe
zqI!GHnB%RoHQ7H*2TpY9oY16P<LTPv?@Fk)PNe~$Q@S^j<`MF{eOUFd-Of$2JvEsg
zlR&DJ%~b>+KGhq&XX9ngzi5{9<B7*4w5<jIXp}}$iYVC(6|Z**cka+U7{|SWA{(YS
z|2Tk9nT>12$CGS*Xp+4HwA&oMQy&xX`eJhOK@vSAB_Biy{_zMi*y>t%O1P*MuPgTe
zJOUj0=V9R&e6o<Z3x406pD7c0_!GCaEB2mfIL>my&rVi=!Y8`QSye%<aj{v@pNPWN
z=&Tq#3hv<y<8`WBciG5pA={23s{4tlldOE4hABRuIew0GG7o<uX7_>yj&vfK-r-O5
z&DLmMoS&vX|4dPVP}ixkx;``qaQaY#{{zWKID$>AS_KW(+C<EN@YAYM{Z!KjCKb0=
ziDNEb(g;^9hVtg3O!89&xKap`4K74(<Bp2dFZh(~MH=U?oc$I+eJU!Zr%&@D-E_XK
z9#`AyyI_|b=f~N7oPq__2Mh7MY&Wkp@+hw%DYqmLA~_nC1etVvlpxva)Fv`YCQfbQ
zgQOX5pae5a`Z@9`1V}&EENcuuJt2$JBfV+dSMbpSGMpv9D2;pyx)F=$?G8q<<FYv_
zGWi)~GO2?85wWJRH%MB!&yruEd*MxN_x&Z;iQV@MXZJ<vt8!2V8jRrEOi46T?~OR&
z@MI@X*veWZ0dG0ioL^|GV+6mhD%NM0`qZ_Y#o82j>%`;=r#lo7_^&y1bx}^>BDE3?
zz842a;cp#!nq>rj79(E=A|KJPDk-9-V&`kg)n)%=wXD;(Wq%a5>Mn>vWD6xE4IeOq
z3E;d#jqAFjPw-N9Zt3XtU#X)Wn)lx^Y<rBp(!XEF`xl*@*bw9t@D++RQRi|Sm6F3!
zPfTNEF4t1gfW#PH`(c|ge2o&w5S^SODFpFhtY(R(;`}+%?B+~{W*bxn`yoXyS3@2C
z_!qqyalbzD17#aX0f*Qg`++95qaQh8JnD=e6OVci@6qJ`_&7CuSv=}jUVq=b=6}~8
z-0#0|{do%N{;#gTb3u)NYW+z^|4r84H@@Fy3}3$fjH^0de@dTZ?ecKsZ|HhbM~y>k
z*C-oF((!+_@+c3N))=qBDm4eZqBjz3>9~{QL-HZ4LT&O!(&*V7+eq+(#^3p4j>v{p
zz{hP2Ny%%Xc|JltIJv&T+a1R)k;}Li3V0~_@Qg!n4CIX;A4=PqOh5{S&k_R-T<d4v
z@XeXtg17uvA!ujdo~w>7{~AJ|Z~$a+zZ1{B`3T~*-tN1FLog~D9AbOO;S$D~q;i73
zQA1&8HC)u81`$nEXPp`{#@DCGo&(7_1LnXlVHLWjQ#?3sdSiXLc-X#ZuGA(Ri_;(f
z<m8%qn38R5RIOBG^*8I;W2iMaHk-sd89wqExa&Ag0oQj&cPBLZkm7HQ%Hgt;-0u)>
z{V=dDx<0vxoL?J}ypnNCv%YA<k4!SHE0vL_G{fjyirFp~ua|4M%;&GLzI2jvOK!i?
z+g1Op8|I-a^q(!}=kRSLHM~3D8(ubbQwDEEH+hb1wQW_K&~x(Oh@#|N(^@bcdF6IF
zL^k+i;h;vKc2P&ra)v8uMGIF+xg2lkYI{cf{j)h#9xKGo6y4_u1yVfqq7$VxKH$90
zYe(3_oG;p*=18sBC7eq8Br47BSn1^hV~Gf2m1f$nKc>6cwo;J-o_I)00gsYsS$4GV
zI=?HO-v^xE`}s}abR7QZ^F$LdG1JV0K|7LaJ}ZvB@(*{2T_m|!ut<O$x-ElL1oo6z
zH}<D`!=s+&(`PlvkGD#~x;lv)a&frsWk4bW@RHfzllKZ!wX~;9%bBZWlO*VDBzXqV
z5?+h!zW_y1GkP!P;_##G=OV6-laZ|-E=T!RC~!;v#q*j^na+jOg=|I@f9g<$*yif(
z#eAC>ef+#mb-?bzOzej;HD>5sdqKQ{HuH_uUFQ3WSUz@&pXGsw*+owIwiBc5t<r89
z?aJ@xm!D+&pZq8WgJ+Xb<Am*Ramt^d{R-Mu<L{*XX_0$BS0MxNlS%lXU{cEZs`d}z
zM1iTCSw7uc@SZ;hJIGY@srdL73YXN1<MHdnkD*;98``|+0Z-`OscJ$z*1gjKj#^*m
z$Hx;}Iuvu(m%uwU{=PGK-<!`V#QE{{MWrL`U8_4=3e=jNnBc^G{=z8@rgj3)dr7cA
zRxntvU+T}a@9DJuHkf$HWg4m%IKStrU(zA9+A~l^c*5ksc~mZNKa(}uN5nMv%4U4J
zWHvr>e)sdM`FVjq^Fg`9eX=}0)v=5Pmx--l2|}#6<uW}0dhG2uaW5F8lRXsWNJb~o
zc43SWgACqOOptZ+^oV$t(W9xJzr<{wo=_h%?>V#PSgN@xY1zMNhOZ?w@?B#E>orBh
zx|)_$$U&XBR+|N=amVb4Z_ud(6cUL2j--7UU|;@2H95qHi41}r>hkg!k$^%dwSTzR
zV?>8Fj1Ol$LF$}Fv?@8KbzMVpza2BGH+*M<)&+*<O(j$7bXK^Tw?~l^0q1ie*!0j9
zk|Le~PW4&eQfS9%3b)5;$}fHpTTe0k^Mz-VuSc2OU!sc&aT55lAYQ%`d~r?<5;Re!
zs&A_yj>BUv_%?7plDZ%b!}3Hk`0nS)>L%=6p3vn3$=a><Y<*q4Q{i3gMg$Y5RPj#1
zRQ9i$G_znwV5_Xeq@!V!JmU#vNqu5um4ZaPRJR5`1etT>i5o3_W}v_qx|>uFfA?SM
z(du|yx6&xiu`Wuv5H89`OTHS`!6dGuESoJ@>sK!z-PTe{u5(2est*#{)>s)y&rhQK
zqDixjt9n%TAPIlJ2pf^gn19m_s=2r(mcx}mvtbSLq{+Ah|3&f>$k_=|Mo-_$dPt4r
z^4}IcOKTN4cq90Zi#(W4Q#G-sa&=QqQvOA>_KES2nj%w)eUJokX1EBBtfWeE7R^FS
zeAg;s8rDb8jq7LR76G{&*F!M>Bcq}W%`>@@pB@*w>7XdJ{O?Z)jXEf~0A4qP$C`}b
zofJU$=Zj;fFUTYUrmAF(H$3ZS(ZNC=z2Uj!4}QN1-M0Nul}M9hQz=>J3BCX?b=Mki
zh#pwe)~Y;F%Anm!A!X23x^K}21=iRX8~}MY$c(n~XI5e-Xg~>KmAoV{q{vJ5wbBhb
zKQ7!0pP>vgZ}SfAxuiE1t<m@7L-b{4<(9z24KQM@u2)N}kKF@a<f{fWQsY9sj-Zta
zoF1K<L_doQ=AZz(fyNxA75TO&qY(Je|Gqh()?0AY|3-AA55;{!bm1xddJ5i{-=o;F
zwbqS;8A_--g}SkDY&R+;iD;sB)`Q*id$D!7Nw8h95sHV{8Y+3ojSEbsByNB_rw!ya
zYGKy6ILG{BGXQZZyCT+JZ2<rVSO84pqCKMSpOA|M;5@l)1gm!INB+K!1pvE|^+n`e
z1+ZRc=|HdGF;0ho97;aR$~~Q(4si$~6hlPPw>BiBy;=wk+8;vA;$VM+J*|f#-guGd
znVEvOJ~Ok|Jz!gOW<sIZVpQ&7OVE=cYh6!<QL#}r6f}~kQT*?SMv^RLF^yzkvsOVy
zH_POlCNtAFJ~Mxf+lyrKU8qEDAuj~QW_YY#1EbRk8?Q1$T_gvD*CGv=Yn+v3dnA__
z#Y#kAA?ZBW^jx63DE81P5${ZzF)rrAj@Ovo30Kv&Cao5YlEqjwqNX~*p{v)*k#vS+
zd%9~?bIBTXn9E^8K<9P#b(QEa7swqb^GG%P`&8L=r)j4Fl#y%fBSEc=iSjEO>663;
zp~<l~u8Lt(f@)(^f}4+Gf2+5bP%g?BTck-DEzP}OA$7cE&v5GcI%VSYAkGh|{7S{4
ztG%JSMFr}gNVGYs{%wH?YB3eNur?h<(JAJbvv+}Rfj*q$wW_#a5$oqhwSH6vSxjN$
znXV(Ue#q*$%m0Q+_<i(B4D|TYMu&?cz2J+5r>ftN=lA5a6QvGw1G!MQaiO!pKLXS|
zEF^4jjruct+rzPOZ^{8ZVylROx<g&X*Qvfp?Ip@6A2X&E4?GELn%9abOPU?Cr2V}t
zQ|R<xWzpd95y*-TY_pJf=07F2lDd0|aF4uAm#D|<im1ip34WoDTA9LP@>Kp+rno!N
z+cy)r?d&1FpM(m2HIv#0w&XJv>nJugJu^3`#Z*jq`hfcAEio;pw*cLz__FG$sito+
zo6>L8Y7%{Ci~k+bOtP9VnkvnttR_(xH%2$f{ABtH+Ds01TxD1gL#{tV8{wii>y&LF
zeD_R?gj+XBTEbof$60Ad9HY@SvXDGsADHw)+-PJw##+^`zelX&(QZx;WCeLrS&3pb
zViMW(x3H`2?I`GiD*m(Vwc!|YBv@<Y2o{C#q<5C<CG^c)&|dimctf|0@bTq6ZtIY@
zgXN}19{uYy{8?^DUx~F#j5z0)468=NFl~#^+T|<QBa49F*JKei%Gkw@gR&*xG2lot
z#}VReaFy7mM|&{bP(k#J#0E2aRl&kc|9x_rC&iu+MGZ<2|A$`3-V*&ztVQ`Si~UH-
zdvtlDVji?O_RW5;w)cP!ny{TB^AfZ7ybvj-tm>n-`TQkv84oa?0b}vmNS0THpTBkz
z;?<wQ*c3B(9A5^a^&oe3fxbje`$9|U=COOvi6~Ds=IHWeGDlmS7siTazB7Un*~DI$
z4a$AFMVzI2^Vpok>MDi6CatdjC(dW@yA%-pQ|Gf=EA{dSUoJkh5Cg5tfC&-(1?f6O
z#uq(?eT!4Ft&EM6iHi5;<O)(laNJ5bSrE9IG?~j(wU@<DE{@e_bXs5hJYz}W++Ku`
zF2z-TTsqQ&dR&a>S*)dYvO|NArEKt9((kty7ouJiFg^mlE96iIu{!ybO17z^ZLjH{
zS^1v0^;S|-kb44^Y>QIK;`^XgvIiZNtm7)<sAS0tv@6QuM?dR6+^iOV>NsmugC}$q
z>)EK#=?hxAEPxKywMHIe@Djl2ygi^`AuGPgIX+E$zl@iKE8Z_+a)tXPzF|}i%j>BB
z8u1^8!r(@=+n<3~*~s~s{=a*yQv_<EEOeu%m=+s2dB4&yU5|)<Uv*5^R2lt~*UBPC
z&QXt56IsaW7yduqA3q!weHqXstwyB6;HX+!J>nmkOs^!ZgSHN<_OTYzKDt?&>{TOg
zoEzQ#6SP>XTa2!b>zY=dr?m^K_>J)|Uya^uz5icIZ(d=G`G1Yx{OrDemfoE4;K|aP
zk1KV_e-*v?X{Yu5FTIJGfc}@>{8RKM_gqbHa`=tWn|OXV9C*#p)spTWEfn^$D0+Tt
zBpfSp<}Dc!IhIGvF?pYONa<5^Jk>*JvUrr$*rScgtwO>T7Y{k@@5%ejYkg?e98LAq
ze9^^I@B-?_NGywgtAUQpYZTccoDD`b+9)0w9?m&i@gTL33+V6sq}bgTY9$PED$-x0
zii8^<PCGE(8ujVK@a3P1sus3+>FFxD?PtUoh+H{`ui&uprt?`B`mi&2$eFHni<ZP2
zB)Ql`9=VsYZ5}CwaABZpirxG4cKVO@@S2KK<thZb)%1Q18oI`EV$_UwA}~24z2e<k
z@TvcO4=F|D5To$z8EU@?olW+#62t*~MY#aj2nyjPYhn0FLoQNSsAM(Hb*pSil`iLv
z1$v^)r?UNl+UO6YE;&^`EC>1`Xy1u~g1CgrHJOZQ1U^Sk$drWBy+3t=C%(_UH@qmL
zxhMmFVNZCXD~b=G#K!c?tIz=zM5oOKCImK;$YrZfPTUj0BURu8TQUXrPj_=S`5I@J
zXc`Hx<?CpWm@@GQMOAl%DsrWGczDG!71gkbx7sIuG9B=d0nU2I?vH9j6m35Q)G{)o
zVvCaKNLeKzR!_@K7>WM_gE7b{kDQDp#-bJFn$9L{f031xjb@0-VBA?swIKER^VL`I
zgB;&YJwI(%&ov$D5xqjs1%f;Ewu_1q{`1QJWBGx#0zNCOP8X3>Th=2csE(2!MHiDu
zVxREM8Se6>*(pXPrguiVl?>1B;MlCzz<KuTRP7l#Hp2*Wfv24ucQZE2DLzXcmCGR<
zR|s2YO~aumuwFEwH~0k*z1RIjCba+u?pp5de_Wy{x)?vM$w7Tl?LWN&uQ&;G5R_<6
zk%Pv`ZWldE9-C63^LT=K>_xRKv$o`c_?$2F>*$&F)S;qhW;5*{*u8j6{YJ$asT=Pb
zlFBr@T!G1=zK%|G>M2dsGt{X^NClZn@aLAy)KXQAKvt@fCRA0rr?;yv&33B#a5)$w
zG0FSEqIcz!@bKs4S-4*rKN^d2s6hwi*ss=0WpCM&DJq!;<$pO$lFb=8GF?f!D5r%-
zlUpd)EzHp^oEC3E)R(lt(yO-bb(;8SzVwDk7CltWoig#F<u@vaq0OzUoCGTHQzk!X
z!8xmGDwq7+%8$}iD?*tQ&U%5$nakP?b6BmpY0i)l(Toq@dK^>D%aU@a=HsFAeArQW
z;K66O=A)sWVK2jtH|u4v6q479R*&Rl9HnYj)(5VUV_HI|c|!wVlQW5XM<;j+Bm}YI
zdrHePaG;oZu2LszdJ7Ku-$fbBxs?9bq8Er&Dw^xzoLEe~_}H21kY{yN_rSe;WmK-z
z=!gsGl4`r>lGxhYWHN@B=1Kq&R>Q?au})+X6!ztOQ6=N{5Nebu+4)%(>Szl>Oguzk
zD+{5HS68Btky)5cR7df^5p^Z2T#}kMu1Ln(p|oEBpjsOr&<0mWS#zBmIiMAESiH((
zPUX-PEq1>g?Viwp5&e{tq)7(akr!odB;O)AW*lwuaivYZUTKqG?o0vp1SBkpWyZ`V
zGt57XC^2m^2_uW*+GG%RT~FExi2$l}2_RKNV6taGT@*(TH4Aw7abWavNSia6byVmJ
zsmU}d=E!piF+gDQzloRre6~=O$w$R`CGZ!tw;UxM{fnodc|j5CE0i!zLMP%X;~9Vy
z+rQ|GXCOL@q}CKu7?0Bm;|b_Eb_PyCVJulW6>>C3UKO&8jHb25@dyP|$!JPzECC8i
zYn+PK7+=_O0fdUJgbbJ4BQWd;xlAlpy{0w_RkiQHqmV_16^5fZgjhVNKIVYVkWfR+
zap8@!&^SU)NUzs=N8--^c0MhHpOP1{qdbC@s(hp9gCM5|NrP#Io|3hw_LX<!KD<%x
z?QeINIneJykK8Ur*kCTWU%nWDY9VHPjQmzr5?C+mI<I6Ef93ThYsA4NsZZW;NqM4Q
z_QbZGlH(wqPWea08fA0Jk9DS%0<q_b&iv@U_MHJ!RtW((1^Jir!(O@zsuVvzY)N?>
z;v#c@dX!QA4<#ZWa^<cYi~2E~K5KQ1KX_cA8&1FYhr%CpF&>sI0?nxsO2iqp5_F}u
zi9w6w+r*@ADc0cjq%9&M9RRhigEP?Il2A>)<v5#gzsMqoG1!j}IV9bn0!Vrbk9qqf
zKbu9bwgFa4GX@9kuC<ymSW3m4b9ioNaivHqc8vN$r5h(c{fd{wYqJKX3EpY=?R%6n
z=sUZ`8MNL$U3$fD!Kufg)6h{U6xb)3_@d+GMGh~bBb`?cNLdK|?ckj!1gO8SJ&U)|
z9?>pQwg;(|bcIAtyh<-+k6S3;hSSr4r)I!@&kG(r_lN`FpUS<n7o#XBVV7r{jsf~i
zz#&1c!07{Of(M(Qlw6`*DhJRv%V3;3I1i_!(G}(7Qi&py>iYfleu4N0u#mD@Q`L`E
zr-oPZoY$A~qd{IkU+{30bQ9mJ*8T5EQTye&K)a_5aI5`Wu4Q1K&e7ofuy3+QOq?Iq
z@rBykLA;JgZJ&vs$%0Y>ri94E=spBpwgLW$uR{jZ-V2eZ?;bc{A^xS5C{+cZ06F*s
zWJDIR0papM9%N6==jk5FI4YE`=EIRj<(;xQJ<Gb4f8E3@0y|>Ok#w9Ru)=S_<za7J
zBEjWBXz**EFoyuvmo!Q*0NGwqyPs_jyH~F>pjNX#JxQ&oydQ|4^3?n-9dm6CY(86y
zuiC76j|0eXQ<{b|gfY(QmBS#%uzlrZjH@rsNeq%_-W&!wF?*cl&1pMGrm<S>Rl!;+
zo`SBd51tK#EbR18Rr<f{-zI_l+l0W{AbyK<8GER0^fhfWbbSl&T8zG9c{f(QGsBdZ
zDudO0$1nc!1-k<4#RV!ffmxZ-K&TigB#Ad9t+2<s9;TTrnQ|<mq$IQ^u$Vw1#mO#N
zZ+~0liQv{mM5#yugKh^s`j<;z;`5*IkA`yo8_AE`>8n~TUrBz<Q^<aD^5Ya*=tO=@
zxs8P+d5jb4LguqQygHE|UB-&rLF$CiXjDv<1&|ON6E&{#oV@%v>=TJYL4NELmmed_
zJpn>em(s<IiI90>$qlEE`EHDYIU;2D@BCvCa(^IBzH$Ledl9l4m<atkfe5*luaiZ{
z_oaAvxceSOwifZWg9!QhpY=|09Ys46`F<<pAxU)f&hN09wl!C4Au_%935CdSw5##x
zJsoO<x2v0}spVgKB~!~pes9t5qSHRMvNWfBX$~S?&4`9TK#mlAlT{@rn_<Wh-Vpwv
zK;(7tQG1J5>LD?E!lo?i(6pwq5*4lZX$Tz@HWPufZxQro0vp75aTiKrxuf?GUw%cb
zDdglu8TP_<?VR4Bow}l&6l~zCo2otn`y7+CxNFefc-q6%MRs^-`dDcCSVa%{5c8+x
zE>IZ-WE=ibPpyvn4!?1ETi~NoN}z}$KrFyUfY6ipFlL`aF;(Tksrzj@ZrjI)Nq`le
z0{yZ7tYJ{=u*V#?Z-5bW*f}OI1w(3cQI*S&z;taDg;uLVmv$%={ke4SXb;`JL;SX#
zzmvBI4xAy_@Gr9mUI}$d5;p#$?Sa1$Tm#ImZvvu|vj>uYB80~~5$Al$);(FG+C|s1
zAV-#q;Bb!pN8C8olhC#KvR1DBRvZVQ$$|rRVf@jvCXW=WukGv#(X<2du?#)^pYR)_
z-(=UYj!9E@u!!v=1ZD|#{bPINi%!XZm3?4Yr}f3{14Ce||L@u(|17leKgS-~i|)FE
zC$dLMRG#)GXlsx3ozNcXPPRwF+mp>qERxYLu}FS5$s!qy{!fxcG5|k2dsV_7`OOpA
zBS$CL0cn4SV~=#&$3j5++;nb{{CSc^@&|E?WY?}5>5r!;?_Q#>R{TpW9&gz#imb`<
zy<7onc<(wTf-T)9BG_B@_bEVhfn3hzQh3Mzo_4}`ygf6C$9sqOW+=T^JvDquJf7?i
zs0k#1;1;YDp9EkzRaC*5_$8~&@tfpKYAeGhZ69&}4ydxIPf(~9y{&8np#`?A><`p_
z@~tC^h`?!I+ag4yPlq~@Tr#823IukiX_)QcHxV?`p5Ge*x83Nm{>tvAR7|0piP)Z<
zBYyh*JmF>8SS;-9GNpiZmp8kjsqUv;a*_-oE7|VQ4b$yoPlA<rIq|`wl8WZQy}Zdp
zuwCP^I4xy|9sRv%g>K3Ag_cq4G5;u(^q-S^ZVf{&<{%X!IGTs;w*50yLZGh&msF=2
z->)`<OV+0t->;Fav_}qku(qVZ7VK8yDQBm$&xfb5pH4&Wc}tx0hC6ROp()4>WT0@~
zWJblB(a3qLZQr1!5&sNv1>AxEopyd2k))Xw2(C(Xoc&a}pR00j*^6%!B&)aQ^H%S_
z(Eso)`J`&ePYGNl$pfFBSSYCidZ6qRkJz5l3De{fKM-|p2e7WQYx)2=m`?=e>Ri!2
z;}<0iMRJCgIRByTVapGQ=DZl$k7-*g;+Y(jAhxRT*nA~k1()WdVY)v}NQFpUVsf##
z^M*zu7XmUEBdcT;r#BfDAFAiG09eTy`Y@Fj>lCzt)zi6N?G69;YB6IBHACtscCYnR
zK19I&R3HFU%gf5JDttmM%;^a4$R(?ciXU+2E?+E))yn<pLe7c@Vrsa+zK4%IBhd~T
zVL30}jiL}^121Ex*Q=*jmdnIflnCKgzQ1Ld$y)tCk-T^vG5{Pk^J?+KND3Cmla#!w
z5-?6!AFdcGQhZl(fFEJwu>e1`*%Wso#e1T=c3VyE0oBp7JR}q^IJ}Sy4g8{q7ER;f
z!+21NeoGvZ3p3DORx^1<g$szpBECNZTH;E^EZ3_X0EH<93o`wSV*Y`D6-}kg04tpM
z{}$y|Vs<~G99{7T(@Itx4E--eennZWGL`#{ksoo-elPV6j@4J$roI6!Qu4jX-8@au
z6O_32ZF^}~I(wb^z}HykN~v>~0pV$D$`{Q<TXX^N=5%47b-)uQj3T@-TZRRt4Efe#
z@LOkRT`dLPceFU+N7Q>v5kBivpVeenGI?kL8--lVfe|X-m`MdGek>^)TWHk&lw-G>
zE7x)9@()5KDOac#tK~;n;^J9yuQZ%=MX|({f_%EPTv2*$tn_IeN`s=x1_rM5GOdlG
ziM7377d(ADSB4@k?51MDDg}p8WCwDf9g(&U<+CxJ;$ZWMQ89>Kc*FDT=0e*=j?Yk8
zi~Yq^^lWble7xbOWc+L&$sigwT#0_lP<jZ!0h_n&#Q-A)m`NDaIsj(hpf3l^;F(_q
zFkj4QU%E5ET*gSep{E2ea)M{YP~|zT03)ILn63{;44#R;htn7e-ZUzXC>{0GWO)4j
z27!k|8%*nQfotR~%8|~ea4ksnYuSTYv|^AFwmLFLRgzxzfR^M{p2wo)N{T1XV;)89
zOX!*qMJLarahuAvb_OZdj?IpzlzdxViYWf{tx6QH;emTYE){5jd@fg_g`e<SdLYs-
zT?N@2>rzwdiokm)?eeWcN|Px*;VWv9Y(Xz=h8GlitrzWcL>(_H=Xdf@(dm-v$j`X(
zh3`g`eY!Mbtt&uqu#a=Qh((d@SE;CJ4B2)P^5#@@7Y{N>p~e16ZYGz@h*OM*g`-l*
zS;X$`b9Am=4zERL&7$&S$u44#>USoib9AsX7zo{Y=qf%{woHsdWhfufjD32&f}Bxt
zF7MDV#cB?2qh^WV!Ic`)6<AO0QZ;@Q;eMNEDa|ZqeHuhDn<{_`55Hx)0_z>T9oD)*
zRPahGd&K^NITht=fW{(Eu^g2V&82nXDLhodcN?Afc^iduis{6!`-@`8Uih;xWc7Bc
z)U%2D<tFFzFH}@pw)30m{ATcrYFoC*PFDHsDbi)VL50JLQiRn$WriP7OWz_+rOBRA
zA}H{<ypLXsHS&b@opy5d1&b5)p}?eTdPDTz%5q<Ar=2GY5p!~3w#$FMToHGM$%tGw
zLhhza@3>Bt?O9Gtm$I1@C3y!$FX~tnjBfrK%>%OoM>Wj;#&4V-mh;LT{pSefKQpFK
zA@MT++AHa@Uhr5iiM}U14h;3J#p`0a@PW}0>~E7`VVA76-}@y!B-R_QRy-&ocI{`(
zcKNchl)zHKfE9E=tbJ0m|JL$Fvf)2X{lTKFR{t4tz<p(Npdk8ELKsl|o;~MUIzF-p
zHlTvip`uKyC`-N$EY`KD5B-lzf1O+&kuq5)b=|O|mzJeOuQqX=kUU@K2ng77>;`xa
zBe!IoDC?&KzG@ifd4h;}@H4T@H{x$`ca9M47PzcrR<Dj6s~Ul?p>G`#_||8W5%_x>
z6ax2>AK*VmhC`Hu0LD)UG~MY=EAD2pG5Pxo@9zmM)N_98&F$x0yjJ|@dP1jDMo;$W
z4rPRVb)PJa)Z22Bjr<<wH%Z^E^3|>^Eh}GI<|yt?g;|Erd&}OaL~g}Y^5`ani0Ss6
z{-TtU?jc5ik_&YAYNxgDo)C(2mFp_BLQwIi9f~Mws+m?&4rfB{$cEXKU{M9eu2=z-
z-j8>=yvs!umyIfpKU8t`V})Rg^?<yZ*B2U@H%~J9UR%g}!u4<Dx@bD8gLzJw={#q0
z$Ihdkd3?{ivFaUN&>B3gAK7<U!)On`G5tu=dLV)o%x7tS4aCJ`SuEJGCDBZBF4jRw
zW3+#qe-c#x`9wkW>jvsC#9>LJ`>(hXbPwd&-(zprSiOpe39L3M1<PX}`~N^T(zL*D
z5{v4tL(Zb|{~(6eURqOlbdde&q|kcxIncE3@fD&mJo%i-1cpzepB*uL*)z!){)eX(
zhF>H<Alq~qT3ZaikOn)$@MSl)N1=`weq)C+f~OZwkVfk5bDH(+_2V}=-;P#JtL2i6
zkbOE-rVK}5AzEKS!`be7n66H+{iScT@2W{?C(eT`h{@pbB=FdUTAB((Q7lSpu(Bv$
zE<n+uLb(teMfPJ&l`zZl1S~C@P9HRuD%X;+)6q36Ooi=;YcwwZOb_&8eiI}zS)c0-
zT_aJVOH~;CE$G{iBR&VRqlJm$!k-1V*diof*jxmodXN>3a$o@@j^*0)_4Z?oHez=Z
z&9#a=MuG4`qKKn~1UsOkUFmZsW1{{xy748S>TU=4P0UZy`oe5_lKH@PGsXX#59~iV
zAJIeJHo1II{+?t$uz#a`L_5Z}8N-+7BU*Mad9ika|H}`oXU*VpYgCFN#AogFk(yK#
zVUm#?Hodz1zT6alcR9X3XPqnB6<J|AL5$(+aJEI8gN8*|R<HHnN=UUHAHiL;Z(_x-
z5>A>AMozrlsCWk_KVjR<&@jT!Dp<EfLdIQowLEOSrg-~<_8<Q))>hH2$Y+vb5kUnH
z2W%Wh@RzdEL&{%JZQ;3<g*2?T@qI?#<8ouxYj;8^84gdCCn2|N_-yJB$|CmkGt7Fo
zA{s`fJKM<g@MiJ|wsgqkc%hjP&>It5dTz-YA(nJ_oowl5SnlBp3LUz$rA!4piWflS
zo3JrjU&t*&Okc^~AlW81fBcdDhc4$W@endMou~hGF$)eFH|#T3<O!7WZ~#-OC+dmC
zPw^D&#P$22xuLKACs{;s{cc7W#_wVSxrR_hc;+^jB{^MCm-4%q`$-vDi1R&jcb3U9
z%^~gkWi8InG-6Oo%kK<kk87AM0%nWz0Zl578Tml%ESMYzY5*~FJg=?=YS-lhHg7&~
zE6xXSH{}Dl;{17lUzh?wRm>CIKBYE*w}dCyptPA)&I}G#m+4?uj=x4B{gF}eHlKQ}
zV+mvudBF@VU2R(TuV(M6GWw3;@8&8vtJTsD@2LL%b-bhYG5p=UhIi}a9naRoxi!GK
z?d9Eiqwlx|qwm+a{sz7uV_KXtHt*PwmbOq2n^LXRpX3{|w2G5_<?QB4Jc>y<N${=8
z(B`pN5aNJCB$<C8dy02pHUYE#Q&ypAtP<068W=$wZQx^%^%frcf+d0e(b1iLs9%$J
zChsHrbyj$i7G9;dJ%k2XDv;&js71UXy#hmO1sWCV{1MR>Uz{cC8ktJ1nbMQ`)a|k!
zWY1lks6Vd9lI6p}V7^A9Vzkn<Jfap<NO=dUuf}%xN{TBT47nUQ&)CRBbE?)Whg0(o
zSa*-DHn5=DYe||bXh>;xU1^RhdY))ibD2Sj@W#0{&{YKWTzavj8cB*WP>vRqAVRO&
zC_zvczKm#V^b~gNp#yrmf6)0|%C8E47f|^*f)|LKdFq!#<c`U4h_{7^(gU`K#HbFX
zg+0s=VVnLOkLvz3^Q-BB*fW&;gUWTf{m?0$iZ&li>d=MuqRrM0MI2qcG`qrSb{W43
zQ;ND0<@ANgoyf57`<b-12mu&1(#(M<^!@3PXBhz}jCAm~fyCe@CmN>NKqn@NkZT_`
zvqgk~H3j{vN<?l{Jjq<)#k}4ZUW}8ixJmb0C8wzMujIUL&v9Sq@|{A#t|ZYC{?o5>
z)-`$3CCiN;Qol4ubhG>D202j4+$%YkYK`wz8&6les!941eF_DBwKp_ty<ZaIQ^A|W
zu6T?wFG~fvNT^isvHhs3z@J@4)~Zr+rHv~0)O?T%o;7$=%d(>j`0U>I(T~c45c68E
zABp(~djRu8pFg5ba%<a<{8XJI5YSst$YlLZ&4HH%Vrh?2YmJeaR%7%nS%nwSDgdzt
zUDc07-VgiM;M9tq`2$-5H%x0PortyOIM%GS?|npC=f7tAxz*Y$S%B<MpB*ghBGO`6
z63!<R#18X=y!gCh*;A_0Kj}H314|k_VSGWv<wTA$pPdoy$Nb`gqCDW4&_^k%jE&RQ
z6L_8LE8t{=_W<Zy;v;aOFZ8V(y>bO6_Lw4>7=KRLrs#k~hsft!@WI00B<25=`^T6F
zhFUG(_0ZpCl=X}j3q9xkf{~p41+f^Lp_C~1F%!`&Uw9$l|HK;_47CjOiw;&dOE`yp
zR-=CC&mOirdWR?p<r&)2^-f`X^9V*_XO0ou={E7mHZl=*`j+4_Uy{!&ktpRJekYLW
zwFcv1DLD=q4m6z0%cA&Qf5dSK8Fud`RC&SDOxOPqfMGKc$zp1!`YSV(ZvRRIQs%m(
zv1Axz_V|#6^OXLMn6J+_T|x)UJW@@K8VruDvHfn8+hJ1UNbJvkfzbh;DF0GT?d`4H
z|A9jwM7x0@a`U;=ASYJ*mghVT4F5y9Tj`NYtfg7*stK9yXCR#Ew>sSzS<)C7L|P4c
zpR7ibu7%P^B?|fX*`ug2F`KdR1(#)|_`6Ko66$7^_Np&M@Pc4y_mT3_%<1)|S!`}8
zav+Ce-%gUR%-F!Cu@~3I0fV;9sF1UrK>JNY1tbjogF;q}&=%Q_Q3?C<KKBGa#|hh(
z`{3t8j1}UOficuPyo;5023!Lv5dLoBgJ7)a$1B*&)ryq74JpAwS+dH3Hz~YEp*I5F
zY0?NA0Rk%CoU81m+$(4cYz3@Sc%Z?3UK?<a<~iUtDt|?{0r^JR9!jilDUj2s5qym&
zke1b^YcDQ>E^pp@$|I*}ug;uQE3e6#WCV}%rOuoL8~HOa_Eh%dWkjcMJjOW1px6Ob
zJl6=S%%YcaXo*0qh9?fHa1i<-`$yahN_72W4hbFxwCVp6{m!V2(E1<CRb++=pQ^e!
z6B;{+%qiUVLV=)W*va@;zGb?b0z6f-?0(8svCpUyRg&?voIIIoy;}ZGw`W0#);&kv
zIayuHk1gcbUG=`2D8zh#?)pQY+#2I)IUCevS6q!5=Fa3iQL}l%RK=4-NrEV!>jUvR
zjh}n8mogmSSC^KpCU02tvps0S{^RJbDQ%M5WKfQ{u&m&*0gLlwRDvF%^eMm8m?vxD
z(qgre%_Nd4)B61yj+~cn|Fo8GD)*H&<m@mi-V*)$Ci{G<wF`M0?XH-JIioboq4VmH
zs~&A_n7)W_Fla|?3ODv2_+MlZkV&kmw*DWySLNgWAN`(?e)fCt7yMAm_bCwb|KL*j
ze~e6CqRQT``HArGdaw9@@SXu@JxL91{67-;M^*XIm<$UBEY!ucx+x7?X(k+54uAQu
z<uX)yu+ZF`!m6^jGF&rUCD$TB@t2RaXoSOZBt{qaFR+e%rTS-n)%t_W3RC>2o7OS=
zEa_-)Q6ZY-YNtPPRFYC5cf!Bq#s?R|1)|`VT%*EZRB~KUxRilOuw7t%Vnmp~n+Wf0
zF-Mx&3&yz7s^S&DYXRPB9D^o@rKOsg5FPx(7Y{UL|BjA?II@+DB3`G(6-~;`sN`>W
zh9;2{^F^Y~_Y~YTkRGT*1cHkPGNy+k<%)=mr`4hsGvvXYfB-}>X-Q5&PL@6xy6#|3
zb8WVNz8PG65XZecBvU&KkC*za7kzp4Wb-0mn23n$5Jd)GM=~Blh|NvE`L+HhL2+K!
zhi=KtN1D^&pa~Yaq891V2(#eT1^He}m~~OG0os~O5ohuv<H6(R+HU@IAGd|Ek0O`z
zm;^-BAbIXb8I=<K<;`OeNEktyl6u>P5p<I<g7thS{|o{OB!EDYJNYjl8n{6u{1xAo
zwk?jO{UFUAdzCDcdhGga{k{go+E!1^`&9iN*^rM-uzC$0S6@6-br%if(tch^)K6B5
zR{Q6CDSQ=Ql9_R+EC>(Bn8G9#3$PfkPqv$REOIY=^K%8P*BRV^Kgk=t@ICgt5v=Gh
zays!x$CE~(AC53;J(5*6-yA$Km)xw`3I>D8(JE80K4}VSO&4cUwDXq<9$>%x!VE5@
zz6$Z5LklB|GY{98SiD7uEX<+VI6A#;=IvElf(=R4!VKM;?;U(^F0til9@kEzqDdeL
z3rYn_5(dZD+m)p6L97HQItNVn^1>wD0Ywn9OV;wYhJ#@^_^TJ(J<+-nKP*;R94!i7
zL7ocM*>o?lTEySv7G&p}(MC^1mhJ;NL3}Qi{hUtRVk_2|uViWqUJH<WWC=Cm78I<@
zj*4fs;>+OEGUW@EK1%{RiL^i&wTAxC_LQ|ECMrb|n+DHULy}k9@Ad~=IJ5aew{alL
zd;T+6$knTq&%>McHnsI`$!41lkgv6r<-!~lkXP_c+R=FtF*r{rcdujvP9vvf7vq7|
zypt3$Deg_s2;tIJ!`j9VcM*Q4*gB}Iy8$m*LTZktx!L3h&A<0%;pS@INef+@Lx!{r
zZ)j#lM(}8c|D52_Okyd5BU8j{?pmT30fF_VJq86_bRB>I6+gDmzEUWz2+AMX8Te#0
zm#lXAzYDn5+Jkr%UBO9X90uke&9PvTQZ6tPiHB8rb&CHR#IUGZ?T=9<5vql2hk`N5
z*A{~b)gH?SVok|F{Se%W1hZtdm?wXI1#3mpGfIELfz|eRx;o7g@kq13<Gp;1Hb>8r
zi2PKQsdkT)xFU?t?Wa>^K?%Q{yvy<=x;uJqv}^RtXm<28c0M(#OjZ3vs*k2eS?HWE
zNEHjHLbkw-mv`9jlJmo2FK$xyF%fM@Q9wf2D>=j>$KAXYPOX+%^FZD_yAHrU!gxvC
za8WpIU=?Yc=eksM?k7BoNZhw)lS3eT$QeVi^sq^5%SjJ=$XGE+HbQcOb(S91Ir1f4
zr-wZ#2k69&y5O&p%GS`F?Q)-R4HET^yB|Ib2r$w6eBdSBC->&tAfqo-NNgvAc|c{{
zf^15L0UqsdvVVtqLTiguh9>qSs-X_ZI|X(k!;ph|2Dm5^DdGln@?Cq$@UAIEb;W}i
z5_#2BmI^s@2_}ejv6i)eBk5`da4A050g>nVTSp2B$U@pSc}x;jRwhXCbawL=SD?Q@
z+}ssa2|_P|&2?9$4HSMDDj%2@o#P2j&Cm?7@c%L#DLEg131nr4gGY%T&D+;>G8(XM
z4dnX;H69<~tdQ{+klVKELBSZ~F8i9j7PN8Fib~!ClAH!>vh_xN4GR{RwiZA6YCEA{
zlb~PML%&Q-zY3vWI&91gPZIhiOO)S6C}3chCxp#>8N-2m!TKHZSXaWmuJc$EGsMY-
zmcVWwD{dlOf<%)|1E4IX;jk^Nj%0aEw1mAbm7VS_y9d8f<lhhM6s`<X=^?-H+3_=l
zSRJ<44iml*lxNfWG1m#2)WKhtlu~MmAnYWT$fdr}0F6<zh55nTRILv2w`jLI-r!N>
zJ^ttUOJa2-k|%du9VAaa`=nRLJ02ZLSWN>ATvo^5jEWW9*zb*wt&aEA%cLF3XTjpU
zpcV*jKrI{;9{mOr!#d!w3{UWbCi|EAW7*P#d?PF+uY(s^2e|RhfMNvnI(XME1J22d
z;O30TD76TnV<Zz{5%|IvzsQ0B`|lF$pXmvw)ytfEI6y!p#vMX=K&jCF6ovLB5T9)d
z?MtE)1iht~-tY`M`L`z9)xMLY?G$Vg^nQ^d&*M}jXT09@BIv!%>8s%O^UOHv(Q^Qq
zip)wzZrr%hqk!CB>ww&v{|tRa{Knlw0*B)GeTByF2@Za%ut)HFLR<WvlHCEn1+On1
z3SMUl2A{{3>~lH%3Vzos{63e@WF0hIBKUo?!tcLu{iXQ*A4~s5Qs|rq`={wYes*7-
z{xb#1s85!ne-rv&(8*{{mi~h^|IYNkUx)Rf=>NqI{pZ)A|6C=}|15|84^E>0T(?~x
zFhYeY1!u92FXmueR%ZZda+wKd*J76r0k8-@N@8wvpnO7~@Rj8EC#2v12lWHRU$y@K
zANm1+r?%>t5+trCXcGF4+D+>T8e;ZcM^Yb&2|2il&Bh(N9u+~O5&VPfJfZtCz2S??
zCx!>YZq0%rSSnMn-rhP`Pl0kYRwoI5o8m>y#UJNn8x`eTj}I>X80o&uTQIBIPs*xM
z1F_OeU^C(Eh%aOFA)21N!*OAM0<u0-SRG}Ov@P!-3$dG{ZcthjDU}3gCm`kTT`*PU
z7AbV3d=ZSt=9AJ|=_hW^C#XPL^cy4)C`_Q&s#q1ME^bD1@j4ylOaT#B4<R>4o|pS%
zZNLs5knHTMY6I}~W2;n}0Cg0$qX`&w5qQR?Etc(s3Si3wYhW%afZVtW;7n$)5wW5X
z?;cbE_M_@MVS4wIfFM^ZHO8U_m;e+3hbW^jL>a*`wsu_}N`N!Dk&$;)1Q4B&iz47t
z1k{+m`#(|sM{RS0y+@dk|48}Ykfm`V`Tro}73t>RSpNSMO|u9WTK>OKD5@j>A4c<*
zB>(g3B;|iH7M#5Ne?fcszu9Tlk^gyr((?Z&oZa^o<$tPgBmYx{lK%%LZ*Pu%?H}xK
zw-LPaCHq?}A2rEm@NqikCOisNxJN8@Csu_|bX4IR26evGNy0UCj{H?Z@e*E$BD#eZ
z<%->%WVVa)?b)gVajSXL?sJ-O!H4a==QGGo{Ih}wkXdoX`c(EEQG)3myxOiL3WpH}
zPB%lT;>YVhhiV-2;T-k|I*^@Y-;m^G2PA|oXKgosS0QZCH`ZqRU-h7LW{=tB7QNAP
zSbb4T-#h~U%mvxxeIyHlqNw<=po>_V9}!{D6JDC@4Ru4!EGDS`kGXS?kE*&Be<qob
z1Og`@VALo<0f`C{9!f}n3?y&{W)!QaZAI<%idx^v3}6);m>J1oIxY2TYah0>y>0DN
zv=vb+%m5|<ub6-$pg_O}GmK*J5dtdteb+u`9^qwg?>|32A2R3cz0ZEEy<U6mwb#bT
zsHXy0V*G8E!KX~S$_&hHu}3X4@T)|V*^vrhi5Ym4W&HJAq*g{^-V@`mEC88%W&CwA
z|15u4-8U=FpCcPO(GQgM*JVq%jsG0SU1T-mR8O&Ijua!Wn1Rn`d4V3CGzK@t9;YUJ
zjn&DJd*J;dL2ncTu!og)Q*1MHAak*4KXUA!2(#Ft^I`P8dSzOC75>eMulnj#_Z6A4
z<h$a-WqjH(O@#RzdGSBU#qoh}@W|m+9py^DI9tp|&b3Kd?bM!b!tR7ka_PksBL>hY
zJSoN#^b$(~lI!l~`m>!z33sI7S_6QPyBk<a-DXY;yKKX`7tC44@wWZWXqR0gQ|c;Q
z9@7$+6?tk}oMjx4_(Y~f1t3j2mm%`xpG*tRW$ogcaX!<s8t+GK>0hV;=%^`K1zgM(
z>1qil`Vk%#)bxSfZ96#AxM5<}%%+-&s)ugd#|n3X?=9-fYyc6lH}wY4Aio%KUB>Oh
zUB-e@F5^A{9OlR7G(hA;z~R{C(pZR<bjY1w-eFzV2CQDEYb%NJqY)~L!Et*wi*%>9
zs(&+=`g#Xon`$=qC@^EU9>8iGNf6fhnr12$BX&)*NV%t!B{@_*is#iFlWZ5R5vZd=
z|ANvYQ{774DD!QSU7-cIe$=*vs_h&}b!pQ(mF`wemSasRlVa`)&+tDqrY+0!jk(LO
z2oD*<M75#(tuPx~APV4$*!saH1&<^(GNYnqOw4-$r-&n2o~biJd=0YGyV;T0_QA^2
zVuZ;b@G8>+tu(}EW{<h>h8V8H#nNCl>kTD#NG`zboD#B+f#fez_FsaW>lbs9eKt~N
zolR+qnVUkJnRw3~um!Kw)1KwITR~MWS&|VGT_TEY+1M<46-x{z?dJBBZA`g2QqT!}
zH<_03?zsJyUa?JEQYCbC`+JBbv2-y1->JqebGU9eKz7tM(c5XQS<Z}NkH3%De4lbG
z1qPJ7UzoEHFiwn>(3HsY-QEvjcA18>SmSxn?bR5~kKg~B1;ZCksw`nx<SJg}ZbHSl
zV?76fl*;^x<wp)#>Z{ZCE-vY_+&7cNYPxUMW9WxAhDh-;4)1b{Ac%>+U*N3x9FNU|
zsS7@_2Dc`I^$t=&dJi)K*wsh;AXclYV>i<S%$O=bFWCESXSjs@Z;>joyBQE=@0PL{
zTd_P5iftxG)Uoz(pJ>HVE|Vb(L;P|*REPbtzEdljf&Fr3j4|<xPow4IsE6xfy77s#
z;;{D(>wBkh9*QtFrfK+H9`z0dqdm2(Mol4>yoV<KH##Bl5q66E{@Z%^Td|HQxbPp;
zL*MI+{fNxOyBRf6iT9=MH4qi}aO|RUnVaWxg$*`|RFbg6v8(x7mcOkf0)i&7{K)G%
zUX%7riC6G%$?F2@KFQKlZCXslWp(P!P3D;$6V~EHF<z$RG!p#383U&%lm!1vA5&@!
zq_4^KK<54g_H?$daQx{mzh605sGl>wR|xLFbb{jW(J@uzMWrN}@?sQ^cqch4r{{al
z5caEr8po!S9PiH`k=y3A03y5bqeEQm=XL;N(7z$Ox5%(lLc(2!=-g)ti7#`U75^i5
z-F1`Q;B%WyVM=y8D>i6LWx2+jDnSue^Le7|CJ-FL;zLZEr;*+G7N%wQ4r)SntBAFx
z>_&-6%kF+E`*3VzJ7Ddu`ovbB4aU_XQB(TWocQlgBfm3b^FNd1j=b4m%4Yu_5v9gf
zL^B-gVc^ZgE^HB)b4R9mr6TOO$YsnQ6&K632xg@(HFETv@OubmmxSMwh~G%&Uv-nr
zN~<FNs7U56fc`o_KXN?KMdWxcVyC28R6>c2u=GYHox2p!i_b|)=ZGjxmV|zf8utVA
zk7pX5p(3G&S`wO#u?^@;9gDbK-rN!5^3ulG?bN~%TjBhskiHpyzd#`FOhLuen|=&@
zMGH0NAdhBtlhK?buw?Xog44&zXabQQFQc0?oe3>_wJEYu{!SFx5fRy@q?SA4U7_0%
z&hD0w6X8s-^yzVY2Z`XxEXW=8j<uyc)t0{}5*-m&iG-eYMR;r_^M!oIXOqEla^95B
z7hnPq4O`@MGxE98l+Ogk7WrJ+X36K~*m%Z|4w;hA?`wf2szo-u5be@M<QK|WvQbMu
zN06VLQ#$OG#h%&H8w9R9En4r(5Us#a_LOB4D|EbwO-%+U`i2s*3q`~Z<@7|RKwT{=
zKuVyVCj!;fCxp)<Pv7hm!a0RJop&Y_1OcVwX)=Dz+G3_&{GC$%OYVnpI|>b0vxpz;
z{cljf@?ZKhk0Jm*V#$+XPfEKYhsT|99{x*%X-p60x_s1tCa)95O;~ZJJ(JsnShktL
zYo;T!+P&p+9}N2H+3JL7*(b5zUBGy{1)x<Y*+hOdyDAQG4N6!?4$dq}#!FypFLWO+
zlDNd*k^UB>lF$y|by0#%)TY>oHKs%NP<~VVMEc|Zu#~$e?OrE6QybBs#6$;&wk0&Y
z;ci30++Ne*#SeB-sjLMrVQ&gOa655f+Hey7xNFuZiAGb%EK_!7u{yiq-%zT$9s7NG
z@;r%x7p;v4Mm_~>0A1V8G5wwafw}lExj`*=n{-DD3Mz8H6%_uq=K&WEDeB&v0{BJw
zMv+%++S+^B*H)d)ZGUKbPVU`gkGHit(4hqnGJLnu;w)>{9?2Dvjl+Sq<ZAP&Nb`S2
zzFaIB(fw_ms4KlVU@}*`H+MTLTz-4Eso!~95|@|b-t)S%;)oV#!OMa1Yk}9~A(YoO
zYj}JekLh@Hjci}F69k6JKh+kMjG?B)T<yykzwgi0cJH05dH7wluVafS`uEP&KHkSo
zPyP4V<n;mdn9ZXWe1xH^*BtfwU&&XydR>ux%~h{|O}_R}uM&M)eVZq*fw`=U;_FCT
zPRl!e>q;B?)31z%JxitZPMc(1Gsc$gMc{jUs`9eUylj=Hx)hKTXeuwq%*#=Es(*o-
zlX-SC&#v-RX9HI!^K#9+T$QJK9+;NQ>tW{gP<iGseg$ig*PVH0US2#*ip+IjDD+*v
z(N)o^Jx*wVg>5of!K=xQpGS^U?vVQy5Am<S9NA*W+W<ARSNYpA;Z4eXac}R}`AwXi
zrf&3am<oC}0Xf7=^;7NM{>6O2gnik@?>lp~ojaIMei!XjaR0!9`%alnEhxTAs>9}t
zewBPRXH>33Qn}`go|$|#XH>Lum21vudGb|(A~-4eny(s~nS3o!uM#g*ecMyL-kN;v
zrCw!ysB#O{>%+;{-s<)H$=5#W^{2^KO<n^Z3P^vg(iUxzSrC8-=BV5vYx1_3h*Yc)
zX{Q=|0Dl-Yd0R|GDprWJ(?p~WYht&Uh*Yc)X{U)u@noKfNW}_~cAALvPBPC#q+*3g
zJ55A-J(*`BQn5m$ohBl!OXit~RGg>Apg<XrC>!#+C0`*~alXn^a1BU69F<pK<`t+s
z1?0fblX*SOyq+pgK|Jt-WL_^bub0YG;15W6cU5PhnOCUt)LaBS$-LfXUT>ABCMIxO
zGOv%B*GJ`<vouZVhm1ip^R)O_Qk+Pd(Jte<;=dz>EfN{^g$NqhSSbwo;|E0gaj?F&
z-CLugV~s~}IXWWwTJX)I6to>moS8`;)zF7xx}K*LBM#46>pObZ`~&t<d}ewj_Qn3(
zH&a?#>sgUDivL^9nf(7}O6GRw|6Vi-d=EJgQ^TUSxO^jP4$rJ~59TiSRrSmw0+B58
zD_-?-lkN`Kfp;`7^R6|vmo>Y>4jU0;MziiuR43WE=UNeA*O}})aV1}P%5WS_vkvc`
z#F*-3V|z+YUUkFRo-QJ;;cZm0-aB19O!FG;JrP#Kn!YIwOz)pkfc*V}G$1ce0aD}@
znh+-?KlQwT+!{@Yh`a_nH?c=;+Nzq-Hs1GG?}=@(dy9HxnfsX*yk=Ron(#WXFexvA
znNh3crT2OlH%7Y&e0C*HoW<7V1xK>$ynnYP&NSP{w+S2Fqw6t;XaTvH(BZ4Hm3lwm
z1e>j^)Vo{8EQ%Z~w3E>P3O5o11awWLuwDjq1bh?82g>|&erlvzP;NZ-y=zMixcqII
zjK9-f{hh=%;igCQmu;d9IvPqi79@VVT!^r_-tAac(%1JzskiO#rBi$l^`sx$SfSI?
z9h`&Mk)Ck8`|3#DT;H4S_O+Grz2`&mT;l$N&7K}qQ=a&hw3pB3xs54`>c*9+DdJk*
zNpPXKxmDIo=d>Uv*t+81;!muLrLcmxX<x4)fS$wOW%riIAkH*3w&GZ?JD~$HYjnhl
zZXqlKB~<*p)Uo|^XS=PZRebbWKy2AO6Jio~Je>RA52;yPVIGUPHKLTTTBU?N4B~fr
zD)6I51FL<aMq9<+t@jD8t&Kf0f@w1vYXe>0e3bMj@Q*{uTgYPSOD{Ly2{|VQ){1Vk
zpCr#m-RCUd>Op1gc5hJ)izNSsSz>Hg5qV>sy)#KRX}?Iux6v6vvo|?{7S-J<@%c4x
zD))?X7#)~9i>p`RHx%*ADBsc@9=@u+H+XQo$9`9_uI^A`zIlwtYgNhl23QSfWS;lQ
z^uFXg$P5k!iI%xpzW@6TzAtX@mT?z&hC{2ES&Ot)C4HrY<QFv7^zFJ-dL-@bb@&&S
z+N-t4a7XK1_Mm`X&bQsV0`q1>5FdloLIw750&;j7XoxH6z)J+)P13f4x6`0L3*G}w
zc*idThZu|n@&kZe3lNmZ<gUZxX9|k_qA(M-C&!QPdXmr;{IIJ|)~;yaT%y%aQ%`q@
zH3e0jKsGEKCW!k{5>x0l>x0=(#Gd{?p~>EQvm+-*lh$75+DROsIZ7@rTfJjzzRU%r
zdt%K6vItUAg|`=ZOX|ldd`i*7_pD}2dU))6GAXsGNjZ@oWZ)J_FwnQu{0w7#@$b_^
zXWi)r8tZwIfqwplInX`%nFDR*EfX6p{}p9VOO1D#)tWipA^+BR=Z*cpj5q(Z<L#8W
zV^Q2~VuxDe{WvdkynA{3+VTGE{!D!ShsgZ@_56N-N%P;I-(sr=Cr9M`lZ|)wQFDH~
zdSs6G5O1d%uND7G_~TReB}d!>1y8X?tf++btzfhkEI@@eMT!`&i1!E2OQN;Nr9hSx
zklh?PSjWcF6EE?L^#`-a(C6>&os}4<*6&zC5TxsEvajNAqr_Aci%EgVf`M$82C81j
zVztZdJsgz{kjXlAP3Ia(i{*l=n1|L*U1pzDb+PC9s!Kh8ubSw+mx}5uxO*N=%Bf9%
zZDzRtq&3pAwSS=#uhB+ioP+ge>EZiqzN+kr#1{@1UXBvemB^L*ppS@&%HNqY|2kJi
z-206h<A{H6&Wo&(*<{!xUge>o9e4H4(jLLt8;<#2;!^nl4@y`_xk#$frgo9INN8JZ
zF3(RC;Fx00@efg6lRU@!y2WNfxufq*QgMs7Uk#^A{N0@QW2J(+$K!Rl)12osb2I0;
zfVYfzUzzrBCI9ZpoZo$-0V#}@Gnosm`Ta<StBgG6{O*!>i*2d-eOD4>e!t*B=C}N9
zfko+Y_=R;-%`X=*YW}Shh3DDNllj#{y`R3bcUGuoacY*exyw`YI}}`%`E@L_pO-Pe
zf0r8_D<pCUCPtZHXSn})YJx3)Fw_Ct?&Ic{oyjrD`2{bSR_j(KE<fQ6dHmZ<q$r52
zFuJ&nn<<=OP2rT}6n<8jo<g<!Kv(JVzL7YGL5tJ$;}K3g<Y<qrFIAjJGM`UP?RDV0
zxh`q(j#b)areaWI?9D(h_E;;{>Dsh*&YkI6O}o?fS>l(m3uJzepZt{_=H#E9lR5c?
zyrm~0C9j0OXPLAs3w1TO4>Pw&`8-9Tw-C+BHKa>lO~?uPw^kJFM<e=+tgx*2R&A-^
zfy{sK4IZ4_WRtC@k3SvWD+WAv)B4Gw)7YbS(-JONausdh<esA~`ICHT>{yLG0(Q{h
z3g<SQk(RHZ$2EDF^tb8JgW1u2cK<#?XsvSPp|ifuy>fQF;4S}Njii!1w!#SBOJwK5
zW&U?3Phso1$JB;v#tDY?A1_aY!B|z8KefR%E}PuK9C^yY*v#poNRF$bt?p4C@ELiP
zXK!iz2|8pQT|}9jW2%$%5S~!c=2=LerDln~Y=euDl*@Y+-H@=s*^zyA-@Z}C7tw@0
ze=FLxF2_B>xqs=`BWudCLYuUmCA<FqP1)M2S0%|INzY7_n)3YnHOI2T)g%p|6dG-_
z>L_03xmgqGA^yQCT5MPBVy4$++{p$9J|dXcACJVHOiz+Orsg{(uXlboN$sMKc|<$=
zU(2tKs{f1py58!+$>o=xeG=6E{8JOPCue1%b~$fp)K1%f<-B`pya(>c9IyRr$D8D8
znd_5zlm9Q{z1`};$;W%WEprgb`7&wK`)##7&epgrf!$nqB5UDkHOs&_hp%%4ntxOI
z+t>!@O||$t7+DdX(o$70zm)BqpX=e0DX_E_p+Aaw+vF?nG|UbUoQdo;S0(uvwH-HM
z7?He-oc<#a%HvI*ebBXcm&mLAH=y<(h9Sy^XY8!mEEAu%CD!prio7UAHc-UM-*^q~
z1iw3lyeU=+@Iz{aWiANsBeHt2m_%-KhrPH?yh048+Gc1^_=@KiSD1hj;alHG6q@>h
z?6J=V<B!D#&%iCDv&-|LvEJW#%rm^HR(MdBI$<IU+7DubW(s4Au0-M-A<Ay$oHsmc
zEkk~$Hx~VtV|{~NoX&giRQQyPhl)P*#BE88YLPAuP)j3GM-)4KY<*nL4?|nUqL(V#
zLjSikCGSLbDTU2?#)|d7oS0EtJl}$=B>I};6Hd{{Tz%rHf}PkeM~_KVUEmpAHQD<?
z;*zA<LJM3VZ3wq6l?P?Mh!5bg{Ox!jeq6>j^e}G$HFF2+rCvLH&gL`@xyue|k8Gf?
zOmlwSdDx6EmmN!g7fGC=(KuduxiEUaoOZ1(f7@+*ZXBv9JLERraUOmH;o~m*Oh-JS
z)EwSXzJ)#DOn_Bq!B|U%PiZJAR@M;zIwEDadJj0u-gK626@FiL1+B=z-y9cSPi4Dl
zkIR^&IjpPI__b9x6n)ijL*K9D;TR9c<e`fP!a|o6HK>&^{@mNVZ^};UMmK)c`BNM1
z8apGKQno;ZF}9IiSQJw-_uX5~NmDEGkwD0@>ZDma5Gk$CXUy>y#_l#=b^70JbB1TO
ziD4|7$Q8BJ*zRv*1MJAn^>(72+)wW((fj*!|GQs8Amv+#v($IFR^;ltf`ha6Gx_5>
zle23zeOF3ig!h^=OI7M9No|qTHkDefQfEnOyH-@#S0&!85~==xkJjyMiDH8ohRgH>
zS}oEKZ=XW>@^=0fmTP?-?Gn|=A1&3pBHs7i7yttT0!K%**mIf7*lrG~^UClg%zI&;
zt8Dw+<ugM4%XI_uLX<;Ak$msR@>#He&*H!4kCcsnfvq+63`^nT?48U1Gf4;SLI*<?
zI?A?=MF)_|-BuASu%7z3M4^B#e4^Px53C>}{I)5UfC1HHbC=37ZR9R=QG))rssy{o
z1s<$vlf^D7*1mP#xSaPRRuxvj?DDtOwl2Q8rqTE4Ey;;)_nwnsx}!IH(pjGOV|!Qw
zcC$xDtZeL&X}W$WJ)XGihS2|NtN#QNili)+)sQoEy~T4mCQD({TvbbP7v5KgccL`F
zJzIgFw#o)IkF1)^2Cx`;C1g?8I&Um-XOgr%3q|2vWRi4ZUisUJI&iXTvIAw3N#u~Z
zvm!cgzRR{#Rh&tFHKKyq$G|qEk+ZN_k5)U?6`y$bqe8hVHrEv-G;}Nsj$%+8jpB94
zm1$7)`cnk+?0=-;*e?x7`M7R<Vq<ItOUiV-(Ud*SVZ0^5RztaU*7tb+m%qKZtBc*L
zMOX9tFl(<Ld<bZGCQ<vLXzPo+vV5cmbh~<Hv8V;UYdvRk&SC=IV^{~ZKs|?`Wq}#I
zk=*!TlKou|Yd`Eu9o(7V@0zSF?L#87G#dYN{g%SjY=U;}<^6ke71m*ikz=jyh{L}~
z7Oq%BFtS~Xge98qSF9x6p=-@eSsNZ1<sATXbaFpd@ntW^aJNZcg8OMm?Z>ujkMyIk
zxgY!Y-s*|{*gaA~SA1tLHCDQ#{Xlk68LJ#t2>cO<@LVd-ubR)*JO{6!NAy?eX&IWC
z)!!<*$f*_j3p6fOFLEuJGVYniqi>D@GM^~m0aGgfg;_aGYk`l<XOwL%_&#6L(EYb3
z0dp&Wxitxxt<;ces8PKf*HGkq8j{OF7)6$y%HK3A=U!Nr`Br*04Lw9dR`>7C?EZhK
zmup4(Yk}FkxWjYBc~Ufh6?EO4@(A!i3s{lJbB3yhIJp!W;Xh;w6E4EvVZ4I$*8&6i
zys1`nc2fhW!M{~Zo##v?xDIqCfr37xPc@ZyKjB#wkDJ}&uNL@$*==S^3$~I1@;-M{
z68W*;e#QhMi%}8|cVC3ZHy=d8gma%3F2__QO(ND<U!vX=YW+>UT!F+_0Yui(U0>B`
zwbvu@2@c6#&t`>IE6I}JlaE}*z>U|-4(s6?ZPgu341kjcG;}!5;aKUVmf6cIPT9+b
z55%r7*#6jhE%-4VQSE%d18!=?qQ2#_g{{<}W3iqD7Kv{nkAZEo29`9{S_6}{S_(D(
ztX_^ojpsN|7r%!bdU?l<8L)h+=c!=%A29{XcdaHHYoB7)yJ4h5wKNaZ$DTA+D#u97
z$*Uy#n?~YgXVUbiAUjPToRiV?h*LIwCMPQtcUerO%6!$#LlR_h6$Cw$`|Hfg+6qoJ
zj-LrmgmUXMOFw(c(s$t@r<z_!i-P4qy-nm0=mZEj8NDz`kk=>-vW7ohy_iE6+qi&2
zg~o_28wl1YqeJ{ca~6wEK8v3~Dydm~U%jM2X>yWZalAeL6ghP2)fD^eHYb10tYpQ>
zDw!}EwR$cP`OXa)ld%G7J2_1q{Y2rxw@=n-ufyuFXMD!Io1K010vR{3Om1l~7;8&o
zfGO1C;&~=wR&63B6bIc)k|}EA+pJu1jPdSEyozF>jCkH{iM0S=hG_lF3Q`|7Nq7ZQ
zezbyVhzt?^T3~~EQL8j9aJ9@RR*J)Wl+6I~zv?Vh8Ls>x19e6VbPAR#Eg*sx(B$16
zA50c)-Dm;38$<ERjkjtgI0CL>sYqv^T0z2rIHe%vzW1#R;9r2?QW8DW?4*b-JmQw`
zV2kB$HQDR{m>zVFyDdz#M1!}I6OTfKp3%ukP`fo?Vfn^bul^?b)jlEZCugABzN-R%
z=DsTt%mUY=4V>6ib+Re$=1d~H9RHvFgo*4=o&g#$OV&h}#-~zES|yshJhg+R1tc=E
znsd(TBzLiJDok1WwBP|0-FORslr9$kGYBCds1S{58@uV2(^PPslzWOligLw(B?ljH
z)KU1N1%D&?4g3KvE8;=;IXEXftZOj*8tdbCp;?!25fpfgTc)<@WsS~?L-U5|wzm|r
zuy7x3>2SodOX_fkMTa|vzS~`Wa~oHf`@!a#=R#?^H-D;^RgJEu^KAE5;VrP6Z7g=5
zy(46^neG13;PN5d%&l*+RcpZnmcDo^f3Oy?sei<?737)_c$-cA5~WD86q`V}IX3mp
z_rx|f(RBhmU}hLy9ue0gR~K3#zGm0(o9K<cj<*q4g(ba>aD+Ljx6uynJJSND*UzF>
zU$nHLQ2EU4ut`SH0ilRH$c}7PPMoymwKZExx^k53&5oSzMeW^-+RdWM+h#{@_o6+z
z7wusdRSq^g^12tz?_M<DEUJ8Jb`*3k+OvDno@P<yMzf<=_o9W}ix!$imFLWk-rbA#
z>0Y#tSyVa8?9f!+Qdzu7unYw;1;D^s(iFsOW_jhvWI{9etd(a1FkLjqENae!f@Zp?
z0${pmu31#MEA3FwOczxEOc%{Fiz*ML9SWN1q6&cNq6KDA<&?BTK{H)c0We*(mswQ#
zA?;AmOczxEOc(8K7FDiCI}|k2MNI%Ey^UHmvuM)Ws8b6(2Ux{_2pMBL7H{Uwa<>!;
z&~1%E0(Y=d781B${o-y388k@@5G`;&ABYoWCHW_FqTJijs;2O_uoQgoc1Zh$6gE8@
z_nO4;Q<XWP|6Y?Aes8_*Fo~g35yM`S7*a(|Vn`J=iJ?*v!(NjZQbkQ-NEJ1Sp;8gU
zUUM#qR?roHOf{R?vA}Jln>Z)^c2z1QGkX~nj}*x>JC-hLB3Y$Evb`pfrHYzJma5f6
zvPy+ydrc%u6*W8dSQ3*>B&*DeFChhIN$+5h5N_jI*q!pE%)-Aq{sHHBlg73^vd#<Z
zYkfz~nxC+j!gUkx#a>S2X2n-B(C%9;THr6F#iF}RoAjUK@|(HAtOY_+AYv6*c0vKq
zJ+bvx=G`Y|UKJZgW@1kFN<9-|Pg~zqocPVTv3^!&$qAX>KGvch--Tl_I?Gw0d~s_y
zBrnQzC~xobw)`#h(a{`JeiPXI$@-ON`M>?R_hfqVw-+a-lh6Oo@2vmh_y10tncpm;
zePw^Y_UhGWXeeS=9L3gGs4W%c+&VQB9#9}!^(}?VbX%(!7RLSJNH4emrtzJze**hp
zL|wcbzfGxf<MPtEzch2Rs?n;QX70Am)VDsBs|BjeoFAvZn`?c?x;oz1%>6_9JKg%O
zkD2q&bk0aCXPB9DAf40S$}tyF<HpdI1g9Nmq>Bh{$VOchmPO9l>F&Ixa$d;7iV<HT
zxvRZ(ch%f_%f0{U9Mi)QA`;Q!L$}Vp=MKF9hdlAV<@17c#ZOoj|IEy}HJ!7_s<;&R
zl$p8qbnea8cQt0tgmlg{E9V=Mv-+m``|EC+d&gaLMt_0dTkrYK-M2c&T#-wE=(H^>
z{u;zdpN6Juuv;x-#fU#`=Kkm5)XaRaU(KpmZQ^pAif?<TbDLGJ7Ld!!$hkS4^EWGJ
zgPHT+>72)`8VTT<U`u&ib2{q*vdT9C`NyNty#p6V*#^lnn$3HEIFgYrILoX9dqtMQ
zR;?zgO0A|+Lh|1@XZ>pNxiFtdvYvdYCx(+OM<r&t>U0_lG^-Y0@~JeHOT}hx7OLiX
z{IBA_hyTK@U*(s}ZM$yZ|7!kk<Ns&;7v20Wkpn3Qx3v9`7`QAbrf?BD`y(8o{K9h?
zW<<O}zD$=E|1x#ouiD~?Elx-bc)2WiCg+RxV5Rr&wRU%sJ6dM_YZ*#b>^GRZ@G;17
zvk(&Fxq;`~xS=jt77bW4Q`UA(v42pedwaqU=EO%ydTM`B#p{igNPQ^P>NHHel((e+
z8)suuBQ(Fy?)Lp!fqX1Wz7O|)_bO>RKl3~d3&7V@YL7YV)%PdV_w0L_{aI#ng|ayb
z=DF1s>Qmm4ZXA0vYwW^uUlh5fPLzlRv)y|D-(MhC#SJoNWR|W0gV`o>RW#NQQy+#O
zSX=GuI%|F$f$nH1ET^5sF1&hs$|9tZz2-UVSK2a%tL*8F>Ytx6IJ6$@_!Te&t)@xB
zkyF2nhw;r}e3GKxGb=FRwdLK+@tN>yA&r`+o)lgqP7kjo-RfJ0$IS$UpyxZTP><u`
z<*OQ%GRhtHwzK2{Qj@sGx88xT&`IJ4%Z@~6{SbjyR$!y&AaEL`tnQ%+iM_z;9P!{d
zX2DA8IgI6f6mvfMc;F@Rhf!YqHSl|K)@kAQ=)M!-x12O;_VeY5_;$BSJte+P=~f?D
z#tyVA)K9I!o&KZQb>)Ie(tj~$$f=b_S&nY<T!=4rL8<ou&dmk*K<}#!M6}@V!2ZNp
z<q`EF2HQj-dn4*?8E<@DU&pbq#CfVdIor}`t8K8$&XzPP9$OXL>aVO_X1B3pUFv<u
zu~M9@^J$>f6|Tm0Y@J)1zRnq5!2Q~+K0O1)vrF8;ZKZtd`H;`OJrjMD1N=5m4=O58
z{A{IkyS|XQDF8k_hk(}d-^AD6SBw9_Y4ACG<!R?5d+&+!kwqHwQO}nr&c_^;ddm5D
zwk@+hJv6C2B9}%HKg`%>teX?R3^=Cw6|G$HHT`#I_FoV65r2aPfh}CgUcNEYBYF9>
zhW;A)ZX@c%>)t;QK`;%U1I^931c&eFNbhdaJ^9RsX1mnex{{c#?1bf0jGbYZ*5x~L
zsp%Z(cy=TkuGw{e^Bo!K{iBpWcB%K*aS8wH`^09n%voPszJ+V45<@aMRMwORd!CAC
zDt*}Gtk|geB{cPvW%e`O;Tg87k=|V-dh(|Dsx;b{4Y>lxvYH89RhN4EJN@gj-MHr@
zzpZOdT(8hq=ers(WCDGtQY*Sx4!Q#DP@CG!wvN3HheMwvNVNpQz&X(SS@}lxo!QIg
z#0V8TLD}C-X|(5!RQ_WC&t9(hBLJ!IDH&*q%xEUJGv!leipBqSXU?yZHzpH&m5gOG
z^SRCBC6QxBQG-rrjysRJjBu*q-ak_X`ZP=v+0tDe9seHxk8bVhq03BMH*v~{&WYn}
zgm_Ew@7~WGIz2rsr12DgPx%{~F#|r6AorqLeo3Xo3YHDriT{|2*%5y~*<>dgnilw+
zOn7Sl65r8_xoVy_JzS4fs<FPxcXX)ta`HSS;(xN>l8&0^CvlsSO39X#vsH=~{0Cp9
zhpzgMGenl>XH-Q5h{pOKNmbwH!)r=xzI}UqM`vrn@1dcnl<dG3twHpaj+&oL!aDVx
zWJZo;uwjzS(32T<$(WGNxHOrOD;a~+83TEQ1-|WgnI2}z;YLJ<w=iBKn!2$bG15x{
z@8HYjkQBLM?E)UK8k~Fahk_dS4jp6uj;J($$4%vzGbv7ES0=?Q$2H=TQk-gJr`g8d
znO?C~^Y4Nj8KS+UYN$t?DR)Zd)CT({akcDEAq(;u<qDv;)?WzudM;4#E-~RfKx!z&
zbF;9cX6YoGcYYeaM7*9V@s{ha;;U;eut4jb$`^%&fsG3$bkzKi85^T=f#!lT1!B+n
zsu8<P;hAP5+{3xbZl{qvvk^iB(^JMYRK^r1XkS<Oik50$V}b8TPi@u4YEC$4Q(D7%
zOJS+~k7gP-6lqhU_~YfTo7&L-5(^kP@q?(OHDO1KFIs>c=}DAoE;HKb(54Vd@SaT=
zD@r%pqI)sI-P_9f$gTXY<Gkwz&PVc_c#X8pbG7kBWR4$2%Khz_Q||u+Q{bX41$_QW
zvn_m|>PEHiSWh~}Rx%xF<ZnSsK{EsCG1uSu@caS=c(JKy&v(uYkG+J2q^s;eYzzAt
zv^nm(2h@a*_=fpAbb|SN?)m&eI1g6idb}#)w7n8PmjN;VV8Ke%yf>9!%q8ql6M{)j
z^Q3$j(<E^!{_~BUnf%9OJ+nxIt*m#ROkVv}rJhn=Wp}IZUyxV!gQw>&Ptx8=`AdiL
zEb9SJ5e{<>OZD_<MW2AlpPO}qc#<eS!vS!}ZHpGnl107HSr>HX3gr%&EW>Q#%GKk(
zM~Vp?a1}pt1Lxe)=f;7fcy5B%`Hqg721sGLq~t<!k!(=VOF)iBc$-Nd4X$(1B%noO
zk25rh`}9yrsHN`r@enQJ@M&htC-1nzH)lV?RDP-X#g_zE_-lq{2`dTmMqA4vqJ@OP
z&UpqJJz8H!v)2ruz=GSY%$v!yKa(Swvs0Nft<0%p=01Zj)zSL#smzg9<}fmQJOdFQ
ztv@G~iBr-l*YZiey$s&=Ob_3VEa*p=rDt4LcoAf{xfD|TBTELs_b!F=Qx5ZUjPmC7
zLdG!yQ$gkr4bKi=#}}{jMbjUBM<L!V@{Km-sQeTh_7U(u5NDjmQQUroF$~W+eH#UD
z`HtjZqV4vL{p-K6o6&mG?c{#_H@Tjx(&c-6efb`q!G!x@6g9*1PQsjoCo};^$auqy
z@K`R_+NYQ8jJ-Yxe+6w-r_;8_T{*0N@KkNhLqoHI9GS=sRQ1kUFv#fSRD=(I`D%44
zq7<h`@@^+D{wo&YYa~6E*p@38{S8v_f^hoZVV~`T_`~Eo)&i?6^#^sOk128z13^tt
zUwBAYeF2`v6WQT3@N?_NL^Aw4PtY&o{b(|+f13QGh&1>|&a{*9kB@34^_2W$-J6;9
z{R{lVE6njU`uZ-~J30SQhtPVkZKxQ?`^PbmEcD7s*oPcbadDoso$yG)KK_St%8&AO
z9$cXT?@#E>ZvMIAVu1sy+xU_|DvJKm124Ei4na7L*PNn<e$2TA&HqaZf*tlsclcgg
z)eTxu%<JTMUMB%>^))q>Hh-s=Fbt$uEzp8u2Xuy~L)y*t&+}#B#qgiMLA=Z03BRYN
z9E9dCd0)c&kHc4qlryOe8K+Iz6xnMJ&oYIiqCId=o3bvy8U6YK)jfZcolv%M*_KUn
zz`4tl`SHnQ&;d9E%Yf0m(221ZBf7PQA-vJ@v!XN=%QNIYD2L5Rt)alodQq~zLR^t`
z%^;;VeJpPsHIGWpyF8mi&>G${(-{U{Qasm$rzv@#6xq<n=2~R715q8GpW-M<nQQWt
zW0Y!gMBDPibuGS4rM`9WsH9BZ!WD%uADGN3#C0cA(8HlUAFU}6$=x(G3&nL})^>3h
z61@~Cpsh96e+%5W_y+IQh?qfnUhhodi-Yn-nW;9R;ZbaMPyq~D*epZ!h?&JTs3&t*
zLW;~?e{1dvd6z*4#s31HaDmG>;40haHr|S@K1T@hsL3wCG9T(({AuXfi29?y@*f#6
z-|f7mFyylB=-Rt7Pi8Fc1ad3$)#D_2EL4wU<gurE94?Q&)uX5pD+|<PKY8q>9`ksV
zZn)VgSc+eWTMh#a`08>?``8d4Ne50lIi~@Ae)#?t-^Nm3G-F=C(#_mahPVLs8w*+s
z4jG#k?-STBKAQDTR+hKoBnT{wG#cIC)Ast}rmP_=zLXxvwx7jRDc%a%7J}7uyoQbg
zx>|r6_ps&d_$N<UYRv~L>?ias^!zAyWJ0~liJX{Q_4z`-jD6T~+;I65fakaTmk18Y
z|9{JPPNrr4zHnUr2J2lSJxIBo{8#J26V_|bwq)`{lfSMc4gPw8<7E7`w@N)FfBlbc
z_5BO{wMmSZr{S+(p_QJ5zZx8t>m$ql`I^`T9*>T-l{Uxyn4eW7z%MbE-RlfHk6~WK
z-)bC7!gGA<@bo<l>#Dng2Du&Wm@=;6#ZZfJY3wj>JM=czc7Znr1G;8dwz1XsYN_vw
z1zwIsFG2-t<Ydq0`VG+8*s(&3FG5!<p|fXK+TuNFn0}aMEUk7Uu``X@H`45m_0Lpa
z)g{9`ePz)gr~lyhuf<=4S-XX6Kckp^Zs%BV$w(y5mh#pL!yVGNA=54KFhi7bEbCvw
zz`D3gh2`z5p6$M)!@OIO=T&3<T^DG<S3o}UvbkBh{*tN73dagH99iHkbu4q0<iH-z
z)K<09b2L6JSPi`=&-bVne#_VLk+Aur1=><k7R$TTV<Bbb5cj9y{%b|;g!_l9uJSjv
zh|gx<th!5G1YNu+J!IfiSmKMe_>L6JKSSxMIE@^L&r(gY{-?O+m)LlYWrZcGy`FXd
z9Un`ADc|7o3ocBlCAp%ONYJjh2YEGjYLoqvVThMkvg3l^=D|(ZW~H9|eN1n)-!xMM
z8^9~$c0$y-C6&B$rW2s_A1kc;=xtgchvs}o@6v*DKjV~T*IbaT7Vp<+K^d+j<fw#m
zw4j_ue1U1sdbTP)hD;z4e}q?tmLsROUafx+=*}-k-dOPUd{=39GWJt)r6UDzS@649
zsu*@0{HXB^CX1y2>v+-if#C-UO^WswxCJ&ouw3pmeKljb_bwij&dNdc93bSxMpa2A
z{@#sFjxKWEWHkER1Ul~|++Zlzkk^a5kK8*jW7OUPbHtMpHNeoWEs@xk3VveZaCm2?
zLFV>ON`E-ZTP`o0Tcg-H-XSkAeOb>A3whrVtQOH8+%KTBy^3yV?2i9I!SP70w&cgE
z0SjyI@l5j_xnBz|CUMF#7n8GhkMGEAuSZ^T)XSCL+vLTrUas+eOI~u-%Q;^63qAPo
z+4B=i(;rXqUY`E=YVSqqk7s$$&HT8?{CGutI*Nv@_rz8(Y$a%~R>*VV^uC2}WQl1m
zp<$e?crCR`#*o)d!Ifn>R_%CtZl%7H^W*bhJ&_-mk_JCM1GW1^`|ekjr`312Y|5-J
zWj`Zs3ULkJaD~nj%Us}WK?!vaf%zDoO8k-97Im=N+4Kq!kN^(glgpUXoG4fNr%7|$
zsoxcv18I6B+Ma0~!hasp>~dF*9isU+%8bIE#ss?-yvkj*q2B#Qbvv93RlfpVj=_BN
zGG~-tsG6t+gM8!;^&jHKK0nP_v6CZ`SmHNb8MaU0qzn=72wrGw&)jjrK7WXl5O8Yt
zT_(cZJqO*KsgYxsT{-hg64T2G`+vxK?VT8pznS?me*`Cgyu*q1!GRow?h=Z);&ttj
zOBgn@+uLQH0h>vm<N#Q=_}l3@we0)PVNgGvJo_v9d|IAed$lVxP&s^F$`o)OG~C;>
zCzs<=kxW~;f;Z;_DC?5@Cpzd!Q>~nQfQz=&W8Owy;9-}C;410WvA){NB6yQ;ovq=9
z-XCH+u=$SW%+IB0-OgomK3wMhsAk!mgEh-$e;nB2El&K=<hRO5{&xAsat<G%xcry4
z=I!Xa{j@b3QHKjSpenCDYPB_=I0|+<3N~{+UNl}*Ykca6Ch~np?cPCC8Vd8KHQbPA
zo7UjT%f_^xqi&W=$(Qgfn-uXKMgJCi=G<ELX$#dC6vmvsj&5p8`jdt1*sQGmJWp#F
zdnQ(KTl@<cy_?~R=A<m(YEzlc2LuqOpr<WOnfPz&H!Y+=Pg5&SMo%MD>M8Y`CEe;v
z(UaJtU7<;enA+%!Q-yDRU!KC#6)j<+{bv?z5Y0eh4pdXbGNo3YXI(D>kqm-J1}Y-?
z=n|7iY6iDKAX^fBOnSSW_IY2&;q^ff%!?4rDuNTNa)x?1jfk^s`@9+#N7!8z%|yv0
zjOZTy@LReKw^lb17sj4dzA*(aP~1bH&a0r8KF~|6=O9;*p23MA@4&>Y@-0xDJoil0
zxUdBiAi7GoZAAoiDTc_2cJV?TkERZ1>&KwfiQ%ZD;}wpoM@lhDc4L8D%$q@7vX9xy
zN%T+jV1ymrPn@>T6KgH{sbmA;boBEP>UN5LPP7;7d*#IWZX=EP-pZFJ^3Ru5>M7^@
z(Qftq3;OJ3U(^4;X7)dYKf;fV*>7-JtwV(zz?0y^i+X1{R%cZsCf5!Ik@(l2sH@G1
zfhN8B)~^+Y>-*v??U7D0-Qh*}BKJ_XgNsDf(bn8B7MHa~%^xM(_r)bzphZ1YYJnym
zrfX|185?+e0Y|bzHA|{$21h`wQOX@pnR{5C9o>+7Vjn^SuA*y1NfoAlM{VGv1%yh9
zrK<3ZOx&fu=iE%}g_BoMl&Zj6?eKk7Isbep{uNy<nzDYB#Ww$Mqjed&kkCtb>h7v4
zZD}qn0U1mQ&YE_@5?0zo4r{?FFi`g62(4SsMYdlhX7WcYPiWT{k|p9Boo!@XWF4@R
zXdqQaRJ7wS&Sp`6sD{Y+(;LPrtG-E}#1Ap+TMaBrs#FK&7g&wg?E!RWn4q()W`J*8
zVrUX}Yu1Bx>6r@+IHxQLHE$o^7nPm@nUdiBj7NBcV^yhM*+cU`z`IOcm5qz4&pfVv
zEhzCS6J^OZzIA*X&ks+wp#`~wtc!NErNelTE4{mcS6gxp$?=|2NZ=QU085dGrx0(-
zALB%Nt6O&>z1>F|^!6@`nG@;lHI;fwdON>ceg6WzEqwd*{NiQWOYw_t^aj6{)6=C8
z9hwat&PKb}!xR6DRhF#ZX0u#`+{Uqq%xnC5lEn_s{RpN!uJ|fM5y*f~n<O(lQOaok
zV*a`-zS8{Sdgctzu_0zJR^Fd!ZDH<mS4Ee$WQLRwK@h$Pp53MSCH6O58*->A>9X&t
zI%|HLAlxnX#oQ{~)kc~6*HP-LF7h_V@1ShDMm;<|8$)9KO35DV{UeLnD%%L}ujMy;
zg!iW~RrYkgN-VPMt$0RhOE$p=P*2CIGu^T>4NYRljjphnu)h8-vm0T3mpHS&#flGa
z#UJXnBVBtbQQt^QB^P<u#>Ke4T=w@|6-QM2C1(32R{JGp`|D*-iP72}D{bX0kvAr;
zO?Q8}N<s0l4&RqYu!aWY-pcp~0uv<92_>jb3dy#8T)Yb%&!~EnRjdT?o(1tgsLz|a
zo?#kkHJuAIC~#f;5v%@_6rg_3WpRlTngkzFI+EkaUTI^IpX`;i#_>{$n*6yYf1?)c
z&8q|;dSo+_62}y8ok?uxOR<dIQCSZgN7<}%+ukQy_nM0sQta8aptfv2z08}dtj!g^
zoplCywV2ApoPYzwcX=eOE*ig!r*xHbm#b#4BaxjUS6RZUcm!36f9bVm-JUY)C1P^6
z)Gf2OQR*Fme&MSsoaB8eQI*mc)M|&r-)85ej(%1hgVTMhH&nm8ORUo$=z#yjN(okM
z(F(*wVD<Vwz_lkVc`U=e>{(npB-}`T%W>R?&&=|5Es1w-gg<?g;e6fySyq`J{0n7|
zuWJS0yvhIj>GRk9zuhYH<iAk%__`z#&MDS^FQ3RyOG$&roWZi`M1K0!rILC|e!AtK
zne_?(W5sbEUTYFDw99juP+>A&#71#I5w)-wy0`bT;zigcUIex+?->bPy^qLK0be<M
zl`0klE-OZ}TLMW(KrK1AtYSg*a>^EHBS}PQ$iX^+VH-_Ew$xZ?xQ*A1%{674-Q4_e
zcpI0QyUU1N_(6_mn0|P-9GTj~{s4WLjKTO!C{LD^#DCZ=@gMd$%XT{b$8zeN)I11|
zO#Fw9uCi9zI9rT#<(v)>{}PTEjVJ!YB#Hkpp7;-wB>uyA;y+A67?zB0C}AI}i9O3B
zUT*D~K$wTRo{1vZ15autp95+_;Vd#Fq6q_2Asx0TzarKuPXE3(XLw4R+?XCcNJxi9
zn{n8`pO6ln64D`(cz9;Gg!^OH6LaAMLOSf`R8t1QS7#A#A!j*J8*)|<n!%nU@fmW8
zBypuAMkH!OPN_;AC8;fv+NM&gRq8BBZ6{uXd|H!pvr43~n2)}w01sWBVJ_QtAVhqJ
zJ;1Z5CSL`3$k+N-6W{@Np9ldSnk2wOixxNxeQ_YA*fY*$w3q`Vz(ZAEXSfOow-Dc<
zMAHob&IuGNz5^$k$MKcAQ%Q=(FXSzAJqFf3@y6-p^OGYo<nxL8MZXs_@z>h_BaNE<
ze0d^0+^teiNe}BVMVa`a)*Ghx<~aP6x=)Y7pTZu#BN8v-NGe`Llb3iAox0$~ob@P6
z=0iq(;odiY&3H$ge!S;*>z_H^Qqmaj87Cd@SF96HNB^rc$BUOLevjhHHn|*SFB2iN
zp!vcq8E}yd7;7V!s}mq2mbegVCkZQJ)M<-Km=rhxY4TKnu{fWPyl03B^eq(&Vm$qs
zAOLdWLaA0WiXO4OyKI{qboQM4iQ8oh1YRhpgz_^VH-HPgyAuCQ_bBQA`|8%y<Ifz%
zpVIH}fWRrQ;!ypN@(6>>2!JZ_Kl*FFeG%VLA4gWi>+awjj#)O(S-;%;C-^`Fi1|IM
z8zw0;-<<UlSE49uUS4?w9c<2eqf<<^wye6*(OAF2_J$rtXEatgWOAXeVVX^zdzjDJ
z)xQ0caY*o0H!R9oX;<I!CBEZz!}y@E&HU0TZObT~y)s9YrmDh7LywFc+sbT}lLnCV
z7Y;tu?Bx7&jn1KR7D;U<dhkAZc>aayk?8)TIdw&In|ge_wsBha%T_c0KaI<rZ!AK6
zv{iY}5b$|Hp|&Opm2Ff%Y)I~HTYN-hj5p7*GMkt=BPFeU@sTzwjmSTVv$?NeVmk@i
z<Li_y&#{^*!}Xyi`b-yU_+Ombnijp{lli}8*Ejp2^FaC*g`$EV_REJvs(juC;pLR^
zepF*bRpSbO1>VTc9;-nLmenouOI&5^JZH}cm*la0JfoJq*a6~Cifg8}CWq+Ya$up0
z-x{Me-S>RQGuZ@TNsLpe$=;Jn2%@(WgH&qg;v+HyLT9Zv$MAwRhK;qHZw@|89>dtk
zrCxRO9C)`pREEddju%lWGjvMEQ+S4NZ^U=R=ba@nf1MRuy@}eu#zj*cVW&-jWorzx
z-o~22EzjEKE;rU=-(&llxGzP(BG2D8xnMgsL~Yg1idP@n3#2wWZOx31Az9<(sXIQZ
z_0=`RW;rHw1C!`bN1wSViJK0MFBW(8E@l2oOdE%a5cqu=Xp?=2WW;4;%GQc5{K8m|
zs0xwTd*9Dxy8_?s2pp!f{zl9aS3Lq#^DpSx<+(w7KI^F*kCWR9@JR7qobJwYN2ux-
zu|F6XFbw-Iki!4~{Xu-e12jXcl7G12xO_t7r2;-PAs41AROPRuK2CQ;x_{=`s4`y+
za&qH&de)ikX;uB%qtYLxG#{PAw~4g<P4Fqb9$ow)UI2^}m)6`R=fKkC&Ppz=F<us*
zP*><uxz?&IIExp(DR?tKGKRGg{=~BW4vXa2V6MFB#*?a$@uWCh=!Pom4B3b16SM5%
zqQf5|ha<!u%-5Ty$^nwB*c4R*y32YZV5kq(Y4_ialD3V%%6WIpP8sS8^3j#^ay98r
ztn`XLxM8f0RpT~S88K8OJ_?5VOSM%MW~g-|D20{h#(I{=e$M!;@pn;j6D40PmX3#?
zyN@EVf1rO$baLh!U8=bLCwP#Xb!ashG{fQtBH_YbF6AL{M{0fIG#2G^Pm?*I`=1r0
z=^+tdT*h+>5+M^Hp$B7n&V!w_CJwo-&~rudV|)^u#V0OXJsT8{=aZxYaaTSrt!V)%
z6AC;o{lj8ur~;mm6Gb}AztD&--YcAU@e%Rl@SKS&rnXdqo;3ue3AHDj7`S|HlX`^#
z2k#;I<re@0TPLb>gd|`>!qN=Od?Hie$k(YYk*U{1<_w}eFFA{MSLo$g^23dbWnbvg
zFLLzEoBnpQ3b*MmCNH?d%&IMY7YMt`I^|AEF0o@Xd#nT*;KI&B`U|tof8u+iYg4hu
z5)WmGOos9Dcxjwq1xugddqK>wT|B9oC$6*$uN3&cqK8y5yucFQFrpJhIBHAofe}UH
z{d^nS8^QtrBN~kt`u0xtZS*yS<zf^`=#fkiSSYa>yq71%@8Tc8IWf6#68hV&@Q_{7
zDwm4UfqBFQeTB{irE^Z>p<T>)%`S7w7pX4Q?4pDAU4l^Dr^ixL3;b3(9eP|oafK8v
zD|{scM$BorhQI@hrnQR>J)|A{iAihDFnRtB<Zs5F=w+YmIRUzE;*iVuoq98Z*Gr=D
zxR4{)88S73lUm?c(t1cyPnu}BD>ep!#bWE926phGgDU!zpR)0r!1?294XH6&^lMdS
zb>C`7qVnnSA$&Sf=@w1_^TxI`&{HrLpqnrjXvddGYi9RUh?>2uMkRF5@BhXj<u`bd
z>Dd@DD>A>68eYJtoE4wJ#|nN%r@yUjVuUnrE&@5BNkaR?Hc2?!u`;Lp?M%ui*2B2?
zMgqP{sicTrZ%XIYAee~gNcRu4;7=)!q}wjn%q;mnFG^^aA&T17)?^yEYX8fAmXhDM
z2(y>P;zx24=m*!xcVRt4;x!L$s$P{Hp4LT7RS|g+m#vdJAIi=0@1I<-r&?Rph*xe!
z^F!~D3b`xR1;^5YGpH+`!=KEaT8uFM$x#8TNu4HHBTR(w;9}mX;EqYom9ceyg<pqE
zULImiO^g)1$Y~S~(Zwu}WLkwCPSqnKGWZvg;)0g$io>3(We>Jf?9+PAeMK-yF3N25
zehQ&dqckvYyxfjutdIRuS`q8f7CzODobFx29hs1f+!a}zsItCP@17KsmuhTy785V!
zx}w-<v(M6kGv_8kYc&<i*KEv|4C&Tik0VJXoV?61;V)0)|6c_E_jtKqQVml47r?)l
zg_vUJlZgm?xW6d^iLvOdl#3V^ZxH#I;d(Bc(J3Ht@!BRmtZIw>=1+*(+!)L#OY0S@
zp}vGYk(~ep9IRJG#PCsw01zUMz4A*MM5nlv&${80lF!Ne(4PLYl#;M4v9SWq(71{H
zq=y6k)|VeX-#`KDKD3|nDCD&3kC`<p{Z^g7;goL9Grh86eQA-QR-Hi&r??MIHzvOM
zrj})l`@<U=tDF=1$LG(HKc}m0xvD>{PxwF7x$Mu$-CV|(>PF1GrrMQCLu{)32LouT
zjW7=RU7ZE@XslfYvS3RU<}GG#9rO3vW=be{3abx`p_>b40l|0P&B3##WQg0iWQg25
z!@ks>n2U?#<o9NV<qlmkgbO7was<S&Mi1xqp_{sYJP9kM*>LWgTeU3zc)Rw)6}&q-
zYIU2pC$?c-tl<f}J9PK;98IcusTV#+g7R@R!FFm6Mi$j^EtyffTv;sHVtPct$WGL^
znIC7Ua7c$ks$zwwi#aP{*F#RJ>d1?|q<e&CrKaD@H{o#ush+IY$yzHs=!IeY;U-E~
z$h|!F3xtr2r@tzjJ6X!g&5TX8E#f+B0w>5E9|xS8eJ26VrTb0bOr?ApIKhhmj$*<6
zcpyL*G2Oi@%$hG&H8)A*xg^*R?3J2t7?STc9vYG_fFB?o+=_3o{O*5B>L$k_ckOC{
zHS`idKL(&p$V-GR6285~g8Y-bJ36MDkZ%I=O$zc43%EuA6BF`BfY&@a1LW`JrUAAY
zS>klXG?LO_cMZuu1>E0z!GilS>KQ2?g~$C;(!v9-<Hv;i<@7||0D34k6!{{fd6Lm!
z4$h1#Wm-dqkm2OU9rR9gG@a_crK(%_M6Br#xe}pI#m4W7z5IL5zjGpN+;93QQayto
z>G@eyp!JH2S`h!GYPhkZ_6eJ}N8oMmG(xO|7CsgGIW_SL?*rVad$|F*>6#+Q?_|}&
z*8qXU$9WK%kN-}w0cqwjsyN|u&npQ%QJA<0RzaCWexg)8eH^>!q@{n7IGg+vYS97@
z!ny=XZ@p*EeS)zb->Cri@u))2T7?=ZB%Q3Glh%2icq76r!+z!euv8CC76w@+(Z>xr
zwmiEtInuDVU7e)F_!E1L_>as_sj`Eq-%RdQW1Y`d^*s!(etm@xolv1=n8~ou=%Hyv
zx-q>-E9#;3%~O1>hi>WoTHonJdz?O8=0q#%sr9{*m|;_-_;9UnHn$`zHBs)_G^UT@
zYH9@UbY$gKl(?>1V#IQ@_;pCmS%d+QOdDZv^D%jcDa9Ag5JWazcZRCv!&$VA$|yWJ
zxt<hx@&9}O((+;PhjNmZn|RHOv&C^GScHNH1A5B$KoMhgukiGRcjmK)UU_AycYxZ4
za}tpj6FCW5V4HAuV@?AYvOIAv^4<Le9Jk2K)<a~3W-r$QPpe|&h04_$ww85l?Mk>P
z+whZF;0FNY<FdBB4|L^6l<B5gpXBN&7l`#X;lyG0N>?~6nXx)t^3ceoyi%dX9SYGd
zc^PYC!MWVnmfylgh}a`<=VoFkse@wwkX(FZf^UQ9p@l19?joL`Y5DfY<oc9a0yq7s
z3?r<Tys>BQJJ!_^6z2mDi?XzkCq49BzH~tD8MQrqjCYVLPc8nqXS5?IgTV1gB3ST+
z8dB)Fc6pO8UdO|``xo)QkeBW-`^8YMogTRj77ko~D?9h@&`7R^9wm1*pP@HJNa<>K
zYS9{z4iV3}j*e+XHV^z`QE6=BZ%~9@N>{jCYyt$6>zYNt|NXJ?WShl*lHleL_liav
zN~o8hnDa%B7VF`KE8)<w--9D~-!)79HzP4dp}3iY;VxV5u~jr#yHYovi^<rGunf@^
zR=}c;h+KTH8z#hzU=|(5mCpz&(8>MG;j1_<)5=v{gIf~UIU0LpIU1*p%8GwepkL8k
zSHqD+y<ii!Gn9Hpmv7Mz6YI1kAvgK1@GSsq1qTg1-)nEIE>itZS8+F0ly5nF2sb*z
z-l+PShvqAt$5H_Ps17#;<wtNp><M~E^`Gc=MPQZ;MPWziIhk>%F%J%-#z26=QqyeU
zFs>agu&Hr|ZzOkGYDBp*qQNqTl8iC*OpT$3**8$W$>J?|?=p5<lD|k)lTtl&UhKDE
zhKVc6ZlYoY$yK(-?gY}#gnN1z@)`Smk4xucw_Be^_vHw3<}(^~39dK7dFf>RQ%_qz
z)0`rb4$nEv=jvGBlU6IYO)TCZY$ii(7xi%+VbSFGMeFxj>-SIUSG05?ZIcEY|4TFm
zleS?2;<O*09f{o}$;iJ4l=j{fyVt7XHhweClV$QdSwFap;3%ouc)W-o_Wu<cAW!<{
zHBB!yS<Z7}C}8GF(e`{yr52dc7vv*|d$<-^p%#Nk2ze}~B#|bYVU{h4iZpGh^|2nx
zcN&C-K-OT#^H&$+O+<wvMpV6UNOs*0B9%ZQ>6LFmF-*9F1b=n^F7L2dvkWd2Rz0qC
z<ZIz=<b@nXhNHjl0V%sleO&7c-B-lwN~Ek7s1-_KkE%76vhK{*2h+u)dKn=iTl5#k
zSpOt7dLUaLyh*o_BX^D1iA1HZ)~tW};HbXZX8pr-MDh4|{J?GV&sa@=yI3_F?T*0_
z8Hp$|7_GQ~Y);Gk{_6QyU7>-#aQLvpXkmTMP2w{`b{H`bUBO&%Yqh9Ofya2}97lbr
zcvvL9o06v$^+j4>BUr14&Y_^^Uar%S3xqu%U>mDr$r05Hj?kl0k0wM!)T|a)Ma0vZ
zm?mwSFB_PZB>kxR9!S?WC|%#+PWf_w<^)#Lzn29`V*fZt5N5sV_XPEMt<Se$6e8i9
zg)#~z)4yOiuNM|%Wpzv~E!G0nlHq@_h{SO`3X&o6_`ibx%grD{GoMtNqWL|mcvw()
z;qurpuu$Fc!ez;!g$PY>K8NeUxmEtfU#~F#>4*2J>uEyvxAZ%=%+<?Uxv9p0b2K;A
zGz(3u7W>vTWBc?pgQ%WnxPzy;l*w7Gcd?3{v)cOrFHgYXSC~scX|<h*@XAWa6;*Y^
z^-yK(v0n%VTIKxf(R_H$ESEi>{bd4T2d?cYL+;Ghg0p#AJ(o_zr}LDCscM{gT#9)H
z@qPD7r;RH?z|!=v_OemH&Gt_?qaXK}8M1de?|gkO;?7yNnaj3T>7l|F74f>R2Y_}6
zpl|2N75WY#bKlbf-{wUR-4E9d3kh>qyfSl6Kct6UEp$CxDyapCrUg7moYhB;$tU5l
zEu<+46t+XDY?m9s;S>=Yc*raqE-_eeyd!Gjg%*EthFtGJavLQmjA>Q~Jttqqwh~D;
z(I0=PZmA;_ty)Q@;ZVYvUJJQ$g~B^@Pv>LSlFqWPoc^!!y#z<8#&(2M(*kl4u^OXz
zGIAc|9U1&N@~Qu!ccg&Evu-SGU_w{JPSp4@vfy!1g3mE2GIoC!EJzuN7~m`tnp8h5
zgwexF^+KuDo2u!owD^(dT8<+rD>G4kqcJ@59|xgv0*ZxxCiu&-_TcT*#Lvz06Si;X
z@jf2;cu_yrI5@~PaNsa@i1KdR$EXXcya;N9wq6EjTBk>k<|s^-TRwu~65Qg-@vd}L
ze4+(^n<G;MWfYz(191z^t|XUXDqxzHws??YX<QTgm>k>}Ew1IKvXs+;Z?M9*01?W^
zGGOF$L`r+)WivTndLIIrZbto2O|}*s2*t<Ch3tWDZ20ezqIZp0m|rvnD7L#smkC&x
zQH?qk0aT?^!u?+nD6&Y+*UQ)GYwj2^K9PT5&y#S{Z6>?DRMN{gbxXi6`svNiCJ<9p
zkSp?Cp<CGyQ0slT`x{bWcsfvO^4=kk8@$OG8aqS}joqef_n3A#(B<PVW4%lz{aQWW
zn6D4!V%x1+P~y(HDy9{AcPq=omnd|xS^u3JS6Zcj3!xjt-w}n+*o<4y{9bS&i`8yZ
zJ4&IFcHzuZEP1EcG`<wVrWJ=qRXeIwwE;;E4gdC@;i{Ng<ZVg#Og=3v{Uc|nW=Jul
zXIqf>sjgkbSxFgO>j8h8O)qFsNuO%hM?{LX9uO0<Bs0GYiX`u?PqE><hLn2yC(e=g
z7Rqk1(mVy9YTs<tMy{K8H(YYEX}IM`NF5fy>%`$T_!i5LPqiDP#Odf6>8TBG{!}X(
za1hS-sdmFAs=K6BC&-5BJd29Jgh^sMRjMtMigte5MTb5h2d`wR*jj+!C>i{swZno8
zhRY;n@S3y?ZZ~D{CrSp(-DJq%ZJ9E-v6~F0_(5dwG28sv3J(TH&6%)^M(({w;0QYQ
za2p<eW!EqCc(tO>{$NoLCB(S>7v!kUrxI<cvI!x0^}(I-Ho=sNBX#G9v?*Z2C|0Tk
z)X}Weytihw=6Tdqag=8(4z!_{g@cKBIEkcc)$iOiS26O!Rk~5tj5x|y%2y2n3b9p6
z+br8H79@!wwcVy0*C4n2wX1F15yd4f-w@QAkRkksCs8XgM0$zj&+Mb7I9&XF2-w25
zXj_gmM^-+goPKc5CKe*$n<k$Zd;2C#B60cCouBC8TxTR{N)yT^p=hm`(rnrf#jkDc
z1pc^<4YAK2msMJu0`@ORa~d18qTIuO=#_=z)kQq+GapNNY%(9QXypDyJ!UyxsF2E-
zBw85PN+PDRMf|*QiK;6S%RV4r-XHrO?Ie0S)O`-W>=gcmc>kA#tMkq#Q?NFQm}R3D
z;rb9TmqoH}Jk(qq``KgIisWL+?sbalp!hboesfBSD`~p1Zn;;m6)#qO@zMXGv)Yn8
z)vX1cu^H6IG_L53e<rbVl{6_07w)1I>0B999__{<H><i2z#*f0xycjRi;Et-)LFjS
zr9BO{)i%3Ax95wDx*yHF%NcxynEpnSdoVhvyIBtv%m@`8K|Xtn60_8PNyRr&D1WEc
zuLUBvCt&;`KIA8!_w~W+*uD1bN?hnR4!bK3*7X95IRbO|a}*M33CTchouYjNCo(g!
zLBC2e%;N;X2Hm(G32+~K>oPP5O}?%^p0`Ey*0^F~&BCu>Ki5aFag(SH%D~*38Q6k;
zpE|XR@J_51mZX<*FlT6ry`@q;eJutzAG`3exO9)IT(-Dkb*K`sI%jw`tj-yH^JJ_p
z=ZXIvs{<tv+IwPOpd`3LcjjBr*MiS7UgzM(xJ02+&{HZo;ox5r`KiD^jNUOd0?5Gg
zl8PP9g#f^xJXW_Ap6@C+AQHp7wtS1@@aL@U*Q_2RU^Hq`2R`*wrfE|2)6ae+ShXHW
zzMJ?vqEE0YxY+#!))0Rb1{TlJ52GBz91Ze93zw@U(yys7_5z>Af5Ovo^S#Z)9vf>F
zgj>W@pqO0Yki>t`S6HjCj_<&oP^H4cS!Wo9?TRT<mY}26fWr+kzUF1Y-<&vK#sx`5
zT?KKqR$;*pT8Ysj&l;f)M^bI(*jz@b!k6S?u|~8JIqDc%0HTZ1+-$CwI50vRP2O2A
z(1WfT+mRaM-NCO?ON#(ERJcR%zBqAL8d`Ig*HnB5{9kZLfUfZW3KReLDg4(fc7p$v
zF5_Ky#s2vyZv1{(*OS{~rJIM1t<n!!yoL(5D>C>lGnuZQ_1#+0h+>}QYFSfb+zb`m
zoIwSAY*E2L_`bsW%<y8^ADFr%Q6x*4ba6z{g(>u*i>?JjwClDAX$Wm1>xDFiCnjh1
z2K%#=N$LWra-Or2#KKg*6Yr$U$@L*z(9{l`N;_~W?ZA0*?Vts2_P@~%AQ`0pp4jc*
z|B6|B5F9b*@4D6I{B=48Z%EuDs3FT(iCP!@E7W05*()C>r%Vg{Bt<iALNlEf%_uF)
zq#0Jei8V5ZgJc5FPEMf1=oXCt_?Q!#51#K8NfmUdW|YGVVfD}<T*l}bM*qD@wPBpf
z7yP~w+<QHR-<=kIn`?1}-!cdjzv+#I-z|EMEq;(2ZDh@N!ftM(qu92#R1m242kg$U
zVD5{Zy{TGoik|kq?ejtr6Rgbg+0gmvXS{_5^phW>DW>yD0(DMViDJL`zHIME`nSf4
zovF4ZcK=V4+&WXe{Xo>)bCi196dOs|#6T%6cGh2nVGhe_I=)oe7e_41zKn#t9_JWY
z!^GxMDlsEb6W=0SjY25Y#8%HaX=|cPC*TB4vGrrjZb?I9q@kZ%pX>gG4OyNN(MMuu
zOWl1Fy%MZfYg^(Al0}k>aj^>=XA=-6h{<VpTsEVWf#A+{bLDc|vL?J}wyJeP*uK^k
zzNGP#CI$JTEb0nZ8P4eb99K@&Rt}eV3lg<*p5!YcDTfv+Eupv5SXdnM0&1z2J=@_j
zt!3@{#CC2c^U|0HHQ2v_{(PRmP3W|yh7s2Kp)xjv3R8toV{h<q5khCSw@BF;61m+(
z#Q4<ur!w|N=zlLCJiTI1@);Y)f()=+XUJP5_N%0Q^a6<RRQ6ZOW;vT`nE<AM4+cSH
z$p2aSv5$Uies#R*bzw{F9|pYyG5%C;+C_iEuem>$wqN=`9FMuu6}rq7nv0y@@8&Wu
zW8rGgci>j}Ty~1y-)R{Oz9}fJ7z;=`NNB07HX_^B(ka-d=QfEIC!S**(OCK}rDePF
zrDejnBeH^baVHV~MQFApCQ<=AU9~bS%PJsNM)j3hi)9%Id<l+<WneJFiT{WKZ0>Li
z+{(oHPNUe#kpZbQ&7|?o%Xe3NpalYaM*u64Mq*#tuhc<8pq8b}ivISJuu5aMaX9+%
zpkRltIoIi-{zv5twqU+DTy)oW^iW-?w(2r}<2LVG%0q}{iNDLnDZb|AnBF}hJZ&hs
z5&a-EtJF8)A}=>K6Hsoc_@3$E>qh~?YRoA@Zm!V67PoleO_IEjH{vX7N4s}Mzs!-_
zsqwOt4)Jdg@hP>XhK!<&o891pM{=CeE+VirxwI*rsj1Mo4b`PhJt|H;0UvY0_Uco>
zWQDWhEp6#Fd_N;x^%dz^v5|lfQxFRH3R-?@rg6jj%v@wqU*OB_0i4K={aPW-?ipdb
z`UGdUE5kMK1LL~^x;b}(fPKX69&eyc4N@bX4R^1`qOdZ)2tk62U9#qff1h{`RE>xV
z;WTPlzSKgx?xN$c2Tl4oY*0{kD3hjOkykadfhzdCmX(WrJHOcHx}@)Na}ln+vG*zE
zwteX~Zl%9C#cdd$u|sft3#PfWgil06kfj3HMBQ{xbrE*SBEHM>9Q4o}+qV?b{SyYG
zNbIM02`36;pPh|4E;sfOKOz?J5m^Xnc6lyfysLF%L4Klt%00-e36@JuPf(M{?15Ax
z_$T|jne=$QoRth=S25-+#}(6akHld!-r(C6y8nxOwy;9A%TaogWcjcdnvNq&*-MGY
zjEfoNPI$L7dMroGc1yo4W;<FRLN6dorWq3hI<O&qu8kyak(ue6$A-5eO1>9IpTI#H
z;nbXjgp79KS0#)1iCSP7$+BX6BnWBdQZ=NRDD6&P;QLc-=;gaA7cSQVKgOPhL&{T5
z38Vj@XrG?l3a?DA+>+=oUYvu15vS(d;|^85E+wkmq4~qnr*WrsYSZ5o+JrMbTq-vx
zCjcWBijCzF3V7CO|0QQCY!SSC6VECBkJAkX{8zPrA9%Pz^=3r}oCH;)BI%vSrHAUN
zY=7*RR3_!oxyPsJa6u)3k09X(tI4cIRlb8kAWkCAitY6i-Lm3WOlWny2x6lf=}+eg
ztu=Sk2c<=o_^!+kMn~vhE~x^pI_I?&(f>#qDEm}5b_mhKQ;D9r9?#nCsfiY%$3C=^
z2@<T*0wuzo4Y7&h*n>T8=`GZOs}^pxy95(rqnRT&j)MY@5M{8Rg5u3CV{E6efWb%#
z?lXV|fCo>+enx2!jbc&+mpF;@P`KR{#(K_ZDP!S`8zSlOoNcj#mjWgLVF^k7*Qr(o
zTA)+BLt(!ep`6tGtQB5o95uE@4-N`$f&WHX3mg(=3je(yuG%5|_bT{rKmR)Tud-lZ
zoWabb_%9(Tw7}2ByXO=<SmH<$4mHVx-%>o-3%az|qpYVVPtLT$r<e~$yj}@1iC5E|
z9cKe(%uVQ6GGUMv?6?tj+@3iz@aL(YptP}n_Y^2E^K5uq1kIh|_}pT$<j>W#{M@e$
zA_#LY%Aorx-59%F<^yAyXom~Y?`dsatN_R|A*#%baQ}8@Vte<QU;|v1zsqs7MLQGb
zJc7EJiTFa2L}sd))_y24^Wr1<BPY#NYY#t~_%oHSqyrJy_zGE$x(&Ab#gW-!)@hz1
z4h>?^62TuA%Q2h*wjm!P(d~FJVJwuvIn-ReB-U)<IV+b)cW@q572Aivd^+U?&F^ht
z;|P?4a{l)`>9%dR*c$T_^G{l{$-Hl(LW_B0cS{hL_|wyrE>D+Mte%cCI&+8sTE@hx
z9OWnW`C{e-Lz{oY^%(*L=D#xb3m?q?JoWe^c|0TbVSl+FAojle<i>XMV~K+*d>Fet
z7g7-(<&2~_(IdlSG_$=R?FoQ#s4?YldG#!(aqK0~jRndvn>dzE!#v;U?aL^+6czKv
z7xT_lH>pE=v9WxL5VA6~rQ*Ay`OgB=oN_H;koeT*+IT?bdRQgNVi=?Ljnhg^OEnAM
z-qS@m4QCB}Ln~!2S(j<1j!H^I8!7xJDvMfe$&<7u8cJ(i&oE4L+xZdMM0_!2mB!v5
zJ;=^*t3G&}Zo?LL2;&8Y=|lR9>CNFy`U@GG!&n02<7IESN>uZ@0T}bUbnWG4|Dnkp
zJ4~zl);5bfO7MU(Ax$n5WQ|}Rv5jA>(61@h_hCR}vQY}wy_GJK;Q(vt$JbshQC49+
z--Rc}jF72ghsP?K#l<1HL!*br-~ufL@mRPzKX#K<vb#18D^RDXoLcQRmr;-J#*8kb
z#k{9Ir+!lTMs-3->XLX5On9n3?WFZ_zD8&&D?UP)zJK4Bgx|^VucjLNW>t^WShHD`
zRkhb_Hl@0mZZ3lTQT8)8;e?COD^~mIxct~Rsqf|7Ht_Z)T%oH`w(#Q>y-W{3SmX}P
z$QP4*cXxoOB(e3D_60zk;0F+mG3m{^4Q3WKXB-cJ^o%z<Q|<uRU?a|GY&_?pZSxD9
z;JkBiG*RZRI8=v$tl3q-Mn$aDL+mV!^3KBq({4@ls*xAR;SLAR26zLo4d7G<aJ7I$
z+jD?7^(+(`yW&4*R8He)GFJ}M=%MLiDO4N(t^&cwQjc3zt*ngA9=w(~v|1H~ypDPt
zVo#!xexif))I;-&^vb#-Pr_+%e<+$+e-;ni|AB)W&i8f<+2a$Bs;-IOK(oi6c-Cd~
zk4hJeXxxk7o4Y*K9}kv5`ZBm(O2(x+f7Lo#J>r>|o?U5wlVxbL+P`15&kIc!B0S+?
z=8M_>Z)lOA`_f|K$11dytO<X7fw?C90l(?mPo|HKr&p!W9!vg(E!vWhz|0@{8P1BO
zuF!4lBR&i=uvQP_(W)Caq31nZjJt_wr6CS>a~(Wq_~W9`$Uz|vOaS7^oJOJ&o8F25
zc*S{mml$&}oH@%ja1h@!5M2x!7L~quAw(-uFmzMC+lHe5a1ml7LF@VPM^zj1>B9UX
z&Mk?;B&$zc3B`nQab9u<xMFL4*;=t5xVW=AP|sJfp&ZIUz^=fjcZF0Rn^yoiIi*77
zqz;xIkt-k^FM~i?F0D2$3ktPSokK|$R3DL^72EZoh_ohEd#r^QcX-I2E5r7WT@?wD
z=-$g|1<BjSSU9qwJ@S||aS}j8+p={IumAw$a72zS97Py6D?uE-3n|5(a$px9vvZIr
zPtTb6@4bs%9`x=Mi<&W&b-{X|%9`OFSLM8X9OL;4o1J%?yW*AlIqV|4${5OtbK!5p
z2dXeA<HE}CE_+`KNNh?xlnC>Ic#_cF#sOUa-Nq|1pN!Rr35REx7!Km!1DoAtZEn;^
z7OAK(iaEQqn)FI_kOYxh`chuTiu4!X6PVqECY8W8xQ<h=|Bt<QkB_Rl`u`J26cC-D
zpm=EsN)@yhP-uyGNrcFZCK@j&wxW0ev5HVKBUDAB$yCPa)bv72+lQxETOVpmjjbSP
z(IA+_d+=7gR1t6II9lT^P%rR(f7U){W<s#7&+~l$`2AjAUy?azpM6<-?X}lld+oK>
z-iX9vjsFDHpPVT<yf#z26-k(g<HThh61n~)(y`lkt|mobiI=y=GGmC9k6BB_d-VsL
zm>KXa37F}VU}b7h1>7)%B6J*2ram!vT5YN$*0|}DSSCu`+{dG9-vRgS#i?yXieTG5
zpnk8>Px!(E-J<vYQbZ-RxZFXpb`E#R5_I9E(NE;;e>fs8c}nNRPhsvgaYHll7B(OU
zl}&uA+)_s=wMD7uJ4mgx)H<bhDs_{kPP5cGO6`ga9I%1Y{W8UofIL|YPQaAoDd{O8
zJd@_5nL&T8DMkn;*V@-hiA|B?|Flt|@C_Bzb(HElih9Zk;IDWLYZImH`m#rZr*+_v
z4K+yl6zso3EDfd=qHl3$VfaJ%O<K3}9zELOxGV9_DVZ;SM386Zs179`oF5Rv%OV6{
zH>|M*L4sz?*c-4Ih~<CQWLn9dQI<GJ1-UtuqDB^R_|?hCxln*tn|d0yz^<huK9|;y
zf?(K%d^}|CDDbeghFubLKp^E|z*q(yL>k}K!kFQluGnquE1r#f?{B1WjgvO8QIwDf
z(c7aVu~F+}Fmu>bf5+^NSUk||D=Ip5{<8qtonX0VvEt2!(@YvdP;^aGEtzHFrt9Z9
zE@jLx^^Iubq_Vy{s2{vPDNl~&IKBNQrUDXgP5MHZm=@I>AN?kL^h)@s>5<d@Lp~~h
zj-Acjf5}HX4MN40`ljQfR|b6a_`d#Ksx&uBrg@1*s-Mm6Xi!9<&?^(?3dj#8<ZZq}
ztnUFq##}-ZTrJLF{*(tAjn))rrMg*W`8K-!jqFaY0EKS~eLa|4@?cKJ174=XQ7)c1
zHky(e<Ye+oghjixjG5RIuYQc`KL^28+pf4L!40u0K7-)C^Y0PdpM}F62<}(Lb^Zmx
z?Tp?gLvQ_SQl~+0-=_1&J9=|Uq&>W|5+XM8q^~Ti6|o&(*4I~5qMB6gDk*c|rLehm
z9Q$cvz~b0dX1>Gkdu9`Y&%PoD!0NUQsNbDU25uK7fbtmZ?_qPBVRO&%rFjAj<&nPp
zt$Ad~1b9jZDFbUdmRkA<OCM+HEtcMD=}}9cV(FchzRA*OTKarT@8a(O7%`_WjrW%%
z<c}Rc2B!1~uS1y4CTsKi7*sb39tNj-xpZ_l;2a_Tb_B3|L;MX4w87urO}qwHmJyBs
z?Mh2x4^$SYBnfABG`nB;=M&gp@kuD!V(IT2!PTz%9Ox2u>)A01W!Y<XiZAQt|EJKE
z7$}70(6s<c%A+gz5TJ|$gzetP@a*g!-Us}M54^>11Tt!aPqun@&((79NtT10HvN`n
z$%IeR8{SgBfO_wX-zjuo?0p_Fg8eObZXsKi)r`Lw7C4z{M7-_V^lat>he50;Q#-CW
z=d;*gTWrgV5+`L~IC5R>$hYDM<OnZl4>x-c3Op)`6~9oMx>zjGs0=N442cq*UWflW
zTuht)6enRlRxgX^fhhQ{HaR8=4zd*msWYq9%jt6-rh6<2HJL#hS-QH2L?sX|J0&yb
zpjt#^w{Crzb!%gO-5TlER@SX18i$QM8?0LdbiX2QYt|>MS+8i#dL>-5^7^&-U|P&C
zSbvYDj;m#{s!h#<KWMQc_=Bk%)W3K?Zy!Lc1-<N*#DZhNYBi!z*MS<O_q=HREH=Wt
zAbzg+h|V<w)l>l!DO_JQK^`TFXj#ppWyS}ZjXxMad9>WpM_GD{rMFuCN=vV^^iE6P
zWa-l^eU7Df@pnglQVYf&)t<Me_)QFQZC&ckQu5%j|NZCu1)VP@3ky~y`Y~xb{U5R*
zX|mL2E_+(a;ZFZlQoM~2MmRn@>i5~41oX`ke`uUxdd+vYH&12TIuFG*{$||#R;y#r
z0x`WNGlr8-u1DRl?c~gt(Jj8mWgFZBG4g2+Z=?x-do~L)71X9?_l2<88c$+~q3EF!
zhNOTbBwucsuj)<Cdyx<K5-6>Jo<F`^%REB){T%Q@(gPrAwl-6#?G+5}nVTnP4m=zM
zIdT}ABxLk$$mriB9n`nhpyA2OW;q#sEn|Uz)W(EX8I#dvf{Yx<%EkSzR!l1wT4$|X
z+Lt4wV_o}DBR(ctxmY0Ei35|g>Dta*YegLj&9UHZc@_~i#6N;{$p@0IKj5miffKu$
z`CHSqR8sc`<(59m(pxOO)zT|1z0T4*Eq#-vPqXwnmfpqR0bM3>qC!ETo+P&M*7!+~
z!v}$={s6EsoyTm67VC~s7O>4dMRkiOS0Jw+tMyFr<5<r=vh}PJjdA=KSi;k)i+x!v
zGw3O8b7R^uXU4F-ek^Jc%ftTmlGkff`-&uLQ|Cb%rwqZ~+xP%in!e%fKFje#V+GYP
zr%8R;KlTXK>g`U$`5EH$lcE3mJC}*u75c9)c+zYr{{Dn)C|>ePXh3TNkI$1=3&0mH
zEnEPszR-Vt!d(2<Pvv_wU3&FX)L=&Qj5o?WbBUbj{67oN%f=B*<A1?FGK2Fb3VOUf
zEBVLsg3k6yb>_N*eU=oc{n0Hu9V%0J=Qc&CP6rQwyPC1DGxA+qs5+HZUTERl1smz`
z&SeJ>OMfwz!J|u?10?Mx9Ns|ys{Y2-N)lV-JDJ@t9ADP8n(?!iBEoRCu*R}ZpzK<0
zM!4V>Y(MJsLx~TwV|d4u4jIyqRZK04Uq~32viw-u`AalC5Pf7>P5Rqqv5Lt>?02YW
z|9mD@okk_uN__{Le()srSo_8Ijb<j8{X!bc_T%9+Cz3pn`$sCim|$Ju5|tCmh~k5@
zTk1t`-eFQVO+_HPs@$C(V#hw<Q_(bY<=?Q<WFHP&!ff+l?ATuvb}*?QXTA$*D$&U~
z4Llc1u1}nd*`;(RrU~OvB+YIbv$cWQ>DJ$xitl2tHcLFwPNw2!uO>S+*=t6}Pi~FB
zkUc8j|C)+d=F*3a(h0JV%IpHlwt72t;F8n{dp>)!vsYVxiP3#cYCappDLdG!MH$)R
z`TICx>T!E4^j%0>mctpVy==y6o1Aec{hq(CEY+UUiH)!U<wfff2V_S#tBe_{_xKba
z5*nzXlY7{I1Dpl+ENC`{o2n+(_(`9+d&Dwl3^$w3r*>x3`88I9&u5?pjbEvqV=!Vi
zP#UEv_zh$)bV$XRYdr3|$+fJVZg`}=cEb~C`n@)N@~f`cDBHA6bDuDKPWdX8C+?MY
z^#jbp*5u{~<HdP=FkWV0$dDo1m0-Q7{kr+janK#a>tfT;k~2(;rUpIh4AbJ(&gimc
zI96$oIIFbbYJDgJRMYQeQxuz3+6S^q>leU*{-DtAa+LawlO9@6ga+HgYCGcn_+k#s
zkI+e7Pa_3%iSl@B7oVI>9yW3u4L2@WRV0H^j;6jzqScw6U#a7zfz9$ao~YEEzcDRl
zrVJq${T>(E3zN6hJJ3pxS3&Tgd~?cm;x^)2uGa3NVoad)Aw9p$`}+(r?CsuV(+e54
z<e91d6$GVWiS5OYo&R^kQNT->hbR0}lRe&VxDqE?LVv{BYg~!zH%el;em}?5L1%*N
zw-N~2#k)@6Om(CyLB5E7oSh#Bm2_Tt98pi@$oD@bFQmT#Q{JhMcYz0ZwYkTccd2~8
ziH8&Tey5&`I@j--41qc7x%v$|mZexoyKB>Evl&B*W@r)qC;YttCa~C(ACeLVnf*8T
zU$68W{&(&%zLY#UuW#KC1Qas#_3k<1pL>1p{+-Y+te4lf^N{Z4_5JLe9ZUEtnM7{9
zWJ)y%Sdcr7ed?y)+VpgG1c^~HG~BDe;hRN?DTBXvwe$C0Q0_f@5medJ-y4h0E#~gM
z#f$OP<zAeHh^jl=@D0P8`%lI4Tj}k!OAh&0!zTMik`J@Hlz+8<KMzu?z1!a%Quy|Z
z11}~pHV)CV!8guZ!SI>)uDNx1FHW(M@K#*_&Gw+r&v%~sD&_wd&r`R|{Quv1>e}-`
z(dRu+<xrcgOR#_bG0Y*iasH7oo*r+<shVqZc>m`Ir(Z$|bBT(Cr=}`ap=$o$`RM;U
zAAK-9pZ(nDqaG)GVjfLm{LVfv-0y5Z&)9;P(-^)*(_=Gjw%^(IfZOj3nwHz|WXY>_
z{43`cE}uR2JEu=)zjHp{+3$S6{omW~Od;<o<&_u;gRNe=XM6R{S4^K<-(LNj`b%bC
z-d4Q~=9pOOorc_Hd#@+EtCtp=0MX*@ryj^ZKE~Do@b3Mp`hg7aANHX&(lm+>G7?4o
z(6|+)d%0zNPv&*nUo;#wD#3xc0>3_;crQDprsB=`={N45nb3K3|N2R>RA+2UXKk?u
zdtOhBUF@4vT$1^4<J!(tB!)-MnQY$s#p{Tfenc^4qM4JmKzwp^|GCdp-GgIyQPs$Y
zvq!~JPs^b1!${M6S}D_ev>BTFMaS0?9Q<je^)$|@x<`XnHS+z~h0kLhy5u)nqKmzn
z%=Go?tCuWAC3OTUxg&Jp6GB|1Q5R&et6oAO%#?=mH#YKdj9Ct>$Ixc*Ih;!Rdy@r^
zac-Py=fv<IG4vQX&K<)iZeMTbu0&2*9}6`WW_tCqRXS+NQ`Y#KI+JdEWm|O1^D`pv
zJQ&80e?Kz&jJpxgXP<NTCjMS@cNc%Zd^dmM_i{h`xXSltM7AmIjC%*^m22I%ZQym{
zy~Fj&?e5#!c&)j2j9$6qecMB(9B*8=OX8NQ?zZCiNGn{z-*fIA#NXkolyfsV*Xzrw
zvank2fZv9D>YR?h^T3_*bJk9FDc7{u60UzF8k`?UH;*=HVQxO8`$ul?Tl_d%7;K#H
zFOf+6R=RrqYT<w4$Y-M$J_rK${cdT|mf<(nMk+fA?GJ?<R=jrZVO2Nww~HJ5&mCI4
zl|g-Xy~x-NYSZCToV|TcX;Jao`j?&0#t(UefbSbc)!tlQAo%9Uh|;q;A;kE+0q4ds
zv(5YQKpwx~9?R%sX)(|5N3JbutNd~i4xSL>Ql><MH`xigEiq1%$XC4-!>4PJa?+)>
z>)iCiK?VPOCid0$3%J1_t{q^rcs$MfzXuREmO^wS`D0-A<!|QTeVN*G@ZPVc9K65d
z@GXG1>GB-Bv)rS>dn(U6gZH=J6mQ^2rx(0S1Rm;<9K4SJDDYMX@TO@#vO5;Y`ys}3
zS2wu%-|X#2dUezGL}`{y(mL^{2?pp(UQ$Ap^1>^0=-J}Et=7@pT*{Z+_=oz;({;C$
zEbdnBx~y2d7PUZnLf`Ce=om2U@Q~p*(*I51eWUlYUm(dLO708D<>H=KbdX?*Cc6f~
zYXh_Xb^HN;jUVlj7$?Y<(7wa$4LoTlr2k*^WY)$AJ=AJFp1_Z`DL*GqwyN=?;>5RA
zc$yVybLA%$mRD5X8Mn}WdhAWEioQV=XOhj%GO{|*P^E{E;vK-B>|j!I$q^-&@JB7x
zn9SMk9bc65uL#$R#~n@!){E(`#b@pVc2N5&8K_u~_wcCdK0WI**Nd|*W4#!y=F+7X
zX}mv6KZgBU<6Ct)@xzQQGq#d)HJOBtzPyiAJTtcXJd$|b&1#FHrKsH$A>_lz>P~H`
z^3fWCxzp+GXE`wvO-&dQDPvPL5WQ2nbdWma;OMUIbY!;4`xBYF@vgR2r^CC&%9d_a
zuX8Zh1=dKATxW4&Pi0RWBuspKrh2$wlXqEIi=V}+iF{Ou@&}#5X{wN{on*}`UqbsO
zr%z0mF3YvITlb{C2Fz7MynTYQpMYrUaN0$`h*X7y3+cORa@859M_v5viK*(}5J|&A
zQKTk!L{lp)*hFeuo5iFU&~DdlO}}FL<wRqaSy#NiEjf>0Fuj1oSGPBLkM+3Q3OKYh
zc;6QUn1DwQPb_1acSJL*T9^Y-to5U-9(~09hr+ANdtIk&=5o^zY<F#A%6>LIb(uUb
zP*X*kKC+2HJ;ZN~x@gA4_7&K%wQrZ#WGwPbc7N|g+70C!%!Ni+VVOEX@|s}dmVZk8
ztl!8`cVg<x7~U~gT$f$EWA<Iz19RZfQImGT(-I1K;sO<GkG5ZqU(}?(;r)hDg4ht}
z6%WmzAnsL}5Tx$vXkS?Kt|p)F!V98cL%J!b5e?-xyl?%hisBLP8|2BNv2!&vE@*{O
z7nz<EJFgS@sQH#DeX1dJy1!L0WJ-T|t(@-rL~fG7HcB7>W>>3Vl`Lq_Pu(3_Sxc<R
z`>6r@>^MG6n07@o^V!<Ejr<vWF`!{|lXDfIsO2~x=kXQV?Ne2AuBv$yxDUuQAG>DK
z0PXOz`VNwuseY?B>oy9>LhaSbqLri(o?KoP??~69&uFaNrPv?I6S@&JKGzuqrBka^
zuWaMTizqUKU!{A|#-oZNO&hGm!N0$T{vJh;fwg)cDJz{4Mzp2o@aknT9X#bIP)3>5
za5}IF9Ux&1zyQDxzDLo5;GL%lMtVP&$!heRUT9z(zR;2Nzi8mSi-ly)Y8BJ-o2n}_
zcB9fVgV*t6*5s@2p-GvDrQY>U{T-c#2|Rd)P_v*xgvTN@)ElFOygtVCHSIR@C@gwo
zqgdt&Ez_IKzFWL)r&Fqz3#nT`cC{MUwON>(5l9>7o~?yE8DmV_lV|gHcH;7j+LBXw
zQlRCin`_a`3I(t5{&t!mv}ieweH!rx9Q291b6imu#-+y=D<M7j%GLbPy;k6oO*tN?
zKjbm{buA}P|KpSGStGaXA^Oy9kjYLw?IIqJB5QS1cbu8<l6RiE7GS90_L5M4Rie-T
z6kof0o9KdbUZf(!+JVAa7JGEHE*yt!ZH4s~nmyvw(wu*j$qN_^X!oD`II^;T_gcgT
z1%W2`BVt1=a~5KQ&%8x!sNE#7LH(TiBPTh00iISa7*lQDC4VAKc1Jp>a`M9!lXfCM
zOa+c${TD=bP6cs!&sy||u{W+VH22XDI67M$%*zkuyuvA5`P~Z3OMW;6j}u1f6jw#Z
zU9O6K$d;EMRO#zrz<ZuQdHF%fk1KgSf3yS-s1tDQ-Y#1|+0j3<t|omb_P1p^x?Q^!
zL+!3e<9jv%0xinXk>tDf4m9WWjjesXL^Ym3%`$%+`7(wCvEnx4@3)bUB?Q~p!UYqu
zIGq8hgD;=HmEWxpWmhyqT4O8ePsS>qO1w~;KGduxQoF@cr#Qociq{f{p+A(<C!Ups
zm$LdR=}*3i+KRX0g!P%q;o<{b>^$Rt4;75j$XX-_4wmrm=>t~aw!%#*#j_8_*e-@`
zC12GwgN1FZ^9D!h&Cc}Ct57OUOl8Kw5M89|XlhZ1xFfqUqWq;xud*=%KWv^YTvZ8+
z_NkEXCCuN`HGi4B3soYssE$`w`%SWY=~JcUTPbdqX<79iI)xEmnRMARDM}#>!-F!5
zRY5x0%ulwDiNi}gQ)^~ioi0>Y#)5@Q&>UMW#sp7)O&lsyI`+zNdD6I%@X7pOdHMzK
z-PR&p#+r;1aMCrH8T`rxIVL>>M6y!NDqzre0InGH*^;I{vyNX;2P5J5@DnPM8M{Pj
znZe`vu_bHuT)+tU@PoGqOD}m<hKxl*M)&;$Z<}-wkf&ETR4fuIU{1n<e=J{|=DtX&
z$O8OOVUZh=A<<Rwx#wSAKVvp4iH(ipv9r)}1UwcgNOrjtZ3&7pYIB6)VAL`h`<`}#
zcSWT@Sz}2s`~j@l%P8mdKUs5dO&0~Z&|?)py@vRWTC${<Tixm8d^M3WW*e(`Ad(!g
zU)Ym54xEMn9M_XU(N!1DzWky~;+M=0dIGU&xwxE;e2ZU@x@K_!*a5t4oUinPWGaw=
zPu(UMJ$!|g>Ln=(3+mVktlNl~Z<*3bD?;=+mDCaQ9H34Uc5>~ea-!M^@P0TeWJc+G
zy7Z1aVP__$Co2uK(r-w;<x-+9&zgLmaW17XpHk;a{Z9LPS89sOGbx{EnoBt*pEA=*
zRo?-kw(?k$SzZK!vIW8Z-Fmge0B&42B07GFdK7888CMoMUa5{CzJB-DS|2Q%BeHUR
zXitvfM?^+|{~{i_tD-MIwIe@?e+$b~bF&N`X^%6T*QJC;l9@#JNx?2HIYKq1l2&1+
zWHFDb6h;_0ux*o-+0+_T*Tt_xP|EHIVXtV$2syfX_MGW+&o_GL+g924^0wqR12Qo1
z9Y^qf+NE~Z;rQE&3eEzUkhsD+=bS(H{8`iE(}`m-qrI}PW=Tj~O9gReg{#~cnz!F^
zJK<zSRO_&{i4sh&PJY7Rv<=7U;PxXFg1bg;_{QPF_8yOq=O?^CHr;3SCH3dcAKekT
z>!gzF-mR}MD(bhE*+Evfg8unLSH0qI$fCeeRtn)c+^v*@2GT`ezQQTx;w|)vuAX&%
z{KA>%&7B?{jf8trpXlB8cJcK23gV=OZaFOE9sL7Dw^f$RZ!elV{o?6u$uk2Ck5Utv
z6%Hj17hj<ly-@r?3=~(l>>15e-_c&#2c>F#d(rGU@k`pc)&N2?79Q5a@o^?2WO>DJ
zeu7fN0{*hyo{qcoEpAsNj7rXw{#5emPpBV;$!f@csNG@(i!O;xw$XCpXmzei7W#=r
z8lPYfh>6|7e914b&00HG&zU**{QBwV%>qB^lln%ldsp}}#N0SCL`+||%3XFzeY`C>
z*<l2;z_1$*9Vd71gzvl-4M+pW^Y-ec0u}nu<OKLK)x>{nL|gD}M#o^c)nKrX@|JY7
zw=djE?C1}25R;5kATtK>zE4v~U1%J!CrdQ*k2zMol<#ZQh<BNNU(a_M`mI3Vr>`JM
z86>>5h<Bt+?uJ2#sv^mCl=Yv1sAe=fO05^7`rKXroy#s6y+H(Y!HAGj`vtwtQL1sX
zolvUrv{Yt<wO%zuBksS(;2^|TkA8KhkR*=r>jXuCzd`CqcHjgBSz^5iZgUZHt1#FD
zF38naY~vcQDlds7Hyt7thE)%4+%@Cz5J}k;F!8~)sjp%^hf!T(vHur(Z1NHNux5}W
zC}ShhX*nk;c{W>+Cz7%6?}*$GJ5-y_Epp!3NrZ`YxHNM|E4;Q2IJmqha>J<<$c@`m
zCurQ(b92WF?DB&Pg|68X=4qC<?|HFFrMj{eryGKjV)8=-55Q7b?P{I42iMrdNq@&n
zP+7Vj3kJgpm5IjisES<wIMYMiTkj)3c7Y9ciDgd6yJ^F?iJEaKD5@R#DRxitJ&A4j
zl(iZ!ZLiR$K|wR#RGhbZ__VN7@id*HAe~b9!Xj^bwROtHU!9N|b0-rv=+ibGnFvn$
z^ao66?xatM-bRruq&Ak0A`NN71vgUOFR9Vrmlp^msPNj`v-j}U6LXQ9?kAJ~Fn@ya
zi>k}!x9=uiDrt1i62=FoA+MuytxY7rV#Uiv!l(?G5K-<O=ylCo&EamAI2w+h7ZOLf
z2tpV*eoSL#XjAd-L}3F3tP@>bs8`NfHj*-pHW~M820K-e0n0Aw3?Qm4#;@D9q;7RF
z9^7u>u7%{9!)?N<@tv)}A3$VUf#cRVdQyu)%a2v#R^Uo&{8cqBHH(}7o4vnM#I3^P
zgpoiu#RWsieug8r)FLmcE^qjlVtCjZtCyH)OlFf3Rn~iT0+=nl<R`dQ=n<D*r1}G?
zQp4fhY3UXg&U6cly<fW&IhkX%2Mdsyi+{Twdin3J&|;GJ;SFAMe!RK&GU1O7yX+Gm
z>*3Ffu~BRMKwEDX1@%2-`9q)HH{jhK4Y^9(tx@gv<5JdGsg#KU>Kwl9#|sOYDe7$y
zwknme1uGx$SLCMeDXSZ+G*b+`kEWzcoeF~b0~-Fa7~BV8`M;nb_7!U74A!%uUR*5&
z>tnVG_Vh1;+ox^)Wh8B(#ltp`0o)vjghN-*J?qdOG}F!XMW&=~^|n=og4KaR`RMBD
zm)9e^Ux8p1-8H)ULM^iO(=SKNYD=C+KP4qdATV5o^fbA}+d{0(s#JR~!Qz*>CI;o2
zn03kJ=Uq1a@{0r6Ej}}p-P(goBYIaq^C%GzJGeSvDA<i2P4zn5UAX6PR<ltIq&J?V
zkQJERWpcMxvtZ%kB(Gf;b3dM+7B&aqZ==T*BOB?>wV{dTZLAFCM9Y?+$xbHa_|)WF
z#L$vBQqv`u&q=f;&l0Yp1W?#P+<58joroJ(&_YxJrw>OnzOxOE8urG31LTdCsD;}J
zHe~IQ<QG_<kWv(aQNPXly{~~k-YDvYff2wjGO$jJQ5%<7YPZM;$4!t)sW>vy_yMy+
zZz>%bktsJuoEgOr-|a2GorrQD3Gn_bmYO#$mOATf#JEvb^I3D!lZRBL&YF*@_@p7&
z<B#Cslu_t4Drvo(>Pd_8IKn;FRkcl;LO`rZGu13FSAz$7D4y}oZW?kd0H++M?dS^O
z0FKMeAADdZBR*AI@j)axM(?RD{-5~Oeu?Aj5jEp2hHj+k6*^#R@;2|)KXRqP%IaqH
z73d7B7iasSvY$vJ9NkF|vHA;?H{-e@sxA=pSVvm5qO>PF`4OblcrT+ta8B=vV;DQk
z1{A$~N^xXmZL`#T1V><{uXuRw{(-N;OJwt<*uY*AonOVn^{)qFHJ%IvcS)@!(5<(e
zT-~<ZIr=LD5O2z{q7D}p+^w)MnL54%B5BwrS8voVmg>dN*UX}=dM8`G>V&IT{qTx<
z)T^X?z1Ckx*KRHy%F?<o|4_WF=`fuB-8-F|z1*VMZ7Za!Tinq5jj)n70hPUibWPDz
z)xOZ3P|JNlyP*`&BN$(4$YoIWr9cNzFc^t_{gqI4&+++<=sdk-zADpY0Tt`&hl^)s
zRtQ?}(xWvHcJHdP_zAKH@}LWVJn~8NmcQ@!!KI!YGf|kM+k5l3e7+mGVakCtGqTe>
zQ6jhF*Ystizeka!{M<bdy5$pD>hF@JaPj^ya>Hf{A)=d)yxr@$0%#Bqv)o4fDk8(T
zVwnTi7XW+j_)_JcWyFLpR;FY<pbUYm=UDd^sS7m~n<GtWvP8}*2zSBEo4Ylds^1zZ
zJKjTg>CtI^PxQE%X{+jsX6AYvgvKg9(0!YQ6(ToV^{I>@F;(3_6N!DZN9V<JvtM~G
zR`Ejo&}inHUia}{G5X8&m0P_HfSi4$cNNl!nrlT188rWbxyfi&(ur8b`bc96u-rY3
z+#!rLs-uW>)xL^`!`W)pZt^f0P9W<CBLiau<Eq+MJt47Xc)6nMh_mCUWNWKsEf)!>
z^r&dYQX>Nu=F%ht!X=JFG94!rI+cn)2Du|V|3kbUrB8$rz|G$-e!Xkf^DFhgncCaM
zuRj_d)Bh--x%hR={!IBGh5#48;+O<U5ItEJzgo88G2&H;BoqWGKFER|4Wm%((rx3s
z+l~TpyI|3K>HFhwgBumQ^f4}kT<fH(6rP@$B{o6QSM5v4=ux0!!fs$=l*7hJU}J(|
zBj~<9(R&Vm$V_1~&W#L=<RX|AOOrhgEp()5kmf)k@o0Ri2r1c-n%f}<pW&U6fyZ|$
z$mFJIYA!xMAiPru-((0cpeoA^ogMEfHv~ABt3Ju?DYwyGEJM9m$PmNf113e{XApuR
zI=x&&fmT{?If2%K{??*Z-`BsM#_}W>OZ^S?eS8k~xt`E@bSzy>h>)%Xo2xC^FR_W*
zNQBNfHz`f=x+@)h5*T}Qh3FIdB`%#;%Y|#+P*P%<sU6toa!gMIHV)W#SFR;Hhb8%H
zKrY&pz2R*dXX}n;3}DnqKAr?oyP4UQz{g}u_Ar|-JB8<FiW@v|Ox3{-T}8bV=>fk?
z4DUAPSDY9XaQ(#5-PO$~lE?i6J>Ure|4X|lsdZM+G4W0+H6}jZ62(f3<3!SMH?16^
zM60K3tC;12rQY5o`I~uD{FN6J0eXII`m*65`0aRYjG&ib*h?J9YLy+69}34mh3~)h
z!uQ&5<nVnp^`tHv-sLSPO>t2`Iiyt_|B0gbZ}NVstP8{W2b4w@Zfb&-aYD;n^6({8
z92NTGARnKhuYr85u1h*$Ip#-n>ZJ8iu7(zUL)s;@Pm?}U>rih{&+<!MdHq-p6OOyS
zF5u^B7e1d4h#U?2sd&GhXtPJwq_`KTaUBOX_SK)4Tc5;Z$q3mJ#e?7yC9zC(etS;b
zI=1IOX9m}fL_vyQ-#<!%;DkM*sO{#0S{eiS5+^WGkYaq~Y<4-?=dFFC#5)fV+5hO9
zI7)2oYnZAH7@<=z4!urHjTv!r>go}F@$Q8Ml-VKJt#ptjJU^zaA3Fa!wacA<omz1I
zwU%^u{sj)yC%Pt7AUf-fscVQy8Ddx?g6WdjD|=o+{hGX|=>AL&z}9yuoZ;Ky0T@@R
zu?J#(e?FGpjh(X@(Qo%k#zG$*J8dOsLdR%!u6q($A%Jp$L(MwYkjmLR(xul0=?4_R
zW8<&SdHShTHsoD?g7J?uE%K=5tuaiKG*1QPC*~Da<hKyL70WdQsHk4oyne^~Ir?{2
zdpqn!U+|0<J&C)LQ*FoKPKW)$L4!qwOZuwS@k`41N!$h}DbjnOz8Hz-TcIY=?GO?%
zR8*ncK~Xh};))ft;S&~9h-On>sbh+(2`_66UJ$EzByz(qAT-oDzg4%qQS|17)EIWg
z&qK}SfP76k4UXUe9O_3mB&DA7mXHyEl!6K5QfO+G)H~#LFlG#NF8cyvlfk=rfGEAc
z90|UBUPia}Z0Opb5slJ>=@z~ssV?QGJ=w}%xfr(D-0j<*+(1J7{EJcFKdn!J<jTgj
zlUGQ6lSI339x9c!Qk;mni6^g$ra|g7bw=jBgS8ECM<UrF`Qby}wrj7rzIj*4Mv8k0
z)|W_#^)~3-By)Nh&02d-HB5{j@8Z!mWJ-;!JiV+YbKyWv_!RDz`?b=i56MPg&H;bf
zfZ?m8d2u!GvFAU56d(dqQDXZ*0FdR&s0L1p`!L2Y^6BpxMXW>dK}HgXva=wN*s%Zh
zrD8Z&CbriM<LK9&7^X`&hHg!q<R3)qil4NN5Y+QV;Feg^Pcfd#BTa82AMq~lv=5=*
zJo-$ZQdmu-Nf+7Fq~$sjY3k&eW^6XBoKn`kj<xGYkX|%B1z~ntIrou8uFoie3H(*q
znuyTX#VPqF!u^*FpKH@!w|eJOFLC?`ROSVN%3RccE-7(Q|794EJdIpz<WDGL_pmw$
z`<M8O|2ry@cN(`I=uVu!`G*P04Os!xSPuZP%mUF&{3`)KVj_ZTsNiCM=JtaZ6u{&0
zEO@xx#aiCTd)V^hVareWUn99$w?v8{m{-S*7L8h`wZpV%sX-5a8q~OB55Lu;hjUyz
zC$sEy2(Hxq+Fh2!(r4l_|6Jlvyd`cb42H*e0oNIO4y-zA(165`n8gHG?MP&O?IQ}1
za+^Pxs%?EQfcK_Rg4d9d13Nx79F$k6q7VsB@=jx)1zd-K`}ODt3*cFigU3esMnHfu
z+0@Ig=6qsaYkmgPIetuo$puC6a&Fcff%XcJ$9a`slk1f(=G1$+H;Q-hq!Ik)scS}a
zxAA!hQ}IuHx!_C`rHekeqoN0GCx>hQnNF^vaaPdc`Fq2|oY(5G{Cr2NwDbEFdfhuR
z$nG6MDVP!C<06Tnj8D#AHB8UntaP=)1N{3Jj{FD~__>@@GiDFq-S&0eo?u)ln7q0e
z<NrEe+9wcQkdFv**dEHawH5Ew6Uom>HAjeF+hd+RDfppdO)Rk4vT*dOQhyEh_eLzi
zP;w2!R=AxsoCpkiX0N6`vzQ=gXq3AFQ!83DxWTw*7U_-K8L-aRrB3lWIl(IWW<M5s
zn5dT>r5SoS3Yy+Gk8m58ahW`|*?GPEVf#3`N{xy(8Z{Lch^qlv=jifV2>Z;sIw0{b
z{W1&ciAvZ&$SAWNLBSz2n`mZ_L6y4~Rjt~SY3JSW#<uPLBmKo`o%bce&_3aQVW>Bp
zY6|3?I=CAE=!e3Ayj(;cr@~|%)($lO-8mc`2M49jawIsM|J~sf+KKvg&EYho#rNC@
z8FGv0LiObN!&JT2M5-Un&*dE0w<X642C`OKm)w>xSmu9>66L;S>fJo*HN|CcqEkBR
z$Ih?<<>ka1orXSbvID1S8sLqpEmh5ybA^Nh<c)x-=uKUoc;g~#F`cY(Sz9O-b&q$|
zq?ZW!l(IY^Dk#MyS*kqkHkzuZCbis<nKo-07LF<Ohwob9?Yr}@g@LuGV9LoS=|#p-
zQj2DiJ8e>syWCGvHTPqHEpr;<FfL2sBDF+6oez9z^b^^Wbxjv`hq)Wz@W6I=bY^wY
z?Uqz$ZK~!0ZSo@n_XOMkID;w>j?zJ^b7&jQ?i}Dku5aLn4(ko@^(OFVRJBhUQe0fU
zkO-LR1emRrl6M#i+z~|A8MULDxq2ZNed`8|bmA`ZRFJolup3eG-KFaIZE?Rj+9NVY
zT`YC&6dDzf`Wj1}Hw`uN%&OF+IYLNvZD!ImyZtV}1~&lNmA{6Gwb6dL8&Y<}#6)4D
z6}<$vk@5GG`L(J4T1X2n@dl~JW9>IA<wyTPxgeqomLEy}Qt!cm*NzkAuOqZ$7inNv
zy@-s#5kVw*v%Pfci*(AiN_or3jua2~F}cWDgZ!36W>9rx<vbQKTxl#iJ2r-+6zbhy
zKt(xu62r2K$j;%Ut&-D0Q%(BF?g?7?xSn>LcY*+#z`{o~gsaNEZ}6IZP|yR2H&P$n
z8Ahb(Jj(K+k{_?kJ{Yi(<SC^1vJ$Dy%pMloK&&VQ&EN>y*?I(L*u@*L??8kN9ZtiK
z%O%DIdH&WZfwwgfsg=7nebI0N-E))Z87#I6E!9ih-Tc2O?v}?gR}Y6(x3h3)FvZE;
zB9J)FZj>QzPHhFs5&Jst00ji?hjpps-k(bXNwo%18HmCc7L7D5HsNH1iS6I#8R?N*
zk0mEE>&JoVNaN2KHK{waCrS*?Ug`L6ZF&}dya@YtC26`Ep>ZR#IFdYpT52m2LlS>O
z6;%d24vX)3Lk=~uOO<l{rJ6uoU&Xjd2=b;JVtS}mbj{x%2|m`iU`SE?<y<rG2#Q=Y
z@lF1VBnYCteHr#Q=Q6eh8RfyIYk$L_4pl+-k(PmSDY*>F_8p*{3mm}I6UtxvS}(K?
z5|e`R@%7mY48Ta!(R>Kn=IXebf;=x~j}^c>!tu8PIO2C_xpIktQN@MhlAH-nV6SeZ
zCk!z$?ca!0!^$8G)}(sH6&Y-CMc|#nHZs{s<%#{W<vA&>@IziwoAvKS5uv(0-WrKs
zJRe&8iD<u$!Vo#(C76mX{vMkPU4qHd?LDx&gtQBpO<?N(_8gidYd3_lR-!N?LEW$Y
z;<uv2yJ5du7E2|VB$t+*m@2uSaf5HNm(hMAl$DM`(ZdAXl$~7*Y3-YzU~%q2bCU}<
z*?iUU-&#zP+M;Z=XrQ8i77qz&AbW5){M>q-FPeD37e5S%$wVz8-;IbiP8dQIEn+#D
zBhW${>NU;$bScIYhQljd+7|DvZkSqniN0wQcyOqk%2{U<%(}oj`{IK{_DN6Kof}HL
zWQJ}4Zf^w;((JxrhK-#TSR2?wvvrsicCrArZ*k_&4g!VKUB)e+vx^PXT1#orJBM^A
zSF5zG1v){*9B97YE4C!gX20X#NLpS3MSg~OhO3;dAMx+^Ts!*n#nz6Ewsw3xjJ4y@
zd~x<CwH4dqN5s;KINOfm;9uLXSE~-KKLS%~ZhpL9lc*%avQyN}SC4LV=|$uT6?lD>
ze=g~PfwnEBi<LOlGMC<+Li$S=5i<v0Xx+?$(~7L#3*z^=RrXZnPvNvu#K`O)T{V5y
zocMRk&%cPJxL9Mgisy^wPOq;gVOJ8`l6&&kIn0JOjw<SXvD^lInhKfspF41M4uE?v
z46S@Q-Gcze9)E-28+_0A_yPIFK;b{SJ75Mnp(#U2_=`)B6y{A*!tY7&jzhca-^`Qi
zK(pFSt#g(P-?0~WMn9tTLrxSC*hWzvZ=C-aV{Wx&JYHvyMeUVC=U#I8#ch=b_w0`f
zcqh{!M7;C<Oc40!i-|<x`ZHG@Ne|8@U4KRchyN*i4ey6&7yb9O>&Tc%ns?0?`Lx**
zxLJCR-kws%nacPOPp(_5X&!l=fJ<F-PmStYiIbG|cglK<vi>TU^#_79FgI`9-UV}T
z+X`<#m6%6963Rs!yC`7>2~@jp{W%jdCBqk1w;*>UuJymqoWQw#-$>(d7F|9ax6pP3
zHJKICILbsV`E|bd$MJ^>MY-M`U!cOlt_9Jjw^RuwB-C=WRTgV}y-WIq=V%uQw;Drm
zKlsJP8XtrIaHDo=x>j!cs)+8Jy-J6Br5xW@QciP&Cm$)_f(0$3yS<;%1{b-2d^->`
zk5o6vGG{}Ac4wM@mV;HD$T4G<5Z={R&PEiQ3Jwj8LJ@iqJkzCfG;|Cp`z77WJ9cT4
zjp%;-$SUtVq3&=T*uDGEE&IcGie=6#!+GD9o~_g^pTU$F>P8zM#&~9l1V`-JHrfvs
zZX9NO<XuEX6WU6SRi}P5TAeaQD*d|mz+AstDB}7h-Y2c_&ikdW-fyg&qf~bhGNJFo
z?ghR3k$PhU>w0&8qxEh)KVFl@tgdfJdB+J&OsH}Q!Yj9z>Q+4Jf5tf=uD>nJpJl*}
zWkZC=AJ`*K^k~uKL?2*0(c<k<09G%CuuBe}U;>SH0Nr*yaKR9|DD3|Q{j^s%2z1L(
zC8*mw<^Vq3>=JCIepw04$~#<nzo(}T%DW!S5g1}{8jayVeDo;u$`eszQt>iB(+_P+
z%Ic*@4@}4AMXCEUxxg`kxsVH7Cg{_HU%SqA;&63h3p#Y)t^`VPvBx_^&G1%JX|^_&
zdWM&RWtAW`t&r<>EsW0TX=IOOwM@nKkr&t}YqiN}_deh^sAi{2Yb1$9J(6z0!O_F}
z0~2Q#P^+2`Hff0ig8ffoTySa-N&cDf_xqERxmgExyj^HNH1&Emi|duEKx0rG?;uwt
zPu>eO5Y&;V_a9>EaT)#la*w?ZCYDi#fCJpoq?L-{e^OBXprC-}F+0Gk^xdg%{BIY0
z*4Xm-9QSz>Z~jR<`^zQ#2XF>eR4{YHDn@7)2gA_Y?`JRTNl@(if@0s{IeSD<Z{9X=
z^M2Ng#P0rJR@$ImI<u=f<0t@pFBGWpVSu3ZI=i<Gf;D1`xYiqQF*WIsY@Z>N`~^ec
zZ)7kOCRr%=eO`h`-Qg1eVhWey#6BVN$2L75NgfI${vVm!v?r$G9YfV2{$I=vbY=fs
z940+XKB3PWOg>fcx>)`!DhOK{rIASNEt|;1*OcRV<=9>GF`$6wfZ9wZU(W8Ct6ym1
zQWU~J-@|8>yG7-mWOleblvdTDgkvY%&15BA*a_360rBQr`VzOZe98NCUrq6syz^c5
zB9}dq>?aaXOnU!J{$%&aA#iH0)xbP5(sUw8G-c@Dk9z!yTpp%q*wT+(OX1*WzZO;*
znpu7^s3XfdV$&l}9_uKZ(=t5o=9SHu+xXx=q)}d?DR*0rX4&tGu+jVIhi~j7x)TTH
z6e~J>scPJ|OC))?aCs+xV3Ia`cMniwl@u$Ezu=2Xe2IS!DE~DY3m)&!Jpy@D$URHo
zT$Ss+7Qcx~LKhMga+?NJ9BavM?1~d=qFi2~9EHs0+<hoFja0uj*Qp%FKO!l>mhbcI
zkId!qucpinsEsrMM6STDYRWJy1SG!d-$fS#l!u2GV(m0g$B%ackQl0(ejqgFHNb4w
zhI%9T3IQRxTkHX&w;felCCU@%D9Lvybu3i_?KwrK{}-rCbolIGP2Z1oj{j^;dVGNz
z>OQ^{Y$aNF%|5D`{tQn!PvSN9f^sIQ{k0ATxz(|2E-_e52kcc10<FKYegrux5r#~4
zM#g>X_sx_Xu+Xr8Er2O+0r;!gV>yyVBzqN+><w>{webMOgr8XBBZy+Z6}{*fmLGtE
z{6r8smAjqXRc#Z$P*fzT${fX@3pqJgo%`u_lb2>*WozHdS2}s=Ym|_ibHO5G{LMyV
z6&+}LKG8Si52CS6q<K%PXXhFe?cP53;J#k!{~|ZC{%azW8*}gBnzfsP)trl$dBA|q
zrWPfgL_)v}Xgjs0ugLpoKEj8Z#Zctazt}s>rL>R|X*!-+Vm7pc1d5E{Tpu*9$5_U&
z%Ea>QT_KI;8%q2vd$TJc3xmsq>WB7blrIRYF>B21>ALsRCHc1&bV%Sj#b}v;y@{f>
zF#bWK4G4FWU_&32y@m9!B6hiRC?vA0f_CQf%r)KIa**1d#q1N4q?h7@cQ66_s$hEs
z@Kq97RfW9$NbF^wT4IULmP(4-PHj!!*-JTh0Qxy4VoPNv^Gm&lc?ID@uOWPux0)1y
z9p!+HH2sE7pjH;k=MthwQ&R8Fo`;KHvRtNs`PIkqb93fb<8$U$bncxj0b$JEYRAr<
zN;}zCWKb0tTUC-!Xl!+>GqxJ3e7~Si22tum)CVGb-LNE_2rjRbJURV^tp|BAt*7?m
zl7Z^4v0-)D7)-m;@(f1oya!j8>%=XtT#LSi<!<U(ZU=^=Y^C0%u3ULgE@$6!x=YuD
z%hh*W&-!e>_b}?Az5`sj#oDaVfa){FN*~fiV$>%RJ14Mo(zQ{<S>K*Lj+@`(N5;~2
zfx&uHgXFB3auO{&s{%#Qv1K4$lA|gW_3`8Vl0+pHv_D_8*67lUg8tZqR{l##hqZIi
z@GBe>#Y|JAU|ST;l<qw~^pJl@6DU*qT!lR3OCp)OdCz&bFVShCJmi;1CX1y@hBI#!
zY9KRs*l_17PpAY`_QV`{oyzf;Ux2L=f$-Vpz2sdh$T$hTgbjO8CydwCi7vEPosS-@
zxJocqHoLy7wOLhU#(s-0H2RN&LJxXz`P$T0MKZbJBK2;&w>?r?G%>Prg#<~9<%W}=
z$&!$5GillWI-JO?QTqj5aS_-n)s8zP#i#`a?)v3@`=M>D{M78<hPwq^x9&qqvsam*
zv=eyIexqr{C)<x&zkU0wZQHk>|4#njPe{A-0XC|EeNPx4>AxAzBXcq~M&PqBp2ykO
z$X|P7VLXppwHjOpf>=0n@xU^Bh8w?mJhAZuZpHKHw}LLD$KD;cRq9CnFmfsK6vXqW
z<2APmf1|Lxmbx>!{go=NbyaMwcU7D~wx01k_94aFoj*O}d2HW<<PZ2GjmXi+XTs<a
zclL_sp_pmhpaz2{3<?*o=fj|!Nf?xqEey(;K^T-)+#`tymEgDCJG0iIZ4i6Xa;@Kl
zLAhYor`v4>b?152xvSKX)41QGFPF*1ui+TD)4A3a1oXkMo2!H`o?-v(D%XLTTFfGJ
zKzgZE?w0LeVv4W#G8VjRzAC-@>Rec=EiY@GTKo4>k-G&s+U#9O4R}PZtj!$VUYlBA
zMif1-6VMz!Yj^N>p^PhOEVwqCz0!id-c_J3+cyjP^sVvZ;>78i7C#}Gcem+Ro^b5D
zrFHqmWE;D6b8YyK)(^vfBiS@|?F!n40oqI6H%akM;g72P8M|L0HuEP2Dd&!hzW0Af
z-^)*O164@h{`sW!r0+IJyBB>g2QRLVKjSIv<2G;PpNzhr`;K++bp6ns-wBKPcr|l)
z&C$0ooGUN-zTynS(XU(;LxL)1kgX?uf1MQXaQ^h9@1aT_#2?Z3IsF{!PP-#V-(kGF
zmkg_#mtlO=glqBjIS%L#$N-dr|6v|g-5ykzAAuh6Q7`@i@$RbBT)H%_adiqAiv{yp
z_dzhfu-W@Kn*Mq$JsArE!Vty&{E0g|(jlyFI|G8=XGm+6#En0n_wv#n*VSUB=#S$P
z!Qy%Q)#@C!b{H<HeF7_-#QA;&t=Cq(UOxy|>w*taznl+TEEF8Y#xXtbva=r<(dH{C
z_vKqKQQtTT#N;Rcjq4%#6ip9dr{iLL+2K^Gx`R_kY<PC5pR04J?4fyFo4pVRRY;O7
zuvYp2EB#}8##R$IgO_S5E*-+%fjYv~xjg42h&{UD?@jM=hK56)j_k$32^8~3V(FRA
z$W&J=xJnMQN_;AbA6;0%S6l_11o;Tp7af7!Q*Z?K+uRY@Z`q54v*?_vsV?%9NbSKt
zLWp5`o4+AFp3*m*2O&NF?Q)w$C+i0yyod||J&xy5^tgciXC6mA=<$|4pvOD-4n4jw
z`=8Teus*`*|Gf~I@kx$x><N*Vt5*{mKi!_)t*YVJB5q<RSR1t^U`;gExW)VKZUxhR
zn!Uj6_#gS>J@48&oA%3QS*M5bBi=WgZ24)gl;cS8#_&f7xVqHM@43r!^ZTqSizvz5
z`nUV@n-g~EPdzt_ai0M;1^KvLJ^Qj8%+fc<0)JvJ1%3JRDb|-4F0;N&=0}j<LbjfL
zsVBvo$shHlrNs5+);}1DOf0xR=8V&O1lJ;pMuFc`2N%jk8qZ=<Mpykf=ls+bX{<H&
zfiW>R-Qvz95H=dVf@oVc#aqqMpfCAYm$|JsPfIr6()IE-;#?hHqZ2vGt=}Y9BRtnS
z@od_}1Vj5ypn|}AjeO3VEnRO;M&{wxK0#anVY1#FjG!=ix7}KsK1BC_$5Q*mQYZ6s
zLK#wf;!ra^k<l?ryp9MJFwNf!n4NtFhW2t%coxH((7$LB-Y@^kzi0!94g8C)Wd}B|
z%e#*hj!kfOnbc|iMb~cfey?0hbQ??v5iB?<qvH^gb>2x_gOSIP%{Qjkmo&`oP-CjU
zwGV?_Ab*DOJ&W?0yr;;+jCN~-e*_J?{)r#pYmS<weaO`9<zfA6E-k2k@n_V(IG@Rj
z_o)8~-U{n4U69W@)sKEgeN*z8yx~3SyMD*|#^$rq|6O+8|FV20?<w*W^nb_t_Q+?Q
z>M#3@`n+%Fkm5D<sBbfG`TmL<q(1JRG{u=<&Ggpsxh7p-$Eo~IE|53~mOo1SO>{EY
zYyDI;n``PziU8{$25siUWin~|D1$4Kcr^P|o;YMr8p>xDpOyG{$LaL4X_@L^(}UQn
zP3vCFOS2*i{JTDu|J?t`zw71V9KGjM4v&&nsB#GWyH+ae!dUv)+7!1RH5SIL^MAp&
zo=F9l&l`W}(ZAe&;VDgW!q?$)bzdcY^)6J~+?}1;HO4KeRc$AffkR!vjW#jTs2y>P
z+hk2;I2e^-)k0+W)LTdZ1EmQao8@xVL@Ot>9W@zDT7t9OJ*`q4cdE;EfQ#E8s_v<{
zE^s}3TG`)_!tfe$Rkf8INDGtrUOf(HNO`PQk8m52-SA*H&r?BF%<Wck8IijPL81e9
z5rRb550p)>#IxIe*Tbw1$;Yh_xi#LvWY5D*Fy653CGdN#k5AsJVlK{TJN*@dd&jFN
zvT5MmwT*ne;{)3MiyM0gK)Fv%=9*%GH9#($Y`@MJ-Z#4|K(VDXxb^}r;_P6%hv;*o
zX$uh>cl1_4Z1nyY#l|7dTLqi{KA7#HX=zPN^Y@@};_ufFl7mwI!z5opflO*N$CaGa
z_#sX!1^I^hkB~2r8qLf<tUJ>5C%%M2<E=bnl36mms=Ku~zF#eVkl0&YJ-iI*5pwB>
zG;RXR9Di)^aw)p0Nw(p#<!|7*2qSUx2|3#;cJiba%}^A4DYBAC;XV8}<Uv$ZaetyS
znnAWC+`f5rzyZn?V-oAC2<36>u<^v5V|Tf8L=rcL?h|kMf2U!~`I;b*^5cG8PW>1}
zfWyDURjNtOV%_oAkwYRSIFdh1Bq@{J&?!pV$`H^qKNp}envZ{*`*QQ}-IjwddupDC
z$$tKZy#0J6IUA@XKI5Nbv5!^JuzVl-_w2)I<i^?YGbG{rZb8f`*v%HoJ3&0_Xo)bC
zsbtl~fKysgY%Rv=Dyq~X9S*={%qC${S!CdD?UTyg6?l7c#hy%frzm5^+DOx%M=|be
zD6RjFLnUoB*@B&%rcCM5k1h;X6K9Z~E?sz0E+tBySmp$sZOl>j%n}7V2;5(@N9H?G
z*hr>MSsT|9`7dLTxKfd(F9D4fzm&_7ddy3lMtBSJxSIojSY9_Uw1jI}O0>`Fn+f$<
zeG3BAnhsT%dNG=rx>T%fsKp~u38&$1@cfTUporu~%cm;`k}4uoaWY|Jpf|LQ`3p8y
zQ2@y^npvS7-lIfYW)er5UZr`Ilv580wU#=ACt>)Pg1DYi_Xlxw2?_8W3dc*ZCT|EL
zQ1_3ZtZelrd{QD6<#!8$dcGhKAsT|z5E90K?@<AWF_t#CeNU^Rh$_Oc(^X}rl>9P3
ztAEBU3nF@M!62Gq-fXJQ4@EHlEPjLq_$)(9$K+}t;)xCy{QkT<q;G<f(1LgIL$`!?
zY^kenj;_wf_3TTaLJR0wy<C=DIxeL|9X~3;*fb00nH8c7#)d8_i}#1Ocy)(Cp$glM
zHY-0WDIA8;yh>@RI?~C-`oT9MR?!w|x({xeKX%QIE9_t;Y;ruSEY6-wJk5q2i4$3E
zL`?-w0FVmD7}TNt#UC%0t1HVe3p9I`XS}Ipa&>J#rl^Qu`b{!MuDXs6HSluVP+`le
z#qU+9!6Pm0jEYirq{oHDoQK5LeuCfY#Nj(SzW#yoxK-~gnwfdRPSE}u=MxQM#iNlM
zPAM;lWp?C0N^pKXdMT?vDrFrGTtj??>cyPiEEaV@{I`;YI1-ETd0mFj>ry6~d|quR
zQyF0c79p@r;@ZrEc0V0kONxAXtLEZ0T8TS~Q!Xgec#8zZLZkA~|G|#_^N1yUr~9=3
zLBUM;A@BFqgF3HRAZhl*l_j+f6Q5r(53o;~#$%IvtmE+#_gKl}$?kC!k4L)4avq1c
zM_CAd$~3^{s=ab{VtRd1l|`}*=ffFfLrH%i8~xS41p+kq-kUXQ`z7xJ^)w4L%DcA^
zlaZU$Ie$HW<S&U-vqIC?`6fZDVyn^29vAJ-(Lmby_di34o<Xx4wg~%cHj3IM(XKy$
zxrDr{Gwh4>4fdupZ2$Ls$dj*|ZaNz%IIU*75noEvEgyW=0)rBDw)*#)TeAMm&n@pP
z?#n6QVIOo0mKDv)bhudx?=%jRTJ>sv3mv3gCgL5dh$CjrwWRi)1|qg)BdeFTSGPKU
zXHDh4?a3;BoWFB5PXes0VA5w6*^K}8n+g)8N6vxP?8(H#<DG0G!{oEP`yKdOh5JLB
zr{nDyJ5OV7(rVwSCIA~j$~&zFlX8MgIuy1z6t?mM%o->WK23@6Ye#O0PeIV*<X>T8
z6^rnOhZqM<fM-7}kt9y9SE&jD^XbQhrc-Tzso=2O(QMl4N^o0S{HY+qdrCzZt+MDU
z7Zz3lkE?HPtNxwg!s>g`OZ~#?U1m&dQ42o>V-=<O{CM{c1nb6I*kioabxrks{T_9c
zPzU2}4Wz9B&{Ska9Mk>lRj{tcHA6^(kv)rnhC^DN>T6F<<3~sX4&r}R-#nu*_*eCR
zsW0>0xC)M%%yhcG+1q?`4<N4nKpfjLg8T*zFgD%8{MU(9oM+L^if6?KRT63Xl@_4P
z5}jeXRnA**;-^BWLbu*b=vG-bw-?FG*<Fj}jvk#Q>JhK?Xn*_r>=;%ibvB6u^$<9-
zjwZ8v<=eLPFZ73g1XE=<a+gm3?s;?0kIxK8&Y`ADFtuC60HFpH%n`EispkXTXFXFE
z@B8ybY|Hg5_2^l&yHz>D_#*{Z(Yp3`9)F|?=)?Fbs>>mHxvKKM#5Yk);$SK_DAJkv
z0)}u3Nu5Mw56gEl%5lE;K6jPuB(Kah=v_2Zy$lvy&Od}iGOiitMt6={JLy#7U{x=T
zW_0t(3QOvGS3^6i)z+sU2pef`4xxvN2bP_lZyfzGDqh7`iAH<IvpFA#g8mV^ElGsj
zj(w;{{tXgGXFykxmD*({UK9sTK9P9Ezm*)#^rzJ!V^)WE0JXRdv=&(15{OG!VF%kv
zryGPBPR-mf8oKfxfed3E-?8`g`lK~*)+t58aUI%E9U7JIko*sJ8ZYLDpd{!I@TGw5
zT2i{JAw9g>i1RkbaJF3Si!QKtap6Y58r#5kvPk(2U^2v4ulPUt`hyer<r;EtKeb{+
z?o3e{G-M?tGKwucOQt%o2mGu*uXgc0SbxZ8)2-ctiW>x4uBJl)-e1V)e~YJl1<m&f
zO7Bj-M9z9XGLXBFaS;)@q}WfaMaCEc`VFTT<O5-3<PyCVa232XTS(!i8L?Bo>y7Vv
zQ~Qy!MPf`u$<R+^;Qlu*alC7hc{!wyil$H7jjIi&MN{(?oDT_2wOF3Q_{A%<CqjXm
znm<39Mn5ut4g@}=CRI5iGB7%-CKatDZeVoblqu9TGi@O`7S>(Oo@14DC)uhW$G~g_
z{}9+Pun;Hne*KP#qw1M?t~|>(nB5e;!{zotmh@MXCVdt9*!P{`3=Wa#WZ#ZQ(X^nG
z4d%<}Ja+T*rPuh=V1a&iHu0ZG$?Inq$I|F$cUP`VkNRMN!pt&EZvP8O5`4+DN;57g
z{ea&`H~;3gn9#Sg!ei&A&UmYFNI}Rgw=&NY25<+v=Sb7XbhF#p6`@#Cl+_?k(=}E!
zXAxT9zkQLu<ms<cmFMF#ieyW@O66hG01&Vp4T<-i?+E@SHZC~s>;#ryX^5QltZI?n
z$tv~Y{kPSNTwI+U<L5l3&v|&t)Mow;0~`Fr7OMFJ`TR?H$|DSX6&T6vM}`7iL~O(4
zZ=pVv9Zdiy@Cx$#Zy8)R0VMq(nQr%WXN6p%jqOF6F4$@q5beWEFnn1df{$hhdsX>U
zX|&8^0vj3~7MLh6-InY=d-<h)^uOqriel?Lyy7s~l2hqMr251-zsy>G1(oew98ovb
z^xNtjQ5#AG(I)9>2vhK6z6__FBFfZMHZJa@^FiJ*nX$V9s=6P5Y?pvFR#cHKomJ=2
zRz<G=ImudplDa-FTb{!&z19xnaE2*V16{5*?C5e+fUfw#oNESdqR!viVy^(4?k-;(
zNghv;$jS+dy|SF5z}A{*@t?tJNxB^z)0K_jEBli#w&86&Z!|yxtnp$Vh_q#Fek2hY
zW<tCEP;I3P<8h{`DunMbqYE9aZsNY~VO<V{Rip+WJQRZPsDC=;^5m!adR4iJqHlV)
zXQfNv#?M^U@p(bF<3o4sZ(T4L){(?1pQRjoGqFN}PJXVtKN|oDh@8G|&%}S^^kM$J
z7#$Vj<&FT&1d(6NB%Z=TWH3rf5;v;JBqf}B+rJ0)(kF13Lo|}zTqu&kT1LVMB$o7k
zWC}~_KS(4vM&qVpTuh<!`FqK;^{?FcSax!GVjo}7<=k3bYJB$lk+U~MzIy+>8QO=Z
zcje%Ilc*!PkA^Lcx{CP6S|wA(tjBtaam;4qnVANFC#D8$3bUl;07;k?nsHajpT$k`
ze~l#HQo^uKe=}9$HhbJEeo>)r?=yD*cObF3RIWv>??=w%ZqB3nxAu>W=)iGy@SkCD
zpC`PD)Dw@t`w33RoC#(o(Rh1eP;A)xe76!4{1G5mvu|YK>>CC|;p{`Rk*6N*NAtyr
zlO)DRV3G79hZGe20ebqz8c!Hf>_789V~2IY^=>V^zoy?u(Y0@uN19%w&mlqi8+j?<
zcRBiu_~LdpAB4#im4!3l5e<Typ#?KwC8?iHnCnECOM8X~sw|+-Tk`bzMVgu@{-dc|
z$bOR7DQeEyv=e@=N<CG8lH}W<#D9YC0eQ#Lc=Zgp-=U-ZJwa_NoY(w@ZFkC{8i+G7
z$k(0ltmn1CiPlr1ip)H2?X!#HG@7F^QiDVkpQ}>+XA5cP{O@}0Y-PZdrJ||W%F-cG
z_(G<YrLkC2fEwiqA0OSYrcSRt0|;$@y`)C~p?7#!t8efdZoiw(g<i75^ArI;$=99B
zHI7_iKbKM5Ka_+}UUi#yEw_V0{YDdc3fEI`qV<#?f$Y}zY2;}$EkNHuZ(#9R0=<Fm
zcQrhD0|-KAicm=jPR6a{$tzbIGL1QY4>oRA5t~HQK(J4|;Iio#wHHml{QL{t6>sEF
z^BBaNURuDp`jImA!5jSI_U#Kz`+H+`*}~+5q_vq)19al-F1$-APm)SH`D|+DMdD`O
zs%M0s+NIHSVwqx<jN}mwn`K(jr62C$LzA%89w)Ct?^eWsv6I2jT_c}-BG~nEpE418
zqM0*EdnRF#LB7hV#$47BVx+vM$riU5Dc!78*}aL8(w*we51-`6%pz-ssOf;h*6wDc
z-3T(dBq`#ym#MvU5Wgo`&Rb+;#-uEE0A$e!wb@=kN{q|Tv#VNw{bq8uC4a|Xw7Z!=
zL@EyofRYiaw@|yQEZ#MjXzeyVg(&rSS{_1rZ+nCt?ZK;FmAnhlsTzb)mGZt!Vz<Fo
zoER3!S&6R%WSXd8wZU>7cO|Wy*%K(N9gx@kN=_(?KdBluWG`Eyqba;M+#G&{#GsPI
zyc~T)i|y4*sWPD4TP>GUxdlRIv)cIq>GV~&v^|0R0N4{O);oKGZ)r~;&)ve|s?<F3
z&QM9`&)(eApZzGl6gZ(A&g=iwpFOdeI^@qTK*6lw^PV74Ng~joPm6i>?sn;$$U{29
zw^)J6)l#E*zvOddWq5!9=guD<Wc%ker%?&3KTgX5@&U{WkWvY**J!e0S8plxz5hii
zwO@>>R5R?&><H}JxPW|axwL-$x+IpyF@^WEXmw}%Pt;S@mTt*YNyqLOnaRABblS3S
zca--OQGYuJTvT<hM?{r@T@BGhNvI)qvB{?j6ewFAi(ubdK0ODeTe$koXQ^<jpC`ez
zD-cYHrs|i+O)%ATM=ES)i=bu238r^a#st&5d@Pt*f9ZhBhF~hs@Ysg8FfNzw+62?f
zd5C4MfI44|k3ul*WC;DQGYol(r2m2Z{1-&_5I!yFA$);+3MBWF+FL$tqFj&qOg`lV
zce59H*~zEp7gW8VplW2)o?R!Z3ZoNrJu&&SM1jqTJ0uD$vis>n`7}}}pT2|iU5K6)
zc?j=Y3IyJ(FG=aU-q{~C#E86IE-jJ<SfRVijH}xvx#7`c<Stt+W>k@P1Y)f%3F#^f
zC?*c)*rM3VjfxEHN4RgZo<Nqe6`?(;9~z~>n&DAqomPlg>gwTjERuTGH^@+IT(wO>
z9@BCWOPw)%T6%>RjH*<8_)OE9y{&ri-zSsS4HsXFm^_`nhDRZ9u9qGnA7YD3tauN@
zZ2AAeOCA|oKl0;s9!Nn75t&F{yA4VSDWXjb!Q?eBl-Hn$7E(WZkp8*67D*JyYsb-)
zi~ki(jdAOkp@T5!oY-m!!*Fg6IMVtRO*J;Ci<zXxfYq)t+Fn^l3YsLlA}=zqaiKD}
z8zRWQ*k#v}RS;O6ATYU5P$3hjbX${uBLa`igE72W52Jb4b}C)rPNjRk#o)n$!#E4F
ze^fDeM&>pvg&*R3g<F<>C?lKw<$%hr;_Jb#Vw>$M&a_>{GdtT=OobzVu3d#Yz>;A2
z-U=92`U*A|C$PC_OO(cjJ&+wGrg?Y))5MF*G0j-&>Fi!1->gbKom(#h{@It!mJjbF
zvaw<n?w&mtI-bJ_MblWHpaj{Uz=XckA>^rcTdI?3_%Vq+9od7#3<yn494E&I5qlgn
z$nF+SWyQzgzC&hdv=81rLjpub8!LxsKWFE3J%ZXe0|9U2lb`HxTKB~Bw*GAtIdNN%
zLrU&`w>$MUuOI4AE=&dZVRR%FV6pHL%i;IQ=O4h6GkLw4SL|Qgs+V#BjZW|KCkwiL
z#)WUWlw<zBZPmA%x8|A_wj)wTU;UimNw)GDOP!zq5&8m8!D_?B1H@8n^z#fGUM@FR
zVTO?&ygxtQg#zK@J;MMIU(A89zXKs3A|_fIf}jX8fbd5LLPr3?Kb|!ZHs(Rlm(Kv<
ziw=aJRRY2$VE5<eK=>uE4hw<Ffa~`qx^)MWfjJ2-SI1<)LV#=v+Fsz=?#j2VFQ3u&
zuW6L-AE34`Qrn-fBS0b*H}dY;NJ5qbHza#HU@TON`RGDB-V)_$Cy#|%8EK(bY(v4~
zSw#lc%S2_ihAJfoc{7!Lv9f2*8J>$O@@qgg#}qSp2%?HezQk8IYCk*?h;Fkd7>Fuz
zs9;nEyO8|guKrj#Q*+d!rPLC-LlHcd>ePZGnf8J>DO*8BG?Q5Bon_gReQljEBGISM
zz|z&n8J0dg7AzeLto}0tSoa<~7Zva$JUR5dLya0M>%9VS-1Am{F;-y#FgOP+QveQW
zDBXZ9Hdx$Ft>dpoFv~~^XjWf81Dv;kgF%}iaBdeuCjo^29(*6GM3fXrir#4Wc~$pr
z&M39q`>MK&w0sD^S<EDr2NZVDeQ#H?`p*;VAxL)n24-er|8T?b741WqvIw7v3jZcs
z0&H8MEuhAA?xVTgh3yk;^RSvu<qLALXnM^MRf0f|__!r|?B|Xr_2Dyt{4HR#v*E`(
z&2YEGc5YY&)FBn@AS}=qwBm=6kN6LCxj1ohxC6R0+^8q-qgVb_2s^^lHW~_c6)in?
z6|eH8U{~?9AbON0Hwl&P`WW~L->T3d!gH9gh+MXRy4iBs{wY!8_oYb%T5wt2u1e<s
zbr6bo1z8Cq(e#Q9?iTOYyxZlC@)js45oua$5{8xXTX^>WAR*S};k+}_bh?GESkU5E
z^WZ+virN!;r0&;L^GXDq6=(?y{F(<}VtT$hh2L-;I6^TlT7<iqL4I%T)53!5$;*np
zAwU&-!zDcycJAlo!#(~A|Ep@?bnp;@wZe30!~tb|shVYiP0vzE{h2j0HReY=0v>K6
z!Ikh2q=r0nk){CwEdI7#!w)V%!`q<7Wz@2LIuQ6R`7G`E8lU3PKcoPr@azN|9RafA
zSxz#o)WQRb=u=dlAT>8uhSm!$ALB5YhX8zBf5OL~<R0B9d?JeE9NPbT4i<f|lhGFM
zOxh5A+{;IG=z6tzM=ocm2g~cF6j@_XICi6}8b9fiIL&`TDCRU*nBDqde(*NsN!ShD
z<KfV~_#_H46&~y_qOj|R5}a2%*`&-9VU@{f=XSCe2mxjKwxd!jtvpT(ksxeLUUT5j
z)1HS(c?mg!N%>OGNqGui3MOSGuP)xi44z=hjzib-!f7^PFE1X_a~1pR2GCY48cLss
zAWG1%A%!d1@^B^lT6TOOtG+>WiS3^MgsQjb63m@g<KxA6cMDayg$wUgypJ|}lWBWG
z+r%$fWC?|32vwQyd9NSfLQ9aC9^0?Nc>DF^;O$RRyMJkpI>Y&sV-9EY-NH)*j0U7N
zdkrLd36-1&V-88re>g`Ij;s`M)W~XFj!iIVT~L4+KVfggG6sa1wi$t}*s9N&Matz(
z>u`J`@uL4)jsko|PRq~3fJpBEyCTvx<P(wpP1qL8a5({^RgDg`6MsTFaN>UrS+ZYe
zrS6DkCbxRGw5zdY#fi;XA`Tnh%g=$+ta{zd1O4;Nk~4>{OJ|1DU0^BDCHsmk*`1sh
zzt}5SM6nu|{!G=d%FNda_g1Io#T>d`U@Y)g63N%%&=wzBxEq`(1P}G@RF=H_yHr`*
z3+)A1nVMZS^MffPUfiJNWIpNirq1;y()6D~VD6+m(sZpMbXIe1>b30d>_6RkdHh=t
zIA`Ur>V71hm2cAhNN<GqBfZe;zMg?JQ*b_hahJFKap-yn|D`Nx+>hjrxbdIR7E7Tc
z2>9lXyB{J$!EyJ$ik>-=?BUXwJNN#c)nTicn8z0j5n5^Zyhu6n_|#+rpZWnAftIn-
z)zSjqR7>tCdxT4u=2hv&ng;c(uT0;1oL@6OU60u?FARoR^)>VCZ6uxXX?Eii|8{}K
z662RG+1f(zp@+{c@08L&FMZ<$4w~iyYB7D|i7q|RH|7<MN01I{#$ZrEU$B?)>PSIj
zBMUF^=FDvD;x~Lg>;Mt7&(^JbVp4Pz4wvhAyK&2&MU6+5ME>Lc^5+x-sYyl~O;{e?
zE~ICcNKZyR7->&!h^5205`nq)11}>8hjAr-K-(B?Us(`W;!pw3MwWv{;z|gl;+o8I
zXY~!06;ue%wWEW<bEz^HRAM~kL!;HJ2{{S87xT0FW|&bBRN{z(G?TY`w;`u;LT+JT
zs=C|ZactZf!$bpPCl#cx4yj|DuCf~J(38VddulDV=j~KPH!dvb#x#=DjZ^4GzGM#M
zzZ(`*HciG5-ba+08GIK%t96ZG0Ppp~9K0VP=fJ}XcjL#-Xsq0&IQxy*hIcp*6PEIg
zNe72J(D8!A+1ffw%OLv2Wj7H0;%tddM|G+GE~2H%2cjTas`DpmoJ&X|i`?^oH<J8W
z^D>%6s>!o9M8@13yr&+vwl)TH!{$`0((-e(_ntq#m-ip!an<hQs->Gwc|4^|#=S@8
z-p57T8H;dkUqm_4@Mh!`2?b}^yW*k8A4Mp@ZDxcwW*s^TML~a28aZ#YntD=*`Tcha
zeL~Ftu?l})^Ph`e_m&)0qp3wY2*&keM&un%p0Ax$#-F_R2a(Ur`=gvpx)ZwTk8HkT
z&U-@wbTnN${Rq}@=l<b(RC-lD#YqPV4xrE%H*&Xma4&n)4C+BGSk8G-7Yyb7$m~A+
zJE?3&<l2npG`|)fO<?iNp_o|^L%o?5Tlo&dL8$2D36qcpuL1R5TXnNsJbow_j~`3I
zn*xAP1Z!%ucicTP`6OJOZ0uUS0faCF<ula<f|k;>Md7!W@a<4Z`F7;O9lZel+bp?n
zd-80)x;rAKDjzKgBEV5G?`f3h&<*bUy`nAsRJBw$_XWs{&X1qpR=p?$lfteJKpg~X
z3YtD&Lm%8llOY1<mmXC8ZJK*u!Dnm62pudWaPe;&!M|cO`G|D86Q%JH#y8KBu`g@f
zJ}A;83lg68iX<h-VEr(=nj`pkN>Aogx+-#4H6w6&2MK%Bk}xBZ<$2t`57uPHMqlh-
z<n}(<VP>CFo1Q_?{wv0*xxo3L@sqxh<WFd~>MsNr#Dn^hIqq06R<Ua&d6ft*v!L0u
z8y}$wH+)qi8@V{YDTFK-bwG)BgSqG@##NaLWa1o0k&-z1n$_uj+QF9P0LSAAvh%0E
ziAR3qJw+uzyNXw-qBWVKnbJ+~iNB94a@KVu{MWm%_;JNm_wpTR^*3_UbNm&NL^HK_
zm<vv8z|*gwHdt9Jb;AZPDsaI$n<NcIolc&66lJ<P=bH*wxRIRqfdRl7dm>5j!P{Se
z53VOIaK5?nK#}81-g^ju)uX$)GBtZ*egrW#Ko2+n{0rmYG&;H?x;n&e^t!c*yB9n1
z<UY}UYpWDtnV#Ok-+XE2U#9d~dhO6~3W7EXOS^=IK9QS_<2~r?8lak(dbyTZ6RqB(
zfC3(WFqH49bv2nwk@?^8E+my+N1FPQY`QGM@%)`0T~}E4hvW)5{}ev(ea-XqSSMs~
z{#fc+Z{Y!s^B0lTzlY6WZ~FMsAEA$F^u@cRtrvZa`)vBygMA)zy;-u43kkO`<s&O6
zx5)JqgB9ZIq$jV+?q;Wti97K78AWXZz#BMQyuYnBy};SYjW#m-zicPR3FKLvK)#nf
zga8f*PjkO$4xVNhrxQpE3$i8KH*n|N;-Y*^UYI+1OoLa#E-$M|m+LsONmnyQR!(iP
z+sJMKgUBnZm^-a@>iBCV=nVX69yFt}hv%uq>@$M%J>9iXn;t%#I+ZQbqzILY)rJ*X
zS8wyU!$a#HP9YaYlJ8MFH(zlwhQ#y-6|;lLKl<yysnqk%LT+LFIp5~$hHOn{)*W^V
zd9DT*^Efl!SWk9NBI`)Ad(7ZxIH;D3>{8EpFRnK-ZMvLX0j%+PIT(AHw4G82W8!4s
zt3f|o=$cw8uVA}dtVJh=KgPdP_je7z0riYMiW0vJEr#CoKL#6x{rHoRRFj^*?7ney
z-Me!gQ^lN>TcfE7oE72^GjIaOgslp@9Ik4tMMiw737iUDh{<t%c)-Lc|Jx@^(DTBb
zn7>7G=5Mv-iM_K2<&KkN`&L^X9~d4a5jx@-yKwsRSf>q!uYIm_B>2avU9wJFkh4zf
z8ynW<9|IyG`^fcUc*v7}q)BF*A^H1Se4RgVkMX}>i=<Hp%=prP1R_mySeSEU5FAKD
zlxLItPY3;84f=l;T8z!;G5-IV8~<GRz^Th}u>-N@)#NHvkBwXlgVXwAGwloc`4zvn
z$J|<nWVsW7|3GqX7PaMO(fVvd$PKCp$(61x;wbH1tw-TenvR5>pq4*Mdp9^rJI)=Y
zox)Mt<GG`>t-(=R?rtG7#O-uPX_~7XrN#PGL(^!Ls)rQkc?LpCUolYlZO*>yH?5-n
zmn7nL@!e#c_N0D51?&d_a%uy6&a26%<&(V$4CV<%rjwX9on(JKZ+V4m8$#|VwNdJ&
z?{bwB9e{n3SHr6>u9hvyejz&@k-?NF7ILbEIMrHN2T@^gB0xoMalr9v!Q$-2*(0-~
zxfLZSlUI0F;dIiPsEwwGqRi3Z<BA|iO;f0mZHd$~ZA1(vK#rb5kq^1qE-O~VU`x-7
zl0OtEc~sdJVu1tiv(Xga!#i6Iy2Fe%x51rg^J0rPn=jJKWlI0yhwJ-Rp*K_7>S=v1
ziQMGzeq(hDN~OJz-Ua)?JNS6W)2zvn<2PpaiZ(7-MfNWYBE`0~ty)}I>FI1B6>Q`_
zgWR_EE?SgS@FQw9VQ2<o!5dzUx&iTBgGjJrW2;rZM`Qm*%8re(f7F$cnZcJ7HW#H{
z{#TF2M)V;wIQ}Gp#0%mWE{@`Hdpkkmu6t1kUc?^}mM<eTI0qX)ZFUMaei}5mU7J@y
z)`ES(2WwQax|8s{wl5pyUV3iI9w!s~53d%>7m>n!_Wp`=P%!?3YambzJM$N+<Zk=z
zc_+#~6tjKXJ+^QAF0a`Z?c3hJ&;^3e@|&Mtx&7OJGydWppHeG>^Civ=E2F8C@QuZh
zt1OD;$w_6AfgH1MbkR2yCTN{^?gYf^>%ci!%Ee(U1xBY`e#iQ*{Wn6ccin}Wuw#!n
z*wnedKZqajQmh{3<J5Ifgvwm`+Y8GpVAW%#7UXG*%BBa;397i4Z22Hhs`Lk>c#Zt&
z8K-WZk}u<r2IkJYH8AboZ5I?GuxEUg>)u)hN!X$3B>dSXF{$lHh}Z|wbQtttCXC9w
z%>HKE)gTx%o@ZES>QiQk78sn&8rYUfG+{sdsX%x8;UZG9hvxhZ(wS*0<f0f@)vkP`
z=^9m^dW`;I4XRAu?E^nmkO47NSy`6px6Q7^a&BzyYK;7OFVlI+6Plsb4agJ=QSNI9
zWFRp3V>j*x093iK@+!ApMpm}&QAGb|q^t=_uYMq3+V*bFZBaEm`H|JYjkl`R!cY<p
zrp-H`;?wO7c1dbc{CFLG0;C!2EmS`2H+e@ybobSt*=+uBFUC*U!N2c12FvuZh(--E
zJEat}j_gTk9h{(~PBl|&fP>=f8L&|0L>;SUyz$gRR!*RmT5u5lZ`B%%UR!m8EDx@W
zuAZB?Y<m59@$;SK!Q6|d$J?qiMlB=VsXeZ*v?GYv{+kjKk4Mo$YBOd%UeO=aiJWFv
zI#k>2{$#b-O@mWIG<!*2L6ntGukb`21SV-Zjgg6tY}={p^(giB-E$;JEO+J1&7Ohp
z<kFg0#RD8tt<cD_-+y34&3FmyzvZ2Ifvik4Sh+sGfm+17`dp1t?$%6Oh(1_lEG=A!
z>Szr8uzswow(NG2Ctcl8&C7tQiuQPae-gYI`G`0O?xG(N%{3Pa#OZbq&19C^rHtUx
zd?jfr>8@Ug>N7WY2-mOX2utA2;;Vl&Z+Z5o`<mbI&fr6B>I3P&eqT$NqpEIf>e$Um
z798h&ov%tk7xsinhu&~fvTaUYBoYXCfP&N=G(~pTC(0scq!7(4Scn$Jjp2J<<ab7T
zq6T~czsA3zfeU*<AAfOyFc_E;zf9e|`*{mOiTY`Jr^Vh+^lAXOa}^PhcP)ukrW&|0
z*^h+&HqRqX-)G}RYl}q|nH6FM-o}{<=VO=8FmyKl8V1Nq#N&;nCRDqk5%ceI6VXg@
z6>ED|9-Xq^Yg~tYIgt>j!{jSoN)Q^}N@imYU;6gyN^w+o|Kd<;?RgN{##dXx-2IDp
z@tRezo+gbm<)AbdXL|`>LQa8UM93-Prxb7r{4KX+kH|w9@{1k)8&6d$ubBN|4-Qa4
zx-)oc+`3ErpvJAmiDT%I3BMU<yL=mL(N1uke^nrl1|Ktg%>Ezt-UPg=>iYXnBw-X!
zP>`r7!A1>r0*jWY)x;1uS8^2#C|095fZ~X7uVNKMlL)uhTd~zjYi+63N^5PYQ=_dV
z0ZpQ!21TW)fOR_8>i`abg5>>t_de$i30UpZ-~0UE-}C3u+%xR6_u6Z(z4qE`+Sg>a
zpD6tOdMi&w&Vxfn))`&Nb*C-ei{5!>)1KB-m)#xyFYiBtdaPeXFD_S`OY%z;Q!Y?|
zyv9T1mcMft)T0}qL*<wFQEx^TEbl^9(0BatCI(TWLlu^#Hm)^jWdS~e@p_1v6^xfY
zNcFPgW$~@gyh9%rz8ksBlOxK*i@4I95xy65Ew21^@%_d_8GNfAIIgPjp5l3W)q8v{
zk0h1vok5`Nfp=4g9tQkGvkQKrA5jP&IQ4IDp|Wc!mwc5gD;?azEfTF&3(hcg7=Fuv
zMJ*V6NgAU$45~k}SXXk7RTk^56(uIGL`A9fJ924D+-|~yhSg5umds`HlhYe~jyRVx
zZk$+noF_*)=E0G(_BLY3#=S61A1&BEgT-0cKBJ;EY%i-;jO+kbi(Qc|{aiqqlY#2I
z0II=L&cl6;L&=Q$+A!KilR4LW`~d@2MFuRr+8J1H01wj94+Pe4X*zipV43h?H#V^y
z;R*({1gz>Hi_RQ(FUlKE^ljcP^m=of8th&52eqG5Ho7YHieFt9R<#On#j=wjqmD6c
zX02xr^Sb_36^Irk56l!XT%LXZO5P`T<GHb-C)bMx4B$BXr-}c_EaKlgAbM#4bBNwg
z<KG6hyyK`gAop+<xno^VlRMt1oBab5y4t|M{EKKDZjnvk9uG}lopeW@q=+a_l%8JG
zn<$rsgTDlyRWi#{LI0B9;Vx-h4D3kxsEzJ{PeYl%P&y5B!AOckx%SAKsZ>?}YUB-c
zl=dU(UK6U{Usxxk5L?Y41W$;Y$r((x$t4CpyVN@MlA;U&^x|>y2JW=3Zd)RvevNq=
z`9~-|sMET-mbba<>I$Bu*jf8Tmn%g4nU`6U-XJVjh}g}GtAe0g^mn}`MD|j45e33J
zwINu|BBG0tT7zJUX}Y)<Ats;;Eqgh~I~+(I!LlQ|D58Mapy;C5)U-hdY3!UX-u|;s
z7y2>~HQRYuH@h9t#fbb?*`twpmlt*)e#M$#AFjk1tQ{lCR%7(+=A4txd+T;1d&^jQ
z77$}$xFFUffvzSoi+y#6_bC-?sTs#oli8SqVryWyCH?teJ`Wb0i}f@yVC)ktIG>mW
zXLU_H-0lr10Mjfw2`crD=1=l_1ondwvr=CFgtkRlJ7w*@p7eI7oV8z`I?<R#8M1)o
z8^Q5!f65v2u8cm?+q<1I<N-!gVOL)7i*rPa))VhTu7$)cf0Ws2@Ti=8y=2227K&|F
z9!#a*jbBitRJ(OIf?RA?J*LLGwN&-YYpE*9tDJjXNnQkBnktlwC-*e_JKWc-Q!MIE
z9`zgB6HgKLa8<<|kR1eF@NvE=T~$UpUa4-Wy69vwK#VP;_(+PA?y}#QGICs+w{WHk
zW#CMHCgc+AIrK#`1a)^4W6=_k4ct50X?T}cZX>j#f89buSFt^Co4@EzqOZbG`HC9n
zgg4wr?OP%a%b%`ss@8`RClw(pw+jLe0$44z!a&k|IrC)UXR^A@?{@cU?+2H=3>TR+
zy3KFW?5^~PV*_I0rcm=+-9!0LU<zmlI|HZ2`WLs1Dh5BJiUS0VbQAqiD=z~{SD|Sh
zRV-0O9UcRIb|FIqm0eq0Y!K4jZ6(Jj|5{GKS)Q^1a>jt1QN>_~!_Q+Aibqm97ek3F
zDqONhVz>&$PwnZF=y43;B_@&t`OWE9>4E(%s@f?!(R2ERJU9NsEpF`UE!mlniI;3*
z(@a<Sjp=A$Je?9Vnw-D>uxV=S>ZX>;w!D_g^?7rDxIQoP2RCtboA&U2CQ>TqHq=JN
ztEqT36}ORMd9~?J<@)^Om7t%|Bg7jyfTXDLDXgQr!P%NZu`7v2s0MuUDaWS5Y0(SC
zh{;Ugvem&vMqM&2oy{0F;>}_)_3jx?cXH_0&%Zd!EF+1L;&idww9NaK&K#S&Z183J
zGqQDzo0m8DcwLXvpUFDGsCCSAJ<O;m7NX)ZDvHa>G?}1=#JDo*zfjF2#=$afn`|%n
z{<g&`UDw2TH5fN8KQ~dlaLn#$t%dP>ix+;7c_KHi)L;TA<Ok&IFHF1kbEp2}gG8(L
zwbU3}y^r$HU--8BrhuH;U&}&&y)5)~+S-V%8W)#|bG<w7kcFP~qq5MqdlwnO#Hav-
zcv<LGS{C{y_HMeCu{OPxKH3U0bU)hUU7^vDeNw~)`+Z}T<;Op&=GiKZL!$3JFT#?`
zF?|}#QX<@JJ$l0JzQVJ%$=G~XP_I;-$Z=NHImfW%bJSdHITf;Ik^~1Qf2_voI?}v(
zpsnRbiU*8&FCMvx0T28G##{g_zVUbV_U(o*fA)Kc6KOo0%Wa0)I`sz*Vz2G*Uj}=l
z^wyWJlYR6mouEbb-d?o9P#ZM2nk5f=EsX~msr15oh;yJdR0d&}VS|<Lg*K*=)D4;g
z4HT*68v5zQ4zkNNV9D*!r$zxKDMRh}dsnj@;5@Hy6XChu8_H`&_@h>Q*=FZ^*DR*j
z22i^(mg>iw%0m_=Q;FTg81=|_an+ruN6d!$fm2zn<7Ur?{2-Yw)m{3K7V?K}ck1`h
z_lY|VG+IM9d6nBqk0MP3+?AZ5aWgxicg<BVg0h9KsAi*2JDA&e?R?2fySo`XfjQhW
z@&m?7u&ZY~@aMbr-pqJW(tr>UGu3K8G*LajgmTHTTxE}Ewms>ezcXavHx>PD>MskR
zUpsXUS0m~5nM4%qSIvHTu-8AU{p71W&#K>_uErmSq0ggrjiOaP7N>`P2dc4#eO0#e
z*e@|`$7oa(I6)CJ_HQrjJoeYomo8&}k?EjKsmGD^s!OV|?|#MDZ_sGH9Ac4-Kdi<X
zdwrMcZRbmR{FRu)A8if(sBNe>v&i8c@7%Fw#8saROAn6Ih~HVE9>`!mPqc02Qt&j)
z$CF09(0lM6^+m#^rQ<TLykGGUayPCBdjX8qk7$2fuQ%!aF%tqM6}4MR(D-}jQX(mj
z>;)3qCUA#g%b54C<{{>WO;sqs7<lrlAH~}&eau1JX6a*=&Z1(kl!q{`n#A;;{_+Fi
z66G(>POP1!d1L9SDvnq7#AMCdQ>7KDYGi9wup(7yMXH*N&xAH$tyN}GvXnv|K*J<*
zQUNv$1XyMfJ+wMDpCY_hPSLC~s?RPYaKYVxYP^2#Ty2K)p2^e#uos%1%ZqXLd`U(P
zQ{h^g+6}c_P(UMxn=q`;>?@8j+Ipv<tY@%^A4b(|mo3DHu(%X{{x@-D136vGb058|
zWa_j_B2%yqy1TVBD368Ry3Z1(NT|pIuj4KaY=c~7709GTO0Ti2UuVMaw3KFr-|gSq
zY~Szb#rFNJ-!iW4CI2_L?abSRwQO$Nm&UuGdyDPNLQ#Ddx9$HGGfv~-jnWY2a@(FJ
zUrfMnZNNn~zg<cA(oXqp!D)<PhTq<EfQIxx<hP~jQ+j^woZoKy&A;Kd(<s24FQLOs
zbn)B&OYHKIpLQO+ae&fg@QyL?bzzr>f5qS#c6l!wtxoI`-}<?53cLjU_3}M#viN2H
z&7Jw>5u?qB1^lv3?DK2#%eqB7;Fp*2aL4>|g5IRZb4UF02ufu5Whr+%=a=1io5e3T
z|62T#`E1!t!m^qB)vcQNJzF#{{M5$fZP8xg^0x`{*qyHWT!svrqK=r!{25S(sVXB!
zQF)#%B)%y@%OEYY+CpPX)Q}{B2gS_%ymV&(8{?$X#>95JVRUy2D3dgB7WbL8+{%Z(
ze!o5}70Fto-`DralPQ}eVdhaa&HCGU@(=fuxKP0}@<0A6gYV>hynxF__ei!Owr1q1
z#YUjcp5Gfk-9`!+m&TN7C&X`VMpl#dQIouwS7rlXGSGWJznMLN`OdDMlX&e-77Q%6
zDw?qAU54)>S$VnJC_0st;x^!$ybr|Q(y$($OG27V1a-q3JZWi2@)sG!xDz)tal_i(
zu4no@;iqagY@M}9mEfSNVqT<{0;nhT$k$NG$J=YWQ>3es7T67X_#h7{yc%GYT;6u;
z0hClc6h49)#;IpFni_-yUs%w?D{Kuur-|gs3lsD*P5(ROXH!(kA(Ts=!BvJPjQ?k=
zZ_kLiiNd>Eq?5{bZk8Z{%px%8^IrTad0?W93x6;4$wSuvm0GnIlBTGVG=hmsN{u_H
zflAx0!wqedi++cd0l4)Nz1vo&o(3MVkMW32(Vc%`Q)Kd($5w}9Z+I7Ow40*!zob7a
z0Vplxp2!n$nx@*_oZJae!P~)JsY?0yN~VZ3XCm9#?F$jJ=Soh9Cp0mb-4YkVvF%Fm
zk)F;KJPYWi({y%<5?gpnnxi~ZsLOPgwsBWdP2-lg*}MG?1M(7z24v94wRauQGjlsq
z0q<0;%<ISj+2iNW=ZBDRv*&XVmZWdI@7OjLX0@?M&-bxy2!6p-i)<|Rrs!ng+nlPH
zx`3%2If9VDEhJjrpxw=fop(3U*W@`CTj#q#P5g!Bm;To1VO8ioz(dkoPvV-ez;?kw
zh@07!UtA1hd1PW!;D3vk&BV6A|F)SqXk@C}s(b}wHNL8|CK)?sK4y;p@jR8gh7%WX
zY~TCI`{5&me1*%ubZ)RZH!q!^@<!hIc`Z;!u1a2S?iCeg(ErfS%@B7%|1WvY5C`Z#
zD+~Qb0bR-d>>K0%rG-1d{}F1*;y;b}k4cC8?-4)f1R<UjS3>-BT$qSL-W`cq4pg`T
zKRVI>N6rl#cK(a0m&kso)JtC&2XK7&Axh_lKeI?N<bDPwr(O#l_a?PR@+aK*2}L%O
zhEGejAvC!^t~Yv&=NXqEQRs3rMpKp$3KebA;kr)!k74>XzPitNLnnBk9ybi2aB5J-
zKhvpilo>v5&$GGARIB`(o-8gAa*yOD2R$h8EG7`qX$Vo=Pki(jqFs#V^FzrCsL=Nq
zRvyo_$^9v2j`y9?Y#g6wGI`|qteH9-r{_jimZXB>Gu%M?c?LyHw>S&F=d_sFY&!<N
zUC9w@AX&-_9}-5`Lh^L-b=8^Kk1GG-J95Ul`F6wT>mS$3Zn_@i2lc)>Kj@O3=Lh|G
zXZb;Q&Cb6xmKHPK)Jr1d2c5D65D`<CUPvFj^M59e&S@FgI;D>_F4avLm+G{#5uy+i
zqC^>&h7rZ8@aMDVZJ^EPa<!-?R#m~J<S{N?F4x=3apZLpTc>VL0LaStgN`*`aiLWC
zN=EuMGXB&g&LjKB^0FQHX4}-HnsdtbGd;Rz>VUL+cKT_KhxSX!J;2d7@z9<LOa3Mv
z+AOP@PTqZ2YxFG}4*7XR@zj1Y`4i~XaK{)ICgYEvy?3&`H*+A#wlGWlApXSUi!$_e
z_-$g7hORMdp)<3yt4N5?%@wu8Y4`%_-&wAxkE146)ZKV$r_W#7HTvhkJDadw<0M7)
zU%0PF^)OzM0%CxOBQjztTXqfdRM(laoYNg}U`Wpgf4v=bg4WyDqnzXLk@w<Hf!tU6
z;n&%n85kv-kWquU*^A>y3K}(yB5QOU;{cS4$r&)NpnkHiMpEBoy?y&9;`bT8_fj@H
zr~sip7fk0<>O(#yj2X!Ut)kR4%K!K-C?slPM<}I|B8tR8rknQ_vX~iPaI%86B~Rp`
z$>3V4x5}<$T*96DZ*w1TxnwCf<l5Dg<$$t=3(W{p{5CVSf}D8IKo<cwmc$1qu7(pg
z!HE|#scYio&?jobaN^r}pp&qeE!9g**5n{xl+W*epT+NHn2N=Zw?qz99;p6Vd7w-r
zicJb<X1dc*Me(luc#_YLO-ejdl3<i#igMf;!6=p|PcuAODe;KA6KL?|3VNH=p+a`Q
z<-^x23qGUzFciIo0Bq%J_91z6hy3_C>dMfcnJ**)TIO}!BJrVmi3Tf^TrJ?qTeJ-2
zc0Fv?Ns|xHG#IVf*$i41eL%4eKOrTa&DX5(mR|=GD3v@0kj&`f`fq`cJhXI@IPsbV
z*4)iL3{H&qjDlNa0j&0;Te4a4dQe4?fE9BoR;-!FrC711BbOE7*c9<#v14w>=`8V3
zYc=hOf(+-a__}Nt2gsrw<XAH-mmF)B<+`xkp<P(68yOG;#q0{p5HTl3#NQ;r+O}K2
zG27Mj@g9oWu1W|C`5D$=yRFF+0l>&c@+`@gjSjT;X3U8@O%CBc;J1c;mfmdmt?1Q~
zQRISv=MLkU<++_GbRaKwPBcv-nme-tWCH#x`nfAjKd?r#3hVGGbFNNgNT~cZ1&E+u
zdZJOjCvP1qM)M~62^8Eje=N3%<SB=JpIQ6!{~OE44=2Pgwe#AST9c1JLIJBX2Wb1;
zO6>A;_+UirlJs-N>m7D!45V2Z=sp*Jr`UyEGSF3P`c-6co<oD_m-==f%-9TclZEYW
zY?`5dh`Fxf!u-^bV0zgihK2e`>P(S}{48b7c>0vt_C`9NPcTBSGx~w)YOa&N-I4!-
z#&)G#@?fs4Pumb~bJgMR-TgJy;geaN19kX@xPUWhLjrZUUhhmDzQ-qhC_dn(k2zcW
zrJDe#*`(#dap5CU26}%#N9)eI<R*D-J_=J!UdJ|&Hzwe8o%hGdSY$U9lw$n|#pjfG
zBdJ1zJ&fOQY+G_U-<i@+_}bEFFMO@`N?xk<%&Ky|0?H~`%jrA|zD?F}lbj0Q%lR6I
zFaM+G>83t97nt<XR_>D%xv}NhcFooP-WoRV;-%ldQ}3Fk!Dx|_-`&XvS7d*X%KBgp
z*U7U4TPY$%@({Bp=4@E-5%e$v<H6Jtimgqu8_Y`%<)a<J);+r^p}_B9(%s1iFa0R1
zGuyI0NSO~_kyKu1Jl*pYXJV$lrhC6&u5THcHP`1+8!7F4=P!G%id+6lg>!2QY`dDx
zUm{^t0=wTp9*g+>#VipBZhDk_hXzgJQomny#)FIibtP!>1vJz;9uq)edCJJYV>xX>
z44U;}cIt1YS{RiP5sxwP{LujbC>EBKX}qS~Je1sa7J8BvqbGSU5D00=Sb?Lfb40;I
zX(A=3CoO`3!0Gj+Q%N1_X?u|DZ%}9k6R!rRo^z}jkJ$^7n*ypwCl%-ro%-)UpD2gN
zQKj;!={sI`QBr=3wtXd~Q{MqkrI1ln_U1+MLms5RtpFD2R=FsQ&s`VW<}346mqsB!
z!qGY=^21xk!_*;O$6UjghN+Gmn`pEx^^9#Ib!5<#wS*Q)L08A;8HSak(8roOMQ_s@
zapQ8?NQb>J&l#o-T${z>k48F3Yt7Q$fw80LUzX}STUC~d2H;rR(s#OyB6+#8v|Sg>
zqoW*WE=;G63%(63LN>k5!<5PNW(Vq7`gDuR*ks><7I2aJbT!ZEldmFT{F&}qYNFke
zcQfLwflmD^Voh0kx_?K1_unY`vk?2L*+{9zPqf34@#;|*t^0d?1UQ;N6fLo|VSD*J
zufDpM{k{9tW?x%(x|(dh_#;)4yOH9IKRb?XrqL|iry3yEMZ8R-{ofMnx2eAiu?`Sa
zhj=f{F+=c;iS=c`$aK6ju{P@M4v2LT&%X|_zV@B}9<e@F|L=*lXHIW+OssEF&yI+7
z1<y0YYLZ<B>g4}0*=0{bjPWf;nLLGum33c|%;~QZ2N4$Qc!CG1_K%nXy5k$zmdd1Y
z`utC_Zv<(amfw$oBRh@LgHVvN9hHj@CTe|et=jgCPpxn7sQ-ohrv6Ec20pn@(<B?O
zAM2QotYFu(d2DviDMOd764F$u32Du$G9A)-cy^^xz78D1dg?`Dz;6~}`;czO4{5!G
zT}SdpA7uS@0rShB3rzV9A824S37WzQ8;rZO&cNp<XbPfv)6g`hzkQE_0VuQeG%;XL
zfifTi${Vk2N1IPJC5n38`IDSxLbQ=juYW>*jh!5ZpGfsqF1{zcH7s&j((7&9GQ@K=
zzmbs43UIxieU-=>+25<BOlltmFTPTS@tNP}{ohu8&C-WY<~3L2RRE1V%v!|$A~)W%
z?tQ!>Kf%|m-5daar8xkeEFd!hVtjD?JGp{pw|RRUY}(MS77K(jfRJOTkx$7i(A5gj
ztVcuJ+(*CT|5FC_Ay4A~ybEd+Hy<5kGwJyY-27&@(eeN3&7=ALKiBy){=&(TZr$hk
zSM3%~T;35H@?~mR@-Jp}{<5aLW5%~!slsh4kiJ|S{R_-6)!XV`(1O1tc-^>E;8rgz
z-AIrMWU45h9f$KsvB?H<Gvq{!Gp^Lrb;i4M0}hi=GtNy-=1pz8@@tUdgS_xvmE2XP
zd9(|t!JUTPG%tb-A4KAj;Um>OOFw-F3z?te06&iQ=)K9;Xv5zZQA1=|@)<R{GG&zC
za>xy%Z4@;1KY_M5BXLP`1Q&k72Q)fsybp}LF}q0`k)tyWIQ7?3RT}dBI;-a=W<egE
z@Rcbb?$-|YCU&@izK+r+|40AbqPL{?w@InUv-<K!b#ZAKKzNU_T|pp*I+1=+M7-<9
zqmAAQv-VUsu|YzyfgrDeKp+2~oNKk4P3++mjV+1pp4vC9#Xyxjwj|Qm*I+m|{+>p@
zLSf7)S(!7Z__pr}a1*BtpW8E6Qs*I0yN?M>{>^oVKdmPloWq)3r%Jxq{A^(QdfU$t
zwOtdW^gx~0q(i3=d;36<O79*$GI<1~g5p?5zGX~myYMh$QiF_x51e|v@^zSDF0%+A
zOi)4+REA?7LUI$$EfFcm-zA;=;|kbJniO`e8Pa6PRaWt@9QdUg_*;iRl{Maf%#8Q5
zph07tH9yi-7uc$8uA3q|6LwA0PhhW!Q$zNA_-j&UT4kwqvoO$rQ!v}>Dlw^|P>j<e
zXBM3pEATb9k>mc;3?6Pb;-`kWbyaxua}q%o`^L6nH`TkDP4%1C!g-OzmTRN?GB+CQ
z3D@Yi)jRQ9JB_a&*CkwI=Ki5L0YBXcra;S5rO*s?g*~u~&@sX&CYS;C!zc<eVHC$Y
z4X((b5x$^*PCAUDfG~<~ox>=4_+b?2-u<wN-T7Lxuld~q??81&VH3@7(!{RCgh~_;
zDiMlvBzpg1A{hW}LU9_l{MF3MqHz2;#V^#9e_@l72Kwmu3@HDK4Q_nK7Je18uz|RQ
z4bTeDKMrA9e~nMW@yn!y*L+tL0puV3wqiUlU_k}<Ju|pZUI|_^I{k3@M-g(m)UwZf
z@@v`SpZuXjsO+}b&HX&L4Kt4ISF?<N2^nS@%UUn}{1VTT49Law8{6tU(wixvAnQ{h
z>XUk=dSI~4=jaNeAyyNWu^#I_zvNqZjD-^oSwFB=qBWf)0h@63Q{)h?AKSgtZ`H~Q
zQlBV3qtfJ=NI^);>%Pd3ju&CwLl3yON~xQ;F{&O?Oc<Vj-*Uc=AGvD1Q5%K%kxX(2
z#gxZ!xmuxn9p1$}@g|$9)_IF(Sz7%SDVnppTVdscQ^zkY0ukO|Q+&C4F~ZF7Bk#A(
z?57_<8$ki7H@NJ>rKUresxwuZ{2b%QfiJR@%)E{y{nxAMc;O%4pa#eY+BaiSyBwA<
z%8zdf+W$2}0{B_&A8FhF-8$R;Llp4ak8`Q^pS^0Q?H_a#?dRL}M|@TLS@|H#G|M>i
zF7~PKbO!9MzK!!ZI2Bnc48m`vAZazeYb*-K<F(uh(%8>cH<{nW317H%Te>^*J|wY4
zDE2(z77yS&=AKt@y_?_G0l^$OHlcidxZAJshR`3FcSAFU?a*Hb<dX7rq=E7P78VN`
z;1H7lEdL`sRB%Wy{KbYodC50efZfLF7tT0m=9IH94SlDev@%|U;Bx)Ob0X(mNIpEL
z;X*3*^DbU8Z6>K4Oy0$DFcX*DkRr@+2PpU?o$m1iFq;m{8Z0n|TED%FuRc%ArZ}VQ
zU_WH44D8P4nBtnDIISOqfZ{f9>E{0J*%kI5BHwDa{26E7IzV$1$G$GKdGl#j!fc{o
zHNG=>z{gKdf$7I^B#yn)6g*q-C3aoNa|1-oWDLN6Nn2VYl7Qjcp#dMmODQi5pWR2T
z72f`1?Hfq3(OSI_<r0s`smR26?-4V9o%*H7C1wtj3{R6d9~XHWjQ#eNokr%zYj-d*
zwz`xtWEf=+$qdl#B0?`r&e28U$jv`WLpQ`iS6?auOdR=TJpHDJ5BI$U-vIYIXl6%n
z9}&Pkq7&R#<A=C(vQT?yXSo0L`cC0K?;43R(FI1ev<eRxB<F<+nOB-)oVgYzALAj2
z;e7A4PQA3TZg6J#dv1Kz7VrKjoOm65xg^ueV}L+optC0|mH(VlIaGf1j$kT0^Mf>`
z#mQ<~hLn4gLUhKI3#JfFb=xdjHz|GtVjj<#=vl;ELNhk$#cnp|#pTl@(^?xQKq}KN
zzig&WYf2pqRN^)}DH28j%DgBW07cZ9<Pv%04mB#tbgb?U;#(eyh>fj7b|>FgtMQ}|
z!D3A@_F$dfK1Y=#PV9)a*KsIM-RIq$x{n~j;ZG&2ctg%hR%ep6nt#Vb;6@n~GtsHc
z2I+ljj(NBV{u4baIfuEQmak&pL6#^WB%zEla$ZJRt8$szocck0P+2#pq`+yo8S?;Z
zGm_PvW{MqiXA$2;7~_Mf2RXnzPOb!e%dheAQtL8X>c@iQ4#gGaH6w^5MwRAgn1);4
z=FD4VOb}~B&D(bgmA4S?xgkr8DSv`+&y9x2ra}3k^5>j+@AAQkiDN$#(!8r@iauIT
zjvewY2*s7brQJDXH-{~ltcM>`U~HmbGqU}=NF6;%w_!m`WHAlv`yj}bH2x#6A0Ji5
zuawh*5Jk0O8n`|<H#`QmP&t<9e&|-)uU$f>Uyt!j|BiRd+nsqSNIpFDOL9`X&7bcQ
zTKOe;XXu@m?%iNQ66xK0YTTkN^26A}f<ILLk~8mFzNee_n{NJOhPv4jH?ON=BYsC`
z)k~(@b}bJ*Z7=^sFMmfb3#d>K!tDe<;~@BvsNlcqrBk1$ZotkCqT=Ky$kyai_3OQE
zaq1z`<m95%x%u~ek$gb3k{(=Dg|WdPG9GYQb$}v%yP{0X6`#MtjFg?sih<Rdb>=^V
zdE0}$5Ms8A)Zdze4H4sl8GDm};cnSDTkgzT4Qk-p-nFJm<c(^$JYTaW@Vf}Hb`G8-
z9Oh&?tHTyNN`~{_$&k5NlwGr?3tm5@h|UOLnpZC(-w(&$v2?lCnRkWXXb-9~Qb@xr
zeHk+z?I$J*meBNE)3heH9Vs<^DdlVO-(;?+yj_)}Vk2r;L(n!^lizYD-*;Liy_=@f
zP)>5zADSm=MYFOi2+iKP_IV!Hfx5h>o}Xx+kF(F6`a`tF+AK@SeYkEhu=i|jxPlTU
z+j2vctANj00JnPwor4bi;ICQui^&}wKdN28a&QX>Y0|R5Z!2rXA{a3-kA6OP6Nfj~
zyZ3UX@%;dLOa4?s3jH;!$F;ht``5N?>$&tL*6!rC7RZY)b35uecz({kB-ZTr_|>Y$
z<^uLU(MCz&gG_z5iH%d=)Bbz*dQBbCcVWyPFU&(F+VWFtF;1p@%sR_4T!r3SmuZ}I
z<~ms=VkQhrLWBS5Vkks4p);sn@(H=SHmJRrzd$ra_H`4SZ<{c7e^=YS#CQhrMY59&
zX-`#YI8V-!pJfh;s6BuENFCvpubwf;97wn(bDk|ay!KRg&iwlXj}+f%7#p$7$cp)f
zrh@*M9_&wzUDBBJ<sqx+Ah+>6NsTk7T*f%w;x<mXZ05Acv@1Dit@`$s>R<cICNyI)
zgP7zmk)FdEiwk_#GW+PIrq2Fu<E7IsJNuF;mtCMbp^KkKE^Mj31K~K6N2_anH&Y)>
zFsr_4)ThN^{@aj?WiuD@C`Vw}xGG>VX|Wis#R^dFPe3_yo_~I4!rYB|;EBUu1%I-q
z&EFeRZbFyd>c&oF<vRffg&An9en^g>i%OsiN&OnGL7Cx_f5~9)iAyr$70?f16%;ol
zVn$$*%8(aNu*UPq3fzuQAFojzYs-<@|N8sBTTPwIZI`3whO9beh1)RtA$6-~<k<P`
zT$67}nSbV+%e>Z#!84{^c7by2RQ?rJyyO{!2XE5Ff}k1-CgnpB*?RgZ=CN@6ixzuq
z%$TF>EN^&0AP(5Nk{|YYm9(AQWQ0<~m%N1+@!)OyKn%&7rw6Ne;Qe_cE6CGaS<$YY
z7PWV++qz*!3FIR-<(;k4zf<WBUVGQ-liO8W-PVCK2PO*knQthBydrX)lnixP>S$7K
z7lrEH-k_!XLQ^Yif{9QH)ji8N-LI;dnv?i3YvwyzGgncvvZY`@NO!;n_M$!r!#8<{
z0fc{Y9I1-Z2<>usTn2l4n=h&tg<@k2_JZ}Tzp!QYWIaSlM~)KO;sYLUxBK#LfRJot
zoV}lJpre1%h%2}D_-Q;}WbVwm;GLicQb=3W-KORO9l(|5#&j17kWCT_P>&h*EprS7
zI9#qZmw7D}gR_R-;JlW~cQEvm1gqVX+o7Ka)BvBSABKK3?V7xkU0BBpR9Ic#5iLv|
z?{CMq@g#Lb>QHVqNY&ix_xF0dPijvYLhQUIt0boz-=gPaK_OS{bUK2ie}Y{c<|apT
zVO|JybDo2-hIwb{llJ7V!I9s{`U`C%qk_r^g=N2j@YBOo#(o7Uv3yIkcWQ{)r>yI8
z?oTg$O3ouKN^HwSyQx$C>aX{!f16(etBSz@ochJ0SC#*T${(02P0j_X<Y?U$%b0As
z>eMUMp1PZq6@sV9%k8h<X`QHMIvG72Pnw2XRfjaZd@|R&oK^$8zaf)*i;h#XI9Umo
zVHIZmrx5NuwaGng#XJ`}#ijbO1Q{vgz)s*Bmz;&3!()xm9T(W&4u1K(#Q)q)&I6p(
zl?E3b-oBJh{zXsDPo1m&*<p+J5EYcCG^lgEzf*<ohi2-Dj^bKe0+7rxed>U~yD;?w
zsu7hf%We4iR6j#3nK~kW55%A|Y*D|y2m+Z&w(M2e=Rw`+q*Mpn=K<s1!^i`~|Ld{8
zzS4}94?6Md4O4}d&E92G3i3|-u%qL9@To^X>gYIPtNs794ILf#@;t}BhQ9YRKRu5d
zKe-6q#?0?jlIJMattKI(K$N{lhxa^Ha%M>h8qE@AqYQEI6PvA(MggoOMQ-CyN<;du
zAe~XCo4fR{m%jRl{zGfRrg|osa$1~uFRJ*^m25z|@%;Ik#Ie0lxv~q{?mlL!C=Ko6
zmak+NvPGMNShQXG;8theT_Tu^J4SkY(NRVs1^3@nbMc!aE6JZ-72EZ|v57$kY6~c+
zHB5T}_1MI*JZnuue)Dx?Fwg%qbaCs*n*0r+L`^A9th2Ef9`B+=HmYKWc92Ta`_uT0
zHl4=YMoJp;^7N}IMSPjDKE$K-sE*soO0ym+!<5D`(q5=_ROuGoDl?8Ljh$l#XC_2S
zbCcsFX0%~mYV#G&cK|?5{Bn?ekQ+N0=*Jj^^C5;cC|fh5kgE_*=F>Z)j||0LS8A<Q
z;dqquv^MEHt!jct{QRv4`1+16=V>*cFFpc&h2pcla4fpP`!i2MiQ2ZxP1WuBk;Ob;
z@7<wNcV>eHH)+s0<GJ7%{q(T&SRQNNV^^n~Pfu>@mLC~7Hh%3v#oh!}ql{F%5sZea
zj_0A~^W*0l@yHwm%J%k}V($P!f^k7_e{J6ew+pz<NHdD}5j`UnJpN3uH1w!V&H|Fa
z{-^g=zZ)-Hm?`8<pp52}bosT(2e`}Vcd4&BQ?xc&wv+lwGKIW?ochkqsV{SWPu=^)
zVNPC(J&O{a(Z>&PJ2YFgw1PqQj^`uU9b@DRKdWbD3;CPe#H=D&zcuY#p@KwO5>IB%
z3C9mN638A%AeHmUrwTm{mGn`T8o}g6`mo3Uy=M?Os&u4I{tI&od08lSX6Z26VZZ8Y
zB+jH^<c>l78C{gG_yQa>$e=)uDc}<MVIGn4|IEr-YXFdjvaYqvJK-FyxGemsJ+%YH
zmc1#@PwZOa)v9T0EY;rlByKe^S4_?x!yJA@#xTG`la2M_)S{ZiW&IR&xN9gLDJ?Na
zJK#04@;yPFAlcB6J|^@n#2M<$nOcGoX7&s{76iP7(x&}T#(=*xu-+R5&M<bIHcqZ)
z2q^ZW<7%+-H@~+_4c-9x%iI{eN^SrvYldJv{qyr_lmDP_;w%CWw_+b|bK~7Hm#&t%
z^w{JY*79&{D^6c}brn|AE$Mi;-|~)o<7ga;y_orqW7~}gK(HAG^xL^+OAsk7sz?XE
z2?@pF_$8$!#`Le%j)O8IC)XG+hiFrBFq}*AG*vpY14+56I8}(e@5eXnZ>m?sPIOT6
zyWIHx%QfYzBhQ$ukCy)V4n~+8m$1sfYdi;5M}C$3Ts(Z`hsN%&C}eV<u|&dp0#L9n
zElDaK82+*|cz&Wv{0Jf=p3pA-6#{34m9K3e1<|HW-oua#$i!e=+xT@y7_Dvnp;?V6
zieyKfo0Qc#r(s_~{m57*U7Ii$TP7P?0d`zY75O;&Aa_o~x%8R93!85tEB@j(HuJ1<
zZP8TnK1L@C!S^Sh)Np0>=*_eLlO9FRwkTtME{R0d8;i2&w4KBJtPJDzJA(JYG`xoB
z2GRB5FC-6uHZl(P*(BOfE3ff*E#&_7Tpu=KZRDhjy7l=uD=_0`8P|uGjibX?x<1?j
zwnDKlzanm<i}%AQc-S}fewaKJ*CUulm^{>4Z8D4^i+Q9O%74r$I3j2?&OxoILgGMX
z4$3f$EmHd6xQnHE*HW`l$nXl4ikzR}6|Y!cp--aEx;o2EcHLP2(i$bXi|>hl!52DY
zPgR~F2Lrh!^+KUejP8ci@tV>{XT>_0h*#{h?WxktU}v@AG)#fYQ$O>GSm%eh-H1Rd
zaqC7G=Rd#}7X6`2!ns}ut={{)WLs>frq4ex=huy^i64YYsi<b?dSh98wEV|!j?{l}
z)@Egjs#9#D+jz5m+D#&3T?3DNA(g{J!$a{2cnA6PkWG>g`kYyicT%EYWGMehC6_c#
zf}!S)Zf?5j8t2cSLr546N3^+hEgr&MDl0%ArIs5T(TsAz<1L{r&xFfYIQ4fyfi;P-
zjq$3+*l0w)DoTy^@X*1wc@p^utD49+*-jy5_1M*1uQu1QlQvLxJ!QA>Y`uL?%`ukL
z@f+OOsXgP@Y>CY&avNTVEYK*q@i|*uPLOgNULm4Sf>rqz=Z1@PfkRraFN_AQ@9-Dg
z&6^o46P<|?Z8MjnDHDz#h)X*XK?^6D92GXs3YRI%W@N8G{z1HG)T%oI0~SvG(U0U}
zaiCehbG#Uq{6KCw-Ge$P6<yOw$n)l|@3ep5JVI#|tsq0{5J19O72-$v##$R{xSDdd
zvbAfgV>9s^)#W0CnZN*M&$>y37kK*trL<|$^KotFll<tVnG-;-Mv1Q-qDVYi+1eet
z0Q=Q*6}3Xtuds*AJ=&xXwHl{Di>}AR^rxh<b##S{-^shoddSZHucvF@Y8s3Dl--q7
zGTvQ0Og9{zXBW|EyrsISXKQt{NmX6_q~D)KvJ<rGKs;>fq$Cl9iHS{UQ5Pr=*&Uy6
zg=wOQWfQr()xV9RcFCT`-ljczj_&h70hCE4I8cS_%=Q^$-j{URSP80gnoY-RIrR#q
zs7c^lm6)<1)lYRd@dQL^?T<`Bn_GmNPKh)PB>cbA7)n`L5zwyKgavY0esqQ0z=H3v
z1x1$6o!y=nDPd=zq-E?3MtavzLS)=jP0oJZmv~ojulYEQ-xO%1@9`)K=-Ndr;EM@@
zO!Y;pH23)7uMU3!9p+OE9|NGSm>~<bjxIJ(`j`mCPAVajXBkk4z?lDMA+nx2vNATh
zLUU(t7~3#}Kx$_VBoTqz@G@yiQBa>JtnQsk@83lGt4<Se=KRf*a&zH7#v7AMXtfq+
z?>=r*&%%g&1@^}o1-9XpQeYErS|f%b-CGX^w$tccNEJR6X~c`9Z=IlL>G8G{(rQS~
z^qFFX-Y`L8l@z`qVn2O#{S)ecmgH^KZ3ps>O)&IWiXv_OWzwltH>0**sWUHLG&#?t
z3nZ&%zf%QJ^&&G%P@@`rv%~5054&SBna)rI9`iW&@c|EU4x#i2U+|f9X~sj^K-BKt
z#509ZNw1<Zjoc^iHp9~zkhtmad1^E0uu<uTn_SripY~omnQ!FMZK_WDZVcxOe-=9R
zzvH!!L;vXZ*3`aI%<A;NfSwUJdqDy1-ig#`2u+T#k{r4Y%8L_K#7u1sO6T~yhx9rC
z*Jd_G@2`nWZAjS~p9Pf39iKTok$Pm?`0V|R=<R&-#-6`$Ikn`{+-TLLlV9!m3*Y57
zE8kywKQv*yb;cuaGONVNMYzm4bs~n!c#q0hL8-DKYwJ^N^8Yfb?1Joc8iR}K7&Dzh
z@smrqE>Sl^u^MfnNQKNtWjrl2Pvc{lSfkhwk`Fi(n^1~A<*Ev4JT%Xo`Z_JXi3soO
zT8A0GMP#M2V8t@xGP5pu3dP(;e=)~da8KO*WL|fd1}i+v@VlzWs)243_syt*+{B<>
zZaF@xC#-cJYrSHS{-fYZ+*H|Ay&AzVjgj?2eUvCLUN?B(a7xw$jaxIWflrN1jCiXi
z(SKu2qTp2!6f4*${J61E8!di7&&Dq33CGV)qo*cz=0?zScA3jX4ti9HK@U!b8$r)?
z6|rkK`q%-5HHlp}hU%Kr2nx()CE`XuU^$=h-K?ejfM6*{!;75^k&IQ|+R4iF%Gk+D
z?GkU~66<ft=HA5*v1d|QRIL>)9NTrd9q%3pK+WOAiLP;ZoWu4FmG9mf5kN!6HzLpe
zf&ZiA9lq>026?9$dFPdIIikm1rYEO0#>X_qD%+9KC{>BPb23~mguF9`i8scVcg{xM
z8M9i{<Hk<kK-u+_Mcx^+-aLy_a}1l_X~;XL^o(D%C3Z!&ymJNej^WpVyt5%o-mwhV
z$U9=VfxH9H_2nIWIwkKkL;AagV<+L9IU0FqYgc(^6tI{S^C;0GCCpRtP&qFqTTYRr
zvuE%%@1yI3mqw9w!8jCIx4we8!q+cJe=~lZl|hGTeK}fQwyaqtro)CmOsCe$O{06}
zM=Pw@WE>?~@8Jg%cvpi)fPyVG@nbe+a(^Dpo2>QcU~W^-QaPUGlFkggd-5=&^9uOG
zf9~)37^kvJgv$2!ys;_E-*cT9>R0%CJ`8@+ww_;dBi5`V#Tc?R-rs&s_3<O$dc-Uz
zwfu-l-bb-qf6r@#<>{uXbzb91s<PGl)26LE^7l;pI~x7a3ZmsZ>(06vFme@VfwIi0
z`@4vN4EChr4#mG~^k%yoy;*fpI5E4QhV;nPaV}ZUNxzQdbRO!nw>C&7x({5?Jv<mu
zBCkM!Hl-*Ot1TwKO_O$LbWMHUht^S`4W_FfNiQbJ>N`ufb@=+U{hUX}7y0?KW|l~q
zkm`X(yq`J4mKAK$7DPmxtKC)<Qd(N2Zp+?Sd27NJeXZV2pKZnD%u-n0h^j3*FcjY}
z2uPq8BZTXVDQtwY*T8Dd`^fs#?&?kUH<1;UbLSN0MfS@g%ir>$AxmYbE%9zOqqEMt
ziC;C)ThI)y7p$3hoeB5?qtD#t{I&bkSdSVq)VGWwdp(QK+&Luo-<=M#$KLGqxlni+
zRa%lCN@yt|!;Zw{3DlLIg}_)jmvdtCB18E^*sOMK(>K?c@$ldF@!z(Nv2U;7ZDy)u
z{B;BRVGf(4$ugPd*?;wP4?fPRH%C4Y6J#7dgGGyN>FVs==yIp-df-Gw>HS1VR-6c{
zZH&<@cr}zL&@Il^gG!~RgAb=7CvfgnyjvyvKba=#T7&|1_ZlGOQ8AA&*PBPXoNUZ0
zIuE>zPoqy-rvFYjMzVjy4zkp*9bWTTE1<Qc_LDhe0DpAaM^9h<TI{W*iE!)!v>OL$
z&-Wco2S{4G!z>@bV1L*jJCWHRhT_NTEAQ8Q4rJcGw3ESUm;L<l#z^rBSW&Q(F=CLP
z?n|eBjd@hvp1s*N_J(Uq+oXbS_r50pRdg{$mAWl{DJF~$BITj@nWfk;Qjz`PpZ@+e
z!f_WSpO3;xycFq9E&Va$!m&$AH+UZbr*a!Mi8eS>;2zb|Ch6f0#dNf@+(!3<8>eo_
z^agmCY$g@w`I6HT)4fd<UVg;-gWgGv_=D!6o{7iuII<=-tJ9z)FB772@x%UjmeyfE
z0cp(mZ7@x+1InulDg4d{#U?3H-QH5YkPMiYPoFa5oXF)QFs}Z2OZ9J9!`Vi$hK#^V
z$I#m=o2nO@)X}pSds|PG_sT-NSEipc<D5&Uu)X6mwgJDHF|(!mw|xBgg=!};kvi6T
z?Z?T*H2wACd`*c3rbI#oVc|NBec?*hzDFALVll^J*yK8}0+Z97xDu;UZrBI^Gi`&0
z2C3?0i)APU(yn;WOuKA)6j<)$1SPz3Xvx?$6AuR<c?&jg&xYqv;KAR`l#2W3;~95s
zWs9zNX{{y^T~uRFt4j^E`f4T#=jGkg1guVdsZr>gjcw^7l9^U7B$H|N&vVn5Rxc7P
zTTFMi3pL*AqjT_bPl%cIh{-;UCLL3;aUD&O9vPt`(5K&3VEUPpv(%25Mag7v!6rgV
z3893Y%G_`a-%Hb?n@H%rcl>kO9GJbmgoDvEbs^8?0^q=CQ$r;`;IF){i~TMi7=!cF
zR25F7`qE3nC$oll4YyG2TsGwM(M(4U!akst2oveb_fkEee>Xm^r;+rl!5z*O=((Gt
zYph_2x&)m`5r0r$nXK$?!e&g|^WHBz@NpF9@}K-&ESQ{;>IbR8stMcL65U&!7@jlV
zcG92W0P6Q=HbN<<2oDzM34$MUoLua|kVLSWvnH$C46^B8ph59Zr(n`}yT2jiT8O}`
zg$QQbkvcpB(a!Mu8@iJV&&@p9RK3Vfy(QjU+h6=EJ0dQ%&;Mrqt<0)_F8!VF9j^Kf
z(b=@JJvE$r^AOZmaLqQ97>dZ?4D6O3(Jy>Dno^nl>oAqhL^$xFQ~%O7YFk0M<TG4>
zu3sCf^wld%=W^#Q<+Z`K)RKMUe}XgBH5YN1rea|cxt%hT*aP>o5?bgw?VY0A7Bj1$
z2>lqMkqT(`uie<J$!=`=>GZ_-E+B%%rcaMw)iXAImebE=n>LO^X)1=ftrZml%jq}H
zZK;@)$Nh!6Z>hKzEZo+n%45CpbOXM$cU$@x#Sg1RFg6|OjaAHO!?!Fl7xAh0tO~>*
zpQUOTwE=1TJ){>I{2Bh#YVr)Jb$|bFJ}&&=e#@_oKipB;kP=D_i|?YLsW){lZ!um_
zxGYY&bb93Kl8a%`4LGlM<fJ;jfCnuN(iG%XJ|Z8uh2YRIhzX+va`j^02X3M719$Qt
zH8v(V2`>nw?K$@etO1+<zz>VX_h>x%Gr+RiqAk?I+QC6Cdk27=b3QA@^=@OyIp?20
zW6I2#+}+qx{bQ>*qInLvTU}+__7z791I5t`YKz7L#nCRd?Q3XT@<KC>nFMgQ?Q3n@
z)-SMD-HA1boN)}RoD97UwP)fM72bKKaSR)TKI=w%DKEi`%_S6YNE)<<Mc>}hJArOQ
zC+N->O5y`v|GkCoTR@Py&Vu#^RR}Exg5m%()9@;77)}$d4dwiu9%cDz_#RiC0C@C-
z9i!(#HJF8-H)$CF&h!Dei$<M3-h-y?)=j4E{ODddMRCI4ol6XDqQ@EzX(dk<ec9RX
z74ZS5%DpPbF1A{my<>Qg{e{xRB=_Zu)OnQfD>kWxgl?}LaHYGGtyQ0I<34!@H!6%w
zfYyy0X6xeQLi^PCOv<&%f3Fh&&HFqqc$%!u{(6t#>q7e!xJAL5JbU1NYpz-P1<L8)
zvul)7|CFYen*19VrlIu7KqWrBzvGSItr5IGx5fCRQ5E-<f|C`z(R<`rpE;wWn!Ut(
zvyxFhKoy$lXL*2@V(%&5RM+EzqG_^)8{EL*;pTKXcsQF4Txa%3eLG8ktaza=et6fb
z1^MB@yrc8I8QgYZ-nBgRhcB1kjM9q?zv;@a(KnXZkBu-ySJPasr=I&<ZqacdI88K}
zqs!A7jrzIqZZza)em<i@KuW61Vv3DC1jv9X7D-=yx1MF-+aW)kOBwA2w;z|iJ?Jd|
z;_pHrp^Zt^-ta48Qk(D^Xfp$f9$-(om<2it8LJ3qJK{-n6qj1b1obDbR>q?~6z>sc
z+YuW2q)yr+`9my4fCdpot4Zc?Z1f~qCEh;X>>8!$WVcpOY66M#i2*vZw1^$YoZab(
z8;|nsd)~=(ES%4#!q|k@BmQ@CeDTK6<rMsrpi8#W$6|8ri1ZJsymt`|rFy2oo?g~%
zB|=t6s<Z7|wxcp~mN6O=iQBRHMq~28J%&*ntRIN;YKj>JygaASudMSzJn@d>kE*<p
zNhFQQwQpx@OuFJ9b?>TJbOox9CNvY6exfV9He^>A-`rWndC`GJ+tB3eM#*jv>yFl<
z7%w30Vub^=Yqc1Y8adZ7)m!^9qi{RWjbphU&yF&RyhfJQH@v^}QMFIjzYtv$s+(Pu
z7kx2RDp_-|hD6)nxcmt}@_L!(YklKSHR&v7H<37bWW07o80E8OV>sleP(1NbW^Ko)
z{Ed~d*DHrS%L!^H#&;zz!BbHuHA(up^3#hrU&yegUOd(zyr+==Vol^7cgV7u^7kTZ
zQ^Qc~w5JZkQ;wN@6$%hM=02IxJGR;ww@nTX+;?^*|He~J!;#`+lwT?Zy7x!0jH^^^
z5@OJ#j62kJl*{8_@?S5HaICW*1Z<-{;|p=pBzz%;p#1(exf>?EfOo`6ld^ILgS_Ow
z4Bz|goA^VFfM0$Se+V=qUVFJxv3!UtVTF%>C@ng%(GJ0eA<I)|W}IcnA+icqV(|Z0
z;B(``KT)V!!Z?G7{dVMEaywXsj=QFp(d<T>e1C$}QVqp!8i!u~ILI5yapML5)Vyc2
z2_^1Ynwo^G1LF0muJ7vLy0L<PhT=?NO8JQtP9pv7bJ0RvVNxcg>b_Zi4!r|_Q$2EA
z8G2Y(hH*Pcq#(85UB?&>=#?Cu&D{chup2LI_${;4NMQII_M~*6kC1*g@Hd>CDdfFH
zP2#E2Ce$WR;0wEdP3v>fP2n(h-DGi-PUkWAx6nvUxdG+yI5f}Wz_>4&ZlY$i;v@BX
zIIl5Yj5f9%wWZoBeMR!K6kH%i@&p&YKKgm|(WKL<z`u8-S3;e0uNjsXS;K8HkMZH-
zQR*2#>|gyij$Q`nQ?0@eppWw2fkY_J^xo{P;d&G2a%vE-8Rng4J5Cj~$+287&)&e;
z`i}m$^#Knn`^=HvvuY@|&eZm0Ikg4&v;HOEa8&#_siCAuniNV@LmN*<Pw}}(vO2b{
za>$C1xX7S4gs{C+lXKx2RelW&#X9#Ji+KeO9x%brBX7Gynrq76h`gRUG<7hkDp6fs
zwTJorXht93iRLr%+T%Y-?dz%CX*d;bvQ%T`oeQvV{ZTO-I_sJ$%s#7XB=USQ|6}LY
zAzh3p8P02B*94m2P<%9&fUn19usao_W99Rtal7&Yx2q3kIm$Tm5(zzvPAWmT*+0W;
z%%d!36DHgBJHTO_FekDeCTsGOjdX&%uU~eXLC*h)9mAVK4KF#jHFa^pYKB>U6P6=l
z`5twfTpRvKo#rzeuM&T$vo(1?Gk%BborZ^CEOvC16E^T2{FPxhHkb4pq>7pGqM7}K
zxF$=YOEu>|!^!C%8Z4Zub4KbFLkBjCEIUd>!al@O;98}W8E$M3oDP(>CCDJ_bDJ;}
z^=z8kcrz@wG3`YRw-LaW+t9Kcr$XJjyD>Dqtg0-7>~`fhm6bsRIiy8%P>knJcIRda
z_SN*$LgB5^hMifv+jli<H+wf7naz^|`ZxBezp)O&mbOd2V*zy=TB3wid=f^<%`$%F
zzDZ?$a;f7X>VO*k7tXv*eCO2d#alyi4NbFph)9}J1GM*FnY6TI9<fF>K}u(hE}7~a
z-Mgtb>s8-YF~Cgfp=GWTW$PcQhno57kS3dYs5w;E(apKxPTtt8`fl30j^tZ<giZLd
zOiHfj+~yC-$F<TO^0J%H38fpYFYZS7u}n&?r*l$rk-;lDQm${ulFDM283UL-9j^0u
zTiwRvH~rHPvistCtjU;~SA&w7vM-<-wF6?zZ3hFK1gl#{fTDE48LwoDWN|QG-V!U^
zD$WQK#|X9o$@6>oA}|{1u<&z*ad<81L}1B<UIq6^I**yT<y5~+jvyRavI6X99x(i=
z)HHo!twQ#*UaF>*W0U!pJXm5+r;t>MW$9Q{F4J+S=GsWirpT!0jE4Yv9TR_wqP!_m
zZ1jP9bcsDp)sV+1EO&rMML&3#hvO&0>pPz?(yT}SK~l9)W8jvJmjDMLdpN6ak@uqU
zn`}-E4VQ16fum!a??)Zs^p!TVu!mwRQ}AAH$Yfs`BhIMXiLqlj{P$?k<<$2E+)C(R
zrtB;o$vZ$=D2AJ)efz#fngG|%?#^QanV|-a>GR}ua_f$5h9<s<94~z=jqENTBuv{y
z$IK{-d=QH5?#B0U<NcTEO^i(!IjIYp-Pp*~t-jEqni^6M)x`QY3xHU2@+uZGt*2>t
zB9jd)I{Bk5l2nCt$1bDQ&m+fVRw%Xqw3W1M`&XFudz&VAZPptUWSREwrp0Bp#neJA
zn#;Yv!C^BMcCuI0y^j+J34!5ZO3#JysNpT&A1B7{O!1}(<ltEC;*^eDKp!4!ZcYwv
zXbL$Y(k7Lzkfo_SjH|j1ZN;TN<cxVm$m-{30sGKP9-)jH(bnNjN)6uR{Itn=q$$6N
zd766AJ*IXss_M4LcX7+LHGC0rPI%cUsKryn6t#u8n@UtrPTs%aIlr;H%zH9HT)G5>
zYGX};qKVmDD<y%aU^TdJnZ(jPok!dfxkc{}dnnNY3yVt;_Z(GePeksQh^!^*vJAhM
zVQejzutR09gVR~!$etMG(L8V&#vFvYx|B@~9Q6UQcnXWfkIYgEDh2Gkvl#Q?FQi`2
zpuf|8&B}mh8$+SwhkDr#Y9!E1)kdpbTd)H&UyFWx{MR_4lp7!PjQOgLukgDs!Fo|7
zM5c-|->}wjXid2M9XmLyG&sjlaG-=WAu2T7jL*HP1FU|Oz%MqAIQ(w+4zsUr%G5S>
zfrjxNr(RL|SwoqW_b{rJ_Hg-Uk?#@8P%U6MP`tKGi9eT<HV`|c4r6gncu^qq=k>SQ
zAOb>%*D}n2a2Q3d>_(r-GuL^=OhkdI1*kf_g{E}mg;_79UhafX;z`gy5RJ5L=}2(m
zy?(gS_?b~hRgiHISSviornCi7H3N)yz~~aJw-}g)NK!l?H9R}6<|n2qf^|mY`J>1h
z971AemC3+r(|q&*EE7~Cod#RnHekg~tzG^CIxWK{d5r9>I4OK6=M3`>rApD?0sKNH
z$mQWCtM0(B;iMu`zlF3zGTU5sM_dk5YUE8E{NB?W^*Vk5bz_R~%?9Y2*m^LQt++6v
z#7_@powf<LHhcd#3=&4JIF^T*5e?)CBTox|#{aCYRh%GF%n=|*S8l>L3s;HA?ltir
zA~$`%DCM}Z<C0>wp_TYQEaUaW_7tlL{6Tv)DR4AXSJG{E(~tw^e+GOH!zfa_XIdve
zpHH7KkF8AowV+<SC^C@p-;!B<Shhh~=bvq!aYyR(w7yOzV8#0>sX)6w6j#zymbd=S
ze1)#124uHqj%GMb)Qal{1gqg0ZOa$T>XAB>i954Qo(iZh&>pED4I?QIFJweZQp_83
zK_5wFX0OE%u!eUUf!zIGfZsBdW1>%q|K9f)3T6j82nBift1595>=9%D<KQFCK@z?g
z2o73!+!AcNVi*|%N-DL534%JWER_}UPhC1qL+H25A2F=qMg%|D>o&ajVbJTqapWMR
z@Dc&;<Lm@L0cRz%{*fAzi?3}n?!zz{?02bU#vK-Sw7<sdZNKX|t551o@h1+^nK_;a
zA<)O+y2749hEfB<_yWSyHrB+;F`-2Vq)rf+1ef4iLqMh;Mh=HO;XT8Y^<b0t0uimE
z*Y1a)V>>x0$|T|7GgHS(gDGYN*<oXQ86`oS{VLi7qw|Xo$8;TAtA(hiH(-sX3o68X
zEG~o<5NI(f_Aw)t?RF#h)AK?8nA>aO*OdvfL)dT+lV)rn?7mS@t@@|@6V^pP(hgkH
z5^EiE`t*a%=Db8G?t1R{Wq9nVy6eI)crY2=lkZYva`FAHTsO`v-2x-pplUt{5^$&0
zysze{c_ZHjKZrob0f5<M7_qjUr#Z#KJh072uTMMPWbx0Szr%w5j?C%rTdOnuHEc-z
z9qCOowazKlN2k-P67>q!)sZ^E(m(X@4f}KVP}?6Wg~@t7XrXdb_xxzDG}NHHD7Z<!
zOYsZ>yT~`J2R6QN&zi&>lTO%#7qaJ@P#Po@#zxP+YuO81S;8)6zJ1`-{|HeV)})mP
z?}w~Y^^keJ|3v1^*|lU62^SN-OvDa0y>7^mjCWIXa<VUths!^l*<UVpnHOV{pTcsH
zxodiP>^MpygShs$%r9q^8=PE0IRdflZaC|eQ~v;Of-|0E0IGH#Ar&8IJVo{ji{D8F
ztX#ul_)gt=xK65w1D4WHl=KE}+mRaV`<K=X@f66@aJs2j8WgAA<_Iuxh0%38j#R5D
zUk2}GXCYa`kGZ?1L^(HMT#CsyDScT_{CK<mPV_hIU2qa^i@u-y5GYK^x4A%4;q;|2
zd93G@LE@~0IO>V<Tngh!E~iAGRxp4r;X$BGxZ7M?Ku`TffQD#3a?$Xog7b8M?+<DC
zQm14HQYwmh85M<N%)Y*wB6%?os-hv8K0J0%P9Jpi1pdyfiIOmL7I^lomp_|r3^40&
zz`wqke&E&v%tG|v(huAV7yRF*AGiXE|Lf`p0{=tgDfU;}q$!Z{G_5Hhf`HwGpHFfm
zxR+VUELyP9La)C@qv2JfD{!4^OiO37=;tU4%1{<eH(#|DltRUn*OzMmQkF8SFL>R!
z_~fRr3dKj11_}dv?Q0Bz8>2D^ZgO-6PiSq;3Z?Vqz5c2%H+j{2VUl~ILBKq4IxvJ2
zEWDxk6>KC|i=AdEfe5%>?GA0vRsuCk0c7&Bx08lc4)e|L5s<wsJ1=|tPS`0CB2^vk
zke1YeZu#07Lxk{NvI~-Dn`__U{^e9pU6Y!M#J!SM3pRw~!;P4ApENA0A|@XUrIQag
zrLw|DkUwJ^gTl&dC|#!1PsKIgx^!`f&Cj~j5t+#^|HtyzO(Ja{4r_L24Kc9jpbWmb
zPhgx_cdVBeISTm=G{b%uIrU2DjqptPAeu5I@_o7jSv*44jZ=%A23g8cT#;iTb=XO<
zUCHXO5m_#&O=kuI<ZDFN;~RYvaq52wZ*?9SqnPpjZu}~RIY;(R4&|v`ud%!m>&;WA
zp}$x<d$qq)7MXKQNvb#ch{PBvwDX5=vgLvA%%l1pJ!qKI@Rk5#ljfFhjC!dX0c?0v
z@(|PBECSnG^PO9poq923(r*@<J^nJ?kg>U8gDw)&p^`Zz$p1_DxF!~EPwnBd!-!#@
zm`=8mtxm)1lw-MIeA=SGKfNS-HzE1W0Dw;b7FqAI{Uy^n4GZ~5J2Fhi;I<|nZg=YC
zl;b>-hAVQrfhpZm<QJ*vD2>wQPcRrVNKV6PXr7Z_DkM6#1v?dRp&@HHPAnXqA~NkL
zgCE8TYbDbjpKZ{`a<+*N(JvHfnPYLn{|US0Iz(bd4*NUX2|+Zt9w;SrV2XtrbUr|w
zyB@)vGJz8g&*HX78^z?6f+Sbz;64Al?6J>T57PD$L|QDc7Zj!UYxw8Nqqg0<vqTc2
zl3#Cg>hBRO%-be*yr};!DfMJwAsoYZ)jcSPFY)E!Cva{2N`Kwssoi(g{e|jlQ+*4x
z$!cefjDCwfMKY2@y9R#v1Jz=o;gy@4zx9K`2#V_vd_jXTd^s5fOtPJqnOh}uw)hR!
z$6!D9_2t96+Wvp}@c(W3@T~oEWUK!t<-=d>o70D{mJd%}{$G+0Bm4YU<->VH{`bg-
zeTbr#{pggvzma_S&E)e>_xi8mzX!bde~Ww`|J34tW%2(Y{v)dVzh^(42P695g8x3B
z`1C*U8{yxszt_LtW@H|0y<6S7FZxHm&)?mn2YupP-rf1@=%T64Wo=WPj|xvcO8zq+
z^*zh{rg%1T;8PgNoR6A5ajxrzh16O)*-TvjgsRM1`rSm~F^4K8J%-;F?+1(|N|q<x
z#y{A9y;aFn=Q`A>t<~*(iVS4*S$?`sv{%YUcQN}Iax8zT0&LwXyzA*N%55@xUl&ds
z`-BN3#G-(`h{U&~t0YIdn=n4HXmPxWSIOtkc&EDYgxq4`8N><6R~MazQ~ztT^Dx=X
zL;nasWAE76{^Q5LnC}v%xKn?MzLie%9dF-D34<|NGkUuTqk3(rD45ckcjY;kL|Yo>
z(3(oRiHB!#={^6q?b_-fEKgiarrrL;U)<t8I%U@MX~ZN=BNAY0Yemn?FY^=QN)2wh
zuL`2<1a8w4??>8Y;@pUUjWF8|wr1kmT)jkLa=5Y+B8TzfIwCAvi$P9XQYn`*8x-W(
zrqED?{jDa=_G9<?eJ2zTsef#KP5DM=-fP;448_dO=?u=FmyryHebuvM5lp64bA@0r
z>{NY-R7nDQ7r@v<HAcz_y&A_2b}47xBC25wKS+<^;{%}CxG8|LPtYP-F9D>+R3GDL
z?>|TkIwPDYU5ker|BqTrf396y6dt+_t>>IQWbNP!d3JW&Q}sm~Y2;EhQj_nQD8WR{
zTKYbv$+)~?h(aNd8Dv7B1g>0^H+y>lkx7Vh+9orK`O(P$SfcK*!T0lteA-{!NNRlY
z_s2~H1o0n56f!+C@gM9CycLv7KEqW8-3w6pFY+Gbg<pS!-2~AnzfqOxhN3@D-OCZE
zgwSAA;jz5A+1!Mj%bu9(Om8A*rpaWhsfYIxv$WF;GRFAJjUS5*Q#!#^kCjBQooZfi
zgxev4&($6IOT6{FBhK&Y^?{gEg<b(aCbz3>6y`JKrcEmF&<vITP#)sugju<NGlFR+
z^dBZ=bmLjj&%ypdv^Mo=gW_TQS5CuXZZf^^k}slukAH*j=)RejF)~|-qld}3_gp`m
zc&k)F2DY^jrC5M>uz7B}5_y4bZ=1IlPxRUCd}fBKCl3NR>nDj0G+ZBps|>*So$(^6
zEp1x=?Z=D1jM~Y0q&qu!+yqE-7O&!9AaiUJdYD*vHM4&`lX<mw>-Vh(_HNc#+UhN@
z$Nier4n(p_?`Xo?P2y8?4v=8H6Cgma^>VH^H?TDRTdRcDzdgfvIj@+7<79k5H9uGd
zyq{9c46D4HQLlG+=kdgw#2;0;s7RP@^?uff;F{UL2Iub#rWnhxN{lc=cI5rG`u+5S
zRb~VQL<d~<@v96|WfuKw|7ZO*Isa!M=kHvvCOQA-YHF|{Hrh^}vE%c9G%7jmA8FhF
z-Bq^zhbZ8;ALmkCde+%#`v;ZMe!gvg#8<U1eWK#6+qFz4`c}+WYfeq#0=aS9gADLi
zJGG}flmt>=U`ZHea!nbINqW^~(Zjq^EMU^#P0dy{cIz0Ahj`)qOL!NnO50SH+tZf*
z0%THSB#!JmRO@G}H<7-8s|D(`33-9TA9;fM9v|@Fm3D;nRq6;^!{zB3Hka8N_A)gb
z+1-9~mH*9b$~k>fyO^kE5yeTW1j9A)?~f?{y`{6NQ;-Y0m+z(#Y4xU1EKM)ud_d)r
zML$0Nu77_nR3pDzX(koMrOX2IbGpP_e`=z`#iGvCf)jfNwR~)imz*Z_=y=EyR_a6r
z?_y8)TIS3@imU43O_j#`%`N}u%u;tD{wB`6a$XE=mbv1*r^1PX9wAOC9oif!e~LV}
zPq~3qfJ?>~oL}lm`G#zucoivINNpv4t0+v3?ocZ<WQCRzd`P)6rzoLCoN_1OQ))A1
zwN}rkhsc)U1y0$-MNV1m65gLRjz6bXsN^sgR?BOpVLE9tD_%QQO(&yOTKXXxU{=2O
z<g42Vs8jv<5g6KSx?*LUkNeqnuXyh-xf$ukd&qSruVY+s5O)LJ+0dW3$?0xNzqeQC
z(y3mRE!~xTbQUvY0}|U@Y6%Q_%e|x#XYj~-NNEyUy%@hc*Wc8j3Y3n$?sL+~9S=NV
zPO^$UBgeeD&j-%5`BDo?<tM=T;;%-lQl!u%^dm77k>s5X-q<vFXk(4a9eIri8e&5T
zZeY1bbzS!yP8K6d<=|p;@v?vG+_g1cKj@F_2K!3MeMu>9XB|M%On11V@v20@@s;zd
z(WKSpBP>LZOO3@}sh!h9sr2m)-gCtPZv2)%G_gB)h>lW**Jo*#S{0j8LXs|~|2hT%
z8Izdpz6E(Fv=khJ=>UWO=8kb?`ev9(=@UFE(W44Ia-k$fd{n6@VN~g4*$AcsCHP-&
z`FmEbfp@(#`iOUZ<c;Uoa_fVcgXI6p%a05(iCLAMw9E`|pL7=jVz4I@mW1N{Nm@is
zQ&a4%fk97$Vw%27dfVyyy9ex0|BBxXvkvU>@~uepJ+aPkJ$&YIm#*k3=p_?%17o#j
zNjQg(&HCr__rhZH1w2Y$SRYFJ1zZnI8aAK2mp+QhzQxz*>x1>duv&awqyWeB2Bj@4
zVN9V_sU9ue@>;59@s)M#WvMtUP%oPHVX6D=*&DNC?egG$_Tb)mk8z4vUUuQ2e`K4n
z{PK7MOZNKq(iMiej@A#0+5`&t>&wAh3Wb*vUel@lV11jnH|xu9cn{BBHG>*<w!ZoN
zvF`nGhzpubiNaAgsKp*+`LUReomSLZ-KObIi2sVbyw>W~8Ub!l$+uLm!%J1WCo+Ik
zKbJQ@{Myns-g;*;zQF4|(#^;mv1NpzlVZTBMie1wEEnSudnY!^6%Y41D4R@VC+q@I
zWAO@;l?uJ?s|4fG^*6`tVo<P|{usX)PKc_=i}qz0$EA6Pl|{Bt#H<;Z_;F8iS-}?W
zuj3VFFZ6!Fy9X6>OM3*3zu8mRF$cZs*aUG)+*aa+uTQt=B0S0*o6uMH@c}npZo^7f
zP>Uvp36+cvCYtk519IB-CQfsyR<h@Mr~z^}9M2~NbgoVZbY3JV)z9pYBG06bqFUi$
zw;jH}PwD#!L+kwAPlcnUoK2wL7wMH6KZV9Kw2`$wcHhbRs2!3lMp_fsnQOBq)?HVT
z=QKQL9y}K+$F}FpYvK+giyJeik#XFUgj2g<X>%F``VKXxGWo&d{N&kp8)Oq1YK|V`
zM^WPZn4}Iv8x$1FonpB8QT!r5bM4P``!m`8jN=FUCy+3>=3Kv;L_!aTzkqiUOS88x
zF}3yBV9fEN@dmxCi6<uUlUau0<COO9`dmw#zYLGbT84W#r@iV7y;F;Fc7_MD43A+M
zHp?W0!@(Q<%n?gW1%Dal6qB+r%kV@I)@fqCCu<oV<1fS2V#;GC+huqR%W!ShGCYQ5
z__$SHu?*j`duNvVRm<>sT}o>i?!oFcM$7OPmSK&4dMb%0I`><)+=E}=-sAJfMB%sQ
zSOyU%LwUd?n5%n={=PfP(4o&^tGhD=e3{zrPptnuM+MF{b<~g=AgDvpfJU<Wq-qz#
z-+Jh4KLTiL;ST9pj?{jhi(c?JynEkcMNp!Pcm-=i_6#umUHlo=_!#kvJLbn}`@PL~
zY9h4?|8=QY0I+EP&iweknGVkzSyCr!m>AGc%?v=AQbtgFoNDifyU7Y!zdvPa5|=h<
zVI84PB}|?Nv^ItSKj)BS9L2qTHXAaO(gM*;WT@!`ogfX040Q(?>OJ5CQG>RU6cr_E
z4pNl-sQt_ioq~F+f_}zS=y5LexPVfpiXKlAJ&qPVLZ;P=bR&91dn2*1b`i9^M4wx+
z@J}m6k7^}9asaZPuH3i@^ERvecBd;z3gG;RBtrwbfBvTA$o4L!vm`^9@bpV8#!0>q
z<v2A-iZbP9>Gr%c3Pc^q|9`NQTFdW_#yeKbc=zDrTyn_q_al4HTuPYz0pqJvs&y)=
z_6pxhkFOhhg<XMn&ulxWa)Rx|Nj`_~R1bg3`~GKUApbul)_?f?SMZa{-MS9m<n-X_
zilJ6_%uw&qrF7Qd?Le&8C@o!VN9nKpX7Ll|<G+xX9wXz=&c|n>cEEM-yTOswh2Os@
zGanO$zx*M0u^u+F$-Jk#F?1~CiN1d{mnR{|F$EJE-uPg}k1O5Oxr8|{A!cA9P6UAf
zhks|0-i=ly4iS!aJ}+S!H1RPU>0e&5>C2A#rpQaqBNLl+1}hKQ%6;zL@)WHq^eVP}
z_zT`|S9Hru{RJxi!?X+)SHTC}Ec&%#pPMgvMH}tiU`s;O#~o}r<43N$K%Wj6$B&lt
zQz=I-i3|9V3-)q7E7eV5imz}Zo`Wng+RAH4#s!rfifdcvov7NVwc_5b<~*3%<nLGj
z>GG(od~R9zm6jo1`0<4nZt=TB;jz+B1o%COo}w@ierwES?E*K3NGBZY{1SuXtHALm
z9H1TGcsJ7?_$}6R9C{6Y@whD70gfA%8XT|ejN?PwgqZ3DcxwpH3gAEb84!))wy@F%
zSnOiQh+YRGETZp$9|$F}?FP|TPBn;rcZx;y2b2TR+xbZ&`fs|ihz<bA-iAomy})eV
z)_H5bwD@knC&2g5c7pHg-<M~O@zE)~!3;J~`Rj}PdqT124F6HKIyth|&FPuPDZSjW
z+H^u2OU@Fr<ZSZ3`?$d#xL0h<M_!MAFtZckg+8@@_}E-i-?QFYwlc;+8qXo`9N`uf
z5u3;--MU$1<D2AF3O|p&I^vO6ZdkidmAe@yBw`%B<54s1j!#yod}7JWBhq37gYb8Q
zN&f)3ky`SMXrXRq(LF4)1V$39eH%lu)wnNtgEttKIgD4B4Yc;D6l)S9m^2}}V@cC{
z>Vps(Tw7Gikde0N$x?>snu2<(f@Crp$E8zdloL+bozrdEv$X=ArWNpHt$-|y;kmk*
ztic2VDMscp^%tlT2}=3iAD<QnRsD7aG%eY)HVs?c*0U=U71$(PSu3g2CR2iusuSjm
zr@MTSROqWW*QcT%{nj$g8~C;U+IBzuhp1*Gd()lmhfm>yoc-`D^Tof}58uAc67L>-
z?eB+~{u}zipT${rx_<inqu8h@3#ZtoG;IAiQqs>)>=f+=b`i@s&OqnXk!P%xQ*Zc(
zF0({(G5?pej;SD$^mubZ)xnh3*-?#IcA;j7bXISwwjryum<d@8o|>ptB31Vl%lxWH
z)eSaM71z0U6;9#(l0&R@MuhkhKG@NH;Mm!2x0ta8hGW|aEsngsv<%3-SzCp$<v7Ca
z8TMVwdxzpz;>vbv#=+dgC=jsST2;a~hzvNKpK`YbHY*J%5RfSnd?<^?&&0WVQ+Mhn
zsYOw%uk*Hk!L3n?Mt>8e1#N>B4wG6Vliz9;#VGFEhpOA~n<5+o57Qi9(LbpaOqfrL
zq*cOmj!{|Teeqd0v)c6kyqlljkmK8S!oTX?pM;`~qdOpx88giafkU^ST%@`ubE%qq
z%>Am#QBXZn9j|PyuCRl9WzW#TM-i}J0>fMEHgD(L^{g?*S5~2Xm$rG&6lgsmQOUvG
zef!_?uRH!kEmv1$qL%xKtA8C@aJ66mDb!BDxCvv?(Z1#QE{?|3nK9hS2ObQPX^&)S
z?lGjmPxrv7*Xg!ye7MO@60ZcY)$QRp$z<cz#iTbx`7wXy2yESG3-eU6?u&s=odoSf
z!S0pwrLMeI>Pj38+j*G$Cx7gEZ4H#=p`qK9Z=3kpHx&|O&7@6IoDQ`)O`Sh4=dd-*
zq|aj}{k*f8bUVsOr(VW0BsGOZ&HFjuhGQR^P|z2#UuF#53%7`x*dl+ZaKwwUrEBB|
zeUSJ8I=(kIKym~(c^6V%Dhg>%-MVLpwjr~OR5@6Ms02MGY90vxMQ@d@nW(ve=u4kK
z&pCzo#VPH{O4g0xO(!QtC~Fzk)Il38s@{{d4XS4D1)An_D9CxjQFKgdd`5obSmm0;
zMMk}9)U*>9c`t7kL{Grf8&8Uzzkzo;lk;FsDp+)4Y{CZS`lZYwzKgx94tx)=fK`@#
zu#Il2pcxSRGik?iAXAj7G!YT;W2b&L_;XHsN+4(2=lnM}Hgk(pbb?11mxsK=?};7<
z$8DiFmCV5K_Hn3uQ&eZTnaap8+%psl7m;-s+2~_ZHXN0yFSbVcs15+h-lh}0{K$uH
z{D)h-jho;EZ{~am6xuw4=FQ#<ye9av$a1Kcbr)+TE3v1n#JifaN#bX0N%h5_7x?&J
zd*%#fhhk>~%xMhB1tqYmCh?`;{#qPIx#qQvg0^Qb)<$Rrn`kO^8a^>rT_clDpgqN?
zi85K^h{(roQuhJ{YGUV=B%e~rx+f-O$pc{Cd*@TS#2L5b^Lj~_NVw~~mAWeQ-hnG)
zAgWFsoa$w!5|sFTUAT3#8}p*wHG-*1zHRhg5&P2Z5qhsHkyWZRxT6W4r}|6!JN%d8
zz?4Fe{x#o`McJ^@PWf2sd6mUa7t8k1DkK;MbfI^?-p7%?OrW{)phVleZX5LwHoxK%
z_-I-|Ed7Z&A8x|<&WGb<vA;HasGT}At7O^tANMwg<GjctqmDr9VvfZ*_DTW&DQLo!
zR5SDqH@~?ie+!YcPW_K5%X;X>p35|k;5;7sJQeyJ3tgVX*mFdV=(M%Ur_b@w=Zm58
zRiaOhn>iKIL?uZ;AKHkT@_$7SP-JK|Bc|~)v1aGfdV2pPdVMYOYA1TF)Hp(~oD*tm
zqLS#}f*O{4g}s0^*pJjEe}*p3^1A?E<Jq0h7e3gV#3rtWfv#ujM@~UJj?@@q&zzBY
zkrP4*{KsX_eyguW#|X0=@GD{VI4{CTe5EjZTFK1fEam?7PpC!T_RRpVh8?VT1M?lr
zUVA9^ly}kF66=iKP)1bWeCPD*CgEp?);o#?);p))SjnriBn+mth8g3X)9;LNPQURL
z6!TSvgb4Q=I~i8iPAxfxJ4_P!USATs@6>KLdAm&VJFwe1^?e0ESKHlTUA{=ZDJhn@
z^T|RhmZtd4qObILjT4zB3eUXQN(J%j%*;a480?MsSk!9e6FL0nX4c=6w+cjJiHcOS
z{6chFY)E0L)?1q&cR<<~9DX=!i}wbz4f@h&I&MkYMoXJ*nuh6HYmdp~_fHi5U0MWr
zDrLcUtG?MOd{^=|fbW>E3twdpeBKe<!lyHUB};e`*n>dZue$#m{p2_EAART}_2|Es
z{{@Ekm6Fu|i}_zZ1Vvvn|4Ujw%=rXjNS!mm9D&T5&IB__xJS+oGQk|hJqxul_=a|x
z3Fd5llAQ^rL-6@l%;Yj7Gb*y{e<c44xgk*IAR+#Mc4`t;NM!_#pn&ZZyroCE!CNg#
z-4g_FArbC4c<UcQ{ujLY@ap?;q;ePq`CnR<|7ElCzig@LrPMkEZ*lGCe|bguU$`;(
zUpT<7+extk^3W^gy;HC7t-9?5uhuSc>JCF#R2mqp{Y|NX!TQ9y6_lP$X&I<{5`SAm
zZj!gCjU+4^@*-D+;wIx9E`)87na1Gl#wRIcDRK$92Azf<X&F|G8|zSGIQBNyM*RB-
z;$fC;)#gv42$>kY)CbZNN6!t#Icn`QEl6jYvj3_%W^yq+MzUk%nbhfS?AQ%P{M?+Z
zg%wlf@TOE1Kib4)C4^ZZ-Avr9Y$P!vp=0F3)F6tb1~L`|iZ=OmX33B6w%R4?T6`i>
zZb3VrBWOaBia18}!LxwVMBjz28%*t+VdmmTS@=>|ui|w~0v&)~=4bhH>VE|~GD&o{
zM4k@P**NtJ4W@`WY}kaPg`?}w%!3J~7}U?QL11y77_8oHUTNEa)UUqBK9M_ZHb7SR
zA>iNO_Z2VxzQOMdrU7{#H4!f{Uwu(?%p6=UH_L$${7y3j!%1G8w%2er2u_x2!HXTc
z%pkorS?nWyQ;INpgLH}D{{AL@lq!A`?OPVUk%_@K`SVR1S@{0$*TVO`T1Ioz4|sIn
z*r(F|0Eedx+tzaH`@21U3d>b|z+w79JRU^>=t-CRa4FHhHkmDMX6t{BtlQ8l&%1^9
zE_%A}Q^QyJ1NizJ_!}MpB>fXjE8`pz?ZTg$rC<6I7yX6E#$OPf`V*N{Qu)CtvZChO
z<mxnZnUsg=V|vNosB?Eo1eSB|Zg!YwvzyKo1*f2R5>7$1C1>$o&Iy}eB4{_+b22@q
z7H9D)@EvVLs2pJ?+H}=EXv%7Ou_5+KAUtgzEgvC6%uAW?I79FMQ1>qIQB~LCe<m3q
z(dY?^8Wn4(u}u`cP*F)i&5#*5BQrt^RH~rdrXsD{BFq2^dEg|H<6#urTDiTo($==v
z)|R%4NJTS%NkEkF5K&YDJ~-p3gojB0CI9c*=gcEKY;S+P|Ig?8k<2;!?C08Ruf6u#
z>mi>^uo2^RLp>ujF~@?36L2;$y-=CIS3y(mV}^p!+cDbi2=|qsa}={}-sLt>v?~Jx
z+AwF+>PPS%D4SUr#-k9#R4EAWx872~uUbZDn~1%79^^F>yTLa-G8ZI!H(Biw8cbIk
z+7<s$dO+)E#(%{V=QpSQ&B=@epyF&33*;RVg|*NSS(j+OgZlL9kK|IlVtDCZjZF7y
zneyZ#tA&`86bWrg%+2hf-9N4FI$1ud>F@=KZ)fD+nHb$Ozrf^}KDB1_DfFkrc{V-o
zOnPQ@%VcWxcL+ri?eL^i#4mJFr~HE`Gg-EWq$|X3+ZE#LDOZT+iOA4)yK1{a%sZfc
zdy{tg>RET<Z1p<F^I^C0e0ZbseE9l_JRdegbu##$^}1N<%76I3TQC0a9I4`dJPr`k
z49ebVRbVG1s|3KaV*ZyG$S8kw6n4<)iS&lZcgf<I<nQU}kf3e&Ry{1+0MM>eXDibV
zBU^@$6Q>kii8~1`HshT1A_@_|Ol`y<6y6k*b%&mCyeU@5OkbUWeMC01u`e;endHoJ
z;g-0#!gsLe7}tq-)>8UanGRZn5YAnA!t+MTo-;|Wu7X@~K?S*rKX?Sl<8Vb-ghR{{
zvJlaG>q(+;?9ujbbnJ1qABQ&p5!b;2rgoWvafxbikJA^qNk-~5iD`<}Aw({$4*tv(
zgmGGeb$Y63VWPredk$u%hb{}4IBe;V%XpmK_*%q)2^12>rBPd;_TI?a?!h~-iXh_E
z%oF*M$Xu<^ALtiI8-6`#UM2Nz6!|A69pOE}vL6(N<D9UBm_g4!w6ynSCkZz)vQ3Gv
zru>1Z@{c;@A4-+?%kCMrh|8&b;n{uqay-I(2$C>fLiXTD<R;mPRpVOS4Lm0+_=@Vl
z`<Weh@V!(AUP=7c-me2?Z8M%#7`RL5U-;L8T?g^d`KunS9E7+eTj8EB)e5pf>E?TJ
zu{T!y5B0s0QQvdP`c?=seqv-IW5)UI)BMx9Dq(++^Dx`($35QbxsB_!nIsh8n)L;}
zHacH{zdApo9~1cqICFCX$9T1JGKtv3XQ?}p(wLHdM0t%OkC5PKtF7AIz=F*AfgAzy
z%v{9`M%JR#jTgZ5BxlwS#GTE3j4-mueb}Vev*{t^nBY|2Y<<P4Iakk_Y>AIl*cQ9i
z<am`lD|!C|*Xvvfn0N}HM?>g%tKSS3>Z;@1Moi#BIS2~jI<3QM-eq_EG&+vMyKq7L
zT((Yxmql#HA(*KOVF&5y8z(Nmz$t&Flowx6N?7iXe3t8ZF&E?tYNI}b^nF#2v~?l5
z1)`fnL+$QtN?dVFJ~N2W(#|V_rHx8_-}$EQ+Jub1D1qxBh7pNT*)CL431S&pvj@?4
z7XnUQ8?_zzVF_B%u!itETm}cCq7uBejbcT*5h!G`yoG?-Tga9$udoZrB<Ui5+;!aG
z;Kn<w-?!Po$+Ll@lxcfhM<w;CY+*~yO~Mw!@PjzSy5x?H8Q2lJB0c@^3o~<(=3@*3
z1AacMsYEZu57z1;`i&wt^DA%<Z)eLA%!xNh55RQy0=W*f^<~7AE^@f<3`DWpCdaGE
zF*!bizdgPmQr};l91p1P<vqS%&5ht7CMT<T)KK~1wOoFiN9ppz>sb4BqVqb%ew}9j
zOqU-KuW`4?zryBGUzHT_T){&({&(wl<hSOn)9QE3LHPKYYX{Pz*dDia=T0SQ7yZ;J
z{>t&i)AiVHH{g@G{D^O&$vs8rYOb&Z14;4V+htl>4jM(Ao}Mj-ex%pe{Ete6&oqvB
z&D*DW&6?@HvOV*@XN0%1Xj^>jZw)_`#e?Vj%AG#fdtNRzrCYDPqmBu<9U<o06p4mF
z^W4P<A{c9|Z_*D|4jua#`hmW{kIC;f=T7$;mD6ZJPL5`HYt<}&WpjPUoa=p<z4`R0
z4ts_uGPcX@DI1a(z9LxZ&2#(bcR@L8LKmY}ke3^9A$*n4uCIstVF@SNd2SCHdS1g0
z3hd#d*O)sUbfls-w=u-k?B&Xq|A@Zo%8iQ*8@-rwI`jBZA*ojWkR<E2(P$V(SBb_b
zpC|EoWj{%OYNDiHIYkm=^$Y6$7is3q>GF8V+hB9_%30lf=AfcJ-)k4SN{XEBq)k;t
zrb&^`x1@+_+NwE++UKv8Imo!Yu(l(-29C*G-<DjQ$hPdr$+FjHN?tVoBT<PEk&)Ra
zVBW~h)9ixgQ3{>WRh+0-zN$Uz);-Z1TpV|dR&Qx*bhs<he4Q(%`47dqdj~49vm9MM
z8h5iVQc;$^Wsk1?x@G2<26vR#e&7NTOy5>|D6M4lFvuQ}*F4%7&d#yZdJ>C3vtoLE
zWA!@j4gxM>dO-{jWN?~|Ui@RApTMZmk-w9XsVDE_*tT%d&TMm`gXkIdYD%Co(6>Ec
zdi!>Xub+lxB9)4|CD7<WGq-*n-Koy^yILZ#ZX-8RF`Y{{UrQ!-v){qD1S>ZM%!$)0
zO!pQe7TMK@?2$vgwFL&%`784m23)(k*~~4s$IM@2tdH#O6FJ=5w%Lgs&erN@GuZf@
zOsCMF=fFN3k#x;;b0MEwp*`!}(mQ(hi_vf3fKu~riX1&ptJqYbEe~vQm#x<p`Y5a3
zdhzzq)l$>fsVUvbpz$gTJZQWYG<H^)-Yss!*Qg_W2w+QGjt+EZYrPNl`R|mJ4J~@{
zIC>p0ecU?j3mP8=jU(}0OjJrfK-WU2)Xu#GeQJq@V~!pw`h`bmQ=PIa#s-XXh<C*x
z-Gp{ydr&*KG%Iwwo--CUtaa8c_3Nr{VzrFb&Az(n&lLyS1{<WF8<{&ad!BuQd9IL}
zlm1!Eaa1*v{PRxl(#;{K>!rlyo_9(Y(S}c9qA*b!$Dulgd!5#Ko0qu^-_{^(Sl!bg
z2}D9#4__4jEpM<>G6OHm3?0hW>JHP0eAene=c%H@y(L$xe}#-544>k~!c-aEOLN0t
z^+fN6A>FB*w7nWICNu_(x2<C0PX-M<P0K4@A$=_hx*SCsj#AyQiiukEQyx5>Z`i}_
zC%Ef1UJV-Cr2KothopRvJ7vm_uJnHDmV7vKip5t^PPMJo|5d6GLo8KRbwL&XO{#cY
z#832oZ*Dl`5${Ekvx9>t49b41O65DEX0jb``AqN(raCcslnDm;jjnhJBj(qGkLL^2
zWA`R&Ds0aHkIU(Cy4C+kwJM$V1N}rl8%gY{&k-!*%P2E{iyv?cQx91fAw&V|O~wIP
zFe`Gs#_H15EVM}Db*@dCKNjoi&FVDAl{3MsGYG@0+I?5ZWosViH4$}n$M5AejoeCp
zffrK@Moj;7e{5Hdzw?djD+77#5AOBM#Y26_A4k^&Si{q7fp#w3r%3Tq=6B^E0G;)w
zPm$tfHYq;J=apwl`j^LL6T5uKJCP4yh?=cGzpm)0l(VirBO3#ft>nszkEU{kc5x3+
zHW^i!&L9($VJ+MydMH_Rq=bKhmvi`S;ol(YnnR)VfHM493O~vn6t{HUUKB61g5JU{
z=+W8Od1MRIphs$uw4CZU`#eyH0mm5$i5yNQycVkz@p*N&f7sdK^B)-Ns@p6(+U!Dq
z&g>#Q4*7F9$RjfDi@;S~E~U(;wB-lt)+rMw&9~3fFuO!szTbxhf_f?SG~9Se&=@nw
zXWTxN?YjCJm>Be9T%Je`t9PK1KRj0eSkm;uyb+}+w_2+H${SNlbq~Gtm^b7qoX`hF
zJ=aCQUCoU7w?_`m*B-nFOo|=pO%xq}?0t;1_gb3(Bc6lHxx+6Pou54GDU~vc=<m1c
z%#f%6t{@4%!4vr`Tg4XeXk*@jiG5pU3i77rf=YlZ@o-cn)9gydQprSB$p_X<l3vVW
z8?h#<k2O=sK1H(kvdT#DG>@8APKBP@ni9J7r4YBwR7c1JvyV9)jR^6I+7qntXW%M=
z<}A+e9a_Tz=H2glN6BZ=C7pRGF>K*^VO$$S7qV*g(l={mZm$=;g#=DBIdsZ5PRJ<9
zW;7-37;h4fxf_LEg0Kk+iwv+t9#D#)@>#!#pQqlsT;a3K*(HLJ1q{NjGW=BHPtwTL
zj#MMRNc@-84D>Vfn;m|U8|)<v+h^cKy2A|HYOhL>AK7^HG0{-;Yh&!F1=^S<5030T
z+D|~8rhw*s*|8btmROGUET1LvgZA=Ll9tM|qp8p93j4KDet2!MUt8^;?efE&v*<vg
znpNBEdq`4{8sMMJn;R4L_4@Zb$h{1Av9?_7RmFxtSlGu|bZ9=GEBFy6RzZ%QQ^9<l
z?$5b_<<JuPme@++2Eu95p7N1fS@`Uj$$r_XgY48)=k3(<NJZ*{DGEJGamCnc^{h4g
z`@~a1DSD=g|HCapWMp?fYVF?0GqV-goGB2O^Y1vYl>;SA*dvQ*2TAbYb=_l&Y<ZJ1
z{Z6TCB+pm2qW0rbeGmKZ%f8Nu%RK8BWpeP^X+2E_M;>qTC`|q<n=+eM^(F1|4!}5C
zF1n|iy#@}WhA)!Gi+|qF>@!b^kT0QTO`M*PB(w+YV_);Ai42EB)D-z4!yK*ef(A)Z
zq9D<`YhJKKzVV;lyx<A@DXVFL$c3|B6!K#|Nq-QK3CS-1gG-%Q$|Zic&bsv$2grgZ
zthab9nkiC9-bK}GT82sKo);w5it$IUMEbsmkSOztCt8D^bg4@2<U@LPffwu0x{!87
zznWK3ew*VrpD&ia3t}9jk8==^0&O{`wzKq;8cEpKUL?xQ6QwH(5|j;>2;GvnJTe*O
ztvOlNGZa5AUue7a80nH(?6D>DnPfhOf5$&McvD-WXNCKEj83mPbK0orz-zt3?zpqM
ze^Z6-^1Q%O>Bjdi^ea<sl=F?J>=o_77a5Vik_#JOYyG+vxx8t<SmyraG1g)<T<j}*
zzviGi(8+z7eU8hqPLqL~qbG`NV!T)*Umxu!OcKyw!f>J!Y~g;;x{qwh>*s)Luh(ev
zmbUAa+@*eyW4*?x0>&K^W${?Q=S2qLb9MTR&l5!`xFDM$poY;*DMEWVg_fv7b0=~j
zoZ>a^m=-^eQCefm)Aj?h*K#A!Yu?pKJnmz)@g1N0xDT9-;@pkQL@R83j{mtI7yEyt
z{_or+UcgJ=2;HUMv3h8LV@hdrAnM-Y$AdxC-5t!ik>BCqhh4C9S1>wekYx3ju0}s^
zv&f9~9QT$q1og7!P%&ptb~J=p`}O&U8?`Ltj(*u$B8|DoE)qMW7QYZ_ASc?zkwZB%
zF1O`}T)SI8fpR4K%{GAM)2#(|Kb_p!v$xAV6i!9qgu?|ZhEh?Y*NXo9u+^1_eZ$Zc
z|2@p|3MG<y%H9d%FC5mxi1{xaQxGENM~w9m&(S+KF<!tvicPR4S2jPv`%@hymK-Xu
zAF&K?LOPH5pxfG2ZsY0q!U!Rg_uE3>@P8m&k=h@XypQvzJwMT2Yjs5{ICz$e9D;Fm
zT8jx1D!)H}RmS~da@F;d^OWf8)RCTEZ#8rL&6o`GpG~u;s!}zqI-C61sbfh^ZR1Ky
zY%`pj&7Vz<PX&F_{ZsVN5?6N8ittmD;{}vY%9EOX?W(zE-$D6p@_k0PeC>!Ox-vzZ
zsqx||BfL!R?pP3wa^@5d`m&DXs3j5wj^3QLn|x;eYJ$l`+WJJgdTaH6;)^G8NYfNy
z^c(wN!Hc5qtGsA0)<4WgGyF6ltMC{t9%L1XFH8SCru(qb6#K+&td8u?_2#Xnw!Bsk
zH!EZ<G&(o!E$?V@g|>Ul&|$a72po2Ed1qm2jBc2(E#4m_blgs{KPry6$@f+k>RsZP
zMGo_Z@4W|nZ#DQn(w_CbJ=O4i{D5y~gKw`LBaj;d?of+rYsO}UkOxg(>qFc(%46*F
za86H%zLdutzS?6P@x&5t<4ELPdiZi=PoKP<9u5SO`8=<&eUs(sSmO$9^_i1a)5p+i
zH($aZ(EQV$qE=6Bn@hCq=!lnYB<`f0r={o^kFid*GcdjU7X1tD1=8)U^%kwJ-HjYW
zHP<lVBl-XsCRjcFv83cFO8=b04UQ>{35%HS#Z31S<WpK*Efa<x2w~?I@E8<d4%^s5
z?Y-$@PGVRQ+-vy$2<c4jP+sNlW8E)Zf?o?EhChd+t}`eum~+2WgZ=}2ZWBr?19WX=
zThWX;#zsVJ9<zVD@g^9McR2EHpS&#|qkntiJJhlmxHa;-gx{9LTqeFjylo`zPIGHd
zQ!hyUJhQ&c&ipi)*FNBTzQMPFSzpDhzw&_Z#RlKT1Q&2E2|{AW61_mCcDH@=$jafi
zZ@tl|=d}j&KJ~{wF7njA?=pjbWC2KB-iEt2&<Q$%4oIYj>TP=NQtKxzZ^VDK$9P4B
z2>Oh>0sy@fKrgdlxC^!!7+&ImB*pd?Wx&x__i<?0V2)mId$}jN2fJeSw5t-s9nKU?
zf8HMRS^@M5dL_MVq3Tw3A*2d^f)U-dPEk(EkW8b+A8RY}=e3x=Kf=y?MFWQ|sU!A*
zT8y<)r`hk2(Tc3d*aEWW9Y9!=_omVB5ZTW%nm6sm5z^bH_mJCbgbum6xJr0x_aK23
zm2}?*Z$s5q`qM&xP%Q2d&!-1{JqA7-9Fs%`IH1Muq8URVs5Y2ZV$chiAR8|wK~z1_
zSN9&=a);MAY~A#@fX91TR$@FNtG6fz_ljGX85}!!0oizYhM^_S|0m#=m;n+4Ik!{m
z3E(!|Z{7gdK14K~INuy{$Y>XM9T0eJ;jo_fjxpo}@Ve86R}xlDzO8WOCx%sud(M<!
zE9=cc>cR;!Z_{U4oMMydF*dMQ*x)j`Cuh|)2zLo)B|%mrAS2o+se?N>vlahBpq9@q
zukUGDoU8dDj$hDv*j1$GF#xTujkKUSiuHOFpVrC)b-l!-F`7@ZV&l?iswXbhlR49+
z7YKK4ckTY1nu&w)=STB!d9Fr;=>zmU;yi{qQB2+n@pdK7JOM?gpRM54_Jr4Xhv~WP
zF}wRBnzBcrJW0#KzWNJFvr1@2)Sp?)i2NniZHtfsZ%<ON+Gv3k&?&Y0n|vFjmE`Il
zlsZ^t%#YkSmLP((C!sgC%i!$SJw|ip(5q$WH_>(OqBDkGMSmv0)#Q6mTG`Gh+Y%Qg
zkATWqh>*9fvefORWspfO8I}5zax9i6LP>rld7obbZg`AsFx%+$*q!?x9zSJ4Np#Kq
zOiq&3_2*PgWCd+t0dR)3zKpALW4nv^avu!v=QT;J90DU}c0_t9GcIT3lM*Dmmnr#9
zvVRI*9wlC~d$k2WnDpv0V@(=mp-tAQ(v8X6Y2qzu3MdI6{v{|S`JtpdA@WgCW)Hq$
z_uv|i5Sf!!BP0@(`wr3HVd^vH?Y0!k(jyx?fk>ltlkTpSUr<N7YoksQ`66qJQYe&!
zM{>S~W^5C(yk)&Hg=!1=`~}3^oG|y>D}1^7)MM|cnphDXQq1yx<Yz89CwU=DYjB7j
zoXGl%iD{X9M@q|hW{}04@JD3i0j#PfdW`LgE4w6(O9C%*c)M|!00PFL$S#<lm@q#Z
zQMRPmS;n?apNK)s4s(3F+nChu#+E2SBrs=9+gn3;1<3t8Tf<u5pth=igxnNhKl`Hn
z<6E5NkLr;ZMf#AX)yYMG-+Up-cV|R%68)|VE%%z7tQ7y<e81$A|NQ1pYx$8|f|{Pu
zA>2fV7=dvq`oSop&Pm66kmppq2m7VKuF8HXlot*qDn{f<;yrvz>Raz*B>Y`tclbkp
z^ZjZpq<Wg~Um_p*kJO}yL1`iMz~7|4fDaNATx-BFeVQUa3)<CM8VM$A%eSzmKg~qw
z>WSL&;96PY*DXE{rC}l_XDo6;2%MZ0an@B_NBUQGM!3gNkl5scy-zX<AHscM_XjBc
zNcPJE!c6aX*nKw4ZL(qR2-O%nH|-ThdWShlIE;Dhm^;EBCT?e<1P<uRY+$Yib1=X*
z>2*D}S6E1Rg;I~vE=`#I4|$9?JRqtMM18jpyt>i<P~vp##l-As8?C~%*uhq9mT#Z2
zS<hSVH|+X*iX77Ct2DhRAZDh&l1;0vuR(<F-FaT)Wsk8QOTn9hd9VBP5CT_i4@76r
z37C)9(&eB4;U*;yIWBTX06|@8kH{Ts^Z{Eq;G@z><PJ#u36;P7&nK0?F<xx*$B2*;
z`HTP>!RWZ|-~fVk5>46NinumBG~Om%Fb)UHj?6w^=}2uC9VxBuDbgK1DU?$;r_0!%
zlB%4)B%6pTXZH6;)^sPnBls5}-gD@Vq}F5&Ik;>S4aLy=fwJwQI*D5In{ucMX`(R%
z&x;;pYv`54w?y;jfc^GjLU+#hs=o8>`a)ME>xu^kY?o4d5=G|Cg^6K~?iR5mGCNy8
zj#(_%mUn>Rcsf{T?L@vRn6A_>tiE*4C<Mw%-^RAJIzIlj3Kwa|zt%CQRq?MqSUUy>
ze1>E;8Ta}O;$AEKmHujV4?&2XKI;gS7=LEG>njsiIPtD+s9QGF=PEo<+G#A+9&xW9
z<&*7u>-#SVt-=g&PC;|IA}2iNI_7fda&hfKeCsb%<^0DHt-p4x8s`8<jT1D&hEs;E
z!aQsBvaQD}RLB1(p{+l_z~X<Z;JJE`aGO8KO-@2Tzvy2kyAr-KE`5=>)IESIz8oA>
z2B;Y!svS2EDonL<d+Xp(&yeHcqIezW1i{o#6{fan^)uz*pr&~#l_ybsGO0=Q{DQ#Q
z=~goPQXc|S{XG>(|9=aWja)tZd0UuXyE0Rlp4?9Y=7L&*t?>Np2nd~<P?Ter7$0*J
z!7>o*r9B&p^^SbtLT@6{h8(o*G$DT1NAs`O^Y-a^u>ePB)Il=?6G>7}^7j8?+wx_<
zQcUQ+kZ!tS{sGwSjG6<Mwg{msvxPavI)7P<=&ZK{@*vSd=>9AdXvaQoC-!khA+1it
zRbtI2!j50@jN!}7ix6>kC%%_vfv{U2!+Nh%d9M@E+`URWjLRD6U86(qgit&5u3ceK
z3wqz*5PH`x^sXheCQ*@;XHs8iC?SQUuFI2kLGKzR-=4(zc5vo)6`VOWM6F(=dxN=M
z>*ii5Q)rjuAIFVVQuY6Yp+&-OKD&e-vr%3jnHzA03*dg>^{p`^!tf`C@NRS6lP$$5
zzy~+mY`2~>ccS?>DJ=z#KICHmKAOnEo440c$xu_rHW2kpTc0iSJYR?wy3JHuh=CC2
zB2s%VbScMPloQ_<$qJ{c4L&rb#``PR`av^K$4jp82(LLL=0OaYxW*^pSe?V{3wvx<
zSFRL#9A>@72O=7|h5m7jjGxMPuNjJQ@6P2xhxHX?rQ){kKE{!%>~5zrIY%H3F}ZM!
z4u3gV*)&319$JIoP9Dau>4myLU`_AHF4suYy~e}Y-a1FXQ2#MK-)iGcM%TGT(CU9}
z!wZRkIXtH1gopw}Oo+-*qK}j#TcDEAv$swhX%0N#iG3_xwW`&HV7Tw~&F%wK!EQTh
z8oIQ%PDFAUsB9l$4mki!)Sy1J9)<!Thba=E!R?GN`|UHfMLx*QYZ58V{t-sMeWq`N
zqqmxQc_I*x&jo>y+Qi&;l%Py`x7Y?Ny|~I(12Q3|d!4Zc{wZ=KJA9qz0q;7uUb)%x
zb?+uODjvM{lILFGX&$tLHuawBxx%{+582^~B6e)%e8zuGzK^ovBJ*9^#}1^5=EK#S
zl;%S#!&rGc8>rP*tTZ3C3uTR7IhW72=0nNXRJvre0{dK9&C0={REtlVt)$9hQ~g`=
zWU6mU*sDIlk-qnU`lLj@^>33&Nqy^g@`T`*Q%D;}Y%8gUHhE2;a&^T6kUF)$qeAAd
z46Ji|hK^t74u1*GV$!-^6<?ne>lN;cHq@k;jCazy-omHeDsp43ZZeRSu+j)I-RqY2
z37=}by0lMdc|1?jH&W3dw;cl)*d3xSFZ8s&gpZ<KrRwt@0)7MxBMmv9&XrDV*MP)n
zJd1*n(i$s*$||vL@I3|FE6FQYsnJymOc%E!bA`}9{&Y_QZ|hH2b_hLxz`IW-QqAM}
zy!2AD*w>!KE4=%p4?lsp3>E^Di66STV2J?Vd{j2XOzM-?7g2W*k(xkuxP1OmnV_1>
z%C^;%&Oa>AE98$BSgkE@g-sKVjlRkO<Z_POwR82XP*EmX;m+K-$FOaX=TMr}X_F<0
z+PR9T^(T|isC&7qF(OOIlUV7{DEx*c3EaGQ6@k0pBn0jP)0HLEjivE-sp6OrTIum6
z&*z1hG#V2&lx?fl=yK*NlQ?Ha_xz)^R1?0?GanLEkfkEj_RJW+$1R&pP0gu)uOX`^
z@_9|oKwySjh?>*?E<cpb%FW8EI-67=S5y9X`B61yWmSKTEg5$^-Nu_<W1lq%JP=I_
z-rs>Dl5|XK!^l8U=~dM@2l`<3Ym|@~_#;t*Q6$k(LmNm={O~0A4m;Kznl%AX6Pc9|
zQX~tfBKh|i3L)Z$>7UUaX>0TupLil4G<wAV;Uiiy+Aq%H3@XX<KaeN&Wxw+UT_ooV
zPwI=Ptck4&tb2>~WGjkKxEqNgO^${)SpOyO_EH;7H`q_K2iNeREr;|jpRkpF4PGZ>
z8H->9JmJWKx2Pv1D?X)Z>OIje%t{o2es*4?-Fli%kyo@-@V7ufc2!~E0&4VLuoVas
zH7)e&&{%lA40}HfP-w3JD^)1GF@7DTJkMW8?c7pb7Y=w0E7Epdr0Y5iWq?imR`tD`
z8`RDw`5V5392d*eHS$NR`&e?7*}1xNBo}|RItd-<$vdbme}mS&#%?6oGr=cMWUb6J
zo1eP)@)(aVq3O7MBH7;2%{F_>6zA&nH7!hYCYC8IX>esJD*-@RJ&#JeWe2>tRkpv2
z)8KU3qm}*pCVzBNu`6*Nt=NzV?@dAiMV}+C>M{Y_tMG~!Y}S^ya~vZzJJdR~Wu{1`
z?J|E!fn1fT*`U}82l@WYPMAWyP>n*nuvZOszx60r0E{IuO+gO`U1Ni3oxmjeEusSo
zoB+}d)S}A3t$b*_5pTEOZOGicQ;~wAObMgYq|lKw7NA{$QL6AdK0`53@pCDkW(G6)
zopEC`$s8=#$tay5=BQ5`GIweQnPWgFp=e7HoI4b4W0InYjjBD2-@o&P6m9hVJt<mZ
zVdemA`xv?Z<32$&F}V2rj#RxGL|VC%KlW03<YU=hcD_(6$uFv8kI`sVlPvUFtIxL4
zD>(wKP7Es*U7kZZf#+^y;EXXY63k<&5|~^;ReV0CZE57(R3m#-BhBeXHj<zk@v24+
zTUDx&=J;|xNLBn~Sq*P12qDruAyZpgZ!@*H6mSaMs0wHecd7Q)9?uCMwhq=wp*?Xi
z;?7`(siBP~SMKGH4Y`{?Iw9n|Cr-YMWC3XSmP~Z$$+iC%@_N2zaP7Z)%f{rB3{Y2n
z?a8&%(RS&mXaLw9{cGZc9sTbUC)b@g`7V-egpiOA8Dr4uhLRw2rPYg)lbWyn)+=oI
zHfqN&Rgg?>yfPQH(m@;9gxdC{ZU;l!<ckes!H~`m(@;xcM~}14VXKmsfKLY0?%t7v
z+6ia)jEI`yOm5%=otj6}lAHld>CtV;9)Wb}Wj$1lzb=c7Rmw2nEGzM*>cv-1GItB_
zWBKMMSN$nz&LnkXkhz@g^Ox}Ng$l+*H@UL)CB<f2>?|t_b7=9Na}_(?P6D4xnqaff
zmY&4EqS7U!_5S-VeDdqA=6ZSMtFYQ1Igd^CV(th3r#_<fr>dI2R@y|dz-B{LHNT)5
zMrsxQ9yV0*({es-8b!tboDPc87ZY{_@2gE&UtB6xf9Cm9_ZY7m2aNC&IKXQ(M+G8X
z_?bi#G*s$nd2&Kg+ImgCrx}rNDITtt#Wjv2ks~$QLvqk3r4fx^d%A|dp{5I+khRS0
zF;`_9jdzSUg_w2J$~ly~A?LEpt0I}DZ_B8%HU2BWb&_j6`7W|_32qU;SEe#r^*qea
z6V}h06*C0SSM_|4j{SPO>R5nYWeWGJxUD+MwYa^;Z&Cf~an0I8z%T8JgtzKzarZyh
zJISprlrU0WjP8u!B9DR-ej*y<Riwf|8qI*|bDjmhje5=;y2NRHx80?eYm(QBd$?9?
zR@aJE8>GB_wTNM(x=a&ya_r?FTHj~c>bCSps>I#Fb5ge~D*u32{CTh8qy$al@S+f#
zf^YFiZTWYve4euQ{LOn^z@!=9CHo11@3e>NA1Vy3iTkNzDbuiwrrE4@S$31vF$8gk
zH?6N{p9k!7v%=RA&GjqNOXvC2(pf7{0aF=31<a?!;z~sE)P9^H6dr21!g=8I+E{n(
zp?=x|iA#sSLrn7vlpgU}7v%wf%KQhgr|jN^MpQ8>_s@<m&W`McE$p;}+lkjw$b*(m
zp-A&q0;ezP7kM6>B7meokvXVGZNH*6^camtl#v($u7*csES|``;==5CH!7amE;nRx
zkAmM*1-TDZC2f5S4zboRSxP6UP_f{ZbQteJ^Zpbt6r|#t6r3CtkY`_0li2V!<V@&h
zhBkq^Qtwj@Lwh+N1LiPg!QBOpiqBv<M&K|R8&ZrfYXxhN*5mF5jegM*5%fCM?v=g*
zFeu8W4<J;!WVJEuB`}OSFl=7i9gfAzrC%AX4C>hm_l?KYZ$j@yANZfFzYUgFd=g=N
z4^RWl?XL1zythnmj9oweOErcQexJ`miO)az_rJj9B)-cQ@TV8m4k75e5>?kM>&7$H
zPT*JrUfIYFaUS(pj~79FwB>l8L7VyV-{fS)7s?EvHdN@q0M(I(%jj|%o|o=Y<HbWr
zydNL@kr&j>rdBtXV{gVS?b-JJAosK1rDk>wTOYak1oyLA-4zt>aYw5~xYUJ{iQ{0I
zlc|F!4{os$<!Ol72@qwa>})m}@^Tw<j21?UGRCJ--1k8B*i^k&IrZ91&RS1xw@cl{
zN8ZVbpQbWT9qW0KhjdqRoFca9@+D90XIQDc4t-2(!c+^b<|aN@^~K82EV!#BE>g-=
z`^z`m<C4VV#`Qu0sfkNdnGGlNpHG;%h*aAA3A@a(<4@etW6&N|&zw7C>(iDuCyIJ}
zy~zF=<SPabb=`=LqC@JLCaQfmbBr|hRn=Gz)rlmqT~K}~KHJ_02o}DGRvk-2DJHw+
zpD7kJzY8gZFyXAYPId?119<CAVP0QQBm?sb1n1g+^$&4wBb4+QoV%4IaPDXP_|TLu
zOu_uDP4)!cN8{=9rJ7*Nk1>()n5;H<sxRCa64k8Eg6Gq#^HF+kJqLG!oX=UEHGE!q
z4$WAu3skyPY+d{ohu5Z&x+@+&^gjcmy)hYTWAa2^SVqm*gnpY^QiB`XY7b6C)J%6z
z6n+6ol^_(}6PfwUIsT0rvhkP<xv5_E4)mLzQHl1}5Py@R{~k4qvvIWfujo}U#=#vc
zMN&t^i9sAVg60cL=vC1ClgK*b-#|z6i;%MCfONwip1o&MH(?D3OJe<wwQ|fJ(3<9A
z0t4a*cm2jI@pmP5$-hPI<X?q{a1I5+IS9wEq9n1jL$~{lory~aH)_jSbDdT$haL4z
z<rZ~%y%M(+`7h%w8J>fZ9`owRQO~^7J?4$>$l;sk?cl8@&wjh7W_jf3y)}P{9QMrn
z<1$y|=*{zf7dbqodP!o5d4)NS+m24=;)ytIz!emTiGn}JTZ~fw8jPgYgx`!$q=f`K
zhDg5^_J8#a``Gcz$8u15&zgn&qy<oZz^{wn!~C1VL^krTjel7n_XYgBm46HQw~v25
z$jA)-t>a$@|Gs{tyL%%4_VMpF7@ACZII_N?P@m>e0muN|xN$lvMAcVd$~gb<bL;^#
zF3{(%*6E|fxQl&~Lo%F2AK@un+Q=qj)Sbpdvdkv0S+N9RO~!kMK4B(*i9cDT-NW(C
z8Sl%0xMNgyQRtNBdN-BZ9eGSH71%|qFOj|+QGF@a=dZE*@`f^$n9q1peL)M_?n1q|
zb4$m%@ish_O9D)^_10{N3~aU7|IOr7vKS4<X;67NnA>ls^v=p^AO^BId2zF^mT`&l
zTb=wi`4)0NBUQ7tnG<SJ2yZadS<)E@rhjsJ$~{ZK=v#tPgd86I7iDMFt`hDmE7WK3
zj`)`$g5HMk+NOHx6!(136!GgF_Kehw+rULyRQOy^bfn9S7Lw*EdsSQb0ZFj(wz1HP
z6B!FBe%@Gv!kWi;%U61^`T*KG4dZAHUIdkP>z$v=9uec*TR^P>fm;~H3O(BIH5r}+
zmk^a%WLU}=(7GP<6D2o4CO7`dgUVd!x70y!FI9oLYC82;VUnCdNS_l|Hr2~uU5V*Z
zST|HyO3~L#*6|(bhiN;xHB?_Xw;GShQ1O4b$WU<|e0Y}l53kWFJ=b$oP-CX*6|Akf
z{u7hJ4btb#GuBBoyLujok~3w7mq_fEw_g!ThALlu7YOccn3jz$*)k5NYtdOZj$)>(
z`8Jj}3~JEP3ZIf&Ue}@3`&bjse4^R6M5`AOkNKEP;;_eL4z;K#Bt<Kn=_`9#TR4w0
z=-um;NEdv|(zCY+yc1n`pYf@u^zG_>j9P2>9hsexTbKOzF>|KX<?xw#Tb7(RtQwN@
z=38MsA_cG<0N`u<m7l6f+xIi6L`4VJvAnd_@NRdQPAdO6&Xk?-L<zJ-0bZbvLcRk)
zS&UiMQFhXdvn)W>2fUiG6G+&M0WE&qcG@c)<ifX&b^C@MP&cOJJKx1l^G#um)3k6j
zv_UK}k2_teK^noOHfGra&6R<IOkl8JsEMV6@r>Y=jZ?B7&XqT{9#UA9!A5`nLl-Xh
z(Yb)S>>40<l;YDc=x7kykci7wh*iniHPOqO#1EdxiR_SY6R<Y3=MS%!p6|4F!1eUF
ze@w}D#tv?b9L>=lx(#4*QcgM|73)OL1McGCXM`>>4h%mvbmeevSg(~-E;oyN<4(X1
zM>Q2`P&n+5vYRAk+Gp0m-K>(^FU`)v@1Agwy<M~W*co~$U!7=(SS9@x4Q%DE2%6U_
z_R0VS%xD!I1Eryhf=qF?$HXnCb;%{fUo<$e?XhaUl%2KA6&FR_RAoEPKejS~uv8>8
zlTOhGMSZ3$whc*<h7bzg83~fC8COZD)LeD`p1KHSFGiI;gWd+%BhBG&SohF^-*96I
zw#H=_W80juO?$T89<q@2i%V0Td=oZOlHLLAaq$=?1GCnWdYo~-nl8!vSMthK4f<)%
z>*izhL6Y-jhX+p0*W~1UotZgbLMEK<%6!TFRdT)<S&#X8mfnBCe9bxUSP*B<*LEAs
zsrkCMBn66%Of>VgO3jx7=e$^#ReD@?=QuNF^qjFj0S#gEFaos);x_`#UAjz9nVPe~
zJ5DrT>yXbLGhb{vcyZCoUY@tH$F%+6tEs+TL|<hpzDlF<QORjLjntD*+mT1?X}jkq
z!Y9?z`_z4q=;PzP%CTP<xmGy-Io{*Wn!+qo%05G9F|Ws*A<<e@mJCppa7ssCATCUS
zoL<?1M1kM_2#ut`gf>_{MIY^}Yh~@Y6*AW2zD?{al%TE8;Kq19$YFbR!?SWZmxZ}m
z;nVra&kFZxu8`w9ZB$Ie-}6Li6PwWK*oMNVi4TQO8NFFC#bb<`V^&PVpJX|HzO2ew
zVzoB6+`5T-K=tsK`SMUvUOOi{D_kL_;~1VXj8>@<;cO$G*l@wtX_X9<AekW?%FIQ#
zVZt8yX8r9+S5}9w(Iw#wSWmSyifo83tg9}QTJ_4Y1$uOd;w1FaeY!b)qVC$P<17tt
z2AX%9?pp7#kvOTY->hr?^(Zk@kn?Q;i?3mk^rE?<T=gbx3c^;9(QKYH%R*i7Bbjlp
zJ>Td<5AK*8f0(;7C2!|l2}|)sM$+;33n}`Wx@WNYQR3X%+9!`T3P0*Cwi(j?Afv;O
zmJ43~OAP67N}@DYD`a%yU9z4fY)$B!j^75R;RzXd6T*D6UNS2da|vs2sZpOV&Dwo)
zSj^v?A_&ujhNwVePoZ#_vd?9OF2d)6GmHYT-rhRZ%|=@C>u`Wmo3mUl^uW;f0>ixK
zQ$wYb!=94nQT%SuqJN`Ho~RE-W)Nv&vA$3y*zi5=uY3tkCW8-k)}O<F?(~)JwfRrE
z;&k}WTbMMP|FjwV#?Y-j`A-}x+We<)k@bpX7XC3h{3U@5hU@-HxIs+Tzs#qA@sz5>
ztXgCpd{`Jz)qCk|;y;?|1s1NvTvY*9pf-<Smwu1jq%Vd?kQ%VIG9HuB87hhw;F#m}
z8hahKQ*!j65pUh@Sm%jWvdtnet&Q*qYi-*YmJvpk!izRax0%?r@|*b)GC_d}95EHT
z*{syxnlt7YE=hbKHCWfI5l#v9RmIPEjp_LMnJ(OtXh{(+&H5wf9~+mnx@^*#e6O>X
zdrkTSLKiU#gQLrrZbW@x3Qo*%g&+bB60k{OUW{$3dCv-t30wrPvxYqYcU$#(mR9$S
zh;G3y<NMGJexr+^%)cPfx}Cf*Jv~?+>5%n{m|etrF!R1_a{T_!dfIpYi~ctLgC59W
zk=_oGF_>4b>Ntg;vo4n(y67c?fQ!fTc@$zcS-O(4K<wdfBk~CTHXi1?j{oaUYB-6%
z4OC!tW4*ZVwE2Mm77_+ZWyyElXqT5-x|Fg1ICq$lnnA!)JUNL&gy@w;&nR)&cEGjr
z5eitp{|xX(SGAGA=c#;NSs>~A^Pm#ZRg%#<dmZLaCaw;|wDD!W`d>);Oh}xY9v$ax
zQMMEF_TQ2TTSo#+-C6?npNp*&lPRvR@#*w|9=#ih2WAy_Y#yqYzRpPkE@^n{)JRS5
z>=_s08?3cl_Lj4(9|Ij}I9(M5joE{2uLY|ErTFm1a-};*zoUDoYC}l7_pt7ISucfS
z!`EM=d%AYtZLA{|m_wHeBclqt@SZftX3w09SNl>*rq>ztfEF9?{u?3vas0E2cVXQk
zpfGRA#gTGBpzKKKYur~1v)+p`rASx&Wjn+8SCHUx_*b|g_XPeGMgpK~MTtd*n{==6
z1mzv~3K{rfN}#&ggg&^nNK9P>kSmju;P2e6m%fTyHs!Tqr|q?3QxIi+yjBEqZZ6>n
z9ZQz#+#QIHE3v&+tifx=4##W7Cc&pne-#0ouO|If1WjG}s|Xky6Fa25pNmxfQ<2g*
zM9jD}dH+ymy$8U=iUU7yIA@LJ5{nbZaIZR9vuE#+@CxFr;^;BXDs-d5R$LTx7WO>@
zpU1*X{atN?QWz36lAW+A+!y;kabpeiXI&6K9W=+IhBe+)3)T6cE$E;oEpo0b0x|i3
z75hSq5BziAGO{QgsqJ=1c82-IYUhLrq0$G(#J~3c!T2JB9{@!EWPA}jJ~o=7OaiK=
z7%W)VX!Sp4Hj)?kR<=MqBdSOn)#K1(B_Pi_c~lX6Hua1u@}%^txk7Cb@ylqy7T=~x
z%>PP!k$^d_ASf}k<q)Vx=i(ve`dlZzNJi8ER#5xD;*#5+iW-2487d7HCT3l!_#!ch
zFS1YKi?n3K7ikd_8ax(klK3LLsQ4lnT;yDD;0{Lx_R{KvZTD~-n#ql9Q+NEo1=a>8
zYhM?;hPqF96@!RCS-azcA3bPX@CQ}Zj$H*Vg;Am#9%I=Y4tcQe6swLi#D?<}p*H%k
z83mz)-#9}eXqf$0%QpkY94CEl+zAd%{77}pw#tYk{u(g)A$dPc;P7}Dk~?)#sz0d3
zNnZxEi(N)M8IS`5`Or1#*_HMQ){!R;g`D>9R_*gblljOFF+8+i?Dl^}i>vJx6F*f}
zotD2#ZT3CsM^gSPXBn^Id)_ZLz$h4tKR&CO65`3Nu2vuz#VwymI?XW<XK{|RT6v*H
z_DoR7JC0^<GqQ=`g0Dm`>kOZ(OPI!mNN-6kNtWj8ApP%2IxSAgrr8S!A3N^~4c1E$
z{JJ}mG&nJuO?ci@YLBj!J^I&l$?E;7+M^rnJ-X;m?9s@5vaB1j)gCPwtr;=#nj@+<
zx3$FA_2N*;<Dlm9T;>5*Z5p0*r}S$s?@u|FSb35BHkFrTY0m~<n`-E#4+LLt&@XK+
zA1EKlFv!j@G|P-i{pKSP{u+9jF?Kj#%jGNJ86@^|oCOCZE>`CuwsJgrtRBdbv=M;7
zq~F_1H@+6}w&Y?rJ!;Si*isu*H^L?iVY_I8O%MVj@Clg3n;aMgqC+~ym;(=vj`k<)
z@S5C;$h?EO-Jv1`0~2~j4x^y_BRVuyB2*sY!OV#-lz05Uj2ez-V2?3oI8u-YC9+0S
zy^JSov^oA@{%A9Bu%932x1t;KNg%2|;VFBx;XT;D!We(BSWJ;B8pa<isa>UtX>~&&
zOKh8Tqp`mP8ZgTlp^uRU8{?w!m_}##A%8TOYv$m~bb7kIF(#Fdq2=PyX6Rr!(W!A*
z2F?wE21qx$$ANUdM&Zy!O=Q9bBxzN>v$gv)YIj;LPnudCVVKsP^{~eKcv^&Qx@xa#
z5k7LysjYfGE7X@@!#LvHqz@Ys)9MBYQC%D`2gWM20{W3e)PEMu2MC&Ta$jWq5|&*n
zLBe`0y5oF2h4EUQmrkdr^aLm$FD3`kjEB0?AWBV1_t=tSV3Fdb6~57ZTvUl$t`RVX
zpd<cqFNJQ2;69Tp6dAx#e-2m%yXmlnGoWhsbXix{rC37B*EeQ%{vM!pa{Pn{f}iVI
z!>@8(hf&D*7Wh{7kq*uqdS$33m-C`qckPdVOoAOfYjm^sU^z1-vN>OGnnSabGY#QB
zK&V)`i0Euryv{@q)D2hsY;wqQE^(H#*0((W-@KF~qXwx38o!CIjs`=^m9KD<HEE77
z$h9W~uY|H<5Vl;QMrODN8{-EvO3-xt;QUCAsv-@*_-O(NBe)Fm=4KvYk2x>5-Y2|5
z)gnE5W4o~pgDi1#i>H^+aJ};#c;)m0n!2bN+z@i)am#O$Cm)Ug=fK@fVZs>TwIy<R
z`pmQAV*amA_I8SPpC~N|M!OEDD^vJ#e0|LxIqpak{p7dF(?6@(QzVZh70YjvXCO(6
z9+D&{Kaz%%R4$JsdF8js6Ci1<lQiB=nncnRC+WL((w!ttcalPO(mVzguhq*oY4wxj
zpknlni$7wepJ?939kIn-5jPOBd1WZj*=H3+{KIfAa_Zb$lX==a?*0@1N$kS#*j+=>
z=WNyPGwA?ytOeKnMFI169Dvur{0u1;`vfS`t+|0=HHBJz2hi6|BA{-E|IzM`v+`B&
z<EZX}rMOOaLG!V!+SG-+KY!=j>W<lX%U`<IU%E4d`_w&%jR-+t&6%%ezLjVIxj`4g
zzM2AJ`zB~TH~u5l#%#L4AqU@1r3dub5&R90ff%;vm-dnAj2+I=%eKrceNmj~1&B#n
zH<MCUeJ#~;;fbJd35eBd&0=?q`=vs4YlNHdL)k1f&nm&DfaZ$>Qk#j*Aty}i$1)Mt
zHPnN^S=DY0;w2a@-Z>`f-Ww=OfNibetA!R3n1!(fO1rfCe<Dr9x^nbm01<1;R`DH5
z#YsnF0`)io+lVtniKKjIF(<=UwYs+{i~ub$IE|um|L`u79oRVzsJ%H4A?{uSRPlNB
zR$$nyT&->yrGjOjg|`LEUYa=>IY6M4p&Z|ZNE_iU^Xp|?0arX&`aWL0dFHY%Pzu0z
zBD_Ie&u?tR6PeWp+Mrm0dW8%VoAvm;;9;<|ElA+xSa&w2%qwirdAl6VyYB7_iNm5T
z_&WwxN&Qsovuc6atvUW!BHM4QCQ|Ztzp-64{u9dI5OrS~j0U?TG_0}PA30R0-6tkU
zqoe(Z=e$m$Sootu@?iqdOxQp3d<>%BAOUB?B&afhvJbQcB28rAxWmiw<FF`*AFfCn
zK{a%If^Ec&1+Z^+8Al@@h$qGTnP(8$O5nh-7=3&Rn?Ka{P3XvUJ+kLBy>sW_&8hP}
zK9}8F`4iY$p!M}`TBP+2Y+Ay*cPp$0sW?COZdxX(jViTVrH+-<R!MDBsZ&(ybV+U3
z`sQQ3vl`Z>*$sMfiW=#U=5G};2Hf7334&>QJ%F%Ua>YLAH8@jdTp$Kr1^H#v^>wN1
z>(o<(ujlal!LnGmm)~ei3<pje<on^r7odC&^xw^4_eii-1FqJ=9hvxrm<4Aa!w1_i
zZV&Gr6CHRMfBdY`pt05}t#S}ymmoqs#J+=<A}A1Z7Q_G@Lh%KQX*pb{1nrJ}lAT&p
z@p(!P#);sDXuozaz`}VwWI;Tdhi1_F*Fl&rf8<Ev3^wt8X!5=xcyN7m$N>6?8~FWN
zWS{UX(fmUM69#PH#v9uGZ<7|ldx-4vT+!osv|HG8#=E)ac!!(`XVn+jQm!?Oy=ql!
zz|aB)(GH9sLTN@71`)T4W;OC~7>8!7m@cbqLJW!B5gAp0woDKIYt|W(Cq;55w+iuX
zV=3UjIbc>o#N-f}qN6uKNAHD>a+65S_{+2D=oujLiPr8vq@#mW54j9CZ?fs=y$&56
zksE(jDoxFjy4EDD&l~Aw%c);mP#}~m=|jwT-5N1hNFPk>b_myJ_}KOdVg_9w5mrXw
zXuy?_>#<ywkE^IKjo-jHX92<w1$;e-Tm40{f7!GQ0iAhmz_?a7ZebPQKz<Rya6nzk
zO6&>O_>=bvw*1ow=VK!}7UAZoDsazrB80p9pF_C62@H=xxW^UM`3DFGgL53dO#t6c
z2^il5-@eb_N7(pA6mvv=r&-V5BgjS`^IjX-MidZcM6J8v3RLKqK}#WXVv;Hg0}>}H
z2Y2&}!yLjDMpnCwO_5!Yx}*6sPen+E5ItVQ+{uN0)XmCjgv{-R%wbuvZjmtk8;C<u
z5ZF*y0ZnNkrEj2RiApa~=|ffeGL_z_(sh+SQKh%4^fr|~O{LFK>FxZ@hY-V@MOM4R
zkIE7L8i>*cUJF^xp9((l3#UAM5Ht)*x2xCS4!ZL-p>JQKFINkFW4Sd!-}VWAH({y2
zYzy}g%fhDxh<q<3BR(9C68gCryyTOBh=7-*A5aJvT=72umq2$W-gE_IiRu%=OAYh?
z6u82D1z;&~Re?!qa5*0wkPYUWbv|Ak5~o@H_<<R*^7++3Bd&a^8m;qY%XaWt;xrQE
z*Y<}kcZgYhk?W1>a3;ffynT0x?O_q#vLG<*c1Yj^mXY7og60od50=_dCb!I*bTTs7
z<mX6$%3{D^J6jVh{V0S03g+b#(Vi-m?opB7^;XchT}Yt9vVhCtD9FKla!Xv))+Cai
zoI!f*Uh0MxRuI!~5jP;u?5B1VxXy&^UaBVR(pf_0@d4d$J6l(~1pA;1caDh;`En2z
z+1|GXvTtoq?^~tz-pamJN8^x@H=KPdP!^vRQhU~C>{;*1p7m~W&q~U>2>^T+Ev7fD
zPyEJpK{l(PF&p|Io7F+4W*Njo#z)wMS<FBX@FE)&63pd>+O0}@92AKDdmI^QJQ*1g
z!=0JALPr(|^rG(VJ&8!>{wfRP6++e&1YRjnbYPL94~m|=Ql!!csq|$ky;0>aSLtI_
zdaFurQ|VJw`gE1v&fjC{Nf3y=BB!;0>qDePYF|2@q@=sY`R9x2OC$6JXs!t7v1nT3
z;t@m^3q1O3*uIeR4N|Nwd>$m{C+Qz1<-Z_>-)!+;4KYpc$E#$QM{x_mh%G@ZYnmC<
zOF^?Vn~pq-`;;b^f78($q5~1C?+=vj4xQmI#gV{XxmXQ`*pR6pX#6l2#70gziYW%8
zFI2VT{-hMFPBCN0qch=3kUrf4re)ys%`;`2hbdnjhz<m$^Fe8jHj}CCU9Ar9w(#iv
zFAYRz!iRB4f=53JkA4&BfWA?jj;DFE6ptQbE?|(FSkO{N@#tTbWsb70GA2{SWanzN
zQBLI0>|8OIL{GAJE;h*K!5xZE=ZUq}XyY6kUgsOIuu1sCSi27jcYUycKqcPxMf?r4
zFA=W$V3A56q|%qE^hT9luF}V<^j4MLrqZXV^yw<Soxl0*isQuHU>N<}%|y`&jRqY=
zE+ee^OCTQ0c}S=3!p{M$X>4~-R$cT#=tqiQzgG4$Zuf*=Kdkn%R)5*H&^3^R*Q74a
zW&UWtt#Zu8k#G(t9oWKGbys`Fc#q@PgT^_65<z^x6S<|3Afk#6Al=<#-Ep@~4;3l!
zL7YbAa(?XLRl^c{qDATd1fR<ru6h4wr=dT60(pVXkqJ+ygs_7KHI2%L9LVt;Eq`kb
zts%au$GZ%NzExd}$POP<{~nLPvtAUHU>eE$D0xxoSR(oR2x1zKHG&~d{#G6(f1CU^
z*W-JI|7x$3q%P-EE`{VBO%wHtk{Rj(M24x#bp_2TjHpHxpbsDLYTh;v&g8wW4?H=u
zv0&VX2w-tE|7;W_^vZQG9ob%28_|hGAXU0XFMSz>?zOT>+C7@X=?J#Nc#O+mJbsSq
z=dZ*!f8|zDAByeHMpVC=f3^Hmy@i*qI>poE%XcXc60oi-UK~p2t^GfgjRWr=qYAJ?
zrAb@*r!|~Oy@qcqdbilNX3G}Ztg@mpYgFXor^q0@J*j^o)gO%t2>DQ`J`~}x)~F~U
z>cK#xVo+1X5S-bZYqxiwWH)djUsK>Us<!%EdzuA^Sz5y%`RgUPNbKEgIi!5sZVg$)
z$XuU6^i<M(s_@7{-f4oqjV$pQQwQ=p2qTywoUos1qn1e3S^{tTmR3(in6Wt8KNqf4
zsn%p$IZ}hU$|9HFsFxq%ZhKj8{6InqKGrS?ksj8c)>Ra-2J<H_!WZjrwTNuqm8U1=
z=?!^$T%I=agiyxcJknMikvI|eQElRU(G7I&3S~>Q?v&Is5^!|*jqFUo#WbrwGQ_cb
z3r3$2OrxKIXwt#H@aq>^L-<A>Cw|AZ{$}oQk^?A|Z)VjJYa<UF5Kp(Nc}QF%GcCPx
z#@wvNoG!NOE>&!WwOADkLmIoSZ{Ep>uOmS_RgRgSekyFaRmN|MzR7x=9G?Y~Yu~3Q
z_Zt;2Az(f$_#lB2h7c;V5SSFE+q{c5NzF|`O3lEHqzXQb;WubL+jjEumz}WuIZk;^
zeO+Kft}%3e%Kj63+BpSQJ7bf>BOXRS@<(2@05EDNoB2xwha|Yq;C>HyuT^;+csHvm
z$w$UVx2t(Ufc_xwJ#58hiVxYFj=c@$e$jkZ<}~e6)_F~Nl})`1-#{CwcN=n!Z`l=c
z`0p?GHRhvEeIio^X>o`xE@k)ln-{1-sY+5KVoSczI(UbSJ&8XrDjaKGAV2b-y%1W-
z<Bz`BMS@kw_;Is$HIPvYhMHB*WZowvFDE3ynTdAZGgv)IH*wZyd{3Zv$&ZamoqcUg
z+RJYy_rrdq@W=M=Yo;deOX*DFn^fj+5S69p?}Z-o_rfvr=T>=>^LM{|mH%)n`>)L3
z@}BeOyr$+a_3q4H>iuN%_tTTj-~Gw?bDaOyN~i7h_S56mTZ+HqSSYHheftmuR&^nA
zEr|Vdio*E?ScHV&YYgSFFJ2a^<Hy*YxGW9cMJzoDWVUgdtU}nSX187mONM+nr=k!6
zYG{JT)XGMeRBuBS9*+FV!Bm0`&(?+6IAog8DE^?i`4(vlT79{T^i6QSVKfmst@+fM
zp_=-G?=geXvpOPqS&2vGP}6hcPte~ro{rwGP~XH?c$AXp_>vGlM+oFIw^LkX=U<^7
zl}`oNw$71i`ThvsPrx4x1wNw46FM7kD7~Juga#B%^)&a+zBO^W`n@E9mp9%gvYTXQ
z#j8LVTm5$l`hm-28W{L>bX>u}cvHr2rpM2Hzcc<m&hW{%#F|f!GRF@%B6D-Iv<I80
zFc7`wl9@6qw=MAv{uudXqD0;Q$X!JAO4qVevaDg0=Yv1;5<w?NBa?qci>mt&^VAV$
z{*#eIM?;$;hq}Z4?J_^T4{g0ZcA3QbBtPoR+FU+zK|#mQ|H6(7m$q(dkA5$wN;D>~
zrH0I|EEN3-a~z6JS6(8OgB{eq>Vba<mhbnh{zj=Di2(b30k^eFV4|?45bPM5aY9UR
z$pT6&afQB=@F&=w?3ccY;VD#+ui?uC6&|?FL6sw_DGJ3CI4ZV_yn|M?^C(BFW!5$_
zNvZLaI$l1&p#USb35&UoYVn%0O3aZ1y{>kx;csrWz?AEtZ0iZ?Ksp(yyvQTQPV9j1
zA$(n?)%^iBFn~+rPW<@`R@JZLt3UQ$_TUcB3ZY9leDMw5ECQZ0yr+)e<c4u~`^ye$
zb!Eaxn(iw+9Whtv98X!3_8|US09CLhat~Nkr#Q{Brs|+x$>IyP=q7sRW2Sd_H+AKP
z@(E}x!Gb-8_pvN)fmO^Ncj)Jlu3q7v*W!}HhldHD=50wlm?j3IUnj9(9-Ph8`YW5U
zkE#C*Ip{QA(fe2RHG7ruT6cV$<WU2$hcI{tb_fWZ6PMIt{jDwEp@ye<xA&|+HNI~%
zdLQEx$BO6pWO$=U0TWsxb7XjB@}1%Rz)wgtQYF5tIbyok%<u9V>r_xxE}~ZfLK!@v
zT?tBMyR)ue7rs+;JnNV6(F?aMS2wt8H1k{V-R;47re_t9L^J7d@6aUvW+y6B{EZs_
zjXlS&pJ4pUU~PR%;+OHsu1(NStD8^766vZWjvXbkbJeOH0oIGSP^+6lavCC27j<~M
zx^lzka+SKwLq6gu^$K4We~x3l&0qN|HwxV4yU*}O(c{i%BJ7M>od^Ud;@0Y);0Xlk
za>swh6Qii^=ZTJD7AZb2`dPO}^EG4L;X`riJfE@EOORrw)SK5H9$?=(#+v}RB#Q?>
zf&Jk3><pou0)DeRm%7yDzqt8Cx*6q%BVvNPNA3Q{B@M|hj&PQU`%@7TMDJPwKUKDK
z=B2VnIr@^G$hGw4Cu>9a7#B=`XU4~gzG;9gqFE7i5>Xak9echbOi8tyP$quVBdBY}
zpPkMKK-3`2+m?U;OCw!5;S0plFFM5O*e9aGEs;EbNiAZqCOYk$@9JXol@Pmx=Zj_m
zD-<CLM4v1Op8>BSm<CFfPiKgau<dqttZ|303RL!i<~FLC>=o`e!VEOBQFbsj*~Ark
z1~lU~a|}LZJ7ss#5?GsbCT^DSDmc0yhy3kPNjMdFsQaN!q3iU@!Ngj?X>6psSGd3o
zwY&Y5-QH*oOE$C$uP=AwS~mH4{jr}DD?G9H3VeAVK*3trzi|L0&LOX3WO7L&WUc!@
zW%sa-J=J_P6SF+W4o|XeC!0{eZ%vWyvpl7ro#Zd@ue8C~V(X#FNfm=mBltuh`e(((
zM8!-1bHZqtMYh+{&=&y2A*5Av3gQR2Z37=#k*5011&!d8Ug__LgvCYRmq6vaLOndu
z;RltheNT}cnyEw($#s~U^dj6zSDgu4D<zo+=wx^Naq1Mlh6qFiTH?gczF}7#>n^e`
zU@#nd#73d7KPq?kLq5)>LaRVNKr0r1_okO_T#vG`s9qN!xm1X@+q#$U<^&FwH|8Q$
z!%`?8Z`P5<arK)CNL_s{BS0e`Ew1o+=q9fGao`VK*FSgdTZvmTo<m-vIkE@$9_cit
zuUt9gVfGup_UAYG_Y%Uc%Lsp?yAGg!^DrtW+eux`KXei-zHCRj!i7Y(M1WuG>1gC=
zyEAkyW}#%^KIN0kR3&*tC(M5stp@ZpTlr`CV;^1?%=-}Q;AKJc>0)7X<q-Bm*+}uz
z{cq3_)n818A<(ryqb9!>HN$QpOD(ej^)20j0b9fi{%i58A#ed>OR#MJjEjgvn4vPt
z%_l0O7`G=*@fy6KG74syK31EXgIOaYNmeJ}XGuWc98G><h}C(&G18r_MYb`O!RQTG
zs%a1YSe^}pk-il{^vAqRTO!}q%+%`C^_b~Fv(yUZ2L`n0W!ts-U#N=jMi2g|R(B&8
zbKbI%`QZ)JUp6u~j3UIfe)DRx&#>O%6@!txuGZ?lMkaI80=FI=>l!xcem8T0R%+;7
zeHcdJ=H$j155+aIBwPKuYCu|TO}Bcnok*))THP*S!&O?@*!=K%(5-B2Zg_Qk1Bo)C
zC)Mcm?({I?r08lGt)WXrOBMpRI*=##YIp)jYRM-0I4Z7cl+V~@?Dp<XxAzC9y<bD!
z{N_34pkZGNKRUQ$kzbTl{E~0dG6q`BK>unF^l0eaKpDo3Ov-)VXZgi3(|5)i`ew3Q
zU;U@L75*~$?Jm6|Q)+|YZ%&u~5XX8$Ci6u(GFcNR3q@KZ5fRV|O@~6LD;9JRJ)SRC
zju#>DrZ`^0BW*4{uZ49m=gb3s?UHS1%@-^zZl{v)If+Yqgha5DLuV($B5<8|SEJC@
zxJaka#<)sxGf10rX5{<vKnjM`Z^Jb^4II#JiKSKX--424sN%1;sT!4_ioae|@!Pe_
zW4czcUoUItr(GJcp1qs#JL}eu;ea2*fjs{JA>=KI%YtQ}%7bWNTN%sAQV4*OuxMcO
zqBO8yLkkKw`EjAbTrhE;eQM%6{%Bos8^iXSKT*HBai-t+xq2ih0lLmPlKomXJ%TaZ
zK<lrDd+7sO5?^*EHx|gVHM38Eb1I-Hx=)4vh&@5v1B*;I(~+9o*0IIhb+aw$Nqied
zJIN0u<wy7@wGB4R5hccmL6K@XDAfWtzeFL#Pg?ij9f@<$m#wWHl0`fiM0?^c1R4LD
zs!5pY6r24PM-F#~c18{#4UNWsQJ@%+Ggtf_mY-S@uZo}$hI-^6RG~b^4TA_>Qz&=9
z&v?p47R~xIOti<mO2kvfkVpNMXB+N^J(1on(b;w)iS(3rCH1vS1Sbums-O+0#3UZ0
zpmP(429L5E3q-HnPY%dbOX3{a4{GNQfw}EZnhy&1;2(MLVES8Ox*HO`IlqG5%*DHr
zuI>=A^+p#4DlO^d(6Wl6S?INo%e}s`-|vT=IkQ)p`{B^@h*-1a%LStSJ~J1W@PE=P
z&!q2YIwo?ZJ;}j(518MXUSSUT$k-<=OspF=Q(Le_z+0LBU;xj*yKpRT>_cNIvd`se
z5nXdR-^GO!2K_(61xjwXAUYkOAELiNaL5XCFglTuqrJnUB6A03ReOew$PW)6HX=84
zwZAf^GBvwvDc_y=iYk7(Xku5cvx~bMAiNdz-jCp2_rrxrBc==I`|;0tlU|z@GF8Ut
zK>`M~9jxaIqt)(@@xX+M+qAhdU#T(2f5(@AXaYr7Et5>qD<9>Qy%LPevi=hecjXz3
znUCT|hL1HU;#p5_!DJEGFd7kiUNsT=V;8qx_z^nmu!LM!H^xUxnd99oD1$6%%vwZl
zLG)ADU51kI7yiA>zte$1@;Qa?63=OD50t+)D>TA`dN5H<B(~FMx_L|CBJ)g7*@Ti6
z0!HnIR*vVmfDl$sG@n=mFpcb=h->^gI1a>H&PLWAg1D3u!yfHn&#QxQVqb7f%Ua!O
z9B3s<joiJ@DvWww#E3QODPn(}e@M;)N*}X+kKpSH@#B=Z%+us@i6u5J5dg0vZ&h4<
zWgojsMCavTSNB&w`zycXDZ8~qdr*u(bQIdnX>i!~6=}fr39c00&Vt2~(6W7I_w#7K
zZk+KnmLpo-E9B?Y8iI>D5Hwz4W)=fd=I({NnOLdXYFL||Ska#2<8P68S*@Fhcy@&|
zt+#$lO{)~P_AGL--$3}PTJ6EaeF9&(AM@0faZ1mkT2Jk~V%BQ?C47<y-a<XR#Wwi}
z6hlAoil@+0{Qi5&aHy!=e^go*N`hvUiH52%<j4NXe#MHIxQku!cleIs^xM5%D+H#R
z&$l8{_4Ikqsh5hFkgd1fgwI|0jAWFzUc5adSPk>t2xhksn~m#NGx)r9HyS14ci`>b
z@Ob#V2=xs{huqHud<MF<#J@zh^k(sa1ZfJk*aPLL)R;bPL2o*|uH0NbTAmyFRMca+
zIRq&2tEBmr%3T+WDe*O#YIqdIkYyGxM<m24?wI*r&Cr6Cm;1_oSW-QPxz^2z)44HC
z5WylL5iB4YeQcXI=6U~&=Mm4@(PAS<@#FCh6J9%qnH!ZGS|G=|pG)hBpW5`-o}Vd#
zhR*zmCTQmTjD<Ljm-)e6rZV;Xc6xrq-9@0X(PQ?r=Ldoru_x%Ko`_74oaaY$coV%{
zMoV&bw2GMcOHa7DI9({F=IX5%Zx6|QL)$t0WKPU>{7Vs3gj$@531?1BVmunH0XeBA
zG5O#Rl9>DgHZn;P<zVt#pt;o>D{+q*&T?@1$2cu=id*MDi0P}GZt<qi<l3_qzfCYE
zJ^AS`qO_ErL6JXXpJ4vKBE{#g6=IP=OO%K<+3v5SHnF?lo0$qW${tkt4;Vj=FqBXe
zyp9K=DAyoZ^p02e3Z>9UMaA~p_Nn6YW{)+%{@9lzOKQut{>nhDr}&fT4-+BT4)em@
zM6L*!fAtN%K170j%kc1_!>p2K%i#BT{zApioBz>Jh6H&Pk?<^hGDB*ivwh|tmK7Mj
z-7N2?FZP?>myifFYV{t-K;o_-9sugDlX8*ILDbuMg2G&Pm$HEp9YN9&MTtObWrxtC
zE<8g5CT9Z*lX2zwAhlKg3T{isOGT9%wdHlWONA6>G`ATBTd{$pBaY^;Ff1kNnv;8E
z7@{hY;Da*mM{Is*kj)SI6gzaYoT(gks7=_R>!Bn;xqugLXjms3a_h;sp=T90^p}%y
zLyLW8Fduurm{mZX>x_+&joEOXk?vEF=`?D-LufU>dWvU$w@ux+TDYqvJco1pVmc1c
zPPsD$w3UYiRIi{Hk_OdOKCcu5Fzc)hxWyj00)S-2MMZSw=aT#J9=Rt-?n@;1o|jcE
zG8fjVri=TDIF8oX=Z@6AyR&x9i{;O{YLA>Z<7`i~rnS7b`xNa*YjEj#Yq|Cl>{WJp
z8!*zIu)@<B%c4E)C#$)iE+2Fl7tH%Tn8$cfrSRl+bZ#1eq-9soe4=<eZKCq7oB!3u
zlefM-RD~p>v6(J%xTz@N?%NX?UYr#g85F0H>E#B!^_a+V#}{Yp=zFm}kRAP3_~MZJ
z7k{N2qb}Ley~T0^6W-uAACo47=5N~M$M}uifyd-cIa02dk#m<2m0w#w2R&b}Xv<Gt
zL7-2ogGu+BkEn8{x-0h^&)Bs*BDFlAYKZ<_rme0~^B##lB(SKh+M1<#H{$CA!DLl#
zPKe1CInV2sR2L*fiJIteFVo+To9xQhwdD)@Dy-%*NVFLY@A?Ahh%CBHI+F4OrDp8g
zhD}Mf1aq<+|0Gv8jmm}N=(Ku`Rm(kl@*3;6W0LZDls%H)-zO1rAm8s#eV5o+x%iS(
ztdRICKSKO1tI^JSj#$92w4YCHs>tQ~6o!fNBU9z2G$ld>)<Tt!hf*FA1=c*foHTb1
zk2c*o_tRtOO}cy_Sw4P)DnC43{&iC9@^2hGro7Nk$3IVZEeD}+iI_E;*IJ)bM(C2b
zyTvZwI^euN!8<ED*JTA+EPnH$77`H0Zs*amAKSQ~+1}lXIIW8W`Hx4LW9L!ySDeR!
z^rPG{IH^VHN6~F@QU@g;)0ejcdf<EV{&qT(o4&vO;`?{6%A35uRky;bx&J%&?+auC
zl9EYv&#A&TTe}09n`NfFRrDve38soZ|KaRe-)gETL~Ed;NJh>skZ)A<3szR=J_no5
zak5MA+~qaq7U<2mMPaYjJYCkgRIa0=<L4Y3+k-L<S|*3><A8Fp^xu3}SH%^%RL(hl
zW>Na<asD~}-}_^X{^I_e`p@>Kwx%#E#G2F18s&%L)5-Dksax^ua=tmi_aoP5e3#WU
z|Dyu65D0-nWxaLt=AuM6U|s?L3UAVBEu}&T$=zb`&q*4CdvkO@>k|kavM8M|!`Z$@
z-=?;&HmK~%_m~Ll^c8C3u}I+aUOun9i21R;^^!`LjMlw%V)xu>mD??F5h>34q&K!X
z_^Wi)TF0Nne@IidrxVLdDN$!ulCVxI$1aRKXQ%ZCodSzxfJ#m0XYDrI^CN!k`^(93
z;T=vaub{)wwp&Vcvv&ad2)V>Uqmo}?A36W}mUUE|#@$x91##?Bt^PqaHR7KP-Vqdm
zETMQ9OL&pG>O<fCuBD0dGnacgUk?O^O<tna4Fo<x<DH=Kkw01i5PgkYInG5X*tZP+
zxo)Uz6G8LNmvC(GahQOxV)a7QfWy{G_CWxy)%}7Ta;b_0QgL4Q6DpOPf8S}Y(9i9A
znsWUwbTzn$?4kSNaa*|=&C!(OOb>R(B4D|b)e#gKGeV2R1;~$#esDJh2n`}xkba!5
zab2f9DCa+aWvBts)ltO5SIL@^>mXE=-YlD5H0!m1_!p_{{};0W`@WTBLmm%5lR!ck
zTp`k#D{HT*m~mQGRtU3lU!&-8(-++|6zz4bL!T16^p=^Y^R<=RO}hAfb&nx;Qds8H
z%LOZ2^->9<gg?+JylVIVh~YQ+Y9Ru?1|DH7@{Rg=d<s<FftRDF=E$RADS`ks(3|ls
zL^WD@Oqk$&kc672OA=Tfd!LHsvId$!WI_38H$9XL1QgDm{Y^buFYdb(g}?@VEYHx0
z-%RA!p6>V}dO<F!)5+zl1^$y8)c3{5)Hv%;b|nm;UMi6>$O)QJ1bFpV%K7*)xm#sL
zoMaRuN2yUrzx<r3Z5=`Jnc570W3893>cVb1LLyW{UhJZ>=qdrHmBZbgy>vqe8dk|T
zt-YL>1y^pB++3;%x{W?S-Q1axobP!Sl&D&f6&{zELYWeKSx@*+mi4cgFzZ4#-j$at
zD6AS}f1LCkj%T-XY;*EkW-ZTjs;PXaOWllrtf~xYKsjed9xbo1CXbYkS1lIw!kVyZ
zY0ivZmQJGJI&N?R#$?7gc`3e_b@MTW4)uo^PrQ^BfLW97S?&_NyInvo2o;`;WDuvs
z-y+n3SllEoOv+b1hI^%6=`w~#A}$8E8hk(Os=nM`Id2iT-hDK5k#2q)Jl_%8U3O2=
zthWQ^H^B2DD@_+l;j7Dr|1G>K0pF{Zf4xg!YWkMQ!Ux4$^kGQ#xwQ%146{5(K7sXF
zspYLN#!<U0@b|R(KSOsC<L#4@S{5>I#>8@LV;05jJ0I#Zxlx)-_2EUys>8o=YUOB#
zZiP^<j9TT)1t1|Eas_JD5W!5m)j~a#J5W{BUS2{$W=+amPaf0fET~}RZOMJLP3^0{
znIl-4v9-S7Rd^_v@8=jUH<v;x)pFWxjqpLd3)PZPi-T5JId|F1Vi}!aU=D^}fQxD{
zMPcZFA|?>D!^v<88&|a_M-W0ilw<M%raCc}&1K^)YVQ%8T=}6O<B$HLkj}xwoGBn_
zDX3|^X&;g#qjeNjCc7Hxg^iLOT(N_5%d!L|KethGnYF$mC(BpY;TJpTBU)V}H3?am
zRVIG^ptu2h809wVHA+ZZo7{#km-rCS+Ukpgh~b6K2FwYKiE$F9Jam>_EVx8B^l}+W
zfm|r5L?+);`vGo)+u06fTgo^goRCUaUy-8Fp^_wZ-YwJ_tj(a#tA#p)wQO67Uvd?h
zSd=mN#6w&VGXn}dJ8?UlC`@o0l1kbjNkz8qt^$%r0STs{YFT0s858G9ZlMxAmh=N7
zz>rAQ;w(%w)q<9lzSx>cvZzURmS^xI|7d@P+Yhis2h6kWEjqO|dt`6c>YsrM4Bmm-
z7)G?%YWfzdy;(wLus0)%y35(0gT~v5{+ZjeS8}jFPgtzgU81s2Zp640t06x`gZ=p{
zKuT@TMVZ@k=oFz#@n6F0FA5kF8U$aJ0B5&#8j<b<hq+5v8#Pnk5T8RvXKSRshS1>J
zYl`oX?Xl#a*&4;aIK+=NqxMFjehO#U8@2l%0WX`>1~2<!EpPU|DDk$PeNh(a$@j&B
zOhjtOP40_er`i|qLEz&wEBl3?Tj$vm^b_ujt0t16=e{V5I=Ooa0g<h-R%KaoOr^8_
zaH6ddr2}VYy!9V$jF;KNus6o5kJ%UhDj(5<Pf?xUK^MV!0i~57y4<n*;_H&uV_)2D
zUGb4nB4=NG`b7KUH8&;q#Xe6Rw=a5cW?vk$GQBU(yhrVeOKl?b9@zW;vG*q6QI%)I
ze})7I5I6y&pkfV*N($9Pu`&iULuTL%&HyS{YE4~IDQ#US%m7safyn^J)1kE0mcG@N
zt}pFd+q70itTF*if(r&jRux2rGmZ<35*8)j?|#miB>}Yd@B4jUzyHg1k(qhUInQ~P
z`?>ceeTdppbkTRU47_GpiY~^5E|$_LU?t83sA>Gh4%~r&h-R&BI|rcyd<&k}7F+^4
zQJkVy*Gmi~YB937McfP&DNAvTd-#>&7`O91%`uWH{-pfkqui9nMr0FIy?rXbh|N*=
zJgP`{NI*i7?r(c++I?Hlq1_i|rX>98N$9uVI3UO{MZyOK5FH&V{)$lXEkebE)x)9U
z9(U99Cr7%6KPmhw$S@maL|=d(lC&)o>yyJ+IQ-XoD1s`WLsC#d*^jysQUnE(ygX=9
zWnvVOJp^RQ)gV!vcY+XLSzI{zj4kx%Vp1i!4u>~%1{?u2qCG<(*k83|5p#T2;@C>o
zqH*1!MXy!wPs;*-rYeLDtXfnOM61V*r~tB}PE$MJ0*Aj8Y@ql{o2^9PYJJ^!NDxCd
zQBMp{qXJ<rg>g_ZD2lhdYXmgCg!e7Cxs*GXB(7%wHj$T;Zoe5ie|xR?teG=P1ua^`
z1tB^|tyYd5$7+&XaoEjQtkjG`onbeVqaf`c+|YrvKmLbo(mrTXinO;qmN`%7lfM|9
zk76=KI(sujf#MoYOuneekCh8K$9MB_Fr<hTGfEZhs9V5qcF_jIcxYOhj88GI5h8x8
z;vkWgz9@BGLpQPlOL5H=KuCV|q=!M6Nk?!JX3{<cpFo!B5ynY)BA*2Lzy!Pn6Cm}u
zJ1_yDh~ysG0UKq!o7^U#;E?Wt6z~<&oz>J^n!b?4TWXCghsR!yD_M?YDQ)V)i8yD&
zl|VtHW|>X6SwA7%%dC~sjIe!`J6mJ(&&t;~K)k=8b65_I6oQRDi_XaXqoi!o)Wn2(
z1j#_til<~11th*E-fb{n<bD?GwWQV}8xi_q<u_!g=O-?MLJvW8p~NZSvIp6^R%CV4
zOS~Ui3S0zgTBwC<h4$F6SBAl7nWQAw7W|QOOjR=%Di1Loi?SIK<!e4vfxu5Cg3yl>
zXc;(T3_x5CYDe5vEmZpwxv0A&C4@lBC(5-yfvezlpxqH_;rt>;I?cE(oAWk34&$v?
zd-55<azjz{Q^<fL*@3hqOLwMBX}Jn^L#Y7ewpMdT@@)M?$uwxQ;BjX}rGfxNY>^S&
z(HPbFEz;?D`4mn<#^sfpFz3nG3?&iE2v0G#-w#t`6J|km+-_{3$R_JT8QTEHCikSc
z19>q^kKdZZLx}8LpC;Fb1?xFN!f=Y?$^Zb-<vF1lG|Mck3#1v;a=YxeLM?Aw^WIET
z>^`_B3p2{P39bx(HF+0L7TY3g^tu$?9{0Np-FAfC?_Uqy{^{Qoo{{^lC%>!ccD)=z
z3V$iGo$ff)m)A7sP6MyQ>@K*1)iBi?X^!WptIO=GacfHEDkg@yzKTioEeYW8$Uefc
zscjWVU3i0XZXnTE-CH)&XKm25K#$1Qj|x4<??M?kN>?j@3qo%AW)fn8y(R@r6}Ou$
z{}%mB^gaEv^*wWln7m1JJ;#oRF36y)Nsc5DtS<VQS?F<ZoZc|f-T$ZICzF^Szb@~7
zNs&UFPR*|V^3jF1jtWY53nun3G_Z@DO2s=T?gyY?Te$T`T|%Leu)ih8M^sedn+00%
zS!c)-m^S_;_OScf81^(#Pvx?Owt7m2o5HXR_g<xz+U=gMhI<W!9<>y1A}`5s5q%i0
z-xw*w9cWW-8JJMqe<<-8&Pnp?-LXbAZ?@SI^`tUF?Y2hjPQj2C6_Y2WY=qb;3UYV5
zGhFGMVZZUJUi~#&eiqfHP+H-BvnlP|%f&AjCom-*iv*oTY4g6!2^pjgfRnZn^BpO*
z9a=k;zC@sgt5}3YN62}pz`XU6AUNlc^nKet4U^@HIt{z6>8dWF;$KgD#Fd;VFR)=)
zRq%uC){IkRSD@UMs4J-0N|(+_`0Mx-*<FP4f_8Nr{&bg+U2*{`0Zg21h3s+!AiJ$r
z-O${ex*Y-wwhmFa(HVt`6AhnT7AIptOz1DHR)|?pImj5zJ|*Xp!cXVOf_3lk;QE#u
zzTIO^6opQe&55GXIp5zjx`Kx>ZYIa!e)R+n<i_wvvb8#ZNs1)|OxkO8{D4W(6K0u*
zyj6h7@E;49$f@!h<0?+1y*61@GhTToWYyM0%XBB&(;drnlY}n|K~}f@SZ?c{B-P}a
z<XO_57KT|Ip{Yx)$(Mm26k-q=8N?vXaci73Luy|tbL@YgBp)vqpfvA-zFuWB_|cv=
zaYY+FIUnx!BEcqUb+)2HLg<tn)+`R=$j4b85Tcx_^V3BT4}L(zQDmv-(uyqjQ}GDc
zK_nUg<|v!`?6iSyFp~{(fRucSVwEZS>LIdC{9oH9To*?q^wR_idybPT3B?egW6+rB
zI_Z$7Lqlpu<lH3G7N_aMiqhJayNvd@yC6C(8W9R>Jf)79qcYYO2vjxtmWWKeRA5AO
z#lG*`0`Z-TPAv`ZVaZvq+Kh@AzC%P|<f|6z+c-e8F}zLWOql&;0?#u8dQ6ed6g8W~
zMfl){h0<_B6LxH@uhzNlTOwz7sl5Rm`kL|gMq4)w6_&?k?6zKR0>Av#RS3dDBu}j&
z9>@%A)FMQ+18Vt$OixgP)JZ@EXZ-^7rpMIcS-am#p}Np4+GL8>dfJ4jpjcIigqpU3
zf2<2%l`*J_6omjjDV>xU*A~7ZDT-o82RG!J6k$E|P=>IICm`77vH*njs{c}$MDDk4
z1IO8Y$?zN=m*NzTPMG7-*&15P1VAtCv`Wp^InwN~(W3I97MB*i7owRMDDdY{#_uS~
z2qqCrND7m{*`MEDzWki%;~XJ4T?EF>+gFG~t}5auUUJBV;wpzDTU{gjdosaLykP7j
zrbWg4tV;5T075ofn*(6~gfCVcz%oVFPz9JHbvbOuWy^%5+QfCDEy;{cNiq&m?O^ly
zSHu>Ftcod|<p->CvIN=8492P<rx8VBdkT28=w<3s6+}uANkt!~WS?9G{l4!D=w}PB
zRg1Fe=_MCCK<}$<5Ao{QKEl-`1OS-N5Y#((u{w~xT3*L-y>qFerlEnQf_tMo1xW3K
zu}%(2)*%qh`UUAZgo;FLy&(m&(CXeYr`Y8e>x!HTY}@2?|9>c8ci{gve~O&C!QsxK
zv8wQ<66d|N7<(wxi$!tB>E&NiQf%m2#eZmmOT*`ut>c}7<pe%LS2B>epZvrEev%GI
zAkLws2)7ekBKJT}r`ReMTeyXo4uXhQ`Kk3$!4pDJ$A5klmC*zS3P}}Gm8H`b{9&UC
z>zk9?k<@F|jIR-j>dCsxBX>Czl@MrzTASGbGbm=G?~s!sha72UOY6Rv@|XD}dMYwE
z{%{aa5m`mwOztS`%7Qd82P>>>n*g+^xCkSrDqApOD@tS`Mv^u~A$L^Cdx5L^Y?CnR
zA%f7+9l2j47?!((#>YYT-Y_Z=IX}Y!q$4ajpltGF*g0g~Ifgk8)+2L^UE!YOZDviZ
z4TFK_zH;@Ffa?T(A8chbj((cac-3gYK2m!DnF(=uGIE)kLz*$iB}+_F6z_nb)h8b0
zENA0GJw@PmTV-49bAWEUN$!=GB<@gW-<FUu`vxWm%@(uo@_$A={!p2H)4FZNTH~T+
z^A4Y2@Vys<uR5GC2d5B4&t|(F23t{caR5PV7ixagS|%55v0UU(MaEBI@O@awxxJqb
zB|nwHcS(mHPj2w_rM22Z%!NpwnwWnD`zCV`Qk=nSKG42W$?cG<*>ZA=ASFixD0)pg
zRunpI?#+=ln=~kD?j<GLO)m@8Z<6K$k5X&LJD7VXSEi_V=}$6L+#&IIdZFU8C<n!R
zl?my=+xYH?7U%&v9yW)Yv8~0ey9UX?$tUfQ_7y_fzp5HVy(kl`T7gnK1!T5z`{&S7
z@`p&|+X7KNQUJCmrnTEwXmx)S?X&5#y&uq)BTnD1G|(x1w$u~ynB$=P+Twfo9^@>G
z14RE*`9DmQ9#cZ5RyRuZ_D|@ugSyzvMQ#ybQ2OlKJd{Ng+2yOYJrH!8<q~#MefDR!
zM<2xGrBG0`M&(t+WFB7bFZUHH<@2rZ7*jd<ibTuFFI9>%VKN*&^B-Bz<c%yY+BpeH
z^BYwaxKb`lT*>(sJjQt!H(HVk;>03XvR@GXrPH^N|EF!Ebf)hN`NyB-fb}-Tpapf<
z(5XemHX%4ub&)boe?+FG+gEfnP%CGN*>W1hSt6SsP~1Z{OVIy9VF@@Vj)<LdmQW|>
zS6ob<uE>9uf%<mjX*p-5g7d71U_0k9HOax^gn*@;gLA-=`tQyG>nw&`QCyc-bWmI$
zmk5|NKYX_*Me;{2%bb{R-z+5GClp_~6}2e|nlk}WYqLgPpzP3U#T8N)J&Gd#Lv01N
zM4t=nE4Yh?YEo<;x|ZePZ`iC~Rf_eyQ1J-22H9QVTE6kQD6p}YG$(tqb|jTh_JNcx
z+lMZDFS_i*Cy}SqD55P%3i-4eyXx!EyY_1AG18P$W49?aHj9HAyRDrX8}(W?j_D5P
z59V27OA0(7vh@<{;Q2Je49q<5GuWTSKg?kUU<6S5rWgUmfb~+up#@D~LW~JS3yCp7
zn3L%&hh%Ta4S&lqX{Fpz22RfQNAXv8F^12R@Vb;kibPpop3z=>kx1KAeBLV__nhJx
zn}g;JqUc)bF}rx&Yo@P2h4HiS-;z(;-ZCu+{xB`R<)8%#l+o(;D{1>qTkNctdgg@R
zdFAAhnXnvJE6A=^cTmJ7kT1uaVpyR*ob}{aGwcBRcbSruvH-dQCEHVs%4^nI54&_;
zHlwoB8pL8Jdj+T$yPy(AMZHgCQ^C*kcvCR;buqGEoW+tT4L&T%TE&v|0f^&?p9xEn
zS}%|sbXJ1=K_+io53RRPrp=R(-@vR|l9*!iB=t(2fF2)v``@n-zQnP&Gl7%2qN%OY
zqTdsqL}r;%*?&I#h&ezYPobL(KeEi>M+yN)=bbh`^3OP+)qjcunqX9!MXJY>^CO?l
z0qvP$H4B>~N#Rsqy~C0CWsb-nj^@7Ex=N6wgGA@UX*dXT8f`Kv>n>>nvEC|M>Zt9X
zeLl^R^g>hgh-mKXbHWpoxAByti`;l+iYIw6b^=ebtsI`@O<UMfJW2kI;`Q^Yj7(`f
zaTO7+#P;}coY2VpaIOqKV{BJk$r>63rtD)?4?Dj?^qCWZU@>B)_>uqM;46MatNV*^
z4hZ7P6BCa%?p&(42bHG=h1GrhO7S9d_@3fLitTv2liSz-HGZTF5#*KRmlavB>jj-<
z36?uT`)m#gR0TER#CXs=iy=dAj$t{6rCJWTUmC!|g%Mk~jo6_J9X$nyC)=YfV1`6-
zPIj4D!a@`)m}{p8$lP&*8i8yy0Uk%K*PoS*R_GvFZVxVf=#=AU)ruK+o>a#ksGe?9
zf63<{j^B^Y5<WW1LG7F`2%IVdY3j_CN&ZH4-VRvHxU5tHEwUPndFd%M?C77e;rXr?
zGw}R3fo+E=uwnP8)hj(E+nPNFrr^S19hic|ec4RGjqVgvP_{I~6ioaI-yL`bT44>u
zU?Qq@VGM+Vm7L>Pw4V_MK*G0%c@B+&BQ`AZ;Ls+I2h8!v{*+1!%@O^ovbBUf2(>7{
z?g&z_LYQEDzNyexXiqe_+*T?jZ>FPUKo|snbsy|6o=B&Y8({qAJ+=YH<DOPL;}t2z
zCXT@#vkw-SRbqfyDfXh<Ta?BM4TNr7TQSgeB2R$YK_#ZQtrE%C1U4M0VicfbJEo<Z
zE|VtM0tG=k(rf`sBW`Jp_JtD;`N6Y+i?nsyVGEX7uh1-_^(|**Tenm32%n@cu=Vd>
zCb1kW!eo;Be_-Q*Xq_UZ6xBj?5HK&X)xGe!D}-@IJ1lxs=xI=LTW#UqKzYrI5Yc|S
zk`proSMo19dI8BdoFcb-tch1L`}4EO?Oy8%CXu92!XB&da57GvTMH26C<HW9`p1ph
zA!$k)s6-67T*Lqvb&|V_vq`O@o1&*9r22s6A(TP@9B^Bc_=a2)&8w)?LSL#Kahq2t
zDmfT->4SwOFfBR4+3NXwMLjPiCg3P)!6++4%+?kNY&N2nM>oHWueN^McfV3@L)%a3
z`#grdfu&iLB?&upM``(9P?sN4lnEIzV5${XZrmbdcTmnN-!FSl5<g%Ndd#;drJr9a
z+CW={!wWk0C{%P39g3m+7Wq_D5MMQ0MK8W;C#dLEP|DO?u#XivQ>LK|2IN<9Jk`J-
zN-)WnNwC27S;R+{gMJj8La<V;<q=-Tb`8)YO8b$cT)Ab+)<B05LhYLtQEH!&2b2z=
z01-uPU--J@&73Mne82Cq6dj#FfMCj%+tE<|a42;2!5^oQl@-4(8z~{Is2+vwc0AUa
ztsnQ338-}E%9C3W(K$2%C*T0!M7cJwj|liARp=u`G^;|G5^b~voq#3VQnXXFWm?_K
ziiG;&x>+GsZaW=XO4QM!gSlUcI@;o5zB=MgVvp>sqy4{AY5%`zQ{Fi@r>Jh0b6JZ1
zem?f`$rTAH-3HvpMQ|2bT&w#j1LE{?5;L;6GLI{TzjF+qWd_PFD#99bWcnYeiTIRW
z_9Xsy|AOwGm5eEM8zzK=kZxy08N0Y>2b>WNQ`a5Du-h6$k!c&QwCFkN5)jK77v0Q^
z+uNUQ4u+iVo7+k29P=z%{oONC+I!Bnb0Xw4sAGMIiy%57!jAGjAp!BW>V6UL;;_~%
zQ>uFecaF<*g0<wh^m&di?S%H-)?KSpBZof!-4@yxlq&k1(bM}Q3gn$ru(B*gpMOY}
z1n1~jkB&<V?Qe?ySE=ba1@KU<*5cEJG^4%>FAoh>vU;JC6o-hv$f1NVi%Jgn1dT9i
z`V&>-LJ5f{b=3BErq%Y<witO+N{qw??yI0T(bzxnIce-=Oo?xSQe@3-Qk=L^ekvhd
zR>@j{MkmVxj%PbF4~n|JGV87%$z6`RUVP9_L>7~aKo*Kbi~ZXn#`V@XX=W#10y(Jo
z*H5Rv7YhA#2(Rf7UIcN-@t*%4`up;wC(>Ux<F@JVPchP+g#KdpRd#eRK<P=yujEP;
z?Cp@>)vIjyRpj^fj^y`^;r|r*ZTQ^C?{n<NCy?K<r^)4x#Pa_>@|&loaSHNl$i)ui
z_g+DEf=^aA$|11H*9qkJcXAPAlTChIPs;<JM1Fe=Ns-@|=bS)(`+N!Vd(QVWILC9%
zr;^{I-ZFs><hQNxl;jr~q8<6IaOiIVSpAdfFA5#rl+v$X&M$}levz*!`nyjs-TyiI
zJ2;#E=K2T(4q|%`+NSrPFg6Zi@xL`C{>76i5c^yx@!npaK#A|rJ|iXe#2K8NoJDek
zI#A*_SEfdup~N2z>OhHC-J4B`OTU<+#9bvrf@3=#tbYO}&SOF+rNp9ZkN^8q;)}@<
z{OOc9U+(%uO8iOzc;iG${ERe1iTyo9TVBhFQTb4{$3_j1j2zlyW6u+buUi8x=ac%6
zMsg<h9Ja7~j-ER^KfkJNV171tkG?sbe``V}2K^wx*GkpoZk|Tow(IkC7lq5G_tRbL
zDJMAN29zkTU#LK%1@>d*&0UD<`>lk}#Gcwp1DF4B5ukAn!?WH&j-g#{v<gS@y{U2#
z7%4}wS$2@QlfRC%y0!P7pF=iLihPf_ucB>u_i#TCscLd^RGyV&87~hFysy*n?jg%)
zsC|8BZNsYCBWGz55i5wj1iP%j!k&}N_pE}<!h~s$T~o|zP=$28f8N@|f(ex;DVgL+
zK4J+vtc!;SFt<|S6N{gc$SiR+b#8c3-4Gh-Hwy;p#x;Zd<{6ATa!+xNRyRU;Fv;mW
z|1!SS-b-7wgm3e{S0F;Dwy-}x8Y>655~s<XvCIE_L1xJo%aVN;Hb1ju_p_oazrYKv
zC!(1pd)4bAMV@#zC!S{shu@5dMt6BF!@Fq<^7)1`Y6YF;BntVF1UkfYqgMOZJSxD_
zzgxBrCB5G&zngA$vh7q_RD4s&rE3>;mqZVe_7+`<buqw(=l*Pwn(Ujy*XrgYlAXoQ
z0c4IEM4^+iIH`VEg!|)^nl~rRgH77$HD0&A^A~1s-%d-}Mrpg^H?)C(y7&!WPBK^2
zzwlYs)7{mZ`ih0BeU>=O&n3&tpX50*MY(&4eYd>F8kW!H3uv%Y4qQ}kryMw!&r`v>
z%C{7GX9{V0Avyh^og}MZPGpstTaXj#PEN0~9f@jS#z%HrNyPL4tKubdVk7H1ujw#%
zvOe)fUvrLioHa%Yj{3Nr-ipcOnKw`?QPu^%cctEUZOZqt2|q}AHYWaJ!DWrU<s1q-
zi@$f#olCrn!ap*Dn-&FsEJC>+dsGxtGRNx>x$9V5kz19DMDj(G@H%w4ginM=crOia
zQhsd`?n=cp<aug#BjGbSBmWUstx^`%#KYf6)bakZ9qESalQXo(d_S~NNbpA~6f*J0
zdN(QB0}AQ<;e0_MH+3QvTWUaUMV*W_wRru@kV5A+=CEF=E<+bs``Hq<_yTJ&Uy@U~
zsh%}vD4Bumu%1^ph0nk*JF<34mNSwyNp|#ldGvAx)v2Dth1O5iLnOT!Dwof&7OLN2
z1qhem;b--y!3Kmc{MiPCGx)UaT>}4-yJirZNw(CGM^xqW)m~Ovx)~AuA?w)|nxe;^
zR6k<Aee6UF8Yzp<t$ZR}`*u+(BIi7i%@s)6?H;`3(;vKu2gymj%i7Z!gg$SLc#9=R
zI~~=hMj#!jAEzF{RjH01vO8KP6Ok~zwS!0*B>GaRmwT?7^mq~!O3I?QmnwKtC#)(l
ziv?SgIU||;XwLZ<Mv63*gUnah2v#fX1Sr=l(iF~jAiG}D)sb$?JJ2OL?>glen>Ft~
zqe=4~t*E0!C#SXEUw*X~J(HPL)Ex?O*oZaCr2vq5wLh1fDP%m3+A5WBzq*au1FI$H
z#r@>yJlu)AUC(&(U-0C=EWgNOw>)${-*Ur<um_nO*Bd=6V4HKAe9!YYCs|H9sD5_w
z0#UWEGkni;Yp4$_M)F)NFsYXCd(@Ef)E;ux*|nLed=)1a%WE`RTX0pS<bgdK-p~NR
z<OfLC&MaTRLW<IRV!bk59KYT}uHmY}>#g5N?uN+P;@WZy-&S;*;P9H3wiZ+Y7c!#a
z+M4HcLW3nR1HTuJr`@@(p{sQV$&HBevwcYkC=Ch=*}pyZy`jF6sXUjbF%jt{8+3!3
zA!GBC6j9Rbre}4dmu}pUpZt5;KHCo8lVwJTFDoH9PK$meUpz}b6l|YDXvz-Qs9c<K
ztc!puL2F*_6Ae#Ev|i|YQ&h;jEH*81zBWaL;z)yT2NEHd?V_bIYDqhH?Nh(hU0@K^
zixcn&W}8L!FUBNMH$Uqt(u!guM0=&pUqplb>SFL9Jqev_ik9*hOno)b$grqnQQ}($
z;ggGq>t!3Qzju?9fcugug)19$LogZk6%tHfg4etoFsn6lF&=QeuDhQN_hYw~Sx=vD
zKb3V6(}2)f)xq01E#$S#d%cZC3>d?y*18sTm-M58Hv{J2V70GEYJTHgZ;yJsJe$!>
zQ}{r#o-275Fg~s=ZiRYd=o=dw{*)}B_?R5(<gooJ@{3Yw_~t0xHUhmE*2HJgg=vuV
zb;qrjxtVrRfv1OIyW*MZEka)5tqHVO`c&Q6;xUFV(1patUGvng)r{7wn*r^*p2`hr
z-Vxc#mGVc|#%)khJ_PW#zNYX=Y<Ms7a<qjW(_`Ord4|>X{G;4w90|RZ{5{EDi#$zv
z3&i6{O<z$xMebzcBkdWV!HmbohC0)2wYsVq_-d)by#k831Ogu*|Ganx9<mO(WO}$4
z+e@s%A@*_HnUtCj0YI`O&Q?QF*=O0Nq84NQygjl}R1`iSkq&C3u&=2AMsmi&Do!J>
z4+!p%HI29MHk`GW=j-!)@f^SvFjSjohcmJRVz!Wccb6r0bz*)t|DEN%1vJ$*<*}sP
zMxMMt`BU-)>1DawXI=yi=d6j3->ioPo*IMIa1_xg+#_V1EVZ(blG%7U4+P9uKdykS
zuvg10u&g#%#jzq)R~0zU*UMJxtG@N6VafcrcRobY`z^Y$fr1{FNPF3{?HV@l>&1Z4
zOuA2f<wWP7J^;<uvwF#Da>nbcE_43r14y1vS>ypnh3Pk5q98z??s`dIp*jEb0c-RX
zS-JMNa>p=HpU%7_81uCG$;<7|q9;%z&%BQWAP7s*qA#$psI(L7`Scsj0r$FT_{B6!
zs_^}O#$l@SO@{C|{GlDbCf+Sl?ONPVF+)#3mm0}!$#13fdG49;L;Gdv%&WzL@h;t@
zbS)ypTLHuuvRSPT2p2;}dQH8B*#_M4(1s*sZ9J{}?O$t>SG4QzSDF3@lTGzUf<>O(
zo0%Q<Li2$^vVk`0v91#JUN+WQPd$3DPNRc$_5&ke3(z;^5Z#*{tfQZseky&D1K04L
zpqqX3cH2;F2f7(UTf|7LB0%kzf=>m8tiORNol^n_?ksv(lhlW&WrhsAe!onPIon}U
z@M0aKsWtNM%ZAwKSm<BCbPiTDUnXeIDrR-V7gCBQ%RE$(gB^>W*te{^LRWhZHM+v$
zeO9Y#TlKkbY|q-)UCDyUlKBJMc=$bW$561pC`ftpuFfQ&t6SQ}m#W9faeq76@yX58
z56;(XKB^Yltf`e<?gs0<$a?bQPE6T8rZg51y(4(g`i*L@!fisrsR&ov8oEhvy@MSB
zu>$Hk^fq3cw^uD~Z0J!vH%PE|v%kUWW}|lsUFMF-Em)(w*N2MPK)B0Ry=03{M#(}l
zv08pI7yyVgZ%*!je{W_<?OOCOC)3K(^jESu7G({Gz-FFdXlhuhqAh&QO!!|o`JRfC
zFI*v_Y_hXT!3?Vz54ewohNa+>{?>lPwCM+zu<-jVGOS30J{ZpEG(dyno5<B$H$XO;
zc^IbKcA@EP#pE&bDWRjXgs0o|z&zIq$pxqW9ybUPg=EQxniThTw#IW$tqMYtK8A5E
zbeh$ZiNWKaX8n<?iOU$Zb(C*Ni)YzsbA;Q-=IZBj)vA%3yKpn7Mlh`P*ijlj6eK6w
zspax(FTaxTCXGp5c@88?_@4N=+=I<_^skS$Ns$=wHE0JAe>`?_fcTMW&jtu&*p8bv
zMA0|a_ZwMvf8u`KtM+S-y<gKM3A<oap+B*rmvoadA{h`n5&*=4Hi&s_81n;TV}Y^E
ziJH75;9jrQ-6}hfg1Hw{Fh^36G5HGf8|#x>+Cj&a?cnXVtl+-@A9u=QCxed(a^X|p
zqm+Bv!v~VuyEFnHh1Pw1K~j5F{kD@MM-KxE(`c|Iwa~JoxL<Ur??cp!<eE>>z5<8#
zaq7w%^p#n(55^Zv`yRBfK`+}6wWHxV2onv@@oRg)oS831!BKvvdc{cSuRh>4s!`}>
z!G2i6aAC4q-XCy(3wkm_pwsL|yOdqJ7J9Nh^p-wgwP>JTO<svWB!%5x3%CzX?<3gD
zEZE1rS`>?bMEV<Bo#H2?J;_|WSV1pg*v3bziaA+UuOqUq_~J~V<}A+a#-vO&5ib#G
z|4J#5!gMK-z`){gQF36rIwG`%`lO18KwYX@65AOGGTvvYA+nTX|5<8?NWzbSMfjJJ
z@|+4DcKwj+U?kvQlU2@AwNP+Gi@qX^m)e4rj4M^Srjb^u=t2dV(Cbq4<E2cYneZxA
zTEu9<*VawprQ^a-q}CrakLJ$I+a}tkeBA`~_QI_`<|XKlD1bslD8CVsPi{f!$z50D
z((o^p8S&?mUCb!;N7y=)gzc&v2ullN-=kF>B+K}a1<dGgRX%d1j|-Sz78g1gy^*oc
z0_}d|MSsKlm-x$Gq}tNafJuGp=)0kSKjx!a$}?eI60HKg0`2`bNT6_^WC<t({cpfM
z9eA%$@P4-VwDqQ(1to&u=k);%x_d+DRkD4wB(G91&+-P{?>jKxADG8WDX3r`dL|pm
zS+!x_xmel}=Fd7LOTcPOEo`dj#~#Co%=*k=pHLNatW*V^cOmXAvlQsRELC)D&_DkK
z(C?iB{d^WIA>~D+;<_ubf>BD;yDFYDk?10S^yQNk&-taGt3fRXwVO6bshm$Oo+E%i
zxVHfQ9Rm3FW{mR>XiDDbES3%R+ZEKyMyPZ+rfh^(w^l)YC7W?rpxzRwZwPctK;VmQ
zsQ*x)o(-ASBendZs08F;psDPZ0{I^8L7sGSHw`SLvJUCDbF)A`2&}x2uB>B8HK)|;
z>}pPIZi`*bi5H_S%(X$D(mFQCuK|U@$h3oeA<>BVy+7#0TDMw1IMAt`fm7KZt{;z}
zVckYTFXeXin(Cq|;d!4*>l4w}rOyZYixupYQqblj0VY)Nt(1S0dL%~hd0XgQhBjb{
zQmNKnomOnr5Ldb=$C|)EM5WP&44Kg@!0zY{yMv0Ml&?*;3WT?z@T-Ma6;8$RG~<?A
z)UOKux?o*}rINk=3ppRq^$_!^x)bgo^d;f!wCFEYPnU20IG=TR-|EdehznTk^0l<c
z3bpNrM2f6lTeAqnS5pgH_3%MOKl@r^_>zb-Wa~dvlNKGtj}&W{mEv}Z)KmT~ooDDZ
zaa}2uv*P3yaMej_$e6OYGbTBeiNG|rkh&np74AmSSs(W#sgI}Bf4H}x3F4^4W(&?#
zY6h#9GomNKArX{Z+Tv%qr3oRLe{gh5&~&y~)aY)D49n4e@NjnP@uReo=az&Ntlvrz
z6Ro#@A<PflFokdt0aZ~^S;(1^2PphqR){)FX&Hp<_b$)8<MJe_AMAd_S@O5^V#m>G
zb#HJ{v`L|!$}{G953Xl9bDr^NPj7x&PQGl&J^KVeYg%x!f$YL`m;0XAqPCGoblhYS
zqnzXOTHQJszr#~I^|*(!b?NnP@-5>IZlNY?bR#5|ImDzPHl|Gq$e^4(lB=q5kMCHG
z+vY#XE!vc~-tI%bJC&T7oBDzDA-&r_6at0m&l44v<P{BFkXagszn>`m$(FzqI>or(
z1|mcTq@VPbAIf!wyH1uG0ZFJtrD%Jx)v4|Fp_EvBAGc$up=u_o@R}tEeO3htLfO-~
zgb&yamq<g7%k#7d4$1B^ANHqh`nR(-rpH49V#*6+toUMyTjH_YX<H(c9-gxyy(cVj
z+<NOhS=g!;sW9p-uX$drX0%2D=}zm~K49a=a+kZp8j6i%FM*6g4i)8h&B}Zh!=pWb
zd|*TAZS1eoC?HE($KL0xg{%+c<4)^c`Iv0&k&l~`XD820_D!BHnY)^-*B(I7$V+xj
zb_S109?o=seN=zpFQ!f_+-@5kumfe*gVNLK*8BGF0oM2BcV{cght2FRq+98JE}yDT
zTSPle#q*qNy{V?XQ|R<Q)`9(VOh)SbHgZ)^srOx3oF?l^I>~H$8ed}1jl5Hus@Ej8
zE3xM3=E9TN7q)Wfu{9~nMx0OdaK2_N9IuHMH5P8RM##&|Czr9WI5fjfNJWTSIKANN
zQo$iAe>~%t_g@d+-XbqF9}wLij8)mXw(-R&;!u?(@YwkMhU-@eSX-K!I0X@!tfA_`
z%O9G6-N`(?mwbRE2Xcc$QI0VpS%wksWK$H?-}TUwW1!aRgZWrlxvra?ADl=JkvLdO
ztRqrT!RCLm*2}*tRXEfCk5nnnfZ59j|L-%uTHudee?8@C=gjhxrABIP=27V+;4^^E
zUB}CIq~!DJf?q%;DTCR>|4p!RRLyMBUF7Qu{2~vwmDVl%Czs#bTv;uOpvam|e)m?X
zr%ADL>>BE6c~bSjJ=J-?KpW=>F<M;_m{#$5+Fy3V_EA}rxc1Mjkmi#oRqpi*!nX%e
z4w_vZ?Ob?R!UTH;jl)5A>$J1sK%C-#THPet9ggIX((0w2u`lUnsnT;2EiW29E%IwN
zTe7|-&s-81un#4h7FCR+`DJzAK<>kBNf@E<PQFm7kz5^xw0hl>3c_2xQmAqxd!sEr
zroaXt`fg@ndGGL3tGFqP;lO|2IO=yF4HcOEp-cC;%KQH?^iIINaoUd)aqdjXB5DYV
zQaMBTmFm|X0;(iu2!hu;3}Mb}Rlw4IeM5)W%lSUV`+t(GbolXo)8;A0OO-U#qT>4L
zNH~ex`Hpd1{gfk?-V06DM<FOBt2j}6_?G$&$Av_53WzSDEIK&|DC5{0+gQ+?!`dF3
zaZW<TByp%FBm}ptaW2@ku(XKS@5s$abV>Y^OI*T(e|=POrs(811@mS2=GFQWj6?oW
zbh1G>>A0qfPBsXA*5*INl>o(IHYBpO)z3;3R<D(5Rkf1&QB`ly2W%GK6bfrn&{}ux
z*H>n=)z9irWC1kVnZz)xi!+A{b2jaCPy#9GpK6ZmzxvQNB?jm(?V?Vdu8rKvl1wiF
z#USY0Os%R?F_^&#f-19EqV$c^wq$O}LT?@FwX+8-`k@e?vQ-@M5o8{R<c^6ASGo=B
z7`=*B)aWWIy3W=%extZpDPZi^e4B&DOib|EoWuo`X1`4yX+r<Y(9~nUmTsD;QNzE)
z)xs)9c7Ig14)_y~Zil^4Umfnk`L37?=X*Qef>cmgRn_x-PhcmKL3122XILsW0bo+t
z*l&Ip&+E?(C1vj*PE85y4QydIzrgT-#w0~v4^2Cd1$7V*dQ@YdbCfqHyUBN{<+~Z<
zt8NV67c>VbGtxy2mQ0J&&lc2^z=0T<9CStrCHs0;nG6L1I2-$>A=)4e*=JH!en_DT
z)E1#<#R3}{-jIW>h80&z2U!l~Sx!K2kXn0%LF27tU+Rso*X9dVl=?)XGpeiMN6>g%
z6>R!yq2IkD^rpwWrl9<qg7A0vl3#vJe)u-x!`4gwUGr=Yi0!oSwF)8>KG`fn`f`ss
zyk3vp;3^;fNGO^7nS(Jzr&1?gNy=qBU=%bkKU7W$Wm__KOA6EOyj;>I!aE0z5@ky+
zXh8GgH@d4Ic?|)hII$ODRQS29_1P-}mnwq60SEo=gCUa4b{!KLzLiyw6kFnp0@P@A
ziU&}uaL2$xJgbsf6{lE_7pD;m*Gb^(yMALM6q0g$EW@jzgyb43uPg|ET~b8JGE8I{
zoQlk6Qz7`WuvhW#8SY2$d#mo=A6o7;^I&LZ!ZzkT8G1XpbgWUZm9Z22oEXk}1dZKg
z8<Wg&V;MZU=;V6K=%vuJ35U_i`5`m!$?f*xP8Y4TMq#ne!mreC5j|f88m4}$h5<I#
zWpCMxiW#wI-vHEJjn!Y@aKy$an5Z{Q7pd_Pff!Y3MX5zvtvzoF?%ip9;|&;_6o1sQ
z|ChK)agL_lKk*r_t>m2NSofa1*CkG`y`<N)^pwF*@J#6`c<;NnlRb?)+P#K^y`et#
z@D=!38t+OLW4{BFF+1#whqEqoVyt(ksW~oVWLXGOdGv6nb(GP_TxacOREqwk__5DM
zuYSw(pCi3`9Q67B8oiqL`ae&vfM*!!j)dyR0Ct*CT_-C}Eh5-yMR7{`olU5y-gFW|
z^(}eCu0v-(c0@+yh?$8m@q&&rF|qk6dZoUmrD2-A>kEM^hM~TnoL=eXX(!UF0OgYi
z!qw`iMuvQIZ=nRqetz`IpSF*~rN^-;lDzz|L$CY;8j>YJ_kO9C-JGUZd{^|uZ)}ii
z+5Aw|vNxch8zX)u=9Mg$RwrQq_)v73j>-*^^>Zfgho5w=zNgk=v?5p7y;I~W6iksS
z*yhlS*oGCUf)NdQ1Yh!!K4>aJ-F0(jp<X_%FqHHgST*qcEdm$!(G66>h}3xvx-l&I
zBZsm`Uy<bB0!C4T48dqfgu#=<->1eCx=jq{ik)u`C8WE^@YNjBBcT!5_(x2#wxPv&
z|992<`N1m{9nuZ^hyDIv^TyTo8>RO3*Qs>(1Zm7c9^%xP<<Fe*Ut<)-`UtV8iu|k1
zSGt(a;^3hhql*LPH}eDLTmXOs>oI7VZrq$7D4*Mps?Ruxh{hb1W=XTQ;4R^z8V={`
z6n(alIeD7nE-6ZDJmYVDRp~>?m|e2gU$QfF2I?&3M|{*;yHiezh~767|AeGAw{Q%_
zW_f#lVzGM1OolKM%6L#OIjA=rgUXMC-DuVa!>+8>8;<7cL~fU?62o)Ay<e-lo2RS|
zuhFgHTZVYPOuDzGA*&~R(xE}ZZ7jkKM}(?+o)X?Mp!pJ#!dP*fZSaL0<acGgEQ5Yf
zl&RjW+5Es;dgr)U-unSJdGy0AVH_MWK})#k(Ll*zZNU<G#Yq+d2XsBM>o5y|Njjd)
z6`KRz4t^tVU@#{7Z?SA{<6(5v$uFh$D`32V4jynmOcG$-s631`%!<C?H(m*p&&b#6
z>UkpQ{wTaT=zeB;RltY`N|?rp`+yKm9jmC!35|ZR<SngE34_LSff5#br&3$MWxYss
zTdP#&Nws>ZKq+j`-o!n^6qM`|->rtWPQj?{6By9EhxHX)l7Hvo{G%;=5;mK~`&cbr
z;8j_#n{)jQ$xeP_^_W=yt$t&xdinh<J4J;D2V=p*WIllJ@kfsI)8>nb@S0fB_JFZY
zkGy`^9~+7S4EF-^-kyyI)HWKr+qPeMCg9$qE$qi5Ox%xQAD07{7?C5pKJv%(k96Zj
zz2SY<y~#yo(><bFESTP>Y-2*!foWj{O)LY{vF>e0`!`jO?EOe@#S1%qUa*$rZ4#5o
zrb4Z^cf%5`cVNRZetS2G6LVlwskGKhE9x{_D^%-vX>F0#U8?mK)jCyL_i4Qg@EKcO
z$e{87P21{Pu!+|L_rqV6b;CTqCE(hq?rPZ6xhzY6#XI0x3k%%zb*1!mCH)lRAsT)w
z=xzw3hl?kNvrcPR!?pbIH+;<MzmZFVoh0X!N)Kg++Tj;-_@yxYW%e5H3%@@uHsol~
z*uwb?8f&fZ?Qj6$bpeEgR4peTKr_k<<tA40$p=Y->B+U~Z+Nd$`aHSm5!MEbI5t+a
z4+yY=#>=1tqEDMc(|G%p0L)>3<XFFHrK|%C(>8&FF|nZo7-J!DpheIpvql9+gkcmP
z6ZbZ40gy(&8-UJSy<u<em{?JpUh=HYd^fhA?@%<CLwhSf0e6e|he!k?X$Zaog}WOp
zGrAuob>xT&%Uvj<Y-qcUp%fyN`i`Ru@iSOEEXy`v-6r>>(M?s0aBaK9<A?-_W;F;*
zh-eyz-Utr82ON5~OvI!Hkc~t80LUjhyPt|fYt;xzRbk#}<IsB?96B;T@wjxFMt4Hd
zaa;6l%N$#zbZudwU@ZsyKtR@ywh7vMM(HGXeH4fd^a)@FUGM0z{t89|uB4c3C#n08
z3c|d6Ec2Yf622|V*AB5oFH&jV6fQGxXu2w3T%{Xdhn$S%eo>h~zLyKpX}7M4BU=Sp
z{%L^oL4-O2T(j!p6ae?#e-7Xtku~f9aKEJOQvq%X-jyBUZ6feSvdrs%w{J7~kv6>5
z0B<;hTU{A0#u0LG+=ECAu#GH)4ytn(Bo~LT9$X5VTZ3Df91Kt#DNthH<@11YOr#K$
zu_5w0sP1^dbZU?t$5A^mm%Za_AeP6;ii75MgXXq#Wl1Fn<@tR62A=O%2~KIIrFWot
znQ9-T+J~w3det6R?Ye58q}p3l`!3Z!MYYdT?fdv!03vPx(XGx4|5SWMMu3!_=Vw1o
zv(o4AxgMx1Rlzh3uXo02wa|O1;I~T|%N2s(Sb;|H+y3xdtjcn~`=tO5U16NxSPf7{
zVmJm1f2?35aLFZEqE^*@PyrnI(f|47lGUA#>06d8Ip?J7rKb6BwOrxevS8`ussWNR
z%jH~fmaL3xmbn+1wWn3bhv0$Pd}@G^IFiM!Z@(<$;G<+u8sw9-@_d6<SmU`O66^Yx
zPA)%t9DZ{U`c$-h@Rfyu@^69yCvuF?qXhBE5C%*rN>%fWn@)uW8~v@X2`d?(ic!g$
zV97fn7;u=E_h1IB@5%7!$nSb3Xna#ppn|f1%kslbVjXKv?BOIx4j8H*sduH>K-<!(
z`S#lmCMX`283Cpf-UaGq>mTn$g9k|n#EP~;y7p0dO@?p>Id{(s!XDdnYY22}Yld!>
z*t8Y8RmaOgBikIh6>ukJgcJ(-2%7bV(5yF7G%Lmb`OVPjyfH(t-t!w*2O(ByI>8S@
ztUh3C>Omedzfd=;ksS!KyvRm^g8dG)8k9w?;Pg*&F5;&`Bb<wt>G%_@Qwf?uB3s)d
zk!<=Z2jqnu!2>T8Dm<`6;Rl6JUMN=WrK-JNwa3-{6{>x_YHv~PyHxuvs(q?z-^bsM
z_$0`Ry&y7f!1cBs8>;Bii6|vAJoJH|j9=p57glpcxEqJ2CGkTDk{lNJ^Ox~Br{!8&
ztSJ;~N$pQcACrP_1QQ3oA@LW5*rvA<HA=XuLQI{B=65vl+>O(NdI|dN44WQ^4aHx!
z(dFN8d~9q8+Hc996zbzIdD*T9Z#}dTf=mZN<L-O_8@thHwit*$SM`pA07XjDWZrWk
zIAaY)_xyDrEeoFiYlDz^nDW(u*bqRv0FXwksiL<xw7O-SO{xnI4#cLzhan)rqaTMy
zzmay9J|4iLkm1eJJbD9r0fW@YftF_!kA9IH^M?1JT#ZmJc}yr5rgEWNqBe#}Z*UpU
zMt0kj3j*1M1B>wKeB-ReZJ6V+)@`t`sr84k&ig>P>kkS&kc@px_#4=_Ot|h3idB25
zYOh!Aan)X-+Q+N*7S+B>wcn!Jr>gdS{4Ln0I8NLL!s4soHx7rc0USPXSoLQZ8^?KQ
ztL|!4H#Y2U&#H_67~@Fu>sJXqyUOO*k1BfB;&*QjjQ}OQEPWxD`C~=cM32F;<2@7`
z3R}2dckRoXuilYg4;p<1B!b4xfX29fXzmprC=jIl<cl^wRH(oQavGhF{J6GX7AmlQ
zPMwt{nSTnNZT(iHX%NB4YLZQrrSjQSIn4Q4VgJ<akMU0HB>U$r&d(|K&#BJOS?Xt`
zRzCPA-bKA5i{xAH$Wr@bIUl-l8MaL7pf^<(@H1y}Qzb`S>s{Fo-qI4AC>p8pOv#*D
zXpNAc=4s~03Uf@r70(^%jTPlbjvk*=>5UC_iSvsWg?Gc=JgZ^7@KyKD(v8Yl!fACT
z7pFM-JW|U$?6IuiTVte|zqZ2JT6Gqedf0x{u_tAy)+_3TbkkI+=0jIuYOCHmg@!5e
zq%>Sh!z3Cer5Z@Le{Tg16{&`=(NIc*T2^`F79pNLd>)_QF7`mPI}H8B+V_GQes-^+
zKU&-E*6glBzq8ibt=avDmRWzMRbDcLmt;`l3HZxnfLcCA)B%**LVbPa?ZrNFzQx4a
zi=)f;dRu=uQ#@VXR9-JCK@>DHHvA!(n)Nk#wM2t9yn!))r*)0}8`S5^_X%hQTS7zq
z)vrJy)dM1ZN#Q<%3jZOu%3~^9>TxL${Re5{5eT;52#U)JhFJu%H<&`utm)@7!r(wD
zL+4YY1>v+=ja=jcqYmfH$>W=7*0VugylX@u^bj}77|(uADc6NKXY^xAzb+~%5&A^j
zB}QUO&>UMVdWnVvy4#}Xklct019|PisJb2pfI-3Bv4e<zL<&vh`-u!5n_Ki;X02`i
z>CGXE>>|hlmnCW6bt~I<eTQ`AZ&Kq?G(tiqF1Gdm5-;&41NNI=&&T`>b4{EBf|NZ(
z=k62YB>-CDC2HxBihac$<0bB=zqCI*25iRG;2%6TKh!Z^f`=hsV6e69MO&x``bE#p
zRf!2aZ+~5*>@ih|$6&tg@wS7n@nYXKSH&5JJm1+W;>lp_aXDFjbKw&Ca4!^G5SrpQ
zf3RHcQvm}6mkw;v9@{4H;m_?)ZIU0<bCG-~;_b;&zm*rr9nuVaM=K}k{O?r*>});q
zteP4#+Ug&Sy={bwPT5YXFcfY~BT3j75q3i7&AGEM38xM<gR9|LTBp#OI@z>-({7za
zYwCE@dad1BL2CsAbEa2rx0cdsA9QEov<w1H^yQw+&o#1MRS9wEKFRvw-#Lq|lqg?f
zBxj*>6D55EqPqums4yNJ+;CyQ95>5@!LG@ZFJtk=#;@|lCKc<kg|g71rBIf9*gB-8
zVBAYSY_C!EeDYja9E2)bOj^vU=f!>s*MpIA@lCu$d;!$i-j(Mu3tV`JyYhK&bYu9e
z<du$pk7R`o7?+~?#c+t${5+4@EB4(skMU(p(sMB)##S%}ztJmbJZgX2%&GnvSv2|u
zs&~l~Rqo2-88?cT^_c2{UzPWm-ji6PJa=Aq6uZn=^xo6+M;Zmc*Q<LFVksAmyzWLh
zcmG~~VE5>*<}H0DduJa%=rOu}49fxYds8dTg1yH2$eym43L?k5XbZ`LCKQ6#4*yRf
z8M^DJ(h|i+m~y3h=;ONUc-x-JL*BhzAS;a?&36z-r?Wg-CCuq#v-jq?kIx>XzIApV
zpIhN9MWyz5U~iWViOFKjewdAQVZLCZTJ&{(B#z5grwxuvQV%h>Lk*~RACY@z@<)C}
z#ko?H>Y{C_UJrGX36qk)8?{insYzc`?cJN_Dfbm<-~Wr+Y_xXg!};-e_&oI}TB7P_
z(GrN;`U#I$nmn$eqLf=8FIsN-|CE!{+7cy*IJyG~QP!;^pd{7;mTH8eU;6adB$jZS
z%px<~*tKjf;8m|zHzMHW5hu$%qRt7q@*S`d9m1IunfDt}ft@Co+~KdDSdi!}{b57*
zn^A>D%-B*c3Gyf*N|RW@J)J?iIG1cBw)ueHd_d5LKlg#<au<Pyl-nV^dE99<nyRsV
zN8Bk7=<bFPmLmy0%-0^nR|aUyE!dargzJcKGaQN3>(%YCYZ<EZs+hbA(x8ZkS-^1(
zE>g)O3>;8ndH5OmmNw-{Egoj%gUtDApO76TU$EZPz}n!4Q-O)8$=d&nqKZq=hb&?Z
zm*|G~QiR)ywX&cB6Rd-7evd_)k<S~D0@qtNHwrEr#cgPdsA{Mi1!$PspLW?;{DaCi
zsxz%cN1|Ct+{_=HjMzXR9)k;C&(B$TfKgeS@CRAhUB(xCYN~y49T%<s6|S60bLd{q
zm5lWdYdhtvER@?w7#h3$uX4+gt0nedb!nZ0Cu|}LwIHdWptdYbC}i5XtM#~au+#eP
z8tl&J<~+##l8O35{tpErU*YqoeBMEOJ9-1Y)ag`^9LR3D5&Q>861cB#;zR(aSK*3r
zkBCL6#-uExD1B`t*Bp%94biA-Ne;;zPDQ`vzG{T1U3mc))(J9nxu5YHFKBgTbQCmi
zKMV&R+6G@Rst{NA^E|arH_N+1{ru+QIA6qbL<(%^<=wUU8yTIyI=s(s_F~7TnnkUm
zyXy+741EvR8zeBEh#cvxMOC<u)ZWwT#LbLcGQD#`JcI$Md~C56T|{FY&Lk@sMe3cz
zX-WSos>poWetB2j-9?*UM!OcBz+YjX^zza9+Cs^UnIJ1ZLShgf!y{T$MGrK*oo5zo
z5y7l$<Y*T=3OjPN6S#n(B_u^QcLa=q*lSw>z<M+I4*+YqkP+)@{GAhTb06k%VyM{8
zr8cNsy%RX1@=A{NeH<B6a3q!(faD=ATALX9NOR~h2aaxC4IHWCpx`JfxBQh`oGz`G
zNsp1J<xPHjqV}Y#ZzzxhVBHGbh*0Y{7sR=T%$(8{RV)_B-nf!uIh4%uMYZ&-dM&MN
z-WADvPTE}`x=VG%29SU{Kh@O|d5s6po|q2JD;OxT4L@iGHo4y>cUb$3-^<s;Uum{&
z{RI8aTPu*71^&=-q39=@&W~7()C=3cYi^$t-$UdwOtKJ+E&{cB?x=nk>NrlQ(8Axa
zQxpMzX5KNZpK#xPz_7vCEQIlRr%-<(jnOJWKME3T@MQbP&}4d#<t03P$(#}Owsvm{
zJ&4Xj@$PS!`CxgYP&fg?a2Crdkb1{&sHI7+J?UhB*Ko?k{`9$bm^VQ};q&YnCl&#0
z;1Yj?%8=RPeJ1pp2rD9MeA;+z3?(3KO*|@7*=fD_bhdCs|LyTn<eh$g<G7*~UG=8X
zf*5lmb4WF^coW~yx3c9#5X2F$lIPj}u5xTH|HUi7dy>B4Svz^%)dkw(-|)aSX3<_@
znYLeJ2KF-KbyAhIvY*hrk_PlfJUNXg%ZL=%O@`0MCdS2sdZ=0zSiEEz{tbg+ywsf)
z_MJ~=-AVcfAtl_|Pv3xsElj7a*0&f3F%X%CNi-bt#Yxei;6!9A&ng0P#sL|kO>HlJ
z5ijsX>ctvs<dJYM&!H}^FwTiPtsg%nr<8~DcvzZ4i6n9CYt&aZWlo{>HgA$!r*P}Z
z`Qs^^A_-s7>gKaRHc#wi<sn|aUXXM5fLTrrv+1WNFVqTiB|C~-u^XqI7J$19x{fpJ
z6#>_7^fNQYvy6+k6NN;5J@$I#^MbcF4OYmf)<#*|wt>&i;e}Rzw`!Lgt%}2vWR0UO
zgUUME!oN#a@cX)8xDVx#Vr^UP99K@LXTW_Ryq?-Ry<MJqmpKsvqCMc-0;{-)D%3f#
zygnYoSKwRZD}?3lN$gPp$lgx=mQR*|rSJ^Rr{Ec$V!_~=;<6@KP2h)eg*>mI+0z&m
zEC{1@JIds6u|GC(kU!=dPyd6YozL;|>5s)0@d4km42k^-_O=bj_UU<$I;^MfLspxm
zYf<>ceDy){$4xy9)&M~^F@3?z6N`}~q9Yiz-@Qd!NZnva)l=%_T67OL)z)mu3H1n+
zmut~2{7hcYebdK!BEtvfgh%_$8pe*Z3Mcc*K*`Zma{1%dVMq~C#o$_}=3JXq#l(^b
z#mB8D(F)svPT@Rs2E{>B$sH2yOc4n(tSMH~)6_)<sd!1z^k*2krTqG=d}LQ#P5w{t
zktmUSx91_3o&p{oep1dFAy_6{sLex`!7$F@|D$o4v5?I#{zFhNPW{F(DQ9eNd3jB7
zYR`v4^WPW05of>0<7h;EA4U3lu^S@psnzuxT^w;wz(MV&R(Aypj*3aE6K8kGhAU`>
zi*f4_EprCGwD}K0CKEsBPvl6K@C-<l65y)$Q6YKiNHg!C(V)n7Zg}UI>cBx{pI|}F
zw$wC?qV>t=B~450^5-^Zj_?lNZS@|MeT1*y!VxA2JIDGe*<m>xlmSXU0T#O$?h+O(
zd^M9%OJj_O+^aL=N`__b3i_X8A%GLLNSI2j=^wHfO?d<95%_y0c@0C*vxXpQduuUj
zanOo`Mc(4_N_oKA4C@8=bI{>_su_oaeXQg`PK}%hv!*aKPW-R?C5tokS7Lbl)dY1T
zo22TtQb)+t6?u5w>>ZodW|R@0Gxud6)TY3_{f3gtldC=V#pF2Fts}aZtyx?FN6nAA
zVSIXw!<1Vis%K;JR<9A4pq@kG930H5#*BZP`Ba=9h@-wjH)mgwub1r9js9i2F<aov
zxpvbPa3r&@fKYMqrZO1q*=7BZwXp$+t+yroM7_&%NC?U*LZ}e_RF{%z&%_XB271%&
zen`b~3}bzDBhWWL@e^*8lovKlR_M0@K}Co~`Qs<i@7ea6dGF){2?66dANw8LBsfgv
zQ#kH5Z!cuUcL^F#Sa1qoiKD&@#KQG>iX9Z1p;RcS0M>dW57+$-e$D%u{EXCWA~)OW
z{AYb+Pmi_{V;9E?C(@$boyrCyui2*J17S1Ik{-gy2VMNRqgbRMf+@;Q90(<XsuKl;
zoPpF60gR`}ytOjuEP7(kS&cQOf`oTkqaPDV34KR<{$t)d!+6wofUBuDZ!RQ`deL>@
zVK9f%#|nM_DeDC(LF?LTnSA%-27;7e>mvhZ1*+C~XgC{RZ~F6vJ8+LFo-stP-oTDP
z0%qnn<w>$)G$tD5Sen}!3{9^t`iZB>+ma{k;qy5#*17T)q4sCUmw9VtU|Dm*pG#s&
zVNue$5j7t{AOX|U51&XvM;X@&AU>a$V>uyMye0G-vyebX_e(Pn(+<cBn(`!Q91YpT
z9NQ{J_$yYM2c%KFuU0WvT;cOn1EylwV)A0(f#EfV&i7Y0dW=9+!ZgWQuqKb++$vTn
ztTmQ+&eVNdxSZ;8S&x8utEiPevZbZfZ3s*=YdH53Ng+$1yAHJN7EO%X6Z?wGJuyB5
zel6TGraJU=p4WY7dRLEo!lOAM*sfs9C?oVlo>3?-mM&BFE(8_Q;b{v*6^5KH<!P#m
z=6l5}N+Ps9?!W^`b|d(j2=E8cS!S~+&u;*^{92ICndfIjF6D9)yS&#%_{&=n#Sq;;
za*)n@e@Eo%Ba5U&t~=$HtGLDK(z@+^WEhLiJ+W~vHKrZ%CIJHxHirI0X4HcLJqj}x
zmrJy>rav+A6QTx_b@-C=?2LgjlQGp3R<aHUWF43W<%4Ks9aiQU`Dz1zHQDh<MII`!
zkrHR6)lH@=Ss)SN07PxUM0piD8uL29qUgTzGp2WQ7qlP?t0B}hn|%dFjiSYRbzig~
z;xE%zuP#{J<ZV{qnJBUcr$u}4MTOS7YgqA*AwmA?7o8=)PsZ89=bp`S*X`z#v@^T=
zyvDG^dVX8;SvnYxWPkai2@7KHg;jzhvYdc(SYQEAtB5aRx%koFI^~GI?`{4|m-2rh
zn<$?`07d^G=lNfbAARu=Ioa9qqg7|A_|f%e+VP`ra)aN_Nbn?I1p|Ei*KCQVUHs_z
zFc(%CgVxQ?H=X?{@uMC5jTIWo@;4S({omtnJV6$LW&fQ0jc=88NIL+stN)_E@tO1k
zu-N{_1^oE`gTHYcAp1Q0jbEvk_4*%wW97-PX(|p8|7QNi-TvYL!sq61yzb8mkNrFO
z8|N`(!BC&%Z+zh4Y;^O#+uyiQjS$}BbMrSokNF6r34e?4{;B<qtv|_q|84%p2HpRE
z^f#WQy7;&8H~#5=39$W-zw!V08-G6T*`L+l_-p7%@Hd{ohxi)@_{{hlA6+iw;AH;B
zySO6k>DT`=n?23M>!$oMQ8fSe`5Slp1H=1o^*8RpG?BmlZ}vC7fgSiCf8(qWhHQ<+
z=i+ZX?10FAb)t0WpwGdcl!oum+28m}zlYF%?*7K*zf<J<fBcQbKl%STf8%R@W8*`d
zb8*Q$xxevu$Xb{=A-2C@Rz{eP`pT^+3WA2H@KsJ2>~fv`Jw#_A!gh-|N{seM_B#)1
zwpUjv4ZrA`R*H9mbxEO8S2feX<pFUtV5QPN6JH0kF><5z^H)$~b?b~XA^EmxAd{ar
zHarLOg}74Wc(id%(YS6rI!QV)qQ!j78R8+Nx#2BhomC%_>+LR7Yy1>f82Nd#{4~`=
z%ElP2kjEoW$p^)AYOfOYefad``M8{SAzz}j+l^A#TK)8wV|bs6N=n%VFLqk>+^EjI
zLG$7umKow!2cam|qB{3AsqxF8lU<$b0dsLJzs*ralxeWX_HbMt7neRPnAjAfqV%E|
zu(Y}?(Pcjvy_+Arub2;NfJBt54z)$1gJ=jCu~I&?sJLeZjc1c*Wp>lHr@M$m)*^R{
zb&s++n4RmoEax2_^QQUus_pbd_Ff&jl(mvM%UX$(Kk59X*MO<s;jA1>)Y{^SHj(6s
z&Qt=OTlivZZLkWpzo;Pxs#}7tXVs|Vt!rwDb3+xM-_SiKQ_!M!p;l7cnCzR%Kc<qy
zH>)^tNm*%ZHyU1g`_Ss*5N57FJtK=F5$wixyAdV$pPmu;k&@uQ8^#w5x)ht>3v*BW
z2dnM0`^*98@pDzF6#<$^{5b9wSXra_9iB>N=cB~`z~wVuQA-w}w{}bBGiT4w^HPZC
zjjKbWvR3SIXu+vhEV?FirsqikbV=bK`KUBJIB@}+rS#{d$I7gpzBCvsa{0{uc*=iN
zs?|waLJEIHUa#;PTO+%!?nWB1q<}}PA9L^;Z!nO6@jxLzvd7~!9_mk%Rm`xwrurT*
z)m@)7NKLuQv30X=1LR~ynPIK^c(g@6%m-xUyv7de=fA{EZS44zPCcz_Z2*XOSKW12
zaIDpdVju7qn-Dc)?9H=bIwxEhc}k{+%3K^5fnSyOLL&cdnDVqXod8sR9<YH*@>^!X
zlR&W7IC@fmqTPn5^=XJ&Yj<)^yYrLX-)P{IdKm5co60)`KxxnFPv(|f+Yv%N=2?+r
zrTCy3uX!SSt`3dO0-?}+(1Lxw8bg;KQVT{J)<>B+5N`H-v$G)CZhCpJMT@GSi+O7W
z7iXDhWa}mwTQ86W3XPLrW6TGN(~HyFw%6F}BRQCc7_Tvv_bLuGc06paIjtMhYlEI&
zbrm_9JNumWa1mL}!NNMd;Gs@3gY?ddy|R)ObL^Bo#5VcpFj<&eeFn9XUO&F7pUf`R
zobsoCaKt28Q}g>H6bzPZ!z6i?g;nvYebP8ZU3_qaTKJOZr2Q}!O`PDxT-j9YcW(%<
zw2hU|$gRps`Tf(??dCsDmz@zmf1}_Gtej`$t8@d_{SOLTFaC{ju3LRKi<M=k^+WJU
zHZ*uU@_Xd>We@PCtDT#Nzla`rvX&|3Xb-GO-q=`~=L%Hgyn;>Z8ohe@aDCqKw?59v
znafZcJDHV5UI*FhrkxZi<{>u?wSN4>KpyTCtZv5bKhRC08;U9E@H2nw5z=GT6qoH#
zHb;4J*5*r^lYLyDz017Un|p6X?!AFX8|8Y=BIX_cmRhK()R%{F4&wvsz69l4!+$R9
zUlZw5qj9pyuFw{}Pq7;)`BF4KwpER=r8CrB=z^M5qEs9Ltl!ZjZc}z<VbT#xCSIAk
zggNbD+2~`DeBW+=Unbwz+uwQ9UTd}ey&lghuRFYS25!W@MI)Q?>ZKFDFY_9uo_{dM
zoXRGzoB~3D6fF{}F4>IrSZok`MGiqcZLQ8s(@PjBNj;vBhm<MmF1QHkDq!5nTE-^v
zl-Ia@IVeXGA?ww+mrRIqM@;pn{RNL*;{mbS1!6;bNA4}knS&d$YS3L9Km?fDmo(-5
zP%t^r=3-BaNPjT<9mzT@jUJ<`r)jj%Z_)|lq@9za#?s^yXEF?q4HSYgg7^E(Z!{hD
zQ5^jvDNG)Wn-ez~Mf3D(lGg<5y~e<KVgj4EX|y@8)zk1!9%XlMh7~(ztI-_U)fI=>
z$YI>$k3)J%dAe67S)DhZ%nEJ0#D;gXr)_Ph((Ar`>5LKn>b3F)%xUw=gPW$~pE|ML
z>mGQYR`;I_^Alb!Z_}%N_w&FChO|01)n$b5_Zl~?hGlr(9>?Ll&>X33HmA}IwB|*Q
zbekJmQOrbN+U4oCCOJh6fUG`&3weuR32`imaZ%jyTk}TWH=(t&cNk7b_#WpZHu2|>
z?@!=6NqgWks&Xn1<+b8p|4rt|w*J*+1pnkA$!Shb8zx4v$0a0Ad32APTJvO$w7Si-
z$(*$XQg>27Av13+@&Ik=xkneu^S`I-fcdZjit>l$P-w9q(H32YyDae+4+%FCs&og%
zue)}}RRW)^^P+O!^6A*R!^_+S3&fGbw+O!nV>s8Eq}3=`AjwT?ma7$H2`ERz^FCw9
zBGBIy`aCHZTV6GB%M<gt7?l8IAopQ`MW9uU(NqKKuzU+7V;=z!tvKfm=30n-IDYGj
zTWQrs?IZGOqo?-hJuB|vw^yrd@wzu_i@(6aIm_D<28X4}tn3o3njT}V+s8WA@m&WA
zN%bGG+fLj><OdGL?!2F9byIj!u9)FX*jR~u;72`Wd9aQf;Z1ar@bNfqDGj>{&ETKn
zuXm}1iP0Wg=j*o3)2$(SK}vr1Va>O}K?1N?IvB3i?nW(kq0GIy4Q{nuxK)aZ2!44&
z{!r!XMQ&wjo+WESHiE9;L<}VZ%kj3*8InzJSY7!a<pHBLv?tkB?6nl$@R+<(TmniX
zM`5xglaAMoQ_a16N&JA-@kCbdiZt%>$k=^<itp+&P=?;j(0vU33)wFOSm}&6dE7^}
z#lI6Ut3Je-FSEydJbTRRRm4MwF%zkGsj5%Lc;_(Q%k1$U&y4rQcH<2#W~`ybiM=wd
z*i(W65v8X84N*#xw_4A4!kIvM3E1_Gx%f60ts+D(oC#VTXM$hduf!vH+$wodqS5L}
zBK{{cc)!3ugy083T#Uee3R99W0tcMsHa1y?!^J$^O&A9T5fH1X5UUpb4?KRfzr=*f
z1giH3N*-Cl5Je@pMc!pTS*tc8qCN;VE3h6`?W%#W&qZ?Cd{m)gDW!J6Dt`d;yDQnf
z3`VntI4F5nO}#ZkJx20_JMAyatZ&#~7Fl0YUu^OquOQ{SoH(nJcCql6tIsy;GCmWJ
z9p*|+K5I6MKZKQ%$yhi5wI-*N&^*}#2PRzUg?LDWV!d_j$9OSz&9ua=M2D7T))rd0
zd6BhVeMt`nms&NLWRJ}Ai>yC%c)r>Csk9)b$QxH!hI9fa()CB3a+XZQ^NqrwZRa`v
zUv)ljV;58BslB`&d1siP2n&fytAw!orCu)aogeGwSMu@Q#L<fg7R*K^8v^cz>ED)-
z;TFpHi3F$3)u1gp6UrJiUM28d0yXp!Ld1&*yrE#*$PK#ku49F-M(EX7@kRd4<<e2&
z3CU^@56uipb>cPFMkXMsrbPSOko*RdV;o0=CEJ5!u5ho`A``&9L59PHV95rpZYaOS
zLxofiy~sqBr_Il$#UBd{bWwn^Md6~BfP1gDFbOW=j$$o>10nom;%7AA@<$Sgl5w%3
zE`+y}&yEgebJ<TV6_=lYe*&`i2i?21g_ET<a=3VUSBe(@0Vot#r^v2ddTjhIyF?wK
zN+hDkuX`fMsc7J2?XK06wfEOe)`sOYT*FH^*QJu#Dzf*uovbSDA~ku*L2a)03@UK&
zcbEFRkH2|mz&})g!a9X_60EfGP=hOUE`1kB-wo-$NlVPF^4EI?Ii#U{I~g9lZGWv!
z&_uvkEtz8ofj@(Xhswi^leJso2eheiWT#qg$(iiY=HyY)El$e))#3dC{>(~<53OV-
z0~bYhGtn`->{?=-iRove;KFlRloJOOV1MA-Rm8spRv@3rY%Y_DT~?_67OTH#UmKZU
z1M^G3OXHih4^SiL6)uM4iNi%xg6;$#^OF7p7xkC?PwcD8|3m<cSsF05>m>(*6v_bb
z$YTCQ&MzS=0i%i-$u;7!9W*vseSRnh`#9NAiEmjBd<D#^6+-y~u60nPmO#n&(4_%!
z;}7$g03z<vanMN%IxK6`5;>}2^?*LOs^0I~8FYO_XTr7wj6nfBO9>_^#4Am!qwcKG
z5v%nF;Ep3eSlJ<wGC~7RTqZd_vMyz^7G(q^Z6NViXtL)}Lw`J_RUWmEcm*eEC^cyx
z%ae_Zr#DWnOlH#xSrRsFL--ZHdtJC&@<KhAlWJ^6$HXe`m*w-SP0Aa%NC6b<w;{|T
z)gW?k;ICth<U<)3D*&623Xc*~hXW;XG8*dTz7{Pa3{;T(?j=V9bnK5DEuPM7k0icG
zyIx+?GQBrx%ldM#?dH>HCTI(wxs$co5d@ELNJ#1i?7ZM_co*0a%}LS|c|+2=-J(iH
z+{qNr0v4wFBX4~~(m~?#3cbCSkRGDfGOc%>Ms5hLP@3wciHJR~RxE9$($*qvyQHl`
z+QuK$?)LWL_}pF4OBPnUg}(u9svb$y^6tFwZ-bNr^1!>hRS=1BoFMQ3`5IycUjP&f
z$+|{9Bk80}byB7d*5&);BXBt!eIv5t!SHL$x@!<fB&QC9hshF!mK;nngRI|KEWl&^
z7M;oQ!W$7B!NN{^*A9)}80t&?J%BDKkv(gyI~O|$@L16O#>^f;*RG)Z_WYnWdKWo7
z@~54x5L3XtRa@|94h%=-GQWGR7WtJrs-)J#M{*=6bqiRgYp7VNiPmx{b$-eiKKtKF
z{xs5wmmI+PzU#E>%i>F%^CfH*=j<j|`U{nc?Uvls7l|BD_jFEu>5}@=RXKHnJL(lW
z-$w{ZcD6NUV53iAM^%K$NzvyRy6b>Gr4CwT4;bY&2c8wqJ56oPX@&MjvHbx~5uDlB
zDU1{DC*#c2^Wb@{P6DGS(AY0jsVb)KAxN;`GJH-6paXv~q~UV@n$qVFjJY`v5XOtu
z-5B2KcT;d%)L;phbQIZhZost_WS01ruwHoBTK{=p2Y=>&*&lF~DbyYum98fdJkSjk
zb^6o$`G5`B#0`!=;D7N|xT|-KY#l{Af56jz2;(<^(V?Ud9HfU+)RQnqy!Q8k9J~Iu
z@DIin5~0(ZATbh{5EfM|fYvm6kbH=?XhmCFq0Na?uiY3oB)dSy=kdJMPr80Q-ZsTa
z)Jd&YolJq*Plbn-Bp4S{e>g}Q2=a9l%9v`)&j^#RaC)(*S~jcjB-j|jldj>x<WrI!
z!AXZ8E4#AvWc5d~-&f?kFXywqZwGsE!u!UY_&&+!BE`Td-j<$1QTWo-6iR3<mWj#a
zzcUish*8<kADdH11aUuWyZ0z+`c~^MUWR*)$|;+{M=Ab~{Mf>39e-LlGLm<Hpw_8K
zi~bj1h^i-S2Z{U_{P37FhFBjG{UNPH28#7&xWq|DYt^lz3%%y7{<8l2D7Uampuoyg
z?_T3EQKB_H4Q0%+rgw88OWxZr85G7+9`VFRuZkQ#bLMb-c8k4){@g+!2mbX#q_5wm
z`&zL`0X=<1o<$w(bT`oHuD1O2nH0#|Y5k_!m9wali0)CvEJq<ZHj2?6XSUYP3d4;z
z(4VZ&rUe`fbsp07xW?mS%EYNv_8~(KnBO6*^1E7{#gF@PWBSLnlyP6UonIbfv**5G
zPVCx`Ymd^@Bu(1m6FW`5?D|fG?Adx*kE%3Zdn7k}zQ+vrBTg)bD0!bKH7RD`E0#}@
zI=)33$@_B6>HUW1hDoFJzBP%4<ODB*a`e!g!Fb1Kwr>gXg2hCd)XROP+$Z^&^lG->
z-8lP=rb^Yhvwftw_{Kuk&H)z6J#8YuVOC*dZmw*^WUn#3Q@tyx1&uofvSvH2(w;6+
zCaX0|=Z4R`Tk#VDKau07Yrl+V@BxXI7^t5QV}G(J`+<raqahlfbFtC9!NMn^VzgPX
z#N*yDw`-+)!jin2A@coIh+_#UsPZa;vAkNNnfM>&v|j;XUP$RWce7s`$=e`#OR7}9
z4P&1<E}yF2$Q5%7B1hUn#bQ?+p46#=4F(F8%sT=zQV||zGz`|@ox@);8X6Mkx*Fh3
zjnyU3O0k>1ytQgg>V^V}E_GHdXwRzFxSC~hwX#79UmezCJ-4i6DXV)6ulaRSs$ECM
zr%r*~&L1Va5sc9@`Ug&SH|T|NfTb8>Y~Ju5!=FJF1H;`k7yo##kykT_uRGbV5@>b7
zj9{$5pxEwu(!fqHz*rXQ>M`B!ra9fK*2pF9J>(%^<DZ*n$q||7GpC-XeZy~0oM-lS
z!7rxpgYw6r?h%FPs8xKC=g?Zp`Fa7mBxKD?T<#oC<m2w)64XN%<RBl1&b3c|_ozdG
znp8$J%pTVFNcNDt42OBI@t*uP5L1bv9AZDPtxi4Q!OcH)wsjux8Fvxq3L-mX`O!3_
zj&d3-?S~(99-jB+@vDXXZhBfG!sI1+^kLsKi+dcR*@g*K5CaM=hU_J9<ZS3bF?Npa
z)@egrIh=t4re~~Sf}welW8K5MJZ4w#fL-CYlADv=(S-Yr*X$&UXdqgx9&{~%0LFZY
z-burYO`lje(^-@cBWjL^))eAxWwbusi$U_rTQJEciN$PvS`;!gjHAJs^aN!0)TC7{
zDitavFZ~If$!RU(r5XGsJOw_C$L%@Sse2s!E2#CuT<N)$6yDZR4o<tC9fsj5o{|3l
zF)y28NWsJP<CR~Q-TejjeAu(P9U(OVp|jQ!UXtu7^Pxs$jx|rcQ*Ggbj_*v*rkPpD
zY)0|cRJ?@3#}lrn1ftix0@kcB{6+h{4|B5wX0Xp1Z;-lp{nbmzLVnyDz)O<DyvD(K
z&*c;gj_yCuer!hOF%pKzLhnHfhLu5{N}}fR8AAuwyTn?Oz0_^iU}tcDs6AnSJu*JR
z&Mv~rI`55qz{!4Bcl%wDWBK7eY~|CE5>4PS#2b^>dTc<I3n@VT8W-$GUt|d!K)s<v
z02Nwf>?}L9lIT?Er!>Lxc+4AyJl#WDZl#6AmPuU5B(f&Jj{1$A>1>~E)@^hxd%J6H
z_TF|_Z<}5bYy$~A6e3~DRgtzcrk$xm7MpTp5Q^=q$VU&-!Y>KuH`YWBRuFOMrD#=K
zxR>_$SV)TdIj!z5+z@Fxf|Zea_K%P1<X#ibZ|u@FA;w*My1Q6Z1$s>YD0^}p*<mQq
zIEuhtN%vF?rGtu-+zP2}bT%J!CFTxTxwcSQinPfYtahjPASu@~v!AuGT=<|iYclVd
z?1{|j;+lD(l09JD4RA}VHT7$*9M7UrBp?qBgjq=Mzr@f|1YOh!t=2_6E&%$wIRXPV
zJ!q-Ds(ZMXIksPP-K=iZaLN5y>yfH8=Ggwxb#p&Rewab2_W3lLedtUUzrobK#yU^r
zNItrxjfn<+i<<ecE#9M((PPuFRZ1NtkuT7+pjVKE1mIK3BQh!8-JE&B5@esdi|SD|
zxm)DxP4$KHeVcsu)>E=-n0vK+57d{+_vet0&>NsvYFh3J_02r2Zkk{}{H)xGmT7A9
zd-AQBZw(WjwmETBd!hcB0eH-zOOT=hWK<Ld&4%!MRcj>u;oZ%UnqMaWF8Jem^1Aec
zBBN{m;e*QM#{$c)lmsl+@OPyBseLqX`6Vu|Jf9g`b&zt}<wk4y3T5P;w^ll#(w!U<
z=aR(1%I<Wnk=^M?zo-~E$#}_Qd;l(v93_F7*Zs!q60@_myns4qyJmmEy>&K0<#vpE
z=h|UsOuLj{{cK<d->dK48ID%y(t1~rQuSRgId3CtCuLby(HJ%VFXr9_JgVwy{LUm3
zNFaKGMv00xYOKUd1x3q9kPMlD8JGcl6+sK4MpApxBFq350)vwg4#y*DtF3MIExl-I
zwMwl*ynqux5<n$@S`g*p1<p7Y0Tl=+`F?AkxdrV1>-#?6^L<~QCo^;Q+1It#UVE*z
z*ItWV0uv*5^vfD=W89;8EE~nYrdKwKuasIm`X|<pagF2E>-)I%Tgy|}jzwyP1SAz?
zhu;M0LN~)7D$&IqX~-)JkKi?nG9GfL`9{GA?5V7~uMtAwEw|N0GqFXQQf_S>NH|7x
zSk{kdpXzMv*XE1#jgm)1SF~5wz2k*`9I{uyj0*P)VpZapTPz{$9xQ{qQhqORBh|~h
znE$4=-Z)cIctMBAnjCAL(e`8s2bpVXhH9iYEKrA;);Y){^z>9ovCg}m)4O%dVHT7q
zzuHpZR9TLVA<G|S`jIUXchanyUJCE#jm+((vlLyF#rT`q_F^n2DeF%H|8-=|K4<uO
z<{$qZ;vdnTkGoZIwnbFf>>+0gqHV_$4S|{Zvfl94&=*N6Xk4f6xkq@dOc1QADaRf6
zAP$;PW$f3Y^LWL1cpFc>r=3}AI<Ijr5Jxe4)xG%Gq3{*S>VQ7EJ!saK`lBE1mlN&%
z^jS79)OUo4Ci!(7uT@Yjv7?y}#xKqo4qCU;SnXQpcWI!m0ybav>|t1xsy#c`FQPOc
z6$gI`?u*OkWOs#ZTrQExzlZh&W}n`dOY_x!ev|B7Hb`!<ft!-l6hzh?Lz=HGXC_3B
zl;&G;6d?4G=p?EI;vc6fU(}`Y6n#WG$K+w9RDfjp8~QF%i{P(XV;86BKi#G_0;w<+
zkb*pG3=K2k!t;%#MSia2@H)@(olUwel42=gjAlz%7aAII^$rgviaJm6(43lu-(6T*
z6FFWI9v3-UfW_X?lF+S@qh(=^62_GJ^l|*($N$I*nzM!xUpJZR$N1cS^p^J8j%NDt
z#{SI6sWIG}7Ro~1_$&w`b&jmCzTyNgNl0-yE3xZOZp<(@NuVPb{DYZY`3KuyYcAbM
z_2qR6bcIQEwl8k_l7@-QMWWwX(oeNZ%}ce^IU{$n)AND81b&4%u_mg8hIFqEcWNuF
zYWgpga{7~J?L>Se`T?8kM_S|WNRbHl&?L5@pYi05Tz94xo6j$HNXA=RfzUfFUoT*H
zEypL$LdmnXThH_^-bz?{k|<YQSr#4~G-g+-efuiB-&Iz~8`+=#igPQ!j#~u33be=0
zT|U6xxt|7Xshyk9@8Z{j^>EmF@dkU_#wiWXb6WE_fPz5R772y!AJ6RKlJ!=oZBYC?
zD5T26lof&ZeYL+om!%h?3pr*DmGf-DvNUMUx4oDt&?upJVqzuuk=^?;{F9nb%W+}_
zyRhcTz&1+Jv;v0+eRE3lLKoZp7tp8spCoj=t=mEDhg(r=E}i6W9hQRUb!FiX@F*&}
ziqJNaE2u(Y+QfbWOyV;T1PZ^4<<{$0N@(7l)@>k0@)?^SS=hZgKXh(&VfdW-=-h7k
zQ_F<(`V4><ape<hqJ=G-LPyZsW%MHoMylWx3J$H0&Z6KTalV6t(a4be(9PBXD5>A}
z)}$@3?N*PXD15zy+@yo>$94x_Cll(q<Ru<$`LulL*-NC@6yeS3iqNO&fw1?34@)ub
zm}OLS2<Y{CZ8yJ3FrDQ%MEsyYCi)5)-a9Gc6rvtUJQ&JX{2D`9s3o<OeH-kbfst!b
z1Ro)1Xv=+c6z#!Y+&zjnrkbMUE^YbD{ODeXer=?~8R{hpoC@3B3_E8ze4ejd$5N)I
z0wuxnn*8W4hn{Z_yFY4*T=Y1JA4&UjIEKdcN`eum%%U-JT3AqB7%EM2*1wwmokJXG
zz>G8auL@=qkI*N4ycADT4uQI3`g@=adCFCu(0kPdp$XN_@Eyj;a=oo;{~Q-qL_}4J
z{XjS_!RNZQ9%I0K+kxv1VL+T#2<g+x(FL*C!{15Vn$8VhU1(jFlP#rGT3bLAA;<zc
zIusr&mOw}X=H)FvFUm_^^v!efTPkUy+vpJ`ocRc2!pBS02xgp(gYp#Kgm>hIPpogs
zVpMpI^*e~)2^cl)R#?Bq(zw3wrR&iwT1R*1*&gX+4>hlTo*r4lK4VEOpGE+tR_mQ<
z3^{d`|5naU7{0<r29&s!Eh=}yYA`Ilg0!Ii^$Cb8QdYkn!Z7jjGe+Jj%JbuJsfn{F
z0NY^0n&YGai+pv0nEBSPK|ldoY=a`Zg+t!6r<`M;@M$Oe(6BBizs=mr2(6`mv)9Ze
zQ)T;TlqJ+vKa=v8sBh5^`Z&%q3U_SJ;FN8BC-q=`x0Ej_orc39r%dAI+xgNTe}$LH
zvr_sCIe$g`_(A(qfBoxU-TIA{M*_wZGTCynzDr2>E^&uwiAShLZf|2F=OItkQQXZH
z{9v<`a<w;9i8>FTeyv4r<3`-srNEC7WM1;wT!1rN^HFMdM`u?OX!D^F)CiXi@e>Ph
z4||9HhM{`s#Yo*Omj-d6)9$Z(13Lq>_;WdhIXdmiVBH}+=oDbzYn(PhFWawN^Gil@
z;o5!`*ftlR6tBrKoRpaQPpoDt-^0Bfz7eOvUw6ljDlQ!{W|Sd}K7m?+lr~c6yu45>
z3U5a8#!p$g@Q!kFp*uGv`>>fb3V?C`SP;IH_!ybDCGFmVpTO<4mV4>X*5IJol~$-e
zaXCmM`$wvF5O?|_WS=d9(S3J<(W2nsrQL(86TGyhAS=1qk>3-v?wq2~TDoS<M`_=+
z1uZ6KZVG0r`4OyZ17ZNlqqlmhU@7199eyW3h~enog3!g;2@!ul69AgwL{e;VjL@B*
zD+M#gRQSJ-9w(UbkEkvkUV|7eZ^)o?{N1bB0q87;vV%Sc;w+Pqnuv0l2$gPn1|o!K
z-rQKuW<_?AVJmWyGqpf?<ppTPNhY=m(X~z@_Rap8-*Jco&BQxu>x~H}1&o1UwgW^-
z7Jx=U9e8^Y@V8=!q%e)nyl0Mq*}oA$VxOqZe~lr4#xZdb(+PUduEZrIB`gVLEOSko
zr_#cktkx*LOT|imcIA5o_|)Vnv5t?NLO+BbNv_K#fHS{B`b#bg7`AU0<8fI}>}rIc
z^GZAP0z0$C^a2{PO9(Y?^k!Ms(?5|Zu5AYqRf)RVHry;P1-dmJJ+!F|kwvd<vzJFg
zjDNDoRAqupM+KR-zjqQcJ;qDx!cTIL>A8Ed$aF0>E?oy5>j|<ZK0pmCT9+E!k>j&k
z?@V3-e@VPMeDj6M112;t)qBFz(ffVWncU^G2OZGWj$v(+hK#~%{+T6&XL!(foa9c^
zI-kKO&r0^j{ov_IyzOR;uYa>drdASC@T5<K|9(M8o%Q|?sUN1|@Q>Mht|3LxbvFNt
z_|Ncb!VjnXo0JoG9AQYDizvy$wPD(~h-ly;o`Dj7YfB`O0lRWP@!FnfU?cN2kG1~_
zxwV6yEm-v#QOumaSB3b=A5k(Pm*Y@}tkUL7?2SMbZqGZMKJD3!*i9GvU2g@np&$5O
zva|m+AH7LHtKG#`5xP{IJ$ZERTXMQT{~{@@%$A)P0@heh-%SVv!~2%ViX3vsN1D}h
zmFsJ>Y#??YcPbCZ1X<Gupa*4*sUdg<G6v7Ua#@Yhct1R@YmHBUY>K{Wr6b$5UL*J)
zy35x(bU*1Zqa!h^7{T04+waq-?gs+At5xreX-9OFRMAyX)@fiSk&?d*zvMU06Ys@-
z{Y;oozD5!EZAbW0VNXXf9k6dXf@|U}CMQiV5%vPaT7ElVP6vPHDC`G+=2+G<<Vx<!
ztunSf{9M<nl<YJ7M?_&5P$L7XIbnZ{emYb9A0ogkc#6e9tOS%nLbcgr`fu)k$lHHA
zhF}<?EeYr^%mmAksUyk0`X;WBVJW0F!olb1YqJCre&#jqOMR&|evkTsu8*hPI?Aa2
z%nfH;7&<L^1@Bw&^FIW$0aC&kZ7m-zoUkLbryeo&CXS`EuS2_eJvzVI8M>UKzac`w
z<yK2xbhiT~+n_{*-~HD~7dbj<!*6l8A@K@?&23CVNiny=&Ubq9d#W0hPbGy%a0WG$
zW6X!R6UuU!*zD%o)PbNFh?wq9zbnp(+WP)+ftTCp6Lk;jGhd5!XZYX;Slbd#B;-lo
zRNrJbtTlS1UDJ(e+-tZ3<UzS#o7jw!9-FI21Nu&V?CUsY1H{%$poWGhPRmWcx()aU
zWD=J8U2n{(Li+*z8t=&Lm(a=gj(8}v<qH~w6cQ+n(<O`3Pw)Z1l!QgZY6$bKCNH-+
zjNsw`vDiiI=fo53$Fx!8iu=W3;Y~$e{nk=6$fCRIWZy!`OW1b9o>*gY1mmwqjj^wb
zyDKKw2)>oL2XJR6SKtva9KkALWqsjqA;{CpoF%=-wk=FA+8!)gZT_8Vb;ng42klvW
zjSax|@l6aI5BOe8Qwgzs)M^i+&1G#b4GqV4|AXAhk{c1+(GvqyJeq6sFQ6*+H#vFc
zo5lX>4}_M9o#ztn*-1VwR7ojZ{XfX+-#*%`yp!-r9|{E6sy`g1-}qtCFnz*@r9)di
zA1WvWstzH(&#4gOX+0bdNboPL=GIzAq;ex14?=utz@8Up4INmGfzyZV{_MSD7yERg
zO^#r%9*P<ueljd&Ub65Eoloo^>r0Hk0WQhvEocGUr4fNIOGb+>XRq?=iJ*Rrqqp^m
zB|PezQkWL|C3|@iL|8L3SIKJN?)}#9v(QIY=T2EhK26i}@v_#BfuBT1MenB{P>cOg
z|Lxo(B7PA{yQM;5lfg8<i+?h|F1ouwCHQk=B?#oHOkvQPa>9~<Y~eOB*~9BB@$BAo
zYeU~**HauOwm*&7ZP6G;cyD3=8`q-mFn^<sJHO0xFLYKSXnz+vP=y*}b|n&Xg>Vwo
zm=_tCZ=2NzH1Dn~3N}G9!@Uv@PzORG57?jcTdWVhh;$TBJ0EI_<4WrybQ6uxDC}^>
z{+=FcF>!2{{9bjB@JOS!&ma*<vTwt+w&aD2Ha50pnED(kn|>NjSd}P=IIL1;^n9_X
zv=saKKekN$W%Vhcp9?>ot%RLY45p5-m6}7vNLFk7l;6<IB|_x&E!M3t6|DT`Kpj?W
z$LCz;Hzzr=gOmAZy}y6NdJ;_xI-mECq*wg@@E(F$K{p_(j)WI^hGDs@He-sp6lVpn
z@55Q}Yqa|VG#E6x2dmbIwpD_M=C0A>etg?y_Emd{N~L1gD8ak_qb0f^^j$)1{0SRU
z$eOoFEzTAy>9RO4s8@><<3B{!;G;y~_>;XPtLMTUBj0<QS(3*_>49S`$s3Q!l024L
zl6%?c=bXh_l(=r(mXg4&cS(I%bO+^T3O7lRpHge_n5;#CgI^!w*GIFv4wtnk_g`Br
zeX?4{3O@y8iE+XSpKw4Srs)^l$=cCexohVe&P(Qfx&$huk7Yg^nq?))^;m3w)yDay
zy>a4IbA?#_%f(u6yL{r|Q4a&FyB8-X1obn6`luqeKIa=KF`10J7t3v7%KOX}WB9Tz
zsgTo(M})owU7s>|LVOJ+!jQLJR36+S2olby@d~xwemZRk2-!TsDBCSs->Vm*#VJFp
zjL=oJum@lAyDWSzai+6{!>x$}tWmZc<VlG@jb$?7Wn61Qi%blL_@2+bE=6BaM{e(l
z<X4BD`!(<yS^+b~{sQVfbS<D^J$Rc(83Qc$!fq&DuCFc&-;E-!JUXj1Pg4P!C3<WY
z<(oJkt3(E_<eosM^{lG9wp3j-E~r%zZKyi@t~v{}<z3^Za<=nPT;J~0-?8wrl$ZDu
z$d~4qfLcG60P^Cnd9e7ucf#TyX@|v^^JHEQv|p~{rB$<oJzHCLjfjiwci<h80RR9A
z?66YaSMXjj)(sKSxgVISe2z!N=QttC!;E$8f@F8warivpsy};Q?qNk7$R|calT}g&
z^4a~doR15q%4vfI!oVZRIoTlgda(kJwJIvnX}x-mNY$+pq~uRW1hJS4e0hpJwpoH9
z?PRXE?XB8L0uPy8Uc3L#Aa#0U{!$_&cUkoN2!L?nqQ^4of41o3q2YSN(_EIfxj?ng
zs+GS5n6W^+EdGlCCV*qDrgmiRO-nhW;b|cPqs+>?DJ9W&i4DlMT*iOkLxSMU&e@uS
zRbR^1%uWB#vfJ|Q)U38-xTh=$NN>livrD>c$M%8}z`@e9iwa4Yeme%}kBT%nZ;h<x
zuDfWPRel?Mb)i*oHAvMnc}4Q_<fTc>^l<Oa#Fnawy^1QZ9^hm~q%OfXtMa!<U4##n
zq^|4thka}fbK@km^_l$`dl7iSe<E5%kM@{7I(odv+!5S8cA|RYu0`m&=<(vY7)Tse
z#tny7JHo@PpB16kk9PK)?IT^8IB*G@SD`+z=otlY>JI;5`(5~>oHt{r08h>wg{XQO
znzQdP=d$%PX?vD5zcA1?aY|b~oVoDSNXHq|d*ch3o1+}$U7z@GV8}z_mwa<L&(G}g
zu5Thjj5_!9xIPIxMVstKt76p1p_JCh0jsTPK4bbn)nWdBNgb|XrCQ_T{POEx*wO9^
ztStb~cBH*9zxoVq{y<*CtHcBPZpc4clwh-0XUuoQV^40+c7XPw{Zk2An1HQW60Xpe
z-@<K<V`$dLE}b^DUKj{<XT`juDEWQlb!0qsh5+Hhj^YkE>JdANp%sF#Y~gaCSk5^+
zr#l?T%&x?iB2-y!#m<%^nZ4Fo^pi+${<>C-Hd&LC5uR^cb0m3l8otz7#9N`#SlYJ;
zKcDR_?F+xZ-@4`l8NHWjYK2jM4S8}kyVfzsTsFUkrBbc+$B#HLH|~BN3bI7x$T<s<
z`QHUL4-~V~lJ~OlutCM10Xfq^eCSqnOxu6E+t4sogHPfJ!QBif^Q;hl5!CTOt92ii
zB68@BKwnB!)(XZ2q72Nglf+e2)HP|fx?~nlK9MX+a$#t4duk<c&e}~fLmV3?<l?`L
zU-LfgOY6~&p0mZ@$-}dh@k29RerXcv){qUr+*U90`i9vM^z)^&^S7#W$!I<GD|P^p
zQ{3E4)ZfxSXKQY^CS%@)F@v_~M&2}nYIdB(!v0*N3e@!#v(<+fCQ(0~iWG_SV+<C3
z1%)G5qk19mfYM!>gI~wIB{^K*5#8e;-cpYJU~ARJ{+n?ij&E${q}{Q~vBRSuu=)Ue
zw=vo&w;9aA4^dj*;BoEN7BLh6%v^ku8^fzfUxoeWwR-y|3)!fKFl5VJ+r%Dn!g6Or
zEkAc6aaOGoS{F2{=j-jsH*?XYCND6kp>5h!(L3GEthzSLZt8koK&j=}8$CE(^=mkR
z&Sn&0+TqrMYq;g9HC{kEw*1F&K#cd=*wym5O^iXei81KARqOj7!W^_ldwA{P9r~)n
zo1-5%5~XB<c*@jeks@VvqUNOcFJ-N8|Nj=IJad`rWPWN)P2(X=pQ9jyifJ^O=#KoU
z_o6luyN(Ir@B7TcOR>@L7!`OcpEF)06rXwS_^rixN$hwOzap9^&QL;}wG9$55IDKh
zdKg@Th0hOjN#wIoPZ);o^#l>i3&S(LmLJr=BWx7H{Bcpo$d;5jL(3RYo?x$-p@+)J
z#o@JiFcw<ldd2>+&f&nLU*&7}zo-(BbT;{o-jQo3Xt6(&LcbSlD{pZSe@WjK*}YTM
z5$PDC#dO|6VI#-J5E&y5QCi|Nf0{3xEcfi_9p{d02P<hTPaBG|i7SmqXDS1dA%5e#
z7>Kl6m&|Y=PPU6}Z?C-Br?z_Azve9CW%)>+t?bZOLGab{ybej#Vt*$=Z2dLDM4Td3
zkBbu?mLR3uq8+oe*dIs&iYpuV#z5ibyC8S!0{Sp!JZM~uYjQNqm@~orf#-g`x4(+H
zW6`ktvG|+ON1{-7yzZ;o0GVI#JDO9XT2OvOkEO@+xlqhY)o}28E$_^R=S6xOH(iGG
zygekYGV_Xog#T*yKm3P;ixi|BwsX-`;C8=%d|@!YppC1Q(N#o6>kQ4++YfK;zb-O}
z^RQ_w(iYBbKi53%;=2O3Hf#pXTI^#62tM_Vmhe@02KQLGvZ6I&p~LA|x2xUv@V#tQ
ze)Pb7^~LD6<z|;$;ljB9+0WAoK+J)djB5{hc%wY!2oMtgQ1DCVJ9KI$-y)>ayhLxQ
z#)ORPAHwc0NdfDP6tG}2ZD0v`>I$sStm6PiHcolR42id)OTz-IrD<5PH7Qs<m4ekD
z6Bw<7fDQ0Q=^ovg?UAxc@I@Qi@<Nk=#CLYGvU(_OE;~<XO2D{KHbAu5d##$ASyO|&
zZQ)%>PQukMoRWu|{jM)m2Dsri>*ewJbTGUEp9~O`#TdtU^n|rs5GkH`%m(*5b+C)C
zj(BKmWME!sOS-*qf@Qfx*j>W?fSQ8!X?<yOB8P^42beal2nfV(5G{xw9H1F?_=(L4
zaJ#eB`@F*YKB>}DpVSc4>r0d8w0f7y+i${rwF#cErJYQ#u$SuV7QG2p-|%gY@O|!R
zLwVkuEBbFw@9$!$rY#@vsJ8sZN0CurNjj{eL(oe$dg9;_D|_|q?Ud@vVO|?E(|>y|
zfvjQw_f{AKwi-8XMIutA*W*DlRl2W~eqRL}bRTMUgm1wxs~l)NBy&ulg;LZwhmw`q
z8sWc|hkl(ecOYnAj$K__G;=p_)s~n2+V#$~T`ZSWJ9mi3O6rh0lWi=;rPgQY2J8`D
z&i-yrUMlBbUB<Up#@9F7!<_NW`EIIA&IWM8_*CgnzBplg?s<EK4TjZqhEA7$DC0mC
zRLwH!k?PtPn8Erad<8O98<w#o#zoCz9V<O5+z)pHynWeP{R|10FUhl0^xU{{o70?{
z0>=@b>sZ6LjIwR6cN+F&Au*mFNinG+`Q|(<%}etd&ZDK5<QF3bQF6l1C;F-p<R-1o
zgziZ7YBIf&9dYgrU3bKcKK_O=XdNYBmT?o2O*V(BI64qpL@^$j5Wd*($*ms_+2tZ*
zme+rXnFQ4fWkO3G$uYj@(KK;AXl;U&u*NR)8FIP6%D)%3&d^f(M6tWIyILxz2xa9)
zh&+VP|E9IUV$Za=8p7^#^z>DYlvViac=DqxvVFsPvH3eSEOs(F!#${D0pkjLd)L@i
z9O2983Db>Z0DgeSsoiL}5Sf#h44kKk!J^r~<}-*59H3(Bk+Vfw+ZiSeUCyY%iMOnt
zQ=pFxZ_Q(PY>&k_lgSSIta+Vk*u8{tXrg)93=^}3y^(l4J>@Q_PJGrIh|hur!3{Fz
z1(SJg4sVYh@y+nVmDT}#{F*#KSo2O!XSg{0G=o^^s60~LPm4*!`Dkl<!pAogB}U>)
z9f?Y+;7MBJ=}exYopZHC(<C!L9{4LiR*FrCbp`m6c*-s;rt)Op3)f3wvFhS!8&9fL
z3|-kSveVCndTS$Nr^}7!%7{|%I0mnb_Bp*@h=NjPp(Mo{G#-!&W%Pr54s_y!P8j|7
zCBHBUgHLGBx+B$?*ixh$d&q7~RAA`_XQdiEWnKeu1exu|xvIr9TD5xPj7++{;FzN5
zC~ugQ%V`dyD^|uxZDoJ1e(C!K!r{SY^>F~qxeXY>w*C%B-yp@bqR@rf%6{2=XQc9R
zr(UL1oNh6n9@pMEXEX1x6L~(PAW&sV?0L~3Cg#w%TfYtvPnTb<-8iEbfZt_5^|YUE
z;mK#5a%fp`Ub9Ttg`O9y+5euFGswY=E^h{wP^bKp*M~gw20O#QaO>Tu<U%RNSQ>L@
z%&Pc_Jze*xN(Ft_Sb@6{WQ@sc-19I4>y@WHIDl3#Di+WwA2GN^@;M58RkcM?Zyco~
zmh=nOh<1ZJ_|Z6M+GFbJqA-f?-WhFqRbp?>pG6gt9<uXr$*^z+8Y{`aE;-5m@w=SF
zza&Ta%oS>0&8t7V8!7Bbkly<J3e;+HRfm_t_Olq?xd*jbVm(R1nL&;38x7N7m$e)V
zg$saHC6tq+1y)|kMROFoa7P|#weeo{z`{Q6Y*svP?S88VI3!3sUJc4#)Ytr&%SbH(
zWcaPY3NYpcyvI^ai-~)qG;+n>=OJ;fyaLHj0g5)x^_0qTN!fyjIKEF+2-wiBrXUAY
zb|HibkhJ-mWb)z6)yva7`tBU4zQDU^LpxDWpB9)1$Q8V2^s|4jW5fwD6SbqBKA^I<
zHE6Nf{1UCM!i-|&Hb%<+j=7pqVwe33Ws~Cp@V!4)BC^bdJqdkY$%X$-GC49O)}8CJ
zlkf$6cX|?LFA%i>_#~r1Rv@p!g`Y@*jS24Pnsr=TOHPm^8xKhOizErb+xMdry723l
zbGxvG9@<^l-KM(WfuWz8(}Sb)bJ4)9pUQeTojo?QWhzXwwvbJB%phJQ(Tg~luqVm&
z@BVl4?*H%qr!u!E_A&1p(sJ|6W!$;Xn^NOko%%LY@B2`XoF8@3-w99Q<FbzIyf?}&
zEO*ohss3%TIGzv=x{Y9#t+3oj<ldpyXn+#f(b&THX>0_MA(w}HMCLjsYB98&FcDnl
z81BSU7(?a^?{P!!E-doGfBjHx#A)^;iWK?p*pJIo?8im_C-x&FnF|~1fTq#Is!bS~
z%dV`CW{XR{B@VC@W6;7LFtW&R4tEOsG$=Jt6_7zrc&)LAWvrn;@&cmn9;7w=hOr3A
zQQN>S1O~Q&VWr7=QU>=qDG~gDH4D2@AxA2_w{TXUSxdezLks4mSSyKSnWyNp7_oKP
zT>HpIY<Is(xQY9siE~NH@=zK5a9TgcazzH(XnWO_^B`Yzjzj~!n!ZYCH=|o*;P<rH
zx7Fi2a96ge@E<W0d`a$nUWk%f<Z}Dwr*#TyC`>uzFvrgLQ!;YLf(({J;>)oM1oYb~
zV1GpvDe|e1-($(LmIGZ(JHy0q|1C<3g{LhT`_IVHTf=x`Y(ZfWg!vG4inr)RVcsv4
z`xbyLbS9{f!@s|AKm_-&ICaz-ZxGdpS@;_EDF$mD(a$WbPCrEc&h-yFXgdZPD0>=#
zgcP2v4vytIZ&CF`t#LG!R9~(=vZ`p4xB>bJS56A1R#ks5e33gcyV7xO_*_!*XZPmQ
zshOfy&O%%Ct&;tg>IvbS+zUOGj*^P%DPitVVE%BGz=F#W73u(@!#en{&Q6(lQG&>%
zUX*xJR2Cf29IA2ThtH%Y0{neRnrfKEl1RNb@^tS~R+j#%Or}6p_bz6+pfCEH8d6xU
z4xlUg9Z%7Q2%@1}1LRCIf=vFy*O19iOOHP-D~G11WOMXgd#ykDv-++tl)ek6IPO8+
zMBlX*eOFleNt5;r*#nzdA$+aA1Lc8rCf7+Yzmqc>nVtUYWPV~zvUfhy1!7IU6o01l
zE+Ua|kDCK_(-hoHSD_!VLeL{2Cihc3(_R=~jcbga(REJii#=VMx=5O;Re6KWMzJ1z
zOg27(H&<W)JB6yT-ugC}b{tXe{OklGkD6tD;O4jwh<xi>ug$-dnwWq-`PYU&l<$Ix
z;q5-N)){SB0$dZ)MD*BK;Van5`T<$`hQ{Gk<+Mo%U&O`Yx}P8Lk$6mrcZPQ-o|8h{
z=;8#oiDDgVxY90)n^PqZ3PseYV&{UahUN*)5~rdKi$i7BsXk@}kAGD2mCv;`+@9<y
zvXuQGb}NhVzZK$uYmb~HT62fn+2J3bq<)6xWN2}x90d5Qb}*CpRtgu1fM~1`m>9vw
ztO-~O<V@N7YzOeON+9eTlQ}`Lhv+4KR_=WrAq$n?$wHP8nH){791Yv6eKLn_;UdD=
z-Won7J&V?Ta_2y;4O8fdPj|2tyqGQ|>r4?#PN}(}vDX>_Y?MHTgf7axpWYz?NIWfv
zf=@y#lS&T#c4{Ly4}px8Cf&D%GBlKlE2S~c{*xE83>Q?{FNI_au@b|qN7Kjui4tD+
zk5g7&i;aq6=?{S#kR>#fZAl!uvo!*h?|bdb5FghnKBLS2iT(HzCKekmpHcXSzh!O5
zm5*~Vs5HKHcy%7jTx;AW9ntZo`hv1Wh307YzeXB<$0cKAU|-woMP#O9NXm<d=|dJV
z<t>PWJd!Sn6)}eWpdt!l=w)7HW<j+U+bfmXhT<>LV&2N@_^@8#$P7{fv|c2U`*V1|
zlp6h}ml|VJ)X(7vMzNXl6YV!<bZ8O&b{mfn*t;YZn;XoBV>T17%)EJus0_yv536>s
zK76}k`{Ja&bSf0y`orH<f7(c3Q7pOxw(r~0qfb_<bjfI)if&)k-YUY8?TPu8rv;8F
zPt0y6=o`*qWp|LH{Z`c{N^-*3nVbd3?swRV(wYBI8s#s@bfS`U+wJxa{ablwpB{;#
zH2*g6&XjJYMNuro6(wJi!n(x?EVJ^W8;ab^IS#RBLwa%{sX^n%z$j%=n=79DDAigY
zMFEtRZK_eLi9@WeE&hv<bYTegkf0cXM-~els~!>L5%k`~ceLZiIhRLUo{Dyyr_GmR
zR@~M8iQ7=98y4E`Y87}K;aSlQH3{*q9qqVWi(N|2L-rdy!191=O7#c~bA}a@6_gmB
zletkmG|l_)Fl<AjgZ5LEgfE`=;b)TeaZcJf(G8BoTO`c;@Kt#ymsq14N)s(ANjQ(h
zGJX<kfKOTA%2SL;^uis9=EFX8@D?TZkeG{ta=+BL2iD_pDVtJ{Z}eBaA#iz-%&Mw~
z=(s=nb%xe_DLSqlKwS3d#R68PFSB}bb0>Ea8X9B*GV1Z<%xFhd=$dH9wc#N)M|784
zIHK3wMp>n>P3p?$J1wHV@s<N077cz8_E}q&X8;uXp0}|xd{YY1MNQ*pM=?@Uir+Yb
z73*V46JJA|vj8D_f-E>l$H$~YCgiC#4H~(umv~*MIc^%XzKVuG%0+q5Osb-fJ7{TP
z;UzyRQ74>S4rN<faT~SxjK^hN2TT<lK~9HfbzLN#*7JZxAoUw5C1=6Mt=$uV)C&Uh
zdB;VhZkRzRYG73~@3>50Xezh)?-6xF)oQ;3@qX}<AC}}<FJq{Jx02rw++4^=Yo3Uo
zDhh;*poa|2d_g)Td%>L5(m7M8lCQv26v^nul^VZ(s^2lJh{0`#Z^*(Zr^<9O0VdWY
zQUk696MrGUbw-T{xPvRCKRbuW34~_rv21%E>tbl9R$5s4N^u?@xAT}po({gOp7v7{
zPjA^zyX>cB_EWq4^r-zLknx#?--g8#c2%)QJRg_{Vbs;#3a0c?GUbIU6K?_q<}@N@
zRBm~ZexLGMV5r>IUV2Og3&;>%(In-yhu)Ur(G`*gf}l8Ie1%QIuh>f&Dla+VhH!-m
z=Mz=flVV05wcBnc18vKlYW80|Cv{r0X^P`cPH$9m;njgbst=()yoENXP8yF$v)2CW
z)KSjjWId<P-%E~4^=-~zdeSZ16DC9TBo4ycEuJQtt#cyR=An9)Z8_C9xVO&myZz%y
zO<C@=>~eD2{`Ma;LrSfH=uEjP8(|0x?m|fEKsqCy0e=3mfP}HyE5%n=BZmzQH>aO5
zDv^U1?oG~qG~cT&{|uX&8Lwhk+Sy}jb3OJnGkT?JvmJ&Er9OGvbLwAG=_#9<Pppf1
zmHb7fLw)n+%s8Plg(r1J&So0MWIH3LI3DB2TX87eV=k@_zV0#mRWa)6+KCk(u~?#C
z_niIQiG2|JjwD>LjY8s0&)$+@wM#)@jHZ#sA%>}PRusc%nQC)|PtE%aV`LKlb-06t
zH~4tHoNx~A<jY!9jY@e7%O=U4uGPu%Bse8zOu5CDQH=Z>CI15Qiy~&twerpR?q}9j
zsieQ#Nfef~VO30LhRFFFk|*PA=5uru|4;pIJ)yoeCp@Ryd7AWG`Jf9wH%875^sf(f
zbA&a~UC0iC2jg&g65>6qbS=-RtGFsXR3j%?#H}<Zzm=B15Z^cxc9wGkg(ai-+3|2-
zby!X-PcwZ4Bw(q3(8Qvto9%;>jOGG)vrB)3zXZ|!cuUj2XpQ-pR~}VhfL@Au=W3!j
zbe2RGmCsaJuo74t&^-I~7eolqO1o>lVj{U=WV!(HtVwb=XIu>8nW_RegRNen3fxL~
zObS$ap^&nDq;&!1{I>3)@9cbR%vvuDp=y*NRDCP2>=R;-fP*79bA^ZIQuY@HRS7&|
zl9mF(_s69`!oG6ID(19aE!;s9+olq4I=C2ZJ;AQm1=tuU<TLFU0h(uhK=X3)a5FEr
zht51ypbRNzm0GK%1`z9IzA@gwX49L8e-<2&c)2ZdcPWk?Fsbz6L(NdC4Ft6~0$Up!
zpol=Ci3SY$;Yy`szME4RXxQdkQgnPESzwK@Cr_Zs1kkX24g7dnga<kGWWWm2%HG7_
zL{C%+wVzv47^ZAB1EfOk3dj!k7;a$^`RpB3Gf(4{&G4x`RBJ4fyrOsx#(h=6Hi|De
zha@4+zyF8bRXPxUlr<%7TCc=m(purSQwf4`<DZode?*_f{v6|b>G7{551rFib~k<R
zMLWi8^G`uF@^W_>l6gj`hqPM)-?*uBce?UtU!d|&$ffmV7OT8Vt2x*a^^G{$LH5-e
z4^v!QhRwKf#%cd8hZqY76D(jisiMD_dQPOHU-(RI+3<Wa9C%zZ+)svBoD2bT*zuRC
zJI`13dH>B^BU0ysZv3_F`m#`4^f+1ku6C{QVfmrIi*Nf{vybjEOKx^YTiUf{f!@R;
zS>^DXx6pdw!>aNH9HFd;bX=yzM#$oo;$u})PV_tRd|#Cu{~S-1?LfEw8rfa~j-83C
z_>~@a_mxUH5&I0rKJge8q+eVo0NF-rIwAN932h`8kIQs0^N4ld;u%{_TkboJ2Xv#z
zbVb>6J~JG*{*F=w6-aCec$Bz?R$wEb>8@1Wk_X)hC)fw9ZlBuPl2Yl5Xbe)bf6w1&
z{w~VD%%o&y$tOnq_+j>$!(f8EZHHp_(zpDulf(b3Wv{;|;u;dJ5I;s}B0yIWF2ij#
z%P7^M>^Txw&=8kD<?eMQKT$PdKL2{Kipxrqn`^XXT+>$gr|*z1T8Eyuhw=~`PU1&7
zki7gk5=2I};e#;DZ!LBnpDDpO_AI|`xWQ25EgY_NY+6jb8`%u^;j5Jja^8ozKI*s?
zdi%0;j<?Ann-ogQ3GWNG;Qq=`)Q>YVR{FaF!~c5M*3WH$<rLjoV=E1__O#eqek3MK
zuX6>r=WvrDt9N>#f;rH{;^F=4yDZ-uc-Lk5`XzJM<vT%=QuDQgm6;IhE(Q<v43869
z%DT!<`BLkr(B|Y!8zT7B6Nu<7k#!Z3jyr5i@cxIY?+}B#bfv%kyC9wy^p>^GWG08(
zfLl300N0w9QUKX^UJyBDc)4JFs<?3W7e6J30})UN5O`t9?21HJ)n*eCAtA99Fa?Rx
zV4K~!MP#RQ)nn$?RJ*mt4*FVM%fT;Oz1{wG+4e=Cqy1-|&%i?3efF<Z=%z2#*K3WU
zdaM4a7W*0;vdbU8D%1az-?@9bmj8*A7ok)r>vJy(nN;-MV>}_N(cAcurk_T&N*g8m
zW2I9S6bwL)-Abp5QadlYLTEf}<;Oh0I?GeQ99+5-&1#OXE_MGV+M42`X%0E=Te1~>
zBAZVQqm>52@5zPCVr_YW(y+cM8dkR6IGvyaL`h>s+T%Nq@$s}Iy(`(fQOd`ij|*QJ
zCwJ2^8MDiLa%Be9?|oN|Y>7`FU*RU;0CE%krYi#4JGW<MnAu!ndH#~#6A}qnAXI~D
zX~=e+-V+a6lXl3s)t)H2**}1&ImG6Ch)oI`QkzQbDXK~g&aBiRol7BH$|K{7=ekVz
z$|d9<BV6eTv<Fje3?v<)vxNLS&e-E}E~7y>z2V}-YBh%qakALwz64v@CFh2xj<MJ1
zW|cwcC2Q0*s>>P``qE{MJ|UUAu2C`XN-w8tp9ToVWPDS71#S2-AWcSbSSlNc!*_VI
z&+(2&UmuapLzHlSE@Rqsb|Qo(m)5RJUM94*Ph`-Lu-bjZz%ET|<?sR{AW@`4Vh_>0
zkk~-gF}ZC@FqD>5Z#;M!Fj2ryhK|aVXyoLwoLZo=BriDvKsn+C#S4G-OW9x90z-Go
z0-aheoA2q`vKxCB_>8NkskgsmgB;d>Gd4?XvU98PO5Yi}hON~s`?*<mJ-3qKoqQ;F
z<NRa5X%tqcD-Cb(ABK*;BO`C@CWvO!w3V}H-718F*rX%sZA0vY_sH#Ll;gByd3w@O
z1*2h{%t6wg#N*JEH01ZAGU2Q#*)L^?ht_*BUfDUGgtaw=`^89eeXB!=iC^=i7*S9X
z*fk~3Q2c|~dp&=JtdX78VyK;1?)=C8tY=XW|I)_eitX&mV@^s{I*xC-QqJWNx{;$5
zSG~<L;hJ|<YhF*X1gbjlSB7|oHew885L(rZo+TuBo8oo}N|xf>@g0;dbj&U^zBF+T
z`I6sD-kjuexag#pSX;hBKLg2%<ax<HNw=gj+Le;{U8TR?YyDjwE>RDi)}Q3zTqL<O
zlV!=%lBLO0lO@R>Vu_D)fPCfH8H8_2o{sz>jAn@ZQsZq<TUn1+h?4^2&dM$h!FQy+
zNWSep)ZGzk#X(4^b*;4YiVrQ5j1ABiTFFan{rMA@Nu{mUZ{I?6<og$V)7~T42AUvo
z`o9fZNR$5n7&Dyzbo!H$o|Er?^SdOczW+`6|7n@iY0pZv`Op8C+m^mQ32c`Gw-e=E
z+h5lzaFbb9BIv|Kgy~7!2mG)7>rYa1toX12QoC{WzkV*t{4;KqFEA=Zh7`Jv<fklF
z6a2__P@Qk9{&8mTkN#K-weTJ~^yx3C;otbz&-e?LeA1H2*WH?8$qqfKG>AJ>@myN9
zH8k08jP5IOty(_mjzjG&e&b4UA&L`-4+?#bgF$n6KYzjKetvzOza`N<x|<if3r7@`
zY)H%Z;=Z#IxuZftMN}OoY?fl=EWa@o6Mx*Z=m(SARW+?Z02s)%S-hl7{Z3jQ9%PkW
z3KUZPLh$AAX%ZIH(!W&h{25y*gTrXWPn0%Cs3=+3T*DU!RegoO7?|eQj6v2K0g=>$
z&xp^&QzVA>{!2%fVjU}YpIQ<HzQdbPs-Z?5UM`M&WX@%E_QXA!d(y;2lnU&h;-64l
zFbEmA9q`EvCE7bgm~W(Y+kcXNz`S<|c4Yno`oWf?-Be^fXKQp%yy}2&i{;ybnPWWE
zv*m+sKJArwar?y8%}@hz6coAwqv+6?vCZLu>NW>1!-~n%5^bx&D{0CxVNXdpB|=*&
zO%wrku2bSFEsHE^d~Mm|G`dH36&3H-yX)hexjw{fdkJ)jDuc%nM+(%t*DRRfTrjQ>
zXAkxI=x!(FC#0py?r4w33#f7iRpyRA_r3EQ-b>*l(YC_WtK1GN{Z8tAH@&;<k3FLC
zBj-Me!hfS1+V$Pt5zXb~Fe93`SWaUU&P=Y}@56K0DP0~}Vfw1%?Pxehbt4!Ke90-(
zuaZ-_GxGg>X`W5oR&c^y3@dbRN>G%0`_#0Knkd>oZaq5^w~luhH#vF7i;b#@%;P3I
zpWZ^wnB*MDE3&<5rzbVLRH{0C71?f;Y-lvEUYTiQBuVMpG!s`h^#e18@P7mUzu^B5
z{IB5ub^br%U-V(w5E=ad1)8Vf<K??`_-*p#Yn>mFZ~j{6FR*{)wIZ|<(UM@1N?SF&
zXzg&+#=VB$)jE8pywQ5i7d;qd7t14mq==lFiwtS}Qg+sal2G|%-E^Cn7;|yH<W>0f
z|8@Utf1y5O`C@u#on0Yp#Xm%yCnUEgkC9pBd3cmHX7#oAWVtcpOGS)pjYh~RfA+f>
z>fNj<IINkHO}*Vt9Z#x)z2q%cPBe$}MtNBjx^BK4p^PQ>m3`){Db`B)5nav2tew_#
z{1$TZo7W*H8JmBZ--(H9m}#3ncGZ7!pF-KB9goZ@$P1m0K?*g9M^%*Bd5K^1;UUNb
z>>|JNyj<E_z-_-g?hpS>5`@!w>7tZK;%(;kXIzs0Op*^)o#%F69adrxm^0n3H>US;
zw>m|r&C`ph5@cZMi2g;jh@mww<1R_7w@vcc(DF-NxE&z1Ih%SFsY1}ZTmx8bEgnWO
zx&M1&Ed^4Gh%Woim#*!!W^$ygbm^Ve-by=ZGD#=thlxL@@Vh%GSSsziZYs4SP!h{a
z+%na@i^C*TA^^j@JDxnVNffRAI-Ehs7T{W~nPNb|o-qYSC>28wIV+070lKopng(Nj
z$h!n068uYu7@OQj#h0#mb(yyaNuITRKS#sbvaxZw?#>~LIE5M8mb@uDwTd5CbzS^#
z>WX_(bzPHF7nb>{y2L-0eS5w|5NG!VFqd7TLwbPcrcY3msrN0sKZN!|-L7x9o&jJo
z0CcKgmrRoNTapq-6;9^fS6!`+IHYK}OiF~WlNdMQ|B{(dGa~MQC#9+jeVF_fQzQ98
zTa#t{Q~`0ea2AzHmHVE}))nMeZ(dB|jm*yUjEb6b25+S5UohDx*z-j{^`UclG&QGO
zR87xo^x8bF5u;`bZV4Du%ah-A>(#_WEznEuj}|z@mAt)vmUP3xh)gLS-gs?aT2<jq
zv_{b;1?%K)BYq@iPQm>R6N-@$f^-Z){*ZUE%=YiqY@?C_tIey=#n~gLYs~l0y=uOj
zWxk0fjH(HL8ObwGoNqNBF9L#gs~-bA<ZZSmq|G{4&Cg={ajA7GkJ4|sB}g1siHbKw
zP1Fr+`CO9_a~{{o3he>0LkJjnd#D?*z!>B@u0`|YRmpQ&>@ahgDCQ}{pNy>YeCCAz
z&>Gb|<J41`ZvBglu39SlNM>IQ+v=+CH?DFWo>uH~zNj_6L9#yJeqY_`y7OlMG$BqM
zS--wq0Z-<)nb0Q!D4cU)lYJ=95gsaY*^16r*0nWIjhR92QqwM3LvQnDsdb*LZM#h9
z^<)V+k$ze!KYYf_QtN1ijT$ql?mwc3B`NCkF)QppqKAK_1*M|N(!*b=Ml<xV<UgZ_
zwW7s2iITabu9N8Dg`|E1J#2FS8+!P;KvU@9@jf;@?mADtIa}<s{weQ(_*jy@fgYCI
zm+!h#MRa*XYl`HoCf<K@@|-Nn);F0qIOZLb12oNC!Y8~eQGFW=)$hTQo{or%W>szz
z;rMY!Zh1US;V*zl#>AH$@9++6Ec~lfqi+p;oa`p_OW(krgGNr@#u^&M)zLJ~JR?Kr
zPRmx<lta%BoNLoFt#KR}4piH%cNuiTFY7_=E;&x&5W2ulDA=irc3mJKx{?Z1u|HBw
z(V|3_7VS{9NLPTx|36tzzMnP5V|>4qo7F@q<)DWBWRzL`1jA!8JFVL&%4wkdl)3QN
zO~=1~97VBgreDZrnu;q<pmBA5(!)YG%S<V+7WiJN$n3KKHzrvC1nS<TV^fA1)f+wf
zvHB)`o4%uEpEIQC2aP`e)ZZnlT=ZzSkQLp%-yPknxr;Xr)2lbq=(nZO^Yw%Nx(SbP
zwSV=rLf3#tL#1Bb^9VPnuX3Z(l1jN3**$#8P-DVIC;FXo{HuK~fxnRfrQUE~D3QJ)
zoWR@AMyK=?na=62<D{_9f}o3Fmu}<A#CRrPs7?)T*L%}<5aj#?8eBz#eVRfWY48Pr
z(WdtyDtFwGTuJ;d0JEJgo+Vu@BbYOwQDDdeG|FS0N8i>3G!F`;H%k`yjhm*pU-Z!r
zce8LdC{B{+Gwvhq=tc(vKgfRGO8+)UW}j;#Q7I`IsQWHMJqXhI038iqC=H(nWTd0p
zZOCX|okzXD8-_q~3t&R`D)2l-KoJU#s=M)^(<nKpZ-{=_U4k0KWbXA1ElH=x^|=<4
z4n<}kgvE|MX#Xti)ME4aiJCAiFBt<4>Yr2It^IM^w1D&{`Du2x>zhW@1r9>5*M(wk
z*Xz?G{<@G!A9p~OOYq5ZH;|^ECIJ0hFIk%IYho<v)VOu(nTdT6>THEg%%4%RUVoD~
z%w#w)^)o*AYxloRuAxTBX7xf2>0;v6mCPP-^}Jl(MrLo8p*)rPEo1o|zY``OqOiL4
z93f(#DSZi%ZYJ8IvyW7(wOUpOhNGWZ168iW*0Qr?LDeXE&u4V^x%T7f4A3mRsgqmh
zM|;SPbCJX`lyV)`8inoT$MjRc#P#`vN71~S^i8Ui$SE}o=XB~vBOmOHta{bG6nomp
z(X*%a;+A1`5AElxY9gJJw1?wG?KKOp(GS|WBtw~bQ@b=JIgU?qlf_-s?&%jduP<$k
zqe)HPrn&$t|6knYdy#W0>4P?ZCeTer_4dl0&R46?p4u;RbW-Tj$SUe8o_=9;U5{kn
zh28X3*>-wVPYQK&wpSO=(4y-~lRcvA&Q2D-s8OBiEI!;G-BnRcK(KG#&+s2Am!&z<
zE<q_x5v}nIP}pz$w~zG~G**t`3y-PO&h+S)>Nnt5K=dW*W#Ut^`^}X#l7q|sRnWj4
zzLw(!K64Z&nc|0euoinqMx_)GjOts#s#XY=55H&lKFjyJHsVOMBNJv>V+r9%^oS^p
z`^({1>Q21h)vC?^IThiW>}$UAtU9I_RW;YxC48xHL*gy>qtRydSA?Sf0_V72ID_V8
z9BRCVe6d};6tM}Qr$vRn+Im@)-Wt@Ol)eY`XVh4AHP#@y6D~y%u%?U8&t2uv@-9iM
zt%rJxKfh~pZ!Bc_NfrMoU@TYA8MItl!0c=>QcQNWus^{k76k`AUn%dk#`}2fuj>}9
zn<G5boXIHN&HI$9r$axgR6U#h#(=k?d*f9duQE+}zAbz4cK7DgLD2SMu6GRJ#+@kF
zx=A+QmVLf0dzAITd@}2+q94Rj?z~yN$yc`y|IrUtxb;9IaSZ1U!ApW$^LOeUEgk5S
zaE_rG;VO04cC`B+kVfs6+#GXLwnj8j>F%wk<m+_r@J_c`GDMuLWcwhPU@N6^dQhte
zUa3f4mEj-l3~P&#47cLM_^}F+7=K0Y-MZ(o3jCdUT*tJ=wa^5`9cYVQ=BMc!0>|lZ
z)7L8)9i$UqM0dxl+JH*B{qPeRE!Y6jg7roV_FM52tmMzM8Y~IP51?p=AfB4hgC*o#
zPtt8(_70xZyEp?%+{n|5{44$152WUiaL=(mq==(&YTq1kk$ru1T}?vHZ8DjsO6D6S
z^WBUglX+-5^SD$hz1bYnBz4}ph%_n2T$0`9(?zbgU#k8{C>nWrQmLXYrH%^wsH#+@
zk~{{D=PLzU{YGPDU-{M>EBo;s)NS+>R$Rpw%OY^rUsl@xO1TQNhAu>E2pG>w1z4*D
zT>C<(MfW$k%0s2D@y-xee2L<Nr__B!Tq9atkx}DJoGJ5c%&(w~>BGbIBKZ|GmJgIK
z*O${ERue%4uTz$FP*;^Fb^{WB73RgC30bjiFJuWod)}5;8QSBo;=aQ{U&~Qw&v9ta
zo6sKIoXXts2kluO)N1#0vj*ivd*}*GGuog*@gOcoROq3!*Kli3nIb+=9Vm}T4h=T-
z;SLOxr_WcQ>Q_#`+2<=EmKa0NIR_-hv@M{2LM&-(@ENj^i7yR|(s1zoXB*hR6Hxi}
zMKW07;*d}dTR)&F)kas+<Db{6;0y0pd^$vE?bVQ#Z{Qy>MQc}@h_6}|RDp+>ZRQA#
zDdu}o3vbM6L-4od|6JeSas(>S<~Pb-kM4=<+eEMYiEqmXf{53(?CKWKUirjb{93T?
z%UUD!yjr4PfIx27j@i%p>W&2*Vh~#Ou3H=ZzL*H<Ypt=214bv=<X$1b=9oS-Ks4-l
z$G}60@+k`4?LozsJNiaV@=uZ`PRK&1sI+-+MCf4BR0hXNyqrrlsaJ7cC4R!Q8_X4y
zL0i(UW7sM|H`1KKH|~G)KAow6{*}lpRk7QU;xOr(!WUJdlJqX&|55%I_>_8y#0Ykt
zGbNw8PmX5`&^tC;#xxffiVr;lqmFZCOwyz>_;D0n>XW&i98cn<qSF#vNim4y&@V3G
z2k;C^Y=96YC0@;xTEn?7x~n@*6S!nSi(=EzK3rRN=RRkxwrs+_Lh9h~9dnK=j-XpS
zcKcMXJMz^}XAG&;mV5SfBc6x2YKF1=>h|W_DeuvS?TQ}zY4cBINVQvGn&*~rVR%<`
z^{z}!A9Fk=?Jg<OVmC7wAP8>zrwla$iJ}yD4%2oWullz{J4&_t2k|rU9X_(uK=`d%
z!?VwM$lHeB2+^Mxgf60uoC}7tX-Hu37F}0)|1PFdZHK(=9QKRrgy^n*m_G6YW2v)=
zr-2*E_0}*-={x2fQ`So+zQgj&TOIR`V+Nn6EfO`Pe%P(=cSm;ZbVuT^ruecJ;ktzB
ziX1t6>S;x71b4lm2_&?u35E5oDF!PUIW{S@2S@eQ#nX41Be|YNfd>-vsJF=+(H`l5
zg=>Kc(;i-3v|-@t@b#Fy>6=p3d`Evb^5M?N>Q^Jj&YH0aOZyL!1F|4#s#y-fr=sLF
z_WFEThM-cU743f6Cz5BIBRYxmrV_+geQtT-EgR)#R86F{9Zs`Yn}3j}#D{zcAPqnR
zs5pI(&`e$yO1*NSG<O`}$$^m19@Q!vL@m<vG!G#cH7@9Kq()IYWRl*2JFG~{tC5bg
zr+y@SZfJ)&nzF^y-${;_`Ci)jk_<1=$cH=^ZQ=kfN5XGh7rF{3y86)+xQ6IE)8IOL
z>Idey41+8z^y;E512=@)&2gRjF&i3}3wSQgfyb-TH`Qc1OOGx9s|H#}01fOgH~mF8
z5g>KrBsQ^|2ZE46+$HG-4rUY6u|;e3M(De^NK7r-TnBAU?s>-*SG;I5dEDl7IHf~y
zN{7-k(q}yUhOBhxB<|&M38fc8$qxH&F+N#V8_&lg<dTNhgZcWqo~nbh|L8~9HeV?b
zWrtfEwIf9<t29L`-GpkL*Yq-@Q{?g*A(v-CF8_|r`CZf{#8KFmtz0frhUh}JB(X#i
z=WU2kYqF8didu<AE<{!KyEyL>;wZ)NM%b+?iJ*itC^=JL*IQzJeu`3DEJ&v`S-T}=
z-Ws8nIV3gLh(YPoR3+hF)Fx%aXNwl(vJ#3)t&iu_x`&h|%a9bZ6q6<A{4E>*Zr-P&
zOO4DeKrl>TAc%v$wZjV>oZYs@ET)r}d2Cq=cJdB)jgQN-NP!+IR=1{O`^lw0E*K%{
zm#GHT4HNxwQA^u&zeWJlsw}$g8pRPf-n^veX33)vc$Gs>nRlzZw5`gfJKf+GvZ@BX
z5q;u<fH~lO`wh{))bPDcIGJyamC{hU$l`R7SUIWs;}v|0ntg#P5bLWF<#;Z&H}OmM
zCcdNwpQ+r!`^-nAPM>Ms##g{pPzji(^jDDW@*)6IXJ<7gHU;V?KZ-@keZ|N`_?|@K
z#9^&i&=ql?bHNil6O94SU)wpXJZ2s5DT8`V-uFfe6*|q|@=<~CS^5rqeOj~V=m@iq
z90lbC97&&1_`7?>%m8_eE63@4%9zi3;&Q5vu0BHWhR{8n4}HlZ5K}k1^UB@_Yjc^>
z<muVfuH>UNM?%$L@jwa?IK09=XhumW!DmtEL!X(N7-uDe1r{^auoHeA+3tWf1ra#8
zGEnz~Br7P=wUkc{v8x%XRBJ21=~3nY(XD_xhpnR2s2K;|Cl}lFA{lVt4NsZNf6+sb
zc48Y9CJV*V>R(upE~Z{}2o|iHVF#SsO?A);ZNXjCpJ5%JqVNc_1W$n!5sOFy3!vPP
zjx>rH8FrCPA`<${iHif~6E@l%$wH*bSJmok`K-WSHw-p&b_{lT`jPC|efqW(4g~ex
z*3#1ex)EFw^&dfbKkO?xFfhvQ_gxxXtc(&k$7?v7EOiQ%ZKuxOCj6p@@G3$7Fm(zT
zcVqRpwkSDYesQV14S8F=!KZNY^!{<|^2LHqE*F6RgisGuC4DW)e78QS9}tq;%>(4a
z6R0Bi^l^X7z5<{!=Pp%wCdtj+e8{Km<xLyif|j_qy<bYaS<j*YFmn=~6}B9Q)a^>6
z^&%TV9zIt?gcCX-Cm2YyW*)w4qI<MrT#b@#TQcr8hL=DS&+fm@J!p85_DBm(!<@Ls
zC~+GeQ-0tye+D{MChBi;!q_Z`DTmj-^X00pV4Zac%W=#$reMA?g<c9(>}73KiNkTh
zH+eA*MNxFln2F>p0o|BTIn()Gu^g~WDxG)CLCp<!3!%D0+AyonvHoD!Ii5PlqkN>w
zQ>@u`mE)y4;CGu;=fLfM>q=SjRxj%F8pHc}q2&)LIULo8-xxREkD9=PJBK}3x^xsw
z>%mprpkz$m>D61@(cNEh5h1M)^wsrguGgz?@zqUeb|S#n>m~dSG#8nZ^6T|JBjk69
zIjKPX7Tu<+BfLSxk#c)JFocluBhY&?Cu=*y`}}or-{8DFXWonwcw{FYDcy(nt4nMs
z>=~X+b<W=ME1Wrz5|<&%ZqsJPND*?|Am4_%aw2|4e6r60{(x)0iaMUWRQL-t`<U4v
zOPb>?j%+NchIlJ8_gmLdT*d2Al+ZRrwyIQXD}<OrJmm{WB3_AQ+$r|Ea{HZpW#1j>
zrg|yv6h!}*DzV*8jgT72roN_9l}~x87`bhQkIJmS+39(9{qmJ9^E3OM>`wGczOwJa
z@^0Q5+4*wzTI++0!GZVrNM2;UBVXrP8|AAvCpB>^zmU<FSSuu@&|1cq3aRQdR-D{E
zE@W6ciEVr&=b|@F{5MU>_a9Q<zp=mRSsE$`u!-*Emt0Q!I}HSRB|(CCMQb%OT5%2_
z>}LWKeo2=sqJc{G;vspyM514t94H?b^U)PQW-ySh_%T_fC=+q(W`4^hT3Qh$p(l+a
zT=jAt3HL}|tng#!H{r*50-;@WQ3}h=dcLe;yY6qqkAFF(Co8@YKQ^g%4JY8o%XVrm
zesDaQ0ZMo{zfYcy@C_uNj0xfKvK#HoN4&4Idy;}}=*2XKjkMEGt}^sD>k9kb$@PYo
zSf}$&D*qXkXZMzq^#}OVoJkmoxcHC9MK0QeX7OpGOZdmDe#~BPupUJLG7MEzoW;zM
z!E$g1pOh5{5KqfbVio&wSwdu`x?o<bvyHSo^nz~jNK<!>e&c@Vb{JPDC9Zd-5AxL=
z^&1m89PaZnfvgH$Wm`iRs?sGZ{dE)b^s=p-7rJ%AAJ+|7sR!(`=;@7#oR{BFV$3RX
z9iLw9t2>;k<sYh+>aC&kf?P#&bA+L)sorYNqM8PDtpk=yHBvzmTdEsMd@Df<`5WSU
zRehth#w?{$x-CL+z;H?Mo`8N|k;k|a#q_k^Uj4h6?BNddKCEMopnqi(U!1&;=xFL_
zy@N|Wt9+Y|0wHzQgbnq(K34}Jb$0kT#+e_5cV$aZysKp}Bf@fe^nS8i`*iMD5iU;0
z2wNWkW5Gduc(L?0MEs3TYlLK%d<Gd@+^OkJW!kuP0bTJt+_Q^xwb<yII|0LI%tTFv
z%M+SNUgFlT5yORmKBI`iHW|(qX)j>dwHbFuq-o5|bj*!C=pXBF3r{D<E(u-hcFnG=
zn0}S5QLQWanR`%4B{NvPAoL(!vny@&CO0AUlIO6|^w*VCVnE@JIxDequbl!K(OP@j
z<n96CMANt7a33OySBY}53cVhueq%8tn9l47YG6q4OE4%;nG%$BXpIxq3vZD=pvhm?
z0M2x<Rmo)ImZ3=xwJ_Q6UH0e_!e8gEfIPk7F&UqD77CJUY?BdK@6>~@W0-+9Ft~tV
zDd?;G<$<~*(x(cy%Uv;@80^;<ji@Vo$vvpov{PKpO~l!Q+{u0=A=ZprIWl=KSoNuj
z$@EfAOeQpH>*VB=Ix5^oFF!#ehU#VDdM~0f5~IegJ4VzwS9<h2TbwFpG3To1YQ1`5
z2Byr7V5!ShT(`Sba~`NIVJ=S$CUGeoD6SKgacd^pjKq>bPT`VXN)MV7?uj#)gR%vK
z-voC00L2uXu;TMoV5dEuoT7tdfFjpdx}qNv(`~?=9H#C^8#*0SZqs_f?zVdN+Z{HY
za&xg<1#ue#GbH$xodEpd_8MW~&R;e^TmsZu#C5ZX<Hk}_QQLSP$@^OM-e*p;#5|1%
zZfy$AT_U)lat@!Btj$)g`iJb|cfB9#>oaeq-Z^RhVa|T*_;EF=<omfL=wGlI6>dlq
z4rRNY#l``5k>CN-)9kDB$n;zjAnMg9v+TIoArme3c+n{1$Hz+<>a?>A?_+qsjIPF6
z(AjDuP4i<&2FLBgGe12Oy|g)u`Ad<WA+WsK{CeONtm33!qVVPWH+_x15Z$$vJys*;
z8FTgt9VIZA>~B7s|6!vLfl+IG4RHEhZ)@|>J&QCVdPNlbYpk;w5^+FM(+LYtPiuAO
z^9X%PZJj+ddw`q>R;iq+jTgKi_(8ms$$omIdE@geE_LrOpnscRc25Y-ffgLf8D1=4
zY_%T#I)gu~vIQ7PLweapTrHv7WQ`e)><ZIjzd=Wnc!3W!e;o2<d#EkCh0&?wnKV45
zm7JJ+;)*2ZhP_IR<U{O1(u-da0z4k!Z=c|as9<+!_kVp9&cL`LShdd%pvGi)WHoh}
zjjcdVgdDhbX2ZAX7-oC~OxxOJHlXhBirhR~96HZmOp!E+ceC$4@s$I?`#7K!P6u<K
zT7AHuS#WdCfT-iVL_Fa2wt=KFn9kn;;6DqX0{RdiL6jt5J7bg4;Ob7g4SH5ntx6fU
zE-{!iE&-(~p8MzIOYGTm@3i-9iQjuZ>hatNW!C-Y!e738R6+zFw*JAlbu0Dlrylv|
zqEhA`d-TrJd6sXn7d5&M>ZUyw7aQsm?$2XS7t{&);a$wUV*ZW;Ja{Iff!InAELr_S
z0{Yydz@WLM>>_d8!D@|2$ei({wp8BfN70-=idw*4zg)EQxq1^&iEPFQ_O4azUE_*S
z+S&MlvwO7}&n>DoN?H&Lm1m$pU5l*Zfo@lTU8=v@jUd?fy9bq3P9vN{;E}x0pTwn%
z#E%sk9QD_gRdPIv@rvwGt^=WqFb0tmw@@FqYgEPbGli^=sFUb}=ZUq%yIP|{cQ%#)
zigRgP>CKhfdF_wwT2wgV;l_>3A%+J5<0qxWKG5zTDXZ1^mcMFeQ2&Yz;u~@9O$O_)
zdjCJ90N$lAZ3KUO1_%=g>}j>|o2Vka@U2Rw*XF!Sjj$Y{a|<!pOc1cAhwEie!e-1l
z7c5YEo}-p2IKgYlMsAtDk*4z*F!D(oBfp!*NH8987~{q;+QtSJoGAC6<YMXx#S^#l
z&YmxfezeA$WPx752TIsf2ed`A08H|iud;U${e(JFP5aC-PM9OTyUaTO!W7}%i{mF@
zh+H`tQ<xH4!8?Tn?r3!-Z0S_y0lI@G!(GmiT(WPL;B#MJ*&CHqvU8aVLmdfmTh}P=
zl*Ke)r^i4!5^VFhuCJKBIas$|Y!7_KC{Uq9A9U)pSG}&Xw(yJox<DJWP<XX#sLJm%
z`n>5g0&jx58$!PY6~n}Ao>T6t+LmacnQRY&VAXKF+K|J=K;1RN^s>WfojEGvzN~)D
z$hrZBN1uII%rKlj*EZs&2>R4r<#vU@>kEiZ!-;cU^>X*1>dI-Slez-`{n^^ZKRm4>
zIj!`%ZmO6LD>J=lR9&BkyvB82j6CKIbCvDXVlxEvkE!(}{i)Ua82-9zJoE)m^{H;?
z6Qma{UulivT1u)spsGwtl_Tl~Jmfac!;a`xkE`r(_(gI3*~OUCx}Hmy)~RRZj$Qbr
z6YbBTA8)Wv`7!*n!@A)HT;>JF$`yp;4i37nRFRGH?isQX)Egih-1-YQ!vV7xCNEBg
zQu<|ot5+4bPmu3{_6Or5;B#@}cLWZr2qPsihs~e2n;mBexW2?Ecx23l*)8c|1U5R+
zFd1Wx=>LrFEh^rK*;?^YeasQGV=SS`i{Vwd1{4I#*1?GzZs=3XS9sqnN><qT?k02y
z^hvr1sg4gdoNPgp7sGQZ1A_p{6j;ImZkLDoyu2%&Ds(x27JA&KQp__{YQ9h@EM{#Q
zwI8Dy#kKkszg!9Xy2LfKVmeV0?O_PT8`OJRPsO4BoRua1DTokgjOU=wxjM~#SBpfF
z=Dx+%7qR3aR$os$<3#8s-UFB@L*qf?)L<18rC8jqyXLnP5AzNjeXwdH)55NqGX80W
zi8+$lHaUP7Cg!LJIq={3U}DKhnD+UPNLl?&sMpsrcUJwEa)pKPWd}yIIzN;o7StR}
z!FLAqH(Al-wYHK+GML0LG%q9C<!g{!j+*uJg8DtM<HMjE>ulQBhENj^vGr~Y!kirb
zLJA(?m5e-~TmDPC;XD=wRD_QLxmmQk2+bk3g;*jSK`n_q`jyPTz+tE{do?>w1H9ox
zc#56c{XJP7;uJMlwKpjG&u`@Lo>Cn8hyM{zVFM@1sF76^dl9B|n!T|6^dF_Y(EuAa
z`vtjwJLgoTx!%K0YPIl|n`n;<(1@ut(hR%+nUYHuTvmNM8=H+Qz2W8*cra>I)D;7&
z)z;R}6&J{>L^Y{szthdk{dMw*{@ZhAL|gPjq3ieYk)=R3vM>Y2t-$Af;<2;Ng2uOl
zRUZfSeSoK+3j=H;&+m~y0#zySU{g<cuoHMLL7o)PWy2>XL|%BW@stHP@5_j-%T(_P
z;P=+ZR_9?!63pqPxGv!HiS>Ij@D|seJ4c(B9ZsW7P`@sVHo!*Ea}~#JD7FMBs}H7u
zA~=&+!kaWddct_WVF|65Ui{wxK+MMehX9Z%Rsa}B*$e<KRXzPb0AMj0{v!a$f>DEC
zdmwl4Le!wAaiOP)Jurzdp*gVD7BvY@JjTa~FJ{W7GhetWfT*OVGG8l`NAH!*A<@e}
z;6YsXRc#<_xdc!3o5Qp0xs59#3FC`U9N!8uwS0}GPgiLPTv?lumSiT^NE@iR6ra?W
z@=%(8NyFAx`(<ovWx{2nU?5_0fHrvh99Rb!BzC2DF)_D(01)Kxg^ch<`$n35j!Umu
zT5LgAD#rH~xRs$|Sq6AR=MerOs2`R{#t+a2Arm1E0(WClkx_d@DDjc#x^DVNB8(7o
z${>WX@m~m=CG$idA%`5hiX3gxcsIRP?LCPoyg1xbP7hPUk(lt>Ow<)LL=!&K2Lr|Y
zFfukPJ!o@KZyvEZsKcMx2$0^$VlVLGgw0!oji2pf{~px~yhL1R<bh45*_y?Vro&A8
z8}z3SOFR8v0<pM?H2Ka_gA?t?=6x!sWk@P-kIQHm?c>kIvZktHO?>I*>wLO4H6UUZ
zKAp;lNTbD`ltn*pjnt8&Iqx6$H_NQ?7tuH9W?brcWDTE4$<2J_a)3)6#^X{w(yP2O
zXLaf;RC8POV{;Y}sjaaGjSwF=U|dsc5ZhvJ_h=`UF<(%-ZnjBDQ}vQVV|5^J#@Zz@
zWi({QR2E%X1CUcSg>ON!VBz!Q<4$frd@NQz#|wS<cOcoe^bt$8D3(4xcjW7z&KN3|
zKF8CRJ_E$kXGS;oE4QmmT?~E7Q-(fWDqBE4Lv;kln>68SGZZ+oVA2}DV1-_)x;MCU
zF3xP_Lkq5T#OrH|X<E4!6@HD|TEswDAtWzZj{JAhZ1u+oDp1^tCPMP)6JJj(p=v81
zM9J`b`oVyK7mhhoyo7jnn>83&aB}F66V9)rTcB>+NMpdZ=q?N_TB=&?GeYh-i`nZC
zU-8<J`haa7y}iW}o7WZ(+TgUwCmLwxig%R7?%~a1Ouq58T({1^vcGOW+F*0&5bQ7g
zt5OZM&`=AR^-W#d(e9TM61%My)N<yC8f9<lCbBT5a-4wqVIi?NJ-p4aNg2JSZeiOY
zb=|flNSi0O1HQV0bRg-=E(XPK+ga&qfUX9Naiz*s*SUau516nAFygtAL6jSa$j${G
zyuTC0z42js=T4b#FPbk8<_KW885pkD+mtciet>g;9=fa6=YlA_=tby5R|Aun-*6YD
z4N2O>Y*lnfBr1D6F+^=k8KRE2)8RIe_mm*3-o@!bqMCOTSF76HV(xbrpN`N7IlPQ1
zN6)E721<R>h?wVOI&+U?zFzYBNltgDCY^VHop@4*9=Fr&4#`eqcUE->L!NIOgat*S
z0lUn09&*aO-i2Ca@O7N~rnLWm;;9L}y6A=sy;?A?Tw8Xk_`2sN<tT{$=!(Y8;mdGR
z<KR{!Y^2=p<C^Ho(>SfgH?TggZ{lg;xHl#2ydiA3S45;E=I{#g6myS!vKWPE!`Ov5
zGsQY!#iP9MzuB+vw;sT86L-p=kQBV=aeGoCi*Mp;;R+%RcCO5$ht`l!9C<jw4UKb0
zIvwF35$x?*CW)p~T}410Rw~_14&``lv1&Z0cpk;!Bso?y9$CUmzXaBd&87-!TFKW^
z2iti<VhuA4ZKbEEQy+d=;%yjr;@n0*INm>=lE1L)UCE-%+p<Sn_F&<!sjI&D`Ji-E
zTlRe6Z=_*d1Ss2fy=BYZ`r=o@^3vy86<#AT)k0IWWe=-z$s6Q?O>_@+XV*{@^{c{L
z_G-&Y@+qFGdv-p@)$x3F0z<_g))zn4U{}00yg^mmTU%C^@3ebIjy?2itmL5UeG6Yh
zE2Z@{RX=ZP)A~NLOL}}$yH;hVRoMxB&HXA}a^!(;b`F(RWheACOI5n$sL13{X;pSY
zU$b8(M@=S&N~?NACG<7NWOCe=$)VD!9#IK>l?z`@^)!;nF-3k=J)#o&DzC71j>VZA
zO?D2I(AQk5(xs>IOb(S+WhVfSOpaZd94ZZXNCNQ4<d9R!6g(sict`^9Q0WRDnH(w&
zc-T4mWpdPHa;P-mVdof=$#GjIhe`t;c8)3O9AhJPCsaZePkn<;3JhZxs~0>~@w0Dm
zsifZI#V(kiReUQG;ib$k{*U<tiSz1PW0F9yqu7Id6S1T+VE#?8T2`X1HIm(t1Q-fg
zRtbp@rC!EFs?nCkB)7J_QNn^^{94d|omyO6PlC(ynU6^Q^}44Qe&IVEq2J@$q*HBy
zJaXRmD4huE9sa}H0?4N<G~eNO75=-G6J3cf*w`RdXv-cOEG>x#4oCfkjT5CgAC{SZ
zv&03F>BOPayY+hGM3tFB&!q~<lH`~O#ZUc(&!<Y^PBPkoBefO^t*_Ug4@x1_T-T!Q
z;IxywGZ40z`%oMZNB}c!`GXSLkxtl4*RhUGvi`yc)%s#tIyk&n{pD=5y<UHCtYl8e
z#Rhl#r+CEr0*2G)I1V(Lcwrs=NKw3)P`seN%D?FoX)0hmE&wK!xqv&Mx6wJyOy1=S
z_f-Q>Ft>>I_F^BQ&e8Iv^pBE+1Le^UZP_F-GU~i`5+m3c-s?l<8zj66qUOQS;Du);
zPgVOfS+GNTCv+MoA<NDlxHYtI!OfIwaU?(fx1EsJhzdamgeLA7VLp6@%!FU_ZjrEc
zRpLlchGK<2bmYC7R|L79!w8W(R>}kLv?4r5RtSorS$cvwZ)U@QAQcYARwPUP;J@(f
z9axJOvC<pY?&5R8+WmZ1u2r~9axe9=7caG&wrV$#rI*Umt8y*#P~;m-*v7mtX9cl{
z0^*duhZL9{n6=n=Y`sG-+3~IlWX=+_*z>Xr&RZj!VGiRBa?7}I0TA0twZ2Uj*WMb%
z-yp7k`ugXs5-@OQHDH=D;mK0^FRssmt|MCG*<?eM${U(S9*^0lSS}!fXEma>&CW-_
zwK>$v7I*=9UzyxaRrQ|pclui6$RQxYhAe<YzZ>tyxnX|2YY<0=;r)2a8CmSy<2FN;
zzrz^%tQpU^BWnQ5vM>C_&O^z?Ktj+-TUJCr)Lw#7I~%WTfJBzY6%Ce{())TnaHU$K
zcw&Unm368%o0Hcmklw>O-SMLAgQ<0z@yDSpe@v|=HlrfPc7|Jj;bZnPkw`ygb+KG_
z7L=~nA5+UjTmEp+UaJ#|9FEPPXZ?i_r`GAstkX``=}rn9t=At`lz_8Y0;8+~%eN8T
z&Ji~4b?Twh4AEZyI1Em&QAL-KWm%)gnv3Z%YjibhR4wR)gv?4Uydd^%jducxfDN*s
zV>M1?1OFFu=N=zbbv^n_-aJo0gs3P{qLQK&6qJD=88ZWCWCmyfOREtqidwaz%m@mB
z;3UG~bd<K*+J{P8+tSvywEk2?fdnuKYBhjW6e|HAoasS8v>||!`(68-d4z{;@BQO<
z{TOCuzaML_z4m%K7|iaI<iBzj!d}GmBPq%Lc9H#6Gxo<z+22j>{x+uew~?OTQ~Uc>
z%07IDyT7|r``d}X?d<P-_Lsm)N0a-z&ljKiM9q;i=C1P9yd=B(cXszp`<K@IUGi?<
zcmj}r(kkgYtvh#mI-jpj{OOQ6u_Wl-a!&zN&|d_?#VY(rp?3cU)(II*3vs4(Uh=x9
zLF8WuzhL&>JP4478C**lxc~~aXQz39-r3pOv-5KJGEH0rP0HgRJ)eJWDG-}FG2Y&`
zFKG6E7X`#^_C&M%Gvn>xw*6sq*yot(1-I>+NFLgWLCNg%1{Tf1ZU3BTcBkf+;I_m>
zGk32auUgwIT8ix&6FYo)<U8uf6Eaw<i*i!nWy8HeEW)@EONv2d{m{1b;c@Vv_n=nW
zgVK;!LlB$}LbCCS8k~)Am;lwg#-JAHp?Ty=W%yA(kPtg%N|b%l)-Wa#ly7e*zxm4!
z%U7L5zmq>seN_d<s;@+i8WRZw%J2|fKPEC(AB><FOlAAsZytN3`z_lZ;(p7qFL1x*
z+Wp;cd3JC2TfSZBek;gCR*wBdYJaCpW~<oUH|E}e&ku<VZ_XX0qXi5fQm_zwACR|%
z0B*CU110icx*}jMx+rtODnMWBLM2#6y-sLVP@Af@0hBJ)207KDJBHTFK$LBr>i?R_
z>qT3_dgwg`opJ*V<2U}?&JGCHJ^evHAAskR6c9NcU+42xSTSqSJV_5h*`p@?xxN2>
zL6-Fi`JnIqV`%}wy#(bHJE>FI2M-DwZ#cee;I+X74>a?6fKOP)Xhe(j8fEaqAuJ!n
z;#WCa%hMiMDr}s^hlRzeJ-C8rfWtl?qk9yUf@$uL$o38(`+J*ZYVm0ja9Y=b+jY+l
zJ@$TkI9`4ZTIEa$G9P>ox<XIE`kc1#?GAu)oZj<w^eL4)WtJR1GY4K7FQl##K-2)g
z?Su)KEb&h|5#R7cjfLgKa72-vmXrD2X(4EG)QGEQXu=&+OyM>sA3I~McE4%@E(6&;
zgGK?8!o+)|rB|E#OSP(M8OqU6atJ#_e%uoR@jK2S3CWhP8(j%^E4M&G?sRp&NZ@Oh
zOzQi5Izv{oa)ym7TZXMVaO+B&L6c$0$Qf4v7uGSFwWmmBx=|HbFLx;EYA9>Tf@HQ%
zCU<z2T}%tvc5ecA5llTjL9xeTKa#6jhl_R^s6zBrEhx>;fWg%;H<L@xQE6v@iNpuA
zD(~lTT!bozsFdEnXiy{pwVy!`lU<bVPUwMnw4L(KHbi?Wv7L8+)Jil`n(@OQr6skg
zKxd9>=nrHuqGsuj3e>k#_*S^G(ti?mBKtz|+X~ZNBAk={QjihdC&usi+sR?y0W9|2
z{zJO>ashuPpJ<2IsrobXL-F~A68(_f(2dGMv+51-MKFF1=B`Jy*kTsKs7l2v;3j6=
z+d7Rey?mIH5x=bxCPF|$?8*A7@j=zNd%*a;N9UGhj!!n9bqH(z{cP@P`{(K5LjM@=
zFrbk4pEBymg+f@1R>suT&I+@4RME|B0Vm*7z=_e<?TC&8Ym&vc(Q5s+QBSNuj&jmv
zwNME(u=a%KEt|jFdY^QL|6RBa(iJCIb2*_cp|S%a2Q0(CLUZ+Hom#7go{&ZozgC1r
zbu)uaF5Uev@gPv{s`dDNbhAw%hTT?>qR0ah*Gd(`qQkJUAIUgB6DtHU#C!Z+K4#`F
z);-MxfmUb1J=y3fkjME+or9i<TSy7V7Xl}=*Xb-f=mI(?q0T1fS*txw+E$0iJ=2N7
z(qbHCwD>heGCR}-KwY5O%%J3#xt$2a2jkZlJ3yC4bWXFKu$*GAd?}VA<X6_GKJCr`
z*1)stC-8NVAhJwECr&V=$k@VEk+FsLrOEDhA2-Zb872q#T9J*XmPoi-Afn{zkUvVA
z%ultLZ+}H9DC9$7wcswQjTC`qQ!R0%piwgy2A_U}%<GW9>Fjqcf170A`8$#S7Ta5l
z%+}Q{!iTk}CcB3l3kqI;9ORFD9sL5e9}DlQ8zUv)Jcu`k!|7Yg+_LQNAj2emCM;aE
ze?Xups~Y(Tw-k=(=aixVirnA;G(!Xl<d)hONd?tXcdU=xj#8!jbZ*YKR?sTKKu9aW
zd>jz~s~^o0*#y|5NstA1lG_d$VCUlpWKvxam()A6^Kg8zmvZc`{OhriO}~`wH!RjQ
z(?OAgKT`C~RNoXr!tNcUh#T=$7mD9p6pG&o)XN3a(R(SRph)=cXaU)DoK{oaoE2eK
za)(v0xkb+A7TMR4Fzp10V$Z49)^QrSBaa7;GU_LRLlzo`bE+VQgMpS$wL4wt)fNG}
zgvgAKMPIZ%a$m5i@c>{Up7fwRR@>*xeQVytl41wLmVjqaQo0EW#b1gu*hZ|)+9Q4-
z0JTPFDAmRL&aMUOk-mu!Y|&$Gm&(H4{A-YBAh>CN$7%TIYX{dBg2LXlA3q*MQ_r=u
zzmMd4DthT(3J~!qi}zQTBwBJN&?bTF;ywCvKc%pdb3uWH*;j{{`AA)=z?xuS03$#+
zAd*7yIZR4!v*hi?Kml@I6|&M&8!*>u&!8U#>RRn$^>r!>1T}<NQrE;XX`6=h_+&PF
zPO&ryG~(v~$ePNAe<DQIkGaeoFi4K+>(uK^WC*CD`sDU3h!Ee?3bSOO0jE%Mcv1)(
zrYv^2(#1a7qRPU=VvYubVL<bNK4fKTDHQy%M{;*4+#wJMJgkb$bEhYil5SQOskx0W
zN(h0LoSZu`H0ESNjdB+}$ZE(C9#E^orE1E`KrN1U&{=X>r3^7JWtce*M$;DMBqq7F
zm(j^_69CrhQ~MXWy;D8AiV@O2t4}xT06S;j+3O>;mWcooa<OF8kj)m=F9jMAIUn^j
zpFSTD2gLvt9yGMtpG#GAP?{VEneJ(!&sB1W?aLJX;F$3RP=pC&@z~=@0!bfh$D4-e
zu(U+36LP~jI~FEbIP`&zHJaQ3?B<R~x&Z1CiUcKD^vTehqAjtf{1wF70Uf`EU?^FC
z@o}ln&w~un)@<A<LwtE{Z1Ry7_zIhRHG44oLxH%{1+YB9A(y|80mHtq3Ch9!)A>x|
z|DpAm3(|-TzCfHwJv=U#zdS+(Ymbb}$7dsKvl?vqSP(H6XH~`(iFPXVli<Jq*ZSh`
zHMVyMXIyx~y;9CUo5mGOZ?l@l^%vi_=Xe~)v^7~l5s|2oU|BH;Ye=2HY5d)S*V|Px
zz@{bjQiT7+?UC5q0hfoY+qdAqSK`58Wz!T8CK{~=P`YXiyhrPSR+%Sf!qVf^icj6n
zS+=~=N^H}Rq*vIs${EV%<NVpynJqm2;`5z-ea9N}H|Nc0ye7if8tNUVe}{hz`c&!*
zL?*|8H1EbE-DteM1L0O2Yg(gj2AiYDoeyI0>haM&DH1>Z(lEn_N0(aPr*&PzHH-Jy
zJ=RnFgeRE~>(O6Y?A#>&(m}x{f9Vhz0i6`kLJ+g`5jbiqt&qfU{Pt4a*XA$PaV$Y-
zumEYn_=3{nFc^D=WH86e1)0xoB!_CZNHv?A#$P(kO`0T0$JdI!>_i&#HTp~EiTIjv
z)t1&!($`d5x|~lSvBTF`Tlz5H89BMabq|ueQd0P@DX>&N@Dm~iVJqZ2JSJ}M_;sj{
z!@1c)3?3Ot5q8xaC$(Def5rKb5x<2Mv?8c4>NpKit2uQkdLeh?j#(CAh;SAL2jf#p
z=jm~H*DSZ#m$q4--0k2q@qYnxR&o+zxhLVR&&h&I1FFS?sJ*Ws+47pdk!=~HR9Dh1
z*`xOtWUawaI?LLkGb^J}jXX7IEpQ#9HXf7KlOqn-aLDW7drG49okC{r_@RYs3%JO2
zE(BhpkH8KZsY9&%uaPV-gcnO|=t`ENMEBI|&tKzOo#=-UezxE-Y>cq#t$V!3n0sxh
zEUQd^Ofc^3iEfUt4&Tlk$&|ebnlGwCmVYRlwA9%oP~HkubhNtHS%E|=|0I`Wrn4m5
zKTa>nZd$SK8JW2xSF&Pj&}_-F){Q&$l2olst%o>kWjzS<QpGl=7UQ|h#Zdggw6okB
zX_?i3osq189FWzqCON&)*h+P9R@|x@TPYr2yRxdh%cicf3mg}fzvF7K&Y_0#gxiHX
zXtgy8YF(UAx*m8h;-?E!Rw)95^~Ex$L6Qnm=V(f&qv%8eHjOX?OJnVtVoGaQHKY1o
zS^+_|T<D?&-1LtUIQoDVdy+X3omix2B=noJs4|{=`BDYYNWMg`8#@NAPIwoUjegt`
zVMHy3eQkj(6%lSh=``zyuLwqPf*%`!BEqK%+;g;q9pUbsynhm<{Nu>o)WN|00p(~K
z2^!5s|6)JS)2Rq{(E&kx6KGca6*ys)bt2#bxKdHV5~&Y)2#ImU8cLoxJgxR-MylLP
zX1D=e1Fm7GPTRsxF&wp1zacGSp*OyqUg#Hi_c{x`UQ&&X>jkS>e^oy!nQPwf_JVDD
z<q*{LkX^tx;$jx%y{o>0-789Ny0Nk1JZDc7{*%M$E=y+6y$Pztoz__S#5D(F%V1|F
z_x(UKok2u4+LPp;@q{tCfG-MYE>S>}Pkp=89w6Bl$v+p`!|h)7P`=8d?%7QCh4y)>
zQVO)TkecjbGw^HY*@8PxGR)sfN!odWPXXDp8Bm%bq3GwT#BbUWprr2S|N4IIbkqNv
z`xS);J$?<4@w&cczc}gF0@r}xV1j9Zg`nf=Q(v^)!ksSK7Dj!Fi}o+fGUKA{+vrTb
z1hbd)<dgJFmGTRB{QOJ)bNb@Hng1!t2xoRvw_AttD8#f%PC`Gt!}v3%wdf^hT0y3l
zK|h?}Pab;dKc<!bo4HsM80txed0FRS7Q4gzC7(k7RV8L|&O5L7;=M&2Ackoc_||cR
zC1h3Po8o$_(6_FX-*%{Gets4Li1_fI>`~W8D=1~n19G^p7$zuUtwjRaZ<Fm@AB%h_
z+Fd4Cwihcz38`YqeeE|6^pL=cHS=>J6#|XOWHx8l%*TV6zd62G#J)B2d-0<|G74+v
z_m&K!xkpx!<eVls+Oy;P#6IzKX&||VCTr%O?o?R3SxC*A`F))_vF4(h`TZmdEFqIr
z3#M)WXFOe~EGHD%TiPGGk{Q&D$-=;vtVZrfd4EEi-F7j8gScL--ZQcK3f-uj$HT3N
ztP06eGKI>bw#rEk(K*BVwOalT>wG>DVJy2yN;N_YV%<)cJPPK~2M~w1HWd!#Y6=Q6
zahQo#kkysKyKXz&al(7M7|w-`&M@(_XU_dfh|uKRSF`xl&tbL3bI<ZE&F4YmQ51pD
z49ZXUnj6)u4-IXzytsA}BEv5l@UbIYayhILR(XUk?>Fb3%DDgHtfc{@)HjI@nO3(%
z+K`4EVlkhXwCoCLYn?Pv7J&?Gku-aDC_WQs{~y3r*kk>X=>{=92*zIZgbnbp7zX1V
zfmbe4+IOshOx)L)drp=eg=fwDQ&-y@RTD0TNWbJ>tE%Tw$LkvgjYvl<ivpF6xfiiF
z!#`8-iBpKOjk4l8teOejF+#iMs}~FJjS4m7j61AD%68@$2~}hLc?0Q=Z)=yV_`8$@
zC?=ER$d?>G60EmsOE;YdjXV)9As)pl7J-)n_cJ4pgFlVHc0OD9Y~_(q%?W`LX|-;b
zZp@fa){J6MXL-~$lhrP-uaR8#H_r+Lh4xzrZ7jd8P`@5`sKp%-(D_bl;A0#{J}+dn
zLGy9dFb0__ufWagrt+>I0cb=9=%dbl=;Ll#nOCf>=DyQ<pHJFYp}OA@Ih&%lOHtfr
zaVF^G@}*y>&ek{uS7sC(->Kj~WWH4RJ_UVkV`q4xz4_o#bCz-&Ug{t-9B^BAIwf>Z
z<U=Mp&6=)$=i}~%pG8tG5h97L3C0)BupVe&i1CHGRm~SUEm1zDr$5}18SW!_--3tI
z_>VnH654r0>2~7<$%DDVc@H}8UEeyeCO5-+DV!A%oX(E7o?^#kr+JdH%g)X>J3D{6
zIY#aHcI&?S^p11-a{cD)BG4kc@4Q?y$EUiKy(aQYS2|xUBk62!3O94{-g@$MGw;V`
zpcs?s2exC{oA&!69(cm)Y!hbs^OVU<Us*e0Bi9X~S>v%0GR>sP$YB|#;{eQfO#Hg=
z?h$t(a-Ov=FeOASOti!Tq9wM1KNQFUHR!4f*(**ZosUUU)o}$9nyEa|gqgK3*dQuj
z_~g`_`JyX?0a<h8E9Mj}7u}@&+S-FCMW5TkeH44IBUby2G~_{<6yFgOw%e}{-659x
zrTCabvBL>U?I9$GDkgAn8|(nLU;MdLP?<GyPf<6u1#4y2<jF@mZ~uDPp1jZ?XDLSo
zwnxv5ZR{|%bBokdEG4nFj1gRcm(rBYLLu~Ye86<-D>{JW6T3kx76|QzLa0@vx;sgk
z$h$WDdKG%$Iw?bicVOHn^(T`2Y{kp=t!D~p2(7~Bssp6kPXVN@fJi++3g1KlYdxQ!
zsnb6yS3ufg{hh9K^92Wc5U@+$-3F{E#9b-Im6F?Mj>qMzC-LEGS??r1R6kCQ4|`mx
zI&QVDQys@vsJh4D!{geo&um})_z&9u{6(2qOkt`M@GW{GJjP+n39Gqr4Ugump_{7`
ze4M}^(m77D#%A7m7bFi|OKed^R%BAmeBnZ@rxJJ4P46k1sUF0$Cdz}s${8%_Ynw?R
zJ8vg6QxA$-<AEm7>Im)GzVhz91zl;#j(dvin*zq){9bc8g%;dlJn}zM5&I23LPp&R
zJ_7NZJfXM>b-zyN99YSijaq(IGEn!i-)IeJ{ttNyuB0qy#;*lhv7G2#eKmG7_D!O-
zBCkG(wdO0-&}6LEUfe_u-NE!K&rco%3{7%qUY!J)e#WaSfUJRNXmajeV1X4<QM{V<
z{KCRV$Et)@MbX-Clp;OaIdrSvtdqH*#c93H!XPiX55}sF8l#lN7!;vPK`;ly1@jSA
zc`(d;v>l(3Im_9<f!Rf_!xJ5o)O0)8@L^8+je#Io#5K9+z=*-iff<>O9IU8g5(Lvm
zVb1P^aqB4Cfza&k@_4W9&LNU1e1rm9qJv(Z_NY>#wl8S!HAxqNoK-GRB)kN*>ehPP
zY{~)k@=(rr5BNI6)6lH~OiwF@u7W3tcj!ReQ9T|$;7IV)Tic3LiWTXG4E2ES>86*#
zM0eCxGTJ|B{h?c}NvEuwUY{iXNb2*;hNe_r*!IxC6jZyjRIp|3V|>EK5<`iFVI>#z
zGz*}dzO00(#l4dFK<R#Z8|GY8<Gn6=F!>7=`Jr`f^L85;RJY)HV#23w{xt-S-C}%d
z|4sQ6j2$h~9_q?qe50Nakk=mif`1Xk!=B4Wu$;kGL~-AE<WaT*<|3*^>MX#T5+SXE
zA)|jOB2KOZ0T^^G1+F<867#*@x{fYH;PHg?p){PO6t}@DK1kz?s(P><-FgW3ea3cc
zCTt0$Pi)TDfojPU3Pv~UWF!%+nHg3Y41q`Fgrml$h9#<okYJ`#Ef+mO^6&<>g=cmA
z7kn3}dwexaELGZ3I+cM~H^7%-H`bk-I)u^FMZ~#y({U%z`kj;%jXs%2MhgQ}`cCUH
zxN_<3SM-n@3vuB%-R!4(wxEz|=50EMUF;_MqN4Bn@|=rnMymaDezAWe>pIxKW3i?d
zf)h+=hXuWg4Qw&m?N^5?R~WUjdMDt^l?uMTP#AKWuclg1<hMuz2VV8ILXkS-UNak<
zYqg%Q@X#a@$lgu1gCYlACd6;lMUh&q>{Aj=CJyt1Q1L;+V;Y|_^0_?}<K4Skixmnu
zIbH6NDzG27r@OpIy1b)Pm(|iGDOuJtm#XqVkOU#X1Wo=z(u5U#%o@R>(%eGHmfJ$I
z?{}))A!&tf+IN#xKC<$hD&sS&OmwPLN?JF!$|y-wWOkFa<yqCuC6dovR5xdlZ)+LY
zyQ^wstt_MU)lUR_D@-j5pMk0Ib-}TzTA>x?2)PD+sR?-wqe;Nmz*2m7g+b+IZw5U)
z&!S76lOdFxpxLdVxZ|-@^Y8GPb#gr8vk6Rqes!4G18apoUREFv(OfX>Vo^_6HqnD8
z<lZ5+q3$-Cc|lf*OvK|#OW3FRxBK8W$mi1VN)CBo2Bvi!VG$nK9H;Otau=LSt6E(d
zEf~?KM6vo}re!p=BsgKa6uUI!^6HJZL~K+yjiT5T2F~`?tW^RG?U8yP{xgpufBE?)
zU&$ujoI6cN8^`>{Ey!+0w|2|w=oc~uH3r_w5{2IGw2zZb*kut-#h`hM1m9{Ie$a`%
zs{Od$Z|ti1#8cQ1JtL{|+)KN^59|#eRY7BX6Ok5P$B$+&=;@Tfu>XNiU`iwJTBX=;
z@c<BuMg_7P0T<vYS|ff;z*w^I@V-|l=5#<nZd(B7rLBKDhI!<{AVEEFPa;_CUK#BX
zx}3^Qs?{~ou`rjZ&fC|Mc#hxL;zLv5Fske$?fzD72;MNOI4!|=^$ZTjJjezm?9gg|
zL1VJSm(rHFyG&dxU)<r=RIlXZ{*WSSJPt$LtW(cjq4mZE<7?FqM@lBph?H!$OvI>j
zPIR40#PJyfXH)@gbUCgI{KgLJ`lopw8ar@c5H_C?;*)z>7C@^NX@=jZdP-IX!u4cJ
zc1SIg4>T&=cO@~hp84Z3?oqAwQ>hN<3lOtrIDFCSUSVvBbuu^NguanR2=$b;t~*!K
z*Sa|9xxaJr5N>7>(^}S|iCwsyu_jDJwKdgmu_ST6IUwy|n%kX*Z^~$RFiBQUr-tWC
z!>38Z<E3Fxi6kh_H>l(a(l`>)tctcqHsoAsa?8HN*?g|_$VwpUVYX_M;AXQWIMYEp
zO_r#NCF<W9s)YB;Vh-Kx#{+M2g?{*yvqF{3n&@7b9@hR|eLZ1oNBwtO`_myZq3CkU
zKm-JKknQ9ttJS_K$D;GtT#s3h(=M<(yBIV+u|6d*QrI|H%jJZp9^;5scN)MeYwlYX
zI7h4fDQ8J`xJFuy5C7NJ^hRdMdjD{Mq$fAB8{6Tm_l}EH`JR%HT<<2*GS+*698=bN
z9-lsAn|q?<rRyL9wcQZWjJlblwMre7pjkZ|s&V1e3Gv(uL9fl)v%TVXua93<f|<pc
z+Ozdq<%SUjT3r=J8jdsB2Gkgu?%r+>9J(X%DoZadh$dmdUp-mkK1?|%D$?o(Qv(Nw
zg4w{;%^^>#ZUjIT(WMCX36te028i}8?uwpD9HaQq9S(3FJPamq;PTt_z&ia6u@1|k
zF5RspS+|{&xlZr1jLteet==ocKazyxIz2&J#yVXqFvvQ6gU@7-HR&EL*vj;HZAOox
z>SG-~JF~~TQa$>d9wV7OUfj7yc`!(iukiV_Cvlo|W^7ZMF3L9|XXi28sL<>CBEF(G
zIkeWEuc(oHMOv0em!xeYEojE&?lSM<YHYHqoSMJOtocW$<}pd@=GOd4X3Zf|bD&f6
z&di!~oSH3?*3+#yJ+mhMTbiuIpJcSo<$V`AAhPQL<I}{8)JV?g6;)<<ugum@cUqq&
zX~`LRNW(q0n#=c{I{#=PKe-CK%G4@cDs_@``5S4}QM0IW>ijOV&L5pRT{CC#6Q_<E
ze_6)(|6)1g_nTEu1$a!mrvt3L+~LA%gWwbO%JMynel1YztNG01E8G;l)g>VU2KF4F
zE^vq71JQqf-3k#O!dKX+)xFJ%xS)Kd2yEiRvtLhx@<ciEE6$P$CXalz%!8CH%Nhi;
z`fVPzaw+HQ-l>n?bJLggIpSZ(q|fNBZhya*s`24JcrD%Eb<*FEPW_FQ{`yIO^Q6C9
zsq|%?T(<oSHL=<ks8Wl1-eI|?{Kjrfg{aDf#oI#8{6Yd`)<+70Wu73*^)z(XRxN&p
z3~A=e!I>L;Wm_c#)}gJK8U!(EiJUK9I^<FAc`bP8ouP_h*DD{C1KMfC2h9<5mdXyp
z_%G1z-zpDStX43+40$&5TAQtQ%7<G@-wOU#@mJ4Z3xBQr9e}FPV~HB19_`V$5<jH6
zyG9R4OYz~~{abpCu8}qBerD#L<gsPWeLCer)+j)wB$R*n2X$@-v&boky@WzEdbgw{
zq5Le;I-lELJ2gL{>r~BuU7%`?m6}Od-$h!grh@p}oSM&N)_lRKSu8b^=k~XmH5J?s
zRW+S+`}~K=b9>Z}f5JqLdWLJYb3Ri`a_y_>CFv?la=18iN!Cf{3T%AzlDL#g$tBtP
zd$lCRnZxVv3~#!mC6}a-G;@wR_dju}d`O?EwMeKp&hU{^CAk)VC(WFr7GaiC<*%7l
zo^`66CRLJ)@Jm%i&Hge~#hLvJL`|0?J``7Yg1gijB+q^#2kOY~Z5P=+?e2D0yU@<J
zbM0)0aq6PI`=kMwD4+3SInh7L2<{fhmN$4*pzC^H;VM`&9omDvNmj0zMPZ!a3+8!Y
z4{Ca6f1&Y=9hmXn)z%@2+HVDZ2Q7lYFYNtXi-}%2*H~_8`E}8qZt9$G__TGorFHf5
zCKwHEesgqgv=7-nDzCea^7e}kzdAJY0K&Bv|0rBH#vdm`_+MPhtFJbv41qbaHS*}y
z=CC2s=P#I$y-cp`ntA7BiKgN3i7zWySP2EXCXegU`na!x1$pz6-Bs563>vkDm&*KL
zC%~>Xi)DGf#+t(}P#TIGtkcN{)k#B^_kAw>dOMp~FN-(HdSyKOQoX-N^IJBjdp|6Y
zcxR{HX9)z5l4U(Nkk*Cc+h*xZf~q%2UOstpX+7#><6FlnbFzby4I!qo?<G4i9n6*7
zW;Mzm?sm4h$8S&IM`Xr7c~oueTS~Wm?Q&TbGjDa#$$3)WqH{ut6YaFkx0cQ!GwT;(
z1*Bp2ARHj`^nE=5htt#GAp8wfAmC43d}{ub-@A|KH2-oqRId{+(tg<&`vUgVIjmV=
z)Kf|kOM9q@U$|ADp~mQV7kJjg8+K$Ueixioi$Q=Uc}dnOE@oUYX!vyt6;8@|vaiI`
zHa<}9DmrO4lhc;U8ztm9aMDIa8D5Y3q(^zasOPXSr{EFKmfy$*o|(oMyMKB?B>09W
zG)i%4wI!=qd^lLL?Ao(%T^&U}oNbF9pYw`yb&a$D9-55!JZav*rh9|mxCpC&JupY$
zvV|PxnYI68;bv;J)0}pNX@-a8IcJ2*4g$QwuoC&gy}t&;Oyy!hAN7cg(1~QH#}v0*
z-nHzlFNXG`CweE$x7AXytWA#{%U#VO!cPxp{E&6mCW7PCN5aZb<9%uQi4DRmz(X$;
z79Y#X>Xo&ikE2ud1w176Y+NVb#C*Se@iF-t9fs@bjP*&bO>7%&I82!I$k#u~Q*e!p
zX6CN+goK9wH927qiums)8+bqh72028jglNjQ~9oN8I1wMva-<HW_q$rdd@S=^5L)-
z9WZ*71d;H#yY;}u(qIwujIEU{-lD&hGvIQ~S!YcwHl5L0eHajYNC7_a=MIe2@Kr1F
zh~Q2os%=+$ZTOI$XUkP@s#4;|i${<Y(|TpYiI?u$j%PUjN%fG|jUy+rNb$KlP~@A7
zH_4gKz)2iew{mo&{Wr^^UZ;!UgqEjB%b>umzjX9jGV#SA0WBjgAdzHae*wy<>wa>S
zaUo5m*w|w;+1MMqfGWDC@WX$}zixwnz34WVcfIJ_VgQFjF~x}{%vPF}ywBl6zxhwa
z<{#+-GmPYD!K^0mE1W$T$&JjZX{^f?N>^5V=pF6y=HX_@`$f0(O2ZtMm6p}WSZV8f
zzsf|mDfzbe^O1P1pP^=;2)>j`H<G79-P2}iEOn3*R|r(q0#)4Z@zLWq6|i`@rCgoG
z<u_E9miwxQln<%CytaN`IC?opP*|hChK*zgxh$nxR#y3ai~8G_qz_d2wF}NIpB^o=
z&novW?5FH2)%|Myih9Y$)unyNT22yT8&7Z)K8o+IgG(WEQ{qQ;wFm<~(nZt*tf7oo
zK;+LWI#2jGel-4>Q}X<Cn13jK=L|TBi_oYhyo*u&DAqyI?l=>&yYVQW$7<rc_!g|0
zjqr<pZQ|kZ%tJa#A{Yn_-KuOyEb9<G`r2|!U1iTA>o+oL?0SOeGINds^|0b#^Bq^M
zo@znky|$d>4DL)-8=I_^k9)mGeKqsuWkqHZuy*0~%F!s+?}Q7&cSMb>ufwn361hr^
z0qJG*Z0*_dzVYc#NPNCsxM5A%?kIgjBw~yzU1B|9_F5~JmiM)vQMXQ7l?Q&u3e<Xp
zsh4Fk{j$RgFAbWj<-yDotzM5$U19aaX9*G!*c(&pkzQ)GOC&d`551Tl&{_Fhiaxmz
zLC#k_4gczp)pw)lldf<ScUM_+Sd0wSoE!NG4?EV$fv%WP(L!_`)JV}E3b=arSmU2y
zspG>v>gOS=oS#E?NW0OM_McNKt$VC~WH7`PNyXw-(5EYtip9ThhV<#<;PP99$0Eu<
zG|^K=6zwNa^-c10*elk{G^7Ta;Ae~Vg7i<mm;4O*oTJZKB4z~6pcj5a$BUz<c@53;
z#LxRi9=N8j+K<@A7VkS+Xj_slxiph5iOkg2oe?{FU1V47j(J@%6H-DK;uFP(pR=JL
z%O0;9G#^^dLa*|8UtZ`Z=PGi5w(SVJCUXB}9Fp!bTr*&aN)~{*UG$?sIPu}XYLN9j
zWF38s1*~V`OO#$t5??^o@?3ZHV}!!(D?&u^{UBOgup2j6%~Y&f<-wLw^1D0vBZ*;9
zs8UlPDD>AcPqY`LD&@LJxn<hYu2ma{*1Pda|6lW^$;|tqT>)fXG(UYGh{#tM*-oHX
zWQhmlVp}%`0oN=M44l3?r%TrAtct9xf&OLX0PXc5^WrB-^R1J_ka5&LKZV~^l2r@<
zP;i7iCcs!QJKvyRUKHh}w7SD+C;C=hx&K_)tkE5IFQ?M`EE>OmNrS#+Vmv`4i=kV~
zFUHRb;>=g|GJxV}&fQnlc!xws*WBwF61^f6FYQJj$I^$o=HBcfXq(Wdf*|;TbN4D?
zi*GITX;%5g(TR3H<YRofRN+#LmKPswCTs3sTH@8ABJ^N1C|Y%oGNeWoF7RR$^6)C*
z6uqZgD1QFWehb81fXFvhLsa-?Q6m)pbryi#SbMg7u&z5T56MEc39e9K?&P@shD4re
zA+ORLjrRUj>s9wTYj17)xhE?&A}dk~@R>a}=gMAn(MN?_qF?1wlP%1+)PNmRx!Dr=
z5Z04Lstwxm*c+^$(NcPGu$MdqJlv%E;P9gU@^9f`rRPL=c$l<P!$Tp%_^;t%+t2>L
zgNLOI=~VDw{`zF_a1Aw10uP`3^d#`GoU)nla1eNC7kJo6=`=h%pZ#CJ!$IId+Mq3g
z2a}e*1RjJQF!QFV4${CNRFuzn9sYu-VH#5(b&$hAg&cm?QJ6*!9E;i~3)pI{jvFn@
zKEpZLUFempTivXcWcik%#V{e`eB-#=P9E_wzMAsBL!u+pA-@!hAfkmg9#i+jsn54a
zusGk5zBU@yuW`OFaLzYjRgad;y@D1v+|?_@{G;I~Y-3;rXZlmT!bo<pWXbvc4OwXV
zu4we1y@Heb4{IC=$&(vh&ap-IVjUzg?D;U{y<>T_2N$GuE(x+j=c*IikHe5WvEZUk
z_qH6@@S}28al3Gay~S$hIgs9x&gawFkLIk-$oi5m+mCL?I`7A4zdUh2?xjoi<83$V
ze|<lOGM-cHM_)D6^nL&tr58trSgU?~l5M$}!kxBd8Ku(OQUj>|$J=rPRb6~3y71ee
z?+#e6!M=mOJBKYiplj<JaA4tF-a8^Wv+z3Os3s|rL0sybQ2!iGVygaPq%~YS>hk{&
z>rZg{@2~owsk$!`+F?f|`((ZQ9sQH^_#byPqRv+J#b1wA68*9UDvrA^9C#c7h$Tb6
z$z}1S_+kFh&hU8SiWA{6@rZ)Qpqur-4v)WJJg0!i2h>p0@Mv8~!U_0cJBghD(L+KS
z5D$I+UjX9vhyNXZSgD#z<LfWQ5BA~C`|-x(C+^2L=@R_#yqopEz8}39&nfn!4azkW
zUnlXya?(%OmN4yf+LrH7D!nZ;0M-8(KlrHXo^Rb4{nCrwvQp=rEA*L8zm3s<?DX5r
zdo1&Jnm)%L2mY2EwdF?MAn`@m*4!z!HE*;tHf44*5e-N&yBRl6G4==+MGVz$KagdZ
zS*SO~vbY`Ozb2*c<-D*)Kf|u$xC_pCU^NyySok+pgpBz#A@Nc6Te0s`-@JIC6pOtC
z6YVy|bnR6+N$XWPqp5Os5iQD-=pE_ExT&6t5Kf!Cb$;4ih}z-vo`K~pT?<G20ZB6?
z%z)L8mdU<Wva{Xnn<ZPcj$vO^ISdTN+#mj3nPp6DgZ9{CNK*gsL{npS#(P_)Y0=fv
zxI9ERFPAUFzv|W}t={^+N@H=3@I}V{%ZFTknX*S?QJ+XHDhgz3O)=M*TS!h+H6-rQ
z#uc`W!w3Td+xgS1cifh~<#f0HkTYC)^A41x*v8p>SH>B2{7%x_$^I@mWq)}m@9#Tq
zfB$6UOmAXFe@{zN9Gm|B(y`m=NWQ0OiR61#;EOvz-0oCZ1gYb*$CJ`j{A&P2p8~=F
z7QpwO&5H@R3Kh)O<NXVm3k%WXcGYDA3lS<PZ1We$QV<Jyn)SN$&%7r(L;Ih$<j!?i
z#U!!b>Na#Ny5^DM$cvKnO=>)<FSAFVFB^}HS)8#jo_AG0oyViLW{m2z!&?8KTB=fa
zJTk<kB+33Cl&nscW?f}msn>XNz2v?WjrQ594FQ6Jws92>3{0}#%xI-5F^OO4794q9
zvi^{h*8h=H-|E|`of>|n`WMxEjGIE{HPet!&neK2h0}t@5kIy*O$~CQWA7I`VJn1F
z-z9dGU(a&3!Y~nv+QwFRqG#*z>nnu*wfhBz?x@=wB>*<6t@rAQ2jvW!*G~%L)Ub@4
z$Vaim*^x7(p?grzEsO#ZhxNe|@O8N5-ZSiPhj0_hH_e`g)_O4+Mf{vMKInaA!C0YU
zi=|Qoa9LQKMcksc`l3jlSn8CiblA68*Lq&ojcf35bxn!N?<Rq*bFLXg;*g-RS#ew|
zW@89FgFg^XMFoFD_$%SB2n~slv9yL^Ls2>QX6TEzs4aR#I6b<VKXh})q!L2^x&&By
zLtOpdaYNAYohEWF)^gl5Bsr^P8QaFqD8w(L`Hd1$@g-{_jS$gmVzKVsGABoS)`MHb
z4DfL2DID;h&>oExt2TA-H;U#Aj2-KUl+b)pG{0iR-5t^1Iz~Kn&EifhsaSe<hjE~4
zBfLt|zM;|_o#7Mdtzv2ETqX<SwV0rBLqdazm1m9{K~$4SuaG%sTH;aGfUt-Or4jO?
znpfqFA|g<cPG~H=$*|JcFH#nSQ2|@G8LP)i)04GMq?_Q%=C%Tl=-Bf}!ZR%oC6woT
zkq_pr50<?Y6g_TH;1Y2j4rq}WZn11mW2KItyGasL1lgW3o^C2f1U<xFxot?$!-H-P
zp~=H&b$vp(l~3enTO|uVu&ojZ?TQN`Aan!%s!&j#6!gG2!zYn3A2^wV-_4hxvW@XW
zd`qL^-TouYH`v@ve^wRRvuK>*^ReO<=TK*4;^d86=sKogRq>DAkm64X{t^2b7X2tX
zAcb5_8~^0qT-NJ(EC-H=cnr2$-)3!KlD4``(y0~;b--nkR__8mcs~W@nT6}*(zC9n
zo5mbZTcFip;vTU6w2TFmA+yoKLQQ2nA{n5i(~JyzTV;PRiTAZRcE-x0Xz|Lz=(QXS
zVM(U!OY?Z)!a)Tu%mOcL5`Y~GUO<KS`axmiLjnY1v5NWXe(qVm^_@FS*{)*$il{(j
zuOaXI(c2Tk4x>sD&6H$T6Qy3MrY$j;(TP>Hx}T7qSU|CGyc#3cJqMsbtnEz0F=~As
zqgE9siGH-&DNb`G+Woh%LLqPKoE}%lyAL7&o_7B=q=X5r6>DuJcs-kihR(h`AkSkQ
zjP1rF>ERi3<`PigO*+i%>-JOhWzil(r!Sma9M_i+CI6-`E%q)Q(ck5i<qUj|cV-lY
z#9xqBlsgKS+M_^2xg&6&JpxX#e^iMifuZ~(KvAI)LnN(2(k4k7=qog0lBCU$wAqq2
zL(;fm_t!AX+~`W-_g)ESV+21zkUN3JBD_iG4c(lHa4P8EuN}~ex@$Dj^8m4Q@!i}Y
z=qmbQ$WtE{zfU$}55a48#`|oyr4WcXsAa!{-gl!Y2a=zj)c@!6c_}hL=8{IbC(H+7
zpaN$x7f+Foa=qu_*h}Gis2#_D?!+Z>(!_sN(tqwhK9)0k`ULsl2;N8mp*;CIim%d2
zbzSC#?%p?oED#HP5C6G;A)mwl?mnS+gf{qc|GC(wzZooR3&T4j6jjK)5Ihc+YY&yR
z;u=n3Q)v(URyIi7KH+>q{Aitv8;zEbF;lrqx|vz28!{&u^cmk-xVhx*ex+8oSE{Oe
z2fRPViLRF&+|og4(Xe*a7pc&-#KzhJ5^g78xwhmvDiPvJsfbu-(7vpZczrgA`$EL&
zc<$;TD$<C(Q9EBaTd=G0^mfp`4v)`;;sH6Hdya%*!@7*9BpX;l=7^8v$hqoWP)$?f
zOb*rjCTj{ENL+N(AMq#CLX~?4N|-B@Bsc^Mdr9-uH{P^LrKAT(Q_~CWg0SbauyHe>
z+zIJ}gIlb=wL&Y^GK(z5pUAwV1-~EvyVLth_CwT$*wE@#Xb)M}(^^gSDg?WKqCMwE
zfl4mrW?7Ik$Zy`BQ)t%a2%&*qfAnfLsh+CL?j!4on83pDK{l{Jl4YphtYOo-63Tac
zZNySE^d)Dy40&DPt)$-~d7y+n$9#)FTtz|DX-bIBhnMy@{n|R3#-v|4;#0&LGLe4n
zu&_$bF(Wx8vDfmfb7)fLVEsyZRkTm$gUZH}C6NW_`+f3l9A3(=RaP|lOMrc(v>|us
zJk)b`TI<QPE+P$Sp|R0APjWdL-??8to2(gMIjrLSX09i;^GJ8PC>%?aPME}B_z@0^
zGw8AdK~palz3?&uJ5IzwG?C0;q?LUN!)hV%bCqjSn64d@X6WAS4$D{!5FZrpK|C^7
zDGx)vl!qZP)5YfjJ{ar^GkyMiiy<rbjtDMNjuALY6vklSMFoxrtv4x!cZ6Y%urgoH
z7i0%m5_gfSQUiGph?TK)@^-L?$%nk3MscwlT^TGpgu30r-fk84jPiJyjCK>3W5o=c
zl}6P{&Sz}XhztbPxzQh}72RnSEzU$XN&4S$A5=pbb?{T(8gwJ?<EOg0-i2<ECgOUb
zLp=j?{Gaz`D*LLFWv?eY^KfLmPZ#g4kh@R45uxmg_0?(DT(_0z<_k5<Ez?EU`yY$T
z1IJ;5@cTtW+p+lltCWlnp96PUkFOO?lr^7|Wc9+QD+x-SCq8^K;u1%<@0&0+fllq&
z96dfBt%D6ns#l6%p7BLGrc->G%-rzRh!7V^d$ZO40`kdcr*2P*uc6GQwz`yAlt3tl
ztbCee2-BBj@FWhRP1J@DJ>|v1vNV?79iCM{g9z4S1(cwd&9V`6Z$vmCu#l>=qb6Nv
z8?t6O9N|ToTZp{3EmE!?x$@`-mtpgJx%Cm)S&Z0ZZ12d!qjHe*oE%{-kv84u`+UA<
z-hBg{_dxQktoFs-30_#m)}1A?C$SZ>;E2~w1LlP7teeTCC`x~M4ZrV}D&-VNU$4pg
zExqrV?RPls3;*x9_T41a{;f{?D(R%{V^{X!@5HXmeZN&Ky`pg(t7d#78()dJE|`zY
z$01^05-!M6th6+K|8L8SCx~K!X5;9r*dm<vlmiQ2IN)drI1XV#*8O`0M%Ie3o9v2T
z0V=0U`pdB8Ntc4wKCaefIpw*LbIbcghL?AXUZ|VbmI%N79MM!62j`*4dTAjDvz)JF
zh&Pfy^BZWA5va|WPiQeo|FNXI)pzR3WzL*p%k~~taI~m%EoD@##_%1+Ab_^JR0=j(
z@9>%4Kmj#r9>*A0&_d_a?Y>v55+5;{4F1bCll|IrbMt2f>e`~5v7=U_ECPKTsb*V9
zMZG~CgyZy&Cuz@3&t1$pf-bImhsDB+M#vmJdu2D!b%*sZ0}xcOg&dfPH;_yiT(nen
zz@u!5_`-4YoHCRx1>bS|p!OrsbpdBB<egbEcki4Yj<2CgrQl+Pl~bSSb+#6aSK%<{
zJvU*z<5_JQV}{NM88b?nDhAPY5^EaMih_8*S3d3){B{vXr9ty@8$Zj(ur4aJt{+U`
zqgbHG<5Q6=pe<geH7?w~E-xWXVOrOaV||T(?6VoEE`-QqPGPXqPAf2<>`O_|2tEM4
zInddyi}+0M)^Y18esfqt?YVKevtsSXwELfD^qkmBe#?m!D?)-5DOWkzu?Y`UF2T{g
zB{P2duf|Xmy(8;VI@Zn6_HX2rbKUn;gTg=r_+uA#kS+^9OB6<P(WMU*MrN|!TJ0a{
zOjguBJ3YYVJZNQhb(@L5EQ2wcL*5xBbFDc&2+;rn(%F;EQB-CKiaJUeqwb<uLT+px
z9J72VdF3WTa`@QNYmw=~PDZ&c_5P-PanUF3uj$-=D1J+)_KBh_G3Oi_H}P`{Bd&Ei
zjn1|Q(lkVMs*v#d?fZnt0gBYfqAq-lV0}&oA0cBlu#cN%aXOfW4?LBo;p57(Bz!cD
z!|4m&SH&Y=E_$ZZ>57TC{U`f+^}bX0CBUa>EvGNlbrf;|SOj+zT3ZJJF|kTuF*a@x
zLSnXZG(#8aFQk|snbe)tOi$KE{;>zx?2^D^v(>{Xui){Sc@+311sr&Mvc!SMpYxgC
z?i1mW_X=Tv6g+lB&Yu;l?_f`HuUj{Q=RAkJGd-RVx8?xfcb{~D@B4HpDBwmZZJvKU
z=|K~1MR0&t+rl1+zt+z1;GTbngDJb`ov+~SI2`a*@x4|13!3nmfkAP-W3)m;5A7p`
zAx?ygl(+v^48xp9Z_uQSgaZP+8n5V>OS<ocp=}}WeI*sz4;odtXtU2j9wE_$a3yMW
zYDn+ek}IXI3E6?BSFLyqO2aP^eazlc=U<5#WQdDb2Pdfk)=lSjckog@8vulajCrTP
zOSz?KxD!wB3NI1j2Q5?Ur3(b`P?!WWWz6=$-Zaml&S#=wGg=6>Y=qy4ToR7oRA~1W
ze2Oz^@gBnAL!YxT>|H4Mv~M^*i-_Bf!l1?53Vc8*q6w9<G10IyV2uIG`X4`FIVeFa
zvolVLiVHzlqEZ`2(C;Z!dYT$BsMHL+VZd<|c&w&H;CFgwpaE8)?7U}02EqdD6zzli
zN;lE>fMsmLXZ8-oG|O8Yr4QbL6-8W8?^%Pd5I{!mFc;YWiB->s^@4oQI0t!7zv>+P
zF-n1-QouO}KR??!2M_a^q_@-Wna*^BRy$eXpsBJ57=y+7@vIo``XW;@&yOBYy0H2A
zPoW@wNI`257CdYE@QutChrBpMrZpRH1ln_Ra^-&Leh-W7)U}qblJv^_S%Q_HpdOcj
zCwjUZ0Q<CbXNtcA7Z>}E59~f+<IbY6@r7vENnPOwP9`eUN1)8eKYghqtR+t{jYqfI
zz2%-RggSOgkhYGC0U9a#XUSQI8J&C{WYO#=WqlY*_T7qZ-A>x9rpkQbrtOm*_`cZO
z@%a)N9L`8T6}Q{?RIQR$x0{(K&IewTv{3pkm0FXX+9zZt?x8tBXzt?N_GhP;59hFj
zY5g_v`J$XV&4i~e>n7wUe$2J+$+cxPY)LHMCBB7?4P`GITNdxSjQ<+`nZ0<oeDRRf
zkjV9ruJPZkn?3y3kSIn7GItJsiJ#Av%{#O!Bs5)96LY|~im%<;6Oo}+miSD~D2&Z7
z&R#HRH4u^^0OI}}Pj;UrMxVvPfzxM>N0!jMz>-z{5!KDgV!LR436-p$xUGrG(D;)0
zB#$w<Sbx-S45Mb!7ve_uDPer-Gmfnn>c+Z-YO|WMPKSP;2K`)-q@OGLA}z@$0s7f*
z%!V6&y-RNke9L;Fa6~gao$`6H_RyXipY8X4qSXqwx4a<Q4KO0%Ks0FI7i&GnT1Lkt
zlP-6<{+K=BDy8>=tXcGtt$Jr)#0`2yA%Deee!ge!I6YojXa}5H&r!?2bVOqX<36EM
z5v~YjHCR{33${H;cqz4ZL<|@J4UuQlM&KoEAe;qu#zCTs+UZv3{xXQeb!>ehjZ`JX
zcTxJtWabyBd<jQ+^879;|J9S^r}0B<?+EZM#4Oy~(|iV2c%MoLJt9vGOss%A?@YMy
zZds;HvFeum=(nL5P=?R4XTS)N6s;~sM**~e76x#=v~)hz0tD=B*aIcdVJ%a2p<<dq
zcJLQ0jn!lRgaIcAm9_R5rnoc>ekc!{7bFH!TlJ8QH~%*j`IYU^C~8*_ANWfhPwRbE
zGO&?2q;7J8cimL)Tg=OxlHU`CJnm3dVMX8UOv2+1#0=NR37t&#qx!A&o|>#0(He^P
zFI>D)QjP5m)_{hinr9;_{zw{pjbj0FHI%V3lCchWGLW${j<GU~v5W$yA2YTdxl2J5
z@&j;8bR`qGJ|ErPx*fh3<zN|AVrKBZ@Q?^&Ao$1`+>NT*ORCENE;9qkJ_FKcAk}9;
z`V2^)0s36u-T@XqPt^@T5H|(#LDZ7yEVuP5vL+fA9a8Q>7jKlDu=lg5X;!_+JX?#(
zwzCLkcols626ztjWgB<}nBh0Xk<vC)tMr+#a8bUl;$oOLtxWKocL)6RYy}c(z`3R3
zYd$$*f9b#5FdZoz{^mf$3;Mve{epGDFNbQ-4=p9(0T>HQH>DIo&o1Nxg|lKuvY~I9
zAzvOmO7Yl{+&Kk9+f=wRKTeB~aKy)cF02-Cq6py-sQL&#%cG<FoZO)uHj;|nNI@`{
zP9K(}Jme@s4ZKtJ$~}xs<FLp>j*2|w=n#PIaEYXeJmjdzLyk_8v<gWRdB{<bha8<P
zX)`2^UXXeaM=iQioFO6)>4PEm2IOz$BAhG2IbvRBbZ78CtrUnnq<}`U4<HX=`1Obj
z>yd|ek4c1#+)r^M^NGlkg5E>X{g6lzb$^|6ryQhKaBC)C&N>QGwR;KNgMH+Fj5a3?
za%0tmyb;gp&DO5(3g+KwO}_&qmKIJp_mQ#1!9Yk4p%Ut=5=}gjGwdId`T6Ag)P+%%
zcv2N{_&b^Ts{WGB^;7s;_(>hk3HUYx0uOgnw?HQ}oWiIOa(J1WU7T^7WYGIlCi{%n
ze8yYS=I2hEJ)JhYercOCXmehF=YnyKkJ1a`wtvm!jQeV}ELjsiNdBw)%JIj>`&ePw
z>ShEH%59M+x`6Z0Y!*91zBbjk-<WZ#+mMHIi!rU(zQn0>p;L#zxyRRm169#iN;|hG
z9l=!Yq^9Jw@Zs%hO1b~G1uiobu7XW3;h}*@w{1{v$UvHHJ@uYYq=2!_`W{UZt5}4&
z0c1ZjN-$tU2%v=R*bf;KihV|(S{~CLd>Ud3uv)9FqRmRP&vWo=BCCC|V}*AUi1WY}
z>wKYmhy+@OXXx`4-IK_62p|tB4OXtF`Fut8)GM;bD&{tsyWE(%iI`^{mGSb+!OYp#
z(c2s{OxD1d22GP&YUC*3C88}MPEV5?BR)QNe7w*9h_*z3guBlG;2e{8Q1}q*ja<Z(
z+LC{g7L1QY<U&a61SqD#LkL|kO))5GYoeNLN1R0(1XHXPyt94iR`>i6Da8M9F8_ue
z?!%G)VJ>*%hkaCPsY)Ftsil%SOr`o&>J&-!OX?JrdZS8>Na~G}8Uf9e&|hx!agj~M
zTH8gJ<s$5H;=>+MvxvPWz2-`zp<zW}yUVC|nP4m4A`KnUHxZ>p7U;2NPa6EePxzxM
z!wFx5erQX`!}jgYiDa->W-a%b!)lFTF=wh9I->iLb?4kYECmlfvwN-4J?1k*wYf$p
zmMdQh`BErfy7Q&Gj5_FTjQ$<jhE@3;xmVs5pfaa!N;Gi^We&%|FHnDq6YT)+AgXX4
z`+V7X<jI#oKdN9iW}a`W$WGZ`3A#A0gijE0fmSrJh!E+mn8&rCoWM<xuNC2Lx)&IF
zA`BJ^nt=moDwN>vq=mTZty(Y1MhKI)e~Z)Ns6cxZj~ttZRBf~pw=%pGhIQn*VxQ^8
z*P7-E?|9{0Ay1u4!OCK0xd}oDn(7jy2yy)=E>&WO^R*>oNEPC=49;27BliFTCi=98
z8x!XV<;A6VCZ7m20rNof@?}&%Tyr>Y&IO8+)t1Z`4hOn$>Y3!x9+2N*b5UVJ{N>GB
zo_n-BTZ=uw_tXpSUa1iu52YGj9*m=|X@nmY^GGo;s9I@z)3XC!SR5F8fIixG29e>+
zsY?Md*gsV(r9s`hfxTU!#Y&}7GrU~A$KZ90cLtPA{YUS{J={3x<Y8M7lPuNEVIUBW
zTXePcCu)ho`FW}~&5x>TiS!Q{mnHj42oo+nAmCp-ED+sQFWZRq12XHJU_9W_p9j~-
zf5?%WwI!#~99B)ih7KgaO(E^7_LK}-L!ynK`LJ;AYI}ntg5KA)B_H!8MY{a<W<?84
zG=}XJ)-VpE7WPzfI^J{dSOd@&Aujai<KzAJ$|!|QRVxEpmb<*WJO;i_6D*OMkEZ+y
zAjqpnFn#JVPm!_w+c8JxtMU3X$9rg&j29KC!0Pcv?mosW<Hfl5BN^|V42AI?8z1k!
zPe?Ba2*!)pN{tuas%5+=<fuMQGl~BE;1bA~yY`S6i6!tPEf+*aCyRb&|5o<n+9c>L
zspE7zYLI7z%`q<Ei*^TFTvth^J=)nnl(mq#My}Bt4#PWnIb<$q2FF3^nf+U|SP><W
zrEwyJ?cZT-F5^*<OQPzZbdFUQ#Y(ns;^ii)Lz|{$h%z}`&_q%!`nKIFEm^fU^1|t-
zzTPWeyIW5VfUL^19^*snmiBSt)N`Bv9?c6;)s-qq{+zsblk%Ho+Q^<-onj^%M{627
zY7Y0&mh5J}t32AXo8f^&(Gf_m`!X~VJ9Z^G38-N|$J67o%IuXDi9wW52XoZe{KQ%O
z;Qc*nY_V3?Ml-2$o&=8|TAExu>KgJyvXRcy>R#rz67QJzl%S)NZBI+(R%mrkk!x1=
zA2qhWR<}ZZmmU(1GC^grXib`vaz}j)9_nJU^_i1I(I-crc^97_<>=mn(c5+NE_mPb
z3aztPlDc|3f<!8`RLM`3!0J(kXKmRc`<4_~ts#3&2@P6j>=bb*Mo&%F?`N{2uI%d4
z#{r1m&V13fGb>B<QDaN&Gk7kfgj30R{4R@@5c;HZ91e^UKqVfdU$$xHx6!ZpDIg<%
zBE{Xo-_!2jlYA!scvW@4(o*G;<&Xb-jr@!GJCDCi{G<3CNqj#kcC4o&Ikd4b+mGq-
z9#tO|!dEVDkf-uQzy>nnz?@q}q7ZBEH>Yn>X-$}$F}&N<eH^{eCc<o|SPB=iNDx}0
zvnDD7LF1gTAwh}7S%(;XK1RL@rEqdJqsMQ^yr4Rbmy1$Y_Y(>*v4sTlsJ)*JaxS11
zN!xLsSrBXQ`8+$CrHw^VA<y_wZo&Rw45E0;1~MlthGw#i64dvo%uS1#R6rG?bZG#W
zn0N3OeO|mW*F7fbjky<yvf^rGbS@A{Fh99W>Jz`=#|d5brAwBvS(dRd)#Zh5m#Vw<
zZg-*>v=qPEcPSsxbz4bJ?2rzO_d(CBpc8v(E2|<%k~`GZ!&ohtTaA><i1<<B2IMM0
zsMA>Mrm+7))hg?BvCi9P-8(~!%2zvr`ethuEpr^stW##(E37GG2hF+gv%kSZv3i9S
zBmum+%2i>)HAi5DSUZlEfQH8nbFec^WHIjESHaD^iOm;Z4Kl(N6i_3iMK-aM=^nkU
zww{;{vO-rD@!!LI<($Y^#X5ckj3C*=QIaf=#;4Rou<B3P-E5~MKi(y8m9<<3P2rvt
zJ|6zfd;_v-Ec~=_g`EYuu0DXk87wcwb_;BW!_my&>c)UYzj;?R0ZvLYjU{Oc?5(&;
zWBsaE4c)3>&Kh|>_^RrFBw5#=B^(?zO{Jx(5`!el(B@q4>eCU=ha^Z;SDp+#$p|K;
zM$kg<_57`B474(Wvs)Tv1i%L54kNID7DD8G;0|PEav*;x6)+`sp<6^1k5{j>n$HyQ
zI>4|dDJG_ZE1EJ1FT&lFXDz8>@ucMAs^lT7nS@T`Q+gM9<J3SzNe`2U=@s1E>5v_<
zQYU0b0UN;fOGk-`G?(6t|9HOJU;2;c+c5AH^WBb%t1q2z({=8A|D;MDvbK|OlKD<l
z13CG8Xa2*%;{Djw<b0>o+{xyf#J}t^@<8Dd;2Wf(wj-hkXL3*up&ova5#WPEdvJ`<
zf`p^MEY=t6z&ooKEHZSnLPP_}^DXQ1J>_!&B6V!h(msU=iA#7@Ja?^tg+7y4uC(_{
z+QTLo1@qH_@q0Wpz34Q41f*%ZGKd>T@%Vuk|D%}$t^nsi=?X1o{op>QInOarzbJQg
zM0cweBQHqLI3ss@8X+Usp1o3BoJ0enGPxxY|7MZkG3xkgIxb$V)Z(?V9E_uVd1o^r
zp*IXPB;)h(mbG1r{e`hx@6l31kZn+66vVFrrL@vWJwnnWeP3`I8MhsY9O<allkVN9
z)%K)0X*fC^shsC89;cx3rn1a1-b4d`=w^FBk{-fe$aUY#U3#6y%eWz1_r8V<l&e-&
zlnY<{tS>C0O#kmK?XM*hUy($cIC!En<qY`#iQrl5Vg}5eqGo;ufyX^~b|Lr(<mnMG
zbc^1xAzEw?m)T$~LV^f%DhOHJu^}?RsD70zl2-*NbsyH?);%<4R=+CcaKQp}M7!hS
zx}+kj&A0S&doWgIj?K9B>uUw#_ED&IbF`I3W-9914I1|#hMdK+b=L8Okog65tY7kv
zy<6y-k32}N)8{b*J_ji;M_-7?ptF_7AmS&LX6a2VGO$-uos}0EtoG<QKSC!I)9N0O
z8rpM#d=V$zE8B{4gm0a+6l`j0X94BCX1pWPIa&Crh4{ET*j_WTceHm9kNlA4=+}xS
z>)mhL<uGK3NP1lH1qa)g^{d(NMa>b<+%qAuTYTQeIgk+YT!_|lVM<J0dpIOoXSP!s
z=C3x(cUjMImW94iqt%{6r}m9GA>DXeJr4gNo|f#l)MH<1puJ`d|CU@fZ&Q3KJhCh}
zU&f?UG0RYyv4;u&m>1P*d0AE!hRTlm%MMaIoV{LnoJb~w<Gl;5Htt-8&U+wSFG`i#
zbMv!nM&(4i>BN>^BP)kmo;jz)oLn5+Q_`?M&-yv6&1IF@r5@kX+|pIJtUVe1C-I&T
zR-rL^R5rF~mTaf5F+ZzjR9<wn4NdKHd_ws|=#$DB=sv+CXUZ07bw8G|%EQ`B>z}|M
zK#gm(Bc{UkU*$@(ABhX03a+nfrM#rPk!<c2wd2o-Fbd5``^ESqHZXh6Fqv)nmreH1
zM^cl`U*%DE*-%HZO1eqh$lQf~)G^Fdce$7cjVn^&iy66iFBes~^yUM9|2O4R@~cVS
zgVhB%a(Wkz2jW1O$+2ViExHv@^(~mmKdXIos7-7n;aksti|;-y^jcZNg41gnJnI>3
z$F@C(-pXBXG;G`B>oO*G?1t4hq$=F^Joq<Rp>L-OPdF78<%XFk#)F~{r`3v@XvnC?
z+AKZ6S-8#g-c_Rge50;~8+5b#+oEk`hrIO>%{#mQqON}L>=G^RWhgL&=Lj|MU4MK6
z2n@mDVcEZ-^?q-V2I^_xZ5n8h2L2iHZj1!{=576b-hWk>^AtkPiD2o#p%%Z#@_ELw
zuj54{Lg^)a%D_N2wR{MyH;YLyjr>bJ5^;a%TZ|A6;{KuYfy$scLe1t3fl%%$XC&zv
z4Q=x?p$hGB^i3wpfIgA75)4SI{gC#}@%_CG+C%T~)o;#(>)U#$#na&Pz&2t?lm(bm
z+%ScIQsc1)0+DD*6i3d4-Bje@N8RkD$FD9@e(StN(F0-Bl)Tf6qPamJD;OJB!c*=&
z>!Z^hC5o=d{lW%?KC-V(Hiqe-YRsMgf7ITO-1gQ?O}3X@qzC1ZnB4P+L9C)27>?hJ
zl~=UIz8HUt?vN(CP0Xc<ba@5`iP(aBbE+M`wramw-&<MVpR>Md!&B=US;X2R;9fMB
z{XTwCi%+t@_CUptbCwil#&{3{_~4}L3BLsxlr>F^<ckmf8yt6kS;Er{6B~^wbew$V
zL=xNlW&1pz!1P8(sgQ62wM%6Ij7?8-UzC?-MJFpn9fDhAJqV8q_o)CuBGd)sr}tM_
zfiZ|}hJ^7GB^;Ql3Lqn>9Ze*nkEC&=j7DpDwkQpaEAc3jKGQrV4MJ#mOXxGCZM;>Q
z{G;afU$EEjy|bhmolC4Om<M^$4}wN};#+El?G#T4_0akL#bQsMb=Lz^O~r6jBQR!<
z*<F_N9zq{Ja<w_9zd5-Cip#nWjGu(%UgW3YcU#7KH-U<s_2%yQCR4;Gqqi`6!2T0g
zAyaXKY&rN(3^eIhPRCcVl}*nM{IONxj}0#V*dnLR))`SA_+ug5uy%eB0|T_0q9@F8
zxtA6Ejw$9Sw_fSy7~k>ld*}^U52N+#LX^*TFn0wTFuSO!LfuEYC?g7Lz{U=7VlciC
z9gw41tq&X_epuOS;m&gZ*K_9k`_VEH{TaW&Gq(SB#))6fWv=vXn5sW${4Fr5y8i+@
z;JvA&`Yh4nlDl4}_<`NsnU8YP(-w?fiT5aX)uZzhLfSa_=<Y~n^nF*p;>ZO0$Xv{+
zEodQ>guB29ndgFD$hbw6XmwLiil9L(eT}PuI+E^FKzCLas6@S$D@vdPBuF*9K^J$)
zeq&GT;7|8_O=e@yjPyHxzrRLuSJC%60)yIQTeoGbjaK&oXe2R!Jrat;>}3?0U&}Qn
z<(k1l0~NnhQA-)}PFH>~D2cqi@-{IJv7NDF_b#gB?Q%o)#iFkuTgR_&F1mz&E3}6`
z6U;8YC}l_4N!Xs}C61E#m;3yK4x^mik+aS6ojVp%N#$y_?~w^XSj^jnB?_z(2~$IB
z313(H;^RDcZx*nCJg>Jehp(uX@r`5cqWxLo;g;eUPOV3W!e7?P^(5K^KJ+7WbELXy
zYG_@|XpDA+|2F%*^GdYG8@OJ!Bm8cb<NHtDyG^V81_c+-@86;Bs;i}zyDMj<A-vOh
z{7>*-2!Iu%(T0x^x?ivE6^Um$*11<6)SP?euM>IA9r}B~^I;(8yM+PRYXR@)GAr$&
z;c5@hl(%@f@cz*a?sUJU^ucF?O8nmW{TG3sW|mYdbvQ+W34W58fZHGv1(vlsQL=LY
zc|08xjYjVl=6I#>r=tn31O}pdsNhknMXQC&aJ&F>A}Y5OnvAMB$*}+Ymv3cmFM8z8
z?$(_r)lLO)C&;UG04yaO8Q`!2;k-N1VPQ&?=pB$Q)vKas%VW!hn3ZA{Si2aAgU%Lh
zzmf8CT=FA`?^ImM8z#tG4hCE4b^r@9ibxp7P3p;((Mn{ZzK#W#{{{^0@Wrb8vs{W+
zF{?|6X(Q_3N_}o8ojLgDB}Xe2dgl|;P&@}x1FIPYW3j&)_HMf8Tqj1e09Mez?zSHO
zS)e(L4!(KEs>JO|oaWS$gmBp=QM+hpN55$o5{YcMmM;K}Ss3=bof0f*2$s_8gzn0A
zHRa!P93f#+v%W1Xvu@Jk-M8y&Xam`a45FVBi^wt{qzM@#<gG52WVJgv<y=Au3GKmL
zi$dN(TCMQG94{x<a^2+R?!y-PRzd-Uv!eS$qwZL#)&7bi>V62A(f&Rx;=|Z4&y>p<
z)6FgiGN$cgAzdu2)qPc3PIhyV+f66<7JMFx-<rDM_9yZvmM$WPBv{tMVj^8b_BIZF
z!vQR^S=3+|ctch&C)n^gg11cw-da;@#sXqxSBd`T2a%!RmPd_hRwA$>=>1GvBH@sb
zzX`#aWnG9wMXqTxu)?ecT~B=!9iknnxm|7K9z`2xA)f7b>hee+kj@5cDU~pf!#4DN
z0=gWPO^07sFB=bd;52Y+q$kcVA<?X7#>*aUPXk`&64m~L<CC6lCjJ2&@shkULKNql
zT43pCEWLKWoXNya{t=aG*`m5{^J6h^T_n8jRf`~ot9S@+pK~7A_W2}e=v^9u2HtK`
zAe#6aSt2Y9m$hat@)~tUlz_8ETQX9>1~XTDUx)||OIM&#*RI;$X}OgKIe6?64&Dlu
zTd?kuu2hA*OF``OVBR2_*hVXhO~)(5K(H+s@BiL$;~Z~vKQ=L54)>}Fz3%#?j8PW9
z8!IYuMRE1Rsw*R5&fFgBY8r<O0Gfn7ilF0=^|L&Pz@|WntU%DHLK}#^mqWlsat8+E
z`?cE7)bHpDSW?B#*=|!&WTQRp862RMXk3b<bqY>8|AFiv^p9NO1tj&$`>J=+*2wul
zhHuma=trM-EcBzJV-6z>-S`h2+BRY%T0s&cbnY!qeOg+{bHhoS;vnrG1z94x0V<Oy
zJE?OHbgs}%q*qDWqpJ|Sa&IVn4AJ|uL+uc~V@ojQyrW+9ARsJwg|&yuFp+LYytYxh
z|3Wr5Z0x78Rc5w%b?%`S(M!%TvJasFtiD~HyIS0#55B6<xQf;95HYjZ_;y%(unGX(
z>lp%2SkHJD8V7UgeCtKF+djv7Mn3u}dAluAiF)fU$%o%T1_IDdfgU;uL6=DTaNF}J
z@6wyV&KF`!YR#2A<@8A}Y^qRN=#8+_D-@05_@7PEr$Ub(3(Z_qBx3dwsXX$;%D!bi
zmlkq1h&eNOLaw3b%1m!zB@2-}8%G4epPxRP3jeWMh<<`IF<9%rQz^fA--!%1yLvx~
ze1IB^2rYv%30;TgPQ$JeRI<CgrW?a{N}B=ULarAtcSTtX3JB|j`V$CRrvl1`^&Sd~
zkV&C%y$fvI@-2R&Lb!p)(fbH`Fcinaj#t&d<Hm=bdOWusNG?3I#k0kDxo-2q(~K=!
z65dF2?t<OkVa<!|Rd{i6+^hJr9D3f3Cyr`Ly!<7#(mhyx44gO)(@tDz7@|dCXt|-A
zL*5OMJ2OX+rJHy6XTq;Q4g>iekpY>x^d~-nk<~*q{>!C*?}pIrEA;OM=e;vhk0Z!3
z=aPIS^e->Pkhf9P4n-gOp#3-xKOga8*)2YDeV6q-Brbq>syMc)$Mq-hAiCZy@Xm03
zznt~`xBhXE=d2gtvId~L%grDh*I}yS@IO9<Xu~}H9Qgo9hfx4zCSSYpRq##NpDDmf
z+LJ1O33JAyZo8O#-OPLHk0K)x(FD3K%1Sl;{!;#uERihAm7{VKvjcJ*9C??~Qgdau
zXl`s=#mW8g7|n7PYN_w+ulUx<{GHS%5GRhq|8+}RtbRU+)4K1k&~quV`cvOQtX@h(
z)`s;eU5UUyT1db}iF{qmW$ie0p^D0Sg)CW*KxOLu8ZDjscl0;mwy_Sc{vo*z1=b`*
zEle*8n{#1@9MH?QM~K5Tage;38vcn}u0Gp>=B38VvE7TrHHhvx2m@_MFlXWrye0)3
z5(TkcWbDejI;Z<9$@!vk$HPyQ+weqPc1U+(G-9x4-pw_L?iwJqLp9?(QWcJjwddUZ
zRcAkRbCmTNQ^7-n8kcZLamc_!R>tR+&Yp{C1SWV7{>_dSt*&9c?7Y<#e83VJgt>fV
zg!{gf_MW6Y)sFYQ=zdg{IAsmN!4r$bV7Y;(5lVrFws4G_sVw|KdC#fC)XjPKCuY)s
z%K`xU<bo8;EYE3yz|DzvVNRs?U*waE_ZE?@#}*CALTV+t1H;>#oo|J1SR*=qRt-uD
z?lzKLek(h#jzRNUl`aLXy$ghWHDQQ6vd;nlq*cYpP0kN4HFxEQVMI(k_y_6nyJ$1_
z3}79w5dG?cpxLJ-*2+$`=ILg6wwNSm-#q~D64~;YjGS&Qyh_%4!jQ~1kc|vMY{gP-
z2$i8w_!df;2(<`WMIbEAe?<4ZqL*=4pqbcW2BqD97ia-|+-?n%_F`j;+Yy@$QEVJJ
z)bX`yLT51{f!9YWQt+CD&tum0vV-RJg<(*)Fm*14J|1O#z)Cy&w^Q~HS(@zMgu;{T
zpDe<a$8X=0)OWWp13w6>NtjtEDoqbz79GM2xM3eq-~B+)?BzFh#`dsgdjR{lLh;H$
zp`2?6h0%~@L4C3J7X=&M&zq3bza`||De&F|ydTrc-qZ<e!X65|e+_tV0N&rSiPca!
zD42wI=s8ij9Gryr5mv6uPcip-94f*VMt@m@BK>fVHg^XV6tEvY4%o#O$i-&I!Jj~!
znb-8&)L}nC{+yHV$e)+64+6#8V3YAFu$7pj_NIo-Nb{ejh|IkNuD#&G+Y#&#nxaHN
zZw3rHoXS*imq*WcTt@_`FRvu#!iy6Vh;f|Zg0Qimv_eT^t}VuqM!gV_m19sluG-FV
zQXbEDTO!WP2tAM>-_Zao5dz3D%IV}Eqlpp<|6Q4ar%w2`Ze|+aic2V~>mSwWa_#Ql
zx`|VF0i9Z3hXhX|)qCzeCBD6uEa~s>qf`AU`G#7bBBX&}ICb8m+pR^Yx*@R<UPCT1
zBCcgk)>lYhrE1WeiFttCN7iV@4zXKWjQ=tS;O&a-3a_w|_68_kR~C<CVYtEuxWcu0
zTv%ug_*l`NMV`MRj0GibDoQPqdrSU~mSuM@RHKC+Q1qHhf8;&!>r=zW(}IMU=gn>l
zPeVr~;bXE|>l$W~h7Xs&Rje*ctu9xvUkXSZnjhaR!h14r239_Zj5Mz;4io)Cj7TFh
z!g0(_ZEZQT4a3-FwqIuoKJWD<i}qGujb=Ek#-#n|C<n@RGAGecN<o=lEMap?QK(6R
zS+f1;im=%I(sJ0mM6|NL2?Mm**^5V2GcTcIu9m%G5Efx0WNOOspO~J4L65hUWfKr7
zJGQbvv1J#;Ru=YSGY|Vg;?Z<|xw5cfQ_y5i`H6DykLw>o(E}gONW*81z~^^<p9!DW
z1HMiO?7u#jhR-+eIVF6)K$h&=@KI^_guZHKLe?J{lS5zOfNu)(hLtr~H_pD~=A>5_
zQ%Yd8>?{S?i~sYA$yRrcwUunGn+scEeh6&6GEymnWZZul@^LN@3_Om3AW#s#nQOe2
z*w)U&=)j!&FggyFp*_)|!)$=5GC<h#4c2I_?g-;eJ$45K%RWOnN^dygvL0TA^{^|G
zck?o=hgP6Uwl(4x$u|56ZOMzYlHxo3nH3RDJyfS`u{(}nmR!11Z+Kq}-$W|)QwoHQ
zJz-;Eq5WN9l)J`GA<usJ4vKjZ@>slBTi|-Bic;%Fsa3~0uWFVz^M2CAZtgAB*jLdn
z;F^)>GhAEJCwtQwCK7p+?3}bwmUR`1EY?2=KbT2jA9vms?;XTB!z9pW{M}JZx8`H&
zA<wFt^*FbPutyZj5z|g+^0H>+G!l#w^CWI^gp~dR+&n|{94w~M=|6+TX|`4i2Ti;-
zCTr$U0=n)dm!L=z6FIqC?8#6rXFDLgN(h@@37q}*w+d9n^$yt$WUmqHMr;57sB|f4
zofhdJc(w&eBU8vYB7`e5Ml@9vLQPQMmhKKH7TLqqdk}?mtyU}uT_V*bLG_&OEg{3(
z<a4Xt<y1q6BeRp&p;0-+?mcTc_7z>3d>_B@)tJ9)AxBmivXcj~qp*=Tf#P5lS_LSx
zH~3;7aLs>^hgI_h6XO?Mz{xJGj4imJup@E?$_Nwl<yM|P3s(|#zhQO(IBRy5Sy_&6
z0AoCHO0);}lH6D))6J?hr(Doo$JLcG7trHzN$r?aRB8AxD5_bj%4oH>$Zj?yHdD`~
z@8H1kkPT<~yqgzHQjJuap$m#8n*IxlQ_Xcu!aC<AWg(EQ-7ikN&<H2|0PGbd9*!)u
zemVknz}#8j*HnAes{)MuLE+5TRKJ0;D7Q8;<RGBjr}^qpeVQG9;&|!G9JbWy4L_&j
z89;Gx=F}`B_xrwBAd5Au9Fh=4+{Vfgp3W2Pn1lfpM-D4wbMg>$lsIT?2qr{>=Rn3C
zN>i0>z~V7IXYwGu?5zy4^6uWcd2hS5>k2s|mBsC9KSe>N{tIBqM3`gZ_tVn=B~R1h
z#u0^&J_nOvVMe-g{lbXNWqA6`1zq8`4qKNXv|I<~mn;-Z)x`Yd3wydKABtG36*u|l
z)3bsN7!-HlEYw}kK6WoLPJ+E#Z+%OKBzh-?CxI_2S3Vh>xmgrj$C;4}1oi~BIC)!y
zoRiTdPu^x``w2tm<S~4-s_F)+`EdG1G88qbWbK^sLlSx9D)=9|InhT-DuP-aq?ZZm
zE(qU095j3a|9^xsl^I<lje-@m`$dfx$fyy^7%(zec@Yn-VT8L8HyOCT3yoTY4*F-g
zG73$|in3<yfjxo}gq;=FVYDR1B!ek#K|K3X@X$YaT;NCJ-C)_KVA;+{Ur0L_4Zev>
zOToC}xKCn>7{VdSwduVu@qgHR7x<{EYw<sm7Xbn%XoRRJQBzIoD^b)$0%l-_%;*gG
zLVQJOX{okaF_|%_JO(GxoJ_~2-rCxSmD~2Vw6!g^*Fd%6gdhp{O3*5bO2F4Sj*o~6
z2`Kr0*FI++iKxB3z4v$T|8w*COlHpB`|QWsYp=cb+UwD#+GwN;jcg1bh-0>n{aMQW
zE!)6}-1KpN*@p=2nTE1Qg{{VutJZWQZyB#LScuyyJkYF?>Wu&d#;lbJ)zy|T&zTT7
z=Of^BhEH>wmW>xX3$Za|Pk4v)4C5!%BV3u(ZrsU(YzcFt+3)$P;-Xm=Jd0K!NPUoW
zHZJY<yQGPO0HUK0L(skf006a*33q@>o4;G}Bhl+%Ohj{TJ1=`V5TwOlLqFK3n;86Z
zSmI7;7NVq1VEUvORZY7oPitDkJ48thKIgA`tf3Btm4sk%#7u~aUo^j2M&)yu{<7D#
zrv3c(=#Tr#0QU~XU%!QiJiq>!Q6nQoB8&1NgJjP$Z-E*mMbcc6#FXB<PjjVAYo;jY
zjSr(0Br-l}$hdN<K<sLE<#?u7-*9ep@-`&zs`2jwcqH{F`lJ2<<k)QA-tb_Nb{nE(
zs8ivKKArf+I|sbcsaTY4%EJty;YdvQULZjTG^i-=_^RH}?hv5|14rVJ#gPgpuP|AC
zALF<c3*x6e9q$48E{9kZ%gHLg;Sj9)1P%;~(VMHR#rz_Rd9f$_Cf0pBDz+xi>tbW~
ztk~E+i%poTw+$n^-c>xio-J0X<&wHaQaQ(vTBB0Wm((6f?Ng}>RO(_$?Z+m#SA=VH
zDjVd4xt;Be=08jGA{%{K;D(*?^FGH`RjT8SoMA@J1*isLUtC39XG>jYtHWj0f#B=@
zs*Yd|S8nlY;M55WF(CjbSV+ObK%fX;LooWDiajZYf&DI0jfq-yg$3jO;Ct+3`}}fI
z0-v+d&`+}wVW%L18Gy9N-LTvkL*o>`@HtDVJx8GYuD9de%;bvlQX}k(SMQh;E$jya
z3_rX{*$%lz4%E~7*&xh-7oXwv><5Jd;@=xQI5#@=82X41a<>+KU-tKC{-8zI!HpNR
z+g~Qlr}xUO6eKw7+-M<@vbT5`@7Cetoq8zp&<Vhn_j<5zggW?i&8N>tXmbN}rnX3l
z;<>Bikij0*Wi(Y-G)j>|9VgVa1tJ0(W~N;)Ws(G^u16?tA4>rRORl6LVYjAJ(aWKt
zw?IXYl!0)4U{ldUK;(lFk1wR6ZK{X!prV&sRP+{`iq6b4*Gi>&VwN7}$-3DT%>ens
zWRAPr0-;+r`ayz>pO;(AupArvK8E{Io1x$FHga}_qdrGmgk0CCa@zzuuq0xfHvz)8
zgvJdcZOva&;sZs?kQGH{`1Bbb{VG=R9Lgg`l5KUh?7_p}YL2G*{{X_d*@i|U+_qCc
z2jOn~`w;HW0>cpqcOPkAh;Xd0PvP4<@NJAwzYu);CWD`8;hSaGHqMwtcex1aA$WFy
zUyyBPL7sW1T6aX$Mq2|~3Yn8TBv}}cIR9#ddVKFrI7`rbl>zgC{05F<#P{87u3*yT
zl*Ls9ca4xa<vf9$wpkFZC-V63d!lF-G^LxA3BK-CD!o*tSE}?iDm|vsJu3ZDmENP$
z`&9ZhDt(Dc@8^F$gt!AjhXaKlif+zyh|&{07O|Q?5<<uKQ(#>=Gz??2ojDbI=+0?E
z-%g`1X9;}+0-NwB{eJLupn~GTGu#WW36Ap-yj)0zS&g$G=;v1Ok}LtyUX}iVLOB1r
z{{XlIx($d31Z45$2Zfg!=Km^i1#!ZUicbPu%fO@*xa<rYWEJEY5wxb`<BTT0gbpm_
z+d9#6D`?z;&VXP4I6jUezI^AzK`ZPQ-ZU1FBd5|=zMOvD@@amvRGs(n5yn}6+BYD9
z^H@fN0QX03U_BUWN2%++>B`R{gPXj25ySSuKe3&4`pe!9-~$!r<y|q3(xrP;<aNA+
zZ)PEZ3d=Z@Bf008UDs{C0oKVGPRC1%oOTm*(bA)b5hM;kza?TQR67bhXIyqKRg)1p
zQOJB3S0CHhy88Y4bJB(D=0>L;>xV(M_N|lHx3;DBtukwGW#4L|amWY(E95+q=c_Vr
z3MdltF?-glvS+=T*s~JyTH?PRMvJKp>s_yYj-Sm6UqjFb*{nWf3tIyLmGK2e8_zKV
ze!$ClOetjAyH#o05gJbaAnPLbS!9HD(IZ~HHk)?{^rG3@h7*zW{Z$solNmw>o-9yw
zpiR*SMNghAR_Wy`eT_<wsq!@{{d|?)qtg3S`T~`{Sf%&#e<VHe1F<LNO2p@Qi*uXW
zmp)BWQr+YJ`t#{a4Eh2z*9AwjXnM@=u_4J~@kg)w8%i0ZTtJF(&8u?QlF2-Xd^3sP
zZ1E=qn5NgwWwOg-Jdaf%*AHATVN~JA{d78x6XS;a0DQvq9+(q7iQDeozOr3`L%e0U
zQFu>ez`rkJL#6`!s^x*$cr&kMioxh9s&>p?%E0Q+LFYp#hi7UqEe)R^Mz{h;4sY&@
zo&-wggVG#qaPMA5h=f(F%{kG@C*tW1K8zz0Jo*86bj&p%-Gwpb03^wqC3*A?<^l#u
z!X(K%ibp>|mU+j!>|DgJ7r!BD=jyRg?tPAoFzFo*xl4peXXj#r?85hf@ag<wt;H;y
z<F&mnz``cr4`ZGEp>Wq9VrDeK)!)W{U;irMx<4#d>E$YYjY^NH^ct0ZzDn;=>3u4F
zfl6Pj();<J->*2%a7T9V9<H^}IS!l$I(%re>W|6%Gt|8v$0k)!!Xpfm#<>vFr19%B
zWIyBfiOZm>eQG~L3i(`MIwaw5QWxhkZ?y1PIppG52<57&9Il`8IQrAZ`ze0iuTK(`
z@N)<1*XI_Aj8o_U`XO%`j~{Q*Lq!VQ5U1Ka&X2<c&c;vr(j|zWk`ENAvnE<rFc@2m
z<?#a|77UzkNr{c+^ja=*V0JIM-;yg<iFS#2yvRHgkqPE8cEs;<=u1M-X-C<{8`O|-
zB=5zKM6=^4(J?+mq%NRJ22+6_DvUNo+Xa2-5#3JCzkOeU#5}}XNt4fec(aA@q)T9M
zH@R0cO*u2=W?OGY8Zy-7zTYzTd_<lS_MRO_Nd@?pjRnSsmaWd<`j~Ou`a9)#ApTV)
zXB=V88qK*_)#_f8X2^<UBT?nIsnV8)pH4k;lR?!+MqsS$mBm)o0Bnu%8X_i7RQ1Q$
z#&6k$R&JCrDapE$=TPhsvgCe8u1lrw#{Kdh-CT5>i1TZd{5NsGg^ES1mhek3NL2~H
z1iuEt2k}c_868=^HzH$0H#;(dXPM$h2UmR92o7d8d>d(I;3>Il1*JkuC~&>Gn~E)~
zB=w5cw3CF^(W>3i4gb2Xn#X6167GSM+6iLoFEToVtVm5BKkx3CE^0qaba8ijK{0kx
z4QWlS6jml%!|1t4t*d&`?TbtWCg(ds%jp#Q#ogM!q<ag9p7Hf_)jf*3UH=MI8OMH)
z(}txafe`w)WIuGAq<`~g7)6b3@e?^dxK}kOXTXa|rL?-DUQ!3rq}6W04G4AS#c_R-
z>N9AYKIo!IP4;JxHFX7EMEx?ScOB!%5G}&=PczT*xi0N<4~XzfKI!ES_WN18t`q<*
z{;bYigfS>f3VJ2$3At;X`N6*_dqSnJlk`{q0g#&PO<hRIR2wgRSAnLV+R1Jv`=Mhb
z{g``Iy3#^%Uug~LUTRH)i5jyiP+}MOS@GxakLP23psk&Q5El2$m$RQCtHM<FcxU+I
z9Ibg3jjH2qy2EH~ExXZ0D5-X$kgbJRQ$~`iIvZZ+cJ5`QYJrzCjOP$kAl{vmi;JEo
zMPlFd6}4N|!SxKqi&Fq=Q>C=ENN~_Qsd`=uf78JdN4`X@$iEtPpfHaR`g9{qmDGm%
z7tdS+{W+JF+p&l{f#7BMj7#ia-pIv|Wq7AuyeUs>j?y`G7l9z>&G==i9|5YDm$YWN
z2C3Lg`6s3PQ<TRY8s&+0MU>Y!P3S8O!tA`^@(#xLw+zp;sXY=-9KStPy}`FDwx<Rp
zK*%tD@GGW;GbN*&jZdG>dczdqpr!u!L#6~GPu?X+w!853XypE@^3Zw}IKMx${<wtT
zz*wY;*5VOHzdCnOcz<@ov2cw=z|u+)FUym8Qa-I>xB=XsUH^*yf-nQo3)o?vLp~29
zunA+Ne#_tAzI-hVX_Mebck!iQA{(zKdM=J8ZKr^PSz7olDYO~m!3vo<L=obmtA=0J
z_<Mu1tnv38bo_#r!^RJNX3Ig*FL5<%?)rH`iU0N~HbC0XOaR6B@V<12oScNn#gv6D
zlk-OkC}nUq;u(|P{<{oHK}%p$Ori)~IUFe1Jg>j<xxNs!@ac>e*!+O6WDKR$?BdT0
z2ILdjO?{sf;3RAS?r5MuB^Im1a+s!pVo5DmsWmF~d`Yd5)bmy90+qU0QWr=n5(EzH
zVFE?nhbTC323!z~1=2YLzZO6Kp7M>jwT<Q{$$5Sf?@sK8|Cz`%V4Beb|5Nn>46fia
zK_0s;M1DN@E;jMiV*;bA#|Flk1q{m>nLQbUwaI*Qi&a~sY+Ddu$YjfXRe<#nS^8vN
zMJzNU69Xy7wu(KWb24jiq2<`*jkumHs2B=W%5#@vuRIr3Z0A|~ey0N`jve9zPCS*w
z0vy}&Mf+O#u%v%C_LW}VpJBbv3mb6T*b_9YrLpuV6f?9W8n_Yrbs6H1#;vVgl#AO`
zXW0&{ba0I6k~?f1in@3M!9N9wWyFaBAAd`b>#Or17j#38o4DW@O^k!r0vAGiDz?W<
zQqw8+XbZO^u6+Sq6`}+BZ4|0=!g-OUpJXuV;0~|;gwX}6qKdCNkyfn!1@w=5%!g(9
zB;04J>17NyepoIuRbsJ96#THAW~$U0l`8mQyUkRo3skD$$4JMS3H(Sp&K!mxF~N_|
z@|WqUdPVTV^%3}CIn4AB=Z1s6@UUqsvlD-q*%HA)*dn>>dG<(Ib32R+k4VN-)!Ije
zV}s}sYIjUz#aR(-aY7A|!nq((AaBjn+6l5cSa{PR@pI*o%Pp;)V1k2%jb}fUS5Sb^
z^cPziPGz>ohdTz*&}zIunX@xp=P+^0@hUvo8=cL2<;I&2NEq$l<oGF}!Eu2n%wGU;
zrJh3G<0>yu$kffj3)Fd;YaDwzYAkD-1S1i}IWdd`_w$iTqSzWg<Q=_ZjRXG#b;66u
zhR`^keT@Q#gwD<ijE~RaBGG;dp5+Y9$PQMZ7F--TM3u!K%z1g!E-0el5%Loh<0&{^
zk*`IkUyv!GYH-x5c+Fw>rugfmzJ}$09A_J->UbhkKGk1;q`HJY8|^FsJc-M8QL(jR
zvvE93K74R%R`y_ZR^t?{J%+EO>xE`5%wEY|;ZPrzZIfl~A$jw|MXaq+Ohycz;-Q<E
zFe7jW6grylWj@mhlQD(j#$UfrOO|sfKXyarvm{DgypthzG#N_Fjj?O8esysbAA|9&
zQ=c;#|5F&R6*+CU2NN1E*V>UKp3%p<o`r=!K&e&CmWFn*&q{fsUT967)Qir5yl6_W
zG6e_i4zXMCL>uz_`21FkqZjp4E!t1AsYLtHGj^Pl8kY!_ji270KCV`VZH?=-f06y9
zo$JLeBfte0V;5i;A77}{tc=%w#(Oq%ncSl~?M}vza%Rm{!^6fGui=;rNVE>k(QSI*
z6M;n$U$#lwI%-#roVwOCAsP5ODg6;g75(e#xaQN#Whn(|PPAY~wrE}{{fLYh^U@PM
zk%`z}BCjYO!LnCX|3E@?Za|5A!_wW3UK^%?Tt|<ZhiUVP6}ynm`SoCi(kjjLX00f8
zqJmuZ9Oybf)3_N0D3Hm7OCE}|(B&+oVAFR2eWA0Lv&2c36Y%Cq7AdGDsqLqq06;z;
z^BD&)Pv+z0v)KL&@V%AKR6b%BF6mN6K8Z3Tza=lVU@U%G@y~z$@n`VQFHKMJ&z*t-
zKWb7a&`(Vu-mhmQ_~)J9Q|XF5&asD9N3DrTustGKYTmD%PX=SZ>ab7q&vGUT<Zp7I
z<N{-V1XYN+L5kl``d_g5d~9?HX?naf>M9wk#--ispar%_)~ekOi;`Nkc(z8I^IoD$
zNlY~VU2rIJmTcykTGN%h1d&{p>%i8FF%xzb@mPh{BoEHYjX_wFwc;Cl+H6XnLTPJ%
zoy@dZtmnK0>lyh00C#rP=87b`G0#b)CT@HWn1jM9h<6lqvJ?!moNNdmOVG*`zg_q=
z?DLbb&nMG%f_*m3J(L6dGpg0>bTb(bokf+#{@c_n^jNcVB9r&fkrXv%wW$Rf1k<{V
zt%YiZ%3H?e7^91V-=8>^37RgT7J-CtCruYgFC+7coMN^o4ogH1V34Trb+0k*C!!_e
z!0Fp7<_YRW*<2Ld*3+st>drI8cuX4T;6y<K_^o#+o=B|x1gOowqZ`y~J}qyMn0_K4
zD8};~2YM67fu7(y>Bj;1sp=iZ9fD;RI}AKI4w&X4)M?F03uC2OdY_z=y%1rZ>#XCz
z*OSced{uO|aK2aN#=k1YoW5z5fwQcN&KX|O`mqAm`>BfQovo&KIbLPmiawj5HG@Xq
z9lSEd(WI(#kuc4o3Mk?d^gPv(V-!aYk*9sZxkC97zc$G<!@*=ThyveG!7x5~Nbx~K
z!Uv`C$wP_{8WKJzjZYp@e9(~aK_mI(Rl;E+>9hD`Z?qZ!+YZEs-A{i3zdQkD{ioB}
z<@dy)JxfreMG*3IML9(q!2_{Hh8PYRe`OOA8gcdnMIY_$)cB3hA|1z(+;$4rY3ZLw
zc$SYZ?Q;p>|1O{OatHhUYrD)y`j}2{JVF5UC$V%F^`r2<p};BnGkT9}^gy6a*x}&K
z;r)(azyn{$2&Ht|k!<eW;GH=2YLdkv?!KB|<cAbCPA8A0=^_@$r{25cX9;9}m@$LQ
z6jYm^3-^j&z6%U{jkQO82<^2y2c&NOK=Kag4)xB)itTc~RBd&EwA{74Bx}Zt5y@L@
zJ-D%#+LpqKBafvG*^UJAE?g~qcMWxl0dTXp>ow&nSyi;0iax8;f4Y|qrA4So;w*6h
zV-I$2ceIgnLc-od#(vhw{;0~2NmgzwqAu^kr|7dd&9b}N%c0)x=Uvon3JZiOsPy+v
zb{9yBtxL5H-bD5C`X>OdahX)6KPIjNs<`%Awt88;TmRU(_gSaoB^MsJQqwQz7wO**
zseqO&GEhldvWYVVh)fvVKI7NWR?Fh+FqJtgPXfDSvdYVG_<+*D4!UgY{HfJ0TA9Js
z-1)M^_5^CIN?+B6RT`Q1gmGcA(wNE|QK?W|iPePqfGcwS6P%P*GjD2+o+p{D;kYx^
z*3bqee5i?OF#47Phv*~skU;iHXR$R*pr}#Ws)i?WUD1m$298GP)IM)bA|7Ono9uOo
zc#sds4zNd8RkWN;6+m6>DZ3<15cq)6fKN7BxHdhz)5=D&G>_ap?lqP_%9!z-D*T9a
z(|8JY&jQF+Qf)++1_U*o$n7k`F??Bd8eJ5LOMKS&aq{oz_-XO8>8AXy<X>82*QPc0
z6&jPlY|lrPln6|$svQ`XO0$CdGbk$Ae<eGG5()V|26^0!As|(9;6MqQ=d-Pz7g;^m
z)?Oqmz<TMuar>RHen(sR1LM@l68ZU(zleN>W{b{u$hRr--ULZB9^fS*g{KbdjBVd)
z+iT$2pL1d|qCuN_B@It^8AH(oo?fpqQz*r;Z83PdO^B5;O0mFUR8dZVuy(A7>uq_f
zWnZ{U&HD~@wyiS@D43AvBjXl>y$}T~`Tjp@Ke>a^T1zcqKY4uvmm-nFUa6P6ksZc|
z6tH{xI6tMQ<LGH>y3*{UqGz0b2=<ds@;#B9>jKp98TOMX?GNj}z*p>nIXL88EFDnq
zjWQN9w+XvGe`Ic{_u-D1_2)ySZ!gM2gz9}Ia3gvyxt?!rm?tWNgzi;lh*+uSdr=|D
z_BaN`e9(^-qV-myw70ASB{<6TWqY!+@$IAFiB|%#&+6cmv&B=k&$Du0zh>EI-NJpW
z*dq>(utz)~7nH;75x)iq68&ZiK!Zf=5v8x54pmy&BjRokd&C1`qBW0+#2)d>d?6V8
zls#ghfK<ts|3Q1iXT~HA+L+CRJ>rdkS7x;8fsyuzG9L*UzgQ%q;Ve_Z1VztSP_C%n
zHlccV(_!PSMn(1HCWP!?k!@Kep4P0=rJ!+%3kn!%#3~WhYB8Mku1`#5{O}YuvEF<r
zlE_ui?<vHbb3cAHy7sfFI{#><1q#T_zaevokxj4XTU+OO%CN<>=Q>gd%Xf=yu9#Pf
z5(MUoPmh-AXvADGRUMiV<?8BP@9>r3DiZ@%6o;j@@CI%)McumB<3Pn2HBhAFEBF1D
z{%E&d#kQwR7FSB0;o71Bf26kDtd-;hzm>2#V<%8!zZ}n7vX-75#llJ6rz-pR&#+%C
zp>k`!|1tZ;*Yc9nZMDa23Oywll>~DqcvlMiYE8U><!#`biG`6|M$h>pcxtmi>vOzd
zSv8(lYQJJHy5Y;{x%Bnp1A2+|<3|%w)(>hhBkUW|&kPTx**DHGO6b4H5D>eGP?<Hy
z?=p1%RZ(T%IHVTO(1^w3!M<^X$ZDj#suV=V{>7WLe;Er?Dp$%)A!gWvqz$djZdyl~
z0%zz5V$1Msc2M+4YU6LQ?O@K&7Pbxj{KVU6;(OO65FNiLfyD}au^6!kmT38>NYHc2
zI3|Nl9n@JP>+2VE$!HCzb+pb}U%!++Um3@2U8&Ngps}Y$_O~xEj)7Gwh|fx2ZR|JV
zt);0^&hWCZKC5Rb3mb8Cp%o|_6$zh)?OQ3Gl<6v$dm5&yJl#W5n@_(kuQ+mXULMOx
z=S$70*a}7SIUU;TSv89Z&GSOV6$vl#Vo8&I5KEdVoGX<j4fo1SCHFtUE0rb9H!S(Z
zFnb!gK(p;>&cmKYRG?UiC?lloY0kr*rYLDoBR5OTdHlLG`9RYCMf*;OY*mpmX%U+m
z=Gv|jn;Mv24(DPmeX4E$L3X7Op()0>xXp<diNVY8o?!68YYNu{pTrs)5Q-(ki5C?p
zGis3jTe#g!Go=<2kg}&q5nE~@Ok(tc9rfE7QQAf?RMEUAg?sq;0?j`g_Bi4K_9JNN
zQbj<urYga_h0L8#Kk0c>gkkBXFlzdl6lDq%ILS7HDII18Q>@Hj02F307fB~AGniEW
zl9SqeBGso*l>3~NJ(Cs<k%<k`^2^2k2!AhWwnxF)Vs`|*r*>OYg5goBewnXQF+t+y
zpf@@bNv&I<ta&|PNj1m*W834*#U7_9xsLxnDxfw0kwY;Dnr>q@lagwEBuy~ypq$Nb
zRK(2t<Siw&RBQRm)8%o8@k>YgevybLW7+3~2cT<d);YiX0_&VTiZUgwb4*$92Qf<d
zLcQ|JESWrx-UqSHQI;<3F@KkJjxbfqI;Vl28SYG~O)ATCAiPPebG*{&FS5?bO1IAW
z1dt&fd{k;T`g!;w>zwaP69)mr-({WiGB1mDPDKiV7D4Y|OaI&Lb5_Y%{|WXvf6Wk>
z{hxh~lG{Bia=ZU!_BrMOkysc${H`Hs_-EMX{DvAiCH!x)&w1?=Ry9=W^XzlBN|_|d
zsp}Dn``>4u)316s4?6nKvd_t+Mqwnr$Udk0V=4E=_BqG>WA-`MQvH9@KBrPu@fisB
zKhHj=kqf2&v(NcI`<#E4In#gCKIg=@5o3-sO864{oXLEr>~mh^uHxYKIWclX_%mZK
zhp41O+mw7F!Ecr(?HB$F>~l=%UgW>hJ}1ubkP`n-w$C|}F8-f=4$^~!$zKW`IgfGw
z`8oD~f1iC$o+-zzCeCF4jrKX?P$2l{+vgnlk=nlh&prpd_)u}_A1?m?kA2RGgz^x2
zhy;U(ZwI%}nT7#oTk22bo7@+19`}?zj^_)HR{NqSi<3V0=Xf@K(O5y9iYru3ER{Ui
zgLXh<F6LS9<02RVC+hFL{Oa{&jT#=k#bvLTOD^J2pXcd{A?F^#L`l0X%u@12ruZB$
zdhnboBCZ8^!N8$!%u|K|#=z1!ew3Wc2F3q^7ki9zJdrb9trO$6s@ImlDXz*xg1eRO
z-LUoUAxiOK#D~iC;IHEB$*3xH2jcO~coi0DGOqQi_S*gMXtOtr5cb;lbv|*`XLZ&m
zqMP2EP9=<l$Fafdh}Be{Cf6>=^btM=G49-8d0RpKELpF+;~@Sp1!7pUCn{EcGCt65
zyAMFfrEt?y1rfYjt10kDCm-&2e1No@>je>XeCH<ev2&jrEgX*=e8{PW?l0@dZf-37
zIpF7VG#CF1<oSsyaIUlUYP^JXA=Z6==Gj-CH57bZ-4CLG>Ik4PIeCo83eUb$JK)jZ
zCtzQfn#0;Hz$-r9@96U5XE4`a_B7hD0LgiEx_*}(H6w7Mf<sjgbKjGokK!2nP;umf
z>z$g)zyw558-j14T4urXp!lKgEAiUuk+5R=CZqkmVJMeER(>V!cU3&T{mO=Fl&7m!
zl*DnMM!@Ct(0tLHdvB79NcU=_T?QffR^5)ED7tL*L#R5T#bq4*;LuQLSzktg{+{vV
zBqZk?<6h<3UJ4m~d5M0c;_^v)H|cw_)cyFa1**5g2~Fj-g#F8}C^1|gE^!~$nu`{8
z_Q%zu8VPT4z*2$Zx+0|l*SvMbm*YjwM^OmK2=8+&ABV2#qsZHM$Xvm7*76#<dMaHt
zrqQ4a<>e6<M<3W_G$}KQGT~c`GJ@5-H8e4G^>!^a8aG^tsL(P(BHP6a4;?P)Yp+%5
z>iTJWDe_t?3|9Eo;*3DluD)EVU-yn|Qgn%!S6cf-TOom2#BBo#2_n$%eapBfQ7U@I
z0lHw$l<O`fuv9JFObY_{4{%@AHi|s?6!LM5_;5*~;zy<H`^bHair06bH8)#n7w%MI
zwT~>&-i-=KQoB%kYMKBR9iJ@iyH80$3!Y2qmJz3Y^A~m^3Ux(DmFH!KcR7q-Q;VsS
zgX&yS#`1DB+!FXM6`+S!9GQAgviK5dR8)5sy0OjeT)Lh1GPUnK4QS0-suom??u^Of
zRJ%Deb8Gf&!Yb$cbkEcKZm9aKr33+zhv*r#ho!D`{;KBZay38pmCh!ztt-=^Z^$+2
zO*L?=hR$f1TO|^nbb``r%3MCz>;#qULEp!Fadc`GM*Tn@#@Y{e@L;?YXS{pdnKgj~
z)-9Ig$4C~<sPEpKs%a(}<}ExsBYsg2#<iC~IWljuKeDK%YKzvq*cwSC1?^7hTL`K4
z2L!EJ``yw>6+m$zb$B8ViuNteoMn9G<*8=27t+3)_RUYI&hG1ONi3H{QG2u#cSz!q
zlK4z2@kvR{l|<3avP(WBiSNHf;%`PIz9fk<9d^mpQnE`DSELe`N#dU*@tY(9uB>7y
zt~Dd|lBv61^6!%TbJa`kqVSSzRbyZw+4Cj4foy-|>qRKFtUoZs@*DVtsQbJ0WyC+g
z$2%fyt?3(r=PQ?%fG-m`c)h7LT}q1a4(eb?tnDtw52d;iszW=^tQ4veJ>yPEE07*^
zlOXdU`l4jKOolxd%tXof^qB};G<+7&p;x!RwFRN2<wHxg=0$QHBtHGRHn1p%jNh1a
zPq6$>lN__oYWo|~_V>v$eUi|NQT>AtFsY)x6DE0&x(7tv?qtc1SX$SMq_3iHZ})XF
zecgv<NUE<(#-;aFYeG+dB-WtjC4+x**n2f2-s75l<a@}k1-juC1sQ>WxGNj(fV~D{
zf|)$V)SfJS%wjfz+sD9pZp;+ik?Tsb-Bs_cco{RCZeL_Et8hR2g6LbVW!9i@<Su)Z
zBs#W2R9$W{)EQcI-tM+a#8-)@8_%>QMMQm_@GT&POA>o>%f|9bEw7*h_pDH`U}9bV
zHH(~+$x%k6LJ?Csjh(}xK8{lH<A<jWzDe34!_!_TEjc@TkmV(2r<)4Q*GWjmIJb)h
zj!P8zH;M>7KaM)m?xpTJmRd;8CwWm@VBgTtGCn`$)6VB(K4YnNDIcBB5BNOC=VUIo
zX7ZWO=Q=(s`TT&-@A$;{{Eg2?d>TQ!gnpCK2a;H>Yz)d9D0+O=;r%OCoaKp5-%|j!
zgzRLX>GnhEDSEV1lol8>^U#$-Uf+EK{96A^A~F8W=&bv~1BW-(y9o(<eIogxE2QiO
z%0_4PY3q9u>Bb*P+T`wm0}b}J)b(z1Z?%;0gh_~!x5wRM>DKibw*ZU8dk@t~ef1Qu
zY||Cf#XGo(RwnlHY$_WU@kgAj;w%N_9ma#N)9ER;J{PEG97}b;JE8wYu>^dq-~dhJ
zr_Qqp{i(@wQu<S?phF2gBvI`9pW?6G1&k8?O6f;Q|I}R^Ml$~~f9)Rvy8o1Z)Ss!q
z=91I&qrM0DWX=!&&ItXee>h&j4boAi+M3X}`{X>PD{|Pk<%_i?Ar@_YyDRu9t>61<
zx`0mc&lbNOJ)`rj+zg|ad`~3jV_#z4QKuOZuRyf9@Wri`61W~7xT+Da4AUPO$4bft
zhgeB|=@~0Y_~_q}E-n9rn$wn%@k5^DGo!Qih6l16XJN3#>Ps<ayx7Q#@x%FXqx``5
z^NerFk5T-%%&xOmdK=zoY3Z!o&u*Eq;so;D<ioRX(_dsSyL1!{x6j)q>}Un|SO)U-
zzW6B=`%-$binL-!CW{p*LKwsu;9g_LE_$q`B|JsK9``nOER@#ds@^cx(jyao+0q4-
zOo?Sd#?Pdy%*kZlS=4q6CBDq(Vm_zyspgYdkC*_e(_GW$CE2>h*|Gf+$I9Iy#<phz
zz9atf3ByzcBr`O)qj7R*FjjAbcTVZpnLE07T_z=04odlkSiDzjpPhMzJgkldH--k^
zYdpGRXMV@7Ty5><(Y-4NGxE^)xPNqqINi;#D%{)nQ|xnQXE|5)%X=<;Q}~Tou*G_9
z^p?>Zczflp*wB=WmDon0M|zu#*EM>>I(DrLy;t=)O+FSGA0AxMIJ!ksov!O7BnqHz
zJY4VYFmm%_Eu%s^&k1b~waj&>uB!sXOj#%6)Mj_+9cVC6zNEv<4{h#i(e#cEGdKB8
z$vOF<mfB3!|GLf&^N`TyeydD=vdpkIGOahVRBwkLKx-7eRNY)TBxA4tk_F8n1*W2v
zT@tRPVl%2zLt2LR!wywPSz7#!iWq@e3*=PVY7Mt(bKMe0CwiGnCxiz3>OVrabLpty
zyP?7Udb1+dDJ5}Ea%AHCpwzRQa1iiwT1P&C86bwEO`C6iLu+qztlT4=;$#pDj8Y}z
zFD2*yz3@(EHh1*<52eljBk^ro`~1w%u2^VaDENd-{}D2eZ>Z^i{~?)l3kMqRivK<|
zxVLdN<+JSaKkaxUKfH5P$Ie5jRpwTL*)S(}EM)xVt^6AfK9{wBtUMsSTvk|T{&;6P
zu@U^nP_`+y<nSg`GM}Q5HHh?}HtlmAE8my*_jJSplT^M!1ko$|8OgvT{!sOf#v`g@
z^*h6TQ#$%`M|Z0sD<`w{PsaZS^3Kh4TD3T-Cis`?_Zla6^yLE{ZEb9H_jEOzzi{!Q
z03iO0>b;G3^HyyN<u`<P#eyrXcSd)(MsMcbl{*#A<LN|j{woUSI}}{>Zu3eWD`02_
z>N?W}6iPmkv~Pt6QTHGCBmZ{ZoM_4K;mw4<G@?6%ICSBnM!QqkSD1XRn@{&UKJrDU
zFCn1<v+QNv@naTsWly>Cgp`PjeJWFY9{H=@wW6|%^D#C)u?)TKbY2vL;^+l?L;H?y
zJPy-S@4~_#`W*X)cBzU2@kditDS1$6@X8?85HxaS{1?#+`a=7zuD^iVa<tnZ=}g~d
zk7I{2r0_%!J9YdhcueCD(s|UB=u5VF18`99f7@J;_*rkxOZ+_6JeQv>cv|N`tWN&E
zDm+2y)V(Pi^NsNS{)QF&pVUwi%{~%#x5wF%D}my1ULHIvK6cY674BM6uwAe6MZbmH
z?AQCnUTy9xve|8vcf{MdH~b`qd#8Bu0ttkn=iMT{j8RDXO8oQ58Adiw!pRKxSww!1
zvGyfKJ0;@<jwff(<4^dOkH{PnzyDd^=N+WZHrh(;2dODq)CMuw)8PnKh6Xe1Z}Rk-
zT6?xuJru+Zx^pN4Qi}d3X6D3RfpBaBwVzJCY{~l~^AWFZ4V*2pN3?d=1a_X_u_B!l
zm&m-0=hE1aym>d8?g%xNU{ho_=vF#<vmGtNVh~yKw<LbAd^;~kCgDREPMnieYGutC
zFzs4dv_O5`U97(DEmvRvR-?Xtf4=&9aDn=IWHDbJ{q8;v03JPR@a5B+`_)%;KoTQ4
zYhA+SuwZbA5N+;JC7V~tdr>z^j?MST&vhaLEayW)n^ZkNrcKE5bj?z-K~KbbL2r&p
z;fN|i$u-uKszGmFCr{Bwdem1`^44cS2gMiQsFzt=`eW1OxnUCaE}UgmIkxz<FTw*T
zVx`~P!b{FarBr+@_#|w^o!gb5&gB?zN0&L=&F{E0&wzv&Yu@hZ>H-;tJeqgEaWln)
zc^lSKt<)M!nd&LEDL>b{L;;nCj2ppPdet0T@&k9(C(FJk{fekQz<P+O|75x*eHcUK
zK=S%o79^*+dxD3FSbyb4nZdO4qH(E|w8mjsLr0orOnWjMc(1j7qb*ustfyw-Z>nEF
zY?u5K`WKl~9PStw9xPB(qSbbUV_7(T6`{D=Z<F#nY&M9Jinj!U*)1t{vdap|X?lYH
zj}}48h>DCT(OV!s!^$4>_P*l`zy2{MWDipS&Et+hMa6a{`AQ)@?h=R-6W%l~e4s#^
zy*s=q3x_8t;$zIo3&B2wDo)2Ic2j{|=lUY5!qjYBc%a}ff+<>Uceo=94>DzsyBu*9
zaRcGM{tCYH7j<P^o~d7&?ZOr(;(u26<P$HTKs;^~dL#KI5pOArW|8i}CCM;<5-NO%
zc`Eaqc0YdcMO?RAn}aK|h+*PKz7mf$24LlMLktjZSj2{8gRKLvHQhsw&+)24>~O#I
zbwaq$`s%U1V%FCh>uZ(u)n<K#)YmMO(q`dvW!Cw8YWS4%DdtnaVxd{=5%41!3mmU@
zVxd3f%ywSn99-ZO=!Ji2DLh?We#D5E6btT5+9TmJD6m@s$EoA2^@=|AA>dvhQeZ$I
zkK;gR`22IK!2atKU*vcnVJk%Olb8oZvb8lyH3A*wZUM+~BNbeOIBZ>Nsug{6wq7C<
zw^HR0x$0vaYP1xVMBJMr{wJKes{~D5UrDx?NI)X3De&nF^Q-`*3H}S$N(B2*5q>|(
z_D0?K5r}DbTt(|%2^2DjU-xVknY5~l7$7O<<f9mpUz;@`kvND{891|L9<#Y@wZE!M
zyW<327w-myurhvwwI64;w1Gr|F?O8Qt@EC@;*h>h18-(~9Xn>W6rN~xeWva@(J@o^
zotS;DzVt*~*1fj;DApRAT1;qBT<YX^s!}{SavMXqxd?tp^~1Sc5{EE8{bquI>>*O*
zI&o_X72w6xOXAf?+~}r7ByQvW#|l1a$M3_<2s2$CAmZ#MiQngqjQ2%vq#Zk6xv$E=
zHy|FVp<Lz-Y+?k^l1K4K|E4F3-(lQ4bs>0TO{6=x7RoW>ZwNe2Bri3mpW0sp=b;jU
z^JVT3frJH{@fk|^Kv^-w)51w1-=%z)M;2qUvnOz*5WLPKWEn}Y_=`(Q$spinNqHQP
zz$_|>Jy0qJRlUk>f7Sa96T~qhU5eUo#mC+>8WV#*c|o6YPXye&IYFOb)$V~lE)k?`
zn#=juCRHBRa1EsDF>l$EpCVP=fipivs_gx_;^6eE1A5gh^lIHdiC(Q6POn%c=L)@I
zQ(diS7U8y|!H{tU!ZeIkLwJ2`VS|w9In$N4b>#QfkQcFENQkT~_i9CnLj8)cg!-(n
z9_uS+eXX&+R#{&%ciMzdNPX2niE5xkHBh1&C{YcRs0K<@10~Ava{YLY^0xwecTXCA
zz}`+mEh3LVK9Qv*1$zG4miz*_Bo^!UsvSZ6zFU2dkMbdZ<>gddUVWRZY@oxy6ONxD
zJ0aSF9=;M#DI=26mA#UFWmuS&3|UQ`TGKKi2Q=^~-<UAJL&zAyy5fR$l{YefK$bvJ
zlAh=VYOlcv$o6FDkAV>4URYvHL}x(@iEsQZ_yfQG_Gbh(?z96NON?E8-WsjxIogFe
zS`5yq_{L}PI`-qjp(7K1MwZB?)Htmu$7?(h>jk~=70wyUzr?EGP9JaTY^TO*UP93v
z$;cWhzMh)pZwiJdZ%D9Sk%xilG4V62_^xK+j0Epd<Brs=3P56>HXg<l?^88IGNBQA
z^-77Scc$2wC~^4pJ!*z5aB0ndgHo7c^2cuOwK}MM_X;|oPMMHLNTf*770$)+#Z>`P
zetk8;c}wzrj-9|l4jXdwQN}8q!wFc3w3D@7P_ZX|O$uQWRar&t3awGxdnr{!xbvEq
z5qa=Be(O_P_1##vS<K7&0)VT{e#+to99vW*fXIVlx$dpntKI$r$bk3My?PHmT(hxF
zStlD^M0HHRTk7-Zs<dACfD<^l_3CVFkHmR}FFP-^Vob(5nZ7`7q&6Go9i&_bQjTe@
zEpBn<d-O-7cWOm$9uTT(LBtvcYm@cqXML&}_EbHtHJv2=>Ub|pHC6GBPk#jS>7jUe
z3KWXocy&Urz@FfQsM{HS3~s-(z%%V$!7Q!mX(nV=H2YMoeXL?6gX>y+6UTA6n->}H
zjZD<DTY+4+Z`#*;f@_&~5c^q)ZH!T>H#*yqjE_YGfNt#$akE5748TV0?%|uK=B?TU
ziVv#IQ}8<kAlOD%d8?k*BtUQ~;>S0kCxT*ZcdO3Tr}oQMI2nXo1w{A=Pq53_t_n%o
zyfyf1Cb)yR+J%CuK=FPMIM~A>$U<NR7p-ZCv0@)(?0p*EeK!vkF}wa1tKtud8i~`7
zN`k)6p3?Zy3Vs#aBWF4zQ`bbMKH$`^oJwFT755=f=!u->i4YHym|NQ;M>->u?}`6S
z^jb#CIo|jlt<d98BBjMxL5iH+S8kLoE{y@VxW)UCyg+-T%YhScT2@kEQA6oZJ=9On
zUqjPE`Op{%#?6Va=ny<}Jl_aHW5&)WIe|<vo`715D3z3_B_+prh!kzCh>`97Ov7$4
z^>lLFo%S>(epWm;dDWw^kg$sr>{o+F$euZkdetEBN5Ye+^bJy4j2}x1MT#ggTpvQ|
zhq^eNx+1mtUdKMKV*vMQg--pM>2e4N%)mXkoQM5Yj|aXylT$BRFL=!2hlJS)7|uv`
zh$s@Hw6(rbW3b{29BE<%1aW@NjfLoVkG4Knk2w|0;?Fp%dbKbnF1X!zYIf^MXX4{?
zX-U2}Je1dXtla6`R1tGmURN?Mc&;-mo146nkk|3CllIK}=nE@K{N};^xWr8tZX&zz
zVX?wFGnzfEcfhl-n|JfaHNM`kfn}_BlDGV|_;Jn<Hl{}@(W2BnJ~+x(HBf(Fd<+?x
zTJv2}G1HnYqZw^C89&`$^@?AA!LQXmW!rc82|Rt2jQ>oL`lQBhzv0&3NA18@A|TM3
zL}@}6w^Mtxu*9Wzm*LN{1IKB-C<S>tc49_Xv2`6~hP;2F`3(8x8{M6TdrJ5z-PN=v
zKe_ZZOKTFDwGy{VPJz}W@@sOkwWhNrhrK96awc#SYvttNc~Ww~G?jCRwcL0oS8K|Z
z9M~q6bEwwzI%|)dQCid6{91>kSmhLIO^?en;_3{t@vrn(9!+tHlp<+q=P8K?=_2Z1
zWG?8$m}?95c^m<H6*_56|H2mGuGre<2NjwmE~mhBBAQeRrlVvQUK0TbWIU3+GKpD0
zwfR~~S8R4ZOuvT|^wfTcEn@u8MQvfhhsRy0iRt2m(H(P5oA-nk9>qH@z1P(`bv(#+
zogmvMd5x#Jo8GZxUql9XR|dei%iUlcd)>O(39Q@TFp)YViwg0dqp4ev@6ZH);iN&A
z9;@nH;dVu{vz(aRE$pGH!f}nSHT;=ehfD9Q>Ri4n{v~JV6I8t{MKNg%6!cda^>@a{
zk^>6<E7i9pad4t+K(0v1N>D%UP3pJ!sy6#|q8--uTI<(KT)q=!IYM7kpc6hqUcOD%
zjlLx{L2Y2Ct7ME=<iE<yftVMU<N=tnUN<5rXLvum&R@uI=^M(nu&wpD%C=X%sNLBv
zbG=I5uu(D~D9OD5sPYLY>6TwMP6h-gxm=bka8hnroHkMh1Sv(Gh%As&Q&|>P21>w6
z!8o$O$`4gr7Fq^MK+9e$3$zrGpwq_7KnZv$opaiV`3Z>mE1p$6I_}@WfRUIY-Z@!(
zE~G7^Ib6+)r7bv{PN~DTxs*F>Aml2^bL-DI%Q~G(O6Trj4V&Ldzu!*8FTZ-TkXLab
zlDH3i=TwpJ9Cnp_L3aZb5Y~{N=kZg{MNyC|ZGJ>vleiE3^Hbahc98Fh<h)%@4a$$k
zLGA;S^1txgr7)<7U;8=6`=g$IZ?vWl7_ci7%?AdKRpQlOMvKx{X3EjBV}KnK;qvW|
zKsC@syg|G373M?OnvVC*@jAM^y-=z*v*$)jPW7xDym1B#;X4B$sxP`Yi$&_wy#4SS
znO-8>ofn;Y%6ZYrQ^jAL9$W__AThk~fojZW9*Ix_m+tO%wvL|FS~#_m9iWFDfc<G*
z%UEa2`TgRz(i=H{z@uNp;ng$HI@Z}*SR&;rDCca+FKIaxyWi;?>n_SWPrsNS`gwWI
z*8GyzNm5Gq8@h0+co=BWMC?H6GblZg!hGxFTQz6vybLLOC)W<rT`B8q@n^JfhVe^L
zuRc#ohGW@MR4T9Bf)ie<HowL{{O!^wXDjg-TMw_?(%`Jb=k%|HEVR_|0p7Sk^G1*+
z>V5`MGobdH^s3~J)jXW4lJ>$<#U@q7<Pw1ccF)sQ9p~u`Rw|KhNFAy&>HZHX&cT48
z##HxZu+{)L@5%u3;+H~sQtdVb%zsl&FeU&gy~J!?YM%!vY0ud@!K!^r13`QeH8WJk
z#Btl27b^D*sP&&#^AYhm;aFypKBaQ%&lGmhTlJCF^lRGI+VS_XslW2^hPQpuIRyf+
zmP^o>5wKr^sl9Z2P7%HKM}q}^qUDAEowtCu@W-3_efn;--)rrcbD-N$P*eFq{Rh5i
zeL-sNsC;&0Ff!cHUsL&h!){;Imd5K_#yDFDY<e!ExRFMPL$7=DXvkajtY35OjQ=!M
zh1jRN3qVn3{kFZd?}Kx05-m8=i>>>!OZzKd)Nbn}Q`VywsaxE1Qo^RkM2x9=BXEK>
zXA>)X8zwtj##<9KhaNy~z4|45d?nHc+#oqwFGz;Pb+5#YeVpaz)Hf2z15t`dm{_#?
zj0Z{O&aN4+0~zk7*JL5df+9kvhzIn3f&!{V{l2jJLQ<eDQY+-G$Ji#ksJ;9|Y(%U@
zzy6UaYD7%0v*l8z7?f3O?|e|#!x5TcU&o$_?~oL9Wc<$7WohI}<dJf|W;&j4_|Oww
z+^@A?CagZ--%<Yofh`-3rur5bR2H@Z|6&&S1$ptcHvZ#_(!8FIAd*g@ju!5KyqdfD
z=Zz8xUWD+BqkwXLz26jDM!tcA)-;LV<_4hRiH>_hzLE}STWk7dp;mTl;h&S?Y;mg<
z3MbgguU0?PJfX5f3*(F@Ll(JP6_N!~^QmQQE+EqjVtS+Vig9jPF3=UqCXxvH*4;W&
z8Y`E^&QSHZ%UjNsYOwD=SExayN1w?;_7~H-DmLCKRt)(m=g3>iN~ok<DJ!88NEB4|
z;Pae$q~9zST188cd_MC^1yYi~#mcA5JXVrBFMdm+k81Xj5O6^g-k25|$P`(=%2Xg7
zkvT-4plUZseKs{iA5~E^+7&`%L9Vi+;X)ys(l?9ZNxy{Rxr^eJsT@*Nuji5DFOp@|
z(Qr7~RIXs0tlaz|TlVnIbS`Rp5B5Ml)5)CANBG?D@}0s+i{Es$=DJ!nSL-3}%I=0Q
zxhpp`EOoU^a<z<6h69nAEP90K`pi5<;>>#ifv|fUwD1S~bhS)$wPgB4_Nt1`rs%nO
zuGaCc)=BCGH;ecNSBpkLt3sSWs|sgRDpS!zSL<kZWk>x5=I>R7qg*ZH4^|ZL!b^8I
z93!>2<f<NuM``JyG)oUzbDWC0tqL2yLJ?OBw=px3czRXGe8`bo$H<TY=ByU#q3=@3
zxl}@cJ}PM)FFRtxi7i?ST;yCKu;g*?NIvT<KGux`Mytp7)pbIJ<X@&-2U+?T7qx1w
zwFRy7i|Oi-K=b03NiB1Wm6btceyLScZE5^EvX->WFKCfKvU7_VaH&LB^yza;L81ln
zQh_v2B27~uI=|dowL5r`$$fQ3%P6ufAQ3T1!LznV*5RKelUh}av?evymg?P!*9*;6
zl+cO6t*X<SzQ?1tE7k{gxLc2KR(3XAoWc-4a1qL=OUO^oi&$t6wBTs&awTa$Mr)th
z$95tltAID_`{EN)?+QE+IJjDl5RC9f&m}tL`++a9#c<^xgT>mySwb4D|51Erszc2;
z(32|!oV1tJKal$+jGzgEfMT3PKv#@c<8@ww9JD*2UbnM{q*1S02nyT>1f`Y?XG=DF
z@!Wn+5v}}cMM&ywo!>9?OX!WjZHFQ#vSrsocwkz&u^LeO3_i#POo!B>7ztz-&en@d
zm|ZPAM_y(j#FH=kN+31rZRGS`o&Cy`!;?1(TknnX8gj#a?h?3*F;=kon5&29MiJ19
zM#Vz%oUJkn5~QgR<(w_9l5!b`G*Ox8V5M|W%0V2-m%<m>g^QgnysqvHL^4cCpVcd9
zB(g;zf~9s*h>G-%9Tr;TlYb0Av5*wXQiTMDyrsq$uN9zK<0dW9DM*q9HQtv_*}xV+
zi?ms|CmDoQhjd9b27Pmt6q)zh(0mV!R4qwSy0ny1k$`kOAmx{qut2o%<EoTQ7_%u=
zQA<GnNu|-H0IHqaFMOWLiZBTqncljTwuY)W3SM!x&Q<tOqzVdx*oZKENMfT)MFI-d
zteR@oE!8%|kiNZ|8i7Ix8yD!ji<_G6wC)9q%<ofJq^_whH?1Uz<Gr`5LzZRh6c*(*
z@j~va&_5FH3~9C2E~ys^3Gj(&+n~KZFBoXS?bHRV&piRwr<3(bdDs@#*-k>ZCykp`
zc|2pZ94<7`8Afyv-j^2`>xn{Gss@AKk7F3t#m^z4Mj+RA=52C@-rzir-$>hQ<M3WL
zi)u`KbK8r2$tMg7-^)h=Zl9KZ-b*`gLApMWNRmi8RLnynMXS}F$+bem&0elW<l2&}
z$078O(Ylc{moY<YMu{oIqofx!bPiXZa$M@zm+9^O*jx1kSDQQ2#kU;zXZ1<wFKiD2
zE<|}f=(%fmi17*64#L`J7(EZMO2zfmvYvQ}h&?CbE$2Ss4&s9v$?7Y{!xTUO?AMp)
z#lOw132vMpkvDyg_qeW9l@Ljh(;}qRdQskLmba|ngUiRmIVgRHea3*Q>=Zxu#7Ike
zMBzuZDLm^iZ65P@N)AuLS@B+@7iqh(zJHkUW5S*c_^LCoFS;U6-D!#aUu}_ewyRe3
z>9JzqpGVJnG=nGOX~bt9e8v6O-G4CvB2p+7aL(`E$T_y)7<;qXG%f?$xK_@GNqR5x
zFVT4iIUX&S9+#_5b`s{K6jMn2;+N`KU9+;8e)P3a1IgGlYYbfMtRgiE@l`jg0BxC4
z-o^A{d4Yf0@*+%s^eGTv!oe*sFkc`C{+J1v<Siqj^8w|KGCGIlBUnbPb7TxDESrMo
z0PBKlIDTQ{_>_%bm=G!lO^6T#zrM@s$!o2}OqjwiadQ&vj%R^F;LYol0fh{&ekFlC
zqWK?*fKVckHxDg87JTvQ&!R=a83vhx$mERm)ProR2TMk9-miZfiZ_RGNs!>J0XT){
zjSm2&W#d|uCYv#S)(#ls<31%XQT7Gri+RUq<IC5C!A#)GeX9QdNBA<4#sy!#|KKou
z5&qzS*!?OpQuS(Z2AXqh3(E<m#;t|%0)zKPh^WlUo+nwXv;-Y9H;`%bH{26?t6mCB
z@kORF1%daxQL$2NEHX0d2RJDX89$(Ge4A92)<E#S_^%SRb*4yc8a{tf|EfN(f5-kE
z{rl>TR{!<@mw%vt_Ij(-{ZD|ytD%v^4?eYdE2`m;2)#$7U=r+WdTMmS-*IFCJjfU#
z%ZiMr7Y-n=cNcT{H!p@9s+6UMtNy?FrY+-A>@@0u)~%l1I<?Xt{W{yKAC%o3sOH)z
zDgUV0>Z-i4Si5V3N1N5*iRAZE0)OFEeSyPVm5Yld6wUcuN^K4PGQp27TW54}h{Y}!
zXZRu$SOg2tsfxM@#3&8Li&A|SVT`^}n)R^CRh4fyjPpeoKn2ivpfN?ky^+bX2WZV_
zLSE86nn|#eWTspX#0!PuQ)e<Yi&UhDF^g>7j2H%)rmJOfal$#IB2WSffI5qnJ6Qxu
zu=-+gpf&$it+ZE6`Q~za)66lBi2DhBCj9O&jT3A9BkAQep2%5Jf0=s?$|W&HTq27K
za2bmp(ngtC<d{8L)6GnV-287B?yA(IH{xYC9yq4Wqfe8oa<0kODV7R|XwA=4jk$||
z*kf}gse-Pi?*IS7c;(N!CT&AjsX~k+)RbG%nf=La8bT?W0PkZT4t$W1$T>#t)x3zS
z?)WM%CVj}yf@c$ghiHHexy7qj?~ptHLuD(5cmfxrog$KtxNR>t{A`<@FhaN#r|V2f
zEJ+Pt|C1CH7wF8Bu!%DJlWh5kkow4InfH(4B}yL%=G0eJEDAy!3nYG4eu*#o6=ug$
z5PDCP$<9FoDW;}81v{;|g9$TV;$I5e7PYZt?9OZ7JqI9}at-A{fai(2?@@^0zK7ld
zcYlaLuD(cxziJZ_KUphL|2?S17LeVYTp#}Ea!!k1C!_8j2@rMyT#eTB27qK0(SLQ<
zS;G)x!4I9SqbecNVI1uuZ~m63T}i7R&9%*^xeRZ385fgWge$G7;Jo-k-nWo;;{))x
zTEQr#!6JI6)O#tIDqbS};D7*3wi-Y1k+fxuVUy8w^#DQ$_bNw15$h1}B@MpEDfoWA
z{*?z!POWLRAO<bLE0|*dSPG(~u4d(Qql(4&Cj_U+Ln@oTp#%)fA{TJj924mGL}2U{
z7;YP6Y5+mtEb&Pgz5br~1c4U{6Z*?CoKsOU16+;oXyIM5^Z=L&1qEunZuXGEU97yu
zRe&i|&1<Gy^$1BrnqNeAyqxi}q9a5-iQHObJbIM?WR}oF_iD~VrOxn1hjZn}!gOg(
zrWzzfAOfk{9ta}sU(_b_?<=38e*%?2p{sI1F=4I3OG-0>58C*PATr%!G~>rr2IGkZ
zZWXFixv;qL?S^7&F!=HXEsXRdI{od0De*^^36rWdUj(o%6zKS)T7j;X1taNJ5)<l}
z33x1<Ze{W+Jd`QlbRk)#T+7CP2L#qIck56y)S4vJGHNZQ3jTI_<iRBr45M;lDT#{z
z>8jn@?Qh6R&{d`<QrPc{)I-d^3Nd>l@VGB>ODRjfMU+3{<J5TujFHV^wX=10u^(2E
zV|H8{h9BNi1gSuLPk?BhH^V0GOJxK9?Ul0ue<$0|b2v|Zg>u0-;fMp9DrXiqvLjts
zDuiX7S7#fFKxwAc#RAATxK*;KrYUA2sTze|ddi;h>N}LyB{3k<&n2jphy=l_zjRQ|
zDWzvJYo|K6%wt(>RLdMxs(M1ZqnH<y%;lkfkXjyt#4#uHdgkf`H3X@IV7>?K>k-p|
zX39ur8q;}R)b|NQ^ZGR`<pj}GDlyPpi<MlBL@u$MxwK^}x)b!$6diwCpHgcI%LAv(
z)X=T@7@=QjUO_oFo<t9|?_SQdo7eCU+64NdQ-ZDvN;<(dS>wjT$X$4V;4N!2mS4ky
zvZA>wMU-_$9{pouye5s$rQ{mpPrri;nq-J!y;2uhW2};t93xJOHa31Jh!Q_W{^8g`
zz7C56z)couUDhUAo)bRR*iY`aSkJ?$%3goN_TTeiL7^naqX~@-0byHYd!71{Gg5dT
z9IO6<apxX}se+)q9DH4v*y#fTLOg|>U%)j0-W4_kt_Ix2aV@z&?Is+0;9RY}zIao1
z1(f6#R`F2U{sq%3rz!R?eD(vXdI;adK$l$dsAtq5=d(yrFs+&q?2rG!I*KL2cBV0_
zYQBbz2ah)X=y{kOZ{_&!)9ZTT`EG{9B1Ow2ILA+L?%A`o_7ZNYYKv#LRu_x%NuL+>
zcl~j@{}r2sYH4?Mu%Pg=nB6TT2!8JIz=Mi7{m~b>qBMTLQ-97Gx^+y3)_kn2caAug
zI!FBYPvH~Jo~QYH0yl+j9>a`1t~Gx^Stm|-!Y}f}P3*nM6^fufOOKBCN56&q(@gH4
zC@Q!rZ!LCecg5(@<L5>u6VQ5l(C}56fnT^PZ!T`U7Y%*Z_~yX(oeVUdrmQLauAfUU
zuBf!y4@H5d1|AA{Y*g^L$Y1rLg2ze6BeoTIl-ckY?bo{#@YwFEyjBPdjF9lRF9_@L
zmLF~N2i=v|6gU3SAGs8G;3&sDk~QJh-;kdL{B*A8-_S$yFMb$_PND#4k6w`HEPF0;
zK{hu0#lF!>GE+CwzYWp=D_YFZZ-DKv`}Jsnx?ew_S@-LOzZEi~?$_g#6%0L@y*M=o
z>U^HKU%%*&+^>Iyd`~3jI}`rC`*qIqe^VkK)&Wilw5AJLkKX8fICf<s;MFI2x}2h_
zD4MIdvO;tbAyfz~qvq-ts_pW@&&obNOY~ipzxGmSgtrSxoV+G`--*fj7G_^<P{EIs
z*iz6h9w)r`kogRlCVP4nSNqq)jYbqDenk`jQUgYl-q|{*xMdDv$l378d?KQ;h0T$i
ziF)IwrOGOKcjSCJyEQP0>`G7ZO;BG1J6nVO9^9ylKclF}63OIJSAj<-3MFdas?)h%
zou4GE$TONRk&{$yfdj5L_$_)Vgqt2vcWi`yJ9=;OdQ!jrD%jW4)AZYOVNO{8m$Lq|
zg6JEfvGYs7L_8lKv7e?9!Krx?IAw~kVo@88I}~ugBfu3+;L3EsN-wmg0L2sfI|qfY
zNf5>%Z&!AS%tr$3*1MJDq#y==eX#j450UrvkC-L;XtaEFKo~czsYGT7$u|&17vlQv
zz&Pvu8c7Hu0;KpG#$^;|Qne;gpz}u?^WqazErR}x%Ho(UMrYfvK(zw+WVE%>^p%zW
zWg?{)w;mE7FXx>b1^EIe;8v>g0yUo%!V@r`Td0?f0-ssC<M|1A5U1IiUly8&`9*n{
zBdg+<nO}aAuma9`lkxM5?J2go%mCuunqm8^sOBmTtBRP9v*ZEg*3?iGy@r4FL@#50
z;d!g_g8hnW2y6rb%?H?Qq4()hpv1J;^e8bqXbd5#O`DDQ>&ga7_JcZe;`7W}a(}2Z
zb4NVSejz<y*+U_{Tlsc~`CqwDoWR^PieS!n^QglM$vuuQ`rrbFBqV0ZJL;RcL(Ii4
zxtdLp!|Oei7Sd9dpCB!6z)g%T;S<pEw@y!MY!6vIZ2PN>=u^B3g%fK|TUoWocny3X
z&NXb6l;|VU0ps#_<rT3U3(;Ouh?A-%c$EEe@c6_#$E$aC7zMwe9;C^}%Csh46xoS!
zLs}Di86e^&W9QGMxWwaBE%({UTS!jekHDKTpFB1(=3y@AEP0ZQEVs@aMGFVDU-m3K
zP-pI^YwZ7O{?aUZ<yiravt2C~3bo)p9$@sd<XSR3nB91YXCXm2#(g}O4n(q11FS7h
zZ$#ct*}I9%FmkFm!xO37+-UVl{xT+UXni%HWL+3J^wFo^S}J6#x@%S?$r<QcKm{GX
zvOW$=<tQO>7S0jJQ9Kq0D=Y~((&7Y*Viu9-BMOB5KBe~vQ%GrvXjZ5$nMZInn54gx
z#8<ra$u2Ut06T}Ojs}9|G1@Kh3GBQJVUsv<%tsHUCvb(fK7V5Lvc2K`IrVRb2d6B5
zB|KOhcsV?HD#6jC=Tc5CMmic!4=tVOm=XN5$MKv9P7tk^vxy;EucTYxRnGIW>;N2<
zXU0#%fmE=H`^@m*3`WO0(HzmZQw8kTAyo3Z)RO3s8WnG0+Umev>qO^YB-i_}0~InU
zZm(a&5e?^S?fJP6OQPqQS3`s6H0Jn@*&bX3Lx~wlha)sNBd{zqINdV13o)84K7Bs2
zxsC(eHJ8&ak{7x?E{15>yp!LOZM!biYf}Ys#8H%Vn+xTFME~rnSjg#BoiScYas^Ev
z;xiB4+ygXcmmyf$!OKM91XP){7SkzU>V8<{m+;>x>U=|OU}J<W^XuOz5JCHE{>Z6#
zSjn3koqCe5jEDq#*PkF`=2W!sU-<?*j}WwEb0~XN!HxEqr*{wG%z#aDPBYLYoN6hd
ztI7$kS~-fhInWm$4EO#y{X5p~U+1dN>EE10|Kt|ozqfx2?EW41dHwqX@%|M2-2a*W
z)eU{4IGsKo%->JKKeI=<{*25o=yGF30qClp(QbbS#!w=1M}^X%%o)MON-fNsdmZ1E
zd?QY(g%Y`AzGx%Z%^t&spx3RAk5=#hp7;IHYGRVN=NCquJF1V??tr{<85_e1i(?GU
zEX=;$<LDpiL!}O^BVKQpyGT}~uj~Wu_Um~c;y85{?@whpYRzj{NeMbBSokv5)*>G9
z=~W=3*0fj%T*TkqC3R3q9~=o3v!Aq>M;Ce08jp_phwO$q15gvM&LOgHwbmrY_~u98
zr?p?}-6cD+AFV!IyZtGu62}~(ZvaQCHCNF_dLJ$u(FgaZ`d~K>@rIeB1Nht=cdKfA
zywdnpUEe~28K46mKw)*X9C?tp>?3r>M`^d6Mz!b#Os#flO|>~08P#9Yn$D5$E41bk
z@@BSPd2FWnJSmFis*&ai^sUQ;m*o;nS)dKA|B}E4QSg2D%8+6KC*WC)EI8k(tajOp
zgx|)Z<b{UgLsc`hrfZ;dK1V;{WigtYw;E$)RflnvRY9<q{xSzBoq-BEtiBRXtwte~
zpWR*Jc7tB!h;uHQ0!tibt5j)^l=z!z9cAhTywGb!X!iY7zB_znJK21EWxGY;oKADB
zdB&@`o}}7hsWy7XkA(e^!%nI%%(d!^>Ico1n|BF()+aUt22?2Vk1AqKn*)_80<@?t
zeOnmqIpzbcxs~}B9BjH3V6z)oXcLvmj^<~oURAxIg+*N#bj5K(%+a(txE2ka1S;L}
z8hPGziN-zATQdF8eCDSkQ!EMRt)dg9mfiF-Z^(W$+IP$*t@&oUtQuaWew?Z`b;%&2
zv@y-US_>awo0k=a4VP;2k@%|z8)3y}s-K#m2cI6_Z|R(B<|k^P_V|7;Sf4(=CZ=Wh
z_<(TCqZe5-O|HyzRBo26nMO>YHUE@8nm^+o$Vf&KSv*~8Qy%tiFTx)48p<B5;;Eu{
zd7hQ2Fs|&GVZ|7Pv_DRYiIYUu4h~VyNvxfdwdT`ht%Q~yo5}AJ)a=d7qN^-Rhm8(A
zDjXLMb^Xawp^iYU{>S_f8naZjZY>yp^dw9=9{VJ@a7@u279z%%q7n%-K3!fvI2wbr
z2<M|Ym+n(|-20J*$9{bo`{q1|fWN@22aBn-QWlaqS9)y|y#!qol4p(Gl?nAw!=cJE
z1eTL2KVtRDsEk!VvPbk=DZuIOj(=6~SnN>tQl6?;8sI8lWVNg3P<38L5HE~V^U#VB
z_aG36SL#vcf6C)P^wAs7R(VygXib+<PwT|czGDJ8p?xO@Z}UV8c>#_Qn~tVxGDBxW
z%$4xc(E+sAS+dsCynA=}90TC-CnSPYnX>9x9!xRwlV^%Ll?4`ex$?ov*;WwLfx2nT
zVcsdf|31LvGl{A?MK<*pLYs?2SRpk33xJu~>N_?|B`nmMZ?hA!RYD*bl-wNkaC7h)
zdB{}{i-T9l!zlIe_23+EX)4`DIxJKX8aSGYkl-k~CdBtx&S?st+UYer6=G;_*~>DH
z)bwrofa$xJ{OT)$%R~ET1#cG2&2j~Al<#b3@LKuKxj6V0`Ob9)FO%<4R|GF$4-ncb
zP_s!ZM~&;D$jMEhj{ZnLe*8nbA1(`eY9rvpoQBh4Fv0dPl_Lg+(Budf$eSsY-e*&0
zsPf+uDBZkQq4a^>7D`(H5mLeACP=eaM-H0UCE`JQ0@X36!*im)$3lfMKn6TWAol%I
zqeWoiU{H#nBnXjB2(sybSI>+ejoWUD0S{@G>9F&^#-QN=;CduMu9m|aJ*hJkCt{1a
zIM_N%>&}yON19oiz)lM#Gv%5;K@DX6Lb!!Iz5BitcNfR+_&e*blNr!6O)<ga{Zm99
zZj)ERF)=Mtdt8j4_sB|7x8TEfY?*N5eq;%<<zMcp+SWKPw8T*t+!k7rIU~3go@74V
z0@|yDL$Stvuvth@%lK*Z<d+aD#Y3r$-~4wupha`;6cU!|-!RSq*vp@(Q*=?=q0G-c
zj3)89c*JueedKpu+B+lj{+{PgXeWKYm-D%G)b&i8o7XVS6Bz})n-QGqap2zyze?Of
ze)_<AJbGm6JSxPHQ?5GJ)OFUGkC2h7-j*lWs$>ZL!9mRf<wIpzDizdA9%EVma)_G7
z(L0*+7<%YT%#08D(q?wck<M--y>^$S?~Aiu3C%j6^SWFChVz85L`M0d<1+abKT1>*
zmeZ7ym)Ylc4;KJUN`;q0e1Uz4-xa;AFTDTg#;3ds^MB-XY#!Q~IL4!htcBOmUuS4(
zfdd+TiXf(=hm-9=z%xpEZ=dHySYS%1VC5J3dVa_W-5)J1`1A>#@rZmn%yp6CY%+#%
zD;(0b=10g9T4^8DwI(^WsKa_({WvxF$iYv>hYFj$Q@w3TFs`UGueJtZ&rf13B&KG?
zDhpVdlyZ?`MaTU{5jAU4Oh_TrRJ7Dlvt}`-AOAyAP{5!!7Q}C)z5A%Z?%l}qzpS4x
zI{yp1YnA!z^S=yG%A}qD+w!Sg>=^!$&$NH=z3~vNqxcM$e{tW3ya8M#pmo)&4OrOY
zm2;fnE4H+jd{%Dz&^9AGa4g)d>nMDP_C)LVh7aV_@8aALK2X~DCC|db2Rx1~L-@hU
zIYQCY*~K8gQkqPN!8*hH76c~>7uxhy!8*HQb3PAqqWLHK^<Cbw7q#1e56HCk?i7D+
z9nGHERecVt3X8&HHUwSpdMwWuePz3Zov9eA<~(qc)XGiw4OTZ51CJf>GjDLR;4<Pd
z2NgUICm+~KEuOMLXV+{c2l1ndDc8bf+fYI*m(5cY5*bN|*h}VWnL*SW&P;R|$E7^Z
zNj}b|q|hH;E|#kN`Xz{1tg7QTR&1XWtv=CP_L3Z>j#bFH%lIRA6%hX*$M~E$Ycq~B
znzUjk*u`3`VgX`K7)Z9MM6EQrcZud4%4pF7rMX4P=A;XXESW1olVNo(u<M*^H+_FR
zoam$)f7yP|-W^_jIb1HPh0&a6;eq3ST-0_d6=m>Q^#AaaXg>%19odgUNlU7PTk>Te
zZVY^&bVbaM^d!usw~*git@%aihq|LY4<%24$2^A~5eVrcvU{D`^48GM+-QCgr?5b+
z$Q!G@(eu>4;;ZUySm0C}5&}kR(_pcriB5lNS~P~*(7V36AbwJvSxJ3~(#%?dm?atn
z+KcSB>^&vvz0HoVk*04h(M|N-9#lm|feM*?+>i!$82^GWUQR_(&hzLe_@Zb0Ui})1
zAB7GVi@AxGLA&U(dyH?`WxqlRSgr8DD7WVRgxxhfkk|M!o6YS$$NQ=;LpxE)==O#O
zvg*++M_MC(PfiSSN;+)Q!?_3!#y!kgC^Z3XB2m|4sRU2haMYiT0~1*<9DLvNMK5%?
zqL<z0ihiZf8QOmYZa-gO!9L;SHoI~Rb~=G4pgqYM4V}#$tL3Zz0=$uRsLRM7o8l4@
zlg4gQPYVxnvMf;v?if$m+U?(Aq|Vli{Niek5-Ze0jf1Ce2ZIPGen8I|Kt)wv1{X42
z#6M59m*_7}9J}oPUZVQTRxI7c0jJi!U7PhnB@*A~0zL6bsdr^R56z&zZ*r&+w;<3a
zxqJ)$m`0E8R*l|YlMXJqfBP?J|0=6}R5CUIFWNVASiX4GV}i4^JKk1un!_HDQVa8M
z!>uG?OW-Xcbx1$H-Ys|2#VFaJ?p6aO9vkY|5gNP-wG5%y;f+J+6X~6Dr5l~z*~Osb
zB6gS204|C8=h0GYbow7sIhWZv*;dYPQaR_?Id7@s?)2MJIbR}2@4#;(e+m)Bokk7)
zHvcGPnR$%Wv$fk!mZ5NpX)OrtyENbl?OPI<720=2@Y2@v9ic77p?%i|{jKL`s-KI3
zGtCfhd$FYBmQ-tM;9;m&??^Pzyn`!5a}KGAx33RsiMOxg3R9X659VsOwNvmfbWzY~
z4bC&T54G<zJYmzJ-F6d1L2I8O=kpp=O5XCpV!5Jo?~7gy5)B?vqqPqyEZR|t>eYt8
z7E?SXS@2(maZRH`Y>hIEYjsj(QEw)j9iU=Q#pd{7=?G_SqiTP{y~%~51K0FR-qqT(
zs=pjKw))iIjL@x)F9$2F$?F<Y5(GT0WY**I*o7L~R`O59ag3VWuAx6UXd>UK+L!sS
z*eaGfS=DDdk?~Qx>*=Pg!B%dbZuczQgBj6OhG;h0tI=ADB6EUj*h^8Y^O8%kNj=z0
z@fKFaSOH%2uwR|Qs!;v;FIf+*KxE{4ymO;!dGhrChV{5hFhvxblI!tWwpZnl?~MEC
zhf&aCO?2~{l(f?ClJtQ)?DVIT>CKYfmq=f0r5kP%%t9(v^b!$QMgl#H+H;4|XYjMW
zLTiW5iGiDY0`CfLMz6Xry1Wna24?P2*g5M!P375wn@^dW2UWFdm1xZm^AtbXg&LQ+
zhMyLunE%Gl@GW^6X)9K1YLlXfR7V`;RYmc)#7OYY+wJ8Y-_F_WZpwdc#OGATbTtT7
z#){hpn*BSUD|p_{^N(2kil4m%+X+;%_g8E+o<R5vXI0IXi21u>9gTHX8cd!_V=ZME
zzqHa&ephL%><pt#r3J>Q4ysUOb}odAND$;!Y-Tmy-Jy4@Tv;D>`|Qc^(n=y@^ft4s
zHmh}e9*F0SUV^-BL;YlPx;%w9!56%bngv|uQ>1HQ(F$?4UgZewKYm3)Xn%3wJU02z
z{$m4&#<#VF_Md=7n>=3`=!|!_$@}P~H#|%w@v-Q4DDhuM!ymNv36(DfejVC(CG?rZ
zxD{WlVuby^)_&y}tW9sEwc;R*UN!O@e8SPAs;+t*c652lp7)gP^@N9VmyPu};52&8
zxxhU1>JG%ur%`iOX#Yi8^EA?0uRP5`dT9TJTJwq4bEbNpr8OTZ?<_qnYkIJduk2$3
zN7%3Dm>Fc*5837iY)tfEKMfvUe-!<piLM+d!?r)?W;`U)TjL$529lD|6`O6iD;gHJ
z{6Pr(FOusZ<)PI1C+?cZbyqnuT-y3kZV=%}^8vt{BAHHogDTxdDqEx0^b?wB&Git?
z%L@KheZ1Bzhse-!$8lP-1j2zsxhfNHG4KydG%<&Ry3WpWM<%ayuG}y3D|{&N|1W|i
z)RR;HHTBb?XO?T8foZs{Asa7QE2qmVff{GWtJyBcHryehMfTmt)Vp}_LA#=AOK>w_
z=V$zgHp_VpG+DFiqchvo_&tuNJY`$(*i)?C7jy2}>df1)#^F>^n~DH12JUjw8plt{
zjM19Jsv~}bGdioMdUWGu&TwbXUj*staCZHl)lWr#rN7~UX@OIsm-dAAk8ZqYR&?@D
zT+zvw${UPVy1RniLWIs+xNibI>SaDjP*E2wku>q}9zI^iOQaSCTI7sIcp_585yIwm
z3>LX?Kzp2E9!8?-GS3GdRK!B(WMHd_)_}DH>pCmsA&nhY`g<_U;YV}P9kJy(DSZyn
z<bdm!c|}>6Z5j2BNBe;{SEjZ)9;%ZljPP%i7l{vrptq_B;vl8wQSOVLe2Fl%)_#N;
zC!KE3&W08^hc14MN@tZiLn{h10<Xqv(9=Nusd!Jv_(1oX6ZUju1`k<t?4FM7;Mnla
zymbqxU2}CXXECT9^r&Jh`rLR@GrmNQR1^*uL5>`1xFe3sR{O)w>*Al+uRrbPEGQPU
z%X&P~$&-AJ$3@tIJ6<tLLFnNt>!z<njo?CfHD*Od%}U`O9^-CHUj}gSY2@C>CGk3E
z%k0CHK3z<DW8D?@_@YxC@h{W3?A1cA9)n)tN@TaEY@ZA5v=2h6GDY6lwIFY9&L16!
zG3zJr9jdxANKi=pm~v^ky9{P#nPash_$YB68^+*2!r?sIoe}sA99+zk<?r_C2Ip>E
z5KVDDI)&QAr!Tj{>ztcr7dCkH@nWp%jV?zU5hnBhWAEJqqN>)v@fkoxQ#Trlninio
zFinPwfTA)o=wP6hT2>m~Ak7N|vqkeZI*^Xjq+P5|H~n_+ROe`&)XWsTfR|FtE?z1x
zoph!-r_4%0l=*!=YwtY_h^E#1ecwNR=(C?^)?RzvFVA|`vz~RqwFHr;mYD{I>C%?v
zw9UA6CahTQ#H!8ZF_Q~~4b)u-`AslsU5uO6@UVjMh1ZzpRej-|bj2v)bq|A4`yp+W
zGN^k>$yfe7|Mn%M?r2lRyN#Qn7=VEx?ZlRF)Sqht))*P~{!sFvurLzuP`Nz4DYl<X
z_Q~O9Csl=PY>Pe>Ex-8#n}?7F*sERR&~3=^HG@agqANK{r&~9cjP(VC>ZY!+;9U=b
zFn+W&f{VS~8Ib>ikMZ1;vob~6QXaKE9dml|(G1DFD^p58l8LIg9~V`&Pd|WJ7sjuS
z2Mu?`=?o?4KfIdLId8SI;CPDF%jv&HO070ZTRJvQNvxLFk$de(R)H3y4;qeQ?b}i(
zt=jH+QRR0(Lg)8-Rv-%bUM!@PutTA35Y)`TIUPNxgEMcna}L6<Vfg2z)H4V_s6$HP
z8QDM%<Yw}oXfE<WPc!7?`^}A+Cqs$Rnuw@MF!YDQ_TZLMG3O$G`=WMXV27>N6WHi#
z^fq?GU^_q`?D^WSJb6D3ijzlxqSB5_AwxreD~it<x2P3&PN}#z7NCbl!bht>lfA&d
zmf%`JGu-Hv;UebR{)l-45fA3fC8d>Niv?;_kQCeRZZ}@sC*m8Aph36`^#rXRv!l_H
z?{OuL1C@$!#R0dKNRky6`tvw`mZz<OPw>Lj<5<dOlD>rw0ccE~n_<)_42`<Ca^yQ*
zdIjc@a4HP?u52skK|#FaqLKb|#|nNdt-mAGdLhz+`y(b>j#@8REMHnLU@Z)O3yHV`
zE7J>l^g_&fmizDwl=JXKm@|L1^I^Y=I*U3RE|0;hb`8B6A!A{m-rjk~YUe|Uh_(Br
zlzPB=VYE~<h0Wq7>)f!eavSU1c3q(;O_!$Ds)bOS0EucHobDVt)od@0#?N%8urrEZ
ziTIW2d?OV73h#%)Wh7jbja}o%$Qzie4Et*-aP%0#Tsm4r{+lJ+lxp=-@%Z-0;o==E
zcfai;3=^0KgCfA`9Ij;s&_1y*jjJ`jgl`zDFeT5j^h-8K#bwIx`N>h1Maj9A;N)IX
zG0WR%-O7FCNU8W$<=20J;QwhLPZUDn7riNT;OMFOmLE1QUrL_{J}B8BPsa-~eNmPa
zPnPN_R~`e3o+9Pj)%UYxqo=d_zLy;Ddw;9?-XM2H@*7JwM`J{$6wT2ztoPfxE5pzR
zguN5{UbsLc0S8>`5hN}B29$5u4ZulNrD!n*>!qb1BLQME66Lb=ef;z<t`uGR^qq;y
z)-WW6qMfqk%~m+)Nown}&JCR`cSAcvTOPAU3eig;=^;|c9pO^c7_|CKt<`&)t}II{
z;v9o9+-;6Jj5f{`0qG0-F>m=R>ME!s<v*CCj)>zN?u|$t85nSG@#u^+%BUnBffYeP
zC>)MPOoP*_ab7oc5R6Nj(w3VBnT*!TeyTy=g?;b?%-Met5~y5@5zhjt_yDR0TeySf
z7f3}V6gxZxW{KkqUU#>2#1n1c9e6TRGB~}I=17{D+(AB<pXridLeG<mK1JZ7_k9im
z`_Tzte1<}CIRUG36nfEOkqulJQ^a-zw?L^Frx(zPo0yztj-5WCL24z2>ETd<!E1`S
z6U+_z7$MIPZ__UudeNgtTLyVDMdpz4?<n%vfWC&v5OZ%Fv+<2PX6co({2P-OS|m>=
z>!7Z<fYmxb!Q2&Au(aM}*zNuZ0kAmC4q+i#=?fya6A`L;`tHPZXDFm;+n8fX&9Rr|
z#4B=&*v*w3$B0A(I7hB_=GBfS71j&LZd<%#hH#zPWv@p_#pe;6c%9DT8hIQd7HRz+
zDRq~%3PTZvzV6Q%qjQwr=uG)2xsS;%3{1mp`~(am(o$Z<NoBYX^;W%ZFa}9v9Ts1>
zbTCgpf~quiF$En-9xg3?N%iS$(Y*~`YSzXw9a9D+B7<Gf(&B=6!YJKV(`7a+@r!}V
z{QyI<uZl!$8TM6Xpmb;4ATY~AKMZG`+l$Gx^W>M={z16#b<#Dq5RI_R)NO4z8ci=W
znsph@?6vr?3qQn#to+6`OYs%ImUDm*a6=r2)uGXQcL?r)nT`8L#)|lO=TB)O)3r%q
zjZ)7d45kGpr0fP%pb{|@pwGJ6A=C_gwXw|9c_=$5M$e_JD=0-2v&<+b{SYZfNu};m
zb7@k{cDvuCa6<_>Z8@w{i6T(j2V!I)c<zA_CAGbYU^vgQ(AD-9Y3<ilhRxpj6588M
zzV>E@!5%Hvz3vpmQ@18r!x_`hCZd)PC6AJprbD$63KJ;k?a?Eg841xs<FUmXp@>YY
zI<-Dh(Y8(K)UA=pOvkuEiDqY`Td)RAw{OeDe$So5ouSZ|5OWb0uZafLo)q|-R+n`$
zeCm3yF*eGQ15y&tOU1k|8k`OeK!QM5fa$@5@=gQ#O+Q_Vw5psZSKq=b_x(^#5ednW
zik+mFn-Yd%-8l^##_CTqe&TH|e&XafhLRFfnQpZEHvAUJR<na797ht=)Q`F>^%{SF
zrS!j2n|}Erq#gIqvK3h#){<Z5pM3SLJkI?jbLd!=$R^?#91UaLoZWHxMYI$WAcYLW
zG;k+W_AwQ-!j#ZTZ~PeLjoY<2NfqA*;g5R&I5cp1Wl<;=HC#nk30VrM&C=+)S&BB`
zHWL$jal`fT<vPFmIE*+&p2Uzv22`n%ZFTdc3}{6q@Qo4fKIt)GgUOllYH}B~c}q)A
zH&I3oXN$)gXjEE5%0ldFRSd72ZZ;&}W{2RHlUq55u67n4PbNQACZ(1`7}7;aeN0MX
zxg3s89i^qX!av1wYxlo7JZ&jq*-1rTanNx#I=z+xYTRvh)N&sV+_Dw3D$RjPW44Q5
zkP|8Vg7Q*Y9~$f&yxN)XOU5>cX<tN0(w5LxuozZM%>ksOJy-teNqgloNRqL7U$u?0
z7^=yz$QIo%X38Q8BSA$;MXxE8Q7Y#4lxXX-VEP#J?drt1B?}G0bvz$wCv(dWY8$!*
z44+*LK<-DCkj80MQS|plB9eJhQKdpzq+&B8K_|j2`GmD9xUe<$Z#GS2xk#_T#OFKk
z7<34m$4k4wqcQ`qJ)(Jt8DNP69^8R=r?p6_i1yl1suB(lHZ(RkoT6~`rEHKXS8R_J
z|M0a(d7c;>tcX>s*4=fgb((t!;$*e5aEo67TceFuOPLr)F$eK7U5<MWerhT8O~~9f
zQT;zv(tH-Wq!{z{?h8S+zNMm*_=S8KkuWu1clkF}zkJm;Sla(=xW8RM^{V5a+!gu5
znKZSNeOf1PH@Y9JlZtUlDt6#=H5DVTl!~kNciT0`&&?;T%%q~PIes}CW&YXtn_qMM
z57vo)oD%<M@BGR9KaK#j^6$X%hqO%@<owFt)3`R{-=W<j<2khv54%FaU#ZG(z1}F5
zOXwTv{&<u--@eXVUQ&j{=kT4{yskHwS=Sq-*nDy}O8Vnb*8KfCa~Y=OvI5`z!CbDo
z-Y8$i=moB8YjQtn=?9<{M(eTWXjBTLr4G~TsN_8^Mx<Q1_wBa%35j~Sn_zX4`xJH*
zqcB3yg};N3!4eiUHI@Y!+&tKo?l59WnHmk-E--eFMI|0&B}M^m2RjkynWRi9@|_}F
zi01DEV+8)OhO7SoPe$!viE)sOtj4td0zDi~R+bP>RB~$(PL$lt6QYcrmSBMw$S|y<
z$`W83K;?MX<72L19b!G9EMx<DM4#)~rR7XH<P55BWtA;f<rF5=j;5S18eU(wg?<PG
zCeyH*O?QY@w{;Gd*tp@ujPl6D5*tT=&ETy@Ube*cJ3GwqFI#VG$t=88$P$*!Lz#HG
zC;|dynJt!QOAbO;&eK}W0vFg2Np6Lk%7AA~|0OYX`8Z6psYjAWN=qmB_@Z++_}YN?
zIEr6cJwT#3eHRu>K~lP{BpPdF32SA@O}G?=txPTyYp^u#%~1)L_ew=W6beh@r$Aw~
zmlx(-xY{{H$Su)kq|`F3&x#9`ms}~<mpWqUi?!linumth#<+t3oyW}sk*U_r16e`c
zrJ@(<<^&s1FZ~caBHh$i?+72-2L}0O_jGo_x|yx@{1ZY=UH+&D-C8vZ7b(EEwaOqB
z#es0%zQtPAOIjK#Sd!h~yUvRuY`z?t8r~CVh6CqEN<}r8>$Mnjr6M67{y|{}{EJwN
zRbF78UV^oFGM4$}L%~xXejOXhi>6WBEK6EIkXG!+g5H_BKRHcW`aFVLmn*t*n;uG6
zhPFt>W!315qkV0z43_EEs@awt<WDa4WFbd#MC$S)k!O_|Ye{CTD+>zDSbp-lUdaYa
zUuWtTNZXc%BWfk$GXIFJRkumSL4G+0^Y|NB2KI3G42mMyFwkNs$Pn@&bzylXKMeK1
z(9+5?)@YprspK8%;xfIqmIBPv&m>aDVTzPvD4&@Cqt_g3ObL8uB&6UuI$<O>k4A>$
zVaD)-tI;qVxPPw3c4u`jsc0vv)>@rrX=<$=EEV5NZpObARG<cekUlo~j4-9?@W2li
z^>8hNjAVWon!XoJzby*}iW;h7qYXE|6fc6Cw7##&IfVQ57^t{L@JiUM7gC`Kc#Q&p
z@rDL{p!E+_e2flDZ%CjEVF_hb?so7cdgF88Mqp-^z3~E)R0DU)+tg72V>w$Il8W9!
zDY8`ju+qCy!Y-H7pmUDX`d-6goB`VF^vl0S(x{W-ZVx}wdfe!Fp}wf<%X~<@DXSW9
z9oSVyEzb{w>|i7oqe^$!hU)z+5dy$4lhHZnIh0sPp~T|bqDLD<6RgQ^j1o1-onT}w
zYy!+5h^h}0RUam*K5V2X(^{Ql8HXB{iWeX$qCHwbsIv)HLx^TKTajc!+q?&_Sbzv_
zqzFzD!AT-GX(SsG+mY6c{*DE(+P{lC<5R6$V&Np=CoZ&r%+T5BpD%M_FQKW2v<znu
z^moNl4qCL)Fmo%dPd0D~c{kQ>()w*;1=(gkJ^?@2mMh3k7`sJjip|=jpXE=;k|%--
zURCaCq%9wdIq21{yk@zb_>I6vqM=@Z0*E3(Q<^}%&Q_6+Ge_)evy{H}fZErxu)Tre
zsenMu5@vEPd;*maEGnUVt2z#p=Ql<_HOO)3e__7<SGN)_>wlLZhm3VmrWOQAV@V=y
zmT-e(CZ6a&#c0!@&^-5mLKd#jJi%}9?UkgAPVIFAQbtRx=OKJ*M%h%=A9{A7G^$t{
zBb3rGtEG`rJ2Ie9b}4NpM~<SL)R*(R?Zu4^c#JccD5w`x+vfCYb+~(<Mk&}X1r;V*
z7Zia(AUnYWATTQ3WCHFk=3bK&2?2cMn3X8T(M?9;nb8Ezv6ZPwG=?(BEiX0NhyfNQ
zF&HYJE%xrI-CQYp<rD;t<&*r|#aJ~L;#5$J7yW(9@a?I{S@|9GUuQv=`u_&}nYj7w
zpZQ+PZ$n}DyIm<By4!GqXD-0;7r<Fh!{K}jHtw$o|60O0j1x51;;$h;z0ig<_esdh
z2B<M>zcri+PMkE~Yi=4g!2L0N(;sR0-vB#K4gS%1PN44nzkL9C_y0}$m#gIE1mb=X
z=Uqks{}nI~<yk+RCWybjoA&!R#Jv@1<fZcU;l>8s4>sUd|GVG&?H{f`{d?d2pL*XH
zvw8in8{@p2=B7h?ybGZHCZ6s0`v~a$D94T%>k0m}=Jvmh&m#Tx<J^XHYHqiq9tQxX
zBJY0&ZbH7b@BL}b?SC5&M850C*%JBI+#1TWzZ>a5oQxV-senJNx&3eB?l`+yKhAR)
zFEqDQ(3*bhHR{vceJ|MatLxK1sp+e)F|kz!&X0y9n%uH={tc#Ca!;VN2~-Q5e?y{9
zz6n2v=;Tnd9%=!lrZW9xPcSwF9(xhI36waU`PkdXeVWGuvDynP2!cJ<J8UN}nw|4Z
zhI4*0mG#oHM`J6&x=QOuB!a9`$UKl21i9i(1c+bN_yvYI$h^4xI9zbVP{z(*i6t6`
z<~y4gZ(|td>HENc$6?c>%w&KKxfF!ja#{0!)MSKPVtP`g{9p648P50VyR0aX2>Y_<
zw~PgL-GI`;riP_g4$fX-X=ucO2mA?pR;fdwZFF}T6asX*v1O?yz)-+^e0`=?2dUP6
zp(_SoBCK}Q5^IZfn!VIef>RBvN`xLERVP)#uP_vQTCk@G{iqNqEJH2HQ=+LQxsY?l
z?wWm%lFU|RX~&}>{Ru8;4F<b2UKuxmztg$rVl4vq@Pa0AXYo-1(01ZD_OeV;ZX<JR
zJ+votJLNq9>6Vn+jlZ@1#$Sw5?mKN64XLNv@~k2Je41mFF2YK5?gbK+AWCzjBinN%
z3vlj!(0f4x=U&Q@E?xva3;b)2lo;}p;yE$o%U`5LGuoWMb99@ZA?*$~CmoPi@ItgA
zs!P1t&T>C2mncbP3@u7piFCGc<%l$N;%}sC;j1Ej@bMqS0n?kgJ9DIOw;_ID;pSny
zc=;uwLqxb4{(xMDi^Zh%Pqk#$E?-+Ov$UWA1*p00k`I}^C1s{Y$93{xMR)I)RgJL&
zs;IkdH*RvFh-s^XC;Sv8w-#k>f)&jcEFGE#4}r!5GUTqt!(Rt*4Sace_*ZudcQ(F?
zI*^V-SGX`-GVi%uAMgM!!weec2-U0ldKsOLJLgiP3yU*~7oZSWg)_;}*Q@gB15#h_
z5cC0eTayE@=U3`^Nvq!vvA}>npppxD6z-2xf=`BGc2E=SiLD>k=D72ADjX^YVfH~G
z80v;$iF@VNI3L!P+Z5)c3i(U78~a>P`@_APT9Fj}7fxyRr*&vFLi6jkE!yJ5MXl2v
zAwpBn)$J~HsxDR(kI%lAu&rfwu4eVH$2<WqXu<*cw+yy!PNV|KWEmFyC0rm670$R;
z=*_?3UJS|hEnfLFqyl*i6lyEQ+_i=l76+3tQt?alW7|qqUcBqYcjZf&$d19NCSeW3
z89(PqZo?jPHAl?c*zAOlAco6UoqrpnI8&7z&UdQL->T04RGbH?&gH7}vx;*s)p@Pz
zyjXE=uR8xtb$(EBZmc>lQJqJ@85+&=r%T1(gG{$A%4?L*<?PT!m+8}_L$V^RU&^w*
z?A>rVneP@i^lmilrr_O@hTe^kinyDsmf5Q;vwM{!rRn4zDCYI}N+)-Me%%mbKe4?)
z1687gi|JeJ%PZxNMgD4dR^QtBwk5+_K6Fv?EmAQj5A|ISzB`NGXmRJ#Hx}e&<xMOo
zC`|uQpxpc^ihXr<TH7`Vxz1x7)tXd*@!es_FyQ*Uxq%sm{pP0U<)dndjS-^KRKy)~
zYKuUMaOPHv^?CU5EK)yM$shUZk1qT%6}LD+Drm5DqTJM&+{ZG2H8WZ6tNMzeuR-uN
zA7{H7S*s>n;_;Bfw8-YisUBhfQ0Hl%+*@wL`V7o(sk-OF9ddo#f+VH~^-ddMyf$%p
zXfSNW%>NFyVk|AK7y8H{*7<sUPs?YXCM0@WcB_G8Gw=^N|B*j1Pu^#qejw3MVynW*
zjf}8pvoxf%{{3g#eK@>E4)Ke<{ePimXx9t|%%GqzRC8SpFk0!3@gbSckJ(qLU3ltF
z;-9u)#st2A5!`!FDQ5_>igSgpY_I|!b28D%%|L~avKaVPS5U5aHB<)oOas9&pza6=
zXYeY}NriPiVMrV&8};zdS$iQvYt7J3gK=US8Cv=kLOTSHT9O#5U$WvE(9I0!CBJ}l
z4FtpwnKYiBV6ylT4_nT<LrIdzU<5-N?HAH|ysckeN=P#9l0UX(f*MMs8cJ_^j$|k;
z{X)rWAe5pK8P*8Z#^Z05)puUNPhTF|&)i1wsm+7gScq$z6&>h98P3->qDKieY#s&c
zG?H0-k!~6GkEwGBLFcy>)Ez3`#b4#c6+lR(uDtjVs8*oN&SDqe;h+P<SOMC;9aRM@
z2J%|4U9Q&{s-sb3HQxSdhve?URw`5GQ^YrxVQ6+VI=(?k9ei1ixQ>qiSD>6X;mHu_
zz{8HH`0dm09tjom3|KEmlZF|E$V}Xk2VI!5g1a-FGa_(IYiB`0sx`SsvOEJQVSt<s
z)Muc4f2RJl*&)sXl%<5`X4rW{K`>Z2$lNwaId*dx`gg!GbNjNC4j7Gh1ZLV#xv7e)
zeuR_kJ^VgIv(+s#hn1zY!yXlAg#ICNCmIX`MVIl83W2T;%z8Vh9KOsLnqlt>Gu5KM
zAkHQ^c4JtXu{{h5{OHLvS_k!$Z>miojsc1UG9Ke{$@8Sy5t!j9fX1f?ZSeA-=rSX-
zVPKFVH4LpCl3oVAUUi)DnSrRwpNR2;CZvVM6oe_%*Kv9)2=+)A7BrW}yU%@sQ~pBV
z!`Hri<B7f6v6S5%hVtwyNSqrQ9xnHW;bAR>OdX95s;SE<H-_DU6G8J}LbP1(-ik;d
zytLc+EzA+)1qAB&7<XmkJQ}Paa)7ExkJ^b7H@mh#qYx$fgUgc%?0BE$$-yBV$8$4o
z%`U+$CXlyQm~jRNhgv@B!W>A05Ai(9WSnP#bp_@82`+)5-NbbWg*ujDtY<`Z+7k-_
ztnyvDH253w9genCz_w5QZ)M-NxJnCy`PKWQc0UqL7t?~XV^JiGMd~w?YUG>K9Yqn$
z2pZKa+Q~v|WYOo8r-Vi5+yl{wgf(qvuSA|8N{>PhU9g50<fNhy<{!mlIBMR=Z*(KQ
zfweV^`?96=8J+Z+2@flb>9sO<-DYVn&KoBklaFQCarUnon@hrc2l-wTgT%l$SlSX7
zYpaQX<vqASHcdNEYan0`k{*4N<%;7bw&OKq$Z&ZwII3sp=nR6IYY7&GrI!pxVgFJ&
zTVh#go!`zIA)m1(w~K(iddFswVX+@!tL|dl!ivJ-qhE|=LwWG135<~jv%YbCRv2t}
zQzf=h1~z2MObMtfwY*S3Z6YF2J-D1Sxg825$lVH!Xs|Uo8mT^|rkaV%bo@(+&{hsz
z+e+R5TEBT9R$lofng=bLqjfxayRUWl$Eb6^Es7|uf-&7Dx5e0p`cJGq@8JFd%{0^T
zs+!4EurQT=C#=xoB0>$g*C!$qmr)|d`4LJcFSx=HB{G?eOzOXNr!XFr0uJ;aS%&kN
z@hBzN&%@w|CVwZ4LEw!jZ``N~n_iAIR8L6_=r;{VRei#w@o!=Yjl*TA&33E}5eNdb
zBS6<{3`-chE|EX?+<;buAD%!q3Lam4MX6C-=>&ZN9vS0ej*1|#j#YuR2TIv0yoACF
zHu%sY>@Z>n!$0CsS%Bnx60d!Q&-C#{NzE{4+^t~ose%k$hwprc#g2=EXGktCNbwyO
z<BS`OgrZz<QcN8fMcrcrSWw~#*V;pa{U_6YUg@8H^#gNeuyE#NfglaeR2JWxX}DV3
zjJ9zr4zf9u$3mvSxmG#YhdUjib<fLXDq%rTDvH7?Ye-^pU-<`UboOO)fvH5-_;gX4
z6|mHS%E;V>o&7y9<PeJ-2jB{xjna~zv4GMVzg7kuqLtx_mj!6Y=1>yo2}((zH#~q=
z!k%!_Rbv(<(SzNfn4^Z$3t-*ue$fLYB&~J?P{w!IjmH$~c!u7WH`kX9=71bvE+4E+
z7sJBJ2DbwrE~Z#NZCI1Celybqz5n;ihT+_H!=E=aKlrBTTujl~n3s1HL}8b8fWEif
zH5JVgW_SjCuGi}}fvW|(Qs$D7MYM1fj64k2(PK{EAvfU^-rLfT^Lq<H%Z<;ahKI;q
zYiCN#fv~<+J9zfix&MwJZNdVW9ty6wqiI`4)DJwmDJBweIbzx_*GofLabh}U&q_ri
zGNWn`KaD#34-}ZnCTG~A%=UY*N}U^~m}@+eZr|^E070N%ci~KeYd_-CZ5Msh$k$i;
zY@aJy`3w^fj!EJ;CTDB^iR7~K6o=WQ3`eeDdC<DLa`?ws9n{rU87&p>V;SO}U|e1M
zgJdhgujQewV2x&fQDf*7Ok5;cFATP{qqU9>?w9eFCOcrfV-oaw@CzP4hR4jP@2Sxt
z72SdcgQ3LNCRVcJNLwuJFp8dceKbVWlQx@tBcH(KR$}1rAgoN~=&$Hr9R9R1{tR2T
zA=BQ2V?0|mOOXS71cFlscxMn#JqEbBwU6;3GwFNjks}DxzRk7`e!sI_Xj*t1E`!HR
z_+4%4pua6FYw~!Dw8hjO!|ryyGq1u{(=7i~GBj6|8EO<7)EDW}&@brUnTnEf70g1W
z+Usp)Sbc1#_tT=Koa8pPJW)MXg<8B#W!w+}`kgWCHl3SCl~koLjz221hIFGv;XvGm
zrer9~QreTlK&c&fufYdq90O%j6cJcfBhnOJHtZ>wx;&^oP8ej%*sE7k7P>rC&jleY
zh~6qgd1yNZt3%>yVpo9~+TePW2#W(olE!#f(xO2Txpd@5kNlS~Pqvz-vrlm-!`&60
z{F~i8yo#ZXS3KCtL3<=$0wfz3`$$C4=H#2DrEf7L9L(9o9ccpeG+;8}2~tY>ELnE>
z6Vviu&<EV|8#?k0HOyUFiRjF(Gz=l^QLSNgv&12PVhlfLwASdcT@TIlojZ-zOa0(V
z%a(;kuqr!o0tg!62tA0Jhq&vdpr`tY+&j~;f#Vlc<7kc1zgKe7nB}<@R-(1=4_@6f
zT3>f<u2=i8>-AJ^vZwN0-CkJR#C-h`_fwE<rlqSzkr>LMOZNcU)#nxyn1b-0@_<b0
zTG$U{M3qttaXu`O-mm<wB5&jgQRip!M>wu+F<ATelz$e+U_2hI6oi)H@|Mav!^aY8
z>kRf)Ox6s(ino77{mRybt_OX%6SO9A{(z9%BjQMN)ONHQjAm7yW-ApT=w3@}>-^w=
zKH$gZ2M6|)-Rs7BU}A3D?569+BKf+mmVkAW&5qS9Zw_Qi-_4W;|GMmUtX<TD*7GnQ
zopsF`EKW(qhGF4z5$)Tzs`ITEE}K6v{|vg)1X5enzVB<-dk|JYP@(Y8BfvjDq!&yt
znCODGX6GHSbpioxbA1Yo7@#1|qV=acoXmvX7?PQEe)a>YG#q}jR74HH<Q_PdNjyOw
z0h8;I%6dl_3P53<H45_quIjB^-)>KLtYSE32h7RZwjtv`ZNX2S(K`m$^@(X1H8mSO
z)6GkvGo#L13bBBx$khL8I0}OX(-%Sghv#F^OX50i>Iy#y!qwd<x`*sz$B&cq;`#-L
zMIh<~XRIB|ug2&z8*97_`&=>gD7T%Y+dpyrH^q--^xUZW<7x}B=*o<kTI^>$k<8*y
zOcQbS^66@i9IC~{Z_)JqF3-5?{a(ub$~bG5i}ef{gf3?Nc1}lPu{M5}Wd!d>a>nbR
z9I48Kxv02hQ-sL>c~^HN9m9hR+tFBkC4Da+&$Rz1)A>&pwc3Nl5)N&!^XwZvp><y|
zaPW@o{G65=SfYJ4NbA$-jxk_xU?E2;;^2j)2~Mk`J~%^&cm3}TE|>@9qYh!o6L3oS
zHu-y{o|PkgIJT^w=i7%v#Cve{tg>rlg!-6~=crKJ!k9%S?{2J9Z?N(ZswU58O+ifc
z7hJJO9wt1PQ{b}mVwXZ5(m>nNjuD<v;=};_;VdLtf+aX*Tv%pCFZ|9NNMRZH={g*P
ze+N?JgQEY8#w{izFj!@Q2b&j=nY3TBy~|pFVLt2pKz$EL(ed+k@WdH3FMkB1i)~wt
zB_>_09d)`urTt<#**QRTI`cv7AYeI}(X~Qh05J8+$IZB(M}G{#7u*RZEwP7udxql;
z(Q|Cuu_&y&)Z;2B6W7;f+AY3S&{<cffudC6$Vrt$fKlliQ8dCm8-k`<d4x}R;T$Zk
zeaGktd1-*Y2ds1}@(iOYkSRBA?15a4cX!+D^^SM<VK6@4#y8&lf$+Zg2%<C&2;<#6
zPf{Bw=L^HR@$S)Z)#SCx{bxerf==TciA0|*z<JXC*7=G0?(zU@a##-;SImq;j}km7
z#W7(@w{=ZNOsaF4v5jn<+qQ=sRAy`|i++pyUhKyd%6$jaaqG&<*k2(sgMD8#gxpA&
z4nfqrBpYR=X2*>fJKL}!?8Z-+!|VwoCz(+{f}O3g+=X==+8WHhVQNReL*W;}7b*&T
zMvs6^VIVR2Klm`#ly~6r9?tn{r#>Yg&9wiD9#Fz15f_db`s0W;zlCQqd$9OXFcz!H
z9`c>4L<hq`AUlN8`K7^Mvy-E#+@?+1ylmYLzPsG@Q-5C<S6WNG?x2*1A4}~{f|`df
z{l58JlV=J3x(Tha!kA4Yvbzf_yy(oRU&W$fJo3p!*i6Kl=@8=-vuef+VZL=dO6L$S
z+2CrK9IrNZR~pOGLT6zBhJbGYSl$IH%X`6PKsXoy24Go>fyfhAFVpH*>GtuyuPB$O
z?kDoxiA%t&;HwP*s{9o3!C0o#sHZvQ0t3o=xO}V1V_@Ebb^Bnho5-|E8$z4q*hdPE
z70d!ymR)F63hT8zv>EDQoY~&eTs}luI^GplHl&>}1*EhGQJ&b}W-EhW7WP;izGken
zV0B)7Wg})C7zc1X=|8VhJkD+efhkVeVlQ3k042u*o976zDQ+mdzrp*YXdecWHAsyD
zaThf>ps1f`cT0C9M=TFY07Lzd+|KMA5|9CNLJ}1CF*XD*4{c(-5WXk`Grn(N=>)YI
zY?LNgFWkEbJ1~)!Fzbb6x!rpMJy34G&(gwrVV>OVy#=1e??rh6-W!jz6M-4d^h@CI
z8cB~nhlDF8_*Q~4mv2Wy^O~b@O{_R4j0?C+FX9ID_O+t}?T2m0S#D@ABvo0)Cyq|^
z%KsI^=4nkz00{-gO>gb;>AWf;OVE~28Mt;7eAuZ((Uj_m#~ymfeEulz>hqY>9WSUN
zurl;580ZnL6Fgm2St<k#_E_Ar1<ry@9m2cddK%&3^m~6cGDSQ|LBm62CbZ&$Whh_&
z0Y7Zti)%Q=#iihwb{VbS#&TycGO|R?aov`7c(~dkRA})BML^}+)1m&`$^^W{joJ2K
z8gM%*JynW(&)b-m%?ZV2c)nQu%a8Go8fmXqq6lFW?<0_9W5K3@kMVCRzVY41Phy9J
zcY`U47?W0Odn1tFbRh#a7uHQZooi#`_zinamf>JhF#Xa_=Uo`JGaQpKR!oPbPp{=h
z*ffVy4NRazkz`RLS8t>RZQ9ihnEqk@>A#lk!|m@}DnaAm{O0)p7NIOHhdW-qv{7;L
zdR{g=8XbH|+YG6Y+hef}n<`8z3qiS{(|w>XGP?<n+7#B?A3^>i@eM*NRzm}ChJJ~B
zA+b<mM!hV*s}0Oe`6fYBqPf%)2(v_;ttXls{7zcGx73Yw&iwtb+3B^!LyL!eUg7~T
z+$f?7lfBx==4;>l4Rhq#N>|BbuTot<rE3}^+lsnLvqM$fZ2w>_y>?-FW;i}(wsFv$
zZdjx6IEPfU3ZBh&CtnSBZ2m8CrlUt1&Q?U=?$TeFL<(Io7P=u51qZpoXgh^uicl;)
z*9Ds*f5th<&c>J^9%wu0!XO>0#^w22ZFX`0IE;fkR*5v=+RfI~>A%U`e^_{iG~|MN
z20Jj##ZLyoi@=c37D+F%W`wyL8HuSx&9IbfYi7GE0*R{SPios6?1y1Z3uB2GtGFsc
zWcTs%(6r^V+8}c~Auo5BX&lwkA3X?me<DqZKjgzY9`v!M82gQm2rj_=qR<#|2V%7x
z*AjLKQAwv#&Xrj$P!>0%4epkA;v1NGtMJ4toq~L+>!mmr==QYb3)!6_jgBE9RD$>?
z-eI;f!lt!*8(M?O{zHZ%7{)scpYg6I?t2=Sw>QRgmiy%xx56kJM(5hn<9YcFHO|mW
z@TN=JBiWv&f3%$>)P68_H;geI2U@-^Iy$G2AD-KuBIo672>=l;KajH}5JZT4e-1X5
z&utHu$K-5j1R_Yz$l1~uM1YL@uBvUP^;@`*iK_9$u|GoCD#|Ogc2I#7p|Mo_9Xz=<
z#ERjiF-8~n*KojIDN<<Ef0biQ+HaDER&k<sq~Lzv5=%3j7l@?$Y!ugqa#K=?9AiqH
z9x21rM}Mpn4&ZxiM4@@WtebNfhG|@XKz8YI%#+~G!rjY2*lEj+cVncj^(*c^NC%A4
znwCwC6n6|N<!!l1Eo&~wXqc1Nc;MC-_dghwUFNOhq07>~s?Az*V|kYAWQ;FUo(El@
z^OvKgJs7hmsuI;XHMBe>ghMQZED#~aD*9}g(G~M&8TRSn>EN>6hv7%q=34?nYXS2>
zYc1ei&@PJ>J_2sDJo788HPqm><U(TdrkVGJ!P*-vo{Q*)pwXnVG|S~a(gwKS-_F=C
z1ML;YG+~v@#r7K1n635rn^r7s?FAvY1jaoCF(zg1kPT`5X2A1YwrqH8X0(3a#AJ61
z&r@h#&sGxRnS`&v?fl|qW^ui%UwLmepzWev!x$hqTys0bhR9jD1u#>+18QfbKQIZQ
zZJC6V=eAibao9!7uunxY#s=dG4-p4Khk1rn1TjRxXeJ5fq_H79K3@{-iG*kH3;YgV
z2g47dLvQV2PP!)qCN^!Q!5-`>lt8x+CIaIkkYI%M3sMft*;uQm+i~Nto#7w!42J~H
zGY}oJPD{p|+0ykhx-2G1wqj2+*LVEotMI8}I`q{Dw!ZAK2r^vZ0{!<meD|+nBmY!k
zlUjR?`2Dr^8>~fjerwL6aLr0+h8AzCjO4YEjs7;LiB8y4D-XcvhjH+nrQ=2nbdUj>
z&%mallvcERPD_(rvDZq4$MM^ZPWwRmEvEv3*H#rXI{=Q>s$+$>@fhj+v(oxPz5Qp~
ziIT-tRs<!VFxpOZF_xZaY&$i`)O4RcW+RzU@y$<#*n_DFoWDi+#(JW}T4j~jO6wN|
z*sIiEFC*;#$~>~Py6|ZP(;Pi{H-aiX)wt<C+v!0~&oB1!)-`E~jP%(1ZNxGRp(9*u
zVorjSf7p^Z#f6*=g}KpEB?hTDS@>EMsKqH2_k;`L{ngSM&ogpc#J*Bm5(-yOGteuf
zrNQ)JJJAFwYAsUJ9C?GT>>y+5@y5ocXOJ>e({dz-#p%zZ2!6_5*-ZyE<pH`wNcgH!
z<UrR-httgA;KW%|m`#_h#)mfVqD9S8mJJlk@$uUid%aC`x<wuBm8Gu6K_$yjDyIjf
zSod2~mMzq)#R@+NZBZosG!Htytg-MMF{rt9*$};-{{Xe1=pP10<LIq*&>6*lbJf4!
zw*h|N2CBJYdswLiFdK|zqXST=6zS)8aA<L6Y9q`aK}IM!?&mEq&^KuvL>DtS<`j5X
zjW0k#m#NNr4Mqy7oS9)q(J*<1276Vhn^C-^glMh}@zJ^=W{MD-mr5JvhL-*m%xfCN
z_h*z8-Cvs`T;|0TWz_w?1>;4E(9F!Cj1xRVH%AO?zO}ITv)AO1(czip99vbOd<$B<
z+}Tj#-i+~TtsXBeEpu?9R8AMKQ&~XHxixF`JX^ZtQ+(!JSR?3C)^1HxOM$JXiDj0p
zrm-wLjTe#|VVh!o$<~|jR(hp8|20pR^X?iPtjpivyhGrBLT9uoj!VM>s3uYow_ibF
zdVB_y2t%?x%J0{gY*ND6CM_vIF?!~%)w_{9c&eg`<q{Jd?PqMqFF^qr0@ZS)IoJrn
zD%8wsTHr2{@Jbm<axJB$j7{25x;1<xhlW?mVGj>3h7x>mgJMX{Rs&)U9Loa`0UEr0
zm#svJg?CTdE0tKJr?xQ?L{`SHy)C4oqj;SXepV{}3<M%UgoV;3H72C|LpZ}{sN4)+
z-Y6BlCA{so{d|M%%ndnBcVP*M#)DUKQ(H}_RFsSNNDWU~isY>-NeQkLRMFkYudU`r
zxi#Xjw6az;l7q_wZd8)nZ2b1}fKWmEb3Z0!f7I~Vc=r^Hcba_1Ua7YFrf9=QF<E({
z?WLlDwz-teCf|IRw7vrOwcz!CB)0hG*d1t|j+5r^!Z*l0(uVYw=EYcyLW?dQ?mJ;<
z1|4IVy=?I*T_rBXuHoPycPKsHteftlgm)Rk0v4a}VtCW<!aj{2h3s4J)Jf0nb<#7l
zetO2$O;4xV^fdQRPyAn&o{uE|^7&>;z4G~_Wu5YI!nayJA^z!k?U6rGKDD*gs5et%
z&<3axA~pU4)Buqj-vCtu-Bu1zIkq`1y;!XRH}|5=g@boT!vlZJ@wztr7N6pS+VFpx
zEK=<^0DjY=&H(t52){W_7UbCGw)9#;fSP;dru>~0s5EZh(#==jwed9?Unjmrm&G@;
zZhW_?`EjI#mb!v)w!?pJYAF0mE&TJ-<+AWw)D3?hytBNdt^V!PFTL;932*<T`sMR6
z?kn`0AQr0OnGqn)V>_FtV95UPB*q~<=1Q$U`mev*rI+u7T-2+?DJ|`a9%J8|Za?T;
zsvC^~-~?F5r^*Jra;r{PI24>+DwtVV?vfs}qxVlcAm{3Ir9ZTDZo-VLgT4?nr{s~-
zN;b^IkYBnhK-y3;pj%Uz@FbgIhFsOX1MCcEBehAjxj0c|X|NtDOD%r7AqcZcn~lvm
zsSJ1v{novL(R`M{g++PPSJH;BN`DBL_F1=dM%!xfwuy}PuAowPz_i`M(cQ`!y4x9g
zr+!aPRD~tn_%UNfvI3<?X|bcx8~6aJvJVM%_r-6;+?)GWkc+*6x8Pl|14Hu0`|*{i
zU;AN<A~?f&Zo4Q5d%1nDy#%vekTJs<k%H1_e)8P*6id?_Uf@A%XIRTwnx~#KoeT|<
ziYwr7e!DIOqn6@>EIJ%Q5PH$ej3^utVZ05qJS`;g&SzZ5Q0f-~@*i33-HcR8MGuSG
z*(K;%pf~o$CyTwUZ|2MKaKPu78Ab_jZQ!~nZm~B3;V#U}w12a)4}6=Pt9KnE2Ugu&
zT1rvE?UO@SXXr0v+C6IZdrvO*Mk4zQJ1q7#0e`({_+oDqep@Ci_Vy$m?wP&V+g8N+
zhKRo}>Ed$C9~&Wk)wvIXTI^-@N<|+Fx=hgPKzsTv_68$VOY6nnroeK~jo8!BxmWXR
zNXK>VRpJY#zBWx#(IURj648As0-FT~WVbo&`HBzr!qpP7*qe+GE!`J;ZvmDgH_m5}
zw1>QL9H~T76G+`gY9XlzQ1(OJtf+$le8^$;J&RA)V1C)y4DWMn7urE@0FxMMD;$A$
zwv}E$%z*`Mc$v{<8{$~3R=_9NSB2j}!x(+C*<u`$q|3_)(O%KbI|!Y?*`n#<Mrht~
z#?l{J($X=Qhz)JAsStpJCI}n91`3833FDkbBkFRO($mcrpXS7d*Fys6yPKHX$`_Y&
za^rp)_T1mhv>(fi@@zzOP#zq9D8qilemK*<!_^pFJYBz2S{8w<@@uZ)af%?*jt$1@
zMGm)M;m?)n<&Gld!Ai<4Eh&B&lap$jf3mU8l7Spz?Lb{fOHcSi8wZ<cbOf{Q&qv6#
zE>ujuEl1dl-44oVS1kdHL1Q~hy}x@ik*_?e7X7c6$2n9C%3}_6B<q*O3U_Cu4&4Gz
zue&v#Dlgf`Ia2VHJ#1A?Eq!fOO)Li7y(1?kH!F;jHdJgW!Pz;mdtXXRxZ3fAqYQ44
zCxYjb#~GDtMLqXBM^*{*z^7OMdu%5!*)EWW#5`FU3~tYG4qe&O-W0w^4oz-Zco&0J
zdAlzQ%s58KAkhjDt`_9O(31f>XBi_38r=aB4UEqBqUDwcA{~&aQkiuae%t2-xd#K=
zsswvj3HI=Qq=Q`PDlnRr<O0i5g1;nbd5%0{tK^oJ*2#_JrihK4A1>mt<NkU4BJU@x
z1a?6Po=0+4?n8+tp_TOk+;a_Z2>!MCh=>2o<v|e$la|(96mLOV9fHZWR-Ufu3uDu5
zBl`r!L)d~^i<K!RDRpzfR)t=>2Q4wpzSCqc>DDfsy$BEVO1Ng)Ke1=-C{HUv1c(VY
z(ycU}+o_lPW%OV0rsUiVSM;Q{*x*W}OeZ4>x0;Rl+!cHVXZII;&SmB#ghFLFJ*019
ze(?D(FJoy7|A%<yU-2K~^FL<{mOJAq^KOo?LyX?fF_)x$E`&zTxMwN$f+1<qb<NUn
z$dTO{&a@I&1{S^$&PmIDX5y$#a0t?)WGHb;MJbH1oPEmc{sOOU3w9u*d+D+N_>Izv
zQc||+0O`>Upfa4PUIR9BTG;Ppe`~V@_g`f=JKf$097`MDdJ>ZL%%n2OS<G)C&@wq9
zHabRc45Dr}u3IRr3FbXZ(uO#m$J$}mpGlK8BoDTK>GuLQUf>QtL4$91HebZGD}GqE
z2SEH}*&DF%g`DDZ3!h=&_Rx(c`;?6^n?Dqp^kzsS&ba3(nL;~-fSJ-sv7zrT$MIir
z_|DTA**?y1<9%9E5#_JEOy#k=@H4|XT%61;bv1>=0jCO$)-$~3!_$%NZ*Y0gGg09z
zr|nR8zhF-KMRKy-96_rylJ+hLw^g=~Z?er_9n=h0zH&?QHvi~TbhgT7kYZN0u(Tb(
zBC|+N^KZ5)z4T0}DY#TlU76{8SYPznoOb88VVKs*D;Xc6(|I0K<l(A&3%W<*g_~<n
z{@^U+&cP4(K)1HE!1>ns?VRStwyN;iA%pEf&%k~-lKhq12v4@krt&You)oK>5a+f9
z%fXPwyGP?|-a+D(9!m#lAM<&RaWnQH4CgT0pu5qY7v>qyFwvfKOiACFq!HicVAv3r
zjoa@wHN`craZ7WGkA8$S>C&aNZ%p=%OEV<XIf(WkEB}O-twPz1N)$yru{XrgafQi#
zxU>q51>whsjU|)Ud^noSQ8TUwakgj_AeJ%rWH>{y%xh7Gb?{(m!?*(hLLOU)95Er%
zV>3aeIU3`>7T%4Dk*jc^(YZ{A4rZ%rT^N(<Y;H9=n=doz4?8>Vc6Pi^e|T}}ln=i`
zg|{>ub<^m-e|2Gf%CEuKF0K+Btzp`3g;m`RR(1E{stE9^g&h&wJtDT73PX(gUGB!n
zlD5B({VF*gV~#Ix{qJVp;+VHxW<4%aijUHZybV{Du<<`YlQ+ZJYacpFTI(F#0VFMZ
z23;1puE3iiU=$9t&N139)JQAH@0jdgE<Qz00g-TJOeF)H`&=>^?@&Y;g9Gqu=@|S%
z#-q6*eQV|}2=#-88PQTw&{A4Ms1|~P7i(Zs(^8{-7h`>_E513G_IZFMiRq_&D1PBx
z^%Fk>JPfN!O?+=8@tkR2DCYH(=#pvn#wgYn2nZM9_;%j>bfT2;`mRyf_{5gC>we4x
zV)VkY8P_Bj&zA||V{udbq<c|gHqOs*QHWN)(8@$1Drat?js|~@xF?Ix%{gtWS+uBi
z%Cfi{#D2Kvu&O@=i4}!>UG3*fe}aIoyd-5=@(n50QxNp+gP_lHgC6@UXx(p7v;~iS
z>9ILH9;Zk3D@`mo{|3nXYCjFYjtn~CbhIKxFea@S51JpfMhIuL5D=VS2$zKkSzv9L
zf#TGlI}G9A+@QOeRuCMrSP-@vNX#DNk2(eMEnJj>_?89Hlm+3Lh4u8c=Kno4|EBBD
zzXfS63%Wtk=Mh7aRvKgfqS9!s!~kAbxyY=x&x-bxhRdT2yT`jx26e}KFb+`T+m~r)
z8;9;XhCLqNEN6{F92ys4_zX5NG0S2{s>HPpXD&IRum>&`9<q1gU<1vH>0Gb36D`s*
z0Xr4^655DDr)C>8-AoSo^EBwb<G_b&hA)sg1I3Q(w<hQsG)CW0g2tAM{affLKu_zm
zYqb(+hLm=k(;ZZyJ*_ZdBez};#^%$m&h#KAxX1>(lX~8d{E>4^rQzI%<ieEVaGgbi
zMyQnvr=;~Cv2#)D|At!s+pfibSgrpjuEoDp>wnU<`0s-ilA8XQI{vjgwV3`<BOmmR
zJ!6(ian(7tvT=<QlxLcFM`CO0nCrJToUDZ^gT_Bz)&I`x^uOwI|2}!iNM)xw!*N@B
z(k07a>VQ4yHD=-HZ6&tp&v2_Br*|ru^i(zJ4)8F?)TH-A(3wg9k@ut8pmvZb_Uxf~
z?Rrv+vvx@JuTR>?;K9z=bE%Pf3%11PCAucylXIyd%Fl4u9Si}blMW1h0L-HDexVt}
z^2GPzey)Q&%>ykYTQ~+^uceXeCI%9SFwz|hLtHKJtDZJdJ^owCKlEF1X;soiOMhg3
ze7a*?1aiMa%f0JLxlhKLAv5W;yf57`kU7WVb78RSS-6Votj&6D?^or8SFPXg(Iu{@
zJ$%rRf9y$~Yoe89BPI!Dd8yWCZIVQJYWE-isq*NB;4dqWx<%oB7=CKw*4lghY8(w;
zVoM18jauJIdx5@Lq}e$y-1YRn^BA9wxq8B<+B}Yns`jm~XpaI~7#LCRhxw3dOSl-8
zw!6-yxJ0?ksdW9fHJCpfk^J7j0+j^cZ_FC+{uJ-E`5y&pT@<3TB;a6fG<W>FuuG>)
zr9+f{k?v@Wl?M6+p01nmp<i1r#!n`80dRxu@v80N3kdk?wFl9EsSj6!20M=Vcl70P
zTPhl%zaD40)S)Kb(F841q|57C&Y+NxUxC@9c5;knR{a>B-yN^g{<`#BfY^}fnQ~cr
zw9!-1Kf7xAe851iWBe?>+<*P{_c^?1w<5AU>c9V&c(1H?)b`2yQE^U$!%zs+r(BOS
z7HH~1JMIjcSGujc7^0f8{@oV5R9dT_ex0VDD()Y|)q;C79DS%vmI;MBAs;{sOM>!-
z**+eN>0dIOdH!v=D}sd5NoLY-&}*mOh9l94c^i@~4oyF0+IvN~E@5&@w|7b7$=fTb
zl>7RRSbtKV_>ZOMam4j|>6v-O^wd^=ZF;ER-h<+XKBBCLw9803Zt2Ay?i}l15@84x
zeLX$tYj*5Gp60$r4h99+6ADdX(ZB!OQtRIw|E@Ls4fyKX!gn%!wul=<BjSt?#S8!8
z598ba|NeiueEixLNzs2%|Mlk!XjIR`DY5M?*RU4KH1VVVG~rrHtJxfOlmXNis&72N
z{h^ofC-eA`qrY#In9kpqj}nbscjARILTKqj`@|eb?kvM`i*FJlb9RME=tZ!~ev^<+
ziON+8XGOPFUhnG}zSP&2hv@%*l0WQ#xEkUQm2&gxxn{$gZ@qlg^6L+u{^fToe>YTq
zt?}Ydmfv^?to+Ka1V1@faX01n%8%zie!*oumd<_*?xMQk<*DIKC03>{Q44<ctuW_i
zM`LqRrRA1%`&acwy51s)+L4YLv*f<pz};8146niT`~=aEU;d8cC-ZlRSes5Y{!1Aj
ze=j{RiXbjePchu<q{qj<C~C4-%3tOc!i%pTUW56Q;L9(6IuY10S0y)m>g7*-U&}9l
zK`$tZPiwu_4%$k2US&Pkt@bO8zinu}lLv2p$(yLgc@OaA>m7|hSLWkSIDXtC>^ebG
z25A7)gY|ME#v5gLD8LeW`x(KcUS)h(05MZ~(l_#co>M%DA0`K-_nDA8G>=HLn<6e_
z5`6jr4drJILh#Ga<M_!kv;$wBAFkhOa?H{~T*h5(fi1Z0*aA7`D*2$=o1XNo3`xa#
z*9d$mx^QjTU#&dD>&D+ojlXGw@i#Euhht9XaPPN1_!JvpS6d&vi}zywXt4dQz+1lp
zvEnE5IET1i`@7<L_I8HhTh9)_uX-iox1O!fzu>rUgZ$BXXdzsUfAJl|aDNJ)zWMPo
z{^&~KKXc9D&(y-N*Z;<d5RSPriIt+NZ3EXaKDMZr5^a3seHMRYJo*^l`Inp)-fO=T
zUS~FPF@9gx#CSKCk5kpc8}mEi-5+x00NY<4U`~iD&_6`K$sVL{eyG35*$-JU=UUq>
zs&IwEW3@W`g5dYk4VTwXeSYc|rGG(8H0L<Sucl`E9G8n{DcQwN*5R#qmQuu2e{t%Q
zpMVw8#_JGQH+o0c>ZE<9t=*VRrcY!ICYfv#f<;~$k9YqJk*ZIBtAY0i#C!F7(LW*o
zS7a)XEsb@p!+Z2hxsm9Q6gQD@KL_X9vhW+PV5F_i_YXDv{k_-vy`kanJ6!AcKSM~|
zK>Cls*{^cd{Ih>TVp$mMx~;rg$X(u}n7@A4^vw^o{`XmHg#RVA{#SatnR_(TdAki0
z&kXS#E}kRB^G@*`EuMFY=UDN)S3Jjw=l$Y2K|Cjk=M?eG5zndO`Ji~t5YJiSnJ1q4
z;%O1j+2T1zJRcU%`Qo`yJgwrnL_CYc^AYh}CZ5a1^HK49OgvYL=M&=jlz2WZp3jQs
zbK?1ec)lc_YsB+q@qAT0Ul-3e#q;mt`Hp!0Lp;}t=X>J$FY#P2o*Tt;lXz|x&n@Cv
zBA(mCbBB1AiRUiy+#{Z!i03}>tPs!7#Pf6U{8Bs*iRTgV{8~J}70=`1c~U(8EuN>u
z(<Poii06OA^GESKBc5l)^H=daC!Uq!c|klcif4^@>LS@r0>m>&JR6H=uy{5T&*tLU
zQanS%v$c4Jif3E#Y$u)_#IvJ#b{5ZY@w{0)BgC`2ct(n6Px0&}p10u%M#kBxHwfb>
zZ?|p_G|{b`3OAh_mvDHe9>DU-{WYloEEnCMkvd6g7pb$PwvcKBnSlFWq&krLJE>Sw
zYe*SMJxyvPsYgkTC$)ss3{rDQEhI(Vxv7*fh;8AiFOa&IZf}zsNoo_RA*A+@N+xxf
zR17H>sYp^yATx1yCUpy`P*O%x%}8aD(vey~>KyhtrY<M-A5zbef}$DXC3T3@CQ|!I
z?IyK@)FD!vNS!9NmehGtuajyF`IY+xQf)|auV!ilsb!>MNi8ImO3FfN6sZSEO(8Xb
zR9n`^U8HhIWsrJ@)L>G-kfQF~)Nl+(LU(Q|ZQ%*sxv5h~b>Q1aNQIDck!nmT6a%aK
zB6h{5Qp?hPmef*GG><v;2&r#L-G({H{W&RWZn*c5I!KD=Wv2GPJnUXiY96U~NPSA`
zWl|B~SKQB%noa64QhP`hk?H{M&;2l|he+j-`j}J>sTSaK-Q!4&By}gLr%9Pf9VRu9
z6f9Wl+;OBvk?Kim1*vdSdr7q=)db5WcXLu{qyk9UNL6A7eClRWKax64>ffXWqKCMT
zkh-5#1*uh}%1C`eYBQ-SQty%KjzzlrO;V|(ULs{9^%SYsNi8R}o0OFlg&6MHq&k!0
zePmM?lbS^8MN(r)eMo9JsS~73q{7$-`;jt`iYAp#synG1QXNTINwp^R0;yn98%fpR
zjOx^Vq<#g3wxs=KX+%SK_$W(kR+b?qIxDMS>csr)DOq`z{H*Mmc{3(X&Q2d5KV?ec
z#GJT%c}8~H@KISw6KBlGojlQ!o1Z=^CMykpx@!s`DSOW38FIn2+*t+#!^+B;Hp7yg
zUq8s$KNe)nv{`ww<u3>`foUtqw$x9TmQ|%R42W;`#2M43WLf6sWvA6G)voGKY&45M
zql)9|{l<B0@u$6~Rxbb45>K2oaZ1+Yi3JuByy|G^J9FZUoZS4GsHNOV4`xqR-iq(g
zYQ^6a6}!->`4`ed!D~2b;4ft`#x(p{pMF+g-HG4Oh4HuNx&8wG`vxj7VTXRUnVZwP
zkk>wU5wFP~-VU8fm-2APFZTjl%U)gRWF)1zXCJu*c=`A_X_FDjlsDdAe;m!wWe>Wg
zeEBss4?}eBq#U_GG_2n#`y_c*ft;6@n{PoO%+Ahdo4UqEXoy#<H*1nSZN`+#n_s<Z
zPOwaynVpM<g~pqmXHg<jnn2%~*)wzV=f*_Ol4s1wQhsFRXBXtk`IFHikZD6q_ME)z
ze1tH|GI53>K1ZH4Wuo$<AZxZEHg9IWA^x%tQH;u;Rl_xNSC72WbP)PU_**Nd2<-QW
zHpIln#rI7}Ofn8mHKh%a)xSxWS#nOk_Nx}_bT|8beSIXAyZ>MRTNcnUc+D3pF3jFK
z@a07({;_HHJ7c25tJ^w$h~GDUn0@g6-u<)3{C(~8=Z>Xy7!bI>!>K)G&y|PO<h?!O
z>&;s(t}FC5|8lzVr^oNwl6-N|%6Gd|IBn03F+`5L<KPFoUw?PSI}g3M*YV>mg*U(O
z!^}~0QXWtL<R5qMTR(no>*OT~cU5QheJW(zh-b}-xj#I;vb^7tZhMO@U;X;b)@MH5
z|Hzu}-{~3lY_qtZ9(ymoXY~V#@AV&4_Svz|cNJ~=^k9b`rf+sWy}R2-`&LhXvgox*
z3nFH`bM)MitQKQ)-hQR~&)dI!vhw6F8?D~IzxnP5A2^21pV265($Z1UrEwFyn|F`t
zzUlEti-$k`@xrLQh{CF4D>i<=arMW?UVmzVW!e6$w<`BP|K^G(^GqL3ZzFB3JQKWp
zy}^(@rrX+2-&r)TqU_|LzcucEYtJ1a<Nkf{iGpc=i-`Dp%RM^V*$<Xp@^onR#FXIg
zH-EBhWNy<>Hb2@cyZy<rVH*x8^`G(ru`)DFdS|C+&bviTpQ@abG-&brZJO+!x9^#f
zym3Fw+ZVHN#Z;^N?N<{&`y%b;=fb-87_quX^^VUCFHipOoA2&=G%@?zwMVnx?(kS}
zx$U`54-KyBG=9g}(>J}|Yg*<LKREL`O!-lNWLV)(&;9L{nJ*VlU+}MabDEwlZ1>IF
z|M~ame{I|O{C!V6a^E8Z#y`Dl=cxEy@2`30!nl9+T=iYnn!kO#ddRok9!)wLx9$1Y
z#;tz#mHg+*&h6Xc9zAO7*Bee6Z$2CL%f)4{%^7#_`F-J^92?bj-Y@sIeYRh8muJ5I
zV9m*=-~Vphr~`-JOg6po>f!m%SBIEheIp}d_D3CFNLl~WV{bcp72W-M$WL7=q709_
zzkfC4`4^kN@ITehhn$Z3wg05U;gRnY?|<Xr`)@Z{dw=szV9LL{Ze8Iu-QVYh2OcwS
zeDsAE!(u;w>!$Di^~BNkFC8vCwrSSZr#;huJo9}2fTjP``c-oE-PQTkk5<1?U0VHh
z^||U+7kgbCa&h9tc^99)xbEWKi>EH?F5Pq~{?f=x(=QcYT61aBr7tf1bg5ZQx0*pU
z_tscyR@A&zv!mu%O;t^(_cm|3cd~b(_ix_!z5Bc_9AN0IOVo|h&D1T^y{!8fryb7f
zTIhS|2kXb_3-wRv-_e)rPv|e|+Xff{G6He}76&{Zus)z7z!T6oFg&n-;F!R?Ku6$f
zfhB=Q0)GpXf_j2ARAv>O?*G;KCptRX5FHa88yy!NAKf=PAv!TS$q;QY7-9^uhB!mK
zp|2sqkZ4GXiH<SE#KgqL#KpwN^o>b~NsLK~jgB?M#>B?P#>K|R_Ki)5O^i*7i;gqI
z#l*$N#l^+P^^Hr2ON>j3kB&FQ$Hd3R$Hm9T_l-}8PmE9M8{OB?H>PiF-?+Z<ef#!J
z=$qI#DIq$+kPwp)n-G@}pU^iUAt5m#DKR?HkQkE~n;4fEpV&7sAu%yADG5nTLi9-p
zItia8!AWZ$;VPlwt@Zxe*Zb36Yu|TJ|Fqu~6&j`BW?Dt6&f(#8-@o-%-QUWrGt`_u
z?DmYz;Uh-gap$PfWA3_p>^=8RoHTh#cFqG+r#(1*#>`o{c@O0mSmfD-bLKu=J7?Y6
zTjdW731oOMNlxZG3(jZ84BxD70B@?j>8p_G_YOD2j=Xzx{=``Yf+5N`BwDl|8M%eo
z`Kc2NveQNyVzUGTtFlXz(qbdBqU-Uo@nAZKOd2`)&bgEP_}O}qPC{_$e!l)p{2I$#
zFA8R{fqcdL@-;knIJk|5GiA7XrY=wJH3oZKX^lznr8PBoW*+#Vg1e_qvt*CT!&;)@
zbjMt0y8lQN*Odpqb~GHEHrV`!uaNZE>rDD}g#1TSY|5UTJ0*L}of(%GwrKise>};*
z8}y$`bLyy3m#3M%HU7^g`N|<*Uy5tnwo(+su8`oq*PGyL4*2@go8;?@N_x$sGaG0Y
zEaHUgP4RUEeO+mesU5?WG!Mq8+c)mcA*q;Y6B}+HiC0fN#e&!RHxM2NDQl^I{gVga
zR|-I<4+sou)VN7-(`Gj`Z_!c;Y1R71&^B$u+O=20?Qm1aPMy1icfI+Rh;H3`L`L<z
zwO8-k`f!R<-v3{IUN-Xop+f$Psxc-yF23PvOuBkCUPmsj632Dr!qC^(fl_Bq$(S~)
zp=ls4BFpeQ{KRERzxIHyE4?wXzVzM+;l%80Ou>{l6f{uaO!oD14A&k0^`$=AmwHTJ
z?DxYVExAI{ubXMOuE769x`#}gkv;3m>Aqf$A*N2ce=qRsOLuK+L3!UHXXnoyWyzm5
z>wzm2`So%Rey!!&!q-+629@ZgVomfJn>P`%zF7}sW#{MT=3{N32;wMM)?{;95ZXI~
zVdk^~@y+z?x&C5WE^#O)rHqvFQOZUs7Zoy5%0o3-DExF)L+zqsEq#=D^6%Q@n?it|
zm6xA889Z@rz9A-WYChU{*35~P$y4h~Jg-LzZm1u!AwT<p>^XmZz<s9`WX&lk_$$+z
zfFKJVnlbIqgqbusch;0?LN;4(22q8%)AF(kr&*>#hMPAne<D39^`<?w`ixK={!o1;
zB9{LHRhd0!;$+L857=+>C05xsxcXL!um99<TXkFQmAu7qt?cWdS8t$K3d7eluH->$
zj#qkLTO(KU0Xe8&@v<M+71>il9}_<_cUG<?ch<DY*fYq<$<DuSA%AR4R@SWS!mKIT
zGqNq{@M7P<7fRN&nRzIx*!=96L@t>ze{gK$@4k1kBj@$Kd*Y1g+4<>c-El+mCq5uV
z6nt-hhrDcyX#0vEF~mjdlAuc33_Fo6bm92N-$vcNx-9&gsC!t49a*0nfAbwNj_TsO
zrs5l&t_yxG68^gC7K-=b!2Ii~>!a(ZOVQn@o1mKqx29@542OU9<5PYQK^Qr@j(D%H
z_fLGJ<EAG6tSz|3<o~Dj&)QuJt2X8ulF-snGr0v~=E5_3;>`5PC@F(sGWIgFz*0=J
z6r@j1t2e^Hp?2fa5U+%y1cF+=ju1pWBn+2lrcTVW$dGqv712-)PGg+nizM<kQyTon
zkf=J-OWoiMajCfzu{}9C`)aX_92E_DmKssqD73E`({ko&U%;@r`lqBMZglP_QFuNN
zMif44G8`}w@F3tgzL^e8*cz_W%>d2^(7gbd025L=3ou&}-9G>(oW^Ei3GkPIaKIq|
z4_A{uroz@v_y+X90sQuRV8W1ao$eIyIRM=&fooLS3rv^`K$FtZlr;Y9XaFQZrIUco
z0DS5l23)AR&jBVZh5KCKg#h|l1WfoG8WmPx!ghqY7?|)GXljZT1MpwREmguk&`W`r
z0T_-QcsbxxxYN4TqpJI3z=RQSUja<m19~MeVK3;%fu8^{oF{<^4Cg6e!hX=JfC&>p
zKMhPc2>Kad!U53F0{;zw|GMY!AiM(l1z-aG^CULm3(zkC6PAEp4NPF2tpR=wfd9JJ
z@gN)l{RZ%x0H*UTU;^FW0e%;N|GIzRL7@9Tf!6})e;qJ2^bW)Qec<(~`vzdbQMl8l
z=!XFO*U^0C$11%Qn2-qf9l!+q*X_iE!0^j}38+SIIWU3lyMPJ!uiK3WfqrPfhJgRN
zy?7Al{}W&W{d@}iwd(#2Fkv0szXkpYfd4uwEfV<cSzrSG>wdw5z;J#A{tbZtx^s9C
zR>S=~FoF75mB3xlZ-8{+z=VZxzZp1Ib?*mExV5KF*B==7u#0#H029W;|3F|uB>W5l
zP5}%8Z3G?+fERBnFoEI@6EJ}jNg6R=C}<jT8v$T?MgkMMAe=jZ2^~S-2~6k=dK56>
zHiSuK0s=L<?gG9WK*`8Gz=Xb_?*k^pgB}M=81b4;HvyPH{}X`;x5IrhFu?%#Y+ynp
z+;e~lCeTxX34P#a8Ze<Z=m&ub^fMipa6SrS8Zf~K_gr8C{ZkQ^a0!0$feE+5T?Qu5
zkk<lW!fE)i0u#E!eF-oj6=B+d33R7o7NIBHX~LU8cRMiQBhbr%9e^I79|b0S2>J<N
zLO0Ma0u$OGoR@$JtwE;+Dli)Ll?S>2z`C0aT&U9XfENIkz<m)gf#dfhz=ZCgmjN#a
zbOZe;Fd+r>W56o_gFrtH{6Bzj(60a!x`2Ka_-)nw9bm!{r1@Roe*%tzUI$D#4*ES{
zLT7yYKJdR(_YZ&xDR5s8yg_xRg+oGnxPJ&tXaojh6ELAK+&=;)F#OHHgevGu(MI7`
z)x89m&=&qnfeF!|w*eDaZrg!(0vJviFo9Y$<-ogC_uasR@tDi@0Pj`ZKLI9`;M-4u
z_W?>lQ+=HPjW%5cFku_q4*(Nxf%_N0gadH@5}2?D^jE+Hn5yy~0{#iWbe;hwP;2vN
zV8U9^XMqV#;O7@$0(Cck1tz=-`Zr+08qnu~D*+(ARlov3UjSVVU|g5@9>8%)hkam}
zZPks0dk8R%PK1Mw1~vd#ZZW`w;qB0$feCbv114m`Jsx;~>OK&dV1oM~;1t!}2t1eo
z_f+6?)qNN+AsOzs1CLPMM*?R7SPm0_CjprL$-smN_@4s2San|xyj7)3fC;SYQs8|6
z1moQgO!yge1#q86N|**<82AzGXCg3c!s;sEXAKlUcLFA$eU<|gNPh}UAYB2>^X4T`
zCcFd;v(SQGb0g{(Q1J}v7Wg*++e{@e4JNP+Sn)mKiPJEg159`l^b%mg3!rVlgqJ`U
z0TWmb#lVCY;r<9P;Z@K}feA-JF9RlQvx83o-ULYb75xZ!t4hyByC(!K$G8GaI0XgX
z$AAfmaA)V90ARcmfeHOUPXb=0x<3z0*ol0-1WYiVL>U5m0sNK&OcMahAs86PE<`zm
z0Jl-y+W~h{-NS)<sP2)#eN^{o-~`n@5qOa5o&ubvx|@MBRrfo935<6XFoE<KU;^p8
zfeEDV0Vc4H?gJ)}9uG_)odrxFJpuRu0Kc6IoU6L$0Y3y72KRhm8E_Zq*}#Q>DWK;7
z&jnaPKMXt%kOz7`@B+X>&{p830EWK|cm;s*t^|HYb$=Fkwd%eG_zl(lP2hj3?rVY9
zsqXIs6PhB-jldrQ80IEm-k!A{G_MpUz?6@dm#`9+e&_XW2PW{_UBG(*9J@XNCeVKc
z@BskRd<gh3fZ-njJ_>jN^l{)50Q&hJn82~l1?&dU{|~?(z)H~n0Vcq_wf7fb0@F}Q
zH-HuH7l5k))NH>9OkjGtcg5TYu%S)%1SWJn=JnnROn44-3@`y*LpL0l@NaxO0XP?c
zuC2=hUIaJ;cN=gK0Hk+)1jZIX2l%M~b^}hqT?c_^A3!wRqk*#k99t#;PXy@UJ_(r6
z^h>XIGBBY72B|5)g!XXH1}1#*1x&R86ApoX0C)y~X_yI2_&3~V0TTl8Z7wk31l;q0
z2`5440~Y|81{ruZfZ;3zUIZwGA1m;80Q&I&{|KO;v%tTo?z-OKH2`bSHhKUPNcRRN
zkWP6W{Q$slZU-g|n2nozfM=@iR^aDV`sO!KZUFj^0nSzFxxn)QOv3_T!bKTr23`uF
ze+TfR0QzwP6As}B!%E;M0rc|}FoE^*H1J!h``>{Ho8kX$V8S}k?*J1%0R1j7VJql=
z02AncEimCn(CdH+UxI!QnBW2ZJ}_Yo=HPz;ZwD|vJAesn8#{psAH#ncFku(+SPr}g
zz<gBz9{}*%FM$uM^l!lD0Q58JZH#q*3E-XbfVTpor+U3zy%@g%;rP}Fd@tZQ{Of}B
zx*mW?xJLqy033q*THu4K`yt?J)jh9~UiUDd2mH?mUar!Q0zaYBPXVt|>1Tld2XGi+
zz5={XrQZksP^CWt-mKEr=6c<GfE0vZ0(=%wf^XNf)9bbZ!s!lt48ZiK%+l+!0Cb-K
zya*uj<<{%E0&a%;&A_REZ{a_eg{S@*f$s%`12h>(6Vy=&eset?4mbq(R;5|+w*l~%
z5(C^<r761@3c&xAVR+02(9axT!cxRb*~J0?{--R$gYYXBnUqx!G<ii4Xny+$FhP@7
zECr2VE|XU{RQJb#3BM<=cwF`WBrxGqMCLEAcp7emgK&Qan4rlho&}BnSCmVv#!CXr
zZVm9O^o+c`4oskI;SFE{^YRujf$r}B6Y&2sS;Rl#NdN1A{bdm!DE?D6024G>#74zk
z$Ra3@z<;0oAprDFI1m_SIWU3l{xS#37zlKyjNvE%|5GSK_z{4=6v__>^h5ap<pp#<
z2TWLv@XrGiG+9AsdWN5HV1gzqh*90^%L*tjU^)i?6Y9$fjBq2+Pbx6s_v8b^;fHC^
z)}CBT=Aqr^1L)4RCjrU+OV^v)8q<Hh*3jAt)3tAH1(w#Ut*ywzYip|?Kyy9yqnc)I
zJ;gPbww~g+s;!%LfY#PcC7`)(B7nSX-NdyM^L{PsrU^mdK>+wm;d(@vumoKKnxL&m
zcr*)Prf>~%8`c{1@4p7QmUTx%>xlPIK-xOuebCxEVl!y2A-Hzf0$N);d<<G!JL~|h
ztsTAwt*srlUuEsUb-_~rreEX#%TR{(`TrW#PjHu7p1&RFP5|<Fk-!>np9osx=gpus
z9{wKC1p2=Zm_T|wFoCo`Pd*iH8Xvw4w8k?(3tHoo-vq7k#v4I@2w*tB#{*Y`pV<Y!
z4e`B);C@&Q$Dh}A!R_~W+DiDT0$7oT-{WIn@#ABS$7=c5|Bt=*fRCc;8@6ZDlief>
z5kd;=F1;jS3B7MZQv`_x5flhTR740xu>qkM3)mY9wp0Z~#YPDzV55nEASHmHQUoaq
z1hU`tKf9C6CZOOg_w&Br`|S0*&g`E2b7t$AGiPSb`IP&{c5J$%wCyVGRgvO-+N;Jk
zs<cZ*zMq%XE|vD@y`Fg2KWTqT8&uXM?N3pjTiN#KKJvM_r2TmmiFZl+Q<VRew&gIC
zyV8by*?V8wkVz={(uN%Fy)SLZM^MTs+lHLxjgdB_D9@*C8}eyyjI<kby!Zdx?Z#E!
z^-7yj{JVDJSH#Hcm3E^j@0+w6e?WPEq}?dW>%CN4(bzsTwh6Da9cXOV8QXHk_M1i<
zO>eVFyF?yek7?K&`(b}9xka0_SgeW-(21Q<>&UV*%b<XupdfQlcu;Imd{DI@dr<qJ
zl%TFbw+4*}8X2@RXm^l1C@pwGa7M_JA#*~W3VAVPZ^-@-cSu^%s-n$BZ7;Yk%)apS
zg|!zp!0`+23mIIq@j&tUVtxJT5hiUsN`t^31JQ;Ktd2Fk)?q2u!(?oN&9SA|)-1(T
zuU%M**Ll63rPv*N;Ei|_-r}_vOR=}t+gXZzz4m7*4#0sp*y~*^hvG0Cg=26mK7^0r
zc(0i(XX0b{3cikS;@g;u`S=+g$KO%EH43~nuy^3Bz$XG{2Syb|7ingb))ZS}d(`5(
z#ihlKkDH(MXO?!iNoz5*^nay{jXXYz$MG~4#GQ;gALowK%g+p*96B}h@zB|!b3&g9
z%?Zs5T@<<)mV|y1x-|5Q(6ymohJF*eK6D%G4BZvFCv<=4!O&vqKJeV)O<D+sVKZ!j
zoiGiD;UTW332fA`(fmd-Wh6I7>h6v=;r%$lt5(-tSBs5{trlyGbw%H-F2(e$K#tAN
z)7}LwD3I@9e9$h442}$z@7q3zs1i}dY>%|pw<p=t?St(@>?7>#fSqv{yNl1di`<@a
zJn1slC$97AY{GNK`AhjcaP%hj&CsMpDD5mKptM3RxTPgxWl4|5H4`c?s&cx@qFDB+
zaK4{O+lWr~!3N<7uhMxZ&tJb?>FX%_8vgn7_dbIP{C2Pzc0nz#S)MDedtO>z@4P$m
z`sdA$IvsT;>OxdT{)+rXktXdMWM}Y<{`||m51M{%M6Q;veWHD)t<bi?pYVy_9=`*A
zzxo~VbNh|)ALBnBrowax<g>Iu9N54G^0~_AIXLvr(Do7SBeq2T5Lsj`vL3E{v~ttv
zX3>6C{Hp}Q=J?I=d*RpkBk{k*pNu~p|7ZL;(ClV=g!=q5>|^ZX?V0u`?epygcFj@C
zQO8lwk>F_LXzb|j=;7$^nCW=TF~?E6rmJSxn&~y&b+me;8$8h9xdtyZa5vDB`X(K3
zSk#aXeP<AaIPF|k)!f;}+1~kzbFOnf6gkg3=QNtvsG!mQM)u_X$rF+{B)j3Z#_q-i
z-QC@_Y)AHt>{;2)oR&FBxk<Sj;P(96^M~f&o8Rt2`wQ0Mm||z~O~tnq4=KL8_+GxL
z?qZYM?rzOV*tfgybZ5Y8?s@J)_d%{?`^|lpxq{SZU@~cb7>tdvIkv|+I2UEi|MR$)
z?_v?^-|MsuOa_SrXs1!zWYTJ5Jsg5VQNH(+aSA?;xwrriVc~Zs?IdcOP1>!Pjt`>t
zJ#{GFigWQboQH3CeVb(#=HffJ06)Rcye?z;Ij+XQExaxa!*IL?D`PxX!<N_@+o20P
zVrQ>iS*GDl`1V$lmV@7HGimG5jU$hkv=7j9)TFgV?Ks;zbmB8O9~a<zxB^$=2Hb?F
zQFc<_#e?WZ6FaMZXvNm(!fP=NZ^U%G6XihoHg;rp;SoHJ=TUZOM`I@bfQ5J%k9*b5
zm^3q5u?wbQZ%oJOI0xUwMfe_SXHDA8=lDC`hZ#5qAH+v76Q|)Ed<Pfdr&xfiaU*WW
zLi`zz;~%IM(I<t^;@5Z_&tlp7ai9M&|ICDw31<`B3DmuNO6m){NqeaV<<vB3!!ZNL
zU?z5`MScjMJBD}-W7!m&V+(BKwLMF5PDA>$u;dmnC183$!@$h=8SxFOHmLd_6ehY8
zU0L(8l8PG^OWRBO<4SI!X`wws2Zas^oe)}><Id4yOj;0zdbO~O!b(^ft6)=XjxDe?
zcE&X9jan7*u;j)zWGH6fqnL>^a1OqNb8#M)+?*yYsR`dhl<knlcB2j!M)LlnR`J@3
zT`P94m{#%Dinl?ZihV1lSDaCCR>dbO&Z)Sl;^K-QR{Xf)@`?qps^aR3Usl{&@rR1m
zsESdQqN+soiRv5mXjEp@OHrAL&nM1L%u38jT#&dZaY^FGiOUlU64xYtnYcc2W8&7t
z9};&bn(~A4L-Ql@E96(sx98W+ubZEgU-&cMdHe+r<5Bz#k7F^;x30FXg>|sedd_;@
z>bA~_|1^GCJV(kBYbDkJxoHW~gU_vy_Zvg73dW%WYhX>RjrGy#Z_>J=7Dc-d1JQz!
zXvHY3i}lfo$=Dd1VoPj;9kB~ui`Sz}Mw{lf7fZ1(4#FWg3^Q;H>bDI4(f;@QkM)1p
zf1LjWm;%#ahW{-8$Kgr;*Ztr0-|K(e-|b(!YW=Exs}86-r0USBD?qbVvQ@EFwb^Z*
zY}eYl+tO^kY`x)j=nMUA<7}C>4{S?pU)a{zHruw^ezfhf9kZRVowEI5E4I~k)OOsN
ze<!`qr8gIK`;$1|tM(o3E!1xl!zPDK4SOPNcGy#4&xGZK<%KN@TO9U&*oR@Cge?tQ
z9kw>?tFUjv)`e|^!m#~e2g803I~(Q>)BiucD)koLg?Hmnd=ls2Q}_(Ni1RTQO=13F
zfni}`kzv-bD29NlALa~84r?6NG^|-zi?EhqZJ=FPYFL-BYs0P&>mGI^^bWfttRD;s
zdmt<`>7}Gsl1?UR4YxE5bOt(u!QrgOWy`IdT9XyswHw^?w6ph}%Q(0FoIJ;UBTU+U
zJdVGk^c?QVqBAbrPiyg!pXS1<OulT#*Vp@Li?Hx8e?LS1Iq9_X*Sbb|I=rMjt%AEk
zl9TI~8a>%aORkojo;*G|J@?UE?VUHbE!wtb+c(>aw#|1hcdv4<b${*N;Qr3N&Ar3D
zv$Rba&hHhS*b?p0O$=>UzV6gnC-4-W#v*j1etRl#ZQ#bhLxINvPX$&jYF5;us7+Bj
za22H#btvjs)VZifQHt|<=c~?na>zw9En@%ZJ-)|y6RJ*A+0J-xF3RqSy|BNm$A5(X
z)PQLL*9Y|s%77a~ZwXx#yFPYf{CDx+#}~%$i~lA5D4c>b@n_=;s=BLM?BVu}_T%>Y
z&P3-+&X=89ab&T*I8p7hUEq5s7Sgs5Tk~5HwGAdM5uMl>@7iQy`c9Mf2u{MO_!#El
zyQrBWIFBqsOJ^Tu6h4R((1ktmHtdg?x$AN_=5Ej3ox3MjUSg)zq^&}|{hn!g-14Ml
zj^$}fjwR3XzU4#9Czhp_FDz>;Us}Gltg~#fY_;sN?6wqI_FE2Gj#+-UoUrKcl`LO(
zo^xJsx}C?Ft!-m+akAF9SK}e>5$=)hSJh{Hd?D=~JdH(o0gF+c+{b5Oe~<lC9E^9N
zmYbN{5K7h&M*W3>7=#v#!b%v8G1wGaU@L5o*J2vphChw)C?{5Kd7SqndRKH|^smv!
zqt8Yc#<*j&iYBcBMqxW#gop4ro<;q9=R7Ts<1-&>pF#mg7k=O@(=*yizcqfF{0jYk
zqK$sU?>ESxo&JEKzAInXo%a9Je`3Hawz-~t)82vUfit|{;S+&&`UZxpzJbj_Ti`&@
z!JyxQjs=|yI!{l5JIESr4Xzm6Ft~g0+rjU_*TIK^PX(V2J_lMzrI1*t33b60a$87x
z$k33Ckm(^a>0g*1@>NJcXv@&HkOsGf4hS6?nt93n*JYv0*mGU)-EZ9+dOY;^(DU$D
z^_5;XjS3rc$$E5I*fMYZxtF^0Y*?V#VvaOh%~9sM=K5x*IoaIU+|=CC+!pRI_cix7
z4=|5}$uQMC%lxEyj`?ZxbLN-KFPrDWYvy_8H_dOEbIf_>1?Er88zInQu|!y`mWr0T
zmim^KmbP%4rH`dAq+149GGXdPzWd88%e>$Bz3RIj5Y9!M;nwhq;jO~k!VPds_^sjn
z!v};v96lj@YWVZvFNePu{(ksp;me>Pd`-A1!Woeq(Kx~t(K%vb#H5HRFfC$M#N!cf
zM!XH#5sM-gN4y`g3<@H?h*$$VBlbkFiyY~S>=Joh<gmyYk&j1e*80}=kY?>^?PKk0
z9RPP)hggSOGpzSpCt9C`^6iKJti6*NH9Jb*hc#U@tn!G;6Dm)v{Bq^_l@C?^z4DpL
zT6BeITXdsnSM-h1>CwZYheu~bXGXsty$yDPy~=}CGOJ9fGQCPpl{}Drd@ZJ0Oj^u+
zF&QyqVlrd$V;04H6{E#gj<v_$5}OTyagF0T(GN2@ZhqW?xP@__#vO>$;%mfrkM9xR
zCw^SKv`zIkQRzPGAD(?yX(v>>+;+lJ+j3Z?+6&*>HhS9(g|;K!Hp6+_Nc%|p1ejx=
zYxi^bIf5a~5#^`^F^;N^njr0px=`Pd=xFF@>1g9<@95;X&T#`wc1&?-2|pzqPWUb1
z1nqfa8_t<{SK<h`oVH}cq=rd>>^nDN7?RfPIqTansc+9y-%6j5Y;&bwNa|kCw*K+A
zHokS?E$wYfmNm<kRX?jimMd#`)`YBAv*u?V$coOkWmjjf`myY<vo~gM%H9lHvbSfS
z$TsEp=LF^i=Y-{0a;oRJaz^J&%6UKMM9!Z%MQ|afI43N(R<1L*bFOULr{peH`{RYV
zKjj|GJ(hbew>VeJt4lvfYF@{@>+{m{9>{wb#^)`}dk;R$Tax!l-m<&`SOq`k?aC|6
zJCt`K?^NE!+RV=UKKXa#-;<w_zc1g|jworz6a^JYUtU$P71b@Of6?v!d#e95&D(!^
z{6bMl->Jjh%AMlw;~sL+b_x598vD;!8|z{#Y=dpFJ$A=5?2DOrPL^!T=i+>nek_f)
zw+$1~g{gQQrs4gViLc^({2af;4Ji9tucF@1t)KUx@7L)4V|w4We*S}g?t^~bgMQ9~
ze!hc#u7iG_gBC;|Rxr;Edty4?g_$@Nr{f}AjGy9_>}N{*DIFicOneOs(b$gDLfM9+
z9a~~1euT?$1!`=&MJrxxd!J7JqnL?vu>jZNSNId^{k(d6D4n*Dw39ONDby^q6Hq@U
zP{4gT&w~Muv>KQhLHisR;d`h>(vO05ygFHS!VH{<(%1I|7NYET`qRd0jw5jtN?)xw
z85iP4{003h@IAwhUZqb_Ov6$5fY-?^7voC&0(W@b$x<}7V;azI$;4?m!|N=TPvC5P
z73X0NN_%HFUg`c}TiUFmzCS4Yfdix+dky`g*af>{e;k0BxDda<)wtGcW+nQK@CW=6
zwaO-~A$Ihd$ubW=_NqmDj<>j2s^cv59W=oCDCgt2@$dR08q)93-fId=aXw~a9&W_F
zUiY&UwOEg4mdV)4YZ^=O4xEXvdX;|dGpNOv_U|Wg-{o}_%h{;04;X|Y7>Z_eVrQ=x
z+n=1t-((+BEUd=&78lt(YIaY5k={Qf{XNG~b9(woN{&n2O`CZr&j<Tq1}?{qD91ar
zd-)vDg&lAZj>T~}8|9eU1k^_GIb)jFXIRd|Lfnh{y=oaI?a%4N&+xRvwI_JZ_*eS}
zvR|O@r|J6#8RQi$rktgJ-B0v?a=&W9R`$Vg2kyjkcpk6WMxPlr!De^^rr~hRz!^9T
zb1)BA;TI_VwAvo}cv0JH(h{&aw#6H~&e_L)BNpIc{JVZB?H9^MIsPf<t;sP^@qdpq
zdX6*x(|(hS?+=vj2YeZ^E@ETEcF+C*JHf{NPv3pdkJWysR<%~ugsOK`9a#0ws`pkM
zTlJx;%V`h0s~Ov|^&Jfy$sq01bjJ)wdcuT+>e<sT(hhWId)i)u^M}y>(r9PtZ6$qw
z{F3bh{reZ+Jic}Ob*k;I{)e`|J*Gj7Gp2Qn3p&R1kV|k%Z<lC?lm`5>_SnX^+;5fC
ziKT^Ua_zG0$L~@5?~K;N%^w0G7(&4e;SdQGAPOo$G{it0R0SJ2pa#@}I#3T9Kq54R
zM$j0VLUU6KQ!8i#?Z5@8&=ESrwWjM#*F$&c0XM?U&=Yz=Z@3-$LVp+lgWyiM3+{n?
z;XW7vBVjb$4`bnBcofE)GEI|VD$Ib#O;0eI<I|?+;3d;5rq|$gcoW`+9H60YdKVVK
z2e1S_F@0)UW?Erd17E?nupTzTckn%Ig&$xC>@@8%?SZ|p9}d9J@GBgKqj1c0+;kF7
z!&xYT3*ZKmpUKZ30wEYe!3^OL2^Am;DnT^FKpa#B8#tf_)Pg!t4;nxsG=xUb*srBu
z8))z6@=Jv-a2;F^-JyryGk(wcE%Y1dKa!s9(e(6;^?!uE?K$v{|9bz8{+s-__;2&y
z4nM*!*aLfEKOBIc;a4~eN8y<NNyf)K?SBS}{LlM41NsLHfI)C4+y(c*y>K6lfRQj7
z?uW7P5Ih3oU;<2p$KVN=4Nt){@Ep7VFTpGDD$Ik|;Z1lOvLP4p;ayk=@4@@<A$$a%
zz-O=wR=_Iw0@lEn@HKo3>jO3fY=X_O1-8L<_z`x&9@q=};Q;&$zrtZS3di7gI0>iW
zPdE!jZ~@#PKVE;3TQG!z8NwkFDnJxef@p|=IH(FXa6k>H1$CevG=M~C2&#XMV>1^x
zHY3OOr9VRBSed83eYvWsnyH#U1VS)`f*Hag5-LCxRDx)rN~{(KRlx=hr~$R04%CAN
zkO&Q-5j2LT&>UJqYiJAYAq6@>C+Gs#!S&D`dccivGxUUB&>L=tzR({Az#zC2?t**Z
zUbqiNz(^Pk_rq9t2p)lPFaajQWS9!mVJ18VPrz(=3Z8-Is=Zom9=r~3!rPDyxsVU<
z!a{ft-iHt2BlrY9gJrM+R>J478rH&B@C~ek4X_C|!xq>E+u=vp1$$sG?1uyJGyDpN
z;V2w~-{B;jhCksf6u|{>R|~dTIWA?l)v-Bk&227@P04YoblY9F40Swex^0f_1>1aE
zwr!C*HuaIA&uOi<&uN>j(Dt*p&*@KF7(Gl8j!1f$qUcX*=x72hRlibOM`v%p(iHlY
zoE!rj0Cy$~Nw^z^!Y~*KqZ7s?Jdp56!bF%1Q(-#Hgva0sm<><CGw>X|058ES@G8uM
z*Wpcg8?qr6^5I=r2=BrB@F9EzpTK9Z3|7EO_#9TlTKEdSfpxF}Ho<1t0^49a{0O^X
z5A22g^q(Dp-{54KKD3mql&lWW3A(^_a6NQ~9&jVv3_YP2^oHA^FZ722FbM91yWk$U
z7w&_JFd3%8beIW`!4ohWo`PrKId}nHf>)qMc8%;>PzUNk14x91*^ROrLsMuDEul5E
zh4zpF9iS6*f$QLU=ng&LMz|SzLNDkIw?kj(4+CHj+zEHVJ#a7F2P0r)_Ji3E!=o?(
zCc<Qx3e(|ncoLq1XR@EmegR&BSKw8c2d~4M@HWUT7Z$>Y@DY3hpTRO%0W0Bi_!7Q`
zO(p$|Te7#ocK8F%fwVQ#^Y5mgk1K?{eR|R_XK1dKUJpc{m|Xw!cl}y=KTd(SKOo(^
zpBno;$G7nY)X%rMi~E!C6<mUsI<IB}e>;T!TRi8{G-oO2$=r+6a2|e&oAEacW?!y4
zw#Hj=1kOS^ug19Fx0lDp{k}N%<Ba=#J$Y>0@0-nI<9^>)JeGYweg7|%Hn`c_4%e?Y
zTI5&$7?qq$_AvD3%t$$JOpY<>$B>N2kG|q~(MXOEb>=vR9HThT*$L9m-=Ru}D$;NN
zAbs-*9IKaeMqZ&G-nh^4Xu`Mz>Ff6NV+VTsv0HN-_BHyii=CC`SDJr@zG_RBh5qRY
zS##;5mj3Asm;ooUPi3FUKASD)eI101ybOAccjcX=&-jk~{_LI5KkPln%lLh{)c%Ry
zk8!E~iA(iE==;(7{;wPdl>M;JOrMzwOrM*c^?TOObNpG3-FeRKH6FkFyJL59%&z=#
zx-ZKeryKRZ$LV~IQUANg={jB3ak_tcj83cYpC6OEl4Eh6<8Y}}I$q(ixW7IQH`Z{z
zsOQ*QQ%4Jj9Mig-<5_YZXdCZwta+S^A;+=YmpqPj&HT#q<yh9A9LqA79LpNcu`D@`
zH9LED_McGn4~|>OF{__1ddzA>-pIc_Zne{U-0H+dk6RU7;&|0RJx-;cNAZ{E&v5MN
zfAV-$n)i5B+2d1}I=-ZZT>klr|2G{+`rqS5mv>&_|7pjK{`Yv%zk9r>>~SKE<3GmZ
zLzg-ZB<F+uC&zojX!nZx@sI!bxW{j__woPr>#6?faSpvrzS^|f^d)=)Ct!wcw(UjR
zJX?-!p=~LA3+F+Pm*X9t^XqoY#e&l1YYKoM2!SxLKm=H!B3uKNp$f!8JkTX)vO{&K
z3ALdv)Q1E}0w*Lx6KDo4p*6IH_K*S{pc8a~uFwr`fHb%XZh>3jHs}L)KtD)_fiM_`
zz}+wuhQV;ifKf089)Jf;51Af;aWK&|$utF~nWmd&njSMfX?n`^jOkg^^QIR~b4{<B
z=9%W3-hj6t%am=(g?C_qX`$&o)BC0m;Um+>rls%&tc9;(9c+M2uo<?%HrNh7!fq&p
zeee?;gkRtg9D(29cQ^%qn9i8a!FebKP9ye{TL1(>2!w$JBESk2;Tot6RUj7Pp&Hns
zI@E;PP#5Y$0wjSGlA)DfYrnRB?fg=pgI{OAYoRN2gBu`&Ij2U!10d&{`<{O}+y5zb
zzInd?2KdhZd;cF`2keC1Pzd|rCpZYdz#%vSzriW^6VCdd^S|KVFd!WU!eAHzcf(K^
z2E!o(M!^_(03L*g;ZYb5nJ^0;hbLhUJPpsn^Y9|P40GW%m=ABjTaX1gkO%L;0$2o#
z;R9F#AH%1x6qZ9lz{-HnVKuCUuizV42OHr#_#U>x53mDv!fq&peee?;gkRtg9D(29
zIGlh}@CTfMb8sGtK?~I6&`n?faQRwb2ypUypamkp3KiiRs0?zkS}eqabgtW>I@E;P
zP#5Y$0wjT)Pis6MQqE)4&l_aS0Qs6#3ji*|trh}dV1Wp*LPfX+Dnk|EV#;dqAU8Wy
zhni3u>Oy@;fFy7Nr@vQg0?nWWw1PI!4qT859icN^3tgcb+yH5C6Wju~!fnt8?tp%f
z4g+B@41v30C=7$)kO8A$3_Ji2!o%<=jE78^1XExd%z#<&I6Mh+;AwakUW57Y2D}AX
zkOO(}4lIC0uoymoCGatP3QJ)*6u>I@0@lEn@HKo3>tQ2&2j9b1_yKmnPS_2Fun&HM
zgYXL+f+O%79ETHd3jTmIa1PExF@)G6)wLsaZ4GTLZ0*(cBfi&;^tat@8)5s{_L=QV
z+c&l!xOU_h&I3JTD^dpv<-AX`BivziRCHYG+)t;Yv7?<j_p=k{eNN`Q&xQ%<Ffd_o
z!d-9=+za<5WF(A&`(b=SX2K+x0@Gjy%!0?^Ntgpq!?W-_ya+GDTzC!U!yE7xWI+z(
z!8@=37Qtfp0G7bV@F^^X<xl{t;0ss-U&7b$Ev$!)@Ev>)Tj2-T0Xtzg6v93@3`gMv
zxH!u+6*@v^xE8uXH@E@P;3l{QZiU;R58MI$ARPw6U>E{-!%!FonJ@{az%-Zvv*2-f
z66V0u@GLwJFT%@Eoikl)LT#uE^+673BtbGXfo9MGT0t9V2QEm3j?fvdg|5&IZh$nn
z32uQ~;Wp?4cR)W#hk-B{hQQr06o$cYcnBVWaoOXuGhq@;fobp<JOOjyX?Px9gqLA1
zyaw~(4R{N(AP4fY7i2HW{vdk^d<>t$QdkZJunNA&UYq?DY=o`w1Dpmqze8_(sU`dK
zG8UJ9{^{SHXPU`5lQLG;eEQp0pqv-hALab37;J*w@ot=ma*gZdUg!EDu^aJM44_~A
zudZ)x!QU_E`qp8@O~v{634V`9F@(N&2e!eUn1M4<u7j2Hwf3Q$rxj0syPThOE6RCU
zb5PF5`r50UFD2tgWcqo|2eyZL&TnncQk3h7CI`$6cq(vN;0jn7xGM0Az|~yEv^LPn
z7!lV8^;g#!ZDnkTJwZPO{T%d5(4nBCK^1~4aA{Z9;H=<9!H0uS248^6Au%CwAvHp3
zh13bD7m^s#JLGo8kC+$owHiahKeSb7o6vTlJwk5`?G-wZYc?k`R>4wOUNSDhIyElA
zKE@;{2DujPV%M8xgpCZlALQD&rLf#^9o#;yfjh_bZzi+9xec^4cQkh~Uu(YJ+}+&M
z+{--BJjgr=mYY|Z*O<RFe{Ei8-UgZ_z|scVSvp!eTduWqwRE@iwA^YLXc=UgXqn74
zNJ}ltEnoOthqRAtkhF0B@YdmN!rO&+4DTF%ZFtx4?%};)VECZ$iQ$vOzlIIr--mC7
zAHw&9p9nu0-YB9`M3abC5nUo~h<Fb^h*%mS=UG*WjEQUt&7mc<i)<e`GIC1fw8-g^
zPei^D`BLQ4$TiTw+Rl2bwYRmOHQhSUI@o%b^*-xJ>lo`K>l4=5@Urz)Yu~8;Q5B;r
zMJIFp+D(kVFe-X<^as(Kx!Pz~w7E)nl}MOcWm=V7(9eg8X1s=;vHfDxV;_y30CHWK
z78elLB(7uJy>X-CGUF!2y&m^&+(E{isL6R%o@>rZuQ&VCd%c-lYj!N*_k;<F6B6ax
z-TGXQC)b^g$QqS3CTm>QYh25FJnQ!?zZ}1uAmBoooEkZGWYdw8nKLoxgPhelg*m@-
zHLp9THrHQu$-Ox@Gk0?C`?&?V2cRBf9CUzgjC1fv-nhI)usH97ypQre&Rd?hB5x%e
z&O4TOI`5CX{rQLTkK`ZCmjmXW>)yDA*l;U*{o4ba^ZqchTUYKnuSoKY*LBIYT?g<W
z*5n**xo$8&g6pxdb0p_V;v}4k8s}E~VGHbx8D2-T9D_1$#w1*XpW-U78s}2`VI7ol
z9y(!X9PKre<s^I`3-Bxa7T4njOyFGV<|x;aiF;74C(}4LTCT&DYyITf+ID!c>udGv
zY6tT7i(OaS^ctQI_Vc=k<>$Dtl1cjzKgI&wiM!BQnK~Ks@gvm7sY#%&ZiP<HZ7zF#
zc02N1UQ=0iz)iRfcVHp@<dxlREesoDOKgqpu#49lS>BGb@Fi@>InVkyC+)faG-hKi
zF2P2e)7%VOd2Pe8Ew;x_*v0ECmSwN2eSy4_oD2O29v{jzqv+&Z<!0DpgvT3MPRH5!
zH0sv}>es`*x|Hh`u<Z4icW&}rk9i-<QFy8AGE=|fb46_j>&4bM4Da_kg{Alk&coMn
zAzt=%-JH+c3>R<?uXqHH;YQBY-HILA_H;%4`cS!!K&~N>^Tf}fR&qU?UVrxBdbUB~
zL%5dB#rC5g7=Etmx(fNd9mYQ}gU?9LTQB>$mHZE%LD}=!FZFrKXPJh*QNQ_z`iHiL
zcA>7&>q5JQ-oW;265Flip#|QtbiP&FEPu9D?ZRAaktVY}D&VSYxi0(LFh90K?Z5?|
z?NB$iLcQ4jtT3-E*#>>9wm~L~za@q3&m^`t%b|en&02Nc>o@AUS3kBj?ZRE&?Myed
zoteZoW<&U<l5LA@GbTU-Yl5{Aw1C#uHf%3?m24{}Tc=p3TOapsE9P1&v7KlFOJI5Q
z>gcu6Uq;u6sU1^KohREUrg2P*m>A|=?g_nM01S#99D85vsMr9u4^5#pw2e!N>%g{R
zlG;wZ9+wrD9hV0`!=bn%algR{we4sS-z2`N8uR5(#(I(KwQJ<mWD8KoTmOHaa}#y`
zWcVQW!`x4EKg(TC-QO_Jnb$b43AMh|`%?3dqn<yU_nWHgPgB?blz%Y)=low)oqxo0
zojvuaUiV7<D|M`1&o1WvNBA)&@SPO(`c>*wy<Yv0`zuiDSE*M;saKOQ85?6$uZ1l4
zp&#|7)UQ&nw#O8_ocdMj)8^>H6zt?x>ea>giPz6qF2|K#rM`U+rM~?PmwT1^HW^!E
z8*JzG9hTw(T!>4&+M{VNVr{QdFDGFOuVw4!w$!_#v3{01TI%P`xD)rFUO!8nEcU|N
z@CC0@4~y-*O8qOo=k)`YqF&F+xCPJR^IlJT>sh@%)$32GCx@V3PtKsNyF7Mz>@Itu
zeV_d&dj@S1*++O83u!MD&{jB}f3|dt2I?@m?qIFAKATUQS*{CPiW~4dbYmvYL;d)I
z)bDz|F4v!w+*Ese`hTIl?MHiCTHI|yQ$nu|?GB~w?un}1y^?nKIw);#`>FPJN}2H;
zO559$RC{}+YHxqZs1xhLO558e)!uGzZf{PZ&D~wKw{I<JZx@&gXlbvboh>bGy{+xK
zNLzcNYHP2ste~yE#_}!K{CnEjCe_YPp`G0wJnid=s(t;Pw|#xN?dp+{<0CUK(ymUl
zI<3jp=GK<hR@Sz(v2XLXu{~|;N!F>>X|%APpmnXcudktf-Pq8+{xJHZ=w;Ds;Hyiv
zwX4U}iK!ct3@y0^Av(4St?szkTj4g<_D+u-2zSN~iyd9k4qq0#Lbb*HX^S_BYZlik
zt_`Gur(HfV?v1#&<8tD1<MLJe{9xQKalghLg=2BQ$0fu!j&D}dUcdMl5gYA0?R()s
zxwgA!%!m<LBQDu?ua#3<wcWoc*KWU&cKamS?eFI<$^9gEY3?#_`#mYIQC@Oh(~@?4
zx4cK;V(s`Nc}MwG{*iYe|3LmPaI{QY{=e0J=g^KO{#E;ZB7c7$m*6LOsdjt=wjYTo
z?RjH6ej<;T;BwU4@zRDD8?sGlgiX9QV_CLcFKzq%sJHLAOr)fJ@8Z5#c3hkmY(Ls#
zDt1I^%NyJC@ALR${M73TmIb&9rJcW+?TobZm*O&9fyVZJW40@;u&vkjEcN!k>;t^(
zbrH)CQT7S+{Q?`?pz2r)>!6Hh*^uo}b8LySzaZl`wL#fO5M|#${2ulFgCDss`v{_O
z|DXlio{Q}t+)93L)b|sf=l+ZM5<1xi>H7<9xi9++#{Gso9xuYh_&$D!SF#_WkIVBM
z+ci=4A@u!-Q-84^QFi~~Qu_^eZTjnRT>eknU(onIbi_35jT#4410bkMOcl@A4tZ75
z$sZ<v<ECFfn$Et~Jvbakpnl8b_wjevA?FgKS?5^`8Al*JZ$h5_zp|A1AQx-zGcw{Q
z+EQ(~mL7CZ(D9(NK?T8I1rG@w!C0EdLQjRB4IL6Tg0Yy6g$*%}Fpn~iH6JveFb}be
zusmoPug0ypExaH5I1h#&3_lj07SUT>V`q<S9O<%NXPskx$$AgteEnAWcx8QT7%Q*0
zGuNtZjM)*B89Os}PV7suX>q;d7R7xM=i>UdwD{if8Fm>b@gaMreWpFlG08ENQ4!N?
zzEbm0O?S-)>O52DLc)avI_<pUF|~3&-RL>SI;@v`ZE}y~8yWL3GkIq6d&w)3?OFA*
z4rU$8a^^J6*_g9EN6QUWWA+@+J)0}zN=p04>W)$UwEDP(E)!$^;4FL$_xf>uG}`G)
zsevh8WehNJ6K=uz^zG*2Z6TiVjUHk-0kd%->f<X_rfn66((YP@1!!!4xxzf-?2KbM
z9$&?IDEo=WP#=FtAD1ZCO!;_@zG64(<2|L*cO&E1R*j?$j5p#fxEf{bOd02N1Rlq;
zDC2In$Bnoh_u?tk$LmR>j_i#aaXaeY;{v{~U!jvatu+=>mz_X;96EixRegVSKJ|c%
z&sAWfZbPl6XZ$_=dtNY<@-U6Qh2D5O4!}&>wa-i2_B+pbkLjB|<2>r)D7yAC4g?-&
zpZzRKJ9h)>;|t3;i~0C2F2wgxA9peFDD^R_@fUw*EF{#&6V!h*nS6#a-h%#l&ZiF6
zuWQ%qXW2K<Z}R)P*l)`Cdpc-7rhZE@{?m}~5oLZu^-6w2^4lr>-E6<)??%4wfA>At
zpP&AH)xR%8{^t8|CEtUV-tWP$WxfZ!*@l$;9$e~kztrcdf1c$&AMf}#Qm^ce*%PDj
z9lag<;s7jQ9H$Gx?qL1(OP!Ri>XsP}V_hQkg~UibFa|I6d)L3WdU?jWRO(HsE00rG
zN<ArcWCnF)ed<N24`qz39XwCpdQQfEEnm-Fs&11yO<%Vx_4@06p7USTU;oqf)8*7l
zck*4->z`KMdgYL}Ug^VkNXBp0>yN*yAM|?QN`L<{#)4QfE&_FnT>tMxx&B|TZ{&Qq
z9++8qZsoN22{P4`y6MO73M`)SPxSg(|GUOEL$)U}j!i?%q;8jbUdFMJe*5|OIm-Ao
zvVGC0vt^8wbYdo;M!7Q1N(Ol|QH~Q`YP_#DWsV(r#{L>)9>RB2e?IzgNqt<LOtxh*
zUXET*IJ6pCEv-IN3&_0Ftr@RJ##ipE=Cgi;8K}p>>yQokutfWaF_&f3<rSKYuRI<4
z1ojV{$(Z5Gp#VOIHE@zK21A3w7<D;Zjk{cxahHb%-52ydXu;vZe+Hioc80W5eW)@9
za|T?12N<XEIE=N7wM>Ci;itlTMD&R06LEV)KxD<pYoJwR+sLV~G4lJ!?U6eoyIOlN
za&wV2J?ic#?HcWx;gyG1eud9YAItgs=&jK|MDK{!s)SYP7}F_6#{Hfjn-!ZA`)+KX
zxb(PjjA<_8l(&v=A3vVYyC8loqdsqrx7zF2o%Rm)PWBt^H{1K!$1%?H6O8j5Qo~%M
zUXA)S?yhrxoz->L)Hzt^Se?oBUaa>+y&vnHuXmx|*@W{6#f(jxk(iOFB_$;}lX@iG
z#5m6;r$6I6S8!hAv@yoB)7ch0<2x5Qi@63rJS#G5G>nH6jIll@XKc>;oDDf=a?a(P
zha|@O>klg#r%=Wylrgk-=k3Wmp7(p+;rzp8#(Ex5JP7WFp^W)#a{Idj-C=HvJJKEN
zj&s}8_|I+K?csLl3;h`jTL12-rHQ^moX2-n+~`#wZ(PQG6m7J3#P(kG@dV{NEgnbd
z57)<$f62`8UVN9fjM$U!dT*TO{oZ$>u8?utKf|TC99N=?wo3;bgZJZV{1VrB{gI`(
z3-@3P+RANF+RWnhY%_XbAJn%avMpKTbtU_U+c1T;PY2Z7?w@d9Y(u@(PU<e|EwLkQ
z0~w!ppV#*6gLTH2aW1}wZ(s^_TPKv`0VDBG@9_mUZ6#43r}+1V)GMg(7swd;VsqL`
zt+Aum7icp{pWwa`9%YPQarzG0w^%ao0`Z-&Y`d%MdB^E|hSIJr;JK=Cc)VW%nb*F(
z-DST88W%Sy?q1xZSiUd%cO;QX<z{(*`|`UBV$a8FuVjx-icX4!R!OasT+kQdo$=~B
zFW>h@#mU9DfqXy1-QjNidr(iSNA1&B)jO>tTk|V#8#$NXac6sHetF~h<vnQ+tr5zv
z&&;o{evNzT+*9XXxDQ6aNEi+G!y5P*eucwu6pq1^dQ<96gBdUj9)~Ak4m=Id!t?MV
zY=<A=0@O&VkyH!nKs~q>Zi7B>2ZTC9oean542MXl0F@vb7|_ER2i5r9x4Y2pLY3kw
z#m%4vw1PI!4qT859pPH&19w0_2z7_L+k*T~(_s)uUCe+X_Nved{FD6U)V`!J2#2cR
z02lR$`po!!%6^LedzCt!9aVdrJ>Jem+V++pCy)j}C|DpKnCc)&{@=5`sKXXRwiyW;
z1L>A*H}25xDA`uXcB1??V&;Es`*5jkgKQVdZxaHm1YhBHp|U;NZdcoe7WUTmcJ>su
z5na?a;%0kKwiCYfzbPpwDJ01Z5lNMkswBlE#X+?sTT*?sZD^U)CaHZ=3UpB0iCffm
zLbeS>@NaAvti_d?0YK&ea29te?p%Cbakt_$H6K8);{L@0%4{Qo*-FTE!s3oFY%AKh
z+qeh7VB<F8DsLbDce}v0j(zEWeY@bT!0R$%<Lw}Ay;iiU+Q2KcoEU6WPT{59(}_0E
zINCf<(B=uL5eD_(?mBnZ84AN-IAp*m7z3-}Ap8P{;0XK%lj}{cHx;JCOn3~QfZ6aA
zJOj_c3-AN%fb&p2sd`dPs10=?6?#H1=nc0+2(2oH0(V+~;bfg0Dxr;ajk7XTfmo;t
z?U@TBx;VPHDKv+c&>Gr8dq{x}&;@$K?a&vPVu-miTB~+ae_BZcLEgelvuAuny*;D%
z+c-HsEbTNI2lh7^2iAM5snygPKpU-{)(_I*Q5X+zXjvMaS=u|WKzmR706qqNev?&x
ztNp%HbDSLZI||2`=j47yi=V<ACx5`CfJp%|Z%<HA2s0>|gCc?=nJ;N~(64YIs5t14
z;6H+k*;k$sG9%<f=*iG?p+%v;Gah?}Im3L?e9k<<GQrX#yhr#$AoHP^BK;$ypi*RX
zWNf4@vI#VU7O*^Wb>!N}ZzI=7Zitk5Q(mJ#at`DE-&gs*%0EW`7%gL0?Pk2_0dYg)
z#>71ux6HQ8w!*g3w$8SJG3WQ#jxz521;(83Xzysh2_CjTYM*6)+&*8;pJH<OJAxb`
zj!?%nP}xz1Azx}ZYC#>S2eMIX<!J42IXXJJsySAAIA*CiR)T9-YSgXKpoV9zmAN&U
z;kVXZb)K#BMV+;E4%9hbXHvbF>TRpHvtCiXV#6FP2NDh?q$S;$WE>w}=41(APL_(!
zC}w1_JDV{lOFQqJEOQz?)#!Qed@M4Kd;R1t$!U<z%q+8#7bO=Yd*)@C^VXWTwCu{+
zcIIc9$^0yJa~k9{V~&=wc@O33^Rw_&iWW0}mFq$eHE-2<=B*l7Jg|6h@sQ$sKnCqG
zL%h41yB)aT4(JE^d@bj_^R?*nvpht-JQE*B8NXkjuVp^>MSb3uv9$Rf#4l-^i|uLK
zid$%t{*G;EJGS?>A*CHD^GS$l8`zIU3Mx0h%iv9(`CW#woQzYj?EEg;ceII7<`NJ!
z`u%Rjm0Laj$WkowT4@{OpJG$5Jy?n(yv}4P=6d~{rKtTt`+7U=XWGQA@ID-a58z~+
ziqlZ`^+h**jN&`=BZ`Z>Cee>5mduxR{L1EY3ICn_96X5sFV5qlalWnW>t}KdcD?l3
z8|uS1w70d{)LT+#N&O^sQ<1lBI%_^_mbysl6sa3p<g~~+f8qQE{dZC5-s?WVoJD$h
zyZFu)qW(GRpI>GL&;FoXe?0;9TPFK@`gwqI{-1nbWdEt$`DWgKkaK1)HimiG^JwL`
z$qD)`^!_e=eR`drLruRB^g8~p>UOEGFI9ia{7}aFMXyt&KGExn{qFtlqLaKQsBe4p
zZH{bf-UEFbBij+#ew3}3t563^U3)#uaXjmI+3|{FKD-H8umILOHaNb6@8OigUEN;8
zQR7i~rN;X;cGlQi<D*(1)mjN>YPoBTs6C=~K}nq~^I;k5Wp{mNgN_ZlH0ahq>PEdT
z)ayXK?%U_y=l<1wq~x=g_xRtgKT3Y@-VZQ~ZFDXyfJNZh<~|vCv2E=+wy>UU>lwDL
zzT4M-x@|4HUDX_Ax0TVC+*WpFOWDn^t$fb$l4Gu8p5t}L8;-XeZ#%Lb?>ZJb);Tsh
zHaRxK7RO0;_hfr&t5IETQy-}@uExtXKB)0yjeS1b*Cn++u2oQLRjog3X|;#f&ZsTh
z+ZA=x9D5BKHt5u#bA#>;O6NPfl5OpkY-c^&*5+(oJ=<4(dwPNG=}+#TnAhwV_fh6H
z)3=rKk^Y<8%bnCad+~o_yLqMCIeq)4Z`ZW{!uISO^^bOn{<S~;|1&?CGt$#<>8&10
z#wpj2zsgwG(*Ktkw<1pZlr_#o(qq+<e(*@HQ|TVuBUt7h(Ky%D2KrnPa$STz7lg#y
zORj(L9AlqP|8=ICBVdm@4<NI$r=L<kemm(h=KwKYZzA)7$TcSisk7vGjC`L<`YGv)
zlyR^1<GF?OKZ?e23f!}J{Dfz`YOTz?B5lfCzfwBK$RLZHe=wGPkWA)jF>(Egi~fGi
zJHN+B@AW0i)jo%(&)+jYL<U!JOi0w<(@gqt*P?zrTgGvg^S<?4CjHkkkAU8vt-amA
zGYhdd;P0;A`rGl;SeG29*4rO)otGRpmvJ-1O!~TIoP4<sL;5^R#>;2?9@$s0Yj$lu
zWLD0stl7itb?x=+4WU19a)(pnyCl~N)K!0}XD=IXj9txZYLR;Xkd$G=Mhwy#HRf)A
zb$`H^5u@}sMBbYJoAo|@&rDlP2f^b&3_>|59D-`{*uQv<G8vg1Fq4Uz!qGGPDtG?k
zfBwzC{ZFs|-+V3qTh@Q?d-HF+*YnEU3d`K|Kl7^8P5-n0*d7{YwuH~uH2dv+9~sxC
zU8_6Vw{<ycjBk)wzhUi1`_-yjFQHCr6;qucep3I#H+c^K$xRK~@fV4InOlJOrmwTZ
zaIM?@TDM_Zw=r6``?PK&wC=;T?t`@McWO5b)@~T4-7rE+8>FQT*3w36X?JRA_h@ND
zm@PuP`9AIDLE6ptYB!J2`i$244Ac5#XdMP=9foKfMr$2L=quoeOo6siTcv%jeWA$~
zK*od#FxB>3C$$;F)A&hMc_lYSHYg2$gX5NFO~#h-<gNAoDU2~@G}is4_LcUvwzS$e
z<k$6+v1Y0;(hM6cZZgt|H~g{}AG2;5SwjBdQ_>{uTWy`TUaM=`pvsWZX=G#?>58JZ
zX9N|MeFe$as_X=neo0ziJHr?@OjxYS=%mVJdirWzy!Wo4Xm6;DUeQ%O_wTgL+V|QP
z=EIX)H`5J_6qDq)iLr6!n`GP<?>}7j;#>8sJ>l!s8n$aYv>&y*O*^&WJYN|<XB5lL
zrVP_UlZ+&D*+qK;f1=a}7$ZZ|Mlq^{y#FVv?b04FovHSqdOwm?iBIyEe|kG*_}@R&
z8Va?&+CFW+_LFviLQN)r1}v}Rw_dH!#CY~swk8v!XP5rRo9g>3^A>pWe)j%JW-yRf
z_lx$cc1T-R?J)WExJas!DaI7d`~?ywqv(6XFMII`>z2{W<sUv%ukMI;RQpY<XF8_J
zkeLq}QaatJ++=)ym3;-tH>&JJm3~E9UpveE2uvWY%IK`h)wE94uJzu#f}*{lGD7<G
z>balLPHLyL)64}SH<@+eu&JTncg(x+x=H2~@czSPFV?AN?FrwY)^L{D!HTqdOy}i7
zB~9jL7|rr~(@5q~kXZ^YyJ&CV0ZJXqIP97>nvu)p6Fyn(f;QH4wwhaeiN}pqiL<%)
zPj9CU|NCdPAl`qgHz%wb4g7z2lTmgms?sWWOEXuC{KuuqxcX7*n}3S2zC2H<y2)OR
zEX~fSRZ^#)W`+*WUuu{f)!5~uYw2f`AIJDP{HWFDS=9ADlj_x~UGe9jzYR6LWz?sL
z1g#b&*CD5#H@8ML+dnS3R<-9<DGeyuPiw+6H)~D3uSj3JOvBC`^qSMVK22*@67fsP
zz0&B*yC<U<NvVxWN^M?J)~_Y^F0ZW8D4D;2`KGm&B_*^jx!1PjUTOU0-D{@CSdwyE
zm6Xw@<X*dydzV*QX;gDHzk<9Ax0IA|tM?vbGpTzrqFL#GT;9DtjO8Sy_ADv2m-imC
zGN^kphsouYRT_0WvpC3Hg);t}C%2z>$+%J8d$c>Qu-t*FOqp-SQ)YkflKCP^%8a?f
zG6$(TV4(N^hgKV0Qc~;{mL%g|WmF5`lYfEl=^$@8_g1^Jq{O%@EKz2=7)e=mH5n^w
z4CPEI`2}d&G{gPUcmDG3%}}MvEE)Gx>eOm4mXtNU<lg0#WQ>}rzDW<6=9DQzMiDf|
zUCDhJ0ZhK151XDUQ|hD48+0Wl8DnMc59yQmk<kWA^S5~Kb2yW~?PQjq(!Xu>-rr#g
zrr%??O82O=P^EjR_ky+ahX2^7axNHh_N&MvDm`j4vyR_XdW=Y}L{VvxN{dzMR+07n
zWQ`5{r2KB`J-9)o2`Z<%y5B>ki7L{m(nfsO8fiyuQw>w2m%f^R@7_wArX_2i+NK%S
z^9iGv{d;R*ufrBfc}vl$eQBFvSku3`7AdQWEk?bbuWd80;#%t3>amt@)$7?|o2Ay2
zr_$|=`}S|XrWUrAYAt7Mk6*>tbFJ+<wU$G+C)HZ=Rr)LA*ZrHXMbmmyUb1%1Hv1~R
zmb-2DuofBrwUPFnZO&C(le{<E)GNxcy<=F<d(6}GufA_g3%A7fK4m(!QMPvtYx-B$
zLSa^01@(Hy*cM#Hwb*SA+Zx;Ftf`UqfNh~#)7L89#B4_Y=4*1=8rin0_3X1Px{9wz
zp7YOYJrCQ~sr7uL(!I>e^l!eNG~11~gOuph9<+UX6<?3bmcm++wMT91ui{$LZ3Aq7
z*iNz|6`*Za>-nCP;}LR*f}6>^+{)P~jKvZVz#oFueG7jH(Zaod|4A+P1;h|x(T=M}
zzXe2i|9XODh}PHp=zv=84```!)4aJidY9W&={Ku2^-}lmP-XtE{(dZ=pEvGgKm^A?
z9#H96B0{vC-oLC=k9K(<tx}J^^FG?B9&PqM+Qg#(ZHG#KROxP&?osJMmHw>KLn=M2
z(jzK8s?t*`J+0C+Dm@!eL5tF=2h|9w6;x5HsMS<yZIu?Nbd^ds2XP^SRxec2Mk;L*
zT1l&{eG~d^XtWli$!L4s%&}Um_AF_f_AR6A#j*Ux9IwT5^;K1^s#ZX1(>$Xa$>VP<
zcFm!64eu6i*X-K$;nlU8+K%v@;k&t4UE392i>s(=TWf2zwV*gjLsS~3Qj1C>R9aD`
ztyS7qr7o4GsI)^|7;Q;E)mrj=ORhAP(R!r}|No#2nUznzlOZY%r6lIsWsF~0%8Yy=
zd?VsjT9tK$Y1LF}Q_)E(ZCFj(ge_FslAO9)yK>LRRW9f9Uu&u=vwgV|Qp)9AewiKk
zU(Rb}Okr8d41kQ(rrlDm#9LK<&vN;_)T_NirG3>qGFYW|s&t4-?^5aAD!qqtIQLSe
z53yespgpY8N2>Yremz>Q{L6nOzLDcqdE@@I@+R;s!?ec@<;_w#PZ)9@Q?Kw9a+0(x
zMnu-MJi}jopWlD-C`YX!n|Tp6E&r;lA(!5y5bYg9*-KQ;yM~;PxSymgVw7i1`@oR@
zpS&{P|6Q!s@E&tLYTAcaWexAEH54!swWfV>Ro1XdtzjkeQEJ-itFngARnOlVm9AB5
z`;JkwHEruvS=;w&4V#%elXmh|S;H3fN`6r3cD1&hjQFiFHlgpg<DWm;XDDg6TEi~p
z{bW)QL;gQ6UH)^wp`<-(4Tl(+oN3Vw`TyA(jvGokqSkPj`AIeHm?8f^Tf^^$l8$me
zS@W|6{HrbB^3N~GmZ{pP{!F-A{;&ULPOxpFT2q+Ka+TK<VVj}WWVVH0<uygxX0is8
zR?&8iT1GJgtvrsk#j9nUtt!i8t-7ry%d2^-&Fr?arW&?dS9wi!Y)`2*)wd;F<uxTS
zBaOVK2DZejyrzb>msmq1E!o!ODzB-TT2EtJ)2qCm=4w5yY;CUcdfKV=w6?Xq%Ij%Q
z`HaqH>!_9;nB7?(ceQm>%j<33SvJycvfaY+YTj;D>$%z1^D3{Wms-#5w!T++J^d*^
zSsQ2@e3jQTgqgQxO@nNAUgb62WqVz%X{c@3RbJC@X3LV-bg%8ctGuQWwp?2>Ynr6e
z$ts<q(y1z)rqbyuou$&pRQk9|pHS(ODxIy;r&aolN}pBfb1Hpar7x)TWtG07(zz;q
zRi&?~be>AzQ0bd0eM_Zpt29fc*(%LbX}(I|QR%xXU7*s1DqXD74^;Y*N>{1$3ze?r
z-EE|;v#r0%@A3w<o?W)xS9v{qYz^sq{K<B}CMQ}SQLpiYN>8cuPg`THvG%e<(pOZv
zK&9(cx?ZIlR2ooSVnS7FQE5$;)>dhXN;|5wi%PFkX}U@Ws`NgU4p-?2m1d}Pq)NxA
z^nR5-sM3d2nyJ!>DxIRzsVbeJ(wQoKN2Twobb(42s<cq0dsVtmrTbNSNTr8WdPJp1
zRl2i&6RnBX%_->(Dos=AO)9-brMIf|HkI~K=^ZNVr_ywl4pix#D!ogk_mDQ#GMppT
za<p@dT0Y<$tCkNrA6Cmpo#R+G(VkW5Ybt$5r3+NLNTrKa`hiN9sPto%eyY-?DqXJ9
z0+p^(>1vg(Rq0oxO|^~AO=`K>`Mp|hb#7D3?am!)xzo9eWfSd`O8->p8I_(@={c1a
zJDX|E**?B(^(^Olm-*Hfj4Q_#rWHKPh80?AZFzislu7Fr)lTcceHl@EDK5XJqt=PX
zpH}iLKdaPP>%!v}G1qF>vFx|Wv+TdAt9CPw(>F0v8V<xkIN1C5&%Dc}#C0cb8Gl>h
zy}z9M1)dWiy&G+};b!HSaV+_fXvlVl(f50?{19(`g);GazO`&V{p3<k#j^R{a>~VX
zELq~q<r5!$k#gkuOW9Fn%GdMdS^(qglKgAPyI8(lD^Rwa3dGBMbFqBMlk@${mM_mo
zu01H5FL@V>munitvhh;B?|KhJ$@3|nzcWf+SNZ&3R6Kv;J0azlD)FWHT+iYb3&VW#
z{m2s=$*}f@cz^Q50vYDskRL#v*se@`AbDa7vu}J5d18dWZ+<X&V%;+NA>@f8%9I~U
zo;ayYd>DD+Q)Tka<cU9*$+wUvb}jQf!^sopmsxKFdE&Y<`H|#_S!K$xk|&b-yl)lA
z6Wa&)=2s+7e6CD>6nWyWW%92fPb@C;d@7MA?kn?rDw8L+4D?-ZG<jmO#W%kSd16Bu
zp4#xa$B-w^R^?PG_r3MJUb!a6_xtS0ms6D}j{kSNHwTL8s(fSq7V@_Q`l;t{%)b!k
zc3%j4s$Be5;<pC=tiGSd_-*8G3w*6yd}TB5gt>LO^0yPeJupsvPmJa4Ab&?-&vN-c
zlK*4ihH~ZaB!6e%)N=8=$ln#Xv|Rpf@^=SDsn6HA-aX{+2^>@Ic@~mi7^tTG;f%@B
z_j51#djk{8y$}1z-ygWRTsdam2T?v>V>v$&|5M=5a?j_C#qB<0Sy3+k0PzQ8R?9Nw
z93=l>V83$DryuL=XAV=}H{*JLCjRHZ!R5-yAU?y~x?DWN9PtyLU9S8n;-k!;s&dNL
zlb+Wr+m~=&b*%a(%D2&zF9W_@?0f6^o?EpzmnYWk?inPn_oDF>AlI^SB#zYW9$@$U
zkHpKiu59^I&&QEpcDo$Uc2Hk$)spp=KF^D7*QD%=<x5^D&&S5|(Qop6^n81ne0{x+
zGVAqxURFk*tf5(}@?1p9(c^2DiPy`oU8a2f{gE1VpuP0{k+#Og-XAF^ig&0^rvB_b
z>(%q?Um`!TOg>Ll)jv*GvPPYUo^tg3#;&I1iN5*GTrJ2GyZF?TEnTh26Mf^`xZ05?
zn$-71FTcGjg*>r=PrlooN}d?*li$JBi9E5U`u*zVbaq`!p6I*Y>s;59C;H}hbKO9m
zST$TeFTI=|t{ce{edBL(-9nz|o8Qybi#*Xc|29`2@<iYK+g*Lh6WjSbe`)~oMBn)S
zt^wqUzWD=PgUJ(p^Y3)sMV{!Jf46HWdE!)`*L$z)KJvu2KJW8zR|a`vbDw;-dn9>c
zBcJ?Ht}*0^zU#f;HI_WlH~&G`!{mv+`H#59ktb4v8a|itu1xYo-*~rsB6*@GzqJ0G
z<QimmyG1ES&!6JrT_aC4=1(L4PVz)!{tWVmkT=Bspig}}i~PID7me|clYcjPciRKh
z`=hV-N%AXE4_7iL`Q*#<{+@dN`@qUR`E!WBhjQ+**YVj-Jx%^l@<ro%pC$iZ@<e0)
z^W+aBZ<zfC^||ZM=SA}GBVRPezfAsc@<e0)T=GYdCmQo#BR_*Y(U?D<{E_61w5Rwy
ze|f#5$QO<AZxBD4Jkgl{7Wrey6OH*<<lj%8Xw1(c{{iwIurKj>y?Nx1C4a2Fv(Nkd
z4*3s~|De5<Prf|Qhsb}(-oz(=0r3x$FB;doi2O&$6OH+c$$ykQ(U|`M`QykNXFut)
zeP2TUc=APKygZ)?<cY@ok6rvK$P*=Bug5-hE!Es^(KmjXi(d<|qA`AjYbCMbXFlKa
zRW9}{h@E6V;#1Fm;aWqi=v)3;;wKX?8q5F6^$oG2Z~V6|w|fe)qA`BGYa_9uZ~P_~
zH5jp?F@Cda3$dba{8pFSJ&jn=82^K72eG1W{EsfTdpfbAF@Be853!<ee4)$jo<Xc=
zjAws?SkX6L9?v9JG{*0D9UxY$@AG>(=yJPf5j)GC<g>l_#dU~S(YO4=#6L#7Xe|Gz
z>lm@3Z~SqW+x<APqA~u2>lCq~Z~SSO+x-NwqA~tY*I8mk-}rMbxBE$AMPvMVS23}o
zZ@k;Zo)od7G2X;L_w0A0Z+t+C+dYR^(HI|;5<;x#8y`yiQ^bnKcymfPv7&E$1o2N3
zD;ndiDHVwoedD8ue}-7m7*EYltmqprk0)Q_(HLJjr3$g4Z+uLO+x;wMi^ll4l&Zvv
zzVX$Fe~wtu7;jIhPORt~UxWDPi4~3UwNmO3EBeOQCH@6sMPq#Zlmz|~qLq!8$DaK}
zW4u*MN^w%QXe{5VHKLRkDO)s_-#Dcyv7#}a>)?ogiCEDX-y)?Iv7&E$YvNxfR+M;s
z`zUd*kS8}|Ic-zgQ-<gp@1mT!#EZuG)Rd0IioWrkh<}w>(HP$)<vL<T-}tV?zecQB
z8gJFQrQATQXpFaNJ&2!2tXLYaX|!#L6^-$dPY(~VqA~ualv{`uedBwkxZST4D;nc_
zrSv9N^o{RB{2RoI#`rr@`VlMo#`h=wO=3lf_k1o^Z9vL^l()#!<Mr(wEj`K*jq#q>
z^)~UMalM06h7c>h=2PF^l|s)Iv03&veCpeKQtl;I^eulF@!7<S#`1@!WDqO*#*ZXE
zhgi`VPs@i`(KlWm=MpO#<Hw{tK&<E+KQ_hf&LdVd#y^zu2(hAX{G-I@6Du0y$ERcx
zEBeMyB>o*@MPvNrl&QpuU--PA(};hU*mvz~ecsO*DYJ+beanB0_yxp^#`2#?nN6(d
z8$XBmg~W=+_@`5zC06{}=lMKG{32o(+1L3zpBGYIB3AS*|7GIeBVII?KR4wyVnyHh
zdBiU!Ry4-*OCeVDjhDyo6Du0y-$;3jSaGY*^M5<V?f!t+5A550o_}^qF0tZHpZGlD
zKP3J``yQY8cTyG*EBZd4g~Tr*UNk<R_fp;`R`iYkfcTGy6^-#rQa&bD^o{?7_>YMd
zjq#tQEF)I*jbBduC&Y@z_=1#G#EQQ0pA-Knv7#}4b;?>|Mc?=@iT{jP(HQ@A%D2Rd
zzWM7?HjpR!ma{R1);48`#&W((`JPzOH+~E8%ZL??@!L|i6D#`0?;w6Tv7*H5^`Trp
z;OU3#=+kbO|6f6@Xe^)a2W5+8^LLRa8q4?8p9Pd5`j)esSh0NkN@7Ld_&vmmW%CQk
z6U&#giZVpsa`qA{md)Qso>(@2KY3#L@;|3+QOY-N_rD-dk1yT6{6raI+42vNCzj1W
zNS;_W|7Y^V^6OpAdPU#Y`wOvR+5BJ06U&#ghB8Foat;wImd!s*o>(^j2zg@p^4C(f
zSoVGUl030&{#WGb<&?gkM=4t@yWZc(6U&$LHRXuDuj?4GqHq53loRBMM}7JMPNuLI
zN*UkSt3~*hbDCJO{CdA7Ui6LsgIKYA{5oPq-}pa?70c$IAx|t{&U(raeaksZtXMvN
z1F;v&HwBgEm%jh!C_^k?&PK`+eb-w=tmvD6KBbsEv4?s;OMXWwZuch2*ksQv^FEvW
z=mSRIayZsXo>(^DpFGi%Us67gzoUH7_jv{oE0&MnOswb|A4sfNOZD@VzCS_aiRH`r
zo-#x!$M}4<kf+Cc`tv>Yrzf}UdV?ujEMLx6$`Q+!zs*p-alJo~FP6S8s}_<PM%iJ0
z+r9a6;hu@3EoSm}*h}+0<yf`wRC+^*)#E+ygH?-6tw1>y{C+G`PDS!}+Dr5Ga;~AA
zoy6+#dO4L-t58lAzg=a@i6MWty)<7hCysJ<6RXGTpG(zL8|8?;?~k4MJ;aNp?}MgQ
zPpwI;=o?>)_(EbuV|<;|dc=yp@%4${ORQ*&Pe@H7R`iW;Nc=uxMPq!U)W*b$zVS_n
z-%qS)jBl3Of>_Zvz9sQL5i1(wTc@@qR`iW;NBjX|MPs}xHI-P=H@*Y$2Z<FW-sk&9
zfAtS&ET>ay7s?QQ<FBQhpD9B$#&=EaMy%)?-<|khh!u_TJyLHZR`iX(iTGcM6^-%i
zvl1)%#>?YF#EQoFo~gZv6@BAxOJ(awtZ0nylX?fSqHla(;*St38sqz?4j@*v`Sd3b
zB>pI|NA1;p>Yu@>Lx>f9%fE~G--s8D<=>NfFR`L;{4nB=5i3f({y7d$9iDoeJUw3j
zoo1wtqKr{~zkB2LdSf*CC+wy9`tS69%0EG@9<TpS$EH3+Iil}+A13}J@uKnh(?d?I
zST=tgd7^Lr_|#1DMBnl!rqXLk*`l%h$*EI`6@BBU5r3Lk(HK7?br!LrZ~SA#|3R#1
zjDI3^HnE~_{2b!{Bvv%WKb`t4v7&GMbHtw^Ry4-Hkopp_qHp}m#GfTrG{(<OeT`Vr
zH+~-R=ZF=J@vo=8Nv!A_{}%B@#EQoFtkfK0Mc?>b;?EN+8sqa*-z8S`jbA|g1!6^G
z{G!yw#EQQ0?-O54tZ0n?F!dv1Mc??3iFXq#8sk4rT}rIz8^4Tr&Ee4)zan)dv7&GM
zD&kGVi^ljbQr8eG`o^y%-j7((82?r3H^hp*@!t~fPpoK+U!S^>SkX6r6Y&AWipKcO
zsauE@edD(hA4sfdjHiYtR`iXR$3eu3#`x{2KN2hY#_vp}l|!s(jA!dktmqprk3)!+
zn{WIcV#V_D``8wVzVU^`isj=&DPJ_k?@irLtQhQ5KmU|UD~i}KN0?9jd@%JFV#Q>i
z{+3^fHxqAmH1+9kIh^|cF?JvDQB{4n#}7<0fzSdBO+Z>e5W84VEI>%Z0*I*Cd+(jc
zf`}+px?*qG5wT+dQL!N^qM|5vQB*`g6hz2fE8}7If1kZxF88zU`+2_4@7bB0B$H&)
zR-)zX?fD&jUG$uLd;aLP1}$g%wdm`i<=lQ<ufNf9hnm~J9({eZ_1g_FxBs7B|DxsW
z`J2!;K+n17SM{oq!fQEZ`<lJ+pV|J`$M0X*HH7gW&vCtx@W#T^_@0{3IT_J6aXfy1
zgtrLXb}oB+a-I+4lDD%d&f&~;s7j;dd@q1;$#a_F49>p}&0(B9zZTBml6?!bob79)
z<$N!MalY4qalY4uaang?UfbYla`x%gL(3)mmS{QK*GJ1G`&MW<+c!YVCHvNBIolVZ
z<&yojXgT)o^VJ5%`Q8@B`Q8r3`Q9GJ`Q8D>`Mw(WRiWEijF$8Jjxf&mu`R>rbVAGd
z{dTa>(@o?1QaHcwjGptoi#TVTxIJsc^SeFH;r#Qv!Z_b2i1T+q%lZ9y(eH?s^ZT7(
zobQvxIXk1}{C*c0=liZO&iCD5obS8CIN#Tc>v_Alo!xK-=b!VhIA;&EoZs&W<9y#F
z&e<${FPy>o=iDo9|9!&oN1%hR&yA|@1(N6AFV1N!`n_=*`Om+d-Qk??4~p~m5$Eg+
z=lpXr;`a1F%lZ9&FwXZW;`Z#1HuQWQApAf$=bzsb#`)e0#`)eG#`#_X<9zP}<9r{1
z@0SSO{=3BU`?&Cw^SG${ej!hIDQ-(?yUyn0E8dPWIRE*#vz>T3mW#eZ_)Ky8ZxmiB
z&Y39sNy7W$9L|5f4uWyM|0CWW4@MihJ~PDAeM0z6!bb}qCH!IGj|zWC_|3wn3cp48
zA>#TRD!iZY{*L2Y<?(oLE&TSXs;U72Z;02;!vbC#{lI`XgdZMo-q#KaIPX)B2srQC
zjtqEHoPSino5Kft?tec#Uk|g-Z}RbW*N^tj;pYH+y*$S8`1|&o^sauDt^WUbe(cSJ
zw-DY^cx&NpJda<FD{A1o#+}<4dmTIn#|69*{P=)3gP#y^-dCOIcsg2M{r7`%S0Nh8
zAL2-Q4dFF~r-T;>$73<Ur&~+(g~IcM?<725cwOOjgx43|K={tWclpnM_FgXW_4!ix
zXP(#l@0@o%SLby8ulLX2QTTSki^S7S3$HEC*<Sb#!n+FZ@}Jib*TMJQ|Le1F7wz%(
z6902wKRXDITYLs!&M6js$KJXBMfUtZ{=1#qrRw4Fkb13m`|q6W-}%bbc$B01?PY~{
zzJ3Wh?+df{hn;bYxa9lylW_mQ@%}K^cR|Y~`;*af@%=OJx3{k@S^MX7#ec&k&p8EW
zaPc|(I_3_&@v|DRP=6YnWAA=kcRGyo{R|jKkAI$eCwV(}#(%?Q`|SG#{H|Brp7<Zn
ziLcLYy}P01?D>0COZI=^_Ivi;8~+WL?c;O0_ud!AS?|$%e;8-|fZjb}ob_J4OJJP!
zKE2CeT-M|3R^Gev`jhc<rm@Gjr>g2;wA@JZxFWt66~@`~@wg<6^SvL8^SwWeo8z57
z0LJ<KVK8pB*AIkoe!m@z>r~)ge|(e!<NSUQjPtz%-lKB9AAy$h{YV(+`%$p!dADaU
zob&smVch-IKmVS4xf}!I{Qg)N=lgLmZjASIkB4!7e*%p2{X`h&`$;fvt~vkY-lxJi
z+n?6^3>cU7`1SD2-ne(b>tWZz&ehLv>}SLK!a2SiV?P((57w`6SJR&lzXZ;?{e`_R
zzWxT7|8)7E3vhp1(7JOix2M;FbH2C1V`-f4wb63E7s3i#ADcM84xID*y0E&f$0zzp
zDg4|4=J(n67xNQ+eVoJjeFGThyZiI4@pa~PXo!~c`$jO%_r|cstxv4&ds|#H&i4%Z
zOzXSN%aO0+Q}DcUey_YK&f)z2I-GG`YRAOwX@-{b`{ppt_ZBeD_Y9t=Or6Q*{L6ad
zXZ!Fz=gfA0R=-`u*YgVaS@5&kZ7?sdA@JFF{p8&9uY%tO<6OT6J_k0Z@DcC+VQ30p
zH^<z*C^{r{NGkdIToesV4NSSOSK0fSqKMZF-*13h`cC!p72p31!_&o28^W{a$3DE;
z&)wqL=eH<2K6QL5d7X=*!KuM1_4;rgPT~0c#^>WFyl{&+_xZ|xes?}v&h|H=<&ymc
zXgS;8gqBP8?eQ|_Y(Ek$m+UXZ*_`c1q2-eOMQAzOk4DQS`-{<XwjYC*OZJzb<!nC|
zEtl*sMa$WK99k~fUxt>m{mp2(WPdqY&i3Qca>@P*w4CiHpyiVNm1sHk@$2E?sl!vr
z`@^E>=+x1v?ER1JC*tHGID^ZblYM>rAB@Z0o}y?H-j3XlL*l2~Kh-~#z5jQ6o--Le
zmpuO}oXxrCPf1Nh%el^TZh>*hbFRi2oPYbTfyI69?dw*Y!TIM;gK@s!2IH*X-uq4%
zXZ^0;_rN&o_?Zb9XZ^n355PF<_(>la=lg>&&i994+%j`N_Hge<VVvJT2IG8x9LD)R
z1IGFO1dOvjv-d0*XZ@+(&%ikA&-Q*E##zTtSim^nXT!L?yx({9B8>C<mtdUlFT=Q{
z=DOi08ep8?&w+6tc>P=$*TuU%ufn*#p3j4E-<xw@>-`3d^Plc~8263o@x3`P&hOuX
zalXF|<9vSy#`X7Z=esb@?-#&0-`|6AzAuDvzP}ISe)pcQ4`7_%e+c7zUj*ZP{|LsN
z>^)zLVVvK84C8$N1jhOPDU3VQJAVm`^ZU<W+_7H&IgIoBr7$k*@yA#E&)4Gq?b>$x
zSD)khP&nt`A6^IJd>;lI)~-R~oa^D7-w%fkZ<m+oZ-C#>ZkL3QfRAW*NWyP~-`H+L
z^~*iJ{a^IPM<;O3f4U=KBil7eoHGi}`Tb}Z=ld8K=lfXL*meUG=Z}MPet$EJ^L;#w
z^L+x0^L-+0V!P&vr#lJG`Tb-V=lc{G=lfLH)OM#O&c6lD`Teah&i83B&iC73x3xPb
zasKUa&hPJl-O=uZM1Loo^ZUDCoa@W*dU7|6bNy@hJuuF7zP;QF<6Qq1{e3Xbb@une
zINu+DalTK7O>fu8JYV1A{0HHj-#-N7e190m`Thuu^Zij6=lYL$x{tv)*MEXP4&z*3
z0iOZmT<3Lo0>;sEA4mO~!grHn$$lnU&i22d<&yoAXgS-jM9U@nS!g-i|BjYR_D`YZ
zY`+REm+YTL%h~=9v|O@(1}$g%)o8h7|14V0_G{2`$^JRCobA`5<&ypLXgS;eiIz+D
zFQDaYzYZ<e!Mr~6e?J@T>~@{1J$`-otM_`eoIQU-Z+tX{p0np~M9bNp|M?}fobCTb
z%O(4l(Q>xmgqBP8ub|~@zZor;?B}56Y+uDT*w01FvFGoR<2B;B@jp6$gB*WXX>9zz
z{Q5|IJ@KFNvP<5cS8+CHZ%+;MT(X~sma~0Lv|O@(4J~K;6k0CXzmAr(eI8ma*}s97
zvwc2VF4@mV%h^7SmP__;qUCH~fR;=4Z=vOEUkfdl?B7Pq*}gVfF4@0>ma}~!S}xhY
zi<Yx}9kg7sUx1dgeO<I%vVRXPXZw0+xn#c(Eob}sXt`wnK3dN94bXDQ{sXj}?TgTI
z$^JvMob4N;<&ym(w4Ci5q2-eOM`$_QH%7}P`^9KE+h@>n$^K)sob8*S<&ym;XgS+A
zMaw1oPtkI=Z-$mj_Dj%mwr`G>OZK0k<!s*qEtl*+N6XoM8?;=qUy7EqeM_{Q^;RX@
z!Z>?Qn-csK2hQN^IqlGLw&#ET5-n%@_Gr0ezYHyB`wnQiWd9Xf&i2J<xn%z}TF&+z
z(Q?WD8?>D5JE7&0{kLd2_VMRm?7o9>?m63)bio;%?YA$%BN%8ox8I>;C$yaHcSipM
zTF&k9{RC(^+w(vFh?aBv-AcNl<!rx434YcSE$8-loCqz~C-L#jPiTK?S8hI@*}G&P
zw46PE-xB<^40_Hzf4`Cg&~mmv5d8|YoZI&*DM8EGz7P6e&~k2%uW6&@Y|sDvD_YL&
z%S$TJa<=bVf{(({a&CWc$)RXD+xJ7i5-sQU14;&><!paA`rpxVZjY}aqpe=z`maK}
zs@-67{f{gejGnXSAC2?>K+n17A6s%fTF&+-pkIxabNiD@PC?7r{#5j9&~k2nddZn+
zIoqFwel1$g?awJW4=rc=^U?o_mUH_HOD;ys+5Qsr>(Fv;kFP|a<!sOY{1;lz?JqC6
z5-n%@Atm@}E3};3<B@r^obCCa*Q4cZe>GYz*>6D0+5Q@|T(bWMEob{{(Q?UtBU;Y(
zL(y`{{$I45?XN@2CHqZiIol6I%O(5GXgS+okCsdJRcJZe4@b)-`=~uWGr(+r16nTG
z*FekJegs-B+1EtN+5SefT(VE0<!pZwS}xh=q2+8p5-peP^U-p)ABC1n_Gz@7?MI{K
zl6?VM&h}%_a>>3HTF&-k(Q?VYHd@a1<Ir-+z7Q>E`<u~n$-WL+&i3Qca>>3fTF&+p
z&~nMX9$L=!6VY<XzCK#c_LI<Z$-V(v&i0eha>>4kZK9uomP_^x(Q@|usc5-m-v}*d
z`&-a*zTXPte4hs6e7_CG`F=Z$^ZgDO=lh*7&iA`uobPwTIN$GqalYRR<9xpl#`%6f
zjPv~g80Y(R80Y(gFwXafV4Uv{!#Lj`fpNY+3gdi#495BXIE?ds28{Fl2^i=5Oc>|;
zlQ7QrSuoD`r(m4#Ps2FhpMi0{KMUi0e-6g^{ydEH{RJ53`)nBJ`-?En_m^Ot?=Qo+
ztn>R?LyxDqpT9K5+iu*uo`G|GyLP<^jPt!IjPt!2jPt!YjPtz(jPrdP80ULS80UK{
z80ULy80Y)8FwXZjFwXb3FwXaOFwXb(FwXZ5FwXa480ULO80UK@80Y(TFwXbRFwXZb
zFwXbwVVv(>VVv(fz&PJ`gmJ#_1mk?)8OHg(3ykx9R~YB}ZZOXG-C>;X-C&&Wd%!r~
z_k?l2?*-$0-y6pH-W|r}yeN95<du?rV4=6ueI4iD+Y0@hR66=9`1pA``ayW1@H)cl
z3a=-;zVHUZi-b26-bi?3;Thpggf|U3uRniAEBlhly}Z)+OKzdBU-14p+&2&Q>8M4}
z@uiU9IsAJ%{2Ns6?Wu(u$=4D7Z(Qf=8~;vR$ay<Mo{qK+-kvo6!cOS<O-F5m&fDpq
zUl$jK<~wg^>~l+U&w=angugC)zVNq%=bq~M)sMsQW%z&H&Rl;<bsyjUoL^q;Y5WDG
z@O5h?ytVLl!rKe?f9|j0P(DM+pZja{pZh--*0|dFH~swAH@;l>`V;ar{(e&E`ORLR
zqUfFA^)HGR2wy1tgP=#zBH_80%hl%PwRo%jP}6_1)qY5I&#!xiUVlPw7kv9oN5#SG
zmc}`u>&cf(=zfM4a^4SwoIm#zx}61ZyqL}X318rBtzW<8`p}mIu8-|UnEvyv_9IRI
zh1aL?lhOA2WU60p)A*}k*0Wz<j&J`m=bT2kfw6xr{9EDQ3;$90Pr_FS|J8H8-0k(u
zeq52f4%z27`EqPheSMNXrjRe+*jGAF*Y#Dxb8lZwtIv<G=W3^Suk%{r>pbV*K?^;<
z@%evyee4^AZxp^sc$M%PeR9t+pRf43<+QoD&g0E>PC4he*EwH!f#=Elhi2mGwlFW3
z+Ri!d%cYL+-19ZXygk-)dcI#sUWb<A_S|Z&L+<=Lj5l!3cdt)F;f;mo&fli`_9U;{
z-G#gph`ot>PPGpV-k+qSqdjj`eSY@u_u2bTULT%sU!U)*e!B5>Yvw*(=j}0f``c`}
z{q~&c=A0JdoR-2{Z}CUX^>4GqaeorLJ*~ydcU$3Yh0icgH~0L`GTu(yo({r0dLG|D
z<j%+aC*J?Y*FWd&{=3fp`;qqI_ID8ejJf^WdABEix?Q&TY}0q$;`aLQC_H!ji>q%>
z_W3P}c6RzAyd2Zf>E7#Y_WeaVIy>m`IlCs#xh&YHqai_$&)MBQ2d~Jn@8LN=&a8n)
ztM<yzJ!jdsBmegyWN&}=oG9AcImf+!+edg0;rk0eP<SuT)6sRo>yVCy3D17KSK^$L
zy<ZysfA*z`K6_5N<27+{viEOAQKjSV{oX;2yZs@KyL~_5102tt6Ga1s4-$T)@WH~5
z@jQNg$i4QwY~Ftz=k($CUwFOx?|$2UJlV1O?Th!p9DbHMKfCP5V>v$&&iQ^4jPw0u
z80Y&bFwXZ=VVv)$!8qSfhjG520pol>6UO;|7L4=#Y#8VJIWW%mb77qC=fODN&xdio
zUjXBLzYxaxei4lG{bCsB`z0{W_e)`%@0Y<i-!F%8zFz_3e7_RL`91{3`Tjo`=lfMK
z&iAWfobT7bINz^@alQ|QalT&%<9r_m<9xp!#`!)R#`%5&jPrd2jPw0Q7?*YT>mWVw
zxa))XZ+Ji8`hM_-0=_@|;ea0ie<a`s!XFKIPxxa2?*)H6;Jx890$u`tBH(@CGXq`<
ze=^`@@L2&bhu;+N3iwk2uY^Ax@V@Y80)7zu*?=Dme=gvMz@HEJq3{<1-VZ)I;Qiq*
z27CbgrGOs>e>va-;jaYzaQK{n4}#AP_!00|1AZiYUcirnzZUSp@Ye%=H2jT#9|NBs
z@MGa`2K+eqTLC{F{&v7mfWH&)6XEX${3Q5-fS(M1FW{%Z7Y6)P`1=7r4gSG@&d0|1
zd-nMH9sl$12Tn)-Vc?uI;EMu&Cj6uSJo#}5zSf8j#zI~!JcCabLVb~P{E$WN;}AYq
zXW<t4_lK0Tg`Xq*T;b;lKVSF-!Y>qlk?@O!Un2Zc;g<=&T=*5juM|E+`2U1oCH!jP
z*9gB>_)y{32_Gi>df~%`-ynR1@Ee8SBz&asQNl+HA0vFM@NvR#7Cv711mP2fPZB;^
z_!Qw&h2J9lR^iix-zNNa;dcnXQ}|uN?-qWK@Oy>dC;Wcl4+x(w{6XOl34d7lBf=jQ
z{+RH`h0hTFgz%ZdpA<ez_*2547XFOzXN5l}{CVLo2%jzdMd2?Ae_8k|!siH|yTx;#
z*Nn^`iH}V<`*F^w{82E@`sn=8FwXjz{4p@j`q=!jFwXk8{BbajUbyA)6Mh_${YNjr
z*YEhTOKkkVeEgYTKW*T7{Cx$spKBiHxw%j7B%YuAIO;XiPuOZd-}IBV+P`i3DO>Fq
znEsZn_V1g1n%BpVGv}^Cr|QSAvX2M4*LjioI>PPFIlTVK{$tbM>GjE{yTm-cox43t
zjo&TKx!3dL?OA4S&;4GXd;NbYbsc`@fU~ckucWSran|2SjfHX6-%E{$an={6CcrrB
zpQNV2IP1Tqo`iAMr{}+lw_c9U*YWJ@IUlLueCHz-obP<3g7ck^RB*oYkqXXtK2pK?
z&POUZ-)F!$-}y)d=Q|&%;C$yJ6`b#Uq=NIEpUGuEo3q!Ak5q7e&qpda-}y)d=Q|&%
z;C$yJ6`b#Uq=NIEk5q8J^N|Y9cRo_V`OZfwIN$k51?M{-so;F)BNd$Qe58W&osU#-
zzVnd^&UZdi!THWdDmdTyNCoFRAF1Gc=OY!I?|h_!^ZjiY=leS_&i8j=obL-@obT_!
zINuk-IN#rgalZ4B3eI;vBEk92M<h7k`G^FU_1yg-URu>3B_#bd;lEU$lI&j>{TssP
z3x8AiTf*NK{*Lf>g)b2Pp74dj-xvOY@DGJA68@3!#lk-p{)zD4#LIW3@K41#ON4(W
z{Bz+o#ou%JUEH3f;+!vpe<^&K@UMh_E&LndtHka9R`lNq|6ceH!haOL-0}Ev(Z#rp
zKLz|__|F0V1im8S*^e`SNqDX3Q}n+Ed<p!wfPV&G8Su~HzXyCNd{w}|fd3KjFX5{L
zz6`!5;9tSl2K;OIp8@{{zAoX}>+@H_YenCp|2yE{!Pf`;d-#Tc{{a6d;6K7Q27EdE
z-+=!F-xP2@2b%-_Gy1B4uYgA#_}(b{ek6W<<NKBx0k47cYX&?8PX#;=o)_>RYv5;U
z1HK%d4*0LQJp}<z<NR6)&%PXMC%hIu-^I_i2D~o3PQXvb?Wr5^`snKg{A={}1J3*M
z1_9@Nc~QU{;QWRGZwzk~@C>|hz<J-C3HVCf&L#nGf^(V%ocEE<0)9veKXVrFL*Xp~
z-VeS_z>kNw4EPD~Rtc|-uN2{D&H~QAue5Ezd41XhoX>CDfb;ok7jQmb?E`)^yhFhG
zd=&?r&sRss-H!u13Exh5XW?ChZ!f&7@EwHjD10a3I}6`M_^!ftb3DGk;%}7Q-EsGN
zc7t>F^LqTundtw*>w0{D=$^Bu==Xwi{`q^0zPs>!gzqc7hw%M`?=O6VczzEM{ei-J
z3hyPnx9}3-eT0_^FN1Ub%cWfO6~f1ezc*JY`o6*s5`M7oLxdkHyr1y?!Us4Wza9O7
z*M-9ZUK96|0|UMq{ow&W4*j5j^Zob{0nbN&WWd*;KPupB;e!MIC;aGu|BCl_#{~Qr
z_^|<BhjWe#IPV*d5BT5k69T>-eqzA+Hg{6M|AC(z@Qv_O0{$=j)PVnv=j*h9Z$f{1
zz&FFs2>2?Tb7sJ+(4Q6X2%jUK9q<h}=bV7oK!0w)3sd;+!+_VQiSIrPI6pVNAmr#T
z40xRszWXrXE%17HalrXEPA>^K|HkR10nf+Ny)57ZQ~2&f$J5cL;`@r120ecKIlr_3
zPnom#Z?#JCU5q%Nb02ptEUk-{vwc1ESEA+IzCme2w4Ci5p&x>lbNftbQ?#7zo1y<7
zTF&iTl(t06*}fI}tI%?8zinw-w4CkRp}!g}=k^^+JEG-m-wFLSXgRm<T)I74&h}l=
zUyGJ=`yESnM$6fL7xY8Xa&Es{X*aZ-?e{=`9a_%q_bTm<mb3jn=!c=@+`dQY{%ASd
zAAtUPw4B@bEbWb!vwaEr;b=LxFD)%c%h|pH{S9b2x9?keFj~&`hoB#UmUH`lr327%
zwm%I0jc7TyKfLq^w4CjaM1K=n&g}=69)p&%{jumrqUGHF_|g;6a<)GS{V24Y+n-W;
z8d}cwr=uT@mUH_vOV38j+5Q~#W6*MLe_rVYXgS+oh<+?u&h0NQy%a5H`^(UeL(94S
z6{SPaa<=~;`kT>mZhv*@wP-op4@Ey7E$8;bN{6H6Y<~m#31~UDzp->ATF&;P&`(6m
zx&4^ZacH@cI`sJC_M6d9LOZELS+&RapA$+aq2=uPlhIE`&$;JMExi>jXZvaBr=aEB
z{`S&4(Q>xG3;k5IoZH`1dLLTO_V=T|1uf_H(@P&h%h~>6^tYnr-2Tzh$I)`OpMicF
zTF&ifmd--U+5Rc?x1r_S{+ZI}&~mna9{ufTIk%r(`Vv~s_AjHq11;zFb4p)D%h`S&
z`a98bZvT4ee6*bH-$Z{GTF&j?E`1j*XZr={??%hH{ld}@&~mo_5dA%9Ik*3)^kcM~
z?LR?(FIvv+my~{vmb3j*^!K6V-2Thbuh4R~{~G=MXgRn4w)A_nob7)={{ULf?U$GS
zjFy{Y-o93#pN@8Vhk54h>(|niXgPcS@8};y&$;LSQMv{#XZyA2A41Ey{kqb>(Q>w5
zkN#n_oZJ6X`Y&4ULv#B#p??JJBOMl-+h0{$qX3V9V)p!+W%#N*dd@vRuPlw0vwZ>j
z$Ix<aU%RXhTF&-$(LausbNl*bMQAzOH$*=JE$8-)%bK9&Y~K|96KFZNZ(g<yTF&+@
z(a%K7xqa)hHfTB9w?+RXTF&j;mldPsY~K<6EVP{4Z&%g@Eob}f(LaTjbNe02c0$Y9
zerNPgqvhOw*RtKwa<=b={u#8K+wWPnH(Jj2-O)dbmUH`k%l1Rd*?xcY&!Oeq{=l+c
zXgS;WM*loo&h7h@m7(QqUyl9-w4B>lmK}tav;D#7XQSoZ{?M}iXgS*tK>s3I&g}=5
z4MNM={s{Chq2=8EsIsHca<)GP{mW=Mw?D4z1hky(PelI;TF&iHE;|)1XZzF8&q2$%
z{TXFvq2+9UHu||}Ik!Kz?0mGG?Jq$8Dq7C%FDknPEob{n(a%H6x&7s3SEA)?KLq`2
zXgT)r$2nJ(T~+ov%<r!$yQb`ofDbJjS~fr6!^(!0y_xW$Xn5K1vbPc*MI*}oPP_NF
z@$KR5cstP3-*G(tcnqJ>9EkV7)&GtAe6e2;=x-_;g=@n-QrGQA<NCaZ{=E)QReOB?
z*s`0^a`w87N52p~=U)GbWs}izwx5FjeYBk0-%>UWEob}N(0_oIbNf5W?n2Ai{%-Ui
zqUGHF-m?4Aa<+c}{UWrS+do+LFj~&`kD&huE$8-+mCZoQ+5QRii_vm!|76)yXgS+I
zjs9b_oZCNJ_B>k7_Aj9S1TE+GFP6QGmb3jU=s!ivx&7R-d1yJ?zlMGZTF&j?D0>qv
zcWpg-{CfKq`p?jQ)?rw+$FD!{lr2EZ+4J8+|2cZjJ^%f(57BbAUxa=sTF&hkmwkek
zv;C*&zd*~m{byxM(Q>x`0{xe0Ik#U{_BC40_TQjihL&^t@5+8a%h~=%^k1Rn-2SJs
z6=*rz|APK&w4B@jR`xqu&i1R&e}k5D`_*M@(Q>x`6aBYnIk*3-Y&}};C-d^%fc`tQ
z-*x!KynHv7Z9>c0^Eada9zExtAC=dvg|CETwojGgs-flFKEJ#GEob{$=zm1ZxqV@I
zU9_C->!DwcmUH_C<qgqtwr_;~C$yZ~XUdzR<!s*!{m*DQw{KD25-n%@R_Irt<=lST
z^0sI>+qXmi3tG<YJCt`s%h|pY`d`s<Zr{0ld$gSGyQ2RME$8+-mhX&~v;8jUSEA+I
zez)>&XgS;Of&O>2oZIhJ-W@Gx`+d-_Ld&^*kMjM|a<)GJ{U2yKx9?fr8!c!167;Ll
za&BK*UXGTteFge8XgRm<TYfNF&i03(UyGJ=`+nsE&~mmv4E>*IIk!K&{0Ow1?T<vi
z4lU>QgUgRW%h~=|^nan{-2V9T6VY<EKMDQcXgRk(rTjFsob69XzaA~;_V_9YTF&<T
z&l}Kkwm%Ckm+b#R%h~>Hv|O^^h?Zj?zn?m%9G}g?{_QZUzU$|~H^Db`SZ@3R_-6R#
z4znA%{YCI9cvXj&jb8$fin+PQFN4>B*C>9?_!aP)@S4T*jSqpR;Hl!bt37^ydR6%~
zweToB*0O<n9j-0E4#xE}KCFB=j9XyNxuN_<827&Mo61MQxJAZCmyd;U9~&Q6J|4y`
zF+QPu5{z3~?eX=WT#oN+!t<3^d_(o^jD0FRAD&-4()g|LG@Ns<|84LB80Y#O@LDj=
z^}FD;VVry2?kT^o79JJC#+vJPfBAG6H^KOW<qyL+d(I=}kHI+WkC#6I<E+mtp9SNx
z9$$y2%JF?xxQ&IyQ_OXE23`kVr}$mt&%x`$>lQCF*ZBo_J$Sw1Z;ZbPuMe+Z{Jrs)
z;SJyoikBOo122LX6|XS<D!d`QVexO(9>0FRR{lmUeBV1(Wv<)&^0#1Iw<7oYzg_+=
zj9X>SSx~+Z#;q~_e))$mZk_Q(<%?n5dgC9Le+uI^8edZWIgHy}?eX<rT8{4%!}Has
z_{{3t8T*&;#_-0)cN+f+o`G}j>)SW*CNR$R@8C^goa;Zpo548Om&2RGIM;uMw}5f<
z`1=1+{#z})7snQv>%6jj6^zSo==Oh<uYqy)oVDfaV4U^8%Gbj<>l?~9!Z_>ymT!h}
z)~m{E)W*Fbmi72L*Q~&!X?UKtDehi<J7dp-w}iJW-p_a%-U`mS*QXY|HH>q;5WX#p
zbG<IS4UBWIPyLFb+7PU#xo!<B8pF6g#xoU7VVpguSw#yNXMLNBRxr+b>xwooF6;4i
zXj_5*huc_HRbj3}`wD#D9lTxf)y9h}I*n{!-P?1zpzi?Z-0RS_V#krifqobC9pRkY
z?^e-mWT!yC7y9ksoO?aHSL|E6s*0Osu3L|a{b8K#52)w~<E;0pD1mYI_VlU1?~=#U
z>|Fe#xejIUF7PhJ+nBfa3i$T$?Tc$PcAu}l@UHN##d*dLhVKC1p}4^Kq3|8yI~Erj
z?+@PzzEg2M<A=d_hVNWlRPFKG@8K0k)W*kq*rDeB>d1=0FmAZ<qbrVuagEJ6$5osF
z<C+>jvEpPH*TVQI6{o?tR>n`SI1|RTF@9FXIWVq$wa2fY=T_i%;p6$*rMRQ<ZYlgO
zd^qP`=kw9;2IE}c8~yGu&h-n?cY}2+-pQQ5FZw;;oZDZFeoq+Z`u^zmf^n{2ihgex
z=Xy`{-C>;Tm!sbY#<^aCeqR{p`jzN=z<LxvXl{QQ`u*UX+yAfP>Wckgoa@(CTvu@b
zjC1|^iW@2pgmJFlSTVAqCyaA_bj8?;UNFw}n=2+%^oDV+PpX(wQ3B&!zolYYMIRVP
zPyP4vp10%nS5=ilt>1~;kH_H?em8DEKL1Miy}13j&rA6Ixc&Hhc?qA6+h0}HH{lQA
z_T%yVgg=7YkI&<_c>MbOSjCKrL!g}d{LZYHRdFbcbN%UxXDj-_IM<)Am|f8y#<~7d
z#VZv9V4Ul7E9O-k2IE|Ry<&dFKp5xxTNUqA91i2?@%3MT+mEj=K&>yt?Z^F0!au<6
z$9EJad=YLxzN0YVi*fsLzm)J#aQpFfii9u0?Z@Y*3I80oANONhJih*4R4l7F4$8UD
z@7ERIRvZuGT>rk}$BGkRoa;YTtf)8<#<~7$#mb74V4Ul#DppsV4C7p1Td}U<6d33F
z-xV7wPK9yw`1)_e?Z^Ep)cPjeetbt^!mDum@g0Q;uTi-IerCc`l`G+AB|N`!HT>*^
z7gVl;pOf&~l^fvaZt?i~*Qvz!6GA!n`K<>(AI7=fpt51*1+e(}jn8RZ*`)G9IOq1w
zDqB=u6zE%4wyeCk+Pj+j$<~!^MqT3c@%zp8mBoelIw_VtKlYB5+rc>Noh!G8an`#Q
z?f~Pm9={xS#O=rT1yw&~-hTf6`Nk1`KP@!==RRNCrM64eYmLvpuyDUu_45^<v#WPb
z)}v^5&*SU4N9A6XmpRuV_U@JYR$dP0+}pEX<pGsf1p1zpJu9!Q_HO1n_pa<SYKYUv
z*R#B`vJm&Tn7wX&3lD;E)(@^c6vkQaSJ)rMWj(&m191ECU60jIId|Rg`&XgyKi3Bd
zKhpE~`V59&h0{6r`Wyql8pgSPT;&O)u7UBN>n9ghUVm-CPpLema%jL$t2|@Wb&ki^
z^X$rV3-NY`WzUcOyvhq;ob?MUFNSf}FDbkf#$`Qz{kg1?lKtmiw=0AX@jSk6SHXwj
z_H*uaxCVYbjB|Zx<*-r1Vf^R%4TTq9e?!1WRO0^y{3e`#Bb;;38C5x|@}@vPrgGe<
zk&egLb3)~$LOdRYWzUIya^+MQXZ@DSX)w<EZH2ePIO}&*-UZ{b9$){vD=FE3y#2A?
zTU{poKF{Ope}Col%2Ceq75hV#k5rC^bMEzdta3)>m_R?Xa%Sb&YJc3kz0azAdek_l
zkFU>jl`r5HarXJ0UHBr5v;I=$D=^OboWi*<F6;5z`>VM9`1*47Q+BV<Yt<#|Y@fYu
zMbYc1v;WSnzWvQ`Kg{2?J>TnNe>3Ps(Kh&g_4ps3Znm$P@Zj(5!7t$nI)2eIo!2ft
zoBx-;=ZDUp74e;ar>QX>oqo%^oqV47{^jj0&u{iR6ji%Dhqu3>aQ^P+(BI*T&wp1u
z-38v$jr)b8a?b&uZgZT^|1PI^>=n;w3m9*!@4OCt-E}>_KKz|HA;+(S3_4$jLOp+X
zkMF#Vb#RM53_M@-kG$tAettg*^nAH25&crP$Ayp2`O<Y<H@-~xvUhJMuV>tU<@K?D
zBm6tpou~W5ySb;p^LhRGH+6EFd;R3wSjhP|fkMu=8Q=N$BluIMD++V}4WDlOb5i{I
z)A7#zOx*wC^|Ajd{5Rn%h5s&mmFIl96yo;(A$)bf8>3(2dG_tDR<zdfhPV#=9boML
z^gO;k^>BSAB(6{G#P!TxpW0C;=Ow`F9D5t#ZH0%gf9)uI{cA_z>t8zxU;o-s`1;q5
z!q>mHxc;@H@b#}Pu77QD{cDTs&%aWH?~!+|fA-~48?V3k=po?zdG^TxZw8+daQ^)M
z)PNVDza`-Ox%*oKUI#uc;QV>~+XBwltJ?$4pO?QQ;EmvS2An@ff0yIDFX8>?x=Q=@
z&if4BPyRhB?EiR<S6#f{tPyRhe!IB4`YG`BIX-8zI6oR4K0oDo_WYtKU5EWWiSrBk
z+H<lWU)8|xjl=htJI`-?JNbJ#@O8s2=UBgA_yb!!KA$i5>CXAFH^J-4gO11N^Y?z>
zySlfWWBuWT^Y?q;d;PX}d_G@)9u1t&-|vC1V{Yl=>tEZuKJnA#@9V&KU2o}QuTy=U
zXC$1z#{*vv6+Tn=lUqD{dul~>z1tJt&ibQye)eDP^`}<U(Cu+2AK%W#)wgrjmh-cY
z_mOo@!XvVr`*CcIDBC}k=$GYJ|Aq`)Rkz2-`*nK4IM-`L{5>=H?rQIx`1SvpEgrwT
zc>nWkwc2y|duH%m(OdfX`D$AId_C_u@7<c=zv1jT{CzL@IDbnYKV9Cx&32w{_V-T~
zMa`>E;QuCjPV6m&ZzH^==ke3!#|baSPZuw*_~qMbboOb+PdDxd<0bV{+~Xp|eklB9
z$K&hMruyl=QvKiX^(6MT)jns7^W%ZW_;1@ex0CP3<DS3&2cOq$>Eox%-|O<K^K@h9
z%W+=7`TV{X@Y?X#6Q2FJ>kT*;zu#|+k1pDK*M}bu&^rq6yue=1xZhFqy9nQ1_@2VM
z3-2NP0O7ra_Yqz$ysz*>g!k`juUq!_!4^ed<R4ZCkJ@9|mrLve`woI}){huH7{*yY
zy6>?t&iZk6j)!s9Pw0CRjI)07=+j`F_0t!e1LLfp+xL7JXZ?aY7s5E}7xlda##z5~
z^c679`d9f^!Z_=j3WvZr>!0TT55`&lI{zvdXPs|H^YJ#p@$DkM{#W<KcP+y>*RLIo
z?@EDjt`9^1HjHzfzxU=H80Y$M^zXtr*GJ&|1u)L_kqhv>_At)%aX4oojB}kIPreW1
zTpy4A0~qJ}L_FOOVVvuHzrP5^xz68H@ez!3o%dslVVvvyIP+r|N6+3L@_uPbo$Run
zz2D2;Uwwj>V;|qoOvUYt|IxGex7j}HGpirxN%~X5pKV-(IPRz6`o#a-^KTb^r{~%C
zJ5hAE=kfXX3cug;_?-B*;C-#Q{d0uBBply^6})cq8oNH-xjnAuZqFO0e`u@yTc&?x
ztNpv?_CL1Oexd1S1pA_Brtn##bI)1s`7Mf`5&d()-hDm%&^*7hgXg&YV$;90)&5h{
zzp~Z-bJNe=YX6<Np7XZae{K5Lx7z<|Zcpy&|89J~bB_D=_?F|jmsb?MBYc7Ig~D^U
zXSKOKIseo62jZMX!gJ^RZO+O0KgJh}b3PHCJ7<$QC+AVdy>2;gDSTVwOT^RtTzKyM
zlsPBoY2#mrbCwCuom1PKlk>X9zZU0wD?E2jJ9AFXi-k83-bi>8;mwVIFK*|L!haIJ
zLU``^+Ri-PoNq6DN8!5||5ZHQmBLpEUoCvC@O8rf7QVsr<ojj(^bOv*$6q(uSSNRd
z+Ts0d_VL>&`q%U9$1?@N$737guR??#kEOT8M@;d*+{Z-)QRwkl_MyjP>7mDC>7mDC
z>7mDC>Hg!f@$<FGxo+<5tP)=1p!m6RKi(^dQo{3v7YMH{ypHgC!W#&081$m3@tDx_
zRTMQ9-a>dQ;cbMs7v52LXW?Ci@AO{y`PyCh-op12-b;9y@PmZ+7d}Y%(ZWv%cx^mh
zed<BU>p(wU_?g1b7Jjbq^Mzk1{9@sk3cq|z`1u+l{A%Gtg<mgxgz%BV#|Xb!_(b7T
zJm>v<4ZIw06@I($yM*5>`~l$)34c`h4B<}-e_Hr+!e<MAS@>MxuL++o{B7Y2gugF*
zk?@a&FA=^}_%h+&2>(9l1<~UC<#q8>$5{6LVD|N}0FVFw1mmo4D*PG7S^qSD1&p)4
zB>xu}XT52iUtyf}&+~tSan_gSuY_^dzsUa`###R|e-(_gzAXO_7-#*f{M9hd`q%ku
zU>qDDcg5G|oBXvf&i3Et{|V!)f1ke&##ygZ=Pwv%{fGR&VVw2#bvM8`>p$lI1LLeO
z&)*2+tRGkBUl?cor~FMY&iVy)Hp4jURdu6!_-RtidgD4ZV4QV60`VyxW8?U7T6{hE
z`{$RyIM?~O-)At+bw2L*IgE3iU%yxi<6P(Oq5T5Jxz4YjehK4T=hr=#!8q6X`0ZCP
z&UJnr<ZBq`I=|}n4UBW0k8^$t<6P(CmfyiR*ZKAF?_r$l{QB1qFwS*;-TX%w=Xw!*
zIgE3izhC_)80R{_&i*rubDdvjUjgG>=kH_x1;)9~$EAOTajrLo{|4h+=i|vMVVvvD
z;lIN;*ZKQhSHU=X{CR=@eLnHyqI|uK|GAIH#>W54&$F_xpYG#kI3J!przonqF!#U6
zJ-$&C6^spg;lVlQ?TpW<>-0It=W|ZqcuVizp4~I?b>LaK)3cAe;(t>8*f;)Dz3j5r
zC+CgeobQccobMSJ=X(<v=X+Ba=X*04=X-M)=X(nn=leD=&i9ru&i7U@&iB?Z&i8F$
zobPR5obPR6obT;mobT;nobMfAobSaj&i9Tm&i76*&iCzLobR1sobO#=obTJiIN!U%
zINx`GalY>e<9y!<#`(T8jPrdL80Y)0FwXbgV4Ux}!#Ll&!8qUdfN{R>3FCa<3&#1r
zH;nVWJB;&v9~kHRzA(=B9x%@L{a~E$`@=Zj4}fvL9|+^J?tXpk58O9%yuWgNHH`Cp
z4UF@BEsXR1PZ;O>IvD5sUog)1zhRv3>tUSl8(^I8|G+rkH^MmI|AleBZ-Q~YZ-#Nc
zSHU>nqmKAU4fDMQjPt!FjPpGO<9yG9alYrnIN#GS&i4Ws=X)&}=X-4!=X)WH^Sus?
z^Sv&N^SvI7^SwTd^SuF#^Sy``@P;tX?;F85-y6d?-!m}I_a-pT_ogt;_hvB8_vSFp
z_ZBeD_ibRD?=4}R@2y~*@2z2+@7uyS-`l`AdhX+#p14oql6_mWob7v|<$UiA<9siH
zamn-B;cU*oo$X<qeY$;c2AAwRpyg~|ik3_E#b`O(m!aj7eMhvM?fI9)IN$k~D>&cz
z7s;ysDw%f<{{jh@e7cW0e}^Ua@+!w|<dS`-j`)ZM<Lz|ck8B5v``kGdID<>}ozZjt
zIbED{-1D~=-c|Sx!gq8${{C%#{<u@ZYemQ5>o_|*o_oG3@jP+a+n@8kFwXabU|jO~
z-38}!_T_#sS}xh|ik7qeA!xZ|zZ+W4_J^Y7lKt*zIotO`%O(46XgS;WN6RJqJ<xKt
zAApui_Isk`Y=0P9F4^yemb3jpv|O^^8!c!1!_jidzB^jZ_Jh!J$$lTSob8W5%O(4L
z(Q>vw5-pePd!XfPe-v6S+3$yzv;APST(aLEEob|q(Q?WD0JNO#k3q{N`vcK(wm%jv
zm+X6@<!pZ(S}xi5Ld)6yc(h!y?~RtT{RwEfWM6`ov;B!^xn$o5Eob|a&~nMX6fI}_
zlhJa?z6>pA`%}<z$-W#dXZuspa>>2|Eob}F&~nMX5-n%@)6sItzAswN_Gh5wlKnww
zIoqF!mP_^rqvdRW7FsUZAA**%{n==_WPd1H&i3b^<&u3rw4CkFMaw1o{%ASdpNE!9
z_5;vzwm%;&m+TKi%h~<{v|O?uh?cYcg=o2Ce>hss_7|b$lKmjGob4}0%O(3G&~moF
z1TB~Bk3`Ga{!+ADvOfwfXZy?0a>;%$TF&;DqvewQ(P%l_UxAiO_Q#;*Y=0$MF4-T8
zmb3j3v|O@34lQT<|DolQ{qbly+h2v2OZF$A<!pa7S}xh2h?ZmTetdWmEben3k6nW^
zxMY7add@!GYteGa{uH#F?T4b}lKrV@IsbN^2IG7`9me^728{FlOc>|;SuoD`vtgX?
z=fF7M&xLWmp9kZ7KOe^VegTa0{X!V$`$aI$_lsei@0Y+h-!Fx6zF!98e7_vV`F;hA
z^ZiN~=lc*C=llO)obOk`INz^^alT&z<9xps#`!)J#`%67jPrdMjPw0^80Y(N80Y&9
zFwXZ8FwXZIVVv(b!8qSX!Z_bY!8qSX!#Ll^z&PK>!Z>>T^Vio^zoql7J?s4Xl>c>~
zw&=576b*BF*RK~oT=)&bM+m=B_)Wq`3LhnWwD2*)#|j@O{AS_fg-;MZQTQa`lZ8(a
zK2`WF!fzEmP55oXZx?=t@H>UyCH!vT_XxjN_<h3f7yf|o>B1ir{*ds8g+C(vQQ?mX
ze_Z$s;ZF#kDf~&{vxGk-{AuCO2!B@ibHbk&{(|t?!e12rlJJ*>zao5&@VUZY6+Tb+
zYr<a_{)X`R!rv7BmhiWQza#uz;R}SnCw!ss_l18T{6pc3gnuM_vG9+De<J)-;Y);n
zCj4{ZOND<S{7d1>gnuRcYvJDr|5o^S!oL^(gYX}PFBkrk@SlaR5dMqsUxoiBe5LT;
zg|8C+hw#<H*9c!L{7>QQg#RV{Z{h2OZxH^E@QuR%6~0OMX5m%Bqx#v8{rUg9AJ5ki
zUQ>8Vc%JZl;c4Lo!fOeyExb^89pQC_*Are}cmv@@!W#;2B)qZkjPNGHn+k6xyt(ie
z!nYCLQg|!jt%YwZyp8a-!rKXNFT8{BV&NTycM`sx@Xo@!2;W|KSK&Jd-%<EZ!gm(F
zi|}2A?<RbA;oXGqA$(8adkNoLcz5CZ2;WzD58?X>-(UCv!VeVQQ+O}oy@i(u?<2fa
zc$x5W;T6Iwh4&SHknn?rA0qrv;r)d77d}AvVZsLrKV0}A;YSERQutAxXMf*p9rOEU
z`SC{f_k7y#GpA=CpG<o8_iiOU`+IMa9{*f(?xP%h?-b6Df3Dg0?C+=j|2v1bGjtBU
zAo?c4|1sY`-xfDMcs?F*jUQhf>|M9`_xbpbkHvnp=#TL{c%AWdlh^a|3~ztZ_cVU&
zA-O9T?z@}*_^tLmOn>55`vXjW@>cs^rayJ7eIL`GzSX|m^k;6h?`!(Ax7r_K`g6D1
z_c#6dTkQv${=%*HN0|QNt@eXWf9Y2HV@-egR{Il7f8|#DlTH6W(O)e*_u7BDIp<o@
zUne|w&e`Ui>qUQq@Z34)n{#dy{Yc@tb1pXLj28V^;WvAp#_s^;eR1ymZbNw|lk`2R
zJ^uaY6TEX`pX7P+{l$>#+aLQBug~7U6-KuN-MyW2%yr1!{;Q2o+v+((O@I4V`|C}A
z=T`d>roVfu{YcZ_yVZV->F?iaf3xYQZ?&Ij`iHjKPci)?TkUT({bO70Z#Vsnt@d}B
ze&$yDdrd!UtNjC}e|oF^L#BUrtNo*<e_r&nh3DQbo-pUUB>Go`=gxV`oHJMS^MvQl
zdCr{ky6EQ%&z<w4Ip;0Wzau<%&OCEY&fgIJmhg9tFAz_6q3{ocFA~1k^Z0%>cl#Gs
z-=5e%@%s4wc1h5SqR;E+PRe~eSrjc5{)O-_g)bBSmGG~He<S=`;ok}WUic5fe-yr4
z_)o%r7QRCGFT#Hn{+sZX!haXOO86hbR|{Vwe68?5g|8F-m+-%ZuNS^S_&>ro3jbI5
zCgGcfR|$_Agx^kU2(KwTB|J}fzVNj00^zlU*A`wVypHg?ju&tFJh~{V=eT?SR$q7n
z;YGq53U4I5vG9!WCc>KvZzjCC@D{?i5#CaGE8(q$Z!5fw@V3I+32!gFgYaVE9ffxi
zzMb&S!n+9HUU*mGI|$!V_)fxi7QTz{U4`!^e0Sm9gzq7IPtQZY--B=O{QV&{@Hw#m
z{gAQy-<KHsUf%h!@9lZ^>DG$63*SfhzQTJ54}HHSpRfHyzrXMUgdZq8^nIB8{boIH
zw(pO!*P$pX5nd*|Qux8b`w2fx_#oj&2|q^o@xo6MeyZ>@grEIE_<CL-{8HgVgkLLs
zxbTs}#|fV#{8r(23cpYIL&6^yJ}cn-J3-G0pW}J<?Y$_Pf3tnL#QwJM1;XDKzDW4T
z!j}kNDtwvnZ#<9Re!myKT=)v%zX@L@e2wsR!q*GmD15W<8sqKDH@*&e!V82K3a=-;
zNO)u6O@+4*-b#2I;q8TY6y8~QSK&Jay&&4PD0KY`qTPgtzE8CVzUsGopl^&vzPou(
zmv6uP{lk0pvrjkn?!xyKzMt>|g!dHQTX-MgWx^|j_Z5Dy@I!_77k-%M*|(#D#N$h`
z`;QmJ?mzw$yZ<;(?Ed2?vHOpo#O^;H61)GnN9_LN9<lq6Z^Z6Dz7f0s_(tsh;~TO2
zk8i|&xVX+o2tP{r(ZY`ve!TD#g`X_^RN<!!KU4VG!p{|ce!zJ@aN&pcet_4Re!1|g
zymPW24-|;cFAAdY=NGvDX<(mje2)M5MeNrUh5KuT4;AkJJXC!Cb)xsb{~>-o41FIy
z?}tO*e@+j5zdAkief#v#_sh{kKkq{i{Tu;(nD>0exBq(K!-d}<e1z~Dh2P}*f8T$?
z+d0y8eBK)0&QY#A{b<*nKJ@cPJb#Sn#|j@O{AS_fg-;MZQTQa`;m@xNqVVU}1yT6(
z>w;*qIDd-pslsm&eyi|l!fz9PyYM@N-|0Euu6aLpSHI-_2K^r4_X&SM_=Cb97XGO4
z$Av#3{7K<Y34ccTbHZN`{-WpEx6`8NW#My#zbgDS;cp0kQ~2A$-xdCz@b|~t*Pr<L
zT_pVDfb-+<C4uwlpNsxW(SH@_dH?opQRsFSMBfSjUic5fe-yr4_)o%r7QRCGFT#Hn
z{+sZX!haXOO86hbR|{Vwe68?5g|8F-m+-%ZuNS^S_&>ro3jbI5CgGcfR|$_AhF{NX
z2(KwTB|J}fzVNj00^zlU*A`wVypHg?!s`jIFT6p}>qkZXL)X84)M!!In+b0vyxoNG
zImM#yBKjSK?<~&QL-;=8oc)9!D7?2gzg+mi;+%fM59=SkZikEh$VK7)Sm7s$^G^}|
zS;8+Ae))v(?HMBap~6Q9A1%%wCwzkN$>RKJ!tWOTfH?ml;g1TR(La3MW(uDr{AuCO
zP6(g>g7B9Xh5LD;e?#=|2>(Ew^HKls)BRZZr{erCg?}sjrwQSw`-|xR=pXLah;!Bn
zUoU*4@Xf+&d=$Pt>4{;lJs|9LL|<QcL*bc^!soXTeJkN@gtr&xcNV_mfbi|vS@e5|
zelOAY5Z-fQ`017iFB4uV&OdZO`27CjoPpw;qr^E!i~hvm`9;ww!E=hD(}bTP{4C+;
z2tQBw1;Q^9eu?nQgkLc+bp4B>{|UcF_;tdE3%^nLDB)v;j~6~k_*CK3gx?|jZsGR@
zy?!)Z_`?H2*S~)BsPM<dIWt8+E8zTm|7qdR2F_>yg7B9D=hQ&|itxF@=LvsZ`23H;
z*X>==zbE{C;U5bBNchLXKNbF&@TC*O&)2e#!v38&=Lg}-h5s!47vaAN|6TYW6T`QE
zt?<8uZxH_PfbjX7g-3^l`<lY@gr|kq5?(00uJHQ8izbC{e`DcI#W~GI-%|Lt!rO`S
zJBYrM@GgtP&(}`k{9VL3y9?h_cz5AF7Kd+7FX0u3h5Nq34;Fr?@czON6MnexBZMC%
z{Al6F3O`=>iNa47eyZ@(g`X+>Y~klF4!^uE68$B@FB5)+IRENN;io%PoHI=LaN#3_
z-z0pL@G-*22_G+fqVUO+!q?#z(N7b8yEx}A;rEJj?q3|fJr9d>9uw!x5I$4*tbkX4
zoHi+Wd+5&voZk;TJ8%yDCE>3KpDTQx@YjXU7yg#;cZ4sPl)MgnzTOwUNchLXmk3`f
ze3|fXgnuu5x$qUje-pk+_!{Bsgs&IAQTS%zH718&UU|X`gck;!umANt$G2YK=L`6A
z>qVLDvcJ#S{eAM|@VlQm{{H7&-w-{Q>~BWP*}f54F4>Pq%h|p$S}xg7K+D-agO*G7
z6VY<EpPpY;#U=Y!+gDX_wr_&7xnw^HXLGi1ik3_ElhJavZ-$mj_EXSuwr`G>OZHRI
za<*@QmP_`xpyh184O%YQ--?#AeM_`lvY&>QvwbVHT(Z9nEob}IXt`v6J6g{6+oI)?
z{T*mI+qXf>CHp(ka<*@amP__`q2+Af4lS4L??%hnzCBtl+24bfvwa7&T(Z9xEob{;
zv|O^k4=rc=j%c}Le?MBz_MOmj$^HSfob9(m%O(5iXgS+=M$0Ap2hno2?}C;~_79=u
zY`;BPF4;efma~0Vv|O@(1TAO#9nf;g{!z4??RP}WCHu$Fa<<<IEtl*cN6XoMXS7_h
zpMjRM{Vr&^Wd8(O&i1>a<&ynOw4CjCL(3)mC(&}Y-yJQN>}R3n*k^ywK&|MLR8`ee
zu(*$X3H)itbMNoE;cPB>{xj$~dwcdk%O(3~(Q>xm6D^nQpF_*pelN6KvVR^eXZyX;
za>@P$w4Cj`qvewQY_y#1_d&}g`xnu2?A?zmUV?@CmmSYt|9x>bmptbc^qjptJ<xK=
zehymB_WPmblKot?obC5V%O(3)(Q>vw04<m7=b`0ne;`^e*}sOCvwcsrT(W;1Eob{)
zXt`wn23pScz0q>Xem+{x_9bY!Wd9~w&h~xKa>@QJw4Cir(Q?WDZM2;2%g}Pk{vEWO
z?aR?}$^Komob4;na>;%HTF&;BXt`wn9$L=!ebI8sej!@U_6MQmlKuN=IoltMmP_^@
zpyh0T2wE=Le~6Z|{h?^NWWNY4XZwC=xn%zlTF&<U(Q?UtF<Q>{1JH8G{$sS9?GHoC
zCHqg%a<(6cmP_`ZqUCIVI9e{*FG0)Meh^wN*?)$Xv;7fhxn%!2TF&-IqUDnPQnZ}y
zk3!2O`!CRP?Bn;dEWd<>`enku68^RDZ-jp<{5#>_3;)6K-217)c+R-wb@&lIXRq7Q
zXt`v+94%-2W6*NG9}DA>=lp~-ID5`<Xt`wnGg{8}$D`$v{R*_4?N30<CHr5{a<)Ga
zEtl+nMa!}0@A2ccW*7gn=bVHyxa2v%;SA39f96+JamoI+;NOEj8E13JekIQ4?D?ml
z<&ypHXgT)o$3?4PobP|Y;&XDZZ>QpHF4?a}&)M5^8d@&duR+V%{&cilvR{jqv;7%p
zxn%z*TF&-oqUDnPI<%ba&qB*3`@hg~wm%y!m+b#W%h~=Mv|O@ZkCwCjxoEj$zX2_0
z`}5Fp$^IX-ob4OpGZN1CU-R)+f%(1`#`%6eo+jt}I<#EY-Pgm79jShQ0nXrjzYxax
z{x{C%e7^`S=ljJlF6-{?`4_i`v)AVmv|O^^gqE}YrD(ZizZorO`^(UB$-W9LXZy?1
za>+jGR8_^<{tC2Qvaf-bv;CE5xny4xEob{7Xt`vcLd)6ye`q=1qcm<k=KED>Ip42_
zaang?j(K>RoPE02pyiT%K3dN9*P`W;eHtyt-hH|Suuxyi@!b9DP@K&r&#8@`v$y9u
zv|O?;M9Z;{KmOTN$TIuS^`>=VwS67WbGLICo+g)kx^?h0IrseQQPzdUeSCW^u2EH0
z&vEy<)fe7Cc#-gi!W#*1EIcE;iSXgoS0{OWnu@-e@aDo>2;W9{OX01Aw-&yw@HWER
z3U4R8z3>jgi-mU--bwg&!aED^B7A${U4`!;d`ICs3Ex@x4dV517xWz8PTjY=UBx-O
z3Ey3KH{p8--&6Qrj>q>Kd*XT8JK%hq>mKl4_<K_O1f17qU&r0+&_nos!uJ<`fbau_
z_Y^+T`MkirosS6b<(v~=w-NunF2wi4xpQvJ+=%~<v#$>~Wp09T)<<SW!Z_=rGNWLe
z_0gHpFwXjz%orGFeQahdjI%y2GY-aCzd3U=jI%yIGaklSpOBdV<E&52OoVaPCuJtV
zIO~%$lVP0oDVZrS&id5MR2XOdmdq_M&ibvHTVb5_X_;v-&iZYc+hCma+cUSrIO}(0
z?tpRD@66l@<E-D6xeLZwzdLg`jI(}E<{lVl{oc&IFwXjYnfqXz_4_mT!#L{?WFCNV
z)~9Et!#L{?W*&rb)*s3|1mmnfoOu|=S$`z+2#mA-Xy#EEXZ^9vV=&J8<C(`{ob?%*
z88FWJ6PYJqob{QRnJ~`!lbI)Bob_3mSuoD}Q<<k=ob{(OPs2Ft&t#r~an_&BJPYHj
zKbLt9##w(p^E`~R{zB#j7-xNUW;Tqo{$l1u7-#*Z%u6uN`pcP@VVw0>GOxfm>vJ-5
zV4U^2nYl2|`m32&VVw1OnRzhI`fHijV4U^WGq1xq>u+S<fN|F6XXe8=>u+Y>gmKp2
z%De^RtiPRk8^&3GC-V-Bv;J=8T^MJ5L1qDrv;JP@Js4+wVP+wWv;KbOeHdr`gUkmo
z&iaR$4`H13MVUn~&iY50k6@hj#hJx0&icohk71nkPcomtIP0HgK811g<limAcX!kl
zjz6N*D)2ZYADC<%aQFNrczW@_w$9W2Ot}Ad1LNEIx#*V)|3dhe!u`L`6+hi&qW6E_
zQQUte`mcq5Bm7(8-wFR-_z%K=6uw;ePr`o|zC!pf!haS1oA8ywe;2+=_#eVo3tuCA
zt?)mEuM_^4@V|wx7rsIGKf*T(|5x}X;hTk536Gk@_YT>=s~f)^)ev4&cuIJl@O<HE
z;r`$Mjc;dx=xYhDExb^89pQC_*Are}cmv@@!W#;&2>u-e{M|y)Hx`}|-b8p);mw3M
z7v4hnHo{v9Zza67@NI>+5#CmKJK^nxcMx7Iyrb|=!nYINS$G%W+Y9e1d<Wq>3g1ci
z&cb&QzN_%vgzqlAoA5n^?<ssQ;d=}3E_@&1`wH(Nd_Up)3qL^kfx`X2A06L6_Y{3E
z;k|{I2=61jRCt;2a^V%iD~0zJevt5kg&!jPP~raXv5c>OKhgIWK0x?k!UqaJT=*d2
zM+l#a$8Y0*?&mK@ivB3!gM}Y0{21ZK3O`Qx@xo6KexmS`gr6+@6yc`|KTY`Q!p{(X
zrtq_bpDp|x;pYlJPx$%5FA#pA@QZ|BEc_DTmkPg3_~pW{5PqfbA;SMB{3_vB3%^GA
zwZexAzfSlt;nxcvF8l`JBZS{5{3hWeg^v<GTKE{@V}&0fKK>sk`kRH17d}DwMB$T!
zPZmB!_*CJy2)|YMG~xd51CQTt-X{9nh2J6kPT_Y6zgze{!tWJ+pYZ#IKOlU%@CSuI
zB>Z9Fj|hKM_+!E!7d}Jy6T)W-?;_s5o)rBo;ZF&FTKF@<pB4U`@aKiUAbhs)7lpqh
z{AJ<m#m9B8h<=Xnxx!x+K2P{-!e1BuhVc2q-xU6q@VAA(Bm7<A3xvNXys>yaUnu&f
zqJLlX9|-?Y_#)vS312MyW8t3&|5W%A;hzcrT=-JqUkI-fZ!cepewpyEgnupk8{yvy
z|4#V#!haC{qwwXze-i$)@D;*;5&o<2--NFe{=4v1!v7GyTKJRV^<<6c*9!kr_&VW#
z3IAL8df^*{|08^(@PCDG624h@mGG!({HTQex{3eyP~wj#Ylyz4@Raa8;pXq8IA7<@
z7kyfIf$&<wYYQ(FUPpLc;q`>q7v4a4k?@AX8wqbLJR`h`@TS6>32!dEh45{Jw-nw=
z__o5^2yZLAo$&U;I|wfp-cfib;oAxCEWC^G?S*$0zJu@`h3_PMXW_dD-&Oc-!gm+m
zP52(d_Y}UD@V$k17ru}1eTDZBzMt?#;{ECVqCY_Rfx>$V?<Ksq@DkyDgqI306J9R7
zLU^U{zQPX@ez5REgdZxrpYZ;|2M9k*_(0)@3m+u>2;oNxKT7yu;YSNUM)<M9j}v~p
z@DqfeDEuVhCksDS`02vW6n>WQvxT1{{5;_o2){`9#hz!sZ@(zIWY8spdOP3eANys4
zE*n%5@GAygF{n?#hfEzZwKU*YPrZ6-S-^)58aAjr;KSe*0UthS_@K&wj~Fy!P~U*x
zH0Y*52L*i8pizSk4)~ZsV+I}KI6vOz&peD9l>7L+5k4MHN88}H(b=El<~L!+{dlj>
zdW~qJbN%D*tIWeUUN-lBJ}&NC3ZEp-nJj#Y@TtOY5q_)Z_>+iHA#VR4-p>QZ*J0Wq
zd);EcUHF~C?-qWq@cV^N7ygj&M}$8ne1`Cu!e<G8TKKcVpBFw`_)EfH5k6P=JmIek
zpD+9^;qM4vAbg?l4}>ogzF7Dt!j}ZSDEi#-`0YI(_a0v~&AnaZJYRS^`cm{^Pl-NH
zcsg1p&JTM^^m)S5(O2U9u%|?yCp;Z}EzS>nO7wZc)6qBL{II7)pC>#WeJjondrI_q
z!qd@r;{33uM4u--9epp(4|_`VdBW4t590i=r$nD8JRSWg&JTM^^m)S5(Q<Kq*i)j<
z6P}KK66c3KCHg$!>F8&1e%RB|3ekr>9sMHuu&1M6MIZKb^qc6zo{m<EKJ4k}chQGE
zCHg$!>1dTWKkO;d=Lt_oe~9zLo)UeY@N~3VoFDd-=<|f9qc!6Eu&1N7q7QpY^m)S5
z(Vyb{u&1MSq7QpY^m)S5(O=^Hu%|?yCp;bfEzS>nI$AIKu&1L9q7QpY^m)S5(Ldt+
zu&1Mqq7QpI`d9Q}Pe+@AeLC74^nBszs7mx<Pe)O+@W-WLPe(OGANG{!@fmRNoK#dZ
z=y}4^QR;~B?GJl8$`^gu(@}xw!=8?6i$3h>sE+8vo{s8?KJ4kJf#}1Y5`8*qD9#Cc
zO7!WdakKEtE9@!J=Lt_onc(eAM@@w{7ru?~R>HRx-d1>f;l;u`3GXa?d*M3>-%0o`
z!gmwiP57R|_ZGg7@E*eV7k;4dUcyU+mkKWzUMc(_;fDzCCwzeLfx-s~KT`N$;l~I+
zPWTDJPZEBL@Y95!A^a@i=LkPf_yxi*5`KyB%Y<Jce2DO?gkK|ksPJLJhYKGe{3hX}
zgpUzEPWX7?6NOI}K2`Xw!fz9Phw!_E-y{4!;SUIZQ24{b9~J(%@F#>nDf}tn&j^1`
z_zS{c6#laCIl^BR{+jSNguf~LZQ<_<e^2=Pw}d_}N=J)?e=K~7@TJ0+1wB9d=7`Yk
z$&bDh-dy+(!nYB=T=>tz+YA3ic(L$K!haL~yYQWa{~>%A;kyZ6Bm7U{dkX(c_};?z
z5gvYjmmggw`tbX&{3!hXD?bXq|H_YU66c5C@8n0}_dEGf`29|PG*z4*et(f4h2LM~
zN9)Bo;rsvm=pWJlD?EI^jmHN>AHF}&kHYuo`BC`(3SZSdGJO9~Q+W9PHb2S}efWMj
zKMLOur^M%dDe-w<DoO{RZYm1jkENnoqHh(v&Z%fy;cbP7@5fS6p?JET#W~vx-$8iz
z{wfvK6;C&Of0BxNi1YUsexUGP!b^mg3$GM@knlr<_Y*!qczto*28w==@FRr}7JiKI
z<Ak3i{1oA*2|q*lS;Ef|exC3PgkL253gJV94--CI_z2<Q_eZHH{Qf8vjTh%k6h2va
z`2AEWDiW`UcZhTD5`K^H`-DF%{88bL3lG0vOGS;u^Yx54=Q-gSan8%4|9|Y=4crY?
z*FW$*v*&%hh9n6|k|arzBuSDaAt512k|ZQak|aq&k|arzBuSDaNfMGINs=T<k|arz
z|5|68>&)4Et=!%9-2dnKeD3Rf);V*&v(KKFGxIxhUavP9e~a<A89$nwuERX;ILzaY
zBTgXucbLZuN6<O%FgfoCI_F_Nnfa%4(h<ip?T=&pc*g1d%VG8}hdF+81if83%y#7n
z`hIi-cR!YSj5;oIL^;M!BHa@e$@SogN{m-#yb9x08L!58b;fHjUX$@!jMrwo4&!wh
zug7?O#v3r+knu*0H)gyE<4qZF#&`?H>HWwPEt&SM7;nRPThd)-`*fM@(-rjg=?Z%L
zbOpVAx`N(5T|sZ3uAsM1SJ2z1E9mXh74-J$3VQo=1-*T`g5Ew|L2sX~ptny~(A%dg
z=<U-L^!Dirdi!(*y?wfZ-acJHZ=bH9w@;VZK3zd?pRS;{Pgl^}r)1_|GV?E)`IpT6
zOXhJ6p7)Xaixlmd$7}j|iX-UfDUP^|>4(0*9A<ePW_cZUKCdOG>xy>d@_L3BgwKuR
zXUDUTj@jQac7+rj9?OnNe?Im)(xu?MGt>S?#=9|o3*$XWhu6DEmyEljFWKG|cako}
z0LJej-4%lwzn^p|I3Gr~hu6(WmyEk&B-5UDS3E+tcg0xJCFAhA9NFF#6G)egyW%OP
zJ?*ZTOtyE$v!qMLT``Sm&-n{vdsob4{AI@HkS+!7u6T`X?~3`1zsdL_#@``b3ff(<
zlx**c<&3Xn{6ogqkS@h1q`R!IC)-OwyDL6t+H<~%Y5x`JuGmVt6yGwwgYh32-_7{X
zjPGOoH^vW=4zE{_qaR-+=~B=R-{c_MyCP&fAL9i{htFS;?uw%rFUI&WjF)8mc*e^z
zej?))7(a#a%8Z}Rcs0h)V!S5f=Q3W0@e3HQ&-lfRH)8xU#+#BZnS7Ii%dzHUKX4pQ
zx)iNRhvRM1;rNzxS9D~YYtK#hdZwQ)jNim~cgAleT{8181^u`w+2fYpWdE+Xopew1
zWBe}02d<~`%@g-AK8*2)86U&=<BU&a{F!m|d`@NBzpi;vcn*Qzr(3M~QJLo#k$A5}
zwtxJ+-^7<OzMSzDjGvbI&$enB>Hgnm+OO0cze8LEzCrte=IZ%TBvxsj%>Rdsuhu;O
z;r>5je2wP$4!8eU^JG5vq`v2i%bU#S&zdLg*J}MF?LW~xX}?bMr2VIwC+*j3p0xi=
z^Q8R-&6D<@Yo4?}kox|0dU=1>JZZmC>nG{|3(b@En>0__f2n!WezWFD`>!-t+esm@
zMRRrk783gXi|zBniQZrG3u=GC_RF>VT}?N?p!N%FPwz+hg}z@T{pkCV+Me?ZeS22x
zC%;H<pJns5&-^02eWEAr)7xjdeR}&$w@+`M>GtXE6CLM2hUNWQTmQ*&ZDsr$&DHno
z^XGiO9=AhW4-uSiBia`M|2E|~KiCiYcE*2V?#J&^?Qy!8x42w8G*6cId%|(LJ2l7O
z0l?h;p;b1Yv#;~O_sB?x?|Cu)GvmLI?ucJWhwlNA?ug$>hwtN%4!;=Dnp!ST*rYqc
zA>9)m>F_=v>7Iy=rKcN{?h4vHk&kIlJA4m?X-~T+3NY<yhwrU0?P-VSO=NqAaZeN?
z+q;az_g|Ryw8Qsb$o3B7o;ZqZ56}BZhwssl?lKPFqaoYF_h?9m@6nL%G7g`=BHKHR
zd!iWG-ep`e?l2DD_hI^{9X=;Uwukq5N%ur?(p|<S;|}AVIELw;c2AUG+S3ldX2Z0n
z-4i95_OyHAIHo=A@IDLK-eKGmrO5U!<C1ZQaZeo2^iMmy??bkC823bJvc1c=WZYrg
z6J?nGX_riUhjCAoW%{RGGVLA4J#hllKkbrf51*4E`|(6M(p|<S<M6o-vL8>JNV?0o
zWZYrg6XluyX_riUhjCAw#Pm<QWZFB7d!ho<Kkbrf?=bF(lbQZ$mrQ$yark@=(?9K!
zY40%ZiBp*VX_riUhjI8E5z{~Ia2#8lI?i+%_r$48|Flb{y~DUCDz~QRhjvd?VcOH~
ziK<L{+C5Q?X|KC_J{SxAd2Zs>kIgO@KL1kBvtr|UrFvc#GtbLnK|e2x1^qlU7H4VG
zRnM1W=J|DOJikunpME|Y8_#F4eSUamslWc9p6ABK^W3C8_4)($Q$w47_*cjx1mCVb
z&rSTK)F%;eJttn8@iL5m$MnC0@$VVm$@mY9@6tS3KlJM@vGMwhdVL^fUN?w^{`x@D
zUVl9yx!>v6b7JFl09e(+g8OBSdp6u-SnBuB6JP7r1jEYpgV8x)Sh@a*TMG;;*Vnn{
zf??(Q(Q$1stXyC3o(G1N>z}!Gz_4<CgL^(0R<3{U)&;}L^^NWYU|6~Sg<B5{E7v!<
z7lL8s`j>8fFsxkP>|O+hmFrvF24GmZ9>*7hVdeVQZbLAvT>mxSC16;&zSV66hL!8z
zxR-)q<@z;oV=$~--{xKhhL!8L#7)4ka{W-g%fYa6y-3^?3`=>EW9ipXlh^Btz;>v=
z-lbk&jYazPRcv1jwp(m}MW$!$UG=YCUyY5|SCjTnYx}ACoz)n6gQbGs9mT@@N!$Xz
z91JV%Hh5Doth7t;E5NYQ?tnJ~!%Djg-W&`o?eNPnhgyJPrQHX=5)3Qt0eDL=th9&V
zSAk)rJpyk9hL!dhyfqkB+Vg?80mDjre(<Zou+m-tye$}3+6#hT1BR9MLg4Mdu+m-_
zyge9J+K&S70EU(JBH-78VWqt&ct<d-v=;-v4h$>pM}v0)!%BN`@aw^_(tZqhXE3a^
zmjJ&33=2Kk{`J?rlRR&xZO_T}ufHCiv~RApPx^0>a@=2%ey-G9JznG!>G$36bzs#`
zK9PPurEp$9`9%8t6!fH@^!pUpPvR|8(@kDywnRQru&~;9@jUHUG3{G1-kR|?j9<-o
zTgI<pydC51HOJpD#^vpxIlc~$zPS*+9=>9H3*%oizLoKB7~jVDw~TLR{5!^XF#bK`
zI~o6h@m-An$oOu?e`0(O<3BULm+@a1-^ci`jPGasH^vVz{yXCb8UKUvLyQY%f43O7
z8JCPZjJu3`jQflSjE9UzjK_@UWBghzH<CQ*n05%0#IMsl$(c?mFADjb`1L7I=Wu7n
zZ(zI&<2N$imGPSx@5cDejCW`J7RGxpek<cW8Slk-Z^mz9ybt5IGv1f+I~ecB_??XR
zXZ$Y42QYp&;{zGLhw(v--^=)5#_wZ%2;=uNK9unX7$3&?gNzSn{2|6iF#a&(BN-pX
z_-Mu-VSEhZk1{@%@y9ezUVj^xay;Hn{Bg~b<LB|3C(jd~(ERAb&o?J%p7j4D;}bPk
z{p1r*r5y8C%}+itiSefypUn6(nkUnp!uYeAm&`10?)QTNcyNgb$N9%+(D<5N_9#{z
z&%-D<zD1u3Q^3-F8W@)D)4{NGp8<xY`%Ew_-DiPe={_3_OZPcoSh~*z!_s{o7?$qy
z!LW2+0EVUeLNF}d7lC2vz8DNk_a$Ihx-SL8(tQ~imhLOSuykJuhNb%|Ff83ygJJ2u
z1`JF0wP0AfuLHx<eLWbK?i;|cbl(VurTZo@EZsMQVd=gF3`_T|U|70u1H;mNI~bPk
zJHW7X-wB4L`z|mn-FJgw>AnXHOZUBCSjyGwU~0ea0<U3U;r^cXu3%WYcLT%Hy*n6|
z?mfV;bngj<rF(BMEZzHnVd>r%3`_TZU|72M2gA~R02r3;1HrI#9|VS_`(Q9E-G_i-
z={^(;OZQ=5Sh^1f!_s{O7?$oM!LW264Th!r7%(i|$AV$$J`M~^_wis@x=#SZ(tRQr
zmhO|luymgchNb%yFf84tf??@C4Gc^7>0ns8&j7>HeI^)|?z6zKbe|1|rTZK(EZygV
zVWDRqfA_&Yjivj3Ff82<fMMx=5DZKALuiCsB@Z3K(%VZgEZto&EZu!DEZsveEZt);
zEZy^iVd-8F3`_UIU|6~r0mIV07#NoB#lf(2F9C+7dr2@X-AjRC>0TNPOZT#1Sh|-3
z!_vJx7?$o8z_4_$2!^G5B`_@AD}!O_UIh$G_o`r6x>p0k(!DwumhLscuyn5phNXKg
zFf83`gJCI8KMu}=eGW_CALoN%>AnCAOZSCfSh_C)!_s{*7?$o!z_4^*3WlZoGB7ON
zSAb#Zz7h;e_f=q6x~~Sq(tQmWmhNl8uykJshNb&@Ff83SfMMyr5e!TBO<-8MZwABC
zeG3?t?pwjIbl(PsrTca;EZuj2Vd=gT3`_T2U|72E2E)>Q4;Ys2d%>`D-v@@J`+hJi
z-4B3a>3$FlOZP)ySm@cuuR5^LVd-8M3`_TVU|71>2gB060T`C<4Z*N<Zv=*=dt)#x
z-J5`6>E09!OZR4ASh}|W!_vJa7?$p>z_4_01BRu0TQDr$+ks)}-T@3t_l{s#x_1J@
z(!DbnmhN4^uypSVhNXKqFf84>gJJ330}M;|o?uwI_Xfk#y$=|c?tQ_qbngd-rF(xc
zEZqlyVd*{)3`_SxU|7o2k5g6!I3k16_d5xOrMnA;rMnM?rF#g5rF#s9rF(ubEZqx&
zVd-8N3`_SSU|6~r1H;n2I2e}hCBU$BFA0XFdnqt1-AjXE>0TBLOZReMSh|-7!_vJ1
z7?$o8!LW3%1cs%1WiTw=tAJtYUKI>W_iA8Rx>pCo(!B;4mhLsduyn5lhNXLLFf85c
zfMMxg7Ys}HdSF<(*9XHwSMRT>*FzeBCHt51Kn%|8ai-tL_yzFFXhWi(A<(`N;h$UZ
z=tB7Y(7p-bL&2L8{s4G0!iRykAbc}Sw<Y0Ufwv<3LFlIq;lsh(68;c)JHkhRcOd*>
z@Q#F!1n)%nw=kcb2_FURyAWOs+IJ;<G_>zV_#@!m2_FOAgYZYedlEhtyf@+9i^8J|
z;g3Q4zJxyx-jDF{;Qa}I0(=1BPl695d?NTD!h68>JecrF(0&NvPlFF796t{>jPS|O
zemLRJfR7;j!u;@>7U9oA`_Y8&gZq69;ZvdgSi+wJA4m8!@bQE{4?cnL12El*ginX|
zlL&tSd@|uPz^4%YBKTCoXM#^7{3Y<|gwFz>LHNtyGYOv!K8x@<;ImVX?;l}?s^rY(
zC%$h*IX*8?J{NkzQu&<qd0<$&&j-WOeE}Gj?hC=NbYBF9rTbzqEZvuYVd=gU3`_TA
zU|71Z0K?LKB^Z|OtH7{yUk!$(`x-DT-PeL)>AnsOOZW9)Sh{Zj!_s{t7?$pvz_4`R
z42Grq7BDQ`w}N5mz6}gZ_w8U<y6*tP(tRfwmhQX2uyo%IhNb%+Ff85of??^t4-8B9
z{a{$S9{|JB{U8{Y?uXC_w~m8n5m0)235KP+3x=h;4~C_C2!^G542Gq9elRTE3xZ+k
zUKk8Z_ab0ex)%e((!DqsmhL6Muyij8hNT>zmnHc&2l5arIsQz1E*O^X^T4olpAUwm
z`vNd5-4}vk>AnaIOZUZKSh_C(!_s{z7?$qKz_4^*0fwdfN-!+lSAk*az8VZm_cdTx
zx~~Pp(tRBmmhS7puyo%5hNb&PFf83Sfnn*s84OGJEnrx>Zw15BeH$2-?%Tnzbl(An
zrTb1WEZuj3Vd=gb3`_StU|72E1;f&P9~hSI`@yhuKLCcM`#~@)-4B6b>29422?wRS
z1jEwZ1;f(a2gA}m1jEuj2E)=lKNyzo1;Ma%FARpIdl4`!-HU-?>0TTROZO6BSm=2C
zhTpxxTuc5E$IqB1hL`B-bEj$luxQ##U7fu}+Ozs`PW!S)Z2xIa`|?_Q_|L+b?>uDt
zKkF@=N&FlX9#dxh(4hdn6bb*SS!;iGrhVcSQ~hH<iC1Pk+yCc9)9thVWyXDDe$L5E
z*YvN8;vJHB)%0{zUY+smbkAk_KcDgMGSf|#H`~v7IqhpQ)2+>Twx0`f`l)-w_7~=~
z&-U|E&icvvFF9VH>A#`oxQ(dor15d^3JsLn&a>VG3`_T>U|7001H;n21sIm@Ey1vK
zZv}>>dmAt;-P?j;>D~?uOZN_7Sh{xv!_vJI7?$px!LW4i0*0k~S1>HyyMbZp-W?1}
z_a0zay7vUb(!DnrmhOGPuypSWhNXKyFf85sgJJ1D01Qj_fnZp=4+6u|eJ~i7?nA(^
zbRP<arTZ{2EamC<7fQlo0v6_W+Dn09>0TNPOZT#1Sh|-3!_vJx7?$o8z_4_$2!^G5
zB`_@AD}!O_UIh$G_o`r6x>p0k(!DwumhLscuyn5phNXKgFf83`gJJ1j2MkO1x?otk
z*8{`Sy*?P0?hU}ObZ-cTrF$bVEZrM}Vd>rk3`_T>U|7001H;n21sIm@Ey1vKZv}>h
zo;=Rt{-FLYVjg#X%Xxemes$9R&>?)h#>Y+dIFj<r@k2;Dd3*v-9J7x*BVixKQuCSh
z(O_7*j{(EdeJmK3?&H9)bRQ3frTYXhEZrx9Vd*{z3`_UPU|70O0mIULDj1gT)4;HF
zpALql`wTEF-DiSf={^e#OZVAeSh~*v!_s{&7?$qyz_4_m4~C`t0x&Gy7lL8wz6cCU
z_r+jXx-S94(tRlymhQ{IuykJmhNb&TFf83yfnh06Kkl@FeH2UIf7^m#>D~?uOZN_7
zSh{xv!_vJI7?$px!LW4i0*0k~S1>HyyMbZp-W?1}_a0zay7vUb(!DnrmhOGPuypSW
zhNXKyFf85sgJJ1D01Qj_fnZp=4+6u|eJ~i7?nA(^bRP<arTZ{2EZv8LVd*{s3`_Ts
zU|7132E)>Q3>cQ~W5KX=9|wko?!zOA{y0(w9$)bNlwAKK^Ssz}yBPM9`0A^1&r*L!
zrF?Ckd&SbeKF<#wO8Z8}H#5GK@$H)X;!|z8E<XJDtGjxf^~G0O`^5G3moWWY%J^lB
zU(Way8Bf-8vW{V`<*fg#AD!bn^VY+$IqQFSo|nn-y?LH{zwBrHAmdis>>T0!i`$e1
zr!_A6c-RWnc9{6uj88E9VCMH&CK~=pru`(t*JXUN;YVkF4}6N@>oe`A8va?vry0H>
z<I@fQJmWJA-<a{4hJTUqS%z=Q_-w<!%=jF`H)njV;af63&+s_29_AbVb*B9S!+*_(
z_tZkew`STeGW?s2FE;#|%ygF+zAe*!so}R|+AlNwP-cEs7+xgPer2Ak$9LSi;88!L
z={&?O5nlTz9DlcG4dM8^J!=Wa-|bmPIR0+WdcyH{do~b`zuU8saQxk#O@!m`_G~5`
zf464~;rP2fTM5VC?b${+{%+59!tr-|b`Xxg+q08!{G7%v!tr-|b`y@j+p~vo{N0|t
zgyZk_>?0h1w`V`$_`5v^2*=;;IY>DEZqFgY@ppTyinwp&=9tPinHhtRkGc8g8m{uq
zH(cdgXt>I^*l?9^`3+b3R?u*jZ-ot4`Bubmm2briSNT@laFuT*3|IM9(r}e;r3_d3
zR@!itZ)FWv`Bu(wm2c$@SNT@KaFuTr4OjVA$#9i#l?_+<R>g3YZ&eLf`Bu$vm2cJa
zJe_YfGHT{qO~NtXY7vh4R-16lw>pGlzSSih^Q|7?m}B(`#~f=wIObSG!ZF7h5so?5
zm~hOoCWK>-H6<K#tQp~$V=V~B9BWB9=2$DjF~`~vjycwraLloGgkz3%ARKe7BjK21
zoe0Mq>zwi=uT+k8$&4{`tgGQF$GRD=a;&@ID#v;lu5zrW;VQ>^8?JJ!kKroE`Wmis
zte@d3$NC$ta%_O%D#r#Iu5xUU;VQ=l8?JI}h~X;7h8nJNY?$FH$A%lOa%_a*D#u0|
zu5xU&;VQ?*7_M?`tl=uh#u=`1Y<!-lb8JFJ%^aIZIOf<S!ZF7t6OK7Hg>cNVsf1&W
zO(PtS)20)S`8I=a%(t0@W4_HI9P@29;h1l82*-SzOE~7+Ji;;G<`a(jwt#TVw}pgb
zzAYjg^KCKVm~Tr6$9!8#IOf|j!ZF`g5RUn_l5otoRVmNSx7C?3>3mZ;w#IOkV`~jp
zxwOu3l{4!NS2?r6aFrVy4Oh9b$#9h$n+;dFvBhwe4_gga`LNA!l@HquSNX8RaFq``
z4OjWF%W#zsyA4<QuqV&c`LH*mW<KmA9P?p6;g}Bx2*(^aNI35AhX}|0-8v<6_@8>6
z&4S;!fzSRBj{CbyIPUL0;kdttgya4m6OQ|Je!_9TE=V};*M$kk{kjO@xL+3|9QW(u
zgyVi)f^gigOA?Ozbt%Gezb;KU?$>2gp1WU{%Zy3y*Xs49@`kJZy@KItf3Ik`I&P_C
zxH@jBY`DsYDu%1$ma2xU<CbcMt30W0xXP0nhO6V2nue?6mRg3Z{HblY%AY!htNf{J
zxXPb;hO6V2`i84qYGAm^rG|#9Txw*v%B9AJt6XYgxXPubhO1m^X1L0w7I~h|rIr~r
zbEy^Km`iO4$6RVlI3BmOBOLRp1L1hw(vfh?u}*|zj&&v+bF2&Dm}6ZD#~kZMIObS)
z!ZF8s5RS(!JqgEr>rFW3TOYzP-}(}c`PPqc%(wo8W4;X_9P@1;;h1lO2*-RIOgQG-
z5W+FvhNe6>--czznE5u`aFt^t3|Bce(r}eyqYYO%HpXz3OJfaJxirpjl}qCdSGhF7
zaFt6F4Oh7|$#9iRlMPq7G{tb0KT{1?`7_OMl|R!BSNSu;aFstZ4OjUy%W#!Hv-3Qi
zGjlR(=FD8eF=yrxjyW@*aLkzngk#PuBph>Q5#g9KiwVb^SwcAG%u>QJXO<C;IkSRr
z%$b#hW6rE19CKzh;g~aP2*;dROE~7tI>Iq$))S67vw?8TnT>>F&TJwab7nK)m@``l
z$DG+pIOfc@l;`Hm_RJVFXLcB_a%QLDDra^Xu5xC#;VNhL7_N?s_8PA8XP@CJfA$-$
z^5=lzDt`_du5#v(;VL(*O8V>nDmSFzDmPriRc`o(tK0|;SGf@zu5u%Po~Lu8U`EZ{
zC`>r!MiIg>H;NICxlx>O%#9L+V{Vir9CM=-;g}nx3CG+hOE~66Il?hF$`g*cQGsyG
zjf#Y0Zd4*1bE7ihm>X3H$K0q&IOaw*!ZA0h6OOr2gK*4^nuKF+)FK>nqc-7~8+8cB
z+^C!K+}x;_8Dr)~eZ$rBuLg#zJZWgS%9BQht2}9JxXP0zhO6gaO$}E$)68&{Gc62P
zIn&Z`l{2jjS2@$haCMy1)^L?S?F?7PIUNjF$2lDhSI@sX8Lo1yv*9Yox)`o<tgGQF
z$GRD=a;&@ID#v;lu5zrW;p+KU?>tZETc3=Y`PP?k%(s4oW4`q#9P@1e;h1j&3CDaJ
zL^$T#V8Suqh7gYVHk5G8w_${1z6~cF^KAs-m~SHq$9x-2IOf|J!ZF{*5{~&cj&RJk
z@q}Z(O&}ceZ6e{AZ<7eee49)-=Gzp)G2f;Vj`=n%<+=GbJu}A4w;6`3e4A;w%C}jD
zt9+YnxXQOVhO2y=Yq-j{d4{Wen{T+vw*`i)d|PO^%C|*^t9)B*xXQOBhO2yAYPia`
zWrnMKTVc4$x0Qygd|PF>%D2^qt9)ByxXQP+hO2yAXZS5K9vQATT;<ya!&Sa*%=2`<
zZOW*bZ<`6neA_}e=G#`nG2gZkj`_BoaLl(Igk!$#BpmZ?7vY$1y9vj9+e0|!+g`#k
z-}VuX`L>^M%(nxCW4;|E9P{lE;h1mMsdyjf-Y=MMl5os7mvGECpK#2#kZ{bmm~hOu
z{Dfn^6(k(<t#Hb7^Q}l`jG1r63|IM9+;Ej|B@9>jR?={lZ>0=Z`BvI+m2YJYSNT@X
zaFuW64OjVA!Elvt6%AMUR>^RcZ<P&K`Buenm2XuISNT@WaFuV>4OjVA!*G>vH4Rt!
zR?BdeZ?z3q`Bukpm2Y(oSNT@YaFuWM^E{nz4KkX$AK~XS8xoHB)`)P-x5k8HzBM5n
z^Q|f2m~YJp$9!u+IObbR!ZF`k5svxRhH%WcwuEE8wIdw!tpnkhZygE8eCtFw=38gN
zG2glnj``M=aLl)Egk!#SCmi#w2jQ4+JqgEr>rFW3TOYzP-}<IJH{beY#+dom-*A<0
z0}NOBHqdaDZ-We1`8L>am2X1~SNS&7aFuVv3|IL!+;Ej|BMevhHqvmFZ=(%Y`8LLI
zm2YDWSNS&1aFuW44OjU#!SG-6;Unxs!&SabGF;``WW!ayO)*^M+f>6<zD+Y+<=b?_
zRld#0^K`z=%&3`fvk1q0n@u?8+Z@6%-{umI`8JPm%(wZ3W4<jQ9P@1<;h1lW2*-R|
zOgQG-62dXxmJ*Knwv2Ghw-tnAzO5u2^KBL3m~X2I$9!8uIOf}0!ZF|05svw`o^Z^!
z4TNL9Z6qA?Z4=>`Z<|w|n{Qh(W6XTpYPia`ZHB9S+itkZw;hJ7eA{Wb%C}vHt9;vS
zxXQOZhO2zrYq-j{eTJ)i+i$qaw*!W&d^>2k%C|#?t9-L6C&&NE`d9fT4OjW*8m{uq
zH(cdgXt>I^*l?9^`3+b3R?u*jZ-ot4`Bubmm2buJJe_aFGiv5r3BoboN)nFwR*G=U
zx6*`TzLg~$^Q|1=m~Z6?$9$_mIObbL!ZF_}5svv*nQ+XvDuiRcRV5trts3E&Z`BFM
ze5*k?=37m|G2dztj`>!baLl(lgk!$dB^>ju9^sg8^$Ev(Yd|>WTf>wm`<MD$dZWx3
zGv68;uJWyk;VR#n8m{uKnc*tmS{SbKt)<~A-&z^2@~w^GD&N`~uJWy&;VR!c7_RcI
zqv0ywIvK9=t+U}O-?|vC@~x}kD&M*puJWzB;VR#H7_RcIr{OB!dK<3tt&ia<-})M^
z@~xlYD&P9&c{<+)WYo;JfrMke4I&)#Z7|`OZ$k*jd>cwQ=G!pBG2ez0j`=o%aLl)n
zgk!#qCLHr^4B?n>V+qH68%H?i+jzn;-zE@_`8JVo%(qE|W4=u$9P@1o;h1kz3CDb!
zMmXl%biy&;W)P0~Hj{A7w^@X{rQrCVa1VS=%9A|w!QmM|W=uK{gN)BJymXB1=Nleo
z+AlCX%J@RV<BTsdJYU8a8$Md%be9;OKhu7x;RQ0j%<zI4UtxHmjIT7jaK={|epJR+
z8(t*iYYZ=wS#N6%FPdq;&hTOxUvK!B%zD^h_|cj68x0?rX}`(v;+giF4L>I1TMRFe
z@vVjz%`DfpJjeeti{FkuHq##Ov)tTk4D+)+(>m8L1K&Y-6Y!mcUk<*D@TTCq3BLk-
z58=(g_Y&S5d>`Qz!1oj00{j5sSAriTyd3PmhX`*8?XA-?t1ahy0at-b!drp6gtrFw
z32y@)5<Ut%Cj4sf{Dij!FG%<`;Drfq2VR8m_Ta?`?*Lw$@N2<Kq+I=9V@s4wZEuAk
z+>*!N<G@R%+9zHLycFTbgO?_}G<aFU%Yc_7yexS6l;`Gch0GW;Zz~$E^0t!UDsL+r
zuJX2u;VN&d8m{uTn&B#Ms~fKJwua#<Z)+N^^0t=YDsO8WuJX2y;VN(I8m{uTp5ZEQ
z>l?1}wt?X)ZyOq}^0txTDsLMbuJX2t;VN&N8m{uTnc*sLTNtkLwq>3t+cV~BtBjht
z+J<n<)wYCVuC^l_bF~BEn5!KL$6W11IOb|+!ZBC75RSRpm2k|}ZiHj5b|)NjwFlvt
zt33(FT<uLb=4v0pF<1K%j=9>8aLm>Igk!D_ARKdbAmNy+g9yi59ZWdp>JY*)SBDag
z`8kYm%+KM3V}6bx9P@J|;h3MJ3CH{#lk(jB9Ge+q=I1!WRep{)T;=Bk!&QDxG+gE9
zB*RsHPBvWS=M=+Leoi%9<>xfRRenx4T;=Bs!&QFHG+gE9EW=fP&Nf`-=N!XTe$F*q
z<>x%ZResJlT;=Bi!&QDRG+gE9BEwaFE;d}{=MuwJelE@Pbbc<&sF|ND2*><fNjT=`
zD#9^8R}+r;xrT7e&$WbOey$@N^K(7nn4cR6$Nbz#IOgXj!ZANL6OQ@0g>cNzt%PHK
zZX+D?b35UfpF0T0{M<=6=I1WLF+X<`j`_KVaLmuWgkyg0BOLQ{KjE042MEXfJV-d^
z=OMx|Kdma}^8(CINjT=GoATWJ^fP13{0t3O`57Co@-x5TDnAPvuJW_6;VM6i7_RcO
znBgiviyN-;vxMO)KT8^}^0SoTDnCmbuJW_2;VM7N8LslPyx}T8D;Tcwv!dZDKPwro
z^0TtxDnF|juJW_0;VM6?8LslPy5TB6Yvg%4KWk>x%+FecV}8~q9P_gd;h3Lw3CH}b
zM>ytZeZnz68xW59*^qF|&qjn}el{i?^Ro%zn4e7v$NX$YIOb;y!ZANv5{~)Vig3)&
zHiTn-wj~_%vmN1>pB)It{Om|L=4U6uF+V#Kj``VzaLmuHgkyeoBOLRyJK>n0JqXAA
z>`6H0XYZ8f=4YSG7&AZn8m{uQpW!M$`x~zEbAaJ0KL;AF@^g^kDnADsuJUt;;VM6e
z8m{tlnBgivha0Z)bA;h4KSvs_@^iG|DnG{<uJUuN;VM7J8Lskkyx}T8Cm62sbE4rY
zKPMTk@^iA`DnF+fuJUtgo~QG3T1L(MoK86A=M2IzKW7q-`8kVl%+J|`V}8yd9P@K7
z;h3NE2*>=KPdMi10>Uvr7ZQ&7xrlJg&&7meel8&#^K&WTn4ilC$NXGDIOgX{!ZANr
z5svw}nsCg|HH2e+t|c7va~<KBpX&+7{M<k|=I2JjF+VpEj`_KnaLmswgkyegO?i@^
zCxF8<fXo=o&t&_*ALf61s(lFWBjA4|*dD24UOdP4iJt`9N%EKW(u|j3{5z)q9gKg^
z_)f-uV0@S6YCWj`1GOWy9@4&(@m-AXX8f_te_KrFjG8X~k6!%C-Y?20GQNlDAOBY_
z)z4n0{XWL`Gk$>agNz?y+&Z0}PszB;xX*aVc+7Zy#tSlDnDHWv7h}9Q<0Tj`$@rYq
z{f_&)`u~#UV2{UA+f~-fgJJ1j0Srs`ieOl}R|3P*y)qb<?p46Bbgv4ArF%6nEZwVv
zVd-823`_T#U|71>0>je1HW-%fb-=K6uM38ydp$5L-Rpy4>D~YgOZSFgSh_a?!_vJm
z7?$o$z_4_03WlY7GcYXOTYzEd-VzK;_f}w7y0-zt(!DJhmhSDquypSLhNXK)Ff83W
zfnh1foKOBAYbn^ju#y~3yfhe=?q$KSbT0>nrF(fWEZr-BVd-8G3`_S)U|70W2E)?5
z3K*8|Rl%@yuLg#tdv!1@-D`kh>0T2IOZQq}Si08+!_vJD7?$pJ!LW3%2Zp74eK0KD
z8-QWy-Vh8+_eNk?x;F;H(!B{7mhMf#uyk(*hNXK8Ff83$f??_23Jgp4Hegt~w*|w}
zy&V`9I{tr87mg1L9gBOA`b&FZ#)~n24C9p;FUk1PjF(~jRK`zYyaMAVGhUJL;}}1I
z@e>(8p7HXGAIo?t#)~jsl=0$>mted!<7F8y$9U&VlAGJ%Pe&(PXYO`;1Jk|><ELoT
z#s7yJibCSXwz>T$eiP$2Gky!>w=&*~@!J@`o$)&uzmxI1G*|!ErjWRMLhgD<d=TUJ
zF+P;>2N@s1_$bE5F#Z_h;~9UF@kxw7!}wIjpJ#jq<1aBjoAFl}pU3zcj4x#TZN`@{
z{vP8i82^BDU#Ra3WOG1mhrUpsZ#R8)TWY)Y#TwEJ9RB}D9pF(=<%#OQfKb0r+tF|}
zKb;I$-(To#xcdG=7sJ)}7rGj*zQ54TaP|F#?uM)HFZ3{6eSe{+;p+Pfy$x62U+81F
z`u;*+!`1f}`WddiztG=s_5FnbhO6%{3^ZKbzk>`{-(MJPxcdIW5X05?7ls<HzP~Wc
zaP|F#;fAa4FN`o;eScx3;p+PfqYYonY=>={QQK_+v5slKp79M6=zhK++pE{3;FCex
zd?r4Y@o|igXM6(V6B(bx_+-YXFg}&>X^c;2d<Nq)8K1@YY{us>K9})%jL&C$0pkl9
zU&Q!g#+NX@G{=jGKzvDThv;81{&m{n!^tY2lkIbv>fi7cjIYd@AAIdh?JcVqU(NU$
z#@8~wj`8)3Z(w{Q<C_@Y%=i|@w<<T*=QhT-GyUvfd?(|(7~jqK9>(`FzK`+!j2~cJ
zZ7pT;)=vTPO?vx;4Jvp0RP77FlZfQF;@edFGI{L_i0{&#>VHR}Y@Vm5yEuQ!Q~i8j
ziuRq1|G@YIO#i!>_CGRSryxB)yP5VsF}^45sr56o7~TKR>GrAhvzPH-7~jYEuZ-_!
zd>gYqe`DGoVElK+4>JA-<A)f(mzmER%>5{ir`P`@>FqYP{?B3h8N;-<(*39I_tFLE
z>DuY`sp-nJr}}XicNzB>AC#W|RR1f}>oes((@(&7$as|YyyYz<;wP!~Q%DqGyfEWM
z886QGv5c2uybR;zNcY7_$ETJnZ+-frg675Gu^mRI-laZts0_TwiLZ0QY7!@>+XEzC
zk?~U)uf%v|#!q9s3gf3UUX}4P7_Y|onT(&scn!wSX1pfjwHQB_aXp`t`>Qt7z7FH(
zGhUbR3mC7*_#^54J+)ocXWC!Hcmu{SW;`c1Qqyh7w7-P$MvPy|cw@#dW4sCDmowg!
z@hcc_&Ug#PuVlO><E<EP&3GHeuV%b0<JU0Wj`8-4cVPTl#yc{89pjxCzn<~VjNia`
z7shX7yes23G2V^wn;GxU_$`e0VEk6bdotdO@!pL0Vf=Q+`!cQ{|0g+o2h+YE<99NC
z7vpy`K9KQy7$3y=y^IfL{65BqFn&MdLm3~&_=AiOXZ#_?A7*?c<D(dVk$Jou&9r}n
z@iB})%J^8u$1(mm<4-U?f$=99pUC)Aj89_xX~rir{tV+&7=M=Wsf<r!{CUQwGyVeO
zGZ=rJ*{)_X?PoFmGUKxue}(Z^8GnuOd5pi#_<Y9SV0;1NZ!*4+@wXUX#Q58czr*+v
z#@}UpDdX=kzKrqZjIUt)ea2TZ{sH5w82^y*)r^0{_{WT|W&9Jy*D?Mn<LepU!1(8k
zZ)E%n#y2tkCF7eJ|BCS~jDOAeR>rq6{w?F%8UK#)9gKg^_)f-uV0;(jKQg|X@t+vq
z!}!mP?`8ZK#(!meKjXhKet_}c8UKUvLyU{ksn@Sk&(kf&ZN??z4&yH4KH~x7A>$F_
z`54d7cmc)>GG2)B!i*PTycpxf89#>cV;L{W_;HMvV*Gf<OEX@E@v@Ac!1#%bmuLJW
z#w##>GUF8)uf+JNj8|s73gcB7KZEgVjGxJPb;i$PyawZEGhUPNT8y8|_<4-iVZ1Km
z7cgFr@%oHk#CQY78#3OA@k<$R%=l%DH(~s8#+x#J1>?;aZ_aoN#;;`jD#lwe-iGnE
zj9<fed&aM2{5r-vF@8PcH!yx9<2NyWGvnPEzlHH0jNi(5PsV#QejDR`81Kt?KgRnr
zei!2d7{8nGfs7Agd@$qpF+POxp^QJk_%OyFWc(q<M=<^{<0Ba##rSB($1wgV<6{|r
zjPY@dKhF4g#wRd7k@2S(f12^hj89?wS;nU_K8^9|jK9G6i;T}?d=}#`Gd`Q~R~Vne
z_^XW1Wqcmv^BG^j_(I0tVtf(fZ!^A_@pl+s!uY$4FJ=5a#+Na^obmS=U&;6fjIUz+
zL&jG#{t@GA82^~@wTyql_@|72#`x!qZ)E%n#y2tkCF5T)zJ>9vjDN%UHpaIzzJu}a
z8Q;nH4~*|({71%jGyW6fdl>(j@x6@y!uUSMe`S0><G(Rpw7{XfKm2@Y^8V}rru{+2
z|6u$O<D$%=yub8xEyiue9mYMzeZ~XEOET*xWZK7!=VLrS;{_Nm$arDKi!ff4@nVc0
z&G<2lmtedk<E0osp7GL*mtp(_#>+8&BID&5KZ)@QjGxSSMaC;Jek$XY89$Bj(;2VI
z_!*2>WBg3U&tm*+#%nTu4&${Lug&;*jGxbVUB>G%ej(%a8NZ0}28>_Kctgf7Vf<3Y
z8#8_x<4qX9objfNH)Fgx<5x0%72}PVoNvvvZ^E>1!?eGe@wSX#!+3LMy6v>~@R8-r
zp9R10m3xx#J0}tz=RM7HTloS{6255_!YL9l6b|JR`Qf~PC<xzuF9@f?#Hk>(I0`;Z
zT{LrxV(?v-;^G)lLL4hfisM8nal9xk%80V!1W`_$D9VeIL<MoOs3=YmmBgu{vN#Q<
z62f$<h|{5}iZettai*v)&Js1m*`lU6N7NGMirV5lQAeCF>WT|QJ#nF^FD?=d#Koea
zxCCzB2yWjfX9@kBYq?9yU%M3MBtCp<48xa+CgO6@6#BjbhMI}yqJ_9pv=mo~R+*)3
zE!v2yMO$%=XeZi(bP(5yj^aAeNn9^FiyK52aii!eZW7(Z&7!-wMf4E2ik_mE=q+v&
zeW2IdMPG4;=qK(J{l#5kfVf)>6!(Zh;$AUW+$V;J`^8Z4fEXqo6vM?sVuW~Dj1;59
zXz_>`BOZm@j}?!JapG|?UOXWth$qEF@syY(o)(kEGh&K(R!kMoiD}|_F<rbMW{4NX
zO!1PKC0-V@#VcZtcvZ|5uZel$bunMOAr^=?#X|9xSR~#Si^V%)iFj8m74L~<V!2o$
z-WMyy2V#}@P^=aoi8bP5u~vK{)`?HWdhwaqAU+ox#TR0e_)=^ZUx_W^Yq3>)Besce
z#dh(X*de|bJH-!Tm-tca7C(tS;%Bi}{37;=U&Vg$n>ZkT7YD^3;t+iN-m+{<T8`yf
zp5<GC6<U!MTluW~RspM^RmduA9c2}<idx02qpjlBF;)rdSgWLUoK?y?-YRXCvC3K}
zSmmq}t@74MRt4*1tD<#^RmnQls%)KRRk2RDs#<4Q)vPnE>eg9S4eM;Hrge^0%R1Mp
zZJlS;vCg;ZS{GRLtP8FB)<sqW>td^+b&1u;y3}fHU1l}0F1MOmS6I!g=2i>qN~@)H
zmDS2>ZMCtkw%S_Pz>qq%v)Wr7tZS`~)^%1V>w2rRb%WK#y3y)t-DGvMZnnBxw^%)_
zTdkf}FRQn8o7Km<-Rf)IVfC}_wEA0jSp%%Qt%24()*$O%Yp`{nHN?8#8fraY4YMA!
zhFcF=Bdmw5k=7_{wDpKJ#(LBmYdvO-vmUp`TTfUMtS7CB)>GCb>uGDU^^7&ede)k1
zJ!eg`p0}o3FIY3I7p<ArOV%vwWox$eiZ#c2)tYO)X3eu+x8_@KSPQH-t%cTG)*|a|
zYq9l?wZwYYT57##Ewh$eE3EgemDUH=D(gdQwe^v;#`@S=Ykgv^vp%)fTc24Qtk12D
z))&?$>q~31^_8{7`r6uRePeC2zO}Yn-&s4X@2#EI57sX0M{BqBleNeC+1hLUV(qhj
zwf0-TSqH4&t%KGd)*%Qo%eHN4JGN_kwr>Y^Xh(Kz=d<(M1?+-$A-k}BlwHIwY8SJQ
zwu{@x*d^>^?UMF!b}9RKyR==#E^D7)m$Of_%iAZ}73`DkiuNgXCHqvnvVEG}+Nxro
zZdbL>u&dc;+STo|>>Bpjc1`;nyOw>fUE4m-u4A8X*R?OO>)99D_3ex72KL2vL;DiD
zk$tJ%*uKneVqb1IwXd+7!Kr!PsfB%|T?JAMPdG+DVasGZUbeKavRm1$?Kbw+8E<P}
zW4E*0+Z}RRVP925?k&^3WQVV{JKERTo$TxF&h`y<7yCxLt9_H*&Au6~cecAj-2&Ca
zzSZt&_d0y)Y4^?>?q%Nwr#|-Wc3=AryPth$-kAROT`)YrzB?lWZFRaQZ#?$j*&bxy
zYY(>XvxnIC!!<PpH3o-=X4)j)3$CfT=xje=4}(*3u5Lk{KWGoPAF@Z-55xKxX^+C6
z@e-r$N9-~7qxM+)vCMU}tHe0_aeKV|ggwE25_BTeQ}!hLX?wE$j6KDE)}CrVXHT=A
zx2M}L*fZ=G?V0vV_AL8ldp5Lu#hzooYR|P_v*+2b+w<)=>;?9l_CotDdy)ONz1V)o
zUShv%FSXyZm)Xnh754k~O8WzQmHnZ;+WyF1V}ER~wLh`f*`M0$?a%BD_UHCS`wM%M
z{iVIx{>t8Be{FBIzp=O3-`d;l@9Z7+_x4Wv2YZ+OqrKby$=+lCZ11&yvG>`(+WYO_
z>;v}i_Cfm(`;aZ9C2c9CBVFmqM#7hY3}qx^nNQ}I1!O^4NEVhy$s)3-EGCbZ#pN-w
zggjQ3l*h?Z@_1QVmXT%U39_6#QI?k{$qMphSy7%ME6G!3WqF#cB2Sl9<r%V?JX2Pe
zXUQ7!Y*|yDBWuZXWo>z$tRv5tb>#)Jp1e@jmlw$f@?zOgULqUGOJ!qunQS62mrdmr
zvYBiyTgWSAOL>)SC0olj@@m;uUL)Jd_OgS#R(6!v$xiZm*;(EoyT}`5S9z1{CU2JA
z<t?&@yjAv;y<~5Bo9rWRmwn|OvY)(D_Lq0b0rGA+P~Ia4$$RBsd7m62@0Ua619F&r
zP!5+5$r18lIZ}?2*)3<Z94#M_W8|Z9tb9z4laI^s@(DRXJ}D>4r{pC0w45xTkyGTe
za;khzPLt2e>GB0RL%t|y%9rFU`LdiXUy*a<t8%V<P0o|A%lYyRxj?=t7s|KfBKfvl
zEZ>n!<hydId`~Wu%jF9BzFa9kkgMc}a<%+Ou8|+hwel0WPJSxa%g^Kn`MKOEzmS{c
zmvXcGN^X%~%dPSoxlMj6x6AM34*9*@DSwc=<d1T<{7LSSKg+%H7r9UVD)-CZ<N^7+
zJShK=hv2}@a%@LBj^jF><2!*9I*}7Q`JDVt0jHo-$SLd`<rHy>I>nr$o#M_hP6_8&
zr=)Y7Q_4BsDeaVT$~q@F<(w0p^3F+41?Oa^qH~H<$vM@j?40IQaZY!tI%hc5oHL#3
z&RI?k=WM4Y{50M<PA%tLr?zvRQ^z^qsq0+e)N?L$>N^)X4V;UehR!8UBj-}5v2&Tz
z#JSvQ>RjP8bDBFXoGYD{&Q(q;r?u0@x!P&#T;sIEAKHUdYwu)F9h_^Oj?Q&XC+B*n
zvvY&f#ktYx>fGdXb8dFJJGVGJoLilqPA{jobDPu0x!vjO+~M?d?sWP)cR2%`yPbi~
zJ<cHKUT3g#pEJa{-x&&hKaiPDW6>Cn>x976QKw{Rn3D`8o+P7kbw12_(CKUscOG&^
zI1f7`ol(wc=MiU&^C+CgI*&QyoX4H<&J)fA=SeunjC%sc;u5C+COZGlDd{1(?GrGC
z#Bwj6a<ZpJaC|t)iQq{7X{Vr=?BE(mmOZ(A#+l+g>r8g0LgDE-I8Ae&ccwcpI5V6V
zGuP4n)zeI^<x6mVmh-YR+j+%N)0*SF>dbXsbLQo&^<+)I?wF@Y%y;G=p0_vh`d{F@
z=`3{K%Deur&f))TyG731&f+7?(>u-*SekcX8%dv@g8L`Aj%#D4Gc(ho@!>7DmyL5y
zJ^xZmwA5J&<JG-Lp9}FGv{-h8x%>0=gWEOEWpa*tih4XxOkFBX47brg@ArS>*yRp&
zdXCxi)PA_aF;B@}`|n>S+l9Ksb^E^aK5Q@e3_TR@XXdDvz0z6vm(nHa^?hwiL{BWa
zM8hS-<l#?nob{LH09&i9Ref_?iCVXK{#Un?4|2A4I0l4#%=RW=k5ki6*2Q1#|H$pt
zUab1heOyVVsb4;II2n_DEPY#*q>13A+5?k5)E2wSNuG!P-OCT1)j55A<g9_~A3JMP
zy4+did;-^3!R0DrpHaHXS(h2x+DbA(&FQDkdgn7|gY&tw(fPvJl<5`6;1R)>#Hqd0
z9G<)V*$L-n72L;q8@$)il1qI&cU|uZud6L6xdmR^40HZfX39xspl->`i4b2qTVeT=
z+u<1X_f6imxXt+%hPUS}KaQuCAE$}0PkrZPPorcE^VA;pV!RbjUtfN7{KH!(m&x28
z>5^Lh9hvp}{o%EYJ#L2K?EQ~|e>gA6<+{ueT4q$<*-qyNXIEz3{HTqgmLGdmbBx<a
zUMHymYWdYIk|jwlkF?~uw@O+kYcaX5)+pZp+2zN1z~xNl1;?o6H@AV*tivGos%}f)
z|Lq+-hE4ye_G*f1n*a0LKQ4v2{JUY9v->~J<4?|>%zgB;v-j}wXXkvm^NX`D?;iZs
z*$>02&p%uKQL?p_-SWT7yM4A_T<f{>m#lNuyAZ#@_yd_Xcq>#qPlmFV4CUTFyWGhT
zw!^>QGfS`5K3+fQ{E^uc4>`iMT<ZR}@$Gl^kJ|p#vg46_a*AOn`=`<m?}cRUlFMZ6
zCYOmH>GH_!aq77Jt8Gy21(-n6T@Fu8)n2gNxc^<(gK=u=*n?Wjc>T}re{7lkYw!4O
z`h;7DS_AF>hnGK@bDUqCAGQAnZs@LZA}Cz`*v;qWhh;3_7KAmC<X<xPh1|k9_rB`s
z$jhHhG3h7w64xD09b4s|k~vN;bI1O@YwKX?T3bhDmRoHFm_$X~q98&PbB}h5!}foS
zJ4z;VtEN}NP4CO!9iHnyyZ>|B<2Ag`vnSlz)Y{J)Kcwb{A5V{=)*u@8mU|1;|FL=Z
zbIH^i!a2pq%;VfrpvSwV-7;?3yq0)NYX3*a<)a__aBS`z{PWi^Sx$iMS)Izc<qjts
zP8*LyvZv<ua_2->omA`g#1Y+>uq^!2V6T7e52vs0jqIHK^|hk+knIbXzkJ^EpX8nd
z%a2Q^-~af^mJk(Ob;1_79Nc|+vRlzrbN<(sR&U+f8U?R^j*_@e)2CD1^fer>+TpVY
zHKfj|`7`%9-0SdmSe0CSj~FYPJEvxrCAlZmx~rULr{xV*$s0O7Zz#K_)lk*LW0EC3
z!>#6?=~j2oa%;F}yEWZ&;JP~Do?p$a<>GUpb+Gh!ne9z&f$IF+y!$VCbXxAz&a?CK
zhU(-Eou4<9?gxkK9v&k^dOhNB?wVEOv-d*M8YNk_zkius-oHC^fm<){KDp4n5SFrj
zW=XS0c*~v5&V{h`t7mq&E?QgE_LE)a+(%{HUevABys9<Z+QO+_n3=X3O3u@*a9Z4H
zIn0&nIk_cX_JVEULYJC9)oOWWkGRNf;9l%DbT4rmxtF?)-OJo2?&WS%_X@X}+uUv8
zUg@@UuX0<tt=%^6)oxq&8n>O>-tFLC>vnXnb33`$yPe$|+%E2oZdb_in^Jk+Ei-(x
z+ugmz?cv_)_H=u>z1`c~KJM*qU-u5TpL?g<-@VHn;NI;HbnkHox%aw*-TT}j?)~mi
z_W^g9`=C4AeaIc*KJ1QkN4cZjN8B;)qwZMuG1#}qxsSW!-6z}$|EEt+x)a@}{#TtQ
zx&OCL+&=OD&$Excm~OfAk^3lXj?ZoV?_JAI^PlPe&-(kT%aiTv-&?kS=T_Ni{xj?2
z-<b#fHaI8h70mQwg&L-gJ}ARJvdgAVA-SGBYffLPTdMP?-O27V?iBY~cdGlGJI#IG
zo$kKi&TwCJXSy%Bv)q^6+3qXu9QRdsuKSuh&wbsU@4n$KaNl$nx^KCQ+_&Au?mO-h
z_g#0X`<}bZUGA=M-*;EKAGoXB58c)7NA4Q;V|T6liM!7I)Lrj>=5BC5cQ?9UxSQNB
z-OcV-?iTlJcdPr2yUqR9-R^$p?r^_%ce+2gyWAh$-R@8B9`|Q=ultL;FY|cvtGnO*
z%{}1$?jFosf8b9Z7n61H-^>55f&Z?7|E_`mTWbKHvmSYl1MLXo$hW{2`0Q2v{cG+2
z)2-Aa;U6xZ^l7Iby^j3&hquP(S?iobsplq1A9~;Pb-ewd%<Bos?Xs8jEpioapS?xy
zP;SfgwPe}UGxpqDWv``g@jp2{6h6zCekP2|gwJQwCnY#0_k^z(se3f}>=V9jrry1y
zo}XryPKflY-N|rzy!u3dI)A`PuHoDcwS_m-K2rbx%sM;Ld$j+|R8%kNrBAjI9E0op
zpP0^r&`Wk2|3r`fR3F*7$`1X#zLQtOlC2omp&Cx6fY%aJV}`-&Y`rq?JY$>Wy(rxB
zsBP`<%pdljy**wt|FYx%*`Z`g|4y&TZSj&?C*K`T!}N2Ke|Pw=%^%)#>K?^;!%X^X
zxBok>)pnGdj6$q~*Y5E3J3P-lsjW?&<Cx?VFUch?L9Zj`8@2xNmdT&W<>WlcXLTLh
zBvVtLyGcIJgWAg;4X^knpV?8Ds&#fanacm%WwOpzIhJR8(sMl5^E}@RywHn0yuV^E
zU*_`f+;^?5%}#zVnN|U>pjXH%>>cG5@rruIyraG1-XZ2Vg<Ai~+E$mz>*DE4T)Wvd
zk3;FPY8Y>=@{4-+^Iu=u?4!EcGw@g^d54F7efwYU`>(a!oXOfGZShjA@k6e8?3S#<
zzcvNFb$V}0)<bfC<E1kE)DQk8Q*Teczo*)$X;Jq-KNm+Hll|t6+E<V9N_fY5CB5U|
zRLVQvEA6SNC+B6nvfc?^IqyWTymyjU!8_Tj=$+zK@=o<Cd#8C-ywkm^-Wgss?@X_{
zca~SfJKL-2o#WN=&h=`0=XrI!^S!#>1ztVxLa)Aek=MYx*lXxrl9@&$?^3U^mt7NT
zD4A|@skY+w&Oq3rlM`BYcomFGpOSTe?_Xq3>Yc4shu`B$dKcm{uZefL*VMbhYvwig
zT6kA_ExoI}R$gnbjd!)z*1N`Q=e74bc-MLzz3aSA-t}H*?*^}ncca(UyUFY3-RyPu
zZt;3}w|YIjUS4nSHm{F&yVuvd!|UhW>Gk*S@&<T!djq|Dyg}Z*-eB)OZ-{rlH`IH;
z8|FRe4fh`MMtBc<BfU}HXzvkkjQ6NF)_cqw=RNL?_nz=3cu#s0y{EiM-qYS>?-_53
z_pCS7d(NBYJ?~BTUhrmkFM2b*m%Lft%ie776>pCBsyEkr&70@F?#=h!@D_M)dJDa`
zyhYyI-eT_^Z;AJ=x72&jTjnkIR(S7wE4>fARo;i*YVRX&jrXy)*89X;=Y8s}_dfGB
zc%OS4y)V2?-k08H?<;SM_qDgx`^MYmed}%azVmi?-+Mc~AG}@OkKS(YCvT7Uv$xm#
z#oOoo>h1S_^A32wdk4KgyhEPwE#LN~j~_nqeBTfJ(2xAs&*$g&)qSb%<>Xvt*D$+)
zkKe9J^zUExv>$};B=oWi!c-r~BxEnUkYCt8$}i#<^^5sO`^EiZ{1X1Leo6m0zm$Kx
zU)nF@m-SEZ%lRkz<^7ZV3jWD{MgJ7Pl7FgS*+0#%;-BtU_0RCD`Dgmo{j>ZU{@H#_
z{~W)Tf39EKKhLk@pYPZ8FYxR67y9-6i~I)u#ePHo62Fmuso&VY%x~gf?l<+X@SFL~
z{TBX}eoOx<zm?zGZ{uI>xAm{_+xhMN4*s=%NB=s%lYhP6*}uW>;@{|Z^>6aK`8WIB
z{agGV{;hsbzn9<Jzs>LC-|qMI@9_Kicl!PPyZizE-TpxT9)FO3uRqwo&mZF7?+^7K
z@Q3*i`osN){1N`c{z!k6KiYr9ALBpjkM$q($N7)@<NYW63I3D*ME@y&lK-?n*?-2L
z;y>$8^`G;n`Oo{){TKWh{)_%h|0REx|FS>Zf5o5Uzv|ERU-Rerulw`;H~a<uoBl%o
zEq{^!w!hea$6w;V>o4`+^OyO{{T2TE{!0G?f0h5CzuN!EU*mu5uk}Ci*ZH6N>;2FC
z4gTl;M*j<clmDf^+5gJl;(zUL^}q4A`QQ56{qOu8{`dY){|A4U|D(U#|H<Fu|LpJe
zfARPEzxw<A-~0pq@BTsm5C4!a0xPfs890F(c!3`TK^R0q9OMh~2L*zHL7|{<a8ytv
zC>j(Cjt+_k#{?yUV}p{xaY3oz_@H!9CMX-65R?l}49W+X8Ycx6f|G-a!6`wd%=J@)
z%E4(tmEiQCYH&tSEjTl%9-I}_2+j^_2ImB|f^&n~!FfTQ;QXL&a6wQnxG<<6Tog12
zE)E(7mjsQ1OM}M2WkHkR@}Oy^zbk@fLGz$RaAnXkbN#BIRnR(U6I>m%4Xz2=fwhO~
z0Cg=?$Kbl4Q*eFIIk+L{65JSc4Q>j$1vdxXgIj_g!L32hpjXg4xGm@t+#d7|?g;t?
zcLx1~yMh71-N8V(y%6^VgMxd5!NGmOkl_AcXz)NVEO;;&9y}C`2p$eb2BU(}!6U(#
z;L%`g@K`V|csv*%JP}L?o(v`iPX&{Lr-RACGr^SL*<fn$Tre$oKA0Z75X=Z(3}yx|
z1+#*egW16=!JOb#nA+UnwP0TGdN4nDBUli;87vIm3Kj)#2aAJuf+aBi-C$|(Ua%}!
z9;^u74^{>r1gnA%gVn)D!J5pxejKa~J_*(Zp9bsU`e(t0;PYT(@I|mG_%hfWd=+d7
zz7Dnq-vrx&Z-ec@cfpR}`^@cj20sM5VCctSckolNC-^zo8~hUN3w{OLAN&>^$UFUh
zcu05$gFk{pfe0UPEGTsfg&oS!30*i(E|XUbywDGW5Uzz$7>D`7{9%ExV0bBfmk3XV
z!oo1_sIUl}H-&G%hoUG96$?*?Z}6)gjt=oPwc_D1VF~Od=hO(UsdmR|;|>JyGX=>>
zlnjpxONGaWc>-ffhh;*%pUZ|Pgyq5$!}8%tVTJJIuwr;hSSdU;tQ?*eRtZlJtA=NU
z)xtBw>fu>ojqvQSW_V6m3vPLCSUWr~tP`Fe)(tNR>xCDF^}~z82I0k-Uhxx5xu=F<
z?)4*I!@1-CF!k}#JxPD{NRQX>n~Hc!hEywj?7*Sy@d4jAj=3ak6kZxO4jYTh!Y1M6
zaM?7xB5W2m4_ky+hAqRZ!d7AHunqXtVOuzFB(4eDh3&%*;k9tBvFI3H7j}Z7>!CVB
z-2l}kyfN$=-V`<$-NKv0?%^$AkMP#8XV@$39o`o9ffl!ieZxD#e&L;A{}8`*hNrv2
z0pZ=@!0;Xz-zf8G)j{DXd2cv4ye}LQ-X9JP9|(tq4~E0Thr$uz!{NwqR5&_(Bpeey
z8jcMg3&(|zhvUO1!U^G%;l%K%a8memI5~VKoDx18P7R+6r-jdl)590S8R3iJ%<!df
zR`_x_J5;Zcz7ozkJoJbADoj6lRRZ=|n7`Mc=7mk*_Z-ye^>BWs4YpHrnm)%i>e=`k
zd9Bp-zjnSLd^21az6E_Of_nRJ^@a1vofe0S!*{|Zhwq1X!=-Tjy>J<vt6MA%3&3w!
zG!ob@5gf*A>T+?oJX{gJAFez+9{q!G6}0#;T%Bo|+!AlEZuik)UmUK1p^wA0;U{pp
zF8nlHe|XGisos+5>C3P<+z@^qZiJR!gq!kuRP**_xH<eP+!B5rZVkT)w}sz^+r#g|
z9pU%k&hUqDSNLP5{qFFma8LMixHtSI+!y{D?hk)E+>e^q#o>YQ_q;h#bFa_ELAXWI
z`j7AsToaKM*^!K#2<OF(yvUD&%y90SNMB2OP1b3)PjgJRO&CQ{9OXOQxAOc^fv8|q
zC`#rj+u9t`w@FN4EZx)B3rB^c<U0144C7@Jaa2?!Z)|!@W8?E~=5zA@lqCCY?)<6w
zH%-YXnH`hdBmeqk_O^dzC`l6YHt8wnj>UTiPb#a_W%mA3ntO|X?%JO})=*>VX;Up}
zD;gDxj*f~)$3!KfW22JMaZ#!0_^5PLCMp}95S5EgjLJtRMHQlxql(cfQKjhAsB&~#
zR3$n+sv4aURg2Dysz+x<HKMbln$bB?t?1mSc644;Cptf>8(k39i!O}nM;Ap6qKl)3
z(Iru%=+dZhbXn9Sx;$zcT@f{lnnx|7E2EatRZ**`b<`%hI%*qT6Sa%lM;)STqmI#a
zQK#tosB?5f)Frwx>Kfe?b&GC}x<|J}J)&Eqo>8x;cXV6SC%QfA8{HB0i|&m2M|VX7
zqPwGk(LK?i=-y~>bYC<ix<48kJrE6x9*l-Z4@D!Qhoh0vsAzQbNHivTG#VQ{7LAJ@
zkH$w&L=&PXqvV~QBVW?%|G)Zo)<E_MAh(w$@aUH-n3tyMZT`vYDmNxZ6Qif#)adXL
zO_B=g(mZc0vWa4j{U;?!Fa7f0o5sY$DahSANl7)HTF+`sZoAyx%yBsHla4UuCfXXM
z)^ED!^l<L<&1-sF)pu6aQ1*JVjJW(bY|ab1s_Z&S9-ER&H75H=lWnPbO<y;MRWI4T
zu%B#SI7hjX+e3C8B*!n*<&o2nZ=v>p>>OpMpPlEdWrwI+q{n8D@^FsT5w$u`9~&me
zZP`bCCF*)ImRjcQE$E^D)DhQzr}Mva4bWS~Kd<<R^UwGCPxVOcIh^4%lRXYEbFZbx
zsIj^8nBJ?+o|GiF$o7@wLZi%cGn}(*KiN4*`b%z~zRdQeZi#)Q$ESy}?bA8WDATu2
zhO^6!w^ehI9a62bz2f!kwdA&G`B#SZUb44Ik5SW3)(f^-98Qj&iKhHZ&xn&-|Fugs
zmE7ATOPQ;G=UR4opN*!%J*2K@d(4hkmRzS=D$70=smIXl^*<X@kH&x2A{m#=!I3ZV
z7U@>1hwS5Lb|~rluUz7@$G_5^YWw$lpnCoPXV1Yg*0kvPXnOQQG$VR3ni;(m&5B-*
zW=F3?bD~$HxzTIUyy*34e)LAPAbK-e7`+uOir$VENAE;SqIaXE(R<OdXnC|EdOunj
zeGsjRK8#jJA4O}TkE6BGC(*j-(`bG4S+pVgJlYt25p9aTj5bGKMO&h;qpi_5(YEN@
zXnXWsv?KaH+8O;2?TUVkc1J%&d!nDCz0ohxzUbFzfAm{)Ao@Kz82u3)ibQP1b}VBj
zc4II0;~);>D30TNasIeKTre&a7mkmLi^N6aV)4;&@%WgyM0{*qGCnRY6(1j$j?2Vl
z;}ha?@riNy_@uZ(d~#edJ|(UcpBh(=Pm8O>r^i*}GvaFTnQ`^_thh#ec3d+)C$1Hr
z8`qA{i|fSa$93Zi;(GCgasBwBxIuhz+%Uc*ZWLb{H;ylho5YvLP2(%#W^wblMSNx4
zGQKKq6}OJt#8<~{<7?t}ar?MKd~Mt@zAo+*UmtglZ-~3ZH^yD#o8oTq&2jhmmbgcJ
zYuq#L759#Bi~Gd4$9>~F;(qa+asT+PctCu2JTSf|9u(gj503APhs5{CL*obHVey0U
z@Ho94Jrs|KAC5=H>Rp3T@#xf#fF$p&_%04T5|4==jmO51#pB|~<MHtm@r3xvcw+oi
zJSl!Uo*X|DPl=z6r^e64)8gmj>G2EkjQGWPX8ck-D}Fhi9lsLKiC>N9#;?WmU>dKd
zrZYb?oc#pCe`YB6RiZcIKmV>Q{tCfgIpy|_*K%+DpTC~GFZAzT;x>Tq$f<Ybl55Gk
zbjh}oT&hn9<9X5^FZCm(q;&|tLYp1V4&l3r$u%5uwRiQBad?SawYsiP<pK6H;pV->
z%Yyi?pM*$m^X9*C>*Tio$;*YQ{W5o5ycPdH_O1d<ilb@IZtos<?6~^?hr{9S931Yh
z!QI_m0>L2!2~P0fmJ0y_!QGwU?hYZqUvrzyo+1JAC;4vssp_|@tGlbKdt^s?HhDIC
ze(`MaZ1rsOZ1?Q&?DXvN?Dp*O?Dg#P?Drh-9P}LW9QGXX9Q7RY9QT~?ob;UXoc5gY
zob~+bIp;a=x!}3zx#YR*x#GF%x#qd<x#79#x#hX-x#PL(x#zj>dEj~IdE|NQdE$BM
zdFFZUdExoZ^V0LX=auKR=Zy!$9k>%mxC?jV0eAvD5D&r=;vO8w37o_!oW>cP#W|eE
z1zf}>T*eh##Wh^V4cx>nJQ1E4Pl5;IN%3TOay$i|5>JJv#?#<w@en*6o*vJDXT&q%
znei-mRy-S?9nXR1#B<@f@jQ55JRhDPFMt=sL-9g*VLS{kf)~Y$;l=S1cuBkzUK%fh
zm&MEB<?#x5MZ6MT8Lxs@#jD}f@fvtdycS*?{{pXr*Tw7M_3;LHL%b2*7;l0%#hc;H
z@fLVXycOOWZ-ckR+u`l;4tPhr6W$r`f_KHc;ob2bcu%|+-W%_O_r?3+{qX_#KztBB
z82=I<f)B;N!iV9*@e%k)d=x$!AA^s@$KhY&<MF5?_kO9kW|^<_H~55zu--EfpM+1w
zzs0A-AiIv}@~QYVd^&{np2<)uYM>GfcXe<MbIrhK;4|@we}-A0JsbZHp97Lf_*_WY
z_gN<a_J(<XqWSm&d?CIF{~lkAFTt1M%kbs+3VbEL3SW({!PnwH;Nkd>_&WS2d_BGa
z-w5S?#y8=c@n7&Q_|`vbnS^h{x8pnTo%k+%H@*koi|@nt;|K7A_#yl-ek78f&w{w)
zqY>J+*N)-G@e}w-{1ko~KZ8$=RLj{v@vrzf{5*aEzldMLFXLD6tN1niI(`GciQmF+
z<9G18_&xkS{s4c7Kf)j5PoUgW{2Bfne}Vsozx=b7N%-&hEBrP726lZ8!bu>)MYxFo
zA^{Od1Q7{|xUKc&cnF*z2of}@2yL2R2$tZ82`~aYArPYPHKr)z;4A$pVhocAnNSFo
z&<LF{2$QggL_}gD2@y;rC6W=zi4;UiA{CLENJFG0LWp!kdLjdnk;p`3CbAG&iEKo6
zA_tL^$VKEP@(_86d_;bt08x+#B?=LRi7=uFQIse~6emg$C5ci*X`&2KmMBM*Cn^vX
ziAqFeq6$%!s76#LY7jMvT10K)3!)BDm#9b7CmIk9iAF?Yq6yKIXht+AS`aOXRzz!}
z4bhfpN3<t85FNogorq3EXQB(ymFPxvCwdS)iC#o+q7TuR=tuM?2E4}@yxog&ZJ!@1
zw`XQ-zqhwO2_HxdA_fy*5<`fg#8<>HVmL8^7)gvGMiXO*vBWsyYhpa{4Kab3NK7Io
z6W<b3h^fRhVmdK{m`Th6|I8-7BjyluiFw3)Vga#`SVVkJEGCu^ONnK~a$*Isl2}Eo
zCe{#Zi64k?;zwc~@e{G0*g$L~ekL{%n~7hDEyPx08?l|(LF^=U5z*h&-c9Tw_7eMu
z{lo#{AaRH|OdKJO632++#0lagaf&!ioFUE<zY^z&^TY+>B5{ehOk5$Z64!|9#0}ym
zaf`T3+#&7~_lWz%1L7g^h<HpqA)XS?i08x$7~9{7m&EVHE8;crhQLS%=_C>9BHd&F
znScx=gUE!Whr~&OBuR>-Nrq%ej^s&!6iJDcNrhBNjnqklG)aq0L?$Makile9G8vhi
zOhKk3Q<163G-O&bgiJ@KCo_;4$xLKsG7FiN%tmG>bC5a7Tx4!C51E(DN9HFBkOj$5
zvJhFA3?qw>Mag1hak2zik}O4*Cd-gz$#P_QvI1F=tVC8OtB_U6YGie?23eD=Mb;+2
zAnTBI$$DgcvH{tUY(zFDn~+V(W@K}+1=*5pMYbl}kZs9!WP7p$*^%r-b|$-!UCC}_
zcd`fBlk7$ICi{?m$$n&iasWAy97GN#za)o{L&>kmVdQXf1UZr%MUE!NkYmYl<k#eQ
z@*8pjIgy-1PA0!4r;t<0Y2<Wr204?QMb0L_Bj=EF$$8{_asj!JTtt3PE+&_dOUY&A
za&iT^l3YcuCfAT_$sfpY@<(zV`4hRG+(2$5e<nAPo5^3uE#y{m8@Zj_LGC1Xk-Nz~
z<X&<gxt}~h9wZNuhsh)4QSumhoIF9EBu|m2$us0x@>lX4d7ivLUL-G(m&q&SRq`5n
zoxDNbByW+o$vfm-@*a7gd_X=VACZsAC*)J|8Tp)iLH<U*B!4Ggk*~=&Bt|(XCxs{%
z<)#9t1XLguL?xs=6zn`HlA<V@Vknm4D4r51k&-BxQYe+uD4jAWld`BpRAMR#6-*_i
zl2OU26jVwo6_uJwL#3rcsB~0%Dg%{~%0y+RvQSy6Y*cnC2bGh`MdhaQP<g3*RDP-e
zRgem$3Q>irFscYulqyCQr%F&IsZvyFsti?@Do2&4Do_=vN>pX43RRV=MpdV3P&KJq
zRBh@Dst#3`sz=qQ8c+?XMpR>}3DuNpMm48eP%WueRBNgY)s|{UwWm5z9jQ)KXQ~U;
zmFh;lYyS|RAMb&94}3lkM80bC|AF7XXZAUJe2DkJ|B45^XVV{g9{zFqG0)(mUSIt9
zRP^`X;;OOIA6M?;%J<3RdOt5_PhyvJr+QF5sa{lXst?td>PPjb22ca3LDXRCOKJ!;
zl=_MqMh&M%P$Q{P)M#o9HI^DjeNBz0zM&>i6RAnmWa?XL3N@9QMop(?P&27n)NJZI
zY7RA*nn&4dBzT{Z4~q02uK!A@eSLC1wSZbkEuy}s7E?>8rPMNNIkkdXNv)z*Q){TT
z)DKiR^&_>8`iWXkZJ;(%KU15i&D1Z{7HTVH*W~lVKOy!$%N~{6Hb#EOF#0I?zXbL^
zDEimQ?5~Wa$F@=1sU6f#Y8SPe+C%N7_EGz(1Jpt45OtV3LLH@!QOBth)Jf_Tb(%Uu
zouz)I&Qa&73)DsG5_OrnLS3b<QP-&()J^IZb(^|F-KFkP_o)ZeL+TOrn0i7zrJhmG
zsTb65)Jy7j>J{~xdP8BfgLcx0cF}G+fKEUM(m`}W+C$?sL6bB^(=<b~G)MEaK#R0Q
z%d|qPv_|W+L7TKiC!!P6N$6lYDV>Z?PN$$#(y8dwbQ-#%GcBE#4x!W0>FEq~4M#>g
z6P=mPLT9D3(b?%7bWS=Kotw@>=cV(}`RM|5K{}K!L>H#R=puAcx)@!YE<u;1OVOq2
zGIUwG99^ESKv$$I(Us{cbXB?<U7fB$*Q9IFwdpVDI&@vS9$lYqKsTft(T(XQbW^$+
z-JEVg`$wrI-3n5zf!fe*>2`E`x<jN~zuwzWN4gW;neIY&h5mG-yVE@&jvRdJUij~Z
z_#~0F-iG)8`R1|j9LBeLb>#o^_7gB3_#$TH-`i^alzF~;3X$8kv2FRMY$vX|>~`K3
z>^H`v+h%XKvF%?Y>-qO)aihpKdG`hO*B@-@u2}1jtp6d{|Gu~P?IXLb4=L|mgT-Hq
z5ABb2?IGI>bzOgb{Zg+Ny={E%Ibgq;?|U2H_b$9Q_O6Q*c@OQ!_KMJN8~>>O-4*MX
zPGT$XACu_!EB!ft9r;Ghj(xrM#gS*O7kk@@xxcZ?+8VLhZ_9mNdY7G1R~GU<gJ-Yn
zYp)sduCkvZ-#$aIw@mNb_%`y_>P^`ayGI}Lv+MA#U*NATGV;zf+w0yrVxRT-z9<sC
zoyg_vymzIemXECMT}M5#1jBmLz3AR_AG$BykM2(opa;@}=)v@t^bmR|{S`fo9!`&-
zN7AF{(exO4EIp3?njTMoLr<V5(v#@P^tbdBdMZ7Qo=(r8XVSCi+4Ohx9C|Jsq36-_
z=>_ycdJ+9Sy_jA?FQu2!%jp&LN_rJ-pOg50tLZiLTKWe%oc@tsNB=~xr#H|W>7VIM
z^k(`OdJDak-bQbychEcOUG#2x551S(NAIT(&<E*5^kMo4eUv^%AE!^yC+So4Y5EL(
zmj0DKN1vxJ&==`T^kw=AeU-jOU#D--H|bmSZTb#<m%c~erytM{=|}Wq`U(A%envm1
zU(mnNFX`XuSM+Q84UI7l#>pVY#YFbjU&r3<%g^h=$a{~#acw_7|F{`gh~+PY_;Rs(
zE#5Ejeu>=!u}kCUOT1rV_dx8@`1um=m)JcJyEJ~j#QP<755z8wpD*!#iQNOSOXKIu
zzuPadTOYSHe!OG%jqm?-^mxVxeVxcx`tyH7$k!4q{}&(rhdltx|HX&@VGjhstDGJN
zX9$L5C<bntG7Q5q9K$mLBQg>rGYX?J8ly7?V=@+#h)K*OVS<^YOfn`plY&Xfq+(Jt
zX_&N32$POU&tzaSGMSjnOco|9la0yF<Y00#xtQEc9wsl7kIByzU<xv!Od+N)6UG!_
ziZaER;!FvqBvXnh&6HuvGUb@^Oa-PQQ;Dg}RAH(z)tKr`4W=eji>b|g!PH^uGWD4H
zOari|A=8Ly%rs$|GR>IgObezZ(~4=$v|-vZ?U?pV2c{#_iRsLAVY)KinC?surYF;j
z>CN<E`ZE2P{>%VoATx*=%zViVVTLkaF~gYQ%m`*AGm06_jA6zy<Cw3R@ys{O1ZE;L
ziJ8oN%S>UWGSisp%nW8GGmDwce8<dT<}&l3jrq(1W+AhP`JP$KEMb;{Rm+&=%nD{D
zvx-^GtYOwNKQQ6UkIXveCuTjff!WCX%xq#dGrvGDwlG_nZOnFN2eXse#q4JGFngJO
z%zowobC5a29A=I%N10>HapnYbk~zhkX3j8YnO~vL=a}=%1?D1iiMh;NVXiXQnCr|9
z<|cECxy{^R?lSk7`^*F8A@hiN%sgS9GS8Uj%nRl><|Xqx^NM-RykRib!8%#Qx>z?G
zz$Rb=*&sF{>tS)0U`du@Y1V$yhXKw;Adcl(ffZSam05*VS&h{}ZUC7P`4*cfBA$dN
zW|OeNY*IEEo19I-ressGso6AaS~i4D$EIg9uo>A*Y-TnKo0ZMRW@mG-IoVunZZ;2_
zm(9oKXA7_e*-*9+TbK=Fi?Bu6Vr+4?1Y43V#g=BLGG*AZY&o_(TY;?zp%Pn}t-@Ai
ztFhJD8f;D0Vr#Lr*)P~SY+be<Yaiq4vklmWY$LWY+k|b(HUk@)vn|+`EW@^9TeEH0
zwro4LJ==lp$aZ2ovt8J(U{g1+syo|*?aB6Hd$TN?k?F(sW&5#RU}XBU1Hj6GVCNuq
zF#9F=WC%Ny{fZsN4hQdyU`Mi}*wO45b}U#sj{O=e9uL-j!%ko)vXj`!VC}c8$xZ>A
z8!}VD?rC86ban<ilbyxR2J2P!JLth2=)+u=X6CW;*#+!Eb`kqMyO>?VE@hXo%Om>b
zJAQv`yn<cHu3}fSYuL5y4{_EU&i=@*V}D}TN7C59Ze)LEH?f=9U)U||R(2b^o!!Ci
zWOuQ<**)xDb|1T+J-{Ah53z^YBkWQ37<(K_pI}e2r`Xf%8Ng?Oer3-AKhItOev!Sz
zUS_YbSJ`Xqb@m2(lfA{>X78|f*?a7L_5u5leZ)RypRiBaXY6zK1^XNOlKq{1#lB|W
zuo&myoE+j@oSO^a5^#ZB5SNhia5zVBBu8;H$8apiaXcq*A}4V&r*JB#aXM#kCTDSp
zxWrr%E|^QoCF7EFDY%qeDlRpbhD*zZaOt@8Tm~*9mx;^FW#O`N*|_Xn4lXB`i_6XB
z;qr3%xcpoJt{@l672*nWVO$ZeC|8Ut&XwRwa;3P^+&<U4!n;PX3|E#b$Cc+Qa22^q
zTxG5bSCy;ARp)AOHMv?`ZSD)M4p*0}$JOT=a1FUeTw|^Y*OY6<HRoDzExA@)YpxB~
zmTSkg=Q?m5xlUYXt_#<d>&A8GdT>3tULfnu_2K$*{kZ<z0B#^Rh#Sm($qnI#a$j-7
zxZ&IgZX`E~8_kX3#&YAhuetHuH{1knA~%Vf%zevE;ihuaxar&sZYDR2o6UX4&Ee*9
z^SJrk0&XF<i2I&f%q`)Ta?7~o+zM_bw~AZMt>M;kKXBpPkK8)$CvH8rf!oOa%x&T}
zbH8v~xUJkaZacSw+sW<Xc5{2Uz1%)-KX-sT$Q|Mib4R$N+%fJrcY-^~o#IY&XSlQ6
zuiQEAJa+;5c9FZpUFNQESGjB4b?ydtle@*;=I(HJxqIAw?g96Zd&E8Fo^VgOXWVn{
z1@{~GlKY)|#l7a<a2W64ojl@Qyqgc;6Yzn25TB6u@HkKKBv0`)&+shI@jNf^A}{eW
zukb3b@j7qtCU5bH_{4k?KA2C+C*zazDfpCpDn2!zhEL0f@ag#Ud<H%vpNY@RXW_H*
z+4$^y4n8NJi_gvH;q&tO`22hUz91jU7vc-^VSEw3C|`^(&X?dz@}>CFd>OthUyd)&
zSKur1mH5hh6}~E8jjztv;A`@=_}cszd>y_nUyrZPH{cucjrhiV6TT_mjBn1j;9K&o
z_||+IzAfL5Z_jt&JMx|Q&U_cXE8mUp&iCMZ^1b-pd>_6q-;eLl58wy#gZRPxm;4ZZ
zDE}2dj33UA;79VK_|g0rek?zZ|C%4qf5T7UC-Rf{$^5tc6n-i{ji1iX;Air)_}Tn-
z{2YERKaZc!FW?vQi}>&P#rzU}DZh+g&adEC@~imO{2G2O?~bx|r0?0G$ng(+IR7KR
zj{k{Y&u`#2@;~#N_|5z;{1$#Izm4C{@8EaxyZGJw9)2&skKfN9;1BYL_{01W{wRNp
zKhB@vPx7bu)BG9!EdMKijz7;|;4ku*_{;ni{wjZszs}#_Z}PYJ+x#8=E`N`|&p+TF
z@{jn({1g5u|BSb{%;)?I{x|+5|2zMRf6c$)F~K1?1thoxw-6vC5CVlDA)(+AaDfm=
zff8te5m<o}ctH?EK@wy^5mZ4Fbioiz!4eV)iG?IWu#i+pCL|Y92q}eBLTVw6kX8s0
zqV5Uo_ai^<mrh78WDqh6nS{(j79p#UO~@|f5ONB+1h1F9UwVq0=N9q^d4+sJexZO+
zPzV(Y35BEB81<<m->Spj*v<<RiU>u8Vi1Z8C4`bfDWSAbMkp(k6Uqw}go;8Xp|Vg#
zs47$w?DtTs3pIqAe}r0s9cl|-2z8*vx<WmnzR*BuC^Qlp3r&QkLNlSc&_ZY_v=Uki
zZG^T$JE1-3br3oVorKPR+So<tDs&U(ySjs<htN~#CG-~h2z`ZqLVsa^Fi;pI3>Ll=
zh6qE2uY_U3aAAZnQWzzS7RCr;g>k~y!g%2uVS+GGm?TUVz7?hjQ-x{5bYX@tQ<x>p
z7QPea2y=yb!hB(Yuuxbed@n2(mIzCQWx{e{g|JdsC9D?K2y2BOgmB?UVV&@kuwK|8
zY!rSLHVK=BUxY2fR$-g4UDzS)6m|)_g+0PvVV|&HI3OGp4he^aBf?SPm~dP;A)FLW
z38#fK!dc;0;hb<@xFB2<E(w=~E5cRbns8mXA>0&h3Acqi!d>B>a9?;JJQN-YkA)|~
zQ{kELTzDb;CcG4W7hVakg*O5wI>d;11z)0Yib!;cZZSYiAO?y-VnWd);vylEA|=uy
zBeEhV@}eM$q9n?qBC4V$>Y^c<q9rC06N^d2U@@tfOiV7O5L1e&#MELMF|8OPrW4bP
z8N`fYCNZ;^Ma(K@6SIps#GGO-F}IjU%q!*-^NR(<f?}vxNGvRdiABVsVllC}SVAl*
zmJ&;gWyG>#IkCK0L98fN5-W>U#HwO7vAS48tSQzKYl~lqb;P=2J+Z#nKx`;B5*v$6
z#HM01vANhnY$>)9TZ?VPwqiT6z1TtQD0UJ%i(SO7VmGn7*hB0o_7Z!GeZ;<EKe4|!
zKpZFz5(kT4ibKSq;#cA@akw}_94U?xM~h>`vEn%KYjM2zjW|J^C{7Y5i{FY<#Hr#m
zak@A|oGH!{XN%v7bHusgJaN9bKwKy;62BK0i%Z0%;xci$xI$bht`b*^Ys9tU4`R6Z
zqqt7|Nn9^(5I1_q0Q*_oByJXe5x0n2BP83z?cxq`r?^Yp9g*H6?iKfm`^5v|!HD!B
z@vwO0kFrO_W8!h~gm_XsC7uS^8S$+6t9VX4FJ2HY{-G0f4{}MggT3|Jzqp<`i908*
z61Mz(OL_I)rTsShysbra;iK5wdh_4S^Si7rtiR!3BPH_Fx}O$%Ta38|-evLc3cj@+
zBcENwj%`ivYSnLB@yXkxk3T~D$09Zq(_^1X;{OI;Z0-K9$o~2^?)A`LFaN$J-#!u@
zoma%a5`4A3uN86W`SudN`uuTRC8En?exdetq%X}z*Z!Ea|6KLMt&FW*`zhqu<bOrx
zvnYDmx-S3wJU*RI8DABziPyy&;!W|Ecw4+9-WBhO_r(X|L-CRLSbQQr6`zUE#TVjl
z;!E*&@s;>md?R9#Lvl(;a!GC}KuRD5N<mUW$s^$sA(0X#(GnxE5-0JJAc>MB$&w<e
zk|ybrA(@gTC6W?LNu*#Ysgz7gE~SuCN~xsOQW`0(6e6XQ(n}enj8Y~kvy?^3Dn<9l
zKPhdG!@HiZ%_e1+a!5I)TvBc+kCa!+C*_w4NCl-(sgP7y3X_URMWtd=ajAq<QYs~t
zmdZ$FrE*evse)8dsw7pGsz_C(YEpH{H|8~@no=#Pw)BNmN2)8;lj=(iq=r%>sj<{V
zYAQ98noBLDmQpLJwbVvxE47o_OC6++QYWdi)J5tlb(6YFJ*1veFMoYe-URx1@A~ZY
z#UEee`_<rUFKS%Z)m!Q#^_BWb{iOlYKxvRPSo%^L0=*w9eI*T(hD#%)k<ut>v@}K<
zD~*%Bmc~opNE0A`qBKdGEPX3Yk)}%1AU$200eq%3OPVcxC(V)OO7o=o(gJCrv<T$i
zON*r?(o$)ev|L&tt&~<ttEDy4TImNVT>266*GWG~>!l6SM(Jm16QnmwzX1Oy{NB&I
zpGqrck3Xd5n5AR>gNRM%ZL%%WR%x5GUD_e-gb~>#?UwdPd!>ESe(8X8P&y<XmX1hA
zrDM`@>4bDrIwhT!&PZpaU!`->dFg_5QMx2umaa%wrEAi4>4tPux+UF~?nrl~d(wUB
zf%H&%1hqbvo=8unXVP=&h4h>BQu_TLGWND#rn~&Xn~o~;=YBl$*6baP=@D=Dd{~_r
zHpTTyiW)wwhS$>Tk18L%HE&=1JgRMW%AfanP;`r8Pe=B=ZHM2^*!5$V`b+ux6%=Lu
z#9k_<)bEKYG2VIf=lwk>rgfiJ;_H>|OS`4WK8+3A`mxDBm2CPS-w5`83E5|zo$Bbc
zznSgxhHtOni+%DBiS63$uhaSec^;3Y|9%^6G{qG?M9u$@_M__B9-I<s?-w=q-6`(~
zM78F_Q_<Ub9Wg7SOW!ALzhmfY-#<H|de4{dkKd=}Po?8+)%Pa0H~x^i?ehMfdC~io
z_xJa&l=qjmk<X)1rT$dZ7X0#mCVD^r{heBWub<vXnCy_9GLl`gTMm#D$boW@oKW`2
zxJ<~TOv$v&$gIrCye!C~EXlI0$f~T#x@^d%Y{`k_#BvfjSWYS@latFS<dkwMIklWd
zPAiAV>E!fs205b~cb_uJndK~URymuTUCtrrlyk|s<vem;IiH+gE+7|_L*+tpVL41L
zA{Uj5$;IUoa!I+ATv{$8mzB%O<>d-;MY)n(S*{{im8;3s<r;ELxt3g8{z9%J*OlwZ
z_2mX~!)WbCo}u$ypC<UOtwitXkFJ;@x=wsL-UENt1C8X52_JJd6ZbyRKFew1oc!lM
zoWI()zoT5-y?9qn<h_Uwd;ir%w);c&F7{Ic-u;Lj`<^9eEPKOjmoG%F|6TZ9y|DA`
zwrqOWk^Nn5#g_j*?R#~6KJ>=1)fJoU{p+_iW7c4=6!E!NKZ$&eC-Ukb(ed$!)hc`|
zd-(54`tIDlD~|12tanW#yQSDx*|1mL`OyA1k(<iR<mPhZUfH-sBuUFZvArfk)RkY3
zyIRS1A6rLo8^v7t#~!EF5l8Llt-L!Ob&O;4Nn{Q0_V(^t-%q2B>>E?N&u!&)kZvz`
zkdH^KMiHAWzR|AXu>BNsjNY%^cWGUSm{~Dv_x|hs{PREREb#fro_TLz6&g741n%?1
zF4u*KS!u7~5!d=m_I)R>K8E@3z`ZMuJnDY@F3;KdF|V?|yHw;Jd$)i$Zo6N;UfOZ&
z^WJaU-+`j`#O|rTw|*2=%a@8h-@o6o?f2<^p4gs2Uhn$n)P+A*e(`!Qwrwu5U%mT3
zd#$DD7W%CB#nJQQN=L8Bn~p5SunRE9YdAW}-lLDV4|Y49Kw`(8<u3A@h`Yd1x7n_d
z{>k{;x69k5eE&hbu`P)#^QPl@R1f&Q__<Ncnd+N+zN4@`C%nPGmxyit+PN6qd-tuS
z6}3knmh!dux#Dgxqy5K!yT{$-9&%5)m)u+K6LGY(S8DS1+}^84w?4N1N7so@|8)<1
zu5tI)+c(PS+gA3I`^y95fssbuKiA&}`Rui4(qHejzof6e&lShL)!WA|d&~FsI_Avx
z+W4;dAN6W-<dnaUZ$qD_-*(@;$7Xw+e8D~gvd`Nh+w-peMb`Zs_^<Wfw#3`3!ftyl
zMQ`x$=X|TbVpwebv(Hq$qdpczZU1xhFuu;Wc_6C)KV2&J?cTf1+yBPiX4AhZZ;(7#
z{!$(y50$@?hsnd`5%NfRlssA<BafBG$zRLk<!|H(@<e%(JX!u$o+3|`r^(ah8S+ed
zmONYjPM#yrmFLOx<puIWd6E3RyjWf$FO`?c%jFgFN_myMT3#csm4A@K<sapB@=x-5
zd4s%B{#o86Z<c?Nx5#mAUs3-J#^urI<8AAC_rx)CY)Ry^_~;t3r?*BN0qxna4bI*7
zyS7K1!Q1<bH}2zb%VmEAdH<isHY;N5UtGQU|By%Twbz5ur5}@yx+U55+urj^?IWmn
zEobjPpbz&z)HRoP$U7p=Og_fm*vjsTIMVx$67ru%jOb@P{^N$PCsFOQd+n_ywpKny
zW?zHx1#b(nal3WjRZ8C#7`qQXYh%VAW7Fp;8`H*k$^WhgV$QJ--^a(S!zb}=t-fu^
zch=}l?|1El>*W4@Ky0HB+x|c5u`RBYw>G<WpEZ9awrlZO|30yOjEk!0O?!E4J^cTb
zMfHhy>_6oUh`Rsw_SOF9YWv9NS^K)MeTTq4E=2c6Y~vqUC$jyY%6i|i)jp<r?erdZ
zyhq!}tz+1`?2D=$pNjXur}aSO`5!m7XR$qp-+r$0X)TMd&GtZC*R_1!iR<VUQy%?Y
zRS)J3(d9AIzP4h<A9rkwd%pd*b7K1O-z)LIUHD%_*q`5tiR(Ywe|x6>dwTcp-GbsR
z|1W#s-?Ih9W$D|``Qj?|Y2@(#Nsb==%d_R**SAkI&Y!B5f1m&U?G}Hkk$eAoqI&H8
z%f+Vo_UkY9o-eji{~X!d?YBMkF}B*}`@#E`-Vpm4@W<5uK4qgmlV^{JH~3aD@_moG
zu4^o^?T!A6{rXzef5#u<C4c?zWBt4Sz58p6M}N%&yX8IdUU{FqUp^ooln=>=<s<S@
z`IvlMJ|Ul!Psyj{GxAyaSNWWLUcMk-lrPDb<ty@4`I>xPz9HX~Z^^giJMvxmo_t?^
zAU~8J$&ckH@>BVl{9Jw^|0chbf0tj$ujMx~rZ^O*f)tnHRsxg+N}v*?Bvhi#q<5u!
zv-hv{^`BVk{kDR?Tg&Gu`>hTC)%d>y`C9hIzB@U-y;RINs{Y@fnut$?byFweG4Gss
zZSg1`<!x5kYrMyY{~ZrRp9}vxJ^%OjH2T<migZk`e2QA*>xlP2ya)aX9<a|3>;Nm;
z{edE<F)Zfx|5qfRucuyX-d(@X>gbw2d3+r2fp`!2J>c6;{_cNve@}b9-o5S0kXI+B
zJ^r#bika`dCNvi9a`kh<HMM|0Leyganw0M!?&pYYCwy4FG2Q07PWWGsWA^;-k^I;F
z8s9&^2V$F1{@hQ2>=r&nJ#p26D}>_DBNa-a6-HqdPT>_n5f$&94zGr!$cmz<il*qw
zpL^*)_SU|&g?zDH!hfg2mik-yaOA5g_L7ETDwdK+NvtGMf|aC^`V+hUhf3|||K9%>
z^J&4qU*h%Ghgkjo{rj(LzUz*KFF!6n{QaZ-F)haIg|C0_AIGfYe_4`DNv@<&QYxvG
z)Jhs9trDW7Q_?FLl#EIyC9{%6$*N>ivMV{1oJuYww~|N6tK?JiD+QE-N~lsuDXfGk
zMU<jSF{QXtLMf?~Qc5djl(I@WrMyx>si;&^Dl1i#s!BDbx>7@_snk+xD_<yel)6ei
zrM}WYX{a<(8Y@kdrb;uVxza*uskBmBD{YjvN;{>!(n0B{bW%DiU6ig$H@J(@UFo6p
zRC+1Bl|D*erJvGY8K4YQ1}TG;FO?z6P~|ISm@-@$p^Q{UDWjD!%2;Kb^0hKv`9_(b
zOjIT*la+6kDaur3nlfFPq0CffDYKRDlsU>=Wu7u$S)eRb7AfB=i<KqHQe~O4Tv?&4
zR8}dgl{Ly*<p(8P`B7P?{G_Z`HYgjFpTV9@%I1iBE5AhWEy~u2c$>0a*`e$Nyi3`w
z>{0eA`;`640p*}_NI9$=QI0~+F`(nh3FV}6N;$2ZQO-j8SLK{?Ub&!LR4yr(l`G0s
z<(hI`xuM)tZYj5wJIY<<o^oG#pgdF_DUX#W%2VZ;@?3eL{HDBAepg;8ua!3nraDxo
zid2{CRs+-oYM>gVCR9Btt`aJ#QYx)7DywoTuL`QDN~)|Xs;X+Lt{SSTVwj~SQWL95
z0AX0Lnp91uCRbCaDb-YJYLKN-)2bnAIyJqTLCpy1OloE|i<(u<re;@js5#YKYHl@;
znpe%I=2r`-1=UcskXl#`Q;VoY)naOKwS-zyEv1%*l4aDgYB{w$pbBb5wUSy{tpd0z
zko~KsR#$7NHPu>bZS@O~)luuJ_0;-m1GS;rNNub(QJbpG)aGgnwWZohZLPLZ+p6u<
z_G$;UquNRBtaeems@>G?Y7e!i+Dq-N_EGz){nY;I0Ck``NFA(xsSZ(xs$Z$Y)Zyv~
zb)-5<9j%U0$ExGhuhsGDH|hj+qB=>PtbVIbQKzcY)amLBb*4H?ovnVS&Qa&8^VIq3
z0(GIfNc~=2tS(WPs>{^n>I!wGx=LNGu2I*jKd9mAkLo)0Cw0BLLEWhStZq^_tG}pQ
z)UE0^b-TJl-Kp+UcdL8Uz3M)7zj{DDs2)-et4GwM>M`}WdO|&^o>EV%XVkOmuj)DV
zym~>ss9sVpt5?*k>NWMcdPBXb-coO?chtM;J@vl&Kz*n_QXi{N)Tin*^||^&{Y`zT
z{;s}KU#o9aOmk>X4QVdTtp#Wav_LILOQ?A?Tq876qcmD$G*;s@UK2D?lQdaVG*#0y
zT{AROv$RB7Vl9altR>ZwY00$|T1qXImRd`rrPV^TbXs~XgO*Xtq-EB!Xj!#vT6Qgm
zmQ%~6<<|0Od9{36eyxC3Pz%)xX@#{gt%z1sE2b6KN@yjuQd()Pj8;}Fr<K<#Xce_e
zT4k+@R#mH}Ro7~0HMLq=ZS4!Kj#gKzr`6XQXbrVST4Sw=)>LbzHP>2bEwxr!Ypspe
zR%@rV*E(n&wN6@Rt&7%G>!x+rdT2ehURrOhkJeY~r}ftcXaluD+F<QVZHP8h`$`+8
z4cA6!BehZ5Xl;x(RvV{%t&P{d(I#jUwMp7!?OSb%HdULZP1j~<GqqXTZ0$R3jy6}D
zr_I+EXbZJP+V|RGZHcy2Tc$17R%rIzU8$|oR%>gtwb~C_xb~yAPWwq)uWisaYCmh6
zw9VQt+7@lAwoTiv?a+2=yR_Zf9&N9-Pus5@&<<*cw8PpF?WlH4JFcD3PHLyL)7lyB
ztoEyRPCKt%&@O71w9DER?W%T7yRO~PZfdu*+u9xNu69qmuRYKnYLB$X+7s=m_Dp-O
zz0iKsUTVK<ue8_N8x7MPx>HBGOLyygv;aMU9;gTD33ZQ->x53~luql6&gz`b>w+%o
zk}m6tuIieu>xORXS2asdq$k#s=)rnYJ(-?dPobyOQ|YPoG<sS+L{F!u*E8rD^-OwZ
zJ&T@I&!%VBbLctsTzYOjkDeFW%%|tq3+M&)P`!{|SP#>S=tcEndU3skUQ#cmm)6VZ
zW%Y7;dA)*OQLm&|)~i69RrP9mb-jjOQ?I4h*1yo}=ymmadVRft-cWC(H`bfzP4#Aa
zbG?P$Qg5ZV*4yZ9^>%uDy@TFS?*wgj*1PCk^=^81y@%dY@1^(F`{;f3etLg>fId(k
zqz~4=)Q9Lp^{@0{`fz=OJ`&m-rH|If=wtP9`q%n+{TqFPK2e{fPu9QHr|47lY5H`1
zhCWlDrO(#C)92`O^?CYyeSyAEU!;GpFNQXk=u7ow`f`1RzEWSMuh!S-YxN)WaQ#Pp
zo&J-)Uf-Z^)PL4D>6`Um^ey^UeH*m7UEiVa)OYE-^*#DteV=a6rTzK={h)qGKdc|o
zkLt(t<N68xQ_DW=`pm~_`~J&(Y(4K&-q)5d-UUyX#T~r4zUO;le^$;O6YtO8{=2Sl
z`AYm#<CFR+{j`2YKdb+$pVQCl7xasI4aX(@vVKLss$bKu>o@e9`Yrvoen-En-_!5w
z5A=unBmJ@dM1LAFOaG}oi?{22Jm9-l;f*7&ml!q2pR#N9r)=a+N0z=%%ket@1P{b^
zf8*20yuFJ$Q=&dUXKTd%e6P1`4M*(H1bcJidAtWczXv{MTd?<x@A`dA{ckJl+wR`B
zePQqhdHnC+?SZIsz<<Bmi~Q-RdcM@>`ToU+eUl(w+v@>)9!C8Jgq`x;q4LI`ey%>#
zpX)F5-}IOI@A@nKwf;uO42R(~kl`}iMu3sP2sDC>goek!4Z<J|%AgI#U=7aT4Z#o%
z$&d}jPz}w{4Z|=E%SdD-Hj)^@Mp7f0k=#gOq%=|)sf{#7S|h|rXQVeW7#WRBMrI?6
zk=4j%WH)jcIgMO~Z+~US7hHS(TnA{kD`xO{!Tw%{568#x9*ErozVFBUz43OJx4l_^
z#Em1ZTpzog|6kJ2=NF$3;%edltH<%}`aO`_$YbO+@);PG-zZ=dG(wF+Mqwk&C}I>f
ziW$X?5=Kd*lu_C!W0W<@8Rd-%Mn$8NQQ4?sR5hv@)uEhS9?mm>FsvZ(*vi8lpFhfD
zSVhpO9HH&A!Y=RqdCOy17)ZSBW0>8(UEbCx58PM2D&Uyyd+o=tsP;!~-)leIXM!4h
z{jXv8`){`&wS3I}|6wphG5z;p<^45%4pb5=`POR7V&1?c^r24^`x^Z;wf+Cs;_FZJ
z`0bY2+V9eMTRxNUUFF|aI(lAo+wF8sqn1(I_`;}T)HUiE^^FEbL!*&le`(8Gy0Ov3
zXlgVwnj0;QmPRY1wb90CYqT@k8y$>}Mkk}Q(Z%R$bThgeJ&c}4FQd27$LMSHGx{3?
zjDbd3Y>+Y7_|h0+3^l$oh8e?+5ynVklrh>EV~jP%8DAUYjc<$z#zbS1G1>Umm|{#d
zrWw<X8OBUwmNDD-&X{A&HRc)fjRnR+W0CQ_vDjE*EH#!H%Z(MrN@JC=+E`<(HGVL{
zjUSD5#!tq2V}r5L_}SP5ZQEh9@r$v=*lKJuwi`Q)oyIO>x3S0AYwR=j8wZSo#v$Xd
zal|-k95ap^CybNEDdV)^yGw8e&{^Y5EWxMowzzC;?*6Q@UyTnB=Zy2lg@}D??515b
zE*Y1NE5=phnsME@Vcaxs8Mlo)#$Dr{ao>1gJTx8|kBukBQ{$QO+<0O9X1p|hH(nX9
zjW-5nI!vdDOqc041Iz?wpc!N)G(9G65~i;;(xgn<WK7oNOx_es@y{HuhGfdoB)*c~
zm`UglQFG!`@8bc#_x>u1zL)W(W7by|iz)m6lYE#pzFtL-Kac&sR{XX5B++BPMqJ2S
z!gqZ4YQZC@e}uS7{XKGf3_ffe{vNyj7h19B#s6<Vqdy7ipW8mWKHNfo9dRSywh*^Q
zY&o_~vB|x%x8=oM>i;Xp=ih&R9DR;_>hwR!1CeKgZ$5eLvva)2e@yr1L@wvWcAi($
zm*>@v%)R-a+MoZ_`uu*2ivFqg#<a^fl2PrCJfe}YPs=wCeCg<M%yzsIpI%(~pG)p*
z*B8gujxW!SW6S>-S>(Duwtl<3J!=2tUtGS5JeNK_E*<NcN9@v1-+FwFeh>KeD*yC2
zu5IXTcH3qAJ@wWQciPU0*@|EPLs9hhBA55K6T39_e4nmAH*){Hxsmg1>?;#{?x){>
z#<f5Bcgz27KSdwKzn+fmdGW}#`B#L9NB>3-L>|k(g8%+LN44_rZ$G}pPvrr7BtKPM
z@%6-e;NR+jsC%@isefyq;_d#ocp&P0`_PnXYNl=)rfH^NEi;js*i2%kWP{D5W->Ds
zo7_xcrZiKTsm(NIS~J8<XQnqZm>JCmY$h|anZ?X%W;3&!In119F0(0{noYwtV{@B%
z%;rp9GcB9X%x@Mj3r2)cvyfTX3^R+EMa^PnakGS3(kx|`Hp`f0&2naWvw~R>LJPK%
zS=p>&RyEVH)y(Q<4HL07&01z{^9!?%S=X#*);AlN4b4VoW3!3b)NE!pH(Qu3%~ob>
zvyIu-Y-hGNJD43IbTT`eUChQzSF@Yh-RxoZG<%u7%|2#kwy)XG>~9V*2bzP-!RD9d
z5Ob*cl{w5DZjLZVnxo9o<`{FVInMmr%)pE{zcD93m}pLdFxmXpoMKKjr<v2u8RkrL
zmO0z}&YWY;HM6ku%=zX5bD`OVU1%;cv$5Zsi_InGQZqX%Fw4y4<_dGAxyoE^t})k|
zKbYa>kLEh_Cv&~I!Q5#6Y;H0)o4=S_%&le)cAL4~++prCcbU7*T<jimues0MZyqoY
znupB8W=5tDd&E3y9y5=dC(M)PDf6_Mn>}NmHGehFnG4zT<^}VjdC9zNUNNtl*UanY
z4fCdX%e-xNVeXiB&3op3^MU!$d}Ka0pO{b0XJ#IDAM@ONVg6>mG=Dc=nXk<^<^UG6
z9G25UmdkQm0agNQARA}}SqUwVg<FJ0T9idwjKx}<HJIfs!4fUWk}btjEzQy`!!jXQ
zRw8Q%o7hTX1zSn2WL9!3h1HBnX{EAKTWPGcR*03(8p)=&GFTa{Ojc$q3xrYZ_iR=x
zo0Z+lVdb<6F=N<VR&J{(o5#v)DQrF~zg3bgU=_4NtwInATVYlatEg4XDsGjqN?N6?
z(pDL(tX0k`Z&k1=T9vHIRu!wNRn4ky)v#(>wXE9K7gl+;j#byHXVteFSPiX4R%5G)
z)zoTcHMd$=Ev;5oYipv}#%gP|v)Wr7td3SEtFzU`>S}efx?4S%9#&7Qm(|<qWA(Kv
zvHh(6)&OguHOLxleQ6D`hFV`)!>r-f2y3J@${KBrvBp~Ctgo$n%y{b?Yl1b=nq*D3
zCbHjJQ>>}hG;6vw!<uQ$vSwS~S#zwp);w#zwZK|vEwaA17F$cKsq8d%skO{nZmqCZ
zTC1$p)*5TA^@9~|{b;STrn5g;>#YseM(by5leO9U#oA(RwYFK?tsT}*YnQd#+GFjt
z_F4O_1J*(7kagHPVjZ=PS;wst)=6s)JBK}Gowm+cXRTkYbJlt5f_2flWX)wSTUV^B
z)-~(8b;G)8-Lh_5cdWbCJ?p;pz<OvsvL0Jctf$t8?rY-p|9KwxXCCGLd4Bp2TNLmy
zeR~!7?+zc+_y0oKq0ad5U-rPe=4c=jAO2T8@W<S6U``BSF3b(9WG27@u^=oVycmpQ
z1V&;MMq>=dVjRX}0w!V-2H#P_U_B`e-V?-3%)%03iLoSDFqRZch9$>RU@5UwSZXW{
zmKF=a(qZYb3|K}i6P6jv^1&hN2bcKpHa@;Ywm+=Q4*to3<-~Gfxv@N0UMwG$A1i<r
z#6qz`Sm95W3d4#-3q`RH4aKnHSP6J7q!c_nQ3f7QD2J8DDqt0{O3;JKSQV@)Rt>9;
z)xc_EwXoXQ7g!yvE>;h#k2Sy=VvVrISQD%%)(mTowZK|pt)Pq@T4Qanwjhlj+WnC)
zVC`e%Mb))y>F^Gns3l@g+4Xe9Iz`mf8SC<abExZ|`rWYZpTL?PP+w21S1dL4jzt!;
zM}4rqSU;>kHUJxl4Z;RvU&8j45*zYo*`e51*f4DPpXm|UNNiL@YBV+m8w+S0_BA#h
z`v#kUO~fW)ld*5HDcDqO+MgvpehY}N!RLYLf6gACBzimpoB2*1f0<bypzAMXquGCs
zZ}d6!9X1D>8!0zxxwumEB9(|<V|+T^1Mwb+_dvV{;yn=Wfp`zZdm!Ee@g9ixK)eUy
zJrM7Kcn`#TAl?J<9*Flqya)b?9+;0Uh`+Y`KkR`Iy?Yq1|6lUJ!VkWC{9o#Qd|wvE
zePiEyOTQi5xbF~gL*2fa-W9WNizk8*h!SBgWIx!E2y>vHAe91TghxFJC(07R?Hn5y
z#4vOoxC31P?nD=XBXkLPAi4}ZA-aNHg-0Y(pletd=w1izKsSIp(M{li=oUP#fT7#K
z9q0~lC%Owf5Z%M>!{ZAGJ+N0;Ko5aC&?DeZ^cXloPk;xar`U6Nr~yMSfIHA{z@6wN
z@IdrCJmla&udvt9zYg$#1BU8Bx*p`$gVOatqaIk-04!?+d5s{i5#%)jc{4~igLE@U
zH-mI*&~F2>HXv&QvNjRvK-39joj}$JWSu~-8{lpb7X;5a9QA+~!~zfk6aXkCasx_<
z3V~JvM+4x6pj;3jC!hq#11JF?91(zUR2YbIGz88#!k{kB(Fk}L)Fl840F(epfD!;o
zi4;I70pUmkgrlNRtKnz@yeQ~efC2y|K#2h*0F(j+14@C4fkrY%Q{X8a#i3uR9L<0i
zhnCU+asdiJA%Fq^r9|lgr391!{E`6T5?E%CG>6!UvO1arF9~&KceDUr3VN8!(Gqwm
zNaX=!%W#wr5DsW9RshgiEYwj3bP79K11|$QMF6D$grj1BaP*V2HCED57Hlc)Xal?~
z*ise{aLj|s1M;AXjtWq^vZFol3Q)Q#pcH^`R2>kGDuTSGqXY1YU}J4SPCzM89Y84n
z;iw)U994o;14l>Tl_1p!5RRHSDuYLwIXVHa4DGi7<N_3cS^)|Gln}K6ln{^ywFBe<
zloE9SloC~imO44Q0Iv?z#nCMS1)?|b0FDE7cXS6{1AN&NPy#?W>J11ib`Ee1a#V5-
zaa3_ubq;r&byRoObdGh@bvAG|b2fEOa<p-_cXo1?#WXY%e4wG(jyaCL&iRf3&c%))
z&dMNJ1{P@OE9WrhD#sefSZBCny`wPJ%dri3Z<txV9i?F8b^>n>kNPx+t*r#M2S%eg
zJnqvRwp|?UgBgp%IOFI5j57`%$I&5Z4Tm1$=m^x0qch-*V~*c}pMk!d0OSCKqf>zF
zTnwE7grO~<an5lWcygx;U2voTz70~B99Mx~aTEpZYcMBqm_s<a0dvT1FD1GK?WIIF
z9WHdoaSQlb2afJRZ*bHcGzx<sA3=Y*!^2D6v7*rS6R5+1#yd7bPhh_Qa|lCQLGsdZ
z1^70gSI{C@3iQVD9C$&DLJns=-~}-TAwUdlNfdHB8vzf4R02Q@_<=$}&St=iL&^h)
z0ShTaINJb+6`T+Sh=F-WA;#Grcm+stfEe%>g#>3O;FTdI0b*d@B}a<01Mo^fnzJKt
z!&wY^WjUJypXLa5CUX{qd65EavbXaTC>2<e0v!X7rExw5eiSIg`2=`b&`1yMCqU`I
zvl*S~fma84W@k6xjnd|EPIfd-8|v)q80sAEEb1)oEa@!mEbDCS?B?v@?B`4bb2$-|
zP6RVK5qLZi%=bhvm&e1?gAT-@K;Yr19qNF>on0U&4CTfiq50syF_7~;T8oW`crls)
zd<mKad?}g^d=Hufd@ou6d>`5cJUpVV<!A+3iB_T2XboD6en3B>b!a`>fHtC^(I)f@
z+Jd&CZD>2%fp$V|flzV|@ZD%R)UX<8ZA48DkT^ioYh7Rj+87~mKsg6G4y6u3d<Zm7
zqSNRsI)^TxOXv!^hHju+=nlGvHlvB?Ihu_gqL-)#>WO+G!G)o6F2NOu%DXDKI2Y_U
zT$NmvT~%BGAgk)C=Bn<h;i~CUA*Ys02JPCeU{?V8!d1tW!IjaK$(7la#g)~S&6VAi
z1M&k<PFF5hZdV>xUROR>epdlkL071&kgKpO%vHoy)K$z?+*QI=(pAb;+EvC?7Rm&m
ztWaxKXe~3eQ3c{$5a$3{A;_!eYT#<*YT|0<YT;_-YU66>>fq|+>gb|S7l<j;&DF!z
z%hku#&o#_7!Zpe@#x>40-ZjBB$@Q&ks%yGyrfarqj%%K4foqX#v1_Soxof3swQH>_
z+_lcN-nG%S-z7pTo5B77w8gc}wZpXwzS*$PMML@^^e_O?V9{Yff#@jsDF7XZ-UgtP
zt`i_R?K%lu1Ud^f1R@FO9C#uST>xLe77zV%AsNzF00qJVvVrIt_$3hCa9sy}%XI^I
z2+$qyM<5CY?R(%Y7ob4&0FW*7phti_C<UaRfDZ%FGglhmFTjt1=%wqG>y69dMs7E(
zbsXgOxCuAqX55@xa7%8*t+@@i<xcDlb|-VEaHn#oafi6myX(2@yBoM0x*NG0yPLS1
zx|_M1yIZ(hx?8zhyW6<iy4$(iyF0i$x;wc$ySuo%y1Ti%yL-5Mx_h~MyZgBNy8F5N
zy9c-jx(B%jLmmCyDFP}6qzI@KPz)$VK;?iE5phRIcMRALR08NI$Tk5T0!kT_Cny6@
zW*`Ab1d@Pspu|8)fYJb^2ihLA0qA(p%%GowW&te)%9Joq!W=*%kOZUyr2#7Hsp2W>
z$p=)`lh~8TlLTn2=eTE^XM<-u&^EwD@GAI5{3yOHf{sDF8Q%rC2$7E{3RHxsN}MEi
z0qrNwM8xNa(qtxbFS&wTL{0*lNqVSIYAsa?s60>=pqfAhsMS<Esy$FgY6aC7s2{Zw
z;*}7$gLo|HOaYn+G#6+Q&}b-=j7~>mA&wAd2uy|$cSt};f{?(Fppb+io)A2Q2q8nL
z5ITejVMDkOK12u+L!=NnL<vztv=BYS2r)yfkVGMgLz099ha?S27Lp<)B;*WzpL@VP
z<Q{R4xhI?(zGs^NC<w>{L;x{Bxq$Kj<patO6be*w?g9EBeTY6xAEA%Z$LQnq3Hl^`
ziat%BrGKT*(dX$4^hNp-eVM*OU!||n*XbMdP5Ksno4!NerSH-A=?C;f`Vsw@enLN`
zpV80h7xZuREBZD4hAxP0g9nKVV`11xI1WaCfH#S=9997y->nRf?v`_wcRGz)PW#I&
z27G~~g0r%-j<cS#k+Zq8hcVUJ$~nlG?ri65>+Im{=<Mq3?_A{2jnU3Aa2!d79A-V>
zp|F=nW_{qHSTJ$}3I>!BB><EWZHGO2ka-PwVbJiH4S^R14FXUwpp1wDlo3!0!~jYG
zC<JkULJ;e~kYIAaS%(8jfE;kt3PFn52zVHl0cn6Tpp?!4WSFUd7lGO>voY|ZaFj}H
zHUVA?Qo&|Z;KiWDWPpMJ1)>yy0s+BM5RiTDnhvD_ln#!^8BmDX4ETPqJH2@icuAm)
zW{U_Ej4}fX23baw6;MVv{|rXi&6dEknJ$zQ-g0(<EF;PdGCMZ}<pmUiN<;blW-H*O
z!JdME5&#NDg#ZP^St=Zr&DOxnK&mJpTb2<O2b2*|2r3CE1dh^B-h2Z5DD<E#pg>d#
zyj0#S4ZIY1sUjc;DhC>s&9=bHL7i0rC4h5?1gN^%J^}@!nt*~)4Y0PhSrd2#Xr~Uy
zGQ!zJ0#wiJ0K6h-Gynv8js&QYSrd3&peANL;Pp*7dxy8I6Tn$V0@T9n2)q*LwgMCk
zC?jeEC?lW{)DBPxoUtTD9n4O^D}#qS0m=X<1a$!vf|`Qe-OOgdn>zwg53>dEDsb-5
z%j^ui3e?#LP%xYcW2m3m1$b5H-vB@kK!IowAULLi6<-2^UW4vXK*6XQq=uPYfmZ{K
z5r6{Wj3xmZWp)Ez1J0z!nB9Tb0Nrtbpub@Ect9CZQ=pEZ-v!QQx&hV0HaPo0?+b#~
zOxOy70R^GifP&Cwuw;&T5%^}XZXO^EP!L)G$j(J*5g>$Sm`=19-V1jkC-ioy34ihc
zVQ4uZ3{VhS2`C5<LaPDUB?8b|C}ICw3r68E_k#fip>=?Q03oy<5JJ14?TzM5;Jcvh
zO@J^!LFgAiL4Xk23J9SepzZDOcDWN~d=T0RGd>7VFxm|$7|sBL(O$Dn1PVg?0R^EW
zQ0GDOG4LZ$=V3q?pdfS<ke!RraX<*|fjUpZyXa0d1A2AZoC$me^y(}i3{Vg{2Pg;-
zLKgr*-yFf{5};t13&H3L%mo_-p=*GG&{8OW!(0Y@DU`nj2m=&^?f|lL5xNHm0SZPB
z00qOyV(1Z!ECwhTJpp9Pg3vQSL4Xi?0SKX&@DBSMb2*%mE=N3qH&l=V2;OIh*a2}U
z#G!Cb$^jk&8V)NE@}2N@I}`@&KrX-z<OUpy0sx1i1lDTMUk%zcXfZ%EXfQzIK~7ua
zA%}tY-(kN7@4#b-1MEONU<VScwV<;WG!j8hVxUAIO$?L>YEBF^0rC@B6F?)el@juk
zz#H-y3I^;zNdY@hGQgoIIp9!~!U_ldaL~>GS{Z>dfJR2343L`<XcFXSuqJ^<MtF-J
zLz&=BdJJU->_AxnJ5W}@p(q>RP?X);2>KgAy8vhv1S$X;1%al6ynr<watgv5_81C<
zx9l-g2r%sX0mHuA+6p>bL8Bbx*ckR%fXYFhopL}5_Epe|oeG6iD4cKe5LXASiojui
z20Rp1wRVEWPROeZIrV_*LS8+fx{zBBXaVHcwHAOzJ$PFmL-pZ}eGD}K>_80x!}S@!
zp{Oz7P}Ia)4z{cYS_>2ov=L}4&`u!C3Ihs<u@3_ZhtUrM3WxCz0}6*35C#+ub07>T
z9A-fnP&mwkFd+DU0&x&fLLd(i4nzQvKon4-2nvVs3<C;>5e)+hhcOKU3Wre*0}6+6
z4Fd{?kqrY1hp`Qd7~hl-rvge1lm;j*PzX>up!7g>BPbj^5e5_vz6b*f2XBM{g@ZrB
zfWpBeVL;*FlQ5ug@Jbj^IBE)UGoa=`Er41AwE}7l)COod3IKAUwt(A${&Hl?!r@<B
z7?7O~MQbATLLoH<w3orQ<U-4VV^Cr+Y6l4XfWgehLg8OvDC!9M9igtZAYTimmO#7&
z;<ZrMHpsK%aM+$O)ZQ9`I>7dTf&Ng`2~Zf?2xGkw#&{!)EsO_{3;yxhBO3^OG{m8h
zw(|mkPXdhtum!l#LEsqbY<-2gSg)au*HFi6sADT=Y=!*YkZb=t#LzPMSIGhKkPZd8
ztz*|U2Q<%Hb3pe3a13>~Mxq|pOwhYx&4<0wAXFFY3HJAdzU>4{cY+Q3Al?V@PALBr
z^6WSqwkHgAwT7c^FpDwJABB1W3PY>l8Y+*RiBKXsQ6eleN{9JFrbNDwHIXkQ#u7sb
zH_DIM!A|9eDecqCfMvn5V%f0l5wD}A!Pq2uG5e*w3K3U1)5B|A^|17S3t`KE8USt+
z!8>829n0Y5vNDh^k5z=1!z#h~W+~vM;Tp;UxJCkbi4V9Bx(~SzyNkf}pK91RGy^e7
z?5n=nBd+@91Uu|h#)#Mc3Ma~pWr9@Z2wBz$oE5XL3)`>u+1%F62G-i##yKK#b3{mT
zKo4w*EpMB+I942M7r~2T?IEs$bx2$V>j+dF>lDF@W1SNtklUKYu`Zxf4eOe?8rBV{
zIMzLa7sq-e?wPn(;@*k-B#wMDwlmflYZgIpb@Pwd&hHAr<~AOfI0IOc85^BA2O10X
zHP8W|BS43MP?8)d5Xb`*43rEgO%h*7m&6zHfV>b;7*H{wyjTuY58~25c>w1FY6!Ry
zP<x;bK%IfQ0CflI0n{I80MKBdFM(zO%?DZlv<RptP%oe{Kx2Vc0IdXC1+*F{FhfuV
z?-<$F>@xw`V`N{sx5vaD3wu0m-{*wf3^0E(!VF3Y*yfodc$NsBHG*f0;MpU1jtHI;
zIEpBj;ZJ1O;g#9-c#&O~7uofBkzJ=3+4XvnUAGt6^?Q-84co$0U|~A2FCAEy4tkOf
zdXf%$k`8*34tkOfdXf%wGDL7&*Y3B?ZGF4%Hn+>z{kOSY&h~-L?Xv$z+kL=AjXeIt
zpGjG=%L2PDmQ#Wt*rP7W+PflFq*<_lpooenV#SKsP_baag1v0iwfEk8@2*O*oqG0q
zMZM$s%wqZ8-S_wV|6kAZdeHY|cG4!3WRgv?88(;7SfXgms~mm~$-?fAu!kdzb%Z?~
zVVooE<p_H_!aj~L-Vye7gb9wYpCjz=2ooLQ07sbQ2nRaCL5^^+BOKxghdRPxjxgB~
z4o7&|_loaT-)p|teQ)^Q^u6V4_r2|V$M>#pwr`Gau5X_2J>UDjVdR1DL*GZfKl?uR
zec~HIp8Edc%ad<gX>C#)KVALtFQ-CH-mLg3Rh4RrzhY6UD>amwN-d?fQb(z))Kls!
z4U~pTBc-v@L}{u7D9w~WrMc2VX{oeQS}SdoAf>Gmtb{0`N|+L^v{TwE9h8nrgwjdr
ztaMSjDv?T*60O8@qvTOsFQt#tR~e`bQ5tX!xv|PPWr8wEnXF7zrYSR&3}v=5SDB|Q
zP_mT8%2H*yvQk;CsLEQ!rfg6)DO;3n$_{0hvPapc98eA^N0ejA3FVY>MmeWkP%bG~
zlxxZj<(6_=xvS(TdCGm|q4Gj`rMy?7D_w|Rx|9T!3#uN}ASfbeLQs0pvY@>|4MJi=
z;zLqHGDB=3_d-76H?mowe}oneD;`!etWj8(u-;**VLQW4hdm6tg;xwc@5n{yA__;8
zjTjga+&QK5@15Pcl<HEmOTR7yy4>yhbJw?B|LU3)IXrSq<cG+=BAug5QNdBsQ3Ion
zMM*K$V_L;jiS>`26gw|=RqUSFd$B*qzUe8&m5cL=kBLu?-xhx^{(Ah~c(=apef|5!
zCss(Ro>V8PK~i8+L{jIZ^-1FgP9B&&=<%RpgG&xBH`qLQ>fl*}hYT4tWaE%SLtYKJ
zJM_WO_d{zZ?@m6LJZSj2;eQMtIP&+A)yIU4nKI_U7@DF_DU?zzWlYNCl!s%VjeS4%
z%UFGCiPVy*{Zf-sho!ce7(cOLTI;m#X`?4koqQF)H?5K0EWKU&u=K_0J*Fj2+cwQM
z{p|Ft8JlP9n2|BFMaIdD^BGq%hR#iy>yf!Lb5G{e%#eAJ^J3=po_B8E%X#nT(fMoU
z-<_W~KXbu?1?v~AS!iFFx3F|pm8_~+b+bBU{k&-Kk}*qGFWI-`*pdrNt}OXu$)8JH
zmztJ(Ev>V(<<iil)0Qq;x@>77bJMVZuvX>;<~Gn4LLdy<K?jI{&d?R2AR2l=Pv`~x
z9Tu9C&`mNgG!I61FuKFg9fs}*bVs1u3|%k6EHp1hJk31CY(sYgY=SMY4R*jT*aQ3E
z033oNa2!s;X}ILD(0mo$tC;=`bZ?+*N7s(-U3BlFYen}pyn(my4*rB~m<lmc<2oZ}
zTyNZ9<c)$+G;TI-F>W<(Gj2ETFcvpzj81r`gSSzOS3Wx%^+p$?tI^G9FdB`8jM2sz
zV|QZ@W2~{KG0xb_*xT607;o%rOfdE{_BSRP2N;u#1C4`>gN@yc?#9B#Q^wQA^TvzD
zYsOo~+eQy#jxo<D8$FF)#!^NfV_9Q)V@0E4tYoZgtYWNctZr;*3^cYjzBRrxb})7{
zMi|E%Cm7R=8OB-0ImRW%<wkAL-S)bmN<q#+RR{kRM1#slm^+liOR8C2$~i*b5sHpb
z;|QG`q1F*PJ3_r9bajMoj?mx;jgGJoLUw#0SlWUZ_dUjckBQ%7n(r~E?=kK7nDh6T
z{(H>zd(7>7%<w&C{2pWFU62Dk%C|gTuTYLSqs;Xve;YoFUq2Ue^hJ(?SUIFSLaigb
z+n%M&al{isSe$pn;~nv?j(DRmmM+DyFg}rm{(V_k&XIB@gT+gBVBycPEUeIrg<417
z`pGQr63)WpBo;1DXJJ=I`u0#3f9ROYNXIZeJ3CT_u#mQ8;VH-P;f_2cIL0zM(w~iG
zecvN&+iqm!j1j?(v&pJBmR5EAV`ql`z|IP*Lk*}2wQxK(13NCWX9(Cof3P^#CtH(j
z9kR8@)*D-6Y+bRn#MTd6Gi;r(wZYZ{TLS`Nsk@8>CC?MKCY-T_JEJ=%C?SLo>Kas`
zmo~0`vP*b!((?4K$=gHi$u$P|o>?IzG3;qyalWzbf{^a<kGsAPs}nY_bI;BXhtRgC
z(!;|%BB~+h)sXXQ$ayv7+#fk-=TL09Se^@hOwG=9*-Ij7KuxHHWnnMHkm9OBHSh-u
zREHW+6KVlFTVWv^mX(_n*Bmcjh{Y2bENt&MH*ZQ-m{*~`SYuv?nrQ=Sr7fr>cAz%e
zgPQ07YM~>jfli{{IBPy<K5xEYzKB}rDry}&YMNYgp81~nzWIUqk@>OtsreW4GxKxv
z3-e3VK5tO-yfZ%vN)P8Tk1OUcm<EeI$GFQKvG?XX<`ww&1!+84h3UUHZ$@t3W1d#?
zT66`n2Km^8A<kfkHR#%49s2A+_yzN}Vfbh0XT!XYIp$!)+@GP}dUW3-e2-jiM0X>m
z{{=&CF#qi6&y$Uq?_s2Ez>oscUt;dRV49*Mejj~KV~B!2uN_k_=r53h?rBF3H({9l
z$i+)cdlSMhD5EV1_n;h~qtvz`o`ZfnFbo@3K#VOR%RNtaAunvH_c_v7c-oPtJ?2wb
z2WK!mo6A|0`b9?$E@3LiF%4Fp1w*sgaZKqlx-T5lzm789<H-AU#~iOC57!)hSjn?;
zVx@V*yb@!a#<XrCWtUmS5I4}5mAW0{9YWvdSVITk9M-rUpN=EW%Ki@e?Ka;=cnDL<
zL7rH?voXYJY!&aZyzeoOyN)Ta@I8jgbu9l&tc_I|E*JB>gz!1$B%t4W<lu>8xICn=
zHJ68y5eN&}l0C;(wjNVqAuACUD_B2|&^?3gj}7w}OV0W|bClI{jQa~xucIGNo+G@8
zPcKmJ0(pVqPMfzPELgK<vM13GszNpJ2Mbh(8c-8z0o$io$cAP66bsq#Y_DY@8;5-Z
zU?CfieFI=28<%|pU}3?0*to2QVj&y17ha?iji(Hv@y)m$z8^$mKkbjbG!fqtdf-JV
z%vMLZ4c|xGk%5thm`Xj<!^=i=k9Y04uP=|9*)6Jg+xp3gm_k3;&o{z2jqswCMtEII
zV|)*9j3*cxV|vke9)m}EK`as9%=^K9+%4J9$6=f}^ozrNqT%SWu#F>RcaDam9%kWw
z-sGJ?Ox`^p9(rP|ez2cUK$w6jCt%!y_*TcKt@yOnk;Y;PWSb*(n<K`CWU<1f1|nYt
z-K~!Dh<Ai-9ATg%OmdWxfYM>5#l{f-Bfb^oH4r%&h@1?>lm_B+dwgz>&+YNKJ#x?<
z%frgG1JXMny#vxaAiV?9S$8e&z^vtYOusVvR7QynKwjCu9>`r2%#)Q)6Re%eNMU7~
zj91!3qg;aVJs(dKIsUc5lm?-k6QCdT$2fg)Eg%8wHUY!2KK&5}V>}+YDVSF<KC`7|
zS6h;B6=eu=6ocFrF2&X)3;l2$t_sz_A1qKEYCuh>1#By2Asd!$r7UE_v#pecY#g?g
zvXG6(wo(?daoJYN!h-p*aoJYNLN+ct;<Av9%Z|D%WaF|UFUu1fmmPh7j*UZ!^d*g~
zO{@XdKx+$Y8*5u@h&9aG&f38mVeM?~YK^i+Tf19ht#Q`g)_7}zb*y!qb%J%0b+UD;
zb((dCHN!gFI@dbSy1<%c^-)W!W!3U(MYWPzMXjb<)Ea6nwT@a(ZJ;(%o2UV5pxQ!h
zrM6Mqsv&Ba+D`4DMyQ?Du4<GTt#(&q)i|}c8m}g({ng>>NHtj=qmEU_sT0&mYPy=C
z&Q|BC3)C!ivAR@UuC7#9tE#$I?aM9UCUIf59qKN1kGfAipdM0>sK?Yf>U8<EdRD!n
z-coO?zp7<u4O^&f8n?`}+_b{9(zMF7+GI7UrZuLurgbKpX}xKKX`^YAX|rjIX{%|Q
zX}f8MX{TwIX}4*QX|HLYX}{@!>7eP5>9FaD>8R<L>A2~H>7?nD>9pyL>8$CT>AdNJ
z>7wb9>9XmH>8k0P>ALBL>89zH$!@xBx?{R)$~NVga!q-rd#3xQ2d0OnN2Z@mk4;ZZ
zPffp=o|&GTUYK5*UYTB-nx}v0c{=?{zp6n$hlNB;YS%pC*XZ6uCX8t?aqpzx(`L-%
z`jkkxotQhY-uONlZx^Hn4Gt6HOC(jA=(!}g>+}8>CiIwmCdNLtWZK!tqH%o^z9e0o
zIkD}oklfJYJ+AdJBt03Tnb>9G>uFWz_0RgWIDOcd<YlAIj1y+xoRZg3i0U?SbV^Lp
z*<nZ1f6KIYjOk+Pb0@*Af0a=+Mz_km8ag#4JLG(b$MA!r-i{lbnKJcK%wJP#1wH9p
zsN1B0iGz!VeI9nG?b;}pp!0o)#g-a%EG)7k9ol02x+#0()B64u^K<I5?y-Y62K5d(
z6Ee2flac*XuTHs?@iDY<_>0IBv48ciki21TpM~?5TwHRp=g|0=8G|Bc;=$F0J$(AN
z7%+Lz+2jwS`lpnc@oK!!%$Bo@hOP`f5PmxGXxf>`k5MDKZ;Y=$a`3=ML4UO0+ts7n
z)`7hTEgaJ<#edeXna$@Fn?JSf#^mi8yEE^1n;3K__*LfyT^7V%9ME{km+>QKruD3x
zIXQGh-21pj35)t^2Sp5yA7&U8Ilpquu*{0VKXrYUP+`W@sHV|HdrizNAL<q!+r`u~
zC~i%!pZjVCJs6xk=2F`Iv<I0D!uIx)!!Hk*Kj_nhm6;tDEnPA%?p(stv0fu)jXa#R
zAhF}r!$H-@)edzEwMJfxxjAw|XU~M~J?qS9lX)$&VaVZjojMNcnHy4J;MpN{lOvO3
zlV>EipLcL%p^3jwsX6n{nXl)6nO|<f_Qkm~cV%vD`y{wc$eGYbp&?<5+iBYOYTvNq
znvOlX%<0xEdV2J`=(e#BVl#S9=ruH<c)wEp`wgg=RBBMhuolV9lY^7nCr?YBp4@Qw
z*x`pqXh%01orK3#UXD#p?J(XjIdd|dT5IaHbZOeo84ok_=hc}%xLdIORc^7=GC?~+
zdWEF44G2jIITiXTv|YOe?H;t-*0E_sctlL6a-FY6-j3`YwIRyhEht)w?iTGIbG*Ap
zkI)|NV@t%fkGtFNTtCl5b*Lq2Q__Gzn!$C@oOsD0cZYl!(sF3Sq34Hf89riU=TY^?
zgpPYXE_qU;$rC3ZnsRQ+%PCW))|`<vb3w+CStB#=&U41glv~<cX1BCA&2DYKk+--`
zv4*u8hTB`@cCcU0j<R3NZL)Ow(w=y6Sx?m3JyEB9i?R3^ItVrOATkI~><q#)IfL*#
z&uB+HLA)()7vG7y#0TPa@vfLH=7>+lXW}p75jZNg_<RJ8ikC6OWpOv`$F=eOxH`Tc
z*T?r`oc-brxCwT+4R_!!WJ508gZuCh9>HUH0#D%=cm_AbJ(%txjCTmb9Kw9E#Q~ZT
zn$emR&2Y^aO|oW{#;O^w8K;@3nWUMfN!Lu*q-o}BGBj&7n>5=rTQqw$`!t8~4ADV6
zLv&5E0Z$g4)ST7~)tu9u(45g+*0j)+!P7@&@T5^0Jb6?G{mWp8G8m=|`j$ce^9U8F
z1Od=eQx2cY;d41nWe9*4&{9(Y=@pP(0qGTxUIFP9kX{k#74f+uK3BwN1;Z%#%)(0O
zRz|lnVwDlEhIlo^tKm~Me6}ENLAN^6t0P_=>DBSM2I4i)tqHZzuNJzs(XEYcBXk>~
ze<KXr$nm)ax-B)0k=7WW8zUc$@wo|>ya|SFg7hXBwuz=G1V9UDiBAetg31s8EubZ0
z1-WNA4{-czfv}~f8Pc0!_-06NhLmO)z8TU3ksgT8f%qJV&#VMmVz`zVj!ms4(pjom
zlc@277T`r%YeEpVafCsRu&pBuc7!1qrVNHIqp1qbQ2u^U6`G;U{h%r|LwWl_RbV+P
zi_j0M0?U~nRE1`kMr8=Z_<<NN5M|DmIS_pU@h=g>1Y#P2SSNuRe@w|A-G&;LuZ9|y
zuZ9|yuNugE4Gdcg-CF3@Mz=P))zGbmu0Oi|=vG3PEx&>;D~rnLva+zCYeBa<y4BJ3
zM_+#o>5snt$Za*SKy@gqX@#7!HNm#If-R55**alcA4_4|7z^1J#^P*iV{;F{^x0O%
zwl%g5vXG^)VOYr0*_vfrU%~drmY9vla>Vk*rpZFKWwNDV+a=p7*%Vk<5N9R9=FGOv
zf{>L5i?fiG56cPLPT5w;#$_Sf(%8IM$hJZ@eYP#Kt&t7Mwnf(e+g`-RU_-KevvfAc
zZ_CVvXDOAjzF3!qY|CWBv5;+{Y<L#3c)@nea>b^{_HDLaSUDGjY>zHTVe5>QElX#^
zv#GE(%BIQUtUTE;tPEL+v5=Kj!G6U;HhjT;z{X>7mcr)B_Ei?L9I`TGakgg`>|-qN
zEDx+q*xp*OgltGwB5VpQWP3iVt5`bANx`^m8*7TXu(2cLNm+E+cFtl=Fti_H1*KaB
zF*YolJML^^8qM*EC$$i=y@4mqk;ayS4b?(pbPU}B`|P)AdVL?(>-(@ygsnv{N63a_
z)A2(c%i;>5X3kvOaZk61xv05}S7|SIFOydk8G+YGx|<7|4Q8WRXLdI0%`RqFvzxgy
zUea0L%LgxCtw1W_)uZ+C+D>0mnl!{c;#SxvTRG|xR*QI%AjkgdMcO*{ST7Rn*k`>6
z+jm(_6N+xA##>WL<D>D_ltyh(7UfYMYnRpEtah$~8p;p#MK!EV3)W=~)V{T_4L3q*
zvbvLPMS&<Kwq{C!50r+ono^`J?lm{cZ=ByGziECzezW|*{O0*B@>}M&%5R<DCO;^@
zZGLcmNPcL3SblhZyZrX~9r8QoN91?PkHjl9N0SNVCzk(=>mMu4t8uMkt@$CY13kfY
z0(Ny`0j`<%@bmMl>Q~Lr-_PP#-LHmUO}|=xwf*Y&)%C0ASKqIJUqin}evSQ__%-zl
z@N4E5=-1q@g<ng*R(`Gh+V}<ewe<`33-Jr}3-b&2Yv<SAuY+GlzX-ohex3cg_;vM*
z^o#QA<`?Z3<JaA91zxVWo@~NP6jzhAUR>#!-WlGryk~naD}AmswU^7L_VQ2xDuM!)
zpfXeeGx$MOs0RLEf$C5LYC<ij4RxR{)Pwra02)FgXberDDFi?>2!!U)0$M^VXbo*3
z2-<=jZo?h83)zqZxsV6<;66Nnhwun~hR5&(p29Ei44%UacnPoIHN1hh@DAR?2lxoT
z!f)_9`~jcfGtA4O_W7^?7D5&*g2k`|mclYv4l7|5tOhHnum;w`I<Ucd*Z>=06KsYp
zuno4u4%i91U^nc6eXu|0GIxbrz^&wZ+E#O`xD2@?7s;*VdT=pZ7Pp9t<HmFAI2%{P
zF62#D`=Kl5O-HE78^R6ch9f5Bjpo*HRxZw_as!kZ+;VOOH=jF9kI<vEhFzCe!|s{K
z+Ye{+_9Ji<j=^y_0Vm-UoQ5-S7S6$WxBwU75?qEWa22k>b+`dH;TG88Hr#=`kPSJI
z3wdx4?!yCk2#?@rcnnYADf|M@;5od2m+%T+!y9-D@3IB^0@w>#U%RWncKvb$ds(RZ
zwHufx*y{u9cE}U$d$L80SJ2)3wR-^F-8mxG8PXkH4a!P`veKZeG$<<#%1VQ>(x9v~
zC@T%hN`tb}psX|~D-Fs@gR;_~tTZSq4a!P`veKZeG$<<#%1VQ>(x9v~C@T%hN`tb}
zpsX|~D-Fs@gR;_~tTZSqjop%?v72*B*t_MHut!4-bcY@g3q2tYdO>gK1M$!o5}+US
zheQ|vNiYxw!C)8yLtz*s!*Cb@BViPbhB3MR_6|Az_E_lnwHt+QKVaSdU%QE4y92&<
zlhEA*Y`nc+yZg{(<L&?2WuMvj>~sGdKU#y!;Aio3@C;Tao=IH5FXXfMMf_rZ37%Y9
z&VS%n@m5~t*YHlIxKbbaEBqV&2LG17$!GJm?WJ;R+kL<nN<$ea3+13ZRDg=0KqaUQ
zRlp2>P!+0yKUknT)PR~$3u;3hs0;O=J~V)a&<Gkslbn8<<(mE)_MC>9D7cEH;M$pj
zt6vJPeJQx|rQo`kf~#H%u6ZfA;-%moRU^mq6OA2V6Gzz85e7KIW{xn>5jJ;(EgWG>
zN7%{{wswSV9AS_nZ0iVv9bt$g40VKIjxgL2wsVB-9bpGY*wGP2IKoZ{-OXX7u$jF+
zyaS%VYL2UjVTgy}AG^xPUew(L*BY6o5Q?xR8DVaPy9L|K9Xg*6J7q2&@o@60Ag`X@
z1KNb9M@<Xa94m)59<?_8O~+c{?)~S+wCmn-rc?K@n6b&jhfCop{i+R43f<YRO@_N!
zi7RY&H*14fnC=KCcV_WDi7X6@Vd1SIEX)aIVTahl=6O-C!|Daq3~ChA5Zgnyw)@(0
z!NY?W1YZhX;@`+#J2yO}N665SMs|;!J^pd%w#u0ovMS_!(E5-b_PiWEG|#_IXtU6v
zp@l7Cm?o@6Sf{XoVWYyvgf+G+xrvEq!}1X8p7%WLZI~u}NqEih=Hb1<SA_o>ZfF<Q
zu6w)j?QHF~wL99bNQa^wLfQ{%|ElA~4j($Wbe!6uYDd40>pKRZu6x(<w~m^KQV}r`
z0roYy0rqFPFCt2GD%;5((X-R5>R+l$o$GgQW<Q;Cth2rId&G+6<#*O}35yzAqg$85
zU8Z#jv_Hye(lyZjIHzCN_^u<n-tYRLYn7URb}biKFS2)JOwH!@aXBMvZjRg*xihkt
zeO6v`yI&qnEfsaDW^4QI+>Z7;IWbZ3Q4eb_jJgnYE9#G^vE6Fd@~G9qem(b8x8~8U
zqlZUtjb0VKDLOaW5K|(iYs{9I>oLLITiW$`^}2tF>D7H)_ec2jHm_8V6W!N#uUxx#
zkI_9A_ZZrvZ|%OZt?jz(hq1r+Y|-<lI#QiSwP%IQ4Iy!hdTvO$-NZXCGA=Bxwf$IL
zi#ng;Cd7sIYGY5xp5CiuFZbS!d#~*MtoNEeZR{&^@AfHH*E>GQu4aeF2h~lAUmCv;
zpQhyo+MRQP?4NRj`nI+2&py=mLf^Q)MH1>K^iCL-Fd?C>-808Op-R7g{i@YF)vvAn
zO70&C{rb1HN9MJ)PtQBqzgA+2#LRjv6GtTuP27;!2=zn2fMC?5ixArK$|VISh1jLs
zl%%=nTJl2e?%Bf!P93<u{_26d>jw_%GHAk}vx7=B@Esh6v!wb6XJt3Xd4XX_n0<L(
zn0<F%IL?B;G>~x3=Y4iKj!fb9pK`)cn|KZ_IdtmKW(_kNwzJFGLBk%RTPC-ieIcC4
zeV$yUQOn_Nhqt$n%xP~|b6*YT8n;J&PL4P;qHN<1_LS_aBbPOPI`Sdj-`>GKF|Ye5
z+T_$IZgjwC|0W&n<*+sbb0ZMDojZI?M;zbgj`=hu0>_dF)PvnpB5-Dsn9|xFm3O1b
z))aoMbJO}`cXW!dt9cRj9eJ(ovtd!5kh)|>eAA57si})ow}oy=-IjVF^>Jz^d)+*F
zT=#Js#`%mpFz(5?uyJR{ogbGyt}~XuvpqhiGmc^v1Ky5*KfcI>F7~r|JtlOvD|uZ5
zq60eHx8!xf@h(0fcw*ed-V@hOOq=LB>A}Qulj0{$oOCPT{v?|AM?kl<t~hSpO3O{N
zH2ajc&p*<>F+0-UGv{ElQ_Yr5iL$TBwxu6QFEMTCv?zO(yvBAR``ons)80&Lj3eXq
z>CyJ9Innl)Idf*dooUR7wpY$8kx_Hjty%V2BWL|FyYQSC`=`9AbLY0$HMhHcXwKsn
z$1=Be^_kbh9+1<+UOcy7%ONfA&5Omhy0vAjJu|!f{8*fiJ(ypuRrv+#f};!mT5z#d
zPrEs<;i5kmU2Ofbb==}!IG+FBx|dzd>1B7#?Pbr%ZQtgvCE`-IrA3zZwv*g-WG`9b
zd6*m_N69gAoSY)3$r*B%oFnJS1#*#GBA3Y(a+O>o*U1fXli0~^a);a{*(8VLl3|ok
zjtW#mC90!(>Pii?5Ot?TXfaxxdQea5MN3g%T8>tr3aw15Qh!>V)}*y)9a@hzpp9q~
z8bAYS3)+&lra?5AhSG4_o_3_2XcrnuyU`fhgZ8AoXdl{__M?e3i4LMeXfho^u|aXE
zbUd9zr_yOOgZ@hA(|TMM_2QP%6?7F<={mZeZlc@h4!WD}rTghY`Wrn#kJHoi6g@}J
z(hKwwy+W_i8}t^vP4CiNdXGM!kLY9ils=;`=qvh$zN2sH2l_kxM8D9#(AEdX37m$L
zI31_wTsZ?*h;!$PaK*UdoCoL0d2_y88Lk{xfm683oSCc2`EwSoI#-jc#ns_PD`S*K
zTr;jY*OF_^1#$hA1SL@!ODEFFbPAn8J8?F(D>s|2SLe`a>N<5E&7>RE7-fUHi1t$!
z)1`DI*Fzb@S?LLNEuFwk<hH0AX;W?s-AV(vU34~=$<5;ya$D8S>N0LUw}IQpZQ?d_
zTez*<Hf}q&gWJjN;&yX~xg*>??mqW`d&oWF68R*42tS<vlmCm)=hyKz{F?U~f1SU?
z+xa_uE`N`Iz(3+2^H2F_{0sgS{|7&Y|Be5|f5ER*jY1*(e%BqpQ7s}A#jj6)!f$p<
z2p)ngcnT#2FTq<Vg<tOa3Z;cILRq1lP+q8jUy&+8C84rVMIZtd@H1*b5Jdd)*GZ5B
zt)LT}1-;-RxC(AUHz7voA@me_34MgVLO&r<NW!mhhX})j;lfB^w2&f95z>X}!c1Y7
zFh|G~<_imjMZywcnXp1wC0K<u!a8BSuu<47Y!$W(JB8iCUSYp*P&gtS6HW-Hgfqf9
z;ev2jxGY>1t_wHu>)Ja)wva2_6CMbUgva=`>@(qo@Je_iyc0eMzY4z#pM)>MUuf%v
z69rKtN}^8Gi>{(UEF`*%MZ{uaanVEc6urb!qOVv+EGJeF6|u6|P4pA1iq%Aa(IQqC
zYlt<)T4HUnj#yW$C)O7mhz-R?Vq>w1*i;M<n~8y9bFqckQfwu*7TbtHVp}m-3=u=c
zFfm+gC$<+SiD}|Yj|`7l9<x2>c;G=nk9i*RJr;N@^vLp9<gwUeiN{ipWgg2tR(P!R
zSmm+W!|I`WtnpauvChNhvEE~Y$3~A$9-BS3cx?69=CR#lhsREjT^_qV_IT{|IN)*6
z<B&(9ZGbJwHqbW6HrO`AHq<uEmTVht8(|x18)X}98)HkcjkTrP#@WW(CfFw0CfU+#
zlWkLMQ*G%sJj`gDVVh~ou+6f~w#~84wPo7o+2-38*cRHdY>RA*ZA)xRZOd%SZ7Xam
zZL4gnZC0CVTVq>mTW7P`*4sANHrh7XHruw?w%WGYw%c~tcG`B?cH8#Y_S*K@_S+8F
z4%!acemDJL`egcS`eORi)Y3|1D)X`+i?T*`k|kLy>tttHFT2RDvYTv>jdCH`B)iLn
z<zn(ra&ftY>?xO&y<~5>l<Xt>%4OuTayhxYTtTiVD{>{dvRp+r%YJfIxti=RTjc6;
z4Y{UVORg=~k?YF!<oa?0xuM)hZY(#Eo5}%lGdWOhF1L_d%B|$qavM2FZYu}NA#$i3
zCWp)I<o0q0xuYB*cal5HUF5EEq#Px8lcVJrxx3s$j+J}LadI!Yx7<gLm;1^IazDAh
zoG1^FljMQ&AQ`uG<e~B~d6YU_9w~QMM$2R56nU(iDvy)L%M;~Ea+*9@o+3|`)8%RM
zNp*%iQ=TQymgmTG<xF{=JYQZQFO;+7Me<^KiM&)^CNGy)$SdVl@@m;CtMVFot-MaQ
z$?N3}@<w@+yjk8NZ<V*n+vOedPI;HSTizq@mG{Z}<pc6T`4HMH;yeXUji=<P^VEB~
zdKx?ndAfTR@hs+99PQwGq6OSiX#2JdTD`4+7H=z~wcDy_=e9c9xUG$LZR?{w+s0_e
zwi(*6ZHe}4gV1(usAo7@tnG-lYP+D7+HPo}wg+0L?S+<U`=V9aM6^gd2yM|0Lo2i+
z(E@D>+MXScc4yPj=4?9Jo1KZaX6HCsnPqLvE_Adnn@3ptvMbQGtQD=wuJc@vmSi`h
z1=;OrJ$5%*j@^$|V-KUn*yElj(NgSL&+}*@_A*+By^dC4?Pw7;8*RbfLo2Y4&;smJ
zwEp@6?Y_Q2o39_x-s|sZ=k*KPc>QN<uK(F~>)%^wt%Bc*)hfwaVP$QwvKCnXv$fS=
z{CX=CEvts3W!3g2qwou?|7=IKzoV7XZ*7sXwnl$1`G=!L(N85m|Esmsl#+jMO|_t{
z)E_OS{%B3Lpe@zEx0Jf+UoEM!R#LZ?+>cgMS(~Zb&_3#Uw2#VKM?L0f|MV)_LuGBD
zvQ|!6yQh!P&M9m4^j*m>XyNqNlE0y)(*a&%yk>f3c+K*f?KQ`1u2-hlJg@m)3%nM3
zWqB>~;=G-_b>7b2dT$qRS8q3OgSXMUkhjUZu=h{i#l1^-dw9#<zTV}$74J&kRlLpK
ze%{r*{k>~>*Y&RFUEjNbcYt>@??CV7-YvYVdUx}V_KxxH?%l&X*1M;7oOdtp-rjw@
z<GuTOCwTYs?(aR$d#CR%-`&1@eE0h9^WE=z!1ti<A>YHkM|_X^9`il!d&2jm?<wEY
zzGr;T`kwPW?|Z@bqVFYNqELlXctub|+&pknBt@&}6lX=RxG1iQn_^ImN+HFhxGRN~
zB1%!EnDUcSTq&V=D6-<IlvKPFZ>5ytqxdSNl`=|MrJPb;si0I;6s3|<S*fCQQ)+Yd
zxj3b_60amFgOtI_P-U2stPEF1C?l0oN{W)Ij8`TqY04BOU74=TRAwo2luTv5vQSy1
zEK!yzE0k4=Rav8~Q`RdRmCedlWxKLd*{$qV_A3XK!^%<RxN=fCt(;ZPD;Jf^%2nmM
za#OJ@ca&@;SGlJ=P#!7Im6yspWtm~QVTEC(VU=OE!D>(qYYb}*>kKx-dcy|8M#Cn<
zX2TZ4R>L;KcEb+CPQxz4Zo?kKUc)}ae!~I7LBk=#VZ#x_QNuCAal;A2DZ>RrLu+Ge
zQ)@G8b8BmBkTuvEY7Muxw|2C4vUagXTDw_etUatft-Y*$tbMI1)>P|w>qKjsb&56J
zI^8<cI?Fo8nrWSHU1(ioU2H9-`l@Bra%u%tQ7fxv)laRe`m5E|nrdyeu3BGhs5Vxc
zs?F5qYD=}X8l(oRp=!9=UhSxMQoE>;YBx1T?V<Kmd#QcYzG^=;Q5~QrsRPwP>R@$<
zI#eB|CaWXV(Q1mCs*YDDs#DdO>MZrRI#<n9=c^0VMd}iDnYuz<rCQZB>Lzu&x>Mb)
z?p61z2i3#sQT3F1M!l?FQ*Wp@RlE98{ayV-{iK?0ezvN%YBqnH#a7)`(^kt?+g8U`
z*H+I~-`2p^(ALP-*w)0>)D~cCW(%}6x3#dfw6(IewzaVZ+1lEIZ6UU8YPhYPt-Y;-
zt)nf%*2&hz*3}kii?VgIMcZO*-EBQ=v9?||@|k|-KI5evpT*Cb&!*4rp9_C3^10||
z@BC8vKKZ`+rSr?=m(4GiUp~J=e#LwxzfykX{3`k8e82pv`PK6M^DX(+^K0bS%&(PS
zJD=JKt}9dE052E9_ZMmxK?6=8ffjV&40><@S8xLZ7@-iDz#R%h5hx19;3p^!CBOq@
z@Pv}!1>R5!e83k<Lm4Own_&xVg>A4McEC>91-oGn?1g=>9}d7lI0T2`2polDa2!s+
zNjL?k;S8LGb8sFmz(u$Om*EOrg=>(A>)!()2?oL-7z{&TC=7#S7!D(06pV&3kOE^N
z6~@7Mm;e)D5~RUom;&iA4W`2km<bs$3+BLFNXf%=U_4BKNstDUVG2xzbeIOyVFt{E
z444J8VGhiNOqd7rVF4_JELa4KVF@gSWw0Dpz)DyJtHBB?tbw(#4s5U<Ho!*M1e;+i
zY=iBv19rkL*bRGNFRuNk;JW!(NQH4Q9wxv<m;`As8K%HgNQY@K9cI8x$beZe8|J`V
z$b@+?9~Qtu$bv<%7?!|NSO&{s1+0Wsuo|qO!Wvi$>%a!<VFPT0O|TiZz*bxvUk1xz
z1+0Wsuo|qO!Wvi$>%a!<VFPT0O|TiZ0Grk}*bX~jC+vdVum|?SKG+Wj;2<2zE@5wo
zYvYZeF*Jdu5CF{}5Sl{^XbG*LHMD^sXbZs*0-+EF;m{7+LkH*x5zq-bLl@`@kr0(@
zK^<d39b-WqV?iBbK^<d39b-WqV?iBbK^<d39b-WqV?iBbK^<d39b-WqV?iBbK^<d3
z9b-WqV?iBbK^<d39b-WqV?iBbK^<d39b-WqV?iBbK^<d39b-WqV?iBbK^<d39b-Wq
zV?iBbK^<d39b-WqV?iBb!F@;z?n7E|AJT&RkQUsBwBSCZ1@|E>xDRQ;eMk%LLt1bj
z(t`Vt7Tkxl;69`USC}lg4{5=DNDJ;mT5uoIg8Psb+=sN_KBNWrAuYHMX~BI+3+_W&
za39iw`;Zn~fwSN~qy_gOE%rcY4lST1w1U>q27;h11VadfLKuWYd*}ciAp$x<XXpZ5
zArhjX8$?44bcY@g3q2tYdO>gK1M$!o5}+USheQ|vNiYxw!C)8yLtz*s!*Cb@BViPb
zhB1%=V<8pB!FZSe6JZjh!DN^MQz0Fu!E~4bGa&<J!EBfVb0HJv!F*T%3n2>@!4g;s
zD_}KPVJ)l!8?1+oun9K97T5~gU_0!9ov;gb!yecN2jCzag2QkGj>0iG0Vm-UoQ5-S
z7S6$WxBwU75?qEWa22k>b+`dH;TG88Hr#=`kPSJI3wdx4?!yCk2#?@rcnnYADf|M@
z;5od2m+%T+!y9-D@8CUrfRFGi{06_nAMgo2!x#7y{(^iUIoO|p10Dnr!3iYLf(~53
z72Lo8MkoX(aEBsL6pF!5P#j8t2Y5nB@B(ir1wP;lrJ)Rzg>q0HDnLb0pb}JuDqsdb
zs0!7<A1qKEYCuh>1$Ce<)Pwra5E?;aXaY^48MK5}&>Gr65VVD02!${Rhj!2&IzUH=
zfKJdEx<FTmged3+(GUaOp$Ei5Pl$tF&>Q+dJoJSG=m-5F5e7gK41_^27>2-57zW8O
z97e!M7zLwY45YwVNQH4Q9wxv<m;`As8K%HgNQY@K9cI8x$beZe8|J`V$b@+?9~Qtu
z$bv<%7?!|NSO&{s1+0Wsuo|qO!Wvi$>%a!<VFPT0O|TiZz*g7>+hGUngk7*3_P}1)
z2m9dw9E3w~7>>YEI0nbz1e}CZa2n3QSvUvh;R0NQOK=&kz*V>g*Wm`-gj-;T+i(Z&
zLN??;F66;IxDOBDAv}Vg;W0dcr|=6rgXi!9UcxJQ4R7Eryo2}f0Y1X7@EiONf50dB
z3}4_+_zUuZ;22GT10DnrK?6=8ffjV&40><@S8xLZ7@-iDz#R%h5hx19;3p^!CBOq@
z@Pv}!1>R5!e83k<Lm4Ow<)A!NfQq0%C8!Klzzlv+6{>+hSfD!8fSOPXYC|2U3-zEr
zG=PTC2pU5ZXbJ()3<9A!w1Ae-3R*)O2!gf{3?UE-VGs`OpgnYejt~KzpfhxVt`G_A
z{HPm5Lkx6>9uNyXAr5*$Z|DQ@&=(S*AM}Sr7ywBy5C*|u7y?6K7$n1R7y%<;6pV&3
zkOE^N6~@7Mm;e)D5~RUom;zHF9j3u_m;o~(17^W&m;-Ym6XwBuSO5zl3l_m*SOQC7
z87zktuo70mYFGnnVIA0DJ#2uDun9K97T5~gU_0!9ov;gb!yecR`(QsDfP-)d4#QD6
z2FKw9oP<+w8qUC3I0xt90$hYka2c+^Rk#M%;Rf7<TVRLVa0jv>2XY|~?!kR{01x32
z{0xub2|R^g;2AuJ7w{5Z!E1N}Z{Z!hhY#=(eudxQclZN7!58=w{(^iUdDz#110Dnr
zK?6=8ffjV&40><@S8xLZ7@-iDz#WP}Q78sKL2)Pn9w37!lmsvEhEm`IzEB#<Kv^gU
z<)H#p1O+NVWvBvX@Pn#Q4g8@x)PR~$3u;3hs0;O=J~V)a&<Gks6KDzn&<p~hIkbS5
z&<a{Z8wi462!T)tgK%gE?V$s7gb3&aouLbKg-D2kZV(MI&>ea}EcApp=mou@55z-X
zNPvEj2m>Gq2Erg13`1Zj41;7C4kKVBjDpcH22x-wq{28D4-;S_OoB9+0#hL!ronWW
z0W%>3X2EQj19Kr0=D~be01F`t7Qtdz0!v{TEQb}a5>~-#u!0I}U>(?CJ#2uDun9K9
z7T5~gU_0!9ov;gb!yecR`(QsDfP-)d4#N>R3di9DoP<+w8qUC3IEQBq2~gmG2Pe>i
zGw8tuT)_<tV1z<o0(U43MW84YgP)){lmHKq^J?Rqxi-$3YvY``HqM!A<D9uR&Y5f5
zHQ)piXh8?gpa&Ol1vfB&5ek6`+@UZOfuc|heuCmq0z5zlPbdjq;GI(!=fibzK3o^)
z!*y{!To>oVb#Xpi7w5xuaXwrZ=fibzK3o^ikk!RGab27f*Tp$;U7Qow#WQ4eab8>(
z=f!n#UR)RF#dUFBTo+F()Wx}RU3(xjhZYbFArJ~-5Dx92J#>JM5CNT_GjxHj5D8Jx
z4Wc0ix<e0$g`N-xy`VQF!T?BufiMUL!w?t>!yp-k!w47&qhK_QffN`EsW1-4!vvTJ
zlOPQy=Ma*gmB!(r0J2a+!0mA}vRz|()Qp_cyrG2bk_?Lj$th_sPsmukAuEt%=r=hN
za=2)b8O_L>qPj`V$gE=e=K*9zG5z%bvg9XuaRAx((*=y1R>CkhfX**r=LmTt>vlIG
zU%aF#O~{JUx(Ut6`qC*#UthLJS^&u|t4j$W`DOLLH6=63>9d=XHRZieG$CiokHs)&
zE1C{8p*a<ABEGG%Zd((w!B799F<EKR?F%FiEV=`MWLtIJf@b7lb=|yXWOfbR%mA{s
zhW=n<vZDsxAV<#Eeol`yCcEmc6bZT0$Zca2@}ZGwZ4)x7@lq@{@>=khpHI_hXwl=o
z<T^E__~M=M)js$TD_5J4dz{-}KI99hf9FG1h`!f+$VbWTix0`ry1nrs*R<s(Bkt<<
z$%kxk)xYu~r(6w_e8?@=e9ZBtyW8(R<dwVrg%3$9Y?$CfelP6ys}Gq|ME}f(Y%O9M
z=R-~uIf-JOS}N#nDRR5i8Z0XQkRM+>;72;>FKS44{ay{}@3u@sMw^z2B!im9iDVT$
zff?jym8V{K8w81UJFBB(+>Yw#bb1?0_QXkArX#PN9%6c5mlD(ToI?#5_ab!}E8>l(
zx<3W-C$GyF$RuHoV<-%x4Rg+-B(i-$KC)`ja<%nC`L@Ld^KoWE=26$9l&q#j4p6d>
z79!*V74J~-DmAd->8OJ2lQ*j<TLvT9kCm{WA9~%1Y!gl*j=%gY7b<#cKMAxTV;D|P
z+zD})suGX#j%7EJ%b3t*PWMS5ckswZ!FX(XzhRu;Xz>hzWZ?1Y|31BcPCu&=t#yrx
zcq{xv>b#A|V=>hUS;aZeViVV{7U(O^`A?qw!Nn8uh!>yp<P|S|<mr1JtN&{rvkFt4
zzjmezt#?=dEzz+om8cK-4GZ=gug!KPw*<HAuJo}m6YJ(zt@gYt$=CiS{1_oW%bOPQ
z)V`5u*&|p>Pc_mxiM-LIVMz*R<e29F%`hlKi}n}sM;RK)d}L!jFRc~HGJeswvhkzk
z%W1RpB$H~7xzL%SE>}-hi_#T6*)2-@_2i<HezBh1ae9j!e_tQE8oicNvXsiKfWPMX
zH{|&++p;v$S&6*X%=|BTe)f;$O8wg~`LsxD5$}6Vq0ZacHY6dwftD$lM?G5YC>8JW
zc(kbvA#*tA+dN&$;k_@{Iq9iDvbmSY-5Ei=ERbu0cu&B69rXNGX!-x+`jM$Sp7bTP
zq^*>Ur`mNC&ssJ3K4N}WJzAB_LN;e{&hL1-nCn8YAxK#QP3N6g3S=ISjUrVLCkrH9
z5N8WCL#XzBY*sedE=p>rIn#14b$?6$|7*Jc*mtr@Q;&+;$6C@+dss*3@Vbv$GEJj@
zswE3Fn|^F~*vHtb>_}zfeu;E3%#+9ps{iPOn!t3~iKKD*)lOt1r%!PrIh^U925)vW
zJrRkO-|MJj{yEP8T6Zti{_2K8EAq3EUKez?u%|m|j~K`ar!8#L*XxcL$#$2vw+v*Q
z>uIc|b8h87yO9rWe<1#Kr6Erx5~b}T88!_Y?gW8Fr-<dwie#%8<=F1p(8gP+cD<2|
z<8+fuWG-i%Yoa?j*Tp8fN2~p4BuBM&EaO5~-P=OsiEGf*LS%;<I{>8`%WW}|b;i#>
z=H{qZ47k%spuCks1<>ki+6%1y7hHK9FXrME;H=&<kXcUHB%G=ob0SBaI(<$11!=!H
zRaq#J`O>$vvB>&ZzWjQgtou4{WFPUej^uLUa%YmtON*V!6h0GkT_#9Noyi&@6LUML
z(cN>#^n;E#lO>Y&r88MCNxPlN9!Xm1OioH7QqD<u<?$*lo0wHs?uL$B)P2BY9C@i7
zCGD2T6;4dilAGLXB%cs;hqWYAY@4bjOEspOTC!Esk&r1)A_kl$l|LYnozli{<Cn!_
z@1&924pjV9J0Gvep@t_srssSdFJ|GS%{=*qd%*_&SKXY|hSqN?Z4mjvI-AJ<!s!-@
z_|ZVoR1q(QZFo_@4+0)z`EF@^-Z_!IPG!D0k$X;s3Hj*cmM+op5{?ph25}TIEOlfB
z`%gWpG>|r+m75AS%8$pRjD+0gd_M3vYLxklCl7dx{TuH#U7!<%Z)4-ou;lCb`P2n3
zLL#kos8QPE?cprXSr%HlsOZgmEW<$isSl2UOSv*HIdX#YCgd^a_9sU_a^EL5{>QZR
z_<;bat{+YsqwLvq%0y}>aD3beEYo`4=Yl|H2xV^J6+l7><Uw$IBGA0=xvKl0)A`Ti
zS=K0;VA0y$NC(3*H<GBG?8GNe$96MGDDhE4RtUQH8nRxvhRo)RKEEJEQ-zQ#nj)_>
zsBCeZC95RgG&gcZ5*NCWo07{CH}X*0hz&o(MOoxV4!B&zFjL*cS#IJ?Hyh$8<gW+f
zHH#g`VORXnfs`{&q@-4wqklfDHzEy_IBWp=o0QC^dysyf<L`0w68F=OeH6!1p*7$2
z>tP0Eg5ybbHuGb+y}nZ*?**6NG<2gVJ<-sIqRVRyU8s@rG<1cg>$i!pI?}nK;RMCg
ztkMDcZBm%l|CIg{b;CPYNGs`?NVBN);M-A-t&{&#zjlPQlV)r21g$hx`?q=N>Kdj~
zI#8PUBMXi^{P*;qs4+@9O7VQIbe7^-TxsvO(HwPtdua}($x`~aM8|fA<?%PHq%<8b
zD*n;KQPxddE^{=MN{2Z-&+BrU!*jXPZVpf7Mt&<M<i$eEleJh6YpH&g!0)DRGX?$>
zEizr;mvg31JlW2@Lf;jFxE?DX>zI&XI91EXIa+1%4%O~EQNP_l{t~g_kQaLCzJYwu
zU&DrW%3!!{pdSo|bR!*abZq!+Bf(#OR#zHI?qZm`yi2A#S*+0>F%heVo%P?-x@EbO
zWqRFKce379TJ26|8(kK=(_Eu8-JL!*PRCC1!DN`|PRF~WzJBQLvZXLxT3A|J_<OOl
z`onUW`rKg07%9hzY~g*bIgzKlbk~Vwh(1@G$Z1i!?L^*cd@ebWHBQnkC$ib8(bv48
zJfo$hj&(5aALU6>Py{K0gtP240c{W==Y|~`x<T_}=?cz`LkJ0RLk&5HN>3<Vgr}_u
zS;<M;IBF}X0=~|Rok#!Q4vX_MZ|zkbt#C-f5kZm;>d0H^7fcxc3;zCfj+<qqQfp}l
zjWUe>Ryz4Ct%PAPjg%68q+yw(q)f*$V{833LC3xljS8G?kJkT8|3B>y|HFRt&vWjq
z!Dwx53?XB5XDnp3q|LREnc9<FwuRVSb$?pOJ6G3_7COVt^`(XGFQUJP-o>>@Un5K7
zs*|U(ly4!6y!2zMlWSgQobe&8QZ~idbIqnH7|M*Tm#pyDA->*!J66}%1^f5$g{=p)
z%oU_Pt)m_A0(YEtIq%Ss4<h?M^F_Rl)&6Z<cAo$DbKt*!kN9VQ)LmuUyCk8qlO8*E
z!&e;rg-SO$G>GPs%h7|JbdjScIrH~fIO+#yoCp(;&|JZf^?`b^l%#x1aI8xom%g-v
z)Z>3ot3*qg#iJbUF74&$IO_6_L)9y7<?!9a<rzm8aMC(7AMs;53ZQk!H5Ax2PFm?o
z$MG(&UFl4;a)i?kNqfzeER*c?hAX+_thKq4htBM)@*Y>iIahkd73X{3CgeDWCn}0l
z<)wZ21}GXHi!@jKvA6uKZhh*gcklhzdiTHd!!qHEA^URZV#Ry;IG;s4nZZj-czTPM
zp71n}|NDGmQRm>x7q~1o@L3v{dv3g4l1{ntk9CGD13$xAUSQx;^pf38T&eeb;KomL
zkq)_ub6s%8Le3g}z8J|zqxhGRj4dQiFC<PZgy~~pzkT~8q#Mq-^0QdJ79w8@sf&##
zTR5NPJWj@>l|0Snr58MX^pAXD-|HaF<LDtO&G@kr9Q)pX-6ygCHo?Bz9{cdug8pBR
zPygEI*ztnx>uFS4@}Jw5g;pZ7FvVF^x0NHOsq1Er+@uvy;c+gAPUEy|IJ$$w{)uh&
zd(q}+MbnPtBTDF_P}J&1(#4W?R~!?h6j!=TBmM3|=Q<U?=}I;^6;5*{Qzhw*3&jcN
zQx|$f+KRE>>%AVjkl8L5u?gLGlU5mMx<OiGpmPkxzHdkcW%>|#dr0*kIPw}T2NHso
z*Y5N53@_n3+ZF!D&}^H+_oHxWE=Pw-(|#1`*LAZF<F2FnlN{NJ-$~;<5A`xnvv|qI
z)0O|8PB}ceM`NVxKZ>eg`t2ngbCad4zoq}9Zoqk_Ke><X|2{9h)8f>$&@(MvC`k{r
z^s=PCqotR$+7DW?UMIcN(K|ZnnT|ft{a6ym{#`}tO+%&VAM4r=UtTw(<TeY^SPk7R
zR79}|hL<9JFZ99@RWu;=xrkIOTfyJI>brbeeHxX16LFczIYWbQn)*LPGDnbRXviW#
z|5+q<L5r{EsiOX)NM?yH??tjy#CaV4Fs;gjT`yY0IZx4$ZQL;=|H?c6Dw46neZ(J#
z64GCY5>h^hrM`}XSJ-2mnVd7eXl0?%KSFl!&O1eN7)>%_R}m$ouMqKNcD*PedAno8
z|CjUn|FUd)yuhDybR9r?`a71jh_~|=o+xa;I7pq*tiu`n8tUsZxu8Kx(#LfiCBrZ<
z{{B_YIM!<Yq!Bbh8ux88!7#dT7o1;5vvUH+IJ!12*q%H6Uw_tbqq>beIY8Ov7B)|O
zKF2=qDfs-)>4i<<U9vsVE~3jMPn^9>#yQ($t;-2dlBs29cH^B3-IvLAXP3t^x$nFT
zDPvt+)_9WXF27@X6Af;eCCOX^u28%+6#B!Hj5Ff;l4HK*n(Cfmm*$KwT*)GC88-9%
zqWH>{91&+|@kPbe^ajTUSMz@<mwXx!s>4ZFlwlXnyg1+O8uFUc*_?2})3DZwoZ)pl
zoXAbyumNXhqR%D`IVUREQANXKCo);%yGKJdXxOD%mJjS>mTk0zRZBi{(h@Djp(ayH
zH}R{mi(GSZxvizMBx$0SZj)T@Ybnl~rfcb2Y1p^jBR^|C#nsEhg8p=AvOv_G@FiPB
z?RH=COfsD;O;WU`E2YU@o%Ga~Jk(+TI_Iq2>PvF<E*ndeovwzzeCR8K^xBu~E?nk#
zY4W6)%QIhcySRR$FL~ps!z9za^@~fB`QC?-UAs?_Bjv~&AN^ThGS}Cz&X<lWZJ1k{
zJ}l?5vpii~UfNimt}g!{--GgLwRq{dhU}oy4GsCsi!U`;fm^VOwumfckBDZ7(=<(A
zYsf{7hykx@Y89-Tu1V4hXL6WI*PY1|L44&*UI??WhW>IApE;9p601xfYgyk{+Cc1#
zI^8>GETHa<Gg<4bMSQ!n7V$&QBH|~VMZ_;Si<sn9=Xzhu{eL+J%*VwpcD}Wp)17k1
zCErbmzZAqP?&O`Y71uLX>7|`Gz1M$0e3`p=$(^irM|8bAOWy8|P3GVGQa&wqhH7)P
zWSOXYttA_rv=6jor_*696g$r-wuyQ^5y*2+$`j~fUb-dF)o6D0+iL!A(^D+kmlCOe
z9Q#A6Mu)TN<C;KRv6$*qmXNJZx;qm2;1qa7BKstK*U!&tM;n+cM2VeB5i-*GFN*K5
zMQ~kdF)hiy?z=vr<SZ@nfRcOc`t&<0W^zuyvFK!uMW?ePCNeXM8-)zxug7#s8p6No
zjC^Xst8|F3o1Kzi7c^1TbuN|y^N*l`L53|lGM9==bT|@<HZA#+I-lbCG_KkNp5KSx
zDiZQq@SU$E=}tZyv^eIn^P`he@HQ=3q!m|c#pPOD{lwpola?>j*f~oCZCImPf3Xji
zEuA{!JJvi}WHN^<G+4Ov)D>0U9a`iaC2!agrE;Q`bDG2<y1)@#^3R3C9L8h1-5k^2
zEYf*mSn)-8&ntDClt3PFJ}JG)WWjq;U;eOI{LgrPhDQH;Jf9}HtsBVSlcdQ>{8I_v
z?M`V;I|lNLb;WlL<d-|^CMEJ~^~EP7@^AH?9}@X}u0`i0@)z7nuOGmlGw3EK@)Jzr
z{-OL7(`78;9e45kP(IInHR9uo=u#5-pNmM>68M)z2ICM_R63c!KP%cC>$zC*CH?tS
zxoCDGe_t+oCy`&^sk@qprp=1)PUP2>EIM%@|E8pV^+0}=mu~DpeoHCmYsvgZALn_=
z{Ar(}bCdZMzJ+He^MCoe-Am@v%eakC=2w*!5#LkR?e#EzQ$-g4R83R|@cGqdV%^WE
zA?+Q?FRqb6j|}BE*4&5;X4fiyJDxvW+wJB+@mlR7PX>yab@W?@I_+($-!ee_EwIqF
zzT{DJ)82S~ehbrIefVQ7ir?tN=d{qx>BDbotIO`q=L8qJ-rMO@@K5J^J3Z_mP3X<<
z=;SuHH-Een?pcr<k-;mH`E^lcbCdZiQCMvcqjU#`@vFN9Um41O>Lwz2e6;@VFn(^d
z_VzG-WweO+nrNJe9FErROyVy_i%7l}?SaiJTE8@jPl?gbN#d`>=+7ka4`TG=llU(&
zZWwTCcMHbpUg%Rl{<rSI$NTZ;dx#h$w}*t09{0cnrn#|&7xv>X#fIf3@GE*EE8BbO
zKJ?{(>DlH+Uw&Vlh)JD@)1OY@Z^r5WAKJbIFwUxK`@ZvLnn^NQrllp6Qm0^-NEd_R
z=hq4)%cPBy%!JHj04e61B-3VSHZuvOh@Y}AE`WgS0s`U!3L+qa$|ABVA}FGusHh-_
zsC+1>@IU8yW+rLDUq1gIv^np&@4e@qd+s^so_p?nliNo9-);%sGU`9OWxaD>9PT+~
ztN*v*`*9L-*L2VM+x&BmK;G=TN4)K&BmBP{(Ts>>TkzY*dX-midkM?WXOHpry5?BV
z-E)i=bM6zzdW|;%`|Pn^@GF2{2ei7gEfNvcsh)cl|K1FHm;&7%((d-&vw!${{H^br
z>jFMfJm&@Q2j~6^iV?8Ka{?_`C<1lI`N$bAcqM=(5mNeuAH2X1o@qOW*~a@O@p|_u
zp1U0XUgMi|#`UUS3`Sr39_M!Ns2cQRp{(DH$vMuegMOdkEkJ(hN^>1IdBN{^!Ef$#
zZuf5M3;Cqw@2KiW+r#|seUKBV`-0~_?k#`?UuI3O_kuX8`T9;x-QST~w4BRZ@LQ7I
zk)f*tIOrM0YU5R15%4}82%_M!zzPV>B!~Z)BbmK_zu;~k(ZbW--17$!nJ)NQ(tjaP
z|4`EZRK;G8b^133_c%4-|71?+PksJVb1w5<=<`2{jRlsi>SY%u{g<nwHz)iv!wde{
z?f*C&ezx1cs&?UbyZzJZ>MuIbe;oO%9{<;MDd)acU;mdL|G0()FZK90G|c<tf&TH4
zg`Ydn|3zf(Pc#0<=FWY!&p&D29_MEKU+(fZ@AQNGkL*@`O^^TV9`mm6@n7A;j_OW|
zR{dkJ^4g`*za;&amWM7)`nT>~|7dUUp}iMe*Bg9(@6a;`2A^Eja9_9o&DDFH*X<v>
zX2J7a{@KlYT>M`DE6vBk4}5jss!tA9et&KC$?x?aIH3L)o&L`b_y;Kev~A;^2l<z^
zuXFBa?HhlS@jn|wK>L%}#@i0`uj~k)-{W7`0cUVuNBE>3|K*PGu|57-8$x)#a05*G
zz76wVO!%*E=)5)Ie|KXLFMqHRQOHL-yDsSVAL;x$g8DPk?T_~PKTKm<PwHFwwLbs4
zJ~)b}`hr&sRQ|s2IhgBD`}g|tfP1AMD~9`McCV`k+?TTZBcGUUymr7HKM=fQz<qTf
zc=JHzO#}CHD!mW++<5<8+Y<LqgwL;DaJuLH_jkO7ckb#x=goU@f&b&cyq_(=?-tti
zu?6@`-VF~g@J|RXxOjnoL9qJN1^ykuhCj^rkE`74mihkwg!a00fqzBSg5S^gZ?39-
zX1@Qcs)ncM`xjR?T)lhn`MT=M7WgMcLbuKLPm6pxgx$byd!4b+J-u7-V+-9`3xike
z9z1X1g+<OFQvNp#-sDTxZ3|BBi33Kj1_v=0dkfA8K%cR;KJ3-K>bYNf3tslzUrozT
z4Ftaws65SV{!%`E_I1|Q6`)%|+E;nr`S=9~b5GhGOLNVOyZFZkLTAkLzZ9r{VHf}2
zK+VVI;g4YN_KjUI)bO$M{a1oDXYT5sGN<MT3;bWrssGV@|I?v)SIzbB3e`Uz@vpC%
zhdO_*dHbj4`Ok-!{W#)(s@Ap`U#YK#fc{+HdD49UmIiS4y@u)+=K7~Z-uvKO|DniP
zkj8I!d+XO0x-%CB?_KC_UKqT6Ver<4*c{FBRcD=GvUn=sJ&cp1xli}HO9Jz*Yxn;Y
zsQp~Ke|p7U-&pUT7o7KtR{xkei@(+4|7lM6(F6R8D(4>C?SHv)k5jw-`z!0e*X94T
z@-yJ*A61J#(c(W>9ex;fYU*!{`&ZS>{Z`!nW=;LW@AXfwtv;p2|76{+zdFGGe4QOl
zJY1hRe!c&PhQ*g1;6D)wKe)gD@wsz<xWT`8?jDbC@Nb!0f9VGQzPYx0y=s@me_HQf
zG(UX*{{DC8*Pq(qKQ@2vCp-M-=GR{t^MAkF+~eNsU%GI?m7V_m3+J8I>3?zeCC{|`
zFYP}6{&xJi*1djqfPeSmuV9sbdCBg-Y4yLnXZRPr!JGH|7I=R7t-Czm;(u;w7$*Du
zw^ifqO{>B`+TXu()!7i>Pxh_G+iTt(zF~j=mUmx?kn~skC2n8uU%UVF5vW4XULWao
z-|iU(g9q;Q%7N~Y1A{Le=#J|RKG+*PxfdbLEJ@?c<#>}d&RX7C^|NYkzXxIZp9qHU
zt9HMe6S|?={b>#kx=Iew{O-SV*W!3=dtc-Kcg{7v>RlB$+pGRv6oKlzhokNcfAy#L
zbf;E?e-L$-RfKPkx-VB$e?ICStq7kLb+-q@-;N@I5&mS<{We&A?_1m%bHdlZ#r<tg
z_4lLh-pYB`yv2PYv=H0TOKO7G?CGwkLAdQssttZ+PxrA}J4(8<uKK>HJHI~k)DriZ
zdMpE{HH7Y4;?8M+EBRr=yzfNai;;Q%SnMvFJMVjo-4_<@`t)M=@`7D|yVzZ|YxS=e
zyC3bk;QNc+v%6jgS{LtD{kJ{c&vx7J)ji!87KT5y7Zf{u)?V)Zg+V+&xDXEU>4o7-
z_H_TV5FYN;g+aXg((WM?+^{>m;;(m~|G6dZ!bKbY6m?H63S!uQT2uwLKC(v`9DQsL
zn9-;AsJ?BndvuQtpIPiKS$sT>Pw*dPx@1l0x}aMhIy>k#*y-M{y%27syyS&`RpE{a
z+=jVRy~X%50<Jaur00&dbAaQ$L!5iu3*zyYNIO{_%Y(hE>i!yU{n<6;8D}3&@m=o;
zxladnh4S6)*SrvNNSeMBazFR+r%G`o(*9hfd$#f!=q>5|dph!8$Cw^kzUqU{eK7Q3
z00F^1wvva=3b>zpRUZp@Cj^2hJ~e=yP)Q@nUwBoh&$WjNt_#r{WU}a>;Lkn$vB(;X
z_A;*qWBj2PLdoMEYy$7cd%_P!5H8GnAmYC4?RHlLTa#UJ8h?ym^V<kgh4cOpapzPl
zJYlYTBzU9u3mn;3RUaF1->O2K<!%pe_~<-$O6|LyyREkU>vP=+b(o%W>Z*U);2x{n
z@WlpqSv@Z0JYK)y_=vl_;rp;ojEiyHi5ABlk3ahCVG8{7ybgzf+2e0LOwQ*6bq@#J
zje!LZ1l)Jcr~f<<d^Qk#vh33-Uia>g(3T?ZYp~R>RfN7Z$K6_C*F&ryyMJ^un7r8!
zVW)bBe_gqJH~b+9Hx#-o;6|>3_|6Sf;qlVIe6@ScImAx6$ydGqxZ4Zf5pvIZ^<N4h
z<gCGl_gH_|=R)Y@d)})d9F-l9e$Ngy{5a&U3|ZByaDrt#{hP5`&xhZD&$s|*4;zBV
z2i*Jpzk6PG3HF<w9i?H_{JjU=sdw(%Ui~wkd&paWT2Fg0wsQmiWdZL36DtH!96!#>
za3KOAO(66w9~WyvH~P4$@{XA*7>C`L!9E-RYW^I+o*KJ|vjV#z?{#(HJ+SXU2&Kpj
z|G@Wd_d`GNy?b}c58HW+zq}X@gC6j=`umpg*ZRXf53at>cPDxcXZpAtg(IgYy$1C0
zqSt;)z<oV%CE2%pe#G4g;p4BtURr@GVWIQN_txw#m%AI|x;qfM+4o*#_WG3o%%n7Q
z@L}yON<BLe`eVSmBM^GJlm^$BPea|)aHeO$$YNx3zk#H#d&a9jFW_GG7Mv46rWOge
zTLKk0Gro1USc@_{6YX)Jg}lyX-d@)R+;^<~3tl}I=i>qkE(yT;ki@wsQ2FD4_x+vP
z8~?w<*na1SZm94stiZXxcX`Fa9r*tjaz(tq_--%!Bz8w$_1}=l4^;g*;33|@HIN?$
zP62bXWO1069zMbQd&vFK58|H61r;@~gxqH>enPT2jJqsf3%-cwFI86GQRV(v8NR2=
zJ2@175O-WcA*5KI2vyxw<(>)QU>|odgLr;9bjwT+lC>Rx{U{K+$oEe6Ludc<{SohN
zT~y_*_y^YfSv<lvXWvaUJ?ipj&h+eVki|Wp2@HPDcPH2lLHLCR_j^RnzpsjZx!Qfa
z8X-5z!nb(y9}Tz%@!PwE?{vp;!PaWn(vcyooL})4|Iu^b$M5<wgW<jifo@q(%<p^(
z)AT7n^oOAPv=3pko|Rjw`Xn!cYnJDFH<!z6b=M1l!TLi>b@y;jz*{~MTzu+0ToJ%c
zFZW6~a`HTPTJ0yx>)jx7PL_8HVIy#nSMzL@`=VF(yDIk^Z^`pj?xTJX_sUN9P3HGk
zRO0ztbAq^f_U$>gS9q{8g6Atk^{9D6XapjvvVtF1S)-p<S;Z%-_OkKe9-zay7XAfK
z^Kq~_5BI-*V^+T7I}G_Jfq7^7?)T+)xZ{YP&h?f;(Z7LQacOL8vDL)sm=}5wnOHCS
z5HhrZ;CGRs^(}t5uHtY!-x;ibU=A|ZtM8iwj_vI|bCwkQ-0|G_Rj&?z1l8>qL8dr?
z+?)7{U@9?6FY;I|R`oNG`%wA+dw%tT4|rR6_n`W7bC9B~yFZ8=eCWX-)GKrqZo~Q2
zD0!TV&L5Fd54syF@CPW|&2|&<xr!hf{S_HqJ0uEXUHVwiUY<2)F7D#oH>V2savq)o
zW}lc7#3M$)|CpzJ$Pa$L!uvZN+nE*ie11g`POex9^EAJw=BJ)JYVM<!Gzk61!-77h
z_OE(t4x0ZP^Pg2u`p9m#A<2JwVE%a(?pttlzWZZf?xViD$gg_D$2CHmHJkTE?nLO_
ziIp`_iTf(UPa-i|H5ZC;TNO6Ecpq`kBZ7Ory6WMud#U<4F@o|2hd<wrf6I|W`;Fhq
zx_h{%@ct=p>GyEKEpP>N`zw{p?+>|0D@}*3Ki-XgD-yVMhq!%1ANKacdfXfQu(v6+
z%^QM9CW6~$jddBXKSa*0L~L_DCjAS3<WrSc>-WH#<VVh`bWi)bz|6I!HoB(V)_lYc
zIL<++K*3u*_uj^DdM+Qi+JmSdK`1T4)z5lCJl^4je&*p9`GJ*3ydWOS<2}IH#mlb;
zL*J`IEWQlG4DN@s{+s4B-cW~|VU1VRxu@q`iV)@0nx?PS;Z&gUvO4$cn#d>X+>145
zLsXF20nmHX{m^ggpejqD0Tuh<c<9<-<AZhXo?zpxb?z7V3nO-p(gfPagd4w!+XUgr
z)u<E3LMR$`Z{uY@bVePHCUGzKfr<k@Rp&k*Y&^{lml|KGb&m!w0F4)_n|@d8zE;!t
zRIPiYCh|zFd#dKQB^nok4=gUn)w#<nnvf@~*bnE=p9wY|Q->ioK40s85Ih4kepS8V
z@mhCfP2*2%F`~%5MyX8WJXAO@82V<tyVT@yS8%^O>fO0>8b4R>u9?$#PQAN(4vfT|
z6>j=My}LKucy_&eIvhE^-n|??rX-IG;O8!w6S}kBT{Z_a?wPaSz4h+G%Em9(yRTL@
z;#S@LmAK*O&I>nPTkjqSH{x#HbK%HG>)oqii%luhTT$WGir`o3aN`nVd9I@M#ya=y
zVB<A)?y+Fw#dSDn{XF=%sAlQM>f8f0ji=VR=V~G^)w)+}o-fJcTcGi+ir_71Xf%Fb
z(Ry2*yCc~6^*U_18b4p>{*1pogPR&POCjq=YZ}k0bAPRgKzyf!i!^q_F9CL`$OFC`
zvc>2`Kk{84SCx}Rz2Dc{n+KwAx!uF@LDkcqcZs(<;#S*{;1@_%{lfFUXIh7g`*@Vr
znZ4i+HZ0uXUp;Q#+#0Awfb>-0ZMYZxNgq+cRelhUxBK&dXBRur{#Skwk2CE*<V_dv
zEiAYvf*>aHjR*qos+%M38h9@R)riHhoePF;kGLy?cJOs-W!>Wu_nYeQPb2Q)nk1gD
ztgU-A;vQ>gd@zC=Ym0FSA`-;og^@4_Tpg)G)4%UB|ML0X8S}xxMe~Dr6bJMl4`ZSp
z_Cr4ky2t#FLp0_G%&$C-a=1_|fxq_c;+mCT@Da~DA{qQe6)r=^Pp(1)(}*+5^ZhVl
zlW+NZ9bW~LuYED(uC1u~c$NEUMFe}Zvnu!aYY02wniH$=b;aC2h1@x~ND*?khIV^7
z<oz^c)P5NXg3i++i*Zh`3V*uV`$E;?2dlh$t8iR|iw5|vqb#%6#-(A0joCi6akm~>
zDexY~A9HX^8(Q4H!W$ey<K~8Ku4mq~8(hvh>)qEdrmyjg?{@r}`hVw)Z|=q3E(lbA
z?EUAN0eoCx7ja3u&LM<2H2i1JZMmdW)__AS*mTvpm#f?(Rf>Ud-y1Uis=w}8d>!DQ
z1qD|7B?r_a({_|Crk8sWY&Re9Lilpy2`_|w)l=SNson}~Ni9zuIX#T*oSjX6C$#$~
z!tNI#>?`l7iheBYp04^Ph6b6`;ZHWXsYMUlK9m6t%64~HL)L{}nd4sd8;`5R9&_Ev
zmF@=>w(*c0ciG_^lm8zwtK%Jo2wY$O+}h%J4@UkEYZ$H@HXxC>0{Q7c_=gSdszCUT
z224@-><0JkK=`-@?C^H`W4*g4H17|%t5e(flX`b~?efR!-Iwb^zpr;U)>#hoq52@m
z{J8!yJX05DkHOZR#?bpq2FP`3HjZ;zH-TlY7MI>X)C!;D)#8}+e%lU%)+)EbxeX22
zcpUUr<OFK5=ACTGid(#f%LAx|@jU8<kahfpcW`Nr8r%}+mee2W_NhO_wX7=g6m>3I
z)8_WZMHkR*aC<qoSM4Ft;e*_I)mgxE)CL6l?}Wl0T92&Q;n*y){_bw2b1NI*cVZ1#
zCHv6tKnO<-hg+|phs*&6e~f1gegYX*YbIHszr7=A_a0C}y+zO(%j-5E;<y~Y6xXg3
z)!kt+dXDe+;vMK(92f7KMJ(-wAd64iw<gbcVLblDlE9)1SGTbC0Jj``fo>yyfxLT1
zEjG9Ze9(Mo?TL0J>%d}N3}<<5k9((hsKXx<a|Ij5aUKun$v?J2h;O6UR=`oiBNzGK
zcmFUp4cB|&KO-;>EIGN_ecx}y*BejyOaD^ko}JT;@{2-^IAFg%wDgZv?k6FOKk*-E
zc40%zP4P7$cb;F3q`@_Q;{}#KdiO;kcU(pIgpm7uMd+ju;`9*SK3y^IxDY<?3%**3
zAOctA-R~<KjtRMcRB9Z{-9?~xQJ@CP+X;T~-U@s{RC_zV3-Do6Px){8wtXQ6w`G0T
zIV5M^9r=mxI<W&%*&e0#H&?iy25N4qK;*sRM*R6-U)RyC-E#O#oLW}C^_yXLX6PyO
z_qXaj@Bz}fHJh;&saf>(usc7D?yT;vt{0(N<mqZR2!-DkdZOBW_!W2@d$-PAkG9tb
zBG=A!-wE6WKl5>1iJ$Av$K5dm7d7GEN8D-kN4*en7dCw0PZ4)*B>YUoeIxQwlOBA2
z0KaJYG%xa-M)xysw-*}SeSZ2+jrcAj{6wR>siOX|Mt4H+cY)^{aW!Mj?;7z1#)9V>
zaR44h$;Yd!@%obL`db^_m-&24b?CZA_dvBZJEi83XB!cJHT<N}eKEWg^&bk?f49;7
zF1*>EYwN$<=zdwd8qa6e)qk<keWtD+&o|VC(Dpa=b=QJIL*$}HcYZ@Pp08{OUC`)m
zYuFvnziZg{sYZ8Wq#E_V9jU(>)FRgQ3v)O9tkE66%dY3)d4A-{M)$(}@Gl$P-3vm$
z-p#|=`Z<m6<lRD#@8+Gp+hOHJ2Qu7ozXLxK+&zf<=|%lAJhIEFrN{vF=evIA`a`Fh
z1=c@dS1mqL*2NV=RR|V7IPU`AUE@{ZT>UO@-U&YJDf9>~F9bqAw68C4d4lu$;qXho
zJI|Z{n2(UR3YRjU@V<`Ow0HlvJ|dTS_1N+~;)Sps`#EkZ+ka?N$F(qoTS)(TCW1Sb
zz3U_1fe%%?PXubeiv)XM;e*vMj_OCN-FJhb2T+1L=GE?mkUhT=3gNq&6RWV`sV!XY
z`<#1U=m+)ig(2Lox(@gL>+y|a=*oI*f<qVAyH~(NJ+9pCeN4S=h<{U$4e`E~9$N6n
zI(K!&UeBOPMd;`C?!+J**w2E&#}Qr5S@b-7d{y{K#H>|G9MV(;|4`?it+H#EpRNnO
zROha!Gg4R81ySX?x+=8)W}P*?v(9SXTX!XDipRO`@7N>#9lN84=0Ue`4@>1c&grXO
z%{g8J#D1mac}-Tw!pC8pe+le*Qy3ewxi^R11AgQ2VSMZud9?;<n1+{Y+z%_Zp!}D?
zMtq)h%$&$iYupWUYJXJYo}9Djys$g2vi7ev?hBQnCu`hemDT59MXn5=iZ2PPLMMma
ztyM^(eWH5NiD7qVbv4NRpt|~(HSX@3FkU`fa|Z1Xd|l!-+~h%5ihNc7ch%{3g~w3i
zGjv#RiyJ@^i}Ty#T+i-*_1xCWsc_7V%nhA9OE(*kXtg7{hW`oRiZ4E=V4Vf?E-CBt
ztKLHQU$_$-{I%~U>+$8yrvmjK^W7BzTO`=eZuqmvE*-(0<Q#mwg(ejUO>U!F7$2oR
zrhkaWK5PMHSduqj0gYU-$Q?X@&6@W`@5)8)xj+a7F9vWW%-vVD`=yI;w+lxemsc;n
zY>~UC`aY06t9I!*i`-4M$Km;w`lS~y!fjhDLtkoGdeI{HkA@pO)O=v><sM%Ad7iCl
zC(Vysu*jV|AN~Gie&oDG?&Jlgu@^K(&R*oMZ@j@nyJvQ51Br!^GZ(qL7hdY2gQs`z
zBcHn?kBB{-*Ze*Fne_lV`fDJ0KdjV8Y;EIMhgAb9On<l2L+-Em&?@BastA27gs&{?
zP7S%MgS(*Qp5R<OKOc;q96}-?d?HfSbG~iDL;Lz=!Mk8KnR{$bu~b@F1i3$)^8|kE
zLBp@EU~0$8=f9`^f`I#Q7>DRz^<qd)zT}m@*}`4ufxVIA{5XEEec4r6n=sdc>S?zL
z#EI_^1GRYXS{TNi?E@Q52_Q%PH_yAqn~TRsz2Hk8ej`3~@~S`(;qkQrn9a?B;A``!
zHouRc(?`58>ix<aXFm(^$D7>|5kwtd^lHxzxF2|nE)KZoJX;2#W5^#aXvCg<-^g7h
zWn{VC-L}Z>La!Q)p7E+~3E=ndBc%95Ac#jC4SY4=T^hjN<?28Xk0wQ<XL~Pwh*<qY
z`~`Qv`XMZz6;*$)@UFFw&F-%V;t`jDU#ReYQGwRD#D_<<F15!A2R@gr{w^{{71j6g
z?(hpiR3Aj5J{ZK~_k&f>2E9jvX#eYA5Rc{d=1bwP4t^`LZb!q_8c%k=7-z-!SNGdW
z4CTldksI+l{%RLOJF$<esQY!LyRG8T=PTWXLGvwavoCVM4*xFo?yJO6mIVMvOyT*Y
z;F)+ne@@L^D4)}CXQjKea?g7z-5r(K;HYf_KDkGBB(UgY-`yU-k_8@?;~@QW`1&@m
z9u|d9RFMG+EcpTg5{v7e^{epif4K8S-O#%l4s{*aQ`__UhAEef@AQnb*gaqdxWp6)
zelm#f0D{LsLOw3IxQ_;{1P|h+V>ozz*uLXDH;iOO@WL>*tQK{h9twUcjI$Ud=-rp9
zt3MrfPu4VC62`)B_5V?0^^XrXpbnA|MOr)i<}m(LpIa5lxcx0|+<E=Ax%dy~{v(2Y
z)5c$uA&jRMf4J6du7eDxkYE;%JJPW_EzY%skZ$W7_-A!?VII0V?G~f&?qJ&WA}t2`
z*rcPYYrF`e#@oEdxtv=0`r>@r{n1<TCmH^oy=B9Dns5R1G_M)^|638g8r_Cs9Jl-?
zA76J*u`KN1_g6;_bL+9BqD~V&Bf;^AU-LNxhd#m&cX=>$c^Ib!ucG{mRpHNu-HlbJ
z;92rmfuj&R4q0?*5J?QnQ$G{f<6?Xw=4TNu`}JQ7!o``_2ko8vdIvs5u+I@{pw!o!
zTe>Q+7^;46-~|+av!VuHuiaAtSAJ5k79X#j6~ti&=^T!|gzYC9ZmL9H?`^nl?N$A;
z6462(ZdAWuvC0!T6RE_S&;%>G*gpyxrizBAD-oc_EP>R33)Zhx;K2BiVB{K@S+Ewj
zuRl2_cAHrVwvVsQv5VNJRnk#{?_H=nwG(dbJj`G1n0ue}J?xfXZ`N?IYhGI%-wu9~
zG2ZMmg<_8TF66lFg8;UPAk;w&?M1GvLUjBDLksD^S5f8v?GACMb?MP=3-p?E|2g#Y
zIWK}lz)c?fEXv+l{4QY+{Fafc1Lq>Hzq2xQ8ZJ9mK8L<<t`2>?27z|yqjotubV`kT
zruxt#Ey=$Y`J~G{gm157PdnS+0xUfE&fg1NWhdVF;tF4~zq2TVT~7_vBeDIHK=2Q~
z`;0#q&tLTiB%cFf`y-`zS0MOe9c}|wJynOVtnt~cyK&C<p@Sz?H+-tzofZzBTMyg6
z23&u;uHk%qvRl`17Q)B6l8(=w7kq=TeC}uPU9LG=j%R0l-H*KBO~?%5lV#{uMK!Xt
z4~44lsB<TVgZJXnf7rH#kJVNo4|!%?17g-I>Kg8>bJy3ki{8#---Y|P1_Vt<RbkCO
zj^|U8(<8Y;{}H*#LVkSA5p#png{kq;ej#Jy(Ic`W`JpJ$=;rb1u_4v#AIeT;i;v@=
zFqt39x!jS1BhyB!;Ibnl<Ad3$@yYk3_g}lVh~-uk@<-+Rr=nv`(dA>yqo|+D4HcrJ
z*(39#)1%SC^u)yY<Wz1bYV}-xOr1|{pU6d*yXEMAGP*Ul-JVyX@kDOW>H>44*@<#>
zt1&(Xq7%{F*wo~9mz|u<Zg=^q+-NjE79|!P8=s11qlKx-{MeS2(ZTH4@+tf*Ohu>0
zi>1**4u2(_6<i^|Wh^)JzbA17I2@n+U$^T&BA?q9EjEru-Kyx)LbaQkoX)w;*^xqy
z1#6>AM@ELK?YRUCESoNt30fH%8;P~mZhCC%*!Z?FH;^6TaCa2r%INsOR5p*HLa3wJ
z5y*QK&*KA!V;n0%qc|gOO<w^@vu1L7Y%DjqX50AW)-@yffuW&o+08Q#g~`D+`LU_o
z<mT*PZuQ{AM5%Yq`^1##9Gmp#$MREdX`zTsPe8YFMPzUs6poxymClio+?MP}^q`gw
za6dA#Hd=fgg<_aOMz>`P(Xr`~kz#8w=$cnIzkT)FT`D&=gt?B6jBkmK<_d-EmR!Lm
zdmzv9mC;e?#z^jn+z2F9Yz__RNB#c60ar4TH#~BPV)Zb_+>y<XK!)gPB0E{gVOD8v
z(G^3v&DrUZDdPz*_i3_ua%crT9vmN?$WG-4MshN|+*G;Q(&^PlLK7fSH<TNg-r`_-
z(6DXU$uTtCJnqIfZ+_#`QxqR3=e5EG!`aasCeSQmdT?rbGFQ@oB{2Ol*P9)Sj!#cT
z$2Ui(@}s%vwqcAlnuFC&gMAFl+(vYBegrfMPO#`%{$<nr*aRr=)Ru(>7n|u}8j2X5
zn9Pq)=BKtp9iSnDrdiRYtKU|D4o?jZ&#wMYYwk>PXG*i)4`eZoJHO8lxiJXKjgR%K
zQ*&C*!3E~FjKc>_Ww#XQF8M=sa&VJFLz7TO2cOlCDIaz=vYZ>vZy6rJzbQ99k()F(
zT7KwPjq=<S+<SU+Ls|2L`@ivtmq~Np;o+p8gOfRMTlR|4&6DG!QOvN})5H{{JWgva
z+J-3f7ae5!{{xYd(e6Nbq<?JCnS-+*)2_3)B$)NDj7|;b3(=OIPB;T7;@HUc=m2I0
zuP~r(`Ke*!UhW=lVRL>G?!7Fx9f!eM{g@3`9tjX@Us{B?l$fQKXu{ku6<8Z>y&1`k
zZJ8Q|2_H4RBVnvUMz()AH-edTEm{^$K{vxOm_=<H&W%N}OcfmgxVMEfhr#8zhJk#!
zD@psG_onx6yfbsWc?{wxn|50;;YZ8klW#80Mt%&2HuVPhmn1Nx*Ao2SP98b>S2I@<
zFz4b8%$^Z_<90G*=CqX#3xMF@pbQpb(7nNHzrHiG)v@dZQHy?o?$5<6P~vjbYaY@_
z6f4`T+w%4=sZUIf55jX;2Wb9=mnC@oA<X&s7{}9A!lFatxq`(&!`UND7o^$6KHz=Q
z*~u+fg_c^Z2A2x^DjSm3o#q&d+GoMb+O>u00pM<Wa-=;sI6jo?8_T=lsnL<x*c3dq
z%G}|F;=^E}{4_e$g$M)@N+I{IcNSmIMq)=!%}{ldxlx3l3Am_&8$-B4W$rOgx&wAl
ze$3gbYR>kcVT6LI30p!(#<%4r5%%GU23+hlh7}m$Y=7Ycll|5;Jv%Y1N3*aGOy?%I
zYt%(X+Qvsmp&a04dNem_K`hL-&~Ls;uD$p?J(jmF`pZnd@fjQ+*gRceXw4}sd7+tN
zI;6?mmfVpRQbbop5t2hoit&b<saSR^#a9UQN~CAgC|8^HT613R#I2ZEku4OO)^A%e
zKH0Q>=;#SxEBe<@3{OIQP3w;?<gmI-9latuk?&uBG*;mw;Nt9QdSE0!*uTCBVrn{i
zYJ6*M>}aTH!KBx}eno!hXuK%4ZaUh+@D;hCqq7!@G#x#V%TDGdkIqg{4P*H~3Lys~
z$~SBY<;}{PqKi|kL7}E?VZr~iQG{5w&g6<ga1=qJVTGye;8v@leT2nP7B@50$9kRX
z7tONhN>QIh)Y++7QTJ%}@bSsjh&^Fs)A%uzo6HR%Jea_yX=*K}!Mf1SYcwx|hfENl
z(+&MEOdl2tAHGJQ|A=Oel$h%p&kn(+v3k*`6-rT^6=aXVLY1{xv^aL|1+h08nx4Si
z*-};VgCu4iZKrn@u#OeDn?M{`(%4yru+5@df}5N@NQ<JDW7D%^49)(QFD)!*%&ZW}
z=3eSn48Ue1(UCmXe(nHgZ~RIw*=z*{Y(K}jFDW2!E9ClN`2{%3BXVGBtiR|YW*(&>
zW7v{d9mGka1Ev9m{v#350Tezkk}vOh%D!}M6cRveTX4D23B;_W5bzBv?oRW#&&)g)
zW9!!w7bTUS=(n(_A6w@<wA4g~BE_q=eR|E?+>r<@ixp;VWVG~X+Vk9ZAq>KNII>1A
zlpp9(O+*zIj+Ymi;yyn*v>l!`KPW;*=QX>fS;RHjD~dbVCRfTjDAGfwVv1{2iHXu{
z>^ojZd-_YSDVG^dmJeW|#!}vZ>_kN6HfZs+b0@P1y^g*|XO;zoer4N;7KX>CM}{nl
zH7BEpb$qOBd8WlHqlge^H!45?C_$U-1PoHKysbKj<c8><=&Va}G23xi!(h-uMGf3R
z9nn%d5$nuZ?LxmKOQbBglDIi}>Z`oR!6H{o32}04i&#K@XjN|WX6(+i59-H`Nd~Y(
zA1W&Q=Hdp>wP>GY>zNrac72c%Y-emck_lk66lWDRkR$5X9Ju0C&A1rop@lj-YatbI
zwrL;=fc+PyEZW2744YU)wUDVC0mf{3C8ernrXPXwR2DIg`NixY;;FHr5%UVg%>um4
z^hkEnvR4+1zy#qBUcdEZb|`-&W;&O9V~g6rbbe%L4faHnLzuzIsqJgva}MvH%<Z!Z
zeQnMkxyCXwrLr|BUo()O0=HAh&J4N@ljGY`wydpa;@%`T1kT0|A0OzC?iY0iS6fyN
zZ-MrWmD6wI6Bfy!?i+Go{|1v5x557#k45_!!_qei(N0X{#vDQ}dp)^!ZQJ++QUKik
zEpdtQC=APzJXp2{havL85d<Z!ySTiVgSS`Z=23?|+Q|6IDAHNjZXWHH7M2dVm2Sn-
zi6$4_Jd)kA-_pH~eA7lbv^i@dY|mwfFbhx~@P<tRpOa&)+mR7V^mTPv<ng*MXU#|f
ziBat8{%KXxOd-&pEKam-YoU!uGcdA&KG=e6c{jRjnw%9N#EDwzEH|AU%Z_Zv_7QAN
z!lbB7wwYlc;=6AQJKC)<*rJ+eH(N@nH;3$6TNZnXH(vcs6aJWlKRqUM9f~>=Kb%f_
zJUxuG$j}F%@jJYOSD0`s)~{UO1O=HIDnmRsxmILXu^1usib!^V>+626H5uyy3JtLh
z<|hZI^9c9YEf&o!Yu9#U$KW?tG`(qK#=2rrx+z^-cC6@CqbbDHgTu+OTo2wc;XXZ<
z9UBCjm_Y6Q3ab&+l!Wo7TR)d!W3o3lk;B#z9`m5=$X2uWlnF1BM~GImdia7d1f-Ua
zEXQ4wwq=K8dt>{ojZV*YTPAK!mAMQvfgTHxskm#`^0_BBInn{cFWCCiF+PGA8C(4=
z2zYaY)2M3+<nid}^x*Jn*D|)9#D;T6Mu+lSz?18mc3mT`Ysz(vBEoiw5!XHDx(8ii
z$n^}mO+#)|yW3Q7n^JDmHn-^@cPP$D5Jav$3{UT$dCZPX3};J)rN?YxFrP0LmLCU3
zvSV9SIP*A&GmsG#&ODMs70x_vnaoZMt8nI#TVxf^JYoYkHl@Ou$BF5&!BS!Qv0(db
z)tq_6F%RaC!<>19+Z|F_`RT|R-riq+&W=n)SM48NIutz`KXA}AMYWt=HUMvlNa4_>
zZ{O$0RrcdBtIkGlO&+oR1asNtG6o&n@<YfN!o?RWlIjxcVr+b(SY{r~%_d8l)o$s~
zYJ?^R_a=O^mO`xAW(s{e#li6wmR<{eT+B`ZEGNUQK2F4-+$z)RX_b~EI8qQ}T8khA
zio6PmY%ZTg=j=8e`S!P$v#hikSxzZ_p`V`^FJKEhHUx-1^OLKihq}@Wbi5LOn}9Fz
z%tgfF20R}&+XqhO`sG)YKf>$wj+WBCa}-&f$?YgBajcLFID8`xB^Y!?9d~tuFmM=~
z%{jKsTJ)n%e#}VPaY`|a8{A$jFZs9Ed)Jzuq7Qi8hKbh@?9FY%(E}DhtYo9vD34>-
zMwf3|&Q%kh1t})122&=l)o^0}toA6*T`h>;j3W#-vGBI&Niek__?p&}IV7M8Qw3A*
zqHA7>gaytpv3cNj771O;iVq`+iaJmagtEgqn+_bYP7llkq44SD8Mee-erno0ZFCbN
zA3Fwc(JgSK6EmCl$>KnY6NIT+>+qx6tzNylsCknXrSYi5G)x-!<{1Vy?-N=k?1{o3
zf^a6sx91>tTagh1Be^m*XoojcnOPwdEZpKPO93GB68pe(7Ke*4e9b2o6O?1?0<r15
ztt6}*GI2PZF4#<fa#@HLaN3znDe5fM->F>MT26T!R(@)l-DQ*IPb9%j#uF?T`7tQH
zorh1Bm&IuLtf<u6tam(6w^QF)Wv{6ZuRQWvDt+mWRqrm3%yOZ2b}Sc4t#FCy(KZzn
z{`uPcW=;JzMgyzzV<W4F9V{1lISXd!(^tEMvHP!?E7q{u|Cb@y;G!0VziB~PAwP;e
z{O0Y7%3wS;lv1n(4Yl3MG_u!L&0K2RcorM<!Q4L=d;55)PI*^1*}Q81@d<3?kiT@V
z_kN#Q@7WbN`sY2AYCtJ=WElK)moE{R-oXpH=%F}EwkRz(bQl8YwfH{c&C-miapmSs
zm|JDr#d$XUwT<k4(YL$xJ@0Y*yF=e^E8nV3M}DyR?VIu6hsa!$Q!u|dk8KWjkr>n4
z+<LdS`{2@{l^?R7{ISyDYPYG)z2ChR!&)`E_Wjry7<_A!+jNxMG~hP1;+v`!>o;QK
z)oq6;YnNiHu%hXMA3F4~x9z?D=+*Ck>n2?CI`pvjuiE7Bze%@g%555Rn>J%nwjc)J
zgG-P65Mt4h?5JxQ9><R{oDGlUvt#`m^EoVyBikp25v)#T2l9gea1wauT8@At1Z>6O
z$QZU=c))EN{KPGY{!DflPgB{gt`$chsNq_Nv-z!s>8*GgpBNt<$EAYS$?WhbaC1XQ
zAGJ<zDH56<MjEHhHV{ZwfQ^;`Wa9BMJA$%F>%1*H4ZYyIk%27vX~T|Vvuhj9ZXL}U
z7{w28zcrV`!#GY1M%i#2+C4go93}SkQy5QM!L`8==Pi%y+P2$K{uJSOe>d{y*4Oq)
z@Q14H7$wdd0FMA?Tfm8HM~b%4-?DXjavD01Ai}jHe?7h(&0<@&ql2A<7z4KjdpWXw
zGz*e3Bv!^J@US5_KDosh+<=_{gm0{E7{^;np&;`!oCVC~wz>_|hhq_#%Hv_|@a#yo
ze}g5tflZE1ZynCNji7;l$Ojq7Z_fAkjt^s*+@3WYhXLb&mK}5(a|2j!-9{vBw_rT3
za}=H$JN$mkG@0uhg8&hQ3?XzY3{K{m#K!xc?C?nTi2Q3xC&4c0z8ATDDnvYsv~b?V
zu@B4+WdWfN)=@mWJv-drg*RBw#tXx&gyS>FDutuAk^U4r!)u(^;OF?^(3<%0^iXyi
z^ucwxuIxDeAwB21auZnmTvvW{0NWy{Pj<4urS#B>hXRVXBX5DK+fA2TH@wGi_Hc*>
z4_h%Aljcsqk*R+-@@h6MfO*i(S$*5NA|cdmRkNc-ad+ojcg_yD@<Z6P;29TM^8MY}
z?U<o%#ALbtcz$bk>ohun4%%$?w_$H*N&j-eY~$+AV@TZyyYXYp=HGgrL=o=tkX2~Z
zC|FInM0NmjG|m!W7B)dWOysupr?dI~E?o1#bJiucVrz*1PZx%#U1EDai!-n-{XNs!
z!Qts#|3(<V7MI*&R+1d)ZyU}-!pV`L{*BYHR$7>0ol{xUdwWb^Q#@>%F<`7&3AVAw
zvX>ss7WteS-$FTCl@xLfJ2pyBPi`$X>f63$czV($C-YFvq}`mt&r#%Fv#!TM#j@Lm
zi+uKEM@F|J#>%01y1xyFCL6QUt_S;Flx%iA!`MqhDe*84*Tl*0$-AC$*Hgg%v6aKA
zUrA?sbC~)qmK*{bDVNGZs-}5(nud=UhGn=E-dLmsodrC?MwZGC4Vkb~I4e8|4Pa1s
zM!sSMb+)<`-i+h_8hQ%e24jagS*`Ky<D&z3iG+d7BDH;Fd@A3c$ZmlHNx`{f2VEM|
zh&y2h;m$CBoXi|S+B!BolZW$3XSbqR8Ydhh_&K(vV0B^cc#|8M-ZJe_-HZ$X)$#*5
z8(bQG0Gcw4hsoh-oQR~yr^a2MO|?0i460^et6Qf(kaq`h0|j7-PDmTB=8)V`d8p<g
zd3@3IJ`f+s9tAr~A)cMgx%Z8@_f5F>A>*+0?e7?Oo!vdj-n5G)(w%91*V)t46-&F;
zmQ>8OCA+&(>|))mv3A$d+tMA=&lGBO3hzvHCfZ{MyRObe96wU&SR&Tzx?|}Umq@1C
zdOLg4F4_9tSX<f^u~hmH{4%Lbcb5nZPfbk})~;EzZQHih+o68gj;zLJbd8H;(D%lc
zM0*zqCKD~K#-+hjva2s0Yma3*+hWPyPSk2icP10|t}We}X-UWIG11x0;#9gt?Melm
z=~!>ML3?{D+1J|^YwhdkP&X(^_r_YfjYfNWy0@h*ZjT*k)zjMvX%rESCU$VF4b05$
zu&pK07VDZ_5=*oj+SAjS05@G-5GK&R_ReJSjXn1CCfj1EROwBb?Y?vp^I((0US^@O
z-rgi7(|2%NS0~wQjddi!{EQe>(3b2u1cZx7pN&D!JuR598LT)yz1w+!D(y>jC0mUD
z)~;k*oFi%N>N7T4lYJO?@u9t?mpxLfvG$g3yi9i`55nuVmbQ&-R~8f=db(Pye(@>2
zu{YVbVWSm50X7&>JoIkpOl){fLAtX$Hmfk!7Dp{>P!vg9R}!iWd`5_E$wa~w(hB(m
z?P<xhbau70LNi&Kjvbta?)Me3-XvzNccvT3v#oDd&y;F=3-msjFff~-;np}oy=ZUk
zDlsP|F4Gm-)wyA#F(<4$Syb-VQ+Sm@bq?<AHtR*B&J@T|R69tfJ$VpkPQq#LZ7~@c
zkP7MvI$kP0xRWfPLRYLMV^Xmy$xOLMNkLKEX|~tio9r>rC*vxQDc0SS?&N&O5^cSQ
z^uTgaO}*l05mV14jgG1Jj##?Ql%S)t3-8MmJ314cDV8VO`pjTD43Y^xB{>xx$s}L(
zcF#0S_I7tBdh{CGH)wbaOqEouqg+(tV?#3ClZ4Hq^Ol};U$2Q_V@qmdxd}WFRJOen
z6KwAcEo&46l%CNKyxP!`-WY?4ZP@8ek)xt>FfxfuOIN3fDIPn-CQeU1z48wzGzxvG
zm`%0J17&?C{x0BsnAGx%F1XRI8BDfoCLC)oDytCl*s}}hvh0-<rufv3nX_J0UJ{d`
zC3S$cy;f%3ExqPMyTLzrn|Ue`fOkm6iUZ{{d^#14NJ#;SbVCJ=fVI#>>rslyX9|K(
z2W^be;=pky8ShTMZ)TRuQrV$&hNt(<T3lx8%G)Pm(2Y(mBZ(N+BAcv45-ScBHi35?
zoo#$wGW8wH<dYJ~zMi7$ByCxfk56`V6xmJo#BA<gj}Nm%=o;24m>;|EfoL~&wwrY9
zF}0E2w&dY^S|BicwK17C!yqh;wdj2fXu8W<UtG$HcyWq~SZR`qXla^CD3*t^)Mk~H
z`;=i7=d)NrGg?A4r$vmj+LP>|@z?-*lN*W#fybU$Z~Bm#?)vB-dH_;=ty;+7<IC^i
zqGl`v>t#C)YIc#awNqr!8)IQ9I1pNj4|-z<_Qjz2GfaUuL`lg6VCVZx@_1mV0k;ex
zE8s9?)T<uMWo*aheO<-&eTcj8y3JN0dx*8b8S){f6*v`(6<57ftV=7K9!gdzY_<qe
z8#^r?*?<_wq*xYBsXPg<JxgLmZAx`+NWeAi?7~t>xQ~re9Sjm)o$iB=WfnMiuEu68
zl0|6&5LQ(8R8I_3Q6$0VGL3TdG^=FRRHo8gg8*z{vtIf@OuY29VufT;TQSapi@{9D
zbK6=e<+G=<Ri=|0u>PS{I@#B@vD7J%qT=#dU8Lb0%W`CSIl?Ka31A}CNy(O?#F?TZ
zm2#EdJ~RHA_vP*n>6z)L9FO%Sy5*Y6%<Dl^_1s}|1De99_+_j_y{~6OFII=LSA*L?
z;5!pwz$jC*H6w!^Kx=0gqL1>}GfAv=MU}GdG6>jb1!<XH1S#fgX2q%HvYFVdT+}{0
zpq(j2pi_?H%B8kO!Y`FsIj9BFW;}RMtTo=5e$BREr{dY0gJN4m)L30HjDuQwu{2xU
zv{NIAScR{%yzKm<<N;MaGrvVLT(e9x*wVD5)4iRonAe2uy;`vs*?`Cxb7)I77{h|o
zk|L7oZFB91Bn&8Aa(pc^9m%eCtfw1$V;v4bxK--GI*lTG#CmYBZQs`NJ%fNuXY8O=
zGD?>zI#BmsgtYE(<cgG9aySbq-d(bb*zO&x|8w;|&eWwJu?r!&HiFzvVkt@;l<d_z
z*VfnDi<#=Tie-e0Vd;%oV)>0BP|@xl44|#0i|@)$dVvTKi)<92t1}+sGauHjb%hCB
zg(?*6MA;R_3$C!t{*Ae@WzDXc|Be7GIK+BMmmL^HqG-$T;rXp2qhsR}AHWAA(?@JO
za{Ey&t!?eGjtv_--y84hP9%E{>`kTnG6x-e$ot&eoA-IgJNJFpf4uuYRY^op?4s}4
zf9<CA`yH@kum9eA)!WuAJNo@gS2V3$zOJgeCS1GxzxFgn-I674$$Q+A{oIoM-O~Ns
zvSn`Be(r7ixxM#utM+qi_H%DvwxYQyDbPodTp`dQkP^rk=)ipuf@T3$=~$5v#+n@~
zSTiA-i6+uah-M<m2H3w_gG7=wQ>vL#&6H}UlI$U+1}SJP8l==NrFI#$%cxyO?J{bR
zVa?{`3ZnvG-2xaD0P7vVdT&m4*l3%RsUlE=lp3UrdAw82jH+bxE@LulPG&?b!<v0D
zR_Tk8N*{~@Rr+Fa0rrl?T$s^>IE@N`HSfSg2&j;pLAWYRs4yigB`hP1yg<g*Er4|k
zVEqADe*o4W<Zlc@{zae$94!is2>{jPXfZ`1R_uYJMImcyv<ZzCfHgH*VC-F^1!goc
zwbmbi)da9A0LCDIsx%vCn0-}gR+VN|X|`_hPBl3cXoeajL^`2%*k4;s4iiA{I80#0
zccQ{!LZj4<!vv=OILwrW2|y|uCNP^+05Ygy0yCP>M5_s4Gy$v%fYAg{6*3PkHRb`-
zfD8gN1_4-8y=T-r0BNdsU?i>HfuTXuvK7Xe0laHMYmhd8b_R-t;KeX&0Ls<?04fDw
zoB_m(K+WT79#`|Yn#a`~={aj)`U#K{X8H*%Bh19w3_r6>07`4vN&&qy%R!+D*#P=8
zfaV6!t$|`q^llh>2QYR45+ZH3Vwgx9OTbckXO?4_-Wh|yGJ0orWSHKGU2=j#dt<Jg
zfP6JCBSX#0$Vu}ua?;#HQq4_mtZ9agR%X}$>-1Bv*2RRS30l=bt2$^^2d(O$RUNdd
z1GSb+nkAEF4ZqoD3*E#;#AeGd5wY1aOhn900y8&hK<~_<0!yobSngBBKC#}X&ilwZ
zm8y9emC68{#a3{{G1GG^BuPzYOyiF=lL++<HB8?CGy>`yFpVIl5yUitm_`tbld+fv
zqVdNPWDmI((lS*95zV_fS|BOaNU4UYrxmL2;&8-jMin!vXqt<PQUxx1&E}x3uww<K
z&|x-Z7>D1XadY)+UKW?y#HBXzWvm&O+Qg+caj8vQG~*%`7qPgA#U;eJBo!xPamg#L
zp~f|xaa%3Xt7bKhUr$4fjKwv_am{gDBadrb39*?Fn+dU*5St0HnGl-^X?H@}&BYy7
zAnn#1B-W9?gtR-cj@q4&b|<9W32Api+MSSgC#2n)L8R}D^@IkQkXk3C6bUIsLQ0X4
zQY54eSl`%A0$_XrDjIS^YHdpb%B0o_sdYkXjrGaiQD0ILNlGF~NhB$WBvq<Hg-J;y
zDT#zp3}{Fs=Fovi?^DuyDPl@uN=Zy9i76#9r6i`5#FUblQW8^2Vv-uC<OHxGVK<Ui
zO43S6S}92@C26H3t(2sN#g^@)HH@*qti@OcBnHVYCE3}EgjbSXO0r8yc3AZIP9l*F
zrDQ`XDH-2nB-V_?nvqyD5^F|c%}CQS5^F|cWsnCCE3t}vMk35egc*r2BN1jK!i+?i
zkqEKTFdj1!p_t1^gg6S~D~T{85oRR9j6|4`2s094Mk2&Q&UR8bEY`$|Kj}y^nyQQp
zE+au&L;*%5$czM;ksz^t;~iE$BaD^LTn2!#hXv3qdPN@{57u_mE?eRStR^t431B<`
znADpnZTws&#1=VV#vVYcfLSdt5uv96W^6XWwGoIgSJ)=lyvjr*AtE$hyb}?+Utl64
zez*oV!93WSrT|Q>DJWoSO?d%RYYl^|bQ83It*HgT)SA-?Os%PMz}R}F1htaBwP~d!
zv{DjUDG9A(+|jg-3l#vVtfOuK<H*-B?f}M-tYh5Kv@T8AtV?q$)}_@hZPSEzYKI*k
zF||u`D6L|tRV=lNrB<=jDwe3hO|6==R?Su`T?h)<L92zu&A`|}t7fZJvqg<>YSnDD
z(lrC)B)3wFfT@}0ho;fgs`+Wv#9&`e`dlpWPW3e-w4tU}%}A@JqE&Oy$~6=3R9|yI
zN(va76fgjgeMJhuC>R9?O^OPdWCcx%3IHf&*#s~(r#%8wa}7~Te-m;<HUKU2O);^j
zwY*8oc9Yg!0M4A&U0|Fmt-DQeO+j2!5SPKkn`w1glTn3=7N_%RifiiPbUwhyXIv7F
zOK@7go8p?ExaKD=Gm2{raU3Xsd9CmO>Om6}*9667IdLT3t)?a@t_h0Mk2J+KLvhVe
zT*eZ|5r;L<48=7=+^!%6Aa}xDi(zD*yB5PJWUd!YNr@$Cn^nA$bdr)zQhJ({o+c$7
zZaPs@V@}G0BsFxL?vjdzj&mtt95bD2Q&J;O%5@|qfTRR~djPC2Mdii`{fJkMKPjJ)
zlo*l{LsANnl)fe<4Q^@?uS*Qr92sS9y9`iExa~5Gvf;MNFzXMl#>4?&%D-|2n**5Q
z0$6hZ8y$c(2QXa&P;*)@T$HHLMB%A~aem>jgpu8q3P}OjgOnN=Nh=lwW~AZatO|h5
zJ%I57U^M}Z2>{jPmJGhooI8LC7r?j%uz>+sTn9gC;(?zm0`<T(3xy&bR|A?U3e^L5
zW^k<PfwK-woN@AjsU0pvSP$H;0jL4z8<<$4T!5)2H*avys>vw^rka!)FxE`0B}hvy
z=@lGiTH;AdJZXt1E%Br!p0wpAn&I+omk7X)(vnh|3n&WNUs}RSOIT@DWYmI{LPR9F
zG(Fq8v?P~~tF;7}mH^WdU|Ir9Te<_COO9#FdKji2B+fLKVHAp3g0qp9RMQF0cUr<t
zCpal-#xm>DmW%)~NjxoyrzP<;7iYW^O$k0N!Kb<0txH=b1<f@LX-z{~(~#!sjCX3T
z*+_FXTC{_2k>&%~?6*ks0fbTWTUM}Li!>j=#tvZm3}C|qu<-%dz*-dN0<fmyTwtuJ
zI2V{|(rLCx5&&$FW^f0L4bpT+z}O(I1_}dPn00IhVDF0Lu+p2o0@xU^;G1}`;0vQ=
zW8D|V@nQKVW_@GzXLW4Kh1nocXq*68Hvq;-D_n?xs+cAqXfT~_MRx)s!et4CBEn?}
zn24x8l@dXQ>QgC!sXo;ZnCeqy5P+ytjvJWXF}g)mVpiQM?*qV^ay!5{0=b=5c@e}f
zl$Yie7#nC_fw6(+RRhr86@d<!)!r2tnbqDE7#T`PLWz~6NLxW*#1U(M+N%92fNB&w
zkc6~9RS1O$iW1e16qxEuLfVm{P@PIb%y>iOl8|<!t=fbFP(mD;ww(yWI2vs`fpIk2
zb^;^eltz=%XlSJf+c+9+BU`nN1R!_XMgmhmnr~Wlt9Fb4>QtlAjuC~buhGbo5DBWL
zrd^hVLe<plYm?ZjZJ|2T-VY%o8*A?ejAPT@4;aUm(bzH?8(j!OOpZ<ayH@S*05~@7
z?|_j5?e7$fA{OOLX)6az^)*x4%Aru5YNlkv2wp`?N-R@02B62Lo&aW~P-i0#bygv*
z8d@!kRt@DAMytk}YKxB6RIH_JE%O0pT>=<8SYY*zI}2dOIDknDKsC9Sh{?jR6tf@M
z4KOy4-2h_)*$wQ>W&ptS4uCZk`T}E3g}w;5&5r<Z=n8g$aR`ce5sZ^hg|JxjRg+6O
zFx6!28dE+BSv=9C?g675<6J|4S;U77pJ?`pPud3x#V2lLu?nT6xE4``x|NLMTv1R+
zVoE_NHHZ*{0#u#|AqGjxDuIz?LV{07@CgZC$s-&mvh#!lFT;%`sZ9t?I9Lr!hJuX;
zN1!DK7(17t0AqJ4b(d0iDRrlO3nChJmr{4KrC6V4uTRs~#|00Ctl7r}FV@G<1b|ZM
zld39sjVXAI^=aDrxXQ=+#C4x0qmOHMtWQGilTejk(H;t0C{B=U1sFTeXe1epB%_fi
z;em*&ScPMjIYD7fIsi5c02UPhn2-QWF956^fK4TUHHU_qrUR%ZhlgaWu>>HR47GuY
zCTAU(h%wZLfv5pZ7j|ON9Dur|1;c8D(Sl(-hQW9Q*c?`4ya1?>?O;Q~*bb&d49OU)
ziL8o%4H}q@0l+u|u<^x_V-PTfiZ^lf22eYCJYZ@^j|WWcD1taP&um8#05cH)r~yR)
zObs*!?CV&C))2=|#xT-Q_<;>@5hKqEKTt@X6@JK3;HPOEfJo3Huwf>7#36jA0Vw>y
zI}y<UsIS;rtG<TOtYN?@u(gKKtYI{37;>ZVPGXPR2#iB)rYnK3B1h05qaq&(zy|V>
zz{rYxBuyH-b8@2C0vM|+wgATJiY?^*@RP$=?i(2APq78|_8h)q3t*fM<-UQDSNcwD
z`_-w2pV08-xA0D#YTSw+kQw0E_(t(VT=4?{Iad4ttXPGe(F?;DlVhc!fstdy4@fSM
zW5o}^$g$!FU?QT{;y5LaQ{q^;X{099OpK?*xV$4=zdF#o$vdJ@Tx$9hMqpXs5Vade
zW`phI(11}hv>OM;=Gu*OVMhjp0#)1rj51N&0gTlZcW5!ePmW4?Wnh$v;tu3b*tOyg
zU>uy{4q%iCy(Tg&>Qt;|Boif@@lMUeYDO}VOGQdX>`4mB5Mv>;;Y0t7W<m}qA^(+7
zumNCBCZS*hfS61f0WaGr1c!QA4*<plfC&J=cuy!U0bq0O?xA`n4*(T%semF1<7gAg
zsX-sfr?}N*K{-ug0JiD_kd~$nm`xo3S<%!1Gggp|S|(r?3(VXzfc1(Ll?@2MNCQ}}
z05&cFqX}R%0g4T5l)yxq@<3`!J<x*#Qx6;^@?CmIe-2FVIA$cl^p4&gnBGz1NO6%}
zIT&E%OnwF!S(2XtMqc7n&ZJHV0XPPo5CS9DIw4FdY6DOe5mUH^LJ^|_O)5@HDl$WK
zVj@rKh!B7>(-9#svZS*?V4}hqPAW1>DzpNiAaUW*h{??WkXULNhbeD^LQa634ls@(
zwXE2VJ)|U;)Cv{yqz8#T3NqDXiUQ0Mf&gSb)ubL6DWFh2Fhl?*D%>+9wI9Mw3TjA-
z=@?)fX3Fl5fF{$C0OCd6(dLm=R6pxfpQfKowTM;=1)suwI3v<xZUI0<xWpkFDS5Pt
z3RgN5iWpZqU}~UYNsr|?absH@NP*=zQAoMtDn7f5X{^%Yl=N8Jw`3|#)zdBxnB>O|
z4>0k-%^WaMp?kzNJq?dxn_b#tM~vQpsU4#?U>Y;SQDs^2Q>_`Q1Cum)lm$$*7`Ow|
zto3O?4C7HKl6{g2b4R%GB0)&yQg#aml4dlYl#5Bqa{!P(HkO-D%FP3?Z+UxQ>|0JB
z7%66?lk)w^jC3+1oz&?gvc}ZOjC3+1oz#&e-l+%aWJWrvb4t9Ugtd=NY9FiIGk$XF
zwYmV)0HkRdX<9~_mXW66dovq<Mw+H|2nlRzT1J|t<p_l$CQZ|Fq#QRcn{%2n@|aqV
zP$;Psg(ywKwRCnTP1E9pYf);>%{21m)HLm>fl<@6wFV|0q-hyxns(Sou!{<pIAH3X
zD;+RNjLAn_ywdQPZUjb^$;kI)>_QaeA+^<R1DGa5YO75L3N;j|ZANM<HPXV0T)+B}
z+Uf)rg`y?3%}8xCQrnEwHY2soP;Fs`CJz8324LC?V1fWJ9srDK83cZsl>nF~0GJ#&
zs1#Ej_{kSsT5))8LIWUGZMBfHwjKdYFvwL~738W_$Q2AJYhjcfGS|XrQb=GMF=VIN
zPH{6Z;}pO+O)FRcU`+)Jz*t4WLOMpT3P2_lEToY@U~}#tfT=l^0+^c9@8HU@2?#*V
zQ^Le<EF(<pO1{XLn|uLCQ}P8ynvyTF;;e$$$Z8@e65xmuTpW=qXMc*(kuhgS3f0pH
zgV=yp0!&nB9>7G5t{1s=)zrWeiM4FUl{Ss<bcjj1$}u4CuI7?1zO`T#jaC^4B;&<A
zbr_g9qYeYp7^oA-*RzL|hN);et!Ns6Tq~Le#%`5sK!)Bl8^AOUfIa9C0BL*no)JxH
zU0PZPU{uUNk$f;k0x%BXj7<yx))v6J1~BpfMjn7|6?!3Qp$1e{<Ss;os)`hbFsdpt
z8N`&<MnZ$6Ifck)kcjja7(0;O(vbUTKU{-o%7{eCpN_tOk(P8C82gcG12Z`*X2s8C
zLfBnQBabl>#XGZM0CRo-HlF~Z%+nuW6oBjl7}-R&PBqn!h=^ah14YL8sXjYw{Q;(W
z9qNVRm7&3TXlQZO;N>tBiVtchFpZGb2TVPSH-^AiMb(>TCB{e?g`&(vIWP^BDh^B?
zP?3NYiK!o+Eul~YrI+uEG0;?mkDrn&eLXO0lur17saI}KfvH!T3o!M{(<fl+j;jJN
z4XgN59Wb20enK5EPzNSS@dy~0M9PQ*m_$qO156z-{s6}D$QL1dMmFV(fKdSQMZm~}
z(yM*gbl4Q~ezF0!!zZOGq)sT6k5n8BHC7ol5^}6BqXx!)WYoaekB$QSbOs1OBC>5@
z>_7*6Nb7N$6^<yohvc5h=rw>@eXRB-F#zivz(@jE=K#ej);U_Uif#)4V-?*N0H!Kb
zWl*+`0Mvj}3Cx5Fz?vk?iO(o6p}SL9{@GNr07iBs3t(zRS!m_PPn%)@n_B=(D(>l+
zb231Tn<BV{WuR;TOc_8G0~mz?P&NSG0Bn<D00wD54J<A+3|eXc{TUDy3kVGpG25#c
zCYlx=8Ya><@4!q>0A_>$Hf95QXQMPs4a{PInO++pX*?K4A7_B==;I7yb2>L*=GF|b
zIo%U5^-iw>%)E*LQ87Pan5dWo0cNhlfT)-!2WFOSK!s+Zz-+&4K!swLDh4jaH8;wJ
zu|H~>VeF6Qgn?+Pn2R%vHJOVuj5V2y116db0u0kTQ$}E##)PIZp=nHL8WWmE-fgv-
z>Os?(&@}SGtGyFVO=CjS$a6)!lUNyM0FzjG-T+Lq$ymTJvc$bKW=J~7O|)SYId{*7
zsiv6cMj3@-p8I9PsDs=u8%E~2Q8rA(q=P9j&uz246KUySO3Wi%HDS^23{V+pcZP|W
zG?G3Dg_>L5^n{jas<;y~jJ$B~Wf(=rO&2hYh}$f~*b#SIhH*sPZ5bvinvRS{#NC#?
z6HQG=MkAt^!#fRyZVs3x01n5-myw!sdjX@M+5o^`8)p3h*k}Q)0e}e$-oi8)z|`Ar
zeiP6T;5$@E(r_WdC?0qcVr<OQ0GJ?W-R@W#4W0%VU~fDP0A@Z0KiNx@g$jm|Nn9}`
zrZQToUD9G1Ck>bgbJBo`Fcr_PELlz7jx@lUyd7y6Yw~s^Fb#2?M8ms_2z=ClcNYy~
z1KwQ(CJFIoA}}>?m4tZj5QUNuZxsTQgm`BVQIxGe2239S$eFwXFm@!bV5c!wg=?(=
z*5py9VXVpA7%;IEx7f@uP6bnBz&Ocq@yA@gl~Jm^erK3@?B=+bj#~s`n23n?xCIX=
z)FksxJR(3&9?u1UkRmUx!|RH3h6jd`b1tBUk#jDfz$8AT(u_XWQ3Dha@?9#V7<enr
z-kIe9h^Cn3Qfq}&VdOwq#UdmWY6M7B2qV+HBxmnLMWf>-IV%){784<`WqmH$KsZQ*
z{q_d&v;f&-Y-@!S6e2{uBPqmJhUo|CaTkmd(v$sSsUtJ8Ut1y221}L|LT7A905%8!
z>k`0d0hmMpiZzV^V8#G|%_4yD0boM{FixO=qDkEWCeqX$ELqk&fI719!Z4BM*no*9
z#|AZ411_A<W}83&(WKkxSdmmAry81G#8ida2E7+coHAf~N2P-?*gF902*8>HSQP+c
z5WofvV1ouQ1_5leFe0_%h=8d9M+8jmI3i$bz!AaR)UE9zK!pPXP`4KFTA_$>m@rH=
zu#gb%I7|RFumI5t)qsNrrv5l~7_{0^1i;jedJ0Sfqk`g$k~J0I0V7StcRIgBpu@FQ
z-T^<!n0ziU(>(y2Qvgzi+azYOGzz(H;=ogwrGZgs$vFe+&a!fbQPjL>1x%8IkK#Lq
zTX0QkKz9U84H$04HEjwGftXeUh(Ftf0i)vw5D~h1U=*CDS%w;yi2|r1-2)Ct#R=Dh
zxb&gfwn`vO69iCwIs#yn25iu(V7?5%Yy>!dsJ}2)k^4p!wv!hJM)nlj;YgM36x#u#
z+!WgZQ%!o!xMDj1iU`MD){*p15griou3!!rMWpZz7^jf;!O%=oC_PQswjO1+pEsap
zGM0oUndiB9r%C2{u3=(Ulg#s66l#)rSqzvanU}>3Qv*#hFN>j2lYk>I>s>1Z0OhBp
z0T_p@r2#i;D0kjKL3l20S0t&!Un^usiX?$iRI)gJxr7=Ll|n~g95cUTvUd~}cc{Q5
zDp@GMYC@Sr#gi7p)LNqAK{5&@Djp;oCWa&`o`;}NqT*2oFo}xaE*Yi<5*5E)LZP%>
zu_-XhNU<p}%1E&(&W<S~=3dcG<CkXh10^d{YiYKESe+UpSt6ZO5DSc~D2N3{Vsb+Y
zW#bB70jNMc6#x;r4xS1Clj~4`it}Z%$Gkq?NmNYe8>a3gDkk(%C{giZ8!(BA*>}U#
zK%!#W9fcB=)=pp)j{GC`*`{gSXB(g#GV%xti*fcW{-~2MR5MWk(@+3w0ARfW7-ayH
z3T)YY0f5=Nj;;Y{qW~(T8p6PZQI4>4Vp^bd$c^-rYBECzOf}`|MN#22Y@h5YoCZd|
z6ix#pUsQH@2OAZDO%nizqi|X-10F+-DLgn15vHC2E574^`K1AfNJ0vy;aeygh10-T
zQ{lAE<B?u7+2bc!koU%}k<AdM@g2Q4{0`Yu+zt1`DvG;-v8Li~_#_HlaW`BO2dTIl
z9*Tlh+>MJT!X!$?-SAgzuDBZ*JCfrD#*XB%;nFA%1OmpVA}|1o1*^3RDQ~Qs#ON5{
z1KF+OZumgGW2gX(0)a1O11@eTG=~CUeh61<)qolbOvE$>#ozFxER^%azMBlnhXNym
z@}a=Upu%hH$(LCV3a<g!k-}?W9Ie7@U}R9?H83)$@EVwCGEl(=pA(?)8khwt034>m
zYhV;Izd^BgVxHCsjDuDzjYWaPkVrNvilqVAyJBfzl)PeTtPM7HtPNHLYlF1|utEUq
z7Qh4oVC?{mc`P3`b^zlA`3UP4tB4AzL|9COaRRWW2qW`)BYVUG!%k(7z}TDY5g2=;
zJz@!BFS18qWK#C1bqULo8q*%JI*BmN1z7PNhar2!%0(iwM=W3*u<Q{SYswz6s<CrY
zq)}pNGo#efmXi5lEn@|lA24<)^8?1Q$o#O}QF1arEO(TS%n#S6gh_JR_F@fW1DPL|
zLUttc1ICVIe!$p~%nz$2hbZ#{#+oueV5+If)V3GvDm#+-X<fxnawO{m#*r75MrMaQ
z;HpAZ2PPt#b(tMjWfscpusD-3nH?}PCbI)Z#`yUda`@b<0I-K7_bR~5L;%dt062C0
zn9MK{V@M0kOawqQHIe+n429f}0Ejf53@{3ppPgA1^}yW;Fj@+JeHCfaAt08Za>yY7
zGaCjF6)vB^M1{*IFj2A8w$&78bO?w@L`<TSLqMTMYbO$DK!*SzDn+r<A)t^n<q#0i
zkeD0-FiJ@d0T`tuhX9OB=m$H~=34QOj+k+PB4bj3fE=C;5x`~=z^DTlSpYL10HcTq
z$pj2w8h}8_xI&<$Li!8DOTwr*2%Cg)Y<iZzKn%rB<u8D-H~9--?2Y~cQ5JiVzW_!i
z<u4R^A@WjV`U?bLBFrHIE573}<S!7Mk%;^SVl)m|{sI_l%3mOGW9RY<2;4|oegPOs
z%P#;U&+-e1?I<Dn1;logg8Txm5DJro<QEX|v4Q*o;y!jHzW|IK$u9t7NAe2@4LKC~
z1z@ZxzW_`%HEHq-2qM{${DOi={3J*63&6}T0GL_=m?Gl)300xS0}~O=sQdy#P!^H{
z?YlBu=JAsRMHcJ3(NmfnfU?J8szNd>&w^N%Lz8C##&+^7z*JMyqXiw>%*m4d0yFys
zpeVJV12fA5V7IbgU>u_Cm*%HnSw~Ybh0KVNNgWQzC}<l3K(1i>DkN7jTAW6)fs7Uy
zyOhxaV>=lwFto$eFGB+Z=)nMnZvgEKU^Wb(odNV`K<#Xo0c@q(+0M-{)m*8XD^=56
zFy5J)HJ~b{5r(Ozxmm;1z|0Mp-JLLiBs75CT{0jlc6Z6J;ybmo^au)Vk7GboEK6dT
zh}l-hFg1XR05OpnP%{&mVH&!L%rJ3l@sDBRwkSYT2Nc>?*#K15fQVVf#V}E^ZIfYY
zZiyFQmfSL+=4KRzL5&QEie0NPOvKFP873;GAizvP45*47iW{bGO-~FfHc+>wwkR}3
zHK2B8VTP%uEiJ(8B9sBuw2M%NsexT0F-$$!MJU76PDE^bhcdeeWdN&#0SVqbqG6(C
z7oiLj4|WmCFp;#2P{3??GoS`$`i7~dtzB?oQfFr53}a1Z<P2j?X5@fT(#*&iLV@$#
z)iAQz+|)vnmfW>MGL6sug^99dGwdDZz!aWg>ZggkGofdN90Ko~0F%9NR|ZVe#$B0V
ztjPmc<haZs8DM`n)f2`ZaKuE+(z2+c5#fkH7^Q;@FfnN-l5N67Olryd8)z==#5SE(
zq?SB>#XED$21HZpg`k~<=A`k?oU{Q|v3LZS`Dz1trwPN9Ss?~0!0~a_u|kfItBzsh
zC9Vc>d7QXJhdh8aXHL%mN5q_-VH6K@dcfEn^LB=CqIoiF7$-WRiRJ;V6>_2znrNQW
zS|NwPb6UeVN}kgi#);<gV;Grc_77N*TbU_W9u&$Vu>rFoq%;zy)ePfEm{v24BVk$%
z7)Qdinjstsk7*6#NKzUJPiw7^BjN34!$esl;i0V+awI&oHH;%+R?aZ-C%H2@heC~n
zE0STNDNn-{$qLynt#)Zi0MVQcmiaCNY{z_;VH_p%UBEa>=DQ5xD0y^i7)P1WD0zZw
zg&ZaC%Ni!i8YK^Mt&pSSL9SsOCDUbwky~cXfEBsbC>gS%(B=!VkMUvvZovRF!T?AE
zSOWv--GCaHAP^;){u+S78(<Y^fiTuYABIso4X_95oMG&N!3!|;Kov5K?WhX~z|@W@
zR>Rni69&vy2m|b$A%tP<ofC$@P2;0<4deJII$#<f1!9=B)6uR0qX}Rm0w}&S&UCaJ
z$Cvi3g75CF5FgwNunIn-CuW`l@61UcY^1Ps;%XS%fnmL4I|h|_XR!l-s4#K_CSv^F
z6IhX^EfHuX(hTtoBWZ?shLJRLHo$C=G+^@%U=jqd$pPSq7|j``cD6tPvrLQu)wJcx
zFq0<$$Hx;+@Jx{dSWN({0$^33E~YlN9uRPR=3a=IC&oMT2nK|i<p5(3@IS_`5`_kA
zm;fe00Ap8)!gxZH1HdYp9AK=X$w}ZB7+3>Mj<RzI)j6q3%Na(}P!6k!feM(&aVBAM
zQI-ur#56fdsG*RPgUpF>t#pb3V@c^014dfulsLYcFtGx#ins>GD&iWSQWz8XhJrvU
zg~SEhNu_`p*UDztxqxa?rEol8Tq9*+V^CVcfUqJ>aV?dCrIEB$3K&UCrC@#}#tZ}m
z&}<V9pa!;N8^)m|EhaXMLy;=NUe(+JL%g%V(155|U}%`AP-$V=s!62<rkYe*V8xp1
zfl3P>paxW0V4_K-1xC3@Y2hiYcWq$}7}o&CHGt977B-IW4U7r^t7wjZv5MvhA0ZfN
ze0@NmIl?BA?KDTgNLreuy(D&joFkk|m|V1B1Q0RJk@kit<Q&0)k!#J7c6RU!BCR=s
zb0aaCJ$#%A1VHU5L15%e5(I{!AQG_v%mD1q0NNSAhyZMNVE|MNpt%7|fC0$GK(Qu<
zX_#mlFTgAgGa%A7{r`uucY)9JEX#eL_x%p<Hx*e?DhEZ^2i8GZQq#(zvH+7wGBfF9
zlCL>TXDX1?w$QR`8%wbjD?~*tQXpWVEwm7@3bGJ`R0Ko_QVuFYIEa;#S*R>T)a-3t
zf}-yKbzNWPpnLy*d-vD*uJ?N0=WsvwbGo0?8?gkC0R~eiAjmtZ044)WkasFuF~74U
zHk7fRH188wE*r{Xmc)iKOq<pMhFL-4(8e8%@mRlkrFoke!z-ZKm>>yg8Ybo(d$U^1
zS=A07Bs%dIM`6jnH?U!{TLp<kcB@#Vl)(zq040bQ4Nzivr)df-B5Ot>645mk5wqyF
zxo7jmQGtW`1h<%@w9O5(Kt81{;z(?Hi&;aqykWAu1qqNGuoWA}M424;Yeo3fl7+xk
z#3nZ^9<?4Q5+7>CVoA<9_32~Ww52YHj}$xOiX0EB9SEFbTO(o?h>;}k9NCfm7TtFT
zXZQQ=puj$TcTg-o6Q`Rkj)~08RxDnk6&)bQEu~AZZ<eC-)j{5+1pPG!u_TxB^bJBB
zlVuO<nEVlwLR4g)2?(4MPXS=5!nW+itTEf`uvA`O*bsB&^(H(lmDii_Vu>@g*1PXG
zrhL8oF6QdzZ?uRx>$cor$(SuSvAlDg^u|1HsgwR(sF+L0(*v@T?0I@1X0>>FAm+F{
zF@U9^+WZr93hKllX|LXRfVnpLT$M;tOa8sHj$`ugoprG!8Z~%l9Y+_aZ(~E!p?S9*
z7S(vSUCgTSu7H?z>D_i%Y5-%NrHrB&(8A&~`tprI0whyu%DxpSw}>)STU4U8Z(gN6
zc<X&wB|IPDIcoKMM9fKgJ|gBgJQIOMt+t27EJ338YBz3Cp>K4<(*JqKUCg=nj=Pxi
z<Q;dI<@RkkNL1)ucvw{EU3jrXlHS9gmyu(nj0$a_<CylMr4dL9+DnRJuKm8l21_=g
zNPj6*ZV||eWPMPD0;qlf5&@8+03`rO1TP`#cYla_8<+|JU=2l}n1Mv%E&(PPSaMWv
z<F!WpCK3;OutcKW6unC%vU<dn9UzfJ9uJJHS4IS9AC}Oru&{)-GGGavY<TEonKPkX
z#IS^RS-}$89V^VCZ5A<ui-v3#iCH3>MLGxIJo0%v$?VU73e*b%R;fP&D&}zh3@A)%
zaDs%>;+t5)d2oYS4}3c<@0=Cy9k8qsk-T>xW-s15fH_LO@}*$@45+{w_GduFESPr}
z#GF}gGQjdGrRC3n$}OSYxx*|MU!igWNjl}@&w%1TCBmnm;v@c3BJOJQ8Bjc?DE#Fm
zvG`9J97q{t0M8ddS-?px&B&cEfZ~|UWt7erKyh?C1FQ|-OOT^;=Y=sbt2DzipF6Rb
z8H)1-P`spe_+k(1M$x)WTBh=Q%yDLH#L;nbNKje#M@|H;YW@PKm=m(O3v;KEFMx`<
zBKQlSVpgud018WU;$WMjP7Ctc2i~QG`~^@kE7H>(Sjxs<Q4)(R`U0p}WJ%fh3!pfr
zx%lH2VhNxxfQltR3da^WgKv5g8{%SChz)TuE5w_(FdNi>o4>bf<>>0=?OHL{D_icc
z<knlVVhNXSgFgl(kvvNhB%D>|tsLCaUwGF>%sKJ5KgFyh@7lm3WpeK07jjE#QGoA7
z%Q3;C2k)<9c0>W*s)405@K%kO19+=O%<_4whDp2C0Z6HQ(Nlc_pehTfDgX)&NU4B=
z0}_{hDFIw_>6g^K0g23=9lexUEJd~<9d+t4%yGs<gelIfr3jQdATNND1>(iYvO=QN
z0mYfs6M;$rh)+#KVeVYBP$HJdT!nnXbe3NgrO%np#&YLZ+6Vk5TJ-tSS$^&2w#l(l
zr;%Y2rpW1)B^01a3n(*yG6M{~NJKhrO{4&&1}J7gN(ZDoKo(>^T?)8k0g{3Ta9E<&
z#YuTd3hrMR1(Jg6E-Wc%2MC{TsX)T%>t{H6-Umb^cc!q2<kE%3r)PorbSdGi5FkEX
z@-X}Kr%N$~qZfa=RLny7)1_k0gFjs=X7%{frLbtppDq=19{lN2F{kHGmx?((eYzCl
zg36~$VbPpFT`J~6@uy40tO0+sR4j>Wi3An}`o5xAqK+PYL0OK8Eb8=KMmZ)<U1=1H
zVES|^%(W(;E`>$o{&cBWvS)(=mh46G{&Xo`JVfWyrLYu(KV2%8;I8!fbg3L8i%Ww=
z6lIJ>6t!4D?^sI-b3!bsggG25D`siGFy$6dfdR@Npp3Ej;;3VI!|XGLH_Sf0IE+tQ
zgZXqRe{;^3I^Y2Qbg3L2z@ILKB|sV+%RBa&1~<;;GpS>p><>s>m@<Z~B9X9F^3J)%
zWC?SoVe#qy7ds}wop+lvSTl|ziyJVd4M+iiqy(gZeAZMDFRCp0tSR8J7Esd#;=>jX
zERongiMfQeltkUsVe#*#4vT-+R4l3Zv`%1o=RpPYD(|A9^i27zDSz_VMVQZ;ia7`A
zVX()ng_JqWsi(|gP9bH^=SrPI=F2eqWV)$bGF1vVYK8~1D90@+Uo^#Il!IREBg*k9
zb-ha@QI1<)zG%v;C@0foSQ3qLGF!%8OrlXvX3IE6peQFZ<D`=5alU9u!pTjh$1n?$
z>G1*9k0q=3u>co!MiRbSnpeq9rn@*=I)9N2|H+LTd%kFjTXK_`EiC?%o6KxE2Ai1O
zUSL*s8W=3%C2u}QPMj%tXE$@ye9@FM|H)hCs4xf49Q6R}uF9KtuK?#Q;~rlv&8y@s
z^H3ZuYv!S_B&VJzUo;iCWHaT2#eedaDJQ3g5_2+@ri~pQM`uG3QiWAB0X13%SG}hu
z$I;E3F*eNYntC1P2AwaO=F4IFaF|19l@BHz01}^ZH}5=2f=ShY1P9_%M-yNcjs-fW
zlO_XmfHWDH1Ek5YGN;jian~tiAqQqJshWJcGw+hRKkG?=r0&mpiaGVv-h9@RuYM$I
z*DIFt97(!km?cVWfjPN!$BgLlndJOgPvS~){;a2%lS_rlXFX>D$LY^{iaAby))VGo
zJD>Fwb9u!s&1XGvOzHWvp0G&m&w9c<uI00yVh*0gkk}f`i!5};0v(8wQvIPFf$AGz
z`La3z8+vh0GHOt2@(IW%paB<9IRi=+P&h#5C7|FGvx*yt7n{$lf+jMX&#**h^BI;{
zY(7&xBs|qa_8E{^Tyd!^VXnB;88PO4N)HHgaF#~H9FAFFn8Ps{G-EkM;aC?5D4Y3^
zr$8d*L!N*aoB-9%e8^LfaPE@xAx}9boEtiy=S&LDJ1i+U@A;4?0i1V0syo75*5L9x
z;!{RAx)r&bU;=9o8E|2aF#|5lX=lLACp;MjB6{`;nDHifM9)x*qlz>a+XR-xwq!ox
ziCZ$@Pk4%{@PGtM2K)(693y%94Ok>{zmcnHcu97sEs7<b0^ppaQ-C>KItBNLOs_3@
z22+^5XB5qyGR8QYwSa6Mz=f6ZGq=2OOkrjGggF`dU<XKH(QAbzh2)O*Vn_G6OyHe@
z17}!dGVf3s7IRmNwdoW{hQ&<u^Px^&MaXnYO#Yp@tOCQFbcRJ((ut7n2>2Lh{6|!O
zZ;mKaELj?cC0GPcf5);yq;!7=a{;EmgE@;C9og7(7Bh9uhdO5g3zkVA%)v8thB<hC
zQdU{=W!b`^GMvIJSBBH9W$>%<3vin0$yncT9<!_qOC+hP8BTFbatR%s_{(U-6;ZR+
zn-6u$F=-D)O;t@NsqIJ0kP=Q0$U4e?9065TKs^$m-h;&z$p=WKfMf?GCZHAqNJGFd
zfKq@-XeROrZtI)*d{S_q2TK6k;!N`M&XXZn-q|E)=AU;S5nz6omc>eqC8Kv$dTC&Q
zMM?vMS(YO%FYcK*Ko-zo_L&7VSbVx$$cHIs^I=NBmS;Xp33D9-tch$Z!JPMOEAd52
zl~_JZ33y_b4^z(SFLCQ#niXJ?{9#HtI!=F>Qp^ITk->)HET=zAi5GnY5b&-P;PUec
zE;(x139u|ax+RtrJl4Ui&+P25OYIViS<CWDm{-_gkwqs8h{bDVKxC1T$XZv@aUF-L
zbK<Z-BGFk}v4qxHTd{<8GhmG@iqKhG-nlgZN!2|BECG^EYNx+QiT_l~^boKFOSMc#
zfn!va+L?_d*5V?c&e{@-haez|^Sld|$ZW8}5{su_`64CZY;gdQ-G&D&;cR%ol4n~|
zS*+qWiR(lwk$B4vNcP-4!J;^wXqA@~mrk^bB}$!Wg?Y&fNPsjHf00t}EOb^2^F_+p
ze3259Gfg918O&Koj|OwH>DXXS)*qu(I4A3mQNmIWv%$qOrt6{4*zqp)FuPu`q>y^(
zqha#mjAbi~<0IBfrXX1i<=1LS4+^tx(~)vGD*jW+{4q+ROeOQjC}F8&>1$z;A(bpM
z7#x$mRI)T#e~gmQ=>pT`=3|s{j0~w{>3MOqru{KWyrc`v)*B1Bu4I`G!Cc8QD}p7m
zR5E{zlHjRiv2{5(<C68qD0!Fu#vh}Ec}Wy-P4ewnIYz1JZ~QSz9Bu6b@tGPMQyIqy
zks5m}HP#=aBwX^98tacy%FPWwn|!b+H8s{Bqm-A(kQ(ccQOZ$OhoM?=GDZh1CS$aj
z<6?+b0)WaMP;JZ?B?XE(Uz7wqyZ~|ZfWm@en1>M770vubNj_lcu@R6`0hK)<!SY2(
zf!}4RBwv)2W4yRK%oinbbUEjXk}&ro`J$wllnOY7Z2jbmk~l`(DSc5A7IFPWNm#_q
zP?s-CG8K$S8RPOrNjX|1e@u#LV!Zf+17dmSQ7vDT#L-=Jz9=cCZiMwrH6lP2190A%
zX@*(&*ogU}Bwms+e^C<VAri2X8T}nD+NA>ui!2@+`QBT6x<0Z-nq=K|!jh~jA}rzD
zB=bc{roqW(%)We4633($voBwil%s=Z!8Tu%oXr;{1<t#_C`mGjGwm&3l*G}(=WCK2
zu5hiRBUSzYNexI@fa)h8;Q?hDQ0n=bB;abAuSvpOP4hKLn5${NCOOLl+9_l;(SIHT
zH)|Dea;dX0C!mJnuSw>}huaUft>w#Z1kB-5pJCEJU@=pzvw_6#e!sE-08_UGs80u+
z65l}zQ_I9LF?&HCW(8yu1C|8b*kP8|?V8q|(D_XiZb_KoNlagpBzk>K60mx+NC`>S
z^fgJn8u~~iu9-L{hi-YWq#W67lw#jo$-bIEB(_a~#Oy^%STgGB4NC%E?uR7-uk*vy
zbMgJii0P?ErVjk>_bd0(uqf2#E-cA;6%m%?+(uwY&N~6HB<GG2mi!EVlYngiCMrq5
zHZv?L@@^t5nzESyi?I5PB%-^^0a9Y_iCLy`WU;kjmM9$%%s$frE%`3rY(66iM7KU)
zD&}w)ze*^EW<DbcvqWjh`HUoPspDzMumnq0_h%$$^BGBjW6st~J|ihdt0jg6t4a2f
zoTqiOrW7~Dj47@fFCec1YM%go18VC6%1J;t0g4l#IKj|oB2$ycQB@gGRTCs?)iJRI
zP`!YuLJ0Cs#SGK@N04_aOEJH*Bwi?C`k)Dfz;bz^M9h+Sp#-McfdEAd5{Fi_U{ntM
z=9LBpF?vNnHj^L;$XF6{j=gIk=B#RTfkY=>HGw7j-pYWfxe5}A8mL&LRLg{^cN4@*
z3dX$~jv5evh%6&SB%;e+7PIK?@t91hnhG4uU7eVdb5{qmK<>^&9ErDI#jGKZ>M%_a
z1PPEFcvP2TqD&4_8GQJXSL!hYt|;y*VDYZDE)pMV-C{}9x^SDtO;uJ9A1Qn{NG6Kv
z+Xc?I+ohN@>~<;U$UOOFN|}n{!<S<A>BE;|@tHV1KgKbUd44PwFVT(qTijB{KK21i
z0eX5Y<|6RnOR*%EQuQnu$7I<@J3QCrXTO#0MKCeP;T<J0YmZZ9N}GdP0ZYR9h%na>
zb=~+#rM9&r=1T3=GFU3LSIfjKomb1ml0YI(p|VWtC{q_$;tPv-sm(sAN$AuCTR^aA
z!4{BMVoq(=c!67Lvkz>FCDqhs=a*J5e^l{+)5K@k(2L{sDgZvy&ONsmb21ubAZhMC
zwF$GDJZ~3qMe@8ImbULnxmXg7n!H{o$0TZjJ@LjZ+VbQY7HxS}EtW{4EuY$yV<Jh_
z@#-CpQJOn{vE(tj^Q;=jWGcGz%vo*`WvIJEtig|0X-Gb`>BUNZqE^p)#Vnj>x?)b!
zQ(RbTn&+=#u4$gC!W_LPry^FNXQi;H&{IyaBoGyPt|><g8R5K=hg($WsUs{Z^qf&F
zkwk?)wJFC$5*2z}!!b(JNDfIs`_!gbGLTBBK_0g#(i1u{E7B7>)|p)O8Ss=gpo+)1
zr!Faf-<@jbegjbc0r>>v6Oasmr1VaNe)orHY=cRO0H%*Xi35qm-3?4)=3pm~h&`}E
z5{cV9ERneLg(VV?wy;DJc|7#836jv(5G<kHF~btt`hq2Nvf;rw2Ro6+wE#$H7bh&C
z-D$%d+6OyXrHh7quv5$u`Cz9$D5K^MsKEk`g_AvD&bbeE>Yc-J(#G#Jk-||EDM7;N
zV5eBZ>0qZ=!f9H?8ez)L2Rp^=(+4}n;>A&N&cXguT0W_O51IUe1WRf8U?+~QI6l}3
zNoo0Dr<e<wZF`4K`S@Tb?<^fV?tYbm@xe~LivN@d8{GC18B-$Ou*PG`zy~|UoNpiO
zOy|h9mGcxkA*VZ8AWcEUK*;G%9FwQCf}HNe(E|WrEvHSuEV(Bdcu5vB@aONl;~2>^
zuCpU%xiWThg3}^p@P%2U8GLiPlgpSX0-x>_bA4l*N^0=wPJxx;)15F6b2;59mN=tf
zpYFslrR39{urwo|?i6z|`E;k4weQoNuoRFteZ(S*PIrnqW4=5EbBCPMov<_(pY9Y(
zfM~+^s~ESU2{sZGnNI`?EWA$yin-La5)X-5e8yAE-HFe5ia85D<0)qCur1(lsgpkA
z$-89TAKDR1xa8SuR5-eTS&4V(bR9n9saIBj&v=SiRV>lkXJkzcWvw%AkurUT&v+8d
zh8|$`c`1zHJ8EF2u5iqt1Fm_@YQwA>=7eENFK0Xjij0$+3JxeZpx}Ul0}2i(IFR7h
z5nYtT1rm$%oTHvNIx9Kqsk@Z+8M_qb6k?FV9CZv*W(M*JNESdo0SN)fCm<pG*--u#
zmQ<Cant;kB);_;}<MlzgDK}bR;KwgAF8iyXIC+2soLmM-I$OyAsHy>a2S^k^q5z7K
z{#Y|GKrsUn15lEHv;)Y*%y~_~LpP8V+*QC5wU#F2B`J6W&v{K8T@Qhzp!1q?OhPUO
zSQ7GtG3Pb$V$A^Y=_Uw^Pfs5iDI&ak$DG$BoNF6kpFXdN5g5Jryr!6i@Oe!!=fUSS
z#jGBm*Mvn&KCda}Jovn(m?dMCRXOr`O~4ZQye7nTF6T92(VWj~iY0Uu=wq95v;uu>
z6Q(5xflJEAHpP-c)ag|~Il7?z=Vio_p(xjXi9(LnhgT9{t~`vKNg;~&u}$7Z@&1eR
zVv#fY_pwbJJpgkUGr?0DKDNobl!pJ}yjX&#Q2ZC?bw63*a%@u|1?JeMAk1x%)0<{#
zVI0j=-2;?cK-mPOGeG5*W19l|jO7ip&sg5D_;fd(W1IX<xdiaBO)&@Xu}v`t@Ucx@
znYQq0cQB_O+Y;MDJweWE0?sBTi1L65l6THuj%MQM{CQNv9#O=AL<f{fK#~AT29P8<
znkk4ERfrtT1Z<_}Xr@?vc%aPDOgSbJ)#V(`6eLl%YFH9=ZG^?Y^UayeMCp9P^3L{l
z{^I-s$1fdOdY>H4l%sQy-Y0)?o@tnSPQU?Dt}v&ba)mhsJ7qSF>1FSkO~Z!o9Dioh
z2Yf!0-PUNxO(y3vaf^mBW6ockmt!KaDFI8G){w6;;v*XJ`Ao6+kA^Zw&iPE<MMIe*
z=X@rP(GZK0(z->>L^$U&aY}h-BAoM?a<m`}O%9dZc=*U)oX1CULkZeP%A4fEl1_5t
zR-N;i1WRr*ht2s+ImUm=+Y6XDx?$verdVQ5>8B-Ow?@3=%@Suen)8`VtdqCQMsq$>
zj`5kic}){X*X4|JIiHDJ@|GEA&S%QevS!8^^El@-d6m3na+&j)a*Y4vEo~S(+I2Z?
zIOj9*>1?RzsmE%vfEqB>S=nSTjiXyNwK~kLn#vvKR-N;iZ0I|#EC({ODoH@%0MY^D
ztYhX+z=g$&``Db%l$ZFla2W4SC+!C20BJWcN1b-VpzS!lmd&C@e8w1u*=JV57}uqH
zz~aXIhH2CQWccYb;|8}UhW_~Uhz^TSPfFRUP`8ggkT_lUVAiAm;=JA^PFEiO#(d;V
z{*Ej;M@O{HicjsY0<IiDl8ui27w7fPk!4XVrbhnaJS#Zvw*W_(Rta;IY_uw7@74+8
zC5rdaR5`|H1oQX4Ie_8Cw^%65fgDL13e1tDp}?GjG?W}oC3MQ!M^nYrq=5KLaz4$)
z36GSXkEV**r;nzJSuh_>g{9bhG!<rhI7d@qDK;NXg{3fjG!^EtJ4aK+TtZp#$*c}@
z%Gpa>fmuv%yYn}tlN0Z^i&;J&O%=0zX--sFl`kOe0ID8<0su-CP}G2m5>RkzxN15O
zpKgh)5lbW>aXPcG#A)LnmdI@U(?AlyO_z2eg9=EpZo#ygFt=bDj~I<dsRLn-g~k&{
z2d52%IXF!zEWueNQgD`g0?K>Ns|qAw&Z`1mYRh?5m^<~HR~1V*cj`H>Do3e@Q>aP7
znt;WpH35^(fFxv1<h&}5F4UY?g}HLO+st`YhKI-;D+K1KVuiq*w)=~mTE%}dkgXPG
z@)j#wEij9ftrnQ&i4~IGhADsiCmTMsN|eb)_FrHLmTaUqrISj`u9UFI<sK!cRvF;j
zRRS)9bd@mYCtW4X;p`L>gVh6jkBI>rzOx81F|xA2uX-au<2s;DkktlfCniRYu*xx!
zB>OQj(uL*^&*LN6_gMw8_)orlRsqN4EoOv=G}bMgSk}{F)=12VoM&ZNPl35J&Usec
zB5``MoM*++LoJX<A~B=BGR4SfaDEvEO(L;RtKlOBMxU8?36=s&C&>t4y{40d#b=5y
zog~9TqE4O6G67324wrrnrlt-!c$NuZmM=fiNfyI%o|TpPlwuacVezQ}D(6`RF2!_z
zInRn?bQ1Fe<}_n|z!Hgd;=@(=kElLeC1z2x3ZC<<a!jx^!t|^;&&s=GKiwuPNBfZv
zP`3i8;{wzjv797D0a6Vh*#Q+Dpkx6_3k(COL|{ri=UD+S8s$8zSW<A`#@bX;cNYiC
zJNI-fSmm8NJXqej-(&sClBExUS+aB`FiVym1!j@X(^*jJhRcNSK_!6B;Nj@)3cxA&
z1C(;q@)RJ=0}0^41(p;%s=yM9%}l;AW%ao0Vqq<zUFtCFDm@rqp-L8X29E@E&{Lr1
z4OoHc<XD%p{?F4HJl?tK0Ex^^2bKUyF2&{(`uI<IrLTh}SjsD19*)UDijActr{mQa
zmH}NcGJS(ZE1t!{5}CURSYojO%=ffhdgpnC0T$ibl7q#k?K3{P71?bm&Ba6ol35!}
zuq0#)1{NiG_|F0*zY*F-9!!l6h(6rVVbQcshU%Sb?0Gf-VTsaqAYcDVWZsZ~#izH1
zV3s|dKFgvm8jJzOnZ6&ewCVd{&fbyK*z76KWltHf&+I9~;xlo^lFpgy1;F(qmNbX0
zow1nEIdhE{Tgy3f4Rb%3GuL8C$o(KJ3E57|nQOe*>dl#Jy3L52Q3~e#Ww3%-gBi16
zmTWc+EJGJZS*(}Y=*1`Oh%<SZO{?=kI~>#a{PjgK7aU)hkUss*AVE@3<KxQ)dFN8$
zp1xTcUuNT+pmF(ef!*&swZPGt_RNBnYb!8=D$Lr+*vg095;_f&+qaG+4U@0%nR)nS
z;XAoZ!_3w=j)^P{Go$dF&kB;0^rRVoVey%^=s!X&FUe5aVs_E_ZbC##Tg*ZMj!{zD
zVm8xpOz<>9pPVPoG_6cRU{Pn9mQN1KOR|}!l_^Qq@cB*RX<FHK$1w^_)0$1wnoZN<
z@RF63rp4K!Fl)}K#GqhT!0O|;hCIZs09?E=FJQv}&Q+`oj_@Zy>Jht%4xZkd&AKq_
zCVN*L+E0K~Aoft=#ZqRsKPUMSBE7dy^25BPnv?uuktNkB%jVh3$Vq;Dq@Q0%b&BDW
z1O2>9b@G9JF)PIf`eCU~v5jDnHvN27T5wF_>F3jMV<K@(KWa=r9}_7D`iVJpi^-p}
zoVvx#$t?YR&K$7+;(k8MHn8X~bqlM|0n*R=KtEBZiup1m%=5Gy=ofQWn~5hZsi$uF
zY9wA#qN!U8sarXgz$@3S%ur#8D|O2U`V~4+rfw~y+xCHe-lf~l(FIt1rrXZeP!9Aj
z<UoInLQdzqmdBujxeT(b1apmvc?WZhKGjd)blN`E4@;fQ0SGp(JnH#WKkw41<x~VL
zDWp#NRKL8qPUfgYPW9uMI_b5Eoa)CdHO;5`#ax?wsvnk`=2QJ*!*?$89I@c!zN?H+
z_2VTqErw@K^~*5<Tof@pbE=<LscA7hbE;pC5j{1{r~2iXNK(^sG=nWW*R(96!Ccd_
zmIiZ8%UT-Dl_cji*yBqHc}50HnPf!sseaP)ZbMG>i@E0H_y#PI#oEa7LQeJLGhJd<
z8FH#$jw$C<+blL@hmqfil4_enAUH->=@O5n+WJ&KaivQ<mTK!${c@Ccay(xk1?G4@
z;3a?@&xhGQ&hdPhE#e%{r`>tQjXffX1SrpdWCxr=mdkTIpDQ;uPjWn8EMC0)k>mL|
zy1+Ps?>JeUQ)Jn@&+&XQr;xq-9M8wmRz2tPRf;*D59q9{!1;^e#J-i|jKu`Amsm_W
zo=@KqFEJiqPA^siJ5|zkj^_hz4LP1KrW((_m4(lco8$R%bV3<xVa|I7*&NTu%j^>!
z+}2c%=i?adW{D3LS)$!p_r^J%k57-afb*9HKUk7=je;dv8(cY_PZybDWP+sBu}=do
zO@`+%CriZ<L;8T)L5}AOoOd73r=v}rX*fBakE4ap@qA{&u61;aN)}MEfRY6iHK5c1
zr4A_d9M1<_O>;aS=4zVb`7l@09M7kNw}l2cY8PLQ=kv;S7H|Tovo_#;JU^p>8x>P^
z%a_e(nBz))hN*r5jwRJPlX`yl`<2Z?nED?;oiiYV0Z=yts9phy+54|BD<FH;uq0qJ
z0A_V~TRq3~37t3+g<DdN=krF#^9Au?^`?=r;E=58cs@RSTogzo?iFFlp<5m-DMvQX
zwpgxkG5UBuk$BPtBxYN_uw>NL8<qsTSq@7AI&-ez>M(OWUyy|I%F}k1MUq^K-5*23
zqYq93$%s#Rz>;J4$gt$x^L$v+amSoB7Jm0TZBN8tDKRerz!I|$g1{292Ypy#c9#Q7
zery83oK89*R;;a+bU-lYE*%ies?C;0j^|@{M7KVkFJ{I0cs|BRDtD~MEPu25ZRMmT
z=XgFIqeYAqWiKt6v-kFy?e`qd=cb~!*a7>@raDXM_8E&{DLGH;&hdN<A;-*FNNEgE
zCIJZxD3gGq1e8fa+e^+2!R#exhG6mHI!w$;97q5cB}_^M?9*kQzoLWPrGjDbb*QKT
zW=Wz3m?eoCvL3~+N*8cwYIzye2uUyj<q1e0Kz$FO1O)M-D8-NmP|XBXe*_M0-DsR8
z9|DK7Zp0kix?%8*7mq+<e&-QL<Fmv07&T0Niohv&K!HU--|&J(P7fhsi7ax?Mo!=G
z;$6g@jkvylEDOL<FC-!M7L?vXQdm&Cm30tDjU8eZ(5e=5dR8?oDcD4oIbokRK4FR4
z)k-!--X-|4$Z3m;caDY9P<nuT0@NUZ(gRcu6p_8Sl8M=iE16ilI9bL3$KvnM$$U}9
zC@?t!VO9aDhB+LmssMmET25pLvz&+`Mw!Yd5a!?%Z5$nd5)MlM4G^?Vtr*DQkd6UK
z1Spq)vOuXjSo8t2m*@j#pV7yxx?&o5qD;l0me_wP2Fy`Larp4NC=TYhqBw$Cq9~4F
z@fp$89_c}nPO67)k=ilIrF!7#C{sOV)xpx^Bv>i}mC+H?(s`%tvVa`5(G?iJljx*o
zFA*JPFA*IUFB)d?=^P+Qm}>x%ggGPBNks<85m01+(gPG3V%kg6gV{^cgT;#zA`8TV
zA)^3-A)}`eBb<P!1%v}sWdu|iK(PQajs=NDBeht9Yor!SEE=g{s-l7<q?!uTGzL)p
z6U0&V52n1!<`Dz1R|Iji5IHJ<qegl`-Z?U|5J$(Eg9CWc7%H$&iH;qli~!1k%_03#
z+kyN#r<~l2cjpwQoC3-spe&-GM5VeSmUpVk*gR?-0>|Q#6mu*tNiqBMi2{0l7Ytx8
zUI3M2yf_m6#EGKxxdMTu<xh^p(K%%6%`9<fpv7af<^46W1aq;Z#Q06bYCrhUNG3?c
z(PuKuUt91iwHSP8L>9zjbUd4U`@9e~RkW-Q01_=n0I%`k7A^Y}keCJc;+~i@?+ybN
zExW@I^E+$Y<_LCG(n==W3B(SQ{bfaXu}93s<y9WB#F4bzY2c_%LlB>`V#MMzDLZ)^
zC|FuaIa+Z)f}3^YH2_F*=~=&+<MXUvEK#K{x!=LjX;FDps#G4yPvr@7iKKr&w%;3C
z0;-#U0uta8&@@LtZUp2;Kye8WLNN46-o%gvP<nu@Y(b({H4;kznZz))Jwe_{GMKDc
zLEfp(i20o*@pcwVPg)QaST1j1iCGfwT*0*3DL|Wo#GyrS7?n!Dd8IkA7!yK3D~y69
zpamZ>=h)ljV$P}>5hObCZV@cm_sv9@%1)3-RCZ#KQe_8I*$LuBWha(*nhV1svKCTA
zBDz*k#4Nh|XBOhr4G0{}vpg|J>HZmJf!uY8I1;)f2TQ@zwV0{i<0U!p>`E*#CkLKZ
z;TSiyQ;|feE<(&o*K`=7)+LA!brE9m;rx2Kf}85UAU;y~?h{#LRG%ntzTGv7Sp;{D
zVvg*{erLeDNUTbxqIefc%o2GQ36?nBiHbQgccNm6EV|KD6Sru{R~BF?KyM<6xd?pZ
zN-S}uRK1skW3ud<iC!n=C$f4ANz8G0(@4y+dbbFcO6~0)F>B8|J230lJ*9{><P{!R
zDz$fE#F9WNwQnZM(K$`|dGQCg<kbBwEOo*Ct(f!X{#GoZqYU@AI40ljZ(*s;nkqw5
zo4rLMX2tp>h1ZPviAucjA!doa)gfk;c#i`Xm3RX~%qsC-1<bX@HxosiN~)nddEBBV
zZ$QAJChsnYCDEwK+X`}YMpKEsgMeF_fM*)8v>cBZVu>W$@`xeFL=tUz#K19C$7ZHj
z@|d20#WHD4Gf4fqW_t@jEV)Wgpvfg}8cqaxl@{bTbf$Vk&k?Y26hN4h^fEm^QLESB
z#jI8@x5FI0M=KH6G_S0~qCzj5izR`m&<8c-7*Q;om&S363b9ZvNmS^ek9Sd_hd!}L
z85P>(#xc6{&<Bf;6tpMTa!UrHNUd++7DakdS}X!tkuhD_s&LvdR$=beax)SAxZePj
ze?VCUq)R|D0LrS*oauLeh{iUUlnAiMBv9f&B5`*ElbE@g2qa<;tdK<FHV;cAZoIHW
z;?5VANFtAiUXHsZv^4}vXxC|2LR(+3giba*ICI}Hp<N4dGZE=r*MNj}m4i97Zzi(C
z6Ak%hqL?M}%|!j_Y85=7dI>ld?y!V8=f0V!cMiv$62H?LGLBk979^Z*CW<ATZYGK)
zoK}?CUrO2eW}=vV`eve7yf{jZ`P+X=%QqA8;Sn=86UCf>ZzjTAg?%#-lG5_cL@^h#
zZzhT*SjtD6mbj&S{Mlcz`1eo=i~p2}+Ykp2BVCHZN3RLyfipJ~#asrCDRu(q6s@M%
z3Avfb9$Ru9n;<t6aZF}BfrEJf$jwACE6wu&F)J<OfBx<Sj>$j<`TX4p98)(kcIRdy
zdwLNmgD=e5$l#lsiFip7_-3M*Tb<8!h&hwKnFzD(mYa!UmeYTCLd<ez4CmUR_2>Bw
z@6wDs%@IoqZu79DkOJ~qYP_W7aM(_Tmw_FKPxm9anaI185Qo(4Q#TXk=o0mLX*$?c
zNsff+ohRo43-8Ifn1$C21CpA_p{g)<Cme4Ib9r;nD9jRh@qloNF*)bNh<&6V@%=>k
zNa*C;XB%*Ik#Nkw{?mbYPhYQ+XiD4n6XlphBXQ~}yS5G;Ww3D?mef*fy^clb)LLft
z^1>`U;EXf-4Rhw0&xKh&ra!RUPZUVO+&WZnK*0e82NWDoa6rL<1b4O1{X`tyQ0cEE
zeC{U#&PwhlGKbU5Rp1m-wPB7rW+_Zj)6dBZpo{^M1&~ibLICmU`4~N-3Ko!-07(rf
zV}PbCxfBR^)C7`(M=n^R)-sE{Bn3BCuKH<u1tbNRIxLd8@L>t3%`$v?t_CE4%NrJv
z+&#hK(=#_Z>G<^E0E<so`&<fSTmFd-z?!pC@TEY3g<zFAj?M#%v0+w^F9qT=TJohp
zF>8s{RQrswSR4&YLYByv0`c#H&ZR(DH0Mi!VwQF>3iPEwIYx#k(AyC>Mvts+I-RI<
zG3xZ*qr60-Xw^Fwa*SZwxDbnc`n(X#wqY&>!lHOz3KUB&JyOFWXY}t&fq3!QmrH@L
zl!h+_iY2&*>RbwxV`R}yO-@HxFS!&5vz)mU2y;UDTMjUX<HnyF03a0r$}OOB1C&2N
z8Ox<Wfqlm4&80v&+Nal6VeUb5DUh=n3E)eCVvgFE0>vD)F9qsvbgH@MZ#f7Yr}s=S
zPTgDPQXtIP%%wn>8#o|M<Wiu(Ou}LcC}Lp9lu4K*0hA0NNpdMr5HG57xfBT4Kn4<t
z4P;m%u@#U@f%sH0VQM5%*G*VrbfttPQP)PykodGM49h#KCV#Ji$gI*_3gk$Oiz$}^
z#T+2LPc8*wzPnrjOPg|qS=y8<%vrWmCbGE{$RQce+HxsS%<*R;n@fQ>Mni5gxfF<7
zG?d9|E(OXl2}DDgtj3<goN~T1J%w3AnV!OuXf)*IK;nvqGCj?uKpZ_80Mzp&mCQl0
z$(;GjL17jobI@E0#Jd)T1y0-DV=e{amfU1c35$>9CUeUC(FT0Fyfb~wr9j-08!tGD
zIX9U;Vh<)!H;h~g#ETmS5T7ai%oy`W8#4RCaCG2I1Ys5{6G4~*GbK`{80!M@;<}uv
zUoHjWBXv2Gy<7^EV<NG=70VREG*P84XI_^}f%s3}yrc<B-ZHO)C9V`vnzEF|V5)8h
zP$Q)}D|!agIJ(!OR)@J&Q@O+3su^0<+hu6Yiaf-XBP;S^(m^f-3RDvSsRB?<03;j`
zpRPaH%}yun2Ic^1H!ufCyJ66FoZdlaG8~_=gJJd=JD71@x(A%~SiUf4AqFtBRcj#j
zY}V@u;1L~&PaCqi6v#W*RUmOjNxl@Qce3EP@s~Jtf=f*818|OfDNxLLkCB_TeH^1>
zUkVg+WLb~OEFqTynfbe{0Y{lu33HS_BZQYI-e-iwtau;96^qXZ=1YNmFgGQeY^9+v
z3vmuI<iH$B8VbyjaAHik<2YEr5@qovmjd-JK9ig;1#*Nh#pX+aVlFmc3WV80$)!Ls
zSJl|CxfF<Fip`e-VUe0M4-&$c0tGH1Ukc=`V6qptv=ydRmNspL8-LD;F9qU1HP)8`
z#VnuC>A{>6Dy;GhC>B6Q1t28>5(Q8=Kt%~i5!7(ibRa&RJ(g#cI*>SRal;a)EpAvM
zv&BsVNdPxp+KCKPAj!G~(`v%pf@wTrG#;f6ggF)(PaGYbHWcRIG^MZvXMsk+S!oF<
z@3|Bxkbt=q2zZq%mjYq#)PaO^rw)?}fP{0$mrH>-S`$E0uqI#$U`@cJ&s+)w+$eG>
z5au#+x0y?UER99x?11D_pd6ictdR5<{Ho>vYPf)Ufm{j{I0L>YBW8KB%K@`I?rm}@
z5Fg2gFUp9iK!F5HHvFe7aE$!vO<|GCt&G0PT8}Y8m*o;kR|&I*(pAD7E?uQ<9%k$g
zoV9Y8y=Sc)X74dE(h2hG>}Ne3=IqDBV7~9{XFWWZ0$F8D`NhP@S^zz05>57fDFKhk
zw@*llSzR$B@<%Q*q~%f|&nd8&5ilz)W<)Lp;zb=izm_;l(=baMGa{D)@sb+n6YpZq
zc9y2om9r#aiGAW7AE|d)uZAV<6qwJr<0S=_P7-FlrjvvvffQe?2}TE3sLah77Ocwj
zYcSW0%*|mAp1HX#F>d@>yqF&_rxx=AX74dSGN$lroiGKJhSL49n370RiZMTODG)Ew
z36_KdBy@DbSZ%lHgrO<SI`OC037x`B&&og+@uG#S8Z(|r6c%mv2ULk+>bL-PN37&X
zK0xUK3E*U5N)}MEz%YPv4wKNV042CrYFG$L3ho+V3E<@zR)_M=vqV_ldCi3-qrCGJ
z5axGjb1Vp1GWuerm!=0;q%=L4WjW&V;@*`5WH&8$vN&Dt@&e*BamJ9zoh-b#9Ru;=
zJ|%w#gLlbhS{fIwoat<*<xUn}JXQl%PxjIBcQAOD-1<NPEcvs)nD4AuS!UmzVQ_R+
z1FZhELf9~X1~!<b^xYYl?kND?4gp-izB?mFtzZGFUVzo;Q)psI!9yo3vDlW*-5I>-
zl&wJ33$WgOcSbA$bZ8c)jv;qv1W8ACXT;P$<nD|hap@|S*zjE<adTm@F8a{j8N9eB
z0TP*84J-kYt<>W5BwUk80;#^~Npg3FxZKWxh@M)UT`?8~lULnnz^8{YAo}wp2NoGT
z5r8EY_ZM7@NpKrxxjREFwrYTcvsD92o^7UO5t848wh0T1Hoe~iiymyy!cuCwgg^qi
zgdj+iwsJYYnaI3+0*g=YIl(M+mMwF4hWi$7<1BC~>wp62{G`FHT8A9X+>Uhw(abGZ
z2Mfh~c>!?y08|Ws1O!xGTu@NS0)Cf8#av#HW4ySM<?;fK5h4qR+*3$!mqsox;Kii@
zB)E>+;uvv#c>xx2eR%;Eanr-FzUDa7wdl~Hf~RW%9H)<tVwpy29~~9TJNFbiHmGnJ
z!*h8-Or^s5nic8G3u4ZDhGv-6lc8Cs4jsVNj3qcOFA%`XbU;#wb~6>p<psP%yS}^t
zOKvkUVa?9@%ftlc{AFSSOCD^c=kfxUce0t$HkTK0OlfAcg<0xMNpg9Czn9^aL%=Cy
zt&m#_PTiLmu;wFtMyp(2aCOWD28Jzbk-8~001698VSwsApy&Zf04M{wzyP?a<^luE
zRW%nFV6LjUz`!5ya4(k&3^4T~xxgTBa;dj4C!pr&3k=zUb%VsLuzXo4hdEs8G)$!h
zSj<%I7$E%a_bYd;Fts^Ay*A*Ke1SpCg82f2m=)j)3}Q(@7Z}9UssT%@Q`Zn1BtCl$
ziEyr8kR+xH40@GR61zJ=jH6^t7Z~v2QzbwmaqWaf0JlC^Qg-1?*&d)%aWVR+B$3!G
z01~s;(_rdefr#KGXjnvXg@+}FUKGd$1_F4vjn&3)6sjZbyh^cWBLJ4<JUqdYoTsm_
z<j1Siu;j-}3b5p7_?raWtzsjl#B8p>q9X4U!IBa8ys%_M7Z?!C-42laq~fO&Vs>pY
z(+R;GAe|7*LS*?R7Z|vK7Tx*+gP3#T3k+OKOXbc|U#9BJ)UBM@&M^B=Ylc~(wB}r3
z;8I)4DZ2u>z#vEa^aTbkyd@o<4}>}AY2mrRfSY1IUY_{m@}wt~C-M7~@}#lylqZ*`
zJf)01rHmh#n_uL2p^Q&VOf4)-ADEfqkwD{<lau4z;{z9`kAhPR%ac<R^Ct%Q=a~wV
z=R@Puv+U=LAHvVf%<|I0)I6bQ7N_R(+n<~}ikBf-9Cr${<1;5NA;9b;|4!)N`2761
zAEsuej<Q}OH~v-`&bST+GjkJ1mXFR&5@tvkQt&hwEYFThJOy7KKXhpLG=WtUx5??F
z!>5DOGc&`-nW@=Bi--5f+{F^sG0fr}@%=oQpBhX_LbJuW<qK6@C)vW{{PgTzdP{?W
z;vgtBn}5^O{L*ly7pK|B9bb?F78a(C9+){Xn4iP%BH3CvarDU4iREdMSnNm3!Tu#&
zT*q;oQ2d-<#+Mf7rqTFNHOCH>15*d*=BI!|MD5=`#WOR$=hi<o$C-w_SVV^>pHA~O
zJ8}5v`1}#xEnYlDuYO>f$QA_@;`I0oPjaLX2ya-PoLiy*m#1eBPR~x0hclgL5qRiw
zaAt0N@jv;C>(JZDm=~8-5e`f*E>FxYS%AgmVF}4`Zr<;X3uopIlml~fGgC?lOh`TG
z?Hpx#fMPjX4j|fz#i{W!L8atpVPc%R1NvvNOeiqF)cy&1EE5w;^JT(Seq!<fucoH+
zqcWbLyr}S0zezt2=BL?EnxgPbRf6)ee6naK4v){$AOZ_QBIjp(Lha(@Q~wyMbpm_u
z_VO(+)3cLP$L)Dx3Ndjx^>%Vv(M%$TQkj}KlHY};qizHfhvzV{al@C2bYe!ia3fMZ
zTUZ=FIw%u!<1?JTz}wu^{KWKu=^2&i#N5n`8h&t^8h`TXRQBd(mX7)b@E=?kmX`)n
zBPyX(hQ+8yx6_Haqcp1pRKfuQ+Gt?;VmnOITAbeO?9_xFtyuch#d&%VdtRK@<_n>Y
z`3I%%;qt-xxuYiubzh!TD2tcysQBeo)yu!j)bcVhKk<X-^E>4X8~W6vIPlb`2bdX`
zhUVuavwr&*(h|$Wf)qOJ0wxxZFPvC7m(o}~ym0(nuIo-L9i3X9oTi7OTBTBfDzl~e
zd3v}0o?FP&p?N0$d+!b|%{ur0$)P_Or-JW!JA*7x364_Rhtbo1$@@v_zGd&7i2IkJ
zgL>>epUcQKe!#6HF)g2-%JM}^Q*;HxaLZ?=IizT581hURmZ`%O9!eX&K0}OSbT+(L
zkn#=7RMACdR<H<9ODTK8?bSG1$DY%|$tM~iJ>~RZd`7iL?}v4e$0_kChBV{k^udFE
zP|X>P&oejFYu8gf$jL6l-cW85=KM4L%jrM6%pE*Pj?Z)_msDOwv%Dw6GQIdw+JPNU
zCb+z?bRbTP^Hc^N>G3BSANe;F@5J1}qkLxMu$<-&(tRJv(}^i7>csNlIXX06E+3s%
zy`7>tDBI$ELquYnpiJU=;ON4#I)`%?W~QbFWm0@FJ(xOoeu{qZ*wivz#)3w8zgb#z
zPjT+TMKjZr%Z!UW93Edllmk}zfi(5Wv^GYi!oTUG6!G2&1!^b<WJ4S{F}|RI@Dx{P
zdWxO#3ZlXAOdkWr*1_R<)!WIbgX2px3avIpiB8Q(Z~CQ60;iOBM&_yI`EktLNu58_
z&-^rt9Xy=0a`e1s<xCQ49>vk3r}2JpdY-1O`ZGlXrhiaVr`E|W5A$;u^L(sK&Wy|F
z%-r0OB@}yfoGME^Wpa-HHIxpaPp>#Jy`b)I68oS`(vz3TC3H45K5@8A&5$+yOdkXm
z3yIE9rjvS*CimnV;z^C3<kr_oCXJpXrzwv+%14)zIX_x>KcOp%e`+puZt9|A1(l5t
zB!PC<sJ`Q6>iEPI*5TA~N?bpxWkc*^8J&9U&&<hcnL3WL<UXxH1O1zkr3hk`s>9%s
zt{=4yF%4))mctH?OE(9n7E#l|>8Y7XerKlk+N#N+`8n*fJ+n)%?V`$hinv{g(p}j3
zi~x&sHa+y7$|oyCk9#qI^hI_VMl(B!?c*$1oqMv%C@MCB9viqoK(BXjcKO)!{2~Re
zSk(C~6uJie>t{SY?Xf>Qckwt%JN2^9bmBC&aAbP$A2~{&I6`@y=4~$$Dlo27(}&1-
zx}$>(l#|O;Vx-Wps-I<z3y()`J=1&S)$-Ep^l^952bX4MGC2Baj^amtIr{O`t3?XX
zFZ6&BFiv$irECJoU8Bb|_331(?G1{D*b<&s7ph*F27Zb!aXMmtdVuB*O`*WWd7&zT
zaA`5d9ghtCi*j1F;irdTuJtG_l|ys<j|p*zYL8bN1~g;Wn*8=LFikb2?LDYEq-N2r
z%DTY{oSZ=m>K&EXf}WPK{^?&2oJco$c>I{+I7|gPJbmb}hOapci4)~8%alVe>dMuh
zpV5~O9o(7wdDxp%7iSlz51uG~SRRhIL#9c@@Nr>^+CYCYeXu`li9F3>B?V47%F8Up
zQm7!Bb4)AHY=6%TKlRx61TAK(f9YpV*~E4^S)OLt`@}kn+I?8dPqT}2<G86A0Mk^E
z0Z5tWH`QpGKOc;s^x}I{EIl)51p0gZ{h73n5jnT#<xFJ{J)YrshWEX^JDGminI2Ay
zduHz9Q{^~}`gFIG0jZ<BUc@Fm#)HIXt&pGd_49-Jd8~de(9hH%>ws28LECGd`kLYB
z{k*Iw9_IR!OGgJo1;S8O$U>Q3=<khCr$6`I$a(4FH=N-Q=aYQTuN&4hQ`!M_b$Y?`
zK}u{PH3c|I`<%c5!+dHg?Fw>~Ik57vusnC*Lh`YIDpd~`=xsFf-+Q|-f9y;L%+$$Y
zEM!%!+J?C1<jd5vg>vE2%rxzd(f-0E2H}Gz(n;+RH4%BrtCRY2P}S2zOSE1+2((f#
zGk%DF9OXc(LOOI+F}**X(n;>QWI&qnERz{3{`gVj2I)TdWwtgmbx@B77gLk{l)m!R
z<K8PTQp`*rrN5e?abVdA7Rt<QVI(1be)=AJ{dD{&lH#;X|EY$7F=6V`r(=`S+`s9k
z&qzDO{sME$yuvjsZP^~OW^?M1^ykRa+@bSE^?N=)vxhu9>cPD`W7+^`t*iJK-A$Z)
zI;f{p?PF%3oOsrLbes`NQtH8@=h5+nBN~uFN}Zk?BX;;am|Ix(2sY#k3p2}1dQ|Wl
zJn(I!2kRQkK!z9pQbI>3A6Je}O-?Vd9K%SSM{30I$vL3*V(^@9J0GQ(`A3Ituc&Wm
zNe9m8n}<%r9{K1IP5tN`^^ZvBupBjXVN79&#ia7DjR*bEF=|n5mO0Qo)o+M>jizUi
z(}&hQPw6c8m>bC+aoszeB>c%J|6>i@^P2j($L1NPPRiCdJ424CMU`5ar53Wlp()R)
z$38=?saln~mA$nmJ<rp{VF&tgX8H)>a9p7Jv#fRcbDv(ESMF&rg?M&7n4Md`n2~cz
zQxYnQDk&4Bq3Okt$bga{XptdouZNnwq@*i4IX0b18JOe1%)q^z+SSm7DlvR=(G8z7
zG0xaMM_0{1Sr%Dy%*3$FDd@~3^Xr9$i|6Jcv()&*48N=n62Dd+F^%}D-aO`+XeQr!
zl3j*ztVcEZxdHaqG|Q=akZcA<g%bs3JMQ^OS|U$V^D<npFR;IvATwc$+<Ok_jC!rH
zHAT*^I}biRH$O8zSSWcQii>A|5SjI>7@4^;6l)<?bJ#57oP3Ih#ls%*@xV+;<}zl`
zge(=z=*$#Pb6}8~INgJ%YQy)Lw?U@oCOwZHK6*OO^U-P6v9%CCIK=B?(<~~S$iRWa
zfpLsrOxpqKhfa($dz;yFwad&jLTTbhE2Zm}Cl>dKfPU3>u3T&pF0+ueh(WYGU`1$A
zK4sl$)Y3B}8Z!W9by67`vI`58^h=8jntQ7!xX&;RnwllCW!CtxbY?923^P%B4c;F;
z@gGCb^{I`iM`Ws?H7?d5<Q2IlRrgs|WF8km>~@McBg&Hf&tWKQa6Yu>Au9kxm58M;
zCa&Qa%ELIx_rO{kzPlJZ?eOw(H95Q@7agD?9;(}p)G;g=8qt7Ni@|gu6T^x^6CQZ1
zI5i38>Dct#(!#I<Ig`2*!A@rJ8pX2QgYxHD5|~_K6g&CUAJ;AebHf4i?CAxnpO&>L
zjMUR5_3wj=S*6h0j~|Cq;&RavI;Fu}v^2+9<X?yJljeFPm}gc@u|;NvOudWuH|81k
z$EkrVTViF;&(jR4!IS=BHl^pej6FOehO4*AspzNgUd)d~p%OjmFasa1Iq20P7W`S4
z)B^>|f+kOs(_TE3YKHx3K;{eP=8$+)WC$A4y>-qZT^Nutb)(+w*z<JKH3q?+U#4A&
zm;T7{3$f?@tkO{UlcgfEcw#`FnP_XlW{7E_tfr_F(Z&nYr&CfPkFA&asf(7TDJ)tZ
zb|Z>c6U5AvUxvzAfC6@`ob$n-hbsTZrpjYFx6_`7FFok6SfHY!Qu1%uHR*}*LYAu@
z_x6J3WxCAUbfM25KRTZ7bht1YSSZ8cfF5UI0^OtnX@(c`;0(h7C&ljeynu$tS-@8Q
z@bRPxe`@-(pw&t%ojR_qo51-)eC!Y}5TYT9gF><h?kv4+$2+B#sWa#aBB-Gn@U+>e
z{SrM4E1e!S;>%9MlGMNR^h4r@(c;44rNv1`ilQR(kK*I`<SJE&t+l<;eux_BwRe_Y
zX@NDw8QF(YkESddV$iRg)d~1vFaLAYBSudTHAXy&F7#c>3j?j|^Sfwm4Oo3U$aE!j
zT=5oGHT5s6S{hfi-btUP3O1x#ry-JyW-cC|R|l>~)TDlRL5q;4OIjs7-DQFmJ%?iW
znVDem;pAG2{A0zO^57hu9+qWrdY036niejSs0)ayfxt3IC~cv-7U9fRj|62rv9ybm
zlgu_33=Ca*DVODic%;w5yj!;2NZXol=y~;$cm&ybQIlh|(r)YU@nly4r(c(|s_`&E
zG*DR44oi0dO;EiUMiR3Cp4!g>C}*osof?iG+&AQL;iTh2Ts;C|Td4|bF9zF5>s7-B
zi3=-i2bQL1P>~m4_KXC1=9QLy#+TTD$`ChnW#m2GppYxFI^QQ~%i07ZuO}9gvtWcj
z^*prq@D=OO0VtqhlRM%3*m1Z-wMfNH53Bv(lVj<m9;vL1>=(0CcbJOriHd%taw8qF
zkQR%6ur&xT%RoOikMwY=;fT#0)QnkA!-nHWSDKSg+N=<XF|Vh+6*E6m&~#h)m_6b7
zlpfR^g%NR13X<QUGO!-XBBsYoer@+0Vl+}U^4>WQ!_`KfwDYM~*0Pb=KBy%#VAwD7
zl>XH3lvt|1_73SC4iz3|7g$WD?Vi>$?CK3qDzyw0{KZgVqP;l7aDtH9QD!FwMS45N
zziLa`Smz%NmdTnQvghb$IuQmUjdd)}3Ql&qBC6F!SKlSC8F1!BYwCriPMRBi$iiul
zd-Df6i#eQ?d6r(i`VZ1Q`Pak5$)}TxHp7=E2afpIqkDmvVaVh0)6@f9cHBppWGM|T
z0{~JEpq`u6o8by|KvR+&hw!hb{(Dac%aZqzXwE#*wiVrQ*J+84{!pP2q@eYnQnbsd
z;#^vsSw6hDIACiEaU}!}7@L!m^XIA&d(~9T+WUWa7kz87XNez8x#&P$vloDQ{Tm)k
z;K@~Qh}pY`&;c`a@G#Ji_wPY>r9$_k3=%9vL_H_RxicL--t7%0$21@GELK07Bo8r5
znJ3wBL+&KEhP?ZyA2sD6I-7c)JLoOJi`5zMgYk6nVOjC4S}{33u*7_55rR#wpFY!<
z8H{=gQQaIsRrGlrKYCT0CoGda$Kl#Bj!3Nn$&)rUdBV=;cYcm}EvO1F)a2;mDNYM%
z;hp-UqaDY+)9hc?ue>vKe83ZXgdR+>GKzDeALm#PoC(q<=p|G0*`Uz_la!hA^d}dr
z*Q4r9F5t<%iiYOLmEruTEKdy1JO6Q`Lp*PYPY_-Z=L;TpzS-j+FZdyj3TShX=%$t?
zE*x-9NDoKm%krTE=l|e&yghW_2tQNI&L;7t4M_OmsRQ#<7lQ-bSYSLbv4GbjbJG_P
zQm|B(>42s=?iJ*%Iiea7>8Orp8L)a76_yt+oF@5&i>G+GIKA-r^U24O-8gPW1kBqn
zC^!8;x#`K}rkl$19$n5q_X+2Ymh&Ea?kI5diXXf7x}WSn<J#-`tJht7*%i-z_EpzB
zvrm}ET+qM#((5nnUv}+tuD-l~&9&F}fAos}rB`2l?PZr<f5qkJ(%9tX+1Fnu|5rV`
zfBm)B_OHH{=j*SP&tYWpIepDfTzd6Ymk%RNh_ZCer6l#tYp%fknyW6m_VO!8iJ#SL
zue#=X#Cgs&m-nx_=8Q0>V!C$q`m3(J=Gm4ya-1gnWmjJN>?^K0w~SxYf6g`k$2Hg9
za83V;>#iez*IstnbFRCN1aG+Vs;f^*cxHCbEu|`@Je+?I;NJ}Y#0UJV`S<bTor~lI
zR#mC0N0j=aORJW!`j&5MS3F+?Uc@{3yXfWvBc(jPl+kZ4<w_iW>%Jbp;c~y_jt7>}
zOG>%@RSzs%SC{g=uZFLZ9$0QD<tA|RCrjA?SD#zTrua>zd==bUE2VuW{%$ViY;fm=
zrJMt<-BQYvz|EJGvIvg7tdz^at-DIO9^8FxDenMB-crgoxc=J+bQk<xga_B(Q_5lC
zr%E{vmd};43J(6Vl)J&*|5eI8;ObXPxljBbO8Ex3^>3v-^fmZHGsnTzeN|Zn$IhzC
zI=KFTs%(R!-&&O~gKKA3<$GWIz|#Nrs*Hh~53kAqT>I{-+z9SGsw($@tD{x97aV(H
zRUWW``;)8k{ou&qs@w#Y3yB|GnW@U%;%NUJ!edqW2)K5<Dm&m{xhj*dL(a>q@&a)E
znN`^YN3N{O7C3r!RYqQqziW^K+`YCcmxF6RUX?q+{&iJ(GdTJaRryPB<%X)<4{kia
zD%bxC>AkcnH-qcz#4G+X;sw`k#UD6$1@hmG|J$l^4%okwe2Z^X<*DG<uaa+Y2V4i&
zeyu8R1Xtcb{=xFbs(cRI2JZ()-&B={|0?g_T$M$z{5Ijht@l=CSNMMP^lRwvUh)lY
zeyA!}gS#KD%I)Cj9}+LP{xQk}?0=#vUjsM62fTszpR7tB+y*ZI*Z&l~2tQ9e;K&!r
zFSzn0;sZB&bs2dh>0VHmJ~%p7ml@$iU7iYVf>-PP;kw)ej$K%nO|TrP%ZJ6m`}7|C
zDma*-#r-<^I9iucaAm13H-e)-QkOfyjpe$$1Khf-E}sH7uc%A=O~iK{=?JgKAJ~6R
zUG4$LZm7#gz%6h`_}sdDL+(FSmk0b0^a7p(Zu~Uzg4;h|mo0GX7wfVM?%Z6L-kW*<
zOLe&bTz^qr2H@B&b-7abQse`-ZbdF|;||gjzmt6Y2Jvm6AF$kwUcmkv>ar&OCj9ID
zCiw=(?y1Z7zJ+|gi*&%<->u6cxb{BM0n6``4mk4By4)iEG4cuSf^P<Qw(Ih4aQow=
z4{m<4E}sK8{*?H^vO~VX-Tkey_?zV8+*Vlw$9|wy*1?s>waVwf!4q5M;hUs0*DCJ-
zH|ASq7aYBWaBl^l)+(#u;Ky3!9&j7H7hHLEtL%Vd&ux|VZ%NOsayB@4eydD^t81-t
zC%6l~865pt!hvhQ*ed<EA^!_o<tA|ON3AmYcHBSGDz|{6A4M*3<zuaK!SCP?JPhuB
zyj6~atDk6<E5Wf(w#wb$=6%Qkmd~`x1Kt6Cp8S9#|D|2N{7&S3c)Q&6F8Ft~%YES5
zx$ScE@8a)xyWIb7(pzqqhyNbsw9+oe!42?A@k`s~MsVfX?egaL5YJDv%csEI8`|Y-
z;KuXYW#qm1dttkbfg`^}I^gDu+GP_Q+|s6vqL-Jn%Z~7lc3Ip)?pL?V-Qeg(yS!Wc
zO~eZhHjxKheOJ4*-$y#{YnQXZ!H3#q0QNuJF1LUi;GN=sfL!3p9}*56{Ybk!^!IW9
zDER;f;FVzc82JF#z?+31M?P@<Q|<B*@lUtQF4(`XT^{g$_@A}Q47mFl(gR07kAH9l
z+yb}2ZE*9?+vOWz|4Z%i)O*SQ-;)lw4&Dro-QO-7!mkq^?Eeel!JTiAUtzmbz6@@3
zJLPM7-*igv1H`|tQ_cZLzoSzg3ywXqQ)a+&Zl_!huAbK^H-g*$y;JT4cg8xU{Xx<_
z&?$XzXR=eC1g;$Hltpml!cMsr+yd_gw=e3HcL<Mn$~IW8>XfrTMEI*a<z}#~cFLQ<
z{*QOchryL+cgi<}H+IUyKa75!k6hsB&vwdTaN`#`<!bR??3CNVl^1o&y>bUXCHI$h
z%3liC$=4r{?roiNCAj`t(gAmWty6Zvv9}QKA5v~_Cx77TdphOa;O+-HrTh{4{^L%W
z1UEj09)#QEA6);FPWc=-w$mw3{Rrv&MW<X34!+bWw}^kWQ%3%nc<x6(;NTxSWfa^5
z$H29JMo-|zS>19wxc-1HX%TLuTkZu{zO7sC19u<RExX|0JG$keA0^x)x@8hvePp*B
z7w+$t8^K-hX0ZQ+Zutl}`jl?j0oP``<w+kS{<&_M0n4CUo(gV*SA)BYgab#9b<4ZK
z4R9MQ7ZV;_1@8w(j(5w*HsuVCf@43@Er-EP@VM}4$N_FYy^D^BZ<+jngB9cf%Vpj2
zIdJT9@&m3vqg#3(C%)^+54io4-Eu29dQ-P-$^B=$<x}9uFLcY-z`;wq<(yC8@78V^
z14m!mEo<P;Z*<EGK8e2GLU`fZy5(+g^qy|H2ORu1`2qXC(=Fcs$KHt^KZU<{b<1PH
z&EG{Y;K+x%WkviW-Et>5_<Pd%6ZpT7KX9<GDOZA{XEo(UxsNoZd>Z_gri_4V-`bQu
z*ndz{z8@StyD4MfHaGyc9^916!JUUT<$7@N@TS}f_Wx^B?g7^x(UcE^TR+g0)juWP
z^BQadm1k47!I2A^@|WPop{9I8?~gX+q4(iF*OXCkcb@dXvP62|;280P{o_q}quyUa
z{NUJAo3aD0KaKEz#`~3~92Z{Jl-t3vXEx={;MOYsz|HHM^6<}~uNz1Q-2Ta?JQW-~
z7kz+ZKSh4P(VLpG2Clw{^uYeDO}QT|uV_m9v*Zsv8{B<mQ_cam?r6#d;OeWIG6U{_
zPX$NrBLCnTxCRbhi(KI9uQX*79J_~j<^J1E>3t4;{0{Pg{db^u@%IuBxbyo>xfxu0
zKjFdM51~h}d;~pxp8SKy!IeKIAK)%{Be?c4!hwTNH04fk<WDIdaOba^@-=Y%E9B=3
z@V`NSVEMn$H#qtalrOk_Kl%U%|JallfGhvnlnrpJ)hq7?cSe|_{5k&ny)pu>JhE5%
zV1IwFjDlmMy|M~!KDJlZz!uYo2b8b0?)fj8DKWP>r<5(td7fCx`VTX08fX48QL4>}
zvTt>=^j4-yYh$X^n+KWCTv#5kbs<guDE{V4doW*GYxAYrStw=g81Ii4+A;H#r<H1b
zxpcRe@ppM?Z9TJ;-K&UywRA?VEA_~YJU_pbkr#l>ht^+&`-@Ax`m)kly|uJ9Z!OjK
zt)<?*tu(85;Qs2;>EFroU8P=s4e7tGbhck#y6eAMs?A?5tsSuZ8tJ~dbOvuJy^-I<
z?`G-jzLjC%?WFxKo`0|G+kQ`}cHdK4{r8q;_r0aF`aa}*AM%0Q?<>v5?~~5Gr5d}p
zv{u2jdrPzRVbc2};`liJKUwyTG0$56H2Pwmwf2Ql`pmO7zl0*cS~_cgTlVezpQL$z
zY0CdD_4Yp@*VmBcpE2WFRcoxx+@@jP@~u^`FrQj^aJ8>|2j$SOdTWowUjIJkAm?Jo
zpI5ck&#T%y;K=z^8GU@UZ*W1??*CBL-T0xZwfjR=S^MwsCozY3O4ZtWN>yz?rD{gU
zs`lDg)!H0`gJrzxu8db@W4hY6dSO-dFREIDi>hknqN>?AR@LPMbG}QeYW<R`U4Dc(
zpH4c<)xQ2p)!DeTYHwU#b^6aBovYx_s>;~4Rd0uXYpYdn<;TgxbyaWsx~e^TeYJ0e
zc~)U=we>>&y}0VFzJz%dbE@5!BR_Mh^*hMdoz+>JcjEsp!trnYHB~jTQFYc|SGCvg
z=K0rnegn^MsyZWYuG-9%TI+AFx`W@Ws<q#&T3g`CCh`AKRgY{}o$c+a-uOh--u*<?
z>VL9o%BRWG-&EDs-&W1w{;FENzv_<uBhUYvu>VwbcfM9tn_uVo8&$pXZ&hdO-_UQV
zo7JkWwrcGCUR@1(bv=3(bC_?g+iTxkw>H0-dCy4Q+4|PHjGbNYE8kXs)7ZDw?JfR|
zJsAHFuJ>&}q^@=zQkRwg${gd7b+!53b!YT@>URHo>(0ja)$R4~uj{SH5YG?PW&47<
z*?uC4J&Ae7Q|ey-hwI+f57(Ws@%pT-apIk<+aptTYiz3S?M{*Ap}Mtkh;Vat*}AAc
zYiGVL8;iubRQJY?@%{wvPp{7!TdrHH%XPhaSzT=~$J%-Z@jSC`jb2&T>(8pI?PrnR
zHO%#X9AvK5zoD*HZm3&>8+rd+-ZQ@{&#SAk=heNP=hgMvT3xNLp^FzVpZfW_xA6;g
zJ$5tsy_t6}s@vNysxkDD<CeNxUR<{}UQu^;Ur{%kudM5l+tJe<^}b#H?Ys*8yqdh<
z#lP3q^~US!ee18Uo58Qto&Mc*z552@VNSLEuDUz+p1QN~o|-mVw?^KJd>^P=>mR7A
z{s+<DAJo;_AJ%pGC}s80x?cGt?w=z3efaw`-hYO0pCOLVq5sd}?+frRklz2~{TK1~
zCGdaMo$bG_tBt>_TU&o$H@mxaS^rwy-uW8oeVx32y)LW&iobua%b?vVBM)npjfc0&
z<|A93(Q{hu(MQ40Yt@4%wAvd_XtlPV&?<u`x2lyV)2oiPI&0&t?$~6jy*}A$ZB6oS
zy472~u+`qWu+`cHcaOAMqchCkE^75Q=Ues80)Af6>aD$!xzp{f-pU=V_U0X}*3KQw
z-Co^lkKNg7t=`${josDijl8DSY`(TtZNIjK5Upx-qt#jg*T7A18!WGDRsGksT7%cM
zy4$a7)tj$JuDkj7hE^H*vsT&u67hVwRkr@I)vSFD_eZwN>Z98A==ZgI{YSUktB-EC
zHo#r5|KHkW<;iW<1=`hMtle4zH^A*N<{9J69S*hYjp=qNbM0n*zTN3Bw0k3q%n_E_
z`v%9DGhE!Rx0su4UB<lX3iy@nYU|2&Yxl}_XXC1Ncl24r{bTLU<~8l^>W{bUvFqDq
z?K$mw{l<1PcrJ6LpKf=ypVzKeU(hbAzu4~VG9Mef3^`wpoG(XCa2M?VGU?sgu2ybs
z?;Cw(yYz2wf79Uh_F3z<BkS#SxOcSMgFBG_j`qIQSGTLRSGV_V-h~`@wYy`lX;<s7
zA)gz#Z?yN7*SD+w>q+ld;J?x?J9oFM-Mf+V4ef7Qc|-fGjW>{oH;|WKZ&#bYjvn69
zZbmi<v)S%#zqQ>Nd0V?0eH(eYr(KV{v)x{KXS=ojPV)aA^tIKlM&8%%ZoQAZzQ5hx
zd_QsA+iv<FAe|4Aw~w^zosS~pHhJ47Z(#r9?R^`cXxCexZ1)C#LLUDFJ%HuYy!&*!
z8i1qs5$?0?X6^H&|AltF`Gt08^v~PP)}OcQ-JN!K_kXtQmA_~=qkn}QUncBV+MTtp
zAj4PNXZ8P%eEwa#v-0=tdi5U&cYhnBgnWJte_zLqx!!80Q*C!TW#_C8a|-4f5A1Yy
z9@y!Pj&!P(5$0YG>Qp-q>a<4A?zC6V?zGm=?o?Z6cY6H?cRK42hCig!8F^TzyUjds
z`;mlyOsC#Gzf+YT?3A^~cdGTrcY50wbh^7ggxeFD+b|zoc{2YF;Qw%^S)1;##?+}t
zXF6qL(AhW2yl-c*Q}vfRt(B$DH*N55XQ|WKWsP_AM5o=q1iXYWmm>G2q;VB#FgM&;
z?NqzW2}f`2RAbBm$JRR4V2yNc?o_Kc^Zup0XO6deTc_H*t+Q|A4$^xS|L*Lxw(jcG
zn&*wZiSWO{zs*i-uu0s%-D%3(JFU^TciL;<=G!~X`a8+*?~=#&blQXWcG{co?exaB
zI-RZeb-HW!cFOKYJN3q=I_>pO6ZfBXIy?7~?tPuQ{~6@|4D$Rre*U6U27g8Te}g>C
z`^I)Vt<~L5dkfs%#m~QV>XE8j^(*F1J?0}L-FooQZfotK-S#$E9@eeaAJ*-aZ}0Y2
zzrEYt26w)rTaSEax7z(K!t}en4gQr!@ct3qeIt+T?%Uzt$T{6=?0dRrZGI1Pu19sN
z%|{XU_jcQ(-`8yq9^GwkJ-XZM{I_na|NX@I{oSfOrrX<k3}Mdgmi1BmKCWBuFi#wv
z=ytXzz=QldjN1%zpSf;lggN5+#mIUBzna%w*{w&f!tI7`Yv%^ixv|??xv|@0?pBTd
zRJS#DQ@2|A>2ACKJoxjvtVwlC|7VEn=a^f)pj$S7zFW!*yVb}qb?em^b(@u!kjIzd
z{z}r_=+-N5>{hF9?A9A^?^XlmX@mEZ-UqtP<_Eg%^1*Iv^n=}c`xCtTBx!#Nc|Oyv
zHb2vCZ+sT~Y`4Aoxo)-gxo&&p^XU5X`1t~|eSx%hx~;7p+`mZPzu4_=fjeJBhkx1a
zto{}8eu+50)GcdY?p7OLMqhu8+<!w{f72~nUq?RXfII)*t@~B8Z=_~k(r&tg4u)a3
zsmH##X^lOwsaL+GsWvnhd{EOZXE&YEZ);lRAx*XU5ZoTtoVD?=rrv#c(;oZIrnUN=
zO}+D7glFzI=rgZ*L{s%2*|b-`yXkIychg!sr>S<&Y0ldDo~9bv-*m_JGZ%bRQ~HnQ
z-(#4^oZEDmC!(~bvoqRMW6Tv-9@kV`k83(3k8hgQ$2Z;0$2WC(B4MA1`x8myDa~1%
zW5_wq^F&i^Pc&zZO*YkFvT5&5;%};H?@Tq_(SyW)xT!ZUY`Pmqka4D|2ZN@wJs_Qn
zntFAK@ITU2J3rENww{W7PiwlnPitEJrz8K<o7UFT3A5aswYuC?Ys*b<ccp3ff3)eW
z|0wysjQm~J>|4E@yj|YxTfd^|?p)E-BhPHkT6-pPJd?DpYRc-5HD%`pbo;!fJ$OFv
zeg@tCOmkNMXB*l-a=j24Z$XAznzL43Ogb-a%I?dWQeN4#*I(J}E4LxfZA~=_uH4qN
zH^CkF?rlwP?T)6$T(dKHb<-W(*_4sjHD&F8H1+6P@%z@MT7N6L_$~0an$F7GD8IK6
z_H9jj?H=6jAuRLG^6sWrevdSMk2HR->218HX>GrUe7?774c<$7TgY^8Q*V8+sa8Hj
z{D06?8-LK$8-Lg|8-Ij5bIpxEY3iNNH0{yPlI~|ImoJjmUo@@qS5341W#st^y88<5
zUu}B*zipb8ziaCLF5&*EsmK1AeExIO+WP0FUi&w~{adqd_urAP^y;yy*Xp;}Ea>#A
zey3NDj`XVCkzQ;4LA`qQ!M$qiA-#I#yL#P~ey=rnWUpfWS#O=wYx>{Q>u&GI?|%4n
zuRAzGm?ORJ+H9}0b5XA<^Syd^q1S9J_Nwj0Ufn;|s|LqN=c&DF^{KsjaA~hu`_W#t
z^`p2wqu1;_qgSmzv&W(_{8{*UR<FDBEZnc|wMKpnx9f@Xr+fAK&-JR!pX=2tFYI+U
zUqtv9_3F)Adez2@d#%xz@cfcqcl4#;OM9)cb!1!bRXgjw?#Rn}ot2mMx?3;nwRT_D
zYX&dxwbouv{NUIx_o}sD=G`y%>YZDA&BiOp_ieq-`fa`L&TaU;y;pDF-s|@7=r!wi
z^jh0s|5d%#%By-!d3CR~@oN0N8hzbK+IRIjYj^b+Q+nO<nqIT@8qx#DHb`%SJZ|(l
zyFB+_*Q-`u*Xyplo;(-q+5hn0R_j4_S)o7jf0wd%$$y*w+B2^Fl%f28#U199`fu<T
z37^pa@4q|u|0j{`d21<hym2;o^JMVD+FRwn4-feT2gBE<f~!OK&7r^hhVLEd|Hse9
zF#W^7ka%~0K6v=)LtGxZ5Bd6H_{vIfbLhS`lz(F=*UnI`|C_yg53p+f|3^O&A~Zrt
z7t>9tWGY=HlcXdyNlA)HNg_=oC26FaE{qCY&=itOHAtc&iKH+J70HB@RHCa2XQusL
zpYLZszB+UMIDehrS%1vaW4~YP{a$PB*S^fmo)ihkn;MR9Tkyc(+)!VnS(vYDSTBsH
zhT}^P`+b}m8*k7ymfNE17Q8;>z)&|i?3WzoPYUZ*4dWT%_MDLCw2RGqtV@_4?(eja
z8QWs_fAZE?rvDVn+~C=v?~XNJbbHdzv3`nH@3cR@ucF&i!tK%h9_=6XOVq#VpTtJ8
zLq>Jceg)O_3fCj^+b~ba+>p_HyMv?S%lbb4xTCs-(RJP%yJdICq<v9ExSjbnA7j2E
z;eJd%5Zf;^<kFDQtRCORx&MBAox*%cc|Uu~-%>*6|19diH|HD8e9?7C-W*#ey57<4
zt3!Qse?@agkNacYFVX(ZnK#-$dOnDrmy&La^^^C1^n7xxb)xxtg~v^H{?DoMww#a&
zd7lgT@6GFx@I(CdjgGrzxIMZa(HuEporF=bd6Pn>hK%Z5rzh(~b<y+VvCc2`$Go2z
z=WQKB-WKwfkX=GX$Nk1JjyrljKGr(X@hlC`W9eIB=NFwvMsRfd(%@*_ePP|mpGU_L
z=8JAm+8%$sqjjU#gXnc<_c307GFrrDO57KFeM$<M95OXzTFCT}86gw*$M#DO86DSa
z;kY6<4o;8O3kSN+<8K+;BPGn28Zs?pM##*NSs}ASrXGkLPkP8`{j+|JT_@Kc8E%iR
zTSizvBkZ3UGArcLkU1f9L+*}zFucy^{cJ3Mi`HLyjP;xB;QqTRwnyI2*N*O=6f!wv
zYRI&Z=^-;hW`$fDGFpFlSjY4Kll3#g`YDHF>!*fH3z-=*JLJ-kIU#q4Ogs{Q{`GeL
z`}Kb{+<x?A^S`u;9r4n<pDE^VIU#dHCLH~ZO#XGvdz+WHC5225nHn-ZWOV-9kFoyE
zyW+2ZMp!?gaBTj>kVzr)ex!GF-Ta?-=5J{s(?e#4%nli?|8!W#>!0{r{Q3!3$M#4&
zIW~WK$c&I#A+tj+4Ve>icgVz3!tozH%Dm6|g>_ti8S7_+^>?2h+drXLm?va%$dr(&
zA=5%GO^ns&hK$ZXVfVk^{~5n?{;gwsq!f?MlNvHDWJbu$kXa$KLnfRR+b=0(wEl{)
zj^}^nAMxvFg!Pld{wX0-L#Bt!2$>l&E9BCUxgn$V$A@)XztEoe^%Jg%?U7Y7b{^Rw
zmxjy@xjSUSIkCFLkjWuaquay%e`#39^%t^!Mp%D$-p}!mZe_##A(KO<giH;Y7Bc6&
zSpDvh(fJ=f#`^c{<^03@`GlmfZpfsNDIrrsriDxoxin;M$Y}jH!aAOR^?mW{XN2{4
zhy4@EhvNvD95N+jYRI&Zi4|h?$swcl?+EL-{?Fm|sIGr_fA9Ol==;Oy{l@NxV(a++
zE-8Hfll@g}JSSwr*D;57NQmBtMC<1A{YF%m9_C97`zJ^9L>UU5uhD_{>l)3sG|ZP4
z_RomsiSiipO+3bYiQ)UW?67}MG*6VrnD6If%$FACOIR1XUP&QSLq_NEzs~pIzn^b*
zm@j!i;iJ2zhAim*$Ueq=3E}(Gj4)5u|HJuC`19Y7FEz}UmG^s{{B3E--64<OnD@o=
zz3CY9Ee!MJe;zM?%l|xH{+9oFz5FdRI45M@?{JRZ9`)h3Vcy8|gJ<)7dE&LPitM$q
z{db4V|D4}{uaoj+%;_PcdH+1dyuHG_(fjh~yz@Ud_}}wJ$Dj6f?DlBh^A5$Xv&Xyi
z81v?T4)NdSP00IPV*VD*n{teK&uJg4$p5@z{+9oF#r!S*bBy_$*E=hWNAso~W8U;I
zZ_d`(Jn7qFng6-Rf15Y)m)Pymyu*$$Z({iQk=Hjn@AH!RTTaO6`=O&Z=6yLBjwk=~
z=lNUy=PUEKr3Yde%@^$#9mni&9NB!|^bNNkoh<Lmz;JxKi{^d)Fn`PY9bW#HQ!|$N
zpTj)51!skf*1Py{?Ea5jDY#ddH@0)$-%A8%d>yNgGBfY<n)zE+$n22Oeo2{O{cyw5
zyw6qs_m+|Od$<4Ia%aUmd2YN@@;-O@-&<PV=P&<z%l$Ck>Hj^L_uq*fV`rLpRo>6#
z^R|qTng7JLD5JWBR<XLwkiEjs_tu9@2=iqIyWY`7{^d)wPL%&ra`dL?e!1?*zds-L
z3hQU(eV#IZ%gp<HWB!)dIhH9QcjtY+E`Q7a9A^IZpLxUmJv#hc^uWQ`&l?Vf{3~R_
zpRwDI4|!t9lS7^wvRKICA<qsOdlck-b}FnF`RKv?*Ozlbeg3_Xe{(_grJ28fm_PpA
z!~ZN$j`<6!FVFlLVgA^o_<!b&{;Lx67gS$``6m@{{I!_Bp!&wlpB3hheYYAN_5b9R
z%wJG_JLaDq=0Dc`dn5A~RNs^NUoGJH)0w}Z`oYXUzkvBiFn>Yynasbqfa^1r`3tIl
zf%%sfF#kN}FR1<<=3idG{L7iYp!(05|KkGY-@yC@)&Io&Ibr@|J$`pFe?j$sGJkHE
z|5%T&;}6B2N2BMrg6dBX_0i*LTLIVS9Of^mz9RGQF5vpqVE%&Y>oI>qcpW>|^K(<?
zFQ|Uu-?8iYe#kW;w}(9LpV)X($Z8=k4%swh>yYUoM~BP`xgg~7kpJ_H8T+r~@cNm2
zb?kLEJ*0Kn;r87VV|9-I$JfM<r{et2^XG5T>-f}Tyg!&6jw>ba^Y{5%R(Kz<G-Phb
z=>0+d=kN2kXx{x{-pCt+qxTC(i}Sujj@}nWnI7i*U+Y9WhD?rrZySy?J@51W`CI<y
z{_{8Y&;L7s{4F}J)5Gt@qvJR_nD=FLm^U}??+)^}%xPi1C^`T9zbDAwqIs(wW8U3i
z-i*AzCpfz0eMTdHONuh@?+fy`%rKt+cL(`fG;fzMZ{+5|xnbU;#d%*^ro}2;CoS*q
z6!N$HzgNiLa+bw1|L+*`w`kt`jxlevPINy-86AIaI1k^?ADuk!OKx;rd4Jz<bj$mD
zhWsu6?;Y~D{J(d|-=e-s3ggjnO+LnTZF79Fqx(hAcSrGGUoy`*`KY4jkLwDk&!+x{
z0_r~w_0jr$sm}@HCBiW!mx>)v#oz(dr=A-dKi2EbQ0o8dRFD2=TG&5&JsCxPI^*u2
zN&Uc3AD!O=_(|&j*L<v(MST|I?mvtA>`)(jmbN+}VJ`Jn><;@!*LNZHiKXNF#r@x>
z-ti>%|Css)VLZB??w><_<4_;npVn`n{)z(T|DO8PP=7|4I4d}I6%rCQQ@@Sl+0A<U
zsP}jeQh%g?`h+sEBZ<zxSmF4`dm`hmSDgB!P#^VAT5xz)N;sQ(=gVTfGSp{>@u<Jt
zzdZFzLw)r8WPLU29bX;xkNT-D^<Ofc8ysEF2Gs8k<2Qzd(#plIf8L*T9o;UY{$SGo
z{p00I>I;{T)knu0ru|P`Mg4yU!ha-&{iEyKzJU7VP#^m#Mnb}k1=Oc;e7&eo599y-
z)0KpTe$;#Xnan?k`m8V>ouB&;r{3{wjxV!-`rRDQlLgc#REXVw(NE2$7f_!Z>Z5*}
zUqF3IsE_(%aRK!$sb5ZgY8X!n7b+(>y1t)MzdMYd;)M<Vn)-7p#`kklaCCh(Q}47b
z*?(IB^{Jsg_AHq9eu?^=FkU_^lvXMJ@wuP+j4&QOA9{TMQ1AHCuz&RUI_-q`=jYvF
zJbEAJ{w1hSt{gkwqS5gO$8JqXIG6hDFn+A#FHgPe?+*J%{aMTU^W*Pd_it!D1&Lw*
z==nW``s6Skogcd=w4naFP#+y{8uO=8?|d2T-;MgrFdq9fao+p#;OOyi2ldXMTqSlU
z(eXW0Kz$1Jlc`S)<I(kVy&2Ryp2qyMsZS5%dH=-Izi!#oXNUUe{X$M~)c<c&pHMaa
zdbr3k>nTVK`$w-gpB7M`%6glrPYdJG^B>D4Y^C1ubmrexKz#=F2dU2t;}3)<{EV8h
z>y`J<O&#41QJ-5cHXc1cczl0TpIARuUm+A`1xM#!_{8|<tEFN5Sp8O%`kYW7J>Ppg
zXHf6>Zq_@ufcnG+vGa-guOjs=!+7-i*&0W`r-{bX!uajs0h@SvZ2qdzf%5ap)Ml~q
zhG9JAikMFgj(*=0&7T#<D})=8uZq>L4fWCQi=z6Rwz2W(`6fDyD5KvuMfG|AaK_Q0
zuHpDIZixAUutQa@Pc%=IA9s$`NAq1&Kz&ZAkDlM^QJ)*emxKj!yT<0fE4Tsm(Q!nX
z+AaQgnif#siTbOkPYdHwzeMXq*`E3bLVa|8QC*ZbQXkzOWhVRgETBFs)JKoEy9%gZ
z%K1dUM~v>jgj-_QuWvY@rQKt`Joo|T&$%@=eyqpuQ0k-ejPj?jf3*Hs>UV_k==`Gn
zqMS^9bo+m@XYBZ*`(suC^@*WATJNm_>Z^wO==fI`P@l~F(eHDk{Zqqu-am_Rbj!Lu
zcKmt&?BUVvivs4)=o5dwUsInM#-sb|`QT{%T<XKJ|B38SA6=iH3aHOvy&cpaWWN6_
z6#io`^@(@I&aYV*PwE@*{nR^OO27E)lW<b}>zDPZp*}j_==bf>^-2%pmBWsScgN;0
z6?`i5=Z5j<_0#pvq2BS`VgIO~%UXXA=f?!m=Ln+XPYm_Z^ILLo)F0)UKP`-x4fEy(
zR|~F0J<BH~-y45?)e5Lj3H8zSYD#@t7>~}!^;%Hhqk#HU>YXn=>>u^RO$F3vhWhCK
zy1jt<ERJt*0rj(~A6Y<sHperefcmA(|7-#EA5))QKz$DNiwdY;PyI*K=Z5iPeLuUJ
zdhg$)0rCC0rhxin>c62rC5(><3#AQ=&EFt+BlZ95c<ztYM~}x}3aD=x>Z8ZQo&xGq
zsgFKK6z!iD#-s1gJidRJKO@u^4}~8y|8Yg)pKo)*cxxvPK7sm#2V&RbSnqF(P+v9F
zN9W@*XHf5Wa@aq5{Fb3UC5#{I`>FG&PY?CO!a^Aj#?GgHa0Tj9GGgOxJ+R=))LWME
zP;CF``Km7Ulf!s)e(v9x`m6%#FQ+~`)ISv_P8=RPp6KV{S5QBDWNiFc$J2)T>;md<
zpnhqnkNPulRQ&bnLcQ0cYN(I;sYe0z$<*IjKz&N6kIuh;0rjaIe+KpGVLbZ&GK=FG
zO?`G4FBeX{>gd?@iOzQ{^~qtpZgl@X6046M506rx9>(tu^(kXx^(})Rr#{^LpU4;=
ze>_tPsLu@b(e<2FKz$bT&!v7g^Zn<*!hbBJKAZWh|B(8np+0)QWBqFCa|$?~FR5Q2
z>Z9ia=l_oSp9+}&C+c^H`snq_`FB!Z_|e$?8QnkD@2B4JMD{;IeNq^Yetw=t{c$J9
zzaBY%I`t<PP@fU%qx&zB`m8X1te=;br2flLA3gp&zH-#B=XkBJNPTXokKX@VU!D3R
zq5fF?b20VKm-txx{oS~L`lL`Foqy8;>XVtj74<31=kc|n-tpA1fAsU@>kFvQ<all>
zpgxQG-UZZWhx+LL=tup>%;)*^r#>gtN9Sk#0O}pz9rlmzuTj(=WZeD7P=BO=`tj5!
zWXAgISp6KWmpn4|jIg_I>`bG-<4LX;bM*Hj(ep;NFmL3f;G{55G;ieS^IcI!<0)bO
z%#bPdW9ua~jOEghX^mojKAc~)|0_5fFU0TS<+$g`(HX^7_%w{?UKd;cN$S7E8}Vkm
z9sh<8;(zdor^KG0qw_x%N4G~=GmKvnvRTNRL-r0iIAmtXnIY$fd^_YvA-@f|Gi0=X
zG~bbMd(on?<1G=ga>&{tn}+NVGA(4kkPn6&6LNCMSs@pPTov-GkQ+m83AsCD;ZtMB
zb6Us}A(KMZ3fU;+)gjYD-VySikb^^x44D~nR>=7wSA_g5<ToL6Lv9UuAmj<B#f~#E
z<ar@44B0qjYRFqc-XC&w$j3rX3Hd_E?2wB?t_Zm{<hLPz2)QTZUm;IEJ$8J>LY549
zUdSpTYlf^BvU$ihAv=al3wcM#ejy(WIVR*YA?JnsAY@L+??WC6c~-I5ah3^re#qpI
zjY2jLc|*u<A@2^E5pq<>Ng-bdIWOefAy<U_I^+)_4}|<XWRb+!@s$i&F=TScOG922
z^16^|A$y0sFJwl@Cqupxa#_fgA-@Z`HRR!t#m<Nw&$%Hhhm7XGD7aq8Rw28Dye;J2
zA@2`4EaaGwPlbFo<m`|OLw*$UtB^m1JQ%WQ@z`;e3VD9Wi$kV_ygFpZkhg`rE99t<
zlR~~2a&gF2Avc8lHRPU<M?#i7Gj=@HLe>e{IArsXZ9-ljvRlaBAqV0y!81d?9dc>N
zbs>KYxhv%1kf)p#JFas=Rt{M!<YghR3fV5?%^`b+Ob>Z~$cMRoeDIWz&xOnm`F6;U
zLaqt<UC8a+9@Rzr9Sq|MXUERx%#amB)(P1><h3Dh4A~=OpOAw>jtcoi$mc@75%PnO
zYeW7Va(~DZN`yWPStI1-Av=Za7jkgO2_ff%ToQ5x<5B&_aQnWHr<IJYTQOwxdS5*_
z`u?$YaP<9G?%%QfqVW{!uMUphuXe&|)ZZ2yz2Clz@j<v+k=XmIX#ME@R^$xoN8oXI
zB97i4MaT0L<HgR4Uw<m&(RGY+>6q|7^#Ab83Fn_QE_OXqLuQPRIblL9txE~FM;VPr
z_0jF=p)T*=z&v{CQ=f`u<o~xaT0dGhvY9bCtRFIUYRm~whvN&5ZqGf&?a}!E)6Dz#
zJ7ee1{CWST=fB<_&6|0Q@w|Tn^k4T&njX77?|;;GbUZrW=zfXjO%LOd|G#qn-v5!K
z^N$|)(Ru%$n*aZG`1i-p|Ec}(f7*GME){#f)c5GKWI{qYTpm}#RdBW7^TT`>GM<d<
z;Ci?rZXA4Nn7<irh1=my_-5P__rd+~U_1;zf-~_`_*wh{eigrg-@)(WkMZaDYy2Jl
z3IB@!z<=U|b7TD$-G3+H)A8B346cZ);aa!>z6@W9uff;h8}TjpcASpy!w=#ScpRRH
zr{WoSHlBwU;3arDUWM1-4LBEX#k=r6d;}j~I=-Jy!Dj?N7@jZAVf;LNKE4oNj4#2L
z<EwBgz8>F%Z^d`wd+`1EAv_vChM&aG;OFrx_;vg?UW!-X&+u1xBmNO@$G_u)_#b>?
znfQJ>4WETe;|ll!oQ&(^Cb&6njoahSxEt<;`{Dt32p*2d;t6;P&cZL^x%f@I7=M62
z!C&C@_<Q^_-ii0(!}z$e@%?i$PQ)c~Ib0dnz;$pV+!VLOZE;8375Bh*;Jfi4oPkH-
zNAVN*Y5W|18NY@X;`i`J_*48P{ucj$f5E%)0sJ>Up<H}For=%I=LScwcjXzciZ8<T
z@TK?)d^NrnUypCXx8ghTJ@|h75FU*m!%yO8@N@WO{2E?}-@_l_Pw|)dTl@pwhJVBR
z@n5*`dGY;J6c-PU`ll4*Nw^BGiR<FVxEXGRQ}OlqCVVTt6W@dH#}DDr_%Zw>ei}cA
zU&gQDh4?-E5&jf^iND1^;9u}=ydVFC3n$S}xHvuspNG%K7vhWYCAcYWiQD3ixGU~~
z@4$ECK{x}C!jIx7@YDD?{4#zGFU0TRkMO7XOZ+YV0dK><;r;k8T(~^_gp1=+I0;w5
zHE~_s7&pVMa68-y-;8_WKDa*~j32_I@niT&{0x2`zk*-KZ{wx-Bm61;5`T+-z`q1X
zuSdHXKY;(nCsc^<r&IBn!O{HZ;_}p2!8LJR+!!~*Epc1i5qHHs@E!PWJP2ptQTS0j
z2~Wc_@oYQ~FThLia=Z$!!5eTc-imkPz4$Obu3~&Yos1K4Nn8$B#x-yq+z2<tEpc1i
z5qHJiac|rY55z<92s{o?#8dHfJPXgk^YJ3Q46npFcpct^x8Ps#ANWt4P$|BjPQs_-
zvvC<*5m&>>xIS)zo8#8FJ?@OV;a<2e9)O47;dl&w98bp6@hto*egnUQ-^U;0&+*sz
zJNy&=75{<%#0iz@Cww|S8<)lv@C7&-*T+q8bKDxY$DMH+z75}n@5K+`hw&KvIG&83
z#V_Dj@f-LZ{678|e~!P#8}W~LJN_LX#Q)$E&yVk~)9_iiG_HUzz{$8iZi1WR*0??H
zjJx4pxGx@nhv4COES`X;;4J(io{Qhai}45e6P$zB;Z1l8-hubvL%2|t`2Hz^PseBD
zGPokHhHK#lxCw5KTjTb)Gwz0a;k)p?_yPPd9)lmplY^u0XP#mFdHf1~9lwp2;uZKa
z{1x7af5hAI@Ax482cK9qzQ0bxXW`Pg0=@tz<NCM>ZjM{y_P8_dhI`?@cmN)PhvTt$
z0-l1i@QZjZeiJXoAK*{$7kEAX9{-GY;=TAVKJJ3}{y7;Z;*z)=u8eEoI=B&Tid*8g
z!O`QrBja6h59)g}-VYDNL-9yF9#6v4@J##?&c<)yckzdKHC~H1;9R^F@51}=5qx~L
z_<lMCC*qR09IlLO;5xVwZi-vtwzwniihJNY@ZES2&cLJaqxcE@G=2`hj9<eG@q73q
z{3-qte~W*>zu?{Y0R9`FP(8k%PQ_>9b8&fG6<>tw;Y;xq_-cGDz5%D<+wfiZUi<)l
z7>~h^<H>kBo`vV&`FIgthF9Voybf=|TksCN2Oq+PYQ*<X5nK$Hz-4hITpicO4RH!?
zf!p8?xC`!%d*gn1ARdZG;_-MAo`z@O*?1mafS2IqcoklQH{e{n74O3P@DY6ch4KA#
z3O)m$gU`d~;|uY{_!4|Mz6z(}>+wzaR(vPE2j7n$!lUtH_(}W>ejdMqU&n9brFaGY
z41a|;;veyL{5w8~|G_8LjPIw@@L9Mtu7EGV$+$jlf}7*kxIONSyWw8AFCKu0;Nf^I
zo`9#|Ec_y#i{HeH@dx-5{5k#_e}{j<zv4gepE%*7`2INwpN7xErEvv(0ZzvCaT9z6
zz8YVPZ@_8zHhdSp7e9a>#$)i~cru=jXW=<`K3;^E;gvWCufv=07Q6%hjt}C0@QKOs
z{dF2X3zx<f@CEoHTn}H0ufSL1Yw-;@4fn)-aDO})55te(O#Bpn7QcXB#c$wu@O$_p
z{3-qte~W*>zu?{Y0R9UXt`*-;MR9Rl3Mb(zxF)_BUxF{kSK(BAJ-!Lwitoht;QR4I
zcr<<tKZ&Q|nfN7~jo-rW;t%m^ycTc3xp*tyh4<kj`1soK{d5XW#3gY#Tp8EEb#Nox
z6t~1}aYx)WIQsc!H^zJ6zIXs0f`{X=cmke+v+#>}4xWz};bnLw&cW;OCcFjjz<cl^
zT&PZbKNZ2na0y%%SHjhCZQKy2;1;+I?tr`C?zlJZhX>-JcqAT=C*f&$CVmNL<G1j;
z_(QxJuf^Zs&3GIB4e!T);ldZk_ft_^9GAl9;q&o@_+oqsz8qhLQ}OlqCVVTt6W@dH
z#}DCA_)+`>ei}cAU&gQDh4?-E5&jf^iND1^;9u}=d;tHAPpBK;Pp9HD@wvD>u8J?h
z_3)+m3Vb!b7T<u=a8KL^_s4_rF#HJ4#82U8@eBA>{04ppzmGr0pX0Cbclam#EB*uj
zi4*F@_s>cAbbK~0gDc`{xE5}JFT+>jYw&gWMtlpt9jD{_@Pl{+9)~C5sdxsSjpyM7
zcnMyPSK&2y1J1=;@h-d%AHm1hkME~b@EQ0Vd>%d@Ux+Wpm*C6sRk#iAfV<%CxHs;H
z2jU0u2s{o?#8dGMJR8r$3-A*B0saJkf!E{j@y~cC-ir_8;~K>G)5$mym&E08Wn2T-
z!HsZJ+!9}duM3X8f4h<KTNuBc@pOD29)gGCv3LTWg0t|8crJbuFUHI8N}Pk&;Z1l8
z-hubvL--$jV#E0UIt`zNOXCXo0(=p!hcCrf;H&Yq_y(MYZ^L)t{&+ARh9AM1_$mA>
zegVIV-@xzS_wmR0bNn^_4*!II#ed*GaYCc`{y7Psj?cvB;_|pEz6jUDm*Qr)6>f(+
z;hS+!+z0o^gYmH7==pFo<B#Dd@iX{&{0e>@zm1pT75Fp!72b${#M|-j_#plVpLj{E
zzoP4PT5$C5hn<B>;|ll!oQ&(^Cb&6njoahS!O`(|W4ssciwEE#csL$|AIFpNbUX{s
z!SnGVybQ0zId~o3gty=wcn>~=3pI{^eky{C;S#tku7s=O+QHHN-H`DV+yb}39dH-i
z9rwol@IX8ij|`5Ee>~%p@H9LVzl5{#Tlii4AzqEw;&1R~ybb?`_v62C;Y;KDsVFXv
zOW`D31=qxNabw&Jx5DjkCww#RiTmLGcrYG@AHkXUDf}#c0l$jh!0+Jq@yGac{5Ad#
z|Ac?Vf8alHLX-IZISHSR&&FkNMO+Qn!u4?z+#I*Y?Qv(^4fn!*@c=vo565Hi1Uv<2
z;TQ27JRdK@%kWB^gV*6rcnjWv_uxag&}H%cR0J2pC2(0>30KFpaYLMfTi`ah1MY&m
z<K8$O--jQ>Bk(vp5l_W4@N7H}FThLia=Z$!!5eTc-imkOeZkS|`ys{)rO;2f7%qX!
z;!3zWu8kYw6x;&0!5wfH+#UDE{qR6M6pzH?@gzJA&%m?sJiGue!OQU~yasQ;xp*ty
zh4<kj`1q#r{d5XGBRJ~El8l$bm2nMR2RFh^aZB75cf?(B4}1r{8xO)6cocpVKY^dd
z&*7KxYj`1k4}XL|#b4rY@elYHyc-|Df8!G_kME~b@tOEsTpm}!HE~_s7&pVMa68-y
z-;8_WKDa*~jECVza3+2VKZ~Eoui)45+xT6)9IwJ(;Pv=>{4?H(_u|9&xMuPFbTUrF
zC2=`i8P~vda3kClx5RC6N8A<nz<1!g@gSUmN8v~D6ZmQT9DW(Uh8N=Z@JIMl{3ZSt
z|A2qNyYT`1H$LHt_<lMSpNY@K<#APf5w3?X#aG~~@wNB{oQ7}1cLhhU-}f^90Dc&c
z!H?s~csibi=ivEx5nhH@;vBpVZ^B#f4!j2+!iAd0_fHXA441%VaV1<G*TxNT3T}bh
z;10M8PQ$n1yYRjE0sJr?gCEC}@pL>3&%yKYBD@T*#5s5!-h_X`zv4gepE%*l_<lM8
z7sZMAY+MFc#MN*u+yGyOuf(l!d)yg!!@Y1{JOB^D!|_-=0Z+kM_(ePy&&P}K`*;QZ
z41a|;;vexZcsD+P|Hdb@i0`*k@tOEsTpm}&HE~_s7&pVMa68-y-;8_WKDa*~jECVz
za3+2VKZ~Eoui)45+juEnfj`4v;f?r5ydD3J58{9D2`%X-d?r2@m&aA{MYtZm6kma_
z#@FH-a2mc1--YkR58#LK82mV%jHlyScn+SA7vW|2WBfV(8h?j>!oT7_@Siy0s`&mn
z37?M7#$|9tTn#7V`nU;hj$7mQxHImCd*Qx#03L#e<FR-Go`SRRi+C=66EDW^;}!Tb
z{3ZSt|A2qNyYT`1H!j>NzQ2m%;<yw}!c}lhTo*US&2TH+4tK&g<DR$=?vDrKVfYc8
ziJ!vH;ur9%_znCHejk5~KgVC=@9<CfSNsS56DM39-#;he)A8B346cZ);aa!>z6@W9
zuff;h8}TjpcASpy!w=#ScpRRHr{WoSHlBwU;3arDUWM1-4LBEX#k=r6d;}lgI=-Jy
z!Drxe@Ok)rd?CIVUxF{kSK(BAJ-!Lwitoht;QR4Icr<<tKZ&2g&*N9{>-cTF6tBRa
z;ji#U{3G6uf5!*$KlsFJ;``||d=@T^E8q)oGOmxC;O4kBZjU?TZnzijiwEE#csL%5
zC*UbK3%`ix;y3YP`~m(1e}UKI@A1!gC*F$><Kx=I_s_{V5tqc}aAjNr*TIc&Q`{1_
z#T{{1+ymc%@5Y001|EeU#ZTa;@pE`Ko`)CUC3rbrh1cNq_<Q^_-ii0(L%2}e_<kya
zi{TQuEUtvB<J!0(PQfj38{7eR!QF9h+z$`LL-9yF9#6v4@J##?&c<)yckzdKHC~Iq
z!JF|m{2Shn|H6e+<NK*7E{;p#BwPj8#C7o{_;P#|PQ};boA9mpPJ9o(A3uag<Hzt5
z_-Q;dIQo6zON?jZxA438L%bTV#oyq~cpLr=@5g`P!tLlMTpX9eNw^BGiR<FVxEXGR
z+u=_5X516^!Ts_5_#r$BKZ>8gPvhtC%lI|C5Wk0)<4^Dxcpct^x8NOk4?ctoT^rv|
zMQ|}(0++>=aCKZ8H^eEp1#W{o;4Zj3?v4B5fp{n$iO1tfcp9FGUkZ+%ud*3`3%`p$
z#H;aI{0-iWx8dLLe*70M+&;daisIt96i&iba7|nnH^$9yE8Gru!Z+idxDW1+2jgM*
z5uAyi!q4It@T>R@{0@E}e~drJU*qraPxx2-2mTW$To>OzC*jla*|-d@h^ygRxB+g0
zo8#8FJ?@OV;a<2e9)O47;dm^bfT!Rr{34!<-^7dY2lx~G1zwLg;VpOv-h&U}LLK7!
zsR%BHOW-oNBCdvO;Rg6Jd?jv;+vCo-8}5bs;sJOF9*)Q233v+5!Y|^v_)WYRe}F&1
zU*Prld;BxriTC2exKKy>2^Yg9a9LalSI4z+Lwp&&5?_O_!#Cnv@a;Gq--jQ>Bk(vp
z5l_W4@a*8|{n9+f7vLp$IbMa=;0-tzZ^gUtK70fpe|>yEor2H6=iu}3`M3tIgB#(d
zxFv3jJL0am2kwpg;emK49*M`}Nq8EbiC@Cm_$~Y{{t&OmYw<UDGv0=O!~5}HxNxWV
zekzKK<5D;YpN}uZ7voFt<@hR`im%5v;al;Y_#Qk6XW&uzQTzmc8b60$#;@Up_&xj)
z{uF<Szr{b`U+`{x0RN3oxFNouPQ_>9b8&fG71zXdabw&Jx5DjkCww#RiTmLGcrYG@
zAHkXUDf}#c0l$jh!0+Jq@yGac{5Ad#|Ac?Vf8Yc7Z+t>$`U#(j&&B0&6<ib7#f@<@
zd=*Z`*W;V;t@uuS556Bigh%7Y@RRr%{Csfqe(4p)U&9OWd+h%a<DcR$@wfN~{0rWV
z58%J?2{+PD_)L5*E|06?i*P-BDZT<<jjzQw;52+2z6;-r9|(@_?}r&5gCEC}@pL>3
z&%yKYBD^d(I=+>R=P<sG@lALO-hubvL%2|v`2Hz^i{TQuEUtvB<J!0(PQfj38{7eR
z!QF9h+z$`LL-9yF9#6v4@J##?&c<)yckzdKHC~Iq!JF|m{2Shn|H6g4#`jZETs%1H
z|5A)6;VQT$u8SMvX1En@hdbe$aZlU__s4_rFgyxBil4ww<LB_p_%-|%eiwg;SL3yK
z1J1=;@h-d%AHm1p6yHy$;4|<!_&j_*z7SuGFTpAJN_-7&k2~XTxEJn=2jC%iI39~9
z;3+r@zli7JH}PWp0saJkf!E{j@y~cC-ir_8<8F@cr;~9aE{V(G%D4uujT_<=+yb}3
z9dH-i9rwol@IX8ikHq8gBs>kz#4q7&{1$!}e~4G(wfGyn8E?bC;r;k8TsSShpNit*
zxD-ypRd7vQ7dOVua4XyncfvR0p12S0j|byn_z|3mpTf`L7x1h24g3y%AAgKL$6w>`
z@K5+x{0IIMCv=PNpOf(E_-tGTm&a9bO?)xF1YeG?!m0Rrd=tJE--++R_v44~X#5y{
z5<i2V$FJbm@mu&^{2^YA*Wz#RX1o>e!u#+MeEco({dF=<#3gY#Tp8EEb#Nox6t~1}
zaYx)0_rQ1HyYV2Lfk)v-@e}xI{2YE6zlIm$_wYyfQ~V|V7XN^M!MpJR{5L+Kdwf5g
ziqFL7;_|pEz6jUDm*OjME8Gru!Z+idxDW1+2jgM*5uAyi!cXJp@Jl!wFThLia=Z$!
z!5eTc-imkOefS7IzDImNor2H6=iu}3`S?P7F}?&}j<3S0_<Gz0--2()eenQ11P{k!
z@dP{tXW<v|T>K_pj6cAi;4koc{5}2|@5FoYVSL=J@%?l%PQ)c~Ib0dnz;$pV+%!1)
zc~?uu+v1M6EAD~sz<1+8I0KKukK!lr)A%|3GJXv&#P8vc@TYh!{swQx+wgCAKmH3B
z?it@tMR9Rl3Mb(zxF)WP8{=lU6>f(+;hS+!+z0o^gYhu@2+qV$;b-v+_*MJ{eh0sg
zKgOTqukm;IC;Th^1OJH=Zj0}qlkn;IY+MFc#MN*zu8*7G=D0O(k2~XTxEJn=2jC%i
zI39~9;3+r@zli7JH}PWp0sbU7dOpu#d>!6|x8NOk4?cto^@{JOBDfeXfy?4bxH_(l
z8{!n)0=K~(a2MPi_s0G3Ks*$W#N+WKJPpspFX3$b7Je6hh*#sa_#3<#Z^OUg{rE3j
z`1bgIDvFEaQaA}$!8LJR+!!~*t#CWs3Ezx+;y$=P9*l?KM{p*73O|cqz^~#rf}`h`
zw;5lGSK!a^S9l}-5pT!8<AcG`@%_X2iM?a}6pf!2{Gb1y7%q(~;0tgvu8*7G=E2eN
zv}U|L?u@(PUbrtFfQR6R@fiF#o{XpCS$Gbfj~C%(cqPuk>+mML1@FLn@F862j`-)J
zBDfeXfy?4bxH_(l8{!n)0=K~(a2MPi-;UGqefU8<0*}KJ@l-qm&&Koc0=xt-$E)xf
zyaDIpt#}vShmYXn?~L!KQ}7x19DE)=A76+s#+TsB@l`k#UypCXx8ghTJ;BlQ-~Eg~
zgh%7Y@RRr%{5*aIzmDI=OYsW)8U6}y#6RNg_;-8||ASBL6W>p#;j?gQTmfHzlW~3A
z1UJX6aeLeucf-AKUpxR0!Nc)bJONL^S@=af7r%)Y;}7sB_zS!qe~*90JMmt87$0|6
zeE*z`6LCpg4p+uCa2?zTH^nV+Tig+M#XayH_-;H1XW&uzQTzmc8b60$#;@Up_&xj)
z{uF<Szr{b`U+`{x0RN3o=o{Zpr{Xh%qv!u~8845k;)`%Sd?~&HUyZNDH{djU8@>zQ
ziyy!b<1zSgJQ+{Nv+x`|A1}ho@JgJ6*Wpcg3*LeE;6u1jdVK#B!NqV1TozZt)p2dy
z5U1c4xDD=ryWsA)H|~cA;-PpX9*-yCX?P}n31{QC@Vod!yc(~?-{8%78~zRN$A96%
z{o?znC@zjm;UruI*Ti*kW84h4!tHP;d^7He`{4d~Fdl{<!I}6e{49O}zlz_$@8I|G
z$M|#nHU19&gnz|<;6HJ~-SPc%5<VTDjmzMQxEij78{o_EmG~Nb9ljCYf^Wy^!O`pW
zefUA@M=(APPo#b-o<aR=#^>P$cnMw}93B5k#&hsGya{i?JMbQS2p761zMqQVV)$%a
z23N$@a4p;bUxu&5*Wl}LXWR|<!hP`oJOmHNWAOw$1!o0E_y3EG&&6-z#dsNBiF5Ee
zya{i?JMbQS2p8&4KjG8y*|-d@h^ygRxB<QlUx}~5*WnxSE%<hvj_<=m@Nhg9Pry^~
zbUX{s!SnGVybQ0zId~o3gty=wcn>~=3*AdU;bOQ1E{iMS>bN#;h*R*D_?qD8@qHcR
zH{x6H?KmCZhabcv@HjjXPsKCvY&;Jy2#(Ho3FFHdU&Z(uyaDIpt#}vShmYXn2gLW&
zDfkS0PH=R7=P`ahz7Su`{+Hm(@m1`fiaX-2xCg!i-;D?13_J=yil4ww<LB_p_%*x`
zzl%S_tMMAV0q5eaco*J>j|4~kaQuDr6Fvi%#N}{hTm#p^jc`-k61T-2gQN55ihEFh
z2jh3+LDXm9QFuI_gs0(|_$53KFThLia=a4f;B|Nt-hy}FJ@^nVG%&uOir`}SY+MFc
z#MN*u+yGyOuf*5j>u_h>4fn!*@c=vo565Hi1Uv<2;TQ2-JRdK@%kWB^gTKb#;h*rY
z_z(OiP8by5PbUROkN49VKO2|974QW(8P~^6aC6)mx5u4vH+&nu3*U<$zz^dw_;EZL
zPscCdSMeM89sEB27=Mnx#^2!|@pk+>K8XLpC*B|5U#H=-aA{ltUx1TwecS{$$E|UD
z+!=Sny>MSV01v^#@mM?oPr+IEMLZY3i5KG!@F(~Sybf=|TksCN2Oq+P2FLeL5nK$P
zjmzMQxEij78{o@ubKDxY$DMIE+za=`_u>ce!*~pS98bp6@hm(C&&P}KGQ1M!;B|Nt
z-hy}FJ@^nV^Z@;Yi{TQuEUtvB<J!0(PQfj38{7eR!QF9h+z$`LL-9yF9#6v4@J##?
z&c<)yckzdKHC~Iq!JF|m{2Shn|H6fb#P?HCTpX9eNw^BGiR<FVxEXGR+u=_5X516^
z!Ts@IJPbdAGx1aSS^NTiH8^^|`Ud0g;P>&z_;dUf-iUw1+wt%CApQrR_+YG`qVqX5
zIQsnenfP2>9#_Q|;d=N|d<DK5UyE<RY4|pL7rqxifFH(V@Z)$go{neXIe0!^gqPu!
zI0vu8oA4IABRJ}ZJ&Yg1g@(pI9~HsHf}{CLFkY7NN{m;>wQ)n75*)49g7G%E1MY&m
z<KDO*9*BqH5qKP)fG6YWcov?6-@xzSrFaGY41a|;;veyL{5w8~|G_6_#P`=}_$*u+
zSHKtGWLzIN!Od}N+#Ywv-Ec457Z1Qg@Nhg9Pry@f7Jd=W#c$%p_yhb2{sOPZ-{YV0
zPP`W%#>YJr-#;hgL|hV=!<BIjTn9J8O>s-y7I(y5aCh7r_rnA6P&^Wk$CL0hJQKf!
zv+-N_UHl<ljo0FD@MgRX|AzPDzi{DU@%>a37ssV=60U-4;<~soZiZXocDNJ18TZ6}
zaDO})55te(O#Bpn7QcXB#c$wu@cZ~<{5k#_e}{j<zv4gepE%*+`2INwpN`MQWpG7Y
z4cEdA@MZW)d=0)1--vI)x8rntAAS&zz~k^lJQdFfj@}Q>Vtfvsj~C%(cqPuk>+mN0
z6aE$df&at_!|5k{IzAhh#ue}dI2qT+O>lGE8n?%taW~ux_r(M75Ih`@#S`!poP}S+
zbMc#aG5!F5g1^A)gQI@_p7EdYPP`W%#)U@2_frvE441%VaV1<G*TxO-W%x>bO>lHQ
zu4DX0d<(uEr{nwZgLniUhabn2@pL>3&%yKYBD@T*#Gm7@@pt$q{44$g|A`Yu#`n{S
z_%wVLE{!YT3ve>7kDK7;xHWE%JL7J+7w&`m<H2|segtRYr|`4*1^fzr9lwp2;uZKa
z{1x7af55-s-S`0h8=o*LzQ0bzXX0~ld0Z7=6dXOj)M304Zi-v7e_O^o;;y&{z60Nl
z2jQW3Bp#0^;c0j#ehFvexA438L%bTV#oyq~cpLr=@5g`P!lUE+sVFXvOW`D31=kFY
z`l&ACjd3&F3b(_Z@J;wud?&sK-;W={qw!<-N&F0c9>0QL$8Y1Mcm@6pe}y;VAMtkl
zJ3fg2!6!Zv-%qFEvv6r#0bhWVaeaI#z5-v3uf;duG<+Mr3*U<$zz^dw_;EZLPsg+H
z96TQ{3XUF+%NSpYbMQL632(tW@E&{!7a9}aKSgjcTmqNHm2mao==^Il-VmqY7Pt-W
zfV<%CxHs;H2jZc4Bp#0^;c0j#ehFvexA438L%bTV#oyq~cpLr=@5g`P!eit6sVFXv
zOX704GOiIE^-~?j8{ww7C2os5;;y&{z60Nl2jL7n5|77|@H9LVzl5{#Tln4J=z4z0
z_-ecse}gyUZTL65AOD35kE5S(A})!`1xM#sneiI94sL{-;+D8A?ufhM9{3J?Hy(sD
z@F@H!egZ#@pTo29JiGue!OQU~yaunw-{YV0PP`W%#>b71@28V-A})!`;!3zWu8kYw
z6x;&0!5wfH+#UDE{qR6M6pzH?@gzJA&%`g`Z2T5pj6cAi;4koc{5}2|@4$QTAzbLu
z_<kyai{TQuEUtvB<65`@z6@W9uff;h8}TjpcASpy!w=#ScpRRHrv^vQ-!mAWjpyM7
zcnMyPSK&2y1J1=;gQMf!#rQtPkKp4Ui|?mXf}{D)VEi0>9zLJ_FJ$~;d<njs{jXv?
z6<<&NO^n})@5J}8|NZzOJevI<!%yO8@bmZ;{5pOcFU2eHXZS0;5&wv{<KOW?{7-Py
zFDGWk_tR<kEL<8_2#)5v04GylA2-3xackTjcgEdtFWeUoz(eqGJQh#DQ*ai35zobM
z;>Gv_{7G<h{c{*!hd1FZcn98t58*<O$M;VWTnv}MWpO239oNPU@n!f*d=0)1--vI)
zx8rntAAS&zz~k^lJQdHtv++E<058GI@hZFqZ@{^DE8d0o;UoCC3Gw}OGET%LaXDNW
z*T8jfBit0X#BFg$+!go0ci_A6Ae@0m;YaZk_-Xtcei^@p7vlHuNBC3xCH@xwfPcZe
z@d5ldK4D^fKb?xt#OLDjxN30pd|Q+8y0|g*%@}Wm+u=_5X516^!Ts@IJPbdAGx1aS
z+2H7UJkR(m_;vg?UW!-X&+u1xBmNO@$G_u)_#b@Yr1*Y14WETe;|ll!oQ&(^Cb&6n
zjoahSxEt<;`{Dt32p*2d;t6;P&cZL^xp+QagqPu!I0vu8oA4IA1Mk6yaG@vS`=<yl
zhD+eGxFW8GYvBg?GJGYz249D7#JAwvaXP*aKZr-*ad;x0if7>2cphGWm*C}i6<&ik
z;9R^F@51}=k>Ke0_V_2``{@*X20jO$htJ0s;*0Sm_;P#|PQ};boA9mpPJB;rbUp58
z{2@FVKZc*g&*0~SqxD{4{B`^`UdsL}@MqM2#rQ_Xf5hAI@Ax482cP&<d_SFr&%&jH
zqw7(D@e6P=u8*7G=D0O(k2~XTxEJn=2jC&W(fJK$d@P=Tr{FC7BAy!@t@kG5i}45e
z6Z{2UkH5!1<DGbKaCCf!89#1veE*z`6LCpg4p+uCaBbWWr{EU24Q`Kbz&GLUxHs;H
z2jZc4Bp#0^;i-5Ao{i_>1$YTwj#uF|cmvMGTk$Tu4<EtDO`*SVF?=>IgDc`{xE8LD
zo8acSHExeP<8HVY?u!TD2k^sq41OF>#?$dEJO|Imi|{hM66fG`coW`&f5m^`KXJm;
z_<lMGpN`MQWpG7Y4cEdA@MZW)+#0vXopCqZ3-`qX@DMy4kHr)46r6=$#B=eRcrpF}
ze}ccj>+$#aXS@^d#fR~6)8hN-WLylFz-4hITpicO4RH!?f!p8?xC`!%d*goiKKvja
zfyd#Acq*QOXXANz0bYWa<5hSK-hgxQ*5K&<(k{G@`Xl)Gr(^vT?SD#e^zWmbfzQF`
z;q&o@_+orXaI}63<1KI-+yQsN-EnW+4-dpc@kl%lPsCI43_Kgp!wc{dyd1B>U*Prl
zd;BxriTC2e__$|ye!_{kBrb<5;~KaQZirKG3)}{Gz+G^6+#C191MyHi0*}KJ@l-qm
z&&Koc0=xt-$E)xfydHm#f5toUUVI1_dN#hFir`|n1TKRs;%c}SZh$YtSK@2%b@)bn
z3%(tv<NNS~cmy7YC*rAi2A+-Q;RSdJ{s4c1zrgG9_xNYL6Ys@`@p04R`{`ty7#zJG
zoy~X|ToG5pwQvJ`S#Y%8m5g75ufsRuZnzijiwEE#csL%5C*UbK3(vxH@O-=oFT*Qw
z4qk^h1xMF=3*$Q&-^2JJTqrBPpH9N3<Fj!YToG5r7vXyNQhWuz8ebb6U5^_WPs6w2
zyKsLz7!Sjv@niT&{0x2`zk*-KZ{wwS1^yI&iND1^;9u}=d;tHAPnZ$kU#H?TgQNTJ
zT*k}es`w&Y4_}I#;a0dE?u2i~x8ghTJ@|e+6pzH?@gzJA&%`g`Z2T5}7k`LX;Wc;z
z&c$2tF1!yP!N<>x@2696A})!`;mWuMu7exlrnn_;i#y`3xCicy`{99jC?1K&;fZ)E
zo`GlMd3XU{f|uh}cn#iwbMaQZ3-7~+@o~?^_tVKZ5tqc}aAjNr*TIc&3T}bh;10M8
z?v8uoes~~$5Rbs)@I*Wn&%m?sJiGue#vkBM@E3SJ{vQ8~cjCSHFh1^i`UxlElDHhM
zjBDUJxDjrOTjI93BkqcO;5+c$co5FOqwu5n3H&sE4!?}E@mu&^{2^YA*Wz#RX1opW
z!u#+MeEbXX{d5XG1D}J-;mWuMu7exlrnn_;gFE0ZxI6BR`{99j2p*2d;t6;P&cZL^
zx%f@I7=M62!C&C@_<Q^_-ii0(!}z#a@%?l%PQ)c~Ib0dnz;$pV+!VLOZE;8375Bh*
z;Jfi4oPkH-NAVN*Y5W|18NY@X;`i`J_*48P{ucj$f5E%)0sJ>U;l=oVIu)OZ&&B0&
zReTYyhcCrf;8wUD?u2i~J#io09}mXE@FO@AKZT#gFW^`48~AO!6tBRa;ji#U{3G6u
zcjE*2Z+yaR`U#(j&&B0&ReTYyhcCrf;H&Yq_y(MYZ^L)td+`JKVLS#ujwj>kcvf)q
z^Ore{&&P}KGQ1M!;B|Nt-hy}FJ@^nV^iq8P6v4%C30xLe!qspxu8%Lp&2TH+4tK&`
zad+Gsr{nwZgLniUhbQ8xcm|%0=ivo-30{s@;Wc;z&c$2tF1!yP!N<QG-(RQTGw?b1
zJbXUB5MPWh!I$H!a4NnY--K_)cj9~S{rDj~8b5}g#LwX8@hkXs{5D>SSK!a^S9l}-
z5pT!8<AeAgeBvwd{d6im6Q7IA<Er=~Tn}H0ufSL1Yw-;@4c~_E!uR3_@WXfvejHE6
z)A1}k2hYcg@G`s-=iqgC6W)S%;63;dF7#@A{}jQ+a0y%%SHjhCZQKy2;1;+I?tr`C
z?zlJZhX>-JcqAT=C*f&$CVmNL<G1j;_(QxJuf^Zs&3GIB4e!T);lgv``>7}{j!WSr
zTm{#}b#Y_d6t~1}aYx)0_rQ1HyYV1A6pzH?@gzJA&%`g`Y`g$3!OQU~yasQ;xp*ty
zh4<kj`1rZ;{d5XG1D}J>!{_4*@x}NOd^x@fr{e4JO}IPmjr-w&cqkr;$Ky$O8lHh?
z<9T=iUV@k7Rd@|vkH5!1<DGafK8%l>7vE1O<3wB%m&28Djo|3};aZG0z?b1G@iq85
zd?UUE-;Vp@0eA==j>qB&cnZ$Kv+x`|A1}hof}`uZlJOk84sXI+@D98OAHs#Q<NK)y
zJ`JCROXCXo0-TKN<0iN{z8YVPZ@_8zHhdSp7e9c9;YV;LehNQ}U%;>8H}E_7ef%;0
z9IwUS;LUg&{tfTPf8oNf#rIcHTpX9e=i&45h4^B83BDX(g;VkM_$GWSz7yYr@5c|}
z(fBd^Bz^`zk6*#B<G1lryaIoQzrq{wk9a%&9UsL1;1geu@2Au7S-3Q=fG@zwxIS)z
zo8#8FJ?@OV;a<2e9)O47;dm^598bp6@hm(C&&P}KGQ1M!;B|Nt-hy}FJ@`+Y@J4+9
zoP<xuXX7%sBCdvO;Rg6Jd?mgHUx#nRx8U1xI=&A-h)3XYcp{#PXW-d*9$tW#;N^G~
zUW3=;@A1!gC*F$><KyPX_tVKZ5tqc}aAjNr*TIc&Q`{1_#T{{1+ymc%@5Y001|EeU
z#ZTa;@pHk^`{$P#e+@6h@8OT|r}#_!E&c)jf_LKs_-}l|oALd0Dn1jRi_7Dx_##{n
zUy855SL18(4LA+ohVR1n;s@}<cnp3VPsY>nEIbF#$BXbXyaIoQzrq{wk9a%&9Us7d
z;}aIpPxwrHE-sI&;)`%S+!!~*t#CWs3Ezx+;y$=P9*l?KM{p*73O|cqz^~#r@H_Z@
z{1N^Xe~G^hj-DTXVEh-n8}G+|;lgjl_ft_^9GAjLxC*X`>*7oB<@hR`im%5v;al;Y
z_#QkE55*(#csvPD!!z-0JP$9xOYm~M3a`N%a4z18cjCSHFg|W!d_SFx6LCpg4p+uC
za2?zTH^nV+Tig+M#XayH_-;H1XW&tI9G-}$;u&~0o`)CU#rOmK3H}1F$KT_h@lL!K
zAI62=j_;=;xEL;h%i>D7I<Acy;uPEhx4|877u+59#{KX>JQR<_<MAXs4bQ|c;cWaC
zem6LJz50;x)p#xb25-jO@NalO{tFj=C%&JG;^MdzPQq1i&EV+#>*B`LH^Z%PJKPE1
zjC<lfxIZ3@hv7$XCVmP(i(kO6;@9!pcqv|iKf_<)jrd2r9siCG;(zdoi{ks~G<+5=
zjVs`)_##{nUy855SL18(4LA+ohVR1n;s@}<cnp3VPsY>nEIbF#$BXbXyb|Z&b$Aor
zf_LCO_z*6%IKF?1;9|H0E`uxLYPc3|fG@*W;%o4A_(psSz8$CI`|yK!1RjSc;;DEB
zo{i_>1$YTwj#uF|cmvMGTk$Tu4<EtDFNyD`Q}7x19DE)=A76+s#+TsB@l`k#UypCX
zx8ghTJ@|h75FU*m3yxmDpTy5l|2%$$`qvqM8!yEx@Mridyb=Ex93B65#(&2L@jv*)
zcjNo%G<+5=jVs^_a5Aoso8ad7YJ4reAvn4oX^h{7@51-u2k^sq41OF>#?$dEJO|Im
zi|{hM66fG`coW`&ci=tv5H9pyeE$@|#c&B+7FWX6ac$fXr{EU24eo%u;O@9L?uYNg
z58@Gc9G-}$;u&~0o`)CUC3tyo^!QoHcn)5NH{mUK2i}7Z;X+I4CtM7dz-4hITpicO
z4RH!?f!p8?xC`!%d*gn1ARdZG;_-MAo{DGS*?1mafS2IqcoklQH{e{n74O3P@DY6c
z`|<sB3Qoi&aXDNW*T8jfBit0X#BFg$+!go0ci_A6Ae@0m;YaZk_-Xtcei^@p7vlHu
zNBC2`7Jq{`<8AmiydVFC3oncBr=qwxE`^hD6<ib7#f@<@+zPkDop4v&1K)w~#)EJM
z9)%ypPvEEVbNFTa8eWLs!yn;K@t62p`~&_4@5Tr4-?;Dx^b;<QOW`D31=qxNabw&J
zx5DjkCww#RiTmLG_<sBl9*rNvPvU3r^Y|6~I({23#Vhb<_$#~-|A@Ea-|<2G4?b~u
zd_SFr&%&i~1$+Tc#`SR%+#I*Y?Qv(^4fn!*@c=vo565Hh<9ITjj%VRHcs^c)m*JH-
z2d~4M@D{uS@4<&~p%3HxrwA^FOW?A&60VMG<Ayi|x4><12iygB$GvesJP;4XBk_1V
z2~Wc_@k=-xzlGn$AL7+`E&c{?#@q03ct8FN7yc-|pNiuDi@iI6kD|!?$6p<S;)N`D
z3o7dB>Uv~y5xhf~NCaX`0(kC_V*&$7CQJ^3x;osKVmK58gaC?w0znRuGYBZB1dv-G
zD5oGqkV`=R-*0u*Wag6r0omX4?DHRe(UbR7cXf4jb#--hbx&>Zt>C-B_k$k+M}VII
z$AF&$zW{y_Y*W_P%NY=!1<nJ%0qz3s4K4x?29E%L0{$F46+8>P0K5de3cMb?6}%I?
zAAA^m5-h&;Ek9R+Yl3eC*9G4Leh_Q{M}eOP$AX)KlfkcmQ^5{!4!9%uEpT`6JK%xJ
zy8I4>@KNA#;K|?_;JM&M;N{@e;Emwz;N9R~z=y#nz-PcgOMJ`MRp46So56R0{|<f#
z90qO(eg^z3I3C;r{3<vN+z#9UTnK&}+yneBco29PcocXXcoKLTcsBTJ@KSIYcs+P4
zcqe#2_%Qe+SS<A|PgjC#f^P)h4!#@w05}BP0Q?l#3T_5Y0>2DS0k;J^!3E%dgS&zI
zfct}ofJcJIf+vEffoFri1}_Ddfj5A+fp>xTgAapGg2gf@PvDy18^LwK_kbS+TfkA^
zr@^t{=HO)TE8tYH1Dpfy2!0FP9sCY>Ab2Qv6nGqX5_mdz4tODW8F)2#BX~P_H~1Iu
zZ{Snlpyj^h=_+t7@J--);CsRU1c!nff}a6D3yuf30KW=O1GfWr02hMa2KNBJ3mya>
z1|AI_2c8U`4xR&E2wnzW4c-Xe4&DVm06qf#9c--dEl)MT*Mn~Y*8|@R{wFvT+z|W>
z_*rl~xCQuCa2mKBxC6Kl{5H4;_+9WI@G$Ub@OW?u_)G9S@M7=^@LKR@@DA`^@FDOq
z@ELIMO5gHy4Y)S=R`6Zm`@xTZBfw99W5CaWUjV-dwt+LiS>QbI8{jVB-ryqeVDJd=
zC*aS)Q^B*q3&2ajtHA5QTfsZQ`@x67C&A)7-|}-MxF+~Ua9!{{;0M7La1{7ya4fhv
zI2rs3I2G&w=YTtc{|)X2?h76O{t#RY{uDe3JRLj-yb!z$Tn63%-Ui+UJ^(%f{vB+r
z@-0s_z}JIs0@nlI3;riK6dVP98XOC54o(KY0!{@xz)o-h_}}1e;J)Ai;19vY;7`Gm
zz|+BVzzf04z^lO<!P~*R!M}ii1D^s1mHC#ZtH8CuH-qm0{~i1gI1Kz4I2zmp{5-fN
z_%(1kxINef?gVy&dxHCc-v<u|j{#2rPXW&a&j)`4UJ3plyaoItcpta|d>s4-xcX|}
z@^me@4)`{3eegfPkAfq?Pl6kRn}QR;t-${R+rjO@E^s0EZEz3pyWm0KVc^l=@!%5h
zm*9Ee#o!g-wcyR*9pJs-L*QfJGvMGgzUAo}@ZZ3<fbRs~2YwhF4t^XQ4Q>K{9^4ZA
z8aN%?4%`7;2!0#f1N<&{Ab2Qv6nGqXGI$1fE_e}mIe0aABX}El7x)192>5rfvDUXd
z)c{`)z6o3pd@uL`a0s{o_(^bM@N?i7z%PPr;0$mUI1l^=xC^*9xClHLJOVrhJOMlf
z{3UoEcoBFxcnx?HxE#C(d=PvTd>UNsd*AYPHTZAfTfldM?*l&!4hKIDZUl}4CxBal
z{{^;#Gr_sw*TJ2^y}<8*KLCFO{uulj_zUn?;8O6n;P1fez?;E4z<a@mz{kL6z`^T$
z%hNUB+TdHkcY*H%KMW2BKMrmLjsquvTY>)twu9S)UEoe&H@GLbANYOnaPS!L1n?B_
zOz?d0H{g}vwcyR*9pJs-L*QfJGvMI$P@cfG!MB3%1m6dK7#t3M9NY*T2TlOD0{;ta
z2WNs^;7(vSxF@(Dco29Pcr<uCxCA@{JQutOyd1m+ya`+m-UB`eJ_<e!uC~FqJY5a`
z8~7IRo#6Yx4}-(OkAoY5<G=~vR^Zpb>EQNY7q}DH4ekl<2Yw$s96Sa*0X!Kz13VYJ
z2)rD;2D}Me4&DPk2tEov1rFNiTb`~0*8<-Rz61Ps@I&A*@MGX-z|Vr?!7aeAg44k5
zz#YJa;J3j&!0&<wfro)dfyaR-gJ*!}g1-hY1($(0fVY8nfe(O>fPV)Yn|#Yt4RB5H
zjo`ZAyTK2DL%<EdPl2uAX5b|7%it7n8*nx_AN(e`E4UB1KX?duBzP=%B6u2jHu!7s
zQg9h~19&TVCwM>jF!&_+EclAezUAvW@D1Qw!FPf02R{Oi06zha0Y3+R0sJD^2DXDU
z!MWhq!JWaq!0&-S0DlDj7(4+y1w0cxAN&n?CHQ;r7VwYYec%f4aqu7D;4Qx8=^Ait
z@U7sx!1sY428V+m2R8!8ffK;3!2bf<!I|J(@ay2t;9lVO!0&^HgU5g;fTw_Gg6D(3
z0j~sq58e#k0p1Hf1U?2n0}lQH$`iOY_!jV;;QPQ2gTuj(gByY4zzN`%;Mc(E;Pzk_
zxD(h7?g{P(ejhv>JO(@gJOw-xJRkfGcqRCI@D}io;C<i<@Nw`T;Obj_%hR>sI^f&D
z^}+uDKMIZnKM8IOeh&Ns_(iY{oB_@P=Yih<cLDbTzX$#R{1NzL@MqvJz%#+~!QX&a
zg1-lE0sjcz3qAxs20jB0-sW4Lt^wBu-weJ3{CDs};4tuG;An6Y@blo7;Mc(E;Pzk_
zxD(h7?g{P(ejhv>JO(@gJOw-xJRkfGcqRCI@D}io;C<i<@Nw`T;Og6b%hR>sI^f&D
z^}+uDKMIZnKM8IOZVFBWzXWa#ZUfE+=Y!t_cLnzW_XiIFj|7hePXtc`&jx=DUJ5P)
zZvbxt?*#7$9|oTUi*n!cb0xSY_(pJD@ZI1Cz#-rU;HSV=a5Hcc_$6>_a2s$oI3N5b
zxGT61xClHLJOca)_;c`7@GS5G@DlJU@Oto8@J{f4@L}*tu-F0R30xC=Be*X39`J);
z3pfh=G&mOA9Gnb(1)K_YfOEhd!Eb@PgWmxU1P=v|0*?bv2G0P`1up_G2d@Ed0+)mL
zfDeL?f=`31{peest_J@Nd<*za@O|Ki!QtS?!HvLi-~@0h@V~%za3(kx{5rTZxEJ_6
z@CV?Jz#oG@1AhVj3S0{Q7W^G}9ry?EPvD=yzk*MI&w{V`$+tXR2fhJ(JGeghAK*v9
zk>Dr6jloU9iQt#Ot-)=;+2DNeo8YeCKH&b~A>fhVvEYf|Y2ex5ufa>fW#A3qZQxzt
z1K=az-@(RC-||xfd_DLka6Rz7;D3Tc!41LBfS(1&gIj=K1*d`AfjfW;!Eb|mfZqiV
z0uKX^29F1qfWHLK11|=z0Ivma2JZmx1s?(*1D^p0@A55A*MMt-Zw224z90MuI0F0x
zI0pP2_yurF@N3|7aC@)|+zIRk_XPI?4+0MZj|Ptimw>+n&jT+8F9)vyZvvNt_ka(A
zkAhEwtL^qJPgjHg2EGM+C-^?_!{Bi6<KRZ%IB){E75HCZJ2(@Z3oZn|4ekMc7d!|&
z3_Kb<9$W&R0iFw91YQna1KtEK2k!y@0{#tr3LLb@w>(`1t_8jsd<XdN;D^9r;K#tx
z;8<{Ta5DH6a4OgV&H;A>zXk3F?h76O{t#RY{uDe3JRLk6{55zfxD31jybZhyd;oj|
z{5#m#>sy{`fUgJN1g;0Z8~gw`1l$1p6xa%G22KLM3~mi>1I`BLgWm*q1@{5>2M-31
z0Dl7h96S{~3%mfl1iT8o9=sL26TBCE2z(5D1{}Q4w|rd#t_{8wd>8nB@FU=G@Z;b{
z;5cvsxE1(cU^_SyoC|&(+!@>p{2urN@JHZ}!JmP@0DlE81%C_v4!jQh1NbNK&){Fd
zC%|XHSN!Z-o~{Gm0KOf3H~0Z?2)F_GDX<mX44edh8Jq%c3wDAF!2bq!1NQ|F0DlNB
z29E_#1WyCc27e7+3N8b00B-~D0v`Y$0sjs*_WPEf8sM7X8^LwK_kbS+TfkA^r@^t{
z=HO)TE8tYH1Dpfy2!0FP9sCY>Ab2Qv6nGqXGI$1fE_e}mId~0t6Sy3_2mA~8H}ENN
z&;j4_bQQQ3_-61O;J<?(0*8Sg14o0KfS(7q1iuDO2e${iz@5Nua8GbQ@cZE5;4$C{
z;3?pl;Q8Qhz$?MugSUWx1n&b^fRBU!09XITw>(`7t^>XeTp#=o@T1^J@RQ)i;HKb2
z@Jry<;5OiFa6b4=a9402aDVU+@JR4j@I>%5@NDqc;HBU)@CNV?;Ge)hgMS5|0G|b4
zaS+NAxDNO>aDDJUz>k6>!B2u4gPVe10KW*ffiu8a;5_gf;4a|a;3Du~@CfiH;LpKR
z!Lz^%z)QfZ!0W+Vz(0cbfh)kr!GD0OAM!0v*MMt-Zw224z90MuI0F0xI0pP2I04)W
z{4cN_oC(eazYgvU?gf4qJP14tJQ_S6Tmt?QJQutOyd1m+ya`+m-UB`eJ_<e!4yy1i
zPgj9!fo}%i0scGqA#fP@F>o}v3HW(%OYm#pbZ~pH3)~6p2KNN_1HTU*4ju&_2c8U`
z0iFw91YQna4c-Xe4&Dv^1^gTM6gcQtC{N&8;G4kp!1sdx2@VA}1V00Q790<50e%&n
z25txL04@Z-4ekMc7d!|&3_Kb<9$W(c5<CyQ7`y_!7Q7j}1H2b}2z(5D1{{3Yw>(_~
zt_{8wd>8nB@FU;|@Dtz|@N?i7z%PPr;0$mUI1l^=xC^*9xClHLJOca)_;c`7@GS5G
z@DlJU@Oto8@J{f4@L}*tusC9tAN~6x)s<s~`QNqRI^f&D^}+uDKMIZnKM8IOZVFBW
zzXWa#ZUfE+=Y!t_cLnzW_XiIFj|7hePXtc`&jx=DUJ5P)uLo}h?*#7$9|oTUi{E_f
zqbtER!8d~Ig6{!82)2Nuz)yo?!Og%);FrNE;I?2VxB&cba5r#Y@Br|K;9~Hn;7Q==
z;5p!h;AP;|;Emwz;N9R~z`ub{frF0vmZz)0*Mn~Y*8|@R{wFvT+z|W>_*rl~xCQuC
za2mKBxC6Kl{5H4;_+9WI@G$Ub@OW?u_)G9S@M7=^@LKR@@DA`^@FDOq@ELIMG2ilZ
z4Y)S=R`6Zm`@xTZBfw99W5CaWUjV-dwt+LiS>QbI8{jVB-ryqeVDJd=C*aS)Q^B*q
z3&2ajtHA5QTfsZQ`@x67C&A*lZ~3_rToZgFxURBpZ`}jo4}vY=DDczZSa5T2GWZp6
zD%b(e0e1wy1?~=h2Rslw6g&z%4m=q=13VYJ2)rD;2D}Me4&DPk2tEov4X$>=w>(`9
zt_i*oTo-%~_(8A*90h(F91Cs^P6odMP6a!_IpB`qx4_-O?|=t@KLi(pKLt+$PX&Jk
zo(EnCUItzb-U!|f-VOc*{2TapuyNA2eANJ7555Up4}359pWsk%L+~@;XTkB{7T{OG
zsbB}#3C;(<3GNE+1MUwV3?2dg1pGO8DtH!n0eA^`6?i@P2k=kepTWO^Pk_&YulU`!
zd|d~=0en07Ztw%(5O4$VQ(!B&DL4`Q61X+E4LBQ|4}KHe72F5hA3Ov+5<C|CIe02~
z7I*=833wHFJ$Ng4CwM>jF!&@`oboL{SAuJTZv@u`-vfRSYyn4sp9aT*n}d_VuYgm*
z4zLqk0RA_)8@Mlc0Qf_2G5AyPB=B_b9PmQ$GVp5f2JklUF7N?x$6L(u;#B>Uhg7)s
zVenD#3GgZKA7JCO@A`tlS1Pwx>A6lhL-}tIUKhgagC77}z)ynXl=b>wfbbR&ZUfuF
zF7R969?JKr?dzkgx3`~io(dlf9u1xd%g+LT3oZk12JZwP1fK+7amL)gI{mf5cYq%P
zKL&md+)`QZpO?U|!Tf0uo(<u-;BMgel(TjIE9>=t4D*i%PloyDLihp*U!t6>*7qIw
z2k;*7ui$Eb`0kJEl=bm_qp~hvb;0++@()6|McJa#+XVbFI0xKWS(lf-;DO+ez~jJ^
z!Cxxt{WV8fZ|@?Qe<gSwEWa7T%awKc_(@sEzfW23&x6W3J;#)-D*sL?>--RBefQrL
z;A_Bt1K$L$3$72o5Bv!DF>oCC1+Yz7Z*K;KXM=N<b^iSu{2t6-44we~0z41A2)sgB
z@6R<5z8$<9{4@9v_&0E{s3rHj-rv`OZ&Qv|<>PJ$e+c}Pvd(WSgeQa3!A@`?xHGsH
zc!08A|8NMO0O8ZY^I-mk;N{?r;Ge(;!H2=ez^9dU`mZp2_s_M;`gpCQtjkM1WqrIq
z3gHpTI{s&r_5Qai>+;_m!fjv&xC6LQxj>bl?%+Y-Pr$RmOTZhzyTM1m!9l+HSqprd
zYLDvl)>q-$kHGv-fSZC}f#usl`2DcHaPaG}{B;oC7vdYJtoQFw2p<P70Ux{BtnYPs
znhxPhly&@TAbc<Q2>1k8RP)^*SAlN^-vxdE91eaK{1UhW_ziG3a1nSYcno+Fcq;fy
z@O<zx@b}<t%6fn70Urkk1)KS;=f6%_AOH2h4ZtnHuYl9Q?UeQUvXyoHQlPBstG8hJ
z?%?;qW56Zg#o$fKIz2led>@1#0v}h_>HPzizpA=#{?-KFtgQ3<9`K_u|C12j82miU
z{~|bDS+}>_!t&YR0`MDPx3aDux+?4a*#|sKS?5==vflnrly!U)l=c3Z44wv_t*qml
z58+E7d=+>Dcn|m}IOq!B`syZdeegfQk>ID4_5Nw3thfI;m_J#$g*u<UqO9|`HMp&^
zZZG75yD97Z>#MBSUj*TUAbdE4e+r%qo&#Q{tgqk7l=b@8!~8#h_kmA=Yh3BOzitNK
z34RFN0Ne=t95@;LFK|0>fwDe+-UN3A_krb$z#l8?<7u3-&d;gf#o)EzpTNI^udd-+
z-_-)&qO8l;o!|#y{zoDFaj+Gf1k1k$ZVN61cUIQv`w%<@=AQ-O%fQ>fyTJ#+C&9*5
zzUB35@QvU*l=bmnAAFy(-v1B5@)63qygaVlNYyWmVgBaem%tgyIz8DCUI^}^tk>5c
z!rxcc=^q2(6Tx4={0qUWz*}JXo#4aZGvFFm`|hu6z&C>Hf*%Aw0*+AD+y4ZF+tl@d
z4u3|4>;2gjmVX7D0`cX7JA?az-v^IW*6A4w;gcYI8hAc<F?hAIKA&v_?@`v}?-YdB
zy2jjJI{ZOp9bXiLHwCwX`P)NyH)UO)^Z^f4&Qr(NVDND8DDYVDXW$a>Ol93(_!?ZM
ztoPSwC{LRpd=L0HW!-)`uB^*nwQJ4%*5NmRZ&%jy{}aNWQP%nSEckiwi(nhr0WJW$
z!A0N^;K|@Q$~r$6ftSMkYr$K=KZ8$zue#36U%kGX$~wPp2Hyem-vi<IgC7My1x^6J
z0!{&EDC_iQLwFv9zYgJVLwIlSAn?bqyhD|5T^>JE;rjeD1(u%)o(J(QfbegWb^THX
z-UQ3<1;;}FP6GHa%zsi@A3uM9uc&F34;_Akvd;he!J*)%ly!M(1a1Ou4$HR$+ra6t
zd^>O+_$^qzFN7C?KLC#ej{}z|>-?Dm;VU5gXK)3~{~Ls#fpFt`-{bdM@J-<Q;QN*J
z{s{v&fcc{#+zM_6^V`5#Fn_MHKAt)%>+<#{EZ<#Opa1$Q>-6^r4+D=?*6~kL*86KV
zcrADb_#pTcxMnTi{c|5U9NY-}in89mG-aLsY?%MwF#pZBUN2h;I)A&XaP3q$UuQ%8
z)*t2{4jv2s0=z(3=kHQwy*(=-{Cn^onEzMsab?}Vej387{msmOU0$wH*6Xhct_OYu
z{0#Uxa7(ZQoCSVeS?5n@Wu4ycF#iCUe;BwJ=AR7y3cLusLRqJ09ry?E9_9N~d-P{z
zoxcZ_b$R_wS)VV@!2C69oBK;IUr$*tUmtwGvQF=#uzVEw8JIs-S*PcDnExf1KMm$T
z3->#6VENa<UBQFEAA_fX7l2oQH-dM9kAj2i_~!Rb;0M5ugOk8Ea0hU2@JR4@@NDq+
z;Jx6Z;NTlz`@naC9|b=FZVG-G>;${PUBT~wi@+Z!>+)T!tdEDu5dJlInX;!n3E`WS
z_3?H9Y}{z(pI-l!%6k6V;CkS{gZ~MR07rwL2mcG4p{%dJJ3x2=_}}1O%6j|yLHIxj
z9|9f&9uJ<Ttn2fyAbb&ouLN%Z?^4$1?*qzuf1Cu@xXHKt-wb{j90PtqS*QOcupOKQ
zejVIJS?6~jWu5-P5IzF@33wtb|0RUa2QLAy25(f>=_!ZsJ<9s{`vt;JfP-)LJ$`Of
z*8A^vWxc-o;J<?(1wRIk1vdr10Detb?~inFCd^*|?hf-0f$)!&_3`-`cn0_zWu2Zf
z@MdLQ9(REEfqw;`RMz=j;}+lJ<3?qj-diEOKKKD}2sjEH4Q>X05&SAR1)QO*%VT?G
zUEk-y{GF6_{<<OjUGNZ?zgSt9-_KzF$>8bW70P=5tpo3X`FDd4D(m$h1sk{e?$0Zg
z_4Zy5z6IvL2g2_Mhr|3a5Z(;j3Y-Bh1a|>{03HLLrmV~JQt)>${~GWXnEw#?cd&7r
zZ~k5jzC~H*_k9rlFgODIB)AFqMX(Lr9^3)k3G4><0S^U_29E_#2G0U70+)e*P}axu
zK?uL<cHjKJ6C444Mp^HVrVyS4wt+jq@^3<TF9`1s;Uksx_Iv{2<6-$}5WZMh*B8qm
zd<}Rrc&D=7{(azsF#mCI^}4?KeLeU#Wu3lzA>0Cf9Q-UeNm-}&Rd6~u3zmNi!n;6t
zFYpK8k>K&*Dd4Zb3&2ajYrtE<KP&6<as<M!s^_~u>L}~{x*ftF28Sx^@gfZ%{7G=E
zvOb?a2jNLz8`uHP0skA^9sC~nePw<A`v}6vfoCb}{Fx8oi@__E_5HrJ;H}^a@L6!}
zJIwv1_vfw3`h4{dWxc*fm34n!17)55r(k(2gvTrE_FD^>-v+jWo#0N&di`%J>+(=T
z^_S}H+X?+aT_L^$5IzvXKZNy-27d<r3YK36-VHtr4!+a(c)DI$Z|_YIej9|}tE}t4
zhakKmEZ+$HEX@Brgtr2>2Iqr&fs2%N`rcR8+c#8M@4wN?y8M)YOTjCZb$MO`-VELi
z{#9A0=NS03vMz5ycftNr*6F`NS;u!5%zr;P6#NAES?~+sSHN~~dvGrJ4RAl@`&57O
z00<uf{zO@C?+gf^4PFHEuY&N65WYiM*S9;Bb$L1nJ_<esu2$dNe|q_Az;(d4gYO1E
z01g2+06z(i1vdw`0KW`Q1GfXaz#YMEa8GbQ@CV=#;IZII;OXG`;KktO;I-gQ;O*dD
z%DVjQ1@BkZ<^3Rpe|EQ7UJBG_iu!DzKL1ejtHUMm5y*i+4g_)_kOP4n2;@K@2Ld?|
z$bmo(1acsd1A!a}<Uk+?0yz-Kfj|xfav+ccfgA|rKp+PKIS|N!Kn?_QAdmxr9FRHi
z=9U`rvnVx4ewO8!pLb0%Kg9_1vouZFWqy{GsLx{a^V+RuJU6M&yVU1{>N8w@KBYdJ
zsLw?8`KtQNP@g&K^L6#vO?~!LpF`B=X!ZHI`kbLYOV#Hx_4&Q}+@?PFs?Wpf^R)WB
zVw<@gwbbWr>hoUp`H1?AQlE{~XEXKLQhl~opY7CVp89-CefCnH1Jvhm^*L63mZ;BJ
z>T{9${7!vtRG&Yp&jaf7nEDjk&F#2aecqrxFSgkCQ03zewS1BCKa@k&=M(BPR(&R@
z&zIF_y86skpF>qVAFIzv>T{<0{91jkP@n77XSw?PS$+PdKL1dkHGVL+ySDnQt3K~j
zpCRh=G4<J4ea5TL7u9E~`pi_H1?tnSKKrQ8LF#ja`W&Y|zfhlZ)aN(qvrK(%R-Zf7
z=Rx&(LVX6Q@_3>9tGb$TNRl~zq^w#U`Hi8z-&@W6W9NyQKHuLJ>^tARU?I+)6~dsY
z8E<*=m2&wC^{Jx&(+_j6RGrO?wd(hQZvr_G$bmo(1acsd1A!a}<Uk+?0yz-Kfj|xf
zav+ccfgA|rKp+PKIS|N!Kn?_QAdmxr90=q<AO`|D5XgZ*4g_)_kOP4n2;@K@2Ld?|
z$bmo(1acsd1A!a}<Uk+?0yz-Kfj|xfav+ccfgA|rKp+PKIS|N!Kn?_QAdmxr90=q<
zAO`|D@c+jg_*?xNuQtx9^>S?MdtzEO&Z&`8D=|7*{?C6WN8>axn!~;4;lFvVm*lrC
z>F>nooLWhZUN--#@iKj%bD5{+`Y~-)Q|tXrE18~Flp6fkGP)&w%inX_TSmLDtdVm|
zQlnN)b85AUel0rZ7FyB&_`lZIH%e-h7~`%+S*;S<sB%L%;jEVOyUNtMt8>yh@$|{d
zsz2ox>A&@-+Di8o>W_0Q<*uQ_c|rY;|I!iZ?|eRGQgjk-@l9ATE=`uRx@CyD7O#2C
zuXXe~z>KtV5gG2TspFDa0P%Sim4V)w<=HSZ7GAD0W}obYZSl=LnL|3E=lk@e#Ct8g
z0Ib-P%awV+i+a!H$z-{54!KUvqQ3A|)l}h@>Ucb#-ivT#-sZpc3cUZWk#koId4MHR
zNu@HD6fFx<>oZ2QyACbTx^qypyJuXD7I%x*PsO$liA`)|#+1nQ^534Z*&5q3Qt~tN
z67#d|&75f|nRf9)2T?=;w%ojwwDz{Nw(V_g@>5*t!riO7`aa$6a^=XG@-ho-sZM8J
zZk{V8N4QFBlm^u*dM3S7W;!jNpK42WWYf%|Lvi(@+7#!@@lBKR!fZB+r6I-NHpOL6
zw{^6q&{~}N*?ATUX=Bf`rQ0*@d3KjIk!Eg~*D1$tb7W^Yg}cNkt=6QtSJ0f|CACYh
zY{H3=5jM0JrrC4y9M0_Uj%`!&tOdfoWdB+7Kf|0WDbEs`Y0qwx*Vaa9ce)x|c&@U;
zRp)Z%=h>VYHdjh^8@rs#6G51Z(&)&td&S@hi*#fcq+~kMZ7Hrc`C0btJfB777Kf##
z<T}!9PRc5KN>*H2d=h0t8s&kF^3IW$8<%FaS{sLOx;8$jBff|w<rY<_4La-DZW%*_
zxo&gSsreb_SbKPGr|dLNKoRXk&Rn&#E^zS(M^<XSopu{-T4bgyOjg>Mzm%ki{ESRz
zM^01Jr6egb*Pch)YfVVY6z<Z$l#<B8Tq>N|W>j}wQep~obMiTcrkt8vE+vYFxow>t
zvr@7<$=y`ucY`9*_?V&M6zWK){4ZLp=JFJYhN&r3P%~){RhH7^IK8tksGL%~B@dPc
znb}ae>;)DST6&0C!YUW_S0V6Pmg&@2J@%91@UW&jYP+6aX0JJm_c1N2t(WEZz6Z2d
zK$WApGORN1yuS0)Kccv}T5)j=bJZ>5Eg?2rT47;Is-wVSX+VExrsU?@JT)3^US*MN
zU8{JeF|D*_VR5f3if2|Y9&$r*Sy1uJX8z&|rFe54exmDj@(*+KjW3FaaBWG|@t5@1
z7hlaOcGGvo2CZP)JgPkBlvYpRujUjNRhv~@dOdv_v*ygAY4MWh)H<u?uKR?JzqQ)@
zmOPW6{N?Y@m5l`<w(QVw+eH;PvtpciznQd4iost6nVynRAY2vIichFwqbknyO#0s6
zm$X?Hs_5Hf+o-;`<yDy{J0+{?cOCtH_a{+N$w{&0<h$&)0*5OvKP6LiSn>cDi*eP8
zmo(*ku(c^HwB^`cxz21#QeG!pK?ogKo?TQVxDJ1|C7mN9($hPpWLUzo=uGdhwYPV&
zWu@eJj`#+ivx6hM4Xw@Ik<SknKc^>a0#)tduKY~9m1hXgwCCo=B}Le*)&gr(2A%6|
zE_;Ug1)l{hwlJ!H<B}TCzK*i-r&TW3P*y%Ec}|!4omHMQD88H&hbu1GmeiDHv_{yo
za`HM+bHqHJ;=^3_P>UrgC&iU(k9N6II>kAxG6iaBOGq3wHVRv&WYS3}Dcok3(0H}&
zTs7ILospSoPvfQnZN1GBQfaG|ifgXjl_z5}8z~{GiIS7&;@Qm&w_1furRaQ7H_UN4
zoG#ugm$nXB&{g6iovH08)s`>^HH$dgY`ig)q!61Wl=r6o-fGRsp>yShE*nl|IG<Wq
zDpsGR8&ZSLk=~BVmL>98d$!%>NK49dQ2|M$J)CB>SmfR@zp{!Bt<81nlJ@7h9g&ri
zm)6#rsA_@80@^?-50uRj_5x}^Q9-dqX4$ixu1=N)Y0m6Cdtsh=(lW~p7do@tP#&21
zLrqSni`pN&XCo_f-IkV;*4Av6gxM@%`PohvwMnVv$z{{KK!@4F+ot5UjZ2D?<uuF|
zW$!@8oh{F)ziL2*m;=of`^Lsc6a~g7J!^|gXi9BadCb|&q{SyaM~k+Q@iz1P6=w53
z5;)XqrLv#YoMNF>#V1jU<RQ_NB2Ic)hMTKSG(#<+-iIz9wUj1oRK_R0Xp@ag%2Eo3
zLT!<y+Lq&TrqRLdbcJ)#qI8%kwlwl2S^Y_I(SaRei))%h-y~ULb*gyJar4+k$HzY|
zpfvbDKmx^rchdjOV&PLLE}~AeMDkT(TE5Fg^@1%YC9kcgj#Kr``68=Q$(=j8<Ty)M
zqx=k8G`Eepnh_mJ-!Z1hbSK9}QIHG~?qc880<~i0$*DnnepXCMP9B}Kb6cfkw&!EP
zT~-1uQghxYHDi2Ame<TD%tpG7upx)0SBcX9>LU~FZR~|Pk>;AYCJm2urL>`AnVQ9(
z>tVe$G8M2$0-aEJ?(&;voo_aWjPZcptm1LCrchII7PVJZPU&;5CCibU%WVoeM^UsT
z^F50UsSC4)>I-OY9di<X^2}RtCCnSfO#qHoUdr><>DHT3JT92qM?-FaMf_HBwBQxg
z42D@Fvr;lMoG!|DRd>@0W^VSRW{G+3r#+<3{tdX&;})>zDu6fjxMzW0*T4!I=4a>T
z=j1qDd9;cGYQ9lxgchmz&9lgmt9=(y=fTjB?EK73n|V^CmR7Da-<8Ih)yq?A%rr&u
z1zuW8ZXSh|RYuzjl3v+w!mF=LaYeNm#e0Khl?Ih~;^kI8l`U!oaOXx!rX?aHKRcZY
zCnMKZU<u2~a#<p(Ce3XWm)!P+-kb}HCM?uu%eHq^-9WgxHb+(tC3mm75K-;*%IiqF
zG@_)*CSIh?Y$wI0CZr{HN|gt~i9I@(=}M?FS<p*Dh3lNXBy?PPRnOdML&+(=1LC4K
zb-E`Zv@bF<X|8eK=#>}ux)v6o3rpQSL~A#DYW#Q8_)S20-D$oN%4<ZkhmD%AHfpV9
zrle7uQI*;dXKF@%uB_y^rRB9nNulzLPO06lQ+rV{!=XkE#ln=dJi6fE<{qpnOs%Tu
z=D)TI7uS5}U&Y?jmt|{0bK1K2LgKueGfu4v3+JEg6UezpN3N|fH}_n5HpJ`T<l=jA
zkvE{ob30@@&J}x;zp_K3969IDpo>g<1YdDdYu%Qb@5rRKJ0@C}*dae(%08Caey%8s
zPF+fr4OD{973<!M+IJ1<@+aNF7p>=tPjx1GYQgiD1+Moq^ZB%6v2a3d8IDZuZ$HPu
zS+@I9vcPL4bZ)19&p%nqMHM)&$ivjN-}$$p^fpzV`3&TJBY<udY=_O`S^V^9ac5)I
z9xb;zrzT;`(LJP(+Q~^?4M#oqdD@HR&|XYBUwcs(BsJ3owinI0q47t1zp}kp0!NbH
zC3JJK;wCe5{mvvCi^XSr^EgSLhM<Kwr2HK7Ve@dKr#-7zt<Gyz+J-Zs-uJ8;YFqQV
zmu^?ogBbm_2Zz8R;fd65V{or(7klP9M+>kN+BACpKWqNYg!sLif8(J3(sBB<{i^2C
z1vS+Cwf9b_#(EO<>s&yS@q*fV8`Z(famt3;pS1BdR@pmM?qgka18?TTx>%^V{5J54
zS7Z5AbN|KGU5RR5>Kr(K{cgE{#$DMq|0(^GnBkzgsK(s|CcerlE}?OEiL1J##@(f@
z>jE2hmlpX2HtsGh@(XU<U10Q=+PJ&0=r5{qcVSUpXyfj}V!QCh-37+?*BW;hy^@P*
z++B3!7uC4?FTc;_F8<M{O8(z^Ym&wdx#Y;97TF#7j$fiZmqxsZBH?P{JH)5Ty$OG}
zCcJwdxGyD~?;={$vN*m3pZNI9WZoo_y*hMTEh~#|<26gQSgjnE*Vg6iX!CB{b1$)Q
zz33Z@MRp3&Kpg5~;XcF*ji$9vG-`ND!+h!r$e?}|x@*XH<K&17T4!6InWG%eT$yI>
z$EKcTGhI36Jk(6GWIEeWf@E)IOehZz;dB>z!hOdn#8~tkZsXju@a<Q#u~cO@&`rat
zw}?V;M_4%xy*z7>?JmkY?#Z$_v#HxLv1L|5K|*W+_ZRWJMZWXOPCUA0N4G(<>{huy
zhrk?o@5*1gFj*0F1C;JhWyuJOFGGZpDLFZIDsn2<$6ekiWim@HW1LyCY|OkYF;d@r
z8#x+@cVFq{jZ$v-lFJdNx+|Zhc2L>nh?Dxx9j{X<l9{>jGQ`-xWtaV{R4^%>a^uS{
zPqZ{7p+Fr!doM$b4Ri8y+frqe*4`>NzTz^(Ni`A;)r_D47s7SoGRBvcMbYv&4&ibK
z>8egvL{;jv3#mHH!ERKkU52<)k}5a3$Tz+V8b24&k%orY&5?k#c|$HC3L4s&o#*Pr
znNN3&Ig^SnJr<oe<1QhJ#-Zj3t>hAx&CI1dkf-UHm$tM+)?JsjtXW50+Om1P-ZI~1
zFL3lDo#N#dZ@i?Xb#9mYF70plq$S)&cL_7?e7}N6S(~ff`{xVlbyWDw8cxG&9CCCN
z-E6p&bGJ1iOYW`{KG8<V;dE4SCMFal%3b2F=6$f!T|63=k{8FrdgyOC<SdPviV5_u
zAUVWF6;HA({=NQmF$Z-<CeS~h#fp3vOQU9Fw$l=tn`ci+r@>p)UTYtgEr%fUfqIUa
zJJIY}ICHV@%si$bQ;jJXu5mtro+e@#)o=1nM@o9Cg9bcN1DksPa~*WogZ8Ct<Eo?0
z|MKCEY)77z1}{=#XZoKdB8`fK%i2yJIX<(fUMgy?`oHsN)dgdT?_zmQ)tWZjd1XGK
zIhp<=^S#?3@1xRJP_mM3w1<-|bek}tX;P$(&Ib+UzTW6rMdg58stM(0msf^)ZprI}
z?={2txdOW@%aNUuXP3(q2lKNKw$#_{E+^;9xL_`VatJ0hczG}g4g1$m8So4x<^nuM
zlfnuevObtuxm2pXjU$^{%XHI|XD_V`p~hzA_e(0j&v4mc9c7h)@(B!EN-7-)9Noq$
zA!!}*9WHqlR*qq+3gG4TR)(p<#NSp_ek%(Ye|N&%K6y>Tc2}1fl$Da(o*sjcE9#}b
zvS+2`(1FsnJ<nHUep&hKNJfeylLLlufM)}WS$r+wl&z3)OwItFvqVCkAel3nj%>R7
zmy_qr=5I>*8ycmd7G5Grsc7rs&@#;|dPIe?N;9Vuvs^LDSs+)oSDB7E4z6I*B};Z*
z2J?g@WeU{=HdjYlVS5^uKv#}V8JYVEp4&H=k3U|tm!B|KI>*4FMSeo_vvueYKcO96
zI<#1Z=I7;dMB^BgJe?UO?A+|iO_(Xa$aAUODb+M{XNjhnJ7tP=70r=vRLo8@=Pp;K
z4B+6sih0g-W`&1l-gzkZzxzr~Se`47M&R<?y*$pBF7mQjVEBsyuT7zj2g4?+iz{p|
zix_iorRY&RCCw&|{A^@8=usmcBujTSZQ|SghASoAQD_rm4;uM-8BsjE(I$EyGQ<_}
zqM}-|ICZl{%t(xA&If2h!{`_r4erXYyQuNrPJF!2_%H8E+A}EVzkb~JFN1=_73N(%
z@m+9Jv9E?jENp^zmBiSNJoHW+?sRbjmN)%QMZqGD1UD3=HT3vmvA0f?7*{V+%nT3b
zQX@_$ir@$_uzIK{y)#6tdl2qTh|k)IAQ+n<=2hnrv|gjWc_f}i?5{6^BINi5&zNWL
zvB>6ld>V6q5rgsh3`#@cXcU%t_nrpOo8y-w>3qqf@4dz^>#w{9`p6OdYIt#^O%BfI
z!Ax@abg14ce)7&Lrq>A1bf%>L7p8nxjcUT3DS}1GH2T%%AWwEh$QqIw3_sPV>@XMm
zS_O-;Ex|%mQw6W{Rc7g$X;{SPdkj&%p;&yaMQpkyiXOspWYDR=?65pfcblK*C^+Z6
zc7$yEh-r7q(xnGL^Fwr12ewn+U5FgcE}tUudQ<_2wO1X09;r)5v@9Kw-lao-<&~%;
z{>~h19_ce`-Ylu~U6pG9`mSonVytKEIR#(v*z-m-Mm|BNv$5wdiYcDjfO<rHf-Nao
zCebXidhGe2@be7@7G;l#YMw%nRv->u>ls`lK7Q1zD2#hW1gkDo@y>OfsHAMDRY=pV
zwNkm%)Dl4!@zHhqu>~=>mZ;{n55&-#7jYm{gv)DH$<7NbIJEF;O3kHIAk<?mD}ldI
zYw&<!`CozPUyC28;0Q0S61&K1i;93+;o@4sqN1FR)*!VZ-o;lXtU%1KC6grf(cGoK
z1yfZ}eu}3>Mb&BQ9>mk~A@c9ha{4*_?0e9q?hP)XarCg0O5*Q-yNF@{)k5Wlx@%KH
zr*PuR=27Bm$TsHs+W9%@bnPL2sI8l%Kh}1My|wkjGUCHJJZ@f%Fc$0U@O35KYOtlH
ziXZBzVN>GM+bAo_IPQ{-JT2bFn{O9~Yv+qE>WCnDT|tkFrl(V<X|6q246Kt&Pm!6e
z^&jid0^4~3nWWF_=#-REK!ps*7R&0GgZKDUVlFl`oEF>3Yb)Bv(^5GtGymRC(N*JH
z9#p$kd5T8f(ui`(hrLrWsj!7pVWVfx=y@KxCt>SI4=vFkWg5n>p1z?pQ(}2%bQ1G!
zvWP`DdDXAx{SmLDmdmgA13{jW8BY6?_m0;I)%@zbk0|jhW(`V*gx6~1lS2IbW2oOJ
zg(9c`nNJ|;$BnRHn2#V)`JjRpPZhO1=ybgpZcB<ci=RA|>w59%&9sNVzk-XlIaJOj
zPw_tU?7KNkg~<_nx#u~*(Ai1fTE9HGL=ozw9-^d{Z@hvEhWlrpmY$_#2e*nB18zwY
z>y8+4qI1`vmhs~7yFt{Zl2-zHh!ovQqpM0BGj0`YZ{hQJL|dn`eXefpS;g`14LYQj
zUnxZONcqqib-lP8)E`CN01Z8VR_21P?K!O%^pKi4zBv(!qZoCY&l78w5I#=x=+yyq
zAF-X-Rp0N^bK>CLUgLT!Vrffkjc#pE`L=?#=4$mYg*bX!t~hlYJ#RoadhF@q>)YvF
z4Vhx=?J4~Dr1<G}Dv6@vc6s4Ftu8-#A!gMz@1Tlr>T;sQin^3T-`AjGBX5_A-nTo%
zC%4nV{e2B1Qw*fP$~M+8Y}sjIB>nB)%yY_hO}+hfyC|ilOSe!sJy4Nm7aMr?A3R)5
zEZ<s#tATAiEtS)XZ8QT_H{uKh7j0MQN->pe=h$s+?U{6pive}T5RQHqFIv8rlQWuJ
zbbywi<V>Q!D-Lj2*)Ke;ILOnYLp&{^si;m5rHI3IbH$0eo(w9gCo^bxJ-P{PFBGHe
z(b7Dx+W0>8%zXTSzIRv1nB=rfPAlZJ=vSU!w+@B-4t`jLp0UiK3dF2%{GSp0+?6#O
zHj$1Tu6(UxY`6%j`i$zOo~Xp6J1ulfa6gDGKb!7jQ|sPy&)BQ7;ySS%S3u^qMLVnr
z)fZl;UiyX}iI{aK?HkGq%Jb7aEu*QZ=KY|iSa6s3RfdH|lJN7l>ZzXd=a!$g5j{Fd
zx1fr{9XSQz^vEXVctNDB-8>oidAO(+Blg_YSS+qznUS7@(@dM#P8VvSGB0eNM!uEq
zb0@%zR`FGRzVSts!Jo`GzdmI}|EnkyN{3uUg@gP5*V3{DViSdw(RVZ*#?x{+Ei2)<
zF7esqy?6V6u(EQ4b<RR#+^o)N&kcDrIJjtWl_cmBr&|1?>%zbTyZrQRmBW?3t9sG&
z|N4R5RS)_vG=Y8ofA?wJ5p<ZBeoKdWHTf))Yz}(8-$7PvRXZT6w3%gN)<Vrt=$eS9
z+E{f*@$DO?SL@mQ>U^zdxxDI~vUv4QQGFZX)0*ZJ6rG;v#!yltN(T2AaO`Hon=i&V
zaZUZUwE3MBi8682hE{(?c=yc6@94x*8Fze=m1d2#CAHFRY)TNVMW(9C!A&WxdT_V!
z^oUR}RKgZ$(^Wo=&uO)oy?C5h^(Vz8Q$!Er)75~*?6Wc34Z1Zw;8C*$lIEaBgs%H9
zwGHw`c;$10F=BBGYD+Dr6IXEA4xYMq@>#<ow$PIS=Gz_k?1+VkzN=D-<ds*|%e`=2
zg!qD*FZR5Okp9Z6<)N;-Q@QNYg`rm~#_S!T@2cz~`mX9OqC%u@NK)_x@1lmZU-;51
zo(iJ=i(=xm=!>&>n<`Si`=}o^?Ly7N&}@a!?M`TJR5s2oFg>D6co;X~J#TjK-@Y?*
zhT2nAa>h>^3ob-e9?^^!n5N2hq})}^DtlBOOw`;|$9|M8DMlS?q8IfWR2=7qQt9tJ
zEj}gx9&t5)Gl8cSa#}P+{{00{i>F@gX?I%0dg{k+(}u1d%97<#;Sy6@Q*VQQ1B&^)
zu&m2O{|I<<fEW<v^RgB3)l(t}=Aq`(R}nsQ(KqFfi|R3=N2Gi=%R5mK>GZNXeucq1
zkB3@#57Cp<c2{O69*wH@eu4P@aZ42UsnFFZ-8JJE@yQWuVmsZpP|ef->_KGK|9Sv+
zrX!19QAdw3N109D|A}??h@unLEZV2R#j|<pp2K@KRE%gCBeq9d8mR1Y@XeQedMT3Y
zJO@!_>y_%@Dka}<we53aP$i#hVzYFLvyG`Qf~qmKZoUG^=2zBu_UN+5s;1D^(Lrw{
zly9^+_W^(T)7sZc^)~08pW=JsF)Y5vpAkW61>Ec1<8g}^@Hkx^ERcJFrgTNhB^ch#
z@!jL$^q#tWdI_ZLP*3N9Zcv?x%@j|W8P8^pt%Rn0m`r>^9wt+t@*F08qtAVqtc~`6
znC$wWJxo4*>VNJqnfO$2aJkIV(k*f~{a_v@i=U1W{jLAghsl&Ce{z`o`po~D!(?s~
zx-RG3Q^mh~v_<rfrsBUt<||G87yp&fe_s4IQ9NZb9`|03t%#;vu~#`zJm>w(UJY=}
zRMUC2l4MhwJElENce9t<r|E8f#Wi1L|2D;9)^j#}qBuz-O8>8HOLwX+OL;Ge@_jsY
z|H9KEn*LwfW1ltozq7}_q$9WDIPaz6lRPaw&C@cPQe!WnRWiNZH&?#n$0bfR38m3L
zG0tqdPe#KiM9;lOM089Ne?y~{^7*B7qGX>Ts#(PJxKJ^xSwnhVuer3<5|Pl#mYf(J
zpA`FiVsl$uW9%bL6(1*xD`_xAwr7=AoX2y3N9p(0#8tkqCRL1Y8s%A`nA|j?5~rIs
z5NF~mlhfFq=1jLYNp9Y($~scTgoH@Xk}+B7&1gWKpSg}DgwyFfu5ql>l_dN7FXe(!
zOh}}oqx&_K*Ug+A?XDOa4&!fKP2=e;OY&xmpU{KN&CL<>;^~0vL6HT;JLBo~M}Fp=
z)~uO)wX>g~z0GOq0krfL4JtR^nU%x$GF!E!W<R}7lAdM4eUd7EY;N%^Abx9Jxev@_
zHKJ{b3{Q-W5hV#>l{21BsN6p-vK_oX&bN_eFNAoOZIReatbc*pWrMEaVmp|p6*T4T
zR@v0bK~L*IJ1SMojJIa<ip(VWnV}+qV*QX~qIFaaPZht$$0Q|H4G_mE>x+hSLfj*G
zaZg&s-sjVu_S|^8Jw4fTFnG$bK2cRUI{3QE`)b{MZ3}LZC`lASW-dSHFI68W&|B8%
zHXS{`gNvq$Wt4*zBRR?Cqd3Xok>OE(X4{z%8WJAiC*WtwtFke?e95PB`Wa7)Cv#kh
z@@7d4J$6VBUeI$3RrbW97bt^Y$hW&Xse`BLEF<{Pn8I<EeIa9>#xe7*<2SweiE}_=
ztb^{z`41dIv6WBfcq(S|v~(^{-K9J&+abT%%ki79W~J&(KJb{I=gi39r<B@>V`>DX
zt(lWvcb=PPYldSXC+wqJq@|0lrC2OtbW&(YhMh)CnwK_Q>T;YkR+i56^nxwA!=5aH
zqded8B~WUoJbSLST|%1pEy;Z5g$BmyrReKU;`gM6!krvRFXc4r0zHyEf#2CBmL=2n
zEWVbur{o(>13w)aPnT8CW_HSHtB?Ao6wS=!${4)Y;K&k-IF2P8NAXggmM-UM#Y&1V
zSPhqtEwDs1Zrmz5*4FI#XKl@_Ev?OHlc>MG9sTQMrEUuGRf{m{I-n~5obzRg`7IjK
zm~whVp}<bB`#LfxC^RkADozdxqMg1?ZUjxa&7gb0{CC6o>3A`3Zq03Jxzt4$wxkW0
zX{gxEY2fz{&;vxd)WbkG0QvoVmyjm0wN;c)Jo0_AmlV@aH1f{9hx4e6rj$qC?+l6&
z@4V>!rlJ_}?Q7oISmgpf)L*AwsCVU~F5p9Ly0+rc7}$;F^=v-(>TzeXd9}|o%U2tF
zj}{5l??Y}P`v7@v{)?BS*0StW(ye6mvLfmm8vaV<F8wdwjM1;q(Y03|UHfSFRrA?>
z=j#mSE<oQQja~ymX20f}Vdsy?Z=V$1y4Dvn@=mq)rHuN*>y#vKUGo4~-Fd#?HScnF
z{`H?{LngMSiuz|+x_|Sn0sfcob1|y*e@*!mpHeQDZMlx?klj2jrzuqv;+qspgn18y
z#~ava&|C@~j<UFTAN^*Jv#baF*UNrt6&hE@$G1<_LU)V!sJB|_Mdnd9E=^vew8bYh
zWIV)7O)kBbIx9sF(EDFLxLS0j(XzeM=qz%Sb5-T&c@j;zbrIR<n@gOd>gJ*O&iGL8
z`vm$cuLD;upzatn;A}VdfS<AK{FV0`T&nb397qqfh{NgB;^<bBYBEb@$)WLZRf>)G
zzQuB&`bTJm7T@vooQBFVBP7ZzuWlIgmJEG&VU+`o7nEl+`SNj3zL_Hkee%uxie~rD
zEqbxIIh@eEVOpgphmtDqNm?xC>t@Y?=fd4q9a5r4Tlvm4{T9JX&m^xLk+%(X-LJcp
zMz*6S!mR75@Ocj7OWh%tC%>)KQ|8HUt32uZ<hS`1<hRvEcaY7}DF(Kq(N``PJ=}R|
zxh6iOEGZgMi|V?fIXrc5<!MFNI(&qRdF?#!YKjpDa;PfwetBt(Sl7-XdS!bxq;zda
zZC@<Q=I9+B4Z)+qsBL48@><>Ab9%V=g*VW6#o_^VD8*%iD8<1R@kN$?b(K2Rp1)B_
zyAki*^6j=9^>VGh5XbHuPuBf~SPtYup8tiox@23#5+|M1IIDuZ-ia0?#?g%?&ntFg
z#9>~m*UjDwt3`ZHVX{8SN)>aQ-uE&7LPTFv%H1P*S67UN^#6rC*_`9G;eR2X;*ONM
zF`T-h@jP`;<TQHap)T8eREW_XyfVcnWPytgyNf#M`Q*BK1WU|zUFN2UD9@!Mt%Nt~
zG9+(v?&VJ2Zc1JSJ#0WZKb5ED(|KA!Q{D^Wk6epYEX@}|&sRD9UhqlMC!^KH9}llL
z+iGHAewFU4%9AAjbusyN&L*K4L<OyMHgDE{Zd3Yo{C~13Lupfr=ktClk<+3T{C6=;
zxpC;{?eOBqj{K7N&<J{Kmy@34rZ-;EJJ#vR4bPkG#r8s4wxQR%->I9{e8+u(=vo*W
zB6=6nx#AaI1>bc}H-Ea&vpf&0E#zD9RRZWTovzNRzMg&)#aB-8QDKv@@_WSes0%tN
zr@0*T%sC~Q-Y(|qq<?*eS~@N#z3icFes+6)5!LWc)HBwJ>W+h)FnZ^P451<KPP(7)
zC(G{cWJz~=BIei*P)rpR6BU$06yMcR;>hda2`*<FvEa=}(YuckCI<GSrxE9kG#ZK>
z<BU-8Yl&e#*bpi{T5Hf7Rdg%WQuS3d{zsY1=9b0mv`lc=sY6`M+-Wori+9m|k4BEX
zq&$Ak=%Y8N?=y#bBVA&@+sL54czzQA_x(9U@7;z7juAh+(NOeyGdzLbF=Ta6fSCMd
zWD>n>f`90z>Po0Fk(!!7d&VJVzsX0s>`mcqwTjbk(A_9*dz$R>CgsWz&Xuy?IG3NL
zcfC=n=q*MCV*H!Q)Z=QdMXq!@&0KO+7RO^eEk7w2>~@0?S6Re~H^aq}ca2Cfe<<Z(
z=V1oj7N2c2787S1QDVz%qd{zDN?x8ln_^x%m$LWUdGw@kxS0J`h^TnSh)QtMYqL@_
z?efX-ME;dXPN&)TP~`;arzej~qSu9s*>aDfEZ8}mcI}|ihNW?SR!$@8H*KE6zvZ-U
zwh_wto}XuLLS3!Y?_8x446%jB(akEl4)uwevX|SL4u@Dkn^4`%A-y-xu|K$%Dl$4d
ztu2k7k=^xjGn?`|`OF=)%WX8`m#|yur!Zai#<9^jo2T;ex}8;!(A1GiNf8@|8@zQb
zvQy+L=$V58v1+!Vwy$!d7tS@Br?}cD<)@iHN+h?M8hdoN#_Pwwth9wybA#I34jyvn
zmC5wV7u|nnUKw)9vV@qiCE4?m;|i>_eNi^CYA$tmm-nWUa!ri*vNIKsm7S?<%<4i%
z!%tmk2My_Jgo_PbjR^5kH#!P?cBc~ZQBNv4oqHRRu~c_Z$>-SB%eAedYacmat3Z6)
z+2A4n)4I?aiu=(Tszr;UE(UM3S&STxRB@`CK?N+YrGq+Ved6ImLH?QxZ!`UKi2c1O
zVt(y|-1iPKsf&@Go<udOqtNOQ{d@6h`rp7u%m=(Oe&}Fz7ny_&T@3!2(XE`4atfqF
zYcNmULukg}c&FUwG{b<dbZqSCVKkG&<1($3zFobI#!jveToit$H?M;isun{(yIPq<
z>Mmd2)rh7C?|i;n-PMS9a+yBbjTS7U1?e~)&Wk6|>*y=zO%?sS8FC$-#Z$%LZd6Qi
zxSLvKgjma~FB&Oh8O5>CtrvL|s2Nhlp>9-+_-7{^qH}kHc62^Jg`@Y4B_x4M6CLht
za;=5*eORJ3R2P2nE5}|wM&`?>JS`e0*EF8ibVZ2R-rb0briYXU_o70vqL&d~xgYsA
z!}zE>)yoK_SrVy|tlYt~shD_w*&;bMie^p~3ut!+Tlp97S~=2bcp#;xf#mb_b0=GR
z7>)RaGG;slVsK9*i4M{8l@qb4w>++>zNQVwvgEy~h2rOTXj@Ar(3S<6zg|?C%T$tj
z8fLZc6Gv*HIL<j#`Wfd+#YA2<RD9jj2#MieTa#POS)vML+qS6=(Y+Uy*cRFH`E|cD
zob74E<@#OTA^LKGu9(bgEB}J0rE_@dF6A|wYe}^8xIem|!MXoUFT<1b%~J9l*%q12
z-*Tee3wR+qTGK1{8ZC0PmqEM67R4jkGw44msVn6+F5)#6FX4r(+39*GOz&+Zxa{XS
zR1;Fgc3FyONm}Vro|Z4;X~i0zmV7V2|AD8)TX|Y0r|xb1cg2r#dQ5(QoTsI|Zlq~>
z?;9x{=5IZTF@5;;CUk?4Ps8FpItyQ85kK^yN@;IjDwscwp^EC{mvk7P`JSq=wd?4#
z*L4HcWxs5os_pnjs>_ybqRMOVc0<$%6UBXv5K;WG(a^lr*^J(LLw5|tsL8a%_me5o
z;`J2Y#~Tfc*AHD$E^XgJ5gp$`jRmgB#n*j}W@5%9!{^7VXtrH6M-Y|AWT!l-7m6SI
zQtItV^ou_9gOUYe_I56Y@9^e@sHR4;Gm&nl(NU_F*!hkTnn=ION9Ue&%6zKpXsALo
zoh4{oz+XKJ)9%`}m5Vf`fU;SpLnY%+kD#yLHRQo+RwjPhI=p-K&7s)K2GaIb3r)5r
z(XVwpYkNMv*-P?;U+Ebs^o!VX&}1sTGRfAltv%b8%fEe`D&Fm9a3wDme<e?!lvPV-
zQ&bhJIVw5_iwXUVc>4HxxItBzI5Xc6S5m9yJ=*2l-=nkC(f4R?_a8tz@bo|<DzQ~F
zdJ7S?;`)AI{8{TPH6b;DlJ4((DZUyi&ukoKw$fz#qq4zJDAv--Wvy|J@J;X0R=C%2
zcDpz6Zs(KKAzr9J^c_H9Mf~lRA!0&*Dx}*77#6c~knK@=lbfTR_<5iaDw*tT<#e_0
zz^e<fMW{LC-{$wCVjvaLjf0G^X!^C(POnp~DBGoSeoLq+Iw7QF(J<$U)HL*&t%-c*
z)QlWvmJu}M(^Xy^zbvJlm`WKF9K$bJlgXux={|sKmSiWLq4H&Wk&<X8i#FldKqHZV
z-Nu|*M(5c_R&n+NJ{8hYl0wIU=suW>&{oc|itU_Z+?*1h44{)6Z;d!LnD&WxMyQQn
zOLK56KG`ESaUQ$NIkw^-IW{?WvePG*z4DN*gWHLn1G$OvpJ@Yc8%_x--z|^73Z9mo
z;i>y9C(c6kxlG{m+45M^gDfzCYX(srk)JKM_xWtD;akWzYf)>{yKp$f+4pH}rCo2L
zgNWuAU%qd|(r>1jIoZrfEfv3I<I|yL3phG6Q?7!px9HMFUI6%O@~#=K_lTJml?HRa
zP=-3%QN45WeRKEt%wp~^I&FSH$t>x16Yr&Wd0NtslT1UUKQJued@NHP*oxjKN_91r
zwXGk}VgJ(yo?|njIn}X+R<WAq=9Sy@7aKU<^7lDL_Xjd|nwrPp5uUd|oRo8zVS{;&
za+>m*M-HZSY#MAdpn@xZbCue3T=M7=j*dR>Tox+_^J?+iwXz%!lW`8$Yu(4QQU$<a
z6(4a}(FmTF(3DQsqUR7JSq%P=))OlR^55%*@ZbJ-(^8tjf5@sK6n}9s$6PvD#_WH-
zz8{_|hW;N?4DR_d^()P^jiH&vE}1s}v28kMY}+}uk{@Jx4xA@F!-k$KJ)?$F4CSX~
zdivf>+f^}?rzOL9T0BxtN8L<$_^dt8&n25UHIzzzHvQ%iC%x)rmY6w`bL<m}p;}{l
zpJ<-E?&Dd*I5shLn67@l8b%Gc=d<kz^gHKV6vxnVMW6DTc}72{MY@vV!&kSu`R|66
zXAr*Rq!SRQ2`<*eis5|5yR;}B;tSrOQc4&l?=zWID|lKar|u1uV0sc^-$zu)2allh
z=hP8Kcv7BSRtS(ivaClY%QpnlMJ5e4aQN9wKKmDs{L{0od5Qh`NYAmWdO!M7BIK@7
z?mvR}$NRTXlFL83MIE!B@=OI{B8OGbw_L_$m^|~CDU_$j^KXIU9O<V$C5DbP!l<sv
zN}+R={FPHHHx9&D&dm~986{@|Pb;SKv}^`X-3#S6izq2qhl`WNMp#TIdI4#yGgDpy
z(52a+@zg5)<ujv!yc|=*CaHsmF4k0Wlmpkyjwvb&>eAZh@=eYd8AHE!7?Vk5Pj*qz
zFPh1(slmv<i^|n0U1f?7r*mUy2JO~$+`Thu6}5Ta+ePi#QM-+(?EEZx97_(|w6)<R
z&;t9q1c@tEp|-`ewWqb`vfXdALFb6}`8hnimA8gk;FLJ}Syx56px81_Ufxqjj!KX?
zG>0zA=q<3hX?F8xTE&9xhHL;kGCHYmdhIZho#x3+eY0q%fr(lt2bCS<9c-Sk^ik)h
z^!@ok<`5gk$R3x*PWe()>iu!3y#G)4xJ;kNWtldFiqL7^oCdKiUVho9X`Gc(=*XfS
zL+@C(r_jSj&U_kj=nz9crgjrwq@7t$QMgCkN(;*(Bu|`T^~XlMy`!h^f~yvvA|uK+
z%VzSZPv|foKbFeF;<41q{A`@jkozxVQs@n-6#4q`R4~cZ?Lpe{nGqV&*xAgUkw>et
zXU9`p$vhJ1Rbmt6aa(0Ye)fpJa`_P@fv&qDl^3}1n6Z=vMU(|}*vX9Gmh@K~BfS7i
zhK=MfcQIvBjZiV}Q!4a7d}=gkp3*7RPD9=4MYXCqMSW+G1o6o@%ABEelqQHjCK%xf
zqGX~G*4Qb2n`lHdcA87m5LNjDg#}{7B)SeXd&0~EPoDk7`cI7n@xyrPK1y`7X=~;l
zCGO)%l<*2pRuJd1=rWGxh@p3crsUA5aXz5TNVpf|-RYFU-f@oPnQ2z;jN0-UMN~G5
zx3YW;M;DjNU5Mt-8hS;tj+ap#bp@h?S6?)imnx>I2#U_h$?W9!a2EZ>8=eYA>|4hR
zekwC{oKC%`u!%C>P){lGcbXD=C-Rn$=NL*p=NNeNCrvQ8PbwzH>|{{KpjZ9J-!$}e
zY*571g!EUMKH<DFudFHSeDm?d1Uhi|P{I&Dg)LR=;fyVws8UGn*7Qbn0H&w7I?<Ks
zy3bU4IcMk|w61e~ZYCtqDdil=966mLcTeI>sF2g568^h<3au`f6PYJ}_fprDpI7by
zU8DAzW^kpQ<IJVkz3M7^N#`J4VWv@ioWa#I^?nA4YEgc>Y#h`EA2E>*e7}9K4hLOo
zijOB6)C%$6>*f#>cyAU><HVPm(-|tqDz}0<p#0|Wj}v7kiqAMRO1_jOVm439=5ib@
z>A@5Sz16CbEayWeamT9N<vHFaa1kz<C+9Df>tDdr@`XGtUc@n|ew;m%46`R!UpYDa
z9PI0<R`fZ@hE1kx6COEkw&MA`fEC1&$&`e$#k?x-!}DvOB^}~Bp3VJ@Oyjq5x`Y;~
z7E9%ZI&r)<DuJ&T{G@Gv37tK;u6o`xJJb>9STa?7zS)y)^hk!eN@~6MU(dYFl+dD;
zoH$FB)WuP6Rb(O`0^;x#BUIL)^0bpc4{^uDSm{TV=@-na9=UW3`fIs}fzu88UGK_f
zM`eNCzy+2XejJy+pFp|7<4olW&CVtYg`teL$fTT12i?Wvv9DgYLG<{7V^a;fP`li*
zo}OxiUH(|ROyknMMV95Ccv`-Xc1v}Om@<ueHTQ3&Gj`8yM!38+P$2efGa}>dZMdVO
zKpfdd-7sO?+0J+A%*^5vuk+F;7e&wM)ENAHn-Rj5e{OVAOk5nrv16NIF*`$}Q)#Rg
zwK{&;#tAyiNhv$R(~{FNS!Z}!+UGW!77e?Njs(xS!cSR{1y2?cXq<MRVQ?|>>{)KB
zd)5A;?+jXd*$7@s*?74Y^T9PSV}`5-b*)El+2%*DtaQ_g-jQeae<wTT%?3YJkS;=1
z2ONe`0@A2zr~BV2^a21LXb5k_kvA~KkuPO$dv3Cm`&)9YsZ?X0JJt)lEh>K9LR(ur
zm$tK-Eb#u$qg84nf7yCqreWS3;sd_Q5@PIT!z%CEa4;QTVlP(!CG&X24MmTy48C0=
zdVE98pz+*?O*c_#jAm#=q$QkhBJcw#)I&_)Qu&zwRpmJ<ifXI86nd>0eczosx68Iu
zl+_!=@jK$re#Nb-Sw=&azD;#<mJ!8{r7mD9e%)sq;oQSVfA*bCE9P5j?b?Y!v*eAm
zcH-<TinP3((;3E#dEd^Up2a=03=4m)+o<%_FS87~SxhPQf2XOPIKol7cW?<Sk<&6c
zt&r2AANl)YIW3{7*;_Pfwrpp9%6-zMJ9&=sT{>*88Mcta%6H49_sY2CwDho?`!}BZ
zd3vd57C+TRZ`Ykez3Gm;W)8ZY=l?oHm#xa-SCu!xeQy2IP({A^D+>kmA<%c`y<!>%
zB<~Q5*?cWha-7rT{)00$oSTq*H>qeYT_Aoimpi=D=+L6eBk?8QDlT&0PDyWWr&l*p
zx~I%lH^&p&COE`go}r@4?VKOIcv{hyr$zmETJoWse$I<0i34*DdZl5er~T4*ARV<i
z-uJr0`FBrb`RD3Cj$cpMG9{Bblj%;km^{y@tR%v-sV!s`i@OBTdjRIh^~!0<V*a~$
z9j`G&RLrA>yu5)T@1EFV=~qwkqUnYhkEx)a<jE4p=`KPL72pg<n|v4Df8m=g=A9O<
zLH^o+hg7kDKHogkQQDH)Ix=L}lw9?%^C{=bwsCsP4$FKxMybBCff%%aD*Y7;RT1`6
zlkry}wgz05==oi%_;n#&+znVtN7}n93_cwBw+iF^)X3CArH;#{d<`FB3yXHOp*_6)
zJEP$X`80~Bxjiq%U)>|#TSeD8YGvZ!*W9eml+Tm?)eMr!@w0tm|96J9kSgOe`o%%+
zZ}2@o$i?V#UmqS-D|El_=#KPmC72a@Z`!h;7|~}TbuqVZY!0+)o>JJ{o@Eu^b*9qE
z53x}@Ff1k|n_eyI$?#HIz<<a$3wfvZugix3y}OfR5Sw{!aeN`Ii#w9`FEn_gM88Em
zE6qg5$snGU1A8qp1NU=a@hJZKuN6YEYmou@CzdRx$V)Cq<X<nY68R2}ym*Y<tTA=v
z)_9lI-#NJA<EjDfZz#b1iOjjNwB5lC#8N&N^;trl5n|MG!~7Wwe+42di}#Z5UN!p{
zkAGKLXnop11)|#$x@<MiMSe<`PgL|fcRmNpq?J_q)vucU_0nIZWGB!wbPjRmJI+Cw
z2Ntn+2{rzvEj7aU-Z0&_tL(z|X%EX5vsWwFtm=m?HyWC!MY^()osE3AnmhJ-uAtKB
zeb<>@)U=c;E4hv&^8__%DW#+QbF&l|h|yHR(30c$+tP`0Kb7#bn5J}ZsqzjsrBcQ4
z{__9aU9|UCQ4@r^Db@Z^S8slH=((#2zi&nJIkB46#IRMo$#P>$r*L-oZtO+vl2gmQ
zM-1rQ!n>sN3eN87oTU{rcv|))9|j?@GzL+Y)_8wq-(QtJZY7P1n6}c0;C36G?k@6-
zu<JX+LbYI0ek%2W`ybROe&sS+GE*j#rm|0xU*mOg3ElLa@oc6uH6`;ue@f}f`_MgC
z7FangH~*d|zxkS{?u9%p-OkgJpLklnpQptKd0JG#Q}<EcC-jzW8bK@jCo&^sqdiVk
ztfH!+vI|}u+^l*O5~y1tFN24!ye`J>F?{=Q`coU|dK#CPO2JtP^b>DuRvUC~*tpuD
zqUZT?)fywki|f`HZN0c<jgjHS9czqqFYZ}mWLA<c?baAs-afL%$o2NgHAbGd&#p13
zGSNw)CjMH3o{Fh--?c`exBIU(XlQt4_~5ma@ny%jjGW_4=H~$ycrZsEhLw?ug=_G%
z;}y7c4If9eLfTu$<^Ge?QaLS`Q}+qEM^DR8cRiZ3q$^KLd+^lVQ~oWd?q2e5IW6m3
zk2WGgj9*KK*TC<o0;TIAy5%Q(;^k-pIl`d{-7w)-DRWgsZHK6;bI=&kp5GhhZAyO&
z7l?QHo$clQc-<8=^{h#bf8fg|YOKO~B6&UD;k1_hp0#)f$OQ|;ue=WTd%TV!IdxCx
zHF1;2t3O(9gLhAi_;#Ia{G4~5m9pcQ;-frOvC;((FIXUk@{NoN`E8{5eVq|TH!$cY
z^-fYp2E7r3Z@kh>gVxi14b{bQmOCTLzvRf=GbxEQ1k#a4&9z+qg)*A=IM3VBw<n@u
zC97`151S2jv8Ydn`}rEYh$5%-@+yMkveT&HPLc1}V9;wi%)j?+P(5?!>{I(<v+8t~
z-H27zOxIY;WUt$7UQ=-?=Xd3HjM%7?b&jRQB3`)o8(xfid}z$2zK2E)`Cm8k@Cp}?
zGJW3V86{eIQ^0?(z@kkQW!X}WvIz~oF`GqxdL`#=s_a@k=jPAk^p!4`dujzoDTloJ
zU-6+$Mv^$nYcF5Pv+`(L|8o{^HagNMaSjwe@*3RV$?TKUQaLSOFW0$2elMq`a$2;J
zzp0SZl1*}+a-No&(;d8Gx?oDTCsXeR7krEAg5<+8KbJ$SVhj!ZlU;A}Tq`zlSt<F2
z7xn4a3YT%v(-~U~@9r!y^C#ZMgS^_3BRnlLr@zUB9FyOl;MjbJ{PE@6IV#Kx>{;Sb
zZJcM@w|Z{As*Y<vt)wbt_1vq!z!yhS1oUvP_c_rj`pf>IGjf|d-@!RZhuEpDvR>%S
zhk0?=J2;1EY8G+%=m8xzW4H04r@NW9@T~4`YNpCVU2g8WZCtfheo4Jba;@*knBV1T
zaX+4x%Bgz*|6TC`PfNz|v|LV0KjFWN#>(j)UX{LsO-Y`<-E;SvG;b#*r*tpRS@tu{
zS<NgioB_H=TXZYuYnk$M-F=}uM||^${yD_4a*D3#5U(;sOrhoI>QmoOmlyRqQkq+w
zF6Z-*{~I<OUQtdLJC#d&r-=tUblJg~PV1s+1y9RQ%fHXk+N=B7jKM$BW_<J`Jt5+6
zP%v*osu=pyg=}T<PeudUrF5Tzy6L@gisGo!`!BxWW2mhAos_rdx;w=iJLo4G!omY>
zX`BJyk)rYX-cfVEINVndV<{PWk;*dTy_EP|9>BD6%AFoO{r}qg68Ofd>i?Itos9tk
zg7Q;-8WsT;FzH@U%q*Fq&d`a|vWUoQ+NRS$+k~{81(#ojZ3fxG;txc{C@uqn1VIHA
z38)By5(NYSF(M#4VH<Y&f6qPVy}bAGlBP3*`t$Qo`(E;W_uO;OUEjIex#<mbFP*J^
zUr6`Nmq|3Ny!@M|ePU_=ZzkI1wE1tIw$w0m@UV8#!^oyVTG}5OgiGmf9)A7?@y`8@
zcocC*BS1qmW7=5{dvL(|`BbnncaUqoU~#=%x&A=8{$Bb01Ko3Xs^7SyRddZCngTrO
zk!sn)Q-G&ELV@0`SlvUc1~D{_xhu5|N^L#5?hy~6$ppC|LfH7C-9Wx_Pm{0ov+&hG
z6trYJuATHKE#GGUw2kUZk9v#=B$tLr`^uxlsYIMg>Yja0{eE8Yeu;SVpqjaHrbbf<
z1*~#t-)5kTyLj2Z^8~APeDbF9{Hi(A@MjD-YWY`5l;UfYI5xX_G*C1;s4JaL?>zxJ
zKMvjOWvs2Qw7C~VKMOr9W8Ezs%lY&Zh<*Akie<1Ft1oe)Cm-60cIMp2J<TnVL~;sy
zw_^HAY`xQ$Vw0i1WNLgcY_Vx&Y>g|A8)E~%vKygJ0TqF0lEb!P)R;ND@Nrc$u@aXS
zgIxSL1j<4n+}HbY&u^f6_5!+>zT($tOWe(mW4X}-k7F3}tS8VwT=oP?J2mZpd|Wl{
z8!1w`JZQbN?{Pvc(p{~c_yjfTs4Or*2%Q2eurciaccLxbNZgCRBp<}*VsORRx5zDf
zGr8q|O>RM`L3)ICvZd7KfMc;7=?Q9_63HlOk2)R9I~vCpMrd;6xp)hC&fc!>_tU-f
z02uM<09xir4^%z)(|-D-M;#b+<C7E<?JM~D#*^@$ew_Sd9`}22$QWA_8`XYDE?MQ0
zWA~@PvuOk;wLJHv2ezZMv!C*;otV(R^OT3y`D4^pyZkB7#POq8r1um8h-0ooJLxG8
z*;3X{dkWkN;DFFJQzXe}R>&`U29EiQ_JCt?6Wt5BJwT#s*Mm>?8ILx1GI3mN90NF7
z_Gype`<<sfqiPM8z6Q%0w9B9NV8ba60{+3%o<Z%}r#-{kU!L|1U_|%0QA|Z>8=vuD
z=PFj_V-{UKIO`b??L$?3weu<bBEp0eKcsv1M|3Y;OH$x`-T|=D{`9nmMrL$0aj-(J
z&Y;vzB#(vbhzwJY+GY~YbbRA!IF{fDu5Z!3aN?f0XHKGf`ZT&1&sM)PbT6H^r=~R~
zwc8+SY>oEZGn`j1KjTpY7GSIoCA2q@8ZaS%(Ra1mReO>S$<^b-IG-6d!I0k1QdEAa
znE#6InVS{!U(-E(8-kc`WY#m!dZx4&pY_DFi%Oojc3lZ6S15T_X&avNOeVD7J?9z1
zjL8_f_BdPWd8D6V<_+y$OSAUG^GI?W-3Dz^D?JY(liKFzv9eP;^96{Iz6(KlWjUS^
z;`t>Hj%FRCWq#W0)aGOqRVp<$u}ZtT<WbD92REA1);|X(S>=psK!x`=CC`NRCOyv6
z;|9YPoes-o@geQ?k_Z0Q&;~5+YtMV&V^t!xPP^oJc*xyDu`l3`1r^GyKBjCY*J+nN
zhqH#0u;dfd2T((f)2<};=|2%2*Jo^%)oyyuquoLd1vnsaAEeOL9If``bDk+WwN85u
zNfw_RjcG3vVF@JQQ>1(5uf&bX&v{<RFCeM14=Jj@(Y>VZg@^a_h!H*Q8b$Jm5@k@k
z`FW4_ATBSZ&AniQwcBIb!$gyQR0Z<_-E-<*c$t0||Dm3ow3i1qz7_cf%9#8~dqMog
z+QlzmKIU65c$R6G(c|1Hdyya9HSc2WN96c3dY(Czp65>m7g`=k%W<?j$e{!Wt)WMI
z;{{JA+H%#XYtNqO4YmO33P$mM)n39Zc0=!^_P;NB<Y3k(HhWs=+~4(S%tf^5IAHe&
zFM5K_Smz1TkYu1SI;!3MDz#A9(mjC)$A)lHcS?^z1;PwXcaQM7AHK9FU-Q5eAX$~6
zj*exl7;gcZJ=8Y6ghu@PFL|tngIvfS-VA1UzT$y}`Wq+>EXRrd^(D_>Vth!gW~vfM
z{vQ~Zx0)Ms((!&??cU8En|ZY=WDg>R#3-|vn{&iX*!|%jkoT{Ux3Te>Jl!|m2-#tb
zCHJzYa{%X_V?oMfSo`%W9^;TbELRzIIb-jRS3O;bF%CCCD~>aR-@x)p2&!t9SPi<7
zm_$d1(F!0x#5BJ4+gChYID!q809zXITxxn)yZ%*A2PTDMSeZ_i<PFZZzUomXhp07E
z2h@kPE8p-0$Ku$Pf=6V`Q2Xf{9+jcx<1e&(DWbO{axgZ36WxD>JGAEVi6+jJl-&RE
zt58-^IPhwK$pUPC#=;6mS_<VaUabiA#y1dZ`j-^mE$aTLx?lY(dU6Nu)yyTF{~BUh
z(_TVYd+9Bda2LA<cfxP84lA8&U<-l9jhrVU>gWoDwb$Q*Y%eKE3OAEHg+I{!UfeOs
zM0szRBt{{C>0RxTH$13L#=~}<&&w#AE7mT3!_$T1uVLFE0p$g`fqN`E)(v|?ZtAAB
zuCcax*Ls|itr)O>n24y~^L^_v=bgQa;&9d7bk9Gf;-l^_;!ef-`)_*0K9DmLr9xcu
z507Dms0zhT{^2pr163ip8I{>?Z>b9518<_uc<4=JMDb}V3@I8Z*VWs)ijVLA!(%af
zQ-$buD(pXbhN6Govvhw{-G5S|-?``Le#-N7e-L+CPnCJg!-oxNSH4w_zxL<1%+%8U
z_Le2u+T&FAY!;=$+NEzHGCxGA(yn=dnBR}PJxba=Z`q{Ro+av6iCX*mi*(Pcdr{p_
ze2JcHqI=_gxMTgM?8wB@rc2Xa>F&4l`p|Ce$~4Sg-IIn=@U6{6jZ(+E=Fx`#KJCS5
zz4qvOFO7xZ*LAc);u@lB0w4QQ)3Ell_1+H4E>{i##--MKyKMVf4Tq=JW4Mghf~%oZ
z<N5RJy{+0SD45z^2nz4Qm+5}SD|9c=z40z}zvxx^{eZe}R`;`BqbHZ)jxATVO#|3+
zbD}xsVgz)<iC$yK(|B|nsYkz3Y#yMy_OiNXUZ>v|s(Vh|AO70jcv4dLGp?fFU(N1=
zz_aRp8QrzqrTb8dYMV}~cs<{LzPJ4P{_FX8SIgV=rjxvQYk&I`uX<O1;~cNnXnjR&
zJQ>+_*2!MWYv$Dr-f3Plr+*RImOEtu7KAw80$)Fc?8aJOIByZViWkl)8@=u?oR>Cw
z-Cj8BPxIQ}E_a{qb-rCLI2&T!LSnHxa^opphdQ$1G+H)MTOD}<zO-|`h;*u@j{Nvk
zZ<lucsorVSkry_A+36c0*JG!WTo!etbSj2iYO5pn;dI@4)RDh$up8^G(jYy(!CRL)
z^3<7-_u35$Q2I7*r2D<<UQ+jsr_qyJaIfdR{p?0>o$u|}H&*25{ijp9eUZXTpHBCJ
zx?g(+rDV|6z|qa8d8d72zm`EEaCu{&@<newZ|w9rkScd3$&<(3{Vjd#>E7CJ={rvM
zZrxk@<#V>;Eq%dxh{L@q4yCgwCY!!SF@brzGn83sbn2^=q2Hb9o#xGa*O}hw-poZh
zHQN5(awv162W&nA)#r^fAZ+$x%Jk{q%(tA0I)<fLHDBM4QUNc4BeL-8bkAhzUR3wo
zH|Tfzn{+SWZnUI9XLIwLv(U2I8<=U!-isM-hfk$;7>1C}DyOFQ%Z!=!S|MXeMC}18
zvG(+WX#ph7i)it*$4JN~(H!oe$9JD?Vfz~k+dtaaK9oT+Y`TOJ*1`N4;__8EYu74g
zYr1Ryo3SOa_88F>D(QaipnHbsGT%bFYMa#kF?COWo1Wy={a$sy@H_M*r|u<n&wrPm
zyh8WJ%q9}pqJ(_q90>a+YNfV`oEn@O$*t#Dsh=b2?73)It(wV`=P1qOYv&o7$!4k{
zkAWY8rF&!MathW(OS$M=Xcs>OxweT&+!UEp&T~~{E;+A?B6I0^?uyKn=OL&!D5%E}
z6cYUkx|gmb`Eoy_`^M|(exbVOey*O}KxyJsUP|XxC@<HaU!lC*N;@30V1T;e%I3%C
zSFrg-C7U~lO^MiO8}oF(McuPE((j_Wr*EP_vS%#BJ*V!QHY~^QJl(Zh)V*}ta!pH*
z<_^iczci~jujI`(`SPBUCzSD~=lC*Bxw(-*5f5{XnWjurz9Cd<%s1p`=NhxyryDYJ
zOWyR3>ACoum2N1`NjIb$LjIDc=qY%CJy~xKzp~zZQ@SDF<PZ3K1^CK)if~oFKwtFu
z0|igI0j~0upOa}K?gdYwF}odInWn-#P~v%}q0kU0HI{bn&(6;6QfeqRX6L5orJD-d
zm*y24laWAnPPP$zJdsR8)>CQ>_(~o;^#}U%V4v9@q2%Y~Jh_IF*Pl$!Mi2;^gr_Sz
zH|xnl_$;0ly@=vY`CZd<a-RIGyf^PH&O`9vob}|%5BpO0NFd+j_l10sP_ex*C+{gV
zL;@vm$(!+(Japw6aEIX8hICWDDLXsg1VQpDb@HAJ{sMu3-;WSM(O>ZP_h&tRzn`8V
zY37BB2qY3n&&o7X+J(}P!Iy6ErFSefQ9_oGxTU5XLdfo%Zp?YpjahG&B=nFs%7Ffy
z502h^14O~Y^mb`a0J1a`@dc9p{y?$O7s$=Z&MG!#XZh$sUOn&yvYu>%4-z-z=tmCJ
z8Ba1jAE9|8c_dN^MTPz#V`B;Y5qVshS-5)(dz5DNhkSk?{rfT=y3>W&$*+?6%kTG<
zygpw5F8G<9&6N0=F8|EVHJ=vbXVL5T72uB;7Vz67$TgWiGeTQxG~6S`j~v1eA%&2q
zS#Qpp-4P|lmz(2@MDV~<nw$SXW_D&il5$pQmts?)3AwPHFRKbO5@K%FiwE9NVO|cN
zODB5p)sVxpOk)H^8eFMR`%(DlFU_@LR%R&wp1e2ro_tffw=^%0G>ZgKfc7q+e)t1f
zZ*jXq1B%-03{o|VGF(9YNxu`BHOr68jD)D5!f!)?iX;LoAs~8|nVa#_H~kgo6%^N;
z*H>sLH3UM)1r$kSU}FeTEHwDj4Su9s(d)}M215Q~18POq>&qcL<PI3jLCKk$p+xMD
zq#Kfce}8`xvQiajfVgQCr%VI#)aMTr8;TGSsn?K!=QN6Q&YMR0C^Ted<xvXr4Mj8x
zMNfum#_TK#d#N$KOMhk_5=+I;=P#kqMFPmZqBogFkw*M>;1s9)&!a&5vfg}SdR}RM
z&XaFUmgXRk*?xa06e=OqjK}XUd3>22eYqWdg&lnP9eimNIG?YCA3K5sJR3`%K%pVG
zD{9Lue{Npdg8++2#^UV${tRkMzKH__KP0RVDVLj<nOpSc<|Bb;gIMIr?2z3ly(38*
z3MG^M8ARNdOqNjGll{po@*?L&nMfk7v)=x!H<|UKfCchMmqKHHUa_GxJ3p&1C+jIT
zrW<pf^qeBKRy!h{wky0N<0<a$r=Yxu5!HS~!khN^k%k_yD>P)05(RHzRt7m=LQZ78
z+3nKr$oYKvIi(%JuPMDt5h;#VaQi$6OS3|uqNg+;Z6Mlo%B_qy>&Y~rjq!o0Ki!z|
z^!NL7jY!CJV}E}4QbTS|-djSuSwPOxC)0?(hD-xeIz->dBUIF68fl*OghE+wAktri
zxCOKfB~-)$Buf^&k^X)k^4a6}1q$8_l01iU3R%E0I|sK&f2c4kl=hTnLu#aqKZ#ZW
zl`fKPLK2~f6y~Ho5r4j+)R><iD0(7A$}dWgB!bU*lX#T#By+fXlgXktJBPC;hxRtt
z=<}sL`T2QoZWey{QCLu1k`M)%mO)`f5zEhI`T$j_0wtISqG#u)(T0=|C%p0so}4Fy
zYMepA%X+eneiR~awz0Tlp|L~_!43t=irGbP-c!N_5|s4xjs;Hvt$!Y^mM`xmfsy@1
zRjm+&FY`_`?oGv}f+xE}8l|q(;49(_8Pe}Bgptgprs6Drsi8pP1ajW=T!`S!%+7g{
z`nd+gI^si-DteO1G%^|~lfjD=wY22*=kU&JLMGE+f3iQ)kC#lgF*Cc+i2TPJMt#!A
zH24dkIYLS656~adHKaWCBWKE=NCep&Nrob!NF)>pfCObA5(?q%5Q!iIef{JSpMdt*
zM?BieTBFwA<<Zjk?)w;jZ(PdX>2CfmF5~adMfiL2F#dk!2>$-%G5p;+#NRJAc{MVi
zaF^e!?TzokvtCW}G-}$5Uab{)&fEs=NPPQuZ_o<({_t%L8ZGc#47<zpy`Q&9eeZHm
zlhy~kX?>I8w|LiC>bZX({=R$(fB)>bSsEFdA30-|wl~7r?c!P5=Yai}&(el~{Xdwc
z`GG?Z^7rHu{C$mgw&Huu9R7~1o~^?3|Cql=Z<?*-%>0^h{>j;j&!*=XU$}X;MuzZ0
zZ_HNVeRQ`u%<sMYy(v6LJ>R99zw^uHXx{?;hx_KJbZA^VNBi0AM(xP!7=QK}P5Y>(
zX$!;ACVYWX({}V|T50<^1hxGHhxTkxI4n539lIYxcz#;TH^3$>K6}D1`Om&JTj8*Q
zHKxZFKINWoV0^FO%uUEId_I6L@?R)1UN1O%8{=yQYqv6{Y*yjj!+2kaNjQXjr_Tj~
zOLs6X2#)-T@mxfh=rwU)B-r;mcK?Fm{tL#}3NDE}&kHUV*nNMbBJnHU$2cyy^k>H3
z7M#1A@k0i_o$>o-vH#4yjE@nVe~|Il1p9?QikAv6@EdmD1IbR|=k8=26I}Q`<4Xl=
zMaEAE?%$j9;~n@S|Nea#e_U{Of5xi>m;8)R6WqTi<4Xhw#Ql1~`Mucv9>IRW&k4?<
zT+?U%Tn<0|GUI&}PHX)XQGAXjj5N=@$^6z5#+jCd!+pyAZ1JC4$NsM}FzOk79uwUE
zCgVo<CI6)(*#GW?5&!f-?0%Twe!<rZ&I^82a8~e+IBbsm`wnLRor1NGGL8x^3jG%a
z=NGX%9fn8#wZ)7d6zmT%o`bWK$UV1!akJo%_&-{3TJWiYBNE<~2EFkAli)&_`8D8V
z8x?*Zr}uvg_T?ELEV%S5#sh+rH!?m+aQ`nEe@Afk2Il{OfzjU4XD1vmL*e!Robgh@
z8F5bu_Fv2HR~WdL`QIzp*TMJ&!9}#A^w|%Gr4auT+Ee-*FIc;s@nwPwLVvg5jJUrG
z#X`yV3#MNtI4$^8!5OMZ_*^Tvh<2MkPZLHN(W3Z)&+MI;Umoo@eFh0rd48SC^A`k{
zc0fVJ=gUIx-@x=Y3D!<y{FLCxsf^#fGxPVI$2crFu#VH`G{GU^_dUVM)0zGb!P<$8
zHw!KZ|J~8dQ+gEEv-?4Uvx1Kj9QrheceY^PQH+0KxC?%bFycS|4UYdiVPTeVPU?3v
zVT4!w0{j1_xbL3f^vR2R_F{H#ftf_24}6a0yMQqGov|C!|48t|lD>Zw`rH`%?}7C>
z@}E7P@y&vZlZ+3BVKl{G<T*`n`hU=n<8zhZ!Z>4?Q)Bs0XZ(`k|7^y)!QK<`>pzR}
zV!?$o87Bq%g#JvyC83A0G4{Wf>2Edse}VCvf^)xRd;m;GP<WZU8IK4~iu*-^0~^?#
zESjkJp2&E!;K-wlKZ8BuO8yDPXA92W!T27*dFWI0nU7t}M4vsC@y88ZV7x)FU()MJ
z!J6PZ1sA`_^e-F!#eFAiB~tPT{*Yk*@l3x$u$E*zVYp`)e_e3?0>-xqPJf*-b_gl{
z#qTiQ3v2UL`h1`93c;ZtG5)OJ{+~1cuHfRY7~d&4J<1rX-xWWN6bF3v#ZqhHUrI3U
z6r2(IZovT`m(On)^#8^9Cc*vCW9j3=+EL;cc@N`-f{QyaK3Z^g9^=)5{lXuMn^_*A
z#{y@C1G{s5yVsy6MFgK&es<3V8GlZ2`n`;A5L^`8u!r!Q$L^hii*1ZABaHeSk@lh>
z?!LL~{)XTJ^lSR;w<q)SzmM?+g0m9dorZe{yJNAJici+Zc&EJ>CwFGtD%kf9#>0ZM
zJ2Adia75&}O>j=!u^d71PYXZ)-i&h+UP`cUH|BSe;QTuopD(!3&E?@X!P*U+UvCKR
z{|V#&dcVX6{SW$#2u_MV^|WBWygwK0!}I~E-=_=q{hIxMPjKiu#<vL${E=~FU-n;Y
zWcj`=IQ=B!?e}B%$g@m8W#CsCUo1HAI^){}mqytC><@^1*RcEUf^#{>9~Yb!JS?~%
z_yWWKRZM@C;C^wxL$FWWpAzgBJnw@Xeo5#*AUL@v^Xn6w{R7LpPH^sac0b3!4>8{5
zL(DJtQ^xxX&fLlVR|pOq%<gf)d2#=(;Pf8szWaxnUlILJ`WzrQBse74FX^{ZaR1dz
zKO{J_l*`*$g42TU5}XvQ?a$%$3;u-Q<S6@JC%7Q`$CZZr5ggv14EG4*SqDgZe1`EN
z!6ng0#|7v6+5IBHN%4QH;LMrqzW+xgJ&t6&PH^^c##b5cQN|An4(N=x3$Xvl*^CDS
z7tUw=4Z%6lcOEwAMZR|g*?;I1rpFOxs{U&d|BD3|KgsSz!G&WO@6yclK9T=G!Tteu
zj~ecx51%hMAo2T|;K&N5-?>Hj2_6xwN&0ORoDug;f(z20`nBNDXE}fWZun0!-ltXg
zAI*4);J^|t&#MGSe#q_{1s5bfmkZ7hvb+xq&PjRNt&RCdPGJ9Cf(u_@{7u1`s~I2E
z&h&*L#>WWOhJ{{m_Bh6W793i|c%KgTpBa|)7OaVUrwa}ZvHOn<Eb)C%a4yaKKGDhi
zG)do+1cxNOzAU&X^8M1F7kQpF=q0`9b}_%a;C%%LzRvPY3HFQsZwT&}_!bQJewOcX
z!I{r6_8!RmeUkn`!FloDFW5iG^d|@oUBmcGf{Twc&IwM7|Az$UX`lk19S@TD9K|>!
zI3xIY!J4GkDS}Jl{$;`0SJ?j*g43@t{)6CvxIZE|`6|1=F4+Hiqmt)cA7yzW7$2lh
zkKo*E>^>^E_y*%M4SI3ETyW`CcE8QQ?__>Y3htNkvd_mjyuhyP{z<{v0~ntoIK4OH
zOAY!DGQM4KXivr^!G59N^<d`T|9*D=nBe3G7_SnX_A|~H^#8^9dcmRhGJafe>0OL>
z`?$!z1LK1PN9Hp=MsWHaj8_ZRBz_kN&g{tU*9p$~7~gN;T^PS4xVRJJ-9j9G663h^
zIZ|+OG2<@?&P)1UBDf&*w+jvl{bPc)kFfuy1<c<s@!3OgzohTMf(sI#;{|Jyo@Wcr
z&S8F62=+;Qek(W`WcS$%IlRbrjQ?A(e>US5!J5d^Ex07~y5N4nQ-YIH{xR3D-bWdE
zf8+$`&f)rStKj0N89!oRarZ1@|2e7O5d+7(8hs87vwO0oLE$e74t<32eS))JX8Pa~
zp%;9F;Nqd|ewyIWa>lm^&L6^f_EPp=5c<6ZM}&TX;N+K>{_BFXf8qMM*CFiR_bB5Z
z2+seRaeFtr=Y;-Of|I{z_tsCad-@K>mk5shhVkrW?C!sn@o|Eae`5T&;NpFZCzlKT
zy^Nn1oEG}eA4=|NEi=IJxl3>%$+)$L{RfUx$qy^uj5WOH=ySi|z+Rjmuu!bZLuntz
z9}t|D@&8W>*7j!i&kD}JpYgW^XT|*wgnj70HoilJ_n5c`B>&&@Ne<5^_;AAWHSHFe
zPnZz*?9VtpJFjH=$oCnqF!0YAzals!_@Q2=Fa4C=Z|?(cOlwCzK1a#(uEWSZt!dY=
z`>^0_j`6ny=dWPgcR17c3vN7uv0vmlm@xQ9g#YP=yU;%%IGbgDyC2E^vtMKUJHa8r
z=})n{b}_sEOks?NiM*ddzEXcaAnsokocR&cFa0#Trv<kh%{V0f-}f2Dr5m|?{Zw%N
z1kTSBj}iVSGEV4>wLdfdN<ZWD0qp->QO3UaGENzoI_>xzKEUq%mqTcLP7<uaSTlXz
zGsy0N%NVa0oWFtb=|k)uIhf=3y5M{#<4?udJ#!)BD+EU-Sl)HR>|PjS9A3pZ-^zIZ
z5ypPOyT*lne-6Kya3k{fZ(M$c#62zZUFQo<9>DI`3l98!wu;|_f-{0W$1?xWW9;r1
zoDsZOaKE&#Lk1TArx<t*`~Q|;zl<N;Xt>Mx!GnVH;=adm9De#h_J5&ZUngU2ROA!-
zy#*KE!|vUJlY$e1i|=Ol>jbA|Jm^Ki5g9K!aE$r;Wjy5=!TFD{|KABNTscdn-;0L(
zx$ORqagkr%FUJcm2>!j`$dOzgUKQ+@_WkID_?Pzk2EqN(UhkC@_djy^O$*N4#rQ$N
zC26lec0AFiwfrE5w{(KBmSTL=6!YtUl*`kdf<tGs`(A69-Y50*bAk)f9{pNyMsUMg
zrVmK_a*W`Dv@hQioDuxE!Zbg{;VoIm@{~Ty_zJ<H&oe&n1a{8~zUQ-y`=vfLe@<{4
z*PpWlM-F7X_vhJN`vk}L3xbmY#vl9wyBDzzfIhzv>^p?9?|;}meI(-(1xIwo&j}74
z$hajf;T_Jn$H1Rt92eZbobkzm3!6DVe<ipmc=mecR}!oX&cDp`mk3S@ZaR_aeS*gb
z&r555nkd5OM8N^U=O~Q#qt5PE2tK5r@vVZ3f*%n)BJ-UMCo%sEk74>f1#c973k3%R
z4+<XXWBQGPi{ie?@Gty+rLd;075e+ceNzwnf61U<%y_4hS)N-KGCn|IO-uGN{*++f
zO2#J(zV?%hbK-xK;5)@VFZ8bn9ufTBQz$%5+fDd~6;5lnh&(aDolBVise;pC#+M4t
zi~C)Ilj8qL!8wUf!>Js<oX{^2?347#D6DC(h&;a*_vBIz?|H!iN#Cvw%<o>|ca&hC
z<nOlykBGd_3)UokA{*I%as~7MzF@!L?N4L(yx^E%Uxev@E;uK6w=Xh%LBcy$@W>*j
z&j~(K(&tsd{o;S|>Fobnq5rDjIYR%E;E2e-;tbF?rnL{seBO{?zu*alH7zXjfoBU|
zBlvrQFBJT1!F@8H`iR15?E#rDXgpKG6Z*Xc?;toVxK;cgEBI(}|Dxc{!tc8ZYuesI
z|1)u)+|2L)dj#KJWc-5QkhuHKB6-j*yvFVa34Zle#>0ZI5qz$~Y3+W&KNR<n_`gr^
z`vhxeGyi_U`zoB)!hdD{O9fy35aSWShX_7h@EwAGBsd`ce=GP%iO(Z~UlRJgGMwJ`
zN%$#+HEomNOU3=FCpi4O1YacS`<`>yzhB%xD!5PFHwe}wyt@Q9N%}OO%l;31nfYe~
z7e(G@1)nGGOV4BaM+IjE=U!p|uL&NO@Rpy?^x40#`?-QQN`Buj_(1W$&zG3~uR{L?
z!L34nkKkiO{^0+DejesarF}kB@Emy`#0_`BrwHCp+K)>NEbY^^f&<b%{Y`K|>f;U<
zaCjqv4-}l1_Es0XpWssj-z)fX!Fhu}VGq{R$oSlwf(wt}AwD0t5bpES+9v7mJxLf&
zxmHfk&4PXHjNcNR5%;-Y7XE^F5u6pgpWw_Shxc*8r3B+%!G6I5g7ZQ@CD=E@^y>vD
zKjKyLe@Spo@D+kXg7bn4?M#2C;a~bIPYBKk_FlyCDReOXZh|A?9u%wz{)FIw;Fv-G
zLH7Sy!8zfV5u6eEzA3oBmFce)oNs1)w_u;h|CHdQ;8|Z`dGq@-{d)xagnzr>jD+7U
zI4SZSBRKM5_CG0D6MknJ^x{8j&>z6`KNegRe3#&?<mWSj^HZFEp0BdJAsPR9w_tyY
z-QO>`Ao<@RI55iYVZjk8kDnH-9mM7Hcmr=_yg_j2P{v;sT%v_@_*^MCv!3zof(u78
zeoSyg+_(Rlr1$@@`-cUWgnqH$;s$n)8uUjoUMJZ9X~q`{PM^&9I>AZd_XolKN3#1f
zf+K<(FJ^iA``G=Rf_=0Q5T88-mjt&7E`F2ULxz9By@J!<X7>?;{wBt&1?L2xEI9NF
zc0W&WQt<Z#`vm_)aO4L}|69RX!G9NAx{BRj7o7VZ<6Xbb@y%Sv_ydBqs~Im8oD=uY
z2rh{K3Bmr$nEqtJ>B|{^MR5O>jIS~Li~Ao9|03UGhJV4Y2@VPW`B|1XcO&zAx8S_s
zj|eXOl-;`p_us(yXu(O5XIyY5$L?vtn&5K<`y~9!2}8fhoj+HjPo6MUC2{`)Fd$bh
zJbu)HH#6qS4)@SE6tRi_$ANEfVC|cB`h6WZ?7+u3@LC5x$AK?%;F}$Ik4x;~ALPJC
zI`HQm_(BJM$bk>|mYx4+9r$Jk-uc^hdfkC9ci@*Dc<FcS{?B#bzc}!I-?h`Pb>QnA
zc-AI6{Xz#`@4(kP@beD5@1=HrM?3I&4t$FPzv;lum)ZG^I`GvF{EP#C_<MH$$2#z(
z4*Zw{zwdIp|HB=4qXS>=z;8J4u2<Ok?eD;!ao{r@_-Y6KlLJ5N!25mQ9^PUH?swpf
z1Ao_n8?LnT+s%RZci@E%-0Q#_9Qb+%E-IY%qA60J%?><2XP0L$h0F9GbGWZ?;HU#{
zbl@L2@GTDfpaZ|+z-?FA<x44CmhS`yKGA`{?7&$E{;mUGuW-42znQU_enp4-GY)sp
z5A5>p?7;gu@Iek7ap0H(uXEsy4*Vs?=KJYlhx;`S_q+rD&Vh>#{DK4j!-03WTE*WC
ze^&?oZwKDXfj{KH?GAjf121vl9tS?$fprI7<-iFC-r&Grb>OQV_%{yxR|o#P1D725
zH3#-yV^7a{4!pAizuSTLa^Md+aEk*U<iLv@c)0@~=D@lGAM3!h4eE0!9iPW_KCX*!
z-Hq#yxbDOCXI!*3h_)B~7T51^-GPg?1Kow|Zd~``qU}($rRaWK58(PUt_N}b1y>Q*
zUvWKz>u<Oo#`OrUM{)ff*JHRI$MpoRCviQ4>seeST+iWp9@lHQUdQzYt~YW01J_%)
zJPokwfU5ylBd#V~vvAGEH3t{A?P>FHZHH?<t{rggh|7;_4_q`YO;gu2-Aq%^G;O^v
zuKjR*0M`d`eF)cwaqW-m09*lFL0rwaXqu0vF4}R?l*K`~K8ovOxDLkkaa<u>3veyO
zwFuW@Twz>Ga4p4k2(E5ipTM;Y*K%Bk;_AV*0#^jrCvmOB)r+eS*I~F0$8`j*BXNBS
z*HO4`L7G5a);`Fumo&a=URNW3{{TO<-RqCI?!l$}fY<i8=ywC2HR5W*wLPvKaP5d|
zCtN$@+6~t`K)VaBU2(k=*Sm1-hKv0FyIk*qJlMXe{dWzyMi3X8`s={eiR;t2{(l|$
z&#EI-DCwi?M+N!ZFMYX~TV8H4bPbcy$10jmvZgNfU}3{`GBG?%2kIzC_V40r>ETE9
zEMpsP!IrV9(aAVj)r482WVdnj0?b2_nMbzLsIQL4){vb>m-83+@I}L%Sx{Fe8Fu67
z#c+6an5Ba$VtznI&x3jk3~hG9<aSSQr%vBwjyq^I6)EPpnVQXa_vyXM$X06`47|c9
zFH)xmM#2~Au%ZofqOks3VKTgu<ey<dyfRcW^-m(g4!3e_i5$_FijGexBdHJ@*5OSY
zjs#oup`kU=VKJUcNuZ9x=roLSc9*Sj4!AOGg~{sf#Y+;YUS*&YY0GD6xM!$~m3Wv=
zbQ81<rxLQ%%VXoKCPyk{br+}XttZg~yRvn9Yd1q%G&Zz6K8_QY9ZBOJT*pu%HqjG{
z4VBZ>Ohdyce6THYgx<GuK~L|J6)O+byBE_5AeH8RodLS0N{1;Y&dPzc=}+|5E2!xa
zRw!Z97zd*|19XpJr|FSHT+~}{kWQb6tz2Fi=5&EBr*ntN%5$Yx*90mD+GE%TuhVCj
zBcg}&9qJ;lTcFJW(<|b*5W<ql&iaD2`&|;pK@Ro%4VvMGm6>u1y1li|fXklElsX~~
z+y3>G`{ouiWIoOsW>m>a_QZ_6Bf)TjQfi&F9`%J@uH=WYHFq-xb%tNAMr8jLR{AH7
zAS?X6Np;$4T`5p5Xk0Hi?N=^Y)EsDSt5b}sJX+gZJL}_7F16u`cBV>Vw$Vu$cuU}2
zi{l^?sbH}3YzNgMR}i`%_uxv~Wd>lLH{niaJ*L8yViBE3;qF2QR=Bz>uIgv8;fGAf
z1_Ko*t`IwRsyKMXbPA%Jq$XkuQmN=V9Q9oDEM<$QiZhkVZno2!&Bx8wBb}@VW4TjI
zd%RZJ8`n1Ld5L8=`>~1T=PpMvDl6Q=D;^t+L18kEBUJgK60+IVW0eE9W`06pO#!WE
zIo2e!o&i~t(0brwO+xEIku?de2Tax^v>gsvlhSr<WKBxjft58WZAV$wq_iD!S(DOs
z{AEo_>%pBh32i52)}*wZooQ0GELt}>8e4)RC062CC7h{by0k7_hoifr$%SmP-#p8`
z8bO;P46C!-tI`-py;mc!91ve7u^Ye)25KEUR^3;Pqs*#$s(C<KHD4}=n^hz2ionkQ
z;qi&M{Wvk4n}L5mv#soPxjJiybVJH6907&q2sYCN;wZZ^>5B1K1P8q6>KtP_0=VpC
z97)DT&V#iMJ*(<zrbnSwWi;IZY1KT|Ok#Ts>pu#vT43%6o>2y|GOt>FGf6mIXOyva
zyYueB(fMj+0qs7j1jdK1l|4<#NkFSoiK*lS_d=EIZQK6TGc(k-@u@N0{dM1F2xOjt
zX8LMhgd=Ab(HTY3`UC@1<|h{PF6!>K7UxRBAS>t#1`?}n%~>U7Gt@vc96kiJh5*e=
z?MFY>AZ?)|ROx)lC8N<*6Ja_W&^WHqc3^xtLo0;i0&c0d6%_5}DYn%m=`;j^3^f9S
zB4r+cS)G}wm#Q*TA<rV4qFG^UxoSgW70h{zL>*P3BB1&zL%S-Li3uFxRZ$(<jdD4N
zwv`TBvQ(80btbp;!qmC<>Kw?R^;}l6zAkpGZP`snKL#t(jr})URbNYZog}9rPlcq^
z>7cQ%<<ZIbc(5;VSl^OPx1-z<auxlv#qC&`7VBsYpDSY)3nNI<7AE=<q$5l~2}WB}
zH4K+QO~-(wGYo5_D;kGpoS#%qlgd154laQW`9x~Ls5(ZSPE+c}sa5SO6I0_uLG;eb
z*%Pijw$q4)F_=Zfy*Tz0%6<<9U9H1dG_op#c~m88hTHrv3b*BL47d5v=(+*u8R!~D
zaJuCp<LFIF;JPY=*(9~#gz;bija6R)gCkQIN}?gdwj&a$<Bku<)mXdgq%z&2QJguh
zPDQu83D`*;lg>_xMd!*RmL~>}!+}$du+%}Cy*QRS1&tF2v!&>0aHEhjuQCZ*z6j)D
zq15B*?9dF>O>6ersrWbpwRPN;Bb3p>k=PImfEwpWmuBVAm*7;h3TsVGdn8*Hj7LY;
zoe<;W-8tEV&5V$-(J_mfpk!!O?_-=SrvjT$jg4~veKk&P9kA96_PGS-pfP7CvN&{G
zoeNzvEVMBym=)vH%t)c&=$GFb%p9aD-ZoNB2`FmuV=dZ~^3Vyzdm=tC%Eywcmo@RP
z(n{9Zf?>YJAy=mop)X;}IZN4wY>r&)vgL?zeydAbsr2hYYNRH+$A=SPJD=uYIYq)W
zrDKdY)(X72*`DHujpLBm<6`J)C|_<V-!3JGCIK9k9)~~=3=Ggw;W&PkTmw9e)Ek@Z
z>qh_9RuavM8f>Ksi|LgkQaJ2ye3heGnsihr!L;qrsma*dD!iyJPDfKw2h9*FDqz>*
zsj(y{f;B;G@lZ6@8pyxxG@NEjmMr0ftyST=4BEc>Y5Qitx37M_eKU}^Z^;b!&OqM2
zdgPU&(TcNrSMk)RItzIj9hbe<mJ?Dy>Y%JBCic?NgZCG8C;Ae7BRH^c=y+A|@Dj8P
zoT@U@&hBU(<8hZdgQ`Mjr<*S#;@g7Cfb;AY@!@D{blFDG+B+Fj%_-Ht>fu3osS=`%
z+jJE=f~jOnBL@L($!+6hOJ19cJvqU|o}4Sg7^+@^*-VvjJ#H$kI?X(?j0Qmhddq^;
zD$CGS3;D+Z*lT;I2KXdEm!vMsL)0xxM-v0lQFK7)cvH%~t$P(H@um+I@7T$BbZes7
zwgkm`!T1nOKVYJ>$0&H^!FQw{DKFKNs<j)3M7yUkC2q$Gbt0)%6F`b}gx6w945w?m
zL{bHaa$G$X+ugby?N;sD-X)+MHRK4k9=A9)9L1^%<nW=fF-zlbp+c!7;pyD;@$uM@
zdmQ8`%IWm9|J<TMUGgo>&#q5SB`|Uun~b_;j;-8N-CZ{5eB_d)b&!y+YNZ9?kn`5n
zDZ31Kw>u?oo<6>=BsC>xAKOrJd)tR1Yis+|yC@itV>+QLsR}K_2`HvIRfYBi<AWoK
zl;v$E-ju4xqfRcFXiYHo5G0jG#`!Ip7CSbR5KylUiK~fj$-Z*OIH05Dz}d!*&O9nU
z^@}YdPRy?5&}izo#fh=_IGsryrU3)T8w(RYmR6%2P@CS3j(V%Lc>pObYih>=r%n}|
z;^xpWBXBbdjR?W|l#GwNl@~}r<=9AK`rTF5AMCF`=E;4c@c3jr6+=f>wIvoWX2G|t
zF{<by2`5SMYB|zM*>%`>ROLSO@^Y6|{8JM5P7MxXf<KYM;)H)i61Q>^FN{yJuIy3}
zXP(Aye}7G-U^6P-_;7sHR4T?};tP<LquZeEDi7XEI2QJL??`-jl1ffw+3GQSfo%qP
zY&gDF$)PVvVW1W-`-RcL<6MYaoBP7Oece4v^%XtKKc&-o+e5=q9N(Up8Xdw})A3P#
z%}8uqpBPQ72|FZGMax;BRQ(PHNk1^uPs^x-iV2gn5DAr9?n%e3gA*1q)-<R)dPIB(
zOWaUAJ5-akB5CQrmOWG#s)GW=2w(Wva=*9iPr3GBkipHdle{iLVz|b(i(FNGw<wf~
zbNiC$I8IV`uT=J2YsXxHOG{uU>Oea^IT;&wiqRP!i%%|(qhWP#A`Pvo+&-2YVp|)D
z){$CC*OrmSGO1DRz@3QfqIHsDG)8OY94$=OVs#w4Dy#G^q91mzUELE#<LdOw?E-n(
zq9y?&3Dlf9+IUCk90ocRTNXySXQQ$lYKtQhP!%0dY_D_W%l1BR8^NsYL~{$52o{eD
zA6l40;9}usP~x4BG^(VGELlzI2A#Iu>2AqC;nF7IO-3hUYVb*ojJk)|CLy}emc#6%
zFzpnUP|fL%p4gh@SXh>dj?&mVWDTH;gBfZy5oYF<Nv<3fTb|V)9gQZj^bz^o$rB=I
z7;5{9Oihd|PQYKvl9aCeiISPx=la};gNqZ(W5bgW5B1ZfwAPd<NFkZ2P?NNIabjhB
z)rbUCE?I6eHKV5&uRjXSDs2}nGRHO@!*f)bx-i}+O*Z;$n9!yQR%I&6RU}T+WGp&~
zjI!mLOQMzEI8}M6sr#6dSIs1BS)8!U^h{F-Kzumn%i@F4(S_5Nm{v|fV<y^Y_$@u_
zhz#}5DAAZL&6selP>F7vKdc$wRwK<PF+Q3YcOOTpoz!i#fM$FUO#@VM;!(TcwM$8&
zxpMUQF_}^+as*>bTTp=7DKZ!$9a>0}bJ5f~i(2AVNIKM%6ALdR+B0irnz4Autl2#n
zmrqWjC9a(S9VF!9gt5bbCTm<|>s*}R3R;_4XZHjt=}1Idb*Yu*T@?NzG)2=$U<`R!
zn_QP_IKxVA432DDuC}+POKRHQp@w^~XKGAx%(|w@aBdbiT8!@Mj+c{Vy$7{_WjOuI
zs`-;s@j(ndO-!Z|>s&IqMf&W02{rIs9%(k@Qv~Qwb0g=*VL675G3Qb1E!844#(WOm
zu@TY}r+d}5$P3BvM~hOX^+PE+R3pV(SH_N?La%p-J1NvIY~4T!%@#qdirQeVu9Bp2
zDb^LysV+>L+vuZhZeNW))>Bd1XoU@4qQ-(OOQ*re_BQA@smSQm#EKLqx7B!wMZ2Ns
zR)}5^{|@677wbvz>ITdMz-JwqDC^%=nCl@N>Qxm!m2Z%aie(jb%h1JZvg#<_c1okL
zQcRs`LS6N-B=(Q=C052Tk3WGPJLY>TsvRaZZG{xGDcq^AUOwua?zPM*OJ28hEII6`
zqih}UvFO_P7}l$#Vx%SMgLu!OW9N)a%gWerWrNU4rA8^M)0PlS0zsdtt1z|pu8Cs4
z$fcUKg^!<t;!aMO<#Ec`rqlp8ZMZ_ZI%-ZE*M+(yZs!+%y~V8^8&oi8QkkCZ-Q!gp
zXyI8DU3<j5A~KeNOv&aBLv3)UcP3m%)ptgxu~fBE)=slUsZh?k%*LSJ6zMtyD_vwz
zqauDzag`cjX`!a~K+`8P@!<CIx4-bGCWo;x%r?T`VJt6lY5UD6bfnN0lh1Mu>i{o$
zO3cbnJB{H<rA}j{#WI&*y3K4Z)b!Scb%AS8A2CK(&bzW}A2xqs0n^|}l~9rXRDaY^
zLb>y6`iDN|<}8h2Di~N8TNNMYUY{lSvb+4MdujnwQL3E<Yc*C^Ido?xzlF5QYI};<
zl2mk+C1NIfnm{jiNaOMHE2zwume%T>q__;@V@+R^O$*J4TE`+?#8Z14IE_@3XQ|`m
zu-dKisHK(eGO1OzMn{^LVxm{(COuL1P7Px`cV%pFDm4+OCCZjUX~Y5VHnr4?QiEc`
ze!?Ro18&64-4m|luC#}t-$$#+>SEnOBdlhYS>Fj}Dq((gS`r$Gbt#Ix#@S?FnN9ru
zGYMQ$lwW(bD0q*)r9Chump4#N&!{9*YGA`q=B&M-weV`4jjN16yYvXD!U_kMf^WV~
zOi^5N4r-jLg{tx!yavkJjv1{E^i-8H;F97U=BSiQT6Xj#_!Z&eu`@i*E85-i(S4P+
z85xV3WD413Rs^@4!3z!x&(z$aOG<QE>$Xcgsw@CE<)JA?TrQk#!@Z`gXmDLpWO2at
zsdd2E<Y0TZVHR+7wDN`2wIG=sUFW*7$1GRn?rICVvf=VnQP}~y&u9#5CCd_9+$weq
zjA8+&(Pe94gA@sLZ)4FhGDd+`HaLhe9~}!l;*%5Is#8?$?JL$U0%Ot1!4W+*HL4cT
z=xn!wJvAo=j*SgY!sZ1nw=D-eHI4zG7<!S)Kn7YF);Lr<rBAL)^2+Phk?6!oH(Y7n
zw@vSaQXd`FClkgay?rb;mPoA&b_`;YEVg!1k5Vb3x#n*2z;-T{fq|I62rE?<eZiKp
z025?60~B3)??Q;N7}LuXAd}K$GYPj$?~W{U?3rd;8!MG?3qZ%eY<)`g3^Uwi-aWlx
zkS@`Ck5FNlp^&)2X3h^}2Sx-aJ6wCMhv}Rx$~iEB+(I%YCn?H$P$j;eOeJ_exD^~@
zhzrXaq}idKUJ_P*f|rsAY1EDmzyd=kuxi6}kg<r`$mztu@YIA#U!^f}$KTxwhD(PE
z3DL$~3>SW+P;NE9BuzZ%gYh96YOBS~y__S~?eS!E2;Nl%6fv9Q$<?hWb~?V>sSvwU
zS&Mpme0+iol&o|X8XI4$4<x9nGM!`5@%S)}8DJvDxx3vimd(4Ya@j)frh0Bf*~;5&
z%M3@V>Zmq)9E*^H%^X!dmP%oXN9|;<r%*Uba4;BKixFtF6KG_RNGl|S@>D4HQ&&`+
zI`>$s$xzfzs_xdDnMMZ6C{?<wLU3c#gAwtddyR0BDICTQUGiexV=_Z=n*R-w#Ij)O
zUzH@O*s9oCvy_-Qw8ceZjMWS&@)ZTb8k{BeZ&Ps1$&nNqax;34;)kBBvk;N3C@NYl
zdiSwv%@p>_*DmAsFwExI$j@yNMrS-}M#0P>BY>IK9A}IzTeI9VZQ9WPc{R8!ilyxQ
z3lgGA=x<{}w2?xBA<@xMsD-pmkCc``8HdB=SEunVap*XzE;<UcE8DJQDxScWl698w
zwv@l|${P^N2&0MUP*r`FR!3HO3Anxikp^8*T`==PGp*!XG+)-&f>zDfcw~8FC=bbK
zJk`An>wn6sE+s8&p_Sj&ws%~c;UZCLQ{Vrm<J5|Azs_LW8ss^Zv7uNpfpx6mV<UrX
z-j3S^rfNqIWGp(01y5p-4+E=%D=X<bO+KUn4ye7aU}(`6m|xd0hM;=T2U$A0E;(Y@
zb6e&Ta#uNIlQ(3HbKlM)V{>3QMm?)>>e-Y@(Gss*XBD)4G_h(`EY&<XV9j88+5$(I
zO<KJ8hy_dZ<tvuz%fp9<mxBjh4aefLhALiKvFJpppEbO#3!{`;5<$FnVX3b^in*Cl
zn<%VJ2AjzuqFO419$K)2g27IRI5h|u8H4s%(Z_OmOVr&@vh~DNN0z%ji=66SyPJ5;
zZKUC{T$J-F6PQqX+MHAFo-5;~uZd5N=*cKq`Ezy({&lg0Lj6yahT`ec`EErA8=ZCT
z?6)F!2wFP({D^w3^ozU9=)y}EWfZFxVU*2U7Txj_LpuMtF>Ns_6;}LC#PCi<|JGL7
z!r@@2R5vttn5NJtXsM@5qSe8wIk*Z{1B-XCo@pIMD#Wm+Yqh9@T^rhI)CwNHvRA4)
zd`rKXJNu4dor(;n9R*U(XbS;BOF1(hSzfKO(|`(YJteLlc`Z7Za~SI1QQo96jz4|Q
zw62bhPQ}aye(TCy1+%R!brlR}SnewP|J#?mN{Rp7%U*@VRZ5?O?%z+9a0ob4Wy0zG
z-&mb+i25I`P&niIAE{EPG4xchjmOfdlc*0xC!<g*-tHmKa2O`ZJ9Qdhw{(ZCItt6y
z9AMcdFsVHj)oCFZt!S<`yY%nT8+VDuYDwf8lFw`~*`9DTKqkr#8-#DRDm%s_i?X9U
z$T&g=<pe3)P`4|`5$F-t-KdcTXi+s)BgwPX*q&c5Qsqg=@~D?J)18BRqWHT@Ql9gG
zTu3pC7RcuJ@vOcX0&I{{9mU>mbV<zA>sG3wE%o>j$gOGCt;3(BnVZ50>DAa(FgTHz
zN)5(%qSLKlz&HV?)o`3FT5Wl1S(3(0BKNSR>cf~`Dit5Xx@x0l%_OgCvNl_lEn>aR
zaye|x<#1&#^CL$thjmQhaxPoqXv{zdn>owWbht`6mx)x9xJ8KL<Jfc!YUGi7N5&{R
z*1<vU7TX2~`BANDaia?jhLsb%hFmRJt57+0DYA7Ylx>LUD9U~-hB>k95)=93D9&qA
z(Im`1cAN9$FggyC4U|^a;VL7PHZ`U9&x|yZ7vryv<^hqQO6)ejkDOOEnx_f5&f8Db
z;QCIZuASh5AqwkQY^&beW3&gZ>221|AU2qcp}wJ0JvD(%-c<_%=5ma|VNB={DED9G
zfu%ur&iR<(RgSS&w2v+W)fAkCyJ{&dRiKlbtT-*6;!^BB4?2^%_paF5K`e;I>pd7$
zjRsd3XqiSB6@t4=vr_&#1*d1__6(jJvkYBWQZmHbttg>sAqWo~l1FviidvFMLctmD
z3cL&_x_b{%tq4)mFWZb;wYZp5ZFRn+{>|co`F}KC`v0|zk=lyFXbdEB465dtJ)Zw(
zGOf;dqVDqaQyV7DFlWM}ab0N9<3q<zp!#8d`#8>28RY#L*t-Bt32QSfcIH%5u*`9U
z5Y~#04(eE(h#8sQ6EFnZMJF>TEc6v8Fu;lvW<3lucycIH&obJBXEQO`I+#eV3r7aW
zcnZUXfTm>7mSQxtHpyT$=eE@JEQF>ikM@bF0j%f>+r-2M6)aa!mgS}<TKh1;BPp(8
zK`TsyLE77bOzAD}$+tLK_rGvnl^t8eXW4jxt>+eZwBu!C0A&`P%8K~Pn3_uCELSh3
z$_>Tb(pR*?&<val2_5EK%C8Sguy3o0MoT!B<g1p%UA*H1<J-#SuXTr^$*4JC*)C^L
z8v76}RQBMuJYQsGGY?1G_79JZ(V)L!!KQ4o#uNf;gjKzA%SM~mF&DF8WiDbq%eKeg
zQT||ERTZ19-x}x=&j^$(UdF3r>cXB5^zoY8+JmiFc&#R2v49&-WsxycnR`C5KG$aU
z+BmT-P+r*>Y>!XCj>`B1UjER?FlA}#8t(dxi>4&+eK+o%HtuS~e5?7}R@nvvG&_T>
zVfYebD25yrtC%cH>qHwj)GGI=y69Gps8$4FSt#{31z}sb^!9{7MPlv5#M{HXgG$8l
zqw%+gySdb88?kp?X=7W!BLTS#8nj_y0CWrVg=#F^#@sI{&Rq9xC7Va0+RKZDbhTbw
zk+#_Sb+o42s-CwP17X~UYq9j2934Ck*v^dxk<^ILQrBMMC!p*frqurB=C2lOe?z%q
z@$)jh_fYf_VSk6#<r$09F=}*_iZKVhl3gqN0+6Zlje4ZH797rw9!&MM;3RQyp((Qb
z1TSa?0UfJ|@T51m#E{C-cQslQ*OK7A=IZ|!3CeLx7xX{0NVKa8j<;uu*7ckaOLdt)
zRV}sYp;WBuY7p4C;7Z4^5_cbDxfFH7jY6gdIx89ubo2t2?Il%5SX}1d+l|(PwnxxV
zKzYms+6X_g<}L4{pb%j5)G^wmo>geeuC`H^m~|V@b=U2MsM`@G6zyc;U*JUH8ZAyl
z@9nEyw~a+jb*yIywu-GeHBvJ~dv48);&nLIjG77KcG6?801JbQle}<B6wT>ZA~@E*
z46Yt9x>wWtbxiVM6~i`*VI}LWh+_q_iddS%eXY`qHI%!G^5>$$Iy#A#-Wn%id3-F`
ztOjz8RX`Q_U#@C(7Gi6Gu>{jX<-y$9RBlfys~DoQrBS44*I(I;u~;=%MqVu~1Ft5+
zNFY5os$Qoqqlk93xg5({jab#$0cVZd(q&EqlvU`tSF~ApR*|5tJ$$q|s-!43b!K-D
zHsExtk@6nwz%zb<lZuASNA~ElmyYKnt#cQmk5n06t(Bmh+19s$yQ*VhZ5svL#=PwV
zk+qrgu!|+5Nae-sfU%BJO$Jz3QOX0$drHj?Kufnx1R05Gjt35|-r82f-t?Ad_RE|t
z(clSN)Is+Ss7pfy#hNU5m{rkOAaALP#v@DQt(6k9HvxGc&PY~Da#e(8AnS|;#e18&
zL(>a310kkmR-PEys-~2tL1Yzy?bYp425ceDAS#remTavzwT$4T=vX;OQK%}gLzS?`
zWo`9@HLQpAP6nGX@CyZ*&XSIf2HS87{Sb!U2~6m#G4Vf^3U<+n!9!|WH>?QpY60P0
z7lURs1~kMb^S6)#N;gDMM)%7c(5Xg=Xya|y<;Uuc?UamS(%d$d7*9+la15b704o@=
zl<6rL97-7bwPVKU_)K}U>iXcw)cA4wa02%45uA>l>+4Lm`fw^S#uQr^LUTaJHdnPz
z0jV)Dn2IN{cVYT)`Y;Q=aB5grW({aVIwetGcPE~yM-2HGW*EhYV)k$_#^*??RoO7<
ztR_56D`;+RhP@ycH<*h^#@Jk>i))9)s-BB8P8d}-64jWui+h)4)H^m&Ng%c=+Svtd
zq!@r<rAMOXAR@a;wcIgFVM#NL<FbJo;~^`h!QfaNXFOp^It|+jy*S~`jnUTlP<ho2
z1Q9p2+J?OGCT6?GiXlzQsHr223R27H=QO0YQOw%3ys5vYkTPIdn~yQ@SewcmKy;9`
zWB1fB_E5q2fNYDgOVmO317JK`N5>Eg{Aq=rouF$9$6X|oiPR)m7>oF9Br-}!r~i$P
z>TZpWnT4GL(IE^6V%xlp18Hvdz@06Odjss+!XdD_e77{~*e+x?;10R<_!t{Fc40S7
zlWD|FmRF!@!plQ#qiolC=f{!(+Qep@#HK=M(J^pHV|8ePF%OASj)s_wOSp|ETHmE+
zm#@qQFXkaLOeFUxZ}Tb>ba6Nd4hVO#D>C!2sNpT!w$L%rOsDjiHP$j=L*vQT7kIN$
zn4}nRQcc6GqS{((xPv<nMr{>$YooBux!c>3ZOz_jSGF}@vnkrvjLWUpR&#c4nBD4f
zr;6QHbFr?&-KuI(9)#FxnJgV<>#{8;-x=2>3twADd|NWM_rhy%?se1fdhHrsZw(F4
za5D@-TJ<Qy%}v7-w<;Q*xK`8f#JQ@5C+^iXJSK1`Z>U>r;!l(`S0ams=jv`~c<kuV
z@OlkZty04?om@0L)6Gr8GaYNT|Ej64PHJt;Ym?er=9;t?4X;|rMoV0ikJ+r&q$;<O
zcCsoOo+(i^4bLQ~uHhLZb!d17sYAmv9y>L>-uiSj_daZ2oxbbU@G9BWrQwk`rM6A4
z;hCgcr{S4ws%dy8!PaYd2CHe5vidZ<I+@k1;ng*RE#+=)6t+2cdpokN*&FT3w&rU#
zMcbNjx%Jv=&NI;P>MI%3X?XQ<sYAo7k5OG3UY)Gm7v|Sem!wgvUG29(!<(_db!&Ks
z*U;V!H#hCgaC6h%#I1_<#;y+C=Ws*!so9FDcXxGCYm-!))ZV_-q%|6gnnY&JuSr#|
z#zN*CYN_kZd4$R_J`l^;XT+l>M@S+X8b^=}g}M(a9o1tjacUXE{-rn#Cc<u6l7@fO
zYk3Cq6V_E|n4;oMBDBJ7b-0se<uM#S+^v?p(cEiLS366vM2rn~@+M9D3<ujeV``pO
z#;)0AH0IH!R^w}WbWn%Qd#t!uKZjE>{-I{+)g$$*x%^WfO^mOC$w_@w(}#xEM2BH*
zi0!Fj$eWHnaXzLIapReTgeK`_FwdZ{Qj5`+Xet#oxmus;u)b;dljj48gejLi;yAIW
z@`%E9p`^!1<`}FdSCAuHU7k+FSK;trHwQI%=Hh^HOgBF=-t6!IOZBTJM;s4PxGJBx
zBn9Z`sXh`L#T1ge7iU_DpHY1rMyqUT;3_pg#C!@is8-OQQ1QquO?dFnDTh3*6obtD
zIzp<FqQ+ypbSXLOgHi^QWfQRpgB$NZ#3T^a0FF8>6r-6fGF|F$7&mCh9agjSL70GK
zUsFkJfd`M#_&|J|3>srJTOYyc>Z%?%pOUF42dymet$d1A#g2!x6xijFK7jGh<6tby
z$(rcZQ0xHQ-8^EKJna3Tv4M>+wYkTQXgcS_D5``lqAFafUXzLAVo1A6N0-!5o<?y9
z;#5*!0~640-Y{Q?GfQF7s9I!^tufbBP?BKTp@Xa09N9!vDWAgOOKYVZ@Nd;N(p1n;
zLeu#X#`2AyNi^5+z%gT2+WZzD)}sU1GXSZ`1RX6>(tDOHvZ2K`w9M|fY>~bQmYarE
zGFw<Iv-+ab+g8EcwS|%KNJjRpF0c!|hE80yJ~K?>>1rm-;xZH)#DrR60!e3vZa%{V
zY7~u)o5K_gdt>vI>4bg22*c?Cvua}#t1M(xY>-H3!zQh<!FH!4OghB$0ldCYmQA*H
z2eM!_8G}uA3q_m`xTPl1^b@DaCHoW15UXlz(x`UVim=|$5u>uPKG3z`rD>9*RZ+3E
zJeo{6rI<`$5_Z&@tdj|+TvM1Gr&Ke`sTl<Q7#xjK8(}^(sr1D>J5R?tEGK0Kq3DN=
zuOY2sC3aqq5r!@!N=wB8u6pKVc;%q6w@o;8nKLtMkWJ7PaJ~`NeCm{|yl5eX)p@;>
zUDUFxmewi=>Hn+IgeFpI$_n1cutuPJ`9LrnCb!8E9Hjyqg7lh{`B+(t!NE5N)m)c3
zn>AwwFjYv2)rFnb`Y`5{V5OTjKsCpQ!d5vu<B16+A+6Db7h`P);$==Mwyqh$Q5Y;9
z^i}ATt00$}L{|3Z*i0m8vex*R#<t0UW=IpmXlc+qTODW*KFy#CH?q@ba;tDFFR`r1
zWtZL76kE$ofjQ4dBWHHjR)Mf*oafK6vj}BteA42mv|{87%?Ro^W-=CDdH7glH7uB8
zXEdj(Q3`2l6y_}PA{xW050&7ClXZ@=-U-S!RB2eam(7)1!>OH&7hu0=Ih|FkDiXAw
zYGdKG^-(mKjT!mBHF9Bf#H#WkOIw#-Ca-M}N3oZW&4=3{mQWCA)9f}#unwHzM)S@n
zV32I<;|YG)5rHFsww_g25=Vrhfx?kfTc2dgmL0mGTU{RwMq^`m1GH{EKW8JeMb$Cd
zOYb9l>?+SbsjS#xHYH3=0(1?$OQpWl<+q*m!PGiR5bXWgQt!_A*A=vRP|Zx_-LjC3
zgK}mP5{{sWEHhr3sxhl8R`A9<e`gq$t*X@<5;Xa8ewXJ~u$-mp>X~rs#JX`qO%NID
z^w|~%Tf8(e1f+|4VtZ@W%VugA`lqRnsHCmaD@yAmVg_>xwvt}2@3j+9lJH*HQs3xA
zskhRW1m1-WNNaFv%DOE}dnjtQvRG%7%|lTnr(Km|EKf~g6)!Xtom6FeKyE%9TwBo@
ziF2{2+<;NpUfCx=lwKDZv(}k5EP%x8AB}Tl^-62KXd5J59eX!SEtsQ)b!D*2J=sm$
z1n^r8Uk-wC1lQ_5oEh4t_gULEH~Kgx_9M7l=?9_hkK+)TiAkJ;3`6};w2x~UcNF4w
zlWHC4u%OqSiuHO&J7%i!EvODOvV$dT196-bg<cXyIVWJ?jMgNpUWYAzOpjs?-C9UY
zx3)p#Zc4V<bCSsfDS8j?I&9dH$6YWk&SPUXr64)#?%gGi@yJm+`gG(?A01;Ap(6qC
z^6N5k3E~a$`e?kFj5w7aT2imv%`qgVE?q1I6YuCnE3f5+e|5F1s!c2Vsk5dze7RK{
zA#rxJs15JycJ{K&r}n;%`M9E^W4M%4$$Vn=1l5znd$4_4A6&aOIuKtS40hl*b>7vA
zW7Q94IqhU>J`5vxu9U7ZI@~oz^weGS)d79HnXH`2rlIm0&8n+2!-fjcw?&?%WDP|l
zs+bIomcJooP_;rd2BoXl?08f)MdNFXuSyzy0Go+1AV;YiEido4CO^C26gZliV7dW1
z78RXRm=iJ{p@(OGK!d~OCCUcbs;OuS)nou|pX1S>I{n=KP}+FoVR9;k!JK$%5~tM}
z&!mMhplWUisIdb2v1;vF9m7>HwS?5cktM4G^mHsbaU2~SsD8)B29szaM=&ymrc7CJ
z2f!FcTm@5pqNHacv~DTPE$EY@t7&><5-knQHAu{;zn(zvfk()PmDv^zC6$KfuxUd>
z_)LH`%xHsw@jV9r^qs`e9lptKo%*2$Wz_)lum<lV7{kN#)*5Q7Y3l^fBRQV)K&s<m
zYKZ()@R%BReY_?mk6}R(!?ZDxcw*cT1tBZh>6>JyZ;~C~7?n}q<AwvCsRxq@3{3+}
zCJ-0(jU?u8;|C2tswY^RuIa1I@P^in4#8n+K*wAGl3&9xaq7U2e1uHYw6!*C{P}+c
Cek{5G

literal 0
HcmV?d00001

diff --git a/vendor/github.com/DataDog/go-libddwaf/lib/darwin-arm64/_libddwaf.dylib b/vendor/github.com/DataDog/go-libddwaf/lib/darwin-arm64/_libddwaf.dylib
new file mode 100644
index 0000000000000000000000000000000000000000..05ea8dba1695f28634bcfa054fed211192b64204
GIT binary patch
literal 1289856
zcmeFa34B!5`Tu|J49iTyrdbG!4NI+);8H7F5Wh^oC4gFssJPSwv~>V?f*WcAwEYHx
z`i(?wp)CQsWTs+k4Jx&ipj`qkE$;fYC7^95q-sT$83gD5{@f)QLcrx~f4^`4KX|>u
z+<Wf1&w0*sp7U(yIp_Xy?>is$Fvc?c>&9On{_+CGe7mwnMW!ErO+I5vOQ)VOZK_?=
z;lJLU-gl)`e}J<8m6n!&<Cb#whM$h`0>?Yg&c3+2eW81rZU5KBRJPyf{W;}xXUu6U
z>IiS@w;edw3km+|J{?}bg-74*e-6CT$TzOO{u?(^(h=To7d!BpyEyfApAOF)gx^(H
zTv7UsTdw%V_2s4I(`R&q_oI6pct1MBfv5We;5o%@|Cg3tF{k{-nb%(BmUM(y^0EW(
z<_Y#t8t>i%&=EH9uDf<l`+#(W*O(WyUw!yD4gq!VcHIMcz;9{k+-q;1dF_>@Gq3&T
zbv)?^@A_AJ+4V;cbzakbN1W0DmX>}aQu@ssr(g38r?exy`n?XksqXmd-k%Pj!?pN$
zG^8mlJ-v8pap{Dwo_oH_%`X2ode|IzFPPq+=0<7hRoAss?a=Td9yrtc0K7EE4t)Qb
z>qNAf<)z=8d+ikm;TQ2a_;~Y3_v!s~MhT$qzk|p1!2VwE!b|+nK~VSU@H{x)ujm${
zszW!gl;6gqoSU#)*5Tfxnfj}LrKML-FP(GiH8ZZey7c<;8xIMu&O-)x-lg6bcW=;z
z`>(Y0%IW3Py}N_)t9#nPug<Na`*e8iZ#q}Vr^t=pn0{sHP1A3bRO#5?@NXS>CGLy5
zPluP)0bm=v8FOqQ)e&Bm3okG2y>xg-r<LonwA2OUmUo0#=fXQL?Y(q(j#OxWC_cI7
zn(MChN;<;(rwh;HJJmZJJn@NWQ(AiV#B(Q~ar#7eb{XULq|w8`xvzZKx!3>R6E00p
z{=Uqg=#pL@zVZ6$<&l%Fo;l;nD{r3u%@eP@l}qXjF{V=W)lMA(s;<k?CJwVy_23ue
zug^K!+``0-AA7WU;!a1W2zK*BN1Hx$=!tDdo6wJp$)wDqorlvr`2KeOY6bof|C;}N
zv>B0(s9SFUziKCYz|#+P-~AQ;LvKHP^u9aqiGGE$LHyaTbf;CThkfnP_7A>7o`G)L
zKk28@{0SDQ@Gl>UXPJ}c&bd+4(BJvD&ME)KH7Aa5BMP<jp6Jr{p8pq6=fL-_7&h$0
zliioTL|wI8_oJgt7`hd>_o9>j9pl}9C(G0wXBQp$?+68sP~Zp!j!@tT1&&bQ2nCK%
z;0OhdP~Zp!j!@tT1&&bQ2nCK%;0OhdP~Zp!j!@tT1&&bQ2nCK%;0OhdP~Zp!j!@tT
z1&&bQ2nCK%;0OhdP~d+F1yT#UZQgfXc69GmInhLEZglrWeWN?Snit(auU~Zkgl;uE
z{U-K-KM?EQjdZ9kX86u=Ciy{kldLzDQ=0plwfQD6t8A#5x_ewW`Qo;2HBH;Y$w(K|
z@Y3JH$(MYlp|7dDmjtBjW`9m>*DF@-aLRW1vtzZsaPqO-aPq=bs-bC!sR>wn67i2x
zYnmtz1jET@e{RfJ<6hD4!@T#;RH|>qohDk;)nu!!Eq^n~rfuP5+?a--seEA;@0H$K
zkSOSCYVxgM>-<z|>Xz*$**GLn(|oE))($kaFV6_pG>s`vlGoVKII=id$Gh1kocts3
zo586em0Gi9q?K&?N^u+9SZ8p@Sjm?z3@4{rW=$Mivj03Ky297DwXu(x8u$BZ@&=ol
z)9ADMm`(ro0Q<vUXC;ygtj&ob*5-ZP!bx(vvgb`OH5LAWt(BIU8u5pd{VxtjOZ~a6
zVQ?@0&k0Y6X50K$>|Su+;_Kf!o$?Q$!-A(w&B7s8&9{g6YPxqfHO;iS)!#4nw!d%e
zZ~na4odHvuC@qOvL-i~R7<sX`cvciNwbomv<_Ukl#Hy#Q&CREVlRYv_?W=oJ4ROW*
zI^G+wS`sCDQ)}Yj?u<iUcO3f0&W29U(Eir5G(NtXpZ77fwLYsxeQyq!sq+_)kE;AF
z+I$<>lYpI^5KfNs=e3r7l$v@UZHO0={$NaHjr&tmtGb1Ys*D*P$_ghJ`NBm(%M?{D
z2p5ImwK0^{J?-1P6*_bqY-&IB_mACv&smA@Gkzt&&9?@&ZXm_G**`EwMqPFsUReSC
znkmbjZZ-$s-!gh;DmBu~zdUgvxF^893_4#n!6c_}Ur}MA6`3Yk=YM%@c;SDJt@mG;
zC^^d{*H?^)uJ`9ALfymgxoJqk{{btUY=S>t07e{I2YVJL3MnhK`n6UjQ&WRn$LUu;
zmD5HkJgD*dz3PiczWz0vM@&XLkC3jI?a}hGkD=ur#_oSg%VxhHKFNtaI_Q5!OMeGi
zre1ERW%DVGr-_#F+2N#UnX2d!P0cpR&yALS!)xoi2S)CKrjIV@UQ_>3I0>&bH0%v0
zYdgrB*THM2_37o!y}T!Rqc+y>Mb_;;yqsD85j^yiBWG?KU}_)pWz^K4>&Th9N$qlG
z4RAd<vwo75tUt3|&TQ&L&a6MzN;b?wj!MqZ@BE(T#=5J_)IH#pSd~!|pHZA_$}kN(
zFE36`4Vs2r=I<DIN^+<6qfa4sE|A>GNs~Ldw%jSFFY7;r+$rncx!f6mJnATS-lgo5
z%AFITo8*pU*_G~?e&Fhmx#*A!kg@f)4%uz%koq>+mE+2;oY*n$n5HhblJQI0>7Jpv
z+CgumW>9B*W=;GQlZ@ZQIKp2$Z!EU?OEh-$Syrt0Gvc!MC5OLKH`30v#mUxF()dd<
zr6WE!S;-dU_nvK;HK9etN%j~t4EnaiS6S$<eDDx$9z{M$*5rTNN(Sb)_i=kCywyUz
zaf_^EVw6daTo+E}7MKQ=6>jZT6B-<-iT|uiv~Yg+n$QMa`=j+keVa4TYw-ttH39t&
z^F`~?A@;SO`Mni>>}`_ygZwXtuD)qnpqM%XOtL@pVlP1U)=SYDygQ_~seJ`}?myNv
zY{)o0s<OB5IX$`_ez5P+A8+3?A^IfudbXAO$9Tt+lSgxHdR0zog@#FNlLUYH_n5?n
z@#y^k<23-iWsI$#ZlcbHRi>s6JTE-P)V4f0DH?rnRJ5fuoQy8aOSB-{Tl$8R!65IU
zYvLDy{~abuPIfl)Em^;?Z(`6D#>PSV@<C`ITcYtNrgo)&TB45ocYB%I2LHv0Y`<w(
zv+&}?dS7<yN?Rvo$JjZLy~3B%+K7ICbU|ri&3LnUDZCo7d3A3h#CS#8cs0xA)vVZ!
z;JpKWuLEww!hVULavv{!swi#}qY@`U>-CLAAuBOz;4$HQx1wjIN1D-xKcHUQbM)Te
z4~lJloWO?IhK}r$DY<WAwm!PJI5|9E8Y+EP{m@Js)XR+i@`(ZSr7w_W{(cqsFY0DC
zkFf?U*4XX!4~SLxvs<sAd}iiL%f`Huy}V^qI9UL%7TkJUqNS^8IECv+`OOcS_gDGN
z)cbh<*T}61wocH>S)6YTX#L_*m+YP21zV>VGP{Rqm_y&Qpg}%u==xD;*s;C^EY+8;
z---=UmJv>F#hy`reo24BAEic|%lqH&?zE+Lr2q3R2j5`urDdU&*~{~-{`R;CRtf!9
zdrPr5O}EM^(}42<bjiEkipHU5;7VUKG}P1-VB-d?f<*q+CaSp+nqHg?U|$+*=nn^P
z9KWss{#oD~`okfCAzug&8uW#4cQaF0^fK?qk6Y1S^jqNzZg1(nqJO{&7FO-8c+}(#
z{zA|c{80Ak;FGJCHABN~xu(_|k1G3}!1k^5xj(dz^IUdC2pS`U){vWT(`gR&n&@=6
zz7}JXcyycIfo@mQUu>@tFTOB7S^>W%P6{XIcQ;c{1ir?32>hxsPj9~jJt|yg`b?5N
z4%rd-pg(+&UMIj<Zto3!sfUb8o^P3C;jLp5;_*1|2fAY8xpbM%7(tiCY--5vI948S
zg?a|6vw)FK`_ObNnU41caFvV+`1dB_Z>H9Skmruw+RvR&{bE0S5&8I0s_z_Rg!)?v
zJ%m%v%y3ltP4@OmUwCaZGFJBXWBp9+nr)^=I<c5%nu{8vft$n0Uk~dbCx>-ymy^S~
z94se)1~1J=mt+}RHdak=Wn;c08w2!TxL5Tt4W5jAy{D=DKK-~XWE$pYp5e&I-e*K_
zLciMgl99bnkKV|=CnK*x4tX+iBkxN_uA<+&(`4lQ39gLHZ<mp~k!QzKZ~lXhoa}+G
z(NRtoFkf1btG1j(E_!lu(a_V8rz4}tiw5ZdZ@x6nI8bK(=nCW}dgjsZnc7GF7bW0}
zHW?T<%v;978MAg7crrM7GWI_D^LfkIe!x$cvFCCx8C!*1ZTd}PQ4_!Ykgp#w2ia4T
zExjUr(AMWfYK?4r$=z|ht9PnCN{xK+Z;s5}YWrRNVvl0C?{Z~s?lr~9T<o;QPGoKb
zKHkXO7>=xDFI0ACeEg3WtlFDtb0;?ZdS9+BkE0o{EF1oE?(!CF2uB{5+w%BS=HQcQ
z^7sv4ua!K;rwLm9k;gg6<Ef53X3j>AG7a<KxdE;`*7cK;#~te1@|gPh_&v5f&Xhcs
zkJ&FK8itX_w}AimB#(Jl?Ktw-!8aIu1$mr{Ja+VC1Xxu)owk>|@^~lxl%C4E(u%e`
zcxE&>$QMoLul%X5Jf52-kKZ4^?lJiAsWf@q6?weHmB*s(mNa?X)R{bnhIi&T@>pZl
zWWN*GJ{@_S&A7yQ?#ScvM7`gvIhKBkPV*#>Kc=s?Ja*}3%i}b<8R#Z?TnIdktK_f7
zIK90RPyYHH`CHGpXEW~Ub!_>I9b?O1>RoC{{tiz>z%lO1Uylw4%HIRW#^WW)-vPj|
z<*!TY&|E87H59#lY&e-jS4#GN0Ntk_-7Y`BnP+OHU+2I}OJ5uxRjk94y>+j-vX@wg
z`r1+UUc|eSy<4!GJlPwuDyLwltsQ3(YwBvInzzk$&HgT{1ONQ#l=y>Y?M`I#QsO!7
zc=&20$4^hk13#?e^RemAzjN^O;c3q+S2;3mQyDUMGI0s|EZaK_uX?t(WI<|zNrrhg
zhH^8ea!N73n*WNUt+?AHWTVPPt~%P$1IYiR`Xl?J?C$wvP2~dq7V`Hk{=UuMcli5H
z{;K#}#NT56s`*>O-(CFO&EGv^%NBHBUA7>=Uy#2H{xbRNvAW_7?8U8_eblCOvI$h4
zX8Q2gW8qlQuYQVIyZ#chb`Sj4-0M4I>lXM|ub+g^yUeWJO<7~F#bfJEtURs$DYLe2
z!4jU|#oygy*WXDUpS3nRq)W{p%dD<1w0Is|T|b4g8C{*S+bHw(SY5x0vQ^#evIJul
zMAy`BvKUWe$G*(u@VdGwW}Ssz@)64$h%O79kDm`-RyFz$z5ILPBeKie%HQf{$F{ys
zT+&+D-M+qr>%fEl8u~yC(6lyUW0=h1b#*>#omJt${_+=8C!?lro7G<DneprDmeGD`
zvE6<T;v<0xnLKx5N#+BdKgIJo#rPGuG2u9ycvRrH;;3jEV9rSg%0C*0%{a*#mT15)
zjSlfe%b9moL)v3&(sxyD`YzkGQL<xmH=}=$Az2p~Vy_nygPle!_99}k7ZRJjAiD3m
zsZnCJHI4q#SFVQ+((3`{UX?GNXzF9u)VING_jxPadS&Qr@#Kfkh*t;1meQ8y?zg<>
z;Hu|cpLKY-n&+|!Z|6BSfA$Qwp5D3Hz1H(`uIsQtgi9TIT`*c{!_(V8#ov(LE_Zz+
z#XjU8mHEt6#f3GVhxU*59MV531iy6MUCO;=jPQ^SkC?<r&Bco;SB!I@`%KsDSGMcP
zXHfmK`PK7l-F|qu-vaLPzu=(;`F>md;pFe>TY5Y7Zad@B+HXb=cIAEye<R#BPH}%v
z=GSts(`Cp>!qfHNJsC0xAHTpZ&yCIclU3`zcQgDH@4!#-wy|%I)o$e-@#>{%?|SxO
zF@4jssXSAEJlNu=fIprPk9KB%JWGAgM*Xr2V*+I<f7i`>uj&o2_JL=Qf_IOGhqI#l
zpYBq#+wVj6S*#(zugLLusjsMh^^zB=PJC!b)$z~ns5<c<JL1U9)KFiMBiD^1*N2+5
z^$&{flI4nHXUG1lD|n+f>ll+9WUtf5oY)%lOf%z?Lg$GG{~Mgr`QTOVn-+|<Wnfe|
z9A~0+Hf&S#(NJt<Xl*J@&Eo~K)vVZjX#6^U;>G;#5pQ=hHR`)!4O?v=At#p0*yPV1
zF?uvHj*`l;=SjXsnfro`|7PR+cVO3HI}5hf1<pIp)Xsg%s)?M5EeY(K$A^;-;MY}*
zH_6C<prgT^82k&JtvOVjX_E2dN}}=|!`L-5&_{8*9mPm;iSOqS|IdmY3l5Eso7%D&
zDmOJ>_#%CRW^=JuJQ{J}OT)eNNB*8<>pfiW!KZ%h!&E~8UW$K&ElaE+{=>#1Y>JWc
z(VCGF-=?0*BG|dj_~G-pSDaMq6nApH3s`&hr5YXwMjiNV!<MRdVboE7uIf-f2OP73
z8M(xv!`usbmI)m$gbq{M=`icugJWS8mk`@wZkIu;X5!0bz#IX*NVzk<i`?<`#^5`Q
zL35@v2K9d5=J&n?PRHG1)3K2?i;g_!(A8H{N8PuepJ*$(o<SS4L|30;=)RgJ;O@o_
z$n`;2@bUEiSn$~my<bte$CKSn!$`_U+w{(jouWF>>LOyauR^OvX!QWJYI14S2(1dK
zBU)*m9_QA7V82tp=_6-+y!slSM#kqD>ZwfQBN+X-_r@nz@H9R<+sEg&4&&2Pb!ank
zturn+&7yzZ7?)X$%Qw@;Wkx6Ca;-_O@#TM|j<}e{rjGbp@{d-n#yEmJ5zP1rrXdt@
z=E}ql<1`R@HXhwRSH8_SdHmjtzL?Iu@%a6+4Lrk^jzHJ4RT>Xd^HbiZUHCaS_TRK?
z(-*tkqwly5^nHOkc3&3&r<ZBC=}uyj=&3wppyFwwV~H;@O7Q+*!|NCO9&+M!#_QGo
z;bdRpc#^{bE0L(jZ|O`1SMuJw&{Jda7}tW;;KF)+e`*cunaRj)X>`4*6S^)i$;sdo
z0nY&b+~M&2!Dqzt!ZbXWxOgu940wv~4@JY9J|k`?rQ!As7q=_YaBG`m@Z8raU*jA2
zm2~+qjk5UEv0s*a-q?ZXDuy8Y8FNoQ$B#|pxgcxW@Ri4NIlqO!#&@xKEs(|asxCDf
zW|*3;TsKp%oZmIRFC5Tz5p7p}&5=tT`Mr#`2W7Rly)murM&$c+WP;cBHssG;e~|3y
zYPbJ$+A3ewwI=cuYm(@Z>A%r>Y<6rr<rTkyr+(GWQ;Xr(j_U~(Pno3R+o`@LS;_M%
zpQAT>idH90h(=EA8%?3tT80wuqb|0}y0XRAx*+qdg}xSSH8r!gb*-6AJg-MrvpL`D
zvAr0-Y_`>7@$vAg=!C!1MvuBZsWrcmTmj!W_zHIq=XIX~=g2F(k3KCQ->qi)3r?S#
z_5KU=`T39O^D8DP`CDNHS{28>I@q+VdUarV75&e+by#8?aeu*88#YZ{_)VVzetZ}-
z9d;m1pLiac{``z+<l%nN6tR27HfMrM^BidUOKV*LGR3Cpe5+>Gf^G-UR6e?BD*1jm
zyv2W8z;li7m;?Cld$e7*@RCFwb3?xBecXF?W}Vh5SX&75>>j&3C$@jy`Pgn#u;IRj
zEq5M%$5*4+cDB!9x>Qc7rJnrQDxYJ=#aG`wrRlDRZj3KAYnw(pbIe$cr!^0)JS}y;
zuSj}XxJh4T*=;nQ7Dq-@^@2tVD#vP0R^2z(UMmt0$}X6{Vy<nc>DiDabEk=~Yj}5%
z8T68DNZECs-94T1xyFp*SeopY$rn)Fn<*R0J!jfvbAncOFaGqN>_+u<cavz)ZY!Qg
zed(-5#z8vkZ0@tXchKvy4P|GXNx9;3$}`B|FUVhjKj{jsk!Xy%@F$<fv#HgtNB?Z-
zKLQxSQF$im^gqci&x&3DoU;z$*|>Tql=e<K-a{xCElOmIf#-Y7uhi3ia(RM`TL$Bo
z$vF04JbPk`_loXc=&#x3?;hLj?-twR@5;Jamsry8kL|@i{}7v3<7#p$r{n-vczbb*
zz+KMx1a9|i<^i!f@N8aaF|Pe%KhX7C8smPk5_D|yLS5&@Zev};8T-Dm2Z*CIk=qgF
zZ#S~6>27QE%x{{ax`nTgt%pA&{juXRDo<NqF(xXWY#z{fS_{5f*@A^*Q>kvzl-6N?
zHX%B5RhQ_j6HPLe@<&^Mv+L)lM@RJRmKfI6B>!<~c<u2=nYEdWS1b6;X8rLY)=17l
zK9yQMw`(pfv3lBbX@!+x%YeIro0dKFNXByb?uFp3$0sU~0nM3>r<E-re_;T20XBE4
z!e`6EW<TX$s<inxGDYPknj&}PW!ZVeEmFku#b3XM9`P+3it7D|QS~3ZF*?rg{pZT3
zKbNsMhcP*uv6;*mO~R+27-h`t`6U~AHSfwslbt6Uy56<(>aj&UJG>4%??LLROm<!!
zw#5qWZ99+n<oETAb|d?E#vK1H_s#Hz#<!U`MIAV9WsJ^b9*9p>zU#Pfat*OzuOHZ3
zYt)A-w+|&<5~Gf#u5kPo@OELxJcjN1*kN$IO?af?coX-+v7BGQF4><NsrjPzb>9TO
z&ES8v-UEN;_$bXUJ$LWz{#?m(4{yn`LheiX)4Zx9evx{b{Hp6L=<9>de(2o=x_5>C
z-IxOwbHL9W@G%Emp4a*x@7uEFa`KOkF<IMB3`dDg-Eh$(4=lUok*Z~V%dBYbRA2Ny
zXjhNT=dE*i{H^?|wdlJFAN(^^{I7MSyjTNeiZPURGs*A4i)-;i2KhT*Z!PGq_10W>
zy)~EosNB{FJi9UD^<`sT@3(vrwANbdBGwNS+rN}wt+g&7Ha(Vizl)76pURF$qa!24
zk^<I1;{5$vx3adUID5X8*J`nzRfa6|aGXxx%ZS-?&R4eTM6ibh<5GOYbQptp?*!_o
zoiDoWoQgfFI$8^mP7MZMC$`_uUTZDZI<MR2O07SpwRt*i8rqzTEg*X0^V)f5abVZe
zPiHNtJ&yIT8<+YkzvsGmhTuQpNqqW{I5g63RWI9aw%2Uu4+*bZ%NP#vx3AfD#kUyO
z+gY>K7>x6`ui1t^>}1UrKATGpg2wYE{th>uBN<QWg)KgZJ{rrBjHPU{iMQUASOhL1
z#!@jvja>_{hmk)voBLBNL!FU{nbh4#9}BRxytVldcotXz8}>Mt_918={Bb|qo(c90
zR_lGQ@6xyX=bgzsID`3cI`d)z^J6^nrx^KT+44v8tPI&A88+<?non7=MK;~DW1EP3
z{lsT#f6Sle*P-Ut$N+vXy!U|}^D!~$$$I)?F-~>RYDgD+Z{$^gHT3!ngO5!9CpP6q
z<isN8d((L47He*r-%VdCj>eC(qFX08v6MOJmW>~|^{|cG>iuLq^_-Z?aCDAh?KcBg
zv6_DOgcJSH2T#CbA!J{^)wgvcd>R6u0DPW6XDPQ2h0=E$<+=~>P8Bpz`3ICIna2U@
z*OL=zx>im(2b%QlW0Lvk!+rtc>BO9Do@E^CSrfz;js1@IY*@S(r%bWR&gk#aKIQiz
zvwVz+pRwt}7<FZ=kXQ4%6GOAGrTupN%*%C=Zq73%InMZ6oAFb2q02p)7KC<X(E1O^
zo`_592(;ca#HvZL-qP5M{6p5dksUV})|ud`8wNACTkdQuYGKV&KCNggTW9M6d=TWB
z<o-m9^=11yEA|3$_N~lk$+{D{ZlQnipM<0FpE3@1o$S~#@Jbo6pniRrqtIah<FFT6
zM(lCuXOBaKa>*Oz8hq%EgAbf^U&1)lGY%@(IDE*vdcQ<tk#xplJA5g67cm~=7>`q-
zOEKdSVf+J(N7EkG<>0?!-gy!jHe9`rKO$XJ3w@>{=cNDdKbm|1a8w+uo@>Sa#VhvM
zlK-XkkzHvx>OOwAgQLoY<1XIS`_MPpgbo$IY;bWL>Ebv79Jhj#hhv033dgOyqj9^q
z!?;OD+HLW?3cH||-v-{vp&!EeKKODQZSS9V7Cdt%ymJOTbUM5=f%!ci``u^H?{vFV
zbA38(X^wNuudO>bZ^E|!>TlpVi@a}BBYkLfA#Pzm&%!q-2L4m^T7O7QAdk7!qAed~
ze%|R4-S4+*Mlk=0Gcx~8OnGvnu;<n88gO0%ZKFfRM_Y!PsQMgWtt4QLN-%!*+RcOH
z3hzXhG$7Zj;K6{kJArN6=~_u4G;Ou}d^+t<0FUwX8Cf>Lk!5PX8Ca5KC;r}%W#6NJ
zDZjOO_eB=(_`n&wpElS7KIWEefj}&DnWO&;k9YL{#7E{Yi=h97v+%r-+z8oE#*XJ^
z$1+(b()h^sP+sj%c)ow$1mKScC-8wLqL<?9qWQQk<_5-os_LIbA5>=WtNw#)$t`Cc
zJv(+IxoX8{wEID;hRP4hiG7uNgYbj&p4!!~%EwSXl0U&MrJtuVS38cS{Hgk3t}Sm&
zGH`pN{3zmE?PJ^J8OxR(nKrEU@{cxI*@@C$)29PzCpu?O)jDo=>tOm-j-6BfO0j)!
z5f3OoT6(9Q9*NT5+Wb?u;IhQyzGD*agR5-GExbPnUHzEP+FUooY;I-!uikh0=uj#(
z{Bi2;fhX#HUr$JWZ(vR;X07=fXRf7ud99V?k>_>D_kIJ|%J=r#dL^x`@Q3Yf{poXP
zYrWf6YJ&W)?##Ua{1}8@8Sp|Tyw-#H;cweZ5n`SMe-JJz#MW$u@2*DY_v}fW2Agy7
zBh|~Ik1SfY{kSgC;Qq8aca2Z<?ANhQ*JweHaB>`W;2`AYICA%}NvF=#ngTLE&e-PP
zWyrrW$sfZnl8GPRt}hy-t&FdSizb6#5A2Q#@Cq>x7Co|fS^PLZbHS?Fwovh@Ech=w
z_AaviF5s)&E4zoXD$2B;5~r@7sqP}m<y)2XAnq~L)Qmw6q$;r2yPM>b$m0P$O@r#^
zP%fT*bs#(o96fKQKFPPWUj2E<z<HU}M_(u(za!2?;Cw$g2iJv*wnOL1cNHg&r%!>S
z@R{h-?L5na)@rAzJMC;(Kf0u=8Hw>5-MY}h_YCB58TOav{Jtxk^6yd>;GVq2_uukW
zEsHRo_1LbQ@tduE7P^mP8_VCC@vU&;ugIde!ToQ*l$^MMKE%6^k8b~IIJ*5fUo`%o
zCMudJcWygzH|5bTM$U`~V#5J<1AM%T{INLtYz+ECu{7a4$TxRdF}zo~H#IzEk9S{t
zyyJ{_-R6`XN0FVs%IvqVkE5>MD>HMajpSPSOC9+HyCS<|nRLD4DK?JBjgQXy5;C0j
zEc9kT_P6XSaMie_QckXp^4%o+^-TPyu^URiw-R?$j9?Jg`{$j_{Fux<nZ$gV$h;{*
zXPt!{cYI>W7thYfPJ8z#t|hm=xX}W}`shx6U*qpkdTF=o>kT&H<Wtgn;Bt;Jwcq6$
z=CbvbIfP#p#MT~VW!Zk&9@?xx-pJRPnep1PQP1VMe%Z~5Aa=xX=GRWf{pCx-QTb-F
zDf4(=>&uc|Tk(mczhA<hsG{u(U!Zk5^Hz4c><!sr_=^pd%meYsHe@5lzwMuC-CF+J
z)5yAD@HPCbyyen?0V@w5uWze`{1xn-jE4tX@X}%D@+=+pHW#++?QF(U^K<{a&UNZf
zQmF?@EAf+Pr!>qjYiFfjg#QO(Pea!N<Et*1U&@{sU-hIDo?2F71vU*^{p}YruUfYw
zv-r<DTA%!2N8pak<r!ASrjm6fn{*v;e~lH~Bt2PbtoN%j1<zL<EU1VM1J*yj_?;K7
zPX2PolFZk4JXD_8al+_uboPiI%TF3!9KGJ^S>5M_KP|oCzGs%swt7`xYxS<4eatgU
z8}E3Y`=hF7TYakg48Akk+t<4~z_UrzKaXF%^WJ@bTzb?oO-so^tqxil)qy*jmTuzt
zB)i^G{PwA)57pa)RWD@h`0<WeXFa#0@Ujnf%(hH*ft6WZa7T~jfnzhAKAgZceKB`r
zELT4w=l<}8z>AOXh(Gtrj*@$K?<fd`qoF$j%SEGB;AH}DHt>c4ui)g0Xf?FxVP!nC
zWc9O4uetS^rSH<`Yw7dd^!Z`>{E*e7`kmO47oN+C?RY2g#*PyTk~`?jrb%Dhw6x&l
zUdsc}DWE=Bna|)CZYqTC8PGigx^IW>1>hB;Jg{yeba!y}aGeRRL2zvW*NNa7;@tr6
z26#8lyTibF)@gS{uRZzB=sC1=7wxX5FTb#QZ0h-&bL{KY>(1Hq3(BrJ<MwDBb>4wS
ztD)b67d*GLr#Y%R25zT6vT5l#&=$D{ZT;0{JsDr0Va$3}|CTYh+w`t}p7P&a@chyx
zrbqP>U{pTx?9#g_JGsmFL=V%2vaZ$5X9SmjwTs#O-d}IK*B7Xq@>SFO8BUL{<|Oy(
zAw7ztvuSHKILwYdv-H?L;pkmFn>`}9{Dkk`8MW)xHZC={2bcHp^{Vdvoj)z@V|r|A
z=6(`zPp&LYoC`kBgZuOF&-37N4m|Nwt6TLu^yB?s{9$RKF9ZC0Rrj!Q><a$fsN2KF
zeKYm%wz_cbtA6T{=a;HKXWR9Ts{T3h{A7Hg_bjVsu(4`hWbQua((+-e*QV#7q39}F
z&R#cp)6C-F^60UF<%^jwlPI4Iy=SePWM5CxuN7E6k$F?VvqI`jWNdX^!0#Y_?fKNl
zygz~Y%KThw&(95|PXul_=6r`=f(P-5cq0hRkUcLC<dbIj*1)%A@a-V@)`u?w+@gv5
zieD^<%p5(*Sk;r>FC85^=9Wh%1~i|{^6l{KCU|x`JX;9Qw)3Ipim`D_w^I%43iF6d
zO78bSK1){>|EYYMe#bvojt!g@yPM~Z-J2D=oomUgRm3Z#2lo3-P4P{qUa$IppiIA2
zua(>D3)m3Yq8n`cbDS})@xCkihssP*C3b2deu`|2!s(`HD|SM@Wm;Q!9^`%&`w`2K
z+Xd+K(DZOopo<w13Wk%J$odK^*or?ewHldy^<BlIdwi4{E;*fv%`}_wR@v42Q^TEo
zf>vuY>w1Meo6Nh4S*y-W^rqmIxW69UR`v~KTs$m+-<>SvSqXJQz}C2W@XBa=D|-&L
z&QXZ3R!H4hz?|s93Slb<b_VU0g6no*S{D~43c8r&VAY{die(l+hkW`P1UJFX0JllN
z5l$JrulDsTytNJ`+$Mrsi1va!6HeQ~L$D?S$A(2+^)-V!p9mIhdaw?q$DKT)K&%<w
z7=+%IO*VhLsTq#HLmpbgPWVGPma<>Uu{rXXZ++`bjr3ar{PO+mQ)LWtu|Kw911P^k
zJhc@bdK+DP8*t=@1<+^MT@3;3wm5!#f8Lib|2#Z}9~f&w&xY{l<2+Z~L3Cb8dlAZI
zV@G&5!u?9_<<nn@?o5xx2yQ)f67ZVpH?bb{I`TmNO#8mlyw<Y4?fXjeWZ(Loah#4`
zf36eT?NGW~^TqS`pQ4YNGcV&8rxwbO_hEnevBU7;=Mg8Lpm>vyc#=iD!`b_-dGy-D
z%%i8*k8a8^BO86J@%bxHgBH*)Cw99#S8rZlKCRKUl^eUY*Ll``9{ElAw4iG@=UR)F
zHDTvK2itB|zJ~5)H>;g^(2T6?(9R6tFc<A{uS|naJj9;sktf^X`+*;Uzaz}eICy5u
z&q$dlv`997C!CO7{x;=*yF$K6ZtSnnq#D{VrqM_@?D0(Ag^vQnEo}RiF_yin_gAnF
z9r=_kx;*`O`82f?-$y<N_0xSW#eUoDU)s6?`1|Lb0j*Dm<`b}aiO=8@X#NOR-Gk-R
z&Vk3wuGDbdZ*3@_HjZ}VjD`HT5HhU!M#rxAt=ebX^j~r1T;s~}X~kTB55Ca5VeZFp
z-wdpjjaR#G(0IKAW7`S`hJ1uUE}Y60<<m~$dL?jd`x{=xr?lso=E_;(n+cuAe>$_X
z=j=~C@b6$}=hNph)+GKFc6Pvp{YmWXXZNKZ_%!q#@NYujKfpKtD*FDyh5bqBTMm5#
zgYexg%huhCkoAS=iE*q6kH=QZ;J$#rQl66&Fm)pGL%OZipAnmcKHG$>zMA;KV(Mre
zc|5kkMr7V(=4Kf(#<siAwcBJ@NGEqQ4R7gP<h<S;jZA1|J})A+S*-cYwWB|+*kok<
zZ0c3e_EvPe^zC+kX6$UrmvFtp%4{t|_NzP{2md}tPqcJ54SxD2xf7yJ6Zda{dkcCd
z1kR=C?g_k~58exauV;}Z;RI{TYbM&b_-$N-*Yvde?cg{;xY1|fhW>5CP32eHw8*s2
zJE$;$)=Hkwa%uV$*CFW81RW=&!IVuh3)w1sec-G3ObIxS1IJaoQ^NBqo{M%`pHbfH
z0?KtSoU5Q8b_Miva4xa012+CnUxICY8AKbRu~R?8F5k+SrQ4oP4A{gJBcQzp9DSJ`
z+s(D)o)`cA?e8qx29xgGdzFO@KUjZ$z<Nxn@wYbj*4m84ngIC}#%e9&UTZm8tI-(k
zf&PkpzJ2rsdn;L&Ng{_sy~igu+UpPS5dDo~Ka@a+J!!Ur)*3`7KW9lCXvcKLjv)^N
zob%{M9`DK4Xma<C#)02%U-WG?F5l?fioT5Fc3-=F@dj<|1#j6s|Mfd!sa%J!KLW1Z
zqxG)<x+&~$w|lBwyGQFS8dK$g$o}~vGO9EC=dWpfl0KFF(-l0T;69F6hxjZA9|%8{
z$0(N_EBi-u!FD)+E)I+X`&dVO#e>nYk4?Z({Aza^9^a?m8W%l-j%#$LNIT7PTTL3g
zTyWZyMzgzkcQ@}=^Xu4^UE!Mp_5I$fSQl`0{@$yegntfRN0A<V85>3WqsU#J>hWe@
z_&5VPRf3!1L(e12s<4>?tfy9?<9CsdW1k-bUnIb58so3EEb&#)UUv(&J|&tmK8tv!
zwN2T@nqT54t-YzNfVDTAW$e>nOly}3-WQB|+O=f~G~3Iw0>)+|G*WC(@3lRrtOfkW
zK%Ysr&Fbudmv7O+{8jm6$}5mV8p{H%3v}iTZ3=#Xda{X?yCt40VZAR7y!LT$_7qBn
z#DS;sVO)FgBJ^GR4v}M1XZn!KtHM!ev|09?=mx&E>|csL!Tkt7F;?oU&5~WLJyCxI
zZT^&gceJPXUiCZMf0TZZOxy^*l5G)aDf#8$JrO<8LOzZ50-cTDR0V9w+`;IRMV5hw
zO>3C5f~u%@Ha?|v%?4<%eei;t$$PfHhi{es{vg&!7Ime}eWwg~Cj`iGqTY%8K2JMa
zfb}l^S?uBy6DNS@IkXq!`3c}jE>x1ZXM=rT7A`tRz8Z2VY*j9MDANqDB$hsmU-@zJ
z_s#}hCT*>NH|n5ere%hU=8M@&pnQ>^k#m>H{bcrfp2~d?c%}SJre9Z6eztI>y~S=n
zu6BR#;@NuW@eX)aUwlGh7C27knPBIe4CYwnvJznEeirXf28YZ5ZBb_X)!aYZ-3*tX
z830fD>(kN0+Gpe8pt_R<m-lD6?e^%<ei?nL0!PKEt5lcv<on9+_3((Jf7M5|JBxM;
zgU|rj!b{`OquYUaXiPFx&quv9pIPySl8YmW7<?6iz9DdzP72s@*I>*W)A{eGrv89B
zapbMWLH$uZukSN~y^+4B``Y5SAo!#A8baV6q+P`T^y|zE$7e6ZXD^|D89dXv(+Tuj
z{Sr*($$>EGbC9~92qtZNFeUeGT~6CU;7$a8uOBnHmMs3Pae>3ag$9N0_)Vfu8bi^a
z@%q@<#i8tNCy&MPg9FT;5^R_t;}w(4?{G%TW60t4cUsYr$buEVtX9R96q{(|@9R%n
zwN-`TwM~U)t@b0xXO_=-E^<gQd-=XMW6y|oy4U+*`1!lMYsgRg1@9}5tZ!KUc3<Aj
zi;YWz+4Mta-FnlB#dh9WF?nk<So_jCN7mld16!1r=C;WmwA#PJU)qaMW5dmgX<zJ%
zv}^BqV82fzeOb)2J)OuvXw|l+eLr<%#|YM)hk<po3+wy*4s!E&1wWH_|0|h#Kz^p$
zw)1+yV>Zu33zZA@RoqLT)<0#{evA4amoFoIiQY^q$1mQiIMG60pS{+K{zCTNVA=Fp
zw5%E5{~6#Z&Y>K=mdtQ+G<+0dEmk_!KIda_c-<4w$JZfeEZ@x;3$nhGpO!Ng=p<)s
zCvX*W>4X0-UpRfOsTXIiY;n(A2>`1<`^=p)S8|9~<+MhSQT41f^?x~UxndFlczhsv
zfWJmoN8E8AN1tYqFEyMo|0;dk!rIdeY|XyFgI}k-gdY&6Kgg7%U?X#;6!-&$z#bLy
zn<)`uEgy28%J==i4$3YF#;UqAf33cY$B{ocowXiYpDLejg~Mx$S*ujL6KQiCd-<oc
zE>#JBCBD(4TC8x<IBU@C4YDuMyNk~<HLbv={`-=H(wk@JghyY)UjffoSUqPCvh9FC
zVbzD-NB$YU+wJcSpZ8`BjP>R2COHZocn@B97rfAuHwcdU5ZK#&<Yww;NLE@Ig~;Vm
z*mP5xeC>VWTdu@_g0V%sTS%Wu>67&BIN1o&sq{(wQB9x3A2V4K7OvYB0|w^e{oO~t
zLmLB_`w_;^8!wGL>ne60p4R5HF6gbzEyqThNuOnZ%z^GR;p>TgoIF0g-_#R5!TSYP
z#^UQ3lU8Wgg03mVmccKw^Z#Zs))Q|Hv3`$@(F<E1-qgDx-c{Q=KZX91i(WZpD)CTz
zjG>h`#w|W)jN?8tr35;8W4te^v%#D(mc5mZdjac;8uJYa`H4BL8+1nBA;x?w<J)n}
zi_^y(dVk!Q3&#Ls{yOwcrj7Y-f3MiDnD6i5&%DdHdt<KpRmtun760rw=AjST`}pP#
z_Gh_cF8^KrgvO_kwbMyI&RZ@XSc$F`52%kH#{(Jgfb!hZ;Y<XM?B+^%$(x&5=!F1d
zl1@{t)k?M$FrKF{p1SsA3}cCGkbimj{H-$+sRwpnw2s&z`C0SGUs~woXob3%_wm)I
zPK5`w7eO)daVD@`KDcB~%?4+^WG;NGz1A&uxfAo=KW{wniit%&T_57zA>@ukSc{h2
zn@+B*&MV@Jz&~8i85&Px*VJ`#Zb^Xh0PAsqqZ;3c`vcEN*M|l-Eh9(qee>n2Wh;E9
z)%tSnvT-J-l~2@9O>a|n%}nr1uj4}wIP_@8%>p;&ogOZ)+m2QGwFY3tLi_G`G1S+r
zsoZhLi(7$@+>4cI4l%F7(sh&}17A?SlIG<&#zgX7XOb+GZ^?Mbx692o4X;AC^fR*Z
zbVgQp^L`0^S;YAudwjvg(qn>8{<jVPN#Iui`@e)Y{=N9FCF7-KqyC(|T<wK!9hG>4
z-~LBwt=?>oGiR00wHyCU<(D8QE|r|4ohsgqb3M=R$Qkb(E}g$Lfb*9sSknk2!z3eu
zx6Vr}B7R<i+zDlvhDj?LizXw}CX&x7xi%NMHmPf3)Eb@@B6lYvmo@*Bw0k`HNL9$d
z6VQG6)P3lYCCk?PdbG}mCyp;BUt&VI=x+E|&zgAF0~s&5JzwJw?f!x6dIw+Z9q4;E
za=kZyt7&74)q8dsG|ixYqPcX7=D{N3<pq@G-g;_6{oX?k&j#j~=Il_)Gk(xmB%E7*
zx}tw3I8CAtv&h$3@5^W{2B!>g65jj3KgXiaz#M0p8?B=jFAFojwqftY7>By9W<-_f
z0bP>lIK7t%><Sll4`9y*b~Sldg0<e4Y3Gy4{t$fhh`p{e^MgBH49uLF2+&T*@097j
zzh#n3!Q0EL60X8qIz;aWvFp6^L+e>H?W|sqy`+BwhVXmaroq6Nlhb+lob5-D35SXy
zczf<IFxE3`Kbo+#ufcY}M?|MTGp_fd)|uFsdl;*m;Zxa^z1%s$p46z;F$z+5ytoLz
zF1UaE(sAUN7o4(aS%&%O-qM~`tpT&|-q8H2Wx@S-yf~Bn!F}Jq<3+*f1`K<@1NLUX
z^sSb^y}p}y{~256<l5_O8ke)E_lhs4`X<_zAE|g)gn1SKw?)1{b^rYnmX7oHZyhmz
z!LlcqKXvx|vU{`beHCMPU(fNS$vM<s>zrq{w6){pVk&p$1nSlLa;r7Z{j?MJ<yA+x
zK9pZCxpP9J);E-o?I$0p3-Ot*$j5HTNpi901z2PDksIsm9m%Pi936d`@*e~CnLSTj
zZlVuB)A*3~JtFnk@Ku-Fes^}|Q@)y9#v$s<eP+!5)0a-<?B2rtx4*dQShFTz<vx=^
zzZKsqIC(L&PTgC2lxY3Yy+zRaR^rH^)a@@;ebKBL^xo|+{tP?=efn4DecePKr_C1H
z)H-&7RhYQ{!pYHKpMKTib;Xbd;foMcc;Q*-)YHnWe%O~;{YR@b@pCIb@kerYem*}x
zvE`0&(b>ha#WL-4o$kAQa+G|M>Z-!b=%N|ycS3gzV%}+gv}n1WGk@!t`@1>Ua1ZAi
z-VYBqfrIu#hlt%YA&=yn%YOIHaUKiKiYFOx@o>M0xX;U!dF{-lFY;ApQCBi;5q)Z@
zFhz?_yk|=A;fHQ)$uw)(4_0KhvTlcegKbwk$ig<-$C+I{6Qi`=o5y_Ka|L;I73|@*
z5+h{~f%glXIr4&6UZt};kgMm>&Ymkcw-{L7o|xb7M%SV<?t98#^F8*3>l}#A_IcF9
zmj&2i+P5R!D|xn;{-*Eu(B7RW{m|Z>0@g0IcZajB?7cfa;&k5LogCg(KH~tMMZha)
zY41+1eP-fx=<MyKX+Lwz*<*AA_#^*E+`;>*6Y1^j-}!Io*b$CF4jb}~2ddBVt=Q|v
z{b~8rOtk7djF;>4%s;yLpnWobW$ZuQKAD`@&lnrgF9eOo`8h|6`Pv^^i5@!Bu$~y1
z)<gO>kB@re()2-U<TCg{G+Y4Rik@xtk>QFTv>=mD<Gt@1WRFX?OR;IyU+>JG{7&{H
z4aTPR=-7S+mqW*VXwt|TT*F*=|GoR;;jP@|z|&fU<X98?d-}WMZTAn}uJU!MS-gOF
zAviy<z|ik8i8%dl63=4Ki+{A|NH$#id5HaNo59;pW%r-6xcZ`Nym6}fj-!Ku(X)tc
z%HPVc<)rp?Yz0>3j4n0ed)*I)?v?Dh4sc)TV-GpD<KKt_DBt|`-&nP(SIORImFKzT
zf1-T<yb|QzS;)ULk%MO-4^JmQa{~F9&Yps8)akRw@!xIv51jAsa_%+vBJLc!dA;Mm
zKSBMEv*Q%|mMy1s7%x|I8!+Xg--@jN__>&4&&5J;*^3-m@9w>dY9HOp{cQV7b8#Yb
zaX7q`&F`x-oP5ov*h_ON;~~D%d{itZoB3EpyFt$5ls}|1Of?^!yvjUVRysMA4j<h`
zUo{`+@xJPWn2&<<67#Vm9D6=?ubeWPcgQP<HInb3`6$`5rI#;}zt0!dS$DF@y}3EP
zlRa!_eCoNG75go*2+`A<n;YO6#U5sYt9UoS+*CYO^mFE6PRx5&@6N+T9p<6>S<5_B
zKSir%V0JbSr!x;d`e`1f)9*BB;mt#v{^UG=9K5Z}L&5XrVZG*|JJ#Mjlue(3O}`kN
zIq=AyhgIPFY38Bbf99dy_r?UjoW1O(rnCKB>HF)%(~Y!O1|L-Bn&dB;3-Zr?VgF{u
z-d|_cKDU$D*2nlcoz0K_|3>rUcl7tu&X4PP=l}Hl*oPea-#9<!LW}<w=ErvCgXTxv
z{>_RN@Y_}M<1p*)nj7Mij{CTZ*~jI@!@mj)J0A(TtT~w;i%mcOI*1<lM0x-0R~e2T
z*~xyEjc%M-{@*i&;pheUfHysI|1#|bcnVuadjVeOEHUZZw!D4TcO~a`;*(3xX-~jl
z?6fL3w!0X)hF|N(S#w%fA}<%?Q)J?+Po!P>v4il71H@flCI+~PGZsp%g4v4424!dC
zgDZEUnLXf(eZlHUXM~G}&7P^aYfY(@X~$igvA1^NUuaE2{@I(*y6nT$2<>MPzKZc{
zkHJd%V9R*qzlZBebkC>7wH{pOqE`=vYbE;iaJVYAwvatsUaVEI!(GT#5C4b2zj1GB
zgnamHXdpg1+&cVqAAGjh+OK~7zdN>eFZg|u*xJ79euZs!s9YB9OKgv;1#+FZS|&7(
zGk?n9T`#V-pY{UK`*3kJ<zV#X+@l1%o*q{V5?32XY`X+ol?9N^dH#%p;%a{dzT#?C
z;z##9`V8V=)3#<Wp9LNzw~kIE`RzyiY@FsC_Q(Cenn3+M+Uw1;BIf-V{De~X{SuvH
z-jcn%l<(0rx5d$JO9bh22!E`E-x2s#LE<{(3N)<u1zT6bpCgGeeF#j&jOKGKKUZ_7
zCv<7{IWea=>kf*!>s=?dM7}s}91T8w@dJcYf*6r<Z3IjCEBc*??WKLs0p@oczSjGT
z@UImki~~=6Ex5q9V^b5;Vp9>nQ>NHdKkSsJf$jDEV%C8|^j$uf`Wr^hM4(9!doR7e
z!`=Q4r@x$GZ})e^LH*VKr0f`n{2#KvdbhLwYJKNl)!*L(yR*5z@4DaHxf^dY*ALA5
zA~%bC*`_ITrUi(X1dOrw#>#gogGWo$KWxX-`1NwYCj8oB9MB!);{@&?#=t&W#j*`P
zi+&FklWU6`QIGSA8tw<aVjVi`*n;onLpHMC^)>d!7Sf*9g%x*cgx_9eZ)_ubW50-9
z(&X-qeT}*a_Qp2Zdt>w5y|H=j-q?PuAM$M?^gzE3dt<YJt-Z08j6L6JNcQGlIn67G
z*OlReRQf7UQ@&Oe_g*~kP%*PZ?F-JKk0a0%IwM2<lYgPU4xx{`;hPoe7rNu61(zq-
zv$m#j!PgU8795iZ!|$z6TD30?u{Jl|_~+5}I?K>^S>kV$DRv}T{ub9ep$%*14G++V
zD$a!<o-?Y7HROPMUS%a`S-eg?l|_IdALC{2wQpE5YcBoX%)PVLaPS`GL-i}0{kFA?
z-CXjjgp2k*dt>MAHGUGf-o9pyowu)f4S9M0(|yf90=E4fE9`>uquJ-leL4NHakBZT
zbDZu!1Wy0;Ip9>`;RGI%{qwj#6kQKq!*Xo40CcS<CUPI+w2OR2@uF-DTmGR_76ZFu
z&IRAvu;riDUBt^({EB}rrTqx+vbK_xzL*8A7E`wj-??&#SvQlMfH-3p>}m0>E@w@4
zG4&^7D`69DU&&mY$=a&+)re=$a%p!H=c7JGJN58X34B%uu3?@jPeSpRE8y{AoGCT)
z#~Jn+FD0x6YW{Rw^XiPZ1~XSAA2^HRUMHsln-|z0pjR%0-)^GaGM`oRMaJu9c)Krn
z-@-YR+S9Vqo?CtG@6BjGd?Wa0FDy;uO)#5l(Hm8ETy~com#qSh6PIm2d-|1MIde<r
zzue4OT$!RDeT;vY8d*jkyL100ee7&6e`kH!iY?i(FS}_&eaYpS-IwuJ&HEpv9w`43
zyvvw*I3iaYKJWhhutWb|<X-(Nar^g2?q8*UozdnVo(Z4FKTNGr-fd?zIGCr=4PmQh
z`d7lqCm64?LhSTHhc_F5SGLO3O#cGk8qhOfR}c>n->&9aIrM%Bc_<m>ttbAJa%VoZ
zuZc>}NdDCEOy3H)4_SC0??~Q>Hzn`B$20L}XJaJaC;Q8se}at?83`Y;_UXuI&b5H=
zm2W8--3)K#bkH9Qfosbk`d2=ZImZ25#_<Bi?k4&wd0&a#Bi`<=6>#nhJoyr91+TDH
z(9V<28Q-1J{bXQD-j@Ma_KxP^TxfVD<>l~wIs3B8kiiwmK+*1U$|H9=F-Pg`OSnIj
z3=-X@@LY7;#hRQ=w~sp4AtlrkO+6iQI``5cozYY>Oz|X}wgLDW9JQ7vS>(wv*{L1n
zSOv1FGrkg@Asf%!*el?9Kkwd0-$&5K<6PGfcUlSmoP$p*`W!=DogX)f^_NO$vjW;Q
z^Il)dmA}#%&d&KKM(3dw=62z{7x<wGn|X_mcs*mt_aeSFnw%NMzJ}j=OJXWxEFUnN
z-$nGRko=c%_=cw+HO-ETF5){7<1A~o)+w}K>T1TWCx6Nz-olzu6n={6ePCrH=j98>
z`IbfApL3Uc<+QQJ_$#OESgSEIv7A19XY{gz<DeIUL;CkVeha=%jPjO5C@n^LCT+-P
zluuj*e)-@x2>((2c!@KLq-W&c4#FPR`oV+X?tQ03Jou@;A%d+q1{+OwPdXjB{#u?(
z#}IuFAx{pDNsdlvE?~pkYXi{U{$`0qzqB?Wzd<zI2n|I~udhv<F{SbK=;)OPC|9nZ
z`Xt@t^~rwTNgQ)9Yi;7W&UjHgt!Lk2Of;{4_XPIoXUIo+hxat5bD@vqOAB}jp4N8L
z^<;>?{@=()QNKQk&)m_6NcWMedO1GwcxZ(_JHSUCPFdhEKJs>GQG$;gAf6OteJI^W
z&csKqaDC(@@J0b=!*<L)83=sYJm*0_<>hJIkLMd`i+-HF{Aze>F*ZpCekJ+34Hd4B
zTn#Lpp{iVZJu4)Rq#W)F_x-DRzj}4{@(RU~m>Ys~_pP%N%J(=IdGQZ_&)90-Ta6q(
z_o(pNpYx}@5BZlp@j<Vl{%mptR?nQBP`$e-6O3x^XL0=&JX*yWylP)La9hO7E-ssx
z3ulAN5-W4@3fdP;!Tb5GS0~=3&R1#w9dgB#`~EQPf0efX#9zwlW4GT6_}5Z@3GF{W
z^Xi0M&&BB>?iX{d+>3h7|8&~#;pSenpLcc9KT{9LN34JQ#x@^u$rDz#x98mUAKz+!
z_HB4bd(GEU$CPpYiDj}M<ND+BR=u1Jok?$uSsfY_UK<!>)(%E4&u2~gyXf@q9)rFn
z{ud{|HOQE0J#-^>FK2rkuqKh`Czo}gY0#Nu_1L>nH#Ye*=AGh`)+6^36LoT6Gv31|
zhEH$f*=>w{_z-8IOeB7Js+Dc$r+&zMUBS20#9xat-dJ|(=Kk*5+PuU>Y`n4HHIUz+
zn_H<iGlvyNFQm<zX<IST1;{mG5}WU5+~UL;<J~zYlRj11>)-uYZ_8%A?b5v)6l3g=
zgIGe|DQD|7C};KitiNi#?k3=n{8)3L3q$YAe#s}-&yjy`aBfQf<@#=()<iplS;D%n
zod*j{zLhiOYm#%&rf*yBHQ&j3+^T&U8_s&r+5h||_gkhMte<`bKI7B!hP6&t>gElL
zmZhxwdfx{u=_GGha?#JYYg|g~`ho4T(FQOEwhSlVEAY?M8s#2nEVi+?UE|_C3%$qp
z_=ww-FcwYl$c6AoA^BEK%!m4SQ?`!r@Yq0XS32g)z;f~+a$}d!_r`Zp!$pr@YaPyB
zUq3WW;n9O=>f{IKwr)lDDpxeLf83}RV${kHE~YGi&$Wm=wC%*bBHL39!^j&`Zm`NL
ztR8mmShM5<JT}1Pu@L<(iKo`E_Xyo~;Mm%IN4Ifsa9^(<A^K7Icc&k>zwh)TXr=Mj
zKM#$!y*>%v^=Wu-NXHwR)W6+1-pb{2Y|z8!c4k9!%|CtDL2;)##wP|(DW<4CeCL-|
zZ4a*wwrIW9)v2?RI<k%RuIm0E?S3w@Vr~aN;yxQ@cI=hM1Un~I!@c4ZyYU?!6HmA{
za6N5!ag;jj%m1XF%47q}=UvFXY~YpebRIX?-awsE8Tw*4I*9yO<qhTRJAG;WN4LKi
z!M2l}n+J?C<%#vlvGc^LzQh_l^1Y6EsXQk6z=k=en4G<S0pIsHAsp>-yopZ6r=2~R
zGoHzHl7FMzeTU8+{iCedTKYQ3Ju|P2K9(^jmG>|fn#!J8%Ja_bV%vrv>-tCIKb?Pc
zDt)v4qyNB98Bgvy_jB=;Z2t&f>+|rBTEN@(kAU0eAK{A)q%HZ>wts|=S@8wOKgy*%
z@)vwV&UBWaq_dqJnjIYb5?wN=|4IBKL%nqWXdiglF*f{<B-d(7XFJO$+r_<f{byO@
zo(`|=g3tfeIUw6Uha8X|&?HO_2<KwhIUpq;mje>4oboud(L8P>{%WEBtuEGTLoSHE
z(H02f|NM*cK*qEG<zKPRUH%F3K#C8O2l6EJXms<j<frXKFFStPq4P>M{F~%~RN}*j
zkwfDiK`-IM59e2N?gaX*IeG0Gt9H^qK3gux1HAWtVxA~>@qd~tHJ<)zo+x)w`8&#8
zw0&}Dqp?oUxiZ-OhFqz4pp7?AG(Y0Znf$wa<dCC3l{1xRlK-l?ax?kX|BAUX^%Kk$
z<t~awb{qpAOz}N0U-h5RBz>;D^a<vQau)@!%FSK;-<mTuANxbLO)Wl(=E#-wRdeLW
z4Sch>^^@5jmDnGFeG`_pd|>@@<^}id$h{-DJkE85>yit$?jY9H>Z6X%YPi7VFWWXD
z2G!&XELR@;V;6>_(%T06M0hCI;4k3t$_!Ie%b)VBi{VkNe;mpdxu5#7MKnMC@VtIi
zzbwrzIqMhdUry{A>e_zg4efsAdkqKrobl`1pT(&!pL5`vL!Z@ajwfcw+`_O*9&OXn
z`4)*{tQB8!?1Uba&qY36fZu%+_QU64tNaGsY+D7mZMF(_$@`Q?euI6$+FfTcr!x4n
zWBJ?AKy)dY+1~eP2f9Qe?ax-Zba{n3hqUvCV=oa?)fxmjGi~1@P%N(FT1hqV$~a4X
zdLd`|y_<UA^QP6DL(u9cpMh52b7>VSZKucO9cWc@dHb`ATw2k`Y{e}sc=V7o`xEit
zuEgLs!8@BA-noPK%YVZe-YS2L^2eO=n^hj8K6^#VR#CpnDZfGG_fucxcT;}1Q$CyW
zvIXtDdKLGYbNX&h*=^Lj&8atC?_W!totQ-~<8~7Gs@|oP%XS^Xdfk1Dp<?00jqJS3
zsXUX<pn6|(>#gBCaUJVTN~?F42d|TQ;k0_EdGL_u9pR01>&aGjzAKj<JK3(!_g;u$
zX&qa!{T%SDhYxlBc|EeZo^po=+rNjg{ZZ$;a?$~VfT6y8!G-lI-<2!-CN%n{L!&&(
z=U(E@=gU8z`Mint?fDGcw)xB+m;IFAbS~%8(;uz<C|^am?V)@(^J^zE^A+_InSMcA
zKldc!hv?@oc+d7F&ZIwQI{kTDZHzg%jlX=xHXiWWz>li<iqpn3lu0I*AuG!YP4W-i
zmxFUTzN=)C)@#B%+n{pB;FHRZ+o^vzpKCSGZJ&!Z3Gt83EACp}Pk1K2JzV}{$MXt^
zp)@E5Fb1rSYfj#I1=vju+S5~n&#iL@2C>)MJGbB@+FZ11ynSAO2LARWt0?g*Ji2j}
zFM1K<8MpZ~k%*HoA8+H+_HWRJdH+?)rO%`<Z(&_T_MP%t9%uib+EWgQ+P2R+z`mQy
zI|s(w@?u?FJk)Lkx(C1|04|3+_u%E01J6CU*lk;Fu4IpLXE{RNxjfm>Lov0cwz--c
zJJZH1Cw2j`l9%bji_jqp9*)>F*lEwzNE;2Z+&xcOu@rFz?;DUKfFWDv6c^UZ%+<dz
zrjoN0DC?}<kX!dY=G3QYcWYX^ecg6*(%LQJTDFMd9LI63T!#~&neH>VE_AOO>8E&o
z%)^%RZBaM&<a1#f`!_3AOnV;}-&Rh*Cq0+p8?-O`=>NpI3?xk1Il<|<z(>wy_+;lY
zY-Ze#oXdb-{eS3OhN<?LA32x7&cXTn;rAqT)X8yjxjs%OztTY`8*=w6yEUHH*sb!k
zMSMd?I<QS2W0!0k^2zk^WyG1%_3>G0`uJ5(AG0Pm3Vm!icj#W~OBbtcL##z@2M49=
z;8BSU8O8SA*(7w>l6KAz>qxe)xAiUSC5O|u%6W5a#jM!Xw5e|kDpyRlqU^4z=vnz@
z0c)3SD^|7X+4dZ^V|h=u;tl*t$JRYWY>jJA$6d>H5WQ9oo^$w<o@)fQblVc@>Ya1!
zcR6DmAN-T(GR2_=2l&PZHlfZEdIGqf&e9$e#aFPw+P*#a1Z}0CBlK5d37_U1A=%Qe
zkiRV0>AK3xov&hzB)~f1;m!~e?R0(+`>2!OhZiH4^PM%;UG02%Y`<LI-@~33aulX0
zHwRvw67mNNXL7Di0cQn~C*F3B%&)OYbhbg2y<VGZpB1EB747{iCPr079=Y;rytTir
z)Z2#bcRF;|c`iC*U9cx|wu-)G;hnFevv8E>p#B8G=hK|A6Xjf_0_85~ebz(0Gj>MM
z7kytZ{d}Fp(84=kCr&;@z<sX?I;dT(hcZX9A7F1zIz5_v4m~z<uFj&gb9KhzAL=Yg
z(c@6(>R8FNb9G$$On28tJ^Ji}|2+Drt&RJ-k5nGdxU@5Dyt8KpagKw=ROilcSc^Sg
z8n=#T<CN@bKO1Ks-+=ed#wpZZ0M<~8cRFX`XxtWo7kiG{&OgfdsQbwGX<xBNXC2-7
z{>UQQJ%zJVJU%Dy#f^O(e!WvX)ftYVf41ZJ=6mfp9`gL2chk=A>439$X45Ty`}dL0
zJAeM^<Z~f>@=4`$4RrWC<Z~C={4DZ$9etC04)VTa?FB!xYV)}E<a0N!C7*kMXC{B?
z^0}D0dgrgekpKK8em{$RJ`cG6YWaNaj(>mo{3i7E<j)cL+_&v)J5N5>rqSn!eAZdG
zhd5vD6UgU2e?>k|_~hRcD5bvapa1RO?aG8l%2?a%hfI^+{5-$gwUbzkU@P`Y%*fr}
z+WB|8o_PD?*O3pGcR1$#)B_I?;~bTXtvKE}L-Ipxxaqx%6Em=LnunU2y|f`)SZkw2
z#Nr1XB7d*|n`(@kKe!iLY=wI^$0D80vAO+hj-Z=A_$KkoU6&Nw-%?veoNzSnKSoZI
zV{huaXUY$}Wbb_0K<NJ_Y(G19k97j%SGJwEhA-8zz6C7DHYG1jYpK|q-uKpi0Byt2
zb~5je<oqkW+nz^w;JGZyJzI&5Dp=UicH7EDG~{zk0FJF|x`$WK;GCTZ-}eg);u|6X
zC$A&_yo2)v*Ww=>@NH`B*H3rmPFC!BVp-{H)br_U|F(R=+Y(L0u#a_V^CtG{$Mz3<
z)uWY{3+K^l3Vm!OM`I6m;LYS3hJdRvb-v;2<ssgd2oWn*o@$gFM9qgPozLNpx6bDX
zF<#rrF)X1@J#{Xy^AyJ<>Vd2M6tc_3J0EvW&P?iu$o=CyxC3%wZTz;U);O{E!=I_9
zyfg8#V%8g1x98WDF$d}xAMI;=nsPm7Ki>iSbk^DB*|CrCC*OEW^R5fuo9)9HI!Cbw
z>}bwx>|%dgN9)Y8Z;G4AAH{DxoA*`?8Et>JO7|9XdNgImG@cf~zl;yXuI|k_P5a2J
zGbXuV@aXfj2HN~IxpC?BPN81k_ImZ?{OWu5G534+#dgkb)v{*J@XbztZvyY-x4$<y
z--B<}bWg8$KJ|`kuQz{z(Kk&wli1V@pkBPxX>a>U&i8YRAE|ZDUEsW+1T^vbQ}6Ge
zsPlhstk<8x14rB6vZ>?jlhy<34W!=kwt97MnawNF6^6Fz7QQ*Qe&N>>5qyra1(jn(
zkI<YO?ELHqJXAmD&Cwxp-0J7NF*?F;yp+62{jPYbD6Zf9r;0*dbibh}qTl=tMfLh!
z&%QT)1ut@aJ3NPXrZARY<2<DE_-=X^`yAvt|D}m>;G=f<2GGbl|HX+@ZCcPC_s#J2
zDBaU;ME8^NnRKuAb$@C&d6NBngT3Fbc^GGQ+t0y={b|j}jpK9=UJ>0RYld?F8n(1}
z$nK}l>1UkZ^nN=1q8-kBR6pbTRX@8q{fu;Xasa15bM>PqaP5BVPmNSO#(@w0xL3cr
z3J>TQN_%d%=k{|yaJ+tc@7wei-t>Eyp3`sjtL?eypy$xx9s7Oo+?)1X<HNn^@>l!)
z4Mm~!=ju<A=g{fTdM-L~-v(dfncz8edzt4N$6S6tjm<Hhx%_|I=E%3QKK5Io@6xZ&
zVsi+#edY-9D(w~0HTww;_*UqvF6>WYb1dK1SzgZPzt49%I7Jj^BZubW_W91j4p3Yu
zeV^}E;&0mLdlbAbd43M?ln?Fg^Q~KDY97J<sb?Kf`OtOffYVjSj>Y`X_WOEg0cg))
z06Rzfp6>%kt($A@QEfVT0y(kcY`pSf-zDDm1Ul|9*5q=Di8k3W(LMIsV-w|0o<RF~
zi_Q4WT6+}U;(7Hk+lBQSYmfhvJ=Q+pd{WwPhnG6iemZuOXfJ(x_`TBy=O;@p1<=Fl
zud(u9!LDk{+fhv3`%b;=hxXiweD=#`#g_lfvd8*+{CeMM_r6Q+jmgL^%9AjxO$(ND
zKC&I_=l$REp1vdReLvoG39k<HK}Tny8@rp;(uLCB$RF~tI4jR@*?J<i(1$J19sR)>
zqVs}$XU~W3bnF1m4`|r6ebkqwb96R>#;H5>eT6ekS27nPL)f!8-`r55bHA<ewys=k
zOrK#hBcmq;GpobUV9-0GuGjnf=S`%I5_A;bQC{e)0Zz8;BAw?jkvL`x-?ASRciOrD
z+I!Dhh=1x?^WU9k=cYXiV$<tco%>8N(Fic>v4`S*lN|JSr|mc3w}@ii)F-C@0y#M^
z)UqE(Z3nEJYSR^3@r|dr?3C_4Xr=FAXUEpE51PK#=-oBUIpyPBfn9!LhjyCZa@uKh
z+i4<xeb{#RmUi=hGA0vrwkQ6^A==4SJL9okwv0MYG~E6dr=5KEES2ybLG{u6Wt2_#
z0Cja=_7{gv(lffRbnoFS#{IxC5bvZG>f7)E&e;iamSP6ulgT*oUHExD;f3~Z!w1;&
zm0xUbm_HQ10=mWf<G(<cdVaMptl95d9V92b<qES_=X6`9=!c@?pU96_y^_ABp&xYT
zn}PP;3E?I<LB8V@8X8=l`}J_tbj7aJIEX%(m8ab_z%(>JsIkx)HtaXq>cq+R9miS$
zV_A6!e{PZO&$WNAV7+f(tK!4aj5j%Jap3Znq0YIdEy%ag7JK3O)xIzJa?5%5aeTP|
z{#AOOuY9=xy1J?lc`4XVd9E*~>nD(p9qY@NQ+<1#0iH3L^5vX<6fzcJe7PGKqfz*B
zdbj;tLI>Ai@J;rF4P;N4<I4$FeGjMY@4CL+pJMFiK<4CLW<_%^^F?)Ts=kGe+)0`q
z*u&)J$4}zkUF+F;MR?t>nHvkz_I~}2{Z%X6y<ei+inP67Rh{nrvT816Of?2ocKyKi
zV%wL?SuDEBZ>qwV8%p0qo7eE=KDK}OavrVZ%caw53w@L?_a)$I933AnC+4*kLPp7l
zWBteW;p!RV{_YriK3p6dEx_}{Fq4dflg>H~@Y}?@^5MLGOZK;)b$Z}9w5V_RaCsIm
zT$;vDGRdOu<|y&E&XcTa;f(g<PLD?T4t=VkOSE~|8PT#{R$>-*K<gFZwX=^lYd6s*
z-%_fX#Qvd7<oWUJCmUz=*uDXsKbw8Cedwp=6M4R?wZ|ed#H^JaP|15)=$1*)L;B)T
z_)q${g1t%N?W=<u*$W$7p2dFE(mRls;F}ui<b$2YJNxII!@NG5`8}C=K8g80kuy_E
zkj2h7?O8{iGM;+UVY)6-JKarEa;NOA;_o;6=Z|fA)R9BRVxFSokf%vw;IlGQG=jC0
z@H$8K#5HG!nwma>vGDg}<KvL?Y5q_=quqZ&PEJ|*#T#rHrnVMXH%wFi#_+E8OPUPM
z1$Oa@P&Zy`71f`xWJ;h{-Hq`HW^ENZ2>$+B{vCXKgE_kKx#BMiPDee|q<2$RQRKwC
zro^9JePevKSzEtkiT!PYwr6+WJ*DJC=ULM`OQyvC+uWLZ(kcppN0s}2$v=4iE~ifF
zQLAV$&jOYMyZ-sRUWlBydPn@(=XTUD`Nxj<D9)#T+A7MUPTYN;I#VLgd2Imed9EMr
z_C#vERn&`m^=`e;*}~-^8_!U0;Dd|SrXn63j|TKZwBHI(ZG-Nj-Qu9B6<r7SO{43c
z>utKe9d*_=h5$?Pgm?-+M!8d?!pTQ@7B9tb(LMb0bMEJ|zN)$-_@<U%|Bf=P_qNtM
z`yHCu$NOW-l&59Gt8n)LBGXn-zDD0Y;Tdp72!GYF`Il$1+3kDgr(zi5?|W_d4u7Zf
z@DjT`JN6vyMz?f+R#qr^ecL|hz*zcWv8U`W_*wjlCn5>wx%_Z@uNmdS#XCQ1R@BNa
zBe(np+R}U4SE#c*uHoL!_r#{Bjy?apcfQU$%6&ZeTgA>difz3)7`+K^%9ft1xF7N&
z#IJXTRm<P~zifGS$&QWBHt*1$!Ue?F0zuAmwa>55j$KHbcHY0qw)Z5~bqlZ7_wxdM
zn15Z&YS|{Hj(q=B=6(4{%1!e_TMvGEj)Rv=sCjiJaBW{&Jhk2wwej2lv)1OhQ_ZdE
z^Q#11vGLKv%&$_@KEM3V{K^0i(fAI=O=n{_sV&v><{I_vxt7UX8vqW}sdDSI%{A(z
zvP}D2<Nbr?8uA@^*FM*rI?i0P+i>UFDdve(zG<Ip)NAWE_3VCwOWRx%9B;1i+@5P!
z@SSeI;!9bvp9h?|w&BC;+ho{~H=Vf_guYrw6pxo-mo_59H8!t93!RT(&llnr_Wbjc
zyGgm?1nfJo;{t!={yyf9=38&BUrwd$Irui$D$C$EH9_`UcjS2hxgJEmXCUV@vEQ)a
z{Eqz=#C97e9>jKA1P?C4X4CndllUb*oV4w?g_dK#op08LJ^SrxQ&YxX7V&F6adz8&
zqbz{#ij$|2h3zIAu3%`^@`Ay%ag@2Ccz~H2;=b?n;;8h<Pr*^~=DuZCwD}6za?W|w
zS<K<}%F9VB>qVK?jq9M%zI^u26T3dVjhE|wlPWj1!k^n3K@V<}jrTe>9(It<)1HZK
zcZx-9%eC=lxHjH*vGF3z=YV~FcK_DF%+Cn@EXgnpa~P{r(60j-BVC`*TuraLfm{;R
z)%uC0`34QVemzQm%dqXjyqm}V0lk-R9cW8<Hl1KJv8JFlUc{!0V^g8a?7W<<=ZDvc
zz8&qguC)EB>@~*gz3td*(DN~H>5QJpqN%chMv`;U-|h3G>`^!r?i=|2yVw7f*lX$i
zpF{r*{g<zp&$ap>{jtTh!8JZ38K3Qp&%|4AN-RR|hZvuFWU~An*;!GpcVWBedqfj&
z9hrzipN-6&0&KN>H~&VqXMy{Tt8p%UL)gs09}iqE8#vfASj~AvNsp%S;|{ddO18^Z
zn-F~mJyn0K>@`33+Ue0c&R&ak#a=r<y!K~Dx%L_~{5X5fSjL_|!NCXGYk&Evqc09+
zul4loHE>4$*?C`^d1wE;vzf<}na`7$*AtoFCD?2D&iG{V+cdXcp`LB8aUR5TYNxkx
z?6v!4uPqo`a+PC`S@XlIeb{V1bOmQeoEEt9?kV+49=<W~W%lp>$+6wau5)cS&BrS^
zze(^G{%&j>yCB_m3#@C`p|UYHywWcBRz2#-y=QoL8e=IPv)aY6UNSu&TgtO*PH|=J
z>;rX7oOu|Xe;6Huoz!N-UE0Bh(=$)6@XXdLPoh`mrP*-QY11pzNzF;K;dpkCUctsk
zXSVAVr;ejn>^3|buIm%2iZmOJdTo8Bo~>8FrA@C0j;B|6ZtE5JY#a2KUg_7}(JR)*
zcKXhUI`o|bO{G`bY`FEV4ToPco@aI}T{;Aw`Va20y$-P9rcx&TaobNk8!jg{oU%3>
z4jp9MfcTszQoiO8Hk{gOv*DPxb*>FJ*oN=gaA|x!z%I{@T}Hd3|D1YY6n}@Zoou@a
zeKHuos1o_w4D9*H%R|{RS-{p@XcC{TPqQxuxO{*ulbUCW((M`X+QjP)!)xgNHeN&b
zAK)+Ona689`**fs?(F99+R8QUyym;#;kDNoE6;|}nu=$u)Ke~7#p9D7aW6ho+=*Y?
zPWcsO;<M%-W2bzajm%iDL=Sm3axG)MV!U}ow(yF}Ig<z7UVgbL;_$XLI=8KAys623
z=k|M*e|0zQH2I2uS-#3dv6GYH1I;04J(#nAd0sJV_~=9N&bN5}X?Z7vEj;t`Psck!
z@D^U{poh(;|3BiPce*+}H2=YN9@@6h;i0pjZ)ZHzm-2LbH;eoGTzmI?X!QTF_vZ0Y
zRd?h6y)!I#CJTWqgak<fRc8`h*%HBK5^NiSYor>*ngCrA0%+W7L`*`o4GgGJ6q{HH
zP}|I49v47~)&f#(G-?IZYBvJ5eI`Uj5HN$#`My7QNhTpd?9=D>eSY89^T&P7+;h+R
zIiKx(&gXoNrSG~(7d*OL@MwpfwN@mu5&PugX!fq{b+Wc=eGs`MdPL0`T^8?vAI-w9
zSFR?qo?^fHIp8n9wb&vf+23%ek={;xgf2z5_{1LRmwS9K=l-}o+m-U|l+8yM<F2@a
zbI|c*oiE>uSf6bJPcI|ihV9B#m2RbcEbr0SHodB|twhzl=x{qbk)aFb*tlOb+TVPJ
zGNPHh5??Gujn-pOR$itY^q|XK#$8s;+>`S(-xtx|iZo?sh&rdESJm383L@3$nX-oJ
zB&Jv;F>4x!GZxy)RwFvMahEFk6E<(j7csMTiRa-@Y4@$S#(ST+&(rlb?dMZJ@nh>Q
zy)s8%pKPUli6wGicvZoHD6K8D*PyKjt}wn&r@jLxrtdyTnY8^&9vb`ElHCueHtzw>
zwl(uBYXv<H$QbSN&uA+qTJy%R{#?3Nsr!h10~_D%JcAM{n}>{f<*6$#scgP?TH@t{
zznOUXFYX@HaG&zSCx+O5_{6Js4{rE{@}np29Zfpl&osY3$@jC&?@#jmKE7Xh$tzF&
zHmr_U!|M1Yd458kzlGKD_pmyC#rL1`z53q0mp9(qe)%i+?z{Y>dq28-UaE3%FM6y(
zx`*^)9%akH8)GP&ZBsk9G5^m3!@WG`dxkd%+~f|%g}}N=)!J56lyrSE8+=<5+3?ho
zHyc9s$j+I=z4c;`g9pu;4}Rn`rztjVgYd3P!GSeraz`QZERX*w{Lce#N`SN6)!9xN
zC-J4EOcC=xkG3SPqLjDsO;cmMGUsb4@58@9a6Y}_=E8h%UT{+E3+>?NiN%*g8<(Ls
zUWzY(p(}2}E_EArsl(W%Her{N^_af?hn|G*X=1-ZW*$a=4ArpS4YR4$Qm;Gn>+w0U
z_gr%tJnkFhs~upiFEPjUe!(MIC;wkr+iw|U@U*>m_wcmb?-@L81mo+Er|tViZ=Uv7
z-YuRshW{2%`<(y6(?;<-5KnW>AAqL~W}Tg6@HBy81U#*6l(H!bo>r<xdC!5L$^Gzx
zPeq%Ra=9;9Q@!<KTN1t|dY<^<OCCup2B#w7DNn0f+s*1QZxnGCqe~ZL?t~A@KE?`g
zG=)1ig%1k96h7ohF!)fuqD+?iRdw8q@4?Od?}y<g{C6PSETcW*sdY-d9?lzNrz_<)
z+Kiz;8`Q|QPv9|6!^b|c$N1ldZr+AIK825Fu;;uL9@<XdqZ#wt@bb6eqxAWzXXtMk
zJQ$v}Q|cQBFZDvVWoitp5O|UI_v}BH>1k0j575S^Z)JGP;Ga98_XD)2kw>H6Na|X6
zmcbi|9jWuq&)}Ug(GhJa`wZUs%$YsBGv=SucdP6fjtwk%Xga*}8P)EM8LQO2&9B8f
z)8L&4Y4d{U2=4{(&h_xlzj4>3#XG+N?>r0Mc{9B8KKR-Yc%$&kpTL`j!W;i__mGC)
z!q<KQUwe}8XPMuB$@jC(@2~RxNxt6<?|e0^j@QEKc#S;2B+uW&>i9=k9lzuIulU}V
zciuYy?;K9qY{jPY&h5a__7hLnRhOs@0yp8Ei-32V8qv0a7@eQOJKtIo(a^S}4c-~i
z88LiCH}5QgcWTUIwk=BMosnU@Q?qy{Jh7X1f&+bdr^rkxFZ)GJ>Ts_gJasCc?MfjY
z`ZCu3vTh-+-}7RF6JBVC4twc<);<C22hsZj{j47}bif%gU!OM)qpknf^uL96Q~$fV
zhga^KVDQS{t?!>#t|mQP|9hBsi&ySm*TXBDNEcrDHfjB>BP@N7HR3GsM^HJJsChhD
zvQOSVbWPHE%(du!c|+JMghyt_D+e3FAMBL}*D{CfA7;7L<O{QRs^w|&4j<9qUsuc5
zBL5r?^Zh-(^R7jKpX5(@gzxaGRCs9uZFJZ3Gqrp#^>^2EpISag-mQ9`<vV!E{V7H}
zZ}FXX_P)F8-OE_mTPx^q%`%HUsKe|*S#o?9@DbeAWvR$<a5i*nZ#mvXzdOG447@ic
zYY_|Qzs6ekEXHlgaA@g&teyT<?)(&cRrNQ+@N<lTpDDnvKUsbNd<$RWcJh9EpEa&(
z;^x_cn>*xw-oe=FhG4TBiVmisi{VqV*vUFY?&nqfmMuQ*3}x0G*fkzSZr{dQcNV|L
zi2Zauai2n!HlNr6C3b3F3ioWI|I`kN^D68I30=s%Ys7%6B?c6J7e4WqXcb=^*3jw*
zW!7k9XB>9dFR5=av80yGj?-<TQ?ASDz7u#4Yik>Fc@JyrTyW!g*4ACvY>yKAJe@h+
zA1iiPXPcY5e<v<UZdis)%f=UhdzR2eooyQF8tKkp<!;eG<!<2ppDWM#{j!JU?3{W*
zeSPvE_PDqYxfZ>kWN5P9|Mg-0f9x8qLHaQd8e**$*UFlHl)k1P<^LJ^#J9m^&w1{7
z*7eY9Q1%)PJ9~ov&wNiQo1D3Mu2OeoBxgq1hc|4}qdW6h-&9Z^^Sw*pWVN#|#u)E9
zXe$AH4^rRz*b`)bUD{64+fMS|Mcr(maR-|c%%gn=bu7Ea(J*<f;<M(cow%@8Us}j7
z?UY`tHDuGLcx3z0ak<0|P3SCUY_e{&=E76`*J(4k+c=^orAw)KVp`%n;_Y(BaZ&Y{
zu9<U`o%_+r_Hfttc664mYi+&`=GO4#i6cEu*VW?4=Qy}0vlQPyrTWIMZwai>XRQ2I
zTX$eH6Z^=;d>4EOhmjk*ir`-@xS^#PxU-FOF$#8N5BYVuh+TOK|1Cd&)W3OjKY*s^
zC+llT@td+a@C7)SOT1rOms*Q`S^NS1Y}k~y{d%&_Zvr0~cOpkhT{SzViA}y1e}F2}
zKf1(e*pzFTW1-QsZ}iZpO%)oA^G~KMv=_%dznr@uoHBdr;Hd2L=sx=2ReUo@Ke0F;
znwtUb<w1krffm1w-TYgug^asl+iR4%>({D;Ml*aX<$sa>Khb|J|8L;`&G3rr`4zq3
z1Ze_`Ci)e~4zuY_HEp_!m5P$E^^yzu;oEr%KD#H3&yF*63kPjoO`F~Oqmsw6Es{sK
zEzZP#*$}orN}g^zHhDr1hwYE@?Ib%ket@C%Vf&*-9>b2Uw_)v%+O~w&gzb-#uiK7I
zKHZK@U%KtsQjcZF=DTjkX1@0UXPLJjai6Qq>Glylb2|3(oAf!|4s3<*x*5Ol#=sua
zzR0{j$hSbY>5IVL)e7E)_g+X|90?{$-Rnpbds=HF^hdhrbRvhPuFW>V{doU9<dJo>
zqzRvpwU6Fb<u=21$^Osn<k?K!QU`75ehQLD+E~UnsaM_)(=QaqO@WcvqxmN1Z`Q&~
zzUp3*?@@=)XFKH&(}(MLmwwmN@2?{>s^RUoL9_3&M|meQ<1v0kRyeqSUF1baoWk7=
z?B{Y1`wZHUy;LnG(QC<wT2n@>B}S$OZ_Hv|obUzlE&hVXag|e-6H~9sA*P_#xsS2^
zsi3;)D18ptN2RCOwaz^7I}3Qo-S&U{XU|>n&M5rY)c67Kil4?^@i!n3YU!&M$vp)0
zF_k{bec#7MBzb3Ft@!rfSGs{V<<4g7EYDo>1V)VZUNc>(`(m~s>mJeh8osD}6FA7-
zA~FuEk8X4=fs>5Ko#tr~A1&FNh5}{@e&EZzE4<C+#9h+wqcC}ktPy1ovBS<8iR%=f
z>ooX^@XbTar{IaiXYb&@#W&kuH2LQJz4@kn`zzDz+m=r2=9`}>SreHP<>B6Z^EXnL
z$v4CI;+ooT>ONP(dAou+$8OU3ve<@l{~$CL>km*?=Wo#CX#NX-%Y-H^{`M+qUz@*e
z`1<@UnKu7l;BOOv^WHH2#@b?4ENR<2dtg8IO@qHJ1Gd87<jkMwY~lQ^kZ<AqZ5Hph
z!h_@-TCCmRZ}UkL9`@iGb(Q#r>2-wht?%%ClgYPkGx?U}k$IoZH{o0QJA9{DQ8u+h
z#}}D(E~ZZ5J^ksahp|OiXTb!Q0`Gxms@T>?cPUFIU#X{!<4$(!N?S7dW_fSteI0cw
z*4Z%lk@)ahXQ^t<GhfTQ&wQC@uxgaL)#2sv(QJ?HDW~3S(2V#JbJ4~sjo9tZ&pciJ
z&y%}+HOXC$8(8N_TzC5L<JWI0l=$xZ(dFikReVh~v&lERYyK^2SBX;zmfoXeZKd2+
z%ISV?a^4D=qo2D1t}gR@Rp2#)u8xXq8Di@a9ZL97E$tWYGkmu1<9}1l4Z0n+gZXv?
zAF<=gI#1x=R}bmdKiDVzkg_^1$oVAZ<~@0r_T?RUw3By<zcv{73T?LDXvnH<_(8nE
zH<?#S4=~OWbf)n8rC#B?wEqIXqpf`S^tteL)5j{mf<rd;hiU71JwLG!pP(FldyaQK
zAHHv*ck1l`Bk_fkzWU|6^!1-1eXmddF7=%V>3&Lor=Grd(8%26{n~&jGBzl_c^YTJ
z^tkW*%J<rrdU#p*c<$Hx7wfO#*Yderw#M+&`zdKshi3ZeNglaxD7<|Io6`!?g)ehg
zfgZbd&U4@iZO(n#;E`+iF5?imt>nMR_Kl3gx<_SBp@HKckS67tUhEl*#J1J_=<S18
z`#I4!BhWh|(LbZmL)o8NJj{0jJA9D65gk?^;s4HFN+2}U7xHSpb<idJxuqx(-w)1<
z{2*OfwFx;{g^wS1LItrqaaO=4G1m)bnd4~xX>N1-P_;QQmG9$3XI@&+V#k*`wW`3K
z;c*iqrCd{&B`ss@Mf{(vE>Cht$o*GJ`DWX)q=Y5K8>cXrnfTXq>3UM4e=~I-0|r^_
z`M2n4qx{d1_9bbeKkc24&O_e|Kg9QvII8E6CUJ3+coKOYwQ;T@b=#rUO9$&RNMxvd
z)9d3*kK|R5(c`G|ICTo03M^ZnGGTeVx@j-#v3=Y-`w?razuA-h+7Faf?YFAFz3_;A
zwEd6ihR@wc(Bt2r$G;=@7h`uiLZ8v!^!TL2a53WKs@$hw_Bn$-V@%l$pWbEA<`vA%
z<;>A#%+;mL*-X|5`M!|dI6K({ooV<t3-49bY|iJz>-b>RH<J3^WlSFnt}(B|V~^4Y
zi7(nZw&%=`#yxAT-F5Yxe`*AeMCZ54wsU9h6Qu3t5x>ozbk0qaCUmHVrCa?t@_})`
z+8@bNqA3q*+hglEJ5|0H9ZmRkDQN;@_v_PJu!S8=9d*fFD~KT^w4f=*7>)5M!F>gW
z&cXU^m&$V{^OQ1(yK%6kfw$?8vi=u7c!aj_VcaBRF6kbd6<1OTuDjBxM_?xB9b&0x
z?G=X1n0vYLTZO!w7g<$c%prFL&SRd*FZ^nte!mG{^?=XsN&CQA#?Ts7RiLFR6*5M7
z+GkFFT-Kjymm2Nt%kOD#z207||4iz*S8tCyIH>D>p1YVwsn5%QfxrB(<-g#{vp-i?
zt$Y_hmFaR$Y6y5U6q@F&l)dMilzyf~Xu5KcFBCEOB$~e2t*olFDF*}CBG>RMck3jm
z4k!9<c@B2JZdw<a$+@7t;Q2n}owUCYo+Yr}%bHna;GN9*HOPFiZ3xUxEY71(-vO7u
zjc=H-#<g%o#$lD4uj5Lr{|d(SU&WQBIlXbEo;v%(mHDKf3RiNod*h10eET;Id2hS8
zXYOjEdvFEYN-tcQp(&sB#c>N)@}>O&aHZ-Z16OjU8tpC3>S=F>-kyOg!MV~NN7bpz
z&a=+M6-C}nTsZ-bNS?F!wF$1^>vH&tLEy<?&QPhk-A{qus_089=ki=(=kl6rl%0F+
zvi}3$x9fKfZxUYrA$66G_4sPxYZ6m01DeTKGrIgWH+DHv6<?f7rT%X*_m^;nL)Co(
zH}dUP_+CjE4+_BdN=~BFSbrt;3$6F9LvW^%dOWmy*3XP_efBtTM81T}RmmrJ4&O$5
zwSC&F?QX9p4&FT4yAA)-P1GBnzm<1^oh92J`neh>^0dD?3aBGI?@!6wyHBb=6&Q=H
zUzwxS#pBl``l9S{D)0~dMRj{-`iWv}mh2tIa#vUEvLtk<7OQ<}o3(L4e`x}*zUgx2
z^60fH^I&5>?8thhPGC33JZEX0<+RRQ3U6P;IP$>TzWlmBTpoyD&pop@4Yp8ce>Av^
z^i$E`*m1pS@K@wl&9r@~Jv1>ru7?IE>NL^Aulwt_MT4c%{s1&sJjS5G>J+07bI<5$
zuSRdrput3w1}~$ou{<&lK9df|@NUszGXDiXE&*RtcSDCe6zEXsgt@8FV?y{9VmaH$
zC-}Q;Y>uyk^P{!Qm*`|}=3P_WT|$pi&j<K49Y#k!T^#q*u7RJ%eNVKn(<SoLFS@qi
z#f^^{c|Oqdvj5L-e>n6vyWJn49Q&7>isYOJJ~fnY&I6WdJmcuA=mq$bY+B1>2PO{2
z(4HXcQBUx%{GwxU4%rj@(y6SHx<1suaW0l}f`7s{wTj%}$@4e;E}6e#^tB-Uv*s@_
zBFujA?DlE4XR4<u_!Q5HHT2`T!;JYWrf=gC1YctP-=dDDIR+2?3w1$TBMe`Fp7Yb;
zv;pk>Pn-Qj-uc&4Ms%7S?A0=7r|$P9cfE;zQ_{_Udi0Wg5xwc<6Y3Runb}9bd71Ra
zQ|UL3-t_V(^3RDd$3L_Of7g%fp_dYU{PBK?gZP#GH}#wb>b2nBSI=o2WYEppp+>vw
z>^<#%q_=C(O}+{DO6r=$lLzeAnsjp|?-t!$#(%-vI~vqg1-nA4w}GeD+NYhfWU|H?
z|G2@Iiw7CwH`Y8S^FBGNem3o%dYrj;MKYh<kzC${y)UrHu$^ch-pZB_IIS6Y2F?b@
zswU2X-=dewSad$eo)vV}t(RUwy2vQem8^PQ3wqb94e6<O?ms8#>l8~*Ev0-~XwsEJ
z6JvwMuLnGyp4>B!M~e;JBZIuDd<(w=#KPhJ?w(aR=Q)NlVw0Q&t#UU<%X|39%9;9Y
z_(+W8+h+4jy{tWBd1nkd&4UBY;rGu9+{0y_f<F5$^Cq;>y}q4lu5UAq_3eN1UFSi}
z@q7H2HomM6Ti@=TbhC^*m2dLfH2viDt)!P^_oUy_(EHAp+HdxJE2AF4nKk4I@2m7t
zLHCid6@z1ilhjp@lGnPsppmqzNwZ|}19}@h_njWU=|$FRDr+_y`mP<B+oNNJc4#|;
z_96Z*`(SL@gZxL~pW${a;hzfpvuT`dr|^|r;!(LiGsfM)Tn5e_<ZI-coTFUB{V57(
zqvXAPk)p4QS+ABCkK&%pp{%d4pG$r1H9wgqx_^7kebd@&?wzKee_zaAOpVggUQ;_w
zslJcrC(}Yj*yeX|F1}jQmQCyEl<z~E+rLwFG5a>bjtrG|M{~#3YKzq8oHMA-!+DY!
zoF!?uM>cn?S6j5TgE<$(852pXiEif3pq4Jy{_b%epU8x89q~v8w(IqSe4D|wrZC;i
z#a?GqH*f4&+a3oO#HJ)={&tV&AsM%<KO{DRthKMbSy`oAR8=sMxf1%a*6ywg!q@I<
z-S<>wmF#5~U!(d?S7!c&wq;$jf*6?lPJ=&w%zi3%ir~7x8#Jnze4#>c7k=Ie{|x5~
zGf4LUAL+N0+xL-CPS&Oi_?Bb7&)sYAgDP;rj*eihO@l=S&7VtN1-(2-e^c&Ob$g@h
zOmqC$A9F70vH$K%zNyej{#0zgzhg|V@yMD?>?<<Xs~GDm=6g1M-aArkhDrVab)TAV
z=G?`3aT)(f>-TkkGWu`9V-oEPJT?F?_-J~7bAHMAvbAGZ8N|1CU?O&yJiBG<NHT35
zN-+0Bi#LvD4WH~EOMdl_CU5+}_$K^s9`N`Zwu`@`+dQqqX|(@ujG=```4MtoU}f5Q
z@=|(Wg^kLWT}f;L+D}-ic8yF`S`vR@^EpQwJWo-KSQ3t6&L@@dTuHhzs970Zb+Mxf
zI;tAn?083h@1Lert(@lQ;=iIbJ5tpaXQM$o9#w7j3@87cD&HcT9gXsBh)!3IR?@1X
zIj==p`%oh-(MG=E%?^*P#hL0b(n?6Hifwj0NLsPeNZTU$5}F<Dq%}quX_}pUiOr7l
z?Jak(#$k=%y93&54Wqq)(!VX}3}93YO*UfhlQX?~><erF!UqgHK%D=3tR*C_fW#CK
z`YJi=^yzCb^&iG|aJuvuWX;!DQ`jZEI1WAXT*`~QkUNeVYp%t1K2l#By7YAJ5!s>D
zS!>9n*G`8w=fb0Nu&2GI+eHOeCy`h7i>JO5S}pQjc#TC5;cdnC(^eJzh$3CeNL@1i
z(;drejOAA5<8;@=FY4>vB>zNy`|~q1V&=1tj6Vl<S7=G~KZC5;%l`nj7=hD1WbDpY
zu*+c&6c~yw{ujMo^E?!^5`q>zeES3G;jpvT@ggU!@-hc+>E(?%kbRcxACWnU^*c#-
z@m*7tpbH&C8^kYbUk#eeCMKUteBC0IAp5OBH*(j(IwG5=gMMeM%<bAwJ2SbXa6IQK
zFCDA|&*6UZ%Q*A+Cb(NhS|nvw;zzqijoQz8cGd>&Iv2aH`0LK&eWByc`VGyI4NlH5
zX0vzd@(_!`1HIlo*q8DR))`g5g+A|{<{D3*#!H_D`CRAIr{jZtoIMP>x!=q&k#rut
zPf_17`V=*E;6732YxU_8+Pef8@VN76FOT+k3>eHXVc;0JJ<5EY_EPSS@TC+p_VL_J
zFuv+yS21JfJ)3mb_vy>skv{GF^reKpl#tG2^yM<MFHr;cg)(2KFRnXj?@q?f<G!2r
z?v{SwJ6+`oMpTh@FKPF3_jXK9i!(-TaflwF3}PKT2>)s3pE6&oy%n^#g7$da4^sDo
zw8xXNiuP8K_84i8(OxF)Wt#25uiZR)dzATF?KRR~Bkl3He?i^9pgo?9CfaKv?J3fp
zqP=3;D>mEn46bwY=<QMFYqhtD_BPQTk9!MsZ=pS&j9=5<uSwfR+BVv&rM+6Sy>{B;
z(c7cU*J`ho_F8F=$NeUCze#&M8Sl{EJEXl!+Pk#(4DCH*wpTTz&dsB@N13nFo~$iI
z&kyWf)E!6T&c}M|`C8bwa%>r*=RZjvrTEnM@+tS`==@Ol+0S$vh<R_`JvqV3dsLkt
zK1})@x8$63Puoh;kHV9_?mcbarkozPV?J%nH`=&M+PLxLHg5YD+c?K+;~Lty#%N;>
zX~p?H<NY4*mJBV<C10+Q?^?+>xhLP%;rY%b-?>J<%Ou|`THQ<N0mWmrIuwvqcN{zU
zuDR*t`&Zy}e6<OuL#)jX8M5ho>bm0}C%2LQFShZK)y7|G<F7^=BV}B+!FAVg4!AgX
zP~D6_hgRQq5BDarj!!V-4c0zk#T$(CN09$8dwyT{Uc%qfw!|BhbHvB^FLTkwuhgaA
zOLzx;y2I$xA<}P~Z{7(xm-M+t`p1%f4gOnlC*<X%Uv8xTL(+4xYZJ$-_#)CTGSb^g
zFFx1syC}X;3I18~jnVIf++3VMz62xR`;tE5^mUp#@*6hB9{ZUUCs4-q3g7iRCapUm
z*C};p0bhZm#EKLcw2(()MN0nX&HT4pcSDjtsZajqu>5{A|K=|9F2H|o%c|v`RI7f`
z52_enBl#pv{05}W$9Wf8ls126*74pKC*LRd5Z~lJ!2$30)R+U-vBfrEXft4VA7xGj
zlO=k4#LwjZo<}Js_gNAfV$%!!Z(K^O1Nyser?HoM3wgz#Yzq3W+|RjY1bcEPLYo$l
zF1`h)vO$R6RuVnEt8@r)D%f*KWpB^um$6UNpMETMnMB6)0ewqSjz1*un|hzpwQP(M
zOk{1ANP6;gVy>*weL$uxTQ}V&ekLE`A1rwnlgCPvGo!aNrpfr>efZDm54(pdb?GOT
z?4FNLx8a+Y`*4xztL;?&`A|_*ZRfP=`g*x9r#7@?cL{OZsy<(``y$3FetE&@QQoOP
zRl54~%e$LAf#}iR)jzcR*v|>dU8Q168%z2w;3PhF;pNlm+hKkFWBqqMs;;`?OW9NH
zKfb=~kq9i0yr8UFJ=IuOcjStW9qV_jRJu}Bn=j>r;&W706*!`l;JD$+ss!Xp8o#0o
zJ5*25t?%D!el;C?Kj#}$*~iD07F@=jS_d}&HTNh!vGW(hOTUhd|5^GzRBsQwpg$)T
z_aEP0=Jg1={^{Ca8mL#+I8yFFjEo1LOU7I>1pglBNBsV72TvaXZ`XofO*XY{eKhqm
z-^Jjwtr{Ew2Aoa7=AZrk?eLfPh$$oVrcn2v-wds`Y`U`Uc98cy+L1j1!ya$=vGldq
z)t+bCP;;bybdf={p%JSk23|&As_9EDeW{@@tE4aVv2R~)gNEMK`_i+|C%VQ9^y%1-
zUSiFtV$ZW-&tv~=F*ZHczB2!P*EZ;`zBrHQ8J^(Sdvoy1!aj92wkd3JN0^Jo`)j8a
zFI_fGkDKRLTD~ByJ=#01_`<4-OLi$OLEcjzSV^Ayr<EL2TJE$Bsw=i>%_U>imOIwr
z`+=>MHG4}5<IpY^I9hQm<NercR_W<i8R>I&d0ti$)5fTZn>d%mro{H8f4|TCo}Ux;
zJ;9%ke|LZQa_mR1>g#0j)y-o51K6eHzs$)D_Jrlk!?$RA&K;g0XM{FoGWH)aZ;H&d
zJj}O^vj=u?T;^STXpTZ>Y4C+?>|JS;DY?ZHyxuHh;|z&a&MG7QpDk@5*QAXp)O&f~
zHn?}q$}i_0q>Z(}i5N~s8~L7K&MDi7^MA-(eVz6A`}#UJ!G9&c<H3~-o^&2JPk(my
zIQXa&7^d{;yVx;p_~css7x}n}aXv!-by>w)T=>W5W_!;I?+2gPKy!`o{!d7kd%)(9
zUu2FBQ}BN9DaR|gZtMddy>^E_$6vOA?>wjK`)9*?&#m6~hynUO*03>1-+vq4clg1Y
zB%|-Y8KCd)o9*<E4=4BiP5Rw7K;K=1h>?IjU=}t(iAgE^J6qBASCJ+(nm`|fuiXyJ
z)^JyShn_C+IpTW3$VFL+r6A{cg!bl)HE2wM#<oT)2X|oGZM6O938gSKTFE^BTunJ^
zjKqV|NXPcEQyaeRk8&1S_HkWlt@YR*4=U%^*5h;2sh+>8K3j?JoQ_QHJ1?KEVvjK_
zkBzgc2CeqYpDN?J;y3Uo_LGsv!k^T^$|f0WjS0&%&im@Lh3pZTBlIXZBXY;WnLAGb
zcMX|&8~nbMGTGc;#`)4ZIb$GaXZORq@}hFO0>psjTp_+BJ#dHs4wb;c1sqmzcH2!H
zQSsU9i?7$6qU}oBy^=E7v?sQm@s4-vmpvKRuz<cS=MFa~GS%teJQs0t;f1rjv~xE3
z1H`3}Z|Rz{X(s)uG|Mlbytg^7p%Q(g9oaAS+|Rk+Pso2c`o_ohD1S5MnxVbRf!EVK
za!%O8Sff-WxRCs1@T%t0vM$NDk~FEq%lmx(e*`_&Vt11EJLJq1?^a*lVEu3@eOZCM
zY7Om6ol@V^6$`pPCI1z){|Rw9-lpFFp#3Xo`yHN;8l&fprv63bUqSnCmoDhi^O=2m
ziudLG{|D_gRg5>=kM!^3-P*Sj*``1%p*Q-c^{=9reDLvqGQEubFVf2k(FTt@9eR1n
z%-bKI`tPQfm8WR?f9d7lOD_|ll?neMz1;Kg|7?1>hW?$7eEF)ir6q6vGwSr|=g(%|
zuS-9&)*6Yt`65=?)P>v*mp9hEt|D&;z_~Ng?(A3IynKqbg??(0A1QW2-Z&%PtuNdg
z*DxQxn^%$9736mmvDULqd4vD)&gta;0^e}?mNksK-&tQ3ndS2+pVSf8P-IWk<&Eg#
z4&r}0kOeL~b@DrjJsHm22Pg4=tIg55mi|x12mVXyJdVCy&42N6-iLm;ojGf_DU)g`
z8$e!s$v&r)m3&gR5t$}3b|kUHrB7Y#-~JI9Aa&t~5huShuv2_VehoPjK+Z_{W!#Tp
zoaY_wm-U|1Oa1H_66=z+w^mx(CHYJ2Mw+~jLf-74Zfoq<4P{J>JxT6JWxOKa`Wx>=
zbG#E7?;3NwlTI3MJmZb?-*<}fO4<I#`<MU5@xG?Z(}C?KuGd4W&*m9Omwp%hUUbj+
zdvm+aU~Q9R;-ZGGENdoRua>wUrk*Big3oEQug(;C3LNgMBZ}O&(I@qE`ZdVt*Wt*1
z^nLDW`>KBZ!z|YyUH8|oKevWf|A}WnyBctb!|zRWbb-xQIctuO6?WKNt2yf_IQ#xS
zb!W(y&{>6!zQvZ{Rpu!>#{*mK)<0$Dsa=y*`}M@tpWS5(dLH^spK*!5qUgig=O1Ra
za!*qe<<;uKF0J}HJ^yn9<QF|p=0x;jv4hxDwe44Z@>;Mm#(lC~^yiHGah?XAe({B|
zqi^*Z`&x8di3_lKF8iOXSsGb4G#%QLS&I#I?a~{&nwA#n{l2$PU#xK+>Zjioee(A1
zch6cw@aSgxdJ_*mq`iDtW!(|SIiVj?m*BGab<E>`oT9MKKo6I7JT@-DalwBZ_AjfQ
z06e3Ryd8~;bl*3PGA`^o;Wj3@*Suf5PCquL+psb9*maElTRyMSPuZ)Uhn-LQF<<{B
zu0LbS;_17VQrH8G;vSS@Y%-4Hq1BeXV<KbB=mWRj_KrB+7BOcLYmY@e_Kq=Tnf~ab
z_!V1SinL+cJEV;fecR||?=ai=Hf?;n$KEmcRBd3p`}sKhp`fQt@P2Hh-FE>s@owO1
zk8fKob7!16>hYO>w9c|?_vG9EyU^+mo&e8(@(7%Dp2qq`QB%0j<>dQ(j^Yn@7=JkN
zU(o%x*yGC^${rtbM&c!|8Kd0d0l!0^5AM?a+PKRFJ4aUg(A?(0=illo!G1SqMD?`d
z5mnO~#U{zPs)j0)?}%VMNFTK&RRygQi)7p&-7l)~!*AZuo}ruw%_GL`I%FB+Z32Iq
zIIrF$<790X8fV9!#fA-5#g8K1Uk2Wa-OD)lVw@csh0SaqX#woC#1_=^iQm?F#ATB>
z4s(gU-frJ^v79pvAlJlqCKMu;GqSUtG9&Td4xBA<I2@fvICE1wMj26}a<=v(&Tvv*
zd^KK;P*z>e7y{$ym!h@FSOfENvPxw9<QYO8F8Dy6d6vrbmwqq>81|g2GW@06@pW#d
zF4p^-WM1+%O*~)n>2Wd+;xGM~;V-Rjo~YB`zUPeZ#qh>?*zm+(`c>+<;TpqMSVvux
z@Y&U9U*@P0p2WGI0vC_;PxJ?Qm-_~#9bebN?sKSn$!nYsI{D6@o2XatK*smBz!LcX
z_(8+|tWu|Z6TdWxZ7$z($$tq?GdxZBn&8;+n+D<MGZ@?L5Nx-7?~gKYa#WTlcwL6T
zLiJzNeBZ95AH94iDd#VTj=l8xq1v&wy1naF-?F*3x>|6mW4+>AJ=b3M_&R%?$eJwl
zuFuh5u5)9*oa@OdNmnM7B<Od2l$RtZE!b0LwbSPk=qp9hI@8_QjYfD{<eTIVxRgmQ
z&Nv2Al%Sl~mb0sa!54`s(;lmAp1^y_KZ|#l-g3s(Zv5ss8}f#GNm7H0U+v`?Z)p72
zUe0?Xf!_vfo3lBSSwhV5O1rin|NB|**|g;y)ZvDPGAnNHDnx$h`!)PJ;Irw(CeJ4R
z%O%6Vdu$H*9pGm+_u1`5Z@fo`aRTvNk~_tgB5_QF789xG15MHIb!m0}sXqS0<c9EX
zUF<Oi@a6Be{X+99e9E#l$=DL!<SaDzu>>|w-_kMF)8cqg-J*@gC#Q<E>7>O@-{Od|
zZPC6#S|e$@bGLM?&)tHL+ZKFuS~#m7tSt~4HR8}$`#mpzPXE|@-ZVGt-k>w_L##CK
z4Jy^);@B_e+PFU_y`<lJgJS&$k0FDBr3FXPzvIziON1vd_5kN4<*dBig|xkkJAr_i
z+yUspS6pD5$)2MIY$dKvD!7@VCU>p}o({*KxGO2SL2y%GDly+AriE2+9=f0d__7uV
zCR4w_R$>=1hiz6K_C_~%P`8VG8u^HkpzGw0ib?1+J$D6JW1Yji_1qPd+$lCQs~=*&
zv+fGAU|Cy0Tw?IqHczQb1)h5u+egs*EY7xMk5+D}3WR1QW51rwnjwdASp7|;AGLQG
z^HF=35|sVEssBlAe#$#I$K)(O<LZ3yH(zzUkq@rU;Me_fzK+Xo@OTnwk7ECaw{Ci!
zHPjxPW4{XAH`*M__tVe(id(y!e9LFtZ@{<2hPQzG?<$#tdxu|rERDP~!83{ZD7f2B
z-#&*YY()=T$Cx{)!%ZF3jSIUH=X1VaKjFQE1}oh``qaKS3$F{uSs6=wBY3Oyj8*Kv
z)yF(9KM&r$VjK6wSZ(YWPipEI!Mi=!f&*u-NwUUc;a%&o%8jxo<G@}lJU{IM?v!P(
z;!<L%3k+KI@oW19?_$;X<pKJx(f6jqq0Q{K#T9{TYl#V)&UlL$Z{y(*XU2dtdz<ON
zr3jb^-W7p=f_F0=@7K@wCFpo3@W`cJfsIvf;9zKTE%PP#^cat%kFJ=Y<5S5&aG5%-
zF$g~se2SnSO~5b~7+Uo-afh+^F9_Znc=kT{ZopXZ?8khof_H}B@77iHZTR!I@WYhz
zfyTK|U2e=JZqO-ZS+0KeXB%?p*aJPXthUmSS-LFSi!5t5WLa9(#4APiEWO*1Wgg_w
zIMy#B%buhT-z-Cx{gt{D{Dpn|TK?047Z)0SM(pdU?F)68D0QuSc46U*<P#aX1)SW#
z8I*3Gr?1@-{kAauOxD}Kc-7E_pxaGr`pX}-M<%-0OZTg*R#Qe|uO7e20j!+JvIt~Z
z@7U7#c5=tDqVKiEUB)_Lg2*$Qe;V>^H1cdT^6WVBEFf#`?Y6poXXD4L+Up$X)%$;?
z_%wA;oyZ{Bt3OOknN{F`@Y78f7;-Ie;mL9>ov~YT&3{2}xmI!kHi;3)wG8CibaWzO
z5naJK$DqhH;{SYsuKft#n~-h3Ub1a;m~0!Z%eJ^B+?7GUW5358CnDdVk4l>%-yRkD
zM%{w{S=`fc9Xvv0@+f}Y-SRCC`F4#i--s`Oe2dq4L=9t=vn^|Ev4(u39*ufNQO_uc
zA>V49yXzBn#x_VSCF@%jvhV!xxfA)u-j~HIWQ=j|n(~eNIXWhMYl{QfrXk}*zBN63
z{TAPj>$f<NZ5lF8<ePr(qe|89Qq!(9<XZ=0cKv{MO&OQA)ARC1k#Avq<_99*Og>Yp
z!zE0<^~Yxz$6(}}1y2i>+u;cb+;hI4?|HyL0|pv?7HPmp=(!p>=K^*j^Eh`lOJE$t
zFUF<Ixj0kK#hP+%H*_DX^BaNfSa^oOIlS%?Q`WidN^mr72%NPgu?@^;TX?<z`|*~%
zbCEYoRrLNjxNpTpA6ltL_>(pE-tsQC)8Io!e`YW);X|XSBOJD_A0YF<b@8(ri`*kF
zWl(%-0^qGB|GMB00efzi>pw#i0~wxR0&!ylXDi%us_C(cH|V(J@CVM8yHDZCamuU@
zm!i*&6FbEy|5|Xrow;j856l~(Y&vS%+gg$5V$W$Oc9`UYH?KN8h1gm6(+D0V;ztlW
z2%4pS2mPM`43g--3)~RAa6$7ztFzeuU5(u#06lel1wAE0Pw=d6Iubd1yIouE2A*#8
z8;8&iZM_ap6L~Td9kB=<=KJV~B4-V`Gg7Caz4ZMEXD=%4vAUd<IT0O6Gv#ba#P0g|
zPhuOa^gLp6DDb$M@HO$1PyVwZPp$EYJWU&SGM?*t+}FW#VEJ9-=>+i8!f}zO@!X>%
z<8;x-+9QTM6@D=1OVQ7SH;nA8I)YBe_*;>uvWJ<?*i(_Gq8E!iO?T|BpYf!D-!ks8
z)GIKs>TNv~+N{w=p3D_bCc0T3?<I!}S!&^GxGc5cWYy91S!nYCU6%I7Vf{NeT*)`_
z!Ej*vPN%OT>y?ig1OEfWs7@gL4e+7}{bCM%zh2J|{_YG-+zWoqfo>*XPxvP=3YS^E
zZ5FY*&0_C)tb@-}f;qnrZ3;~A1P_{J`m<S-|C4@!n+ozIJjQ!h(M)7lK5~9Wcf5B?
z&bz|S__|MulVHesS+gqOjJ0Ofawp#0-<oxMt|8}hFYb}^)6JL~vSxj{z>xEQTWQGo
zr}?$yeAD6{IlsNJN6yc^Wntkq@`;>J9cTD5h<|V$X<{>yGbgD#l)AH*sjK{b;3+h1
z3-gPR_*m<AgjTQPk@}pxi$3~<`7Y<H7E`aRndQ6ioDyPYi7v2Zg}Ta`JFx{l(5J25
zb7$CsthrO+Co*?SPce5ATkdZ9v6$y{*3MRpOU?lK0z+-SeZ%ZNvGF87;t4LsMmvqU
ze0)c2-2{Gb9XqV<_Q{5BcE=QBZl;`X{MJGntVLRk*e^MEJ%!!2bX<-P{_0cAb91uS
z;g`9RvtrO2YsmB@{00SHcag5ZtAt-#<@S;;Wq!`LRCGP-PFwp3(fLLZlPA$XUdM$|
z{yF5CGaWlk4fVnQAI3*Y)-SWaL@$Phl70P;=erjeIC#_?#|!SSH=a8N7|*v)F`m*s
z<M}9TJY81_ZjbVx(`P)ykmx<0m-`>jkql!zcch#1Gw$n+CwGAHj5x)3CiNN5j@X|0
z`K>t~93*<p&z*h7le81RG4O3Fc(ynU-)=k07|#)N9M6w7##7P{zRfrZ-{SnyVdKHi
zG@W3s;M*wwU+ItFo7gd|azf{_Kc#k$NA{}{{Ok4j5Q%yWs0a1&B>G>ad=B`QYvS7_
zjOTj#bUpa?Rcj;hTM~XDdb-%3>^#CN#2zNT813k2r0IO=DKCEZ*S?IuVoz)d;VHtq
zCZb1&@1d+^jT}oIo0l5<2<_->P3#}AkFcq6E_c14mvrwZu(xqD`b@aoux$6@J3R-Q
z3Ev0#!2o#;+j8&ygc~@MHk+rv{U0mVpNszYwJBt<&WT{16Tv#ClXXr$G5dRL3=s`t
zW0*o(0=m>4%-!pzjY0I8E^G|*MTe@mvrG0MMV~rMp5^FjGg<2vp%Z+6c;T@e@-9cm
zk~O#37;Xh#Q9NDfjk4b)b_V!Za3b}r!UiVu)WI4#^DhYvR{Fc>MQP#ikhKFof7aST
z=CFx6Mq+0${6&d#b3bd?s-?QWsFrE04aE1%S{Ja7@^7#|#QHDB#wzDRTf^)RiRwtx
z?scbb_mbEU+1w|&ml&nXfQ9&Yr?MW<bx?fsmr-7HC_`T|><{VKA7(sh*dGK=V)qi5
zl`u{XSh>u#z%m>967>gwSt2m&{*HXreX7xEBoD~0`<}Vje;5ATYOVpSIqkg$=xvLT
zd5|@L)M3F;e3q-`D(EXG@5u?htfGFA^AcNe%1_l*&thv2$9;W|Hq38R@cOOg-2b~B
zIcm4<JoY0yYxY5`*#|?5L-5TbHrEdE9kvkzz=+ExH2E05z2ZlEFZ@9E7}&qu%pL)8
zABi`P?M&bEsHx%%f3=PatgTzvchJj-uWO~bH?bG}OZe0Q>e-9_E9W@TH8%y|4NJ|w
z_out<V7;>TA&>9LCvtqXLvp%?q}i!ER_ALQ7|)5t-=Y8CW*pyQJeQ!)O=l0ou-PnP
ztO6^m?RWZVd)_J9mUgOW<A#3`W>fw}m|fThX6yRt_oP$w`&2NS{S`1v>jSfze%ekr
zMcV?i3A8cHgxT?%Y|KgjxON0wI|{DJ9HoJ4uRy1=?>U>Y!gKE8{d#c3WAE|TwER|^
z;A=CmolnI+Ao3@j=S%28;{MC}dYSW&^;35y={(L|vAAmnvSkYEkdgd;@I#NpK|d%l
z?QfutpDD`bc*=hvJPuwPpk0SLdb#+Ieq;D--9{6Dx214Ty>7>a#~ASzNBM^!&ph1O
zx>|Syd74;9OFe&JUEQ}Hg*DHQ*{^vGp4LsP!fWxRuy}3z9`@koDOuZWoPixwb#ar8
zdo9F1L!Y*?kFUikK_Bfq5|!XqrxNtvpVQR=tkPH7yEc#~B2@`K#a>Qip3>3=?DAPF
zMkHdF<}5O2kM|27TCO_vv&co<i6yYQ)X`SI+!xW{s7UYH%GnNC0|n><u>*V-KeBv^
z|45y=VS5?q2}aByU|b9AWUaR!`knzV6B~(x-y4BVk-6U?b5>;Uu?OW1u-|dn(a>s{
z|2#dvVRueut_}XXxU2PeXmbg0Fzhf2d-<$ofroq_SuwRs-lZ=c`1`nlLB3v(b3Zl@
z?9$HVQ|Oc6%3N$!f;U#Z+Og2){pbsV6C+KW_%Ul_nM=V3>?Q1-7&zu|{1KZ{QiJTJ
z<Q(KqToXs;h^;>iN0vYj+fIZg$vR7L<BJ1dUEg-@6Oj69u{BBT9>LFAa5@>Bw)!fz
z_pS6*?v{{wOs79Ho=h_Rz}#J500ZH()*OmV5&9~Hzoaq8V&CtNe;&Unx0{CwZAzIN
zbp0*XKaKTd;x=T+0OyZ{o`rV9>G?<Ge+>8);^!>&DgDrME&X>eM^n^T{a$K0e^O~n
z)W=oo{GfiyTZs+JfStSI$6XHe>WR$lVSLEnyWXT_$|q7@>~<;0`n~wyi2Q#Sdau>z
zF18c<!mL_-juJZ4phel&k@Iy{y!2S+sTf)wrPq<zxq~~k9F7l|<HQCz!=R~&@Pv__
zDms_ceHdD>>X!P#>rUWXc-_Z=o763OaUAn0vU{NOPusSh?BgM_SoU}((&v&~Pga1v
z_^NeET{Y(-(N9)Y<9o6OpAwO&wfGA(bN)qmOn)-<m*zKF7x(ASB|JRbANz6o({NIs
zRNYSS@JV&W`fXu8Sf4Y_SoGH0fS1&(Mdo&Ku5nWgeV&6ovxL5iUs83SdMw>N0Nlg-
zQb9lN<mpcr7u<@Q<>8)|xK7V$_+PyVkLl0<>c&2OvHX$-^1mt=Aiwxu$(o}-9qv1f
z;oCfY*FrMStH4<qOFZiW%b)D4)<VAyg;s~Jh0f{ICkvkat%W!@qT`B%4_4kvWI-i7
zweOjaMEX6F$4UR>?1HuSiC{mq44tryebn)+eIi-=M6&kzn6*zCcRiNs`>QkAUyan)
zKJx2Pdt`egXED~8ca(G4+|CR&Lgxi?zg;%>;s}q+aJ*4p_N22R3OF@$CgL1m)d(+0
z<(IvygQCZC_vlXHmyzrVuVF3V!FD6Gpg=p3^mz^TM_CK3G3#7OoliaMY*-`rg2KCH
zPs}P?Onp)|6}k#9y8;;^`K2BOdKSMkdHT+$%%kfo&iI^B`#;+U`v~ic)A7OX>z8Kv
zTrX#xE-*ZuGYj}m>3RF(TN-c{dXn|hf5#c0;#0K!zh@TECH{?Pe1`rew0a27|6h4X
zHgSCZRUTrM{de+^NN7~_F0r5ePdq31x1apict{27(9`81i_E<LH+aYur)c|sdC0$)
zhaCNNX!Q}Ee?{hcz{k^}7tW9WUpZHscpCH~cF%B`EAdPlDJMDyI*cBVbnmJK`h6Yy
z>K5pC8f`SkExPzx{>wV#clU`MZ7Z<@@a?^5g1(3OF=?`w>H7Hs!_SDdhjm{^c$?DJ
zUi2zC%j-J6WOr>eaWD=o*?lK<2l!TutS+$`u}0>Tb~-X#i^Pt=nmzp7lyy!w4}Hu!
zrz`$mQa?IF(1X3DfcpQJ#{RuDR>HcX?|cg%wqSk)Jn6e$6g}9&CxtUYUy^5!iBEH?
zO?<p(L17H@m7=Jf?cA{~Wr+Q{(>f#mDR-Kkrzy`Im@~ZYQ}p|G`!N4D&cMVdo~((a
zud)rVi(w6XKl3j*EZ;u8+JhZC2cJD7cDPmMTx=cKUa~m!{><A~<pv)x%d}I5^q}}O
zg!lJ#v#)toJ-DAn*|e$=bxmJ{bYHtv$}PR^u>RkQ0rK1X)VKpvpI`XN1a)C&hHYWT
zIQzm=`Fcy-UCRdAK1I>*bSb%)HW_b|J;6LrFs!-V9^Kr2Q`N;<mE6;&2160HmQaMs
zdZw!23HmBND=ww6K%-9+7;7reW26gz^I-o`h{^gs@16+kWTd4;*}CxO@}(TN`C^Ne
ztXNG69_t)UOwo9Mio}Q+tmg}ICu&P5l<W)r3Exuc3_M`3FwQtc=ssbA8nvZ0-Q(Mj
zZ<5?w>UjvCR(yz#(q^D$aGi!9UjQEs;UmS@UVKCQ*~*ER7=ygKdDqjgA$_EBA{L*-
z1o)SvRTYvpOgW){m;VvQe?{_6F#dn~U8DQ~^LM}b+iCuOZ2r1t8Tp!dKf*nZ$BNji
zfp2u|;Y|KuW%&M$YKs#%YG?Wz*rz<9sLBa8GJ_qnb6WPllw09+D-{mlP|Eln=O`5&
z_*uED85jPDvd`3B$(S>gVCW@VMQFC#67uppo!`a$PUUwdPXqsnPaN7{t8g*50oKfM
zXX3|*tvHH$qj}^GdGVtqMz8-<_DMeBY-7^}8yn)6C~oZS!H$RNPsa4_{v^|vkxT6E
z#Nm9~;c40L&8cu+M_=7aOY--Wie|>P3Ot`U7<&-0q$JMNGHlQBXLueG8`QFEa(qtU
zU5gDVoBJFD*52X;g?FgS>K)(PmQ_mrDQ4c<zhV#csuki3A^Bz$Ehx-XYwJVAWe#Q7
zD?$&eEnC&-vKst<TWPm-a9+e7?n}B(txejajw*YFeYxYrEO=$f#)ff~8@YEk37HY;
z-^f0~Z=pT$T@#$2MZct-@OmY$*gtJN_Ts97Us9(13hbC?drov-L3{}2tK^&sIvth>
z-U6o%;8e=Il`wCMfs^2Dag=f*fBb~=rT_DRSpb-I0JBnHRszfx1GCam$_aPIgexUa
zQ&sz}(zSM9@tMkr`Dugo@t>++Rno7K;E$r5$a5JoR2$UOABRh+&|;XI@k)hCf7D3j
z#2aTD{c*<h^v6+1J{S3JP%31MN}_V2<IJ8uIU4Og^&83wXX;?zrQl5zbC}0(Cos%W
zv0DHq!6(5h$C7PX9|NmTh^hT4v9*^mr}5ZlCYtjazti)T<HDA*YOBqd_u4CjH$75s
zjnk24jMKq5yYZ885-U|7XWZR(H)HOGb@<q%zopE1`d_wXEvH{DXljPpFV~rJ?#O6!
z|I7u2dElA_ixp=Wu<$cKkxh1=<8Fsra}D;DP}j({-|+>mh8FR4R8lzOGLHQc;1J6b
zx|a0C22IM@#Lw}A(74;u0qyU<mc4=uU&BObjeWJ?esHK09LfNP(!rsr;LsOyIcIaV
zhq@h|+lXZ@acmWQvcGw+!G8nh9ew-FJNj;Tc6I%2&(_wDzEbtI+wH^yAFc0M{^G^Z
z>LR<+D{T#FUqbgsHYzQ`uY)fT=aGGj)B)_|ZtUEX@EMf7eDU$iwkLO%U>hrq_^^J`
zC!-oVHX1&YrO<vRaLMFX_Pgd{2b)Y;_Kr7eLxtuNuxH12reQ19*q?PdjdM7e>}`u3
zJ<*QM9^EcH?{;k8l2`UZRIz<Uh>g-1+jL-2jEy^+ve@SJHe}CC>~;>vhuG0au~!nW
z-}@?cGz~G@BYxZFz*hQW`V{Z2$$7a2eQs>nKGR^@%{KRtWc=A-dq}SS_K=W2Rj-9s
z3oK_d*8X7G1U#g!slZZnX&LVaUs~s6PVV<!_?tEMwb%*6$3BR$D~w(E)iX8fDv@(t
z8$B(78@caqaM$EOfyd{jjY_*wuguj{=1TJHXTD~zf97M%F6JxGt^}pL*f2X@GW=_g
zy#$S&C;6s!&7hz1{dH`T?!nB3X)|>(7S3WV7eAbA6YehH?s#%kLx46MQ4a4#?8jNK
z4s7MW^zX~ilsITFz<!WLckc5SaK!*T-sJBo_SmwTe{fcQh%&rnNL~c`U%3O`GZ`LV
zX-g<u_jh0eEzP~BsbL3Cdl7g6U0oz+<e<H8z~|e?(TDSu6U##v-Yh)U2Ms%aF~p}`
zI?Np)ujZjYQ{mr>b1NK)YK2y-w20oJjaDm4_&r9Q!Z$>I3C|OrAUeaxHJ+AF7JFJm
zhp_r9v>(XEmtEc1ATr%|+-TDQeRtSX()VX8BP`jz5m<^mjhtk6cU(aqhm&U}^0oo_
zZ^~3%{v#uF*^Z3AbFIfG_Y2CszKxR=uAr|fAZ}klDBI94q_5Jq?;;NcE*;s->zPdr
z#OE>eiwV?UcCvnv_>szehn$1qenP1`bs}d=%ivoRxZhw3=gh&6_}SlPk0YV8Yqk>n
zVm-0h8kCks)<sRsrO0_3b18dT0;jc354<MMKX`_+3Oo1|&Scl^;Y_yRZ!-PUiac44
zGn828dBl}RX6HQnSp8i1mXy&bvrSc|1ZD%1l{sC`?|HIjk~b2Zt0Zq4`IbJrT+e$V
zk9pppw21$g)awEk0p8J7E4bgIB{Um7VFSNY`EB5rdl^DA?G;jY{2UoiVyD91>}bld
zKUR>092-VmkHVt`ezj#y4I|;tqh$UpeaF<zVwpP`*Kv4yik)*t@G}b*BXztsV9|6V
zdxfT4agSP1m?ija>Kkk9ab@ed%eWT&t_8o>fZuo6Yq@hSp==+1*wTlk;kXT**RXFQ
zy0;!%7yOn!OW!&7Uto>%OU75S)qwH*SkW1k@;u-MuiG?#o>DiH`INL$;K;A8U**Rw
zD4c;Fwts`CrHF6&tf2~r*Cv&8T&U|N@xzyO_d5Wdjl_qb9bK=3zPMI;x}55ex(L>2
zvcKOnMw#VQH17>_h(SoY3;KVoQgJ_moUwGEWf@9EZLHGr@OkJ;XEa@I2ky+nE?w6j
z$2}Y7+?7CkKb~#)#0vd7hM9Vx2}9{iJbh{G)tAWbzPRG$46f$Y)JVM_?GrpF8t+$+
z*R~tuLLPMY$(OEF;7if6@m!_ig?sF7(Z{xowfTHW%840!jQqZJcHi>_4)=@clv@wq
zm^r<|_af!4H~2==Z<LAvFl<tk$$7xA)GR0aJ0(TvxbV^W5uTQaGn5f2`n-6P+|M?2
z&x2Dl=Anym{l|sMiMBr(JVbPl4gMj%rhA6Ded(I->3rpc>rWTzx@D8!;cFka?c&C3
zloP+co_;mZuc`FwF14cRMYCV`pyLWnKpSz$&#GSV>Y2N|Xo(>q@G|D@4Pf=2z-R+?
z&YoWJIxuPlM#39gfzyw<L%`yH7G8_*R=EEBK6@OpE)1DEU8l03utZ&5??7*z@t(;e
zMW3^1%+%-nRor)u?iz3Dbf%td>2$(Fo#?Dx;Je0s3&8VW3G@|#{@S_g!Wh99fm=kF
z&K8L*DA{GSsWl-7rYR>9L<ZOyU&P5W;EVOh$_Al{k!AMx@Q;921JEjCDHmS*o~<@1
zWQ#8o-kbYwXjYJTWkR?6pxgB#lVshIO&m~Q&<>ye0v_2_Hq$3%_p|1DgmVHNly#jc
zd?NCov$(2YRQ2-u*A->6tf_ZYbEoULnLY&`#CfA&D)g%?HEde=4CwTi&HCBTd^%ZE
zH)5B%1iql1E%gmK=sX|Z5LVyQQr|r4gBGi(ZyP-9W70HekF{WTeap@Is;KX7>g(yF
zQD=A`>%;okZuIe4)=0D7Cp}d~m!t0RzV0{cZl~^}j9=)!i(iprBG2TEeD~Vc)CKyk
z$#Q^a5Z)#_iOAqi<h<ZmAX`6kK3vz`!LQf18F(<zdO<6+yCY=1a5eM4f%!MrLW19#
ztcQjf>mlE7Oj-k<WIYsrgTqZ*LDo&2kD{!XvRhb36`K0Pui*n5Nq-@yB}H|VjjQ6k
z401VraDGHKbpM`hc@pPs%H~#vX6@a>{10|`^}Pdd$HE&;aAuDZJn{l^n7Tgul6gR{
zG;qbyS!~^FWY?OtRA4r4gfH}f;4)_z=doU`S%Ht_%4wR1Z|kFdwJzl2m&nJ@?OE+R
zhOj=c*KuBV6*x2T^YvHx9BOPEeLJ`?0{<#}yaUvQ&Xsj|+*Lkg$4+^VSL52i!@45o
zR(vzXS3u4ee4qC{^Cx8n;BWY$1V7*E2~J>tycoOeEWrcpKogRcmd{_}eh=Mt%f8X|
zIlgVwbt&H^ezD~fa~1EQ`I9q=8y>tBT=`s8HjRXr%KgW;VMCDiv&j?Q{w2Ii`w3-J
zx}?k(V>!PdF>G%l9tq#t%RIWh_8(RJ_j-b7N!m}1w7rr>zZ%hnV-@cIkauj=8(EXI
zqr-+a8n)g)NIG!4o&A<3`!#wDhh_WA3f;Oq)jF&3>oV?F>51VGey+D;+;nVox!CG*
z79N=T#saZF9;Pqv(yj(v(G%;m!85!aq6Z-_0yX$znS5Zo-lrI!16m2J28K3ATPbh=
zw>m{{ia+z=`bVfoV3@+#M4o;^8HN0@O02j2is3#@iT4H`W~~R^)I!rA@?C7{0;7FW
zKQJohOuxYAuksFjp#RMlY{XCGQAwvgIqMS+n+GKw*qjS&1a`l#R9AT=jk?;*y0&pP
z?<ewKV9kBZ;uoT~509*pbjod~ocNN9ytKYmm}M0F@5I05k>^9JSMkUgMc-7dywux{
zFP+5o>KOOp!h!A{llT_GE41;R3Wq}(ksXhI#9D9vmT9`o@G45orKP2rWsXR1v6{kt
z(y=1X3hqSrlK<g%z*zU^bc}m#LA#wb!tlH)ts`7hT4T?jQVkwT{@S?ADFc=H24y5q
z8ub^O^-Ei_&X)8X{$FpVOP+!189K<wUkm&j9m>R7&Jno=@yp(9JbKs`<jpAfq}W>>
zD{tK5JjYWJfleLy-ECQs_Q;t<YTPY%AUmh1E0Uz$wX`+OY}Yz7w1{;T^g2;ujO-=P
zudvfsMJtn~jb+ka+NcH}@?`TXV&Bs`*P`2&;BTenC_77t({elTcz#_Dd?rEXGjByH
zvs%I7CVT{&hE)|1_e&r1CdN=@H^$I}z5NmDPk=94?Glr1^){z6S@iFowi6n*VuKN1
z*;BQ7nIo)C&ZD)$-$c$11XrQaWwgKinr&GdfZ=@AITJg?EtAw$^#bEK?rOK-^_lQ%
z;9~GG@wGcS9-83EXy%HtCnWE7+TLfD6FqpKGRr9gKD9`hf%5zoTijRWvDuWkfy!UR
zH~2-t%h1n8d=xjT!k1#h_)@H2)<^PfH~w{fza{dmi8-z{dDbdu8QG%qtR{Q~--l;$
zHo@dsvHrL-AFW?SJt9L6kvFza`Fl^J{B876mqFxpQvMl!h36$G3Esx*Rd`;U7o9#>
z!<c*nd@JHxfBU%-Gkp`X%JNAQ-^z9wH$Gls+p59FByv&Hl%Ux6H29;Ooke%sgl-G%
zYyK6qDdh-sG*b3B#J^4}_GIO8pX7afyPdp(*B<^0U;QS(#rRj=Bft15dib8De>*wG
zGx|KS#(M5CMkm^|o_)-`(Mlb<#6u<gI{3{{ZJmxt&Nb2R66VJ#bgw$SD^y$C3V6dB
zRqcfD&x(|FKI5ptCMRWMDH|bWNZ-#`X0XnaJm;vf-mUneXxOrdf#FrD!$n#ia{t?u
zmpn7o2yZ2MeCUCk9n$|du||%d-CN1enIx~+Mds?`C$0)(6rM7f@)4v@<hPUal$w4Y
zbZlo_^~3cYCSLvX9`<>M;af+(K!owjxs_+PQNO^d3cVu$e-~K^LeqD}Uxbd_N!|tY
zEt2^{KMn3=PWF0<`QXA{F$}v3vXu2~Fs^!8{TpUmABDA5jBYFKR57L$+VOyU(vDNw
zAtpvCuysh?=q-D_+*@EL&NpqSe3!e&ET2r~&A4YcEIzdYZ+V-xMCMuh=xgiC^nLVo
ztIPC#^u2r+xg|W{_xu-pIkKc@AAPOISl1-+P1Zhvb!8{*qxXmBbD;U{@Z8(S=E9rf
z+p;f42LvCQa)})V?QCT{TgNI{!oQn-nd2i?Qd<#v;yL6Ioy7<LE`@(PREwAPKFcQe
zg*NKEL<!?1ieKV!3NML;#@z53^y51B;C!#d&K6s634AxeJjj?+>0=e+5_rqFOV$~D
zMSOWT!&iLtRpxKv1-13>nmpw%<QIJQ(eKyI`8*6BFVgFY^9yg1x%0uB5>#iK$Rd4z
zjrJ$Pn=IbaMt<QfKjT+;OFVj1@%sjEA%0bm`12zlGQVlUcgCvlyg089*lpoke=x6R
zJm2pF^Ob#I?jldqSHT?__TLTnu{yj?AMV@_)i2y*^m<Mo?hDB;aG%O=e{kOnY$uxE
z`h$Ca{@UU*A~Ys)cM$Nu1Kjw7u9J*x%XTXV--4$H&Q<DK!Rbwdx~9l^GKrhM4Lscj
zuhP`sI4u4kt<)iSDsk8ZPv3_o4Lptaw~jUNv=tot0zB=YZo$(@;OQgOC%VD}#vr<^
zYK~>3GSa*4M!~OmFSeFocYnSl4ku^#rBALnCG)U7Zl=(JoQ)E`F7axe%E&h1t?qM_
zopRTT^vB{mN3YG{yxMP@M5p;G*u2cT@W<47M28JL;Y{V=WrCmStPAB#2klDVzd$GK
zX*=F%+kNV`+fM<@fC)=k+ezPRx?!2%516nF085?b>5IT}GO&D9hh>7lo%{mJ|KQic
znRf2C75oSQ%Xh$;uNwP3jJ+3LTxH_LHQjje!oPwSS9Xu3AH1OMzIf4Wj%BeqmXq+p
z>d%*<=lkGAo6OHu{o%!TPdztZ1sl#V^~Q_KOuQ)QjTaa8YTLw%t4`ha*TIVucUv^p
z4_?rhzIbuH2}_p=OX1;t@j~>eqt~jO?d;L1w0ClRYgku!&@F0hMG^~W)3T*Snepg)
zGgzC1%fprELzX;T2Av9DmUV23>N%8$Ka8ZMvv(zBGLWH_$k4aKWT=z;dK<{WT3bq2
zINe%0gUAH!GbKy($wuf%LDsq9Nj<WYn1ZzVIdX3QP^HCB9)5#PbRriruE)mU^p7?3
z39U6jceSRB{3WmrmyHr*Th1Ma%g71H$A@*Ai}l-0*zTm9&|D8Mj@4!0OY}9o{`<}P
zML&~u!5v}if>`R^NWJYtWsf)3|1o)Ge@EV12B?4kP*2O#w9%iOm3i8v^RT$K>?rga
z=BU<ObGAmY$HV%s#N?d<Lnl15DVn_`=Av(UE%_x~^t^O<E$2n*GRU7tn((T=XI5l>
z29g;9j{xwt_}mP}X2^^LKQh02&Ge|iW`u#yqT2vqeZ3=dBz*3+J}|M?JEE&?LhpL@
zG~hA^`=7vOC3|5OY-)i)f3V3L05$?MS^s4ZM=!(<X4TV5%$fe`agly1825#J$w2Lz
z^$Z06{`5{+tI6E7%UZ6FJWu9ZUwYWLxc53%=%MetY%+CD5AzY%PaQi4sw1IiZn1ml
zb9)|j2;aaju@^n{o!dv4+rwXx=Lzx*bZ%1o04;rJBy`dW4zo{vVcs{i<fFQtpMajP
zb#`io%|zsW9{wk-&<uM*6NP?doiX22R_H|!jl{kr@8|ITsXadZf%&DGSC-zCSqv@?
zkK`;4bcYX8@Ezj#oJSpQ=qFo^?%aXRMtD&MY31Zi1#i_sN?jW5ab_<o<$bkW_Kt6s
zdia(~Jqq8(lYgMJgC{Q8{cLG@refBmlAn3k^B;)vJoGgE3a?B0^Jic+Fm3mLZ=5Bw
z`to40VRq18(l@ume+56g;K^4oUpk$`&qSXIuvaE)kPi6Z2R3J$X4ky321&SJS+`EJ
zfignt72R{4=xt|>Vd*rYryXUSt7Wcts5?8xsn|Yk=z4Zy6bwS14aP^6cndXZoi@7h
z@_6-!PduM~=|dy`d0^Kb+sICZeFV{oM}Y&G>%~5o*p@v<IT$7D`yUyx)wUk<9K!ZD
z>$Z#7Ur8$-^D26B6Y}f`{clQ8GPRsJW5gCK?|UZ@t9cxAggr}-M~u#}Z)lEN{(ppC
z!u+o~hrFq*$NS@tqVpf7KQ7kKwWdr`8G9-|OoDT+k<c#nB-$Nq4*DmuKAbleneaNt
zgjb@H=uMqxtk+!lV}_5Z8b3jqgGZFE=Y5Pv{yXB8Ovh{YiTti`fYS~KaS5YX3j=3E
z$4)f#+#eYFjKHv+Sh^<`e;ZhT3z%O5?57ihAeXxfa~3iu`g&jVixZ2vGjE4d_jhRT
zZ>&W=Vw{@t!zUakZrh#iR&L3EE9NTJA-4z}`OY@>7JM}+U5>Xr4@KJ8%arFW&&CYZ
zTkrZw)d(l{$A!Vl-EQ!!bZ6zp%Lgl01-L7zOl^F@wbS#E+_9zo{jTSReW=uZhCj1>
z!)A3=%n;?^c6_PaX}_<(!l7J+@8-^!uFykbvx&5=tp7y4Kk4!zRU_V3wVB)0xnthW
zeqh(9vHnAgmbM;RbnHJ5ZI?5Y+MF@b%KN+iBRXKbyX5`OG26+nWX>6*r52Al@P{=?
zpQ_OjZ!fXOzRmvE0~u8X2cn{9%J`m1DJzV*eo@y2-%Yr>n0}U}ZL6O{j9lA28ya$t
z7w;Z&kLRJ^-K{p{dd~JX(~oAiGJHkaTlG?Q<r!s#&DVW;XEbsCo>r8WvL&8}e!oO*
zXd|{wjwi!wQ=TbEQ*7P?)!*@UR?qa7Rp)r~Rb^(r8WoYRs>3@ssJ`?Q*X(w`cg^nC
zmpCXlyuo>ozhT%t&o&&O59Qyz<DmmN>D~kCa2}i2U7gP}ljjQd#-k#%50&A|$>*ir
z%a%kpl=0**8Pc#~$ukWrNMAwO6*(DVWApkcn@`#N>PxY0r2FA}J3EM<Jyvyk+u6_E
z3$1K{CYoxB^gX4HkzspE(3$9gmj1WkE`0w6xP$QsG2@Sh@$^DPjmWiiO-Z>{DUU?Y
z+%rTepNZ|N_?3xX<nwTReaf`otxD>!PfW*-7h!`RtKj>OX`}d+OmFMppA=}{Q10|X
zk0XaFSA`0c@&M&W;U80M8|D3RZl;&mdoyiIJP*ry=!cYR6&iw<a$iKoAoPF|+QLp(
zcNcYNBWaVp78iUa4}2ZDJ+rMicZzrEJyJf_e+}g|=&r=3RAdh6nj&@MyH^%9RGCHG
ziSi8EZgS#33I5K{FU>64u9R0Jn<UO3`b+tx;B#>_dy}-qKF3TMAF+~WS#@fRt;DHh
zNuF!SBXw?|PWIj+G{)dow(W9PYu^2p#m|+^FUhQ={v5_2HeTX4c*U<!+R!3o{F+zJ
z=>W%a^ru-(=piLTl&ov98L%%~cP8KDw}f$qqJi5hwMjPUOyHZsIIXc=D*Oi+NqrZX
zW#%B?1g0ZQcuKtjM;~o4_AJGr)V;v{9m0P#>;RgSTe{4fCcm$^yeaa_80EW+SJn(8
z)x?>hht%>;#v54wU_r^n{#ye0Cuk>ru-ma6m?9gOQNQ*VN3zh@3|m>D>$;LVwHW12
zB@(@uIz#D7c^mjB-}6*#iy!{@PQee6O@UYNnW8U!;|o~#We#*#(y-LW3!eT><1I1o
zJX8=9+jz_HyxM|;YU3?K-hHs(ET!=lm*#2dv}-fZW(*yvZT06MqoR45)abSs&upt7
z&)h6mqn3O4E_Td^d1h4(x_UFe@AG`YQ)C}jmdO5b;*`gditI6EUtB1^!^_^ka5cX}
z$~Is4XwsV39ObuO_()RG`eEg1=RcfO^srj4oL`+(l%bTjpI?=<1|Fk+Fje=3`qj^V
zR`AoGwcK(wbsh$mw*kvXfZZK0E-Sbua@{Q>xnCi(b7?`><QH!lweMd1?3K936;I3c
zJCxy1Ks!%R*IljCGLPAl({C8pR{w<E>D^<ub@J|Ke`FT(SAH3L@X8?Ns+3grCYiHj
z#_>4&lHV*T&U`##jJL|3^8W0~Up3qvnzy^5Gd5Y`e0<41s_dc7uG~cW4@i$s7TlO!
z`8@AG<b7natfgjGZsC0)@1v5B;YWMXm!V0ruX97hYe@~AL-e%zW1&eh=Ql(U{G)TY
zo^~u4!c|$)-XSeUPrIHp8QZUep^5mS75okz<c5gf^L?1{y(=`Si!>j3(1jv=jD3$?
z>&#_8Lh$JI1M>^r*A;iU)7t81Dq~m^J38kvcCS*^QpVh}PtkV3KDzBn#n~3aT8Oym
z@bS^!x6~+IH(d`t-mebxJ_~*BfvqoNe{WGqSthdPszoIknWDe$gGWT$hQY^;@_T4w
zEc#>)V-de~iRJUOBg(rEIhxO1j3TFKuTz7rKY^d-JDlEpzFh&n9mH?zLB^7e|BvGI
z+~uL382Hx#XlOV*wT|)KRC0di$BcOc`O4JjnHyxxmnr2Ro3xV=m|u9)hl{#W@atYD
zX|z8~bZOpe;8&eXv<C5`BSylk6~JKyaNr)qwkyH6gLX$-^S5Fe(iv~ygpp5RaFZJC
zjUi3WOP7K#H<c{NJOB)CDj5$9B066o&(q|2+k`>Lgh79MfyZxpO}7zhcMrNcWxGS)
z8^=#-L<hKD3a)EQd<NeDCd-9qR6CQki_tZBPiY)hz8;<_bDQ2izc8PD^mO<_I%CwJ
z^(JVY`ya||@N^e65`aduyPFyuCl>B@LM!8`tMr|Qg3@_Sw>a+hHMmcd@6NcO@*(Zu
z!rfN;PTJ3hZ>^;5ytPruPTH-#SQ!!CFYVc=?mk7rTO#2tDN1D7JhN|?{%L;Uiqf*o
z@$@Z&zNI{<mVX4Ebl4r~_;Wm`_y3Rc3un-OH+kgU_aV4iTB5&es&b*EIY@J*xxA^Y
zS2WcFuO*HW_Em@0nv`CxB}aIERxtC{U+MZ>(;wy+rYI3*c4%C0hki#;Kka8h8y7~*
zpe+rX!XPC};1vlk{1{%y{9h$~cS9GQ_K5T{vw!2?n_tNNnwc49|2Dikzp$)yzW$D`
zb74MnB7N-KJ-={1>C~AuU*?1Qt#Ovh_%v)9GOkGM7;!QV<-!uiq>txPB~!+e;!?`@
zeG!`V3V7`X*99gW=&u>fVJCAqbIFE=1<YX-bGX76mAsHST*w^eFKK43%6I28hh@y+
zC*aURaA*<fZ!?DvFo$i;!;%*PiwBv*sC$|lnn{0#_otp6mb`*7tl<AJ`hOmF7VbTG
z&M9L-4mwL0Wu~K>r$fW%@+?|XxiNw?Y%*C9r8j403|F%JXI5^M{1K%KGSlOgth6(L
z?<gf}Ib+n)(!Hr^z2`0B?!i}AzIT54Qeq#AP00z)`gNRjcCLdTXm?+-TWG??n(6D%
z#B}^BWiFQgu7@UWVvb#1&Aamc`p%(}LG6d+UX)juV@-Rb-dXKzaG+aS@Ewm{yAt@u
z0N<vyG0Ek?w;cGo(OZQ^&I7*7fbTxwI~VwlU$PE8^as0ZfbX&=?aAi?LkIA6lkO({
z9Nt}P?K+J(_@75x5wsz5_@FN)S)*Q!dY#l;LcI}`E2CTqWg^M1eN*Udoz4d$<bAtQ
zm+*kkyyefm^Vp_C?>xPeF~xKWUCG#=**d>4X8ui?=Yu=nk+J`OPyd}CnR4gSmwM>`
zhx7${t<R{|8l;~kFU~JyzoWc$7-u!YaQ#j437?op3^$8@B>(;`z4=5b?|u2i>o4@r
zCt{S^T~`iUcj)FD+YDIY6LY{mEd78<<1x?AFB}HU&NFHJfz9&^4}jzH{x&%Lwn^i^
z-!#AQQ_{~h^IgvS+ocQj_fPCm>CI++_ivnE_!jBsnE9f3Z-xiRyYL_x&%)>EKlS>A
zH^4J|(2rZ^8BU!y>gn(dA2cO&Bz(p%dEg)EF_K;;JQ5xg(UU(>(%~_q;W6JZcubSU
zV^$bE#^QJIy3QToOgOK5v$;2~o5_2Byw3a7f1TH5uT;zPkP{Y<jsy<lO&%RNL+6)u
z<AFz>-~)Vd?q{J{KY>?pUGuIh-u4|DHf}p}IjnQ(q0p>h%F<m=uX^#&urs#lX>&=7
zR(`(g?P%YjPi>MGt>=rbdVJTSYX70j6(ddZMIk#b6WO6eb*|(6G1`bY{;l2cr-K$R
zJ_nlq7@A)I%|Er|DV^rCe?F|d6&+xi;4b|Zz5f5Ockb~~Rp;K{d%|TVfpAM81T_=T
zngm2q2#Lj$2~<tMD`G`kO@dk{30~q+D=N(dYE1}u8bzt#X#)1NNfd8|R(d1Bwr>Dy
zRjO87OM<l~M5~}eg5bR0-`=y6$uJ36d(P?m`MiJ3XJ+<ZmuEfeS<h`f>seKsJrky|
zHit21f_)17ati!X|CzU%Da@z*mhZ<5%XpG<;>%V4HDZG3Al<5WlZ6A-djg*7v}56h
zx}qJG)&KO7v<EFLCdbi=jj`)wBcH}ve;+w<)6(JVejnmv?>#ee!p-opo8e=nOGm(8
z%665)Z(fAo>|;!2jHzkqGwY1Q*YBzTp7`g?2~EJVj4{u?=NWti*YBFsRle(jr_CNY
zaUpW$2jXG%BPYzI-?_Bw$e)e0`xNbc03UmQvpL}@+8P9{o{U@>1V58pjgve@wp7#p
zsN%w`X~-Axy)w$mht~wo;(2ZqUz;@*IpamfNcLQGvYxa4kTLP#bSg6Dre<@3*5`}V
zJ%chU!I9*dg}W2k8)D5k@@z^fYv&Znw41Z=16eYyk-jWhcbcA;Wo1mme`(3HTaahS
zz8T1~bC74*M)nTcw&YoEUwIZ_zaWM9W}T}r3}d5YdHC7-Le7LJ9+GpMo8)s-Y{~cU
zFs*ys>^)w^9ohHUoeX^t>-3U%gzi=IgnswltCoA$d&o#HHtrR)5x^%dzhX)gHt3bp
z&QLvLuy3Qw({zqmX>2r%z&UMKPP1&PZCBXe!twL$mFYg3!L&2@%XUoN*|bObR~%S0
zj%fRJ1%r%dyuk1=db^V+*@td+mf+#+pM3jHeBMl+?Jk*~rTDHp=9>+b^zEN$Y>__5
zIG+w1r}aC0oUEY*ZX>|?HDZ_wLSq9ylh170O(8#f9Qr%s&$u0XUcS%KJTC+%!n0F%
z+0}Mk!8D!sZC6hlseWf)9EJ~k?tjJK`3^W~K3n)8r~U1Ums4Dk=BGDbuj3~QpW^^~
ze-+SygS%(pBgYz_Gmr1kPxw5#FSOx`oX6%1r`;mBm*w}ueQoGoA<g517TjYRTWBwG
z9>ZakKiGs8Q*_6W+ny7**Vy8~u6aKe>=4$1$UeNl@GN~R2HBy>`tzcXB{k2UgNbu`
z$1;ii4TmNRLt}X;%2>45^6|y^c<&xWZWFUcIPotjvGXe|KdGyUv8n%Hx!DlhWp<Ir
zq<hi1c7LsN$U96NnBa8XgHMeAn&0z?cdcK3jpZBkd=uGB44d`{)-z7W-$K8ZkNG<4
zMuQ>m_G7@1Ytx|v13~V6U^pcVhK^eYhG7nMTbW0P=LiQ)bHDs`W2AA!baUo}IgETC
zxM$$^O?QXh`)vD4bQ0daFVB9jwj<wp@9KRQi5ty_+spZ~RQ!0zOcQ>X#{U*#r@e!G
z8`DOzPs5%8dpH}Js~Ysy)w7R-KaekGK_T>?2rk$+vF6;L8Aflzb2kop=J{EJo?br7
zHO$;-3^F!0&$Q=Y(doT(7c;@8yK`wvF>%MD{TJYUKKy<MZ)2Sis~}oynPJnHwPx3I
z7g(Kr7g+9eyT3h?d;7aK)ZZzz@xyGJ_x?$3!5brKE%JZ(I(GII-R%3-Ggm1d-+nLn
zEo9$Sa>U>)%8Rs%kF-0WIe?exJhU5otmEC7XSctAJ%o=UpYhmz_ui>`EF7E$-;J!J
ze%&5-wYhKUuGi_ePG?i-TX||d@}rubb%7zija9^}>ntul>y3Jc@3+R!-l5kTe=iKJ
z$f)nrj*qk3!g2c<Hve<@V$8m6vtmA6HmgU@O|x;l%-f6W<>TzR{S9qRJdU{y@ipe5
z7mhmW-lO^94l2Qs7owdWI9>*hmwMq?f12I@>=Sz7m^0pn<6hcI56$^CYBOTY%HbX@
zf4gLElO=Owkh#72wSCCl%he8f1?=-Z_Fe5)@+`<%oi$%I8Y;neh0C{*`&~EcK3Iq6
z-3Y&#cN{oDZ|#x8+fwW?0k<WG3+cy_!}yxOO^+NtgXhu(!sYOu6YaW^!}EEcdXoL$
zHKrF&kDVYq*>ZSymMw?9#{uIo=&=>~Gn#h6lQmE75dNKca_^hn<^Iss<<LuNa;X0i
zz5QQ%Vu)U7Ypd1&n8uI)-I=GpIq98z^ugtdX^LTA5_xnt`@qNv&5?5kh8Wz{tiS1!
zGhX1^0}a(PC+jsQG0X|P?``;=qYIWZFX28z+CM6mS?d{IYV*}x?xkhjZ(zOU!B_p_
zs}Xc{to1BjYQX=tF;@Jo_Iev1w%*{S?o`&Q*XVY5Y3c;~y=!nU{+6fM_<M&t3XYeT
zwxWCefPMqqfn}|)@pgNfH}}3==FIFe;N9!Th4de@x4${w(0tLxWuf`1?3u6LH5_e@
z4utN179Uky=^p;;yp4~!YJyL-Fh`DDvgb!<a&#7tIIVu>C|W<dXF7b%s-IQV_tMY9
ztj_>_X^lF4Nd}5m?)@w}9Yn@pd6{?NO)|EHGd+dup`Q;9{1cJ6ql~fud?N)KDMXi%
z49?~MZSZOic5M>>W$$B??zI1eu}Oy}H}jg;(5Llo^9JP=aCgpOPfqmdVl9f#pHBPb
z#Cl3UD0CScBjd7s(j9=u(L>w;Uv|pi6K|~p2Di>T=sj{v?+yCaH}7nE2IeB^ml5w<
zd5<m7Xs|aG;5TKg`}pt&+wC~(f%?tVx8Bo+-W&88wJ%Soum0W-j{aV-2;V6cM%j9e
z$;bFi_OXaj2=y~x-&&{6*qLu@?CsR`09PzBG0hvhF2^)Gjf&c};qWQO<nYZV@eR>q
zOq}}_{KQv_$JQkooBbK~xm<sSv85%Hw`NBuZ%ytq58L@4CK)x|_2gHi&Jtq(uLQoR
zIaC;va;Timov_-wkv?$<+Sux{^PDuqzOnY~SI39$VYsWS3O#5#I`aa)x6^k9`6M{M
zP_~miVplv<wf0W>*Lj|0$dWJ9?l<Z81n$)OA?;Rv-)H5jSOLA|P)B(b(#WB;8an<1
zxT*wB54l{FW9H;hR~-tlA7sFvFTd43t1*sy3zhR;XXyS~2Hk^)N^nri+H&*@=bnQt
zv=^R#=3L~)=gL3By7W99TqE42F^(MWz80+|gQsHPO<QtT7ry<?a~YR##eM7xgg571
zB{{-8;Hk=GSb4F23Op0Q1827rG~NZ=YoqaMtk4*D64?0e&9jr-nacf`(QxMGEbbiI
zvG1@L*C_n74mGB$-PH$<-EI;7_{etinG4;q(?-tx0P8;ONX|@8j4wOK^p@r-k3MTx
zd-u{K1K8^;T<jg5>&q@J#Ycr+$G%vp7v8ZOd$=B&Ne<DB@YHh9zH29zyLMK9j|9#O
zr7bzT&pkV$LFEKuE$bZA3hj+X;>5yjw0m}-gJ|(Whi@jA;PbXjb#N66uAnOmSJU6O
zaTQK;72J2&A8v}EN8zSE3^&aYxTz!8h=ZHz2;Atrt@yX{xz!t8nXSy%L(s8!t)7eT
z*6?34;gws=)ldFNa>35)If3;LU)khN<6iTtlSap$XpBxXh_NtZGYr#%-=f*xXJnp;
zft$~K&5wL1d+op#F7%gPn_9Yy2~RBY*gBl>F4=H1aA=+V1UfE(PD{}7(&)RteDC?}
zt0{Mp&e|%6p!SO4{p5|>u{M2u?7C9MTDqjTi~YDw_y)T>;UBf|iST^yi%0pk)SB+n
zCg@9Lb|SYHbH0ve{p4yUmlty~j6R*Zt;js9eb!re-IZ3pcRO!<CUT`6{wREZ4ZMCr
z{GjgHc!)dJ+pp!mmagFRdgcha&8%a-r+^E^U8hoSJ+$oDY6q?$uU^PkAbp^}Gt$nT
z8fjm*`CrBqCs$8J53jzTxwh`u7-7r!FMP+w@X#F_oMDXQ)0e}i?+EefZTRMO@5USG
z0h+s>J2Kci6F>Qw^NTj08e`qL5q)jg`G{6<Zj4+kWAd3h;_=J8<iv5ivSz*t4efCG
zvJ1@g(xQm<0^jOcFOwtIODj141iG`&OeZ!@U>*vIuQ(Gp1+UE`#&xb|3>NRh-{8Qy
z9)ACMVXX(&+o8+;U=2W9&f1O!YYKOmEw}D`weK8xL-0d~4*Z?0=_X=9wBE@xgugL?
zb$j%=X2%YA@`rtMw;K4fzDFD470~=@`GVSZ6<g;T_q<fRP<-QY-b+u=???EpKDOT6
zd#<r<$r+Y!@vl5n{j@(9A9b$ri_-F+fcsyWmdnv|t@~ag^buPI{?E{|pSd|6S{AJT
zinN>s{GW%GKm9NJu7GsTY=_H`;oKRrHSEq1?ijITfB1bN#oQO7IJFm$AD!eKT?v2D
zIqUW48^h2E6=z$A&V4ho!fERgbd?Xxkycwl)4qG;LuAp2U&XFdypF+IKAkq7LZ*K3
zIqLb4X}g!CcTJ^kJo4%HVRh$PecE?(IeorQpHKbL?lT~HNWIBRPPgjcgdUV*7~QfF
z(4k)DTzR)S%^=Sp@;le|%|<&zruA=9Pd1tK`?~uBvy6a!f1f+e*rI)zrugNvjFIFV
z=H7SlgWCHCcct7jq`{R%-eY)@_<~6cR6cw}ydr$x!#UU3P8roT!FMirDmoJ%U#5NE
z&%GVNH3nmG>%;jS=gyg;iS|9vGkJbbL>U*hyHidvt_R?c&B&PDF8kgiKWFuC4%La4
z`@aagLB0^l@9QJmCZ|Pj+heV^*VDGnTc=XTj~rh(K-<E{?KhdLFNIDo;d3#ci}+l~
zC(;hrm_6uB=sP>pkIZ>+@4K#N8y|UOfBI6}#+!})qB-(F>oX{GcBtPpw^^Nl&(y*h
zxeerFaPE!M8M?8Ya|VA6x=(47%e50<;J#{TMz9sYuZtMZZL)P3%N?=M3gc4Qi4nMP
z@DORMCo`6Czp_n7p}FNezS>oL@%^-C(@C$dWk|I4q)P(VbZ~UIy)TXQoqzi-X^pAe
znIrVf4?=aK&3|P7fBQjj%{zRK8dDeye~N^m51mAZ;l<AZ!*A&S*L?63MLjd;&a&?k
z{g^fO(EaCjRWZh`#3sr|kh$J?S-Q4C9&_b%6n~H(#(%c2`w;CFO+9+u{U~BQ&Rjd|
zPI&)*M46~~=d6Eua__pU8DPxLx>MWtMYbIcpNvs?{GD}o*8pwXbJ{n@!7bqPW<EFZ
z5q}f?&&O9)xXq}!PTv!a8gh`V5$>+1%yoRO<x>aFf^%H>Q)2L^3~J~q7|i*RA=o?I
zje576JwzA&TKmkp=A|9Iv^e9u2FV)PA$9oY<gZO*&%(=|McR7i0-kpc`r2)a%$j!g
zQd-zcsfK3L%{XiAzsK5tg0-K?U0B2$TR9K>Cv%4t@8`lB=JI?VF$?9$ob+kcYdhaH
zo-O@G>wd+N&g2Z@6|9vrL-=Wr9cS&SIQ+rk4KDhZ@63%KX}in4?jWB?ShIk&Xv4V{
z@5m$<NiXjh+jt3ltpb?u*h8LW`1dz6dwIv0i1~Er={9iem#-2T=ghzO?$C(xeeZ|2
z`EGf<%}Xr*7jUnj?*e3|`~>nJR3NwIQ>>TYGS?_;OEMPx4Bmd#cw^Jg;Xyx7GB#<h
z{a-@1n90?aPiMaGmqt?RNv4theQbvApJKQ9$S+)!5%wH9SxWvN<-qeV;tX|+!JZRw
z58zMVkK%u+jY;mTBah`nH@nyUl)DF!J^TKe>^o%nE@m6g%pQw;zXtymYq9HEqvpU?
zBilp$mf84j-oNJo-GTeejpphu=rS!P_t^uJTvoml<!O{m)BW5Z^FF0C(>klyMjImz
z2iK&WP`KY11uq|GY-zg;+Y_7fX=HDrVRUzm^KJPi;~s}?+|E78L6>`PD*8#s5aZHp
z?kubly)9YN<-s;dM;32qPBPFt=3#FaU~^nI>dHeZpMm|%|5D{`x)GSWfhkB{)&|B>
zNgHn3p#9C3ofr4|+VO4U);Z79c>djY!}vAw$z*LiG$@^-9XQ?O22UwO20<Iz&$H%+
zIgo#Ak89HRC%Pw|<nww@Iv1Oavl{!_PpwU69E_>=&d~Nl<v-S3dYDVmLn`Y)YaD%Q
zweaBJpqVl8`_l2?z=0Eb+^oIL9Q<V!<a72gX6}wI^|G(w1~={a)jZ&aXO_=EKCQ>V
zM~3Hh?$#W)Zoha0IPtLFg&(KgG}fWV#;tW<v^x?%<Y?>Q3|$&!T98+n=x(a(S(4q=
z!gmYx-Sq2>wFsQ|`mx4!Udw+EFr=*?XWfIT`=ZCvhJ!~x>!E!sK8L-*O!6dlkAQ|Q
z16J0(MZe`S#y<I+#S6SVJ92j(eC>Sr+j;Q0bK!SiX*hf{XPf5OcPF<(cZ(L=_TSZf
zPk79}OL<)Q9HY0%HVt3HI@2(cvL@fs4+N86zA9kaYqd9~aWdaSDHBaMb@(g#-<GlH
zKMzBzEup)=bD2+g<fU2M|6L5ubf@`rXxj2KP)@Rud^jsKXI}~3jm{o2^E=L>X~p;s
z=c9YRbxu%p?Wdgt+DQoAjUIl_x1KM6uHXDy1YM(tI&>}lw%!$@YxM7wuOID8{t2|b
zErPaphiIGeyu3S%wp*go_LxTWxIXuwi?+ebrP1y}Pl0xepzTV=p2FBg+rrTwdVI$A
zUFa#MeHXfiyU^3t+jpT0FQV=Lm+nHJ&e|yppCgMd(T&6G1?dT^O3l^98-i;*Cvf)w
zej)Bs$?*1b|6~UK$hjeZr1EVk#>Wr6#Co=`ox9$%PIoGoE-8uXkCZJ2Uk>>c%~Bt}
zr0D)g&ezc9D%yPF84veQ#zy!f&C){VBDz1)!~K)77LSr_*Pc)z<JNbiy`goOc8ohH
z?*TWW<=a_9|BCm=frKw~2W7`Q_8LB(J1GAWDjUs)aD(gr&O0c#4$$}i>fKhz$*1`2
zHb<2D(7(uI-+d!Ir4)N~V{vI0G40)}c(#~loP+5q;kWiHDwj;|Y9|jf@#l@&+tKe>
z%I<(~Ux2(@$sMn?$Z)l(_MTd@xQp{ujTghu-{*Yvi<Es5{&_Kdzr=?#RaXD;w0{%j
zSJMBB#f!VFav_+W;QtDK|Be3YmrM!uKdf;N|HI>TzOg>I=6XK=$a;CY<X?NeR03bE
z%jh)ESiLsKNbGch-$+|YGWsan7azFd98UZk>t*x+H2dGZUOxJ(y{@CJ)&IX<{<-UA
zZC!B9BYgTh^Da3fzn!N}`%~^t*+4VzHM)?s-5Jo@ZLHTB<W_#}vpElXu%$ANEZv3A
zbF=a-#~zveV1Z@hu2>sueD*-W@Jdph9DX3XqH=9F>pv~HbQdygv-hK=yNaM~*%Q)b
z6_4^}d{Xrv<HuKDai7t(m0Svs)35Tv*fBVXjdhg2qr_;q6Q37*$D3p;gzv$1738A-
z{-%C*iAkQ9zPUx5Gt*i->x#|QW#rNd#>C(w7($()=+16*Xb-w{EIxub@=3TjXU^F}
zVs?()J&)&ed7n?YJj$Psj(r~a17fT=tt2mb;W>Y+J;=i`Ly7$vLe7A}jR#`};Wv$G
z>?StsQ`TaMmpII~jheHG$8@KX`}=WM!@H$s!ye+n6mx-HMI1m<XVN5WR_@aCyWAOR
zhlkD_6N5cNJ;C0F-MMFikNB~1<hmG3{CZ;J-#Bl43wmYywYk}8<Q+=GE~q45K$}%(
zLgU@oQ`+Ovr~c$}YoAEJJrl~4h+*019iMyGMsR%=^|FA282I^_e0S6S0ovEyM4y6d
z%NOu1%MKuqfE^oD2`#k8;DcuV6sN!E{nO7-+h1j_6eqY7o#`-ff@`4@<(vN!&zq15
zqOr<rnmF&%m1*hyv|*1gxp7;k-Nw0;m5tNfV*g*Z_w-BD_N3TQ%o*c;WvcDB9!gok
zf4DTaLG+~GA6sw>evM;%V>davg`<v1!n09!@_65&!jHvIlN*6^bsNvyC)>Wy-@hGZ
zD}?#Al@CVkZ?DDQ$QaZfHsADi>Q;&-v5%gMXzLgKv?cm|({HZ+32g=Eh!%%JTW)B~
z1FgkEbI{@4!|+$d)F}5@-SXtF6QH4%LSJ_MRAa`+(Ag&;I_rkcx<YZHy33>`!HNwk
zYe_J+;D1~2RcO8volxf?S4_bVfK5?3mc06l$eTOGn2|?}M?JA4>#sHOMUHP=*@mwI
zT<hZ=1I<7u?bw~pvvf~+QVy|H9Y3l~#=ebhVr|zCCckt+Q?}bwo{1A0Et-xEJ+pF8
zoX~hWxT_RBGvC|(V$Z8XJKKR#G*b%AfZL3R@uO+|Kf-g-jC_D<Uo`V5Z9rGu8~$v!
zAs?V@*ykv_{!ccYxZbe8MME*z5Pzl2JK+3Wi)IoV@1iU|=j`%jM)r}rF96^3!24YA
zpU*txvBuBGj<(mh1M`MAPPg_=9he^t!TdNdcLOuAPQW~&aWT&oE3UZ^%-GHrPDDFS
zTeDxc+p_MnpiUKanqReHp17+Q_T?7r$-q9oajXS<a^pP8+H;lEII@-dvFN8T!Pp#p
z+sJ0$Hai#`)DWD+U1`^v+4ak>>hh33CARFu%jUv+IPbq>^2U2#iM!#K`{Q!o+TZ!}
zkM_^yoGLjkcclMv?v8YRr~fj4$Cvp|#y|DRP^0@U@Sjh7KmoBi@-f{W<5>~Q99+5N
z_O30w%jWkIzB4FKZesjV6Yxh}eyADR%OEFF0dhqCs3nZw!$&-&93PzQrsB9ax$i7_
zorgBEX)hZa{)0VX>rXx?VpSbmUA)l4IL6Nb*Eg6Ajf^kWZFJ+0%GO<&I-8Yq#6Whz
zmxga+Pi*-t@x=D!ykAUiV%DhRvoa_7e)%(KcXrqvW%5}SgzhMF#@qqzL+2TJ(e5b2
zfAl^)R=CQuaOB=AA4eiFY&dT4Q6+XNCsI0ikUTYrbr8O~i8D#3P7b*8qSxh^$sr%r
zoA{`bEgzL|v<MstU-HTL!IgVy^19n&+~l>AFYorQcHo!KYA@~QGv*GyJ$$QgH^22i
zjsNX@lV_z{^~Num(WU>Y*8ty2M~9zl!5+I;J}Y8|R>)r}m^4Qj9vddjc^*F8Zt4cr
zRtT5w5%6#3V=s769F4QCY#JTccqcSE@mixMz?z6DG-~RYGtHyctg|l9a}(RBXM7|J
zl4#44X>SKD{@T7LxG8`?x{&ALy!yIuS_$LTaqw#Oqy5oVV&UB%{%C&tS;iLi`}Ul^
zeV-c9cQ=0JNZzi#nb$sjpW9F0t;m`>=0$g3oCJ^8c&xiGLU;@OIk+i_=X<!L#gf;H
zpv@4!t$g=eJu<rEt#5^7^z6HaL6;$3l3B?-h?j`ZikI$r_Vkge@9?ENXxrhX$l9Jb
z{quM(UMkrY$xF9AZMPx0q?rBdDVzI@&4)HTX@C1zM{g5<;>7IlpJK=CpGsK+KDGY_
z`n|_&u;j+C{dP<V=gv|){1$wAzU^oJg)x-x`cKJFdml!$^EGgrz?k;)d?epJ??Sjt
z1eZH$U%Z|?#hY70xNHT_zu~#)RXDNip-{WE<PtJjZ^Hk}f-Qt&|DStty#1Bq!|{ej
z8wU=KPh<?yaQr^~^oQeR^>!N$j)&1k>JRN_%O2~+@g&ZTI5>VJgyR=!_gOw(!}|xv
zFI&rhjjiPy=IS4SH^uBko=tG@=>CE3FCsq*Jh=+J&9l^KNLgw&1eP_;GAaVIs@Qu`
ze&gEDjD}kFZrl~@y`b~wgVPeqyUp00iAT<TupYS_cjWF}aUNrHDf=Ptik%rpzJlKG
z?sQK>?+*kYC`hd8^ccYh#*+6vc)F_rKl!G+&?yY&uzBy@J$v5{PuIK&ukHkL$dbp)
zlR$3aADIou184iG<bDO#PIyo;@yD`1eDL3S!>{RzTl#N|F{i;-p)r1c);#z_Tt!M(
z0rH`Mv06N_0$m(lru{#~b{4vt&gq1&2`2Aw_eK7xy63ZEmiEOvpv7YBk5KIXk=98@
zjr8mA_$}tZvI{gX0p{g@+s+yajeH(E>paRIkDb;2je+f~T*i*Fd|Y-G_c)ZblN%x_
zWJ?A3EnDgUI_^Pq+)rW#VT0JVl;}B{E%gqzRNDZyRQoWaA6qIB88i<4YOG~Top>a;
z#*#bOQhD$@e~e>GB{Zh7-|X;^yr1>*kcOun9@1+|oellSmXb|n+alN?@UGjDBmN#c
zD$%lk*?Z_?M{QVc>$QWJ3-OqF#F88Yz60?4aC_<%a4cRUdrEgDN;lq2Tj<K&qQ5q5
zo7ok1Tl*;M1)kh%?EkKS&2Pf(sc%iT?WrGA*0QIpKF2j446~~~ku8NjBAf8zC^nTh
zWK-RNO&Ttz??MOA`giLSCa0Bi^;kBx*5cwv`?tBi7SUHhKYfYsF1_AdeI;#0`U`vb
zWWbl5&IkRmOnM(Yv$PHUK993D2dLlj9bcE<#T{bcxBh-#SBvF~NNi-jR~KPp=?sG6
zXa21p7`AdYo;-Qo;=6^*0<$V9uk(<*dA^(Hk?}h8HC=P*UP-_7<&Eg)<bL|G?V7$Z
z6|&d;^uv7u7T*u=-{JexNBove)VJ<1a2CfW+J2wtFJXa?`#%$`yx#KXtZ^mol+OCv
z9+Q3Fv7P9C3!Zb0tv0U3j@T7k<No(QW#y4`&y2Z>9N=H;a&`M2*tfecjZ6X-#l^Tk
zdLygl2)X*HZ&obqa#vhwm4Bz7^72{BzaK50?ag(;HE-~VoPUiW?HKzjCqp~Ov%hiy
z<DSTPMGMYZ6zz2z>~(Kt&+vKVQ=N-^p9{V5M%Ecq-NZk_1NXUk?jFSbH{|YYN5@ZR
z{AsBzYg63DKI4qawc)<tImq!yS~+~(vHiuTh#!UBlVZ&sYm%I4-3jRD{@Fgur=hjt
z9yZ&eImOvju-9KnypU-7z6iWK@gfxw&#l-tY&Yk<=s4VW|4ruM4nC3a=*+m*<Bg&A
zj%UATQK)P*AF>;I{O{cFnKMA&|EvCMZ0D!=u-{|t&HRt=_t5uCe3V1ahmHHs*zei9
zHn^sPPdLpeCVm&RFIskD;&Z>|x9q6d3;kA1{NH%5wJRF@1HVPzhpz37iO)4{e@qJR
zB;zZu4cRZO3+G%-G@g<02b=G$$4(y0+R~l!;)8{(<@#mD%YJyeY!=VTYr4{d!A(zd
z&U5{;Yr5)}6?ADWZTd@Jp69HU+tD}Gj?Q8g!MCkAx{z%7Q9pI;_0^Yee;-`^Cm)?P
zKXgM3{;fgyxd!9!B7gPW#Kb*s);PIcbf#Rs#-x?GUE_({Na3Dy?AQge2jeH;<1mc*
zlEr7km+FS(HtbpC+fw!=!_qHR);Ga-R}*|G0KD8;ZOQr==3jRmC?@L2-F?qgAG$$#
zcwIGxM#^g{FMV3&{_F3^8SWU6UtPNVxKYN-MvQMu8}D88{n}VVd0(dEueHv+%3m(s
z9GShZgWrnn2>`czlSyO9xBc1BOu;1GL;0rFj$raiwlJP>cs*h8>b+n}*{3sD(P7tK
z{kh=RvB^|^4COT!i=eN6i=b7}s6T#AS3P!XBtLY2y*axQU!nU%-vgC~u~~UO-6s=Q
z#2Ib3Vd57t(dpccU&F`jt^+Q^*!S-)#ZC3)tHI?%@FyqW$4q3t$1>mJnC~R!dpzgW
zhY<fb7+o?3-P(oU*hHVR=Ux8Fyb*K6^EamzG-ubR+OV_(Yif-8AJjN2tnaI0D%a-W
zi||h{HqE-(*H9ZXp|gp*s?)C}PLlHO3cgQ`At!rG4YBMs?jrDhs@dRQ#`6MKLoB%0
z9hnE&`}p`~qk9+l^6$yb&O6DN@#x!%)0@!gJArkCpW6K;V+MCyY{7R|Mt*e5uU$v^
z`jB6H2l1Bm__g&;<ttA%W>i2kKT%$Nd<9kHsR@r0i9_a=ht3?N5hvm{P3znma1$qD
zT5%$2?(J*c_j=aF;?tVD#NSmyZVK{Cb!YHh9y+(?#EHyfU%T8iOTEZ_m5Jqi`#k(=
zJhS|J<=Cb2r7b2-q<W)gT{-r06ZYnBnPaD}kF{g9k8d!%ZYe%hmG{C!e@1!58Tt-F
zW1RCuH*K{1ZF|h@v<Gvumo0}bbdK5bd&JaOdqpYu{NnLxF(<mCRzChc*amO2uG8^#
zwOMmJrm;?bueWDsr=jb%vd{F%OV~nNo3o{-wVlp7o{9WNPrL7}zC6p()7qgKtL!Ao
zPPWV5(@)vfZ*n)P*1+9H_vOsv$I!v_4>@~xGknKPuyXOphHA$)t0kVP>F>b><BB*R
zv2S-)aWI%^R9w?_KJ~OlS{aiw&Xb2lALr(<aegCWoImepoEP>3d$e)R?x$?{I46Y0
z`Eh&iIGdpf$s*+AIA^Sd?;btYVWF`~HtCahUYPwktJnT~0e<Nv&UGH;;gRT3*oNb5
zo6k_Lup08!eAmub)As(<Gt}0^v9|1!eRwT*vdH%|m^KcbYWw$2r!9xZj@*4EyksFf
z<qCMqSK%?2vsbd90iI*|J<?9)Z0uixn-AgJTmvtxEN|-JX&ua^<VV$GzJ}t7gDpRy
z`ftza9ZP<uGZx=nPjKI9J9e$Te`42dhmRNYOg<^uX!*}PxVHUNqhZ@9+n$vlNqdnq
zfLXS4H8FJHpl3g6Fwa|wq0@en+Lq0Hkhc8%F6KLhHq&VH;3V?NkFeWx_LsQxV0G?a
zZJaF|*0UEh|FKcM`%4=woFz8yS!AxpPigsg>+$az_(vOg*5e<Y5au8Ch51KE`4|42
zayo<m)c1mGp5(KU&l7y46I-$HVQc3*lofw9;IHp!eaGcCXkBX#FS~|y#abjMNrK~3
zjjVsi0QFA^)z_Sfj>MZS-hizA`|pEm{J#Q!@CL<(`?+sJyaC^KA3NXS4Z^QgR=7si
ztL*Lll+}88u*h6}Gh@DqkMbk*mm5L)N}3m%!)9<~n&M9to1N`5Yi>i<i~xQYyjXm1
z%X`5!;+c~F;-h<@$t_113u9}KF=lA4m(q9rMD&Fi&dnlAItCjvwj+Ds^<~?UF9Fu9
z36Ecoocx$M{*3Z1AvrV`Urh^gsD*MZl3Rn2TePL}smP#~PlK=`&V5qPSyS=AN8j+}
z#KscZDg@>k@Tk_9rgI9D1Lw$3=|7wOymF&K`!21Ny&wEXJMZqCbx&h0w}j|!SQy>q
z4eh17qA9&}=lbl1g(p%@^wBfV%)@Q{%=3_b<}TVifBL8BG@<d1XS|=RfwuLDuuI*o
zx!LJ_`uJkNy`Q^YrSm+6FC^TatXDo1aCd$`Fu&0c9MNEYv7fT#$l35dy++eHX>QT9
z?kNqNlXIB8M}xB?f#z9h30fCCUsf?I=N?x>&M=;TJ9p#6gr;+fVqF^x;{)fEe>S9{
zobx5#BzvyYIFq8e&f%P14(IeVkN${08^BdPANl*c(4!)K{&xJeyD^n@!5u+8>q2Wn
z>p^=Z!u@Xx*+&*_vUV(59b(LA3F%m(-y-yp^TTL+M+9wGLffjp9=c`?TDo{H_DcBL
z+H=@mTa|~|#|zQ;Ci>Mp-NXD1MB}f%Xx~Zhtdnp*yY2~heC^@1ekt%eJhuIV8+!Jj
z%*0+=-|)8^7A_LqMbP>d`isWX=Ji7h(dfq4Pg&vn8peG#^OhY!>pi~5uOH1Lr}Wca
zfPIQe_^3m7wbvNgwJsw&8vGObX+!5@s`z-#rgPG<dpsWY%+0_#wZEb*ct;=}nuJCJ
zqxl}q_gKEi2F}sk4QK8G$^3^uRdQBMG+X<vAq};BN7^Gt9uBTK%qP-*PQV^pFv#{_
zCt`2PUnHA%J!_o1r4lwTGG103GkWQQ`u)4JD$)CTY-i-hJ8wqkD>~m%<l>wpK0r&>
zU}wJ>QP#1uox7+beQ7TN@9+6&jeU`v4&#~Y|9=j?Z+;lbzVMt5KNLSWj+_qvs^{SE
z0RE=Wk<%d?y88IyIq>b-=+JiDqWlOSVV8f5jjel!l2{vh7MwE(TRsjwdl+ShQzst%
zdjz)pNMgeV)#Mw#?CmMW4At$X?m_CxpK~arE5dWT^Xu&W48?F2BRkjO%au;|^D}+j
zU2n%cyYMTVXJlWBJCtfNvC%V{*-xEpHl$;}cd(~+xHIP2!*BiP{zJq9#Zb?UOuBmx
z_f&I^usp`oSva0Nl=uN+Ok;FAZD`*~devXix0GY|&!1vPE}xy<GM;#_FX7k07T$)P
z+`4?*tPX5bhwlW-V;VT^)ZGMc+YWEz-mq??qGHx=_M~^ah;3nC){6}@QTdKNu8qd<
zz&R;LhBTy1gXb)7nPrR*oYQeJ^|C1|e-L}z#Hn?=+sv9u<nuCMKLlI{;l=ho)|f`c
z&B*4~{<fR5nq!upu#SCi&L}2z=5Y>C``bF-ozC+N&Tu;W+<V_Pp3Rupx?lUoNz=Z!
zcA;r(YJMZckGQ+rEO)PyzsU_>J!+qu_r;vw<Zilk!ogl}kO7=tcyBlkc7Ox!Sm^eK
z;b1Q~@PUKb;2;$oc)>vqILHa%zzYucf`bfjuooN@fP(_s&Hx9GKIv;HH&5tnC6;6u
zI_RpHxSdnYVbwSDX|4F<tPj~&d8uN2S5w9JW(AjKHv}t^x?0UQXMJdXt?MOo0=ahA
z&I%qmyCG;McePghX;xdspJ(l<cx%?SivOI|T=D3vriyj5cC+8UyW%9?|AqhGr_BP|
zOz8?9`8V22=~~%lzO1|MbFu9nebLvDPTy6HM#J~8Au8DiD|emH>4V?@JNrhGBi}^M
z)W(dl&Wmb4DZK1Q)?TFMQgfQzcnCkuEat(*{WjM)bD=qq&yT%Rhv$nH9lCdD+usqK
zuDG4&UVv7k_%Y^2wCC70?Lq9@cY~R2<M4SfkFslW`YC%Rd{4ScC30H(e~P&f{W){A
zmo;>`X>|LD$H*UUbmvvr=T0j(__Eh=HW0mchE;!qfvsZMs@deELm#~ao^Ua|;Uaj%
zh46|Cu*v5Uzc|Q_MWBzXvE{tPjwC-6Tr-|e5+BEBDSV{K=fn8#>}UM3{ftTDw|qWf
z;}8BZx?I+Lo(LS>tMTvhiPZOvfLXJU{-fzId;4iKnhv(RpR(b4`yc85bv^;;<tR9a
zv)$0i8FTi#oH{<k*i?UwnPBnc=XJh(FnAsUzK4Q$H~9C!lZhW+?y5-|#=Vbm(z|Vb
zd>DT0oQaf=^=tp(>$)4A8~u}g<P#b>t30|J`t?BHwd|Ev&V2N$)|kp<{JUk@KVG-i
zeNW0|cYn>_MV_inw}I!~=t$enT)lP!e&IsqOlOW?1+Rh6f-^pZ#&U=oJZ$ke_$B_J
z>C{oX%g!V(AZ?^lM>+IbsMCr(Fo@YzEMGc4zgYY}nW?esP6QV9Gh1g)t~F}zBp-ye
zpP5Sh9RHnj&ZmH<CTK_R-2au^FkLxJXyf6Do^>r>@-?*o$Y^MvB)>25y7gIB99SFw
z-=1XFa9<-fFZnfD;|WRdaI0N>C*b4<oH1|XzhZ!I2=!gb9C!x%mSBhL&blQ>?w$+Y
z^TB@}^Kd@%aUOJkF8SW<^RNBgk*1ujip`fVUN+Hq=A#=u^iE{p48O18%iv3~mv@}C
zcCBKUW?J}CjIn*T`!4X-BpVc8eH?fyz)!s#omGAY{ocm!G}dRk%h=Rq@hEp=C-Y+G
zE!6nNHWt%HA#DU`L-Vfw_E1md-N2)<cH`T4i+VbvoJf1G@=U%1-Knc`dPe-jW`lUK
z;j|}vrV_o^K%Y0<$VPCgyzk@P$Wds`&pS7=PHp><rzZ8K2WWq%5dTFTJVE-h;$vl3
zq{6FYw?x`qhi=FP&-R^G(vQP);eG_I??LxS!LOIL68nq(>dDidv&q<3iOiSp#fr&%
zyJA)=`EdEvqysz8Ykc&le5>R6FW+4S`0((|jqgl2Qkf>sqpQrwP?<K$xJQ!bj&jA=
ztp3^DA;E8r%i!C|^S=GQ8y2PmOAdbY_0)03<k*mVuQpe^6MS3pm=mpWWcQYi;MVyb
zubHmBakmd&PK7zj?KAKh0u!<I7B7g2p2Jyq(3+RuOt@%SZsVdo#po`A*5u=AW1Z{)
zzi-ob0ACZiUv};uVm#voPrH9&?DKOkPJ2vd<4?KEu$?o;DeO745F6#-Z!2qh18dsB
zqwJ^GXe%6-zvaJh+01@`gUdPKW~<ugZXBnr@HPa~uOr&o6lzCvBK<ER%A7nNDzl!u
zoD!H5$twIGTW(`c(oACp^k?C;c%qq(P2atGnK?@Dgios+xz{RB@;y*>(wtqf9^V6<
zDS^=?={u53x%arljEyZRNzY1o%Pga<1?XzK-~pow$w9fD97bu}XR3WOd>J)MfkQMf
zJ%VPIJMf|ZMAD3Kxg8w+5#6uem9&#H*PV&e)~ww+n|u&F-%37+4UC;wx|&Z4jBMoe
zW^CYu`q@U!I4dW_xW*~8uUNZwSMIZ)5XT5k$;Hjx!mM}U^k&}gCQmodYqXAM1NYls
z$49F=_BnyfR@USw%K7ob)PBdX?w4!<ccNwK7ow%&vR+y?;qQ@qlTNN`)zMy%_C#x4
zuCl$a*Cu~_Bsh~;|JdS>hGyzcJ;97`c(wF;!Sz+(k)9ylD46Q;j|-;vc&;_2=azlX
z{~(_?X(L>IYA^mno~xX*7oS>igS8hw@#{BOd+{;!sWGdaeU#N&7{|Ah=dxnK)LS&p
zSv=FX|Avqshjr-e#fSH)zVguX^4;XcbQ@dTloMSW0b`>v3_dt$P=nzM%>Om*xea$s
z;WAf)|D>b+6#qz@PkoLy-Cipef0N)vZYXE7_8Y964vwB7o}zgR|1badK>2~yp8x*Y
zUFGP{-;^I3+BI0)!f_Hjru!rF*(H}hw0{CIx!Pm$3@_-4#UDNyy;wPD7O@_xhbV7I
zT&IiQY1k}zsY&bFvG)RBLcf?~)ZF(6a_b;B+KF3`d}v>m(xn_69TUqN<U3+dZqo^;
zB(00(GdGpC$p0LGk9qj7_v!GrhkiJlSm4B+Z+`Zb2UkqZZD38?`EiQJud9YPsQ-!h
z51sbm1s1>F#(JNH9h1f$M`g0nUHO;U*pS>24Xl;m(9eF(6kx&5xz$VV#YZO^-LFHJ
z`PTWwdv-Ni=Mxh-pE#%Id}8?+olX4gfiH75@l)iqKX}isdd?;mesIsOvzb%HLL3^M
zT>W)??(pQ$c|_$Mw&nLdlxZJ5p*nw#QM2ZUu7*nJN%)<?-mqk*m-nv$!#LJ?csqL;
zpZrtNeD~qGYPB|Q`I@<U!BF=4p&N%zEZOvf*$wc!ou0JZ2G+8je~dXUVUCr5%sZ;G
zdSKb)Zd99Ye8Zv<XI~+4VQxc<E77upJ7}+%_T1d%?5Uq^^)qf%)#G0BP_)A*+{{IA
zQcT03*KA$CeMt1YMXk%ZCmfmGj=kIZn5&`VblITf4~B2W78)-XVka)fM!WzU)rb9C
zj{R7U{kWLD-o5x9=JKt4e>vEU>)9`FWlto($j(#h`0lP}?iH)u!C3gfcbCoTz~)h0
zcL#SMw2m;2NVhx*Tt0MFE^&%uJJEY-OL}Z#<4vqZe2wHjPwXs0->qyEeUX;|`bs>-
z*FX*l=#&_D<nJ7weU<f@!3RE*us3FGMkREuJaFVuA5}1_s#E)%6Y-VDj*6|WpXl3i
z`PIbUry6BG=vcXq6lY%Vf)}8_Z$RgC;5ZB%;>q;;ay#%YW&W*q{C-q>)?2YP58Jt6
zDtXsN*^bFNryJYp11`-=afZ<#{qP`nIIHjQemTFgpn~<1W`G;?+KJdXYX2|vD?PRq
z9Yg&Vg!TKaP`~WKTKQi}c&C0e58Ce#o)r_H!umu%=~jF1wj3QV<H#iK4SWLJ$c6;j
z^NIoS@DVP>$E^G}p}sDrFUch{^iFNRMB7>$)mI^ZVg`z7vd@+za_&L7)@FnIO6@@o
z?wUCkJwf@MHh{CA;5U~)=m0rltat<HKJW6j{n}rC+!edC6rS-O&la;5mXOD5GCW1G
z7<uSsHzNCc{X@e-{-L<e63#(%eq=oRc%%G7ah+c!w^4AWtKl{DzN}a6_0lqgSk|yS
zfG%_a#kz{`$o6^|KE7MJ2Yh@run6AA*voFA&m{DXFNNAcPqlnZ%56OnnsnN5lb7lz
z8;piJm*zx#OLrNJZM+Da21_!t*pu!#-yt5QH9Dh!ykf5#4K3HW*M0IBcSV7(cI*=e
zU&5jAb%6X!#Dev}s66iuj4`Yq2gW1F3`6imfl+V?Mi2d_7kJi@2d_c)i+HC4>m*>^
z3aoo4<u+KcLnDmt;;A<O@IuSt4FmEI)_)}bD8#qOGvdf>o>4M!;PV~aL5yC~f9#iN
zaR{_1xQFs>>rsh~gZM2yO8m8T61<W#=hAcDy3$;IJNpuU;(H+a)xGnM&maLBu7!rN
z-50zjT7WJll1FTFh%WZPYaX`fIH55UI+ots9!AI21JN<|#PQPc!Vn!NLC4>5=5}aO
zzjQnfI2>BI%PAj)7DV%+g@>Wn0CW*<CvVU?hXyJ`^!gRrbm(=u=yjLT;O6^d=+(i^
z9_Z1*%`*7BaFYqmCWOKB)dAoU43V^H%_H;IBmaS`_J5f+OQ5NNX)~d55p-tn_l{}&
zI=@AOSMx2}wALH6xzM7`#KugXYtL*t-viO6vtRkI##`GsS71P2UzE50KGaS$zU9zr
zG~Rkpc>5pXtv?(9#=0o<8_8Q=0M`F)-ukma$D&_iJQmu#^=ZBx-nx<B;k*^S-J<L7
z@Lat0+k6||(EizS<K-iFo5a1M>tW9rC)@VSWiNA<i}+dP)03?gTrS^I-@81I*RGrj
zF8|qf<@nFh=6|<cc_+TzaNE)svMtABTOLBr+=XuB*p-Rcl^NKTTV3Q+MZa2sU8&z2
zkWrb~fj_@${JKxW?8<$_UKV0^;Wyb-&pUU8&$>IP5ZlrEPaQY!Qt+$dFJ0ir7m>!<
z(}y<9ZWxO#`Dbj&s*GMcD7`Fs-3n|;>BJk5mmS!v_={^guve?FC$;zJLU)+3w4z?N
zr1Dg#%{*+|brX&5aQoJ=Gn*Jk<wSI5;&LZbz7icU_Q*ZEVv)7!z>s0tm7(*m*nqMD
zJlK}WoPSLQ_B?FMcE;$#wtNiQ6c0H(`h@Cr{n(c8P^KN*vkIDZY)c2vw}<S@O3M5Z
zJzBCbysaJBm-~3Gu^f+$`T7;yYoVBK*2}-DjamB2|2sD3z2GvMjrl5ZQ2z=x=C#B+
zhTE8bW&UMXX|E-Qvnk;=<_Em{XW5wN(r>tp`P;C5-{D<&j?tHScPtz8qTl>;Y|Nj~
zSEP+OleVST@Biwt<w!HJhSB6mWUP~O#zr!w(%?Kof4<6Lwy*LL;EI$fw(gnGD1WWs
zi;P*4j#@|@E_`xRA-t`eHVUy9+bDa}Ww!43OU5)%Oq1@ebM(7#d3hh>H1K)Xv!^E>
z8i2P72HRFkY&;*BoIRBTSIl8QZZ`XIlB=dASEu72gokdyM{uk7IQgWy6+5eY;(Yi+
z6wBtuAL561bJlZu@x(b+{xSL7r-yuhe#Uev{I_s}QKNhi@+JNe{_hF-`AXoiZk~nv
z`C=`8Z2S6p^N`)MD=o&@?1dlafFto^*@NPx?W2>byGD<%PN2^Od|c6de@m(J%~xCv
zcjEKA9bC)yJDF#~$3usLYktMJD!}vgoPYlozmMg=EgGl2V6!nTV9UN%;!f(pNBvm&
z=XAFu{_T@}md{TyDt&x&>{Dqz^2lc$j<Xq2a5fg4%{0gE>;`A)A)KusZ;+d3{o(9v
z{G*2$qhwg#7+Z#EU1;A_I7^c6V9faH@ne#!6X`Qie!(7psq$fK?_*r!8Q|y6*IW%t
zz}X!Z&c-&rPCIebuY{%?AB%IJLOQ;dPWDgaE8H{8Sg;ov9fz;r^3=F>4frLt<Cn<9
zk8?MB^!^xp($MDBz$3dak1}J?L!5W*vFsb;lg`2SR>9s>GCIXoJX2gqG5U${m&G`r
z^N`C3AIb^rZCw#_Lba{aT+`*jKirPaQW)}u|C%__Li)?2jGJ>P%E7CBNNmhat*&dh
zgWC2Hf5`Y)C)0H{t_i=X;8fp_K4#RA=cuMnA4h_lbr;5x<tbfi*E9H<=W?`GSZ5mh
zTy&V~Gkp!!W?UbiR4I6p-`tD7loRr~=Tkr3MDIcOaOxJbt_rkn(S16}%~=fI((ttk
z_vBl){P4~kC|`X!`qN_{+4&|pFR@1X!tL>LrjfPF{#3WtqaVG<k1z3|`Sv+T19<-(
zo@4U{&JDsBB=;1@Dc|a`bdn!mZmuRUWp%W3<_=$S?9M&l-0>H+QP1&d%>&kO|3{=B
z?+(VdlYKt<@#^sv9FGt03Va{q7$<qzJM-8Nl)u}+e|I`_EZa(JArV?mf<~LZnzT-Q
z@fX0<&TkJnk8ZPalO%L{(Sv>XyyxNbjtiu88G-N5GVp^JFc$^*z30jAO`g?SS6pW^
zd{OlZzoh#<4EAagIu(<Bo9K-8BhR<TeAUDsJ%+ktI$NoG8ExfpUdm70tPeW<6nJ!A
z%4v_iK<+W?z3bk&^F?!aDP?Cc50WXLgm_#h&(!Y}zV%$Tmj0*l|BK4Iw`e0=-f91i
zeY%b1w;Ed<TG~Tj$1D4qXwQ*-J1({1{%pZNCi_}`7hHpbdQ&U8$tsuGJURdkNM=C`
zn;e<gWYJ@<OgsnLKNGr;Ok=O*AChSqQTDF-lWFKomP}j0*gvmKYoSi0OuLz9!u=iS
zt^>*T--6dh#>!pB$CP!)l4INOYf9!hcb<B@y?Q`q6qzPHU?ws@T&6)J1L^_cGR;52
zmTBiO)@U+qEPakWN~Vdwk88Y}I(NQl%QQz1n8>r^k!dc^(K4+#B-6An5-!K?f>-Au
zI~*C73hn6}a|yCbc5Xg)W)*vR6W~9y*gHx>evL=Y%#2CuSB8y&rX|DDC=)Kj9)`z-
z%di~L05LH-iz}P_Zse9=NkWFb%Y1(gd6jPU<7tc?d`*`2eZ9yS$)66|a^y@WGOQFC
zHjun|{(voS-Xvc5SaRh~Y?aR=S5AaR*+*I(zQ=D6tMD71OTS`2YIO>+1{GI+!-`c{
z_SJ7#u?m0Wy?CA0f#_WP?mcwro>+z86f0I?6z^2OrRW<+-K7`ar}|2$lMbEGsr|Sj
z^p#Zbr1&}I19%$ULOx8(_sASOF{|o7JSL!>{k<I8FyQkZ_`LSuV&V03;q@lG-i>@w
zEb5~X?KyF)#qh2Vn7@Zt1lK&o=i`fWiKBbI{?-L1`9bX8_8zk0yIjOJa$o54?E8k!
z`Iyjx#^QFPry`HEW{Vj^2YOQb2y)U9BjY6wvXFPySjOXb!^Ye*iP*ma-5HYe+HHn0
zvz?e-<-c*{P>`5F^=rpK*s{ra=7}Sp)EvRndv~dD-o6l=6Wdk1^cz-uq2kTj>BoYF
zJ!B6s=WtK-dhi_!yd}V7-M5B*6wjKOSA0`e>0tBH@?xXxF?jfk&}oht-<gZP@^|o@
z>M~|d;eP}7Vb-P^`xaR`RD9!N)~RwlX@3XbNvDtZ0pdQb@g{QD81KzkBU63sM)&#%
zU!!7dRaUb7BHpjsxAcLX=J4tl&DiP}hod*WJ9tFyyT*tQVum-054@Oa)O<jnk~iC4
zE;u~r+ury|(<e>6WtJH~61Z-e6%&7p^*uQLCF^@={24KN?uq}d^&J=gq4hmH{*pm@
zJ|g~>BSSM!rtM4A#xi5nOE0HnshtmbehJ^!vo<{&9RFSG*<kzGK0Tv->)BBInQ3IJ
zua^$1uE%~hSkL0(Z?T@m+0Q(BHavc$^^9-zJ6z93#DCbOx+Cmoqm1n5q03rxcxMH8
z_6#$+m5a*3o5{V!7Jf%5&N1h;p7_4JZ}i0X6;aP#FLoYi=YCf1W2&Bv{w%yopN1dp
zGw_#PVEVFGG5=ey=RRuYd}W0(>H@}f5IFwIT8~C^dFR?Rmw(g1G?&Xd5zWOyYofXB
zd`muDP+Xez1bkIIQG3J{^xFxov94yy=2=F)3xM~u5WFiXw-I=o7~B28dw(!E{i5Q@
z&@Fd-17|oLs*FKD4jpRWOMPOaWUB2*I*jGLo-cy-3use${v+{Tp|~9Jr3k!x&gsQ_
zb4dSj@^3qMf3P1MrhVDQVY+`{95#y%z+n~ZHWnNf5Qi}d{D>|l^O0>LJjiDG=+xR|
z*+X^c*;BxAZG};m3T~%>%a!{ItpAE5kuNG7XR@>E;KL5iJfZh$A3Dr*=&y~s(eSW+
zdM_S|SgY{8(UEwN-PL?#DDxZJxk&H<^ZVf1O<(cIZ05J-W<FDygU*-{jaw-<n{iGp
zzA<Yz<1iV=lcuNoMaH53MZoeT<qP0V7u~yR?Nj^?QfC|U@LlS>Pa7%Ah&!R4?2`|;
zi$U*O8SB*Io2~b6LpvV;gPv>tbBa&T+DpCIh;^5GFt}h_SlQ?4TkGQl<~CCIPlVrY
z9Sywn1I^8}WFGVOJMtuHUCK6k;jQ2rm1!k5G18AE|5W6eR`L1zbemopuCnQ+owGs*
zLVW%JeBO~w;v16L1~lV^X5?F`L^h!x6DzMAGn|i)H7vQ0-bQX_`|OG4m~%#*g4>y6
z&5c7RdM8{4u!kHv5f8F*w*z0p$-OkdxI;Xs_ikUu7xw%4wjB~}jFl7ZF=}kic-BKJ
z!lBkcK6~%7gROXb=rxvgJ-N6ftGvuC^WtL=U(*?-Yk@Nz+MRo;jVs}4FS1#9DkgVM
zA@X0i>BUJxV=Xw5Eo;eTa3Z<v;3PK;C*l{_x>iiKz9s*J8)E?6Y@g7J8<X+KZV$I9
z9Nf@%<_y|YjNHn&!2C}3m{xMnc`f5BvS2V0q`PDwFS&apdoOab=RG)|T%3_5+*}AA
zwt@%U`&EqJQSx7Lu)m<)n+L-G*k1hm=Y{A@cw>xv<`DZ5MrZ4xGbhGd_ot_V&!&m!
zxFK5G1Fb0+L&tvut>usE#pgh@Hl4AGb~KODiKKf#zYDw<*|uFawy{I&qGhem={)Oi
z4OR}f@l$o)7hi+FMV}LF|I9U5<vu>V{GBmI!%ORhHeNou<Y>J7ooD^wrDc$fm+iS<
z94}Xq!{(ojm+ispd-S7$=%v0Nywrv8vM~x?>IcA!`|$OaZjPQ{>E>UAXJ0q`pN|*M
z!Q;crqJHpF7{bd9QSh=zc$qWsU8I)%vfsv0$IM<FeZpFm{qji|ziGo)DY-TVUh^RS
zD2LCadW`Ay_^y?A^B{aX3;sF2E--&B-)jHvx2`9|hg_WaJd?2BbwAuh+A1zNkd=lH
zy#c?2Kh9n4KF7DkFvrJAKQ>M@#+bBm660onW`@7yj;xf8$ZPb#lwTTUb^87Un+p9z
z?P*V4dDl9YeQ#|Ec{-&xwWC+;bj4Md6RWM*!3&E0S#j{?TIzX`72A2o-u%nje{%zS
z2YUqxf_b>HFOPO}sE0nxeSy9Q@?$)l$?$Y`kV{`>#Lu=ObDH60%5P&m17~{HL|+EH
z*pboL_SV@U@wO+dJXp58pB~muMTB1G$aK%&dg((l(Du6yeDC7x%zHH6@}~=I-ty;*
zkLE3}^K77)D@*@rv+1NEV_-UIM*r-g6a147otSR!hrvG8J{S0U<p8vjRA<x3l`q&d
zvKksW$R|jQ^d5Xv#U%%OXe6zNMw0r_$U}_Rrjc((r4iW<YHuPm!Z{}B&)vEGJ8Phm
zaXoa>Y0=5psC3eC6rGI2_c6B9K;Lnj<EqC&L%Wdcj-GZb8kihL17{rv4RpNPO9MsF
zqitLE9}_Cv)^ew;&fC`x@$Hx1F@`fY4$bCrM&WP3TLoROpnvY<*eRXu<SO5x_A!-f
z6U>Bao#Q;WA3C}?L`QR@(9yX(i?(;-=#ruh(PjcX<ThyI4s?|k;=YTGzylq@gZs6{
zTCt(3!v5!hXY$C*Y>9;@5$|K43)sHSeI$367x;}&zV+kNfmOPrmwmO}<hWIwyazmp
z)+(9vjMhxcPZo#$vKaei)sfk|R^E8RWh)2Y^T18mvnxkk)cE4<Ctdd9@NYd(ieC5P
z_<4<`iM|Ie#Ey9iI(Z*^{DR`eS?}RnxB!36d-xOPVc#7bO|Am`2$S)hOi2Vjcup;}
z@jU0t%lWQg&8CT;0jJ|*I&eiU`_sR!m!C=S$u?HmCgyfUNokfJ9+krXB6tg9u+9=z
zmH4yf0rP1~2VM5U8}?YZBQNX1!6%%x*X4Wm@sgQYtMYHm>U5PqyRjrAtC2IA8~Lam
z>04=x&CS?W!2>szOwMW_;(J!GH<qMjZKbaG%B#%X?bn#ZtJ`sDe}D%1(>L;(ZC;Qc
z-^&aBQCny^>*1fRZ{+`?cg+l>Z>(g@(Rk&f^K4#OgPt0xpRVLte|V{U&c;iX=ZoWI
z#E5@BUaEe4e0VtzyoCFWo%P!WjS63Jtlv0%JhF9KkafkZp`6V|*?aIB@t;`E%XlbT
zN`8e4I9qTd@1JZoE`1SOYWFGRxMN+c${e<CQ?v21d?(nA`{dhD8_n?P+sv+?*lQ-2
zGuGRzwG#PXWo46b#?XqRluS2+LuZOVzCz9+?EIbj{RX)M<bPO?Z6|&a?#I^q|3g`Q
z%P;U-%0`yK|BFAs1dgNq&_yBJSn@6qpWD?6P8Qvt+qHr3Ao`QZ*-5P}#lXakw(VQR
zr3di4FXGdN&QLrG-~S+ES|RZ3{3iLfr{N1)K>aPUMcc?Bt23NBU-2Wm>^|uo_^!7g
z%SxpSX?&I~Y}vKFd#aA_I+_nL?J=8H<*%l_=>|CgoO%9;dAy7^^ABEc>&+p3P<Kyw
zLjLRu=E?F2F#qz4&1KBuWy<X#eeXSZq2|`|hf(%4_|;Z)Hy`8Nx(XePXIqbO_d4^=
zK7Eg$LpGv(35Dz_IXcwoq4!hyRv*&Y<j;D+FgB~d;e4h-W4mcT7u>9(-^KWF8|Xtm
zb8^Ehm}<sV%df7uP~{yt9lv*w|I3&|`N-w-KHVHq{X3pNZpQ6A&5W=9d!jGv$wWhb
z&SxG2ZsA$|)%N(Srr@s{cC^2Wvohg)!|@YWt?6BV&6XcR`zn3?#I>fmZxLe<Oghtl
z|2ua*aC(JN^CAATeZb}&QoeCwyl-Rc;GB(nhA(?!q|4l=y@FcC;zPFAdY0}N{p_Rs
z{rLBvVjO3fqpGL5;&&P)Hy$>=V;r6~(RgNks7_H=aKQ`kdX;P9`+V`YDEl1sHGSy?
zdDVwrCIM?phfOaX(2HVLl)uNJDU-R-eoYI0Bl)5|q8r8-C;t)jAehUcheE#PN6G=m
z@}2I*FD)Od^eg9EelgW`{Dj)ak#D$_e#8Cpo|R$v2B%u*k@$}5XS``E`i{2{-<LBM
zt&col$p2ga>!XcvXni!uPsVunvc5#SmR~qT|Fw*_m2%EH(RfosW7Sx+77C%)I;~Cl
zzuDJG551ROq56LZmc@zHYYX7H`QTXed7&A<b0ai7l{x)AwEh8WFG!#2>-6F&S^oik
z-?MzYBRWm`d=J_eO;6&z{A&)4Yd=ajcm9hmbEqGU=G*$A`Hu2q&p{)0>_GO1;sQUy
z?}%)%Y|6Z)_T0#xPdPlI?03MO;`No4!Z%Wk+_Jswh3S9O$$a~KWpx>R2Yh8kGdY`c
zmNEU`GmOn|nMOj&VYBQ7bW-;q<I)sx>Ca^ExH8k?c`FQK<m4s(JLh`hs(oh4YsKF`
zdajE@zP;wNj0Gk51y`JfEJP+YeC7D|_BPM4_x3vG*nDb3zT%_e8xdH*mQ(gS;>A)1
zF^*)u-M+Fy@=>RZ^p&MfBc5xU4UhCLtu^@u*|)axAXZF<e*%whvMr-~{j7<Nr{dpX
ze<>lwaFqpwA7fCN_f&nm%ZjEF`}b7;?KY>`?FQ10ZWlbRCSOT{F+pw3E^A8B_a$Y`
zz~aDVo}nBDV;Y-~m361vvT_mMl9h>;tkj*WV;X%U?bx4-X|E|vR(>Cy$dQ%O_a!R}
zPeWG57+a=GR>nwHCR(!c&vw~;&5W&`T-;kjvhr+e>?6yJB*Et`YyJ}N$+;pMx2mL<
zR*Uj%exZ1}{?0koe;OQ@{y_h9VNSB?V#h?AF4E5&c>nG8Y4-lx2IiMNqn#Hbv*Zua
z-VA$i`&z-@lgPQq{Wtg85DcON=pi`A_7(TwojECj9-5PFAF=c{(S+k8hR3Y_KlIb`
zVE=R92EIg7bxB9h{nMO*kq(qN&dA(CJ5IkJ!<(Avd-DWi=I!(;{#%NUW$Rnyn|(dF
zhRt^S{#oJwnlSv&IyU}eyUAM}n!ARt_tvdA``C52hSlAERd3z(S;wxsnR$2m?O51b
zw;BH7jIBSK$vWIy*K<X0-L~n+u6zFx?j!$U|8vv~-_sl^4#1gXtqJWpeTu(ZbM%SF
z$h<^zw7UOxD)7Bn`~$yUWIOooR?njTtMSJ42S@Qf#B(&)*M`ky`X#+%GvO=8!pmR5
zi)i<C_AnAh7@7X%y)>Q1+HQ}a>56eSP3J<>4veB_o!?ZP$>SlKJb<rmr{MZ_|KpWz
zqVYB%tDUwSy#0c;A-p;J1mXKq(!-_qNG?fU@5cX!4Y0r~T_Gf|b)MSuU!k#3#)%7Y
zWQX(w?I}r5C}EB4B_2CmPiRd*HXxho_zu?-Hiz{qJ)sDnL%7b_L!Wbc=b<@O^Pt$x
z{{2Vw>ugxVbvS2^g(p9-N{6%L+?c*PoNtV+!x?->>TnN+;8o6+@7-qip?GK63gK{H
zerRZ>aM=Yf>t@bd!{k~n{fm#8*apr#IddLETT?@G4!`fSf7r%6IeqBNmF7!xC7TQX
zNY7kJcU*9QTzviX-^^U8|Mlpuk^PJ2;^|*<Nxn9<uesgMcx9XEe-ZzG!~bx4F`2hF
zLS-Bp3b5bZbWrzh*gBu?T~M9zz%JTg?kyZCZsKG7d;#7^#!wWqe>$Byg5^%$ze*k1
z6jmRhdbjdi|L+Xp#L^}BFTYV8I6Lq@Im3~^(mP`)WBrz%jXin;btCmpbov4HPcP%|
zPyg)Cwkio5$9eQAz2A9uKL5W+3==U*#QyY+L$c$Sh&{62MZ_Liu}oHM(^2t8cD>=D
zdJ!>3pAOAT0)L8gvg4Qf#yJtcG;@I1Cf>z`>h+Chvg`F9!?d0`)ciZNaDaOeq*o{w
z$%#X<^a^b7dFT~4hQ%S35{EP|6o<5JuDSXQ;E(i`$p`-SdA6_YxA{l=((oxPcsKO^
zSJB>M1HTb^|C4C%;iYed-ai@bJ@ocd-Ydo^5;oD=PeOHTqtq4ec6frb_xup$3h^mO
zRz1LPXZ<<vSMe;|FDAKQjI5iVmPCHEX~sUz%-|n08$B6eHUvIb$A+jFYR7Ae2P==<
zec;tieGfjeA25bC*A&b4aNd_Y?~Tg&kMcg(oN|WrROkISd0#ljn4TNaZkbchteby7
z^_qi|FA1+#%zN)>V|s<rx4mn54!@mly81r9TICas=|zKV_&kF3v&pxFx5?!(tBsMg
z88f9%Ul;M*8l$Ujekt`T;U^6j-Tz9}s`~v6i(lB^vFg43+?BMWD%Q89@rf1lcbvBI
zR?bB1;8~+P-q=)eX!6MLe$J*n-w0qi(sxYLoqmjO&%ac-I@A}wDS~epV>{gU`Ipq*
zaB>3!S4ZjnucTk}<o=GGFYHfW^}Y?)d|%g&DXU&tvGIxhJ5GCHf8)mY_B-$)clT**
z=|<iB8T7e60@e{Bn5uX`h4&R7Pd+1jEJJ%>UN-+^-Z$^-JJuld)=KPtQAE9No_pC(
zt2oeiEFXzxfhV8-MykJqeR0$odhc=9S^0xf_xFAOcIZ9(FY}fE(`!~*=hJ(9u)e<j
zQ^VW$zmIz1{#AoKe0}~C^W5iuAmYC};=fVRx4iM)zW<3^3vVydcN-ZSR)pM6@G74P
zccH^Ov{n<j-%EFEHl62tPPV7~tZxwmj$SZR`QSfB*2ymu87F2~W9@t2nG=_7u%0gh
zmzwLeeb@EGWH*nu^&UN6)PCK<Lds0Z*Il+-$)`;|AO0)H+!;L6{?OF0cLumSi}z{C
zb{lS^Hy>SPsNFQ4sh&P5)Gal9<Tq6OK0Y_(W(L16C@#)g37@YG#T%z%TWa4emoavb
z^Yd|h!8z;)DmQ`J(R=;h20xug-NmYVy&bFSM@Hlor)Q}TogY(O^%GuSbE0;_`KEYv
z`XFC-T3n{ZD^y;xsu0~jd_H-;mo^uG>sP{`dx<SK`4oYV!q0-!Bi{!SY#ceb_;X$_
zj)ljzJae@_R3;pcEo1C@;duNVbsap`qxXj6Q8Ba*{whNFo6MQJ@bT{?-YpU*dcO>O
zD&|&lSbBXq&-O4@#pbRgzV-s}s<wq&otsh}`QHk7p3giFgxB`LnHHZ>oqq(casA-6
zX?S0}ekTI2)!?;0R3;p+?$EPvynd6qX^c&{&F7o*hWjS5CZ|9z8GPh-lnqe;ZNA5z
zu>8T;XA6eoFWwr8s~v8}R&QiKSO3?e!$?QPS83H3Ee6O5FB*^!`SD<IhT7VI&Jjnu
z@3DU%ITjBOK?kZ)%w9b4dxAxAeYKQbg#HoFzOUk4wNJ6iboca^tN+x=F^6}acJIoy
z#KOM38y{>db0q)jE!r<WDh75qv99*{<#=LX^}da{eIHo1sz2(c6rYxLA@eIdIPg2~
zCqZL}C?9Ptxew3yLUVpUa~Ewbd0l<y+!Hb9@zisN%7o9k-#mIP9Xj7kXvdf91;@qA
zdyZ+8?SaqeUP0syXFq<$Sr0p3N)M0tbjC>W%YT%X7xpu*!r*mQyP}WNfagYRcJ_iY
zwN^!YvHtWdJr_?*VUB0xi;eXcXQeT>1zYTRXg!ym6lZv<6*o}+OZK0ji|roS#h&VU
z(59aG@Tcq`mQ*x8hyA*8)#qDf=C&1N6;K9wZk5@?{Q3;T;+eAbtk@*#s=oGvD(T<j
zpOUrMW7G&f<tNm61?_RAi=O>yS#HXNzgq;&$NNj+-S{ZzTePe?$hZZ={fn)AIl*1Z
zT{<_KhE3zZ)T%g!(7N2Jdh}tv2j;E3mpwa-c&Yc!TDdl56ziA$CpYb-@Qynv7Ra^`
zUsQZdEO5#8hsHDE*Vg!iKa1vhC*I)jG|kD)&`Kmdh<D$5KD>LPFS~fZJ%6lW_L!81
zzIU(K?dAPG`#m`6PUF2J3$CQyRPg49{tR*uqQjNF4Gs23fA#OpxaEt`-*dnlZCw?9
z&`W=ZZumJdAtq;_T<kOVo-a}!XT@9R0k0dHl5atAc7o@p8?IZ(*b^FEzU%_Vuw$%I
zGka9tp=;q;inWssZ$ML3#LnexWIovE*g*_Uf#e8to%0Z96Zl?1yxiQuP1)pbnK_qu
zyuGop)pLo(n|tKGOzWMeDSPkXzVAv7-<O#|-)dt$G*U$y8PNaSCCQ@;E;q~M(@3Y@
z_D_Q|(`mCK)>EBMoB5yKm#MPp!<(`@4)uLkd?@s8R8zJm;$2mD=v`t{c6xW;dJSFo
zWy+@`ylCypKd>C#Z57WBuy*;KshBV6GkT`q%gCSj9DIK~pS_ehgpLRAO2{WZ@sX0V
zvxL7Am#_N}a$`67gJzSbu2M0Gj92_!v50lxPUTdmk~+#Kp%|qU<dk%!?XCpk3!Acw
z$!{+lbb^CYaL{Q4GOJ74vmPhzv6ScU#d0=;=kIv}GaHyo@kH)<tC=`z?xDx%%jx5L
z^zkS9*g?B<!*R{}s-!*cX|?Wd-5cw+=kK%oGOe=Un!K;p+;%dzf}xbT-AOy8;5v?X
z;c%>EZmUW<vhta8!Tla^3%(bayJ5s|tRjZPeTp$^Yr0WZIju7Jg3z<M=7clnUd=fs
zp0Aj;B6;rBNtfkKb7z$B{sQWh^1hV!wY;A@tvY$G+8Gs_k-__U{7&b6I`7MQpFgcC
zIbH8fPlj=hG5WP+@XB6Y!^gn|6|Us!ZLZ{<PveKqpX0557@VZhMy%QZt^(@2sb9>q
z44ygt>Ulc-rj2rEICJ(|yixNV>MQnBbRZo={HT^(-^DJQA36KQk@w|@pPYAIU%hf3
z{)YOO?R6b43*Dh-;&Bcinn~TyD+}9yH{+5o!iydPzG%G2`2F$lB0Haa8oVeCzdt_B
zSE@>G&&uI!gk<1mi|5#R7IY8wqLH$n?6vl=-odlRExm5xbMSuQx`RClt=md+lB=%P
zTL<?F<iwD>%UW;6S=q>|6xx@(((^rhSC({Vkr&*e^>%1oal?KyFq6DoHB}``vT~T`
zBH+>e1-kd3D%8II>&&pqX^rloO!zwNWF2a4R1XTwl>R9hHIKV_wKles=Y0yXAgiFM
zmC)(R5S>3UZDq2~e*{Ju8R)8)7My6@+6;^puEgr`W?c2en8ck!pwrE>z14okm&2XX
z+laRaFortD&_352ihCYCTDq%=pQr6y>_*+aG4zqOKL=jL7MAzG+u6f69C%BOz|6V8
zs(8K0qmEs+gtGEUPbOaRSnaN$tn$fB9&eYO2wz)K(wVgv*u!N-fjRQl*rDG`{xM}6
zsq+lqqK{ZU8{og91My$Yx8`0s+3a;TBkT6#SZ9mR?Yqv(z>)uFN3XM%E%vkUb#^s%
zKkqtAd+v+L{GS6~v~||>)82J9(ET9tOUSpF&RWY)F*b2W%PW;7_he};Xstbp%*o*{
zr6PF$VPw>XlZ=_Q+=aD=`>!A7+>)gq6kWG4$yhf(Iq>cI$*Z^Csx#ZV?`7S+ww(Zf
zN?6geHav}@&%@UG!wx0RU<LhE(N6(=il!a?`{ABC?#7Rp=SSj<nia^4f>+J5LiEgh
z)<aI4S(ZvJg{l#P({1Hd*Sc*-rs$poM@C7HkgQ1$$(p^$8tER5$eLKzn&g6HjbuU|
zvZg;-A)fB=kw=J^`yFtt97n7_ea|Llzly#+A-%!rV+DG{iWp=m@-d^UuY7#`;C-3Z
zypw#KchHuP@53K90^9En+?Tns<h`tw2ZA$KGM4vahgr{u^ZYbmeiE1^hjs&V19IrX
z&@)Fq>UpE&Bjs)ky>n!g-aU?tD&?JcjoNbfjovx@=8*~biiRg#mYy1$kv=Le!)p%9
zNKYI)I>$^Z%|+*n53HMCb-IoF+002Le9_{g=!TVyEA~WmM&_%C|L)W#?q9O`sWUH)
zu7Hi3Q<}2py6m;?=ngwg^cUeKy(zmC-6mXjcn{r1^Qki(;kv^Vc&d1!_~ABk8jBxZ
z#~kI|YhIdiIdhBMzk+z1($ZdEc?W!C7&Pj^mln%+72l%Se7<F$HSjIpNjl#yzKi*G
zc>RU6t^V!|^_9>6&!xM7_r>5}x{fn9Tfu*IXl~r#-VN^E;64_-a|X85{9ABAfAs0-
zGVXLE&M=eX1ly${*d95{s7VDrt#R>8*?Y*Q%u3c?3O)hF!)x4HyIRBIrAPD5-gBN#
z?lb3(9O)Y;e5Eh{O#KS{bG6NjXuIcLi<SrNXK6fh^pxS${k;6M<-srJizo%YsQk0W
zhEK2!#6J};COyT2?b-sr#KyDELo~Pya+G^w&m;!O;jy<5GN#MU7SD{$vTdr3%)R1Q
zHRsQtjGlnbVEgFcvC!&D;`D1DLC=8y%BEgbf(=c4o%EC&IX|({L%cJ3!tOS+Y&~{<
zsU^da{rs**epZKc?s>$PN#}?|A0GxxmTia4?76pg?F#IT0{UnIe%SyyIuk&D2cQ9R
zqFHu~OEFf!eZ`sAEqwF3Z_l4l7nuKNY?^NLS;^WJ<O5b+KfGP{IHjO}EILuVeMy!F
ze^r*`2y&wdxYbt$-+_{@tdy15hV1Qek629#?>8X#t4i+7l8$cicK&C>+r?M6v)1Kb
z3)cr$xC1lQ*EV>M>S<jRoWeTizw|1>!u<$r8L_tSiJhQ)Wcg-#oR@MPN4AbmF+8Oc
zm*;VfB=Lr{vkc#hbUUjZ=41|VUd;IPES)+zw2l3<K<%WM<1JtIdA#?+pL%ty39$w-
zW<TQj+LFvWU&B_@zPiqteR~f3DGA&o2A(`-(#{-w8jlgfAe(Om@QZgB{HIwad%EBm
z<`jQU20U;c^IVF}TYf1vFVE%<581#sf=k)noWURuQ-a2<aflbE59*q!|9fN8ZCMu+
z$Q0ZI@eVKgWjJ1*hbGjX>`cu;!;xTSoQ03>EO?#8dmWp5J9eOh7ZduC9$bM9J~3wO
z&H`dvG-j(U+O*`v`$k#TxJTB$29H*JfbROz@0<A@IcE8P!pGc38`~MP^u{V^?~^!V
zMpjI0^*mtX4D`MjaAe_AeuBYfSuSg-Pn$EqZFrlx=n?!^nYp9FaI1cxbLpCY1FoDz
zd{5A84~=eNu8?gxzd^>a2c1s+4Cc!5Pbl^}ow-T}j+}FVL;qFA>4W)PPyO`7P#NYk
zmH+wlxr08p(`TPHJ;2FWdfL3u9!H-x8H>qS!rQE19G(Qb%}uoVC^+-dzVJPU|F?&H
zWs-ODTiAR*GwY5Xow<L$UrAfaksx0A=<L4yfBkIuzu)GiZg{<OuTjel_OmpeIsAVW
zbqC_L@=;BP*ZT3N`91a;s>D|%Stfo)^1d4KG(MnMpX9p0{B?YbXZ>Q>bqhtaT7N$P
z9(?=L9bP4R#U^~2^P(?n+%9}q0nUro;p3>B=h#fiu>sD8T7H?0_)l5?@;h2*L_gsi
z33Dpiw(!Q>SUeuy;Hh|I?JzU3dbpWX{dd;ER^>0`eF=R0_w2psTtSffKGw>1S8TP`
zY61M9in-I-4cRpE7dX$iGl#k_S~1biGxmureOc?Hg>!cP7`JuC4jt6ue|AoM`&`JW
z<bKkehvy@Rl;M$nQ0<*ne&dVz0v-V8g;Dm->aMbBK=V%=>C5sXpB8Hni)5cw>p)*=
zyvpud^Y_Hkk(b3Aan&ynEAqrr_hm0|Mo#kXcbt(^UHN!7Fn_@j#un>0xYiy`yx*U7
z5ohV{H_n*(AL!BeibqW)|A&0n_oH|19!@+qxK$nHQTXsIU-kzxecA7S*_ZwI9A9<~
zwzhbKY<l9F=5q!F|9F6XZ|RMJ`Fd~Qha7p5G3J946UKayKQdz@=ZfDSKRknTNMkmd
z@fkVf05R}WKgAesqTdnz$yxtF-`tmB`4AL~{d?NqdX8~x09c-4d?Wl*vu;8ksHR*w
zFuo0JkMsL+aJiE<hVx#zO3HhD+mo{<v!1}Em0L=9eJ;1}di-TBxf(A%dOhZao`tW+
z2I>yvFLu_V+ikB!zuP`@tMw>9jC1C8%ZJx46kn0=MQ3icR)Rfi?O;|Day_kQttG`a
zvDTz-YrO)$b>_CRr2jLwYA=p6)cDb?n6M7|kUs0Vcg@<pF*6&rclV-e9P5ugGv;xH
zwf?kc*1P^XSbwq~b9t{gN_*|;{H?vOshBF|tJMEG`e~=U&g1@H_TD`{%Iezxf1VjG
zGYR)xNCJ`oRwlta*9bNf&>BEdA>LaPpgj#2+alhgViIEOK!9@sR9ezXfYW0p0#;2d
zIjtpNF9ECysI~UO1Z+D=w90*g$b8?Q=b1@{7;JlbUa#Nz<M+qB=6UwBFKh3;_F8MN
zwf5RN&mtcg+4FA>+h@8Y4`~c`M$X3WjGT>?Ja{1;Ukz(_Ik=>_u+k0ou+GS?*pLMM
z_#16>w=P|`{A>2At&DAV>oSnrxh{o6qq^YGrIc%m<Z*#-QJU_Fq{ZS;3T6LUncj8t
zzorv;=mP!9$m#6Y=kb~784&436l+lYM117o_vYO>xku@Np{0k9g`7hyJw}OSBXs<d
zWz&WlgNDFQlr|ThQ1BA89hsouBi26uKJG|NMo%w%@01k>4MNW{PV`<nxwBqk>0-x!
z$I3IlLuZF<K2~|;52<{|$XDnv#x)Hy2Bm*!EDl05nz&QaGqP!eJL3TMiRNRhfmY#j
zUIk}Pj&c@~Z!UA_iXPwho{>C|*PA`@*NnwA@QQl3F+uAn9oRP`PpZ$?(APBjI)wU$
zP~RzJY34i8g=`|8FCMBm3(<1oojzn(_j2T9+RGfdXG5l$w&G&ilU^qYTKKlruW=py
zDnw4Uc~p|sub<H``Z{js-;BkggEi{k3)niPKcKDof|0d-82g{bGl}v1Or4*E&#UuU
z)yci}e(DnJIgFPJTI^@M1Y?dlq;(f#u#a_C)62Zo+D9OVr_YxzXnC6aXw~<BRxbMP
z$=;UzF)AC~<~^Sl-wj;8(VwNo!7Mw?!`h0<Mqi@rKf8{6*ZgaI`#*(a-SF*z=O153
z+3@ANOrtKk2Sz@#^bXhjW$cw&Q$zkd*0OnuW{U4?-+YK?TX&w?wpr(qkflZt8@t{#
zCg}X-a^`&ncg6mVIr)G+#?|C!kIB9@wQXuY@PucTvG;OC6EjzVkKnmt-t9dX9x!9!
z{0=|KXgS#_ms4jZ_O2X1`)l^k-&DQG7piwI@A@v=W5KuiZrL5lThIQ>vP)7HIbZLx
zNnSzO{+yxw2w1|DAIZLQH2xNfxrqExSqvWQtW7+5O8D+zPcefS0N(`Gu+}8-3;@=}
z3%@yWK-|Cz!;$_@Y<-)7=Vq&ZZ*~}Xhx48rZ4;Q)<}%<=o{xb!ojX<q*GKG4!oawR
z^<$L>X1x#RJ;m9#!bN`MSM*@S2j}NP&!5TvRn#3#$M$J`lMGtl(-{BI1-_}iAhPOr
z@pZV5JgPHVR`NjXd$jG*<VlXy7tNbRn&e)!ADb3JW|BOsHXbyM@d&($(RyNGbs<Ad
zCZF;?2%Y0T&aBqn#suv}TRtFe7V#v1*2@?_0@=BgInKrZVMh)=oW10OmAKEtJf&+q
z+pu9TD6)Jg44#!H{lM+e2i3K_HJm@5I@VK%&W3EF9^FOvBkHPV4XCaxU{QSqloifZ
zP+y5~hUXOv7ECN?XKt9w{`BQ%@B!5$cvR0?>VaOK2h$YhGzwEQb9gndc$ojI_z$w5
z)_PK0cJ1Tc)ES$$nY88bm5mD~PJF~+aNZL>7tvoKt7LuNK0$P8IDuKC{)F<ExCHoI
zZksl^pj}b9pvYyX#nLkr$d*smjnIcn@s(s=EgOz_fpk2XjL}Bud@1}Z9$&x`_FLK~
z>HKaXaF={)>%bNe+gD{&UUsb(aAB`u)Pq}Ayo<i3H(UNAtc`qZY?WE;!8retU%*-I
zBmDP4HtcK0SM)R873pTbw#`@Fct&Sa3pg9?faf6JACSMS>eIPbm65-z(iPLNFYBcr
z=U$0dUoqcw?|Tm0-9FB71HW~STm4fx?Wfc6`I^qS2oE)WH*(&(FXyfQ2F%Y>KG3s-
zbJpH%)ttB9%z5kAfgzVZt9&CkQ4l$A{So<Z<h=ELwA;_@U-6OIXJ6y|g=ZVTZJZ^B
zs&(F4WwfRP;DPeJ!+&=&WM2P&O@BH>IN1%4X#8Z}0MYj-|9bk1=i^G%7qMSQ^2Fkb
zE0PwAD^F2&8spdk?u$prw{*sQ)(yB2h~Pps|DyYn&xbQ+(qHGrjJ3+ezIQhkHGTfI
zv3Qq0bvG7;r_UdY*<HrsPRiv)^2Cls%_+NF>{wh!S?QZK9&Xl+h3AoT?XhEljhL~p
z&$Y|8q4hF7X$5Duxfco?*8a-IX=1Q4c9yRr<7x6On%*7G>RgZ3Q6KPiFaLe#UvBv^
z-e>k>f5rWy(6LqQwf`nRL+X>B`ojz0o~!r2wtsp20^=R{sB^qsjFZk38D{!B$WK}6
zrr9Rj@?q$n8@)hgPxNx8WAQE<e~wD;ZPLd8c2VJO0Qo}y@(J;gC&M7#b7cLx9v?7U
z_uS4W-H4>=47g~7>+wOv!5MlrbC<0<*xmYF*Jn&-4<p-pzO>hvOc&o0jWM1+Ms{hm
zypgfE+$!H^w#z-_{PHS8d8-U%3p?QGHQUuQts}4XoqXQNcX-d(D6Dy^`<A3ZZtS(l
z(F+@aU43gJJ+^NJeV~tg3x2wO7JVqL8C*Kc6VvAZ<^D34&<SsLlQD5ZCS#DnzQdZ!
zbo<}!9x`Y;>G6Gs4qC*&Yv4tL(swx*D~{DF-nW?>?=C6h-RVoKFjwIZ>|Fc-&v|A=
zT1$HAtgXlk*frO}Bii!N1-Pjnf6K)cjG=ruv(PcQdswk%_K$}DECk0&A~+_##@e*#
zx?;}>F4Y-@F%x_RAKM~0W%(4(FtE)r7cP84gY-%AgJ^<L)G|@!GmKIzUmX1^0M;_{
zN-w28YVF6-&jR`rO<zE|C4bTHf?f2Dey>n|`n{Fd**DU+68Ohd_ORH+6H0m-i?`7?
z=}TmXMt<FYnS3{aLubTar+<gkKgL37e7E|ia-&IGgud-VjoTMqOY@noxJzm4GV{`k
zzD4&<?EAH}F+s&PB~OWY>B1XXf0<@hMJD}=uDy=_M*7+HtVL6J<1Ck>`hMaHEY!FW
zzvIC5^jmk!%BNAjj5X$yoHKDP)H+9At<$^DVKj^ZmTSlxy<bIgR{3{UWA80J@U=1a
zIWt!e&Rk&=lZ>u>uV00nlh|0C-qW}$p!H;U^?bkf`1~*4h1?+h&&#KtI9R&ip&d0>
zv!`D$euwm5C5|M^W+WYx^0@dfee}T{8_Dy8@;y4PBOiKze0_US?WqlLtQvZ%HbhtT
zZ82s3gP-Ea#<saob#-Y|XU)2vEeTKUvH$Eh<GI7C4}PJ2@eA#TUub`PqX%$Kq(`Oh
zr#Q{{iI)ezI?sx6S>sF#rGTg5u)`lt2M<$-7c|+9i}nd|)9&G3X_w)w43s<kLB2OR
z;8mrPEe9MmxWl3PoZ<f?`P1k>y0rEh?#*$tw{JOQ_=DVIewNtyr--fZU~KLteGlbF
zn`v#taL#Y!jK6E)qZ56J6DR1K3;eX^LF3{!u2TGpX37h99Nba!AUZi~{=R~J78xp)
zHi_$SG~vmO8!(n7{uWpyV>bX#Bd|09i(oi01ikmNdqc~)R}opbqIs=-wtWZre57&z
zR)vqd7G*!kaVE4iavsn3Sn&?z=f&<@lLp11=be&z%cF77*^4WuKbi|}h?WLt*t9fQ
zWn@1H?wz8Y-;OBptG;w}m{XDGgXy*{K|aoBi8-*xF?3%h_hGd%whOp}a_rK$D(=C6
zzYl5ijAT5_q1IjYF4E)LOAd<1XL2`pD|d6(ayNH6azON+ph?{CQ^gq_>8NUkW4Gu%
z#Jb;S0{xPHDg9HM&jr^S+2erkUGU1{S4qa0^jz=aS6KsbO9#!K4sUBEPaJ$L?)pAs
zTGvOOFY7g?mA<uXG_t=-`6kN4E3A9B*Ew8Ok2zgc>my_SW!ePC+kK4rA;-`*#y@}0
zYQ}u^uu$W&#>u72N+)xcxqYKE*;+HF4six*i^Km3IHfp?!jmYzRkN-Gl>H)gDo*Dn
za3z_&0r4vaN6SR>s$BBXaGi8%A5SvZeVaV#X2xR4{c%hC%$^S4?dY5OL*H8H(>n6G
zmfE~l<I_U=ZS?WqNsrRrO)<20D|^yg^bPvk2U@!^LTjTuMl|^Y=gKtE<LU63t-;=%
zv^U5(*$dF#4~apv%}lE}kM`md@)_DoT6eVfCMUFaVfVE6Zf917*3+gxhx11O`{{df
z{TcipKRCtjb0q9@%`uK{Vw?i3$s>$i5d3s=Cq)bM<mN7xJ^Zr<th)?O@a?TQqkax}
zRpQ_d5A=iSpE{2E7$eD8LFf@Ssl+H=yO!>)iu?4sgL&|fc(->=y4!oK4|e;NW(9i7
zKKpbpn(L<cs)f7F%IUmI#?}2vCO-#1C%;8y=KlML_4edV-Wz|+Z;|P&TyoQ)8z17i
z^vS?X^E=Hm=YHq#%vZm2WTwtDOlKcB2ilRrH!r_Je#VZY_nOAPJrhTNa!s>>K69^^
z%euQD2VT5KxJLgE(*Hu%Qh+{deALGba5zbQ<GaC{p2PoK&hgihw}^k~^Ou0{$}1ZF
zHf6<wG*%CQuhM;}d~A9h`&sQd;cHgDI`%;)p&L7?Lvleicwb8Wx_eA`AD}MLPT3_+
zK+7iZt;TtGNHl!U_<5c2ku{GNPq+n|e>1dyCOqIKc)^YSv)`QIhc{Suq`(%V@~Lag
zb*i(kWkbw(>rU#_ep_iKKkH01?H0mYo5}wl6F5&w-S<!~cCRHp!3fGKKeCB+ZgKb*
z=2>^qj2JQRPL&zQcj?~sJd$ViV;c2Dbq&M!Wm-DJZ;+-w6<r2j%7qsgojM16nm#s)
z9agLzbC0vZlHtkwtEt6zHX7;J8y)*Y1wH9=FZ$jae&>SUIVw*$dmt}3t-A=*A2<9S
z#ymL5Xb3-M6uZpoS;3MX{_rP8_FU|g%@q#6k;-@AP&_^L`|uH?a{NI9-MqJ5w)0ZP
z<9lxz>)s*HL!>oL@izFdmkDnD@^Xr;zU$dPt~f>dmyFcw9=#NP(KN!W-1EdP&a8#T
zyI5n2qqBKfmbI@IP1PFGSi#R0KZnc#3|a5O7Xs)-dy<Y{LY;W`eA@L4H!Cxjo?q9L
zp>|#3f6bK9ybQl6>q^0LIL-bqrT?#@Gk>2ve}-N@4?k7@_vug3u&i5@H*+9k@T@%+
zKk70T#}Ax87Pm1LYh%U&J@2@&*bPt4Hm$MzF5e`tHBYt2@`%d!^0q(79c&uQ>nUGO
zo(D;*VJwN++A)^Fv7KW%ZS?tLS;JWRyNu<O!C4j_MaS|m^+v}M{L7LJQ#|5D(lwTX
zYd-CEH<pJJ?Ye9^GP(8*%Iq3skKwWbonv{Vm&P)Qu}rM}vNe`TwUy+x*Wvl`mcdc`
zjv&^|ZRAn=Ma-qiTzUuCb4RS2$}9Oco_W%ksr~KQ<~sZ#ESuG?ID2jF?ya?zRC_OZ
zGmMP46yHNOO|7%w#>Q;?+{Xvv(Z%uoWzMt=;u~`EIME$@Ehg1^`KJAZ_73itbm<bL
zgR}D`*A5|{=z`ugcO}eSqhZu*O_Z=E4CtKJbUtwIXRY)nfAkwVzPi^)iz7{WW{@Wd
z{u7S5-`p^~?HSO(Bgps7@rJ+IX;eB`3&`xmc+r_U{@>9(t)2IspI08AhQC+-<lE<$
z&oCOV^$=sv<pO@A^xB-WhCj!E*PS)}>4`?Wm+wYt+2lOs;k^LbQ9#}zV0ESNPn)ix
z+)2TAcLuytdfWhVuiIc<J8RQd8KENTE1`_&s*7(b=TrHM`B!-lvJmy!d%pi$@Px~I
zvX2-5?-&RV83bKTfUYJ&SChDtzGtOq>gkBDxz0-Eu|Fr~!nkQ(Y$nLe+It_q$MnNn
z$9|c<E+6DY?sHpbisvyNKlra)zut+fkl!*DS_ZvuA#P905wkM8%&biL_}N+T$2G!D
z7xVuE)<U$7LToRk#OaZ&z@B7VXo>DxG`EGO8Vyd)?FOmiFm=9Pt~-Q9=aOpYza3tG
z1|FLRuBK6E9&02I|Kxx(t#%$bsdHRUqkp@ddha3M5b(BWBy(mS4`I8hFCyKA{1CuS
zY{&E%QahA#vgLbOXR~-#UAIK)dWSnI6+b0R3?eUdZo0mYAqE=H$>6}3to+HfFNeuD
zntY?}d|uLnuTIVO5Mv{NzJK?BamVz=-Pw6&XngYwc*bmG0nV@IzjXe6Yl<NxxPm#m
zvwf$+<C}BHdxM>K+6D5~0=xL(VPwKQ^jf8tc-yCN=jU<8F33+~r+Yw_!`DBU;B8;T
z`1p1+Pgh*;50~`x2cPZj*H}xQS}+B@H~nk-smuSt%|`nNOE{Od#b~%sJ{3Ko6K3Dm
zUC1^o&AuyKj6eH;>_fYa?1?;YM28Pf<gaq?+pzV8_$p8FrJ(}uFKm7G2LE2}5N&%Z
z&%ZB@Jwl1g-^x7Yt};U(+)O-zo<{qJTf7Z74Ky0?A*#C+JX3pWYfhvs(Xp=ei_d1!
zM!N20r2kF8F^BSFn3r=eo<FYIb4Ks7lTXMg#;kcN^EK75?!VI*AB~i8aIdOM>pSND
zyJp5DTK8Z7k-8(eFdTS-S9sgs`<%Kzee5>YWIk(iHfwYiYxP#-yj!@tx~IiwTEI(B
zt~Yx!;{+`lr@ne}jqG55uVnh{^j${wNA%~_Z-m$H=C_MqBR@;_V+{yzbH;(UT1Whj
zfD?y%d)r4Ujj?zanXr!hFYybPOYhJJ82SQBKVa$)Z0H;w8wkDVQ5k|pXuZNKwz*i_
zu92)+_I*PKc-tr6CtfUi;@~``SsR>ZR=OqsO=a&s%HhxR+I#rWNa7CuyTu>c`!TOY
zy^LFv&BPTg@F7p}Lm~G1b=tdRB3GrF&|zYt$%YUl4%81=zh~#8Cz|Wc4lXdp)g*Jb
zDS8*;?ldsg`I9ChQ^VWPDYezk$4_C9w?W^Ozi7TOt}MaZ(8Bj=*bp<!uRmklnbFUf
zc;)5s#wEi_(2x1RH}qP!x=eG0XjYJZ<e*Pv-19xIJsVu#c2~6m=k(&DP!{LKrvqoJ
z_U-tYOMj0Zaeor!W(@Q;l$hqiQv4Z|XD@4RhP8goHui1AhId<QWs!T&2AsvKO0bVK
zvhNTdkCv_GoS0QV^A}roq3K?s{HjN^>W}-v>tRl{8N>_oy-Gi45z7Xd-*>H1=P9@E
zi*39W_`xIJtwx<qZ+mPDj4ZuYaY}|UW}i_0EV>=vJm?0`Mc*+(0p#w*oKa{QIo;pN
z`tT6@ATx2@0e52EF?Zry{7xKmFWpm>`RSJqPA{Gx+SdoX+!SBs#xCm0bXRHa(ET(F
zxyke=k(Mx!xxB-g%NK%oz)#U*9zU4p5A$s8VbP_e<7YXQag^Ng5qKHod%|#Fx*;YH
zW9_2v?1zt@{;k)4MmWJ*$e6@FmT$xPZvvKg@TWJphw_iA2b${|ZtO?TW5JMjHe5H9
zxe^^dP2V;+T@@bs=Av&d`sSi<c_mF%$@DGw=tH4B)c01ayQ*qLQq?D;SckoHLroWh
zr)BU-?i?+=nEfSuWgKZOqrB~7fLZjT1)UMT3k~S>+dSOy{fNWc5QImhn<;JciCc=U
zZPqFByBMFrcetvW>9+~ZaPjN_Up6!MT1Vnn{fR9nnJ)T%qtjS-cFXnfUt-w|GV)W=
zH|31vygj(8`!~hsJjn3lIIC&R$sO)07x3!N`%-+Pk~L3CBOhz9?gVoq9T$6=2JNeN
zv)3sCUe?#ZB6PB+uYh*XGa95@5Y1(*+wTIe$Azb^tvLtHyhZY3YV8Wf`wTb~DDUNW
z^+~D-<{0fcy^W*$fJ^w=%sH0B<l9HSyPc^OXC^Tx&*u5@v1^k)Z7*Y;iOx)GsnxlB
zLkn}1$(ai2&xR8NQFw`;<+|2U)BU2`)6fH+hQ_we^EPZ?d=evL`ZKptKa=;zUWnlZ
z^woqHIKX@HS*@Gkxx#}j_g}<WDtszT*WRpc-#!rc^;eF?<^J(l>ram#6D;8VUe_zr
z_DYxMdL?hKoBwnJdGQa1|Kv#aJkS)4bsR9G*K2JChi9-(w=$nAix-A&<gSaA(1AYu
zuVP-enQ<%RcU*?vZWS=?M8{}?)1n=+vkPBDbF$n`8>aurRrMV8EG%9SiYE^ALh9KE
z?O8-U8yPd3=QhD}T~!;=DI$00FQU$k)VT?ok_|px6FUarWi#U+%M&$bkArIg=4K%C
zf^Z|hvxXGr9v=j7mN^G!Tas8?z#?3a#o4mfaQ)rzpjv44bZE8L9Qn+q5#Cp7sMEpo
z2-k>V-i(Z4J<-Exjkj>7DLPiI$e6^_%5t}tykw*dALcSLpOL-TylVLd?TwxU?=`-e
zy`{V9q}g%M?1Bi*W?c4T=U*W?L1i^2qZzyT9b-2?Q~@kSjGf16v|mZS=i<;`^W1<;
zqVfG80okZHllz3VW{o=5ZM*6ZGM=n~{ouxm49dkZR->U6@z9ERXhl4<V)W8|RSTgN
zF6R0*@OS=?`c!#_Cs%Q2dwU!-5dE#SUIOL6nr!qey|x9p&fQ55D@6~lq293(-2KDx
zaQ#NcGujv7!8H0(1Dx@F-4(^ut2wKQ@WvW=<K$!E`Zbi%-d{gY!y_F!jOEWi647Dg
zK8nvzzUc86=!=)L8iDcb<#^8kr>ym`In&ZL7(Kn)9PY+zott(~c2+N&Z2F9C+GAzV
zZrK)F*K@eq{x7He`{2|UsBa~)vqT4WQLlK1=&NY$2B-UiG*<NbtyWi+Xzg-nYzFv+
zj8W&~+30JuFX~d)HRjNYvy7SOx*I(2N;g`d8~8Zx%el&V^za+u{Bq(RhFGWSXWE;+
zC;U&~QrYfcyZ&E*O)wqa8_vH6_&njlgPBYIIXaXG9ZFzbEP;MQ!}pgsT&*T+O!Ac5
z2_7R)Ef+3>_tW^tPp*9icwE5U&0igO`<YGf;4H>keoxYSJ_$}J7TQKfLfZ)8J$1OK
z!^7S4+HV!1Ckf7GKa7sET73FD-cV2aul&++wrt7syP;i;;289DKWk;pw7$?ya8|rG
zFcn>7U!yLB>^YzMd~pXiB=1kCinhaAtMC8g3)5@KDT(jHdkmx91<z+)67PTHGv-L|
zE3=Wq<~llQ%`X^-XuagKWXk!h_Zw(eXX$of(~)jGhrT!BTkB$sJjexZ#z=QtOTNl6
z6RfibS?+_Zzl18;^Gdj1C<y(UZ;iLRwFUa6I2A=_Z2IMfeu;h$$EG8lUp{<Va}=GQ
zIg$B^!j|_*xZV}dcVHV5Prn%R7HE;XczmdcXCM7?0aLU+oin1n6$$i1<G!1*)|^G_
zYYK(yKLAdRt!rsQ)zc2wzUa5$>2Up@MI-2!Xr!Bdc{U|f30FLQT@^#j&T(}i53WOA
zJ`U|ofHp+oSNp(n>-dPwE*x_Mqi_s6!)I_z`8ikB0M0EGj`b&owcr&F`GFw_O%smg
z^)xWWcH%@d-PgmYH{jV1fHR^`i36agw_uZu&_2z7GrVRkFviY*4{$rWr||tST;IxG
zC{J_DINwD-vlw3w{dWD3IJ+_9OKf3leC59?JQ*%L0e)~|q45La8&QYvlmBfz8C?6~
zW9-=&>*zRp*RxMxjP^w4H`*7^`f$C@w@24bG`;BQaQ&~lnOo~SbGwcB+MhmlEBm=y
z*w@|6{%$7wyqnl--pF3lwkdeTQ|21k2D;^8jCcCu@GW?WZ~k0cmye!n)9SecqC93w
z;oLi~AfJ=5l6_;|SX+;ov5-66nX94C$E;;b?ig~O-0=kElE|xhSANO4N2x=+X=F5Q
z0=xkH3Lq!8@=Y?5a9{c53#|WC@Xq{9Tj$F-@?}1=z=liw>9^EX5Gg+yUL)D(0BM3n
za<=-Ux^IvCAOCG0cVi{ANhfiVee)%xXCVi~AqT`E2gD%<w2hhWFT!5tMiwY~bbjbJ
z@U_dg^{wg;@A&QT{#EivT)_9~d|&kFg3xrn-F{X7D%nlFtdk}E+!bn9@1m~(WRz0L
zW$^dsfUStNa(Xkm8`gBruAHO0SWiW(y`j_W%N2`3Fls+lBb#8C{Ztj@gM5$fr#kY)
z?5C>foAywf_!m!>zPOX-Cw0(#A9ZOg{!yB*K0HR5sQy`e&xGd9Vcey!S+o6oJc*S}
zqxu??wVKY_&819`@>;V`M#^=kvyq;96TTu#ne)f_>3)&3-*kZUPH?{mYoI4<p%=Oh
z>`bqk?0a3ciC^{l$2qaz_2q7&5%ylnQ*Q62iikxU4jX>Xv9;d@3@@LXy0(dZk0(L<
zo}}6v>7Q%?u0F{X=vw?i@(nT0TDs4lv7hEFZ2P(qvRS6K89L9*TxPBEh8CcslwYLq
z6aVNzCFosUFRa+GaB2GN>31y*aR8(4#w2V2<U=>mj{Kj!5Z`jm{YK<d;iLSj#hXU+
zue<xif2u{dDA&T+$59SlLUsY=a><`VIqt5=AG(Wu>Tv8|*v+I*+R46e3p$Ha@T;FV
zlJ}jYkACbeS)VRFI6dB|cbUoi;y#_Swt)KO%MfRrTT{^2*LF==)rS9O4d#WH9xTGP
z>^;tYknspH9!dR^D%AgQFXQNQv@M?4jQ;O1ddcbJarIBD2>sR`uVi!>mi?c3tEV42
zmk?V%i$0$qJqUa)z*}^?;h!&^Vq{*1GKM8j82%E{#z8ZF0{lVkO&LS!x+YQY<&iuS
z7^@`qfy%4-`vc!(FD!Hz>{|y{(2w?=z`W0bS@)7CW^+>QMZo+H@f#lMCA;Ql<LICL
z<`h4;X6f#tut?AH3+i`e7?r@-UO2+=tNsA}2oQ5G0B*d*ck%7ONTYHf&!Rz(v-i=O
zd6fSQ>_ehQh2V{s{uI)_a7N!ve)^{R3PmrdZzFYR4FvEx`g`}lO0Sn#<n`YH?l(e*
zbk<5fM&ZaB$cwCjrZlYq(~tK^J9FF4JvDX58RH_xIGCYzFt~OF?MhB_^+{kIn10>S
z6AygpCCF{Sb(%V&WtzB4MELMFFowvZb6uQo7<7hwqQgs`GD4rAd$-q3TAP>s=UVz-
z49zQMJ%pH3H~GTY*nJazaCZQIKxD(kDKCA0gX{71+1d9Lh2Zsd6W~od@juyo_4*B)
z&xPwUkgtS;&jM>H=NhdwgTGLKz7Hm^>N|Y(cQ+hnEKTwXCx1X*#&&EeHaYC=iK=fN
zG`a<zHRM&+k!Vs9>xlB&x9#Sv`=oChA>D!X3F~`4aPMi?T2HXnI<oPg0&A@=-!PrE
zo_W`TkRMn_vt~!rH)JMj%}$T3^^(Y1*Zxy$J*#7_C$t&d7w~y&-E}IQpAcE=irpm`
z<!j_T8O{%}j*6Wr`zE2snUCL;)_Uzgt@V^{*SZUuHUVAM1oRzRTfqU$`>~}5`!GJz
z``puiNQLH2Iv;zzOXrhf>3n9AC$InDiZdVCc=3pEm2W4Q|1<D|@6a#7lTF(bfTtxw
zd-nGEe0VZ}r=_=H(K-+CyU3q`9{;bZ7nrn0<kzOQhcG9ffbZSGcM0%`w&eA9eFnyT
z5g0X(El0!k_W-NvjO}kNI$QZxiI%o7#;x$Iy!#CQG`DD!y>0@0V~y1Xz>AluQ?iWK
z#u(;vFmys|MC)h=-^5RleV|7P6)w_6Lv4DL6ro3hYum|J?-*Q>ME^g1?0j4GnXg}m
zd^Z)J5t|+z2cB4(B>zSiG--&@Nt5JTc7l8xp`#n2QKDVnjpPH?_EKn<kM!5c7eHV9
z7yKZ#2K9V|XRX_r?0H1Lq@&c>Pv<{MzYOZG2G4`cJHAKlDjSuz&ZA|FlSRuIr$w|c
zTDFb)yZV_*U+uwnP<$|-F%(Ude`${4YAv;BH+P#-PV`a!3G&BjvC{23A7gzlJ(ShH
zw}`!k_7!v3S4byiu&3L}zVB7&L$#w*2jxNsmCm|!k?z7D)itp3y&z|eGJ(T0ylF$a
z%Q$LW>D#c8yFbh;*KNo#lG>!-j%`zRWA!UGkAuCZ?R(G}U)-YcUE<@K>}%E6DO+v%
zY52$BzHC=+Y=+F6bewa*S9qFb=PIKA6C!!LlbKxL^8@ge`IN~i_Jr6sSEjQUE(e}g
z=vH3e+)%KO^vTGjG2;-mpLiIDmF$Z%%|0vStDv^!TQHpYR@*6`)3*E(ZlR3!-t(BB
zOWkj6SpK8LszubX0=--u`z~~8maSzs-z#Wm6#0YrKkHi-^vJf8*yR^dzG7QqRSB|6
z0J%Z+tVTblSjsb5f4cK-8|6@H)y-tQp67SS?BC|4uYFCU{XX(9gobRJzc8eHt4LEF
z+`AiEz%zcYgMG!LLuz05{vOi0kHE4Q+2cmWXr&pyVk7OVPSy8(@uHB<VBAdmA97Ca
zb?V(t`#00}oBYD&04r}l>i-7$SJM9L^B0Azd=Z$o^1g!SztCO{_D{S0KDCE=kBx!5
z^XuXDKj#;I)kN+!k$WA;y-wub9>~2tk$aJS%O&^1tFhm?zHc5qBHSNjv_E>->py|6
zem(jf;e*ygI{aeOB}V>(z~y5N&4<5fkKqPKm>2wBxi`Juw}E?^*Aio9-*@}D_9aW6
zu-00XUM1JQ39df?F6?k5SNQs+RummZF2GhZf3Da6@Q7T0t0QIK-Ky8*Uh4kKtvk7m
zb7lA`4{r0Kr@5c<0q90Ea+20azKMQ?@*d<;!7wCg<Ax&SQ2a9LA4Cq7Z1=Uu`d2-3
zd6t~#>z7vXedM?T=a4q(DBR$kpFT;Km_?sP(<k`z(fRf05>GyHFq5-gC!s-!z;%ZI
z+u?D#bAAqch1uYtzMX)t#C|KoFXBeNxtvLDF5q(kn;ZU=Int<4<v!<R=2x=CwZP=+
zlS-JW<cc`PO!8PMKGP{?T*Zy((Ka?4M@Jz0w2}TR>bt7T7%XE9E;MImYUiB!j-kKk
z0?VFZ=fjfL4J;Y>QOCk^n7g+G%O8LxI_`t%o8*C_p|(8Wq8{<D;F*$xF2*j+a8;xt
zSBs8^t~A#@@+TX|V#mt_|D+oVfqRAE*@Jf*{zv}J^cN-=b)P==CGhro@b^0Kcq;fj
z1>S})5qr1yuQU^*<$|jVLQSjFL!vilBwH}PVfHnp_?e6LYu{AB*~=-+xyPAi?UO%)
z!_2o}z7xCP6zvDWyJV+hpXN&YfOM;GiM7(DdHAlmO{M=H;awuK2YA;+AJu;kakBV+
zFu9MbB1HLVst?=RyNW5w+{zcCjXE{QBhgvKffE(9y~;tnL2OdniD_}j>}#D5<BV)Y
zE$=sx9xb;Mye*<HD?Xii5MPSQRV_=`JVzaSDPO^Fdp}pj>t#mezc14rvVCjq^NhQ<
zHgcYEx9*Qc#-9Uy+DIE2@Fw9uxPDOjz#7iX&i}SIG!2<a{_5KAH?U?khfmSJAJKo|
zz0Top=6N*z)_qLd&9sWwbBU)yTo~Q4dl(w9kTaPJIiGSLunTvha905Lq6pmEX*b^N
zSFz5~uc9C8L2%!^<sXB4I&e>?{Pe!56>&yf#Y$+`BH%8-&L+6E=X&H4)Bjyd=1i)+
zLpX?jWv~<a#=i@=v?u#KJQJ_}|EiCMd<p(eAEp2M2tOa`kUo^Z4?oFWqVdArH2N%A
zD=KH%>CiONMN4nH0(toYvB)K7D1S;uu3x-hIPu#ayxZ$<Vofav|2~fwybUiH%z1%M
zUSRM4Z=&6YEM73UqA9`)rUGAA8kLDHSM+i)^DEi-C~(^JaxnBV*`k+PQ?WE^E;uJV
z8%}+lbCz83I`jPbc$wVhqd(o@<?G;OfAI1n@bXR8(^1xw!F|k*e!I6u?_=g}Wotd1
zg1<-CRM&ZX?eE~`kLjOq(+3T7eFi`6`=YzXqh8Eh|Gl|$<$KX#y4ngEn^W+`I~ki|
zcy12!IahONrglpY2gB3Hvv(qXr!|M~IHI%=y$P@u1FMJc4{bL5*8G`W_#N}7m<<zS
z=CG7<$$e5PT*lxE#nZ}C-OQn4Zb9Gnw~_V%Fz$pd%2y;F+OieevKk%g>(CL+<4XMY
zSMnbZozdC2#;a~S6D=p2_#CtaU$V;W(8Slkoqdiz6<hiBr(MnAkF7cEcfmQ_3GEV1
z?3}+8i?*zSCf*lITi{dkM|9E_FMShUYyO%zk0f3Mec6w0ANtb${2||e#wY(;>d~6(
z!?$$w@MSe~ESv7KAI-6R@^9h0rT1a&evxO<<*#1e>62eJ(_{HkFDFgqn|?g!Gd}r$
zPcM2p;&*=`U)vz?rQ^#df7=$GbNV_$Eh7!T<$G(EUYqBl?=il&@;{RN)!46ma$~R3
zYvo7QG{R^oBA;c;GqRr%ty+#u6J)I?G1k(h3U33*9YqfO8sm+2+4@hyceK|QJu>)K
z!#L}#XALwygwDmXN#UEx_z{C3sdgg!mpG^Fok>;<gDm9l7UXfI$CF+Hj}tFcdDY|M
zJNtR7e30^P@~Mo<2UtUKJWKvo`e>e`<%7(7I(c%*)588Iu-WTpFSS1if6;xyC+COP
z{}f-^B5c0%|4EzgP;9;r4D+@#?{z-*KpP`AUwoKW?4jMv;zuuFj~j~3_wF;2b#0sP
z5X<KKZ;Z_uY#$quOEv><lV}cgxOzqGaq(|$NIRNX6;02>PA7ZZe}Gf6#|{0!w#OD-
zLOIr&wQru~eTDNeb<1Mxv0q?qZ;aSZms@am+D?7l+D^HX0US_Yqy5|j>}kYGQa?Sw
z7<3r*==<0+rnSvMpKaT7hqPr_HazC;Ow>*{G-A(9jM#JE!k(LG*>lxz`R-{9qV?vn
zUv)E|nNFi!c5feJ;98nk#Tf64=D`Q8z7?HS9{D`vvu%pkST@Bb%F8|x?dKfERW@7U
ztoGB|-@4hKdNw6iS@j`nrLw1sj$zRy=&xI(3s0)OjB)-FeBIUue7?R}=StkPp?}%9
zhEZ0$UhfY^<epU03P;#J%!%j<l6V*0K(Slj$hhLuYx#`!Cq0NR%%Fepi@N4`uYX?_
zHmG|Wvy0Gy7LvD@Rd#Ug4VU3VjSoY3s{GCSBbyIEMjwc*J_wmTfxRX^=gyv$d4@OJ
zhYl4#k^}PJeE`_xGb&xP=-7FF=j`$JkoTS*w%>UPe&(APH^wfp3cqu`TYl%xh~GJL
z(6Ys>oQU7~P-x2F7{Bw!rrLhzDkH!1Le{$F2kCTdJBv>n_L^;H$3*<jspBwpzE2tH
zh~;;_Zx23}=z*Cd%MZfS;dh=|`%C)X4*gxro_-AVUL*f>^tXBJPhI9|%kMmobm?T|
z|7QE0r`0~8F=Jjcz@a*xHD51A>N+UDbJD}mIWJ?sRo_S3bC$rI)mZrxYKgaB9~eo#
zk#@e#qzB8VW;YSjSbEiqtMEH7i1?jPg;ve5eaT;b_I!I=hu?X4m+f~xfxP%A$w&RU
z3*?pG`Ec}H!Vwcc<kH=`yDgvjp3S_^V*YOh4{l+Pb~F0Nh%YmFJ-OcONj>r1`6%4s
z%ltTXt(_NMzlNVBlQP!o_k8dzpn2eTggH6PINqc*#=G{?|CuiE0Of>h|5tT^>ev57
z7l_}Vr3>_&U3$>h&!{g&CqGK~Kwq_1k%z1?O(o6s59s;Op<htX2Yu|&^U1cO`laX7
zoSD@B|LgMpcXfGYH?rZ&;7P1(xakgCHr$+V%Z7U*c&@eb6P`um|2Vo+Hr({-C`&eU
z@J+H|u%LU{u&bS1dGqFw7rszaeo-hW8gR(SZrZ+bR^B(Z-yh^mK+)x^W(9w<?f&2x
z$Br;(&UNnKG<^`f+D8Tt**rvNYaXQi{A8m}aPGoS;xKUjoV03eX>KE7Uk)*wWcMpV
zUm_i}8{RqtTXxAVVsgO`rXzD?$~K1FCRv~W+gmkyq?^d&S8VW1W3ggJDMn6<GYgr}
zsAvP8MU~P+^s6N%?4WJrL%-XQgS_uW#whs$dVBtFVz04{IBn1KUGZU8a#v`W`V?Pm
z8v6B1&3-dnv?&=-K2@dciQ#RtZXzwy`W`=H`BLxNztP@r_FP)={Po@)uhXvXUsk-H
zt#4j!`O;{gaTxjNW8|s<aqfNT$Bd)P=-Zob*xyG|-+*&d4i3Z~meKn78uP>x2mgaJ
z&;te;mD~6iFVlJJ=8JmF{D`(ba=R-&qMb5+hZ*zeIqdh7O1AywqTO4sysl*1)i>_m
zYCip+Gc%t4(ab4N|JTfUPd__ziq|+QA1&j_O`N-~=G=8P=dNFv*&jPc4mONNV0wW*
z7~GZGfAYW~f?KwM4{z``Tuy)YnC^Yci|6m~FLhUi%cr$XA6T(L^HIuJhE4bAW&Gzc
zFD}ND7!iZg8OtNkk_@wdd`<aRLc*>2Gw0ly32w=TYQn2yZR}CIy6T!IIPp_D0Zt3A
z415#Yc$RKh^<=zy^$!BhvdJ|wJ-6uHkU#6LU6UP+Ws{8_#<uhy+p!d^b1@^iuTf>=
z8?Oz*zwz~GFC@-^%6W3_bs_r68Sq)dXUwtYOy71-u-Dq(D0?w;BzWG8f#=sT@KpcY
zhQ~AgAA{${3&2w|`FwabeW??kDPwGS_EJ`QpSSoIuM3tmW(SG!`5<vUWp5PDM$?PJ
z;qd|Z@>=pDBTf)K*Eg+4zhGcJz5&m*^2e;(ry}2)_!f4W`%m3r!uuV_dfZ?4s?L#^
zwVp3~vlWLY>r$^D-TdNdFO+R4dI4K4`$PCu<x`I%hp?WFQls)KPlnfj`q)(Jn1cL(
zUKf5ZecL$bhVWnQ=eUTm0=@{Q$7x^V{Q&>cv&v8C2J#O7Va#}BX*`l@ze66`qjETt
zy$f2P@{34QovLGAOdX;>>z9VtH&2VH$79!{wluCPCq0_}Reu5L_wciAkLQ28lk|Lk
zYI7-Lb=Mqx&|>U(2Iq*U@;#Q8mt{uw`Ip%9c{|_jwi0Tui`2D%x}s<An<v`){C_7+
zc-eGSH?$l(P*=N;ccRC_WoUL~59%#@bCmTS;C(f98JwSWu`gHbl|X#ywdrT=y<YVe
zW4~zn7V=b=|8a6n`MsgoHRBuAiKC+RKHb9r4mR;G_+0eMm8%%FvUMx|jjh|4E?;vl
zzVH!stBmiQjh}72A4N{oIH^wE0jBRo)Tufy;k(K;N6HDWHAhx{@&zOH{7(7EpT_^+
zKkwE9ex<kr4&o1(wN2u6>5lB0*H+J}c@6%y#Axt+WA&_Hn^7G8y_sFZ7&p@g9CFqL
z(|23@q`)L^`_E{raJQqfW>m4Cvm};|t>v$d7yaM={xK6;c{};-b6HO7Tpe*t8eU#l
z>>oPmVQW4PInvq!*peQeOKjf~?;7nRcT(p&n-!xa&DsYAN9vqVa_z#B@cN>X!Zkz8
zl-dAkM}S8<2l-pQPrr4>{V({el+tG43VTnHYOwyTaY?Oh(4Jxx^2;cr-M}|#73s1y
zHai{u*!)j*lfM-CuZ(o<Ih8-id|)46JRIGO{6mGGK4f^|fPQ<j9!|mbM{I?uR%`|7
z6I{Tey^_680*1(5ard54SE|gPs3RH=0NFOnfR6^YnEvg82VbKA`!Ek}*!!*2$bQRc
zZ>N3jv6|5r&Hc4qm-e%T%xT#Od;J_9?y=e!nQWhD_%ra|`4Q(CD64U(!48^t!qO=e
zBXbON_cV&1VQh*nnSl)xpF8Y_D`NV$Z{))%vLP0x=04g7orFF2*RA!BF7{7@SIXAX
z3Leyg2RdgI9A)_D4zpp1_Iq=rzwzimp#dH75AGN2$o!&xYX2Xpd)W}XZtZJVQhryO
z-R}`;c6tV5F^`yX(O3wn>N~hIlf3fXuV#L=|8(gcT(b6`;CC3`Trb}oq*pud3KjBP
zU7i{`mnj<c`98-6^w&u_ty3SgFqm#;2e+-B)wF8s{lTf6-TW_mt_-vB+Ccx(Yr_d<
z_E_K)Za2SbR4${9K>05w>zr*Y4JvYW(wIc@&*|Gq&mCt9E&ZuMyQ1g9n>OlEeAlA|
z;q}Pd_%qvnYx)nS@3LbtARFu<A9{-kqAmQ7)i@jy3^C)=sP``8Q_7h9H|bg%s#D`6
z-luWWdbZo?q#4hv4)E?{&xQG`?9G3V$8LX=`1cVW8)WT|E$yDqzSg&UKD!w>G)Ek$
z>EN^Xor6Eli5bt2G@ePdTglUv&#oa&yi0W~kEug^_7!~IH}#9D=R><5wWWDcxmZ5?
zZPLs5b;oC)ApKE(;<H;Avl8a9tFMrSyV6IS>?;QN+NKfv$aD7bgFeo;sI6plP2)az
z-0~Sf2wk@iA7?kV1(%Uj5s+;bTD0)f>(=%e5MObhBYEFy?6GfPulU$32)${hhd$=q
z<(p;cq43fi|MXmA|4yC9Lrz_LyVoC28QE`Fa2DQ&9$5a<l8cE6vc}2$mtaRTc&{Ul
zS^X4a|2lL?z7f(PoeFuN$v*bjHcd;6(6q$b59z0T0hdSWJP3{n?_&LnF5>WH?7R5u
zubAu4i?tti#_#`gl?xw`9<@hU+lTKUmJ<9=v_>>I?`UCU|CbudV{HXXdS!c7t(+B1
za2AJ0_sR~w+Ox8GWUtDxec*#7zq0w@ud&Ai?{UtH2h+b~$%U;~++oRuE##l}!g5<S
z+>+u~S@F&5fD?JXPHpPvb3EK}rmZFP(0RNgnEtEmmY+)RPTUIW^B`x!AKI6l9CeGz
zM(OEH=2iTo0yz+xlSK?0_-0b=FyRioLwInZx<(wg>k>bmO#a;Cw!AdrW1B`5G8R+&
ziGJc6z&z~vQ1mmg_8k50uFtvjc`k5HJ!;n*;QZ|`*hlr=8(#lrZ~R)rN&fIpjCLPs
z8snO6kv;ZWv%wQ-)5TsX_-ms*JiAx+&XTMBJDmym1li-ix!k#5eam1Ts-3eUba_zd
zd%$xNneGI370pi*vea3|{CGh=@v=CJii|x~G>JJ|Mc&wN)vTEmd_ad7A<MTt>3U;F
z@Fk;t39?8SoUVq?wQK(9e^D80knz->|LQ-5*IW2w6fSNw&HUh~+by1{x)s;`#Pi;E
z&aLhH-MJ}iJ@}!zKYilh9;aEq=Ugs+J+3zH^xcr-Olcc>Rn>++Fi*bl69<bD%=*&P
zPaM1t80F`ASA1&4xEqWehdO-C<$Ef>ZDJ&mCog_z#hJe*`Gbt9+I;}~faV9ryzWib
zk^DJh>xg6R>Rd&*WRO2xWuWV~=b`C7WWJHkV%MMTdFz;i8Q}iN9v1EghH$O{IvI=q
z*U(Pz*;~4m0Rx=Dd5ip~w%p=}@1cih-@J<RQNS68tc*R%j;}J>;ZMQl>B4>)oNe!Q
zeQ&TH$rGHwe9pG%sr5d_{_c7+@}0BT*7|)t@_q$pMQ)DCKRQz1Ymx8BfL8wK`$*gF
zCb=^RzY~mwK42^-t|Vjp8vD6ZH-n2Mef;5t;MbPh{0Z1QywJ6WnAfIrPaF&$lb?7(
zt-)9b9|F!kewQn`B1nGphF$zy6KZqGSMNxuIQeyh7zB~=@5?{qAAIlp@ecrpXvde&
zcH&*^_`f#_9EjABC%K(EivGjagT>Bajn+-1t{w5`)380%VcQM{*s}UaM}seobKj}N
zvTVW6<vLquvz+@Z7ZevglIf1C$S~92Y2rL}CV0~l|NQ;ff~N0@^A;}v2F^ZD*ZINV
zUyX5}0K52P18qni(tayA0lIG}{w8#3j3t95QdhhGvXuvxe`D)0_lNtAP22v#G3wa6
z=W5QA^jUSFb;kB%wI958thUcb$EbfV-)e*J8}&62TAhckF1Qu>s={n=^=B-HIE!mu
zb?mRE-x|MP#hu^hmB1rCU(J%#iNU_BXZbGQc7KgCWk-$Eu|M;}RkQZoxBY(iRmP5;
zOHw8ZUsca0z8wZ<Jzr)G^v`Ygux11Cxg9d(!_*m-k;3t2d$4zIdl3HRW(~GFbK47a
z78}`Ka&;Lxrf`4qK##)Ex&Ysa&0)!$UlVN3yZqsO*nbXU&m~{rx!hL*BOR{<d-F`)
z(}q(oygd#ZEPhO_WyA4v;tW21meyFh`>i@K?eeY1=5K%PSj%%C+G82#ZOB@=de(wI
z+wPB!Vbgm?y)QC`zROn4Dq4-clQ9gBfi~0M==iPs^!#-{85nnl$NP7d4-SP(hACEE
z`%e}=;@5oVIS02@qx+NpOmt6}z@AWNDvCZd>I>21kE6WiUw+`#<>UP|)Kf?t+bc*H
zeRa7wYvCN`4^prE-E>!In0?_KWES*@>Z6T&3%A?2ceQuNg3DLWT5*}xHyi&BcH&<u
z^>*MNa&-s(VT1DhyBX@mxN%Oyy5B9fy=L@-vL}y+C$yaAtOs<Wfc|kFB|kWVI2Z%b
z+3v;n1b>m5Q4d@6AGtU`8DEMT=itx?%Dz;7dngh4?E9Q6vH8H#gY#cE>X$=5qI|&3
zxuYCxd2aa7Q24@Rm-qobcjPO@Po(7%o3_YTZ9IOO8$0-c{7@6%2Z^<#>0?d5p%wLi
zwa0TwM0VOw*;8r6iP>^5vI*y*xP#{Sac}!r3#KV+Gp#ccPaIsZM`sceI3tl8a~|sK
zngX}4%>{3q%$Wr4im>=pQxkB(r(TW16$f1KsqWzFDY)W>LhtPPJbqF<Dxvl{%5H@h
zp@Tfo5K}&SCdx{W>2LHbLjCcF{3q_Y*KeR7-9jB5^E%R=*Kjz+AAUozb&@PP{e8||
z$d9q<UD4^GwNF#VvL~0Pa1J50B1qni9q~LAqfokqp|!tNKF83C)2zdtCF77ol0$Dh
zY})@5<}L{B_r0S!lWNPzE4;0Cj)V3OuBajJ&JNn&dDdz-`E=Im<?^J^<8!eCvR*br
zr!2U>D4FKAh)k0dnnzyAD}|azU?|W#^Jcw+i}&ze4Q}bZ8eF?W@6J0z*n`=FrG(^r
z9$=rOJ;E(2%b06_8%MhEU><lHjl&Rx{<J1QPoPoJcqnRHw8=~TUdq=j`Q5}K?Br@=
zGVe_hz7u@b<~LFQ63K3!Io^<Oo)HS)gAC_PnMj;uyRXoc5VY8mNs-f3pW5+IUzCse
z`eAE<kJbF>d|nuyVbv9it!o&(OguN1CnizXgTDy<#Ns{RNE+`^92r^&pC4u8$)?D-
z>kQlx*3YkV4Ep#^q>s0SoRo{sdsBo)dVaHNmTS9BBP~4{d?q~Ud|EjTUL6b1(JwG|
zqaNv2Mydvei|IpM!6Sa1GtvD1S^1Cuc4E`$(1dl+n~lh?jid1enkPI-tj$FqR&)H0
ziPA&YI`0Tc51oh1owtdzY!O-<E*a_%x3MRuOfE4j6u0m)>Sdqsf*0D1Uwmy6vE#d|
zM}A2optAvRa}(wNlb^~LP(FC**Y=zN=TCVrbfUv}tn}L88_4X?>aO)o1+Lh7G}bq%
zo`Og{N8tO>dX_}$0dDP)1LeJ~_HW?3<P!s*2E$o;Z8PbCJMh&Yep~=v72FuXqkZ1?
zr^y?544cO%%yB%rHu8rL_0A5L_s$L$++gp~{wiCHJ!US}%Bhj}_$BupW<4}JsT+PX
zoO+1cRT=!f9bcjKx9CY6ah87T1L9*ZB0l!GrG2WHw8}Q#XAp}#2fy5!@5?VH&eDgv
z_<o@{+1XcBY{2)TF2@<)R`f$7-_twQijVzG+7%s<PKAB+fi&!A)pw^=39hpjo9jIH
zq*b}W;Zx7u?JwXgKl-wKZ`q$F&tRV(Uz#2=N}ri*6dL;r*sm9q4GYbfBY$kpaya5G
zKXH`{Je%gnzKPFQvgLmwU$R!_<q-RI^eXwcQ6}%`p^4Hrd&}+(<pNU(Ivp)XyiVwM
za_uD2U*7VdHFmOt1uJqJnux7qfD?-U&~(o9H_GP3Syr8MK6K9EFT@_z7{@#x;(MB8
zdv8bVrKZE+qv#^=)I$gNIFf9A;>)WJEcpG)$7=8U{jt3-e|YQ~^or;?Drc;D^1$e6
zFCMG7c+asJYXa8z=dr&a#(8A?&yQ1{HEqp-6&L%DO<(hiV_DPec;%XhJnHdKkB@rt
zs0Rft^FrM63hH9*WR$q7-1Jp*qCL0LrV(G<!>^S-XJKbmpX2CrR$uPjDeLUB`kUb{
zy|$J9W~Fl8pZ+R_V1e6c&uW&gJE^UZ{U_(04{SyMa+!%Qs3X4Ojj}KAc)o1tjz;s3
zlix7!4LxrT3ssvxoP6lhYyF4Ji$Xg;{i1&-dYMM%zPjw0$!{?K&+~qW^h5kFY{ric
zd@N%h`tltQ5{oLn!asVP-{MOSd){SRK8gM~2Y=&I@aVsZLw`5?y~a@xO2_|f7wbX(
zJ+hzaJ|~?q2#}Tvez?Jp`QV2Eel&oW!jEdo|F<JORL^_EVPk*I{ePP1;vVN}$5%o>
zCQWAxqA)~psFw7TtgYK<H~4#S0UtxV-K0pn$+bIySM4TuX}2oUZh-P9S*PoH7cJ1<
zU-ZQ#8x8a-j~JD;_;LlH537}jZ+XBTfcC7=yYjpho*<g*dkc8ssZWx=i83dlfjjT-
zAKF=-95RSO{}k!sU0S1uR&$2H1rF!f{G{6X_T-w;5BYa;1>jC+QmA=M<Fzdd;h~Ye
z<8$}l91^dpUR^f%xnn&-JF|NDYtWl*T2?mMf6U>3X&7?Gz37T>K$g6mdS~!I*J#+e
z#>^JaMPFy}^{)WKORNv=_m`0Nlk(d_(o@*u#{Hno*J*2B6WR*V-=B%hYw(|(*QvB)
zt$WI!VP121Z)aYEk$DX;uh)>Kc@-?Nd!ezUN97IeZLob>a>V7NS375is##-_OR{3}
zNuRURIVdD~<6_c}Z<&SehI7Zv{e!a%f6)}^@p_~E)Xl{FQ6JY5L&h<9UpD$nTZVo7
z;DSda!wyD<of;#<hSwAflni@r%{9od8=$*+;l~daEj8-BA3c6>5N)v^NR;gL67;91
zU}9g_*dDImPv5lW-2+l9Tm#Z7#@%Z8v(QUOrzAK^;geds9}u5HYxf&kyXa1zH`7BM
zYZ6+#FxOs>(w!d1mrU!iW%M9F_cK^}(=z%fJGOMD8Qthi*+Z^znJppL1@xvHN7}Z;
zXq{2n{{ZQMc@dcreZ%W|f2`B)u~+XAxiGK<TwQ|9@Nl^97o`966Z#I{t#)QxdVv~e
z;tp%CSm4U`UCw@c5ps~z(GX5>p(8@)g^VX15&AUNSQCDcp$Q@6f_Dw>Nn?K{JlIaX
zR$2yhhCQ{V)49WrMV#WqHkEGF!RITbf9Z|Q+MLQW^=cn_So#aMf$W~!ehS-PQ@`9$
z%QN2WEaadz>{!^P7Mm|TjsB6lKVEh0?{{~^_pTQ)(aL9q2rf{U;r#4bS07^!{_MZT
zOt4~Po?$$6*G3WP^W%QE;hNv1R{6nA`62J=Y1B<Jz3o-}N847rZCSbgeA<18_7!hL
zXR#(zC-#)Ow~-OP#oQM4hECw?E81EHy)D{k`w}eZ-zkqYB@$PJarh~*eT5Gy{|Cy0
zA6EHvVmnE0ce{UwuWf3T>KYEu?yfG*Jz8}Ui>tn-e71G=RldxdocTX%pxzPA&e&3l
zW0%w4jsvB!U@zJc2g>tFi515#HV%~LBN@BD##J$XK5tydFs`x(l@KRHuxm`mbd2c|
zi;kgNs`D_eL5F-&j6^>)LVo5yLHDb%Z$;kADjq``av1A3vnRX)A1Tcpdul6|o!U_B
zE4ATaeB3`ut*W7{n^;{FOk~r@7}S&}ghY>mhhEJt`T#xv-n+odLe{z+$0M=!HoX%+
zUvn|(6fu`$=57-)2D*;-G~`^J^DSe27seyoe3~<1kHedtV`eOrE?7Dsm!+$5x0ND)
zFCcc@^y|IZ&n=j*JN!788NV<CozVL+FpLETFMh9rVaPEXhHmHo=!M}K9)YJQ1|G=-
zvG5q+PZXXC?ktUkrx|!AafiwA2n`pVpUrp#r{-Zl<Ua0m_&~7Ei=Jt;_^oJ3{RnfN
zpK^uC-u4%H);ICnLUbhCdDlI)0q8=M2lz?rph3Te21WLqTS)KFO<n%)?7M9Jo^(@D
zy%guDti4_Ae(SrGTYI-rXYCWQn_M2Lr)Ej=#HPzu&Z^nA6<uG_j-6AJCW_8j`#|W{
zE5zV5l1gW-CcpNJL4Jytu2_cR^U@nP4YBpeF7%flFecLR)gT-AmgMp4ANsH$FI&35
zFnT)SSlh^%$XqF*;PIK@v17kyu@U;)p{d#7a6i9jZO!QW{lVu_{IYYjFt(ZSmb#oJ
z{u4V>{Xcf*@A&vRv*8Nx{dv~gM|}Ga*4nM$QGq$IbrX0#z%g)zY=;BEFYW8o9dQ=^
z4~*Np;mX}{Rqo;|vE89_eeO>GiC^F4|M<DwhQN%*Yd@-DoWs}v)*`QFl+IH8r|Q+_
zBd7WQpr0eO6&a{>$<3j{V~)_GWX_KN$;jSF|0D-(MHZ>1FMYqonW6i8gciQ&^nc@v
zW_J3w4ET3Ss3@x^)1TsRqpk<~_6jZTX|#WfSlIjN$4cP8$%4OYENmO@RqnmS{fw)^
zzI`B`v*0<vUbyV3$=^KZ@|T=*`#Bq3j}V?%3T_S2yb8B0f0@ME!Msa%_cZN14V~}_
zH_wG9C=Yydd@1<Xk38B#_le|v2ih2`=jcVc=t5JE&;;oMTs<XAHf87WZ=lES&3DOu
zMSqIW?#riG_P#q_Sij*BXu#k?)35!mVw4}oU;Vy2!|M+@xcez4t%x+qkd5%A4<-?-
z7h0Cq2OUc{yeY`qoCbZHL~J_UO)FaU$KmJ)fGzJ6WL0FA-|;ROUA&9OzRmmFtg%n%
zX8~tH#K)G$y|-b~{<Ny)(Ado4$3n}|FHYw9%lwO9ZH6D+MLXYvSBw5CF7@N^OP@ve
zQsG&gt-%iFgI6hTstK(sh0aC$>1JHi7ca4A2riMRd_Jd9r+SF<eO^7Ha~G3GZ4HUE
zHMEDFNBqp@Z|}k1(%^5LWe2usyU66{wF~pJ+6{af9;ZF&)4ZRi?OP)-6k&4~3`5Ne
z*WXB;zP|7P=&<->*>LYGs^h=mNmF8Y<n{2#f(Vb)oD{_H$h>ZNBz7RqefOyy`PK0H
zG{*5QaQ_2vqPuw(A5)!UnP>5_jp({H4w|>I%-ag)YFhCFp(vkZpG~|}`ySfSoYmUL
z`*_nJ&sg@&pXHHx)U9~0HjlLH_PF1JN2XQzs9QWz<)h=^>ua>1ygA-qGy-2_bYCtr
zGt~U51Kr5r+WQN^-va9%A<Ld0l}&@pr;oO~+Vn#i;AcANj4}PxIV9WH$mFgY<k}W^
zyT=TMRKBRAJoYqVeTXjvDgP4k!0gD{7hf65JX?Gv;wzWJ`*HAn9rOGEby$3fwXZx{
z`{F(Q$)o!EM)G2ttdHGu^w#&MBC>J?GAZvT*kj~_$0yf&k<$~;^KaOQtlr4_d@17J
zuohg?ct!miy6a0leUX1dfO@4*5G^{vo<@BPY>Bk}tkM3y-k*=Wzl42=ciHeQed$lV
z?SJ6Cru;73zqqZS!@qdb2>g<r@tj+^9>3G;@H?H#xs@rLTgm0z%CBnVD<L}ed&-Lj
z)kuenek^$Ql5dH>F*ofk$BlN^t=^FKzBLDWhQdGTojo2LuxJ>%x4S7@?Lf!&2J?wu
zvF=Y(*`hxcST<W9xQOm*)|_C$0Hy2ac)I|9n#9_7Da$1)iIUIz@VuJmz-;i3=L(+l
z;la!K7mP2GCO#}Zzn|x7_SCAYu;8j62)1g+>dBsCmstL7rs>^g8pgIf{PdeX+<L$3
zV{=FPN+aS|g&vdkE>#^7xMTgQYTmWsF0$5C>8wqMJK>)4hT!IG4rS*77xyKtn<JPR
zhd-p7>+a=QI@aIud=JkT^ZhRV1^==L{2QkjFN}nCh-V%k->rO4BOftStbC8e<l6#1
zNp5K(-wk{ZIGvTddA^S4jrS5WgL>+zrw+U2Tbvb46|EqB3Ob~dlsm!R3}@*2slqMn
z?=Mkyoa&j^v+~D0U(K_Ree~cDA77)jJe#&H{kbFe#kwsM{nhYq*)yVY@Y8(XxnS(X
z5p9=PbE!V)oZDXNiu%$@r&R6y?&PR1t?kQZkNF$q)85d)*G>2mJMO{P&L8*YcRI&?
z*{k-r-$?uHO%h)xUYxTF>=(zt9z^Eiu9fx^vX92V|8EiaH~;aHTZB6rTfx8KJopoU
zf6Zs%N9Ni{z6^AGU14|q`h3{U{hhFHe#M6UBHDh3eXnpKOg$DZ^L&bDjkDk>&AaLc
zva=fK41IsHaam(!9&Ma#eq1`)AU-wsgLUFDc^{?xg~l{*_xW(;zSarX;T<+yrz!tq
z;3{TJw`*U{{A7~$9M4*pm+)M}^J2dL7yrty^`?IOhG+F7PkxQyTFnPfVyo#<TywA!
z_CPs0_ZhAZn57rEiE`boy{4a?5AUvDb;3LMB^%y-lzkF79tNl7vuxS!;PnUx>%;@2
zY2rzV4){DYILecJ@C;uEPwDhCn@w5q!rI%y>;3$qb;R-`&&A#Iqw6S}20YO+mb}Ow
zNHSTCbdHi2M})?Ev<8va7L(tS*Wg2HGg{8dj}NzGxFYgcI+Kjh__UZj?9Dpz>pS#+
zLY-lZJEOXh_3ozJiDAZg(Wv|N98*?%BG)k6zV=~ky5PHrbjtsgbj9C^!lW`yId+*(
zV%m=NwYpZYlCNlroo@i^azIQS5j)`oe8$J2hf0+0@=D4;FeWIzZL}@Hd_Cz4NYk8(
zzoD}oANZ-)Ity>5shx<8FrB=jS%t%}g8<v5l!NAX)TcO@(YmjQd9GP<aAJ@;)Q5i5
zA=^?kpJ-KdT)A{`+<Vlkap@s=`xq0nexrFcUv@p{UV))&J<)zY5O0ioigN1rG4h>=
zGbWVB)T8+>Gz@gPNugH0$J%)RqIbq+JO4-ceGIIcJK;@iU%wespEVbk*>mv@Wr||H
zsje#0V&|t{m%3EmqjCQ=HZ{I=_P5jC+ejVizb8xMcw6Xayw9Yak>vknOqpiJPW#?n
zhEcC|k>?6c*coRmE+gL1*U2Ycp20r$mqWlIzI#{`*`!y;)NxA;{L^Bd)t3g^UEC$D
zj<nG+X<EZgj$kNnRQGE?pZsIU4~!js)fiZ7f-%sVK=$wWhFpB!*jwX$u{~bc%R2I@
zpSkew%VNr^kFJodWBMlTDo?d+tMEelZ0W$~ldis5zUQ<b)ql(*y{p`NFKMxI@7=ur
zJ-PSRNc}fQ^2W-&jp;`HIpEd0`ZC`o6N=8yw(=_0EpjjNOF4Uy0J@UR7jbtZ`IFiE
z?L_X_O!{fkPabk+-v+Ji%eNZjixf+~NU5DfJzB>uXYPw9xAgM|(0QmWTfRuDeS+`d
z1>+`4zHFu*je~qy7Je(dUNU6ve|GYN&C6_la06vB@THF8sm54zF&TQ}R$rjGiR5`2
zdJ{`;Rd*)oU*K1b3_dzPOt@FwgW5TV@A0gCcC>Ecyy_M$Q{RO9pE3rbWoj#$PjwHX
zUeScubsFoh@e$=>{WaS34vi@7FItci`YZ3nl$SkLHn(Wqr?71ejd>r>enflS-;+N%
zCOs?WIbx@u@G`tYbW(7<L4Fv}c*)^v>ynuKqj-*m`vf+%e0ZsClS_=)mJ&N`avLvT
zlY5zZEt?VLPXPCeyvN$-x9c7I8)ItO-)i-a{mps@#{c47b~wFjtb}hGBb#2Pgr4EO
zjyb49U+{AIZJ|T#$ymqv>XY;iirbZr&cln&;9cxichZL@%kGsD$(Pb$&rH97J@ebN
zp*}QH{$1=|WxT(O-K!~L_iDuM^*Cv=dkG)vpyQA5uDxGW?g&Evy4(MaBVVkYY=PdR
zYd=Cez0ifPk{)X(D~!n(yJx*y>GL}6JGblou}<1DE2f;*g>;Up|3;<9>~-^akM4C(
zvDekOma^9%UbW@Ruld$q_aJ-Sckt!!-0OxcU;gg;dS+<%d)>>_cFbNkQ}54r?sdPw
zJHAtk%XTVe=-}G%yi4YkysTf)_u!q;=V>JmMttV4dvrSbsjhzRW6{ZVg$)|#-~EKW
zpFzI1;&v>h4f)WIhBouP<4n>`q+=Vev-U{o=lkPN=%#LHo&WG-cHPl^$iGoX*&}w^
z+y`wrxe(fRB%$+M((z{dT#|>p-TBqaw)9{(?P*+u1Ml-MU;AiG?<3$;*3ZN1TQvvR
z@kHmI<(>-B;y;u2Bc9u4DTaLa=Uo4hb2zWvcm6q?ArEzb4yW}3=Up3tL%e1O{~BNU
zF;*Pq{LC*qY5wk6qWMX+d&$%F9L|qPi}I^yW9kt9_&s<3&AC6Oo?GmC)RuUM%86F%
zU-fSxeIvi#k+j%vKOp^k{6u4RA-DWc<2KdgUS|{iiUU0h=Yt>XK|C0<@)YMPb*|(e
z8NbIFziQT^!C7IQV{$ABua`U(jZ^&g2(LdGe~3nCSrfjaQD52=d})J!b-oyUZRN41
z*YIOetTXb6Clmmu=9slhd?xgE_^9Y?&LMme7qWhXoXxA@Y+ln7O;rh>UT?*ov;7^}
zPf=E79=_LA#RV3hiR(q5?X#@F`a{M+JV|kGG<T)!u>$m^lyc*!C&~w--)VnwGxS7b
zJ%#Toqq)!KS#x0fuqM^s$GmO&YUjK;rfS|2Yp0XX=K1!#sl3wF)>Zse@7=&O{$IrD
z!Ci3rHRO<g<_vc{u&7^7{-Zek&d1oXpYQC`h{-lCCXuHrPJcolqBwnw=V%?m=}Q=!
zUH8P)bB$e(+UgFc|3>*%e%;~pUr9g0Ph;4J|KP2kJ;Qx~bkP^&5$g>0oJj>1-JLs8
z?Q-sx@Amphs67~|i;HYK&T#LVZtE0>@lEu)hPjlz-(?85c3HZ}3$G(Pe$sHm+rAsU
zd0?bbna13HkLNqFSqLtp8+(ZlS-_31dqTvPFMC!AF>U9OK0of=4HJHoQnegh%`AR6
z<nCqEjYZ#i0{g_<#C?<<<S_YCC@<VreBNgG!8-E4CHn+zD<;Mq){#%~gYlmmjx7Uw
zP@QZ`(RK7I`df${M7lZIN?w({)%`B^jFhT2WCr5UV^85s66-;ApD;V?R(-K`Bh#K&
z_w$juMb8uAU7EkH@%N(ZbV)aJ`W4E@&S}}D_M9%uwCD6&e2>oQy*#V_Cu8Qc?7$bk
zrMdKzrvIj~-OOn>Jmo}$F8;l<of8&?*Ox|U;`bj8uNNKhVMkBL$0ESJRNbvb$*qDp
z2mWo-n8e!5NI$d|GkA_&NBOMrvfR#fbU58!M^}-ryLB{_^b~#?i(LAB5#!n&-~31W
zc#ivlqJ2z)XKF4>!GnLaZ^wW^{Z-#uc#iGcMf7dcHJyEPq}qKuL%#0%_Gi+Y`KfPl
z{Qu<^&KceD3Ovn(rxE+2+^CE_V``o0z#nry{+NFJG56q)>4G1nbEoWX&O{V-@uehY
zecLk91+UJcy6~MG_qeM{^tz7rV$Y+>SIs_;I(6*_w6Tabw$jFHw6PFh+CG$BWcH~#
z@0==rl5gTC8Ng5SWBerF#80vjKglqDl41NLqyCTq{3ILklk7Opil1Z{KgsF%N$O0i
zd?IwFRc)v(#oz3DwpDxkm!JcpeX-|Hi_^?R#SGqv51zsLtz+Myy_4-n*||Tl{V0>k
z*S$aE*BKA(JLE@M$G&48?{!`LDDNdr`;O@O*q69#EfyBpcbwtydaX@QQs>%C1IB1<
z4SmZ??EIEMoubD#kjJ$$H-s&vJ;O+U$6DWmI`g@^)Daxm`OOijV?23O&KL9TlhpIu
zt{Ko-?nJ8HwkJ}~74z-GF6BJ^JInngQcnG{+Kc&is7tw;ex2psjg;#{IRigx(T-5T
z&yeG~#(F_#@nvGivG-TJ#<vWkUi<yR5v)_{P+A>yDpuF*fu9t@7Ya!)B<B2a<zrpf
zfin-nJ7hnM-K(BNUei8Hd)1ej^V>UchP(W%J#BJiuR54~oH-(Ga2Frg_h=)EGcSWP
z@9_R|7o6EonsBBNSQPvIH@w?8+!>oDRPYOnA46+DW54y0-|83skgrisxZK=-=IbVQ
zMF->NgjOK?K1Td~<U`TG5Hg|eo=Wy&Pj{8h`ftjMMimlMwq%NtJ(%?5-s~~aD=9{l
z{QeH1OIk+%UVg^NzCEHxYC?~cYUz<uYyH$Axz>Xo>E+F)zZ#j=)+6a27UJsiJ-lH2
z#8T{gK6r5rzO>cLmQCJxjypfF>v`C3;Xj(ag#H!bGpMr@ioG=h+xa5qEC>EFhdZj4
zvB#3E5xzORz62S%J3A`<kI2D;YyXsD)79^hUo?&~z?D?{0Pu*W*7N=I#w!{pvMXQA
zC9aUpQ45woP`4%bpeOoYk$d_^<Q{xZ_S|dxPs)dJUzXQ@TZ|9mZp{s{(C_d+lwP<)
zZh@Y!V;s?IcgRGR+!7hr6_N3@ed3a=J9}3!m+_4GG-yi+ZDlalF2}?PZzId?g})b=
znG5H1@k<L}(_BG}H2KMm?&6mg01r>H-lBTM`HXkrC*g5d1E=7X-cK^tCi);)G4^!8
zx{3AX`zK+o0oDhR^DYFdbS0k$tK`6PE1s(@2mVg*Lnor}X9IuZnJ}i>Sh?=AHvA~=
zot+t8|M~F_2JQcIfzj~(JYpSulXHu#N9znt<evK=@re^Ny#C-*F4hOJhI2W;exz^Z
z$*H|7-E)x9hqEUg74KijS`E&NuZ+`sd0gcX{)d*K=h{TP{!tEp%NA$lrKDx;;{A$V
z{<vJD(lgww)SciS;+6)-^!7{VZ`H?noFI4*9PPC3U<@|jYoGC!e;qud=ns+i{=kc#
z>d0*SZ1%d%l)1snJvZDbKM6RUI*XrJ`!!^pa7nU1{8P@cv%Z6e;_R3WQ+pPNE8?<)
zz!o5HGjN}{*=YaeC!EVV^h;aU_!9S?ur>qbuTKu#!+Devd{3z-9Cl`hw>YzdhxXd}
zX6Lq-k*~SDr{(){=cUHFQu#~)uYSH04|M3FT3R27=%Vb{KWeLmb|kw7DeqxD2c4bq
zf2REP3zkh<G$b~D!z19YVx4XmeDDO(l?&CSd#D_Lw(EI~{L(8me{9R>Q$GH}m4fle
z)t&Jh?)sx0zhO0bgNLq<#H_g8@?mQM#%TP80A~+I9<l5F1wJC{8|<+=aWniOf%sJW
z@b%)J!0+`Wrb7<Cj+6LJHSM?#%tJ?9hvys(Ma?!GF4lf<Hu+wP%MSmR|AYK~k00(l
zcgH*(F7H?AXPyEFb1gm^Am4Bc*3S93i1!m$;CnfS-`6?230|N>&kr9o8pNZ;+ioY1
zXnv413xB?@c}Q$4>}TtWPqDApU4GKlH2x;MUa=O^jq4T{BI6Y}3l~@a99>CHZhOnr
zT*|rIPNO?D&@ZMbHU$0EJ}x+k@8r?<M)rwOoCqH2#EEI|b>f8TSOg6yB%a0u;4`>$
zRrI`uv+G6us_|LrwZj*gJA>GM1~L7Np1Iqc%cpE}`W)LF1Mv&+ncLv0*J_@39kb`h
z5gFetiJE6@s?>kz58RaljL|WWUg<dSrf|M@aG0~J;F#i3WHunzggfI===^cmp>xQg
zHOW^k-*8I$bI!TCes0t^az6XlgY6jE6XLn^>`TUu^o~2xh(kr&@_BS??BkOw+QEs_
zj8zc4zz%H5&D$xjai{{eRQ9j2^|V6&E#D~C%zu(kIA&DaHnM8HQ@?CvpY#CdnAh+q
z@Mk2y(Pn#|<;N74ZN;&e-Ltsqb$e_&aPB$L1I{Nz=t1B^;d3WW`KUiQnE4#SxqkDr
z@yr5FcjfTEfivU@l1F&wWK2`GK%0bH=-|9}fHTlKt=%uOj}3<}vd&<hVBCdEUE@Z0
zp3~W3?Dn*+IAH<jMRweX<FRogG_H#GLEp)j?M$d>|H$ARflcp-U2vf0#_h*ED_=hr
zyy<Vpto5}eF5B{bhVH%IhK{lKm7MqM?CVX`6CE!rW`xG;37ck|H(sp8Xg#AX+Sysh
zWa`)y|1Ez2o^eF^QaSUnkFgtK)VJi!%=SpWdR1$~SUd%pVs0AeC3f2H;xoe~+W_B>
zZnEVjodZn84>sFveC`>I|Ht0DhgVfy``>G4bJ;ryx8}-41H{$<7B7Gh#j*olB3P}6
zilP#*JqEF@il~S-38`%$fF}i|f=2?J9<#TiwSYoz1nFr5SS{eKYGs2xr#nQf5Wu|=
z+`rFvuC<bt5K!OqJJ0jJ&-4C~XJ^ed*PLUHIp&ySj5)@b!|;!kETS_{-8(9~&V0oa
z?Ciawkv0awV+PHc6>mf~xQPFM&9C55jEH0$!PEpCHvm&3aD1O%<NwP3Jrr4o^Ro4I
z_<_bQ?i4;Sju<_B8;X%tgTC(AY%-h9>UG^QA8WnXiQO2_`REwhHSxFH>2ou(>~j1H
z2^z|5Y3pn&p|*h4w54_=%b)DapJ8G-I%>PLr`>iR#d2&V76#bY_&e=9%9v&M6^$G{
z!&=&a>=khQShsN3TLSx$H_qd`@V6$uDFrtH@YH}zBcH#B|Jpcb?TIkIL4LmrtY0M_
zq}jlc5vk!!bq>0YVls%K+%J0!bicscXVvlKhSDH$zw}i=Uv>PJ1}y_q<4AB#oQKK;
z*OlzGgP@DSroGhtK4e1Wxwr`UH2<rS??el2+DA``!C&@{<1Tt|voG7X^Z@^dx>&<C
zKYfT_(43xb9`+tio;1g{Je%F5c#cpS_#>twOzv03cob0v-gjPkh2$dkIrt{`UXJ3P
zTYSj5$KIDdvjp3K<kl+aH3NF}!W?T(ZukxF-1wEj#IIaQ{K}o+pqQBa(r)&=mUcr%
zc^RI!j=$gd5)H20<Hn`0NwM=cPUt)*xdNV-->oLf`jiZ`<|CWuHK5ZTex@kV{A>|>
zXGT*6G(jvlewamx%fXfR-74s`JMXlI8v6!!Z^bIp;R~6O&e*YHZvP7xPOQ3$crf}`
zE|yaACf8lija<osf%<$S7`~fm%XbIUU##pZTMnr%YFSIMIoA4s!{bWVF5Fe{&u0$>
zhQ4~Js{4T!9+#X24t~hr1MD$d(^~r2hrD`4uC?^&4~r7_GY_#@;ybN6HTG=$P)@B=
zcLpYNhRyfdtB%r-B{<=s!d+}G`$U<&@5??c`?_%VX%=-n@5Co0bC(deUP2uDUg6<~
z*ss?h-+(9cOy0`J`0nWKifIGZJKDmk^L-cA{;Z{w^nbn;tf^WfcY(8MR*iBygt#j?
z_15~r@yX=K@n?j7#_xuk{J=>+W=wbZ5<B>ICHHi$lw6M7Z(Uh`iR6Fl66E1Z_N<xU
zwvxXx{^sIWS=r6ZVfTLEmUawo+rj%qxP9J%*9%9OvRHC^VSt#6qu}ob>?JXS-|QyY
z+{E9G0>etxD|@xD${)W_{!A`jI<ku_b^D<`GhV(Ip3V32b^2*hqMGOEiXz=TZ2VTD
zHx?y+LYZL5hDWKc;zv}cmVF_cvxpz*8{l~fd`6cPC6Y^giT?jcu78m7k<5cdjIipM
zJV)!shjrG`2u}Nd4<FLsP@gqx)-G#UxE_G7XJa$x@@2>h?ECxS>tidnjNbq9gs|eo
z_p?`3!vhxH6N;zb-6fv-T<35T`x$v<6Uoi|{mGYjj`wSWp-mqnL)0&-7_GZ$eCg$v
z1p8Zwl=2^sPW!E|FnyGj==PwsDYiSb3E$|#kNtV%0buOt#nESxpMbe}T~T5;xIg@|
z%@=GNR0eXf?CY{s5l@Wn`~<ct&3%>etN8Nk>RkE|t(Nn>=Hv<NRf8#e0((^zz7?_K
z#OUB#@pZ}+2NwmNX7DsXu)SWCSjQZAeJtukCu3eKEG0H4`d(`urY!2avZC||=@}uu
z?P1D;<k;+5^FcOoW699TZL$WVO^z=Da#o7IAr@HkFFW|>nVz=&wC!hIyuiK9lt03m
zdMUOBJN}_Heqkf;1ZV6ReqhY!0kt7`k0m#}!#F$o=2_JNjwtqB?HTS~CLDgu{-XV?
z{`I8U&z5ht_cO1IviJ9=-oK_1@1p%nF@f&>wZ*%C<+Fdin(T1@(!7YL8GcdGWvysf
z_Z`KyvhSF^pnGd<@EZT7<dW{l-O|^khj*`eGA{oAnz5@M-2)A<_AV6vWS*X3%qlx-
zSsTu$Y%@7+OkIC`<XhnNE#|v^9<mwjSUL;EmQXj2oG9!o(i`7B#@Pq?Q1tw1Uu&uF
z^R6S;@vL_6_gi1*pFFD0iCL_|Pgj0)4Nm+>mF5Vz8lXYJ@?)OW=M(UO0I-x0b5cf`
zzNx}zSMelsc|IsQ1!k8%?x(DU_V9s9zHR&4+)a5aew<iF2S0*WxH$^^(gy{H{GSBJ
zbiSK45juBpTleasi3L{?2g$dRqpw`JXkvKbbN2>cOkuC>URa=dYq}u++xXrG?)$Ol
zMrG5O8rl?l#t-hPGp2i?8w(km%RDuAv%jHD<uiEbQ|9S9_BnWB@<t!I7};Z==^5TX
z1^Ia@xq@Ek75-@J*i9b|@oj1Xx8vD=h9KvV17-g-WCrd7FtJ8c(TydePY7;XerGti
zqH&nyyTNhA1LeWrYR`l({s}wr!N*3&hOp<XLB2tsb9Fmg21qZA{dv)@*t2Vmo>Q8R
z3;^Fvu1PO+<17_(X^%Ob`vC&T?;&Iv#fBCou9FPVRr_jdjs*KGCKG$DEsJNiv#WOk
z@8VVR1#Tv$0Pi^H<5d&ms<m7!KX1`7zs=yJnOKYgqT?k+i6a@*rH<l`wB8TunY!#H
zW=;?AtZ%&WOfky5ew}|;9b~Mf;8te{9mO-fM;+1HU!A)0>y#X#xe~wIt@r4wCHx=l
z>r1@O^WprW#Bg}r(X)$;kC)^-$#U{TFy~V2x9xqrT%R_^)1gmWIqjNtK--7W$v3E9
z>@%j{VZOwRdcN3s9^*@_<@vO>C)PvWc-uacK$qBr4sg2o@{2f6mrkg=QRUModJCoz
zx4##i5Zozle?EHPF!ssoqz_{Ea`nNcAvc7LE{N^xK1UZ+E}L(nZ#)6ss<4y9UQQ4H
zllDu2CFtvh9+-<Bc=NHn?1k=G!kv!I+vtJ0)_R>YEMY#f`L3m%nO0(<(~jDR0_Vv(
zpcBvU*r&biR%O}kX3#Dt#uL8_9%UPhPLXWEzS9%iVkcrRlG)+pI%K-tMRUYYN*AX*
zs5Py)65S_eAsghKASaKHI?sM59PHmIoLa!TOZE&mQom{4wc#O)I>(81N*owcwCS6~
z?!F2g&SZ^qA1krP>1K`3<W6ka*>y*paDErDyVYwIbIcvmtaGhzdu_iyy8KLJ$~DA`
zjit{a_B-_MMC@!IYoGV?sz%3N;QiH<v3B*X-mjca8y=l@FFNfUVDaj-f2VKFv+hqT
zcJ$f#oWtBA+_Oh~6+KpGO0&<lmWu9N9kvL1=mU+peUQ^;!~VYLWzdsi-6ny@!E-K(
zR{=u+S`C1wK}KH<?q7w?kX)4uMgogyb2|E}=+tei4jJHp_IK8xbk&i}sq|FQPxB|l
z69UKSXl2VkiT!U!D_%WS`&0q@{Cp=Dfvcy^xEwuoX6UqfYJfG=$5}%Lw?~p2UIEtj
zG;7AfeQ%kfCugo=#04sUO-C`G>_s(Mih;g{{;`pZhsxGh>&RHY_!|5|_AbfTTiHXm
za;7#Wxqc<(ClZniLy4zUhi}SR3(6<p;_n}nA7EVlk0%WdcmKDIL+`pB@ZYD#nPem3
ztjdEkS2i*@yMuX8oJKanC*#M!pmo>a=&x0m+qTG-{CMzZ<;Sa=-YuT|O{$5Ls$G+^
zQ~I%=Z)+>bBZTj>H&(7H!#*2vV-$s-X=mKlGtW7PNJ+hIas}T$jgAKon0UJbL!E0U
z{HAT+YXbu@o^=y};bjK~Ke<wYVP7x!Gjf1cv2Ao6{>@%EihG<4$AI3gaJ<s_w#ifJ
z`(X!;A_tBt2adq=<XY98O3$WjD!t_7bAjQ=CbhTQaMS}wZRIX-aa|i23erx7!I#wv
z!)o7clfOm3Q>5=ApWaJ5lO1@@pxm6(w!}1aulYXjzr*`7&Y)A+|BfMxHSg(OxEtA2
zu>jGn!J28*xq>>JA-9}KccLww8|X|r_8#)bZeODLZOI|Z(X4anjL7BGnL2aWDA{0q
z*t_?gXVbz%v}d_@kxcO=YA<ZPi)0u$h~`TsOsy%SUhHgQ@8FTKYl_;$+s0CCJctKn
z=o@&*mh@IUOi$c8`8ePA2JUZVT1#^r9K27N=(AWce2mk?@ZH{ZPF0pYAKEAE`JXpB
zxud&HpC57$2xFMSx3!h;Fef*)%t@>V@(D2Dj|L1GkyU|K7{(sCb@F?B6UUDFGPq1|
z-lB6C)yupwxvUC#TC#3E{O%d*X$-&M*YB+hzX($Im)<huvU>Cc$z%oakHafWJo<)#
z)RFwh-HwUP-6d!6UUC?6*<-Y;dPe?PiO&JD-~SEyCq%nO{-N!|E3L$Ao|_*-)_{I8
zfk(Q--IRIdySr3}v7S!8yPY~_ojY}neD_oM;ZJRyLUR$z`-5$hLf))%WztUZ3ymx~
zH<XyDI=m|e2imJ${Hv@^@+k7@m8v88G$npv26Yr4)>4mh=EuYws$4qBCDgyqXU7~~
z&;Qbod?$ZnWZesRFJ1p5-p^`Nr}ZphkW*&^u~crq>Ze3<E9+?h@4e?2XE^o$M19S-
z`;E6wrupVILmTS<y3W>!mp$zp*&RHYwMJh7r_GE`*2uNgd)L$MDs0i4{k`JTpf|O}
zIYOpv@QP!b35|Wm{^P=+cv<&<FFc?0wDIt?=l!?&f2*e-wJrL$fMublp4T4nfz!?{
zp7%F-{+CT-*x+_{l0jC7a{JF{>vF#RwFd?V=GGX~>xvRvsCU?jG5xFl_td|X@7vD(
z_QHa1pu6(jP!C*c*TmOR{twUh<mG6=7joJ?K7313J@2K@OMf4Ler4t?7$2#6TksXs
zIok_@2Y#YG??3ooeC-`%ki2o$i{oTFgl8S;LHrK=$X1{^+tJOTcXAVsqOZ5u@AIbG
zv25b~ad_f`tX<K2U|cJ|ucH0-{65~o?{)usZe%-krp_GY#Ix!A%#LS!dAc3XX87ZQ
zTU+<-S8tuXgl`m&-AXt1nrn$?gFZ{BgC1ex+1z?+Yc}Qg@F&^{dhlk}^HE#hyq5RE
zS@}`UANI7$SraH%8%ECZ*eWigyuE%JqRh*`Myt*j@ULM``{z4#z4~cwwzXk{2j0JU
z{?}Mu^*oDq>Vh^+jrWvCvCr3<Jph^u*zdo^d)fc@W`q*=nt6uqy2dX=xoKIWmwMXp
z())Roi*7pu?|Ks_mk~LG{|9^O%WiG<9qiQw@Jrc@6VR7vWp9qooBBn@s$adw&MX^(
zJ6~oEd>wy6=Z>8&!pmI8K2i47>=W<Pr?F4)eKWT0cX*b)+SrY-ZNI^@Yqyr&@-KRJ
z=Xwb?f+e<%V7tn(0~=n89r%wt|8LuY*V2bz_u7H$C~I#AUPGDJ4!lyZVF#Xt{^zv=
z$Dn~y>0aoz8l#&x=4R?^pEEdNpL>jFubsGB&n`|_W3HX}QI$8f+JGzc?6Cnq;{6Ue
zL^j|Md({If_t;xz@%+DGZ#j#0z4n%y)UU_ha=o5C_LggT9@7=xnrZXQ={$>1$_`@A
z>0g$PY27nk_K*IyU(>cf&zj7+_Q6Jc?%lGct+R5=$amlL%*sCGujCR2&Stw<7kYi1
zP8DxwIdOI=ThB7QZxt|j<L#a_K2N<P_fW2QJIRRceV#7FXQ2H&b7mISKCqX3rvvNl
zwinQb{9{%%oOQQgPiZ*oJpJYmmw!yIxi2o~4f#RkMy{f6N46-%+bN${`~HNtAMuTe
zx0~R`+vSo!JR@@TFO$oZcOclAym%+kBeod_2V?(W!&O2%uHP4X*kBh2=TR=dFX5o0
zcHHr%ykfU=HT5;#0bA_ndG+>qD?Q_VZ?`?(p44rlmv?q@F>&wP9%LEm<b98$W5Wlx
z^8CiTT}QsHd(iz~J8e!O#TLAMsU6E8c|fr5;CspOJ1KYP)2zjHp~Q2%^XmL{dUn^M
zqw~Yt*ROWksCV07Z^&SsFJXT^!vD44c{93)*55MIMsDOC_^;Yp!n5`$_8ntGEm_T-
zz1MM<peH937iKIy0xzng{p42N_1=qINngXaIRoG3OnjTO@Bz*y4x%&nf423Zga>WP
zkq>1)wln!qPUfB<^c(4ju^v`pDRUyaEB*Pcwx45;W&9iqo^+lwti)bo2PK#5UWr&f
zvb}s9uV<Zh39XHN4L@do@3@g$I$LX#WohB$?bucFQ)+6FWxmec;>Gl#`y0(&RUdL^
z;|}r%=lg27D}-|{UriP9l(9S$AAezVN+@x)aKznm(Q~oKos0d2_Bh`y#E+`bd%xqQ
z)H_Uhm78~Q0{&LRe1)c6+TXa(zWYf2%dxU8Hjm|8>Oy@7JXPo54=|K-idlTOyDdy>
zQ}7k?+$A}PZ|vM+y(1eA+xMpij&nA{xetjUYH~Th&O6sSD8JnYz}23K*1=lN*7uCJ
z4i3PcR`-oicrboY`<tFWG<eZ#hf)tT9U=$&_DK3;yHba)Jv1J_fdxYkn0sR)14DC~
z@Ri_v!rUQ4J#rJEr-kjcBRg_tbZl7t>F(paeCuFQH~fX6vqALH$Qi^Se64111|h${
zDE=t9*f!7&GUfL@;2E0-$(AP^_77Ua(TjJvJT$Oo*5qRNru$s{<gDB{G^#r#)43a1
zbJfT^i63*Oc9PHNz+c#F`&!y|c?Z7rgYk1h*6b4*K)HAae35)A9k;cYdiz$}?TitO
z&``x1`+4=#4(}KxUYQNA%!<6aOS~gH;-jv{LQMFsuQT2l^tDg4MjiPv_dbjKndIvF
zJ?rl?`qvqFzY^#gSu9{d>(tjh7gGmWORwU4ja&NWaHmh<ILw?4y6d?^^FQ8kDEv+P
z4xstm0c7SE+z$r#cY^!zjXi4IJ8X(M!+wxCaB&)2Hfu8e|1CH!SUf8?uN(M1)0z~&
z&I(%&AD;e{J=V{GSGdGKeUcZKuTfso&&H*`6W(4~Zhv!7@4(xZC++8bOYPq^7q#N;
zM-JZBQFmtt`1*4`_)0IIC^@wazK|om__|{Vcg9`p$Rpf$bu0B_dE*@4-3hkuF0|6(
zy9=IQA7}ft$``Bm7vw!2?(1XDPYyG_sm}SymDqlVH}+mJLv&Bx!A8zrNBKgDjr=y!
zckB7d1QRpRNdL2(^OIMw$6tv3djsbnr8+-Jvl7oR{@L*8`+2^N{{vk`<9(W%^N`s(
zJO{}%z8?X{&n^`k6Y_}hvy0_e>lHH+#}2RWEn>C?fD^@-M9;-`bvtF|90Yzj#YzP3
zP6_wTh4+?{L)>$gFzpm)2^w<&V|LFH!t5_POLz&s{?*PBG9rKG9Lwtur?Z4i@a^_t
z&Jq}#&JybAha4)LB@B<(0mJFe5;RXbOVFITZMB{yNaxIooCQwGyIaGBt9S5ub8&tu
zd@HYUdwjbw9DDH(u&}A=EP?*o_`C(>^TzrwNISL9TQT&M>CltG?J3R@%vd-}$N~@U
zT*>~N=nI`7o76%>ndmc5rE8DRjI7rg!4>SASJ*PZ6O?P;HGAHFqW{86YbYx~hH+!e
zKj66@8BKV}{n*A!(3j1*ULVf&CLNo0;M91~`GD|H=fQ(}K49>`yBPepBi}#iGNM<_
zgSS85{*(LDIbt1S6^#1kLC!fY=ljz9)*K^=YsQ63Kjlo8I=1f9*U^3YM*1>FaD)H1
zm3f>!T6T-tJ|QC~y%QAfY@WTH|0T0ZPJ`!g2UctSD86awv{S^N-n;FH7lq&hQFxJj
zgL?2M{nvf(g;9HJNANYL`IgGI?tY{1<wxf}OQw+itb3caC%2S)<OYq=OA|SIZbuWM
zmtO7Q=dP!F25|SZ_RBopx%)=Jzszch<(Pj9dxp8k`O=4;BX^Z}i)bo_E!5qc8}G7Z
zhT*=d<$@jmibN^>9fszFufsF#_jOv!MmNne^MkA(cK4uHW}NjM^?$42U=NzWnr81F
z{GQp*`$oP=c`dls{GHT)=@;~W$Eo|b&nWsvUiqHg|0VQO&bleO-QLHh-)8?-UabAB
z4{|_uWcyzv2lR>HYr&nTp~P-}wJx>Z&VtrX%)J45`FiB$NyyLFAxBRn=jgRz<Z2Ty
zr!fdG`uzjnnl&mv7w}bQp2^z;o**`S?aF^9oa%g_IEC{;=5-}?4s$+B!1VfM;Pi3m
zIg6aDbp!33tJt$Qw8ypRd@|pC41DF-`4;oP+FIze^)`Emd{Hd;FY{{F$D^iBpU59m
zeM?st;Zww4NAccYHqXaA?hC}naJ|*3Xl<ZBXN$y!mUpq%b`<Y@@Dz6z&juz78|U}=
z6)lRFg`&x2MNhTb5~mNk)#OSkqfYz065pc?x-)jtTRd$juf)IJN`8tfJ?)%rx1+wK
z*XcXO;p^AM=Oo@~e%imgmhx}&Cmi1o{w9LE)5ocG-D%>|Dy+5Aqby(fC7E}Jh)L_$
z)c<DA^(+1Oc=>lK?ksB+ac2CEtgv+@`MSEXWcAMveJa|OGc?vx!C*(f>I#42Ir=-^
zrIlZzG1z|0{p?tcamr_$8QIOf%G@#g;O5GVQQX@yYV(h*FnQV%gC^T+AO?Lm=99aO
z`pQw(o%s}BvC6sE;g008fR%ee9pBG5m~ZS20c25c{S@k#BcrOm^3A7~a(|cq`cVZb
z*6?+lZSIEN>->}AUjL*lV2!cn%7_)0-*0w1|D^Z9t!!v&Pv>=3#ZN}Z=CY0|Gby%n
z%NGDQdG1G<yk+#W&Yu~7jql3v`7J{xJKeWc=DgNlSo|^h@)vSm+l24vcWhn}V6C9n
z;m1m>ToM`U4l7Z&#=q0W&%O^+YDN(&6NMj^fT!r~R^pfRYx1;Vzps1d9&=A(EjIj)
zV{Nh`hrebm-S|57xQC;>m$_4VqUKNWHY$svlf~#qwvgMIKjo&|%k!iRWaT?-IiWXl
z!q4b8ifw3<<OJYJPPNzgLc#N4XcIQ|;d@d7Gl7#h1?95|MC?3tS&;`gGfh;75}dD?
zbG-h@<v-%Pf|YL0`QDL-cuv3*m$SYvVjnI@+BxS{NB&>^kq7Q^VECa^_g(l@v=Ue<
zZCGYd9!ru7F@e1DKq&D&p8v?)Dqq)h{&(@U3j4k0H1?sj$>{xK{I=dd%Qq+4lu~H$
z4-Ul777*X0b%ieI-0AAu<c_O|am5+eWM^C!<0__~K+CvtBbV|Vmkot+Wk|ko#-%zM
zmt>%esU!RsI(2uq8`m((HLiwieC5WF2Qeo;@<KzC*N+NkTsMljAB>DWT=(9uVvRqY
zg<pBKwW+r9+PLVZmb-uk(#AUSyzRzsYoq^$xaQu%rzSVww^M!ZU@Xe-QbBA*E%jup
zXYYXSTl+x99$~>d&opqt1JO~l_+PmQwFaVHwSLIId$Fy%`<z_Tb$4OIz*oV|C9Si<
z+7ERO?yq?gxyd~T4`A!DD$7U5kn50loU{1c$h4lVJT>LSEt7lG=f6W^#?D2~<R;n>
zoK+4Vke_0EKH%nz5Fdy_qwV>?yR;!bQ0uJkw|I_Kb1!L-d@0hauqzDU9BeN*j^>9F
z|K_un=7S^i%-;PZ&ywL>87OdOs|++F)0Kh7J@hI(s6Thn1sOvLaLS%n{B@f@ivRd(
z$XEQYcD~{g@HF7-Hm?}i&#vSDmTi0OOdA_tlN^y7IRLE97b8bNWAQQUznWWMb?0`H
zXKp2PDmGfUYew#TO5<EpR4Cjv58-?lm}JlL^3X5BUA2R|DBm}qYbAclbM(5_^RY@j
z)1NsXo4|UVz&yW}T>l8=KR}<*T78KBMcc)VtX=ra{XAd6e2CuW@xSmSdYi-lQFu?3
z`{1Jfg`;ENuw^rs*4+D)0{yK`dH-q^8d}4~C!Y3sfIgr(Yf$|q_%O#^defXW9J<BM
zspO%%RmX4X>CWfa##<)OrSC4#-4O713|#=>G!m^whG+eI`Op>A(|RqH+|Ag=@f_fr
z_qqVP!>^*Oars-h?P%-;y{OOFM^gVMo<0n}M_z`njwsjM!Ow<LX9?$+4}0o~7Sxw)
zd&Brs48Pm{>FDECc)h#!+tWuT?TJ2$d)f4n(aZYE^x>xstu2>6?)Sju-P;JpboVxM
zmrybFWCM4{a2fyWT+)3O&ai_UyrfgEwqmp)ya?ZJJ>lg9<+jXh&s%%G{VwmleETh)
zzld-DnL37dI(6Ig?f<0Q(1Ff3p@S_v_w>T$?5{dk{IzMzStE=?`)e({o8YZBaC>?B
zTHYC+&bn{m>7I3egJ)jF)7^Ey4xafm-~LZ|<|5kg^33@>Pemu3hMp%`VL8w4`l&i{
zZ;MXY*mSR>6OMZ*9X(BJI{*%(+u3K1@CV1XxcWrC(d+)9w$SUUv0Za^G<c5D>v~6C
zrkuUm*l7dWUui>g;<jVQboP!+|IBXZP3nuUPCI5lPd}J{o?yJ)@KxDqGa}Q8W7l`f
zsCyTGe>UefUBB?$M*N_J`l7Rc`Brk7;SU}@Sj4;be313L{$k2CH>%&v-cmB%syPRq
zt-6EFZ|}(Lu6F*Dlk>zVM-2G;ck-@bM}GzU%uflyCapR0Q5>_#8kJXJ6)u<;DqP^R
zhA%+J8-q{qn4s>Ps2{EUdOo(iU^lDfKFvYkC&)K>CsM+BXQ<vQ)SEYYKDm0x_mWu2
z{i7?%3ls49YOqTt?gaKbrJHkKYu1U&m((#gX(t}qJ*1npVJ5ad?8`d_pSX;B1OrWh
z^A{{ntxx`JYVY|?!SdwKvMc5<PoA3+ehWM_eE!hxhBRwK{eM5Sn|K6+6VX8+H>*0j
z#tH{>v#Vpz_`(YqUn=8kVti$cZ$H0NyQPd;$QbWpj0+hfc4{-e67-;I#+SzPO2)mC
zaSvg96MT%%GqwecE!8u&G{)A1JaQMgT=3IwvY=D^_jgq@mUH-CwwgS0U*(bes+OEs
z7CEt==kCz%JiB*_#?pin-_961!XSRjm>>51N#FJbt6%Wl^5Dn7y=PIsQLk6zJ-BC@
zRrrGMwoyMkksQ7UIQIZ&ZN>Yv`xNcoO1rwNbToIBo)J&?ojGbR{IrA|Jx$LPVOGV9
zy<6bw(xE!Ttr%U3em(=eE5^AP=PD<n*t&9vY4+year2*u#*VWuaewd9)9RO%!JWr}
z*XWo|?vtu~Yf~fV5d9a;8{Ierd{<VEuHt;lly!S_ba~(MOR6}x%H?dYF+Ye7!r5LI
zA7^_h*wK8E`IVfjeTXji40OgCtb57cgLUSo=h$zY=d-QE@vf=ieaIF%<1@Jeu0ckj
zy>dT!O!AeVBsVe){m?zzGje^hvn|)}PMMQ@wsT=@9Pv}s-Mgl9&C>mC&+~4E-lBIP
zQ|LTzH~R>>R&r&R!sNIvg|VcQ>*Qtb|E8XO#?~)#ocPTs^0Z*p-;CGpoh)0-w$#?L
z`G2@KcMNAH=Wr%<y7Q=cZ|56XV=e8A&+R}j6Q6s)@VT7GBb2M{l8bF#*HK%#Lu%}s
zb~`JmZ}{AsHh&wq-Tti%x#ubwk%CukK6k6rc2x=Xp&t?tS7L4GK|Ychf3(|bfZiMP
zdvo^|xC4ima35rUY-yXzMsh!EZoF7JF1Ru|BZm3s6#UNStwz7y0Ul?9N5xWXmVQf|
znbXcb=AoQ<h=SJ=)_;_|F>z?o<hkx5{dTtDY4ZL59`mlaR>2qQWNr8dvDByRf76%m
zzocFN?>PMz7q#|ZQN$gT_}$9B_7~m@hUm}jIL24??8vsS0F$xB-DtyEd!x1CcZvt!
zq1>C&Kke~^7*9v~y3V3+Ca=u8-LuV_p0!%{qh^|%D28_F=b<U!3%qF__MtC-$UeIV
z9beyyt{)1Z`~4=AcuD*eJ_ye;_nlTDBSfKV$rM@awND$kvmzU$&jVkQc`84iT>o>*
z_rY5lT5PS^&R&`wnXGSU!$Nj#rq1TF;pTo`W8+}{TWlOFe484!wVQ)k9vZkE8;6Gm
zl8tR?-~sv(4b&mq)je~sp@F^VU{^o`g7t^IcgsV_8Xe-&@85~z;nH=x?`?}qa32Ft
znzOToOYkVX<@NxFd?UP0=m`!#3?-C5O@7Dq_#IEA&j#606=Q*Ha5c|Iv57toUf%>)
z4WHZg3e}NbUk?wyj5?}2&Z+yR^!oR}^?SCx;u6YZoBwFXZES9xn~~-_XKq*<$(NCb
zjwRQhPx)(-qhCk<R~^17ck~FWNBP7HD3eW7XP{+|S@xaE*!_`(69s9ZO@ok+j`ME*
zW4?G*8h34D*C;2ZUU8>Y!>mo>-{qA*9$huX+N3qFHC^E5Ls;Uo^C1lJ&q+>!Cklto
z93B~IC2o5ke#)E~zZB-E3$Xk;|AFw)-8Y1%!lysW=iFMp2J#i>_c!_Xg`1(@GT!aY
zBEBCzFTgjFWlDcz+yA5wNAD=VB(OIWZ)9Ey_FC~k{k(~>Yy5MD17CEUy$-56gNqwE
zuUyBu0cTt#&OKTMKeqRe(v()8df(z!oo@9*w@enCOS<3-0bE<4v7^{AtC;h*SbHif
z=?T5ix8`vLd@m-v?CDfk;O1$__qF6{Xk0?hu7f>@AMI2a`><1up)Kx?YQB*())?RJ
z`Gbw0C85OcfqAd$K!-z@+VQG+{Ynm5;3gn`TGpwseZGcde$Q}nT&KchS&wjxc1`>F
zooe=N_1FA|<ixoSA1$*I|3Uk)GN-?vh7zlJ-luQauVwQ-qWZv5+r?TRU1o82B6nIb
zZg(#W{Jd3OpRw4L*NYw^mTgjO4EeZLvj57rf-w|u#uh_wwj7y#;Pdv{KSrBgnf)QN
zm-UHkr(80-@(`Y?E#q79tldtG`u)NCs^@IFcx8#bmu(%Qy)4Jb?6bGCmia$IUA0-I
zbqcQ%zmtA7U41fcV}o$`U6i=6TPS~2Yl`vQq&j@#uBpICXTKR~ZJ0pJhoNWIqv-ZG
z*qM(Z56O-Y8)hZky-2iTRs3;uG_U-U%}Mdc%=i<)aFo4GG!&wbX3kh^x$jqdUadbP
zelcb1Y3~hq$-2r(aq)cFZ)OdYZ7w77cX*S@FCyC<^=v(kGh1xb=kTp`JG-syc!6o_
z#`th-;TtOP`PO=au4SLsS%&V~i_&)cyY}3D0^Zf359nVz*}jss_>r%#%!zlWA0r1{
z$6m-CY^U|304I-JOg>!AH}!jelfQx1X=71`bB?U@N;_YI9gDh+d@sZQN-XLGd?|dk
zKgG5@J05ijzn|riBch#8#f|t<$fshi<5RJ^uQh1|J{8NreQ8%@Ph{jrvFVhWnA9xJ
zuCvYA_1=CR$E4O>&>EBa0q|)*+5v99%-(+cd#B&qD{ne^Z;!DTxqEwMmoK-sKLb2E
zUuwU%ucG`^d;2tf1MPpAy*;+z%kS+0_?}n3E2p2+?d=cp{>$v`zfV8?-hQ5N3EgRL
zAHZ3lySGn5CTPF6PoYom-hLy`U$nPhO&zW0tDL&+_x8&v?`UrineR^C+b^Qr-P=d1
zj%RP*H1mP*%d_qakMZ|un#NjA>P+uy{Po0p;3Y2a!JZS3UCgt?cf@1L^KBk8kT%6*
zGI@4+OlV*$kJ$lUygVjd_Vp>8BMTPf-I5}kkM`8F!$-R~GI5$yCls>lboJCZK|9zZ
z*Ux6H&0@W1ooS6l8Atp0SLKnCjlF#wu6#IR*{w0#pXEWP-MIhHZ_5j=uTpE=w(YNE
z_LnQr<rb%yIO;zA{o&Y1?mQ(<yKe#fIFIv+@<&JKO}4_v;Y(G#3%GaJ&I<hwn|_=4
z=uW^UpWh(7N4__u@L2sn1NmYGW4muGww14N_q%dKo<n}6C(orl6XzV*KMngpCcMwv
z5BXeL;-n?ZT<5cWn@W*8tAbXWIB6g9u;Qf00?!`h^+Mhi5B0WJO04up+Vhy-r@*0^
zU-+8#$)D@lncv0C-ClfG_OY*iNO^s#9Z#Kc*o~(?^*ru9bgI~3?gGFEss#Di_(1tX
zZG50iY%shF-rS+@k8-#)un%Oi4|vDaK;EyHdDot%+`XazUnuP7EpuFj%zBk)e9vlp
zoT1GErx^#_Sm)OLVA@Bg9*-OAY<!uV@wmQBW;_|tAZy@MzD%OM!_esw=vw-O=rY6l
zm#52gFD~oEl>_#{$2Kd^nDU>2qi+Ip0R65pA6#<pZvcIz85$N{1cL0#%%dB_(U^kI
zDSNK&v6h@GdEgAbPXh<KBe|S5udAFIzj<8iokU+G6TCs2CVqmpB#Q)T&nt^`=6OBx
z!vAeq<RzzHR~BjF*_B0p=l^0^<mSRwStPSJxDRkQM9LjcTa){Dw?>^eG+=$>OwRib
zq6bVO-vxJu+p@@KtRv|Jw^P0?^^N5h|21<(;}BOCnHvuyOAmt|%;GmOwM+O^vdA1q
z7EykT$7x@(2<soebt|#e;gLa~OM6p}Z8=4Lj8bwzie8l;Lw*k8v&c3zvX!*uvo_4Z
z;2YeXk;xqc+y#CLKHGp#s96KFnV5Qc*h(v(_!Rh+Ugq*y%j*;R-ITC$3X8Yq+}$ax
zoD%_fYYR_>Hd}b=gwXGnLf`XJ@}C|U7<gu=fB!QLPX&iIPo3L_ry|p4J^)W$+1)xA
zJ9}jx&Be-;;C{u@z~cs29V=UB<qkMAXbpN=w(kMwS1s2W)7#{$S=txgXzJTMwXb-p
zrys*pb8LUnR-SrsTx+KkdI)q5CEWgWU%Pl}A@FGa=b;0M7QF4bJXP^C;+M<7SxGmW
zpX@%;o?o6kAFIfd*nZ!$eMZ~zOLX`S`6c$-4*84CFW*?+7h3hg8#|obP;dBUTUcCr
zZsC{C{8d4lvTZd;uR<P3uxA~+u~olHWxVdbA-@s%veZvZuJ1(o(qr~s<5L~aw;^ck
z2r#%f8_#=}2M_zGJrAC8tfJ}EIP&sf7e{S)FylBK4?cX&<ze>K^(#3$7tehvU%FSn
z$fL-aWyo7L&&`PZ#phcpe!c!v@@T*}>)-t9eDf!?A->5vnz)1iwYD0DeL0(l@tZ)d
zoxpdtuDSiRIRq-YwAwocHcy$no$qc$Zd1I8IiG@7N8vA`xqFg#Z?Ye}51mW?^VZpq
zy`U7^mh3y_tdYgk)i=*l*R3bHK8DTCjmxa1j&SuExW9z<q$`zEHayvN<T1v-wB5I~
zZQ`YOP_DYOshio`j*nl&|NrT!@6{=0@=kph<Z{l+cfUVHy=hK8*G6?K&w}s2sDB~w
zmGT$&eCxGmO?2w^ppNjSF^}SZckEtxu4vcKIOp5*Pf`EkcJ)U(_3<mply9W;<_CQE
z!!lPZ{W)#u^KWUA+g<w1j1=&#&R(S}?9Ex(=f9v8+fJMvQBLdapQHb*DB6?&PnR&(
zVV?2+#`Mvb`|n)&qi-AegL`RObOgx{-RSGf${*V-=7@bF(8*e_U)cnW9HPAg7*r;|
zajzUQ3!l_dj}1EpzvxJ|`4w${0zJ9&a+U|r-m{y%)YE(`R=#E4mcYY$SjGmH>cNHA
zmbP24%a+z1`uZvNfAV~{x9*3I56FA1w%tGKo6Xz-Egz8AvH$ZdKbn69|E>)<%6Q}h
z;=<jH_wN7F|7tB;CSS+5Exh$*+a4U^-CD}McBC-R((!ahgRA3t?MM?n^Vi;vbf#xK
z&A%b{K}y@$;5uZ>j&Oe+eacSb!Y%)E_kXYbZ65Vn#sKZ<yg_4lm~zdDS8jZOGRcjT
z(D_^&Rs}ryN!phEsz3JPuWG*<M4RHdE^M+97HDo(+J5maJ$P-j*E_Iz$MGG?+K;2&
zB5xn%@~d>)*O<IKVJz>pR!aS`cxmTT%jwCa?N{c)6YYSu&ZR9cZ4KdBv=uxJZMB&f
z4{i11+m`WoXe*m?dtO@Yl)Wf3cFI%G*RMH4_Sz7<cFGjK?GKFZxV{RF{TiHn85(P(
zUdvcKH1;9o?P=@-%KkTWlgDURbmr<Nf8benHu^Y65MO?iXYKdW4NT1VRPjBlP0aY9
z_wSiJrd`bVgkATvi5b5W9b-nCHQaj+{6#V2)BkJW-LmgzG8eMT&%|$7F%o}ud};m;
zZ1u>##%_YF_hs6)?+)r6nYYhw`vh&2$X361pz*7j{+9iF`&idjpB-872isP^nYx3a
zi9ufw=e;^=xBcJL7u?UH4|(B!iE_(t!+kQ3!p_6KDH(J62X;GeI51YcZ^Jfrr~SLe
z1LHIY#wVyN+PRb85P4~nmBBCN2P9tL<4^ox3g4P@VJAjo49}8-Yb~3<U#w^LW^*=i
zhb=otc{hUc&a`peh~%<~{9VhR+LLeP4~erDJ^he1pWNyr-r7f;NDA>He&R+t5kJB`
zQggcyZ|$qm{nw(o)7_2qIBg%M&V$(JkUQ3QbSGpTJXm)^7LtcvF$-sz@#+2m`(DWT
z+zVN_GuMfAoD-kVoLq!Hd^5k{+gk5OdKRA=<%)dZ#mCK^0b{XQ^`+hW>GwFaxSDo5
z%H7|9@8Qk<P~u&1Q`}WLV_)Ykft!w%E1rxyR}V_QVH`Oj#qnz1vm)h`5$k+X%;HAc
zN%6PpqL)Eed5--~<IMB7>Y9PiI?y$lv(fn231<OQKd@gi4cDeQafx$`P3B6*BOGa*
z3FM|3$j=3H=ES9EO7Gn!n;vy^X8#%E@6G=j=W_DnX`HS3^=&-6cVNoaH7$N}eqz~6
z1IQM#0m>&tG1SfApuVe}xBuOf^7fzHu3{M5&w)1|VkphF-!-<2VKjOBu^E;k=XGT7
zl0I4mo%D9-M0ki1dlv(jsoWv99bAyF2mBPq8^BWoG$CEwosVhYSGu^?h4MMd7USZ>
z;1xTczW2sFo|t<%>)|ri#igu|ajcWE#8VX!PldNN_x!myih!fq&+S~$zs3gGp2mE{
zGoA`3(m#b0*#KRfxcaA!lYWr~?y2brCnlZ|n$;OZop=P}z7SZne;T_B^LGKy;t{h>
zSWB-Ne)8Rthn+R<`T-8azB8Y8@B_q-!Ea~$--yT2y|MDy8&BJJ^4|8@yVUX7dw6$R
z(Ar@8>y2ym*R$}~>xI9b^||ravwig*-W}^|ZK(hF;oX@ItUCV<_ROjd^vtfVW{nRS
zgufkq4yMohhK9mr*!Rmh-%h9AqLj29Lw)JhKjiNd-&F3K%!{|&Df!5l@WLY9Cz;-~
z7rfrbeUgKyH)Aks7{4~1X_jL<Q*4``aY!b#cy2Ef27E{31*bUA`~`T_9XW2BZ?N{H
z(|GTIeDj3GU5{g-og!#wtGU-tb8sHtj^-}kj$+x4e1&_fU%R?B{z>;%zlDE+_6@-y
zzIA<Z$9E=cUlFe!!(O<TajX7jU{aZdP2nZ}cVpWWm$sjK?~0aAG5%%R|5x8T#l*M$
ziF*Azh)eqw<<Ik{cHchEIomMh82vr_33r)}vuZ5z9sV2dMVt6t8z0|_`=%KG-g)<^
z?TpATc`tbM|I<!ef1oY*?#zll_FmjbnP6&oc#7?RZ?)cO+`iB9c6|<@FMT`k2X>!J
zJbhL;eLmyuv)u0URj1F=IVbm-^ecBscX&h(ctua<y%+QUHO8J1KC!hEdufW%{Ws!o
zW#CpD@bJ3I-f<HrROz?lgq9G0(CmwEuEaksm%XGnHq2{u7UMU2aj?@j&3r7dte!*W
zls-5<m{uL~<-N6PzAcOBY*Df2k1`I<`b^x-Mb7wgkguTqU3me^zVGdBXB-b(;fBNZ
zJR@6Vihl;XFWPnG(B}@#c>dKxjn8t&tS`8ITWV<2;Dw7P-kHAkUN`qcV1l)wO1>>q
zt-`8rE}B@nm{>JGIY%<A!r1M;n!SGQr<sxOlK&<))wTmg*`v~dDOuJjoE&128Z0H8
z<P1LX&&$H4#MOtm<HX!^%U$VV?n=+(e%q?gAK6`ejkTft&?CFM@U3LcKze3%)Q|0$
zHp;mh%c5L+cpyM|CH7_7)E%F3_OdblzD-3r)}%Ah;a5Fs&!>wk;ivvmYed82HV)@&
zJZCH4gbn*4?nsIbapDIl`ziik7BMA%haN<$E%^MGR(xiWcf<ZZD{?MpbsBTYAb3Sr
zi(CU%X2qPg^VJ&|Y6I5rEfsCcGbks{dqnJCJBDosu$2_F!nT|9Ym1x~ziS6uaY@Ip
z-O9aDM}h5$vn+D7OJ?AH9ri}y<|we90j%ylAN4~{zW-!7{m7Sp@9cqwE?u1d7v=pg
zvguECgs1lOS9eP*Oo0z<`qMt6yL{^w`{J_4)H$@JJ8fdmk<SL&3gELAOS9%EFONG%
z&+lnVU-!{xOy6!M_f0o)-VR-RZw&vmf&+^tHhdo%UDtV|^6t=H&0gqqAA7p!wAcBx
za|JRAc8usaTh`9xe6xi1^q!dh4asrXw8z+XVa~dC?Y|hi6n6xnkJRWqK{j9ILx_Rb
zq#r$k_c~t>u~%FzxGF>8B)Dztfv$gc0RPy~@1jer-^IpQiQoY8djQiQ@US14#`BxT
zz0Jfs?93zY_m=+FB<1}MfE)0+OY7N7<MqVV=W>Uf^xliOE3dJyl_*?;KPc;}mV7z|
z`NXD?L#*O#Ytlu?9kFLFHGY!i%z2+jtvGa_7@&P3pV)3+=8oTfK5j`BXG6ggkL(T(
zu{MN1AG<{N+XT*^zg+wJN`J5^=lq{9&p{@Qu}15t6J?E_!8o-R-|yb9dihVS_~tIw
zL2SN;uIyaVS&^yKY3QC)eRP(+hOz&y7mhnqeo^1hrpEkn<W>nZZA~O69p=nsgn?)5
zlKH?hn7i`^f5X}kpe*%75i&=xX%I02d1+Nm0q)KlSy8q8W#%x(-FbCi2PXJK{4)op
zRA9Qo+Sn0H7YU|RU~0Dc$8cm`!4&1&=b>}q`+d*%gOM{1yXBs-Zb!b}MtOYdrQsv*
zjSY)myh9saeo=5~EBz;l2~MVQ?<Vqoh`sq3crQ*qvYYwfj=G%4Hoi4F9Jvbu>3yo9
z|3ng;V)F*4x}#3{j&mZZz+dRksZKy&u7Af{$T@2B9p)~ObnwCYUQe6iqqY8#+<TW>
zU58ILHV3CoTL+R3a76V|va4Ulf9vt-HeXxK+S6I`HuM<nX|h|CFn_hGLw&>VG@rmx
zqi5z%@1xM;B0WQ2<{5gMujg}}XMExw<=N#G`Ou>Fm%3TGquiWUb^e@<o5$sh(%M~R
z;K+<T|3Pw@Y*}BX?i%VI%@2j^*kfbOp?HA(_S31MLSm;1S+9k4v)&mcTffFM9au7%
z^DO@ADksN-%|-DUhphPh1Fi4_w^@a=cln4*Z`H|f&{&XNj84wFPde-VJCrMDv-bYR
z!YPvnvG<F%eP6RCotS$avcg1UhHH@>zJm;L4SL4aVPp#Do@4H00gu0io@&u+#E(Xs
zer$deVBBT2C7tH3U;}pm1Xk!gHI;h+6tknb5FZMG|Dk*r+w9~E1LuQzZjj$7W3Ri+
z-WR1?!h;e4a-<W_5N8a9$=k_220s$N-3Pz?2mDs++q<Xd&{nb2R#o>!6Y-IoQ#Eej
zcQobzZ8BfnEkawwV|d%@Mji!YJMzc}ooMUrp7EEpZc_Qb&AJ)fx^A@3+BA@5=>J3L
z73b@vn#0(Eq?yCJz?+49`}r}u9kqFc|7-m@W<H{I=R9R{yb;q>cd@<C`kWZ#;-Typ
z2cBz*K^_4uMjg6)kT#-z{D<MARrn8=yZ*xiZTPCtNuisG1I}rcp<l_B%*kDWe0vY`
zMtoAuVE+Gs{`dQ8&gTD_{C~lT<gyw33huv9rtxnkXZnX)@8G{bW$3h-pYVG&b#LSU
z&E!wV1~RFc_ea?GuE+MSvw=F!!gI_$-Z_z%sW16EmQwVqBl%szQOyPP>fVEVjQ3@C
zju^Fiq_dyXmhz?#rQCAzrHfD0`j?GXelcQ~6JDGQqh3cisp{PpCl&dvI2qW}#>tC(
zdk*k6A5SimeNTA)Fv0lvU%re{{+I1YIH{(taH9X`sZYisI<uCa^HkLTlhFm|+4E>A
zHu@m3(Vy6{(RmMBg)Y3>_q(0~-auwscztKK!n-=vhWAmv?T;R0@X4AoIyh_UddfFg
z*2rvNoo!hoGWoUjacnreQ!J<K>TX#EWySoZQl_;mJ<YVqdN6IWenY%>^?K2EK~I}M
z{m89L|HZ@)h>wn-uFi*sIPXMn$H3jWo;D8CCO{aOPw!<bS_SQhhsNOR#^0Cctaf=X
z&ZG?!lgsyq;Yp%9jnf^A<|xb4k9ZIMUuGYWtxD}{oPGKG7Jsq_N>*{lTdF+6d{gX{
zDRx8eH0B0}C!e4X>F+AnT#BE$xIfCf4Jp=0`CQCSu||w^>WP=vI{VWB>bSU6UnR~y
z^$*I0ix>F)JAXNRo8^4(;!yjM=1*~aE?nwc?Z3@8n)e{@H18Ul>gd}h-U()RZnYoQ
zTkP%m_$0DUHE-qcc73Zo@(<M4yAWrYQTE7sJyXZP${zV!J&$XZPdDnBek7kt-gNh!
zUzu`Z_T$#lV|V<9{l&*Vlfr)EM>p*hKH>M(xHh0{VnO$C_wZ_LK$6i4ejM5;*|P2@
z)<*61qiIX`e^u}|8ar~sKHDZV7nqBG_TyazSN`fy)mhsP75^-H=uULV9Vw|hW}X<g
z<fE4s?Yir|mkvGm{r3*N`qF_z4?dE<A`KZ%dsZ>`LCbD5h<bx4ADk%LJ=K@ibSJXh
zkSl+-tNN_)p$R|x!=WKpMh|hfRntxQ>huOrV>kz{L)HzDd#-<3U_}M6$#$W6&4OR`
zp*-itJ}caD97Q&2FyqLMq*7Pk1#S$iuqy2F1Q<^N^&1(}eI|A@vnhn#HI23wGL8c&
zY1LQz(yCvtxMkxD75z5W`~Eiib>D6A7kp>NYkmJVde4bV!h3v*wfq*bmU;1dVmoVz
z?R=fs&KG#zL-`(lXYR!piE&im%P9NQe%ihB8?E-K3UGfI8>r^;#N11nr*X{JSmvz=
zx!^zRzQs*gN8s0G*s|)8J=bxU-*w2jb>=R>_V;Vq`D>!A<Lq|p_#ALxVzBvs9rpkh
z@Vt(D0PDC1kbE5%)^ZPEK4t#}A9=um?>_Fr>j);<LbZoH2#x*tGy6QC;Wpx$SQqus
zK`+`7?TcTtE*M)@B%Lyi@!Nc(@;d6rw2r9XnRnzVWM9gRT;{xYpNn`l@<h|kEq0%+
zaoO88L(Ax2>;VP)Ti^Yb`X}aYsr!UF=DS$yyAAEX`$y}$=bi8NQRh_aCV@@nD0Urt
z{RGU}0e6E>{D5yoizT;_=Vz={nA38mkR6%HyN#=@nhVjj_pqNU?z#{jw1>TW9`p3l
z=T_kj&c59+)~e}a_U%5AZG2~PesI^xO9TDk+HB#+&burbUHHtKdEux6_+cr1mV(E;
zYc1CJ$uwloS8k*SZT5HUc;dlk9voktDBrK)eHk*0=Bt+fH6MFF{o->YJ1>`o-NhFP
z^eBo4k*$@lGL11$<;>Fe;?I{)=Nu=RZ`E`@*Un>G!hAo8y&1jbwDBDm;om4&j{(yd
ze^yf|I1A&~d(oS{SIBOyyT-P0&U_*A<`ewR;BF>2SLV#YMPbEtJV^g}LF?dHbfSwn
zf02(&Kll;)XJ&(Qm(zA)zd1`a`7Rr{_v<a%&gML-L1#AR{HRY;E$c6XZ}dIqP&JR9
z>iZ1md+O<Xoxj`;+(GUbE?CtYzsf#MA=;|)<i@NZH|8eRiuaza&cOSX{KT2BZWkt(
z39qyHJKY^_BfzW9Mm9TldJCr`T5vi$J|9>Lz^Qy5v#8fd+k-iGxs&H%J}a>R{9HL_
zM0^In+ZgAd&WzLXg)IQbgM0zg{upQM1&lq&{mNC;4|WSys||PjlBEYg$4B8QvL}7<
zIgG9Q7DJ;Y*w8drFX21sovQ(yOSPX{*H5wn+}Gn*-oP15(D9Sp3xAevCt&O@!KQM2
zH@Bw*tH)m!Dy*J4W0Y(?>{B!QW9!j5jH`d24Gf`9HVjW3v|;FIzE^#6YIp`X@RWMs
z(SG5D2brM-o|*07QH=jf#HdMb|0VzL{N~B$KA9GD91tyM?vSl@(4T5{&FJ^cp>6lP
ze<=8;gNFjxT=RUsrs>#>V)s0?EAXcm50&=&)1iiY*oUn^(?H54+hk*#DoFQLXB~WG
zxA??L_`?qNrl6Hp9k8;hEqn!1fkSe@IrMQCeY{E^>GUy^{XRWdKJhMJ`iey<**gNz
z)%jMh1%H`ye*CqR)N1XS;|KUS&q-|pr;{G@rB?ri^6vAdZ2Y*Q??x--{n6dor#@!i
zjryJ%o%f^B;qLQpjpzO7lJLjmJLr{iTl^sVb6(1s@m}n62P@8u``9P<a%R+X-qeks
zROD^+ok*_#guU^6*2h2D&-XIlNuO_j{b$KZV^VrFt>Je->g&tT|3i-z?}AJ1*@9WH
zr!mGmfyujn*R!rSnE1P_NGI}aOOBR3a5!ti-qTypg(iGTth}?g4o7Zle`fSzB1zsu
z|IVW~29X0&;pJ(ZC8V^-Yca{bdA`D8-RZR!+bFTPbstqvELf!f{Tq{e(6t@AlCi~a
zMR#Y96dZz0x;u9cjf~}ODGZS7JGQyV&S^ZXmG{*lTNG$dNwGFXEB|w};$YlZ*<@Ll
zuylEyUzDWy%=ra-&!!sYG0L8n0WGNQV&sWv-%z3l&;J02RkT+(>x@xu&ZRnkKkPaE
zMwxREzvbjhBi|kHuJZeKx-dtEV24N7u7wwgem^_vk$LIQwQ(Gwyl&Rt92?Fp@q;|a
z&W6^}cicWwiCx}L9*QIRvMVZHyL^{qJ+sF6m7KrX-!HxaUa|qczlyzh^*rvo1s>_8
z|0HkMD*r8U{XhD1a#V8H?RuW|&3)v%uk+t(?z*k|+{i&AtJqfqCI&n+@@L@L4<5>i
z58uxJdMDkj93J#Xo~641Z}{-JMdAI}Yp()dcY*)1&ygoq`@%EW`!%okb@#_-vTxq`
zHEYul=xaZ)$X;9xEfa6cU9i}T*)wD>&SgArpl|3`^Zy+E9EQIxVSbk|M!{KyAFY8C
zShN=izSRzVrQB5|_@3rjK9gnGTeXMX#l5oCYlAB?ur*C>XKPwQUFk5IFU1Hwrf2#z
zwlU}-iJlYU-F(WuHmOH>J~4L!G(R5M_e$(weq#r-(DfJbPI5{yXNjVrI?ki&{AWBU
z*-n4;+Xp;V>wjwW=KM28xq7~6sGI5gWLr(cQd{P8Z8ck-zPaVRb9(j7##U3!w~~`=
zeeZ9~tMt8F;!`M}jlL(F#cX_$gx7m0E8yAaeI8o<j_Kdg&pfm`o^sJ@9d}`=&4JFh
zUb|Wmb<7&2j@Ho`P95<}^&>hI-Bo}~(WeCsTyz*b(f@Gr|7tC|Yh$S3aOOm7Xs{P9
z&zzj4KGCa78LRZp{-z#x9v-pRTtA)<!|zAHKOa90{d|pjqA8bty7MghIeO#om|xC?
z=ceFmWVP_LK%Mdtr8ccbE=Hc)gdf5t<r{Ky4Jq%?O4h-A?q*o|xi1{-h3o;Hre@)%
zz`CgJJ}$1jJ`=k6;|o~_S9QkT{I$@gZ*zz0LSo)#BA29Rg%XQcA1i&`_76bEdzQPB
z$AQaj>~lf(xf$$p+t}x3GOmCx&Fqiu_pWUCe*-=@I`1LYR`)IM7|$Lzp7IIku+nV<
z=T|Rp8nt*=^@ke|4OzVPP}8XBA?dbRoShtDt~R4<7xy3@vpf4F`{!T4t@Kyp55XSO
zkP=*hT(yauMFt1TN92xw!3AT(8h={Y7fyG^zKF3ax6$_*`(no4{R}Jd7-R2IWNmtl
zb-tFdFE-=uzF&IgbH45iWQQulUqWm7`@vV2Kf4wkoV9FxJ_h)V&&LGnJkPt=Hl(kR
zZ^d)xFJ3-j&N-$|7#LHj=lW^Xavy{1ry=_6<?QD_zz;+F`9iawr<?t}2W5Bj_dnUs
zE%x)MXFs>v?dQapv!7dS_VfPi=e<1pc>own@ext(Bl(Ebd-ibT`_t~>Hy^?O-}$zq
zJzV_mSFFX~bDwv6n%COR%*Bqz{!;=ymywrP{O~g9p!7%f-rQa$5RbWp_gZ_i*=J6-
z_J&c<yY|lIS!=HZ+VHkJh%x+6eNqNp-qt7OL3~uaJ}GO#K}Y$PWe*cS_xhytG2^ps
zyS@0|>yvWX73{TTtvovAHu31J$Uy3eN2@LMt6!COqddr;@OA+(bVr6Dht<wwclfZW
zq_DsE;X~NL=HmA_PPVWVqqpj=nJn~n>GS*fuH*(=mseR1dTdg<J34{RKyt-j9ozfc
zPg{iv`n}Q7;bR^h{vF!U8D23u{M+o~*hSH;ThH$L0_T{SBS$r?wq>-l!J(18(C25t
zi`+P`{m|3|bg#P{9d+7^3zpBrcTf8C`HT;po$*}8xGrUU;~3{yY)AO5RoZ@Q!b?wJ
z5x%w$cI-9q=mz%x+4Liwe*^FfXaCjAISFO8)OX)qk4;kYfpF}WZGaX_$A<8Yw}#gt
zOK9Jyg)je%@9M<=^^E+mm}m9B(EK6`(Z1JT$F)TkSfM%ak2!e@tx;w3tipow5H?<G
zc*Q`g=8Q28UMSa{LKXaFu}-ztPRuQ0+^-m)E5TPvZnr96D&afjFL~;aO$#rmU-v!j
zy6@*Y@1NoQsq8*lx11w{<@Zr=Rw&#bUT;AQf#WCZQQ7EG?e!<}9XCx!pOJs<b>Km8
zlrU!j!}9|x<g51bKzszK*B|*!XU<u^oE<;s3^u`^e3E6GmHj91V{7AEz-qCF4&bkX
zd>L;I^wn%8U#;}orPROA*wTcXQ`v$tBJ*iO^q{pS8@+yIzt(RRZ3G{wFPy;~TI?Zb
z0JF;E4|qSc@e;D<eee|N>gEo6_~%li17$|GA{#6AQ94iwb!Erv=Fq^^^ckP}TWHkB
zoFNCy#U{Pg;+`ifl7(zC0$=s}O}kmd&t^6G*s}%$Q~kVK;%}#%5&w+um3K!vRtflg
z8y)X$V0nW*VP#5=$%W#=u?jen4jlE=(>|+n^|!HoHqs6;$vYcTZW~oa9=*3||3>za
z26W3jUyc*^Of0+Pa&VsHj6RB9nA^^#`nJX+{>nIKGtS*S+cY_j@r`AiMXbd?7}`u$
zcEw*Tmvz~jvOc`)OPzk;;0*XsSNM=WBA+qY&<wrFu33z%iVa3SV*$=t>t=BV&Yehg
zS3Q5IfO~mj-~RYe9XUETS7wh|Rmpi7unujo&uKrUow`|XJ37$~@#la|XSHgh_y@?)
zmDvy0r4G1TGPLPK?X1ZjRhRGI>9)1tZStmj+E_swhhI+#H&^;=l>d7Tb?tM+oXF^-
z$z`AU{WY;Y;|j@-n9=w^D6#)+Ym@AM1@Nk>^Q;ZYvh;9rrj=+g`e4o|H)j-M*jOc)
z#$`Xa`S$Elu{GSc<-oCPTU!_&0)|ijF`l*3yQ$;?YtoGA#6y2*)dU9c+tmVBDLeb{
ze{Kb3t0+6$7tUtf53gOgYxF;#J=Bl8sh;Y7;E?tV-2tX{u&qvt`IXx|CvpzHlra}R
zCwG(JlRr`^xv5Ksb=|mmmSB|sP)dz(RsB|57_SA!Sklq0FK*SXOYymS3H<-onX_cl
zA5NZ)-_W?$w)QcW`;L(3DbLBVjO>1Lj^#{q9uQ^SWwxWq3+UUN*YSOGzLgltv*xfk
z4SoOY%Z%?&3F|8L*80K)@c;4L^|ipVHoOl$Qd#Tc`{GAE&8m^F!e01^^yd({ze4`<
zOZJ*EXGMNo&fX7B>}PTu!9&-PV??^8d?vmMyj>i4Yx#a1{uwDe=b`K7;qMa7slTM;
z?D9)u*e7%^TQb?%_zy;*GvS?k;g_jja~|>)`;7s!@Z|RUcb@B--yS9Vi1J%!phv}$
z+=<eeIOYkhI_<k=zi@QgamWGVIIF`4{0++GcTh{t^qu_g;(815+ApY_`{j2~ZgOYC
zYdX%Ied>ArE#I1X1vcf*-l#qV-)Gobu+gmNS#U<l*&(}C*{rVUh}m(gCw{)X(>jk0
zxOuY9@a1#IUYjV9FT+g6kYrunj(^&-*MysTAP=C|Kg&4onsr4y{q8RDyyrTHKgtOu
zs^LWogP~0a;McW_Dn<v6laKSbKOC&<6wdptuP|+tl}LXOf7Va%vqQJ+=EE1|Ms!K+
z^3f^iYQWKadnmDv^RB~ppwE$`Vhc1Zo_QwpCmC0HD?;dkkHfRChn}j;IaiibFU#yz
zx~D<=o#?;)IoG}PAw21>)5qcUKj8Us&bg|bbFOlDJpMf9oGS_}&39Od@9~WNWs}i;
zXN3~ec&;VCRxPr*>=?K5EEr|SP~La$t%!$scO&JlkI%L~H@EosY~lWd6LW8czuy9%
zp8~(X8NPoLK0cF?$-1`KHg4d1$pQ`Xp&8>VYzPf7zB9%j2VYj>kMp5Fp6u&0J`A<c
z{9gFOTL+O(iM_4k3|h8x*AFGut*vciZ%(V+Jg<{&+n7Y3-viecwv`K={_E8LO6-aS
z_I_acA431v;tzCP=Xmk~Pyg_$mrm7xuwDNdp8hSn|Kap`nbUu^)4%+4y77OMwIn(%
z`RS0SqLo#n17mD_AcL$;*|KGHN`1v>tCO`h@0YeuhrtIt_-Chpr?hihc&7Deg(v0s
zO~%&KlYR#{@EoEY%}15+F*T(yAUi8OKgJyiRl^3H=kAp;;7krnX`K^bxaSlw6#Lr3
zP?XjR!@f^#82-t(lEo7IYVVIteZ}@~fWQ2nvJKdro&v_%_!unbS9K(-@8aDPJSz^U
z{dd3Q9rZ_kSKp=EwyHl;R^rsvo=}i38`KSP`E=;}CHzW1)BomuhW%cBsO(zLyDIK~
z*0)7YS(N>zoHe2SYcKlJ;eXouPD2;F-Y}<LY^CG70U!IR1LHS&_qbzE`!~u4Id#RG
z)#lzb-SeCq`Lo&-k0u^h{PY3pN_I74ALFzO9GVM_U3)yg!-XsLb(lUU!BfP0RrY0l
zU~c7Gm-ilq_uj;_c(36X@ZRfrcJ~O`*sj$x?Hk_=XO9RmjtMG<A2J7qA6~)pVR+Db
z_~8-wp}vtlVikN%{7}9alBLBDUxJ_Ap#9bG!)%8iW;^^ahk7}NALg`^2Zqvz+2{EF
zCHUcBo?mKr?*DblbnY*Hco=>-KyX!t689lnSD{B?BR9EWW5@|r$hv``4Xd3qC^Pc@
zC*Wg`bLT1ivlrjH{8RYo#<PnLFaPXn$}=Lxe4iZW+u4z?%2$b#=`^;jP2x%7S>)3r
z+tx~Ste4QSvha5gp<`|Q{L&?X<ioo;??CU(iW~q2`6QN0FYB3GT_xL48{b$v&O-S7
zG$pHg8S;L6{faR-{+pSR^J%XieJhSxI#oG%i!$%!e7B8vqD`$e_dR~NPK-`g<SpLo
z8w(!&XZ{yYa_`dfanIy{Pj70mS<idZ<{=+Y&(-JDw!Rn6)z^RWr!jua`q};s^rF+^
zn!dV{^A)?t-VCdz7v~=8KTs0FU&9(9JSqk$Z;=(34PEw%s_9nYOSj3FD96yM{P_jL
zTVs_QHK(Z-d~ZqRe50$C_%L6#j;si@Y{odIpLOpR<jgv31*OoN`;By2$paOOLvhtd
zK3%$={&Y{&N`CL#$KAqRL!0g&$hkl30^96P^z8jb^tG*vb?qo$&I0Vo_y;@~AH;di
zAY_+D>J3K5oxs`jRP?;>_L_W5^#}I~p{L}`l)QTfaLb2MF(iUL%vv-wPdf!&tPS!-
zh^4-@Joj(e<}5ovc`0%F7Wb^&0-lBUoSw))x8UP5n6={MiJNwF=yxwM|F3v*8eN7B
zVULru2$+GtHIB5Qqnt(Hbra|N8nZjzEx^zJ*XBCoEdZVvG%fxyhPcNf^wuEb8^ic4
zlb;A#njFDF@IYCU&a=m`Ce|?a!NIqdU-^sd6^eJ$*s;ZP=R!_IcvQRCdQ2Q@82oF`
zaq-ad9{I?`XD+%l9-&T_5Biuh%G|Blz_$VVbjLXjytc+?W*d8Skp2r+WgEW^<rUKR
zE)KD|o^rj3|BFVNp>N4)!}---U9jV(7N4P){@K=NsCawpyBDZ0pP>(_(~-^AI<NH%
z@?F!1&D%?u-!k9|F|Th>ejj%OER}5+J6IWK6D81_*Y3K5_RX54u4tQFkj9={4lP$O
zr|e}*t6pK95nEb5oic31%;VB#=EK{L{CNh@w%3m4`rr((@To~AmrXNv6#S0)zw`s!
z)@R!$Y<pQ9u&5o`p?_h<)M`sx#XHu;mu|o06{}_%V+T%R&0E`f%<1EFcC}GfXj4w7
zP+}SV#aIK_z|0zMgr*C9xh6h(II+LOS;I@A!^6~@&)5dDhDG0(_PWWeVa|u3@m#Zp
zm2*XFIN{iCw1!LhHj{QH5sRud97ub6dGEbBE8KDtM{KZC%O}n>bAyeSH7wm%>$!F@
zx{l?mk?psBaph>MeBS81v#?`8<9Q{lbB`a-H2ip8h935{Tjxn<oii@R*t*VR9j^0?
z$aT#71B}zfiPky)U)$TkiHV1H*17ym1{}km2pkaWY}UDOwUoH<D%zmTtn)n9yViLy
z_%`b-$E<VNwzSTLs~LQwcHMP8-&yA_u3Fx^>l~Z(0_w1lnK*3mNq3#Q<7~UmbDVW<
z_ix%`o$GrShw?QL?YG}s<qIi#)mqnDk?nB|^rrPvB|9;6EFLh?&|qfdlaFm)a6Z2s
zt?7bJ)<MBGiTz7<PuZdIbJ<@`nbzn{e5ZX+epIqIHkxwz&9{yHE#TXM$Y+Az^5s9R
z`B$zvi(GS?ne(m8TWtq90|S%?I$1jdz3ShM`2#x!0Y|}rhUM6p4_fC{EoYBw@}0MI
z`4}s!X&m#@e*J4)-a0ApaeM8x`kP3;Xv-rcM<_p(FH&&)k=^KyCcg4{+KMsO66UXz
z`3yn7wUh<0L(7(|c^WgPAg;YkGIJ$;=}e-S`46PCC&1Uec@fjdi&%y)STS%fgx-nC
zULZML?dz;T?N`x$8Et=u@-eij^T>0^J2?LrnJez1-U8z5QrWXpIm0c(ckdP6SJT$n
z)Q|a7BYHQO7_<rWUFLj$7vEQ}&0Ha0g(!5cb{5Z>89zY%tKl0T`MX8d^4(hcznVSq
z1^)K<ddv(l9&8nf?^Ay!=dx>O%#5qvBFfZ8HP3hQzwE(PoRzBoMt@pl56><v+rjHq
zz_O6D<(2fWHr3t>bMA_NO#N%<|A4=H<TcuTp8l_)@4xVu^z}6Tcc=XyP=6u)zc%Bp
zxT)vB^c>F%`2WA@ua0wAyZ`ivax{C-KkzZbe<%eza|-qbKX!*s*dID$hakVl+^*Q#
zmE*&Y|Ee9EthFQ`)83DT;+xPx`dH;(`xHJ91jl9M|12K4{N|{?st++A_k8-RCzl5v
z&bzK~N@@Hi_VSCd2dzx$+cfWj70Xw%kM++8C1eY}op~+)JUK$=j>c{-8G`*VkM>fA
zEnPm4Z}*zD$~_U(t!3@jV~3RQT9kccAbl$b#ys%10el?2&KF)k4_S1aeMZLnrFE-C
zhgMTPG!cBizHktJHi2?tD6wT~ExUDZqON(5e@o!3v0>SQ(cO)mc*}qxMxWn@Jo=$u
zZD&N@p}tkmxe9CX#M~>u+vVWzGVpjQ_#B7*W-PubDMrRW-JbRUGV6_;WsH~{3g?1T
z`P~SoWBl1ofssFN!RgXpEi*X%^ybp|Na&;S1J2X1o$nXEu$$k6@2Yb1zH-5n%Ljtv
zM({8g`q8@(?-cvrRXF6n#YXTgdm8%7r1?%e@{>?q`M@Tzm+iaYiREL#|9nq7y2D<4
z^T+{X8yH^BTu648{5KZ-3U=|sQ}N@|-36pG2=P!0-}}dDU-Xv6JROCn$`^Vbu>hYk
z$MS_9iyy)LA6SKPU?KKxgM6En1LY!U^C8yxlLLu8U|ifQl`)1f-T95N;fpy}xPja-
zSMIU#HXfSPcyD1$D~bPJHf+W6WsLXA%2vEhHsj5P586JYF9R2JG(5_<#iPpn{hBHn
zx8gnYzxYnEpM4D*rtTe8E`Rxd+P>J*33DR<;lZ8cV)ea`c~JcV;ICqC_1#;1*D#j6
zEyl;YcjP;Kr}bCB`SAU#Q^F<q1K91_xmcF)-iwE0<UcvaS>T1hqcb?kb>^HE91f?h
zX!rttwU(M$i#V1b1NE`%ljo%jJ@_H?r(u44Z}}zwEwOiEV@2nu%@pcO&n#zt{(KgD
zD>|8YzI0)&344Dz`JDOq5C3TPX3^38AK7}S=3Vu>8@Mtf*HC^sT9KY_XoWM;RK5|d
z)B&SKJQrv3muP>=TjY;R9;?F-F0ViN104D|2JaGm-2a2I;akL)oVkaote*^DlC0p)
z_r<jRW#+pMe(uh9Q@i;dOdBQ8jMj?QwV7||q-DOrspk7{eCN*B6Tl+;Xl@1(zbD-M
z37m8^S8sjAxtjj}V6IMi4x1TDya}xLao4xx9t-~Mo~d4iPmAnR=4=<<B6`u7X7{lY
zOBu_3@b&egC+5Pn85MxX+05f?=16C|I@hg5UdnNDvdE5KPakj0n;J*=-?<cD1AQOx
zeQI*D7&>idZwk?ubkq{s)tc?7&PeK*e#wb0erDiA-nf%;n~qODqdg@~@YyjqLC0y2
zldfKzfU_2yaPOUHel~L9_2A%saHFw{KmSk0?sLaZyDfdeH-=MQdYi51dHrtO^Jn3z
zefilR;RjTCYTp>yrnDwcmk+FFU~<{dnb*nW#?+eaC?6O+#^eJV>B}&&9G^n_W$f{i
z`DT#gY2=@Comh?s;=yj#`r+`U!^oA}ZflL@*g=fe_3-ZdUwp#Ea>y4ampB9Eq%-;)
zdXe-SAAagaPb3D>)_pRX1|UmRJ#FtD3&5N94?7kht7#Q-;sSVb8vDwX^jpTe{`l7f
zQbvt@lYM7<N~mzEZ_vzX?fmhh>{kn%_<$kp{PCmE<`MRPH^%l%=BDJc<cJHPL%}Ow
z8o|1XF&I6Ky~Txf6>H<G!deHcv!St5!77?N9jww1D`h7NzJp$vyW+2cpLOiQ|8WyM
z^H_3(=q*!nnvn-i-UnQNqZbEs?E6;m1v=O9{r~UQx!wT2FQapPQJy`m6R#dtkYnp%
zSAl2kb6Tse9`-HDPN#>--j<CXmYr#>f17pa)x&a?pT4WDhs{TK`ZOhYk{<RA+Ls>o
zugtCdWwa(6$yq=0Z<!`PU%{M_@pplz4>|R!XhS|0;-^QED^z}SPiy@Y&U@64)_IKo
z=lbo~AL$TkuQZLk;s?;n$VnVxy_ND^aL(NLeCS@XRRL>t{L1>m37kD&i3~rLH8`8K
zKAyAp4ZItSPv?XytQy@@sy+6ce?#YIy?(QsE$=<|;=<*dQ_`C%SUcx%w*BpKp~A(i
zWyyjKyi50m3i17&S;0DxJo6E{n{>hh(D>r4(5N2#t)&m?f+g^ZRK_QqC;Y*P?8fui
zLk3ZnJ?G-M#{DUI>$b2)V!Y3%JoVq|;Stt7jnAy?lLk!kskjp!vN<KSsR)=-fk|-d
zUQBG7>x*e~jL*8)*K5IY<$_cGCU)ATwVkaIRl<jnHTy;MT^endIc=xY_DtHYezAJF
z+S;6w)>IB((z;ap4ajlA?TqF}b_Zt6z-NfI{C1h1`}nNH65tMkKNFuvdxCogxYqYU
z<c<XG>bp986gsLGWPg?(njq)7<lq>;wjO%=+<C`7N-jI){`yWRES@MouQ%}Xs$iYn
zkL+poOZ>bV@YRx!-0A$izK+j~=vT5ydw;L*)1G|2O7Zo2gFc40_<FV8aiK9N@6k&1
zo_cs;PP=ooTWCY)Xj+>g=w>p{r;;Q7r+eye`~UxY>KE;)SAzflFYl?nf&Z)Qsqg10
zw_a<0LD$}2U>QEwB-^O_{>4Vw{cN9D(db&9t%}>?&+=Qsx(e$T`TZGwvmH9u_xHg+
zR#PVb8u@jqEa~rrJt-CYM;dmJbnGGBu#0rZp40<-lHd4G??X<M|MZyeSO@FjcT<b4
zgPb2sD!^AU)`YL(qSp=u4m2GK7KFmw!MQ!0{@AYI(6xuI#20V=&;y6AB-dPO|InN!
z?vNy|Vms$T@SxO43|=XnwT!iYV(vBcdo}%k8#t~4o(b4v@B{RBGWM9g+5OF#=+;K)
z0{attY$Dd|`&IGvdk<|cE98E?KJg{UeoNFQezwIK>`PrTOdQ4!_(pnVfHS;VDS;KW
z{=)D&>Wi;tu@Bh3ew?L@VGf!v4=a!U7WTE;?t!akQ)lUF?jE5m%3ZuMzkK;JBYnPw
zParyTENK-s3|&aP9)2W4h}R=m8+pm*DEG_WHCD|lzq9={<r`dV{BX#l2Ofy+n^RiQ
z|L#1_vBZy)+-r^RWTE+P9C3a5R?WX-uaf;Byk?HcoAnAXU3k3}9u>qMKaJQm{6-~n
zzU;p#UWh;OpyaqE`@zYb*FS#f;zv?f%piujiRTI6NVygQ+&vtip5j9TyiYZ`8SFe;
z`<ty_MIzBdiq#oLoJ)qmV_H)K@iZ<T`+>(}z$3h2OWY-V&Yc-pasQ20_(A;nX8U{Z
z7=xVfEO1I6v-7F;j@-m|s#|(zV8x8vt(pyI7l!M={{!$@`DC7mAr~PZ;P){ymL#qY
zA3fdQQp<b!XC2|a=v@9;igilnbN1GpT>nqXpM+;ChVUb`!MDZ4wJ8@zOyAIk#h$10
zwOapQN3ZkW96vmgckICy_km}CN0)Xoxo6}sxt%n(f92a+a9YxoB>z?K_?tXWRvTM=
zJBRVV<fHqT8{y$zeswM{nNQ#JM-P@P;Xb1aum3vFvLmQWzI^rAi{v|?XTco95Bn_l
z89dY}c2nj2x_HP059>50;4^+F4j!WTY^Y82_zmhmWc>UyB2E9WmOi8UybCGk2xD8r
zv+7tpYg{W$d)WV|D;%!iS^btCw{eK0tifS_<Ri%f9mSN$)+}DtUWdH$#fs&n*zX$i
z?YxVRbJtQi^J!rpd;mWV;jWy$)~mD9zFF($Tm#&AV@T!$i?JW!Gf~d}TF<u61o*fp
zxvb*AWWyh{p7!mSY+^`isHeHncbYT(iY_0f{6YSN%T<j1ku$}6+vYXBgZG-BbmmuW
zZu#@%$@+a|yV~adW!~HEWkgDywieTto3~=itUR-}*HNbL0&h)jIjh!Lw9U`k_Bp;?
zpVR0|-%kIN-RG^IJ|{SR-sA1_uXdkLIDOXbI=Rmd&&np){w4v-O6Ux9&tl8m8Qi~r
zC>-!vJA&|wB6$0FpKr&Q;DRRc{*)8rb~kUqo({b?Fpto*u{F+M|M@@My?K0;<+;cG
z%nZv+LV!Rv5;O_eHVM+Yu*GUK32H+Stq_-L+XU<~NpQg;YcT;@n=qhFMN!hz1Z>aA
zjACnrHnFE=>k`DJNNd&h)C6r$AlixoPC%UZ`+JsT5)!bd=lz`b^ZqfPnR%9bx%T_I
zuj{(o(G^*)f|qkXn`Yufww+~5_3mA1{suXp3Cu&doNr`(PILX5125pMIM!y`)%DeT
zELg1BY2h}V_Y%OV+W3HX)W()*rrE~l?KZaTvfkPH3+o;AC3+C;$*17ZLxkr&{6BS`
zl{>SG`MgfQ<<M(@`8aV<DLnTs&nVtkdEAjQFZ!x)F1Pe#5j-z>@8VnVG=?C{;Cb<i
zeEN?9H}41K2Qv+C)e(GS?9b+fkbRBltqNcp_YMDpb*wEs<k|!O*{o?2y{r5WK1Qy*
z;<hiixOTJY%XS<2)rVa9vAMO8vSM_mm0#;YMi1fhKDwlnkL4#-UA3g}6zIBr?XJr^
zS(6Dr<?fm*qEXeB+jF^MdjpDZShM<avzBX=ns{sXUf!|xSC^OH=i1i31|3N5c*ok`
z@ZY^nwKD^k5i=Pjf1H|^Iq1az<4U-JSo_z_v$Cgk;HOo)?r#5g8|PEg6nW;=hc(JX
zo)?TetC4-((P@e=)VTEQ#zCIl3l7jT8}A1n8~6;qU*ipz`PqvAmd8CqsPE!oeP`ui
z2>)eYuxhL=rS@MpeEmN1a}2c5iO)#2S{BFlkDpTK5l^tk>*Rhd-D-r&p_ka)ukS%C
z%Kcipz^LD8=axD3+>X<i;%<)HeKpgU_6$CMMqlH4`f~OW?wP<o0(<Da`xC@aiQcQG
z&ZvcMz2w45t_hyy!#pALT4L<AAtA**l&^7bs|II-?fZydSN=^hGBv!MZ%2-b=LEM-
ze38Y(Y0k&y3dmOsu5x3?AA?u<EzM^cpZH17o<GR58vEt+mj+H#`NYa)$z$<S^T#ZC
z6~K1v%cH%qDUvV42YY|wx!-@~Z{&}Rk8U~)A7^|0-CK|a6PS|^nw<z8lpC2ZXS$61
z%nnz+`l?x&d6DFl{Qc(tpJke|Z#6cb{>RQkGV4X=7^`1g4VJ8OKVr%HL)^FI6K9R_
zTW~q?*IxZH|2vkf&)}Z=Eq?4wS+Bj~GxvwB{G+z>ZJGZKBjom4Jd2EIjm|cfM=#}j
zo@bfrO?X{Rb30Sv?FJ+Nje|zMF|KCrW_xVS;57tJfy1Ia_US_Sr@Z(tln->|F;7Ub
z?1$DOckabz=bmB>YJg)=4SUG6v6ySMMgG=K;tnnS(7Pw=?86%9`)}I)1$f>?ZgTkn
zYwnV1W!#$vKep3X2mgojU$TmL|2{Pwy&Em~)WWAJJn#B`uf4E!onW36{ub|w&ZSFC
zS%h8Ijx4%?>%{g=#}-Ih!dT@$(ldIef_u^>&i@krOTXy9<}BZvXmluZp2<DgAKwIz
zvRkd3v4Qi&q(`>k8*}uB*Y9u5i8H23hqS>%Wz=kW%#>-auyUKW%=@&-*M@62$3YF_
zGnCH|J{~@9KCW%X(3&gSC)Qjso%wH>={oRN-g85*Z!iz^#N3bb`Pdr9ILw&##@OOe
z1bFt>8~;w;-Tzc?7;De2H<qF^YUT~BGscvkMQ0#~Vs*ywL7tV4CqBj2nSJv&KDhJq
zJ-Hj*8ThjJ#PX~od%Q#Y%8m!Bjg8NPPm6wIa#dsON$1@hPv3WIc=wn6-hJk;_$HBY
zKJvHf*niB1pJY!-h8RQrA$?~(Y{{DWwrq*clr7@J7KvjGO--4VBdDF`A@9-~mTc(!
zCbTb~-`eq!1?+jqHla>}X^)7$c1AxP+B#8nP_$-C3LiZHA8<xU6W3Cq**AHH*y;LC
zK98BtX}{I7BZymIuai6@)(<^)1o>U<Yj<DXnJV32+Y!~&gs;Yq_;%s89vkA@Mf}Eo
zAcxMhA5?#ab&6v@oSq9U?6mC%>;bhW-SI%#Ahb}1{UBOkeW&s0*>4W=Y%DD_ul)l1
z&7MDmR^Hr`<I}+!_VmhYfah%BT7pl4x+OC$yXxEE>@MizPCiZREjix-?+7<%vkNEK
zuqXby2lf`s-QnwhW5IkNTg|cKetY_V&U+u#W@{462e8>L83c}|ob1PcpBUuXSeOrH
zv!(;naf0h=i^g|5aNX-dm-Ri*$jL1i?%Hm5X#BiL&O4TD_ZmjGL4MrV|42;HKhjNo
zOn!OD&zj|-x&Dyk^bTw<?RjTmcQ*|qM_Y87VRTDxUHon6EE=71Xs<uNga3+c-^F;Y
zpgqZU=^M$<)BOKC^1ONN7fm{<sOY7m)wFBLhF<@<bKZ>Xfal+|)-JmnEIP{Lzvi?1
z7Rw&kbCb1p`3u*jn>zW9UAye#zu@YunKdp)=ftjE{`(DM<KFb>Ce=LG{?*xF8Mv(%
zmTiCS3(G9#TKv~uSe6Txx7e_ht&3mLZ^LpsdMXy4|8*bqOYC!hcpiSa7oJ+1gy`e#
z7<eB3(np8qa^NA|TUc+w^JV5Ocou%nf@jej3!dw2cy8<m&wD;1JRhXpJAvmm6P}X4
z@yLl0$cqHzFaFcDG4l6j2cF|29l%REd@J9Qy^{6C{FY4KS^a7JnByZ`XG#{kOj-On
zVCMH2)0((e!*A*B#~yPX5FNUq?ajb$7dYR-wNw0V$8V=R7w>4=W&P=9K7oe&UTQn>
z%)7<E`_sFD+dAL%exta-cY5xFIj4(*hlyLzn(`3qP)9d9@-TN^FWk4VAAWk}wajl0
z^SlOmI6D;GYso`LH^i<l-#|aS2`)EN`}zMZ{cz9q1M7$3Um9FL<Y;{vqaQx_;=s@D
z1g{Ce?!-9iS@Idk7U+D=;*E2yL;gD0`_G>H{hz*JB>jQ+YrbUJye>!QuRU8_2RWy9
z+meB@KdR-^8DVs5P0={g70IIZcR6eR9M(3(_;wet4k%z9&=V6sa?RyU!)mVZQdg~c
zg3%hl&adNxf8X>UAI7g-fuC7*1r-;~Qt12AWyR$Eyz)1HD3kLkRzp*wiL=!%NxO|)
zbWfUD`xg6j?ppZDq+e=`Di$#AQ+|Bk#-c*A#%S$km)8}_9L@R{*?R=IM9Jr}bZBar
zz1WSbPY<82HEV!&6f>!KQSJMwP1#WkxGs5F!@Ih+i<q7!?DG`Xb+>X)<Nc}ffSKz~
z)(U>^-N5y7{@3tZ_R%5M#=q&%v#H_wL&nB`lMI-txLgnW7DM2Tq43Bsc!ikUm0oNy
zH@OAYy36~^7<tM%{1js-f1u`a#Z4MD<i9HSV7$>SxO@GaZ$dp12j<6s`C?%1T9wq$
z&K~utKN_KT@PV{_y!RO|_slr;A}dbaMVz|e1AlM)Gx>4U@b5O`Q!<Ua%gGn|9`NtP
zH`7S{<)$Q~bknW=&}M9>WfKa)A$1|ap<+1?aZhoaTZw5&DU+`xE&MP!71M!bCH&;`
zST&#DVvGwJ<5cQqg@}cT-G8WMPe$jAS^Ezo2Hk&{!v4c{WMU)x-^HA#P&+Ki+{gI<
zSj!Khy@b{U-Uf}!!~XGF#?Xcwn?<}3zOn<V;Z?*LBd-xR)dp^kY4038@6_HsLOYJ{
zCWU<$gT17a;MMZqSh1NGg7X4mRK37QcI{R4L9DO2=i&6dm3q}DM;T^(>sIZ}02jpr
z61%x$w8liA8D=bKM)-O9)ZR%JeFcaI^)ZLg0$;<lEk@`RYs_}W=$t>7K;N2UEpsem
z47rS9N!TAMBaiDixT#?e&QCq++0>$*v^F!6wf6g$=ig==DC4}eGHPPZX3y`4;@5$n
za_{u+@_#qTV=;&aNa;F>EsZ~;RKA=e%=>lhA3u05<-Ovgug?e&Pwi(vag*Q;{G507
z9_!!j;*sxgZ!!8^Jo_-e#Y^M~9;kb_Y=&YFf<L*J@fwTf;|o|r{DJs3U3~kPQU5_&
zU%sWj!$#>s)ke9w%i`Z<w0RSKTeed%y!2Uk>S}oFDtPQl_6BESk6W?Y@`e2leni$K
z35U<~TQn{n`7OU?=bc9%S=din!%HUUn)YPWZwoq8ZD?Ju|I5I)+LBGB|7vS7W7co+
z{Pm2j+?E?j$c;JtmoGs3GFo>SthMlon6l$)?i~WZex55g<p=(pc1zBzVQl^V@!Ie5
zN+!F;o*`$=`mOM+_B{jenD#zZyS0dGlIv#e)*-#MTQ8#THe$wohS#j!ngy>MA*N;5
zn!jAWpLopK)Gzl_)4T+{zkY8)==C+{NA`om6VOhzO*;>AUf()un$`l7YS-AVLg)m1
z0WbO5dj0t$4jD;Zz@Qph!e%aAOq&6lmdc@}A&f<|RA;v}mVLR{_qBG~?&3_I50Rz#
z)(7&dZ;8Jm<i@7aT)pE>7$3bL&402Sd$VQ@wMF+D2kv$QTkt6xP&QD2vF--WXS0Dq
zwhiQFZjKEUyFPLJ>09Dgg^o{jd?HEVH=x%yvE}BU{GYGOnm(d0{W5Z$2U?dsck96R
zi`HeG{e0=W2YL3_;N?G4qnm!tr$0T)b_mqQ=qzGoo1kOS{R6<&q5If+cXeEsZ?6>C
zYYn2DqTS}6a8g+N7H2z;Vg>J-aX7rc7@AvR_R*KtL@NW0GiU9<<NV4X<1G6Z#`(E^
z<Gf~oaelUgn5V?PzM28YeU7-vCy^JT`Twuxs@=!<8e{U=-0**Y`5;+(w)_CmS%=Bn
zR_>ZN#fq7X(l&mlJ~5L=x#mR|%b#3<UDiK$O)-<H#7w4Ar#%84#l}qfh?y*~bJqw~
zK9J^#J0oWDRod4Yx|T63ujw{uH;x#`n>&&kD(SD7oab)7#}OM@VCSx33murr^Y5d7
zbT6NH>C2G&W%m2Uyq|tJsi6#8mo=~*Be^2tW6n9)Pg<)@MZfykW0=Zs)e_x;T$_eI
zIYpa_2VBi>>0ZSXx<qfBhf=Gx419KqI6b{<#SQw*TK3w<N?m?gL}Q9zU#M=7+L8{`
z_blv`Q?%<vUv<LMdcTg?0PU44?oT>W?b5y(cQ`91?l2%bhIuOPkn=mbwIAoq{qy*@
za+rI%D`lPL>xUlntdCm$vGbi`&vy#*ZM5e*^^Eyie#T#elfmYzcbkA||M~vc|BLhe
z4Q&s!u5of@p!bcjYexBc<}wG-xf4^6z5gb2e}6*TO=e8NSGX@e7w^o|e9@=NU+>-X
z$zF8+UGimopKJOK9K7j_n1XZ1CR;K8+S6LV-ksJ_kEHZHv*GjXJDlxofsb-#LoU9~
zY0wq9UfY*0U@ZZktif*8`3#R3s?SaR2x#I2arABQsB;Fxd~BIE#-*5bmtsB9AC_I5
z7QPagloR`P9`EWIXwW>z;bqnev2A4WUN+CDpESFlpYp7p$sFLUhTZU))2H$UV*C6A
zeH!$seLdC3(R0o4h{m3RoiSLOyJ)ADXIYQbYdyC5f9d>(yYRRF|NZ=jN0V6}%pAC0
zjFYpHjs39)e2RWMdEU%Xf#$?t|8kBBG&u#@Jw}}NAMkC8b`PNgl#imgE#-FL$1`&~
zeh=-{G7iNY&c}Wf&NEqKWkZ9k7q-`!^eY*b65a^kmP1R*AryV@RnCc>lc5|muan~f
zJ#K`)jzM2e+iEYiZP8wA+pFxhC9{*DRmqP2d;3oPnnK{^#FEOEYTtRg=^NMYHv6}+
zduK%dz4m`{gpc}MHJiQJ(DUlU=DjHPc5KaWAHK{wbP@ZJ<P}-|j>F^=#35^l0o{KX
zoza_*>kYs77xsbCJDunX&aE)(k2-4t+BRds4Cd1RTK|4y`}5J4`t%uR_V;xE{;)64
zXxk&-c;EV^y)}whQ_y}Vu<xV~)i9TDrnAqyw1+k}{0M!?PPXPY)~q*F2yPx`t?@E2
z(jKnbXmbzzel73&@vl(#0@&2d-8sQHx?@f4=D_#KojbbfyXbDS){S}A)@q}EByA7$
zTphGo$2gQ1B^-!8H16DgBcGafbUs(fSBwKC{FdJ&W%atvHN<mxwGK7oT`YS;@g&rr
zVDCI7*f#R~$gVX;=nwc49+r>AZ3qUTUffzRxTz1k#|GO>c=zVzIq`n6dQ$uw$nCY`
z<sbKYsX@V7ZX<JE&3tOzuKjD7gLtG|u_w&m9542Z#<`d={hsxuWrJFKvS0p-k+e2R
zzGzpt>`LRPY`PBUw36#z<)iD>J=Z<qTe-&g<pb!>Oye`dXjM*XW-;G6eBaFXMSKVN
zzRRj5V$^UZAwIm!yWB0}oqy%s{_6y9z~9=e+Lgd3WqIa2Vz~2+x4&_4IxyB+ckw0Y
z!@Fx*-CUE8vYPAnTtXcsa4%VK0sog&8m$h!JLlN1W4#>RtFz7%@vDr%zcLm-OA`K;
zWPFz?>|+cyW5BgPp}y1Z^0#U%_y((j(wlLS>FL$}2gjLX8fT7a41LKTw1hDg{X^qP
z5j;08Wjqg?<4Fk{{9ksrzjZld!dG0i4%^@%=0~2<qS>^oy1a^c^Wx8|pq)78l~+;O
zQszpok`E#$(Hr#5scDHT^hZiuoa2L@jW>QghB)Uce`4v$UC3wea3e8rH@<7$_a2xL
zOkQQ=CJj}tGxcwFpMQ~TDC{lb;)qj8sF|Cz7I`#*x;%TWduy=S67J(%kiF-BPS3jG
zLm&U=Gw#~|!q+^+^2rym7vs@$do25G56?xv#dDSZ)_ZwQ?ccw|@;m1e%jcv1|LK)C
z0^=Kibty2P2khtK)4HBL73+-H3&4xut#_+=SG0WM&)~{43|x)j`LVp0#QVv#1D;l<
z60bkBejH;-{vA3CnlyQ0GIM`*{<6AZMq-JPJUchnn~`(cNR&_A`&3<e{HkGN^LVEu
zd*5bXmcM(_t5p%sG&tf1##tU?%;}Xk(f*C}a|8XA((gRRIhPp2VWxc67`>~mevr8S
za2_>8ZjVxr2>5VT)S_UzQL6F$)SVPuyuhee+{q(Zxh5>-Q>)-P<ydJf+dhbv3g15A
z+s0X3qAytN^0(eFl>GdZ$n;r>W}bg*8EtpLzdPJ<!u$1kz*B7rwt81<!prmh-J4&`
z3C{9x#=XxNqvy)TQLC6*z!~(D^FefUd{yNPuP;7mxH4bPIeq0pAGJB^sw!Iayq;AK
zXqnGgR89<h#lQRWbE&hanth$<YVC8DGloFepC5=frdC|$Z>>u<rl_7(GBg&zKNyD%
z5r_R-#k-IDj4AQV12_ehH<nXZxS|qU_p`u3ZEXeK&2E3b)@HS%GJ@lW`dh`fin9nU
zV14b$s?^yQ#U6jYH$H9Jtvu(Y_QX1#oju1tW7bgr@)1K_*Ed!ei{AP~V|v1B;dn%4
zb0YOU;ECDvRWj6{PkevXTlnyER=MUiljA<$<Bb<>X-)Ydwk5@r>aV2j+|z{zb8lbu
zUBM$4coYDKj`y)a=+Dd81c!eI4y>gYp;SsMn0MaC{2}S1xQ`j30PqkEyv@8A=S#WZ
zz7m*J@m!V58(cWKFvK}F`%CzJ&16>y+|^fJR@3Sw=C^<xgvYU;^La<G+117R5g68X
zMW<-~#edJ79)P#+qyLbRHhn(7ojE+u9KOdGYp?US6eCY6ZebiQpBZP{;mMe-aZXqs
zi0Jt}JX`CjY1Or<(608?`?uH1GxXW&g+4@Ax$sl&^1!mnG5%I)DzPfg-}<;ae)ct!
zeHnG|RU@>V_tg6I+3;1x1dE^En(*A_MtEv<XSB2gUJ1f0la}X2Ze;xOCr}?~b_w)a
z{Cp0ut!b@fJU1{Nhc~YI?`Y|HJS$$x;Cp_9C7-DOTrc}~L2}L9zplo%M0U9vEm^ey
z+4YxivRBX8UEuEv$PPWb@E&8M+9A&`Rq!3ow<%}1_Z995E`R<LKDe?o>$o5H4C}G$
zve-YAzKbh2>iy<#YG{pMZG?OeFee{5nTPFIxf=JbEBxeJIM+kaT?xDq<T+$bS2i?4
zZR-3mb^WV;V$wx${WO1Qy(=N8vrO9IGweWWw)EN#PTqSN@a`Jkm@XM|nD1PdC$D0w
zkze5&l2`HXMt)`3$p1<@xha<!tvji~7!R%PWUtetPiVS|zH<Z*;3fK$F44J1=pB<D
zbD>A&#7x5e*7&^_!{^{!vL<(xB}?<VU5T0WU;I>UdckSe#kZ5Ao(lficg#ycrpRYA
z2lxjjV6RLt{YvO$@~OC1&b6f_Myqt>QvNru$ecHe@v!Dtl(M@n{SWV2=dfL&_o0jO
zyx#XerT4kE<QBc39R3>r!O7f9_{JU!m&+zV=la3P1zhuT_C)}F8`$d4e~7u%0&i1Z
z;lI(`T-1JE!?$RlKdcwvm)BaP?Y-#Fw!6K^u%xavz_Og@<!8^qrd{Js-tQ~-6Srne
z(RjXc2laX2DdfP>E#T0VBbk;QzK*eYxUOe*@r>3M54meL_aBSH(=*}0tapY_Pv#6f
z$tU&gLtlIY+P%e)PCRqJ;25#q%1hZ<%{i_^j76Q~?jp~-L#$b*J@u{4QR**K+q<>V
zYb;WY_QR=->Ct&c>#yD4+Dtq|rOrY7&5*|QPWXb_*{#VgSABFk?|hxu*p-&O*G}E^
z=zH##YPHY%9+xk#ky=V`LWknDPoWF5T*kD<IQFlxZ?sQK?pqLfBRLtAy<Gzg$AWL=
z>8O3-suljz8BH34{_oKLPw<~{>i<*vZ{q08Gqo;_X=~T%=nlmtnfx8o{ubWXyo^Gf
z|DGJa>NTsqzwrGAHgUEe{>A>kfVgquo95OK>l|yN%a_$i8*10_W$m6~`Lgz0Z27W&
z!hOe=)ntx0Df}DS@5zsO?Yz5WQ+07o-`*?E^koesgVbkcJ8{VDoolb$+B2`Y+`Ip#
z(PldaHu;5o%8gcY&;R~!^9;47wV(co(VE%B#~&BT{INUVm|ipYYm80y^KZY1y$o+w
zPjKZ+9t5uCe6}K2zS=DRQ_dI4rx~XeFJH01-zr&iJM`@1ISRp<>n^XWE<GY&Dt54J
z*vF9<*sys?CjWCTuHDa)Px`xWWF2G0EF^_jaQ&W78r_l+pXPT3He(L5MSGOaGmE&c
zzVw{Nwrl}BEIy_!<N4fR7GtlzgY*0b;9IRjEIcHKC(@4ij&(_ru9aVH?d9lfj`7@6
ze>;?82Tw=c25Tu}M>%~|(=T*vuBWbr-(;7}18<{vr{_LCv3RqMv0?Vg&1Xt@X7IcW
z?8dCZ{5Eui))tE=%*lPk?TXjB;&xjm2fzisj4=cGGMsvW0q~)BwqfsYz8Cuu+gq|Y
z$5oqd=DG_XtS_DbAFnE}&chl7oE&Cs+Rt6e{8Eu!H{;tD4jf<Or<ltwcUmyVlQi44
zYSn|I`M<=(Q)>7C?=A*UkGPZLWi#v=ncnl<F#EaX;Aj~*IspH5jy!Xp*Q8_7{rSCg
zKV%f`-dGrFM!xx(&qCI=b>vyy!CBm&<Sg#{Ig9(+@4or&<W(;;tXpw=WE6F`LQjoq
z7)?#3Nx7pN4uk)T6J|y(bdLzu^WG=#eW9U##T}97cxL@oqZ_14n}F?xkqJT3f&PQn
z(kf!=@4#+*-BoaOK5z<e@N@21Tv+>X6?<fl8QqH6$V@Pfs#akQ^zj{F5MZoH*_>y=
zx}Gtc`_=N5d1*s3zX=}Ef60C?W0mg#duy&@f>mcnW2w2%A6Z3PlIdG`uY$M}A98UQ
z@8o712jZwBG%I1&vtG`WRs2FZI>?U<yo+}%dhgwXc4%F8kYFjgxo>oI)8EluvGPl>
zuMPFe3nL4?N}H#@U~IgFb{)RZ9_Ni_KXyIX&%g_xv1IV)^qkEb8qYO7<FWh=-voB5
zC+Nt#c65RA{)%3s4hK5OIVVr@r85;8z#eKQmLnREe%Wh8&_(&}-}Z-^*Or+vrTbED
z>WNKW4Q#ZIcYI{G(YI<6IA>m|&En+VHap^7p*O~ohsim%d--@T#D@LGst0`)taZpk
zn}mH>&3b3jvdnoCeAlfguP<4#i?xr>&lx8?e}p>BC2nI%?!xi&6eFP;iX$qjTGp)^
zGH-+HyfNF*dz{5L<_Xt`yb%?XT8^OqXS2R|_QT=R;uAPimG#2>p+;+EG&;4I{_6M~
znOPXYcNRxXZ7cdeY3JJWTXya}KeBUX=8We5xR+Xf?$9M%Kay(oUGXpUecKs*`y=S#
zxDNXEx{NVLX1XJtPaF9u|I7U;?y)_doQvT_J$S71_Q&H@<Q-UfuSZ|CY?%-49L73(
zIP2{*^9xmT&&2OA3%{M%2p#cm@aqb_PmO)$x3Q<fI@OY|wbUGW2H9GMjLc)*_a1hU
z;!kI>W@<)u>UtIHN_?iRv+(1XzS9^PYVHprL%-okuOim9bfwOj@no1X^by9Zc&t|V
zU^%|>PW-s(roMB|F;5Tw7ta`;^x*31RS)jucZ(@Q$AxS7{R}cx<Cp;4+lTMELbN6Q
z){NXI4+%aP0v~YJ$bVc3J$OQrS?%$_bd+E^Gi08z0<9lDePa)A6td2ZjonZ_<jJpn
z7N5n{J$aEDr!mTFj%l+!ro+(q&ym?7WcFnrM5i}1Cu7cKoXus$gH5=Vc*2=QkxuBg
zPG_R=3G>XP)AJAV|7YTfYv2j-L&ELjFWulXE}a7}NRO+ojr<*2&uI=N@I)~*nX}6O
zbcH)9e3E>t+|}g=J7;=yc2)j9<i;J0>y`xZwc-kgFo&Vg!!Z0X!|}%uQ@GL>Iz7`(
zy-(~RV9<8_MpK4#V%K&AS-+rL>0@duxGw<5N6;st4dGsPG5c^P{&lYkUe6Wo@ngs8
zPt~}SJ@W<hr*MDS2;n~6#QiwNC;O@e7__hl(#bybI1~4&=up*O92fo)&$PS8nQ->=
z`)4NZ)50!(w}N|(Ap>~y;GFsi(Y@|SlsvQcZx@j(LOoB;d(iy${k<2*yUkeSS-_zf
zczhPPTn&7#0>@XvOIA#n#?wC1!g03U_cP%4=iv9%9{lD9vBjpaw>MWYouOMe>vg4k
ztKK~Cs`95fE2ow9;Z*JU$fqw`xJl3O&2yLbc@Fs)0v369S~5~~UME*9Y<V0R`6M*)
zf-5d>8#3~FS3=(8iVIutUrkwvjNFfmyf9%zFo=wN6q=|)M%Jw<KlomT&P#Sh4nHVZ
z6o!5YO&os3*!YJL=cWnktTD@9E7*0u*_SpB4KaQem{6FXGt8K}4Eo4~2A)MWq=OH~
zo+4nZGy|H5r3c5Jy4;gy(nGgN50*Xk5M%4Hr`SJR*3X{$6Zd6LNe=vi-;OPHFTa;T
z3+nshz*#z7YZB$86{0f_L1T)uvaY+KE01|^7B;4MOSq7o7(EN^9R71J?PPxh+SxTS
z!yM;>_BdtBt$=PK(2Z$x&zTYYJ@~WeCOMn|O?aUj*@7Co=p@Ca6Rw{@Cl%01+`m94
zkJxk)v1vpw=(OoXaTsNcd-g}7lU^EWJJ^>-*!!F!8fhESOCy!Y5Y-osr4z}HbJ5AT
z7&?h(Y!02gkKE`_C)ab|p_5B(_$%h}7&##hooN4mFua>O0vf`Hxv`J@c&?WQ@E4*Z
z&MrS38W>}b!J&aiVrXCoJa5qec@CdvjV9T#*B{x(b&~h<R71J~Ia162N^rgqpK6uc
zm>wKNS7;AUdpDw=`)DthZ`!<6ZPuv<@ELk!M2{XBh!%E33x5V~ZSk@z+?<g*aLs6E
zEz-Q#rUCMOr9Ya%{SxHE>uzsV3AlfSJp{=I{qI80zS?iS^}ekyPP$V}`S8c#(if?w
zzSzJxwC21AIH*?WG*doU{%!4zALM?GJ0)0%eAvP7#ip*H-YmbDARpAX_RV|n4($``
z5{cS$-~MeQr2Ih1yNX}*;(9fHmw{?MJNd;mBgdJ2K4SN|)LyrxoQ_UE#vYr+@6&?9
zb0Iis!#`KMqU`At*y)^SAJKR^=UKKoHhyXi?JN|$XPzq`z|z~^mcB5T&VDsUXTN9b
zY^{-{FWcmQ_$PGs3U9B@zL2p=XTJgt2GiM#c*fD$^Z5NoTW2Tn`_+CryG?TUEO^L$
zsuvF~=;!pxv&V7A>g*|Y->-p>KiN8)__Dk<#%|2X$1bzt!rp+_hk%2fH`}@!+)y;u
z#Er9t`ZIV*r@dhx0WYFa(NOW@eeu!;FKhxYQD|RsP&QOIG+7HibS)m4a<U&kIR2mv
zPpZie%S?VqGx=d3xmvQ_9%eod!w)x^{GfevtLF45#@pmh4bF!jj`Hk7CLU74KjHT#
z@SwiaZGNad2ObXppcfC>CO@1V4^8+p)bByN-$%f~qu}6uWM8cb|LMSgY<L+ke;-)K
zu2;3@-N}28$DNx899VZY{_n#&&7^w^)^{+Tv%z{h_Z?V2Y|mM~pqu#p&%(Oy(Oy{Z
z{wH9)%<eZ9*2j^ZvGA5&NCxJe$e?EET(IvigZ={i$rRr>Tkt=}+Ci~YrhWLJ4S##>
zAe&gYF?9g`xy{i1=i}K=MD9F~zgjZSq`66h+v~IHd*QH}{g89%TiF%wu{IGusUP|C
zzR=J9bk?E;o($8Ucgn=EwH7`82TQg+0)3|8&wJG5r{1;5r-6y&TELTT`t!yMx3+Bi
zFW%h@Pic;_;o3)z?|E*F{al0111lm94_p@90v@Eh!Z#TkZ$vhmxO#qCFdO)A?^5CG
zG435^9Z`V|p!?6>(btDk*W*Kp>*GT?jD0zY^}#;dhf=}%U<r0#1?vOppf>Pd!8+k&
zzjZ<r_<x=G?DzGJKb4O67F+u?<+k5f{;luxto&rkU8%mBeV`&c7MMNTO8i}AoYRrZ
zUYPbOR<j1IF2P5>Rlf1KNbK1Z@@d7!f?4}7M)))A-LUTx3NZI1Pp>bj4mfB{?D&Tk
zGq-ino%}|X(c#n2<zsr5I65bm#qonx6qQ7d%=AYpXh&_uuFd7I(%O8Ey*5wiS)0e1
zYjfqr$aeIyHjiU0d92MV%{f~BMW>Jc^Q@y*6Ey+zyss`jc*Nt*>+*Q=iqETl+RGkq
zPV1ddce3X+w%t`9=Vxz`b&=ooweK4@XN@#wT=dBi#G*IiC#}VwH;cH3T$k6ZpDjDD
zjGWv6*L}WcH|K7NYpBBKTD80)G6`K#g|DznG1K@~m9tX9yUC1wA@N#`yjKqI=o$9q
zw=W!OT~kbKBm0=Q(dGu)eB!CNhDP~W*=JYGf%C5Rqs;d4X~w?0-W6w_d!lx}#kx%L
z0sk4XGv?VB8<Py}KlGlR<G^e2IDhL&XmYT<oN3TtGBIBFFxF;b=y!5HR5oKsC3d`m
zIZs)>bda;5QaBsxChKgdI6pbeDdu^`Ut=!HYkMEQRO~>A`D$-7N$uF@yS2srVRP!M
z$@bY$OC!+U4ud)~Z~or0QBz(qLd1N@FWGZ$k#qLX4&bsi=Ip1Bv2NBmK%JjxOb?mk
z?>+med62W8ehzOcm&2LwmYDhGFwV}NbDvVp^WAEhpJGZ4Z0?QBWjp7))$+cs2_KoR
zWc%EwKTzL0**y12bN4|Tf`j0wc5~Qw@<A8GXqxA{IdJH?ulzOe8Q16Br|Fz;!M-o=
zdZ8s}j`M+Q@A+=YCSCb_R{v&ugP!|z<{rLelW1op@E1M(=Rwv|@C)mx?ebN7pU)1)
zCHnK@lZlT>@Gr+#-kLx>Mln1WfY)kW{->L7zw_y=0eFi!mmYcA|C2mdTreIQmX9$G
z*;eK<j<&N;t387*_)R(R;<q^8zRk0@_!{CahhI5c2syJ|u?p+>cK8i>ctCOG*Vz2l
zL>#Z4sif|(&Il3@TKwj-`E4Kk=7ZnjO@8a&ztax&Zq0V`PW5ePy~_vh#hY#RfA?%T
zHPYX0Ueye;*7>d`e=D&TQv%nrXGUy}3)l$Ws=1)`vTUS$=B4u;mDhU@dLMo?*M6<`
z+E4$xkT1^+YU?JOwr+&l-rE1vUfW3U>a6*fg3}xN_=b|hrQF};PBv}MY5aD4L+?We
z_n?>6w~z5qt97nyj{x?r&TrAao9xtF`yK6zDxUB-b#tU|j5$+-^SAn2HNT(SVC8|T
zjeF2vXUpCAU^uqZUKf5>7k))I{zVUd#=f;jVq=1T4eT_(6l&)D>BI7aI{)Al`nwGn
z)iI8Scw;&-y9aYB0xhZNd(pc5%AZA!md9fk;AiRdS$0+#w$D21I>|3CTS))+kGA~t
zhsoi|C3da9k6t-H^3y(I`{>6f3HIYn*#8I^KFSzcId?&RZ#UyOgicZ}atA)z<J{ME
zzsDPN0n3;9zuB~l#)UWOH}Kb3z6`uI&Sus@4?`EP+jQ}oy#~_%Amjd1Kf37k8CpJp
z{81X4<uk0MeXU1Ln~gZRC4FqRl<*7OZ^tLFnsNP@-;TYuh~E!0F7^FM#-(~*q6^ui
zoU50lvn5lpmmE01EgR%mbm~c9z6n@FUYHv65*L-yg9~a^@XRi1d}Vrwuc2)(@q)F`
zlAbT7|IW%li_3mqHs3OE*UmmmF*d4jEd1ty-`Ut0@e9XaIvfB0q>7xD6VQUj*lzn2
z@3rUgD73nn_Fo<nvDZ}7%r%wb@P<RH*}NmXbORq_goT?sdG}Fpb9lJF^?STu$NR4l
z<7V2O>{WQ5pB{7}C*8<Na=DgIWN%BdatPyoztq_Hb8OIk;789l;D;jq`(PY<fEx4c
zJFPLtSLC+*41Fz_Y7KOHWpCY@NZCyIp$I>FA$yP3p4EHMB(V;u+Mi9wZX!1(^+NH_
z%%RwWW7(%jqW;0q`sT;T%V%9(cagO&2(3Lo;zPFQu@5<kxZX;9<7LD=twtB-VN>NL
z#F=r8xzA4sUPyc+d(~C)<;*5d>_R^J@8Ul(jmvZOamAIO*QRe-dtOUsp}{`l`7>k_
zRr`#)ckx`uSI;x!PMw&!L)X;IO<TquE_=n<73W=~u_<OQaV0c|U9+`{ImE1OJO6{d
z*#Ed9)b#CD?B#vQ+>_1C>s{lxOrK&YdlK`=OSfWp^BDUzjD0ftYa4NWlM@nxPxAkD
z#;%yRCz;1}d~_~>_Q<y}k8Am`M^LhjnlB0d!u+>SMW@^j{vHQcldxemA3fW_S$F!K
zh3?UQQSO|{!AUlp3OOrs678akOgQbP7J^_TSdjxzGOK&|^j!9OkDwO>uUX5>o|Y{x
ze<Rl~)wNvwmOdMf@+m+2k{yo>Y;FZM(i<;PCrmiZk$$Fc;Ywp5rmt!~^HWTp#-aZm
zvKQ!I<6z&ngcyyx+liTy{#9(BzP&?AsO4eRI_qy|o9mZr&|9Jr@LBMIXVF{wHr!QD
z@ZFhNGq;Ru#Xqi1&mM1#ai3=pH!?PS{weaN;UTR-ob^EnK6sW-6?||Z`*-~Rnf7aL
zXTL^!HP^C6coP1-gMAv+aZo$4YmKp7i~X;$A0}QxFm%=tRqW|h#;haMMhA0?eJ@eD
z?(Ew~%G~G|541A`ei_QXo~!=Qa96J8_BL?qudAH>Vr!pA`+3w#Hr$H@^Ul*d$4Eyz
zx_zK`k2B7K4_u3$pzWO>y3AOn6QgS8Y8_DUL8f)xowcZn`zN9`bG0Te@cS2)z?(aZ
z{ALX0iD)D8LAFDRxgYZa@^Clu*t%xz-wf3Eub`!!ZucVKUn)FpJ>SBU_IsWtkKV$S
z%f=OZt;9{2#P#ATH*RoTUBftYzMMYhr(aDUgKb<Tp3J!>Y0OWrO)~$>@1HYe<d~mM
z8)^REjlOE1N!`dxjryj4v*Xn`6I<(=@9{rSg#ASSjl_*sQTx4Pra%ACSbx6eNKLl6
z@;iQm`bMgcSIaZy)B`!}Ny<Ay8>Ot7kI?oFe5YV9PUj=r(|LD_{T{`<>J`)YGHZwT
zIgi{=jrJ|XffI+B|5I#E(ZGDxXck;uX1`^;dlWbpB*FipePU};T&}$DaZPlnehMz6
zzKiZfSDW`9;@-Jwv+tQdqBG9aNbU4Y&C5(S?ru6BExlN6UuoQ3!@8$7x^s;By_dGl
zXC@nW8$6T4Gvq@r+E4$-fWhj@B{Pl#ldXI^^B3$U+c5Ykyr}uh#&hn!1>Xv;Z8mHa
zPo%gowWW4AL(PQE8XGpk$2i(kt#`Gpb~=c4m_g0Fi=6RY#kk*zmhR!4UELSWVW*Q5
zq-Rrfwrr~8%5#ica9_{&KyqjxSu>=Ec4OoWw)V4pdgKgo0)xpJFLVE&%8}>?$dP{j
z7gJuMKiYt;=2w`;9(M+LD!}H|ZVR@iUk0DaVSFYz#QDtPqkXD)WMY6l;@Fsm$uThv
zig{F<F6xgRO10Yj6>Z8V5Zk7gzC$B>+pHZqc$;_9rs5;|$4gXjUGWn5M_PS~m%t~}
zzwi0bN{9MpO#cZDnD@ssw)3p9{o4TZtpzV3KF)mkKj?flCXG$<UA`G7hU08wy4<GU
z{$rgMGuC=%tmoIvUBgGXx%>ZMtcin+HGY8WdFOyZES;(T+e!Gs!OacMd}HWF&m83$
zlXgT?F?iFxBQft^HOTuNJR@0Q!a4?)e~NiGR_|Uae!)If9#yQ3DxQ%Y82Hl-c0AsB
zk?ds4ZajugkX`7$t!D1Jd#pS$SDIxv?!j(ci!G`9NflOnh}NjF_M;Wc_eIlgta#;y
zo_M9*rhd2VMl-L<wjJ;IU9Y_r4OsTpk{7iu?HfDjec2gnrnwjC%^Ij*D~2%i``&(6
zoBj625YDB){%z+R>}^}V1pFgY%ypJw3@|sVkGcbc_mQtY2C;V(cP{^f3I7+Zemh4I
z%S2q7S9Tx%3Iq8s`%mAous!yoKQsxtlua{&dx~S$nKg|Oi>|a+r~P5YnX%r)XNitS
zA3fG!t=l`uDRSNs57x)L_d2or?Aezp-;%hx`c(Az?i4?I%<4nWe~afiW0+b%ic_&_
z=qjG5;kecRrQh>EE!|#-t~&N2`_$CE&^&Y7dSR7qj$3{K*_vnSVN*8<|7(Y0FOI=p
z91HETwpvM^CN!h=nt$!!YkWlb>I7eX;KX`T^~3f72PdC1#~`1KwQlD1<S=04%=+>t
z%sBdz52K?ek>^xGew^Qx`SO-@@=u5Pm*a0X?dto{oA^SLnz>#~tVnD>!qwyCXEcu?
zr-b!q?0Yr5XZnuE68}aVsP@j)hThTM(lp>{zPEfyOYD1h^PU6aLuMTm>FlI%kqu+;
z+0!1jM16C5jp7u#9%p@Y41dQSbi3rkFFDWi+l>47rPO*Q_d~vwPS5bXm&s!iZufq-
znl*^kw$|c#cKcJo;mbuvz3|up9+$<m@i^xkpRJAHAZ^H3z1z#W61aNC4Z|-qHe7ci
zx~Xh{>mSm_=LfhxocYM-(eaP*=K9u=QxjIy%q?GR$*IC)<4v3v5qtglrR1q%TfXvw
zvGG57?=fI6Sgd6)Eq2~Vq3J8QA1FC<&nOW(lyBvKvS*||%$OP0DdL^`km-wWED2pe
zUp@C&%jw>an44nnWQUtE{akYmtxeauzR$JfT1v~=?<0#9M`N~yPe0y%)<;b1I^G{*
z|F7eBoE_&{NbZK7FSYqzyy4V9^*!Fpqg%kU<x@(AM{j`tO5wwK_y@^{U2CoRw~r*R
zY8X6$U+*E{+#h}^?04)2_VTT$&g4J4=T=MJVeN_Nl!x*EPsLtS9;WPl!Ao<v1bFJ6
zp4)+MW8Vuo<ZAi4@PBDt(ONLXwP-)Ge=B1wTj*NU1ug5^dgt1ktPA0pf=<_>g?yKB
zZxY`VX}>_v!`Edsu0<R8)|o)N<96q$U-dthzL|S>-I$tI`GdrNF7_vCc~0^}&ozNl
z@xNdk_=&Zi-@@2*Pqj_o<NjbVe{aH%S0A(97e8*I-RxKT(*2>kYvykKx<&W9|76kq
zA!wpuiKU+}{93PmCbu(nBe-w@Kk0ty?+duEu{1nS{<e`bt(bXvuQ6KPGmLKU@4the
zvFYwv?ZXb_kzbK}`qqQwMjZ8JHO<XUT$f(<=CGrOFRe>2qn?*?tGx@2R?m-(R>^K+
znTfv|39XERW=2ChiOB9T<kt@&hPSs~hU9o)lOxA7B3hsR@?CPO<DeybJe_6uxM%i`
zCv<4w@$CGYH6HRF&GB?ro3R?L$JV;?HOE~+=89}&ow!|d7hitW_GLT&U*x}hwB6{A
zoomyH(ND*>mNBEV8XqY>=dBN{2z6e^-XG(XKUr(9UwW*#aN$_>7{@Hf$9$V*KalJ8
zlH&TY1M>Bb`pf|5j%>HuQT%Xnc>jCU;ivD;N$lVGjC^X0Ejm2r;q+(6Y)WTuD?e_i
zk)P&cUEndMcdIYEy+gMAXhfDC;(arI)Eu7`KPp=O6!O%$H?`6KwAHT@Uz&z4PYypG
z(|=lmGsm&v1ea}_(PkyjG_SqYwCh53y|Tj6=hEeK!S(gv{Bz*`I{c^C;ybm@v^x%s
zX-y%Sq&0=|V|r+jw&&5d@DzCty+3o{dN|@G`OgYQ7>h;_XYn9=bqA^66hQW5&N3F&
zU{?qanUjr0yZFsIe$f{E9)Xem<pF#f(z_k3a|6f<t?L$`i)im9;pJg`q4IU<Sv`mS
zXFjKK2H<mpJ+I^F6VcEX`F<wi$3Rb8J{<h!_{Znd-U4|4O4?#?xm)wOA6q$#_AiWS
z=Z${t;3wLYg?v-r+Cy3etYjZ{LWf?%=;qv+<<u))^agWU!q`<?Aop@(jLtSJz($;@
zv1*L$dp<|oO)I8H(B1WVFY0!g`=y$z?6vrqv3*T;JlAffzdy=mpuYuN6O0F|r_+No
z-Yelf%`x~9arT6bv#-b7IGZyt&I<7h2^L;_VGhnJ2EbYFN5ENaKUl}&tTP5@e_YXv
zvuqn@^8Zu-SM9MFtIHzy^lJ-W@usF2yp6K)#-2rYCF74D5f|*lM^!=X(K6x}JlK5f
zHN3Qxx%jRS{!;tlZ%O0}CjO>HWY-A>KJ2vD(P=?+mxDw3Rv(QSuSu8S<8R>MB^!_L
z(9TE2<14%;JdWeLf9{xg!;vxf#mEsoubMK7QJ0Ky;$xDIX}zhsLT+S%2f2@**W;>p
z)>Mq?r9$B9?9(P^5gQPP-AwFN^GJUyd^a_R_5$qpXkSzLm`#`Q4Ed<aJ=?|@1MC$x
zuTWm7zqNb<JTls7oq4_XH~iiI#(t8%&tnfLpnE<)XDu32b>3H0Yb^NoP^Q*JN#S?y
zg;!WN==npLoO{5%Jn~D;dZL_BM&3Me2gcFK;7!l?Mw_~Re;oS&x#oG2#?iyW>t0iy
zv$tc|0q^PNb?__sJ^t>s8mImKh2T!_d)-ZQy~V^7P3U_Tl~b!qdRcu3?6Y|8w(;`x
ze(LHX*My5)^tgU!^ZVoSsiSK@ik{8+f}>~0N66)_fAgJwdiGBA>};b)?|)=H`+(7U
z>>&CAdid`;OMm*=_ujcS1O1tS{v1D}^8rVHt_(?^tAFhYOMm_y{UTYX_&mkF7eTk3
zkCCr|KTY~m&pvllddE7q<nRr>dS^90ZuQ$=?>IWA^HT7XMO?YdSbmK9k!mZJo?pVg
za`d7#re1npfIb@No>l8VCHy*LGG#P<B;Vl5wcf|~h)fV3{lu+AtBw5H?~K1I6Fa94
zd$039$V;4Pop<`TYAc>dyfc(}ewpv#d~Z8n^he!~NOX$k_TaU~#&^K~FW~D7poanV
zC-Yj%c=UV@&#vUzkDA-w$@3a7`ypm-ddC$v+^q2)y6lFV)!r%YOYiFUVSbBmM)B?B
zdUm{#Va{&~*YsY_)zBGrB&4^TvmZN<5$(td*@hjSq5K|V{<hA2u&!G^szhvuzJ4k%
zHF$IET6ftU<1bPljK}nAY#oDay34YE=f7du#%}E2KVcKM^UT68!-MI(Pb}JE@`|UB
zSG<wD;!^U8leLdPF0pJ8`8$!b+bhXImb{%z{7e;bNKat*-oNVi4GWjw5qW+`a>J9W
zQX1~BxFhlc`^~STcRlFiCoWEDsL8f+%hv(}y;r%lD5Q2OsKv36H4-&Yx~j-2u3DAc
zP{s8wPjEA};e!De=L;y_aJTE|8^puZNXO6ya=+V4KCp6tD;WPP;PdoK%Wrn#CcAc$
z?K>0hG}nunt8mo(EPkGweu3<DA$#4}+y-YOQOgSaE`Hh1dB456$hXi}PcHIS|KPdE
z<UE(ViJL(F&fy*P<M<ez+FJefhW7`m``|TmyKl!g5(bucf`d<ig9pIDb>QIIRWCNg
z1KZKy;@KUe8xq0CHIow?j?lh;Ls2BbNC-CZ-l%W9*kCNbGx9diY;z?NTa;ktQ;$p-
z85I8XKMP!}C%5|nSN#5{o!h;i-0ru?OHpoj<yND<jNI;A@K9jqb{p7q;{@-2r&a~I
z-GO1;2Pft;c5Zipo!gC_b#x1MmNz!HdyHtj_Z+N&;GT1iddGKzFY%XR<b<2U^db1l
z-xCYt9OgMewkx#Z#OE1l*_g4p-&aiDUUXEGyEop_OS~nv(@`(iy+b%FAaU1g<nZm+
zzIRS`+vZHKan!h|b~EdYF4sjHHy0SmT{D4UY@g!S62=$%jGHxXfBd@`TYvmxXK$B|
z&-q~0LH0s+)KJ^yx3ndDS+o?uJ{CQ-a?Oj}8?3&uXrY)GJ?{wO`G)qbZye7YtC?f5
zaL=Avu4}{@^^LdCzUmu)jxiQcoBKB4d!g_5o9lj<)Uc3otRv<(4mybQah5hX-oyPM
zZGD30WxMHK9`c7+jP7dt{e`?A+?GU*0elVUcC~Xq@pEtU{I%%5w}@BR#(UeC-?hZe
z{fG~74`yv()>GZL^St((wpCO`^xOunsf{52EBURwg4*SisEHI8R$kTX{CCFkEO1ra
z-FjEN8Kde4A8PMM%NIue&hyvN|J$CC;TLH4N&3HzzJJFj>KbkKKa%$E;Cb!My-=|*
zVm@b&=?VU?<M-d_uX*`}cK;*7hxi{$=XVl66!i>ePa%ahUMg$7H01U;WKKFVCxhB-
z!|G2W<NKdK+Pc?uK=QjS)wV@A7n?oJO=-mW)?gFYe!MW0hs-E}N8{nMl2!2yC8oSw
zw|U)9ibCs<nbpMgnrkrdbPKjaFkBSUdzIW%Tw@J9G7Fheg{+x`tO+7(W+Q8ISM6``
z5>u>pb3^eBambpS?6`(R@I3!XORv1Q7rnw~K@xK4PAgt!%hQ%$Wdi#9s=JYW+<%!G
zWz%mpLKnD*p@w$TfSHfl9X{6Qsk@CxN}(%~d7jalnP_xpZZYx?A1qpSWT!trZkv(s
zt9LJBecGBij(Z*4yVT!$<kFcfaaXXmulKZMW)qWz%$HuMMSm=19@Ck}CgyPy^T=TQ
z;~D!&_6pG1NqO1h8%mxs>L+=K@0jP0Tywn<nay}|xbE{=wVO09wOQaXS_@_pFSK{u
zj5^i5l-&w^sqxeu2h2)V{jp)j^2*4(Eg21gd&f5<6DOBa6^Jz7?{7htT-*-K_pv5H
zCNA<57g;gfnED_1*(NfM+Ryk~(RtU`eTKPFlVk&HJ@#1gmo6CJaA=P|@<vgi8C#1z
z-u<TFjC|8Rv}#zkzu<~=#MwUWON@MS0Q1{M8B;o;)5CN9k=%JkB*$|mEUu^DHt0rU
zh#J1CDscaG`upn0D<cc`d?9jM(HA3M-t)!CSBk!5^_`%4PrdzS(PlPrPx8$-1Cuu9
zmWf`!4ZBh@DvLP1`}cus^@DtN`Z<C>@Gy0du6*3Tq6wJ9eIB}6{<R3PKV8Nsqx3K_
zUCGc|fUy|6cV8Y$*Cnem2Bc{-hJ|%Q`|z48et@oSr$#`3+Rjp}BzVdNPom}AP)39B
zd?n+{L9W*xGV;}@d$&L0DYW68eD*o3k78&*w6-2Tx{x|4>*2rkjB`EL-}0>AtU7-1
z-hOzozD%|XbI!t6DFHUMwylDUH|e&GwY@`IvVm%$E%^^cTV7~u)(<lpOq$K+`jP1N
zNsPbBSJPUO7$3Y2IkVGE{xNeX8#N>%eDtUPHr8v<;v&^P&|JOHeld7FNu1#4d0+gP
z9K(;s?wZU0w|G&p6{0V5T}i!0YKWb2=CJOC+^iG1Z!nHrXv=r8kxyN^)@JAweoJg-
zj^fAhw3kY)Ppx}Sw@DAC2B}M+8j-C9#G@7PUM{w@<l21Xyx*Q@f0(FF-gM3~YWCb>
z`sVh%Rob)XIv?Gr_Qh+bSKf+@z6DwRd1Us@$nKknZ@e*tEH~?0jsTygJqdsQ+kDH;
zOJZE-iVxO1s*C3BFplEeEDc~6tvKWl=`5m6)Vz^y4?riGoUyd!<3{N{@K!ChP6hO=
zT0785J^Gh<qRV&GZuXuoe2`e${SS@w?oZ)NfnCsB?_Og{*uyv%!;dZQlwd76t${=2
zFd&O77WhL;si||sowolLwd?ZjFB?_YRRj!-$m+SOW$h=||A)*;I;3NwwFWCikBsI0
zoYO@QY7804jhh3}RR_H}#*TaJT*XIt$Miqa&O`iG40J6q*^d&-UFON?%Er#}VIPE;
zlkCSl=0vR-*_=l!cGPXoJ$~;&)gV^9c@pE&8B8~Ro7y+-w66K=MQUG5_m1J)iM_X)
zIIC;8=k+9ac^RLVvH4D~I+#1r*fH*O(Ltx?-d&8zJ7OGR$tl4&V5WS`8fucJp%<@V
zEzt;WCL|lBivRx&?R~i)4AuaH!Eojp*Nd~-cd1?4Z!G)H?>m+`1B@k$TBNaKIh1OR
z<<F8`Hr!L0Tjz(X4hF_ke+zr@)3jr*u}@YXR2}Ga&h{BMA~h%(K8btF{$kNsEWBLM
z-wE#P3<$~adu}m8%f9Lgm2*DE+2VUs+jRbs^<L-wWs$b~Ga~_L>?HL)$c+w1+25&Q
zZ%8)!Zfw3X&U`BZ=Q*Bqvli4DGz`8q=9|%>Mc|_yx=Zo6_gi(hlEQP%xg~}F3hz>P
z%f#(C=AR?FOEPw3L3gKqYt27r6zgf>n%L+FW0|G)h)H|J?F(KAZjW$H=Mf3V6Vc0Y
z*mgns-r$Z8Zev~ZB(-B-XN{!%DcMP3{?FmM^WIMA7JIyO9dh~_=yt>5Ro_(%?z6lf
z<ntu8MP68K)IYGssDB6BwtZ;zwnGVfp4c_CVB4OAHBXGDUbp0vvknveE8bdu(`M=?
zR(#7Jne{CrqS}&Mc&-(m6%L<aem`XXqWcrTc`LssG4BnG{Yh7P@C9VwC?h@?b&c#g
zgbb*nMrM`E2;R=vMaRy#gN%EjJ?<yzH{LZexY0c_I1+x)xUYNcqm5g3C$+&3mL!Y|
z#u;(J^~kP;j9YqL<0gJOwCv-q&_meOl1J+p|1$JjDsq`UE3Mhh^V7~oXIfMJU(L}V
zR{C6X{4F?GN-UJt)%Wndm`@gGiCKOIYI`zg`Jnpj-+;f*a$W1fTF&+ztPY;z^G(aL
z&fCNGD!qp@2ioANI;~SBvj@=ye?S+cdZ>@vqYJFu@f!MFV(NlaYPDOsU?$`1FQamO
zmW)aTztV>n@SY_vQ<0Y`ro0qS#mcA!^d&mWroCRAr37C9&u6F0l&)IlGZ0<A09}rP
zF8={t{tkXR3O^acs<*jE?s=jeemVp{U2OBy3D$8APxZ&!bLXJVH^75vvlbcXJ%c{4
z#15E=9Z-ZFP>3Dy>t@kqH!)=A!kw4+31Y6h%7M)Z?HvJ|<>*}Un7bAThpur0%EMH2
z`m|B0!3pRN;qYa*BMXzmqrk;-#+t+ZC0mV<i9hoE`sh3G=Swi^XCMb196rq)Q%0l(
zExRctoTs+I;XX^g;b%(;zr`4LA{RZ##du`P6UdhPv1eaEjtGzIUCF`qe8(eaR3mWL
z#W$RE-jhsx9NBU^H2EYl@i}N`KlKKm;4_MTg~K14I2<`B4tFBE<eTcnUz#afHXsvk
zkCiRxsfr1`vgPZ{O>`~%wXLyqk?9k}mg>JZ=isjn{520VerK#6l`nj%4$232y20<j
zwNSJ^7hmJQ>2`Zrw_Rl9C;Md+apn?s^bW?bYosyt1Nge}frQAWwMKm-IoOTtrHF_0
z%oBPhf!ZmD4D&qI@--v3ss3o-T~}-1&~VO!F}4{l*EZy1>tg1@84qUs(`By4^xC}Q
z+#vaRURQcN{?PagSA6_J@~?9E-}X|@e($~u_j^0MN3rj^zX=Qje>1x4QfgYITh?7d
ztvsH~-Io_!htIcb)XJaaPL69(?)Ez9D~I(E^?>sg*Yj2;^&B`q)L`xWamK4X{)aRU
z!)R@Fr%xJ!ZdRUF8ai8NBc8`IvhT=w>h2z+y^XYR8rRxc<8)78pQLhV?(s`lH_}Jv
zOGZAzvRiGBvfJKhxBU=pcW1I63{7$lTu=K$W7<D%w{O_(AE*6ew0|t7{iS!aXB2N-
zJO|sx%qL@<$9|39atXB@m!Nx0edG=Qjcd!_wf15Lssr=Eoy0(TteRm-^f#7|_Bfl)
zGd6yT@9*<HneXrMtr$c3^|Z$<SVVz^@>QOv59LTm{!2&bp7enUFKFV|++SQYyuSS1
z-g>LMxF(uXz113M0Dq$C`+G*$S@R0EO|0ww!T$u>Iv#IytG#mO$9Vwevp>?a#KI-;
zEV5^+?5MYY#l9HVrJsI#>cdUH;WHEc)!!GHw2<@l$my+N4blh>{lKe%_iErT@*T|o
zo76sf>><7v-+kuu5A=IJXg^=acYwLJ(Pokh-z@%(Z*r}Zwl*@~zzO6UJ~;;-Nru1s
z8}_?qOxe5O@9!~n2#yR;hu{SMcN?C1e__n~<vd?~#G1obxn6$AQ~xWzYuNLQg<qNO
z6&dxv(7Pu5<iqdvU4Mt`!s-2d3!YyGmUr{%4@>Vmedjuh=g&6RLiGnM{+YSPj%x$>
zJbOJSZ#a`0=J;)hmGHN=5ud4b+S2J6=3Y_S2;w%jXM8Rbzhn1pM*TC}t^KMSw`Yvj
zHSNJGZqD+#b8ZndrE6)#%+^6K$d=YzAN8v}_<GR?K5{A7<q=Qj@>Si=I-v6t#JJL~
z===Qd@-BWpo#lMwN9aWSV1-XTx_JTT!m9lmwY}5c-z6^gq}f-xxds@BUmadG{p-vr
z@FmW<WN%o0Kh05XH7ozux=u`EQaFb;+iCj^zI8po`L^Zo-0Ql|{VcxERV(E^_+0w~
zS;$=VlgS>2pWnZyF0v_Czl4u2o>(!);ruV=Y+T6!=f9Wx=+EU9T#H8CA=MzKt?pgT
z7G93e<SZ*b2kL=IqYbl9IWT+3g4tt6{iTezv(cI-z9dt396`QcPP>u^A?`cZRi`Tr
zo%HA@tUmrQ@?&=i$0vSZ;reGku;}2V`X*NE)*o23;8R=lr8-MV>W_Pze^p->S3|vJ
zUsoQsLme>8UB0ZPz-L_C1m5w1Uc8%eSns8ThuQDF3%!~&K_AkQj}AD$%{}uwwbz=T
zx#!P(?lIfR=+pls{Ehh8I6nj#{C#T<$212%s|Rd<V^8~U^lSf%wBNpV&*iE$88G+t
zYOXj}y_z`SBRiopx+}ld6`7{mWQyf-u8Ag-oc}hi^lT?F6r%gJj6t~ijONC5(WGdn
z=lu_((?mPY{{a8nsc&|P#>)F&=lyf}pf1b0Di=Fq(yz`F%~BVZ{btpVHT?(FxHQn2
zpP)VUaTuPaw!@T8_*;INjl=xYbxs7dGdGS;Jih$ljORJ>8rPFs{fH|q&&zo%xrxTn
za{Rj^i1Q8`#<XqFW0_|})erXJ2PR%tzZKWL4O)4UGcF#$AN~*OX}?%;=Zrgzv}p@p
z%WuiYzFALR`-`;w58C+$xxmpxV^I@0juNl7o9`#cBW*->yhYAv33Y}$ps51ttaq_T
zyztrl;QHNVEsfBhYA96QVzsF~V$ER_<7N&oIrCvIa})U7#AgKa65K})Qy#9d=<l>&
z<r<k+!rTg2o7Z3mC6b@~ICFc_oLgemubA5|{NZJu#HzQM+b7AX{xS0#b(z1rgZ<Ym
zWG=Sj7~((|ZNWa-s`rS`!&h0lm6(e-kFmr3LE*uog{!`MsA56OOrEVyv-S_FiD`4u
z<`TxF`R!*ucQC&fnBVKn&#(E~^P9~0iQP(7KZmGgQDjWcb0-+nCy?J(L|!#*&sYPD
z7uhh@xDx5BAcYvS2>dz**z)~%#{2>}eFdEEp}nG*u@z|^jA=f89_=mUFs2|pUh!I>
zMf^U_^=Nv8x(E1c@^ZY?#kJ+peCE1>ahG|<cJ1T0Xg1SGH~o&XH9PV9X7c_i;EnDr
zeSZw+EV$FVuvJQBLuD{GJ$GoL6&F(?p5>Wp5BVR7n>MShwT#K^F9A5y#(erCJ_Q*w
zHvAc$$6ne#LAEnE4giB^q47#;5aC0|9}S&Dk0sE$_)N46&X1M@`*>GP>q6}53&{so
zUF$|@(8ahWk%v|VoT^@%&{8zSNK~$&_+z6xZHzhpNOY>=5XC2|f4jCQEl)a7IUUJ%
z9IeJyDBed7p35f^O}Fe1N7w1yOU!qZ!e8G5|9j58mU$nZ*SYG_S%*e>a+CeTO&Qrq
zK8)q-rCw=<X+Lfs>-Be!!RK2GY|@j7VFz~I_ul(p?kI13ZlRI5?hr6rRemsj=&qM0
zv0kh?U9NMVy5M`AVeyieTJ7w&kn>?AjfbDt@jHuWMlxo}m}k(-vbTy^bGlexewynm
zzFYUwisYT|-je&rcVGMVsdqCTeBz~BAAjZDQzhN+2B^bj6dLv5gfl>`n!;D}&eB_4
zxyr}!&f!cB@=Rx=hbtKK5l?E~q^oLLMyyJ2@UmCq-Ej?P+s5mRsH278&u3pBw_{fL
z5$wyGv43OFii~6Lyo_g?nU9yV9xwBF*9n((d`^PT0?x9%je9xquWU~LYg$7yeR?_5
zHivV7z1X>(ocVj0F_f`qz5w|UM;lRMmM62;nZ&-2=vvP;k2JQAV842USyO3T*AEhJ
zIq5=Hj=)ZC<cxLsg*PPlTX&Mfyc)f_fj!HeuGFe*e&5ggx6|))$jKk^X>^UM5^o~M
zUfKo?zraUpb|c9seE{12UB#U(KjOo_Reh#=R8<ymP~E4!$Pvj!jVFhAVISj}#CQrg
zAN9+OXEi>1_DZR%G`6cLk?}L0YI{7njHkdJ&waF^Ic{T)`1gC}Sj#?PJZ)Cfp7^_(
z^DYIug`9U8+?Gb1Kzi4FY?FBU(7Ez8%zq($G%9bKc`l@nM*7&o+-_%#3z_rd%$NBy
zj*(Rz=mg~WOY51h<}H7u@~`h;&OfTSqlK8H7UGKP@spZ!R$RhN=FE99=A3I;e`wB{
zuf|tkk1vn$&H7<lLxIKzT{$qQ0Umjbugo5w0|SlkD%v#2tto{kwMHXmG^E;5wXAd4
z+p^AoeYfxzEv$#!o{8U|;GJ;3KP&6}tB{MCqpaFdK4=BI>WI!TVh=jcd#d_r#j^N_
zWzqUQ`(oM4$>Gh&1ktYOlf9!O^BH@(Yn(}^qEGqfM604ThfXEya-h>%`d9s@eejcP
zliD@I>({Y{A{W2=Vb)wZoE6>1v&4p)wVs?YsgK@TPZl1Xb4$&(@oA^9ujkCSmbIB=
z)j;-p?0Q==!K^W|+p=js!*~C9A#$Nwi*t}g7vWp*TDI<NXic>O<vW!vqxfO*Y2YPt
z*{odh`daK%<)0h@#<k4JO+FcV^5S-A3w?HR7T4EaV&(lwK4ZUal$~0Q?}GCJwQrwT
zfxn>wT~S9}r^*S!y|*eCe8(Z%s?c8xSt|#Z=e1O#S916ca1DGXV&k_eKBa%$(7Dd;
zQ=X#ablPIZ>oHopJrnaf(SOOv%4x-xy?&YWVwq*j|2*_Da}6iEQ*-YmHoOe|_&mIH
z%W&g*@2x9Zw0_l?ilb5O5nsHE`D;$O=*FHoLFbjsrR3G-7R^ibI@W;myyZG?(OXr{
zoCO!>`3gPHb5*=k`D#wj{E@-d8GOuN{py`MU_S{x`wh-ETgN)_8uTf$=z8hYHe}@F
zQ_<0PR4tsb%{MaG<jQ<`R)S|<uFIH9jga`tlbO?=1CC+Nc#C5Waeun3g?S~aof6fH
z;mnE-^ffu$=9z#&ev3!hQ>oJ4qj(hFsoKSO(M@B#_WN;+Z5?e2$3FX-&K?Xv$6oY%
zrfXc~Zt57+(vO$gD^CqV7olUlbTNw@rjJ4wkI+`TY15>HCsftUUHVngzH9{IeDT>W
zs$lI#zwC{V`NuBq@obd3!|P0XI`>(Odj3707yniA{y=s2`tTGsA@n*Ww$89**mQgZ
zomcx?LV1$)-YWO*##@|yI@R2rLriZobY$-9`+Py|1xi<)9^j0&=uDkiIToL562A3h
zeC#Rs+BvUsWg2nt!|LB0ZnX9vlXtwvG&J1Jx<&a>iiMUvcsb*$7~;A<P-7%=Mo6yw
z3|{!7bGXqx1>U%o8VA+JkVPHrAGcm@@rm%g*v<MJ+q8I`G39&sF=PYogKxczy%9fs
zO&aT2PfcqZ^A*iJk9_EacH^MkTgYWA1}E|0r20J0&4ixTPuQQ{=*p;+{I4cHCJUKV
z4NdPtFSRqKEqNBd7A>in`{7r>2R=RJM+wJ~fYEa<-xA@N=T-0fHE@g!$<Ik5?jL?`
zI~kq26CP@|<xvQE6k^;y;;6$DEO`{7wvXuUad__uTONgNdDP4`@qRP>NM1&27iXzd
zSFmQHR^iReDegM|3}3uIzrYn=d3Y@I%OVaeF__M}r>g4&?GD$yxT^L1cAK@Y6f;3>
z7vf5E&Z2iX`6#Cg57y$Rtc~{u$0r&GLi7W#z2pNYB~^hLiX#q3GpFUSC;PqOwL$g_
zQ-up}!oYa&qr>~)0X{wg9%h4w6*eA5fQLr#0M1J{On5GRr;Ue3;Q_ydX|Ho{7HdY~
zyzT>JA8Ulw;6{BPvf<oGZ9Egsrv`yDb@+PV%s$~qf%AUa)|oYB!1)MpUdEW?d*B>r
z!Z|nbQD7Wj70=qsf$<ZZt=S*Oi(_F7k2)~^34MrWR;TvT*jH>CbA8I9dC}RIV(9G8
zJ1shU>t<u)R^C4wjy7}u^vavz(VO7a8{yd-;N4Q<VpQ8|m>CzNHHoRe8OI-KQ}X6o
z`slB}b>4{b&m>dEn)@hY!?#28$Yj%B?bPv3HF{&}7l<cJe{A1)Uvr<BdwG1k^e<hh
zesAP|x&8cP#xQ~ZS@>&*pZIXoFh1ux-&lIL0N<YUnl)ZxcMN>ak|WTcm$guUJX-m&
zn^KJ(j5X=&#7<PlamE#Pc454Q2V!cE&gVaHVGU~3@42^TZuHBHZ2~zK36@`N0d`{K
zYv6!3yt}6ay<3X%owj!o<M7iv@Jqt4l0$9qdjR@HZ!hYCu2XG0r_Hu=l+PBx&XMeu
zorCPa&RKefopW1{okNZW^>Ae8ypCLHv*pS@`q_tEk)89bEms^nXFoFJIa{u1{VY4D
z&6X=|j8k?_06&~>)#!O~)ZCiw%Dkj8&){6mb?GNq+h0SB=tBH88&;%`**4U5{WhNY
zBy#!z>OOsEk8%BIzB76L9e5?W%C+bpyz>v&=)9fq&+`{QklyGXvMA^Zrl0g|NGDe5
zZk@A;Ppf1E^qoL{cP2iY=EU{s<6QB1Ij+38mcPs)?rB`*F7U>>q_q<`b}~ON^1G9I
zFB$lO1E2M`_$I~bHB0}#fqdQse7rp4Ll;OlRHGZD*M4?rPN?NC3G5Xa`F}O>t9P^}
zO*QKXy~*Co)$r@q`{snUtV;-Wdi?qO+-a9+eEZyW>3OcyOJtkPOsq?nylfU;kx72+
zEH`+S4KRYZf@W~2IqwFaqC4ee7Dm!dzq~_NMb$NPD{Q*TK9z3zbJsvu3!tkJJnsj-
zWBGQT-^%k}w4dK{(rT*+-}H?<FFO72o6Nkpm$Zi!OOsyK-p1+1wsW0TEnBZg9?;%F
z+7n-v{1TqN?w9C!@-AjtITt)f?F%Dcc`jdpSDOadce#Y?XM69aLEgKd-+SIH&I|_D
zv3n<ySq8j4i)XX69|XMhdl%!#0d9c_Mt<z`qx!X}_tmc2Xr}Gy+-D9`hVtzN4wqX0
zk!^kVl1>8)$)rQa2G~D}X>X$4-cg=cdzpi@ci3+41=>^Hmj1adIkZ{K{Io{OVyp?Y
zQ^R>bHOyDPv-qv~)-vB`Z^O67yej{OZN-}P2>Ump3&kN<e`s`9yItMY!}!GU8Odi1
zpA<gnuI~Q(eCrt3+4jEHaQ~m(`wB2F?RPutDdubHpk~?{NZ$xYqBGWcM}5eF>IFuA
z^%&Nt$SKYqY}MK@Fos<CQ^j4$_zRlcjjt`Bt#bA~R|6mAp8tsdT30dukVzM`v6wb2
zy!JhF@PBIzh5g2G|35K?{`}%C_p=XXOzBUD<;e1K&gwjmw)@}vXWJMtKpRodQ1V<8
zu^p&wu#)<p<hn~wYditQLmWVN25_wf&SQ};8bbx`)OeuHVgAsXkwv-B60@Oqun~65
z|D7eTSm&EMb<Ou`=H@}KP3Y9sf3RfV0`$N{a~);WZ@<x+*Y&h%m^OxNh<S`>F1F0|
z$ZxAo$2jh%@kwATmK|Z#|B!d(H<2u}u8j>B@JzXFTcrHL*ci`$@$ozFeYoi#eDv(u
zYA{Fl4m)rX9{hBYzdIW~EM^@rjhIc=Y2A_`71PlZ<BaLi0_ZWr=<Yn<*e*Ta>~SCP
zVM8}R=00GqZ$80UXcNg9=9<<z$2}S0cFyUM%ocri@;+yVVLQ0G{Fz3nVm;qOC!K_r
z|NLRujBcLy8sklSqnX%6$@b*kJ0tht6FP<7t1;(HzUf4*Q_|6E<HH-!g}b;fAB&z*
z{+0Hicqi$P_=swU8Si*kUzZ<1ueP~U_aEln+~a)Eo0&s>UD!CKom?Zo!PIrxpS1or
zd(t8W@y5|ycys64aWi(3^O7@){N<VBT5{rRTAMxNT4H%~C2-f;uW4;sB->;0=Wn?t
zpO0YGiN4l;x8TrBd#$wh{#am1-_2{2BV|rsp41sT*QQ2_)z{vXmSXj_Hl;-}K>bM$
zlskQSQX++RUr)sL#hzVHU$plO?YT1i-GbZq(f>{0t$?-hDaM<HkEIFxeVYFr{NIAl
zQO^ms(}1nu3f#AIK=EAaV(&;{KJDOmcZ;o~x7W<Qle`+O9Se6`*Y=>d1G4pbuA98>
z@w}T13^aG|8%F-mXs-;PqI|8|W0=U;+sBe4#`OZO&*b{~<{Wj_t%c9avy5pwv1Jdl
z_G+Hy&sThJ+uOsZ6@LQ1;oH&eCSK+9)jrEx(b5pMO93|NY<`E~WA;tV+LkXapWKqb
z-bs+}c>J{ZUlZe9M(ZSepw;-*pFa{UoxQw5HEb^~=XWmtV(Phfk3b$JWXs1LUlqdE
zx}EjxNPM%uTfVJj6z#}wJ%M%hcb4DPlIf1G(tcnUcIPa{N6yLiBfzwT@s%;Y`Pj*o
z@%(0d@%*j=hgJ6Y-dX<1mQOOiC-}aQcJV_cUdZ^aVSJ5@Zv*tW5T6(8$cwZ1UBdV#
zGrk1I_esX5y1g3T{fzHZjPL03CtEI}odWl0b9_%NU({0I9?>&C<rN-=FHgXifezKy
zm%lP2JWDi$Pq&FaQjeC+FnI*Otk;!l@h58y@n;(R8HqP`$d=p5+M)>`gA2K#b|2ze
zF>{k&#A$B}FzRUw+c7l@eu!!75#j}94~Pb>bysS5BQ<+eV@0&UUgr*zXW&oKLnwwn
z@%5Pe*^KUV_*1cAhNtnh2mjO9*i9Sa&n>3@ObfrxHThjS;SDciK3stA<v)9{FYS!Z
z=;75J@M@vWKQF)&;vePG_2rk;aHT!Ya_IO{=0AqERySHa@gBS&ekl3{=dH}Q)?3*j
zOE*k_U%rR!tNWAT7xt;Nr)}~}G5pd>d&(8H_+?!9CdMsTJUHB#mTAikFEU!=Kf*YX
zc_v?Y$)Aqpi`C!;Uy8{W(0gedxDj6ncbo@)6#gqMv~l-w8!p8*Tqf}UT)ZRNba+R!
z`LFVhXh^Z{C5%D#yN~}_)OJH()%UMIck*k6to?su#>474N7fvJ2W4vswl7m#!b>~S
zN6xhaT#Gl`wyrHl{t4C-8NccRjkKSY9M?PjW!JHvV@o2tnr+!-;)wr$=eq2MOZfgM
z`gbb2cSe>!<RR~%W34BYgx(Dy=PIOk(V@}l*n}TZ@18=R_UK&Rdyn@sJ)SP&1xux4
z-$QnePxa4`-mP_8`Zh4i(zhA#^GfD&9Q|6&oE2+o@!~jB-#*3quZjE89eU;s@H3FE
z^?J^&Yj?-!+8+I9>snL)p=(Y3*H70r0aHiU7DB_ah2P@ZV7m61e!8|tuiLuT)a&S4
zQ?K{awcm33Lf2;7eI1DHtDmlIMb~z&of&eC^LOt>9!OSv+18_uu4S*HpX?YPz7@C%
zrqY4ZwVTkj^5KYX=dbG3wHSJqpY~h5x^@G$rk*<=T9&RQF5xA`35kDv<f@8hrB@w&
z`&q{C=v(Pw>DwZ6o@pjN|BSA!My^y4=N~|><otd3G_~jb7;Bt<y0!!TT4BqSAipbZ
znIgG*E_spA)vIfp{ugv@?gazu+Ay|&qiY{W_Wz&iTKF*nKenN3#fL|LtK?5L^0x_p
zu;A>;HoEh`-4D60`!{F%L(<9G|L`IoPLeM^E4Pq34a7I1qs#FLrn>MWPn3QhSVzAS
zM;t!w^*l3x?rlN$p6cOu)ecP!?_ixH-TMapH}%uK`#z%X-Tus(y4Qf-G;huKF!s8S
zIUkvRZvFdr$sc&?0eGvw{#|E}Rr+@t@H6%AZ5E%LfIq||(!YDl@TIUe%f7u=|Nf_J
zSnki6M{WY|o=yKQWj=z(!~OKH#;>{jEBbdPx=y$^^)GEn|Ek^p3;nBc{6Flydwf*Y
zx&OcS440V%!X-BdXcDNB3En73h+;DVFG&y-jEeS>fW0IH+v24PlqP}poFs#`5!4Fy
z1kl#ZptiP9lVf|h*l)kVs1>PNdm{ncPKc-oNP^(}-k&{tCqoRPJ^h`2zy1CGnAgm#
zz4p31>$$IIJ*xv5R%pxLIR5)ThWu4M$=?pvHVgiv7$isD9-a4L8T<}qpHv3N^0P$N
z!;!(_XO0XWO1Wh4+~$ubgQp;aCzo<I7`a=MWaP9H|Ehg^`PthZadS@hBkbL4jNnq`
z$44(q=UftYZ}D>Ol3o^ZbmufnZ?1{4YmXY7mjp)A<@O;<e@|ZR4cM%*xlTZP(r;^N
z=XTm9{&2UIGnTO(LEat1K5IEKc<M8vp&MrgTcWn^OOCDUagPpkNUt@$twH={j=j4Q
zUhnvI7mPECx1vW!=%*ZCu4CthZ9O_1qenYFs2#vkI&?dHv<>@JviB%+7y_)fV#hYn
zRu+80@)Putja!h7x(_rWySI-${4_G!d7oTa#oKJzEPt5nVEM!P+QI*!u^^YLH5Tj_
zjpYDk8jtSTl?=A_t>Fve87tu(CxETrwt2tBfANqVvUzz&Yp|3x5d5X%D2_q4K_jx5
zJUo^xHuHOB@l#(Ae)+qr3wvd82;E+M<Wg`tjrV2uYAlW{w%Vg@&ND>ul=g37%#J*c
zP%e4=1<KxMPRHLKoU@m{%fKbcw_Vtham1K7c4S?QYzzDoWm{GTadgc0HOBfL^KD@)
zyEq#r`D75Enk*X<7)Rw(a+DTg?Y<Gl*3a;+Y{>285fsci@F_?xsNEfcKV=?ZP%c<t
z4~Jz}(`Kw){ZX<$!M3Z1*mm`hGuYKbZM!<5k6k^?wyTGKgk9~m;jxBs_skoao1B3^
zJ7(U$L+1AKfaK8Y<oA`lH7M76@<WNHV(nauCeV#7ny__a$IgAdsaMvDF7}~goC7XN
zA2WcX;Hq3DxAMQQox24Z+(CW=jVH;b8OeXqNIo<ZrIF;&Pn<Erb7bdAPgUC%&!>Iy
z{Oc*(I3Y?Gv9|9UpO4zU`ICBO@1La8LNi|_7htUI+p;fe`}WWZ_SpBC-|gHxB)hi*
zI`N>N9s*AaOe05Q7y-RqOy9C+!<75sMJ?l^ICK%^E$1Si$r&cuWW~qfk1=EH;?4MD
z9J_d!Juk^#wY`^i()oQRz4jk%2WQatZu&lx-RsEMvB1&II88n(%Vq5Z!~MWQHm&07
zoVp{Zt33qOSDEZ%efP(wa)G@gXT_%+IXjth$=SP}{upw0)u7$E$k{Aps*knvB4=f<
zw6Agna|S@~_?J2c8{I+pbvAxv<)RKg;@a)wcgI9C*s-5@e*Jb69|#XPjO^@UPN}KJ
zmSyjjOlxsP<!qL1&&q#n$yxZUVq3)H4e+;D&W^I=tS>5O>p3K+{OP;pW9&wrbRlQ6
zP7a<*Tx8Nw+E^bWXS47r*SN-<R=(!j@>RGRD_=dfAKBB7AGre<O1_%Nl^*#@zf*v*
z<fCj?$ydw9>my%fd!A0dHreu3@5jp5kFtG#%~)iUO2#_2??}cWIEarp^3^N7h4l*Y
zE&1x$xj*86kB-heg8fGFC_6r7$ye@pi`u!YYv!O{+4}p>38(zs8xwkE>mKy>HtK!x
z+WuuLx=@UrJ0^4w<9Fn0x^3sySaV7YEqf;_SNoHx*)hJ^iHzZ&WiL81^>uLX2=J~s
zmwb1oH&C11Yx|K8C2IQt-&or(>o-yVtnmMSWb0+LaVFX7MYeLbXm^L?D(!t-x%xlp
zulCq-buII;{I(|Zwr$ziIUki=We!oAPYt<kyvv~cFy%i(u8J07ZCHyIkgJv-sE^Od
z4c;g|D0Y8G?aZOPKiMj~A=Zbi{hn&cR`}#);y=*KpZV^Qt+XY3`*rexi$07q$krWi
zj*iA#Ko6n`*|kHVnNsZ91@Dcv;w|J?9%R$ZgV#i5tFsTo8Hn7UpF%Gwp&dUr)?SBf
z-G;ugOLhW0P;%A7TqOUd+Bj4S|B-C1K_*EyO`;s!jLKE!5i3`neHh8r5c-Jx&5m3h
z&wFaO!D{E9BUhbyL{@#YPuY@}!1)T`7%N*-kgc*smB&%Br*=$BNNaKlbz^0#<3sMt
zr)~l6j$9R=a^&jgDHpzM-1;%(Dtoxjxw+}GWAP>5K@Jx$^0Nc`y%t$pJI0c=^RP=^
zF3T{s9Ous1_b(*(9sfVlwnZMlj~wjrDf13@x)TG$xr+?#<BlPAZfvO1J+>3y3$gu4
z792LP-V0qxt=d<wVP9Q#Zf!x7UOdCmL)p*TNPUyodBt1Y#(V`^)!R=!-Tzv3mhw@i
zg&tymIO@9^ZP^Z<7=QKqvZImJ&iNY;G}MNUC)ss^HK~NoYssl3UuN0yUSDQocVvr&
zpXh-3#Hc!c%uZq+KZzgnR^lR^eGh}*|J{8LHte-;{S(>pQ5_@ov^vJd2~it<FEm>i
zW5c)DHhfEr4WG(hSR4DtFM&_uV>?)%sE&~u8Vl^DU!>dmg|%nhN55!7zZlK>^k={S
z+}1Djeyo0B={nf&mac<ueT==2UCN%^lZ?ai<D*|l-`NKq9j8ookE2_>%UX(8u7Q8Y
z>K5PSe~)g#+UqP^9eK_jA9^l)CDw<Y|7?_B&S1a#*_)v&_}7lsXqon_e}P?M`Txk<
ztTUMX`Otf46F&V7#_8x5du^M2i8Y_3&_izy&Upnmb-)vMAxkZr)ZX{4i_t9t|3uy5
zQsyW+4eyQKr`}=P>gaC8qp;N*!3~c|juv7+YiwO&G`hsnAyIuz{%V7>QCh3SOru-v
zeU~}E54|1d4&E^DpI|+Yz`x$V5WlG1ekS|BR@=zzQ5o36F>OC2nQhVWSk`k?D24UZ
zp6z!0&f+(^8(IFU25>A0zjgdoHMTxo6QfU$2G26Uv1A9w!1rnk$3}-1P$rq(F@9#y
z%h)wO_?8u?5i7HQ0Zv={zKrQw8xIfheJb9K3cX1_a*dNVdi>5iejLTESikc*;GO)=
z3z~c7^Vv4u{djiN?<|{KcC_|=wQtkl$OGvHTSPBuq2tKdpW}PZ0}i|J{b#|~!UK(|
zVeqXCzUS~X*|k1<Z$|ProB2EPH;?u6Q+62HtF_Bu{{Pc<t%HNd8AGZ2%=@}y80UNV
zlJ#x*8o)jI8g$R7C7<yjd>%M@m`m&)?|jN){maC$Sa6N*@uv2>#~VxQ%YnNipGE7A
ze7=)%$>-*ueLVSmg1Ckw;K^j<^Hk*XF66Uhvn8X+vrvw{RgR37d=?KXkc?)ps5|H5
z%IHMvZc4!>%sYBlGE-;F3@hGh412bT$mzsRa1}Y7V)+89pjFj#nJF={IwkZUSDsE*
zr-c5UxkqJnN~nu^lGWSC7+c;0KVRqWxv0<Ubh28xT%%`Y&w_Tg+p_vFbXF;x=A4UU
zbr!O^W&(O8a=KRWJn+!W7&+bg3FY+c7&+a>d69p#oK}2UZ69BI4dYH{+|}gI+yd{C
zZXGM98~ce_NrZQmBB%cfUP(@G?2*&N69D%u{|z~<SQh8~kCM|GgW}CJj$bj3Q{{AG
zXgK4jh7U<^^TMYs`=4*oVUPXK|6X3HJ&w_#joi-=E2E*so|v-Cf9sXezn>qK(HrmW
zmC<`X8<o*tyt-FL3)gFGUKvZX_cCTjK5w(-bFDRxlu$SF`9*j{Ex0B5Z28b_`MfB`
zpI!mn|5>(wF7pz7dfFmeb$^;-KqYglIX5ZaOAUOZn|(p~mlf~vz<7V~F!J^&bgc5@
z)M<gg)K2X675MFa;u_}V#Bu3dhsTcN`abekywiGa+tjB#M-FSfbrw~&>IJN&eAU|r
z8(W3jmEg87MlP4xxLp>bgF1fd3t0=to?gIsB=46~CcfR*cK(@cXB*eP3cnDp4f_yo
zrH10{@kkEm06%O0_x33M978rpzmuIjQ@Ex5-xa-bc)E>SFU&I5qWkvj{|dKcCs#Ur
zpS3vlQ|?`|_kJaR<%9MRb7k==cv%mxit#JA#`u+oGe`NSODPlI)mm!3{~0nkif5eJ
zW(?5n8Dpy?mn4Jr?a-di>PW5$zAJ#Aa7gRul-*64BY#!)4dk!j8I`{&mi$$@>|=dP
z?}?@5^}ySazoKPF{@zcy@bUGhK8F0o@2s{J<9rFS_Xgr9Bx4Fv4CRoq?B81Ou>CQY
zbiz|(nz7|QlqsfJw(eeXfNUqXZY5{gB}b2e6SDgyM`yTCm7y<OetH@DbH?w;&<R&W
zd8~mS`!F)}J?Kj@(NQ1QsWDnTK5dH@$3Tl?L$kPluN1pcz9YrPO3sv%qd`6#@dw3P
zABS!wQ-8)-AL?Ucwzx*0R(9o|7nNP<$ma4G8`HAw@R#-H$IfAH(uo~kw)SRMsf@i}
z$sfu20(gaBAMRskK4bf_t!I7qiRH(RZNnS0S6n7L09&(6b^x|!Y|M0`GahWs1#a=1
z<WLD^y?*SZ(2ej9@s=*WrO!BW><Ir)m1AQ=Z`=0>Re`ID*Lo<%kKKMvuN=#|5gf(V
zTrj^^j%CXJ1gCyl)EgVEarkIQ@mh-atnAVIM~D6Zemk;EbTJd0dzG?o@a~WJv2o5N
zW#PMRL6$kZM={2ZKO>&spTwW>kKVtUni2IAwlK~v=IH_cUah%em*l_3-n3+n9a~%$
z<Ga3ixUn^t_vE`a?0sR`oANtuq5Kf-WnuU9ox5cN+40qm-%&Q-|Fn&hWBE3#=GD@-
zHAhFT#>_F<vU??0Ma!w7`8IC(k++syg;rwiT?@~lI}6YI_^EFKFM8yvjpsk4Ommm7
zRd}ZT-!JjMubh1b+A?i9OQH#j7B2n}?x%(>vd0JS>xpyDpBBaM!{D{!k1oF<>W^;E
z@0GI)Z;Imn;lfk>(H=+6_TYU==q$#4dmn!^{xEBwS2ogQ<{-RiLk6cwelfobDf6J$
z$qsgCL3Xf%5B>R}(|I@3hR;81e^=u_lMh<!Cz;zJoQF^J#5M!-2H+`KV)Bs=F2A&R
zNPm9mwbbp;FWr~#{PHKga<@kw6WjbW<+6L<|M4f2yHoK+OXk+tGB=C;-ru96I=*Mo
zNBbkL;3?;cnA_hgd*7OIdfEFLb8uvD!OVVSuWVRo!DF6T_Acg5zP_@Tz_EU1?^f2w
zmc8F|{JS3|d#nEr**l-P^_9Jks_dU6d#5<#iIKfkl*P*4yWuI4y`$kfv9dRr|9xfe
zaNzCiA@`NNW>T;0ExaB)MfO&Y?UlVVr2B(Yd)Qx4taRV_tiCjG0vzuvdyi4($ll+w
zp8q$<-sc#nC3`1C_mI6YcA+JMP3RK(>#+-C<kSBbW$;~ZM{(@$k->L^AAM!;uPFPZ
zGWciUxoDyo+BlU4QbX6+<BOHSnI}elXivDNI4Xm84D6M`)zV3!fsxRF;;o!L;r?Xs
zbjIDE43_+rJo^7-u<d&Wp8s{#$CtrBqwdF%!GC<Re;NEL<&wc^d}n>zpX;mP!(HcD
zUQf1fHU0?lvlULCXW>KEh^&C?9DmRlP#f?Y>93yd&Q9eRvEs7Gu_)bqKX%5VLF5-Q
zxmT0i8_K6h-mT7E*ljz)QCvIXj-Gkm*IG62;B}ml#;;<&J<5td*hIdEzoG-SQRgn^
zEB&lAMQ7yuzY~+TLW}S9=W^b0iu%X?D)wL-r2FvuqT^l6`vn%h8c7;Q2IDAzZ|S*m
z26~sKjr5Vf!$<y(JaTh9%lN%JjJfIL?8u_b7+tum0DB|ZkI#^HB>z3&@m7A9ue4ys
z-9Y4tYah%xZpY7+!r6!9(8Y$a7XMk!0xO0iDfB$_*SF4j)TuI!sVzIVb#aEjTmA&!
z2;$e!lhr<c;6oWc|FSB^Em-^)ev|4yp9;sFyNQXi;ke^3qb^D(5AsgnxYmZ_Il$4;
z1Iag#`vh%x&hjr+dj&@$7nlAUxtJ(}rsuWrd5+(XPN;QA=6&JK>L>coyH&8Au`^!f
zsrnS~Im&qu<(pA#fp}V?oge3i;9b=K<6_B-7Hr=g<b=sH$bZLPeinJ~!pwIU&y-ul
zLw=PyJ_TmYx^d-YO^TBcOuzJI<Uzfs|H?0-vLhXl2Z7<1st+1kGzN|J-{}k3Uo3d{
zm%A&8dh$ulrry<jJd9hoq<8P;KRnWU_ZsGWIsY>_8}EDLg9o$tM4ol+KK_+K<PRFm
z*?SLX@V(>&h~xfM7dZh2g(8O0?YStLr$8{x;#1=?a*OHXuzN5t83=3!SUJFs11IG%
zm2T2N9iz=%-!>7w{uVR$I{Iz%lFJFZ*K}{c%+Cj&{zPQF(cCeU9HID~BG^FPtBl-Z
z0VDUl?;5$0@dJX?0T+`)iJZ^gFn~Qi*>A*6Y=<7w$>Es^E`?nwMdXU%4n~~^GL{sK
zs9jg)GP*@C;al=^+a}^;BzM6%j9GJV%EILN&7ds&@0=YC^zx66@7nw$t(Sjr_A9ty
zP;EftQO=F<eqt%0(^!}|?W$aSsg&<9FjxGnU?N|q#^uxte-OENIQ61yo6Oo40slhQ
zp@8+cihNF223a2~kH)LC^9mou4mtSjwA0A?e!#O0#F#wKw|tMs`Hrr8Vrci{#@b)=
zU+cbk{|66-_~@?l*n7@pGv$&0xDB}O09J?b^_6ZKRPTWvfcH~vg7Zw`PRHX1oZt$E
zSMfc}=-&B9!{V{>&-Z<YdG-6wj6X-;X}`s&{}W>?Tj;8nPuO~YXK$aUd*8LU_x%_2
z{z?~X;_ta%#JQKe9XfXIdsZ%+#=k`#)ZNZSPZ&wgJtL>PW8|2H+k-fBHW2!c;`Cm_
z$n_iBFKdghx=j99_yqStME?g}&<OddiFL>=0SDvE+O&ygP1<JGq?5X<;RVY1Y66pN
z@Z!LQGlIIGFz{)Au)-W-$raWMvZ|VQ6|l&o4dofFByaQq@+mct-?@|Ta^%{4J{h#r
zz<TZA9dwa-<WV}*&GQBPmYx;nK7mX4{V6^LZeyPE8r3Gzp6Vsmq*V{EO%q*xOF04=
zv*_k8yw5&Y_deG4Z>)_KhlDTn4fd`63XeL<neP_n8D>rw%tJ1V$IOh<gT_6YehqRr
zUn0E6Z;8(#x9$Rea2E5_e9Fzbb&_lC>|6c}9;bfQmg?4K>)z$KfOG=QXAk_W2AFm5
zOm`cXoofU$DDN*{sdL{zWYs`&7!HSSMnFF!p`%3TDG7d-Om3rr_2Oe?^e3G!lYX3B
zp5jyT({6K*p5}v2j7i4Dk%%W4*-XBVh&R}{-`pJ;A5UHqcWxvyBp7+bmD@hvWy#2c
zoMo+|&7+_7cgyFz5;{@)jqaPKZCEwGtC44^v?<#B3%L3gd6yH_#|7fa%0F~HV=QK@
z*D>aKjD0TWxUUT|7mMzVH;k{fx!u;?G|*ggo7?q7+pwz3+E$sY4|$>K>klSt@z_k@
z=jrtQW!WC>>vp<p*L6?00-iY9x_ef5qB~$cgR$Kx*Zy?2+Z&J%Y}Uyu_f)*T;yw@e
z_!edQ?@L~q-E|4E<;O2Hy4SM?cc=P+gBjF0Y~G)gN^XUt?|o~}CU6j+_@vociv3Ft
ztzdqVksc3s-N75e)c=LcfM+I$f;>Bc{mt39m&+b=)pw*5o5>n%W~{Bt$j?fDl_%Xx
zo}<mHX@8M>NT7(=n}(C_LxCN&>#RGD@O9rqy@c|`({xwyUh*FL(R<zoSISbWn!OoS
z^L8!EYU2L-U?kq?J_a6Yd<Vxx$9H|~_`vfpb)L4zSIx6y@Vs@<^j5|txGYOyAMJ_n
zyqx-#U%s1~|EG74J#+Y7&P9$C?0k_c_xOOBx4gV7d%XX?i*-jRXVkK}f8oG{fx!}U
z_@VL4MSST3+SWTA$RYW1Sf|}#;vG7WjoqF3LBYXerdY8?9r!G#k*_tE{Fiy|w9XCe
zcTROj;{&7lAW}lZ(HoFMp;yUizY(8h9`{^`KQAC>bw>_k<KAc84V(S-v#u+mzarD~
zT+xcu^#y!;ep&RKhu@xG7FgdIX7AnGL&&Y&fNaIbXyu9Ky*lk%i4OOY@2s8tii$OU
z4R{~WT^rEyE#Ot0ch|b2jo$U0li4o@4ioXiS1|8Rox4CryJ$~1nM_;cj3$4!*_lD?
zl<Ksy7q)ny$~>LYVH@l=@1f1dpYpD6Aiw{1)?GQ%oOk{B^R4#b@3HT$Hoe>}9cQ((
zZ#gi7Mi7?$(#8RcHlp`3JG8;wtZP-SwJIXcyf0mB=AP1cXd??83_}}gf8#21_k;A|
zz-R&R5R5F{+Fn!QTbd8Bu7#|ta>SNmOR!#6tW=nC@eRp3<vZ|kzSP59RmV>q@Nk|7
zTvQ$9x7Qv?BWoT!JbIc3f1-yoej3B3e>ZnaFJZ5C%JB=y!wGD<!ME$_?>+iB3_Kp7
z>^*Q?`eyBB^f7oVGG~ioAiu-^Bd^U2HoCZ@5nSrbxguB&Ul5Mha$jRMYqc2Oa5eWo
zY=)oT%CjeUcF&?)yDBK(Oy2zlY!ZWc=w34Nrnhbz=(p}y%(m{ckF)Nxj{rB_mnU05
z_qJDoTVJN{FnuTS-Vx}6F<5u8Nx$<jXX$(JPfOq1DERuT=DC282YL@fL%Q2?gWBS5
zx$9_a8*?CsX>rFR#J7P@+j+-FZc}*AeT72{pYxFKGdvzR;NSE!|0@NHOQZKbDeuG#
z{YTf{!aYcB;B;iN(OtDWvSm8ubsun-F5kEDS<V<_Q#=^r&N}@@X0GM;o&1&@lTIZV
zYaJyU_1}T9AKMOlsV7eBbNm+0%xsV5tFqo@-P#n}OB=}ht<Jlp%=Iklwy~C}8mpd@
z|3>SW$bY9^HS5?PyyK{ICU}=JKEZ#1Y*64mivIpyoM<Db`$yqKf9u!|96#wg{+4%Q
z*YPF&@3W3t@8>9wk<S-j2s}1GHzz3<FP_N%Qp;va47n&f#wP>a`HyWMe8fG2(HyE;
zH}T%!ZD(Bv&WYDQmyHaGLx#j5Lk=KAd@JJClRFz;3@-9pym%Dfsq6<RHZRQiEAoXN
zkZm*C9935ijrf)>?ef7-eb8YCb+X}^v*6Dq<i!8th?|b*Q#TvlTEhK<?eNR5Fc0bE
z-RN)W?o=z!R~hYiXeVosvDK0}@vp5L-JZJMDQC}Ut3jT&0P~d`AN5-!m^8}JeRI}5
z$R7BfVUGWg1>^j`d>T0JbM@xQKZiZ02(bxaa)fqR<L}LrA3ok+p8Uj6_5kjQz`x?m
zcVo<avlu7#+19g}gYy69gF{~Cm&g1Rck2NTjpSJN0tej-Albov2c3^F_iXQL+z*ht
zUU3<kyX24HAULXB<XcaUebJ@IhC|PD=st{Y7B@7%OL_N|H$Q7>?kRcqojF?k9=RiW
zC-<o(554rCwJ~+Q)t;SqpI9L4o`Ev%aXZ~Th*6p+=Q!|}Zg@+ue;<YFO%v~ra7Xv;
zpA64Zz_VoV>`ri~k#*W;<JoI2kA-JbmfqDh1w2~|td3Bpmi5U7&+^Qa&dW#KXyF<A
ziWbac@k}uwd*Q>I;I+c1B(-DXSxek2>r!7&w(v~lci4D#i22D+k<!Lp45z^}bg?a)
z`rw&jV1#EVPK>`7&l*pIXWw(flbMGzU*TD*nPSa1i}5&kru7q^5wnQjW|W0zg2NW@
ztcLf~fr0QW9UK&%dA+Z&&dC;@Y3{-^!6AxAclF>|EjT1RbKubPJO<C|sDrKop5=7a
z&}R!c>H)W%Ii8AV$u^!v`*-k6@5ka<)k1?jQ8TeGW?*0BV_*Er$`2LAv!qZB@E4x#
zYGfTw$pMQW$I1=Rn;$iJLigDXz`lyZMv14bA+$M^wiB?ghLJ<keTsdhv+VMn=?)0T
zcV^i#t880ljnQoRhmft2N6g$-#!{Mw-BpR5F&Vq7Qa%R!Lgbx@j5l*5l>>uW=sw|R
zjofx@PU$fBayHv=8B>p=uayuZARVBDxH9c`XZ|wP@*OI_-mA=S<1d{5iJ_PIKbf|q
zL&#POKZ1`4Ip2s3c${%a7A)iYC7w45M#<P}Gkf)eOH}5_74(M4rG}+POtH!Zvul9M
z9N;q>I9(0AW?|D6VLuMAY`Wvf?J#%T)o|Aic6)Awd+Bt)QJ8hd4$qAYGP-{|Lvu_D
z1!yy4q;WC({7Wj}dy4&TdluVoyiwncJ&q38EZdztdDwT+^22sH{F<wzjOKRs04*P5
z26<KRFQ#KJY==%uhZ1K-{?!eV@l&vk-A0b?O43-kM{Y#Ad%%+I(2DcEbtZxLwYORo
z&$%yPu6FX+XI}+9WD#qRuC`<%zg_7@qF|p%d$$AcZsxq4HY?r96()8>_$qiY{KbK5
zD*WsX>gk=Qp^L~&V3db!fd0MczXyPG$x>ezc0|4Gj%w&IausJHXjk_Iwg5|f8@ZLh
zQm{I}xXx!DWj0JJfvL*lffI36JuqyHf#G@B6%GtH^?~6r>{Y>qv(a-SgN#YrfmttH
zQbR9=?O0Iegw1KeMKJ?{izfyy`_2|z5-qr#&wRO;tDD>=Bl3XD0(g&}egDqr9f;gd
zmxFKnKFMm~slJ7`8b_JMkBmcy@ev76KA^4b9g!)|^DTelb9`s;-NLtI=&$)6%eU+~
z`G>rGz>Oru9RBFfA3P}CQ|;<o{GmsGrR~4*ZWaFL7&^IlU$kt>Px#ij{>-<5z5O`f
zqN@<!(wV+X+xPOZcuourmGitm8oI?QPYgZ!7=7|y1l#7l8{N>;0Qk&6{5U3O-lINw
zCuhC%U}O84{f09x>-8IMqy6pkbUs#Rr#Np1+*?@l*t~l5ZPDv~cvz;Nm@RPhQzJMh
zz#3Gsj}*%@4RW2&WbB$Jw(8n+_AT;vT{~ajGk$&Te68yZJeR!F@5}A^FJc^yk23#j
zsn)*HcPZ0*HM_5!@5#q!V@PM%Ve#$??&7N8F0NVJ#nsAPTtm2v>uT=edXu}jvKU|7
zIr+W|xO1xnI-CVR9EzUwHu<uC!kt^YSH!P>amA4JFK(S1deIyncpJMaA37R}K5#3%
zpq1y(^E|M1R%k<vUmyX$z+URsKvR!n$CE3*PHX<AJ3drt4z*;_V($y<RzERx{V>Mx
z_R_^&Z*yN&8+}*ty%#%TAMbMi)NbXVAV+6sJ9jl1)aA~mEeZ6$7uyk^MsWgrZ+r0t
zaOSD_H$(9|anHvNXy`ZO4vpaNS-@}2t(ASO7ioVOpO?r(a)?j5YlL;r)+E;F9ruV(
zi8-RPjebYqtJ+b%q-h_Y5#%?>Gh7vh<hU!Yb3ZgU(HhfG>+Y%FFpsyIhpv~8<3)35
zoyJ-XU(i@H@M}0@&E$P&tfh?mqsCeR5B*1tReo!HtuO1lZ%%9BUKYGvx<WB9h{h9h
zZ-U`DP(_*OZ2-6>9F#sJySc+EPbBv4)O#GVfXO)KC4Iut`E}Qo!ChC<zZ6%s!PV<K
z@_-}o{zD$hJp+v0o)O!BA9j0MeT*Y3vt^y+jB!!Tx(1igX<oE;U7nHLDf{2a7yjOj
z&szBX#~&GMW9ztpv*;zZp2^r^X;1S8cecn+pLJrz9?vNJ^6#$La}#q7^Q;sZQ09ut
z=vkC`fZrX+1L;k9OS8IU*QA?CovY~U0DTpp_tzvNcLsu=F>{P(j+M-@fN`%z_w+#r
z;-_jK*<<MdlWAYF=3&b7X!91}d!F~V>uP_Pw0<%5>X2b^;B4JU;?tmuojecF)@<sB
zp;J8zjWD*%qVG!k{l&Z=cp_<iC33F~{8u~oEUoC8O^n|))aSm=EpxDq-sFAD4l#yx
zu0qazmuJIxcF;Y9`{aj(4pC<>G~s8S!q<y9pAa#JS7d_UqOXfM`=S3ES@#Gu7EfQ$
zR`(?OGq_J8lTW%~R!D!AT-TmT1Yceixqi(f-`e9^w4iA`A9DbAy%}zc#{L8y)hwOZ
zrMY#$FIxCN1o$81zhsTZrvKz3vhI(o;7-TY_@P(R@8fn^fd7m5jT1W6fl(bk&Z~jZ
zYBL_6pVykxt&H<Yc+VW>d@b*PPw-*R>Pv9RGlpAm`3cX4^Xx5r$OqlSLk9YO#5Aln
z-T^KnhD3RZ;PMV|8KFDP;4Oknx^xKO0>9}NPY_I8=wRY0g3CDI(vG}HceyOMi~}y?
z7cFcWP`0pX9B|>@qaL_4E<MkN%aD-nq~X5Pm*2ACqOs}!Q0A?9tp+YnlrQdjf_`7H
z%O2-{9lw9UyRr8n+>9KHr4J9|lr52{F<(_RZw)ji9#B?f>6?c<Kdf2jKAFEp=UOD&
zGTI^!-Z4iqr}v(1(U|zha^4j^{^EzH+6;aBSZ4Qe3w@~Fg|r*@5$%4-ZudvD+n297
zZ6`7Q``I(n92QbvV_HS~ub{7MOyXgJ|2uo77js_7Fb<VHy2_ec>~qfiKDcI{=6C8H
z0Ty4e=E?n^)_9UaEBhIb`aKh$4GBKf`#+V>YF__cK3kIz<+Bmm>dR*jQTB28tY^sI
z$7f%seev0AMb{s}XXDT>V)^U@>N`9n8y<2dK6@{GR{UcQdcF3XM1N0UlZfB`*y5+d
zEWY8;src6u@GI532ig>`cKFwR=rooW>RujaEYBgo`r~ImhM$QiTtoi{-3jPz@HqMx
zUwerU{Mzb2fxf<K^NAPX3s${8eB!V47t3?@_2C;=vzK|M`>KWe%3a|xJ%{#7Kj6NN
zW&8X=<*0ZN|GVU>bO!Fd?A*wi&pR1Y4SGg7`kws$USut6!oAJN(XBP>xSMQEH+sVT
z37*yzcT(qeOCM1#3!Rrt3H_XPz5`vQ$(0hQNf;d<=7+n3jHL2~{@`8X@`DFlqgroP
zyQa6bWLT|rcd=ot<j$egPGT2}=kvbogLdp?@ql9XY7%)r>*S0z8pD|6hIM5TbcQTr
z>z&+rt9{H_yd&CGI|clfFSI5hE%1;lnY)t5bY{Zmz2IDsIr->2n>kHnP9?NgzO{Cp
z?&kI#T5;b|=8(j=lxN_Ee>b`!u2G!}xbyBha8S>Vu!k1=teV{ZSM$u{PVV$DJ`ZE_
zo?NlVH{RGf`s9o~Dd3ju`0<R%Gh{TmO;Q4Jz^sdQs>ts#%8UzK%|1s%yK!h-GJ80b
z|C;tv`@mo&FgV?snVjo#)~x1TY}Y<x*>(1*V=?*}i|)pa9m_s)i)k!>WGoKcQ<+=%
zgB5$q#<IVGuJ+cW<kbSs_=@*<fL$8*Z;T$oJ~D9nGtch+a}>v7;bnq<@9|t`yQG8N
zd9x9``^#pqlzYEE>fYw(9#vlN=zHONOS)R_P46lL$8>J&2=LWiT~*|1kbW%Nqr^SB
za|Uak<xaEqr9OnithdHIpEGqcSdTXFF2(I?)mjOU2LdCl_g|nl?x42Tb~N+P65es2
zSO$3aq&@$vVc2_G>mi;%7w;FUJ#@L>u?Ke^YpZ<lowTJj9*=$!2Tla&`yN+(;0g8{
zo^-_p_F|LC7r6+02=RY5<<5KCz*}_T;<}SF_vlWAdpcI!x0yDc<NW}iCyD=ivD&Er
z?n<Nn9r#__z{)4~4c+<p_JMg%>>RrC@!{jJFVG(w=p%zZg#Y0Bo-F*_jhtmD|Bk<_
z@H<9VI{UC2sn-n6Y7K8?em`XXg2Q{jc@w`UGVgmB`;%r`;6?1*VMcs_yMQ}oD^{38
z0~MwbxRtRBcbstt824g(+)vVPyqOSK>q-bDKo1)CHIIC}aThV}BHk|=Iyw+%#06Hv
zyB0HU#Z_wDrQ^V*bIsuW@LKVN%Y=jIiK%Y*8{gW;Cs!Cc#Fh9auE5uKIljJ``1)qx
z>&qu@E9yJ=XU);T$9ASU{%_XcH~4v_hrhu0^L*s9iRyYOA%i)~CnSH4bfai_Qt0?2
zQ62D7zK?(98Rl&=e;06Y<D<b(<2H#MH1Ykihm?^Ylq|?3m-?MI`-3ge6#np!lm)LK
z3sT7;+$#%GtaD+L8P7K?S&$lNv1P$b#?_Zc`8ZD|ewoVp%Afce<BamlRQP3z#V<uu
zu{>%aI43;Iq`lrXO9{NlI)5}?rgYXYpZ@UjMeuSMc=<MX`4aSW2zoLGRX*WL*!g%H
z^t2Cpnq<?{d&qW&ruwei^Jl=#2biC5vj!gM`4E0y&brKGeP*yu`QYdOvh3`+to51J
z&Qt6UvOm;W3T)nk2Id2srO4bo)^nlO&>Y<_KTJiYPaT#T7>Df88ougscwusACu3d8
zShINkjZH?-T0izvPLX%4pLeKHKP_erzs!3nL&(QtkRKBsn60*1!(CDSM!ZuBHg0lg
z8+_3XUyO&hJPvQUmso`t;Uikd)n;;FHQ({@87rP>()Guk_rw!7!&`2Jw>$|?d>-6s
zbqxtT&Sx0?Y7Kv4tzp7x*KixWOFXf6{YF{5<sNwAt+BiXIaNNcm$#hD+=SO!zm}Cz
zSp<LCU4|}oy1hbTaUSezCyCzDSG$@j(~R!QON{2qaeNmU&B}SQEn#3&<pum-NcmL0
zZ{zzje6M65h8Q#DDXO}+W_sz$T0V8t7vRsx!tO2mmg%FNrIjC;!OY?Q=Bw~+mN8Cq
zgkqACL#&_m-|H*z6%O>qdu9{=%)QX*+|M%`m?pCa5q2kM8wbC+=jbNteukJ6`Yp5g
zswea}%I;(gl^?_hE62HWrK9z=%k~b8`jW+iq$5b4K(A{{X-jixBQ~ORD!-YR!JcvH
z1^i~N8Tvhr-@w7I-^8v9Hl_U5*yHK@fAewP^?wlA@~r+l@AH3~{@ZOB{C`IO?RMI@
zi}PvztF5k$r{{%EoMG}1%U0d;&^Y`B?!<~B@bqU!*VM<DAO52yFQCt8Z{j_7V)k}?
zmO<Jk9y7H4t#9u65x=E}ejhx^#m_#j@>^@f+muJ<AkW5Cev|*wH<Cjg{C^PK`Mw3?
zQK5VJe?L0;8t&73Ai>bxV3tg)p?u9a?p2Xr$4so44Xv(m8O^7|xhVfn4K3q6t<y8i
zxj!6C`mMhwj_6kIk_(=^Vvp}nEAFd9hna=_vUtS#&~Retf_r9ky?~s5lIJh-{N6=h
z?RtS{4j){dZ`4D-t$Xb_qFGiPQM?sLRKCfwAwCpKbRA<Wd)05n63G@hV=PgI9ZNL4
zYMyKv>3kcYVZ{>pY0HU0Dc|HjZ7h-W0O_B8;5ylcO<x>NM%MOs&$nP|lt$mp<lQ^Q
zx$4W#Eevv>cc%e9l!uCf6M;_!@JWW3ZKj`ZjPL~tiBHR>yohp7`J%2=%J#Zat-CO`
zgCiQtP}+NShEd<hJLE!XO$UzJv;X<M{;s2pM|AW(;(r}F(mQV6>7fVyM_6Nr9`yWu
z{kQ2s|BvavO%M8inEz24{_wu@cKXy^dndk@j2ucq9;G6eMj@X@qc@~+=3r3$U&wRz
z260UL&N8NSasEJi$j-gu%ehnho7^crdOC70!&Q&Zp&K7{b9g^GGkjg~=y}+BH$Rza
z#iUPxmb!^Sm44HJ-)`0zqnORAxxVYB1hUvKPz+7BVnK+nWM6TKm$p_z107#ruZOm~
zzMy;;aiOdaB2%7&e(JE%cZqhnYn@n};$6Vm_j+SfEA*4cy=a?w*9V^~EH7_Tol^Xw
z9q1Ik75+7<qdR(K8wSdKyi?VDD|HLX&u^-LN47$DwdKL4!V%s;-aw;U{dKTz6LbCD
zx4)1Tz*pUT9(QWrGtij3ZM3ljTrD0#yD!q_i;SUYL_(kl7`)gO8GcR0t<zrg4hw8I
z(_gjcHbQfok3V1xu&AssmK-F0qJmhyug>;QBd#(Rnp?Cw@&2?1GofN4eEU}J<)*CS
zd1#?;8|4H2OMNTM>wN49hFH@NJ!h=7N78fT`zPk^WzJ&7|A>0Kj8Qq-llJYI5?~!h
z5Qn3?xVp<2$IyXQ&0+k}+kjgfx?&b}u=ATo@w}V$I2e!r7x-tn*%M}6vS>R?YoAcn
zoX?y-s_oGOkyXUtw-fKT?ObDRo;zbvH|I#Uvxl^daRmqWKdz~?8-^B%f9WjhSiYx-
z{i{xQ-MRxmEeh6QTUBD?>|o8?7}IqFjJ2K6s_M(`68&!HS)tAQJj4lmMq~%1OM8Hc
z?kDWnR1}Ou-#BnH^D)VVR>c0DP18PTI+t^6&OAGqX9u{Qg<cXlR!E#>!|%_A*206?
zm!e$o%;2}l$3>koo@Mb{cVHag%#D}0RpklSyoF0zmn`m!XD=XCXCX5`6OE6Uady?b
zORt26i7Bl1r&@G0gR@Ih3N1O`Y=VP7-N5~8dC|Q}7yF*)^Gt30SFW-4T-rOi{AOtS
zCTM#;G=3wregihq_1Hwwd&w<1Lj9joU%bLcdz}4;FC<YnnRilnH<dO<!582SGY8d+
zC+tt>E-&ng5`%MAhQB$SM%+E;GrI7%%U=^@-zoeEXYHUJ546znh!H#i|MLKIm6btr
z;gRHonn}I@bl4Nzd%vArYY(j|=^9P^WX%k6t|41%$IZ;`z^7ch5PC&kWdp||zVle`
z{rG6syBnHnq0LL6%^QY|3G4!%*}$a)9-_U#60fmjJF>kbnY$R#QIqjA)?Vq)4XRD#
z;Q`t!F^ORypND58In?Pd>@lWfQqH`(tLRsI&FR#+1z$qGd}jk#OP&j_TEN>Ym{Z+M
zV|R&SmZ;-9nZL((>x%mdE6SU!vA`qz^sTWNqy5Xkkz)9B(zq3uV-rR5&+Sk5H@^X0
z`~{uiui(Z*>>DV5L>n;Nc)pDf=T*&n`U=(w9BRL)7ax97V61In-ol3qSik&>Y<vJ$
zf;>|jm$1I#H=2*;Rs#+TH+N9KhO+d5M)wGw$BrG_ZDgK3<|=qkVn6RcWxp?Ycxgj4
zQiJXYZ)k?UED>K={SI+l@C|-<KLo$10x$cHqk(q%eHXfoeK!maS#*m&QVt$10*`zn
zdhednKA{i%$u|AX@Q5YIl;+2gvvu^(@9tXqSB^$>Jn359!k3Jbm+$d_Ki+p%?BNVS
zbj_G|26HZ9?ef7N2QKiACJ%5yr(RMGeieXo20TqMWqs$g=;Oeq&-~=CEoV+1WKX&|
z*79$%$2?EtJ-PfQ=x{#tcq4Rq1N3=4v|P;jlqfAf3@ydJFS^QL?lr7U7BKMw6HB(*
zFsYSn1tv8%Oe|giuKajfloy=a055RsOro3q2GH+7`X2-z7)*?rVm~-{0Ph4A-5%}J
z0q+WM+c~49oJlu~jpAv}*wkwkM{)cX?&-9Dix-IJw4*CuMPIq`=tsyM?xU|bA9|@-
zwzP|w^DVXb7kpY*{O%#~6XMx9pVS)W-t92$wV`*vv>5)ojXNC9G7=B`7`vD_to*0e
zty}n1%{uk*Y1-F$y`c5Jw>1ndM&C^h?Ks1`<9Ro{ZF{cg{m4}D;vew;6^plC1w5_<
zE>{4b%UO?^LFfFFo4ykG4CNz!sP`L*AyRx)nc0;ix_|LMfHUpY(w<cwiA<G`NA>kT
z{6S=DDL7iqbJgET{WI}q4|Zb90AtEw^tB__dC=&2IX`FRHn<;}{-5rfy8aX0u#0xn
zInyHFq{i6B**WLA^K3u38AhiWgD<sl)lFT6d{?@?ogL^TrZ>uy4$lPsd{*XG&HLWv
z(nrZD>yGjtow=^Pim~%N4V)4lp9zOUjH`fi)FtFIgGUyZaW1n6{f7;JDS76Y&USpk
zI!E{Dl}0W)$&xTJSCdn^a>|#bUl&X;njf8E<lauacp-K4f2`@w&O$ef94qLYx?;te
z?c|W03_Le1WFG>&`!c_Ew?^J~T}^qbT)CHgEiafwtWg*_9)=I6-{Wd}Pk7E=!!3-*
z&6y+dAGh0|`{=XgZrPjBy#6Vnzkr96;M;ldyhdb8=`iDB`P)4B+=IxKTI8AdG&yIc
zOv5iuTwnb&)Kfpo;o<bN4_!43e*J<uhplz;bml|H;xTG(AMh973UX$41JAwe0Tn_U
zE^|~&&eTz%xs!~wUfw~kJG7CpM{}Ex3SG*ag`culAE%D;CIaiNO^oFkc*6VOM;Url
zqpjPOF`xfLUif&Yu^$~Q)K>?C-@I!YYd52Vss6{+!Gg997P57)U>_aqQd<Xe##4Y_
zDRS&)OaJ;WXrq)hE2Zy^3pqE!vpD8i#{W_9xJ|@UXiWsag<40}&ss;;vv(b%Yxq}k
zUo~^5A26_FnEJb#{g*~y!*5_@bl)o(f@~nZqBsNHEyy}#BSUU{AtTVi+OP*TvXVTW
zvhm`->0eXCnVh15Rn42>Z}_z<7E!*Lah9PAzC&BpZ>3x${&>Wur-hf22Ye=RchFP&
zyD66Lw-WtsEBc`J@TV}}Y>ffE#snXNw3Rh5Dt{Z1zmoN_^HRQ3;qE|qat(Wndyyya
zQ6`zc@j$fiF1zo2GppwPfWD3K=pJuJpRMF9!UOaTK3aN4l6V*OKa~^JJ<43*HoR4F
zP99|QE`C4vF=cbemd!z14mCn6qU|<ln|<Xa6@QKt7yLOg#lzU~Rb<Pq%YeQ^%$aj>
zfmuGk&hNIaX3rzwGlJ@0x|zw|!5f?r(mI=bEcwQmk4+UnO$>eY2k_Hp2O!@P;NQdG
z<HO<SBam++v402DABBhNO#Kng)E~q4m2NAYw;g)X+}-$Xb-r;M{-QAFbvxWfeXjYy
zx`sH;3-kXR_XFz~$D$t%YDkMP57lvVUbun!ZzxujHlq1UM};`c^dS1i6uqnb5?OX`
zoO1gtuJq4R@K&*>nvY^n_5O>DL325|d>&(;%N(v{F4rK7=Ah$8W1O9NKWo>$Nb`0}
z#~(?(MCvE;UNY~eF!xks`@s4!_!q~db>%p5op&4~Uq3SFZ@g=@$L}}zt^7#LzZtpR
zT>uZ-1)YV)3CFz^yO>8dymvD)qzGHPvOK%#ad3itCiJZHn`#Fdli*>^i^@YyaYN$*
z=<Lmp@J<_hh`*w3&1)y$Czs#I*lu8q*E7~)#(W)m&pc#pRPQ-3o^zGh7zd!u6Y%QS
zvNOLfS`sd5T+n9o!_<j;!53(7$8{RWkUD6)(j8afqrX{<v2xkOrXuKk8gM<}9+j=}
zJ_k?KxfR7>_mtshEO5sKw8!qHeS8YpcQ5lb75rgZlj5}3jx_2ETBijX@YQF)$LpBy
zu1oL}GCv=EiZ9?}m@D4Vg8sPrgUIlMiz=qA_6`kH;UnlUN9CZm5}O@YfxIZL_<g9U
z(i~N>lC__;yn^3x72Ek;$e7h{oQYjdziL}HWTo3v(Lo$#`OS?@oW-ed@w;$&)CaPW
zeW>3tpEh7&wnpiCMsd}=O)~^*@<P54<ukG|*JEc$hnGz;nl-3?Ddk$hbOt<Vt!xn5
zI0riV73~#bH=`F+_>=>CS+J?Z9&gd|Mf~<wl#=UOW4#1;1(}~yzmWO$SHFt+slL~q
z8~UsG@Q9khQ9KJDiEPn)edz5Dt`#1M6o-UoOM^|DS#R;!O|+wZ#klh5I5G}XhiAga
z^H|?S<>xhpSfAN8J~FNm!pHLR$D4F65q-9KHS;S!l&&$eCf*9~A?En|56{t$jU!yY
zoAc8e_X^%iGNSwF9_B4yxpX_rXAbOMy;v|$3&q)Z?y<g;Lxm6PKG%;I<E(c@i$mx~
zYm>R~8Y{+mT*)<7jPqGMmo6zfinrQN3QeMYC&oF`lVZ`y4V3BqvPIX-7w=@e>~%zA
zoIidH%7Fio7?fn@@!yF-d78Plp(lKj7?cq22#$(Dd5quxr^TSGWK5qV2IU)lVDOKO
zK`H5HEPqc7%52&>T@1=)Jo`t+p!gpCpN&EJqBXaVjzJk}&;MUF2Icwn|98irJk0p-
zX7Bu8Ee7Q)=%KO=zr^<!rIW_Qpp-D@{$fyWqFgd&-MZ87yZ*lsgK{7J{yi}$Q+e-S
zIR@n@>mb~$ap5aNCq6Yss{a_24s61IMhr?OYw`EQp!_f9_^%p+@*U>(Nn=o!vVJ;;
zba3+1w{}i6Z|xZGy7k1@+}KJ3u$cy8I}O5y!f(6WLrj>fKH~Q5Rz9uwv2Bl{Zz@-u
z^cv}b;j!p}CjK9HYL{|e5xY@b86V9@*8cUV-Eepn`Q-R498)##zPza4FZ1@O{oooz
z-U8VaJRdvRSo<_FzOUV#eq8}})L$!&=DoCeWM@s9?BMgU0mAO2?9u4psxMz!HS=$q
z>9T%*i{BfR*K0g^zGhnIg15Ag_v-CR_MGtZ#lfo#^4ICPQ{E`Q8FjtbG_sr9Kh3?%
z<O9pXz79_)u<k8Q#=Z^_1EJW+_DM$ZXBnI9YL&OnV2?h<-+XkI(S7uGqg(#7!()u@
zBNL70z%cfI?mYWC&j{HH-azMLgMtzE0y-YU{$I{LN6baA+DNXT>*9^wcfGsfz7ALA
zPdg^Fcgp;T)2knaonXOvYsTja2N=WZ__XpFGQb=*bf7Wp1ZQ((yVg_=zi#aLqt=rk
zqCU)-Tg89v%r=S}nZNE+vF<~Q_XNhW|G-5dw;8~aoK(OqIaHR;9w_;T1g8d9#-bg(
zw>g^_0>&C<tPSa-Z<CKgxj8$?N2BkW6N7Vz&pEUZyGd)Mds?f84M+&%59=Vl#XPH#
z<2*)E=C_|n@R+9VK0dSoKmE!pHeN7u^@fB+oXILOjH$`hXLrpQn~^YM^`?ZP=|d8%
zGBdqv+_!@XE3epeLC>?E`srQ0^@t<*cBub)__uoMvF9-E+nYaBug)-XRObM9OGs8F
z4~@RFi2unWjPBjoWns>jR}!BgpXg)!$F{65!7o^a4Ou&(C9O7c;na(lXLTLtS>zg{
zS?j?8qa@u=ss9JS&E=-Q`D$z>(Lp(TQXM}tgXO@Cyc<h8cGjk`cQ*GtaJmp2(Ap~o
zT{))CH!FWyxKZ_qJKMzf)9#>fq2`Al#sv>}qTEIfP6+m~xUiBqbKL>b7az38o&!E?
zh{1<9&hEvB2>2i$0y(E&9s{kWKZ_5Mx)W$W3!Lk?(BD1weDC`8*w}iOfsZrCoi;KI
z4wR)DlN-q^#|3q#;M?;t?F-+k;TgiU0PP+D-`ZE@2lugWx#^+kI6CsK@uh=<@`=^B
zJlVp(aGWvq=rvIvW*9h!xeKoV8c!W(T>NlSFYe~`gS!RC2Ipv9xlf=6fAg46hVa+U
z_w_G>zvJ0|X08V&M)$#m$BLbB@VM<Qa#PuOeCM(#9`^?uL$JX=-a$M6%CM=3fsJvH
zTp>1WI-ui=Idj@=)A<_ky>e%C-}f6S#%+opaQJBw_$^+#7u?<eZilY{H-|>=e`s{y
z*d-eF?VmGWF$(fMS0g8ovE=+HK<-|J{Jj!6d<F9Oa(tIFgB{~%AgA+hJve#SV##gM
z$~zPN%@xEKl$||#WR};MqOwln3BvB-*>PUt3vArh-qvTq?OE`Ya`;JU!hnP~;X|w8
zD;h`Us*KOgK%T7P^D90Bkt>6cD+l3YQU3j-gw^oxCv5)x*yS59cnAKS;5zs0Iq>iM
z;opCQfB$XuV+n7;ORX~a_k?e6N_gz@$1do32LF!MPw(ojXLL{a_9Ok*gMatbgMUx>
z_M;!FcQ5=~b>6c1_x<p1{r@WexjWqA-#QntfVJ`9D<2Af(K=?pi#vcpCf|x{sQG?$
zy~Ix<>`QN^Uf4Y>TXm6J_12x@d{2C;GRV2r)>%*G1%13*#0NUE&f;s2p%&aYK)aG9
zKIDY-2|s?_igS0R1&|ZhbB0)QVh;UTesSvVy(nrA-S8lJ7QgnNthveByTE}{b0<XH
zgLiB1%`-fj)7OK}!oJ6$F7^gSi5JtqC(+1FBxl9#?5}w8s+xnpXy81Rx8hCaGlp|c
z9`Zp-A4x+W@ytT!Ay!*$WU=q9IPStq|C$bDh-c`ob?NM%F5*4;v$bbV|KR5p;OFIx
zZ6;%!!C3Rb&tF?{>7EG%zBurlc&K>x+^sm`gHwPzzEA@gzrp;H6N%@_F}kmx(v>40
zSu?S+ZRl`+;+gcxc5-!S?<pJjY^%%-ZX;iwp1;C##nbBd%Yu{r`#1b<yNWns%AeQo
znb<GnR@~-FtO&yABIJ}@gP&geAJW&fAF@|@CTF^GH#}?Z-p~4)$hCdQu*cbhBzIJ{
z2VZXuy3gS}qxpUGxG;4*tbLd`rZMEd^wCBbUu-<`_Aui;z#UfaA+t}E3<!315*v0S
zGJlxCzBIo4WsOZC_RxLgXXqfF@pGm(;AIWa5tj@>mc|2LFa6h%GxF-Cz9!*JJozw*
zN$d=;AH{xAa|->fW)AAN=39nO`_o?H+3FI!fr4_suj5jKn4{?4!hx%ZYoeVFa3kyW
zsZFmcRu4Yq!PlRJPWTXa=K1)ajh~)<gSm=VX*`>pO0;?2Eg8ct-NG=22g(;s^LXO}
z273%X_o$pOc~kuGF?7lbFW(*Xqxea3OId#N1N2w8G`eq)k-?m3ufMUV?*l)+GFbG&
z#DHQaI~jXHIdft>=_BB!!#StTKB)AInuOE<XP=wn*h?(RY)LCJ)3VdgF_zr?Y+ai6
zF0|*jVPwIwLhjXECVIoaFS+Gm9QfiVRilUK9+VR|qSLa^v4|MbJnNmpWt|f*4|dQ;
z0sj9t^Atle#M(0{TUyp6dXa8S4x8ozU|CM?N8xZ7d=M<X^t11gD}rNrwvjl8SX>%o
z;n3JnEqg3l_fBH=K4-=UgcG&Q=X_!|iCxXz#=guhV#p>Ezga=vb>u*9-gnF;6NgmI
zn^+x4D^wo%4s%J-u&Q~!Np)$JjA=IK59vR*ERmQ;aDhB#lNPeS5GEFmTw2y%Lzs2(
zydGo@z3Wn7&xx~j#loHFx@0w3Hjj-XYU6JBQW%+)HPXmg2fnGVmSNGpgnJ#}qWav4
zOcbvP^WW*)N7+a9U4?u*UEi^7-N+c6bx&ixW7pYxfS6q2-Az%vTNx(jLk!-T{Kpna
znl;mtz1U3q^jng@rg2+fL?BH$Pd1x|;)ZjH!>w;Hvn#UE-=72?L);00d&pP2mwdI)
z?^v^rINHuOc*k$3_w|aePJ4^|3+b+*6@KXPP3Z2Pc;en?`<vc&UyvOcIQBL_`-6Mg
zKhpOM;bFBgw}MXr<A`G%Z!(Ss#!)b$CQb6RjB(5YpNL7UxQF#y%oyUxnLEqQnOnyg
zO2}QJF=(t`t#ESY(g$NeDDMu$#|IWOhJ)_&vbQmYQu=Nn{#Ikiqz~D{=F#MfM9=$j
zhy%D3-k6Bq)*UU=zTA_a>D{wC?*Z{nSN-%0qp=>&njCrT%Ak1FqCZB8k59}G7L73K
zPY}B#+Nf#GBKNhY^F3&;0~+fbOswGVBE^EWWQNLBmwl}y;m_n1X=9ebn<aNVCg(A+
zm$j$$1^SjOGvM7d#FDhJCwnbr24#r>qj@8Aw2yk5DARsx8|4KWFSu}}zTv-@Ti>an
z8GLV`{$Xs{Qrg<EYIN6S*0Yq*rPg<1D3|Z6+2>yXt(Nl1z-KA`DcLF*ynjJ7FOuYi
ze4FCy;_uPt;2-ZxzMoRgSjP8PKHlGbminDQTom6Lo1eIKjZ1Cxw2Q5j$aD4AQwIDJ
zDAPEszL`^;+Cmo3x?iyfCVTQGGT4PIb|aGqAe+gvw49hbVv-blK+dWyM~Fo@hR;T^
z_}U{GyFuq6#<u2}u1*&`vKhZ$t$Q>va;clYJ<cfp1NSM$8D013j97ek<sNuXr*BdK
zeIO3?@}2uKCe^Ido|qr_zRfsB8Dj!z?$kh7Is*QHXW?r#_#o1;kynDlDlgI5S;`|W
z^Uz9kG08mHkKcEvv^senJ2+#VA-+#;>pXN#7r!N2tEd;|y9*e7$NpW-cO89be_nm4
zUOMMv8}Xy$ndYHQ^bv3O(ec-1_f_rm&n|Nt0Z+B|{k<Xb?LJ|cD<3bSuFj0+5sPb(
zqb(A*;@u6v<N$sc5Bv7KH*}(z!g*F;!Pzs#5te?(IN{4Qp4!2CRtztFiRLE$CE8Ej
zDx+TcmHhPKrw?>zyN~$JQecqhUGc6Ty&Zf1zB=gs9(O$L4{23j8)&<NwxeSj(wT`q
ze<f{ufJuidh5pIQ!&tnAH&BOPCob8ThR$HM-|fcd#QHwNdhT?MX&ucu<`QxW1%QwA
zBi+&WBI^}~PO+f_wVbE)Ggrau7Uodm9^1Lkf+e=1E3UPU`PXqqZ?7w^^A==&HuJlg
zvOSb_GM0mGaz>j&TPw_@0Q|20`ISb!@-0+x?sz5Vj!QWwxsY>`Ptg7X3s&CF4YXg*
z{bYry#<T|R^42^x-sVL{u#vMk>&f}h#yGEKoP}CrU=y8pTx)>&&Wf3DBWHxj!M0_W
zD>dLUy{&O(YHNu(wv!l(knp;Lb29<pR!RR0=~v|`w5d4RP5k#FmrKBHmAjeWV&*s7
z91`&IDPleeeBLI<ji33<h&f07wmqK%oC$3}Pt%-cCHtpMWNhmH5#~hh$8PX)i($H2
z6|-|Y^V#bHKdIYDJV7mE7QRlYUb`-Rym4qh<)WFr`0Q3P7LPl{iU}FVZ{;)XfQI_6
zcNgX21!p?PobHa!U*`rCyBYVlD4w>kULCBLLkm9UrS(XMrZSKt>G9A4G{||(`&wM_
z0dG7xq@e}HP6=15z||rfSJU0`ohGp(e?Wet-%>v=@LPT>-tjYQKYoltJ9T4Y6wJ@h
zv0@ZlH_x$R6prv*IIjJpef(C8k%w<5M!|F^TQLgfQzqG0@TEB)icu&SWc<YFa5u}2
zHVva$v93l{)pYj>Gni+Lxh;%N-*Ix=$Sm%FNY5DP`y}=HJyS=#<sjfLSgf<h{6l=;
z%2%)jS?~aRFT`<a|0Os5CUjrc;C^BcU*XJRBXPY2#Px1~MgqL6eEFJt-!p2DKKDVt
zXG)V|`d)7L{cnFq--|z@@9)reY|bLd9byc(R5GVB&1o*N@8HoL%&D09R&rKP>vqm8
z<S%C$tMG?b6L(ep;s?a0C57f%<J25`a~ORXuBLTv1lw(-3!NaJm=>q6e0<EM^ktAI
zs`>(d^Upccp#L6XozwA=v@sU!11lDjvhL)wbRIS_<OeRsz^Zwd(7$kSC9yvXXghov
z=Umf_X6Z4i@1eeTpgA}1OZdiVE4kVjAs_l^^~0Wl+B)BEYl7VtYuk)G`?T8oE$zL@
zI$Gns-dIut?dzTHxx7Ef$gN?lWx$RzpWX5)^j&LkHp!uZK^Cl%LRYQnKi_a7>%Rsb
zc^5c#Bj4&1n}4o!x)$VJ2miDAU&4RrLU(2@?c_rYZqaiC4Q%viZfx1+dDvx{%(p!a
z-A`~){!`!*vDPz{(5mPfaL-h;Y`AJ`Ua6t6lq+sDkA0k3ypL}9av5_pm)_l^bFfJ~
zS8Q`xT2-@jhKb-mXMLNsW`20+bIeURb5!y0^h@k$uGZs@LB>+SM>_Ru))*2)zd@%p
zESP=x3}ap~YyVn9n&`Qfm^I@6LK;&iJXXIu!CUEpHR$FEzTo;Y(=%(E>8c3qs7Wi@
zaqqfHY{z>T|6<P1)$n{MK7BnWCa?HjpLhL>*s6Q^uN-62VbxET;ae{qxnNQQ=L(`_
z!b7joG%_8V?s;GYE>7A`yTZu~<gm`oc#THOZzG#qx-<W8Q+?5q$G}E2JhKX1Mh-sf
zC0UPFr+Jp9k5rj&0C$GbPG)j-S{&^drWvnsIPWy#FUz71@7-olN6(ZCPT%5}`Yfu;
z_`dKVz*qvnslbT(1+LDFUmuR7TRsB8=}F-9o6ODYi_C;s*wq!G9d&7*9pA-v;XE|s
zoDH0w<oPb(r00Uuk7?s=;1uD%;1nizf}RbfzBLByo&mZ3;~T&Mul?TD{PvK`EzW{j
zTo24P*f5iSHI?ziSul&MXrnwEnDHN&#Z@TY*<*NTc}@<_Ne5n@N2@G&d4QMKhF3;%
zl?4mcYk7Zg4l+H*7+{Rhm<-dfV95Wu`rnrqDdtuDB87GNIsQ=bdG0oQFx^P5AojO-
zTXvLgQq1{N4fxAA@LBYm$rzO<>80t$TI);&JV1OzWkYqgSN8=|KgF)U(B?<KqW=Bh
zzj%gn)HGXh7a!&mdUvq>?#@rAkE~WaIPa?5q+B%p17b5DfOeE4Likbz&FP$j#-L|9
zm(E_ngQ~0f=v?ex=A+y?@RDXvq$KAsyi7DG7)Ykch7pg_fARA_-KTaELud2d7j}X}
zGH}zF{>XE^^NNv?qxw6*J>7L)!<f~+%JP|mbssxrYFoP1($ma8mQVh|8UuMU>pwgO
zXZ<vWXQ-z!3D#PRa;u*xoJ&sAk2B9ltUeM$Z=9wNwW~fh+4Gcq*~;Ft=4CRkIrJr)
zQ2#UeUlcP(|7rS;o#QHdj=$=se~mE-INxDrSU6QpUD<-|7L1cZ7xv6EIdl$v2_GMD
zC4TxFE^<sT<~!~B3oQ7jgvQ6zA5Hx`s3%_BpR9_)Cpq+4YkY~Jhx-|yg9je7dfv}n
zo;dY6pZa=t@3`n)S%OQojT3JAAITUuf!9_!<N5#}hu$l)$NE>!7u{*eh2#)=!n|?3
z8`ha4aC{|t!2<rj!G8yj{zgnhe{;~-4ucC0UhBX5oM6o-DOA?ad^B$S^p-yZK9-w@
zUUv(8$zU91=sG_7_TmS!bkFLl>3!iQoLmHc%revFRl>8rF`_OFI}J07yiuIt#wM%S
zj-KN?3to;+6Q-QAjFclI_}xK2w4ZwpFcM4#GFFY-;V(Y}R$0^`58%>o0FM^M|DbcQ
z-dpza-D2x)?Tq;qo^M5O+iSz}Y4n`!=xrO&+cq+n#OI~AC5QF{hnfWcQpukh-m4jB
z)a(8Q!FT61oJ~Quxq~+PgK-Tuk@6ZuaV07A5^V{_Bdl*%D9b>P^hNO?YZPa5&;``b
zEaqwqX|Z^B)>!lo%Ic68CoDbL9omL`ufP@zy9Z`(^BYSR3Qp)Bk{8}vzj<F>l~HdD
z88D|4pMW`b!yFeMH=oOsE1$UXteuZnE#5F^<Km5Tb}rsDXaC|y=2YZ!Zz1g)lo^y6
zlo^dr%`w>9(mtNSyz4yP0Q=Leg;)5SB-=8cLf&AbSM#3aht811o*OYgpKQrg=FZtf
zqki0#Rr7XD1y6xrW=Ygvw-6urPV3CIQGZ>wqvJ%+aGY{(gZF3gT(H~uJ$ytnbsn?-
zm>%WgRxFSFLc$Gv1(QmF&o);|MJwMo4Klu$)j6|SzGTnF>z6%e<1cI6U1;NPDX}(&
zg})!(x1?_?2e<Uu8uU0~ge?2!5v`epdr>-gi?yl&*S+9+1Gqj7KdD9ktiASp^65+Y
z>j#0eM{jofgtuYvb{*{&#B&}Fd|d|KmXK$l0H3w&4dLy4{GCnUZ3+7}vXi~wt)G1v
z{EYSHFn{-#T7|cxLKo9d*v8u|Xetcc(=5D2HwACoz}pAG+r6C0SuFUlk4Q3r;>dm@
zH+nC^%IR&Zs`*q+_XOrxYZ=BDGY;5!3Tozs%?-C{??7wYj=npd@lU|^LC2V)vRg*V
z2U#`m$AUvYuvML#sUw&v7eg3Y(YcH$t$+_a(|TXYdPmDrLtwR4mQUHNk=!YHnp|JH
z-$CyP-Y2LlJdo_$0Y430f<B*(j7QHa%jWzuI>&q1q2C~vgTYzNcc?EJa*XjrW*ATH
zL)YOxghQKv(bMGe?}8`XNPZv55}m^yeej$2$q%)U_vFvaa_9f_Y4S*+zgg=O)jLu{
z=P>s4ikxZpTl^*}d#gBKCm5YBzm53M1lrB8<4?t_H816?)3aajOfWk6UFLYoeHqcY
z|B~mibFX0T9&Ag^S?@{DD(M+RuU#62cT(t4yZyiP(>}7tvQfXUGlG3+VWwyb*#97=
z|9s{-i~gN{^LbCdH&Q-+P*i>ytbx~~^XTN&5M6!VSh4_|%<@7L*uC-a%Q(s_CvmQs
zbt%Cf1K)~E_+O>}(1;0NjH7;>2cFFSdbtH}5BgYCX51Y!rgre*+?X+q?FSZWdja#Q
zq;2t$O8RW)TkV!ZyV3RQg`Fp+-@ebJ*Eq19ZNv87eqig!SckVb@GOiOyWn}u&R3yz
zJZPV56FeOs!wUm@`<rC<cN_in)mJs98tLY&BX(SO8FTwIbJP0lpuJ}X5{t>RsjR_o
zk*P<>I}dNO_+B;euAxlt)L>(mp)=LURz_xZ@~jL#SA%VvMLUwqXOhFOaK18D4o|`l
zBV0Ebe~%nytz+eI+w7<uPS6_DPZ|8i))ksdS8ksk<>ja5R+jwkX6>chJ2?3;FpRF*
zsdbrGw{m6nrLjx<!0azJE(vDN8ju_El-%&5$MbnlHi=+e1KeJ--b=DzT?(w%@J#oS
zmH}4}w7~xU%i^KCXjl4Gl|3ho+v!I#xPi9%D~t76Ex^W+&uR*OxJs*jQs{1A9_zFE
z?JmI_`Uh9~w&#(~f^Jp?O{8<~R<z+6f__AqTffN*0^X8S0sWA&Hh0ZB%id%T{n?qq
zJ*Q1%g4Jd<G|w7ZZI0*n9l*Z|9_`eVZCnS;h@Dk#U#s3m%I>Egd6g^}tmL`$TiJiS
zzf|*BL7Di{UCc}U<^xaNwQ-J3M}75GWW?MuaJCxR>AB2*pJHkRm#v~%;R9``-J2~q
zC56`CEB*?6fJ+-ZLb(<^8AvVQ;gsh)@Pa-v(486;(*n$5>ll=K2awZ<yB7-$qggQo
zYR~dN@xEv&i*lpXuyhd*x})`fI5~vC1KL~a;oSn&0q*!kEWhxX@+Jr-%2$z&za+e6
zb~OHZRa%$sn=Oal^Xz%aMkxm-lbM%OzL9b1-kmbWnaJH_+##dfBun#{XAqn#XKiBZ
zZ=fs>UfRaG<uN~#wJ(QnWML1;&%*xCT-gTs>@A5eCH-zelOKKS1TYrf-hm7&0}f^I
zmYa~rD62`Tr#gr2I`X#_*mYhf=S_ILQJ<J;)N4Lzna1uTgQGgC;-0t0M|D!+i`Kn`
zb#Fgq-BUw3tTXf4y>yVV<%Z=;yIO4hD$JZ;qi$Oaj>?xH|M+XnJGR`U{14z;1l+aW
zhelk$ppCJKkB?haHIMtIY&n@6(mB*_^yVG(bvN@;y_yN^yMX6^VD5he534!T+C@K{
zuLk#(b8l2=4*po_f!pazcNdod3&F>1$qcwwd~3}B=JL?7$kxVHH(POg<v*O=6StQM
z{Lhr5Vh>{xzGysOWIUpSKitE-&X6}r_iyb(KWpb*;aTHG8_$S|ibS|47hP6u9>Vv{
z{lfK0tk>4#NtXWk-Urd|yRW~0-u&yg-lq6)FFKoNiFds@kUUe$0m-}jc=vsD=ws};
zok;jXSNW<hbTzoWomJ#YDqGdi<YS+hJi&W>D@Kix|FM&Op|Vw<SA5NqcyfK|zGvk<
zl)hC$j7>H;SmyqGm-mHB0#)oYV*hk%4{H{2W!aT0)+ooiPdu+YyUVI)vZu<pRhPY_
zdT?gM&3xDctsla(2Hw{_Oy$phz9}1AD**>~0`nU79u<#OO)S+u;3?a`jrgiI;1K0i
ziJ^m(sSo4z+%EZ#L_;R;*7B~GvMl<kB_8b(GcBGx=G@tU?}hheBQIPAy;!&<9~1sC
zaBCsBwSaN7vv#U?=v-s%!?zgqi-1`<Fj0Jq_M>-jez}CRzjb^UDV`3U*GDdq3dV9X
z@f?e|XLnIK_hH%dJwR*&u<MM6m&pb=0d2S#i{SdrRcCiCU3FGd8U1?E!^@vNt4X{K
z9k00c;`FZzFKUU`T2x*(&F75^WSHr%meS7x#<L$=<Ik+`MB0ii+fK~GxiMvepXz?y
zB^?c0;cxz+@@3ye8|gc^`-Q$T++XM_g<oVao(|@p^(^_iu(z^SJ>2ATf3_<Q-143i
zw>~G?u<V7bRb!hLF&77(Gb*d*k%R!;?}cZA4bOXQc>Vx*mQDCpa1nC_*E%mBJ#*O(
z_yzHV%2m6^0}ht0N^dHrT@SFS<o8^DUxM7%eaot=c#?SL(9N7m*k5j=Y%*iD#!qe_
zjlY@xAfVJXaPByB*vkJ#?gzGD`ER|nE%~GUi8Il+XxU4j9zLQ2@iNCBs`-C~d1*Z@
z9zdUhWBYic{@T@1Uhq4<PiLRS+UJRn`h%4&uazesKTY?YapYdzX>?WYG`lKi@HrPg
zzZ0GZZ@ZEH!iSBYHip{XeGq(F<VtNVI(hk;&co(UE3Uu)-TA~L#vymCy$NWR*bnIZ
z@->Q6oM^>-#B~-C^P&2)u5Wu+@rXAO_rbXaVD0G)6PJ)RcyvIyVZX}!H9yHuFENe8
zDy)~^C)tZU-eGj5?=ZRl)Vn@C-|QlOuQ_f9=l@;gy9BQkqw%IIv2`f4{#Evvx0`>O
zzQO##^lc|U6WnH=-L>8PGynf%`ftpVt{<D}U3*u2Cb*aH7pqH}o~%x9s@Or!e8whO
zvF6i$&g#Smh}{g<;uB~v6FaL}L-L|-iRxw_KFc=s9^HkN6slxzemiZfrM)T>TnAUG
zs?YAaz{VA)%{?b0TTgF;CWTh9mh%$C+g-%w3?MdVAh9`vh|L*HYz}9smV3#G=c=zJ
zSH}DJU!)i5T!r{(Dj#A!UuJ)7UKV=~VffiWx0%gd4c!Of_1Z(rokYG8?8);pUB0XZ
z?3odVbMOz`rI4c-$Dy6Cj=O)|sPPY{9UE7dcJuf(X%Dl;VPX&)ShF^A`>T#(BWjj?
zvrG12Nv!?_KaxJ`lnej8L!)|02E1t(=QxPRv~*Udjv@UEzhen{i2<MYFs2gtllET@
zB-W)JO{`fr8T|@ctf=Dor<sFdaO3zSGuMWh(>mM11D&&p8|`mS9wFT)THm05@hPXS
z`f;9_%mEp`WV38pWRZ2wiuQEh1~CoU2i&RI6N!@}PyTM@izbG0T^w<}t&0{lh4@sm
zFSHTffc{c1zny$~^1UC1e;i;>3Y~DuF=Rq4{4(E*6o1*SqjBr}j|Ukd*k<tiKo0&9
z%hx2mA{E)47Wx5tG;ukhF7C!oK^Ev<fCl1j4$^nkvb(!f?@Rcdwg0I$7ch?12`Pat
z&Y;}m9yP1{5x<pBb|(2E4p+E*-K_Ug<kuy{02M}N_R#Y*=+;Xc2cXxY>)WB%xXv<Y
z)XDSh5xqm#CGb_j;sCrM1aDAGSD1GScxNi~{eb+u#GtgW7krrbmiLK&X&ICfQ2h2C
z;P#v72?yb=;$@<F*;^iX|Cnn$>%;IiWTu6mw~lxD?nZ{_PS4F2UmgWa@cjUjCum3S
zw9N6WFGqg9&wTDCH(MFJ_;AGxpYU1p7fvtj;BIW*yP9|O{~&(5E5Q}5li+0n_Zj>@
zxx5hiDuB+eg5Iu#?yev%{c>{MMSYNpDS9|ytgRRdZMsF9F6#83r*1(~S5CK0o6zOU
zqDkG|c>*|n4meGNHi>b_?iywU4>M-j(qYDxb$)d2=h?KG#abOkw~`$C?Bw-n+G9hv
z;q2I`PX7p__$aubXA8mM`<E^2YLuS<{bmDrFS{s{??&5ZdlncrqPND{i$}2+A25uq
zl6Rt|sjOWKZFnbP51eBx8Hax6<dyy@c$mR?y^@)ic2*ImQwH8j=g8o<>U<Vi+y;-i
z9ULWxwKXp7$-c(@9#xC(>iRtXo~lJTUBr{um&}~nnGc=@5)uPfyT{D(**Ll%eJ6*t
zoQ5p%f}6s{MaY_|+*`bh_wtC1VvhlwOto^)>;CN1;pF5=53k$9d>q`Y1SchPy1_@C
zuPYlwWGFcK8`iXw*uOWy5z(2gH(5CO$1j7EtV_*>(REo3PCnos)tcUelMbDZ3VCdt
zEaRP8aIza*o(fK8vA%a9^P~rCrY{Evx|pZVdT38#!BKeQxS2lb$0olWTc?aQYhlf#
z6X;uO$H($d`@kn3G3{~Y%6W0F4Yv_j8271%{L8Az8<u`C`9Jx--@@w;=L|gYwHf3x
za`1X|=&yCg+O0#*aCQV+V;|=c+f%!8j)U9U&s7|TWDfG=<qqOSrH^)uH@bt+M{d62
zB+cxJ;QIc*8NtrYW>B{5^tn-3=GZu10FECc#$IvoqSNpFuMZyV+?*eL6Z%ygS?c5m
z)55Ho_?u$H+K53{`ATr>dH7!$Yi#*H@ELvzeXkvu)yf}&4EfaP;$`f67Hdu4gcqmJ
z%;{8|bC@#?>EN!x?>FJA8yIgVHr!ESi%&pf>F(stTfvn-AmhrkA3$3f$R6zr$oFwO
zIDsFwxp9y&MgEfNIKNMAw9`fz|I0^KH7lPFm$BA2fOjUip3N8*jPW<$GT6UVb!C^;
zqg#K9@-|@Ces9#?8n?D;-pv<5OXL0B`D>zO%ENXYy6*zU@-l0cxhCl%>6+t!{cOs`
zOT*($_I}2M>aW9=tIW6aQeJN5rR?BY{!_I*xheg;6RzBmTSor*wh8|3f#9Xa@WOcM
zlVd{Ct0lM6XHM^IhbA@N=kmz|$N9)gY+Rk4`E5dS;239HQr)Su3T^rwPb~Up!RyK9
znAY+SdSy#4vcuO$wg5Zmc#KWQXO=COAY0f|*&?2kg}g5qoMzGQUf`iU1g)`nnB+q4
zjh^+>ue0$Cnw{=WY^@yR$dR$gkuk`T#1NTOEjdy^ecvrcz3i6HL9+$WtZ;I9r)0;N
z&@bs@KD4B~ryq5GN%lY@b^jmM&OJWL>e~CyGvP9m3nV0gB%n#aOA;;$0wGo3OhRjO
z!3&5=ZEFIyr@4Si>xF=tM0#pM&^CyovF8x9wwY11wBSkJ_LKlUeS@g2+S*FbDFJLd
zNxU?b%LKuBzrW|1CmBM}p3gad%;%YBKl`%w+H0@1_S$Q&Em#i6Xf2fSTa*9N(FWk-
z@%$IBm!7XQjX_s<41Pd4NB7q^jYlQpp){usXO8^8U)naqgN^6fmz{gJRYzGCYiwjg
zKF?R7+Xkb4NgI3PvT=ENSGwPlt=K|XpFWO1(B;r@E&dtX`L4B=_PFP9zC`#Up5Iyf
z^T>`Q<(U^6o2&1UHoXh4)>@`+$s^FX>U)8?7WrMavrjv#=EU!qgq`gq{If?kv73z5
z`+-;dhOu5EKPNq}4L@~WShy8$bbGu5^UUO!B8NXvHbB{}uIy^fN9m<b9%8=k+JbLe
z4>n-wav8`N>)s0F!xtGB@w$LyD|JY(IR%dxAn#UJR<-y|P%@T#pZ9{ZWyC_&{vV5(
zq!4QeH|KD~H|pV6L2N?AVc!|DY{4o1<6h<)`{2%g;$mxDQ~a5<iJV{j`-7hgie>`v
zlwxcjS7Jw-!mn=Knqci*%jfNl&Z;Ye%DZkF_pWNrvQHdK|0Hjw%p=wX?Pb9?PQqIS
ze=+tetuLMajSu%vw#eIE*mRurHGRAYJiY}l5G@@cuB!ImpQ2CNgO|)d-(2W#G?LEu
zP2(<_)*KOCTWebCdKX&O8tY=7p?#y#uM*I&CZLNYqLU?|n<caMAztA6(ap6p*zW+J
z1z)%MBXwB&-bbd_Es43z-uEu3PP)P3k?ebqnxndn=EtWpk7@G+@=LZc`ADd5-@+F}
z=ly0d?nbmRSLO7}U7G%+)(AQy`y}(g{mO-wZERp_%F{X**RtP!m)?I|@`ZaeVv!pk
zqgyI|f!6dor?YZZ`_tKGOli8ATwT1UF>T$xjV;)<EFZTVeB4U;UV*QgzRSmL(W;cE
zH{#>Am3R5LeT=@cn{#u0_)f_VSIeDbU%L_?H|_aE;X}x`7`|2f$cqk<Snb~NSQ-q`
zI-i$LJ2B5Sq*deJ7Xu8ntabW015XUa)i3<;@wAPkbI(obR?^=~+<NQ#QCT_LSwH3T
zJ|kgc+RTJU()d5S*xZ;_Wj>Nt$l1(H=9TE=DC35Xv85s$FK@S{Z`{mS-NcwJW$bQb
z440rsFD5qRXv=<XkGIi0hq2Ij`x-{}J6%3%!F=U)W3QjcUAe4bm)?gR!kUMx&DG0!
zcgCsxM;E4`ldV3${QK?W*IHwwG1-hQ1HGYN>&nL|3#>b}zx4_<raOtn2X<peXk`w!
zxx6*-m>TI|1>hW?faVJB>JgnLF*nrTGwaUv3H_`yG<!zfFke0hY4iiR(!Y=~`xsa%
znUneSV-NkfcWh_giLnM}J<}%S7nrLvNppNF#0O8~OMa-(T<u}qo;SMj)-}Yf4su5s
ze4MF<FW&4%?txG7Pq>La7uMK^sUJP5dCOAdJY&Oog=)rh>C2(5OVp0`O1zZ&Ouv78
zU-q!hP&xT<Ea(4Y@ZvV+0($}6+hh0+eE_`3WAU49oHfLk`px*o;CGa<qm{WJT>%BQ
z!_ED-!ArcpXkt3c9@h)}PXL2-Zr!~ndzYKIwYTy;FUozOn>AEwJhq}l{AI3qg8rrX
z57M93M0_5m$;OJ!Q~l$tvV83|ZX1D*c31B~*7z)#J=UGz-=pq6aB@HKivN?l&UK#1
z!+DGR8q<oKnqofLk~it8TLtG+QJw?ZTgima7nRujMY>|0)*Vso6LmeZ1mBzz&NAfX
z=xil^&b;TOU(NY__=MIL4qZ;XXj;l4_{Vf?;WhMi8gM+$Q}{dy{KwEOg23+deKTij
zPIBhNhzsWaTZ|<q`VY@}oW8T)MPEB(==&A+-bIG`K3-#+QvE8hso#oKt#R7M^G4c=
zgyrRQU}4U`M!fW=*i*UXw?p&fB=ZD*){mdc(o^8+ptW8}^BbBcMyjR1YCg$6r}uj1
zht{Cdi8U_T1JRl5Uow|l&xGb_J?UXAduJ(5uBWNe^c?8D#PBKJblnG`d6)D3mfjWC
zJUs&c(wvkX<0$={j=n%UOTGjz(U=YJ{ri6p?XqH`Fg^}$=cn4ZErqU6zGn9Y-Y`I{
zVardb=uBv?(=V+x8>mw>+YmMRz&d<JGzZ!khd>NxyV=tc%ub$ly@pSG*7`o)=on7(
z8Pqjf`XJ}$MmjgA^Ky<)C_YiEmow+voPB!Wl|6uU)0=JDbLKpZX?km1*rvn}g@Y#S
zIVV}~w&BnIHt}6UtRbEU=WY1Xq{El1IpaK72RemShsT@klwaqR&!IfJh{_+J{5|w(
zX_S%cz|sW0I`x?J$tQTolcO^_z*B(i5*!u`d$am-n9n(t_pZq|qN|TkUm^P`PMf#U
zrpl{s#h2C`eFB?-)0X75)7CltCa?N^tpoRY`h6g>j>vw8%U|u3AJ%W_y_{FG^j`6L
z!Bzkd(|+IGz^L~_=m5uf%C4?HeUH7Lx<cOZ0plXjEwUpDM<<xC&NxW7);MY%>=Qf|
z?j{L$9m1W~tS7;L`o1hH4nj`leeJ?s?=akr7w#ypdWE|(=5Psp6&y!sPq-P*tD(JS
z^Nj3PXWv1obm>@;`c;5F8LY?Emv;K1dJlZ(+_l3;#OBIIPI<6*Yu`Y!CjfuWFtF*e
z*ItIaDqzk>&2;oc`I?`t_s<3gn!j!QG~dcO8&&?$x&Eo_L-%XGWzKF$`x<N3ZtSJ?
z%wO?>o+Z!?x@daA=T|pLHZxD#s7rdQ_}n&d<M8(a{;R!2=6$4G8ot($Y-zM&Tf3Wz
zkUx#cpFmVbj`2YHjl=VX7AjVCBDzZwI!rRU%tUk=;#9BWP8woB>r9LEk_vQdtvx4$
zpFw#Jyl!-G6FdnnH#8=FSO2s4HPDZ($jvkBmQm*|)O|B;+(cVT(UWfU(Y7^ywvKB0
z%b}sxVX{62e4*3K-6nk9Xf*!|_`*hi7QV3kcZi4e0H1JXf+xQv6K%Wo=1hF>fJZpf
znLEW2exCi0a+5QgX7qtp_CP8#g1MeO*a9=n)kXBDdg+CCiT`e7zi?G$<zNhH&j0N6
zKp)u&7fi_C!}uWY+>~2H`&raq%~S1E@=QNtu6_Z#qMn>1g2vr`GlRXohmFnp-ax)G
zo&jL{D$kN=*8E{wDS%eqp|2UI;O)!{r~h9it%v?|2Df?!F`-4X>T^9~p*~~FuC60p
zvNn2zerBZxbMxOfS8qd(Mz-|}>g_xc8pQKL-cQjEvak9*?8Z(TqEGA+)#cdkL}$JT
zI`c7h8Qd44y;$~XmIQ8Rj|4ke0K3-~-mj;RZl13&=R8Jd9x*;TrmwzWLM?dA1n1nX
z8zWqL(4SaK^!sKRjFI-+&d$4sz7FPf6IX`#JwC=z`oOC294Vq5(I0aQnKAjm)5yWw
z82ch{E`CwLvx4s#<deNaW8L`3qGeegV!vJO?J&%g37yDyi`LFWt?r^t<*D4bXjwLS
zvdOdm^ewqg9bcr5lGCBH#;;Q2_g)yM3ytOv&=pUxhknSFQvDk8#ge&++*d|f(Wl~o
z_#^ZPKY9dv{EOXx3FQ{;GZxE!`Ydo1uS=VdJ(@Fh$*l9G50SnQ{#-QHTr6971$l}N
z8H<zYXVJqEX=UbOt+Bfqmpy+^v~-faJL{IzOou07&nY++P6IdJoTa-E()|7Z%s29z
z>DZ5evGL9+H%>7<G3?7!zY1Nnv0iT=W_T-jmX2=D-jX(*ewV*HL`y%W-wrKpJTgSH
z%b`>8HtqkL{GX_C2-C7~bBMKG2Kh&#vu;-~_ayWg+zVc&+jt4Erf`E7;UMrKwq<<_
z<4o%f2WM`+S!K{wddApzgug8f{>fOJ0e&<VZxQq0o%cg?%TAiB>xtKKf0$NYBfaN4
z;WFSkc$>LcwwZ!}jk{yuO8639r-9cxWMch?LwKEH;dPS#=`dcOC-xOGb&2T0f%kUC
zvJ1GJvFrk_iL}v0yMt-8t3A&8ch7BibhzC;eM9YjGE?I@(f>fW-A8Cw<LO~M(dlEZ
z2KSM2RDJk1c_cqS{`Sc0R>{yTWJ3e~wT=wc`folmV!v!y;kD~g&X3r(7F&ki&Ka22
zF~<A`Xoo$Ve);#+K|kWF`MYdh=9$8p<sQ~s=;@M=ZDZ`YniU?OHelD>b7byR(nWtm
zYs88EM(8e5){f&{b)8SvO1?U>_Aq1n7&1?^Abzg4v<7t3&PejLb09Qdc}H3|yV+NT
z4t(wCw^kp+y2TJ)w5CY(UjSYV?qFo?#r-qD$vUr!d7*k6!u@Tq_}Rn*_rlNQI~v*N
zYw2G(@}izRS|h)CgKWNM_t(w3;+2Sb=JdCfcC?P!5W#;oz<)Zqmr40U`?L=@8reMt
z89o+S?nb7wKff*-JCzGPAqw4zSfPn^SBoavridm?okg+taaNhD%_+KH*+qN}+mC!Y
zv?#krfWEqB+h^|n!2CGDUcP}p<uty__kDLRF?X@UwP{Vw9`xss4gM-*4KW%^*#GFg
z)aWQ<eS4Vka}&4gbI5}>zN_9w^kL}R(uX@4Q{lzYhks1H{}&oOHObg1-mYI!#)T=m
zU(<Qdn!-D_|7`HzF5F|wKz8S*Lz@P7>ZL=ky~Gq_ZJgtaGUk`Do|a#Ay86r0GZvce
zK~JD<&Rq1PA1vjJMSqp#FL{q5_tK$<Z9LuNMOMwh2gH(xhk<_uy0Y{{>BX)15tn0g
z6_3oM?#H3U0I^rQ40kSjOZ`T2xIJLomIQC2{4#UF{5JYXJhT3zwEc7X&_Ey5rs6%h
zJq2q^XgkE-(2=8Bn`m!E_w6S8-=$5Le38c+bLHcAIOdDl!fBLw;hYP&m)QeOguh$y
z_qzjFPEcQ-IkeW!+h?z}Ggza4j=ho=%O;iPznF1#Y*LD&(F$Be*c<RQ8?;F^=)ST$
zkpHwh6}yM_!;dm{x3RbCwA=DgXx9z2E1!^~z@@y!Q7KKt2Yo~Ov-WkOqoy>WAK<&=
z=|fH})q5#%q-q%x*~CiX(Dj8c)+vqHk+cV@b!RCtn6@SwJL<vn(^26yH{Z~G2lnHq
zo(<hKG8XITBlFveX~%h&q#pKDu)hu*Wi9>3FfL9|PBsPQmF>YmC#<0!`3Gqq@G$(<
z9dEp$SR03dLpBoT{F_diY;^h9AZ+?oY!dhddo0gVt{ffZD7KMq>T}aKV&^s&N8yK<
zz#L%yuCQ=7+5Z#fu=q$8zXo`j^l~@tw1wZh6FaZ2W9=e-UyNN@dC#mXVU8Cw*Nd3*
zUu5oIgWmoH?3?y}s%-GZ_^qm)z@_jR=HPP1QsZz9duQ^cNi^*<Z12<lMDj=SE7{dE
z;8Ehyx>r;3>ACAEcjehUD{$q|dT2T0;qWZYug$0IwUE=N-_VZ6QU12A1EJi8aR1t%
zdk_1w+2~jeKQw&5A|G`0rt|$t()N%h8~I1zSF%w5g^%ER$-yLl9?#IevGBoEaFGU1
zCWD(P;OGMQ;DzwPvBVJy`=4IB$o6x_|J34(<Lj=TXm~s3k1m?8n5poo{(aIvm@_%h
zQrR~9F2o#SZk3(EzJ(5;HE9mC+dGXowsA)PH0)X8cVz|GQjv?<&~AP|HW&VPLtA^s
zvd*W!eWkWd(qR8s>j2Gj4|8HttkIlIeG}cp&HcUU6Q8ZY|Nm*q{2YDj6!@P>zYlK<
z>lCc7yZP<qoax`PY+YvC4->6*(O&i%dZah<eeD#RUMi?7o4PzEdUx1Iu<{G&%k1TA
zuc<y={=c_@udjl)uYkWVgU4H;sV_lOW39Dd19!J+pItsA$ASGxo*lq;Ywrb?zB(EB
zB!72dKg51|AOqj9G|Gsl7T`A`UfBc<8IzzXU=tsU7fpRj@-(G77QZg>PuqSt#j+o6
zr%tu`w(A0pr?75ee2T^!JMX7I-QdpFYoAQJhk9DaVsj=<b)UM<sW-X$1;#-28s?YQ
z*74u630}5v$R>Dcl&=#zZ~9_$wbm%^o6zNIIA72Dv5_@qN%fFV>Llby;N-(gVt`BX
zMRAROA8q6cC%IwxvOW&&TFm!bh}{|Z<Y8cUN9&vD|33CG-*!!zqxV;xch3Imy^Hrr
zJl}Su&H0b;|G*i$yy)NlX3Y5o|E=}Ow=7@(CExE4&olIgt@u-Ou4j_grT2m(XN(@N
z^7<V6?%?=f-(8D+*B+lIt?`)#9=m1V4UbRTARZ@Gzju~>H`N*+6riN^=eTPYyrsjp
zmm{yFA53OG$|kV_-oFRGf&DWqopwSSKIxjb8vB3$KzGgM=5!Hj;9mG%_jvf6tM2Ly
zaG>~k;&Y<gMsz&UZ6kcbieHKy*W)vM*OBK0KK@ySwhh<4XZL~%53!WLQRr)-?9ZUh
ztB8@4hn+d!vfsB@ee9)A8PJN;$2$l6m{L6h`fzL&;+Mn@wazE|MhA1npYpKF?;`$r
z-7SR!hp`zv3NJN?$8a%taK@yDHMI27EXE_B@lZdeMf7KXxIcB_GpAGd=9FbG+bY`y
zJ`N!VR5pq4hu7Qoz|Q{AmIidKUgTDZNnA;6B<N608??SBuP34|l@<P+_IfDe`7i1u
zPxnK}rv*0Nh@Z5%9Q(paYysWV%;pmIYm5GUku|4{(FNPPA0D;cNI-wQtnO;l^lm@A
zK5Baq`fxAgzDQ(hdRRYur+jM4J^yU;AoQPI@-<0D_9b(MOmlx6G?5==tiBc;YcIPF
zSuOqG$|PHcpF-Y>Mx`4_9<!g^-whwWk2<zk@)#dxU={zTZ|ng~?2~Q~awS{-(T;AU
zm=F8NCmTTud9xDi`aSscK0VFzbOrt|(jzuNs|)xpn6xkDrp`Z(xAV%^y^416)!!+;
z{t9PY(IqUnve79r(NCE3Z#s1y08YoQ?4eHKQSlu<nakN<Y}XZ&hivFo$d3wi1jpu{
zjE!495UnjGYZpqNxF{S;hdSgBLG0PhyJs1z_o1t)-sPmJ?!S`W!&qiV+b~DdzsdNn
zJ1}jKf82DtuLo#zB>3KT;F~^Vqpt!l71(Gk_-^uM3%0g{C2Ok%8~-;jF9e5R`;}nB
zuj2h-uyvB&3v4OV(A(&%_O7<Ewm(5RmHh+vqKZFs%C>z4XVZTE$(Gh>Ha#YP+X!C5
z_?^V=AsLAu!6fNulHal=n&JQQHL~o<l)s4b-I;dz1j>rX%&iZfR{>Wa@Ly?{IcfXM
z=AWk7X*r~YqRcl=++rgCT<8l?+yzLCdt|)yjI6J8%0DKzma{jtoCj_|uMR-pvf)&~
zli1tN!>>nYA+57}^8aZd-CcRl0`2Q`Yp)DEG+zttA|DU)E?7!wS8?rCj=l3f*51hA
zp}k#TvgB@PUle+c2YDQgT#i9L#{y>@aE?Q-i2_dBhd{U*c-CwVg~s|q#G}Q2**`bx
zp_aqwXol8*QQyAmSncS+*kJCchP2S_#6AthW?SE5>aIRKI%~dx@6z+Yra78^KejtJ
zbKEfU(!XNlNpEz+-;hOb21Fy3_bq7Km)73BkQfR#nr|#~`pCO<$O+UV`d2ya|EP}v
zVDv2K{KyLV&l~-2^RbrCnHyRr#o0bK0o@fWe<W~NM|sWb2YKF%?%u^W`4a4xZF9#H
zEyS?eRJ5a^g?m4I^T9Fp*MWI1cP{(O1C52oPK|}=-r-RV{tHsD%MLsRZ@mAx3oLy}
z-&%T0mwlZ6{Uty9Me8@OU|buqn`|b}E@VhI{mjRHkvV&F+L!5{S9{x}sn6Yu&@-?P
zNq<?yys`C+o7QSi($+HyBlHZHuN>Q$txvoC8OT4u>%kXaY2Sjk_i$&3B@3`U3QrDx
zd|{bUfz7JR)zG5*r{%N!C-OV`dCz;HE$XZKta=+i2j2zGXzaPA&D_1X9Q!$I&j9_B
z?fjAIq5BtA$8*5*Tl!vvuTXak^fI>Y>U8YU1@p1#!t)HC(WAV1r7_V>)!0~@=G`z~
zHX^NE%Vclo>2`bbinyCYcG`xyH{|MEg!ZdupyO8Xj6-%4o38qWD~zQ&?@-P&fPeP2
z^l#?<ag+UKPD}xI=4fJ6marDQmbPA`u4;I19KTtg+>#r|x3V3ymu=VKosE4R-5KAO
z16p6cK)J2Q&Hnls#!~zMCiLM;UlhjEFaE}wInkK6Lo$#)e~&&RTPz%Yo^LF!l8&>+
z$(QYm7@WuBisrM&l9!I&U$1=v%19RfnYC`~v9Y;ZsV58AW5adm+mVI#K4Oc`Xa9Zd
z{KN1+m8)lbo+Q7U{0@Gjv8T(wzxOhi@4dfz^HyRnkiS|S^|7bCvlQ7=t2GC>jmDm?
z{`Fq!@=YU;bcOZwOZn$tZtOZvJ2#uj2ToukQG0?zI!Y6LtotxD@9uD)-*`W?<<@XN
zca8Pt{w}5{SN&yOth2m>c8=w|OP6b_vw4AH)YPNP-JFBYL;5qMi--Ro{5XGy4d^g<
z(>Wo@CfP*3e3G-(eWAJVkJX*%(wZB4cvb?lJ)fRRdzkrCH+^V6#YW7hjX8Fidiw6H
zE7>U<abC6lH8eP{O6cGJp|8JlmFI?PO`kPp;9~WMp)FJBxB9vsy<L5c#->x&h<ytG
z(sVuXNmBm3)Zxsfz@>#g)`S-BW!F{TZx7={x~=+~08ZS{T9@=&%4@wmI$}OrbwI!9
z4sQe)zf|Cx4;%~88!Y-_-T0n#=+Wlta^WhDbtLz8s;#1MTic);wRIvJo)~W9y}r<v
zx2Y@r3+8I{c64xTTlie7+~>mOmWN>sM3nmz<+R=qkDkj~@g!q+3-&1S=@iidIR6;l
zQQ_F5(1m1=>IKH5->}E|FgVp&>bHZTE#jw=KMoJg_#<==Ulg2w0S^bU%@0TyTxIK(
zlIOejTIVGD>(CuuhSxt~*`Ox+zYW}u4eF3<vSown!Y8US!Uk1=4JvTE%cp)C<R9L?
zWY>`}z5405@|~!qpQLY^V{BHOJ>89cR5Tm5sl5ojI(U5o{A>qil_Ng5B?}9}czhxP
zj~mH%FL-n_Hv?aG`S7#p_kyDnZ{gzw{@mEjWzX9q-Y7njY};YJLI3sr&;+A@&zz^y
z{sX&!7oQ?Wu9WaTC|4$&I}f_?F&a_6{Ca2}G=TRLjHh6#M;Ck-I0I4B{T|i}&qIsy
z{VqEWf5&!F!8^L{8-eLVd}tJ7D!!HjABvW313sjFu*S0Hg6LSjnbOCV_w8{u51JUk
zgN{NY3Gkn8aCvP^Y}0ml`D;-(%(wU}c-o5GP@NvdB*tb^9OJR}?|iNsa^c<V!A`d2
z>S$vJd(BIWnFGc5dnRX_Gh(J9CrW{P5q6nk>ejxWoA+LPpNf$a#KS$%i_gCLXb@Xp
zW4jz*slrd0msbF%<fq1Sf3!VU#Rq1RuJRk;A<{#ST{aX8^%m$uHmDWwfd6hR)FR3%
z7V5Eu#MpqJH-vScI_5(`xZZs0DgTD+(EF}M|67C}Sc*Paf_<hK`%ILjCr0WEmEcKh
z=3>So`8mUP93PF((kpt<w}}<o(nDVHg<156SYnfU!g@$HdRi6rLJu8o>YcX@zdOEX
zGX5F-#_^Nf63qxlnpg3_p2oZMb~`QEA48gSXVHz$V%X{MOVZ^J<<ub?i)@8jPr3Q2
z4%v>iMil>u;-@-He#6J)?+@Bza)!D3-yM^ql(pj1GA3Te<R=fPu0($Z>8E#ovgKob
zPMqFL48`o-)Asg*M$$iefAK-;5xn4OvvkkQ@0TvqbLvy2%hb;Me0S`df8@Vt%jD^_
znOQi&(pxVfP30<nP<l>m;F03JC~pyMx$(gPp9AIiRNsAbfv=4-qZzCZS54&3aPEZ2
zK1@7sY#itw1HM%6rj^OW>;|q`aSMa5ncNvbp4Z9qXw@CT?R<YNIgaz~aeW!g=Z*D7
z^P}ithems?SlOkIc!P=|9)!j#;rI9(4{!$hG1*MD7b7}<n0{0MM-u)BcjMO$Jl1)P
zbmR~|@rozf-wKb=`!?~>c$??A-PkuK8u-5__qD37?|6fEQ`c_#vyF0<QwxX>@9FEL
zOg8@NoWI;u99R5`&cqPoW1yUMm&W%Slo8&C``>5`%F(yWbf%0kcz|)wI?a6t#P;&+
zsORpEF^SQCs0e0%o&9U#ZKCULs?6NqQfzv91uwo42eT784`!sgbL0yJ{Hw*oWP31x
zx6NhDLnaKg0fU>oZt@!3v!J}_(ZkYH?etjI3+Nfq<S!wA$>_8>tcUtD%nerTIP4-5
ztn%2i-R1=ovQ|#H0$ygtenu8qX$?v<)8{|~9cH|d=SnhIZy6KZu|`c~*&^i|ZOn0x
zI=j4;&OTFQx({BR<uR^^OmpKu;vQ|cGgz;O`e;}0T5~&VZT4Qd%f-8?w7|9{Z?t@S
zss?>~vbiUPwMR$KbnI7WCR{FBPC!O#z3i-$BlDD>o?zLp+{5xj6SpSjjQwrK4R$?c
zx?96+YKi4OqPQe)UJ1VNs;l=$rtiIf<IEWA#kx~=nPVj*x5+-I&wI+Amwlg-r*pur
z=g6=;9`%iO$_H$i4i5V+c=WwBXt(j^u<zcWUCzPBD<#-v<5{;~Zgiy2;91Vo%d>$e
z_~%<*`f1ko<$8|srLQ6Fw8xiTM4r=WK8?@t*hdEY#jHoIInxs6iIK60{<qsRZ}1LW
z{+rO2<=3%(Vt&r#f5i%KUIVtca(I>I?mfU!UI<);He7e>{d2s3&VIj3@3VNHWxuZ+
z0d8xayIjq`)PCw-_Ehv-f$fE-=6&r?KiTpQ{Of#vwwCN+o#l>Y?aO}I3iL{qQ%u*9
z{32y@ypMBxA#6jx9~I0!Vci`y(SIGVX+4D=&$%yyIwtyy1uti@PfjN$0`<D7A3I9*
ze)x+Ad-U$L+3lK7S<FA#nvP79-NkPEUy(1;F+-FWu4bw()`+xgy=U`25_}r_(eYv1
zSw#5@RG#`jUdNNZedYck``Sc(BkdN_J}p+GV^7M8_hK_~Rmb7`>zuK=1>4xN`yY60
zV4>0cyCXI|pL*74o*(`%*)LmC1LqoLSCl;|8r`*l@x~{tNxF8Mi#whu--EwKU@N|9
zvOQui%G&W%i_XIIOk+QkI%SVGnL~jP=Zr5f5_?}Nw9Y6N>}VN0pLjccNuo{FM-2PV
zsBfbG{o+rr?|SMBggT+$V6I?m!!Jd;OgB3Euk?*HH)$H9y}WA=Xrz1eoOqPdi$uFB
zS78R{PYl0TphITyF1^e8PMZOzO_SK;(lKR+f=>E0mbCxFaQj)I(0u7uPQ7i!>=!)$
z%6F?A@6LC<2hN1%mm|ZU;JfPkJ@tK7%m{}Dis1QOvBq2{HoNB0GUS`a|A{w;#$SGM
zE4ibp!By8$T$9C<d4OMYg9{rO|I<gOf3uZ!bP9XR4eWO`lF#koj$3TbozU0hsJf1y
zLnB+pPj1p!N-teL!gzi>NE^h8{*1BwPx`5`3`E&unZ-O7EV@&xa+EPozN`(j=f(%S
z=;P4bM&R;%9NM{IDt?=$yV}S3H~D}zp@Xcd@wacJ>~7P(yK836s`lOFsbkHuvL>f}
z1O3V38QE{qhQ@7yGj6Btahj|5FdW4vLvuIKZuH5}&L-Ne#b?P!><7C|-(Z_l@fW?;
zYSUA_2S1D#EV}#jI0T<XS2u;}D&B$bJapye`=`;B!FSPBf#_=A$mbl+;lJZPo&WxU
zwcJSj_XFA(&VPH<4~PF!?|+B?VuRWe$$wu{T@n0uKkw(`zt4?3m;e5|%1^`2zE(I%
z^q=ObzKfT=tZ$^9Bu#N4&KDCx<Mxqc74o9?LBm&zzCG~=uI7{66>`(d6K;@R6};WB
z?tRQ6wnBa=YIP2COR}bcHG%G4&gXuyyggf5bpKF3XW+Y$MOufyT2-|`YwxYlt{45g
z27AK5v+!H$lkOroe?aWoz;1`<7KC~3lY=~W4E+e~hJT5k*{`hQ{ZAG>o*O^Fi5+0k
zB4yg(aTYDX<3uw%g(vE`lRB*Q2pY6_7raco>l+sClKgGtAHHsyh@5&EzihSfJ4;R{
z`@cqh2k*=IFI+x?Y>q=VA9BT6vRO85H#n>1jz-qAmVCw@k&{jAmP+=lW4QMSocLcL
z&jxtYb+65A`i<%B=#PpgE=hv_vIj@q_#t{uf7JM#*~G3`T)DbEGn(^|DXbm9ZQMBH
ziq}|&|JrJEe03x1iMwunsXZOt;338%e$8F{A79<c|M#h*V(rZKJGE|yZ@xx5yFJD?
z<v+D3F1D$O``2QqXBDx%uB}|v{vvl69!kaMh40U!cb0}i^R`kJzoq7wuB;}-P}2U!
zOzM$OLlfT)xnio>dtO>ae^##bw~Gb@N9>xF{Ew;5VBe==ZBBd4AM85_<#QyQ33sp2
zPvNbR{Iv&Xo`bKRSYu}b_-X`CIpmM=)Gc{$0{f!i&y8&Okafm~+(`m1I<^C20x<42
z6Z$f+hyK{C>zEZ6-}Gx>Jq&Nw+O2a!!CGw4OINJj)?Q}VaJts4;J;bj3Jeu%Gutzf
zEy9(`g}@c>OJ`Hh>@n;OaDJ_G!s4~Uc_y(M&aEe5u%3i)f1P@Cx6l!AYS&fQQSi41
z-pZ_8-agH3Ot|R&Q8(6NE3Y$dSi6VzrpCFN7B2EG;LfUfh1d?uPDiaaNk0O86jE+#
z<%;%&lv|j&FRj*ysVWEd!qcCBYXIEV8nIPcD|hfelX^45?Mx+qVdmbnGV&KNUS;H4
zj!eje#sr7HD}NbqWB^A!vf=W$gr<b+ybER@56z3mr!oDLsMV4a&rtW1nq%;t$hGrh
zYmKCP;)ZM(-?j1(3%y41#n?+T%|0(a06BjvTTqsbKR7n`7}mkl&6p<cxU#<K=>z^8
zbh;SUs>)ZvJw__qP1$V9=G3Hdw%A-;!hY3s=wb%;z^&wa@6xSl`48A<DznYloU%$|
zbtPw0RaYrxswq=VnHiM1mNL63^FC$DDANlpC1zYsEoC-vU!~4fMw?US<fB9C-a`+*
zRoSDnqBBf;O|SKP5k3Ob4R=!;^$G3@WV>wg#k3{Ac4FI4$fv%A*jUtt!Lyilt@MkH
z)s2j)?3(gb&j!ZGehGHj;?*C~W_ComHfYHWY{OwHX8#tSkeuP^0oeqH!T(wD+QjFU
za~Jt;#=I50S6)&$P?1w;`HVdSJo9hj&Qt6*6_>aMW&(e?D}k5;-ho^*>A(Q7H?r~N
z$T{=CTN_3jyWFHjb2qR2J*_xa#wVM~;u`wg#_3I;t8ZvI#Tun3^uSw1ql{hNj~;j{
z8oH5>v5R_jw#_|0wJCLcTGK?@Os35ccJ1eZL4L!Eqj?0qu81;grn(010iK#1*8s-B
zostD3#X9S$QG9@NW2tHVvk+SSW$gLm*$FR68HEGxiwdzn5vu|J-g%5aw&G3fjaz4F
z6?dfqeCa#8MoSx3c(YT8OXL}i4=Xf~a|ZbeU6t%;Oe=k0Ok(xH>fj=5Ni)pY(if(_
z+CsdqUd{KC2d;UHd-eR)Yjc9pXRdjxdTmwk)u~-Ar1fgAD4H_W*n_HN4>DtNV7$#$
z?^Lx{y_4PU2`R>mu{wLllW94$QFX8?IGy}4Q8A^@Pd(65X2$epBHy!VgR=grwb?<|
zR0+kvRt9X-cWg+jq}<AbmBDJtk*D;PsjswfHmesODtsPoJ5+J1C#Q;bi{GhiFRoe8
zj%_o^v1z69ZS5<0O$F1WmnHhy``GNAhD?-x!5JpbHgOIsYV}5*9@<T(-JBf_X~h;!
zDuX4oi=R_z7k%a~quv7ci}F3TEiE5h%9h3)npc4?-4<a>OU0IUgn7uid02Yt9K}$r
zkWLQ#ve9LS?Pvq8#<bt@EtN4;3{|yL&RD6Pa>inRlrgW8c0Bk%WIJVPNB((b<n7cP
zCvPWt(VON~kr#g&e2BvKI`V1{xDuFrz&cb%>YN`d9hlBa2QEM9viY^~tfHKsazpi{
z&iS^|DR)*n<sKwGnsWE^yn8D1b|Swt*TCJ(jq}m{`S^kER<LM337StS9Oz+AiLSli
zUjK7udb4$2^lJ$>ueJCT^E2OcTk*BD#?^nxr+KW0F5~^4sh{ug5xb&t>Zp#&3kzAJ
zd-|j=OuVT+OE6+rPns0wA<#*4G(0349+FL3j>SXVeQw3Vvv^2jp9db2R^K?tL-6si
zc*ww-^Yf62=iwo_%>6YJT?6+5N6m%c3w(=*{1<gehdm$e%AbjEo=2XSV?K><48{A<
z*`oA}Q5_D?(0)cb`nLR4-QjubVcyElyy2j2XZA#SO7~B-ZOqca9Qw(_#@xUhGc)bA
z&!en8vY1<(;a++eUe&sHL6Zv|eZjsb(?-)j&IBj?8M;Uh&m+es&6;{%!wB<8er63L
z%%h`9KhHeU9Me2Hs632!1v=IFaQA63ctYzF-Vp6^hd5{Vjpi=!totgAdV{-9>#pW5
z*Ed7cOkdYG<D0d9Y5m@mufP+|xMgEvE;eP@=c9>%XZbFFi9JB=C3RC*19kw*KM$Ky
z2zt)J54r+9b4uJK?iKZR;BPSjUxn4(@JR6j`5UJ2E%|!yf+Ws_s1EtEY9E|E!Yy0B
zW3E>GayRj{SSwE0-D|EMMLe`R=E-ipWpOWd+d~a$TS;$Z-xs>CegV2S>y5=z`Ki9i
z)YCxQ?vK-RD}g1O_Od<pUFXECC=s7=d2U$iLeEgV$%gB_ievoE9(0%DC{Io{_id>j
z=Pb=w>eKtR;d(zOy5p{8>0K49N!-D)xo*-NoXBV76lcK$n&ZfQ#dToQEkQim56_QA
zpYeoso9X<IMJL(F)6u<#^r+aJBh*z}X{<g1{`6nAqa*m^lu=hJ@j6QI`;XMgls5{!
zw3Pa4rSpLAQtFq!R(mmWjQ6FK$>Cl1otBaRcJP2rJ830p)lS}Q;>)1ZZKaO)=w}mh
zQL!>JDZd%MQ%D`sr!(N!rTkw>e>RRb?S6b6e@EucE1!(b74JHtdo=mU{+N`({%1tn
z>ycS{SD!QZAE}?Yd6z9^c$uT<&bn(%V}ku`i~OU67wIs<_eStN7nt&auNQo0PcbHB
zt+CHf3is1H!}tjIF`u?I_V_=6Z}#-T$+OTD4%Fb9H9EMKtS%Pb=%=GIE1z)fz%N|q
zfWH#;CyZ;^6!&w+I}&G|jO9q<wohY4*%GG?;Ok`!G>(e(!(EIy=zi6$;8tUZ-E~3$
zc=Lf{n$EcKuD%=w_J0RI!n^J;b<z!dbaV#Uie*LJ!o6^KJvfv<m+%}}=X%yIePKL5
zN*<jb7|px<=tI*+aSvwQreye&_-;sa4&M!YVkCrE-+6XyvH0#QVZPhr@{~5hcUceg
zdL#Jm0{Cv%D+|JW*J!?+IVOJVj+#_mO+PF5<~C()b2W?iPTIF6?T7bS{*Vds#TbeA
z2H1m-)L~N47XsuBU^hBDJ=M}}bS7%J4%3bfBl{!rWrFrC0@L8V6WLFgRycqR-r0Sr
zYaj<Wx+jI-CnIlphtGa$TshJI`S#vbH*$ZM>g?7NJ#Xo~v_V_rownrPLt8O==ldeQ
z>kg??-x!BK!+87};_+`tz^`=zeyyXLwVx80VayZn&tlBnu|^(o*gAHvPi>zx6Pt`>
zk4f?y)F-=LE9ZIsZ9TrI%%hK~yESSu?~~hi*Dmnwj!F&w9y^1+9pjtZJ*lZRYJsnf
z^w2tRL;44#%Wnw3&ViFnM#pj1#FF;`(z{DZd)nv--Du}MN}6m!-ItMmyV8>Ve^S0&
z-Z_^M3Pt%sm*Nw56hH8VX7kabM)MDzHQ#tH%Jqi&-f7a-y1I_zrC#dA_X>a4$1gE<
z-Ng88xddA>ZSTf6R(EN1h1)vLw*dAA=wPmMFNI{!IQsuMv34c<x;B?AQ#|=2>t*NG
zK2Wm%B@bt7r|Jw_QeP{y+eO{1pWYDN@8X_wgS7gpd)m>5JMyuIl*1FW*QEclH65W3
zN9n`6^x--B@WXH)?u;@v{|)*&Nk2j%mrwgl2$H#zGKcoGo&t7_jqoiys?KZv!DTeb
zKkh&H7UY~$D0~M%4KjFuSe7;E!Q2eie;fF&@o>kcHsM$3)7ek-I)5&CdcfO!^f$=>
z*1A?)_5FLdwzsh#w&$U;b_?cdXXAYFC~S+&BM&jRv&{?Uc!;~LGQI3^71mU?%l}1n
zMG>R@Fl7&pCO_@;&_DSM96~>U#+UXGXHxNOj#KV1{Xc$tq3;A~J@hFCoNBEKUwJdK
zUo``vdFXj>B4^*sJr$ZKxTB+ziDh2+R@EH*v(abD3)f#&Uij^+1j8g?5FeU}d=kt~
zT681nV^}l($JQ1%ZB>^{Z(2Fe+p!V(ymB5kI&e~gzeG9u#tdv%P3SMRqgju@n;)UA
z?W-Q#w7qIo`wOe4TrtBmtT->MIq(xQ=CZcvcpm#!^*EzLu_`>+3pOzCip|CrUsYv$
zC2`vCo4}rBLNM2O;DJq386W9N<?OX;Z>`JHlimJA(zOSB0(@4o&w1Zkqhl(zMUDCG
ze7lFV-DBLVbLiVm@xk2IQ?+l6S6#EHi+$Q2XjZ&VF*yv?MY`&_XNBsiee5tYLA<46
zj;-IZKfknxv8W;+=fPIXE)fHswRfjHl7q3l$K3ParkS2t`4d<EcwRweGd9CIY)kd{
zI4r7}wPtb6Wox`Om#-<PnYo4-Ud@WPT@T)BS-W&n=Zu=?+e>R^tf_{Vr(*-HXKu*G
z+i0}n`_R?m#@<~qA3HbwE*Jdlv;O8Dcml9l@6h_IdS_m~!t*1}vVDuSVPG0?6XU&=
zF*`<|r3*;+vSPW@Zr!7|1?%9Q2Jzy5PB|vbq;AT}E+Ss?(KKV=W!0O@-Y)#dOWQxu
zJ3eY5_><mW)H}2sf{*FluXp^LLhw4h|B(0AsAa)&{<p4A2|i=Je>u1t9;)yEYQ5je
zdz$s$!uy$Z_Pu>4Zn**eeLenY*Wrsc%JN0K$Bl0hKh1}4^7Qb$i>IYyt~Z+d?zZm;
zttL(Vz$U&qBYfvsEB7#{-E!>Yck*o-KgoccVb84ayZR`cE)Bms{Vc~WccYVseriA6
zc~@TzzAtggKy%CZuQ{c*1h-_J{>!gT&*<<oa(tJ8hsg0=s&`;n!t)qobj*b;437)#
z?Q+H>L;s!e(EspQl=EM()mcv)51rP38~5GH%a}g^{zNxwOMJZ!+EMIBn|6{}n<rZ|
z+ZsVTGl9vWonz2UwqSK=hP}y)^&X}f;%V>9)O#34gZB&c9)`1<v%RUj3)W8li)NCo
zcN^w9(h{t98}4%6<5V8luLJf_l+Lt_fo8@+J8opZ2iZ@&f^{*Ry>T@kj~dO{n<#&f
zvn`Tq?z>8?GrIxCI*UExENCM;1D_er@nsv{j_KH8E8%B3MqS4u;-#in&S-}Z;+Ac6
zRI>*V6BpA|IhvR@D#KXLc+E@f{MhOqWZxsq;aQY_y=Hs+A^4v7$LrKFuJR7vW2-yC
zt?J*--c42I%=THd@oT=vR$kWrDs9YA8<pGJ)kamg4f&nMy0zzOx6wo!GgSvXWOulY
z?bH#+e#`D~8~R>N8~)1aBewB;<@4=s+Q1Idp*iEZoVd=k-N7CfL8*v$Oe_x8==tn>
zzsniohv>%@Uo_hF?Q-%HL%+{+rr@#c<gM6EPH!sn$o3lCl!fipbLPRf_RlnS$v;}Q
zo;2W4Og$fC<uTHluuXSx=G~Hct(-OVv2O?i+Nm@0TgcP)PhMjDr1rgwJ}N$M?XiQ~
z0Q98s^Q<UYmTdx?>F!%TU1yC;8SfIty_oSYf)2ijFY7h<a@oGDy2mE6E+<}j06oNw
zj0-*+<+~z&isj?g{jlK^-8(Rp6N7Ztugk1{H;7i4gBSBX3;ZskUop_eOvdm<@SjsT
ztKA=_6L;kc?Zhr>iUGd?a5?UQQ8%i57yWF6Zt~4>)s^(Ak$SS<d9i&1bSF6}JbTa|
z^t~IKd=K|7WHa9S-bCIid>0yNZ=8G>NJCB}G=R_j<cVJ39k~9rSxss$2LHGB214<x
zs)o+xWYhkB=3X>=SEAio+AF3F(c?<|2BuS=_SdH3E3lFN%&63U8?m)mPib%N19Z?2
zkvkuOw>0{53jMVhT_%e?zaDh4z%7g`V}`ulB|nR`F5uHUc5}}(^)Icu82a}h)3V?B
zzwOaccAqszvT4s#seY$bd$B`5b%)ni8I`JgmIh<y&m%Uz8~izS`BWEmL{ndB?SqdM
zL+hTXx{evtmBzSagBwp2Fj}<kY2xf?M*}on3r+8(&01_gwaC?q+jVZv82CIeV@Jf+
zIHfO(m><qP5l+nhPm9ezpV<5-kZp%tQ~Cnf@16T0-uu?j8B;fVDL$9`=`McxoVmgV
zG?23#-GJD)2J2wy88e9GIMa-2vhI4RPY>P^71PvN&wVfT-1kz?eJ`XP;vSeoJgb)*
z);%xME1n|G8Ef{YM&e^NFrT(Ef20E(hj)mc-$N$l69e8L&EezdE5V-upZK^_u7*Bn
z9_}I?yVHQ1aq=*RqGk8!I_unYH2p~BZ0K?F`5yHK6^A)6t{|xSsId%OO8zex?LPeb
zBxe;9<VrK`z`dcu$M%EY9QZ?TtoCry*uyD^*uxp(BMaaoL11x*9(=1J#@J<?eDJNO
zfJw1eUDT<wzE8wVY*JfY*BI@!obP>}w!69aK=G`O5Qp>+<i9G4vy?F@O)mpWfL{<f
z>dgPOR$tTnYsvR5V)g`(fwk!61-+rAilvaqJd$4Sd&a(RL^N}S`US20^n=M3zmRQN
zJX3d%+#J!rsxj(c>UsM&kN&Zi+1d69{bP@+mG$Rx;P{yS-AljTqEBUmeVR<4?0Z6<
zB~L|6a+Bct8L@oZ80#B*ZCISKyM{d0*-GF)oLJ!NW*i;<ll7mWUB~fR(Rt&@c6#A+
zI%AtQMshXP|HL=-O!9BmleRYT{3q&l!y_akWozvI(N@b(__OW~IT<wud%tAxC}N1}
zo&^`O*tG7Z*bVPG$R6LpQJlwg>s}Cd-_b<k5piB_8S>^7xR$MDfO#5BH#$ViJ;Wb?
zPxN^?Q&tRbRvzhBa~Yc+{`=rN@^RIkOc(s3YO4ICJQlyL!X91nj<3C%JnUCl{5HC#
zs$Ji`*jVI;QUWj4_m$*r!dI%wRoCIMp5BfUcuJMafS09IcQcn>p$$L$?Er1mQb#dq
z2Pjuf8?RD_WVYsn?szMythU-QurcP)#`G(_1NXd^-6VK9(>P((v{%!1V|ztMTUrqp
z-IT=sMo*abrood>L1&srHPBhMwHNx}TN{#%UAjN#)8^8AXzdATtqWS?%;v66Xzf>w
zr{>aAF{w>+!ShJ-$IW;*K#QmUiS;scc7nZ8=1+&>{%cGQ5)V#t-A`T5LOWaW^YCJi
z)Si^)XJp+a;8uPbb(H%N`BMyA2k1urtL`-7aHy^=d<!tX>5Ojy_xorJE5Xm76Im1E
z-{(VyiU0H=(`7@dW^J{S@rh+E2Cn-$@zbbeeX|nU-=1On!QsDY>18jDvh}i;px;C0
z`0A;oOZU30^3L`U<D?kFv*N}zy$+xIE;RZ2)zMG?y1?rTnely{%#Rn5_gTpQH-Krp
zYy5$Ew7-Y3&ZwBxz84r4;ukTaYFfMO!Nkq)$gFs=efBuBDPxS$@gZ>HL(_*YyR_e|
z>nNYf9O6p9Z0Mz&I*c_t+LzPMbo@phf?kZ8@^*dq0;AeX;J(#Pt4wUQ4>&t1W3JiW
z-btB!!>Hbi9Jl;3s+PCs8?n^|ylX#2`Qm|(vxOZ~E%>Ikvqzh-2lx!&%NS=g#gDS!
z>u<%z$sWMY->4l|Y&CdX`WwNvc6<A8EZE|!AEIr8dNQg6Uu-q;T9@|I&Y5-R`cy^U
z$#RPE8b?0qa<!{<hE96>r{6hr44!cuo}oLzbT0iAJVW>KSb8es12Y(CgJ(!b?Ve#Q
z{Ty`s6!ZV14-Ma`u?Bl#M$)107{PlvzukZg>Ut<WSOG6=L}$o8Q}|Xk_6zZY;!0n;
z_B^G_WHaZYvFVg@-eEd+jZ)4b#9-TL2<xO7=$lu;bJUJ_&U|=IBmb$tV+uT{je5j$
zeBcm0!s0nT+Q@$A=k0!t)mb{;6pQEdAhV?7>HG8Km5%3Qyr%GMBTYJ98{@S#D$U|K
zniFmCoXT(;;yIP!HmbsHi04SBa-&lbZ>qX;GV%WL7m$s2QXVq!^{bi$vj;tKW4kRs
zqECh5n}~r*An+!ynf~^@*r8;n5<NP2yp%pGrqw~0<lVxsJZC@kB1hhh?2~Z?Jm^N^
zo>qMFz*`Mdja}u~4WEM!EO|G6Vw370N#6aHJQd>;n?CxH*LUTY4ByA_=PdN5Q)9gy
zPla`r4dl6(aqYrZR|#zUT^{yzbw6hmF%K`8ki|H<vCkBP$F58AvjgK&nkF*NjbYw;
zlsjIY3d`_Y;H}6IOGjaU<Wpt1`t%WFT>)Rk7P+e&zIs=<Pxr-4YC3Tq8U7RXDJHS$
z>Dz2w?V}I9&?|iPeeu&&|IK_~$y||)j;yDbx%T&P`n?f2+rZw%zme{Y*X;rPCBtKM
zBV$x)_2+@NdM7&l8F`Fy=?~5UI|GbS1#+dEF}f<;pL-dD^NrDi>d*K|BaYFR-nILb
zNgj>Sg%NO`kFFwNE=l-om~)B!BAC0z+c1y+2Vh?ODKI;9b?h!1X6A{-J3@}$6oHFZ
z*hiAThNVwMr2CN<+H1LwIi$T{^)&>I-v=*p=FlnTP-I_wJ)hoJ$?+5PwM*mUMvgN+
zzXe9kq5EiC^^Y`%CR%-+XphfVN1j6+)N>!>(*Td?VIJk+2U)^-tKNsw+r=Y`YT7Iw
zS!AsP;GfJZ5A!OEJOT2whj9}LM=vty2sn_;_fvnGVaxnFWPSrO{~gPpD%Ib@H;2Dw
zzNxq+pDs(Zo`0D3q@TWbr?Ghzdk4DHsE7ZbwfAq?f4Yk;`%fG8N7>4`muUOZ%Z!d%
z!&Ti2FLh#??f+Bppq*h4`>3C_r}YtX$~k|aJ@5h6$vSiL@lTEB)1mJ!>EU}E{4<()
z?X;_WC1$}-IP*2obN#4}9OBRS0!zM`RLz}@{_Wr}pZibB*-u113{1!NU5XxAEnB<?
z9|Cm6EM&(=oayP=#~udvlAZd{^etnYCgE2wQGNx}<X51(7bp6$U2Hyt@4!NA53KJj
zzk*QMuR!a?P}r{^fM3BO(u?tL*gvN+P5S-|(D0yd0d;cTc5^^6fq+lz${z00Vl7Uc
z9`1#i!ksPOPb(UYPrz8CCX0URdl&Q|AA#OWy#tyziy3=2vOJ%74wmg5882DL+Wn2;
zK5a4Y4EeNSb6N62rtR03NnaelwwRinV9xzxZjAX-RS-M<rj40<EZ??P;%(%7?QGw+
z81zBQw+%U4%vsDb{CTr?JY@N{MZaVFwv`$&rSk1;$~@2_|2FidLI1Ysn(SZ+y3}z0
zw%B)u{M%xHp(-=%<3^l_k_aESXxg`Y+}@em?jav^F+njQHj-x}eq>FlF*$KR_WJJN
zzU`N=AAS#=7G1RZ!yVsC`>ttp#G(stB<%(4PRo&PwVZ+KmTw7r{V(vGPM^>XSFhxJ
zY10E^663(%M*QDq7_p@@z}*Y@{B46ziH@{yr@bAGV-tQmF{8Z$tfzN6zJS&29sd{O
zg<WY_dg`3tD?JVyQW)-y_>0wYj<nR=m?pasIGFG{&rW<Hv3Z>11LvVF4{|h{@|OP`
zZFP{pjJ%!f$CPQ$3HYk;fr}<D>#qo(wX`|-Crv_+8Snw`P#vjr+LR7lXQcz%GfD@h
zR-Vz6^Ha_lml88|&RV5YPH-=Z=o3DS{Z;hooBGbTyLg_y^XJ$d&yMvJit<=KM&dPX
zKM(Vo^;3ebaw9M6EB1MX9L7Fhe!z-11pm&8a|K=OMfR?=busP)?k~azEebp5G*kNx
zMl&%C-h7w&@xdL$>MG-01M!M_#;|{8@v!*q-RsBm8^<q>Uo5{Ee$o6q{M`J;@*Bf%
zG`~^&qWHPC&xgLn1H0I71ut**!bg~k%`4FbnTO4<P2Hcik$Y0Ft6aH;Gut`WR?b)h
zKd|mlVIOjd_6l?kF`L*{IhxD#t9VB}{tcaZ>Fggahi_EoaK|yRTJ#*m!3?eA?YtG>
z0e_?>cmJUU6|>m$roQ9IqyMeGB||e--;m{f^l#CyzTFY-+ba6D+cnfT7jS6*wfo_M
z?MJ>_xIJUDaeXGgsr;t#>wefI-9=oxg*-n$!uKfB!S%ym;Camm-$#?qm^}PNo<$>k
zA4@u8_i!=Kk`capNN0>6F6Fssgzqt=LkkaI%k#PszQ>Uc%{+WP&l^VgKA!aW?V;OU
z!O&5nx0e|;*^GJ5l|~J5v2xv`7UcF4*F~}?r>1HRcMDG_<@>e7H(`O^zn!ztecuu-
z&0HfH22XzTeQ0aD>HW!z#KgFh_#c<EH{4&da!qUH$^{uU<!dr2pSd>uiUh-quH*Y5
z*7b&~u4Q#i#v1mfiScXirKU4B?=zl$;)x7z|GIGduMf6AYfU*kMD1^<j{j-f_y#5R
zUS`uTz8lTn9h+N3!zRA_M{dVAk~tbE^XA2p54q>tYWX2=Zdpa1Rp@Xxm~l-zh`;nc
zG9H@}eTwhv2EGqCkMR=yX(bNH>@mh0A=9Wnj16G7zQda-)12>$x6aH+rpg}1`mp(R
z=2?bhaMXDJ_1t?OGPA97Q!ia$EKt0JUd{q(y(*XlkM0g7p&4JhM4gq;n6xqf1gH9u
zz2lLV0@HKAWkw$m@7cbJH9Il3=g}|us+jz*;Q#zl#(Z>`H$6W-{ANa+`?^NrwPt#}
z+ovTIY|ot1dR-yE+xdN)U#7<(-Q4arP4>Jq`nS=qyNS6FfR|M$MjK-}i8|ZXe<dj1
zxqs7;{&ko=0r)CDMME*|PT%><Hpvu~cf$ug@IxQxBLz<{FcUkWsTbPQe0T7~eRP%$
z<~_cTgQs0zdB+;*67ScfU-3Hqf1Nbt6`gH`$CU%)cNvenYVKT<;EId>F><<_I?ao`
zYvR)wi;UUT+pv?wPkp_mpY?WK)oRSv@&3B1*}?vQHW$yn5I?kkA_gOCw-4)$#UBFW
zhvaLnx-)pWE8hRTs>_1%o$ZC!y>gs;o`AgvJmi?sO`13F4THTE`<mdsa|F0QWNj?i
zKLqxW8EwJ-H(+nBxob@Zu<ro&!_+wy*k=QKSw@Bh`)pu0SWDDbl?OA81b=;1M$q66
z0s~*c^sm{l$3J8&j=#{mDV}_FRd)pw$k$wTxdnSSw4pui$Z>p*H0{s+WhMGuynGT|
zeU-=ogZ^pE$};S@$l}Q*e|uolbR)WncnRzmc=Kj(K4})Q-!8*v>vG~K%qEV)v=ndN
zMN_<a{+g=b3pFc)FV@@<e5vNn;Bz&11%FtxI{2fS+k-!-`C4${#rs>DFW%Skn~UFQ
z`S9Z3w7huHuUlTd==GM~i(YMMyy%sdi;}&Yw*CR17Uo)J2IFVM^esmRDs+1{9p=2D
z_`P7-%N}!1l6OH2FjdiJG4<w97Tew%W$)Pc>}4441M16kGpe*U+530tDAUb^i2v~s
z|HnuC9~bdIcJM#`fTdZ~nNMA<)Mc<Ysrr?My=>?|JYX<AF5*8n#=-RDi2teff8zrC
zIl{TbfkUpL@ks^;n&XLCUd|f2hzmRM0DEW6&$vu@fyrJ(qJJIZTh988IOlI{o`sF7
z;>3cjoEPlW7!!x?8JBTD`BsxJgS$v0&vXgK$aoO&_9a<i8j592p}Bwf>%~?an<FcV
ztvEJU@?9{Arn333wcqv7mJ`S3a7_GNDt9+&dS=~$-c?}7rcq2CwfSjlL#^AKa|u`e
zb^Vgx;p6t7g~l5vY40P}PWxSx4rD3TOtR6xKLZ{6zoPnQ5<e~-oiO^jhL#d+!zKL>
zY`V`C&6&o@ea|E7xC;nAXY^;mPu<K}H{WaEkEi&lANHP(?ubjXV(@<hKR%sNYG9ow
zA3*J68D{?5oIRXd1W)jhUd(<Lw!i^9kM60PWaq(mAz*#?4)pN7Nc&z^J&N(4YUQaz
zzssVY9@4Y<9vG}gvE~!4JgwAIVSSg~-5AIsA7|kcq~8tIXXiZ|RvV5KVp6L-vTUy4
zRULwN0X$ZA4`hi2r@jf!p}q)CyIzAlszY$9yx<&9S)DVGO*b;#hRMEb&%zbHX93DZ
z*1wFl-73#hdj^6<d@?1*NYH#w8L#vI!nwx8?gw-{Uw7ix;G35pmDcwx>k!44I)$ya
z)|F<(0<g;rjlr$lR|~CMuor*V8x-ss2f^*sb2~CRKWb9nHtN&fVFlw+%&(GsPTml4
z>TZeJ(sCvBaR+X*-H!GEZP?1Wo46*Nt~RxAGW0Dpw-$Jdkv9X_L`2JKkGZ<ku4jlI
z=;Jx`AXwW?W8M&bCi(9V(`7Dg%6>1O44qN9mvqBz%uD&}*xW4cqu!4_OX~vkzNL}n
zr*eKoWoIGhgohzqC)>2k9nIF>H0RoC3XSGW`sC!%n6`3eFpu(wT&aDT$l52sTh{ur
zpvE|ReR@zdWR)kjU63)Otv61d)sBO=(A<G=Ix#=Mo5nlEf<ZV9xl;O`>BeqHy&h|x
z5MPRMc@MZVXy57g2l!>5U{0OH2Bl~FpT^E#4NQ%nq*;5y8&CkIqk}nibh|I2QJcPr
zUun^Ze8KJ=gmdEHclpf>m6>S4H_2_!EA-*B=GBeVv79<q6l!dA*P?x&$NBCmzAoJ6
zedJ%W!Y*U?OMEEB;zM762M@Jx;|HJrxo&VGoO{5@(7e@oNgKZg>(_3@A@>@0bQ62s
zuEVAmjUzH_Zuvu<SLwU%&y$acJq9*Coe$=E@@0r8V24!u*s~+rAHtgf&nXYLUrzhT
zlB7z?RLb5+Ih&{2_=KkBc9Ev~_Cr708RPS{FWC_+J9nM0y{VJo{cI<`bAzFFBqQ-9
zr_bV%ZC2YuaH1g27d&;qyPszx?RW9J(87mJ8%h`dP`X`Sv})I>aw=aLE?Yq!*%c$-
zhqu{He=EozS+Dq__@MZq#RqxX<%Y(r4!n0!uE#2C^Wx!k3-810w(|_Z%-ZA}n8kN3
zJ`B&X+J_(O{B5L;A1t$V{Ln(h>)<YnTU_{h5mS5JDDEvZt$5Xn`6IvZiC)e{pwkr@
z8Uyvg<}Vrp!6%<hhgLNPg3$}?K74|F!ZSAM6paCCtzkNCg--3VL-lpjm)0<ywL)hx
zl<|o+p|j!b)PeWNInl<PlaFNv_BqA9c2kyn%l$p*{~nX^o*KSilRU^l&f85yFL4jT
zFPiG+?x-$c4~)epf_@UGs7dxO^o@b^g~pCLc)w`DM1Pd+H-j?bcb%L;QeHPcM>;by
z{QMj^w)Dr)dXsY$Ccbno@Erxd!S%Y)zB7Dx?Ay}!vkc>a2c0M%ov4leWI;b0-cGwA
z9sR2b9w-}2HT&}AX8PL=z_SybN_v~a2ieQD=%$fxqV)!Ts^h2NM0{}<`BlyyH=B2k
z#2dGSc_VxOgS_$Us-w_ozK?qBIy8R6^_C%eSmy9o>d<*w!BYV}te~Fd)UkrPp0(gl
zw0PucWPo682*c{|Q^7pM(}sBJ-*jHi>Wk!n%~QMo0iN3V89WtVk+XQJ^qUOQDn5%>
za;H%wuT)=dqHL$qBY5<1+;zeaBFnL-b6y@Rp3_C2ef;)oeuc;PO3J9cymQJ9jmPkL
zQ?WwxhS-eZc_Up;^De-cI&(+5OZqh1W;`^H@Og`vM|OW~84x*-2AD?`uGGPKl+QfM
zU>=D!Bj*u%h&7LtSM%sF^GJP>ZN<%VKeUn$oH|3tK1hzixy_N}3UkbwYufivd3SO{
znw$Nxd}3wjEG7Q2d2V7U=Ew3rmiH9i<6D<x8=Y^ue}I1!GU<O(R&#v#+}50S;%UtV
zCKTq5^aVyu(i*$%d1`wpagwn&8+G5l%BcHie&4w&{r(um{u?;VnH*&GPRYMZs)qa?
zyYU%4Mm)LDWTWQTm3CbLZ01&cbNG|y3;Q0M^^C-ogCni`D*m*`vJsWf@eVv%$=Y+O
z?)*vg-&bL;1z+VE+BXInF$tcP0?$f?XQgrW%f8#zxx2a|vCPuZxZfp+ZF)yJdU4=c
z`Til>qRi$tol%%z=h?f+W#!$5?D;G8Z;ST&1mghz%b`d4lGY&y${(t~s^SxuPkgT}
zzHC{=g@$4XcH9Sy6%X!F{4{h+BQL~#4|hLA8ht4uZ7XS8NsESdDlU<Ygu5Sdi~%Q)
zn;1i!IkD3@3v!&ccRxCI!3my+#<_#F*Px%W4^gp+y~`!8yxIq&eYMva1Dto@oZ3~s
z-Rma@6`M%1fVzo;@K}rVAvZQCtx0>Qjq;)EZ$1ou8MEeR=;xZh60b1LAO@bX^XTo;
zc@+zTyOk#6pAT<T3?$uQTd~%g$G+a&%!>HS)o)}l<47H;#91C^-yyZ9D&CR>N3icM
zOR(4Pp9;^jrtdgo(arBLZAZJXp`H^{@9}VarzHPE>ZE<EjTO*qez*;Ef#v|eR{C>w
zs%?jjwAU8w7^-6qWn{N%OXQqfh!|`<)sNj;+u&z*nz0uBsV<$P$)>)$8Q-?3FSn;(
z&Am?ZIQPt0?_B@o;IVPW&YwnoCCJ$CaIqHQevkemiu+G}AC;MTkKv!NyXuMs0mj6#
zcQP)2r2cO1WMdz7Ab`A)-uzSSpNaUq3eV+f+_jeoy%i#lxNl8%gr1L#pX~Q<_`Cao
z;-}3sMNMD+K4S(gcp0-!>TCeUa%iIb8t=dk;#`(P8>;hL_zV<<$F2eyQE=<oV^=t(
zZpq)`?6Ir=s*TsF*k*d-|ADb1-reBXf%~Vy-=~e;Z>e)n{djABO=awU!@KZr;e}Xq
zj|(s0?W^H&XbF#l!M!wF_+N)C5#42MPW!&@vuoS9af#b&)Kn~sx9T)Td$${-jP1lI
z&C_@Vph1n3@bD2lN_42U%E8xKtF1);8lGp?-3ssc5<FxX`p+$#L9*|z4%LqGg{D&v
z<r@ATn%@lHr@rQi@87>k`pGvbD;>1URq&IKo*m^w??P{ptk?WW^zY)kGxiOC3(c>m
zd^hW<FOzQd`#oZm(eGP$FSov#&F$Y9I>&SY<0k$*nWxqXvWGY}*CLl~J1?TF(zO=Q
zH?6Pq)H+l9$~rIQl#?EI75TMB692L4iopLoz6t+l;LAGOX@>Lc1b@fCUqcvwb>J_@
z%A4fRvYv_lO5m<wZ7iMrY+ZdwzF0CZEMMGfj64srEeHAH$vVG$na=*=48uE63om<w
z{YC7=1J&@drX5W!?{nvcVwOtAaF1YK&-5YrvKHOTmMwOC9!Jj|E?0uU?Z}l6{>hdr
z^GVa*wc-n(eV@<&tS`f1Ju=N`zF`nfdym73MLZnN*CXJ3BMfIOY1)U6w5w`N9eF++
z--EiuMd!!&j6rw`m=k*~8|rXao{xa#XJJ@+c>Zs~5&aLq(HH^855sW$Kc1ne(VPuS
z0DjJauS?`S*eKSFoC7xSTM7FWq~m9xJ?aMHStUZ}6=}#e)_?`G9sVdCg?l`R72XzW
z^T*{^*nCF(aoc!f^K$$yGk`()E|>iTo>n=*o44WbbxWd&Rge$O77=r-vQYPgq+2n-
z+{D?gyhiWIL+>SezhLP7I=v?iy)WTTdeg9Ca#h}}Z>dAyZq<9r(EDwAx8sc&v~_0P
zjo@JkXQLK#Hfpq`e+n0ZnK=&ZiT<_VZ20~_7+>&9+b&pyd>8L6dZ}oc2Oanr<r*I~
zg4Vts>7EyhmNjsWH>-d%UhtVVzBQl+S^PE!A3zIF$^LHIQa$drqGe{LaGd1dPg?mA
z?&7lYoE-~JI<M%j93A@^#zFa~|H~&^q|1)9Ru$ZH;SpOOHMti`F}1t{yYK@*=jxxz
zn&579FY05-COeeLo@U*f4-r%4$Sm%ALzc>}knc5iJVU$-@ph-&3FhjtS|jhbl+C29
z6Z>)||3l&P=TrFK5FsCW>6c`~-Oq5>EwanTyX+(3crWy~wrcJIr`#k<u1xa(r^bV}
z1C%{RTpHGl$Q7-V>~iUpJ4CrXVS3bh{|l5cjLxgwZth$`rzl6Ku;OzY$gkS4jK$vY
zbMi&%+rhFzpQCfDo)o?d&d4$^ktRC%+t-;}Bk*^@XLP!n-JQ06jZU&Oun@mA>eC$`
zf%QD`;VwLGT5?)?UOaV{U*{c+BQ?mMum1&e*2M0h`_l}+;l*Bq?0FiUO?r|3KdJxd
zIpzG%=?QIlI9!+BFX4SX?{{D59k`qE6s@)W^tNT}Q}uOgzDLNg8mnJP{`-`FiFaUW
zIDf@Y?EIbNuSa(l&AoiD9m{*A^4>g@w`j+?d3VDbRAxDOrT1$spfy2-p0wY_)0Ry`
zJXUL*o0Ok?0mT))#5=H9@5&#JGkPuW!^>H7gY`uZV<S2CSDwoAXX}~dFaQ20Tb@To
zxIYhFfFC2lYsJntSVL%T4IfYC3ou_STKxyd^`XBEjcW_-Rxqwz;kF!mlQX_*_nb7^
z^pamX#~@t$qFAe*eNUanva7ks_TyZCK~S+(6$5>~Cz$KlVs*|X7CdS0cE@mjWiodK
zuzx*PxMQt)0-wpl(51#Fu8SB&`wTl4lqtU`+c!#nQ9Az=h^gxU7jud8vV?uSw>+F*
zm7kRCm)Y<xccvZtVmkhKP3!@!Oz6CobN@?L;m=uX##J?q-k7$MJ;G}_Q;Gjc0zOpj
zTZwbJ`BzP8ihH4YrI!i@*Z#Rphk0u3eu_S>_7x99c=@%)lJhrC-1P&zx2^xG<u6g(
zSTyLbsymbG#u$qu?|E_VcH!=^%^y+D(dnG}q48aVb({RB{S#j^Hvc4|O>|RhY;69O
z?0;V0$oC%kMxviA&K)`9@sIL`6~7&#ArJM}K||g2UF-b^*h@NxW=5c+;jj$SaQ8pJ
zoBnI4{T}*N4nG*)=6UNkqCS)NxgzR+L-oT$hS&dR_7&b`PnvbC*5>egx4#e?;eIym
zz(dYNjX|%Oz**-+)+tG>SCWzK6XBPW&~ZjLOJ-R7ZjCcX(t>U;`}wlxuO${vH2O{N
z_{)_C+*ta}Gk4T2xhq<{gS(ABwAW_Oux_e^Ub^6+p05&56n~+Z*<N26`pj}{2oLRO
zY*{WErH;Q77pVZ)bZ)0>ll+25S3i&J{3yInG7vuZXZ!Sx-H!cZb-CMnY9yaTYu>Fl
zwtqZ!GxzM)U0qvh-xVrfyi>I0p`Ad~<ecR9?|)0{tnttZ>6Tn9<o|K@M5B;#wye}W
z-}0SI_5YdlzpyWgKCl@%JfAo|JBu#$`l4BjVXw39z-68fyanAt=yNwexHJ0Z+l}U>
zyjO51Oy_rMeXfhWKH1ba<NNS7GCqU7!+WSlaJ<WS!nc;Rt-sZplfIQhb8-)J^31wh
z7^j;VubUXRrHtQ==wnOJ$Lw{cQ_q{!lR-Tnh+oqmd%hXXPl032w|KsfL?iUmqLDR}
z3+*#lvmig$aS!Qw?imczl<GP<O=E8Ra!jQR=S{XS|K|q4S*7m7#22c_bRVc>Ps8!u
zpgwzl;2*44u-yFLsTZ0aiIyYx97M0~6%I{L2}+-^?2+|jw;T0i_>JZ_ir+9E&V8gM
z=z{nX_m`skVK-YM+pheqRA=9!qGc8@$Ipc`T78B1-^{>wYAg4xEoaYJey~b+@qY$>
zt*?F(%3W1F!@7fPBXPvGn(pe2dm7T>KDlLnfHT+DxY36EW77+a)r;5@_gQnoQ~e%3
z`;(9XlIJ7Y=BCLu_g%v$+4N`nC%O{-j-sx=V5j~Py1MFZg+3j9Q+bbu^J;JYUGmN5
zT!i?5fsdZ<SFNHw-Mv(T-9zn~`1c*b=5UO%fm$byy6w}r5P!z60f%VqSGTjCp==iS
zJUG62JvW_A*P3U;Y1^S`)o+zYcj<<{E`)Z4pCvp+i;?=}B+}I8GTQVoUipkyHRB~d
zsCnf!wNJ)<42)SxzCC7c#zuYz8nYP2tTsGmPP)b{hA}(9m@O)v-n8**;u0}t*b%C$
z_td4uGG^WQehDVEVd+Bq#=>7ynV)IQ)5*-&Da_jom<ty&m&RKBRs2*sf%s_=`|^8s
zhxzHV*h2ZauB%%zg?L%wr-y$z#7~o1yL=iyjpO@V_*;<qdJ>)~`B`Q}^);Y_-j5Et
zH7cd=2=t_O8?fV<KeyXG7H)Sh?SA66*Qxb;#@`@ZJ;U1eB(X#b_S$e1!q-3IUHhT;
zfa^Vb#^0rUh4lY@(wB$JxyaXJ<xBBbldryWDBn@#3%{=*-yyvN-*WPq;dJqqcSsjL
zs<`J=_&u}kHgNe>aQYQ+`(<!^D?IQ^*xJTg{N*_3#U(?^v8{Jcs=GRH=@)#d=A@=9
zbJ77%)D-KE@_}iieX_|N;(S9-lnHNZY}wEJ$~VVU|LO;gX$P;d{A%)UfiG8{4$b>A
z=V1N_e-rKwbEc+}|I2_yb6#unZ>JQleR9;+v{%s4i?JzH5&vIj!L={_%6$8b0I{}q
z6^~z#t2l@?q-##TbFVkAYe`{VI(2BD<`6OUdpH+A-E>EnT!uZ5m^j^|jUOAG3EY#0
zKRa>*AEp83ZC*QLmp)c8+VLZc;VchljJ^a+M_3<i9qa86Y}uMt8D8t7L+9$A)~#RU
zK27eZJ;c7z3p{)2-y!ylo~Mqj`1zpMFIB$p;A?*xn(jsKJ-kr(F`I+n^)Dgu6U9eJ
z^edla;#m68zbmxmFYHU|E_iQ@G2g167#Q`r`0`+%u44_^L7jr_kL=sNygoJ9xpzpH
z!XCS{jdi&1S?uIL8pFLf+~<zY>iSMtmx4EGuUfGHPT}+XF|eIxjGI?Tj!p6RA(MM8
z*{nP%{)6az2a}DRP9Frj`Y{~-i|B*k-vj)0NydDq56Q$u`#$hyK09nqE~{IT%iPeM
zG@rM>J%pYA@-U6R1Uxsv2lg`N<M3HsPb`Q|)>K_b3i8?*uVQ1te1mZ;8)ft#U=F(R
zkJSC{(fF-Shxe=;Z7yC_ZzOE3WK3o^rIne}tCw>g)4(TEG9=w__dSbGv3%iVA8+_8
zd-=@cKob1pUu<|z2~Xfpb7sZY+2;h_Zs0u$ehPkQ&*v4`ouV|~!tY0ze<5_YF8FlU
zgkY`-4L?pBe;IFd{270p4;VKGcKHK}uf#D=73cgf<2hfC{__E2ZyXKH%ZhR}1+E<J
z6HUr)n8M!VHQ?ma#sa-`kd|&^EJQ<(UwST`$R02fo$S4Ph)!Y|1C4*nOzHeK?VfMk
z7e>%+dGFZV9&jpr`Yy)bWV$i;WBO-4X5-btsjIwh$;)GHobGvg2%j&3zr*2o;q&=0
zJ_8ro_`C#q>VsB$!KL<}H7~l+D>P>{mwH*3Z3pMV#SfkF{ewNeUEIgI=TRFD!Q{YF
zcx&B~$HK6jWDXQ;8G@&Y_Lqm>1<%7_c-q`HJf9D@QSm#wjkb7W?zX0LX=v|P>Xxh>
zY$MH|xp}CKZ&GJL_+4$>;k3azS~RqXHq^Jfc<zC>_bvyf?+wX-73ANu$*%7i%HO8)
z@Lm(!!he$2{O(ZRTljXk*_J;m$a|xccec0V4f1Y#WGL?<<^7(WcQ1L1oV>~2j$e^i
zbK~t(p)G=~C=A;^((9Xs>bO#MJTe4ZF7E~0Bm6S?3N{Son@xJ=BSUb_RK6=XS4Tdx
zaVX!VO5ZpH(=@$L@^(B!zKg;z=>PJEhsvapXHVl03=?^G@UvO<e`hG~c)lHO7=k0l
z$qRlO$-C{_LwQFj@54i|7*1aB^B{SJpGU!uXwl+{(57ft`m*kO@1BI89`UXh@Vyop
zDxU+%8qQ$lxTB2RPR7vMpGQvE>!u|1kTL$e{}<ZA_ne9`My{oQ><P^^*Vr`o5pAm7
zBb9Ya{xl}6_pG;JUICB&J-W~*-0`{rnWgwN>E@(9d<mDHudS+mc3Xl+ZDsu;G<VzG
zXSelGb={JE;kK4PWaHxqyz%F>b(FTwSNHe+*{-{dHQ-<9qvT%3&&JN*O+3s4$WWBc
zoeh_GecTmr0KfdEhD*4g)<~{K-Y)(B+?{)T)a8}`zuyd(?<C=x$rWl6uy!V>l`5B5
z+DyPp0Iz_Gmo^FLnh?~+dW(ojz}kdCYZSGGb_uk*n;9=%TWCoyKN9S2gQ%@yt=jGq
z(6$M&b*Tsm3i-W1-wT<91ayDh{r!IX$Gm3d`+Y9wIp;j*InQ~{IZu?lsdcZO5ec=P
zu`7FJZ4+|+Kr1?C4!GP&pMte*Tkm;=xAlj0$FiCQ-*jO$?{n~?wTI2@x^2`8{+RLI
z(!b8^QesctI<5CObu_*QsPhzcG$)5c@7AyO@y1Ht<=)lDb5;Bo-*=ZVKW^_U_f?*k
z-r2`*#A4Ze{};*?R`!)E=XvcNeY|#)%E9;VP)_td*hAiPWS4kN{1wk{H?eLcGB^Bu
zEIvAel#i19Wu$w_&L<t~xGhRNM0?r;TtoZ4&pYQgM{XXEu9$+(7(jPSMGwc;v3htz
z5qkvAaSlAio=SEG<rmU^@i02G_CD9LR-f;)?ES*;{_Wz$>fgkMA^*T9Xg{AkI`Z${
z3?ByF`^imc={=uhKgTbCy-)f4pnWg&PUDIhx`(?Eok#7|CZRJk&J6Yx*}jyDHNevJ
zs&eF$SMw+_J;c;o*eNzGE9+MI68haodGSjo@YwvqKBDzYF717;J*I{`vt8P6a_Kt>
zei;t_wQpL-9!|E)`OtqK|AjN1Hy@S0KpPK(M}t0&uDBYUT?OtIfy0I9+wK_<b|UR{
z?Edj7Y`xa$|DfCdr0SXl>{Zv*pnKHb>b%<l@BM-H<->L(<KVe%$KOFe=%GAMiG7*p
zdv9@hmFI8rT>1Nt)0p;ec4_?Y#j+b}uayp58NinboLRs-0UA%l$8%&qpF{0YtbG@|
zcHhiy`Roj}|2Jxh%k=EHDW}-~zj*Ot@uRoT|6A|>leuHv+y6g3mUvk7G(Wcg5Nqsx
z+=bRTnKKgd(e+lFQN^5SuH23M@%HzfW4nL+kyj3VPWyj!kXJLYBW&QeVAtIPz2u*(
zV;^DL7O>-JUlPLaM?ODu*w1&4Nr>(vKZ<1gAHbb#3yxhOGd73)StEXs9h0#yb4IcQ
zS(m_`OJ_maC;k9h>0Re%B)c=Za{S>Vwc_<G=PWgsxl-p#-<3U%_^9VLV7E(;O*)fx
z0Ny6&vfai%O(Ax9GW)c`3o5%LOM5piVC>D(GnvPgjXaaTLI?b;|E1`QG0G@!j>&J0
zZwL7ZJ(wm@Z!K^kf77$b8{j?Phpzk}&krYLMO3GrJRNG+wv)KycI+gXu|ILX-0_(U
zqQo+d%aCosH?d25kWTU;Nj_=c@&seh^Uc7w%9r8dBqMeUeRQHb=a?;D2;zgQoYc|@
zOW3=X;UA`4H94%a?MW?PP)@lr_dG7%=J6J7G_AhYwikwWUA#DijYGNgS{binSGj@t
za6R+lI_Af<%#+3Jm+?)R<LsBk3u>=}`!f}*@Dc3|C12zF{TbyXGmd_lIk;MKc07Hg
z&{u%Dhm4&woO8FnoECdU6V1PW_2%D1H-E<9apj&3SN7YJ+1`?#`>&aMl6|thJq=%a
zbMF#<r!i+Hvu?028em&Xi>>+)USOQ6+kv0A=20ECfNFg8@aM|cJS#))GOzNhM;JYC
zyKPABIs8OkVED<ilSO~lN6)?R&e0WDf!{^o*|qz!hDip016m9`cSjDRb6GLzYxpSi
zSio%J|0SBe1I_AK`z`VgL;qK|PIcsM9k5yDhh}Df&8%Do|6~t0E7$0|)u`OhcN6Ov
z<8tGBQe!`%9r-+Dcbb*t@LnX}q3m1C$_mxt{)Ad!mMqHtgHibszty+ayI-n*yRW-u
zI_qglYzNPnL*&v76HmxK7dwk*J3e&H^S1wp)&Px5c=i0RvTQyK#IC3QQ1^1`EV76*
z*+cN7a)Eh1{~0ypaQ%I2eiJm3j1zrQpq>1`o7lr=bB|Elj=HRL$%dtpLC#sg+sx^A
z_)QKb+qNlKY8cO9{<p7gohAJgIf{QLb9az>4^b|D44rZHygA;4%^)ZnEjncvx`G9r
zI`4O2gl^cAEjx}o0xtHmZtr3Y^NAZ;{x$Q;jW?l_V<(WVv<A51p9gtfK`in7^59I_
zEPH#+D3;3}-D&fDLi&824OU|xngXvkN{<JA^n-@dA7LXwjt#ssvy=CQoZ~F9?Y)86
zOva)(@pzxfPU`oSNr`=yGSa1l1KEXbpHj|>#UI~B#-FSCQ|#zX_8pwuZEMS#6&Jz(
z7sCG+Aj`OK{dva^x(uFSTwC|vG}=Csl3p{BK1z@OPl;vlU$nL3jFENi$lZuw-3|=;
zj}HHJ{{Io2*mh<04_#HR)-5MK5gaXFa_W&I#I9Gxdp-XN&rdwtONa%Td$yhlPDALF
zd7O_x&+(FnNfAe{Tr2(0Os=TozOhs35iR(!>l{Jn3ysioEpU0~2`?SJW=8I5j{YuR
zKlS5(MCWP#id*2L4(^A~$#(Rv4rsRoe8=<RMT|xA%j08@9|xW>=1^wfGc(g^SGf2Y
zxKKL-%M=^jCBc4Ca%&QE(u={>{VQ4{+L@oapXdA3SM06&QQ6t-slvm6-ThyH4XqWK
zvV`Z@M)QjdBj0;x{Ef@#ZjjE&qi-4PZV=J1>>J*iHle$aJ3`}SjA4++gfg$MxOj0p
zbZVQI6R|i$FwF7e55uR8$Wz6JnnvA%ba1a{2G1l*^=v%P!mK4*k&WnR2RN5s)R@qc
zpVQmhuPuYSQFUKIFf}|gd#hpJ9~m+qUw<eeao3*F#(~w)J`WpXF|s^YzsV7y-_jFa
zKsUUKd=hzn_dU-Pn=L-vlSnQZ_B3j96X&safm_Yp53pnFnRG14?LCux2avIgHc_v=
zKr$mOmI&-k!<lmhMt%}?R3-||wiY?_RQo!uKPvC|BykP|-9O;}_GQy&9;A(5@jsi`
z26)3>Z>PBY*}=SwCIlinyAdB)<cRnMW#I*KW*g^;2b%D!7VgVe^{t~C@4)*4IwxOt
zi+5kZLinjH!T7m&Nxl_V^Zf?jKcekZ@j<Zq)O_$n#i{w=arzp_2aoXV|5rY!1NOoA
z;Le#t^T7)0#Ph+W{Ez2@f8@VtJQyF$=G|a?5W4*n^TE-9d~hCZEB9!3@i5k*;jBj^
z(051TH$h$!c+I-a;en29;#tUtsJjCs4-`Y9_%q1^gT0%|2Ct{=+&+20S<f`-Ae#39
z`YGYR?lb8>r=MK^qqsS}pS!Myn$v|JV@}s1PrNz3ci@~}#oTAU<dV0dz1W%4sla8^
zve?KEX--q7UU5}<4lUol!KKq=%~$1(<IZ&INN=<0#TjmALaIG)H!*L2OL@_%&7HFy
z<k%K&cHY=Wt5W3Ez`TCmo!gqPcO<Y+f)|uaR`b<^bw6z%2JT*D$p^@iH+laHo}H9_
zrG50<lynOET{<-VzDGa*9rP<?5B*8#_Yc73(U19L({C<%N%};GejN$itBhQ4;n`Ox
zYtOkjTE51!!DuNO-N-w4-c5_Ai{b?0>GA;O;_2e`SxYVzn@3z8h%V~mfxYm`P&{xs
z?G5x-(VUZCd@4R9?XGW1_NHK$2|v3szDhjf?J+$66!kyw*-&lY8rQb}=oP#D_`UtD
z+Lm46INYuM;BNjug*)62?vi-8KYrUMk%1i-_06GE$w2Geq36)<>;HS^&?l9FuK|}g
zhvH@6VbhsIn|VKQ-uQ-?H<E!*P<}8O7@gI}|NmJT7^Us_xh5I7nrA1IfgLmZ=yxg^
zXnlHU`YolO{}*N8jlkv6FJ1;7et(p`fAr*$WZ-8hJCK&5*HAKWGVeZ)44gx`c)ECf
z4wQlQXZG>H$z<SY+6$ilCEK2E9NpNaJyTP@`=5AK{V((WyYD+@_J4n}97j6y*S!lm
z7x{qC_7Ubxt<!ax7rSvB#_>1~?VrmY9?5xy6Ql6Nb;KF0!Un}&v@OwWR=sPpFJ2s6
zYBaQA2Mc0TZTlj&Pxdc2Q&#WWK6UZp3B-WNK7WL@J3QuVv#$3|><*8t`GUncLJ@Xf
z<$IXGxSjJ0<p#)zy+qun`HV9UW#1)soO1>4W2fE1r$>K9ZO`WU^E`L#qZgvXU4Sk(
z2b;od?4yO)NB`BfH%VWU-B;g=fz!8O4gv2@;BEVh5pDZ>CpIO_e&lZY&=~UFF$7aC
zJ|3Gg$$pm-yVm|rkA44IcxXV3f?%slbMVRD2%l0%rz}rpj?HvpV#IfKikG?1jfpuU
z+~c$vh)r<&EgR$Yn-UwwvyvTV!{^=pkFMy86&SSt@q_d~?&SSzyt27`$e1*SvZTKL
z-{G117i{7Oum3ZzGXeu`mdu+TtM<#?Dda&^JHgQoEam8T!i8dm>PC;W_jGN^z+}e=
zrPwh-c3cGZniBAlYWI~I`>hL4$A~_7T6iW{y)|C8#e>(L8kRQy(6E$QL&Ne{yT8=f
z78jPfgg#il<HGWq{oOxa3A_acqmMP*>B|y-+~C+Q<MFzldL@&>J$-FD^j<eadxA%J
z^xBgxQ}uu0!t@~D9?iDXhW||N(8$mkLt+=Umqm$Z8r+kZ7^@iesoQn_f^U;;6R0l5
z&Va5(&df*cGdAKP3^Rd`$;WsmxzOm5Oqz?`FUc?)k{Qb-^j*RE1vw>m?O;DpjBi>F
zdZpTIC7;65gp3)<<kY*=Ox~q-pE1p+ZsL6hYa01>UtM*q7rRN#tKPe>(f?lF{TY8T
z@7W)KQRj)H&MAyOWR5!C&O6+#L99jBQ+#8q-m=uln4UzA<Ro(W%`tMOztGdWWi`(d
ziHn*?{>{YinbFle_XAI;^{j|LgIrI(QL%ra?YEJYxnX=w;pfxG>3+nT1vN(Y>lV24
zgFD$QggZaD>tN62uPMwgH#4UD$#p2ZuHKQu0ladjC@^^C4eU3<89M5CeGk=M;^~F>
z*!#OSGk)x3QyckCq>nX5&WyYR#WRb|TwGXX12SGoY&4^}2eN0%pF6&7Y(KB~c_)2X
z&yU>vQ{>}`Ids&14(-dPF1eq+xG<WLGbftOy&B?&WoLr}WT)Dh#&_AOLTvXrGc<;&
z{I5zQhMF>WCOGGbCgrv-W_@;S{4=<F#6F)aBlgeg2|sEAm+RBK;AzSwa?jUXK3;j*
zk`rk6&Pf+Uo5+>7jhuRSrWrl=O!7rz*twRSZS?qcZV&&?oA%B1`d<M|Q^5Z&^7JhS
zj$6Lmntv(0xE5aIzV68Kv(4zT@kWov6lSdD<TwcUjQkq%b9(m8L)Xj(KZUFx|6;El
zwY)1!fcDdL&aS!b#1F@p3&Rt=jKO4%2_NzUkp1|?JVorC$xT#x*XS!G7taGnTHD5(
z$ky4!NwUxB;6t4EI?oro>nX<<dp36Y5^@&Ua(Vwni+zkKm%8KVlYMi3{F&Y_fh8VJ
zV6o4aY<oCogpv*I?B9P*IgRPqHRK!|B)65$ovae>0EEtU%vmqSu>!iJG6yW?z;@1f
zY(8fWC<k;p^XNz5f6r{=xgF$d-E*CBz+!IS#kpB;LTcAueqTxbbmm_w^TaE=ggbjw
zwoLnAw`?Icjf*JT25tg&EMy?|Enu!A4)U(J7)rHUgH3Z!f@#}F%M#Ke)jZqxxuPRJ
z`g`Gz_dePQ|CI6J5{8E5e3WyyWO(&6OGfQ@x@LI6Gpk0edKx)&pcETvv6<FY3(ph7
z8<5>b`DMuaIWsZUn5n$bn<%6GLOfhw9RjWv`WIYp^BoV@(*FcpdlC}6_5xQTeG4X?
zM<VZsgi+^{gXPf@%{N2y_;tyUF2)$dBkc3-^?&cqix!LD_WkQci&f`(-b-)M@45We
z`g<Ggc((t&w~ey(vUNODz2K`C9bc2Y{F_6`A5ZRFWth8~kIjB8T{;9j;>Y)(AgR8q
z9NW}k<oVs`nX*TXrhoL%S3RB#aYtPJNMoz+qb%UwyU@AygWgG5&Yf)O#Nero5wsya
z7~h1bWu!-RMuP9x0r`G8F+)z?lZz?$I<~I6=$pA2(A{NaoK;!Crd-EaM`u4K|DkEM
ztJZHz;7)A2zH&{een#wk>g#<yGUpEJ(bld#$NO>a)Rvw7EXu8eckiGd`5bhRr>l(L
z@pCy|Hi-^rfosWieROVm<mLqAmk&L782T{zx>jJ<Tx}AA?VOj2zK(wcIU1;oFGqe6
zKFyMG(%J4}JikSjzscRrZzxt}q%qZmS3A&`g_A6owzWToCwP{^e@nFb6z9^!7s$6=
zxz_aV0p7hq4wBX2&PuCU5cFAz*|kO`uD$DrXFL8^!qGdln+MOKPi*zzC;<*DC)^xG
z#u1~EcQ0)T?gD)??xO?F5RcqU-175|oRi;!&8NVyl=50f?ElpNZ2W)vZs31>pV#sK
z8+`tR3>U7}@>~6Fz1mpU@DOq4C&97GmtZUI#;0BP-07TJc-Nhu<?uDJWnJm58&U1d
zT?O3hmjpl9eNT1PmVNkS3xC;0W|xUP<IMQL6y#wqvFe-QsUyIDxZ23?;oFu0$i*yM
zE@s6R0w+upEAkco;IJDbuJXD|Nc$=IcyFLgLB))jMVyItBLC$Vr1d73wWU8CPA*5$
zQDy5m@5&~wK(-6vR%^%Ew54Y{hw=D%%7F2BXF<-G(z;3+!^Y9X1JDL%xUZgyj>4z<
z_tvX%E-e;7i+-{Te>m}>7vKKFU)*5tpPAP^2Je#f&XSIX@5)2$xeVgrnOAx@e6V-O
z0Z&(U=9T<n`uiN(JdbZ*fOWWLHhu!*v4;=H$y2q4v-Zo3o<{CiuDds!&)Rlg>uJuO
z_WkFf4WCuqJs!a4s$>#pXVXU8aLd1M6t+E$zYhJWp1CPn<q?lnFS&zmWan=Bt`R-B
zly>;+ooqC0e-FQv?OqI5p?$AHA$6QH{ghZYw#dSZMmc>juMW!RX}gPG&dr;_t6-|7
z9nW9zquX%La(x5^54a2HTRsW;j;|ke>sL}=wC%VGA5``Q@wD>dfOC-<1i(C5%6PPn
z9O8G`G2#~7vw08y>#imr9kQ(inbe^6?YZylg&yKveA^yPQlLo*G{Nq=r3|0<k_GHh
z`0cf6w?{m04LPZ`PL=)ehQ(!+iGP2pb{|r^R}a$e)qU-D{4?!RCca&7t!x=?{95rq
zW57c@bKYAYm1E@^dt6Sg6@&K+`7gX#<h~K?CTHZ?!;JidVa}a8mSt4gd$W?7Sw>0i
ztn5pSs!vjG$oweD;i@+FZ+mkceH9ssJRvrn{7X0EBUJ;>=AQ2G>}K?b64|<Wf8a0B
zQs)ojh-*S7WM9cSguc&W|A!2@gSmoGw(|#B<SnX!zq6pN&dN)8*N8ts3jcN1Tr%3p
z1u%yHs`nantU>P8^8E9U9HYNLEa^C344vELMPL%|<g7jRWHz5L?Hswv;jI>AeLTHW
z824AnbMg~-@*q5no>eJdhj=;;rZ1;j;i?Y&6w!$*3X$JhbHrcoH{M|DPnQB`c%(5+
z&z|7fVb;BF?#|5s7rzCU7V(+N3%V0IX<>&dBi>j(h~4Pb%$4+gJlFpY>eK<hp1;p?
z`6hk<4yTce#DF%x24>mz0%MJy?4Z%C{687Uzjowd8|5tKhXsz?_`jF`n#*ceZKSdW
zzek&r-7U<`Qr5gSd>G}c)P`K#nip;s9yy@XdW{cRDr<4yeGFc%);+-R?|dXL?6sFV
ziPR~v^T(j`EJCN^eU6dy+D{|Lp8N@)ljU$h7p&R|ZrMXuyv>@}_Jkwj`{nSP?Bo@Z
zu0n35p2o+WGCTg@#ud#m8V=E~@V{uCXcDkxRCtUrtvs=%O3z<^%%O{LTrk|23eFY<
z@vnOW`e@y<_xacYxR0xgP4yx_xMYuQ(?T>_#WT^xPwww1zD$StoeC{e(M=~)A3Tmj
z&#byyZ9(^wwcGhI+WigfYA+%lP(Qzc2mJB>(RXwCFE|93%8>uY=97zDK1qq=6LL(m
zF81+>_)L6aQcvUe_~LiWp?JO!-#2lukH)6_HG}n+_kYme_5uAh!H2@7`V<|%DqeDZ
z8i&efb3SGA`3OJAP<#DS-5Yu4@MTKu^YF(xY74$hg(m}ihTgNV9>SNME??Fl<ACYP
zI&eT<z}q+B@2&O+)8C(?fAL#NjUyXGi<T5)+UvxL{`U6Sc23_+cqkJd>4x`$ak3!@
zEyR=E=ytjX&yx-MZ&61y({ss&9_F>pf7~}CoDp+=Wp-h>at(XyCxNq#zGR=uc_`f7
z!a2G8f%YRi=ELLF$fB*ETeH6FGaIw!U0cz;jP+9c-x_?&qsU_Jr|SyxJBFM{q^|6T
z^Oz4WP_CHq2_E%*)knQHzs11qK)ICZ@>_>1mjpZWq94Dt(|!T;?{MW%2XZKWEW5ZD
z`E?s-X)zCHnpXpHCVBcvaOTO=`%VIP+W>j0c_Ml0jXiaMJRLQFkAH0QZ%XWW`e5yx
zHW;sHE#Hrvoja<qdkXliCbw)ma%Mii_hS>)^E3Iq(c~TzY!iw6E~ZSOEuXNH;gfFL
z0r4N!{JrlRS~pW;U!YIfRqx>Yt9-n9;mPa2=b0z3?_6lCTgHFQi_6y>d-5_qr;5w5
z^+ndwGV+XMX|E35(7_u5<jUz`&P>}g>I%()AMJC#%M!y?P3RlaAq3}=@!TP0$B1Z;
zj9)f7#>ME$rIdRScvSB7chNOQbKfAkwH+(Kn3eBYvg&U5Mt5?`&n=7f;0SYJ1vW#K
zuf_(r1KHkv?}~2nWNfjL!d2O3W<?A2HHWPvXAal8{<k`#I);8@mt$_rj%|$zR}~%Y
zWev=TeV?2hoxmg;wsOfWr5)KA_VTQHv{9wFU9Fq{K)F3Udka240zd0s5ska7yLZ~l
z)b;f4q2hGZ#yZ+KS-D>>^kf_HKj24ohSTT3a~e+<$Bx%rM$TvCKwge{^WPhbxe<Ei
zIcNKgGfvCSH7X}X3-5()i!A)7A7|eCoqJ4n_kK9H%P=>-^&D;2U{`G-|DA=8U!7t>
zz`=avVUT@>AA3t|S^2gIb(fWgwt?S<`mCB}*~6#6uj0igX+!n2zcjETe4GE+cNVDK
zdg>)2>(^u%&F8)u+!lZ4qqz~UyLn?W@K=18Hk#lWV5&+vL07ItSFW*jW#u@I*X;)4
zNwH*VSF$UJk1BgHT(9l>maC9~_I-=lpTe(_XV`_{qd<iTzH%9hm6<(WIIM-&ymz_$
z7JPpPd}_0UaSBF);i@`T8=tedi`&-cYtZLw$SVxLinoi@2E45^Ox3@d`l;?-Aii$O
zM@Ce0FZ&~M#X<Xl_yP`c5QKZa2Ol-E4_29r;qCXK!$Ej(A7jN&6I(>hf}h9zZwJoi
zxc@o4-^%~qIl9B!hs}H#wx{9Po<?AM!k2D^MeJ4rG3!2b4<oh@{~g`my^p(1brw_$
ze=I^?{?HxIB*tUw%oErrfWIL9)g>5JPmVCE<O8kzSJ}KP#1?ou{Q3cRiEd3Lmcf^r
z7a$*(*4lBjp|R`U9Qmv*)_>}0jFKs`gOvS(IROmpp=`fd<-Q6S;hsn6qbROVyMNY5
z(V}Ka&8(UwwX-%}W>kHha!07sLH}AyxgXr7=U*2%@V6n`LdGKt{Kh}u&i!!B<j_g-
zuMBMn9WB{SY%RaXq+~$1b5|B6X&;vk-68aXiG%Fpu=C~_jO`8Du7Or%#GNvK$U{s#
z2t4r^vZbTKjAs7J#w`0xzu;4!d!PQrA1_nqLvW$KynY7jqn$b}lr15@+gHaJRW|N;
z<_CAb<38c*e5ny)ArF)y^E!zk4(e{!m0x*`vFy@)u9Hk_ekb;WT<)8dEL2>D;>ox}
z^U2Q1;V8ESazUlTvr!jE@h}O`)*xdS?ur@XpP5%3zC;@jPq=u{JIQ#?TV5^tf-!y#
zc&KM?NbZED)~r{(`S6hH6*K>q&_*I<wZ}}X<gT$=?tfhEoCDNw4zP-IfD+CDmgpRS
zJZ{c80I?bH=zQ=W;{0g7FUiggwd`x*?!2#IM<V7_X941$F!H<{*c^SY2>!pAd2kW)
z;X>xc1^6Nm=P)P1K8LxT*iFwyDP2M1F!_l0m7}MOw$$cTZhKE$NgOjW$eWjq;7j<O
z#N3O2-omrf`Ai(-xyq;Ue4uRW=i?5~6w+rI^Ln5>k}OF@uE4m+%Gr#sknuV3JSVo<
z7cVBB6faJp-6FT$)Hpe(cGJ}E6~55Gc88Md8G@1Vd{Vi7GQSwv^b3fAe+U_?xM9(v
zKr#whvyOF5V>kjGBwM_`(-=p8-tE7ph}Tr_UAJD53-gKf`s_B2ydK(@MeV)ewx`%n
z<wC3b80{YRrRQaG)-E4Tt*^hJ4Xr&Ttgqy7ZzyAJ{mFGRw<+dX`$Wa%Hxj!w@$mh-
z*Dt$o+daev>s|%rE$Q%O<QZ{#f+anH`PPPfm@v|K#afZQ&|uAfiazY~l{np?dX8~G
zb5VFh1_av18x7IK4BL-*AJ3ckzcXPX_orE1<!(9o?u6dE@6ly^inud$*P}+m(|iWb
z+fbo1Z>xQYwtnpC9WN|%bPk>SYF<m<SYeMpE!N7M7>dvCr%c_)(I1lg+xV0x`sfPo
zr+FTEgnrxf(S>fTa(1^dEc}c$mbF7`(n#Z(Ais0$XY9MlRo*@_{ETEka4f#i{BPop
zE45L7<ig`Iq0&8MbMbOR*8=CM)?iOBYQ*mI7$3<g#Vh`nbC(iy?mFys{#4`2f=u*`
zRL&gScrxZ#U}Hi`*ZbJNp5nJ+ucCYle$}x)WsE0A>`Lx`sho|htaEi0{2mt7A&<-X
zUjT2AD|1mfdPg;NE&7q1UZOI*XRPN<gpb##JfF^|jHq<>tG;e@AEBRb!;>nvQ93)h
z^!>>D4%VRp+L!|_>S%Wv?{%h8>^@UpX;t@iPvhg9<)y~H%~%^pqk~MI9WAD<8tPu{
z_95HMVb-w4#4cy`&UvheKK(~m?%qkhet$3Ld+?(*wSK+dIQD3<&)?-YK6-Ql|F0j3
zjk$N_?vByM){^&E?mlpZa}IO<n5>A}=KSmcc!TG34kJJMjM%x*D>!CCq^HY_b`Z1o
zq~tyC-lVRrR}gn7__%3z(IH^E#+SD1$gwz>5{<2$oRJO&QzkG~vCj<x6LyHLIl%NH
z?Mna30w&>9=SmJty0=UBZgHLpOxBppNVf~qT?c!CDJ`~zx{b^cWXG%VV_L(W`&T@d
z42o}e88Sfeh@y!{`=b9K*A{dQpmUzf$K$=3(4+m&BWH{iKmAjo@(p&Cux5w2PskeO
zj|4^)cc*a10{<MSdzX2;6nir=>>Bc%FptyEg%`DciYFEKS7NW5M$gxQ*^#3sUx!uS
zu7{mYdav4l^KvJqQNLg3x8gV+#MZAh`T@Rk*#G+Y?XB5b590eSbNh}`cQCuU#r`2=
z?;-pZd+~Wtee{ScWg{=*ZulHvs(&=yKBHMP;10R65#g%PFy@PC&C52kZodjRv^NMP
zYtP}YkY7a^d#DimIsM;Dd;RMew-?!EYL1s_#ZJv!smh~W?#i7vm;0P$gU>}SB_P9f
zw@-W<MI+9cQFa=AOmzBa#TFair+g-WsRx+YvxS?d@F_NvDzuI!j;m>&jV_hPcX2Yl
z4B8_>UxQBtc*|z}&7pqjmmPZmYp`?PaBj_l`5!pv4SP!+AA<zeunW4e1t5c-2iLL%
z?Cx-KU5KCJVcNv}D`QL{#-u%`WQ*bQPW;%i&6L|6JO9w<2tT0@@zzxOJW=mq-JHpN
zAnP_}?fl1!Y#L6xR{1_sV@owY@`xueX6Y8$Hy8(20hjWRFTzG7U7>Dv-(3=WX#Zrn
z!Y9$5a)l4nnFQMu@gC>YgZTldZ`-fOA}2GpMNiHn%bT<Ff&KA~S)Gjz?9*-7(_-hj
zuy4lJC!ImC??X>QrZjv&{1E=M4eUo6?!@*C4FmCQ)&G5eJmh+9!JEhN01w%Cz*aqt
z`c2>=!#>x}h<%5#$Y0muT${T^*w5;|Gx3G|D<r#8W5QJj|Fg@d&9qJyv%D0$5M?dz
zOqspsef)2o>+qE3{Nc;UXR?Mne%#*!<7cId#M9|c>Yt2G+j#HLY4Dh5@$Gi{lw1+*
ze#UQGCIDj-XQ4V@t#k8(uj5@iFkeoa_PHx@%i2e1@1Qz*)~5WL$ij;#qxQZ|ogi^p
z7IvAOnijU1HM3+h5r4${hiJc#K9R4zE<S|MNaqMXeIaKgwX@_`+QHsX&sr+eZ)l%0
z?4$O{vavZi&(2pan)#dy@vNR)HR{*%&+vRQY&pq$Vl?dcrNDLn2=??J1CFvL2aW)6
z90ZQu&!Dpw)sdT_@%E03vH!=xk}g<2L+%pFsI1=IcoLZGGL#RqcAO#nQhu>pekT9>
z>xRyGUdMOQ=YR#A_5^aAGs#-kJFRQy6iYq?Vt-UyHXfX_>Ny{CtZj`Sf2_YJr_R8!
zhCb$44_)ev^;2GX{tq_RqHhm9RzLDrV|{ACSS`jn)R~ELiD<7Sf3F(lJHnnJJc*a`
zXa~QjN}PEYS?Cp=zO+28?~!}Uwkgj6>!h78fpdyQ75GK$rylmh>C3ReA7=e-yX&-t
zrgA*E?WNIP8Ra^dN4hslZSP0sS_w0;8KuN@56+#`)$<DW1&8QQvRXb#=Vuw~w(iJ@
ztYbeyT=aoL-j{KgM$xf?>1EW}lwffWwgdM^;7<Ky;FqDC{?;60oHg#gNB!7ovae@f
z#2#WsZQc4q=zhKUIF=$i&!X?UHix4-k#!+to$T{3P)<IOGiujxS9JJM#`}tL@Pt`A
zRZr_!K6vUz?#YK<I%_*I+uExw;oSnpE4}0jz9n1H*%r+7&76VleSyZGFw%HVYmTFT
zrN$a4x1RIZH@OG%F4iIVIiT^+;Q6=6XWc>Dmg)Ff-ocs7P-heO!281E`ShbceCUAt
zp~v~OGmFn(`91rAV^5xJ|E-)|o-IOq#vr~9b<mCc;P(A!(!=WLLq3fg<-0>)@_*b8
zTy5w8+{s<JSLed$Lv@^uNiTg9o%0C#qH=R;f65$Rv=dlERrhp<@WC#ai~Wyh+!@$#
z-DGHm&aM5e&M)sFXUD*LGpN@|U!hU#cWAE&I^u&o4n4d=>mhsJ23xnNTG4$eb3<nh
zf~T5xSF!Hf`xao)zU6KDX#<uIz>UT-@XRtke#KzV|2ue$@>O#w%Q;Pz6=!>pzlY=h
z;n*MKH=+HN_C{~gN3JhxSEp}g9(KB<=V_ynHe?Tal-z)g;ID&c8dt$6>>bqEyToXa
zU$XSvz35H*&?$}7;S1kpUL<1E>qunZ$DM{{;6I0QuP}!GvLgW-pkqT39WCYr`@a0@
z8~9KMI@<J-9b7zDW;k@M9!AcR`1kI9vID!Z=vNAC+Ea?h>ljyny+pm>#;>H1w(7vO
z%2D1fr}ti8t?oIFSI>KH@?7;S&T-_o9fY>R-E6f7UOb%C#^IzEoUC$j@~_y<>jvN>
z{w%?vZC|VodJ;ZpW_R{j)-cXK@k?t)XX??Ke6n|g`I{6QX2mkbsy^@`$A0L<r)#Y(
z=rAjvMs92zVOCb~9klSr=XVo%aORS`XX7%nvi=A4S?swgbWVf(8Hasz{M_7~S)IO6
zo;BROGML+zRgPZBej^WBHwU>FXZwS08)Il=|0&w|n%l+*w~Y}-v+|m?KU~<|VsXxk
z&ejR6dAZsnkXMnM$rd?iLf0<qE|+f>a;=^5`9Gzc&Z!k^`E5~F=PS$D8#f`h$&0wC
zWQ1}8#kXbIZN2`3zP9!xq<7^YAKqZ^lI=^acmbTWO>)`_w64qQ@CEbA6Va1=RuX=i
zNt{_WOIAeD3*_^Gyy)2pOtPP`F2#bJxjN^pX*P^`yw~}+o+t6Unz#h^sEcT`rvQKQ
zLSUy&=l(wAdf9lL#d2O<r?c3!*jty#9+wf**@2bNc>6|th?X<9c4S@-<EtYtS^qHx
zD)#?!W7hQ6CywJwV{BnuI~k*7(sF*k#uz(%=jAP9Y&v@&m*s!k*!F$h8QXUmTQ_t!
zzERli*L-LGXl?Uw@P=FNTa=T(7xUqOa*>9S<Ne3%@W?>A_Ki7Uk6CmTJ^w4myche2
z==l;dqYT{EC#24|@$2~aG;19YKds?8`|2dkuX1>*ja;Mh)v?gy>xSWngKWQ%aqA4L
z?*5V=S}n*1{Ixtk9NM=1wU~cf)SvtdbpB@{GmC702KnO?r@?+)JTo7jv+$eFX1-uQ
z&>qe92_cUZzDS(G0q<VEh3EaNk3H$qqCvFCL5>XO%cXj1XE${R?s=!Nk36r0Jq&*D
zvfW7bXswnXiJr9}M>nmR6Oyj<D`aI8bE=6srC1S*dD6z5!uK;>_h0*&JDNxGT`-W#
zetv82rSd$+JSb-Gt~n*$V&J~lzqYVDid|DO)R8CVAo9epZGMhCF)J<wKeo&@jjr~Q
zPA((s^l-?wuiRwVwgAcHlj$uQuW0!Gd`IWf{&@Stj(kszlkay!$GccVdK1#RYB(>H
ze$umlPG~W7{gAO+*~mbjRq=vk95fcaKSUnL7BBxEi+qXlPe?>o>v<V|KEk8kD_=%8
zZK$0x>UKzGfoJ$*tKt>x@@f-Y3)VJZy|%jKhnX&~$u|(%k?YLiwL0q8!E2?|(ON5h
zsexa<48PPlbGM-meo-HSLB3udEhQf%*ZXM6IRY?yv`mMV`{QUSd>Fjn#xvn#+u`1=
znp20NyWSN-?~;V@QT7T)HP3*nS^DeA^re&0%agAKhE;JU_p^F-@q%~E%C+!nHS60l
z;6cZ1uKqi-@?CycC-80z&sYNw(RT~$R}D5Bbfv&t*1?dOGC#3q`}nz^-kG(AwT}6o
z$UgXZ*>>)PeG=N=bAQS1D&%+;vOxA853kk$yh4ZOkZ*!5Pc+^ZaMMCQD&;;Azxr7N
z@jtBSME<9?KEB?%w!B-k-7el@Z`7nU&djPflixqx!Mqr99V5>a^l;WO$ERqhb*vuV
zU=6m{G4aNIy(PO{UU)^kptJSAd(iPK`V9Ql;hU95oo36NV6UedN3}1d;%VgO?-|bx
z@b?GsNj-e8vAhJ|*TZi+k!c^0qxvK0FTSr=o=|gw&G&j9#V=E9vfhjDKLRJhOO!Ut
z4>|ljmj27C**}>XF;AXOgvX`pdORM)zO8X=qTWW@vD@bN+=IQg|EqMQeso0-vgsPf
z10@G~x1Nj-m7C$C+Y&hc^>Ge-VxA$%4llQ>H5MOH?xOa=Z&l#>9{8nzdn#IxsR3k#
z#Ya5TbPT)xr;V+R++p_mJV)kO$*B=?t44LFUVPm!{2T(m;7k5j3)EgN_TC3+Cj?&4
zhYv%XnRMbC*aJR29p`M`t3UOt{WtnnSG{Cq@19q!g!aFp%Lh8KlT6Fi{xHzxC;lmv
zx{-J*&PGPnby=K^OlQB_2CQW{##Y_8_7t#M$!U>J+VInc->}cWdeVr8{E_w`z<vjG
z)!cs49#>lI5%t4<DGwf<&stDTTvyFRJO7!jYvuEN3OwWKS{h$FvQ=aLJT`UK!>%2+
zjL*s|L*CWl%Wx1su+Px$2aNj(;;>%hT!p#XkjGh1UY4=dGE;XYG9Ilpp{Z;7jcFER
z`be^ovz1_`v9*S?l{<k|>!ajkI`}#`IuPmb_4S8s!98n{y;A-sX|W$tr(^WQ$l=`%
z&F-|vof^BA=RxQqnn1IDG;#FK{<tupuQy)@;zBY;_$Yy&I<N=E<772?a9iN{9`seO
z++Nn(;yD*oE<@*3dEqWWbs39CGxXw^hr`fNI2?C!9Oi>VHt+WNRB)_wK6UyaIP4jn
zY2$HV--F?^SoOhW4?N`Ias<!roX!0n@P}*~=U{)RMo!(soX=*h>j1|ZV-52`XIp7}
z?q<$qjY^ADA)DrXCLGco4O49Slw_~V;<X5K<wJO~2fs_nrzy}2{&Uym%vc5MGG}Yh
zF3FZp^1s#kTTWfS{PS6VJLW2vg<`ch=Vc8pK;Ogo!g_1_&^h`ZZ8R}2v<6F8tFG;@
zt99%SN2O;87PUQ>9OKI0M?4~V0_*J@#hE<Uc$#~9xBfe@9%P-?T8e+)*)?~M{A`K4
zriKz4mGggo88Uhu{c4VA9&QEBfw`KF+&l+g7Gmx2>ymCH9ul9GzSFztEA-KhT(GDo
z8^kuw_n7B_AMq`HcnjZl{1|0=iyT|k_j#6s?OV?^o)ga2pi>DjwF6TF?Mjb)mAYOW
zjrAWZcN?Wf!y~-2&_k_Z(08n%J+*wE@KtHG<GB0VClnijF2P!Ctz7w->emdYUxr=5
zqKz`va}PhX-Rwt>A{!T+hkdAmbyfbi8rvnDbJa8FZh7gv$UNj?u{p}tdoD52%Q=fP
z&|@OVq~u}RC;IcsSC;&+{>`9#h{mZMVq2OOcd`HI_VF8CeoA!9b|Ev9keT=(#pb$o
zEXEjbXCUW5vusikWP(LK$?bWxZC#od;qHR@1;md%!+g$LX)a9SSq1P`n`T89^L{R8
za!KXo+q8exv!{8cy@2RzxZeZur}avAU<!9rMQ?DQGywPPzk14;Q^h*hWiJZuUcIEX
zuzNZFVDpEEdo)jkzY1jgE_ZL;1q{oP>ksj4J9}u!xaIur;y$%yJipX_o^0;}LfC`V
zb|d3TV$AVv&p+C`RrZ|y)bq+o#z{_#hWH~imv0V-L{n(3z45$kbbjqSMfZ5z4wVNY
z9w!F2+iv($YdW&pjxpK0=K?2w`u7)bj*=2f0#65duirhC)f~%?<K?|yOZrMSXDk=+
zOy9wd3yz;Nczo>f{b%Vz&t5Dt0zm_N8a6QW(M47molA5NOHWR)b3wFYTNN$6+z^AE
zOUw4U>GovX9~&6$bJxumaHqkaopaaPnq>Pta~0>VfBX;G{f&mZ_c~{xC%aSnR=3O_
zF4lM*cn0nvg)@z}<ITSDvNz*i-9mCd1iEt2fo>uGFM9NX-J!iJA6-NK2k8UR%<!Yj
zQ^}hTKF=OCr~4&yRODI8yiA#gm)+X^4DVk`9TnNgT+D$-*4E+=O-_<M!^5_J-+W>o
z-i80V;gj+mI$JP$EPM~LM;Qm^P`(Cz@D6BE1|0HPzk{^{cy`%k{Ny!YPGfI8&<NhK
z8QS)Fi~GUFV;1(dGV)byBoBf3vxa*kOKD4c;!V^mpHvw2qhqvCH<U~M4(!x(N6mdf
zeh+2D$d(`z!px6F)Dgc7-0zByN+#jM2%f}8%kIY?-*@6Y=gQF#WIYp(YrmR&j_`b(
zzWCSQ>C(6LPKWjh@bRrKeS6#St>=zqi@nZZG}hjHF23{2pp74U&RJ$+q=GsBG&EQX
z4VITLw`uTf=Zf7Am*3j`@~Cjt9&D>V(E_^Ej3U;LF=jAE)myfCc2w;sFUNA$JaTq)
zRd8oU1<$&Ck@eWFB4wtv3;yQJW7q*7c?N50i@TFVBg$LgQMfAy<~O0K#w<R4iE#*r
z7r=vq@m_{_?e%apo>qq_dz@CB(+o)~c%lS85v@9H9v_5O1M)*z-?Q)5wE6m0_R}wb
zuX*4riSbF+y#U`nl$sdP`PStR&F=n-IXdzy%DhLJG3B>)zs&o;q>hekH%Hri{S18l
zeKUDiugllV;p;ym_r%xBHcLhtJ@To+mTmL3K_CAMSj+w~90g|$Wg~bGUhOh2U$d6j
zd|faYU!zCG%g1;*=*{J}pY+Y;foG(Dy2d#-{EmySkFX1Q?S1oN&V=U-mOF*~+n$_5
z9_ai~J}SBF7j<5gnuEVAd}<Io{Rr*aehTPR+An)C-z}5K<qE#nVY?S!WKr%Q_d%nJ
z*}2heJrQ2$i1QD)!-X;a?5kfsmAJCyZrRvH#-P4GlCiZH_m{D&=G81%M~p@db2<0A
zWLy64K*l~~$50y$r@6d4*!=VOJJl_-mVQrW`*7kI99y2^q_9P7xrcs(H#jll(h>4b
z4@b`@AHY@5)vgci;l3sA$;q?tX)-FW$2MP09*euqUBCVbY;B>{?3>`FZ0cRZJLl|F
zK5l8TyTL^Z`%dM`mM&QAo6xlyS*J5s{ocXvAo^(svdN3ddIx@W{5qU{(%;cW32oHS
zhV)4Fy^ne-A0OxTI`zCbx8E=iP4tY3l=ot=9+%w<d7Mal;tQij@kN2ydhk^TFEpKR
zG;hD(h&D5qQ+?Rzna>vEs-vwkba3q<B-6EjlU)8bvKCvEY}gIx%yu3gjs0Y{0Ebqo
zv3B~DEXw73(0S81^t?ICmdk<IuiQ4yj+-|xTy(NC_rAH)ir>v4=FWM{ojW*#(cV>a
z=W*!p2DmuPIC`+LG&8S$EZ$&$!#yvyeMa;OVv|2??|&S-<Qnud{a3uK))_DEQ1kFv
z;2dlowlfc3V;=VFj~Kxo_FIR*{ngqhL9f53zUFpD4*L9kzG!v;-JZQtCiA)-x-_|T
zVtumrN_+V)y;tz4oiyZud=Yid(g@wohHgzR-I}0V3$jssAX+$U?1{OZq&E$=u4*pl
zhWgLtgez(mZ0d66viSw)-Dc+UdOP;qXqd9+)cVpSx6HRL?9U%YX3c`@fKz-V{(g?%
zEyTM9p1sc2%N_$C!ugdvADHW+2KnyESB>W$%H*);@^sP9^Itl|ee^k$--dWbeH)Eh
z3yoa`$@N`3q5U1;In@a4+J+s)?@Nowj)DyVJ4#?kJBn-oZ$dNqs1}hMLq4jLfkC|J
z?iaVTVlz6=Fd|pDuyMxM!$G-iV`(3q5$VQ0pfb}bb1`MM_p`G&d3&zqIk_C8+VcnK
zPh*Ui<6bVE4=*$VgFSb2=9JhX@G_iOsZ-sz?)kQO@dMwcPCE1GapqCo8HG{qi|Cq%
zKEu8YeP+%2H9wdgUBj9$`&BD)&6c06Katq%sLC(n9p`vmjjVTbS^uT`TIJ>4b6Ni_
z^j`Fqz~0jxo$md~=<Ix!1jxYy4@x)8&2x12NyJ_Bpy%oRntvA$o_J65z&ps<<G#ve
zUAp6Pe8#nAh&@qYFc_F)JsDpzL);S+MV8t!u@3!Bdtw|?8}2fV<`B9}o<H2I{b-)w
zXs$<JwC`C553(yKy86%O%a?UeWNdX^D|X+@eQkGFlyw(<BfJeAduluQ>ExVVdtBD;
zMRP|O(=POdn{()=?u+4O^u{aezlfaBJ{K9+JK4yuN}m{+G=_b?<b*%m^R{pV56BN&
zIcaiIjOGsIKeCKz#Xh6C;2UOl2Ys}CM63h-$UnD?HY~;wWL;=SmUMtu^}F5hS3Cv(
ztB=z;*PQf?`$Kj==(O>DNPekJ`4mj%{5c01+KvtBdU)#7z}|se^4g2xH-k~9^2S*B
z-WtY`h+RLa>ZWe|XS+=P-$h?-=(%Q9`8K<+aZX<vi=NN*)ie`pwXF#FSewQbF(%RE
zd%zuJ&s(<-dj@SJjB;_3dLpdiJ?7*qqTyP2@JutgYb`vxmS^w!)~=stCPm=cUC<J}
za@c{lp-T=rcpl@ab9L}Kba3_C_HOSM(Hh-3lIPNTKD4fYk3;1Z-SeRJ6nJAfID7gp
zy;~~$HO&!!Qsk?^tN4)#w3!3mSMfi3U-+@KD$Y58Kb?C;Kkj_OW`4qaYVG8V6#l-F
zcI|Z;zWBwzIkNfl7ofZ0llakXCU*P5b7`rLZT~P64!jL7mZ1;dyDuC)NX+4r?DLer
zs|;MopJ>w=#-cmnzdH7T+@ZKgdq;S+A<=K|HxCqTty^!Avy63f*W;tDU1>hfOg&iu
zuS%B^Zts9kwk4!R>X3V7`-uI+-=lm<IC?kx$o&Z!yRK8arhixQnEEcoVHn0La%H4<
zh2fhQ8B;sHkb7<ZN1l;yFopU-<t;Of0~4^_D~7=e8e8u~7E2Cor;gSKwevH6i;wF@
zXGOl1kQ$NxmJ9FuvHeG7Z>MkQ+c1SO71Lh%R{SoYU+BQfM?YW;0pL2qx8fms6R;JI
zvU9fw^iDR(_;<DV{;{VGSiaOQ3-~NxQyfNUvavPu=<MBT*qkK4o&+W<IWyun(jtlA
zOy{6AS)8jPGcREuxN)y>U=ndGT|EC++KUXp!76Yt6wS=cKAP426<!$t%g)pK!*a(U
zu;irmhh<;71IzD$#lw3#W9!fv$wXsoJ8Rhz+L6B0ain@TwzWsI$e){;oK8$-Ahv*a
z_x!uVWAXSh;Xj>8cEfum@Y$VO@BYq=mZT`(QGcIf<w*PJwn95k+7~ZS9y_OA$HT?l
zZ4YO6m%(F-k=K1Ky|RrXkF+Ol)!BeAvr9fvL43&u<zeV8m=`0rXG4#6_%6+tfRALF
z?N3={k1Y`UgJco!McYiqFCD-NI6A;2cl^OI*l|VcWGf<H$GK`xzB|}`&V;u6dDaE&
zqVZ(xiiz+<guWk2NQw}<+3;*aVq_0CADv%l4UO^tQl5MDw!^pR^^4XVowNHA`1YaB
zm5)9}8!u2l!spr1R^(;&)ZbWTH2ep-VB3ig-A8<A3-O^lhz}h*$%!-b>`LN)czt(}
z_*dmBE&p1$doJ;z*{tib^)xeQ?KNSJvF;xjzxZChpqu$Uh57anus>^NMP4p6$On}a
z>1AK9eNF}TtP0bJ+yd<4V-M~Ka4&b^ewKcdun(+D7#$hSd=T81fA{0TJrB6&QGed3
zOs<(ujI2d=EeCF`H-Z}-B6`mmX7q9PL6Qm20slR$*XT6dVaS>aT-yJfjL)P){ofj+
zK@Q+kjq#Vzz_}yY2&}~)GQvl?vAr(9XLm4Wol9u{XYz5L2V%GKTziJ^&mLN5_HtTg
z<P_R@baT-s?z}D>ZDUT=!+(R$BX=$M4QoNVFD-5@aN@N7iGJ_0*Mf9(0cS0k16%`T
zRLJkhsC4M7J@tI*Ir1_cd6{O*OU<cxdAS6h6QAYMULVcUA}>Sdlk;U-R~_RSj4xk?
zFUP=_@4=V9W<DKYJ{cpbpGg?K<LP$h(>~_YRChid@{Nvpb7~;nUOWYFCNe(prmYv9
zz@LNf>&8Osq4ql-?W{%N=yqgb3Aj1L99Rr)s#tRiSlgF~hGyoV@-Q7bP9KvVnZ(+m
z_5Ae&PZp-erUR?a>4Usi9$TA!_*V2=@1UQ5l+iE~Iq1>wEqE<0IU}N6rSd_{Q`^vR
zrz79kQ>4Y-)!L0*^dT3MkS$LmTd;XYUPg|Hj%&@-$XdRWkTccjb}dt{I^xxnOneI2
zatpHMS!Cji@XoG;<jB)}#?Y^5_|G;CM-NFu&nDSNzYJTpJcLZVC0@3$PL)sUlP&8R
zoA_GvYg^^4MaY*|WSbmnZ`Md|n4xlpdH&?mTlR7O@q7#Wa`s}{W9Fa}I(uLIPuLe7
zWN+Bv?hOtnVi(1izl<EoT2Jo)uJ+X}vvejdSy!UFAd%lIs3%*)R%Bxk-MR_CkQVNH
zZCq6|3qPR)@+TW;4+2*E%(QoP0<kyb##rHx9wjFL_QzNX@htBX&(iz08-ug@!CCFA
zzsBc*S!KQp?L9s)_Pk%Ma~)H$H?K~n-`EIeERDd?@pfT;lWcClw-ES<i+ok_d%bTP
zPF&CGRkT;jr)HKl%x#mo@_vEZbZjAByX$DzlXYR*+HJQV&aboECr_5!zUoyEmn<|J
zR@&dPf6pa9Kv9%&9?v_ia(D7xa@1+pY^Ze0f4LBydyaGW?7_=ZzzcWJ`gHFsdNwv+
z%ZrcXtUiY^cfOQr<73Uh_(<)u*td1C?w7GovrL^!g!4PGlYD`G(aE(BJ1_~IsfgH<
za>~elIgc`l<X*zwpjb!S_NRLO5ypA6;q?D$qjEFzxPD~Kg5amyvJCv+XHj18oUeM=
zvx3-D*=IIS<$pQtcx}JHS@9Ig>8vxGwG~<|no_l_dpUi~XRcksoqsyVY@e|)OTH<a
zo=&<VTjw;Bojv^|{H~M!<k*$=KI^<&f?a9Yekadj)BB&Ax#{c1EArXz?R56}kG$o?
zLZ%2d7cXV>E4+vX-Z(8_(4JZRYB^<lcxLaTJ9(B}ctK?c-#Mn0cyz@g=<42C%e}x_
z+ih9`=N<H?^{^{U&XHk?BQayi?~)s4kTa?Gc~|=n?ik?<@y4WyH49$-qdUeX=iMa6
zxJ%>V{S9vWhp}y(%oe`DEw>XmPA1!f#LN~2bS^fGd!57id(xa-51hjhcVxx1=5L=A
z>QdgVCCJ#Tpp*VDK`$yBoft8OhoiadA?m?x3%L<G1IBss|G5+V>Re3z4D5%iw(?)P
zbOLef-22$jJ1N*Tn>MtTw4iryLdJ}tokrSlbmdge;Ei?iZ4)oI!mIVPVaGbbtN0Vx
zdA@XCSO_^jj}P<XKrU^{*Rz1!R5k3c1OxX|J{lrczCi5|yE#}pCS?b<a~18>!@mRj
z+{C<6e=6_wsr(Zq_ukn(gEI`>ZK*M9y<7@B^JvGw-{nl^xArxwh^LS(_AU7K3CihC
z%E`1T|F9g&G$QMNL>`wtlZ;B~?iOw9PE9>aV-7Wf2fdp^+ijm)`KTW|{<2k$ZX8BO
zpN)>5gHACCouVSw(b2j4*FGcD9>I@}yNtE6Ey3C~pY>=;Tn?8ycpy8(Ji!0SK1)v_
z{zGR2<i+?FFmx!t82L<BvETIr7qqtT7aj~xrL3bv;pxxt??60BUJtg$&FaDq0{(sv
zFAIOQz$hH90e|bj-$wBFJb0=Bf4`=T@V5nAZ3IV~UHrK=(*?5`L(S;$QSu)gy@}r{
zcSo{=Q<YcTQ{BhLX~50_7?0DsL2x>sez>n=0e5*UNaDlXTHv2{|D(6gHX7c8KYx8;
zb+l#pj;67UYbqZDS)Z#jzC@#PZR*;r0=}O~eJBfic4b9sB&&e$d8uo%-s5ihT;P4$
zOirrcbB&plBs*yiV_r7eAHlY`YcBK+DaH%C+u^h)v&65Z@Qv_UHvpg0U4Hzn?oFo8
zr;wBQFx&Zt?sf6n@kL|&kHMMFL^LnwQsyvo_iEM=`Eo1PPWnLmTlwAOP#LF~vh2yz
zZCgyqz4vrm8W*sbz_1)15dV8+d^~f`j|SIMC9nJT9;va*fl0FVk%Inb1nR>g7YF_e
zl|{^J$yw<+R<g4$vUV@3VP5+wC;8_7=Ij?dk$)hMG0Y?WC&^s3Ac+_hY<-Crd@Fpf
zd~nL4Pe^$_XuAxVq_Lp4VrN1xVl2W*5d3R>F_BTf=gb3oOj9g=!8D`NfL<5!TkDSA
zzvjF@uMU1@t*ny&O_OoX46Uc}XBCnsYP*BB>uB4cuJV@rLT4(bF~fUr0i)y_V{yg<
zoPs+@pY&npJ5#+MQLp6K$ms+7(L9c?TgVtS<^tyYUX7pio%hXxrHyf`&BV+wzR8Id
z?fkdn!g(g0!+Xy9KrX@f@fjzK&loV?-qnr|M|bgf@++mV-l7YwNJUQ^-k>uW>8}BB
z?v1-lurO}%h+z5+JSiNV1y2)`j4Pw!_-YnBiN2<_x{fg&=MmrwJ&<~ibd7<!6f$l>
z^=U@4Voh?(ob?zPWUtjb&aPSTr+0`Qq~A@;lWbjVA7@YP=qQp=#qj01)C<u@Ic->+
zAz1wP+6?ks{8x{ky5399mLX?j)SXBCUGasAnZ^E5?ZCDcJ@1zCWi!|M@fk6*Uk_p1
zRy}AjwFY_3+#V;LYYn_oEI!2cv<BFo%BpFuhEMbOFWzR(23kw|>m5s`*DTn=SZXL=
zcyr%ao?$Gk&G~0C7U>_e-f;ArmEiU0imRZ@BIvUazwQOt)UHI=b@ZViurSW?<&%7b
zi5h_zW5oY1N$^G)X8|xv{}b%`R;-z5Cmaa}l20Y{sd$@0U>5yGqXTtwzPFo?)`}Z|
z!I2k(!$E*d`Wkq_8~+qy<>tW?m%y*jz{kSHvsKHs?J<)pYJtJA<>PCE9P(fld?hw~
z#ESt}6R@MBRv6@jdLKBNXvdhF7twPQ|H93h!!D2MJibp}kz?(*4(@LJqPM5Wh@EER
zH6>QeGwF)8okQ!2xr+wSY$ka?U7BsW&Y{^Pbj2_<6Rlox`&$m)PNpmV(k=HzU<eKi
z+j}SRCUYuZFx>!5%+FV)=Q{h7anO7`w2$ATn6c@|)3y=FU1Vqzdz25*DgDb*zcSdo
zvfCe__O(xP^yx#_xIDxhFQCsY%wf$_$=F70*j^r;I&`>l_*8OgV}g^1cMmaNo1jw}
z_^;=aZQ^ShKrX{aFEcLb4NG_~z3V=5m#F_H*0C+<3QfRq5IuAq{3jV6{IGWmbg$G|
zllqbFJ4Jk>{@Ay02j~g9VgYq?FYZsDeHYa%*z>kCr#4;Yyjy~Ncmw^ulyO~S)7)sd
z*~NbXbkaI?J8i{}y@fSw$%r|jrNA$~C+^_*o^%6sJX|Ukekpagf;WvrV?bZC*CNF-
z2-mluQ>zcvvB<f24bRJ&BOWeWKhPQ+h<(m|K5*=V>As4OXuS81?t6fR{j!}`cB8BN
zKFAyp4Q^qq>er*e1ZeP8V62wz%NkRH?p8_}<XDe#Il^$q_h!<g8<Ej!=lZyIN;%K<
zyR_u2t?F^=;`7#A&pges$D0~k2uwEtgW6n(?kxFMjh?qea~ilMo61~$FShDbI&?}u
z9a{GEvO)Ac;kM4^ZRxWo^0wwtpIivUe86DuAK|ksn<uzq=nEc=(e+<<<i^!J>zy-#
zGr1Jb<O0atROVqC^Dv#YF#}t{2y6w)Iq2MLS**LvSU+_43huFab&Q{QuF70&V)zME
z?gj788Tew_xQ4c_rp>Epdl9mHA$b}{G<>O}Hyr~{Wg~oakh5l$UkuKrLmXW(biJ*}
zUeW74VAfhK8NQD?-_d%)cm+oU8PVYj<au_zcPJ})uQ&wt^F{hGD$pY*Ywwup=B!h$
zE}aLa#8#p|s%_=ke382NDOPZfv1kUd7qU;Pjk7)mtPcX~ma)p88nAWU9keBRA$?YD
zOr(v*duMh_PqokOY&|tCmgcs77wb^tTQltZMjmWeABQb9_7AjoBk*WnEEq?zcBtJE
zZv9)SuW`dO;}ox&2wggS=jBZ>Q<H80Zz}sCcsoKF;dDLi>5iLCE>4ShXW*~e!1El=
zH)oN%G^<28f|P45C3dyjK6w}_H*uDA7(1WZsiVB+q}R@Lx1DO9YaSMfk2M!*>o7Q%
zE~EPqX5iP-n(fH5!%NYH_^iU`=X?9$Q|4E0(0Mlrn7;D|henLg&W)t8U~k8_(7m7K
zv(CM4h0lG{y`LpL_6T*%-zD1m*d$<B%YWfD3AhU1>U;j6{X8``oagbrigWodn8q=0
zG|tQTFFwh2@%0h%S7!ky<6q6uTamMV#;mz1e?5ImUO00#5R;6OUg-Q!kIBZQ-|?`V
z;llEl-#Bylrddu5h*KvMv!z!*qn{keP(5gOE#>3=<3um^F^+8tn^X>Ru_(cqrf~+S
zqjp!ZPH3z<7^nPC^lnt#yISPtPi-7%4)^6`aQ5HM|KdM6x{LY~90!3z@2BxS(05pQ
zY`i^|`uZznG=Chv!sm>>#Gjo!Z*=)eYj5BZ@u>U-`{z-0aKnA4cAqJ+48A>o|1+S8
z{QZAD%Lshjc!bxeuQrpZD_x}Y`Z;zy!ji>v?0AGf@!lKfZ|pv~`}OmEeU_SuwhoiS
zJJoMmI_HFVgn>9we=1u<UsfS@BE#reME{;Izkv*1j!(#6ewpxtvopT=*ZP$&Z#e7d
zMZ4GBdrSBC6KfVkpBuAbEO(ep360$#zy7KC^`FW4!^4z&nQ{&H-rD^lW!7Fec7x6@
z8sUS7MvsbUEz$oR{#Udb4Y!(!yY{pe*n9pM{?LjmIhmjTy^Qgb`1v;htMv9F=swWT
z|7O}c?mPZ5{rs=9@h`sY&l93g39>~v6d!)&cKrNpTltB)sD-b82l*&PgWQ9Tyr90l
zXWNXg|GmUwNDnAIlz4?`BwzopqDM<-9>zQ^!)FJ*Y0E)qa~`zW${5q2g>Wl-B7Q3;
z`ueYYZNtORWqH-D-7jrT-SF(nv<(A&{hywiwxI@JBlbI6KE*hP^!4XFx?*MOhC%)P
zqxjmee#qZ{jA-Th8kM>J{%@e`45f28^U7%0^_nA#X2auy@ok3qbU+-yLCPMd<>rqU
z2k<BAIQsnnS`HBhpgD01`>FT9`)9#>Y~`;uTn0{)!0A6jgBP}r-7pS1Tyoa94YJ9G
zi3u2GjEa1pa_>>jsJgBD&y;z_9JfK|r<xO^M~$}Ugm<30mO1eaVqbdQIk77)_GPFT
zfvt?=lf(%0n-c?K1Wu*Dy`8Rj`2_46j?L;~@(lf!^E&bCabGX^<0<elZ)MU3_N*uP
zP|C+id!cUVC_lD%AIcnX+zEa|;CJrIo#bM_Xt#wwnc53QlQtxR-(YUy26!Ogt+ns7
zmTEnfPvuki*lQlv?nxZ0xg(#-@3F_x`)M{`$)|E?y-@3_^ltf7%0A%74>FDWIFw(|
zsO8SCRKxa}!<Nxdhwohvu;v5nPk?U%uxUM;|LF-E?i$BEx12G}<@Yjd4TJhqu6%RD
zJjOSRGp4IHWo>A>f5L`u;+OLz{*?I5pWsg^{wqhv9gg2%F8vJjr@V!IXYW!Y|A)6v
z*s#PqW0yar@Pkb9{3%PAiycd`FC}uv6~2c*qWqqR6KtQ#CfBFZ<W8I>o?Ep>12&$X
zJ<Qt<@T$H&pUSPg|K7v1yEi|4f0TW2k988C%IC5FG*Sk=ZOaJwRr|LN_H|x+o=@fe
z^l<Y9(eS;<pniUpEsV|cEfid-^cBx<^HydJ%4@B((@t#amj>ZA*7`+rp@GL^p=j2I
zVD5ws=K!0%N7`rPtFHubXpisX`eDNVYk_C&V7{1=kH92f%wL{=qA#Y^HHa@JFjl}P
zp(^h70Y>rHa$tE8zfJv?KjsrvQ@XW}6z|H{*W=yPlkn~hlozj*vCiYG+HH?9&R12>
z{f@6{x9nw>>!*4d^>o+4cYwbI-dN0kTXw@|H|%y~_wM{p;GcOF_wKT%_^<ZQ+yT6w
z*gx}F?Q#Fi8>#<E{WGtjj&uWqb{6qleh&XH`DcC>m_CVr=Hvl5ScSdjZ{?qvJP0iR
z8UM^9@SgPh!TdA#^X_lypZR+Jf3JV$IB+Dt#FP1F{=^;s|5X3XD#rK!vw!AX@gVDS
zy6=CMf95>y{L&tzh;QBhl@sTmnar4VmZZIy$;Z+41F;c2mkxgM%#-_psQlm3KeK>-
z|1<uXZv*H5WdF>~jPH~BXTHcCvnTW65$*mf{4-w$*8hxu=Izw`pX#6aImY%${WEWX
ze(^TE4)%75#21H5->w2Pp=)7H{rW=Fhi|-P+qG|@4`<)pXPfiqgo$-AyAr3?D*k_0
zHucP@tJde>*KhBsh7o7OGo5P~<WSHvzY*@4VkSiLc!zOu%bBJXd5FEQ@`=nxAAE>*
zo{>M7nPlfDJe%^rN)6Av0=-(Y1p7lnHT&px_R*E{jYt?%A>R@F71{5MWxq2z){ZS>
zQd)TC<Un{P`=?im4PQkGW#qS|oD%i;pyUCg{Q7blHohge5`kwvu;P!%84NlwFeXyw
zO#0Yp=2mEL!r68M{o8gcJD;d&fh+Q$jC0!X#%R&jnSA`%yp*eAIks)JDZI`FuZp<}
znaL4i4tEt(=7l)?2w&lvy7hu7k2>=x7Xe4IyPSpn6u+8Xm->xY{({Y?nplJ|z8mi`
z=3gHzo_Xbg;+feA<0=Xn>sa;#8_ltH{=Ng|*vQm<#WNerzcO>|2;-H41fwE{GXDWS
z5~0g3`cUqMYSZ5pHl4mThBn}yI}BeLp8Kb*T0fWniNM6Z;FY-=1N{|%8~Nnr(w=xl
zaC>-&=P${FpcRhprOan%oXAUq<(k)B2-z!%r(!=7pZ{KY@0-3q$KLB>Q|o#EGe(c~
z+9L~sMqkeP9pFm7755$>C$i7+z1>vi*ayVN?@R}V$wtHI1ld%bSR5}OzHN8q-ALZW
z`x`H|;SR*UMP2+?0`i|cbj>)<sm62G#kuqI!y1C}^BKo^Gj|SxzeO6i|K5NN>p(w_
zV(!#<8rqjkB3HtVj!p1?scqo)&c+X2ga3lh@n7KVtTLJNDV5)}#3}y+%7-bhJ5q}A
z!McR~t^K~#dCvj(x)R>M%X^){>D}HE=iPUCC;txMoK{%k*ptzrZJXqzQ8f#$`n}^v
zQoF=?H;HrN%j_6v&i{TzZe{FZ><_o7%|aKRht(hd_0IpLaDE;+3X-OVqr{$7mXf<*
z6}brN+%l~$9JTy!1jgrqQDbT4TQG0uThDdRq3|eMXe<4Selw|as+eCdr-Drr*H1Z^
zqq9dd7QJO~nh5rvB4;*^#?LL=rOgeFP4*i4Jit4Z*#zF2IMcuva{O8Bhq`z!e+!*&
zN1%He^H1gEi(yvXwaqI#iL%NC)`b5H{sCRe@uYLdTd?!I<+g2+mphn2u6lCTo6I$<
ztaN7f0kbkU!&sESeEl47Y{VDtCC*V_a_h8S<G_eb--fT${V$m*IQCxc@ctRpZ6YT&
z{#?`bJlB1mqc#(a$}@?Dv&Xl{q4`g!?~ZF~4*f^*nYoL4`1Dn@5{uV?J{w--^nG{^
z=V^TY(Z|`>M(-?*cnoM?_}r83Sz21mqAw5b(kq>Q44$obVa;9OJo|8(vF>sA*`_NU
zo;}2~N4#=ZI%7J(vxxhw_6i4<cX{?;-?OjCF8C*&)w<72x7<FS-RC}Qz07Iv-*|R6
z&zeSu^M#9|q~MHF_ucEf`-=0<KJU`|4*X9yUFyL1GVgzc{aa^>t>lX~@w+ME4zD(H
zmC0Y*fH(B+d3<tZ7f}7Z^PGOSQ@4#=W1P93_dD!l>6bWTk$sW+Jv+zOG%E+uipi{j
z#JGexSH5>?I8^M*s7OZsR?(JozM2)g5<b)OdGMEaztum{zVkaHhAdy##k|^dfrINt
z-pN;9v=zNYSL0&m-3KmR&l!}ij~}P&qqNbnu_fOc-aWmYJHV2msp6=?V~=>f1X-uC
zTeiKHaVI(L*HUi+<;*z_9#--{o&SFH3-N!j+~NP6j^0J)=lfu42d-7=oJal6kyE(^
z4h?j6ayqf}rHn=6Qn??#-20^F%vr=2Yi@6H<!<3iep@z|P|iTs99?k@^89N24z9xQ
zU=e-?u1`IF3|iZ4{4fWEpORS)ydK|ouwI;u@8{8n&TKm;8_|~YopE?|-#kU#&r?^p
z4esL(8F0&GJnKe7Kk<gnYvt2!%Sgt04`cPta8*a~GOE)=9m&ql^W?K}Vjds)WO%Vv
zx%kd*Jm%!s4bO03wfzXNt-nJ%Ip_jvOJ};P$j6$-vsI@VDc&>ryVpHvUP<1zN(<S>
zx^mt$%6jjYP{&W5x>d%N39J#`^I<&upc>z&$wof+#N_Xtto0}*rZe{=z}->pjtBeh
z9hCLzZKk~scpvYp?d1Ye8NojAU7d@w_%@5(HXH4>w&TBo{Tn;7&UY72<J=lJ#0P_&
zQAx%$eP#CXvsE8+-#c5)LAU+Cl_xEaF@2KrQ|lyo($Z<`_?g?sJU>lzaXQrbX##lC
zSw&98u_r(7`MLN+{C@oWymYp6e*Wdz_W8NswDmY>Kiuv=5StQ5)6$WCdri24XExo+
z`{?H7^V40C2QN=Rw{z}`^yWse2K}zetSn>wHL@KUApVlh`6>Ehudt=`G)H!e_vX?^
z{M?vt!!ZXrqg<U%+*#cjw242n1)r3M0_O;(f%@X!3C=u}|Hq~YPWzhYr4t;vCp%1Q
zmIIIab;jGjpN+?SmC3*jZhBfWowCfeh7La4SQ9#`-F5r>o)64ASH7pjvVdFiOLdJ5
z2Nthx^b~cIsH=Ha)Q$XN?tX0$9GJ8%n#Rw^6_nFhes(T?phio+pF1s^jP4mha19=s
zy*)>87<#vvxgdLZ*6l6GcD;|X{>GOnSm~=QWBn~KeU<X-4~@%ONN%+}_GOi;StpAI
zw3%n&^Gut?v{{RfQo+xCl||GKjS4IbW?FgKW=`ev<hk>kiFsuM>K6Q)ud;(P@hQpS
z{0iDwK0Isu@(+8bSvO@Zw5Iy=*e~Z<`B@8fNA-7!h4!0Cd36KYKyPi%K5AAXr`VGk
z`8m9o?8!cwZTs{4SB_X18lLqz#+dJC&T>cSxqkd7!)`hM%CQS$;Gm$8n1kB7Ed8%X
z*Y~eXUKsLEI9@N2x`}6vI5&~Hb{m$FUvj*S@e4zvCiX9TVX|HJcs<J7^^%SJ8n>SC
zKbKEpIDF;2m4SuQ|CjM!F(TPU4);LoJE78;TA!sc6|lFN4_{i)nDxr`#kZfcr;$F5
zU;Oy&TA%GB>EWRu*@*|y|5|XA-Ri5H!?(eI)wTH6y4Z<+7UH*I5P!m%Rw8}OrM-FF
zPsP6fIE|HqR6HUYi$|97KLou(qcX?idu{W{^YDSjrTnEy@J9u7t%iS0mp?k_U;Giu
zRQa6BIq*k0<@ZuvJkbVEB#9?(${Jq*462*UvygxE!qC*jybv^s9_c-=o;t5l$K&q;
zaJ3A$K6@T|5ip0~sRHpj&zhjI#)mDY!eIZWarzl!koKd;dS}!rK8kla=!+^RUz=>k
z8KiEu<^toim<#y3!_&+KcZ}LICdSQyR>qS3b6=%JJ&Q3~nJS-Csa%iZXN^;5#@URs
z%p0f6`|lp<ohDocr&|4Ze=@vp!TTETuc<4#LBCh^eX3k9hmjSs5oBVkm`?rahwuNP
z^vgSt6_Wi0y5ALlX~n^HCxm-4eVLK-S7g}w-b0ax7d*V{p#>Y}KfK`E^B-97WY+_B
zjL?(IrronOkvk3*BSc;e#TV{ONZnOHZ0c&|i187R`f1`Is+_xwBFB2iUQ)4aW`#dF
zQetMm{t)$LSIMq4?VPW5k;sBNo=MkEtfk&cvvMhX&YipmeC*|G$k`%YQhsSW+_mI~
zz%SSY<5uoC`#0)7OdD_Uy@7A}(|nt6`SR2DOvS8;S9Hff3A)xso^7AaeU|**{$=9;
zd(=gDa);P&$hjupK;eVEUVb&t<U80jyYFtxAbso3#5;+7FG;|*0v<j6N%uKc@V=V%
zwO)I6lS9{BfUZ0TUAZrZN#ePVZ})AV!*-4h&d;8<oV%v-*we<)E&ard6dd(cmV%49
z==gr_pYp@E>=pBM@0RRw@cWh|>`mm;c%|Me&sgm8!|<!d2Bq?yl(*-*nHa%FH_p#9
z{jVGF|D)S}3Y;doeFAGQYx;^|=yzsA@9MFyh+k}b6YH*ZCc1!$zPx%uchem9TI3(Z
zC%orvc<pU+U3ZMZM{p^zR5kJ+Cf@`&(Oxdw7+bl6`A=S;yuG{^-Y#YQ6Txu?Wwk!b
zxA1x4gnPL6u;0$u`b1WGb@;Jf#ieiF_}0Jh4qcgk@ZrF=<=jggh+XCOL9Esc?h>ka
zfjO#v9NMJD&ZVB(ewy#5)z{niQt$lq?8Wk-SNxp`-WX>?ybi1!YaiYAFLn;@-%?NO
zuka9W^V(py8;JdWD(i0!xvQpuU-nnotSMG)eU>%K7-!sh+IZo6uzRq?KeG7-^TW|p
z{0tH&<KvGVX*+sInz<$`gr7wocFg%l3wKx0&fR8OQad=DM}C3gQsaQ|sTjrm*f`Gs
zKK=eI-{dgZJs*4Q@;~4I=nJEgBQN34sC(8n4L2@N7-3w#beM7ZU&yoi{le<#b0%?&
ztH_1T=bhZ}&xbu49yNye)YDgmFMX#WeCY!ZY`W}$8#mwjzysgC?8bm`Tg?NFm%Z%9
zF`C1YFU#eB!mz+)g_JXfO}xzDdldJo%crphye5H<ONeP)n;ULk3w}0&o3*u(thL}~
zEn|Af9F-(HvDO!jyW3Zn)inJ?JX(}(GOhUmGd-z<{k{d>lp9UDrSgas%~yVNd{o<w
zP}=X!P-@VqDnqVWS8_)h_ATp7qiV1_f(GtY;_o7xZb4J}G2oNE?ElVUuTytMSo!dF
z72}WAh(6kskQTA;uro(KW0)iO4Cgb9kB?6RACr&qOnsho#zY$@im8|F{H)>Oo@a>7
zyOp!gT~%joODaEeCbsNxA?W4dWZ=F)_U01wGvz2(JIS=MmNw>Bow-eZtEw-amYrKR
z{Zp+I@&nFgjHM%to-7Ny3i;5Bed%2#_!r%<I-Gw!IaJH&i+gA6m{4*D<a5vaw$3@>
zZ6R`y2ge%QK99T!hKVDgjVbWo9pIhq;I8Il7d#eXt;jn{?m+T_IJp()JXXvYoI5Id
zA1xlIdpC|fI+NUr-Rupl-ure3E%Io-ci-+8nOBk>IwO_M@Xhg=ky*aD{zuY(3jHGs
zh>tk%6!SrAoV^!kzK>*nwvEq-gpgBronb_k2jdR<kbHicwu{iUoA`eO*(I5#JDu1w
z;WL^QcMnjOeHVqF_wpspBA5F-a^YzVrQle&l1^O;PjV@7`Vq?LSuOA2)2LuqOxC{1
zM#J0KF;2EFNKQy*{qY=Q-A^goJI6=t$Vk=>3)$>PHYXyRlaS5H$YvjLmAZ#zc(iwh
zvlf+&F6_3F4f6DJo`A1qC-T_JFcdf2lN$;*?{#xv<dGv|Cp4PEvlqx+E!nF$=l$TJ
z%a<e_gxoN*A5+eU_a_)Vk~5|7yzC?s+`6)zmh-%bymxK*{Yi!e;$)ciQmKQ;uzQG+
z_@6ApH17A2Vc79cSPMKEmTqPwwe*u=PF_dFh<I`={Y4{`+HQt$ysK)1R(|9d>-Uv@
z<d`jwmYNNId`&-44%<In7!8q!uK=0UJ%OCw$ffA)b8WelgIvl%F6AJXa*#_o$fX?Q
zQVwznJJmDX&1K(zrr63PWRfROUSiJ2kSTfPQ)c3`I!>}hWhJN8pZ2=?FB!j+vZ}8f
zOymZ!<xw7WE2yKo1->L(9%(Kp&n~de53L-wFq&sni4V07^J#v8c8bXZ*;_p<+B?PI
zd^EG`1Lk%MdTJu`-_IvNo3fQn;I5v>Ruy;KG8H~Nmz)TlpD}tS(Z`|5;ht;Ev|UHY
z?OKHVQ69eX3C7mWW6B$7by-t6XVjfPK7ZH5sT<bMBCn<H#%ban9o>!dEb~wCJy~P2
zA`8Dx?!V)*MX^jyKCAzrj5TIrq`P8Rv;$a$_q%M_k`{ZMcdR|le&ocos^GQ)^1!u#
zCv?$qoljj5U58HT!Cr`tFa1=pOY!~vZ{FTLzRK##|9_ryxSUG@<PHHn324m)P~?`_
zIynj0=7P2ate3VXpq-wR18Qhhf|n$Som@bTcSC0qw4EkVtahN4b~*%XJ7AO+Y;A34
zN&q`eh^U}qf|q>XpXWIzIfS5XXMVpw@_KTfXJ6J{d#$zCUTf{OJJ>h$@V@7Q#qIAQ
zr#dG1cl?O+Ys$qcedR93DSWVxI}rWN;Jz=NTT&jQr?HnKBdq+hYDeqV$*cVB?~@bg
z%>>pQaQ+57&H6EL>_Y#JO;y>?zd@d>u5|y75NmZcYjrH^cc^w#YKZk(I>;(B#;dl=
z$kEtNUNEETw*L1S*GtzfeE#1GW;PZw-vM$8k!P}s_{Az$hCla>3%RQT+2b0+daCcq
zyeE%y;9_i;&~bNyG4N$_LPuac^~z=KWy+lgZr-0rZfoZI)&)jWA$m;$_22c`d0MA2
z=RM51@OmvWUUfP-GaPUvd5fI>+`Yx~bG{1h>WR_yFc*c;R?qhr<Ck~$DG$T@(8**o
zrEBWoq6Y(EI;m%!(z(ocm}mFk>GV<!y||&fWauXu-=1|(6l<08fTT0$;@{6soZ5H?
zG~?6$3c8H=7Y=g{>w3y$OiXSZxXGrOlU6_EGF-N({r!PK)}@q=ag=$9dDoe`=(eQO
zTDet#-Os*2<9Ukx&l_61patm>mshQR{^fP6pT99U>v`qM%0mZ}tlh-?K0|!$n;#Eu
z+ef)8s&0J#UHYhlUWGsHqkAqyN50TMP%avtYYe=u->jh@-M)l1r-Zeqm^G+~wWtui
z_zRphbXqol*0!cgC@Wk01ngY0Dd^pN-ihDcyi1G3J*j<iZBORCwRhroH~W~xsNd!M
zR_+C@FItz>M#T2j&3v^Q<eXGJJ;C2cvw@Q_JRgCddmRM-HVgiQj`#TPIxj!dMNUfX
zp}ZOXs-sRvRyF&pG;(&b?j0y&odd4r${&^;2<5~CLpgo$!4lfib7s}5=VOhSMsQel
zBmSy3aO*NVt5%_p29U|Sq+i}y{)%D7SU!IA@B=!xLk^L6;pGS9C7OtxVOG^mw8LE=
zwDTtS_F~@%t!JP6CTs46fg5w4ox|B_a>~`g-#3$2=ehZI4970^s`A%sj<=dl@2qQ9
zTkS~KldUC=Z^SMv70zxRL#_+Qq|hql#|+0L@AY?>3E$l{qjAGLVl|A3A>IA48(OLy
zgIuQEG5A1x=7Z>_UEJTTxCxz={}s5H4NQ}QH|D(QoY?UtaFJbgGyQrS`}qAU>TnnH
zf#-7Z0T4H_(->p%-rdARe5T@toYy(mdXWC4hgKVt`VMn<muwg&b$Y7He;C0PI&AK$
zJISZZ82**-?|yM-dt|;m%vBll)XI5k&6DO$bESD3ZLW?oS6=2g$b3!UxfeVa#TfH7
z56nq?8Tftzz4k5Ik!{!w&fajwbsPg$ecO!<<87xWYfj+ioEMmj>NI;UuE#&~bLOH2
z5x4~#(pX>>AMG>8dT+euM*5o2sC7<jkM5^te`U?ZlRR69uOY@|`8|fy`#t93m%Gky
z{3Ua7khUUo@m=OZ<un)jp_L|N<&9O9R=cu6_#6}aJnQdkE+b|ojke;jX<P)1PGVNx
z27dAiZL6rdp7OeTBd+7ujQjq9!Fl`RI;)nNaV3kO&lcsJKsMfB#Fc!{j45d`#)e|}
zy&Ig51GhhC9>0MtV$c}Z*UkL@f_Z!}@Q*qF;~d*j9gdsXX*l~9QRjEmVeKi6;I-Qs
zlhw+-P=}oEtara?-&=(~kh_F=m0qx!@-G3)68gOySfs}Y-!Hsl%e3fN7=!iZH}I_F
z1G>0<{%>=>?Z0>||7!94U-+)Qxc>jG_#b`#gIUt8ZJ*SNe3#|FNaLI3zj!i#$nO;K
zUwqPi6VblDM+%Jno7Wrrb^r4_$me=TN>|25iy!3N%kkiO*s6YJ9-lQ^wnF2$=X-U{
zUnPIyZSm6@v-bT{sdSSr_*?l9^*w_ak5u&PLiRRm$+tSdpT=;Awc#*rA3>LU9hrMS
zGIJ041~OU0SgS(2$;q3+zNg;d%gNAshTg-zYM_pMgBg_RrL4+LhfjL2U1d@>01R%<
zN@Y>rV;Tc0uX3y#xxf{2Oad;-9i@CQKD9B6vgm)rpBYwp+43r^c0HkjshmZioJZ}V
zw`NhUg1ue_WsOPXG@;y4{?zUf&dFpzv+66r-;36JSEvBGEz?-g<tk{aj<KjMjU`B1
z8cP!ORAwbSD!4S>$T%7(r*YI%PHhV|YaFy2q^va#+Vg~AW8E3}EbXO1f2YBR?C5b$
zg{H|{M_upOvYcw*UXPp#(T+RT%n7QUvGy3<V;Lj-xfY#Gd9hcb^ZX<22Ka4{%@dlz
z94lW}`3&%c9mQ)Z_RAZ368oqNeYJ(Yv{zK_YPA&&&-LKrzu*szL30-r?JyT1U=WTq
zAL^%!n39#q9*tAD%V3<sNfzIQJO7Ars_$RYt}){M5!RAUy?31s#|+;8g!dlPm(xi5
zZqDOaIIs2f3+LAOxWiKUJ43+Z8Jln64f(M=CEwUTGgf$v2@$8Xe2^R;PyEl|@)+6z
zzFZG&WrI&IZDoN^*?`kVz_k)t&_ml1JU_|Y_}E9MvzM6xzGu>om%l8v!(TS-c*1j|
z{!+|Gn~wsQdy%m}JJyCxu;hUM7+`B*js>gq|8~~De)j2VzlMH#R1bO=56K?vg3f!v
zvuiwe-Z2mE@z^z)3(Z|CKB8fsP3k}&u=KtZ^iTT^82b)~0PhWQGgkd+{6d#Ap{t%;
z=d|C~LHp75|AgMFy1gGWCo!kb$=$4(S8A^K9<ga0p!~bYi$73a&nbT#zu->rlldPh
zmdtAykz2CPQI;cm)7Vy$%TIhPzVc8fSa3RzPG|iS{}n*v6=6CX$)hW&w*uN<37u;k
zN0>9otdTiGPklr7(_glIEvo$WyX`tEf0b-$f^D}AoAT2Ic87WX+^}3Y*QV_NWrFMN
zas}`UJeC`zYz61Bf|Lz%Us(lZD;STDd7chG!k@Vnl&c`VCdm1|3YBq$zr#nuLj`3t
zKE>DAb7Ifk*~ao1<%FN<@QUhM@`?5>8Ac!C!vHWu@O>DaQvC$O{g4l5K(bC}f2HG!
z=LM(ajo=i&3)a2B37v)xqr0oFB`c%)`4?#7Y%t1(lx6sH@eSk_@rS+?It<N8Rz3mT
zZo|ke;g7x8KoNiLG31TlF9Uw;CH}X<s)L*cN0OhaH{J4$8M(#O%Lv!Y9I6NJP)GE&
zp7vdo$qcuj8E!v=vVx_MK8D&4^EGssn|+q@lA*i7p~j;&N9$j0O2>9ZwJp5Kj+bGL
z$ul&jBi4S*j>FZr2rMg+3u-&apKwyaUokKT!*HvA;bA?nMBvcaiuub@8U8XU<B605
z-)`E<;?HfBVLee9{^S#g_$>`|M$MPuwx2G)jZ06BjnC<{Be`Dyu7oFdjXiIkM7zB-
z#;EVYyT{KrzQ@EMANlT$F$Q81jRDc?6OsCq5j<YtaP!^WsXe0EXYyTht+{in9hFf#
zf|qh?<1jR!J_Li+Kkr?%Z=J6Xx3dfUf*<Uso{mV{t%42xGTTI-HZwxXJv|foeT*^_
z*b5QAKCow(k^8H2u;JDk&l!w)Prg5QD{D$MV>^OQ?4q1&mz^uF2fa`0Kn$`!8`)kB
z{F33Uhq=Z477a)GQvAXD@Jcj1ThMKV^JtxOD0am#y4>h?@;?>=_v_gFMJEjprdTm2
zjmXv|!QhZT6IkP;^KnGW+5+?|@%~6z+kngyZ$E(?vt$W6TLtAt(}ya-WuU;8Cl%{$
znkcYjG_oOFFSy>8VUmTCAGc5^BA@R@ca>bzJ$2Vby^qM@le~|X!P*=BH8OamWHtSM
zk_@)wbivtWaDikr<CYu^jPno3_bPm>NABp|r^(g==u!1YldaMh#1{_wu-ad5<mz6=
z5I71UUstgfSh!bT;WmQ65CVUazl;mMNbIYnk1x_zkTQV+`l3v<oURYg<=N!)ebAoh
zXC$3O!yOV_^s6;NFzpV*ta-KOl=sThAwG-170qXncM(2gpKSS-THrPDy=3DsZ^U%i
zXErh{xhntDoABXH<hp+wKJ0-H--ZtlhWW4uKHLW%wuJdGK)GQ)Oz4P#4`bm&*&(Xa
zjml2=e<nQG0`6A8dm6j!K`x$|ycbS;bx$p^6eDpW9*vA;*MPk*Jlh$nGw$?qjl9#V
zAbh9ST~T*><zusq_?<p{pv*15Q~v|QcY57r-|6-KU9Zf}9&xAF$-AsOy}rVG?KR7p
zFBEGlKUBAeJH0&I=|!0Z-04+HnPFd)?oPLLiW_+U*WBqfF8h=3^eW3T9-7Bl!f5%W
zy|VVhE%#z~yu)l4-nkQJM=Cm&;uMUun$nZhD<`*w<*PLCRT}sz4SbabzDfgMrGc-~
zz*lJ)TO~81<r;amtoG%1D91jCZ*bthXivB}hv(VmNiZ4YfcOJt1Y=#6b>CH7eU`Dq
zjXlP7o{`C&*Hyj@BiDC_qg}Gyx5?~xxzMG!!^y{d)j(4T*m>*d^L%h#Gu>!P!k?9F
zCUyND`@Sn|w{0I|Y~MS=zVE?S>%(R{WlqD;-R*VU(WiUcwgZ!5WE|mnJQcp1P4@nS
zL-u~npM9s}yOe+QsL}oy{D_R*Cfn#{-r2YsJ^$^yncQoMAMdZ3s~_OYiOf|a?fzfR
z6$x^!x%wgSjP!SFUJ`$=J7kml@>!d|1)j?}mtoB_^^_mrA;zosn(ym|#(a8?n1`5`
zgAVRIW-WdgpAL6dZfh+d&noh*`i75*VI}`Bbx$G_)n=rhZthQ%pW|<V>ylC6%K1Cs
zx+V-)<|n}QY5wyg6Um1HJz}$%Cp|*(De~nEU}KDhw)TLxTBm=Y6FmI;ijN=V3<GB)
z$RPqRzJpv>ES3BKil-_^C)ixEHs=(3sv_=Y>%|r>UvyTj^!TZvqZc4M@jYZ-Q_&y9
zSM4)X`#RwdH{bL49uTh}$G^!P;=*?-G^P2aPsKpQx!|=uz`^>n?Y~w=^eOTqh3mJg
zEqGl0euz(CfO%QZJN;kJy{p8_ZI`e7QO2|I)Zlh>+{6!ccNo8aJTSOjvR>a+Uhh(P
zXYoIDCtjP1?ijfXlcfCvHBMt-4?aH^eeO9qxLxr)KcY|hUL?Z;S=dCl2QM&AcgCOn
zPAKVfgD*Jnm5;?gF%Cb)c>EPE{1)6(al5DeBkprZVU7j|9qohoj>wU1`SE+$*Y|@5
z&VuxHqSLTW9hl1B6y(NNiF<f7#Td|863HO>bUwfrp3WHG<y#W>ME(@{6Y(1bxr3~I
zg#3}eC}Gay&2!1|65zh9whN5y%A5I!_z-;jaf0nD8eT7kV;6o;nLQH{8c)83Tm<Gw
z+`?VFFT^g<22Xxk+(I|JsQDZ{Zeem?8vNel^AALibr<&CJ<Nd}$1u6iWN#!LLh%>T
z@OI#vli#2R+eB(Qc@_t`caC_29$-tLPs!DH&{?XvH;wgj`K{~O`&0Jt472G7{-HzA
z&Fjqbe(WUT85i?Y$Cv`hh8~BpowX}bv{S-(5AnT|J4(`AHJA2WKr9M(sb)YwTO9O<
z|5Ee=?QiR$|1HR#?uo?flz;pvaVi$C_26GryTX~`*erU3e{|P&54`6lrX!0s%FKkm
za>f<GSpx4XXis{B>~}9yp1Vm(PeL==U-pQ%)gL_d3-uS~?H+jh$ME(y@k>@a##DAP
z{weSS{z3S8az`(AUYn=qj>6N>qWI9_$+;F!yWr_Icv|<HW!$ZOz}(PY%4E=HfHvQy
zJ^9teud-k1cOCcIYP^wqZFSGE>_w8z^FOfp^4$y@_X$yaIYoRayoUL*r(b-T)bXFR
zt#+;Y@U?7s<hLB?`F;U$O|CwJ{fOkA{3?2fT#J*x**CGFZ#p(tPu1G~Wp4k#S5~lR
zb4=|sz~@&PmwZ+>olLdP>jv28d<#9j*E!8vn=>iX2OX{2l;8g}Yl`k7*#vHOqLUs&
z9v08p*u3$Y)%~lOPx*#w*e{mwy_)YC{9jD{qaO`!Ymg3o!J;9ZB2m6$_<1`0zXv}{
zpZG&myg(6t;F0=-;sxaYoq`O0jhF%50T;mkD}7=MxRi`L#a)BT&!R&dp-c~VU%lUF
z^K?XysOSA?^!Zb8Jd!?JPoAAV(IHag`;UgfgC2fF?ZA6FTi_#(OY-axd~+E3xe5L|
z1iy$kA705i4KB)|n{IG(J#c+=dogmf2zgqFT>S#__4C;EF5@mf`;MIMCyl0`Twwcu
z*_YV<U*2u!on*kj^DYhlugjWeqXRp}(0MG$6_qi=-y(2)a|9guz#%<rJ#C&XjuLw@
z>#u|L*X)q2df(~H+OqD}{`Ko_eO`5Cr;KI4tMjFU=sM}ppWd(GT>zf&LYpqpCbV46
zzDarWv*2~nr+mPA--^6k1#M*!r>8iVr@>Pnag>UmcnSKGtwCq#Hz7Bk;oU*`Dxtwm
z{I9r*M&93Oy^poziQ=9|i%G<<Myw0{15Y1%#4+e!aLBJr4y`5^cI6h)I`GU6tjbX=
zg$qAz#^B(*FVenjD{lj*&oLqNHaxO*&V9{qU2}8)O~AMlpHwII?;r4;`}#rw{@*Gd
zv0!&#o+jowlQXc~Ez5dn`>**vhzt~7-sIac{J;Cg3kH0q$Tnh0E&sLdNSkqQen00$
zw#hGfLyhfoejOMlU3_=*^;h4}e?2g84!^IQe&gVE<tT9R|3rBHS04^;V|;Oc0T$uz
zrP{{k$hh}0?um^1ph;XQ<Gu*r^hCz}7Cz7m8TZogxM$EN{^rmTYuruEbFRI<zcOmv
z&oOTKy`#td7I434jekOi{+F!l#Yc_ZDxQ1|>;Y_>p}y7QyX?W2*<iX#dhpd|;`fg(
z6RqpZm$?O+l@7*wVfiA>?S9Lb>G+}F@?~!0d&HOd1piCN-t(DZU#9t$@s?fx81LlE
zEc}`O3}2=zP5wo*uNA(oH=s}O&YBe}0#6?3D3iZ3edl*3>%~#%N%0BXA2q<Zw>MBn
zbloCbFLtkX^gnFG1Ldsi(yex52gw?P%@IB3i0XlB)mv!s2Is}m3-c+jI7gK~%CiJo
z4^d9`xkJEJ!vB)pOL#AS5&f3KgL)s`{|w}n*57vWfjSwNbjl2V*YW!Za4VlehG-jD
z3#q@Jw)H-+(ccgKZ!faoa9VH(rWH}Y1=k|M1wI5<cNAQDzl!&QOKW{~SWZ@iacQl$
z;GhlsEsAQ>18l|U(}Gp9Ofi&&7JTkdJM9<pUHZ207SX5mzu;{HZ^cn<6<Yt>v}TXP
zJv5Fq+81u^@*eB`=(5n3fubpwi@qlk+ve~O^g~x}boj>{#sKFv1~~7_J-^t1p#jbb
z98Wgun|~B*Z2KMS{%zWKP)9z$PV)E<V(-|4tb3oaxfl=n;r1T%sXCrJ9q3Hh4HXx6
z61}<|{>!W(Payo9k!X+u!9UPLtd6bsOcoy`%D0MN5M9XA;Q?2oRrWK>h06-s)Eo<!
zZs;$f>!q8<fX1Qz1He+pIMVsQ1~~rlx{n{NlfHtCsAF8jW^LCx*cR6L-iv};{r8~H
z4C{PJeQC(Gh|ZS;9dyu7MCW^i`PSGpP7}M7VwZ%Yh3FJLVI0+<a|uUv$gk0G^e5!W
zd(h~s=x{FTbDjZzBJgr=L3H^KC@20`e?LT@d{j81ueu2CS)+t|yG%-lleQw||CREB
zu@(E_Bh$%?%Qy9@cLwhabm_Io5b4sbp3X}Rbm=|7zlT1UFWt?Mt2&yShEJIr@uYmU
z@&*4b^Yr1@PM@dI=0~xRBj=|Ryq|4;z{jX-=n#&{A2|}okvNfcCw0$;9j_93cMI>*
z@9;k`^8Fu1yw`qn<Q{VmXU)nCS11VI>kh-|;OU+4xpD1rPA($Wk-t00FQlh!TS`PX
zN$4QH?@`Hj*SBr?-cwDCAp4|~oQIdquKRB6auaojqtUePU3*_2t*iB)&)R`bXX$Rl
zOunn%^wFWdXg^wyi|B4zm(&JwaJ%YayV<Tf{~WIK8MT2PcqrU<8v1uPZU1+;?FYl<
zrt#Zqi@NuQ-=*-*TCb{y*DJ{{KeYVf`9`AtPvdU%U-Q3hleBG*+~Lt)J&F5Bz+vF~
z1(PhCymoy*wu=GP8C~Wf>#$*IkN+O$F%pUWmHnfZI}ddRX%JX$LH|!f4p(17Y^ssc
z<wmvziCdS<2p}^GXBbvr0rqZN;Ab0W_W9tGSLLJo{=6-Y_>FH-M{U%l50`(JF{Pm^
zj;6~Qygvnvx}Ns8ONW#%)dQUJQ)#ah8e_~S9;(UhLLQ@IrLq2&1bcH<olneGl2JKB
zYtfzLGeM86uH{|_J%2{d5M&lH5KUg{sa^TiicNRp67EH886bxP>u4c;ds-ds0iGo%
z2W?#D7(2Y+GJ`wMUDVCsTf`q(O^ldqfUf9wY72Z6(stInb{n2FN4x6jY(X(k4{b)q
z5NS&~YzcK{@qKpZKOLBDbe_17TuN^N^C0l<rk^kBH)Y-e=4aD?)jY{Dp<(bN<M^0n
z|EYAwCtY`t{>#D1;Cn`84Y(U*?7PqxW9WO2V4&|k|7g!eCio<ORG0U=j`qELbMvhz
z(f;OU%p=EJC;Wk*p>~3HS<zYsu(?LTk@s1<yeHhJ`u9Z2kHF_?Fy0n!dnUM3+w?sW
zp0m<6>$ui{Wa``stxD!<k8|5}?p250lPr2?-QX@EokLs%y&K4I(Yd}2(fGG*7_@HG
zdF}td^{S)27hDCQY0>`K==gsNTYeZe$%@fn3)Bw7);8|{U)W6UDHYz{J8yK@>h2hZ
zjrG#vqrVn!CVP}L!}qG>faKSpQ+7%R`)DUJWeof3vFxwMVW%8Vjx1AmZgfmW2jLv$
zKmu`7vY+*mYf1W?;>$lbzM$XT%9+$|=%<t11m8E>*L`I3<y9@o7fD`XTcjxW3Q*U5
zF7|lm<i>V~KR4qZ<!0cXG5DzgUv^(bAg7q~JATvm>QwB|o1rc7HF>;u+=`7RlX$O(
zom06-*_J6LcS{b-)#Q$L@Fn|O61rK<6l2@TY=8Sf#r_-9kgrqwig-U6n#G1ooV_t{
z32>F;f8Psi8C9wAuCeA)>+CvtQ1)UY>P;}_JwHWp-4WT%U4c=37^%iKwVwlw^wHOg
zJtKp5Mc=*jq5su~9~<Vg;t|HAzLo#^TaM(emUB5*oXWXkXL2L<##~>VS(%neoLQ4u
z*`2|2wOP4>yiG1Av6F6p?#;;i=r$gr-Yv8vooh>&o&%y8)|E${35~+tWOG`V%gPIv
zVx5;mU(NMNhRs#GMq>^6%vW*;k?LPVUF7+8;SeLpK<^CBf$|j0#0sM8)|4`)9S<{>
z_tCWkOTWg$7^7j?Wvz2b9hcFbjr-&-pJ5ztcholr#?>`f{L-e6KKl6<?LO6K|E@3_
zn)|?EP<_#67Jup!`|A$LftB>@Le69%zq63vjnEOk-lmy+%R9$dQ_i|Di*xilKQbzj
zPs{7m_coIYprJj{*uIl7qdP3$iM%d{j@*n}YeXJ4*4@l?Fc`?uys4c-$a9^$uNy%V
zZJcFM|C#ikN&g<N(bVYlSZhj4xc__U|6sWPr_*0*-e|fTUdlGMAEf`zna1*i^luQK
zyTo)gw$S$z%=4;n-)h5TJ=MNU{jg@0M*3=Cti*ITW%Dl5*QThkt_t_HB-S2l4R@Dm
ztOom~7{;o#OZ}~6%~}%GUu3L3;9Ydt<J3M2o;hgGNd|LpYgnI<oR{4A==LulBR-F;
zxD1)G7}>E18=Uf^*fu!i<^EpgR`joVQ`^W`@=Bqn{K#%M1zOg7(UtZ7kHh_`j%+Ty
zPulbsAXYKbRwr#_{J}0ejyBjg9)A)ZsSDkj<J*oN66P1q;^yl2F7lwcCJyuCL*U{T
z=-uKO?i`Vv-8=)jpKfe>1fKcb1aer>e=2;F#duqgJ>q|xrjtAFr)*fBSTwyiOw%v^
zz=rAJe|5BH{?`6K6MEMEuby?x1s&J1rfF=?YHZ+VK4Xu_487ObT)^jIt|Ibd&kyak
zx`3rHnqPr^HL!F~Gq(ARl)g66G<=?i9=Q@ec+p{WX&mlAASaU;QMKvj%!$5Z^IERG
zuJ%_dqj`;dD@Pt_@0E8Cd;$;U38$6~#0c|Ca-Sa@TV<f>70Az{-}krAV=QjTDZ|~B
z8LOO=8neM2veUZmq5X%SaI|Y|^{L#s5YO2w;Q1c!|5`j`OtaUydg^%Sr-=E@Hm6=(
z{WG(YykpCYW0f0Z>cwT7$mPI#qB13M<nB<J{ibzS8Mb%3%%72~=yO(?Dd94^%*tKT
zS<eZVdDyI!?kQO)+Rb48dYu+c@33hhu_G4zrzJ_Rnbsv8KYHE@TkLsz5_l!Y1yf!u
zZSu6_Iq>Eo?{@)*3pjmaZJ4ZYz?rucn5FvypT5=Vf5t?f!CbXx@;iCP@Olz0f47id
zOLYC`>8u5D*e0Os6y`*8t@R+F`C#oBrt8FxKTtMWR@aB=+Vi+Q4$10Uz(dJ@*uSG?
zb%a(U@;ZVi(e!)71s{cvwVp)Uw`c=hHd3$WVY^Mq8u@V|Yj{ssCaE3CCFWsA;ZN+c
zveifGM|h_v)}|4)^E>(-jkW|^n&g}K3>ZE`e-YZ$Z}F>mzKuS`udXJ$zq+t4y6dlO
zw^ZZUHasqkNjT7$w5H0h?26`R=B$c2sKLG?eumeV6Ze?wy9F9yO>mLhMeFto{ts*%
zZg*7Na=s&in~C75?b+e->R)gOXZJFeJz=>eoQ;H0IM-UBve?j5+^xzX?CvXo_T&#B
z9~0+4v6lhYA!H8g>3;3M+-;8b3ZB{jWcRE6nD%($5A89m`9k+JC?g&8Yafz>WitB~
z+K;rWb<X{?qrHTum-?z3>ag2ewZVR>E$ps+b#oe<wMUAy>-nyo+rWWbK(89`E=jg@
zWbJQfM(uCQ7z_4`<uUAUH=S=R-I-+XZ#R+qWoH$8esKLXIb&`NuIA3%35_-ArNet%
zPoG0P$$k+Vm4$<ReD)f@D>DA-)5o6yeSH-eboQwh+3KQf^#0U)*8QocuYj>k{Dl3f
zVgrZvr}#j$KTX5VHtPQLxDD3=V95y2$tC=+{xuJh6WWI^;TZ$&r6<WAu<BpzdaKvk
z&pdG7j=xiT*~mE9mv^1Ehy9LSR`cVb4dog<^Z~jRZAO<1oER<_+3P9>b7+72R`@&c
zME19CzDMtA(GhH$!r!r{jnMXb=JZzVkj0-(zFB)0*%n26vdQFOC#ZqWU#jTIX@p*?
z!}QXqc*8Ar4&klP%N3m0+zP$4LNB86wufxkwVxf$Ceu=DR&IeF*aL4%p|9KM>stDK
zk@HyD^yy|krB`kuAJ0s5&zZ7a(C)GHmz%emF%8l;zx%lV)G_SJS|{X}lifjO_DLUw
zKNU|h+l*~IIM#S>Jv6`15!<*A{@n-dzMZ}gTSrX8R{Ewb%iiIK_G2j@*^86wq$_}}
zsV$5P*Nyg=@_@64y?q4kSbpze{}K6(!kE|=mREr+M|+4idVni{Y(1B6vWx%5k<vKd
zOtEyb{O~?zK{~P!``?}hyC2E1k!25s%Vtxy6Ca<;NXEX9GHhRP+Vn8m-dJZAMz$B(
zcc;)^E4J}Nl!=UgwQO_XLv+v<);~2KE4P>>Z@hggwYDQ~Jn+#H<f3d%ThYrS_NJ}o
zgoYOItGSZ?(ZakS@0Yirr>FCr32tNH5&3*9*%DlpBblGioEFkn#C8_?>M$>y&2|<o
zTOvH}gzv=LY9}IBBfP!$8oSMCULL$#wt+F|_hZrX$D!|!NAGuG8z7Epk%PDy2j>J$
z`~!Br=O3PuZP#e}i)^kJ8uL==t7^I}dtdoD-{Q?5{c^nZyz&dSE%oY)?X!{F(v!a=
ze*5u!*F}1MXTHn&t#!VTd%AjN8S~Yi+W(c>pJ~kN`7Am2&M_*lbrOd*7Fz-_zb<s!
z&r)tLe3*56U~Q(`)0hSy_K*+37t4Mdx|WT(_bGpSy6NdUYWWQk@IM+II=j9RT1JlU
zUriqSt@v@T;Q51l%%#t=CJYA2KXCD;)Pv@%5cIZOHjQHDxniO*FAEz9aUI*O7$o(j
z9Aw1q^wJl(B9HenzgjCT9TlBb^PdIpS-*GKx}JCUcx%i@!?=0_e~EZ{6EMM>`|kyo
zXMpJ@p1%gB{lMg_Fe+zXd~fQYIeQ2u{G7Q@%`oPbaBi;;nEHsb(LK!noA&zBXpb?f
zJ@HQAc>0btDg&I8YsYreu+GNy2gFec->2RxX#Wau7h<m|a^i!#$5@(29!~V(<=0|2
z;4azY`OKAK#_V%ysnF8Yj`hTU)SRm`ZPTDD``w+q>psVrUvs`qE0Op31s_V&`}1sC
ziM+4mee0Wp^A0mVz05@(_+RuUdmiS(18&Mzn3d)5RM{cyEqbC)AL6NX+?tQ?F+cjv
z9>e<mINy=``)Dr%e^ec|CFOW(?Himg+tE<H?Y0~rs`ni2v;WMSLjOm}Mfgm3ei?HY
zG}@J5Y{P!Be+lzREYZAKJnv;*?_*vMLThi#*_gW1oN3LgY%U+-&(uA-iks?ZKHr0O
z2k@o5^T&erUBr=y?xh3$-Ukj76_2MlHuNa|B#T6^#DFysbF%+MVv7CHU~&vFU{9-V
zM;0;0YGjed-bcHu&hh88@ZQqxs9y$6zreS5@D-e7|EN0@ODOXa?Wta7TubUV;~Sb^
zjo;XOG+|S!_LUy$S?%{4mFKzr>v|LFQ;&Wye&Js7YnF6n$mSCFN9alA)b0YF$^~KZ
zEB#&H{kQQ@-}h}CzxcW>Z~iwlUqTG+|0NG~y*6mcMDbA<e1s1rr5hSIC%Ps{=KYX)
zBQ_CxV`|5i2{x^7<z44k``wBOHl4TeE-n17oc|>k-ys(6q(u{=4bg~bWm-qo$t0`o
zX<obTv-GLGdypIg?&k3qsoxi=FCQ!RrTt!L@F{3<CePK-;*HSaPH3@fPGf3|nQhTx
z3vFc3M%ycc^QD7bi+pb8-6gd17*AqWtvDr(BM10Im)-F8N4FQTeiX8fe1Y}k^Q<eE
zVK-Xb&N^eo5=6(UMD7E2Q1?1wq73dRwtdTXe(7s?S8knsm47;+qkwYDdDm$Sms`oZ
zFY>OH`~~8R=raV7w$}6h^OV6pS=l|lB{jNCG(1}8<Wt;*ZF8dV?@??h`x(Yx_RrYa
z;ES?Kvoc6N%1rL%(3-0_LiSI6I$KpS4!QF<cSx{ql;Jm1dBqi!)#K0No$3+y&{x3!
z!mZ*-y0JqlH)Tc=`GIIp-{pVnwfO}d58EUBC%fQI+MI6sPsz4}EvGA+wJnD4y~Kl6
zBYzsP(`?0_S<l{Z=jGTB_`L~vr*~UrM=V0-v0iOL<_*2WUZJxu>SrVNiWc@1yO7^A
zu~)PJH+Ws1nPfEm0(dgxjHVZO29vn6<m;@n$P)5)HDZ5ks%^08%t0=}ljkCvnGfm3
z(YPKtKg4Kmlg#Szv7d6Zu5laxURsO|rmNeg=NNLPZe*^%0{&HwvtrxQiGiGr9i6*1
zj_dsRLGX=kvV1oC=!2X1pZ(Bm_R+t>CNzlbmrZ6i`CV@$|I9&iOl3EE_I<QfmWaG&
zel7~!l;eAoT#xLnZYI}=kJwqs$O-Wiya$QrT*Z6&56g^+eVW4=z%mhib^>u)l6}&@
z(~XIZ1;)g#gUrucziUZ7X3ommbZY#9Siapz?%0Ew?9;%z&iwA%h1@@%eJ6e2BseD7
z`brp%%2xW0+s!)q8FB<e8~gG-Q>{9{62rF$EVaNwPLU4juX?9Eui&PsfP5PJ(3xL`
zulJqfTJ|f`?G<kyn{#h!%Zg2*eA*CP24x-ZDK<oO2w!kUs?&*ooNsz+?yTogTh{9T
z(fo0V#3#MWUO;@4)Q^1`-FPQ@wEXL>>y53gj+#r8`uUxR&mZ}-&@8ZIm5&g|>A<q5
zqCBT(U7%mSZ>_iG_{`f%{kiCP^OC@q;Ly3Jz;yILw{MNXxO*92F@N4zXF_P~)OeqH
z?waDb##Eo_TXSAqLuw=+pM!Zig1jVm$^oy=CDC>uwLo@;xIn7IvU!ZQSNo(q9sT4c
zIq4jOoN%%(+xhtwgX=OJ_(aDxW*CmHRC6r*oFrt{81$Xgjt|cvF2QLW?{Pko8u+r2
zYY@}+0d+ofBsNO-Eyu^eeyvL}IL9fgZ{5&&U_3T<<cH5p>JzW&f9aQ!LABybWO*Ln
zbe0$!MM*h2*Pf5YFZAK3dV=qP@md2kzwS^s_FWhGc7x6&^kLTP3H+5Bxp{XQ$LDcY
zDNt&(uf0xZ<&|$t=Z_LQej~U;^Kx#zma~Y?lrDm3o3uw$JH50~K^qmcQC4jn|MFb?
zKGz!Uw^?lrpJ94|HU=ve<W$p!<nbq+AwTmxj*VZ%v1Aa}SdIKnHt$X~7uS?NOuK=w
zEnwRfMtj>`X8Vt(W7FGhG_{@59{lvPLeX+Qk64dd@F|*IHy*vyWy}-(&2XVp@xKc@
zoxvRl(XtC2>%bxxag6tGD0OGsG^}-DCU-1sti7nD1s-yJud%uKxyEMMtF-_2A{#^G
zQC)THj#p*|SM?u*X5NHm-a=mgnt6=lJ_dvP7V^;VCtY-Z>T%xXIW7vV(3)_ru_g@|
z#oLNQWp8j?cEOFo>&YvD-pD$31fIu#6fYUD3wh$9pR8a-e-ZbDmB81lkO8Y%+gsrO
zr&!yyU)B1)3)rghL#chOE69wd>&MvbTQ+~%@1^~E;+v&gj>JXLE8}mLP7z&}z1aMs
z={8<6;;_4>`*TOus|Tl<wb>;>@=z(Ku=4qzyvjsh7|!W$$&oMRw`;z!J22n1sfN)>
z3{uUdn)ejuz1!J&X*qJ`R^~gvd<U5CTS`s#ti!Q0kv#r|Z`*rb+B)tsYnywW>ziHY
zneCEigD)u8r5hc^gRbI5XNdupSlXGu`5h-~J7)tKrz?<mwaX+9^X}CCLGpZAu~ANk
z6&odgxC{9<4?JCI{DRzg@W<ESx$Q<}{q#NfCX*V@!xqrWy5rwx)7dlVB7swW<yXwj
z+hSDu;orPXW~HI$ezQ{hPICNI=Ck%#v69SvIW$2G<#E{(^4R09U|qBBb7GFOnd36%
zI7sgHOxF3lTzl{7UO`;$Xx}fj_dc$#`*YoV_fS8N`h|1qQZ3*3QnRv^^~%Fo)Q9{;
zhma>O+Vk<hV&k;W@C~rX;{TfewCLnO#S>;zaQfJ$-fZMRsjEpo^C{?3zx}zro(o6Q
z`FlUb7?7RzA@&qK<Sdjt?!hmn962q?>_1q;gYo&fc{}XATi!3Qo#@>O-hGd?im?kn
z<-nBp9JUj18$3{8;qnkT3;u9XuIk8MI)Q$M>Ot?Sw~P9b^1`E4p1!R1s3-miKCsy8
zs};V2028h9)YTr+D$l&t>VK7^Zo2p{QVy85&{w3K)?BL`Z3~b19*#Ta80Z5v2ZWRL
z=s15EYb1Vve0TiRm{*-(9N+U3Y=w@gU9vIs5?7u^IUjV;25iDnfM?wmQ#R{twCG>*
zYch0|hR#1kThNqA-^N(~R)@RuQv6H<J<#tVuT8s}!@&eImw9N4?o0gy!f+m8-O!xr
zJZ|PY;}>e)SXWEyflcp3lh>b6?rWpt`Y%q|99XhA$Jc9AV$WFaJBI$qy!pVJbYb7i
zz=MB1NV&}8%q73O-$IX}O&@w(H+}lR>mknd1X;_nE}ycwI4(bTvGB_8Y<^epyG%TC
zBf2>4uAu$UIcC#LzHL0mKY-o+cq?<-0$i=ke+#@K`jEY3q&&3p{pZ?zrnW=r`J<P)
zl=-DitIYXlDFe@#%*mIWz#17J<L~B<q#pyn`maVN#LVbwz8pER(Tr`_fLy2zAd3gg
zN<UA@4y)Wf&=0tXz*Nm||2J&hn2br|&d2v};fJwX<rsUl<ODe&su_DZIkBo4yW(ex
z>AU0}bLkTJyc#}l;I4;a<U|=`H{-+YF!oW)F!n>VnF)R}8T+X6gt2#$=SMk#ZeX6=
zN#@c#Yz6Kadz-V2`-$UdJyE>p*C!OGAz4^M+4?24$6RJUZY-6&!mqbHW{WK+8n87r
zlJg=GC$tV3e@AG_<|Jgv<HVEK2a-1DV57+-USa|3*TK7t<Jf4HN94_w;dW$SKYRge
zL?~&q`89N#Cy9TZXtp0_AMHecd>{R6-BjX<cyE|f8V7i~cu$UzoSq81j&f)|K$*PI
zf}DVd^GlQwucgBSI^QFmRWhy|z7rfh=tZwyT-U648iQN~#BvWDQXPDQ<cII5rmX<<
z;WCpOedk!bw?B{^)=85cJEZefTe@Oh^ZVGcG^XD++ju#Afq%#I?7ffBc7XL=c1P>`
z<HO%yw`>CL4(&CHn0NX1J<LN1G*@hT8y3qh4R7W_b6WqE6G-$?CYs~7HP6t3WPUoo
zN6P4E_#Orp&9`?8balB|*|rqE{gSc2fw?V4F0pr;v~^u*?M8R3<yULueTX@iA0;0-
z5CRXYpx+R*+r{4Q?Qh$5<5-8ck^GdFo+O<p4LvCxJ;@g^D(76(lxkqh@)>hNwZxg_
zp(nNSBo}2<SXZ+2q^;E3X|nG@k74gS|4QzMtfPPT<%@Ij9*2LHglX^`Xpp^P9`?X3
zCE<6B-+D(mQ|~<3*O*JKPggT$!7Z3q@!SafUUc<eZ?JWuzZQ1M6T$B1ITCiQSy~%<
zF7UTU%kGRRoIj{H$e~<w>2l~|_rAgTOU4+9$7<}pqsNT=oxhZJF2BRZY4o>QNyhv*
z@DV%BNZ49Cr{owqFEPE__T6Rg^<Fl;jrW1Sw~-mgkr}c-UwH9-snS_}jtfKS+(|eX
z)*q#t$|s49)57~xl&J>qec(Ntd-D{>5X)H&Z>70ZF~xO$_T!t9z9hX$^zm}lFntK0
zjo?#q{Au=-_ph^U3bBqD=phDr@OFF>J*+_f3a8SMM&eX!UF=%Bz0+`k&1n(ej@@dH
z{WSQwBSkdhf@ZZY?cokiS5jT-3&bQvaJPvuK0VghcEv3b+{HBB^a;4zMI2f*?!cSy
zcLwgdkSD_3D(FLf`xo&19`QQ!d5(pC`TYp6?YV;Wb_Y5Q?**#?{tmH!ImJGMn97H=
z|Ku*oZK9_-_G^0_M($SNfBB{}$J_Yf>Em57kNr7us^|i_t<;g7%AZaD$IQwa;@f<z
z!{)_yzrvAs2XmZmRC;H0rOuqm{?d%`-0--6T{<ywE@XuKT&@{=nzQ}dkN2G5o|%R*
z$fI=HyekT)m(MchJ;nS#`;UK{Jdkdt`8Uoo|Fdp5lNZ3n{440&%RVktdtpiF-NE^~
z=QQ%$dz75H{Ep1`>I@sUNh@vq{k8mlNHSNj0pn=2xv9)<FPb*Dq8DBeg_lj|*?r%9
z-QOl_KCSO#;q!hY`*ub3y%pb(=H%^b|He7_lyR@VdXza~+`Z!0uzY%Xn%(zBS4HH(
zU$;K&3isX3b2OZ9U4EuKu;fIz-`FX3zrSAgx6SpZ^?Ui!Gv_+G-^-K2^Zcd1ZJs}^
z-(#1bxlTm)yD2V==ga@LIsUYMw-%o{$I<=19BcRccG3SWo>zb2lkv>DG_MhwzVGuk
ze8*V#q<7qp{63p)Mq~BC$D%3e8(RBV11<TjG0j?RxAin_MC>$rAF&gyV!enNYc6eJ
zk5tFL<ie%4?zZ)3gOlE@TD3M3QzBXJm9B)Yuf3(EJB4-pE%fa|Z{hBPEFXHdi#>&R
z!*35n<Y_Cqu<TWtoWBbqyR(VC(r-WezykJx#q0yKqI8M#fNw}QVlB}+YU$_n7c5rn
zW6gnwJlG=Ht7noou$R4hGHpiI2I)oditl2bGK3%2seGP8YbU>V0h2r2Ph>q6oI_>a
zW1kU*TRNxJ7j^;l^?_oEv=?SSqrI^9#67^MeX#b!*xKfe+zVexoPzeGtObAnemJVX
z$bMM){j~4hyKekK#SIPZgDE>>-Qe<D(P4han%vXOdY5ljW_-?A{?r$2eWxCMr=n^&
zUIAUY$;-Yfh^|~AJvcnywdhwdQTy3$_Hf$IcC+Wxezum}%(CTey2o64FZ$U|_H-}d
zN8ZSut|b@Su;Rg0A3b)|GVJMA(3Vw(J>95f*wgvh8$Qk$t^LaWf?Vy<b=SkwtP6tO
ztvw+y=ZQv%J+k(_l#}g6bGce|N0gI)W~dyrR)apI@_wGZ9`=pcP72W}W-hY%;wWdx
z8moe9BYQy$mgBZQ=EsII1RF5muUmf4D6r+DLrEWU0k8C<^bA`LE}CpS<R5FyA8G@A
zW*226^sfC^G|fwwx*A#>IVREi(3luYH+%HF*RY}K$r#h2nJjRjv86+=k^bE1OL^!^
z?2}Wo&f^?_>G7~XUU!HxKH6#JSx*dj40U^c2|Xp5m4cy;^CP|JqAz{UrmGi^2}gk;
z9QA-lpYX`JgBZVErsIv%%jE5VM=uzL#nK@^bNblNVXT(Tm_20djF+0PU=OMIrtgOL
zkSznldq}I?J@y_lLVGRzP6s!u@NaAa_gkTroydsVFrPQ@4%=7a;16w_4JO+*xIqu}
zIURp0v{OPE@kfBVKG7L=0@-_(@IGSi>BRRc{!sjz_``&jWJfuhy~p%&-jVvBWbZjd
zTg8+qhCfENi@+ag(DG%#FByG^*nIKws!fafWrHF|xdoGGi1=&^F7eza@$CxuJc7GX
zdGb>9et7cJ__iGTN*!=jfP*sT&O779<|WJ>`gjBSxV8T;3(uW=Y{HdnO!=%c)|inS
zvIp#9?kbo&3s>NO)#I#N`Rs$3znB>>rOry*K+H+&niey*LS?IeVaJyYHbeWgrTI)}
z%sy!C5MxtYh2Y4N|L{dV@5F2B(|=F?)`BF~ra7mtO<D_t!*!?NJ7lXX%=;_AX@rlo
z-gGPXslKyjwXvp)AG0J=$J*<0kT}TEaKD<dEB;3Cx3H&e1$Ww$$uELkdT3qGblUA?
zP~K;9*ChK}t?O<0G+ebaOM1BTLHk4PuWsP|+4x3dS)snd_*Z;ngm<*=M&@6<qy0=Y
z?>vLNIEcJx1OF3d>`T26nQ_pZSh0fNJHfr$6+XpRXT>LHUoHTb%(-PRG>~_)7aGVa
z*$Z{o#3$Jcw@}VQ`^C`6sC)s9)=GwIp5YzOJ?2s`Yn1#Gfhhk%Ib)Muy-@gsMl~i6
zdqdf&%1rN3jl~xwU!rYPR@?ON14rqUJB_X$M}{1;{S$+~WL^0+vGm9hOO_7|rnJPP
zGf<}|f%==ELE#MhUELL~&E5Z$zx8lR=cT=K@y*OJ223~kDPwCcm3`dOHL$tVT+Cg8
zcVBDW=UDXUKMdXHxP^8;y8R0LN0;MAT7o~R1iw--u`fmBEwb;eakDR%9SMJL+*|A^
zuS>=^`gi!izD&LDv-rSdn=Bq6)`h!x`@pfA`#?0ljLX|Ld$4_#!FMZo@8Mn6<(|#O
zN$`3t>mKkAy@Q8}iObdROv+?V$<N)(o-BwhK=6z1ecTW16&{^NRxsXdsyIBpDf^y9
zIVDMk;=PV<!I$+d-nG1#mXpM|<@+^xUJvYk;s7|)Rn>xSCtq6mnhl>TUvtmrZaF+Y
z_m+4w_m*?b-0Bl%uI(>A)2A2h%axDLjc*@a((>W{P&sc#iSrqJ!Qk$2`3Uhf-mSPD
z+qaid{|}aLuV*}dz3%Z%i-lXx!nx3$8C$N8`&i^l7hhc{dL5`K#cq}8^W(#TU-e#h
zkh$Kz^MPLCR&@ue;%zI;gvR1S<C{Vz=g|H#W@7$djERod$4^{zkN?9PHl$5BZ{B&c
zzrJDmgeRwcclL~Xj1NQU#&hZ5Ou4eQFhA4j!}Z1;R-0CP;F5N}NIPGooiD1-MPqk;
zj<&9#ts80U3fj7H#@O1=h4PK#k+x)SFh1}tRJ_np;Pc><wqzUdxqwfxU?bN_%^`hS
zZGeL&Xy`d#Ff&JEJ;Iz99~o!)e=YkmvQWO_z2t5xy4a4#i}-(iQ?L)QHp_RF&v^Rq
zooCIl%eeR*+26}f>-yft=FoE+@tu1u-}y26jbT5w5&!wU__ePH-q`;Zu~u($@91;L
zjI-H<<vW+1B@H;W=f`g@yRaq4U&g1PzGM@Y@0>Uo%Xcn0+o%5MX9<4#2If%f!ZXOO
zA0WF9BD;>w*_3)O?-Uno()P}<{WEO)Y!bfYpI830y_TPQR!RN)gY#S;)sz~HKj3ie
z=;2(B?4I?vM9B?kD-x>!jao5sS0|mBzcmrs6hC~2Z$4t576F6HU=IKL3zi()MLPlR
z2~}Kr@ht9YHC=rU)<opMaqU%Arxv{@@IREll6hgBQ!I?njn2k8EEwyYwHBNo-JXve
z+il%LoBykEmaSHO-$vivZe!lAeZ%k8@XpV>{HS-Ud6!1K^sbkO%LRCc-)CNa)Vu4|
z9((^?FAbNwPVMn7KkD5zylahNABX?fx0UrpYyTzSlAP&^0SkPbKe`|LeDn`^G~g&0
z{d+Fonft)FvwTO#O9yuW&sn~+)}^73TDVI*6L+HfXj}%8^K&z>HwOMtklTYi4W#Dh
z247`gMSPCd@U}^{rJsc_ta%~sI-RvxZD+)t*|x^)Bi^kxT&8EtnPoCFjr|o9?mckS
z`^<@~Rr^j<y!qw{@9d2SLN`8hqVLU@Pn6vI#tEGdMP6I<OFT9Ar(m~unKc4g#Q)sW
z=Xo)9j=z7a>3tEOWe2g1+xHl?rEyVk$|or}0|{rsp!cr$GvD`wX>BBqEWbaxOec8P
z-l>-Pla0gA)AHl9W{Y3dZsE8y+f^BrKLkD%Q?Z5T$UgMm;uq0Bc<!UG9(Qf2?!-}9
z=_C30v@IG#CpvO`(CV)z_RRhQoFmeGARf+_NoRhFy`JS;r4562%YY@HX9oJGi&#uw
zyKM_mJoL~z%61cPp)s|^oY{x9ej6E<uRkx5vUk@tpDi9QiFmw+iL2E5rdYgm;%NRt
zo}b(BU1~iRA2%i%4;|sVbcI^_RIFFGBk$E34>aj1*bxwI#uw~BPqNn3bbO-Zk+RxQ
z{oBu0pEbaWy`#L&rv3xv*u!p9Kl#A%i>Nj#&eBHtxY1$Ar_JqA^{+i!ea`*~29*~K
z=LiP$4Qs5t`)*Vl<Y^fd4}L2SIk_WpR){+-9zup%ZJ6xGAEb?2z^8DLGfEq+;Icd%
zkL-X?G_TRINy_V^`TOvue@9n5J^pF%1=s%Q{7qUfT#IcTrS0x%{p4n9>gLZ}%$;Qk
z<WhZwytI2io}_X;<il0mR8KbfY4Dl%3=$VY*;~oUtXv+_k#<=$kkBz6xCL7^`<1r4
zziQu4?jK&4w8m+Cz{4Ho!#dc9H`%cNfWBSCbh2--)~wNDL)EA2Jb!yK<z8VeuIA39
z0{HlM#6j!+BnPsaoJjWh(&NZ7zIlS*%qe@%wv%{*x8;-#z%TH79r02}*<X2<az_F9
zOwKg8Ta^20iDh<wo%=y5&9%Ouk^9O7qv>MCRZn?W@YWpF$)Zjcbrw)3<7-B4-U{o!
zn8bSKkX$vKkxuMbVetWZY<Q;O)AvLB>eHZZk@`E|Xm5A;tK8~`{&X+fWcq27FS^&}
zag{GZXLeI3bGS~fn?8N?DLYOb@}izRbqyAL!JIzeE1`Tg<%?z+?S+)(p7q?h;8ipm
zjr$1QxW;hDGdOkjlgl=EI7jC)&!>LrdxI&X&4c16U6TrSxUr|YCpmVwYy7$OX2!xc
zU}y)H2wsIFH#iEyCmN^n>2ddIQzme`u=}>fJ9a#Og}?pByiatdG~Vh6pXVcHTd@rV
z(1hAdWB;9OOzzstcPrMEeS?=VD%Nx^v8E}P8|_Jo$ACZWy9yFIa;dwsVs4J;MCS{w
z_)_X=z7<#T+l%X)Q?4}HldXEgIjgg&cd%kUI2avQpO*VZaxxK_nF2luN^8=+xz?J`
zIQB9(k+~$dSbKdKFWZ1`9rJiOICzXPPUD<YH?|<<M{2Y11<mol$9VC?(dzCKUg&UU
zdKY;@JPp;H4cveY23}mQys$0KWGmnGNzQQ`<h)Kf`tqyf0nQH%<mBDYo*tcT3ulUb
z#DtZw&bmIRegK{AcsIPG{(2m#jV|K--4l)dTFcd@@;`Kom!R$9<7GKzP0%Onxd%A(
z{~`3$0ORY04<oU_njhi$Hy1ZFGv=ZB(b{kzUUM@qM|J8q5dXT=T-)Oy=Nab#D(SN@
zRF&hSUHP^JYozT4hr6qfc$iiAonvUfjQPKkbKLHzd6bO)3GHhRt@edu+W$(VU2I2M
zKkfNFdrp$A#51V=UX7oAL_b;V;Y2@k&ws?CxkQV0be1HR_~wL;@6c}xH1`|Flt$u1
z6OWPqsB^8ow|RoP_wv1;{NAEx?R|Q|HHTrECVP$jkKAUL)BSwqz&Dk7-@=(;tv#w+
zO<nm#i0Ry}d6EBJ^7aGfS^0EsXI&(wx)GjazPNW78CMhv=H!9LTK<RMnzSdaBaey8
zwBrETzuEIfED`Z3UHD@5dpLWSPub{s)cEJaXT9t<zK5P+;pHr}to+)Nf1j4`Wg74o
z(pM^d-HIKL+~V9Fn8-QYsf|g{pT_td>?}JS)1Hzp<5wOF1KDU!vF>BF@0(2S_#AlY
zBvv?}@3bWtm2Y4XaioINO&{sJuXl!J2ecEB9g0&|`H}RQMVlk(vu^xUi$3=<e&85z
z!`~j{rHeh_*<@}SbD?#4Wcfm9Xrz3OlpRgpN~TP{n%sc&`7S)BdoGl(rN=SZ)&bG?
z4#EFs=-r&|dlId++kp%{5y!rXJfhu_3)HElj4M=b<-93}CVWP6-|nb)EBHUKo*Y|d
z+Ct$@K7nX?)sC(rIWGAvy$(G;F5q$OknH{~a!d1`Z^`bYj#ubgZTvm5`$g(Xc6S1|
zVwa+2_fBNWze#qFBJ=+}Tu(eR+B)}1=P)eY;;Xi9k${{FIy!T+c5#Lc7*?8BopK_N
z`)OBsw==<A+4<NQc_)55icPtXZ`c|8{G8of%e$GuzMM_FjHNn9yED_y5kb6qy!<5S
zq}IKVE7?!GgKNpPL%i6->_hN{xuN+yGo|k^bK!xuWN%0JTVA#mxy92Bujsq(h0-2@
zxVWW)MZRAT{q_M%HS~{`xIBm7MU<IInO@*%p<E_%TW9}r`P1EzFCb%^z_FM71M{yO
zXVFgeJ!a)gtOwO@;%sHdU12{vp?$@J3lAE{A)WIAUg=)F-+ruF{TuvNE)tzzD+%`J
zgy>uM&{v0X;O4x2o@_yUuakTgO~DV+6{LfSzG{F+@acX_oevb8cQf8^@V@$xS*f+I
zx}Lop=ZNQj$(Ea}A6=7K$Jie%*BSjP_#{2_KJqiE<67u~I@`G8o%>Hy`m}bv4?eC!
z4hx3Jx|NNbjg}3`QR|k@3u^6}VbR#UoIT_pFpw)(0+Th4Ft0>(yI_=V*9j~ol<Q_Z
zk@2UI-%WTCJV%IGp29dIV|@agTXYeJKd;{4>Kk-9@{)Bht`71zMB-k{nIq-AtELTu
zaVG^o$m#yN&Hp-cBN=df67o@FXYI&vrh0s1*+)XZmaciO5$`&N9}s=h#XISk8R>gC
z(=d)}c4|(j4zl!U8nPx*S8Jz*Gw`i7qD$juY{F-xjLscIm-%b(`Z91z=IUJc-*TqM
zok6}Y<YKy+)Yzu^<*ZC6W6368na(G#;Quz^AG@ji5?=6>?J}B{a96@c@*8QLiNwqy
ztCm~-8`WbBtJz=gWWR0lKj*y?-N^ea)*#9I?63@<kB*%c-UH00jF&l5+pA5pYb*3o
zO<w9p%uUU2IMc}!;B9OX4D|D~LpH&fu140nr&)KS;V{7QYV<7iZNY&JWhXER4#msM
z7Pl83$Y6}}Sx9c{jFI$#fNbi(skxE<^$Pk|2C&XYUd{{aE7Dae!MAjkJ&q*yD=u(;
z`uV1jYgQlokdnV~-O@h6V6EIjo@nh0v<Jz6#;P5rweENV-^@YhXd<tBrQ#sxnh!Q_
zgCEJ8v?I?*=qqBbT$J(EBLm@o-#^>=X?(S|&*9&a4Pu~mFG6C+7{;wV%lRklyuxkl
z#oB3WI%A$eY`5e<I^Pvv-6pw%9w50h1Dxg1S43_kVFUfqtZ|l&a!ZBeM{>t>bVwig
zLWXRQ$dGjALNxzA`}iJkt@i3UyEX{UPZF>FAZOPevd*qaKeX@PO0;mkAm<%NLZf0m
z_E4veIuG7uw6|QR^K1#$-4Yttn7}(Zk+Er9Zyg_eG#c*F*0;0WVP@$M@QC)#iRR?S
zBxrP@Il0dd9sX!>;zio)*H*k|jdeX^eSM-m*6r}qpd-n;XW~8hvTFBuOBdg{j=YS}
z+)2hQx{bWoS@OspXYw^hdx}MGk^AG4JAOmEI=h!ajwm;CQbe4q_8g*V?K2|p53-)D
z4DaPLbzX@1E~h`OIlI_v1esfh)%I}Qy!P0feV*r<X2dJ@pa#3W+Vc^YWaVbAHMSbW
zIqRMD37a?SiK;PjCy$~_v;(Vj5S>qy&QS+Xp4o2_c`Nc>-Ge-kkH}@#qz0ia@tbhb
ziGKFc?W5nTHu7wuY#$!>jb2M;c=~iFg&W?9!T!DxIn)B}%YK_~`JG)|n~)<l%wG)n
zn~glvx#5fW|7N56#C~$X98TZgTtJGAypN6JiyyQ1hw?4#<n9T{5#8nSF!E@p!_)Ty
zxRvizZAISgrtQq&EjfAgD;X-8(txbe{%a=d<V?n>{ns+~Ul}80%eCN6vZa+d9Vu6$
ze=kR$Fd4IK4~2}u$9)FUYbAS%$UB(HxYhqI;FE1aa_V*H^D@SoeS9!w@&BU!RO(9}
zyvDdq#{D~<BmIDaP4nWAj55qV`RB^nr@NG+P`1~{ZQQs5D{~~9Oz^ZanLB5ofiZ!@
zIpSLrz76oZUGnBi>`K=VLqS<fm%GNujkf38ds5q163f^=Nnf?>vA{MN7++(3%X3cd
zTM2#K27J;@Eck>wbP45Gb~%%~(EAQdm5v0CzeAnvV{Lt}Hgw9;lMZ9+`||`_S5m%}
zYG<m&`=`(YuHlTX`jEY?r-J=CZ69L18e0*$GPT}Buk*6YB#**Z*wZY&BGv`kxD3D0
zVr-U+@NXC3-?s1D)}G16#pvIE$(f1K_DRy=WgARM^S8gln3XqL?QCIflwIH%`mO_B
z<leRv@=Euj!(_n|qT`4zBmHmr`Ss1C>3-j}U`I!Rt|R-B7vX)`1SBK2voA@GvPIZB
zV^YT>)RR4;hIMc>xs6Y>!!wgScEGNEpwIC3?PiWjg5^2Y_>@+NCkD7LKCGXXKv(Wr
zMtgBExYn{$Vn0lSMy<Uj<#?ad$e1-2?K4%@6Sf(u%t$)d8odJ8R<cH0v>RSaOW(Hb
zyaD8`<l69BYRg@%rJ8@qeBWbcrQ4`a)tYMW|A&2kBV}F0My5NSgQnStU8m0tEv<%j
zpGMxvFS?IC(ZOGsm9rVwZgcr52ROKpTw2PrJ_zmAA`_kozL}#O2`}-#O)tYb%%#u>
zcMo)MCv*I>;NrQ7HKl{c%*r_q@*b@=D<?UcQs=Pu=tQp>JZ@A@FnGU(yh!>UG%F|U
zzBjcNc}H&C{bl$Cz3`EAw-;EKl&|4_qvnACvN+kYr*OA3wyWYeW53pQ<;qbkZ<#r<
z&kw(N&54a6^to#CElF?i25-u#7H@{_W|{OO`qLSD&DkLI_%8edE>E+YjS17AaGp8)
zUdyh<eQI5C^l7~t(M}8PJgj!2Xi|J|BG#rytB&Ln_Az_ThVdsl898t7a^76N1l?UL
z-HyC}mOoQ<A3`@ule}Xbzo7k2?z%IKnoC{4HuC$=_`XNybPZz%F&oDdmU9-0d=W`s
z;@<8_x+n2;I7ZT|)eo}jDcVU$J6(o;c+*djB_=Y(foyRSpE0KWBd6IkxM&i7kns8I
zJ1z~Mzn<Ek2<?9h+nIDCa*kVf^{hocNViiyoJaZp(Zl}s8fddqaU7GZ^Tm~da|v{}
z2^cg!^!SIaBA?t^{(ir1e!p}l<t2TXI{d%?ck6EHe}ms`cYnq5jr87j=}@eX?8Bm8
zU_>UKt}lFe(=Xb-6>B7ZgZ4jZJ<#~1$7S3S8Cz<<^oJtOVJR;T_Qukz<^EhRc#C0Q
zsCWqN+kW-YqE~LJxG86!+lYTNeII$srmVTwY;4XXKB67ncJ>y3?uGbm50YEv3C4RL
z<7>YrqhGe4<BaD%#-})tqVT&tW2_u*2YQGlPdR?)D~k7+oNnx&LZ9M|cZoMW1-{;&
zZl66*4BgiMFu48cm;Jf74la7dw&829o!oI5W3G{H&r5tfeP=jbCG8cr=2Y-kWV(wp
z&fk+-$Jzh7c>lm3G&jIo#C?gf|2?$6x%q#DZ|-K*z9^CTjl@~GR}JIdwguytvT#58
zdLv#K|0(!?559=p!LGY8Je=Wsj4>&;$%C$&1sy4WauN8<Gbe|xXFMM8O1bS7)Ai01
z+KoKOVm=xwDsr-!kK**M)U1#57LXfkAPYaa>SfM(EOiR?+8xHc27E=?*iA#Gr?{H<
z5$W?D=2`hNEgoULI2>c&)A=Z{q_lEJd%S-~24@B|e>YK1b|I@h@Tj`;d8d3XPxHOu
zQedb&XIUBX1hPpqUh02fQ$;8zI~2+ZnX$#kI76p?TY)><nX^#mpJ!6{a{g}Q?>_#X
z<!?WK?1Py@_FsuLsnz6FnG>()xoalHH}O1Y&0BHz^PIM3U)+5>r>@x=cQ4P>HBXrv
zQ!7l5S9&;m>(Zl6k5_)L$H?hojS+d{n@Y?Hy3h9+YfV`0%%e;PuotHrae3)kp-VWU
zd=mZ96>Hx^;nqB)UlLl0JpM|a5nt_`9NGdO?s-Bs=E+uG8)Vc#9eb2L&{sP=49@n8
zwsvEu`z?7n@1Tzep6lpad0Qrf<9DG&;kgI@sPL@)tYpOblsBM5?K!^_1%C_hOP9JW
z3jSoue3RdGVL2(?CIvY;85yZPwA%a)`^JOhDG@BUI*fs<sgpRt?z_!v_Z{Nhil}xb
z)5f%L8!lv6H}&45zV4It#hU%SJo7dg{V#%tGVoIiPEP9n_UZg4XOMiXh0tgn_bwDc
zqptM5sR3us0(`Io3+YREOlQp#P5YeCwCEhZ&I(oJc)d1F7aKVXb)Rdp$^9qXJK970
zdhP*lR!$mnow?GrekS)N#ML+728`rb=iW!|tr}<NgN@)li?OAGbJcgn*l_xQI}^C^
zmt?uZum<Vdg4M`bko;c;>_cwQ-y7}SpVD_ZeRonu_k!7W<+IC(2czb+Iu)8^?2f28
z)n55y@9A@@`ACSKQ~J|<{u$ZjKOSrC%_V<~<FPkOzUzPPAAU}Iw!%wGC+QvjI&x;Q
zKJl&lWUTd0|0DC`3t3~4aog&knLKiqxSy+S_K*jw5MF)J=wGPs!ll&*w5g}Z?Oa;6
zm;4{};YZKWJKvqoO6`I3(1AkmjGO#eSz}Y<%S?ym|0AbYygM#+ZV~NK$7;{_GiRj>
zTF4{jh1_+g)ye0#hrC)Pv{6kPyNGk~ZFgF>th_rNm4*Cv#U?IOyBSHTa|@G<xjr+k
z@@{gF3Fh)}AIj6%hkqy<9_1v9Zd-P0FFCtb(HHkUR<7W;Z@;sW^?bQ+m($u`=H)vo
z*Yo@5;63kB`o})&a!&~NpE$QD3<q&%bJc%MxPR9j-etbkcKo)_zqr!Mtzo)6!ddIs
z{)N5|&B~3mn`WS+NAU8YuW}~1blov-naebnX7J55iMXajV{XP6BX<aYet%_yRW4?k
ztJWAQ=ccTC=D4|;l(p)(hyjkY4Gc%EI`PX~`6KEqj<M<t)u*0SKgP(7jK>Jmfc7M<
z@%EV+_nniL<>eD^O}p+pUCXk5y3nGrqHBU{Gt7*}cF!#9cLrxh+{k0YbZ^%9dp_D3
zUq8ui!*j=^Wo6+uJa@R3d3V@tR9sWBw%AN-Y;@UeR8&>0_0mSs`QFW$nf|KA33mNF
z?j%$H8Pv`Cv0b<Dn!s9@ncmnj&aPWX{~qdkXL&Yf0cU{vE}jLfy+ww9M?G;!#mrqV
z>u?8piek0W+y(38<H&LwOR>EyC1$<SpSft=Vfsn~r@mRlN3ph4z`Gt|IFNajhI`Sv
zH2ml)4{cYLQ(k*-mDjlQ@Us}m^SpDyac5K5?`v(IVk|9z@00^t`@0aZR-FGL>zlDa
zdAn3!w52vY=it|&FVQ4(GW1^mXH}gWUzToE9z|#N@$BQ7Hy=1?leN;5Wf}{8xt!Ml
zrYy=Ar|(Jij%g^xKULAnSk;Ecr8P5;=L()$QzCuKpClVW8StykGT_%b;0FHeF#Ot&
z3I5>udsEvDV?h$|yMY<`P^mn4>Z1rabsniV3eGa%tO15h)9b<hXTb@rS-ywNFr0b7
zseO~$5H5U|+cxgJrNH$*@wmWzl$cwML3shnO;48oZ-uY(D0}EV_?z)t{0**G@H>Fs
z8yR0+)c<9)xk7S)dNs(LGTKr6vD(v_j5O1gB^bz2b6^Rw!F9^^uehP-A)bIH8=e^E
ziA?C(b7H2=Bb+r8O=hHfbe5#5m;3dkLkPdU&*s>CGuG8;5PRgFloanVHkV2l)Y^d!
zr^<Cc>(+V6bB%m|oZxVsJWK!oGNS)CN9ljci2k4cJNiFymj0VZ^nY}e{?kYF-}ZO(
z|K?fxe`G}e|8r*l?sGb;TvIx$@ITJ6Xp(1mjxBke(KmYA9S@$~cGi*6+xCE8t8M1k
zA6K-lJj}b+yfMF$H_8{P-+TTtdSAu&pWfGt2hZ%wg<La|#w=4ib$=ec9nZa|x6|<7
zXSQRQomFZhaAfp0jy9g&M#Ue`Y{O;NRJrf;Kag=*Mq_Vd!bQ?Y;F(6X`$_v%7yRR6
zJt%??ZbQfTRKFj#2i=XWy=+hQ!|^V|<qeKGXU!>Oi|0<qva&7NmFFop1hL%jk%z|x
zPxjtp!=J%Aaju!>4gS`KU;Mb|kM@}R92?@76l^Hn%HNygHk7_KZbSTrFKj3^zrLY#
zH}78f{D#s$8{aPd48Om?UyAwd(j5MB??|wCSH6pLu}L2scg~tu*CoUYo^I#49iP4C
zuC+H;dp1uC-n{n9#zhN0>>r%>h>@}2<{6&Nlh6}?9Y1N|myMej5HmFI)wuEnEoI0n
zbfS-GYm(vh`aDME_5Aj|?Ws)DGtFD6oQwZ~&B|xQge0q47P40H^ck_Cjo{H|ObD$;
zZhlOeNybF4?_y#U(AVdDFgWSF(9Jn>JYyO)wls(DRi9yoVy!x3LmQFTK4V<Spsvpt
zAFAQ^6vpK<9HCa~`wXY`yt#Y>eNPHWuFB@*o8-0pGQP=PE7#ATu(SOKG7|rPs8ur6
zm>fF9^H12=p6C6)@YEe9g13e{;6J9kZ=Sa@jsIKb!W)v?Grd;6RG%>>R0DiBFSh$!
z!T<k)4ewvo4)wmv^E%plg6Fx|D_eQ~iSNoY{<d>LmT%mYH6}j8`#<Z8_pP+oy6dn(
zJi_-D;^MrF%YCU4-%;OKn)Tm5U6XZZ$L8XXg0Fbf)|Zx;-mDO3iBwMOp6gP_vX1lW
zON$@)?iv^6TpyLc(f|#)zUP_hGg)U@r;M?6&0nJJ`Xbi7E$*qAQFSt@lS!Sdnd?jO
z-Ft)Mj2-IxliCfW81q^tpf}Th@4WS;<m2?Zs1xuQJK&endGxiw3@oUhYAns<z4VYL
zz_nr@X7NpBvU#2y^Q8sS$$~T7n=_OARY#FcT3^x_f5v?O125iT%iyb7gEH=%uuL*4
zpLSdq_}8kfDePZUS(6MWYZ2>{&rG$~rVIURqt~Vto|MKq2XQI8TAG!|>UHdl!~r~t
zo&BjBi1i@GttprM?|Dx08AH!wfUOxlWeB#oVc0}puR10z6rWbWFWl2qRgAsk5%X$m
zECI$M87SSZ-QnNi=6nbGTjdJ$3c;Vwvn@P-CA7sJZpT9K@fU2u8gtey|KE-I1#;$T
z%s;2!kz@W(`Uj2&e!;U0IHf0f&>{7|&Ou3U6z@rI^y`V<wSuQF)39PdEIsb`=yT{!
zi*>G>J&IR+I7@nL$vW|>^q*Ru()*_JEuu%>jou{tPBuDOby#Qg@q8mncWk8H?6B^*
zC)`G~?kJj38<GAjSk<3kMBi%F6Maj+rEkU4zx2w;Ty%-9*pmjrbK}?CzzbJV20Nd1
z&xCA*DxY;?aNax6h;%jm?l?YvfzCKe2aM=z-EW_%3xb<0-KQ`X+8xKANqd7YnB?U&
z@h>^B4Lh+7kHI!P7TYj)R^DwkZ60$@{DaI(_4VMLc&L7@AI=S>b%x91bNee>(e+O{
z$B`R-EOu{u9U5RAQm%Z(G3uV=L9emnF>u%7oYL0-o)oW`?wr<jc&^cO?uUbqYCqLI
z(Z8eH)xU6>IjvFirZW1D|M7vOs4|`7?K0CG{Xb5F?jOZ2qFlZ@Q^DQEJ8C@%jctwu
zi`QPCVQ{C$<c{;9JO8-;A14sM5cv3xSK7FjdoJxNCgrDN$pPs|>RSb0RCD)THcxDP
z2YQy+>m%}Lf5Ug|wNZPoH=eN9M%gQlaX#)K`f3Af!+q;kKmQDVjr-T#`26uZT?uio
zRj!@mxUg|)RpnaaE?0u_TKQVTxTw)zRlau4#oo<x#&uR17kM`uW6-%AM#!}%e_bQI
zfB(8!&)>Ih_VYi$p2qpP<8SV|*Rs_v176u>WT&_NIiF{qE@QqHGjEHSzXHy`=5zkl
zw0vD>(=W<gQ`U4N`!mQv+ehvTX!gJ){)*0XFY~g#&K$d;G?u?BSPw2VjZ&@Q6V_hz
zd@*Bt8@m+oD19FGL~&~?o>#05`@ZFQ3v53$dzL2m+Tinf@MLjPL$l^FFN=E$QZHX;
zs9dtc+IM8mM%ImGFY#zgYNk0cD=1lqPhdT^uib`!p_l$%hfWJV{KCRm{y)V3F+30Q
z+-(#t$Xn0e2L8zWm>95Ha=-Gw>c>&$Rmv!zcWwBc+S<>%UgxBaUs+GHW2G_Kva!_&
zKH}}3!e%Kv$kz=I9`Igj&;6UM2TyOb=RTIXpZK6X_iy{w$H&cFAO9r$w}JQf%zU);
z&!={-`5$zzzx-%Z={NrPqcwAj9w>eAye(^fGjDyo{6Vk&gRK)O-hPV9)#!V2c4)#2
z_okAox^kh@*s(9J<=R8e+U6{0Lo;^KrtR_eIk9f?Z2TBG-VY6}eQoX9$<Bq1k5{c-
zo0Av2dGh$qst)d{S6i#0ooh}1jt?Ah-s)xC0Smsr;+*8IF0pe6Xlz%NIj6p#JZ9=u
z+(Fg@F23R%=e?uav8?6EY~nMF<+o$&y}f$;)Z4wA6RMpFp${C1-j$obvM!VP2A|tL
zdtPVNXU+Zvzou?}wJTx8Yb(~K8<#ZJR`L8?>}Koxz~I7MV9UJ#y7n4#o<<JeLA#gm
zciloG{<UlGSbNYpC3FOtdwZV$fj^F$+IahTf7L<f)KDSsHapMt-p-lr+nrOoUR!tj
z+Ml2Y{(&;rQs$DpNplDAk>rhM{?UgVrfb0^)vjghu35MCT4!!!a}`hezIK^E_td)+
z7i!GcFjnrJNwLQ7oa)us+xe||wqv`_ZnKQ`t=amu(UHZvZA|R{vFay|zj|RgHsxOY
zQ{ofRP$Bw#CjL$X{;J`;Vm5P9GB~)fg1e`xKeFvzC8izIsl3e9AKCV<Rd<eCw$UVS
zDBohRVXeZJwq&f4Ta5hgQ@MQG-nHt^m}MKWcMX-BHO?wGRL5<f+4+-IXK`f(Ho;YQ
z#xL85y=$n>Wii8bRG&IS^<$0P2KwAb{hINNjr#(0FNurswXi3wL4M<FI3WKnK3!{^
ze&}Nf;|wvzH$EO**upqh!GEh5i*)6d@EA8S#;uHTHSc2?<0i(qnlYBppZtF<jPWRR
zxQQ`tWsF1RfKla!>Hu$uI+6#-4$F_P^Moz=iz~Bq4+G=f%6NzBGv1;4YK!_qZ86?P
z+Is2#(e^%IZDrY=;C*^e=m8J>Y|B_KQ`K@ewxJ8#xXM-Sa@l462}1*ti~!?mSAjsX
zQCT3hB+7QTD@!NrhTSk(CQBx4irpdKFf*i9Nwf)>Fgr||%#aL|kXbsRvt*XtFc~so
z5_Uo+Bu&pp+WR~AK8c5Hce}f%{8_y7?z{KgbI(2h?z#6#X#d}QP<mO&#Qy%gg0Ygn
zBwzWwGi2oZ$S;!rqdnlX|LbJ*Ti%1eC*wmg-=Dx2{RiaAKL>wAdlpUwJ`8;i{>_j4
zN@ET`k3NHaR@nEKa4zly-{+(Ad*-%wqb-B~qnx{Vr{~xwZN__NmD297eGRsdp1lX0
zpFv)G(K7h6h%3HL@dNhyev0<p==o_pr@fc#ebxVR?>G57b5DMZedBMxiud?y*x&tQ
z_)^lL9@xAzPv+3)I^GeWb2_NY{mwJnz?Y=k{L%}y`S+%Nu#S15e*V3wpPzowHvjED
zZNtxKW3~aax4-i<y^Q_pFXQ@kd}!RicKbWW&2@gssPpr<{u86lFJ{&GM@F4VTz|o+
z^AAzyS?6}rzuWQ!R{8BG7WU^|h#zS`)q#2Zn;-4m{Z=*mMmzQ}7C(#cP?2_bH$mSb
z_U2UVi_#p^ITX5Hu;Sbq)*ycDM^557#S%343CIQ324i&g<|ni0q*x<?y1n0-f2)`6
zzS)H{Fzu+@`@b6ZIQxQ)>#-4x;je&e2K%tYlh|{{@)gvZhkj%2^i$si?SBB;zX`uG
z&1wJEF7Y;qIv?Oe?_|)sQ(b0SvA>1yAm+68WYKyPZK!=Ct{wOg9p0=u^+ug)Ts=me
z8(DQ|%<6;~pA$TP3H`Mib+0~WT(x-qy~cF`buQuaym4ipecHo!&Hn9IzmD@6csB_&
zG0=kb^tZ7tnE7jkc<>usN6oUAp0BPSWq;R?xjJ$EJ3n(8ebU_EJRzT(e2gLc>`Ge3
zN^xEeeeidzj``U)a{uy=E{8Dh>}&7uuA<LP*s#BkSeef0WY3HFT*~i)b~9an)*<F*
z1J}RAhvw!#b{y23e`nPBzj56(>a3&A)3nmN)`LH_1D_O!Z2UCFxi3S1!)0g%?f(!T
zlJ8GI_pfldtp52w%Ib3gbx3A@9oOH%hv@p3KVYA~hW2y#P@jLt)aSp*>Qi;n*^<GZ
zQl<a6JB+^PV$|m7CpY+<?)x1x|FYZslF{Z$R-5O^ONiGK^76boU8XwbzDYK)8vFJn
z<c`h*wWA)5aR%~4GJtoQzdeX&#5?*P3pbbB{c$|cXI`B8&d<<UB04Ws%4OTZe+%?m
zux%%@WbZBXxe0&x8LS^k_SQ2t!STr|`oD<h1GpxT{~=#?Z0bA5pV#lv@1x(7-=p87
zS^a+NA3QCu$1t{I7$@<uR3rU5_UB|P_<78%aXyi0oJF5}9k!3gIf!x6I+Jwk$A9TN
z$Lajf0QTGIeh~NBy7B$=weem03TO2d#Qh|nV_}c}pWh^15%Od%|G%D7{*C99|ITyD
zfAcxzUw=;dKYdR5uRN#x7oJo8kDpWibI&RN_&Mc2Z7R>6qqMDk1Ge_-@aOA@lP7=j
z{oQ|o`5@c+bI-7?kMPWFUupl~ppJ^XOSYf5k9H(OG)JVn_i&%ByOnt6=lJ(^_Gy~&
zdsDDk9|Bk6rOI!&(wPbFv;UgM8^b6U@rK=qH|(Dr1x|CEP|y25`bizGe+3!;C-}X-
z>@j_s@y}mao*(~Y``(xFyAm(LUmByCzlZo3586iJZ!XHy_L1i9zXpH*8OCGg?>6qq
zkNhWGpU2;WW1@49^gb)T>&Fz|{l8gw|E+-+cJ{lD!Epk=hXT7svFTaB4Tu{)gKHT+
zUxQ3fLPpXt=VwtybFZFwav*jl-5{DaaW;%-st1lEs7vD{xBxKPa6he}Z8jgj<=Ceo
z2la@C@1Ts@WYZvVJk>w{r;exb{D}$A4q(Ewh3ntola1#uP)1|<Ch$Cqzvi+05$dML
z@^1m74Ij%lo@#qA27LtH|F%*0x3cP*V*~W{t2};%u9H5B*#GD!6~^5CT2|Y1yqM-S
zo@eO$Wx&6H55<l<MqK}o(f)aU^{=o7-Z9p|liaVfPfl6b7q~x%?btQeDjl#LD%O&!
z^lffCRJ?N}Y=^_J9ga^F(ECTmT7}jwZ{gnT-*-GU$a_{J?^%Vsr&y~V<o*7-h2-XI
zrg1$6{2*&wU;Z9^!Sf7X!hr8(wfCcawk)RYd^)DCgl?o`YLcf8;7G^QRnM^bBvbWI
z(e<=`e9=Uk3veYqWNWTIgC>d(z6t*GSVR@E$e<C6TtPdc>or`{F^E4a1}O$k9)sXK
zBhlylKKnRj^l{?5^dV>UVZ(j)+?v;Czl`4|MjJk6{L0x=^YEXK@7n~)=>OX&qc+*P
zyoYic*B?Iv&$<cEUjQav{VA@0iBC43KSLSeS$+ndj9g$YXst#3C!1N66$?JbxM&_|
zy?83ie$tvff#=jm%V(b+bEXeI$ItJh=ezZRIsTH-$6M&*;2hwbLDrhoi@IH~@w6Tw
zpNCxI0e|6S&Xw<_BVD8;zrnu2r1y8bfP;PQmE9|x#^<j)Uo&Xj@l?Sk{L5#qiPbws
zz5?`}L4ER*C0X?G@zDC$D(El9cUzOM&MwEfTwZSG$Jal3@-t*-{u!>l@AJOCKsxxV
zpFBBEJRvv**xcrqjW)lS)n?k%<{xCW`G-cEpUZ0Vv8m19%W5-jv>D54^OL4F|9w`Q
zpD^0|cvhRQnc6(gYD2z60{@B*BUcChF5$aD%`uO8?CH9n0e-6c8(DSfoQ(IIH#-=e
z#Q<Dkf^`$Ty|Q0t*#xId@TdunnqaR9t}wy63EuvF6Mhq%GQp!JIBJ5uCb+@`>n3>n
z_e}UraLNRan&7Aj_L|@d6Rexy?QfXyo8XiQ9yP&H6YMp?6((3W!Q0Cw{3bYMf=5ko
z)C7A?aD@rhP4M>rX~J)UQzm%S1V>G<*92FXVBG|7{~Hs26Pz-^qb4|Ng1siV!UXFk
zc>8xv_)T!i1dp2Fs0sF(;0hD0o8avw6Mhq%GQp!JIBJ5uCb+@`>n3>ncTD(AaLNRa
zn&7Aj_L|@d6Rexy?cX-xH^C_rJZgfYCfI9&D@?F%g17&*3BL(Wncz_q95umS6I@|}
zbrZb3Xu@xTQzm%S1V>G<*92FXVBG|7|0@%I6Pz-^qb4|Ng1siV!UXFkc>A{m{=fXK
zoBX`q_KmOqJlWgm+}qstdKq(k8~b7m{|NpY!2ekjFr7d7J#1!EIlasG#|HfW0sd<P
z{xiUNco~@L{3+ni88GebUo_x<2l%=H)1IZ<fayCszhuC4X5|9|{wCnZ2K;+~f5L!i
zZ~tcvnD+91-hk;lsb&rMw*W61F#WbV-kagH(RcU!2Lt}+fUS6;ifH~n0G~48UjuyI
zfRXz={+<E<?|{E*z`qE1*ns~xz~cry4H(~<z;V)dgv}Z-ozMGM2K@H{|A7Hd0R9sL
z{+|K=wE@%lJVh6H{wKgk4R{prXASu80KRCz{{!GE1O9QqHw}0QaJK;?c0G>wsW@#v
z0{E^0e-&`jfFA<>D+3+??8IiM7yO9<t~KBY;D7;#0snUf90I&)z;^-Lkp!T&J%Had
z;4Z*FZouyWM$UoPc^B|`Y*teJTYv`*7<(DVf8T&_0zQi*Db;ZU{;C0E&;2;|A$WN`
z;1X<pQXLoI4-L2)@NXONb-*uS6QAl_1^i_LehctFH{dq`7vN<Cs`ENvuK`y8{(A;Y
z=L`SPfN@sf_%T(~KMUArz$JkHM*~J|fBbh0_!YpmTv7idV3z?q0RNZ)9|JsRz()Z8
zsR17X{7#-|s{wxBfO7%=v;pS;UNT@A@V5;ZXAzH|!C@U5*Wco-S&aez7r;Mez~2J=
zj|>?3faCw#fd3LOGi<_t0{n^r|2g2V8Sp0H|HXj+1n@sK;6DcZ4Fmooz<7_8)362@
zzdgd?KLq@i0sjHub_4!>z)=HU28{13;`M(Q@U#K{HsD_e{N&?di?k=Pb;!)RtS2w9
zU0IvHz=o6wNamzf+q}S%)_F+XmQCBhQ`<TuXI0au%GtK2O_sAgZ44!&hqcY~Z04}K
zex9u!R+rARjl=59c{X*#K60MT9+?KV^`rXmd1<gnok6Q2b+DWb9Un%&BQI&g6>R(^
z>T%|zws(%Lo>X_vvAvVp<~cS}tS+IX*s*{fi#Jeb<rRItT-taAzs<--PpQ-8Y~-`*
z`m1cIL>sJN!>6^O3bt}u+d0p6PHWre+1MFv=sZiFQD<IdGiTPQRasJ+eU;69ei-5l
zjN;#uC(^LgVP7g@Gm<u5#1<vzU=iDtO3}cgjTNyei@JA=?OKXg@J--WZM29@Th-lT
zY}r~od5q1e+DH*wR@I$jY*W?n4e2}T99WYo(1wfHLV>z{jI9>v<HuOCP#Y>@^M&db
zN(%Kc)GwTYvQ60QH|=c0J_Qo-5A>X7U5s^UTUHj<R;=uyhH68SHlwgnNt;mEgtUns
zsP4yQ(kT{ZEUd5PNQ08Tnj?)$%QUNsI-A2bm0gTe3>A1^nUJ(?g)K?i7G5~EXd4P!
zl{Mhnkf(Sh)X8nqCMDJZ0yzG+q|&SEW4X!kP!3#$Xh_<!#FCO@QDO^{gRwP9*_5p7
z5`-2VeI$m!Ci-nOj>BvTq%6r@%Q-BmEE?ncxInU&s%sW0Lzl*Y$)Q|g#pQhbhgg8I
zz}007`a?&&>@XWd`$3C+5_?RRG_SI8J#}9tz1gMATBN8pW04+LFwm}z%WPFrld`md
z?^u@EwuEztn-&EL;~k5#XOVU-m(xt+JUAxh)vG(Xl6M-WMG(!)&q<$S(-`2itl~@C
zc4U1nPa0B4YZh|UR32N(8O1cE8$9{=lvGrqPUJ|Jmr!L$R(GvzL>>czbQR3!i_`)C
zuBt1_KK~B04Pe}`kl<}uNLe_27p1bR%DBqLBy~AgO3CV`%I0NlRb?xnSY;_iolx1V
zG65kp+B}i+E{CDDQ<78Q;Pgy^W=sYfmeoBg8<oMpr)Zu;ofXs>k<~$*qLD`r)OjKu
z^C~kEOK5Wvo0e37DG8H}e@{MkN!P;4sw_ooVF@H{MV992*_Nci>OlK86)9yQk)5;P
z<pZ{;D9Z|4QIs`BT2;^{J>KWd(>3XJ^ahobv=LdFlh9<)qNZeN#G=i}Y}_)4hvTv`
zDYGeAfm}?>=w4tY`hd4WU9?G;$Kb}&#VG%@@Mh`9$ET&@t4cD5-BEXPq-~2j55<<%
zR1Vvg$&eZpLEkPj&|PlFDYXuLJ%^1;RCQL;CvzBydJe<)xvpE;v_+q{vSkagcg-@d
z&=|A(bV+aDQFrs9fci{<G>b_sAbFY7ATMj^bWByZHMXRBmozq!OE!5izkDyB?c^_j
zo-~s{)5$yPq{0H2b~b4ta9b{)g$Yx-_}n*0Rd-ahn~>C@0w||GTY%Zu=L)1rMV;5!
zH1BN)=2c^hs&`pq<GC~FZ7IKeP-DCKWFACs=u3x{X84ptE2m^kGcQ{Kxhrz{5Dr`^
z^+wq`0*rOFd^DGh<fhAJq205&<(s)|BU6?HbCOE=8Vn^#8t}arP-gQWmC8^)TZCuG
z10xgAcyK5mrfvuXEL+v3d^Vcnoz7=dHgzqZrEKa%KAW?t!)RnvP_kr;GWZU{HJn#I
zhu@#hBl|`?c_LluP&RCAPg16FsM4~6@j+pip~#9islur1Ab(c@f=w$`oUxT}+VJx+
z<Vkt^vkbJ>>I(|IhB^ful635DPg}G(nax_%DVfb%#;G^-b<p;H+$_CQuWTrCm%6UV
z(7h!^Ua;6_6nV|!+?C}$3zURS<dn?Y*oduU$%diXF?yT6W|LNI8cl}fBev2DO(Far
zza_nTRY^&5SWimw<1J9QX(<^Yzf&@<uss=#M-_cq!E_sq$J1?}NQJDDu}T%PQ$Hfc
z_VF9iX@^oF7taz?q>?=gTd<Ts3-Il>j19{AxGaszX);*TKCS`=qkdT%mRN1TpzRIm
zOqVijkpmPQ%*!Qkjk8M09+W}>vK>Vqu}VYM46=P(Sv>nl>Z{ctja}MuK8vc$R{7yJ
zAE+H_wg;;W?=8b^!e*7glkX}eV4>AMYh@|x5{mb7N@nuev`tyaXGt5$&WvpqByHvD
zi}`FXmvm<~UzyLh&gGLG1CtF$8@|W=tS0pSF{|t)p2J>r>0>x&DXD7`8<wc+Rg1D^
zk=88WH^)Hr3M9p=gbg=>`-|l3hb<77`cdL50uBk}Clwe(Eu}~}35to@lo1tYa2%8J
z%k^1Ff~}d6(x`yzdF3ahL#%_b4i)%T;Dpm&jOh7Z&oH=Nm_4{{HJNjuue{6pm?S0C
z(R~s)4bLt=Asv3G?n)B;(4It8?4+A<y1Ue*B#lVwbh?yi!+5TWaVjh3^3&4EtJ;DE
zea~4WL`U-$39$tNj&%v-8f-%QH>9$(4_Z)USh#sbUXko`q+}3(L}L`vtSZX7!si#U
zdk}LA{Xu+<q8UZq)YzN?8D+^_b-VzZ=oDNH7U*LIQmQ~-gxxIQvdX2KXns#>VWh5;
zvW72HTvXJdLu^?g$GmRS)()|yTy^IVOXaEf3dc=NTR$XC7O2aIr0D`oKbt+IFCCH=
z58YvGO4qh@X-!u*^$gp|cD%796;IjNF6Q3GCgkEt8(V~9vav0t7+=RdZdH>uHkVU8
zZeyD{>a>k*=V0#fkMpyaBnGib>L5Rh83HkU)M2QKg=~G&sxMfjIiZP0`!eY>tc$TO
z9VTT;Qa2?jDZvcG#iT3}ES;J6-%nk{JD1c|n{;&#Y?@Wn1sj`JCIF|W60~RgO2h}P
zDvqj$^{3>oL?1@EI<!ATG4`;!AW86f^ZO4Bo<Ntt6L2Qo;rG^y=jhW@w*8TW@7V#`
zK}nk{V^cZWN*P<ufoUpZTlwm485`5|oib@!)3?i{;X~?b85=&LQ~5D<=<{sx*yX)4
zwsBk={5%_dc}J$3Q@avc&y;9$rEI>0gl+w-3V8D@g#_s#Jj2hFNlsx0CRC}53=|@~
zVHHuBx^08N4rW49!S93dZkGMciicsx&UR>zDa=GLkHyZQEDc%I9WEEU&`gWEZIL!D
z#rp(u-W&R<E}D4{8+l1>N>9d<j}J?^<=UVm1=Pnz;j_!mNuRx>u8>_=w!k=Qpk!H6
zmn_nbq=AN{MO{oUfVe&&-hxwx8?vb5c?j|}{EX_J1xB2WTGd4a9M%~LnTlBi68J(E
z8>vVtPhZHB=JU$U<AD6a(PK?wQQ`jA6n#gLwuEctn)4!d_BrzOF~-E!F;!UY%_FFg
zOAyB;5fduXt^#e922C1D{RClugzeIn3+2fiZM0BE476JyujXn?h4M}=zSLG;%2P)Q
zty_7Hu|jz<U)?FNF6UF&wRfl_rL$>WnbFy-t}N)*IUQ<^!KPQ4h;_TjMiN~VbuLKS
zl7a<D2}VAysEZ1`w>oB(MzZLFEsv^L4#H5wSfquN%fNH=GS90*k9&0}dAd6K{Vx9M
zDcwV#0reSv(nLGfa3hxTbqj@PYb2m51O<|?KfUPFFLkhCaA#Q2R}c#;j&Y4`E9y$V
zG+|Yj^QCR8KBlq39LH)tTg^c%Ar0Bo#e8YRMp=Qiyb{D1gZZ?K8Yxhh5ZM=~+;ixe
zUIagB5s5X!mIcdWEY>jF>V}NWg1RnCtMYzr!<I+Yq=oF+w3(kYHi}oU?wYr-Ijp=W
zI9F$73D{<2DftwhyvypgBt2HQ4)7Vg>mn}!pPbx(!0oWvE?_-&32``&#n)7}n1hwB
zG;UK@RB6G6@L5_=RRqrCx$0`Jw2-T=<Vs7q`y=6cd{u>R_nLGYw#4AKx^0z4DRi4r
z^i`|0ppYqDu<9sYu~uZ*_q45ppM0!NTj86uB`m&VEoo(Qvbtymv0BQ?rmzgh_l7Cz
z6v`EC(h65S4&3+$AA24`fyuIH2p7jKRGyMGswtDz9I>iYZl$)9R;SVCb*vqrK$13Q
z#gcD`>d6{R>bOkHC8UN>zDY)5M^RC{r%=Nmu&*CxY#Jpfy?TOmA+?15i%K=PkV_Qn
z&r2$z`bB9IFn?CS5QyB-!SpaHi?S>~Krxy+!R2JqBqzve1T=&RQIbWDEANg5`R;w;
zdn7GXeEt3cbdtB%W+WBq&pBxX(gwP-@%h#*+K_|I%G$<pOmYgfc5<{S2OG3aLU$+g
zwT0s>nNO3spy`vx*=T__b(~EUP@plZ>+24-s7C=F*5?5pUZ>R*`YElY1^5brM-9qJ
z0pqZuENE<mvOH``(--mEYZ_z`br169iR7wRH}F=Pwt~EXrDQ0Ft?)zwD4nBpjfxZ<
z;=~1H3X~Gc6j(1~60ADX4lCADBuw|Lf?cpdF6rv5RJ>;cC0JiT9@Sl&v?i-NHVKJD
zqAEw5R;BqIbqggqT2hrJZ1C&Sl#QmA&jM)tcwCZxlG0M6uOKO);`if66m_qdjoGx3
zSFmu_#$RFcsyh8L7XFy~sa$op7)x_)=Vi8;uP+u$qXp{B%Lq<OhF?L5q9tEu%SGx^
zF&jTYD0g2{H(q9gC#TTgRIz=-$>xgH(U;kJvA$C*ExoL-zbp-((pFDN3#ZhTQ_|8Y
zeV?``(z!e8suf|VvSvkEkmw#%N)||4;U4#ttLsoftAZ-?){H#9*Q-wDQYvE@IRr(S
z%!QVXqUEktLF#Z1E*#uK5+E0T93w&wC6$XLfQqm5U*+%yhqqM)<-4ka^1)mMD2FH^
zK{D{&ea>5ktx(|t#w_qBSZgXn8ptJku$!Yyz**!ga2Y%K5SYDudN@b|L%5%o83!U!
zEb(EQkY#|8SwU!KMQ#Ojlu575OT`poa2Y^?XkNkWQ!ub4lf}V*@$VUU%j?w<m3fg>
zL2Qp`n{8O@5ojlKFavWrkS3^0{Th}IwlMW|TdKTN9<X+mAZrT6gPW8bFp5(W3KkJg
zNf1QGwuFSC12rs4(qbE?bigDBr^thXo{uaafpYQB-hoxiEo1GBnx@?IQ3k9fI*>ML
zu$CR<v^WhnyxK@ER@2I^3e6{tLuk2Xk=G?>(jpI9hQRJ2r369jU``40s#7_n-*dM5
zDV2?=%9v^$RjGuNLKpl?5)CxI%N1d3FFJ;co50yl$$?QOX?)8FUoBv=0|f2R_(m+s
zjKwxe<D2GS@)_g11iTK8d&(;Pg!PWL?15Nna~`bfOV%6V4(xkwwkF$G-13^D&2-4y
zO4nS6ylh2&1aX5t=axrp>a1H{Qnlq)c~4d6eezJQ7debvZLL+F$kW$b<*|Hi{iZys
z>1#LTRn5NGA}<%}+c)Lpq2k>Zc}&+fZpv$imDvt?{qPtN?;KGUJLKIX53#;Gs;=IY
zr|jyGS5DfSAf0v<-@rR~>=GR8F@5r;JaJr4waA;t^<;}Y>d+=z<dnlc(jxCU^qE$9
z=7hS`DzBf=X5N*TU$QUVmd8)p7jMhUC$-(%^5#ix;az#5SX;g=FTAV(UVB+xzb&sh
z30^NzQ?2rBsj|}|&y^xHVSAs~Co$Gn)!kO>>Z|%ln{}jIO?B9|&Z~PZ)~(mIVesRU
zw$v=oT+*kT<%LV?c9Xn*S)FT=hu_j?n`{$r=`&5X(QDd9qrCo(w%aIgy|V*(Td%Gk
zdRI=?6wkjaFV;Z5S8LRr4tcz`eyKy=s8vwBRjZENmUnB_;oI_%O94FW!t74E)GeQ!
zbSWrKQNf~1UG>Q;E_KN#kJhP!n1woZ&L^kpsN!rLq-CwnzT=fgZZxfW<+U3Ms%+h$
zMmsl3k#efHC%y7gef_9c9%}$8Qw{30M_zAe8uZAiFDgJa`$cuvBQJbW-S)`KUsSd{
z^2!%0VW=AGSDWRvMx;F1di&*Z(0>aE=Wms7-;%d(!TwEmD5-8+vSS-&Wx`)F(aq-l
zXgJtypXz2~-O6M)o9?D62Nf~VYGc#*d>T4X0lapOyIHzgiO5v;s#6vjCJiaS38{+$
zBm##lkiKOL?F6k^97rJVkZz60%D8OhsYH{)F8DqjT8DtQmvCp>;Otz(Q_rzKcUeuy
z^-5H3!Z@(fgwdLk9P<*46vnY4DeIDT72yE>WmZmmEi?|^HjK8ta#Jl9nh4V+m<h)$
zPDE4NB}rM8tgt`_+RpQ~u>UN|knKbs`C%`_f()~S{RP~QTAb*M8qvR}<8*BG{JOl0
zt;m}&(f0A{@|Hy#xh{_>C8@Vyj_gD4$ct9{$~Ad5M_q8qi#f`&OWw1Uti2=es08m~
zB?V8Kr_WrIxAN4~HL^r|mGVNqI#?+$<-<%(Xxea<ysqgZRq{}QHdiIjW4+U2+dWh~
zdtDwmtgXKT>!VLq$-8zfRVPm$)7M?{NRfTlC8v%rNn3UD*hzJ<Ql5E58>y7%U!l-%
z`jkF;P2N3)uO_h$eO4c<wT^#QU8}M#eoh;?CQp>;t5@aa5`E^XJbK2y^Oihy2HQ()
zwM^Z*Y1?~MU4KhnIj_!OjOQthxAc1b^bL9J64Yn;Qqx?WJn;s=)i>&wD&?s+)%ELg
z@=eUb!kg;ib$Rnmb>X_a$KjzbK>3niu+O|BuYI9u_#HWUS;529Wi;QqT)B2tPQC>v
z#ipv&-5NPrU5R22?o^k<uGEw-*T_pXs61S&jNY`3)Q;lV!-TtJ{3e@sqw=7~K5>(c
zc^*Oyyd`5d*|JwjVy<o~(>HBXH<Ns7rH^E>4o}gc5Byul^~uM`fc?lcHtvpMsi99C
zML4Jp9mVE>K6n(H2indNdDmL9a#&8~*k_N(*e9JlBCqFY!$;(lS~3S%wGSP^G^>M0
z<k4Jh@36dxY^TFIo3G9vk(V`f^)OrwqA505RI*vbl11uz5!)(K#vIn|qBLokEB>#T
z(?tIDQq&rTfgF|8Nei^Z0WnRHe_fF@IPP`Hfe2}rgnrb5?PA*)*?=Smk(eS}2jYhn
zkB!aZ^W<YJNPm{{JL|`JC~{cFhImRR>E1akk05!j%Nw$N2?Iv@^@zNxXnRNH4Mkf#
zDyOX4!V!5hM_)N44<qJ1Bu}au>Lk?w$iS#|c`3JY`;a`8Up%AB+xaEKhvYF@$*{pf
zHFZRuEo=hch7KWgVv9v3SV!y>DXHUZ>bR0TZk;~fVbIN4!74eu>lW$XSY{<{ss@AB
zm)?+(E1iEsUdHZ6g*>TfJFkN}`^IbXhSk1wQ699ZgRjXGHf{2nJZ-ZluOWe>ZCsTX
zZId8lQ?<{$1|rqHi}Gf!w(>SoI@<c%@?f4e^0qveuTH-vCpG)<Yx2AXW05MTpRJI`
z3$=wS@=~FF?=5+|P}_J5;evhWO?my0zV(JYakyj%)erLomtEU^U0$`TlQq`0B6Xxf
z-YwGRF3Us5?TeS?aU>!y%TvdRkOhZ*>Y_Y-LLIJ<7fxuqZ_3Ljw4pD^YbUhSn{x7H
z6?nE^QAdH{6)bVs+-YqL13j%y)L6$#Rlo~S(hKrZ83KAXb)j~rLf*Wv4j;K#S+Y{i
zwkikF%T`s%ay6T%Ru-$-YPB*Bs;ciC;PF~B$prRaDrvb>zl=uX77dXs(jJ(lL3syy
zk3#y#?e7n8wxW{y$o2zI-+zK!fx7Y%)&ctbOE?u!ym}J5h}zssw0AuH60Nw#@Kn(T
z0V`VaC5B|#-U-SmBu`*tN*h1H#&gu!mk^8VV<)g;vF|z9Xr8ill8xojs%9!***?jp
z^I;|?HFf4CwuZka*@o6cQ>{*%WU~c`=C%s-6p$3^n+`U4NKZL%Mo3?Fu+$NK$-!2S
zsEZD^cf>ve<VTC4bVt?kVzza(eh2OCYO<Iu*wyJ`wrp1buh^lNTXuErB-^pW#O>J?
zJexX31<7O3=jCJe9sF`lQT^IWY^g}0LF44nNw!`@1Z@^!N_UIYNpyd_e(yNjJ&t4y
z=HiKT>MCVYnv`)X^U^vE8RJ1Ko3JRG3cM68dPKd?@V!-ST|yci+YVR|V7MzBTtohe
z=9QmANZBOsM%Fo_vU>Xt?d#fSZ8$}tVF@uQtCK2nLUf{HKBs=f#)fUn!g~Fn^5JYG
z89XPQX4nr&AkEAk!(CvHWYj{(UPkacf0TSiVu)gWA&ewX6<FBTDi2vbyeIC91Ii8^
z)u5&0jHJLwZqh~>(t$vW=aDWgc^J?2>BF#m#gm6&F7=Valth?6%$8++@h~>|?Q4gT
zBO8-aN3fn%*L19Bd4^7_Ups;f<YlOCLH!WGLQKp=p}M5AmBRXIolP8qe_B0M4;`G;
zk&ht0HcM|;V&4vN+z$4V)l~@#&3Xz`2wb6gK#C3AOIjQl-vXKNHO!yIiX;ckUMBou
zdktKN4kJZ_EDMq!SjNLuQ6(DNVeCdghH3X3$yner%8PM_`Ur9qB<h#IJ7g>Xk16Qt
z={P5AU*d`Mg$+bhIS?&vF^4uhwsNp9tL^1L7$%XS#Q_Uir(+qsnFDE{stY*~F~a?W
z#cFmj&g@*!!F%L$-fmLh76Vv&O5t)IMPhx87;xAE?qX)vxR>0N9H=#Dft1f!aL!4Z
zCB6y?A{uG$VF?UcvZy#`1Cuu_OW2a%uYx+)q}QM=-0yCX-$idDmf|f77PA$YaEppk
z%0}S~kgVb)&|+45?8lTUSJPQ|;`xF5r|saWR_p@NmKXXMAsJbf^fe1|1@)NA8B4F2
zTjW&^<9HD~gGHT?Dff<p1Y%@jT!VN9y%AeC*h-qQK=RT<$GE6HO%;>`yTN0~t)(;J
zG<OvuRwnLAPRQA$R7oMT29-q80=ym~rp{Uvw4F0CRkY=Lj8;REbDGi~Xp7W5G6dU_
z0~m&>?VJVY>!kSuZD~GeOAbZ`S^FhfU6ZAi?~kAGWiO9WTAxhZ0!=;*4B6-;q9{7|
zlIBsH)D*ph9o`M(B(SEFY3Da3hoRI8Z3s_c*Bq9YCwr!I)ODLQlcOQ2w3mZ}Rj_#~
zEaI3=UqMaV7-|Z%249VN0q-#{;Jwjj_FRi|TG%PRJPMm`U@-L3eBO{`rb+3|$Pk?y
z0vqx1!VIs|au7BEc1H#4)Z!JSdsK)i$~3S7b2uTTfSv9c^xl*^I@P7FT3DD)Ixgbu
zg$3E04xXj~nB=*8NE^2kB`{0-<2Z~tL^KZ3!wF9ddZ2&Y4pBghLs2-wG$(=OMtK3N
zrSm<=Y_<l{WyQu;n`0FR50!OrAepDH<gvLt=oN5XLhQ@qUmP}=MEs}Fw#=jgDRd_3
zL?xXo-LO=^nqgN0CChS@w<|K#f=<V+TI|SBZ;|L5&oEN9h$-g>aFFL7l+({({n6iq
zR01`dmuOB!n^Jg8j1_yc_#Gw5IfyMpO9e6|!?K1HdkS%=j5wu|<Im==I1i))qn8XN
zuaj0g9UES|(he2|qWp);g?{{H=^o#3plz37i@rf8G}J8xgQb1dE!ZhA4SJ>U)1OF#
z$~caQv(%N48AU;(X+=Tx6hF{0OJ^0ag-d%yI2^WRl~!p>a>J?s<O3m^VLu&%T#XTR
zz!1R3LZzYDfQ?F+$KwH7uuMogEYbqchAv5zZ>2fD@X)acf}p81qqPWS)-5`YQ4GuK
zDm<C&m{BPDOVJ^`1)~j8>X4NUtF{FV<T{DW`zD?1@*4cz#`0p@rp_ZJZCewBpf4Sp
zkMI;qF<3C8VAv=th8?5GsdyEMVhc#Yu@5J7de{ar6)_1Esay}^P!|@8^$7O@NRUfW
zIz90a92t@nK$$+yqJRp?AC5_cZ_TPBsM@kR;Wl#UjN?R37mb~Cy12Y4!>6b2uSsuk
zrBN0o=5=83VSPpdYT9ZXk$^5KDF6{mY|@b+(6UY^oA+s{G|n<BbA`|iSll7y(n29r
z%|2O(Ej9aSA$HRcN3eywlBq(ro97t853uFydj$xTS7C+0pGqU%Q05D<e|H%PQMm%I
z-^?m@v;d|t!bH;n9Mc>JumZ<mA#kjvaV!H^#%a|;=m`klkuRa{ykeg~fnrCmo60<J
zOy`yC6tL|)$94f5$=BBl*hKzf8V3Q3vVsnm2*;Lu39V=NC>9kv`di~TCh|%)3)n`U
zW1|4O#`;PD8_lQqjgN%}yKGg~(5)3Sxoy3)fwAP+F}S51dkSO8AraZdo^v5~yBx_v
zoDtR0&+0yoRp3~)5>MBxu%$az;^|xt@pL(dc)F1TJHggDPsj3!rzy_U`TV&w9WY$*
zGRjOLG!JylDVKn5$VwE9TM1Lriv3l#m{&4f$oBFaLnzPJ!JFxPIzh$9G6@`$3eC$D
z;h0x0VP1x<c3{FuJy4#qP65YCUI|z>obLc-Q+!@#(l}1AE{5Ysuw+r#Cs+j?hHO@b
z65$`6|9X`@WbC068iZJU&>|(JQVN3<fJmO<AlfEL-3|rZX)#7SI%7NuC4k9Btcs8n
zrgqg*jvo&jlF>dXD*zW|`?ic7IJDoC6@Ws6sNateu7?@kBbY5f+QYt3AZ_71Z~@d)
z#S0=h-8Wi*!-=#n0Y^OpSyd>twuZ$&=32$s064!&z`MEHJZk1`Vr*NQ0z5ld?LjIE
z2*a#yU)QB2I-jwsD*z1wz+0>i&;(`^7I681Z<|N?yafl@@igu8KF0R@hj)}Y6&|7%
zR%iojB^8GtRIH(g<&t&m3CY?r;s#lRSxPGUl8r4Pp_H~=3px5CS|M+U4J(_DgIq})
zVVkijz%z%Vx7b_4UZg6GsKxjRxTLB8PN}u~0Rw2x_B$GbzF*S3tg?j5i^jnEQmvL<
z68AcPu0Lk2`a>2d=XHKK{{y}y>^pQw{^~YuY)uJ<g0@2LmXOqCUBaoN498?(qo-{Z
zLn>RfRr3C6B?hsPD|T(L7ITnqlEWv`=ep=H2K>hk_aBJq5D+86LSzTI6^lZuR|+wu
zWg}i{fS;bn3T(&bz-i?X%1&*Ac>r@^N2zWhd(7BleM3To4PoPDCs`$fnTO@ZA>VB*
zag>T(tZEd5Li~9)kAGNx9TGI`VJ#_PLCO2L1$82oLMjcbZrB&Z<wFSUZ~*KO!VYcW
z5MpjEc?ka8J_gvPjpCf7X5WQ5(wuvRY`Z`mImC7gpt;+H3b5=Hl6ugX57JNmrbK<1
zk^AiXC(;S7{<H`mq(v*@!x4%PTY-(^JI7F3uTA6IEFoNvX`6G1@(Hsz!A%hqR15j|
zacaX^Of=|R4slZ8DqL#QWrHq~P1VaP(3sbOJeF%=c2(<T^`cIZklzt}(-8!?gAPU0
z%RRjQNg>N~wEu~*cA(#Yf-tnVS3IXRKV%L2475TdSd@!1$a)96D&kG#ZSV|7vS0?6
zC7{EWiVhz(Ap;TU`W!>O3d$&4hK)o#xFsP%1qfpZa8m+hg3nIIoN5y*6|}!3<O*`j
z&xB)H0z%fLK~4yt7t&Q67`U1qKZXgJ(3T_^z<Q1oxeDk;Qg$p;v`gky^z}w9ZFdhM
zpMZm`mSR|#G0==PiR^&oSywKhe8Z~4{_I#CusI_+gCxxyXH#bRh{LWHZJcs`_94`f
z%ZItuf+k>p983No<P2b)6pCbKtO^cf%<^s5`5e5y1-A$N!Z^-CV)+&oqGH5=LkKbP
zwt-ABI^<X`9z<|StfabyVm$!vwoYJRybPx%K-;2)&I%#6p0vUlmBJ6M%P<{AowE$P
z)%X<SyucI|c8CM>9HTfdkk<tt0B=hN1;9q?!@=Ll!fQ~7oFJddCe9{EILScI-iGyH
z_~=O7j9L(I!uG0TP&6Cap!qx;Ek?4ZcMD2a7}z|-rVi2Z<J2LV8Tcr8z`sTeh}Y$&
zaGtmbEb~ql5wq~x-6T@d$8eZp#xj9}jkXfJeTQFF#cO&?s)`b9Oyltgj&$MOJRE06
zgIr}1@7m?+fY)+6@cth9$2)l2d8Md7fgS5(2q9Vl4{KTqtu!j1*R<p@wxnr*k;X*Z
zv4RS`*N2qU8s70MR2Po11r9G4Dl^B}dZ7d5dxb>9@F8s)^$$_ojYA!HGjR5>Hg$|G
z9-;UBhL5Uvop9=?I(l3}$`Wr3&LWk4T$(Rx{VqNS_QP7TANce5)~@f{mnV{4q!eH#
zV58w9W{kYt=OMluc&Q1#o=z+w69e_56v(Dz-$HH$uT#PNTVSh=d8Km!SR7!th8Ba=
zb`uVl&+GI0I6NZRCvi?u!f8F2CK!K#tB{ecQJ3(Gp*S}r%HBw{rt)cRJCzUr???hh
z78)-KSyj9qGpnkz`D_iReDc{su7=kjmUE}kxoG<_7P$B}KzcJMszNSdC3ZA~Lh1(2
zIpL)?yb^>X)EdYxo`nQk6a+R#9!Z}@fn1CiUvV&L3^6Q)+lUeotgI@I6v7&tGEsn&
zw6F-nsxpN`R7g6J)GH|*uF5A=TlrK4M`h4{P@|^98n3Bsp(f=12pfa`jH&AqBFmjz
ztg8gw2Ytg6DIZIiB)(opsua(E6w`%4&RFbg^!kvFue8UeGY<BS%KBIyOp-p5hnU;}
z*NbzW!+G@P)pjn<?yGRXIIl6ChoHF<tx`D-=;0DpLeNHpJGoF1$0VNGR6O0Vsatf8
zNS(?<-n9u1B$vRI+_VqNA4Cd(oHiMMj7RNKAG2QE5Zt76F|V+>X1I`bz-3S(FiHj<
zbxBr>>D*n$uIR=(kP>ZU7P4nl$DwCV+XDYf{Oq4HCbK&@MFS_Ttx^yo915NvVqJ)*
zE8smwC4?%RCf%^HU5K(L<ODC9z<Q1`Z^bsg16MfKVQB|1<XUjX5gc$}k8sb1N;voF
z+$zEgUMV2k%y+Jk0f=IGqB%E;*myxL=Dxs*y~OdtVF?vy4n0QsEY9zvZ2mA@Bota-
zE5eS&9ZcO(eHCx_9wo%<c73^sZQDyA3di&%>`5Mb4D8cI7=WPrB;+4rW~qRL&00Y2
zuw03y$D&*;p1+CNhkHQk94=uMSp{+x+8W#gcM?kq-tNUa6%M$E87rOOo3|Rg2cJq+
z=yJGYlU~TJ6!;F~a39tdmL*y<Pb!!IQGVR3A%K8^Kol}3UBVo03&+XNJ_jzX(oywg
z3<>}FKg>gcu=|KL!(b8qq3oc1e~fo*OOX(i?r6v#_d2n|kd*8Iu@yQ@iyQR6U{RKl
z6r=RyibYw+*=tj#lH)uKEhgtrdD<<B_$vB(iNVSB>Yx}gE7-We_iopuF8-WyeombI
zlCJ7&X#u2mSZ|$!4Wv{yPA0>Z(lPuYixUwoQ6f=p-^gEsG=N5be7yw<D8sW&Sslvx
z%+i5bX`ashZYT=C9Yr0rN_z@MGi+4=iq_OGt=ABn;DhtR2z`<4LExZ{<=~a=$7pX=
z0K)c-=16;#0~*dz0A|{g+|zg+@Z*D^lEy-3fT5-M*k@_;Ah3XJh<s@=2LgmC8Bz3^
z9Hg7-5u<O@o{ea82}T|k&k{w{JtB{y7}gK)Br+_BeXJT{a?1M99z)3v-YCr}=Y3%V
z2JKcX4hZO$Md;XB_z{@ACDJcAkU1H_b1^h?(b9!b5M!jo9khbmjY`C$-b(_mr8QAg
z7EC#1*gFK~7G+eyTMh_rq(PZ9498hf0zlxZ>r!Z$VNvih^@dFEN^Z*YXgHmtB=fLO
z0-1;P)nF!fa`kz7lalIVj}rCA^K{gi&I2X9|AR71GK?pe^Z=_RTC@Ev#Z*@r;%dlU
z(<&zj^H9iru0BnBe_R>3E|~G~wHQ%I8wgmgW6GaV$IkP{Y8P|DzIMRQ-f{4H*mpu#
zDdc<c){!*LT`0BxVb?}_W$7R+v2+RUdXe@(fD>^%r?UiUg(b^ihUW%fdReWo{doIF
z2A8oVgOjcD9NHjXvzUt%!4kDsm8D#k<mYh&pG%D~IF@jZU77*jJ#5F}JLBbtB&*sw
zj-e}SDBkBwrmxpAYQ&3(zaiTajPtC;0RdgMkW?=y6j&@#su6qCkp4027K#baeS{*k
zQqsn3un$nvO>BK5khkcg*l4wMVfBU=pLqrWd4Z&i0#JfP!MK7+UQsl}>Fe}<FH*GF
zjhnUVP>6Nw<w?}Y0lK*y(w4;>_;B8zoy!h<<yAXekNS{x2woX^fi8Bb(ik7+HM2h;
zWDK^Cu<++bJ{xN8&FC%drqc3IpT$~U0v$%(A65o(n@XYh35*y2`23UhY)U$;-L5p8
zq3InqgZZA3RfHXQ#{lq%O+`pCW`it`st%kLn#TKVFd?}rqLi6ji2r7;I+Vw@Da7Eo
zk&i$H><z<S&(d=B8Tys2k0+t$=!-UZU}Jz3DWh$yb}f|xXHi&#znYR1tcH=F1-veG
z;Sr6cs<n2jfHK=_NOD3<kgm#6_K@Dn*#u4;8Ar-5nXe#7OXU-zrwVi=5@+#?CrC*a
zm}TEQUx<N9u&%z;!TT`7ZzEZZa5g1zWb##nu&Epsp)F2pBeWgLB{iPOQ}I(^yLtM2
zKILB#1W)7>gSgxu?8nY38LPCz);z>}fiNypXdfF02jiU|24nG1q+i^zo`HBG($~o!
zvHpnjLw`6FaPnK{-N-<Hz-SflC;SE&0fty85M;rJJ>dbu6=(i%IMU-!L}FK4-??(d
zxC@rXLthDYCY=3c&a?ezov0rS2I9^>|HDw<K%X-{5RFD+iD1A<^;oE1be?z=4LZ-V
zv*<tOydQi-a5)-BgFRFicdXAJ%~Yovk$xbJI)nX**dykT#r%(0C=u*)hWefS&e<PH
zIQ`CeA{OeuSMKcb_n%GRZ#>~lM2u2rJeXjj0*i<4^#=prKZ*}QVI=l_x9j{c6nx+`
z8atirobz-%k0oLQL3Y<4jt6<c73b-2IFLth`WokD14fy+QW+W(iYs|+p#Oe<<Uv2{
z_6PWI53;e`8R<^=Ll`QU+UF00-+h21-5+2a<-lRg2)oc0htOPz4fOX1V;3GoV)rkE
zL*0SE1OMH9ARg<v5b93^V|V>M!Sg-QXu5Yk@6iOw9B<MY>JKH@>9}z>5QS_7jhmhb
zFg#3%Dh=Uq@SZ>Hyj4{P>cinHPUEo?f<Xf5eBh5e`v<~dqcsR*7tdd;IA6hh!Ttc|
z+8K`AbM^(}asRzwoF=<F#LLT_eUOcC@WWsjoHCk20y<H@v!|P-mE?s-4pyA+#hB~-
zp)h!eo}&I(JcwE4+U6_`1n>F>!U>`Y4__;zd17b<Iqr${Mg56TcQ_~%FPO+QJ3Vmz
zAtV7DWr1M#z&!@lgM>Zs$NJImZiGed-hJ`uG1$i^=V|7GV1Hi_6G$2{(32R51=A96
z3aa1FTKxUa$Uwpwx$8`X`hv~}y%?)A2(29e`4||P4d>lZ7&zigTn)?eJ)4I5qrjZi
zmKVmEYrls92%<9@3q@j~#3P6UB&3HV%X#|z=i`v!L{G1|`g3b$qs+!+dfx5FG-f{!
z1z10r#UlNkqEj+jjKKs3??qsP68?K}ZZ7#BQ6~s983@E6j0`rb6I0&HXk<aw8@ksU
z#wWod(O`_sXa?vMH8OJ(XIEQ-0Y6#7cV2wrg-Y{zhY1w&*%J$b+Kg3n-i<~2oS0$K
zr)UCPj&N-@bVFe1Gz?_xe+49Ir9FT-+}Yp5$iUH`0oGu+1k(O;XQDS0cUE~DU<@FL
z{ozN>Zp;iGVL%T;iC&^!n0uIoyP+7&dxmcZhrw%gVm4T2B)FmWX(z;832AB?C)5p7
z0pCdeCLHX)m*|BGe`VkxVt64!+u0ioV<uUZaEm0McVQSvqaO4I`<-x8h9Lm;<T!&E
zT#)-PpwDzAxc&Uz#Pb*Lj0|rGgZK(fJ2_0)(aiXSZ8l~j)DJ~Vya4@z6ByFd2*2OS
z;}m_bnM*U6&&3PO9wB{kJ=s@tt}AsE0KvdP7%0Tx<_%W+*~W~#W5x)g7PkxB{4o~=
zO57c_kcA`^MrE3Ha&O-gdo&j5f#skM(ENqn5-ffIa~|pE<EcsCIRlYkoMNC}|A!<C
zLb8oMV0~Ksv3u}Brzuv0Nrir86p88%@G%(DN5RXLEAfGD+_QmLxHi}m2?X2vL##K^
z7k2e0V5vnJ`yg%rJ@E|G7idBRf(RuZeDjj=*nH!9nApe4V!=LypKh3_IHJ`Uf))s~
zmn`XlyIY}tMqZVS?X6yfg1#uZ&~W5IFov)X5LaNMR~I}m!r9LFmt&pOHMi{i4*tk=
z_vL|L?2#C?K}b!cuMffjS_b-pF$!X#zVS}7O~SMr@IZfvy6DUh`QkGe>ApJ<=b<&9
z!n76IFXjd*7Q7dHNFjyuoD(5Aq{N6f*nY)~Suq|V&`YB><H%GqJr;AG>4cR=Oa1Y9
z+4TpdkyzRFz~d<HN;|Jddt+c<+4aZqAiPWBaj8EV>b(9KUid?pID!Vc!=awe>t$e5
z+2cgyez5;BL^Mv^>%3kX3OvRGqjlM13d2i-fyaIdMamv`2mP^N?6H3!(F^zg6@(m!
zC|_6;GK-Z9hKUog24`w3ITrl)I}u`$p9va4uoFQd-Nh6Bp8HfotRpCnqPUrd`taAm
zPJuJSx^&b>5w$;Iin{y!A4Fp35qm<(2Jj~kj0FP-529E!C9d#kpf1G9t1l!J9y~#S
z&dt#Gq59BR*zgPD()r;<K2m<inj-!HbQ<1^+q8H(s-pt`hj3JWibajF^R*z>MuCAS
z=8jxd+75DLWYMyoQNY?C=c@_CfoX{~6+$-+vjj6~9wbFkXR+ux7(?^^&Yq5+<uS7e
zk!bFPxETSM`NkOz!T0kOpn2h!Hp!$bP+<BS;p>t(0=Iau6Ph1~vHUOyqWU`x6R{5p
z3F*g@gz6wp>gy&6h<83jM2AcK%i&OF&6BaESDfGgV%s<i_C*o1rbECN7Tm0Pd~JUo
zjoA8G?BbjXMLQ`h>crAH1Sut!p-9B5w0wH%Y49NeOQV8mAtPLmnD!7~cOeYId@xQL
zr=pXJnOD?AR6*f*#>p7#d}rVhENiGoAmR;7o$%F?3Avc;Qey>M#?n~_5$PdQk>EZm
zO+@-J)*a7~p3d}R&X;{j7B+wvim_xCAX!L6ISpFSmEDO6(KF=Tx$hPb`ek&(8Sjk@
zgaZ`Cl93S+YotG;c_hW<PDF_2MsY9zC1~T1LLo&gPhJO+T!7mrZmiRMA>Co{VNmFR
zA%O?P5iP|^ggRqXJKiZc%WpD_OS79#p6DyH#(|SFQbK%kXo(m{e&}5A?p>_T#5$-G
zD<+`;2l^028QW|u09ln-Cy_rR1;(lmT!QZOKSDAAgr?&xLjw7TI>j6?W2*K|4CIhP
zoop%O0%%qZL;=wMc!HumEY7fqMN|u(3PXS~Q(j4=s`jTJfpWr+7>DelzX$PDe;`a&
z!B{N7$_#}4G0I+1ECLmTJ$QEOm_HDDh?x!sU(Bg>4}`*j3s@7y0+_*A;?V`zoDVu<
z!Pm~Aue+g#7bqi>F1vv83*Dgvs7)X{)5C7WA`g7z)=JCx+9VhNW&IySx;vfMoQ$sL
zDJzGkxNYmtq~9V@ieymtg$&paKqSR&u>VA(p&$KleKD{$8V&X{gk1DEcI8S<B#IOO
zU;dq9?uZkLMM)mGt)5=6yeEvHgf$!Pg$z7B$~1Q}tkJ@eawpPRSZ+RMr{kvstelme
zj+Qa!-LU`OwbP$__^FLDaMw>GtPT1Dm<0$AXv3m_!=C=?N63h|+nSmv@_6P$(~QKC
z7{#jYxm7t%9|HZDG10WFg)}0~z#|*T136^MyK$4vRgMY};y9_)l+^O~`@@g0d<0oB
zs1z3_TFmf11l?`@Skc~x!Wv@kze_2lmLRfgHGZrmUcCCJ#{7Q4{DFR<t^p?__QUA3
zMp}E3772VA5`W+stU{EPUN6611_4O~GFQN5tQy%>I3uK95y^IQ|9b6dm7y*m&|q6n
zDAqF&Lb%7fh10xu<w~8uA9k~}>{A;v{0c?sBy=_Ye#5FdeTb=hdOiJEL&cFZf#)9R
z_xJaJOiZ9y`^C>As7W*9Q`dg(hKb0QU^IxOBP`}EfA~J>yN{UH9zuv_XgzE}KLS$9
zM`q%#7%kbs*%sGpS1=Zn*&=rHsUnj>D&VD%gA4AJD;)L)W8pd|ew_SIT_lVc8B6_p
z2zY}%1E@<0<cPCxpr`jdtLlHmk@W^2Is>75poujNuqGUuOt7XtMA*z7X3hPqxrey}
z%-h561lXNgb|=p6_}HBX?9MIrCG3+Rh`jP1p!fGde>mFfPZy>^f4nCYG72+bci7*5
zUli_xJ=g;Yi^6@7Qz#1e!Fw@(v{w}FgM5iB3im-Q;QAAya372g^!KC-Ghm$7*`nq?
zh;1IsA0OsE2(udyWf|z<K5g%3V1GE_Jok?Cbinx-f3VS%;9_Ym>xQ*Nr0}KF6|X%!
zM}OX<>bw!V5JGGp<+<!k84o%hgaXJI!o(XDIo4CuMSmn}l#vBvX0#k<9y=X4kI;m!
zuk!1s<qF}mNfp|}E)KT0;Cd<aVJ_MQpqva}>SIR?!Y#^#_oPZ^5gdsihNKoj2n6{Y
z64~5+8pfI3d00`A$+B{t5t@^ZU$~u*M&ek)_6Kl9pP|@!=a*Re0Xi;sBEY1FfVmT)
zxB>8cW*Zm_b_%;9@<(`FTUV7{clIHx6MKZRG{qw1!aZywHYIq_<z#$S*8>HIveBGl
z*({vClL<RUC}}&z2;+Jl8RcpF_N-^sp#--9&ur*^3Smp|0k$6C0O85{{7$|dbH#b~
z&ROm?VOfx3f;UJIzs|#mJ+F2j_FXB6zl$vl-h{$i!;)ZXf$*u;u^<vq@kE@2+c3@L
zNLXMG6N?AFoJB&Hvf{l+qM{DO1EFkhkfsA$tOMQqK`3l`W`-$o7fK9}rFGsx<U`v4
z%y|!nG`hcdj~N3oCJ0k?h2c*gJAeMXA$c*1()d;hNtlqpPfszhc#jG<K@ewt0L+O+
z9tFX7^2msRkzDETq0JjEGNzCT8cy*Rr2vq5aeaBfkIh9WzL-xq6O?1=0=9|$wluSX
z$i!iDI!-eI%o!$9z)5>D>8LYZKdW3wYbNFKUIr>NcUeaH6T!hdL=!X@`7sDRx#w8M
zEjlxMMd{v5&-jKq?fRO^o~jS49DW*0TWj69%bAf;E|m6;g$d<S!Q2CVHKHK?eBb<O
zP5lEN4V(-0htKyiXfE<{6wGj&exA9B-0w}CQG;rKmm$#LoD_wBYC%~%)Q2_v-A5uS
zgYwW&(y<mKlvXPP$X-)5GO0BYKNjdc!RNERHj=KBS=GfZo_i+}#X=7GOZKeiubH0n
zu0YZAdq~%SP#h!}^fhM=5s=)$3Nq)Hu$N3xS}^b)0_ZDvPvp~*j6_7_=82j2g>D=3
zO!7+$*=x=UcHMiGy~DorK6$=#cOHKAV#Qtj`-l@)#zZiGH-u#lUqxa}pJ&(EtL&?%
z1LYslU;d|@uIJgE8umUb!LZKtU3niX1G<)!u{&R3ce>e~YW5`*)nnn+Oq(cIPGhN1
zTK3hCzVzPbU%meL{QD($*g5v4_ufBu2QOgViLpBgcBh}+xeKREK@2WmJ^k<_#G+w;
zAFJw(;7>pHhQlF$e`kFt2-g^X6zxT@8uNFDdT@b}z%y3$Aq*j|)z}>A$Fd6mPTSxw
zPC<0G`+ET;{P$Tkwm?vWRrmTs_u~Wi0Y##bz6cH#RLA_ieYhtxg!EDMz&!)eKrhlb
zHMD?0vI1mObt4mxhyF0iV$^w!e*kj9pM|^qoSqu2IPS8VUjO|*KVACp2h`sW1_4B{
zW6;MNMj+jNeaKN_U7x^sYT~R0hB!odWLEQtw(=AF8tH6C{+#-H6a#&zT8mL)zX8_|
zLD@Y}!fKJCjdxbvABYV=<`G1&TI8=IkI>9@?-4r4VxkMw#_3`BQJ)_uT}Z4%q5y6L
zBe8o#;0>${z<eU@Mg&hOg@VjauOHW7@IJdS@By4aA_SoS1Ao}xd4rPNxQq1--0uys
zdf>nZ`5?N4?uI&BBE4{vkNk9x&4385lpSRC!EX3lR*$6ZJ&cDn^ubbNh2M#p=EODh
zgMo-b0tnsWJ+Tl^V&l2j-y8OS7<#HS26BP-i^%PBfoSw2EgWKvSO@w8eq13B)KR1V
zk-xXI2~Xh9BJo~c3EOAjl@D8O;Z7g#43Dv2gTIjvAT^D>0|Ea7$OCI)P5uZzNYAmR
zU=+@eHHG@Ru`Gi4_+y<_X`mWF9L0~2w?NfLBulIr)}z<|0aydzJ|-hZ<^&Xx_%|c3
zM$>|82zY~3pH{9&2sKkxf1knb<{)bh(gs&3fJF;n9B2u3Hv1o8hMEzR1v?u<_x<+=
z&<SLaX0x*fYdcE%X9~>9)f~c*nh|#6Pe08+^&CSH&hl_lAyIuG)y>@gZt#&PbAwpu
z1eZg1@Ihy*Kh)WTV;+G0%zYnAL;N3z_YN@kqmUnaVD~z`1OA@gfnaAn6yP57+#@aV
zgga|`L*TF{9O$ecfVOfCqq~NLpX8oEHx|XcBpKaA8kJxfi!6H@BwggNFLICbnX34Z
zYdF}bbs%=%Xw>%TUhhDRd14`mriV^W;cp*uuSoDSh?xIDuR*8RAMSgE7%Pb4fzBFi
zn$-ITm>26^l-y<BUaX}dlmH?yO?<MwA?A%RZyf)zl*6uHT4q~<nEHE^90D0W=JSKA
zBzb@aU?X~=8O(<#6lp<bas7}+<_iS^#4I273U8qS6bdl%6=Br5&wO|i!GAGyAFK_=
z4t1hhkw=lfZahT7K&XZ9Q8<zab-MlcU_g8@F8&_YifP1|FuKB=VgC4J2Kl9xI;Q*f
z5R6Z&|2~?vVuvG)zy0^(R2S-wC&BQ*y#a>mq-40DTBtingKLEyfTZ*Si1iL&3#B!Z
zh_E)AYBDtKsM-!)y+82f5WB?}P`FT{6WoTWxgGpU2%>pA#NK7^0(rOpE6_6^;@Mb`
zy&GolM%lZ_IGnC{J;EBAy`Gj<=5n_-wBBY_UT>4Dl~q^yT&%{^+>B!8YOZ$GvbvV4
zW|#QuLyZP;-{5O-*Sb1bQ-iw^e|)Vjx2uIUyIQN5+vBTgY4El(PxTjFHLc9J^R?b?
za<TU2CV`+gk%-2xT)6Py!GrUUAbwbmoX2AH0&}&a@A@itZ4(fB+*Q>?C0%`<rnXjB
zt*gDE#^q^gK&`6Q29KMb)wDLWSGBqbbT>5fVqa^OXqPT%Xmzz@8r0VMJZ&vCuIjeB
zI?)YET3cLI&4i=2wzZ|IrjfupwDPtzfE&h*7>%pLRRdzo9oAI2Yg|p{5|_J{ZoS?H
zH>hc90yA;jR@>k)o)GA5@zl6{zVwp}*=?;J%mYmd@5OZMYH9Is&a`#ZG&OKCt6g;-
z5Wmj`QBdRY-Uedhrj5oRU~d&BZ2!&}pLmu%KvCM}Zt_$S{nbsLnnpg7>ZUd#quSGk
zfg3<=RSWNtv(;5w)r^O&O`cnLTvJt3&)a1f1;E=>MfDA+wZ6sEcB7sOAOJTADS(z6
z4elFH6|^=qyG(_ynnu*31_n!NnmiC?-0w57#^ZLAKvE%xAU##>RSiv5)sReH+Un|P
zh3vN(cP$>wTFZVnf}b^Qrk*)hYpWpl9yeXg2<e_0ySZG{RyU=I6GEK9D{h+_ZqyTT
z;;z|a2=}uDUX(#}IvScud(o)D2XvfO2RKvfxy5HrFsHVqig-j9A%X&ejHgRG8aN54
z(B!IWC$3NxPkW|DT0l|UK)P4k;_=d@O(<7pOs-~cYXhHem%FCrwilX<YNA*CHSR>u
zX^D1;-s@bgH6#Re4NZ8S!C2SeZt(GPPfZ&sOdVZ05ghXHsi^aK_@kEQ{f3^F<_5P{
zJjU`367B*~X%VZ-6s767;c4}Hp!4Xw%G=u3LTsq7^3`XWzyd*JYa1}Z^o(vZ5(Nge
z?#l-r-Kc7<cR|H&WIZt`GK>SEakp1BH4vK`UAJlC1mtZI_5p>2q0Q%_sTS&ivNmFW
z6YkqEshI~&Fr!WTcS3hbg<Z9Vu!<Y9*yaLmvgnZz7z3)s%uz3*Jk2J$O^XAx?P;Dh
zSGAB4Z3g|IZ68V_fOYV>jDd0(Hk}I^zex)qziEaD5&~)=CR%_(FgeT_!J%9AF0OH)
zxPcSi?0I*8mNQ&AP`XdkyC&zdUsqUrw+ph-z}<-31z$vy<@UhiaDjE>SzSX7f1FnJ
zgJr@dxjk)OLv%dk)`X4s)YTc}db}>0`)AQXnh05guY&sV?!91beM2pAhd^IFx3*~u
z@2vvE=uy3=l@x<t(_=NPFI~iRXQbY6WyZZRMaErvl8oE*G^KCh9x_}rm1X)Aie=2F
zQ9;aT`bNyDamQ!X>+y2sp#ijbZWsyy(Ccbxy}jRE8@CT$TzqZS!jZwoXP(1E?Q019
zWi3}Ia}kl16&bX+cwss?5Vz_0pv85w%>~KdCknJ7O7ggIZFrYB4}ganFw0=F2slU>
z#Un4~(si(TTa(eg4RIG9*N_(?z*Plf$N`t|z&@AD@OnO1lkjW;NNc6IGqb=~-$3!m
z4a7La#SClG<sMjV6UPi`@-^IW!!%`^FrNqJqh5#(1_`Uq%?AfFB=Es=Z%oP}c#(Dh
z;?59vpVx({Fi>zfgCi3?nMzDk>1*Xa2p4i})Jq$X30m5!;URfZjS*+T#9$_b<tAS#
zgpZ(%R<?R>!2h9DtEa7|KHVw5F$9;xqKj4-#|$5Nc_zY1iwUl7UjyfCI!fFxGO%Q-
zw6u}(??2CUf7`p?PbMB~b2kgqlp$UK0;_=QXl{U0+;PFr+@-O%d2h79J7laH%mxDA
z{Qv_>=`%}4J5~VI4NZtXGGlM|z}p!jMcuU{U^fM6?JWpW$kv$R)J)laY?djiH3zi&
zr3iE~aa^X9d?f5rhLl@X;5Ls3Z@H=)8(N=Q7GxEh7Y9aLMAY!E7{;xt7Pw}Lo3a`S
z7K_4XxR>k)X$vUI_vhC@!+jR921}Z%*4CDWYRs#f)?U?Ei`+nDj5#D%4Z`4Xs(k#$
z*HXi3Z@cLt!X?HZ3p90}rds&Z`W9CmLl91tyztW~A`t$dgO+bs_;Vfvv^ThJofAsQ
z+6@EBzKD>PeSln%NG&n!g&1d-=pZ(G{rp?!Ut=ULorqodl~YX!`EnAj$al-rBA&6D
zww4ymR3}x;+;C@@enOg<c|tc3(Pl3OP*c^!pJgEN01+UZtP_`}hDH~MIdJ6)i$`%3
zDjugDWfqUbS^Nxr`dR;(i|iu*e28nDA=dLSe|HZOMfZ9?2;C3&^+%###tS0@A3k{a
z=qpv#HMOp~8}$ueY;0<Fd%QPWe64Nmw>oaW%PKCu_WGqa-u%Mlw?rj@1jWpG^_?qs
zu3xJ>^|>E;_1xz#oO%5I>C&?Dvv23-<!c3JyFN>VvQwwnsjKYNHFoM9cKRASbB3L{
z#y)?Iy?TwEyT&eDV-;sgFP3@4rHx-arQ%X2E<SN-r%N5qi}1@uap6_!O5Ng)*Q_h$
zHQfTIyNu&>3!H8bZ-DhXHE?@)O`oXg6E%IJrq9EB@QDUKNGuxoL_42o*Dl(%i+1gz
zUAt(|&TC%uloA$Ps9RhJ3og_<F4X%)PaTc+qQ_@kL<65_;3MMkOw?=_Roca~cH-GZ
zPrE?Y&TF>0c$GF6$I=F+K$SLEqqy+i;mpMy;RHJg3og{W4ih0RqL5Pt=88hMDD;Ut
zpSWumcbpdRn7YM<y2XY1!-e|8h57^ki9qn*xQGUPv?wGZa1k~6XfZ_snb89uEed%}
zF<Q46EiSyK7%lF2?_#vLBb=C8>JJyHi3?T1g$Tq&RJll$VfICpi=xU!QRO0ai)W%H
z9||NxG;j;lZqW|wYpThIiHmr~hlxAmnZUw_35gQz_%LxN`s2g&iDBZxv4~;fjwTfs
zPM{bj?g%F&k!s>XIB}sWxDZZUL={dvq?CxqMKs_9;*JQ!h1V3lw~O9!;W$O_xZ|ir
z@3=#QvNNSb8C~$K46T8hE@(#=qY$*v9W?-EYJdww3Kyabmqz0vnm3B(jiPy@Xx=EA
zBRxkANIr4#i93={+_j54V(UfNnKR-7p{2WWaS_i*b5KZ3rVIL`3!2jf-O|OViQefB
zz2idU;^G#lNmuAjpeB-V=M&FJbLdVyBLZ>PE}oGd(VciE$mNuvke-k!=NC@b#WS3s
zi)T0`7te4?E|zgr7t3mRO;T*MBE`n#ZShw;dfO%LTKT0~bWklis1_Ymiw>$q2i2kj
z(OU52qTtCzG5m`(Tj-`yAfef!JAs5|i|zyxGLyI?Gf5Zmj0`I7T15jva+|2wCP;4+
zowsq)xlmm^!-a}2yqT+%kJv?WPK6w$m`;}%zw07L!sQJ$NZxP}BjECeJ23*67=cTS
zz$HfDYUG5u#6ZOOU2aYuaxEMei6W4Qc_%}Q8=t7*6E#RYsZjK73`daKE-JQ*iX^$H
zC`5s~y^Ca^sj#k;bD@rOithOE>%_RZ_q%weQHV{W5Szv`yk?^in?@lvjY4c11<po+
ztWh9q6v!F{6B`Am8aZK&f?thdsEuMe8_8RuS23%N9!`5BIZZ0$d}tJN+$cugD8}U$
zWV!{JZb7D7km(j=x&@hTA>D2v-Q2lD3xsrwIdH$t>2nL|cE8P~+byKqEu`Bmq}wf|
z+byKqEu>q_Akue4vs(<(EyUU_gu*R^!YzctErh}?qyheow-XHD@ddDmA-jcGlS@FE
z5No#(Yqt<<_$PYC`Q#HU@d=jr1WSB^CBAeOE-*g95}#lRk79sBu!IacZiL+Xgxm{3
z^a(ck1e<(<O+LXUpJ0<uu*oOb<P&W22{s8a_6Z|^1qts)aLXsS<rCcU32ylWw|s(I
zKEW+GTi#Ac4Ue%vtPmF-W6_-$qu?ERB$Nr>`2_ELf_HFw{F$gObjT-k$R~u1KWP_i
zZ5M297i?`8Y;6~8Z5NW(F4)>G*vf-ESXjYUfxca^uwAgQU9hlSu&`aQuwAgQU9b=f
z4WhAKuuu@!E?9`IApS_OuwAgQU9hlSu&`aQuwAgQU9b?2oVODK2WQRijKAEFw2P@~
z7Yf%d7)cQY2oa2I7mREdjD-KjGk88i49`a<0~aC>4)Fiy?cZa3PxJgfsK^C7CNY~p
z@WzUlv%5)q&oZ9O>ACFe&hD~R=hW%0sXA3>PF0<rUSf*bo?d%!Z}-sCvumS`v&zLJ
zF~PAMIhFy%0un-EM-b%5GPx)qY@84;A^{|BCWs)*e-J?c1sq{s@7L>Br@MEN93n)k
z&+qenKi}u_c|OnQ`8=QJ_O12kAG+1>Ft$&-HpE936SSC+@c^0BA1ZBrUkhxI1C2e%
zNo2hiR3=&)(Aa#4X_J((BkV)^d|_pBStfQ~-j#{w7gQ$k;~4yq?qO=X0;tpq3RG(4
z1uAvbaFl+C7MNNs0F~P21eIEq1DX0W3F<T2)`y=-LZ3-OpGiVr(eHTp6$dJaxqL<4
z09o^|=y!mu$yf9{9)5){+#;f{+}IRfxhdVvnu);DG2;`J?#8N|#L`JDoy5{fES<!X
z8vO92MmwpsPBb9|TENNN;zuA0IH|QxYArSX;YqD^qG<-%$R}zMsARQ|UE|?N?Q>GY
zFfTWM2TR@+zZS6%Jv^yJPHKvi+Tg@7lXu0h4a_Nr;b9H~ME3I(Knf=3;9*|D!+OEP
zyaI?)u1|nUZhr)oyec;IKV*$)6=;}$cp7_+<qsRSA2#knY`Ml=kZskt`|!LbIIjuL
z>oDh!>~)RFL{ZVsH9il|Yr1od4@f@Glkj<hYxsV6Ui+NaKIe6#^XhQUh62nt!b2*d
z20E{S&g(hnEW9sf4Rl@uooh!Pp4UR>wa|H;<(w^!C8&kYYaypAECFOroV5(eyt9@e
zh3t6o@G7xfZL-R%q;r*YuF})1^z<s}IO!y2b-v1iTvc^;cg>}$vo960&KlK+SJnI~
z({Ysmt`Y#}0F0laI&q?$c&+|d*^H~iaFrOYQi!Yc^(tvNsl{JU3`~xev(v5-wZv)H
zkg{>wHMH_DH4_J9%Kw=kGC5?53t4i=Y6n?z$aD=-a(gc(s$A@%SgMfii@^%X?q_mI
zA(oI*gUmW#6tt|daEk(2+e5|+WHBLQ0#Zz;WZ1$PcgTbb8P||i3^KnCJ2~-SCl90&
z9J2^4>+=%WO$n?7XJ#1IO0d;Iac1L#O2>hSmEd#@QUco>6idnlR7@vtnCD{J#Gqm-
zGmtSae@t?dTyB2IYThKCo5XXIcy1EUP2#!P+QcJF{$_~~3%W^4Hx8f#THZ~<x=C0!
zMbv9yq$ralccW$d%1x5HIWKhryh(sJ3GgNX-fX#p!jt38Ry~F)A#vU~3=>#pm$t@D
zQoXsfy>Alk&83ZUqc8K7n=M9=SrWfV;x|eB#=)6)<(c4b68w$B-B)h5l0x#D;ihJ|
zsTpn@oq1RCTI0snIBo`ioaRH;`p0QLB&6ma|B&g9(|pM44w*hfR!zw22U*3A^K&7_
z%+CcGGd~wpOpWGol7N`tM&}M>f*Z{d$OJbf$PGMp)$tL;((~jP>DON&s{;f6#KV9e
zvS%~yhpZpNzi4GM`Wu}|d1#d+aGXF^3}l>~U_v5AnI_;gOs7vME>b2AO9YmQ!xE@W
zimy`QWE5Ye1QlO31QlPE!2zjI>kaCi-Ys6qdi6=x2V%_34#*m0c22S)_%F(<b_JQB
zb_JQBcC7-<U2$||wz(@vW}CZ$Wau&pU4F(K?JGD&*0}lUN%K=kF%AVJq2{N#P<T*E
zv>7R=_(`Z4DS;K5gk14P<VmO*=}D7Nh!V19O*?VJtWDESkhN*r2{PmBYI9v}?4`JE
z)~0FXNz+J(+%=5^RZi_~uRdwU2&vF&(~Ob8;#Zq`5}sf&Yxa5)fyJ!#n<SnzEv&HS
zez=S#Zte%NZq5Bb*6n3=ds*EyA-I^<t@+(a^E-%jYkmikgXVWRqxhn>R8u)n@oTB3
zas*arEma@Jc`dJ$xUM_~(Br8mWStasUiPSSf%a;&I%Ka#xkL79#?%cujj4>Krmp*d
zRwQKXFu?ZCnFVN!LnbXqF`Y}C*25TzEvJ41GC}<YWP<t){cJ4&nchK+nd=KOX09&|
z_v{G7s^{#2tU^97&bWN$!ZPL;)1e$xOnukW)}vU(D^GO~q#Vy3LqPNRSm7(r+xWD9
z5E!4F$TEsj%CE(%sMutD?ubI5nY9Gf(jYE|0&JZK7sD*;l_0acOz@Wp{xZS0c*J(1
zg<mH4I_~L}+JtLjWvf;lg^7nXXvhIscpU{~an}`hU2)eHcU?PQSKM{Q)t63hYrWf=
z?bZR0KpDGrz&pLwHGwFV+f+5@^)%=8^tNWZb(BB7jqBSQ<JPhJ^fsa1Ce+qfnnN*#
zvVrO=APaw4O<q=$m(`>N4?M0z6zg1fLSZKz$XWq1uK+S3L8cdwrGu;~Axn;iPtzgA
zw0bPYjwMKW>S}|^(^dzSnXWb+qy%<d`pLXGNX6QN=`|sHFr8<J&J!^?y=J^X3N#&k
zC}cXil8D8a#bi|_vPy$i2go>stbXULF+`?N=MNpdA*Ivefl8;v1C>q@oHKbgogx5D
z1dtLa0#FI61M@ng*c;B7$qboC?gta#1Cr<54+7;m_aj5W?=%il7WN1x%w~@t;=3x4
z`@y?1sRHUNGwb44jYm}jqhRW)@u+G%sv4P5tW)f%jUcP|NK=BXk|Q)|xnv_DCdfvD
zWF;GEmu7Y@C;1j2qvu<IjGk|i_2bv-xAqOP{qilC+gts73y{sx+BZmEwVh1+E41og
zR{iW2?<%x<=RdGAVBLI^|8SoF0FmST2hbskg=vMc#d6#-G)Ru~A6Q(F<NODZ9OplP
z%B0kBd>zNvaopN8OA{rF@#`4RI%4`OpmxhT5*U{?Uv31$f>mrb&dP@AGH4(*quDsf
z<juw%*jWKlp!ppjWs=_kGJ1YTg9*RZs&!?MGRf~?{lud4J3v-0zXPO9w3@82RA{We
zOeQTh^R8sE`ZAehQdyFTy`<0zF$3AEkNz#s%M8$E_Ukfd12Q9XnX>^A)s=C0O_vLf
zdaVS=n1D<Gknw(*Uji|CvwKu;@_-cRP=O+btnFoMYUrbU#%+y-a!z89jrtJts_8&$
zI*6>)bfB@qYSe3y^;po%Gi0T*M70V*mNjIhLRK%x@`Nl;$RWXM2`X#l!O~VGXu(01
zU@cki>Yer+)I00UB3SRV?x5Z&ahAAbHv<Ebv+N8=ma;P-c{x`(ui7DmSci59L2}&=
z;Z<H6q$p*UyGCG{X+W>?)2{N&@J=T3tF{Os%B(FykSw(~2r3s__$trrD%T34AUW{3
z%rY|&GrNAxYG!Q+v;i_YAnS1b+991KTql?7A1ctD9v1c#<n_ZT3TO+05ShPzSP6Ox
z1XhAB0;pV^Gh8(v;v|I{a_w>q$ZB5i{0Mov90`e+inGtNs#rN+DZX9*>iW36jureh
z=i!#g@yr6GOdR4^jZ7XV<>E+3V3|46fl5%d(&G##C$=jf1<r61sN6Y<Z*iy9H9fvg
zkDI<-U7xFZ&Ei1G&j}AG9-Pd9%0=_YF}<p%+qOe{7NqwEDxKaNs5<M8w#v$Hsdd#s
zNz<(?P<iRNgKD+gDx@1vU|HTK71xe9@sc1?x$B+6LDG8jSDBcrEC)pXOq`j&%FIJ7
zJ8KWJ?2JCh9ABoB+5W4S>Ez3FvfW2kjn&DQ>Ez3FvMov8RYE%XGM#Lnl6OkDdF)m5
z*w&u;wdosOKvf`3dzq%aOw(SbY1}tk{a>bOjYBM8t7$LOw1y)B%PdW6IBJcX!{#>A
z%PeNY5rIkNAjC9{W9b%`rZqTmEUM&Ardcmn)0$I*)U>A7pm<2rUZ!cyuvuU)7l$}d
zr90Arl9-E+9K5P}E;oWynU~p~mpc%JJW|_c8=x8^wQbTtU{y(NU#7OHQ3ES${gsp2
zwgXFGd8M{5Q`?uR?aS2mWor9UwWS+Q9*|`Qnf5{^2*`MVjOjWAzw0HCX#!+&uu|79
zb@1y8hgLSvCp3t;Hq~OudL=?87}ly6g|+Ge9l=<#4k<fUu0wVy7O<BYtJ9{-Zw8H1
z$T+>pS%4TbX8~lCoQ0cHttvz&au#k_Krp%U2T;jX3Q)<lI~+NlfFLEm4#n>2%TVkl
zUslW~Ux;}oUyykwUslD9f^W2#I7Ja_bm`#8Qn}^jqqAaeLAmNTxIrecmw?K}?g1(@
zO)qQf#jIkNmp^7YN7@_i>4=hUYYeQrmptim*TN{(wiO2!<6~YO2E~~=45|+51nc#d
za9uU?rf>45A#$BJ4YJtQ8d#y9W<#cN5KCwifMt72e_5Vs-A!5tSuX3KEIv$;AmadI
zJTX9)7P6ut%O0}qA*RjsV$q@msw!(2<)W&xgb`9zS;-K!tj&UkS=)rHXP8NP3$lRp
z){cB@|8WemE8~gEUt3=w^Gc^dmXm6OCg*%seqRe%+-WsG)f462`Y>e153=@zl(V}(
zAO%qW0Ldn+b;YclGKpW!L7p+cmHBkz52$!gD@F0v(J&rW?YtNs4kIu=)J{+}wD*B3
zIo@=E8AU6tRyoxZCa|1cC<j$hRUA|SDiY|BS>?F5L|_%w%HN*qXy)Pbn_RW^AT_ET
zK2W7PJq1;&-33&s?mmGk&QSqWwGO`(pgX~Qq5^c(K}pIjU{E5};{YXEtq-UI^glq>
zCtJkonQUf@KnfsR1d@rCS8thgtO-4zJYqVoloqH?w3N?MoPpJ~PR)Xx@$1we%c)a?
zET^r&+x7q<W>Vh<SwI_nEbH0Kxg)LavA9>5Rs*#7jP{clWQ9YPC1iy|4pCM(sg2TU
z0gzETEdVNts!Yx+2vP!@5;UPgjA_O;{L9uQIy=SiZ_;D|lAUA$DwVQm<mPux3|ZSk
zXjIPW%s7pRoD^XeUL)rbm>MC<2(=g?=Mi{=Y?3lUha4%v{K6r$bcFIo%4H7WP?>G6
zGE|;(4~NQn?GBopAnSyX)p?|MtL0D$)?+}^>k+f&VMrS{VmfWykjXV}pqaH1lWU$p
zm9A9*&8m!)%k0Qdxy*ooW;#a7WtJSYo;_0FdMIe~<&gqoR~3WHxOSpEWO-`ZkmcE(
zs7OuaTHKH^U5gtsrfYGa^3(|!>fMwPR5M=IjF&azWzBe5GkUglF)N{FysQ~L@Va;9
zSu<YNjP5J)F0txnfD)_w4WL?6Utma<oJ-R}>7bM7Aw}-&d8n8%??jovn0LNBqz*b?
z9+G({%0p$A4qnH+)8@S^>vZrs=5bdiEc@Mv%3!}6Dzh|F8$@7j>q$?vtfq1%HY6|3
zy@nK>lP*v-a+)<{LC&^@tdX;=p>nA?UREP#TYFcYHOI?pq?O}cRng3WY5)w*>i04=
zb$UUkP;DUC>!FngS#2Rp0GY6`7Sm+N)O#ntC3XaCM}cOI2?;44EQ!d(?gr2WZS|e8
zTpsQQj98kx0if9!el6wUT!kT-<cOiDFnj3^X&Gjtfy&rM1C_Cgw<Al7>FLN3V|qGr
z$e5mv1XabaBpS~y;`o%nvx`F}@a!Te33)ORRPvJ~<hervlaQwhK}pCngLqLJe@3Pc
z5IM^#fGjAhu-%wNajYFNrdydq#&m5A6iesx&4z3Wm&iai@_GEZmcKBi>hZgwS?ovW
zF?~J{WT;Hy{d~>?fi<#c;_(1&Jog0v=IFt7tZtm^9t_F31L%;PJAi@`A4_S=-*I$A
z5wYG?pknY;+}^F{K*}>_9cmY-3bO`clzB)5Rs$9)LNe_kxxFiwYUd%j1;*ffA{<-e
zJ7fc_ByRuS;7><nPv3Td3JMRgcV>luHPny!ISVGl{OZ39buv@`-3UP%hO7mmGpiD0
zm4K{B$nt_rB9KGOF#s9^khLOYd_Yzu$T&d(%TwI}m9@IVkhRhw6*Tu^sI09Us64G3
zYFq*bPPBOq2q{m^#?v3VD$u4z(+{X9Y8!eVOEwv(cPbs7VecR-2(sjmMS+Y#$SMt4
zr6FSwvf9##N@tBgC9p=I(pe)=39J#_tztKeAQvkJsn|KZ3oJ9MNyjX~TtePiO-Kpm
zATF>3RvJ`!)}0PrIz<2~oq7tYVk#(ml*Y`z1DR+3UHg|fI*zSb2YzKNn+uxmLDr@a
zbH;3n=1UXkxXFfRXv@F^ZgFm;;<hR`q^Lb;1xj+*DBtOBVVX*yIRceHck8@n%Q*y0
zt0D2XSr|ye4=EE(JxIaT%yrcBx+tWGng=#W<HRxHJbieysS+961tG=P5P*~heQ;4|
zuMxUU#QLNDA){oziDJ5}I7s&L?buQ^UA`Six#in|imBB+&$ojpBDT9$P<oe#2axxi
zIgldCeFNEqo(CgYO_-iuZdy;+=JO*ZtFv6z$nNLzu10o0cPM6SWcPCktdTt|2C9)g
zEH+ev8rj2Q1l9;_fvxmL2#E4)XaHH|h6Ya5D0few;GU=Ld6I4ZF3^JVBteR*9_P&^
zVkD|uN04>)9@E|_DrcymL{$&<Ruf@~%AJ;>QYR`mk_k*yZX^%IP@-}_guq1QRt6|h
zd3R~31c}PKO9ZCv`KBOcly3@BM){`f9V;W(UP)K|(`+v&Ev(dOc1~=&#w?bklR2><
zS;>h7nOSBiSN1&T6`}&UD?lch4tE7WnT{M(_LpVPb$#9?Di`#JDlSpEpif|;@?aY%
zQMvj)RDwk1vO9r^s<9KKaI%lgv!`j!vqzM}%Pc}}F?-MPr%uvQ*F_=IP{<NMRw`sU
zLnama@@xTQ{k^Sgh<y}NplV154=G3bxu^lEO>UN_is=d=sF<1ha?G8k@5^59G)TU3
zr$O?ivSS@qE6AD&Vs&z-GZ|Qn5-U6mM;WVUpu;;W>`enQNkX~P*cL^TI}I{s?sWU{
zEU!)W{K`Vsn^~jDaMOIJ^~UbVUVb;`$0+&TAY<ltW0MqmemADcO6GTCp%iR>HwRBb
zi88+%du8(cZjc3KxIq?_#m1y54;+E<nFj_@ER5C#DsRS3k%j>qXtDX-*udWDDu5IS
zw$ua;ZUoMtKxT(HT3Z4&6jWx_A^#goYGB5bdAAH^LqRf_4F$<y?lp7r*H%LAHN=8)
zuR+!}_ZlRFxz`{W%)JJcr;Z8}d>bJ58Z<`*Vl{KGK?>PBD0>(4_D+zM&X;CTFf$gC
zmrK4h#M1MnK}tSfnz3PZXKYv$#)hSXED*9{ArlB>=^$gC;bV1&j2G4;RxG1PfhrM$
zNyr9ZObN++Z|aW>Fcw;W1X)`B5oBrhM}{CvsXu~bvi{h(#IRIi`y-=M8QWbzhj&(^
z{>aE>CiO=KFe_Yt1R1mb$f#!F=4hv6Xj`XjXuGcaF_syj?gz5Sx*y28)cqLllw949
z;ZEt){Wv}qN^(tm83RpF_hTrupt>K(g6e)C3#$7uT3W@rAIO+>KTt7i%%;7Js}@xE
zYh2}5j_Q3NYkp9gx*cc0i=wK7%A{7W+c7E|Shr(vma)1WNXF`RAQ|)e7;E^>RUnpd
z<y-}{E&^FcgV=OlCL1a<U0Tq(2&6n~NN<=C=zIiH)*2a*!u8tOqEv#j6OcWH&sUkJ
z1_56}<;Wm_)`ubG;_wM77l%(!xol~BG2={wfJahhi7tacV71+j1PL?<ka9VQRf9mF
zd1erBXv{2w08&aB1dvk7Ab@0|9}8=8o&VDoGaD#%rW^#;@K#00S`xC{A<GuB?gLql
zct{g4WEy~@G_G)z3e;ZUFNM?`+@_Fq>p6RY4`rd*3y`H{FF=;2y}-+|l<WmaCbJj0
zUU*(5)?VO%m9bR>9o|`u>;=x5nPe~U(X4Rx0%XkW1&*7AXBTkX%sRUOGVAODNS?C`
z_;yMtyMS+}6tW8(Aq*v<>;ev-39<|LeHN5m09jCW0c1hh1zba`l3f59GrIsPW{s9z
zz=^b=>_Sc?zjBma0L?Byrk0Q?BKIeXqQ-;Dq!!IC;DQ<`2hF=)I?VHHhGon6zWiDy
zhbVgn(*k8U%YrX!)v_!g(`8ve#jJT6(9vcatNsgG|Ai>Z26WJR9>iknzaXnv|F!$&
zEVngvn#+ujZ0;DK<<K+)B3JbN0_Cbs%Wjkj>a-w>tkZ%_SEmJ$j;4Q&1S6C%LiI;T
zH$rQSkZy$XMoPC?2Iw=T+stjKn4c-;XNox!%)6P{k)li^hKe~eJ5+*oH_*;bjIam|
z+1aI$a@pCXp~Jh<ZFz*i&2dJ`Wve7ZWwxo#Pzg{Gz(h7uvWaY{s!wD?aXbHKC~gk|
zoH`J=sqzRaJ5pv_aTzL?O`C>FzJ(Xi7Pm%9zD_ZO8jY08j#Uhm*-YM0xlBPoQ;?CO
zY*T!wVy7oVhXfTnwIy(hI#Rmzu%TjZXaVgY)JQRR5NfCdJ47;62|EZiRJt<R^p3C{
zgc@OV7)kK6h(qPIgHS{9u!B%TWx0b;pbc*$C0N%VD(1#6OjzpdirkPfU6C6yrYmwF
zCGCpbfC6{lbx1ZJJv=tcE$%K*rn&APD(9_c?45FO32&%!9?H85dJD7)o;Ly2U!0YJ
zYBpzOL&kK&l{Kyzq!G(wS1)7<Y%z(pEK8JX#1=tF>97JUN;_F>3zb=F>G=(kr=3jG
zjgnfr{mQ$U<&pACy>QwMoRQ|;jPyuR=8u48t4DfQgVAIQq@oe)=cuzl>*uI5BroSB
zIM3poCpy*vmfSVH5o_d{-jL#PO%G&ouG<aR(C*9*+0d6Yv>UVww4pC+X!mIsXcgS2
z9kQ10(+=6t4nIRO?dl)sz-`^sk%z!~BonYz;kuf*tTtp#Tvi*hCN8UitclBN1J=ZC
z+97LlT}|ArU7$7bbn{R-R}(jF7idk~v>mc0uF4I?UvhVGj=*Z-h%{85SsF*A1)A=r
zbT>%=Z*G-!y=%mDu6GStOV_(V*3$K^0c+{j?U1#6SuNecU7)q}yzEdpS4%f?7icZr
z$Q`nlE|(3-t*d6B1Gm*umzBV^7rxJU8Nn=!pb;Zv4OxN_N*^h~1c8?{{T)H!M~s3N
zgp5fULu%)UC8%>lmZ0+jssvSN$aLxg4p`}2VjVJ_4F=i>F=FYu5JQ%3gW<SUKczcl
z{S+Oj`YDj1rE6<<WO+hXBgo<1IBRS7oSXJW;okiMxo{sb3fJgGvmCsek-%+KSnaqD
znGS|~XF8oq-pzM_l#8AtsLZ_Y2|DDtA%aw8t&2Bg*1C8@X6>2{XoKX)+8r_pLe@AC
zYos?fRJsjNpsmD=6m!GX(BuiRe(rF>vm%EqCS*|{i-NjLZ8jcAtl!LwXqK3Fvj`)h
z^&F5TV1LGL3xy-ACS($XjNKLr&o65nh*4@BkWp%!OFm$*1T{{pbGYg@YRhs%W{q+z
zCKZiL<m^dIF0Hab%B;p|L5)Bghn16Y-EzvvSZX<CWLdYIa?Y)Zi4|g$xCR*|uDMDv
zCb&Z(Nu^l0FkLDI8rQ96Y+s<5subG;<C-Ol)uCmHk<cN}xK5?$X=a^Dfy_FUqWhVd
zD-a0a(Hb05f(_Y2R^@6w@sL$X73r@fpJT|oIff(UGRJVJTvS?mb}?02P%%|n&>?0e
zsI=IC5~#GG@>FR-$|a@6Qm*u-up{FdGOi)ZvnlL3_YIZ{#3;29$SAcDmk^dUw+|$>
z5tB&M)kYw*PP3XzGW)ZQ*q4}GnlM7jtTt+HNT6+m0h8<6sF@vhp{#2ojGLL&?Xhta
z2&8mM5F}?w5JXk*MCO2v(EmnAH$sgdn_Y~M%LvIwXn+yqGIEGXHHXS`ynyD1jg<A8
zf2ag=z(6wsBfXmlKy$!GdbhS6@|~RMDC0eC-Zvs&I?6+GqN5Djru7KJ>_~ZR;||1l
zyx(4J-ZsSW3fXLIqyjb#8?wf3Ru5U#?eGDTiC-KARed+GLGxQj%4B})P+ZPo1#N&D
zDar<@q26tp0*d9$NCskkQ;{KA*XO?Mi=!hZ^91*hS?Y6xWXMz617@P<J*0&6yg~E4
zM@mo)*orN%EUSTED<bBWEJjojU2aejw;ni9jP>H7inFGkJ|=8i>LbOd*%?<B_;meX
z#2V|349O59N$<?;{54tk?%?HX-W?n<rgsO2idmj^TLR0>ZaY+zq_P9#gw?uOeNj#4
z)j{6Xf_}|msN!l*Zx9k#l^xb``D2qtTxQM$My!cb08lEdXFsIG^w&WtuNO9kR9-jX
zK`F1B@I&R9*1G#nVD0Pf`;hAAH(G|Qx}F=Tis`ux^-i61W1g^d($9qs*+Nbas7}>$
zdN8C|oE{9BmlFd}9aZ;l$P#A60QFZl9zbf7=c)!Ot@^vOPGI$SXMLzb6N5YJ1lpk9
z#s*~2+-(OX8h6`=6pgzAL(0<Kc2F9?m?xJBiUBQD%;e>bK@wD{y0W(d7ZxiAu_cnN
zee<gR;MV&=C7h4&oLHTY3|XY}ks<SNCIU*V`olwVQ1-5N6P5_Q(GAM}x#K=$?cH%7
zvQF-}gXG)Wa)3nWE<7j^x(h#4CRq<ZFSEe7OoTe<1lC`+Gy<rhT~ZuU`@O>ksu~H>
zFNH2Fh7=_0gKHGX^aC;$AQKd11wh7vONje@Eih{XS_42>Lm64lkTTIEfW`w$j<Ytd
zHSV`e9QHtEvfY%uE0cLWL#qy?Oyb9Zk@d=0u==1<tFWL_D-2MntA;}-%bcaQi9w~d
ztw5#Lu!2mjTf_`53F#IM$&qf+&H-3QK5sXk{S4^HtRO^@`Wet6)A<=t(AMBaO1H(g
zq0%|Hfs_N^PV1djaqoa-jaYK;V8|%$9e~V|uY4_;p8*|F!hQyHNXFb<7_zc%GJtwj
zYxx<_g_T<44w5gvLS+FJUHkYMP~z7jd<v=<#jiy)wS5MZh&6>@UK%QXZE#W>G=TR7
zP!@2~(njvS07_t$Yn1K_paj~_AWFk~2@AA#E{qK+(uQX~cOsh&#eD&kC~1cmdssJ0
z>bkT{<?oSsHZ~Gyo*WWf)&0oHh^ponK!+?ycNe5l=?kDkDuQ1C9a6Y{0Tfhs;$WLu
z*MmI!z`I(=FMtjyNT)fV+QzRa4aLj806G*ewT)i@C9v+|$1R3RurGiPm7vDa184Bf
zlIVyJDG(j;AqC>*El7tNV)u8uc7dvw+qFaLm7Y7O+PWn>RJzOte++6YIZGNTog#B9
zhp_C0yEa4C#BYBNDI|AoKyg{kJ$|vUN=pFVi(X*Kl7suJxE%?=tr}3qz^$4g6S!3~
zB!6zzFlkpDkO`G9dd?<5rm~Q!0%XY{6DnlMA!8T2R01^@yEO9#DKm{7R!Wqo$Tp-|
zr^g`k%tZt(&(=~#Ryt%+AS)J96pLkrWTiuvXR9Y8YXwL#HxUJCTw5p^Dl=8c6Q-B^
zt|>iddYR|W@1zg$O;YrH=_S90**7^>Y8efapk<C#9#fDhEo7B}tTK>8l(C56-b4zr
z(jdzjGND5zJjguAK3xjYus|xo0UT7;yEwThm7slL6sQDs7gPz`0V1Y76;ir={ft28
zeUMnvn1W)-)&&*QSzw<oC7l9+6w{Um8PiXf;tD4hKV3Q`6MnjM$U6Ax(jmp;r%ORe
z$xoLKSqDE|I%Ii%x^&3$_UTf94b`VhK}pU}mk!w|e!6r>3HZ&@p$gv;2`B-2Uva3c
zlcN`u7g%PA)4PldEYDqO9E!1hx)h|=^yyMi68F=kLsd_Q0#x-9yq_*5ibHgtE(O&L
ze!6t1<SKoiE?r=}*cvRNtYR#ptj9w3j<uAK1+k<OG94=`qWUjrwS}y~Agdo_6=U(m
ztaH3U#?0{s8PmmKV(Ja{=~DjYoSr(w1b(`7fhO?NrJxej;aJ`=W*zRB&1Xu-J9#ZK
zc0sEczRFm_SLvO##bpUuX;3k>zxXjFx9++#cr)hF;s$7CLnZ*oxP(jqeb#iOC{va`
zYYK6!g{<pBilN5?Dii&a+$FrF3bm_)if>m36<<xolPab%0rk#71^23VNhr(IXHEH&
z$2MV~H65}BSs45=rBIuLEWI`dSwd~j=SnT1`7+3uOgC3crb-dBW_S=K9D7n<G$mrf
zK`zEfIG$49yD~{Q_PoAm%BzIaG#ON(38&dI{$hnDoMy`e#!$j(W?U&vkNcu21y`G<
z#~>MLdVIqA@pyF~3u03@lJM2iUR9f>y9COeUnC=bwXw7JMN`76O*30i@vBWUTaLk&
zv;766u<Kx;*sE@yBPY)q-s(0-?Te<I`LAxxQ9&kdj(Wnn>+0t26~wwV?(x;qURAf|
zp#;in^H5O5%@XxR(-B*?DJQ7-)vYNfr-#b9O4YUT!wa+;%McZwW<u6!8C>@sO)k*x
z%@`Z9U!&I{J9J+(?aN{NaG0rE<pWIykg?CW+dC&opotnX#v#Sr(FBmpu|Q`zbs3Ne
z>M|e`)MZ$i+i1YJYY8pnfQ*uA^6AdrRl1+`BtfP7S<fL$PkZ~UCtv+2YxRnyJTu80
zgXAb}0a;w;m=V3073XI?$*bc0tmlx$rBHp=^Acj7e%5oyJpHUE$YHzBdJfrM`K5i<
zlfYWf&w7I5+Ru7|9M}4+=a9);49VAEUL@0v1v?Nmq57enk?9*m{#u;?9imv1Mh#kR
zF(Hcy*?<dKJ403~Wa%JtFCj}#Gq1TJMbUj`6|~HBpFw4&`wS`<-DlKe%%dLj&miTZ
z;-V}e6&IZuV&1p%AR&{pG#WA;v%rw)m<)<oPFXtEMIx(aAMzX-OMS=_;(`-o+S!LZ
zM@pwj?n9mnES(*l&vRCSbq7^~b?-x-B(Uy~iSC@ati<*^_mmNV_9D#$6IdfO;DXGt
z0T*Q14Y+;6lVKp%+bdwkTk=?Ms3mYs+QqgJInkHw6P|=s0YBk6w8n#!tP1!EPXgmS
zy8((L?M7GAh*EXXmgSOBfLN1^0?2e31uY`eYdLQ)1sT0jv^!;tak{mT`8*ICtMRj2
zUIf-yjh`Tk!3LY4#=>faDxuoZUkuddGJ&@Q6E`d}nKxC#Vt2Jzo323`7Mtkzp-x`K
zWJZa}zm;nh7-Z26i=fJhNeuxX<1Bux`n@@_tXWzb29+$vvv({j#HIEQWCLdJKvuEQ
zk&Qj8*wncXbzVYbtVtip<V~GHChw=VYRQ*n3sW_mg5;~=w6zR=H-14ZGfT$$hIMRN
z7gQ#xYQrgk6<6wH;+N6LD^^?U?L(altn34;scJ@Y+mG^43uggYM|q7v$W#?Fiv*eV
zU~y&qK_*hjc!!Kl$a)B55`r8OtOU@QW+Gp5y>I68m7vW7l|WydNq+B~41s#5OU}%{
zca8`k-_^5NsgX0R>&mNxL1d{829lR^+lzZ9CTIZ-WXu-OK*iK7^kK@&K1>PG^X$Wv
zAax9)B-&O2S@*V;_#)+6tPfK{oS5}t%FF#F?!Bv9L1f7fQ!dav{V?T_4A#j&hjjAk
zhbf7&j{rj4m4euQp5R*GmYpE-;?b?4N^q<LDbIFx*rm3`a%)*$3Aw@!ikF=zAQ#ul
zAn`IMk+rVMQO7|uP8=2}lby94D)r9V4wc$&z#3VC*jZcN*&860s)YcRpmNeqzeq{^
z)G`YJDp_iop&&3(rJZdou@)D9J8MfW4ndFv=e!G4W;(2(a&h|A7b!`n#{r3V9S>0H
zbUZ-SSx>6PDt;?`CtAtGEjvin(>#F^+)lJEO3k$stwUwG6RjYZydWj0qxeP2y_4xy
z3;QDFWnZMk<*aLD%0N~jiw3gT3>(N|{TSuaS*#zU1f_><aIuW39(u-(cj;lfUZ6@y
z4?P;TC|0bkFpiHXm!=>shVrXevY;Skn<3?JRPj?XKSoKGDVZOm1f^uzT2MTsWX)g*
zta>R~UDl6Lk~$NZ$?ap53yg=9EXzxvlJ;YiM9BoU^~M6OO4f7;q>?o&0+m@x=Eo>W
zo|5J3a&X3$^<$L0%ij1gN{~yU5H-o$u?tM7*&9DbNub_7q?l=Jt}=l!k;cAEWBnK<
z>8e*6>&GY;X2)-n50p^TSU*O&DDjZS`Z3A{PIVZnmnUO%L^c_tMdrm2y#gR>d&so0
zFG`Lq=e{Tjad?3g=zzk4V#pzcbw!b1l;i`3j*XBB6|%O6jIq8bIpVvPO8TPY0*j(K
z?2D2F+RlAZ5~LOBi;_bVD#Q}n`ss_31jg>^z9<QbUB4&^irt2~z9`95FqRtQ`l93l
zWyz08F-<Ir9~>C!ougV`lq66S-4`W?W=2@gTqlA|F(B5RnPy1l^AY=^BvGoEUz7wn
zL_!oYqrd5rE(RzRFOH3T@2!~XBWt7;tLX$)tcnOKon5joN-_<unz?;_QIf#Q%kArn
zk_$9>3$}ex^0F^Vj#ziUC`mEpS%2$`k_5_pUz6l;g<6LpUHu^A8Zu!)rk{{84_T!l
zE4{BtLR8bfCJ9na`<f(3HSKGXmrS57q18nHJO*J(6=HGeEXV@ZQT&=@M?UO7__p%b
zZUo45=`(2Zhsb7X-3AiBulY&`05r1&nN5dS65l}zt!ENg&MwG<6hNC8pbD_FgXGqJ
zP46yszhz-h!VRymeNB?=_ccj~;%$)<P}TM|$-O$nC=)f4z-nmE166Xo>6GH%D`c-G
zkcqx2q?}!(1XWSh8&m-<_k$|Hb$-w+7vGPJO{X4B9r%6CS6XRM0@d9GRh+Acpo+7P
zfGW<N08qtgC_&Zd@LK`;08CUWK%W_uh}=yCB`MtmP|WT#lCZAHfz)DJVwP#lEMFTW
zM;RcHF*887-sQXOGm?;G>-o|l)8YKCpd8IUBMFkDdUBtUBrF}TCxc3ss{0wq%RVDH
zV$N;7^cl$oDwZ4xR+EfU&FkH)DHXPyamA<cBh+;S?HfVfkoENu+G&JzBM5E;!HpbZ
zmf5;Ifm3D3RBfcJr(;7Um|lRU5F@=?GlMq&8R^~Ha>#db;z9}2hfN?x<jaMUAvtlO
z1hm<~2!b9dkF98dP>%ifY6HU%RuM9vX`}+?EDc#>cP)mj>P8npGI7-eRQ27;0Ij=@
zl*u~iP+YEOf@a-Dic-U9-3Z)(0Ey)}Ap@~Ke|bpOwRlXXrlun%)6@-FoTd&WLz=Sz
zGjaQMNC`QrgEmDNDM2-GR9|3OR)dtm!<W38#TZdhG!>wtudfdjW4(K*LY0MmmawVp
zNHJ=BJ0ugu+4d3ZZND6{!uHD{GjsCGlrlx}@a2#(J$yM-%<^=8OkkNgKOQPdvYEXl
ztTy)82dD;gdOTzkc=&Rt;%ZfA$pltqk9IiM<>xhp?IPHadAOrAr1Usdwz4^>6_FFp
zM}*XnnQmgF)OtHZDz&R+pp@FxvLU&1wQQ&Y%D6^lnbs`R1(x_iv6nV`Qj^r_f*uek
zDd+(Wm2=v>@q)0l*#nzHm6|qNUwZxGq2dwCBxdLk#e7`_AZGpCx&4sEY?J}i-95Dl
zQcTX<2UH~I?V$R;lk%YoO-!!WEwDmm*oik`Nz2JKC}}yX9x9Wh<*CgDmPxAP>K%az
zP2)dQ9h052Y67cNvUBFVuvj_Bu8cSM@v4sGsZAFv`AMwKdxvDsneLE9I>iO0Y0h7V
z)HJ86AhUOJI-m%hm4XtXQ_i6ZNQBNc7buf4=Sm)7iO{JdC=ohm94eDU=&8*GmPsOX
zTq7`{Z6pWO(4N{HssbtD26@5~q!YR!1?hy2btYAx0dHkPrg)5dGfDk@chpY10a^Va
ziwRjw$asK^OLrpn`&wXQ8)!m=;QEZLa7dYGZa`zRgPo8vc3=gRiG3baCK_K*nK;^l
z$|Qaqdf5aiwGslATEh$~wekX$x@tH$cd!$F)B;GUZB9_BHQFFkd$5yLx+LVm&LKJS
zVCOz4v+fRAhlQ96CwoHH+=HEaXF5*W_-+#^0ymKwDcufs4wY^PJBLcQX%%aPwVek$
zhm7gL&Y_~1CFdNBUu$_%ff#f7M@m*}d9af}6~}{}fLhCgokKP<+xDieeLUF7JGo=W
z-B&e?2Rrww__YWd+(wDVTEq=&BGv{T>>RS*9_-9GvTbFZ@)J7U$pUE&k%Q3bP6De_
zy`a;b1UdjflyZFnB<D^vh*A|B`1||r1jc#eIy++W)!5AmPFZU31u4-6-%fXO8M7wv
zbmx%z#x~W&;OWj0h2rT>ki%T3JBP|M346Mez*@=EouImrr#pviCQo+`DSc0Of@&Z)
zeTL#?r#pwNn3tzO8stuQg6b@u?i?yXlJI^N<5rSjBVn0&B5*|JJrOu$t8XP9kXSt9
zIixx9jOUP5@Qmk>(qUV`bm^pLJb72u{m{-(>8i79R0P_<ti+o-)8QG<y;1<4@f=cA
zEYTV>Uei$4Itz=-Y=&n%Nv5L*QG70iF?=TmX6j4F3_7CbF{=$J8|H+emDd^1k!8lo
z%_WB{Ib_KpOAc9b$dW@!u8c5IV;52`*14me1X`7jdhRZzG4o47mXJdVGV2^tW(JE1
z8848<gp3KuVnW7*pAF@2VNFyW)r72F^7i@ljq8I8TWz+$z>hB)m;EXzK@N}*i)(<y
z*p3ItR1LCskg)<8E0E=gJ>CoqvYa7f1F|9^lMZAqX6H2_4&9JS&{TlRdP@_FQVEXW
zo!2B#J%m)k&TB5Pf@}s*1vz2tye3hU45XNLK~OQBJ~C3oyw<Vvnxs?PAjb5(CQe{-
z@x11cOn6>%$U1mlb4c-cUK5m*Jg+%q9Xzi&BxkI$u122MgvgQSH38~e=QTk|&hwf>
zrA~kz+gzXm^w=h7OAaHpl*cxQDj{*Y3b;TU+CMKdRD}|*e~Ds&%EOfekjlfzSqTZ=
zW1GB7@cza5q4-Sx9@`|)0hq&>C9gF+w#mC%!@oE`RPq|dzc|19$xGL<&5;SPW1Ax(
z`y!_|MfEU_W={7Yt1V>JgiL0TwOhwFM~s>04Kik)H>jAJ@s4fsH|0v;vCSb9cx-dX
z1RmSmm1&u;-+?SW-xA+rmZ0;R5UYs`vO3^`^v?QqG?PH<=ctB1vWy{P9kNP7#tCG_
zK*mW&Ge?Rth3IG|L@&LgnM1{JpzLVo0?TB&+|kUD3bj{*DpYL*72kSuCbKN9H>h{|
z+x^A)YmQ%<S=OhcnG3WAS)cymJku~OC&UD`E6CDoSCAzb)NC5p%jnIfL5Fwd-)#EC
z^O@|nCLy~_=Q9aQLd}@_i}MRC6I}^VWhx=BF%lyQc|LQf_(`Zaa_2L7mxP)lcRrKA
zB*dcRq%NyXggc)}Q0?7Bxbv9{lo5s|Q&k&>kN)C3F{%wMXpGvM;zE^EZS2*Z&m>v3
zX%5@@%mo&|_I3f2Ks!d~Gl$B#)~_ewx5i#|ljCNiozG-qUEP|Ec0O}~#jI|wX%eU|
zH_mlFld$U6jI;BZ3zXMpoVmxH&*W8gYjWB7%mo&|y48pAqt)g5aOX3LX*JgL=<&KN
zWE~iFUNsp^3$$0G)ggN|${n&-cRrI1ee-HLkdbvoLdFhcGGLrFXZ{3Ss3_Xl&Sx%4
zF=Y<t-E!(TAQRMYKxSRPVbC^D*RomEC}z$$$e68!F|JSc5ZTTB25r=U%<<c2#wGSA
zhW=tYqJxU*q?E0SnSK0$@>KUg%F(|#zjx)S^6)q2<Fopm-&&*dZL<<{`>PO@15&Zc
z*uOZxcV^b2SguBYah??%?H0r=>y;q0WTSOCyIVI>lmze5)CCqZ#{Awl2QXZG%R^xf
zWF~bKkeSp`K-Qp+($Q2>*UlbI9a@)y6tm(y&BY0iTF;}YL&o%I>X3|iG!;~{c{CNI
zKitt&P|fDiR8WoK(NvIQcSlo)Y@t?sn$_V>S-tuSNH*Pe=Wj|^6ZhMP<j<q2L-JR5
zLSfgwkVywJ^?)n^WTiruHDpZ*S#mUdnhq(ZJ&`ryu>>hkD+?-5oqtf7>HO0{N?_Ne
zpUk0xRIELiUK6qh(|LyIJS!a%G8Z~efhMO9g-lLY3YDByq9td!C$hSCUUg&)c3u_Y
zQd{R$K^pbWs}7Y;quzPd1x`GiLahWP0V<}F08M6)3Q`iCS0&I!?Yt^T<<@L=UX|e?
zp7TOLW|bELvTW@|r&fty1=?z1CNEoUwSZ)+trn2{<b`BynDQ6DYItguEUQNQFQAfD
zjjSm~s+?6yP<&}oI<?9Gr>TV42AN8b^~qF%OlMFo2CD}~&&2>8-pN8PMk@>a&Kf~B
zu0v)7S#7X7xfmT`U0|71{alPpXn%N~7**f13PZ)O-kwz;u)5_&IHa*|VPUPOgOo^a
zMCVx<)@v}0apzeHi{mU==UEAKsD+eC95d>#QjCle>&q}Gh+|Ky5u*mfX7;XRHCRTH
z5kR?SBtgZj`7)9W3uT>7woJg1i|Mj!pmlYK$y+7>$zMOoq{Z;gv$8T@E4CO8D&_{L
z&a;l#ikZL8vl5t0az8+pnfn1M6J_GzD&ohghpUEUwN>!Wvo5e?b;2xb=UI7I^)s8S
z9K8mAkeL<83>RePh~=aS3Nq0^#yez92U)R@aSJ&lSc`yGdgoaoE*f>7b*K`wZLCdI
zx+V_PJ1rdxR=v~UfqJLiWBp3bvLPTj%anlREQ<n?rAIppif-5@d=IJwJA+4{+Z7N?
z@B@?!-0~D;l82PQ!39(ajw+yX(aq!=Q;J8^#ll*tZFP{c%7XC~s;aOvcoeXMo+Int
z5Cxc#V_i=9KiU~Q-r02^WoFj_m7wBkHc#jizxK-3fl5|;W%3BD1~nT?NtWYk49kEj
zM$<P?QgIdsDl^Rls9bb_`JR@o_sA6nP_osN0~J&Mj8AUGyPncjE-IwT>M(&SNDl^-
zkR1M7pyW5Eb@D*#bdcm>M+YV8oebSOHTIDXAgC<$1Nr(_nYkeWDyCaQAbHQ|vn*=U
z;0!F!Y(GS9v;82ecb>+!r+n3(GQ^neDT9hxo_W%pxxR*|A9>Oowzguq(4Dy^ir#W(
zu0h(t&Rh>wkaiGMLHcQ(xh9HUZ)dJCo3Yy{1+sn(Rv;zVm<5uv%Q{#?7e`r?%Vl!$
zgdKTShs%1M2ki)~^ZE6~Asdb_OiZ4BGiapJ>wJ9Kpm(+k_w+?|zGmZ`pt1e9!0tPz
z76e*pXBMnnE5HU-kkV;v<-=~Ju48ih)=cV{e1%Ws@XNw?wX9>dHBMle)iE1|uRJSA
zO|qnozo25)7yTpDi&BN^i|wNG-Go@GFSbxXU_z=dwwX>~$?JrkoF~t^R+A7=;;d_V
za&S?qW?ic(No)B0R(M^jZFd3_U|s97u60@0;_#9}s%vq!D5T^pC5M7t0ma90jYY_>
zfY`jb7obA|Yn7M55&jaSN9-n=JnPM7T}auqcg3Oo5~M)vp%g_f+wJcpKTKr3J;@Jp
zOSO~yL-CS2wQSyAMko1+k)6LzopO9S(9gTn$pigE3dIBcpwubf2o$&3`Bqv8tnlo7
z9XA(=WBQ3PJD-cxfqrsMx0w7{<#daglPEjinFID;wDT?7fRbOjg;!{T?7Rp1$vPGD
zG9<`(S_k@vG__4UL6x3vc{P$KwP?C^oo;n3fmiBQGgMG{rCT28U+S_<x2`kW9_Z&?
zX1k*cpkijW+ZyUX|8)oYa|$_~ua@V~foy}8l|X7t?j6V+J=IU*jJBuxLFr@%AlSHa
z)bmt7?=otgiU3tYI_atYMNua^D$%Ka0@F#?COXwmSeoXk{vox=Q~jVc%~SnDhj+Gl
zM=UtGugZ9;pD1Zsj%TO(7gz$DBFD2+{k%%kay&cLzra{e(>&F`z%ohGI-0?jotoAn
z8c0oREe)imwU!1_Njk5=9$ziwj0{wpG@^N`pYq&o=v4oZn$z(OP?_azw7k%%eqv@4
zTV?1}{{n00)V9Tjb{P4MmDILFAOt3>OybMb)>HlDl}UV=+Ip&gfs;<h^G7DYj^{&M
z0_b=?NdLIw`5-;wj_1?wTybNMXe>ciXUKSmSVGI?9na^=jqXXu^M{J!@<+$>3ADjD
zf^VKI&MmX{?mM18WC`uvcRZg!y?V~&uN6C<57}AS5$l)Z#J-hz<}rbclE>8Xd~8Qi
zavngIm)F2f)nwiAe2BfF<M~6=c=oMiz9F~c`3tn5##)edZ;<VHK2a`z%;b7g9nU8)
z>9)iNikGB&sWt9+J~16@A=a-2KTyT0QJ{*|;p%ukCbDK^g0#}{Pb0P_!*j@DQJf*T
zkE|bbJb%QxdpsXQTb^~Cj^`67^BvD;Cal(B7FR4}#X?prWLZO2I%K6oR(i+tA*yM|
z^FgX<$MZp|X~*+1@Oo$vv$pv<p3f_F7GeSEtPZ@#^BWE9R7}<7ugzzWd8N;w=@-OY
zQtKx5{J!QZ-9pgp4`jv}GKT>&GX$AlLCV?vSC9f|&l*$#x&a`?;kJ6m^GRJEWnoY1
zcs_4-Jb$DZinmV2f<sl?@qA)<Toh6!T18MbwC8~;Io_OYv0Py@dOV*@oOD6TS<e?#
zMOAN51-Mxbs(_t2U-B8uj^~e5P_LY}vn*0^HM<`}BBBQ;Ayvdv9-wNhMFv%K=lP(@
z(J;5h!tZOA?L-Vzi@5{<DrXOZfXdlHA5_ko98mSq1prx228b1FrIG;xS-T7nNYS>X
z(eZrzj%4fc{2>MB@qC<-lsoUS<!@HM6;3_5<M~8Pia05&UOkz!_r`4dz2o`ZRCJ3S
zV$3$xSxPr%9>HxjuXlGmA4kZXISV<7K~_n~n1!s8kYx#3B}r|R&J2N!(wQMpQPg2_
zUg3}u*p#3N6=F==yuYG@-?fHe@HJIp0Le*W0Le*WXg!MGwJyZeX!+6SHbRnYg!Y7t
zAINMEWCe^AWmyiv4`iANnf{EJT-j`#r5+=uQ#L~;S2hg3MR5cg@|`2l#%I%cj2bkX
zGGYl1D4-bhh8HM49YTi6EIu#e(;HsAi`~oE_5SfZ0JFZXAodnk-gPBhuiwr)C~#xP
zkPIs7A<I+Lpi0n1o;zVoolj6%t5)+ddROw7@u^3}J9D8mRvu(AA!yLZ%7d&OXd<Ji
zWJ5+#$%cwzv5W!c;&<rgzN}(2*a9ITML?+`(^2Xg08*fQ!b3<tVP%LmT}(*G<TP!8
zCZL5wCD;H#-`tA99FEBtGL9gtC1h2g)lHT>Kt@R(AY&$v%b8+2cv+?xXo>Mt43JqS
zIAZuN!GX*x!I4ak5**2j8SCqhSdhv|J$8%Kz=}&f2sF#o<8lTTi&L@`0cA8}dOGj6
zT^3p3Ho78*cVnH>j1uc0qr^I>C>v&pX${~cqz1rA$cmto%M7wW$TEYhJjgPGO`}vE
z$S9QuDvAYB1#-cWS%Q%R!qN<pZiK8yNC%n9jG!`*<pP;=JW?(jsfS9wk$R|HHd2G8
zq9YYFO$BWl1DXDf6gd3@t?u)Ah9LMWBL&JtM+FGnNI%j$GouOxnr8<Gh_W$s#F%3p
zKWG(!tOmM6`$gL!{aRB_?iJmdf>u+=st8#X5l~r8SB82wRmSI8?-(%`TXM);Y{?;G
zdZGZ!Z^J;0;sWRbi()4HiIZjNxq=b7<xh?jXbstV6P3pXS|TPb_t%C>X0y~{{Fd?h
z4>2~9jg)cntit@Y1z)Yl5Mv|qND-6qW%c&F5I$8>o&f+P<rr{{kFccdDWD-4cX4mX
z%4;w{Nm+w2<U1v<JAz+TSye(KkRLYxOF_8UGh}nQ$}?0Rm8H=ja7JUKnDb(Wido4P
zuY-c8Rmn+3J3^SUaSZ@aEuHlbnV+-%p|VPsv^xY^7Rs|$MR~?Q$`i6hvhOcnb3<zc
zbsM39Mu-X7G-rg`j8K~qnrj3mMh-El+Yr1!Rvu(t_DESzjfP4vml(9ZH`2Rt2AVfJ
z(!1%*kniNg?JSm_wjeqpUv6Lx$%#8xpsjX}AkC5T*djOxrP^<=HYXlpLI~Lk<46T;
z!Dq-CyInqHRo96C$;90vP}TQlB4}+lQYLG=p}1Vzf!1~-MOoVo^=@-vP%LjDWgynK
zf-)rQ+GiHxW(Gz~<}7c>EVa)d8PaqOm<cAyWHmgdMKrx9N;PnHHB`>kz-bkMg{_|s
zl;upskV4;d7_i<oQjD31p<-BHrz?a_|3`{Z<7*RHWSmVLvEG`-Az9Eg4w>2cYgWKr
zBvvI;6nBw^<j7qlP<d)Zhs;bPI#g!KW>ZbVl8{#xKsBJ7NJBP(N3Mp-t5$U{iNLDt
z%|zEp`H5GzkcP~|O`{=sb+-tVQoG$Vr1ad`0V!WC<$w}$g$I;Uy9+Z^0V%aN6BlSr
zYd;r%2&<;rTTr^7y&bY{+S{R0Ck*W^fz?}k3rd?eRR*NZZjlTrSWi;8X3S3_apPl1
zj@{}QQY7wifD(xt7(<H0y$X=p;?2YXOGyni@`NQOHy}WX$=!va3QbIID=g58ro`?b
z5LOp(rU9zwIARQyNz!t}SYVkXEk_IjQytyRq3W0=V6kjc+YEBQYPMSdL)9uvu*oH1
z8%{=gRS)tF#&mD691)qL0YVn(GCe<u)iwAb#p-f9$m|`h2GlfH)<KETW%Hp5NQ55L
zSYWKkoJ-?`B|<z@IZ1>LeY{JA4t+y$nFw{c2~2hleV}60&`z!wRs|B|);9=CkS<CO
z#gKx`b!Dr<vU65Jnze2wA|LGrWc7!vs*uSNG9DnSs%Osj`&wXQ8)!m=u*fvB!Xag%
zxdDyMZYDy?*nt&LCiZzynb>(jWuox~l}Y?K^m5#-)Jh0cYIPb^YUKqgb=7ci=DuO6
z)q-v&!kxMXDYYsGGPO4o+2Kh--b@^lBX1_|Pgk$uA=68Uxp0RiWX-*qxOb-GPKocf
zhD_krkVi_ln~6iE+s(wG(rrbV{iWK@n~6il^k(8vQOuHK{>HDhyqQQ0N6c;}4q1RV
z6G5u5HxmK1mNyfJY-DdH4wbC-*`_67wU3|u9V)&<C8+qdh<%8IhjCX^c=VcN4xHUg
z9I_3}DL;X8ii#;ep__^9u~qAQf^H@fSY@2RfgAw3nK-1-oCgdkw8sDb?gW8Vph3RB
zJ3(N&(b(P1ME3MzslgYdG#Y%nnMjnHz?+Ff_BzjX3|UEUCW7?cx|uj6pZ?v6A^B_!
z=h~t2bAH3Sx{=eIp-QmNgDRm0@+>t`>Ny;?TjMpbLyD;#>1HDDY9S7(8FM!i7if!m
zUK#_NN^&G@@0^^E$h?#DA(`I{1CVBNs4Ap6;doQX_U52bNRC`QAYD0Db54vHBRk^#
z#KkCeHTP@-fi?-p42+)vaZi7*Dzw)2e&PZvG>+3#c5O|aFxWT^Ra#o>Iu@zZT4wf(
z!Yn*u#hLwvtQ_;Xko+<I0d+rdWCG^a;gUm^9J1t)C5J3IWXT~VSM9r>NT3}Rdo|{}
zp9rxk-A`l=x0&mRC8XLQv(7CAEo<!DqCi$L$asM)CS*)Nis^g|i@1h`OiGY(4Ozt?
zo3eB%5aOr_sRTzZP+4!8Wl<`@&dOE4O|Kx8V5@`T%*F?mZkuJqbgl*|f$a^7CCwA4
zn9kfV(#3Re02NcU?@}P!@;_z*)|^*@mjXv*f>q`Mtpkg(A;sgRKw>5(F9i-MC00|7
znXp(K4ONgFc`1<iHguN)K}pU_fkSe8lK{OGxWITwfNn<+m>gN%w4B6wlQ`XbT$DIU
zs_s}UFvhlVF%*CMybws=uuFlU1n;H5p=#+!4T{g?@1;PZIQDfZ5L9b;DR8Ld4%J->
zTwuKHrY5H&luMTaLGsz9K#&FXw;VvG<Hp}Q0AwP7thSJ~8)Wr^tYTdX95H52Z<hiW
zXiV2uL0Zr*1#&i{1YQapGHWjd4w<!=0{1sM*WLSD4kPC2o(ayW*0M{1AgkG>K#(0A
zGD&nPa6~j_aRrt!<bYO5&^Upt7|1y3Qs78YrgB{hgy<kc%0velR3>@>T?!=Tnh95<
zLe))BIjWSP3RN3%LyD;{4C<Yt>F+g=nIi2{AV*qkrY;2znIP-ar9j+w+Z7_WwJS(&
zYgdp}HmHegmjXE?<E*VqfkWosM7B$T1STQ7OqT))OF~UnyA-&<3P?gtR`aKDr>u9=
zQ;-sBdJ3x0B;;}+c_pEyr(Fsp(8&N~mZwshgW{7}`R1S?8EFpMr9h%@VR*!{HIH2i
zB&^yrrvw$F+BB!^k2Vm~_HO#vr9i@}jSG%L)~4wr{$PdLF}f5;6gvi_n6-X0#{OtS
zvo9P+6E_hA$yO6VkcpWRtx}A2k)o)}P5rtQNQ`v3$zGQN7g#3xTY089re&2bH?Qkb
zAn~i4OPZkS*1Qf>UNuo&dBS2ao!Nn`lcLVcp24(0trl7xvR9+rA$v7L>#SWvYb){q
zm7^8;p~;|2fg{rd$V35|CP2m<q?qatezWD&Z$Kuf-+)X|zhTfePj}Fn3>Py$7-Y=+
zV8->y9%9w=d_h(r2bkHa63Cxzy`BV)=#XOS$aX1^cj_vnJQI?a0{3nn95?>Tb0@fl
z);}QD$V-7k);%Y;wS5AUv6lje%&hgOW(i#iWae*ML(H;X2{KF12oWX0dq!wT!Fv#Q
zsF*S4r9eKITgz6hItsH8YtWDbGLt$A$V@mfw%TzVEFwoOzH}*Y?}}M*UJB$0U(M#F
zz#*H>OMxIglr9AhsjB&~T?!<yX7f@YD6Tp4FebbdIARNVDUh>*Rj;u63ezgNt*>z7
z&zg8Ckoak=mjZ|6&vSYpYl6bA&XDB-nNtCokRW3PvUHF&C1ip?!>8$xVp=_xXIDC;
zJoUIi<*COFDl<K9I!FoZy7ZGdrjUxY2h(dp_Fy{C5S?eGLqg_4=PA(S^r4W+=}MuJ
zvp}=tth7W{_bvsFjKMAiLR{tQQXoj94k?{R9W)U@N~huLQXqj!0#XS|0#pJe0h&C!
z6bP|XbSV&I8)-JX6v)z8JhubVrN9MRc3w#Kg5PNlWE~eWE6}CD5i8(DnIZXUmjfg}
zTAMBf5~FH(QD$fj3MpCD@K0F~82?#QP<+|TuvJPuX9SaFi)1Q6N+?qaGF_%ppNAQ{
ziCZfN8NIb~kkNB7GJ^bC{no=lRzDYm`M%X}J-kbStTNVqxfrblU_mRi>U$}Hh}GK@
zl0%9sH=;js(U8`qK%Q%`+z60D%Z=z#AW>%E`IY0Ara^L?8_}geqNH)2cptLbElp?2
zS(1=rPrMT&y=%Q1RM|C{XWWTWgJmQ^$~7Yis(_j=Z-UW5g=%iju%IZjYalhFxjD$>
z&CT`1xbY`@xgQ`)%l!ZuJ@=zAg<oaD6m$~G{IQr)CbeSjN0$PLl1%U<Oi=1%!dPus
zGGS;6DHA`nPU;#n%gR6&dr6^HW5%<w!lKP<kts1~h6^%t#7fTigRDGA2`m=0Vj(LQ
za!9b6gT^!~KqYsjhJ~O?&@_Td;BpMBL%nmB2<n|{E-V@K&M6?scl9|Igyalcyz=UL
z5Lv40f#l`f_Tt`^3EEBTP8O%jZ7)bM%QHu&J6S}rA47_wP3iAo@UCjs)3|VDrQ1&H
zP8Lxdt09V~eYE}#2Jfn^2MR#d&v?1-tXRpjcV`$JRW*p>uNQ(22{y2S<kGt{pxsk|
zxE%tqfxSDkz^!0Grd|-m=qa?JN^s}|m5aV~cV~#QQ??^hFNkvY?#xgLc4!tf!_eKC
zk;>WKnW5Q-?#_&q*REm>9p06R-G#-v<gvRmMA4E!%FJE^DnZpsi?bwLlc|8zH%rpp
z8S=89Lt;HGZdZ&&!Ropj4a9UPgCsvEIiPrOA^<8E?FAQOO0Hwp-5GMxtAUhGuLe||
zb<<je<hRtiu%M*reh(-)=+J^{wOvA>fL%fuDNDUv&Tp2P%O{{>y5|Iv>6R_KJHveo
z`#1|+t2$%}c79S~uiha?k^Oi_5JmRf9V{I3@&d&E0a-IZ#vo+v#RY}6EW~#$Dt38c
zfkjcty1YPOOtf&wJ%y6n8eLu>imd@D`HtEW7`t9x0L8AC7eKL_g<*ZoJTomjbhzZ1
z7KnLzbQI4tu01+B)H^N3jtwqdV|bSrhSn;quPI0`FAQ1thGvlBX=vW5LldZGEWvSk
zfdnqoK`J5XHWlge0#TB#mlr_QwuuRAcGj<n3CQ|2F#%Nvz4R_G;CWZgM%ykg5LjzA
z+JfY|DM^<X_<I?y96~IiwL)$!Sh|-N@aAK_(W=V}s$&-z7`Bumx;ZgGmKHLBL8kYR
zWe*t#kX4`y3=mbd3k)DtwF?X&RkaHY`~eTGTo)KXvm#w!7_qqY7GweIj$UAB3)T*a
zTOoffl!Hu{PJ`B35ZO$%b3pig%~zUM(E1!?RvThTUSJrKF)uI-DF81p3{}7`Fbu6%
zL*#a+t^qnEp1lUdocaZ*uw7u-t4b+%jUdiZRoevyVtA?qQYLCAC<g3(ph~uJPW1;c
zDmJ4>CCNm$08-Abr-5c(A+g{RG$>Y7cu+NTQJ@P9ByhORYvVV8?npbYYW6k)Ko#fk
z1gbcvub}GV>NKeOxTFB8K8N25(5&Jk)?&IVphV<O5vYo2c|lcV7Z_knvjeF<DSk$X
z*|ltDgg_?92!Ujx<(Dona04ybdVyicns|YMYiTKWOMOk%nW-zBd}omH>&+lJsyBCm
zflF<*Q@a9PU|66ry}-bQx61K+Ajq26!@Iyh*mC~*(U1Ma(U1T5(U0@{lSe=PQ%67f
z6GuP!lSe=GlSjuVS1)e(y*@gA{P^_x`t0Q5lt&UBKY8-xn0tKCo3m%o)9bq@r;lH}
z{hatbqcA<caeQ{ke$Me5#JRY*yS+YrLF$W}(--|dcyjfOC<kzJYzddg7jOSG2`-=T
z@9q6Ne(~bihtrGGXROyOjK5VzFrm+%UtB#tzk7D|gfs`hkV2&A&+jge$KI0P9l!C$
z;ps76O<_;Yo*kZ^o?ToV9xqNW-?(}69$dXOX3gP}=&<ke^B1SjPsgF?=IZXNYpz%5
z`sT&i<$Za#&z~<3lA_uCJ3Hf-j&pW%#y;-x^#pKzefsR=;_c@zu84a>wXWZOc7FQy
z-5EvPJV?sX2S3flbpnq`#n0<U$G10EXGr`YnwM`Jot!?sdT|PQgRK31K=WK2--kVT
z<BBs4y|_V!ubw^;?eg)P&yHW5^X}%YQ>^;Q8JXRT(1>Tp7d$PHMj*Z9?#b0H4S08U
z`Sk4aj5>Te_!5Q>Ax|%^j&FWdyh0DrUgdmqH$^x(ySaOObt?lmcZU{Q;MEJ?eSP%e
z>g4F;>gwWjB|%HMhrPX`O;2c+XGbTn_V&%`@zG<HlAr6x$LJ2!pPQq{OUy6Y|9BCP
z9zVW)ar9V~fBfWxSEpzFtc@SjUMM{3_r&MtFV5IdI;HW1Yr#did)2g$-#osgLqx7e
z$(*0#$Lklbo*ukJv=(sx?!MlOa(4OT^y@~xK7~y}K7RY;Y}q`4kCk%z_`Kii+h=xy
z$8TQYViQKJHR<Dv)xu6RJ-fa+e)jz6@zwDKr!R<hb^7A**~!_(TJ-VN#l<>)^bC!E
z_4IM|t}bq$`2zAQLa*;`pHGa4gjP8;;~wp&kFTE5t*#LX2MFk+k-N7HctUTnyvxhe
z$9q(;*wmXBSP&!MoNe=kR4@HO==b#Q>5HppuK>EgNNbdvpXPD-FY46G-#fJY=<$ok
zpMRa-Q!6ZafF2dV(*rEP#qlKc;%Yqa_rX``iARsGC(wflczpBq>$k5zOKaS`dHwaz
za$WcF?X%OnCudkF)GDQduFY;=yui9WxDN}QzVU*I|NXnCx0lxbR|PzHevE?ONBb1G
zMhTvw?T75?ztsH|)VAEe8_>QS0%o!AW8T5n@rk{pobEnZ%H7v)Pca3Dba$UF^8k_3
zA?2rexI>3&JcM?5{V6tHVr+PEJ>g64P|+J^R-l-trySigcdv2uj{BhNS5I_8Ealnr
z<BMs}-XC<3$J60chBWDuv!_penC3h`e!<*uuhr8%EXa_9HC))3dHvJz7xb$`uAV-n
z#-9$SmMHJCxx44#4lDkQeqi9M0`IPGPYSwufim!j#ec&1$iD-7Z(luq#%D&}T+r21
z%=dXuZ=Witx9{G(!l3c;?%CP&_LT0hY7g@bk+JbMZBppTv+KJVhtFPLoSr^EdNTa{
z?D^?uUz}nGU!LA!GOjnm`{wpWOYzz3uU(uyxno@9;mzY~SUFMTCw28F^)^POBmSK|
zqlxcFDCmZA$b5*Cw~wzk5PpnjOg~1SdIi{E_~{tW8C##f`C@we<n-zB?Zr~BPtl^M
z7n9q5F-g$V)t!;~^zOwmZtjzvKikiXGZs5|c;)5n`QFQULaG-CjvjqR^rvSp=-Sht
zQ#vsAVO<@qTUZY-uHNGL<<XOi<HfwVx;no_u+NTBS@Jo0a>f4}N)O}#R`K!K^~~QB
z{DY$>Sn{JMx5(`D`0<-Zrx#RhKW9%NH%AnDL7P6=!z6jn=YhVG=qs$eUZF|!75Iek
zxTE~+uFCl+^FARfn*a1Fojd*7%OgZ~{Cpg2cMbJDK05vS<5RrD)34Lw`<a#<=mR{X
zj~^dgT+M4a{W`*0_}LOY-@l7_icq}L84MmV{fPBI>p%x^7kYX;**rbHK}=82PA{JD
zdvSW-R|RjpxWYfXcf0o5kSXiOz<xD|xiI)s32v@*J@y{un-{Xj`y8OyB0~<@Tt30~
zu?mXwp4T}=M>;`Yh<tejtM~Ns?&aBw8ybAM%=ld&VH)=DLF4Hs9v@s@y>*PxK7RRt
z>BJ|{_4(QJUx^X=<8#{U6VdK7L4gT9J$r+SXO5mSP(HasiQ!_y>VEDvE_?~T_l))E
z)!pso+1EAEPj4?S8XSGPqWR%}fj)lx>V^jN#U5}1j!}n?g-wEmZ}d1rpI)`v{h;^;
zTf#49LT8of;2+~#PDi{rdyeGZI7NUrFGi;bqqjFXcRVum-z?}($8QgZTJLdEI(p-Z
z|8XJSK<$aDV?Z}nYx;eFgDKpQcK<MSNV71j^KS40pIjh?S;rN2y{9|8f9&hY+nLEX
zk6$j2H&LKB&)#@*!`Bs##M?)2vP^l1GE+W#{wZ622+)}Oe6Z%|;^ocR)3=X&xI2uu
z2ee7V;qm$uZNQ$KJ$-QKi9B86B}G0CT$D?i<p>4Yoa1bXE+5>x;U7OfaDtZG>MwTY
zW1rZNSM4dn-zV2g#O`4&pDu5%jtN^gfSjQq&!Mz=zp2p~e?AySvEuhrtUWVmL>}DR
z`%l9MIFVQPQ9do~L&Q%7ek%HX-7V%p=+hBCk@v;bTOYUMA?r_uy-J9V^7;m!@Ffpp
zpS41MUf<8>_w$AQe0e{oZzuzL6%B3Fo*rz5v-dCNMe%U;;K}W?=LZ3T5LMv%=<NEz
z{Rs8R=LdFjUfTSUPsJnn6~2#a$2wz5`y5?8yLLWEi(RKFkZ1JI#{}S*pPtsQ0MD2M
zuO8QTS0`Vk9@mI+dU%bs+06g`?e&Y7pANuHeR9Z!s;*b-h;L4Qhn`&@ef9R@jQ+-G
z|J7Rt;iqqBr0&7G$RhRXmAp(kJ$>Vr-n)m9trT1wzrjC_av;@F4Ej`T?>`AKlJ_AE
zNEgmBnV}MopLK31=7V2mYZs?a_xSWCP4+2U`SIiZD;Fs)&YoefF6bP1b|cqE7netj
zB;?P}1IJ#UzWxkO3A)36u4CX#2yJ}~+k~cl+s^|=+5>%X&D^qAgof(NMrh6E<44NB
zqE1(DJo?;zU+3rY4Tr})Xx$mpo)f%v6@QW4<5y2l_w;f9xOl#rIBS1)%m_6u_u%OH
z?D+b812U9W$8zJu9-g0HUEeu^9q{$_#T}ELHT(t-V(awaUE>+d@#0@C^z6wOkDi@A
zIlE;!hLOBSG~)1N4bWa3o=^JD&uC`;VbG0=_zs?Q<Wsi!5OlD}&(1gX!#M6AnO@;J
zZs@|9!V$}*@>l0!KN!X>s$DV%dV%^K=!1=>p8}s8TJIxeEboz><Q}Mdp9H0UmF2J0
z!277_=RJDCF!hSJ2cl2$aeA{>JGw**S>V`|=i|o*47I}bs+pDhwWmG5z{KGP`gn16
zPC5dwQGb@TKKc9rE6yt|4XzN+>cQpJ-CK;Dr<;<XC{t1<NC(%8A&~*4BuJ4V?A}6M
z{`66%=+)TtX~@7_05b!v-1^la1eG{E*>s2JCdQ53SD0%4&9i9Dv5Dc))skL3VSasm
z{nphBz$F_0Cc`hQgXF)JM_ePms`mo-Y_Q4qp5~X~9Pe>m{^~jY*BQ&Hdl+vLMuoSJ
z5Vm>0ctTI)>GZ`M7yJwSZzjl0*y8&>0GXlJ8(V8~el;F^dhW%=@$>7W9?0UY%g@8}
zewQONSBBy(#BL7TGR~`~BHX;`kWU0=N^_TSgC5UQ!HsUF_=x}psmGs;;8gAKzIhwq
z?COd0=)<Gad7hu0v5vik_~&o%`sEpm3U4=X5O8vg6O3#79PtAmA2WNqxDPet;tZxX
z@uQbwx)+JXeKNqV>gO&*kMNF#tQ#DnyXUM3-7Mz3yNz0VW<+BKz^rZ}LqdkIK#5(t
zVbHu^Jt6#pY0&8<h262nho^HP>le&Ku^PO8_V%w#f$3Wxn?+=*ur)5$AQlzAo=o>y
zR%9L*BZhqptjMZl{3{&g4bE@eM`#6rtjc)uV&WRcQ9k5Jy`L+!!@IZe)84%M`nnuZ
z;R^$}j1S^A5FNvVp%Xo4)#CZt5tTS73SIcQW5vglV4hx{UEN+E49KUUMg%{Z#cKr1
zau33P!IHp}TSl>0PY;f_%fQ_5IrHqZYt(Pc+B8ObdOQ36{4G`~w)W%WVM=`TwOeFL
zhxyv=6=RXVrtxWWJqqlZ6;phXivyZ<aew0l!~QWE$g(9~_KO#ELp1n_Kg_1~eAU>)
zBW$SNYp0|AJkW~yNEU0+R{<B`!<xfhy}^P%>ymq*L0Qn`>B*UkhZD`go<`=r;BFp(
zqas7l0p7239^mzJDmF9fX2*S`SD`rs_i>qal`r<l{73QUeO_xU{i{|PxOw|Ib!MWy
z1)Bq{hq9V7BeIPbrcWPp1wVQ(FHXO9dq!i?^Y9xH{JJ1+=HfC`UP5SKbLE^5@f@oB
z&8O-y<MxT?!%GJp77Nx?C?)?6rfE-%7xP^Ac)u6)Vy?>zT^DTr@w4O1>0x0sa(#3d
z4zM`akC9CZv>9IR!KWMtf|k4e`5FmPvxr{);qjFV|MB$adaIQR9Ub4+P2}|h{lbBM
zc@zoJ95j+FXe`~f<K0SY>I`*)2;EQ(aoQ~1e#ssVO1H<2`18~7B=_&peklA+q<H=2
z?adQLila4|Kg*BjSF2P3y|w$%{y;a<Z|^Ltbj=###r(sGXH%99G01npGXg%`*Z&GV
zV)S&VkrHw6`hl%{{e0{C{N5<7=d8XxWxA4%FW)0pHTSPot&OW&@5H7}!47ciG-UF%
zi?@zn%z*C^G0hHNZxK>>yH&zZhCF6P&r}RQ7mrzdc(vBD_;@iNN3cepOv^GjmgN&W
zP1j!=tJko)fj}O{)V5I7B7)iK8KaCRa(naS3A4>>2}9RjF68dIh}bOLyF2|x`qpDp
zznGOIB9xt%bvZ_>?Y15sUzrLpc74H9<3oW+;D{CNQ04+y(!Drjl3M^y`&j_xY!#wg
z$MHei(Bt*1!0SRCf$*)S!rP0%ciMW@p+geF3fsx;*##nU0p{LGSY%#p>F4;C4XB2=
zLntHfCmo7~!mIUuo4&kFFzWjDbv28|{KwA+e~(yshbEwb4qfhT>to<yiRuQ$&BAW~
z_tjYXWREB-Bl}w{)xC-0J5kxsL@vb;kJ4k2555NJ=Narr_h=6vcbuWCr<*bF>Cka}
zRB2v4ZL?w^XMRujD`q~^(3mY^T)ypmY7gs<qp^530WI!97<dmyH@F@b{p$C;!Duu!
za_^jn!)hZ>+xgrpr7UH(58aX(<Y1S1%AWdeg{Au2JH$G?am2&rHH*pg-B0ukL*4L1
zspp^&FGq!m_RR&u2~2KBnVlE}>2{32>r2~M=N}!G$(j%CIr@wdVIbOA$KveBE2BFw
zt(L03x2_p*=4ET@M=W*H-LN6opLo2VKVU4b2wvq`dUf?5ih1(aVdB-(t3{i`%U1(O
zG4A1gB4!wi`1MbS2Y6@R=S;Fz#+Csf6AomSo7J1c3Uy>tl8!_8>(u}L>FLp}`$%+W
zp6J`l?y&20i=ltxh)z&L?_sTI$j8ljdvkI3=FQD>wx(crOb~#x`Q*uq&#n`@YC5F!
z{y)4+-dpUs<!4ha45*rY4SBJDhl2?`sd@+6-aP;V%+SHZ^ZmGg57m^8YDXC)ScphG
zug1Ag2Rh!}4<;`+A9NPGpG}evw57~f=&&L83M(OZ|Ms)4e4tiy&sR^~5`1gMfFGQv
zx89r=&#D!Z<C9zFLpK0?^8Gwu`f`C&Pb1FEK~P1{<M`;RHcxma_koACV*=rN4bsy#
zHF?6%=l8`G^IGT>esq(gw@x`Nw1s!{XGc4}?oPA6tY5h^^!4XFu}A1&ikER@P4;7r
z_rRH;ZG!&v>5DdK_P`|N;^;s96GwQj&t^@&%#&7SL-QAp4)dd<yT{KTz5d0|9q6M2
z{gKfx7yRWfzApOGmqvb+qXOF;B)ikw$6tNUIiWqAzc{*k<K*?vKjQ5hC+GZ}GCO-h
ztZhJo-#k5earzeYIbkd?o;<!L>iN~#mq|Htdvu2ZI^(!kl(%A7mBP}q9nX^B^)M>j
zU4QkA;;-L2<>k%U^_O0!9=C>Z+>8vEw}1KQ7yq`SU;K%qU;M?R-~Gc!uYdMOKKr?&
zM_>5t=OEAC{kac5{9O-z_Ja=}eEY)>-g);s-}%=2zwH5Oe#@61eDfP0edED9AAI+{
zZ$5bcgO48k%)1Z1@!oqMyz`BZ-u>oh>1>PgosT|T{BM2d!ABo_@Zh}<c>d^v#XMxT
zm}l?*{5RhF);ABCmg4C4{cljzZ+rh;!r%YaJ0E=WT}tBT+aG-E{f}VhyYGMV!MEQ3
zRGN=-`rz9ied~kwza!W2@d@7F`RyNk=iT=|dvyH%gYUloJKq1`7v6vH?uQ>zzYpGd
z=er+%NP)lb+rRbRD-J(h-OnB!U0#3m`MbMEuYd0D?mNHz8^pi+_D3Jyz58?De(xLa
zynA-}#czJ|7rybcKl<+PeCNIIeg`fdJ^Jvw@4b8Xv)_8}qjx`KsrBwh4?_Cj!?Wwp
z-<|T`|JPZ*{;l`F{oRlLe~{;ojJNN+`_ZrD>-7U)Rp!e-^Nnxbz4MLld<3V3Jc0uo
z?e3%B_3d|0kNoe~{Q7tP#&_O%=WpiU{`*qo)$jA8-|*nqJb3WnhxxbvUXQ%`{hp)W
z_=CUh2Y>Jfe+&Qi-xnjVe*YtX+4O(8{QssO_-lUP2Y%o){M&zDh`jp!8;-vBH~re*
z^qYRuZ|2|r``aR~e*gNT@BRK?`~Bbl{r?I6?Z3}QUj6>{M}On@{hIIlzVG`X{_Vfd
zMPB`W&(UA5{J-4$N%_73zVvh7c#lr`bEw}3Kl7h`_Z`~iSN!+u4)~h~`se@39=_){
zNB_w0`49N;Qz!pn=`a1kKh%qV<Nx+o`|vOS;jc*l5C5T?zhV!6{^#HP4Wr-lkNxX^
ze)Nxgc=^454fLn}^WXDt|1|WM{?vctcmIPc<X`&W|MGi&5c&`N*57&h4uyR4zxm(&
zXa9G99U1)nf7K8E>3`sRd9(i>_<QtAUx*(4)B*p<ufRY4EAYRk{`cr}AN<VEe)l`r
zq7Qymr~9;WKl;({zW<%?e*4=We2Ce)`}uc2T&Ml_*d-r*@z8(ne&)O1dheURx_=*v
zvIgJ7?<9WTf<N-nw|?&359r32igz_wue#Tleom|V`sd#N?tAau1@1n4_d6ea_rrJS
zZAjqJ>+k-~Z@>E?IlTYTH{N^n#h=9<ek1UmyPtpb`EUQ+hmXGas}jnGZOPMLB|19#
zwFf%h#^bL!;FRF#XidET7Ju)5{Q&>n>(^R*;eYJ{`EU6TAARrl{qTS4m%jh#Kltl@
z{eSdt`aTY2KYIQ1U-;see&owPdVKPj_3`f>{`;Aa-v92;et3^QrbkCVuw4Fq{r9*3
z`%3ly-$Z}kU-38p+CTC?`+fh<pZ^zs^1t?X{u}@FpZxhhdi%KtfAK%|d;h{0|Lkx5
z>fe9z%fIC-@815C|Lx!LhyUE^Z~TeB@|S<(|M6e`Q-AnR|Azn9xBscD|MfrjFZ{dz
zonQD%f9?PLcO3s)zyIaG@Z<mP-}w*yvH$r0<RARI|M2ajANt$B_OJc%Kl6|OvETPc
z|8xJ<f93c7pMLNce&E0I7k=*gcmCAxKl>m5({KIRfA+WjuD{{O|E?c-`4^vk=^y@{
z|Nhk<dh^R4{DnXG5B=#M`@8<uf93D}=zsBl{YU=Af8<~N<=^v1{>?x7!@uDV{kkvw
zTmPkh=8Hf47k}HA|Cz7+C;!y{^w0h4|D(U>PyVa_+Hd^LPyRRm!$0_E{?`BApZ!OF
z#~=86{;{9=JN}mU{^<Ye|Ng(c`|G~`v;Wk8{k8w||KNZ72mYP^{lEPue(5j$lmEmY
z`{RH7_kQ&k-}|fYe&)Y${kebX3;&tF^w0g7+t>c&@Bc6Uy_bLRpa0ztzx}uT!vEvX
z{k}i(Z~lpY^q>E8|M)-rcYO5s{qo&^>)-k1|MEZa`~JZHo4xk{jG}5Aw$CP{Y<82Z
zAcPdyU0Nt9n@U0rQbkG>5or>7C!u2jLPtcvE`kzUstSlAC?z0Glx712rKqT&fD{En
zvj27O&V-17pnlKue*gFGl`Hqj$z*o2JA3AonKKzJRu8Qhxc<Uv-#IH|V)}QkxopQ9
zlONu_<!IA|-VN*3-DK(U-DgjZ9=xzdjr@S^YTB81XBD3ax$Vh*zTdC;WOi!0@sl-k
zBl-s)y+7!^J??iiWwAtek=5so%_k<jIo<g5g$c<`r>v;x^U=dQpDWDhas1((v6JQx
z%KWL|wWLqKXj$!rpjzP_mxLE>`aI^9zQ5$YxovJz|8JHZ=wA>r&v)yz7pjcB<6@Pb
zo9_Q1G&^E&`zMb-o)OaTq~WW!<4?V?@YUh3%osZHorfnF&y279^@A^eckeqJH!te`
z<jn3f8~1#6+vZLQ+g4;fcd5rab)WgRSJuL{OIm$Xb8hm1_>GHR@3G|hS4X|D<+q*d
ze!92Q`h)KsZC33}(AmqgU!Tz9vqd{?pB(CBfB0;-O3ycNSf4xiZr0IfSA5%})1Ljg
zjauZqw*QeuMV1z?<+N)z?t_rUDJxISD|jqodY5d=DeLY!F;D#T{cDy*FPay>T(rpY
zL!EOC`|P*Xeq+Y2oQEE`t3_ty*Kc^Hd}m)j-`V1U=*0u)HCr`z@ryxmpXY^s`_7XG
zf?wJ{{?Pj))<1h<=*iQI8hXrH+Nh{Y(Ws)iML9(qiVhb2R&?9th|8@m_rCn_<!3K1
zzx?s#W0zHNXmLVuYVpwG8O2$}?-zeje5%;5q-IIel5QnqO6Hg3m24_GRC2N8c4w6H
zPG?`|B<Dis3g=Gek4{fjRnhUNhO61?6}49FQ)iUFA>43>p@(6-;Yq_AhOLGphRcRZ
z9x)#6JO+47@mS=s(qp&B2@h{in`cAM&Yl^bk9ofCS?Kwd=XuY-a&;-Rq+FASUS9oA
zJ03b5ju=O*BhC@;NN^-N>N}Dg$uW+Yn3&j@xS05ugqXyb`Y}l{$+3>unAq6ZxY+pE
zgxJK``msr|$#IUjn7G)uxVZSZgt)}G`f*8d$?=Z(nE2TExcK<^g!shx`teEe$q9~x
zn1tAbxP<tGgoMO|`Uy!1$%&4{n8et`xWxFxgv7+e`iV)2$@LxeW9rA&kE<VFKcRkN
z{rdHj>L({Tl46o#lj4%%lM<2=lj<iWB_$`biOD>DGOJGJ&yvZ~UuT=^)z*#yT3Uil
zOY2dond%M0UKBpoqWh;e46CpDS<lzwvA_7ezTEX<4hKF<)i>jsb)S$qd+}?^!{6V(
z9LmERef|CX&27r*4^{4VJt?uuU{C#_JOlKk#7gdiTkAG=w!N!e`wksb@8<l^&i8e>
zziYSNefsw6KVaaX!9#`)8$KdEW8|pOW5$jfKjFcLt{fWcMQYWXnEF!b=CIyZnljYB
zhYc&Ol*G{V(0`NYPTtwALrh$1mwQL`9x>WgEgTh-G)DiSUHbU`qnh^~-M?jOOk6Kl
z`$VfW_GuYcqnG2VMo9vd|5klc``+_lpE8Y;tDdwEtGlzzQvc-n_4dzIPa*%}HU6)J
z(*LVNdI#!9*Z!wsZv0REd2?@awYRjbvGq&0wR!sR3~F$ry9^pUrhlglnu^!n?$}%0
z?!WUCxAZ@h*^fHV-k_!a&~-LF?iM%w7S{ZCx41=r=``qkPrE<A*sfha{_k({U#|L}
zZF6%j0lVg>HQ}Fb^7YqzYg>F}-*&$gZLhPziMP7JH@)Ip+ur2T&!T&K+uTd%<TYR7
z`nS5px3KD4+UD3RWw?8r@1WF8jK8N<a}MlD*WUP~8*jYx<{wR1w5hwr)}Udd#{86m
z%HZKy&db}!*XU<5`v(MCZYy8m_KKB)DhIpQ91<E<rK;6tuU5TA&068L>(s3m5g8RN
zM>zNI|I6S1RPg_;*Z5z07h@gq3D<rXlW+Vk-ok%zgXg%V{~{)_^z+kvc)xaoM_lVD
z5MQHL%wJR|{<P^gzv5fk-q^U(?Y)QIlyUtz0!s(U=xe;-ve~y<VYub>-`dtYO1GY)
zmwfCy(7kh=O~2(j!!51+A8dCk`q4*Rf4gtB!Vvq1?f$Ek-`aLx*;{zM?;hKK)PtQ|
zLl@V1$#1pdP-btrx%F#}B|?Ojbhu-t-hUXE(VM=?5d(X<MlVYH4rSy)?@lc3Ym6B_
z*fns|YiR!m^^Rg`4@+BE`h}%WSo(vdFWA)&EPcRQ|F2bhew#aHO3$u5^zBh<iE8a5
zR8Rx-7yZVgBQf!=F%fN0CVf;)Y{sBb?Bl(L_a4)C(A9$xw=zibr!~in>OZjmgnxg<
ziGxS?nlO6wzqzgTS>@=F!v_D8btd;sAJK2HG#Rg6i{9&fGox3ox92)5P&M3df0_3`
zOWmc$d5rTIrYiis_djWH#=rj#(S10fci%Dpe8pwP^5WcMEjJ!{EB(~ncrU-+V)4?n
zF8w&)c!$2;I!bq?>n)(~zSsNxm3QQNOZ@TWmG}LRV-hk15t}ePosr>m25=c688D##
zs9PSzh>PvjYefI?z54YZ)_)8Iglk}=bS=FG56@_+s^9TMtLWFY-O?4@eNoL7V|uEU
z>Y@gz5o(Njh+f47sz5DQE7b>To!X!_tAnbVp+nrL{;^5YLg#ojikDt~PP|77j*P@E
zy@w6$KZ-MAd&RdJ)q9}yh^Tswmh~J>n)ja2WtM8(#$p*O;~g^YA!8x^>nioIaw;!B
zOR8&Qlrr7yqoOQWL0dY5Xf*klMwx<C_dh>wC(Gi>HmSvn7dKDt(S7ma#-#r6==g`9
z{`kY)6Bj@9$DBX@<eB1nC1Q9fGWw5kl`8I6!*vL8sAR^5{22G~r*F?jd62A{scxzl
z^yanp=AYN|<Y)PvM5QM4cShIWC}riR$*$$>YLe^sHlkfcs|G4XbysP;mXlc8{T#9m
zeVzLAxPNZN-wse=@`4-7*NRR`Y16VLeVyudH6%VOD{H&jK4ggUsa#{-I%SS_4KeED
zTGBymK>eYQI$b%wW$L9`OfsKM_T}`^uDSu=`}ZDxXJ7V>n3%qt3($*7+u$*y@9fJI
zDSsH~CxiV)@7hanuf@F*J{LE?hHl-A<-NSv(yDiLb3Z!Qt>u1`>US7Bym{}8F=Odv
z(%+?P?Z|^=Lu3b!NtP;Qzia+YOp=x@i<GX;{R-*h#rN~@mBGUntt2TA>;3Asiowb|
zFfbw9qaMS`fv$(^?`qXD8jWqbxYwanPi-UOo2U2Y6okJ0Z?w&+ogDN@>VMIR5B;#g
z10K}>LR+QYur!-*mz*%=VGOKdi;PKV**&fQkn}MRPMS8SP<h_wZFK+p@%N^8a=ndZ
z*3*nXl%Z@J_QoN2m=zBtitBAk4I_?1$sbJ=&Fnv8h_ZJ}{<}o+2MUEk;+JT{efW)*
zK13APSK)7n-=X~N_e8OkO{rtV-%#=|5KFYQlPErjvj0XSUn-Vw^|iEg$hSfM)Y+Ce
zUdx|A6lanDAaN4PGLwno=Os>OCQ<y5bxt9QpOT(RoPm5PIekFfNqQD>Hp+S)CC<Se
z<UdB7tL4uliXF+HPZYP4UO*H-CjA8QNtE?GMHFQ{PZPymq@N**y-7by6h9;V98r{k
zzvqbykuUWE-^5o*FD8nz{EI~K3(_wU#i^v15Jh><vWTxEUn-k#;#Z_|h`A`+nMV{Q
z{|(}s$d`JHZ=&QcB`!l*emU`N+)w@r;z}+5J)(Gk{8hx&$d_8fx3yY&JyA>|e-lyU
zOKs+xDC^%s6nPt+TZy9NZzGC)sgL+3$}-!DB46rbzKOE@Cqz+}*+D$0<$p~Smy`bu
z@f7l<e&w4ee|v@~@}<u5O_cSVBc4aT)NgzfmyrKEQQSuQ0@2FnhM;UjaT58}h;dqe
z1EN@uV{JoXBV-Y0W1`rTbQ7Xjn`N33Q?M!NX2d&CmTyiJrE{wVQIvyQONrQ;bSq*<
zl<i3+idNQhH&F~DeGgHrO1cwKjAET~;*1ze`aWV8lzy<TL@|+cccPd;x(8A0__|VQ
zL{XOSO%(4Uzb{dYA-_LStWEv^qS%7;Afgz}GJ}a?B<UeUQI;7>6o0QnnMM?wk)KW!
zW%-drv6y8>5yg7sk0pwANlzq-Kd?+DQLIJ&RHE3NbxtFSl0S<m)+K*7QIz~giQ)&O
z=MW#maME*$;%d@Q62+RNUnGhZS<g#Eu{`OPRKmo2dA~A<qfy?wam4Xj`eEWkoJ#&=
zqA2C}Orlte^laiBtVwz<QA{B{k2oKjl752tGTKPLN))Z6Un3T1`EL-#uh`}{iA(VS
z>E%T6FzL66VpaZj1@Rp%|6QV(LjFqPds_Y~q8Lp6YNF^x<>!5(m`MHyL{ZkihA3XV
z>~yXruGjJliDD&|-#`?l-m{S?%Io$aaWl$#wh%=*V{9vNo0k6(QS8aFY&-E|E&mgu
zSjgY*AnwEsq<0ZTsXpu`iW|w_Llmo%{{>OpL;jaUaXaa~MDYUYeZ*5J+j*KO=9B*`
zQCvp)3{mu9nX^Q3F8Sw(;%lVO6U8jjzY{MYN#{kPOVXD}7oj{?vHTvTT#^%`0#Pda
z7GgBoNIQrzD6d;AQS89UZ*fFX^5cnOd-4;AjkWwHM6m_=O^GR5ely}7BKggUcWU`<
ziDD!2?;>{8@>7YuP+o^LVjq<4?@JVGuzWw_6fJ)aalMu<B#QE0Zy@eOR^!}76n`bX
zn;7loUS|yPK9v2ZH*qHJW|=Gt`wynEe{Lm;lHNfSCB2(?2@6fUwnV3v&Z@xsi@TrW
zy(OMU*=H^gi&6H0O#WVc@&~7L3Q>HD^i-m_nDjKF_!8;qL{VOc8AS0#@@Epo*GSJI
ziU&x~CW;#$rJh23A5+fpIU=st(hsuVi{<7}t`NmzoG3SsC?=6FAMP}i=j}}t8<6fp
zd`8P(L=-pkf4xK$n;qpfBsx+4Rtgv&l-I$R7>M#ZScnz1{K~{CTE2}KuI1MzMr-*F
zVtp+?iP%)jPa(F{^4k#GYx#E*MS0#%L{ZY6iK3*t5JgFMC5p0b-HD>4dlE%S_acgt
zP9qLP`P)InbS*!FI1<~EKZ-aO?;|~qI3D|vo<MvMGf6*0d>AuGKSG>{lSpS0XQ8Zr
zHgP`6^DZDhr{zCST%zS?5p%TsT;ftKe;IMPmcN218d>Km;%bz2zEAuBSCU>s6n`hZ
zjwsIh*6I9^D9Yb%BYuohc6~w=W%=F2Jt*6}kGLOY{a+Ce;9}B;iAPYD`JO0BS@$FH
zCzR!n6Hnj*(mxZ$i=@vIMcIZ6l82e(Um_OaRMMA;qHIqsJI6+x#y(k>DB2G>o%M*~
z3#4O-A|DOafhc~*-=-1Mk&m{@AWp{9<WD0`N0QE!H7Hv!gk^RUf5KzrODA|VI>>hr
zd!dvqX~f=WAiob$G=AxH_9coT6jJ?&VlesriQ*SuIGqEC;y%&?iNjE~VK`Czj{Ffs
z(UZSTCyGbN&mf9NNsl6qM%jk3#BnI=nM9n78(1cj_$|sZCx|CemN`Q_tL3Xm>Kd5E
zz7b9oB^^l=C7qJZ=Ky6rcM-+L<DAZR#Nk?gCUKFLu9m~=hO&GtF<nbPNPGlk8zvIP
z%VXJQ;w+TqA0y61S>|z~xUU<Z7vfVW%REgK<$ZaUn5X6E6U8+wUqBR>lYWCJzDxQ|
zqPU*)TSQToUq%#9l3q>}za;%OQ9MC<1yRi682k?LLzL~=L=<J;*i01HviugJxQ+jD
zD{(u@|FxUA2jy?SB<|PJ=ZU|eEYqogvJTUzJ7o~pqhpZMX?Ie7qm939M(l=%SzeVh
zsBo-Jer;k$+(-U0;%8d^K4OuUpW$Ut4`DdVKSG?NrRNf#)Y4BApV89K5nsmrtn*dk
zaxJ}rxLQkpKwP7xGtCC|Hm0!tLgE=L<ZrVo8`OHVNj~uq%J!#>FsNQA`Dw(-==#5Y
zGAKJ%BflE4Iex?P>AZN&$m@nS)cZbscy9{%S=!My+=t(2X?ek;kVi@^F;PoPpG9lr
zE2S;p#-S`Tfhf-6`J~TcBJ!0onQ!7b8kf>XA?p1U(@D$U&LoO@KgBH4tmaSs6pv~7
z^N8YK^;0~dE&miz+`*HT?WcH_Jn=K~pCgKT-^BBz`MPd@#1eif%4?TJd`%YSf5|3_
z(x;F^6y<-(BZ`v$22teePkj(e$&}@n6U+8Nyz5>*<vpUP_d%?3=eznKq#uH>(tZaI
z(woT;Wu04zqU4wDYmmMLQSzm4;Q;cLB7FxZkw=R38;G)u^czS&f#m;26qm66--)8$
zM^IH3W*Hk%)cXixwfw952&A7twzDx&yt<E|8F`{C)0`;&Rlh(7mXU4H+nmyd%wWGC
zg_19APLa+2SKFC-+p=ss?OJUr4%4M=Dyp(hy-g)`cfCz@oV2u~PHNk%x1*%3rMIJ`
zJk{Gvn@H>Jr9#ruUJ^<Esl6m^Ci&lQroEI_j=Bf(NRf8PIxSsD6!mt<4$`bMMcN)w
zv@vA)vTcu>X>VMs{qQy~klub+L0WG=tRXFJ2Wc~`Bdxa?){@rS44X*nZH9xS^)|zY
zH)u0Rd*Er5?bqx5TX+qxuJ@N{%lKNa)b%Tqu7Xmxt4-AF^hu=kdVCwwdfmM%X;GH%
zP822GlPF5MY+Za1d3ybOHfg=C{5)yBew<5MuM@8#y&7dbe^vJ_q8_u2Wv^A=-ADd@
zZ9Qe{xIdEjS9RG7EOQYv*@nNWzrI?g{@U!&mHO-Zq|4S{)9hF3tWr-ES^XdCsb%Y?
zQXduBKX0l&D)r8x?&VYdPQ6p=p7LB$?-XU*uC8|;C7(x%)H{DcmQRs-rzn3bb;@BV
zNvS)&prxhm7=@BAb;l7}TI!AuqpauZy5mf38L2ypvOQPV9iP;ek@{k;mi|xI7dL9p
zD|JQjuj-2*v5fq`QePD1b(8wyK9tu->WiZMzt^iHmaP|-tqb02{jY3&u52ByY`slU
zH`D8CQZJF8@4{5<iVt8fR6zz6f>p2{I<OV07Q|LW?{ePW-X?E<?-1`W@2cK5@21|(
zyxV%;=bi37()*zIH{MR~RG-N{8NTy;7x+Hm`@HWF-*0`LzNtkUi#{uAT%1xozxc`G
zt;M_Gbg{EIgX@3Bm0T`K3oxijC=~!t^g=7zu^QIU3@3_pFc#ynJ|=56B#L)vwkC>q
zYTiW@+ha$(8}Gq;HM<bSuA1G6Vo%LpM6oya!G4+pi9>K0j>0iG9v{R<aFS*w@lkvX
z7vanJD!z_+Sb!hkY5WyqyzcYr>NUsfaj*Ga6^eq2l*ynHFd3Vo3T+pf8agR7EBp6s
zHOQcnh8Wat`~^?rc`OV)8+tj^8JcOFW}IQ1Yn*RfV0_A$Ys@z;GrkQgjjN4ojGK&G
zjoXYL8+RJ_!a?KL#zV$$jmL~7MipjIzUYUEn1n4c6^G$*uD0@uiH^yNSs$Y;yta4`
zj>XBEs<yMX3JDFV8e$De3F;IiomP`MPwY)l-d^lWVcuUupiiKW>^DatpmIQElP!?z
z!=r3zwtlt&wsac}rwh&!XURopk#jBU7I$bm;@LLLTElCKqxaB`LIYQ*iZ+~#QgbMF
zO6|cyr1#<W$(5E>K3{oR2<;!t^58W@2koW4n6CMExA`A$?``bon24=W<tOH+<hRdH
z&F`AuBfnRER)zBwE>tM4kWsL{U|FC+eT+2FF8t~LRQmZ7d7SgInloP3tG)0$toAtM
z@x8}S9zT0HJ;r#B@tg!RU>11s{+J;YtdIioUdemZ&)DDCG@xm~7lHc%i!4Q!6P13c
zln|5{<WbqPvKM?7_F32w_$ln?u#;hD!_J5O9(D<o&14I3y{8$rF}6vzOxrwLmaWjH
z>^1G-_B!?mdkojpx3_n+_p(1~f6TtXUaLk*jkYz?YB<AHozeBi)qAGibM>6{R8-HX
z)6qrIbgnzR!PjBq^11qsMvkVAMUKUeEGTkZb}Wcl5>puSZHz6pSM222U9nEMKh7Cf
z*xuP*<=As(=gi4*<R<4v<wfP~g6;*~3x*U7Eof5QwAfM-T;eFXr{vy}0VRV<hO+lL
zOAJn%vmvLycX#%8X246%CC<anV_dO#(s|KY%t`SE<$*pJhxM^3F2KdO8!zJ#_Ol|?
z_u1542K6DbfI5$Ak3rSKIyeA_pzPDra5~P#JbVj}<Ka&Y>MW|y4C+2i!wIN9r;Nk<
za527wOYjxV*NNGfhi~9pxEepuTub~AH>1}V{9ovY{&+i9!Z56g$=DE^U<$UtR+?>z
zsdx{*{-r_X;>UXpY9~5z<j)564jO(jsK%&Ha~whkK80EM7B0v2xB++J9z2iIXnYfo
zp%V=>9zD>44KW4VU@G2?Y1kiSKzc6?%dhcgJdKx88knOo6Zhd^Jb|Y*)dhnxp#@uG
zDt5&*oP`VUO<ab{QC&2sPM7#S4#x}}gA?!(%*2_v0N=o6_&yfmX55YY@i6{?r|~yb
zMf45f)3_Z^<3+r>>^tgt$}=<KY{bO~X9Q*GA!ReDh1L1{8U{52GjI%MV)L5h`|^IH
zucjX{0qbKDHqvZL6c<F(pM<L1^m4PxMSEq2%?_(qrCyZ@a5&N#nUcLEJE|nQMCv}$
z52lQ%#?HpR#sS93#>2VJTor6k-e}Y`6Dwdvtb~;@0qbKDHpEt#id|7vCJ&{9VhCp7
zBbbS^aRDyG#kd5O!=R$#*}qVZ9g4C(91jQbx}qxIrhMD-?aQZ@zpwoL(5-yW@@eH~
zm!DJq@$w7GFDw6c`FG2&D!;CLA#5zax%{^BUzXoj-cq4_g^Cp_SLjxuXN5;9WL8*M
zAv5yX$gIfh$lS=cB9}$3j9eADF0wFkOXRl5osqjEzl_`$`Awvuz`MX$5KwSiL8Ss)
zL9K$?1yKcue_&t6AMphKf+z7bmSC1;vt=vnfZdi$mdh5WWkJ~cVQa$}iHfWl84mJL
z5%iEB=Cws%tc;;($Ld%EYhhh<cp6k&R28U;p%<Dl5G_~%Yhzt>U@XRA0w!Z4Y=Nz@
z4c>+AF;%k*QS6C*aR3g(3>+iTbF}AJ&+(oQc~1144AWsI%=Vn)ITz-6zU=v`=Mm4-
zo=(qNRq9shS*3TC0ab=nSr5uu(OTJB#cH#*w6?Lfx29UVSi3@Z=n1{76RnxncdRR|
zo2*-`pIN`O9<Y9GJ!L&(J!k#RT4JqbuVwFF(7zysvUwh6X{t}D^WYS}X?`>O9`~E?
z_k`b5ez|`6e#`vc_FLiiuHS0EHGZ4@w)%bK_p#p&zuj=y?_0lPe!u!%^mF>9RiT{0
zfj9_<;5=M_PvBGdJZ51Y8vH!{y!`z90{tw075r-Z)%A1u#rnnhCHN)!CHW=$HG(F7
zclfpTYvXs9Uwgm1p{rjHzXxD|-#EX_sD)9BqRvLC=r5wZ99|9|usiB-DS1POieKMe
zb#N|G7l&WUxU~P$(R73Q7Ej}^D7|invgydm@lZ+cd8ibuvdTl*@a3HzY8f6r!S64S
ze@QyLJXPBYbnM*bye-PXm0dCOVpMF^*tFP5v1xga<f%7a-Meh>mc1YEE!vyqT<6^A
z-0Ix!+~xe#x!3uX^PrOp`c*hOFd1z@@j-_vOU~dqJdZ`_#3#JAdhPZ)?sdxRoL7~i
z#G<64Mnz2^rKnj^^P(0-t%^DpHFG@cc+s)MVOT~RVmbRA-h-}=M9TUU*3%igU@ugj
z>7Fyn%`A79cW3VmxZ8NIaaqXDklkUQhJ7A(IP7THk72*SIk*sZF|4qPvx?c~Z`*A<
zZL8~ubS!kd;7}!jCAN~tl4AB3@i519u_61jsCF4tBs#Da4%}l<gYjXUiZk#r%*QuT
z83H(uDnO-C#~+0ga5AP~XS^SKVP@Wryxn>G^S;SDl$U8SsEw%ChcnG{&GXC)%ukwg
z&H3gP=6B7j&1=k?%v;Rc%-hX7%wL$lG=FXW#(dcPt@)Vwl=)Zl8S~4IOO9fP({Vb+
z8M8aKBv!?Bi5uWdcaC(v=sdlYx&@xcA}q!dbe+h?Yi(OjTMhf+Kva2=dC{Q!C`Zr>
zz0r&nup$OwFeYFUHo&IX22=5V{4U+CoILo&T>j^vuY(Q;{S<UM=wi^}U}vx@Z&0^k
z1#E)L@Hn2vi>RMxoUig3i+ESP4~6uk@8e9$3u=SM7LPq1hdsWd?)$UHNywo7JFZOm
z^XIbXyyx$pQ_9WZ_~ve(b@fW~nyu}ZXS{5*hex>D!=HJ70pEKc^FHZ)%KMV{Wm?Bh
zZ;Ow`r@T+JPkW!&eU`&^pW{B~e9rq^0_9uLHw0=xZAkIG-#5*7h;N4PEZ;|IQ)l^p
z<Xg^|Y-|jvaKEv)ailTxy6w8P#<jHQc53apBgWIlUyYaHMrDg$j*RjfbKSCTt>0R$
zj5|X4cG1tvWHtqwES#!d+f>)&FvXhUObMoBQ)B31>S^j_>TMbc(_n^aj%l80f$2%p
zGp2>67fg%cCDRhqtESgXxu$&6Tc*{f-QZ<5n*+=ib9r-Zb6s<?xiQ>t?q==@Y3APM
zOqg+veSEEXt+rnuaqZLP{JAXE-{N21zkz>a=m7Wn-{;@UzqkKG{*(P@_&@9ag8y>=
z75*RiuZ2SYE&hf8M?h>qTtG@dtAHs1Qv;^M%z!xoa|2!tcpY*AmIb^Wup(eB6b5Vx
z*a8Ow4h7J(3`_}Z9e8Kpu)x`Ya|4y7uB9oYS~^?0S$bM}Lx0Nv%Lq#b7YR(U%!5B4
z!~a>GBeTN%3VNH+aQm=I>6Io|no{Y7N?DbTSNgTmg-R;uwjgUzOi)VD-9c$V!-7Tx
zWdvmgtq9r+2f<c(LgmcL(<{%aoLe~`q;0H%s|KeA4-d`=9uu4yToAl0_@iJIQYpk1
za&Jfuc!kD=wxlm&T4+}2TcJxs-w*vhRE1R!YaiAztXtT`FsTRX^^z-X!Qb3%K{;+$
zz1idT8tXdP=sJFXV%@DB!w*}3){fzqts`wCZIfYvZL!V6?qT-<KYImxMF_T6vDW}O
z&ew*z_DFlQJ=xyK-qhaGey6<yOtVk7tBCI+PDGrHI73~zY(2^mIWRIEZl*pL9Tgqr
zMVmB+X<Qo8BGr#eQpR4UjFmnUIaW%)iIlhQ<MQ0scE48qntI)wZOOJ~*Uhe%osvBw
zdvf-R*;(1&X9wk2bE?r=eJp2t&hDH&IiJB7Is0?Y<QQ^2bG>qXa{Y46xz%!0a!2P*
z&0UduCinN;A}G!+$@R;tndiuBl_$sK>3MIv+PR1GzRNq7cPj5vUP+$HuT8(g9r-Qt
z@5)chAD90SOv+!HzZ~ApUzxu;e{FstY=i^(U*{jrKc0Uk|6KmH>aC7~ZUsFG1{Y)$
z94#n&{MYLos>r)Y`m?HlwWxMc-D@7pm%I85Q?)+B)5S%l{e^aC17|a5H|KzB)h85f
zGW5q<SQ{H)BW#RKu|1|@Pt3$i5;<Nk#w?WnA4MJ5ijkOtci^3vieoVoU&Ji@5Vzqj
zl(x-_sQ2mWWBYpBLho17`+4;-etmpjAKTZ*_4P4*eLP<u%U9m?3Hh*X*csDsAZFqW
zoQ2EqZG0bZr7b7*qcj|cnfMYO#<F!XW#kx+HcZA$d=J;*dX(e7Xu)e8@6*VC1T%3l
z7UEX?2){$UuT!t{q*33Ix=<!Qfyzuh0rmdxLeg?BgVZOhV`cz#X<UZOQ3cXRf#I4C
zVoS`xDJXqsoA5A7+s~7_RDB$Yqfq)Y#c8+{cjJ%fc^mr~w$PM5Ix!VT;W*7{#J6z+
zZo;oL4-&<)^_Y6pTQYGb&eohmd>rTFi?{@HQR+M2;H|dP8dEP7^>&%G$9hX$^>+Fj
zu{E~EUf3HmaVc)X&A3%Fvm$*mxDOAYs$@{n*g`Xtn2)P8^)ZH&AnL*>ZT5PYg>ue`
z6aT6YAey#*Q_W^XF$;4rA9v#s&2NdK3UO;9#$p4_RHE1eAH^3nr9b!rmhJzJ3gh#p
zIf^(R740=|^hG0@(1EQquhsT@l;25vPdr?e{T7#5-RgZZdLNARshmc=ucCA;W)OAe
zA#4vmfEl<Bccb+GtD(FPn1ao*FOJ8FI3HzvXfmpF-e*kJe2TaP591O1R#Rmd)bF!c
zezv<Ft{&%q#v8Q@q&=Xwzw~xN26;tqvz|3K?xXpi+-F(%C2cMI3J>BXyo|T+rJoAp
zF%dgpDvrPmoQ-oZ7xQr=ZbIn;Rfp(5MRmlWBCtL-#txbbj?y;7LOg+g)i<PmWZfuZ
zeR6J=jQ5HEJI3Z7WBa@P9M^6STxkbv3)m5`J7B-7Jy5po`NwwWDp#9RRjFAeqDqe{
zeX8`YGPKJ0Di2m!M_t%iwQL=>uDzZ;7Nl;PW}j_Oi<lfyEoas>>VVE1cfG4$!2s%B
zQpeKkN!P6t==)q){ji2%ce?89QrEWy*9&$8Hw;dJ7Qr34g!9^U4H^0VJ9VwyuQ^}S
z%R9LSSlZ=>T<vigIx!eL!3%uA2qy4{K)4MmKt%|GU<idOU<Er=hnf%$b)X(ZLNvrc
z93((}Lz1BZG=e6O0(U?QXa#KycN*@3_RtaThEC8Kx<FUx4n3h4^oG9B9|po;7z)E7
z9Y(@v7z^X!A$SBP88QviU<S;FxrWD?-SSDpGqBLG$nX-p46nlLkPB424R69Scn4O(
zYQy`6wTAVEE$|V10y|+hd<vh#m#`1Mf`f*y4Ts<ed<);h5AYM5fM4L0;k4l_oQI20
z1jXP4gNMPx6TH9&j9>zP2!z|90#t+`2!>Fo0#>j?b*Ks9PzUNkBt%0D#CarpG=ioc
zDIRw~Yq%5cg7(nS<0+44JeGQl^c+dg@o0K(#(O?Y-|+%?!*i$SZqGfQUwH2I+z$uf
zYd8c);9K|}et@6g1pET0JkK&;=y}fzP~>^p(^0Nhx!%wh`olmN3`1c!q{B!U4P#+E
zJO~fNM3@Xy;4yd{=ED>46g&gZ!9rLBFTxUd8D53gAqVoH0N#Y9upCyvyYL>Yh7VvZ
ztcQ)T3AVsC*bbk-&T_lT?SaqW3)l<$;Q)LMhu{c&3*W;J@DrSXU*Ht{3TNRw{0<kP
z2#Uc8^5OLadH8@4OyCcJa2r&BiVy_B5DHbm3U;UtH6a}8Ks|_rXmItnG2T(kc!!LA
zOaFpmoXK5=zEH(b)lk(Fyub&HU;=*#gxjD3RD>X)$g3I(Rlo{%s17wD9O^(lh=gc}
zfjCHj`j89_p)oXtX3!j3LTk7a?t=Ev5$=Xg&>6ZwSLhBsp%?UqzR({A!eAH*!yz3;
z!e|%^<KaPg7$(AGm;%#a2F!v-;W2m|=ED>46g*S)#i~o-Wq1`{haAX*0(cXa!g5#v
z@4|bq8a{xvupTzRhp-v8!bk8i?0{Xc2R?%@U@z>41MoE*f+O%Pd=EdsPjCW$fm84+
zoQ3o7J6wb!C<bR$AFG9NADcDY>af<grZDy+<34HDfz}Myc+V{B0_$_uENhN+nQQFl
zy)u1BTeUu<z1G9lAGAKC->rW17zNk^={2fA|4_6&9+IJvy|KNO)=xB@ej*3sYQ3R<
z#DIuFFa(CdNEjV4CSqK~!x2+p8q9!M@F+Y6kHdU;0-l0r;5k?bi{M3A0x!d>@H*r`
z9u&ZvuoRZV3V0XZgVpc>tcCTk0X~GyuoXUnk6{Pwf<5pVd;xo5KOBIs;Sd~wZ|M*F
z8BW64tNO&6WjD)i4lSWI+zEF<d*}#vLnr7AU7#y;hn~<2dP8664+CK^429t^1*X9a
zm<5l*WAHf4hbQ1Ecm|$>g|G;!=Ty(B3E@x&>Omw#=fvd1K?2l=WM~MDp(!+j=Fk#a
z!<}#!w1<vxH*|u|&;`0ecjyVdpf~h|{xA>*!%!Fw=`b>9Le4|*2uy}4Fb!tFESL-P
z;0bst=b4=6U?D7m7hws!46nlLAdfs)3h%;uuo^yqwXhyGz=yC6w!@y%e#0+v_QHPn
z4K9JyAJYm3(Qn69Em|L)^s|*-w?e;`T&MC^eN%d0Orh4MPt)3(A)hl=j2%!vA7vov
zskjJN;`Pou*~RaUqvsdy^Gxa!<vfz1I1`uP`}i52L?7B?)vzJnhv_&6<-C)!ZMP%*
zT(<2NN?WXK+pRM{mu<Vv=jXC*w~zQ)+HZOr&Pbiwq}8kS>tdF9{CS*7&a-+5x^jk}
zoKq#^MEW>T*)gDx81os)C{HWKB4nK5GNb&`SKqvH^UBiqK7s!A2*$tV9E(NtrI&3x
zJQ6W6Li(%SebHW8UvxvpM_-~3y2Md2t76s#`kT$!X8M>XXD_CoS^AhWU^bk|IhS)G
z=VFeW6LkzS@-yi9{W||F{k}a4deO?Dk5@bY>3VGpz5n5Q{R-FXKhWF1db?G|@1za&
zf#Cx~q2WWr(;iQIxW|HJ%*}lsYT0qOzZ!Fsv9>>tuWkF&_}Zxd9bfyy81lb6zSi=l
z#@GJt*qXZSpO2;8${3n^{Opd(EpBlP?Z)G0<I9{s=^isnuqWANEb3;)q2#>CM%wt(
z63&Z|@h9hX$DeM`s+1*TP`@(<Whxzm8o?Npj6coKnV<7J6#b3yCK+q`;hJMj>G>o7
za=huFHr{mRn&VA{*BNK}yW>mxIS<!7U*&K1dHh@BOR3uU($(Wh*X^V6z4>$a{%;!h
z`QLG#n>!!xf7&?D|Bmmt&$<1##&@nB*HMhulpW8x-nfmNxAjlPXZ)z+iu!oPKOUzz
zN!=d*U%&R}?~Y4sHf%O*gOA}1%(l+AK5t!O&9yGIu7OYBGRT;O`}{YqzUNd^x^NBU
zz#DwQ56ln%7AOz5LnWvTArJ<1u^DVo4QfCws10=?0;0eHu@Dc5kPHo>F*Jo{&>UJq
zYiJAYpaZ1BJ#a7F2lqoa=m8Hv8uWpFFaQR@5Eup{AOl9h7#If=3=bL}hKVr6Fx4;}
zW*TN09yL5>m}hvx@RZ?c!?T9x4T}vg8kQKc46ndzkZs5@<bm8d=q<xi!*at4!@KaF
zVU=MGY=W(@9d^Jj*aM%z7qA!h!vXjP4#QFS4vxW(a2$Sylkh8?gWn7n442?ClmMsY
zddQ<3c!Mwaff)k80_EX$s05WE1j3*y*q|EJfLc%+>OurWfdgWpfk#7+#vV;Pnn81q
zRvvAjEwqCUkik8*M!`6c^RxeWe&l@5CtT-e7kKW1Pdz{P+y`I5LHGs^!%_GSj=_&`
z9DatAa1MTli=LM}i#?;ur9mI)2LoUb41r-V0y1C}jDc}50Um-!U=n1)9GDC9U;#V{
zPs6kDJiGvl;U&m|SKu|shFr*pH{dN;25-YVuo70m`>+PqL1DQK<vxVXuoXUnk6{Pw
zhEL&h_!9QPS8x!%fx~bVzJp`%BOHgH;Ut`fGjI-mg9~s8E<*_@FC{}UUgdzxw!D0S
z6Un{I5C9e^54S@lkc+fJAPl6l+y>R42GoMuP!}Q~3gmp(vga$xd4~FVeO$jTyIIw8
zz@?#8eZddR5C9e^54S@ls0>^XSTzjfVS{Q=18PBSs0$Gg1rFe}@~ZKW2uaWY8bK3C
zfjgiDw1PI!7TQ4vNQHagUbqkLhi=dV9)L9H1N~qC41ysr3`Rf(jDj&R4ko}u@CZzT
zOqdGOVJ6ImIWQOI!2);^o`#no3toZOARBTaAKrksU>Up(@4!k}1@FTeSO<l$5jMdV
z*aq9-6W9s6;Zyh=zJz`76&!?b;4mD8@8B5x2*=@PI0>iW44i}C-~wEN%TNNo)<D;_
z7PYO>)+B3F*Yy^Eyw;+Zb&xgPy2|>2b({5L>prfv_>uE8FIbCQ1AlT}rpfMax7f?u
zuXk>y!yadE;yO38CFf;M<Gjr1h&1RE(Jx{k42GdFJR&1v6pV#Q5t$KFVLHr&*)Rv@
z!aP_2Pr}piEIbb{z+!j_vfveX4YDB@^5G453zos#@D8kmRq#Hnfpt&_8(|Y{fo-rI
zK7pOE8$N~4;Y-*DU%^561`fkfI03)F8A#zQ&^w?7w1PI!7TQ4vNQHagUbqkLhi=dV
z9)L9H1N~qC41ysr3^HLVOoy2;8|J`Vm<J2sNq8Ebh3DY~sK%M7HJ}#MhPogF6j2Zh
z@sJ2f&;S}i6G(wOparyoHqaK@K?g{Md*EKU5AKI<&;uTTH0T5UU;qq)AutR^z=QBG
zOw5^-lL=E{I?RN};Bi<0Pr|eCJiGvl;U&m|SKu|shFr+cc`IjG&O13PVHLa&YhWD|
z!baGXvo+@<*bQI8J~$6@4u+f)Dsw>T=Y;;%xu2Pw$0&0&Wzm1W9_3uEUMS~81!Fw6
z$3Zv+<(kf$y{_|Jmfej%VLAHAZ*)Cp62HHh>p6$9+ziaZ)%ZF7g1+>v+p!UL#teKE
z<+@Kfhw3QGxl>{EpUXK@_o19CwE*QDsqLC_4wKAZp!cEJjP7$zn-WF2hG$y2N6S6o
zwbpArZ1CFXwaIHUR|{?RvM^V{UEaN1*Y<qL90iBGzw`dV`$zBN-oJR?=5rgDMz!_H
z_F3k0!so0{F;wym_6_x|?pxD0+_#Qzq;FT>?#yGb#CN-EE(1?v17jm&6Jtl?-Nr7)
zK3uyvh3o3qz`D|F=y$lTp+Cy?^CckHa$W0stqi}Beq%wdDO&^U%3MEolxxQ>aow1~
z<Y{UIO-wCJtxauAcbVFoI-9zf`k4BfrouYYM$;D4Hq&;~4%1#x=5ppn(8S!r+{)a>
z+}7OQ+}V7exsSQ8d5U=&*Z-_BuQPA@!!<xhx&BA_d-^x@Z{**^zlDD*|2F<@{oDI@
zfj<6y{ipa(^WP4;{6F{q688BY@;~E$);}g7CLlhbK|t$(4gt&Ioq#m~a_&>*z~I0H
zs1M1|B(Q1V$iV4=GXrM@J|6g7;KIN)fm@)SrHSP}OIOPSmNZKrOFzp%%W%s`%NWa4
z%j1^$@Pg$<OV0|uDwGeZ7!=DjVfQd^z^I_nLGJ{8#uY$c2bn7SR}O?3m1kDY1O1$(
zAm$n99P&U&TF4_IlR>WKQlaHS<3n474h<b0ni)DZ^ySbuLys{pLJiJ)a$o0l<r=Tw
zwQIcO`mR$EzeY@soE$0FuGZz+Ho4X-J$qF4nCyw!FL5pF>Fi&#J#syAy@88Ya;xWt
z%i$t7Gj~evJGq;459j{MRjtn4T3id&I<He+X5O^C6?uhu-$Na)<8Kb_xR(Fn{E7L?
z;O+c(^54r}mA@{3ef|bGk$)=xeEx6w-xeG%__^Sh0vYsnUuzcqr)$l|aqjs;Nb~Ja
z*INaWSN8fUxyI^yJcczmS6Z&WD+u74V{8@3Ig2<IXQ1L7XAexmR+ynVnm7h!j)$qZ
z4By9%nu>FpJun<){(_d+3P)>Z5~tz{EX0rS6WocrFoJWM>!V!LB_2Y#u1j%_vRs!c
z*VW0jrcLl#*PH6snfBrL*SgL$;dZtMAJAMz{1BH`G^lrR6&B(_{2CpVD2K5C-$Q+l
zlnBb_2I$}%<EyVtZbDv)<{iZ5xCi&*S9ln|)1+Cg{4frau^~3W)|z({yW<>Oh|!#T
ztk1{Ml=PFBgL$|TV>q`s5gTYWA~wdR*b-Z7&LLiXE$VaRo#mY5-|+MhuERtJ=L{!e
z$8@)M6KCOkd=mBR^z`dUUtGg=19<hdkNx+!uYDX&9EI1r2J((id0$a|#q(lA9EM{x
zrxV3RxCCFurFhfVIdfiZBEH4BwBpZr3U_nP?3dVr<4s%Cuf>$}`Q==GIbZt%s?zJq
z^fI#}*Om44AHX$bDI7B%fI{svc7pgDX7IkqIpbHqSBlsB>T}4i_uk3-mWo}`)97hz
z2u+MB#ygGej2$>GP33sB&RD3;=kkf`SmenusEJ<+N1ACIX9~GWS*}z5#Lt7{OA|-|
z_wl72N0%-fSJs<0lpb3?aUEL>W>0f7jw@3+j;w=1jw4%L*OGqhx|Y;~V@MPK6z%xY
z&UO5l%CTdY|DMugh8znfLp@7`B?gk9p`{VWfi9)TfN7TLmRXj$+A(0Ur6T2jJgkIu
zL7RiN25k$f9$YK9j_VxNnBchJq~PF?5X$_{Azh$1^bP43GCX8dNIA;=1ZW72Lz{&*
z=NK^6RsO#mnjM-Gnh!s~@z9?`Pr@13F`-^qd{}~O-jd&$uSBkCuAW<il0952*FVg?
zhq8Pcyp#8C-urnU<gKGjkIr}G$K}UUnoD^uCHh3l?-ThaU1j)r%JA<Bjure+@RO@7
z|G7ZQRlRJL@>R-Ey&Qd;^n17pBiQFez5J9iQ!h8)CA}V{{FHK2lyWl)V=)dBG!GMx
zq6g)nl%G;=HpOOmGv%k0m-R6Pn_){$DL3E7)tVm=*Wm_DDNmQ9l&2ryI!!50W3eGN
z!X}z;5XHA}DX!GC1yKjYTAEVsMq!fX)#Yzv%2ly!`733xl)s<hK|F+d`733v*ah#$
z=QO396`N>E`6@2ge1|CN<)~cC|1>_Ud0s0=_3~0LAEg`|fO<JNoBHdzkaZzn+YZ}~
z+P<@8P|uKh{|k7SIzS=E|I-B*3-t5)w`%277WH4b?rIJ0!cWnOnYaY?@c=2e_3~P-
z?{L?dXZ;82%pTO4rPkcY*v#0**dDIbou|0!&KsyZ?|>_HW)D}Lx!F~799*e0Pj%Iq
zH@ND|+n8}-hu@Vtv%ytoZfa_3YDT@ey{pcAUum7W&{Rlmc?Wf6sV(dE<&<mGm#4Vu
z%j?bSsV{Faf5J8M?z*zURab6CUAaBD>&R1Fb>vUAI`YldjYkGf3e3Dl-8j<Xu*6#G
zTaqmeERCrr->=n^-Sy+CmKm0r)RG^khOF0-Z>NqNSEi2qZqR!{YlF7HN7t<{R|^gg
zt{of;$(-vS6jGU*b7;tYaKEemoEFjt`iBe)8C_bJUK_IBRiE~xJ{=#L7}_AT5!?ap
zy7iRMS3+M8%?-^9EpXMbkA?mi`cvpHa4PiI(1@_Ou*A|j_qFF%*ljy#I|ASTss8Pr
zYau;5{krw<nz^-H_3ur8s(ar}-Fqr^?-h9~^H%4r$y=+{!K3nH@?-N8O6%h7@*ja~
z)y03#|AkNCZ~5OBd|&V*{PJI_k255r#2eMer||m~xDr?6_3GvII9^1e)X&S-%ct=3
zN?eC}y<F<#Vl>B)7>w6UBwk%lm%945sMpuIT%)wUo<dr@dft~Lju%bw4s3x^H!oX1
zU%}6-@O{no#6sMNQg45o<BHVV*Wg-Qk7eucaU4e)U}MduM7=&Qb^13oml5AZspISQ
zd@IMCYFHD)QRYUB=D1TIlTqsbG8a)JlsdmCb$#)3)a&~PNK2hxEL-1C;#hO7`u=_7
zcSXJ4|19a}aUnW5=IHhR#-ybUP_`YA&(F*7ZCrux;;pm`^toxC;W#Ern?P?DoV!80
z;Oh3k_1Xag_uP06l>ce<f5raL0#mUoDh5N#fp_KL%I-N6@++s2KMeJ2GSg@`4aO0e
zj+uNW{_2|EJeE<GC6>cnlb@D9IbZH)__kWXjD4%s8tzh=<~`W^wD(2tLZ6R(1{l+s
zqw$pSobjS@fL}WE4W05EU`po}k>gFrOlM33%<1L{=1H#kUGDdPfVRm5|6~5A{8IzE
zx~@^P1;z!YSnjkeuq?C;X0ED}l}=aE=T@=sf3@P;uie341!sml8nPf{VMuCd*U)95
zt3y+`RxCBFYgmR&=I?vZmT7y`mTI4BpTTT>X*CwrI9|h9V_f)C;l&Zf5p=L=a}PCe
zJQ?#0bMV!PZ4=uu_HO3l%Zz<Ac6sdjSX*|T>|@!dvK_ezxw~`s=c+uTYhIhvc^C6!
zo<phkSe(I5eLlSu19Rfw9DEFqcyL}a+UWnNj?FY>9xHJVet}u^!RF!poD(H;|2&A3
zF$b5TKF?4k>P?|2b*i;kh-K?mDSqxbY9<mV;fuHgrJZ*Q_4#@9d3*9qtRFAYr|U$0
zuA?;iTV&qTDuL8%@ou~qH>1qsDD!Bh<7vEzG6!T++>QJ32%bZIuA5ZK!LGO)_oKeA
z7P3!%gbvEBhIp9r>I~}hrs;Ee>g~!bKI<|MRiTyg3snvG{BZjITsVaFVJiIrU9mg%
z#!Tv}&q{suQ};ZCX`i|0AJpgfOF6<E3V51!_C=IB>@L*jp_Tdn3h+%_ipx=-4>0l<
z%3O5K3-~MZ2%$dDT_*3H%u%4fk6Dzj`nBMC*(>#Y`7B-Q^HcV-bIf$g^|_Hbkp}pu
zU-fyZQ~G(4&&id~$o}hoMr7Z<(LSy3llnd};4j|uTY0aOwfFj`tKRFb91E^~udnys
zUhlor-?P&9K${mv%8PG;4+SgszwX!*dt)K<8x{LFeWZ*@bCngd?Pbdb`TWc0dJJCg
z^Q-TNWy?b;`=q=(O?f9}os@GKlyh|{+oVjBd7{2zoBmi<$-JU}E~~CrK1sQxmpx<I
zz8jT2|LwBnX3CWQ>|=V_(LgH`j%#H?H}(yg*H{1S|J7$({|w*iXIJJH5KHF+pj?pa
z-W@2{z3XL#oLANnGb=5wlo~cUOdlI7G`r{f(92Xs`7UL@%-0f)nUup)Cd+&+(l4Hc
zAEM0DBF6$n`6_dPq_NCoRIE?t6UiX&QIxTl>&<J`=&JD;_Z(M!O#|2u^)Wtu-j_^{
zH!>fL{yDd+>Z+!y%QW$FPveHnM<es{_H^AR`C;yEJP}@o94LU5>OJP_mDzgNE18#f
z7IgFK<@G4@La&2D_z<?hS?0wvdiyb3ufJ=)-YU%3JH&gq_vfH|{C$4+x#;8YZQ|;i
zl(~B|pcuw6XW(fVZys-+4(I&O`F9NH7|<=CdqBCs@`1NQgTTgtGhlb%=YjhJzY1(?
z>Bx+~MV7P*gDP-a<=aP88c}Hx?~y(S@aI8a2JH*_Do9oKtK1^EWw6ZsoE4HCk{j}7
zNVm|m(22}jE%Q=03~L%TiTAZIY%8+`e->u3h1(pq=C+o$yKS9p57;I$Kk(zs5A0jr
zRJ~61y444Tj}6}(z9sxv_^I$|b)K)Yug-xwm+KVQxfpRdqJ()(Ga@r0Ra8`zBdTN6
zJ<JbmaCkB=@NJIU9aiQBb~qY?dtTroM+w)V`)3DckA_KbhIzEd<c`nXnY%0ZLhhy9
z%MisJcD-N&bM47Idot(pH~EM1Pv`%df1=>TRdWRQF6j${U<h*s8=Rg_FQ=c=><n~<
zI76LQ*Sx`volT)T^n_l_A*>Aa%i$9COL4cRKKHcDRVZ4ihlouz^*Qon{}oT8^fT-8
zgD*5OE{tzd#}GTSUw6fs+CJWzazN(m{s7nDI^2LM)G3<d7#xe6aU1T?JU|q`#zUAy
zowYGa-BrAc^1dT>L;V;a$AK-H8)%#D#b(q=nxkHCUQJqTM48k?$|cGqu?5F&ndkMW
zW>eZft?&h0j4$CU*o<<kB}za0Nc>&vt9Md|5%u|Pe~qT>K)qfr^Q4RQslznH7Mjmd
zmy!Orqv>vC&RB8QSJXSPbl!ZHZ;4mehps+1H;wmD>YIgZtIRDU_bhK}OR?PxaV7C3
z?MphA$i5ND&A;YopKtkWdDF_U*ecqBqJpAApg~l_s1)c4VU94@el7cSOi66X{UH0G
zzti8TzwdQa9ZHy<uCk?JU_(C1jRP0+S#4!&#iwf$pRRc}V|62+FcY7!y444V4-Ov+
z!yz3;!e|%^Ti^%y2~NN-a0;f^nO<im%!WBI7v{kNcoLq5XW@C+4+o$asz+6istMsx
z2kwLWp&Rr7qr>Q6N<oJ|1j21l5rTk8DjcCumCtsQ;wHtFODdNnLJ~B9M$iOO;0|a3
zZJ-<UfCs?nG&&oDd=}H7FGzXIBp9|T&;UH6JmvJaC_nIrDqx2c$_mA2QQ8XnXH&{-
z8ick`TbPZDl5NQ#Cs>vPBbXr!nASeZeJlv)XduUf2*rf0rN@LGsz>Q@K#l=_F8?3>
zkCpw`EBB?$|8sfoRoUkj%lt~VAe+rq?kCwA+M3v!QU14fmH(Y=ojC^lv1~U)c}Mw1
znIIslQdH%r;HXfj8fA^D>nit?qZ&mujcNwXUB`fXUB>_^_lw})DDy2Pm6#P?=7o2Z
zv@B^=a%V}ql2q3m@m)%KmGr)<{P*DqAjbf+GoZ|IppmnYvp4kn50wA^Tkdl#qYe9S
zm;1GuU9dYyy{!Q?q(-oaS`ZUs%IU1sVOmmunMnQRaq2I=)%~Cj3<@6<J_Lrr2*`j@
zFa|cmG58UV!_ROMrq!8NX9moIN8vGe9OlCl@Dw})&%r+U3NAynsA^F)pcd4IJD@Xk
zfv(UUe5oNZ#k9i=OnvHL_<{P;?T$)N8A6~6H06E>K_x*Y2~Z!Bp&>MerqB$ULu=>?
z-JvIN3mEQ~(9l)q=|zpF4`iC$^Z4m?6upnc!Pu(Qw`9K3lgw9IL)B3Appj~#9)L7>
z1SY{NDqGQ6q~3tH)N=I>tOEVM78^Y_dwlA;x5WvMU*Ht?w;0Rp;?ude#cwdR+|+V%
zZxwHEU+!vS@(%D0<Q_KPc>e^&-X-3@`TXWnLYsBA?`+>Q#<Rvt#v<dd%;}wB$}pWZ
zT{2BJPd0b-@96&^$bB#jfu4aCpkiQ9U`U`fFdh;i3DyN}4%`~}N#M@FU4e4HjF;%+
zTfp4#!z&H1bRg(Jkj%C84f7fI4jmFYCiIcewbr%P_0|p69oAjUQGUq!3-gp0Ge>y~
zTMOGg@R02h+Z@|mTbAp-83wzj-P`VKH`;H9O7_Z3VN%^*6T+bm$N{T?y`eqD-ooD2
zb#IN1_BpP5Yxq<*SFc^YUUm09HWt_5E~_;MhCdy?DST`A_u;3*r`B0mXK$T@b&Beg
zl)3lD_Yub<QlsvUDm&M>+>4_e_u?q;sKA{#Y>q_k#nD8&7srB_Ct{w}?!zJTgV&91
z9h(Yi+>v8W?6TOxSoi%n7QD9QHI-8-$Hsj*9_79qwR7v`CUS3%@%azt>-XhgQ;Oc^
zo<b?b9bNYly3D<V`jqr3=~ptKWH87iG$sghR&_Rk6zBmDfPSBj%iO0!zc0sw)V&|Y
zxhV6#>-Xu%A}#9o>ljbnZ31qijx9E&jw*gZ-SSs#L>;iHRu`1|pxkFbOx;D>6Is!p
z?(5NSkNdtJ!-&&xI$nKW5A`W^Ta-EIMMb~beYoLEw+Dz~k!Hoc%*}}jnjMK^y5^%q
zF;DYDqNw&!Pu@>Gn7VBP9FAjf98SX-I1{BkE;{MM6W^epPF$uLML(UW-^WOuzP0;!
z`2R|K1&`tXi}&wPoOdei^i0MvchVm&W#B97bv2)|O3EoIlcYQ<(#oTYri&&if216d
z@*pWUDfe>m<zoG_aM*do`91fi`I>$7FzWA{{(fcN=5EKywZ)S$leU?D4xF6(Ci{i7
zcdkCyO3n?v*8JI5pD!w74rl07(EFV9ay*yPdnxGU_KnJGDTA+9Cd$2j%9a^=IU!|)
z{`vpb`K`0)EdM*|#}oZHBFB&ApdUBn*dWJ*tIOKTl&eyH-USQnPupLxFS2LBtB?(E
z!A|=w`={_ZoU=Qt*{a*CKLU%Yuc&^o`jP7I)qJn!2DnhuSu?#>dac6Ja#rqbRJN>j
z)^*ftQLlBqcJ-vZ)5|x#T+_?5qt2twpPWBC|Lw9s|LkUSjLn0$U>UfNne)7^b*#L^
z5z>8Zyui`%kH^Qqdu+V=xTx$`AM1jyd#r2Ak*-~tW8E|Mh4#hvCH9x?uh?I+zi!X5
zziD4;-(lZv-(&v_zObLANhZfbYxQcbW8%ZrCsu!<`a9JRR6qKM<KxPjt7;b3+*tGX
znyS`_S{b$Ec)32@b)U0((e+x^YgMm(y({;rx|L()tsE!a$Hw{`9o@%A{dic+@$ft6
zcifNaN9Qlxlj`3-)*Yk_IfDO<W8SSEqx55weoXpL9E&bd#;9}jasBrHpL<F<0^NOw
z`n=crn54{|EPZd8q3c7X4_9#pj`TGLa$QAxpN>9q{|d!9oL129Hz4Qn>-Q6|m7c5b
z9%Ig;e>l@M$NZuE%u4S5Kz;mj>P_B1qU?1MaxV$FHsToNk&J1`K3m!!NS~j~nXHdz
z9!}@@h-I&tch2GG$K7)stE=uw(deq{EUw(2qOV!T-pA8E$mAX$2CkDxp)Xx&_l6j$
zT?etw)gEy7r@QYhkipdklOr?fC*6wrIIhh7E9WR@(l0D?&g=ce>h*fre|0U<U(VIV
zdSxtDuM@~MM=~}n^E8N=^c%}O>T-R6^e2|ir_MYvQdhSro63UBN|}|E&CgcbR>u|%
zy?_B%hhpE5bJ%OUepAPG_3~wx-OSyDEVY7yY6o58QCITRxN*v-qMcdxO|>GD?if3u
z*|1^heN{{x$zHB>?=k74R6<x-SSxftl%CMyAXW1ZkHA0t)Vx)ok_%FA@K9V^%A=j!
zP160Sqxz`1Y6REOE7e&okW5nlSF3Hl`wmaM;QZ``-spqAXv7=+kAD2xgl6<d_uV&1
z{D)qf|Mv6$r~c3XeV+f^K6TTt^`IL*)E|GVuKIb<AXf(8+`mz3ipL`!GyW2ry0XmY
zWztu2|0;FY4WA>{wN7pVP`d8lNU74F26|+vyFG55pd0>;($;xz>AE+TrsTQeJU(>I
zNiFkI-w4Is+1!jMP07!P40XB8NJlO?auZ#e(sQnk?q#q1#nr#R*`M2$KKnM;b0%|-
z8u#Dc=ZYiP!R6<F|Cze0XSHX#{<i*~dhRRF>`p!Vf9$_p!hLG|OlJQqrEJ}MK0L8e
zlLkGSHcqiupHwfhZgj0j9;jKnPDFS^*D}>uNU3Ibwr;OK7@z;|K4gRb$-^~s%niPI
zUiB!aJ@n^nK0>t{tJ)1y?Z&8f!&SR<)qaF(-&eKouR8Qo9fqk6=_<9aO6{joN2}ES
zDs`|*9l$L`RHxypQ(x6-sOprix{X%dhN*5Ds(D}4e1K{`S~X9XCx~J`q77=J`cQ3B
zQUjDZiOLyjdF+r{0@ERRNEPH(9?Yz9W${-y2f(CcZX<WzR_#}Q%yA^oy-j_jwyQN&
zKPJDnhs<?UnVF8Lu=0?ZcC^KBI;`TkWo8rkgZKF!r9M$R)J|2~u*<a$nH@=HMw0Ge
zYEjJK<I28;Z`)n#j&Ob7#`n7F0&^&FvuM{kTDsP&REw&uwbU)FT3b|RPigDg_D|Jk
z>T~r4_e+#VJ3|L%DvI*h!`w_+2AOwA`-7VfpSZT#z4%VoGwfGisRL?|;UKkVrDXo5
zQN+&-8HS|>naSv;SFJ7h9cvxO94$(XVpbD*{m)eWT8%SYs5-&*dc?ZcIFH}_-N(5y
zfBT#384jx>>ZtlweW$)>r3Qm16X1t?>~uY!f%_xe+A|rLjs41Byz1J2<vtkhydSh*
z$sIA|zxz@Bq>ih#RZoy#hl~3v8iKhiMyP9Pxhun!HQiilHP0=x;mgt=xc<AJ)i3I#
zs$)3iT7le2Bbv1{l)*#p_u$IDg>N6b)*b2k{t@5ns*BujgPV7|*3rtfUZq-AZKI`b
zVb$8AGUNVTu5CY~&Z=|jJogrnhup>Egdy7FQ|{yOvO(@qq5Z*4haIl1b}zom^$Zue
zdt8wkY`82J+9|o$$7tf`hLPNtL+*NU)2r4N{GPRrXI_7$Ml%z>yu)X!7OU}wi&dR!
zAwS2t);OQk-+i1f^S8fO_2%`rXgPjWY2g3Ohs^R+-nF*dw6&S42LA1}$$c6sxc2;W
z%r)oUq-q9RRkD<gS<|FUKhGUs+`p-Auvev9hpyot3?7_EQ-gFZwxYJSCDp1{z2)~o
ze;I0M>!`~rB2-P*98OLhEw_4A>)&2;&8pA3)>4l(d#HG}+@un;|44s!MR%ovv$q`D
z^C^{By2OvAsVht0TuNrqlC{Q^uC;#Yx_&B6-Q2paEG75D;J)B0xpWN;OH++YQ&*P1
zxm2QSjxSkngVJ?0`u}Kq6F8mf_y7NlF*9byGK@8J&oGwAt|G;3X67CxiWU_`C265O
zZL*auRNB+NC(&L~DXFBA5ZQ%n2`MV(|9ZV|$Nj$E=UhLZ&;R?O$McMNdUl<2pZlIO
z_nf(x!+-01_;3H&w0L!rdA|<sg<gkeoPFqTcx^EAH@>1?{QvmR{?-StCB~_}4^KVk
z(BJSbALeg-Pn`d3R=heN?+U{AvgGR@#%$k1AMv_nhyI599slLr{$?iMzbH1d-=U9q
z|B=Hp>-?892bg0(|3m-(6~|t3c+xTd<s`oD+K^+*<C=d6x6=WK<_tde(!&$${+AQ^
z?kPhttEtD=YP%kDMjieN@VqhB-{X7!Kl|G~W-8xx<pxY0eeA=BXWf1HZ~xgOyBce5
zNw*|Sc4qKZEbZ>U`8!{Mj<?TY2~(V@x8Z%L{+mg5%lDGuxxSzAYL{`p<j~*okOKVM
zO1$e-{NI)y`umE66r4|7ZI)}ya;;ge!*MUg``7wE)*ExcG8;^}-7I$`q+=bwndMHD
zc(#>U{$rL0&9cmt&B}3&&C7BAX=WdEH_PLVIo<sI46|%u%GPGt2Dh~~-j2v<yw&~D
z{PStV^V)hJM8;U_c^|K$_rF|cg-9yq%?7Q#FC+I@Yx-ZVg|li$>X^&(b!6;OTual)
zaahYY=JKqFj5BL`#VnWObqD{Km#IUfqgl(o$b_SKc}gNtvzD!qd(B#2HOnn{{lx#}
zW%0c8Ft4rmcVyC0yeyYT24OA#f;Qd{k;zAKP24xj%q1EUdCgkSOuX;Y|8&3MZ3f?o
zyos5uy=x=Wtu_5m*Meagk*enMTpxM;D6S<dk{$UX@)_3D#=9{x!>s9Rvs{FC$NFDh
zrq+=*k)>um>mzR*#Y@C(-fY%0EV9t7XMtI+!@GR_FE3AzNYBV7Ol<Al9Qo!bUY^`Y
z9@f&<yDjqVQC!PKk&7dLM)u$bsq)@pvz{NZ#P9j|t3UinIP`HTe#wc~5Gr3D|Bzz-
zUJ?IN!K-xW-+wV5*O#w@qN4Y^`Rupyl@I;vZhWlZU3loTjppNq@*R!same;O^l_P)
zewJC&Ip*&dn3=oGzwa#H_fWT|d}aJ@@kX<}2}K2O<)MH1)O@z;&}VbaXFnYJ?0fUs
z;zOS;!e`~Z6=wOfS*|wAHD<ZVEH|6wR<qn@mfOv8hgtq%mV3=|pIPoNU)9U>8YDMN
zZj@ZjtLEjHWn;7a#4P8U<>F*K$;Ue`mCH6}**>*~SJPXN`b}yrua3u8empJx81ESG
z0W9l!-{2J=>*C{r^m<-BJZrJOSKs>t%ZL|yMJ|56pkkJn?UhzKtx}ek<#nsnz{~Mg
zR9abSHU8GXTUDtMo`u*rqp{c6ORmdh1+z>u%Zg@M*(|G>Whb*d)hu((GS4gv>Zako
zWI1zhDRwLQZ<l<vXwFFdKg{5}Jn}YK!7NiT3Gc;>*O=x<zQbb$+#>3kWqqtG4Zq&!
zGGgkMX4&dk-Y4u}mK|Z5dYuE?lN&Jq`DM*FGrI&P<OR%sKC=M-FCJTr*R<wGzM~{w
zLD1_Jn0U7Fy#xLnb7?Oy%L~mOxx_3lHOtG)a-dmWZkB^E2akU?%UkesS$S`mS>AeV
zBKFs9f%*UWC6VPFX5Q`pvw3%7E7QCQ*1U1XOtj2+a|s`VY3aRySLF7*SFC@P+xLI@
z>?N~?7x6xup7-ieS;NaXn^eJj&6@p=G1D#cF8<!qdjqdB?s;!n{{M2x<o`R%tYIeJ
zJJj>uJ}PT?)2!hWyb`+SeSTEdFxRZ%Q@p>a=gm7RYxvBZ`TN2w=bN?tfLCqzyroBF
zZ9kedEXI4W;(qc`S;G=@Nq#cR<z{Uw@rv^vUNckPI{yEEw%(ew+N@y}-bWU1LSy;=
z|I_(@Zm=e;F>Bb0SH}0e-z@)sTf^_xr0r%6+wgw3p10HT|F<>lvL@}o-`jfSBIW<5
z_k4rfmmC>x?xQB+4V;7j`oA<Ok-N;A(jpa)@|r3~?lEghk5oF!YpN0%i!~&8)gsl+
z$4tDVF+V>hQqO#>8>x?vZM_DO9DF>Qe;VW6lDVdakw!;(O-&+G%$k}-jz7w4YKeD3
z;$><cX>pX-)GG1_*3ial8)<)(*L0#;PrJwoM|nLbnf06;Iprv?r?Xj4r^u;Cc|Bb)
zAFnbPDKsAo@NVJ!yfku}`PeOTIzG1X&W!ZJ$D{e@Y_p!TBE66Ddd@NHIX`mYQC?3!
z%x~-Uk6dz;*K--($(?H&5V`ayuW4Z9X|tv)B3B;eHC>H&Y2#%Y9J%T!uj!h|%aOKN
z(+IO1X_lkRa<o~FG0VHna-3O?H_HiTIngZdHOon6d7oL{Z<Y_3<y5nL&@3M^%SX-f
zF|&N!ET1sTX=eGPSw3Ty&zj|PX8F8XzF?Lwn&m5I`KnpIW|q^<@^!PEVV1MZ@-4G`
z*DU9n<>zKOAA7frw=nYUQQphnnf0uStUk)?Srci6bC177Hb(eFi|ytz?l#Lm%<`{D
zJFlJhXf~IRndR$dxzH@XHOueJvU~$Jsb*QxEOX4Vv03JsWuaLXn`P82FEY#iW_gua
zUTv1wnB@?&9BP)=o8=8=d9zvGVwS_r@-DL+WtOAO@*cAsYnHE><#e-r-7IIA<yx~`
zXO`>Da)ViJHOp;gx!o*xnB~f5?Y;KiX|1{JZk9dF@=UYrWtL}~<+*0r$1E=}%f4oL
zky-XP%S+92pji&W@&s>4>!If3b*-;AA8%}Zllgc{>tW{OZLM#|$M)U>W;x9)Uo*?s
z&GHSioMo18ndLiX`JP#RV3xDZa*kPkVwQ8wa-LbvH_NZEJi+_E^&<0eaqAz=$EB^8
znUBj`uP`51wqAvg?Y%$D@-MU8XO{cT@^7;|*!o28Bz%8-G$Z!$@k1Y9&FFyFQpB^o
ztHwUIs(P|_Dn9R)nc$t4+1V?=-}y@Lv%#F|g<e;D{y~k{#}8{1dBym=L!A;YijRF4
z#Xk01RO+3D&o5epR}2LG!2oc{p@0AI(8t;6PDl3<{_W#Kf1iWDe-e8DB)(~vS%2_y
zRyc2pmwR)38qWKM`3i@8Rj2oThU;;ToO7zV{?MF2kKZG+4|w#oLgsM$IXlyt?|VMK
z#=5v=^wr_QJfDB#&Z&x?`zFlO@i{c^d~Oe)&*OT!u%6EoB5u$5a=jZfxjjL@GLx4p
z=zldm{t34S&X2=B?(tl<GO{*J`f_ljjd?qUc%KMIKH*z4SaZt5k<Lz^1V=ig%RU*7
zR8EvW1&%azd<8gijWa(Lj*M{nG&nNF@#%16v*Rnmky2+nE5VVcob^_QBMTj01&+Mn
z%*lWwSc?5t6^?W%FMTyQGS%^!aAb?)tHY6l&i2%RBkP^*sR>6qCdu{If+KA!N?#j}
zwBk#wTi1IXI5Nr1sS&u{#x5_P=O%B@G0%r7@wUbNvN(xcWais`3H*|za%TH&e;}=_
z>_FO-K))3I(xlDi_G$Oa;Fl#$3-mS9u_w|y1?DeDzdWg~xt-W^R=}@F>K*Vu!~dN0
zU10u7_?1bc1N|!aRY|i0el`5+q)c=D+Us2dzb5JWz;>>MUz=p!iVBaGjPK8N@avLV
z1op!Q_zg+30&~)_9|*5sd(JQDe@VI`us!=KmX+<R_;J8*M8A>msOrqw1ivY%Z(w`+
zVx4`{)6DJ7Uhih~o0BdH%o&1yNP4G0kCzd{m++*({7m$j=^vOm!Q*7?^78vjC0y!b
z%q@|(#+a`OA9lNq-Oe+-y1B8otgLr3FK=j%0epTaehY_XS=q%|vHyoXzt_3*d7Q5c
z?|xsdhwp>_dg~uvZ+tt$zOQk1n5Rp{_C&Bf{vU3S@3S25uQ%ISZ|wTYz$>>l^fKyW
zTL|X(eU8)n^BX(!{r$ruYX7YG{^5O%u>He1nb<>3hWlF|Td(h%DZYi{v8m?x(>k}U
zhhrXy&GCJ^+!Nr4^e5(afFs4?IN33`6C9EKDY>2DNP@YY`18Bu=E0HX!k3lh!;wnD
z7vy$@BRS^l*Pm0ATLMSqdZW4B;E436<#vZ7^(*oE^5>k9+Y^q+{><E7a76mvx#z$U
z>CesW14pDkKleg7(phXjjsS2(_Wg1%h9lDV&%FeWNPlVWKsX}(<+)eDk<sGv4$i#_
zj+`p?^VPXS;K)hBmz52LBW;AgHurisBG-FE?oDt+`kQly!4c_i&AlCt;0S76FL&e)
zha<8tE4vGh#C-htIU;vJR#_S09N&-1#a@FWwjTq3DIBr=J@A*oU6ysTINpwf9|%wE
zeggdEaF=J5H~Yt5@4fIfa2&3Y-copO_m4Qv|Cm%$_{r!8Va}keCgS_leehSn6MMZ6
zzz>Eawto=*O1LYtx|{3W-=2rzuYxCb|0w*`aK!eH!(RhOY(EWt2pqBfQ}9FKhGyl7
z?dRpa7M|GsGw82_Bes7I{(3lK`xoGEfFrhl3I0a78?)XKm-iL;o8WKCDiZtoHTaw1
zZ_YYdcy8w{@V8{O7yfnh!{CX%-Z$WHg(J3~1%DeHvHe@{x5M3@wMTq^e+T{!cw+b5
zo;%@)?cdAAR|OoQ_m5*A<j(fW%82Yg%Eea;T4MJf=YEQod?;?`b93>N1=<l=+r@GI
z^V~1c5;=c9`jO~~J^!oR1!#%vzsW5t8-<qG{kOT_qb0Iml#3%6T4MK$bC;kcvR|58
zRyGDLvHPELSD+=b|2em;>~6Hg?pNimK}%%6Hn*(o9<;>n@$&{+B71&57A>*+4Y?c9
zl4j!TWm9fh**LW0vRaDo7r*9iMN8!TZRp3NC-(duxjWGk+5etfRyF}GvHRV*f1o9@
z-<w-jHW4kc`@eGcqb0KcJGZRtUbMvS|IIy!mdL&=7e7g%C3c^HH-5m+-9Yx`^UBI5
zqa}8qoL2!Yk$o!qDQJn^r{`5dOJrXe{e5VO-Dl)gLrY|ziT-}H#O`tAM@wYS&qr2|
zVfQujYNI8xuaj3+_5fxRyRVy9A1#snvFN9wC3c^c*8nY%eM9sQq9u0UD6a`xBKxN3
zA3{s)zFFS!_?HTv+w=3-&xv-Q;kC?bjoHMWpW(H^l!q~!*z?=voq(3uJ)Q%H{t>jq
z?mOh2jF!m06Z%Kd688T0M|O|F@sB;{)Vwa3L1dqcIgg_!cAuYDh?dB{EBYtU61y+X
zi=rj6FGW8MEs6IT-f4N=(Gt7Q@XkR0Bw7;hJrDP7(Gt6-#~B{9#O}|`>xGuczIR?(
z+0$r=-Jg?p9$F&%KIor8OYHuFyuN6O?E9gA7A;{PyIwN9i}Nnddk)U;{qJ|Ur-vED
z?qiqhdGy3y?<IMcp(WGA@pfPy&Rn5=A?q1&yd9J`7%h?WuSEYMdScJNI&TPCBKx7}
zUqVal9`}6E64~?fm(dctzdr9qv_$qd<&~Aaf|l6*EqS-1C9=N_{i|q+-QSTn94(Rk
zUFcs!OYDAR-e|PsbFn|ipr4L*de(fgKkvyKhnC3s<I%s4p4jsz=1oFNWIq}G479}V
z@5_4tE%{n(&s6kppnW52q1c{>@*Y7;<orj`&qPn``H$yKLrY};B>GusiQVHX1uc<1
zKYtS~vHNH8o<mEPitT?sudM7Xv~OiC7u)}0-pgpoO3}Z9{%!PcXRQ(aYk9AuC31Ua
zpnnHFvA1Vt-kWHN?B7EFE?Q#u@8rFQmdO5n^zWf1cK>1CM`(%c=b(QdEwTGg^5&u?
zvi}VI2WW}i&&!*SmdO4~^dF)ncK>zWH)x6U3-i8%BXZ97dAPTY8N{CRL*9>QiR_o4
z{|GIy`(=5{(GuCOKtBg9VecOg`P_lndB{R>zn%a8$7qQ?AGZ(8CazxvN9_5r<L4)s
zLFAm(Xi2dD6fKec8nndqYvD+6&RonOa?U!m#P#dpi0e1Nk>LE#Fq?3`{eAy)IKPj7
zfB6M7h&z8H9C7_7IO6)va3r|ic~~!zm-kn+#PwU?NN~;<m_g*6t!Rnsx4{wDZ-*nn
z`SUTGxclu(IO6)R;QTr9{ka3PiM!t4;7D-J*O)`(<=TmsNdJ4@ZaA_-oCnyGho3?*
zV?oxjmF1khXi0Fr-=HV5{}U|<_6yMx+5d%>xPBiT3C{TzGl-nCA1w*?-=Pij3CVFE
z-~WGO1_{pj9&?CX?>}gX^#A4^gd=B|{dxH7D6gz+5oRpP8t&}pgmO3s4CEaAt`&~B
zJ`s+@{Nefd{0Gb@ay!eTCBc3%S|a--w4{+a&lBH2$#5h%=SR#SoMUg#5;(t)ozIUQ
zKV#NiZwh9U;GCtHL)`hxtoinOe}X6R%a!3($WO!Uv~tT2c|K_`0l#fYhhLEu_pvz{
zUZs4T4MFSovHg(YRmrc4IaSO3?98bKzcMTC{W;Y!XC+#{_vh5iuZ=mi%dK+e)PY}}
z75Dy}x|p*Xt>63COa1%^<`B7mve2(VPvZN*^BUympe3?zgnlhrV)sq*k3&mj-wgda
zw8ZX@&u@vA$i5Z&^=OIRx5;mZmdL(6`VDA_-Jh7>0WFbzNA$m-C3fE_|5UU@_MOph
zL`&>GH$NXOk$nOBO=t;waeKr0>Yso;r)z#OW)RtzV9sXDAa-Axe;QgM`_s|?ik8^@
z8TmcY64{@LehXS+_xPC=Es;Gx--?#leee8p&=T37n~(2~Xo=nT$-e+Ck^P0}x1%L?
z-!K1Sv?L<VC-+Cc1MQBi2IBa0N&aPMiJU(W{cq@rJ%3RCV6;T`SEApEmazA)$E)+N
z&i@_G@BOdSA^F#0#<k^k9qRq##&z(!v*O<WI=un&ccb-t|LgRo{97=G$n_3GzXv_B
zw;yN7(Gu6+4o9TFBY!v?k@N4$$5~6vCieW1`J>Si*^fcL7cH^-d-BJjC9)rn{!g^T
z?kDC?LQ7;n8U0^qiQV6q{{UJd`>E*np(S?zQ2rxmiR>RmzaK5J`^WRAp(V0^68+z3
ziQPY)|14S}`{&UAgO=F+3;8dhC9;1R{l935-M^YY9W9al>*x=lC3gQt{w%aa_HUv;
zh?dy>+xhRJC9;1HeHmI}_aEfXMoVP>5qd8>hTVUh|0!A``?=^7&=b4=JpT){ME3L1
zmqSbJ{;T{2Xo>8<L7#}0*!{Qp-=ih6UxdCqT4MK$^Ov9{vR{fm2`#aE9O2Ot+4J*c
zw8ZY0=l_hB$bMx$?&Y8*c8~AwXo>9kc?GomBl|UINw8m!??puRYtfQmpNjd!?$_mS
zKuc1@@%fj0+>1h+mYpV!&ztgpMN8U>^DSG@r=w5LK0%ys*_OWpEs@*v8~TdqiM>6)
z=kG>KWWNV}CA7ru_vZhFmYgBBe;@kFXe(!*DYpOb{D09BIsX9qD(Hzlzbro?5w~(6
z`*H>Nob93B|Ng?RDjffCj_s={K2!0@cuY;$oa#zn!}9+3BYZ_*+evJD;ywwE1h=y$
z<`A(T%97C%*Qdad;G9~RLEQaN8;;2N6)=MY`#NZe>{HPa*Qdb|*Qdh~*H?riF>haA
z$6%dAuD23e671`uC9<!KmIV8HXo>8rpe4b+K3XFC474QJAB&c-w=Y)&j<`Mxj<`M>
zj<~)79C3X^IO6(UI97#iXAWB8_Ko0(>nGL?pVJsEar-84Ve3uC<5Gy*H$_ief1EPs
zUS)fBE0?z!<`8#&b2#GqDa!og(Gs_xtn@9=61Q&&M_m7aGN%<<;`XiKi0j+H5!bhc
zBd%`;M_j*8*`JRo+u0s7h&$(BWzGp`iQAtDM_hkEnR8I_Ct(J0=RB=!|1*lm8>olg
zo~xOoKyd!E%A8E4?|^OOA9p)D!V}lOpv*s6nbQfLxO1v2+j9z9;`XP)5!X*uwx=`N
zu*=m&@wxECou3CsT%Qj|Twef3Twe%BT;COrxPA;CFA=u=)0E5mn&K0!^P=|mh4P9o
z!nPD;Hx>7<xE;mt{NrwCwsJj|D1B7%GnDPWTk)mJocomie#Ljg9O7QC)8L5f|5m;p
zPe&WJf2J$zeO>YQD1N-+$0`0L#lNEX7ZpEA@eeBgA;ouB_RkrL@1gjfmd8WoalW?#
zUb(8Q?932f6}Qc^LVPOvULn3JeD4s?W9``?p2yU4LOhRc=Z5&2n15b~uMOYF@$Tc{
zc{_|<-r)Im+n?{u;m-iPU0z^$|8e^@3d~K`EI8lywG>}R@pTnnU-1#g``6=^1Uzco
z+D_l6;}Y}@@zvn_h4@<V7ln8pt1h;DvbV{+Cs%wgc*FT5j-XFad^yD@Dn3Q=I2RMT
z-U>>erug!TZ>jhs#aC2(y5cJ<zKY^oDZcd~|EqJo`1@z2;(u~{r9*SRcDy#H>7m}8
z-$L<C6rZ82H(Bwi%A973KVI?86@T0zpP=jq*S9;=$G$Ea;OoWzW8Xd-D&BAL6M&eL
zqx6jm;{Qi%{_lsjvq@qloDZo~zwMzpvG>l4*Eq{zzFxK{muqXN=dmz$JZy?BBEj$P
z{c(ICJRZjT<Is{|KL9Q9kIy`AH!~$`cTRKs3klA-1T%;~hrh=>z5vhFfD7v{gD33m
z`*j21i0dzhBlQ0BsavYs*$V$cVtwrU0$%48+vES?9Do0`EohIH$oVH26Z=2x{=|X~
z_!koE{W%>AI>8a?PbugON2KpkkOxPk&o3y1Bhq&*D25|3@9(#gg3^%#@H|uB``c4i
zb~;)zR-9MFV^QIVoR9O8aK!aJ;E3yc!jU=7{4?Q*+n)tTb~$}7IO6tA;7H>Xd;jBJ
z4jgg&v*C#A8{#`Eas4@HiR;gWBd$LW&fsiMA9&*S=fja_&GX;m*UJTP#O*JHBd+fY
zM<zJy?FUEP{vtTy`itR+>-)ozkH!1}1((7R*<V(0IUI?3|8_X207nPh4x6VnHJ8`-
zgW<cu6JC$LzY4wwT#vLiqQ3_IdU#^@Lkq4OIU3GgFF#Mg@iwJ?(+YM^Ujd%DK7w;;
z#Pz9YiR;tg(&}Frn4b<$+`b}Q#rl&2{r!n}-T`p?*!PQhfxa^45Vx-aM_g||zt!K*
z+z(aJ61T4gM_iu?ms$VfRM%%=pApwrM_;}Elj3^hZG0*&D{*_x*Tfv+_IF{%U5PCM
z+fxfIar@eE#PxOHi0iB4GF4B1K+M0f0MG5i_nbl5f0(Zee}CQ#e+B#%+55%yH4OfJ
z+&+mt|2FtX;fU?;fS&_5C+%hD_%J*Xzc&YVpW$^+?4B6BJ!g2m5_=`ux2xE3Cd1=C
z!{ZIGrC*uL<sW}WV7+*@A$)AU??)Mb)nOmIycu4<#D0mv{hZ<TN$iuT-5##S6vE5v
z&&M;outmhaT(O_;u0cy=e>YkZ?1!KwvcCr{3HA+eofFxQMN5MHP|PN>ABUC%`)kn>
z*^fs{g8g-9iR>q!CBgoBv_$q3(UM?)16m^cd(o0$e<NBV`$=d?u)hf{k^N+}B-r1K
zmdJhzS`zGUK}*>Cx5M6vy%U4S!wm2I#Pbtl#~<0>hsnb*gT&{=Zg023k@)sxc=zM$
z$i5%queWDn&&1gA-|ji*0rVs||2E7f_WY@d527Wu=bVS&NN~>Wm_gj_zXQ(i<6mD7
zV+L{OKLSTw|0o=h{;`55;E43o3Z8-^(&IT3a76lN3Z8=_(&L#vaK!a5z!BHK2uD_l
z<Je0DufP$ve-)0n{xvw_`sr}Q^{>Mb>1Pzogd@_=DtHTyNdI=hyKqE$Ji`Kxxc+@O
za+33UM<2iuxBn21xPCSqSt0ftp3wkD+<p!m`OfJ-h9k#0+w%z=>E`%P;m8ItXKumg
zaKv5jJUFse^muFz9C7>kaK!ar!V%Yh1xI>1+xaydar*^u#P#365!Ww-Bd-4zj{N3a
zuJ7Q8+kX#7T)zm8xc&z?GQhc9i{Xgd{|HB1zXXoBekmLo<jh|NN8J7=IC7!WFNY&;
zzXFcLynp|SpWlh&+nw2+%^ceghbQjw@Gdyw`Vnv=va1B<jD#m{KMHPCcKJX*8h&(k
z>wq5vKPJ0-z~2pjclLgBz5Cn$a{=z1z!P`9W8ubT*9goR2T$C7JREWT1UTaQiEtCM
zdj;m-3s2mB5*%^;WH{pbDR9K~_rcwlT|2Pe`{9Y(KLAHuKNXI+{z140vo8zGe+Ztq
z{ljp?^^d?2*FOsPX!ezX`H#U9w|^Y&@$8EN{S)xS?We&J+pogy<ViSU`!(=S!4cc@
z>*Z-UV*7RIpMfK`Xa6i5as6{}#P!d^J)d1oT&@k6{{lR5`xoJe>tBK+u74Shxc(J5
zV*8C)@2hac_M72fgCn-z0zVy&*q;00bvQyFzaO<N5sxMZ!F~o>BKz%VNw9wdEs^~W
zv?SQiL`!7<8(I?VXQ3ss--(t4`!~@N+5e7~1pBwp64~!UOM?B|Xo>81qb0%q9kfLD
zd(e_#|1Mf0`#;c<VE-OkBKy5)Nkega=Kudb+V`^?8}Hv9{w&ysmdN@03vh1?J(2VO
zK}%%M&p$*<WdAQ(66|NAC9*$&mIV8c&=T1nL`#DG9JECCWo$$HkI@qLd>uLNBhK~z
z(DN1K_*$jD<468}#NVIztbB~%_I!fbL~c(4dJ^nEMN4E~4lN1xbI}snC!!_6{xh^h
z_T|x%VE;K<BKst?B-qbGOJtvnmIV7R&=T3Fpe4b6K3XFC3TR2N{}L^ceJWZK?7u=w
zWS@qX1pBYi64|GtCBc3HS|a<3Xi2dD1}%|&CA1{iFGNdZUl}b4_TQo<vaf=c1pDvM
z64_^<CBgoCv_$q*(UM@l2rZF)HMAty|A3arJ`*ho_KVRH*;hwPg8h$ZiR^2jCBc3P
zS|a<JXi2bNik8T}7FrVQm!T!HuZ@-j`=8Jf+1Ei!g8g!|ME1v^CBc3LS|a<pXo>Xo
z3Xg>&a!#ZW&*H!gBIjhIC9>z|E720!H$Y2*{VKFX_6^aJV80qIk$nzY671KYC9-dX
zmIV8?Xo>6_qb0$99a_TP|M`pEdN^XwX;OF`W)RsoE5sQLw8ZX@FKmgH$i5Z&U(gb}
z$Kwgm64~?fjcAG8w=HasmdO5uLOj<KEwOu?CqhfQ2JX*nM!Pw?MBJb0P<S$0BIkE1
z#It446MO!tg<a4R+2^9)f|l5QeqkY6BKxlBx1uF>kKbvdC9>z|+t3obFDWcVOJv`z
z5ck5-61zXW@C>v>_C3(=KuhfY%)(x1iR^o${|zm%d;AU=ts$`gccR^y-AC;Ia|`>R
zCvyJznEyL^V$Z*@upe3?`-{-;LQCwvf8ix)iR>>$zZ)&F`+<dn&=T2SfqoBKV)s`T
zUX7N>{u=aupe1%cwD3B#ME2LC-;0*mJ$@5`mdKu;|B05^{Y{0ppe3>&R)}X?p(S>Y
zGxKPP?D_dVv_$r|qb0$9KUyODJJ6C~|2JA9`#aH+VE+$VBKzTJNwEJHEs_0QXi2a?
zfR@O91X>d8527WqABmO(`!cjd_M^~}VDB}+PX<8tqtTLJpMaLgehgX??8~7gvcDTG
z3HFI-iR|w|OM-oQv_$q}(UM@FgqFyD99k0WlhG2{k4H;_eF|D4`w3`Cu&;oY$bKSP
z66{ma64~F2mIV7Wv_$rk(2`)Ej+V%NGFlSsE21T`pMsVI`$}ku?C(QMf_-JQME3Wi
zCBeQ5S|a-g(2`)E!8XuOMN5KxRkTFTe-JGR_SMi5**}Dqxc*@{;`&G6i0dDPBd&i8
zj=27DIO6&z;E3y|!4cO#2}fN26dZB=({RM~&%hDaKMO}({~R1~{qu0d^)J8?*S`oy
zT>larasA71#PzSh5!b&8M_m6J9C7`0IO6)(;fU*Jz!BHK0Y_Xv6OOok794T?n{dSS
zZ^04QzYRxR{|+2+{kw3)_3yzE*S`-(T>k+aas7vI#Pze`NX+wbtzqZW?4MsU@wMys
zwyzFP_;qdj8gRt*HQ|WsYrzrM*M=jmuLDP1e+(RPeO)->`g(B0_4VP1>yL#au8+VG
z*Jr^I*Jr~K*EfJ8u5SoOT%Q9+T;B+exV|wQaeWgw;`*j=#P!F)5!W|^Bd%`_M_hkA
z9C3XMIO6)2aK!bk;E3y6!x7iFfg`SO3rAev4vx6KJsffU32?;qC&Cfep9Du--vN%e
zz9Sro`wZ`+!jB41h70>T?PPhr-&WZ3q>{bWq36$&y<ZfcrucNlS5$l@#aC8*6~$*L
zzN+G@DLzy2)fHbu@ijv|_dlPb6}zV5*H<#$$t~>n7d$?P_q9X&WUo%B$FD*{=kWb>
z_#RaD_Ef+|@;1W%$M(Fv@qOaLJhwB<Cws?+Zcj4aVJGbJCVN?-p4;ipuZSH(=X!3Z
z?>{b#Ujo~Is`$?oKTq-V6(3*gHRe1FufzY>cE<bbP491i+}~t;GTs3xe81IGe0{}d
zE53o^-RJ#P9nK3BeBNKRL*9K}Sf=rOPe1qe#_NT*pD>?{_fHDDys`b0;e8dl|1-P=
zieISs??S!jEmC~^dbwR(UyF~}4;THCBlg2g&)<87-G0KpF8KAE?B#^+w`9x-+n>B%
z!j3a^VV=i<Fwf^bg>7dFJg#POJmD42R{D{L_YeKDko_b3F`{37#D1*ke|Gw0JTqGE
zpX%mzn~Zk_lRozQWq<ouS#zpk1AV_n@#_@7LGc?Ezgh8H6u-^!yx!&hjNPvY?uXdr
z4PK8m%>D`b32D53eZRw6ukCj#KK}Jp)6Dnx=Ps+a_wydb?{z%i2QBRK`t$#Cdf)F?
z{6C66p!hPyCv=TpVqPwPzr}5BWj{|A`#I5?WAEoA#iuwvczmd(thbK1UQ(?&_Vtpk
z`1s|TD!v{oSv|im1ouN-WqTeL`yoF6ap9|2^X>gpRq>gMkIz5GY)^2%J(<RXfbVPA
zbBym5dOS(?&Ubu0Ge7qJee(Fp{loe4_WX=lufN}F+3U5w9^=~|IlTRH&huhU9c4~k
z#n(UVUlIF1a@gZ|61qM0mFxFd#b+sgx>#@g^3D`KTiKq5if`n2|M(D}kK-r4|N8qs
z?z0c=XZQO^17-UgD*i38{Y{+h@z;CYVgJ79n;-Ua|F=+leEW0E_QWo4hS$pKGjKg7
zdjp-@ZS4C+vNt%?`*Yd^=G++CCws#}y+5a&JqI^r-=E-k-p@?H*{YM0;+HJ;b>zMt
zLTvkEb3CtuHOD@_ovip%6yI6#xr)zse6n{}=zd7{MkqdZf3MJ*6FV-A`hWICfj%~;
z#Pa2^b7IH046oGk_Hpkt%iDc-%iDbq#h+>U_#DscrTDWIf3D*DDE<P+`?rVqt!K9Q
z{?*s&!@qywc6I2uE$>e@GGAXj1`|A&Iw?l%{#e{!3{PC&AC9<w0331sC2+*`m%<U(
zUj|29KM;<%{&G0t`ay8S^;f_V*AIpxuD=qFxc(|Q;`*!Mi0iL`Bd#9;M_fM?j=26>
zIO6*2;E3z5ha;}P0gkx-MmXa7o8XA+Z-yhTzXguCei$5a{jG4s^|!$h*WV6DTz>}~
zas8ce#P!4Bi0kiyBd#9-M_fM=j<|jl9C7_<IO6&-aK!a@!;zS`e-CmB&bz*Vf8lY!
z_NT(X7~(s_zZBxTz`q>gbKzeJ@p<sChWLE=*Ft;&{PYlC2>*JB?+QO7#23N85#o#C
zXNLF^_<KTp6n<8SFNJ?I#CL;#E5x4$|8|H!9sZpV-yQzl5Pt^zdm+9D{QDukC;SH?
z{!I7}L;P9rvqO9@_>V$-Z}>SO{%rV<L;N}LpM>~x;Xe)W=fTen@qOSw3-RZ}e;(p5
zfS(uQFNFUh#P@}tAL9GLe;ML0g8wSSUkv|si0==-AjA)V|0cv=0>3cCUkd+ih`$W}
zyF;Gm#`rpWynXwB+~dGN^xucfxg35`h#v(1!yzBMAA;XC;?7u@&ry7J{IC$#XJ{Tz
zvWVXg;ib9)TjU-OX$C9)O2uEL_^TCvjpBzWeyHNFRs3~|zh3b-DE>yp-=z4P6@QE3
zhbjJ6#owm*+ZBI@;_p=aaK+!H_z{X9srXTfAFcQ?ioaX&_b7g>;>Rg|yy7P)exl;<
zRs1ByPgeXC#owp+`xXCy;-@P9LB&6$_=gq$h~ghr{9}rLT=7pRewyN+RQywle_HX+
zDE?W+Kd1QT75{?bUsU`{iho)0uPFXi#lNQb>56|{@iP?vhT>-`ewO0jRQy|te_QeI
zDE?i=zo+>375{<aKUDl|#ebyuIg0=Iu#f*-Gd5`~?wb&KKWALhI5;Bx_@wc0MEVIy
z6X1yS6O$&w5$W$ux)+YnryV|j!uuhyKlCa1{T=VS_>LcW{+Yi&t>Sq9aRsvfSe)mX
z)HObd^Mm)J=8AsG5&L<fzyFB+m!h9~#D0P3A39?Ht>_<ddjC9gd@nRM=dWVt1MU61
zNc<k*F>4O@f3W{i^iMc_aJ|dK`R(}jtPuW5WzN%%4{pyYu|3Z^ef;+SVd7nQ&H<6P
z&yNyE!V&4eN}LEsr2i&yG8~b9Vd4}xBK?xYN8pI`+Y{e_Bho*g^a;Lt2|aJ)vD-P%
zR1nwmOa*a0&r}fC^GpSCJ<n7S*YivTaXrse5Z6zKBd+I}3gUX6sUWWBnF`{1o~a<N
z=TCC6pXTI#<CzNL_B>NTT+cHV#PvK=L0r!>6~y&CQ$bwMGZn=3JX1kj&odRo^*mES
zT+cHV#PvK=L0r!>6~y&CQ$bwMGZn=3JX1kj&odRo^*mEST+cHV#PvK=L0r!>6~y&C
zQ$bw+B^+`6S8&AjU&9gCFMuPi{|1h@ejyxj{kL$$^*mEST+cHS#PvKQL0r!>5+vs1
z$3t9O=3YY3&sF?ZGbPx6ru3gHexBmLQ2czwf2sJd6#up27byN4#V=I+w~GHx@!u<c
zk>Y<){9?ubsQ4v{->zK0I~2cEnX^psKPi5>;>#)T=klAfJu8$sKP!Hv;#Vntwc^((
zey!qnD%-zK>DMcMgW`Wt{6@uZvb=v@bTPJZbBO;D{?`z{1b$1v$L?ot4fqP)QuNzG
z{4)6MA^s=$9U*=>{BI$C1^mts|1<pWA$}$Nt`NTpes_pp4ZkPEuYvy~#IJ?l8}PCH
z^Jl<U@YbRKE5xsd-xuOH!0!+7zrg<;;y1$o6XG|){~O{r!ygFoyaWeB{IBTCLi`qZ
zuOYu1#lDaDw>N%oNeJ-?m|rf$C&DL&`10`OL;S`BJf}9qZ-P$_@!POHDIq=?^D6{=
z?0QTM_zL)W7td`C@fG3IL;L`2PsI>l8GWS?zXpBf5YJ<Il@QNkc}9q@g85ZLd?tLg
z5MLcWGsN@QTs_3^z;@OM@ij1~W{Br8vQ~)io`~n1h4?ez>xB3o@W+Jse(-fe{6+Bf
z0zMVLDZ+EkLOkDJ>DUm@{SyiCyu4W<o|h{-#Pf1B2=V8`Hw^K-Tsa}0m#dNG?fZd^
z72ibhO%;Ef;+rYHx#Evkd<(_5RD3JNw^n=`#kaM*f4t%=%C@t-y+7N-6ZvyJo^z)3
zf8w_89}n$0Co26(@Wh?pLFqdx{$#~>Qv4~3KUMLa6~AA(yj_$&SMhm@&sThb;tLhu
zRq;iNFNP=X^-`krQN>SC-fyl{>ANZZG{v8;`0k27L-9Qn-&65tTHgOU`W?50vqF41
z94C8)_+99Ghxoqe&kphYK7LM!PeOlgh~JI=yb!+!zE6n%1OEIFzYX8-E(q~k;V%sF
zdoibPi084PUx@z;{-O}S5B}m1&#$@uA^vap0U`b$_)9|kzwnoa_}_53E(`Go&<_mp
z2jMRd@jEeRP>3%>e?^G*@H67z5WgRDt_<-B=&uU#X^D9BVTeyChescVc>ZiUB+R29
z8sgIv@#w=4UkA6t>q0!=<MjFv&-XaJA;c$Py*GyVUWs`0q2-gkrOM-qSA=^1{Bu%K
z3f4^I@vTA;9>s|H#6ItuR#Xu!k$olfx1c3<U!|xjS|a;u=!c;tc3-`yCR!r<TIg>@
zOYFW*QC+k|_Vv);hL+g<u|-*EiR`n{-;S2peZ!(gXo>6_qrU?!vHPY)&Cn9rH%EUb
zT4MJtidvy1vTu!kI9g)&ZHwBYC9*#O{at8@-Jev{5iODZ$>>L*C3b&GQD?M7_Fd4A
zL`&>Guc!bmk$oZhQD}+X7ZsJDC9;pAAB~pSeYc|1(GuBrM?VHFvHKoHXQCytKMVcc
zXo=nTE;<J-k^Q;o??FrKzE9BwXo>7EL_ZcSvHN~S7o#Pz?~i^QT4MK?6kUdv$bKOD
z@o0(N4=NgrmdO4}^b^n$yT7_<2wEchq39=~C3b&Z(G6&c>~BPWFIr;vHx~^<OJsj5
z`blVs-QQkxCt4!=;piu$C3ZieXcSr^`_bs9pe1&HchOk1ME2v*--nji{e+@>(UQV+
zdjEd=B=q;Ay}x0x@&561O40pjiJboc`UlVxd;Wt(52Gcre+2zhw8ZWoD|!Mgk^MCE
z527V@|5VX4Xo>8fMgI_5V)xG%y@-~`{w4Geqa}9#O3`a*iR`DNe*`VD`x!+u(GuCu
zLjNdQV)t(qy@Qs>{$2Esp(S?ze$j_$iR@>ie;h5b`#D9Qpe3^Z6#WxuiQRuzG!HG2
z{TJw`p(S?zWzpAYiR>4ke-bUR`-Mf{p(V2a9{p2jiQWHD^dnj#`z7d~Moa8|S<!N|
zMD{DtKZBOo{mP=%Xo>9Cpnn!EvHNvJ8_*Kj|APKGw8ZW=75$2q%n@H-ThKp`_W6dN
zim$J2MLW<EIsZ5GFQ6y({NIaqqb0K6gZ@Rd#P0VN{e_muejoam&=R}<yXarE<a@FG
z2hhKa_T`3)#rBsKC8XdCD3J5Z72~(^=!reQd~q^bBKs8duc9S(pIV%bmdL&$`q$7B
zyRTfFftJX=D*EYYiQQ)w*FZ~TUlaZ7Xo=m|E<Oe=k$qkCGtd&duU{NNOJtvg{tdLm
z?i&>6pe3?zgnlMkV)spok3&mj-wgdMw8ZX@FK&sJ$i5Z&H_;NiZ&Tb3Es=eD^lzah
zc7I}V2ed@?9nrsyme_r#;#1KQ*>^_&4q9UOxyAWtiR=r|zl)aGeb?e*v_$qL=-)$2
z?7p=4G_*war=x!#EwTGEihH6ZvOg332WW}i_bNUcEs^~>=s!eD?Ebvs^U)I7Ux0o#
zT4MKoi!VY;WPdUGkI)jkA5eTLS|a<)(9c0j?EdoNE6@_z4@UnnT4MKC6<>pv$bJa=
zPtX#(zqa^#v_$qdp#KytvHP2fZ$V3BKMeg`w1mBXKj*gM+loJfbNf4r?<oE}#1AhX
zUOX?vk0>5d{6)ZLc%zC(70(ZN&l^+xSF(M)^|y!H@nuL)|CQza`(yZtCKum-&A-@}
zi~WL-{+{A-*f-?migrI9`{x_<-!z<Mygz?p@g%fF?zhS47osQj{=cvI0klN+Q_+8m
zme~D6#gCvRvVRo)cW8;-KVCcyEs_0`=)Xrx?EdNEXVDVbKZkx1T4MJv6u*R)$o^&Y
zKcFRc|7!7cv_$r=qhE}c*!>&Dv(OURzlr`ww8ZY;E`Ap+k^Ot<m!Ktf|3UF=v_$qF
zp<jxY*!{=FpQ0tQpNoDOT4MK~7k`14+*yg<zunG9{}bAu8jdjDzx{kwyZ|kc^S?pA
z96hn;e_Q-LS|a;J=vSa6cE7lI30flirRaY~OYHuq;uUC#?0-hT5-qX&RmE%264|ds
zzX~m}`}M`Ype3^3h<-I%V)vVix1c4m--><>T4MLxi+@8)WWN*rTC~LOcNOnJOJx5C
z`gLfD-Tzs<4=vd&uHXIW*P~tEaI3g}|0zCzmdN=B(QiOc?D<|vxeEAAIFNl}3HBOV
zV)scUDQJo8E1=(qme_q-Nkz0o_Lb0YLQCwvN=a3;ME2FtZ$?Y(zIsVbv_$r`(Eo~-
z*nORnx@d{)>!II*me~EVC0S^R?6c8tMN90yVM!yjMD~r*Z$nG$zG+D_v_$sJ(Qijf
z?7l@wE3`!Rt<mp5OYFXFNqe+J_9vkK4K1<zlS(?GC9*#m{Z6#R?oTP{jF!m03;N&D
z61&eUDL_kPUx<DeT4MJ_B_(Ky?4#&+qa}9Vt>kpHME2d$??FrKzDLQKXo>94LjMO^
zV)wmE&Ou9Le=hpHXo=nTDY*bGk^P0}|3pjdzF*13Xo>9mqyGynvHMF(E<;OXKM?&s
zw8ZZ5TM)EF_WXQ5S|a-^(2`*PH(Db5!Dvaa{|7B$?|+}VvIIZP!u{KDW@X!74SxXs
zK*LSK4}m`jf3V^E)$IOS_%isihO>pg9^T6#9}9mYd;)wz&RpSdhA#(SE@z(b!{8I)
z6LY>a-v54jTge?2a26iatzz$oJ4^0@BRzy4Q8EgSED&=>m)s3Uz7_tSl5uckk?`Y7
zCc=>)g}=9CG8|bZ{FIXW;m8W({r&$y2_Dyk%T+#SwAoJIKM0=$pOiCJ_=n+>;fcNf
zAB9hWBes7Wz5*Pv{WSPgIAZU&r%IlwfU`niqS$ZGmOKwfrU?H+$xCoV&Uv}yRX8I3
zYbCG45$R`?%!DH`@9&3MC3u__wlOVds@M;2!KcHg=X@>vJMb0ZE9R^c`}sZiO7N9(
z)(Zatd}a8`IU9tZ4POPmO3o(X=fG#cXXI=V{uB7B@KtlR8}Hvf=azh40grnJWn#b0
zE13^R+Gp7N|I3oE;mA%gXF<tAII>&#Z%e+1BYTBkRI(V3>=XXSlBICuAK{mkEQccp
zjraHeiV{3d4411~&LFd$zF!HS37?tsgz&53tHTrf_O=$j1{|^ddia`f#P+|y*McLq
z-vnP9j@bTJ_&RWe-rxUQOSV_QcX6;t?B^XNJK;!DRlEPaWH%g<bM}<%g(K4cS+Wm~
zNWZ`2A2=fYza<CZi1cM838^?5f|&RBbGazarr|Ojlhe^`r|-+d*M+Z}bE@#k@b%z{
zy?-je*M}pvPlG=ej@Z5;d<2fz`=@d=BNYbZiTzeJnh8g`3ST{16OPC^wW4+4i1f!q
z>%kG}>qjGSB<B77kQK#$*v7K5sMrq;qIldLe0I+5!skRAk8NOjIp;X^4dIEsADTy7
zjLiw@Tcd9TPwc*JwEft|A^l0{o4^x$e|C&^N-ZlRGsS*8CE6K|$i7Q74~|HmA1#C<
za(lW)@mlg&XVaXGVm}na9|wP2&N1TaJqq6pzFAH}rhU1(!8eC*o>N}<)8UVYKRzc#
z_%q;Jz_-Xr6TT;WOZb*Km4rVFz7>3{oDAdruixI$b5e1C51b*6SLa6iz>!hHpC7#t
zj%12CeWMq_k($C^9322h>Ii>H^fEY7Pxyh+L2x7@{1wqF;Yb7H{oChNQM?vDE?4WE
zM#8sG#B1Th6MH{jgT5^sv3&>h?cj**hoWx}*FLAEnBNKg3Gl@3uS0(#9I<_8^e4d)
z+uwk`101n^9{P@O#P&C#KN*hLz7TyUIAZ%-(4PW#O3n*n`-{<^3Qz3**68ig&Tz!`
zcSi4uc7Y?d9~m7T&4nYjzdJfMng>U0KR!A!nh!^8KPfsTS^!6Ee}8mpv=ENi{-Nk2
z(XMcWKJn1=Js-pNmz5R4O8*45ALro%{z+^<e*Oyhr?LGw<^}w-*nYfUUcf((?Jq0q
z7Vs}(`*A)$;9th}<L9`;-oHJ+8l4{P4omFIJ0m(XdIlV^{hQIZqdnk=?ca^QAMFW8
zZ2w{Oqv)A%#P%OYKaHLRM{NIDbY8R<9I^fU=vUF+aD?99{|m7F`27N`^b4{5IL-w8
zci4VBqA=hWVf*oj!hm0l?Z<H`;Fn<g@q3DZUxw|+&!+*u9NUlM*kSMQ|DU6)qJ3eB
zeR<bJ*G2om5!-KwZj4?8M{K`2x+Qus9I^ej=#FTAIAZ&q(OuC2aK!d|qI;v4z!BU3
z72O}b6pqmQ`~M$oKaQ)g(jUO~;}L}cUxw|+BMJjPp>zxUpny*--2s0^z$caNf*&04
zDW!YiuMGIq(*5vP9rphIPcOye31NwSc`LzR14nFMrL=145IFzx`g1Z%Ym^R!Cw5<}
zv`*=@A${G_x~10{-&`Cg>z78xU2paN_ss^SIcfMkDTvMYeWTJQa76m1rOn`o^v%<b
zha)lXUym)Y{dioESu?kvuRovZ;q_@@{Xh2QYLeI_u~L2f`~|}Mlg#Dv=d^L=#JuOV
zbG*MlPbfX9^hRqx_`YLlr_!6?iM>6imUbz<Ii$}k%`3gd`1WEy7nF7#H_Yn&{aI34
znug;oko&D$+G%h^`qN9#fFsiPNb3nlV&31+XJY&Ds7JHr_<qCdufqC&Y=5@m&vm@N
zfBL}RhUvuKKNrB?4o7U?xAdZMcfj$F?FXclj=VF(Us8HW>F^MLS?T5D?y|hUKL?jy
zm4>f75S#D&t4oK#5$T7PUI#~{zdr2-I1=;z?dQf)n%EzEzum0(VUG9r+imb8u>Hi|
z4|l+igd?^eUOHmjC^-JH{phsoMve~gV@mN~h`$H(?}jJ#oN=Y&O798jCzRehZmi|~
z{W+!d{xqDA0<k&1f1vb1I3oQ+rH{Z7=^ssd430?uc<D4a67&B4f3lP&_J`Z=`=?DA
z^v^in-~Z2+K3_V{x?H}0vGnEA@$kgnKd+WfFP#w5&nTTyI??#o#Mk@G(l^K5YxVyA
zd8hO}Y!Q){_x-dF;E41emVN|Bq@R=aF&v3`|Lgq|Y(IX#Y}Rb=pSh-F9qVKJEyMc^
zb?nbzv;DPj9Oi3n&vSa;e-Y|4ykqcqb^j078|%vjeCX@;;6->sJzi*;p8L+9&5wMY
zA9_Al#Pxiirc9ijp6_fYFB8ANe0lit#`Z&o@p2BgzpCQ-+RtI{!{yKaT3PP`XT5&E
za9sQnaJ{uLpZ^xOIQNPRS_h8X>U!=6-ga&8?;pM<PMF8bL56zXhQfNjc8}}1jp^8;
z??WyZ{SVIN@-Od_ke=7eGNoT(_t^3NoRzl6e&cn*>)zf@?oYp8?exB1tN8V{x7Pd1
z*YP!QKKDQ0QzvfYw@-eJg?YXwP?+b}jO+RS5qy^EmbCc4aJ~NXr1<>P$<}ek@3%U=
z@3$#_yW)2!{x`+%bUd$@G;IIxir*FDGtuvMeC+G4g15)=Rk0uV8er`IaJ;{NDq;Uj
z3GAQL!2XQwpH#20bq#Po`#z%hEX9ZK|5Pu0|EGH4`#;qS-~Xvz`2J7z!uNlwvj0=P
z@co~v?Eh3{|EDVZpYKwH$H-gzKX$#O;`WPs4<Vk<XMZ5X*MgrK;`#jj2Sa=c`iDY1
zpLhRoh);)qB*gRi_>YEo-mV@C@qE7g;~~Bp{1YLb&!eAac^*r6{M=hAzutMw;BoS=
zapC@N$K$4p@0$tU0rPe7q*()R&;Fc)%6xBp`20l2$L42v$?5E$3d~RGCg;TNUnSsm
z<M0@B>+<^B$=Bt;?+p*nk^Wi5KX=&s^Lf2LZ_W384cty%u)IH?uls>VbswH1{YwGQ
z*Z06<{SJG7K5sv-gv{sbd*Jt&hkJkjr#kz`UoT&;1CP2s-1|P=?C0qL&)4z5??V+o
zL-B7M_Ob1$;8k?C$KTG%<2gU}Cw}{>;8nGI9OV7&%rx6M^YHwb$M?we{x~B`?EA3^
zUaX%L=vO6~SIEF#wR_y(PtSuRwomZ*Ix~25wKK=R{l9hC`_~tbKW`f==kRrA@Tlm+
zy??oCn#=XB<9T$eg?}M(4qxvD_wx_;{(5<Qd*51b?DZ!zyxL|0|DV_#-`7$6F^aG2
zcz?aTpYVadUR+=P^;>UzY@Pmk{k{*bsSo`gJHhv7z|Xe4zkecTy&su>;qAotS;o&f
z?0J766aSiRZ708v`#oR(2S3*w?)~-hbzMHO*6Vv-kDrEkUf#JOJ{A76fREkp`W&A4
z-}f_d@1lXTe|Ud@zLDaaE|B}v?^`H+YsI%y{E3S1sQ6P9-$n8HitnoU62*5@e0Rn7
z>?ZeH?Db$Xyq}ZKO2=7y5W8M{->ci%a76lZ#`l3E(x2b$LO3FQ-}HWPMEZ-m^@k(U
z4;X(L9FczDf-B*O^jCGe298KSBz-6xk^b6l*TWI%Zy0|w9Fcx?(k*aA`U7dh;E41~
zlWv70(yvLn4US09ucLYRnjrkT@b~}i-SDVoIAZ%d$Kz2caK!c_(0>U>Y|q!d`3jEM
zeiZtz;fU?WVEzI)V*9ZR@K}2|V*7hBXCWN1J?~F`3rB1}8U1%~#P;`Lz2CzT+w=SW
zA~<4uzD~staK!dJjxB~Gw&(rKAK?gn?0CrI($w@AF&{hb#g11?&=U6kappm6r~ijO
zcD#-CF+anc=Lz~*ihnyZ1F_#fg8k$FvFAUg_$M46`@Z9OPdeV8|Fq(tb-X{v-xhqY
zRknYQ;y+Y89)lIS-#*Q>{qxrL*gn2JpNsy*Blhz}|MC(0uf_Jidc=OA=%<JF8Qu)V
z&m14WWbw<J;k~8w?}YaD?eKeXdEXD6WA}?i|KSn)rK11ni2ZWWe|*G#z1W|h9<g5|
z`p=HoZxh=S-}}D_KhK(De?88(eEj<Iyss3$K=BI|AK#u`VteBL58=O4<}6Zte9m8D
zPTc=3{9<L!62-^o91wHj-m7l!x45sX_+y1%rmT0l;^XrZ#hkcL7XD{t&ML*n=cI}`
zabHpRHOicIijU997IWf0NAXn@Urq5f6kl8T4a#<IRQzVeZ&7^way1d_jr(SbZ=v|s
z!f#X7yF>9i6~9aIdlbJ{@qa0PzvF}7m+|Zyd~^4IZ}Lxid=F*g`)us|t>^vg_}KlK
zl+g3BnRr)-u=BC>S-8jK|B2r(O7X(Z$FdJQA4?y0K9)Z0d@Oy~`B-}Qe5`-D4p{rm
z-p(?`C!FSAD*OIkikGPPB*mvFK2`DQim#;jDvGZf>NC8|31OEj!>g(II*PBS_=w^g
zD87;6n<~D!;#+<be!1EyzJuaVReZkUixq#G;(IFoY{j3i_=`e(D$ZA5dRlNl&<|An
zAjJ<>{8fs-M)5-xf1ToQQ2b33!Y|h_#ow;@;ff!r_%VtftN00upQQNv6hGDRJkBTJ
zdVE;%k12kd;-6OhbBcda@vkU;y5iqZ{F{n@NAd3~ezxL2R{UJW&r|%DieI4kZxz2t
z@johlnc`O{ewE_aDt<$#Pw^HfZK{Z89fR2S!PxCE1?T@a!x8BZr2Ps<q+gn}1&&C+
zENLqok-ld7HaH^v@}%u>MEVs;JK%`)KPUYLN2Fhwv=fd<zbff>I3oS(q+M`C`ZY<r
z;RrnLclrBgZPFe%BKvhof4~vxHze(aBhsg*{|QH=|0U@!I3oSNiu>V+^c$1@h9lB%
zO8N(mNZ&X8UpOND=A;8~MEW7=2jPhHWfi?jcs41JJ~KT5j!4fl5KD26jqrY&zd!l<
z^UL6f?RnnsCpcnzp7&c0M{LjEU#x&5w&&~6{tQQK&)=V}gd?`+?>$$+5!>_p?P@q;
zd;T6|4IHsOf9tjuj@X{(IoH7v+w;8TdN^Wx{(gJ|9I-ur|Md$Tu|0opz7dYtJ_CLe
z9I-uLUwtziu|0p!{wo}@J%7)>1&-LBugAU>j@X{(rMJNm+t-BO4o7Uy^T|8li0x~`
z{{}~F&)0X|2}kJtp9|c_`S|BWdAs!g*ym$?$B+CuD|Y*|&zoUBd~8mJS8iea|A?R8
z$na7ohWoVB<DT2;&#7qjagU$ptUmK_Z*Nb#>i&M<toZcUc~|@|=G-?vs}v))f8xFx
zJaK&{9C3YhIO6&maK!aB;fU*N!4cQjh9j=814mqc3><NNT{z<UdT_+`_2G!?kA)+y
zkH8VvXTcHIXTuTKH-ICqZwN<Rp94o+-w2MlzA+qeeG@q1`lfKi^~b>x*EfSBu5S)U
zTz@<qaeWIo;`)|w#PzM<i0fO!5!bhYBd%`?M_k_yj<~)(9C7^#aK!Z|!V%Y>1V>!o
z0gkx7BOG!4$#BH=o#2S;Pk|$@KNXI+zB3$geHS?5`dl~?^Y-u8e#fzy@OWkWU2w$p
zyWxoI_rMX?{{cr_zZZ_U{!cjK`oG|a>-WJC*YAfTuKyd3xc(nF;`)E#i0co)5!WAt
zBd#xlBd+%v;hq|BeF7YDeK|Pd`b0S5`toqZ^+|BV^~rF=^(k<~^%dZV>r>%~>(k(f
z>(k+g>np+$*H?lguCEM7Tweu_xITj}#8-tQZeI<KxIPn(xV}0ZaeWOq;`*9!#Pzk{
zi0f;^5!cs&Bd$LNj<~)q9C3X;IO6*HaK!b;!V%X;;0S&Eeoh{aNhH{3p(V1<M@w8^
z07qP32uFhRvoV{v+t~n)$n|!`3=-@cq9w8~LQ8^u4q77nVzeaKH$qEf&vz0duID>f
z5ZCh^$;`WwIdk|9BqX@rSFQJ9iC<qO*hUiU8#lr|8o=$ezmGJ5^ZWRmC}xmg-xNJ@
z=NxCvvFA5ad~?MgulN?0_aDE_pC4NWd<CyBevi}2^6|@6ipxY|+aLGc;E3x_gCoJq
z+ZywUyxvboOM-nHv_$sZ(UM@_7A=we8E8qcZ-<u1z6V+o?AxOyvhRtO1p5=v64{@L
zmIV6~(GuC8g_Z>Slh6{`_d-j8eFwBe_Px=PVBZlfk^R|dNw7Z|Es^~>Xi2c|gqFzu
zT(l(EpMsXi{yelK*q@4)$i5F+66`ypC9*#sEeZBr&=T2SfR+UNT(m^?7osJ>J`XLC
zeP6UB*yp1qvhRnM1p5NCMD`b<CBeQBEs_1jXi2c|ik8T}KUxy(i_j9;4?s(TeKA@h
z`%BQ0U|)ik$o^8aB-lsM64_sdmIV7!v_$p;(UM@_4K0!V<!DK;KMgIB{UEd?*q@G;
z$o>knB-nRHOJqM7EeZB#pe3@u5-kb#J<t-_Uxk(g`<`ft?5{>kg8i9jiR`aIOM?Ab
zXo>8Hpe4b+7g{3wp=e34?~Rto{#vvo*q@D-$o@LCB-o#WmdO5kv?SP{i<Zd#2DBvD
zpNE#n{zkMU*!Mw8WPcM{670`MOJsjDS`zFpKuctQ3tAHFFGNdZKMXAi_I=S3+24wm
z1p9tyiR^DfOM?AHXo>7^M@xeJ#b^n8`~G2nIKPkIAG-rHNU$G(p2+pyiIxQWOVAS8
z4@XOa{iSG$yPcQ85!VldBd)(3j<|jh9C7^>aK!b4;fU+6gd?uM3XZt`YB=KhYv73M
zhrkin4}~MHzZQ<T{yI3~`s?9{>u-P~uD=nExc(+M;`*E6i0f~GBd#9?M_hj^9C7_^
zaK!bu!x7it0Y_YaCmeD8a5&=nyWoiHN5B!+kAx$x9|cETKN^m>eheIO{oQcH_4mLL
z*N=rGt{(?STt6O;xPAg0as5O%LhnES`Y!X8&ad{E=kKT7-}_{tkNFI5gw@-Aq~b>@
zezfApDE@B6-=p}kiXW%=@rs|I_=$?YSMie+KUwip6n~%M?^pZ-il3_Z2NnO2;vZK0
zBZ_}i@sBC~am7EO_-TrNQt?kI{%OTOqxfeP|D58VSNsc#e^K!-DgI@}zoPh875|#z
zrz`$-#m`Xu8;YN)_*sg7Q}J&p{%ys-qxg3f|DNLCSNsQx|4{L>75|aq=P3ST#ebss
zPZd8`@t-OFbH&e7{1=L!ulO$&|CQpuR{R3Rf1~(?ivL#e-zolk#V=C)4~k!`_#YL&
zMDa@%zfAEzDSo-)S1A5x#jjNSD#fo>{2IltRs1@|uUGsA#s8xCjf&r-_|1y{Rq<OC
zzg6+u6u({ZI~4z$;&&?kcg62g{BFhXQT!i@->djP75|sw_bGnA;{R6sKZ^fX@dp%t
zQ1NAo_bSKk`*UgEpHEPHImIU`zP#d-6rZg46vbCie5&Hp6rZm6ii)qK_{xf}qWBEO
zS5<s9#b+wMy5egnzNX@9DZaMi>nQ#h#n)AQJ;m2o{IQCUC_YQ^*@|zV_=bwlQG6rC
zH&%QT#Wz*_af)xI_~wc~Uhypy-%|0d6yI9$Z4}>D@$D4fUhyX={zS!}r1%bs@2L2b
z72iqmrzrkZ#dlVG7scl)K2P!aiZ4)nq2jwLzDV)KiZ4-oRPm*X@22?E6o0znyDR<-
z#rIHrPsN|9__Gw>OYyxGf41V!QT(}zKhN>8*PBfjuQ$v48?o2<l#er~kDZ?k`q=Ak
z1%2#wZ-U-`UUU3j4jwy&`Tp~oT_1aW+W%}0w=--GeTui%!w2#B`7CUF=zN@T_0O;N
zarT@4dOq&?G2frB^cOfjbU$Og!Tottb#8yqpD6r=-Q#;MyzeOben;$25&gwS?7N75
zz!Cd=(O-JRzN_d59<eVG{h%ZE-9$h5h<$g_Uv<R3r|7RaV&6;jLyy>>Bl_!(*!L0r
z4M*%R6#Y#{>@O1iEl2DJi2hckzg_Y1TmL{Y=T4=+OY!kJgT<VYN<Uih@j2IsId?1l
zSjETZTqov?SNe&HpXB&tyaq6j#qs&=hw~s4^d}hazyA3YXO8dhcYN^s#W1t|zMty!
zvEy5s_fV*}w{woz5Ap54UHC_iIA^%%A3I_{QuI$8u^%J)Cy&^V75&pk>?er+*(3Io
zMF0E|`};)y;t~6)qJQ~_{llVv^@#mrqMv@mewyfK9I<~|^fQmxKPUP(kJ!H``nQkR
zzasi~mHvIj$G<LK7jr&T`i~SJpEFC$`B>>cReXHTJ7UgfN<UBW@i`xeIrEkNE5*m>
zd@AO|{pX6GulTQpU!bgaq2j+&{369KcD#RFjc@-#vpv3F;`ILUc3G&;@RnDOPm154
z%<xty{%6InRQxK%uU7mT#jjQTI>oP7{07DUqWF!9-=z4>ivLydTNJ-l@!J%?UGX~<
z|C{1>D*kuH?^673#qUx4ABx|r_&*i@m*V#+e!t@XR{TGT|5xz`6n{|hWs3KzgnykT
zD88KH6BS=x@kxqLR(y)$D=0oy@o9=rSA0dw=N$eyI>W1EdHeWQS@BgApP~4wim#^l
zOvP7Md=16dRD3PP*H(NT#UG>ix{9x-`1*=JR`C(VXDL2g@eLH;Q1Lm6Z>0Ffif^L$
zriwpK@y!(9T=B;%zJ=mjD!!HCTPwbe;@c{|o#NXo{shIJ==iYL_u$t%Uq2)PKLfju
zhxEPsxJ2Kd<jnVd2gk?OTfyt7_>&diN%5yBKJ4+9yj-U$eP_jYQGBlA!ybpp*Eh?X
zB)=cU_CtnOsQ6;Vmn!~r#rIJBS&Bbf@#iW20>$@Je1FAXs`$$lKlr=w{W(POHz<CX
z;_p=aD8-Le{Jo05U-1ts{t3lDqxcsU|C-`whIqbD&^wBs<M`Oudxke}lDuAg|E1y=
zDE?c;FH-!EieIMq6^dV___dDrzkW9;ev{(2D1N)*cPf6j;`b_kpW^>f{6WPhOqSQL
zzaPpgK1K0qim#;j48><EzNX^qD88QJBZ_aJ_(qCvs`%!LZyD-SyfztO`#;5NtN5_T
zsV3mJe(gf~Oq}^{@2r<!zkL1SlX}SY`o5#$J1PED#dlGBp5hA>-&OI&ijOM3o8nJb
z{27Yxsra)TANx8=37lW@y?egM_wM;0-@E5|eD9t=@x6Qg#P{y`5Z}A!J$&z;_wc=Y
ze#7_f`3>K@=Qn)sp5O4jdw#?By_NlZj^fW#{P~K%Q1Sf~f3e~RDE?B#4^;dh#Sd2e
zRf@kR#Pc{X^m}<6;C`mRN%6Nib7J=gQk0)BQoQh=FL3;+BG>EBaeuz>{T&(M{hf**
zu6XzPQ2zY8l-_;(gMT{=dmKKG!(op<rw@C)I(^vV_UXeOFGnBtd>{I-=Mm74a4wg>
z{Ua4WO7Wu=KSuF)EB+qaAA0-=w{xuR@pG%co#Sk8_2X@C^<mFH;`|9pKT+}bDt?mU
zCo6u6;_p-Z{fZC&`8vf5|M@z_3;+2##d|=RKUMJ$D*hqGKdksi6#uB=A5;9}ihsiK
z{JQ3GY+8@tafALT#XqC?=M?{f;$KqyD~f+j@vkfX4aLt={9B5DNAd3|{sYIyzD_f|
z*@~Z|_)io+SMi@K{tLx_srauI|Bd3moh)xZ{^eby_#Z<&?}sl7nNPo5=~pWK>X4qt
zw{;m|+nM66SNsOW|DyPfir=L8&5Hk3@mmzXRq@*tzg_V=6#tvzcPjpO#qU!5ZpH6W
z{2z+ntN1?^|Ci$TDSp4=|5p4zivL&f2NZu$@nwqls)par6BJ)g@rjBrulOXzCoBH{
zWA0wyWh~pb@n835Ml9P5l7u8lk|arzBuSElBuSFAleG7=kxJ4INs=T<k|e1lN%BaN
zBuSDaNs=T<(t6Khu4b*duj@R1&-=XZ|NVUa*5|O+`p)T^duHxAW@F8)62uQ6UXpkz
z;swM@6E8!&Eb(%xmo?=(Y3F}gbKpwds}Mhgc&(B8I){__dSw1+;tk0<O^BaF)@ecf
zRN}44`ezdFK-M{zc;`;~`PPNZU$9c2?@9bpvi@ac{z~EliQha@-=5pZ{9VNFBR+zx
z|1j~9#2+K;k0U;j_;Y0asl;C-KBJR<zRe^)i}-Bfb4Kdxze#-FN_~DInSY<mFD1T$
ztn+Cn{dhkk{yACyE8-i8ZyBi{?~i2umrnZpuVkIw#Qz|^kNDrjgHQGCNsrRK<axRm
zkomI2D-h3os;^&_%pXF$2Jyql`bQFPaGt(B4as~HGT)TUpG>^fDE)X(C*GF$S!Df=
z=jrQrBI}$_*6B{x=|SdutLv9Hm#OQNH<uH?g7}rhuO@yi@#~0RPy7brHxa*Oly?4?
zH-m}aL3{}Ddx#Gs{s8fZh(AhvH1WrYk0bsR@rlHrRlTg4Li~mEwDZ5Ld6D=_WSyC0
zewN~Ryg!@x9A$mXze#+avQ8lL^NBAYzL5AL;)_4k&$kcB{71w;CjJTWPl<m<{Bz=8
z5dU(Ne!A9ws{6NOo$rW$Py7esKNA0m_|L?D8KrOkF5<rv-%I?j^Yr!qCT=?G^C9t=
zc$)YD#7hw`O}s4e@}u?buSmQyS?3@!Uyb;o#A}iDYm@mSh}T=CpRQxb`p1%W8WTT(
zcr)TBuhO^YG~(?#>+|i2cOc%8cqihWiFYC1jd*wBJ&5-t-ivr|;(dtsCEkyCf8tjW
zzh;$wd0kKDZy<gX@mt9Hw~yA3_b#%|-Nf%9ejoAsi9bO6LE;Y+f0Xzr;*X8i&xf&O
zejM@fWSyspPa^9~UZro(3uK+?WStqrXA+;Kc=mqUXn%X)uPct92cD~}1D{8HKJf*_
z7ZP7Yd@=DQ#Fr9ZHrhWQaJoJwzLNN7#Mco2lK6V!-w@wK{CnbCiT^}=2k~Et?<W2S
z@qNVqCLTPdUtTfs62wa>j{U!k<MN{y^7;b2ZoPcQ#=f6({`<*4Ebsk{;QgPA=PSrO
z;?F-Kvq*COK$%7S`A20INzPZ4S;U_oDYHm&J|nY;KR-%lk>vc8RAC|F&%b+EVIh*7
zuOw?D{`_cJ8%fSrmRZD~e@teP<a`yGMf~|OGK(bV50Y8LpMP9tk>q?;nMM5hu`-J!
z=MR=y#GijcW|8E4HJL^H`EfFfB<By2S;U`zQf86le07;c{Q2=RizMd{m084}e@bSN
z<a`a8Mf~{*GK(bVYsxI*&p$1*NOHcG%p(5$M43gB^M}bS;?F-Lvq*Bjw#*{_{3Mx0
zlJkelEaJ~UE3-&)zK+Zy{`_Q_MUwMJ$SmT|KPR(Da=xz2BL4gonMIQGN6IYX&p$7-
zNOHcO%p(5$RGCGR^GC@n;?KVzvq*BjzRV*2{4|+GlJiH)EaK0<D6>d%zJbgl{`_>A
zMUwN!$SmT|za+Cra=xL=BL4ggnMIQG$I2|?&%Z3QNOHcB%p(5$OqoTJ^T)|7;?KV#
zvq*BjvCJa={4AM8FmK;y-~h8aDlB|eEH|I?HR7}Ly!iI+cv&0q*MCjsk>vI?ky*r_
zpChwKa{dIFMf~~KWfn=!H<ek$pMOJUk>vb|GK={0Z^|r^oNp$xh(AA9W|8FlNivK0
z^KZ#4g8BUW74yWj`M2}D`224!Ya{+T^JN}MZqLawi}>^J$SjhaZy~dYKfgd`k>va-
zGK={0@5(HaoNp<!h(EtjW|8FlsWOZB^Y6(llALcPvxq;xNM@1b{An_a`19|}ERvjW
zEwhL}zgT9G<oxL}i}>^ZmRTe@-$rH;e}0L~BFXtPWESz~Kag1@Ip0=h5r2NE%p%G8
zGi4U>=RcHLBst$sW)XjWnam=|`Lkpe@#jC1StL2%US<)0e!0vd$@#No7V+mlmRTe@
z-$7;(e}09`BFXu4WESz~Kap7^Ip0xc5r2NA%p%G8b7dCs=RcKMBst$nW)XjWmCPc^
z`SWBJ@#jC2StL2%S!NM`eznXZ$@%kT7V+mlmsun^-$iB-e}0Y3BFXu#GK={0U&t(y
zobM*Hh(EtpW|8Fl1u~2H^Iys=lAP}@vxq;xPG%9z=Wb^)`IVS9zn=Kl#5WNChWJL}
z-xA+M{JT6azMZ;IP8s5#51VBkNuF;#WESz~zn57gIe(GNBChuoL;Q8N$Qnp;or`4_
z@#lY#StL2%OJ)&&eyhwP$@xoU7V+nQlvyM>-&<x8e}0?HBACbf_~E?9T<%YDol9j6
z#9!wpSp!MV|CTB&MEv<D)!zr*N7hFC`R%ecl3f2XnMM5hpJf)oeE$8S9b$;<zli15
zDc;}u%G!uOzf<Os<n~-Hvxq<ctIQ(F`F=8s`18AD7D>)uA+v}-|C`Jr$@%^=i}>@q
zWfn=!Un#SQKmWVTBFXuyWESz~_sA@goWELT5r6&<nMIQG*T^j5&+nC4BsqVr%p(5$
zpE8Ri=PSq~62$dwDY;fiT;C;zxIRFR6LEdF%p%tF_rra4pzi#2vIgS%KrzJiJ+e09
z`t>r4xIRb>v7Wy@f64YB$@Aw1nMM5h{W6Or=Wmo*#Gn6LW|8FlO)`u4^Mx{tB<F9I
zS;U_=M-&z!$@yDk7V+l;nMIQGx5_Ny&xbOLB<F9FS;U`@WEM%z50+WPb(5B@m$?2f
znMGW`T@10Fe>ui-oJjI`?~qx<pHImwlAOO&W)XirEwc#b^N+WLm^Obvo)`D(U9vXf
zuTxUyk>vIaky*r_FD0`G=5zOd_Lst>{gdyN3v!yAFL1ngJMWg`MEv6|kmE%1*B>gA
zrNwgdx$PMg6c(1r^ZfIzEb(&0%M-6a{6OLriD!scB7RTy-0{z!%4EI@@q>t0C4MmR
zYQzsAUY+=%#A^_*NxT;E!-&@=emL<u#E&3em-vyy>k&VSczxnW6K_EL7~&0y-%Iwx
zV`Uz}^)&x_*NCih9P!4)k0;)Q_zA?D=6S9+PLR`dqT;yDHB<aF`F&C+DUS1|d7kH=
z4<{3ELHrcrEs38>ycO}`d5;V7w{sft)AH8Iop1O3voGX&xOkmmnPGAmlH4Ee&)hGD
zBz<^hxEPZ32Qm+cAxR&R86k!w{lUzGVo1^-$~+{7B>myc!(vF%AIUr-h9v#b%%fsR
z(nn@SiXllKl^G?5Bz<&dv>1}~$1;zJAxR&T86$=y{qfA>Vo1`*X2yykNq-{qgcy?a
zahY*qNYbCoJSm1GeSBuT7?Sj-GEa#iNuQ9JAciFU>CDq&NYW=}CW;|Re<t&c7?Si!
znMq<u(x1&dD~2R}a%Qp^lJw^?&xs*PpOTp(h9v#@%=2PM(x+yoiXlmVA@hP5lJser
zX<|syU(CEHh9rG@X1W-X^p`R(i6Kd!k(nWeB>m;g%VJ2<XJ%%KAxVEF^NJXf^jVo%
zVo1_o&AcjxBz<;fwiuH1*D|k(AxWQ;nIncI{q@Z2Vo1{8$h;wjB>m0In_@`P=Vs=L
zAxVEL^OhKr^m&<iVo1{8&b%##Bz=Bnz8I49cQWsYAxU45Ss;ca{oTyFVo1^#W)_Me
zNq;Z%o*0t!MVUonNYdZWyf20%eQ{>77?SjVXZ|gQBz;L{i5Qaf4>BK!AxU4FSt^Dk
z{lm<MVo1`LWtNE{N&hJGkr<Nn<(cJTNYX#fd@P0}eMM%47?Si)GM|VcNne>+DTXBd
z)6A!0NYYnjR*4}=|19&F7?SkWnbl%Q(m&69E{4GU-&-U<-BFUb{1T-@l;<Jw#AJ2F
z^VeS^$Cvw4Gw*o6AnyL&z}$AOCG%erUq}2a;_mO~${p`|GVi|MQEvWgGQWZNH^es*
z|CabB;@=V9O#FM|TZsQad@J!EiEktR6Y=fDe<r?z_%FnF691L>F5<rt-%b2?;(Lhy
zL3}UqKZ)-n{ulB6#Q!E<NZeG)wS)b=y1DC7Ks+QK5s!(dh^L9WzyCM4oh8Wp0mMrZ
zFGak7cxmEgh?gZ^j(B<E6^OS}e-DEE-a;~8k$8r9CE}HdS0R27@v6iRCSHyBA;hZ_
zKa_Y4;x&oaB7PY0+QbhhUWfP*#Oo42l6XDhM-i`2{Al70h#y0|A@O60HzIx<@y5iD
zC*Fkk3B;QcKaqGd;wKSrPW)uzEr_2&ye08diMzi)I@iyw$oy%<TN6K>cpKtp5N}KT
zOycc`pGCYq@w16{Abt+<j>O&fvCN(S=aTtO#Lpw%nfUp{yAbb6yc_Yy<@wv(pZv!!
z7m)ex#4jY?gZM?ndlJ8xcrW6Y5bsU=QsRAxUq-wy@ym(#BYp+({=}~&eiiYniC;tf
zTH*tUUq^f(@#~2XB7Ot$8;RdU{AS{}5Wki9ZNvu?{}=JwiQhr|PU3eFA42?Y;zNnw
zL;POi_YogP{C?uYi9bMm1n~!nKSaD6x&Qw#nSX@%qr^uNA4PmL@yCddA^te=vBaMs
zK90Eie&D&=%_qtHc;ZhHpFsR+;uDEKLwpkPXNgZH{v7cs#GfZVmG}$9rxAaV_;lhg
z5uZW)W#Ti5*CW@jSIGP<;;#~)P5d?DbBMoA{0-u75}!-_E#mWtzfJrPa=&gqnSY1)
z0^;uyUr78t;){sCPkb@)e-mFq`~%`kiGN6Z8S#&ZS0wxSax!0;%zsSgR}lY%_)6lR
z5?@99Gvcd>e@=W2@h^z4CH^Jxb;JwF_2nxvzn=Kl#5WNChWJL}-xA+M{5#^CiGNRg
z3-KR_ZzcXC@omI^BEFsY&%}2S|AqKY;;)eX<X1Aki}-KEcN71e_#Wba5Z_DuPvZNC
z|3!R1@xO@|5;v7|&q^f!-^BfWD7pKS0htepN5o^|iQkiw_y4>pGM^@1g7^W%OA;?d
zynuLV;$?`JC0>qrdEym_A4t3+@eJ`w#48i8Li`}&Rf!)=yc+RCh#yM42JxE2YY{(;
zcx~c`6R$)32;y~#A4$9(@uP^>Cw?^X2E>mc-jMjQ#2XPmj(B6@#}jWt`~>1niJwTk
z8S#^dHz$5F@fO5alH1c$$b3uUrxI^P{50aNiJwlq4e>LGw<Ufi@pi<|BHo_(*~B{#
zKZkfn;^z|YMEpGBor#}MybJNJ#Jdr{fOvP}7ZUG5{37B#iC;{-7x7Do_a=TR@jk@+
z67NU6Kk+MxUq$?C;@1+tj`;P&2RUwkZoj;_q3aD@Tj%|pf6i~}dQ;ca6~CqHEnV9v
ze%s@>J${Dbw?BUS<82kctLxoe&s6+w@pg*e)AgRNXDNPP*ZaD*SN#62_jf&8@dvs-
z(6xi&4|aX9>p6Lj``dWU!^2&R@1Gwi_lMKwV0kyX<m<TcLzubwN1b`=ff<!|{^x$K
zGL|2_Jji){TyDM^@zG?R$B2(1{y6cm#Gi0nekGzQCENdt^LoJC`7o|)@_ftrc;XX?
zPb5Bx_+;W!h)*RxjrerpGl<V5K8yHl;&X_<L3}RpdBo=vUqE~z@kPWJ6JJ7nDe+~*
zmlIz>d?oQ!#8(qvqk4I>HqUd{_ms59y2{1Zi(*d^Pn)mEyzUX1kBO(vda}Om5t)yP
zr_I-7ecdB69}`cT4P<@YBQhToPn&PZ`npGCJ|><v8_D{*M`S)Go;Kf-^>vTPd`vuT
zHj(vpkH~yXJZ-)s>+2qo`IvaxY$ogL9+CN&c-nkV*4I5E^D*(X*+SOWJtFfl@wEAY
ztgn08Y$fx$r_GOKUiY-wM&@--o1e(M?rF1~%<G;uKa+XgBQhToPn#WNecdB69}`cT
zU&#8pM`S)Go;Ewl`npGCJ|><vzmoNJPn%t2UiXO1$Hdd-H?qF&X|tQm>mHH$n0VU!
zPS)2wBJ(lvwAn+}*FA0iAoIGX&0aFEdqn1A;%W0ISzq_G*+=GePn*BUyzXhUU!6~z
zzg15WPn$wAuY1~<D*F9W-P0x@^SVc5ULFCf>qI70Jtm$uQ8#`2bx)fVnb$pSN|1To
z)21Yu*F9|t$h_`pQ-;jzo;KykyzUX1Pn!y49o-``pEeb%=$Du75t)yPr%guP&a|ma
z{2<~76F-Fbp~PzvKaBX{#E&3;B=Mt&A5Hui;>Qv{j`;D!Pau9G@so(3O#Bq$rxHJn
z`02#YAbuwCvxuKf{2b!v5<idl`NX>tzkv9K#4jR#G4V@?UrPKk;+GS@g7}rhuO@yi
z@#~0RPy7brHxa*u_-(}hMf?upcM-pv_&vn$BYr>e2Z%pN{9)pc5+6nUG2)LCe}edv
z#GfMmH1TJMKTG^M;?EO*f%uEWUn2f8@mGkyO8hnAuM>Zh_*=x^CjJibcZt78{C(p8
zCjJ5O4~c(7{Nu6O{i3v4N&GY7YlweIe7))^^G!Exds60G;s+7`j`+dEzbF0!@xzG!
zNc?c(M-cys_|L?TA^r>TV~HO}{8!??5kG<W@5E0eeiCv0_AX^^BJ=v~SIX$OUn!&C
zex=O)WPSa1CuQ{8os`jUcT(nYvc7(Mkuv)2Mauj^*3tVvW&R}de-YPvTb>^v^Ln4B
zjNa!dqxY5kukHnUKZL~fzD=2!%<DazGI|e3<Z)j_9`{8itsZY=^d5`M0c8FV^?Z)Z
zp~Pzv*Ly57rO5FfN!B@v_|e4mzKTp~a=dz<MCN3&{wc&yC4L(5(}|x+{4C;U6F-Oe
zxx~*SUY4A1=ac!a#4jLzA@PfdUrhW`;+GM>ocI;QuOxmo@oR}+NBnx?w-CRL_}#?s
zA$}im{q`s_`t4C<9wqCHBK{b0{dOuc<;i~d6j|qK;?EF&miP<AUnKq#as75JG6#~=
z^%_~{b>bPa&f8@E9pdj2e~)-&^>|})yAzY!o!A_vt{;=zi`eKrACsPsjo$OJon-s<
zo{Y`GWd0E1hZ5JXUop9U#pM25Z1nvqCi_)v^vf|e>~gI6gm%9uHnoW#p?ccXQ_qLA
zsZYEC@rJ}35pPVq3Gt@Hn-OnLyan-=#9I+>O}q{9w#3^JZ%@1f@s7kh5${aA3vvB=
zls4VSe0SnKi1$=IMfT4W**{Z8-#=4E-#=4E-#=4E-#=4E-#=4E-#=4E-#=4E-#=4E
z-#=4E-#=4E-#=4E-#=4E-#=4E-#=4E-#=4E-#=4E-#=4E-#=4E-#=4E-#=4E-#=4E
z-#=4i|4bQu|4bQu|4bQu|BT4?M`ZgWvi%X+{)pVJ$>Tot`VyH-$nCZMI3+gv<CNH(
zL)OtRub7<Pn4I32Zs(=y@uo~K_4KAaFDE}Yj-MSbzI7~qALEpXOz$U(56S=e*vnLp
z4D)_u{z~H45WkN2Al2phF4ZIADRZkjpECbaJu-I^zgzW`xtI9;sz-+T2z6ebH&Z<#
zo-!lJyzVLUm^z;_V^xoc%ky&Te9BBvJtCem&yacDQ)aR{pEA#@9uZHOX=I-HOX_^e
z%q0FQ@j0qTM)#C?Q=LzldBoo#zL5C)sz*lmlv$$Ar_6`MmlOYl_$t*S^SSCN>TA{c
z$mpIjUy*s{8_4{(s;A6m)g$u*@omI^CccySZ^ZWy|C9KB)#dr>ar*5`q<Um@msfJA
z^C?r3cxmG0RF|K>Qaxo3BwmU5LBy*OKa_Ya;)fHjOZ+I}4Tv90yfN_;h&LmCGVzwg
zPb1!j_?g7p6F-M|C)Fd;Z;@d=cD}lf+z(ehG8d{Y_qSD-`?sp6OdsNGo*nPyWS#!R
zuO>c#`1PtsWcwqd-)=_qe#?#O`YCgZ>S;5W_#MQDtkwE0ZSEsJg7~Av#}I##_(bB*
zjnlVtDw%)F@r*o%!0YK2IeuXF@kJ@~LDk~*@qWKKUrPK#;>(C1ll{%M_Bis_|A@>l
zcO0)Ft|+gd{n&B)_^6aw;dpNQKOw%-@iPCc|0(fRj+g#t{xipO+qo<6b-p;gx$XST
z@!b4sXPw;q=Z@#**EpV=|HARy{94Cz^Itlin_uU6ZvHFBbMyQ1UVoi`djE1fH^1Il
zC%69Bj_2k#IG&sT#_`<zM#ppW-#Tvhlk#Sh<M#3`Z`{il^JU~izrK_)+VutVA3B%2
zJ>D`#yIx>kzaEt_?)4(Kj(a__`*RuN?$7r8DP!{Y&ss(MXBm^ff5LO~`TJ-7eE$BK
zKcByU=FjKvpKxq{ft=p&obx|-x;7L4-f{c-`Z9^v*JD4#`A|y!-lEJ`6#pU5u{~G^
zzLof|<Z}EmZyv{szQyU<=6LS({-ijLce~?w9{}|B&)tjrx%hb=c^#SR@;Wc#zY+gk
z_1OHOy1WiZ_1OHSy1X7ob$Q2#3$@dgHlgaViB(UVwCeKzfU2iWse|?7El@pWbWfYo
zWL|f99SWJ(J#EU8dEMo8D`Z}GdEBJV$Hdd7ygHvEF0X$f^SaCHU)1@Sc-kDO&dcLI
z)#Y_Gs;7v{>uA(@c^!@F@;VyTQ^e)xuhjXNc-mA_=TpQZ;xTb~y$@MmclkLnbzc6T
zSM{{1qI!yWL_8**HV2XQbx)hBWL|f9Hybjqd)ibZ^SY<aA!J^6`F|F5J|><v)z$eF
z@rZa#JZ%mo>+3H6@1xGg#M7pRI-epQ5s!(dO--`C?h%=fiKk61vcB#SnU9I5&0%DH
z-6JwDKPRKElQy+gPZ5uZ%g=SF>!i)$s;7uY#AD)VQ-`dtdqn1A;%RdPSzq^v%*Vvj
zrY>1u_lV5L#M9<TvcB#SnU9If&*zZ!b&tq=OgwFlBJ1lOk@=Xo{2UQkUw645TSdE{
znIfJxN0aq+kH~yXJZ&0WsBe$%Y15F*>z+1^$h_`p)0oV=ZXXX88252*&YK)ue7f-X
z%RbI3@E%v%$7KcNaan=UAD0yv{c&i4Il(zz`*^v4JiadQ9$)9SUw=GX;60wjd>MIU
z=|2BpALkZ$k8^YL+Vc-sr>V33@~e<dN%5`D<J_Ddk@u4bIG=M~gLqBiKa%yg5&wz!
zcH%!1-{E-f{L!CpDe#`3vCj__kmn5wjQjjRZr*)9A$Pg!&*v0)&jZL=Z34MmR;5mq
zOAN8^f1dNzsb*qG()X7-NeoH)=c(pmNYdA&P8LIwUb&!!7?Sk0sZ+#|q<@)eDTX9{
zUFuXZB<WwJT8SY^U!OWn3`zResn%jh(l?||7ekW%O{$F;lJt$KGsKXjZ%VZlLy}%l
zaHbfN^zTyb#E_)_QTi+~B<Y(|?ZuF!f1f&A3`zRM1s%kYq;E-`BZegXx`K{kNYV>S
zpDTtWy<$NpF~oYV$MT;?%{^aNQT9Xk`7ZnXYJtgreiieTWWUAydD)e*x?SHszgplu
zznYtW*14YA_gO8F)#Oyk`;H>$pPUEc=ZYcu9*TDoL-IWmKTizF_gK8M7?STP@$<!y
ze3y5QDeNMK<a-J6u3|{OA0XaM49WMB;unY^`CdxAyBL!11>zTqA^BcfyoVT)?`6a<
z5<~L6tawi`B;U)4Uo3{?dwKC*Vo1JM5WhqW$@c@rdy66YUQzr~F(ltJ;(f%Be6J*a
znHZAqmBsstA^BcK{BkiQ-wzV+Cx+yERq-pt5O{9?cc1sp^?7G!f6ndy?(^Zf`SYFm
z-1=Se9M_lJI$a&Nw-=>N{{Oq-d0@LvX_No|DHV#=DQ)uqKLws!C;$H`uujgq<sEPC
zdFH^BHsvbV>n{Gz_Y25;cj6Zk??L<`;ysC9OuQHIOB~007~}Nzb{x;c!#9@K&xdb`
zZzBF3@y*1)C%%RF55%_;|B?7M;y)4JPW)%$JBa^6d?)c=iSHu*8}Z%5e<!|&_#edg
z691F<KH`57-%tE+;)TQwxxNR)L*fzfn0ShKns^D~2M{kwycF>Q;-!gS>hwmgPx|D$
zlu6Dnb3E5Gee*mc{hag5^E|(Y`w_o_cz@zo62FT0)x@tMel76<#IGYhkofh)2NA!4
z_>IJGB7QURTZrFE{5Il)iT{iE?ZodOekbv}hz}utH}Rpw?;(CK@%xAmBYr>e;lv*x
zK7#mz#2+I5F!4u-KT3Qg@lnJ_6Mu~O7~+o;A4~iR$8*oWjmvY~-_H4yj_2+_k9R!x
zIPodREC2I&bAsc!^`9m_(Q&&@Y4c2;qi^l@ls1!yKTCWv@#h@R9q$z4&pTc%dwP?v
z4>~|@TuLd9?Z+c%JZD#YFV^0lmxJW~EqtmR1LFELF~s%hVu<TA#1PkKiXpDg5<^^{
zErz&0M+|ZO4Kc*^xnhXx^TZI>=Zhh(FAzgqUnqvSzDNvleX$tg`Vuk3^`&Bn>&wIt
z*O!YSuCEY7Twf`MxV}mZaecKI;`$mf#Pzjei0kXb5ZBj>A+B!_LtNh|hPb{-3~_z4
z7~=XCF~s$)Vu<V8#1PlFiy^M>5JOzwDTcVdOAK*+w-{pGJ`ZNE*Zt)=3<THre7{Nz
zas3)G#PtDUi0cEz5Z4EZA+FyjhPZyS7~=Y^Vu<U5#SqtT7eidXQw(u^h#2DfP%*^y
zd&LmfhlwGs4;MpRA0dXg{*V~r`Xge9>m$Vw*GG#Xu8$EzTpufjxIRt{aecfP;`#(J
z#Px|{i0hNY5Z5P*A+ApmLtLLKhPXaW3~_zB7~=X2F~s$mVu<Ur#1PkKiy^Mh5kp*m
zLkxiz-~R5A>onr}UNOY=ePW2~`^6B~3t@@})d~v{cRmtBTu+H1u9px)TrVkxxLzQJ
zxL!sKalM=v;(7%!#Py0|i0hTa5Z9}SA+A>yLtL*WhPYl`3~{}N7~*;@F~s%SVu<T?
z#1Pl(iXpDo6GL3DFNV0@Kn!ucp%~(NBQeDF#$t%;O~eq_n~EW>Hxol#Z!U(o-a-tq
zo_{+ySFUr2dwrZIhPXao3~_yd7~=XuF~s#nVu<UD#Sqt*h#{^o6+>KKCWg4aTnur2
zg&5-cN-@OsRbq(itHlu4*N7pmuN6aFUnhpRzFrJ*eS;X{`bIIt^-W@k>zl<8*SClv
zu5T4XT;C>!xV~Ksaeapv;`&Z8#PwZbi0iw>5ZCvJA+GNgLtNh{hPb|83~{|s41pKl
zezlbA9O8N_F~s%OVu<T)#1PlpiXpDI6GL2YFNV0@K@4%dqZs0PCo#nJ&SHq`UBnRA
zyNMyLcNark?;(b`-ct;5y_Xo`dT%kr^*&;V>wU!#*ZYYfuJ;#1T)#>Tas3)G#PtDU
zi0cEz5Z4EZA+FyjhPZyS7~=Y^Vu<U5#SqtT7eidXQw(u^h#2DfP%*@M{_RvySMHHX
z-0NK=hPa**LtHN*hPYl*3~{|c3~{}T7~*<4F~s!>Vu<S%#Sqski6O365kp+BDu%dT
zO$>3px)|bm4Kc*^T4IRnwZ#zE>xdz)*A+utuP27MUSAAxy@43wdP6b9^+sZd>y5<_
z*PDnTt~V7!TyG|ZxZYe0alM5Y;(ALl#PwEUi0iGz5ZBv?A#nTuYxen&wqm*Km-Pe8
zz1eG=@AnZuO`aKTr>rwf=G!a&RUo%6ir+8u9Tgug-bwKX#5*fKLcELO8|8SrDgLc^
zcf}u+b$TfNka$nU9~SSW_#@)I6@OH`kK!Z6`zro}Y-c~kN6CDD#Vg7DRf><6`D+w^
zOniXiW5fq4{<!!c#m9=@sQ7@4+`1_Kgv{Tn_><y;6(28tyW&rY->LZ1;zJalC_Ys2
zfwDi}tN0|DAEx-T;=>ik&x4Ine6q|xr1*2<k0^e68F@}i@#kfJwBmc@av!7kRGA;E
z_zU9W6rUzOUhx;jCn&y8j(4Ks(`9~=;xCC$R(yu|6vbZ_pQ`vw@o9>`B0gR5S>iJk
ze^q>@;<LqPDLzMhcAn$^kI<pEIg9%f|8J!^9v4`DLsmj;KNtI4F~s$GVu<VW#SqsQ
zh#{^o6hmBJB!;-YSPXG}i5TMgQZdB!Wnzfy%f%4aSBN35uM|UEUnPdPzFG`%eT^96
z`dTr>^>t#1>+8i3*EfhEu5T1WT;C*yxV~8oaea#z;`&xG#Pw}ri0j+M5Z8BzA+GNf
zLtNh_hPb|43~_yr7~=X~F~s$KVu<Ve#SqsEVTuQb$fF2}J0FQ5uBXHh*Gq^Yu9p-;
zTrUtqTrVSrxL!^SalL{V;(A3f#Pv#Ii0f6v5Z9}UA+A>wL#*R*S+3vaNFO4(`=2>~
zLkw|!t{CF_JTb)e`C^Fc3&arD7m6XSFA_ssUo3{WzC;XheW@7Y`Z6)Z_2puS>np?%
z*H?-muCEe9Twg7QxV}aVaeb{A;`%x<#P#)Ji0d1~5Z5<~A+B!{LtNi1hPb{(3~_y{
z7~=XiF~s%lVu<TI#1PkaiXpD=5<^_yErz(hM+|X&uNdO`J~71g{bGpgg<^>7!I9E%
z64xU!#PyUI;(7@&#PyP5i0cJni0fs<5ZB9zA+A>tLtL*YhPYly3~{}R7~*<WF$9kL
zZ+PtudM)=S=lB`ZoZ&Ov{@iK4f0D`f>K7INi+nHE&l2;s{^R@?iTOIty!>Y2>}wv1
z*FWK1Y$SdT3im0Cy|C~Ac~PYNre<gU#O!>|>*cMFb#mT-c=7sQW%B2X{hO?p@V4iq
z?D6{kT?Q9O&Ku<)Z=N?HUVOYKll4y}{$uudbEmg>ol_F?&B*b#AYQ!AX^C}O{m1#!
z6Z6IE{F*p_iv9P5w;}7da~%7K-A_6kBG1rB?0#PC9mNpWJBcB#cNRlj?;?h{-c1Z~
zy}KCVdJi$g^`2sg>%GJf*L#a0uJ;i`T<<G}xZY0;alOA7;`&u$i0jvgA+8S)LtGyy
zhPXaR3~~KNF~s$o#SqtT6+>JfEQYv#yBOm7onnaVL&Ol*hl(Mt-z$c=K1>X8eYhCn
z`Uo+^dj9_}RFm5T1ihW_)x{9kYltDP*AhcquPuhSUPlaZy{;JIdOb13_4;Cn>kY&Z
z*Bgo<t~U}xTyHFfxZXqzalNS+;(9YN#P#N4i0duH5Z7CZA+EO)LtJkyhPd8F3~{}!
z7~*<6F~s%uVu<S<#1PjziXpCd5<^_?EQYw=MGSGhn;7DHcQFK>yPd`L!Tvde-0u9D
zxP5u(qTGC8A#Sg6yJ>Gn@;rP0p`_~S{S$fMSbV!PQm&(j-OgekErz&0MhtO%tQg|@
zI5EWa@nVSU6T}eLCyF7iPZC31pDc#BK1B?1eX1DZ`ZO`b_32`W>odd<*Jp|$uFn!f
zT%Rq5xIRY=as3T3#Pzvii0kvj5ZC96A+9eFLtI}dhPb{+3~_z27~=X8F~s$yVu<U@
z#1Pk)iy^MB5JRlz-|qB~>nP%0e|w4{uJ;l{T<<N0xZXz$alNk?;(9+Z#P$ASi0fC0
zA+BE|hPXaJ3~_y+7~=XMF~s#7#SqtT7DHUWRSa=`uo&X{?P7@QcZwmd4-rFLA1a2p
zey<qf`Y<uX_2FWO>m$Sv*B=r?Tz^Ciaebs1;`(SY#Pu;^i0fm;5ZA|vA@CA%OXA*+
z)Rfy7{C`T)|IR)x_C2hGb#lJ)B3!fVp9AxJb&;nl<@?$qFD%UW^~5(4-%Na~<0Z@&
z&gnYypW9#8?d@y{^Q|+Vb9eqMvd-DW&mn#;@$<5tJD+psv7Bp(^S{_DCwzO+`EYRJ
z{NGvRH50zO$di}LUgG<S2R)0o2$wJRsX#tfrQqXbFSPq%&R1uBg6I3Q@5eIH^Ut&M
zlRRIO^~s)B&b}Y`6wlXY=cju9W!9&8zAo$2J^w1}Gdy3P^_iZ3o%LCsZ^-&=&%ep~
z9M3mq{SD7IWqq#a1=;gqp6B0X=jVI=M`>JA3q0SPonPqr_gP=$`Ni4eUF`Xm?EDhX
zuglIa^}H~<J<B|=n4Mo<<o5O*dzakmXEnbMu_wxN|BB;%dsZoq_w8A&INrBsjpBIU
zp0$eOeS6j^j`!_ZuQ=YfXM^H+-=2+%<9&NJDUSE;*{nF;w`Ysuc;B9_isOBIwkeMH
z?b)t4eokYD;&|Vlor>dqdv+;~_wCuOINrBskK%aWp1q3WeS7vPj`!`^uQ=Yfr%-Xc
zZ%<GU*NtS4*?x<%hv4=x*>5S&ZNHW9-1b{Z&uzaIcy9ZxjOVuB%6V@4t%B#a-zs`;
z`>m4aw%@9FZu_mO=eFOfd2aiyy63jvYItt@t(NDu-)ehq`>l@Ww%_V{Zu_mC=eFPK
zdv5!!f#<g08hUQ~t&!)p-x_;v`>jcl=l5IFtor@dOmXyEbH&kbEfhz;wNxDa)=F{o
zTWiJ9V{H^ikF`}CJ=RWf^jLev(PJGHM~`(>96i=aar9Vc#nEG36i1JBQye|kU2*hS
z55>`AJrzff^->%?)?0D(SRcjFV|^7zkM+y*TwmE9>z_Tu@3E^qw>@@^=eEZNcy4=a
zpy#&726=9K>_*RRkKOFK?Xg=uw>>u4bK7ILdv1H|PS0(R4e{Le*ig@HkKOCJ?Xh8=
z+a4S4x$UtLp4%RK$aC9ck9cl-Y^3M5$3}Z@du)v7w#UYLZhLH;=eEbj7kPe<O~|U>
zV-poek4;h>JvLc!^w<=|(PL8;M~_WY9QV_vD~^7fp*Z?&rsC+gS&F0IW-E?<o1-}T
z?G44zZ*vt#zs*w|{Wf25^xFc((QgYCN53sn9R0RfarD~~#nEp|6-U1<Qyl%aTygZ<
ziabyD+sf=A`Tb^lY?bG>$5wl8dufg5wrAFQZhK~(=e9T2dv1GUgXgw4HhOM*W0U8$
zA2xe#`(cacwjZ{7Zu?=I=e8fVdv5z-hv&8*c6x66VONpo_rvb2`u(s+arDDp#nBJ@
z6h{y2R~*;(Ld9`?501*-{m*-zEs*!Pk)Qoh9M|`h;<&z-P#o9yl8WQ{UZ6Ox*JTvP
z^}3wmxL#LK9M|iLisO1+NpW1St0<1^bydZ2y{@J>uGiHS$Mw2~;<#Sd%Jby)x_0)E
z{Oh%SeyNV<_WEAeb9;TS=efP#Qr~lXzomiawjUaLZtu4=^4#8UY3#Y}lO~?qK56Q?
zz2DNzb9=v~x#zZjT6k{zr={n%e_DBN`=_<%_I^tn&uuTY_1yMSJI`$|wfEfiQU}j%
zFLm_X_EIO$Z7+59-1btJBG2!oZdvtvsk`Fnr5=i-mwGCW`z^f`M_=_;9QRxLD2^WM
zt2lbBpW^7T{)(f=u2LL5c8%ibu>p#s#|A2n`z?bMN59>uIQs2o#nErKDvo{|tT_7Z
zcE!<ecPfs48=^S+ZK&etw|f;wzYS9y{Wd($ll?X#dx+m}4|#5T>=DmxkB#))_Sk68
zZI6xd-1gE~&uuS_^W65*c+YJwP4L|I(nQZ~FHQ2?_R?g}Z7)sn-1g5@&u#xq^W65&
zbkA-7%<$ay&rHv4|IG5-_Rs7h&+nNzS@nD74aLzja}`I=%u^gaGhcD^%mT&HGYb_*
z&n!|LJ+oMG^vn{)(KAaGN6#!%96hsKarDdz#nCe>6-UpkQXD<AT5<Hu8pY8wYZXV&
ztWz94vtDuZ%m&5LGaD60&umg0J+oPH^vsq#Pxj2#>>+;7Z1ddq%y!Rh&+PEr_RLPt
zZO`oT+}<zR?YZrrJ)YbC+3UIOpM9R&{@L%j?U_Q)ZEpni-RJ*pZ$zHk-bi_Fd!vNs
zwl_+8ZhND^bK4tbiaftJ%4OB>jS7mRH!3QQ-l(KFdZUWs=#8q1qc^H4j^3!QIC`Uo
z;^>W9ilaAbD~{f%qd0n_uHxv8dWxer>MM@kXrMTHqoLyHjYf*2HySIB-e{sYdZVf0
z=#6HIqc@r>j^1dYIC`U{;^>W5d7kWz*4ab+-e}{wef-tdbK58FJhy$)-gDb09Xz*v
z($RDK_^XrWwr4tfZhNMS=eB3Md2V~AyXUrNdU$T{=k)a4_D?U*?fsnIp4<C5eLT01
zzxsM^d#s=5w#WK=ZhP!1&ux!g<GJmz0iN3)8|b<1u|b~O$6q%Vd49j$oK?TyZdDxp
zHdt}=+wF>@-|kc#{We5#^xIIy(Qo%Ej(!`aIQnh4;^?;#ilg5iQXKvEh~ntCk&2_=
zMk|hf8>2Y-ZLH$xw{eQ2-^MGBew&~;`fZ}(=(kCVqu(Ygj((e>IQng>;^?<&d7kXI
z>Dfd4ew*RB?YEhp+kTtnx$U>vp4)z#<GJm(H$1ofHrI38Z}U92{Wjlo+iwdzxBa%z
zbK7r=Jh%O}*mK)&OFXyzw$yXmZ_7Nl{kGh5+ixp8xBa%#bK7sLJh%O}+H>1)YdpWM
z0QU^ndT#q|o#(dS))#qxzir5>-)|cgN55@S9R0RgarE03#nEqD6-U2qQyl%aU2*i=
z4#m-LI~7O2?NS{5wp(%Z+aATyZ+jI-zwJ{T{kC6m^jo3g=(pf#T*k@E1^pH&j($ri
zj(#hlIQp%m;^?;m#nEqN6i2_6Qyl$PA<vWjRxx{s-*1&XxBXVdbK7rKJ-7W<&2!st
z)jhZUR>O1KZ?!zP{Z`v^+i!I|xBXVvbK7tAJh%N;-*ek<4LrB~*3fg?Z;d>+{nprX
z+iy)gxBb@CbK7stJh%PU+;iJ+Ej+jV*3xs^Z>>DH{npxZ+iz`(Jip)CW;J;|!p~>6
zQyl%)UUBqW2gT8E9Ti8vby6Jt)>(1%TNlOAZ`~9}zjap}{nkTq^jlBG(QmyJN5Az}
z9R1cuar9eX#nEs56i2`HR~-FzmE!2PYZOPn4Nx5YHc)Z&+aSf!Z#OEAe!E$5^xLg@
zp6s{5*+cw(yWMl!Z+Cib`)!Elw%>+&Zu{+C&uzaA^W65^aL;YOjqu#|+e4n)etX1o
z+ixR1xBWKSbK7rYJh%Ne)^po$<2<+hHr{jFZxcNKqcm<|CwgxCZIb7<-zIx*`)!Kn
zw%?|DZu@PT=eFObdv5z}Mv>?D+sv%`{WeQ+^xJI3(Qk7UN58$HIQng_;^?<|ilg7=
zD~^6!pg8(%q2lPbMT(=}7AuZ^TcSAnZK>kuw`Gc>-<B(mep{h9`fa7+=(kmhqu*95
zj(%ICIQng^;^?<^ilg7wD~^8Kpg8(%W1c7bZBzCTzuz`{Zu@PE=eFOrdT#q|o9DLQ
zwtH^-ZHMQ!-*$R#`)!x!w%>MpZu@PI=eFPWdT#q|pXavU_Iqyot<ZDZZ$X3H{r}wg
zZ~HCs-1b|_bK7qvJh%N;(sSEy1)ke}E91HCw{o7_eyiZQ?YD}a+kUH5<oW$pC98hF
zRaG4QR!wpATXn_JZ#5K0ztvJ4{Z?CX^jjUp(QkDXN59om9Q{^bar9dQ#nEpK6-U1{
zQXKu(SaI}Q6UEVQO%+GKHB%h@)?9J)TMNa}Z!Hx^zqL{v{nlD>^jjOn(Qj=PN58ep
z^W62z{#<(d>>+-?b@1HwTSw1rzjgB5_FHGqZNGK#-1b{H&uzbT_uTed56^AC_4M5K
zTQARTzxDRq_FEs%ZNK&P-1b{P&uzc;_uTf|Ri4{^yT)_dZv#BH{Wj2Z+i!zBxBYgb
z=eFN&_T2W{t)AO{8|=C5x7&+6zu)f6s^4!z6i2@eRUG|xuj1&pVTz;QhAWPK8=*M*
z?IFd{Z;vRBejBMc`far0=(jP7qu<6Vj(!`bIQnh8;^?;tilg5qDvo}eq&WI*vf}8s
zDT<@trYeqpo2EGWZMx#<w;76~-)1U~ew(Fus=D0&S3E5~C(m<zSVCML0b~!!@52MK
zKG*Xa1(=`bdCBbje9uc|eSzl%SzqXR>8vmEd~}54UF><8?EDhX%VvG4=jF1#%=7YD
zU+#H@tgrC=z^t$Iykgc@d0sPnzOD8=lbv7Vd8Mqc^?XeBd|2ms<?Q@=&xd5^H+Wtp
zJHOHMgR;KK^Qu|j?0F`8y0#QKe$Omk9er?i9+z3N_d3Y-Y|Tz5{T%Uaigy&>uK2m)
zI~4CEzEkn@#CIv)S$wzR=Zo)Aysr3O#k+{_Q@pGAe#L9c^|w&*ZZaPnlReuKuM4<9
zJW{;7cuMgL#Y-sOL%gKoqr?jozev1{;yuO7DSokd1;u-bS5*8G@k)yK7O$fCrQ%id
z-2PtUz*NiI-zrGC<!*lu5wDgvpY!VC)fGQfyoTa6#A_*DQ@pm~wZ!Y>d9rWoW)JcE
zww~v<Z|i$*`?i7Swr?AHZu_>8=eBPfdv5!-iRZR&n|f~hwwdR)Z<~8=`?iJWwr^W{
zZu_>C=eBQKdv5!-jpw#++j?&Mww>p;Z`*rr`?iDUwr@LnZu_>A=eBP<dv5!-i|4j)
zyA^qEe@3r%&#K?6JrqZ;_Ea3b+DmctYH!8St9=wlul7|Oz1mN4^lE>_(W_S}j$XY+
zarEi{#nGz+6-TcQQXIW{qvGh*n-xc|-l{lyb+F>-)!P+EuimLRdUc56=+&W$qgU@$
z9KAYBarEkN#nGQ56i0tPq&WKX5yjD;BNaz~j#eD~IVR7O{W&&!h~J;%Jh%Nh-gDcZ
z6Fj&5Ini_5pOZYd{W;ll+n-ZBxBWTQbK9TOJh%Nh-E-TYGd#EbIn#67pR+u-{W;rn
z+n;khxBdBs=e9rRdT#r3p69kd=X-AZbAji!KNos#`*V@!wm%npZu@gdk>~g4(yaRZ
zxlD2N=W@l-pDPqcf38#<{kckU^yg~D(VuG+M}MwW9R0aYarEbU#nGP|6i0t<R2==e
zNpbY&X2sE;TNFosZdDxpxlM8O=XS->pF0#sf9_Nq{kcnV^yhBH(Vu%1M}O{B9R0aZ
zarEbY#nGRIilaY+hW_IM^k<|v`ZJa1$^I;nJ;d+NlAhcCEb!d+XBp3Jf0pyy_Gbmp
zZGTqu-1cWB&uxEJ@!a-jRnKjIR`cBUXLZkQf7bBa_Gc~6ZGYDG-1cW3&uxF!_1yMn
zJ<n}_*7w}@X9Le|e>U{o_Gcr{ZGSfQ-1cV^&uxD;E%N;SY?f8OKbtF#{%oN*`m?3t
z=+9P)qd!|Kj{a<;IQp}#;^@zIilaZ<D~|r`pg8)oqvGh#PKu*HJ1dU<?4mgOvzy}R
z&+dw&KYJ*S{_LqZ`m>kf=+EAYqd)s7j{fYcIQp}n;^@!*ilaZTQXKtxjpFFf0g9tP
z2P%&K9Hcn<^Ts?+_UFynL;U`{)pOgQgFUzXdAsMfKkxM1_U91KZGR5+-1g_ap4<K$
z=DF?9;hx+69O1d`&xbs>{rQOJwm(ODZu@hz=e9q`cy9Z1tmn2r$9Zo1bG+xaKPPx@
z`*Wh_wm&C%Zu@hx=e9qmcy9Z1YLVyn=d`T){W)E6^ydu4(VsIFM}N*z9Q`?4arEaL
z#nGQ{D31P|t2p{|p5o}w`HG`I7buSYT&OtubCKfc&&7(PKbI(u{#>d!`g57$=+EVf
zqd!+Dj{aP!IQnyy;^@!SilaZ*D31PIt2p{|o#N=v^@^iEHz<z&+^9JEbCcre&&_$B
z>(9f)<q<&k5cFqm|G!_he{0@+N%?;S{6>PUrR;rP{EhjXA0him?oYngAYPOBk7WIA
z#D5~bo%qkhcQ|g(2m5=Vw&k4<`M#a_4&pnBKau@yi}^icj~BnA7k`Q`7wZ#=?;`8t
zcjap9>?ZSji0>u7kNAG#g~Wqn_3ey^r-+vzUXpkL@iN5A5wAeJBJoPZs}QeByc+R2
zd6zq`@Amgg)|P8LV)v_JuOo)IURMlpy`C82dVMj(^#)>y>kY*a*Bgl;t~VA#TyG+V
zxZYF@alM%s;(Bv2#Pt?pi0duI5Z7CYA+EO;LtJkohPd8V3~{}k7~*<+F~s!_Vu<S<
z#Sqs!i6O3c7DHU`B8Ir$O$>3pyBOkn4>82`o??jWy~GgLdy65i_Yp%}?<<B_N6+Ve
zA8U2Fej&LY&Up<n#PwQYi0ie*5ZCL7A+FaILtL*XhPYl|3~{}I7~*<EF~s#oVu<UF
z#Sqt<h#{^w6+>KaCWg4)Tnur&g&5*`OEJXtR$_?jt;G=6+lV2qw-rNNZzqPh-d+rG
zy@MFydPgzD^-f}l>z&0A*Sm-zu6GkdT<<Q1xZXnyalNM);(9MJ1diYDnUed5<qyU+
z$o|Rq3dAcBKZtmJ;?;;(CSH^H(Zr7+UYGch#Oo11g!o~^4<~*o@jAp0CSIL*MdBIa
zRftz5UW0fo;<btQ%Qm^cAO2c7w|6G@+bhU?f8s|u$BW;GThf#_SN2S<pYyAUUrYQt
z;@1<uf%r|tZy|mg@qZD&!*Tn2ZOWUwCM3^?oDU^_AMxSDA0++=@lnLb5PyRBc;ZhJ
zpG5pQ;!}ygNPGtISBTFh{yOow#NQ^qfcSgF7Zd-0_%h-jt6sv`*9#Q)fZY#E82j_>
zzOU@5?YAY&D%H#W^ZSo_%dMd86T5y{W8a^)kLPxK`g(3(ztGQf`}&3cp4-<iT;;ia
z{lYb#+t)7)@Z7$BVW8*s^$UYMx36Eg(R2Iyg_}LMuV1*;bNl**!JgaKFWm0Aef`3n
zp4-<i4DsAvzC%5?uV1*=bNl**VV>L9FAVqGzJ6hZ=l1mr4|#51zwn6X_Vo)RJ-4r4
z814CLvLE*7tnIgD%^EVlmiW2}`Z`~$^Y-~D`N<$>J99pk_&DO@iBBLtk@zIylZj6u
zK9%@1;?s%GAU>1$EaJ0?&msN>@wvq35uZ<d0r7>z7ZG1fd`ZG9ngh%?%6<s{miTx1
zE<c=X`#HCNF171>zKr<t#P;C1Gka}WL3}0gRm4{lUqgH?@pZ)46W>65Bk@hdH(U44
z&n?8al6AHb-%fl7@twqX5#LRG5AnUk_Yt>yOU<J5r>yxtfB%#nD!G5!`SS80B6q*y
zhrIckMe}9NkNKXr{<iYPeV%{3i^}AA-a0>3*L^$jpNT&}*55(qe<9wooW4Cf$^5Ux
zcjbHD`7^wdzW#6d^LgjbZsNZa-$VQl;(Lj2A?N3xWPTs<zliTA{x|VL;`fm4Y)URi
zbEtm)KbF7W=AHj1k#)w9`5=G&yvw~tS^ap!{Q11&jq*KjotSuvc$)ao{O!+Me|i4-
zndc?QItLIhNxW3P7oFbnrr>Gq{3&nB60bl!L%a&{gNausUXyrj)k~No4$V7VMdxP;
zQ`hlIa@#Hk=lw5rVPQ>qk`vE!%GqR&%%2y?c|GDs5wB0Y0r6vqHza;6@kYdtBi@+!
z@x)Ic-jw)>#G4UsPW)uzZa?QPuNGv!CGk^<w<3NT@z%s2%fG(o?N@Ec{29dC5<io8
zqBru6w;h>3i+FqDXA|#0{2byPiJwcn6Y=wipHI9C@vg+X5${g?LgGD$Uqrko@r#M~
zB7O<+-o!5@-iP>Q#QPGzoOnOtR}k+{{7T|i5x<)FHN>waK7jaj#0L_;p7<c*HxR#(
z_|3#`A$}`y_x^vbhi@bEgNgr(_#MRWB0hxp-Nc6yzlZp}#P1_MjQIV;hZ7$`{6XRm
z5r3HYqr^uNA4U9Sa(g$L%s)na4DrW_k0m~i_>;t+B0hom)5Iqde}?!Z;?EMFO#C_G
zQ;0uLd@Av2#9t&no%l<{XApmj>{m0%{4C<H5}!@{HR7)mf0OuJ;%^b3NBnK#^NGJh
zd;#%yi7zDn9`W~yFDCwP;!B8sKzu3j4~Z`${t@xz#6Kp!g7_!IR}%k}_-Djd6aSp}
z8sc9NUrT%)@vn%lC;m0@4aC18zLEI1#5WQDj`(KcTZsQad@J!EiEktR6Y=fDe<r?z
z_%FnF691L>F5<rt-%b2?;(rj|OZ-pb`-uNV{BPog#7&L7=dbb}rw7DC;t}zfc#3!l
z;s+2fNxT&C(!|RUFH5`}@$$qg5U)tQ67ed;4<ddr@oK~mAzq#Mp~PztuSvWX@xzE8
zPP`8BBZ$`}ekAdF#Oo73ns@`^4T(1*ejM?}#E&Q5g!l=>n-V{fcr)V7iJwgT6yhz3
zw<3NT@z%uK5I=)>TjK4Aw<mr!@eah#A>NVrxx_mWKaY54;^!0ZLcA;S3y60o-h+5g
z;ujOYg!rYzFC*TU_~pc}AbutBtBGGrd;sz5hz}%wJ@G-rZzO&b@tcX?N_;T!+lk*n
z{7&L`5g$T)DDiuV-$#5H@!`ZDAU=ZlgTx;u{s{3$iH{^ciuh>aV~9Uad@S)Nh>s)w
zB=PaYClH@V{2AiU5}!<b3i0QOPbEH$_;lhg5r3KZOyaYMze;>I@z;pYA^tk?H;B(A
zK9Bf(;tPnsOMD^m_lPed{yy==#Q#lv3GokzFD3pV@sEfvC;l<<6~sRwzLNN-#8(mj
zjQDEepA-Lr_?N`LBEFvZ*Tgpv|AzRt#5WP&O#FM|TZnHZzK!@##J3awnfMOkzYyO^
z{8!?;i2p`>H}T(z?;-vN@x8?VB%Uc-So8-!Uz+>>*?nYwKk>hb7ZNu$3yc2bA8$ZB
zBpwq_6E8vh0OHli`BRe27Z5K^ybSTO#LE${K)fRH4Dm|DD-%D6cva%nh*u|mDDfJ^
zYZ5<<cx~c`6R$)32;y~#A4$9(@%qG%Cf<PfF~pB0-iY{d#2XVop7;sGPbA)q_({Z@
z6K_HM6ym26Z$-Q{@zaU7A$|t&w#3gQ-j4WL#Lp()f%rMZI}$&acqihWiJworEAb16
zw<kS+A(`(;=6jI&i-`9melhX$$?^7b<^y?WujEH0?{5;x?R(ns<WvcRk4Ro&RZ>1m
znF0yEDs9Th-(^iXdChw{`KX|Ll#_`A<)^4K*?&<<Uc*ww9Av7RgH1Jah^cN4H8o64
zQ_CD?YMaAN9dm@KYmPMa%u%MkIodQZ$H=jil;de=j+Hbr$C<|Fc+<q3V49i}O*3<n
zX>Lw7EzBvVr8(8KGN+l==5*7>oMGCUGfg{lmi+tn^6%RxPGO0}cga)BzdKvDq~M>A
z4)XOmrlUF6bdt5tldn3P^Gz4i)pRo#nC{tAd!gxJE;2pM#ip0JM5MR5)bufznZD+7
z)6ZOC`kO1wRpx4Qjk(qgFxQ!Z=6W;8++c1rH<_Dd)mzN1<~B3f{L9>K?l5<nyUY-C
zw;5{gG54DL%rJAm8EzghBg}*5A@i_##5`(7no(x7dCZJ4kITOwYo0LU%#&ukdCE*M
zPn(J688gW|YbKlL%oOvynQC4z)69!zx_QaWFfW^#<`px`ylQ5f*UTLAx_QIAY37=@
z%slh9nQz`P3(UJ_p?S|NGVhzk=HF(C`M@kSADU(6BeUFmY*v_0%u4gAS!F&mtIg+T
zjrqc?HD8)_<}0(_d~G(EZ_GyXt=VM0Gn>u#W{dg3Y&AccZRRJl-TZ8Jm|x6J^Q+lq
zelxqx?`Dtr!|XMGntkRkv)}w}3gyS{gCGo|AP!PNIw%nw5R?o`1qDIrpiEFUC>N9u
zDg*}x6@yGrDX1J&2@VRX1_uY#f<uDp!J$Eopk`1jI4r0g93IpOjtJ@oM+WtRqk{Uu
z(LsaYn4n>BY|tn;E@&JaA2bP02$}{b2F-$#g66@=L5tv&pk;7s&?-1BXdRp$v<c1#
z+6HF^?Siv{_QBafhv1x`V{mTJDL60a9Go9?3AzT|f(wG~!G%GO;G&>saIt)4KY9h1
z1igbxgFeA!LEqr=pkHuB&_B2`xGK0hxF)zZ7!X_+3=FOh1_d_+HwHHaHwU)_w+6Qb
zgM)tsw+D9wcLsL_LxQ`5p}{@Dy}^CKu;Bh+c<?|lB6u)(D0nz{BzQC!8H@@>2ag3~
zg2#ig!4tu_;K^Wo@Ki7%csiIEJQGX`o((1k&jnM0=Yy%i3&FJD#bA2yQZOTUIhYx|
z63hx-4Q2<g1#^PegExXVgSo+5!Mxz@V1DpUupoFhSQxw)EDGKa76<<hmINOJOM?%C
zWx+?m^5ElOMes?mGWaxD6?_(~4n7ao1YZPegD-=1!B@fh;Ok&R@J+BW_%_%Sd>3pE
zz7MtpKLlHYAA@bdPr>%!=U_+hORzKeHP{vW7VHjw5B3Cq1bc%&gMGnY!T#Xypiqh|
z2*WT6<1iJb!xG^EVac#mSP+&D%Y<daa$)(fLU>?UG0cRO!pdQl@Sw12cyL%PJS40h
z9vapNYlgML!@}C(;bEQdh_G&WWLPgeDy$zK9X1G$2`>y9hR24D!sEim;qhUU@Px2w
zcw*QrJSl7*o*cFaPYGLwr-rS<)56x_>0z7jjIeEZX4oz~D{LR09d-!M2|I@8hMmIm
z!p`z>e$hvluxr>*S_~gJ#Qnfz?r?nW7G4l`4=)URgcoJKXLxbgE4(D^otVN}4NdZ2
z=C4xx^`&8-@UpOPczM__ydvx$UKw5$UL9T&UMt`C3kOK9lMD>64+n)e{PQs=ys_x(
z8^W99<L2;|@Ye9QaB%pqqC;*E?~t$W4DZUykkEeIU356s?-vdY?+Nb>?+b^8_se(o
z80;bVdU$pw=QqfAb}RaY4}>G+Bloxc7uw$sh7W}ghmVAh%K0%e9EG><GNZ%C!ZG3F
z;n?tr?Dwz>%((E$aD4bwI3avmbfV;$a8meeI5~VSoDx1CP7PlOr-d(u)5Dj-8R5&}
z%<z?PR`_Z-TP9x%=Y+3^Z-j4#bHlg7dEwjP{P3M{LHKUCFnlju6uuuW4*wl42|oyz
zh98E@!jHn`;m6^M@RM+5_-VK*{487@ejcs~zX;ccUxw?#ufp}=*Wrfnn{Z?JZMZ4?
zF5Db`A8rYM2)BkmhTFoQ!tLSD;g0Z^aA){yxGVfE+#UWN?g{@0_lAFl`@+A%{o&tX
zVQ8Wt3Zp2Bqg0fR+M5#50a3}QR8$a^j><%3qjFLCs6upLR58j#m7>Z~mFS?TYIJZ^
zEjlEs9vvFhh-yZ)qQj!v(cw{@=!mFpbYxU7Ix4Ck9UV1@j)@vZ$3~5!<D$mV@lliL
zgs5qBV$>`;DQX^_9JPo}iCRXdMy;aLqSn#rQJd(DsBLs+)Gj(JY9E~)b%@T1I!5P4
zouc!i&e8c%m#AyhExI7;9$gsqh%SnHMi)oDqD!LQ(WOzJ=(4D9ba~V-x+3ZyT^U^!
zT^(H$T^kLEu8Rgn*GGe*8=@Pdo1&YeTcTT|+oHkIzoOftJEA+IyP_e{-O<qKp6K4_
zzGzr<e>6OLAQ}-p7(Em{96b^}8jXxbMa6s0=xB8GSTrVjJQ^E45sizUjK)V#MH8Z@
zqlwWo(WL0vXma#iG$ndIni{<jO^aTPrbjPDGoqKHnb9lJtmxHfcJx{_Cwe`4BYHEM
z8@(0Hi{6grNAE-nqIaW((R<ON=>2GM^zUd%^g*;V`Y>7+eH1N^K8{vIpF}I8Poq`Q
zXVL2D^Jq=<MYJ~hGFlgX6|IlHjy6Q!L>r@TqfOCw(dOv;XiM}%v^DxM+7|s3ZI6DA
zc0|8KJELEtUD0pR?&$YuPxME$H~KT$7yT9OkN%Dd<&IqthjA3gaVk#7CE^3(l5wfH
zATAx3iOa_2;_`8Y_`tYgoQW&NmE$V$L2=di;J8|RNL)QWG_DcXjBCY*#kJ$Z<2vyX
zaozaHxL$lzTt7ZKZV(?6H;j*s8^y=PjpO6vCh-Yz)A+==nY<<5NpbV|<hVtAO58F&
zHEtE37PpR1kK4p&#BJj<<96{`ar^k}xI=tS+%Y~k?i8OFcaG1GyTo1NZt(?i_xQrN
zM|@G-Grl<Pg*VufR=XrF{^%WF8uy7Wi~Gix$Nl0f;{NfK@m2BF@ip<a@qqZccwl^e
zJSe^)zA?TjzB#@nzBRrr9vuHGzCFGpzB9fn9unUj4~_4M?~U(^hsF2D!)5IUvd7cG
zbddXX#-MfVNA9Z;aqg>}=bF*F{d+|GVB9Z!D1JD8Bz`m=8IOub$B)Hh;>YD<Z2Uw#
zE`Bl|A3qgOh@Y0f(Q!}7p*V&4e<sHNCm*>La{u-zIfk4iKR*)}f3%nThm+z`a!>x*
zxSW|B;~dDH_T1;^;wka-@#J`_1RpQR$F%sxczXO&JR^QN`#tP`_hY6r`HFl$D}FVe
z9lsXa<C+t{9={R48P83e>$!9Kt=Ru4W#+~6{@J#-i`JhXzY{Nr-!1z7e|HQ2-_9+J
z--{Rhhi!U4UM#2P-?ES7e>@|XPwso18#CjX*@+JS?6Eh5*mCXhmpw&G;w5spy%hDo
zjrl+(mi~vW`=8Gr?AO@J+~2sS*xU1*+0RyUhJEyZUibfxhkh7qA1{z=p1mF}i~Wz>
zwf6t~b8f$|pK;!P6n`Z93m&1DG#_QR=!S54y!^jvm)xo!IeQ{JXSvTXoI*4Y|B(Ax
z|J4>?+IFp7o9!j`yv5)D?SArcVsDrGfYOh}s~Ne*+2hZh7ys@0|9ReCi|zW!+m+mL
zx}Tr<rx|nCvHX8)n=~i*Y_Ea2HS8X{BF;Sy{lESENxU+#)~E3*`Tnzbb)J40uZTaF
z?^np@72b8m>WX+x_RtH1TqoEq{UTl)e;Kcfzlzt#U&kA=tKtycBlt%7xFkMb9=rWd
zAK01|av8fbxYS{}&+g&udv_&#Z}*_wzrc4JWy`<K9&@fUpqsK=V$65(W;y-2e}_Zt
zpYMzI#Vzp<^7YoD(~rZo(~slC^HV>@#UG=h0@<cZ<XVh>h2wWmKOBGXuXCSsTmPRv
zYo~u(_Wb?npK}>2Zj`T!FMkOBU|VvZ*JQtfWe+O)YkT~2yd!(w{Nfy<oqnunw;20K
z(IR<YXs6%)i`*&6eg03UJo&G3)46jo_q{zwarqaYery9yXKq_?h&}!OK9INR@+DTa
z|5m^JFNtv<Hvf;Ex5sFY^Z)(+k5l2F{+)7~i?9FK#$V%I*~{p+c=tc2zj(_(jDL^!
z6kURU#CzpyyXOCN`bR|<2E}{+k468!cwL<9$?eOX=XP~t{*=S_WoPiOp!hrYRk7v1
zO8)!e)1CVYbNKUD_SD;RAK&kf|IS_$3uBWCQrhJo;=kSLA8r4)rycj?a~}orRq-F&
zez+8JTbKKsJ9l%RbN-(`|L1ueJNAFO587)18YoJAC=X5TwctbV@=vAGa+p1KtYFV&
zeE&aP{+KNOb4gqxmH&ag!=3||{69YZxh==`VtefM|A17<)QY&21gF0sRXSBhPGi|r
zIXNeC{g>PN@~H}mOW&^apHF}87<20+KjXZ^v12Ovk=x?j=j5UPci*j%Q+Hu-VD@y|
zy#P&AF_jT9rc$bMs*3FY2c<?uxvjOwS2dM?UH<W(t^S`b|KvQr!)0FlfxXS1`^Cn;
zvRlIs*ALOoK^Rs`{tLVQ!9|yIwY+l(TZ-GvLsHd64^7ob)lAhYn#8}<uK#eHKK-^2
zhbFh+|NHOIEQiVdY(HwJYX8%0IBwhzDgHP={4hQ|Wk2lnCCWXzZ{)P_Q-f9iyFWO7
zdubGJ$$x*YxGNN|h0|ZB==2|vIzmoAPMv%C<C!gE>Za@mCU82~WqM?)UdnFye|Ku#
z=?jBV^8Dwh2<K`3$5E;L?{K)C!=nfLmHk`WKL0w0YaRX_Qa^?NBSwmQ=jiNd$z2lm
zylYTo#}s|lu;{B}i@qv8r|nmb{y8LfN{>r5P92|Wk~$&PG<9OCS?VPD-hSYk-#FDg
zg~vi`<kaJH@oIJtw11ymbou3Ooj#0P6xk_7U$rdy>eQmI^4Ixa>^%dV9Ld*{WZSm8
zW81cE+qP{xcd>0J7xON*ZQF-jlCOI^eKWf|8|VIa_wCegx?a6{uIj30wFBpRU*q!y
z#?gVpM%JzOw}MCQU_9TxKKJ|kwNP##&tGkl7szXSnJ?5+{}JB4kgFki?cVR6**USO
z94%P?@%tQhR(AS}%jMeYMz(S^M_b-d-7e&91F0Nck)?gMRjy=@)5+V~eIYLp%s!WD
zU+5l@A1DA61PTF#fg(UrpcqgbC;^lNN&%&TGC*0N98eyp08|7j0hNI&Kvkd`P#vfN
z)C6h)wShW7U7#LNA7}tH1R4R2fhP7?-ZWr5Zx#wS2U-9vfmT3kpbgL#Xa}?hIshGk
zPC#d%3(ytl26P8{06l?TKyRQA&==?j^aln21A#%nU|<L^6c`2!2SxxRfl<I{U<~jB
z@FOr57zd2E_w5P5L|_sy8JO~~PE&zt!1RAqngRT~Qe^wY{|@h;d!5lOtQ}!z*@*RF
zslTk`*ZFPae@Ncv`s0`NWxjn0mtW_%iN}}N5T3`e#Jz$UI9IrEu%nM)I7f!xx9}Rg
zvUk=Tn7f?rb|x?jm<`MU<^uD8`M?5TA+QKo3@ibb0?UBqzzSd`unJfWtO3>nKLP82
z^}q&TBd`hB3~T|m0^5M?zz$$1@H6lWunX7?>;d)y`+)tx0pK8T2sjKJ0geL4faAak
z;3RMgI1QWu&I0Fv^S}k*B5(<~3|s-O0@r}+zzyIga0|E%+yU+a_kjDr1K=U>2zU%U
z0iFWSfakyq;3e=1_%(Ds`3?9T_yc$i{0Y1XEf4;{yy(RsDvydlR0N_T@b8L%bI$s4
zi{Wrb7$4_wD4erb_xEY^e>aso6TStU6kd1W?Dg^a&*65?vrdP+3ph9NWQ3O;yzKD5
z3%#D;@%i)M9AU8zzn>#46qYiu<oV{Fv4`dImjXGyCp^f0mND>5*zw6ZpAAed#;FOL
zoa;qyi+ayKIoHkHyLZ9PPyOEce1TWHJvgx5eImf!4i523j<tiL`@libKPLa%#O!1D
zXupjXS4yDwULSF4oS1(LJwt6NejVRJ;<u9Fx5^KFoow%FnAeM)7`m{h!6|t-w`Pca
zovm%?oo9!}yBFp3ykLFpYwUC6`}v(x#Gk+Z+d`hEFOll;I(e{|+<QM72A-3ADg1f%
zIW6b5sAHQmCVd|N*HF9tDD24S^PRS@-8t9qoNd_T_BMCx)Ob(4c)8<2+mDWK!Q$_5
zdOvqu_O{;m?3NuGPn-MPjrTl{gKZmqjD5w|duGSYU1~q<Y59J+7qi15(ZJ|n3@`))
zKoEpL7(_r6blM98@zDHh+OBf6t04sF=^{Z2q(KH`K@Q|W0Te+Ad>6@aO0f8Q(ROq1
zx_DsjMAsjA2MVlpVTaotzk=QU{B&>qv%0%yILA8P9iHIVw?AF>=TTk_9c#VO*2&$7
zzXKv3yLmDEJPnak2kvcN9K7~+au?@3_2c|J?KOkm-*ahPUBTKvaw|Sw<A3wU-B)E$
z0aZ`~bvqfL30k15-P^_lV}Y^3IAB~b9vB}?044+zfr-H+U{Wv{m>f(2rUX-gslha0
zS}+}$9?Sq{1T%q|!7N}_FdLX1%mL;EbAh?RJYZfhADAC302TxbfrUeL6akBZ#Xx@~
zT*%Yw<!&#o8Pdz{(Oz<Je)zCm7nr;lIQK97$-T36`29UDPrA=n94rBr1WSRX!7^Z3
zupC$(tN>O7D}j~4DqvNx8dx2y0oDX-fwjRpU|p~tSRZTvHUt}ijlm{hQ?MD>9Bcu$
z1Y3cv!8Tx9upQVQ>;QHIJAs|SE?`%%8`vG}0rmuYfxW>#U|+Bw*dH7K4g?2*gTW!-
zP;eMH92^0T1V@3R!7<<u;E&)~a2z-uoB&P)CxMf}Dd1Fa8aN%C0nP+xfwRFm;9PJX
zI3HX9E(8~Wi@_z}Qg9i#99#je1XqEp!8PDo@F#E`xE|a9ZUi@ho53yMR&X1*9ozx#
z1b+s90e6AB!9Cz!a38oIJOCa94}pilBj8c+7<e2!0iFa;fv3SU;92k-cpkg}UIZ_J
zm%%IGRqz^k9lQbF1aE=2!8_nx@E&*{d;mTKAAyg-C*V`?8TcH00loxZfxm*kfxm-)
zfUm(n!8hPr@Ez!bqCwH27?AVu2?#+D3?UE-VGs@xklU7SD|=ga>>3iCgq*jlJnYx!
zZK4mg-$`g2owBtK4jm!eMyDYLVj&LVApsI036dcNQXvh}Ap<fY3yKNFf?`8)ptw*x
zC_a<`N(d!_5<^L#q);*_Ig|oQ38jKkLusJ2P&z0*lmW^JWr8w8S)i;?HYhuk1Ih{I
zf^tK7puA8%C_hvHDhL&V3PVMpqEIoYI8*{E36+9MLuH_{P&uePQ~|08Re~x*RiLU+
zHK;mN1F8wtf@(u`pt?{!s6NyHY6vxg8beK>rcg7eIn)Ab3AKV+Lv5h8P&=qS)B)-U
zb%HuWU7)T|H>f+*1L_I&f_g)JpuSK)s6R9S8VC)7217%jq0lgBI5Ywp35|kALt~&H
zpdX>J&^Ty3Gy$3jO@byvQ=qBPG-x_B1DXlVf@VW=pt;aIXg;(6S_mzI7DG#*rO+~H
zIkW;=39W)wLu;V5&`;1hXg#z6+6ZleHbYyWt<W}TJG2AZ3H=QH0_}o!LwlgT&^~BC
zbO1UC9fA%+N1&t7G3YpS0y+tuf=)wcptI09=sa`*x(Ho@E<;zKtI##*I&=fN3EhHj
zLwBIN&^_or^Z<GYJ%S!XPoSsJGw3<=0(uF(f_{a5gMNqpfL=p?LT{kA&^yQnM}woo
zG2jpwfI%37VHkl?7=v+`fJvBwX_$don1gv(fJIn>Wmth#Sc7%gfKAwfW5TiE*l-*;
zE*uYbMveGz0yrU@2u=(q2`wjulflX16mUv76`UGQ1E+=4!Rg@)a7H*2oEgpnXN9xD
z+2I^;PB<5w8_omgh4aDr;R0|$xDZ?zE&>;Yi^0X=5^zblRH(eta2dEPTn;V|R|qXv
zge$?7;VN)dxEfp?u3_V9+W%Vizqb9a1J{M?!S&$=a6`Be+!$^GH-($Q&EXbsOSl!>
z8g2u(h1<dH;SO*|xD(tN?gDp(yTRSz9&k^%m(B0<^@jVvec^s^e|P{q5FP{%hKImI
z;bHJ_cmzBW9tDqv$G|_pKf+_-aqxI}0z46(1W$&iz*FIA@N{?vJQJP;&xYr~bK!aL
ze0Tx85MBf?hL^xg;bri0cm=!?UInj)*T8FSZ9l>5;PvnZcq6<C-VASnx5C@t?eGqG
zC;T(~i(S79-VN`8_rm+&{qO<!Abbcu3?G4y!pGp_p|+lYPr|3*)9@MitX)0_pNB8N
z7vW3rW%vqw6}|>vhi||);al)+_zrv*z6aljAB6Hfgdf3=ZRiR76n+LjhhM-i;aBjl
z@NYKmclZzZ^<U}F_mB^K1HXme!9HYgNHqKJCd3yViGhS5fW7r{?}`D4KnRT3B?Lt<
z1V;#jL@1=F{VtJ{XoRurScJ2;rR=xg5g%_u0+P~xgWr`PBF;5636T-SkrE~qu}dzU
z8m{g&Y%f#bC7*`qh=G{MUl_Z_LSiCLJI6v|BXN+pNIWDyk^o7FBtjA+Nsy#SG9)>Y
z0!fLaLQ*4XkhDlTBt4P=$%te^G9y`R&a6l_Bs-D=$%*7bawB<=yhuJIKT-fG7%J6y
zf+=h&goG`ByyRFH`Og{ko!Q+R{oR?~DLHQ{I?01vDrfF+Aph|}<g%Tb!blOMC{he5
z<|~erKuX$qDWo(~1}Te_L&_r+kcvnpq%u;)##cqE+1nz%>PQWwCQ=KjZI_Dq>L7KI
zdNx$w{x`7y4efs;q%qP2X^NEfHA9*sEs&N-E2K5j25F15L)s%9Y>JLZC!{md1?h@(
zL!7tHoYWoZf%HUrA-(PTBB4*K_CZF+=!^72`Xd97fyf|aFfs%giVQ=BBO{QJ$S7nq
zG6wkp`4Jh5j6=pF6Of6>BxEu&1(}LWL#87$keSFVWHvGfnTyOr<|7M`g~%dgF|q_%
ziY!BxBP)=V$STCWM!FhV^B#H&thM!fS0(Iy*0yh*{a=riu-9{N(*|T?D2+qsS{k@@
zXxy{$O@C3j<<Hx0Mz$bZk!`k&?e>4iSIKhhj4bU$b|OC`zr1gUUC3^`ya(B9Z(WX^
z2x+fjQN-uac^C(FN^ZUr*@x^$4j>2L*E{$_$YGn}2y!%((&KdaUA|-Q@jH>@Hgp0x
ziJY?Y)5sa*?E9K?0n$8u;eFVNoJTGo7j4Q*$mPEzy0%?Gt|Hfv>&Ok{CUOh8jod-*
zBKMH{$OGgd@(6j1JPD<LiabM}BQKDb$SdSm<TvDZ<d64qTw8Y{uaQ6hvc$DMycKV3
z4v+dR^3E>#&}e9MGzJ=iI<^2Ph(ahF3WtqEV9Ar}#ndk|VvU~$K~WS#@%OS_Jb{uZ
zh0>^Jlb<>w6uwV7qp<T2j}I&}D1&-sN1_Kic?lnja(~qZ))b5Iyj#R`^1ln??YCj=
zbM23ab1|c1_-nit`Sje+`#F#|l0@VQ)Eu_fX&ooIW0jlx+snm<<@k1`56?BhYJ=+z
zMj0H(qXH_T5-Ot#s-haIqXufC78(<cg~mqXpmEW7XnZsQnh;HdCPtH>Nzr6zax?{+
z5>17sM$@2a(R65fGy|Fu&4gw~v!GegY-n~g2bvSjh2}={pn1`JXnwQ+S`aOS7DkJp
zMbTntakK<l5-o+6M$4dO(Q;^cv;tZYt%O!atDsfUYG`$|23ixXh1N#vpmouDXnnK+
z+7NAoHb$GEP0?m(bF>B85^aUHM%$om(ROHiv;*1^?SytlyP#dsZfJM32ig<uh4x1K
zpncJPXn%A7IuIR%4n~KdL(yUAaC8JZ5*>w(M#rE(pg*Ex(Q)W_bOJgNorF$Cr=U|&
z?@rIh^WgE1!hTHz{6_#`rIfH|zpxl*yo`toPxCFy?zk}xorX@gQ<3*aG~TG-<`K8W
zeEtz7V(quYc%xVN{L6Gqdp`<B#_f%gZhf#gyES3y!b*!+=h!~uBbrNui)gU;21*Wu
z!|IP%3Qz0G_G4YhU-o=-{CD7pwm5kA?~jo;H+i{R<DY5#l&;jkazxmb;+N&f@yl{7
z3X2IV!5;(f_$65W@zF4H3U?3iTjba8x7m;LL%}!#YyC%gj>YZ~wYv>GHuR3${IkA`
zam!w9FrWP#!J)tFh$~9ZKQjWsd&RfMIy26<m-?+F2HSHY!#O&=J<iF)mI7<s+OReT
z?$r?`xfqYbFUuPjiiDn<IhOh5_$~0{dHjL7UzW@1$Ox<tgdN(MVa_N6xjoqLx5MjN
z;fGu*zf`B}FL}Iym`{PjOY!pr*0{R8xHvRBky+?$bj~N85qsR9m%CcR@_1f`#ePl6
z@9$i6p4~!j*)P#w@8Z02FiIEapNrf%)L;G(<j%$)qVVcG3qGDZ9D!7>1poZ$hdkMz
zlRIaRpF<yv_Uk1Clls5I&9{%S7N85!Md)I53Az+rhAu}}pexZ;=xTHgx)%KjU5Bnm
zH=rBQP3UHH3%V8EhHgi9pgYl@(O=MA=x%fmx)<Gt?ne)x2hl_5Ve|-k6g`F>M^B(9
z(NpMY^bC3yJ%^r0FQ6CEOXy|v3VId2hF(W+pf}N5=xy{4dKbNi-bWvx579^HWAq97
z6n%z1M_-^X(O2lN=x^xn=pX27^iT8+`WAhM`mktNbSwrIf&mzaK^Tl77>Z#Sju9A%
zQ5cOe7>jWjj|rHFNtlc&n2Kqbjv1JVSy)Ug78V<egT=+-Vezp9SVAljmKaNdCB>3q
z$*~kzN-PzY8cTzv#nNHvu?$#7EEAR)%YtRavSHb=99T{)7nU2#gXP8YVfnEFSV621
zRv0US6~&5S#jz4tNvsrB8Y_d9#mZsju?kp4tP)lktAbU<s$tc!8dy!N7FHXpgVn|A
zVfC>FSVOE4));GoHN~1?&9N3(ORN>v8f$~K#oA%*u?|>AtP|E5>w<N~x?$b19#~JT
z7uFl=gZ0JwVg0cI*g$L$HW(X%4aJ6Gf&FMWHUb-ojl$f!2BWbt0gHfm_f{alfquY#
z#KvOdu<_UgY$7%Zn~Y7tref2u>DUZxCN>M3jm^R4V)L;1*aB=Jwg_8{Ey0#z%dq9x
z3T!2|3R{h>!Pa6wVe7E<wvG(}dNzi_{wEOr9w_WpqD|O`-<5S%A^4mWR=QIP%l-G4
zz57C6nmc{Kxg+P^mGes8T{^F?c)9z8u(S2(ojm-Jl1Gi$tI+ykKjhp^^hyo{guAQf
z)j7G-tKD*VErTO{COl#*MUL5weSY%!Jf1CI!0qw=o%z;){W5GUwqe_`9oSCnXY3bj
z7q%PQgYCukVf(QI*g@<Nb{IQ?9mS4e$FURGN$eDM8asoX#m-^pu?yHm>=JevyMkTC
zu3^`)8`w?k7IquEgWbjMVfV2I*hB0Q_85DDJ;k13&#@QSOY9Z)EA|`qJN5_m8v7G_
zgT2MxVLm(>9vzQ?hu{DX;t&qw2#(?yj^hMQ;uKEf49?;l&f@|u;u0?73a;WBuHy!7
z;uangkA=s^<KS`eczAp~0iF;~geS(6;7Rdhcyc@io)S-mr^eIZY4LP;dOQQ35zmBY
z#<SpA@oac@JO`c=&xPm4^Wb^$e0YAm0A3I;gcrt(;6?FbcyYW0UJ@^bm&VKBW$|)&
zdAtH%5wC<-#;f2}@oIQ=yarwquZ7pf>)>_qdU$=j0p1XAgg3^U;7##ncyqi3-V$$x
zx5nGxZSi(^d%OeQ5$}X|#=GEM@oso`ya(PB?}hiq``~@?et3U;06q{Ogb&7t;6w3Y
z_;7p#J`x{=kH*K~Kj1&&VO#FgN|E(4k9#aWE;Mb%#^V$4iTEUZa)iGlBRqZzJ{6y4
zr_I<zn=5RhprIjcq7Mm~j!(yD;N$;FGi~Zw_-uTRjhTSYwM))@)(JN3rg?us^YI1v
zLVOXv7+-=f#h2mB@fG+=d=<VLUxTm3f5O+{>+ucvMtl>#8Q+3$wfVN;+wmRvPW)&5
zm%pS;z<1%h@jdund>_6aKY$;^58;RLBluDL7=9c-5kTiz5P5zwl-h~fDf~2k20x3R
z!_VUv@F@XOF8&2y!Y|`j@T>SW{5pOEzlq<%Z{v6HyZAl)KK=lIh(E#~<4^FX_%r-D
z{sMn#^S#1<#ec(p$N#`z|0QJt{wMwhe~Z7fhrVb;bRq^3LI4CvKm<%61WH71tyhB)
zI6)AkO-Y4P(*#4X1V@asTYx77LiAo^3eyfA_qWJ>K8cVCg-{8N&<TSu35$qH#3Eu7
zafrA?JR&}kfJjIrA`%lxh@?a^A~}(QNJ*q3QWI&2v_v{0J&}RPNMs^16IqC?L^dKj
zk%P!d<RWqtd5FA3J|aI+fG9{5A_@~lh@wO>qBv24C`pteN)u&>vP3zeJW+wDNK_&!
z6IF<+L^Yy1QG=*S)FNsVb%?q|J)%C*fM`fGA{rA-h^9m{qB+rmXi2mpS`%%Ewsv&d
z5$%ZfL<gcH(TV6xbRoJD-H7f)527d0i|9@C`Ghw3a1<lkKR*}m^vqzt4{M)*_a*uf
z{fPm@Kw=Ovm>5C~C592hi4nv|ViYl&7(@I({78%?#u4L*3B*KV5;2*WLQEy55z~no
z#7sLrvxwQm9AYjpkC;y^AQlpfh{ePbVkxnVSWc`URuZd-)x;WNE%6hvj#y7@AT|=4
zh|R<nVk@zY*iP&qb`n1mzYx2K-NYVZFR_mZ|EBhS;s9}wI7A#Kju1zQW5jXd1aXo$
zMVuzi5NC;V#ChTZagn%0Tqdp%SBY!Hb>aqblek6PChib-iF?F-;sNoHctkuVo)Axo
zXT)>j1@V%2Mf^(qM*MEK?H|Nz;!olY@s@Z;_{eBvbTS4RLINa6LL^KgBuZi=P7)+Z
zQY1|>BujE6PYR?+N~BCGq)KX}P8y_1T4YQz78#q2L&hcJk@3j{WI{3#nV3vMCMA=R
z$;lLCN-`ChnoL8cCDW1V$qZyhG837Z%tB@*vys`!9Ar*17nz&PL*^y(k@?92WI?hJ
zS(q$B7A1?3#mN$6NwO4Knk++>CCicJ$qHmevJzRDtU^{LtC7{o8e~nf7FnCDL)Inh
zk@d+2WJ9tM*_doXHYJ;p&B+#IOR^Q&nruV1CEJnh$qr;kvJ=^v>_T=WyOG_=9%N6l
z7ulQaL-r;6k^RX5<Un!|IhY(m4kd??!^sikNOBZ8njAy^K>kRMCC8ED$qD2{auPY2
zoI*||r;*di8RSfI7CD=oL(V1Vk@Lv~<U(>0xtLr+E+v<d%gGhwN^%vsnp{J!C4VB<
zk?Y9~<VJE6xtZKTZY8&o+sPf|PV#5+7jhT5o7_Y0CHIm0$php;@(_8LJVG8NkCDg8
z6XZ$q6nUCFL!Kqik>|+^<VErld6~RIUL~)Q*U1~?P4X6bo4iBbCGU~<$p_>^@)7x%
zd_q1YpOMeW7vxLw75OXq8~Ho=2l<-(lYB$ICEt-gDjF4?ia~`?00mMI1ycxxQW#|q
zo)k$@6iqP{OK}uW36w}lluRj<N@<i%8I(y`R7@%s6`P7f#iim=@u>t<LMjoJm`Xw=
zrIJy}sT5R7DixKQN<*ck(oyND3{*xc6P20DLS?10QQ4^+R8A@vm7B^#<)!jb`Kba_
zL8=f{m?}aQrHWC-sS;F4suWe4Dnpf}%2DO13RFd^5>=V1LRF=zQPrs$R86WDRhz0q
z)urlD^{EC_L#h$gm}){brJ7OAsTNdAsuk6mYD2Z9+EMMP4pc{~6ZNt2A*wzq0#On8
zeh~<~YV*H<KixCum^~^*Md1HS1l*(P&pi(RI{Ju5@L{hnetjwY`)`p+Ec^b-U1aqh
zKC<`oB6<=W)0yf*b)~vd-Kic_PpTKyo9aXLrTS6*sR7hLY7jM;8bS@FhEc<*5!6U(
z6g8R}L;XPgNR6e&QRArz)I@3$HJO@1O{Jz$)2SKMOllT2o0>z-rRGu28VT+*@<_mY
zxc)1p&h^Rp)B<WDwTN0wEuofD%c$kl3Th>_ids#rq1IAAQR}Gn)COuJwTaqHZK1YO
z+o<i-4r(X$GxZDQNb=(FPsrV8*~4xf8w1}l4Bra=FM)ju6#naE&R51#_;yjdsXf$Q
zY9F<qIzSzy4pE1xBh*pq7<HUFL7k*dQKzXh)LH5rb)LFFU8F8im#Hh%Rq7gbow`BY
zq;65SsXNqN>K=8UdO$s-9#M~}C)88w8TFicLA|72QNL2ZQNL4vP_L;!sW;SH>K)~y
zqtVgn7<32?&>#)bFpbbCjnOzw&?HUKG|kW~&Cxt9&>}6-GOf@mt<gGd&?arsG3i)z
zY&s4dmySorrxVZ#=|ps5Itg7SdQv(mos3RSr=U~Pm7}GiQ`2eav~)T;J)MEhNN1um
z(^=@ObT&FWorBIv=c04ddFZ@!J~}^LfG$WEq6^bS=%REnx;R~eE=iZ7OVefOvUEAR
zJY9jVNLQjO(^crIbTzs<U4yPk*P?6Fb?CZuJ-R;KfNn@Pq8rmqXn!j;rJLEM=Jvk@
z-I8uax2D?!)cWZ@1hu8x(e3FDbVu8tPIPCwi=781Z`}+3-4G8GNcAE3@Lz8pd&e-|
z>eYeg^Uf16nEge}z~6_Ye#<)Vo<g8*2X-v~mU<$S<>>iPa^4sZZ=18<1{+@k>HMQv
z<WQhZ?pWY_{lUTR3o1X5{&Qge``+%`M~<$~;dj?y@k{Zb!$H>`a-vW(<jdDDb))F&
z_}+cMc{AU88{c~u-p$>0kpf3(KkTds{h{^`8{d6FzjP9e-`^(T?^pV3z8vye&B;Bl
zy*#kzy0EJ!;&|imIuya|cko`6K4xdwm4)1A@SJshoi#%~#``Vmog)Ni&vf6$cObu1
zx8z_Pk3Q$;$Z*#$@JkDX+`i^S-R&dJQJ?okk??u~`JB3smBaD}QoHM@2V#7_u5>rL
zJKclsN%x|A(|zc^bU(U3J%Aoa526RtL+GLOFnTyWf*whaqDRwX=pX1G>9O=UdOSUW
zo=8ukC(~2tsq{2@Iz5A)NzbBZ({t##_6$9bo=-2J7t)L9#q<(-DZPwdPOqR>(yQpz
zv~x`2{npTH>7VFz^m=*&y^-ETZ>G1<Tj_1|c6tZBlm40hh2BN)ruWc$>3#Hm`T%{9
zK13g;kI+ZyWAt(Q1bvb|MW3e6&}Zp$^m+OMeUZLIU#73nSLti?b@~Q<lfFgYrti>q
z>3j5j`T_lrendZ}pU_X~XY_OW1^tqKMgL0wM*mL#LBFQ|q~FkQ>36h`iN-`{VlW|0
zV6?s*cK0v;wx-?k?hG8+{^P|5VC;ohz92>M1&>-(T%zI<JOaV7QT-(<F2N%Z92?bN
zqT&)f0>QCS{Us_c!6OhH8`WQ;;u1Up!Ld>O<=-8b;MPZujcV`UvGLBQ!{^gK>+3`w
z_xJyXkf+IB{x2&1KaPOC{9jc1e;fhCew7nraE4$=hGOiSrVPWd49D<{z=({*$c)0M
zjK=7U!I+H2#AISIv6(nbTqYh9pGm+ZWD+rnnIue7CK;2QNx`IKQZcESG)!719h08P
zz+_}HF`1bxOjafvlby-I<YaO&xtTmnUM3%tpDDl;WC}5bnIcS4rWjM4DZ!LvN-?FG
zGE7;f98;dDz*J-^F_oDrOjV{DQ=O^7)MRQgwV67$J$0FSOns&S(~xPzG-jGGO_^p)
zbEXB;l4-@XX4)`qnRZNjrUTQF>BMwqx-eatZcKNk2h)@3#q?(SFnyVROn+toGmsg?
z3}%KfLz!XBaApKEk{QK}X2vi-Fh4S5nQ_c`W&$&jnZ!(HrZ7{PY0PwH1~ZeH#mr{r
zFmsuCwvPGC0%jqzh*``mVU{w>Y^#<tE0~qcDrPmahFQz}#H?f1GaHzV%qC_tvxV8p
zY-6@FJD8oe7e6z<FuR!D%pPVhvya)&9AFMIhnU065#}g!j5*GnU`{fpnA6M|<}7oL
zInP{RE;5&FpD#04n5)b+<~nnOxyjsOZZmh7yUac2KJ$Qi$UI^mGf$YO%roXW^MZNF
zykdT3eq(-T{$O4+e=={Fx6C`n$3|nLvoY8Z7GOaZVqq3xQ5IuymS9PiVrkZS(uc9P
zY$(LBJS(swE3q=Guqvyux{WvNzZqI@u`xsQ33x0vHXDbH%f@5lvkBOQY$7%>n}kiu
zCS#McDcF>3DmFEnhE2<+W7D%4*o<r@HZz-r&B|tDv$HwaoNO*OH=Bpe%jRSAvjy0K
zY$3KVTZApj7GtL{#n}>UNwySQnk{3evTQlFJX?XS$W~%2vsGA&t;$wotFtxOnrtoB
znd54+b=bOWJ+?mEfNjV&vTbP0Hes8x4BL!t&bDA%vaQ(GY#X*M+m3C|c3?Z&Hg&SC
z>dbawyRzNb?kvluVtTMW*<Nf1yJdQ_eQYcH+IIG1`?CY=m<(hGv4hzm>`*&8!`R{M
z2zDepiXClRJBIziw)jWe+Oh07c04<QooHJ-i8a~Dw#{{!DYo5HZM&zj)7cs9Om>!S
zy~@tEJ(y$rFqfs7dF*_40lSc0#4cu+uuIux>~eNRs9)av{k8c@b``stUBj+re`41~
zDtSG-f!)Y%VmAj+Y+<*u+t}^w4t6K|Gy4m>i`~ucVfV88*!}DQ_8@zRJ<J|qkFv+u
z<Ln9cBzuZIZF8St&$8#(^Xvs1zG(k1v6t=b751vVy~bW=Z?HGnTkLK24ttlq$KGcj
zun*Zs>|^!``;>jgK4)LBFWFb@uk3H^@9ZD!YxYm}4f~dT$NIQvTy!o57s3G?$Uz*;
zAsotK9L^CO$x$55F&xWr9M1`y$Vr^cDV)k_oX#1X$yr=XE*2M?i^Ij`;&Ji01YANc
z5to=t!X@RBaml$9TuLq#mzqn%rRCCb>A4JCMlKVVnajdu<+5?vxg1<hE*F=Z%fsd6
z@^SgO0$f3^5LcKh!WHF;afd=amOj>s#kmq(Nv;%Enk&PV<;rp8xe8oGt`b+7tHM>~
zs&Uo18eC1T7FV0A!`0>LarL<dTtluA*O+U<HRYOd&AAp_ORg2ynrp+g<=S!Wxei=M
zt`pap>%w*Ay4kqyTo0}%*Nf}T_2K$*{kZ<z0B#^Rh#Sle;f8X<xZ&IgZX`E~8_kX3
ze&BxO#&YAh@!SM%A~%Vf%uV5@a?`l!+zf6eH;bFi&Ee*9^SJrk0&XF<h+E7p;g)jC
zxaHgmZY8&hTg|QE)^a~_>$vsY25uv_iQCL=;kI(yxb55yZYTFM_Y1d++s*Ca_Hz5U
z{oDcWAa{s6%pKv5a>uyi+zIX^cZxgBo#D=M=eYCS1@0nuiMz~Q;jY@gUE{8EH@KVJ
zE$%jVhr7$&<L+}0xQE;$?lJd-d&)iIo^vm_m)tAvSME3NckU1FHTNg?hI`As<9vKH
zJ~|(R58(kG<RKpB5gz3+9_I<3<SCx!8J^`ip63N#<RxC_6<*~vUgr(o<SjlXAB&I8
z$Km7h@%Z?B0zM(1h)>KX;gj;o_~d*FJ|&-uPtB*{)AH%~^n3<BBcF-S%xB@V^4a+8
zd=5S*pNr4U=i&46`S|>N0lpw#h%d|+;fwOc_~LvCz9e6YFU^<X%kt&;@_YrpB43HG
z%va&7^40k2d=0)PUyHBJ*Wv5(_4xXH1HK{Oh;Pg{;hXZ!_~v{Iz9rv^Z_T&i+w$%B
z_IwAvBj1Vd%y;3t^4<9Ed=I`S-;3|f_u>2U{rLX;0Dd4ph#$-k;fM0W_~HBrek4DN
zAI*>9f8c-Q$MWO&@%#jSB0q_r%unH`^3(X~{0x33KZ~Eu&*A6t^Z5Dv0)8RCh+oVv
z;g|Bu_~rZxekH$(U(K)K*YZE{K$x{7y=R94^L6}segnUe-^6d`xA0r}ZTxnA2fvg5
zng4~~#qZ|#@O$}v{C@rbe~>@KALftnNBLv?asC8<l0U_t=FjkF`E&ev{sMoIzr<hW
zukcs-Yy5To27i;k#oy-d@OSxp{C)lb|B!#gKjxqCPx)v3bN&VYl7Gej$~$}JZ~X84
zAN*_nPyP-6mVd|lglIx^A%+kl00JmL0xTc`DqsRG5CSPs0xd8CD{ulY2!bd`f-ES4
zDrkZ(7=kHSLQEl+5L<{N#1-NR@r49JLLrfmSV$ry6_N>IM*`>l$gle)7g7i*g;YXn
zA&rn$NGGHhG6)%kOhRVCjk5ctr^vTigseg~A-j-6$SLF!atnEcykTq%`_z%Q>ad$T
zb@_z+LII(moeBwsg(5;xp_ouyC?S*-N(rTfGD2CQoKRk<AXF5b_fRVdm4zzrQ&qu9
z)r9Io4O?SPp_Wivs3X)B>IwCQ20}xjk<eIZA~Y463C)ETLQA2Q(AuVJBeWIT3GM%~
zv4hZ2=p@V!>1<=V2wjD4LU*Bu&{OCo^cMOEeT9BPe_?<yP#7c(7KR8zg<-;QVT3SJ
z7$uAr#t1(MKMG@oal&|Ef-q5-Buo~j2vdb=!gOJVFjJT%%ogSdbA@@rd|`pGP*@}^
z7M2K0g=NBWVTG_#SS73$)(C5bpM-V7dSQdGQP?DG7Pbgmg>AxiVTZ6&_*wWx*d^>1
z_6U20eZqd>fN)SaBpeow2uFou!g1k*a8fuWoEFXqXN7aZdEtU^QMe>r7On_ag=@lf
z;f8QixFy^c?g)2<d%}I;f$&gxBs><L2v3D)!gJw;@KSgs{3`q={4V?<ycYfx-Ux4n
zcY;rhCWiJa`%4tj#Ta6U2#BBviLi)>sECQUNQk6JiL}UwtjLMHD2SpciL$7Os;G&&
zXo#k0i7~}kVr(&v7*~uZ#upQa3B^QWVlj!BR7@r&7gLBS#Z+QyF^!m3OedxnGl&_*
zOk!p+i<ni+CT16Nh&jbvVs0^ym{-gv<`)Zy1;s*QVX=r<R4gVI7fXmG#ZqEvv5Z(&
zEGL#1D~J`vN@8WPida>wCRP_~h&9DpVr{XGSXZnk))yOy4aG)cW3h?YRBR?T7h8xe
z#a3c#v5nYPY$vuCJBS^{PGV=Vi`Z4{CUzHlh&{z#VsEjJ*jMZ)_7?|;1I0n&U~z~z
zR2(J_7e|OA#ZlsDag6wb_@g*h94C$!Cx{cpN#bO2ia1rACQcV;h%?1m;%sq_I9Hq}
z&KDPm3&lm^VsVMMR9q%57gvZY#Z}^JagDfE{7GCVt`|3m8^ulHW^s$S)olacHgUVS
zL)<C;EdCOT*(L54_lSGNed7Mm@&WOnct|`f9ubd*mXC?Y#S`y&Pl~6+)8ZNNtawg5
zZ{seA7sX5BW$}u5RlN3|ChQ1uU38MO_dCDHo;iuUCNd5O|EXLq-N&duWS^@o)P=9w
ze8`*sZk<15HSP5`{A;8HKCSz0VOL|sHSlhTe^>I>b__ha2o5`x?rPN^TJg#C=<8=_
ze_I5DB1Y_6Vf^3V3#Rw~3+~JJaW_I=&i|>LA8v`Z(Qk@hl02!OYDHvp-YDV8^XHLq
zgvUqxLhajtFU^Lh{+hD?SoQO*45rt43ON}5OK_e=;dyI@_}}O8Xuf5BOS~=K5$}rk
z#QWj{@uB!gd@Mc@pNh}K=i&?TrT9wxRs2o-UHn6QE&eIK5#NgMM4uE*iY~>FLL@)}
zB}jrLL_#G@!X-i?B}$?tMq(vS;w3>6B}tMcMN%bA(j`MOB}<Aa#gbx6aiq9XJSo1E
zKuRbjk`hZvq@+?ZDY=wFN-3q1QcG#1v{E`Ld_4Y1Wv3lJ_Iz!6DT9<z$|Pl$vPfB_
zY*Kb9hm=#wCFPd#NO`4vQhup`R8T4;6_$!fMWtd=ajAq<QYs~tmdZ$FrE*evse)8d
zsw8=BURkOlRh6nq)ukFzO{tbtTdE_~mFh|Lr3O+%sgcxJY9ck2nn}&27E(*8mDE~l
zBej*<N$sT$Qb(zi)LH5xb(OmL<%M|@=<B2F+3Dq9FY(hPc>2QTHAA{fJ*1veFR8cG
zN9rr}lln^oq=B~ggQUUI5NW71Od2kYkVZ<Qq|wqC=?CdYX{<EPt{*Q=kS0o#q{-40
zX{ueGCQY}uGo+c)ENQkhN17|mljchcq=nKV8^2guA}y7cNz0`b(n@KSv|3stt(AU~
z)=BH74R-xTX_K^B+9GY0wn^LV@(yXIz5OTrJ}tW6iYlVVpCdUUcf>P@U^E}X{Ve?=
z?UHs&d!)T~i|mv3O9!Nb(jn=vbVNET9g~hrC!~|oDe1IyMmj5<lg>*Qq>Iue>9TZ1
zx+-0hu1hzho6;@mwsc3jE8UasOAn-n(j)1y^hA0pJ(Hf>QeQ|frB~9g(r?o5(jU@m
z>Cb;i+dFZY7UEBCIV{d!`}L43*=>z!p>Owmo=l%_a>yGgZ2CM2Z>6_i#UEaq>x+LI
z);6c)ulqhwc#DFU10(O);kPq5eQ>Ow%kv8f(|>|<Ma23eF*(9JkN&#92a0Ij_r-W#
zIk9v!1;#WO?9d0pe=FRy_umM1zl7{r=akw;cfOhJMZ+5vyxhZoPVPu|zE0;q^E@5I
zf4>b5G&v-E3S0j<`oq#X5u6+_`h~6ic*$*nu-1HjDZHMyp}itJ_EXBvJBFTqfA0tz
zJ+I!Me~RR9MdNDq-o$qE&ynr$`#p1^PviId`z8E-ZU^!r8W!s>h1KB4|1+Uai{IZ#
z_4mf<o#d0F$<gH)a)=DbpbW{djL4{r$+%3&q)f@Q%*d?F$-FGcqAba>tjMaY$+~RF
zrfkVE<ydlTIgT7xjwi>L6UYhWL~>#|iJVkUCMTCu$SLJia^yaxmea^-<#cj-IfI;0
z&Ln4+v&dQHY;txvhn!Q+CFhp&$a&>_a(=mhTu?3~7nY02Mdf00ak+$CQZ6NzmdnUx
z<#KX)xq@6#t|V8MtH@R5YI1eChFnvwCD)eg$aTZ%5A31yL%vP&uC0XkbVEqQ6rLuk
z92J2tjX*v5Ytq*o%|t#XI!8GTqEGzm4ChOI`#bm|_u^wUfuo2AyJvNQc7M+3;yg9r
zjw4R)JxfqucGIj7F9pi~82m9WoO(x>^Z(e){xMy_>OV!lOXJ1R&4bAbhWm8+4rN3M
z&PoyAd-apRYdnFggM^1qhptxPt?c2yE9u?2`&b_ATCBUKk)tWtDjUwKJD=-+1G%Bx
zNNy|#dgZ`P0x(Vgf}J%P!mj*sI;5HG_}Dyj>p&4#{&Cu=dFZSiUdzYJVcR%ZOadv~
z{q5sYKaHY=?6s-mb4$6EU2ZM6kxz%NMiI;wueB>jbK(@SjXq89$EdD`_N<7~-Lu~B
z-~Yq*0xw2R&wFRDLSr9z+FLIY`$DdU_DW|BkI2?%a_&31^gf?=2kv8eV5|G#k44U@
zk9d{!<6MCryL-Sp!12rT(#eDOd%tae2Nc#5$5X$zekd%JR|;P5AGaL)J=*V+J3Yva
zuD?%ReZTUH8@*urTwq+?@y}UnDZGWA^<EynKC*InNp3k1>+@Z;`*`JOZDn`%aeZ*~
zw6ifz-d^q?zYDz!9Cn}W7;q-z*YEH<T;4f|n>(05oLi3ChK+zfir*WG*i*f}=gq=S
zpKz0ZlnB;;om!uL@7-HVE38MKSMoG|ue_7pqy6*0<8f!Xi`-T2CU=*6gwB@EN=>fk
z&Zr*V`e6Qtr->?mc?7;!ySs9GhG~7r%3gABxsTj8pymC2{Zk;%UZ*F0xz~P9Pu};+
zBj4+txy#w}U9ThdeAmX0_5ZL}lLJeBA3p?rAHN;n+_~9lCoefiK+bVnpgkY+FOc?o
zz+dLSV~OikUcgyP(M|qw&RhM}=L_babEN9F`sf&8^?wf!qhx+40%7C-?MlJ-dv~9A
z&c;4u)4!>%pWI&_AP<xW$%Ew~@=$r0JX{_jkCaErqvbL35Au)lSb3a0UY;ONlqboP
z<tg%1d73<3o*~baXUVhWIr3b2o;+V(ATN{`$&2MB@=|%3yj)%(uasBGtK~KFTKOk=
zoxEP&Aa9g6$(!XZ@>Y49yj|WQ@05R*Bip~io()D8(eUl<(77XV#2N<^coZL=B6#_i
z&>7I_4ZG}P_roE(LyzE{@!}nD+P>v-IP~wHp9kv|!TgKNoBstqyw`37!(+du9ClA~
z<U7%GvCa(YuI22W0eyZ1!mhczN8S^9Wb!rk2IJiqI@5czg#6cx5&nqBKW})RgtgD{
z+LaPa%h%wXYcO7NH3Zu_+P$lk-W3?f2hZAw`PbO=eRw0<7=`)&8-a*@?DNO?h%!8k
zx3_xxl6TbTmJf&QwXc)=$ADn15N!MpJGVtva-})aJ!`%sccggMe@gDmabfA)vbzoD
z;r|vFHYRS{f6E>acKmjIb<SL!7<rL(t_wSN2%LE#d^Cc!e;`eu{ol%ZZ*FzwRM$>-
z-f?H!K<z%?$LtGB9aV~oz_*P+VE>OCc6zbXhd+F*@@*}PlIBDpvg=x2bRwI*BI3ip
ztBU#D6doV3?CFY_f8E>|d4KzF*F=otzZc_wyYRmV`TqJ&Ol0S1|Lvao@A2;6y9Y&C
z{$Gy3zh@7M%+e1Z^F_w>ZSeN_lN>(%mwU^<&$n;W&fiMPzb}6Oc8kAN%YC|>uo3%o
zzF?FezW(Bje8IT>Ik*qo??mcrY<2j1+3#DrDfkia*U0}A-muT)IW6KQZxti&d(<^U
zM#pgM4gU*%eJ$+S@#jRzFaJ}l|Jd2PUs@FOWf9mfACM2qhvdWZ5&5WmOg=83kWb2|
z<kRvQ`K)|SJ}+O8FUptX%kmZZs(ekpF5i%E%D3d(@*VlEd{4eFKad~FkL1Vl6Zxt9
zOnxrEkYCEL<X`3A<lp5#<k#|_@*DZB{7&{M(Uj;)3?)PX6i|T_SV0t23EPuCR`Po9
zm-+fn<odL|;P0mLBIUfb;lCRHcR-$IH}~%3c%xLrJS_d+UmA~(x7SS_k4L<7;@W~K
znDQa3oHgE~(*K_bgzpRge?0&9dm6s&zC}4=RKA7OC>c=^h>E~JAp*|vfs^bN?cPIy
zWuGtN{{JPI@8_v&&Bx_?R)?qb@KJeG1fn9~kASzI{M~1Ee~&)TyANF%a%m#k<L7mt
zi1qF@q0uq+h4hMUUsD6$r?71Qnv!>h`#o|e2%jf6V%WUvg#YzCqUV1P=D!}-DF6Hs
z2-c(gwci4AG<*v=k;%XnLh;v;3Z>8rqp%96@QR>_ihHNSrH~X^Q503t6kYjilzu;2
zdut1Mxx?YVQ{iC!T0S50Bn9U*6jQO3m`W@qwh~8)8{kiH`p?BW&;Nb;FXGdJe?P{J
z*XLOM>HhuKDL;0{!mE!g4u5}Ze~re7UU>d}dLB{6|7T1*CBBkCNvI@J5-UlRq)IX+
zxspOjsiaa;D`}LpN;)OIl0nI+WKuFKS(L0wHYK}~L&>S+QgSPKl)OqlCBITYDX0`u
z3M)mFqDnEPxKctXsgzPmD`k|jN;##xQbDPxR8lG{Rg|hqHKn>zL#e6MQfe!8l)6ei
zrM}WYX{a<(8Y@kdrb;uVxza*uskBmBD{YjvN;{>!(n0B{bh7VabXK}3U6pQ1ccq8Y
zQ|YDjR{AJ?m3~TpWq>kJ8KewWhA2aoVajl2gfdbYrHod_C_gAaDr1##%6MghGEteN
zOjf2SQ<Z7TbY+GzQ<<gAR^}*km3hj1Wr4C#S)?phmMBY=Wy*48g|bpvrL0!gC~K9U
zly%B_WrMO&*`#b%wkTVbZMHqzl^vn?R(6JNe^!18&37rgl|9N{8{VhvR}Lr#l|#y5
z<%n`rIi?&}PADhsnp5`wv~or{tDIBLD;JcDcKMQWS-GNIRjw)5l^e=U<(6_=xue`w
z?kV?`2g*a`k@8r1qC8ceDbJM`%1h;y@~iTj^1Jef@>=;*d852l-YGscni^e=p@yh{
z3aXF_tB8uKn2M`}N~)AftBlI3oXV?$DyotytBR_snyRaYYN|e;rN&fasj+Ry=ZmAp
zRpY7g)dXrnHIbUw#wAgcs>#&kY6>-_n#wMxR@10y)pTllHG`T_&7@{lv#43sY-)Bj
zhniE(rRG-isCm_VYJRnVT2L*d7FLU>Mb%<9XK}TJT2d`#L#5R+YFV|MTHb~$*nj6&
zQLUs_R;#F0)oN;W8&^ZEsn$|!t98`6YCW~S+CXinHc}g_P1L4pGqt(eLT#zGQd_HS
z)V69nwY}Ow?WlHAJF8vPu4*^6yV^tTsrFKPt9{hIYCpBVIzSz$4pIlJL)4+_Fm<>(
zLLI4&Qb(&})F0Fz)v@Y0b-X%3ov2PyC#zG`sp>R!x;jIhsm@Yot8>)3>O6J6x<Fm1
zE>ah(OVp+6GIhDSLS3n@Qdg^M)V1nQ>N<73x<TEjZc;a^Thy)UHg&tYL*1$Vtp1|z
zQg^F+)V=CHb-#K*J*Xa1535Jiqv|pBxOzf8sh(0#t7p`+>N)kidO^LYUQ#csSJbQO
zHTAlBL%pfqQg5qw)Vu0E^}hN*eW*TCAFEH)r|L8Hx%xtVslHNwRew`|SN~97tADC*
z)VJz8)u%<%qH8g<5Dm~k4bor@(NGQ3aE;JNjnZh1(O8YscumkmP10md(Ns;-bj{FA
z&C+6Ov9#D)94)REPm8Z5&=P8iw8UBxEvc4FORlBRQfjHR)LI%Xt(HzpuVv6OYMHdm
zS{5y<mQBm9<<N3!xwPC`9xbnyPs^_r&<bjWw8B~ut*BN^E3TE$N@}IF(pnj<tX57d
zuT{`0YL&FgS{1FTR!ys})zE5cwY1t=9j&fbPphvr&>Cuuw8mN!t*O>bYp%7>T57Gd
z)><2_t=3L!uXWHmYMr#sS{JRW)=lfK_0W21y|mt1AFZ#}PwTG@&<1LQw87dCZKyU(
z8?KGeMrxz9(b^d82kl2~tTs*?uT9V<YLm3d+7xZ7HcgwZ&Cq6Qv$WaT9Br;PPn)kT
z&=zWow8h#IZK<|QTdu9pR%%Y)U8Swo)@W<BpR{$_dToQYQQM?#*0yL{wQbsVZHKl~
z`&s)%+okQ+_Go*xecFEQfOb$jq#f3dXh*eU+HviKc2YZ~oz~81XSH+MdF_IBQM;sF
z)~;w*wQJgS?S^(!yQSUM?r3+ld)j^Nf%Z^)q&?Q2Xiv3g+H>uN_ELML{i^+@{jU9?
zz1IHJ-e_;NcbZR+rbpLf=pj0wAJ9M@(qSFZQ61B9ozO|0(rKO1S)J2)UC>2c(q&!I
zRbA6{-Ox?_mS*WO^;mjrJ&qn%kEh4i6X*%`M0#R9iJnwXrYF}^=qdG7dTKq5o>ot%
zr`I#+8TCwhW<86ZRnKPY%&zCqbLzSD+<G28ubxlOuNTk@>V@>edJ(;-UQ92pm(WY<
zrS#Hz8NIAtPA_lkte{uaE9sT>DtcADnqFP6q1V)F>9zGbdR@JqUSDsZH`E*HjrAsa
zQ@xqqTyLSb)LZGT^)`B2y`8PIz1~6ZsCUvk>s|D&dN;kh-b3%H_tJaoee}M1KfS*`
zKp&_N(g*89^r8ANeYmZ2gg#OqrH|If=s)N`>SOhB`gnbUK2e{fPu8dCQ}t>3bbW?C
zQ=g^J*5~MR^?CYyeSyAEU!*VAm)JU&>dW-y`U-uezDi%MuhG})Kk4iA_4)>VqrOSs
ztZ&h`>f7|~`VM`k{<HpzzRT9RTi>Ja)%WT9^#l4r{gCeTrNjCW{iuFSKdzt9PwJ=i
z)A||xTjM_O`pnl-d*?D=E9X=AJzZYD&wj!z^5oWf&-Vm>R?cY?_vhFDu`662$3Hbc
ztDn=)>lgHk`X&9cenr2kU(+i`yRP5RZ|b-7+xi{-u6|FyuRqWq>W}ot`V;-B{!D+a
zztCUmuR?q2Kh?7+yFMiX-n9xh4_q%XY>mI<NcEQ-$SntAKSgsC%|9Um!R~K-8=UK1
z*q##h`8kIo`18FkZ{=vgp9ywrqqb2I`2G?2ntj0;89(;>8u=gM_4d0D?O#6o4f3ep
zzdHh9`+)y`wF~*nVd=cm_xb+C=Y5kPirS5U(+|Ub1HvhJcc|R_+xOL9_22a0^*{92
z`k(q6{jL5^_ZiWQ=tc}9!~hJ?fDG6`4Aj63+#n3npbXkz4A$Tb-VhAYkPO*S4AsyK
z-7pN(u#A{SEF-oN$B1jhGvXTwjD$uaBe9XhNNOZAk{c<EltwBewUNe1Yos&M8ySp@
zMkXV(;f+^Lel_I4U+Vzv4~dw(C^+Bi@ZhLCDgwbH;C(;l@6C6IxcX+k&+7-QTp!%d
z{}uN8#l?$3WE%cg9!Kf*M<9!l)yQUKH+;SvMouG_k=w{)<Tdgc`HccbL8FjS*eGHY
zHHsO<jS@ylqm)tFC}Wg0${FR23PwevlFjGv+s7I9-{;F^Z-epMcYNOS`+Q|=nsTAk
zo)r$i`*ZnyzI-;u)$j8;`W=3UqLjV$_$%0OME$P)K3`b-!|HeKx9>CA5<LGa8-D*C
z{bBhd`v2ZwJBt{<&*S$?`W{dbUy%=rE#Y$$gL=@n$vvgtM%w>gisw)G{KJ+x)E}ex
zP(6cwjQ>O2;p@WN?v$$-RgG#!b)$w+)2L<CHtHC4je3Ujr7f4czR|#FXf!e!8%>O+
zMl++i(ZXnHv@%*7ZH%@?JEOhP!RTmoGCCVwjIKsEqr1_==xOvadK-O=zD5aOKcl}f
zz!+!@G6ow%jG@LbW4JNG7-@_$MjK;{AB-Q3vBo%KyfML;XiPFD8&iy_#x!HPF~gW?
z%ra&hbBwvhJY&AGz*uN3G8P+4jHSjhW4W=ySZS;>RvT-KwZ>1zI%B=D!PsbQGBz7q
zjIG8tW4o=}Njr?4#?Qtt#x7&GvB%hJ>@)To2aJQpA>*)d#5igkGmaZ4jFZMG<Fs+c
zIBT3U&Kurcf(tfu(YO#Kc@!VYO9Tt|cg0;YK0jSHt{7KC$JXGcT{Es5H;kLcE#tOv
z$GB_UGwvG?jEBY}<FWC?cxpT|o*OTWm&PmOSK~M1cjFJ^wehF%#&~PIGkj(=GrAeW
z3^4%{G$9i<5fe2r6E_Ld(?*(<Nt=wxnw-g-f+_x0<5Ebb91i1gx;caTQ`nlQ(x*hg
zAH6Sy!jCduIikE0zKFR09p>|_@w^J3e;@ljEq>`9CVcLvhzxQ$y!qXwvL8WxpCaS>
zd+<&hd|o^JJ$C(n(Bkxq|E-_lp9J;yZO^XHx6m&ma>&~kBBuye<Jc4o@8UjG7dhAe
zs>X}&KR*xON4|CWpA><>-r)5o*FLAlh5U26zb25+g`GN=(yMc+1GjGdw~psORh~a?
zVWEGjy%Fv5S~9Htfh`&cdsJRO@XF!yh<aR%M;BTB_riO6y*!v6ug=MX)qf2xQ1;i#
zcle!F`zQY*i&bD>`u1?Kphq6TvEN>Mlth07yiw(!o=3J1eaLQy$M2~tA@Z_Q6H$ww
z{&S)5`U3g=dV*tv*L$@7+Ccx@+Q2#o_IQHVe*5t=vhn2KjsLsj6uuR|yd3O#@jz+*
z6(ORae`5p!+wx1`zu)JuR{s6^qcnc22skbItz<>XiHg9#H3DHrw6LXrt4~pO|63vu
zw!eLDNi{W7Hx1J?6R?&U(~M=tHWRXO%(!MeGZ7o#OkgH76Pbz4BxX`GnVH;7VWu=w
znRVFIW*RfCna)gaW-v3Fnas>)LpCv+gl)uTF|(SDnQUfKHoKX_%xUHdO}WiHW?nO&
zncpm67BmZ)h0P*nQL~s?+$>?1G)tMK%`$ds!j?75ndQw2W^%ToS;?$y#$c<MRn2N<
zb+d+9)2wCIHtU#m&3a~ivw_*rY-Bbzo0v__W@dA<h1t?<Wwtikm~HLU&TMaXFzYiN
z%}!=#vy0i)>}Ga1dzfk1o@Otzx7o++YxXnyn*+>&<{)#hIm8@l4l{?FBg~QJD08$q
z#{9ud$^2-JHOJX$yg9*66U|BHWOIr+)tqKdH)ohL%~|GbbB;OJOv}zQ=bH=6g=PnK
zp}ELR&n`BXm`lxNW(HPZmYXZgmF6mQwYkPzYyM=eGuN9N%#G$IbF;a{+-hz!x0^f6
zo#xNxFJ?w|m$}>AW9~KgnfuMm>;dzjdB{9$9x;!a$IRnqDy9c}!aQl7GEbXl%(Lb>
z^Sqgby<lE6FPWFkh3pmcs(H=4Zr(6&nzzi`<{k5{dC$CWJ}^5l56wsBWAlmm)O=<>
zH(!`9%~$5HW>)qP^PBm*`G@)1{L_46zBS*OeOR9r&5CZtutF@r0xihu%fc37p%!N0
z7GaSVWziO6u@-0bXL(DoL`$+{OR-c-vvkX_OgmXtOlu$;%ZhEqvEo|stoT*}s}YmX
zN@OLrl2}QtWL9!(IGe&sX{EAKTWPGcb{fGhX46^etqfL1E0dLn8O3I{vRDP!tX4Kl
zVY6E~tRieqE0>kq%44UzRz54gRlq7}6|xFjMXaJ$F{`*$!YXN%vPxTJtg==)tGrdg
zs%TZRDqB^os#Z0tx>bs;Vb!#1S+%V?R$Z%}Ro`l0HMAO8jjbkDQ>&TP+!}ATuv%KJ
ztkzZ=tF6_}YHxM0I$E8q&Q=$ui`CWYW_7oESUs(>Y%i;~)yL{<^|Sh01FV78AZxHS
z#2RW1vxZwEtdZ6zYqT}S`oYT1{Ai7}##!U73D!hwJUhvnY)!GITGOoQ)(mT=HOrc9
z&9UZM^Q`&S0&AhQ$XaYIv6fm>*s1I?Yq_<;T4}AaR$FVVwboD8I%~bP!P;m|V>elw
ztu5A8Yn!#*+F|XqeztzGc3HcvJ=R`ppS9mQU>&p$S%<A7)=}%2b=*2(owQC_r>!&A
zS!)hEhdpPVw=P&0txMKr>xy;Nx@KLs=CU`eo7OGswspt4Yu&T%TMw*<)+6h&^~8E=
zJ+q!$FRYi=E9-N|nkf2zUIhM`v)n%~PXA$xz_0P`4gBv;U*r3Kfp<{!sPtcsz{mP1
z%tWRCuMv3PH=_BX`(pS)e1N@5Cgg*Ch!3@2490zgkMvPK+Q;}<ALrwJf=~2GKKnaL
zK6^bWpZ%Vo&-7Won7&xP*uFTvxW0J4_`U?bguX<+#J(iHq`qXn<h~TXl)hBH)V?&n
zw4a^QeKyDE>-c((^zW_AV8<t;FOx5`FN-g$FPksBFNZIuFPAU3FOM(pH!J1y<qww%
z_&zrk^cC_IwqFY=YCk+t+<rWvq_32(w6Bb>tnEQLUwK~zUqxRfUu9nvUsYc<Uv*y%
zUrk>vUu|C<UtM24Uwz;Iv3K9mQCsiA?<H-`U<U&;8A!u&!KTYF0}R!n7z~(VaG{uP
zgE3%=F{YT_JE4T$>j)TnHzlOf(+DJ!fN>H?C7mR{bl>kDlAPZ;=Y7|^&bs%HyY3CF
z&$Ay%TN-Igqmf55vvZUo%1~vPlB*0?Mlg^3KT;W`<T3WY{vZA4^h!$pf1CE7>&m5!
z`9IY8&vX2*hvae!l(E4jjZ?<|509Y<f7dTmCjLLLHj`N1WM#_#Vo6i~7vui>7EM#8
zD>Iat$}DBJGDn%K%;Wi0Lz(~gybF|t$|7a)-@{9kXOyMEp=HW)Wd+%@%1ULGvRYZA
ztX0-2>y-`4MrD(-`R_UY?>__nS;Ai}u;uTg=dUsUwcM&~`#;wCk9oHL59<EMTr%77
z_x}B_$J9<`m*V@kssDMt|J{)FZ*%<DCH^z~PYe9h0{^tYKP~W23;fdp|FpnAE$~kZ
z{L=#ew7@?t@J|c;(*pmrz&|bUPYe9h0{^tYKP~Y8#unJE?D^-t-TxoA!2k5_;Xn2N
zztjSI|HpTa|G%{L|7^?N|NV{qhqv@cbK`zY@P@j)nLa_0x5cCQA0na@UC0l1L@BB`
z%TRUU;iDdHq8bFFoFem9iXz@8s^SBpCO#wzahDh(?hzjmA1NR65sB*J6D5(lpAuE^
z8Br6T6GOy(KCYmMFNmu6lBkKVh#}%@<r_Y}AjG%w7Z${KL{&T>YT|pM5I+z@#E;5P
ze5gSYKND5)3sDol5<|pqe8@o+zbk*RePj55gCa5+&SZKfb7xW`leHVjnq@OBn`zlh
z%VzvghKDjdl;NQakEH%6#*Jd!D8`Kn4u^=bj2p|iv5Xr_y+ZOr%2u?Ts%8>fDRv>q
z>|`~BjjV=fO|3HOKw@j=3nkOY%80ULWyr!rIkGU(1{KsnM5mg_vRrC5F_C3eBD0f~
z5s#CVA*&&tB&$IdCMuJKiFPd2P;-dws2fRUCo3bO$;yyb7cpejMSE&gRfiC(t4VBE
zO?4<SiASnUrjyx49GRW0hNw$cgRBhgQiigFQlBxyC^g|#hY>rn%tmT1u@hU^R2@$2
z#85n$92X{<lZBC;R9cdqR1(x=>a<Zu5|gRZmaIBim}pNHCeCUjm5yo`)}^yLir9s9
z=|V<S%8C@SvLa1QW$tcjJ~5TKdyrKp3lkY+VIqz3z11<qG}f^%nMPJ!^e3xM7A7*u
z!bCbl1JwdzIz!oHVIoKEMvDwp#}d2o__<^{nO%$^vy(j{Mv*;2R#uEAD@#^Gj3KKb
zdhkeN)$zm(j8_YTS%@g*130Rfs7@sIqAe$rl_3igQ^{CkZI(JmP1okD-L)RtVzpS!
z(0Xet)B)N+ZKyUxTc?iF^0l#A7p1b;MjKQXJJen3bZxgfOWUu`*Saz05Nl9bEYuch
z$J7(*3av;zr?ye1s27M+IkKjzo!E1iiNpA)&oG{C9h7VAjbVJ;XBf}jF!35kY#94F
zOuWH<4x`1x#C0Amj4cckH&}j{xJ_%kt^P*5&9(%{RI)Jf9+{k~h}&d}c$pd{>OEpL
zO&1@i)rl7vx~qOn{77v_?N2x+!#IY*#Ah5s^6_ej`#fF^@wuvtFV*|RlWLgwnym>F
z!>G}Qc6`A0Oyt8$6P0#6_75yW6|2<qYzgNDjv+<7!kAyxkBArWJCDekqE!8f*h;A&
zR4tR(N^uH7=H!`FLD;lxVj@Fj$egr81re$ZB_=Ucmdwc-RuJX1QAB>hNmL+na@<uA
zPA#99%8-l9Nqbcgm9(+MZVWw6=H$4mCZ5#B5YtgvD<B$Ld$uZ48$#Ty#%NWwRvZ`A
zStt2CuP$n`Ce_8;v{-HJN8(MyX+IFVP@^u7Uq;lSWj$J5Vg}>uYlXyYGhSP-4mK0C
z>FNS)vDQvY(mHCLwJzFVtx%h!&CsGamZO+EiX%CS7LVe1kK$Nf#is{V;SwRlA~9Nw
z5k=Z~rX-4H$^)^R_FK-Bed46DigLeLLp&hX5f6$j#A{*~@l~;h_?oyvEDA2`us9-)
zieuuqI3Z4oQ{uEZBhHEE#Ch?&ctN}*UKX#23*w@<BrdbG5a!%PyebZ}gyT3FT$0Kd
zm6{LNE+m+p4~|ipPZjSl*LBM4)Oc6i62+oKd?4<MkHjb9GjU&hDZUmjinZb=u|s?(
zeif6%WHCil(iPEFucU{F6g^dU>6|z8biJG2UAHr?hu%}q(0l2<^{1H9M}LCaef1dK
zF8b;Hb+_)(>*@9N2D(>os5jCZGu<wl=uP!zdc6L$-dt~?x71td33_Y2jh?8t)!XUq
z^(4K6-cj$Qch-~jF3e*WUY6?R(dzRU-6@+=HfCIFre*2_^=v&yAFAi-BlJ=FXnl-6
zRxi*ii1CyaM4>)OpQ2CGXXuOcCHhi*x&ExaN?)U|(>Lgw^ey@}eTTkFxAZ-_U*E4E
z)DP=N_2c?Uy+}W!pVQCluj`NTC@-@9cJZ=)LBFJ5q0ffbbO*z4vW0fxV2$1)3lTSI
zC%brut+k7H^#EgT>F*LBLorJT5s#yUmIx6a&=x%7**;x7!SF|9A^d=Bi1>td2@#*^
zpAzrupAqBmCG8O+VyOK!t)-KNh;PZ{xU%8_Sy@q?p&w|&5b-a)Ht}cLF+}{T|E`zn
zs!iBz{MK=(t*ot_t%A*IbJ;4{9=APdt86oDk+x`CjIFAzx~-<Iwk^(9*OqC^vJJEi
zvSr%_+j49}Y(s6sY`M1Kwh^|Gwo$e`+h|+9ZH%qJHr6)IHr_VDR%n}On`E18n_`=4
zn`WDCn_-)2n`N7An`4{HGG^MU+tcjT?dkURsBZ6O?+`2t7%s41L<iht+zYsl8lmx_
zZq!F5Jch>+j%ZXtZPdlZ(C6?@=(f<aq1$l~^&W|Tq%j`D;|ND>v@6@aY`e0}(W7j1
z+4!<mu%hfcWiOO{uIxozAa5JiJ?wng&9DnWZ&SV)c7?ocx#s2Cp>4Sy<=!oK1+SO8
z9V|=AbuM48{Hx`Ul=qikhi&D{R!FFDvO*`MpgVe_WrgDvMpwv3L4_j~rej8hqm)M}
zM^mn#&PHs54}L6To~n*I4kb>F)8aT7;%ssDxH54eaiMXK#FdQ;iz^pbKCVKXBhDH3
zXq+pqVqB%T$KoE3dm`@1xToSO$A!lkaS?HmaZz#6aaH1C;$q{f##N7ti@WXk#`Uf1
zJJ$o(_pTpYHu|$IgHV)3IXKZ2@o0_~NI*y58;&;}*Bx&;Za8i_-gdm>2sqw#yyv*(
zD0bX&lsMjZeBk)dao2Ir@sZ<W$0v?Y9iKTqcieY;;rP<=mE&v2H;!)|-#H#QzIXiK
z_|fq%$4`!*9ltn!cl_Zfb+l40@Im4>N}}=%uY>>f1H4tVu1YE&-|fance`pSnr8IT
zWX~)HJ+P!|-L(E%rk1S@(<T|4v=Q1IV~aLg%hSea1=<8{rsh|}jb++$UPr15H6oLk
zz*$~IWDygT7-1ueA@hhbWFB#mGkR#mC&V_?C>t?|*oGSA$YRJmq5_$Rth#WLRVRxR
zF0wfBsH%uc5ia7Rswy5QQ+d^j6Hi8D6B8A;s7&S-H8i_0B5D%bvh>J^!NhjFN<~NH
z5Zf~p6ETF?o=2=o7DE;ys*{C~@hV6ruU+ei+GKTjJ$8$@h@r&SS?{_LUlTjR6OkLt
zVnlti7{+;om(0WUXN+hRF`U>iLKjW=mb1<{k7&j?IW<l^O%^9QGk=SS5yZ}{Pb;!A
zWHF*OSqxXHyedbGBqlS|j!cg8h$J!(S)Axd7RReJ^GEzZyvY`HAqx?mXr+{h&csf%
zQW}{mx>BQCL>{p#%j`i`hHHp2A|oO{n8k?RWHF)_Yuh)XH!+pR>CZS1R}*DKX2cj`
z8Z`!zQBN%+vLkvE2OuXRlb993)jQv^F2hwv8Ic=NKuo9Z2(lP5j~GSfA&V2E$>O+T
zi4|ia#uB^H!ehzYWN~6VS)3TcdKX3vB@R<V#H5H^Vt1|`rbLV*c4wK>$YQt>R>X{m
z@x&f%-z+kfEJVy9<29AFm`BD|Q+EMbjOfYGqKFB^p43=E7Qz)x8L>2?kl2eW>E#g<
ziM^=%EE(I&daok$h#@GT{&=ot3X!Qir%hw)TTyEp&w?1TP_ct7RJ_QV?27o1_#$g(
zktt-MVh@>|Duka*h^-Nt*w6REHKDP!2P60+k4zDV$rQ3sag;2SOo-!Tat^yV$sF>p
zwHQ&vu^&SgD$bCFk_mB+Oo%Hy_W6j<iC1{+7swQ{Q1KF3D47tikO^^$$G*t7%QcSp
zP;r?fK9np*TqTR)3NS{z8Zj!Eg^Jh7Ld6Z1`DVoT#2YO0Ei#2HRNN$!Q-yekOo(eN
z^Ig7+u8FN|)vbta#I0;qF_}UZDoV&g$%OcTjBQh6#9gu&j)fTU5yyheLd7R!q2eI(
ze-?3wc#!$;lPP4O;!83)Rfw<21X+yumMn%ntB42eS%oY{{6Hqhg^GWXg^~&JGno*-
z@*Vclh{Ifw9u^e^-%t@M_&z(ON|`{Jz%{9hd^t7L$PlJ$e7l{Q$yK3~tHMT}AnfD`
zqD<s*>K~`JgIZ2FsNuva#ycWcF~!OE-#M@G9e72!$W>91TosifPg3V3HKLdjjVQ)O
zBZ?(QV-3@zBG*tOI<f}StMCnZMZ}P+B9>egRml@XHSz>eJ+g@UMbvgv%L6wxJa9AB
zgLO=IN3NrWhi}m<q8{I*S44esRWu-1g_k@*G$c<DjUvxe|2(x@QmYkOQlk~NFurBv
z7N)e~8}^Dw;9K^JXid(!pPX}d<SW#9g&JL%B6H4JWL=pihg60*SMexvD1o5_uD2^v
zW>71Q$oY(zAbLbzrp9Ha4PZ(p1~4rX1DKkLJxm`ExrZ8=d|O`;S$tz(5d+CpF^HV^
zXUG%8VDbc!6M2|*IgXPk!g;)c%TOW{QN+GaL=k&G5k>6(L=<rZB%+98AQ43z1&Ju)
zI7kG4pHPP45tKz3%Aq_eAS$Sc{h5d&_GluC*r$moVy`Bmi2a&~BKB+|irBY_!Tno<
zvL<SwHcZ5!4(eh+P!TPWh$7k|5k<5{B8q5_L=@2?i728?5>Z5}B%(+Rp&W`~$i;As
zz(|b3VPS_Z^2qb3e^|(IMf??)2sxY}P6X>EFtnW7hj=dO;xJKRj=5qq8SS8OWGe~$
z6__9js9(UcPBQ)^a~+^OKzWj7U0|9li+DaMB0qAz7{l{Hq5c9fmMl@6XJ4OZAD?I6
zvOl2n7oXg-A;e{r2@K0=A;fjmc!OtvF5V<6VqD}xF+TDSmhlJ6_=9D<LXB6LewC^6
zuR}!~;;%{<Dl(kFcv(j-YZo=&kK9Gw4~UAG82OBt6uFIhA4TrwY&1s<P$skfli9Y*
ztm$Re;Wf(FC@(Yrk4%$g5zi+@Oo&`83OR}u>Ms>j$P&dd-b1Y@v?vkfh>B9`i#p1G
z{I3`F*MD!+U;m?(Xy&kq7K;2Yhgxt*|5eYeG*G-sL#0vh>u9x=N2@%o$S>uk2H)kZ
z%h$LvmAd4ul|vXvJ}MZ;D$CSEe7P){;S?o}FNdXbz1fM_nfFlk@E!@%qTjH+X}fNF
z%hs0ne|jp<imk#~MZW9XDEO{#6V^ixd4ga2YZFypsmD<L;5ctE_bT#zVfocQ8D-su
ztgVbPZycQ3I5?&;TOh~C@p;inN|G`<7?YHI%I?aT=<Z4Zl9aK*n52x07L1oQla%q)
z>8VVJ?x_?aNtqaoNy?<?$<b4yr$$eU{`Z@)<CJmA&>-I3{IitPC-7fJna_@PvnKVG
zWzmhr3arE%xPj{sRT_&Bltm1xqIQ+P{@1DU*Z+9Nw?-n`<7uU_$fWFyc=F~LM4pX&
zjKMgJ$3#rROw7Vu%)@r<#vb@F8B?$vD{uryaSX>1;tq8`+(+^~`+AW3NWOC~_levW
za(~LUZ^BeJ$B&02s0O)=^@FiNFnWWrVK6od#>T<egeZdZx&O}OG9HeT%Xyf|Wj)N~
z@*ZY#nGZ9$+=rQ5_QOmr|6%smW5_kE$r{#S{pzrGb=Z<RY)Kuqqz+qBhb^hYmeiq+
zI~ZkMx!p3#`f}T4l=H~#mr>3q+dxJ+uY8m`Y*8kURfDfX$~Z6>2L)qxFb)pJoM0Rh
zj6;KQSTN=W<M3b{5sV{)aa1to1>@*o%n!yf!B`NCV}o&AFpdw#3Bgzxj1!4(#J(AO
zJ@&2G8?iTI-;RAJHW2%6?0d1dVsFP5$KHu8iG4rzgV;3X!`QpA_hLVa{W$iM*bL><
z*w12x^4C$?RB6grSO4RGajnL}ZF<alW_`1P=`|agjm*Yo6SJw=%#1gmHk+F*%$8;=
zGr??awlNdUwq`rCy_sZoFgu!^%+6-A*~RQ?rkJT_nwf5PGrOBT%${b3*~{#0_A&dK
z{mlMmrkSfvF{Wrk%wgtmbBsC8Y@xN(W|*_gIp#cbfw{<BVlFk8o6nl7%r)jZbA!3b
z++uDscbL0O%iLr7&Hd&<^RRi;JZ_#ei_A0TIrF^vg87p9ih0qzY+f~AHD5R1G~Y6B
zn(vtJnzzhiv&8(sylZ}8eq}x|Gvi*(-LgeVu94g@xkYkD@|@(w$y<|8C$~t+PRUJ~
znX)>?pYndn4}3><L+a0|mC~L{Yn;|9txwv}w3%rq(k`XlO?!u*7`oq6%XlQCQbzTR
zF&SNZPw)Lx?+SgY^l98@WS`M}ZuR}B@3(#b=$qefV!vtqzVG)(zq0*Z{k!(h>_4Xe
zOZ`K#8fJCOs+-*)dtUaM?48*~+3#n6l>N=%kenJhQMp;Ug}Fy_ujby!y_H*Gc*Wrj
zhUezh%5Rw8EWbs5yZns&-ue6TXOCGh=61oy1y78P99v_od+egIE5?o+H)Y&`ap%W<
zHSX5<563?k-?Z>l;d6xr6R%GEdE%JKKTU2pEoIumY3HV?)5E4eI=%k%Y10=>zdPge
z84qUsHY03i<(ZK)N6yTjIbmk!xw&&&&hIpT;QXlz7A?5W_e~ouZo9bK;t7j4EgrNa
zZ^_Xm{%5W{vtj9>rN@^pUzW7|!t!g&-&{U^)$~>2t52*hTK(zjlr{a<WUU#x=IWX+
z*F0FGuHC)%*4mP_tJketw{P9<^?~&z>#J_4yP@8O_zk@_e6(@w=4qREZ9cR4rOmHy
zeslBBn}6S2ev4~M)RtyjI&4YZvSiD~EnBxd>TZ*knAXv~&fOVZkb*RHLl0!2H~OMK
zGBF5)F$AN6*1Pj5^WE#+V=2c{PN1AXIf-%-Wn0Q9MOyFPL_XiW(Cw$(kApajqd1O}
zD8d<>!+E@bmvI4?@OsdC_jStaEdM6uP09defbtgQElMBd*Z2nC;ye6~qbx;ns?NPm
z&AHFH-zl8B)8;(nJnTH;JnB5=JnnqTX?K?4Hyxs#q5R}?S!bBDoU^>Mg45x2Iv;gr
zI<uSuor9d&&cV(c=Md*m=P+lkbGUPabEI>WGtW8NneQCqEO3r>4scd<R&ri+UUFV@
zzUF+(`Hu5lXSlQ2S>iOD5zZ)Q6=#gIy0fOUw$pURIqNv<I_o(bI$Jv1IXgMOb$;jU
z;q2+maL#tlan5%xcdl@*bZ&NTbA~40>i$S_TyojudSjnVR+DRHxO>##N2=wyR0~EC
zjJ9C32V<FF3=PJz!59{d<%6+8Fgk+K8H|q-<?DmO);`R%zccZ7X8Sv{|DBcjI}80g
zEBkjA_IFnP@2tY#nd9%w`FAGU`{5dd(Y`hLd4(EES=u~|_V+Vv`*Zlw;8fN)S+>LC
zU<?h$TixZDmBD;Oip)hY&kg2%gL$hoIX)yu#@sv^8w{7RMsUoV%Vi$fL&lG?Wvn$s
z#?au@=7lmZmo8&rzKq)z%h)$K{#dHa?*<=ba<I<e-oY{BWK_GzcrjQ%J-7}df^#{8
z<3FDvr#>Kd={C9F(n(!|SCjR4Ev*;)FRu(6KwcF#L?bjt6JC$qkgv<~GX(N~19*e`
zQ|?K*59QvI`%UgKxv%72lKV&Q8M#m7-jMr2?g3qqV^2C2T3#q}Pn6{dFH5;Hc|?jx
z?wed|NN7&;!gA?_`P&xvEj*SQC~P!#=(1WVd1;>xx2<({S(h>}_v5|~(we2M={>mj
z-EnG{i;L6K!ZYf#=Ji?g`mA|<*1Q30F0Y~FcFA>q_+@H&tt)>dq7fRS3ELun6eA?3
z9_ph3yl99<XpAP1S1U5gy0YCua@zCb3)y@kL&omGYx6eBcK1%s7rWhiIWz6&taO;O
z#Bt6>MVyJwaTa=kGtdRj8&}*{-Phc&x?kfgbe*$KfHTb<cZvIb_Xq9|-S^xdyFYb*
z=KkD$-~EOAOU^#uaOU~WeJ^=&y5KS1bpOUOWOko<w*|8Y?)Ti=`TrZ^gtC+6KX4yn
zZ65HLKKC9<UD?fg9Hho&YV4-;V=q&Rh`;gJe(HbDG(V61Qt%P{Jo@KM+ei6;_<*%M
zKzV@W|3=OI?vH}gg>rz$eV%dqsi`ymOCJ3*mT3#-A28(-H6Bj+I=J+Q({<%xc`3Mt
z2dQ(GwfK@{A0+-p8yzMV(T?|NwWH+4Ogl~;Syv~MTPW9FC?{DLxz%Ta<7B)PT&E)U
zMfSmE>dQyDLaV<PT!YtH%F8T6w&%mzGJBaNy+Qd!aQQcA)1u(I-v~b94c6hU;1t>N
zvYljW-gNI^j!P`-ZN{8*ThzG8RN3kQ<~z^S`|P1}xXK<6F!VCHZ2R|^cFO%O@jOc^
zW}W1E-=@YTj*16t?*ks=R&WV2KA_f};P!vX-q=aKJ3Qv=#QQvw&a?-t!6(6bC5(}K
zu7sA+6&dB0-RCIV$5LdJEh4jr`{y3zWsW~t=VP{9PWwFAR`;3rGsfOvno#Z&-)86w
z+Fe(^px!0-5#qx=>sE^LJgA5IXaFx7q7fRS3FLE1Mp;)rr(~4%<+D~sIgk7cKt?&A
z{0l%vIj{T+K*ooUBj=T8C>iCvL--+;Og?3h$zR6Z`1>G}=jkY(rFs07Fo+*Yk&Xo8
zQT`t7ri|(5$ch`hIK6ttz})hK&kPrwnJe^vs!Q|2JeDvLXGJUKX~hq%wBqMl68Jkj
zfln|bu)It@k0BWUFw5gF^N~2q-IB8+hk0_CmcxCbiIg&S4n}$BXd>rf8P5t=^a#Zj
zJqWoN%v>XJR*WEyV96tx_hEh{ICO-eBf)Vp8=)Kxjy)R8WKEe>sxpT4dRQI_wnuI-
zb`HjN!I&RxC7srhttIEM{ab#7_8P;QjA2d2u%s~zcW1ae!`&I~&Kh)Qdt|%zV0;h8
z_h5Vv#`j>nEcb8+W{(gozYbIC&|;%mSNVSsYuB2`l&#a6y;FxVvP}#5Nt;aCr7M5u
z^J${s|IRF_fOZ~%kr>51!+9@Y1p9Ub_2iUM#IDRISeu8B)s<nnwesDTeBMPF#~Nj^
zww0>LJt?Dy*Wr4oj|T9fAsV4Enm`_<GRnI0D3wvxmq)3Lavph<$|&cPN2!c*UU`(t
z`0#P$yz(fOQO+x0ab=YA%2!<(<-GEhSFV$sSHAjwl$}G13|CtDTKf`x?R-hT&b}_b
z6knRJo3Dp2!`Iu_*Vo^d=^N<F_T~77`f`0Ed^3Erd~<yBd<%Swd`o;wean5%`d0bY
z_}2M0_+qT8R&}eURojZQ>RR<JuhqzEVl}g#wpv)Ntkzbd)y_(?I$E8rE>?<_W_7cA
zSQ%DttFP7H%CrVr*;bA<)XKF+Sfi|o)?};Dm}bqeW?6HrdDdcUx%I5I##(1>ur^s+
ztZmi~YnNqNd#vHwW^JC9=09$ow2G`V);a6E^@8=1wbFXVxMW?i-n8Da-nD+Ts;Q0q
zss1I}R@XMycGnKqPS-A%&t<uGyY{&Dy8NzvuKlh9u7j>auEVY)uA{DFuH&u~u9L1)
zt|HfI*BRGY*E!d7uJf+vT`#y^biL$y+4YL+g6pE|lIybTitDQDn(I~9Yp&N_Z@Auc
zU3b0Zy5YL%dfWAmE8u$9^`7gN>$a=db;niWdf)Yd>qFOF*FD!qu8&=xxIT4#=K9=q
z-}Qy-OV?MfuU+jIe?R!r;x|XuOa3S=C1YN<_8C8B4jngVT8p`-=lwK)=`w9t<q_}Z
z-5K-r>|x8lT{km%Y?_{1IX`Z0#OAJj?~i(Q&Y%UCvjQ_B=U?gfc+Rj9zvaKSY;Kp6
zDR)v|9`x2QNB$?{>~s6f{d!5gHKR8CvT5;zX@y&-T%M&r`}V?;o_hZQlc!G4%D*z<
z#l`<x9q5_W$2IJ|5fw(&oziG($JN(U7frvNaxEo%;&W5Joi%p#^hK{{{jsn~@+Z9?
z9WZZ9-q^>}ew}c>%bxz_lCKS)kX>cUOKJUjs^gPp?_GF0cmD7{vOb!*bzt_`1Ia^E
zE~m^G^2y{;Gp{dvefbZm3F%+-dnNmiQMC&9uNt;~&F0rOUl=?-H*0A@zh!)Ib^V~2
zQAwj06kI9%e#)rn)s}uWJ7!sjXCF`9k$NuuQr?U6FZcVQ|D=Hja+^;cJLX>U&)rY=
z4Igl1%+P}M)7nmNu;Rzn?bkf9c2SoDg~yhkTK&O*xykQ!{i=71KI^hy8=Wxjx7m}I
z%^zH6^@7w%IS+DLjo3Icv>;<_?gYn_erxMwO;}yK>yv#yA5m-RqW*0%A0IMzb<NZY
z>Dhf;gOhW15BX@gz2L*Kh0|W2|H1qZSGPzzJ<>>jWAxgBU*_ys-DBgH&1-V5j`(y&
z)T9-YpU+>H*K^VH$qi>UO)Zn^>-SdH+mq+?ju>%laI>YISHIP-Wy<s2di5+Ad?%&W
zm@DJr3;Pvj7cMRAzUH~fkIwyRVdG`LFZ+7!Z)<C;JGSZ0vXiS1bor!f=akE-_fk{R
zHg&UiAJV;L&)q!-^;tP!Naiz{-(_~m{xEy_;5kFak9cZil~E%{*Uqm}uzW&NVf(_a
zh20C66h2efa^j4M&rb@S+G=V(A6NNuM&ZmJvmFaoFHjdXS@hQ8kR>OU-d$a~rrFxD
z1G)yjy7R=$YRSh_hNMjIl9)0*<znhDsolD*>-J%{qdnVXq-SLHs?qy;zjyl$?Z3Z&
zU_f$aNaldd23ao;3?Gy_sC#zhobEZdMqV8mk!Owf<{!)-U0@&EjPArE$K4wD{kRU}
zTaLdr;qb&slY38TJ}q_D*Ru-ewOTND!TE((7k;^L;iAS%^Ovn#K5oV2)wkA^<;Rpe
z1UlUA5NLC|Q{ZOFre;sHY|=74kaVX<;Emh;18?1Fz2%uLgZbgI!JM@Rb58p!lle5Y
zfHQT0Qotv63iwP;0iWlY8q7!7-nAXGeP=sq`_Oj7cFT6#R&4v!_POmd+Y5Nnmh|fj
zc+vI-HQunD!dc!MKg+x0XL*18Ec2YT-Nf4n;9b0jTeyuocpo3&F7DxDe1cE$89v8N
zTM^4W&wS^pbDqb!Z5wT$WS?rEZl7qMW-qkwwEOI{?X&E2?epwQ?2GNs*yr2V+Lzn+
z*bmx|+7H`L+t1ja=QBjl@fo7G?ECp-(FOY@`*{0R`z!X#_BZTF_G*0ks2ZO%s>Uae
zsxiG9HL6jk8dIw={Tk6k91_vNUW4Hp4A-#NK_ZgS!Cs5;wHRNE@wFIVi}AG>Uz_o@
z8LrK6ZH7(im<-DpM_Grm4p|-Y`sDS=>oZiJVK2FtvLWLek~d_0LxvlXH==BeCQNHW
z*_5&=Wh=^7Om9WqR>9#U$`1Af#w9SEz<MMw+?p+KP2JXvZ%y6S_BKdF5;`zsA`W$s
zh$M6%d${&;%@c$FlZYMcZ5iK|`fVBCmN9Lq-<I+17~hWJb_};;Shhe1>UE%=Tv`Xl
z%du{Ip522aL@Ax@Da6jfm>i5<g0X8brckFEwX50dp)Kw2K|Qpk%{{1xwzRhg^&r=%
zI?;oAkZa~aJ+x&Rb<mFa+c94|+FWjPJEpYbe;#$(v5a=?lXmt7EU5uyOS@dJmUg*b
zE$wo>8nNz;sN00H31w5trj+$5>r*zMY(N=DDYxIGlx<OmQnrPc(o5NpvLR&yrZ%8v
z1Ew}$ZR^8}hNy1u$ePMMA&<F-N1n{(K9NVC93zi08RZcsb9uDMM^9w=@+gzXnmh(&
zlw)Ka8RdAnXXVlN@c5HkEa#JJB-cwWQ$~4Y%B_*dr93L-5@dXs%a)LjERW8IQMQN7
zWt8nB*F+wt@~D*a$|#RC`B*Z_qfjni9*gp5lr`nCD5wARERu7`nsUA6c=?EbZL_Q|
z$JAke$x=pnWXgIn$|F?Pmr>>qk7K!3a(VK(E%%FT=Z8@~qaTiu`%Jd2953t3rN})h
zmnn1Ep0bW?L)l_7%C>s=ypmDYfA~C*^T}L}k&h~$t1`+plx-+;`OJLy9FyxV*Fm<4
ze6~K^LRnL`h+Kk<@|iEsRdT#slZW%lW2_D5!h~QHN_9$koXe~=wLN4HTemKmtScX#
zJDV({JwrliLX^)2p|oe5+zMGM$?go+PU1QH*D|C2t{e4t-7<>Yi&4QS>&fMKILFG|
zR8+U-ZW_F&`<VN2ceSXhQ5B<HQT>%k{ETEpcO|#O?Q}olF6$0+mvfhQS8(^{M>?BF
z#qi^+wUju1dbBw|+Zn4=Ra$b7xFgTWj=}SYJc~pr$-(Dql+q>mjEz#d2A{K0ihS<M
zGfgUGsy*6X#U5jiwO8eAP@VRu$=;RcZ+UjE%NfeU`Jz61)62eW#M!qA$8alJQ=U8J
zQPhrBl6$5KVo(*;?NyZO+-q)Cno!!hv`uMZY1`6vrR__TN;{NxEbUa<xiq=7OKI2A
zl+x7Fw9@p_Zl&EzdzAJp%_!|v+K->moT|*JIk)Doy#KMoy^Hrc_PFozKF}w;Paxl&
zSjT(jgFGHjJx_g41CQ6!(9_7%*we(*)YHrp?|ItO+|$C-($mV5;A!n?<4N?i^|bS}
z_au2bcshDIc{+QNJzYFqJt>}4Pnsv))6LV})5Fu#li}&*>Fw#`>Fep|>F*if$@FA-
z270#h<BI!~gZzl%E@e-YR&`nQ^5_-O&qi;pdbO$=sBv2j)I=@RhKV@TL0!1vK|Rz*
z19;I8jnEiP&=k!OkEhWbEzlCJkbu@`gG97NJG4g<I-nyup)-=v1p&N^_izihQH(n%
z!Tb0CAL1_V;Uj#EPw*)|!{@k<FYqP4!q@l)-{Lzw!1wq8KjL5b2|wc({E9WjYG5ta
zVLdirBQ{|(wqPr^VFz|%7ksd=8+))9e(b}39Kb;w!eJc6F&xJUoWv;<;SA0ezoEUU
zt<!dBgZ;a-o!WAvr`Au~qYcusv<=!uEk~QJ?bZBRqkvxWj5U(dR`LwdUNTM_uT3Ni
zDVeJ6)_huy-_k~#OSNs<c5SWpy!wLrqS`3%NJ*nWM2QGIe_I4zz>9bZFXI(lz(rib
zWn95kT*Iq)4X@)3you|03pa2RZ{r;V@GjoNE!;*i?w|zk;{$w%ySRss@G(BYr}zw?
z<37H?m-q@_;~RX7?{4dXbvTU;f0n!cEIq|~pgQXPS+*<D1I;1J9woLw(QO;^JuDCX
zS)QXjRcvFQF+Nz@X)8NzWv8v|w3VH<veQ;}+R9E_*=Z{~ZDpse?6j4gwzAV!cG}8L
zTiIzVJ8fmBt?aawowl;mR(9ITPFvY&D?4pvr>*R?m7TV-(^huc%1&F^1KwhLz+GH9
zFyKz*Kqj&<5QC77!N|c748<_yVmL-%Bt{_*qmhp>D8N{Z!+1<UAtquHCSwYwV%nVs
zfgZ&T0@>*KXW5@}BxE`2&ob}Na`c~NK4lT)e5d~`&rr(w&i+}-VL87X9#!m78)?hM
z3bB&UV6EmeiR;9Au|aGUo5W^5xwK7uFLnx_u*7arrixbO2l1x(M%)zNinqmW(KJw{
zxM?5;v8ak_sE!(_iCU-)6LF}6x^TmTdZ>>E@S-6ap)s1EDViZ3Pop_npe0%%0j-Ni
z+PB$9+2!Xn+=|J&SSIhCnY{aD^4^!pJ6|U6dzrlJW%8bv$va*q_o!M0KR=NWjID#Q
zO)w?~W7}YC7mV$LF)0{31Y^fw>=cZhgE2W6y98s`U`z?d)L={t#`Iw97L474u}3iW
z491LL>_x2TPE#tm<<E!r;1gKwc^5H_JdOYIT}Jss-K}}AQEG!!Vh3fCyCZiCj=FpF
zzLs{;{Zz)?1v`_Y21k$XoVvLGl9WT)Mry*8J&V8T*(AN<s8w0r26k9hW?)*@jKYZ%
zL(->@tUoqC^+dPM%PYFgoJ#JB?$Bfz7YE~l-ZC%BlQAtz#&^caSez<jkL*hBHT}O%
zdpfysa;xN)91jD!oav%<o!E6<*VnslZqO>w^iF!ppp@|`tpef2MGbN&I~K1=*_m=J
zd0)z)KuNJkEosm!wQcJ7)Jk4knmsKktykKZv?*!R(h>sZoxHp&X(eO>OYWzAn`Ten
zoZdLSefp5}?dd<JJG!NH8`y1jH-ERI-CpeWSdYhhq;xOn{#DP{dVJrbT+c;4>h<*W
z+}AUabKQ46|JBo;Q6(cQBQdc1PGaEmJ6~i}?p3{4AY*W^uNwZ=Fr;_$-faVyieKs-
z=>34~iIURZ_C9I-XEYkn=lMQM`m_t&D{kGlUEt&5k$rRfPVW0b-w*rNZTx%R8vUN`
zH?&_?<Mx4B#giK!>UXr?iGD)@D@xi2JSFPPD*Z1u?i4t6r)S{3;;jC;{qHtj-~ZMA
z@AUt<|BL}mn}jz>3f#DJaX|abPMH%kk7Vx5JeYYW(~(s<t8doftQ%Qf2X+XAl{`K0
zx2z!pXAQi^(6=R32E8(H&%ioOhYp%LXw#tagN8R9p4}<%$nCq?KMhVA{A9C`X7`$|
zNLiJl<ZK+gfBL(vqjUP@q~&x9yi}6Z?3bK5IjKWB2S(g}W=Q0aibE5I?il*{(A~p2
z2X@@KHSCG_=-lLhbvr#bIX*vkOYRwlmfUF<C|jHy_~lOW@GgO~x6coMb$HJ3$3`?C
zF?7U)5pza#2}Be(7*TiR$dUD*zBsZ=;LSTfj~F?sOQ2s#m%uY67e+P7tDLv`=?-~Q
z^2X=w&uhi`A#rq9&ZHZO{*oH`UGq}{A$O+ducGvpqy{S9o;YUFn0?K6jXBl4T|u9M
zIR#e=Dz}Ioo5odAbK;8I?YS;+j7tk_D@hBSDoN)m=(iRjyyx@ab~>+2>47JU(>a?&
zjE@|@Xnfn2t6O#p7`Kxr+@-8`r(0k>Ub%C>ux_gk6T3|89++I*Jz(AWYND3Vo%Oje
z>GGuN2|WVSZ(pChHR03AclrJH9)Y<f1E;91FHX^>CQfb8x@VvUd$Zl046=9cOq|w}
z*SA&EewmiRYe@#@!2#1VxH8F`-YL+(<Ywz5)5VOkZJN(G-YX+um1G2tmvjm|i;X4v
z%*{)4+bo~CXy&GwM^g{aJUa8-%#UaG3dENfvj)!EKPzU|xmlmgN}F|M*0ou;XZ2?L
zdk1ohd-Ez*JMr7u4`x3$r%&KY$)GvC17=Cz#LUFrfx{(zc)iO_>^e7R?$Eh==FXp6
ze%^<3Ys|}?H+SAUi66{U=l`5IV18d-x89k5XTG=XFZ0hd=odI}yI){%@pEl2w%xk0
ze_;1*|Kb-GS6(uHN&i6Il7xVM`|6UjOTJl>z$@d8XEFoVi!%dX7O!0P?K0=`%s`!z
z%F7$CcxOdm#pD$~KU-;KR^XSCMXOdNom@3AFuwTXq?cA7=^L|VP$02*P~fRMBRh=i
z@cx=?j@2U_vIDDc*Ib*;_1K4N>vycV&RX~4x<A&v)^TvaUD9&n?;Bt1^kt`<O+$D+
z|EbfEfUS5)p!}U7f#r9)cm89uZA*nMk8K$mQ10wiPAi)uo>yK_UQ}LEUREwDmz2xO
z73HdOO?g#$O?h2;LwQrVuDqq(P;M%3D*@$Q<vrz=a$6}@?kE#fMb%VYwW}fOBWjph
zUUjICsuk78)F;%Z)NnOIjZ&+qv1$#qmTIbX)Ou<IwV~QrZK5_)pH^F_t<=_PqS{VP
zQah-f)MT}*nyRL&-PN9IFSU=_PaU9Use{zP>JW99I$Ry8=BfE=fjUktR41t%P})p&
zwmMH;q%KjHt3Rr1)u*)$YLvEB-LCFbEp@NDPd%s}RgbHu)YIx&^*Qxl>MQEY>LvA}
zdR4umzN)^izNx;Y-c;XF-&Jp^chvXQ57m3>$Lgo*=js>gSL!$Fcj~w5_v%mTFY0gV
zAN2L1X}V_DLbOM;Fs;1i&>qz)YL978XisV3T7(v@#cI{G8d@#Q)aqz%t)A9E^J)#X
z##$4tnKsp&X13DWYVEZSS|=@88)c3#^UN9QTy=rEP+h9_()?Cm?OAo7wNhPT?X}jZ
ztJMQmmbu^BsE#x@saw>^+8}e9=2Ks>_Na5Tx!PgtfZ9eotR7JlwUg?z+G=f$wq848
z9kRA+`?USq0qvl6NIR?@(T-}zwBy<d?WA@}dtQ4%dtduN`%t^9-P7_!z8EJair>W_
zqEze^e!k87mbf8a7Xk5}xFg;dABub8WAUl@TznzE5<iP+;$Pwy@f+V#b?T4u{oRUu
zNA)rNalU=}B;VPstcUA{9-&9-QF^pqg>UZ0>Q(h>dUd^qUQ@5dw@6JrPOqca)fHXU
z`5LvZ>o&gmTSgDjL-j}WvU-?aPA{)l&<E&Q`XGI<K13g;57$TPd3rwI!X2ki&?oAX
z^{M)FeWAWse@0)Xuh3WOtM#?|dVQn5S>LK}*LUhZeYd_>-=`nY59vqrWBLjGlzv)2
zt3Ri|pueQQqF>Z6>sR$x_2>0B^y~T!{cXNo`<{MVzoWmef2iNnKjz!ApX*=fU+LfI
z-|64$Kk7f}zv#c|f6&*9X47qUTZruuTbQl9&0%}gR?+sD?Frjcws2d7Ey`BK7Hg|!
zt6{5UGi`Nj18g2!JzITS1Dn^@(ALP-*w)0>)Yi-vZ+qI-+}6U@($>nBU~6q_V@tHP
zwY9Ugw<Xy+*gD!e**e>jZCz|#Z7H@?TbeE1*3H)4HqSQSwk&*k_=@mn!&ip$LBa4f
z;cLU!g|83a5WX>dQ~2iaE#X_kw}o#H-x0nud{?+H+zQ_vz9)QdxIcVf`2O$%;RnMH
zg&z(-5`HxNSorbq6X7SrPlXqSpAJ74{#^L^@I3!$f4+Z=zra7%Kh8hiKfzz<pXi_D
zpX{IFpX#6HpYEUGpXs0FpY5OHpX;CJpYLDbU+7=tU+m|@jQ*wmW&Y*<75-=aEB&kd
ztNm;IYyIo|>-`)28~vO7oBdn-Tm9So+x<KIJN>)-KELJP?cd|y>-YQj`S<$|_z(II
z`49V#_>cOJ`H%Zg_)q#z`HTFg{b&4V{pbA8`Oo`*a{cW3#r3P}H`nj34nD<D4Poep
z&9EC~j1VK#c*H1cgc;?G@<s*2VK|LP4VO{TsAN20JZU^-R5l`vNF&OKHmVpgMyyfI
zsBY9SY8thS+J<Sw8Fh@hhTHHM^^E#P1H)@HG#VL=jV4A@qnQzJJZ&^LS{N;jRz`x+
z+Gt}W8f}esMtdX4=wNg-IvJgfWTT7G)krZ?jWi?O=w@^`dKf*845OFP+vsETHToI-
zjR8ick!1`t1{vALU?ayEVhlBg8M(%AV}vo%7-i%cqm6uHj8R~4OUD>*OfaTc6OGBn
zKy#`w&6sY?FlHLFjM>IqW1cbJSYRwP78#3;CB_A7sj<vhVLWTBG*%g_jWxzvW1X?y
z*kEilHW{0ZEyh-3o3Y*4VeB+^89u`@b{l()y@ub|XY4l)7zd3*#$n@#anv|w95+rF
zCyi4^k#X8MW1Kb48P6H#>9a_S&?D>-ArX&6ghiB(a6~*BQ8D7Nh$kYRq95D{dcdth
z-?!E1^|ls0-qxYF+j{hK+mJqPo6@gsbNaJQpdZ_|^kLh9{%e!zyEZi<ogQm@(pPOC
zdZ`^i54D5nopuO4(+;Os+B|xsEub&j3G_lcnI34T)A#Ib`kkFmpR<eUZ+01d&8`gg
zGAsL-T_5aUwnUNr%WkJ{Ss%U1?v2<-PqK&TLG~EE$DX3+*t7H+`#e3yz8rCZo?@>=
zT%(8BH|QPq2ED=t=n?ideZjs@FR=IM0rpdRfBk}fU%#Qx*YD}?^(Xpy{f$0e|7&lq
z|K4}&f9|2RF5eYv5-EFOm3^?v9$5dqx7DtEdn=WmRnzHNwR>cLzJc}c{iu!#_EP#+
zU!=0H(VrrJ4)!SeOXRQrt+&+ak^i|j)rWnh{zp%#|IwT3!@gAib5E%U|65P0vX|5&
zk!R^ORrZ;Bl>Sk#(Lbu}9rdMP|EJgK4^{SsDtkGV{hr>VpHtcE>35O8(ZlJFk^iEn
z)6r4WqLxK1k6ID+Y}CrARZ**>)<mt1S{JoGYD3h<C@s27^dr$_qr;-hMVF7R5bcO|
zMn4+uimnv>Wb{+fm7~L>jp*3u8qsESTy))NceE$EesqKACeiWHPe(V8ZV{ar-8Q;i
zbo=O}=z7ruqBEnjq6bC~iq4K69Gw$ABzkD{u;|?A;n5?aM@El|o)vu}_GIj-*rM3e
zv1ek>#-59PF7|xv^RX|)z8L#b?8~vQ#9oNK7<(!9a_p7ZtFhN&UyXe&_VrlBR87qk
zrf%A}c~Hg-F+<Hq%(7;fS<WnPRxll=(|pu)nH9}S=40mL<`d?V=2K>6Gu$-H2s6@*
zGNa8ZW{eqYRyC`c)y*1aO|zC++ceEMvyNHU9AGxpnrk`cP&3!eHw(<M=6G|0S!hl)
zCz+GYDdu!@ra9Z3YtA<pnv2b6%w^^ZbEUc3Tx+g3H=3Kxt>$)fr|C0yn|sZD<^l7N
zdBi+so-j|Dr_HnGbLR8ri{{Jb1@n@5#k^*|X1-xwH*c74n*sAZ^R{`%eBb=gyl37w
zzcjxyw>q{twmWt>b~<)Bd=AU8+p)*7*Wq{UbL@8<a2#|TavXLXaU69Va~yY^aGZ3U
zauhjEJI*-HI?g$sbDVcP?|8xSqT?mU%Z^tZ7agxUTKW=vZG3Hg?R}km$-b_>RA0KU
zyRWCOm#>enpKpLK%Qwh3*f+#C%s1RO-8a)W+c(!Y-?z}W*!PTYnQw(}rEj%wt#7?=
zqi>V1iWO^BvuaqiEYqrExh;=X&uU;bv>IDYt$3@s)zV6^+E{I^_Erb0la*|BwNkBg
ztGm_H>Sgt@`dI_4ENhT8*cxIDvxZwEtvqYAm2Zu)3aqi#IBUE$!78*SSyQd))=X=*
zHP>2XEwffwFI%gu)z(^Ty|vNWY;Co+TRSbEwc9#q9kWhYr>xV~S?f9LdFw^%qIKDN
z!+OiQX}xU)tRJkOte>r4EVtj|ujjAtZ{YX(8~PjjoA{ghoB8AYPy3tuTlic0Tlo|G
zt^IBMiT<|!cK-JMB!35gM}H@OXMeK4i@&Qs#edXF_jmJm_xJGk^k?{c`TO|$`uq9&
z`v>?l{aOBj{z3k1{}8|OtNN?<D?iHdtL<0&udZJ!{#xnR$9{eM*XYtJr7@+krBzF-
zl~ymUQChRKR%z{0vox->PHEjzcd4heUTOW(2BqH8hNX>48<#dIZCa`Z6y8@>p@AP4
z;_nwVV1pfH5Q0!Vg0cuhIh02QIN-#iaG@e9;W0dpC-5YmLS=-*Km;NYg=kbk3}R6g
z)leOWa2Q8$6vuEJCvXy{P=wPsgR?k?=Wrg+;|08km+&%P!3A8zC0xc8T*WoKir4Tu
z-oTr<j<=A<``@FHk1;5~Sd7DXOh6$fVlt*+DyCsNW?&{}VK(MqF6LoA7GNP3V+o$Y
zQY^!AtiVdF!t@fBgV~sad6<s{ScpYfj3symOR)^gu>#LxC01cI)?h8xVLdirBQ{|(
zwqPr^VLNtUCw9RH3%jugd*R1E?8gBd#33BPQ5?f@oWMz(LJ>~$-v4yoH=lu-n1$Jx
zgSnW8`B;F3ScJt`f@iQ4%di|P@GMqh6;@*n)?yvjV*@r~6E<TDwqhH$V+VF(7ksd=
z8+))9e(b}39Kb;w!eJcYz45KshV9sao!A8*EbPV}?1dluupb9-5QlIWa#=@l499T-
zCvgfzIE^zni*tAm=WkaIwB)_<R!Bf=v_T@;q8-{J2_4W8ozNM{=z^|DK`PRaj&A6V
z9_Wb-^g?g+L0|Mk|2tmJF<#CwUd}OI&M{ujF<#CwUd}OI&M{ujF<#CwUd}OI&M{uj
zF<#CwUd}OI&M{ujF<#CwUd}OI&M{ujF<#CwUd}OI&M{ujF<#CwUd}OI&M{ujF<#Cw
zUd}OI&M{ujF<#CwUd}OI&M{ujF<#CwUd}OI&M{u@LwdOn>E%A8m-~=j?n8RH59#GT
zq?h}UUhYGBxew{(KBSlXkY4UXdbtnj<sBw3_aVL9hxBqE(#w5FFZUt6+=ujXAJWTx
zNH6yxz1)ZNav##meMm3&A-%i<=jA@6m-~?3Ks&TY5;~wGI-xU?(FI+Rf>fj-9o^9b
zJ&}Q4=#4(;i+<>j0mwua24WDhF&H@*f}t3OTnxtujKnD9VKnkF1_c<4aTt#YD8xie
z!emUrR7}Hk%)m^{!fedJT+G9KEWko6!eT7JGgyjcSdJBV7Avs|tFZ=au@3980UNOy
zTd*Cw;KLs5g&+HH00(ghhj9c)aSX?C0w-|_ML2_Vcn;_BJYK+ycnPoI0xsebF5?QW
z;u>DXYj_=R;7we|TeyLncpL8^fOqj8Zs9hHaR()MA0OaD+{Hb7gpctFKE-GF9QW}B
zzQkAf8sFese1`}49zWnm{0l$fXZ(U+@f&`}A1H-V%<~x<1a#O?1|bN=BPfURr~n6?
zcoZ&F#AA3IPvA*Bg~|v=1R@cIXjDNAVo?><P#rZ;6SYtqCgM;Bb>W5w^-v!T;6+0;
zLSr;RGsNR*G)GIcLIPT&4cejuI-(OgBN<)L6{$!=I=Z1ddY~sV&<nlM2Yt~G{V@QU
z$ihGjLN*2?2SYFv!;p*N7=e)(g*=Q#KE|K`V=)fnF#&~`h)I}?DVU0Bn2s5kiCLJ9
zIhc!in2!Zmh(%b8C3pr)u?)+x0?%S4R$(>PU@g{RJvLw?HeoZiU@Nv^J9c0vcEJY=
zyRip*;m1Dg#{nF~AsogL9K|sl#|fOoDHP!}&fqN0;W?bg^LPO-;w8L{S8xFraS4}k
z1y^wmui`bljyLcouH!A-z)if3cM!n4cn`O58^yST61<NO@FDKv9zMdy_ynKgGklKw
z_yS+zD}0S_@GZW>1ALDk@FV_(pYSt&!LRrYzvB;-Lg6)9g$4l~HrP=HAqd4ID2p(Z
zLwQty15P{&7b>C>9>e2!0#D*8R7N-qL?9ATh(;B}AQn|o4b@QtHBk$-VImH7P#11^
zP!ILd0A4giBQ!=6G(|JS<7qTU3$#QlB%n3gAQ5fR4(*YI4(NzZ=!|4^L06<86=_IE
zH*`l2^h5@Fp*Q-VFZw}V9}PezvM>;Xkd48}!4M3^Fyvx5MqngHArGUGk1;5~Sd7DX
zOh6$fViG1}3Z`Njreg+XVism&4(4JW=3@aCVi6W&37)}HEW>iFz_VD1RalKRSc`R7
zj}6#}P1uYr*otk~jvd&EUD%C1*b6`QVLuMwAP(U$j^HSc;W$p<Bu=3Sr*Q^naSqSn
zJf6pkcnL4#6<okYT*75s!Bt$tt9T8s;|;ut>v#({a1(Fi9R%<$-otGa;|@yjK0d&Q
zxQl!E2p{7Ue2UNTIqu^Ne2K5{HNL^O_zn;7J$}HC_!oY{&-ewu;dlIjQYa-n*P%f`
zhYfa=K?p+e2+AT1<xn0K;D8g4!i9=>43FapJc*}J8R0Mxfk;Fl8dVU3SX4zdR7VZe
zL@m^Yi8$0jUAW;vJ=8}7G(;mbMiVqeGsNR*G)D`xL@OkqHQFE%ZP5<xk%SKDh)(E?
zWOPLeQjvyqbVGOaKu=_#7kZ-)`l28DV*oOdg@G7^Yz#&YhF~a$As53j0wa-!(a6Ub
z6ksgIVLT?F5EC&8lQ9KTF%8o(12ZuTvoQyAF%R>x5R0%FOYjVqVi}fW1)jx9tio!n
z!CI`tdThW(Y{F)2!B%X;cI?1T?1B##c4II6*oXZ%fP*-M!#IMYIELdmfs;6eBAmt<
zoW(gjhx2$IFW^PIj8||07jX%faRpcTtf2xG8U)H96lD>Hawv}qaKMR2;X*}J!ee+G
zPvA*Bg~|wrQPPxa=B8XTH|3hSDc8(Rxn^$4HFMK|9c2)LP&|UN2tzrPM+G?G#G`Pb
zA}ZlAJdP*uB%VTLgu_4tA`yk?;&`ry<GCJ==XyAv>*08=hvT^(j^}zfp6lUwu7~5f
z9**ZTWbs@R$8${_&oyy8*TnIBhAf`z;&`r$<GC)5=ejta>*9Dmtq{+(aeSa1+9L^F
zk%CmDAsyY&9X-$!8R&)H=!3rKhyECVOk`mo1|b`Rk%J)^iad-)KE|K`V=)fnF#&~`
zh)I}?DVU0Bn2s5kiCLJ9Ihc!in2!a;ilQot5)LN@Kn@Rr0RJ?G^+<&;3{#TxI{^In
zDrK36^a_+rm!-}!(p`A`VX0S86}`PyK?yMxrE57wna@J{EYp<5PmtIYrP~~q!aq4p
z*4eqVjMAx%q8wUQM!7+U4lS3LQ39!oGMsWTKMlH;GQO9hoTdDp@)~7&U*=sw{Q-&+
zMLB=4qPQtH4q<*ueHbf489$um$nhf-Win+LKO(u9^6W%Kd4n>1j-q@@IborqJn?K9
zW$hA0iKjfZjCP^?ev6{yQ5NiCJ1E=lWj!b-?_)hEcOF!fZzwMvQIv`+nXicTpiDoj
zC=)0<y`U(|D5GBD@hHEzz~fOqe@RhltYZ7FvA&dFyh?je4tkUMDEYXGa*Q(XmZH2&
zd5j+(4O?ACaet&JCgnHxsYe<3lI@|4`bJT<Qhv{mcpj6(zbMKj%Cr2u{%y){*rP4i
zlu?G4`M=n^`?#p8w*UKUKg=*ZsF-AAs90o}SX7jxXlVG9RFqF-rdU*zWNK7amXws3
zXjGU~WRzxPWLRXBm}FXLRG5@zW@uPcRG3&;q`zaFwa?!<pDRzU?)(1hzOMax>DTwH
zW3RRLp2e_d#sNcROC|*ws#LN<vQo0JqoG0y1JtHaLyeRylONYRNisRiPz91Lk|mN+
zCmX6>GNPNInk9214K?FQnSWpDS2DYw)JZl=R!Bz28mdXMLDGIo?uT;?6(L!3zM<kJ
z+u{v1Rx&n0`jM=b%#}<VWT;|q4wm^zhF)Z-I>|=KCdtGhh6;OH&i}=RN|u~)iR>p?
zf2E-sB}>K|Dym5KpJ1p2$>@oON|&5;wW0DQ^CwBal9_38Jd!n2<#;61t~HeB895%w
zNXhc+WS)}QHyA2Ka?{O*%9L!mMaGlNnQ5p($%I8RpJj6UdKp);@;#}S413>DX_C2;
zGrZm^=Si~gLqnBIrq>v%MzUOTw`BZBG7rfrN&8v3pFS~EoMc&@q2@^1U&wipjN2{q
zm(2LuP&*}C_R74A15|C3j3b%xi_}RLH_QDXnf|MxY9(7F8zrL;N&nBu{UI49nfjZd
zVkDDV<$jk8J8GyZ$u?!GX2}@SRG#PM{9C4qm)vceDn&BiWvUFxP>-o*OE!g=szS1?
zv#Dw%%fn2imdiQ{H&v))%qgZymTc;7s%**JNU4`B>ustg$?86)ie3?*JZH-|k`=M0
z8Y`K0zKkPTCplX(<04b#OXen;s#vmkh^fjXD~6h?O0xE1Q`Jhg4Kr1}WauSw9FlXc
zl=-|M`^m2^NR@1Q+Eh7`*+r%*kgR=9>Lt}mna4^w&b6l6B)Rh~Q?*JKZ!p!Q7iAvr
z$~+{qKa}}Pwn$b>Cf1s&L9*yGIo=W(_j6N4O2+S!^Cg+_rKw6KcS}}EHt#l7on+x&
zQ^md{^Z7;|CnY0Kv{YQF+%H`%l`q+HlBMb;V@|eI!YeWl$z)0SB_3*$WR_&6WNL)`
ztQE<z^79ZIBy&!+ROo6MPkz!{q-4xxmTG%d9>*q1zh%;XwWXRQ8*Z{x(HfceLV1*b
zUG9JRVV=>F>M={DOJ+%CNj6I6Naj6fsq%99dRSqp-I8_k<1y76a{Mn_DqOPUb@_ah
zWI?&qOGd4gddW)3O_JgAV_6#{<2P9<b*+3IZ<cvWhRF~1tdeZrW~rT$Wjid@DrtXh
zDbJg7|Lm3iCENB}YOLhWZ{;{7lfSc6v1FBGnWX1?*-x_Y2TMg%$m2tkoF~aL$xO-k
zpDZ;;vQ#opGWi#opJc%S`DrYYkq0f+B00N7&fi;doQLFmONRY!sa(m{R!fyi#vis+
zrDU#Tjb!+rvY%wSvQ_fia=rs>l_6OyIa@L#$X5B1V>{ZaShB8@{6rebZ24J5n<NXu
z<tMmEww`ROM#;=>wrZ7(?{2Heb&_$mij|B`u+>P(>fyFZlgu7vt1NH(<+du2oPC9@
zY9wRENI%}&$H{+KtCaIR-c}Kkb*ZwyWad@2N|lV5VyjF^&-J#-k*u07^O3BWX{-44
za(uVhYLev6EIAIzygO}G>dkv(9La?HZPg$dmm~9)jLfxF_&f6TFF8`OB~RujnY2jy
zmyFDpc}j*oYO6ZQf<md^Am^`G#*xf^QO=L#&ehVd<m|P!imsCLvR>vXIb*Y&H_6D4
zY}Fze{fVu@-j(C6mGdsyT4$>~$w^<?DrBQPzJG12D9O})wn~u9_|8^UlJXzqRIS&N
z^^#SR&5{Yf%K3Uv*888fN|K!Ym&{ADNG@PzNS50!l_Oc@aj7E7lpvSdBw5_arJ5xR
zLtV<=<o*8XQc;psl5vtVdbm`Uq>6T_T*>A*mum2~pYKvFk_i{cew*by^mnN+$rS@-
zKgs$8m&%Y#ALLSVB&#L!Bu5T*sba}S$x6wJi(G2AWWx~YPcmhw^!L6TcaqFQGJTj!
zB};CSoFo}JLi&>oxkUPt%pEQLNj6>TQWcU36Qv)?(#bBB^nvV`CdV(Cd7~V^WYRR3
zD)IU@m#UM@nk~mKnS8%X#a2tdi)8*=<o=XQl8k%IrN&CuNv2D-Juc&WbBRlpN{%gb
zscOkNPr6jSWW`f1)hZdg(xpPS%KcpGQX?gcwz^cKWZibTp!`tw+v`%HlF|EIDpIoI
zJDHbcPNN)$WX$(+|45cg)=DP)Am>SP#*Z>z$;c+@r$*MzPjcQRRkNHg$*_YmZ^_0(
zE|n^o)#_52l5Lh-g?<#E>RoOXE7=(2R+*Ab!ETi;8PnaZ3MEIL=2qpBWl?TbBRTdA
zx2l(n>f=_;lDTKPRousNyfJQ-EIH|H=|?g@)~#|R8_sd7N^g6dTeV3R^mnU-PvrOq
zx>br~<i%1aSw39qBx6UpRjp*oXsMUnDe0+|`z_h6!X(Qsb*o6p@=0zrQnDc3tqLTQ
zuXn2zk~Na$l2JFh)h5ZNo7`%rWZBJb)g&1`P5PCbGhL2<n|xhMMoQ+)aI1L9%q*Fg
zWX*kUl`mO8SNfH#xL@Wc8TWvk2g$}<=|{3*q5NdLPi1}N$^Mcm->qgywmdH9NiwIv
zty(3cmdJ5zm#-_yaLJIRvY%wtlX5=1UglO~C6iXk@kq8xu8^EvD&tC)uW>6?C;h%A
z=Rq>P+^wP{cS^=dmQ>3Ak_j7Se95Sf+^Rw{b+=npOWJ$fs!lRvugpub`FlC;&t(5!
z<o=hG?|v#o-6sFp#P&Y5F_XeoV9jaDtnIDL*fUjdPG4n)oTZGovs6ISS<1chY-L2t
zk9bQyN10V|vgG1aK+FY7We-qx^#EnH3{a{dK?Sr8QUP&^Dxg4q)l<t*rCO7e5kE`?
z$H_0ovoBQv<(Db5bc}M9j8#EZ6I5`R{3@{-la(nyBgHIBSAm`zmCMdhK`l4Se$(VR
z(KHpDn5jH7rYl$0t;&-$Q@I*uDo>OAa)^XGlq+6-^+L2fM@o<%r=KR7DZi8~@jm6Y
z=PFNDwla(6$$TGD?xOkfd~Lq`zJU44Q!Y>Ns&nP{^yMl~{Q{+07APxRo=-(StUP6l
zRA6$xoR1|cFnp;p8=g{u6-CO-DOLdu&na`#3(DPEq5@J^DOdW-(w981ihD&_8Luc;
z#;eMVT&s-IwaOj+mNFYRD0l6<${oH*xtppbKUVJYTDkpmWu||r0xG{!M#3It=j@T6
z=)FhI!9L}#Y*2Q-{Bp07Z<RZ#QQ1w6%01^tWfjWvrxiacSHw@sPX9@Minu(FS|M5e
zlQP17R%UjKjCn|&TOF3Z4l7l0Sa}MMsGx?UDqyVq=7QOVVK*8^V5EF}V7L4!bQ!J!
zw_#U%4A-VW!)^^WTrDAn869f4tK?5=XCol>1jFs=V%YWaC;CKrUU8z~E;`9DGkO^2
z&fbPue5Ta(H3A~fG6Kh*Z3O1V8fJQ&5wPie!%n@xup2Hg0!sTE?hJX(H0MIYHG6<z
zm&)^{szHXUa<E}HCmOD%A%-0{)UeWq8b)@Kp>mSs_iss7NX{8%bjhD+gjP*9Tv<~L
zBW|i;&zWjiB~xYY>4s-hhT$r@#qi|bYJ^73G_1_qjNr&Sj1%halIM!^3?nPYaOFQ}
z7@@iH952@}8WtL!!bOHleld-a@QC3m&6nq9j~Zsk6NZ)ggyAY*Y6ONnW!Ph%GOX;U
zjKG~m@*H!S5s?3^;ht11bC*A{&lz_4b27i@40rr;d9JqHFiT409K38ORcg4}N~Pvi
z!xd9z*lDjB!D+7>X44yn8TXFis@`A(S63Nk+Iw>THyHtGn+?~b_YJ#A{zPsu?2Ijj
zRj|cyr))I>Yd(}Y*2vtp8-Xo#h8^{}5m3Lwu<Ldj?%Xeo!1^!c`O|L0Y^az0_8Laf
zUL&ZaL5_L99P55L?~R7t(r8$b-y25A4@OXkJkLsMG6JH0F#;P77=hU>MquLa^4$4%
zSsT9_MtZ9eG~*B1_YWf=_b++Q`Ili;{UyhJMCL5dt!j=MLGqg?0?OnA8L2KaxZEwz
zBiv?CYM^Ns2bxxm<cuIw<p!BXX{hN+>tedI!%TPKiKe@(tLd&j$uwI|HUkqPOpm9B
z>5l9v|EoXJG(viruG(Ivk=5G_j5yCUsxL5I@%>FJv%jfkNajf9NtQ{DjW>;|czOO2
zZ(6OAr5Bn;_yAMMf9teTB#Q@1e+lyZCBd|kBxfg>MuTMTVA*f5JRg!wm*-(KE;56o
z<oQ<2#j>Ad&c&wDEZKIk8Jss<o>vVwtqRGe;ii!~!c^%a%%GalGVW*@S28BqGzybV
zwIW$=zd~-mLT;A~z0wTIA7dJAW8}H#ShMq_akB3?)5?`B9%lwePcV&w38pHUAm>X`
zrJ6=&s?0Oh3~HPx&-W&pR@l|18hN#8luK4!Z3b0Lk(^>$4U(BtO=IU&nb%a)3cXhL
zyH<`*vh`Ziinz{Hjn|om3RR}}_oDRdq{fE*>*X=;L;U}4|9b}h_YC~+8Tj8b@c;G<
z_^zFon}zZm+Pl?TN<Mie*Kfhf-WjYcJ4C6d5EW1>Z#L9*Qr6f|rLsCJbH#~rohH}U
zbNVQA<XOs<bhff*%k^|ge-#`xP}!LS<vMSmGV3o=s^KDKjvcC8De^0p6Nf1~SAM}(
z`7q_)Ex*J#WVEu!j#gH-WI?hr6RuG1tSgl(Uw$F*rX1yNdr$=w&X;S?TxEyLwQbS@
z6|mxAxt4rbu5%YkyZqUir(8vg<(hc0ToX&SNQOTmuhl=ItQ5&~$y~`I$tua}N0g^E
zUj;@#rUJ7I<axq+Wj1Y*Yt9dq8NEZfa=%b!;-AWlJE~k2%5bkR<hn+#JHt)64w7FY
zmS-AfY-b~|ReqsfNSOToCwYB7NirkM2%LSQVaA+nxEi_{?#iBqEBQ3Jwu&+Wt527G
zdmDk9&M-Wc(T2JEJR@M_`9?sDTu&y(8&-O};R?CXFe)xI0^<`5SKJ`Oh`PuK%1bnY
z3x*hG)x}0o@-V|Qc7zdFI?8aBTw(-OU21qrE;9nv6^6>X!Z3@+8SXjb4SUmg!)lg{
zpCJ8CFx(}nat)bk1SCu}0>dWBHKF_|kk{aMOGaHIzbEP%!`(DlUi+SGbj(jP49`@#
zK9*leSAMObHeG83grplPBHeJOUvH?4>kW7L4RXzRgAq`aVc5InPsB}zin+-MtdQ5|
zD{nT;mg$Deo*~zCGYq%9M(?VdWvGT(hO7QIBdGQc!w$dGu#)bS>%qH?fXsUgRd$bI
z<jgT#t@j#s`h9Xv=gRf<T*HjI-!StYG(7RS($4}z6)lkK@CAky`mhmDx6laQohR4q
zi{&+QxdyJ4tXphY_M=A7q$iEwnx~AQl;;d%_i~y4N<+oHXav=~EZ4iQNdK!1qh+<>
z$$8B%GS?a*QEwVn!<&XD>MglGen-yBJ4Rr{yGB6mMk7G3ZH?WV40r7Na((%}5iqIR
zP_wHIyQ<o-n&jW1TZ|5qwi>S5t%gzep=6C=RDEoirFC*2?=pf@_ZTXDk71_nm3i(p
z?2>(k5&eyvuWyXNISqyx`<?vx(J<|1IX}&YIrgC8*?G_~H~lWh)@qn_e;P(%n_)M~
zpZLGzdBYLIm2lKBHXW7wLEayzkPjBe$?N~|9@DJoB(H0CGR?@7Ocf>9sIz;RYEBQ+
z4DW5Kh~B1I*w0i&{Y*3Td{c#;Z<+;iJ-I2t>`*h<45+=x46Gg^*SkaIdTyv0T$E&*
z>QXas#^q+f&MV|PP=3ATjPa(cWxT0ECYbhEx$euB>%P3JOjqti(<r&dv_mGFcKT$~
z-7?v9HBT{(`l&KjhFphEGu;uln1P|w<$Cy5QzhJLdJ<-sDshHsre>LD`fM|><u21q
znk(1T*`~R3o?Ji9Gwt{s(@M{gc|L3ghc1>mFE&qHvD7qcpEZN#tdMKl6{fv=g=u+S
zkZaQyOn1HfnY7Y0Dp$(CUo<`HCAt25*>vZWnr_c4raM#qG|8X5)l&DW>8>b~>*+P7
z-Ll3EY<*p>nO`>pJ#UzHhWy#I*0kf^G+mh$rZGd_e<*v)bmzY<*URfnGk?8l7QJf*
zXTE0!)o+pcePp^)J~qvaS~;FiO;6Z%GbnV2oYOB%SK}@@2YXFV=r?jdG@9nvX4BQ&
zY??W3rd8M`{kEBQtNc6aFVj8eh`f(+)U=`vOJ&Hf%`24LDN8!bwA5_V3MjU$z+#tW
zwgy-Mk%3m=q#(;(*+E_#?_>qnooJagr&xiTPP2ky`&ufguN9Qj-%^PKtPbfz<aP0(
zmTUIKmR)tRWi?%F1w~(CdBQHWg0oZPwfYpxU2}yMkUBwLr=MWiQK|C&L#k!hNY+ZG
zUS-+!S6LxpS6l8)S6cxI*H}i;HJ05xS$?kn6wAn;B0q(Giseq8Ds#TpQWe))W@Wm(
zH<4}`dDmM3MK{X(1{s!Fe4AzF+-{kkyR1%mcU$iKd#r%4`z#}FuFP|;Wo1e>&b7i?
z=UJY-`Iga^YkBhXWDa?jnYh?85+AW#Y5A7Xk}vO@JZ1%sEwJ4763f&2gk>i#mHn4m
z!BvHpsxGtwW1g}C%b&K4$RaCb(leHkxy-WimdSU!XRVNyXDwwH%eci>K<;yLE>~EA
z@h@6tV~ORel3#}%y2^5e%6lpDeu}wbwT!jeauvR68I7-6LFzTjNO{e&Hoaz<scWr}
z_zKHaS78Ozzb)tZZOfj$PTt#CXW0>zmXT3u*`D>5F?PKbn6beMN_to3u~E*|M#~fP
zf#urtfxItNZ3U&)SZ4V)%WBwW8Jj+}RMd8vcb%o;>nuCF&a$fH-_3PaNXBRK^R7R$
z+|{33Ax%5vT<nx{|AplqyUPlx*=3otcUwmFZYwx)j}=n5N4|A`Z3RcyTV`m3WhVY$
z1y}xLd1m}<**U*hAt~}+%cKKV$j$>+VC8ReKebvNv*rDh+&`@lyG`cMW_4I`)G`Y#
zTRwenyNhhwDzj}>EuXm$b=g*eeDJ=^ZFgu1uw5A*+ei<z&9V-*S>MGDo^+CJ6rE(N
z%9CxQ@nqXBl=o4Jy4miC2-{5UWxMB`YFqiI+N$tW+ueMctvpe-of2hRb0kB0+p4XP
z9ki*hyq6GTcg*W2?{&zpoK8C1c16Y7LG|a@X7q*fzQq8$OLc<GWsuBekR24BB=0SZ
zu#Ngl?BKT1ww;@72bWxG+i{oKuJp_8ppYwUvqgSg_s$9O-p5t8z56QL@=TQ13n$s0
z_$e~>6x&^#ChupY*`Cs=^1j4%wr7RBA5(t4jCrfAR?M<Jt@8d$?d^6@;vCyZzE9>k
z*Y-4I+d-2auw4}o$Za{ct4!X5smZZ}Ql7P4ImNb-CGVx=y=Z%qU$Q%etdjRxR@t7M
zm*xGHmu*j3sU1{aW~<OOwkPv7J1BOo?J9gz&heX4|CSxx`nJ5$Q7QXZ+D62BJ1G7g
z`9TL8<h`5?w$ZRb&c{aENZDwg5c8fL6tTrtySLdvsXJ|zzS9m$*kyOl{>nCT<h_^t
zukGOMdfUp`Ya7jbZBN!d+o;@Udm_KFje>7%k7}^3s0Q0eZLnRHlJ<VvHFm#k%$BT{
zjQ!TOW`AoNo4&P!%fGW-d5yNU>3iE1@q^U-V7r=susw5rwB-lW*{+l(x$m27SA%5a
zPjWtfk}-a^gJXWNjnZG_$2BzDMq;z=@*J>@xC7GHueMPm@AuUHYP;eO+D7I<Su2te
zE@jF8X|WA?4Isdf{|_TC-^-=vvCX*qN@dLMVT6YCJof)+y#KYuzTv=8?<SY4zAdR^
z=rZFO)7$3VjJs2kkL?xk^i}docc^#Yzw7UB>ihh|`or>S_dn@>%YUkmlev56l(X{J
zW5*|N>H4<Rj%nWGd)z9pm$;sAFAXU4JQ?^@(9^+1$4<fD9LLoEG|u1D%ex={=s1jj
zSieo4ar~3>^xQwJpZO2#hy26(&i}A}uRPlPljB|U59{y$hxPI<^*@?VuYXuC-(mhy
z|L^|8`bYm^{nUS0f6hOwm#ejZbiCW-Rnvd69-jM8_0Ho&&CRXH9w(AyGRL-d9w&6w
zv8Z~_`#%!peV28zvSq8k`dIw8GkTw|{`c;IzJIjych+@sM1Qm8MszxMYpctbvEKjb
zDBBGAe~tf7whX7gVZQx~b*dh^KY4-KyOn6Cg!vpE>B|g#dv-^k)AW3b^?a(eL*2R`
zJ@0t!V%=V?>znm_%5;0UcC)U_4fXZYs>dtQIkJ=Q_ClTUx-M0Z*R1=mw|sStx-L;W
zU*}G}-|^0+r-$$UYt{E-=xIJz_41|s43lHK&N$VVC3@W)uRrJZ1o{7Z-p%>Gn|jW%
z{j-nV_;0r->f3pL=Q_uy*JaxizC9C{Iz9N(+0R+O$E%Ch=Ogw7-+oCtGjuw=&d_$|
zecyTh^LFZH>;6`}?z^Qz=Wd-&9s8>a|NH)`b$^xRzCCMow&*-we_c-g`~Jf9`f7Z`
zw`ZG9d7syB<NR(!f6jS$S>NuQZ|C;)`gZ63aylQW$3Ncv;_N^86yN-vex3cD#{uVY
zM&9c^*2Mcix1DjE{-X8QO`-h1TJKh>vsR~5$McaG;eURedFSfeIq!TuPWI`(aSC)+
z=seyyD>05!m#F(Y-g#7C$Q7$>Zk;FTJV9rOPG{cA_jR7lc{`84#~nvcC|f^{<;rV*
z-px5*dD_nH<=W1;L-n|hBb<5Y{+!!;p6-9X^{}c?*E!!uW*_JKNn(KS@i0%f=j$xc
zS)sF9XN}HUos-gi->0f|I`b;i^Kv}UXBDf*b8i1!-|o!2O1IbP{&wozty5j^8!uF6
zn9gvW<vJs8&~>`wF1?SPr~fkkgZg%7{6vrMe8lMeV|B*qOx2m8GgIdboh3K=#tqBx
zAAiGf#vgQsZ(h#$ReJnLy?>O>Xr0MAC+SSnnXWTiXOm9nJkQhP@cg%8{KP=t@#o&`
zn}43pe4W)g>vcBhY}Bcy`S#1y>5PAV^xvQVm-X%cI(|KVjJy`=-C}jd=}gs`p)*tG
z44rv8TXj0)e}A0uC-?C`|A|4q<1d)y8^2Izk<KcewL0r`?$p_$Gwn9t{?7PM>v4Gg
zJDur2ew7}-?oQwSJ9X~XDKB;&J1?O+!*qu0jMG`H(;0uX9*5(<i}4eKeaBySuO46L
zZk_5rJ-*H`o#8qQ=la_1Y+ZM3wn`m6&iMDm;Q00U>G%8g&(N8vGhb)1&J{XKbjHr}
z?N_AJIsVOh93FpCKmYL)Lwv_yqW3S=S*Ej2XM@g0olQDDIll3;bUNcN)Z=jcqZq$R
zkKg=|ub&p3tvVy-`)-fX8LKl+XNt~BozD0J&+;87$6u>&*LRaj?BF~8s)fFBHtDR^
z*`%{gr^@ry**dcp`CPBl8UOHc#-Dk%|M{=d<2UL3n{~G6443yhyj!%+7@e^?vvoG<
zbjDw!$Kmn!iS-{pQ9qw()%&;URFC+^jnWyXGhSzc&Sst7&y{&MXZ)M=I2^x0-|p09
z>g#)6A7<!zwRgQy@65l4?@4Y*PhZCBJT@u$%efA5#@&PG8%|xUex8(|_fPq6_7{Kd
zvGbbk^y6f<?k`LCll$N7@6qG*SF8Ig)%{fcH~VWiPJfa5`Co(Xr&VV}r1PSI??`z5
z;*ayZXNK-?><Zuh89Lj&KaSI1mF_Q3_f!1e?C-p|zrR01JNv%gbE|#xE7Dn|)4AVx
zym`mzZ?^8w`?(hH=KWlYck_Pk#k)0Yhs)<%yj!$RXB`Hf@0+LNeZFy2hVJ*+PV!f+
zc2l$N$NP$!Y~IhycsFO9bbWh{PN&~9eB=C=expy&=L6U4-p}9sd%w>7L*?^0-p%Rv
z(&O}-eVl&1pXc#z&U~GIGvxC<-p%QE`f>W*sr&VQ?#H`%KlkI^yq^d1ZtQoqZg=`!
ze4Kt`yZFw7{I}C%{p6ayOjo{Szp<9@cBkL6<Mdmr`*oi8IP0paqi_G6I-Tc3#|D?b
zD)fHd&vAM;@8^`fTYZQxo&KEtoOyh%=P?7%n>-iz)|qqrvCibLc>VfTOiy3Gu{w8;
z@Y(x$Chz9`e3N&}*0($3J+J$9{Fu)wTK9WwC;7{9^gQ45Q71>r=bpUVSe<D)kKHJL
zh05oW{(Z}r&nNx+7FO)<Ir1Lczi)M`{hcMBU;6j0MLx&$?^~vPp6TzlloNgHW2}6B
z$Gg?%`7+G=PJwL6I+Nsc8{W<PxgYQ5oR`x6$Iib>)UO}D__OaktkU_4&N7{^>s+hz
zEuED*H|X4`bF)t0YLWX(kLUQ<Wd7~1YF+Prf!KR<d-Wfp{~F!D@2l?LI@bUE82z_b
zzYYEG)cybcy`fYc`fsm(2l{VnXa0N9e|z;!=)YC>@4G7cujl7C^xs~+@r!T0{OkUV
z_pPUY8AAl?dguOC?bLTg|F*6_-uxrce|z<P(SJxg{hyEi+pAAR|6%PM?<MHJz4~$J
zKfIm(r=b7#>TgE>5$*J!h5p;CpNsw@+v$G+`fsnk0R2bl{*U+dyA1ueSN{_FkJJ4h
zZ+*Uw{@bg62mL3sbAGDPe|z=Y(SKq)=Vv$iZ?FDa^q->pKi=c>0rcNq{R}+5?9}g5
z74`6azl-SU%lu>SI37Lf<iF~4dvv6)E>`bftg~8Ys!ooF;r~Tv94G(PfPXmOhs%BE
zB^%9ZMt9%$_ewp#kY2udvMxp6o^|Tqw>$NDXx|NcKac9&oO%6$d1bWt9`9%Bd_d<@
zI$zUSt8<sm2Av0Vw&{#K<m)e9XNt}nbY|&v=AWXkQ|jb%tKQ9{uWKT7Cg^mocf6ll
z^={7bOuNwkdCe8t&h^i+V)@Ilb3N$frsIs`?B`^op66`&T&;I2lF!L{H}B_Vy&LE0
z{rs$VbLKhkc=OWl1E<U9biG?$rZ1yz`TKsopTqTTPQT9{r{5CYZ|VKM`d0Z|t#@;d
z*Za9#?^dSUy`R_hZce{F2l$^?kI$-5_j|0^`<H&dn&YI&=X<@I_jA79ZMS^x*SmQ?
z|LfhHaRwZxUuPWWesa>8KhO8EPXFz%LOrh*`CPDf+bN#|_HN$K341s1=Y+kRv#y$S
zyECr`^t_yPbEFm5MaTC3zkg+o^Ia!7kAwE%|6HGk`oMPTSLk}@I;<z^OLco!Jtcd*
zZ$77K_eOoh1Yi5{zHgq5`u}^RzJJB&{hjZN{ZXHQcJ7~u`XpWN9N$QIIO^G73dT!8
zeHz-i|9I4A==zQ<)SirbmKE#$o%5T4`YPS-tQYP-6ZLGb!Tz&R-=N!_^U3|QQQxTR
zo%@sZ3sB$OPXCXfzD3vj{<n|39+2u=f4;w!dKC59y4{&iuC{YLFQA_D%}0G{JN1Pa
zZv*N}(9ZETqP|SmJL{)W+xMuT)MnJPzsRe6XT~}H8q~+?c4vKY|81yG)b+<(Z@W;>
z{*v|n&iUVu`mtzF)pq9Ji24lOuK!z&s+;IL-Z6UMUr?WUjj#Q9^ZyO?vvs{QUmnk4
z)U$n#-rqUD)*t`*@w`aa`@X9v72HmJ4dxe)`a0e2;l#9ip`K+e=)Vu@+jP5geB3_{
z^=uEB?7Kgl`6aefpRDVh`(t=J^<#Ct@6|1(E^nuPj;?psTY5Y7d6-XTJM{&q&q95X
zZjaO_Dq@Q7{5a?LUeqV(_8^{E?T1jGuIruim!a*PpGQ&8Zu7B!VLSDOy59F}MX6%c
zho<?Cua_REK->BHT#5Qp-R?Xda(=I(p6v~Kf9LCKJ?g`z`sU+Yzj6QfQ9oAK2kXLY
zZC@`+ZAE>xZa?1qx1pZnt80BdJL_{V>O*zAbN_Px?@`b8FulKX{+m%BquZV1<Nm*+
zJ_YklMgQv0|NMA31N(PIeYS4zq9;<L?R-6)f_lz3;yVBHc}_d^F{mGj`UKtXoIj3t
z1?t&868)#5K2^7O;Evj9sL#{&&h<ixwzK|kLj6vR&tYbvp6&H|f9LW1-gfFE)BVr?
zqo|M7?at#L$6JbewkM+hW$o0bpuPn4X}W!m{sK$6**E_X?Nz8Ro8@bF9v?Wr)u`XC
z>rd5%>9_gzcaFat^*Orzc<XH)>hpEI^LWqsyo-9aufTX)+o`YA_0Ia+j`|ke?mS+#
z!p{3mPP@wTosXOJ1K^5#eU8=>b>5G1>KpF!wO^>)tLOUceAdc&-^!_v&i1vRs&6RE
z@p-%6-+AB5sUNw}*X}&t@O(M%n>qC}bp17Y{tX4b{rl)0cjEl8znCX{^-h0Zw^JXd
z>z(fx-=aQAx3AX&#Xsrmf4X)f>N%g1BLDduXs5mm^@mYkq1&DH!tty&|L+%dy52cH
z)(4}W?Ypsm*LLcgbiMQS)}x(z`x)Q)agN7%Kh(MZ5_J2mdSb21eDy=MW6;0nIbZwn
zzJAX}J&!j+@9&I15cN^I-8nw)KN9t9kJbA-_s95l>Ju^EjqTK@V*Yd5sZT@y&im5N
z@z2)nb^1W6SNP8F9PRtt>A$4JSMMC}L#VIN?auvGqwS2Jk9wZZI$iJF9|i5yH(|UY
z)Q7#~o3GO!$6JB=NL_!iE{s{_+u!j@)U&^&QvdT))=vFcUGL1#`F{h>`O4Jor#l0^
z;_Lrp?Mn1tt=paNpU!ShR-@jz-N~JLf9L-F2=$F<clLAA`Tr2k{F`;X^LP-l+Bbh^
zeQZPjak{;`?yyArOzk?<JL5Xp`l|o=-_=gNr_5LHoUa3@kJjzZ@i^l+`8(=k+NoE6
z`9GdJ{Wuw`_jlGq$9C#R>U!t?I=P+tRLrk$JN0R(zo4D^49sU}JN2{C|7GpeXQMu?
zo%&qVPiv<>AN6;jzEHOx@A>Q;)I0a9leKz(=l*)2o%(vzKaBcj-Tt5+z<%Agp5wLi
zQ18sc$xY?{Uyo0=Q{SZPov(-G?bNrR-ueGf&i-w>-FbfI%*)AF(SO(*zWJV@3npnh
z{k?|zblslpbclQd^#yBv{U7i8wgUB)y51Qd-K%#|&-N<4zq1}{P+zOtkN14)6V$iq
z`Umtt_FKN=>974M>MP&&wO`JOX@7=#mbI?)?e9EZ?MHoRrLWyNKJMRy`tWw@e?@(y
zu6I6GI_DkVc+TtLEvOHB_dn0)2<ju+sSiBj|9Bpy>z(zPsqLJf5Y+R0<mh^5J%zPX
zpNIO0cIpdsy>ov=wNt+W^N&S+rEYhgUp8Sr@u+Xn?LG8?XKwV}AI|X(M17WSKVR36
ze9u?!d_4?CeX(wzrRy^``|3w(4?(@Y`Cn1;f&Y9)wNqcF>z(sCzMc9i^gkK()#&eE
z6Vw05Kz%LxWBu)@uhaF;^$zRjpuVA<`Q)I!N!L5;o&7IDeQP`Y7oc8M`|cm-`jP!V
zgZeOC@7zDEUx|9QM_~U_)W_&{=k@bU)W3#$_CE*pZ?#jOr|X^juL||0y8U>smwtfy
zdR^~){c(ODqrL(2W&L*4H|cuk`k(b*qTaK`cmE!5{WPGS{e|iMo%_3~o%$$U?;QVu
zcIso${~xGNK!2Ry5!ACiQSa}(o*Z!0|N9H;voW8J?bPR^zFRx>#k$_PKYF3Q0{wA*
zQK+xd_0I9JzBlUGUa$9e?yvr+Z$vxyAAtI%cIpSAzFF5FZ#_HX)erN%1K8H=yRvmY
zR}yi+XXo=F&f~_gt;g1Vw&Q`?wYndtU&qe>>vGa*clu4y<9L4cjTh76%W9qJhkPEZ
zkI&ivYB&wffTzP*aMz>$_w>EGJ*I>23=T(q4x9%+3O@xu3zxvJ!fWA5*f}pw?$PZ(
z>O81Zev99+l5RTt>P*ymrOwGZZ_;^(&V@Rk(dq2(^jE5HU#IhZouBF4r}KbLm*JaF
zsLozG&(b+S=SZF7b!O_kN2mNq*JH<(r*nzUVx8qW*Xw*=XRXe?I)Bjlr_NCMk)Ph}
z6rHE(?5pzvoryZf>rB^qr_TFyKCCle=Te>CA1&(L-q2a4^Anw4>1@)eEMNTzI?vP@
zuk#|EqjZkbnWi&S=bbv`$73EFf1%FDbS~HViq5xmZqWIG&QEmi(78wFw>l5$JfhPr
zKO)e(h3Y&-XD^*+=^UW*Qk_$D-lj8K=Oa4hM<E{TcazQ<ouBKh*C{_<@L1g;oq;Z&
zJL^1EXROZtI+Jvc(>X=wO*-$?`H;@XbiSx_wayBiAL!h!vtH*<IuGl#-THj#?56V!
zov}KH>%3a$ES-1hT%>cU&X;v=(79FTXF8q!zt;X%=N~#l0(|p2N$06L&(wLY&H*|{
z=)6p4s?H3Zcj$ajXMxTVo$GXN(fPT~2A$11|J3RB==tgFp|iivB%Kp<X6n30=K`Hi
z>s+q0RObgecj^2_XOqrDI*;fK2-NFLXE&YE@Br;Ab>5_NhR*pqAJ@4|=gT_Z)>*Cd
zGo5>N{-X1+P9w-SuTDC<>WtKRrq1(l`ylO6I>+ct(|ME5J9IvvbCJ%caJy6I>{p`O
z%XGe{bGy!ObRN=a2K$a9SZA2d?mGME?5}f}&M`W#(|McDc{-oaxl-pFI=ATDt@Br%
zo)F(Wdg<(|bEwX1bl#%#PP9AqdHVJjbgtLAUFWd}G5PCDZRh#KK5gguSAL6cK2Ccx
z>i^Vsu2(%BeD#h)wVnM>(sr)5d!W4!yz4Lj@tx}}r@vU#pARR%7sJl=ku#qWXx|X#
zd%ot3cL~~^^XO#80N-`r|Mbk#=b?U}?|iiB3>oBe=n!ABE>Yj^q|@%yJGW=*y6U06
ze)5L<(((US>5T7;>zLUx!Z&`@NMDwW^5xjk{&sGkl>GO%JMI77EILj<^~bs0>9_GX
z?Xxfa`*{^y=DR)Za$h>f>)bC+zqPvE@&8|rpZC9G=lGqkcjvhOr{@2jhrj>&`JcKT
z{-+)HhaG*_E6)G_`WW5@*TFmBUE00%1;$rsuZO>ZzlFbto3w}P{tv=`z(yzE@j3M#
zxD(tJ?hZ%6ec^NA3*kg~1bi7h4xR*G2j2|OglEHZ;fLTwZ~^=@{5<>;Tn4`hzXNZE
zYvAqhE_g582>$~A2LA=yq5kVB7(M|$8IFX{fX{-@hZEq7;Y;8v;8b`Dd;@$7oCV(l
zKL9U)^WmlNGWZ3!6n-6k8-7>&KK*!6jrLFA&*87&2KYz#SNJfjI{UAm0JtN3A{+sq
z2A>I^1INP`!NcK8;j!@5@U`$w@C^7)_&)eSI1hdtehPjLE`eW#*TU=JP4I{Cr|=hW
zJ^UT~GkgecgRK+%*HaMO84ibg!oA^sa2z}k9tw|wQ{V~kWcYeG6TS_;8@?aTg&%>R
zfS-X^z%RqE!EeD;@CWe6@MrLD_#5~K_yF7rABEjr{MS<lI1D}oJ{9f*$HM*L!SFCR
z86E>qgr~w8@U8G2@V#&jybyj2eiAN*UxZh~Z@`uCd+=6m=lk6@wC{w!hQEb>f?MD}
zVKdBs{RF@r;S=Eq_%!%T_#8MMz6c%;UkZ<bC&E+V4ER>~4)|U;2VMw21{cE5!Ykod
z;Bt5!yiwa(KU>gV3-5sU!297Q_#pfTtWLywf;++|!V&Ok@R{&Aa6EhwJRDAj$G{We
zsc;5-D|`ohFPsA}gdc;Sgp1*o@GEdRybj(7SHqvcpTl3l4e*cf0k{=D3cI`dudfbp
z7<>wRD%=N-h5N&U;bCwxJO-W!PlYq!Tj4w4d*K{-A^aFz2tNz2gkOQn;dSsvcne$$
z?|}Ef`{5?|Ap8exoaDcLJa8wtE8HE9g8Rbf!13@!@NoE2cr1K1d@XzvJOjQ1z8B7c
z7s8LhPii~gkBZU$BD@-Y1FnSM({}pb3U5RG4tNi|A8vvV!maR8*d6Y_zB<5R@G0=A
za344p?hg-!li<<tm2fIN1-=2k1<r!+fggYu!1?e}_!)Qw{4)F+{1#jVe*k|Be+KV{
zzkz>%55TSPQP_Pl))U+X?gsaQqv5mR^Wg;eV)zpHa(Fy^4V(^7gJ;2a!P)S9crm;L
zej0urehDsv--O?RH^VjXc6b+D4}S;$3?G8qV5^(|dJ2L&!{KmGxHsGnj)MolL*S9{
z<?wiT5_}zeGdvTX4bO!if)~LB@YC?~@JnzR{3iSkyczxw{uKTKu7|&ae})giZLoC;
z))O2Gp9J@SPlsdR^WXvS5O^ef89WZ21YZZ=49|pT!*k(>;5_(o_$l}~xCDL`UJI{>
zH^CpmpTb|j_3(G_&+s9*4Yne%p5V@KINTHN4fliN;DPW^coduhPk<-G*Tb3cZSdW2
zHas6*3@?F;;N|ctcnw?uzXNZEYvAqhE_g582>%Qpg4<xLJJu8284ibgz^B78@Okh6
zcnCaF+j%~7DcZ-vSHsuBH^DRDJK_7_2jM*Uari0tIk*IV6<!Okhd03=!k@xl!1eHV
z@XzoexDB>?U_HT|;c&Po+#Bu($H4>Pq3|d;1)cy;hOdV+;oIQ5;rroS_!0OC_!)Qw
z{4)F+{1#jVe*k|Be+KV{zkz>%55TSPQElhz-QClFJ#~P?w4M5HXzv9_!)L=6z=Pl<
zcr<(^d=;Dq-w02KZ-?i=^WX(=KD-oO2EPE8!mq<`!&UGH@W=3H@NW1U_y_m^+zKCs
z-H}*Na2R|Fd@9@rj)nWfgW+LtGCT&J2v3DG;9KE4;Cta5cp>~4{3KiqzX-2}-+(LO
z_u#GYHh3reHT*676Wjv-37ftA*H0iE3ZDe`fKP{G;Pc=C@DO+;d^tQGz6MT*r@^z}
zyWnhiKD-!S0vEx{;Z^V&xB}h)zYl)|*TG-H`{3{4X83pb2<$r5e?5i3UEpqTFE|=L
z8@>P@1Si3x;Va-&cnW+2d<&cf-vd7YFM#vmrSLNN1-KM`9ex{r7p{gsfj@`8f*ar;
z;a}myusY3u{RF@r;S=Eq_%!%T_#8MMz6c%;UkZ<fuZFLMZ-QsQcf$9<55jry<M31P
zb8rd#D!dk64{w4$gg=G9fa~G!;Gf|`a2sqz`LCxSxHB9M_k?@H{opuwAUqTv1*gCh
z;K}gya3*{kd^bE7eh6L!7r;-$&%-alW$>HudUzB3A^a))1zZn*2mcJWz<<K#>Hg~}
z5DtY;f_uQH!!huA@BnxSJQBVf9uHpwr^D0WS@2zOHas6*3@?F;;OF2H_*Hl<ydK^J
ze+YjHe*u3De+&Nvx4?hGW^b$~I27&*cZZ|kzVNy5g>WJ~0=^6$2Ty{pgKvg!h3|mx
zg>&GA@MG|ka54NM{0dwSuY)(jTi{xF2fPPvfPaL4g%88(4FB~M0C$8>gd^b7;4|TK
z;CT2VcsM*7z7oC)PJ?fRr^C0ybKrUK0yrOD3NM3SfJ@=m;kV%`_yhQ3_%nDn{0;mA
zd;o5RkHYR~|Mk^D+j+gRGup%9o^Wrt9~=h{gonbT;1qZQd<~oqPlIQ{cfr~4e0VXu
z1TKP?!>iyma0R>pejok_u7kgX_rc%8&G7H=5!ltoe?5i3UEpqTFE|=L8@>P@1Si3x
z;Va>*;57I~cshJLJO`c!KMX$#7sAiNE8$n*a(ErQ5#9oS0)GyF1vkJy!oR|YVRfee
z`U!wL!Y9HJ@M-Xw@HudQcrZK+PKL+86XB_F27D`g2YfG_122RhgP(+p;TPf6@EdR?
z{2sg&-Ujc4zlOhse}Y@!KVh@4|9T39L*cG)cQ^{}3!e*L2q(fL;LG4~@Fe&;_-1$}
zJR6=1KLjs=3*e{W=i!&&GWbpS9e6Wb18;|S!F%CG_!sy$_%GOw@n28D@CoqAa3p*N
zd=`8@oB&@8UjknNr@~X<8{k{uEchPy0eAtN4=;t6!7sq2@ayo~@Vjs|{0aOy{1w~)
z{|NsIABK;>u73XODFp5UcY}Mu(ePRD`EUY!F?<Pp1)K^`fp36sfp3HFhVO@S;YZ*n
z;Ah|!@XPRP@LO;d`~mzi{29C({s#U5J^;7Ef5G-yzV+lhe+$-jejd*WXg?Y4k?<LC
zKR6B^2oHrv!71<rcrtuFoC(i@?}D@8`S4<R30wp(hgZR`!fWC6@Fw^}_*3``_-puE
z_$Rmp{u4IO_J4c|ghSzz;2v-k+!sC<z7S4?N5GfC<KRi~b@0vbOn5dt7k&s{1Q)<h
z!_UJn!DaB9@H_B(@K$&myc7N!{ucfTJ_!E-8?pZD$pd$SyTaY!D7Y_tuD0`d7?1Xg
z;NkG4@L2e2_*(cTcm{kYd>{NEoCiM+KLtMrm%y*WYqg#8wI1!8;1A(X;V<BN_&fM#
z_z>I%Tj%(%ryy--{+-bt4)=t6!~NhmcmO;E9tmF#kB6^;)8T3GEch-s8=em@hL^xa
z@N#$+yauj-H^A@1AHj9-m+(Gq=l=d4?alD-@DbQ`uK#)pfxE!n;9hVvd^UW6wln`h
zXitJi!&kyr!D;Y~@O1cgcn&-dei(ifE`*<jSHiEr<?uRqBfJH!g?GSv;QeqDd=UNv
zHqP^3KOVRf+!gK)N5OsJbKwi&M0f;z89WZ21YZZ=49|pT!*k(>;6-o&{51SL{1RLS
zzX`tsZ-#5&?eH#mFZ><+GkgecgRMCK^%MkmhQr~WaBsLD90w1Chr*-a6nFxB4V(^7
zgJ;2a!P)S9crm;LE`pcCtKc<o1-t=%AN~lggTI9L!QaEp@bB;u*mb`DdJ2KNz}?_T
z_zd_g_<T44z8Jm)z5-5#r@%MBx4>EOJ@5nY0yrOD3NM3S(00DRuR{A8xB}h)zYl)|
z*TG-H`{3{4X83pb2<*B5>j~}xcY}Mu(eT;u1@Is^2_6k!0jI)K;2Ypu;4Jta_yKqU
zoDVOBm%%T<rSR+U+wi;E&U*X+?H|LR!Mova;2+=va4UQicK7#RPaWVe_!Rh5xDOl)
z_lF0=!{B6i3_KB@3TME#!gs*;!a49l_%ZlNxEOvBUJbtiSHkbXTj6c+4tNi|A8vvV
z!hgU<y#M;~z@6Z(aCbNg?hBs_UkE3{BjC&6vGCRKweU^wbT|vX2fiQ9g&%>RfS-X^
zz%RqE!EeD;@CWe6@MrLD_#5~K_yF7rABEi)`me7Ja2R|Fd@9@rj)nWfgW+LtGCT&J
z2v3DG;9KE4;Cta5cp>~4{3KiqzX-2}-+(LO_u#GYHh3reHT*676Wjv-37Z4_*H0iE
z3ZDe`(00CmpN{qz_&j(3JOmyIUk;CluYuFyY49xgE;t*W4=;w7z(w$Kcon<`u7Eed
z@53L#b?}$)KKOgM8U7tU0=owKucr_=6g~;=0iO=Xz~{jO;34ox_;PqWd<~oqPlIQ{
zcfr~4e0VWj06z^s55EML!EeCp;3{}CTmx^1cfot%M)()_H@FS968zU!5ZoCKhkL@k
z;eK!&JP;lVkAhR+3Gie%9i9fygztp!gCB(R;K$)7;bQnjcs2Y6TnWDiZ-uwPJK;U>
zez*xf2>$^agZ$T%2kr!Sg}cL1a9{Xb_(C`l9syqlkA<&>uZ3@dXTW#D_rVXsdGO=#
zQ}A<e3H&Pj23!fh2XBS9!8_rv;cwxe;1>8#*c|M?o&w=e_$0Uod^#Khp9c?shrlD@
z%i;0xHE=pS4W0$hhUdZ$!HeJm_-Xig_$9aueiMEN-VE2k+u>bsJ^UT~GkgecgRP7F
z*HaMO84ibg!oA^sa2z}k9tw|wQ{V~kWcYeG6P^j*3Ev0jzzgBW;3wf?_(ga%Tn?{;
zH^N)sT6hP%2i^}i!3W_#U?b6gJ$c|xa96lH90m7<&xJ396X6l?W$-w75_}zeGdvTX
z4bO!if)~LB@YC?~@JnzR{3iSkycw>6x5K;Oy>KJ^3;Y}W7i<slUr)jC3Gm5qBzy*Z
z7JNRO0ACDW0$%~A!c*WI;9KA<_#XHHcmbRbFNK%EFTkbn>+sv~yKpu93H&+y72E*-
z2>%KnhSgC2^%DShginMc;M3qU;d9`4_#${Xd?`E@z8bz3z6qWI-wEFbKM3c+kHb&F
z&%q_|tMFQQJ-iA25dIYY0<MR@gMWq(!ELa0vHyAsf;+?Ea8I~5+z*a}2f{<)QE&=8
z0iFzB4`;%+!FR*=!@2My@DuPe@Cx{4_%-+~xC;IN{uurY-VJ{P{{SC=Tj8UyJIQ}N
zb%4X*Q{YqKK5#7DA07-3gOlMga4I|nz5%`k&VuiOAAob=N8l&mXW$j^DtHZC0dIic
zhd+Yr;4k5Q@b_>t{5yOEb`A4iPa$v@xEtIHj)u>MFMtQZN$_a+O86=`4Zabc4&M&X
zf#<;w!;iv+@U!qr_!YPuUI%Z4x4^aV4tNi|AN~>k6+R5B;r{C<0PYB%2uHxD!Dqtf
z!13@!@Gv+TzEazHzwj!wr@=SE)8X6UIq*FAVfazF5PlY33BLlD!|ULU@D{ih-U07{
z_rp!_LHG~Y7~#L3Ja8wtE8HE9g3pA{f&0UQ;bCwxJO-W!PlYq!Tj4DDZuow9KD-!S
z0vEx{;Z^V&xB}h)zYl)|*TG-H`{3{4X83pb2<#f^zrI4?E^s%v7aR?r4PO8cf|KCU
z@RjgY+Ro!u8rpA!r^C0ybKrUK!|<bUA^a@75`G0Phu6Uy;Vp12yaV0??}wY<gYX})
zG0K1ac;HTOSGYSI1^0!|g)f8?;Sum<@Hlu9d>wo<JQJP`&xId?7r_Pa)9~}~OK=(d
zCj1V(8Lol1!@J<Ua3lOPd<brXtxNpZQxM!44u^Zfz2Sav96S&n3Xg(Q;0f?#_<A@K
zz74(`z8}to7sE^7B6vBx3SI+Oz#HKA;Tm{5ybIn7H^RTbzrk&=H5%&)?hJ>+J>lMP
zKR6B^2oHrv!71<rcrtuFoC)6s-wodn=faP`Pr%Q>E8v&mHE;#I0e&C;2(E*_g!jSU
z!@t14!GFPavj2JthEIS`h9luK;IrWK;RN_%_!9UEI91!ZUYdgT8{k{uEchPy0eAtN
z4=;t6!7sq2@ayo~@Vjs|{0aOyyc_-o{sBG!x57tZ_oe>psRJAacY}Mu(eT;u1@Is^
z2_6k!310=L!8gLw;oIRk@I3fo_))kJeimK{zXF%T>)?&>7PuDv9R3P!fPaL4g%88(
zGXM1x0C$8>gd^b7;689H+#enc4}+88G4MoqDx3k|3f}?W3+KQK;m6=7;bQnjcs2Y6
zTnWDiZ-uwPJK;U>ez*xf2>$^am;0|L58Mgv3U`O2;J)y=@P%+9JOaK99tTf?uY+%f
zXTr1Lx$r~qBDes48h##r5nc_y0awEB!CT>N@D6wnydQ3Y55k9GmEymi0^pADiEspb
z8hj>v4jd0(1P_NVg~w_;*GpHUeJY#*--`Y3K>NLL4!jV441N+WhF^qN!*9Tq@O$u9
zcpJPE{u=%k{t0e@|Afse{MS<;915QV_kd4_W3-+7`#iJ{fQP^%;mhIi@HKEcJPn?u
z?ac2kv}dDzKH3+<OW-1SIlKy916RNs;P>H=;5ztAcpv;d+zkH?AAwz0`md)DxC`73
z?gdA~XTul3gWx21G<+p|6`Tg&2v3J^hv&fa;D_Ny;X?RXcqRM_Tn?{;H)=cUe+$}c
z;T`ZEct6|(AB6vajWPb~#{+kQyTaY!D7Y_tF5Dj;3=e~o;W6+;cq)7&JRQCro&(Q=
z7r^=OQg|8s0$d8e4!;e*3s=LRz@Nik!42?_a5MZH{1<GE^<Q5>aA!Ci?g{sX`@wPW
zKzJxT3QmD1z?0$Y;Y|28_-^=qI2V2degb|5UID)hzXrbrSHT~^AH$!)yWxHC_i!`(
zJA4Fojq_hmA#fMC8{7+yhR=pCfCs@z@M!o-_$oLJz7d`d-ww}#=fMxdkHUrUv+zpz
z6}TK;2XBP8z_suWcn`cEZh{ZOf566g|Mla6JHcJy?r;>`7d{uh5Ke?gz?Z?};7Rax
z@Xhc{cs4v2eh6L!7r;-$&%-alW$>HuJMd<>2HpnmfcL-+@Q?7X@L^a@@Lx{>a7Xw=
zI08NmJ`+9%j)yOThr^e`W8tgeYvCK=>G19F9C#l5F#IUI6kZ0u0GGnA!*9V=@CWe6
z@MrLD_#5~K_yF7rABEki{_Cp)90s2Pp9=SZW8wbrV0aju43B{)!c*Z4_*VE1_+B^%
zUI;%1KM5DZFT$(gH{eS6J$Ng;4c-ZV4Sx&&1h>F{z{XYn>&F9kg1f@q;V8H-d@g(;
zoCuGAli@M&Rd5=71AGgd1>XZd055>^;id30_yxEWejR=reiyEWKY>4ozk(a!AK_o&
z!?2p@zn%i%5cmZ6WVk2X8}0|k!2{u;@F+M1o&ZmVuZJ_?+u*z5`{7*p5%>xC8F&T!
zGW;6+7F-2?0DlaB2JeQyfq#GxXgjZWwW9qf?7rH6eRY7t;8WmJ;XZII+#enc4}+88
zG4MoqDx3k|3f}?W3(tceh989s;b-BM@GEdRybj(7Z-Hy!9q=A_KimW#g#UnzN&f4{
z19yVE!rkF0xG#Jzd?B0&kAN?O$H9}}>)@N=nec3QF8mO@2rhu1hM$LDg3I7H;dkK8
za1Fd2-UZjg-@!k_hu}8Yy2gJ!1;L%+aJVPj8}0|k!2{u;@F+M1o&ZmVuZJ_?+u*yk
zoyYTRw9khZ!%N^IcsaZZUISOa8{qfhkKj7^OL!mrJ=_fc4j+MCll|9I2;2qk2KR!a
z;j`fj;6ZQ_JQ}_dz6wr*Z-l4Ax5IPbdGN#Vqi`YoEW8qa1uloz!5iT%a4oz8-UIK4
zo8W`+AFwgSfBksiPH<PaI~)b~h0ldAgcIQr@MZ8gcoKY_w)6OM6WV9Mcf$9<55jry
z<M31Pb8v~aGrw2Sz83B4(Y^`(5dIYY0<MR@gMWq(X*=_6L%Wsczn+5N&Tu%~6YdT7
zgU^Epz(e4X@a6D$_!>AJo(9i??}D@8`S4<R30wp(hgZRC;0kyH{672<TnB#%?}NXG
zo8jN#Bd}|#|9T36yTB*Ik?<MtS@8LA0(>!i348^d3QvJ=fNz1b;CtW);016#ycAvr
zzW|rQufuP{@50saC-CR+S8xOTBm66T7*^N%ub%+8BYYwp0iUMrJpP@D_H*EP_#${X
zd?`E@z8bz3z6qWI-wEFbKM3c+kHb&F&%q_|tMFQQJ-iA25dIYY0<MR@gMWq(!ELa0
zo&S0Yf;+?Ea8I~5+z*a}2f{<)QE&=80iFzB4`;%+!FR*=!@2My@DuPe@Cx{4_%-+~
zxC;IN{uurY-VJ{P{{SC=Tj8UyJKcXhb%4X*Q{YqKK5#7DA07-3gOlMg@I-hjoB`ho
z-vQqX=fDf$$KWU7V)#XPHT(u#3BRZ9JpOM*`!;wd{5AY7{1e;){|TGd`>&rsI21k!
z?g5_;$H3>o1K=U>NceJiJbVqD4o`z;!FR#g@O*eNyaX<Sm&2>zHE;#I0e&C;2(E*_
zg!jSU!_DyT@DbQ`ga3L8fxE!n;9hVvd^UUmJP1yLN5fabSHWrUjqr5%c6bgv4}KVa
z6fT6Hg;&C_z~%5dcq6<8u7!8Nd*J<W6MPW<12%5-Uq2qW6WkT<4oAU#;d9{&;Y4@@
zd>K3ro&;Y9-we-$XTx*hhu}qU0sJ)lJp2+|2EPfv18;_F;O+1(crV-t{{sI8{{`C_
z{_80iJ^?-%j?{L(U!MV=h5GZ+o&aBr`b*#|P@jtSDew*OEpV2$Gyl8Lo(<237sE^7
zB6vBx3SI+Oz#HJra1Fd2-UaW48{uEz-{8Ms`zHVO6a;sM!{MHAZ@3>E2M>gY!lU36
zZRh@<fcDAo^>8LU3%(1^hUdeJ;U#bpyc}KyuYoJzci_!%4ZI!R1@DC$;a}k2;J;w|
zX8-jR44(j>3`fFe!2RGjcpy9!9tB?xkB6^;)8T3GEch-s8=em@hL^xa@N#$+yauj-
zH^A@1AHj9-m+(ILd$<|?4gO2p`TDk}VLiboz$e3z@EPz~@cD28d@+0pd<C2ePl0dH
zc8>QJv}d9H9<)CIFM#vmrSLNN1-KM`9ex{r7p~TJj_(t+e-3{IH(>uC;a}my*k5J(
zuOBzu0S<#tflr0|z_D<DcrZK+PKL+86XB_F20R_U9i9U}055>^;id30_yxFB+gT5<
zqy268UHAj|WB4<8H~bC!1AG8(g^$ASTYT%wIi3!1nD%hx+fG6Isc;|E$HM*LL2wd0
z8om;~3Z4Sr0N(;<!FR#g@O*eNyaX<Sm&2>zHE;#I0p1MPz}w+n@LsqP{ssOG{tLFJ
z`#)X<!JXl7xF_5j?gz)g1L2|YC^!Y408fU~;c4(J_%1jbeh6L!7r;-$&%-alW$>HY
z&e!`pXx|Liz@Nfj!1eHV@XzoexDB>$#d?A}!zaN#;M3t4_&j(3JOmyIUk;ChC&Aaj
zH^VdG+3;NWA$Sq|IQ$g+99#mw3a^FN!<*m_;ZNZ&;ClEw_-FVK+y+}Su%6(~a5&r(
z?hW^Y<KThtP<Rxa0#AS^!`H)^@NMwj@cr<7crm;LE`pcCtKc<o1-t>?4A;Qh;a%`v
zxDoyZJ_NVH)=aD?xHB9M_k>S}W8m}P0q_ubBz*b*VedZRs<_sL{||~S_TIa(Bt`)N
zyAc5!iU{_^Y^jRU+-y)R3ATvFD8?FN!5VvuF&G=M_t<+cu`Bkj|24DM0P~Y`PLiAd
zd*6HCea<I)_II8&Yu2oJW@hb~A%Q!=-Qgg(4{V0x;COf>JQkh=PlxBii{VvpGQ1hy
z0q=*8!e`*i@J%=seg?mVvzd+glm{*hmx3$8)#2K(E8H0NfW2T}xGUTP?g>Z0G4LRG
z7(5yt4^M?>!3*GJ@EUkMyanD3AB0c9=izJc9rzLa61Iyr=1)#IKU@qh3s-?ZhMnO0
za8tMi><xE>KbO|WtAU93hWo<(;jiEk@ECXkJPn==FN9aXYo+z=*?{;~cn^FCJ_%od
z|A6npkKtEv7K<^Ta=``Q;&3_mL%1ef2W|kn!7br-a3{Ds90d1)&2StX508Y$!js_X
z(t1A3MSL;53QmSMOY8ORKzu*qM-e{*UxshOsnYuTo+17g&K6_Lr#x_BxD;Fwt`66R
zUEoG=Gq@$(4(<eZhXdi>a1`7R{t_MmkAWw^)8N_gLU;wd7TySNgZILR;ZyKM_&R(K
zegeOSv&I_p=>xbRTmmi+SA{=;o#BRXGq@G(19yhMfP>*MI2s-R4}lZlaqwh#20Ra5
z0<VVG!71=g_yBwiJ_}!gZ@~}X=kPl?dp~17<$(*srQnKib+|U{3O9y5U@zDg?h5yS
zd%_WL3_J)P29Jiv!&Bi|@B(-lyarwmZ-IBi2jLU&dH5Q92Yv*<gzfqp^Cu^qA1(%$
zg{#0H!%lF0xGCHM_J%vcpTmK0Z@4eqAN~sd8vYiZ2>$@jffvCm;a}iQ@OF3~d;~rX
zUxIJI_u;4T8`wV1m`}OkLU2jA0$dHQ1-rnFV0XAR++JEA4|YPlI~)Y}fz5Cn91o9#
z$HEigAK*FgB6ubI3%m*54)28z!>8bj@OAhe`~-dtXB}Y7rw`zQa0$3PTowKVc7_|m
z&EQtB58N640uF}5;AnUNJOoaV*7JEB;*;SS@H}`4yb4Z+H^V#N{qRxv415{B0pEw8
z!f&MY{;(ft%%|LNA-E)50j>tuf?eQ7up8VGZU=XQyTd_nAJ`1X!C%2&!{5Ra;UC~R
z@FI96ycXUFZ-e*3hv8H3Mff^=4}Jo_hO-Vb=F<moLAV557Onz+3_HQ~;ihm4*c<K$
ze+CD@p>P!35B?G!0gr*dgTIH9;2+`T@XzoDcq_aIJ_MhHFG%a>mn(?hf*-)ovHUy4
zvkx}rS6;XXTpF$f*MMuou5e@61NMS_;jVBGxF;L|$H0T&Ven{pJUkVi1uuY?!E504
z@D_MCd=NeXpO@D2=^Em9;79OF*zQYX{^W%7!A0RRaAo)-*b%M=e+oB;+rk~-&)@(!
z6pn)X!C%57;4$z7cp5w#UI?#%*TNg&ZSY?BFnkKW2w#Wq!jIusaF(x(`IHMT02hbL
z!5_jk;W}^w*bQz8w}U&u-Qgg(kF<U~nh}qK<KdC;Sa=dV9i9s>hF8JK@Md@iydORa
zpOMzL|1#n?;Z*n;{1(m@Z_KAWaACL<ToJAg*M?o;#;^zM1^dEX;T~{LI0BA=2f@SO
z(eQY9Dm)8b055~r!0X{H@J{#ud<;G-t>@Df#Bae5;OFo=IQtM|KIMgrz@_0za1Gc2
zc7+?m9<Uee3wMQkz&+szX}v#V5FZ2&gGa;T;i>Q}cmcc&UIVX(Q{bKO0cm~vjv;;)
zz5?HZAHdJycX0Nh$S1f6TpF$f*MJ@1x^NTN6K(_h!Chbz90G^K7I+{$6i$H0!IR+`
z@H}`4yc%8yr@%Ym{qRxv415{B38%u(;J0wLVa9yQ0~dx%!4=`^aBbKXZVY?CUa&9R
z748A|gu~!ycmO;EPJqY3li}&`TzE0O3QmSM!#m*p@KN{-d<nh*--n;VZ(#f3#(c^R
z7lKQ|72s-cE!YKa1iQnnrS<c7d&IlICO8BRhb{0xcqlvyPK2jO>+PM1_<Y2d!at$>
zuZaJK_%8T&_&An7hxk?aHvACFzd&3WVa%T#()#x2L%b+l2Cj_dKY|_MdRYEbxH;Sw
z?f`!V2f(3l6x<K~5*`7MfhWMz;Mwp(c!jjy|7#K72ycV;!iS~x`cA<YQT{r74}Jo_
zhO>Tc%%>0Ff^Z4AJX{t21a^iS!p-1Tun*iB{sIn$!{BImfVAHK@raLv$HJ4~>F`{5
zF}w;+hBw1I;QjDX_zZj*z6sxlpTcio`;o?c$_*ESOTrc4YH%&s1#Sep!>!@=a2MDF
zhrr>m1s(_wg-5}O@Dz9^JRe>PuZGvbDezAC0DKHS3txe6!4Kf)@H;qrf-#@+!bRZH
za3#0~>;Tt=o4}rM8`ux-2K&Rk;7B+Y9t;nMzk$DlzlW3HAK~Tj&+rC#E4&9j1fP`F
z&$s6hzXsny`A3MqgzZKd^Cu^qA1(%$g{#0H!%lF0xGCHM_LkQBqXXif!2xh690m7-
zzl2A?W8ew!G<Y_=5MBYVg*U?6;Jxr+_!N8*z7F4mpTMu-tfP(j^Z{HDE&-Q^tHPha
z&TvDx8Qco?fjh%rz(H^y*bK+P@$g7^EIbLG4$p-b!>izAcr&~M-VYyvPs5ks8}NPj
zDf|Yu|Hhb4x#2=^Nw@-B4Xy>dz>Q#cxHa4!?gE?O5I7vRzysl-@F+MDo&wK==fg{-
z_4Dmdi2n-z2JeD@hmXVO;H&U$_#ylPR>m0fCkLDlE((`{D@*JB@e$&Va6R}_xH;Sw
z?jWtN?=!>$;7~XU%lCu7MEMbjk3oC_JPn==FN9aXYvGOXHh8bJ-XDh%KLuZeufzA?
zC-7@H>$k>y`T#Bnmw?N|RpC#h_3d*;ydm5SZUy_mo#8K}_4NfK9tKCl1K=TW0z3|$
z49|e)N$c%fg7|899h?I1gb%>S;Ir^$_$HhRKZD=GS;rdlDHog%E)17~E5g;`+OR9!
z81{f$!|mZNun7)<!(j_N5FQGTf)n8>@Jx6<ycAvyuY)(k+u?oi5%@HG3BC^BgP*{!
z;jH6~`Sk%@5H10ihpWOh;W}^w*bQz8w}U&u-Qgg(4{V0x;COf>JQkh={{YW{7r`sx
zU*Jvfc6c9r1U?O4f^We0;ivFxIBO#E2`&hifXl;G;ZI;^xFOsOZUy_mo#8LwU^onp
zh6lhy-~@OaJQ<z=&x4o1tKoI<W_Sm@A3h47fiJ^1;Z*n;{1(nO-k48$;KFbzxFTE)
zt_8cmjbL}UHQXNV0-N9vI2^XX1L2|YC^!+GBCU^?X2SDPekuGD%KwV^Z}2YoclbDb
z4!#QCme$*!iug15Eu8H;<P%&NE(KSFtHZTnSGW=E4!4He!(Ct#90G^K7I+{$1Wtg*
z!IR+`@H}`4yc%8yr@%Ym1Mo5UEPMsN38%u(;J0wL3CJh7FkA|*2v>(|!!B?m*d1;S
zw}-pHCO8BRhb{0xcqp6zkAo+}GvImfVt5st3~z>a!294M@M-uGd;`7@KZW1G_7jcy
zlp8JtmxL?8)!<sN3)~2Hhg-w#;V!TV4uQkrXm|iT1Wtg*!IR+`@H}`4yc%8yr%3D9
zqwR?AgO9+c;Y;uh_`bBhzNd)4f$b+DpWuRU3Aj9575)Tvh8x1o;8w5?+zIXu2f=+{
zGaLuU!z1Cb(t3YSLVP;na}i$*uY!MpH^JNCeee<ZBzyt>1HKDChF`&1CR_7K?~h#4
z`oDj^09+g{2UmeVhMnMg@TYKdxGmfP{tOO)L*Xd6A3PWy4u1oG2Y(MI!9T*w;h*6R
z@K$Mk|LsBi5PTB80RI8sg&)B$VY?~D^HWYZKU@?p16PJWf@{OBaAVj5_JV!ku5b^y
zCmaFCzysl-@F+MDo&wK==fg|kpWt8N6nH0m06qqvg|EQ3;0N$?_#K>msxiOv!bRXx
za7DN}TpM<U8^P{yYq&k!1vbGUa5!v%2f{<)QE(zW1)d4dhnK*s;dO8dyc0eEAA`@r
zSKwQ4D*Oz73upV@m`{1&!f+|LB3vD=1-rnFV0XAR+#c=%o8S;Q4335ez(e2!cpN+#
zo&nE;m%yvxb#My26FvYRgU`ZO;9Kwm_&NLz&OXhUPkG@YaA~*_TmyE1>%vW7Pq+>2
z2X}*ez&+szI0haB4}(X;<Ke0BOn5%L6#fbR75)w01s{Nq!Drzs@GbZO{2YD@XZyjJ
zPkG?Na4EPVTpj)dc7_|m&EQtB58N640uF}5;AnUNJOoaF$H9}~8Sp%K3A`F!2dBV0
z;REn7_$+({z6C#kpTqCq?9+|;lou`nmxe3BHDCw0F5Cq6gxkP=a5vZ=?gdA}vG8Dc
zIQ$L#9sE6<1pf#xhku4Qz+2%x@FDmld;$Igz6(EwU&3}XjQNuj&JP!Z%feOQk6|ac
zKHL;;0eiz8;m_efI24Y8`@vtrBj7Rc1b7;p1pf#xhku4Qz+2%x@FDmld;$Igz6(Ew
zU%^>s8uKX^TmUW(mxDiqYr=Kl2Cy645^e`~lGg9PbVoc0?gN|QI5-|236F&*!PDWn
z@M3rsoD6S<cfkAMqws0?B77ab3qOKi!gjNa`IHmR3m1k<!4=?Ya4pycZUno-t>N}?
z7uW=cz~Qh39taPGN5P5k6nG{)A6^Ro1pf;E2JeD@hmXVO;H&U$_#ylPR+5bQlmpHO
z7lq5fmEn(IN4OsRDcl@x3wMA&g9G4DI126ue+iF($G{WdY4B`#A-n=!3vYn8!h7ID
z@JaXr{0Dp&ehj~Yv&=T;Q!cmwTpTV3e+buv>%a|QH@GF-4(<eZhlAiguo;en<KdC;
zSa=dV9i9s>hF8JK@Md@iydORapMfvKH{n$H8T=N`HpiGxdEmluDYznB9j*<#!i`}M
z*bDZByTU!-o^S*l0}q0S!K2~v@KksfyZ~MXuYuRYTj1UBLHGoG9=-<Ofgixn;dgNM
zxyF3T3m1V)!<FC~aBbKXZVY?CUa&9R7489tz~Qh39taPGN5P5k6nG{)A6^Ro1pf;E
z2JeD@hmXVO;H&U$_#ylPR^}P=CkLDlE)17~E5g;`+OR9!81{g@;P!AA*aU~b;jjfB
z2oHr5;BoL|cm_NVUIMR%*TE_9PWS+P3_dHZ{~o@C_zn0z{1koz+s`-VS8livToNu1
zSA{=;o#BRXGq@G(19yVE!$EK#*etF0Zye(B@JM(pJPDo-&xIGmtKejKBfJgX3m=A0
z!587{@ICkm{0h#pz?e_D-~w=QxE%Z;ToZPJ>%&dq7O*$m5&j$wgnPq%;r{Sf@Gy8Z
zJRY73&w>}g%iuNedUy-G8~z<W4xfXs!nfgv@C#V^(U?y;;CygVxC~qw{s?x2>%pJG
z&Ed9i2lz8M01kzt;C}Fz@CbMeJOQ2t&xRMmE8w;8MtB>%7d{N1f-l0?;d}5C_%)n$
zp)sF6fD6JU;PP-)_!HO}ZV0=<E#Y=>C%8Kt1owf>a2y;DkA%m<li=y_TzC<@68;6=
z1aF7;!AIcJ@Fn;Ld>?)azk%%+8S^POTnH`+SAeU*wO|*x5$q1PhTFqkU=thyhr<?l
zAUqUKfXBg;;TiBecnQ23UI(YZJK+QHG59Qe1-=D8fS<$f;OvWy`IHwf0+)s>!8Kq9
zxGvlT_JrHOe$x8*xf|mCa4$F#j)e!q!{Kk>@8Iv@B=|>oIs7xc0p1Glfe*na;S2B|
z@Ll*Z{0h#p#F#(1-~w=QxE%Z;TobMXH-O#XmT)_`6WkpRg8RT`xF7r_JOUmAPk^Vv
zv*91%<?zq&26!vH2R;O!gfGB<z<1zB@JrZksWG2&!ujE1a9Owt{4wkV*N2<JEnsiB
zBm6lW2=|8j!m;pRcsTrxw0?g44)O2dBzOV53|<4Thqu7H;e+rA_&j_Kz70QwU%<*T
zV?O18^T9>oGH_+MI$Rreg&V^juovtLcY#fC2pkSu;DPW^codunPl0E^^WY`$YIq%-
z0`G(mz{lXT@D=zL`~ZFqzk{<cH|AGfxCmStt_0VB9pJifBiJ2o4Y!B8z$Q2Z4uhlN
z0q_tw0UifWhG)R@;3e=XI2qmy?|}EiN8vN@W%wqX3O|G2!r4|B^C=Hp7%l}@gsa1~
zVOO{@>;ZehzHnE#2iy~mkk+qPF^CU>hry%a@$gi57Q6sn2CsqF!&~6p@Im+ld|q1L
z{%i0Zlz#-jgzZ)u^Cu^qA1(%$g{#0H!%lF0xGCHM_J%vcpThxgC>#a%gTI7Fz+>PE
z@HBWfybxXiuZ1_l+u*(MVfZ9`0saHN3qOWm!C6)r^C=fx04@%fgFl38!gb&Vup8VG
zZU=XQyTd_nAJ`1X!SV1&cq}{#o(|827sIRIWOy^Y1KtN8fltGi;2ZFL_$mAbwqI?`
zr`&KMxFlQwt_IhFUEoHrJKP#>4|jo0a0na@Ti}84P<Rxa2v31$!t>#!@K5ls@Ne)g
z_;>g?d=9<}--aK;FJR>-WB%lT^T9>oGH_-1BiIqH2Y)K9U%#8fZBf1h{29szARY=w
z!TsPb;Sul{c!IRv{%MHMh8Mys;I;5ZcpJPIJ`A6NFT&U1d+-zZ6`W;_F`sft>-|vx
z@#1hf_(QlRTnBCdyTL8tc5o-SI~)Y}fz5Cn91o9#$HJ4~>F`{5F}w;+hBw1I;QjDX
z_zZj*z6qzo&)~Okwx5mplm{*hmx3$8)!<sN3)~2Hhg-w#;V!TV4uQjAi?n|H#33FJ
zkA%m<li=y_TzE0O3QmSM!#m*p@KN{-d>Ot8r^3(Rw{W(#$S1fkTnerTSBGoEu5e@6
z18xnshr7TgI0O!dE$~2iC_D;Igr~qW;rZ}V_$T;RI0fDbAApa+XW=XGE%*Wa9DWC9
z|HYV3dEp{(X}A(x19pJx!cAaLxDD(FcZ2=mUT`EF3lD~e!K2~v@KksfyZ~MXuYuRY
zTj1UBLHGoG9=-<OfgiyyVY_5w{^W%7!bRZHa3#0~>;Tt=o4}rM8`ux-2K&Rk;7B+Y
z9t;nMzk$DlzlW3HAK~Tj8hAat1>OxGgipZd;cM_6_!0aPwp)jMg7d@0;IeQP_#@a6
zt_Ob#H;3E89pKO405}wmg8RW=!Xw}@@C0}oJR4pJuYlLW8{uv6UidJ43cd(mhws5p
z;MZ{0Uyb?n0bCF+0hfoX!k@s-a0A#4ZV9)8JHg%IAh-`~hU4IPcqBX)o&-;a=faEO
zRd6!A8QuZ!hmXQ%;LGq$I2C>dzlF1{H|A3wxG-D_t_W9$Ys0Q^W7q@sf_>qxa1XdA
z90A9`gWzHCXm~t46`lnzfS18*;PvnpcsG0yJ^`PHufccVNAOG7Zi6v@a>Dtg_20|I
z5HAZ?fj@?w;QDY=xCQJDcZ5HO1L59qU${T~75p{)Ej$ta0iFXdf>*-7z?<Oh@ILqm
zd>Xz4-+=GKPvJMP{YGOx<%SEvCE*HiHMkb+0yl!)rS<%6jd**w3v7Zz;BeRi4}^!n
z3Gg_0GCTvG122S^!K>kQa0<K=J^&ws&%#&Wn{X=p41Nn|+hokIJaA#S6kHLm4%dcV
z;l{8B>;<=nyTD(-L2w_~49CIo@YnFS@I?3rcn-V>UJ3sKZ-TeOd*Q?IDfl9M9li%Y
zfnUQ}HyiWm1Gpeu0xl0%g+GCv;Rdi9+!AgFcY?daL2w_~49CIo@JM(pJPG~*o&zs}
zSHi!*o8ay6KKKZH8omVIfbYXk;Ww~-iZP#Z!-e3Ia0R#;Tnl!A8^P{yYq&k!1^xmK
zhQr`!cmO;EPJqY3li?ZgJa`Gb8eRvdz&qgm@KN{-d>Ot8r^3(Rw{W)KjQNxYE)17~
zE5g;`+OR9!81{g@U|+ZkY=VQ~FgO|>01tr^;BoLIcse{6UJS2-li|(q4tPI&6g~rA
zhHt{D@H6-=oNWv82`&tmf-Az+;o7h(+!*$Ny<lIsE8GL_2}i&&@E~{?JQ^MkPlac}
z3*cq&8hAat1>OxGgipZd;cM_6_!0aPw%cmVpPX=hxENd(t^$7yJHhqgrf>_`8}0~y
z4hO=$;l6Nx_$&Bp_*-})`~y4(UIed%e}Ol_+u?oi5%@HG3BCc}ho8c4VEb*xe98?M
zf=j{`;A-$Euru5cZU(o4ec;aU7jQ5f21mmK;COf>JQkh=PlxBii{VvpGQ1hy0q=*8
z!e`*i@D2Dr{1koz+iyoc!G++GaCx{Y{0Zy~H-wwPtzaLxGyDY{42Qwd@BnxSoB)r5
zC&M$~dGHc=HM|Z^fp@|O;A8Mv_zHXregHp*-@(~;81pGFTm&u+SAuK64scz#3G4~C
zf&Jiaus_@jj)Y_3!SHbS8~8i;dpHUH5nc}e3~zw9!h7ID@JaXr{0Dp&ehj~Yv+OkH
zPYyUATof)1SAwg<wP9DdG3)_*!M<=;xCh)5j(}s}LGUnmG&~-j3eSQUz{}t@@Ot<+
zco+OTd>lRpUxjbO58&tUJ2?9;V}9j@i@>Geig0zfHtY&FhTY-TaC^85Y=T4JaM%J5
zgonTh@K|^fJRP13FNRma$?#@)2fQCX3ZH^6!q?%u@MHKTY`5E(PdVZIa51<nTm}9Z
zc7p4}P2m=>H|z&@gZ<&2a0G0D2f{<)QE(zW1)d4dhnK=X!N0=4!Mot!;p6Z*_$quG
zeh9ySl|9CM$^qwti^65#%J4_9BU}&u6mAZ;g*(8X!2xh690m7-zl2A?qv7%JRCpG=
z0A2>Kf!D)Z;N9>+_&9tHz6#%lAHpwSWiRpx&IcETOT(4m8n6Rg7j6Q3!fjwbxEt&b
z_kttgSa>iz3?2=Sho{1`;05q9cn!QB-U9E2e}|95=isaGZTKPl0#^1RpWu9OQMe3T
z39bP<z;)p!um|h~`@&t}9&iX84qM=X@KAUZoCr^WXTtO0rSMPiukdg1F8Fu&ID8Ji
z3g3nw!Y^QDKk^CA3m1V)!<FC~umfBdZUTG4ZD2pR8*G9@;BeRi4}^!pqu@k%3Oo~@
z4=;gN!|UJ_cqe=SJ_etKufVt9RQMVE7S49Sm|uC|!f+|LB3vD=4ZFgPVGq~~ZVz{X
zO>hVt4x8aPI36AekA)|})8V=BVt5st3~z$B!~5XF@G1Brd>y_AKY?GvS${X?(+6-t
zxHw!6{t&JS*MS?rZg5Mu9oz}-4hO+~U^5&C$HODxZ{dmX5AYm#5xfFk3vYzC!Movu
z@Co=ld=0(>KZ0Mvb_b35loQSm7lq5fmEn(IN4OsRDcl@x3wMCK!TxYBI1-M92gAeR
zZ{Y9X@8Kl)M|e5B23`+ufp^0P;p6Z*_$quGeh9ySl|#mS$^qwti^65#%J4_9BU}&u
z6!wJMz<zKy*dOi%N5Zl2V0bt@8XgZ%g=fJF;AQX{cs;xY-Ua^-ABWGuSK-_6L-+-(
z95&`tb~rCw1TGC%f@{DIa9y|w><PDl{orn}KimtBgk#~s@NoDW_&fM}I0^m{UJm~Z
zZ-BSLd*DOxN%#W%2YeTP48Mf!ju`VPC!8NH2A74az#qd-a6R}_xH;Sw?f`!V2f)4H
zNH`WA3=fCDfxm;N!n5E7@G^J}ydK^H?}QJ)$KbQ@75EnX0Dca?gR>ts=2u?02wWPj
z1lNEa;JR=V*b{C8`@!8{f4CPM3CF^N;o<N%@OSX{a1#6@yd3@+-T-ff_rQnXlkf%j
z5BM(p7=8t3IcChCTyO!nI9v|?5UvT=fg8YXa7(xy+zIXu2f=+{GaLuU!z1Cb@I?3r
zcn-V>UJ3sKZ-TeO`{2XyDfl9M9li%YfnUQ}k0YPp0&sD-9Q+|%6Rra{fSbZCU~jl1
z{5c#5_lEnz{o$|Rui<auiSQ5b9C#7D68;6=1aF7;!AIcJ@Fn;Ld>?)azk%&f81pGN
zTnH`+SAeU*wO|*x5$q1PhTFqkU=thyhr<?lAUqTv1t-E&;F<7zcq#l7{44w$ybJyv
zJ`SIQufn(ChwuwnIcdzF9B@9kC|m}v41WYW!u8-!;pT8#xC8td8~}&HQE)%_OLzo4
z2A%*<gJ;7F;T7;&cq6<G-U}asPr?`AKj6FYWB3)E<&-g>a=``Q;&3_mL%1ef2W|kn
z!7br-a3{Ds90d1)&2StX508Y$!js_X@LYH?yb4Z+H^V#N{qRxv415{B38%u(;J0wL
z)5d(t0~dx%!4=`^aBbKXZVY?CUa&9R748A|gd^Y>cn~}c9u1F&r^2(~1@JO>4ZI%S
z0`G<o!YAPK@HO}j{0M#t+nq7yPj)yjTm&u+SAuK64scz#3G4xT!M<=;xCh)5j(}s}
zf$&gx6r2c8foH<=;id3T@UQT1@Gkgw_&9tHz6#%lAHpwS<*YHEa=`iEqHr0wGF%<5
z4ZFgPVGq~~_JzB`J>U>H9Jas%;i2#-I1!!#&w%H_OW@V;IyeR12_Jxu!Drzs@GbZO
z{1koz+n+P$S8livToSGTSA%Q8&TvDx8Qco?fjh%rz`<}I*bK+P@$g7^EIbLG4$p-b
z!>izAcr&~M-VYy!Pr(=A>+n7J3H%z)dfu2%AHW6R;&3_mL%1ef2W|kn!7X5KxFh^I
z90>P@`@;R<ui&rYZ{dmXRCpG=0A2>Kf!D)Z;N9>+_yl|&z6#%lAHpwS<$^Jva=`iE
zqHr0wGW-$j2-kx@g`2}|;STU;Z~z<%N5TEzFX0jJ7<d9a4W11zgjc|8;f?S%crSby
zJ_TQdufzA?C-7@H>qTQeeE=7POTgvfs_-YUGu#kv2DgHJ;7)LNI0)_oo8dS(9v%sg
zg(tz&;koc)com!sZ-TeO``{z+Y4{R+1HKPGh2OyTmyG$88!iNwge$<+;99T?+z57u
zTf^<)F0cs>fx}@7JP;lVkAf57Dew$<9=rrz4X=Y!;GOUR_!xW^z5?HZAHdJycX0O0
z#(c^P7lBK|mEan%16&tw0(-)3U_ZDU><{;XBjH$hFgzUo2L2BI9!`RPgqOoV!yDkO
z@E-UOd=kC@{{i2HAH%QUELV*AlM5~Y7l+HiAHp@^I&cHn4Q>gygFC_9;UKsVY=-0D
zcz7f{2A%*<gJ;7F;T7;&cmuo@-UA<kPr?`AKj6FYWB3(pch#6rIpO?pF}N&T1^yUz
zg6qRg;TEtr+!6j94upHdec}G_SMb;HH}H4x_iz&YBfK2`8D0->fp^0P;S=zA_!@i%
zegwaSm21X)$^qwti^65#%J4_9BU}$|412&{urJ&d?g96N!(j_N5FQGTf)n8>@Jx6<
zycAvyuY*(Io$vwp7<?AK0^fokz|Y}#aP~ip`IQ$g0+)s>!8Kq9xGvlT_JrHO?cpx4
z2@Zk7VGBGE9s(!8<KW5g40s;A1YQlVgHzxg@P7Cxd<MP@--J`)XYgA%+jV0;<$(*s
zrQnKib+|U{3O9y5U@zDg?h5ySd%_WL3_J)P29Jiv!&Bi|@B(-lyarwmZ-IBi2jLU&
zdH5Q92Yv*<gzat^^Cu^qA1(%$g{#0H!%lF0xGCHM_J%vcpTmK0Z@4eqAN~sd8vYiZ
z2>$@jffvCmrS<>5$j^vxfVaYX;6w09_yYU~d>4KUzk;*eH0Dz-xBy%nE(d=I*M#f9
z4PZC8CEO0~1b2sn;6AV!j)UXjui<auiSQ5b9C#7D68;6=1aF7;!AIcJ@Fn;Ld>?)a
zzlO8kGUn3<a6z~PTpq3pe*!zh4dG^RE7%9_41WO!!(nhVJOCa7C&1(2$?yz#9=rrz
z4X=YY!#m*p@KN{-d>Ot8r^3(Rw{W)G#(c^H7lup072)b|ZP*oV412&{urJ&d?g96N
zBj6Z#5IhVX4UdPX!n5E7@G^J}ydK^H?}iV;C*bq&HTVwv2!09M-7)4*PB=eY3@!^-
zfj@?w;QDY=xCQJDcZ5HO1L59qU${T~75p{)Ej$ta0iFXdf>*-7z?<Oh@IGmMymbWe
z)9@wu27DiW3crEv?;7(dH(UrV30Hut!L?u)xDo6Qw}#upU0@R&0*AvEcpy9!9t9`D
zQ{b8Ke0VAR6Z|W@3EmFxgO9+c;Y;uh_&)p;egoUzLq5TU;F53!xEfpwc7Yqg&EQtB
z58N640uF>j;RrYy9sm!46X0?1WOxQV4_*wff|KFR@D6xCd=x$dUxshOsqi!SEu8JX
zF~9P_h2WBKdH6%PCR_(@0K360U~jl1{5c#5_lEnz{o$|Rui-K91b7-e8(s*nfY-ts
z;cf6<_%M75z6f83@4-*tS8$e8V?O1A3&6$Ua`1<6O}Gx+0Ct00!tLNr@aJ$K+#Bu-
z_lLiNzlOhsC&E9#bKphrO86Ie6TBVX2Ooh?!<XP2@O}6x{06pvV9cl7a3Q!PTpq3p
ze*!zh4dG^RE7%9_41WO!!(nhVJOCa7kA%m<li=xawS3n8j#RAwn<eAA=fLyfh42!1
zIlKy91OFo3N4969bcpnCi0?!E5PS;01mA^UNbBpjduZ(+ef`;_^>}``C|n7y1-nXD
zmD|@qT3=riX^V`vfPLZaSiU#h4~~aN!xQ0|@FI9Eyahf0pM`J1FX8NutouXn|6Fih
zX}$jnBVG>i%CIy1sdR+i|I+&UJD_}5*o5-oi1$UjzjOz=zAxc1@DzA9{FAia9~-6h
z<9oZbo?rXm<5>PQ;+LcyWqY5)A3V11FFjrXc9hoJ*ARAx+rnL76Wmi;-(O+U`u18-
zelR=&%a2ApQCiQB3DSD~-%IQJbEdT3o(0mLvj3Jy>;173UJI{>e}i|x``|<HariuZ
z3w{CHJu#jy^Goa7TMY4XaAj$||2}~~MR^~%8yo;fz!rFrw7x%wB0dhD3{Qh+!SmoX
z@J4u#w42P2!-$`S?@8<Z{RDCQr^fwL1TGI(haKU1a5HIr{cRBMhIlX>f%4JtKsW)O
z0MCTyzzg7|(t7*XBECUdKVG*=>-n-@T0h<|Abw3+uRm2<Ki;26>-ql%@%+z>`>!Ni
z5w0#BEAz(%_JBLWec=A^NO&?l7hWT+Z*K~`C$Dw;^!6UY^5;?h4*Uwv{oGhzDQSKE
zC$PS&@JCpFBjOEFpS!fae_JEo1?~YakoD{N6pVO(X}$iTh);#*!VBS*@H%)Wd=Neb
zUxlB+xn3Caw<7#8><l-BTf=_v7jPil6OM!jz{BCO()#|G0{;lFhBr#<`M4jx4rhC5
z?7!S_VYrmE-oA3u`uU}*w0^#-h2>pfPuLIc0ms0jr1kcUNBn!lXTd*8>+M~R<=3J7
zCU_^xAAv8R{9VK!!|zZ&=PT>}(YLRNv_9T0A+7K4a&T4nW7t7jKR?uw*7s)v*h^aP
zFCS@r{T-$C`npN$?Ki<ea35*CzDUITBmNaU5}pFjhgZWp;6v~k_z(D=w7!2HO6%MI
z66Nh*Tla5Ac|FZ7t@m#MxP-JmUZ@N^OY8mDP+DJqQ^Y+GZ-aPe*aU~c1ElreXYtbd
z`oBi`G4S{B5;z&&3I7hCg|EX8;g_)e8{_#gA6yEqDy<(sHQ_pN11#SZ?jWrnPhF(-
z{tSd;;9>9tcrpAdoC5EX*7NIk_%zC2K>RlR1kU=_c)rUEmw>Coj?#MjTEYG(-y87(
z@K|^<JQH37uY!Mtx5Edd_2d5#d|X=J|7WrMHEBIxZc8_l=a<JQ{|3(W&Y17Tr1kcc
zL%cfNKw4j)8{(eQdi(tl?+yo`d^G$O{0)|$2+x6+!O8G?csslgJ`JCTuSx6Me+TjW
z^8UFVPnB_ff4;)<xs_bnp4H12l-BdVGVBO9ggxPQ(t7=!5dQ-4AUG0^frm)z*Ruq8
zinN}8OAt>%{50Y>5Pt>du(S4`zW&nE`ud!u_5N%CyGvW-@znxu1Gk4e!JolB;9k=D
zc)<+EOY8f~7x^>_@hR{;X?^_iqqLrXKOw#i-iz{Q5KooX`|}z64$hgyx_|WY`Qegq
zRoDS;3VXvQI80jaPYWD}^26Y7;c4(fc%8JqzD<blgb$$n5yVfx7vOualGWJXx#5Cv
zF=@TM<q)re_(zD>M!Y`k0e8UiCGouRGa1*fKmJ(07aW25`XU}Ht)CC#;ZazAD*P1p
zcNE!P{eILOlwTyRA8*UyweU7+z5h?Zm*IQT`tkG-eh$CE^4aZ;*PHxs5ox{tQg9Wx
z7M5>_cvHAJ+z##n_mI~6Ck*jHh);u)P<|fb%Mf3M_y%|fd<Z@vt@qy*_&UlzK>P{(
z8s+n6Gw#2#()#);OY7(VYSMZ>*2MBI()#tUp|oC~8|(#llGf}0LR#Nnec)m6cz7nf
z1l|N6hp)m9;oRAc=f}d*di%>s>+Syp<#*zI<s##He;2~_x*W>8p?n*-6C42dmDbxA
zC#~<V!H5rsr=a|7_(y5|{I(SFpQQDCS&#T8ct3m|PK95>*>f28S4p@m{E@WYKaSFR
zdtFez8OnRXJ}7U3LtzU%NLp{t2zU%UMY^gSk4}@;_wP(;JzwWZ>(|R=D8C8bkL3@+
zC#3cEUcmA<;8c`<Dy_HY9m?m*X*_=wme$L!!1Im@GOlm`M{ph31MUC^!F}ODZ~{CL
zo)52qcfhCM+i=!g#(d8YSA^@s?clC(A9y%C6`l{Tfp@^a!x!K?@GJO(4~*Mi9(I81
zz>VOhaC2!rzkQ_j<H>}$86F^=Hl9R$w6vbD)8SPp{|n+<;QjD1_zZjvegMCN^W`@7
zcQI-G_jE<XtHPha^`!OwZGyNv;w@o6xGNkat)I_B5w{>d7#;~vlGd-^)1~$Ow+K##
zcf#l3N3dNUYk%wQ&jlBS%fcVQPSSdRH;~rb-vV)OxFg&h%lAY)67CNVffJ<l_9P-c
zMOr`pW+1*0UITBJ*7x6DX?=Z%;A8Lw_!j&Weg)g*H6A~CrS<($1TKT}RbdyDZ;5yZ
zY5n;83=V-~rS<m2!=t73d>jvd56^}dN$dTc3~!g#+q)a_L+~m1B76gW0KbNF<}>b}
zJa9p{n6#dcrKR=reHE0iA+7hX1LBS0mMHHdt>^D&C~ty;;X%^+{u=?0NBPO{Olf`n
z^Wjw}|BJM~y_?}(D1QX;6Yy1(e}wpJI7fc#{?ylB46Y74!OdYmI7nL0=Q#LFlphLz
zgYvWB#qcV41H4OG-`?YhpM$T#cj4!7&H~2cBR^akt_atF9pDCVYuFd=1e@UAumz5X
z$4KkP^Gw9o!N0@T;8baSf4o9GYeDoUTv1wIz9!=J5O+hoowU9^9TD$}<%1B9k=D-_
z0}vkykA^2o>+Sy@o{925!au{C;XTrN`;H=h3BC<KgR>Sgo-gviMc}g1`te^2aVNy<
z!Oh`za97wL4u$)|{o$eTx9~J+JzwS`z7F0ht?%Exh@XQmOY858Tu1ya{8U=Mp1wpp
zYhfHea7nlV{0Zy=e+qj_>({@wh<AZ|OY8j;iFgb=SXzJHHw^w3PJ&m!Tcq{<xm#M#
z*OMrJL0Z3`cU@X<|2-`K1o5}h`uHtd5$qqhC|n+{A+4{!wzQrP$+-VB5w3&!rX%i-
zcq^>W7yb+m#qtB-$?ytz4ZK-e-`*XF??L>iw0{0Oi}+0}{}6tL^6wDOQPjBq3cw%2
z_28z`diy-3_3djdt>>q&w4Ogb;3#;ow4TpH;nDD9c(%0Oo(1qyX+7UoWBJX}di%Fw
z`GY8b0=^92fuF&4#f<wSH(V4h4OfOghMP!NmG_gIA>I=1D6RKj2;zNU3(9|mcmm?%
zrS<deL}@*rX2SE~CGb!1dUz|m7d{N1f-l0?;k)ot_zj$`xOIQ)+xr1r7%l}@f~&y}
za9y|w+#L3XJHcPT!EhuT0}q6U!K2`D@FZzHf2P7eNbC7N6Y<YVSo^=KoEDVR>$2Q(
zIhBWtZDQ*ITMyWJz}5q{9<cR*tp{v9VCw-}57>IZ)&sU4u=Rkg2W&lH>j7I2*m}U$
z1GXNp^?<DhY&~G>0b38)dcf8LwjTKZr3cQA&Y{)Y>%5&dJ$TzXtzIRI)kUq-UKeEi
zj&-`Ss&#&w64vR4G1hu^$>~u!y(p)5<n+0m+J9>;UqDXF$Z2&sb(Yhna@s~tyU1yf
zoJPs%AUREt(}{ALB&SQ|G+9o!$>~8kJu9a-<n*zeDr2qf%p<2I<g|*MI>>1wIc+JY
z9pto!oQBD1e>oj4r-^bpT}~Iu=^8mrk<)#0dQwiW%4w>czLwLR<E-s1BBvGPw5FW?
z)g-DXm%AbJ#6#LgPCu8^UUF)Y(|9=@Bd1g4^s%f*`9}7uoR*N&Dst)|r;X&arJQz<
z(;jjfCa3-7bhw-*%IS1DT_~q(<TOQ2_sQu=IlU^UsdD;SPIJn<Eh48C<g})o){|2Y
zIrWj#&*ik2oLb~GUQWlz=~OwLC#Ngr^v~|EY_edN!uhSo?bd?Y)Oxfk%8jhn0u%39
z`(2-3VVkjB6<AT;y;BrB@mWBtpiGVI+O&e4T5J8!pVohi)cfVEwZ1>!HpkWjwjQwc
zfUO5?Jz(nrTMyWJz}5q{9<cR*tp{v9VCw-}57>IZ)&sU4u=Rkg2W&lH>j7I2*m}U$
z1GXNp^?<DhY&~G>0b38)dcf8LwjQwcfUO5?Jz(nrTMyWJz}5q{9<cR*tp{v9VCw-}
z57>IZ)&sU4u=Rkg2W&lH>j7I2*m}U$1OG4fK*5SRyLm(v=+L}JW%te=Q8}Xu__}q_
z{;z)T;Kom1H#MHIjQU+I)m59@NqqNpiz?vPtef>)&Te9U)Ia=bT|e9Qerq$%>8!P<
zvuF+f>EzZ)%vI;BZSUk3pF?a;XSeQdQ6<DG{=5IF?$@ldm)fDe?(z0Hd*s)f*(`lC
z)Ml&dB<A_K>urwDrZ!$}zL>^mwQh;NJ#w}lPFp6sULf<O;&bZpjNPKn%UEH?nD$+3
zir$10#)jE*X<@CX*jlaDj5VvVv;{H-td*uOVqI-My)LZ_P@h`6R!j?K?5y<JY0IV8
zZ0Hzli?R2#PEA{brt~e!I6ti=8P}o~P@A8j)oHzKoheHgN~LwOzPk9l#&sH%u@%<u
zh81R3IO8H}Jfqd``Z5{6=Zvb*Q9HQ&M4rZH&*|r;B~p(!c5d;7#R5HsWO0ih*(ztp
zN=lC=&3iaB_ibja$+uurlgT4E#6Kp?;u{kY+$J*6KP*^j-&aW#0aLWaKd_G}uvZ^b
z&lrDmkP^SkUd|5+Hk+fgLYA;tQ$S>-CE8;4k5bGjIa9I}NNgGu7ZxNIj|ngZghq(M
zO5cn2iG@U+-Mqd0EOksKN5}f2{$Bp(;2=}KV1Kce$e0L=qlokjwwQu~!-6frW=~&H
zxV|MWD%cbn5fZ7yue3|a+A=92%Z8*~g;H{~R2!pJSU<RbU~rTrG%~`uUoU@)XRK)I
z?RVDy*;z~ZSsb0hf+KobdYMGqBh4O;YN_}~@0W^<v6v!5OlJRxp21qFv<m8&MH@rI
zgEQ2S7IO`ai1iN(4Kn$gd&YzZM_3GtYFk_<z&|=P&=e`UD%d}~RiL+@=!QVi2PV;X
zp_b@Yfu5e89u8`|R@T!i{tHWLTa+p{=v~@&Yc;r7*KJ*OKupNLSi5s{TtuMSfP}xb
zxJzhwKuoaMZDP}0!?a}bRN_zmmzv}f6A~8LPi>R2PyXZ<xkd+D#P)jn1coW`DgULG
zxb}}0$r)j-s)At${n^I!kB*8_Yw%KAQ{wMbQ9rs@WWR9#h&XLG9n5rtTmsc&Mx>Kd
zXprdtlpV5E+CHrx;4cz2OzffbEbY+BTOOHzDo;hd3H4I4Si2#8*+1D4V(CO{Ytk3Z
z?1Ui7t=y}({{3UWLn|KEqE#34@>=&=i)1{ewbNENZNBk<&JcL-Xikr%_g#j0Y3Cm$
zDJg4GQcmltJ9#@gm`s8F`}+rk#yUFI72m`BqoYk}XEb%^$kx8I>ro&n*=|irzWzxG
z*^`p9B_$R~I+!JCWt+_EauW4Mhh|dU)E959722&%nyQ{H#p(DL@on|G4N380UXq<y
z!J19t<hdawn~yqcLsDXvr1<<viFQdR?ZoG=8-7*4r?i&qeZPkjpX=-BA-kZHS}2n~
zR_Fh#u8egsML0Q|{!-FePmU=r)~5Zf8ZtXc2KoEMD(2LzNzc=EhPH;FFfl)~nPRgX
z#mT;Bgh`z9O_uk{MEHllKd)b=^Zr9sB76KzQ8DIVQ*5Z&65}7H^i8OtrpCgoNhw}x
zD@{H7_cuiao1-HmM3XFWrdS6heqq`!O4NRKsTax?oy4`$B`Bz$e~4q9aB;;CHT4OO
zGlly{r5*Wo)2<Ss5k18kgZru13CBz>Q=UHJ6z^<~2@CdA3pj@bM@P5vb1`{(#(LHZ
z5!ZZ^IXJ{RL%kX}n(B!2a4WyMVt>~&sZ&pFx%%2k$lnraw$Ag^t{tMjDF0A%s}3eV
zFHz9bB{)3F5+{Zw*5k^%jyc%L(a|r;-y9w6W;XlBwF>prS|FEpbZ8|89sN7`hlz`k
zpR>uDrQUMe)l*ck7;l7y1qZ4_2C?-fM~8HKdWw{d4mMk~+N^^W2RT%UvY6H4)(!Xc
zRLrtP|E}u#QRdJ{v$|*g-a52Yl#O?d4CpOd?N}#N43E@qGpQRRn&e<|bW-=GKHt+b
zDoR{4|Ln5PB9CLlC`;CASh~I#*o6l57Ww7q+9Eh2*c=+@XEBQe@fCYG(9_XT+dI}-
zo=RUI>pJyJ`_H}Y67Fva?B(ez&jhZqVgp4!h;DWXjuitbktinD@Zj)BbDU${z{m(o
zaDR*S;$_VnHR-H*Bl^JFKVs+^X%^!Ub<et{_qr+2Kd_f|cv8pYSSKbT(k#ZNVg#z@
zX2yiBV{-20AKj~!Un?z7>zL{V_Z7#U$r7p0sw<LM4O&-htW7<lM9|x>g{hT~ml)G(
z$DGO9G;hDwV$qITy=~II)iGr}64a=tr^tQ3wxSlXDsMm0BJGgy5*7P()8f`u`&y%p
zP8knf^{5qX;^5NTuZu|=WQr~oVI;Mqmer;xb7Y`6m?O>3YHEpgSX=DaEUn4%tEfvH
z*bb&vUVdVZpJQ{qRqCEohskDfd{qAv*^v1GVoM8kC;jhC3qw-;g>#yttNQCOFve^a
z=LJ)gzol2&IZmE${#|A7o#g&?b(st-`>xantp8%LqmD)2AMC_iuMq#kFTL@pS+srj
zf9ps|zqf2w)H@m-Bl@W$5Z~Zv@k?AuRLm`nw;tX*S7vsq%y{UjKg^xgQH^I{xLTi&
zp+0pmZoOz}S7ULR4-Xf^iZ%g`o}OyV(#ss#&y?}zgPOI9xr?zDN0Yj^xIrL(q^rZP
zKU+-?LpAbecl{VK#tHEc3>Kppb#$Qp5)|v~Whh)PG%{LivwB>KUxU_mMOn+JBh#?R
zo}xk84HI`K^=GTv?*3_U<L@VTN4-S6-M=oP4hOA+s`qw-7{t7P$#US1@KoE7khTWx
z_J-&?apx+`6d4gHuJ4_~ePVr@$ND*$w6clDvQ8#bggS%}!?N&TPi=orMTw02A@e&W
z;u@FX)U4)*ix`lJ>t(oBVbVWPp{svXRIo@n+3O4c*($YWuKWk<4A*ia`5&n<I$Hd;
z(l<QipRH2c@Lm5zo$^;gxZFVp|A{)y!O@`uL>6hCdGa5qv938dDomUQL}H3|Y8!v?
zpQ%>-M2eNi&y9be#`;k)(Y?gUD6o&Gw(+U|K%L@@ByJ(Qh#!E8`T0LsUwF8vR{dS6
znB%kPr#kIK^xiowvr`&R9oCz0;-vNu)aCD&zR8Kk`u@~?J(qssr)scz?1ibDH}!8+
zA#S-wSj=&1=Zg`nT1(R3uSM^hg@2<84=3vdZROusHY{57fp(cr{(DP@svDm2_m;Ju
zqyFBq7InP`jm!SYyRzaEuWj+kzqPd9+ZT;XXLeiH(b**K4}}Gb3#Rt;$GX}Z|9L@u
z9jS(*&f@2OsCKtT+yVGI*KSXraBX)zH&pAQ-Qp7`PG6r`Uu~DfXU%x9yNY|Tk!DLP
z^)`d}uH6C)6hi?Y@lR|A2a`DQbkNd2;Xf`G8Y&hO{}>iaG%gk>hLI7Gj!w~*VE-U-
zGf9ls`qYWg9*u}SKJ{M|juXYhSvbj9*!rX<?MO2O(}sw3#Q9C!ClP1ppny<u14az6
z#m$)LP;m!E>`QHoE04C!mv;`02(@^M8>*tQ$(a{%2^1+|_Ux@4Iff$Qrn@>a7Q@xd
zhhv_4V(c<5W{H%eY3n%epdlI+mU(6GkL}c3P{^zfCb5S*IEs57K3;yVCUHHeukGuT
zX{$(oP$15P+Gbx&kEJ~@&>Mck8dINl2Ajh}Bm6DF+A>M@YRYN1f#tnY@%T}H+NpNb
zLVNWmkF|ifH5RHJ|0~m%3JC5Q8X-o<;vSn?JUKlg2AApcQ_|;$n1iv7UFkvXNwCR3
zKqS6e-NE-Ffqi2_&DyW7lZ?qjUR~~DdQ2vdI`>BUTrHv0d8yXz(|&`fer|QRe{>)5
zI96Lxd^W8M#67~mC~;u)>Z6uRu+B_>h8^M`s$J3&)j-+?OjQ*yAlMwKE|jE7{Us5p
zjX@TwRJ%ist<<1h9#tl*42=*+M3f~mLY<SM&IwOjc$Y@ere0<>dQfM$cyO+mPwI?{
zQ+ZJ`JTg{W*$ruN#Hry_mEs3Wge64fbB&^l#F@Zk?x&s!#4~g8yD?I$EIzwh+89=k
zK6TNAOk(CBwFWhsm`OAyLXS?(B-+ocN0YQ@j3rvFXrT(xJiRAZs*a9G--KjshQ%y<
zCq<{VcXsKt_Rc{`@f%vL{G?<=ptbZxY0&{{_=cn<GDu}=8m)boMlBoSbEplom@VRY
zfLb~s%`w(&$zW~9RCPvdhE37#J=mF)Y)W=hH^tq0vsd}Lkbj^_d2-7xEL6M#q29C?
zj~YzM?%Q@||De$RCS~D0yBJGIJ@t00N%`i!os!*KNzK|pc~#s|N%nPVs~)gE_1)Y}
z&0<1Ag3V$;)>~O{)9!!xjim42*!_=x4mInI*jd&mKFR@mFXd)VM`e3U^{!xWfAJtr
z+*OFMhzE5G`>D^Vl*e&@?E%V(N1}E|<&k}TB_*f+yhFKBxSq1OtgG^?v$L8t%3EK>
z-bI;^%}Lo(-a$F>5$@e9%X%wW)TeXW6+0$0OnnDuQ#NrGeecPaa<`(A#U(&3llBZI
z<FgU#^Fi?p@Gm?ZRIi}o>70MK_7;!!fYACp#Z`NV;F$4wiasmD?G$YR`MAT?q&+MY
zH(0EXbDZ?8Qr`&jRDRCs92V*SKe6S%=FF-jbW!Y;eF@^f7Lz5dyIiz$q!=(<$tkY$
zVKLF-yy2+a?rg7YSS|i5Gg)Qg4asHAu4Fq$W%+eGC0l)EdmcySOo@8p<&e-2aWSyo
zu>3c-+cJ5stM+_`9iiUW@>JHA*Ro50AfvwA^ZtW2aqrGSd%UK--H_qYDIc@F|3J)D
zf7<4zWru6V?9gXrXq2Bi&-(Do)$kP0nyF&md%pq1y!US`HcxvNCc=OESy(gi%+5z^
zr$^d1QIoeA1L{xcd`x~Fv?f|pR(}>Y+4<i+oKOxoP_m{aL13(MFOL{r2ZgGa4P`;?
z45_gAGsRxsLRH4(jT4!2qCkJ~d9FZ!nl%NKERM>Iy!vBQWl8}hYleNGOw0Ed4rEc`
z-U9D+=bua*vG5_$n!j@b5qGTrt7i=dxeG)q#urc@@TwL5wUd~558<zzwnPf3i78gN
zy@0)vx>g*mS>%RfOkdfsSY>kotx3vFQF_hxtm0I#a*z6%dP4m?c}D$Ax~P6WzNvkG
ztk(E<_lBCGt;EY0vWYJX{)IHaX(4?>;|qz?(hIe5sUz$aC8svZJYFa!DoFf(QO*|9
z2c?$_nUx!b^oRG#_l4Exc(LN86*aq$7gn!Q;!%SsFhDt5SU$p67L~GBk|)`Vx~I<2
zKIe)xWC>Ot7K%|;7gn-pzca*ZY(YWdrfGC=v@)S^w0Nt<I$pnASoG#RbpfqOOAG5Q
zIj9EatAPk*Phsl?QoWQ|7n|-ZI(w12w&5$(&m`@0srH$&N-ULCedHm|Ztp$S*B)uq
zi_~61^$!!t<}8v;yaOZNFA&cpO#Q@56k=@9Ds4H@X3<!6XT&L+ia9FVie)&zTAz<(
zIBM1W&G>>sT4p+n{i*Jq3@<2HXZ_n(Ce$L<GpINuGOR{>b3uJ4%PG@07hFUFS>K4z
zUw>d?SYL?{`5_X`Tb!u1gHAs$I-C5wt?8#-%JuW&lj8PD%24rNSj*xR5*j9c{hG8(
zyrIm^;&o&!G(x;V8U1grFXHNCeLY8Qn>>F1OT8p2)SG%=G<Dv{Y-+ksR6j4y7tOZs
z?5#{J;peT~d}P<jTlwLcT`O-T<++_0RcXHk<hv_Q;$fQjWofd$$s&FmMMuV%#eI3@
zSPAt??$RqVvQM-=-t$ym9JLeOa!J&m%~g91M%;Wchl)E=;-_l;w6E#?pr7y6*8Zv2
zX6jgT012tgEoFFz#?e7NQZ3@8X7MDkw{pE=rtkA8sg)ce143e=#chU2v!k-N6UU<$
z`iMj7irAVD<a^S}vr^H@n^H024pPsE;2>pNY4H|$m~x@CzxqO#a;>z;Mde{>?Z@}p
zGU^+X%7!x5XQ;}qGHRog17*YkdO`dL^Rj3UOqFj+hbljo7U$9n+3muVN#fhoE7|Q#
z5rN8V@qOD>wWPMLpGyx2R<?+x6aNtLkVvr`lvAR}#OrB1qAq<SyV%Fc+UH5_^Z5-?
zK%8)tcWUXI5+g)SD{rc`n|cL@iKASZSVoy9X5P84R*>{aZO%O5ZBNA#qB$$Y_odI&
zSmJZ_bIl9&Ge!HnAwHFC;#Dr?ahYi4Wtp@N`mU_jK{LyW$I!w3m3d|Dm4uh+8$YJ3
zwI8R7`3uE-d*!J1`B?j$_)49#L42y$W9#@(8Cp(zgU%EhB~BsMQ%>gBgiM~xT8B2S
zp;7AT*Hc;OtYmrrt+~H@sZv&!cNE8jdN0Hj6Cs{ti}8KhQ{xP$EA_0{JN+>4%~PSA
zk>TPi=7<69hVtSpul2~p;W<RVToj*5){L)?DO)RK{GH+GWPR3WeG>j3dMlIBk$9O)
zJcOF#92yntEM6iLJs#_-o!`<raJjRR)m^z+!9&?uF})+x4o+*^luP2Lnv>QSrnF(c
zr+CusgMyyQ`iknKFL5&X59NNVC=z+1+6fze5S<`uk5!I|Wn+~yB9bEJiO-qp=Qizg
z;c~Uq-+Wv0R;A2e^-AAhJr6M)x1P|&o|{(N-u}jh_nM$zI_2Vj`CMpwg;0GT@V&!T
z%zOW5)BovL2oHUfdD7VS`TySc1C!Lle3N=o*4_=)280>jIM+^W@85!WZ`7;}XC1{r
z6gMZl#o1Vn4AloXDl?3qt+W2!_*q+C-k);JaDPgiZ(R)IY4rjnMxo--kY6*=4E2tI
zTDx`Vt^OQS8|RhjSX+Hd-dAg!7)8r(E*bC5X!FE{CB1HMKTlD#xyi4ywvM#5Xsvqh
z;1(@?|KRSJc27ivaT0dKm@fVOV70A|*86yBW93&-m)0Wjda(FC;Ap*TV;wi><LQaD
zts{`YP%((m&;5UQ46?>KeF*BV?CdD6@ms}(%l_aA?emm+)o@hKIqD~l%<g0Tt5HTK
zuW>u;DWv|SR)6kgNFjYzhLMN-<sG2ruJ~z~VH9J%KO*M6w~NHQ_ji#<BJH-ER?VN@
zMfJsgQGa}Si$v7FiJH_(^q*(mCYe&keUvDMc23sA&^ihc4?Hp4NFSX2$@VD2o$IJW
z__TM;Gauhsdq#|>-s_o6##s0%D*H$j{F7};A4h7tO67ZdR2;HeF?sCQGx@p8Lrobi
z?i`%FqYjjg-q(gpsp@B9VovdyI!*nY_k;Sma<=;UdXDyeuK4eE%W<cpa#GyM?%7lP
zdN|xcJ1We|&ppKb2K{d`wD&Z{>czQCnc#wVnU#t441fNitZ$-ZK^ZZ8TJK^gCFWdi
zsAO|j5?r;v78zU5B}n`kt@={+*oIDy>K=+w|9UqpPJJI$?)_Nhctgi}>RlD_Yg9Zr
zQ~yL*duL5KC!So$;puy)V(kV7^G3@)>m4@zh<UHeoek$a>+LJ+`M-`Fu!n_)i$9+A
zREE~G4tf7O)}2t#-hSa?u}|$^Yo7;~sC(8)NviLzTyk@)E4wRHef$z5{#48SZw{jL
z(W^KIznA%$p0*7a2ATQlnb?}0$`DU+FGB1Axo-6ri1r3-+8*84;Qbbw`h|+WmDb*|
z|JMinKi}4GJ;e`_rK0yTN#B<Zn7%KXDp>+!)%)HF4IPz<4ejkGu2lEJJn<=hk*XPt
zzZN*y&{_NiZH)NybnTXUkou|{PG`zlQO`cDo?ScC+760O^)Ok{NIOh^ZjyGGeCzhF
z50hhVnI9%s{(BFTMNR(u4wDs4?Cs-ss$F_i`&_uodYJ6|)Loh2`QLq*{M7P4943#N
z{$F#LY;GxTFR8sJ(|@F!xGK2W+dto@_HM%df0h2fyZz_%KO^c{DQd8{PduW2P8FZ(
ziT%9;CGEQZkDmtAn#Gwe!zf7`N~^b~(}wQWo4SUfyLFa&=1afBEo#Aq;+1&Q?SIR*
zj1;HKUFu#^t{zoC51vpzkBZO#O?zxv%l|!lY@IlAlP{@z>EdPebHg?DGevxg!Jbd&
z4&vWC5-n~?i$9-K-n4WQ@Bg?*Mu;b6;<<=2>V}<*o4cPnN4&8VqyCw!vihc-lGRc9
zrInMip-p}9FA}jX?dj;^)7jL)*Uj6nc{|^>rdA%jM;M?i@Kth%*C`^>R_VzyX$N?{
zkeCSTA4@k6@Co#d3lP6y1C%9R_0m?TtnzY6$6K$u$~*7$=6D1LMg|49?9jH&d+P{L
zmioA+E$JQ})JD8imr1GTKF;ED-pZqSq}flq-~V@hFe*!Z#i0DI+ShF&`vsfb#S1Z+
zt;@?>>;dgzOD56Ow${y2QoP08{d?-6<{jxB6Bd?9*|lxjX#digOhUKXijmGEv2^yj
z>6;%J9;H6b?A%KX`^6u)i|0e!CjrXUwvK5FC{Np_?*nVInu%?4b@pxUuB`T{lV0$x
zPx}7p7!j)OkAJt3hub@(E!)wzjdHTR_<i$4P1Q9o)X(8Bt=lcT>HlNzTj1)duDs8=
z+$5-|X`9w`ntn~E=`=Hw&Tx6tX4)ihW6~g@0Zr=IUU^)?jle}7d9;}h8Z<;vQBjGa
zK@$}f6<bu)L{U+(Mn#PkHAYlaqQsy<jf(pH*Iw(~d(OG%65^v@XMP`gcJBY|z1LoQ
z?f2UIti3#d?{#eRr~>WoY;QRw#4I@kcrVAT4ShnCkVd3`fp#D}BR4nFL;DD#ANq_K
zsXyZgL=W+*y|uI`=&#E5`-}2IjUiNzje#nnb<n!XyjsVnWB9Y@Nc+<=&Bapwl@nLj
z<z(ZF!%F&s#~!sn+X)G_Za4xgcb!EnC#58%IRtwnCm}v5*}-ENvg+GN@yE_3x2KWZ
z#wMb*Ol_8A;KM_lJ;Rp^5hd~PuOZ-H*Z3>fN#ltO(u$_hb}7+pXePJma-vK{myLs5
z4m6vVEev2s&e`*FQ0u>f=+w88d+=&<$F`BX?Ot;G9wPc|ECSt``sA^uI#^sx-zlxq
z4$2uwUse!?n5wFMS@zSA?R&9BI@)?9sCcw(xe4*bew>-)r47}(iXhI*Vx&iZwNC5K
z)7)vHx3mN*SXb?@@~+A$)IP}NuU>GV-H3(P>$I`lbnVQ%6qpI%zQ8z3o<m)rwlj}b
z^G6~l!`BcG^nGYHJ}f-GbX`S>(dw6g%-wlm3g#37W!l4_v3ncQXugiz?QP`N-voMY
zIWWI)wI?|<bNT#*zO1Fk`?9<zd9#ou=<8SES?7hCLc8b0M5qqX<wp%yrrm#HI!=}2
zBZbxeQm=OHr+PwRfmgffQ;2Y&ixM4$OLK<t)o>1q7v9{u?<CI`jr!0@Zmsq%;-S5p
zct{CUVY3?>!_@(70AefjixAdcUY=&5qbyu}Axf{~>|F;qgCa-qhs{8oLGbZ`gbeNc
z6&~6v4B<zAYZha~0zSb>sh42xd}INi;4^wFI*(yjW2J{qhoPV1vpu}pr@+eCiut@q
zf?=U$k<tN@>Y08~Ow5**QpuPlbGG26UG<;gBK;qnjcxyl;=7-UuloU1uNX`5ji(GI
zRiE`xqv<Hfj^A1ZHa;OoofNjNjm3=GsWvZV<b`QSQd`&bsga>PfAF{FdN+Rh<7DL4
zQ_&SaNaCs8Y3%|2&dXfedg}j}`l;OjDUV)u6r{YpmE3N)=q9w@d`~j(fv7$N$L8|U
z994BOw|>^qtA4<Fd&Hqv!O1de-<GZgyG7LMy<V7BO7l@|GM&@buE(MAc;==GhH}dC
zjU#$=Rw1GahqUv~9662@)&xx|cjFYeN&joSGPMD-^4)YWTssTrWzQ|dWT>5_DiR%s
zX-LbNX-6^InMP;IN^7=am0;c{FkV@hMg-Y0NF}jz36StT*3<0tDpk&%pyVPo7w;4$
zc(l<X3`BP!qcNUv&B2Mdh-zalTYEha{fILU;WHy33Xz!9FkI+(H?htECkEAMrpzIQ
z<i=+REpp>m2u=wa(t@cYK2XS8nGx~;_i9hl<KeS(eDqv9vqYMdR$r3HBH}^qiwnsl
z5w&e-^!>)(!_})Wk9#x@l`qtczi5GcHS+dCQx=l9R}K0WdGjlqyuCi`Aam{1E?I@s
zSCy6cyz`4mO}hdjX>U0ieO=w1<PJVVZr_8)QVZ3(SEU6i@Ua{w>>1iS73c~pO2~eO
z@#?u%9_^fR(?rVX4Keq%*JVDvL#H9=G#KVKe9G&Y(?Y|;;YWTR=M}r3JeIhB8XUVl
zT4z}*%_mPU4aiVybcu)2lW4D2(ByV)Rn?cEF;o!}-It*9PL)mOUxHR0K2Z5f5bG8a
zm8;Uf(!bUy#~ZQHlwVkFz)?!owAnkcUc@qlss5y_K)W|+-pBY7gnGbv`-@c6y?bo@
ze+ilFt}tc%OVGJy4ZaWpUs#X7MsDjH#G^@uM%|`Xp=~?eBovF!gOzA@hf!7Sjf@61
ztO<5he#KJ}?bRwM2Zkt9Ujci&tG;UXhQMC;+a&oO<u<;f$^tHxf>vAY@oJCNXs)FZ
z!|#L#$;j%hjQ+`7O?#*&LVczBb~UA-Uxy>Ns8d4iQdG411C*_=FDs2}{w7&zK~|bR
zpmJ(f?m+ES{2qi$lS8Poi=eZjZ#1iXt38PoWtH0C8u}+88FssZ_?jE024FK9-)@AC
z>1(g7Mcnjq{~9q)9`eE7^I2;X;<a<vV&4THTj7j3cAbmZsJc1SvukM!KEeabbWD|#
zBR&gw5%dN?50gDbl`M%Fr!Fuk7gh%F-8oo>eX+`QhCNJZAu59~_fS$(ej1sgx@sLX
zW9vwxM~uPhhVsFY_aOEY4iR@~ou?=mB23iY0j0Xl#L@s<?Z`Ck{og0$R0daS53Wzq
z&OJv@)Gj$6-y?Q!(bKip+VlkNK!?sBHY8|Up3z}b#h9gfB8|~FpE6g|Ee|U#a{_+)
zVB+pUJym<;b?kdA2vp}*)0akD{s7%)1+<Zs+P+%77`k|}4M4iTfOhU1y5`Q%_WU7T
zJ7;}T4y+7$1MtvpTc45(a}#8GG%^uPCJG92P%;5+$9ih%N}ED?^=hB}0lQH&_heYN
z9z}E|Nu~WNlJfDe_6DwC$7r>7)A~GUTsak$=$!~WgkY#ETga{5O7752h<JoY`*?kl
z_LuYY6z%@YA;Aq-=-3v&N6*x5y+=>eUb;t5U09l5UF|Oi<;QkFypP_CZ-tYz9e<41
z-fPg)a)L0NRZ!|z-;OUM`}M>pFWe#qNQd<q)kM?6g=g+*5WyQQDB4S}(LI?pWfcpc
zH$5Srtjj)kkDfqsuc`Jgf~pmI=ZH=)-j}o(n^joNSV%*>G@Jwi+Jnf#B$kj-no-Jw
zv{Whc%L_|zdPb@1RW_H9RX#4LH*56;>N92->96!>E}U-<7V3OV+gYn~mIP=wOM9V3
zr`(-bp0AR?HwXB9@g80B7tZuUJM<IsD^JU<DP%LLD%a5IS<Ml9k;6!7V7?uoLr*3l
z!|02lzvGo5)htguQ_J;N=Ph3CMgG!!+EY8At8KasHRY%b?XELWL7qGVbz}RPXbrEQ
zi2}NOgPx>4zd=vdw$z~&ZaND!WXnd>oDG}wl!fR!Q1gj;$}*avRd}_t&QS-pR%?%*
zq0^E7JI+K3!<|SWX1;dOnL1^ft5G0OpnY1Wqk>hR6o6vZLWi2d!pi)WD$mGwK-;$o
zgvs=SD*J%eai(5Wl#3oUu+|&UF0My19bHuMJ9kiG^wGgHXDSw+KU1d*5MCxuy5NaM
zbuYOcaPiq|P?b3XG;KiJc<pRGOC66Z^@6`QH|d!{>JKX6|M?~m=%Gk48MqK4%p%m~
zk8jZD<I_9KyJt4&*+Ht)AJ!pa^L>=&zylOL2cKYv!xm^4*Xb&aQ1k+Aa~-Nl1*xe;
z5Zbep{K&&ZrS37Jf~^<T3M4>*_HG@j5mrBt$A+_X6m$)Jg=3VBCq9RaTcf$Jtn#kK
z`^0751f%k62Z(z6lSIAi8FJhHN^bY_NNIAs_R3j$+I)PZw7DLY;)!}aDO`?Z#h6;%
zr}cUQf-FNP87|-*s3zu@C+00oL*N4KK@_LkOE$Qd2a0e!5d5SnxD=J>rL*+~WMYQt
ztkyPf)N|29$EzpWi<?xtLVt~n+v}1!t82C42FmMh<jj>{Q4K@rVJV{~ZPdBjx6mk9
zt9_&-^fF1M9bZJF1J`;s>hT$5|5@dlL?RWkq@*CAZNx|Tt`p1E7wnD!&ZyTHS2@NH
zXy;LdZXTr6YTqDtXqeo_{gg7NvdmBC{;;1x((kR;Lz2(RuMU)Zl$akSrib38NNBA^
z;Zj4C59@UljW3N(vKQkIHT6jf-gZ!>G)9rU<wZsz+__25sq~N2RC5ZnS1A5&#6+UX
z?fZ;=51jQ4xXl~M?LCj&+6&0tt=#TL_2y!7hp!~J>nd_bZ&1H){08{o?nS%y95Qf%
z4MG}*wF@x{ALY^ZoP$p3t#eT^U*C$3>XSRsj6dInZtU4-G3=f79Qv~T&!KDks2_dV
z&gap2ZGKtTViUD%&eh|!Yqsg>yw#Zn%Qx6D)VAJ=7=OJLM6dZP=v~*Zd$0wY!BwRS
zQhMb@5c=pvOctmo*Lu#?v$U>TblTD^G6j1RAzY}Bc|kR(uhj<61^52kKv@M$+^^Pl
zybNJA+)UYvm#Icxa2Yn!&`Kr78x4BGGS~^n*i!`Iqp!nJh4~mIa4z7>j>0IeH(vq=
z&ENq0r-~0@<B%<==R93CR_;t3<~me7Z*K?nuG^5mn1noUE^g&G-nTS6>o>~eS5a|3
z?&?v8CJSIh$+xD&U+$}-TUiRU3(nW6lh+=(OAVh8)noU7ROd@X3S+R=e!iZKe}-Fh
zbYa@(_vzXc%xW$`k-u^QMyU@kKxtom5eo3Li}kc+%d=pK2(!5JF4Ye;J1fX3$N}q4
z<E3`b<!WRjKc1zj`A2xduvU8(iK|{CivNojAQ#=p1@iJ56*~=5?^2}I+Ibg|u;}fS
zc&+_HRMJ;2(mmWcsQD;txdm2f!x!rb3g!iu2P;oIosx_9B})kPo8N2iU5rZlLX)02
zA9pyc`#pL^H7`}+Jqe63Amo?fnDece8d`!aQs101aa&+TAf1M*>cwO(WtDb21mn&i
zGi!=nWM<<<)U)ITF+$<C1ZI)hLKY5QtS=)QG8|ZWhRVpRopBirg=i)DXb0NH%OI7y
zH%MZ2Z<54lI;CBI5e7HPjrQqfC=;_FB=gTA1W~bwM|+WETn{=pMzEKtsnB^ri<C_=
z#5#DD_Qu6DMfrN>zymE{s9`@b)bJs>1GV3TyZy{>f;kWRbH(7&a@E$1Ll$-hcQv7p
zs3}+ZU0O~({E5oC7G|3)d6q;#JL6KM*0B+^V-Q}u>k@roepNL~GAoFgiVAKkZtaH4
zc?LYcv{VtodJ9V%wE%FM^6qLeN`!f_ls*I+ScQJ)lS{aGEI|x5Hxiqj^(2VaMshnZ
zB$jbh`cmDKL~R*;;Br_LMPH4&_VT4@_OD+WYMaR?ppRYa)t*6UO5A6>cwS|{nJ5k^
zw{<g#ncCp{6n3@t356KNTTJsVC%5SePWkG~kj9Ib>8Yr=>J|vh>8R#m35V8ama_Kb
zWt6P_?Xy&m8?RI}uQF17n}VVPAiw4<<hNV7t*sPdp|+`6&(k(<Mmh_%OX&A=&Gg&3
zm>xp_XP>8<DeY^Be&cP5vU9leHb<jy@n%qH>Lv<fPcU!SBCz(R;?0@bi&3e)LezG>
zMASxy$KmJ7%cJqL^>R=c{e&nCpYtuaBb&)>y`0>(tH^C{{T5_+yuaFE$)<gJIck16
z?iM1}BbQm)-CIC^+cr>$$yB$-5fKWSNI$gOuQ0lwd#=C)ZfUtc2RATLRoser_196#
z6wqN<#7c&muQBVU-|68IgqEBbfQTpCVoiIZg+{zDMlzsvQij^V7}TOSklWcqZohJO
zJ`RTQCBoZRqLOdE3ghSPSLsQ))qd3>*u<midP<(M5{N}64jTj<vPq-=HCqlj+VT?n
zmMx*SE836qz=V>w;ES&U`$HcR%T1q?bg9kWK!H|kw~}8o-oia&8u_V_hdETk<M=rU
zMByJLrL}C)6Vca{<zuYkbplNev^J7v3lf7IH<8<YA-R1`<hE`hxA|(Ya%7VBNvoci
zu?{9k7Y0k!5&%oHOK-rebpK6ys#=c8u}LU+uvnAos1B~NVhVLZme!W#n+lkcfqVWk
z==LwAqQKoK>NO^ev=pcA6st__irZ;2bO(y{Ia2RzeG+rt3tz{)cIz8@T6s+wKF3lA
zH+?IK1w^>uLrkZnQu{JW{Dr4c-EO=_#~5*1O$8lqrQBc!4(8HA5DSWz+SKwMiX34`
zdv`k)Ww`#as?fhYzmz6n55BCc32>lzoxC~c6+JJ=gPXj0cu==9buk?(8{SR@%mbFu
z>Ktm{p&MC1dw#3ZxMT*ESyX6$0wR00w`*JgrL+$+*oAjKzLdu0&U=xO5o82wpgzh@
z>cSIGKG`xgF3VpVC_}-(%DO)v9~;pvmZ&!^+c0mUMcU_o1&P78D6*<TYT(qK*`{av
z*MxKz)U{ZujP~>kYMQ+DS~T;Uu0wrz<T}hUZ*J4mNq?DvYcuJR%l;csF@d4>0DA2v
zJt00bnB_07MpFLrY|NFoC9Kv)ZdUC!A|ZzoajKVFzyj9YHZCU^`P%D9iVy*s+S?=u
z>JjcCimSEz$*&u4F_9XEUu=SQ<MpWYd#=}0Psm?a;KxyS*p!j!6m(}c7PRZzAe<Jo
z(j2Y!COs)f`_s*OVrEeL;ATBJGsv-VM3t<lA-UFDunuHRnCQT0^w;{Y*K@QzH$Z)~
zEU>bKrH9bh-2&#i_NlUil(o7xgvfxM(EJLV8m9)uL`VyA!R-*Rnda3L7(pvR=%t%L
zsQDe0%Ml{CxQbMW=me}po})OTs9UZ5iIU&_9>p4htGVV^RFtlBY|dKa4SJ}9(cXR*
z5eE-Y#IaF>`%q=mo~De3YKhY@rM-1CC~W(XC=7f=6e#;0H|nI5%E(|PgS0_Y|3`1q
zLy8R$#uU=2HeFA$;*~W-XBEN6H=^NCQ?mOwRJH<bF9~+=W8n}J@S+81fJOP0>##C?
z?k3@vB!fL@qtCT$Cgfm9iNfa9w}W`^CnSX4F;xnmlH2t;l5-Q2)yg=Z(O0&IOTg$+
z&*{{u)2;|s!QiXWWjB8i>M#q@Jr`5=tbO<aDrTCa$|it0c<aq*_(3P#YaoE7rgq)U
zI%XlxTDO4KPNms&=C{H8PUQ}6_%@emI2TYrIZAl&W+g=JW)enU9nt8oCwK51qHz*F
zObNiM)dE$|FTaHptNzMRduyjE+;c94Z#|#f#tX>py^!46i->~garWM#vnJPAIRzXV
zdp~+bOC!7TR;*3v<T%gbX<V>(5P!K9EbP3Pk}@~X9!t!C)<?k_nuxFAOUSLi3{heh
zqTWD>W6D$x^%xGk?d!nkNqyDQP;grx5hZ4UcFPMPvEh>pPSP7CwATFs7#+TXnDaz%
zw;0;0lx5Tew9(u21l5D8VJ8P4ac5+BVV|o)t+Q#KWoo%-gHAIS?ULK|c=NO)Twy<@
z3X6#!wQplT0aBrJrYb>JHo@0+l+l-xTTvRoE*_nIHEn~4kyq{DpLHzMzG|wU{aH`^
z>Z#Usq9}T=r`j@j3%T1nQ7n@@+Mhe2)!g?IM(j;{^dz-4uv*)@M^DN2uOvkW7O{Jv
zhDju4JMGf3u&Blxvb0E1+jKi7gSYI_<Eitn!X5OB7lX!Ydvp&gL+2OZtQKY+`}csM
zk$Z@h_8sJQK1A-w!|Kg0a))1~mJk{%9A>eq;!y#3Y?ITCcj#1&LM3afL)v+FP|bXU
zQW+glsqlwuTGt(_8#Jbgu(VB|UU{`mn7q1J|D6|9n+*<KkWqyq4;&_ffkNx;**1$f
zY6DYy|4yZCugVLOzNN}rfF3hC)d_BkY6o6KZadES4%(rr@J{1sL~rCI)_1ye-W;Ni
zB_f8__JZzJyEf#F_NBc=9l*{rDdBXj{w|%iOSJljF%7zjblBKL#Tm_n<P=X5Z6eSI
zDbNt(E$YYpcZJ8OH1t;0`GN8(yx&O5?fxr4a#HGIvJ-#C-88GZTTdrsY*T%5x1L6L
zAymMqejD%6lSspdpXc3!glS7{)hg}MyVXY8D(wtX1J`aLJ`*XLc{>A|#l1*^UK?{%
zyxM=aj?H3l>b%pmN_+oqkZb};G&SY!Qtq&FYg_4klXADg<$31Td(=Gh24bdeD}@+^
z%YOH<-$P1Yy^Z|(t|fODyB+j<>`xSWDa?A7(N|rowb!>pn;xjn3Sc|Wc^zWZt?(iw
zya{gE`V}*(s#4f=2zbXU7Z}=9JH*-!T8nhuPCPYlC!r?M6q0t6F4}<wV)G7Cc;Tv3
zS{`Y4(N=NWeZ=|+ewc0q-+$gAo8vhpIRWiH3ebB$QR{ky+}gj8+p&|}wtjM3hbVfk
z_RbC+CJjqN^Ot>}ps*_@eD&^a_v+z+CaD~AA+PrK2fEwc@S#dYx&5Eh@Aih{kRpyU
z+>434+CWjeC%%Qa_oRA0HpJ*m1uo?&(>}s3f(sS6IIt2sf~K&l6@Iw`4+Yx3`)KnF
z`!}3?Zb_h6sisuY2kwL9S}r*b{C008x9>V|JtbAU^nP^uPdq49*r6w*SMk17s!RBO
z*Q*_P5R1E}N72$Q*r`)<q}vL!9eQNUP@%Y7LTmVVU*i1Al_=p?p3u{OU4v6RC-|%L
zo%$Z_!Y468OJdr{12nBx_kbDIGqOXSVArSEamb&x?+M+z79V03^3BP%@j*qyazA?d
zj#j!;%(DdU(9cEATp3!!gHSP_mdOXLPRL(-g1-#kEMZ=P1*Ymp6EpJ5VOlgK@COjV
z*{AnG6zcB#sW_V-ph}37eY+{N_R)i&M~b9<59*X>t+59|cOekkNe=}j&vSa%b02wj
zK1r{?TqV@r?9pxV)Bf@hh<AMz#Csl!ApRN=uYHQLRrl0!DmUi3I!4}YPe*#3`7k`%
zpQd=7&miCKRP8YuiyC^NjL^0|rt?J>PBpZwj7rH+ud;seqbI_Z)-nfLt)1PAWh;+G
z4wcVB3OC(Z8cWCHsQq%UnaoJPMD3@kk!ALrgKy{p+UHL|65Dr?3_RLfy_o#n@u;3i
zd&Ahb3#+g#^I<h(HqC;$tH1IwJ)MU|tZbCBk#?&|vA1a_YNL7A8HSo3MQ5eb$mId5
z<5BR@{36vsQnYMC2ZMiZq_+q0mQE9s+XokWOW_@Ca48fnd+h7mMZ4@tOhKTgl=6_(
zn?r#{?<O3rqFDx3?k28$5?LNnnH_$a#9__sVHL@zkC{&l7{x+GvSBAuX?smIfI)Jb
zUZ*M$zYu2-Rc+07s{2k|`i+m{RKy*R>&Y~4!*F+)Bf^_c=pOWfxitmQfjb{+)DBP`
z9R-76^9>RSrmkeh>+l$T@d^F-(qKV;>DND`oJD2W{1!3XrQF81>GzOw5ALVmqa);w
zZJZ8w;9PPCFCus75^{$xBX^`_I?4oAwsC@1=_g8))uer~_TH1|8p0}gZR7>fDC9t`
zP+d$%SAMUxy{TJuI0rBXIu_^h3gBIqgG=6aJ*8u8c;P7>RWJ1Nsi*aP6MXJzy~G4x
zdRi|w!PlPFi%f9u(|TzbVrloZUS`JcKdo1p@h4B~)n<IgGdemGgB48ipV9GEOc<Z{
zjK0>4FMdYH(eSYU=4T-I#w`$Aw2=(w&Lfv!kw@9XM74*Wwhucd&&Qrdf-Oi8^HSyZ
zD|bw}t*!LFN4Yz<(eGVt<TkaFJ9Mk^?I5@HHgd<5+y5u}-FydSB3ZlX88oj;cA*2s
zdI(#7N)xY66Q~moi?Crrrj)5Gf(|JyG6c?uZrY{uHl<VK)!GGQvwiq3#R1$<O6vRr
zEt@b|wWX6n>6rbI%Dzx4W)Br{wRV8gXt<lwXi;wOOOz5#c})6fl?SsXMtk&GHTfAg
z%#)-zZrDS#JK^#G@;XIat+mib#%}dCMH_ooPs9cWF4g-4iVRr9D8)rT2z2RRv9BR2
zjx%Uc**8GMcEhD3kby!>*Q)52GKBqz!mhDuBGSV!G6#EJ&}Fe`42Sz@4L+cfXnX}p
zxEGffV&V?suRW*3Ob7qo`<!UzqUzK-Ul66UQX@vBj5XFyT67P-rb>2*Bood@Yrnx(
zl-SzC6uD_XMI((5&RiOMXqd<!=%?cqm2}E<X=Uh?Xn1GASu61H^B~#t9+6yx!#6xF
za?nb4KOa^tM$P`+#9zxOWo{TQMg=<Z>YVVq&+EC`hm`v82NaY}+d7B5<^_EXPKlGJ
zHb^OqAp)J9A-6@jwV%=NX61G$w^z9>pVRwM<@VHm7r%Gck=uS2xvgh^7YSp*ROHWt
zc7rOuM^up1ENiOB2PQ6X@K34U)L5&%NOh&@LW*k9Yb7ZfFna!?Zl2U>cfW@49T!o8
z+b<=zPr3b<(eIwk<aS&^)T~GTX!-W#rv7xQjb!%9OQFqIQCvIBk|OGA^yDXKI1&UR
zG=CRUQ|{S9d2ZdRB#0*V=}W3#*g!hR-fPKk5H447_2~hcP1_!7dWM?mB??-5odgOu
zb(P)c_E6UvehIA-rCNWhO0|RBA?1!Kx4o0zblyd7V-LCA%58m^e%C%iZu1x=W$a*s
z<vU*v?Op?Q4}$*APbuWU=Li|Y)rACLXtcGn2WTxb5N-DbJ4dv6geRaK900kF4gY{7
z<F!8{9#)^me!5!J8$=OW`)q*5A?FPn@_%mti=A+6Gf#Bbq3#u=)rGVmf;w`W&nI{2
zLZm*)Asd@tMK-p)iZ4W*4h2&d3bdBjCX&l*Uei-iq}b<xn%*QS(1_6f<KQIN+<h6C
ziix&6MVY<yH5_4~gSI$lKs!=6uWu$zdU4yn0w&ygsu3kzXUws*TPX2CB#z>3CbxF8
za$CtAy`J2<8;CWWynIbhsj4Z!$V6W`9ehnst}Ld{O0<?i6jLD`?awKM&wH=w{Qfhd
z-Ss5VI0zS=0I6tjMev}GE7mWiiq+glzCBNwd~Z>{o#fm2H2Lm&hTP^|DkNO=YK{d&
zTYzW19<6wI3-H|6LH6LYMCxEakt&309D7&lGbr`x(LJy0gsOw&gAC!r7wvwEH8f1I
z`rkpU7z#m0wgcK(Z_x2=j!&OaUG|1<Y#=#wMB0^afKt<l%8GKE-=*J!?<v}&M4Odr
zp$})q=_)Y+i=10p40Q1l@0vGxgVn5`yePcC8ro^t@FAFMJxHvyeMG{s*wynuQB+#!
zQ*%0B?(Z?@$F-ZejI|AsHupSOXJLh9oV%rqIrqOsa{PpH=}ExpOWf(n*LI?xY1*qN
zB<2JwYVhrr-?t2(-uaHlM~1$IFsbJ?*|ah~jSK6I4NC~>9#CP(i}B7f%Qkk-F5jzK
zCQjngVUX6nV5okKa@_hkx!dc$2e<BGayu^l9wti}TJK&QH`=ooYRJa7&_T4nh1yO!
zgZ{m$Yd?oF)!&7%F8c1VN*&T&t<}9nojMu|3=m>YffLwJ`|qW&gLkPkwo?qE(+aBi
z=Q{Fh+(CYA_mZCn(;#0CeaTj-J`Pxg<4A8&=M=2Sr`e;AuIeof;1fp7<S26YeH3}<
z0do7EAh)v*g!py<?V`7JO!W{?+wr!pE)06`ZOVyuCH~p^HsUwEtP+3udpfQeV{2li
z+MVRnt$g~G+xRMIPAb7oEeGD#@tMAM;joTR^|iKPozD5wRb{sf>tq2y>l{V`0qj+1
zXASFQOIbU27}U0b0y>&u$|S|SMuNAz1JCw`8Sre`OzzIs83^Lj?gO1`-qE!qs)MKb
z%b~#0uGyz6x^4UPQgw#Qw+6==v|IM+unUOGfIIi;h1%Ww^kVImeR=^jx~G+5D?&Tx
z9UWh;;$%K{(bbE_cl4F`+*HxkE~WJQktTYrYsqc8j@-5zhzs1&TL3cJi~Dra%)pKn
zBvh$xq15UqV#AFT3|o)dL1HfC`Pn{rw!ss5dzsvUR}}46$?bWQ+`j$f4k@?o0LZv2
zw8z1!e~otF9WJYn-qDr90)%}<LG5!$111EZeOF(*YWwJ#TwkCVH#Wm2805Vli5}eg
zeUPoamfUvb)?ZJ*>u>zNro|bBHL_o?(LUI(`?Z!4J)qq)0?9o+qOa68y{lITwZ3=t
zBJ7xyVQG)MrQU=5aC(sL*Ycs?OH9y)--F0;c^hVv+I#PT$qMb@dpOytU2uR{_!E+H
z$#Fa*#Y;zYT+UiZ$NaQQsL!eUGli<GEUQ|n-9Dl#V)zC(zf#-qF1#C+H<|%e-kl?Q
zmG(Kk?xNQ*hAlcDESCj}v`<HL#9KojU};<4(-C83uyUPt?R$vOatGzU3oZ^+D6{(5
zvZ-FD-SjSQ8?JyQAHS~vE#x%qHX=WICxzqoj8A2?o_BTaFDl(GB2#xSrLOj9wSDjE
zHFR&Cb^sy^RG0d-k0@XRg225`x!pvKgJ1lf1m8?tHQZ1BL(1Lt0R3)x@cX(L(bMjr
zAOjC7RtmM=_jGLlkBemU0?6R(cA54Dh3V>{sGU!d+pXN@XX*Fu7s(xX86*oi_$Dft
z;g^a1OkBH#{g~?x=u5PAdcFG<3f=fBrI)F7k>|biz6Wnmny-Qi9gn2rINDR>(f%4d
z+#lXE3+};3$gS<21<HJ>o5yw;hIaob)^Q%o4Zw%^q};1L@xGo&R|M~RAEyC4+Wt}9
zFfoElSKrsgR0!^?dS4Hj{P1cIAhgw7idU<DAN}|F?}P1E_ku~Y4Gyo?@xE@dMd8(Y
zDctpMAxqlh%6&(<=f6#FI+XiYxN42XA60v`y_CRyig?jJ^1@`+dH~9+HGF`NShitn
zPix;#l!lbMdqh!vmqcewX!*#LS9|$`&=SXZ_4)^)DZ26MT_RaON@VU<ZohKRe4pO5
zD7WvjALI8f<&NA)zZ;r<0{7Z$e-gdK4t#j{CHDHqTw?EjtV-<agQgO@{o`<n-T$$<
z#2!azdx_nB5CVPuBV?`Znz_-LZ2su*nS5KAY=D*$)#~AoOibQmV)79Slg~IX`SM3#
z^1P41<UwN6TCFyIY^_$$Q@F;h5#esNg?pL8^&uRph;rMu(eG~M)?Q1$o0Z$I+!5t=
zTu1L~uP3()uBCFG{R!B-{u7WLvU^=kUVkC4t~QG0P;Yxap)Uj}NaKxBg1kvV?j9q)
z5d^euBDeo$1dpiHonsM|`jfGUO1+WJNcZ3CMBx2M0%v?0LEt<h&~_j3(XHItZpD*w
zoA0OJ9pt*(HXaYRn_R6|xg(p7S9jLKsbA3(Uw>TP<blb%T=kP?cj?1=&NkQR<hTLX
zuGmF$T4RP>UG4$bfUC|uugBdL(>J9f=HL-ydNacBKC*Rk>*Rj-m_9NobH=dVulKv^
zTs!qTSF66u)v5Q9Pt3GgvF=?*^ynk5w#nNj@7AZy8o)D(C$@1)%cO%x?26erg`NS|
z!O1Of8(e*^sZ(R8#>P&a78jdT>+U+bK_7E>A3YS)3rg)rwoK}b8;k9C*XoPr3`}Wv
z@6wy~TD>KvO>dkuBd*C+v}n$>Sy{tzZF*lUQt6Ft)_1x_T(c^=+}ri-`k3Ac#?&*p
znWDNnz<RH1>Y#h)(IZoPr*!GPlR90UuH9g!NpH}55vj>VQP>?rx+5|1?%8qc7d8D$
zM{K9w9kXc8sOzAs1)=Eaj%jw)x`$(0z;WlK&M9@1yN{mM3$Jz^;=zA2XU?24W4CJ{
zrZc8wyQ`#Vn;tiN=FB-WXU<M*jm_Ha>US@i)9>zd)y3@8b0~tlHpV@C<U#j9i2Yhu
z!=&D+O)<5u=1E<yUc7Gvhl}PQgRY7`2&==jJ!Vwz)cf7jrtLnWPETr!8ARzM)lFVB
zCoeCv);)Fhz@+X;EqG$%@uES!h>dU2hh6T@$sLgAZkM}t(xN%wF0N4@b@#Y-$K(v^
zwK1)(X7yjYyVt!Fc^%a2T|Ih-dql5`Y5Q*bl!_$xG`D-!R2=fqOXK)gOXydZ%Xl}V
zG_Enm?M|ESc26&j>zu+N>FuP@&!O1R&$c7^XKhSr+%6aYuE+0CfDw1-=RqMh5=tz`
z2-pcu;^uDGM^LWYTsvKZai}nH?Ni+I<~2fy9kIKAI5ue~DtV{7BW`;P6>e{=dqmad
zMRVF>J6wzAG`ZT2=t6mS7Ql_^!kYm+gZgg02Q@x!+ARJLVLMQmeal*=Z+F#BA8>bN
zj83VG8Ac6)Sij#piGnq{I;V8S^dB)g38L2<W196r*FnAYJHxI)__yh&X4OujmNew5
zceT44Vwzl|C{${LL-;oijfDQ<V&mFlcPqj@E_Y*0f6Tmjv!_m7G^ZuT-5N7@?#!uU
zuBoWyy)O4omwOPtQyXI3U9pWW_n50qZ_}qzJ4RL~4Y=asrp{P<%BZV!`t-STOWR|H
zV%sO}bWLA0rzfV~HRf_xyQk&##x%N{+->d#_lT=GX4q95Q|m4r(z{$8?lxDyt9$ZL
zOjg{G-iYSZF}X`WrKsCAd}LO)yECRYCUX~(XhNYcniCfnx6@T!hek6JGkg@wJ8pCm
zc&ydkeXh<)wXwU7*p13prw>nQ(#IyJrRC-1jHy<XnK`1n$BuE=9_t=F#=YwpcgwK^
zN9j#`y}QnJFlJDn*%vc7b;Ld7o;4a<rz6D%h^}>V(TYYinUNSyu@Nn$&E>9jxtn7f
zVjE-njy$NhOhI7wb~k>jeQNs=#P00b>(`&U&DH9PTi=W*+g){fQLWyp_o1<*HS48y
zsPnE<ce^UOTxmP?c>{WjKIm?U?Tcxd(vO~CyWZ>`i9s8k(mko!)fQLlu0L}7)E2$z
zxM`r?kAj#sd;0Wg)20r%=Ecv$7pHCLNc!P!cMVK#M8g}I)Qc*0@Th~w4j(hED|T00
zXUz6V+m30BsYB6kkE=yV3{RdrcbDF9l)G1VZ`0lNdcEF>KJK9FR5Y6Db^5fnm<IjS
zQ)kw>XRcV$=w4rc++a){YGs|PZW8h}XX>n3v+CXT?(UdfF{j{<{+)`y5fn)+`oktY
zCv%%?dQRyOsE(p_P+J^yp(Sp2ow{PhOsb5tXOHS}?)Y8koSM;<^y@jb=+vhUPM$t}
zdftkhW_M0?)0Baj7QMke4ZT~do`wIL+`D7iTr+0WAJMEYn${6hKWX=o@dNs)V^nO@
zKzD6yziXSTdO*+V(bu-e<n+7NR=2o@rf?~BqL<zo<BnZFctl^!=%m>7Gi#@ePHEJu
zNwlM`9#{34zB87?&YRh;XZ7frb2_MN-G1aY*EG;ZxW*Xj7UJ`E>Z5vZOugRin%NvP
zpl^@qJ*GW|GQ0ceF35P>lonTm-in8YkhYkiqXrRX(VT-ZU6ZFxpAK?yv2(igZSEFS
zfEGPAwtd<uSuO5e?tXm)ed(BMTMQb<LDwlwF-0@#k~>{V9g`Yjr+3G6>v6-b8I7*G
z*!VfST|HBVT=8`=?PzxMGGiMtg6z~QD!RbeoZaY$M`GjRW)He%Y}Ye)PKu?{snt&@
zU6i?EEH17;re|`UJ8nczqCXTVDoD|+S#wHfCE=f(SvmAFYwg-nG;-75ic{7$=%=jB
zS~PdjqPcVC&TH1^&08_IsA$fjMMXvP+$BlVrz?VUcn0y^ZJLHTjJCj=kGq|*yvK8_
zu4(a);ih5y%@$nU=u+4#xb9K*{~h6@YqjnN@rgJ7{t<C0e(b&M?-ks7A7dOeRsM4y
zVB9abF@@>>Gyb9YvwV!t5ZpPJahKqxbjJGyPyH3+pTuzdz5>RV32vRwxKD6g7ULt3
zVM?!l9^(wbCBJ0+N5L~w8FvYG{|Dpu1a~c9{8LDg==Gn#I3PGShcVqZPX3vT7{4lb
zNa+0lVj=(8OW6N+f)7gkD+Nyz`g;WT|BS=`5SJuU{4p<Mzu>+M#y1FFzl`x)g1hM&
zZv1@<S2<Apl2;i2QgF_jj8_UC+|78CU^g*>Ke`Z);;#_@9fD^IeY)3%{2L|wyMjyZ
z;P`R4Qb5JOlkra!uGJdufuQhr3SoGy_!)lSZ!KY%((U>-4Bz4J0u>&0dI`tBO>om9
z#zTVJwlj9aVm8I^{|?8WK^Xk?QX=>}QE-dk9fHRMzah9^Fwvs;S>NRNX@WDSGR_w~
zQ}8*0Tc@*sr{FQcdj#iAWB*u~s3rQ-zQZ^{@X&FLPZ69c@y{0ADE!?jc*S=){PTjR
ze~)p@(M*5+&sg5y7u>dm@h=2xRFUylAh@@c@dm+NTNz&`c&MJ~?>79;VEm0^IKAl`
z86PjWL;NcRC!NXuHw!LFXZrnuOaBk!1A+(7<?ypntRye3k@4w*M=xf4qu|{V{#n6w
zP3(Uh?DA0jQyUmB5nL<yY{3U_WPcdNQsLLOGu}rSW!Nzjgz+~8-6YYQDfO?AFoF)H
zqGICjkAinCVZ2$wm#koV4+x%fGUH*v^~)Lm1HSPm`n83Oy@E%6%ktSIc)ifONpR;W
z9R5kcS}x-c1kaT4Gw?+?(H~sK{y!JoEBIu?e?F&of#7L^9~7J=_+!E#bxIoN_dEDD
zk8q2$?*zg~ucDCYT_gT+f8p@m;@?rr{)zZ*g~E57!2HoiU_`ItL=Jz4;69P>UnP8R
zF2~QtnR$v|w4Cw7g6E#h_!l^INB*4!j5i6Mdj<vq{M{zl4XdN{w^MM_d5qr|JhPGU
zbezE;debgooGG~Re8v@mcZ>gdf|~{3D7fJd9R5+kr`9t5RPfBl8UGvh$tk^qyBL=U
z9@)wGa>1STj2{x5RLA%O!7E;6{9Ejp5xoXj?4-X71kZkw@pFPZHZYFE&I*N}DfE9S
zcupVtZxr0x!1z|dC4!$39547o!I>i8Z_Hr&qvHRsg8QqP-crH!Qa)9Jr(VeZTLd>Y
zGk#3)v{uF+3SNIb;~zmCP5Ie%3*)7NtM6d^2f?E|7-N@1g)e=G@iT%uPiOq8;O=t9
zKlwi#zE1c}6Wk@?7YlCDxISJjxI32d1A;r<jHmv9>E#^Bc!A)i&pEwQ1P^_}c(veW
zp}*0<624jR=zC1BU+}>X8Bd<c=?zTc_PAc~^!M5SKEaKGV}8itXVb(8e`$h?j^Ow=
z62{LC=`Z@kfBGvNeoXN00mifck?9Qy{mTTW34X@#Ka%NxCb;uWj{l7x2|s%oCkgHp
zTr9YDi2b_+=LtWL39b|WcLdLo_%mlQ{VqwbQgGIOrnf=x!F`OIjPNVmN<NPXo_-bk
zj|pDCnelgj%=G6x%(z5wtIVhN39gXwbN)YZ_#|oH=L(L$j^p1XIIo%UV}fUPGS2x4
z$8Va>{E_~i+Q-f}7#}^Gam!yge2w7lrx;%)IOiFmFSt|M!<2vK_`5D*{~3a}U%>d6
zf|~>v8{q|CCU{mOhrdm5t@uAFSQGzY!P5jE`7fOQu!R3-!Oc^dUY_7tPji0P37*}~
z{uc`FzmM^>e`R`ImoxsU;Miw4{!+o(Z1xWbo-O{53vNA@{b$T!dZQOI{x`vOg69eD
z6ZtI@oFuqN@Qm+IR`u(A!Eu6j2_Bol{@PDP9)f=*c=VU-zfN%b@0g!k1uyyq<L3oW
zPh~v$-<aNtOvV|4xBZ-Px!}g*8DB2AD~0i+f=f?l{L_CI`TmmeI>AN%!T2`8y^9#{
z5!~Ztd{jKgFRfx+Ah>!h<EsVdEMPn+c&708Ef2?^vx@y;XkWF5UP=Ed!E@8te?V}N
zq(3cz!w-qPekNF3%;EC|pCa?&Ccy)9*?+s>=48g-Ok{c$f=dL?75UW*?iT+x!8x*?
zdPHzf7MJgvf=^k%_@9!P{;Bbd7Yc5`6=C$ZQt-fkvwywdosyq+!Nb2|eg_3-&g1aY
zlbL?M@RKgMXDRz%BY65B8UH+m!)K;5{+-~`pGkPZ@ls!365R50_W!3;jz4^Y$Xjrn
z@OQ4@`X%gthu~((?;gRezh-*BN@IFOBHs;y8%1851(!<tJ%ZN@-Y>Xa<b6as)0>&W
z^nW5a>kQ_nMsS0~zgn;+`Rx<DK8fS+6+Gx+?D`qgZ;|jG!HWc+D!3_?!~b6JPLcm5
zf-`Sq{|>>^CH|{|XGnP*`*Th&>EAj0Ji&2-PZxZO$m=Wvi~nZ9&0QS-X2C1&X8g3^
zY2yF7;G(<O{}aKxj^+A#++5~o=-Z651(%3_so>ggu>X02=ZJs1;E`k4|1rVs9>#AA
z-X`_spZ<f>oAYn%|7*du$1^@laLF$i-ypb|6j%7$DR}l=#v_8KO89U8g6Ze{lKuZf
z@W2AbD+LdwF>VyBB{JS2xFm(~Ucu877*GEt(?9ixjDIe;`3H=DC%EgM8Lt-HyO8l^
zf-8Q+_%6Y9KW6-*;O;q$-xu8e6UNi$ar(pAj8_OwJCX4p1-Jh@<E@7OQpP(4kLEER
z5<Cx={?gy1`Ak1k^7BK%r-*!iA$Yfx*Xe>AQ#t+xg5zf}zFF|>e`Wl*;M&EEr!3&~
zI{y#j?+Y&d2gZql<AtBag69bK3GR~kHG(sx{x=97l<}iO@YDis5047Yk@ohw;CbSY
zQ#fion=b7;NATz?x{}w=yzD=x)ur$`f@@nCzaY5d8;m^*IsAIT%LQjX$@De}-u^h_
zUcuA;!g$K@9DkmKpC!0k!p|4H?PyMKi{NRW#3=rLw20%Msx;x6_9wyhAF+SRV)mad
z;U5ybXg~WW{fhnD_c7io*u9tWlqKxn{U+nn4E#Rhy@IEH$hbO-!>=7>{GQ+*3IAUw
zkbkXKg3oy9Z<pXcoSdY;q->6#m8l?X%`uL}JdXZe6kK{C%L8__RC(54!uX#BcZmM~
z*Md*Ei2eT{cy1HpYXwignDNtuzoBU(J#g?hB>vd;QTThm=JZY#d=lZKp?{VAget?|
z!{NWVjKi1CV!TvvcLL*sg0~BPHJ8J8#k2p;JmAT-*kCw9rGMOs<X@{b(#8Y+iUrsI
z6XR`ycm0TQ-boz3R<L_H<JrQ`F9?JF!5=aGbH#s=gx@WA)^w&fV+F@w|82%k2%ast
z_BZU`CwRNU&`<pfhyU%#<WKrw#w~(({VU_+|C9au1Sg)txL5M~gWrn(D_p<s5j^#;
z9RJMUvH!?!#z7zB-Lp9S6{j*D3@|<}pK;xPGOiRnC!6s}1?;~qgX`x8!4<z^{Jlc<
zpEsZJ8G;9vF+R75{ZD;>@h5^ucQF2qpZz<gGQT$qp4-QGT`~KQKE~L)QqsGc@lQ)6
zzVuh$4lthkys92r0^!NE+K1og@+}hop&gS|fF{97LyUI_?z*1w9>LSw80)K;evjap
zf~VfV{+WVz2`&<RQ0Sc{IDRpQ-zGR`|0KoF{eqiCf3QdJu=xM*G)}+b7>?g8c=#yB
zS}FUNNcdTTn?&EUSa6cypy0N5IsLl?S07|NDtOuf#y=}#`g7l6{5!#8F`WJrg8R>x
z_=0DOe*0VH96w&l>vX{tf}avR`#G*39|<m!{{567$Ip`f`#!<3(qI3mg8gS6;QCuD
zxanQSdjwCD{`x;or|{^HVf3E<j;~_ehjZfecXAEWt2>?XGlHkaa{c?!8V=tq?Q^~0
z4(X2`5xiD#%vuhgBmK+o1ZPSAa+Ba`g7+$n{zBT%!gb8g3YguXzncZ`f@vrEyZHC)
zpLvk+bAMnwPuf$$dd7Xye$E%HUB~&E^<V7YzfY0V{wTQOMaKW~NA{0@o$-T$N8V;U
z^}pGF`xxUh1&_FxpLYd!zRLcIwH$ut$BeTDkB%}982%%S>jdvQisw@g2_6tU<qW1b
zBG@N*AdbUt6<jBH(wQ7SPH-9FqcpAU2gj-eHwo5cKj>P)&4TY2oFn_0FAGka#_>l5
z$A63Q4>mCUzHc!8mEg64R|~HFCi`C@c(&mC1@{Xc65M6buLFHF#aP*o`MKbq30^Mv
zOu<!x+hsrNLctfM9HH`mo#2jS#!m_UiQqB8uO_ko?6Wxia`8Vw@Ckye1fMVXa>0KU
z{1joxe}%|@pWtr6N1QGGBL5!?o+|Rs5IiLESRr^s<h4O?qsaRf!LtRwAb6gH|6K5p
z`2Tn#r{668S%PaNy$ytQ%!mGMvXbAGg1am55`T{pKDt(GlljuQ^&Gx`KZn0m@YHu1
zZxP%k{x=A265J`cTX3)7y5l&#mj!oxlkow;&EH_`+QjL%O89RJ?mCkFe<*luC*x$n
z9fD5~yh8A)f~Rih@Ku7FWV}B|@OHu12#yupCAeDfQ-Ws;eoJtk;7R8Q|F?2_-xE9}
z>BkFh68;t#;qT(`D+CYU$+$*vCLMgiUxVOw!Pg0%`e*jPM{t_Z|Eu6`Nq?{4PT}t}
z!OgdE{AuSh|CxVc{8Pc55`UiHCP{C(;OUZHwcvOu-}41`PiJ~p3$Bp$)7^qcr?LM-
zg4?D1pA+1C4Ew(>c$U=1PXucpaQ*y71M@$WIz`FrCxYipW;|DLTRP*Vf~R>HmkN&i
zHsgB11M!S+7To^tjCTs2E#U_R_euKtdCX7OH#z)w1yB1H<21oNiHv_ExNREaO2I3p
zGCp5$mf&rITjJRN4#Dlq7(XDmK9}*cf@{TpK=8p|v;P6Xu_rQ)J)ilXdOG9p2;N=6
zc$VO`;-4tEUGNgYnSxIi+>+1n%LESy-Y7Uv@D+k*{3nOMU2ta!<3|Oj6)=8PaJTq>
zYWPe1Z(YFoY5Wa`pCx!y{C_Uk?PLEu!D**3UM;xcRL1p!hXh|PxJ&4_3myn^_`3xU
z3w}~?^D6e=D|mMq<1xW;!p|{{%zvDuH&bwf_$LUilk~F)qiJ0G^bx8(oGSin#lI35
zEsGl$LY!^Gmoj##$Z!U1_y-rN$RU594Y%6xBR2fH4S#0C(=W2p_t@~SY`EBl@3-L>
zZTO%KfB#}@dTBO%rVT$~!{2MN#xJ(vKiTl-Hk@^dHU4Eb{H6^jTxt#f-!|N9!_zOb
zhX1V%UuVOw+VBsXZSigRA{&0hhR19;akG_Pi49+A!%y3A+~wBzxi);h4ezw!Bd@T=
zUu?tmHhiBAe_+G2Tdef5Y`DdSZ@1ycZTM3g{^^xg`nfi|&W10r;a(dav|;TkEB$yI
zKHi46+HjW*KW@XX+VBAz{>c_=`oFc|T7_#v{mrE|+-?j1pw0g!oBw_r)?2OV&$i)Z
zHe6!Ef3)Fd8-CV?zj-yK7tYT=*ziBvaJmi8v*F`y__qpcA$hG~tZVXjmd(G}hHtRp
z`)v4W8-CM<$831&HCFllz=r2A)(!rWZT?Ga{>yFHZ^LVB_#7L)#D=f6;dUGTvkl*4
z!}r_pqc*(DhIiZWpbZb(@Td)cYQvMZD*1-wceD-v*oJ>*!@suS5*z++8$Qd1&$r=b
z8*a7XHXH7+;Vv7#--aKx;iqi)c^iJkhTpQ`12+7r4aaV?%J;uqnzkO&{x3XDcrM5D
zES|sOc>&K$c>ahm)WXleb0(e*c+SF8k7pB}20Z8CIUmmjcpCB0cFIL~Xd8sKMlQi~
zDW1#lG~?Nf=W;w(;GwOLEAd=~XA7Qd@NC7i4bQcBNR@UAo?G#B;JFRYpYZ${&+T~b
zz;h>_E<AVPxf{<tc(&u&f#+U4_u=Wr^8lU)@$AC$EFMzxKZmCu&+~X*!1E#=Qun`v
zXAhp2@eJU31<z}E2JyU(=S@6Ac=qDihvywU`|*t6c^A)ncn;th#q&O%5Ab}5=OCVs
z@O+Ht6Fg&hKE?AHp3m`UF(@NEE<7=K+;}G8nT%%&o>)9b;5ib{QF!9;9F6A~JnIqP
z4HEyt9Z)U)aeQd`dp5#u#B&awbMa8vPW*en{3dKXkKkP|o=5Tg1rKc>?8IaE|2_Qs
zB>3sW^VB$e&4Aw<c;3SEHlAZ4v;V@s|Gy3V?`Z?7R>JZ5PWG_%W?z;V&B-#ED}v#l
zRVqvx*~Aj79<anw9V{*;v#83G<2%GU{-l$$mxw8i#Il;w>VWSw|2iLxtSmMR=%p6q
zR|N_U!m9)RHH!<CB`~{bDBO<@OJvF*2aF?md`Y;&tZFd~=zG1Zz04g9%J2&^UFGp5
z!jjHn7*5K@z3TKY8CA00Pfzc>%5pF0RpbXM7w7qMm(a^(KV45iInRcvrwku#A(71`
ze`SQ>r^q0G3p-Gesgl7qViDGqlxJej^1RCY@~UDOydkz><12){Ii5scQPG<GVqdUe
zmA|l>1f~ocnl2D6$SGX5t^l$qa3q)n!$XTRaT#AO-_0|AfjZdw@_HTVCd0NobDiZc
zUx|Cj?Yug(6ONW0%!XCw2}Vl^rIt}vlocq)y*W0~I474{6!ceR`~5{>nTBL&nD+7{
z=PdW-Et{X6yKw2U6MTy^$&RDR4md1)QT4MY=qQ!c5TCGk3Y$T{%8iH@h0#z%+?egJ
zB<tb!1f3(Mg(7l_8MzZp(jN1~Wm%DF9xBl+x;=($^+ZN>6i_(PY{SCS1Y@S#GP)@5
z1P6Yd5>1E?MMWMLfLXFxJF#S~aTnrJ^74tt^@P&(Dq~ZWbV||$6AniXNosij7TP9K
z?-LS3Df6X7xSqTW2D@NL_AsMEV6cN*xlVeIiA4`La=D~4l!FPTA8tl;uR3h4RV^o5
zYPl8pg%d5ea7E*G!LnbrFe4#8DS3iyM5U3Gl9V<v8sS>&jp%2h2s4@N9fpkh1uH!c
z7W&lC5fRYYXrE))^iTpJtAWnp%*F;CLu8OuL1!N_JLu?>88uF(5r=GXdEz7NW)eB}
ziZGuU^75db;BG|YE>blEk=cVMesOt`f9*;6rMO-_H_4~iQ}oRChUI3QFhR?mJE7MJ
zW@Ghc^Ty604rwGg9F1F>+3J1R&uaWW{NBN!K3NYo=Zhu@G#ex%`G<%Y#ccB7+nFCX
z9kWILaRZty`HvgWY_@;gfM#?5;|4Te6EJQ-i;4enLt2dgj~mi*?ZCJpEf*4u8`5%B
z!MGtUml%v2(tQ2GxB)Hq9E=;%asxsrWW=S=A)h3=(=2?0a_B~`XaSPd#h_kw16R~A
z#)Vzc0+_D(3J0-T*7M*RVB-z?TC<sE7>|w~YaD~rQ6r6O<~mv|2NTuNf=0Rb6f<P}
z&z85tQ4e|RbvS6mrP*OG!>}|PAdGskD$+N}(iZ7(4O&M{{ZMAEqeUE7#8ze}ZqPeg
zV$No(sepJguZFvjNLa3iRj|f|2^`fqIkJ)+X3!cVN@8p}I~>WlqSCmlH{_H2)!VKP
z(^hu`n@w1Uy$pszmaIcw5f{pPtha-X6VPM5HFTVi2{6>00gJ2|WYLzdau_f4@m2%=
z;{=`X)u+*Ea0Tbto~mCF5(!_o8l6fS-N<2FS1?X6%w3IZ45Eh$%}bs6$*@c`BP>xy
z?PvnwY8?@20!<+z&cqr+O61km;hY=wGJGL$$S+mhtR$;2b$gjo&sk@M;UUR#%Nq?<
zo``bf_zC8zFDr<YnA6M`6h|~%T6B=^>+8Q}HY5Ne$z?F5{}o?48&1QV>4?rDA<CuA
zM)ZX7ZjSyME_I$zy0}lmJX49h^Z~w>%k!uXjenW+gwjp?8q@vqH*gzSNW?u+o_KUt
zc|j;gu#$u{;(f`u^8U2by|_Eq8ZM(0H%F<vtz<b&Erm&_%dXf<kw{y%JS$ju8r{ci
zrJ=4v$i?MCm6&nD8h0gK@DwcwdOo_vg_%+@qmx57IN`9NReLxCVZJO2ca=L#Mhi>)
zMa%%MdA7+VL3!i_S!!lx&C;}HGI4%+e(Ad3`}vYC7P}{b5qi4(vMO6nlhh<1cR;Ab
zs+1PMu0UUnyEjOGZcQp_VSW`ZYtFAMEWtz;S0}04ea1}-eT+(GX*n%Lq*8G9!=r{0
zO%j5td|QIDBrs76tTN4>RD`sgU{zJ1pp-9{;xQ5&MOmd!@a|abx7hefQ!L~KEhT5F
z+u+Ssis_aTF>c{-kd=~OI;2rqy|}zM=(W;G@Ps9zZk#ssjpHSrkYJVgiRHNJ<1~NK
zIFe71n&WV33a;`gC@7!{pKyr=4Slv-pe@xS)KEQ1)L^l_vb-`-jaw6J%`y~@+9Zf3
zpHNfnUu&&u;V@{6hYAzX21BtU8elqI2+q|{2|t;CTk@g8m|GzKwuWJuEnK*e1v_4Y
zOE<#iO+0MgVbIN+INiL%;5TpKVbDDce)A^6uT%}(vK?H>Tc7Gin<aGV(OOGMP-l$_
zGJ%j0)x=smvN3+qaw0F7SAwf3icVK_F)K7FPF0;rVSn_Ffq+AsK~td{utEb7(M?2S
zz#SrTJD}1oTLL8IR{K?VO1jDD>0!q>N{SY0hicG#ld+jWi?}VcEaJ8JSjCB4TE)4{
z3sv>u-!U8FisB#gx>!r-#J|;@uhvvC#vc9+wH6Xz@IGBLjikl6>c{yWUm7jKce<M+
zrT$GWL${<TSDi;*i|!N(wNee5_G{7|!$!GM-4gcezYf@(9QHQKtFUpMZFD5+ut841
zkNrBQ>y^!M(|=tPgyz;?o$pkr;dY2tLTwi}yqja=l|#ogfgltsT5S=cUv7G3<pEu{
zo%4i4bM6>qT+TVhSID`w??WM2`aU%ldE#lC7JK8l{%TbLpygQUUt57H?Mp-q<68Of
zXeQCrRBvHv{z{&i+jgtW0^<lCn$n1#-!#)=&jexu)2l_eD;oN-hy`lA4?RZ}T~TU1
zU6iPfci@6dqgpY!#1rx>Ps<FJ1<LcW-tq=$<h71i*zm#V7nxA9Z!s3kmP^ppUGmwv
zDLCMi#-~Y$nr()e13x<xJf9N%xKn)r2UL#@5!3JV@ch9#{Bg#3P2?@F4pjQFkX8MT
zDGJrDLoShol1MySi6l{Romie<UWm&zF)t4<StUM+ICKS}Dzm@6h?7{v3j)<VKX&L%
z4qwJ!|9VYHFaZs(yg0BDS6Q=8e12h}zf@I|FV_QvmG_d4iM%hjBv4G3cB4mIU1qJY
z2?$Qt#VI~~3oD_honKzG05{q>1WroG^XBF)&OY9^G&}1zJ{$w|6&2_Es!D=2rA591
zTsw#>^!(+%D%@u#r`t&Lpg2-h%U+>W`}TNfeqc;LO<D(zM_qs?k%CaIHMGsn!FZ-Y
zCk&U<O>fklrK&D#X@zP18m1easZ>gEerdHAw=-J08O5^l&4!Y}$uo_j(tYKQxlJcu
z)!x0f4lHG1etEEl`{Rgy%gRIw_6i(&0&AdD^wYQ`vfR!_nzt-aorP-;qjZsx{bRTz
zw)Bzc9kI^f35308%*JwnI@MIT6v)b28cnsz=**n0he_wl&{bWfv50<HqoyyeGCEg#
zT<#Yr$`|Sqph<A(<87&P8dy+#u{3N&j%kZ66P8^LRZ%U&IlnRQgd~^Xp3AC)M6MCc
z9#uZ{FmmU;QGJb&81o^c$dEY;SMx;0lVbNbm7h>amh|XWQ>A=Tno;KzlO;umu;Db*
zC{1e!Q>rpQ@x<fO`z#zRtIRL;qITi*Ydn@XReqk5gvu%uTzM+8ysKYYnqPsVk0|Hx
z9r5GG%BiU;$qXW1rKzYK=~GCVMyWfw4Y@l7_GAXL{KeH^5AD;TwvNk_hf)ejVcehz
znZad&l_io;xUM<zl&~;R9+-F*5|nH+GD5md`(zM8PKUlvx@;^eu%S&2EWvpz%8@0O
zDP3xf9^6uD4nhl$fl+Cxt$V+n*0>@}%nV{2z+Jof)wsj<5S0LdPr`m#pfJC5!69o*
z5=$_=Lrl`K9RE^x*&nXZm~0NV#JN?d_!hF`<~PZZIc_Ya3_I$P#us%m9iX9G&T;m3
z0zylXnnZi$`GpX*!<sY)x}`5rfl??lP>~ib2-cJr<yWpVO-r0AN$Lst>k9nLylAu!
zubWB0;h|8=&W2vTq8dH%__ZdLn9K|sUl`Do$$_`D%pf<=@rk7^uA)ggglK6l;}v;2
zrJsSW=nx!Ww2J6*9h%``)>n*pUjtRksOcb0%bM8m_hi?UNr_cCNI60L=rFpYKL#h$
zc@M}xJq#oA7*Qe#zpe=so|cK-!ph(}hvXAw&7K!jis$g!++be?z<QcHIVTEPP#t5>
zW4uu+QNkGeIT&MeXeoWDp*B$lBqLs60_`S|Bv~|$#FLi!Pp`qMw}=-hAsvAy!Tfbo
zln<M1Y6ErWJ?$1DD-p5}ovsqmI8^Hh5kM$W)@;e>#tYGz`EaN|P+hecNz;7T^oa^H
zL;d|BM#E$}VS_=`IFMypG#JHB+eDQ)r8QMcE3vt)^d+X*4P`fi^@#kZ8bh2vJGc;i
zF!U!%P!lLbIsdk_GDO1K^F*N&IfA5e!Uh={d!odRU_YJDWKE!YTSFR^6*3CX%tfxW
zR98B(yx=lF_VKH*V#j_@M6<)Drlpc%H-#7V(d)+qw|h-{%ED7(>cSIGKH0JWFUwyW
zD61*+RpLhJ{Aynz#yKqP>=H^`<}Z%y5R$0YsN)2OtRdJ0!hB{zl_@EAO+NOE9GY3O
z_w*V}+{p_nJv)!dY8v1)8;;;^0z*tPw}lCDoWcYCM5|j0K2U+uBvPI!i_4>U(0$+e
zSlT-^Mw22_iaFJoHaLg33obS4n2}~2RgL5|E!3k#tP0YNCWs>u#KECEf%HW<=^{#v
zh{Ce7tELgA9_r8$Xohe&5u65p>wsTVU5pRIEE@jQ3~yCoeg$oRP`~UvVNR_?UraH>
zEi4tZ=q(WozfCjLlWIB*O^azSA>?;>d!eCd={Og-2JI0#x^UTree>|~mpTR$B~{3u
z+K*Btgq16y_?VA5c}r(l>4{(9Ul}OpRi7#Ou)qA8@YVvhqEtT%(n?nssk#f*AXCsN
zr|l_Y3oG+inlct5PaEjr1!*7<9)iMj>1eGljV3$A_%q8lL?#i_@FKG=(t$noZ3D|l
zb$O;X9!@L8%+HB=3)8UHa^gvyvNaacd=zt>khwL*(C04m7uHl(1y=hJGLk=xZR)5O
zNrQ62al9oZ1x|qz7FRh2cMN+X)_rt}Y(k_H(bG`d<{~qX2_Y$AfAx?-NE7Q&75R*F
zh<v0Nc>D_maF9I@d*g-RZ}d(5L5Oo1fyRxDMpB~`8^&bLtj=1CsOH_c$PA>&ijW$t
zP;jXDq2VONibKg^8mC&JYWxPRg79o7l&w^(RMlj_LE@<)t(1c-Q?r9SL^woD^Onm&
zawkvB{!a>2;S7N}pP|f{rb!_t)6uk~Qaj`o0~`*Xsl7!fUvt}b$VZd|;30l!ixH0l
zW%Rrb*+Ylx@HR8v@vS2T%h(1>1Er;r15*0@ii*;83xlONZASxK8hrz<V3^VHay1c4
zS#Nl&DC~i`PpKbgCBqz>{IdNkq4P2Mm13LNSS2O$k}Zhktv|nv)@+Wp3!;s_V(lWn
zEWf(2#8+8Us?KYQ-3pGBz&00P^Ma1sh7+zShXTltRirYIfnJ7Z9IBu4Rj<R4Pph+}
zlKiTY#qj0DS{f$x`K7+<pz+F=QsyrUR<84;7GjgkzqZ<!Pqm2lnis41%Fe|S5KtyD
zXw!q(!dfsf%s>@c&OnHCU+x01k%{ePN|1xnW-~Fj#J4zSiS4s*wzaWLF*hIK_?Kl(
zsor6SJ4`z}*NdPFeYwk38lhAaR}o8S$5rczK3cu9NIdaXSkyv{71fkwpGO%D@l{j?
z3-Q5surdiH>{nsQE{KPAhq7~tS@{WCiX+G<1q*=r22&uFjO`%f5VcX#!Ghu%%*Y^L
zHDlzp_F<Scf#_9_=|GPrlwX=&1#LX|3Ij!?Y8#K5b3I3{QvwzFMTl-@Ga*p1ItkUz
zhksM35<7=7SM`)Yc@-HbS!S;^7P{sb5U6T0X=VB4fnw4bU?ax<b-R@<OLRHq@&%)Z
zrsq;JmUbKJ%M4Fy>S#8;01hF05;&_qe`O_96yuBCVU>;6VXYLl8tn1-*FyV&egd5g
zgtSyrFf5N`Lj@hFdz#=k)@m~pt&^IQxnvH(0~M62U1lcOsE%UCxkWhe<n`hUU5aAT
zLme(V34aG7F&&ute<hMiIxQ8dC7}}f!d0V;rx{Y^BPxVBIaBVxrsNVTN-EKjhq7m@
zept!cD-qd>qN<hXTf9o0nZoz-<JWO(8lmpkD9^7VjkG{TC<~zyG7>o4mSfK`8@L*$
z6(2J7zg-Isvtp_{{|^KaCH1dS5Xm$lfl9Qr6sEYKPgawb_%QZ*!$YSrme}Svsx8_o
zvm@E`ipoF`pOmaKrT0bY8$(_}O`sGL*QC;5eo@r<ENydmoCg8N5fC$qbWB~a^FlkV
z6kBG#JYVzpOfz5Om1)FK5oD^1SsXV6%q&5cY@vn6YRedxZ1_l)lGVTeqw|ymy<eIq
zc@4^(>R6G#B8YRW-c>n;Y~GGLa}Je)6-ZfrDGoe|K|Ux}VFb?9e{i_85FMHU7C<vo
zMFb<lr58g5m5nvX@ull3N(_5$OB_;852qZW4Uz#~+nIPwh%ffj%Bq}JHsPS?iI=T2
zGn!HwT)EO;nNV0@E?{|^2v3+z%FJ9of1xjH>G8fS?@8V)(7@2J3XeHeiIRjvCu;gR
zPPBDi)KZfWBx*X2`ua+-H&be1g=eas1hR;zjtXG~;Yp=r0w@CN5TF^O4KDk1*<qBx
znrLF{B+E)nR!p??$*@oNQk>XJNTwMs^F<}E3V{R4YMM*RIdWv)d}{*LCBBM$vhw%$
zlS@pf|AyR9X*w*vld!-JE%uX8Is{E!9>1cZqhGva#u8qZKczUeh_mYEy69A%8PK8s
z?d1M9&S|32sBq%9%8xM>>sw1>^LjmL(%jJ9VVlBNMMpgygf;<E37(Z`8aTXz^Gxe-
zc0mklIyQ?5kV{5CjaI?xD{G^gKx|nz^J3qo)`=)^`l3LFR{Dg1psAi2uS`R$d}%<%
zIguJS5q?c`F1s4)?~&gMLyv#xl1W-kCgDOI{Fke95yZZ1t&1RdnDs6q{@;Dgi{$w4
zz3xSD9HsWz!u|bCC2R~H?qtFq{qJ}>VPo}w^@PHn*Z-AM3Z+A@^dz$`ofe6{qWtQ7
zOe(%^m8aJWljLbWTDO{(!{#{(^Og|Lyj5XSyDZ;F2f^rMTD0AzzmL_pLpD~6kjLR1
zI%8)&f}=9oDmYS*$z+FA0t8Ky9pja0vZEr19wC)Vf+pLJdITyWoV!t)1rQ#0Y9wX0
z8lUHft5kRsGOYD77rI@!Clh~4%Bs;IPQrU0KoE>+7RcuJ@h)P?=paB^cJS6(?qV!S
zLeg6tDLsCL;AWXE_933g%xS_1R+a9`<EaYPR2KSqqtmHkBzO{8R>cAO&f$wo%On~n
zj-1n$rXNJZstgoC-(j?@!zrtANr!rsFGTt)D`l^_l)aIq%&%;v?Db&_mrL1{M`H)t
zlfXr$w!@X=95zxzffFTgpd24vBQ(m$c_Cv|9W=I(a*&tB7Udwn8gE<NSVDtf<OZ+7
zS0c_TL~dOQZ)rh%C>VqdDb)QWbWb>TiH-bnROdC7`4zD8yg0N^4x{6^2!mv0R#zFR
zB&#jGzh$N&Ug%$K-2*Z~jo4{_A0@9^G;b4fo40=V&g~svU81*C8|!9WY?3cG+vpD*
z<sE9B9(-U@hW3U<bxjpM@{U>&u$N<$KQ?p-gu8TkVd~KBdp@D`B6aK${iB1Tnvye7
zS1L7A6G-DOD?o>*xE4DPU5B&xp6*{;hy&56Zyt~8G`PWFmT9CB!MJ0`ZrNcKU0{MQ
z+@B$mZI>Y(M@owLb1M=w9Ry*;AypQ2-HJMrNld{TV+G&QvPktJ6q<fncHE-nCA8Hx
z!9nWpEHBvqN9X1HpH?u^T2UDdMIz@QYMEK{`9G%6CYVpOUEY35#-<teOjsM2jvhTw
zw5kft58t<!<4%=A{yqcWE?}mFvl;YZzkITxx`HLPD}-=Xw6xHN!-?3D$^AW4u<3L&
zgTfL%;syp-al)>LVFphwWy)Sc-{4t}fF~6OE7o~)3d?v4!yy1|$)GQVHgx<Th0(l|
zD-TUV!bGK!QdLuc19n~uo0d<ElJc;@BNA7+pcAGZ4}IH$Ldgw(lW+1gfB(W|74}S&
zm|^1umX%w;){lpc0fb4UWt8{}Pg~|!TWM0htOT_j!bca#J$*zkjF~~?_f{5D1>xbt
zl<e1PqS2I&Nqo^noX%f-K)<bQ{+hoq3=v9*H+?Q=gfzZGG=;Jz_r=RaPBuG~L|GXr
z{S6B?VUsl>CU8brwJSBZuzgEmiCUJkgifQz`x56@u9QR6VJe0}F7u&iTm6G|RaI^1
zXmFI;F~P}&Lq2nGdXZ1ZDxT8uO$XL^3CSs*Bpkd}8?ZRQjkjjb!{=df8rfp@+PJYT
zK76v#lM<+c9hLGb4E~srVaqZ!*KnTCIAlh~eJAQ^7V1i4{-x<#PV0H%X?F&nhT$JE
zhGOs$af-=wv`%K@Mv*yZ)nRUB%W6atrh`&nQxcYgOJ7eKR3+9{Ree3gQ>jLrUK;p%
zsE3XkeMRIQPuf@x@JK=qN`qt^48Yt1YoT!tZbJz}6K8JwmYPk<0$5WI9~Sbd^WrLK
zqGer2XS&VP^F%`t#%s7l)2hj~z~h9i)JTb>G(yKat`dKR$^MCI+MgBrm1tflDPNp(
zUE<3<0josV-=TAPe8_4E2<M)xa?D9DW8cWN0C<WVQCEb{g2UUkg7MheV)!gLaqL+T
zVp)EI7G?(VzQs5Uz5s{87aCmI)~-fx;#d=$&s_cgDnTV~T08$Qtr97!fn)Tnq;oyL
z_gAKeeyUb#nTJxfnox(p#s!zz)JnX3kmFLc3^yv7QglXi99ZbZn?5h0?u92OCUubN
zHtdH)Xzed*boxAkU|8pZ*$BTfmo0xqK`EqIdL>py<6XpT8Sf(7_QFuxhWCWq_5!r+
z9K{rU$-=)tN##Ox`#HYcyz$$%aj0nm=NUXnVrx!mYKrKa+fYIAIUI9A9S-3Xn#bS(
z7L<$Cd~ix8nuk7#U_1L#xVpetUL88FZIchD7{0O`Mw0##d5j<yk;{;}FG*IhMwO4K
ze-2Yv+al4lT4NE0^<$m{rN}i-0Y#L5xT#IB5}PZGDVap751}uc!u^R|p-Y@cHn9n2
zQAM60pA^<|n#in;RoiFO>S$064fbh1(IQ%>&EZ^**NGiQm-WStITcV*VdZY>61mU9
zyNEjDxWY%DBidDXPgsoU=&49ko{cZ?j9;LnPHRb@mF<&n>3BcVymuk<ktpib@dV0+
zZ5|bzr#dFm7A@dcOxvo69G|%3*oEBz;~b^h3^1RflozIPO6?BNl-fy{A$?%s>Mz@C
zSi9cv&VHD3M14bJbzXovv|>!G$(&B8DH;dlO@p-Y%9MF?qr~n_yo`s3#Vbu0R24c5
zUJsj5^dPhxIy7U4!Nehng*QgNR98ydAaaVpGITrC0ZWR9krk4ssaPi}Eh9OpI%Wz|
z6{0e1n@X7TvNpP44eMdK)t&@c^~MC5?vl<g^&}UQ6+8x2zSY?HFRS#V(~ZGJ>a%WG
z5#rMVLVH345|j?8$X}d~{nsx@0ks<}*eGC8jT({6pIwIus}bAI8RaA)xhz;7tPYk3
z3Vj8zg5j?WMe=xxg2wmSenUHcxHOV{zQU54^3#09LD;`Xay}UNS{EYgE3OQdafmON
zLPER`pSh~<6d;YN!pcAezFjzUIxxwsHY{N9A|E@0g?_&1QJuIB`5C5wocs)1Kn{K|
z1ySK=Q;?Cq&~UQp79%O1uGy6Vmd|Pr71X4|J48^6E^hp=qEj0`kf9qJKU7G^Wdu9S
zYQ)iU$0;$x&#A-=Kc^BCzbGZfzP1v}&7N?HMGqQLVo`%SlvuQ|mJ*8=$Xa62LfJ|z
z7jq12zj%nwgG=nBaZ1eab1E^z&#A=3FG`8AudT#Rns|vt4;oQoQG+^^ShTQ~5{nkd
zT4K>c*-GrBFIHm9Rf(~|YU3Obm*sL1qG*N_JY>kD)aNwPoSbc_AQQ_lz6EHH2HzD|
zU^2$j;=`Cfn6<>1Lh>OF(m=2FrqQYy!&UKOrIMz#k;kV_en5rG#y|KFrF90vpI>rl
z*74$0>k^v8C9B<X&6i*3gH1Z@h^wE)m45!AR?+H}`jrs==_?JEuY^emU#aFRDq53Y
zjIRON-U)^zGEHiKO(T}^&K86g(Q;ze2w@H_A64a7R_2GOn&0_g9m9wx?+b##5MT0&
z^Te#mD@xZPB)x{1{jh2j5gf(p@U|+jvfOXyfyh7-*n)M4QG>lahd6<9?7ju;lwe72
zWp#;-3MyCR8wXJ!9KH3G_)9UxbB<z{mBcCamE)sQiwqpO=9if7-~eev_}@poa*_!P
z%Fc(pjbww&@z_#|B2nYDmAgu@#YvLEWVXs*Wl-buftaLG3*fAiB9~^KWLm`LQEr4G
ze|**ID};##j#X2EBkG`08Yl>qui`JueI>a4Otl01Tl$pK7FM?4BHv=y&-RkG>KtDA
z3QF-=9X@8Ylcw<4s46WjfWK2joMOlKc<5~K4X-+U;}qyn-Y_EN6ph+Nb?`JlWM`3r
zV#+}}>U}A$FQ}>Tt$~Rqr)ZeZ<4zHLaTqPLC|19t6ci`e7O+tbbw?H!mE<d79C@wO
z1OBc0M##!n6x4kD3X3J<X9c=zMBtpUFC9(`6#McEu%{2M=o4{LBKooyW>`?B1ue09
zF3Iqbajs$|W)q1e=2&E1eI?9MnFtxLLY-46E*T?ULpP$BLmQv0`=n<Ig)Z_JVp<=p
zg6JaOVS$s6&c?~328OqAxGCg?bGk^w9s%dP%c{_GhJsPGfsoLLRhx5z<46_w<ihVO
z!0?5-91d^spf60T{jhmv3K5_SXsAmJ#R*i^&}m`w8?4||GY*AO{jM2dKfsow@W=EB
zmzZE8hh9bH*7Qm)mbSdXLaNj(*6N_0FXL|TP(2NCL_Z4YDtQydP$*v}ub#>5A}%<^
zG7!t;6U*1otYR5XMwb!BTqfEf8K*rVv#x^_t*qHM&YlUSbRX{jQC7j$pqMaMfc;_Y
z$@r*LS*cJ7?Rjo>I`!<Tr!_M|E8f-ULW7m+V`4-v!y0~ZR)NRsCBNztm^#Hb{xnRA
z(I?TBaPkSB|J&MEfMv054bvfA(v5(CbR#9Hba!`mgEZ2e(hbrnjY@ZSmvky6^$(~g
z{h#mLd#*k&GqZNg+A(Xd+G}gw7X$?U?<>lGTmcYD;J&js08eNwLmfT9iv>_p(rYoA
z=nMT3Pj(Y4y9W&KZ74vIpSl;IU4SVH*isBQ4Kq6#1EDIvqX$SB08eQI;Pnux>R~_l
z_b?9kvd16W^II^i`vl<lA1y0GfYJcu`Hu<rKJxbw(tgzT`=NS3p}(d5ZUXt68vPgE
z(D$wVgGTCi)63tg{v$$wPxk}W&;mSvfVpL9|A$0i@EI6@ak*cHw18tE41{DAEu<ZR
z2xEZf^7mf-ISaMEM>+r&A`3t(^U&cxlm0lW_rU`H$pmEqK4~BV-4Ex-e^V3d{pJF|
zpA!gO@vpJ^LtX#Ai9ai|_+Q`!oKS7_dl2M**I&QY^*?Cik9c-~bKw7=l>mcq@6`G~
z=rCaSi8a7?-A^z8vwz=CpgzE30SM9i@2ldl29EFm2ow+!`rmii!(MYh4E@(L|7S%O
z7QhO?{O{}gE0OsdefuXwLPzd?J^FL&{vMn3?==a15A}0T5&&KUSWAC=FaM}4>peec
z>vG>AfN#!!Tl}x>|3|O>Es*Sgg71I#rk{aq|C2WXA!3133IF3B0g8S1%>57F^`}qm
zAN3#bCV-RweZ22I(Z2H=Kp0!V%<${QNr>6b#quYc@B_zxSdzsAs1{f>0Tqze5BB6w
ztL8tg#=-FZ7{)(!?LRCE%vO7#Wx#faKh5-iTH4tTV3L4!<-aWr2vHBK(tq=E4!}Xk
z35aUy^56A6z^MH<9rjz$(jO!JOQskwAK3y{Hh@FXx@VRD{Gwl#_)D$KfG}e6eOmn8
zLE`W93Ya~A<?Ey^{`k$X017E!`3H!zw4>}FzY7+<dtM#zt@w=#{@yHBfYrCMwSReU
z#s}^n)R%ey!zc~>9OZ#CJy^8l|47?@mEQ!|03r?iewkkn;Px$nAg^}zz&S-gAU%N5
zHe<5<%Oqy~Etd<B4=}j>I@fo;{x5XwH#VLLU{dcjJGwghx+Xv*XFy5<w48Rp2IPC2
z;e*uir}6o%;E!-+f1D)0rLpJ%qig%a4gPzVaeOBhfb{VHArpTYV-6tr*LO+gPfUTe
z`LB!rVvGUMUuK8A7BDvQ_hF``#Q>8vu=sKO93=of{qOcmU}gH*rr&{o=)K>?oSzuq
zi*yFI52q~~JQM{ijX$RUKccG-H0}2?|B$%+rPQxJn;%*JDrnu)aQT;im9l<={#lIr
z4g5Dj=V!|Az4RO8H%agTq9_TtH*4uRJL~A0I5IG>0r&U9`@=r`2RZmVo`24EFZ0>~
z8oXcT{AG(2f7zmY=&w<Cq}Q@!yx)cV!>Q-{1hoPt-H)j3f2SluKUoO*|ElnhnWe8I
z{V+}R&40fFSTa0Np?e*a*26Musq;XJES-K{{+<WuRGr_g?tkp{?<qiV_Ir!Oedp_F
z>E54K0?4AkF2A23K(PBW;9e)J^|yMA9CU1fuR|9gc|S}30O>s(O7>^q57Pb<XbqhD
zr{!p3YYzmG{|Wm+Sbjb}P?`IO2Nl8njghmn7NDg9c0dB10z?vZq`!w+=-8Rv$Mb)<
zH?YvN1}LL3pb!IQ%0qB9-~muwm^{4ZcgO>(-!lP3%@!~zXxW=P-djcNfw8_fG5lzm
zF5o#0XgBYrbt^!2_^ux}eArY40?gBU<s9Hr0Ro`$Jp*7Q11K=?3|uXMYVNPrfZ`6g
z-tQ`ZxOq^?KB$)sL4e}Mz}y0iTTb_s`rfhOyA|m#@b7BWzW{CZ@5}tH4hPF$f}L!C
zfPwf1fRfhW2gY`mKT!eR{DAxY^&a>8>pkwk70}5%TrGbl0I&yuy%nIC1|ICKfVMnb
zfu8<;{dse*e0+caCoh0#IsW!OeHY+ZY&&}gT`j;;0E_|%pd_~Cq@%mvK*qw%2=Z+a
z{sRaIMKTBo2q^Ho|A!91zyR1A5HJW35HR3B2#68zQ@&3GvT=Z*1uPSRfxv%%{y+XA
z{hkh}yC2LKv;b1TDKqEovrk-TS&QgK2S{5vcZ2MziDIjIP)scP`g6_KCaFq1iz}6_
zI=2l!KunE{n1M+tL*BVpySw_&Hiw7?(c}}5Qw_1ow;#UNfjmA6eUWb`2aX{-%+J)Q
zfo*6mj#1Nc=B$nWoYPpB|Je=hd#tZbsi)rbN$5@PC3D!Rq_4dW&`XBR^}DL9``hgN
zLc-H{CgHRL2D!;m5Z}d9t@4P6l48!}qNFSZeI4$5e)O*KY4bBQ1Q+U6EZJ1>I`XIF
z1)U&Lddp1BBj$cm2w~^&!FQw`ieHJ;FjSuoRcV|bLhnEaOXE4uJLaIhzcK^ow4=A1
zICaW44>k9G?xFDnqbgJqX}3t(Hm*DLGv+JkQ0jeUnm*nd;~YVfZ;0eaQP<a@wPaL+
zQ(f)E$Dj1&qB3J1YorH@d@#7k2N&wGKqz9_b?Ts~_N`?;aML85R=#a|20>o7GHk`_
zt-6s{&J#=+RG1Tt#gR&=-=K_69@I`=uB_6H=S|C1d|LV$hRqboZ2O7|U2s6z<1t$>
zCwj2Ad}|dPe+x?<|NB;KO}F=y7AUA>JM^&@jVP}&0*>dp@Tb5GO^l%qP{&BBo!%?O
zWPHOz@!HcK6hc`xRPLjyiy+$+dAg~vu3{wE60vKDH}@0~{E3A^^*WCYe>EXS&3N6K
z!-kR#l-4qpZ4ze7bbOBe;fV`&CedZr$lkQeWCZ&1x&$8#wrA0sEWsp?vTrFlD}zK}
zi*$J(-`5Ew^FE?aaVyM_)YNN_lx2SO`bBbpk!%{n{!rd~+S#*PXR2n7fpY&BhM&l}
zPm-WhK6=jumAxwaK;$(S=8!eV3pY(_cl(jK-{&KlYSJ;NaUvY+yoCT}%r5?h`UGuK
z(|lxQfC^uC@M{qYwJ5mvY3z>@=9L>1;mRNq33~KgX_3ILzG@-H3UN%<>C2X$IBIG{
zD`$Q<Sh))FolUyza&XpE$OWSY5vaLl;)s3+_AFsP{i_uDLOKlDfVZ-wS5r0exBSO6
zzO2wydXbmQ(w+J11va*11>PC2sp81PSBXEbr_NvvuNZb^_)}0@k91~?bFpXzZwlQJ
zEZ~UNs>i-mb`Bqxw?fA^=F4LmrjIn?Y(1(7gfSuWp=6F~{mifH(x&s0IR?G$&8n|t
zfp3o>%LeXVGsb@U_-Pu?XWpdQwJ{^aQG44>PKuel;#^X#+{IGm8SCUrgRc?Z3+e7O
zV6G7H@G$rUA6iC*nmF~Pyz|og5?Ifv=7^dy?4p}WzL6^5ogy@NAHYtHNc&>;Bz=v}
z_)zS#icc^%tKA<75^gznh;bX&{PpDS%7uN2eXJEfQ}|MU2&u?Q*fR)6=AsJJmT%;C
zd+k|cvvy#uU==}eenl94<yB0cQ#*l6(h4@xOhbt0n6KTN607VqFk~W$dby6irdgLQ
zMN<f>>lE(OPspU)*coR?Jv~LxnMN7YPEWbCSN#`0`j)huMYFu(7=&V|v~wy55o6Vc
zhTUe2Ls%flBII-24z&rJA+))+B;v?Ga_%<0O(DQRChyg9c$Dc8*1V+2;N|dHf&j!2
z^Fp0nB<8JIQ%I=~+EQx@298tZnOUO{6nyN<KJ%6dl@R?8SXl$!9?O}C6aEXaxo4e`
zLOzro1nS{+%(1x85~8)w^!723QoE=Py_Sbgbp08Y9ow5;ycB6dla^=X+?YWLgzH1O
zezGtpS!)Wqmo{QejGy035chfBsZIzruiaZ?l?M`q8NAKUGi)XazOcOjvT8|)hPVSc
zP|~!ct7pqA=loF{=j_)$s&r7t?uwxm@4H9mBqT6lVj7?5#=B`=_{Z{gorkwt+?;I=
z_w2=hy)(vDHp<r3H~HYp=UtcqWn3yAP>)nLe`b%XYx@>+%ci`{_WF%@OTIrYQ?b?V
z7m$z7YGJ#`cFEwo2AAoL#6=ZP%V=TR-F4G)Pq-MTS&iADUh(>RyTnt{+aG+BUi~aT
zqPS7ziL)1vnCcseT=kL$y6fg}GKaM_M6G&ENN{xqCWsC0f;Prs9AOK|fws5%HtxiC
zuTEHY)M_|-@mz+ZIYK}oDXi3x<C!FUkoB{v?c|mjHLE=ZLE&z=*~#k(h)gL?3k2fc
z6g=ug3857<_M@&Csc5Y7Ywlj9VaCTx=ToVA(?W_T#IpUFhAL}r%M@e{TM>ieck)p1
z3QLvpNT389Y;`oq8bY7@+4JwZrr#D_^ttU%r@V)E#W0o&j=Xr0XZPfME)=;Ba`(|-
zx`p+%Rql?qHxb`T3_<uvTBY|(Foz^KttNr$55sIVh)HyLPzL_-$0uUFuW@{rI)oV~
zjNTTOh=g`I<d03xkFMG}gs^q1oHb)=_`0AwOjG-X7m_^HfP2r9eZ~o|TsOsb>Y7Hq
zWU%Xjys_E2&IWRT*yJU|Pmk*qMF8_k8r|!Qru32FsYaN?q{K7-efk%2PI_U*@x3Te
zNKnt73Z3iU&A;Ow%3h?Vltjs6*1!HnGff@h$L<6L&t{uv^4jfe$IT_^CXkqVSqWw9
z@<o4pp*)Py`?boCw~JL;Xjj-)X*C=vVJWb4=x{en@wct#cQD15H5jkTu4e~6fx?Rh
znifBcFuyYApm?R&mE$mgt^JIJ?m$&F@)dlRHPn-wne6QHOti#n)@>`jM(Grt3~%*e
zl#qU?oe@yE3M9Hw9kczLyD)Kb97%gJ$^bouA?L*c#7v(044uQ07mpK@SR!}r5y#*>
z4x_TmoCvK`5!gaiIn(>s8>ufy2ib+N*Phc;e<7=;^BfFKd5ool7<x(Ys@YFh3^KZ#
zZ&NNH%FIZx@0*#ul+|Ga9l6Y0UtvFs-hvNKPo88w9tMS@J9STElfIjwa@r-cd<b_i
z4;~T?Q$TJG?0_tryDhxPQa?3@Ilq$7n&x^conMM?+MF0+ZwI8Uq-u)-@)xKrq_dU0
z0JXX-)w&*eqegcM#Lm)o4_Nj!bQZ2S_{YcxvKo;SX3(mo3rFwr`+EFjj<cmq;an)6
zo3?GIn3%H(%cGzeSw#<Q4QgKOe_~+KVP_;l@MLMbG|IWju=7yfqBJ~~dsY-LtlpUa
zOthR4;x?g1sDo%|;5|&DTgJ+YfU)sS4=(P&2jdbF^Ubw9!e?T3JkAU+QEa_8hH(xB
zjE|TdEghC|_oZcHOoayI)gdD}#^#Zwi;~~D?GsoAw$lz87xK>x&bqFC5=ugzCwRZJ
z<I~9BJATX3{@5C9qW*b`rSSA<0m$0+#_<N7|DoSSvUa!*29F>=>n&^xMH`(95ej;w
zRO;p)=N!qEXG#xR?45xLa^iJMcz7^tRiOU2fTvj(JlS9tl$N&CX^nmq14XZS$-u%Q
z0*L182|h++&@Ad(eP(cV<gy{VhQV{PiU?-j<~nQ*7Ve2lc9)L}`N%t3E~P-rJIqop
z{I2O~q`xXE&IkX9+<6KYbmyQMSByG1=t{DHqU!z`N!php``_l&1~21BC>h&_4x2^^
z7QlSZ_cb&E-0f6+j^#cWd*-vfC#VtI6$%Pfzz5F_ea%quvRQ_&^DLxpy!#p4qLR$0
zwCmSSqj*ch&CSR+5`}Su-rFuDQtL|d<!Eyou$J0iz&yJ7dum_!SiciE4BcYNwyVj}
zgF$qXJFF3<n$f9<#b+&H4%>2iNnw=_nMxe1HPjV#M3&0!;hV+e<x}OE)HUWA?i6QM
z_SU`8s!sVEL(~#0iz}5?OhHI{ch-!oVkv9V{NZPR5V0_t8pATXA>(3OQ2VHXz0HiC
zu;O~Q@We%>1c(ax)!Gd#7()F<=g>;OPX6pD5ozPEi8Z9(l1qt_pM*qo7*dx(c{!G;
z7g=^>y$PXg0K@hcpcBTdA~a64@zLnzcugUp5j;|GkkIo=OA*NhqBhO+JSfZ7t!*0%
z`9zT?N<nv$o7Rf_2zfto?0xD9#AuhZc?%fRtpwSotJdV3Cy~QDoT$Bh@?xpRU4|-A
zue?y?$>NWKR4E*8J!dN(*U#Q5JhKu$)^|2<dwwZ0g~5T*Xv$cZg=c#N-|b)molqD)
z+IYr?b>&Q4BE3vMd@Ut29?p2N#fFe8c^$qChh&_$tstsJkG4S?Hz>{QnOzLegqX<F
zumL%s;#);NJdz+BCJaW@_|cTVWi@8o^G3fRTJM%YMi9cKY^!=>Q=|s!vn@L@oTzx!
zkd=g8Lw|nJ)G3~xL1wYf=wUd*D2;HsQhu34F#f(QyL_LTi(nfk7ETSC86KtX#0x9R
zENm(1(%uk*pfG1}Zd2H!vVgWq{P9ss`-NRS$G5|dV3WQ&sKO4%;tr#16CFhc#u4}z
zI9@{8(CML^)q)o<6U8>lh#xzJz-sdqOTsGYk09RUvrQYT-mF)e9#7tJI?S$6R;m<(
z4KsItExsDTpJ!#G_i$X3!Zf}rRVqiO@C@gLwD{0o6fDFOGSFkryBDLt$>PfDFx`=e
zr$a}7Yvf+IT+aD|>5DnYBCJ(3Rux8^sZ>5vpi2Hti|xxh17sg2i=L--J)23gaZ5yO
zk3xzSB22A<+If&H8Zr6;L!juoQfz8r2(T6FuWBNMH$jC`2Zb~1n51MF-VFKHf9%kF
zW1ok#x^Vg~^p=dngJMr!(k!u|+9qWvd;6>`VqV41W1wox!zasc%Lg_qmUk<~*fD`_
zl;(|;@L2l{!y|;U{^D{QA(U;(K?Y<>@Brjpg6q40H0W!6-I)499Vbg0_>!TxNDBGO
zsN2H^E*{4&8NKxB6nrJSlNyzoxVBzZZhtaRq^q2?76CEpT$*`kXL|qi$P`IOXeIbN
z54i&lo01YHc2TWa+4|=Z))nIRUZ`oj-z38?adDEy<hi^*TGPIdB(h2{5NO26tV%R|
zf)VF~|E2ko<E0h8swgs(<pCX0$(9lw0!dy%*hEvySl6eOqb$TPPfIiL)H9i+u2yBJ
ztm}?M$dzr!Wz6R%ONsn9GC%I&R~(^s1r>0i<6;XnDq^D%oUA<3AM47ay*8pmTgZ|N
zdR~LJzE)-!cyxodP7kjSt_i2A7qw}^n`buEg{Q1l<Thf324bsbI3_*{?Y(^CTFkhM
zJtb;XtN*B@8HY-xF!6<+4kKq`W|9s^h4JX3YLuL}D_@4kv4nTWZLqYH?o8kIOTOs(
zFHLV-rla>3n|K^ylZpiQsdKI_VYTCPA1AliVvP)!S$?#M9)DiV^%18v5%!jNuBvqo
z3D4);CZXJI^20{Zao$W_xZ!YS*c{Ir%u;HLMF`~{Y?7s&Yd4~JG%=%GX|I4$h*nS>
z31-XI;WWG=5Dy0{)5xr@;Xowu&ZdMj`sUgZ<EW=wI+pH38XDHt;Wv^omXafrLVd$T
zHaXj2X^E759s9BnE;AJF1_4i9wP|rrTghOr6eiY83BZaRyuW21NZt`rfop7J(u2Bv
zO@e0#8dco|Kjr;|XG6ethPB+KsCQ81e5b<uTEfZ3URrO#8L|pD!Pu4YV1u*)n(2xf
z`dxv`q24;mXA0WcX3;Nrn_>$4p~U`8*JL{ihM9i2(wyC)eWfcP2SNmukzDBA%<c4d
zW&W=`gE-xur1AQxYoGQ#CO6aLk#1l*`idmVR!Q=-_j-27q7SFIS#EKE(w5n-R6LK*
zKBPdr_H5xL8JAfN!%*$rS~g_nT%U7(IwDAGZ*t6{EcWe}xYgq?E_R|kQ`T3P{DSkd
zVVXwrMm`-<Qr$jr&H@5D#LQVub;d#N^ZnsZ6O`dtGEoH7x%(4YS)W3g;EXCxT8biT
zaw0pE=#z$p-b5;_3B4BhDr>!FgJx@Q7s{!2Mrd0Z5P*l0g*9A^4{ffq=speMhA=Hp
zI3v8pj|?%mwBj3v^JSfRy}@O2M6<MClfYrw_}Ppbc~R@vl2!ChC$jwGv6nQn2IO^w
z7>I=7Zzx5CBd(EKF0S4QWv16ieGZW5r5xW#c28pmnNNucSu!B7cDAh;hYZMP2&0%~
zf`G7}g->yjL|l$T-Uvh;^T{^K_?&>2wsZCdN`Yb9ruvF+8Jn}tc}q|J(-h=Dr65vb
zZ>G?6ugLZ)ra~g>IaqWV1@y&fVVB}l!ASC|yup+dQ}a(5(DUzg#A6Famf4^=g;&B3
zNs8FN;d0$nv1;1}_v6I+IT=ZBD19o#-p%V6BYE4xcXO^+Rx#71kv>XlKEKVnFIh11
zxoP5L_4(9-e|&5!sp1Z1AM!!=77bbwY_qc4!F(*it|ON0lH03pl9x{6n!)paRkpcs
zg>;q!Nt+uHJgx<c;!pZ?5QZ_6@kZk0u0f65iypQ4qmiN>>m6Q>l{BoynR7Mt?|&l7
zs$^#?&~WHu)VEx&F2#Q*myTPXe%!$PHBBHyAEum~qzoNH&O1@V3&sPJBY0@rP3Kd;
zv9FoL(M$8PafR7s<)n+_(FxuVor;7nhNow@*n|tgTzDfY6<3keeFCc4fiB6#?Y!$K
z<X%e8+mg{qg&1^l?8JS<s^TopDHY{ePhNSK&%+SA#XV<I;o8DS<}g7fzp2QMg@2Sc
zX{tMTcdAv&J0Fv0iVH#Img4gA`PHa4p{ihg0)Ic3|ENI<Ei+!@RUag=G|25)f`Y%^
zMmIQ;>H0p#AyM9km3`9EqR2MpQgEfr9ns6Fj8!!&YA_v^91taxlXst!Cc*`7vumj^
zXM`U0Y`cEMdOcPIa+78n0d?ZE)0$|{+moiEZROS9Kk%e=cjra0`W#=Al`?1X<d^<w
zdjI}glCoZvYxHgbC;_PH_F<BSeRn93yx}?erRo|+1eQ;_-AZ+BoFRSG-&D~O_NvIT
z`f<MY9>_Ij2V{l4TZgyza;)+wV2E$KX3RtA+E=PYg2bjg4@*}XKcs6P3Tjwat>y!L
zfuMRQJ92<J6+Oovl#a!3hCme<;#;mPu0g?gGvngN>R^z&ilGe}rDs9qoJ?Jq6l|Iy
z)INA9-U=lJ#p!)aFpbKj1J#1KtEZ?7DP$~FG0|#4RVsqxz86>mPvsT}g(<X(jjI6?
z5&cHF2+z{I+`+12Qn!PHK1cW*zdAV|XR_oQ^;VTb(f(byCEgL?EoHeKDF%J=_Ue=j
z-v_(PH2A)ld<J{gM`ICX-rcUOGBbPpG~H%)>X*ANZY^z3!Q$QbMfxHKtEdsXFL6>_
zng;6ih8*=r^dZ+9g_{^tKe1G(F_774?JBR4_~K6`Q)D^!Q{yC~l$>ks6)g(YZ?<!$
z98-CGaB+?IK?gk;<pR-=r=aj}_mi=jZ><m?p*$jvEKT+w$`yt)1YKWHz{q%e8ZbTX
z!3Y<rycMYYt)y>%*Qv#bIErP$uUKUhO^6<reOfM9h?}UE<}IpuHS6WuuWI%kAw*e3
zS-F#iJWbu?(@(x|jIC5z!^D7k-oR!<-z?Nir|S+Dw~=!$q&$~qYpqXu+rR_Kf%SPC
zo)V-QJq*v<aWfkXue>)L9v>=lU=EkQIz3fgU95T?X_&==pwq4wsiq(;+AgcSJqVpJ
z30r-=&C?OiO{mOyxxAsMx&y*wEMN$%Nxzg^z!1GJLhtm#_K|OxnWjRzOAe^(m3_7Z
zaV7W=_O)zxru>tbobj>~_9yYgBqNg_4$z0<CZrK^S7sj9w~C9}xfRTQB|lSKnj3O-
zbvB9*{ru>4Ay1b+v_o#D;M-Jd9ifsC%ro#&1MUlWkym{&+zrYCD0QJe@}sWroF^XJ
zG>o)%R7tmAZF9{JJi>m{U8Z6Yq7D(~a)X&u2$pDV*A-I4u_Fcn2@%&`BKr+<hjejx
zR|j=PT_=LpyiC*M1u0)zNf85j<i-;hL|<Q3Neg4uogTy#1;t~6a`~7RhW@y#Sk(o|
zQrwwQ%H_&xe7b~$SQmyRE2#o+4B^Jz4@ihkF<G-OKwroeITwIDsi@+gd4%VTYVgUb
zb}$w*9erf`2B!+@kd%N&@rk;=Vy2%HRx%IGP~GT&0@Rp-l5B~RsRr?@T3&?OBt~=e
zsu~u5GAu&a(=9xxIP}s%=yXv7opV+5ZTF87u~iW5FXl69sy1J{M3v3QN*<G7sDA;&
zL96KG?k)_bms9BHipYM4rX4yM4x&-%?$sP}yU4Ja>i5j~<?M<54Z$=w?g0~Fo^~1B
zGZgK&_S=&%2i3=^OSD*+-l@6<iK;j7h@Jw+IRleT&m0rrxmwkuSjs{bqFYFhkQg0{
z&_N<^EQOJVJ-(F%YQ;o$dAnH3Mi0E0=4}PVcO?i#8JNq{tJL_WJojWMJJm9qDiXKZ
zr+UGMz?K5kMP)P6-K%vDCf&nSfTy^((Z|Ys2V=$FHiZFwO9ZY;1kzgCG?_1&U;bRL
zTGgQsVF9cTy`*DZr7HT6q_49`L^7q`pmM{5s@$#B%>HdxYNb|lTJO<3r~Wp=sEMOA
zcIO4mW<08yb<R+LefnT#>#;LEzVC=cj#|J}tSO39RLwDE?Hpa|Bx0UZ2>W2xq?K43
zB~J{$0c}P4I|+dt7<g>9*SpzM9mbw<!c!<&m7US9Un=-lS^2AGFwKav&__$6!o2jX
z+*}=WEo&jW%*{S#KFwugnBAM*UI_-1qjU^xOEYS8^xaiB0C&9`VXbFZD_=-vs<vng
zl7ym;gyH<asFu!=3Xuzfb0Xe36fP<4HAlEVeEW<JuS_U~gG#$e*f1$>bQq=t)e*9N
zklg>VwH95C|HWX<j-NIfqbzmC>|*a^Y`3z?JH06Ggpm)Wx}RlV7!@Ie$H^aP2pTFt
zDH45K!LeJoapd8IETDv0fHIdDLa70#$;<R;j#0rVPcB|s7^>HslQ~i#R$&;F&o-_c
zcNHt<4UY;aQ)12+?d%gaTCVpx_Oi0xxWU#3N1cYGQBdQ=E)CUeTXodyAho_yn0HC$
ztyScR7tlY)d5`~fm3Ie?bb>FHLx}36*c4lg(Jp|1;Z)Qab<^4gCHBeW()m|~g|o(z
zoA#Vy=)-|Br?!i{bU`=u=fO?=g$y6WJuMv@<?bMk5A_GwD@-M~+)C6ITft(Yu2W@W
z^Zg<0KWT+tgOIbc@ffc7$K@PS?p*~;Q|s{S$QpdgU6YDl<)tyr<A0{vzY?+QS?{p-
z+$8xdC!#Y0Ipu(kTWcJwtH-TxXaOI2YRM7da}|6D&NdV`d@=~HhC?vA*&g)t?Xb^k
zdy1^Ib&3xUcgsv7Cj^PH?q{gZ+Od?!yHKZPjHc{onflQbTCW<@1r_FE)GOLY`HVOM
zH9_g}?0XWXVL8ujgj|n9!J+zK-urh(slFq}VM6u#^g**d?!2E%Jd^aYvZN1IpH*xD
zxi)-7H7Wlx9sRXyI%TAUGe#7#m^QE0Sl1JanMuaEp46h53-x#FvObU4^vIkKx7%?f
zxvt9`#U#Fp1XT$+^d<Tx4cI?doou8%)hy@EY)zxrODMP@H(P4lW~v3vmCzatKQZ3m
z$?&^{2>c2<<VmE0zFG1i$TZ}Mb&Hm{2PcK~Ygt7oly@{!w{6B+FZx6#sANkrU7EoZ
zQyuv{DL1|FGrY~d%DR@hVK+04;L60NIw`R<Oww;kqLsIJrhO==mh-6L`GRUs5}P0Y
z{`4{fX+c$LGhaGNG3#s!KNCd~Bv3oQFfM-7yG!2oHItfg(g-u?#@dDT*!<XpU;AOF
z0f*;wh=Crf>X-`^R}`clk<x_nr%Cj8<kVCL9^Xdo0<RJUxUq^vSiMIGsLU)d$mur<
zXWv}5^2KJT+QTU&u%y1(MzcFC9Xrs?Vt9f1vQpJVG@`jyt7e3&rP=OAEYlnP4606j
z{QUBLHxtw2NH_*|Fk*KWJ?oL1J+wQ)%$Nr7Mm?;fI>DJ;LQZJ>uQ&>23(v_E%GDZ5
zT+H^^b<)@;U?2~1DYQ@G`(?ux<2TzZSE?9e!jQ9(^NNcZVY{Qx#YUfhJjqW{i7`MG
z%$m*VZcEqpJAunUt0{du*zQyUEh#Bu49|C(BWXdl5^}{k;}IUeDwYt;y_SIMM0-HY
z=7pg@d}lp8u(~#LBZ#+5xsK+rHxeSjG2SbBK=Ao7u?MY?od0vQf`)w8Wa>ta={Gcc
z9IG6>+UT4ODOCkSU&3Mc2_dpan+4T$WMLEMlsLkJkyavcSzLS1wT^EQ&BWPPy2Sz=
zhOtrKP3?`+ho@P8oU7c2>`&oJ67?Yy>j2-K=Ap1ke9PSsvVru1@U*_X3qD+Qm)*RV
z)PpJFLI?qt-#~oc74*$al3!kdJ3QJ|aABn<su0o_6vTZcq|)#;R0y1?3i|G48HR`_
z5o1(HiYppxGc4i!+#j`b8pjEfdf=RzkI{rb67Cz@2Jy<NF;LnM+=4A(Dn^vrTcHqj
z$|ap%i#69Uf)VCh^^rW%*24-vI5y8G*<)qmK~SZQjGXf+m^0aD3mh|&v`MsmdMaJx
zB%U}JXCsh!5Z@?6wL71?(jO85;UAM7SG4FRP%8b1?hSU@o#@fgba3Z8JiJ?rT7&wx
zO3;VUROU5G(TY%2LRieoZ?Xx&^2aavs#{%K+=r_bXm)SJ-k}tBUgf4Tjm{55x6#B!
zgB!l~Dt<+=W~XxlU$GCH;>%eWI76Y?gaOTx4Q4p;BD4zB<qJ$L^kJT(tFma3nCpT)
z`dH?qQb2~(!GcmC$wo`amlM2Q^4Z2KXI_^=HeX{|5Ji;=!bioV#aE%#=fx>kTlwL>
z2bJ+~C=8eMJ}nlB=lI@`y7Q|DyZKZKDz7iT9kR<$Nnby)!>1UguV$XBvDKICbsGdf
zgO0^l7_w4hKK*c@+JaUni+<rr!Khvemfg+>DwFi-FuNlHfoR>=R4pZ+UExJwrwsKA
zMs!tI8IbONFLUpCbq&pHH}HwtBIa&zDWa|OhEJ&Ck0yMSG*mRsYZzDD?5L&YU!ode
z=)djI(BBIVY&-CV&bF!4S~-uy5l$4Cl~t0yJ)#fc+P^7BAP|jmyG6%Q37YE|)j5GK
z@7J9}f1kG`_NvzTxiB#%bi%p2aPRZsxMzD&qxMqxGRBCkC}N(mEZndJ;E@}5YtoGC
z`+}ahs#hT!GIDhVSIm*03sG>1wpZPGnKuNU`%KqWpb3%fl5!Wo=Y)n*?L>jbT`wYO
zHHL%^<5|jy4JN>@JK}+gxop~5k1Nr~iSO7&xZt14(DyG^kZ|8@ftBp!*3Yrj5v*o7
zjq+u68_@)Ae8If{wI$79^~6GC292*(LuAL?Cr6KL@iIwsUdK_z8FR_3y-t;B+3unp
zzf{rQ+hi1>n~*?iN#m_`F3aNUMb?^0<2XzhKf;fU*pJ;$EWBNlQ0Lnq_QK0Ct8;k|
zA|<HUy;esjC(UAUER&036n&f*YR*E7`C@c>hy65#3o4XdbELKWy&lb`xJc*Hdsr`I
z9)XoE=Xy3ZwU_303p)to;<QCjaZ{*jdthC-3<l!0T0-_J`^_>#LHq2io9vh47MYZ<
z$aINb;-|j=&5X!ekZ&r$wAf#%s5zh%UBE?~lF9Wk<###EED?SrGPw^m^hC!y0?V$b
zo<6C4xHALa-y%;&ewy4pKil*wYdpjZ+2*=ya>G9TI6b<$-rfBZ!ScNN!38Sh)w|`h
z)^_!p(bbSUdhT^{1n;U=CRclPerou=S1%a}g%{5SIeE;9)`<v1g4FuKNweYo6#`j|
zib!E_4fanjYh${zl@_R+SNMw%G(gOB@a#ob+n2fA+TC!i9el4fBFEG;lq>^TKGMn3
ze??cS2o@QSI$7;YN&g&)ZGn|OpIXnVEQWv*wwb9YarN9;`udLAbL=U40Y$mKnLIWf
zlNeaGlhTQX&H<uQ7KG3H1ciLNWLfRxD8&&>N5;zy+Usfsl{acL;NNJ~nOx=|UVrAf
ztLl0Kj=YguaqCNI)oMJ?<WPblvha-#(2i<DZFaC1FJdmTKzo>`1^Jfld<{VmV07U#
zfR4-^UUkLycXl06UuL5yTFHG3>5}<T(@?fE(s{%{b*Ir!m+cb-d1J*EttCldU6yA5
zc8*Ap)XMfXy`n(`c?Iu5+or%XY-YvC_$PI*!gWjyuT02RK<2&*W5b~>EUmN4ORcDj
z?4ht{jNr}ha?7Zaexcfu&hlTMXDRijx`05bg6AbGS7H9Y{Aczx&ZJk;jR?U7>e$RB
zEz9%bGP~{Fz*F<D3o2aSqUrr#<^OHE#1KrYj!Rij;L{cy%;GISZ@HYbJ}}RSYI8{$
zn5nfb64B@WRZjY|;dw0RgsBylQzMKmY9C?WE*s$3jOc8BX)Y;^C10YFbmvno9^-pb
zkN9HK1B}H(z^Anw=CL@B;f^ZQNmrz&#_RF-;#PZRs}gz8SZ!p4ssn=ale-`^#FU>N
zt)MKLDosoTBN9uk8&6$0dx?LW{2(8wX>}q$5bz$g@<#U&-ck0KmL0iQ+V*-N3w?w0
z63nA*??dP2{YC8hoHH-$8Nw56;)!jsHn!0RK_GIZ$~;)phi}70>-VmR9EA4qMc%Y<
zZ<$jN>QOs7=5c@XY&#l)S=qo6(%$R0gkpu(^GG^<loq1P0#{NS&+VsfsvEp*y}Hiz
z>02qK^-F_E>za>s!E1~Jwp<5tnpJOJovfcRhF?g{H48RwPYdd?Ou&^FtwTdcK(Z;F
z<apK>C4ygy8uBmHG&o>brIi^@bL?rC$@fKz@+L5wpIgiMj8I*LNy>G@zqK&7z<;|T
zc$!ot5P@P~XI^E%|M;;6C9}zv#L5)^YB=vMop4CiQ+-=7Y?_K8doWi+^%NPh@`%?c
zk)>%uynT8BH)3BHc=bB)&m4k5Jq=E97&YzK+KJ8fIOy!izBXN-?F(L262yRMnOR$?
zvR{q4bFGI2zhr#MXKf*L1ktaFtp5s>SCJlm;f>5-zN1N)fmqXHq6PSCSJP?%xUoSn
zNAiQ*j16l9#JP&Coyo_zK@Li2@JMr=kxS{h)2?Pp6O6?)T7JGf!p1EDiJ4{-nk&-c
z1$bFJJU*f=jid*WGnq*<)H-YFZTpe2n3IIrZro-=hdqUHs<or@*dL(d>w|;Fld|8c
zzLQ9JRQv^6%QGK><*oGC{(f}YNfg{oSTDnZO_1rP{rRmJa*SWokXtUHS6@)=MfXPd
zL6)9n$CaC(E|UpcN6<|2w?mY9I2@khXYbDz&SY<5o^OK^7i`i#eW&SWMgX`G`18ge
z>U>rh2XjMc!A|KV2p-TYi~Fc#M<xmWq<|#vF<jq#{_*n<Ng&qgJcc79?oY6MGbSHD
HIL`e)5Dju+

literal 0
HcmV?d00001

diff --git a/vendor/github.com/DataDog/go-libddwaf/lib/linux-amd64/libddwaf.so b/vendor/github.com/DataDog/go-libddwaf/lib/linux-amd64/libddwaf.so
new file mode 100644
index 0000000000000000000000000000000000000000..efdaf48dd62145411a9aae072f31be957626308f
GIT binary patch
literal 2269984
zcmeF)dAuWOUH1QCn1R5^SgeM<nl&mig=|r_$f8lUum?uy^z<@mrl&h}_snDfF)C<e
z(NY-+AQ0IMdw>~;f)ExVAV@%vu!vzBqUd9xC;?fX%DJ!WIOpT!dHKih&)?yd$*K4G
zo^RdvRd*_N(ubU1f5^jr@r-L-EAq#+qx(mjt;VC`9jfUI%a`6xpG8qEszzrQ|Gjl|
ztLQp~o>|;#`YP|+XM`{KzNEU%J~rRC?c-s;5cco;C~WSG?X2RP8v44&>HFTpetf5;
z@2~!So3YMcaNC`)&)>B7esrB{@3`;zeccz{Zs+UW5AMBBH%*I=@g2gwzwf%m=4O7o
z`+J%8r+ZaLWqsmYHgRoQ)_*VTr~c->_d^{j-~0O>{q@s__Uv!V{L&kRdHRSq^nKa$
zZm=^F-hb>VVSv8(F?&?;eVTeG_+S2a^ZlFKXfx4kxW7Z-$oHGt&Bx~cCdF+t`d@m)
z<Dv)L;62~{)vx`aUjN43`hWTKTixk`Pd)SJi!W{c*vvO1xwmAqtdhO7vsKyR_b>cL
z*HHhEE&hlteqf7Vvc-E_Jlo>0-{NoE;_unwe^vMmiyJ>aR=_po@Rcq8Ph0#yw)l^>
z_;rc{c}@F0dyC&}i{E;S-+7DQZ;L;2iyz$LPu=1tw|H-h_qX`(Z}Hb|@i%Sp4{q^K
zZ1K--@#Pl(&KCdC7LSYb#WfxGTWs-tTl^=t_&v7x{kQlpZt;h2@yBoRCvWl1^W`<o
z_v99T`WAoA7SFc$OSbr{w)mU3_&c}wd$#x|xA^C`__wzBe{Jz=7f&45lxMuf%Uk@m
zTm0@@{Qg_~p<DbhTl^_oyuHPbZ}Det@!#I!FWBOjZ}FFJ@z-tfw{P)xZSnVS@sDru
z&usB8Zt<(O_`h!P^%mb;uw2u6yYUvk^%noxE&lUc{Fk=)BewVxxA?&=esqgpyv2Wg
zi(kIQ-?GIgTYS33Ke5F>zs0|?#s77Se`kxIQT%XnO~?HPTl@}N{HM40J-7IMxA=p$
z_(Qk&W48E{w)mkferk(fw#A>l#h<&yhg<v&Tl}qC{2g2TU0eJETl}M2{F7UJvBm#+
zi~su;|F126M)AYhHLb&&ZSmV|@yZt8{M>s@{U5N!AGgKN+v0z@<L5+;yKH{yD}F{R
z9&ekEf3sJEp9ma1p!k9NM$tLZ_&dQLS6oMKK3*@6qMPn)-+1T0Q8ZJZO!c>rf7|u{
z9{Sk-p!h+1(?3=HZB&20`iy@V>R%{7M}1oN4*nJS=jF>E1^0N~p#Ckn_xm!B^Jhc-
zY4y2_`gAb<_sgg16JB+QqFbwf<NKjcQ++-ukNzY0AIq<j59M!^pXu@6Bh=T6>#fbl
zA@^4f=LL>_&HkUE-u?z3N99wL?R@;K>Zjie^}nm*_(S*6yname@%41v(f{!pX9LIU
z5$cowAoPEd`m|M_Xr0_lez|<8{oY#sm+F&foxEFqCygh@eot$@spjj~eV!|C-93!w
z8Jh3s<gxrA>VI2}r;~>In<)Qh$!i+_PpSTT8fQ=A_j-Gv#+e-qkBi%@K8nHsu2tOs
z|Nq;Tz!}m1SO4=K9`J(KoV_`sw<>N=Dvr(OV{;_VDE`}f*b~kPM>~p+=xdw1KPqm;
z;f*%uic*yPLh&lu8E0H;db{FO`5R}Jil1PTUMY!+{}ynlA6=(dDmN$!Z_wM&O`<dI
z5cQ%no>#g>biGH{Hoaa{++I@LUS8Z@UEKbxxV@pcy{WjpwYdH8!gt*FxgR<2@~a-$
zzsVEx51o0N^8H#z-g?i!`^OKT`>Ef2{ueL!i#Pw=Bfog9#)rS~yI;NFg}1r(xzGCC
zjSv3kxBlp?>-_nXzj?+v@BI4TUVhy>J?ocG9)IPZ-RH<H@A=jLbI!NU`|_Dj`}Xgg
z@x-rP@b^#8UibV*e*S{HfBq&<xc<4b>(8EX>pQ>WUgLlL=8a!`Zub`7dE)txzUdF^
zzw-V|-uTR<_4w#vhko;Ezw)K?Zv4Z$Op0-BZogmL-dx=L@$1DWKkW_O_lx_d7Prk~
z?|fNB_nTKgUs2qCt+>6Wxcy0S+Z+pjJjkEue)Ia;xVSwL{?cOm3B_$t+^#5Y#X;Hq
z*kri*xJz+6Row2m+0e&3iu+COo8!89&2aNNV6(Vg{o`51#;CYmRNS6+^)Kl2-_!lU
z;(qgZ_PKV$zp?p`J~pqA|3PtkadCUPY;)`%qt7>Y_tWQ9-QTIW_jBHcP8YXdDsC5V
zHuQ13;{LJ4?d`>Fvz~slxNX+ZTZ-FH7PqT^Y}VE0W3$dSA4kJo^xWcp^P1)>wY|9;
zUhVVEr>`n*mlwBZY&P_9w(id@?l+H>KP_&T6*r#;PZpnVK7O~jJ+HWJp651e{aA6k
z`p12Wjo&G5o#OVot9{|ht9^b%pTDfQkBi$GSNobj-8^5uu(&<ExLw<*`&Mzkc}%^t
zxIL%1UH#*DvGL5}_O{~ohsEs<#qEFdan}E$XmhT(rVl^YUDMZS*Dv7a#qB4q_J!+S
z?eqWFr)U1ZzIY8^`#IPxi|zYg%{JEncfH#7-HXpR*Q7TsZV$Mc-@EucDQ@?=nr%L<
z6}NLXpA;XzSln({-0oJ~u2tOpu{pPHKJHxH>c#DGn~mb*p~WrT`7HeBfmi#yakbAk
zpZ;ud`_<z1;LS$yak#iWYUi^kdP;G>xkkINxcS;*^Q9Ya{-cja`;+4S=k@vi;{Laa
z+Z~JBKG{8VzqxzJ)jr>R+AD6wB}Mcz#jRW1E+}r#FK&m5+vej$xZC}2d-t>d{^Zi)
z(*xT472W@KasQ;^_W0uVg5vhb;`XrO_RGcX*~RVZA5SheUR&Jmdv)~Z`}ZI09@u~6
z=<x%`jz0Zxw15Ah!zT}4aP-va!zcG2IeFls!~2gOKXRh*YtmDvPaZpbJi6pa=j74j
zr;kLP)9sUo4;<Qm(Z#0^cZ+X4dKz@`@na_rUKm|+;FP}O(6RkTi(MT!eRzMTedy%g
z@&l(&pDe~x?B&E|(WMt1zUbgZo#^PPOS^}TUU2mE{$tURBgZa2)s9Y`E(ZPI-+S`X
z%}(~8JhZbfkFD4^aP08G6UQ%!jvhaJdVlBiiQ`d0g-4x>PoLT}?p%EQ;HK}T2T$$H
z>(p^fOsy|HxzpOyEt($Mf9Zj%%~o|g2^7QV6d@fwb*gjV;Nj@t=3Dn)aQO7;qZb_x
zv+7(H6_Y!4_`lQI>3IIh69*0*JaFoCbdiRsc-7s>YzDr`zZm$z1E+U(R!rdZiHnaN
zD~{X2)0cG)Z}zwUqVxA3y!hn)iw<-*b%mTNzFY)%{KWoEIH!*mfgC?@{6sPL!=31&
z^LLJIF|dnHTv815;Hl#$PoKEx{8Q2K!<&GMFpD`IIClKvi#DS_*gjbthoa(8F$|?v
z49rLB=&55TE-jYSCfl7h(UFsf535b_eMdHF6kk1h>f%mkr*1d<qo;O{cQME!zEg*z
zL&pvr;%eDU;=(Y7BbzZOteq$~-4E>?p<*5fPaHc|6zq)l*rDCRr=B=^TzG6}M#W;=
z)8y3A3yMd{W}WOD$*b+-#PQ<59y%7rcKSpSPnc`5i|&z=7ZsHU4<9}D-;a;OPrJBi
zRD9J#Id$;B@gtkai*G(y>><oJDz<jx*kpTb6YkEjEyleGy;wO#m*N<nIJy6%z7iT2
zhod-FJN-`Wtg@Y>sFiXgI(1nQL$OOw@WR8F?LSyNc26HJcIx5#i#ri|wQU}Uo242~
z9K|<ui*<j|`5O4{)Qjb(19_x)bRCRN9c&*ywEwcBhl`OPJ>_NLJ!nPi^kCgNjqIER
ziXCp2aX37ibzRK*_~vY|fB)%Yr*>BN&Vne8jd$xNrw$jv7c<*=plca!j^Tl0o%Vqu
z&f?Saj~zIE;nfc3fA4qa0lYa*#jc9nbubGk)_E9Ah_dMJv4#6$^YCdc@6L%+N4xur
z*osr^1;>kZa_X|;A#?uD<Edy`G(LUe{M{oF&Ye!X7~R3+#aXr(U5NPn%}_Rvo#>KN
zVb$!cheP4uAJH1v?N*H9ROj%)qeqSwhoG28v0!#iq~Xz8$ZqB4eBjERmKPt3E-u3R
z??-x(*KYNp!>11%Z0~M{L7zT(+0J9|!1*Umo{o-Oda^jRM~8~X-I4t#&VTCR;?%k`
z@F2yaD%Q^F-Shii4QI}sZ*>%*U~?k7<nYN;o0C<LtCeam7ai#6YbT3G+R>B6!rQEl
z!>3LiKDGOWQx_lGGoF(dyJ3-8aW1)F|H1QBd~xT{=7AA*r+pkadGf$z*Fc*+?d9`N
zoH({uHgmXUJ$n4m;qLz|E*_o#6E~-$!`RoRb8%3Q9>3s!)?a-5n!e-c@k@$ji8jTP
z-vy`Jds`Ht{?EAy_qPupE6&>2_zjr5zT?>b;|KSaU(?`%?LTtj<mUW(^@Vh5bFs2l
zu3_3C3XDMbKL)UKg4xsZniI3`8P>^*j~(8uo6W^iSmno#p1;%VuBT2!5Buc@KKQ{;
z_=R8Gf494)QSpU?8{GNu??d@#1phwOLcd33?|e60nJ(eAD>pxNMbQdA)bEky@WEeh
zu6m<r4Zq``Z>~~{k2i;}d%x?qX&df7G5iMVQ-*sS6?jS8DSY^p%})hURE3Who1grO
zpCRD6yg}DIn{fAU!Q;<`{%yGXci|&#_u$Ka3Vr(U_?y8qcuhWl_pS&z4B-vcd;dOO
zJ}zU_|D2A?1m4u~ox#`Ip2J(W4C7hAYqtu%gtz1?xaXC_(_4o=-aqFRy=CwEe7fdU
zf_q+NcwO5Gd|nCrt-zz744%SMc@^$?)!;SNd;gqQ1N9%*yqa*&s|_D$y8}<}6~^C%
zx8yx|Chx;NuM9p^z4y;~4N<@EFT#0d1oyngaIfbH{IL2=;XcpI;O;YrU#dO}cuDJW
z1$W;Z?(@kS-g|1uKN{~{w?3bg;n6cfeFBf=6?h^~;i<d|&*e4v_?cn9b@)`?fJeU;
z>YMPIyagZ2+wk~Vp-%^%$h+`V-h&V2eR$pr{WJJ2{w%z5H-I<(F8B~Wzf9{E-r0F|
zr+7^o{%O@u;MYGK`b^;uJv;ae{<zIQOcx(>_-XBT0r$L?@a*lO&k8>La_}7fhTDbl
ztl_VGdZ>@yx_3Q4QsXbdpZeFKK88P0^D4s+yddm1fq(Cn!7K2Ea!%p5cu}aY!td}0
zVLUbXffK>&@N-UtJ`MPvZhiry_-MkrIxa2vKWY4J_-(WfJMe#1eHZ>J9j_kzwHi+!
z{<epQ@n`VYsm}mje`2T~!oRKYjNx-_PvFtp!{crWkL5FXDtA9Vk1SAs&kuxgF5zok
z&*bn}zJ}Md-^kawJ4dzn|2fD@@Xlkyb-4R^oONASmr?&Pjk5yx^IZz}c&hN0##4iP
zJaxFAuN!dJd;cDP^q%l|ZlV6L#@~T^{(X4;?V(Qw&)*T&!vNlRXYe7sB_Gq(e*$;^
zDZHmXGk7Lnz}MPd!rgxbkJKlJ$8z^`&R!>x=3)OW<s8FPZI|I5PXbT0-wHgHyPx;#
z>!K>^GmWPP_k4Vu*{6Z}SE^4F?mjKJ$J2(t#p@96adhGC(}T~{rw{MESL+t;J_Gna
zs?QMaag5;ZGlrl2!Ehd%z};sGcb^&jXVhm7_c#`C_gTUpr9LaT$CJa|XAQqZeWEM&
zUMF}wG2H#j@S)ai0v~&w!>3;7@VUGS_xZ36?`pdN_jsD{rTVwv9#0$Y@pRzHpNI3I
z_s_>y5A{>!+=n~Q4DR_1;4AeR!iRcZ7{UKZ^%J=FH-)>;4E`_bvw*wL67KP@;NMc8
z9Pa(D;onw$>B_z9)BB6z?o)=Z)u#e?pA_!#SK&WUpBmizt;2t$`X=1_Yr);84L{?r
z!uh8Qcb^{I<L|?-qdpnj`yIebsvp6<zcJi>Ch)V>X9jnlIo#u4z<*qQmT>QP1;3%{
z*KqGIddJ>%<vu0&P1L6hcb^3A@mJtw^-1C0ZxwzE)z{(PUjyzwP57<Vrww<X4&3AK
z!uP395AOZ;;kQ@)0Pg(_;qEhn-${KYaQB(QJ^mT|r_^T-_kI`fyQqEz_x^IY`>f&T
zs!!>id)J%$#Bh(l48ObjByjJy0>7u~t8nkH26vx2ysAD;xcju=9)BBtU-jw0z27eU
z{;Kc8y}u0ZJ_GnKsLu%QK4ZAYKY>3)eWq~lcLx6@)i2=Q-xBUVEBLRd&l>JN(PZzs
z^7u>eN2pH>_kPRphUzPD?=OYBPZj<c^{K<%rvdl)oA4*7PYdq-w&71yeHZTi_2BN)
zhySYj4B+lFr0Y6n1aGO&81DT};ODD;2KWBvbX^B7;D^;`1$Unu?)=yAqv{j=`QG*B
z@t5Eis=f^O{t~$RRN%+erwVtU8r<Wr!%wPD1MdAc;ipyKhI@Y<xchYBm#R-6?mijZ
z;~&7Ep*};n_dA0Bn(8NT?{5lspBcQTJ`1?}Ea4vi3jS>M$>HAb8vZ+~Fa5>d_2&J>
zaQ7+0pQk<*xcj7VkG~4f)Tajbe(Uf*RDBcf{k7ok(}rKJK3%x`^xz(UAO2$X$>84a
z0RB?dkKo?l816n3_{-I226vx1+~Z%sU#UJzxc9q)zgqQcxc3*mYwx;ppA!7f)Ta!0
zp9JplSKx0@pA_!>R^e|_eI4%oHQ?^kgpbvy4R@ao+~e=UuTY;J-23gr->Lcm-1{5C
z-Dd=Um-<ZL?lXmZ{4@AeedciQcLD!^>Q`{@FNeF&8vbGRDZP8|dUKx`?(vu5A5)(M
z?)_HapHO`j?)}x^?o)^Vt@<?K?$d@3wB3RGb-6A)nuOQWdT_rk*N6LcxeT7_bvf^!
zugeWlztFr!aKA1$fiLv>=@jmH&ESdVHHUj%3%KXCgx55$9G>|1#NZxJq^~=Nn#NOt
zdpt4R<0-=%8jtty{(hagg8J_%=M?UoYw%1t``=;Q-}7pqzNL9J;ht9u?s>K0EzPR~
zZ+u*@_rkM}Xx+jae-S)`FSPBPIIkh<dz#k>?s<*jp4SBKc}?jb3*(%@YqQ{U_)zom
zJUo8SXNme-eki<dxq|!nuHiNP{1WNj{e9d^bmbGnolhC=d=j|xslXc_4LPLn+6RMI
z>F)~ed3gNJr_Ori(||jl7To_X(}p{r4t%P7x^(?JNDuCO`tZ)X!@LG?|GU=^?(vM^
zOO0m?_wky*J)S8%*Ldc1oi`S6k7o&w^mt#vJ)Ruy@vPz5`$9e?{rjYkdr#XjJo%eY
zUxugh1m2LR@PW3g@Q&(h@SeO5AIh6>|9fi-p6h(rhDYk-?{f}yJ<hwRKce;ToLuk6
zOCR;8RG-29@6^tNeTJz2b@ds+-Dd(XPs4TF6dv7Y^Z%$U-Y)|l%jfV!zJRClCA=nI
z!E<>IkM0}Bv!;JEc%*qapIG%JxQ|y1|JdJ!^SSeIA0Mv-^?#!J3f%jv!u#5;!JTs*
z?wlKN=iG!l=N3Fs4sEz|?!cXMm#&<9@brEmf6tG(WvKtQavQ))+8)8z+8)E5+XU|1
zrf}yrgFCl5yz$sDuLaz>E#Xtuui%k#%i(j?dw$F<df(okr|$aMus%z0=T?TdwVlA7
zTLtdiQn+)g!kt?UzSO+xaOc*5XO9axH{s5$1s|&3^J8uu)IUkNb>Ysf4_|0IgO9b}
z0X&xv;pyYUyhiYjd<-ATC-Av^3iso5M%Q|q)1RRA4EOnM3IAQ?wt_piHN5`*uwEnG
z`?z?$mEc})G2H8|4EK6V;H}q&c~#(EZz<flRq4vDMt@!C@A-LN&aHv^4=J}M+_|;k
z6K!|k&aDe~Zauhj>%*N}29Gtb0o=I_;m&PDS8ikYQ2jkW<~BwBca_@=?%Wpe$_K)F
zTf&{&3hvx;xN}>>om-^+c>H6{s|0s$G2FS8>B=pE_uioO4EK6V;dfkw=Y=ZVxz*tV
zZ8zY~tqFH-Ex2=Q!<}0Po@riPxO3~lom-!-+%kCU%^^3>&&SKT4N?DO<u-ylw+a1&
zx=w~Ww;9~I&Ed{%0e5aoct`VE!JS(UcW!ICa*H$%=QDk4$gKo-ZZZ6F<yM9}w+g(g
z?G*0Zs&MC4gFCl6+_^R2bIq#>cWy1Xb8FL;TL+%KE#&6;IZx--L;c5<TOaP+2Jn@(
zhj8aMf;+b{+__EQ&TR^>y(`RX26t|AxN}?3mD>{Dcz5XU`7yT~^*>T>Yq)bO{ng&<
z<fgV`xN|GRom&ETZWXw5OW`fes|t5+HMn!D)0JBT-g{5T&GTb!E!5xrbK!ZR4R>x`
z_)Ob9xO3~nom&QXZUeY;8^SZqYXr~bW4Lph(3RU1p1xP>8ScmF9DY){E#S^=1+RW6
ztiK%Y+}3dC7U}zZ9GzPU?%ZN{P4g<lr}6~u+$wbCmeQvoH_y-GbZ#}&zfrl>;m)lI
zA8ES<cW!OCbL+sJTNm!!dhl5D>cgk+3-it3&TT+fZbSO}Lm$tNxs6f(kIHQVcWyIy
z`NLto&Ed{%0e5aoxN}><om&o%HLo?iBabvL&)2z?=*lgI_teMpb04p_1oe0Rd^o>V
z;LfcI?`yjTcW!mKb8EnzTNCcwTJTKsYQuBA&e?%Gw=P||_2A<Vg!Sh6F}Do$2b9|Y
z?%YQ3wYJA_=Qe>mw<+AY&EU>$4j+Fg%xeL6ZcDgxThWzU4)1(8^!NOjTQu8yU2(Z`
zE5V&x8Q#`*0(Wi|xN}S4&aDb}ZZ&vM^Qyz0TLbRgnsnvXf~Ow|xp{uft%LdxDz`4&
zx%J@-ZD(-jHh?>~A>6r*;LdFfuW4QrxO1Dro!gAA+~)9D?)fpdCF;Me+*WYswuaX~
z64q;^d-r#4CAf2o;m)lLcWwzh(Yz{f=a#~qTa~UpHF)yLu--gB&&$sX4b<Q13*mX8
z33qO7_(a<sxO3~mom&s?-1>0mmeDn@0o=I_;m&PDS8ikY@>3x<&yTrHQU7S=HiJ92
z1-$anu-=w%=eB}7w;b-=)^O(*X+Iu+u6dQ{dOnTe&aF&WZV7z;nUI_3=ly!UrKo>_
za;w6fTOB^ob_4F*nsDdVf;+c1+_`n&OU<hb&y`yb?%eux<(9$Y&xYJQKjt<>{kxUh
z2=3e_^uG@4Z3=g8Gq`h`!=2j#?%bB}MDtp~om&ofZfm-7i!=}C(_4hxN^q~Y82(M=
zR)#yb3cRcB6z<%raOYNoJGVOAxi#RK=GBBdw-(&Fwdu;O18;mj<mUM~Pv_P{{ZD)`
zJTLU&&TRl+X?qBFZX>vJ8^fL31n%6X@Y)x`yk>CcHitX61zou<;f=o!{XIYCmZSbb
z%54pIZl#ayy-sdwJBB;AGTgZ(aOYNmJGT_x(!8p0=T?I|w>n+9HQ>W9h1@(p=GH>}
zCCaT0cWzzyOxr!UbL+#MTLyP-1GsY=!sD-pd5z%CZ495PeggNu*H7Vd)q8%-ZI1fa
zD7OXNxvk*UkB9Y_!=2k2?%X1MpU30eN^s{E!{^ru@557uJGTVx^;V&4y`}Kl8KJ-D
z=W+V{Rzv+~m0KO|+?w!_wp(!L)`mN`4&1qQ;m)lGZ)je9xO2<k&TT+fZbSG|{XIYC
zHb(um|2{k~OyJIK1~30jSZ{N<b6dcj+Y;{FR&eK*!*k7RP1p5Xq;Yw^&aFgOZZSN&
zw$?M;>n(xbU%6G_&aDdXYr6(_ZgseGYrvgb6Yktv@S*0_hUdzy15eKkIdtJZzxCiX
z)q8%<-??R|KdIaXaOXCHueCjfJGTkkxlQ5DZ3cI4b9h7ZTELy#67Kc3qHDe7@Z_wJ
zv**X$qEGC-u6Vt2E5V&x8Q#`*0(Wi|xN}S4&aDb}ZZ*2*Rfjvb2Hd$d>B_AIZ(S$k
z=J_$V4(dOr+`4e*)`u^&oxz>k0Pfs|aOXCHJGU{sqj^o>&TR^JZZo=ao5Rym$j$R(
zZcEh1Ukc9)E4Xu8!|U^~UL)PRzjG_Wom&idZe_T0OW-xls{(g!DcreL>B_A}zkbNg
z^YgrXerurq0m`ijcW!O?MB5#>bL+yLTMzEs`f%r#!DG#90C#RfxN{rPmD?D;JUis(
z`7yUC>Q5=R8Qi%o;FV8?^|pjNw-wyE<#6Y=hC8=N`|<d5&8tM$^JxrsZe_Z1OW^4Z
zLT;X)_v`hRqW;y&tqON;b@)Kr4Y+e_!kt?S?%djN=hlJOG_Ni^S8hGHbL-QUTLxd=
zFy!X>F}ES=KdszGaOXCme=4lEDcrfu;LdFhcWw)~b6di5&1*$hZaLh!t?9}w(mb3`
zexs0E3GVe4!+)gQ%5djafp@i?!kt?c?%Zl{=T?V1w+1}AahO*Vo-4N&+_|;s%B=$*
z-X!$*{G6wA>!JQ`|Df03;LdFTUuk;?cWxuNa~s2*+XU|1rtq=mHG@01Io!D|=*n#g
z&u$uW^Zb}wj{3vOZ4GyBrN7;Ko!r!R40mp2xN}S3&aDD>ZYg}Ic~#-gtp;~)b-HqE
zz=t=}dWL(wwcsyPZf&@8>%wQ+?!lc~AMV^TxN{r8o!byT*1Se==Qf5rw+UUjP2shl
z2)TKFTyJyKe?qw};LdFYuYNkLzZ~w|)^O(*>H9n$=T?F{w;0~gyvlIrmcX4`g|6IE
zcv23zd43+J*INzs-&byRxN~d5N7`<|om(63+&XaQ)`dH_9$oY5!<}0Ok8c@r7{L8{
z$Pk{Y-t%K_W7PljQm?<ko!bmv{!CbJbGUO`z@6I??%Y;z=a$23n%5fc+#-$3^YwZw
z(Y4-U`mI9Fo}c@8y(Or>P`Op$&aDdXYr6(_ZgseGYrvgb6Yktv@L2O|!<}0P?%cX`
z<<^5Iw+^{^e#|XH{huhe0o=Kb;A?G<;m&OWcWzU-bDP1P+nla>E#S^=33qNQx^m0m
z)7ymHJU`|Z{oUT{ioaHFCAf1d!`s?U;LfcAcWx=%xmDrLtp=ZKUUj&0Yrvgbldjxa
z@ZN1hZk``=>!ALuFNgD67w+8p@P)QBxN{r8o!b!Z+(vNcHil=K*97j|rtsu;A%_{<
z&kJ*SP4%81b6cYRXO-Iu?%dY!`e(y>jdbt+4ehrCAIf8RE-%Atw-578;5~T-K9#3%
zueT~)>#at=L)fq9=Xv>gp@I6RDz_%wxwYXFZFk^aZ(X?8TMzE_)`xq&W$;+@8o<5Y
zhH&RLqARyCJilYe&GTb!Q`G;7a+|@O+X7x$g!Q(BJGT|wx#e)@wuU>mNc-{lqdSFp
zmEg`ThPPB-hWl}vz&on<{JdYUw-ogsS8i3fbF0G#+HSy|TNCcwT5#vqhC8<oyr+3}
z;m)lGkMA6E?!%p122WJ)`7yU4>aX*a@VqdBJGTk_b78$r;m&OacW!gIb6dcj+mfz%
zt>Dfrhx>85rt5JUX&%let!O>Nz20K@eUw`n?%XQyuC`OSbF0FgTMh2q>Tu`QfY&sy
zCfvET;Lfd0S8g46{*xg$&(C=}w;t+GE4Mz}xeeeeZ4cqmPlf%C;LdGKSN#O;+@|nE
z^)vWfK8HKE1zou<;q$wO@q2#EEl2%pl-nBa+)AI{d!5|Wb`1A=E5n^z0{42Wz@1wP
zUus@ec&^ubYjEdQrz^JxJV`@to*#2-q5kvAtqpf>UHDAfJ-Bo0!<}0OcWwi?a~r~w
z`)EDGo!c1h+$MD8HihTv@A)yeIqI+b)$qKqfIGJpy!wT({&Ki;Tf?1Or0?^1oLdR*
z++uii-;i4w?%Wc%bF0vmTM8fEFZB2PJWikAYN)R&w>sRpHQ^&|x8P&#w+(l09r#rB
zUAS}W!RM;)!_)hR`DSqEHlQoFA-wlMt!KD%8^fQb+$M16HiMVH7}nby?)A2SJGUj=
z>um*hZaF;Dyw>ns=eJ1X@;Y&DCAxBp;qwP+J;R+_0)M4)tH7OG72el&4es3PaOc*5
zJGUm>xwYU+&8rP}ZXLLD>(Z554?cfz$j$R}{?08!{il`N0PfsI@U^zb@TK-UfkzJs
z<C($}`3&yd=J1;87x2z6hW<;qb6e4sTMqB3kLSnSqQBpJU2*-dh3AD5+_{zEZEYuT
zueS=^>n(+Qy;b4Ptp?9DuR7f8tpRs#O}cVx!8^Yc^7s6hTL<;`Qf^(ibL+zw+Rot4
zZ2)&}L%4Gr!JXR}-qXA$aOXCKJGU8Kxy|97ddSW5V{S{-KUKM{;LdFguYW15*GTv7
z-_w3e@Jt@Vom(01+!FXueJb#=JcT>ADqXqN;LBeQxp{t`m(Onv)W2A{HQ~;!4WDSc
z1JAYJF5K&_2X}6LxO2<k@vnq=4dAVZ1|Pzm+la2*#`K4UKAs<Qo1*?h%54UBZVPzj
zAHsTD!u>d1!JS(UcW!IAbBnYek3ZJDO7L9QAu-&!mFdbYfyWOIxp{uxuh(0O`X4H{
zD%`o%;R9_q;EDFzggdtu+_|;k&aDHlsec!~d}Nq!5ANLhbmf-8=Z(<E^J8v9)c@Sq
z_4*s!xlQQHu->NdrS?06JGVL9xh>$%Z3&Ma73Q^qFCQH|hdZ}5UAaY?hx3^~CiE%6
zz20K@QRP;KJGTnFtL+r-$7vPr+-h*=R);&c27IY`HQ~8`{|)Zk+H~dCfw%N`*gZez
z>D+p#f2nfo!<}0OAHFE8&jI{9zZHDA#YgaGJTcUd;SYW9Sv&9VJ%NAV&7pn@f04#B
zgMU-wnQ!q0{J6%mgx_D|S;4Q=cyhS&S;L)A^yR(R&u{wAFy9jV_s<UVjp0|Sz6^gs
zHPk0?=Tm_@pA`OQ>R*NTHJ%#$&8n}%pQG_K;WKTw;GHLh$9o$-mUrN}ya!)?CFI+O
zN9Tq98N4PRz<cr$e5vg*+~c3XGxeFmJ$~oG$LSpPU)SSw0r&godtB_ZLj9-JCx?3+
zk@9n&#M{2#d2~jR=NrT4nr|8I`R?{pAD@>hsQ(X*GlhGcHF!(gb-2gbfXBZY)<YBS
zak`&#@HpG3zy4L>ao2%+oIUtZ+kLplnZX+x=K$_;x*x|mLj5f@&N1BMoWj@Ip27V%
zn!_`Va{>3`XbE?oEBJji&K&M_?s0Lx(O37LSMQ=eCAh~?hF7(nz&+mze6IPXaL?EM
zIL;dCAE9y9;T~rb-qm&s?s2x^@sq<k@4!7y_v1Kws6U`__Te692KVtDz<b{gkC!1l
ze^WSqWBB+j!6)!6xyjBMWD3vaGx{Rlsb9c7?j?Nql<@arR`ABYu-_b>tAF&hz3VXb
zw(oV`Yds|NiQ#j38D9IvP@lkiSA=m^;6v5#?jPsdD(YXV<5Gh+-xlUmhx_<8;9pgr
zCfvuj4IgN`17AKo%(n}V9}&C<ugUvx=aa!3s`vi6{)ec))_;U`JAyl(3EX*2;a*oW
zc=p&ZuQ}Z7Y5{-z?}Y2dB|P~`@D=>Ce-b>0zfRY;Yxp_O4)cw^zIQ$QxR>CMP(Cr-
z$320&Zw2mrQh5HHkWZDa$6X!X*LDLwzasQ$!k6+EJeRlO$(5l`2cF8iaQ}Uu9{dlK
zo5#y_n4$hc)eqp_-w^KOHG;qR`q$k#BaGpGo}I$ocLvYj5zaqzc>Il<hVw05e+O*^
zuU-|_Sq@LtXASSYC-jf>ea<bDm*8W044=x&@VPvJFXa_@>%Cz-DZD55{5(z{mm2El
zKMaq%I=uBSA)f}^>#7NV$d5vwHhiM(4%|6+;hDzYgAe6>_*9<3=kfu3DIdaf`3T;b
zhMdRnOz!zH=PBxcQ~Au`&Up@Z&I|ar)n^5-enaaS?wr@~p~fHS`#k=!yab=iWB5{D
zhUfAG9=$K*S%K&B6du1n)O&s&=k9t&{avGQo~gr~a|7<2oA5WPPa8hbb_ed9yYNKg
z@4-`fAKs8>@Roc4@5qPno_qu!%E$1j-1B43Q`G;P@|nS%^BnG+7w`+N6^_>mUR`ND
z!=3XQUi)BJCy~C-<8R1I@Qyr&XYw+9C{N&Hc?CX~r|?|v`FWhX>lyX0Rz7vOb8f($
za}$1xGeXX7_(a<sxO48pJF}2;58jja;X`=_AIk^useA~Z%SZ5BK8D913FGwqnDZ3%
zP31F#JLfsvIWOQJSDzKU`j1-AaOb?He@yFH-{<ky<Ry4Z9>Y8GGQ1~G;F-JvAInqt
zT<-aKoV)88_1C|)&d+e?+<-ghCj43I(}qv9-GMvjF1+?ht!H>c-iLSO8N4SSz%%&}
zK9rB(Q~4OalzV>6d5ZeKP(CxbbDqPU^8%ipsq-_u`cGQVaOb>+kN-~VS>NaJPvs@}
zQXa!|c^MvkHuO*6vAjZGg!&Yo$~`}ib9X(X{<!j~!<};j?wp(O{4AZH;S+6l;Lf=V
z?|n||8J@}e@Uc9DPvrynTt0*^<s*3Xg)p8mJdt~T%z29XdtWEyGlM(lIovrf;O|hM
z6}<XQt!KD%Ueh)HNZ;r2*W@L5OCG~J@-n<9PvDun0w2p$_+0M!d7QiJ8TCI<K6SWr
zZor*$6aKX8YCXdz+U~%ea~D4Ud#z{qQr?G0UkddZJeCjOiF^o8<s*1QK8APXo*#3b
zqW(?FX9jo9bGUO}z$+!4pW)Si)_R6J=QTX}O2{qJ_j&xOyaaE^V|YtmhIix%yeF@~
z$6pKMN#S$3=jU<mu4mL=sC?>h=iGoh=O+BC>eGf#wB3O_=PrDy@%P}lybq7RuJsI0
z<O6srAHr+$5xgfK!-sOuk2z0KfBWm{{0w)_bGUO}z+b99D|l6}N9AzmyoQf8{z%{F
z@lWL?_);Fjb9osaT@{W?0*~bt_*kC8=W@@_<J?`(sQ-fUsl%Of1MZxg@W<=*Sbv}Q
z>-sk8uT*^p?s0bEUr>DyUV3vlFJ*A|9l-ti{1Bcz@Mb%&_m1HH_lpU9rR^y^`_0g2
z24BkO@btGr{Q~ZP_gTVgs`vh#vvbQ)|B$o8<7f@{zx$N_Psq=Gs@jg>`Ln|~%kai?
zf+z5?yaM;UQutK$-oMA=dDT$=3eBqy_q>|$zP4NNx%S(JFXbJ0^xI*+UAX7fgU71(
z{yDD<^=r**0QbB`@P)R=@I?Eaz*G4Y-jL7Wp4S}SQoZ-jc`Z@@&>z!v1>Eym!z=$9
z)@7u7_pd!S<X?i%<uSbVJgr-}=as;hs`viAU$4Uy^{>#ps&LP%4)1Ea0UzGxCw9(1
zO?WPE!E3h-^=-K4)qyuu@BMRLJ=C9dgK)h1aL;Q1pJ{stZ)v|Hc$|dskKt4K1nzlF
z;d9k{|D4wx^-t2g7I4pN1uy5i?uEzq3gchH=kiG3=ket765R8O;lq1}{@%a)cpWCF
zf4k;YfqPz6ct_hc`0x+He(UhLyaDgLAk;VE@gD|n!E5q1ydn3vINvVnOXr03*@O4B
z?R)p}bx4N#bJb@EUub&-pZ{@~*BBnZDEI{4cwz7<-1*GlE%lkhdvcG<^YVIFqW<BU
z*9z`j*6{ROI^XKv{aY^%<1fKG@)(|JoMpJ@o4~yuD)65Adt4rm=UYYnDb2SA_k0_4
zZ8zbbZwsEjH002RXBuY*?)i4%o^Ow?{(ZRTo55eG`3~To?+Cus_81-ywQk`x`4m2V
zS*V}EJ>NOp^IgDu>hE#!_^wcYh31>XJ>Tfx_Fl*KyzTp)XV)mIy)leGhWGw7cp2W&
z{~sZNXR5Ejhw>CYl~>{JUx&A~-GKMr5XRYrXYv-@zbEN_%(;X5g>vq~{d<zTxhhYe
zSNo{{SFca_Lfb>QkIM+&(D53>o!bQN<1&T&xXj=_E_3)?$IIhoZcEgceq7hLaObs#
zSN~n-Tiv_Ab11=EUbpc1E46On&LM$2hYH*|r0}Ksd%PZ}&r3Db-&Q%);m)xMA85M;
zcMffMM>%xhy;p@Cy6~mE2X_vAxO2$hnfiFV%wdT72P%gV+&N6(xwfb9#uZ^+Gk7ka
z!_&8h`UTwQ=Ox_d=M_A=GW7AdINvqu4{5&9xA&fheSVJNnYPPt|9)cvUw$}@rvlIA
zDLkHq`YJq?*Wq1lH{jWM`h81yP5W)Z=YJLU+lEh7-+|BN-am8hq5iqbxexd6PdZoj
z8KC~%>NAA9&jjB7k8oV4@a1*OJI@3&c%u}233s0re6IQ&-nd@qvxa*dk;diurr!3w
zo~N4Hj^Q3h1>Q=Mo$uW3r#{1H+-m2uD(dI*2HbtTe~)vl`WEVQxpQ*8&$k`a|5zNJ
zce-%zw-1m0GaSbZzEsWwczpek{}A4~WyoO!@5smShWbq4wX;M2DSW6tGx%6Ohfn1T
zctib{@Zqh(_*d{u^*Ma0`ZYXPy>sR9Dk*RKqjkJucz)Zk-V%7{)ghl0-jmnhnY;lX
z%3JWUyaS)gd+@nDgD>SH`1H&$uQC1D&37J06L{yM;8XbY(%^IWLj4!;`01g332(?(
zaQDyQL)EY0wP%I?(RcPf-z68_VrO14Jl8nO@ZoQUJ_&p&ufRRd6rTQ8=u?GvekXVh
zK0Fb|*?^bM3dgGnul-@@(}H*8ZMetTfsa++h1dQl^zXr=7Y6UcGkFGYTpsEN@RocC
z@BMM8AHg&E1YT1<Q~I4lo-=ssC87Tu?tB*Tx$2kjT)u+WUK;x6@RocHcRta2@49t9
zCAjm6;m#+4H<eEXzC1VNlfrv13*)cColgxuSA8Acctz;bfDebkoACLc25-URR|Rjw
z6L|;Tk$2%ec@I99_u=WQ!+taPQa*q;UK8p^@cNI!aUH{3PYwA`;Js1kGle_<8GNYv
zIlTAA&}RW3z9sk)9=|pC3ci%*@LaxzM{f^(O5fePo;zBHF}!zGs4v6E@&xW2D)8Dj
zLZ1}gl2_q9c?~|5*WuAB^l!rZnpX?H)cD)*Sp7S2&#Mb>sJ;j9$ouf2JcBRg19+l&
zjo?GgYYg}Cn!xja4*5*sp4SXs(|G3amV5#4$(Qh{d<FOMTEi!rSM<HT>(j@pM9;&#
zVz}p3hWmIWa38M<e5moK@TI&8_wlO3+uClxqYJ}%rU@VF`mF``yxh;%$-6)Apgv3V
z^A0?ITgbN$Fa1~W4DN9b;KS#J{D*Llb3|AD7@o@~@Y?gVZs9%o3_h06;py{3p9MUZ
zFX5dRg!&ac{k`Bhye416d%qv*BjxJjmC2pAJ$g^bKSup)bsQ6TTl-7lb3Kmg@S(OF
za39|${k38IEx3<w8=k1X1Fy-u@Rqy>@5uY`o;-tR@&SA(_q>_&2=x=?Jb^ps8GNan
zm+<QM!*N`}opTQF=y`b!cg~UedHk85$KkzqgyR*%hkqWt3?IuA_*7nj&*dpRes}2a
zd3&5*&o$J4UO6}5&bbA5&RzIi+da5*?!yy}GlM(l0lcRAAv}6-nC}Rly)XC}K9o=3
zWBC+5mCxYu2Sb0)n>jB~{{!W`f;;Cm+&RZT2<zAV+uAO}opS;oem#t{0(Z_S-0Qgt
z_j<0uy`JlEujdBb>$wT{dTznJo;`2pu=_lV`edJ;XW>=l+lMc;oxz>w06tZoL%OaL
zMsTm&G2H8R0{6O|!o6;1aIf1r-0OA$_qz4Gndb`i4^*Bx-0MF2;okMx^tSJJUR5go
zqwA{}zEqxNxYuU__xh~By*^X8*Jl;(^;v^^eb(V#pAERz=kB~UU$4&=>JKT;Hr(s8
z3!iJd2X~%*`c>iap23~x0PgiUgnNCC;9j3&xYy?d?)5o^dwtH}UZ0*f*XIKDzoR^t
zaIeoC-qY(0Yq(!$i1c;uH~#W1caCTY?mT07qUVJ&Jd-Ez=&y8shR5<0p2(~4R9=HO
z<bHj{^YZmT1N9$Lo-Mear#f&yPxatl|9$xD)jxxKd_(wJ+atKw{}`U?cun9wUQ>8S
z`OM(ihxGgok7mIa@L0ZtC-N0MmFMv3M?!zk+sDg!Mo|*hqs}uc<ynIJd{TyYw4K16
zX9eC+o+;dUR^dyHzXor7G|a0GpUNBXxx5Kq%3JVU-iF729ro*aGtVyS&$?Z>e(1q{
zKFQ!KZ4cl+pA6w0<vD^o&oMmJ_$Ty_g?UZkwT}m%!5i{9yd_`2JMtyG^*5ov=gmBG
z)Zb2duHk;Xm#(#UJ-4(S)Ac%V8J;Q61nxX5@Set>(mxUARfT8s;5GPAUWbq64fs^v
zgpWTN`nTYIytm;GQl1^S^X$PF+U~>sc+cQt<vD;m&mnxS@sHrGPlb7n;kkSQkN!5)
zPvNnA22bR3_*m|Fm!k0DJeR0Hq&!z}pFh{|#u-Vp^Pzk9cb+BqTzSTD=UIl&HU0$N
z`gF*r0?*|sJo-$iufk(_4W7vB@Uh(U_I#aZ6ZOBXJX>(**@4fr-Gw{P9z0i`eYo??
z;B$?CK>xdt&k(-+Z1530myhAmBGgadv3v@TJ{RgeZ{|5i{YZH(;C?<@!E4tJ>obQt
z&ow;$O1Qp_^nD(W^DMy=jX$P;KFq5OPrnd6f!E{}ctf7TTk<Nr@x{>J^Y-|?KI^Fe
zsPb&Uoo5R^(RLf|=l2dgRi0hA^X$Pp8h;<&`iC&D44!=@_y9hX58-3^2tJjM;Y+#a
z%{-^5|7YbngZuet0Z;Y&Bulv0=L+6Xo;lokuHlWZg?u9I$K#*MOYrpTp+1J!<Yjn6
zp1@o33cM%xygeST&noKAxqZ0)tiioL8}N~~n{emZf_Ic>8}2+i@aU@{pDw&3@4=Vy
zK0KFa@JPpH0FUKEcq;e2ndcbwcT=7dxSx-va37Z${ITjYhx_N^1>Aj>@TaQJ3ZCoV
zFLJp1tl__{K9Ro9Ih3vw&j0>>D7$~&k5T_h^-18KR|@yPXVu^yXB~cp`ZwSnpMUSh
z<8+@E>i<T4+VGP8ou&hKpDui*K0UbS+lRYP2LFNj4B+lFguBlOexo~t$NL!W`S{=A
zna>pU=c>;P?)l8&{{O!$;8&>667KpH{3EK*;hygrzEpkWbsDawBj>iee&y~HqyF3K
zQ--@w1@7^s@Kmo$SK&2z4es+~9o|xX13s2F;r@NgHr(^?z&rZ=%r3kq@4-FJK76S9
z48D{P;QoEf5xjZbaGn{%{k$`QXL{b5!adFzJlF4e&gqwg-_uyYv!@4N!qaC3U%}_U
z5j=-?o)dfxkAF9Kq<Q=CIDUTc5<Ja<$MEqV1uw&EFAAQ({kW^Z&%fh!cOD@r+~@f!
z{9&rE!@WNrPtVJJTBt9nPY3SDT@UW@4dB&MSU*F!*Utz(*7_O4y?!R}_!S|~DZKI8
z;4^si`rvc;_)WnV@YY*{FX7RZ!B_C{BzO*Qy*v0Co=k&B%E`xN`GMdi`0&HQW4MoF
z8U9`!#|k{rIDCA(U-zk@{u%1ifO|c(;2vL>e!Z|BdT_6YK76kAkioqk2JrNYA)g^U
z`cm)_JpWqoG5xCG6L|EG!Kd)}o55%B@qYxL!<XL;zJU8Yu!Ns`r*Ixv!F{}P_{~)x
zDQ_QN?=ObCPZ|ChuOGONdll~SHQ)<vH{m|+EqLyqU*JCO9eDixkY^XZ{6X*@e0)}T
zJ){qxUN?9KUtTZx0G^*6d<b9OH24Uf+#>iG?))e4=j%Am;69EExce;Ob@j>NK914#
z!{f5F^K27E9$y*0&~^fkzZ&LMfhY15?&Da6NBcsb8a$TQ;Wc>!K9)D()7yvsE%^M7
z!Q1fKor8Db&Y=gdeJlJN-G@)V9Xz9dH~0YF`a$p^{fEIv@ZNs~AHzG}4?cnWJTrxV
z!|M(1`Z@f2s&^h<KfCJ?^{@0ggzv7yv-hq;k2{9X^!*k1Lfa|4rgd0_H{><A*Jm9*
zyiZsU4ft5zgfHbSc;miWZ}8UrgLmMan${tF`3u4OaOaT0qkj+UVF0gvC-@LP{9f=8
ze5v(0rfYpp;JMc46u#8@oWXb38~nhX!}Fl$_dnJf>Tjj`9KO5Wer(HngL`}xc;yD+
z`%`$w>kXcHy}@_a8+@$#2HfYvCfw)47To8<Hr(gK4&3L%F5KtC9(<~C_Th7R24Bht
z@LWEGM_&u;d<2i>V|XH;!hO7E@Kp74cul^5H{?rrOTL14<T<=2U&Awbr1j->?#D$5
zo@<@QaKElnhR;=>z`Z}`<o)`5o}&J@)Tajb^Fagd@wMU2bHd}O10O1fE_^EQ(e?Y8
zefU!K8QkaX0o>>9A>8Nf5!~nPG2G|v3Eb!HDLmIWXYlCjVg1kHv3vnf<V$!eU%_kg
z9Nv&eIzC<xK3*kwOZ73lBQL{y@&umAEAXK_g^%S`_*7nl`*Bf+Ke`g0UmEa8x$Mq6
z(#Lzk@5Q!If0p`m;C|lf!9BhKe6H;wJibcjL-<_t9mD<nGJ&U$4Sl9?pJ!(9cWPc9
zm)C>O4-3?vRQ(F>=ifEl<A{GeoDbZ;s_inop&Sx;t{f_G=a9l%PY5}9Ki;qBRYU#9
zyiVYrR}1cWb>Ty8_uxLheR!(*W^m7I0Qd3rempO){}JkM_>*D%kKsPvQ}{~TGq{h-
z9Ny9R7jTb%3HNdFemMRd^-t0G*YK*h<Gt&ur|lT-*CopE%<B#A@mJt+Gpwr=p2(~4
zR9=HO<aKyQ-hgNFCVVJw!N>A8d@Aq2eSYY|Kdk(ntB;o-M}5@4LG=T;A4em&$1#Oh
zZWxa14DRDNhmXAu;XaN__*^-x;7fT9&*f`){KT*xB8}Jir1BEHA&=oLc^Tf3C-9!!
zIeEW6E-C82sN+(D`?xgVJ}zzeT-zPEk4qOm*Kz5=eO&tRO!La%L-_zcmJi```3RoN
z$ME<`;W$p<HTe|Ykk8;PxpU%iS)hKc<FbPLxUAtmF7b`_p7*-iF2j9X5_qoTQi1!p
zr0|aBRfYHDHFzek!^iRld@gUob9oD%oEMH)8=lHL@S5B?@woI*f0LgI&zl+C$7Klj
zahbrA8;9dGg~#6r<DbEM@;ThcWdUz!UQ2jOzJhn;IXsiE;bVEEc{sPZyadnXF+BR!
zFyAsfmOCf+_w`H#^{I|a3itC<4L;I#9X?df4S2i?<7~p6e+!;y{B3wD@4##FF1#i0
z!F%#Pd??T0Q~3Zsmk;4fxpQLvW7I!J`A^^#ou_8-^d@2b&*{o}0UyejaOb~*=Nf+w
zkDeTk;~E~zBaO@RP30wcLmtCB@-jS=C-9-X0w2qrlgH!rUq$^T%D)Ep^GyRj(RLF)
zRn9GV`i~*EHr)Al=o)_)K9~34OL-q2JtgcngD3I<ye1#QTk;XSBOk+ia_7YSr>K9i
z@}I%|yt06oZyMJB67J{a6}+MRbGY+g!!wOP(tbSt=+cm93GVCs7=Ff2hvz$wcejsT
z4@pq}Zl8zYetxXMJ&q=PpzRji`Ly93<<o&XpDsLqM#!NDue~sMAMSiI_yOhP@iLzw
z>Tjv~G2Hn~;U32VUcQ;u58U~z;F;GC-1)5G>5D@Sk@n+xEnlPc19v_#eCqWB_s=5<
z{OPJs;m)T9FKN38A85M;cRp?S*y{)Ge7f-E>$HC0jdyDOz@1M9zwKSZ<ICf9&dz6u
z`p<d&z@5(&-q-d5p8SN?58U~z;B&7Zxbs=VTkq2P(SAIyOkRS=e;MjyxN|GRAFkXy
z5BGO&71UQ%UxhojI^5%E!3WxI!<}0Po-4O5+`0AOsdDJUTk?!P4Y_$-%wdT7!^&X{
zcMemyb6C*JT0d~-u!6_`6vmmuox>WwyMDAE&ue%6z<1XV+}BHG_|v_9;EBeO!rR)e
z!ad&_Jk@;baL=~^_i=B+ecW4g9e0n*`FOq^)W1mc?ZUlo`tYT;GkDMI4W7w|aL;!H
zPxSs#V|YzIfw$ySxZlre2JfkU4)^<6E#O1dd)~}*h59R$XAbxKVMR9&j}P~0dfWF=
z_!uj<7(SJk>H2ri1n&34tib(#m?_-vhgpUD{V;2AzaM5D?)SrN!2N!hyYtq3y*^v0
z|B~`-!~Op|>%!;S?!lMJtq;%T8Qkl00QdXS4B>uXni1UZOEZT1eQ73ezc0-c?)Rmc
z!Tr88p10SP^IV|5^fTeQVhQ*EPb!DkZxPn(8XmtdoVO!=-TO`CCAjm9;eKD5GTiS=
zlfeDHG!?ktmnMb#eQBz2zb{P<?)Rnfyge`H*+Bi>m1h&~{~uo)KGSvwUeo(Ccj29X
zyXDR!qz8ANeYoGBIfMKCnFnycKl2do_h%l#{r=2jxZj_70{8nfPvL%lX6M12=cs>*
za$dk|`u`oR;O$$6b(_QeKF@2qa*p(U9*=V_!TmnZG2HL-T!#C7o)fs==eYv+`#h&`
zzt3|O?)Q1F!TmnZb-3T>xdHe4JU8KfpXV0b@AK@uotqyo9n?QV$FU1<>Nxh{{<{Mi
zy!8{|?;{N0J^2v6`}ZK=yMGS?-qYV}n7}jn6u$fSAmF=y4+6gX_aNYz{*J>EzWete
z;B(dI@ZG-$0nct7ax2{`JU)E9q9km`@S*C<@Tok3XZu3`3VbL};bVCfK9$$tb9o)U
zlsDkHya}J)E{wAUpUd0u==Pz$1CQlh_*9<3W92-6CwC0}hwz4c0(YM&JXQS+-jUDY
z9>)UizB#<A@vq@&BaA<~_1<;Wl9%D`lfY}LufTiq6z*|U;qKdj`|r*);r_chEx7+~
zP8aSzJ-GjFP9N^So0Gvkjse_#$MC-LpTHY0xmC3Jn8JJV1>Aj>@RsUV@S!}1dmL-H
z`^LA~yB-?*!giVd=eH_GA4Lf~lUL#HQ-iluUx$z7Ex7x%;T_d?;B$Ew?)miKGaau!
zJeOzi^1fsfLo|Tb_9YvRhH#I21a~eIcu9Z9X9{opc*uVSZ^`Fy|J}wVe68&jym9@|
zKZoZx3hwXo^O0ZQi!@$)>8|1D7th1)>x~%ow@`f<?!Px#p=&#Z`|tf#;f;5N@z>z#
zIl=32|J}m|+<)({3HRUoYr$*k--bJf4*VX<p$qrl`|HDp+Rosun}&G};2pWYkH=+%
z`bTR#W4PDB6u!{*4Bom~7|$Huk^B2No+av^sqw7f9#0PU`dq_bt3JM-@_t=k(&OI#
zS=Iab-0s(_%cw7%8`ggX?%e&n%04yJ-&=heaOdUcH}+|x{)qZ?;T}&P?s;YK%hhKH
z_jsmo=QV@-I%*F0b<_&(J~`aiQERxbqvCzZ=5!o6ALr%sx82tj$-ZP$zFY6>it4^(
z!@KT2wSCEkciq<&^?k{Pciq<&ejf9FopW<vvMJxK|DbYi?@Knk>&~IOFWK;}dpy~`
zWW&2Y+LvrLqrtvpbGPfsyTjvgxG&l8uGi%LK9AFni}Ai>Q@&gOZH;rfFWK;}FZU&z
z&1kkS+1%}V`f;5H_9YwM^_qOKFWK;}=TExv&bIq`JU)M}_9Z)Cw<l?M+~x4umv6gM
z7u{}eeZ||p4^>h2*)Yx+K9`r_EsZ~cN1qCPcK4(H9)F7Zdu#kvxc@Fm9p2Y=1McU+
zCOlq*@wDK*j|OkU{XE!#`+2Yn_w!&6o~ggb>*M7dGSojtISk-_9vs1!+8)E_FS_+k
z;uCml5PS-szc2U<o_rwqoUZx>d?@$0INufO^Sf)^!q?jNz5Dp_7~OvFdcM{@LZ2A!
z?=Qn^e;ekNz~`S1UV$&=DLj`~;n8P8pBmhMce?@aYr6?g>$llCjxBih%fZ|5#`nX1
zJMfOY3m>ab4<7$8^zpcy|L(d)ef8cU{{cML_7HyNdDq#Q*9iWA*90HK@4PrGtY`T6
zeZi;j_dPrGnZfV*FQI-8|F^@TegS{ZcS8LVp8Qep75w&c&)d0q-L6spDCJhV!`}7m
z?~mbL4`q1tD`7n(@K|1fC-M~T^-zU--PYh=ylcp<0q<yD9r!<}z6W>x5Pq|-p0#t_
z$MDnYKZk$!1z|i(xa*@k?#;RUw9r3>_tZaypMQhUzXo@G3;xL~LjMl@h3cQd-~E=*
ze+YN|6#kKqh5mE+Q2lfG;~pIPM|awrgX<G``{toOg^$#~0dJ{)3-0<J{LB}J{u%s@
z>OY2mSouuhu3y3r>v-kxE7U)}^WGfpq{nXpcYO{16|aBzyVbt~?{%)Tvz~i!*AL<M
z`uR{lhELUh4!=<OFX66_DtqVqJdG!Ye^C8X`1@}k##4j4z6HNT<LSU>>Yu@HuE+Zj
z?)oYGr_R&*htJhNhreJH>Z70Bn}h2Ucu(U`;Y;;zz~BD9(7y$DeGh)Q^3UKa^&i7O
z^|H`^3U~by{(YSfb9k=)@lWl|;g6plj&A~YeGPt&9={EERK4!bI`6>0{>ae32Y3At
zezR+Z`VsuOIxb`QCC?1`OyJkm^~Mx_Lg$AWe4uqQhxc_ouz>%w&I3#ME%p4ef}iz!
zVO}}>=E`#o|2@qs`suyL>+iK5O7Od>PYnN*&YuaqsqG5f*BdFk@xpMuQH6KpHMp-g
z>Tq9gG~hk;@wiGmtEu>T{x8GNvn|vg(t2ydeI3<>kG0*S|52D%AHLLhGI)A<s2{*R
z-yz)d9l@9C<8g7m6VyLT^PR#y-#NT=m#}UY@JRDo!drtduN8bO&*7f$8t(Z<+P~+O
zzc}>wxa>Z@G3sBU`Ih0HZw21cb_#F2J?ys%UtSTs29K@`UWfNy5xfD9<V|=i_qaIU
zHtHuor}HO#uI(OtqU}E1^UdI~<~4w)uMhJY!W;4teEhmlKZZ}`9vA03Mg1o<-x=KV
z^}YM}=cxtiuTq~C+~1$WozEJcDxc_Q_MUIO9!l_<>SK6AUWWVUsS3QM?G*0wa1}oM
zbjZI3U;cIQIz0M#@CMwE(<XeX{vMa}_v5sU`oYg@-NOAi?ZK}-4$p%_c=ou^XAHlS
zo=@lSvFexbSLpgGy6fKKI8%KLf2^)I68K#8DLj3A7-tQBt2=~wHQ<dWC?EKj^mAec
zZ>fF=zoYt(;T_e_;cwOT(h}ZPeGY%7JUVx8ZdWSL1fHorg_n+m9BS~P>Ra&d>pH3f
zAFDotxBB6FZw${>KZV!y^VA$3H^Xts;UBnp7=N7Z%^^{J0>7uO>r!}C^$qw-bp6?a
z-&gfL`1yJrEQ3E-^<(&x{!l+Jz#FQc!-w)E{FS;M&fzQ7M|azsPcDz)@6<X>;cL~`
z;Mddnp#_hgsK*ifK6-tx2ai=hgirPJ&KRDkehP2N=kR~mb$AXRsy_PJz4@G{^GpmM
zt3HKauAe(<@Tuxs@b@U^9{gjf&*10iaXN&5TJ>Z2Qa**hO6z$J&sD#Kx6ae!4t`tx
zycXSkZ*J=+hx!D5LybR$pZSzf-+<pl^&NPu`X2nQI^PcAsp`k@`}=ifcuVz5_y@EO
zb9hJf@jdqD(9-%z;hE}d@T>Iv(tr<D-+|x#<KeuK!N;l}!au6><P@H(ehz=A^2y=R
z{&2jad+wcYU9Srz@Kp6F{Hc0gXuxZ#Z^56e{ylhI^%?vD%4Y~~sD2Ee%ct<$XdTYs
zx$1NH2lV<<bg#Ynlv^RU7@o)z__y>rObuRFeFOd&y)N2;H&ow)-%F2|3_e%=5Z*cv
z#y^JFmGczdQ~eVD%X)r~?!7mksp@0+$Mm>M;JNB+@VVA`1D>8A#@~Xs<Q@2Zl}`^o
zR{aqEa-ILD@LctC_<MDowuDCq_4ump&F9VPpTJ|)r|^G!wyx{osp?zscj)?|1AnaQ
zd+?S#gTLJWJ_zrrehP2vdT9>NRKJ8T<vIL*x~_|VZf|bsp^#?+e~jvD@S5ry@GF&n
z3*JzD4}Mbf8p2zuAH&yryiegB)i2>ct)H`U_*nJP&+pA)E|1|K_RkCO=y1rb27izq
z7cF?K`VRc{y57j(4b>0ff1~r~7~WF-9R6w5=kSi|qx<a5;m$grC-9!?Q}}oNID%)Y
zZ@_yO>O2Ggo~}PT@a3scpTU2q`XM|%9qPyMp?nJemaZ%2@Tux^_<MC8i0->Lx4G&Q
z_?>heScB)PZ@}BSF6zMJi^IHn@bmP%mci?)AHp9dAH)573sZPY^>cXq>tQ@gxPPA^
zhc|kmKDyuD+-koOJcj%C9}@Ub^(j34?a-$N_wQXa;PdB)`VQQ`*U^JVF9`J+y!Xe!
zhwyvo{4<5mUKHx*@VU-2IbHS9{rBefY5!agU#dQ#za;E8g}+DVp9Z|~@=)J`e^~WB
zcvJNme58N(8NyqtpTeU?cwU~vpQ-vBe&)-=b$<MSz4>ISPvBqB`LG5bs=fh#l&;@8
z@Tuy1aR0td29I8$bpoFbgOA~FQ*KlE{FR}83IE80LvB%RZw_BmeGI=$&%X)$pH*Lj
zKULQQEqL^*FrE(lGa63@k5xZ}-%ZauQ+P%7bNFBR^&EJr`sf$-=HTCtis22_C-C8G
z!@N@XN&j31@4Y_Mx8UzN64qx2o~gbEf3-Y=zem?sWB6G0Q~0@h-dV!us?Xt9`rl_C
zm_(ZozfQhZeFFce@=xLM8$u2>c=E>J4ftnu-s`|?Zw~c6_*Gh0LwG~=W4M3MZ3^$G
zeh!b{685`<f7$0}_)_)pgZAcjSU-=a@LcsZ_+#~YLIWO+!+1Jy{~llu9;-fsr}81Z
zrR#?=UG-D=Qa*>Dd2TrW<nZ)uVf@j9_vTa5c|L*HRG-5CFI{&Y|HZuj|9>ngBxA2c
zV`(|o$#z1Hu~j%SIhK5s=Ezc6&XgP_%iy%wG7gc1u|%>>wz6eVWNnTm$u<ZPH78pU
zeqZMPJip7_E|=+#^SOMlzqveL&$&Mz&&Tumdc9pPzo%879z4+V0sL)!FAm`+>-iWy
zPx~~5hk8DP57RxZfX8~igbz~A_968g5<Tz0&(ZT9e43v3;S+AG@(<yuo{!*v)qi)C
zz%xCc!snacMd9=Gd;#yXz0RYa_4m#7ybT{|{_X%@sOLTSr#i=dc%kP*_yVnO40j%G
zY5o2$fv-@X$>6S@&*5Wro)&OV&zJDv(UyOFuGP!=<Num|8)@AgxHGeQ-i7b0d!`TX
zt>**ygZlj;g8O<thMWH$IDrRxK7+rnoO5`j=L`5ec?n;s?`2l+dOo?Hci`WsKf7@2
z@hUeT{%4(!0lcf8kKnKByi4G&o=@RdX&p1Tr{@cJtmjL3sOPOi>p4VER_|rQztp~P
z;NH{K^B(*s)p-DqW>?RL@aNTsBlsjepTHOBdrAsV^n4CKMD<+2Q$1h8?PsfbT8Gv1
z`C0X2!>2u8J@3LlR)6#0sh$tuFDr)-p6U4rZqKPcH->wv!xY|C&u8#=REGuJ)$=9%
zc=ciX@OnO;o_F9KbuN2wU(fsSzia#e9_slJp2#EkdWWoI{r)e8r+Pktcb!}1nZmzT
z{bz7j&*yOag=(Av{<Z3%gok?G`YZCBSB+!Cmuo&QJbJl$-h;Pzw8bAe1n^kThw$F2
zpBSF#`2^k}t#VG`)AW1}|M_3l^94NB^VSjd9Qx@VYr``=@4|cPd!Gl-^?U%|P~Z1M
z_(DA&!^fN7nc<7|d<OqW`zwc+dcK6W)qJcz^&HlIrCMJHew_Zk<H2n`@55hHp9$cO
zo)6)HJc56ub2)*BdOn5sQXkIYk)AK$JF0J#@I=qsN7nN>U-xGR{+6Ei;6IxC9(<vm
z58<Wm0};H?^9g*p_InCnt><(2dgl8M+<vuMcgwH8@0(gj2kz*37v5R>)Q7uzK7cPY
z=Mmh~^D+E=b1uVuJ)glh*83LlSkIU6&sA@B-+B&-o_FBB`j`h#^}G+?M*A*+&(re}
ze0x0~!*e~K!go_W=kQX`7x2mY{#C+P>UsO9dJcWe-&x?R^}GjPse1O|)@xP0jfAKA
ze@F20gRQOK|BZ)RA66d2ZTTd)BTwMwziXWazf1Ep^J?|SEdKxh9)1>{pQ7h8xcR)i
z!56~K`xbCl^Irlt|6OYd_w>B=H|LL;oB4mLeP_czG=G<e->f=u;j7i(JosnYr#^g{
z&Zz+YqdbKFrv5e(?zZjt$NNO^m3lsg_cOm6z^~Q!mlXc9>NbN9)$e0Dd{_0o0)CM8
zV+n7kzGNL;Uzfx5ybbr|F5J;L-QizpeLeUP-Fth(SLk^kK1R>?gMX?z3E-#c{2dJ6
zS@R6xm+JSEk?`a7z7c$q)@wZcH`PxJU#WRcf}8m#aPz*?;H}2!{s~`uSmm?eEk{?L
z!8g?N^Wb|cpB#Rwa##rOpm7R#XPp;I;7he1OZag*zgEKgs?S@;)ax_QK57LYq;YKc
zrMfS*g|E;#>%h+)Uwx103h$!#b>aWk_}$?f-BXR@!KbQ^^@h6|--mCZb?*n?*nHoC
zpQrU24FAR4bKnE@ce;`A?rBv&5qtxE-y9GBhx$?s-$wJF1aEUel}`e{Q29@TKcL)F
z_yBz`m<4}I&u8$}TK9SIy_J6se_rD(gug5=;Mc2PErD;R^(x_QmBUK-LCW7cwqE}O
z^*yl_JX8)g{9p36@Le<?2fj|5YTdiS|EzuO!h33*?(i;pFAv^V@6{Xroc>Pd!#CA@
z`oY(HPT%+8qtpim!zZZEhww#O$C2>eHU9{HmhvADZ=?Cd@clH-B>2th8wvb8jXw>3
zr|K$&|3&LE3%;_Q`ak?q^@n-zPU=@V{1DB5A$(K4Zvnqp`7eRrZ+@qRchvf>gtu&8
z&EGn%UjI9(pR|JaS6$igiCXuz@N?C#9QX+J!>;hNbndwDOSE3y;ZIJj=I_DB>T`R;
zuh%~H;hT@H#_0z?QtJ}HV~sx;K3DSz;aBT@N5bz_y+!bGTHo>T1sXqwCwi|*@V{ss
z6Zq@u1JmHw>2p)~W`|Vy%z{r+4jFvB)^Q$upza$ve3b5!3*l3>e+&2^t;-Vlj;iw#
ze!J>(CH!jr{$};7*MEEMi&pTZ>SH$iYQ1k;_!n9)2i{%t><ZsTb?Cyc(|O$;-dXeX
z;QQ;G?G68%x&OdtDCd6g>8h&${($lv3?HEJL-=^D??|}GCxXw_e8$7?RSq%yebw_M
z`1e|`1iqJYo(8{J`!t1bW9lD%fX2z-%QT;P@F&!tbNCSLi-qvn%D;eHldJu>1b)Bv
zV+sFR^H~YML;Kx2zFz<9t*p-dR`4rzuG#RjHUGBoKPfi{e!2R2SNK-?To>MZO!dCq
z;jK>7{U83Ua_$X(Ty^Wi2di%T!6)l|19(TB%Y)(VG@lS2DW8$>3GxVjz493k57qZ#
zc%pG8!MiHY1b(Qge|V{WmBOcLU(AB<touv`pQrri!JpJTb9fuo^FsJTIv)#oAN9{A
zaPxc#|F`<jO86+{Y5iZl{xf}UEBJJcW5avue%KcNALZb{Z!z@`pRDu9h3~6%><*u)
z{p-R1rv1_zey={)hu@>m?FZkveYNib_>0PCFno&6!4Mv3y+*=cSAUD(q3)UE;cx46
zW4IY-68u$j|A#-U_nijst>0%-_yeZ?;R`kY48E84#XR_d=Kc@gL;YkS{0Kc?z|A;I
z;O28nxS8il_%k|BtrP0?ze;_e6?~Mr|HE6~Rn<vb_@1gC2R>Bw&=vl)sekzW>cidP
z2PiiW-b<g`8-9$|*N4BT9QwhZ)qW4)e?Fvo-@))f=J!wd3wp1S@R_Qs2!5HVfB22^
z82+-xnFN1B=UoDyt3Espey-Lfh5P#bVHUir&btggM9<HI_fl>-{3Gq_h480zpDEx+
zncqL*X8aOv=Ccxhn#QsE*XuvlxzGyUL3M7!uTpLfJW>uW{BNpH4?azw>%+I0tUe4M
zs6HRU&yYv(`Ksp_{+X#0_&K^4rSPxyd<K6^`!t7}zxx#MiOQ{nFI3;Q2GrLj(tK?A
zNvbOcZvM{V!pCVG5B_(piw_^CbqwLjmet><M#8-g`nwg}-MaGe@Jt@V{f^c13EUb`
z`LqU48+=xSXAM5D!Se=R*x*HjFKO_y!B;l8bz;3vOg^m|+-~r;4em5}*9LbRynBOt
z4c@!K{RZ#X;6Z~AZt$?dM>crW;Nu%SZtzJBo;3J0xUGGW!u=CFTEG9B1&`zzJQ-L$
zKM(GoTzL*RpSuulKDU5J8fQs^mvA%wO1PPiHLza)X8cz0RG(|Z%Tqf3kxyHAG^BC|
zZl3Sj;BJF=Z*Z@{dpEe>;QbmrXz;-e9>PujBjG0J2yUJq-{5hBPlBgItNasqA)f{h
z&#0bH;r3aT&w`uhvj(3BFEvgMH{&d9@S?$&G<ezID;wMj>h*8t)2hL3xciSPpSEx_
zj?>^>=^DqSYhAiGxYyvl;gQDo;bxxw8a#j(8fP%vj1xBaNVqku$}NKD^6_v}&oSKe
zu}N?<p9Jm=uReDg+&rJc|5yKT^L*Ce^Wguhf4CWEVS^V9zNEp+24C6W*54cIzrk(z
z|LPxZ-pgt5u5?rXbW{Hg?lpLC`2Xr3Zsysq!2|gJ>K|^#2^)MQ{D1u){=fbYH_ylL
z|J6U-++!2Cndh_yPaAwzgJ%ssufg*MU)bP9gD+|DvcXq2xOI|a{r=DVcaJ8YRt;`9
zc-sbd8oX<RyA9sG!Mz6W-Qa$M_iON=!3Q^Z*x(}@JZkXq4IVf6qy|smW?xK$n{`hc
zd{%>J4L+~I^9Eno;6;NkY4EbaS2nmcsG<HF+-~r;4em5}*9LbRynBOt4c@!K{RZ#X
z;6Z~AZt$?dM>crW;Nu%SZtzJBo;3Kh22UG&R)c2^KCi*^24C3VMT0MC@Up>IHn??i
zL;W|n-QaB-+-dNx4emC0_XhVGymy294c@Q8g9abm;9-N0Z1AYT$2WM~;FB6WY4B+c
zo;LWb2G1INUW4ZizOccI24B+PWrMG5aO;$Y`fqT%!P_>t)8Jhj+->mg4em8~?*{i9
zykCO{4L-QR!v-JO;8BB*Z}7OmCpCBiFZFkp6h7^Q7XR-S{Qv&{0}kK2Pxbes9Dbkv
zo>;*99$!6Q!Z-Ox<<_b7dOK-B^|>}Ye5G;+e#-jQI4=B{Db@2H{3y8(AE&>!2Ji{y
z@38Pk^!K$0K2QH0MGXH|IVbRYm2(RJNPp+e==ytB4j-w%Hx=-`^>@Y+{<+4tPOInd
znZHZIFVgr9{Dn`eoL%^9au2>he>e2ur|Q2W3g92;`4GNXe`k;2d+YC;G5liv9W#OV
z()*_Hv3lPOex~M`!@t$vF$?%i{k^Y*f4$E-zi%(g8tnY>f6VvI6ZGF{*zhM+Zw`E^
za&X~4X+9o&H~pR6hkto$HJ<=}=*nt+L-^;a!wCMM`aldHs{g(sfv?c~Q}_t|9X5mi
ztiSK)@KXQXLIIy`@`vB8zuQ_v>iLh*`r7ben!f`dDR<%DXn%R|@v1`~?knd2{+!l5
zgg^dGwJs6-JAG~pKThK(@VUw-g<qui%HVHlU+3`0O#g?^S3fM_3*^?&dj79!J~sSK
zxdUG$ci}H7HxIr__2$D*H2K4?)_R5T>*W#rN7Z2r|5cvA-&39`e9cbPe$3!w^xv7}
z@Wt0w^-#cX);vr2-s%I^>Gk|S(R^(9DayxzFIInc;hy@i2Vdjr>b-pU=tI<h;HCOf
z2=ArwBlx%Kt1-Nfo=@N(oBD^Jq&}R%uWDb-Gl%D@w*r2r$sfK{>t&r$&;JtTV8bty
zJMeGRhh2E4{@}sC)AK%jvi|#-0REHm4B_wSeIxh>+Sf5W*8CIrm8$0y{-Wle!9CS&
z4nIcgTfo0mJ(qCnvTDCrXV&vys(QBJOHBWP-=^GLc#GGo@jdvuomBtuUV5(p{<QjP
z2!BB5R|J1l9>Z;YZUXPG+*0@&`&RSJ;P;ME{lj0^dKK`}<PSeX{lq$}o_`<ZV8ee@
zA8_Cg>Hh4(TdB`@@IJcl`S4%O{Rcis`GoLkTK5S4xaJeX7i(W6@VAv)3O`2k%;4|q
z`5d0<a|`&j+FvF7N3DzXk9z*cnEc^G)DIo_a&!K|A5xuo@Rr(lK72#1R{;M(<A?B1
zl|uw?rMivbKQFBIV*>B5_f6r~wO9Samuekz_=Bp40{)ctV+o(5eQkyH{C_p)FTBNR
z)qEWI=E}{5|Exam!JpTBeE1;Kf8Z<hz9D==<s897)kzHhO6!%t+o&E=_~_BfAO4DR
z%i%AY`iF0(@k{tv-EXa7_56pL`iDQRdUoLbwNG96PkuFj5B`Sc@53+A`v&kq8b5@8
zXwF~wXYv@{VzKHUK5^G-o+*5Dt#1b3Lgz>hze)S0fPby|l<*ZgXRYD&{LfYW*zi>+
zsQ%$Y)t_B>Yjgg>C#xU&@Y^;20RE%-{Q*8y>k`2;)kzE=rn*YtXX_kH;Zw9O8T<};
z4j-oZ6!6<j|A+rq`_VePp8t!QzYT9~`VV}~cdNQ`;p@sh_$C_1hfmWy1GuemLip>N
zX9V9w>mI{LDdz;fMqkxGe9bj0&)^Sgo;iG^*0+GKRL&**hC{0Htr7M7?@=Av@K&0q
z1AkZj#D%}Ee(1q3Q=jqS9n>cS_|~1Od4}*`wJ#!gq?}{;FFMB)_*<H13b*<zfA~n%
zc@Dotc^2@g@)CZL#<9++=YOH;Kk&65tLof=w^zNn@afv89{fGMuMc0L?}GvS?J>$9
zUTEDT_+z?<#PFAO?kDi8bPlHQPFnX2K2GbK!ynVWDB$mF{v~{ja<=|i&%d4egAKn@
z&pYszsuLGJOy`0J|4sYRhkvSh2Jo?}lMueu)z!L0@OuxbJce(j^E81!t=v-hC#sVS
z9&7*R@GDLKhi{|$Ea7wXxz@S${I^pdu;HzBe{kTb`jrdcM9+Kh4b{hd_|vM}0RE+N
z2;tYN9wPXEROd1LTirtv_)qc_-cfa!!MiHY9KOo@{steZIxOKWhFAT>8d=YOSB-DO
zt?Sf(;1}uKap7a-9{eh~4{xdQ1NcJa8Nxd&p9tPw>mI{Ptz!b;QGF(budjZa!5`B8
z%Hcn1`~v=p>b!*CpnYVGs^@>5^0DdalMeh>eXa{%SN8`GzPYJ?_)P7i0RDygd<efq
z^N--RJ~xJ6tNxI{A6K3!Jd<beZM42QyhZ=2J`4Cd%PKG7JF9-I^XmDpabfkm4Zlh2
z;=p%MzjEQ*tKWL?89JAJ_{OTY0KTKf3E{1^e<S!7y06CYZklHT-%aDE@Y$+|48BbD
zki#dN{tw?m^-#jU(>T`Xdj6Z}y=?d#^=AkEv&M1ZlhvO+czccS!}nGW0o*hB!?#w>
z5xkY^Cx+i<>L1=leJ_PysJ@-SZ_|6_@I6$|1-y;!CnfxDjboi(&wp#Jmkpn*dT`(q
zbRTo!uj+XZ-d%O*!&_^g2Jp=^{}BGB#*g5;sh`L2y>zZ6@UH47DSSh%V+LQO&&}Z<
z>6|Ly_bcZTzP;{m)&=$a_tiSu@Xa+J2fmH!*@dq;qq+xr@Xs|*A3ja>8Nj=0{1Dzj
z=ST$KMC%yCztQI=@OJ8ZDg2FFsy>{-*VTLF@D8ez0{)#ow}iLWd0|~x&%cwYfA~bz
zxdY!@_2$CcD+dogW^%PIK73=%Cx9QQdI;e=X`T^$iuwKve^+@X@Y{8+rSL=bxf%Qs
z(|_O(n*I;(q&``~pEUjFqI&+@sjh7J9VUPH?#jW1cT`<@@LuZYKKx3pO8_sFTL|CB
z<PX0|_p}(kqjE^#x0&z1@RxMnW$;<LKjiRs=KcdeK=Ul&yJ}xsQ9b|OdftX#t9%^z
zcINvpd^4SE9(*rz{=#3>eJ_A_)IJK~KWkq{@EtUt7~V~uz;`wMAKuyA|KVSasrGLU
z-%<U%fahAr6261#+`71)|1{Nu4PSG3^|=oGNK^mt|7xBdypO4W_|(zW_yOEge+%Kq
zn)-+P>Kie9vg#*+udDY;;d^RbGWc%VM>+g8)lUJxPw!R2AC_B}IM(m~TK)0AmeoV|
z1RK6mc{=bXG>!{DX5T7L4{pz>+=n}+|HHefPD1#{?W=Jj_yDa-4DY3NOyK+LK9<6l
zX#5PmT%N<9QC}+HZ)sgh_;aTJU+VmkyvcvA#<Ag#>3nhEC!6|*zohX!co*gD!{0H#
z|G;lk-G=a<$}NKD`rH`4q3S$=-(${S_~xpU48DuzpTm#SzANCrscuX7be*Txzv}tF
zYVwDluACkCR+^_v*L~H4->p1-_=%c-08f=q2;W|x8^L#!$M6o<wfLjX68I_l+!TI>
zJcECzI?3TZ7Pt6g`~tqcawy?PsD7+5_57bzKe6HOsIDCNZYF<tf75^92Wg%@{AkT5
zfFGoO7{d2d9Y*jU)E{E_&N@#M_?xP?6y90qeg@xL@0-K-)4igAA1p87@2M|YW9#`p
ztv+MJ7ipdje4gq5@DH_K9^BLXeRv=B=K#Lj)m5Jl;k`6Y1V2IR7{fo)d=mH!^??-r
znYn+$*BM*QCx;)S`4{lRR6iyB3*D=&arOKMscvof-pav&@2<LX;oE7yd+<-R?mm2(
z<`cj-(EEn)2h_(R_}9uUhIcpjPk0}#V+tRl95VP!^}`&#gWk7*caxX!&2=7G<LmkF
zqdaZ+Y<;c+-%<U|g@3CYJop^#FCX4r^9<lU)MrBYms-aNKFfUnh3}?$Ch!N%_b+(&
zzUx@O|I6U}%X9c}osR|l8O^7Je{bslvU>h6=y@CdigI({p7w<cUuyaf{2+7xf&Zeu
z9l-mV{tsWR`A6`b)wg5#R_6W#@2Bxo`2N~28T==6{=y&Dek|a7o8KScqqJVu<@Nm6
z*sxl68y;#uI`DJlF8ndol?U&yKIy|F%_o5ORK11p*HkAF{229<7=F0U!2~|g<PYzq
zy2{{dZ&~G&!&@o00{)h%fA~o{r>raL`5&cu+VK6=9~^jpy{`)&qVYZWVW$4!>+8J&
z_!FwD5Pq2MQ4!ozy~Xf8$}@p)tj|s1XPf&ce0%Mq9KN^uTLIrg`>}+7ylb_N)|K`A
zSEz5;a8Khq@KSx)h4<3)9(<L?_u+lDE&=>$?V}JrNc$*)uXSs650ByFw7(Mgsiywn
zZ>Zm9@E`TQIlPa_AKp&uTf%#(POPiy`R}Opwc*zE>b)FzU)7-te^zzt!CxO;t-BAO
zr{@FsyUHPipQ+p;_^-+*hQFsikigf|dZqAws)r0dLZ6$%cT;W!`~cl&O89)euQj2b
z|K28lcyEp4z>inIa^a!rKk$w8zCQdD<rBc?n(x2x^VA<Acu)1o7`~3`CxQ1<{iN`V
zP5*(9m*?<7>ca)RMbE0<N_e2$tgGw!57fHb@T;_c9r$%}7v5Gmd+?4XfB37)Ie-sT
zJ|X-_)k6e7T75o-e`)F;zM;;|6h2yYp23Hz@8xjM)IWTV`ezA$MQ+9Q{Fmrlu;GQd
zf5P9;I4*pc=IOzE>R#u=-!%Edk5$eg{9S!+1n*<cU-(U?|HHq~d!_IJ`rHhDs_G$!
zpD8cki}YS4{1}}V);0C~mz(_Io2yP7_z}7vx^(pc4}Pxtk`G^|90K^&+V3I!WK;j}
zOH{WpyfpO>U!Xpm!Z#gT^^FYvfu7IdTPdFcevG;Q!~2{3|6R}jcGZauFH~<1e1z8B
zg>RsK>%j-<bA9+|jT69+(0&Qwoz=%8_|Ebe{=L>Wfq$X*O5vxeKWFew^<FvL(LJYt
zk5nHh;d^MF*0uHgx751Z@V9kuap22L|AGIYedNJcD+eF`y~YXP`!1{QT_OA|<rBf*
z*F0nRsXEsZcrW$s6u#Eos(<)JrvJl_R-F{^Pc@$sex~MQU02V4J$<eXzg~U7fe$s`
zzu+S@z6ZZVb?(DYS3e2hKdNtp@YPzc2>zAHAHG<9BY|J0`K0g*)h9Ff_Ubb^{6N)7
z0UxgSD&gmt`_IIB{-gA~4IieQ9r%CszApU2eXIKM;3t^#7d~3+6~JTV6T-);4kP$I
z>Yp*ZkLo;uAFXpLg{K-PgCDK)E{C75JPY^@ntutuO7pj_ujfBh{n>^OlRNN@v|n8K
zOwHeekI}mL@L$xg0{Ah?ErfU3vRdB=ezW#z48Kh0asnTtI#1#Kb#7+xU$q}|_)67b
z0sl>2!e=WV>xO#%S1KPHKGNh5KUDk9h3}$#Jot{<zdrmTjUT{2Hs8PCyJ?&Veu?%`
z48K$BlE4Qk=M=uD=AXe&xVl>R96nP0p@3he`IPWjZcVD^ADR9GU#kA;z^~Ija^Y8+
z@4xVSm4gpILHjy@_c!$qU)xpv!`C^#@)*9i)+>R}RUM}AwVtoe{S5ADoE*Ns=2O5g
zRbMLMC#erxH`en%N$YFFx7EGKfe+U6F1)S!k_R8FI``p2RfhrmTCHOUe^t3f@YW`O
zc#Bn4o(X)S>M(_0t3HsyhbXrkK3UHf@XJm9@NuehYjQn*U;V^}pJ0A}hQFyCT=+?<
zXAi!f>dJ>-qj?7KSbaN$-=_DC;48FGWB5a+|G+2db5r;b%|C-LQ9sP#y|gb1_zjwW
z3ExC@V%=2F{}!FsHhhBC%YkpCJYD#$dM^*&QTxJ&FE_tGz_--*oe<u-r}_{47QJr_
z@1cI4z_-=-DSQ)+pTV!v{>|aXscsASD%C>?Z*TISQqO-2<!Qq&()r@R2dO{1@QGS4
z4?azG>%;Fd^$*`i-xEXliF)4%evopG;alsy68JE4{=x@o{0tsyU*zy}<pq4C#xLPR
zm78^QJ^w}OCpNs3=I_AUt4>__6q7&v0Oje!r)u8?@IKntA^awD|A*f$kKsd=X9C|w
z^H1T{P1XL&;3ugM=kQSHLIK}Nxs~vL=-jk!spr4Dseky?*Y)=ocwzcKytU3d58hSp
z>%)IA{Re)G$sc~7<`cmm)c%U$`<VKN4>8}r;G1av8T?OUt98lY_iO(a@L%*^C47px
zf8JWp|6Hx34ZleH$bpZQyYRIKSL@}$$EuI{@czm<fM1~bgz)ytCxUMykKuzfegbc)
zI#1#EX+LK0JG8HJ_+;JF3ivSfnG*h(>cmRw`LD0sY<L^Z(}9Po9~b^F<>tYMsSo(@
z&N`O^_#LW~5Z=Y)58qhxkKx;#U)5~_cU8|Rd}qxkgAdg@=J2jM#|!vXs<)D^y0vbr
z=RaNRYr_vP{U5%W*2RVY^Xlq-J@|Cx>BBeH_m=>EuGTk%-==zt;18>AWB3>9lL>rR
zbN_*N)p}*{-pV1T>s%|~?NkpXe5UTh*6oh<`@dFy{I6y0p>?<6yQtnA_yx+@g<oOn
zAAX_o^x;S9y#n~YnokIyX7YzWqCOnMN2(7b@N={uQ~1;B4;g%!)-i{-Gv9yVf7bpg
z;fHNm)u(lb^GEU~{|EJ6HvBs6BL}{h>c@ruMW5@zFVsEFhaai>3E)qto<sOW$}@tG
z(fY>l89J{M_;tF^r|=otry1N)J?HSpO#g>}uk|Y7tL4_6_58=`y=?fuRnHE5j_SmP
zzasbGSDN~V&(?kn;A6C2A-u2ZCxZV=`!R;^YWhF?TJ_-+exUYU20zyHANaGXlL9_j
z<CpMR=KeFao_`l}{=#okojCB@G`<Tz#MD3hN>l&vJ=Na=_*|_^2p^yvBKQ?1fA}m@
z|L`|dCn<bC?duG_m)0?dKW*wCeysL&2_Lqh`p;eU{BKvzHoS-Oao~rlPF(miT3-)-
zkH+`m*J@n?xTC%r!YAwb2!68GC5F#YJ_-Cbjg!Jt%`<~Psq-a=cQO4R-r=Sy=Muh)
zp11C<=RZx~A8q)JrvJdNQonNHzShNq_fy~S;n!)L06x$3fA~$N|HJ2-`w#p<y;lMs
zsQIMu?UY*ve?{w<!(ULn74VU&^Af&5^R%Yb^S?;X+wj*kz61Za_PYyDv|b+kEsf*D
z*IH{G>-T>F{5?G%!td7j5&U+oOALR;^dI;D^@kLGkH*R1uc{yB@YA*L3i#pX{sVtO
z^Re!!=f9`+g$>_D=Yj+Ox6V@+zJuz=gTJBr@!`{Sjs);eO#bi(O#bkr^u95Ctm-O(
z_t5*M@aNQLGWhWtKZl=e?*H(sO#Q=m?OD~EHNBpHpz&?^vFaxde7M%#g%2?O2mY?f
zAAYL(Kmfl{`zwT>rg=v2Jyj<$yfFPA{-D-9g<q%KGWaOHZw{ZK@2v&=V4dS7{0q&;
zy0@PHnaaV2Kc;y)@cquO*3pGWnx_XJq49nAOr3WD{3hiP!e3H-M({_qFJky?ji118
z)c#H3kLkR~;BT7#13z3j7w~1uxrD#Fuj>E4dj7M_?+@@o&pYs&W+;F72RdIo`1hv%
z;isGLU+{y}A42$S%`<|pr*kBRKX3AfAEn$<_(8hwW$@9epB(<O#xLMss(+U7;d)=|
z{(An0>2q!P)2astp6Z-(;pZ=FVg3HkgU?lNKKx+qqX3?m{sUjE^^M?rsjtTH!!>>a
zzgy#{@JluS41T-zV-7!A{kDMT+NULan(n>U1IXW;zwjRB{Dm*lestlb*4=~8(K`C@
zqfGwrja1Je{8dx`@P4Z282+Z7PvD8^Kk$2$a|WNOdduM-D~AH!?WU?fl<>BCFYCd2
z{(VjT!(TD=4}V(cf(!4baXk2H(|_Q7weA5tRSqHiAk{+z|3ZB-hX2R(ANT{N{^4s~
zUhUruK1zKfhxb$c6!6Qnk4pI0nx~c4^PjEtwc)p`&pYsYO#g>3)cbnyMW+A2AJl#f
z;CHJ&L-;_|c?ADRpBuwd%`<^NCQso@RL>dwss2?x=kWEkUIl!)#wp=*RJYcQdj9*V
zf7<YCw2lruQa!lv$CRfBpQLeo_(1KK0RDsKAHoN!-Xi!o%_oMxqW4YUb5(CCe1+;W
zgTHNle}Lbr_bTAsP5*(vs?W6^s^|Zx_M;7dKy~QAm+BmJ;r-N4Jop=?|HIGHeLjGX
z(>*qXKd(BB;HPR`V)!cMnZP$v-KOxnlxGHi)AWD%1g(1k-{0g9Uu5!sxSs#kIu~sC
z$LbpnyshT%!h7m-J@}c*$A{mq_YL5uYF~u#PMT)~pQ-aAhR>EK@N=~8Df|n)Zw7xv
z^UUGzYhM)bgVj$;_#3AGJW|j9k}a$LX2Z|dJRSI{>ccL4C*|Y857&Hr_z0~_06#+O
z7{ZUzI1&6(%`=AosQXv~U#6T>_~$xDGWeN#-yHs~_H_ZDsC`kwU()`y9<Aq}%We1+
zjpM*qnEnHQ?RDM%;b*FzefY1+CxGv+bqwKiRnHOpW9{o0ezevxfj_NtDuutQ@iX`x
z${~lpqudJk-kN_2KTP*G>#=(NpK2f3a8Khn@DZl|;ZN&c;lWQ(4nF*etE+t%z~9n3
zhVVJcErNfqdXC`(bsi<~j_RK&ysz@f;JuVX4sS7_s<#4ulHRw3_cQs=tmprp-q(gd
zslMmHAJw_+!aM7|JowIXAO4lrJ%F!Po+12H<r%^E(D*U@U333|4^$2*{3*Rx27gXD
z<nSfhcLn_PyY>AG{*C&ZHLITgX!T(m{-O4l1OG(p<-+Hf`iD=~{`KLbr&sk8z(<(#
z7k-K68Nsa{)%(WqLj5^`FIR3U{7b!82ERn}%;7I-T?+Uw=Kc?#pnIM5IP%x~+VHhz
zR{1#a%eJiE*M$$)x_j_Kb?C!C)A|PRQaOb1mdZJTzoNbr(^U@%{4(X4!ee;`Uwd%%
zzBxQM`NM~p{sUi6d0J1@^M6D0wBcVUHwPY@{NXof{vLdl&TAjOzTPW<pQ%0*!r#?A
zBlxN6Co%kMt#1M^G)@ZN_wuUVGWhYjcjfRls)qu8gYqfi-)cVAllA=H(K_1jA617A
z{1%fxypPT)4?a=*&WDfEehJ|J)wvMDN0|N(zueqE;a`~k17E4}Q}|}eGlO5E{*c34
zoAVbw!`wgNKbY@dPu25(R`(DaK2PqzL+vjYzOm}rgMX;?_2IE{3*a4;LkMrD@gunP
zSyi_&{05Dmz%M($>L)4uGtD!Dx77GKyp6noZ=^m`!k4KYtf%Yw|7Px=@XNIB4*ZS2
z>i_VsHGdC2U+d_@zfd0t;Kyhmh45IpMey&;?{Dz_8Yh8|);>z%3pCFR9-I1ypQ*lA
zz<*Jlm++s>{bzPP|4p=yZ1`qcUkASS*~%Y&uJ(loe^=|}!`rG(0{A*-SM?miFERZG
zzO}}Q;RmXpC-CQW&rIR#>%B7gGSx{AzeVR=0guf66YgmLTF=z;zd?0n!#7Y44*X?v
z|A%){4jz1v>d=R8r#=(Fzt=tu;UiRU5qzr7qZodn>LGy-)qGO;Ey^K-Ptp06!^bJ-
z0)DglUJ3t?a<j5}{vVkB51*>_b>Qu_UtIVy-IqN0p{he4zUD<$od@v6nokJ7RCz}5
z`%M1uVW$7U@6&sw@L4)HGx(;e!yNvwseiby_buT+^{@Jd^=v)=b(Mn+|6cpffj^^p
zy6`779}m9N^ndth)pGzZ)UQJL#_A6d{9BznG5k2?kiaLXZd3R~c?RFo<PYD*+<)M2
zZn%#1`@a%?iQd<G&iVcS^Z)+)|0()h8~(lO*?~{hK6T-jt3EyWPv-sue^%=iz#mpU
zhwz|h^<EKtp2mscBTfCoSEwFR_+`o`gP*8%%;BrmCkyx;>Q^Pai|PN**YjVibM;;}
zd|T81;Xi9%xbU4!|A$|ubJK@kqxA~lv7Qg%f6{y+_(jS&hJT@bl)&#)e@@}2X?-(z
z2Xp^~-(mVc{MXm3zFNX<^%-kUJ^y<(9~-`fo_F9o=-hPSTkClbzEJ0m5AUk|8^Cu_
zorLh|dfy1X=0jEe#PIc0R|$MO<(a}eY5o~}SIskrpQZIG;2-IIOZX1@Tx)JU|90xD
zHvC@o83(?`fa-l+_`1r$gLl*C`fywM1n@27A-t77H-hh}^@`!AnEns%rus?Y)73XJ
z_zmX%4}VDc6z~l-&l0{$eb0KKp8v0M8$MS1+JP_AzINfU`lkoCwJtt<lIcJ2?#d^G
z@1**S;Abf37`}E~)ky+hr1LR_ud%#^_4~gJ{<-Qohwra>7VyWlE+u?-^=IqFdj8*N
zd>g*I=|Aur)Sq4W3%6GD_u#Jjwh!OS^dI<qou?uEY~>umXQ(g5@Xb|+34A|&ZVJD_
zoWJm`G)@lxSnF88Z_zj<{9t{qHLsrkYTa{ecu%db1Mi{z?!ve3yw30CV|nn0##Zjb
zmuUV0d>^fQ2yZdJTHgr%XRU7xpQUw4;E!uQDSUh7oWZYBAIRbRsGbY>YpTN%eyjGo
z^-?|mPRh-OKcRb|1JAU-T=-v<g9pFG+<)K;RObP_mHI#ke@pKb!FSU9WB4;BfA}rx
z=PCRk)l~+6RypMGBTWB+w^p5$@D24|*30$$Q=L0D`~a=51J6`HE__GTj|czG+<)L}
zEvo7{fN!DmB7{#>ZV~)0)m04tK<k^pztj1Z!n^C9kij=mo;iFy&A))pH1~h_IX$aB
zV7*e$|7fkF4R5c{b>Q!*4qf<i^%D>Nv)<Q-AENydz+cq*hVb(>{|LUh>MDk>c~tej
z3H*MoR|<E`?{Dy_>gPH9I`yRjzLD0Ygdd>3YQ0*||2&;*Hhf*p-+|wx&voH{HT?%Z
zPy5%0w>9+-|5^JbgkNaRU-+e3ml)nfc_#4rnokOUQGGRo@1k*X_%^D~0=|3aYTZlt
zC#qZPwR-+*POSQX4PUJN>%d=7Uv=TH$vyZ9+Fw3=sm2fB>uNqB{B`9M!S7Rj#_+AQ
zFB16c+FvRBaNSQbct_Pq4u3@ZsDSTd@`wMR{$Rac&;LI4RU1A-@8!TxQl2intLnjn
zZ>Jo5cyH~;0KUKaa0u_L93uFU8YhO&Rv%8_Q*|Fm;cuJzhaaYMIfoys&n@74YQL25
zS<2IzU(f$b?F$>egK~4=J(Z6OAE5bo@E)3v4<Dm`62KRzKZNj7^Nir@>w8uV?`G;B
z{;;|K!26o}4}4>dpToOr`~tqU?hhsWcJ*y5ujjwN#<AfCXdgLnTjzoce@5%;!FQQo
z^*0}Wveqkr-=lek@b^vsfv0*thR>8I@V}~lQuyhbPX@Qu4|Di%Jzu~-Q2mtfEtH$}
zpL+h6_pHtf8~%&>l>=X_@m=^8s%H<rwq1?y!)Gg>0KSLTD})bG-;3b=RJSpFpge)M
zQ$45fEtGQx|C`n;hyPpeTflp&o=f-<a_fzH{{N@(ZTO8E-+>>fe&WJAY2SJ9H+A0m
z@KL7z;d9luL-^LpCxTz2`ibF*=AXdd)IA}EcQX0I7wP#NzG8Z{uM2o@eQzq^tMt6}
zW<CF{wJ&V=k>>js{7IerE__FmKYWqNAO5NONdTXuJVSWz&ecAO;E~obh99kZOW>jQ
zQ3_wGeVxHODW4qvs_LYG->r2o;a}-}t+(p=pR4)U@MBH>@Hh3jE_{*PgYTyA#XkI0
z^@jj{tH~e!xcUAI-&g%AhCg8HAAX-(tz!ybUwtxzAE@zj_@f%XfFG$kDdFQ(C)V5b
z{8wn*ZTJi3{t16g?!pgMU-IA|YybN2r!@ZnUaC$)_+46;2)?)0H-`JV&nNJWm2(O|
z)7*dH$0*MnKEa&7@SU_@O1PtQ$68R&|2WOlhCi%2ap1eD&$#e*dM^)tqQ>{(JE`9W
z@aMHIA>32W5qx)z6T>Gep9H?MzDK0+F3Kl^@2&UE;kzs60=`7`R>J?L-v_LB>iPel
z+=gGMzU06&^#K>|X`UYZWRpMqE$yQK-b*=$@F!Fc5&Q)8`53;B)+K@Ot=v-hNg5}E
zpRW1m@Q=q<eXO9X50`N3-s-%z7S{70pgwQI$C&)#Ej5k{zf#Y8@E>p0{U83K)-iy4
z$|r=k(dS0+CCVX&|EkYT;0I`3Qh0B92H(T{{s4bZ^;5u?nEc_(wJ)r9>-nE-@`t~q
zKH$Jds871^Lv>Dh@IL1Jh5x8NAHa_>^$*`#{Vjs`(!Pu7TE_(bckTBSzFfIw@Yhu*
zIed=3zZCHPntutuR`qEus^{Nd=Zg*hLGy9oN2*R-_^-;-gP*ST_2JK|p9JvX+V3HJ
zp6NgE&9pCK_%E7&0w1pVq;OyLlfiS<VGduVdrJZTMEjzI57N3=@742vN8{V@`+HXX
z&4K^j{Qd)fPTvbW_)t^-@X_Y}3Gbvj58)k5|A7xu{lxH>G@k@MO!G<MYtO0rWCkB>
zzW>5oT%i6BAFTaV!doQj|L@oHKThjz!`Ih*9Qbyo|HF^fzVP5XDNi51OI*!AfDh0(
zA^Z{5Lj)gc@`vxP&rRT8sy<V=ulsWb-$C!2!%Nfu;rr-wOL#YpV|`H1{~zY}2lz<U
zi39&ppX<U~s~$Y~KU5Dsd}FO|0RL6vhwy)DoCrQj{VImPt-hVWPgK37@L^iV4E~Dx
zd=7uZ^nduiI<HIkfpY7^dj6AjF4*u*l&1r~KsmVZ-1HxKcdfe*AF1~Z;LFEW`yzz@
z%j6GlF{IkpG5iwsw*<bw=99wbyVd7r@B>uOIs6CRX9{?4Q~&T^%>C!1dj5TMPq5+b
zP5$s9%d7Ww;m4WpzwpbHgAae#{Qe1Fdz$ix#~LSsUu60ZytURPfo~#D;ZyW|ErXBJ
zd7Z=ejH`JT@OM;)CHx}w6RW7_f19a)`1{(w4*Wxn@4|bkt~~h3>gPWEba?>pq4x^m
zq1HWu57#&`e5}?bf#0E=Q+R8gj~RR$)nN`lQT0~957PWg_*j$w$MyWDnf&25sNNj-
zEpiwBpvLjwo9MlK_;lqEz^~FgLwI|Q6Ty$s{*B>Xm0JSusBu#G3{(H`AJh+Xc%*Zu
zfS;>6Dd9($^Y;_S`u$(4KmOOU4%2$s@KdzD4!n=P@3`;_^tm4VL)~wE_|ckA0KZh@
zgz!(bA0zlNnokUWvS-yF68PmBKZTD|o*Dcr^Zg6n*YqEFf6b?akJ3K1K6U;`-sFGE
z{HmYZ@T;_c9r%%U^<FN#P(SzJSD5<`{4=df0KdlM4?k4*hY0?d_FW8LU*|{yKSOnu
z!Xx$h4F0wG{skYToD2AM+P@`ySM5h@aXtStO#bk1^|=mwW4)IP|F7!AgP*POefW9u
z0RFV{4B_LHPXzx==TQv*TAsio)nN*sW%>{NpXU1)e4NH9;8WF~OZYG9W7cQ&{J&7$
z+VF2Re+Pb(*4KrfZSFtti%tIUwZ~QaD1fih=Z5gx^|=vzsOdj&U;8D2pJ(bHzP{#@
z!L2FPJahO0xAFpRb*Q|A_dlv~>+^d4Ej7LkUuo_?@C(fE5AX@92M_))J@3PxQ-2QN
zgEY?&euc(~;CpFb$M6$$z9jJL)K^pZ#afpPzOmLNhfgr)FT9<eFX0nS|No+%zoX}E
z__6Bq4t%KcapCRseb$4&q?~>Dzm;b|*Le}b+o|tG@F{w)7=E0ofB231+!Q`Q@0-Cp
z>%Nr3yNp}M`u$%4&-K0~eA4n3e>`t3asK$f=KQ@$^<cxts~#NqGW9DLzK-^t2Y<)p
z55G}42k;HFA4B*pntuczrh16sCo9hcKJ1|?w-i3X)IU7Ydgbu;`W{!nuhTdse1gs|
z>&trn_o%Ph@QK=A4*VqTYZv~TIe+0hoBKa}ou8_D2;h$DJcRFI?*H%)wZ1X@GkF3Z
zsr5?X_vzfs;1A1lxTF1Ez(3HrP{M!Gea8B#p8qb|M>c$ja(3X)=$_!hH!$@NKT&<a
zhxd!CIt<`zTv4q{2v5xKKk$jFs~CQ_o=@QW>AXnc|J1(7;QN~X1K(8pw1Cg)QN33Q
zU#xYpme%usMbF#tE~-NZK1J{A!b7c>2T!%XeE1#e+X39sz7FAcoAVd`g6biLpR4&K
z@Gh#`6h2e)%;2wS{2czZ_E!PlK>NCcf3Lo6eO=FgyzYlK{37jB2fnBFiwoaU_29v8
zQa|+J2db_Dco&mDe5vXuf*-1JV)*Tyt2#{JSL=OK_#3Lj41S9CZw}wZ^dI;X_3aYg
zO8eUSrk?*Ds%INMQ2oJypP~7<@PoClJ^0~rAHIun4&e7Fw-A1+<`cp9)HpHR*SaL|
z4V6O*e?a{zgZEIq<?wg4UIlz}jbFlhXr9)xdj5NA9c}m%I(HoSSnUfJK3(hR!B=bF
z`S7hY&j7xiJcO?>^$#zULkwSQZPh<~hUS^VFEITdK1<K%@bxr)0pCS^yM$k_eP=DN
z=fA1?l?_i-hYtL7yLvAdevsDJgP*Pa;={L9zY5?N-mCK$evs-gf{)SjF?`bw${#*k
zeLjT`*L!8~o0VG*e^mRWfFGuLmhkhGgH_h^pR4)U@Euf#4tz_!mrK_=dhpv#|A)V&
zb1i`1q5c`dM=75OzQ~-v@MpDu6ZoF0&lG-@_H_oIu6sfbpQ-vR;8T}Z^;5zh(EY*s
zZ$1Ar<El<<_?4<F2fmT^oeRHK&wKFMnx_wMt8oJOtEz_({;0YCz_(RB#PBbAsQ%%p
z@=W28sekxW=KB}?I;~d$@2K}G;nP)D){1)mla-qd@1Z(z;4?Ii3%^P8@!)?_K0f>?
zoy!5dv*sVdyJ<g0@QbytWB5Uue**v0lxkg4_)M)!2H#fuI)^{6bt&MpHBJdX%$&d9
z*7Ltd{lSKh*Lyke+m*8me^Yhq!CjL-{4nJcz?Z3RL-;-V+z38b?;FEi<($BM<&eTh
zs1IcDtCd3z|F&nfjs<*`TX_lpNzYr~)${MG^TLK7uljW0uj+kW_+0fF4?a%&+J}Fy
zoCEluwO%27C+&*}9%!C1{66*J1b&?Er71ks`eyJu%=rsXRksCvro4nt*ErVq_55E|
zZZ^ET_PYbWP5sJ+pQ!ip;C)r+KKw5lKY*_`^$(w*b&TM%^}aFu&!+z2f6@A;@Hdr1
z20u;fo5N=)&jQ{<_xTe3vF-`h5B2=}nfiy%R6RKGd4sF{<-*_8zVP7vO#bj$ntuR)
zM)&OyzDWHog8xN1$MA=jSND(vK3ngV!vFP9^<EkLV|{K8|C7#z0)C3>u!K)j-C94^
z^Pj8v*zn!8-yQf1%EyK8qvt*NA*yp9zC`a8z~^gyL-<5f|8Q41#PESy_XPe|%_oJ=
z)jrDLYxJttC5IoZeN?~)n)^TedYvQI%6k5%YMwUy&w4Kh{-D;;g+Hb5BOd&3CV%)M
z?e_rwu{?zTpT>#cXQ<v{_;EUC6ZjI1pTZAP-^k!+DxVyFqQ)=aRyUo$@X>MQ)~b5`
z%T$Lp{593N1OHynyYN}MmwNCe>U%zXt^KO`1n~9bA^b6|djx;g^ndt%s-Fb@g!)nn
z|GU;VgSS+kIs9OaU%(GD{U5$a{n`4dp8w6-7dE_&KG%V_(tdQ|r>Gu0`19HqKKyX)
z-vEBr1=YHQ@Hdrn1m8&O6~nJkKTqJVn*I+z&EyY1Tl*`ApQYyu_=d`-g!k3DSU=bE
zKS$%(@WW02f#0e1a^VM<{tsVn>Yr}<5Bv<RV+cP=^NHY7bS}j3^YvZ{{8D)ee^&b<
zgP)^%$l-0Z?gf02>ZF9<rg>Vc>-qnn9BlZhI!7FMKdqw+zeN4bgO5=E^x>B)hXCGD
z?-j!D*8C&*W%}G0ey{2zfp^yUDg5bstNT(0KU?*X!_U{c6!15-ze@NI=KlFhJ^#(r
zXKeU++IJ3obJKs|$E!X)_<5SY4}ZqoKjFQ#k3#sr)lVY$$L9Mle4yr&z~?CE6#k6P
zuMGZ{`TZIGi}Ebsi%kCTkLA{{_55E@4mSK_?IQ<%vGR1`9kh-f{1v^g4}U`*zz1r7
zh43S_E)o0%<rc%Y(|i*6JahiSmuMX``04@Gd6dJ?)4nd?N9kNE;b*F!SijZtzu4SA
z;j#9$13y+dxbU^3YX5rh@uvRaFY8<m;KytJA^d8M6Tz35`wx68?b8Il)`?Y~Df|KT
zw+udC>y^WAP(B5Gfu1kn@2cJ`Ya8qLf35!bU&|VA@`tadc{=by<GApL)Neib#p+`|
ze8FJdKjAy5ZbSI>CV%(`8YhPTqH`^Qk5C<^@a3ld;r~&c<nU9qPYd|^s>2dKKy_=a
zQO|#|=5NDa)4q1#qcwjQzOku)_|;lpAO5)3D}cYO-*rRyc&%duzgix{m#E(+@Jn@W
zrtn)-&l&s+)msj~Uhh@F-_v<f!q@In)tj|uJ^$BC|A#Nr=Q{9Axw-HcP5r~$X<dBy
z&bo&L@WAvR`1hJm1pklLD~4a9I!WLknEnsHUh9~_7n}YAzgf>0@V8XACHzi3Z>?3&
z|1Fb0e0{B#1HV!C5Ep*3_Lm1gUGBpZjT6ATnf?RcSo4YC3r+s;Yp&4mZ}3U-6uwY>
zCW9|kf5_ptYMcW8p2;76x8B!UyPp4<>SH#1syTn*%eAjv_+6Th2j9L|weNiR2z_n<
zKlP_7w-Ek-<{!bo*L-65<?1sD{ATry6#kLcF@xW$y3OI&X#4_xnf6@?KU42zwW#O6
zk<M8gzEu0pfq$-fy6_Pi--91AMft<u)4mJfPNe+dpQx@Py83Mlzf(CU@X?xQ3Lmb0
zn!#7!Tg@kjch^2G;7d&X!&hh@S?kpEU!k0B_#>(}2i{ie<-*&kKX~vbHI5IzS@)R$
z{+yl<;rr`-BlvyVr!jn$-YcOihZO#S=|Ax4TE`szrPjTG|5f!?!hbNozqPFAzg+ic
z8$L?);K08z^$-6<_3Xj#S6}ksr|Fyx;IZ~^2!BX@AcEhib&TOVs_!N6Qn{t@J#-()
z;N3J%4)3TsEZ~#Wmr8gi?Q5%5J^vpy9~=HRt)l}Ut-kHT?^O;S+$yX6>%(tQ&H;R}
z>M(>al}GSL?W(`U@ENB6z<*I4rf{cAHBJWKNx9|lweG9ltAO8X@`vA|_qEoo=fC##
z)i^f%A?4}7Us8W?;mg(cJa}&U5ByiHdjP*n^AF+ssy-w5>Z6oDd_Copz#mq>O5u^|
z|M0c`R*j#-FEQW0;Qwd(54^MXi?v=o|4Vcp+3=@SR}Or4)q@LPq5AaT>uLTzd?V!(
zz`LjpL-<+hR}uX0dfyn{Q|CnjAE%sC_&FLsgHKi6=J4*ls&y&gv$XF@_<^b)YyEou
zM`)flyv3|)UpVkXHI574S?lY;_mKPW`&H)w{4&);2!CGn5W(+LJ~4bB)ky-khE%zw
z@Kxsgg&(baa=0}@{Ri$VpA!Cz*2QXF&;JMY4IAE4ecOTmtmj?$Bg)f*AD|q3_%5pR
z0RDsS10nonlRvz*>Li9wP@O06jkF(A_@0_i27f%Ma?ateFH-*S!KVMfW7U<lK|TNT
zweM{BKQxX5Uti~i3%^YL(1UMa&R_TwrvBlZD9;dnspc8Mztp`ehPPGD3H$`ra|*v)
z<7e=RTE`sTL+e$*pVfPn@M|=_)ux{R!`i<#{6LNGz&BN%F1)S!xd(5led@!1QJn|y
zw^dgme9aT9dW+!gHJ=#%gwELnK1n&G@bAp`UwCir-yD9Vynr7oFX1O?-K`Dl`DfZ+
zHvApkTO9bl>gO(e?GaU9_2BbV4?cW=<{7|W)O<qt$$CD5|8q+9xiS28jg!Ftqdu0x
zZ%}{8;0Nk`bND0X_aFG%`rH!!xbBmdUC)1t_LmKRUv=of4>kG2JDU23Z>)ah!!J;7
z0sLpxVF*7|`!Rwax1aKdf2jIN;O#V@6ke*2W$<mZzjFAA`rHD3tM*q3U#NArHmc`;
zy6Vb?JDR5hzeDTg!r#}rd+_<D{^9GYp9Ju`H2)AD>wJmeL$t4BxUcm};Gbz-Qux1A
z4;lPZ)nN|rsPm<OpQ3ds;a!xcwQ)WFuQeYVZYv)LzJIT(-dy+<n!g7Rm5&eK!sHL{
ztoI7xx2Qiv@ad|D82-e#YMu#vYkh7CUtj$*gD)}p!@Fu<6!4zPr-Tnvom-pK^Y5hj
z*zl=(UkCnz?y)X>hH~)WZFQgV;VpF!58(Hk`iE!gpAq~?_2C#kQtz9<|E)Sn;cYaZ
z41S#UQ4Zf!&lm7Ex^I;56E%*tX+3{m{oIB>tNVikzfbGp!jI6pd+_C|A0NJp_G18l
zc3f4rA$(6gAHg5id}8?N>H`UUW7T;IU-R?oewD#{=yP-UaMS<c$0^Se{;B%2wOKv?
zk902B@S~Nd1OHLylnZ}CIe74S%F~ChtM?7yC+KrS_|ED}5&T(`Km1qCGl6euzW>5+
z(D{<VKUY3E{0G%l0pC{Rm+%|4@2t)1`L|O&*zlc9|A(KXd|ddS^tm2<Gjsok?{4}(
z{9K(EA>7t_Meq(9KZc*uMg1SX!koYGdD`z8{6ftqhtJpZ1$>k_f8md)uUcEw^Z!Nb
zXv62Jt{nJ5+K(>$HJu9{{4hQ5!`FVV+V26pv+l7We0@D1!EaIB#_%!9ErFk?{*c0V
z)p?r1x6r!h@H4c&1$>sy!4kfm>cnbW&%dwovEiA{H3z<z=IO#WRz4p5Nv*pNe@62R
z;AiW-LiktepAmeB_G1ixQS(pW3sko$yrb?38GLJ#Kl}qz|L{{x|A$|xda&Bn^Z&-K
z_NfiuPdPjA*Y#d5e7^RJ2j541#)ltZ`VagJ%|C>P$~l6+sC!WizsQ`w@C$V>O5x{f
z{0x4fJcm!!zANBwnctt`-zjISeLesGs;+GK!6twBbE;<-p6Gn>;P+{sKKyPyAHd(!
z{6qKxt#1S$tDIx_3))`^{1c6z!pCS`GWeHzK8L@g918f(>YpWi!39;FTU*xie_i!s
z!{3%W@N2b?T=*X5_XqfSU8>LZ;SXzF0(gtOIu}B?tMfgAcQ(I2!_U?}O5mN;Pg3~d
zs<#Z@Tl+MJKcM<4;EwJyCHw=`kJX``|4y2Z4S(D8fB3%2*@a)MoIUtes!t!Dt9}Cb
zQOY5Nx7NBu@P0bKV)$acZvx+0>y^Ua*ZXGh1NFW+e0Swm!1vJjC48yLf2(@_hiZHq
z?#mtcCd$EuAE)O%_zvd&3I9=jFMvOxeG$S}>E0N@7wa61;ayaR3H(vjZ3-W#b<E)1
zH2)mlUO5!-?s~q2Kc&yLwyx*Dm-e*{FV*)P_#XNm<ihurd+<+HS3Z3HxT-G&@YmG0
zL->K_`xktS&c_&jojHHuziQo6_+<6f4E~PxX%4?h;}`IKv@c5dTY4|6V?F-^O#gwe
z(0*~??`a$t{=Uu&559})(1$No-3IUzwU0u0Z_P7;pQk<_!}n8NCGZxvRp(0zKVE$=
zgSXSYI*0G6_bT8&>z-4>*W5_wuT#(eRCE7_udC-B_%^2hz)vy#2Y#FC%7=fVbqwIP
zJ~xCvul*ar7ib^F@FR6@Ch!mRd<tJI&){b&pB#Rr?n?#yQ0>za-c`9-+tl+vL%G@T
z5&B#Qeyu*&g@2_!<H1*`&VBe~jT6AHR6hyfTWDP(_}20m-btRoedUwF|7*@)_^!$=
zhwr5E3;1n%uM+;H=|9`n^WR<L*zkSi4*XN~85jP6?zbMi)aUx}Ri^*Im#Pj!__3z{
z!>4tt_H_(D*z_OxwOZd4zOVWI3%^+XEr%bg{Z+sZ*XNe-0earruAcw+F4g>Px<1!|
zAE<e{@Id|3gFmQzeE16G9Ka9N_#ym5or4j4vDQ6?@2`7E0=KTI-ZzE&CV%+Z>JK@*
zwa$?OK3VHq!e2J`pY7}Ux72)W_>Zbv2fj+Vx$wu7vj_i=KG%m|t#uFJE7b==_yHSL
zxkd2b^n48OY4V4UR$ooww<)&_?wIoz-bT3<@Xh2Ue5vZh>Qv9)8n60?pQm+q;74hH
zx$w_apB{Xg-phv%P(KOa7wdCFcuUPQf*-58jp0X_{NYFH9+kp>)O|aHKdbK}IedUV
zw}7v6Wp%$Q;T^OtR_A*D+sSSC(VD*l-$Bp2@NRMse!K3;KKwzgO8~!GeJ_L`Ywn-$
zU$swTy7Elm<F&pi{A<-u20vLj=kVSeRdrjyztuP;d=vF6t4lrq)6}<Z`04sw2mX`B
zci~5BJ|6sPy{`{HLF*g9TijE<R|s#f`A6{KrvBjzr&Qx4@D=I<DSUv|H-kT>I?3Uq
zO#Q?6(tW9fTMt+BvAWjtzh3#+@SEih{Cd@=3qQ-8zwoC`|A8N?^$OtoY5pO6gDb0j
z9l=+b^A~=w#!29J>b+9<$tHjJJkx*R_h?@i@RQY7OS-xL{HdP*>3ZIVUt;e6@Zoyi
zg@2@a^Wc|h93S3N^$@@#)l~@J#?(JNRSq${MGMtGysO4Z;a}-qoxyk2^Evz+)ms7I
zOV5|^)3v_V4)y%^)%R!{K0x*9z_0I8y_XB`V*dUGAFj{!;jPtY0{H2wlMud(#*g5~
z>pl>}TbumhYiw1`KZT#9ewe|Z?p8gY!{=yU7x4W|{_r6h-`cUB|KZxFHvAQh@4)A1
zJ}x}e_#XVfsw*EpQ*|4_W9^p^K3mU6@KM^2G5iLNlfd85d!_JErvJd_oBjj0F09t2
zfbXd~Dd7t=j<r)g|CSoZhQFem9r(doUl%@Hb?d=b>32LI9x1l~e!li~2)|Sw!P{v5
zG5kRD`!oDr)BoX{Xuo9eLp4qgw|=h9qXIt7{QdwRW%~cl_56Eiy=?dgS}zB_()|7a
zKiAYhyp8VdK73Q1rvdyojUU3_P(4KOcjYnsX5AAK_$KOmDf~`7pTQ&TiyVHl`fve1
zd82Ayl<-3Hw05cI|GCah8~(28Kk)Xd6Bizt`iEbxy7l3=s6PbogH#V8yp{TP1aG5r
zJcfUv_f6mrsy<WrW~!46{*d-d4j-rYE#TMaeM|W1S{G~Adj8|IzBYW4#&O_Vs%~BQ
zaE<T5Cup8Ne6jXd0KZkA8^YHas{1E=nR1TdfzIUw{=J@0;T=r=@Wajh2Y!^ifFEZ1
zKYX0}t>xD9-%xdB!?#hLJMhi*ybE8g_wwLd>3JW1mvRo^6I2f&e0x*>@QGUA7~Woe
zCV@}X_$mAw^??k&oz^9XU#Natz>hcgA9(j`s=j1(tLMMJ+=frlJRSH1t)mP7&fNdu
zQ_cM!-csjR0N+9H8^XuwdqD($O#LK=->Lqbz?W*@rSKiKz8QS(e!73c?^pd4@G)AK
z628LRe|D?qznS`{4WFo-9r!AZ<HGM#&K`V<=|6OhAHW~hI3fHIy>A46QXa!!Rc;A<
zH|3ndH`6^TgI}pUb9hhHZ2{j~<CpNh>Pyz{_59nY4sG~p>YomLg6hzPKVkBRZ=*io
z!~1DI0sIcFR|x-E`zwM!ZR#I>mg)cSuIj5PUGvP~yXyHI{-)NqfbXhtO88!KYma*V
z6P2e8pRODn_#C~j3%^74?7<glo<6*r`b+?yVt#*sU#mKd;4@7Bhx_LK51+1irtoJ~
zKN);4lRx|jQ~&Uz<t6-a-J`5M>-le>dxZ^uPW#${d)i+vd{d3%!3V0&efWNQuK-@?
z-W$RX*7Fg3veqSr-)rvw@L5`~6#k4ngMXp<<nZpQp8~$-&AR`?dnq?-uX_I0-0EIu
z!#g}&jpM-g*XO$Mo^lU<jOx&bpP)Jk;C(dD5Z+SrjNpfBU1E3#_45S&kk%!IXR6N(
z-rs!xh2Nq3NdezZxs~u&)Hkd@*YkfvZo}V|JMhOfe-}P#qiVf8c%gB8_{aNI&j;{3
zO#gwOqkbO2ztH$G{3NY!0^dRTr0{vB|G=kfJ~{jzlRtbrt$PV?rF~&_ujhY+>ehzu
zr}M&rXC{C6`O3$G->Z9|51*kv9KesttNj?l*V?UGuL!=LJcd7H?w{~B+D9qe);Jk_
zGu=;e_!8Am0Y6Inv4r2IK56Y;&%c}M!G<5Lb#dU+G>!|u)Z`C;QTy75&rn?j@MWg|
z!%xtBBKQ_2fB5mrA%PE4KS|-K>N$g-q|eRaTkCTR__q3epo9<6ezf+f=O5_%nhoDl
z=cxnVR_?-=sUAG|EY-OWe^Bcfz`Ls+Liqmj2!4vr_ZU9Z+<)L3st=^_&9pBv_<Z%H
z93E(W3wWrUOZXX@r?qcA{|@H-g&(gz;K0w-_%6JI_NfPdLH7zD{*vxj0sL|GjS&95
z);FSSzr^qz)Q1!JFjN2VXrrpXW$*<ifB3=b&jtK6^ZNt*Y?FVFdj6T-*M?uNe&WD;
zst#TFX{rYg{;2BQhaa<*&R=*p<rczotyctpQRh(%zfg6O!29cSQ~2S^GlRdVd~*19
zs<#5ZT6I#wU(-0&e)arUtA1?wEcIsxK2r7L!vCbc=fPiBK0f>%Q~&VSbzX$<LCP(H
zk5k>o@QY0Ufj^`7O5xj?{sRxx2Xc5P)BoW!b&izqAv#B_ztr=8O7;2wacQ67*G%XC
z_lM|&(K{2p8@)ssiE`<qN6lza!;ol+GNNBfwiY!EqDC2smS{U#2!2M1UN%vKm>>kf
z|G4k{UJvG-2YK*1=2)}lv(9y{wZE5G{tEjpk#9+zr1JY2CzCJEcjfYj!ucz|oB5aW
zzcGF#KY=<Q$Wz{1%m2>$HuBkiOaGCd$U3(2r9%GlRd{bFKb3h#YxnbCmHi&e*J7MR
z{tWvll|MjknS5XBHkY5pd<yw@CX90^<rnaLC9gyN@?X$zYxzOUr;#5({~XF+WuLb4
zl>I)EKhAmA$<L&pM_E7rRTw9h&r3Zd^7UAkRK5cBkjWS4zLd+?X59<<qoMxgSBL!N
ze-Hg%etPIX@|StOkslKBmv7I0Z{-#1JCeV}dUf)b*>}-8{rn%N55)4l=zEF$Y1TKD
z-$*{0d@a^DmmkUZ7V?Ey_fozQ>t4y1;2a#tUu2%O{B^vMPs6?&%2%hZTKT=)t4H!p
zxu10M6Irk52mSn?qTXV89{P`bN%BeMFNFRhU!Lc4`IGeXLjES_PANZ~`B(BYW*qmc
zf&3hvujT7e4~_h|Q2+7+xKFn7L-3LO$Z-FZ7wn_xhyDDwX1!whCd@ODzfV4?{2cas
zCO>@MaXz{HAM}Aj{sH^9lyAj+D)~Cp=Rp23^Q`4N^1Y4xXy!STPh?$M`Kr{_NdAxO
z$A3TR<ZJVMv~EBDl6z4sA5qVV{7mMP%3tDK&g2iVPjmTh<WR`}$-0#C9YX%{^EuZB
z@;8`IE#HeeY~&yEcf6te3)ZofpUb`*$=?h4%O59)XuW>^x6-#``F5fI$UkMCseFCb
zH?tp2{mY~C#&uH2r^HM7ch(w@Q_1&X9S8EmsH<B3Z`QYwzsGtF<(u+dt^8fik&*lv
z&eKkQDRmO9-_QS@(EsKC3iU5PfO9#Or{UjU<X?rqKg+LTK85^~(0}9yP`8!*eD>o&
z{tWe2%U{A9`F~lLq5KBs*~%w``@ej8>Zg+z?B8gEe*UYFTP&ZE`#>W9l6+G6=HdP+
zf1YzTmv6)Kh5RDUky3sq`?QkJ%J&ZB-;!r7zm)ZA<Q;uuC_gTozw$}`J>I_~`J~6v
z|K*z=J>I|3gns^)^S!ZriXV@kPvrNJLn?m+&*cAMALa6C)*6pr$Ui5CQa%qkSMt|b
z-+_E8@~P#^abIoZtKdWVUes+XKbrnFlJ7#_?&KG8AB#5Z=l?|L|MIu_u0-C2-@oz`
zm`^6(n*N!~XCR+Kz83qjluu1vRr1UDu7SMdT&U%5g#IJniTyZ~UrT+q@&&1fk$lgP
zzkDs$H`=J5|6$BCmLEdDP2@}P-c<e`-<8RC4Ef8iq7M}E4_Wt8el+u}<j+z+1No<n
zQ_Eipe}9vI#CbZDpGIA^@^9FuBl#hmkDdHTJleRQ|8C?H%Rgg2i9DtbQ~BgKjQd_D
zKY;z4%U>b4LVg45Qp&$(K9&3p@*K$brw(iR#WRlkUL!w*c@E|4u^(IcDVz%<`R?qa
zPQG5K|4sV&|BQLY^6AJkk#E8{sr)$BH<Neli(G!fy!3zh9Gv^5e8Bfs@|l_EKz;)I
zrIw#fJvZ_<sfVHbJl@;NFJzpNd^Y-OC!ZMVf75>cw{X9T<&*t*T+fO8f1IbO{PWO%
z<oi+&xqLbLSRp@++)DYG%)gS~67HY!@4Pdfe=UD6^dI@OeD6?xXSjdLJH{Ew4+`}!
zpNl$)HtXkq4d+)ZKcDYS<fl=$sr)9!$>dkC-*fra+{X&}=X_Tw--kX~$xD17pNTwc
z`6YZ;BR`vUAIk3w`O7z<FOB5a@x7gVtI&To@8`b*9?QR>o)h_z^vP5{BlpQnJ`Hu4
z%g+w|NB&L7Uw#|wTgfk>KMdrDQ-`(uNbVJl{7TkkD4&DxYUNvn{N>-}-rmWtWS&vp
z&wqZ#kLA~g`j=0>^|)`R@?-ekO#T)3kX%0dvE%+w$S42P*h~2znNKBOl|D9*&&T++
z{6gxyk<StOkNi&hTPvTA97ggPskcu4KIcocML++;*uSxSI&w(lGl%@`JfF$$WB$2(
z-f;hy-^~6k<qPqAC7+A;4&-aIF137q&i6(>2e}R9-(&n%KItLjIvL3qVf;=$HP1&|
z_VZtw=VSSbcq0Ei{Qi>vf_qdZ|C;A>`CP1HAwQ1(R?62W&q}^9bv}^qN?)zzkI>H>
z`6=Q4DPJV?A9?fhaUU4TzsGlV^2<&hKOb$?&wmEiC6?b!zfI&zQirL0vc<;ZXYylN
zms~#Jdkgt_A%FRwL;sOa%X<g%#i-j_zBlXA$akQh59OCIpH@CU{c0pXj`O9H&%`{V
zt^4_3!@9)sIe9*jKft=A@`UFz`IXE+m)}nP6!Imh=Td$$>sZMbquvJckLkCy{6x;F
zMt)hi|H%Ksy0`L2=&K|7fvj&QzlQOnZTk7Q?8jJsJ-H?FrP+_E{CnZ|ul$c8fBDgz
zJB55x`b;UGjeT0lZ{oWK@-IUE@`>U8BVV3<J(RD8xAHdRFTaPn>g1=h?$NgW{C^#O
z|H>B)^)J7Wdt)m9P3Zsf)hCSmQZB#g<gpj>b$Gs%-@&<D$uH);1Nj8TspYqY`;R<2
zYdoK!{89FME8jKTKjj(g)yc15p3!#w{GVeTWBJ~UpUCfK{;7Of`amXMo_><c7h}H^
z@_WPmN4`0ER`NsH?*sY#;rFlnRlc{8Z_D^Y`Hn}A*QJ#|NS%-5M}__)e~b4<KkDbd
zEay}#-<kO&^4*wEDqoG9Gx=l8Gne0XGW9RtI`kj;L!tiV`!Jt@d=KVd%Qv7t8~O3%
zHk8l8@2OTkZ@7QTufJ@3FYV;ZEH?h$X#0Nt8M(#s>)0=e{Ll3BRDN^lKk}7$Z!Uk1
zbElBc&G(k_{m8SDFB|^;CSQa1*76_XjeKSH?@(Tb`j;;f?mzOUskcu47jlbs=;wbR
zeI}N_$T*4oRO%#^|B-di<Oh>mE?<cHDddMTpHlv3#;@e(aIOvHmvK(j@{L0N@|9V~
zp?m}Cvz7ma`HbWb(4RZ`>*N{j*w6n=?gO#>Rq8X5-$9+H@&%~dOui;{mCGNepA_=D
zPaf~nQhpZeUdgv0&w>1@m&SddmcM{E@)g$_zjr8KnmTXg?~><8z8UM)$xq<E7wy!~
z|ATP;%I^*RM?PZysr(&0lYh+kx%|AZ#`zTT&FIgi{2}I3$$u2`mmfyosO5`OCyo4J
z>Uk)CfO=@<U+`Tc`CHU&Cts5N9_`%Ef8}ug${!E;%cta?mdcN!Z)Eaq$TOE;MBgan
zM@*pp<rQAZcM18+|3y92@-^u*jXY&thVsjqXDff0-(@5DBH{0E^8YZOXqSHeJ96KM
z<qwD7U-Boy`78flsDJr2^x<4SJ?mJ=Z{qn<zAm{{@>R%fAYVG%Kjk0MHyZhA^oOB*
zH}YxavoimY{94wllOIogMnCT7e>D3vmOskAOXN?mPgD7`cqWgg7}s+yZ<uExe}!>M
z`T3kvm3*y`zx)~YZ!N!#^=;(ykmpdoJbj~;Kg0Pol5b3%bn+?5Au9U$pUt|*@}1}#
ziF`f2H<d5Q{4@CptZy#ghq@}{+Z;PS7fShQj8n<qWW5IRvqJxuzr?yU@<+M14CU`L
zek;F}dKk&qq@Q>4b-9N`yY};ck~)v&Z-o9Y--vNi`JVLQOg??6fB9<R{we=}^Q)A9
zf>-hj$ax??X~KBl)$+ST{mU=mJ}{JT!S}ZES^2J!d<p8Xlg|_Cf46@AJ5g`3eD_fQ
z@|W0msr+N=B$J;?-^=CeQYVG{%aFhPLiTAT|BQY<keBSQT7DMuY2@!wZ$tTl<krg1
zV0}mOH^`@xFA?(Jy`TU0*BaMJEPsmqn8-8gHkE%(4w-xt`c*F9m-Q{=7m!aWe}VZ_
z@*gn&f&5D9xt5O@r;&d_{S4(Bg#Iu8&dcLIIg+o)?}bi&75ysOqo4m~j33LtW<H60
z8s3}AC)szrj+s2?Jj&&hUC#YqzCV4elwVJtmHZv@9LS$Pnf@c6?2xfH@@>drD4&Y&
zYUR7rH%9UY=x?2TL+T{jv!DNa?3Y;n1ozuSeh_t=%9jo2uY9|Zzr16=7xG7$e<|OX
zepSg2X1xaTrx>S}AHnmDe1-7uzw(^iTKTyX#_Kqe*YwFwemJ>BKk4UxHP6TL?Rak@
z-vv+Q(^6NNyyAOv`O2(UA+JOKk<Y~VmHY*A9?17(p0)g>kiY!<^o^nXS$^-d@{2?M
z@)_7KoqRSt+N+=cPNDzEf53ba`JCjC%17jo$y3gqTz&>Q6!P1bAJ<hWe~0la`TpcQ
zkk?1kf8;;o`9^*i=k-v&d+7i2dzj})eiil8$rEym_U`9@E;+>VUFaK$e5-K(m(Lse
zzkE^No68?${)PMs>Z+8#LLFA}tI2sFzkwWT`7L-OUp@36`G(=|Z}J_;VI<#|bD@)e
zPQQ)z>F2+1sDJs4oU@7iPUfG==ivEFejm^0@?}_;LcS2|SjyKSpGv+Y&kyAPV!zb#
z*G}gAm3N$jL;1DTLo44k<S$>7zS_y>C!c8Fe*Sw>=dt{A=99>O6n=lnZ{U8F$-iNo
zTt02M|HzjQ`O7DS{N<0Zz61F;)LSiIg?`w`TgDm6^HBftV>nMo@)Pk+{x9xn(SH5>
zXCjAK{%pAa$hYJklFE;!e`fMOa&OG#4Ruw>=VU&md^>We<Tr-?BmXgVQp<0lP8#`I
ztjkco68p53Pd*d(ANecf*2%Xgw`l)<{`-gem;Z<To5=r%r}Bi{GWiLtOD>=MA@2Y3
zx9Jb1{LRq+<sb6=K)wk3y_PS^JRAAm^pm0dAo_VL{{`pxNd6z{yp!KbokTzF=l>?_
z70WkgzbEqNLjRW+tZybiE#xmhh;yfqzsmTfe3wxF@-?W>f&6FGRW1KB`>~O48_r+(
zW84#3`OZ8)l3%>ocwcn#y+ZvT(9eH0`fV&<kNud)k7eCc`E=~ZOuiKLmdl6aP{{Wr
z=Tg2j^<2qU#0T=fGJY+;GxQ(%x}2Ls`KRo!Rz7p+Kk}2wr;{HL@;|Vj|5uD3%MaoC
zM1Eknf69MBy=C&B(1&yRcjg<{Ng+R!@k{ypq5sI=3g@r<|3d!qv)PZ0{HM%wDF1-*
zTlvS#XCyzC96I^a?4zjc=YJP{DV9%q$~d1yej)Qu<wucQCZC3!bNP+GC4c$p+#gE$
z3hbjw{&#X7$TRkJEnhwKfB6i|b0|ND`Lyz>$!8=#eJ%Qrd^*m%=%9Z7pRm5Me2>uo
z<rguZRDM6}n8{}i`OEL44;1o~sh?85AM>f?8`C!i@?VGkFMl}nANk*y|4_aq<G1qd
z@sa%faQ~6VtXFh!KmT)BuUK9%ej-0U^dI@<tV<^UlJ(8ydog|?|2ci2l>d-(wvs<V
zo&)(@GmY!8mLJSIHuC>*ZyCxjW52iZQ^{c@KRo>Ym2brSqo4Kj{|$8#%U@ic{v&^x
z{hrEaXMHpIv*eS@f6IFd`4-Hxlpn))Rr2rLGM?u^{*TcA<+o25Ki|ktWc;E0@bLE^
z`S&^ZNAh{t@16X2d~fvge*UkJPb{Bgzw!M%k<UyYOXY7eP9{H#I?3hJkXs>topmqe
z>xBL<{~mQdkRQqYp_b3Z{2Tcu;rEyPeZH%epU!%X<Qs7Abn>kjKRTqJ|L;Tn%YQ^2
zCh}j>A5!_R@Jzlx_sLxTF@3U-zZ>$GKS_VC<OiHZ{ma)0zrW;PaBpek$57`(`NtuD
z`4Qp%FJCa!zkCAq6CK*m|5olHv3vsaPvpl@SE>AzkiUE?_E9eXh@1=gfN@IsjJJ$)
zuH+YSehuWCh5L{E3)a1ne~*1Jly6RMt$Z8CAIZ1n`A$AD-2V^j=YJ+1%Qp}C%fFx=
zQu*`LXC{xX8|RkGE9$3^UqHVq<>#?3mHZs~z(9T#=VmRRfqH1<HSZnD|3H6e<$uCQ
z@*U_io%}QEEjqlP{|(GDmhZ&+Ci2Uvw^TkQIcM@K_&uJ>XCsF~eiG|a%J1RatmJ3#
z{6Kye`?{9jk2mspPZ`(AQ2sT!wer`fw~>6;kiUFhzBf9epZ~So8)NzIA%FR`A%FQ|
z?B7hjGy5@@@5}gwd?9iu<yTXmmAqj-1No5ptmW5H4~=|!>SriFh<Ud1=t=(j2l>s6
z-^qW*IT-z-pa1!x|HvEGC6T|)x~KA6*hiUsiTUV1^20;^^1qT>Dc_sAs^p8!G#-B-
zzk?iV`9<`rM*dIkt3&yXta~f}1$mC-w^I+D{20DB`ei@=OGEzhC8@(ielOpZ%74s#
zDU(;>{v-cCaxUZ#F@7nZBb>kTW!ZNF`A?WnEkB9*H1Y>0(0}CjkY_8OBGkY9yLcx*
zFx)?n?B_q(3gh?2@@1*3M1IIw<L6WPW6VF3f5?8x<(F`t7V`PYxs-3qeV~$GMg0uq
zx3hn1`O4w`FMm4ZFTb4q(#r2<{E>V)_IoFPkadiX>gRt3^$^SNq@N`6pHf$;{8sj9
zCjUEip3DCh{{ALEk$ZS4zmNG;@<;H2{K;_s%74!M8~L=<;ZVLa>)y)$O}`q+7vh}l
z<cEg(Kf0g)4Wa+YA7FhG`5v67sr+Sf&g4rnpIm-!xPQv`;CoB?telUPJUV@R4i4nk
zQn$7IO7>kNe=*d*d`iY|<&TE?m!D4kbn=;4-{_cr{wvdGV);`cfBEB!(SPLoky|ET
zlks!;x$L__zDVdl@`gMs`Rn91kY7*EwftS4Z{#oVy+irZ%%_#_M;(sjYtr93`HA8D
zt@`;dPkqMn|FXXl`9G-hRK6nf%;X>Oy}A4@`c)zSl=GsL-@-nv<g3ze2l79L{N-~}
zhmHK(aQ~5?6aM}t|B88z<VSKocJhN+ujtr*{=cLj#`4uzmqb1feIS)zOh3uw7cu`_
zensd%@)31d%D>P0R`PdvejxuRbyCZpVgEMrAF@w}^0istR(>D#Gm>8(`j7ltJo;5X
z|KnJ%SpE|8OysxI2U7XE;rEyPD9)W+-Y}m+K0W=mlqb|}CBHM=f8_Us{x9E%oE!PZ
z%zr4qm_FIc|IGdx$*-fXI{Cr$=jgb8{*SPZu{;a)FF&0=mdfuVhfMxi=s)t~S(idS
z#s9|VX(_**^{V7Y@LdD>8`MuNe?I*ELEdtY8p<~yhgN<$>oSu6i~ZQi7Y*m{@%{Wa
z4gFu<vM!1I!BGG5f3x2+`7*pWmrr`k_#7|fU$b7N{4dm7CEt>|9mv1SI@a=s8K;rY
z^5l5khw>+QzLhUXA0El?3H?WYGy5Vsp`ZVM$t{*Yw$?bGM7}-Wo60NdFq6MW9p>_a
zaSHis)MqLG4|P?^f5rJVkk3jVtL4v8SB?A!w~W7cDBn8Nzx)*5JCa|^zUbtWZ8#o3
zI<cSsv#f6{@5n8YZ$bY|<vTLZOuka6fB7rCw~$ZdJSydnh5M)ck<kC;KVqJ>{3Pn6
zk<T6KU;ZHV+{)i%{v-J;?7L1r5A_h8)X#rf)+Ls=d{-iWI`kj;9pU~X{~vXm%ij*a
zf92<JzLfI0`L0TS5zi0gABNw*^7qNDk)O%B59RmrU9Ef#>S`o^j&r1w|1k9bll%E!
z&irHfW2}23zn14y`GTx(CSL;2<)4Q9<r^{2Qr__1O1=Q=GLY}aeyrt3a1U?f1NzBO
zJ`?rX${%7~M)LC*r;|TNJx8bX^M9H?AKOFz@+$oOK|VF-X(s>9$K!J?m%qsPh5U8A
zl)uP4EBQ&xXCS|X9BTQuH;m`g$oC5OPx;5}msY;vE#rPZlE2IRJNc`eJJG~`{x8x`
zVtLN^iTrcUg;ahj_sL8?O~_w<R=9u47pI;}`SScdypqpJeGcRc(9di61-!SBZ^!oz
z<yW$ft$a1+Gm<yq{FR^a@_5~&Q~UY9O23NbOI*kON1l>TD!-lnklC3}F8?a@ANi!0
zjNe<zYjUgP895B(=kmR^d~w#Lk-ttI4&`?-|5knm`)(vZfPK`-6Y3;7t)Kr}A%FQU
zq5kDplS3+xL;sP#%Xj7SE$H)wJSCq}elFiz$uAE5NB#}_w3h#vdr>2wk$pOppU=76
z%J&TYM}8M|*va?f`RMe1{y!pzSbiVlBzEc{l^@LbnfxbwZ!X_}x-I0(abB15*F*o8
zFG^hv<R7u_wR~#!S0j({q5Q|>)5<4boc=F=mw9&bpD<2zMnC`c=Npd`%RdU|uYBdu
zf8<wChnf5k_G2zzg*q?fv$Ky%`Luj*C7<HPabF$CuVX&7{4>_2k#9;4L-|_Fvz5Qf
zeP$&8AlyIY`*0tNe%;UiaOyUezZvfT@{d^GRQ`Cl|I06B|K{@9+3$sXz0iN;o8Xmv
zRrbq3ej|OdmOsNh8~G#b_o2KDzklWPQ70q$ON`&im%VOW=h2{_|7P@oSpHe4fB8@8
zC#if*_C+SYm~$|fFU<T4`Pbq8DPM}`EBVc#|I1hAdu#cv;r=6Ef$@j(PpIcs{v|$=
zKN9Xg@-Ma~|1<mf-^F}l`Fzx8B0r3JNagRdUov^L&G@~!e3J9WeWQ?H#eON}Gll*m
zpOWzh@~zk}wS2Nex&O=8W*-gZJB0ot|2_B8k$jmA$KTt@kE9PrXZ7=+miff;smLdh
ze@xD){H-64-<!!lqhICng+u?5f5G^rd>i&@C0~i}9mreiu$JG!ere?2<s2Exzh?fe
zd?s=m$=7EcJNYb(AD!LL|7hwtmd}34IL}0WLa2ZF46IiszasP>`A+0n$iEHw%Wq&`
zRPvv4uNcTTC5Kx6bDnSHzr=^~TX=6PKaP4H$$!N-oqTorTXar8|2r8!me0+4CGyGE
z9<NI(KZW;Z^4-ZfmoF9SU%n3WEamrw{N?*H{y_c)=U^>=f^)W!-%lSN%BSUfTlpVC
z|B?TVaXR@5d~bAaKmXaN+gQFX=V>CJm*-RY2S29&$fpneUp~j;<L3+ceC)eY-tt|Q
ze2opq;|%2UGkz^!nDHC=1lD~h-<TX)`6qnuNPZCY(8(X6exl#>^IwYj#PaLt8;N`o
zzAKeKN59SFhclmCzB%7p$bUZ5IL}f(C;hgPFA(nk@?FFEE5DiVYUDrIaQxn(eCzqf
z-pYT;JV)|h;hp?X?3d`ge*W8%LoDB$`6u${sKZo#M(98CS6P=_{w#f<kS|W2rTi4W
ztCDX?eGcTSv)^m^LhRp0z7Ee1<x5j<t$at;Wh5Vj{N;DB?$P=E{I_TRvHTc*mnHHk
z{ye_FrSc)`o5>5t&*c+B|ChhQx|H%a@k-vFMgNh%&-1l>YtH3H{u^=|$~R<RwDM<p
z??}EE-`mO0r9Ptz`uVRA`j7ko#!2L>^L#4bk?+dnvxfdJznJ+H@^u)$l%GgFRPx<;
z??C=uIDh2_vacKYy)TdJYAEj*r<H#h`oBD7|90|;;r@SNKmXsd?y-EPwa0ap$R~vS
z<(uP~{50;Xx%|8Aqe6ZR=S3-B^SbeTD*4CM`9OX;>s8AqDaPY8@-G-?C_gm({*v!Z
z-yX^5=bY-~=P;k>qJI8+g#Is|g?tkERLnn>-y8n^Cf{wo@%QHP{djL7KQZJlzbMqd
z{FTsu<X?xsf66EO6~BMwOL8s@<;&x(d>_7RBtIndA9>01(Z&7zf64mB^3CbbiTqbQ
zpUP)oT{8J$A%A(a-*{aL`PuB3Qoav;rjnn+d<ODq$+?!#7V2OAO1S^aAL3kV<#W;>
zM)HHHt4^MCjzquh=RYs=iRFv1j}rOg%qNwfPTgkmr5Pue&%?P;$fsmoO8K^z(0}A*
z=>PK1L;sf_K|YQA&5*zRnUKGHA#xkZui#wk<d=p1b4fq{6&D|WS1ezUd=mL#d~Yg$
ziFs!7oyjei52)Kh{t$hvl&`|MR>>dd`GNcm=2Oex;y&ESw+Z)8`A&E%e~9yXBv05E
zo%|f?GrF{&|Apc2Kk}o<Ig!6fzfI*w(`PdI@r;wp&kOm>=jPlg<=;@xm3#r7AISG$
z-D~+Jytk3hM86u!pJ9Dl`Qp5HB!8cLI{D=9j?bN_?&p6I>k`Yq&%Q|H+ip1CFR6S9
z_Dd$;jrz&u@3Y?v`Q^-~lrP8lmHa*Gd>~(*zE{hyX8cBe1^2+A{5rgqzr?zX<kyA%
zBcGnW8eP`Ue>KkcSpG5Vn8;^koK$`p`zVv2z`n@kSJMv*`8=Wj%jcv%EBWK}fq{G{
z>ZF!G!}E>&4e}hyZ)BdWJR`S}e9_Q<<R4RS(dGU8Z)SaC`Hj>`B43w#cq-qAI?v?O
zvF~zu$@7K$CGsid`_WG-`OJ(zkZ;U9Yk9&tHu5<cXDF{YuUq*w)Z0kju^&764;CNy
zjp&Mg{_nExv3vv8H<91LdZqF$`QA+a1?!&6|I7X=<hxV1rTh)nrIK&Ydk69b*+;ef
zRL-MD9!)vUXDDBidrm7qGyMHup0JLc{3O;f`dvT&MR`7!FTwm1`Mn{3`C*~{<pufV
z@?|-{3i$`zPfGc6%%_rXMx6}gXYjqX{6^}wk?+Mkhw^2}r<JdSkL2g_-cEir`9xRt
z^FNDvh~<m2PZRlj)L|<BoPC$cH)P-C^3ymM3V9d$kNj5pVP&U359Akz{N<lBej`7R
zdLGJ`5A`o!E!_X*4^f|;d^PR^(N+EY?_&P3{7UX=iTo1gnaVHcdo%g<jFZb(<vvr$
z&!-+r`L&E+$-g1bf&2jKxt1@p_PEb9@@?2hL;1J#$yVMlpOO52^6cap>lIzy&;M-d
zFqZ!@<S##%b1;>!LVw8QSF&EY{1f_2AwPuNO8NDSQ_0r~|NbJsly$7-SB3sBKQi<m
z`5K}B$R~ege4ii5r{o;z<bPvbqHFs3e@PCpd}aD`B3~0v<r}cRnS6TYlgl^b`9l6A
z^DN~V`?r!m&+`NMB*i$NT7Ck3xRL)c^dI@{)OjoaGxa%=-$kG7<VR4q(Y5{jXC<Fl
ze&qkg^H1b!(>GH252%w&elx#Ea`~;CgN6KY`e!LWj{2<RcQF1yei}K~^83lBkxvZu
zFaI;^(#kiW9!B!@$)}TV9s198{rsn*PGb3SA%FQ@<d({J4D~O+H{>t>h<k4#UxstP
zlt08cmHhFLzx*%cR?92uu#xW+`oH|{Q2+7^>DwduTJ+&ges;M3{Jx+6N}NZre2TNj
z=TsuUKjbezllsZzH_&f$`9#*Yknc_orTj9!x00XFdk6A0_^w+14Ew8*zl0Cvf8%>w
z`Fi9$l7GWJu#@N91EcHv`A>f6IOkYC9iGV74gFs}1N$hGzeaz~<!|GK{4@4NDgO)o
zwvx}rdk6Ao*cY|@0qVJtUmE(4d^7q?D}R{%HIhHcdUf(^sGsPDe*WL3&SUw;;rx|9
z%KTILydi)2dfZQP`GxGqLcVXPfB8$~S;-d)`O6<>y=wUzjMK=UC%2(|NycyGyU}k)
z@>|&NoqQAaOLSvD|M!?rEbs6{zVC+P{gTQrBhO6!2KzdfZ^`-=@@=TMQvO5wNhRNo
zeLawG$~joeUnA#6z6;|F<xhn3SAHh_b0mL{@9pH<^S#kc{rvyV__4eQ^)H`}dv7ZL
zkbaWM_vE{BdB;2p`NOA-*SC}(wBgt*`4c=pkRQ(Twftqiw~^0s_IUiE{B!2n%D<*h
zj^uZS`j=031%Ll<`uSf&-Ny2**e{9v8|IVBuL|d{{L|3?<xkKb3i(aUr<70Nep|_B
zrXB|Jo!CdU{PWO%<Xf{}hVo~bXDeTcd)i2T68Ec4egpYLH}~^DgXd%U+|)xNzmN4z
z<>xX^CSQYj=JFl+-a`Hj`IPeI=);wKBl^-n{w({VmY+}GXylX6O#RC*=DS+?L7Y<~
z`2ytD$&X<_Mt|t%|3mVL<#SP2iF_Z<om9Tx;^X;e@@d(3xqK7O<wAZU^DN~vGEODm
zoP9BnZ^63M@<*tjMxOA!L-|wOH(L2E)bmI_Gxx?$z9{2If9&T!2j3OTPbY^&zAfLI
z%J<^D$mDl2&s@G`$X~t;^DO1Nv0p0r6XZFN??C^o<@4}+zmdN}pBc(m4fh}UrQ!UQ
z@54Mh`QhxB=$3x|&ocj5zCHOQ^4sXosr;t-sDJrCIPY@#f$XC~Uhv*hzHPYw$af{@
zf&4b+Q_B|&`OEL-yN2?)sOMI`5_K|?FCO}j{CkWO-P+IpKI$`;zeznL@-=vGDu18n
zGx<5}qg?(m&lmD9@KXK&`Bd_&sKbFgC5Kx62;bYt_huc3@+DZWR{j<DijjP6_Dd&!
zo<0`c*3bU{`bI3@E7ZUI81_*rKREP%`2mcR%MT6pFQ1=&Sjt~x{+0YKd?3GqbF-FT
zL_IX}%kiQ75b|l|lioVs?<4t9d{-yGoBbHw-p~J9-W$trpso`6`mAp%KQi=x`5_^H
z`2)<Skgr1Bmhux>_ey?X=s)sXn13xlo_rel?%Y?0@_obKALKjJ4@dIpW*)CgCtrlR
zitgy=|IhIIOMWWzOyozBXDUAq&*Wz@PA=b+bu8qMvM#0kAabbWKcpWH<U4ausO3*F
zej|T0^nZEDdD_bN2>HwR!#nu}<PiO-pa0=}S1f;lc_#8ZsjF0eI`x^!*P@<t`FeOE
zpM1q}{gm=ec)pUK!+QtviPS?a-<oxA<QuV$L-}Ii{FOh&dX3~Q=SwHQ?vn9$MSt$+
ze_ZJQ@>fn7KcC2#<2*{`$FPo>d{v&$<p)zIh5QxnW2O9saQ@0aIA%Q0f&4jgsO4v}
zE{(hi{a-#a{iKyoB)5_L)sVmZeBK+~+0TCu_Gv7Sp5ouX<XcgPseD=LB$MCAe#zx4
z^L!zHgy&27o76)kzn$C$^0~;ZmhZs)8~LH({v&UhPb;tKCnNb?%%_vDO&vye_48ko
z9Afzq)MsK}d|Yp-eBF@0d`I?sE`Ogq3;A;)fBB`<PbEJpoWJt7LjB7(W}c1w_>jN+
zW9He)*C)@B{QXe>@|#2dxx1hL)ZC+D`PJe4l^?^pr1BB{A(L0ES1v!1epSe)3;kby
zQMmueW9C1QpGuy!{0?$x<WsWWhw@Fyxs`uR&LjDjtZygZm3<f8)6f6R(EsHphWeKu
z#(f}_pU(4{{MFEZ<V$lOE9CcYINo2S{0r)^l21==19>!YJWee?opo>I_p&ZS`M<dz
zw(=F3|44on`?Qnq9rC}opZ{+3hgg0Rb(_fl%Y0J#k*rH5{~LMc@(20eLcRs}kW&81
zG2=Wd`IC%4kl#QKwR}I$yGFh>bv~4T8}gUG&A;P}<Zn@Lo%~DY9}WBYzeC@M<+HP|
z6Zz%zfmD8e`28jSfbnzrIqa80ej|Oal>dtLt>g!j=RkfS^;XN@41fQWAHg_7`L%p+
zE5C*H9mzio|NblgfOU!f($D`CzAKhj%qNjQPraq`*YHe!2sz~P@69}}=R*D|^DpJ!
zXTMkS0rMZoj|}<C7vsH+{7&*5$~WTg^R2vLT}JX*>4%+s$8i6-ub=<zj1$YxSbUsM
zBA<_ak;;$bdo%ebq5kFjgx|mN?K!_n`8o9MO8%qp`&WJ<^;64#%=3+WiocHU+e7)e
z<j~4X=0B1zOg^1_9@Ztgzn}k7JRi%?qplM9MdXmmC#lBkmC5g;u5$V1;r=5Z%{LyW
zl>Z>qzkETyYaoA{{aDMV<Xmp#@9^HC{8IXAD}RjhYa~C6b?M|wg!~`q=RY&|y;%M}
zeKL`6!G28T6GQ#WS73c}`9-1s%dcf!O8IW=-%9>5^Bl;(WZ%{DN2rHJel)oa<qh*`
z<zI#KS3c?f<9*c0Z{=Kz9_;78Ed4N+x6Ct<Peq-l@}ID;Gx?dUOD_K{`>T+z&U%&d
z|B`bhKcDdj^6A6<Q+_f1q>+EYeSRpvJ>)N+nw&@SPs062{$2W8^iV(l=g2vh|A;zI
z<k9cP{UMc~K>cL$FT?#`J|*K6@=3lP*H3BxWbBpvG~PR~hyE|0it!uy*`faB8`Ae$
z`M>B_Bl&;uPJR#T82z=M|A+L+SUwBumB@ceou~4v!u?Y|D|ML5FAx1k{$tj?l>d(X
zQppR>>w)}R_De0lkenO&?-_q6|2f~=%BMJETn{7pRMbf)pMky+J>1WKANp!6pMg3_
z<gc<{Qu$r<w@f|*^U38U?=9q?QV*qkF3zb+J{#i?<m=GKYWci8-^k|<_aFIe<krgb
z@cUOjf%kUuv)PZ)BmMjzWM9Pc%^4?=-$0$G^0!!*Onw%BhsouaQHO>6e%7&+??s(g
z^6kiBApa$GTg$Hr^)LSk`)(+oC*&``lyhe!Ux0P&<acq;kN(!r|Ne0Qm*2!Z6Zr+?
znacl1-^=9lg#II6knbw&JYUKW3-=%Sh1AtR{;QC`d^-9@BmWyY4CO0xKWXK=g!-31
zMm=}(ZK>zz(SH8d(uZUD8oW1=e~&(p%74i7nfx}^F_)i0K83vHUR}x;qHk34yBU8V
zuc?z-{+;>9_lHLQG`S7sOHdE3{AlW7B)^P$=;T*3pXjlE{(ob?$MOT%?}>al=99{w
zWSmUCCv}p`zoO3<@|~%ZQodN||ME#U8s|BX&&K&x%O42+M?N*<4CPO<FIxF?)X7L5
zhx@;LX7*k5ct8JT!|yNo{^XX(ui*Zi%BP{OGI`8*<?`zor;u;NJ}TuOaK2RXdC7So
z--2;!`HZ3d<+pII4dqL+?^^lt_(;A4eYKMh*zeK*_47XukLAy^?uq<Id{-)8oO36W
zugZSO<yW0OuG>OB2l<rpKWsC8zLGB&{{A3OnNKZ$jqhsYuTsxL`RvqlE5DQV8p$7J
ze|7TJSg+`be*UvlpRs&?a!BN>^1Z422J+10Z}DBZ{6_j=Azz#EOZoHkw@UsZeS0AP
zaj1X!Q=$LJ|HS$Z<v-<K)XMjuPmbh&Acs!=6Xp}O{rq1G{a=1F{UMS6lyOq|^L$q(
zUpv&leEQ#0|MJ(#vy=}*{mb8`o(J*|@mhW#b=%1IBhR6H74}gp{}VZn<OefOC;x>0
z89mw0|Ag@SOTHHGP2?H-D3yQ7_?dhz&YfKTbJnqte~;%&`EvBtN`4yiAIOK~Q_Cm0
zY5cpjk-tqH4(0QO{v-c6`(h;jCEwM_A7S02r~3IXLZ6A{tMa{xd|~F3%CF(xmC4tq
zpXBl<m`@>}m3>jlR}S|d`Ay;eFQ12TYWc6or;-0M{Qi<(!ui<Br(zvP@*_h1%PTy3
zx}Sfu_P7tk@^|S2iTtnBRVts4b0m{5#d_uP8JK?|zmo4Q<%fjdzw%AP`76JkaccQu
z?5{??G<7(X-%dWQe1mZRk*`hNcJdF|U(qxD{Ey_jV)?@4naF>}y)>1t7w$ju$5^ji
zehPJ1$o~-Xm(Rv}Rq_R>^MQO>a<1jSVE&E#Q_hQ_{MP-(_1VggBe#+KSL~xs{t@*Y
z{k@<69h|eVe4($$eKL`6OwOtNPvn-#pQX>_^3Rx0A>WL;D&-SH{mbWNT?X<~$f1@m
zMO`)W<?x~WQ|h*re}#|aCx!kaUz7eBJ=@R!uiMan<dg0?_C&sQxPQu5pwDFT*SHtu
z@*Nqckl(|8FXgK<ekH$``WeW#q)ux2SK<CIKbCzlls_2yk9?uf|K(p(SDpM!>L+@x
zpZ|Ij$zOgK`!126$$cZ0KSU0h{Qp?rT)tb#U%m<RDdn%Qk1F}%q5sGqXFj!j5YAuu
zWQUFS`%pe$AGPui!rvd{>r&^Pd_~Te==pyB`;bE{AJR_}`O5UwRDM3|o5`1?PICFA
z7mUBRkeAG-lyAklRPt%bZ6N<E^RMOWu#Xz~ntaz#zCHV>l}|-~7|EaJyzAtv(%+&N
z`uU$nJ;d_$ImZ+EB|M+XQ|d62KSLen@-yg@h5R<|lcoGzp0DIDh5jRdjJ{FJ-wwZj
z<=>}1hw_VgZ!15KeKC^Hz`Atusj0W<#eV*4vo5jxY385EuV6l@{6*G1ldr<M<nq~=
zXCc3m^)2Nel3OJ&sLz3X8_w}semCpe$kz?^FTa$1-O7K!dX40tGS5!_X88T}Qa}Iy
zW1q(ICBNqWBfo@oPvxJ`4>S22q5kDx@_Zq`pL3^_{|&F?8<X2Wer34-$oFEs8u>}#
z{FQG^KX2vdhrj>JU#AW``TC*%yxh<K0qP-^|2_17`KFAM%74mtW%BpK{Zk%?{xAQS
z=S%s9)LSKAKHNX$UocKBUyJ?N$iJd)hw`gJ{mUo0bbN0a$v35Mck(k>-{_To{^#Pc
z{5twfB9HDI?~7D^GtX!8Eve63zBThK<U8V}{AKE)l3yDB{v&^q{Zh;CV4jV9Ui#rs
z{vP|cm0wSv9LblbZ*=k-!u|8re*P1<55)4RSl>jxInSr^oche<SCLOH-<EL-`J>_d
zmG3ZdTyK?prf~m}|D63;%je|zM!tRM|MFilPAmUI$X~uI^X%kXhTmVW_4EG+brs7G
z;~tpE|H<>Id?D&5ldl%;pYlI3|3dyNzPFU`#=fZJPqAJD`IPL_TD~>?vyo4_EBAl-
zl6+SyFIcaU{AhCP<g2kSqESEp43Fj8vtEgOJ^E)VUq0k7e{t<`-RAOB$hnaJeVg&~
zrF?qwtmHd#&l$+~VZCbk&f)$qA26Sxd<ObJE1#Y7Yb5XJSDpNIa)@46{?unIf0ySI
z`P9@&D!-olMkfCwp35)h+$rRL=J`?{^WI9n8tXog-%Fpb<$Kc~8u<<M$)S8l_Dd^&
zi1A1ATNtO4&lm3hZ}js&A^iT8f6h84@&lQFDnAs@<c~AYTz*B!U;Yfwm-3IOhf01P
zbvuy1yv=wY)$(__A2#xD_}-!XmT>=(U&s7M@{D@u<h!ws(Leh6H{t#xFGBy3U&8mM
z@_+EXnS4l}&*ihyPYU^I;qMRf4cMoZ{Dsi}<sXrAE&n&?S0mqm+=lW!=vS@$GwNX^
zznwfg`DTnCz1hz{;XV+{=OLd&{ulZ~DqoQ2Gx;W*7rA`$CC2qx$hVuH{x2`X`77Uw
z@dxt1vhKBfwoAw3H}X5F^P&7R*0GiE7XJN3{yg{IPJSnSDSE4){}SXD%de!)6ZzMy
zdn*5DsDJsxq5sS8<9iGFbgWA$e}v~N`4fykkiSG9tL58JhmCw6`omB@Vt=*r{n!^H
z`8zz{$rld&|LuPMGxNQ%{65wzk<Z2RseE4QDwA)({VJF5LY)`#z36+T{A=p4lF!b$
zJdp3ezNqD!(Z?G3eBu5nZ$tl=m#o)Fz8v-3$^T2=i{9zy|1Z`nmLJA`PvqM$|5UzE
z$X~t`>z>Qspgs%v|Is%}`N7m%B|mE7xStH<J2B5%{&&W2<h!z7L;1q2ODjJj)W3Ww
zp6}#)Gk)}LKmU8e`71x3?@HwVVZBoMgN&2Ozh&KXdByw-`B#iz%2!|=EBOKJmx27~
zaQ~OT$GSK2N5cJ6z9{EoD_?<}NAlG}{_@GPah*i(_49v@{T0g}BhN&BHusZMz7Frr
z<lm!T<?>fU|Cc|_drSEy^s!35SNQv<d>L}9<vWG`FYj2Fp?r7tQ7gZm^Km3UmAdWZ
zCsA+FKl}Ob!#N(y-y)wx{_kzZ>zK+v;Q35mGJY;UfZPiCWao^>FXb1q?v?zk(0}B+
zlXERUjQKS3|MFc!`HR#;E1&ee@!u;(@+IlRo&0mwH+sLH|El5sBR_-nO5~rAb1Hw0
zdsimkmmG5W%k<$wegb`?lz+*4EBUwNHjwYh`CiMXr4KaneW~-I{6PA4D_@)3M)HFg
zr;|^yE&b<%e*T9tek^ap{YQQ{<EQe&HX4tg$)}~BbNM0k?Lt0NsDJtTd~YQ`hWQNS
zD~0|e|3^4~<rlDzhVtd9=T?3ibuyB_O&xaf*V#wWhyDC(-W$u0B%egS*b?*~`MZpt
z$xkGoT>c^REad01?@IY`%%_r{9`cv}k^WrEj}HAu{webr%2x~d%eUe@8p+RQT{`(e
z^nvJK{rvyTJY)Hs)L|l@NDis|qmaM+GWvEdKZo23`E%^MQvNmlvy$&mpBcy#=3mRN
zVLpv~Q})+Tegf;&%5P$vk$iRTX`Osg<`aF?&wq{Z_Xqh*^vOiNY^Z<vtK^o+{~mt-
z%KsVqzkHIzIDh3EaKEbL|7M(ld~5Qo<wwzP8+k^Z59QybZ@2QP!}%*;C*&`mitmcL
ze*Q7z#PYX7|Ce7(e@Nx0QYV@GOZIgxpPly>^7-&mekS{_l5aq61NkiER?Bx}T^jjj
ztnW~MR;YjZU&8%UKG|*K`sw7GG0*7V{ru-<p0WHk_E#dm8&BoC@m-mGLiqhFf0+3f
z@&_2dlwU|+t>iC<zyHY3XT56q-XVYaf7wSv`NGsgEB_gNZzTVWKHSN_W&G&le*Ta0
zy|H|XSNZQx<U4Tgr1C4+7nyvDS;qB{%V%Ie7V^u;xs*?`|9G5AJ{3NY|1jKt<TLPm
zBmW2MIFw(_{iKy|Lp_h=M{Y#@%Wq_y=#zf_%Wy8l@@?3UiG0_PzkDg`B$NL$^ndxv
zoFj#Nh0uTG-(?*u`7fx$f&37D-_`PeGoMDjI`19IcOr*YegS=HB(L#KzBzp$`m~?_
zY}7+6e}evy$S-AIr}EvIXC}Xub<gGhC5J-(EblGl7ja*z<cD*w8_196oUP@rFn%Nd
zfb(uBKaP5C<yVLN<wvsaoqVUz|Nqm^e}T~d<p<Iy6ZyB~mdZC`zi09}xku&lDUKWW
zw?e)+^C{&ku}>@cyrKWd-z4W+zEJ2t^4-a2D8GyPY2}ww4<q^eytk9z$a+Pe_47ZD
z^@`<7GS5W5FY`?0$I=Hf`BR)Px%|5!fB7-gb16TF_g3<K*>?l^-t@^@K9PEE<X5q;
zhw}SF{_?LmXGii|L;sN<$b6#D`}rS=$MR{pM<w!E$Ssv$!?~HszsotE%V)t0`SPrL
zDPM>FT*>EVoPqoX@~q_v`>~Nvqz;GjYpL^Aek%QKBtMb*>EvfJe)Qjd{zrxU<!df6
zKF1UJqRc;)pGjS1@@>QYQ~m<`qL81@JWKhdcqPAuoCor`sgqj127RoNAH+Ty$`5DX
zwesW1Z6rU8aXR^(%rp9;pZ}>LfB6>l^F%%y_r_Fy7WI(HcMkc>&*S+*em?71%15kM
zB|kd!ANh9S{wcqXdvYWHA?q@fzr%Z5`AqbOk-TBQbn?l5H$Ly8FZ=n=O`fs*W6qI8
zekkX1D!(c8ANhuSS1w<d{Z+{CqfScsQM|X3|83%UpAO`YFitIR@kahEK9t`@KX2uO
zQ2+8T!ucz|nRSo8>gPW#>k`XPr;jD_JHp=|<hQf#nS3?+c`iSmJPY|%q5sI|q~0p|
zsf;s_pUi!rmfyhmjr@erf8?{wGG5<Seowgn$ai7ib@G3)kD~we^Pef?FVDjLM}7?b
zFqJRBIhe^)?vuHEPv%+3^K-`ETgrb!y;brJnCC#g4ChoWzbEt``L9{8q5Q#c{>tYh
zw~_om<lM<OX1_;Y_w$b)9`~hKekpx8kuOfpsr(%FOD2Dm`RDS4dM@N!GS5=JXsCbr
zMZ9+)pTK>omY>CbY2=%+jzjq;{4Q(dPlfuIKgjxa@;$=u-*5W)Uq#NbeE)F%%AcG#
zuFq8d8|o*M-^RI+%THs!7xK-+-yh`v3+JzVO6q4I-=1}><(IQwjeG&_OGEjWA%FRA
zL;shb&-!-q{X+iV_VYiR9AfzboXd%P8|oyL-@rO%^6xx7-e0+VnNa`o-?EOS{Abid
zB~QcsUtWa#<+m`;M!pjB8OpC^y;}L*)YVA79sRSDU&4JaiWZ3ezyD43|Nnm!-NJbk
z%MWI~68Ylc_m})a)-jVe%s-dk$$Ja=T%32M{FN2Q`>v9&67rWXPW{yKl=(OEBlzB-
z{1>cyD?b(=$uA>^PQDlQ5KYq0KMnU!dBXXU$PZwgRK6{JBa^R1KDqqLaQ~NI5$a$5
z7uKtiKSsYD$X5#Iul(U~|B=5yKOf3h*_Qi{{C4VUB!4>efBDYj6HVIB|Nlb$%P*ym
zCGu55{mU0+y)yYIoWJtl(LW3M^AoxM$fu!?Rq{LOCj<G5<WS2enQA<KBVUu8hw?R8
z$5y@zeP$$|p7W@a|DBwp@AUJp*mtpfEpkreQ!)Qk{yN{A$sY*kul)BRfBE-9|B+wA
zzOLl&hWeMkNx!P)Glcx*GqS!z`5x45EB`|{f92P+uRHlk;ryMfpZ`15XDnYj^dI?b
zA%FRL^qEY)AM?-UbMU=|{9v9h<+D;(m3&X?a3Fs_<S)PPlkt6^k<Y{UL-`RQfB7bS
z??`?K{kfB$c<FfGMU(gQ|0C-a%hwC_FaII?F_pi}{>tPlvW~fYe{w72Kf_CTMGlpG
zBjz)ZpUnAK%THpQM!p5(4CSkEKDP3I@Vz7X8I0e_@1svfQ}pxSigk?T_i(->^6NMs
zQ~4u|pV_ImT)qkGTgcbo9$3m34D~O+D*XLHelzo|<=>|s8u<;3GnD^{KGVwA<-8cl
zA0)R<z5_W&Q}*-!5$hhy=chj;@_9r5k^h-}l*u0p_fPq*%%_n5i+)(j|4F@7^1T^n
zAU~b`UdwMG=SF@L=gUz33-)6x|A=#EBtJLQzx-IniKgo3e=*O;@+<H}en+T(`68@W
zCU4mnx%_F?rI7zH)W7`4)JY|Oj`0Wb|FDj=e4%ju%3qr}?$1N{+juL#ha5)oB^key
zpF=%FQ}^?Kka1%9a*UJ6R}J+qKZEl<lW#?z$>skepF+OaEZjfkFS1^hd}I2+K)wU-
zt>t%y`j;;e&R_YKjNi&HBF~Zh;}ysA@8l<k`k$ts|FV2<EI)FI@i>Wmd*+kMf6e%r
z{5N<m{|WV6$ggAHmGZSX2P^qw)XzZPa_-df{dsRA|4uW$7Y*gp;H~`E;rFlnixtUV
z{ulalG;KfsU8$2;{xjy8$nT?mQu%XyZzg}V8qX(}7p!9;|B(G&%9ji0ulzRp_CWp!
z^Q`6n<{W9{zokxw@{MjA&%c##fsf>?GS5!_U)~!{*U$ec@`>eZhyEjfm7G)gFIcZk
z{(3ln<t_OX@@S>;_m=Ww8NZVMfcwlqKIGm~%kO5r8u_{5??3Y2gunmDZ)Ts4<V$l7
zcJj+Y|Nm}3{}p*YmOstDPUN3)?x*tKGS5u@BkClVzr{Kh@~;`cl+Q>XsN_Fp{DFLJ
z>ado-y3u%j8~F#!XDFYNdT8aJvQJ0y7s;)YKOFkc^!@zz+IBpjSbhMW$Pd9&`A+;@
zI+H&~o#*mbL;cGyrVdN_>wH%we-|IfkK_ER<?FMr8~MBJ)1mwd=F`f*Pu-5>b5JLp
ze0tU~nxUWn@92B6e0}OCk-tT5sr*CcpUF?AZ{+d^=mUj(L;6W6-<|cX<kws}uAhN?
z<yppF%k%L2Oa5udU;b<6-^xEAhmm}5&eKl*1J)~w`}u#uII;XK_Gu#jgngRI|4P5j
z<X?sUFQ1iqDCF}|Kc)OYzN?boK_4E-zhs`Z{5tBnk$=QK8p;<6_aFJA)Xzx%8`i6n
zf5!OHjQ#w-#$)-t;rEyPN#2{vAL98;z8?3+Ts~PcuFpcgDgB|8-$b2P@-?aRfqb%`
zj_;GT{3o0jjeHa4Ih1e5ere@PvMwX}B%hAo+sUV4KG975{C~=PV)^sroXF>)Zd3V0
z`fVovZRkJpUHGm-zAt^IlyA+tRPx(cmw|jk_IoWqlzr65_hddp`E~T?R(>=4Xe8f}
zd3N$Ucs`oBpZ{y*9Lt~JyiVj_hW;=AmiuickM0`RLoVNqc^2}U`QB1K#jnTXRPx_(
z?;6NA4fh}U-K<w*C!eAG_u>92e=OWT<y*0jI{AU&?{Bm8^Z$9MfBB(2pU9_Tf2HyV
zn13dpBIGZhk^NZ6bLzH~|C0Gs@~^lD4&=+zA8PskaZWYz2UwS(d|LWsEB^!QGLml{
zet*f=rB6n)_Vd4j{t(O0q@N`6Bg6euejVdv@)=mKTs|G^QpnHey`_B8-NxrdCI2P$
zGmy^_`oDZ?#%bjHhyEk~Q>cIW&v<?$KZyR>$+xAhqS^ZSFF-$!<-cJ3M1EYzU;Zfd
zlgSrn{9L{>^C{#rvo584(o@M_{x<z{Am4}nR?9!wXgp3Mzk|Lvl<&bjTlujefB9U@
zzmq>jKGE#`{GX-I$MQ$%Cy9K1>ME6gNDi6&@9g(n{wdEF@*(wB%6~<jSMt^9GXwd{
z;qMRfl67h1JB0g>{ATubD}RAJNAeNg$xmjzqB;8c{~C|wmxlf$e~0l?`CrK`liy2S
z<?^Rk-$I_UUrPBK<XOodV*G)8WBP3^zl!f_<VSHY8p?mgxzoz`V_%HqQ?pMy`N5(8
z%-PTXl~DikiS(I7{;!a~{P6Ji2l-*tTP}Z-_ZIS9sl!tKUdUhmIO{%;$K+7Uzhd7t
z^6zrL8p=PRU$yf2=`$nwBJ_t&{z5hGd(m9|{Es2GSbhZSmB{xdpHw~z^Uvh(lXEUV
zo_Z_fBj#Dkf5Sel<af{?2J&ZEms;Mjj*a{j>U=0)h5gvdcjTTklCQ<{o%~e3H=4Vj
z|2uqdET4^gOCtXl&!_Uo=>wU3OZq@AKRVq1<-aB8Qa&&9spMJc|MCHO*78$0M;iG;
zj6alr%6@O<CsMZ~`I3y&$q%G%qj~!IABxBF7sB}~KQr8a<WGmcKgeV5d%65+)~k>&
z&-_dI4fO3wejYgw<oB{KYWeKp{we<tbv2Z4!1}iGb*b}_{6%u;<TEAopLzTFFHOIS
z<*zeNBHxVpr1BTT`758DKAg+XXB`XqZtUw)z7Jl>=VSbVeEV?z%Fhaae~^C_@|SNM
z`j7kq#u>>MW<H(#EA~+|UqAmZIbUM=>FlpWerc$G`P`xZ%jXOAFTXP6FJFLhO8F!k
zbN`pGNc{}tb5d`${CD)XM*ceWGn8M?JX`tTw()#M@`c0wUp}IrMDzFapY+)AII;ZQ
zQ2+9U$upIo6Yf9qsmLvtSDf#K{BzF7QeIHcmHa6B=Rp2@a<1hMW#jK{<d=l=SAIO>
zxAI%)ha>r<^?3YFz8ZZsO8WVq$2!LHsTn7cC)8Cc|0wi-`3xa{`IUTcA+OojrTh=n
zVI^OR{XUQ{&OWN;*Yn;+z72hKD4&}8Y~>&Sp8A)+$hp?ZPYU<{@AdOvf%(VsKk>bZ
zJmtGm`6aAlCcm0IbNLye{^jq|2TJ)zcqRXS=s)t9`l;oQWz@g?BKGf4ekXO_%461L
zB!7oK)5-t9x<?E2^S_aNV)>-IjsM=8$p6Losr&%W$4ow3sDJqn$gPlXh?nwPnP(+m
zl>Io6=ZsU!XJ=g+`F-R(lyAp4t^7aaFp@7tf9~Yp&{v}c`}yA$@|REk4f)Hb!BhEH
z%qNr2PMzfPNiQ6aU&yCs-Anljd{-r(k30wRN6535pUb{$<o^lhul#BDODlf?AIbl~
zxzovaqQ6B8_49w7eih5-Bez6;KkJpsTfR4w$K;vIx8z<|$QS0lrF=%#y^>!{o&)*i
z^pje?J@0Mgb1?o;{x`n2mG8xUU?jhS`E>Gk$vIlMpZ}j;9oJzjzm9Pd`I6+5%7>g6
znf!m$RW4tiaSHj;$+$n4^3^$~D*4pxqk;UnQ2+838NZRQ!nrn-&(FHF^3S+$jO4HK
z-cG&<<3x+}^WU9)5zCk29-GJu>L-;CS;tI%Liqcee1_0}<X`h$rTodz|K+DK{y;uE
z`>vLM=kRg8HS&k3pP_uO@cT=?7Wc`K`~aTs<cHwVqW%02U?0WuBY8fN|CO9m`C8OZ
zCZC4y&E=E*lm0Is(N|0P($r5SKP%)ff1EsP`Eh(#BmX}8Vkp0vKG4cn2!H>Sufsm=
z<QFi{Xt93&>#>fp{Bd$l<P({HD*x~A$9*G{&qkf+@;mshLjDZzE#=qJ&nx*`?Dv8E
zOy*h3SEKJW@@GQ*%WHCL<$vOw9m$_(pLX)~sLyEee*X88LoC1YwsD?`{H0L;@=Zeh
z%eTUF`H=Y+@{c&DO8LU|cs`Z<uZ%O0AHsdOmak6THu9^<c_`nP{@ltB3FohTTK07(
zUyAuhOZ4-9jrEG<@6ZPl`AgJEDqo%ZVJ4r6`Q-8ym`@?UksM0-znD)YUxz#g@;P~L
zEuRqbmuKvYq5KW%t(C9N{73Tlc)pXrL2l8K{rqR7KgaU7S(ikf@Lj3=GwL>zcg!c3
zFUmNDd|rO9mGb#GPb>L4$#`E3<p0OMsO9UBTO&W8el?VT%DT7mBSZbmSNvvtu66R&
z@o1@j{$G<@EMJFuPUP3qms0rzzAKYYcJ4TzT)siLf66CtewFggsoP4v3F8dpx3Z6F
z`BtI-%eQ6xq5O}0Z!6!Nd5+{0!tY=ChtzYlbU*)3L;sOK6z>1>c{oo~`B#jS$v@zH
z%;h`ty@h-N^<2syXFiquAo}w_z6ayi^5dx6M*cbbbSS?ooWJsh`@l#(E%nyPzvX@s
zEz{5ccE*Y2J5VQy{2S((%HN~EW%6gpEthY?y{nLa!g`hRFY!vg1LyldKE?IpeOJpD
zq<$Lt=Ir00{JV_P$}go~jpQ%!y`6k>_C>U8KmUd3tFio4{_dT~H>W;R`B&Nado%gA
zyf?QqP9a~1K3U4&2=y<Yo%3rT-<CXU`4S<2`F^4Q$p6kc(#n_N{2IyUV?LdH7S=IJ
z`}yxmoyYP?j~|~SiTo<oJ(VBK{4@EI;qO24vsm9kzEC)S<xAp~{5{rXAm57pRm+!W
zK8<{Dau~`F5BE>`r0b09Z6rT}96EW0N6Yo|pNW1I%NJ%H6Z!r0!&JT;`DF45)N?Lh
zmFEljF5&Ob@?*%Ml6N70`3=-bE#H}a(a7(i4-e&&zc#MJR(>SEFGli7mK?83C*L*v
z{#w4D|5Q95%MT3wU%ndklghi$|K(FtC%Js>kiYzM#wq20<{nbXH)nkZ@*P6`%Mazd
z8u=X5;ZQzz=>PKdng2-sH|n#KXXF;G(9eHr`b;dpAoPFv&h+zCz6YMk_YS{*<uU70
z$d{u(m+}J{r;`7Lbs5O_V?MQfXU?5QzA1SQ<qtD{D_@m)j^rn@PdoWi^pj}Ce*O!v
zzOnpe&YeVl5`8R{e?#47@`J<qE1#cwE9AG(H%j?L?v0gv+fe`V)5)QhPe(s#<Qq_*
zL-`)`t5*I5>oSsW#yFk)LHb*?Qa}IMsl!;l2>B%PGeZ9I<HEl`$`@ySbNLF?Lm~f+
zeqPEaGJYlBl|D0&?-~C6QT{BsHS+1{!$bL*ytkD<MxG=2+U$!?{&dKH<$nJAvA(hV
zPU<j`Zxi~zd~b5d<S+8xTz)A1q>z6d@|VZ-$x417^Bl+z=DTY7?2OaM&nM@h{1L`)
z<xkS*NAl-G|Cb-dxf89@&wnTKjO9y*`j?*@>R;Y6&rH5GeKnW=gZ@^?_n<$Q^7+`O
zm3(#f(LkQE?`ruGtV<)W@S*&b(EsJLvR_8>*FygCd3ZirwV(e<yf>B~&w3^D{n^*4
zd=<Volb=H$&gIXsUWNQE=3mNd?gN#4C4L7D<QG#Xwftwyzmcy`-x$i*;=5Y;o1y>9
z*W>w4epI-BuGY{0QubXezY0&}^Ra(Z`Rn`h`&a%hp34_zoI<|sspD}<`NE<8<?Dp{
zm+#2FtL484`OE*wejLiLX5Cx)&dhTpf1h>f<a_XZw0b}PBe<W$@{buOksr@Grt-<2
z8UIen<fpQaa(Tsj3;E>Rk-vO5@~q?&LjLks*<ZDM6Y8^(ZyM@fek|+N%2%X6kL0_D
z`;UAd<{y2(pZ|fJo3VUm?rDj9T5?Y1J97`r<eQUEF8@CBFXa1CC#C$~)Mq8Xf<7~l
zZ%v-Hd=KW?$UkDA4&@6jIj)CRzAfK1l5fTOcJlu+|7eYV{wIa{m+#9uCi08u=c#-R
z`fw({j(l=?Nj((uGr8xN@}=lkm3-$=|MDF}{_-2?Cyo4O<~fuvMc-@Xhf=pA`F`9V
zI{6Z;W3*;J|I5iUmS2k}@{_~)D?fvCJd>|LZn^x|j8n)P-doC-W&V}?cAg)|@5XES
z>ddE+A53mT`ENr1k-tTM8_CZlhfe-O>N8rapZ^`Kdn`YK`6Tj<7$=pl!*^x!FE~eX
z`3Kx{3i&7D{v*Gb@2cbvg#6{7(NAjmgpj{{3%+Y8ugIa5??9g!$*1G|>f{H}PolN^
z`Tu}E9Lx7$Unlaz=o_j01L`4@-xK<ed}ZpnkbnET@i|_~cjbF4`F^4Q$minxs^t$d
zpGN*z=s)sL_^wvIALqzOeiG}|$u}hDDC_4R-9A2FV)>WUVIn{H)baDFd`ia2<eO7(
zxqMr^kgv(Ql=2(64_ESA>E{Fa{2_n&73`x%zFWBe$Zz4jt$ZJzAIVSUe%Q(HWSnT7
ze*RNjIj*-@et0;4<p)!5sr)SNnVI~z^v_&=AM+{XJF_mO{9x+s|55TLaE?`F`u_zT
zr^Qh-j<PuFT$L`WrD;-)OVbD@Rh8;0syY=asp@XFq`E5IRZv|OYoV)EG^ikoVBEoN
zBDjE}#0AAYKSc#}H16QSL`RfyT;iY(qW<RhyyrZ(`{wzN^ZESoW1YU=oSb{kd*1V&
z=e{{fRrqzhZ%z0=Fb>p(zl;582=C#1HHAN#_Gt+}jr($2_%)IL3m>Fk1^wOjpXGQH
z!k@_ghr-t*{}=u(uHTgKI_;Aa{<<jtBm5@%XGQpSj<+iOQtFVJ@K1AH)P+Bl<7x;$
zC9=QpH`1Oh;k&tCw1wvwXF9^?7(au7Zu`G1(*MF=LOX}TuZZj~{GllR3s2K-IpIe=
z(#Nrq@LlYGMfhL1pH_um$9b#?U*dS{!XL-ymxl1ieBAe^Dg0HmPfK`%e$p2H;!)pD
zNBH}>?t;N?`(Mub3E|JAKZL^HMt?{OKY`;)3Gb!9<%CxlKTE<xwo?&aq`y^#e}R5p
z6aHSVySng;xZWGWZ{WC^!aq(sw}jux_}La-kK(`ZgN&a+rrZ9HkK(`ZLy`Uw{(Z)o
zr100$Pg25v%=$UuXK;Q?!u!c9!beZ`epMBID(AN*yhZ!eg<ryT(GdPU)^7@bHrsCr
zuhKqk;Roqg9pM|e-h-iT``=0bNeDla_YH*~^=xm4r0_x3PYHho`<W9yL3@^jznFef
z5q=Gy)2qT;?0-%8rBVD5zK`puA$*u|vMKy~Y`-OZgnrT%ejoj<Bm4mG8|>(||F!hn
zgz$0pClvl!uE(VCs~E>p!hae0zwlM|rzHG+i~|+n_tHPB!tW!m34eKHf8o!M;*apJ
z@Hwt2{95KiTEgE*e`pJTA;;Abe)IwFx503?{U5`1kr4ibkNf(e@T;$){|n#1b&(Q&
zFa0Mc{0Y(iEBpb@S4H?$v}aZL>&R=uA7VRo;UD7sHiYNs&rRX4qhGaz-^X#ag`dRz
zt0VkLv}Z8VZT}0YHxj}hOM8aGAIW)43g5$ck`n$)`e#mfiS<juKgfNvBK%35ud49(
zM*2tihp9K}!gtZm4dK^u9-G2PcX@wn34dGU|HA*7>!qWdaV9vs+x}0F{9pKO^pjBd
zCpfO8@C4^2C48OhJtzD^+My);KRI6&;q}P>g&#{lsR_S^`%YbWIkLa-Kk~j!;ZJ7!
zE#Xbtp)LHy(f%v^8MJdS+HL>$aJ~}4Z>1lG!aqoVOA7B}`zhfsiR>?Yf__yJ{!6aw
zittafKULuiv}a9taHoH+uM7Vs<9tK-<+NK<_y?l+FMNgfZ3}-7{k$W5562sfb=&_6
z+9x4=D%yXAzafhM!f)VuObLJb$Nl=v2|t$Wr6l|V?0-f0m+5a+;a9W&HQ{fJ{9pKW
zjOPvEZ{@g}!Y`m5TEd^q{<npHfqv2v{x<d}*x7CWmvX;O2!96c77Bj}^Fm4CCr10P
z@S{HC{V*rIM1Lp=-@y76;de#;FMJF4yPEK4k=KRaL_cW={~~o=Q}}-FQ!U|d;Jmkm
z-^2CQ5&kv$Pmt}l|Esy~62c!#JA}et&-zK>|H$XKl<+$JEhqeX`ddkOALqRy{4Kn1
zRru$)Pt}B%sVnNj7swmJ|CaHpDf|ZdZA<t!=nrk-+t~k(@HXcq81J_KbLl4u;SKsp
zD14UdF)93g>}N{&hsblnKhE|`!hg<wR)oKo^H>!=5c$9GTe(lwg`doI+7SLhw%-)K
zjr&?l_!W!;ZQ+mMJa&Y?fcr&|>$d-ijAIGmpJx9<;rkgklEQDIKc|G>7TI6;W$aH$
z_(!?lRfJ#6d9Mn80>@huzRdb{;g|FIx*`15$o|4VP2LiIWwieaU!;9H!q29k1m|?y
z{|jtCA$%+SBozK7uJ@$ycQQVtg#Qcc=Y*fb{*;9OI`V(v?~U}Q@V7?$ukgDWAL_y%
zIOz32L-_A`-=^?Ck++0@f&SSR{z3M$BmAq}UxJBl`(GdFAK|Z}pM=7nM1M;P|7@gx
zgx|#WbHbm_c1pr;<UCe{|10fT6}~%)Kf<qOe5ecm9M@w*_~OZaUYf$67JdFA{Nzag
z2!9RNMMwCz>4!nS+x~B0KNG@V8`)p@7is6D@LM_WDdBg~PjbR<p`A;@pT~Gx5&p4g
z{}rBL{hIJkF^<)RfAn`=k2QpUgZ*p@FLHic!nZL#w1r<wyLE)Wm39sa-S%%><>x&i
z{O&0J3;!AYFe&^YuIrTWd!qOwe2xBA626b)tq4E*L*8yx;de29)`Yit-@5Rv^xKB;
z73!j<@Hf$)Tf#SSU9^Q?Pdj&ne}nxDCdK|y{1N^F_9qnnBHAq}{O#;#O87t1A9BKP
zVn0j5Pp5q<!pG?6RpFnfpVx%Hhxe@uzngYw2>;ksj6cGEMSp7vzl`>23x6d2q$B)Y
zv`;YAZU1L54kv`KaUTzbAGPlLnH2shuIrTWFGc!Cc%Jqw3I7hCQ!2tgL;F;P|Bm*l
z3I7b^RbBY8e6DE-{}=YNDg4eT{~-MH9B*5AlIx-){6(~9u&dktFQY#vg#VCs2!+3j
z^^?NyjO;J`$<gz#@NZEMl!W)uA1cB(aNeuJU&e9Ogda+KKdB3UE&JaPzK!>73U6^-
zE#c3L;=k|{Io^)&Z*zWw-QD*86a6P4{0FQb3coh8zwpP>J}Ke1U*+wP6aEvnUlM-c
z+dj@$gg@`&zMZP@AJb22!W)clb>SZ;ZwP;0WPjm9v~x@NbE5b!{7S~9j_{8$&IfzC
z?f=Rs|0Dc%uHR62i|a8d{FU^>l<@m$pPcY>qxd6yh<2_B{|(!z3V#j9TND0O>a@D>
z&qnqa{sHb6P2oG)pO*0NbN#l3|CqcZyvp?$oZD^xf2SWNgb&dlLg5AWCn>zfc}xlK
zu>G9yuW((IgujF9t0MeluIsAsv*?F4;a`d3zwl2}CpUy2{ZhZan!>*q#UJ5s=6Kt}
z6Vd)F{4<gNpVw{wY5HM8_?sgABYckalfu6c>3`vm<hXLe-%mYI5?<pvst7+eivPm5
za$ah}?_z)I!f&S?8p2c5T}|O{W`A13ze)dT3%`fFBRoSt3C{1f|9?gPFZ`QP{1JXX
z*H=>b>9j*i_&eDDobY?;S0&-!pxr9MkBjub@ZYdMHQ}#__Fv(v++P~P+q7F#_(vI+
zTEag}|7i>V6zg|{e<kw&3%c!}pnoQWe}e6Y!r#sKkQDwD+9xIaX4cOM|0erW68>cR
zc}4hroUf|zZ!yl-g#Ur_QWt)A6n}(&g#By^{|nn`3E#-^wuPU^_}mdb7Ww~$-S*$i
zb`ru*q#Z)xOHuq0{%ZPLN_d|4%?bZy<p087&vq)p-_Ceg6~2RUqbB?TwqF<iea=@y
z_+HwrDLl*eTf$RZ?``34VgEbA|CRZKpxABy`$E6(B!s_^>ogSpQu3tmU$UK)@CV3q
z!gsL$CE@Rk>@WQPGEP>7|IHz<S8KxOY0tXwd!qO+{AW@ANBAZ5x0dir$=kwz#dbQv
zAEG}5rEdG5Og~Qu|3mcrCHx)S_mjdO{!TxSDdGRh^_~-6p?yliU(Rt=g#Va+TNQpB
z<7Z9yL!9@z@Jae}L-@H|r%mCH;{3LR-$*}c3;!bZZAbWY6o00>?Y}j$zwo1e@BJzi
zzLUB%Dg1nnD<ymb+sO&Ph5auH&vIQ<gwL@3s_@g<|C;c>(0}T}e@Fjp2)~H!H-+E8
zxYrW?N$wYI;g8{XJHp?+%ll`rx7+^D=Y12x3z7a8-sHZV6n<K?{|bK!{WB;0-cjG5
zlJIr*ry~4)QT!MF64tK?-_HKjh2I~=f8jslI&BL782zLr{66--Ej-Qpc7*>Q&Q~zg
zZU6IV=Y;T|U*+u+3jYlIlNA0d_CF>3%bc&A@L#k2lJJ9!OBLY{Uu6DS`1hjxr|>zh
z_qy;$v7LtS-$nKp{y5fe34hc(y?xrkU&;NkBm6`3pJ2Az{;4Sb2)~MPI28VQ>f5C7
zE9i$Q;X9c>$qD}|<77$r>!SECyvA`=h5w0ms|jC<>@WOY&R0YDUix8E_;u`0OZa4@
ze}rGc`*wu?DbhdXZu|d|>nI`oQnnKcud_c%;cupWQo`psuAK1SFb<T2A6;YqP56ts
zE~>(xz<65|elz23UHI?0?i#||)J09<kE5TrgnxwXw}tPZKX-(`oc0X%b=&`_r}}l2
z5dO93`AhiYs0Wh5@8R=uO85!ve@^(jsiR85|4jQ-grC6sR)rV1zG}iR=X}+LKR|zL
z2!9giu_-)Dd$xp!QT!495Zmtve+T_D*xzmct2i$S;YWXf@n86NqWxF+&*?uY;kT!K
zJ2~Nxq@S0BZ=gR^gx?nJzrw>v{|mq4WPjhf@b_~4HiSPtvcK?+)DJD;UuXMm;g6)<
zI>PT`+zaNq?f*mCGa>wQ9B(N64~!d0;WtP5PvH--eolCWaj7Kys2Oj!itu6TimLF}
z(SK^f|Bd6S3qNYix8D%{75Yh2_y+c;C48LyX$#-X`RWKijXap|w*N0VFA3ofd$sRp
zD13_dO$tAOIw2+eU=;s_|AO`@2@ly$Mff*qpQ`YyBmF7-)lvKrem?ijhVYZ#>Brj?
z{t^0BOZa)w=U>8K%<*=FUqHJB7j@hJyIe;J;fW~z2!8{|n-u=*DE<h)lX@v9{1lG2
zB)rXiq$2z@)~^cx5&K^g{s8@|E_^%NX(*?EHibXLc3Q$e$T-#({@ADbdF%-P7WH0m
zaku^7&3z#u{27dgq4484FG=Ao+Bqfs^2q;%pTxLb68=f*ii+@?BmF7-SdO<Q{IQH1
zb>Ulh--ht3*w3c$TO<7`{B^9~7XD%Ovm^XdY$sUgw*O?L|Al{^^+Vy`i}b(npGW#f
z_)qDdIpN1JzLkVeNBIZgzh?VY;eC<*6yD@K)`h>Gaj7Bv6SP}X_??mcg&*|<@8@md
zPoaNygg=>n5*+BZ|ChMWCWNQCPD9}>_9rR)EgV-$_$=dIPWU@nza;!N#@mYU>$uNW
zg@2#xx+eTzIIg<z4YXTB__tZVDf~p*ttGq^#ed-^asTQFzmek&7Q5~L<z0Rr6T<&K
z+JA)~%XOU;o@V?^3IC7C|AqfJdj1t&r=2Upzs7!6g};^iQBC+`Y3I7|<2kN|@cY@H
zrtsf$Uuy}!p7(7F|1;}%gr6Mw|5CU8FQ$Jcg#U*935D<HyeEY}>~jCyni8I%&d&)y
zF4F(PKO6bK@beibtHL*Oz1M_)hx1hzzJ>nT5Pl5%-xPie{kA3i_l$>a;m?ZvU-(lv
z-k{QL|NV@&3E>CGL*d_x;*aq6(r;73KgRy&g#Uo+y(D~?ajznL!<b*ERpG1bXHEDr
z{i-f}Bkj--zDU1n3V$r`+Y<gP?&EFY*G2kMc%3|Wez*O%a$O{Zcc{-p;oG?1C51ni
z^PUpE_C#;DobZ2Q94HCDX29342+!`J{e|BY#UJ6v(r$I(ADi{-v?2WaFYvr6{8+}Z
zmhcnUep@-~cZC0e@g!L8w*Nn|orLfwGtP&?kDBrQObS0le@hAfAlF4s`13fACE<@`
z`xW7*(@(0xpT~Kx3IBV>le+M6uCIphNAtc-;rCMSwS+&Jc5Vy5oOb94|1I~yV5Qss
z!`wF$!Z&lBhQdF?c#;%;BIhwByh&Y`6aEv9t0eqh#<z;_HO7ak@Kbo-n($w;{krf!
z(+&;ccX3=z;XmBv*Ii5apQHFM{1>d>5&lW~VX)e5|A8p}2>%T0hr;iU>@R#H*Go$H
z{j_IJ_zvE;B>X4b7b?PcaJ^K8KS(>*gg=+@xi0+Q*#Cy`yCVHBJj3<X68;pfueR_n
z&~6>!*Kl0~Yu)yri0m)?sa#*7@a^=sr11aZevuMB$oe_qV;omW_;u`OMfiyvZ&mmc
z7&mId&tsga3x6T^>xS_EX8)VQ-_HKDgx{0)>!L0EX|MLYBm5ck&)|}7`@e_#azglD
z=vSfeU(i33!V_)kPvJAvjXB|kDE<r2GagoipB&j=_>GtP`__ct%ze2o{5R}>L--#U
zH=4qKOgp!PKa2Kk3;&z{_WkJyuQGlH2fOV*O8-m<{~Fh0DE$0L{|NtLlz$ffJB~Le
zypQ%Q3GZjzs0crv^IH|3W&N7)N6`*-;Ttx4|7-|9o%>x=_({BPOZfK4{=#3&_0<u6
zI>#HVciaC4)=vn3FV|ft`~;3GDg0ZUuaxj9+9xOc0OLbR_&M~4itx=`*Hz(zv_nn!
zg>0uTd?Wkc5dJgzc~kg399K*D<@D#a@Uv;>j_~uJ>gPQ;)NTI>)=voE$NHi0&3xWW
z3je=czbWB=_g23ibHaydx03KbM*2tiA84Pd@DDJ4)`TxG?$w2##(8WA|2W%e3SW7r
zw_8j2i^$u;?_wP22%n)p1TW~e{{h-LA^eue|AklBPEz<ev}a0qn(I0zd^h8KN%(2p
z_bbBpvVK+g>*$9y;m?TTkMMPlw;_B-6n})LIbSW|n;Dnd!aqs7b%amSKEVsS?SCQT
zLqhmp(th4U;YT0ic~bZ+*HKFNSJ|JO@Nd#jO2WVKZoghC!dKXSRrncE{zv#`>Y}>v
zp~(M*AIEjt6#mR8{tLh0^S+;L;g8wv?b8unjO_oSZu|d{`(r}**&J6W{KfR2r0{cD
zKP7xF%0CFd_g{SfOTr(!+4sL9eC1TntHO8Do;Bh3avtl#AKvfVX$YT){9pLF<SpTa
z$o|4JoUe}X1CjkN?Y95tBmF7-bjE>D_>bt%N#RA>AtijCaU&=ErS#{L@W*m}RfIo|
zcB=~i3HwtMUSs=p;d`my8p8jP?Kg$rz;;@~_c3m?g<tkg`oHjh<hlr6+-?8;v|B>>
zZ~2@U3LoUWB!w60Cn@2}k^O}~m+`qI{2=|LBK)+-{=#3t_G`lLreD>Chg@F`;rBBh
zHiiEr(m%p0v|C&F)sg*$@8-G)Ueay<4{&}H!Y`v8LgA~C{ulm!-Zv%uR<@rL{y-G}
zg<sA1RuO(Y*F{x$4|z@ahYxr^tP6iS<9tK-CDcnz;V&j{3BQQ(wk`a=cl)^75k5oz
z465Dsudtnj@R2C~2>%G}oD}{6K1Za4uXDa~!cU{!O2U7|cv2DmwkZE5{Dtg)O?aB^
z*M<Lz_Gt(|J<5LyUmf%F*b@GB`bk^(i&(!S{KClpFYC7dbLbBV;V<X7LgAOO{iN_S
z86Q%@?`Isy3IFl|KdzGSE7*QTIsLFI{LhS&HR017Z(aEBIKK_y8yTOQ!aqU3Y6-uJ
z{cH=rDB6F8-^q4@mv-C#d7Srz@as9hq41sbtEBLQyl+bQS83;*@ITQGCE>f-ent3y
zG7eXT-^_m2gr6PhPvJYF=U?HUVVrCVzm9fp3I8Me(-!`c$o|3~V!RDr)@}cnv3^4M
z1p6NfU*f)>6n-W5i<I#H%YNpBUrm2534i!^sQ-oU<-AmdpS;<xqnhwfGfvipzv|V#
zena@1*#D;Rey;15@Ha9(w1xkOe%=v&7UN9t@^1T2&>s@QuVX($;V+}!NDANZCO@u}
z@Kd<1bHeYWeM-W=Mn9|wuhS2!!ao%Gzwmd^o^|0ZuE&P(`)RkP@b_}xX$hZV{=6-`
z#c_3nznuGEaCx`=gWJ5_62h10Z=vw(Ij*GeGwFvZ;UCNS_H)9|kMyVT*KmF-!hg<j
zRfRu-{jUkXDYC!teY9Icc!KRTh5wfObxZg#$J-Wu3ES@oKl(rXx(=@Bw*QNw{Dbfz
zu9r~wL-doR@at%|l<?Cc{}*0j|4YK>I4>39KcL@Mg&(A!)Px`XSwG&o@NveIhVX}d
z*w=3gzlQO-CH!yMep~nrulD}d5&oVr&x2QV+y4z*7YX72b))Z3DEtiCGb#K8`cF#u
zBj4lO$qB!e>$)U7OWj)$p5S<^!q4SCRTF+b+o=oBM*3fPhU01qU!gy=grCguwuKkj
zpN{Z%(LaMLyY2r1`cFdm>(~8!g~ESDJ((1KQS|&P{Bc}&IpHsfK7SPcJGNgDzRvcm
z!tdMe`&koS=l)n1o}fQ8gdgC1HHDwUd1(p%J>y|p_@%UGNBB><euGzb+y5fYS3>x&
zSw9qBi}a81?{MEt34cHBkQ4ri$p3}UGcHwxf06raRrrhOpEcntk^c)noqpR8{)0$=
z3O|<q(-J<zd1(t@WB)tCKSnzQuj;n{=V*t7@K><^q43AQ$@^PU`0qJiDdBHm{LBeI
zmvNvZ{7;ep3%`uxstW%o_t~28Cr0sK_$9PkL-;Y&y-neh+%H<ftMBk}wJki$`RxdQ
z8v7Gm)ouU3<Gzy+ej)E03cvZ)w7>8Vk9nRF{t5D&@W=ALCE?d`zAD1M8u`EQZ<E)A
zzk+d~F8qo}{|FE6;{GfA6P(|c@LL$q+rq1y-;VG<(m#V&ciaD%MQ^u+@F&yHL*dtO
zTuI><alTT*uVuW-34cA?DG5K7eo_&B9Q#=n9x|TSgx}3|T^Ign+PNY8_fh;2-pl*8
zgkQn+*cM)=|8#_(8TtR!-S&SG_qBxZFL2&N;qRngN(%oR{UIg%mMH!RfBU+h_mc2y
z=sy+V8)@gN@VgjSYr?-nUKjpj&Pzl1`!A*c3$Jm#w1j^-@_*s4kNjWw<2moaHQn~F
z(+?BEH%9(1{6xl$r0~_q|ApTf#UJ7OGPJ+&?_BBaP!WC#?^_jqD*IUzej@kHy6{)f
z-x|Uniu_;r*J$UK@cTKBZQ)l@4|Ied&;2EMO}G8u#Q9AK{}$~Q3NLcsObUP4^^E_*
zAAN<lXHNKa^pleCtGVx2gg=G-uL{41_NfU!|2E&By72qBE*ipb<vMK&Kb7mQCH#hU
z-+o*8GwCNC;XkB3gIc%!2U$NM{F#ye3x7`(e}uoA>nJ6BGvjAY_%)25CE;_N--__f
z^yjMZ4V?Fy@Kx&Sy714^&JE$$bDwGoKb!Vx34ad9)fRp){h=fL2Krm@+HU)A<+u{U
zZ{hrg!jEGdOA5b}`$bClEu62M@L#f@CE*XzPb$Lq(x0os&!K&4!vBHmt}gs{j2jK%
zE1dVH@SAA2mhhML)BlCPnd`SB{0`20@VajMf1P$q2)~tf3x!`qJ0yjFjQvare=Fl#
zPWZDq?<L`vUhc<L5&j3xS5^4d_xSoX;orU6$Gy7nlQ}O9;lE~FY6?F)(m%p)p`F{p
z|7NG}Pe=ICFY`QjeYgEX`g20~<FEJiL*Z}YyeEZ!blula2_L8K$_Za*d?*S3Y!v^6
z{~yk8RruHFCpF=(;XYUweiP$lL-_mXCr#mXj<+TJyY%O_@M{@YJHl^fJHZ>e?f>s=
zCn5Zkv}Y*%5uC@Q@G1I9O87SJBRS#kVZ1E~e-8J%itsw^SrvX3*HKOQgOUCe-ihMB
z@M;u)grEE!zm8hMKgD@$3%{Ly(h>e8`c?48Zu=kgLGQN-;U`7@FZ}4|`1(oVZ{xhD
zgb&d^IpJ@l4lD^jiR-Z<{Im3js_>7}Z)?II!G6|-|A_InAw0qQP2sDIhb`fsd9}Ag
zTX=!%y(9cbd`=JE)NTLw)2|Z3AIEtKg<nrQCxyR*_Dl)Ci~f)k{&U))B>Wb(UlIOn
z#_g)`Y~=sKKNZCv;Xh)$Y6!n7@_*qskhg?q*q^rW&(I$_!k^6f4c^>s{|9J?gz(=)
z`>*h${@~YRQutrkPD=PqoR^&N@35aG;TKZRRD>_z=KZZI{2yNCc}@74jC*zAMaId7
z@LMAL3;#9!wk7<#^sBb;k8!*m;Z6EgaBa8!zs|Un5PkvIQ7HUdte+JAUyQ3M;h*KW
za>Ad@_*N3Wh4Ho`{8YxJs_=(BjrJFw<~~vv{`a%KenWVL^WGHx3GSOM;V+~=w1q#N
z{?HLV#r_1>b=&`^^uvVk64!Mo{L74cN#T$9v0oP{;kUE@IpLp(;=l0YXrGGkM^o2T
zh2OqT`wPF7`+HsZ6F6TD;V+>cYYKk~`_mGB*7g3rZQ(zne|ChIBKyCk+x{bLCn0<>
zvcK@tqWxF+)3{%xgnu&1e+s{gb}I=#n{lHe{L5^oD!dczzrr7}MEx)P8(fbK;Xh*g
zP2vAe-V**yuG6;gI~iv>!Z*=A!CSlSe-HbU5WXJSUwAsQzwqyJU8IEHLp$e$@1dPb
z!qZXw5&my%rz-qx)~^Xak$zhjeh%w5gnyRnu_^qC-0xb#`)JR$@UL;-?+Cv*^8dGW
z+yD9G3E{ih&rtY5)=vuG#JHCd{<7QrI?W0HW#s?DpUHMA!e2svs0#lab$CtqRjgkZ
zzLEB92!CM||An7PJGX?N%68hq&!^ow!f)sN25;}S|Kqt%6T-j5afQNXxGyJ#|10M`
zC47ec$q8?<{gUu|xsEErCm1KI!cXVEToe8i#^Ji~pOH6|^S({tzonnFgkQ{YwS^C{
zKONyeW1I=z(QW^qMfzX(G{+kXFOw&QZ{~VW3I8?6n-hK+*HKCMgB))~_}A$_RpHws
z{VDta{iH7ZyKJW+{4vxIP2sQSI%*03`EKsN!Y`tII>H~I9fE)Ew*POrza)gOMDa)X
zdgTAYcSP|=_}BXxe}w-fia)}?!TqZu{57}vcB;Z(#d)j=|Ig_8OZeSfcMahuG7dC_
zKk;e)zAfReqF!nXKZ9|pBm9l5AJn_;e*)({A^bAVV<`OBT&GFl>zuEY@GR#gC;Ts*
z_mc3_XorgM#YNg*_?zjUHQ|4V>@WN|Y`-D=>9liGIqlOD{zlGwTliUQza#uw`cLrA
zZu=ikU7ZlV>k6;mLg9brI!X$EKkbkbeh>XQC;Wye{s@2AA#dl3@bT#ROZY*~OHKGI
z=?`_`_pv_>;W_TJP2oS_`fUk+6#Lm0US)jf2){Slf3NShe}?mw5dLA>GZbE6Ka;}$
z?pSZPl<>=FpPcYFlb3`a8`)p@t2nNz@IP@q)`ah+|I~$t^tXoa+d1B*@Kv_c68>B6
zr)}X+qa8ZJr|3Vy4c+#CFXK`|_^DiXq41y5ACkgP=D1SAj|%*}<b+R0`d|33xUW@&
zf0+HO3crqiUK4&3*H>NmX_5VfA07SvmGEECZ(G7Y9>ss*y^;NeU&?t5-qmgYVLneK
zgr_3=3qPCtOH%lM(;rg8H@wZqv7GQa<6%kotD^jy@V~v9@n85>j<+U!g8i%ue;wCR
zLwGIH|H98_J1yZ$j00`q=S1;e`0dgD`|fW0e?9Vl;lE;>423^|c1Q~U1M8=R|B&tH
zgr7-2ED67l`lKR!g#J(!{%HDbP53LL_#^yXocD(CU+}(7;UDKZY6<V7-fjzTF^+YF
z2d8-d3EtCf{|9*Agz!hReklA4>`zj7mi9>rKZE_u2|t1Bq9pue@`~_l>7P~MZ=pZe
zg#VQDUKd{AdT$8-hbaCCznF2dCHxGoySDIiqvtQ-PvyQAytmu_Q?y$``1O(g7d}LL
zCWXI%{Y(jeWEB5}|Bi9BB>dmGzf^=DM}Mdae;xh2Cj5HNOI`RoIFAkCk7GZZ!hgEY
z`)y134`1)&YFqftyl+SN+5EkN;KpwIAItkDg#Uv66AI6A-jl+UoZpo2_i-L`!k@(Z
zmV|$b^((?Z&2d$QUr2wh37_WgPSk~;#eOz~zblIW!spq3OZbh9V{PHnk^c+7jQ$zi
z)NTJ=v}Z#2MQkS&egW4@QuwXxPfGX$QT!MFC&s;!@SR*=72&ho2dl!jaUN^J-*~<E
z+q&>APxHJX`~j}Jrts^jlUu@r0pCtrct7X2BYYq27QC<9{z=B$gzz55!%+AJ-Zv?H
zp7u!zpNXD-g%>&RCE<5*9xKA1#eP<WUqT&H6TVFUsSE$l-L${(Irg(D{CnI_Tf(2u
zb<q}n7U#Dk{Lj2^@cwT5KbdhgA-u|Qg~BJI_%Hmu^plkEE4c1*!r#WYT@wEAJ>EVQ
z;m@c4RE0m9^=rZ(LqDkte?9%AAv_huf8jT99kqlX$M)O8AHm<(?Fc{lYCo>v=5G66
zN<T>me-XzU3SXw5B!!>N{-=cRj`WZ4Z!^x9geU0_72%ge@kjUv8MkY~$9MYi)`f58
zx^4)+oOWmmKaF;42_K@Lw}pR$>$fBPqx8?<1KsvN$aRzu{t}Ki6n-rIEh+p~+94&p
zkK@e=|1sBfN%&*vKNaD-XwRzfC$N4^_<4K|steyvdp3l>nd`JE{1E-ECHx2UpSJKj
zsn0vYKg9V8KG<#l-$whd@N1&|SNMxLU%kS!+;@_~?`J=^34aRbF(v%jr*NG%y8BuA
z;6DZS-v;4L@`UijEx!Ko!b{}6!b7%`6uyCcoACODfA9K}5`G8U9~OT6SNwQ#!UOW%
z!b?B#{Vxfxocj;%zH`F2v3^DPF#EqQyv=@IDZKh&f8Uz$8_BN~zWxzkzb?E+exvXk
z$s59dd%K_a+k`h+zbX8F*1tpe-K^gd-XXtRc<?#j|F-a6^81Akvz?Cc&d0nzJShCO
z+x@%;AL{n!2KffzmGAm`3E>-f-{XZR$wT2$e|m*K$azc(uhW0F36K0OC48OrhlS^U
z?CqHozD~Yd__lxZ^-IEo^XTWo6Rckm{vg|57ap>oRpHUNt`wfQ$J@UqyqEl1;rDYM
zZxo*Tqwjx1c#HkNO?ZvGDZIgTdWY~@_;?owTEcH+J9i6zki0Ft@l$XA`-KmacZ8S7
z9~55ssP9kW!`*(K`kin8c;Uz2=XoeRAm1iDMV=CV;van67#5x)&k0YG?-ri=FW*i{
zc<_+tbHa0f^1LFv!TRgMZ)5+f!t3N$3Xj%rO?aFBe68?kz0`$Qe&y|aqwp)q8^UwH
z_VsTQKKxtHo5DM+e~0ioc}sYw<J-Agc)<E?;SKile&I>B(-D3x`Gdl1zw!4CJ|g}}
zzCn1KJR!VJI~*^(@qlkX6yE;PQ`|c372a6&^;5!+|GnqK!f)g{$_cNs{%+w9vVKYU
zh9CIx&k0Yi9q;;C5uR%JIJPc4{Ep{W3a@hCtO*al=J&^Ig{N*l&fT{zyvBHYqwoj6
z@B7~nUT6K=gg3~W!kgrG2(Ldabp2@w-|%$L?-u^k(Z6-|+rk^$J-=W0Fx%+}uRX`t
ze^7YpM1SAlqkh~Q+}(oUN&n*OZxCKR#n(>=|GRCz{_(;~8-4vyc)<Ji3P1j2Uq30l
zLcUG-9powD;bz~?u<&*AobWdJZs8%vTM}NG@a@kDzk|FYyn32nck7WZ3;ci4byaw@
zFJCFV^#kwcHQ^z3{<XqO<n_P8Z&dy*`oHk%fB5@GdNcBq+AlqCO8sQk?_Vw9kv_az
zc(gCK{|fI2kL>fH@JMF{U+nhhsQw1wQT>GQsGr9RkJ<@^cRt|fw^w-7eo}bU{x;!J
z`zhg3JHx_{kK(rQsNQbj&7*xBE(vduuM7X$+x_PtR|>z8*VhWanb!gL#{~U6DtiA4
zPcklP{mw0Z9?hGMiW))rV2mFf<M+q-!(zP3=O%0CF)?1J&NTky7{7ylW%rEpD*I{m
zUmB|)#@c^NjJIeHi;nUB+#TcbakXQ-Yg{qzJ<Z>w6XW^VeIJbRVvGl0^7gd;To&US
zV*KnFPsI4iF@AiE55#yF<MFxdjqyjv>L+9TwK2Xe#=Xb-7gI65FIImz#-AGFxfqYn
z*X|fUBUZl@<J)3<F2)}j<CPeHY>cnR`0HZ48soJXzcR*WW4spQ&yDeGW8Ck&{>6HX
zFURWN7~?O9@kWe$#pPeTEyjmp^_ww%RgB*e<FAPER*at)<9Elnk1+nlc8t%&>fayZ
z50CLqj30>c2V;CO#)B^(@&EA{-w@-c#&{yeFNyKvWBh~|4`V!x@!lBkjqzlRugCbd
z7{4OMQ!#!p#)o74)iIun@%|X!9pjTRUW)O#7@v#rjWJ${@wFIVkMYZ6yc*-HF@9x?
zzdXikF`kO?Yh!#O#_KVDVT|7x<9lMf5#zgK{I(ePPgwrNW{e*jtA9s~zcR*KG5)9+
zzdOcv#CSW#|1rkzkMS4AcqhjDV*J4v_n8yEc*ha{e{-z<h8Vvn#uG7qV~igk<MI72
zjPdJZ^?PIdh8R!A_&>+^wiv%T##1r=#uy)t@yEq@F2)-%zB|UZ#CR#juZ!`y7=KcX
zS7JP_6V_wA5UXE}@h8Ukl`-yT$iG;N@l#^;uZ{6%$9O%)ua5B>V|-VPH)8xyjNcaH
z&x-M8jE}|m9Wg!<<E<EfUX0%z<0~=Vj`8Ujzdy!Li}6m3KPSc?jPboO9^84v|Id%{
z4KbdH@kES2J;slZ@k)$`G5(Sm?~U<`V>}t-OEJDJ#<#|JD#o7><HIrjcQKxe@m!4W
zj`86bFU5E@#^+-E(ipGA_~sa2kMU>5cs0gf6ysOMcs9msF<y%CYh%18#_KWuj2OQ$
z#{Cnkf3XqcFN@W`Eyj<F@n(!~i19mO{PY-a#dtZ!?~d`EG2V{x6Jz}T7(Xe-J2AdJ
z#vhFFGh;ls>xlm+V|+u5pA+MW7=M0@A0OlUV?2!UN5pt<j2{!@$ryiejBktag&0r8
z_-Kp|$M|53=VJV<7~dV^=@>7?_-kT(F2>J|@k)$uit+UrzaYk|F@8;qUm4?5F<y)D
zSH<|XF+LyT^%%c0#_`W;{Qr?wi0^&z>e1`bnx3x|56-X770c_D`Q_==`N(F`+Wv36
zIsX6X87z8svu7-e&$gES3IC7YA3f8UHhL%iZ$7hdR1i#~wErSa_EdlA-fRDi`WMCI
z=sH?6pW}agTd=ek{mYjp@UlxAc^la))pPiI6dR-aM_Mq=*P}frx_?yfC}b<*|Er?S
z`2YRetB;P#w)_`gJ67k3{Lj}9f~bE{KmJ+%J3;=7`WMp{#pShy@=CC{6s~W3cJbNI
z4EHT8O|OQ_<^A(3tL5dDU~Tc@#ifIbVP$E45g;rt&MeK&FYXUkR%f?wFBTW(_s&!*
z#npwC;!1fn+&4YHu(n(d=NH3bab|tGxWBww+`q82cY0x^cT+I4bjkGc{Pd#TVRdbJ
zF<hO)4Z_u>FnDfo^2xzcr3}YfTE6hi!~cBlnE_i`n_iwRE|(X|(<^24c=^Ee!u$)$
zx#`upV1DruT+D{6%hQW1`|whEIXE!CvVx9=7ncu(C#@c;lursO)5|O6;{0M|ZMC>>
zegWeN!hOq22SN;UZhCQcp*$NdRWQKv_AuDEB{{Y)*tj>?3BS2$X>W1M3U1fCDLgX_
z&f8vDTbx<lenIfUjkB9K&R!byKJSzR+b`VY%M&*R;|sIJ{L=ne3^o|ak7NfkyMys;
ze`aWWB9ogK$rf-mGLYGkE(~XIxg%dl7cv9G>FkaSUfG$R7`0-2GN0KsoXL#gB3~HK
z1%v5AI(X`HgJe%{-}n@YsqtQ4<XthD$p*>3p5Dx;6@8QTH`D7_X0+F?hA<5%MtkzE
zm>Rbt+vBQaH~Fi6wAI&RE%x<H_4K)7)QU~0>59Bn+|)BQWJQ0kwY4de9k61wuiuLC
z-i#}<?rJh)H{aYlWj8;gFltSoQOMfcQP|thC`?(O`!Oz8xQ_MPP5a$Q`}(IgTlI{u
zkm)N}i<!|$2eSohF*E6gnwgrkdt;<FDimghq24~b_mJ<xDBg*y(X2B=)|)6h>H0k0
zJ7i6d=hMC@*d4~Fdh8D4Q~lQT_*B7~9-o>#14SXzYgGyv*Y!eX)LwI4!0gy7Q{#D8
z<WU>_??JmLHeqm?-i(<t)0=l!W>Q@BZL)Wxxx7_D>-L7xUNcu_w9mDIp5rdKRj*YU
zowDi4Wc%%QnXH@ROm^JW%=b8$-_&ET<@>A;c{gRab)Pk26OBJ-VEQsso5l@Ijb>rA
z%v9FKg2H?)gVA87P~<lUN!;U%f-BO#upt84aLm?eE1W|O_2$Ph04q>sv~M(zrbkf~
zt&C<zt<BN=W}CUu{HVPhfBNh-)W`c!Oj#9g%Pf2wt)R&FxWfD-+tb(YU|&C4fn{t~
z@dusG_Dq=*p|F*K!kWx(f+t!r+GmYy8tr!weX=XJqEKYvFDR_y<{`6T_KeJ^-7TFT
zxAyz7L{RwY$-<cKDqnELlz9yXm$f&HZaM?=nZ?SmK8*HF+I_G<>@`f1y*8eQ_3<}j
z?;g+FbfTDqlfw2kGbmuTY<@C>3CtEUd24F2&rF&%Z^0jX&tzuEDo?`Ct-xFb$$XEi
zmhZ{*;kA5EzTY7H0o}-B7Tr~UAMTak)Sq>QueoV7i<{+9;MORnaGyNvgL|UD?eg9*
z7=ml-jDp=Yj}>h#qhV_+?QECt$2!JUf7Wb}@1HW;p|E+&+hVW+4sXS1A3O?0)@}!r
zTPtvJ2lHmvJQlh&mcjU~m~umaN7-xUbtpzRWvnlw=I{7xAuT^TWiAWvvQ=hIX5Ad`
zvvrPQ)NVdL>RKMp_Sjv=-SWcB+S;+gRmu0cH{@;c0J?FZu->|9gu_~_MPV^2kMLl(
zD_}ud;muLVn&ajt-Hc!u)-ZykV;HNu@-@&0yP9&Hh5O>Q0wRJH=pBYyz>Uy71TR}k
za0462q>DoK7vsRLV6k&DgJl*Zr?7Ugyb#!JI4CytSmADtX|c76VCP?(GFO?}gsN8f
zi&2a7h!eJAQJ8^ISY)3<+_L&-xSpVJubqM08Z7kM`_jEOtf_Rt78atZYo#Bn0auto
zdu`O;$U=l&VXeEurf_Q1%>fFt`V>6ULBs}JVMW>9$6;y|-rm>>Y?@Hyt;%F(%0`01
z`hsFINDmBT^7)beu}qL294w6NM2Sr}olTGJIX4sZk7Uymdy0eOlc-S~$qtQVM+$p_
zfys%9OtuiZ`h#QXd?CnWCwCTyMkef^yE6lm=tX9CVIn<H2!_WeCxVedya6o?;Gfw{
zp_na<r-Pj%gF$w3Y;0sGn8>6D!(9_2cwhdUv0dqjEOdeWv)Dg5G?bYrPGs_vV}+oQ
znb?U=6*7Z?ySx2?eAt;o_k+TCF`pS2&kpA8pNC%x3KJtcc4Q`k$?OOM{A6LE2q}>X
zrXW6s_T)!)WHW>Pdj>KSg`nt1929q&WrAY<?2&u`nYXrhaDH)idkER(6xM7wxT`oY
zl!hepViDKriJ{Qf+iV(gE0o<*xOaa4G5>1=&~C-0efyvvi!1y7zpWf;Wc|Q_X9f7v
z*B8u|XBJG<^#*618Q4Fd{(6HKZrQTs(!<j6EW8vc%IBVWR<N)H-8wTjy?ol%;%YFz
zT0USpb$WSu`cSyIv>Hx_E33<pjGM!m>BW;)@pom_w5g}zCFL1N(_nV?;PgI-$obU(
z9bYR4h2?qZM%0_0oeifK(WV!p<;B(ILyq$%L3&|fX$B8YON)nv^1-<>RPgd4Q>xa4
zuTh3DF2m9lQ?I<^(%y^EfuiqBajv`otsG3?eoJes;nKcvb^bs(JUBPMP!5;Z78k8S
z6Zhf9mEhF9Yx4`Ur>-o|oQjEb18^5JON+Df)}1ZT@WI;h!eH6N@8se<)bnC-p}e?%
zbuOG=fn^rU`_b`B%HiVLfxWn~34K3mC#v18w%fhD#<n{jR^`j(gUhgXSeagh<X(if
zo|&#d{-bZR;VEa~Z_vB3vMJa&9d6ufY~%3ujXSq*%!eEI1U9Uq3HH5*7N;@7BR59x
zVT`pIJasHBhbGhaFD;nfHtjvUwz%ItY6Rme)BDRoZZ;@PFYaHN4t7oBAz^=U00W1r
z?jIW;7{y8&&kjr;(cig=@f_B|p2LECBC~UR3abojbSLWWN{<w5aVD{|+J4bvdo>Dd
z7``yYV%i*`XOmas2#vNWps@I75*<|_(VaN$>2r#>XVf-Th;!T3tw8LCIJfwW!s~Yg
zV_ZQeI$e#8*RI?SgTjgQ%}ycpVQa?S`=D8HTNF;6rxEjT)t|Ku4TVL~zW%%k5);_I
z@Nmj?0`VC^xDWfgH3qqDy+)+7R{T!ehj4B0L!7oYp%v^k{6%Djb=)vv2x|p;&J_?H
zc9nM$ejJ9eE4MeBz_uH~*!K3k3+zzVCNEHo+8qj0CP4a}^v0HH9YT=zg)^g9J$<&F
zK(0b>V~{AEhQ-c__Ax3`4k&DpXv1k^i0~eF<>AyO>=Cf6sftXWZ5Zgr6t*&0)JBEE
zG%pI<Q($}Br%>1~iG9~@I-0dj3;VfkzbH)YWU!yvYgzXslF53lpY3z<8|ujV42|du
z8#i==SMdFLgLx-YQP}g6NqB2>s^7fIq&e<~ahqjPm}G<)w~j$}m}Y<q--P)Yh4rD(
zN3)x)X~=K8(I}pHPz8e9IuB88=CA^-Ko6PWtibS~qs^#U=vv%13kR^*HaXP@Ic>tt
zlrvluH*mTXZipLYy)?7}=ENRm`!)(EVEer;hEv)dpb*g)6y}X6T+NJA$r-3yFdMBa
zY_RssV>duyUBOtbW25fT3D%7Cw^hNUSd)HkvR+A`aD9NFfK}lY<~rH&QK$Z)`>f6J
zyg3APxEneOGmC#9L^0~#;Fgz(bi7n>>I_mnYww2cv%7lTht*+n#1@H}c+wd>?;mZf
zz#H;D7~s}sIH(>cDSIHQ?8+t<-s<If|CCedUW0FP^8~SOgG6C*$uv8RiNdLSs4ctd
zhZuK-6Tbd|8XCM{?}Jm@Yxc~B0$SRx{4*yCr=p?6tR^(I^~n1+#G^fy!6|KZT4ArD
zuvW%LZT8??Hoq1r-D~KgUFFS<QJi5n!t)QTiDJ_30BPx}Ot}Yvf_tPgt!!h!;|>-i
z3ac@haW!C6WAF|e`V?+&iW$+$3ukxbbUpO5K?rAi%0*#o4^5$AC}#5jG-b;YirMlP
zrkGI?QrYQRAEu{zvbL(Bm#q(`pD{Ws&<YBRtX5#G_GoQYuoSEcvLNURimX@1W*n$v
zGdO(S0+JQh3Lc%@m76vwa{ro(DR`=NH_G5?3pKGrSqJezWVapa_3GGn$%bWu+3t<7
zZ1+ZC9l}$my#{+(FMT${3WGkWF*WI)l~6dL4ezzi!fov~lkTZvcaR=~G7Wr+3$l4f
z9@;WJ79islPUcK)hWXKvTrdQ+8;(OAPlRWWk7RM39VnP69T_qqjBFWnG~PN8jE(FZ
zDFkEVJGKT{DCux2JvNyM(Oxj#e|Ba7S{nQIuIy=pVgH^Wx1%_cFOFL}tyswH%oXzk
z!<n6F;}e;&@$_I3s(2_kXL7s%8E;Y?f_q11H!9}FMhZn!%V~QEi0EWLw)-HT8N;2z
z!I3;Rd?<OyaR~GxbaUSNoX?L1`NH5J42aqTJ99yP*GOStcpQQqN`1VDvGl_##r&?!
zb4<FP<`bvo^_g<Tlvl7NI5k+ETV6UC95iVPVS3WS^ntyz)1dP!hxO}=5C7|FPYZn;
zd#6|CXQ&5{=;7(L)um0rAkw6(&}Wy-FR!jmFNFInU1_>=1`4x0`&6{Bw6GAI0>yR=
zva$y%%jK1oU2{-r`O5T6Iq=diD4+{o|Lt9aEH+W<WvB^fyINVDp1Ig+c>N4XwmLn(
z2z|JK{BbbJ<Z+ZV4xtX61ccOG3KyoA_m^?D)^2aA)hj#nW?^A^wM@PDTr<j9+qZYq
zzpercb8A7mvK(ZWE(vlw&9dcbB&ui2=;&N@i-PYtB&q3UTvU(*o?j`4bJNhe3-*>n
z;odToIi5+j1m_<NkXW8yFiCxWke*vQ5R6W*PG3B|I30`~nlZ_ln_f6@Xt}&t4)ELs
zdAYV4%&o3gR<@sd>cN8tw;X~-U)x*Wf}x%Y`G^O#Je~*#GXB911W#~zJauL!Cd|9B
z{|t@c84>@=50B(>keYZ49{=Fe%n;inTN-sFaqJfwo(AzCH@GL8pTIip@hZm(tY}D8
z%NAIiLU?rA$W&;L`?m!E=uV4@2z9pBQF!R04l)K_s3LsZYj`+!g~dGNfh~n(g+c5*
z)|gKkA$qv%>t+|;kn6Q*kHXSvC|oiX+5-_6St8pW`j8l~D*Y~7VtUp3(x0_xjDmXA
zq9Zh^<xr6OwJbxQ&$vO8I`!(hH|hoEsF%Lb>o!(wRCaIdJ7xu+ghS!gs@KENQg&0n
z{g^OC$VA~Z=(tzM2$BY|w_Dc>PE__GA7dl1d<+WQ)w+iQ#zDH*Y-^$#`=jYj)I?#a
zP%AJV6t-bykO_wYkP<ViWU!Ii6(TxpYlYQ>@U-`h_BqWsI_27grC@hckaj<a7K}FI
zg`=}26r-zv!dgUMtwRX??#g|BU`b$u*g63*wlsQ)!VG|76c$4d%#0|^#8$W}*y-$Q
zY7;gi(_ZL0Cd9UH^wrvgYnkvyVO=u$i8f7l;zm%(PJa5_GxEKrP%#`Eq-A*V_H2(!
z+~7&W>9d|um=@_?mo4q_iBx1a(Ik?;ro5q3Ee8&P>Jz>FHtEo*PKrS(Sxpq^G<ss`
zIn1Cvx@BFG9r<4O5;9llUN-F>VobDJ%lK5nI^=y3lE&5rWU5oSXdk1qPZg|5udI+D
zHaE{^oTVXNZCRn`uD4K6_I5lb*&E<^c0bI#FU%=%<(fwK?6xSZ@5nIvV$$C3y%7@A
z76b}6SS&8P5gwYXrhj&_4?3)A%L}@~DRqb)yZfY@_3WhkbS95y6+lQm(^5#RqY)HN
z-Pv42iJBUL6tyl}`q)cRryhL>Fx3fbKqS~bEjerrqOi9kM{F5ceE4Gp66+WTCeUmH
zb!tydm`9iSglREwT$#fmV{Co3jIq4|E5T~Q39S|Qw5#HlC?u@q6p;aT-NolVHUj^U
zYM(Y(ClDa)?a)S6AVAm~Fc+|mX;-_$IG!f0$oeYy{KT&E_Vj~3n<_-%L}<bJ1?JjG
z=1B`!SX|~uD10gxAJDifd!)?6+}0Mvnl*v~HIYWQsV|uRcEZ%$$z&>S2km7RKw)9R
z<_vE)fr>?Dxm>h~!u@q26lxXKryy3*l!;Xg2g{U&tB16$F}GAK*NdB>ut`J8*WQeY
z#GO&t2LL8xdr<ff^Gwa6ACR#=*IRJ8UaV*96;l6pH>?<|;y>E6l&?WVc2~G3aC>~U
z?)hn*@+$^X)n?b!ER11K^H%r(kH;;if>Brp@ql7)x9DPp^WZ5=tGjX;1t?!PWIxF;
znt34#H!wWsSxw~d?S3wYkH1bs7qTwf4X3r2EY*$zpTU^n;5P8~DVLhZ=d#(YfhACp
zXc-?wM#=td3Uy$3aAE|8L&n&pT<uTMQngGDJ5?L($Ye7U_DUYQb6{d5hmSNY(>##Q
z1!qr=jij@K={?96X9HxW@b3cFiYbU-B8`U%YSs~aNIVf;9G11|i3z+FRV=54xo|a*
z;Tj0?JJVxhl<E0%AQ@b~7}^`My)Xe??$gB~Y8_F)_&j<7Y2h9Hqd{>j4ORRse0pxF
z;bH~ysl4@nP4&)}_Z4UMP5*C6UYr=nk7fG%wr&gTpVOC=XD66p4wjMmMGEo2{34Q(
zP-Au+1rjzqET^5ILpInlkuE=2v?OkD)>-J|%KZLCNa7-Lx2x8Alo}3aomf76jjZwi
z@7yqSVsIoe?ltme%Y`Cki4Ly>8y98+<Z@SvON$GK{%S&YY45(Z6=aB)mR&|R$|S>T
z(`yUJ@*aNKooYaay}XWWYHoRH2J#(A(2ZN3u@cTMl~*i%y|PxREG@5wvz9oWpYhq?
zSqRtY_C70oI3tYb4IHpQpH~l^3PF4k68l?E!GpoR`E{2qj@YT-r!Fm)E7L10TV`f(
zgkoWO|Ct+~z8;*twrE!OIpv}|>almBynVanaA(7V)AOtN_+V|dyzU+skPE-KJbO4x
zT*kmLaVzELui<&29PFK*#b*eW^6I>MaEWFsI4{^ay)b<U|347yEC)LeO)nmpUJl0h
z&jC!7FM|3G@-tB32j&-o!qVzeFf~1o4`&MYu}wOc8^ePcBzXTg{2e8pJrSTxYC~I3
z?0}*^tg-RHn8m{%Uc&Po4r?5KVQ>Ok9owx*bv$YoMqC0J%hHuY;{%g8@qyPyGkfe@
z2M%!@5$^6xNAzY$`VoA_bVTNlqcPVLe-30<rhjy#U{B152^k9!_I!Y+-La9;Ot8|k
zXzJc=IFL!U5n!LT9SZu$0vklW1w<5m2wO-4ni#YKp&f;7p-}s_cUpl!3bpUGzsrPT
z%e1}2L_eZypa0Oj4<8uY8<1@Fh203pJ$UNFz1{ElfO$(&BlV1JqwkFDcI?hj`|d{A
z8ql*o|KV_-*HnFJw+lcLIo*zrqOA&Y&h~cXcC0U^RIQk_oe_n*-{>Y^SattVFAB2*
zJ__xDRZ#d8wF~fl5N2i$B>AijB%7?J|J2arc8^{8!zPef?(x9oQvl&7_L`-oaQ?(}
z0@7vfNuz*65_aWBfSt!~ivk;j7519nHBh)SG$_nCDD3Xo$K4y8HizV}xx}#%H!Ls1
z(Pz`qkli+4DExDQ+yC&9uMGvy1=b~~Ayd0nSWO%l@qgV#{tUE?6qk(|a>P9tnD(_R
ze<%b=Q&`8I9N;BZxSDP+#pw|sc!RwHr?RG?f_kig#<9Zn90@qrNfg#F3hM#{fG<p7
z*a;K+>+j;E2R3-KFA9@f&_nh(gu;{orplxz3VX=0<09x4_IYa&gR$G#gO4w)dr+z-
zQmw#NZ3UXf<Abm1Qqr5Cg1{hMtv*uOXbVpYreH0V4NKa|5Zo2^aZMsgZZ+LU0eCh*
z2FWF~F)PT3I&tsQcQB;W|NSm$hGzrQu@GJ^Zwzf?SN_ZbJlw%i{~9z3jF?4XUGYNH
zlF&9RtR-K#VZlvJx#L3<2c4VR(}2CtP6t@w1Qs3x++Z!c3Fy<ND9klb*d*9vfLHfE
zx9roqc&dW=@qp?SHa>2`8=&@G3Ky2^!4*OP-fqI)YC;dfWXR*1`yjdOq_uwpf--mK
z9I%w_H7s6h%xC2-tBhWw@XFkacdU7<iRFNyz|(9|qDVXF4|70;+TBsu+flgJvR;y7
z*bdsbAk2N?o+_|jt-k+A356RaY~`Sr_b{2YRmi$yC74-j%V$9I2srKvd3->KQuv4E
zm~n-GU=}DK^rF*9aafxWj#dSQO$zj*4IMGsT7miPoD<A%oq!9tyl{^TtdQ;Y<O;#=
zbS?^4#l>Zl?|3^3|307e#c?Ox9WvghqumNeFmoy!p&PeFg1|;(q8{d)@*fvk;a+o=
zuqS_X*A8;n{jetB<S5*63IFJ38EbpZJGtektxcqDFg_HnF@Iza!rMdlfeWr|0^r*=
zE<DHCeP98*0iuY#+edX2?sixrRt3og8!Y0wFL-597fRpSLYHkku(0(DCwN@pKD4p;
z;$Fj}B3{GH+S_azQ256(6!vUqh1~!XY&G3SGA^SX4vz0kV>|E9KpgNmNYIb-6gwgD
zM=S*giJ!J(9>_e8WwJX8!@<D#7^E>Yzbmn$M;|C3J~uL$*?|rH@FkPg_G~aTF^;1g
z6PPKxGDW_%8~F!@!Tw@4jk79)nSrr11UZkKgz0>Uj5&Hbgrs+28y+H{8t@k~zYq?O
z>=-WM_~|%Knd}L13Uxdf9YN0BJ_N^Qn8!de;Z8ii0PVv2?6bLv^jN4#`|Nlj^bZ}D
zVDC@kGxY3WF^9(;pNAjGBI`bYl{c}+65}vZF}(waS@z_kK_SJNhY|yUJeok(6ay_H
zx4#p|3Ei`Y*>5t3M;1FW6YR;PC+vA($j&DpejWhG*n#BoYz`T1<ar?)i|!1?kxPF#
z#Gesa+_x0^Qv`NmAd-|g+;A}16h03JNW$~Vi__4o#rb{PeG`jo3k#K1%gaO6&lJ71
z4@Qth-;ccduJn*gsc#Q0^<7?vMqdt1V?*sCDUSDA>KJO)pBnM+j&k-h2WH2REQiuv
zDL?y}ejq{l5}X@Z3630d@aHT1apmx&jVmX)V;1EDmDNK|(ytU(Es?$&<jd2`GjoGO
zX(Z?E*~d<BFU}l-CicfKR%YhP2d2aF^77L1_VA?hPx487oH#iMb&gZt<;B@8hvoRn
z+TImN?=>gB&kqV~<(1j#LqUFe75W?Z3G5?)^z3Y5so-+#&quZ&Uktzz6*RU~u~#uo
zAltWRo{x_p@SM^=H$8vx%G$+H;|mxw(&jsHmK^H0e+<W?AbY*u#&StdrANlxr!jU2
z`dqjxc3V7a#-#E8#O$z@otySqa63;0r93`>WgH!mf*8hLjyQ?9Xb}YGH!Pn9y=)@D
zlHz~}eiojgv|I+)>k4etw)5HnYQ#GTWhYMU;D=qgq$74IC+46idH@k^Ar0(!G}=UA
zo2=!-P4@XPYiV)x1q#{X7^Jb?z0YUCpn`3GGck;ChAq!&aHt1^2%Gi>?7t?d{k95e
z>|b+F0DXv__CE9$14BOCqO={=KyX80(GVKhLl?TCxn1%birG4W?7el~pO{49EP?IV
zx(n51ZKA;Lg~AfFu%n$TKw)|d8oAd-3z^~zJ0pxMr)Pau3;NkzA!%tnvua+WK&e>=
z{D-+HOmSG@YCuHVl~YuGNKu+Gkbki^pmDo$3I%y~i{f@P7oD;Kw!pD!r#UfPR78T^
zQa}(wChAN&_qf8P>3x#P672RG3Um=RcNb2J;KH^LOn_}KNIbfi+-KRiuze1N?Z?<v
z-7yjr7yz!UCCgvC!u0@KyS*DNIfw+DyK;Sn;<DFJSX<c3>@{d$tBDf<HY#kW_L?<}
zq1euD1#X7Id>bRP2L}}9@GyvdNN%zkZ#M66Z<yKylh`6aE0(y&Yxn@c>}1J#gHT^6
zaQ?%D2sD>@2?{T(^R{7Q98RL*Z~|^?!@=88n5&|&cl)(~!cHuhx^^|(fl{1<vAKe}
zwwLV4JPMp3MQ5$R5K%a}3gzvg*#u(MW*W(Pca`=X@}CzWIqxO6lV^5b#QKGghFsya
z2~L5SXItjo>uECwOv95N_B?{;e0SSI)@g01Lc1RdGXNx<b=R`7R(SF1<3=9iN1Hfx
z?ee@9V(iL&@xo4ZVCYcSPQ&7(3wL25#ZG!)=$IEX9}0KjJ{duJ-81(f1!r?D;?Wx}
zlDD9R!hgb+cUHs)B2IRDyXAcv7Rub^q!HrmZN7%rqge80L_G9kHlfnpg*gSTkXprf
zt+4(;cUct#3A^%P0fnss_=$UrKtjO1hBI6ay2hZ*Y*0v?`@%j-G7WAuy?s%bDe(!M
z8;%bNxFU3Yfzj>mDC~Vc3gCdWF}RI&(>+g`EXQr&AJ#9E<#-9HbyxVfSnvWKPwnPJ
zm_-{F3MXRmu!!~{#O;Fz2yvJ5MFQPj!QKY_F=Ti=-e)=U9xL2aFT}Q!oG5TxJi9wt
zj+BVK&mW4i0v$A!4Tm;eZ8h;(2)qGH$vgy$+sR%$Jlbus3&5Io=)-#EpQG%!w7rI)
zZg2OWaNz0M90!F3d=zF)7{}r;3RlyAe1WS;d!K(?ghIC2GlgsrVwi>X#fRM~XK+iT
zK{OVfR`iLnJml^qHl%@x@qFH&?Lf}kw%%Z13hK=g*n>Dufkibk6q<s}?8dPQ<he(N
z0y{xn^vbqNj0UD5$I`ic03|pwKIk&%?o0<xbPSE)yhd)sa^Qmj4mb}(Px|v3$XEyd
zBXSfwp(SvV!*pgb??m$vJ>aE6uyxCGwj=}hWw_$fC6Gw-v*iFu-EO&wq%w|hY(1hS
z-N932NXz)>e+Gwkp~{w)r*Z1ny>K|?Y-bn_tIeJxhmxOhW+YROoaAr^9yW(g&H4i&
zIC`+U;?F^l^OW$?vZvu$U0;!#-ixenl;i!M&itBAb@}C)l@)*DHz=+=f4PXn>+&Ig
zzBr~o=W)sw-`JbSnT&9GdUk#t$Cb-vSHYcJM_277(|c=+dHeVHV*jDlGWO!Fr#<so
z&wkFf(}RHk$A;Zk=Hyt1U>?x0lh7`Ef8=!Ua(QNLc?AcMi#~yD$z#^WDV1`FT=Wu7
zVwm`hALej}IA+WKoUnUs9s(WB+o_M(d;A#o;`lQ@Tfo6-I{~sKz#;2}rOn~NrDbIA
z!yr2w<Yw^QzYAw@vU>qv{>#rFs4UFyJG5(h;o|c0_U-vOSbl1LW!}z?+c}$H2hJL=
z&f%EI{K^{6q`0HWSyY-UrkAJpMu(Mi_L0U64w1}FADk-=AFy-kx%nWsggh_yI_Tjc
zJY4#Zg`%$(;4l*&mJX++b7NRtc+Q;652MIuGX79AJ|sd`8mq%OKOWEAQDuY#OATX9
z<J*B=$3oB8)u`=_R=C%kQbwlHVgcl=6Mxvd5$lltwXMYpdmnNLh)X7J?aGHWQ?(`x
z@v*r<|FIu71q*ACvrc99JE?%rWL-)bf!1DwoV8B)1IrL9)`&k`3ytdas|$)yr4|%T
zhxS<E9^6fUB7mW=hk8g(C!&!V^H=UQ+Y0cS|D+az+DUlqGzh}bpl%5M8#$1jwiTNC
zL`X*Al&;SgKxo>AfWjTufP91npgNr_^jZrl)Sb-0PK$BbhKty5A912DRv<uIIv2B%
zfz8~Nvj9YolbUD?LxF`YPl>|z1?<#L5sq3$ADJ8XHmFbx2r|VVGj?CG!j+j3d!%h3
zCOk2`jGb?=0%o<sC8bPAS|8vM_8P`xx5M6sT@$GhcL$_ct$)}^9CUl39bvGMpg?0#
zn?2|)3bUgX=n@KZ49tvuh7av&8!PT@Uv{(t_CR6wuwmf}qSKDHnz}}tc0L5R9fi6>
z6?{9;=4NyX4@g$HJ=+RYLGss0M4Zq>)5!BW-RS)oc|toJi4D;g?g_!<sl5;K6tigZ
z)E7?3`qK=iR;@9Apb3Rp5Sd|99Vo05u)7%x-L#&;xb7>55MS09lqn2?!YNw+c{irU
zWt5Q<hCz@MwyhgyLR{zlXW9^`E)$J}m%Rp;hb2%rQEk?=jIeb9iFd1jP2FGFAzNIz
zo}e%Y;R|a*thzVgF7|dLe@*Mcse7z&u3&||!Jp-{!ymXQ+IQJhD0mD633%%e^sG%H
zgsZ=D<FUsS+z5pecF;ri2Cs+kwBjH}1*<@{+VcP+i`mw)#nu=Usw)a!uOdwc=mUp+
zf6!#5KM)4>Y7=Z{mwjO)a-ZthmjO*~qp;iH;4bDIkD3;IaGcm(d5MI?v$?1hHc0yv
z!3uXi0RJAcD`;x#CB78suAJjRO?sHMuVq5S+Cu^g|Mfu}TCgjeI&g)}7L=`}6ro;S
zCm_(R3c`mqJ?R#=saM$D63H-tWssdzbqC2X2R1rW!d5_yVth7vXxdW8=mb`t%`B$U
z{jq^qkU~?)Ci}#(8zhc@_$&7%5=$JTUntzM2lqW$`^F!7XN7yo{Km4!c7f$!f1Tr-
zkj2eV*c6+BMK|mN9`qYR)+Ww`tTlz_MuS+b_6B4@&^wd0EUc68f4c!bCNo`%1cuf0
zAL^M!tR`j<!$x6#4R!0}DdK~52_n}QPMZ7YZVL<c281@dJJyQb$ZUxM*6VSFousk2
z<*u+_2JVoA9Rl{*O3U0HPUiZr`q>U@+180YxkCS*Tsoi64Ns(T$kBf_FfcJ{=RJ00
zkg38k4ExSs5eGKxdw|HaZbc>vxnUgo2zF)$M<#c=e@6LLcM{rv_zUUkPBY^JU!*|o
zOMf`BktybIR=Qx>)!}r$I5BR*cLz=t+hOD4Ze)Ce+yp+P#t#O>j!E;(M}Py+8T7Ph
z${Gr};EqC%xO6PO3FtDi5a~F|vB!0)FfK`2oCHBm+RmRwHi4=b4{#DB8|>aWh8K6*
zr(s?`Lp`t9!DcAf;M6mNQ;x`89<(^`g1~-5!IG{{<x+9Zn547ci*R3L^ZCy$VP<)G
zaS7iEyVRXkM(T56_LyKuzI?`8hP^x}VG<4+Z|f$PDxF8x*Y)kN1P`Kv6|n;q?z?;t
ze(p#Ggud^9HRBVo?z?n{)34Dpf<J+R9{L<C-sXN*!qlrj1!2cA{-?tj?i|M9^U;=)
zwXeYyi~hiJaRrIg`F%LvjnwlIDQpM0eZK-^UWb+zkod+o0C9@i%j5D2`n!Z97Bh2O
zg7o4c)2cWG0%>}|;UVK{0r^?~I~&2k-1Nl<AWx?uHSI_Za=VN3c<d-6Ia`?Czju1^
z;57a*U!0mphI!9?a4yuPKjI%dIbr7^z;Wb#z^TvioteV0eK3M=%DEE^>Ffyd`bgiJ
z6pi4KV+~ZX?(+yIP_gh4oGgmiR)U~_ZQbQ6{T_rXC)WHYX3(%sr6JLRRc#4c#1te?
z{TuvQUW7G73TQNUxENbG!W&Yu?hXDMGZ3#X3AxFAg%96(vd!D1Ec#;Kr9)q=KrlhD
za-Z&_K%l`D!nvJEw))tYtOit?E3miNm5XcG>U`GKt51LO)6OYaZ;^HNg+*jsxyG<1
zSu6O=%KCuxEcP4wVjUuG-}tB(w%8u+%AFTP;Up=9tqs<`9_|V^1U%8(74$8_BBZR(
zxVo>;*l|_Z7)2yko!)f89|6<GfZVD3W4nkcQ9}r@7{3)(9agt0_-Y&mg2MWY!j3iA
zSNI)tAKqgdaf;cF`{FgIGkc#&C@b7fi(Soqr4EHv!MibJ$Q37tQCMSktkeqk-~zSk
z-j1!$-hj=<8nZKou5gMOy9Mlr-kRZ1Sh58L9Kj|AeL!IqF%VzFeZ&skYugtF;tG4p
zz!iiZjA;cLu>!Y)7Pmdde$fIqz#whAw!&)qj@h^8@CLN+M4(R_VGpy}HbIJ-kePTl
zQll=%3H1!;g39zSxupP0nFrW$WZce<BikErbOs%RCUZ*Ce+&!dXq&AS)-no=1jiAa
zI`xSqJC$G%mO+Zh_G^3$?_@Icpk3L(t#BH^q^aG^HD|-NfBQ@@3fRD=&mc6pz03cY
zf)(~I2qqZYrq*3e*@yYKGK1oic4ruT)^0;XKF-YKcWW!GF%;G`Hf=Kr3V-Fk2?x{l
zKt=hl$|8g6rKwwsxN>I!pio^EpNw@0J3GLD`#_R9z3G>{B~oFne4kURSSTj)a1h)W
zR=kPIGu+n}@myuA0foDpKLHLYY7*U!BAdvwXDV0NXED&E?h1Zp@54hE3=H{chfXb(
z>I&Dras0{+7=E3F1w0Ai(7teJA{5p@VeR8DY>C3xcVA|J$Jqp<@CjI#?8B95E9g^a
z1)t!?mE{BNA;IpA2w{z3_;x!y+u0ppXMg2Rd|&`p#W^g_aoNhXhiNc-n8poEtYQYy
zhM56{Q?PjYM32yvxg!cQ16HidLZZOiab<pB%NV1B6!nJ~{Ad1n;y}|##M(Dr;XO`(
z_P8S+2<uJ|BIk+;vYe|`L1Aw|n8y$xRc#U33Pg7yPAxW|u%&C_)D><KS-h~mV4+wQ
zJZe}g*d(lqU)^@Z*sAz=ZAXmVl}ls5IIi=MoHi7!e_xo};>xv&X|Trphh8Y$8~o`L
zXjEGRD4Zp5$O1M)!)`?WVGVY-fQUpax|Gi3i`e)~js|!FOy>tiM*Ja#Fgg<u{YXU)
zzcOV<4e~fVhzx9c56&qLj!e0);+f(bz;R+o$is&ehSO8Fd*eVr|2ULpI_r-F*m1^S
zEHhN_$=#jl{3y;lxC6=OOxh>?Is8V(2)?m|ZzW|WkhgWYR`-oN_pgZze#HV^#^g-6
z1B?@voeCz#@jDVObDSTZEDYiseStr_Y^NaX^g!A&yG19F^9B4AhC3^8<V-{XKhJ@W
zj&Z+2Fgaj~{6(k!uZNJ2{NBX>a1Ob5<HFje=r<MYmjcSi91|?BR4ntmEf^ZixG#yl
zpuCJPu({tya17soL(Xtv;Shc*VPGT^*thV4Q;r-uUa`y|H01(*x@_av^w?o3dg|eS
zy(rke{TWbzm&~p#6}!Z+9UR8F+|{|in$-2@3jCR295+T9G&-oT<i2INa#;SwejzOk
z{2>DOduS`Xz)9+bHPi1Qe;{olvvoU?yZ$FFkS1MTtt_o<wzC2#p^fL4w}j^f=WR@G
zT|dSCT;PAv;g|qfOmrK1-k&(YF@)$W?_W=s4lFI=^s^n}HtFgT#*nTD_)BgV1OxcW
zo&BU*F^wGe{C*q*UkHZrTZH@FSMlZ#>|G0X&O^&)gWTLw8A{eNtoga=ORO{*Td+gI
z=Wk4&wiFCa;P{LkLBUt*2FKi4-or9=APq0IA6@Hrzr2zeOyk&YwtzD+CUfn4FUmZQ
zq&U4>7@r&%w%>;UbpQ4$*Zq?%*?9xo{p{Ox2nX2fEpS-!57E`cEtWNOtjnoF&LRfl
z$|W8B2d+?I_IQrM|3yH<zkTW!XSVFhYd<8i5asY0wL40HUE5t@$1>>7eW5@POzv7E
zNMNB`C~QALfxu^?*J>bAA|9FAMNCB`c4D;ONo~tsg4x&7tnfcn0hw!^gGR8yAY*GI
z^k2^NUm1t4b+^W`Q+qd*1|l5x4QB%gTD$4Ee*>&*-SR0eE398g?b`bwAlz%nNVqFE
zd`Mq^Wt$4BxLh^Dto6ZvvWUX<&mZLLLo&>2BBELq6u7$yVRXp~Kol;Y>SZCCvMt84
zxG)C_3-VT=XHZT~AA7B6#<ACsLh^;b^5<kt8RIoPPhjFvIB^XrU^VR%cVAc)WOy-J
z<ncXpk2BZ^ZT~h2?W(xl9J{OSEyy*yzL*BIEB|W|D6AF8G&q9EYgf3RW-yfvL)wpd
z*k~b|tWBs6tAb74`U2fx{lp$>RcsS<qS+2qVmq}CVk9PmQ1~MRP8CApSYuYWH@FPe
zQ17VO6K&W7gYBod1M)gHA`?Tn5egd^M7K>Uw5KcZ5dtP>6a|I}Bbgk8J~j`rX9=`|
z&-tDF#Bm-}vEvn{sIg|;mHV_AGTS@^G8;Xzd@mY7N1Xb^iompEVqG%Ve^iSre>~V7
z*nw@GGWCbpk<+#OC_a|49+|;01Uwc~ZTr+Nx(r!nCb9=Oj0$O9cT;rEUc)-UJV8sF
z{zHD(>t}yj7i!Q(<qzRt(p;bYFD>B8y$|U_8xDR{!R|2b6c!}5ois;bk`#r_6AF`e
zrn~L7n0i;m`6$i`n})M*4jRO-s@at(G^jiTCtRU$dKdu=6ND(_GMflht_r5epwGto
z(;bl0HfU&3^v{&D)qpNDh6EuDZ8{p!#tJMY6!xHx!bxTnR>glmz|Jh#+x^eh;4V(m
z`W!lhx4FHgf?-?~PQ5~Z+ZDR!3#WRqmh67!@K(5Qc0qre<?Q*<AatE|0@L6NTM`iE
zPT~7$u&)WifY5Qy9<aZ?4;f-OGnS(pCN#PY8v6$9kF{g-hQg<f-Qy3g{QKOOi*aRf
z2cOcp`(cXAAW-M76`xbbgjr+$X&!|=VA=5q>n8-ZO%YN8Rt1gpxWd)&>2?G*tKmPa
zGT{zGVA9R)Av<lJO>d$tG;B_4-#KJ~zT-CL_P7n+W;ti~*WQc^Q{!mf><z(gyBj{#
za~j)!gWSGzh&JGM_HI+^mgMy<+EHYCAAY0{vyEkLTLB6?w`AF5^b5<?dV+V2;zoE<
zF@Lh-#<;r`=nD#`vHRT(@Yfo_*<*VfI%{p=>$di8zvl2MmRZBTJczloBgNK;+i~pN
zgf;9xXMw(VZ^N|0mPjJIUgD^rbpi8f-9u!w`}i5e7es79pm1G>-Rw0a{_S@DGey|m
zz1<&dGbwLPBmeKEJTuGq-MKyf3w!Roakyg~TQ`1@&Hm3HW<$1Y!gLEYZ?SN0Fi_Zy
zgS1=lMZ>~ye)ksqHe@9I5C6J`rF7kiVn}oQe%~N}sm^^{F@UqAb9gGip=8v<p>O==
z+eqFW(ujWgA~eN~BsPAe4mn?Ut`aTcA;8W(=f?9z`%x@hTMm$E?<l)%nLbNbPmJ5I
z+#(IV!=K#PHE4NdJH4DAz?T#K&vMw;v<j$*uON>5AE}$n4&&EzC+!Ck0vsfXexEKg
zIWUS})^OiJ+!`D?6H&m=MewTJYrolBTn!gDg(oeZ<i00Zo?XE&tF6x;SUV7XMGgl8
z{vT`S-X7I)t@-`$WM;lYXXYS7Y_P#j#)sp}(WL<y-J+Jjj!AkNsX=WdwbD`>@Zp@#
zKEL0)_HGG7NS<esC)T2N*RK1ndh4yVRvGVun}%~N`7mk2;oEyQ4GTASxWwzDVckaw
zxvUL;?Ke3(x2<I!`T_Va6Y*Mr<MC6h5-DPQamb+0zHI(wZx7cV`tn%p6P6bLy0-Wi
z_Ki1scYD{HA5ki}3)sht$S0T!#u>+9?<2_b7Q(-+h#cQ{L;Th?hjTO;EJ=&|!<?5!
z@%AZBme276@|ITdB?k}oK7Rd6e1XicI#dJXRx_BNHjk;`cXN#J(6xAm0}LF#z2jg5
zKhU_(!^X25F<%h1)8Bv+#}~;9ytf^q;(Y$%7TOfkmuQ$Ayub@{@!)6`Z??Mw3_YWT
zvRdv$P;q7tF*-)Wge}CA)n@r;)Iit<tc`!B#5#v-HpXXg-OUbOJ4V<LPW*X*0uP>>
zPtMrff#<>Rs#fehV6S>#a(iuMV|8OaYQ}sSev8@+s!+7h#VGSYiS9?c#PNL(PdFl3
zMEMmhUJg5C)R{5ASLx&K19r>JDYIPft8eZ;`S$C7|Ly<&ua9s3?$f0=f4K(n`q97r
zx8MBt|M5RR`oI5+O$Cz<^O?HL5lk(F#91Ynm<R~~-F`471AdID${-V<f)E=H=UaCn
z%$V}${DzQwVXwhtDt(@3p*z?|7${v%H9(j?Sp}Ro6{ZN~qG0hiCZa-4k!&lpB0*?j
zf{@ry=Q$#9ge`|NEW#yEYTZ;=;Hd#y57DCv&8AX&8Rm0;Dq<2{k?aUKKTpJZI}<tF
zR8o}jBt9#-Wrn?3Qj`xq*6utEc68_APlITH({@&Xqh8<UEWkpR`W$<V?A@roQTDSO
zqOKgm8#qNwn%v)53uM%2a#u_`AUh5!V2FJHRmJCAP=2jl?iGaMz!u*t-ED+x5h7gr
zLl$pC84k2|Le!sD5&KXf{Xerv_K8U0Vb7BvKqtRtF9_zBFOyPdwF`WpHf|>=sudCH
zQv^f-_zWUTN8SjBBK_{@K~Nn*J<mK6AWvZzKe-YM_$jy{hl(O9C>r#UojM&vLD;4U
z6Vrr`RMhau!$Q^|eO?FfhhYYeQey!>LrcRxe=BWSgcwOU-wMzhp~C+eyy~2oG-WZB
zDw3)l3;~3lrzWy#GI(h>$b9>WomP;1`Ku7~Q)!8F>L=Lu1;(jGszV<!e;$TM2Fwa@
zKw<HB0%vYD5vBsA>wBfRiI7ef(3>rLU2{Oi$>Or5vq*&&5y=*2*Tm}hfWNjX22Q?R
z`Ug0QW>nCK_5vCnh5vJO4u*B#0LHhs6}*O^HQ0-au~18P*P)<oWYd=-qUKNy4Ppwo
zuZDJ0;0xe?N`h#WKf*K@BMahBKJ3rTynLR~zS&chMX=;L&46x)EsQ91&S{&W(Bpjj
z78c;181*(*gg(S?qV)m4GpZEzFqV+TMc}Y5TME?gXna6@Vf2_u5Yjya?dnH@$gZen
z28xw!1Hj$#@!gp_ro<Jp#j2M8^Bsz}^(m!AXAtuFDQu%mr1$|(Ht3oWL#my^DoD|Z
zhh}$Q;6r-JDCFS7`fi!u?NEek0NE6d&!+>;Zz>FmAbh_AvJ76&u9jKA`KDD4vAAqT
zZ8;1)0%wbG63_dPF<@*234!h{D54En3PKi5Rz5LP7dHU33nED~8JH0Y)HFO_aZ+Ky
zFbBp5?ZV-a<Abe{Rbp8(I|hrdmGZwLp-lXAg*_A)PmN81Pq>5&5Fw4anK84EAt95k
zB~+H*cPX%0)~T#yKZ93mLsMa>(Cjp~V+-K~gh-n1vk19%Faq;Wn^_j$WcdPbw`PUI
z*z8?#G7Y+jT_HLhyFW<Di#O^ri8bi|ZqLvj1FZb8JlKS!$JxQVS}G#$z3tVF?Ukz@
z`L?!$+R<6b{vf-J`#_x?UFtnxqA4RoPUi8Iry1eiw!ZrU-@n_(C*HjuhAO&nE}#N;
znHhrfAEO8pZ+;v-RC#w|PdMlU_u15=j*SDe*5h<3sea#SX!B}oC+H5q8taBcrz#73
zz<Z_7sy@ptoQ3pvn*DuV>u73C{s6t`UzZCE&?Wxu@TxKHT{>U}UZU-hYfctEMaILr
z24vQoFO1pX^y{(`(CqJ;)`^Ik+4w6a_{(_u46oDIwc<lxV~RG*7>+rbEpG)TT}U_7
zlmmEqIxWW~*RkD0UnGy8_fGKT0q9ki1K-(s{z>ly{pw?I^0A&xUXEtmD)NpAB8n>I
zZUhjn=5$@e66XH5&EyaVB^L)rx$))F*E5YYogJdTemKP4G#e*eba-Qm{`{Uz=cl}N
z^&XXGV>&|Vq<8I?c`xcd-ARcLMn9vMqxB?Pg(z4j26`ixn+u=l7KLkAIu)Ap=;jP5
z-&=<s*BPqV7qB0V^<D?~*|#otd7g|<rnA@J{HLg!;|1pGA;h)Lv-I1J1HWpWEWYDW
zu-ho2%zxhHWe5C94IT5x`Aj=Vd<^1VWO@F4j(eGfw$BxxCx64+N$ZOH|Ht)8noq|o
z8z-KUoa?aBEzU~wq`8kP7Mx&TpiTbp$Xjq89!-D3;4&tg<I`q)HhIm4=e!x5u+ypQ
zX*d(XA`>^2?pWNr)NZ6x*2!@P-#kCIUa;eMs7^+B$kFNL)~7Y6h_-o|Cv&v8vdo!W
zOGwm?-o1)5y?iZ;fr9B%_J|OBfUx%*`?4~z1Cf(w?@@o9KyQQCnP=H_<YArPdxl{Y
zRt+X*1rx5qBmr!`z*3SZ(K98KJxdWxgtV4p3sT#RtR>)a6Dg*V9f&ImLI{mW@!%cv
zFe{|n67yk+@u6T{5nC~Ui7OXAOHv|Gy&=$xFR+g>W`P(L+pRfzFJ@GvE=?r2h!C*c
z1{m;{?S?VxtQf*IPFPsKjZvz+Za&NaL3Tj(DC?9-6nhXGKsEKH2>Sx8kRt{J?*SPs
z3e^(5P%W27-g0?#0i~91MIr|78|gFmTL|F@35%sUns6`1nS><+UE0!GGg4=*8U2mc
z^f!u0i>rO^du*{tlU!{wgkuIFscTWFI}L3rw5GYc$Do>=5g1dwaY~J_Vmb{mL=OHY
z7Z_nio}f@M5QCk9uxr_4WLp4@DWqNstxbifEPq9o2)B+1N0%b6)gKDS7Q`i<1{LdY
z+Ta#U4RT{JYN@Hm3<^3=!Ep7xGM!+5VWklHDKOci2MbW%GChHy)!5<*gV=~TG7+^A
zq0<aSzuw)6?=fm4qFUxA#rl@5FxnY*t9up8$MJ_{hwe5Cr*u{UWbDJDKoQvn75ZiC
zkrxW+x*stW?d=qy7!dZ0=L|k%ye1S+IPOF!*#NxhreG<jJnk?E)G;PrGX1I;FP>&<
z44F{us!`<;BqDOaP!8+db@(jy69`-1BZ%5`I0nIKwiqH%y_g2J8CHa@b%Y>-?E%Q{
z0<gLBVHr}p>97p$TO+bPDL2=p!^eookp-yST)A?_Qikp3Z=D3(mii!6Cjk#r<6<Fn
znQc|K%M&6Sk;Ke7CR+j95}@zC8_}wv!^s+o=WLKC9qN@cmKpq9B2C1G!BEW^h$L2f
zL!F%Po|HCGI4y8+!E8Grxa*+GzHP`-AVA8*WJBPW;s%2vk(LCBR0vU+yn_DgE6RbE
z-?+c<{qr)|Kd88_5(4|X{XzJVAnZGK0-i=F{Ebd4;fN*_B_T!wc?0(os*MlE>o%iD
z0w#u_&l%SFTV<%TYflR-5fd9V*09ool`mNj2olOy<pBYeb5Bsh!9ge$qO+F>fu4QH
z%xRkSA!uf4X&LM0PK#Muj--vkHpAaC6Y$rIoDjC9J_Zwm^=<`c)!=8?f7Et{kF~no
zijoW(*ns$~w)*(kT3z2+-cTbQ!%Gy=HOtJ+FwNRN<a(K4HlT2{%LVqIL--Hx;gqD*
z#Mwvq?#5PwiRb#gb*kHL7Rn+MZ690+_Sg1h@4Y~0dutdKdG*UzP$UP=$AdPG5ykI+
z<lA5ugCj$n7V-~{40co=M>Rdl<HOaR+jo9{8^?lu8gA{&=D&W|900DSCzp2=mJ&+g
z&H|^0b1!V^#q;3p9$L-kQ`qPUt}zxKug^!5!yXoSFQ@ZkX!Z+yQyhVJKj}T?-W2XO
z6s(r#LSr2gS?s%r_rXJf`&;|N?q-zk3LA_o0rOzwcdo;Ua&~URnce=p`J}=8vs1*@
z1qpibT~Pnr@n&*mOYuR&(3pVc?nXTux;wf32V9n1y*Y7o@Ynf-9T2Xt%Sp$=q>>f@
zG16?m<Zhbg+OwwDtKC9#F?xRf_L)Jc>mN5W(D%<{*!Gh+ELmI>**PNwmtSum-e^q&
zI>;Zbd9STG$ISNT_}McGw78|_{|6f5nNVOX?@yNkinrJh9j?}GGv^=BJE|DQ{y?lB
z|MKM3XP@1C^6EcsfA)<3{pX*XH7rukhs!VKvw73Uf#UQG<b8ks6FadBQTMr9vf+KL
z0f5TxW#2h1(6Qjc@rmvNFVXZy|51Nqab|$Y311Z-J6|&AX(I3Y_pt-vn1LH6S8zpi
z<-(f9$-_cTzXRZxw$C{+0QTtVo0(L>WX7x<(@9h+cnG$00`gRVDOBZp<{`ZWG8ZD8
zj{#uJRB*y^>dmt3Yv5Vqqf${K%0sm*1Js=#RW|Z%&I*|IK<If7<in(?4-|@``)?D2
z%1H?HVyF<Ub2A9rg-&Q~2oz{p5r%*@ma7yc5U%^`&HF;}s)!W5j&j|ESlH6a1XSms
zp}c_U)Z3(SM8L`*(#~HC$2w<ia*&HCt@hG?k=-YvkeZT6zri+Zz(w)E>VeyomQ-{@
zLfu$7U6lmbMqwQyQ`W13)UvFQ`z_kGNeGpXzfjLwcN$+pT9HkaYV*ddD_&TW6GG|6
zf)xm6wJ+}ehKY%&$sAGs_b7JowF(@RwY}KU<%l8|hhOHI3=|%!#Kh|Wa2pd09laSy
zWJ*Rix&i}>gA`f#sSybHHkd`>3pGZd<ZTv25O9DTfxzf;nxh&#1=DVT9uYV*ZUoK>
z#tlV*T@{eY!JBz4=aBDK547OEjUk^@N`C`DYw>`!=8Z4|5RYjUdIDVp&&s9pka1v4
zSUq|T;T{ViCQ>lG^$B7=2wqTqh8$qnZ6iRg!=toBP;1VkVwvmM4Vpcmvo;oT@1_A7
z=A#u2lbdLm+!$GoLdkbB1?%QFT8g$|-(wv?zNNh$D`rA|9ST}qLA!zY?E`Er{pLZ%
zwiM)h05GW7R2a4X22?R70NBt&K4L{w!Dv0V8fwq@I%-R1RQp0i>QHBHd{a3qp!Kao
zoq2$E{Y(($?Jq-{nit<5s{y|DLe+6gL`a~eFh8)bO<W2YfZk~T*LMrdO}o%-HWuAx
z^UzV&0ibHL*0!0qgLe4<NfQWcsfE*28ti6`)bZdwMA7NNaN=lUl5&fEiReKZ&k%)x
zi#Ue!;B8m~QwAN|oWSCGNPifj=@mfZ2)`CWLAGU-&u1K{SsP3}kN5%`Ok;8&;(PU7
zsli9HAiS1AzMU2jbMv>z5k%s16l<Z`S(->0>Lct@g)gvyH7%wHGpJeDsl-s3+Jcq~
z7-#At<oMv^)@1-uNSbsAu^8A8rL(3mBYeX65LFb@tZxrt2Lp+dZ9#SLvGHl}+pP_!
ze&&`RL6x)M>3n-#th~IzULO6Il}$_-FInUM_p5!>=kY_b*W6pi6*g9!{f#x@F#Z<2
z_(ew|=&RiRjK7Z;uJalIc-`WRiRC2@)}61{a$s<Y+q^9V2Lrh1Ms2wKk|0#Rxq}2G
zlj#6cxm@uWSKJzVdc$KOXZU^ybuW%~$p(YNdb1{}AHTo1F?_JMw{vT^|3`)|dha~o
zPDm~ZxdoRGCEqdk!0Lbf{7y53v;VTW{l%@%aC5TWYIF1K=9hBCKxmzvEZpjS=(fl9
zqQ-v+<xb8z9D7)Pxbb~*^PAtre@fi&H9!9O(hVPb&JO>6v-sB)P<-=>6YtRHlf$o?
z&f2uJ)$49=?lT9-p<C15%Xk1Ik77%Ay<=&baB*Vm+OOB@=rrB&LA6M$-j5>8FY|xk
zjz@Hg&RS1?txuJ+qZukG(CV=6J@3O|f5DZL?k>8bT=khZ8xKdP2iOVpqGbep?k>w|
z?_p#oLK+8<@)x~k_bp#5`={khyVZ*6jh<lz(Ayo;sjJ+3gUtb_J}A6=H#+4O_1Dcd
zH(7d%BWDsry$^D~4%e#Bt`?{6L3eX>uI)naU@|+H>%hC&xM)`5o4a#+(-!GP`TJ|p
zHXcyUye$3e-e=9X4Vd}btN(0P=11`S>!)nMXp2Lx(ZPW`IC;#TWHQ_wy&k`4cA}`i
zF$UMhS9Vd)<?Ws`fk9|$aPr1R{^hq(QTDe~P7@B-<xDMb*3nR`P0*7Guc2TTlXMpR
zGBq*Lv4A<719zR_6ihV;e**{$0hrNT(0~t2e*7&>7c?IU-3Z|bq;<Iv;EHUE!$7#U
z0%@HCnGanBAeo)U$t?75xq~227Z!x@2rk(G<Z%LVMhnmt5C|4c1Vm%GScJ`vX*HoR
z6SwQo5(_dXOV%1EXYj5QK1)vUG}e`tsLrXqUD4l)7eYAK>d)FVUF#GfC=g-T%e|IB
zfcFHqG?jvkyuF6kfwPvA`C7MqG_bH)R0|SE2&DzL#^e$kYRkf<t}Md3BU}YoZ3^oK
zp5wII8maAWe(;mjT}qk0M3vndsnPCxEUxCjDo5c}UN?8u{iUQ5ftm<oZ+Q5OXhW{n
zhA0<8jKErG*TZrNlmV({N|y_Up_i?s^fK@1q=dw%ckWkYJ>xyVuSvrzQ#pua7kPxQ
zX$wl}K*qd9CW(+Go<Kz~J-K6J<KxSBse2y6!y3v62K(CPh=5T}H4K%atioK%ORvJ>
zluI7LG6jcBOOyh3sz#X~RWv4o3L^s83+(}<3tjUgzqJbJVa`A?0p(@PLEnhawo1vF
zU5R~!a0`JDt>LJ|E@0ISo@TwbL>!bv<YsF6)J7lBlsp7TTRrhK14WG$QV~y+CWG7W
zfsa*wP?4A!$$;lT?$TNyBvcnsFDXFCis&#%8=DH?*@qdPy45qg@=gdyEB%$ywB|Fn
z4CM)2{dF^kl{5o%f=cA|+LlNxn=(Zgy_REp_~pRzV&uWq1)+090<QKe6jz&cS(pOn
z@+>1BJZ%RFtLZ%2RL?MowAeOZxFI^RL}F(2F<5oii4b=JogHK-8KtS}${<2^hL~A!
z4(PD5wYkB*AivdDC0OQl_+r04Xio<cn<&RG2-?pH;X@MfJvugjg7~UmWs7NO^~q@>
z6v-VApyP16H4QT-<fm-XK*a&h+Eo!THXdSQng-!mlx3z=YNk+c1r<hwP)0Y*v_Q(#
zO;D^TLP8vDDlOIQPyz$n0SNn+(PgKy6S2AqYQ{}Md5bPKO3mSVxi%Z{nkA`oKtyQo
z+DL((3mWHh)!5Yh$_xQfBy&^}0hSI88s4u~VSP#g3BTF4D|mV9t|GS8Y>u1;rJOB%
zyyQSD^K7NR_n5mS-qu0cg0*dpKXa1}XxD2p)Gmoe#%kv$rJSR9tXt>2-9I{GQs67D
zs%4?K)k~=boPU%Xm1wJMZ^C6g0EO@PANO)_h4~(;=%}HH#BW1PM?2-Jiiy-TK220O
zf5@dd#OEe;%=n1Ea9Ry4(5$cSiYyP?rOwj&o-ThYzjB;{Gr=`T>Oto>u*YGOcd)N6
zbDt#EsNVHB9B|vZ_ptA+dpG>!z6Pqgu-^KC`=nR&UyZIx>D0@84_T_Dyz?4ujbdH=
zS^EbMidMep@Bh<$)L=f!RpYbRV73=4-qx%1=gsV2bNTsa`TKdpCFNqtn4(Iimg|s0
zk8wcQvcFub{``3Q6x&lK>Th}~#}xR!K02MAzCM}G@l-AIsUpE82LJl&2C#{PyYVYf
zJmfiw=-dKXt^$GENd(Ny-Q1n=D2n9XBl(VhmN>+opoiXhuYRAV2kn5Z1ByPK`bC59
z7wWCLgB<@y&7V>7zbH7JTf=*A^qKMxBjLJA9D~%qdzJWLeAb-)G<`bMPtB9_*rKvY
zx`0sbT>b%XQ8%~!OJnE|VEiAtsd@6O=|6vs)h$-44<?uiKR<qbc65%*>(?hE$l<Lq
z9#!y<vJ6no*MO7)#t3yiqnzLtjxZVExj=?*U>jgN*oy<8{w{VJ>@8(|+XqZ8F<yPV
zyvv*3NzNS0WPor^RH?#{YjT8uL?(%;$XPQYQ?M|C6%X|b&nl&Qi3!IW!nDu|NVwo}
zR#-4FDNFn=DLAcG<XBcD%oK!hWrgu{T2sl_hjj$2U=2|xgE?D~-vFKog_wnlU^dn8
zPk}x-6#_Fm83P-m(gCUEdw^HpqcQvqfR~54K>)NYm!p!nQ3|%GV_|X8<}~Tj<3t4Z
zm!2)5;A-05G+|SH0l;D*5T=Q+V#P8Ej9CK^){E9G;c7z2e4wAgyV65KV9p6i%i~fK
z0VUfR3Q|_oLr;fA(0Q1(hQ-D905j(ytAxLmHZj6R5)k{kEF?neP*F%2OhbjFf)zko
zvxUDw&{P%>@d>{n+=(D;YJ@8YOLDpI3qwXo>YXCg>nRJXycJU$gTw^-)K*n*%A)-y
zqecvE6a*zxQ^Vh?NK&&5L_}aV1teSC{uzb#<85f=;9v$PKLMU;Y5qDk5g}a5kr^Pm
z)yZ%`X#8nRuz;^2$OdRFhbGlrA}RARP;}1S?FH4oeSw2#Lv<<vU^XpVT2VJK(nc1K
zw-^Yjdjkzr_ok`}6G5+{L^3F&LO#wQdG=?<to@n7?D&LAXlY2O$myK$^Xc0*4EiL^
z-p$uJtMDORZvhd$&L>Wh0L(#@G#n2F%ycuO!wr^$ggPUNqfX0Fg!~i~2T%@iiXde|
zf;0u$37hlRbot&Xh$f&yXpoc<%Em*E*@B>JVU)TY2jM_Nm|)#!&PXm?Y-Pm7j3HDW
zJd}`OHafx(9cMN;p7w3vE+Yzokv<}Rk|2{)I<`%Tg1bY1qv#P<rc~?^Etl+Om;snV
z^68sh%>WY2{#G|*BP1XZ>LiGgO}W|}k;Wqti%Apm8}PVgmfKM2SY+GG6lf=bnZq;l
zm6MU1As@m-w}R?15Ung=PPi!vN*xe(2!hurf*I)fkC3*QR6#*gfusXn>30gve#{{c
zQ1$~8Jd>6R-Tqd`dE(_f%$OH8lPh@HZ9VE3eqw55n@TAkAxbMF=E6c{lZMzZX6=8(
z$Uc+^hzR0$t|7!!NM#W&MeZvsOKH3SYg4f@RxZ!mRF>aSTR|HF1Fg<9vQs+b`jWb1
zycbU>>O*v@5S+cPd3g#(S{PYg-ogk^OPX@7?bRu*qJ-pekC@z0jx{2x5xJV2^*U})
zG>imwmUZKOFr#iHy6aKeyT`phoGVozhwpRldk;5!_(Z`K1vZcmmN%CRp%z*dgl>U3
z0p99J3@?vvLEo5MswaJ`1KjP4+&I_YEKQ8PA9ngQ6@_Z=RViCZKqme>x~n=qY8Ez&
zs!Yt#F#bC>i&xm;{VN*Qx5h`qXDT2Mj}GB53&H-TnQ`(xyZuG;^F=g+;~1Osn(~kx
zD@nY4TyK8cbjr{KqFp^-aKK+J{v~<5@T#qqBU-;@2pDDQ8Oq7I@9`#n0_VSJmT}*V
zO=IUaPkrc@N8IXtF?%hdM7?*R`5-+EgDcR68IE0KAzkUw(8&wC!n>=}v)AB19X$WG
z**b2XJZ)AFn$_1BE)F**r&Em#F{hkzGhws!V%iK|&nBY-5L;a%xVarOKlN*~3kr?d
z-Tb|d3ujerTW}Zjr|qE6q9@-e=MHxIC<;_4BqpDY6FA>I!Wo%)T-2p|F=i+QQC!y$
zfV}X6@SOYx&*`_T%Mre7KpwLQY-h+t5+jkU8vJoZ0pd9sz<GwIWZg76vjE>HB1x3B
zwoae<Fx8)>JjJZm=9z!H-7khScR(>;_*tvDX*zXyD1T@)L>`9d0=gw*G!v}}e49~<
z^H8l=Gzs%$O;|w_VnIr1r9!p`zd7r%vP+U6@=z@|LU;@jD%J-2c6lY^<kou9eoG~6
zmeSI4owG%pfFmRx2!#d4(29KE1wvvnuLb!PrCH>No<fLGzDIz}l#YPSE{{s-FbqnB
zRA1OfL3Fxex?m<UgCljVfE5)G>EAh`v<Wyg0+gVeXVa(;U<NdaQ8;d+!rB8yM8_4t
zV0IonDx$kkM}?roL?^SQ!i6NotJV-vNDx12hEgd7c?$?B-o5L4;ZI?Is2mPG94qvc
z?F82wT*y%2b!sIcDiV}pMbNO00)ZrNQ*?;m#H`g-)jQq;9$H*j)nF#pIWi(|b4R%P
zOR_2eF;ou_C>sL^4A3hVIYL5V9EaP!&R&N6GyycG0|!y$ALArCtYyk3K%{^OL9H~a
z+17Q|Y@C8s>p&IYl9I6oS_me0(=19{;p=<?v@RmW1vb(Iglt`)p)Mj2YJDOsEq|>S
zaFOOjRE#*0AXHAGi&+LkS}*1YUnm44hBN~PJ3}9)O`;Ce$Vd=E8nH$)wt^uufr1o|
zGFm*ov%nw(i4Y2qD}2aALT+?H;^nFsP-XB{(RRX0sxOeF9stR(moVN5Whm=ZB%$!c
z`snk8(gXotCb3eQ9+Zm~(I!Qghc$Cdj(h>d7(;doe?p_uAC}ntmLgva3|n|qy2UCY
zd`mx+2ztzirMR!~VckHg7ZF;Gv0LyoGcIG-g4EFqBe)zyM-3aanUVuKEnQLK2pbCM
zX(>@^FgFgu&8E)7*^d@aiz=88Nd}S51YJ7xynK-OphSOCcZmuxD4k5ejP^dlQAQCR
z+z97lgs-!1_??2M3_-^Ffg&oD4w0HA6~>ycXEp;lng+sR$)?g{%o{;+<y=u!15>1{
zXcM_rD#vW@L<30lwX&xGC<eBc#ivlw%&H@#OiiRV`6?AqR>o7vRrXVswRZQ2{KnK^
zAxqnfCULq&q<qDB6AFZ+Cukx<7M;I*3gFG~u6!33wyuM8O*JAjvYCefU%n57goRk%
z>j~6)e`19XhZ=R=a6A6-w@c@BnDF6}@6wYWNUc{!G~6wRf<RbM-P@t;E91Ea;rV^t
zlTyTC=VK$+pJ<!c-!1oi#d~%%tnN32n`l39af)T|$>tA3(BjUp;HFPNm3ysEk6??6
zT8WnjK4?%-D)bZ(T8G(5ONMl19S<L+z#tPU6U)yU|NP;L^5ud1z*GwBz`X~<75sOA
zYliso_-<!&&<r1LuYbAUwAWRa!oXj?Zr~xmY0l$6uZN*s4>B?e3vZdz9Zu)ioxM-r
z6?c2jn!BCJSRDE_1@BtrRIKTs>^yVV0W!M8Gp-0xgILQk6jMcy-m5LqcpBJvG|s($
zJXaODy=uI5_q<T9h~K<&f_Db4{`;gO=kpqtZ5}Kv?rt<sW_W0ZLwqqFHxKa4{A@DZ
zogPsLjJO_*^ySBqKJF|y=x;V>TrU#)Erv;a(b?57f@_XL$W@NT83Cm#9?ZG(0K&Bc
zo-N?)-tB^HcP?Y>WGg~ibn^~L^%-4wj2XlmUaZ3Kd`HrrtvmmCw$3-B;A3&d;Jby1
zl=*S$=c8m1;bY{l%ZDx~N`yKq?Kg0f6C&W#837S!R<<CjnJ)1VRVSlxj$@JtW1{M0
z(ySa2Y}*OdaUR@bk&e-Y1GENZvPe)c5V4acYj=sP51z?010l=@KEsGiotBn)G=dE&
zp(1+}Cc=@OF%dL}Fg6ckQlow<%>h&us(3VS%%UL>y6!?aRcq{J6>5b>IQ`M4*Gn+p
zseMZ3QmKSIisEg}yLjl4JZ}SKT($+45ykqkP9zjvSHZ{<QEG*=c4R;rZV?cco%JzE
zQxi(dx?2onfT9r0XLSP~Fw3`LEh6k?2+=~IU@k(g;)>9MEC}^m{H)QWGABS#8yZK>
zA_AH#QJlFAv4Ta|&=mO-9$Io<K!^_z#zg27K`6=#2-|^eg0EA32dat&G_+^<ya3f`
zq2VyY2-dDhNXdJM0I*X3@K~N_{9RJy&{7T7graE&c$CCcm?S61l#k`xo<TS?MU6r(
zwoVK#!K0x<ETOFgk`xjIDS81qrUZppRBrXREZ_W13}A@Kvocy@ijx>cBeEp=5T=`E
z<5OI+Jm_cSVcaGXa@}LOb8LVM1sjOq>oPT@4Z>GuO9VWONgAku_yR)SMz}o@7nTTB
zNK;Z_fUxCLP%uho?bKkUg}}9rI`CdGjoE0ZyG+dmdM3s&_x0kP5K(!>9k$S`Ea4Ci
zN$_6KS+ySkI*7GQgs6XDAW6~?06)=y_|F0&5~7(1IY<x;kpg!%Ki_<Lg(!b`rB4pX
z69E+-tJ4FztUXgt@k+q~kYUq`+^iOmf)>`No4J)^%Hm)P=F+}4iEs=7<{%Hx=xH_C
zM1E68nL?3*55;s5p^7=@aDqWlGyd9yU^$!6WA;2OMy)2=3={r1Fc5)L!1Y8YZyqwQ
zki0}81%V7S_4))<FO?ERKc$3ot|#ff2HK;3I&km>I>SWl1EyBL3U=V}374#D{-gqS
znHbM_g{u{&z-$naJwB6y+a481jmhNbZ!AA0D6n_L)h!=Fsrpx4a?H`Sr{8<S@3pJ)
z)H_GsXnW$6Y!`QAo_KdRU#xEEh9Pd!dfU6b-9F5rnx)G>Y~Sn7vHPpQFm7V*?gZfs
zT*TL5AvH8xMsA(Uxpbn?v5cK}W-s)38^DnUrP)H4R5FNit@<Wcj_8Fd=x)PHa&-xf
zy%uGB2N1T7-*|o4xo!rwg<iy!1jv*V?eF(?xVmJ2OFdQ=atylo&(z+hV5+*Qi@%tT
z`ZUAk-A%nvf9YxVm%qQ$TK(jziz}odoE`k!xzymRX7)6mmH&Y1BsVwDW~0{_RJ|Ow
zu9YvnFf`9mTs-7(8!Al?1K|;Gp-MWNU%E#7)=NUXAf#?vM*DGiJbgYqc-mge(OQzd
z?T$eFws*wka-y$$<EPrnqX^j^>vB)Yv~^&-HeH>Lj>qR*^w&8bo87+o%~Ul<4(dJr
z{p3HJ>o@-6KY#r5?>_$a&8@%u%abP8yg?4?cX$n$hAWB2OP@!x;Yx0UTfcw=J)i_5
zeHioI^l8feLYHwx7uhHo@C&`0gWhOG#!WV6LvV@r))~;4-*s-u94163GH&?nRz~??
zmrr$xIfJiBaK<+xS;$wX;6r3B4ys^&AjGukGVgIOQ4pR80mQ<9F-;^?z^H6Fm|}vD
zm?)Uo2>BIark?|44i-$4`GQFSQCKa9kYY88gwPN`VYX3A*Gz_~%|m0RT@af)N7k0a
z$Ku3-)fGcH^a<c&$uu8kdw&DQMP$tY%~@ua7-KNeFfD-Jk_d>!-w?EshsFK|>ahka
z2R;ldAn%x;(BR=&oyT||hk+nma&)tc$Z<C~#l`@{Sw)0-b1v)KweTY1+yHD|4?UgX
z#?)l0mJ}hk?TE6O2KA+ZYu`yozDZ#YDTAnwTt$7YAW3G!(2leW5n+I>IL9zSQ1k%#
zumHMDAmZOxk6eawbZ0~P9-WkjE@gCw#bdfHTo_&oxR;b6$&3h8q0bluiOFIr^$9ZY
zp{u{5O2p#o3q|lDBpg70dB{Rz!O-6{Th;=4ODyOMO#6%}esR1ZYzKq~bRax2ii<Zr
zq{u^1nxR42F@ZA-v3vph>Y+eamXTyAC&<t`z(+bVtt@3xpOeH8)`2CekYSzn7XIO3
zkRGH7#YNe3DKYEjHfYI&vd9CJ%?RO$Lqs7GE`|I&u%={^l++fSSr4g<p@$Af*8e=@
zGhuky@FoqiEF#iHUw~O6MFMB~dPsbsWd&?NfS6-Ps?tR2)DGbgr!VVaRN)BmUEtB!
zaY1eDQVpzpo2A=w)wh6f3#fx)qrkmbA9^hham{5291;;GwvJapn5jtJorWr?gcM&{
zYR<B5DvWnu2N#)Gd!bqpz@kvFQmJtR5QqTIbWp-W=G2#2i~>nSk}zJp{5bi=LE=%i
zZ<lvyfhmIo@EKr=){5|!dB_*aP7z@fQ7KD_NMfi7F#bH~Hrr}Nc*dY(5S<T6D<XuJ
z%p&z+wg|vX8k}*^mQ2y%J5k{@Ivs9-I9D(_=2CPu!p1<<u{RFX422B?aMkH|W*I`s
zyG+n2c-#-rh}4|P)o)vH84*2PYAXI@I&yMzA3z~E8lj2!Yg!85=A)!h#9qWFYbSc<
zCdU*)*hiNY{tU$}CM62OF)zVrh)&=I1f3?xtU%$)XdHPqo!`RQ!*g47pl7{Cdl(`^
zMCsl?Doz;Yz--tzP&`kleGNgm7}U;pe1f(;NYsKbCg^H}D<gY$tBME)Mv2qc_yEj?
zkslE>%>>0@5T)iBT|$V@z=v%1O&?)ewLl;OvJr_nP|rgkYp94{-3ItVDMrgdG5|!k
zK1?6`*UBO4S&Bj<SjVX87UEr7-{h*00q%Y_a7x<Y+xB+1#d-OHtSlcs-KBS{Ua`?S
z9b5T9-OV*_a~5WBkMlZ2rh=1p4W4MH%^?>vb4rdC^OpX_mV<{o4pcW}C{A+dzRfv1
z02oUrC`vpN4B|N~Y-8tR40w%;G0i(R*M8rrbguR9k#ilU?!rfgnS_=Ez3#2UfED2V
zLiNou^a3QIn@J1g$`G|jJtCLOY)wWy3*X)u>JRJLP~Tp4zZ=*TQ}tiQz`_@J3^;8~
z`?>RZdMG0(7(EBlVds-m?ps_K;;HwY=I6=mVm>-XHxste1Lx*r=*(}vZcwMZ2JhGz
zJpFF*uQzWR%zWZQthcn3qwp`W<d5kP#yEk<Z`lxi!cnw0%z5x_4n>a+f1ZqAate>3
z&rDQ&e)l(5NzOS)^lvkrle4l~YCUzyat?#yuebodKr!<ID<g_@df3`ZowvnHTRk72
zV&!wt?2cb*?9)5P4(VisFEy^2KEF6eb&~^kOryr!CZa2b3ux6`zsDi`DNfgP6-*q|
zKk+X>EZU!5m_NOAkbHhiWq`UVkKZ~6YcR(b<L7t=YjOMj!j)UEjG9o@{3p2KdYMa~
zZ%$5+Zym)TN{s+JU`O|6xGBECtSbNB;mW;xIOaNUo;*gEw7WgJGdEM)VRWFu*1@rU
zmW!kA{kZTA{b%f^p0j6w<kj5*o}nKe>8p4+I3dg7;9xd6yI|XLH2MjSn18&`??84J
z0~CWV@0uQr=9r`%!5icJtJ#B2#u4&Sv%aa)H6NijqOfytZ_#qchVTd`cg#QCv~~&#
z*@bj$@#glQ-nq?Bes}{DN_Qq)vBEqc`MgbP{>u+<@p$2^z`bnwLLkcH2Yv2fi67+b
zQkcn9MqvJgT6D2vj(3iPHO_7WjFk}afU=?oM9?`~4x+1}>O<CZW=hCFVFMy*)U~E=
zK=K>sNBmZbYbvU;03ck}Sigk>x1k7`Xa&?PH*7Wn*$YkSufUQN!-Pm7V36}LfCCCy
zG6|A6I}w&!%Yraz7Bb6Oe3M3AzK0i@Jj^-`zz}L7T&`Hbvflt=84@LxFiKH-w^_t3
ze4X_ove|=wG79m{p%x27_DC?wEO7Fb{uVYCB)0_SE?X#suoYngAhHc81vV<@G6&Yl
z2E(n7p)jE;e~~cz46B83`9+8o+-D?Iny}niLbuVm!h+ap^M~%y_KW5MSO|`(ibZtq
zU~EQ+f&v(YHn()8DnRpkgkWQr*d`_+y8!eoEL4D|6lA2JfoO93Q<3+gmPx48V1sB4
zQAl?ZGzvQj8`ch_;(A1&EON8aWoW79sOkVMWT?<*b$w^pglh$&k{DY7Rq!ZR@H#_N
z(97PKk|6@XX<Cv7;1{2aYFtA3tvFCHy~9uVZen$gfoB9O4U}`JC@PfK8E{lnF4-bg
zmvCw=IAJs7fD^x)CTE2S)dnVRqd|G`mR2_Tz*~VN<Z-H3bR6Z$_J?smEy3v45{zyX
zMTPtX2vwjgzaA!fj)CX`H-*A?>JNNR^g4hB#V27XNnfaQXoReQ8qg)&8xrz6S1=Mh
zk1#twLj;>9b11b&nPlH%D_|6O1Pe<m8mfAf1~7p<b2G_L^ff(#dO$L-Ej9o@aJ(o6
zbp}j?y|vlZfe~r}*|P8*1lz}D07E5Z;6UBdmL>$lCxPHfK7q3MqVtRq3ILH^2~(zJ
zrpELxqBa&l*Mz)TNuLRZN(l;O1ED07m&N0RoBF#k;BEDcdFVkD`OvF=`}C@l3cYGb
zqM5hF^bA+VUeG*Su>4lUbnS6P^L!<2!JVYJ$TUcosh6ZVh$*y9BM|~d`g)nlsRlsf
zP=Wl$#4T6{bsL4@YVNcjMFK=yTtPI|(-6wUIKuEZN^dF%1`EQE43VU%%fB`M{!Oz?
zn%v9L-mV9D>;Zx|ytiU?cNOb;u`M^@-N%k+P1ge)=&v>pFbcYK7|`AZed&a&Ec;vK
z(w6o`u@q|~l?Zkv?YLKCo!w7&!k?S>t{m`d*gRO@T&Ex!DS@|9T3y98!CHS;_q}-B
z)wXFB=RnNpI#LA@<6NM<pL*~>w*;HmQF~Hf=3JiVXP*$w(tBGt<Juc8@2|m)N2e7V
zFB}ee;$JEVM$f&27&&ck^*a0?uL;~NUAh5SKE-!2cU3>=>ADD|#w&C%7zX@|n<h~8
zaP{8u@Dkv)ID3Bj5;wS?hz`M5I>mkd8<1b8!uof7_AWfQdXRrr3-#*;tUbhKz=b}u
zFwH+Z2D4o%n|^iq&yN@I9QfX0_K!bqRS_`m_tL%NOV!j%7r(v9$>=#S3#0oE@9AEb
zqNr^OvgL;sjGoU9KBZm4U4LqTl8tB2Fv`lse#L3mO@I38_1cc%(fAmrXKy>`nw$de
zFW&M+(0_Gt1<SvCxpjF@$ekaQ?tB;ke)XzA^e^<D_H-PW{%kU1ufhF(=+EYXo(Vqb
z1^<Fx&(oi?b2d*PV%`~@ak&T`3^+FV>=-niilYOJ$4;g658LB{x=FjaRO_WafL#o#
z^x<&O+FRkfp!H(GsF)v*W>+pw0pDNU7o5L7r*nV3EBJ_5WnebLtulx`#%_~i_j4aL
z*A8#xh$1k4Fe1VgJ>$-oG{w3Y-)c7T?o~$zvp82cnO}@w>1g^z`%ZQTM?5>^%0hfM
z;GXRKU^2m)?4Pg=sV$RU&%WLHs#%$hj!q`c+VnXXAB~Y_Q?(U#VUKXM@M8YgNnLvg
zx~_8uuHEryfsdPg`~r`^2g{c$hS~;fdZoQ!ewkeZP@Y}BJMPOTrNHDZh|7EIw^xWC
zA|aCoD*CO>Xf%iJVxkJ+<D|a?++s>zD)hvmgG-bkpOt{6Pev0(5tm7X3yH>QOy!(U
z1bx?)upUzYP7rl=kp+Q}tAu9|EJq45Qn2K(ArN(f{q;kIs69ier+_q<d>H4HV1L&W
z^;RjaTL9CnBWK`jP6vuR<ut)FUF^{kQ@YwvumMm$b->owRLbO6g%PV+1iIQF{>GuE
z1!N&NTd<y~lpVcC2P{<x$s>SB>cB~|Re{(yvEonx+^IWjn=uilS@%ESugr|VUUmT1
z_q2`(oqTvH0{F_}Nhc&?p%rQ;4nX9JLyiIxC3+cbolHt{ToLSxu;Jv+C;}W{_6#5s
zvqMlI5PLy&=s!b&>Ii!lVV|gdY$`1BtmEPg-eXO-m<W$T5E|7Z)J2f71QZBwc@J=I
z$tX}zIirmCgzA)Cs4h4!juRjg#7@a5E}@vJAxan7#LzyrENr=QSb!iVAjghESWQGo
z^)j{r+dE`YLUx~lusKyprV#2P*I(bR0VvQnA~iQ6BafQs$=F0{gQ=jm5%rMb5-L!t
zYu|)oW~G&*ITUh|w)eNHEVO-cKv?KvFHsut-`Q%^aXZjIdxbK|AxG685ZPQX2rXpk
ztkTK$B*LA5h@PwwZuHnlxwTQ}gBKL!g9r(an=`rsOdpDz0TB2et{1hC4$L#?0rO_7
zK8R`7{#<<!nor!$s6q(u5V0Gp^Fs6ntQW#ohjmR3g<Da$vi?jH`Z4i5$|!uQB~s4v
z1WPF$lwfq{8HS2=r+wY)B2st^7_BrIJ-^Y^h6YKDHlyhnO=*Hswh?TbEt){SKv67w
zZN(AU|HM%Mrxt!?D)>gUK-}{RnR%K+GM?Pj{Us@8f}-C8?fI|^qlbNPW+fYhpN@i5
z5caxxl9&c#<iocaG8;vD(qsq0hsOpi0J;vW>U$N$FY#09<FWe<PhE<5nsHJtI@eiD
zrC;)fes?b<3!jHfJ%;!$6xp~SY#Pp9ozD^3SFnY&csN+_g;LGdgjIlFW|s=uxwaam
zfS2B<0X-W*xQA6(CB9#?ET@mSOmI?gQ^1fwq~Hu|W3o4(eGn;s_C;XmSX|{6Zs_$N
zyoEzrx$f{|!+=HFh8NY5EdScyROH5L5I38MZL}!5RT0+OWp+Wcw|9E1q4!&)x^57#
zSVId4fc|KGcMo^IqH~oqF<FCllgxwS-$8X{eGrZuZQo0ck-BUfW#5I0z`{h0BZ2bi
z+grwu*$=3Huy24`|KmofezyJ(^xfNPeV_re+Lvv|%xrgi8-3mf{gvJR;}1go4ne)^
zBKJMlZ#P`nrgHAMf8}aC9J2kTdGmF1iOes7`KMnuPp8vkw0=)>fkSJH)&QE{;lO{b
z<QuNL<)s%$zwZ6}2h7PzZ3PRnca6#33*V_2{;=*%xo4vX3dOM(8-q@%7=T(A@NIGB
z#TDlL;I+5w2|01&)hur|*RNe1e!_n@bX0IWeL0@}bD-t<ge}qJ*=xb&GCQ<WZ_!?%
z$VEkC?>3oUa4FvyuU%kGU^v9|Xf}mm#;Mo#@!@c9K6?T9983-mRe%{xP^&ps%Y_{^
zpTS<gEaJ9zRb8sjgWtB+xkd5{oOF9FHr>jV+;P^YON99PDvr5>qS@01hhFibi&+d;
z&a0#BkVTmZ8r!q0N9+B^H_NXWpc8b(*X<cGvy415vlH{2bGz7+c?Hm^femysa|4*u
z$y}7lWP&h0fKt#St~4UVZHW-ZH5mdBg2Lc8m~Y^eUDm~wC8Ebs8lY;mm}|Lil1w(E
z7)fx4gsY)=((Is>m_tR7#wa2Q5eNtxv$O;(A8Lw*z+Jx1fny#<4McX<3Ly$s3KCrn
zOPB#D-uQJ0iD)sVtALQvqOf`-6jL+6rP+XeDVKUF5upMhWTIbEv?*<2tILU#H!O3}
z#;7zHs@ozkfg>?B8<!%?mG#TX8zIRgdrWCr##|Fv#so(Q*GBRd^eOV*qu^FRtRc8w
zGh*4KOAvOYW^%r+x`3j1WEOODXC<dSFp~=;hHCabplbc4Cs{mG1=djCW}!3#1g%dY
zU3d^KYX~<AtmZ{A2S5VdDrU<cm%SU9gnR&=3LWc`A0ikHSVh6WnBo)!o#$U#Or%NX
z{O(|sOr}JT+ztc{+-N^9pQyjaU`U#9`Qb;{Yl!5AFeby5CemkvX_Xa^UeL@3LE8XS
zlV;JTXqlLDS%a!pV%~Mr1?kdW=(Yt8*E%j*O$_!g{ubb)S_wS};w<yFfgC;|M+L%h
zfbi2)SmwGJ!S2j&K`StpX`3?MM@P=S<`5+>u-w~jtn>BP><V<DN5V6x>OjO&?Ge#Z
z1O`ZyMVu=PmG@bixo~Q5Bj0>N$y>IWh&7(Ur!jr2^CMX108_S-rd%2~h|t9heHxZQ
zVA~`77NwFcm|GM@j+peZOHa@pVRIR>77SsU+r>SjN#YCKf|!^E%C{K^d1!0!TX{l2
zu_mDct+|+--26}xakT(;HI-^bnn8U+go8stGpf66;Za1OFZgZ}LQo{wX1{aEWPW2F
z5wOz-b}X;?n}<0h2B&PhNG+3tre_fu=3r70x6qXLz@~095CvO<_tje_2asyq7L>L=
zUszxz!q?e!QCtKqfbxjASis5<MOY%7VA;6o68@CZNH))86(m_6E!Zrj<jn7;Tf-dT
z*wSOJxiDW@9%gE5Roe-fYx8E_HXBqE={$s4GmqK|d;!KNpKS<_s1WM?c*}%QN~0X6
z+jizlOg?mszX|Xo9?5BU*DsWI2tJ4~#A<n<4v<RI#Fnk@k>H{h-Q;fcW16<mA-Sib
zsyDx(^~`n8suGK2ac#7SBAJ|<A;hSil19sbx6Jq67me^%e+s(1-RHO&ifNVq$Q7Tv
z1!C1Jd8p3w@*1x1w{gLxTLuX4qM^X7_dQ>32Hrj=?Y*}vv#sVygKypNPOw&Z%ty01
z^cC0~UYmCog^gxNSgZXVvK8JAxgg_lAFS^=INH(PzxQRcnOn%B1A+s91N>h}A(n65
zIKIL?D%7cbr&MUUBp4sw`XE3C-;Ft)4=KL9d$0Fi3S5=xm*dfk;n~HkX}y89zHVDz
zV6Ae*L9TRDOXYno!M^(H5<35-fn`^N1Y~(QK7hPF#&|FKBjr+|HJZy!+BmsF7vX5~
z{D{l0k1m?&(`WN@lrPXYL2KiDyz6Ce;U}+p1gkbGl#9jN#i%!lXRt<J4QO^R_<Ab;
z64o+qdYfzOcdu>Uy*B7wJM&&?5U2o{+ofMO*T4Pb+Z*9nN3-YWfPR!jg5bYy9;2ht
zi#E}d!{*5v_&5|S@c8ohpof_q9&Neq8D!gR&Cic;_dA&#%`Zm0uSZ@qi+0y_6YT*M
zI21Q?YD1v@&cNye!1?z+cPpYr#T|>$Zs3z?uR>$a-*MpO`yi%wq%g?7=io-mf|d%+
z%_-;8bKnxNli7|rS0M<K4^@<k0fHHUIo;_6(BM=ECmQS)&J6S^B*4#rUp*kS2u!pQ
z4aKvPu#*V|QCKvm$FiD6sYwmt)Tyd8C6dlGO?(zIBO)YDM4^Uij%EWd>jMgP78Hg0
z9&;OW6=(eN2I@tdX3b;ZIx!2v6L5sn5+WBmfI_W0Yqv!ze}*8=RGoRu+)+^Q1!q36
zRpBQ<X5bp@IY~=)kTmO2^ay}jhVEV8rkpHUmJH|^*alHS0l_*}8et0}T#Z=-g72i+
z3}qz~EYc0Y!#sp)_C1zrlLj7|7@5;NQf^H45}HPV1u<J@dlP#ERtW}_kq{VG$j&5G
zzXjY&VUmgp3Dg~YSiI(*>kq7tI?b*oyoV6eXwk-R4>f>~Fh8`I1rO4jlm)R>gr=iF
z2tjehl|&I&)?a=?>)S%B#GHqNpt)LbVIY^t0O9g0kqIzRU)dKJd-Yd93B5>xU^fH6
z7>Id@a*z+R=+V#?mR=5-TF^+!)As<6CdM$12p`3tf|Aj~1Skd}a%d~0EJB?K#ct-<
zTV-w&qw_2udp#3l!^jY#D^&eJ1o4*YEa=gF1EP>+He5PR@L}oHsN-Oo<(5cc(hzyJ
z6=T(yY$HvY*Zd7|Lp28;ca)&P3CWx(5~5rH%tDrQzM;Aq4E#=EfdJuA%j^mj6#E>K
zG^`_nybX~XTxk+UeaKYGFCW5wQqcU+Y}Q9BJF~5;<zUAWDjdUlZGF^kpsoNmhX*3r
zmUR}*RtPhit^iH9hhVy-QvO&NaK(;-r2Q?o<udLnlnoRi=RQPfGUOUTLg7(qY2SmL
zQ<MWJL<)h~oVBIFeH~FD1{nd7n<@;Holdj65Pqx7A^wI&ydxY0YX$;Yej|-wP^Joh
z%MOUa9(YFI(V-OF0jn7u?T4UIfTa~E4zuiH0HS`=%mJp4C`Yq#dtrzoBa&8~NfB}!
zAcFju7|eighcQ9}*_C2dL-ZQO6RZZMM)6<0XJ0QZbwmJjnMi_K1By#Moe3|LE_{rI
zFI5gzo@qFQrl{y!)Nk=pp&5oTQE9O%aXbcuO_EHXdB&W~PvsH~O4Y?8+d=+BjeDOo
zeB=yXz!N-)(cKEf<ti5GtL<$@mv(lj7T>$q$59rhcA&4$MFJiA0K>R-d`m-lhWYGW
zy{DlUSScBM-}`}E9gX<#iYfzln&GJkZ(Ky&a#1H4E+}TSs|m@!_HwQnZHoKD4b+?a
z`q=bRV%eyHNONsHI*!_CVGP*kSVVj&-o!zI-d|CS@D>SgC>}ykQAac)NFkVVXTAI$
zaJO=Mo;?k$!mkx@tx)6@SP2@z9n~%FbBIpFaCdw@KN(|yRyx3SQSk?nC3uX(dd{=o
z<z5%M75sdH&O+QF1cG6*S2q=_Lot08AF}EcYdePz*_-dGIdfS9&KgjVSX^V)YBm48
zYs@+=-sWub3SVTU!Tck5O{^I|w8scNKt#p)?p@FxVT$pRdY{f;-Te9Re0q!j-)^R-
ztse7R<ZHcsJUl&E=n$xqQQU1^_t1ZJa6CU0$BSXD<<Z5-asTuJzYy*14%g4FqpW-5
z+n3j;vm4(YzBwawefVu%`f%ghH|JxZ_{E#+qqE8I+c!|9Kf_@AFC0~HPxQAp$n(aV
z3tT&#z7g`$jkDpm*C&T>_@RCK#v8AjzCJ#D<F&)%8*iSXWImp~8KKlWopsl>UD4Ax
zZ?!y1pX0pwmG1Rehq`xrA3gb~cf!?r?nj>C<O0SR)sEMY)}^4pz$4172B^)I49&Z@
z8~422xKnQU@h-XsXGdV_mFd~^WcqB%1!$)~!SlBFp6!iZaP<TWy{ZBngIrNGcpv>+
z&n_Wyyx_Lxj*`Br75v)p5yppSt<Q?`x<{BT@lM6w+urYdrQuL7h-wMc#1yHP0m}ii
zt=xws4#)^N;*<>XcE>FJ%R~$07J>=6c|pOni*VV2TM5ltj;4U)!N4`!gU6lN)jl>R
zOSONC{$)aE8CL6<DH0Yqd?|>{C=d<IqTp~rsGiiATD=f04=dLqh;T{~l+5B!6@cn$
z1fqH1QmcZoub1W_!WAvY()?kH_nHW6Q#^zGu%WtkRDf=U;n-*sL^cE%z?ppcC6XYv
ztfe@JaNShNI1h8`iF@9p$@*+T<aZ+UrKJ*rwSpER#A0PxsA#C#+5|}(Q)8OTRY!)H
z*I|flQbf=`ZA7+Sq2_O3Wcm)_>d4wH$Z`qyA!wiaOB5#rFKMVu2~jG@!yFh=gJcUo
zW}4Eb5tdW+<Al<5U{$w9tdS{__$8s-c)@ToCX2rnW3i+?0sY2jEhJ?YLYH3z<>IfK
zErgUCSjQ@h{HciGo`j|Sh_6lty#SiG8Fl$9o=1?RnhE~KBFt}8K+J#;PXOz!If97b
zdE>(qo4Ir`<)Wsx6wuw_Auu<Q^5?1`AMm+j5fMif>@R)DxvVi6ixe7iH}F?7-B5vH
zL_#6@R6<B7p6EgAwu5RSrV>=o01b`@HS&n&jQ|xJ%Fsl}o+3&$A+GQU2^QgY!;=FR
z&8Cz-Mc~$zuiQqVcdSU=**D;82h$;fCrgzB)NQxA%_9}KUK;@LormQ=n3C8Wh#*h6
zUK&m;ZOow1V$G?I2u+Oyil<;O=$Op(%iyp)&%kBdGJI}J`6*iG)X;&2&O+?_XnKDu
z{eLwPOu66}!q#9yQ+EiFjY7GXp(zV%2lNpt&ERM*5rVrAl{<MM^lVMzrN$ig(5*sl
z1_vVbrxneC9w#PKK*8&Pb3NG-lL^6?D&CSN7KgSXnhCU!keg<sdu%AXho1!CL}dDP
z1n_+sg+6n?L~e8)(9t3wf{$TCs5!{n8AnDq!eX%*F>8=FnfaHOfzwg%t*ICeo77cV
zAVIOUZxum;2uI9-r#PVL=mD@H74)N7V#26>`5p=n=2^#c2y3XnGCB+VZ23`Cwk=S&
zcK8FF?E-`ykMP()p4alx7Utk5#Gl+$QS=BQ_d|#<;3(dk27P22wGZ{yhlJ7rP#4*#
z#G8n|Ep&gey39I>)A`kh(ah!4lxqxFmUV~$6P2sd_IDvvho1H`&?K%z!TE=<wr)<i
z;=W9`7rDz|ZLq%?T6n>r-iM_Xl|$Uh=dKSH`oYb247MS#ylnc0aK-Y$eCHh;ztnYZ
zpxlO~ZQS1E5Nr-744d2n`klw1g7{M9_69T`%41czORc+~fC6e$uf@ehQ;eL>dOIbC
zP{Q8K0LR@tegM1O{HedYoo$JZ&3^wuOkH=Py$4ahPn)4k44*v(h=&yRkbUeOx@f?n
z{(JE8$D^kc&i+w9<{E+1g%ZNG+{b_}tgbR*?e~@!-#y6B@dZ$|wW^Ed9Nu_^`q8r$
z#dbQgmrQM#;c&Eqc^q@hLtn!_kLJf0QOO-HuI(+=TrAW8#ihlY>w!zb77glG-st<w
zn8KfO%X02$P$i+ejMsm*im&{$LybS)1svyYg&*(c3W~Sc*<e;U-Ule*ZfY-h_nL|h
zfBwtOCvd(e^OI&(pCG5W*qCD6cH%!b$CiI`NV@!cHl196xL0xU!EL=<3Cv}@*uC*q
zvweOtI>ndT&N(+rfWLP}N5`X|C(Yo6cy(i)Lxs{b=oAcgmKjKwP?OnFCU}2`vCa_e
zqt75XecWGpxQ<hqR*xYLpQHPu8xB6d<&BKD+e<$KIa$N`mR(?&e>|+^J6AAQAe{NY
zt4^%|P#+?QFB)aWVC@aF%Dk2s*@uHaNdw#|eIy;cq+oH02#DqID<RecA4U-q;XH*6
zyQm71Ab1ao%_1<rm5^Z~<TR&+nlG?K`T{m9K9ns~)NlAd^99yx%U7!jBIu7ATLm@M
z6!C(j>Z*ljw)Y_*$vQCIn>2)hNwcO9LWN+75TYPqfimVmRu161ph-cas?bUyoRleq
zLKw!}Y)sf1e?ue`E=mZ^tPDs9zVsFVLs651V0Nk&_SN46Dm&<0BQh^X1Ur$N3k2d5
z>V?o_E5hm_Tsjf5Y6{YnTgz|JwPT&LdepeA&4Pa^x>!{(NSa=(Kos2R+KzOFh!-JV
z@L~nh)JZVeviQrOBV0x7D1H<F@t*iEzlH3P&-DdVqm79VJ(|<y+lSSvTXlkspas}$
z*eZy;hM<WFNzo&ML`x%+kRwp70e`Dqj_fWips+*?uLzb?Lcm6It(^?#3Fbp1(Q7(C
zGe*(&G=_)=Q5PjZ)+FSC0$*1-o+xe@cG2uu<Y_p+JR1Pa5|QSIzzzB=t`Q9ZTay-Y
zr-2BSUBeOh=+_CQNx}GAY5?KifQ=Lg{6;Ro1Z%@ZTP+VOq+rY8_*VEbI~b#ogb#t)
zQ~(j6SS<_C3&o2tX1Uo0J@RjGxY>XjX*+}+p)elwVL~}0=aeD^W@BaPXkK5SMJ<rq
zjR=8=S_ae?E!comh-6bK6RWV~a=t#Q6CJT;)B@Oi`j7)6MO`()OlHEMV=Kj+X%*`z
zJCg~$<q$vvHV{)>NC;xz0@Mk%yD4kRq+m8|9<3XjM{;uqO78(U{bW^-B{9<?6%}K7
z=**&MQQ1;<^*~3<rSdtitLI7%h{BVB-XKYHU;woUF)siVeHOH@p#MaT5oAG#O&QtA
z!BR|7BQ-{ZQf2h}Td8wDs{581jKXn*5h*1#K;&E>>}V034G`S1OCutj^x5v&2MSA6
zJAF2>g)0l4M$!4vc7`5sF^Mpj8lO#xZ`XN+sL{gK$W}aRzWR6U-()S9SD9^=cXsNc
zf#Pjj0JZ}Bda${?`w%y3TyPJX%sD>}8CDr&n?vv9UCr}W>s15^@&sXSY;QlrAZ(43
z{$>q_6b-a0E+e`N!s2oQl|TLR-XrdAdBl~31<ipev4U&GCA^d-DucC+?XCN{lB@G+
zJJ=YqX5(=Uc2+&xVKNX>>K+%xTGGpbG2nG=8!s7L=fx?n+Pd1r6$Is~FFmDE{KCY7
zM(kYf-zPoisSQqwH=5!7l{=r~0|IYrX!vg8WA1I%_JfcT05d#zHX5Ekdk?H!5VfyP
zPRO7=`tMW=+CzS>V`#7aYR0d|2N)%xT-y3B^CkpLx8BhP7(T;^1S9i(1TcK`7&h{f
z2!@kA7|lKS|Lvs$!Ofcsz>0S6Rr<H}*ZcSQ-@j!Hmn*|!2nX6;kmdSZ_yiL){I4zV
ztjmH^Nt{Q(Y}N%0r9#kM>CnTcL>aH4pitnrIhA?UxySewUKm=!_{po!K5Kr{9C%q;
zdtF!x{tY+fUU_!KC~Tp&5aRyrH(%=FVR-Qmzx*BA35^{DQGfQ&FcR|~H*RcGkr(9s
zs#AivKc(dkxP|xhbacqAWFX^QQTBQ=f|h<h+?jKE@O(UcfX|8NXzxBheT*v)Xz^xm
zd^~?XZ~lbOx~HRGsNCSM*uITh&n$c~Kd^&(#Kj}6ONr%s>;mh??6;LAI_JWz&XJ~Q
zIFosB39&c9jD%D}=V}x7ql=jPTQNk-R5E&cz!&rU=%>kx;}bR?f5kv?{`1RMuYXxy
zS;bGx{RivcJ>1yb+TQu&?qF~K(c|xb_*3)S-vY6r6PWRsLW6|MYFWU|qM&&h6D$~;
z2^p@jB1R(%V-Eop;MzGJIyVruY?q-ggShKNP9JrwEO3-A&l0%4z$(q;3k(y#DEy5D
zndL*9F_Q*{M1&?&^CG`xX;Hhv-&lz)A4m5JW_+V?IA{omTL~2?hcGY)aF6eS^Ub#W
zDl_vNp9Pl{Mij27vsHkI@BvW|AuSDM-Bt0zv<fM+`YwTd5o7~yaSdl-wfTTd7FOFb
z3dAoihlr?ckhCEhg<M(kWUgRoqbdQ7$tnjjx2fcSOpKd>Sz8g-oYEy}+96R2ldIRj
zZ@gw9pty{QBSTBZ@=o(hODf7SGR&Rvd26YJY0=rn0N(hUhqH=OB!Q+O3T6I;BmqpG
z_bSK^;YlsP+NHdfYyVP7K)W3Zb?bOQ1g-OowAfiVoZO4}8<~@xH=dCJd~RY&4uL(F
zawQU#v*v1R(5NuEz9(qsJt$laRphMcE_E>|k;2zYMF0^P%}7m@_~-`#*}t;9WNV2i
zwFoLA15fJLq|1N5_});NL)yYigrcFYlCM9NKP~W=)zd*-L`DMJsla<qAZP(qGAt&-
zVge|w5Tq|d0OxTIaDaWPK;Q8_(uH;R1rRAAsW7liaC%W;crbRHtL1B&u#gb}n1J52
z9Dv97_M@-u4Hv#p=Mi9e2bqc&MBz(qMdAE7!Q{KmLv*cpPfu|)Ac_|i3Mf>$f@~#(
z8Bn14=yae~O{FD)={`_;{^XzKtfA;caJxeW!0u0cCBDPvl<F(YizcPB!1aDy2)}(%
zc^($duhwIDYj=fk>w}0Q2YaQ2(y|P@kjr(%11k5sK%`O}_*g|Y>82v2MieKDM@ur7
z0Opx(PLjHapbTom(2?u|1Jdh|1T^n(71Z+r!a0;Jz8{bu+>!!XKoOrl2)`L%xyYEm
z;d}$R*`bp+5ItJFAwKw6ZDYw^U#bHQ(0kx+`SgSB)z(+Qo|sgX5M4ych3LLlTT(V{
zfz=#`m=D96J^-Qzc~{Ay+Z}Z3PWU>4imNJ^P^NDwV2NGEfWMWgrBK~E7H^{BFAXdc
z%wIkOng&-YDRgPi5K79$%!AkyrI>kUVT(t9SQ1jQKJ1ecBC%G@0;L40*EUp&t&qa2
zkXN8_?a~IrB1a*MTh+w&%Cx=yFidbqv;xLqjib`LzSlfh9y}2851Kf-Xm3}Gj|;Ug
z7MyUW?R$R<=WnH*5rUW(gz@MPZ*bMw<_ff$6mWxvE@^hYFjkw*hmzD+S>oKk)+>T|
z>rdtVLOtR2?KNB@-@B)paEHy;`a8Jj7;N<W+}`_u&k_o_-COXls0_<x%L9l04f?N3
z({AGd`QFVhL1d~P^uU{f@c4Pas{wGcRnkzgS5*E*gH|n+?MF{_1aPzU5b@Ch9N*MG
z1FU4{>n%vR3mkU0S>WU1VhBBY0(QrW?HNb)t*?jq8LG46HZYr?b|~>3ClcIlaqH;p
ztl1SB<7Q3m4byvh1R%udY;o^}q%PoC9uzf#Be>LY3x=2LT3`8LwV3f8SLy<%cvyQy
znQai?#*xF}*%YmirtH>MCKvIa0Fo6Q6BCbluNxd~T)cicIlMUPUHjj!TAKKu;0fXI
z*+_spW3Mxl=^a|n!{HTo49Alb^cL`~hu1kS4({K%i(+->Mx-}AqvRX&1xfxZzijwk
zLo?@~X}vcuH=7XT`diyM!nGUJaWl}78#sC}eLX#SI&FR!|1#nByM?a>l#9B5mqxKh
zoNCj@$r}4#J*;i>H);-Rn!U9Fw!0lrzH%|g0tuH9Tl_wsFP#^tW%7aFbDl*w&w^hg
zm=*|e?BvW3iimnJaDsVFhM5--0isy8FsT51Lj;#)1t>PKw2XfVIZdn1U}6|i7%I~t
zPUc(z5P{FkszyQi%!hR+7Qi?7GK_~;Y%l>LgnfYFB*`+zWUs2R1!Mj+3iUD{C{7>N
z5t{U~8D##%-p$oPVGNM5@nNE<IU?X5fT!*Sf_0QRTfl~J1yrrUv{>JmN6}|Uc4g**
z3szwS%agOcstdkQkPtU%HV(^M;39K4F+szDp5U8=0;~8X7#C$knghHLjLSMgSx{@R
z+YnX{SGTTxo`^D;BZ5ms--Kv^B?PMks|%3A)<g(MRdOi!oWx*&Eg8c6aH;0s(4UC>
z#ES0Qz%mvfL~;d<FfP#AbLhx<n=&g1RY%yP3LkPFYE1gjVzSct8|^`w^qMwX2%SwK
z!~%9Dm8C0NhikR~MJSEtyeGd+IU%;q9aU!A!-|kJ09ec~$R`K&8WPHWg{HL|VDD{X
zHIzvO5j6+E!4e_B0l8}jXJUY3l2%{2gri0r>~G~dK)%|<>eQEQgg8KLWNO4giKRv)
zTM$EHMuP-3hp1H-fkzuBO;&yj$kxWf)8dSAgahA(x46ZuA_B%4v*uSfSOJ8Ea)_d@
z<4=I5V#Eu#tQX_hkeEzS%>ve?8?fJrW3y^N240XTN9Pm;tZTPZfdEMM5#&S2dLe|^
z;9!|jT_saYeXTKE6jHLZqfux_3W1;<M8k>5C^ZxdO0C}rutSajGa8DPD#FbsLdO~k
znigT-%W+#uy2*#NZPp8$p*kku8ZT!gK48CD>1^5!&}Nq)0_bUWU#Q))U^!8;StVqN
z*z=ej+ak+=s8AWi<vW4acH|(OX!s(+)x!o?C^g4rzbV6YN92Yv26n4uVQ16Tc0EN-
zVr<22s_G{upL-?-m<!vDA%UTMSd!j}Sy%DZw8L~O-lH-7E}5q6JSlKPbRjKAEBY`y
zF8;UzsAR!g%ydQoen-b)DeWfwCL4quB=DxplH)WckUL1VzAoW4i6I<?*dy54>Qqp4
zL@6p~Ffz{ux7IFG%xz-yuP-1Nq1xD47CP47m^bMY0d+#jp!yXc?RTUwKBY`3-7AE)
z&^65?RANI|XDD!+fwe33qFo`r>z`HcQgC4*Qf(hW(_`%u`>|!O<W-@frM`jB(A{YB
zE~Ama^&t=VZ+oLS@>RI$Rot?9M@KX)P+;C0{&ByLuCS}SccZCffeuA5=URDYfLk`T
zR_j4iJMvQP+5a$&kAYoX^`?5omjdSwG)KjQdq}Wv?@)3s0=ZOX794M`4^+1p2#z<n
z`~ytQzvS3ZcGyCdx!CiaeJ?pKCLFl5yr#l4q&Wor;KA~pxKU<PK#=>DJ0H?sUBS8e
zqiy*4@3VREHjqF30lN5nes(sUq3F<i_2nOifA|6@_FPmr`ydrw+7-Bk13n%C=srw|
zqXe<P(O=P}+ofkY!0A(-09Vg2Z#!3&xYVD^A@DnT7_+CZgn^68gT25_)n|3G1L!4Z
zVYg9{KB$Z8)O(md^M1PP_;x<N#QE$3uHI2RI{52+0{b3R+Nj<e$7iPv-rOu2C=>OB
zWOg_mpX=E92+ap{bK@(b+h$;5M_nc}3P4@9*c_ZZr5WF&s#_rVs>1I4@@|vO)8=|C
z=kx@8+!OJFfmblfdqF{(Rf+>Zo>1+R=Kgp(d#-lH!=w4(=;a7xyU?w8FhR@W`SI(s
zqw{7D)e3H1Y5sHucr7nuJA5Oe+)dmtl>1*U&52LIh0?B?_p-dwy^ekrFLwKUDuX>X
zkKHA6TsM<z<~Vi%60huQ6QH#zk<t2j$TR+R=}oxLSG3M-0u>D_6&t=7+T{uq<^hkq
znFoZl%pVAk7eU4WjjWH%7+^6bG!e0XGe;r<AeTUwK8*c0!dVf_=GuY~Y{-22UQrNe
z0J|P2@{ogFL*d>y!VlC0j!+;%p_R)JN(61v&}<4OTBFobSY>1iH^s6pmN>QuOp(l`
zYW^Bx&GY5r+{DV31d)eXOu)rSm@`>_gWY9bL<qAK<^c5|8VB*^VJIQNvZ<802UB)x
z=jy^kmz4-nAtBdvF|#$VRu>+NQvt-}01~#6GAc_YnEFA&g?&TlkZ>qqmM!LYS1;eI
zY9eGlfIBTc>=H$H2AU#FTJ(evz$l6r7B3je%BTW|snkVwEUx@SHUbI-Wk<-O310mh
zZBkmnmZmEN@d#g2Q=|NfsdECj3Sr73%X?6{u25oEl0*p2Rm$K!dMntj7FnrWngf_>
zw<(MX*rMjJwst<kRZ<RDLE};u)@#>Ov8y4ltEtqD2avBVS`D(~?Aa(bydqYg9%Y&z
zBEQ9*2awPPS6B$^iGWV?Aq%~t*eluFgbJ|NxT5t{!a=y-vM)@fTrwe2Kh!eJ77S}l
z29#0CGZP}}CUt5}C>q7Vx-8a2<FECPay0|lQKTImt$?ss6_gkeq{p{R8Nt25mp~hG
zmg<dwA2bx*OoXL!*pLsR4CsO@i(3cjCJ}bQiBb3dy3r<nsgR0z69RzvF#Nfw)=+JY
z5h(-oqXnxj&^eh=Xmnq%aVM&^M2xD4_I8iLxY+kGT=^wv7#j-O5bSA7@%8y>BkTzT
z4aQ&h4Hyfg3U&1#y&s%iUNQiwTli{J*ecZn94lpSKqV~$Q)eqIJDsqk$e@?z<>TiA
z^93UM0&p`R4Xqg-qKjciF@sulaHb!Ua5JH7VA;w!NlEHbYLI2nBWx}i(OacrQLcPx
zYN2SgIKpuQz?9%uFpptkC<v!t12_HP1e-qMTQu)_iEgE#*oY-I<gF!VvNWYSfkK23
zuKWK4n`XwSwyaDhrd3C9h}?C8u&Pk)iIPDAEOlP+>JN*8>aID^aI`lf3^L+j^VK(v
zWb5*!lQ2lun4s(Wi&gJI)Boe6D~596X#>mPQ_%(XqAXkstLCa!2KaHX`{)Yy$^#b4
zwQ{S_-N6x}R!!cG<@>F7hElCq*CoVobN$k}@fFv^EXaM$-Y~4Yk6JOeYpk%kqwx`y
zN>^+=GL-k>&gn3>5?{rrs9oG5f;uEY$pMw<3`ZwKE#j5c!5!cbCR-xA^ACbaP}D!@
zU>Fwni)Lx5d4q<)@v$xzI>)~{Ot^cu3-zEq(L#L-<;}*&;}I@p3+3Iub^EhhpZ$FX
zc5-?KLEBNV-7OZ)SG(gw?}s@2rupf-wLXiNFK+x8YZ%8ZB;(;J7!3yo=rLS+&PB<A
zLP*Unba-R3_w+RmadAJKn<jeTWYlVZ%Vitl$7t~iJp+n;FaqoPv>A-gcu$;3DVl8@
z4+nlGA_2Hnp*=8Js`=?p+&vQQ3t49sFwW1X2RiZP7LRhA+xe21O>uVt?nE`A(@gmB
zZs*7B$GdDA;?Zmwi^S<M2y}QAZmy8-X!vM!qzkh7>2!)Z!|Tz}aAVSJygn4KZlR)Z
zF&g_XZWi1dO@<ruakKNR*_%8a!{9c5I_I1Lgc=J_Tsf?*Z<pCv{@JPiF7JQeX#{&I
zABLzZ&Lc&i(762F>fh%+zW6R%=mKw{`Lo9d$py@;xUGMP-Ag@&Z0TY_s{azVkWf)q
z_9>s=`qx``n)9=v28J)EvqOL?0E}5fW3^T=A-T>lT_9ZY0jzPL0Al4g5i7rmQF#I3
zf`M>tKsc>|Si|`iOUb%vjGAR(cLNN|MUH@#sTUz1frkngCWRSrJj~1`U^SnzHx{>=
zSY3|AvJ`Y$UUDFNo$4Ta-F>S7VVX>T2{BC@%IvGJGt*@0^EWV;+18F<RBKHzgJIg$
zq|N*gCS67`3JVA@@Hdc&ufyT^uxu+3adm;HhoTQ!TA+t;y2fczniGP?q)|?^EG}sg
zW==c!6RQ;Yu;kftG>S9|FxJ*VA3_=hUN^r{c$$-iPvAvLMeo`dn6T%Utgzr{afA(J
z8mK||8><hcQ&4||n2Oe0D&ay4G_{Ueu=$>hrJ~4WhJz*1f(OC+X_+B%O_N-C0l;Bm
z2<a1X2L+??9Y^=BKa@EF_wv_rvAjbNi>?q+C2$l$(aO0X9Bw+1$ipHup_E8arZx{l
zEfO+$3EL$E1)v~uv&Mu|q#0CWFtJjRMc5IrsEJaVmV~0L%;@uVmOOJ<$>}l>*w$dw
zBzKM<Oq#K1nst85-p<bg>>HE}4D*G$azIYk{Ad*gNASJ}xkxK|QHHgp6H0{I1rQqo
z-}(Z8fEGh|)`01{odDWRrCIxp$z){A(t=f(16a!!%3!W#0D-uCGN4&Og4ou-Bpng7
zS106PS}TbNE@YcZbAV|>>9W0GG@%ER-w@Q5kV6H09t>C-AK=%3XEqe(Kx>+7apC}1
zw-CZu-z$%<9vtLhX(TW<Ed;IU>-8;zUqk8wp{S&2))#2TgreO+AEaW;JU+ySjdjLi
z*E*orU~z%CzK33eNh9(w8sXsHBwgDJLh6Srl33leOlMdXs8b71XZU()gcoS$E4PgR
zvt~*(x==@EWGZOpE$tW(&cgw^p^}*o>^qvfxKkzwLzz*fS9w7}ngCr#Dk1<8?$nsI
zyMr_hGAy-k=Ea=vSM%$4j4Cs~Ie<9Qp@mgKFi>WgnxmNk1<P*_wd_MBAxtmB)=;@g
z0mtS&MsFU*l29!KYRTY}4M)U(FO5kj5DF_x^O<ywUR4u(9gyvNG>E^!Tt8~OT)9lq
zIP;8e1u*Qr<^2usm4oG>o7Mkazt`OByK1iA>$O0yu9|Aqcp)jd32u9>k9C+JR<4mt
zt3F?otdz3s-|v6FgW@e|kffJ1dr7W82sP0)*xk{sZ9ksIyzE$CVJzuj(XhOHn(FfE
z1p@flsz&I{;rlC=bKMOWAO!5_aOx0z3Z0wx_D@-`!|(O>3#0V}YQ3{5)=n^q`g{dh
zT~#Z%1uHr1b8AR{DBuD`R%}eT7I)2g0>9u<z5W;_Trt&qD9+i4`;`w~sgLm4Rh8am
zsrfIC$#cB~eCS0nn8!_fTb!r$CucxA?^zZ+a*r~87-oX&-nIEH62;}&&*Lp%@uf*w
z7eTIY#AOhRWA&5KPt)10lL-K|`J@L<24|kvbrPrEya2xmz>~x*JbG@c$VAq4Xre-4
z4_0CCyMX!5l?#|xpEawmXOm;^Q@%f+oy=dv4efCCX!2sxNVbE*-eZ+@<>3|F2kqFp
zjb)3$Ju2}a`_@Hgiz9hB&DQhm4jUa$@QLo2{%#qU@js1z#_TP3w9RM7;5KGWK3LXe
zX9mF>UkTVC$b=vH$k^CBF~bWKe9LhhELZ>$3nDXv5RGX}!Plh_Iu#Rv83ri>(F72n
zG3PWy&f39d#%BsK9~McY)at0PC^1InZv`svG9=;JGG~0W%$)wzROLI@$AGV~F*esi
zC>n(^=M=gDnK{KHQY$7#i@?#QuW4hB0Fs$jX*>aggtmxsMjKmX8p?SR;oBfGO9FT`
zRJ;WUBaKm3BP<Uo9y7Q3u%K9GrXh<`9?Y1=2}nVfuyRyUQ!5??R27{kgrjmoIAhw}
zit_hm*$J`IDZrGptimX$tx_$73yQ7=BBEF!G&4=lq7`-2PLujNNXWzx=EqV+@3NHS
zoF8E-ayAN^1EwVbR3m*23}=$e>VPHsN_#-6D&Iphn;pXL)pm>!jH>m*TFff&mVJjX
zSHQS6@uZy>q$!C4KPm1&IH*Ky5e0gHnv6`L8YP2~^!$>cYqKZ-^@1}KD@t2N(llAf
zs28hQfip1)fvAkKbuxafS*$JzVFqJbkUwV53KkKjnqnoy`fSQYZS&cc=4kv*5eluz
zfkUFOAQH2TV{m;c<?e35Dll}+oehOC5%rs`>g~h)Hdu-#1~4{MUipP0<Ny?$5tHGx
z#On%PM-;gThiNEv=1)S5F3|<!q80QrA=4^_1?pj;6{d{dsecQbaoQ?S!DLUAb31?w
zWNh@@f9qc=rRM>2=EE-GSBOGEcsy`}nel!5T39fadq)bwe)M7l^W-ZxB6}F$2Es8?
zfDn#FMyZ;di0A|$@>^8uIW|wr0NTu;kOiWAeuWxibUV!<3iCywL4MLEp?m0gzWq4Q
ztq$R6!d<6FyL1SU+25om5i*O^8DV7+0Yb$D1HbZ9x`l6}c*%UBoN?#4xDIvr#H=17
z@%bzgNK$l;*|16BgDc;&=slQMsXwT2O0OWoE3(s~a{zY|q+V`9!9jIFY0T3VN{V&2
z2jI@Jg9y!7zBV`!FObLCHNTaGfWXucv#+`HS<_y0Y9M0WEG^bEN*w|r!oAi8nGefW
z2lCmyRIwFlw$cmMxh##(&cWFdksRm>Yn1ITZe{VQhk+P3rfs8enNw}8=v#kY@g@-6
z%nmCdhboTZKmaGQ>suISamtO+6h2#V5`dN|SS!G69W(1ae#XuklCm|&0>2RkA+E_M
zsxt}}lkV)*g=HIpJx&azDO=T4j>z{O1gFVWuJrey7Pm0|dfaSptfA>T7(C`8wc;$7
zckx?Wq~#y?w?&cLkB3~hrk3h1aB{N|L9YDJ-qcWj2fQ<Z6a3wEoFH84zj_CnTBoo+
zteTA{<G=q5yRgCPoe$EMI%UQFYH<kuA)_!(!1ugR3wKqs*8>^B1#{VJa11+r*=v<g
zOPRI#dCDaO=$4KaK3_dOFT?w5$Ma@EE$)mijvi0`wytUT#@VMOhCknqxz^t@==xRU
zJBbW4IJ+nv(%y4;!86X2A?uds&jFpCUT0}^LQPWsxfdLFuBbMq_-{Q~9i8bd>s;rr
z5QldMI0m?QG&x80vuwifCUDpPZZr?ZxM6tN;34?+@$_Oc+!{TPt17G<(NyMAzm3@Q
zL-ToH4X(T5<Mr~AtPTgNwpmBeSB|W4L50bZxKfReQs7{kGoUws#Ykfq7AE972g^Al
zsCUJOs$g<)SFd1tjR@oB)Imt}$UF>ebWuS#O(0zSqyiJl(G#J-t@2ZTyR4CgGrq?x
z#u^BEbWTGg#2KQYS~Wn0&Q1UyCkEhP&UKkpjl%v?Fqz3!hRzru2~)0l$eXWxyB2N$
zU=jgfSU#NbGgYConF^Ih0-%FG)#Y1EmQ1cJsh(6JLbTQW=qhCzQ8gz8s|La?DJ|(7
zE9_%F)If<MB5WB-ACN`8DXQnn6crIAM@mO-5^};Zgzq8929f)4nPVw2c*yA#;e-uA
z=K_KVtw&lW&BADYRM<jra!bkR4yRftaSDqNCdoP(0{2DKQ8&djO_nqZ!8)1W!W+Tb
zg-v9gGif*5L42h~iGNx{TUu8sD2sxTCK{x+qCrZAC}J;*nteu06fR9uN`U+j+Iu~O
zitsm97K#L-v30?QL2fX8M3L~zZ$)Ks&`L(0YxAD;A87&@Z32-mEvOczFO>2a+@9Iu
zbHLi_dcfC#!!(wJpT9x)6_~Ue1(SyAMj^qZQ3`w(DI%w5=5&~8)s3NuLXlOlGBXoJ
zQdxS<Rz*}4H%W9*_(%o>{Y=P~MkO-m-{swm&P(y=1nWar`W|E<r5w~JDnd*spp{Tq
zD?UHU$0>B(m=$adLJTA;KSnIX#pY2uU}8bYn0ryGaB_UL<Q8)nM-T0)5CfJa7vQP@
zU!gN-I;tT}7eS90irJbD0t~UEF*i;UjMC>5ig0p(yK^uhf<wy^odaoqVqZrGAi^y&
zE-eaVorn#1kx;IWqdYn;R+s_pOYb0x&kLPJs9@uxa%S}?3Yn@n60@##1;yLw@KE-Z
z&S4ec5oQU5A0;m9>@1Czh^e6LlB)bBmru4tEZ|pgrZzhOMPFdvF+UpJu0uEun7b@4
z!c7REFg#c>se(QR0Kz5%*afGt_3?#&13w|^R0Q&lP7~J|v35BMW3XGK&>TA_1I|Av
zv>R3vsl7Hxjs_RV`8I>qQquh9%|~k~Yv+SV%+kTYQ<Sr%4x@Ylw$2x5KQky#7dDu`
zNnb`VknVmRy~ol~Tz#<37XY;5&?~1`n&YnyfM2cMP*2nNTpQp6kB!A|Xi-KEA=;X?
zmCeC$XMLxCtGz=CEyhw1^JF^L3ls%su>O^YuCZ6VN%dj@tfpbzsT+(2KI6hIZ>yF3
z3$@n=i*0-<=@<AYKHJ(Ju5wx)lF#DBEzjOI3x8a^LhID^0P2z9vC5x|>;t&nz9Vvz
zvwYa_%is@pK5IUThM?X=Kf>Pu22N{Q3Q5`hf`VK#yZ!s-MsvkPerc)mvd=BT+LhN?
z>@W_Q+UrTnc3T^pj~cubmAy>wjmNe7m&Pmc^p6T(j#g#RcIT%9k6E`*S2*qU#I}xZ
z>t=wvcYlJ0>~PbQ0W4cfvYk$Qc#^^<J|yL=HyfXgaeFHF*PVDb|I$49rFrt|+GlrO
zdE+RI+Zc=d;<$*&5qsxI>DNzZ7@TwBx~V4T@Zsde=*7HlirRnu{AfOtpIck&^#9@x
zVtY&5vW2Nj?jdb$!Z|vLYkl6@*&jSmk045Zbk!pMLK(0fsk$ihko6ug9}yOgVb40|
z=$C?5xDCo#suP80n|z2Mr*LJpC*%Mr@S@J6#7cZ^7{HXX{W{0Yd75XUd|n)i_$7g#
z_+mv-c^3SEqinxJ;FC+7q#Bv3#iwAt^tJN%!COV3721JSGnJg6vOM~4w$RK*3R8qW
zqZ*1rOo3Z04Xl=A>Ao5v?SUzH{xBD@TQ8n0id4X-l$0hgc^WAqWn*rP>K)jDBEpb~
z-(biBiojV^l)JT^X_yA3`lz4~LP2&U9EA0d>DUm{9zw0Q2xoC25{2}*k`AC@>;N_Q
zeBD(_!Rmo<FRjQNNTW%BDtKrUl7oU&EJ{KTTMO-_ga!qXn8%Hh%Rmu@qOyML3Ws)6
zsL+QXcZ5l6sZDVeWGi7t2pCjQr|2nGdVYgG3#zGedC-uhhIz0f5muU&n3j`LOZ=<_
zgeqcATVQ1ENrX!{tC49G^&sg+e<F-f2p$M!u@LpJj%GO^GSAYB0zw6y6-Nw&N^UqQ
zFqOL322l?~2^3RDOPU5(P|;^}V-OLPkh!raSvZ8H6GWCUMGp520S%TErDe!SG$tRQ
z@3E*Gvy{yMLV=5nLhuac**R!j%Ikxrtk{S^o@#V)6@^gA&%boNqKq@@`xQ@72B4In
z2@Ot$hIAU83Uy|0%Aip^L6i^6E1E8vOqgc#1)7b%Lb$pDm;C}1zJT$*qSST4S$46<
zp}t;C3R7w3U{teX)lZCYsI2HoixxIX1g#+jr>FyG(3bzM(^j@FrU8hxQtmnU6KGaA
zfV2x^G0X59hnSX4{p^Um060hp<mSU{3>0}7H3&j=kQ(M*{AEU^naRB!=@oz%&-iOT
zs`)A4<pEr^tzdq!eLP#`Z3WrsjL3&|Bb(;p)I(tugi*jg)RB~FYZA7?&dj7tQSE$=
z2do{U9@_a}w?MJla7f{iFe2!N{-!rz?E;SYTIdc<SonfeEhKNImBdJ`G*<B$x}20%
zzK*8RNrQQV=S;cOHub7+=5%cdk-SQUzE@jfg!2%n&4Gb%gbU@U7NyGzOzP$i8E2Hz
zZmff9_Q3gx16O|nSz54C5a3-~UF>GTYU;+WktoZ1fn`nf_HaXp&;9;7e_B)T0Z?dj
znI#e*DXsO1G{`PSA5A$i>_e+9uk~avLa;U7N*cq{X!kAemElNx{@OvW-Toi<*LS&K
z3Ck9cAV{&?;%gSOzQt+mJ}44847zLwn-O&T`m1$<CJ#8=|89NoL3XTjmeiS(e25)e
z9cfeX6nlr+>)tv3)DMnSS^HThk{)=L8~8eJ<yh4Vipru}>TEnZyqRl?dN1*Lj#^p|
zjtcu{{ix4Eu3g5MoKCp29*w+Gl6xy+S&Q_pFNirjC=G}6`Q&i=>^gQOIL&XpIdN!u
z`LE);uHIpa5xF-e0l>;Y<=U;^o&QZ!@XL4~B<2>Hl%JLo->@_i%lA^J^w)5pJFK>9
zKAkkz4nM{`{5QbN(P3ccdm!kw<%Y=&E1)wjmU=d!ai7g4>V`0l2j!#mH>xxK6^}z2
z&ELH{KaC84_Fv<}u5M4~ljFlrahDp;{-1&>XNPFW%`RSliXr|_0O&h6Iof_UdG)Cl
z@!hjedH(6s$wg4I#^RLq;6>7pRr)P(@YCbb=?hMqf4sZ!lhnCQy@G}9!KQnjGyH!>
z(Jpk71=P1_-k-YTsk<7A$LzE=H=(}eAl<R(W)w*47sccKgmz>o^J$jg@Oi!VK!myF
z!ad9a7zaqBh6{G)`1%37y8qmcl5gv6zwTD$;C%I=`z|QV&u-uO{EOfJ;s1R3ujN*$
z+%5%0dmJcyW`>ivU{+Ev4*^|7eX1E6DsaSV=s_8n`v0-_CID4cTfqMY1m!Y_BH(}l
znX~A<m)Rk47I8q)OwAA#heSYdY?3n5%+j(lQ`4U1*r1t}mP4a9IAx}0=G5#fO|vwV
z`~R&ozy%>L`M&qw|NGuu{8;<!v(G;J>@%&s&OZC-rnNkR!A_D)u&m`KhSDBl>z8U=
zbmEH;52gIqo_=Y4(d3<TElTr$$s=#Bd7>~Bq*o%>Pb_fFaMxdkkSE_<<}tzLqAH#6
zWO4l|n7ofJrP7~*q2#J6=DDW0g36Ts(hK)-nWE>RERI1VNw8sMeR>PrrjO|(T@Gb^
zT+3yvbeo49wav%pr$zEWOXf*dY=D+rdn(D4X5H&O^l)#=9T25;h18$Jh^v^Ji#Ryh
z9&B>S7$tWq?$2^h#xyq!b-CkkXO;y-$vn+alK)gaO7<VGyR$oF)KqpDrib|2q;Vq2
zlXcH2{Rd^9{yLF#c+%!+H)G!Mkt*$iZ%9*^elmrvp()MF$t_wUaiwSqdsC+L1=wP3
zO1r^h(93-hD@gotDCrv|N}HnDB~#ixP!#K<v{Ev%l4=x1$>b@wrZm?%Z;<N)<m->V
zv23Un3@6!I3~^Q`54ovKG0#~HD_BpV4QVb`H|s&^^R$P+`X?U5o!N+49HgvUyqfF-
zacAmEHjBc^y5*s`tWEDki!mm}6C+$!uJ@x8vs=o=lRqhnW}DC{QGX#vduWVNEhmcj
zk7cc#WmJkNS%Lmyfhd{c6cmNEAPeZPXo+pj`y43oM{$&Dw!D5c$(bvqMNxKEBXvVT
zqyd4FvkIlp)2uSFv9)>n<6Zq5NaD|AeVE$%LvhWg%9Q4YlnVj#XzoeY`XdJ(Vaox*
z0VEZUGNv@ko&%4Hz}D90>FzUeU$QggTUDA8XPP|GmV{I#Z4Wt6*nOHYtq;4y-j`~_
zT+=L7p2TWXd|^W(_5AQw%HsMMYLr*+Fo-8tA}Oq<^d5#<ixC4=4pWq7%F~9C&0xqR
zsVK~3DUUv&EJ~{rYF&@ip3m#<V=<T608C<O(z2bh-RvdF8Y7rlI4flja(UIQUk+u>
z7M8}2*us=g9GO%s*HFoX6HPW2rQ5w+_Vg)I63Ia!Z`-i6cr{rKO0zum4!JZlH7k>A
zH!EjLHOHskO5*&IF%vMCWyi~tZ+%MYU2JG=O1m~=O3TrQDXrO~T)SoEdY@gCW_0V{
zdc&mFo}cUcn5XU1fJVt-CvWM<mgu%R4pS{ot9?#LsQ~P2%^>GWz}bX5R}NaPCR!%?
zbyuE}NUhNQKo(&CN--&y6dEN9=uQ*5GRko#&QVFJ?=_U>yB(m}>Ux`i|B?<RRm2{Y
z9JS85jPl*3pYa6Rc&oZ|p8>ceab@=AMRCSP75^y~FjY?A7Tq&yyyLAoM+eZmk<Uc7
z#8=73qvVrPeS3;KOkVt9aB+O9JZ$Ti#Gza4F~z#p#%79kdjBUpH909IT%L$yIB3t+
zr7NT6?bLjxMdLFu!fFan%AMcjNgLP?+h11BM)d5%8@9Yq&P(Dwc{>QL7}b%HU*+Rh
zygja^CD^SKpK(pa*D7PI7Uj-M<MQITO{G%yo~FZ9$|FNdksOySt&&cBV72IDvgQc=
zox8{r*fa*KN=i~Z;_hd@I$qReQcQK}GKt64G|aS*SMgaReGadRFpkowaI5r)jFW!}
z+E`67Se@heepD9D&e8h&=;i>Z8EIn}6f+Y;zj&Y^h8LBlz!Z6@rRb|zDzo^V?-r(0
z*A~mOb3F-0eRk$ZW4tEgHJdbPBB=hkVhS^el=11-bbPql7*nHiv&YLijMtCCwT`2_
ze3N8+D9qKdPx&A~PFVw=mOUbr)5pdd<|*yV0eNXMrmB+Hjneq~7!T5A9R0C*X?YVe
z$117ZG^uELugZKQy)~oqXNljN!J@+T(V+TdWu(v}R%<Cu%F;fpn#+c3FCS&(wdCES
zkr^W<Pc%ncouZGK+Cu9J+9G^BANj(Ytq-DFB4znwu<}|~j=Z^FDoci8Ej6e7EVRa6
zhSoqR?sVG&i(J|_DZKOEx^>s|EZTsyY<gxY4oWIPOFmLQqnkZV#sljl$DLG$ek^I-
zeml{{mLYjlwXZ+$?o+31zI~fFBBT6H3rXW?d(ogw>%hphGE8eq`lPf@w8FZlPr`IJ
z`YRCXNf+n=*z`rFzCN5(uP*&N7>xtc&_{-((#WQZGZ!KHP3s>|E_$V@II7<O8JbG}
zs6lb8bZL;jGh702pKCV}QC!;_;nU$ZBX@W%jX28Xddz)DE~qHELSlT&H5VnWLz)3{
z6G6#ER2=Q{pX<0N>>*8Qo^SnS23iVo|D%bZH5hp4rdj*is588+B=<ks1yU4R0&>%l
z27#<je+w6-CDDDKlt5c6hKS^eFHhX#C~gKa@(`OR{(70Gn`HEQ5Er*}evmEUJ|QdO
z=A$X?zRq}6nx(FHouJo)YywL1(!0z_pHZ38??ki*<a72YZTKmiZn8SwJ(4VG%Sgqc
zv?Q8;lqs#rfNdd3uoYwt+^l3d-4lnBO~xKDlx&agLz6*Usc5!CEDW|oZiD0`#YAb{
zU)g4f)U7V;4XszI*x^L#_7pa<*4b2lC_!65+GZ%(vC=Z2(A2X&rQNQX(mnp#U0Xc<
zvOYaM-eXxBhd*0@62pdjsiCx<6?kGLz20{gn~v(ESs@1wN_u9>>-&-k#~r1lta9r{
zNli(cft*F@Q?dX@n3x0NiDRDhQDLp}Q45)3lgV0!n_{if?ExjN1eO!Uicqq+C=MBE
zG_XFr__F2V%-51=Ej+45>n^Kz-KK#c1(Zh}k|+H(sWIvPE1BuXrnCiQ@s8TrLR&yg
zJLwEdk?0|#t(F>))#447TsW*KH5Dg$;YO6A&@5$xSXS&6lpGzRBoo~KvNZMANR-z1
z1tl#%s$Gshl-5?!Ul(U{v^J6c&{+Rg7}YI#(DbC_V(qh1JnFjZUHgVIZ4%8Q);F9d
zH*!#+q%kP&c2*-z05%S*TDBM^$B2v?#a4+cp2DJJxK5Ou=y(Za3#54<tCeviP?(hx
z$vMsb700|RpgU!ytE<e@N86{(z&1+DLE>ot%X)Ov5v7%nGE0`MR8v&HOldxTy=FP=
z<Ut>oIXPv-xh`d<@gNEHNA9#5^v@r#gCvsb(Uj&S*H3pMwcZK(8(`9SkgXFRI0{o=
zDo1O-=#4UQqf3;2S;dVm$BQ%;s8YEAh?0Uy8$jE+RFkYt+5kkN<cJijpY4~fuv(-X
ziP-hJg|1!0u-9dSQJMv;cfgTOs*)FNd)9;5F6|Jp*Cj9g(uvYKGoYw@c@`!q^>+%y
zFD|R2y4g7C;UJ6i&{QJXb8LyctR&^r_W?>P5}i*ZrQYzBFVRZLc<3QzVgG1~bB!r3
zsFE4Za&1a?-|Js8q{gJ92}<?_FOtfEBi$claeZ_@l=SMx!q>KscL!x26)BMz_tJpD
zxR<Tf#tPP72`aK|%}x)x!CT6qo?1NJr9b9=H_Uc1X6eeB+9i!UZ!({^H9X;Z3n85M
zO*$oMU&Io_zJDLhVV~4HT;8ARLhC{MTy1y{+;s$5X@89SfpjxX!Z_!%@=l-6Dh}$&
zdv%}<Ag@Bny}Mt}q-1XYDYOKV1`{wX`_3Kp?iRd;--)W1?iX4yb-%vq$ADDwHjOs2
zlra#M-mkXAC;;+BFnM{uYwxs<19<FCzh39}`e{+f$9w4wOXEjAL3S%6T<KrO${9;{
z1<hn~{yLWNHGz>Bnj?4>ot_4&p*f7I@pS>+cdo)GXJ_Jer&|J+diIniDg{4txcQaZ
zQRZ+?dUwzW6^ZX!UW~WspHCIjb}B<Ljm^2nuGPH6^35!q%@fCzaAuFr$ihC8;h-jF
zjLzoag5H4^dzvp@jn_Vm6|QuT_rJnboTZO;+N9yckuBQuK`i;q7G|yHxW3)=VVmus
ztaL^~rT44WF;?$b%V__Z@~#%~;?_=|7_M&1QXNKSrpp(#CSmN$oAw<thcm<}_HHV#
ztEFf0DwrA|U(S+&P`N+oV=9SPnZ~T%^;Q3TYtN)^-NjeknPD4vflq?G8ejB*))YRv
zEM_NNHhO6@OPZCmh5ID&@|AAEimUq;8JyU(Xl;yf8gVn0B_08;7#NCjC6q_xoTXf+
z<X(xLDHjJZH<`x;P#W%7mU4xb7pb@$phz$OIjb=#8*!l#%Tib3@xa|I$?@k&3f-S4
z&S$RVqO^IqlVwWp*TIuSZ84seOQd%7;NGB{r`mIOdEZ9nago%O+(B{9Xl`p3la=eE
zOXGLeY-5Tn#l+Z>GV2`^MTy<4e=tCQ(o1E?EdYyBHy$<LhB%s~m|Os5Jt)}{{W^%!
zUTW8RRd8?6ss_7KYLBXv{JGaiCE|RN#i&_bNeXWIGK*`fOzHhDxDRNaV?1kAy1eL4
zCMdaROIHw0=>vpPbZSxiO1pTN8xiK?tZXRPeYr8q@cohpzEPRN+bC0PjHa~x!sAVf
zLze*AY?M?e%5XP}BZ=FEnANzL#2Uacrj-Dfkj%S9ii+hTw-O9N$%K(cB?U%++@++?
z0`o|%IZyT8)D%l@NYamk#Zi(Mj$*l0qNLHl?MR=}Y7}EnGt4l3$V^<stVmqMY%8Xp
z=8)Chp7@6KlvrpouaC9{{fUM=OW^J%-8E!!y-&6ni4+&5IcxR%E+(V4cKuZm{KlHq
zhCfc$u8*xN-C<>lyFIlj?@viC7>n#l%tPIr)T}Ce@LG}R&?4JMPYvn?OHd9)l=L-1
zX+|l>k8BYxX2}KXMT(1(1@s09ZZ56wi}uDI6IzzKg^Hy@N$7td^@pV-1rmFbtk~tc
z_gM4oGT53#X)Pj@=9bot7wHv5)re6kOX(*hN_z)Mf5MObsN0>oDW^N%#hR1_s7s29
zk}sFZF~tUpUs+0`zkNf8BhA|5^wc7?=K#`CLsrYyP^FmNn!zRqo=jokiQ*(dagfP!
zoXAw07?-kIjy0L5zq}?&i`0CU<e_ajN|x(GXMIiSeP-z>uT9CZ$voLH7)M$m=n>UO
zo6@aPy*DwVkjfV6mJmwz9ZI)R^-M6*B<>b@Elyssl8VsXn<&kUXFth2lx(xn4@c`+
zpnY<SvdfT~6h%5~P-sz1iQ8INa`4Lqnu`(El=Q%oyjTu@wVZ*}u=J}Er!-}u8l=i_
zLpLHNN;CVo4$A_1LxDcF+H#yGvK+(cu_BbLh{IHS#hnYbEP%19MQWXOn39G9O3K19
zFIPWytP}~QIe6LM5~*K+QF0fclagk-a^aA9x{sa<i&O{~7Ol8ES)i6kCr3C+vu>$)
z_7q2g?0u9pEl`>fu0J8b_LMGpC@nMn?Nu>4rGO||d_Wh?0M_>dZ@@}}K)lTi>7SA!
z{@pZQh~QIQ{rd4n6-H!=cxf=zH0KVN6&WOo9v6(WD9@6`4rFkA2D9O<dtSKegSDp*
zE~;6U@`j5%V3yJSHOnnEt>YlwFw|eeGOS+H1ntgEzt{%lNphd?&I5X-hy|;9YVS!I
zLy|IPe}CTOPu5<q(njO&I{*i;yiSD`Yks7FH)lE}bxrETNKt%$i#O~UJW7Tfm2M(f
z2F8G^`q#YV1*|Tei(bLPrj+5L(z>U_s}5QCZguyrW|4(wkKjcjaXsoo;5#`y^>^|0
zE+4&Pw5|oVD0xqbNAl83Av+hdS&vUBvO&8j)jM@!R9c$NZcR(e<HdExC}p^)G;GDp
z^br|J#uCx;Dm^<QEupAGM^dUitqVWbGLTj3LtNQx+L%syzl_pZM*Y1k?b_&5MqiKX
z$urIvGN5!G=BDcP7tcp*wQ&cEYScyvv@uT8q$4!7sy6Sis2|}FoQF@~5(K_uQHAI_
zXh{=>-j6;8RS0iKpN0>>!n6(2p%2^vogfDuhRN_4NScL^1Owo1h=U=}4(^Afofb77
zCc}J4hkw9ocnV$yN%I;Efzhx92EY>N13O^nE{nPVRX?(*qv(3*hEM}CnNC3ei0*{`
z9DNE}5#Eiy3OOHJRNYT3Y8LuMxDy_S-QY(2Tj+1$3><)8;T@1Pf50Z#30L72I09?n
zINW{2q85|KoqH_m33wTH!qmMMwGW2uv#4{hpEM`-TU7JUEUL+;7WF+k_5gJW6F#@7
z8N>}aNLe6yH~D<Q`Vaq~qaI~kbjYH*9Hky$3)~Je{pnXFxr4aA@V+tMhxyguZKwms
zpb%z$eSK^{Wl<^LaqOO;PS8o{R_Oon|GzqDf4sQN_p@JRAI?F)$39(#Zu_l8wIF=-
zv_(l;VFBDp+z-SJCHxDVBOLb)#~X}ddNs=?6Rt|SPnfqGJ%s6n#NU8k2Cu+&7{EI6
zh|eMX2g^=J$CJJhx+l{U;C^U8x{;s=|0fAx{r^d>_x#P}8t}wPi`qq<KWk_S3yYXO
z@Fn*qSa{5$K7^WFFT&sw;TGrvXi1Ymcr)P>(3S8@=%3*q;K}sEq?reOn7$W2hC{F(
zzJZ4Y=KqSG08c|9WWWnB7`DP9uH8#v4tdTb{m1C9VJ-Xs=Rwk3LGJ)B_Rn(kYasjS
zN%ZG1fHdt`{(izw!Elgtl22deN&2a<4Q_=@*af{{E)4#K^TCPHMtB)I&MDqG&3{Aq
zP0Dr#PQfww27J$!r1X5#bhFvTpqY}9K2B`EB8$!zU1SoD$exrnv3N#8(F|=NV{Yoi
zV#AWoskSJ|waC;YCP5-J1Cj~5Rh!DqO`n#Q#n_fcf85?S4ABu&r=|}dJK1K7l@*O0
zuUS>}I2e^p8A>FGBXK5A=KnH9j`TDxKLuN3bWbQZjabK~=e7Jq&KYH=jo02;b54y}
zc+JmY{7P(=9gCdRjl}cG5T=>Vc}!L*{3TCTowHPmkj%f~Duut~;cALX;V*fL;t4x{
z$s^PlKJi3gj7sO3JArhSr&9P!&QlXr3V+EH6`z6PFL|uGL#6PSe22<ZDf}g8s_`m?
zzvS_1s!HK6d8(SGQus@rrdYSEK1*e*6#kO4RcF>DB=c{S3{sksJW7pJDf}gmR190n
zUvh>Tty1_)9<4f0B0VJYuQO#5lKIz}(g?}?D^V{tc6YjV#Ax5KE$e{bh>;;}ovW-w
z7Fs)JYy}66-IkU%d3+hEIEIVX%rRWl5Rk)NJDz1O15zke?M5F}8`?t`km+Nk=)v?d
zSOYR&ejeKYV(n&3yO)YDovys;@|OR!m5;j5UXmTLKI(j2$+*&K%;`DtKI+B<J?&tY
z*<ysv`4#E@t$oz(U3}DSJ$=-XZa!*!vL1d0eOGrqEc1lciMp<zr0Z3rIh3M@7xng0
z-AMCWCm*$ebY@y}*}u}i_w`W+JNu~V{e0BTU42yBK0az3`RpVd+RI0M#`-=WPVyMi
z!$+O!$htcCsBZ|H`O5lUAZ>5T(~`36V}6Qk4|#86-XNBFmGq4Um1IEwlGCN<mo+`y
zSmq3R;s76Y6&}1r&!_r8AN4epUM}KRef_J@=DaA%BI|z}-DR*oU&{FPC?6F++(&(t
zQIem_h%22&rk9QIQA0=isECO^>e3`1)o`khiZ!%^O$JRa4x4eJ-zXKokY%?$QZc6&
z_^5vcagY6VKD{cKUsf5OGnOfs=c7JnTRxrdqh2EHWyGgGTD;B?#EoWK{Fr~7a8ts=
zALsZ&*GJbRZA0?tIk%YY3yZ^_KUExdPIK$i*T$bB?i<RY$g3jqp07Af^%p8mQ+hp*
zt<;wpZj|Bea`O0s_#M<o|A((-#FA^{%1T#W+z-#Vw*0;2tY;DNtEtB~=ltimf0>Wk
z^lb6^mojaZCuKR;B<5}5*r`Ps|6NRGUDhXx*LNS`4EEprhl*LXSP#EzXy<tqg@;h@
zW*W)&H>Pjrys?tM@F>T(8UA<aHBRfCu*gTvg%3Hlm(0F?4sibeoqU$E+%ND7WvJyM
zpRCZ+4&%I+WkNas%3F53F>i7idH3i1_FAPc`z|__V`BcSzvf+zlT{$;-gvV7v?*Nc
zR<qv|N#{&3$GY>ht6`hday^~Gf3^I#<)l-be`PIKm-q)>;kv$F=g_OgVKc5W`q?c$
zD)%+l@|e3(PuG_8jW+qHT~Pf^A64gdANA}8ecnLkRfQSG^l8!*!ja8B>K$+{TQAZ?
zIIa6v=8qxnpR8x$Rv*>l-D`QGocOZRUQgU#t^bceUp2Lfulh%AU$rsVR}HDBPy2=H
zdQ6C}CC$J(zRI_*uNqU|SG~^sq#$4A$#RA07i$%#dxtci5f{!frSZG*+PKnb{uR>?
zM3lXrr&#~(Eqv7jjsJ7pM_uJa7O(%ZQ&{GGPx-E}A5JtXCYSQc^g`<1Io_4<>So2u
z*qZyQ&g`=X$V+&{(B|~NL$_fY%=I+oIC`(CuPWf!JJ;~~IdxOXJjS`0XMK*<m9Urd
zVGPT-!gh`&=X8GTGv{gNaQ6n~&vQ<<pLDG`cQV6$)i-R*=`dYOxHK0@bAYnG$vkIn
zW1l)tyBdCwbH+?NBA_^I#+9Wd-47ioZ%1F%43fbc9sz5Tui6H8!&2xA$Dy~)p4P2r
zpN_nCl-4^9uhv-k_BKw6k$lM}YjkFY&6X<fm8WO+#^WO{t_spe_vS4U7t+~nofu*A
zmWeVrK;_mDFD2=(J<F`HG&XB*-WSOj>0;sS(Ot81r=;hO?5{m!o|w@uV^l^iW5m0%
zMYiZ9zVb6VBe&;RUUN#%bfFUBJ7#BRcH!fhE~K@^c9o$-jm&v#B{OMMm%q2%$iKN<
zhD*yurE2e4xn2vlm;qT@PfFRTuI{PW)M;50$1sG}2y<Vh@Rj)St}bqqb(L6>k-S{l
zWp)nmtiQc*jJZlvYlU`o)wU8#r7*;Ti%Z&KI%Q_((O0(;HEgr?OdmgdWV)+|r>zUV
z%}VU_sIEqLVXX>WIFRGJ@}{4QrLo(!Tr)TkrJ7hOo%idqvs_q>&Dv2L#Kgrl*{mtr
zco;4wkLRVeiLR&3bouHK-6=cE_*R6A+1sq0`JCFs3|Es!^_|49D>A@{iziupXRh!r
zrnTFP%ddX{Ejw2ZR#$ddjB(VN%ek^lLbuH9;pv%`-6Wf}m-gty)jEssAddu6Ck@vJ
z@pE-CE2IC7$Z+*wx5enmdGU0#%X`zF#7nY0c`Mh|GTBmi7l46ZTudLwN8wydYK!WU
zHG=CCy}?{vB8H<y|C}@TSr_l02{LAP_9*SbU|bYjy6;AbMWgLU7fqXl{_=8!tHrVo
z7?9Mt&nOp@+v7;ctJ4`H4WmhpEyj^#v?SNAZgw%dDsf`ktR04r<=fL8CTfpgD>DD=
zHtzlm9?rdHB-hcA>{A!700}+$EV!#yrY+%bZhlnB`$EO`tj%uTbUWmZ&U4|?Vz<f$
z59Gz|N-k)NO`SNhvKJ(~)oCr-=%U)8?aFp_$r9T;X_Sk57W>n<VRN=-%Z_!SG7>sx
zPfVRON-i6&6sfoIR=@0A7Z$KvJ5S3>A3t_P7xTp>7Z<eI&24e@9uw7P_#K^iF@0jT
zi-)r<?iL1PrDyBZiLy^!Tu*!@(%NED#!k)1yoDjkT)$UZE0sJ!yX?7Gc3VP<e1a<@
zw|};NlXP)8yS+<h`tWQ%dYUm(7GWQba&b``Hzj?QE}9BaMGZO^*I>6Ax4ohhQ(usW
z>h_V@j2DolcVL#M?6%D8(Y&apzn{i*tl9C_9Qaof+4asO#i{I!a*&oiDoy)ntd@-y
zDozlUO9z*+<F)bJ7`Bc)qWMZ#E+3YdQk*D;E*T}_jA!zul4tbt9NrVE0#CP;AJl+A
z2!Z+#1`VMpG>29Y18txkbb@Y>1brYC20=Pxz-Sl;<6#0!hZ*n?JPc35LRbnbU=_Rs
z8(|Y{hj-uu*a-(f`U(8I$~%p9l`iu<;>s%b8seSH{ua}v%fFvEvmcGArGBOUT7!gp
zIfbP@!$IP6Kz==75@gB*zs`^WBV>Z#M92k6Bk}TU0!_7$QUlQvFMU7c=bWExul!`a
zl1A1k`AJyz;cz1?`OB{>$UKRcpDZW)UY3!cnRgapNhd#vlQa@1zy2@=q`dNz?U(uH
zIvNs|b<43QVJWv6Hp|<AI9XnfH~C4P=Jw|imSrSQGri;^)8QatDZd$(v}U+F;fnUl
zAkxUsxn9lfEo<E!NNbi=w4^cXt25yYkbNn-tU8zTOy--*NPbdh^6L%RFj*$}$+nHs
zLb^^TEXR$kQ}UOe^FB0>8%ZZ&v%Z}7iL6`pm;6#e@-dH1=Y1*5m$m(}jN~unm+hBy
zrT35Xc9d5Sl8-DebzORSv%F^cQ%Gahk@GQ0v{pxdwVx%8)Uj-%lvRFGXA&MO6a1X#
zOPqObI;ShEjIyt!{PJ@?FJ!w)?*rMFJ;B_c&c}h|Q~KO=t{-NXI45LU>cd=r>9Wau
z=bwcMN%Mn;QUQ&XTK=G$O6*u&<v;bbQYSBZs*j(MTSAGSEF(WzPJXhi{A79gNgnc(
zeB`I)B>~A#erBHE`1E&|=^rL{m-~_mc;WLOL@&?nUE3R-cxS+c!RY)CpTGAJS;;%u
z=O1i<o-=f6ml3RF<f@IYpYS7thpIH#Imc?X+N^eKlr`EKV~w@OS>vq<Hml8Mv)iI<
z(Y6>{tS!zKZ%eRS?KZpJ9%YZV$Jk@-arSt7LX<Vi7G;l$ii(bkiHePii;9m*h_*)C
zqV3U9(b3T{(Xr8S(ecp<G1eGcj6EhQCORf2CN?H6CO#%1)*5SzwZ}%qM#sj)#>U3Q
z#>XbaS>tSR_PD6H=(w1;*tod3__&04YrHMq9v>AS9Ul`P8y^=RAD@sw5ffN_0$C@p
zSOQUOp!U1L*H6VjZ%Fp@Q=<(nVPSr$X*1r`KUXl{Ojn*B$U3S7_^AkJ1GgAj!a`1|
zX*1r`Gb@;HrYlb`VEH<Me(Gkp74i%%Vd0Td(`LM>|53qwGhKOlJ<I0@`>AJPGaNLu
zgoSgZrp<U$dxhxf%<0PNAeIlV?Wdxk7mP8qgoXP{O`GwiURc3=GhKQ51(u&)$4@;E
z+u(?yB`jPhHEqV5x>{X5ojF}u9nA6@LjBaIa11URTEarD`noo!OY3G8%rBk3^mGEt
zCx=t-a6c?Hw1kB>N==*brv9{o`DVKE^p`CES%jZD3*I;SshdEw$<0n-GtOD3RxsZ=
zZCT-TmapE>PsKw&7;k6^3$sd1oAIVzQo(#PU3q#f%TH<Qr<TJOIA~}I3ujABoAIWu
z(o9chPFGgfWcjjw|E>2w^Of7!@#fGZY1zZ?z-@qw#g#W~ZPx7JqbB8zNXO6c*KeQN
z5*UVjQceyZ2IOU3^KpcWYl$&la81(&A<w92RdLcLmbP=zYaCrLhxNB$V|l@Wp<?V-
z8RJpjc3^_B%k#1)<!X;|r5&CzRmT0(-(s-EIK9%4#}^i(a>nyfp=%aYD(VYAH4j$6
zC-C+mKh^WFemsb2QuJFtDY0<cvXsEi2ii9{@27hF%Jl;BVKHoiJ@6eAg7dHRXyB8K
z-|&f9lSbv5Q^i`T8=V)gRQR?^rT)((p6wo5ZTZ1@e@@<h^FOAae0j^{7YA6w3xXg1
zDQ3^m9uIZg8`&mfz}ofWo;lv7Zaa^?b-(-g!)JDe6y~h!^VQqiu56g%@cm+3hqI5}
zvaRiv>GNL-+xN(fX9n1s+}8KNrjJ&>H1EX;OFwz|mj+XAT=LWS)TxP&C4Ktxz&)=I
zomR8${c*Px^oo5V;N3n?caP8h>8bfUTi@UClbI6_{kCxX!rglxT>kBg%|f2GM4x^1
z)tF`lqvKy~)BeNHj(@)Efi1fa)NS1P*auI2)bOo6%f>Bu;DzD$+?4s^(ciyJ^SgD_
zx)qIneedf9mrh-HGvBdx^-G&JJ>28&OwY98vr?_^L=SVk{n3C%TOOM`v-eY5?`@iM
z)0E4{=e_yuo6EKyU-`s66KC&DTXSje;??sO<aFLVE~xtUOXsT1dEI8q7|?M2?iZ)u
zweQ1I?H75qY2NJpfZM(~@Oa+XMK|5F*8gKQ<NT&sSI^X~@%YGU-@g6n?38TpPv4%~
zBBRc!TSMLu7X`n>CGuZ4wTHj>!I`NqJ>dPsrKt(+@7owu^`pD?EZmWE+fR4xvEMsy
zO#YASo{#_RV3!-832D^0&$7k^?|*Ll$B3U-zqD&^e8$)7k7lf^`)IYDGoGnGq2uNH
zL*Kvk`+6%|jP3RKPmko(9r=sfmp!JOeP+>$@&A}P?w;4~n(BRiO6_CQp8KZ%Ywv!r
zc*x@q4tcQM(5H5NkQ%dV<MM@n-u7CvCr_s>U$k{u*RLDSO*k6;?&242TlVyd+-E-g
zeb2TZ`=@UI>Wxz!Zag1y;mYh6rrvg7@t*KckEcf5bzyMu)2*#x3%}a5{M1t$Pv4fh
z|H$gLomV}7<nF}<0iB;;)wAd1x9ToQeEsaB>mF|Lz`&IOXT$b2wLSLZx6cPGUh2E#
zxq`(3-#7iO&F~}PO<tV2ch#M@CwI<|JochT;x`f7=Q%px-fGF{M?1VZcgfO_sL$8b
zJN??@N9#O$WXka^S=*mFGwzpji`%%*dPV9}er*c|7UUMpEm&3XPQh0NzZcZF(&9?j
zE9qD6y7JVO4Oc$7^4%46wcgd3t0`B<U7dM#`PD5~4_-Zc)l%57uzlg+!ik0R3fC0A
zUwFLma$zk;OGlDpgyUYvBF9F@9>)(34|Rj$+iUm@W~+awt?IBkul(E^yLEKC&25U?
z<8Cjy?Q}cocEv5&-R9oYeU$rs?u*@Dci-oJ#@)*!+@p=h0FNAxhdo~K*x~V|$3>6o
zRhm`N{cTe2|JM82|84ELaH(v5;o5(tKHuoC5?}XMpTF&|wisH%!hurLX1uAr-_X;U
z)0Nfzu5<ayuCH|Zajbv$R)2K{ytnzQ4iLS=Up<Z92Tiy8tC_F@-hlw-wS~F|{8dA^
z-3hBx*g4(|w<$Hht1;cz(6^x<IYoI+R?PcG8h01dJLg%8Wjx{FiHiBuNaM!(TuJYo
zCX{95r+;IlTlb_M$vu1Z?vv7&&k_x|W#FxY2J7D)89ip~9pf^`XJzM1$jzHLY4Vh*
z)9x&`Nt#C*Mx(s!irJ)nAct2QC73k0w=F7VV1J%q<Y|N8<=WyWniD;<r)1=I;&s<9
zDYmFIZ4?;84jtYl>ZUZlrch!Cml(!d={h`RM8EOFWhj^H$=NhOT`O@+QHgtJ_r`uK
zySTQ>7T3jWD^*r|Tv1tN;A<@0yn$oreVCd<_mQ&8ZLegx|IR8ZwGB>3NN>hXlrKA#
zQ}n1x7QGTV|J@SP|BlWf1N!y6wz9Q@I{NPyxx%ckugslNQ?D(voQE;jTjcU{u3U+W
zk8QmwdX!V(*vb~z<%}y=-h`raQ7>=z{=LdLEToF#DqG@8WL>E;+l#NxdYR=@4zbbw
zx^}{^9bfkG5&zeP=l)_o=X62eOq%xkm#<p4Y1@veL{M(-9#uTOs#f#1`1tzyR}ZLB
zGq6@ra7gVsdX{zTh1S0zEIi`I1~)Zq)VN90X3bkfwrnN0D1H8a`2RJxs=rmu|Dqjf
zw?@a5y(1I;dPi1bEB;~~mD&nhY|$yyY5d5ZeE+YEl1JZ^Mz8)#+6pdbT&eQfql(Jg
z4<FOy3~s{WP|7Q(*p;;zDxH7jN^dPHJvT5p^R=!`*BWP1<CQiWDwX+ll)EdVQD@QN
zuAC~btj%CAQSOQ|uUxr{j~42?@1%^}Y4nwpespD5d1Y+}r=!KS{EJE-C&S&CraYqu
zV)GWwD{17*Xf;VrR=Md~wv8W~r;X;w5Z<_9ul>35Jo#{k>grOL>dJ9zF}HTDuA0d6
zV%I#?+F+1r#?X`5xi)*wm|TjSrhN^kwC}nyBRbkj=WOGfMj2E8^%=+NgQWi}%Nl2V
zQs{c}OyJu}dWY-MxftV5vda^GsjjA-t*-V#lgm1@iJN%t@9w{NhKm0`u<J6Wrt|fp
z>(1C|;Ls@jfl39#d>TWamOhk99;D_ojM7J3w48gKm*r$q;&?1CRnd`9UIO#zD{p@B
z4#7=m`T^{D(|E^jyxtkH_{tHjb%ZP$x4(FXJuPjdj6s!`m(KeNMQ1icdYNPWm$Rgd
zJ>|SE=e*0S7Uz8}t19{6N1pT8W5#Fm6{+kj`fd)VuX09ir5_bVu}Lye*huY#n$i!P
z()iedeo@RfH`c~@V|lDEJ5Rd<@INDce9{Qa8k<f3Kv!-$pVLhm(WTVsMg-0fv*u&;
zT=YyRyX!eL2&kbp_}5UU{dDd!!tHC;P<`swP`5)aY=&L%6I_Pc^=c?<N1e|))KDf?
z!gqn_=X=#q!+X|H`+66n`qWUbF)ez_9Xid&*5LEgHPlOR5a#9RJT#uN!Lh6wst~>Y
zff}m$%o?f-%my<ocbUtzYpL_~{(X!NsinRS*4J07j;<f6tLp|#ryFr*nfjDbzJHKr
z8x)jE`v_^5mXY4fOSHLu3+uc<Sp;*wS+4y?c_coPaI}%<y+%D9Fs99TNw*kkfE~Kq
zYpIl&e;=<}YpJFn>r6M+eI`nup2qa1QssHdc5T^yBTa3VNi~);%l{c^PnD70oG;p3
z|2UStnY4mA-z-;bbaC8V(%oaE`PzsNHp*zm%kl-xn+Q+9jFejHq5ieh{i(IoWb_kE
zH_fW04os+}TEZL9n(2&3YN=dU2j7AFqqWrOrM1*K2zZu#10%utH{;ius=@i1>Swe`
zXQnes#hLTU(hpXUc2x!Q%gVDdal1<8|D!Q&xxhC4QB%Ejsiw+9o7~Ryl2UQzys~ur
z3ewiTT%31V%U^HYm!;N!*_gfuz3+xVwf#od=o?mXx(zO*abBOS|DUY?Xd~Ac-=N}j
zyIn}*ygpgKSIa<E6WTx)JO@XufvSZqP~8fXz!N^|7^uF0La=uVRJX(Gu7T<RsBVF(
zA@l?DSN!Zkf4-qV|CoAf^T?c(u}N9IwGP2_3)cEHH%w~XuvhDbso@QC8g?g0CJiA8
zD(V+*_KBACrTZ5XrK*ASfDHiY-^!y_?U`SDwESeA{ItHWXqhiRSx$bkoczMI|2(lb
zbiScWXE4l&KVi-{w3+YqYEPq}o<_dq>FZt3zj}EOqulo!<^Ff;j>eAuSLwf7{$@rw
zT-HW?HTy5sm8}Q6vHdP<W4rDDrMjZ+H_s!Z`2SP?tAYR3!2g3aV0aH=^^b7JjH0hV
zaaZ7&5fgcrHfc(+mm$vhf_T!15jF;&F8X4487VsFRh(pOc}ZkM^(=<a=C#&|*=ds|
zj*3s}Io=lQ?C&TmMU>q+1*33J89Oo~D^0%gUUnvBCMlT<t|;@f=~_9;s*Ne-Zb#{*
zJLeTwl?+^8BJ0j$oo2?Am}!emn$mN))p_&EN?`lT1fBCL%0g09kjK~x^B{$D9x{}<
z^JdDPkj*LH)^bufS4VkCoT}42hSPK(o9P#e9+92Nhe|VyFVu@0t;lCqdY)66jAP$9
zwOu<M%F3tY9H(6383!px`b9afwm8x$r7gxxTGk4#nJG)kudMck**1}P0A>DoXk~;)
zI)&x^NSQwfB8{-5HN%pYc0`eH*J^CP?t9kX7O>gPU2C|c^=PgWTBSR0c2S(uR>!f?
zczUTGad###1dTX9@m{8B<EHVFLD_Ch4)dbD$ma}-aw(3Llgo%sD_Jx%@sx5`sm&?j
zd!@+btg`gR<V-R*M*O*dcVo0%uH6`-%h(u6tZz(Nt8{f^v|Nf;8Ltg9aJ{=m%cMm0
z%ZY4eoi-vZk6n!C-}yKxUh{SAp>kH^w6|<AMa38{BZp9iau0|yo$<~Gge~4_tIF6W
z>1}APuIRwMwglI)!DW`fX>;{j)s8D|Gs`+uD&9<UGsvfCGm3M*j)Tys3-T?x{9Q*e
z^<C?f+4Ypn$|IqSX~tE&)Xh(ySMr>+m0H00URYvY=^MK9a?C5STwHM>iYlm7S;|gQ
zQ7)wmQARGM%95ZJ<$AB$n)xUdt7lYv;c?3TdQJziPK&a4IuDHOulGbK%3jOpn$k<`
z^&E30vUe(dyz!(|dm30|#zdL1B@e{n#7;TLn{3*{*1V$QsJQgk&U9W9YiVT0h{?rg
zX!%xesg!?VAD2p5eyhP&di9;lZ#`fdn^)U3o<`?5-(GCj%#>{u_m4Y>UqpPY;$IDi
zM97D~O0b^UJ)jDiIOp?Miy78w{Mc;vgR?<Z6caZpeQYK}rxjgiZ5TQv*Nh71r`@{6
zWjsVCL3tLFdAK;G)DF>W4IMM3t@xR;Zpc)W^|cFBv<5!DCC|PM!>_{pOC@(Pccao=
z&D~61QSQ<UL&|QZFX#3tqcp{4X+sYezn?0{#<FLERO`h->IwJ^WV*L$R*#w_<K~s_
zM<E}U%FD~fZkjY4+lgjP(cz(gjH`Gdr$dBwHGU~bBYa(ux(LZH2B~@wxL&90%R%Z+
zcmtk+zMFJLZ46Q|uLY^uFc><$sdMM+LF#2V1AAcBR-OE}g4BSwgVZ{>3-Wg8tlSo)
zzJ!qNLF!NR8z1Pbe=kVQd_PDXg>|rEm(CX-1}V$VAk__;!L&U(tv_Wub_c2ZAQdj|
z*EzB`NY&mKq;7-u@X;ZiIR}H(lrMtRepmrrj_Nc$5~Rk!i!cxFJE8N`*Fh@dc#wJ%
z=0M(QowX-})Ynk&RFEn}Z}>sy!|#IBlivraA7BftIHU9Bk3q`+C+Znmg8f&WW@m#`
z)pL{+TEdLqbnZAGq*lR?@F~>%Q^#^CNPQ1&FOwgPxT@2mfcl1y;6*s^9<1?`3RXMa
zf>kKfzo0vL=`^bntVY8cm<ylz=zQ!QtX5fq)fLzS4XW!{{DM_CcnC7#mLQ$|HG|cW
zz+e?uD_B{eMID{Z!NICZNU-V)(Xc2?=X_|e^1dNhjfJ+buz}9yaPp4`R!_k+c&VAr
ziN?X|&L+X?dsq+cTI&4XJXkeq5v;~T3e>O%t4pvZDp<t}g#Ds})ofd^dbeG$dh=$c
z+Xt&z@Fsi@ONj5^FIZ*w4OXjDbZRjz;nA>oUa<OPez5u-T?2g>ZhkCSJqz35Ybb=a
zj|Zy}@DY3kXW&n$vLIObLlE?YZO}U^H^Uw;FXYfSl_5s;h}eG8VK66lV0z}bjNBwF
z-RQ0~gJ@C6b>Y)P<OkIb2dg@;;R5^T*Yb%yAFTe{xwDKijw>V1c{}2ME4f{bjr6q*
z-PM@?5Yw$3>_0}X`&Ti&RDKgmO`Gc(MSRC<A?htlG0HnceL~#5=xJciJ5?&38DAOQ
z-YLJzEcbWQc4d8ajcxOB+Qz?|UuBo;OP&1++IeK-yvbphcNyPSKXthK$q82Kd=fXR
z@w2J~<;~m6zRC}KE?miU2Q^rwA?fN)<wZI(PNrp^Xc_s>8<AyXB*f{6q>E7ZYV*U<
z@{7Q;)*35uh#IEuBF@`bkK`jiGjDT!`gB+F7^Om)->7|v#vt@v(8Zt?+GHi+fr)xL
zGks}&FY`Yq-MgUIRb1~$<2$A2h(VB7qOxoW(zkzP+4C5aTw6qv6fH(MzZ)4+f<_sX
z2hI|2@-@>xLg}=nr`s86#$|=5jj$6A!zHMd9ipBv2+j#n=LkE9zih-w8o^9cTFbmf
z6H2m<X`z!7@wp)?7fPosJ^g`^Mz2!_R!`5&$QzMSvO=R%>D9?_=+jC>mpUj@Qmwqj
zD#wKU%-53K9uHB19~3-Rk{IH=7lf#qV1p!B0RI5LCpa&mF^qzZunUgCd8qnihzbQ8
zbcG>sCk%cnM8z!%QHd}XlAs?L+t)ukRqKRmZV2at(vIYCbUNGtCn&s(>nUsx*T=h)
z@$e)*4=wn*>0|uKnI!R>(8BjLvUZ@qfN(erUmM}$Xkj~pkDfq(1G4P5XrXI3$07Q6
zkoZgJLL=-z3)+}}th*KPr{sBloDohycLx@A^gvHB;-{j8S;S96-wTpvI$HR=(Ba5O
z3-6KVeQ4n`!uO+R0)I+|v=jCao`s$blFvivIk21fhtYG5_(#z~AL8esg^vl(M+=`2
zehmFMNInbDg5>iATG&hYNwkno_$jn-fbc@JAcJ~5ja~%&sb}~ntRTDuElB#MXyG8?
zXVJp_gqNWO*=NhqF93gPCI5sk39mx01}Wznv>@>>qF)03)XV%6B>oljdXV%R(67P~
z;y0pSH{#zw3rC566TKPuQ*ZNcs}bIg7UGG2A1&~wKH#4q`G1HO*o}^zXhGt4p#}cb
zNBk2c&BthgKlKU!1WErXT97om(O((y$I!wC;=e|p1^(2p{1ar^^JsxTb%B3^<ntT)
zBJihv=bx~Q_&?CXF2a}4VVpN86^<6}CH_Wqlo8(=Ei|V?P8)PvAc><LS{O?BX0*_R
zH0{xe(4KGybVrc%ozQ~3e%To<$VID*Xy`_`E4mLzc~a0q82R)?3!#Mjp@ka=r=o?H
z<SBzW3U<P`pa+7ysW}KO#1bBY7GenBh8Fs~pwuw5AnDW5LNf6q(1MNl47AXM_)%z~
zGvP64p%rPyqJ>Dpcc2AHGY&2M(UfZ%TIfK0Hd>JM6VSp{(&VCr=EP4z3(W}MgBHFg
zO+H#^MEw0|p%Zz|KnoH-3oSGwel}W=_=nKKTZHGJABM(+=c0wpgdax>4GAwr3qj=b
zELx~ZxQmC5jL(`wI1gmsO-4^K!grzXf%}P{juvE$)(6o-Bf_)MbD$yNxo9Dg@T2H?
z(4O#P=;t7u@CvjLM)-O3IwSr?wD2WmehK{w93{K~Eu0|yDq6UKWjCT<GvYU)g+$_C
zN55gjzlj#=5Wg8Mcw%5}K?||Ozl9bg|F_Y?<tq-yR`hlweg|3zCjC2T!AkgDv>^5N
z9{K~2d_F`Ayw#+3qIVhbAEAYz+{->je`3UciWYXT>~8cPc!%&_v>?96eQ4ob;`gJ4
z2E-pk3;T)x0xf(@_z+sSMEEfJEJ!)ep@p@?|B4pY6F!d?s*>gcT9`}xZ)o9p!WYrP
za>9S0F9AWvWwZw2KM5Crtm~@G2e~dOoT$|yh4=t;D+niSMcY8?&5jm&*XDdi3lblV
z7J3mMgKlTU-;5SI6W<=4XvB9wcNB>4gibQzd!U83#3!Ts81X6SG?022h8_-5{t;;5
zCen{Y-)F?nL2oz0JJ5pc>vzz5fNUIl(Za8U_n}*P>UrAGw}2c!>F5VxA8D2caQwh9
zj?bNFLBhMyf`s>>|AZY3c77G@Fv80N*}t%lfz!{SFM=F1m(W*1j)8oZ7asrK;kXYi
zEFgS8T3AAO23mNQ@B?T;>R~2YSW5hZXyJLnv(Um(!n4uByANTfptnHcZ=6Ty?M8SS
z$GuQx4%Zd5@Et?WJc<_LiI<am7|43l(L!s&!_iL~@r%*I2W;1~XraR?>JaS!SynDE
zRYB^Z8oD}2Jp`bGjQHB<`bK;>y0H=81l`Jrx1!^W_;_@CBR&z`#fa~Y?q$UHMGLat
zRJ0)B0cb(O1JQzn2cZQi+Yq!M;h|_j!f9wh!o$#`L6#kZ&Nkw6&=a5s@ww<pa0}td
z=qWIg@Kp3P$R~U!`Yy;Jd^h?YxR-D~dKO6jv(fWF);k})(1?E;z08PTj$UQNuSUOO
z#IHwhFyc3&1#j|v6TKNE&n@V;;B~@pqlG^RZ$k^SPCFd$p#@oX7y1*BYuBe}LDKI-
z?*}RKVe}D@{J%sWg(ZYfpihFN`4%n6weAP>k09xPLZ5;8g#U>aE)%|h7NiW9Bo6Y4
z{}WvR_Y=N?7Nk6lBDgog435cWXd&Xb!_gcqJVV%y7C1FjZ?y0Y%ML?l1E;piK~INs
z#LqxK00bSc-^8^A>XK$3`bYSVc-4aA7Occu(P<#pmSO00a3g*=TJZkD;TVAy>T;19
zi5BV*pMe$*9&|WHp@qYQN24=A$}k=+d_#N|TJT`mY_xEa_#Cuwif}GE52Or}(33&(
zxfeYh-XTps`ZP$IGw5GH(ws+MFyf^nQbSnIvC$YUNH`KLNH}pN=K)AQ$!MY7WQU_C
zdb|;zk6vtqZ(K#afuy&ivyJdH^xYt3xCbp<nM9e<vp~{6jGhaU<`J}TcrfP+dI3n9
zC(wfIm#5HcjQF)^;ce2dLkk-Szlat#5q=3RY$yCOT9EYX(ZVl;H=u<t2)~LJ&Jf;+
z7M61lehvK|NO|5z3vz6HfEKor{zJ5|i*4MA{upGt_M!KKEc*reh!MVs{v9Mu>N>7<
zFbvx%2fZDvV;qhM2iI>1XW0(u!El1~iU*^Op$YL#(0$-A@$1nCjQGRo0wX@h(@ot8
zjY)qudX5pEi+<b)KY@PI2rooG2S><r1$u)K-iY38gx^BHZG`iE-PEg)Nd7y}=V1rS
zF0bvTwnMnYqmP4>KQYTqrGdl`Lr({7yMA<25pW~%H=;Yi*QC#u$}@f)(1RfyOdm*9
z_R$Wer9B-Ehv91@EEV4p_$AuWu|`;Y7u|rr#2);c43cIlTA0Op#dmQJ@RvB9f5LAx
zGR0RRnEr|f2+Oh$q6O1mF^e$ST;s2J*oc1=EmY*Mc+5z@04?lhWzPPJr-%~{5Wf&D
zm_CZ93G-L3Ut$?E1*yB`=;tLd+p-cZh;LyPT99p7gBB$IMYO=*HNJ>fh?Mjj(9XVy
zO?vvoH_(FVi+EFy*L)G;kKnJ!|KLve10n>;b0=DmcxRu3_!tC<7azk>;4e{p2)_Wo
zMDZU8l1BUo;xCZ+-_gP{^8W)Zn7)D=Br$2i(SqqKup9BEeFfq#kaD&|3#EMp9f%Vo
zO((Qak$<2!X`~Eh+f&+-IUM)7Ao0@n6e#w;w7qGzF`e6MWwouiT^F^jFlilT+e&PB
zvu*VgVQEkOVwBlzPf450Y){E`)oeGtPuOfX?I0}eCV}8J?IvkE$+o-FZW>kv8wB_z
zN_%9R5#E6o%=XA`!sMAKZIG6<H6*=r8^o1%M_KKNSE(Sg9kG$H*^YRdu(Tnh?XZoo
z*>>1U*latzPuOfbd_~x7JG}Q7Z3k%=JONUE)BgXEIxKDf7aD1*g%#WUwF%b;vGJOq
zP1`=6uxZbCCv4jAg9r<feh6BS@KCfMVP~6s3~{C%KAW&<Ge1q(w3Am8Hf`fK32z3;
zry?7;0DEQ^Y0I*E4-<dH$j8~%{eifOY}!ktxeWP~p&~nWg_9lI;drqfyM?f`9Xl+d
z*mf0rRUrEk_NuduDt4*B@#&IXD)#3%J$>Teu|LHIm34{zDM;B$+n=Y1=a(q<=g&a;
zM6o{wSypVzOpu`1kk1%lu_0T6#ET7?WrW3sybC0s(l+FSMjEjp1u0Ky8}e}@jo6K=
zjqtzQZhY5Ruh@)2MRwyyq>=3vyHSvO6T9&+Nd1W2D9HAfXDd3}ht4)(W$i#`yUy8`
zbGF|UHkxU(iCrSo$&dnr;C4uZqF;!cstfg@Iar}9sLtrFXs;?>US2+4eqMFGLcMPA
z3ioR7)xoQW*DYSzUK6~&^7`7#;gwQ#dexk2k5-#s?XhZ4S36nlbTvn{l!A8)4ivPz
zns{~I)yJ>yyt)@Tchzw<hcUh<7hWke*FVhPP2CG(5O{zmgh2${2sartMhi{B4$%+?
z2?lM@LPvvcXd%fU87=gJKF}BXL4SjRXkn1S5VSDVAPp^~!*CdBFdBUaWI`@Xgefo$
z?uL5}^3e~$!>|~hgB9=stbuj#7Mz1$!Ti}gZ}A-DImh!6&v~AK1tA5>$4$jR0<;HJ
zuV=lKdiT~_zVeTiYK)tTzoU3r$zvbWKf^h=2s`RssCT8Fqn??6zV{68ncj1~=XuZf
zUf{jjd#(3+?^lu6y*GQm?ft&@PVZgbpLp-_K7@Sbea!o~_i69%ybHyBp#MVMR5h?b
zEW|?>NP$fFiP6_RZLMs}ZQE_y0s-s;=m(Qvx`ArqXrk)Yt9wJ;u)2vMsoJNo^c6_o
zgk|a_M0t5~42F6gL#kJ;UR92_Q;2_U|Jpv`)x(>Gw+tT^J~Dh%cy>4quuG0YN8x2h
zfx{@Nrna&^VYh)bnli)kx7i<%x1Y8dxG8^)aP)K#E99y}ERg^-9*tVlgV)!-SbKe4
z+ElRI-A(NSD{Zh5kZmB&J1M{UtL%1^-iE(lexn36ICmfxx`A37yEbucueB*_2d%wr
zZQ9!9ffoZW1zruzS+{-N`s!}#6QD78$t?dh^`OkYA#2n+wOPHzS0N7}e;}LPkGp^C
z{-gUp-5u@|JtlhGi_Ao3A)f3@U!)!qh9n}gUuA!e^v>{Z@8914VD-b*3jzuP&IJD)
z91{{7;$GXMwkL8R^g!rI<j2r|hW-+IA@pMCAEAFDD%>aBU)%pV;S<B}4bKmMG<<pZ
zj&K#xFrslp(})%kwuq>RUJ-pF(jp#;csOEyM5CJ$Z|ZT=u$vr>RnxrYlbb);d|`7(
zbJcQa%X6&?TH(;QdLh-U;S9qcXKib3Z(VF%VqK0DSg%;;+m_jO*iPHR?P>Pu_Puro
za%+?$YDX_eFSROS)$CPsR#{gktZuoc<(j?7kaa`W-LY=mx|^@IzZy_jr_fs1udsjN
zsKPOY<2X_sg>H^;M;iu(9pcDv<RH&FmN`y1zT?XWzc?;CuIk6Jo11cnst^Tn&>rT)
z64(b<;3UUl0hq^i%3e419*{s?1hwByHG-xv3hn?o?q|RQFc;Rq%kUGN_{>dR0Cm7k
z-2%g4DyYx7hQckd1fGRu@DGC*&?{jLya+GDW_ZhBEBZb706Y(}U0?w}s0G0g3O7Ik
zw1Jx;5jsOxgC6J<=m#%+;igu@Cx_hB9&o^ff4ZsH!0l%@)eh7-?ss5?1+W}mh7GVC
z-hsWaA1;D4QeT4azyWSFR^1^0+CU<7hZN`w!yp6XLHHpWvd7?`a1O43G-&f69}dF_
zI0NSl)Fn6N0|C$tQeY4agIO>iUV`<o0n}wTmHH?1VLar(M3@S9Lq0qR^WjBU4_jad
zd;t642%LcL;T-%9ssNu9JOLlWIk*g^uaBoZ&U)mxxX|Kq3r7pCy~m5L7vXMdQ3LY1
z$xUTJ4orl6=+uz-YV3EYW?(_bKpezFTZ8s!VSX$8Sy1$=@<5eYRa$xGht3XdUcY($
zsmO^)M`Ys4Wh+}2wkj0cOZ;&~KkpRp0p26LM|n^8KC#-dTGeq=Uf^xuiw=Y!2!`4a
z191=!ZJ;Zpz#veyiG!ja_mDdv2kwS^m<{t`5iEgaQ1r99sg}_khamSM#eJhOoTyIy
zgR0rRW{;Y^YNph@rRJ^3;F?2g4y!r4=A4?3)SO>)ea%;EZmRia&22SzAn(@vpysZc
zU(`HYGa#^LU{GM~z`=n-1Md#Z4_p+OANf?|^2n8ut0P~ITp#&*<eQP(B6mc77`ZEQ
zPvpMHFCq^|ejVwy&TF0bI{$Sw)&;K%U)N||lXWfEo%o((9)5r`@H6}Z=b#Xl2Ye8)
z6WNXI3-~kON`NC^e(09at)V<Ai)<L#7?Gc9As&2wC#Y|z2DPCcL_h<$2^v8&uzI+u
z9-soT3&9h7p*jRWAT)tyU<ErwK@227Tj&hkpgSZ(FGw*Mh!%#z2p9#KkOLFJ{N;G$
zc}(({;&G?PJs#7M2apGm*&cH|<|2=JJm;~(<D|zq4~Ivi`pxPOt)E_hRQ)^ZZ%0&E
zP+0A-`eET=UBbGD^$JS~8yGeS8G;N&(!%Zu%MW`k?Deqs!#)f<5cWmb(XeA-XT#2i
z{TB9nSYcSBh(-|^>oV{@7ylBuwm%BX4b*4YTVVd~v&^u}v^-*&XL-!Bz_Qx1*0SF6
zs%4{PlV!8zZOaFiotBR*pICNV_8})Mr!C)Eezjb-I4tJ!!|HS0g3&Mr?tn*OK0F2s
z;AvP6YrxIoVezzBEY&RmmOx7rOEZhrVz)$DVl1(icuRt%EpoG^qotdryCvDu%hDGa
zWVy|9J2J{L*^=LKQOm_GFSJyx4z}{NdRnU@5!R-BwzQ2^MQ`t=dOMb>%j5sd`SZx1
zQpQu+Zt66ggI_^BhsRgqj9cZd;@@yriBSJdcNGrL?QvJ@;lvr{Un2fbaoTyP9)Y^U
zOY&1S95q^68Bg8zs7={#un)7}Yah1e?ltPg6^GUz`tZ;vhYAiYcWiUK>)7e|*s<5~
znd6Y-OUGBmHl-iuD_9``!b75+Y*!9<u36{dH@FA|-~jXYnCDK<eV#vgp7s3AvwlHr
zL3}~mf}4@Vf(`|p3OW~bE$CCw!TOYSsdbq=a#3#UX&-IiIEH?pIZfq0WBd}ydjJfC
zG+B>Fw#UpW4^~O`8sL?K^!4uVy}s_Ay8A*u3;jIwMChr|A3}ddenT#WUJl(+-%;N;
z+%J4z__^?A)=29j>oZnWSiLa3Fj8x?UFEnFPGDOIZ8%p1wbxBWf)%>L=>2YLEZhb6
z!%TP>*1}7m-2CZB=C6j)hRKDgFdY(M0Ne^`kiTa4ntf}ItoeG)@inrE`2lX~T`=wU
zeBZggkNVE{ecX4o?^@rDzMFhE`@Ze_zVC;=yL><P-R*nO_Y2=+zF+&E@ICGOo$p!S
zUwzN}nsp`mIqRR+t5%2goXug|XD_s?sDV+V9NCTuj-}c@KKBZC4_t%-xC(`!b?#$d
zgm0jo3L{}Os5OymS|LU2uyFkXPw)a?2!tRAfjSTa@z5IDLw87lTj85*9qCwka4z)`
zaxCOT$d4iCLN14#sN<-kYPzW!5C}KJdiV*>!DTS}d#_b%c|NmAZ9#VMbm1_)OfRW-
z+&^^R?|#Dl8*KD{y8nXYV5d)Zy53!Tt-I*)hsS+Y=5Wu|+opp&hk4F6j^Xp3;rIr!
zG~d7huY<_9Uf+5B;&s;RPp>O@3LIVmRRgNltlFw-uc|Lp-GF>t^{1-8RlQjCPefG<
zs#X`d32A~PR=c&@uxfWy%c(Z2+C%skmRI|zS{3gE?{-KEa;tZ`_XO|!a@((4y|>bG
z-D9*{PkNv8{?+>m@>ka@^V*banON?1bgN~nas52WwezyY)5q7Rx=(;lpidK@W<FLQ
zyHAu)j8B43JLEQ>p+0Fo={^&X8OThZIX;j2%=dZR=SiPMKF|0pL7w$l=Ci`*d7srj
zYkgk!+3d3q@$~ie_4f_%t?Apux0!E(Z#(2x-@(2^kzu~+zWK<^GLHSNzFUps{iJrR
zSMlSc5`F=GHT_!qwL^L%{rzt7OY=+jyVGyF-%P)!{GRdK;J4B5Ex)bE4!;lm-2AQn
zcK;~<ME|b-_xa!N{{Zr!{~Z6h{ww@nKvwy$_kY!YqyJW9hyVNjA0l7*ANQw;Ts^UR
zx9UmNGpo<8KDW9GXco{ONeLJbFgRdnKsu5UFe)G`ASYl_z<mLaBG=jv*JtnK2hIyL
z+puo6GJ~^&rw88`{7mrj;Gcqj4ZaktLTZGBh1fz8L;8jc3&{-03dsq{57`)U2>A*L
zuRXPPe(eWp&#Jw;_F6>R_^QqgbyDh#uai?}Vx9at>*}np^HCjDH@I$i-Trk~A)fW3
z>UF^nGo#+}dN0>|rQVi$-_}#14MKZ`_6Z#vdQYg>rlw6)+-Ch<Z?lS>aD%IM!rNin
zkasnE;nT2vhRtvy?4O3sa3yR)_=NE3$o%jn;qDRc5mgaOL|{Y^QYWH*#7&6U6-|(4
z5s?wCA`&9nMzoLU5|I?q8<`RDK!j@XO^Y)vera(Yd*0cGvqp}N%tl<XC0n&@)zXu;
zvyIP?x1r^1-oxa2dxh(*_=M!1D}Eul_UiZgxzF!={_6AU1>cncE5lYcTiJYN;>xU*
z(^oECxqRifD??U=t-6s`^~0+^UbS!4{#6H%gR73LI={+owa04D)m2wpR{O5LadqPA
zyw&%w-njbw>OWQ&AXirxuC}acxW>As>l(SYKd|Oitv!BX%{OblTXS~JpKA)&sI^V-
zgLGWmd2RCAVQVL^y%V{2?JH|HAe+{{zIOB4t!sB6?;=On9$R~2?N4jZul;RpSvIqE
z-Qab%tsA>8XWglF&UQqR9aG>{Aili%NLWFWf@Wpj_cv(%(-gyhdhTjLk?%CZ(c00$
zG1xJxOuK}3qoVx`ji3p%hPKcS+Cwi$fuWEOe~RW_z66$o_^}kWcNj!MB6Nf#NP$U^
z4@+S=ya&5rFGzc9DVTn4v)_Z+t}*>%rtjPA|6ulgF#A22eICsI4rX5mv!8?V!iQCr
zvcUit2BRS#X2L9353j-&s7yOk?5ANc8S>#-I04Rfobu)#4&jgh`S1p8gYBTWcMAbf
z*8P4M@pnT$EP)-c6F!1(!1VK)_RuhFA+eM4;W1FY*a=`h6WBpm`g!m{Ow|DL{jtws
zJ!}9~9X|>*Hn5_*Kn~mo;_G`KPJpyKJ+QIjU;^ZV_-ch2@CxjMAHbsq#~E}s5TBxu
z0=Y2RU<UeCcn98xFAcsz3(j^-bL^IUco1eA%t1c_^I$0~gViAR&eu@c_F+40R>5o!
zN;@!J?ATiPN1+?^fHX*le0T-khYw(<L4FW^BRC94K?S?1R?yiXAH5ddG*BV>^Oi)k
z_M8RZL33CR(jUhG75O7t;df|n&;czhhgGl^_Q6Sm(`Z4})$u{wp|wE@TDT1!f~5xH
z*S-WQwAjDjl5nCyE_xm)+JIhA4ZOhztkBh<toGzX%#${xaN-7zTUZ~aqr!E6k?9{2
zf6qBkR^3lh^jvBTHuD{n2X2QP*arJRo_DBm><37MPA~$dz&$Vz<eAxYP}%HfNHJJ|
zUIr)NB%C%-Id1BYS)`w>+u`aFwi*7aeIV@uvz=zP4|0erc$IwK{%b$cf3sh8#}~B0
z;7j-l{)8(~>kvLOh=y3`4JnWXIWQaMz-m|v@51{aep+=LA1|nrZmI>uK|APeF#i<o
zM%V#opd!DN`hmPbo_|WeHF*Xq{O>uV{+#je`c2Ai4-~fpcKPr2-{*fsZx7H2c5Z)`
zY<s?`wL4Y)hV@(2zpei8`Wf}d)t^#-TK#R<!;TxA?bv1!%_HoH*r&rHW=9NbF}=l&
zt7es92Rc^iw%5pYqp-gec9v-?neFj%?E~}p3ylkH6Pl#i?%Fcg{^50+*Rj@VQzsGW
zT&It`f>Zn}#||k@@b~Poea}0dFS;fcXQt%cZE43J*V^xVJ&>OV;)zs6yb&M752=pS
zKmw5<Bm}90)I;hcVMqkh0BMLcMw%kckw~N!Vnd>k7$nXu-mNv#7P%QoL^>j!k*-L0
zw<Nb@q!-c$>5HTy1CW8pAY=$K6iGwUkr7A+G8!3+j6=pF*~kPW51E8aLGDEEM(%aX
zcbkFCL}nv%-5%lV-;cXJi7awk?Dj139I^s=0a=Y;sJp#{tVdo$UPm^&ZE@S`w%zSR
z<Rj!$WDl|r`3(6S`2snNe2IMJcFgTKauPX>e2aXK{D_=Een!r^opZZ@TtqG-1;|yz
zfw;N5xqBd<NL9oe@j?8M>PQVF5D7v;kUB^`q&^acL?8{2hDc+iDbgH?L|P#>B+5O(
zy)Dw-J<+`*(hW&Ml966WANK|BPrAS2KEY!Gp6xt5JySgH!nZvidC_B!$3Bn!9tS-R
zc^pBGBFB*9$Vuch@-6Z`@*{Ev`58Iuae?otU-Y<y6nI?muvST{l8%f(GLX^8SY#YB
z9?3=~AbH3nWC}73xeK`mnU36tJd8Yo%tIbS79dX|3z0?0Vq__@40#S&fxLjMLe?Pb
zke85GkPXO2WE1iRvKe^`*@|pO-bLO=K16mQA0wY4d#dcMvL88s97GNwN06h)G2}RM
z5;={0i+qp#h@3%wM$RI?A{UU0$REgMqyV{!I1o8`JrMa-MZ6Io#1E;C)Ib7}AS48-
zgVaOnBVkAc(g10QG)9^t&5=l?6{7j)cs6sDXEX9_U;Gh@XJz{J_L=%_H@My4fp{WS
z5pTo?@k6R3HIP6g2nj*BB;HUDsgHyq5l921A<`IWiZn+ekyeNei9%wKI3xjSgS121
zBOQ=VNEf6Vl7u89y^uagUnCV7fDA+iAw!U%NE(ukj6gDw(a2b295NosMkXM6$RuP6
zG7Y&4xd)k!+=t9SW+JnYhmePnN052QW5@#J$s3m5unc()S%JKOtU}fx>yVd_SC9?J
zMr0H62C^A>3)zZnN8Ul+Lq0%uA|D~2AiI&h$bRGiau7L$96^pE$B^U5N#r#0E%H6`
zBXS1$899smid;Z0B7Y#4kpko@;<%w|SOCwZ!owPeS;OMO5_vWy&!vWijSkDvo=43J
zn;*6?Y<bwKu=U!rsW+T_PCE^s)1j~vVc#1*r$53hc$oYns^et}#GlkEA{t51{7UU2
zx*C3^2k<Ldc?Ot{WV9I7VhnNzl8H<}@>)!6F}cNEE$%~RATyC!$V14($Ro%+<S}Fc
z@+7hlS%fS`mLkiL=a3c13&<*D4YCe-33&zCfNVrIA#Wg?k++bo$adr%<UQmAWGC_w
z@(HpV*^BH)4j>1SL&y>2C~^!rj+{hJ<3IZ+@(XgIln<@L$_^_#AzhGeND`8a^g{X|
zeUVgT05T96gbYE3B56oEG6Km!Mk8a9amaY&K4b<m6PblPgglHqg3Lo6Llz)UA`6j4
z$YP|yss^hXB8`!zNOL3-X|>9>Dhi1~;*bQS4bl#2k90sfAzhGeND}h@vG*SEQB)1v
z{)CW_kc5O9Ajod$%@7b3scE2(B4AfkKtOCLsMs4#6l|#2eH49^5-h0Lkz#L%*hLgX
z#fl(SRM`J@pWR7j&dw;PJn#4YzjyE7eRlWCoinquvuFC5{m}ks5IO)IgbqQ6p(D_d
z=x8(y9fL-qW6^Qw1auNQ8I47!&N+L|x#)a!5t@i5ql?ic=yG%=x*A<O=ejvJpqtPw
z=-=pebO-tmx*O>+58aO*MvtP$(Ua&Yv;-|f&!894%V=fQe#W=wyo=sPKcQcd)-{LE
zKc4-3Tp^U$r>FgLp4GML>w(xOrt5$HY`>PfA7^P|f57m>c52hNIKGVsV)uNT<9Iy@
z-+~{(VdvGX;BQ~y)VJg3(d@~y&XYL_PsO+6C-9s2TU?86xfZx5J`|6|)3MI0@ox8h
z%zN*4Ujf^3-tE3ac<<fryNdVT?Y@_IuWdhf`!ADq@T|moxO=_Pf*Q%ksB|vbx#$Sa
zjMRB!I>zK4L-HO!dWqvjr*ed-KgTh2jN*6BPSAe-^2X(jwcq}1_RV+VSiQ~}xrP1k
z-ffQaJ6+I8`?}-%vC|U!v3qhH_BQrkZ!2y%tKqC)*jJrBJDdH}7tOwvebm}NJq}%p
zHqZHC&M$Me%+YyY>(RK%aqKnzu=0EM86P!&7+WXoA5NU(<(*%`wolys7-9P-!uCVB
z+tKd!uZ{z1JM77nCsUTDJd-lB#>^V=<Ig&F7eBYxd;IRtj@{{)UGj0d7n6?Do%X-S
z>3qki|Jmbo{kH2k-CsRM=hXfC$K-b8SX}%#Tv_9a9XuBI$H(E$@|-UkKlZkJVfR8E
z)7qZnSvn82SK>I<?VO9D<5;oK<5&%5HJYVkSwC|uE34{Q)+rpz(s8V-=3F)BXY|`&
zIBun5R-XqRvl?4@>YpCBTAes<wK?#()zXmTRe$w3m3tn=AD%zMv8VsZ<5hzb$E)n)
zQ(?!KoQ&;1U-AE@<4FH|+-UpGEBrt0xY7R}FZySX7um;&9FG5Zj}L_%2h#aqf9H5l
zZPt5b_xQ)(KJM`?>-+fs_3Nqr>TwQto&33!=Tcroub|E7(#Tbj8zZ+z=0@(1EJClM
z-;tZw@s9ZUbsy<sLGAKQsfp522C9v+Q5}?r>Y)ax5o(N@qGpI)aw$>N0<}VIP&?EC
zbwWj`7<EP6&>m<n)D!haeNibYNBz*=XkRn{4Mc;{f#_g#C^{SsK}VsXXgC^yMxoK@
zcyuBfgHA!?&}nEqIuo6pa!$&5=mIn`Wm3u%G&SXtlxZoKrCgbEb;`9VGgGclxiRI|
zlz*q(o-!-tPIMQVoiZn79=ZqJmvVo~11S%sJd7Sqc`RiSdKSHaUPjB&3bYcviQY!<
zqW94U=p(citwW!p_2>)q75WB!i@rlYpr2BHN%<B1j<z9ABd(!GO_Yu@P;Hcr>YzMS
z4>drIP-D~-HABr&6tzIDP#e?^bwHg^5h_MqQI8ruYxJ(sr$#9%uhGB8K4@Pw01ZUr
zQpcs9hR#Gf-`s!x<yEOyoAb@*r>;P6q`sB<9$JM~qmR&9v<`iW)}t@bSLhq`E&2id
zjJBlynz}W$bIsvs1R8}#qvO$uXbd_9jYFrQ@#su+HaZubk1j+L&~$V;x)RMm*Pxl`
zdUPYY8QqF*L$lDG=q@xH%|(^y9&{gCfF48((Ie<F^aNUj7Ney#m(_d*J%?UEFQHe^
za`ZZS1HFabLGPheXf^r>twrn5r)WL;0)2(PLEoZHXfyf&{e*r&zoOsKHsqu^I&_m(
z6LI-kS_b0e_q1$O2j!u9r~zt(bg^1f)C_6odK9%ltxy}(4s}4CP!ZDkwBGX}bsnR8
z-XMJjXf|tJ6LA@C^9)oQWurPM57k2rP$SeBaWQ4{W=M}HYJpmzHmDuyfI6WfRE#+N
zy?HmZ2kMS`pkAmCDnVta0`*7xpncH*G!P9&2cm<~q3Ccl1RaHjqTy%+8ihuq<I#y|
z3_1mkL#Ltf=uC7rIv1UfE<_X1Bs2w0MVF%K=yG%=nt`rCGtq5m7P=GNg=V9<s1n_S
z?n4XEgJ>ao1U-hHK#R~~v=lv!o<+~27tzb;RrDHq9le3xLhqpW&?>YVeT3Gcb?8&H
z9({qnLf@co(I&JR{eXT#zo1{y?`Rv!h~%1UN7_X?N4iJ)n(IgW*NzN}93L4Qc`Wi|
z<i*G<k@vWE<O|LN{U!37IZ&wcKC=pQ3iAr<6^5PrSzNeVVIOnuXFtySoXmNjojVOj
zBRY-hbR0SXorF&AG_KQW=nQmWrwN@Vp($u8x)e=Em!m7u40H{eiLOUCqMOmJ=r%M9
z-HGl(v(a2siS9x7p#|tcv=BXl9z#!{MQAZvik?Q#qUX_z=w<XOdJVmf-av1mchGxi
z6<UoxLTk}F^flUmHlq^GGA%<Ds6W~V?TZGWfoL!~5FLyTMTesy=qNN44M!u;C^Q-!
zk4{8m&;&FIO+i!9rD!_399@ZKpli@fbUnHe-HcjrrfVzI2DL*SkPc`Rp{}SK+5>e*
zJy0*y2bG{QRDt@VebByW02+t}qXW^w=umVx8iI~OL(y<F0*ykW(eda+GzOi5&Ozs)
z3+7xnX9Ajprl6_lGIRx+fv!Q<qZ`r9=vH(anuYE}ccIy6E~=b!-<$<=7S4GDJ%*k@
zi_l`U6g`ceo%6z+m(c6z9rPah5$XI6ciqc8vpuiAxZLwk|Li=|37j*jzOrVqzkLbT
zd11q_&cAAcyW#!u@pvNEHLlxxo$JG7U&mkKn(SBqqw8C{^Y`t!zI6<_i}5V{IDQLn
zz!~g|FT}m@A$S~~hIJjR&evLpb)Hr;_P6W&tV6NR%bJ08KGw?#>wGEoA2Fdu{CwbO
zX8iotzC6pio@jE-X*I7-dn#=ST9)>7+OuiTaTU`GX?gS!v0wTybDhyU^bN5l{nPZ%
z)4xdnDt$wG-CA|Iv}@m5vuiD=^>wZ9Yi&i1GMZ!*WVFm^ozXU<ea5aCM`RpH{}H!m
zylncANX_h#*(<Y8=Ag_2G7rlf!8Mx`>8oH7T3ppH!E)0t!8-aR*oJg1TF~`o<7%H;
z`wXOO;})UCp6lS&aShzBT>qAmm73KH^~tKp+B<8Xto^d~&pIUQu&fbTBeN!<#aT~h
zJ)iYr*2`JTv))BccFpWws84o9cK_^sviHs2Kl_mEL$gO@kIbH!J(+8e7G*Eae%5y#
z(mJj|a&l60dgk=X>625D(?4gQoPBfl&p8Z@$QhY4F=ukl%V<T;TRHEb_j1<cY|i;U
zr%RnKb-LB*QD^Tu1M5717S>r*N9S2J&TW#rJK7WNh5F?7%{?`DO77I$OLDKsy&?Ce
z+(o(1qmFrf@(#^AB5!Ek@VpUuqw<c+J2~&vyzzOH@~+6c3f-Ld@4Tby5364<zhQn?
zu3tNl{ufTmKRth8{+nEF^kIHh<DAC1=;Fpx8_z@T`B3@v*KkPFp-qQ3J-_KiNY|A)
z1vLx06;u?QRB(F1gn~&0cNE-Pu%13AT5(=g{F<}s>&<>nTyLgp%{F%WuG2-kUbL&O
z-R;2jc)IRv?CjHKkDq<P?Ay4Ochl_eX4jZoV{SU)LYcWO=eE_NWA22x6X!0R``p~M
zbHC$i-q_qWTz|Fqyo2UVm^XReL-Ur-`wX?GkAreFfPN0ntGu9c0eY}<VdbNhk5w+N
zTvE9VeO<Y+^2f@bDnFV3)%<VfZ<wzG=JD&^xQ5vCu&;kRlXKqB#cb9kUFVex^Iq4b
zYr8(f>v1d2(bjc?^XqUuHtwIxxsrGiz8E{4TU`Tp$NllRgiq&rJXXIMlkfuk1b#YU
zhjXcG;I>%(JoLl;@#zUq;CT{$2rtDi;aBl%cm?jnxzu}NT}vjf!MdKz;oN9lhpTJ-
zbZu=P9CUrHdtL1a{vLE)?d}a2A3QYS1w224?{ApmJd7X1OYv&_Aueu2n~dk<N3q*a
zO()vw9=Mouo9*kf`@l*PF5|fzuf*@-Rd_A_G+{Qko!WReych0?`{2D3K7i*V@pOC>
z?#wyQZa*h|d3_C@gXiH#a2L*L-UIhYxEIg8abMgI@15{;p6%;uZ-9NzxzIo1O($~A
zC@$t)<vsAAv2h>3^CkEyd<}N54|K1G{r4iSSHSl5n8&V+Uype*&!^$A>oUvU;Csc+
zDu#=D;xYJ)gs1Q<--2()ci{W+c3;=c`Mi7J`#6VJ{swQvuXC>MJGg>n&%W5bK2+Bc
z=o$i@C;kg|s;*~q+s{E<&o(k=G}p3~u>2T`JU>@+U4?#cU*n(fIKCsDw{CxLRsX|x
zV4u$(_I>KR9E^{^?jtobHM1w`lUb7augn3N16h7eV!5?Ab7`V4omb5=E0twcpV}oX
zktVY|TFO<~x-R?G+BH}X^+6>lz8o6BQs^+2KTEQfRV{;FHOrus?9}X1mOqnN-YiB-
zS>C*0u6upOT=!aoWlf))lEiXmfLYE=Vi~g{XJys0MaztfP{+JZd0kL<)HAOa%ZtOR
zmKBrprsQ3ccX?u2acf>fmJ{93BWQ8{bNMgiznI^$Nt-6^&3Uq2n(Wr3dy^(jo3d;;
zr0HSk7&Nl!sHP`3J*{a?mJhq5o~U<0X+b&5ib-ZUaYw=If;k11=yUW{!8ZlpqRnR6
z(Xm;#X1kj{Uw)>q7hSL2a&9Y@0BsZP|1)zBq|Kj<7S4Nk-V^hloVS>^zjI}A<!+VT
zX!X_ZtL49dcK++iZ%teOBW?Ys^ViS+eEyfF&HpBTojvWS+xDvcRU7NJvk&t6QT!P0
z#5^gx?W@{Uw_Sah*GsV4SGB9M+SMZ574L?3Pk1fQ>u?R)OSP|RSNq~pyglu!+S5I8
z2`<I`5>~tVAbvdICwX3smnE$B_5rN+_DQ@rVYRniaZlU}_euC3p5^=S{rHiDqxq~a
z;x-AZT`t1i6Smvu-n6^2w|!O{t@im%yc(~;Zu_h@Sw0LOj&Dd<?XcV@VYR>V0|_tW
zS$5l5^;<9#U!U-giFVd)Pu=!Y?c`|ewv(5#uDiJD;-())*GAVxKaGxKokZIRH{-Re
zFDzwUVblCA)qOP3hUvP47ZUB+EY_KIUDzVL0>6P{cmlp1yT=#QzPs(Zu0N@InDy;T
z{tN5dHCW%)8h5YE(#(A__ea(1-4o4v_cGSIm!s<S?HXo%yVUC6p?ZCLl3CwgX4bb~
zq}Pe%wX4^+Q_T8y->kk_rL1%BZ`QXDty<q+nzfWQ?d7azYfal-*DeWI*PdwBwU=Zs
zVO{(A>{q$wKfa!wV%D=uS<l`d#n-PVn)T~966@F7yIy^2?uEG%0@kZ{%`499nzv`(
zUU@z8db5swcw!wpzHU7!@8Z0vtYKfl+O@lW-GKG$-8}2p59dFc|5X0-=%vtg?G{bi
zHfh(SE82@|5b~QgX05xR>7nRwv+g~-=?HXe(=km?uUZd(s_7E5E}qJ|c(;N*3VIau
zLS-nvUOutl&VsuO<`&E=m~Yn4*B5+I@MXaUw6Wm3f=<nLYqm$#`g(955wAyAM?XfN
zC9S*1`-~Vndu-^sd+WJv%)0xtN$c$gu--n2_4bG6Ju>g{d5h*fl~{i-s_atPwQ~2W
z_4omm=cAzY_-`sV@T>f(^0WD$&Hn;zu-4`OTkG!}+HvGRT7RF&-ygz{;Ky;;dVEKg
zAG>0$&wJP7C-VLgycoOd@mhzMJF`sbg1aTW2ha9;z1HnN!S4D!mx)xZ-<R-Ow)@5D
z&hn!#F2faA>+;_9`G<J_7=9w*B|I<1Ph+j;Kge=M>-mfDQ+NsXuJ7;0a-|3Eop4{C
z-SvNM1KgYN0-hhn+9q(f3nDCoTHw~WEmnV)ommd;iTA?VUQqu{y|A_sWNjPBZ((=)
z-~(Q38$tGNA9QEg6SRGBDEtWQZYNyN>l^V+xR_;-yS>nx*V<<AZZ}l&egS?EKZGB~
zJF*?&_RDh}%Qacs5bk!w4}Y*7VQ)W#Z8sdZ@{jv*`9E!Y!C`)=z=QD-*x{gRO_bia
zN#l6m4wa3E!^h}vJlyL?hqJA90zL(g#qMJQzmGq=4tX9KC-3&Wwe%w}yz-(-_kZ=Q
z`(ZxlJVeikk2{N;#m?~b6Vf-OZ%JQT>!n(wGsn`G=Elq)GPh)ou058%m^RiPoi#S=
zw5+qT)@N<b8l62h`|RusO}{mV=L}^V=j@#IIU92Z*EzymV;9ZcEw?1^UwJd~Zpu4>
ze!jkKw5gHXH%uO%w?Egaz20P1lL<|yHJ#D)rlx}njwo1A@OVK9*S8IBc0{vrQT3B}
zPIN+aT6A#Xq{55o6>)g0TUve9D%R@Ew%4}Z+G%SicG@NSW9m_SO_%HF>#%*-eYy_n
zdH{VMPUt$V>jPbvbdAn#KYRV`jkAmA?mqYRx$n<)=4F~bdp6D6GEe<VYW*lL*2L_m
zb^9$WNukdlJRM(#Kd!;~(KyP!l$N+OVf6tfuf%WTS?t@LhY!z)_iuC#&lll2_<rp6
zuhfWjs{*X`uBY%)>|OsVsU7cU=K`KD#Q(;(V{IpH#BTpXZofqHvZx>b%D&<lcKdr8
z&b}M<U%N{#>%jN`d@z0vtM5$pb2=7p!dtNV-Rz5B$M55h@ekPTuV*lA<PrFF{62Q)
z<E6~6FX3X^w4Qh^ZP{k*_Cx3Px9V<>&Y~Sq|6EHWv~AdF74Lt~ozIt^NPT!P`xcJC
zN8)4f1lDV>*ShT+@%|o%zZvi6(d|dE<YW4Qz?;}+--5NCy8^rY3#*^S`S@OZKYjqa
z{Vwjhf%X`i{ujTaFC^^tC+PlWCh#4qzXkXEoJAY#Uf1rn&)PO{ANqX-{ieLXr}bGI
z&2LHlKaI{AYyF1WSN(?c+o}HDydV0z(fs~r^SL{I?)>V`FQflte%O)uV6Vh{@TD~$
z9KkZgo)5yl_ptBP{XUbvpG5yRYF9pLvZjf{JbENP8Xtp~(vQ>DTCrO0=U1CF+_Wv1
z7JAzfwHL~$9T<<pe(&yl>(=LOOVw_wt=vRgsdiFr<T%>M4z!DE57kH3D#p{_&Z+O$
z<aREsZBv`(4qMM|`*jB6{73EA|8)DbJ?+x5%!_XO(<9NYe3fWdhA<DQ|7N%S__OxG
zZ3lMr_pd${<f?uVXj^pse=*ke|89Gu^Wg^J35{-TG`QJCy493<xX167X2<(KaocD2
z?+(ihEl<>sO=moTwq5PK`mxb|`&sxItp01Xd~s;A)kn&3G8bWodezU$IM_6-<3wTo
zef6@A9mV_p8ksekdDI;r_qe3nFU|y(W$G`-Z6^wymQHJ@1Gg5?eYbnkUyu4%KHA*R
z`#kQzeF3@y%|Y|gBhI7rxvXB7mpJNQ`4TiFZCKhg`V3!;mZE3S^XPl}7|cwsO|Q#2
zrr+gV=y&<V^pn%yLQbumT0hs?QmZ(lkJ*Q+KA6X$t>{epY21X)%04T53i=`Ehnzum
z2Gto-=g2xWbL-_cKs|DM=U$9n&wVTR{oGZ#`{oUz=jPw?hSxv7zSF>Ia7v?78r{No
z=l13NR{lHr@8z$`cN*7jT+yUo6ZQK&tLf~fbDQ4VbV$MQf(z)=T>X^yY}U8gg?!&j
zo4r7<&u=!%i?)pxN6VxAq6b6|iVlrlKtIn{(9d&5%dD2|TXtx9eA_eHKG*j7w(Hw&
zY&*IAjqTrS|3UlT+iz{ZrPJ@7w$V53xLwEX>J$|f6&DREI*@*zQ;JjR-??sagW?E%
zJQo-DM)Cfge=FX`HTXHRb7!B9E<~H@V}1PGv*x}wcg5Ua=KebOcT_}Qf5Xr+`YBW&
zh3Z55qsldvn<~Gn{CfV^R$tG@Y#WJ=M<>$fb4n~VmKLiW%Z}y7n#KxZ5!3&3?^s`S
zBsv-mqc3Q8-Z9T9>?_2#Gq1|8C+zk&u6`fo2<tm?--O-%1T{~~o3QqWyZy-Dl*RF0
zd@t)V@*&LYN8qW6`F?NO3iaFmBwmCU<7K#nb(eBH9-o1q!!P3H34g$|{2^Y0yR)v`
z8*80e-j8L*AUp)S%MmS0o=<og+lTMsQr3OSvAgd6IIrbiv|D}DcF}Ih6|5Vmf8KQo
z_hlQbKfW2?if_Yr;!@hSeptr?PQ^bbjxWSmSCZX+iofejyMo>A0`;LU@5#DSPh64k
z4XiV1pWwQ&ajTDC`I1$v-{PwKE|Bks?e#AEyyM|~hgz>)%D9?-coH+gFj|7X(UR!F
zXt!<Mw(Y-d&^FC4?mV(9H<g>7`0eX=m(G??UbJB}zbL<`De6(wv#10ejhYoVGxNOW
z_b%JIZaW-l{>+Kx#N7Fyz0;o7=V;UJ^vvzaue^8et^AJrNBi^3yO3YrmC?+Wnf&^)
z`1N&Yc|zM0+Ma|?Mq|;b=yY@jdLDg_zC>T64QL~p(tb+&spwKP9bJyDL^IGeXePQI
z-H6^tAE2$MWl_tb)~GFNj}AqLqao-hlv$ivOm~dMIVcy^MGa9tqC=130@R$}eV?s;
zwl?0@c-tPRJL-XYp+2Ytm7xl>4;q4wLPJqzEHl;{>32FDjYMjT=`bX^3+jPVi&AxJ
zUr}w8gLXlMsDyUJd}sVVwVmSrUe%_vp&BiSHj8qRc62YK6G&^KOq7k9A#Qb0r2mgE
zFWR!i&@!WwLr1z*%Z;O)qpFq_T23S{Bc}b=mJeae1}ztomkDW&Ywh52p;0tH8a2y?
z?$MsnKG9N^5qq0u#6i(RSWfuc|CFNiqKu*}RHvv>QRAW}MFpsNQKYDYSvKrd)T^j(
zQ7I}n%ZY={aze|7-_Sp?T*%wjh&ur29stGL`fcmK?O)plY#VIu2XNT7VcU+emJzjB
zN@zKe9joJ6R`iPXiXDSSd6yA8dHL|a%LSHoY)k*+%Y{S(-i{s{k3?G6>%m%8FLVoQ
zPINY^Q+QeL>Bl<H1+4R2!8%Vy%i5?tI==1kZBImF&?#sfIt`6S&!P3`3-lHG27QYr
zx1ZepVsr_bhAu-_psUc;=vs6gx&gh1R-xZfi=q}qtxy}(4wa!p&|&BZbR^1Pt%|O|
zi?b2k$rf{{gmtV2#f?y7)D-Q4`f@Lf{B8N$c1L@ny--io8}&t{s2uH$jzCAEqY<|l
z;$9g&&3e)>){;gbO~MIT@%|Cr^%-}+O)<xZwVtMaV82yAu!%=2r<KzY^>X?+L(y<_
zKDrRy>CAT6ndRJr?sFb+7NW<Hdw-LsYdlxu4Reo^uWM{T8@bQP8T1xEg?pU*geKLT
zR8#luNl(w<4oX?+b<%UWU(!eEU!tw)+tPok^;4~FY%5=yacRcp%<nUQ&HOF%JNjcE
zmo+Zy`>bEHF3P?rdr;1xoO6)whmw+;np+<=%+1ejnj6XOhW0?+(c;|aa$m@OHTSjL
z6}h@^%5ChAoI$_;CpS8|(Fge-<g4$hkLWM@n1T}v#uuDl@Koff$dbsi$nwYv`kY@A
z*+9SZTj_JYB3cnW5S<%6KRP{nd32V!e@aSWYGHa|Mqy@Q1JtOnF<rj2ENqS1qV`A&
zwH}2%3rh+s3imblSQ%6}-P~iPR?F;`?OJwh8Nb)ct*yAjZ|mdQ&TRW^+ZWn?)^=0d
zN$qcH|8D!$?SE^(&2tZy&pLh8X>id2Mc)45bx)R>+>@nVaeeN{5-r|?d$RON+>>QS
zm#e#6pST~3`f=~jb?>f&(Qxj}GQI19u1mYd@5?gduIKM^<}{iU<^C+wxIas~xgF>3
z!97~esywICy*~@1^4o*lzp7;GAamcU-??wqh;1XbjoLPP+X+aW_GF=EvF5Qps01B_
zh9dWVEx#x3*W%uv<s91OY4~!i{`=kgwantR?B2KKEY|tX#xJsNF85{KR(_jx((iCD
z)*bsM)*-bXsryODgIBN}i>WB-{w||d#_#VkhUdw63bya>;=I8+G1k2VWQYBJhvH@L
z#Qg!!@^1+@e3$-D@$Lx^;#nS>@HC#~c?mzmv+TUb`t|#)KeJBU1D}k?<1_JOd@-Ji
zwXHA5*vBZ}!+u10LBd7sN0h7Xm$hlf?&p&89osp0J^p|3J}wUD+iF{X0>@xq(>{Ao
zdw8dFw{sQkmf9?}PimWfOSDZ}vbJQYEmE7JwxRpn?sI?N`ukS*cd<71aqKhhS>)FD
zA@l57?0%2#_cx(#e0xyWUtfgX#{{<Z-17i+{-5R-Z9gTQZ<hE6oiiKMhq-+ot&W>)
zX1|5Izsnt-+vd-urN1A!ZTug#?P{;X+E3jd%G<uUZHn3xx2^aj_DSrw@0ljpUG})k
z94%`eK<+X|%MmR<>~^^^ZLr$f{m_iUnT0nO-cmRV{RhoP_o3GcR}{X1-a<bV##%&M
z7PdSe-O}=*maAKS-15=ZkG5WherX+RJ+{r*HcPA8WZe(T+b+jC6nCuXxOc|^9o06v
zZK2x+x^3UO*t*!4v2Uurdrjkiy8Wp7y(hlF*({^yq5IGR6kq0EnHIFH{gowbeA)U7
zOIQE$^{*~l?d7UdXfG@CLzk8NvZNf~Syo<GcvIo6g|`>pQFv$JU4?fS&MCaN@czQ(
zg|8Q`EPNBaUHCnlds?1GTDCCD)bm<i(DLS%3tN8Ba-DDa`bg`?S}$$=bnBm6J8e#B
zGp>!6w@ccZd+c@W+_7KB{vG%4Sbe{<9a+}y$Z|HmY~7QkYkc|YE>E|zJpDBGDfcz|
zBDR5ho4LzMeWm~8@^Urp&d2zFV!64a%Q<)X<}TNq|HAU@SK1%v2llW1^#7mxlNIO2
z_gf~KhpK+c-Q%z7>stH&CKN0w&^~2{Gm+e^d1gO&F4w8-Uu#e;-Fw90T-OM4?-ilz
zBHVjHC?Bo5{vm#heHQz#CzyK#tTE>SOlTC}Pw5`NowS|z0P$XLqWgj9nv?akSvnr0
z`MGL8CHo@P@3nh8cP;xLWp6(PvFW_OBHmxMW8GJzmv#M0^*u&LX6yWev)Bfiz<pX$
zxc;Ps{ryhj{vM|$t}j_^wmIVa{NwkB7{^r{7wzg!(+TXyeF3}2v(=BY&ii&B6WD*P
z`v|!Evz@y;#_vL$2>jXgTYuW08pG0YYIprZ*Lmr<x%$nJC$O(u{p9O94DIu*>Mx)E
zd$g?(b)wEJG@;RiMozSLv|Y4)v@;rpIJu+PVP4X;0`1IS+DGlYH~So)X<Amk^D_Q6
z;m+CBuU+<cpL+(>*%H>h?2OT+W5$df>2%qRm&45KW5$m?jqzI4HsAP-*7;8DHu+9}
zd>Vdn*SM#2$aikT4LjyLyJ7cHw>;ljTjuwC*w+>L&cprkotyua@0^Lh;Qev^^PO|{
zuKr(Bhh~NUo1GZ__?^YL{RQvSa5~mO@C<Bjmiq^vQ8!=H0YcrFDhJ2!Hp`1Y_@96B
zZ~xQ7|0h4o|JL>2n{WP!X+8b`+JiyWUTD4d{>}S(^uX%>@$&6`J^a9Yr_~Yp&YZvK
zgZ|?GwHcD{bi+U67jdg2|L5!u|CxYscmsC)3HeU;N&hqcJHyuh{+<7KKXXtWUKTbS
z@f%Oicc$XG|A22eF}R)~CkOL?VwiRvjsC{xc+WHbzcOtGjY%HwrHRj?zuUte#jtDh
zKZl?8-|_RO{`KKp!T5W}Gsb84zSrw<fACov@b^{Y@|`h^!$0Br4BxJ23cqQax$oOC
z+?h=8;pZfKBjaXseOETy(f8hZy{~t)o_{Jo^Q`30wCs#(wt~;xe0=qL4Y!Zy{eirm
z&va~dcHG|AF8gmk4?eSceB5DQz<9c^%lS-2_;^11-|^4PyYBycU%TwT{d_Cmn?1~z
zJfAb@Gkcj{uNj-~X!^<C*Dm{SKTqL%vxoTrzfG5Q<8?H%c2;)IEXRo+dGvV~^y<^&
zsJ^{R3R_;-an}x=+nhhNb-VVR+V(V=7KExFgXgh*TAA-G#cQ|2!^wLeDgVO{@3{Px
z*QOJ=KPXbIN6o~;9ai}%&VVzV0b`s2<DCH~I|If#`=8?MKhoL%SZClUXW$rT;8<ty
zNN4aUXYlFH;A5S^Cpd#gbN4alpp%`0Mmh(b<Qz2C8FIQaWQ;RpoKrs1DIe{WpYD{8
zbqBy1K1-ct&eP5_&a;m8D5#IYnkj8+EZ5c|-5u7@rs$45=qal@ekbR_WjX4rFwR~`
z{HZp57CH?3Mdu~wWoJ?ISK#exsPDqY^jyde5FY9|FA?AFr^gt!dMeXDJV9CHyy`4>
zUUS-|tT1(`w?p-Gs6(4<P17Tv!8=gAZ0hc0$`>g+IKR**qT{SIb@Vg!I!;CNy%Vo?
zpz1_ay`k-E#{CWFP3JA=ZSJqE$AFZ9^gLKpV<mkp&Pq`~f{B0F?x$DHSjXe9nIXLI
zta3hZj!#+boWl63KgQE|elulU%Ka(onQ*(SP6R)t)-&mI&2dhnmoiQN&CNe_&P@5G
z`PpWAbTu_z$zT5J;|I_G{$z%**7?|3=X~OP>U>6}DJiMk0H<w@*Ua!zxIfa44Jn1Y
zu~h%Zf6V-=`(VY{=ZQb*j#&D1UpQYnUpY@T{~F$&i|!kyG)c+leprg>u1tyec0WDN
zuyr>a{lk;y(|zM?aK3fgr))HJ=uTRlshz{}JaoS&gLj~K#nip4DPN-O;B4W3TaNRc
zsiVKC*Kzta-zV{E2dYj)b;q6k%(!oMzIT3be&pU_dgv}*U#E1g@do$tx+6vRs7n09
zc0VmQV;zsLFhkhF-DZDtPDuG(7rr~X*VpMhzm;+-_vO-EueQ7DMDR0eJ&XJLIL_(Z
z2}j@X_szFDXQgau9&>Ku{cfhlt9bQSA3u8j_vhy6O#i$Dsok6%#((jlUK{I~+Uh21
z%W9tcmuu5~n(CW5{|EYxjgL}`lxTC16Qvhawdp@{$G7-jTBZ~>=MVyiDnC!D!8xOx
z&gQgXEZQZ;q($@QJN!Mklc80jjt*4O$!Sf^Z6WOwv}N<iU#_`z^XpA59jUp7(~U9D
za&}LAB6sKxhs{zrW4SmnJjdCiD)B|ttLpUjy;853s<lg1t$SA0^<~wo?W?OgrTbx}
zFgNX0RYT9JSG}uVRp+<w)gGqLPSx9^s*YY&uliKI+P>PVQ+t~Gb!jRbTvf-RiC6UX
zX<n&^-0J_>zE?x&8&tI(QdR3=iC5g^%e>M(@wTt7>eP|k6-@WOR)5BEIyCW2KctCQ
ztat2Sy(3JWx_@E3&S8mX?mt#lXOkVQbEIhlMkN0K#O9-_YHGTJHK`xfam{P;&ELR$
zIx<nuNzIR~s<B`PYt-G-PNlAPj{065Pd!tregTd%)$_V~%5UGROHHl1>)ILAdU5j`
ztLnO>>ecqu<V{U8bJ95}Gpst)E44SbBd^t?tme;iQ?9mZJ)iqf?nq7EtnMYJV?H0y
zdv!H`JMo&+<M`WZ?mAihw|5e+SEbbAxY9?aTw}_$ru>+8ua@(>=RejNveiRAG0AUC
zxgjNsVSH=KjU>6U*_6MTa+@h*CfT8ehS;%&>K|aH!9Y`XGGu@AdXOo1HOXRAc41!Y
z;%taqoLc=EcE+n^5y$E3JQ11d8P4PMiu+FvD<hIgeT#6h^J3&u&yfDfp{TCLktXKz
zyd0Uf6Nl0+(w?EbYCg}Z$aFKLN>jd1Kf?dyXX+l=%M9h0$mKin^XwD(ml?`ekt@wm
z=9}_M`a}LFKa1lWL494FUn5uT#Lsek<OGJI`w4V$-iXZDi9^z~dDncRaglpG!+C)F
zKK`TAjoS=A5_yO^i=ERV_j-o(j}C>(@*;K3=NTWlZzm2V8YzrCA9;o$b#cy&+;4{T
zvME<`cg%nCGZja=MBXvOSr=Kb6F-s0`ExUzb0f>ma9%Ox$K2)fpZq+7BL_s*Q)97n
zcI4Ha_<2eqr3|I3bAIHtoj8=?kz*o1MZRZ4s;2X%8O~djobRDiKzO7ip5Ni@X8QK4
zS(881GOx4wONNt^`1_~kd0ovWB(j}N=H0h7>m>fVndc1W=)}9v%=0HT_cC;Ff*z1~
ze%I7~kQvfp=Jipg&hO0MH`W}Q$bDb44(FJhY09%mWH_r6e_3YUeVBOnw0ZYN;@#`!
z-J6MbD|uJbS!K!(O!<*1*O+p>DL*&mSEl^hl;4<ggDHP7<&UQP#gtoW)^+MTEz(=2
zw@$C;)N@*yvW+R1n(}E=zM0O2txo$)m0e8PEwiE1$ay96)y#aSiKE_|2V^yMnmRKn
z3!GQ!wYh-jSF)Np&A6I>7iSk|DP_co_m-*muVhD^LTBHc0Xb18>g<=(!fEBK%2}QB
z5wBV}ALg{?s{A&2ZJahvdV$IeQ`R<RwkhkFvYsh>nzFYkOH5g6%JPERtV`A~YfJID
zWJgQg{Xuo4{*5|xmuJnB8K%snrW8kajnK31@SMRM(ae;)Fs#~6b5ll4y2zBBn`@o0
zyD9gAv~&6-jZaAu+5XR3X6o#lR6}VJ+5S4q`CqP+;T{!w)*Yqk`PVr(sm4PMKO~7C
zW<KpvraanAkx`~R)|8`7d7LSaH{}V`!?ir7JcsSFn$EeVJg<2w)9d`C`nUg+_>&i!
z`Y!m#>br=stnFOxsc*U=S9r)}<`domDRO3WhYiQ6^!(L7et+lPTr-3@+-KWy=I@jt
z%wum-hI5an?nex{*FzrVb&<1xyM{Q<LJ$8tpUnTi51Ju7z`esA=i!|)gon%!mU3qk
z$9Z<A4B=@rgk{{{+;N`UDMNV1?D>1%lrNZ}y}?~r9Os>#GPJkM5Z>fo?5rp6lp(xr
zKFNEgeBTUhHFuD4=<C`)cl`Bt>pV4mWQOn|_mSr&a~}TJYuA5%;;Ctk8NyfG>Be!s
z_3*zpgiW5BzA;1in)}^5&PEUadqeonQ_}`scXet+YW|~ZzRBa49+_a)QBxynJ9$X8
zA`{J!YDcnn@{sC8E;U2SisbC%A>~G<F@zMSUZjC}t{-V=o|{IRndgGYE<AU2T0~m$
zyfYtdA~Vd8T1Hy$<RP_<Ty2KbA<}6l52=Vd9BS%yjO@CThtxT86GQ0Ybd7Y|$wS)1
z3}?5<?mKxndz#_&i1gaY!|7v&(=*b0Cl9AD_0!vLq{2LxNBWuPeIo<R^L~;2dG6vI
z7&(~do%uM_4CkQ8Av<|Ehne9V8990<4`&$lcXdWYM(yO`jE>AQLmC-5b|(+%xX2x5
zNGC?d?BpSx!rfOj^-hYMypxACHZm{Ll_5<s<z!P%G3CXkoNCHTOgY_@mznZ%Q(j@p
zD@}QoDX%f*wWgeD%Ii#dy(w=n<;|wN#gw<2^53Ss&6KyB@=jC!$CP)O@@`YkHsu^s
zR+@6YDep1my{5d+l=qwRK~pX?<)fy2+LX_l@&%@D7iW3owVgbbSD4{^82M-?4`)rJ
zGy5JtjeHi-g?rza&$!u?KbZ38$ZpPV&dr4?Z!zV4rd)2y*G##>lr>u@lWEFqQ?@c?
z8&j5=vci;moAO_#9B#@Hraak{r<iiADaV=eR8x*O<r$_t+mz>+a)K!*nsSOMFE-_+
zrkrNVdrWz+Dep7o{ia-N%8yOC&Xk{+@+(t*ZOU&<xxtjHJ9KlpIRlDS4m9OpQyyr_
zgH3s;DGxX05K|sy%AuwlZpsm+Jl2%Qneqh6-JNm8r<&)}i^rSiGmFnM&*v1MYo5<9
zzJTX$&P-F@X3Bd^d7mj4nDRkWE;QvMrhLqlPndF%DHoe^sVSc}<#VQd!IUpi?(V!^
zywW_sS^SoHey8|d^Zb7CD)YR$_(Pt%IX{^4XH))S$}Oh+)s)+c_i*-Pd3keQ{Q1_z
z^ZdN-^ixcaC3WM^o$K~+dh>q2`YFzU`hA>oUh57mi}2zG6;40iKhZG${A9!a&fdK5
z-ee!=Upx<88GjzOa$n~l-Va|%&%1a89*IXK{{Cd*c@eq&$vws2mLy&;=JnF}36P0}
zcFgn0<Ct+%crNzfSZ((G2JwspuWRL9o@aCRldGP3Hc!-(l;>Eo@=2V$&OWy5(fEti
zx9WGfuC?@jF7XDiAg*gM?Rx5x*R%=ZV!EEvu3zJ$YddW&7L?aDqq3b>{r=&8R$t?j
z%vaaf=St>Zm^^=Co>2YOR=%2ZeRND-TiefTz~nBvO_C>{3X_-Wwn-jd6DIeu@@X)+
zdzL?+4wLJo`gtvw+|J?|FnO$1e<n<xWaVqa<f|>71(QFwcs5Ml*BZ|pm^{lGZXKAs
z+~T<~dA3zg9!#e6O}Dx*xo=HBuLqN_vv_@&{H4Vkz~pV#_%wvc>#Xr<1e5nl^A9&4
zCU?#D^Tsf_vu=0d`QDqr<f}|Q4U^{E_~+F%&;I#2&ULC1)$#wa*qdqca8tjRzYTvo
zt%ezYFW*`_7Ta3;>ZJTT<ljmA+{~Ze{JZdX({4-3H_Bp4Wc5s{|9$fBrxlp_#9PlQ
z_^Px+lK2Pk57Jg7)xR3PI_=`5{D<%l(-tN1kKiAr)i>X-cercdYtqIijpthU+B9<;
zNzRz8o}M4WKTg{<X*zrY|0M0fq<XTL4zj*qZ#|!q|1|Byr1AMBI~MyTdr1=ijQnT1
zOS)ChdieUZp-JO2lwl6ds%_>s?{GgS|9RS|q<Y4YAD7iLDNnbV{DiMcs=q$@`dLqy
zdXn48_~+H~C5KPl)Xa&R8{=FZ2nNl!@%cQ@DJY3&W3fZh^?3vHRG_{BI1)!0iyae<
z|Bv!o*4g!|oiBjf%jIS)2i@WBQZ?M_@eEq7sqP>ymdW@;7$5hc@o{<7;_h$@t>MPM
zuRMA)Z|UUi!nnxP<K|mgdAI&HR{ieuQHwevT0MQVt`RhSR8M`TP}>Ra*vE(K@(v+<
zSBo>Mru``{>FUtt;dnhR->qbKnC$0!lyry5d;8kSy-Iq*WPiR_NgtS;V&)UK{=Oxp
zFu9|T$6{qLImgG#OZvg&R_6EX*3-XaADHYP?!QX*gUNnApkyFS-X%xhms`)Ek^^9}
zKYw7!!7$m+4=FheCj0r}B|~7cpC4IrG)(T}8-H2=nC#CFD>()x`}v5HQ83xhk1aV4
zCj0sEB`3n<i+!K>q>__ia&O;sKBZ(FOy1MSW3f|Vau**ztz<k*_7C@rlCxm4pPyZF
zE=>0G^GYs&$+V!J@8!ah2{758kHsd!<T$TxKPQ!pjK*TJ>T&s$5~dnV_VTIlV_~wF
zUkV=$8y!8{*WONt9|xDc`OD$Q!;X*EG}Ff&?v?O{w8IUvihNw-{TA)~TWO7ad<OXw
zsON-eTi<f(8u*ED**n~s@RMM&mtPMb0~-?^XufxMd~SrF441w6o8hOxWG}xJJ{Bf>
z`EBrVFxksz!B2&q8ZGsWzdrA2aM_!`ll<v0*~{;OkB7-#J{x`pO!o4*@H1g&Mj!Eg
z-b(mc@Ux=*ebf0K_}TEYqdk0F<9QDJoM<;6zmNR6aM?TD1@QA=vX?&yKOZK0`9k;w
zunVH!`<CyIz%PW$-n_==BAD#ukCpJNfXU)+JN87$A}1D;{rRU#__dIgz4;|2%gD-4
z`sVYeOW3j?J1P2&ubqFk<ax5Pzy24<PbM#W>wl@_6|%BF|7uArHifM0&A(RiI$7DD
zUs*y6MppLb-z<5XtnAOfQxc0!B`bUL@0F|~EBo^wl*D3}kd?jp4@=gNmHqj(C9&A0
zWMyxj?G3WBKd<-G$jaXQCncYel{@%;FY8NUvFT)|M~i&Ri!VyPA}jmr|C;<|<YjOD
z8%j2kmHqimC9&A$WMyxDbIA{6Wq<z1l345tva&b-bIBI6vOoW8Ni23HS=pQay<{6%
z*`JS<uq8!S_U2Q#aT43z*q^Ui8jH;!D|_?lr5R*pe?F7^)nsLFKC3i`tnAO%A%6{7
z*_+QRtw&b&=j)TdmaOc})AEy*{dv8g+#qgmzENpova&zlq%;<rN!_wHUr@RWS=pa&
zPX0QwvNs<sZ9!J{=UbA$o~-Q6w=Qi<R`%!Hk-veg?9F#5?ZjU)96PV~@$E!!KF=vC
zEv9bSTYsL@g<5W;ZrNM^Zl$}EmA!ecgCl<vS=pQKUfP4K?9cZke=}KGd3X7!+$}IY
zy!G@h?Mof9KVL#Ux008=`Lfaqva&zlkNm&M%HI6mrT-!;`}6yfzm2S1ozHUylnx{-
zd-HkDAo919m8<iP!@4b5*_#(<4-Z+{n?JDhV6w75e@JO8b_ZG6n?J1d2(q$2KZN|9
zWMyyusM4WiWq*Dc`TvlWm5+ZfdCoDV$CTa$bMx-<jx{~%kiGf%=enD`>>ci?($Qq)
z+kEZqai#3JB0D>Jr?0&|q4XrOvcLW@<mZr=z4f0`I*zRD&!0+uE?L=|XU&JK?9c1{
zJhHMkKfd%#va&yaR%t9&Nmlme&nZ2RtnAO9PkugG*_*$xbOKq~pPxwn9<s7GKe_Z`
zvhuUO={c4By=3o=zTlglmzGW^EBouejQoA%WpDjglwL(v_UC7izn`q^&0kYGldSx*
zZ+xyJzkuw5=yKoq+)#QGS=nFz&Ey{-FMI31we&W!vOj-2`3K3$-aNk)va&y~_YaYk
zz4<#!?;<O|;~W3GOJlKxWEV!?_l^IY(s^X%)xLZs`G?6r99`qf-&1-YS=m26_mh8w
zyzCvH2TC6zEBo^c$v;X~_U0cceT=N^&p%H7F|x8Z|77V?WMzMTG5N>I%HI6a(x=JF
z{`@oKpCBuH^UsyOKvwqWUnKt|S=pO^x%5@CvY#(6T>+E*^}Jrn+BS8_-g@3BeT%H@
z&%aInDYCLR|8D8~WMzMT75T+vW#!%WP}dK{_d{0r*4y>}OUTOJ`k6ndTekU!Fxgvw
zy!~8C9kRckkI2f&`DJ8fe|`;F+2(6ua&kRSQ-|!Y=VP+6&DX(Xn|}h6lk0zmx@Fbx
zUG6^%bMw{9mrtofw(I{4Cfj^HOt$&wFgba+&oNxt|9QV4E8F}_n4DbC^VA{x>-mbT
zZ1b;SvdzDN$;tJ<K;5!E-Cl&rHh&4`)>Az_H&C~15BFP`oLtY#)Fb;p*G96kpKmJN
z43jtb_5*xh%2p_Kyb^6*$6wEnWaZ@HzDi#9=YJwAC+C-wmHqjj$;vkW1turg^BQ%?
z{(82Mm6P);$OiG0^lDx`{ePtnIk}$KsYmt?_cyY#pZ{LE4JHpV)3fS#R2qw|q>h!*
z3D$H@slh&A?5~GotuWc<sW3UttLo?d8`LlR$Fn9`IXV9(S=paYBP+Ky`+2ITPdZFa
zuIDZ4kX4U&eBOq+`S||)c>5Wr_Hb)ax13zhJJciF^}p+>-#gs*;Bxin%5yTxYEyUZ
z8t*5#F5FAuXiFA+RkWJN>&bI+%Geu1*3HMKL!OgcR+oC}*7(4xryhKDw3@s1G@zc<
zWZk@5PouKN)YG`ehgLmJ;2%Y+xm!;G^?XFu&AZ>rE@ctwk^R#rN`4J_xq3P{PK&Zu
zWMzN8HTkt<WpBQ1S$ndwKi`4;$7E%1zEfEdS=pcOOnx0%*_-cDwi{X5pYKNg6SA^5
zzeibjva&zF7x_=g%HDj>vfgB6f4&d-&&bN&d`VduS=pa2C%>Moth{f2V}JE~*jrD(
zvc0K8_UHGZp3kX6_U8938$ed}=l3W71zFjfA5?Y#S=paIko=cqWpAEsR<g1`ulHY(
zmA&~x$_^td`}2pFv2-LWd-Frejv_1j^GB2ahOF$(4=X!{tQ_&}PaZ*j1KADH7QXgp
zRM}{<vcLZ0$bU;-_SSzw*-2z&e|`-4jbvrz-S6>~vQx@7!Q8z2I~`Yc8g-mj<GV!O
zZ8uJbZ;n=T_jh^*^=~HY=H1`vS!L%?kL(}rx#YhmFMG$IJ>+C%n_mEv{rtkR2{74T
z|HLx(T2i;{t$%Xa#bjlFek%DN$;#gRrDfB}%KrRi<bNV7d-GS6T}4**=Vy@rnXK&1
zUsE=dtnANUNB$SGvNwN2*-d0+fBt6jTgb}Z{H<lTk(K@V+sXe*R`%xaDEkjt*`L3Q
z{BLAsZ+>>!T(Yu1Kac$HWMyxDe%ZZbWq<xY@>|Ku-u!~H2g%C*{6plok(Isqhsz!%
zEBo`0k&ls;z4<4~7Lk?x`KQP`g>ifHOUjm!mHqjr$)}K)z4>R$o+m5&^DmIEL00zW
zUn+ZrtnAOfN<NjW?9IPc_BvVFpI=G7CRy2=f3xguva&z_4*4{)vNul)PgeHl^*)`f
z?9IPl_5oShpI=?ZS`Jy+n`h}xR`%!hK7*_t{`?xUa&mqh%OcsIUrSa_&Sz4;?9G2%
z_6b?Jmal#Ow2ZYVvb76q``YLAWnYk$yZZLGd`Uiwd{*J^zWps<mu(;``^V>7^4a8N
z@Azyg+e}vW=f5YPLss_Ye=Pf%tUSm!{=bl~L$*%gfxhwowd{AYvcLYV<a5c(-uh!@
zDXGlm*q^Ua&U<AOd3X7uTwRzRs>jRgh4A_zJe_lDg6e4yl5gnY?(&FV1miBp$ETX7
z!Q|xeY(zb>Z#u-%$;vjb1(TEO$)^t4o(_#+vcLWe>X4K3O~}grd?s1h=Cxt6&9h*#
z&9h;0oO{2orVLZ|4>yOboSZKpEBo_x$jZt2W@Kf5K9{VVoZp44?9b<sm6P+$$;!%m
zKUV}M+dK-BZC(hIZQcSV+q@-Aw)uCoRYBv~imYtsTf=0VUr`WTPaCqboo@>Z8g4r0
zrO0-^9eLU2?L+FhGGu%<hkV`+)Fa#VcZA6{zdEG;PGn^}KO-c+D_Pmj7r|tk&kU)j
zGg;Zr7sF(mcY(<^?+TM`z8g%o`7a^U^OlhD>_#23UC-|!_3Tbow)1<yWSegdsb^aV
z-;+9IyPi8j#{bR`9t)|zo@oV=>;F$kJ@rHK-5JNA-^*Tb*&hGdA@%nNsi!Agw(DsS
zGCsY?%67gtOt$%TA>-4BY|!WG8^TNAvR!{EOtyI$OtyJBOtyIiOtyJHm~8W@oG%eH
z{<npE-g`oLs%O8bcezkAg!gA$`WLqItzT(8_J-?Wk7r@X_qb0;{$C;d{*dv%B!ur9
zQqMIZ`D;V?e$*q|pKAb2w)w9izsLQ_22G!PLxy`_2){IhUlzirhw!-}yfTE(3E@|T
z@aseP4IzAB$n+T$!Uu=&13a8l<=NkxLGM+u*nt7OF7xI=0X&oZ!2!H3{Ez^yw)W5f
zt~T|s0Is&}@BrS3`i}_Ujp0KqZl4dY`7r)@llQlK`H@yV+6K^kd6b8{=j}HvH?yoM
zRKLsfLwJ)AUJ$}}3E>foyWiuNDV#O#8BdpI@d<_o@OtoJ0X!c*Jb<gMI>y7(o%QDa
zjMY=YnV^d}l6gu9uMxsiLwKza&c2wy;bw&7YlrZfA-pJrr-ktB5S|sn>xA&!5Z*b2
z7bo}^*7xF0pVcA!J&Wfg>Ur7XVfD02<n8)*4dHD=cwWeG(?fV>NIe}wc&8BFF@(2I
z@RX40VDsG)`S|am1-}>f;hjHQhHy8_7J#pwRw4P;<<<WYuYXfwJlm$`us<Ycm#&F=
z;`dRlPP3Q8{9e8c`CMNGa<zr=_OKmeBquN5N6<dVY7eXP?a9i?`H^I0w|!Q--N7W4
zw(IH0U*zO^Mp1|C)}!N?oyxgZ0~VAY4VRVouGbw0lWl%HOcr;qr!EQ|&(8csj_2dc
z1^RkreB6iXai>q$@@`~hfBm}~68{fxevk6*{6&uE-Fo&a?+KIryjOW2nC$0$%S&Oh
zpO=+az+^w~SH3q)j&paq?Nh$*<dIxw>T-8{VzK?n%F}%N6*(6bCj0AWza&hy`CyoA
z^8;Y=VypfGVX~b+2qu4L<qw9*cD^l4Zd1!U{aMR_$#(uwm~8WwEKy~fA4XQT`Qb3x
z=10Jct??NGm+kzKF!?{``uFPZ<tUhJ=Z}WTHXjO;FSmv}3?|$8;V{|e$G~KpkATTb
zeD#kkKNcqY^P|g;hskm7&W9(I(>gF8cC6jbd|sEI1m6!X>w9$h$?(Cj!L_^i@?+uS
z;j%Y>YWeAtFNWE})%#ksx3zX@m*LHeXTW8fN7$Dp+dPx3Z1dW%+PfT`RDTv+w)5Gr
z>|JIg<*!ZUx&v(I<I9WZlJa$^N4E31Fxlqb>s#IFtm#mftZe7&!DO4)ht=QZm`s~T
znP#%h8<20X%k94JQS<n9d{)`chw(<#Bis3j)G;x2*QD{uCo9|e#xU9DO<=Ok8}OML
zWX<%|e`Yz?_OZ-4q3{RuyKtxH+3*wLCl+q;eP8FoA7}oQz4f0DzZoWb`GxSsu*J3K
zS?$AwRF0ctZ$8f%m^v^ud4A4w4o*Ed)jMCs+nGE^(~R>C7}J-`=W^ShNeq{(4dL<n
zT|UL|ldE|A^X56jQir7`Pv<;mNa~Q(u=(K>YLWGM-TJx0i!qYDpDVt7H<qmI&tF1T
zPR@@bEBo`8l9iM5E%?r5e|{QSIXQnSb<6(zbh2`C{xq_(KYtlnIXQniS=pbzoUELj
zA5T{H=dU0uC+E)~EBo_Tl9iM5XOflu`K!pv$@#O$%KrQevT}0%Y_hUHe>GV-Ie!jW
zS$TIpJS6py)a3Rs&p9&n$kcfI<Ii71&F4~wTwPCmemf5)SC3Dgb1lCk?|O(k+yhb%
zNR7Au-n{CWNnTE_|9t9}z4c$0dOca$%T><}FgdxN3#dc3$Nxf@o3H+T-AEm>UH?rm
z+2%LHWIw;9{NFIy&u=TA1(W@pYbIc_pWj)27fkkZuJnP)HlGcXZ9WGkf9Pw+=9X8&
zWII0}CfocTm~8WVVY1EdgUNn=fB6G2+0P#=UkH=^{NeIPVX~idg#}Eu`QtEoPpiM9
zCt$Lje-b9!d=X4u<(qC?(EyX}{9>5A!pbj!$?dK2SqhW)v-mQY{E4rgr^}y($@Xxc
zgUM@sdCtv&$#(t)m~8VGVY1C%g2@M1<M}d7w)3yRWShSVlWo2nCfocqnEb8vxmLhr
zJO4UNw)sk!Z1Xo@@<{7*y$O@;{97>D=5NDfo4*5-Pq6BL7be^J_h9nTR{njMZ0A?O
z<T!WNuk`*R+P8}e`<QyXd;(my+rx=4+2)gAlL~W_>X{6e?fewjl){=x`HSHf7ZxY+
zsqm?V1C#hA@JkA}nD5;k{}0MpJAupgaHqkh6*f$&XF6QA^OwP7n_mu-ZGHvpio%1F
z>c0{$+xe?tvdw3}WSd_NlWl$t?3%*HNyEJsF5CH;FxlqU!DO3X54*l_bW;5{z-2ps
zBTTmWO)%N!H^Xi&9FtW4EpXY+-wM06aClPw-*DN^-v*Pt{6prG+hMYouYu2k$zHDC
z%N;P;%ReT6CrtKo<^KbdZGIO_w)x$#y9?|2KG!GIKN~LF`8hDz=5t}P&F8^nn^(eQ
zFaM0;&WFif{yF>}nC#_W!taI2UaskIA50dnUXS`Zm9xola{hj@vOoU~SvfhsfUNA#
zZy+lt=N}*|`}5zDm6P)il9m1Wjb!EI{6l1Ae|{5LIXS<OtnAN!M^;YGKTKBk=Qop;
zlk<;|mHqke$;!$3N6E_m{10U1<osh~Wq<xhvT{q`{H*_fob2O;Z47tkho8!SAuIdq
z-%`%n7<t)W|8Hbve_rpOBrE&#zmt`d^NYyJ{`^+5a&rDDva&zFjjWuUUrbi^=VQtS
z=9iF_l~+G<nntSEeTb_EIrUZQGCk|~h&w%bS2OP9@mWgUvVVM1$jiz3Wn^W4z6M!2
zIsY_S*`H4(D<|ilAuIdyHOb1!`De+>{(Kr)IXV9vS=paYCo3oCpC>E(^R>vz$@v$^
z%Km%?SvfiXB3ap=&m=1+=U*Z#`}4KQ%E|ec$;$qG7Fjtt{|Z^zpU);MC+A-!EBo^~
zWaZ@ia<Z~NUx%!moPUk1?9b<tm6P);$jbhF9$7g#|2kROpRY?+PR_3+EBo{H$jZt2
zH^|EVe0{QVa{f)SvOnK|tel*Gi>&O=HzX@3=ieqP`}2*+%E|e6$jbhFK3O?A|1MeC
zpKnZ7PR_qaR`%zckd>43?~|4N`KDy$<oqhKvOixyR`&B|70qF?zn(}1S8-5>?60Sg
ztnAP0{c5tZKi`6^oSgrVtnAOXBr7N9KO!sp^R39r$@w*8Wq-akSvfhsmaOd0w;?Mh
z=RYPZEAMW9DYp(Ld+TXi(VjYFf4)Nndoak#-h8KuBC@hS-<kZUWMyxj^9jhx{=D9Q
zMppLbyH<1~EBo`iS8%N-S=pOsKM`5EU())_=VU)G+{d>*)4iexS=nEI&kC-VAuoID
z?_JTCtnAO1kpGgb?9G=|RFIYZ`F`ZTA}f3I9MdK%`}2DLHCfr4-=|_<va&zFUj=L7
zWMyxD|B69mWq*D!`3+=cZ~nlFgUQPN{2}DOB`bUL9785+oHYG6lHFK1#5es9uNXpJ
z_Sb(T^=~3Cd+R^CVi;N3pC3;CJF>DjKcZq3S=paImi%V2vNwNR#R+6(fBr=B-;<TS
z`7srzkd^)UvE+XsD|_>&R-8^&_UFfw|B<Zh&2uDztnAP0{ZC|NZ~m-`bI8j6{J9le
zZADi0=Gik(R`%!h{ui>cKYsyPIXS<DtnANUNLEhH|4LT&=Px2FC+B}7EBo^k$jZt2
z-^t4U{6w;Ha(*jW*`J?8R!+`uBP;v!lgY}-`50N*pPxcjPR=_m*fPNW{KaJD<a`QQ
z*`J?ER!+{>AS?Uxmynf{^QmNIfBsUka&o>VS=pbTMpjPFr;(NY`RQck<a|0=*`L3R
ztel*$MOOCbFDEM}=QGI4{`?hW<>Y)OS=pbzlB}GZuT56==dU6wC+D-s%KrQevT|}h
zo2=~5Urkm{&gYPo{rPLi%E|dUWMzN;TC#F-K9{WQ&(9<)C+G8&P0C+KR!+{>B`f>u
zzn-j|oUcb#_UCUPE8F}=m~8W#V6x3`hRHU+1t#14R+wz_f5T*(-v*OyemhLI`7D@h
z^E+U&&F_TCHvbPyw)tH!+2(h{WSh^1$u^$@lWjg1Cfj@-OtyI?Ot$%am~8WVV6x5c
zg~>L*4<_6Eewb|Y1u)s>55Q!bKM0d;{t!&I`9hd%^M_%w%^!iuHh&Z*+x#(@Z1cxq
zvdy1>$u@ryCfj@wOpbG%*BZ1x&Aa_lpWm*V_wojCS-)#9ZwQlZ-Uue!JRc_8yfI9+
zc@vmy^QJJ_<^?d>=FMQT&3A#xHg67-Z61NiHjlz&n-{`lo40_;Hg5@&ZQcqd+q^YQ
zws{+vZ1c7-+2-wFvd!DWWSe(@$u{o@lWpD!Cfj^hm~8VRm~8XTFxlqCFxlo^V6x4-
z!epE829s^x4JO-scbIJRJz%oU_k_td?+%k~z86fc=6TLj6;D<4fCc?ddwRI;w-t1q
zRJ!v~;QsS;=hF~gJA`M2@azzt6T<6+@Z1od7sBg?@OmM<eh6<6!W)M0MuA+@U)N~G
zzp3i)E1f&J1s%Uo`y8Ba9GFjcngntVg#^~4`|0Q&RNnE)U?eq<=zqLi^PBDy7sNH5
zK|I}Q9ymVf++io^^QJq|K(6t$>(6Gwh}m4@>GCBN)t|u2mxb_WLilqb{Dlx+J=C#g
zKa9S^KN`>K{CJah$G@7NWq3MwKnk92%|iGtA-phzw+P|(b$@jy=mRBR_g62$?d!to
z8?Jl$+4Gye7tKFGJe~U|1%2N5^vQEx3Y`9V&MP5&c?e$-$Q@^82(SKLF7SO{Z~ke1
zf-nE}pXSdsc^&r*nty_R7yA9CJFNnzTRQawO;3F<LG6rK5LY`8#C6?M(0JB@^ELb0
z6Mf;z`uXIl=_CGb!1VFwr~2~m|7m`jFaLp+Pv^>L|MY2K=G%1c3g+kW<IC>&f9R>F
z9wX@TH6i@t5dKLB|15-m9>Tv2;a^)^-@AW$#@8#7r$hYnCV!6&&Gbp;m)F+!>+%hr
z;d=ST5MKTJYGmqnr{{N`ymvZ(AHsjMxbA}%^m*O-f41^2-x9)q3*lQscr1jc^sD~F
z`dsdGtEP=Zrt=KnbWZiu<DJfFA-tBwliP><kl{A*eJ`1wdc5CDRtT^DT-W)2k2#*a
zmJ7+#p&(>@ZuCuu>iTc>@mx>+-sw{}gx3$@)%7<u<C8qyZm+FIz~v3S^%#C|V0)78
z9BJ`prvCW-`~2;vrjP3P&(C+7;kwf;-#c8-@3DIPBUR(?ujg)GJxxODDG1@aRPjpR
z^p8|=+LOTX*(K!rZ63m-A^cw7aH~J>13q3DGCnOscx#Kh?L&3_w4W@0-RWP=3lr1X
zUXHW~8UL0ce4%gr+gjt}4!3<3f83YvSjGL*f7cLRJ^roC_{2YNp3~Wr&*OVccaF2>
z+xYS#-8m_cyY+NQs^`qWe7bXPAb0E8&07yMvdee3xYjdM*ju${TJ<N3|Bmeb5aQz>
zug7t^d+PDFZ#_bIuMplRgqMWyGK;4>69cD1x-%(+$Jh5NJoUuer73@y@1K;9*Rzj@
z*I?qr+qXPtUk~@TdjmY&n;+=m-u&PYexQd}*W)+`hwwu~_~9XZNC-d5;_m!VJ@+i~
zEx(3(^1;h5=Bq@z?O&g4ZGK;BgJrIzPK!IfK32_-fy*`@0h4V$5+>Vx6il}Hu`t=@
zqhYemkAulJKOQFA`~;Y6^AlmR%};{KHXj3%ZGJLLw)rVA+2&(mvdzcAWSgG~lWl$)
zOt$&yFxlqgVY1E7fXOyL6DHgIESPNbvthE$&w<G{KNlw3{5+U!^YdY{%`bq-Hop)i
z+x#M!Z1V{)+2#{rvdt&KWSdWh$u^$?lWl%6Ot$${m~8V)U~-&$kAw7Lzw2!NqIST`
zd&B1h@ILUl0lY7KUH~tFR|fD>`1}A~2EQkOm&5N3;1%%u0(d|8{Q<l`d_e%;8~#85
z-v@qa0RI>K!2rH5{GkB8AADf|9{_(ifbS1~B!CZuKN`RX!5<6YgW-<{@B`pa1n>jl
zPX_RV;EMwI!SJU7_#yDc0sK(-k^p`fd}#nb9KI}o9|3<lfDeH`6TpvzKO4Z0f<G6)
zkA^=Vz=y(L2;jruF9z`8@RtJkG4PiI_z3tb0emF<)c`&UzC3^*3x6$ukA|;EaP1pY
zKYN<L-G|){97q23fO?LHuMFTPz~4yl<n<7aHL@}m#9M{%25c+@<@3Tg7g<!Vhv-wC
z$Qaq}p~y)gd`t*GIfS1Q!pDa2aUuNF5Pn(+KRtwx58-Eo@H0dBSt0!F5PnVwKR1M*
z7sAgE;TMGP3q$xtA$&pzpBTa?h49HCd`bwvID}6P;g^K)OGEgy5I#MGUlzhI58+pY
z@GC?3RUv#v2){anUlYQw4dF9G_;n%t`Vf9Y2){9e-xR`c4&k?i@LNOpzeD(KA^i3b
zJ}ZRZ5yI~b;r|KYcZKk~L-_0vJ|~3F4dL@bcx4EmAHwem;rE8{`$G8rA$&mye;|ZE
z7{VV4;R{3f!y){U5dLTge=LMQ9>Sjp;ZKI}MIrpD5WYBsFR9|y+cneDrm=1!``2@(
zr%i{+etucnWiZ*#FHgH1Cj0pnX;;8xKff~VN|-EOyK4W5)<fbC@md_e)4Gex^sN2Q
zI)0jKare9ee}0K?KhIVDs%ujH$?H*1`|?-+Y5qB1{@Opyzv#<f_ow++eEA#xH2<0}
zf0LDW_cK>dg*ImYReXP-cRH{19Y?suQ;(*9a{et}{@+$UdARTT_HS2@&nh3kJ*1vH
zES@|*ANt1UKUTha{(mxcBG(+q{`vE%)X6Z}&tFQt0w(+UtEn?!vY#(cy&5L_`P->C
z!DK)GCUpT!_Vc^bmh$VB#Wjz|=X33;kZrC#6|&8>r$V;5_Eg9=*PaU5=Gs#s+gy7p
zWSid$lWnd&6|&8>r$V;5_Eg9=*PaU5=Gu~rZ_W9qoAy-5c3yibWSeVGg=}-}sgP~1
zJr%OewWmV1x%O1ZHrJjC+2-0)A=_MgDrB2$PlarA?WvG$u00j9&9$dOwz>9H$TruW
z3fbn`Qz6@2dn#m`Yfpu2bM2{+ZLU2Pvdy)pLbmyfFxloW!DO4i43lmC3QV^7t1#K-
z%VDz3UxUdu*PaU5=Gr46+gy7jWSeV`gdFG9?IGWmSxZRfPlxcYOfAXzXF~GNhVbV?
z`12wBg%JK?2!APrzZ}9}3E{7X@Z}-=wGh4{gufobSBCI6Lin2@{H+lFb_o9_<on$a
z!ruw0=iLzgUI>3bgx3hUpUbx)<FhKHo)1F!>Ja{62>&RAuL<F6L-@v!@&7m^zb=G-
z62d<X;h%-@^&al-7k!g){5*ia1^*&|zYYH~iO1J7ze?g6&O7A44&d*?zX{;)!8Zi(
z_u=0L@Kx}Q0sI5_rU1Sg{#^k75WYEpe+2(NfUkl75Wv^Me@x=>>GM+(&u~5_|8oFe
z2md92e*)hUz(0lm8o)n;{}#a4!+#IppToBXaD9Sp0sIT{u>k%h+-a$$QG7Y#&Tm?_
zqy+F3>aP*NQ{kxrye7P60RJq7Yia}ddU$#O|C;fs6~NP}KO>39zsJlZp27Am*R}@m
zY<N}xAIbP+2k<)Na{~Ap@^u2Z+Vb20uC_ccfag+w-2h%6UN3+*fY%S;YMUDb@C}S-
z!vNlpdKv|AwUPM&d|)cqoCWYf@FoF#FuZ919|kW7;KSj~l6WRZin!)1fb0HB%>%fm
zPb7fr^F{->K38D?*XL>xz>kEt4B+})tpd0{S8EUVt_QXW;cY{ByAa+!gm(zx9Yc7h
z5WZ^&FACwELwIor?-IhhdbrzOsYlt}Jls1yyTN7uc0Jdeh2(!?UU%C=Z#{d2<oATj
zcKzK$@_U8w9wEGE2=5ibdx!8oA$&{7=j|JkFA3qLA-pVvmxu6*5Z*6@_YdKF!)5z>
z*(W6buMmED$o=N_4ax5p!Uu%#{X_V`5I!h`4-Vl6gzy7B-2EMGVqQ2XfY+d%JUD=V
zNB)oiK9u~S0bI-R!vc63`NISFX7Wb_@bBS60{9Q`BLn!?EbopA;9tRy4&Xmh&(Hv_
zwqaNR{~10!fd2wNCV=ZVHzI)l3LhE3e}j(-;J?F<4dCDMxkd-@t>phd#_j~%s<D3`
z_{u(epXxN6v@0npoy?gsWlHFrvrj^zOqmIpGtV=XDJhaUBqW*16naBKl7u8lk|arz
zod12F^;_-d`L5@_`k(i@fA97CbidDD`#Ebpd+)XPUS~kS|AU_v@MRe1^nll*e@4I~
zyha=t@YNXS%z)QJ|Ez#F%;3|90k5|KK7AN)zBWBK<mjIl@Ujd(eHif8*bfH<oPXo=
zf`IdHoL(64EN=IrfFG8@rw<*^MPG`~6@MM{<ot8CvJ|(>`0HE!N_>hD<1_Ag*M^mi
z&}IC7WAraYmvQ?|E1RLq`27vhzYJZ*?dL07qRaUGR_I@jF5~uFSGGZy@%wGjzXDyx
z?QdGy9$m)ocR>G2bQ!nbv9c4ojNjiJ{j1Pr-2Rr8TcgYP{cX^{8ePWicdpzXUB>V4
zfc`b;GH!pT%AL_={QfTJUyCl|_IIo7iZ0{#_dx$TbQ!n5SLHtFGJd}s`q!h&xc%;x
z`=iVF{R7ay0bR!JS5{V|%lQ2Q`ZuD>xc#1$z0hU+{z2&9gf8Ru52-v9UB>VCLH}lS
z8Ml9UWj}NozkdY!x1h_o{i7<6L6`CS{m~zcF5~u(t2_Z+#_ykq{t$E-w|{cwspv9(
ze*pSJ(PiBJ>6HV~W&Hk`=--Mi<Mz+4JQrQY@1KYMZRj#?e^BLx=rVr)BJ^)ZmvQ@-
zR9=QI<M%H|{|<B+w|`~j)#x&Q{~Gk~M3-^<*HzwtF5~xaM1L5%jN8Ataxl7#-yeeh
zUFb4y|JKUe(Pa)OqbJYX??8Vzy2CqG)p@dh4yzoFF5{1XH~M#@&$#1{th^Up#_x|p
ze+0UW+aF!|0J@Cde-QnV=rV5q;mSwRW&Hja^zT8Jar=)~jzyR8`%j{OFS?A|f2#5s
zbQ!-t9{o}1GH!oD<wSHDzyCb?_o2(U{TC}=MwjvXub@8~UB>OdRyhe>#_zv@{{84O
zZvU;ychF`0{$%tYK$mg*?^RAgm+|}mL;pc^8MpsI<wxi;et#PJ524Gr{pppTqRaUG
z&(MDuUB>NyUik&OjNhMy{v+rzZhv;=9CR7K|26uLqRY7bZ!5n;m+|}a&>w>?<M!uQ
zE<l&@`#+-p7`lwx|Ecn4beXrj<7+YckE8o|$I0IDwWM+>x{N>mZ|FaPKI4x6d*vVK
zGJbyr`eV^$-2TeSRp>H)|8Ml4M3-^<|5W~qF7uhU{cF)5hwiwJGrjGvt*lpyGoXk+
z{svWeR~~)F9lxY1hc4syOVNKCUB>M<s47F3@%xR?e+FH~?Ki0^N0;&Y&Cnl@F5~u_
zSG7Qw@%t^&e->TF?Qc}IF}jT3Z-f2>bQ!n5NmV;^8Nc5i{pZkS-2P@&73ea4zZ3cs
z(PiBJ7FAoJ%lQ4R(SIIY#_exgwH>;Q-`^hn7tm$g{*F~$&}IDo&gj30F5~uht=b)3
z#_xAU|0Q%8x4&oA-sm!Ze;@Q;MwfB>`&R9TF5~z2NB<Rc8Moh~stR4k?^mP$D!Po@
zuc<l^UB>VCLjN^%8Ml9MRc~||zkewDucOPj{llvIqRaUGe&|m^mvQ??RvnEl<M)q2
z{|$5*w|{Ka@#r#s{{-~kM3-^<Csmz-F5~x4MgJ{y8Ml90)fwnAet#hPZ==h&{j;jh
zL6`CS=c4}(x{TXDzv=>X8NYua`jgRR-2TN?m!iw~{mamQ7hQ(^<ay2&RaaEK2ebXF
zs;;VfKj7C?T~jqB;MY}MSM|S?mq#~L-B2|(<xzA~)vBDk-X`0_?f4+jr+?^p@_Y=h
zX!gb9Z{5GR_lx~$f&ML3LoheYxJGV&DCXy5^gr(Se4Qub-&S=8x{N<>ccMQXea4;t
zyQ=O+m+|`}(EkKo#_iuzH40tE@85_1r|2?n|Ng26(PjMpL+F2oF5~tesTzYW<M$s!
ze+IgY+kc|!Npu;%KMwuR(PiBJ(^ccqW&HlL=+8u#ar@6zJ&!Kq_g_H&3v?N`|5DW}
z=rVr)RrF_}%eej5tKLAD@%wM0|0TMN+kd-iGP;c4e;57P=rV5q{i^?=%Us=<p6s_%
z(f<nFuR2~==gI!_VbwHr8Grnb(Vv4p<BtDH)o183et!n~U!%*o{h3v>&}IDom*{_k
zF5~vUs`?sT#_xZF{<r8dZhvmoJaieq|2_J1(PiBJ4^=;+%lQ3;=zoVU<MtO-Ek>8|
z`@f(+4_(IX|627Mx{TjnhW_{HGH!o))e3YOzyBxt^U-D8{$EvpqsuJve!r{H{{h_}
zI{xDQe%Dm3MVIl%{}25I=riv4QS}D(@lH76_cPU)HFO!bpRF!Mm+|}c(O-xz<Mta?
zH$s>3`;F2630=nRH?3}lF5~w%M1K*wjN8vww?vom`>oLb8C}Nhx2|r3F5~yxqQ4kj
z#_exf-5y=W?{`4|7jzl7-?6$Ax{Tl79Q`HeGH!p%>aEdb{QfrR|B5c-_B&T^k1pf)
zcR+tBx{TZ3sd{I08Na^^`oE#exc%L#yQ0hZ{XNiMhA!jw_p06pUB>TsL;rVl8MoiP
zdVh2ozkdMw%h6@rer0tvx{Tj1p#KNDjN9*7-3wjD?;nKz3UnE_e@OMA=rVr45Bh(i
z%eei+tNWqL`28c$Ux_Z`_K&JQ23^MQ_ecLPbQ!mQT=fa)GJgL=^jD$Fxc!r>PeqsU
z`vcJb8(qfj<6RJR8Nbi}e>J*{-#-IgCf)xBUB>SZM3+hT*PzR=pFB>TS&dh-uzx#F
zY~uRa@U`%@9e?utT=;+R|2n?5q1!(nUJI}7_=e{fz@rN0ZO<=)*Mrxqc-Qkw;2Xd<
zsF>pUW$+9<Q}IEaCy%FBR9{seXW@}HP2G98y82oebBO2HRo?((rg`JsSbZ~$`NZ>E
zs)xXs8J-WVz758F;rZ>=cfy$2o)4=Y4r9Kq^JM<-uEyt@aKB0_ZmiqR#7Dxj@NC6k
z&+moj;EX%}_rXhHjO+Kq>%$n=AA~o6G48xQT>WT$oE1WD^X6?#_2V#RnCDMaKM7;}
zamH0Y4P$(NrutbJ<NJi_i7+PiWFDTc#^<cCjSVYCc=PZgybNAe@sZ~*!yCaHRm}C~
z`Bivhc;kxiJ%1hE1m2`#f#+|)o5Gt`{N(vt@N#&0#bVFjfj5IUtN69fll}AE>i6s8
zbMHv4H*Zs_r^1+>%ia0^p!y>iv&<W3TJ>}o^M~i3RDT9zR(d|8dM1qd+w(7~zl1Ss
zJfB@X2gdwY=gItkU5(F);eKscaeCc$CjKqFIlOtr1D<~e&%+safBPQZ0>-%h1H2`S
zas5YlD;VSYPw<UkjO#zcTf-Q7GXK9+|5_i9;>Zkdo|jfHgE84=ZvXe{KVXbM&Wh@l
zFvj=4s{e*DzOSxc17m#uxB5RA<9ls&y#`nfk=T=Y-k^Z9X}C`tS9Go0&csXLZQyMx
z_VzpnZwqJK`Kb@z1je}D5WXplalH||9gK13r%9o_0R-vp&0DiVa~RXZ^L(KtjPb{5
zRcH-keBZdx7RLC#NueE#i9MNz_67V0+gMv$@aAE&0zP*K?@)22=M{y`2X9u__s7`^
z{f=<Pori4-od;J0`a7WC3C_6voeDb--aOFX4gD?Pj60uQ3wt)Gtz{;9^R`!E9~k5J
zyA`^_7~l6R8~|hd?deg#wd8S|TUIRe=AjC{6@06TjlJW&0N)zEbw$1A?)~Zs-v+)-
zMTzIV;M>Btttj>UV0dSE=Zc1&_l9o=->#yu=Y8PY!?&*}uk+;iJ-pDb0iN$62Yc()
z5rv~*%nhC&UFZ*EntS6MTR0xZwDkOh!bvcuwdW@nPK7aTJs(gw9mcft{EWhxFlMtl
zPxjBV3b+<N?$-_#ojl(;gKOc#8F!w~L4PM0<NEICcY!gkpNIa=u$?Qm^Tyv3{axUU
z+aHAft}w>+ebC<x#<+eV`n$sz*Sn+N6~?%JG5UMJ7}pO#e@__W`laaa1>39Q32*zW
z(BB)*xc$ouR~GhxF|J=-xVF#@#<+fc;l{$gFvj(p3xf;YVT|iT3%3>agE6k(Q5aU(
zAI7*oyfC700E}_{p2Da?4;Vww{NMLIM`QbIYb&9?KY;DWdH9q+gzd-cuarN6?Z=vz
z@-f(c{Jp%CKaTCMt?ilevDki`&rkU{Y(HMdt@C7me!4Kea1fMn@9%`d#KOTa#`PBp
zFBJ}fF|NN-c&*SI#<)JI@Mhsq7~}feg~^3JFvj)w3R4P)!5G)47CtN-4rA!a{7=L7
z<NXDw@6)mUSZ7lHDYhS<C`|bbY(G9xnDUv}eymF=pM~wm`xGgkjqS(l)0EG__G2Ae
z=gItkQ<z&g7RtEycV1zB;W!xM`hvp3!tpT1^+kong%e<m>q`nt3n#)D*OwKR7fymP
zuCFMpESwBuTwhgKT{s2C(3AOJgYCz<3iW+0wjZA;OnEJ~AD<{pdA*v&@Y7SCsaXm?
zBjwqe<?w+iFRfV#KQrYGYF5L~TIb39m(}3&giyx4zm4JNz!=w?)-<a*7na=LWSr(T
zEo#n#Gj6|CP3xNT1N}BNZE6P9`8M7<xk*jCAs0CP<Z*Menu>;apA?D5PrOsj7BI&5
zEo-)hF}`opa9bD?d-8kijP1wgg6eLW+t2IIH;-_AT4?g)-mfh(TVxt<g4bV2xW8N7
z{Yu8!(To#&6m>D4%;zpOyVYFe%tPW`Yxb<U7|yucvv*Cmno9!x?ls+OF0J#Oy?Nfh
zrpJ)WoPIK&)ipH@vECy7y!C8&AdK<7SIxmN#`i-S_J%RBC-ZzLwjZB*th?pnyy5z*
z(B#MUzQT_%p3Kit@GCGn<Ic}9@GD`A>&Mm{KjbPHe_TJQVa@ed2mIuklWVRC_^CCg
z4Y}6wWIhMhoYfG=9TJb9_}Mk*!WiGrs~H4ie7~UKg)k=eWdFISh7$j{^LB~w%Zw-U
zb_M)8Y(L}9!&UI>VT|k7)Lb{@1{i-_zp>$<>u(JBO*QyWz;D6$H^UisoFO$sYHkVi
zZ>_m~$Y95l`5aa=ydlm<A@Mkg-(52j#`u0u%_tb-`+W^Z!x-Q1uXzy0#GcImLp7B6
zhufd{BX!NRKWaRg|1mX>*9>v)SK?!9#?=gkGw%F6T{FJs)<Azk&4ilU>iik+c%NAF
z!jRjYelkBV*Sv}?V*LC2TEo|2jPH|b-h?r}zt!+<7!!MPyuX9($NS55x9rZ(yLC;r
z<9<AE<<Wa+$3Fw>w!anDVP0!{is>i*zo3^#8{_lp$q#Qg?r)It;B|X&5uTvqLd$f{
zT{1TRo7efF^SdI}`FEO{<LvZQvz@$8e0=#}-TjT{p}fxhak%}>g!9_Zp})hGjQ^3i
z-D&1_lm7G}#e2Zp-3a6J--?QJuehVFVcb^hoCof^t|#-uYvP0)mxByC_n}aq*Y2^-
zZ7jnUeHOT1^v})xO78EhK%c*t*`oio+sDKw<9zEn=8eA-{_frF<a{Rm?@T}O?}h*1
zx^uffepI{#j?ek$-_$8;asT8o7IOYgppf&JvCh9A!Ec!^Zdm*m-fr?eDSrR-PG_A-
z`oEZd;!A}8DtxK%--ItS&fiNzZ2#}Vmj}E#`hOUYkGuNO3dfsa9(WBf_Wv}V%ui#?
z&#=_|G)T>7JU<Ph&7I!>=Q;6q!rKcE&wqm`JpT=%@ccK3!t>uC3eSIoC_MiS#QZmi
z!t>ui%zpzh{|&_a^RE=)GxE;-$G?{b*njctA>jNz``rO=1s@S`et&;tz)R7;C*b_v
z{k;J%gO3V0zmI=kz`0+I4miIre}BL?gg+2)evke^$GMhp{ajh&AMac<xK6Gb683+L
zW7oywX1!=_-Er|y-7Ro`PR999j2{gRkDoCfk6#|;%GiH6HGXMNf1LRFRXtoc4xcf1
z?r*Z4ye<dcH(WQ4?_-2Nw$79B`Fnrd89(tB*iW8tJQ<(Y{lKTX*Nx-*lPTx*J@8q-
zb)JmR{pYE`_`JRc-p5?mPv*aYnV;l#dA$yN>Uv#2@v^#k9-nev#{=(&3ZEeSxpf|I
zPyMKo*`8!On+)an@lSF8sUJ0S`&i_Y?QCARofFrMA3Gi+%TB}@S;l=HTQ7?H&!_rx
zvvpU<z^uA`Jl`+t4r5%e7x6kX_;j@yC)xjBT<6K}i|fxzb?T49>&)O&(d+uj{c2fv
zzg{uU)vXo&h4IJX^<MBie_cPhU9NAhIky{Mf3iH<sBQ%QZ{l$hZ!LUd;cbj3x69`V
zuP3*Q-&gYcZ96o+&E$5I{!#c%O-lNhgv1Yqzu|Z?Kke#n_szP0;eL{M`#OJXo%8uX
zbNp)uXFK^gp7eSBAH1$v*H3Pj*L8Wvx!uJ1dz>6_-rsiv-T?ky%H!u<@57noalbj9
zU2JCNhtCJ-orG^W&7aSt-&yo`5Z*=juEM(t-%EHm;rj{iA-r06PvHj%@7>d%xA=On
z<<U3UK4my-kHo*1#1HG)7smMBZ|G4l#`mLp_J=XPA6s@DjPd>Wo+rW>-%lEPDva@c
zz_c@AjPGalJO{@3es0-$Fvj=udtLxze7|t$B{0VK@3NP|7~j`6ybQ+p{$=)Z7~}iA
z>=iJ^cOFMma7-{fE|U4bvL`;Z3}alsdMG}X0%Kgi4*d^cjO)Da&4)0?^&8Ot2*$X6
z6ULtgV_Y9R4WG4#F|OZ^ai+r<*ZF+%6By(Ao#=lGV_d%rxBD54ah;F*GhmGCyiUdE
zFvfMRV>4ll>wKR11&pD`>mk>r5oK{=kJr6;y_$tC!+x^PjKp>(KlFILjr*}rs5{S-
z_UDDa)Vv(!q(2Jtll-{jj~4!b@%V8kiXJkajQ@!6F~*Z|l5N3bt=RszgijKV&tL`T
zZE|zhA9uFL_2Txt@Ab#7w?EbEk6Um5BX9ekUT=T8*B>A3mq!zXPaImjXT|$l9=#~~
zF9-YXe)ySpe_soZ<MwBI{YmTXf9dt#TyKAl*MEDx{U5yfoV?!tJg@)WdizVf?J3Uw
zZ=O$a#&M6wsg4(aUs3d-@M*%Q3omZZa&LQz{-@`kig9KLFOIXy8>i_1cs^5%GfQ}J
zoVDIKMUV3CycNBT@J&6REpB&?@Z$IxZ=9m%JpV?FGgo+VoCe-FMQ`N!JTcCE;l*(}
zc;ghkLU>c*8wzhBd?U{ni0xb`e39_Q!i)E73-5M|zP0eq!gug|iMZXR!j}nOE_{XX
zmBLpEUu``7xQuV#;K4n4-(*c$afUkJaW+1G8%6&bkDt$!2G7Sf$6tjAosXrr$1|qn
zr}(_6Gzy)MWj}O2mL57EOAnoorH9VP((U=!<bJJn=FQ#CTH*B$OzxHYe6KXh2+s;H
z72ZI2nefKKn+k6h^zx|rt)cr>9<>zST6kOG?SyY8yp!-Pg>NH#yN|>7tBdg6h3_qV
zKjBrv4;0>8cwga13qL;K4RF5tlmpZAKp!Cdbm0SqpC$Yp;pYh-B>Y0*7vCDbUzZ8L
zQusB(uNQuk@WH}w6@G{CyM&K0&UL;XevkJGA1(Yr;g1M^O!!#gPYE9{{5jz-2!C1l
zYr@|U{<iRUg-;Rwf$(X<KM_7d_!q)w3;$a9T;bmfUl8=tXlC}OM)=k-5<d>c`(Y{0
z|1W|uzOQZgGmP>5%j{wp<NNIFFEGaUmSsy|jPG-@zrq;bzs@d&F}{D3{SC(W{%v*{
zjPZSL_IDWL`*+#pFvj<J**{<m9M8Lw`T0J(0>=3L`Pn~VjPDDwD`AZ9Wo3WC7~g-)
zu7WYX|J`UcjPZS8_8%DI`%l?5Fvj;|%l?HizAwtIg)zRLTlOD}@x8WD)EM6;MSO2w
zRu9Jb&NC2S;v5^p=V{4&^7`|$VT|iM@Anmqah>P==D--&`ToV%FvfLWhxQv7<2v6z
z{T9Z!&i6g%!Wh?i{`NZ<<2v65nFnKB=eus-!x-0jo^w8oah>Nae}FNr^ZoG!FvfMh
z|Meq`ah>m*FN86!m&1R8F|PCa>Wg5E>wKU6XBgu;-)CP8V_fI;*nfdBuJgR~5*Xup
zOZcxa#&w=gUJ7Ge-w6I2jB%aUcU=Z!=*jB>`#GQFyeRj}<i|Z9n;8F_ue0L)(>-s7
z@!|0}<<SPyi~oz_`Hk|Z^tP}!>{WDbXEIJBr(bluo^$%m*Y(})>5@<8fnya%kI%c}
ze^Phu8~<P9IPv@xeM2~7y*Z4ro`*5kTfi9WEn$rHRxrl;Mli;DYZzmFV;Ez-4UDng
z7RFfL1jbn36vkL@2V<<ahcVVWz!>YB!5HfuVT|<(7-PK?jIq8sjIq82jIq8YjIq8I
zjIq8ojIq8AjIq8gjIrJs##rAD##rAT##rA0##rAG##rA8##rwHW32BCW32B2W32BA
zW32B6W32BEW2|?DG1m8hG1m8lG1m8jG1m8nG1m8iG1j}m80-7OnAqL-*M7&^%y7MO
zeL0M={s)Y)z5>Qr{}aYoUkPKZ{{>^LuYxhw|AsNvSHl?V|G*gQYhaA^e_@REwJ^r|
ze=x>+EsU`qb;2_>#Ckm#V|@b{V?6_7te3zT>sc6MJqKf~m%<q9^<j+l1~A5YLl|Sd
z48~Y*1Y@i>hB4Ngz!>XIVT|>1TELsZ7~9_v##nC-W31<4jP({U#(GN_W4#rOvAz+E
zvECZSSl<}NSZ@Pktha?R);EDM);EPQ*4x1tdhvNqcdSWFy5AmM#_#WkE@ORv7-Rha
z7?U2q1IA|Tc5Vh^{M+q;F_?6}Bf5;=uSAzg_bbq4{C*X>OuF9*UB>V8FNrbM`Ijpg
z>->vkb$^x2jKjY`!lZBaY3J{-6n|gU*hVJZ-@Fr^(IDJT_i<zkSkf<!Q@|KZy1ym*
zj2&kyXB>C@t%YwRd|Tn29Zx>L&DW3HrM!N0EZ)c2-tpr7s=<9?;_WYbPZ(qUKp2z0
zzdK-j#{a$dLYGPRcSM)*`v;-Rr29Le%lQ3+(Ph&8F6c6T{}6PUbbn`b8Nc5fT_)Y%
z1zpDPABrxM?(d2&<M;cZ%cT3eq09LF!_Z~Y{oT=J{QlwSGU<L-bQ!<j7hNXZ-veF7
z@ApHON%!|em+|{Ypv$EDd!ftt{Ugz3(*3>BW&Hk8=rZa4KIk%j|7diXbiW(AjNd;7
zT_)Y%7hT5h_eYmW_q(IZ`2AziWzzlq&}IDoap*GX{{HAPe*buMnRNdEbQ!;Y0=i7P
z-veF7@1KY+lkQid%lQ41&}Gv7Ds&mYe=@pEx?hbh<M&TNmr3^v=rVr)RCJkizXn~#
z?+-wiN%woA%lQ4%&}Gv71JPyt{^{s4>3%PC8NYu9x=gx%5W0-tABZlK?jMXU<M+=*
zmr3^zL6`CSXQ9ia`@PX+{QlYKGU@)I=rVr)9CVp<zYn^M-#-^!Cfz>_UB>U9hc1)u
zAC4~L_s>U{N%#Ar%lQ34=rZYkKXe(te*wBox_<<^jNiWyT_)W>5?#jcUxY4`?jMCN
z<M%H{mr3`JMwjvXm!Qj}`^TWm`29=KWzzlr=rVr)GIW`A|5$VxzkfNpOuBy@x{Tky
z0$nEEKOSAi?_Y^7lkT5@F2lb2{P09r(l0(Ay9#44>HbORGyd&fjV_b!pNuZ!_pd>h
zN%v1dm$BP<DvYr{0LEB94aQhM9mZHc1IAb%2xF|D31h6E1!JtA4P&gI17ob83uCOG
z2V<<C4`Zwkf-%-FfHBrDgfZ4Hf-%-FhB4MJfic!Eg)!DIgE7`GhcVW#fHBsugfZ5y
zf-%;whB4N!fic#vg)!EzgE7{xhcVV~fHBr@gfZ4{f-%-_hB4M}ficzx!x-yBV2t&l
zFvj|=Fvj|AFovFd|N7dxBb`Tk?0kR9zVFi>{n*Q+>zuyp*9*Tv_>IDE5`MGrTZ9i5
zK1BFX;kOFEP5AA??+|{c@L|I55<Xn`-NHu*A1VAE;r9w3CHy|&qlMou`~l$)3V%rW
z!@?gC{;2RV!XFd<xbP>0j}`u;@NvSQ68^OCXM~Rz{;co`!k-g9QTX%1Ul9JH@Rx+Y
zEc_MWuL^%n`0K(a34cTQo5J4`{<iRUgijX!uJHGSzb|}>@c#*)D*OZC9}53S_%z`k
z3!g6h6XBl<|4jG{;hzhiDf|oJvxI*se75kfgwGNFweW9*e=B^h@b84r6aKyM`NDq?
zzCieo!WRnvN%$h+KMP+h{1@R%g#Rjhsqo)~FBAT|@a4k)5WYhApTbuP|4aBP;eQKX
zE&LzhYlQzRe68^Rgx3m>n#9lj`G4K#^Yw&pAUq?yM0i$sPI#&C`obFsZz#M>cq8GB
zg*Or2RCu}YX2LfV-duQIcnjezg|`yEk?_{SHx}MTcw6C{2;WqAJK^nxcM!gr@Q%VO
zgm)6Yx$rH7Zz+5$;adyeM)<bEI}6`V`1Zng5Wb`EorHH0zO(RMgzqYRH{rVr?<#x`
z;d=_-OZeWx_YvMr_`brs3*S%p{=yFs-a~k$@G9Ze!VAJ{g!dGFpzvP84-$T`@I!?6
z7JjJkKEe+Zez@?y!utt7Limx!<Lk|qdDole^NsjApZ@2}>GAo=w8z)oN_%|Wo3tn2
zYc4*^!Dpv1e)7F$>+$tz|Nq9}c812Gmqy=5_%HAC^X;+m!SQjzH95a}l$p2WdOr62
zSmH;E{xQab^Nia~&*#N?ZhzW$^}PQ<#hDBDyL$cO*4y99>z}aRemAdw(t7**dHqw?
z+wbA^2duYW?e$MzZ@;J4AGqHBL0<o?_4a#v{d3maKg{c&x88m~uRmzL{iD48h3oD2
z_xcyFw|~6XzjVF*lf3@rqJO3E;@&^N8|P}#zgBp0oPpjr*Ngs*!i(da<BfB(=nocN
z9A}U>&QQ_6P52$gbGQaD*W%*%J72>^Chfb_d2;>pVP>4fhZ|2nUR+kU{fUn-{dj$A
z7~K<ecRSzm=ApR#S9(5bz2jWt^+&I_f4$d#V7>jDy#7P$?GN_)kF2+UtJfd1-u@k4
z|MB(q@ACR%*V`ZA^~bHZf3MendcFP8UVr?0`wx2k3G3}Y;`Jx4xBr;ee__4-v0neB
z_4c3g`mc!oYr>1i#k1ZxlSKbb;l**D_r`f!^d}21j`OlN&U>OiMR;+X*S&G3ivEYf
zi{ni8#wq&y!lw%V$n$C9cBc#fRQL?xGmR(fYH|Cg*KJSYvrIo(Z)XR+Jet#_I8yQX
zWO?+p@Na~FD}1i-?}X12{=M+|!haCHK=_Zs7YhGL_#)vy3tue!7vW2U|0;Z`@ZW?l
z6aKsK<--3EzC!q)!dD9aOZY0`e+yqN{2$?Kg#Rmit?>VZ*9woChL6*F!Z#3}5nduZ
zD?BH>RCs;i4TLuoUM9Se;}z>(N0&#99e3BaCc>KvFBjfS_=dup3(pI0A-tvVR>C(D
z-dgy^!rKUMD|{2-n+k6yyuI)a!Z#D%QFw*$PQo`AzJ>5Dg>NN%YvJ1n-&S~M;oAw{
zUic2ecND&p@Gio47QTz{U5$sX@4@4p*AJ<O*TDAkkcr#RB__U`89(vejmNiJKk6!c
z58-<X-%EJt^On3{dyD=)!n+CIS9s`in7qDO_dEQ@qj(<5qXUFj39k{}OZXwe`v~tV
z{7B))2tQ8viNa42ewy%spN8l2T;UfAzfAbm!fy~hSorP2hYP<~_yfWp6+Tw@Gr}hZ
zoPQ_iW#MlbkB|5AXv!V_?<MgMgijOxiSQZ1zYsoK_}9Yc3jf}Ca{Mk3{*&;<!haRM
zO!yzdR|@}I_!{B=39omj|NBkmp+tD8@P@)03ojSmTzE_2t%bK0-cI;t!aE7yQusE)
zw+nh{v}1W_{!62sgoi$-S`Y8~bqVyF<IMNY=5~4f^7_NO9pc|^;$4OBDSU6?-Gp}+
zzQ6Du!mETAg!dHQOZdUUdkgPlJU)&}Q|Ffwx95uzx95Knx952hx93k1x93k1x939=
zx92?)x92?)x92w!x92w!x92w!x92w!x92w!KU~anKjB9TKU#Qy;l~L-LHJ3+PZ2&q
z`02t23O`HuIRWQ7aNcMBI>33RUo89zGfw<`pj5oRD2>9eFR=bJ^=~&B$G*Nu{HpSB
z|7zja2)EydO2)rd^zG*#lKn9BIef0eq0gVwL!Vcthd#GY4}D&a9{RoyJ@h>S`gP`h
zCEI_!@Ee5RDEubjHw(YT_5b_)3Ab~w>v-LoZ08Wyo&HeQoqp*1M;!lF(Z5aj?ZWR6
zey8wZ!tWA3TzL5Pb!ilSeO(%bUtgC-cZ=~y2p=i@9^v;2A0_-g;iHA$FZ==HJg&Kp
zJ$OiZ-Jm}#{88bL34cQPlfs`8{*3Tvg+C|!dEqY#e_8me!e2KYAE)Kf8^Yfb{*Lf>
zg}*QSf5JZy{*myHg@1CVzyBoncZTpU0?y~*vjgMP=ZOBdqW@i>&-HD7d1yOJqaTDX
z5dNd^g~ERlzDW4b!WRqwMfeiozY1R}{5Rptg#Rvlx$r-PuMqyH@Rh><6240K-@;c5
z|3~;5;r|L>EBrs<wZfxj;r+ax@C}4#gqH}<3eO2I6<%L>1K|yYmkDnqys_{m!kY%Y
zNmSlDH2+Pa4QGVCmGHL0I}8htQz80WiT<|2w-@8=B76@q&fdcJ6~4b1zgl=NG0q{v
z`}7Xa+u@>r#Efvizwi^q_$Q108N$yKe(|vI_FN|V*9gB!_)sza?ZSr%zgvtyO87&<
z9~0w`75<d)@x8<IHbMAA;V%e(X;^stSA|cS5$;bG{r5%xL*bu_aX#-IzTGc`e<{ZQ
zR``73i-v`7_ZQLsy?40(hZtw2@V|wx5&oa>dY^~4CwEua8yp(;GSP1$yqWO)=i%{N
zi+)?-?SyY8#@|wS=R?EWv%To=BKo_D{$9en-xa>y1B6!zuMy)Pd}w(5-eR1?#5hNa
zagG-K6N2NHM<)lzDUVJSewy$zgr6z=Y~kk$KVSF-!Y>kj$z7rOFOM!4ewFZRh2J3j
zX5mAG-zNM{;lqWG6h2D${lXs-{%FvfM2`!9^3c%yH;JAS{)`xBg6K~SIA8C-ApE7k
z`0T$bd{SVXdg#9?{B7Zrg}*0!%ID#E`$+UZ7XFFw&xC(2{0re<3ja#@*LQ{Q*WAy;
z{(~6jN8vvS|5^Ai!haS1oABT73UB`k;eQEVE&Sg@!{h%aJn9qfZy>xxcushI;SGg1
z65d33`S9@eHy7SgjI)vGw-LUn@D5`9j-tQ0@U3Qs@7H!>{2jzNU4-u{ysPlNW`?(C
zKjDQw;eJoyy@VeuytnW^!VeeTPxz6-j~3ov_;JEd5Pp*IQ-lu?e!B31!q1u+{(YS<
z`WFblNcbgU{40ltZ}%E8&UM0X5Pp;JTZ9i0eyi}?h2JUsF5!0%56{CrqCZObXfe)%
z!XFXijF}nUo+rgPPm6KJ3!fl-V!-R3rwvbU5B=qU^Yg&31;(LI68@&}w}np@{+{qD
z!lw%VQ24ar>3QJ&`b78);a>=!E&OZYbA^8|e1Y(vgfABUtMFyQ{}8@X_}{|U2>(xb
zy}QG|uM**<!W#yh`+sBO_~-?`U%>CJm*?Ze*K>BSCx1Jx{mk(C&&7T-^qF-34s;p6
zzahFzx_>9SjNfmLE|cyLLznUUd32d{|1NYHzyEl)ww6iv-`T9Tmht;7FgBC!569Sy
z-*1U7lkVS*F5~xGq06NEBhY31{zm9B>HbJ`8Nc5eT_)YX2VKVRZ;URJ?%#_p<M-R3
z%cT3G&}IC7TXdOp|2}jXzrP8(Ou9cBUB>TkiY}Ax-;XZi_uHY%r27w`%lQ5F=rZa4
zgXl7TzXQ5Vy8jTmjNji3T_)Xs7+uEicSM&-_a8x*@%t6%GU@)K=rVr46S_>gKL%aK
z?{AJSlkPu;F5~yNK$l7PA4iw*`&**Rr29{x%lQ4R&}Gv7vFI{>e`|D^bpJ_o8Na^`
zx=gx14qe9YZ;LLI?mvYt<M%tG%cT2Hqs#dH?a*b?{b$f+{QmanGU@(!bQ!<D1G-GQ
z|17$U-`^2kCf%QaF5~xiLYGPRpF@}N`(4mw(*23(GVI6K8K@u4%GB0A4@>%q&xXI?
zc=7RWXN=9H$A1xh#^0V@&}Gv7m(XSW{;udU>Hf>;GJbzIbeVMj6?7TDzdO22y8kM=
zjNk8yE|c!RhA!jx_du6P_g_bsVc&gTF$osxzu|as{`bV#OnRI*(P#Ya*$Z7J-G2*R
z#_#WqE|c!RjV|N&_d%CQ_uoO6@%!D-Wzzl0=rVqPUv!yt|6Oz$zuz5QCf$DzUB>V4
zhc1)uzmG2C_xDGaN%yCq%lQ2R&}Gv7|DntH{T}Et>Hbu78NXkNE|czmfG*?rtI%cA
z{SVP){C+jMOuGLOx{Tj1pv$ED)6ix7ehs=zy8kh{jNk8xE|cz0N0;&Y2cpZQ`=6l8
z`2Ak!GU@)O=rVr)Aat2@|1)$Mzke{gOu9b<UB>Spf-aNpe~vEW_j{wur28|`W&Hl3
z=rZa47w9s6zYn@hx<3nD#_u17E|czmi7w;!4@Z|t_h+Na`2D`<GU@(T=rVr4AG%Ds
zKL=gL?;n9KlkR_wF5~x)M3+hTzd@H_KY5&G^IKS`KUes7!siM9Uif_BKL}qS{71)&
zk5fnCo-yfpScpF3&)d=HGU@(L=rVr)7<3uy{b5XcoJAOe@y9t9T_)ZC8C}NjABQfJ
z?k`4{@%zW4%cT3ipv(CE6VPSS{Uzu!?DIN)oNM-yAAg(^F$R+!=U0ru`29b#wY5yT
ze_!zLL7#-NnRI_C#%BESPezwX_kTl|Vc&gTv<${r{~eZ$Q{3N9!Prc?zZ`wW-=0&^
zWzzjW&}IDo0Cbsje+9aX-#-mqCf)xNUB>U9jxLk#uSA#e`)8obr2BuN%lQ3)=rZa4
zDs&mYe<r$2y8k!2jNd;CT_)XMjV|N&&qkL?_y0kc@%zp2iiEMgB#Wa0vAzPvSU(51
z$yi^BE)%=EAFk;{wf%E324np^7-M}E#%8Rak1k_<5R8f4-JXB3J&Zp;7of|e`)ko<
z{QiaLGU@(*=rVr)B6OK_zZPA_?_Z2AlkP{G*VZzA{}ObWbiW?DjNiW$T_)Y%0A0rK
zUxqG|?q|?t{Ql+WGS;IUwjQy51-gv&D`8CR?(eY#x5@aodlkA&x}Qat@%vY!%cT1`
zbQ$*D+bxBK`t=<zuB+EzY$iQU1N0exd#**7N%tF~%dnq3|5@9R&G^UlmSu_h{W9al
z?Ys`R$)s<$47bU+<6n<vBUsW;wr5bi+S<mByYtpWcvIo!!kY=-P<V6UdEqUD-%vL@
z>G^3X`mKa-B)qlojfJ-n-d6Y~!Z#J(PI!Ca9fWTtyrb|6;hltUE_@5&TMFMw_}0R=
z5x%YP&ce47zP<1p#eTR0`V5a#_qf|pjI)#QF2Z*fzKif(h41EgvTp2(`?Pz&dCYYU
z_<s0%QhNlPbF-)8?mX-zd~f0V2=69*U*X+_4|ZM`xZ62S_<qhf$-Le4fBQnR4j0F{
zIe#<$jq&$~Tk^NS7~coy2g4ZOhvbLA7~hBHhr$@&Z_VEdV|>3Ye;bVP{r3FrFvj;g
z@^`=(-|x)d31fU8mLCRVe7`Gy7mV?Jcz!sH@%`@n-7v=Y5&01?#`lr=kub*hd-C_d
z7~k*B-wR`WAC(^kV|>3ae;<tTeRO^_jPd>c{QWS-_XqM1z!={j%s&WYe19na5RCEt
z;rzoe#`j0^kH8q;AI(1sV|*Wz9|L22e=PqPjPd>P{Npgj_b2jCz!=}h=EuSq-=EAs
z31fU8mmddXe19tc6pZox>HO0$#`kCP&%hYp$LGhx7~h}GKMP}gpOBvbV|;%u{~V0*
zePVthjPd>X{PQrz_ZRXnz!=|O%)ba@e19qb5{&Wv<^0Pq#`jn9ufQ1JU(LS?V|;%t
z{~C<({q_9oFvj;u`AIOw_c!uyz!=}(%)bd^e19wd7L4)z?fly?#`kyf@4y(}C+8=_
z7~kK`zYAl0e=q+YjPd>b{QEG*_bK@)Fvj=)<^Km`e4m=13S)f#ApZf3@%_X6hcL$X
zkMbYE7~iMmr@<KCKhA#)V|<^UpAKVu|0MqjjPd=`{HHL+_s{a5!5H6X<Y&Mb-#^cP
z4r6?unV$(`eE%Z<1&r~1R(=+Y@%_vEmoSE&{<}r^bVmc>_#;Yf1Lq-mVsev!yW`Ks
z?Il0$o!k9Nxc$3<$#%{W{jY_8Bm7(8_V05gw>ww#?e&h5{&%83Px$x3=L`Qq_yXZS
z3STJvC*g~P|15m5@Lz;45&o<2rNVy`zD)S<!j}vGL--2ee+pkI{4e3Fg#RskweWw0
zuMz&Q@U_DK6J9GkYLToC@!!==j-z_QHxQl?ULrgzJSW`#{oiCeOGUrF@CL#g3NI7h
zNO)u6O@ucUUM{?u@IvtKAmHy7ihgt9dEqUDw-nw=_(sB83*T6H8{ut*Zz6nC;q8RC
z7v4emX2LrPuMplz_~yd55Wc1Gt%Pqad>i503hyj@JK@_4-$D3}!gmthMflFbcM-m;
z@ZE&(F1)MoJ%sNmd@td93*Se0H{tsVw|_r6S)aR${(i#u7k+^79>ObyR|&5cUJza*
zyr=L3h4&JEknn?r+v`{+^M8ow_ZEJr@IJy16MnexzQX$nABpp~$&dT`<p|L~QutBA
zj~0H6@czP&6@HxX<At9f{6yg=2|ro*DZ)<`K0x?s!cP}|hVX&H&lG-^@Uw-VBm7+9
z=LtVw_#ojI2)|JHMZzx@eu?l)g<mH8a^Y79zf$;B!mk#7jqq!QUnl%};Wr4sQTR>5
zZx()w@WH}|2p=l^R^hh^?<b!B-!A%h2)|SKFyVIzA1?fE;Uk2P6n>BJdxeh@Zm$QP
zJZ|16`lE&4FZ==F4+?)s_`|{<5&o#~F~T1c{<!cbgpU>er0{XVpA!DG@MnaN7yhj9
z3BtD$$JcYBKT-Je!e0>nqVSi5zbyO};japRP5A4=CkcN;_}}7r-J7ESmhiWQzaxCI
z@OOp3C;WZkQ-uFd_*CH^2>(#{N5ZEG|5$i)v7b*D{g$HtiRgbS{4?P*gnur4rtmL>
z&l3Kn@Y%w@5<W-x*TTOMUMr55Z$*Eu@b84r6aKyM`NDq?zCieo!WRnvN%$h+KMP+h
z{1@R%g#Rjhsqo)~FBAT|@a4jv6Z^>@qQ64;pTbuP|4aBP;eQKXE&LzhYlQzRe68^R
zgx3m>S|(>D{P#`l-$O~BPu3It4TNWemk9U%PKxtBZ&vhk!b^qM7v4a4L*Zq@8wqbL
zyovCp!pns>6TYGF=EC#BTL^C{yp`~cgtr#HvG6v++X~-Qcst?kg?A9XnedLnD};9v
zzPa!%gl{Q)E8$xU-$wYh!aED!PWbl1cM!g#@STKr5x%qVU4-u{d^h2{3-2m?58-<X
z-%I%3!e@xb(|tt0oA7;wcNe~&@co4!AiRh0O5s()tA!VY*9h+^{6OKogdZgQVBv=d
z?=AdL;eCW3Cj4;WeTDZEeuVHNg&!sSXyL~Q?=SpV;l~L-Uib;ZPZWNV@Kb~j5PrJw
zGlUNmex~rVg`X?@eBpzP$Di9Tk1ptYLErtI&-o{QQQwRD9uV+L`d-qvN5C%|dD+Oy
zfL}TC%8^w8zozeXeX9e09lQ|m8~WbRw<h2>^}VTY&w$_3_m;i~27E~0A$@xV{MNp=
z_C3gPKHuhd9&Ybje15(mo)71ujd3+P|9jm05N6W9)AVDn7v1H|fAYD?5`6G-BlG>Z
zq~AvPa52u^!bb=nDf}Mc_Zr8aM2s3@`+qmz2TbN+R9}DI5+5!60pSk`e?<5g;g1U+
zD}0>rr-hFfK0)|I;V%e(N%$+mUlTq__?yDt7Cu?{d%~v(pDO%A;nRdq7yha68Nz1@
zpCx>D(95Gajwi=^7OTfMEsMuR(X+yH(YK->_KfJ42+u`x#rR>*h<=IiT=bn7KkOON
zFA<)L=85sco)P^L;koF0F@D%HqF*9B7tI&rhdm?uCBk#j4`TeVXGFh5crIEX#t(Z&
z^h<>2q94WhVb6$uiSS&sP>dh;jOdpL&qY6p@xz`G{Sx81XptB{>>1H75uS^F7UPFK
z7cCb3u;-#*L_h4gXo={DJs15d`eDySOGQ8Ix#&014|_)RON8g5Wn%oWXGFh5crN-~
zj34%l=$8o3Ma#wbVb6$uiSS(XhZsNXxoCyxhdm?uCBk#jpJM#5=c1LOANGvsmk7^A
ze~IzKo)P^L;kjs)7(eW}=x@;vdoEfn`eDzAeu?m0^p6-n?73)-=!ZQQ{VV!m&qZs4
z{ao~4(6hpGQLX5QJr_l-!p}>?o{Q><e%Ldjk5|CKaWc^cK`#-Wi!%Mf+aLB^lokE3
z=b}>44|^_ZAo^j?MP;HN_FU9h^uwNunu>ndGoqi1nu&43o)P_A)Vx*r_Z9Yx=$8o3
zMfu=%=AxFuHxj<F@V3G?72aO>X2L6kZ!UaG;adyeR`_<pcM!gl@STP4Dtve0dkEi4
z_&&n-6~3SF1B6!!uNGb-{6OIc2|q;mp~4Rn-dFe$!jBSujPPTHA20kw;U^0}RrqPb
z&k%m5@Uw-VEBt)n7YM&d_$9(G6Mlv8tAt-8{5s(`2){}AEy9Ngzg76{!tWG*m+-rV
zj}(5d@cV?{FZ@B_4-0=(_+!GK5dNg_r-VNv{8{1834dPri^5+P{;KfTg})*EE#dD7
ze^>bX!v81y1K}SD|5*4Z_k^Ao<)RtFzYsoK_}9Yc20a^n-!HU1+2{x18wvkW_{PG2
z68^LB&4m9Vyh8Zq!haS1oAB*~|1Nw7;X4WcL-?P<cNPAZ@ZE*)Aw2wemyIqG{qW;g
zHVQv}Wux%pS2nsuj30j7$wuMFoop0-+{s2G#rWaJi)<8ryvRm>i*ds1e>VC@^#2te
zUbk_6K=i}wc{U2K=h-N{Ug2HcBf{&$2ExPZZ8j<q{qQ=Rjl%12M!fFJh}V6YC>Oll
zOcY+nGEsfeZyTKFOth)+_QJ#KSSD&HZg)#D&ep=W6&_x%GEpOOyW#aD6YV9&-$(eq
z!uJz?fbeSJHNp=Revt4(gdZxriI}&;M8B`_BZMC%{21ZK3O`Z!$-+++ewy$zgr6z=
zY~kk$KVSGI!Y>nko$wok-y}Tzc$A64k4Ks4PBG41!tWLyew@lg<zhd)UySph@P~yz
zD*Q>|PYHiUc=&NG6KyE&*NbADmxbrWIB$slTf*NF{;u$r!P_knk2@veai=8OEI59N
zc)Tcy!s~pASm#Tk@H&s}6x$zOCrhG@MZc}^O@)V#uM%;5m5AqWB~f_4DiQltNfiD)
zmPG3J*#6$o^P-Zdqwvjxo{P2$&O<KRMtEo8+Y8@Oco*Tj2;WV3SK)gK-&=S$;oXJr
zFT98FD&Ym;J%#rYez5S~!utq6TzL36%0>M||489S3-2HFtk^%ZV*kuW;r%lkh4;^F
z6y86xQF#B%M&bQ48-@4JY!u!<vr%~e%tqn;GaH5X&ukRlKeJJI|I9|={WBYd_s?t;
z-aoTZc>l~s;r%lkh4;^F6y86xQF#B%M&bQ48-@4Jtk^%ZQF#B%M&bQ48-@4JjM)B+
z*#3;z{*2iEjCfqb>%QRel8KHNkJsVXDJ4<(bxKKekQgWY`zjIlw?y3E61klx25&bT
z9T&X6xs*4>=f?Tj@#3Rn@jAxYC=;D<Z}DH;&&Qq|^h~6Dfasqg{4C+;3Lg}7obL*H
zMtC;5G}zBZR|Gv1T`l~&pl72Sh2IkNOr(5hu#fX*LC*-!M#Dru?Ahq<U_Tq(6ZDL5
zoR<ssv(W=V&j`;(4~u@-v(cDfKN~#}^o;OqG*0xDKNIX{qY1*F7yeSvGf~*H(W}9J
zHku^-E#Z@ezaR8W6!vU1HQ3Ka9|@l>{4?P*gPw`L40=}joM1l_g*_X6EBeakiT)2k
z&qfP_o{4@IzC`$M!j}vGQ}`<3{|H|jbeyjq6@Gll1U(al9pB^#_Onp~;f;hh4LUx5
z74&Shq3{;MHxk}P_@=@;2(J*nh48I~cNV^b@Gio472Z|&Uc$Qx-%ofC;nl)>3O`7A
z@1SSI`j&~*I(Ara96S#XdL}w5=y<*zbUeQedNw*qxazChJynczy6`iFpCkPIpl8JP
zXQJ@qW=1}5xiC0>Ho7F}x#)7?R|&s%PH270MK=i_D*R62BZS{4{2}3wjS6q)SkZso
zcpk4I_<g$fjBi-?`l4a<LF?l9yxwo(9}53S_%z|$)%|7L_%__}KNkJz#`zuM=J*Ef
zC&uH~M-8J-jVIgxneZ9L8~@+<p9`O9ywU&lzc8L`=L+Y0zP!K5cK&HR>CZCbB>gXq
zC;i#Rlm1u6ll~mzN&jo(N&g$;N&j2pNq>#={cHFB{%btx&o$#D<9}y7>CZEs^uITr
z^yeE-`ac+t_mlEyf${kFTOQfpFZ+%0pYZY0I0_vv?0;l_@A2(6jzY%;`{CoLab%B+
zWE^`O#rt#P$nMYa{4|c-{j<Zm{j+i8?w|Ce@9v*&-`zjmzPo?AeRuz)bNkD1e}6Rd
zpWLs7!hbRzf4{!5_x*bAhn$Co_`iz+{pRqW9q0CN9QtD6e~91XFHWDg%k`G`Yl-pX
z{{9+p-tJQ4ybb`@?ca_puFu8uJop}2(D6Ml;eQJME9fQB-$BRsfP!8U{Tp<AA1COz
zV#HCQ`<06}2zp6W67*b@3p(Bh40<kVxN-P)%YvSb!k&v7iGJAeJrvOodoF4s`eDcS
zRzyGSc-<82mk7^A<-vYdIKKZP`eDcSUxNJ-;kjtTU>~phf{yRe1U)Mp-=hik@jaTL
z<9jqg&kD!quY&y&;kl?qu%8v45ndu3-}e#YhaI023-<9oZ_sm5tDt9vXM~ps&qW)F
z@xz{rT8n<zaWxy!4|^_ZBl=;_MQuet?0BCg*e?;Di#7@Nv%)jNON8g5O~v?O$NN6P
zeu?m0)GpZ13eN~H5uS_Mi}Ayr5&aV3xu}B}KkOONFA<)LHWTBAJtO+~oJ??>T+}h>
zS>YMs_*_SDoLp29^sMlV@Dky<sFN5!>>1H75uS@S7vqOLBl;!6bI}%J{IF+4zeIR0
z+ER=k_KfJ42*>Ah#Q0&)h<=IiT(q?qKkOONFA<K<5sC4`j_0whLeDd^!gJBKV*IdY
zM88CMF6w+#czeR0i?$d2u;-#3ML+DhsEg=Zk6#a#MfP=W;=62IykC6%6~E3ZOTDg)
zUze4M*JWi<_;p!X6n-6A7VT<oH-5cbCSG5crCwhr+aG>CTb6n~%YI|Lvb5(P;@7!l
zsn@wlKXm?q<LqX(AAbrtY5-qsUgsvhx${W`&U51Jgtr&|ix_{2@Lz>575<y>WyX{F
z37>B%OP!yI&kvM|^9E&+JwK52?fHb{_Z~i<Q<gdpfT@n^;rB8#yE}ekOnm+G#Aju@
z!WiGzHrxZo`2J;fPZ;C-?Cf4J#`l(Gd&3yt=VbSRF}{DD?FM6f|0cUHjPd>3Y<C#r
z``qk)Fvj=qvirjr-{)lyfHA&*pX~u-e4n4KgfYG^$X3A^-^<FXVT|uTW(zRJ_rDv}
zz!={bW_!XI-+#&;2xELdwyYP7@qJPDAQ<EOxn&2#7~g9f9Rg!~Z(i0L#>AeiWA1s>
z<a}Lo?1%PzSA2f8EOO7Uvfl#xE&GSojm**G@#FKWWvTP4N&iuEoW|E#EyHNISGevd
z!}TZedhkPFjO!b~d&3ylGw?%UjO!)vJ}}1hEc`GS<2tS!Q+qg!alI7Y7sj|=AKnkf
zxZVJM1dMULA^b=f<9ZqVC>Y~<BlyuU#`VVVV_=NyP2l}ujO$I|$HExb%i+ht7}uM@
zkB2d?ZwNmD#<<=bej<!<Jr6$##<<=Belm=4y(Rn<7~^^?_^B|)^^M>IV2tan;ithE
zdb0o9^WMpN-pB0E$^LK8hbR5ROg|a_aL0MPB;)io9zR|*irn|zcpf+&r%~j-pVDmI
zIE^Cr{S<mKj{80Z$4R`ObGylT=6X@1sA;qK*yaCq{Rq)NQutBAj~0H6@czP&6@HxX
z<Bjtg#=O5L80UF-`uy_nJp3Shf$$%NFBJZh@I}IZ7QR^cFT$4y|5f->;lBxACj58d
z%Z2|Te1-5og|8I;m+)1>{}#Sl_&>te2>)03TH*f*uN5AN<Gr5n4TNWemk7@a&j~LT
zUSD_v;SGhC32!9)M6+%r>&Z#3V=+nmWaG&?bBg16tj~#`>bScO4-kHu@Y98#A$*|l
zGlice{A}Up2tQZ&dBV>ZK1lcl!Y>qlk?@O!Un2Zc;g<=&T=*5juM~cj@T-MiBm7$7
z*9pH~_zl8u6n>NNn}y#Ze6a8#!iNgKRrqbfZx?=t@H>SM6MmQQ;ll40K0^3N;r9r?
z*LZUNZIt7DzMc4e#*^pIqm3u86Yn?P^8a3MK43f<|3Tpo8IQ+l6g})X*V}k|8byx?
ze^mGw;g1<lZufEFPZ)1gcYpow2i3=eOT&P3`}qo*=j@8lV&muY_$NHSrH{oeFxJPx
z80$~N80+I<jP(gH#`;7UWBmmfWBnx<WBnBvWBoN4V|@~gvHm8EvHmuUu|65bSbq=3
zSf2u8tWSk8)<1+X)~CT3>(gP3^-p1p^%*e6`b-#OeHM(dJ{!hZp95p8e*<Hz&xJA8
z=fN23^I?qj1u(|?LKtIx5sb0E7{*v%0%NQ%g)!Eb!5HhyVT|<^Fvj{y7!!MZ9xOht
zPsce7hR3_>17VEyvtW$%b6|}1^I(kiK`_Spg)qkY#W2SDr7*_&<uJzjl`zKo)iB2T
zwJ^r|^)SZzjWEXg%`nFLU>IY4D2%aw8;r4j2aK^k48~X=4r8p3fHBtZfic!c!5HhK
zVT|<$V2t&LV2t%gV2t%KFvj}hFvj{=7-M}LjIsVSjIll*##o;KW2{evG1gyzG1gy#
zG1gy!G4$f&?<ySAjP=zp#`+o<V|^`*v0h6Hc)d2YwT$g&V2t%FjImw{W2`rTG1kjq
zjP=Ga#(Gm2W4#%SvECfUSZ@Jitha(O)?33E>uq3+^-W-m^>#4EdIuO|y(5gV-U-H7
z-vY*1-wMW9-v-85?+jzCZx3Uv?+9b8cY!h1cY!h1cY`t3yTTajd%_s&d&8L6-N(V#
zaLh6Gc$@@dtiK6ktiKIotWSn9*589M)~CQ2>r-Kj^$%f;^=UB1`g9m${ZklYeFluN
zJ`=`Rp9N#A&xSG9=fD{2-@q8_b7742c`(NMd>CVW0gSP}5XM+v1Y@i(hB4Ncz!>XG
zVT|=<Fvj|F7-M|}jIq8F##mnkW2~=+G1k|>80%|cjP+U=LoYslb;B{oSnm#FtnUwF
ztoML1)~jHQ^#Y8s-V?@H?*(J59}Hux_l7an`@k6Mhr<}_{a}psBVmm7qhXBo{xHV+
zaWKaE2{6X`NifFxDKN(R02pKabQoiOAdIno7L2ie4vevW9*nU*2*y~y5XM-)7{*w?
z6vkM;9L89`62@4+8pc?^7RFe=9>&D(K2Fu!0?)`0d)#GUjP)#xv0e&etT%u$*2`dw
z^~Ny9dQ%u<y%~(L-W<kQZvkVhw}LU&Tf-RZZD5S`O<;`mb}+_z2N+|$BaE@$3C398
z0>)V13dUI92F6(L3}dWs4`ZzF2xF{wfic#1fic#1gE7{-!Wip&!Wip&!x-z`V2t(d
zFvj}+FvfZh7(<WWUyIL&RKb$tEB5-)jde#{+HVrRAI^*x0^{6_e$Rk^TMv&e0lx+P
zg9APo-aFt!;C%u<6n=QX=i_$!1^fs2kpaII;~X9E+u;2JemnfQfZqW>A>enyPYU=j
z_$dMZ8QVD^;CG>adca$tKQQ3K(LXETcf-#K_z3uU0Urq;6!3fC7Y6*CJRV&FelPl$
z2K+ww<pCcJzcS$W!><nbgYatu{t*27fS-r``Nn`hg8t0`e-u7A;QTz;(14FY|F(cX
z2EQZV2Q<bxt$;s){_udW!tZ@Vz{jG0Pr#pqj|%uW_~?K?1%DvmYjC>{1^j9B9|`y~
z@G$`&4}U!1&%(zBd;)x2z@LLZ9q@_p@d1AxJ|W;Qz$XU$CHM=D^Zg^Pq4CODTtE4~
zRml0eAof=<5)-e_MSl&(Sf2!AtiK6ktiKIotWSn9*589M)~CQ2>r-Kj^$%f;^=UB1
z`g9m${ZklYeFluNJ`=`Rp9N#A&xSG9=fD{2-@q8_b7742c`(NMd>CVW0gSP}5XM+v
z1Y@i(hB4Ncz!>XGVT|=<Fvj|F7-M|}jIq8F##mnkW2~=+G1k|>80%|cjP+Vt!0WZe
zs|dvQGcd+_7RFdFg)!C}z!>XgFvfag7-PLDjIrJf##nC-W30D;G1gnb80)QJjP*7!
zCU(9qOV+oSupTnW^UuUzfic!!gE7`8!5Hgr!Wips!x-z6VT|?nV2t%CFvj{+7-RiI
z7-M}JjIll)##sLp##o;LW311FG1h0n80)iPjP*G%#`-rf#`;_sV|^Zsu|6NhSYH5R
ztS^Ky))&DT>x*HG^(8RI`cfEUeHo0gz8uC_UjbvRuY@tySHT$Tt6_}wH895dS{P%!
z7RFeww<T6M#CitCSkJ;3>!mQpdIK0^y$r@!ZwzCsH-$0Qo52|C&0&o77BI$oD;Q(F
zHH@M2`5V7`!*wnBNt~ZCO^p9dk3V<n`e%99H#w&Gzi_>%UwHiv>+OH#^*fn9{<3i0
zcOHu4@A?imlAnX(bIPLE*4D?DBJr1+O@H^ge&Sm><8z$EI}0z4|83sw7ybJ>FHLRF
z9(A{y_8;^7g(SYCd%KSBBD{FJdx`P)75+=z?I!oPIL<y^zpJ?2y@eOY+0PrN`+EBa
zc>Urye|Ym#^uIjsA;vEl=ROkeC%xL@3=I<R=S4pl##rwSW32aqG1d=<G1mLR80$yE
z80$yF80-CEjP>JSjP(;>jP;XXjP+AsjP(I9#`@_n#`-`QWBn``WBnW$WBoiBV|@^e
zv3?<pv3@a(v3@Cxv3@y>v3@0tv3@m-v3@O#v3@;_v3?_rv3@g*u|62aSRV>wVt3zP
zXoJTDhU>QLo4^?B?O=@c4lu@gM;K$h6O6IG1&p!26^yaI4UDng8OB)O9>!ST5yn{W
z0%NT20%NT224k#ug)!FmgfZ6lhB4N=!5Hh^VT|?tVT|=2FvfZnjImyTG1hy+80)=Y
zjP-+IjP>3y#(EzZWBqU#W4#}Yv3?|sp(l^CJRahoO7Xb!kN5a;+c8PMww90AeB6v5
zM;xzv{?H)k!RIG<;aGg!8HQt&iMO-p!(oi|5irL3Jut@lC>UdXG>ozS0F1Hz5R9?@
z2#m2l2F6%_9L8853uCO0gE7{hhB4O1!x-xmV2t&NFvj`|Fvj{zFvj{TFvj|8Fvj{M
z7-RiS7-Riy7-M}hjIsV6jIlli##o;UW2}D&W2{euG1jNU80(+HnAqLNouhG#GWPiG
z4`Zw!2V<<C0AsA51Y@k90%NQXfHBrjhcVU%!Wipk!5Hi3z!>Z2!5Hg<V2t$(VT|>Q
zVT|=lVT|?5VT|=FVT|>wVT|=_VT|?bVT|<~VT|>gVT|>`Fvj{&7-Ri57-Rho7-M}H
zjIll(##kQ#W31l;W2}#YG4xVAlGw+Q_IP~Z`zgNvSNFO&?Hjb<IEl|VhDTQXv!Ua&
z)_Jal>vPt5ZLRBbh0hnhQ21iwrO{XBepUb9<FEDjake!2!SoZi{TeaOfx-_Geu(fx
z>pYp~WR5Xw-uxH6rRPi6&BMmt{4ZbU?LA+)&i&uZYT;{z*Xv*0BL054Pu0VJW@hQ5
zu@}bsVdAsu{DG9Ot-Bt}Ln;5VuK!5NXV>|dl(($A9{A%apHtT#oAR&gd|b-Esq?2(
z{%xI)Px;(BpOEtJ>U?6#=hgWODgVCCUrPD>I)5eQ3+nu}l$X`b!=#k|Sl53u<$pKg
zZ|d!oFRbfNPWexD{$9$Dt-IYRDPL6ApPKS>>-rz2ytZz8rlq`jU4QyIk00N;ci~aL
zPTlp8dm_&L2b|aKnHg|iw`W$sdEK7b0q1pl<^-JA?fE9)yl&6jfb+UN^8(K6_RJ4B
zuiLXA;Jj|n!hrL-J&OX)>-H=TIIr8YB;dSm&(eVNa~jJ6&g=Fp4>+&evm)TUZqLeq
z^SV8&0?zC9tPVJ@+p{L%yl&6hfb+UNwE^dKd+Ke)W5Zv^;`J?4_b+^W^w+m+%H#E|
zH0AO7)*$8a`c{_mcztV}@_2n~n(}ykYnJkOeQTcbcztV;@_2n~mGXFfYn}3VeQT5Q
zczxR><?;H~F6Ht1)*<Eb`qnY!@%q*&<?;HqMatv#ZL5^W>)SRdkJq=(DUa8;?Nc7F
zZ#$+uUf;T;JYL^+S?BKhwp*R1*SD?#=lZs1z`4Hd9dNF1-2%?_t$V<^zU?1yu46p{
z&ULIR;9SQF0p~i_GvHjudIg;8*ueqkI@UYjT*vwZoa@-(0p~i_FW_9qjtn^0v7-ad
zb*z8DxsDwdaIRw~1f1*GNdf0Nc1pmxjty`;S+C-C?DV>SNv~rAQy#BlXQez|$IeN4
zypElh@^~E^l=65TyD;VPI(Bi&<8|!Pl*jAX<tdNXu`5#^uVYuIJYL7HO?kYIU7zxJ
z9lJ5*@j7;M%HwrxaLVI#Y-q~kb?mm3$LrV~DUa8&VJVN-vEeC?*Rc^PkJqt#QXa2k
zqf#EPW24u(yN*3jr|EU<p@4H8dnDjo$HoMl>)7J~=Q=hv;9SSX1)R^*o(?$IxA6hz
z`ZgipT;C=Joa@^Q0q6SmQoy;sy%KP)Z?6TM>)WJ&bA5X=;9TF{4mj7h$pPp3_Fllb
zzD)@@*SDzw=lb?xz`4Fn3pm%e=>g~Z_Nn9k`ZlBPU)=RAUdLvpJYL6Ur957jW~V$}
zXXd0lUT3~ZdAx4SO?kX-%u9K^Zp=@4ylyN=dAvR>OnJOMEJ}I2J}gdoygn>RdAvR>
zO?kXNEK7O3J}ggpygsa0=kEHjvQE?M!>WLDeOMiEt`BPh&UIjIz<Ipa2As!xy{+q>
z{yXQ{>fstU`0P)>dAw%>&f~o_;5^<N1f0ivS-^Q*Hx4+D>!tzcaosH7Jg%DuoX2&G
zfb+O+6>uKctpm>Ex=p}&TyGL^9@p&x&f~g+<Nk5ovF=~o<2pXS)G6ih@xDdM<Kum+
zl*i9own=&Xyrpx><Mm<tl*i9oc1(HvyroOZ<Mm{hl*jAIZYhtSw{%T;{Jdq)l*jAO
z-YJjQpKd9S*PrewkJq35QyxEW>5=kyU8+iXye<_|9<NJ1Qy#BNy;2^pO9!VsUYB~O
zJYJXjq&!}i4qxZ)y40^u)9cca0q44ObilbT^$$3ow;UI6u2&}noX=ZM3OLuXQv%L)
zY(T)dj-4KGu44lO&UNgpfO8!?C*WMi&I>r7w+ssS|6}hi;I5_~|ADW&H@X|7yQRCk
zySq!Iq`SL8L_|bdN(4k2L_|cSMWkCw;J<SZd+vSiIY&hOet*B;>(8^-?zZ>N&bG7N
z&&}Nj<XbO{gM90QagcBQFb?vqKgL164Zt|aw?P;O`8EXOAm4^!9OT<@jDvg|iE)r`
zqa!?azKspdLGx`q;xNZ1A`WwGGU71DrXmh=Y&zmFmu4akb7?l>Fqh^c4s&Tf;xLyM
zA`WwDG2$?nmLd*wX&K@$f0iQ-^JfL(Fn?Ae4)bRf;xK<!BM$Rt4dO6=*2Q>a&TI%N
znlqa)4svEQ#zD?(#W={B?HC6+vjgKGXLe#7<jii2gPhreagZ~6F%EKOKgL1M9K<-t
znZp<dIdc@_AZLzY9OTS#jDwsxfpL&CCov9k<`l+3&YZ?L$eA-32RU;N;~-})U>xMk
zC5(fdxr}j;Ggl%!cFtT4%|UbKI^r;AZXynI<~HImXYL{nbLKwc@OjZg#9{tCLLBDL
z6U1TuJVPAj&vV3K&b&k%<_4WH`u%^H8!X~5H+aNhZitA(+>jB6xuGHsb3>2u$lNeP
zispumagZA>#zAhx!8pi`co+w{kpSZ$HxgkS<VF&VgWO1lagZA+Fb;Af6~;ksq`^4I
zjdU0Xxsd_mAU85%9OOo3jDy_BigAz|*)a}sBPYf|Zsf)|$c?-h2f2|S;~+N*VjSc~
zVT^;^D1vd28^t0#c5aji%|Uac6yospR~f`%o|Hoz=1B#_VV+b%9Og+C#Nq3&YKX&}
zsew4mnOca$oT-C2%$a(K!<=b=IDDSd2yvJ{O%R9AbDALzpXand9KQZ)g*eQyHi*L<
zYlk?@u?~pC9P5NQ%&{(r!yM~|ILxsgh{M-ky<$8v-};0U&9{CS2l>_?;~?J#U>xMz
zAdG{28-j6=Z$mK-@@+WALB5T|ILNor7zg<_7ULk_#$z1h+eD0me4C7MkZ)5l4)Sd}
z#zDT##5l;e*%$};HW%X{-{xZ+<l91wgM3?zagc9IF%I%=8OA}rEyp;>w-pf{JKt7@
z=Aiku3UQcks}YC!wgz#SZ|e|;`L+RZm~Wd9hxxV{ahPvg5r_G<9dVd%I}nHYwi9uf
zZ@UqP`L+jfm~VR#hxxW2ahPuh5r_G97;%_yM-hklb_{WtZ^sdb`E~+vm~ST$@2Y}l
zhNlpR`F0v{m~UrdJTl+Tg%r)V3m6Cab_wGk-!5Yu<l7aDgM7P+agcA<F%I(WCdNU&
z-Nrb`x4Rez`F0=UAm1Kh9OT<0jDvi8f^m><&oB=1?K#FlzP-da$TvC@IL5J$3&=MX
z;~?L7jDvg=F%I%g#yH3~72_b^bc}<1GcgYG&5rQc`R0b^p!pUDahPxM5Qq7e0CAXa
zi4ceRmIQH_Z^;mc`IZ84m~W{NhxwKUahPxE5Qq7e0dbgb84-v1mKkxFZ&?wC`Ia4V
zm~S}|hxwKpahPv;5r_GfA90v(1rdk&Rv2-ZZ$%J?`Bn^Zm~SNzhxt}2#v}8sOh{wj
zkHGgc%V8YkTLp}Re5-_UkZ)Bm4)U!U#zDT-z&OaaS{MiURtMuC-|Ar;<XZ!bgM4d*
zagc9KFb?vq8OA}rwZJ&Yw^kSj`PK&GAm7?y9OPREjDvjZgmI8>T`&&vtsBNczV*O3
z$hTe?2l>_q;~?MqMR@Fd>mQnf=Gy?oVZIGQ9Ol~)#9_V-MI7eaaKvH0jYJ&g+i1jL
zzKum3=G%D0VZKd79Om0(#9_WoMI7eabi`r4%|smL+ib*PzRg7(=G%P4A8X(db|K<0
z-xebd^KB{OFyEFT4)bj};xOM<AP)0wCE_sOR>gQ^zO4=^nr~|`4)Sds#zDSqz&Oaa
zO&ACHwi)9f-?m~L<lA<PgM8b8agc92F%I%=H^xD}?ZG(6x4jq#`L-Y9Am0vR9OT<!
zjDvhTigA!{$1o1^?Ks9kzMa50$hVUi2l;ji;~?KoV;tn$8H|H`JBM+QZx<pwcD`K-
z%|Y|+GU71bt{@Kc?JD9h->xGL^X(?$FyC$?4)g6U;xOOtBM$TJA>uIK9w83%?Fr&A
z-<}~3^X)m}FyCGx4)cx996bLI+8^c{i#W_T9&wm&BH}RLWW-^<sffdT(-DXHW+D#r
z%|;yNn~ONiw>U8#nQ!qzisoAajDvhjgmI8>NiYubEg8l^zNNr8$hTA&2l<u;;~?MC
zVI1UJ28@Gz%ZPE1Z<#R;@+~XILB3_jILNo07zg>58{;6~@?sq1TYij#d@G1?kZ*-C
z4)U!C#zDRn!#K#d5*P>hRtn=F-^ySd<XgE25AI*^d+8NIbI^RNggDH%Du}~;tA;qt
zw;G7Ue5-{x%(ps-!+fiUILx;Oh{JqqggDH%CWym)Ylb+?w-$)Qd~1a`%(pg(!+dLp
zILx;Wh{JsAggDH%E{MZ?>xMYYw;qVYeCvfc%(p&>!+h(9ILx>Hh{Jpv5aW^gHYlWM
zz74@R$hV;w2l+M};~?KgVjSe#XpDn=8;fy}Z{slz@@*o<LB37KILNoD7zg<_9pfP1
zW?~%V+iZ-3e4C4LkZ<!b4)Sdw#zDR<#yH5gr5FeKwhZGS-<D$><l732gM3?wagcAT
zFb?u<HO4`{t-&~-#DD&eal!Wu5gz2B=)3<4AT%d352cWAMm(7c%5Ozn4wc`IxDxUm
zh^ryriMST>-H1<R!Fu-~u7}F+McfGae#Fg?A4J>=`C-KEkRL_d3HdR^-H;zgJb9?y
zP9W}u%AZ6$PRLIoK0VY9rxA}EDt`v?A))f;5RVrse*y9MA-{xpf{<TE+zaj3l^6&A
zXBJ!?oiJ1$9JAQDSIOU=tD(}dy|VAuF<!;@n;5U^`)!O@^ZhQytNVT*<28JLi1C`f
zKf-uA-=AQ-mhaCnUfcKQ7*FNje_vv}j$fY65^A<s*9Fw|oyB-P-+7GJ_g%zz1K(wg
zPw`#FcthWHj5qS##CT)hZHzbZ-NkrQ-{WAsneXv1-rV;D5f1;aF-;|kINxkP+=9p7
z#J(qrC?9wd-;-cGsqe`!p3L_Y7*FndDvYP_Jxzqi&f9dMIcVNyKpf_6M#N#>W=0(5
zZC1o#-eyM}=50>IVczCO9Oi9a#9`j%M;zvDLBwI+7DgQAZ4ty_-WEd~=4}bYVcwQP
z9Oi8q#9`i+LmcL91;k<ARze)+Z56~}-c~~#=4}ncVcyn49OiAE7!S^8kgN4Visotq
zjDuWlgmI9oO)w5}wHd}iuC~B9$kkRD2f5k?;~-btVI1UY2aJPU?SyfVt6eY-a<v=A
zL9X_|ILOsr7zer92jd`D`(Yg9YJZG_TpfUMkgJ0*4svw}#zC$Q#W={-;TQ+GIuhd`
zS4U$U<mXt7gZvziagd)AF%I%`GR8rEPQ^IL&*>2!J3nWJ=AijG8*!MQa}kI6IUjMD
zp9>L(`MDTzn4e1#hxxe-ahRXW5r_G?0&$q1D-nnJxe9TZpQ{mv`MCyhn4jwqhxxey
zahRW*5Qq7>8F84OTM>u(xgBwspF0qT`MDEun4h~5hxxe&ahRWbV>~iH_lFeC&x05T
z`FR-QAU}^{9OUOQjD!3<j&YEmCom53^CZSWexAZO$j{Rl2l;sh;~+oJVI1V=1&o9I
zyo7O(pO-NX^79JDL4IDvILOcI7zg=z6XPI1Z(|(f=Ut40{Jf8Gke?4R4)XI6#zB5Q
z!8pjzXBY?h`5faQKVM=T<R_gKeO&<Zlf^j5Pd>t9=cgE&gXX7<ILuEKahRVv;xIo=
z#9@Bgh{ODJ5r_F12XUC6@eqgknE-K^pNSBM`I!W9n4ifIhxwTTahRW}5Qq7h26335
z=@5tcnE`Q_pBWK{`I#AUn4eh@hxwTuahRVu5r_Gi8*!MQd1E{>Kl6ta&Ch}u2l-hT
z;~+naU>xLUF^q%!EP-*5pQSJk^0N%aL4KCQILOZm7zg=T3F9C?t6&`DXElt2{H%d-
zke{_M4)U`O#zB78!#K##1{eqV*$CqxKbv42<YzOCgZylPagd*_Fb?vw4aPx!w!=8c
z&kh&|`Pm8MAV0fc9OP#=jD!5_fpL(Zy&^nze)b8?LG!a8;xIq^BM$R(0OBw|2O$pg
za|q%vKZha?^K&@jFh55k4)b#~;xIqQA`bI&JmN4vCn65>b28#EKc^xN^K&}lFh6G^
z4)b$1;xIqwA`bI&KH@Mx7a|Vxb1~vDKbIm7^K%*EFh7^acw~OA2q~JMD=`l8a}~xx
zey+wi$j>zx2l=@U;~+mbU>xM<CX9pp+>CLMpIb2w@^d@JL4NMQILObP7zg>e8{;59
z_h204=U$A1{M?Umke>%J4)XIb#zB4_#W={%V;Bedc^u;)KTlvB<mX9@gZw;&agd*<
zF%I(c48}ozp2IlE&kGm_`FRQBAU`ihc#xkdefM7hgyw+!49@>i{`OyuC@=e;BY^)%
za8-fNdBH6xA9z~-JPH0HJsH816Z{&X{_6z4LGYUdzeVudQ4ZSy{vW985$zD^Hwk{5
z;CBf=EA-zMBXb6>7yOT2@E1NV&=(T?KB0c_zjAT)JS3EVMDQmBe@5`<1b<0zIvajF
zS%UKf7YQyCTqU?paFgIR!CivKA$UB3Cm?ttf^Ud8?%@6o|G#7^{~ix|cwU7)jc=fj
z_H@31KH4+*2Ks2v=o{#xJ+p71kM^v-fj-)^`v&@G&*>ZJqdm88ppW*vzJWg4^ZN$+
zXfNm+=%c-`Z=jF%BEEq>+Kc%H`e-lV8|b6Gly9Jq_A<VKKHAIq2Ks2P;2Y?py^?RB
zkM=6Qfj-)+`3CxEui+c$qrH}IppW)CzJWg4>-h%yXm8*f=%c-nZ=jF%Ccc3_+MD?X
z`e<+A8|b6Gm2aSj4st&Df2>LT`xoeg91c90Z=jF%6uyBz+Ee)k`e;w%8|b4woo}Fz
z_6)v(KH4+-2Ks2v>>KE#J*#h^kM``ofj-)E`Ud)F&+QxNqdl*0ppW+azJWg43;G87
zXfNy==%c-eZ=jF%V!nYs+DrHb`e-lZ8|b6GjBlWi_Hw>~KH4kz2Ks2P<QwRty^3$3
zkM?T5fj-)6_y+oDujL!)qrHxAppW)?zJWg48~6tLXm8{j=%c-fZ=eSb{=X;hKR>h*
zf_o7Bi*%ddaR?rt;28;?h~RMvo}A#B2%eVU=?I>l;28*>nBXZ1o|@oE37&@F2??Hr
z;4Z;Eg2y9x0)i(acnX52B6yonlB4J0y|}^I8T-6#ODNxt;O|7O7yLh5nX;(%jbhgy
zct?VFCU{qZcPDsHg7+qPUxL3!@b?KmFv{WowXvwd^JBL|;6n*Mg5aYGK91lM2|k73
z(+NI{;ByJSfZ&S>{vpAa6Z{i`uOj&81Ybw+jRfCJ@NER&LGWD!-$U?y1V2ddBUl$H
zc)dV42jF=qQt<ojs2^*DJ8wnmIM$6<|Np3&|0oFa1lDg*@b_t3AP%>u72@#vg*J%8
z>lfM~4zFM6fH=H<p%dcp`h_lt!|NBiAr7x!=z%!AexVoQ@cM;5h{Nj_`XLUlU+9lG
zynbN-;_&)~L5Rca7lt4XkMB^#;q?o{5r@|=j6@t>zc3ncc>Tgy#NqV|;}M6~FHA%n
zUcWFIad`d0RK!mZ&cg;ZaObT-og|b$Mex(}@%5a=mWS_0`QHqR+Rngd5_~qn=MsEA
z!50#IF~OG-d>O%)6MO~1R}y>`!B-P}4Z+tDd;`HZ5qvYjw-S6i!FLdRC&70Ud=J6*
z#&VaEsPmZf5coxc{}So`my=;W2j}O0SU=(i34S=%_JH@!;JxK2!H*IAIKfX4{3O9o
z5&Sg4&k+0^!7mW}62UJ+N80lW!LJhPxlZt#1iwx2y9B>a@P`C{MDQmBe@1Y4wj_^f
zAA|Ze^8EBqsMzNxEN}TQB7)}?zeSW!9#h_+u0?u8{nxE<o=2{Cw;tgU_1s8;_nQR2
zMes3%`fn4;-ywJr6Tdxo3FYq*{C=cIw9n```1&72mXBzkhXntf;ExFYnBY$ceudDU
zPYLCp5&RE=KPUJLg1;pAFv51`B^*a8DZc%uMV_}2?O%XU&vZh0I<o$V<DSgGua}7|
zAF*CG(j)5O2+k8+Ao$S8?T@JcaAbQ%xJal+BDhR&CDLQ|*P_$~xc0FqgWxv7J%Yz0
zctV0FA$W3vr^32OrA->KUoq_|Qt6^Rj{n&1&yM(%`sK^y{+pcOeNMlbsPvKLeF!`Q
z!QUZxMuKN1cou?ZC3rT1XD4_Lg6AZ7E`sMFcwU0%BY1v-7bJKgf=B0baJ&i=$`>Jc
zQGypEcyWT4Ao#S%`+LNBRf<r)G{MUdyez?E<wnGM%Mr?#CwK*dS0s2Pf>$PZ6@phK
zcr}7oCwNVQ*CKdrg4ZE<J%ZOKcmskrBzPl&Hzs%!f;T02GlDlKcngBJBzP-=w<dTS
zg104jJA$_-cn5-aBzPx+cP4ljf_Ei&H-dL3cn^a2BzP}^_aS&+g7+hM^z;89hu<TV
z?@#de2|keEg9$!_;2#itD8Yvjd^o{J5PT%TM-hB9!N(GO9KpvEd;-BI5qvVirx5%z
z!sFdkLiuR~pHA=@1fNOp*#w_M@OcEEPw)i<Ur6vp1Yb<>B?Mne@DB;TjNl&;d^y2a
z5d0H@uO#@V1Ybq)Erj!GHKF_(g0Cg`I)bk!_(p<%LGaB4-$L-M1m8yR?F9dl;5!KZ
z6~T8Bd>6sLCiotLe?#!S1m8#S{RBTi@Ph<DMDW7|KSJ=M1pk)c#|Zu%!M`W?34;GX
z@RJ1pk>IBYewyGv6Z{Op&l3C`!Os)?0>Lj5{1U-`A^2s2Um^H!1iwn~YXrYe@EZib
zN$^_)zfJHv1iwr0dj!8v@CO8cNbuhY{+QrT2>z7d&j|hp!Cw&kCBdm=5$|6`yiTVH
z&Jdg>I7e`v;3B~#g3AO~2(A%aC%8dyli(J?ZGyW5k3;Zy1dmVfgal7S@Wcd9Lhz&n
zPe$<M1W!Tmlmt&r@H7NZOYn3APfzd+1kXtDOa#wN@T>&SPVgKA&q?rH1kX+IJOs~6
z@O%W%Pw;{SFGTQn30{QY#Ry)U;3WuNir}RQUWVZ12ws8U6$xI6;FSqph2T{QUX9?@
z30{NXH3?pe;I#=}m*DjX-hkkZ2;P|BO$pwd;4KN>ir}pY-j?9)3Eq+5oeAEB;9Uvc
zjo{r0-h<%12;Q6EeF)x<;Qa|cfZziOK8WCh2|k42LkT{d;3Eh=lHj8WK8E092|kYC
z69_($;FAbGnc!0hK9%6p2|k11GYLM6;Ij!nhv0JwKA+$V3BHKnO9;M{;L8a95y6)e
zd<DT*68uwwe@5`t1Ybk&wFF;B@bv`WK=6$O-$d}u1m8;V?F8RJ@UIBIli<4uzMJ4*
z6MPTBzajWug6|{veu5t$_#uKHCioG8A0_y=1V2Xb?+AXJ;NKJc1i^nG_>TntiQqpI
z{0za*68s#&&lCJ2!7mZ~GQoc(_!WX*CHQrM-yrx+g5M(eZGzt+_+5hEBlvxSKOp!+
zg8xqNM+ARN@FxU+N^sA38S@9eUmAQq`;1WjIl*5L{3XGu<S%3XBG*e3oFO<zaDm_=
z!6kwxBD9Z8D6bM+Be+g*gWx8?ZGyW5_Xr+`;Bg5apWq1yo`~Q{2%ePS$q1gD;3)~7
zir}dUo`&FQ37(GN=?R{J;28;?iQt(Do`vAq2%eqbIS8JU;JFB%hv4}Lo}b_a2wsrj
zg$e#H!HW{S7{N;ryd=R(5xg|P%MiRQ!OIc6Ji#jxyb{4H6TAw+s}j5#!D|q_Cc$eH
zye`2j5OTggp?noW`38jY4GG?e;Ef4hld#?<QRV%wEQkJR{};YucdY+AC#?TCFGP9l
zQX&O9*1yt9_B(}A{T_^Il<wael<8mlZu*^#=}f<b<A0ml3oQ}Hzm_E)6`x8#C8QEj
ziK!%1QYsmhoJv8Zq*76-sWentDjk)c%0RtCWu!7unW-%PT4aAcS*dJ(pPkA<<)m^^
zxv4x<UMe4zpDI8VqzX}msduR&R8guJRh%k8m842hrKvJhS*jdW-e10gzkG#Qdnm@5
zioLhwsfzxVsIR(8{&;1o3RRV==GR@_AFDytq-s&MsXA0$s$OVs>r)M=hEyY}G1Y`>
z>Ps`KIn{z{NwuO{Q*EfWR6D9Y)q(0rb)q^`U8t^9H>x|;gX&53qIy$({95}`{iye-
z{?z-_0BRsLh#E`{p+2C7Qp2d>)Cg)MHHsQdjiJU;<EZh}1ZpBRiJDAJp{7#PsOi)U
zfBBizENV72hnh>xqvlf!sD;!bYB9BhT1tILEu%i7mQx>7E2vMXmDH!yD(W+8HT5~Q
zhFVLlqt;U!sEyPn>I-T!wT0SBZKJkRUs5}$uc)2WE^0URHMNKOhT2Q*qxMq=sDsoY
z>M(VLI!b*@9izUZj#J-LC#WB&lhlvYDe5QcH1#uehB`}~qs~(osEgDk>KE!V^(%FS
z`i;6uU8Am3H>jJ`E$TLPhq_DMqwZ4=sE5?=)FbLK^@Ms#J){1ho>MQVm;Tr9X_}!~
znxlDIpha4uWm=(CTBCK^piSDMZQ7w-+N0ypap`z;d^!Q0kWNG=rjyV~>11?rIt87Q
zPDQ7t)6i+@baZ+;1N{!2k<LVCrnAsl>1=d%ItQJT&PC^@^U!(ed~|-g09}wSL>H#t
zrHjx->0)$ox&&R4E=8B7%g|-%a&&pR0$q`=L|3M(&{gSbbalE0U6Zaw*QV>xb?JI^
zeYyeNkZwdb_Qzn?gl<YVqnpz$=$3RVx;5Q~ZcDeL+tVHBj&vuwGu?&mN_V5X(>>^(
zbT7I$-G}Z=_oLsV`_u2!1L%SDAbK!8g#LgYN)Mxl(<A7S^eB2XJ%%1jkE6%a6X=Qb
zBziJEg`P@Jqo>m|=$Z5^dNw_Wo=eZ8=hF-5h4dnNF};LdN`FW%qd%gT(;w3-=uhaC
z^r!SH`ZIbp{W-mcUQ4f|*V7y5jr1n^3wkrXh2BbUqqoyv(mUv{=$-T~dN=(wy@&pW
z-b?SJ_tOXHgY+T#FnxqRN`Ffqqran%)8Er4=pX2l^pEr@`X~A{{WE=rK1-jY&(jy^
zi}WS>7y2^&D}9CjjlN1>qp#C9=$rH{`Zj%szDwVu@6!+HhxG6CBl<D@gnmjtqyM0v
z(=X_kevr`&!>|m;@QlESjKs){!l;bK=#0UbjK$cD!?=vc#9`tx@tF8b0wy7oh)K*O
zVUjY*nB+_fCMA=KNzJ5T(lY6o^h^fk9VR1_iOI}lVd~RanQTmUCI^#~$;ISm@-TUs
zd`y0(08@}D#1v-UWr{FGnPN<FrUX-xDaDj#$}nY_a!h%q0#lKx#8hUgFjbjqOm(J)
z-_?xiYB9B$tbU4t4$O(}K*?Y}7}jCxGWD4HOarE2$Qv<@nI=qArdg~~psuV`>?I>>
z36D2tS}-k{R!nQA4bzrs$FyfUFddmrOlN<(4b#Q%yZU`MraRMv>G`Vb!Ssq5@5%J`
zyFN@`rXTYj)1P@iX3hX+pg%r{861)!4D3FLnGfo3!whAHF~gY=%t&UGKLytS=Ya9i
zp)!H@^rzrfv|+|DWBo3;g-hUW$1&rX3Cu)hlHVSanJM6Byr`+nG-f(8gPF<93QYs6
zOU-8HFmsuC%zS2nuM7Qt5wn<C!YpMzWR@`>G0T~cnH9_@%u41{W)<@pvzqywS;MSl
z*7+sZGaHzV%qHdwW;3&e*~)BVwliNcJD9JSoy;y~H}f^Khxvxt%j{$JGY6Q1%pvA5
zbA&m{e9IhTzGIFv-!mteADENOkIX6NC+0NsGjoPH%ba7*GZ&bP%q8X*<}&jubA|bh
zxyoE)t}{27o6IfdHgku$%iLq`GY^=D%<s%2<}vexdCELv{$QRnFPN7M#nLRpvMk5)
ztiV>FL{?&DR$*0EV|CVGP1a&<)?r=NW8<)K*?4SxHUXQEO~fW<ldwtIWNdOa1)Gvh
z#inM{uxZ(JY<e~W`wp9t&BSJAv#?p&Y;1Nm2b+`4#pY)7uzA^hY<{)?TaYcp7G~dN
zi?Bu6Vr+4?1Y43V#g=Bvuw~hDY<ac<Tam5AR%WZPRoQB6b+!guldZ+pX6vwZ*?Me!
zwgKCaZNxTao3KsUW^8k|1>2Hs#kOYKux;6PY<so?+mY?Wc4oV<UD<AIceV%HlkLU!
zX8W*x*?#PMY=8EBb^tq&9mEc1hp->8L)l^MaCQVck{!j4X2-B&*>UW6b^<$*oy1ON
zr?BBOXDU0DoyJaQXRtHbS?p|f4m+2f$IfRLunXBm>|%BayOjNqUB-UIE@wYxSFoS3
zE7?!kRqSW%YW8z>4ZD_I$F65Lup8M;>=*22b_=_e-NtTbzhrl?U$HycUF>f5YjzL&
z4ZD}!$L?njum{;g>|yo@dzAf_J;r{=9%sL2Pq06*C)pp_Q|wRdY4&IK411P6$DU^|
zuou}&>@VzP_E+`_`x|?ey~bW=Z?HGnTkLK24ttlq$KGcjun*ba*+=YS_6hrxea8O5
zK4)LBFa0NWG{<l($8kI-a3UvhGN*7Vr*S%Ga3*JQHs^3I=W%hkxLiCgK9_(?$R*+u
zb4j?QTrw^>mx4>lrQ%X^X}GjpIxanzfqRF`$YtU(b6L2oTsAH{mxIg6<>GR4dAPh>
zJ}$ri(|85Af?Of4F!wH3ge%Gw<BD@7xRP8ct~6JME6bJR%5xRCid-eGGFOGG%2ng4
zb2Ye{TrI9PSBI<1)#K`O4Y-C}Bd#&m1pLsRpK49HaMz4$&b8oLa;>=5TpO+}*N$t?
zb>KR3ow&|i7p^PUjqA?!;CgbsxZYeJt}oY*dynhSz0VEc26BVA!Q2q;18yicj2q64
z;6`$zxY2&yV?yhxL{;*i*HIKm9oPk9W4T}~@E{qX!`rdkIIaydo}0i;<R)>GxhdRK
zZW=e8o8fmexmnz7ZVoq>o5#)P7WlUy<L3Eu!5&8bE#&@A7t|0eJI`N3V6lgbxNuj&
ze}1@_Q~YQ0OE{BS%7GRL_B|MW$SvbO;+AsD{T_55``rre6K*B<DYuIIEHn-5uXd}W
zN`CH7ui@5m>$vqCT-OF}Be#kBg4-Oc)q|Ga!l9i)ZRNJU+O};m^>63C<aTgh#Z3Rz
zE&R`x+sW<XcE4tuzUKD$d-IKdjzo5g{Noc$gVtEhtqzr_^y-Z5$$%}#z5arGw3plK
z&xc15e@jvO{1W?Lvvq&oKH$6tTN&JfdkTC!4-5{W1_sX2Kd<+H<J<!ruKSp9&x7~F
zgB;og_u9Wd49*KU1Z{hWJLI1);1#+|9SUtxPv$Up_>IyfsP$0PnFu_vU<eHCAxIu_
z=RePSqb&fXVb;RBNoNUcTX6fP=gE;+XS@F#(9g$kZIpkHgX<64;!W#+eR+5<hV{pO
zTnW}0JzVrE8H4*+<gzeH0|7&L4-D#nXY5ffcpdsrhu?C?V%7B>cif-;o;wkt2e_l$
z5B~H~e|QwR&p<uOoea&bPY0O*xAaHu6!#N%n){hM!=2^Mg=z(Jz%zpLn64>T(|_&u
zXC2s@qy90DE(4A_uwWQHpEMm^6PSi)P_P7;y5Mj5#n76A%m8{Rv?Ubv3wPPy|6n;V
z2mbvUb1q)te)Gq##_T_skK2E+PVoNJH7?vuVO4*dn)>%*uoPH-^!@_}e_-ig7;OFP
zhPeH|9%|nkuUZ+@c)=eJAAca=4{S>?JQ*4T7Mc}vbCbKp-43<Qov1mu{RcI|Ee7XE
zOeGN`xc!Gq1bY$;U$^J6mkLS;tr$$h76r#Yy#HVuz<vhX0_MQ|N6&$XP4`DZt#DcV
z@o&n3=dh7~usmENT<3rO{0Do1?*CnXpTqZmu#NY)`=Mj>fP46A|HE5;fcu?$6mtY0
zb5HznSm&SZ{}i@99X|7~#VjAL7qoip?F-r*)=p7R{rS&AWx!HE!EG=WwqPvw^5Ojs
z#y~mn_eW^&Ve5nG=iH0XJ@F++@idP+{tWo|o%n}4|KYxaXYxU(`eWfgn10|W1X~vj
zgVqg(fxm9}`to4y;QWW@AiNiV1Y-FE{!3GMFF1f4f1Vfod2sEZ2H47A`p=F(C>j21
z%87hr2hI-I0!{zJ`yXsM*j}(b@cu9HGJlj){2uJT%4@vt@1wz+eoF-T7i_)7+p&&5
ztm*apAFMH`C-xAu9auXk6}t<zI2gvB`_HCM`g>QOc0&6N&jOG{F7Nq5QE~XVd_4dB
zkIzqGgRO<@OTb6om#@9r>OVXFvCD%gaLmIUINM<BhmAZ2w}w0)KL^)>z(8%Wmw@#r
zj5*GUB3cM+DR|6G%qQ_RDW8l_&Zmee36{j&|AB-3!$0<cxv{t4-=6}>lF~n)VV8<e
z^(xuGy2101a95K#z@_G42TM1_Jfl1B?+bZvK&@}~2i6adMtDo!yj7xW2-gMnKTXX3
zr{&Z7`w#Xm`uKx)wkRqc4?9o-><8(Xrsp&8aLeCpZ=*}sr>FSue@<aRn?`o;@R3ts
zJ}d`bJ-{(|i`zc*J_qh~U^&od<iTgepbzIxrqI3wM*_B8<`~NoGnO@GEL+T2xTWD(
z_E&R)J<Y-A<a6=4`8<4HJ|CZ-FW^tZ4&3u|@&$SDTIi&|_h1;V4W5DUwouIR3m%;g
zaD`*+-I%c=F=Itz#v<zh<HcUhp{U4q1mm$=7S0bJg`hN$VBh}vFucG2bgVdEBIcNs
z<V*T{St_)r;b(XUxC>lK|Llja>_A)8r*Y>`c%NfGDueR{E(Nz0wrqVGtgU2d-Eb_p
zjVuM$Md}XtTLo(lmIT9|{<%<+$88@hbs%()D9xAQ%kt&;@_YrpB43HG%va&7^40k2
zd=0)PUyHBJ*Wv5(_4xXH1HK{Oh;Pg{;hXZ!_~v{Iz9rv^Z_T&i+w$%B_Iw9F%R5Ho
zd8g2LXTA&HmG8!P=X>xy`Cfc)z7OA*@5jH#_vhc|2k-;=LHuBT2>$^;lpn?q=ST1(
z`BD66ehfdBAIFd9C-4*bN&IAf3O|*f#!u&G@H6>Y{(XBkKZl>o&*SI+pY9g$3;9L=
ztGdPf|E-R6pZK5i@MAAXx7gbe`%xC1AG`G5n+mV<->Lu4>U-1u3D@=a_U-R16<+7R
z(;k0k8={v1TLRy~jC`zs<G5!ZI0JQr_bqx2!F2GdIdTY>gttrhrTmBdGX5ieIsY-g
zg8zhH$$!eP;y>e8^Plr;__h2xem%c|-^g#`zu-6XTllT~Hhw$*CBK9Jir>la;&=03
z^LzMj_`Uo-em{SJKgb{A5A#R(qx`r0G5$OLIR8C=g8zX($^Xco;(y{#^FQ-v__O>u
z{ycwyzsO(Wf8j6lzw%f3-}tNiHU2t(gTKk&;&1bJ_`Cc){yzVJf5`vNKMFmbJm#P9
zPx)v3AN=#s^q4<+TnyUa?eJ|2ylsKEE%1M<1;A_8*Ke^D^$g?nOMnvK)hqn_Yvupj
zrQjps3m$aQ>yCW%di~=cSQ@;}I?26^cx@8Y5nVTa8Z7@Z^nOCHTzH6IBDR9%!%M^-
zi(N8uD%dypiaqvH;i<?a{*&XQ{qHhHz7hue1YXZZc2K~a*d2Jk2p-YkyHDVKGx+Hp
z?)7PS?<gwr-R@vKaz6Y<0K6T;1yf*aM>CW#nt5IQ|4y5|?landXDzUn$h{BF5ikd|
z`M<HAaegh~b^IGO{#$i~w<<jL&*~1|4GYd<(1vh4SOb^}49*$rzt7e)^vN?Q6MPm0
z&OF??_D{AC)E{0ROrd|_`Ty=%u%^FLYp^UB;@afet2B&!P4aig-)#H9k%LDRY#Yd=
zH(UOnl!oU~>|~^<lm2^m;Qc#r8@q#N8@vT`f^WP8L$C)uUz=~Z_6JJ_e=wJW+aRCe
zG$<3S4Sw$?_&yKNp3GGL9pB(PJ8%d~hsT4p{O5*2n;qq7fe~1N6L>)oL_rc{K@q_5
zQUxtE{3pk*K7E1Hg<xHVU<#IC3y$Clo)AZfE5s9C5}v2v+COM*I1Jtwj~s&54YxcP
zi<}F`!O}3laG!qu^}P*0s>6E*c&-zC!h?T*`>)siW+g9#vNlLtFoZ4sl1HDr1#S3d
zYao}7ytf7I5FBqXga*F#1O9@wH^qLw2g|^9;f_CfD_%b*eB}+iuf`V=2nmHmLSny5
zA|w@(32^PfZE_)nkWxq`q!!W$X@zt`dLe`Gj*wBvBxDw{2w8<}LUtjCkW<Jd<QDP>
zd4+sJexZO+P$(o67Ty(#2t|crLUEylP*Nx*lorYeWrcD=`OrEl2o;4&LbxU1Sg_t;
z2+!iC+z|ha4mx1r@uU8{$S!CD@cBi!gP&|2ef1evP&-9c7ODtUg=#`|p@vXXs3p`E
z>Iij(dP04nfzVKBBs3P92u+1%LUW;o&{Ak6v=-V3ZH0D1d!d8SQRpOe7P<&sg>FK3
zp@+~@=q2<P`Uri6e!_b~f8l*$fG|)PBn%dY2p<STg<-;QVT3SJ7$uAr#t37Dal&|E
zf-q5-Buo~j2vdb=!gOJVFjJT%%ogSdbA@@rd|`pGP*@}^7M2K0g%5>g!bie#;bUQi
z@QJWe_*7UWd?u_GJ{Q&qYlU^fdSQdGQP?DWA#4`52wR11!gk?HVTbUQuv6G2>=wQj
z_6Xkydxd?%e&K*{P&gzU7LEu<g>Qvp!gs=P;d|kP@Plwt_)$0|{3M(feiqIMXN7aZ
zdEtU^QMe@hB3u@J6|M-s30H+{!gb+>a8tM?+!pQ#cZGYxec^%dQ21SVBs><L2v3D)
z!XLtO;f3&0phQ|^L{<b}J`qGwltfunL{-#8U4+LH9_8Q`X4hE85W&?|f&TMh4`!Ty
zO+rt`^w&Bjl#o3cOSDBtbVW~$BgPfuiSfk*VnQ*Im{?3ACKZ#3$;A|6N->p~T1+FR
z71N37#SG#*Vn#8Om|4ssW)-uE*~J`UPBE95Tg)To74wPt#R6hMv5;6;d{-<Y78Q$$
z#l;e0NwJhzS}Y@$70Zd`#R_6Yv65I>tRhwwtBKXc8e&bcmRMV?Bi0q`iS@+>VneZ!
z*jQ{LHWizR&BYdCOR<&MT5Kb>72ApJ#SUUev6I+Y>>_p*yNTV!9%4_im)KkEBlZ>h
ziSLR1#rMSl;y`hbI9MDaejpANhl#_*5#mU3lsH-(BaRiviQ~ly;zV(hI9Z$`P8Fw#
z)5RI$OmUVtTbv`#73Ycb#RcL*agn%KTp}(NKNOdVABoGwkHr<@C*n%+Q*o8}nYdc~
zTwEir71xRD#SP*{ag+FkxLMpHZWXtQ+r=-%9pYEwPH~sGTl`wwBYq?9759nz#RK9&
z@sM~}JR%+yzZH*(--*Y?@5K}158_GjNAZ;SlXzPESv(`270-$1#S7v^@sjw9cv<{a
zydwT4UKOv2*Toy+P4Sj^Tf8IQ74M1n#RuX;@pti&_*i@*J{6yde~8b;7vf8il4yyM
zSc#K(NsvTIl4MDdR7sO`$&gIRl5EM5T*;H-NO7fjQhX_alu$|}C6<y%Nu^{`aw&zB
zQc5MImeNQdHPTAyr1Vk-=^ZI!XgZUWS;``1m9k0Mr5sXDDVLO6$|L2K@=5un0#ZS#
zkW^TDS1KYEm5NElr4mv}sgzV&DkGJZ%1Py=3Q|R>l2lo$B2|^Dh3cy=)sSjRwWQio
zozQe$sh(6{Y9KX~8cB_%CcZWG`(}RM-0xdREu~gcYpIRYR%$1;mpVutrA|_3sf*NA
z>LzuUdPqH`UQ%zVkJMM{C%q^2m)@5KNCTxo(qL(bzdS{KAPtp<NyDWP(nx8PG+G)X
zjg`hp<E07GL}`*VS(+kEm8MD4r5VypX_hownj_7X=1KFV1=2!kk+fJ^A}y6Zl$J>!
zNz0{=r4`aA(n{%5X_fSuv|9RHS|hEM)=BH74bnz`ZJVSoq|MS6X{)qN+Ae)5?U25b
zc1pXX-O|_69)JEf(q3twv|l<P9h449hovLZQR!RhnDm`=JhZLfODCisq?6K*(kXxX
zC+W2Gvvfu}E1i?hOBbYz(k1B^>9X{zbVd42x+-0hu1hyU%iWZ2Nw@v6JJMb0o^)S&
zAU%|RmmW!veS0E3m7c|Pf4mx_gy+%=>7_);V>sIHVJB0J%*ve1`?tX`c*j7HMOl*l
zDOr(KS(A0ykWIOwe=QN{EZO$wIkM~DR`aiZmnqL5iz8?Aui%F@#FfE&YVqXwasp6G
ztgeDT1<NIjn)gidf2JVls6=vNIf<N9juC%OGC8>nj&lk*rJPDmEvJ#w%IW0vat8Sw
zIis9O&Maq<v&z}z>~an{r<_a9E$5N*%K7B{asj!Zzhoh~u>7uEL@p{9lZ(qG<dSkJ
zxwKqHE*q*9e1j==S5A&S{rV}eb>u&g`ry$$NPqZ952nDCil7U|U@7p}0mj1556E?c
zIpyUFaz(k4T#2eISCOmw!)kJMxrSU*t|ix&>&SKGdUAcaf$t6FM*eLDs<GTeZYnpE
zoBLChs1|Zdxs^ZG+V9)=eOte8C%2b7$Q|XHR42K!+(qsxcayuzJ>;HpFS)ne$1l-W
z?kB$|_m|(72gu;6Gtdo`2g!rwA@T?Q{0gCOs}7Z?u*2lx@(6jPJW3udkCDg9<K*%3
z1bL!7NuDfEk*CVj<mvJZd8Rx|o-NOj=gRZs`SJpJp}a_5EH9Cl${)(h<d5X#^2hQD
z`4f4i{HeT3{!Csie=e_)*UIZ;_#WwcdBdx*7yL$l{lU8u{(aWpzAyZKvs}ghJqOrr
zk++7*fO2q4BX2<&_-cGxOer}1X1CkrFXbKbSAHEk{eIU!star<soO2@mcN$wygClw
z$b0?iee!<)7A~<{HvHePs6c^ofq-!^1&6!k1M)%nkbL;neBejqqkf5R<zu0e!IEHk
zxZHQIe7AhuANyWDA^+eHPs%^ar(VtZDWbMuebM`{TRtuSET8d9o|VtV)CjljynI2v
zC|{C)kuS@?%2(vy<g4;E`MP{VzA4|5Z_9T=<?qV(<oogi`Jw!~{78N*Karolst0cC
zZuyz~N6ePMt&iS{=l&8w=@;@#e~MCQg;7|AQ^2<HilB&!6dI4+5|L9utwEcH>qO^-
z%gBnNsEYQgZs@vVD5hd5!8V0UqhrzMBuHV<M|<S7t=LL14QdR=!LSPDC~nN$$T^je
z@4KO|$^Tmt+;3xVAKZS_piE)IbAluC*N5R{-()OE5_Fl!HOHO{jt=NxR>5KTctMT5
z#J@N7=Z`hGx%hSCO5)8^;wW*IcuIUFfs#;3q$F07C`pxMN^&KIl2S>fq*l@>X_a(J
zdL@JMj*?Nyq-0jIC|Q+kN_HiOl2gg0<W}-1d6j%hex-m?P${GoR^C;LC`FZGN^zxx
zQc@|Ulvc_pWtDPDd8L9<QK_U<R;nmfm1;_LrG`>dsio9b>L_)UdP;qzfznWEq%>BV
zC{2}SN^_-!(o$)qv{u?EZIyOPd!>WYQR$>~R=Ox%m2OIRrH9f}>812m`Y3&se#(1F
zf8~8;fHF`SqzqPuC?6<8m0`+oWrQ+P8KsO?#wcTzamsjQf-+H=q)b+(C{vYb%5-Ih
zGE<qQ%vR<obCr3@d}V<WeA4s!A-?_J>OX0L@H2qewN&vR{bCEqOVpyv{F~D-Hx?=j
zl|_D6;ng#mAQj*cy{$xr69t|7Z%U9}(Zj#Dj)kvMkhFA=l5jq*o#C9=<zm-{&I8-N
z_%&;;64j!(_KmDLay<6>(W&UNu<o$JvG8=Tk6{17IJzysVIOXz;ISzf!a3nbns7;2
zYveRK4r>Y51?mac1-2-*#I7OS2Ep?e-0<~jNG<{I0pTqQuRpxaVGEDpmWZ4iewGKe
z7(Szhw~@~cgXeAGM|~)8I+%;w=kOBvvH#XHuD9#?-`N8Av*O=Z@QCy8*ZObOh`Z;I
z46HM_$AMw&smM8SZtQK0yjP<&K?#-!*A?VKh0tp=uw~(T!dnp37c3t+4A%vh1a(Bt
zj~oYOm&AHS8M$;Y9^P-TEZmCl7%Ua86-<Yxf@LG+uZ&065?&^94qSK8E}+bAd8zWD
zvg|LtA`X^*vmsnd>}7(zjIIA<D!jiRDa-vM1gFC_hUY^Irg0^qg&&LHV`zB#&&J@R
z@t>6l<^@~u`XN{%vJ|W#{P-Cj3+jH8A$axpCgpKu|9K6#TL0(lWB)nU3gr`JrShq=
zO8HD#t$ePmQPwK!l=aF6Wuvl5`9j&OY*Dr<+m!9fm&y+1D`ls$OWCb_t?W_0QT8hP
zl>N#9<)Cs%IjkH}jw;_O$CU4s<I4BS3FQanr1GP3O8H4St^BN<QO+vol=I33<)U&)
z`9-;`{Hk10ep9Y0*OcqZ4dteCOS!GwQSK`Dl>5p9<)QMs@<@5CJW-x1&y+uu=gJG^
zr9!E+%BZZ$sk|zvqAIDfs;H`}sk&;YrfR9S>Zq>jsd3b}YCJW*nm|pcCQ=itNz|lj
zGBvrHLQScrQd6sG)U;|kHNBcaeMilxW>Pb&S=6j*HZ{ANL(Qq?Qgf?$)VyjwHNRRw
zEvOb!3#;#{Mbx5dF}1i_LM^G5QcJ64)Us+hwY*wEt*BN~E2~x1s%ka0x>`f6sn$|!
zt98`6YCW~S+CXinHc}g_P1L4pGqt(eLT#zGQd_HS)V69nwY}Ow?WlHAJF8vPu4*^6
zyV^tTsrFKPt9{hIYCrWowZHnlIzSz$4pIlJL(~t{q3SSoxH>`|sg6=dt7Fu$>Ns`0
z8hIW~P$#OB)X6IR)L@D_HR4A=g3ne&9*j*>r>is6nd&TcwmL_htIkvBs|(bH>LPWq
zx<p;7eyA=}KT?;gAFC_WPt=v_r|K&8Gj+B4xw=MOtFBYms~gmf>L&FIb+f;YEfMS4
z8X6CO1L40j7W-YIZR($2D+_*w;7z*NwS%eHOaJ$$gU^Nj?hu><;1fCcsa!A>d`cIb
zE5Q(cLm1o!<-suenNm<%_J4&oJRTkcpC$%VV2qFYR4<qZhTyD*)6r`gL;OxSdX&hr
zU48S8qJm|<{2NOL%l<cqJ0k9vvD@M+b*H*Z-K~DD?oq!{_p1BU{ptbrpn6C>tR7L1
zs^6-|)bG^e>i6mi^#}E&`lEVE{YgEo{;Zx+&#LFt^XdilqIyaFMZK*4s$NllQ?IJm
z)a&XE^`?4Dy{+C+@2dCI`|1Prq58Y}NPVn6QJ<>M)IZec>I?OyN@=vlXspI*ye4R(
zCTX&!XsV`Zx@KsmW@)zOXs+gIakRKvJT1PKKuf44(h_S)w4_=xExDFLOR1&OQfq0n
zv|2hXy_P|HN6V;X(lTpVw5(b-ExVRO%c<qka%*|Cyjngjzg9pis1?!*Ywv1Bw4z!u
zt+-Y~E2)*zN^51bvRXN<yjDT0s8!M`YgM$WS~ab@Rzs_))zWHfb+o!#J*~dhKx?Qq
z(i&?`w5D1!t-01hYpJ!;T5D~zwpu%_z1BhNsCCjhYhARiS~sn`)<f&5_0oE4eYCz>
zKkYrOzxKX1KpUtH(gtfov=6kQ+AwXnHbNVzjnYPIW3;i_IBmQ(L7S*e(k5$Dw5i%O
zZMqiw$o;h`(peTPJwuxr>b9%1wAtDmZLT&C=|LUQK3`j)E%dwX>KuQm*qtek<9aY-
zxkcI{ZLu~hrd#5dUaEblE%Rlz_K`mYK4+cnkHc<x%-F};3hfhZrS_?|O8ZP(t$nVo
z(bj6~wDsBsZKJkH`$F5SZPB)B+qCW4m)Z`0xv#XH+AeLk_O-Srrk2^-H`-oppSE8+
zpdHi>X@|8V+EMLW?U?qRc3k^DqFk^A<l%`>Y0zpvXeYHFwNu(p+G*`)ZGJ>8XJW?B
zYUi}`+6C>Rc1in1yR7}HUD1Biu4>n`>)H+Nrglrat=-Y?YWKAJ+5_#OzufQIBki&F
zM0=_|i>YO{_J{Udd!fDbqmR}Zoz*#=*9BeFC0*7PoxHWd997qJT{rxaW~j8K+q$E>
z`b_@_czPT?Zg3e>tm6<Y{cj8@DxMx+PoO8%6X}WdBzjUknVwuvp{LYS>8bTJdRjf5
zo?g$OzoTc=GwGT2EP7Two1R_Iq36_d>ACehdR{%Bo?kDZ7t{;sh4pv!B6?B1m|k2j
zp_kN4>815DdRe`kUS6-DSJW%%mGvrmRlS;CU9X|n)NARr^*VZ8y`ElQZ=g5S8|jVp
zCVEr7nciG)p|{jq>8<rPdRx7n-d^vZcho!So%JqySG}9wUGJgy^joKw-b?ST_tE?6
z{q*<r{`&j+0DYi7NFS^Z(Ld0K{)J=k=dDP(f4-@MGZXjs=WCy>4bz9~BlMB_D1Ed(
zMjxw>)5q%*^ojZ;eX>49pQ=yOr|UEHnffe!wmwIntIyNt>kIUS`XYU?zQk{zrTT~Z
zGW{ccx&E=fLjOcxseh`k(m&Hz>!0gu^tJjreZ9Ux->7fWztA`9TlB5^HhsJPrM^S|
zO5dsP(s%1$>wENX^u78%eZPJ{kG@j-pnga{tRK;j>fh?e^zZcJ`uF+?{RjP|{-b_M
z|4Bcs|E!<U&+6y&^ZEt-qJByLMZc{7s$bE6)355+^y~T!{ic3PzpdZV@9OvT`}za@
zq5ix6NPnz9@sI6O{h9uU{#<{dztky%HW-67ID<C?Lo_5qHWWiOG($HG!!#_zHXOq>
zJR^<~*NA7tHxd{LjYLLbBZ-mJNM<BAQWz<XR7Pqejgi(!XQVeW81EPvjZ8*nBa4yM
z$Yx|Wau_*{Tt;pqkCE5NXXG~u7zK?&Mq%S!qli(|C}tElN*E=LQbuW`j8WDoXOuT8
z7!{35MrEUlQPrqsR5xlEHH}(EZKIA+*QjUIHyRiXjYdXeqlwYfXl67wS{N;jRz_>1
zjnUR<XS6pu7#)pHMrWgo(bec?bT@h!J&j&QZ=;XV*XU=wXY@DTHwG93jX}m>V~FvA
zG1M4l3^zs?BaKnUXk&~q));4uHzpVpjY-C2V~R1=m}X2jW*9S#S;lN*jxpDmXUsPi
z7z>R>#$scMvDEm`SY~`=EH^$jRv4ccD~(T$RmNw=YU6Wbjj`5PXRJ3i7#odE#uvtB
zV~erX*k)`uzBG0iUl}`%UB+(XYh#b`jj`9*XY4l)7zd3*#$n@#an$(MIA(lj95=o<
zP8dHJCygJCQ^rrmY2#<(jB(aDXPh@K7#EF8#xKTY<5%N~@tbkgxMo~8ZWuR>TgGkU
zj&awxXWTa)7!Qr#jYq~~<B9RqcxL=zJU3n#FAd71O~zzR&g4zO6ivyLO~q7AKRivt
zG)>F2O~-Ui&x~WnHRGA_%>-sbGm)9tOkyTAlbOlQ6lO{@m6_U1W2QCJnd!|8<~wFa
zGn1Lw%wlFWvzgh=9A-{4mzmqlW9BvUnfc8EW<j%%S=fBnEMgWli<!mE5@t!Wlv&y=
zW0p0`ndQw2W<|4-S=p>&RyC`c)y*1aO|zC++pJ^OHS3x6%?4&evys`@Y+^Pwo0-kc
z7G_JcmD$>CW41NhneELEW=FG=+1c!3b~U@1-OV0mPqUZV+w5cZHT#*b%ZIn~-?qTp
z7WmJ#K;*kN{}bbXeb2yi_P5>J7Wn_A1>m#kH+>%d&&s3E;A6kP_|K=JuYV)eSo768
zccl4&ldjK0_XIERnf=Z8%>m{>bC5aM9AbW84mF3F!_5)qNOP1q+8kq!HOHCb%?aj2
zbCNmPoMKKjr<v2u8RkrLmO0y;W6m|_ne)vB=0bCkx!7D{E;T<imzf`#%T4eb3Gh4e
za>RAG;de^G`;#A=E6h*KmFB1BD)TdQwfVWZ#$0QzGuN9N%#G$I^9yscxy9USZZo%=
zUz$72ugsn1E_1i}wYkRxH3jYPzhMZ!%O3j{Y-8j#hS5hM{GY)7%2@P&Cj<XwEGzYm
zx!2rh?l%vZ2hBs~Ve^Q2)cn>wW`1WLH@`Pem_L{&%^%HE=1=Bn^JnvndDc8<o;NR;
z7tKrNFXm<QSM!Sbn|al|W?naMm^aN^=56zidDpyW-ZvkZ56$1rN9JSmiTTugX8vJ5
zH(!`9P0FGz#$qkb;w`}vEy<EC#ZoQJ(k;U>Ez7bk$8s&tietsK;#u*n1Xe;Tk(Jm=
zVkNbbS;?&wR!S?CmD);UrM1#o>8%XbJ61-k29wFkWM#IpSXr%XR((3VmBY$u<+5^H
zd91uvJ}bXfz$$1JvI<-8T1Bj)Rxzu%Rl+K1m9k1(WvsGRIjg)?!K!FgvMO6utg2Qu
ztGZRgs%h1-YFl-zx>h}_zSY2LXf?7LTTQH{Rx_)))xv6NwX#}UZLGFdJFC6b!3rOx
zj#ejss<YpBvASB_tnOBih`Hf%e>T?B>Sgt|`dEGa{pn}DXZ81okzMe+7vWDs0*Ng3
zXX8g>t~?H&!vw!x9r=15d;>=H|08DP-=Ed`Z_W!oQ;1wQ7zbPaZ?1<_7g*1qb>NEe
z=xqb{TU@?ImJ6pDc`S09U>1P?{s8m<w*JWSZ!#Xf-Wy(h1lIK?%fsJb3D**g9mW3k
z5NL&_+~5EGQrL=c9slWb09=_LT#X-G3lE3zcab6!Iy?@35&F-Lf9&=>fc;M=xaGsg
zB>MBp@SMLt792G&4E8!0MxMEF9Igk=8?Y=Wf!luIK`Xs(J7fQ{5d01v_+4M{n<1}T
z_TQKfo*{sHCcGLSjD>53Q$WBTy~!V_1O9$NxVFeKc&>p~hvx`*)))Lok?8eAE(hkl
zZaVhzk)`49s7DG#y>AV$23mux!PXG#18b-?%o=Wuutr*=tkKpOYpgZS8gEUoCR&rM
z$<`EWsx{4;Zq2Y}TC=R#)*NfDHP4!FEwC0^i>$@g5^JgTp|#BV$bW=hZhdU6us*R?
zTAy00tk0~~*5}q5Ypu1;T5o~pB*EVXYooQv`oh|5ZLzjm+pO)@m(~vJD{H5<%i3*y
zZSAqXvG!W~to_yj>!5YWI&2-Wj#}SZ$E@$H<JR}q3F`;zr1hh9%KFJVZT)PWvCdlO
ztn=0d>!NkZ`o+3z{c2sYezUGx*R1Q-4eO?L%ermdvF=*;tozmj>!J0#^~ic`J+Yoz
z&#XVJ=hh4BrA67a&DgBX*^#aF_s8M=D}3A3Kl1Pqm~{UM+K0FOA7c3%-P`5xt@gHE
z-nI+A1@QXze0ke0_!hwH+w<jZyWm>@uW!$nx9x&&0ldCFU*5J0z6J35_I&xj-7fg8
zC+pkejc=Ra^>p-b(Hs4DqG0L&{QnRN*5v>E-`np0;}-CL{_kz~|8Wb*{-vC%t=YP5
z*rx4&XlmQGW4pFz$Fbwu@$C3^0z09d$WCl0v6I@#?BsR|JEfh<PHm^L)7t6m^mYdO
z9Xq3)$<AzNv9sFQ?Cf?9JExt?&TZ$h^V<3B{B{Ampk2r=Y`<$4v5VTp?BaF_yQE#p
zE^U{w%i87a@^%HgqFu?ZY*(?X+STmpb`86xUCXX**Rku`_3Zj~1G}N!$Zl*mv76e>
z?B;e0e|uWmt?brz8@sLD&TemaushnF?9O%<yQ|&J?r!(6d)mG1-gY0muiejn&+c!(
zZx65s+Jo%D_7M96d#F9k9&V4YN7|$8(e@a7tUb;iZ%?o%+LP?b_7r=nJ<XnO&#-6O
zv+UXS9DA-k&z^5Duov2k?8WvHd#U}Qz0Cf|Uhc2sV|#`DiM`VP)LvzOX0P_Q>T`RI
zz1Ci5ueUeY8|_W@7xrd*i@nv}W^cE@w0GEF**ooB_HKVKzP9(+-`IQYefEC)fPK(D
zWFNMV*hlSe?PK<L_Hp}r`-J_2ebWBXK4t%8pSFLt&)8@EeLiQOw=dWi?MwDA_GSB5
z`-=UWebv5ZU$<}AH|<;YZTpUW*S=@pw;$LK?ceQ3_G9~r{nUPD|6xD3U)V2g%Ap;`
zVI9ul9l;SD$&nq!Q60_E9m6pl%K_i?vHe>oH0C;<6UT|`#B<_137mvZA}6u$N&G%(
zXnry$d1yFWOW~w+QaP!eG)`J4os-_l;Jo8xbTT=aoh(jPC!3Sq$>HR5ayhx3JWgIG
zpOfDy;1qNUIfb2fogz+Ar<haRDdCiKN;##SGEP~ioKxPZ;8b)fIrHtxP8FxBQ_ZRF
z)bP8SPA#XlQ^%?6)N|@P4V+|7L#L6`*lFT4b(%TgF|N7O!fENWa#}lWoVHFoe;e96
z9h{Di?R0WFJ6)WvPB*8!)5GcM^m2MTeVo4jHudwj>OH5w^S(2{8R$4pc6*RB*csyV
z@sG?0&QO0Vhxyw%+!^7F^xI^VGuj#BjCIEOtux-4;7oKTIg_0!{?<-)rukbu-QU_7
z&P->PGuxTtZ|z(ssWZ>t=9cz+f4dj>+r7|P<ScfUI7|JlPw0H;@4+&EA3ky{d%5$m
zv%>krS?PT0ta3hcRy&_NYeM@KJbwSv;aX>%v)<X@Y;-m`Ul42F>}+wiI@_G>5hcEK
zb~s--JDpw5Zs%)fkMoVQ*V*UncMdoQokPxH=ZJIE`PMn+eCHf@zIRSIKR74-rGIoz
zIX^k4ouB>jGk$;8Ip^P=cP{w17oAJaFV1D>SLcfJn{(B<=3IAfI5(YJ&TZ$8bJw}&
z+;<*051rqgN6usCiSyKX=KSG2cV0Lz9m=I$#${d3<z2xQUCEVQ#Z_I+)m_6iUCXsy
z$8}xLjpN33<GJzO1a3k%k(<~};wE*IxyjuWZb~<mo7zp|rghV~>D>(OJ8nidlbhMi
z;%0TTx!K(uZcaCso7>If=5_PA`P~9;LAQ`w*nQV6;udv_xy9WQZb`S4TiPw-mUYXy
z<=qNyMYocBgnM20x}#Xxt>RX7tGU(P8g5OumRsAc<JNWSx%J%!ZbP?`+t_X5Hg%i1
z&D|DmOShHV+HK>ub=$e^-41R?x0Bo1?c#QIySd%n9&S&!m)qOz<Mws?x$n9C-S^!A
zz72E-xr5yy?g#ErcbGfe9pR32N4cZjG45D*oIBo~;7)WWxs%-~?o@Z0JKde(&U9zF
zv)wuFTz8&3-(BD?bQigc-6if)_d|D?`;oic{n%aMe&VilKXq5RpSi2u&)qfdT6dkh
z-reACbT_$QxSQQA?pAl3yWRcL-Qj-a?sRv#yWOwdJ?=N|UU#3n-#y?SbPu_Q-6QT%
z_gnXv`<;8-{oXy{{@|W;e{@f|Ke?yfpWQR=S@)cK-o4=O+eP=1`-^+o{nfqV{^nkF
zuesOV8}3c_mV4X1<KA`ex%b@%?nC!?_mTV9ed0cKpSgdy&)pa9OPBI!kMUTK^LS72
zL{IW$Pw`Yw^K{SfOwaOc&+%N(^Wu1My?9=HFM*fPOXMZ?l6XnIWL|PFg_qJx<)!x0
zcxk<KUV1Ns_l}p*%j9MDvUpj&Y+iORhnLgK<>mJBczL~iUVg8DSI{fu753isig-o6
zVqS5tgjdol<(2lzcxAnEUU{#ASJA8FRracQRlRCnb+3k3)2rpx_Ud?by?S1KuYuRl
zYveWdns`mUW?plzh1b$+<+b+Ocx}CQUVE>D*U{_bb@sY=UA=Bzcdv)n)9dB+_WF2z
zy?)+%UVra>Z-6(@8{`f4hIk)%L%m_%aBqY+(i`QC_QrT)y>Z@nZ-O_`o8(RQrg&4m
zY2I{ihBwoj<<0iycyqmZ-h6L?x6oVUE%ugpOT7=hW!^{La_?hrh4+cK()-j~<$dO@
z_CEL4cx%0N-g<9?x6#|=@v(k8GWhOL<nRk`v$w_D>TUaf>|F<ZRK?eQyR*9_BtSNs
z*IOWTHjt$^DS-f?1VZRNKxm<c1PHzNu5<wr$$|(-6Qdx4(ve=JNpB(|Vi&$MyDq6T
zLI3KPyx+NVX6DY!ojdd9y?reKTLL}_*c$L@z_x(x0iOkY9<U=|XTYw2-2r<7_6F<=
z*dOpkz=42+0fzz(2OJ4F8gMM&c)*E(lL4m!P6vD$a3<hvz`20)0T%+k3b+_>Dd2Lz
zm4K@O*8;8w+z7ZCa4X<;z}EqH0=@~j8}Mzwy@2lm?gxAy@F3uafFA?sp7~S2&jG&#
z{2K6E!0!PM10Dr1tbsMMgf+2d*1~3Ey;yHHJL|*xvN_nCY%bQ1wX*)KjSXN~mScHV
zU`1A9WmaKTR%3NGkj>5JVT0JbY(6$WTYxRd7GevtMOZr<%%)ul==+f`_g9oH#)hyC
zwm4gYEy<Q*OS5IzvTQlFJnQzd`#(KBSyo^xvahj~*vf1bwkjLSR%5HDu`%saN1m?^
zyF;26#@1kKvbC^<v$feeY+be<8^P9R8?cdVLpF+S#5QJ|uua)!EPW5PIopD5`N!6Z
zrCV#Z4citiwqv8&_G|~XBOAkZVmq^4*sg3hHkR$q_F#Lmz1ZGtA2tqpec5<6f$jI$
z#{TR8Hj!O!8i<rZ>|k~XJCq&94rfQOBiT{xXm$)cmL12AXD6@|*-7kVb_zR{oyJaQ
zXRtHb*V#ANS?p|f4m+2f$IfRLuy3*p*+uMP_APb^`!>6jeTQAfCb3R-IlF>=mtD!e
z$F5>mvuoJ**|qFCc0Id+-N=5xZel-Vli82hkJ-)a7WNZ%EBh(Cjor?E#(vK3V0W^+
z*xl?Nb}ze+-Oql(9$*i$huFjH5%ws1j6KetU{A8A*wgHn>>2hfdyYNNUSPjsFS3`|
z%j^~QDtnE+&fZ{evbWgV?APoa_8ayt`z?Eq{f@oQe$PH&e_(%Pe`0@Te_?-Re`9}V
zAF_{FhBI)kd4>N(VdMyB;>?_d%f@+e-duLhhx6rfa5=eLoF8Z9{5cyJz_A?1@tnYk
zoW#kT!l|6b>0BU}o6Exmae29XTz;+qSCA{j73PX?b}pDJ$`#{6I0sjpE5ViIN^zyR
zGF(}%99N#Jz*Xd4<0^5Lxhh;$E|jarRp-LE8eC1T78lOd=IU^Dxq4g#SD$OZMRE<f
zD6SFLm}|l{<(hHLxfWbYt`*msYs0nW+Huibd#(f5k&EFvah<s?Tvx6e7t3|$dT>3t
zUR-ak4;RPv<>I*nt{>N*8^9%U1Gz!mU~ULElpDqk=SFZNxl!C`ZVWe;8^?|3CU6tE
zN!(;^3OALT#!csDa5K5rxi`33+-z<RH<z2o&F2<yZ*mK{MciWUEp7?-Hn)^}hg-%a
zaZYYIw}N|@Tgko0t>RX5Yq<BhwcI*xJ-30|$bG<V;y&b(xsSMyxy{@b?h|gSdkmOQ
zxozBb?lbOlZig#nC%22+&F$g#a{FBI{oEJa0q!7oh&$|xAK{L2$NngLoIAmt<W6y?
zxi7ghNIT1&<IZyzxUaa2+@(Ks(ykzvIl9rkpZ-1RnUg2yJgEdtf8J7Vy=Q4Z%|3T)
zt}eWkcv^4%yLl-tYlrV|q<kYK_0zhqmb+Wb_zk=(+~2i%zU`R$>>_hcHQisUe%cqG
z+&y~vBXr7GWX3Xj>{X?t{13j&+Wr5M_UHF;w}<|G`R6V9^pS`+UgiGG=Bf30t$322
zXO-~Oml8gyMEdlM|DpC_s{b^bUi)R@Dd(y$Ze?ce(x;F!OaC)z9*feKZD&e(pU0!~
zD#L5sb?ydtle@*;=Dz0caNlruxo^39+;`l4?tAV5_XGDM_Y?Os_Y3zc_Z#;+_mF$U
zF}#5{@`N|>X5PYQ<GpxqK0EKj`|>&XoO~|ckGJyvyp0dwS)Sv0Uf@Mu;$>dpRbJzD
zK9JAN=i!6+ynH@BKVN_^$QR-Z^F??&AIul!i}4}6gD=jP;7jtQ`1JnxC&lSFJnQ+|
z(tH`dEMJZ<&sX3p@~`og_{w}0zA7KeSL3VmVSEj~CSQvW=WFwI__};OK7y~$H{c`r
zhI|y?h;Pg{;hXZ!_~yK4%v<m+`Br>uz75}&Z^uXT?fDLTM?Qw{#CPVq@Ll<Cd@SFc
z@4@%vd-1*bK71VCmyhQY_<nqUegL1y599~&gZUvT^`&_e=;giZvC|X2e2vdngQvZ;
zVLQ`Mei%QTAHk30NAaWiG5lD596uhtpTJM#C-IZ{Dg0D^8b6(%!O!Gh=ilIG@w53k
z$e+v4<LC1W_&525{365`^KU^e;os($^6&7=_$1!RFXvbA@A4~={vN-IU(K)K-{;rz
z>-hEj27V*|0l$g=kWc16LjK46W_}C*3BQ&9l;4K<cK$QSf5PAMdG}RmW$f{b)SR(&
z#$OPb={zm%bAAWEli$Vf=J#Mk_VWAq{rngF0sbI=h(F99;g9mi_~ZNu{v>~jKh1y1
zpW)B)=lJvd1^z4kB7cd$%wOTJ^4Iw5{0;sle~Z7(f6d?Fzv1ul-}3kP@A&(u^?UvS
z{{#Oc{}cZ+{|o;s|Jy%g?5STCn^HD+JZ)M^?#nZG&F;}y?0UQB#p-03H%-6uX}1@v
z;UWL<rOKyo&E1z2nbtNMOUe6dSbB>xkEixLwIjvO%=I%*O)2H+mv@@^lX<C(sVSa#
zGs8QNDS3Yn%V^zSo8sve^(Ad7wNEqSR6n!ySCzK-kN*+u{!hpr>u4<ANdITH#~Yqi
z!4rDYUnHcp)BjGF^2_sNCjC#bfwDJE>9@4`FVcQmUFyL%Q>}h!bDte^k3d>$UObk*
zorkVjkv{c#;`ALuPx~peBdzy5`6=P^)cmS++^u@v#CC@-Qa3H1(la-EzVa#k{WIlL
zN>k?XXxh}2SlSj+(*K$4`TX~HYW=-_dc-q=K`;tLFbQVCB4iW11aBd`;3N17IfR@-
zF2PT*3jTsk2oP9-6L>)oL_rc{K@n6z6LcX^$Svd%f`q(6J|VwQKqx2_5(*1N1iKI{
z6cvgIA%a7Aa-WI|C4`bfDWSAbMkp(k6Uqw}go?szLM5THP(`RJgbLM!>Oz=ML#Qd#
z62gVrLLH&5P)~>u>I)5oNTHz+B{UKm3r&QkLNlSc&_ZY_v=UkiZG^T$J0V(VFLV$(
zrfWa-3|($|HJj(!O8TCDWXiau*U5@!dEn1_AVzqZ?Pbnpp1dZ~vz*Sx`Hz3${Mo+!
z9p#?fi)ZDeUPV0I{i`mu-7m7b(5D96>j(`!&k}SJ+}l!<XG>lGv-q=mLGx)_6wf-c
zKdY_G@}H-Dw~oh$?l7~uGD~~@`l)8d8t9iI{_3xvq`t<J`s*O+`AOH;Dm-8INVzNN
zxpVidFtcm1?r$2=mNNUw2L0;Ji}t^>&_(DfbQ4ndit^Z0Dcv7)`b~zkUw%1h>LJiR
z_H;?gGJg4oj#E$9Q9FGr&yJ@Z<IH@LTEo4+J-gQD)9595#+3HCx6lXiIH9j_()Bfp
z%xv+Db_)abQ^qlRzILCbb<s7mGS=??)%(}a|FpBf<0Crr9^orAIPrw^cw(>VqH9*t
zZ+JZE`%Lt{lUtu*Ja^!p6{a5b6#gvF(fo{8S)W}hb&uV9z#}v5m#3FB%zWOb*!Fj@
zv^}9cP3dh4ORMFHWuBk1Zc+O^x_?bbXOP>wDRb)LA76fPdoQznF126X>mU8rQhEzL
z)_cPA`A>?cugM)xoyss5F~?gN;sy87$K40oP6ASB*iYy$JaXLyPP@+zNcBr5rF~kS
zmh$`tafdV|b(%Y#CDVE!#fyJ6%Q#a#bI)@WrgOr*rK}Q}&0m_!;NH9ETUu#*^kOkj
zi+@#^h#8%7{HHx0C=3z?3qypV!Z6p-l76Yl-E+FCr?)<{{-@W;ivM{J{8i)bu6KBv
z(Wh395Jn24gwd%+K4q>y5A)bdXVRbVbxKK3eScN><h`CAyXc<p?sdkQ@3!$-^FQs?
z<kYd0K0b~8HT|Z2b03@OIC(aD21L)>Qrq*a{-xIaEBK%5Kefc&tLkR@Ek*a1vd($F
z{>m_!^^cyZx<`E`N!$Kk(Zj4dpXPzI{(p6`%=dfuK2Lv*J<X<nQ{EV1tT0X(FH8_7
z3X_D%!W3buFin^)%n)V@uM2MovxM2g9AU07Pna((5Z)9P3X6or!dt=;;ca25@Q$!d
zND`dFa$$w=uCP*gPgo_a7S;&w3u}dS!g^tYuu=Fx*d%-?Bnux29}Am>Ey5?lR^d}&
zo3LH@O!!=Q(*Bk9*Wi;pntr^go_i(Em_t)ipT(!w$UMHobp)idVJFVr51Mwl&fw{K
z@yL7<w_Fao;QoD{*{sN{e^2Vo{~|qouiYL@pZYTKw0jb*pL)-oN{^uKZ#lbv0ll~f
z(tdM!x3JrFX7V!jW>$8u>qzf8N(hgS80pV=QjQy*o}{&p_S#)bX05zT8odVN+1xE;
zCTZ)QtCXHAFtiUIYcqx~W7A(#HlvMMDgS>xka3Q^_!^(F4o`|_Z}sd;p0h@G{Ge$M
zu9K&%0hx_LX6t|2W80Hr?%HVW9&7$gNNe#}|2!c*#--JB$K5is9{z9B()z?b_OEgV
zq+P$=eWkx#sgFFKrPqb&9Rhk>Nbilz#y_=AYWrW6^`2uZJ*K+tbRT!zN88k`Gt9H>
zORJp~%ksdh^+4+R|71>QF`dItKUaCRmSxpOJ@BOKS|0B_>FAX)J^j0?K8$-ypPn)9
zX)9y+a>vFe&$s_}PDVfeds9;0F8nVt=JEfDdD3sR|MpD%_w?@Hy9Z@i{$KXMzh@76
zlBG{S=X+AASCfw4PeS_bzdT$1eSLd1<NT^>`S<zn-)`}%8oB4MC#}bxzg%XTPrv>`
zSH8?j{d3ZuZa?+Z%h*cGkHGtu?k)2(;FqcYdCI1JCXbGYd-Ht7$n*cG+nHt(YH#|#
z%&)Jd{dN2zUP`I|d8~idulJPNve=*Vz&>HW@P%+dI4B$v4hu(wqrx%axNt%^DV!2c
z3ttLngtNjq;k<A`_)54aToNt|SA?s=HQ~B&L%1p25^f7$3wMNXguBAG!ad<T;lA*_
z@Id%M_)+*t_*wWx_*M8#_+5A?JQ5huAR0v?nnbf`5wnS2qPLh`OgodF74yvAKiAiP
zVyWlb3;u2`kEiHc8!1=g{|@G9*&TZB<ak!8jA2^+zdttDcP_r0I@dSjofEe$KBABK
zG^^-0-m|v<KORUw7ykeB{NLZx^kerb;u*d2Dr(KDBg+F>9{4ACfSw=F4PUhTgQbo$
zOve5H&!qfyJ#}02?D{=cr`PnPXN6fF$nrpn2R!@9-~G$(?`hA|yQf_la_eNYC#5W9
z8S~xOgl3YxrV&P5Q?vZBr7iZaiFtnE{uLp0!i&|L(QTgVg#Yz0W6%Gdl>fS4v-+3f
zfy`!9O75#*w1rnu&y(u#6?2Fwc{#;gqMv9L{Y9G?AhIGSy6<$jHF!}FMNtxEQ4t@n
z(toVho^K0zLRuo_P6bU(Y30S4r>4wHs-h<9VxX8?%p(Sgc~kW#bNv@hrO*F8|6j(Z
z1^@mOx4&M*>gVs@e_iugcPu>lPx8axKiV(TV#Z#0`uF@{#yb8#r{oj!iv`4jVj;1x
zSVXjo!D3Odm>42D#NuKJv7}f^EG?E1%Zla1@?r(CqWGFvNvteZ5vz)!Vl}b47$(*b
zYl^kRaIv;nN31K>6C=d>VgoT!Y$!&Fjl{-c6S1k-Ol&T;5L=3^#MWXPv8~unj27FA
z9mI}ejMz!+EOrsQirvImvAftq>?!sVdy9R<II*u7FD8in#Qx#{F%fq$28x5k!Qv2c
zs5nd<E{+gKilfBQ;uvwPI8GcdP7o)Glf=p56mhCJO`I;y5NC?7i*Jat#M$B;ajrN|
zoG&gA-xL>$i^Rp^TjCP&ZE>mij<`%r5}o35afSG<xKeyiTqUj+*NE?nYsGcqdU1oe
zQT#yMBz`C+iyw&}i<`wQ;wR!(@l)8dP2BFfxAK`welG5Cg*(Mv;%;#d_+D|JxL^E2
zJRlwv4~d7xBjQo<n0OpHCxDaUDe<)UrFcd>E1pCAym&$UO1vmu5-*Ea#H->p@w#|J
zyeZxiZ;M}xcf@bRyW+RvJ@Gs7zWBZPK>R`cQT$2#S^P!(Rs2o-U3@4$5*f)L86_f_
zB(r3ZvPoW&x0GG-k$j~bQcfwC<R@7rf5|2VNUX$3yd+4XBuTQQNUEes45LedQf?^^
z7{dffd8K?(eyM;|P%0!9Mp_ZcE(J?PrD9Tu<UqW*R6;5#m6A$JWu&rFIjOu<L8>Ud
zCRLIuOI4(*Qm9l-sxE~|HKdwSEh${8E!C0gO7&1OLaHw{kRrhvN>NfHsj<`qyeUBc
znn}&27E(*8mDE~lgS56%J1JUfFLjVQN-<I=sk78Y>MC`UVx{g<52>frOX@B4k>aGj
zQoNKP^^^Kb1EfT0pfpGtEDe!{O2ee#(g<m!G)fvRjgiJm<D~J@1Zko)Nt!H8k)}%1
zr0LQOX{PkL^oBG`nk~(d=1TLV`O*UEO=+RDNLnntB`uNOmX=EINXw)o$tf+DR!Hwk
zE2a0ORnlr{jr6{>R$3>mmo`Wnr4OV{(uY#A^pW(jv{~9BeIjj@K9#mf+ojK>&!rvG
zPHC64TiPS-mG(*dr7xrd(n0BvbXYnf9hHtr$E6d}N$HeyTKZBtBb}AbN#~^t(pS<&
z>5_C=x*}bbu1VLW8`4ebmULVCTDl{BBi)t0mF`L3N%y7ir3cav(vQ+l($CT_(y!8Q
z((lqk>5;_92H7YR*(94~i=0jNlD*~ZvXAU5=a6&Cxnw`tD*MYeIY4G*PUdAn7G+76
zWkptHP1fZ=Ik%ig4wCcA`Q-d^0lA=DNG>cFk?nG@TvRS5hsX}OxLiUmDVLH<%Vp%U
zayhxYTtTiVzb03bE6Y{ns&c4YO|CA7$u;DfaxFPrt}WM*>&o@y2)Vx8K#r6f%29G7
zxv|_tZYnpEo69ZamU1h(wcJK-E4P!Q<@Rz1xuYB-cal5HUF5EEH#t`BF87do%Dv>?
zavwQP?kmU3335NVzdS%rln2U#<iYX~d8j;09xjiNN6Mq*(efC1tUOL0FHevs%9G^D
z@)UWhJWZZ1&yZ)zugh=9v*g+G9C@xhPo6I?kl&OS%8TU1@>}u}`E7Zr{Eoa#PLiGS
za(RXPuDnuyPhKUjme<Jd%WLIzGM&5Y<qh&i`2%^A{GpsIe<Xh_Z<e>npU7L~Pvvd$
zcKI{;b9slnQ{E--miNee<$dyg`3w1gd{90lAC`~EN9AMkaruONQa&Z0mcNwG$Y<qq
z@_G4!{FQuBz9e6kugF*BYw~sZhI~`LCEu36mhZ^l$am#$<$LmX@_qSx`GNd{{G<Gn
z{ImRv{Hy$%{JZ>6ek3!BK`|;sF)3zczid&mDPD@Vl3nppe3cwZP9>M(r&tw##ij%(
ztimb0A}FFFDYBv{s-h{^WL*hVaw~b1ASJJoPsy(oPzoxAl)_38#jXS^MU`Soh~iL+
zD<zbYN-3qZQbsAOlvBzp6_kp~YiP5QQdy~@R8>NiYD#q_OsS#NRB9>VN^PZ%Qdg;`
zL@4!@21=yTP>E6+DUFpTXtSx(OlhvPP+BUjl-5ccrLEFViB{Sx9h8nrjM7QztaMSj
zD&3S=rMuEY>8bQmdMkaDIHj)=uOy(&eoB93fRd;TR0b)7l_APdWtcKt8KI0+Mk%9}
zG0IqFoHAaSpiERIDU+2c%2c#DO_{FDP-ZHxD{m;Xl-bH0Wv(($nXfER-c%MUi<HI6
zTgnpUZDpzQj<QTiQk=?iWrgytvQl|ZS%o%ND{GYZm9@$`WxcXN*{FP=Y*Ic{l9i8?
zkCn~J7UdIVtMaL`P1&w|rhKmKP<EotUCM4{kFr<Ur|eh0P!1?`E*(@3DTkFK%2DN*
za$Gr~oK#LJuR86;uFt%zw&%CZ%hvNe<vneA!o7IH?8%!u*YkW&=FiH}F>(K;wEwIt
zT%HpD)bO<OrE*3&tDIBLD;Jcnl#9wGrG??Laz(kSTvM(qH<X*oE#<cIwQ@)KM!Bne
ztK3t*Q|>F@D-V<(T(k6_+OsUXp2q{8YZdM=_4g9f=A^`Ettm0e-0{?@&(m_2&OgBe
zncd%bHEHhNrJX5hpP!=|nLpp_F5AM8`7^=p+$@>pfxq4ZFS9SumGN1BFH`^1%6j&@
zr|n-1-XPEV`*(XF?HowCU+rco@w9rL*kAMiFJA0_5@cz+JwWGS+W!GTW1c%y?(o&m
z)gP6gl%JJflwXzKl;4$y$|HqQ4XRNks!27g7B!pdrFyH`RUg$?&7tO0bE$r+RrObG
zYJkeBoXV?$DyotytBR_snyRaTYHl@;8l>h`^QrmO0%}3EkXl$RqT1D9wWwN54N)Cx
zakYe6QZ1#HR?Dbm)pBZi)w5pF@S<t|<L?0NGiBU7UZDT4!^5+}EDvPv0nh)B`Fq1%
zCU<*p{}Fad_2v4^?fhS*{&jxw_~1z`{I7bP)ozLhDyS9J*VIZX!&FwQs8!WawVGO8
z4O45VHPu>bxLRASqt;dHsS#>@wSgL`HdLe3MrvcViP}_crZz`8S{~;a0K-&;%&a`_
z`210xVWObZ*rn~Uf|hsxxyv(57*gErGYoB?mZut#ke>2Q!85k+wx40r+Ml+4xBa-!
zgc>~kZ=t62pSGX2e8&F&VK9P>{(G_VDK-5StPWG>snynJ+?zGKhrOE6)99<I?SEg3
zr$6b#r&~s~pQZ7%d~5b+m4904^m*xRr}36*E48)SMs2IMQ=`@PY6rEW8l%$xwB;_{
zN$sq5QM;<$)L6B<+C%NB_ELMRebhL$uNto=sQuLb>HsxS9jFdc2dhKWq3SSoxH>`|
zsg6=dtM!>N>R5H0I$oWiPE;qUlhrBeRCSs<U7exMR9{!$P-m&L)j8^1b)Gt3U7)_H
zE>st(i`BQ(CF<MiQuQ5mnVO_J)#d66^<8zP`kuN<U9GNB-&fbF>(uq?26dzQfx1ck
zP)$}pQa@HVt6S7h)UE2L>Nd1Zx9#d@>gVbXb*H*Z-L39X_p1BU{puI$0rjAINIk3`
zQID#})Z^+2^`v@AJ*|GJo>4t_3C@C@Q_p6yc{H9D*3Zn{e`(rz^~JXf>R0MT*V>x7
zX_wT?>J{~>dQH8q-cWC<x76F}*XkYh8}+XGt$I)WPQ9;wuRc(JP=8c^Qh!!|QGZo`
zQ-4<<s*hAgGiXMQXeQ09S+s1Lm*%Zy*L*ZzEr;f5EvJ@C^V6)Fzh=_{G*;st=eRX^
zO-PsGDd`Ta*;BT(Ia#si@j#0A{wzzs%6Q@#>#NUXO#9!ZyqGnfUZoHJ8v8x1q}1+7
zNgt+YJc+qWc#iLGEj)ty$M&RBe@{9cgBKfzzsIis53SI7@xSe7`X@nC=C;SK7q>8_
zjwdtEzVKv?%yOtrnWekao|gCIQva(QkAMI9Vfs1ps^kA852T(Ap84dqkLI{p$}v49
zCv`bDr+IEoPo7&lwRGpdYJdJy>r3%lTJ}%1H=|vikxXlU>Jd%NJzAc5;EAUXGq&SS
z@#sA%|F25-wCf2oYsZsE!_4wuCM|W{FIzt?Pe<*a{P!eZrJhT#p4ZFt%p>#ESKoS8
zjVT`RtSbNX@Jaj7)9j{YQhMsH;mL8Dld+W){TF5F+e=+OrJc-EGtc+vrsSsXpF1~o
z9_5}gndiRx_47&V$-g`O@AgyrQT+4q%$^rdU0cc*A+p%N(F3W+^3U+Uzt3r{{QKL_
zYVlQhfR5y=sw=CWED!u!J&<-qOB?&Q_9@Hme~Smw&bJqhNt&!FnyP790e@W!)N*Ti
zw1WOYT3#)mR>(iURzNGL719c8MKrq>tQFOYX(5_J>)>BpE1{LtN@=CFGFn-!oK{}z
z;$PUmh<{iA3R*?2oAou#?q5l(tX0vfy0%cQnpRy4(`slnwOU%ZR$Hs1)z#{05n6q%
zfflJX)S|G(`Zv-VYfZGKT2cRIT63+1M*Lf9t+du!8?CL@PK(ysYaO(XT8!37>#TLr
zx@z6DSgpI(L+h#a(t2xsv^cG=7LP4K>!<bCI#~y3iP}JIkTzHwq7BuCX(jxJYa_Ig
z+9++bHbxt(jnl?!6SRriByF-bMVqQk)23@Pw3*uL+8bJkb(S_;n}cnxHV@l;ZGrZt
zwoqH7E!N)BmS}HlOSN~jWm=L}(%-2q*H&onYW@A+)mCby{om78X{)t0S{Z-V`o6YS
zTc@qpHfS5Q5426%hg!1sk@m5+S=*w0qHWba)wXHdwa>KAwH;bn|DD<{ZMU{Z+pF!<
z%KPuvzR(V62em`mVeN=^RC8E|`5)7cYbUgm+9~a{_N8`4tKffDJExu3E@<!if2Cd2
zE@_vwE811<ns!~gq21JOX}7hnwf@#S+Be!=?OW}h_MLWL`(AsX{h<A*RrEh#{Ym>-
z`$hXz`%U{@d#F9qM)@<kK{x6|H|b{GqG!`b`+Mo$dUoAM_tkUgIrUt+pKjItb(=oc
zKR{=7PUm$&7j;RObwyWo4V$h9>f`-$>v{AbJ+Gcm&#xEIyIKqCh4jLD5#6o_>qYgc
z{>AhV-JuuPOXwxBP4j=xzm#5DFQb>$%jwmuGyKcz74(|^74_G2(Z7;jS+C<?MX#!d
z>eaAS*TeK0dQH8S9<JBc>*#g$dU}LjUvHpC>J9ZMy^-EnZ=yHVo9WH<7J5s)mEKx!
zqeuF;)!XUOdV9Tt-cgUyJL#SEE_zqJn;xro*L&za^|@Lvy|>;+kJJ0=@p^*ZPw%e}
z&=d86`XK8deXu@6AF2=2hwF{}N9ZH<QTk|oj6PN$r;pbs=o9rx`ec2IK2@KlPuFMY
zGxgW?H}p!@S^8{!jy_kPr_a~t`Y+Jm)EDZD^u_vH`V#$ZeX0JAzD!Tjo%(Wph5oL-
zQh!fhrLWc(`Y-Zdqrb1O)z|6k^$q$){R4fI{-K_%f24n`FZSQ8Z_z)|x9Xqj+w|@F
zXZq**4t=M-OW&>U(f8{6^!@r5`T_l*en>y8AJLEM$Moa+3H_vgN<XbH^IzuwrG7>~
ztDn=)>lgH|^o#l>{j#3qe?`BlU(>JaH}sqOE&aCswSGtcM!&0ntKZYV)9>rw>ksrF
z^cP)gvh@FX9{6V-<^Fko`VU)Vd6~Zb?)C59UZ(H=g|ZWjS=)cv1J9bHUe>Jb|EmZ7
zm>UMh$PmWFnDLd&Y>XG<&1A=m!M;omCMT1N@nfuvKVxG87?$A}p27c7V(>jF2JZ<n
z8ly9TOl~F*6U5|Y@-g|D0!%@s5L1{b!q}N$rYKX431J*eai#=Q@`bljFI?iq+j#jB
zrT?(94E$4;DaVv&Dliq9*O*F7Wu^*Kl?i34G1XsLER3m<ZmY?>=vIpfXKLfMkh*wy
zA_9*mG+-i`hD;RG2t8=bG+~-D&6ws)3#KL0ifPTXVcIh7m}sUw(}C&8#4w$h&P*4k
zE7OgMWx6vxP=;<jnO;n9q^95c{E^QxaT)T`>e5>JK0_yMiOgfPo_Hp~RZ~Bv{|nBc
z0gv?)nSrmsnn9><Ff$~RnucbQma#{}nBmL_W+XF;8O@Ag#xmoue-&iLKQ23gnaE6H
zCO?i(VWu+ET(RlQ3}z<S>&zR>EM_({hndUFW9Bmpm^Yb)%%aC7UVabAs=?!d#gAu?
zCnbIO7PI7;Iw@t|egWN-Qj{%yJih7Y)H}>FCMi{J+Hy~dIa8HLUt?B0%L7>+$nrpz
z2eLen<$){@WO*RV16dx(@<5gcvOJLGfh-SXc_7OJSsuvpK$Zvoi5^(atjM~y`~TPj
zFM9VdOaH&*fp=f{?(u)A_gQ^;_sKW*-M94n;KqGl*9~=gGkpL<Z;J<F^CE$aiO>f-
z0vQ9@j93BUz@r}3153Ij&7r(1!;r5a4df!Ekz9f#<T9iexdNG;TxG7|5s3oiIui!n
z8;}Na6Vga-L3)wfcwB)YUqc$m9Y`bj2GWb%WxmDZ3xwRGUsxdDK^n+?NF(_kl8^_G
zUgQVnCp^@^ke?w9<QGUI`4!TO{Dy}d4CHs_A^O)B4>&L+8u4i4N27E!G@@Z$2Ur$^
zycp!gATI{#T@mk!cvr-`BHk1Fy^z)mX}yrv%N6$`2}nyoS_0A%pqB`qh_EU=XD~!V
zR%I-NfLXu_5;IsqQVm+!3>_e=p`16E5iA?=0m}yFOLBnulIlP%Lq|xfAq;id3^9;l
zsEY-&fMp{*ST?YNL<B1c=1XKSUs4mbs)o*xHKD76S-`T9++f+j3XmYM0;Co+@)^27
z7BGaPUxf@^A;Zy95ik>&g#?3HzzULLU<JXl!7tem)@Di|r5i#cDP`yeSqF8NF~maF
zMGwmxx<l4QtRfgq^CgwQe8Dy`Rlqhep@s<PR5$d5jDSuJumWJdq!ySj*=+2|)G^eD
zE%gk&AnU`H`e2ZZ4~YcxAyI~gDBai)2iXv%n}QVp^Ciu}d`T42TN?U8M#09`U`DV4
zq%BwhFkcc4=1UqO*1-@D*$A;1FkjNy&=?-+YDj==jP_%}Okft$1Iz-Jo%90B4(3Dp
zfcbzGBz?gOlBQ@W!O$PFIndvb=we>v5gx!Xkb#DQkS*ZL!C=|Ie92HSSZo|+7-MK;
z9B*i1Y-*frIA>^XY-yZnXlLwT>}u>{oM-4|j58(}>oYQ00w2g^sbQI6xN*5*lyQ||
zys<G--iHM;nP{A3++g^?Fw>Z9*kY*83^DA49EzDW)KC{Aw+FHt9`)&ly{$I0AEVI?
zkNb4PzUxa4V8;4loPEh5jI%F1?n{oKHDC15mmEX=zT_;tal-H$<XQCP6qo_bmwX9E
za~X0Lj3J*x<AUJ|WPYQGTr?Db+=<v_!!^jOhMLg6jydUzIpj-jVh+*v3X<DsuOPW)
zFp)ck+mM?KzT_@?<4d|hqdNR}AN?7KhnEI2HPQA1)L|gA3|r9?tP7Y!4B3H{Ukz6w
zcLKkoMOX?vGW-NtmB~d6#%Rc@jFk{DEB2&Z#B7X#3_~m%m=%7=MZAq&A;S^#0kguw
zTqK9F7bL#mL~?;yG4FB_t1%9;A!0T#EBuv<u*L+)#)$D?R?NHnL^Sq=Yy`;0cu3V)
z3%$~fT_6`3f{gi$RWUCLz$Ut%7a)aTNda;K9xGz}0rEHyY<vJ&9~#Bbel}7Ro^=?D
zK{iKv31cE;jJ=|9zM+#n)HvKQ!8qAi(->~7W2|SaZ|r1DG!8P3Fa}~S2cmQ!W^y1r
z9*FrKh`BrqPY)W1jd(#OlRl&`NjCOJP8g}c+$YQ7zZuARk8EOQAzVe~K&~e9AlHz^
zko(Cp$S=qW$OB|AWU{NSwPYPxPd1Q^<O8yad`LbbACoQQ6S9?jO16>D$me7S*-3Vh
z-DD4H^FqmGko(A5)UXlQ<f_Sl6azHf)_J+uR#%Dv<qYH`N*zIX1RAHw8FG$XAQ#DH
za+O>sH_2^shukIG$z1XiSxUYmzmh>@Fd0Hv6GIx9Sd$ltG&MBYOjtKejZBSAO-vS~
zH8nLeH8-^|wKPe{X=M_i-P#mnvXC~Wwx$r1!&KZ<!c@{!%2e7^##9#h7E;bs-c-R<
z(e#?BlBu$(im9q8)Ktw>-4tf3VXA4WWePXdHq|lJHPtgknChd9g_J_ArO;Xlw9y1%
zd4y$=Rt<U4rVgeUQ)g3GQ>>|nsh6pbsjn%)6mQB!`XkIm5>10lLrlX=BTSP_Q%uuL
zGfc0WW|`)g=9w0l7Md2DmY9~BmYJNU6{eM@Ri-tjwWjr^jiybeWYfo{EvBuegC-8G
zY=`|8^0{fJX}4)F{%6AhlON)T(L)RIgGEQdyvT9*$wE$|w-$2RbP6eFOs63^;2di3
zB0O*bp70_U;S22X=%0xQh+hTs!Utr%$aVO|i`+EbfV^$G2^kFBfj_)R5VY^YTP83s
zau1BA`H=fyKBNF*58y*D@}sE;<j?S<7x~rnyXle1U?yfWzIE(v_A%!$=Q3N(HZyDH
z&7xU0t7hGt+Z<%hXD(naWG-S3HWxETo7<Z^m^+$d%$>}g&0Wl0&E3qg=I-Vm=APzW
z=HBK$<~Va-bG$jh+|S(KJiwf29%vq99&8?B9%>$D9&R3C9%&wB9&H|D9*a6gnhRK>
zECno$EVY0Fmd2Lat}q_)c*`!JHgFti+khiLLGOy*AwUU$1vr2Q6d*T{2Pgs*19o|T
z0-W?-;=S4XZD0*hJbT6LWdRQ00R<=m)bwfMQ`4ss(9|clPeq?Rz)YW$K0AFr@!19J
z1h3)S#CNOjao?RToItqUcQ1I29F=m^1Zw1Hn&Whiy}-d7XI<fi9QAS*&-q2pbvak&
zoChq)>60ro*QQ)`fk>bU&=RPUYh$iHx#EEMT<dZT2S(&tk8nN0J_u(*=S^S<kOZs*
zrlU+gzoLFjup!tOjL8se4z>hm3-${34$dCz6YLwDBRFSpu3*1lYp{Q?EjS>U4d#OR
zU?ErxmV)JAC0GsCg7x6Q;M~D^f`fwd2ImVd5F8wQ*6&-}J==G-`?l|G4{T=qKih18
zH{b*00IWcHpdwHSs0@Sxb&?MG9rioochv8g-*LYaekc7-`JMLr((jDlIluFM7yQ2R
zyXbex@3P+&zpH-N{I2`m@Vn`E%kQ?|*M4{WzVW;3_pRSOzwi9+`+e{C!0!jYAN_vv
z``Paozu)~H`aSZi%Iw60#MPNFW-5+@=^x<DV{E`Q#N)e-@#t;?W2DijwldQH%%b8y
zurxF_HnufJ8)J;!jDysL#vaBo>SALbV{c<$W4v*IainpjK~bk0XW%%Jj~KLQ$WW~E
zL~9Qj$^;QJSP+<lWCL@MU0Bh*wd;`8q2Z%-gscvY9AH6U4w4JZ0ak!m!3ux{6B}4C
z@i#Dp)ohUd1_R;23^-~96H$wS3}Zrw3>HEP8ZAWC3PILD?Yh<pvL=pFxwX!awGa!^
zx<J-Ki}}EUz`RHSFfTA11;OaKYf(}JtSFAhAtYGq3V9HA7t`)S)&U$^tcwMa5@10{
zbC6PC4xE1mkuq9$$kLjLl*3!jCZst?1*Fm3VDcJRFsX;~m9-v_^<Ym`uxwyKq#9Td
z&Qfty)_OulAXXEMra4GBm;)@B)By{|Q5xm72aw0ngZf}zq%OP^snvt53ok{18At<Y
zG}d}UHb9+C!Ls2TA{%M0#kp7zX$clYTEN=YT1&`=Xs0dG95|cEMxwR8kWtX+00uon
zHWH(?glq?N)}kTXYdCwyTh`fd){%|GYVnYbpxXm12+ToxfjPi}NguFaoU!C3eYFJ0
z#_(_gSO{1!=?@l6y1?#4tt(_VgBKa3#X>g0xx)~xA7m5MISecaXTl5_q4kGsivEoP
zGk|%KF<>~R!isTV=rwdFfCZ6eh)vQ4KsJNM6fiHG(PSgjv_!}jIFp{C4TNj~-Pgg;
zU)Vhh%t5*U@zC#&vzbI7n)$>y485-kttHqCg224VQZR3_9hNN9E<tXGbxtq_%$uwL
zqq&5v1S8}v%}7?^y>KHjqPJ@_{Kx}i$XYN4%$uwS^9CbiBN#1VA)8Qw{#pwn$(Z{=
zVBX|oFmEtIwtx|`7j19VZb9xv+uOhxFmLi1m^T<9JHQC}5N+?m+vP^gcyF=?Gu|64
zi0lIk!Wm!?`9kaEV&3E+m^V3wIuC2#Lmoq&N5L2{Z*m-r<`QxejFA1P^EBQ?H<Gu|
zt25dX$hXj|b6^aZH@N`j4MxaCF!aq3L@t8`VJ-xbtC$Ovd6Vm4-ee8R-_+iRT!Zqr
z!5A=aatDm&5^@)efCZ6zU_lsJhTO-<GGIaE0T@m5CO?9CgAwvG7$Lvn9rj1sTAY!t
zB>@C)s1O5y_t_B|5QZWQ#W|@Bd<HZOx)<_|c)J~i!41R&ZXjmxP+|cOCE4_i(BBAc
zKWJG2KWJEiSxEQOXCcRm_usLu;T?E}*uV`W0Ng-WeG_yxK_d`3xq(2W<^}>$b8cV`
z@&olb(8#S9M1CH;A<vK?a0AH;ZXo%<LrH${P*OlohJG@%L!jjVLZIOQLXhhK<{>{s
zp9c*G-lAtnalA>-kP_eqQWD%iN`Z%x(%_+_jJ_56TcKSAT2+B6(5MP5MtT)}F><Qn
z4SR-!;w^iIR0GG_50154-vON+&}e`h%CTmFH9#JX84$x-g;r=R6tPg8ZwDZ34y`Ci
ztY?s+q^Z6K8hen}4mr_4JLE+J?T{M{tU!J{eFZe4@wPrg+T)FVhI9ZokdENEJ_8;~
zI)R6h&iY!|vJuz>Bm-N49l#!d(ZhgbjC~l8jL{DRk}>{aKr&`P7?6xP5C$Y;7K8!G
zm<M41exD%p2C@S_fG>~($O+^E0$oVPc!mMV7|}2w8Dkm-Bx6*=fMkqo7?6yS4Fi%f
zwqdUEEr_rXP#7oz*nwc6C{PS&=Rz_(5e6i~7hym$yb%T@!yjQlGCUFnB*Q0RKr*}%
z1|*X%2)hE^fLNeA&;#fR^a9or3t%F>!Fxl0Eum@2_!Soh(0C~Mz@-<8*bHdDkA2BR
z)<QBUF_!cJgC7{oY$g=H0z*kW^y5+2CZumdsnrNqBiw|#b|R04$=IJ55~q(ReX&0<
z(4RmOz{1E@jP+KG@m7p2#se_n7atv2FUaW#LlLKWUXb&kaR_^Wi5!MxNI!id>90RT
z9S>2*L)5VY8at4`54rT$Aw%BBuSy#bfOsg<sSd4c88pArmqGU;Btr)3Q^_EG3G}Y&
z%dr}bA?=vKuzxW6wg;B(fei-`9zeJU<$pjP4U@4yF=T)~nIvKsGti$#hJb~U4Y-CH
zK#YMT&@V8MDM5-dDO>SC&sHkXv*l)TqlB4MX6Qy^l`*9~dLc|nrW8|}DdTz_tq9|v
z=QW1Dl-JO8m9rRL<BDdAfmdVR2ReZFa>)c{y5W7iTo!?NBol>~!y4gyvo2&kTtiub
zYb40aeaL*+e8hazTm#pCnlZ1Fw}>?lz3N-Wb=9{V?4U7+>$Sh?fhCyYh?Q`qm2&Y?
z481N)U+trk>XwGJR8n5nm0Q-8QWia+DKx!z?r<iY>En{&OdP@{OyAs1n0O$ZNpQ(<
zreAJ?bgCK7^oLF}W<c&{Od=4@40OqGW>D_IxrgK)ntNF8)Hh@MG5wgXF5v3sA0f>j
zfQ?GZN9PWKB_){YxyzE7z#G6J;23ZOAbH9XFTe)~0`dVx@_4qQc|2Q1q*nvNfLg$7
zOj#0*upUqmyb{n6JO+pZ`U3rc{=h(B5HJ!L1&js80dE7#ffc|?U@$NQm;uZL)&c8*
z4ZudgE5tj*Jx27JeQ|(}5xsIx$Apdr9Z%}}a>xzA{Bd9g6$GcUgiDrm$x<#^+9k`l
zWLcLi2T5GzLLM_(hdYhd<7TujH>35r8LiXJXuWPm>vl6*zngj5pcWQ_g+*asQCL?L
zJt>Nw6h%*pq9;YslcMNJQRsxYB-N$;rjqK@zEerd(Ed|N%TXUtNz2k!ilRr+XsaMz
zhorKDOLlb07?<qilAT?$i%WKO$!;zg>yq7FvWH9dbje;W+1n-ixMZA5_I1g4mrQWU
zelFSHB?q`<qDu~hJe2ov-XnRB<~^48c-|9vPv$+9_jKMb^Pb6jHt)H-=ks33`&HhH
zd83$1c`xU^lJ{!fYk9BdZO+`tdowR#JhQYsQy#Cbrfla5mn9)~hrPJHguSG_l)bdQ
zjJ>SAoV~ogg1w^sHG3s{WqTESRePwtn!UO`%wEG@(_YISZm(^xW3OwkXOFPgw>Pjy
z+8f%V?2YV=?M>`W?al1X?Jevr?XB#s?QQIB?a}sF;}CU-v5UQ%y}P}yy`R0Zv5Iko
zeUyESeVl!QeUg2OeVToS{dM~+`yBf``vUty`(pbN`%?QdyVJhHzS6$RzQ(@RzTUpk
zzR8|!|Jc68zSX|X{+WG;eV2WYeV_dc`$79*`%(LG`$_w0`x*N=`vv<&`(^vr_HXR>
z?a{$s#4cXUL==oD9Z@-=dBm8A$q{cwd=ybRGA1%Ma%AM}$d!>_MLxhgvI`pi+>niu
zqRK{9jcOIuHELwk2T{ADE=QfjCx&h}Gd9oOoNZp9dEe#@S`KgdQ_Ebf^0X@3s%NV{
zt<JQ*+WKDWhppq<3~V#3&G&5{w()6eYuli0blbjdKWppNzI6LK?Tf{fj2Ra*C+3})
z<e0BwuEu=Z$*Xh0&VjM*V-sW7$L@<g7JDW(SNDMKCA-J=E*w`nu0mYpxSDaz<66eO
z7dN`^guZ9vuf+=qdP2d3kc3GIGZXst8`5uezpeeg>3638rT+K(mrwjK@sq^(f%^vj
zJh1QJp9Ys67CCI<ur0$3!+nSQ4=*u%*zgI%FORr2;{J%=M);1DN9rScj*J^QU}U|q
zv16-@uRFfO_@NUfO*n%0P0LKKF}d;N0h1R_?l`6Ql=V|qPTf0o!L;|MZJah^diac;
zGxpCoJfr`t;j@(4AIwgkePedyoHldX&*?g6-<&&h?$0sIT|W2B+zWGO&zm>zy?M*$
zpPGMRe!d0878GAlaY2g(SKmxnG;GnbMISHvY|$5s4lnw7(eI0LF19TWTwGys?Zpij
zPg(rt;<pz2hg6RWi>ebcFQgt&ABY5^fW|;mpgGVIXbrRlqJfS;C!h<^%Z2$NaR}o=
z=7%I8Oh7mQ;Q)k#5Dr3E17RRTF+XG>`1p{CAuAEC0@eU)f%U*fU=xrGd<<*>wgTIL
z&w-u5Zs4E`^FxjxJc9a<BRr1q6v9&o&mcU5FbUyZ;9KAx@E!0wupYHAR)h6jtI_(N
zb(NJ^O;)q@ed}85I_rAt2J1$vWVKkc;hPS*t={<Lvyau+n!}pYn#<~EwOakH(bo3X
z4%Uv=7;7hMXKNR0S8F$GthKwfhqb4*m$kRGk2TKP*BWn4u(q=XSXt{X>u&3Q>jCRg
z>q+Zrt71K8y<k<Xnl;dx#~NfUU@c@VVzpa?twpWHti`RRtyQcwt#z&UtlwFiTANv$
zTSr^RSjSsuSZ7+_ur9JLv3f_GX_7r6IKn5Qc!C&Vh$z%Nq-jBXq?)d!MwcWmX?97A
zOJ;LPZ<q9ONne-D>5{oz($6KWF6j?Rj}Hub>t@Esj67!M$ISAWWqZuLA2XlF%=a<N
z`IzN;%={iR>tja!?Y6)d{w;*hD->jW;B#O2e<kAPKjQwbTv!}I{V>@jy<PH56Pogd
zi}#46oVa+bi???1s!=rEt233cy{RnOoyvl)l*2P9*PBv#HHON<U8wYS<yK0hJVzrc
z6XU2{GMUQOuJjEJDZlJ$Ww1-9Q%hG$KPnCNsodq#Z{)I}hpUv;m40gk&Aks<zwzKU
z(*`wgolO?Uv9!2rqi2RC0eV(g8Ylyl1<K)g90JheGJS@CZY6<IuJNQJNym_m9vwG2
zVsxzNDADnuBSXi8js_hEIszt!rf#w_@H}DYNcdoe`yhNHqDLf&XdO|wi+ATri8&f2
z#x0rLI&nk8Q;B5~x=t?~**oe+ck^6p{dticVz0HnA5|f0PRmX$FZVOl-!-{Wl+wHe
zEH44eOTh9Hu)HKJr{_?#U({yz%hdE-mwqIo3{Vy*hrZB{Vt92f4wL{&0;Pb`KpCJc
zP!6DHD^yZl>Nl^>weazU7(9_dWfRxAd3EOPkaw_NEDw1XE7K~hN^7x7Y{Y7mjFo5$
zR-tWJfp%iu*c-AhWPivPAqTJu9l@$|3M<X|kP9JSg<K4|6mlixTF8x%n<2MCZijpw
zatEu=w^(_;3%L?8xe-AdheLit9hBWh*(EM^Kjh1hx3T?(G{U@t`tOIl4{PqD&7_bO
z2u;j#*s%s0d!Vr#;Y#3L<RnA>hPGEi{}%FAqV3OIEv!WAw~+T9!uyc-VdZLst5N@N
z&|DRA)s;_})oAxqq^*Lc3F&vx`c2encJYhI*$oYM&RtjS?tByD4tKjOTmzlWu;LEt
zUIY0Xe6$ua8GgJCudN3^hrEr@p}Hn8+CyqRVK%`Q+Ut*9X;kiZ*_0fz3uCYc`m~k3
z@cIFl1qV^f=ct4F)2&U}=cwrr!mnNRAA?VmUA7-{wRj9R9ChVT&r?59Zypa>iW0j~
z*9oL-3UNZ?IC81iPodma<le>zZ2|US#7`miIXLzGm&p4t<TT_~)N~FuQM=DVV>f2S
zef0M}+BoB?fy(>PI`8WL9gN01&^wPd4?^BXOD5#qhXvPNdKZvFNA3bVV`8YJJ-dxr
z_8w}Xl6r(P_xM~vxCir(>Rdz5Y2GcDuWqC4O{5+}9${`no<Qtt_}#>O4ZYnV>mc1D
z8^R>_b^yhJ5<p3y6i^x{1C#~I0d$|DlIqfZib|?a_gX4x8Tt!=N?MNo0-%zXrN02E
zbhksx(iMtITDA*5q!Nv%45IPNxG{boL}Negg}t;lekF9ohf*lkx#W8M9&OC@ZR6KI
zxYOiD1)6t=&DrVW?gT4yuC`MBN{PKuLr-8csfsdH@u8Kf_*_dUeuszR35HPA7mepJ
z2-4lGH-4G-1UBPt$!5|SWjZ6TGwu@&L`Y>lm!x-&24Wqiax<~z?!nk{cLZXAPAJtA
z*i3pr_CU=&P}a@Yxnk=OTjxrntOv8+mAc-=s3v7>p1!cl9j<fvBi1GBxnxb3jB|O(
z1n*F9(GuoVd>#DN7nbyeC4Es-U&Nar-URU`h&O=+P0%0e*QQ8siu9&PZ;JG$NT=Zn
z+<{p^2<k72oTBhpAJ|H_j<Bv8+N9p8hS4dC6zbDNe9|TwerbT;`FNVhwbesS@$hpG
zpeN7^WxC^9Ko5*<59raHUXTq?j=&msTMZDWy`@)M;&2tEA1rDQYuP+>B&l@ZI9wbk
z0h9zv0i}U5Kv|$1KxZkHRF}?DDycr5rBu=~be2*{%h6d%B`r&5DV6SaXjwW-sibA;
z5tm9@mL7Gfq-E)mm)b<j(xdOyn9lG>ccyAmwWP45nn~eF^^)o*MJ7chHBM@p)I6zW
zQtPC)Nzq9il46oNCv{DVP3n;}B5738n51z@6Otw+O-Y)TG$ZNtq*+OGlIA5XND6Z1
za~5zGau#t0JBv9>I7>OpILkRJIA3#Cc2;#(bA~x<I>ViHob{abosrHcXJcnmXLDyu
zXKQC$XSB0}GsfB3+0_~A?BVR?9OxYEOjL(CM>t10$2iA1Cp%|2Uw6)N&T}qsE_5z-
zE^#h(E^|7aE1cbpi;UxpQ7bn(H#w7?A3L`=w>q~uKXbm}oT~12?sXn^o^+me{@~1S
zD6_KR$|=UTY)fo!+m_niu`RPD*_^iJwiUK_Z7Xf>*;d(B+t%3Lx2?6Uv#qynux+$`
zVB2K-(3Wib$o8>qvu%s*6WdnXr?zdj?Y7TspWAlWcG`B?cH8#Y_S*K@_S?R&9k3m=
z9kLy^9kCs?9kU&`ov@v>owA*_eQ7&mJ8L^<J8!#S`^t9FcFA_xcExtpcFlI(cEfhl
zcFT6#_O<Pf?Hk)&Tdm38ciKJqaL?iqSEC}Ek8513`47=u`;8e^dF)5yei}b*y0M$w
z<8<%yeP0{hZN|NMBO?-`OtErY@K|k8gVwiueKDrvggxy~jnK#MZNqo&*5kLh1JlRW
z-xPVi;pZKXcJqt7-p?|&)!4gJiqGk_;FpDy2MkMmYsj8arq@qQywJ?lw%y>N!`sL0
z9k6}!kF!rTYv0P&?aLmydKDW|W@w$+M;cBVel~J{q%!c6A@@cl%pN}JVEcy?%SBvo
z>ECW#-`)v))UN}!)?d*!N5uZ_17h+F`7EkUGeiII(eF<DD0Y1JhwZP9e5*rD!s>{w
zk$WOXbh$pb*T^Fi56*bdFtpLvZFa;w>{U2%)vRvw=PWv~XlJMXvF)eDx0#LySLb&O
z>J{E+Lj2yu?}zjno`2dmql2c`ew}Z)wBeRUyL)dRzo*TEwu3sXj;%B}q3@N5pPPKt
zT4}egZ`b(w!)gpKIrE3vwdM$OC)Hn_xM9YJvoE$A8}Vg>Z(3GvH818spU{54jUGIG
ze5azbCo~+?`F`iBJ>Kl;9p5}5c7WfIHgk)%A27Q}1F`k39)+h(YFj;;?=p6Fp@z8{
z#k8_@is-z&%hm3d_)7_i!w!zWIR4V?%26NnR2v=YGdKR1F-vDReRJ`mIi2_QxG^Gd
z(9FS~#?9;9Y|^I@rAL)-n5|(_o1^Vd3?9=`>#?Czg=zI>A8k`5^3%pGn#FfIA6dBX
z-hLGm+a$&$PD^Yu=aa$yV}F`hcKYwr@6P>gZozpQ7M`EJY4+;+*BjJ}+|%$%!^o(G
zjV(>OG^x^Td9#kK-e}h)dTR7{(e-04#mwk5rc3`GQqMfSdiE(2mnVM4fbhgxi478)
zBu+`3npkDvh=HFD@*Y}sXdE6_xicbhWYf`p6J}2^Oe#0&=wz=cA56PE`_Y^Va}(M%
zIQ7kWVPyV@jgeg<hu05_93Hu=;V%svH=ft{Qsec_syA=cynTy;EswN0-KJ~XRc%kT
zi-`7$ZWmp${pTH&jtx6DiIF=u>3pW=zMfidXa7=hYvTIETM{bZ--+w}&h-1fU+w-?
z`tKjGcHp4FEr(PZ)^OC_QHkTKP8d63>%@H%?@XLHsqD14>GNjvn>l#)nK?fAm~!n?
zwa?Z*RsC$;Q^zkXtRPe=SEbRZ@bgVi9Xi|g)Y0?R7EfK=2_G)&gjKr})-(^Je3&5~
zD|I{*k0*BG@k~xUp640r;yui#%^S?$nKzj)nU9&zn9rKenQxeHnQxl60o%>tzitDz
zn-4+bkoiMkGp>zq#?|r7xIVraWj33S11Eq}z-i!1;0$mUI1hXUTm&uySAc84b>IeY
z6SxH&Hz%Xsttht@I$P1sS#uxDAj?q8aLYi;FiWE49ZQmBv}KfKtYw^Kie<88s%5-o
zu4RU0g=LLpy=ATCBg@B@Pw@=VCwPYFsAUzNEZS+=ZRu~>XW3!dV>x6Ax8%puNBQxj
zQGPsmlpp!|p^+at`H`C+`THU5Krj#n)V35vyddHQEk%JaARMS|DU9^ONH2`^!bmTS
z^ukClg7hMY7eTxT;&$lR5vMX3VNrxd!HR;H051Vv0<jW^mjW+^ur$(3gO^5nX~fHb
zmqAz-D2Kdq2+JcZkFYAjs>rVj-Kws5IKtYNP^5(-9tt}`5wC`xSA%Xfq*sG(HA{6M
z3<w8mBW4GJfucYd5DwG^b6Za>4|8qdkhLu}kX{4&HIQBdDK(&91L-x9UK8<}h}T4%
zdZ0G+YD16KRvYOwHN?`};sC;dK&GxG60)94Mz~~smu%pYk<iHx?fjPFKn?ic0Tc&n
zz~>I2I8X!rb^yfzYEc152T&ZKmN|gpKn>JU6sU>vHBqi6d`|mZ6FD`p^@dJO)KL>-
zQqxirHI+nI#X{|>Vxe|bu~56p!1glGEr+li!tw~qBP@Zi1j3RCOCk(LNc(R`NPSTh
zA@xNmgryLcMpznQN#vG<W=Z6hgtaArQb1{-fTa#Br6WP-oO|X`PRE4KKAJ-37?pH}
zQBG$YZ9NS2(^*F68l8hw(iEygB~7OzOJ|>Z{?Q)Oa?~Pf7p;>@Ix}f+=)9z}lGZ?_
zn^RBFmg($tOX?5Gsigj)me6@hXC*C5C7o%sEh_0Or1jIeNM|F}q;rwxd-ft)f@)H`
zX*zAu(`TwrQ;K4|Xh<cUnN*KTIzy>Gm6W^ZF|~@;NB3<yF4WI%N%v@X3LP`*TbfSw
zX)Sa_X`Pf)e^MRlL+UXqsjuAo6_r%qy&uqWl+zU2D&1G9q!v;iQcm|w_dZ5#r#4WZ
z(7n~&L#jzVLTjLs?)h}BqUqEUcUd~es$(q-bxFb$KuG5~W!0eV0CRh{7#P*1t>exn
z>ZpYnVah?$y@4>bkVbn!wZbh{mv%VzSx=pTk97kd>t<u<C<eMD)uZ(|u*OnuXAB|6
zkn*m3x?Bh!l0PtCU_hWPuq`tPpOFj*VMF{vtRdM$d_sIfa)jgz$raKPAL*<V7=(|n
z7G{F+>CsB~Y-e63A5#VQi0fdVtm9fo=qeJ(M7Z|XK&HNHj}2rRxc1pVhVHv`rD=$;
zp(VE^k0r>G*OCvbK>_%q5Js1--*j~@h84<z^`ZnuvlPa%3|8NAn8Q`!O}ci{SyU5V
zq9c<B2m<l}1uS`(0=U;)^-<`fYLBWv3VT%JQO!rS9)&-u{ix2Px{vBTig;B2QG-X3
zj~YITderDq<3~*%HGS0VQS(PF9<{+IG>0-{3XLuFE3SVm4Oxb39V<dE<2ulFTqmGc
zC+6Xrc}IuCQQT3&QPNS$QQA?)QPxq;QQlF(QPJ_5qmrYtql%-dBh*pNQQZ;dsNtyT
zsO1QE)OOTy)OFNzL^$d@8aN^y4INRAMvlggCXS|#W{&2L7LJyVR*u$=HjcKAc8+LA
zdq)Sy+xWQRd(0YqL~$9jBG8y`dhQvyXXbuA_gne)<ujZrc-C;L5KtH>0@#6IpeRrb
z2mu^Gai9cH5-0_f2Fd_sfpS23paM`4cnzooR0gU5Re?~T8c-bw18M*@fm%Q~P#dTN
z)CKAR5kP(56mS~&5;y~#1<nEIfeXM_z(wE^a2dD)Tm`NH*MS?rP2d)A8~7Ty1AGJA
z1-=FD0p9`lf$xC_zz@KWz)!%>z%RhBz?^f2Q*(iNz<gi<@FuVjSOhEv-U5~YOM!QQ
zWk3?(1eOCUfOmnFz<a<dU^TD?cpq2`tOqs#8-WjiO~8jhGVn35`P?DnVdFgGQe&r;
z%Z%?BXQ<7LZHz079gXdc3yg0XI~zwE-!-l@mN{j*FxA-;q4~m8NXvzO#{R~EU|tu7
z8kZZBjGb3HjeYFXj7yAf8|NB7HEc6%H<US*{X&^j+68jz)3fB%HefsO8Spu<1K0`d
z0(Jv?fW5#zU_bB$Z~!<690CplM}VWiG2l3G0yqhr0!{;80%w4;z&YSNZ~^!VxCmSV
zE(2G9tH3qjI&cHH3ETp1178DofNy}iz_-9X;JdS?Q}ck2fCYbq%l-)ekGb;zh~nt~
z{>;wq-Lh9{CvAZfG?qoMoE3Y=-h1zfF~%5MG$MAzj*5tijZ@EpVDG*6dKSPQ6HC;X
zXl%USJum?^d7n4`=lMVH>E~{lot>SX@|)kx{AQ<kI`8}pl*sw5oyj{Z0rj_4rr_Lq
zUBGqOzbQGtJMp_ET|l0}-Sw+MT4|708l;s5X{AA0X^>VLq?HC~r9oP0kX9O`l?G|0
zL0V~$RvM(025F^1T4|708l;s5X{AA0X^>VLq?HC~r9oP0kX9O`l?G|0L0V~$RvM(0
z25F^n+R`=7h;)Bv=L~;m7tj@S1KmLn&=d3my+I%FIrswf1z&=G;49D{d<_PGZ@@tC
zEf@p_gCSrj7zVxr!@&sfJs6o$%GoNtl(PqDo%7oXzx{yv`&G_w|D4~ibAAWlcPmh@
z+m`dY9lz>zJ92*2zt!v2zrRW^PRnpJ*i04&8>~67Nu0+L*nF1A7O;h|Tw2VYvt=xq
z+1U!F&Clikm7Qfz*hTh~U1HZ+d1wCg^3D(t3JQRN;4@GN6b3~=QJ{b@Pz;2F2v8i9
z03|^wU<0K=8Bi9K1LZ*l5D6-RN}w{R0;+;)pn7^g&0@`08r4oCf+!fpQZRO=VDwAD
z*q4HlF9qXX3P!yYjCm;-@lr5HRn=ubQO)&T-Su6=^<C5TUCZ@d+x1<?^<CHX9p(D2
z=lZVi`flL*Zs_`M<oa&x`flR-ZtD7O=K5~#`flO+Zt41N<@#>z`flU;Zi{cPh-Sn)
zLVbOBD_CIF!6;%g95=&1b(B$kQFnEWHLBDAP4OK?zKf`b*@Co)R_#tSI~?KH=Jv#8
z4TF1Hzi!Ypw$qd*DLv$-)kdt0ebTyIbFZ&vcWu!vYPz;tv#z6t4jU#mkM39U+W}2C
zwP-NID?;hz9pM$>)=>S9b$w54ryg(ZuYNb{s(xP{q<*J2Rli&H@Q#?<>E~t@8<uTY
zwP6*Mht7?*H{u!(Ydo*<>Bb97RdtrnXx^lIlfg}@Is?+Tmg<Gydg*hUENgP2;p!&c
zotf#ZX=bSkO=~qB+|=79G}APz+pKM~Z<>v0HnLeYr;^dX|FLG7IO>-9pxM)An&u0e
zmu+6BdGF>+n*Y|^+@e{FZY{>NaI{Ekv9E=tRlZhDS`KXaxb>-4&s!N<Pi|GBb@A4#
zTi1lFd)E3zYfYQ{ZMwFp>0FUf)A>`z!#4hHKWpo3)3fd4(r-$O?JBja<vfzUzn!z)
zFF5ka%xb4;->lQ9GM(G+X+NcXZRefz>K$r3@1^(a@I{B=9d35G)gip>+YW^~R_xfP
zW7o2EoTJl+mrd!I)^StE-p-ksb)3aBX-xi3hs)M?Zpmovyqey%(-)m?mrdw&veV^G
zzjqqdxqP{Ra&?^-G7fjH)1`iwVO>(YEbFqaOGX!SSO2aZx~}hfp=;xAQBHkk#cpr9
z_U<;i+a3J%G&6tqgWXnkD^|Ww_wTze=svi6-|~HX)OSkPZ})iFvu;n{3Sxyj<!3gT
z-GuZ??71fTN_A_mj=h@os_)#NS+~NgUSoST?cKon<@Kq(gL-@Qsn%y{pP%}y_`HF0
zX~wnBeIl)2G<4dpH~*qx<bW?0eX$*XP06V3)TK9czRGCWw~=$l_1%3>_U+Zz@@1tj
z`+Pa%%duZJat5ZC`ZBy<zkVev9`4u3c{bzsFZ+Gf$k{Qok#lP1p|8sI_wPTaVpRVT
z{Rj77)4wX@L(Q)nLy{)q+mTslK;r>ToMJ}wfZ6!9Wj1wsT_5(%<Zo72TK>(JO0@^J
zA2@d4v4Q@TL%(eXEvXW|XI`%Zy}&%EnR9VwGv}7f=Fo!PR2DJj^UL+-XqlQjebbvm
zngk9G8a#P$ttxY>v~bGT8xFaR-+~z}oC)Ay#)F~ZRilPA8rIS|JiVpUp7D4XSFI)D
zbLhLH-+flCl{5PKx#3CG?hn6>_qVrlj?3&ef>u8~g8RPa_ob@0b{0Zz*3M{yqbnK1
zMz%)#Hhbi&k!{eHw1FJ#9Nh+*N&o2j&Q6&ZtEWb@QMwwHMr~}{#%a%N<J_28-#H5;
zX7Vu$r+ralM$F`x1u<z&*T<yA?2Ne=)7BZ8DUa?pdd=vN(K|=~FuK|3W1~-uzCOAg
zp1+;*i}ZGA#fsK^I_8%#ma*-f$1=N*ZRb=nJJjq_vz>E&W_z@EU({?ouGhFe<5rHF
zFwQvs*0@6BzZgGm{N<WA$I}VF*X%r@1KO?26EY^)YQ37Uy;Mi%+Up&iJ=1s9I$SGh
zQYYt%>yFsHvHnvAPwC_g&#dO;uOFYXW6F~$)zC6tnA*j8F1?HMQF`3;r_<eMba58T
z^q*07=H;2rnZsxPKFd3<tMgUn<k_?9Zl2xEIXL}Z-TiY?JA};b?yQ;K-RYOnFKSTK
zjk!HgR#T&TIOkk19Nz=_*sb`I^$O3k&)YZe-MmxvdO9OAt0cZnJXQZu{ay=tqdk9F
zzqeCJ@9i{Z^mfk3XxZT1LSd0<k!4XIC&^evwvmN_d&pk0kL)K0$YFAX93{udadLv3
zB&Wz}a)z8G=g4_-fm|e)h?86)SIISUourctGK3P!QJ!k3NF}PLMrx)W)QeiE5A~w~
zG>`_<{4|snqD81ei_sFa6fI55(sHx{tw<}=s<b+-No&)(G>X=z4QXTAls2a=X=~b+
zwx=CwXWEr^r#)$J`Z?`O`_cY%03ApN(V_G^iUP&O&@ps8olK|D8T2<APb+fsX)u>W
zm(XR@PFK;@bRA8j8|fChjqaek=nHy~9-v3)VS1b%qbKQUdX}E27wKhsg<hi>^ai~}
z@6dbnKK+S4q>t$n`iwrM&*@A0ioT)mu-6C2@tlSeIf>JAM$XK6a9*5+^Wprs04|WT
za-m#7t`Jv*Q@CPW1XqG9#o4&hTv@IhSAqLp8L3p|YH@YAD6T%&ko!vcQt7XZqT}d9
zI*CrBZ8?X%12>DVw#U&a_Eq+|bPio>@2ae^C(?e(0=kF}=ejE+xnz3KzLJjR#&PTI
zYiSK`Jx!%Gxy^JIH;0?cC2*<s6nhf4np?xI<<@a2+<GpROXD_h8@Wx~W^N0&huh2D
z;BIoaxZB(vu0I>V2C-r6EqlkZ*ed40YTong0z1u|>?+G(H`pz9huvfM*-z{td(3`k
zBiRe~ioL-qRd?P4>vz4dM%BXS!|GFCtl9PF19+Ja<b(KN-pc34%H2@D0AG;*j4#9&
z=8Iqzsltcx#rSZZ@RY|gYM$o>to+sTBJajaypGrN2Hwb<_|AM+zB}KO@6CVC_vQQX
z{rLe{g*%8J!Vlwz^WXE){3Je>pUO|?XYz6U96p{;;1l_Ud=kHeU&bf%EBICXYJM%B
z!l&{Z_)Yv4ejC4o-^K6c_wxt&!~9YHIDeAg!=K^L@fY|@SY3OSzs_gyH~3rp9sV9x
z%l^ba<R9}-_-Fic{x|+5|B8RZzr$WHoWKhjK@=oGFBk>0;30Sk7QsjG69R-lAy~*S
zgbD?PLP8Ni5sC?&h2la9p`=hsunDDwGD2CQoKRk<AVdlkg-SwYp^8vds3uewY6vxj
zT0(81j!;*K66y){g$6=Hp^?y7Xd*NfnhDK?7D7v5yf8tS9xx+dX27g~xBwUm2FwkJ
z511E_5HLR=F<?Q!!hl5qNdb!kmIN#fSQfB6AUVJuup(e(z^VX8!0LcC0c!)+1*8P5
z4@eD23)m2_F<?``=722$TLZQQ><riyusfi?<7>wN$2X3Fj&B`<9D^N0977$$9N#&H
zJ4QIZcZ_sIJ4QKT9HSj$9Ah2h9OE4m91|Ur9FrZf4j3~!ra7iNW;kX#W;x;<vmJ9B
za~<)Hd5#3fd`F^Vfn%X#kt4~m*s;X1)UnL5+>z|CJ61SWI#xLxj@6Dej<t?;jugjw
zN2(*uvB9y?vB|O7vBj~~vCXmFvBR;`vCFaB@zV2m&sUzWJ>Ph~^^8g;GL@Ok%Yv+t
zwX!I?$&##-^|C=W$|l(?yUQN3r|czr%RaKN>?ixnfpU->EL-LLa)=x%7nDDf3(1A$
zB63k#k;CL-a=08J7ne)OCFN4GO)f2$k;}^E<nnR_Ia01DSCT8sRphF2HMzQ6L#`>;
zl55L#<hpW{Tu-hqH;^03jpW916S=9}Ol~f>kXy>F<koT<xvktzZZCI`JIbBp&T<#I
ztK3cQF87do%Dv>?av%9~`3t$P{H5Ga{z~pIe=QG?zmW&Zn9`94%R}T5_F?jHxtsF6
zJW`I9N69hrXnBl0P985$kSEHM<jHcZJVicapC(V2XUenWIC-`_N1iLk%k$&}dA^(|
zFOV0?i{vDEvAjfHDle0l%gM4`ULmiPSIG`}wY)}NE3cDN<n?l@oF;FOH_Dsj&GHs`
ztGrF#F7J?c%Dd#<*t3WW<O4N<VxSbL4>Sgv13d!00xf|)fqvKrHxN7E=EvT*1+nXG
z5$t$d47=Tyz&^L7vBzzB>}y*I``K2*KDM>6hiw%0uWg9EYnui($BwnFu~%(->{8nq
zJJfc^?zFwJGi_h&O4}bh(hkI4v_r59?QrZs8;!kZ$6(*t3D|Qs7W>Uk$6m8>u3cu;
zJ!TVJ`^#n$b${6<*jqLkyUMN#T#cP%Q?P^V2J9ZY1v|&?z^<`-uw(3jz(d$6_E_Kv
z>=1hfyTe|<uCPw*2zwoS!QQ|wuy?Qn?0xM1`VjlRKEa-^&#~X@OYHOd27A1IxSMP4
zy<79{&>D`lV&#I=U0BsUSk)a^bMLm=7^}CMVrSLn*jcq@P$#Uw%Ds>3SFT-3-|t1L
z?lt-{=y%tSqOXEpf3#a_bWq;iRI~R={d1?(KX+5j-b*#_PO0lY+DTR2B{el@2X;+W
z_e@R0{-`IgKdQPr>VDV$r{}OAs=61dy347$@97=vbE@uo`Yh-Tb~ybl=mmB<{W^GL
z@busr!83zr1;+)?4xSS{H#k0cUT{M2{NTi3&Z@OaR-ILEHCT;Slhtf>w|ZDTt=?8&
ztDn{18eo;Jq1HlH#TsS}w?<ftTT5C?S<6`?tre}6td*@bt+lMRt#zz*ttG6TtzE2L
zt=+8Mtv#$gt-Y+ht$nPYTfeaOwSH;sXZ^}L+PW!pbLf`Pt)bgOw}<Ws-5I(oba&{U
z(7mDiLidLr2t62jDD-gXk<g=|$3l;Xo(Me|dMfmEC{d`wDNNxN0h0$>MO54rNzo~K
z#h@4!lVVof6%WNz@lw1Mi;_?AQG69Y#a{_fWF=4uQi2t$l3xi?LX`qaLFF^0kWyGF
zq7+pWB}^%%ge#qu@?0gZm(oZ1LK&b8RK8UPD?^l_$}r_SWw<gziB@8iG0He)f-*^o
zRi-M_m6=MMGDnG55|l(`p^~I5QI;vm$_izbvRYZIq$sJ%24$17McJn8P<APMlzqwp
z<&bhjIi{RYPAO-UbIJwflHydZD%X_^<%V)gxuZN#9x2b1B=chP67y2?GV^kCve|B4
zVP0uoWp<cXo7b4vn%9|A%<Ijm<}~vL^G5R~^JeoF^H%dV^LFzN^G@?F^KSDV^Ir2l
z^M3OI^Fi}r^GS1+<Z8(^l4~W`Nv@yVFu8GZ)8yvKEt6X(w@q%J+%dUxa@XYU$vu;M
zCx4#YH#s^vCV5Qqxa0}RlagbTrzTHNo|zn%JSRCmIUzYQc|mf1d#Jsjy^y_#U9lIl
zN7#$oOV~@<OWVuZ%iAOEmF!jQ)$BFwwd{55QTF=whW5txruOFcmiE^6w)Xb+j`q&>
zuJ-Qsp7!4M&+UEf{p|hiU)u-Rzp)Rre`_CPA8a3DA8P;3{=Gfg9%CP4A7`IzpKhON
zKVYA2pJR`=C)gA13++kvCH7_ZWcv#HI{OCuCi@oqHv10yF8dz)KKo(&QTrMDdHY5C
zCA-u9tNo?@cl#@Qgrm5lgrlURl*8sI?I`Og=P2)};D~fobX0Owc2sdxbyRaychqpy
zbkuUxcGPjybwoMpIqEwaI2t+{IT|~fIMVFR9W5L!9jzR#9c>(K9qk<*9335<9Gx9q
z99<pV9Nir~9K9XnHGR#!#!ER~3$Hb=Jzsmh_I_=7o$s|ZD}Po<R%lj%tb$peWfjUQ
zoK+;NXqJ){mQ^e(JS!rrcvgw5l3As)Y+0qV%4C(zDwkD0i#iF$l_}r=UM__G3v~)W
z1GGQ{Za@M$pa%wE1SVhx?!W_h0x#eVEFd570lvTw_=5l-gFp}jf`Jv}2O%I76aWRm
zXCMWv2dN+pYyca<Ca@W70b9W~upR6GJHaln8|(pl!9K7b8~_KwA#fNR0Y||xa2%Wf
zC&4Lj8k_-V!8vdq^vC%3*I)qn1`Gt>f<a&~7y^cZVPH5I0lo(#K{OZzV!&uH28;#c
zz<4kLOazlaESLhOf@xqnm;q*jI4~PTXCfRh28;#c!2~c7OahZZESLhOf@xqnm;q*j
zSs)I~26Mn%5D(^o1TY^Yf(2k9SOk*5Vz2}(1<Sy4kPPf#1y~7I0S8zO)_}EO9Y_JG
zAPsB)8^I>98EgSt!8VNjM`PT46o>(%!5A<Wj05Ar1TYay0+T^3m;$DPX<#~-0cL_(
zAP&q1bHH2>59WacFdrm>1z;gq1d_mFummgx%fNDw4D4V9SP51E2Urc(fVE&9NCE3X
zD#pf>z+$ijECtKJa*zz{U<FtSRsjcC4c36QU>!&S>wy|p8rT3ff=ysE*aEhKZD2dt
z0d|62VE1)@XBCW%R|VBTbx;G;1hqhIPzTfnQJ@~E4;p}mpb=;cnt-OD8E6h#fR>;Y
zXbswcwxAto4?2L3pi_noGR6iOV}p#bLB`l1V{DKyHpmzoWQ+|m#s(Q<gN(63#@HZZ
zY>+WF$QT=Bj14lz1{q_6jIlw+*dSwUkTEvM7#n1a4Kl_C8DoQtu|dYzAY*KhF*e8;
z8)S?PGR6iOV}p#bLB`l1V{DKyHpmzoWQ+~-kT%Ri+At4k!#t!7^N=>oL)tJ8X~R6E
z4fBvT%tP8R4{5_Zqz&_sHq1lXFv4WRJfsctkT%Ri+At4k!#t!7^N=>oL)tJ8X~R6E
z4fBvT%tP8R4{5_Zqzxl*Hq1lXFb`>S)&_MzT@VH8f%>2UXb2jC#-Isk3YvlDpe1Mp
zT7x#AEocYYgASl0=ma{0E}$#u2D*bDpeN`BdV@aTbMOV|3%&&Xz*nF@_!<lV-++PO
zTQCR=21CG5FbsSLhJz8{doU72gHa#`j0R)CSTGKZ2NS?VFbPZsv0w_A3Z{YSU<Q~8
zW`Q^`8_WT7K|GiT62N?r2o{1xU<p_blEF%_3OK-OuokQXDPTQF1!-Ud*a$X(&0q`I
z3buotU>Dd8_JF-$AJ`8Lf<xdiI0BA>W8gSA0ZxKb;50Y`&VqB`Jh%WZf=l2saDpq~
zD!2x&gLIGqGQkaS6Wju~!5wfH+yg&=``}0L6L<g~f=A#n_!&F_Pr)<r3wREG1;2q8
z;3fDSyaKPm8}Jsq16hEiqdo%;Fu(%=Xn_dafCLP{2u#2X+<^!11YW=b@&O;<3;cjT
z2mpZ~2m}Kw$PYq5C@265g3mx9P#6>eMS%jsKrs*wB0zCa0+a-$fDM!eWk6X_4pab<
zpdzRQs(`AX8mJCxfLb65)C2WF1JDpO0*yga&<r#OEkH}q3bY1oKwHobv<DqPN6-m$
z23<f`&<%74JwQ*;3-ktkz~|r#&=-6O`hl-NfABRJ0KNeO!M9)#7z~Dhp<o#J4h#n)
z!1rJzhz6rT3>Xc@fU#g47!M|ZiC_|#3}V3)FcnM#)4>cd6U+i}U^bWo=7M-I4<vy3
zAQ3D83&A3g1QvrOU@2GzmV;zq2P?ozunIW9YOn^Z1?xZxSPxP`8rT3ff=ysE*aEhK
zZD2dt0d|62U^mzU_JVz2KR5smf<xdiI0BA>W8gSA0ZxKb;50Y`&VqB`Jh%WZf=l2s
zaDpq~D!2x&gLIGqGQkaS6Wju~!5wfH+yg&=``}0L6L<g~f=A#n_!&F_Pr)<r3wREG
z1;2q8;3fDSyaKPm8}Jsq16hEeji!JD4Ddhz8lVLta03$10X;APBQOCoa0ed16L<k{
zU;+7n5AX$kz#jwv83ckL5Dcs!KL`P#pa3WcJ_Ch7VNe7V1quiQ#XvZS0L4KGP!f~^
zHc%Rr0cAlsP##nOk)R@|1S*3npem>as)HJ!Ca48!gF2uthywLMeb4|j1dTvr&;&FE
z%|LU|0<;9JKx@zjv<2-zd(Z)N1gd`28FT?%K{wDH^Z-3UFVGwG0iS~}Kwt1B=m)+6
z{lV8@0Qd$B1mA)|U@#a0hJs<>J1`uK0N;a=AR3GUF<>+p1IB`JU_6)rCW1*|GKd9J
zz*H~|Ob0W-OfU<?f!SaVm<!^;Jdgn9gG8_ZECh={5?BnDfTds=SPoWzm0%TcfYo3P
zSPRyH6tEtof;6xJYy_LYX0Qcp1>3-OumkJ_yTER+2kZm;!2xg(90G^I5pWb71INJ$
za1xvXr@<L;7Mug;!3A&;TmqMY6I=mT!F7-hGC(G{0d9g@;5N7e?t**Z2XG(!2z~+&
zz(eo|JO)35C*Ub~27Uq0!LQ&q@B+L9zk^rc4R{OQfh<5WQP%+n7~p{bG(ZbP;07e1
z1A1TpMqmPF;0`>1C-4FmkPr9(U*HG)K>(0JAP54%zzXt%5D*FqfP&yNPzV$TML<!Y
zfG|)Dgo6lB9FzbhK`BrglmTTyIZz%{0Fj^~s01p5DxfN;2C9P^peCpVYJ)nUE{Fp4
zKz+~vGz5)76VMbi1I<AT&=Rx)tw9^m7PJHHK?l$gbON107tj@S1KmLn&=d3my+I%F
zIrswf1z&=Gpg;H;3;^GNf#6#(2n+^8z)&y@d<TYu5#W0;5=4VhAO?&EW58H24vYsA
zz$7pk#DXbcDwqbQgBf5Zm<8g%Y%mAR1@T}WNC5LeB3J+xf<+(+ECx%!Qm_mx2g$$=
zR)AH&0ak-GU@ce&QowqU3evy^un}wmo52>a6>J0B!49w!>;k*N9<Uee0|&rCa0na*
zN5D~V3>=58ApsO{fB`LV13I7w24DmxU<U5M19$>2;0-JwAMgRbzz_I?03c_Uht6Cc
zI&*pG%;ljomxs<=9y)V*rv_+&2;6`KbU+Ubzz9sh4BUYS@C07K8(2U--~)VtAMghO
zKn8&z2m}LbdL;DWNa(|n(1#<T4@W{Dj)XoO34J&c`fw!l;YjGik+30)giag@oj4LY
zaU^u&NZ61?LNAVlUK|O%I1+ksB=q7)SSv(AH;#1H26aGP&=@oUO+hoz9JBx}K`YQ2
zv;l2FJJ23<03AUm&>3_AT|qa{9rOS_K`+o7^a1_B*I)qn1`Gt>f<a&~7y^cZVc<J3
z9E<?pgOMN_i~=!WG#CTMf^lFxm;ffG6Oxrh&rvd2OF)UZ;^eH>=Sl>5rS-TRL1M+1
zl#nr!$NJ)Aj<kyra>3xSt~j}8I4cse*-~OcIC*RFA019s=JR-0jBL*r2lvxKKGP$}
z4?()$!%0?<^fa984EDbgPU5US7sAO6tMPPk^4N+uhLh2u-p9g8e5me7I7tbW_Jorc
zq5dnv$>jn*OT)>Sg1Y0y$(e%2lf_9!!8wS@^Urh%5oB2*U3>(&P)K(!oIEWgohn9N
z7sC79NStz<o-al+!}jpR^;{EZoqYR($$skbCWvIv0#Aa-Xs#F`>p72CLF5c)cpOBY
z^Fb$r$bQlAGKi#$=7&Kf(Jl09AUSO?{1!xhG#GvgBIArEXCRqv+%FK~^fWvVBF{Vx
z_k+kZFVm$!GS6ao7DUo4hI>Keg2m%PAh~CGts&&5Tz6F<SrvE<51JjH&^YQ5FOX!a
zA0v?S)DR<(1Du43__s`o7RY#hC7u!a;ayk2TQ&RZmQxZ>MI0tk>~4`AhFeYD6iOOn
zR|)m+#3r;%1>H`{8tJxEHin8@DO*N$2h|s9VuOl!&bXH&$(&^eM|N;#LQZhP6;3#-
z9uh)FWXDWBCM5Bux9b=8cP9>{po1Ug6v=YoI+7NjtVDMz_=rE_eWtFzU2a)aPrL~6
z(%DE*VOQMU$t#?HMFZyYWDbm`U49X!K8ce~GqQ@?u0G?Z!uq6JaT;=p3THT)Np+_<
zn6t#;@^_ptnvro#n8oO1hG+RRMrzo;R0<XG@^=NVA<T0M=L%2@UIt2nbh9aGBu=5U
zt8OUyvciY{vZxUYyUCXl-b6Tfo9iK5aSjtN3b~(O4KGkSucd{qqHM%y#64OvNplwQ
z$sMKa`vyv{;O}Sno2wBoYRMwa?SJe~&7<3Ry4y^AB#;N{>-Tf=LncKDDJsQjNLA^D
zfM-M@YiC%>lio*gXMEJW2obuF8oF+z(bulOrP93@QnHYCb)8SN(L!aUWfH9#gHZQ#
zh8YsM&56Iekq2BHT(WrajvE;-EJt{`o-!-ZO1-eUo^;d2adfEeA|+#B%JhLB<c){;
z14sQXBBWebtNG?i%T*#R^b8><Xhf%$EYVE=3xCf)NXzuRcXB<K7s*dZehKf8?C(8`
zBV*}WHTvp(tm11eEqoOBc_xV4wd9pB@uT~o9>Oq~6q1(lWFGbVg(GQn%KN(TFNUF}
z<vA+cWiZV`6;9@Kw;5f}O~cLh@WMf!9N~qFJUz+hEyRCYhSfS}CB!P?t$72~=dn^x
zSU8gsBE-iC5%1(3ODp9~+^odnG(TB_yDs5$X^gJnP9wSAFkuu=#_+-no=*HA25Pvj
zyjser-zVyki~?Afkh<bVN;~SlC4HLbzT^M;{jz9TSGjk8E|PZcCq%N08tfuDL)~LU
zGKn)>){>2!VV#!zz<I@LNfPsp)sT(sE(*Y>Ws$2a-a#3A057vN;#n=3|EYTY37Lp=
z)0@TG)GAb_g~T$s#D(i#uoBbdb%TE@h*TpHVitV=^XI%_<tS94`Gm50?<K?P(d<s$
z(S-XNKchv258`g1qK8<W`V}W+q)U|GdEh1pdMY9Af4I3*eIQqchKiM`;-AYMekGwF
zHTBBn=8LjBh>$_pj)o3V3sW?$_{V8idg=XyFd8D-Xi<+pPN;ciz}r(u3n7)#ww>Rf
zaK(oTQB+g^y%WOlre<PCdAC#H1%)kTvs~v8*MdSb8ZNe@Wt3d*h$~t<s`2~K&5LR*
zx!ioIj+{i;C#n7p&7GXMuX^qT&Yht8j1SLsK`c~RDfC8dm3C{%Q!4G$k_1kIG&;>m
zTeV~{U*wRMr1QdNExE<x;h*ys942d&y;}0C#ur|uYHJd5UMt+tVop1+2vOy{;hM0E
zPcoBv(tfCS_`t0qNrM<j<HY?|lE4gyt>lzuC&eEd+{C?BlBg38TFElqBnY~-#vk=K
zF;y0KTge>x7<8KKFx<&x)QZW1c-=r|3Aa&RvfagCt|ZAXyY3?fvr;7F6UW{xl=%2$
z`^m?Gi65Q}@e*?#yTg>10C8;-k{md<<oob_&S=Ezdg9dFN2=}-#SA?;BBn!C!S(KB
zrk()ts*xn<U*j3G<75u^oyN#aPJJiwdJaVme)XgCix<j}$@w#(^5AbvVa*{d_H;YK
zNVEAAhmYwGxP$AQSFq+9B^BM!zO?)nN5?7Dhpfc9G!iRENICr&j*QSv<;ZL(bsSkw
z_2W2fpcD%Ak9y<qH)@3Q3{Jm`qYF61a3$xBLs#hP9n`QOYlsyBT|bJ_up)%C^2R}5
zBwa3F@BI}Zq=0@brN!Z|oi`5pf8<YXAM)yCAO0<t7Y32aQLg6`iweC+M9%SFxPN&4
z-~XMcwhapq_XSiqz`=%jCyxJo6qmdmE{@4vBeK+XlH7x*d(`VOqcNQLj?om(=N^Me
zi1-_$bC_-%PZ#68M7e@O+7+e&NOY+5)O44F4YVPhqhmPfB1flkoj&j@L#Z1`$Ux&N
zN@Hk5p0jHD`a-7kCZxA<4yA+8^5>4Tnnw;eIH>TB((P1-ygfwg<o5JOUM_>bWz@Wq
zgDtkWn4`BT_L%xJFqc2|UQp2c7#C4GI8Riv%fmkS-$w;#Qs<~Hk)!Ff_D5l;ak>kC
zcd6-^`qa8}9G%A1`^cX+b;G-hNI&DkylEart>gf%KR|^y939QMV^gL$u00`7I6WNR
za3Q&aQst-{*5H!iy0pCEpgpN(Y)c!XBIkO_ER+K?Sqhh>6!tZAEiL`Qc{L4s64KK+
zpVEQhxld-x&dIoTGS%(ReK$3q)Oe_EhH-W7Gp=i<QQ;UxAK@eY2krDnWe)M{q5Fl>
z`PBHD(v`Gr?kKp*gO1Ec9OhHuUhX@&>Ww+)RKp)B`H`ZTgB*!UrIu%m9Kmyui`0Pr
z@>6QTTj$4fs`CO4&Z{^BUPXV1v*4xl*ImxfROc+tkjBV-W?2s@#X7j;LKdytc=&G&
z%?CVOp@w~o{7Nl58JWyk;JjG9ZY^in&d4!Ny~_=k^KYv2Xr|s}5mWE7F*`UlekGSs
z%S1-Dr~w|N2B_dSspSkuUbvj6s8=R%hEp8b#92;o=qzHl1@*cTjr&7-?ols0sn#$&
zu*Jy{2u?W9Rxew^87^_yJi~H<BNtqkx$d`&S|&5HO}+3iHC*P%ZE88kk>6d;)6@$S
zIRhfFg|pzUr~bHK)Bdv<ia*YuriM(8JfN1V92vz~;5=8oY#C=j1om(i-1X9b?|v((
zWjZ6f)rcaOu5;u*wcsh=xt!zFh$5Ge%sV;Dd5)a_<M~?kk7sI%U_6By?r`J@wcsho
zaTYiuMbuV8P3D7~1%n6I{(QcL)H0fp4eEt^so^vS8#l`_jy!WYPf#yJZXDrA3THXQ
zp_IMPzo>rW|IBv8<OWsK`!{NVbF6yVJkEd&-@vJ%9sBRyFP?h+&XLvX^KGSu!zfGC
zvX3JVUCz;JL{UihaAXB%*`*e@mO16KULO>*4QO`MVvP*I^P!l%q+W22<=~9Em#dhy
z&Z%GC1x*Qf(Yut$$aYRb+8^WwsHfDji*wL{dP=c)D<vmQKt0NJuCP1a;y*}Q%#gGC
z1&kc!(5|T0C5AygfWA`Fbdb@yru~e}p~X((HHVzE7cVd5M&uDOx&33jqOJ)tU>q%m
zDt?xeAPKI0+CSuIX%n`{tM3klWe$xv$Iw65Lv8t)gASfc1gp<sCKKT@k+#U77y=7W
z;|RUf!x+tBB~i%B59Av3YCfM3m{&hh`wQ;vX`rcj9``I7kwztGe@UGCT@lKa+J4XF
zrJuFr0^jJlmMj&VaCxmMv;xOkbx;KHDM-Qy2{TRQ$+yx|hCv5+h{@fY4ykyG6OqoB
zxC`*<^6TGM9HSuv=Rg;o#H)vMg+jXpvKylpuJaMAsdPvrzfkdr2;)(;Exf@b46Ur>
z8(r0sm%JLI3{8<KS~5Ya_IO?C5ewZgmMgSDE$?V7U2bpT_LeJzogJ35_im}scT+V*
zu4~A34H|Hlza`M4muL$e(~@J_203n!sAM85g#231vfV285hjbM)MAo|k|$2VC>qxT
z&%mS;T5^RoLT56Q7ZJ!0JZk73K@Z<&HHF@3$nTn`h^Bh4@*Tw)ZYWs7EH@;KIxzTx
zNqa<cfNykAB*z4=T_VX4&}41V=;860w$KYLd8WlaI@#Cf)zPxYJjRQ(F#5e@qeevb
z?9^b~H&1av*-+bT^n(;}B(1FLOQI^~@u8NTzZ}2GLg~7J5N}ZNC4(e<gX23)J$}eO
z!!sqepp|NhTLd;#+9a?aIYY95CFVX;1#IhB+sR|m)(^;qdzz4UT5?ERaDqr4YN4Nx
z5>4?Uoi4h%H>eObPG*l&s?Vu@vJxjy+OMo(qM3B|IA<c?Nqe<yEZu-y*~$m4))FT#
ztx|hXmk^&Vnvf(dxu$`(F-dD#j*$TEemLJ23v4rynQp=f6PfEKoiUNcZY$8QIBF<*
z%0!+Uj>6AQlW@Q!>@%&xF%l)u*lEg%>^Nm5R;5L&U>t_EC}^kbyX)|KnF~SVzl{}q
zgC?56->=LR%hNI011{W%fjQTzp{gI`y%DdTB=w|il(bOwX!RK@(gGer0Lzzzzc<s6
zD;!$tg16Ns5LNm*XZnSs57bdzEbW7g3H~@tJr=$bn{F7XGAuj1f-S{IlyzKzG#|%8
zl6mqYE11HQX*{~TD|yo%o^E*`MRMl&hiP7z`iB&KPHArsjOUJ{0#w2yRCq|S7%`6~
zr``*CszpiQXm9gdie-+%uM~FKY)PJ8kn6egmRYqQgML(~`?tjQof^)k##$=UV$D8#
z#OQ2lM(No?bsJUfL|DUN)#Es%)pJfAd^?Gapcy^GAbMQssivv=$x19om7?Mz9vY8`
z4By3dAyAvtLp#Ia1YSM7&4)b|=yU=4dakS0`0z%dP#&46y4A<#z<K;Z-j;6rm|_iQ
z*oS(gDvST}oJ>u4!!zj-c2+|#(XgYM+`%I5|H}C<F^C<u*9|K|!?wD8biKK>8S3(o
zuzjj}u4>MC;*EY>X>%-xU4fM`C|*>+@t+=CvY>F79bMHhbYlKI;YwFLS5){<6suR2
zTX|2qt}9(&JEg<I@^mC}u9N=q9Q6L`VK>m_9g;gE)I2OquyYtN%;VV}YM#quCt{!3
z*olZU$M9q?r;Zn_<b^a;Y1CXo#G~))YZF>+5;dL|F;bljPrEpeIT$wNHsW|JZ@s3<
zTOAs=dqTl<k#5uo@VQL`MUTvJE4Waicih6}NFO|V7PTEm4Mm&7i8r-m6$`=W<9#M(
zVroDLLF;rx5Yx5fu_oj^&T7SLT9T@*ftab~5o3XEqUl++`>Gtxo!mI5>K2U&Y3w<f
zBXeokXbx+DQ89LNVb3}GFuV4<g2@T%|JDDe>KE#6erbmrRbtTct<{QgZe)`d!yUP6
zf*NnNEdE_tL%UHvY$eKC(e-(YgX`M=R5?@A@}}A;R<3-Imae`tio;!Ae5N5|v_&^-
z>ADYx&~l#Z@9Ll$&Jl!j1ns%1C={KhrQ`o$I6KfZ@6d=(v}CndG*hIPv)jBsv-Dq#
z&rQVVCNJLBkY(DUm$mft|9gDY@w7Mu6UU3QG$fIqgdE2QZPSM`x&v8*lCehXW-m;l
z#Xa2e!epUgDP38ZINindg~?oxI%^7(D_(Bv3X|u49*)9ff$RpC<AE0_{upDuNO8%G
zQ1APNNOI_XwAxb(NjQ!#^bmD0`<})c(hf>mOBjIZirTA|H!JlZ&`l~D;wWvQ8%0Uy
z$dAh8-|8xPpF?e1KAPLZoJm<RPNG%z3F_RQVU$FsY1A3bRigONjiib{A%@wJR3nAY
zN9ps)a8Xy97<!}CR3LFvX>i^^R2lGoOj$u4&wT?|n-i!s&F$!trx9uc+(~hKRJYW5
zA62j=(}D}M^aQmdQ-2YpEDa{uB1S=t)wIidd!#MW?Js5U-<@-f_aJ$eatbQlX%31+
zuE^(VuTHz#v%`Pcp8dsnwXQ8j{1@}$S`FEwDf)|sKG3+79yRfEKH1}En0-cHL|mpJ
zn>0m#)X<xs@TaEDBgF6#m9Fq)6y!8dl6mE>KvxP%x<D@q7^cqk1Zug1uGybpHWe6d
zo0yaLPBXAef^tzW%+z=sHL`sg-@`_BO=H+?6n@eAKhm?QqT#MynB%6T>xB$A<)mJi
zBtaL1Re`eED6BCl*G$3{lR8nb+&$!?J2~SnTy`f{-Gv|Ag-mxm9wL!T+ibq?ecPqR
z{|PR8f?gQr@mL5dKH~qgK+^=}2Z3gOBL2v~f7oX0w{yx%49YU)Np2GWwamMttA`X3
zM9gD2gzV|^e?eBEoR3hTBc#!y&+-=BkLwZIMVqpe!y6`MQ%9akp|<~FBoXP5NF`{0
z`>7c-9Oo(QJVtRw98TjTT(O0dFi5&DZ!3xWgp*6i%}c!Z5(9a_TaM_-uY$)RJsGd@
zd7;A`{WY9@B^7vvW8GX;3c8**6Ssp!!V`}CMCajHbyw?c!!R`6GoY*GiDGu0Dj9~R
zZ;;vuW?$gCDkr=oI3-ctb`Ar~>X2zpcv5KCGLC*9h5_Kb*Qoc33jf`uUp>tmper7K
zse64w&Z+r#15b8?Q_Tb(amRDr|F7blegD7K@BXrksWL)U!_s)=7oKMF=)L56GF8X1
zk|j95gcnZ;bQO=j=q28CR-ju1FF2eK(3AZ0f{)5c7M+awwD3(PlEQTNObDjfbrU(m
z561wVpxa_XOD|nDVam*Kz(nSW#n9_JEOtcAb1SwQ&Th95_C}pym5D^_4J%A!fnH2B
zkyH9&3r*yW9-{!q48;;m<fQ>S6#r}#<4xp+QJ8~sMllY7n?#(9HHq*YXM);*`2GJD
zA3cG<Z)g05^!e5mKQl=|`<<fIJ<^ix+R83BgG-e&j-})~cv8!vI*zml>d79B?yZI#
z*JS(4+lH#;D7zZ!9&ng!RXe}xwf~p0qH7j*mC{72oco|0tK$h6lmx{f-d=Gx5#BYZ
zHEM?pA`o#3AgZj{#)Y3p@0C;Y?l>>v`1~K||NeTnT9|qu&CwxN<C#U>DjH`}Qtw~>
zyFm<ZSZ+a=S)GG?C>mB;$nRnrqOn@?T5KVsb%v!DGF>+dE=%<WyM?6a=Rr^&bvLcC
zKt1{#Q#>9X4hy;95sLt_;~<Ag+uX=yYTDt3$*?=P^cXYjf(u)P^w0M5VY=6BDV@`j
zZXT&xjKYOrwCyP;Vc_E(=YfHbQ%ph*Ut=C?wPcMDlB^|X1k|cGg8K#y^qB%%HDrV4
zSKLPp8?v-W9Q8fxM%K_Pi0U|Pfh-Ag%W4;LlUQK9j%JBrN8RXZw@=tEp>6pm@*<0V
z-uWaO?M)8z(gQCNuMszTkt7YQ49;rAGhXDNWEka5Zb*iBZ?ae~{^&(k>U$9~-5_rE
zBBu-<kGx2XxnPzTdE)M!;6=uIsN;Y?d0OJVNVJzU$BRtzlH$BboYyp0A|szm_7Q*6
zV6Z@ZsUb6XVVaiA;Zt!DI%aS=BfwH;k*4l*4Y{w;!{c)eW_s1~(PW@_N{?}S@r<5a
z)d=_W<epZzqbCov&rlB2CDr||R1*rKPCB6{Cw0;>J*K49<3zm$$EkWfj(6$x2<Di+
zLQb0hoB9x0v@*dUGmzey$Z>WPaayerem0Tynw2=dDhi{`Bvbqe<>;tM|HwoxnlK@K
z)1-%&M<%qF>NDmoTdw)l=}4OCRQHUMjkG9a{ur+4W{$4Q+mvRvaet*Zs<PoW;`Xt<
zn#V3GVgP$R(_Lm{2U9C~c0A_OP$+x5>2&0pODFwjWh?LVsPXu8zb34J_=_9C@PazW
zARTbS5Pa>UZX}*9Mm5+fO2^&ETe0>TH*&zOX->X%p_RkJ+Y9YwLWb&oSIyll&nZbz
z4FtAQBgD~RYJu56I%FqwOkoD6eTH5O8N;cE6V>E%X?7!!E;*m+Te5Y#=$v2V$3M4g
z%7ST)6=nq{#G#=9<+~k>{63Y(pX&Gbp!I5)mPjO)3R5IZW(s@U@C>@0jJ>4F3yv-0
zFwI0B@&)#}!3rhhq8nMSRp&}ih>a87U_uM?ghOt^NjKrRo2v=Qt-+!h*_{2HS&2Pp
zl~QH<3aYikM5==kUL3W+U}BY;h)1arW$rSyKuLe3CgNKvEatQ^91<~(QxE5TDiQIF
zt#iV!^T&P8@K7eI`%S7tR#J~&YLly6$fX)2i{;-@o2?Z57T0FK35LYl?3GqGr5-yk
zihH8iHL(LmjNJ@RqS!k(?`Ki$jU-*J!|v()F4bjk^#xwmWk(Itl{)OH!8^GQn`ss<
zHDq(mkC6;xJ%rm0*(8sdI8OAGGU~8pUVhHH?15L%qPlFmZ@$TO*>t~r6YH`Ae$uGA
z?4h6K$2#n|f4(zOY+8WfK@{5=V2*FZZp(gC8!=~~&-6yv?A|A~5xW|sTiS?S2sURm
zWKV*ZQ2Y@SDjknv(S^O=)@8E`t8*@oiij5)ve!kD@ychmSW%6ij)cjtYq6AKVthSe
zOEF_oJ>gj~kEgZC!*K7bwb-%<pVPJ2<%r;=wb+XYDZM5;SloKBCR<j*5Lc5OF5!Kx
z2D@Hj2dZLxnW&{T*sU_igXd+W*y?Oc*{HbcET$a#N(tqpE!Ehva)$BM+4^!)Om()s
zoF2#5%IR_ZL%Dn~-7RN0Se4BxZ-&RE<;z2AmiL@pjm@o4Z%;LLtAb%$RW>cscVktS
z5-GytmdFy2<&l=ys?1)o-pQ)$Sw#bia7F2I6}G8T?aV4Hrn3HA6*jdpMD*dx%@$Q*
z301B_sy(k?Wk*A{p@EH%9~%^%*O0|E#I)J5hQg%Q+S3gaV6yaM%aGq%k=RzXVL{c(
z_iZcku$Az#6^U-Gdik(oqD;NnkX>f^jsMxQo0xN-*qmQ=-XyZ3VJ*j+=~i=WDHUgO
z%t1S027^-%XL3~tIma1c@}yb-U|LtL6fWav!DSrndKNrD&ZpEL;r?gp-u1NX^f{69
z``?pcpO9-GwQv7^8Gb!A=lOGf|D87aL;eV}D*Y@%?8vH$?O9zLA>SKO$788w2_;KZ
zNtsH8-Bj4D9)6Jhq*UH8+9HhBtS+>zVMg>kCr}GoiG}Kgm=V~nPV9Ulj3?{g*8$9T
zlwg%|_fB17R3%ugJZ@REXiW?bk_KJWa79esZ&D4g?ol(07*=x<PGJVdHK*SKF?NmN
z1WNyR``f?jbEtD@p_n@oA%GRtK1>ZWj0R#iHZnj=<jAnEAOWbfiKBBl0e>fQ`H@hn
zzxN-P&Jim9&QS#x93P(hL_hj}Iwtwau|nvE|BdwpiF+8G&-PK>{V3Ql`KOd+mpPB+
zW%07ike4OdTtR+PhNWu6Wfj>TO$tq}$X2=)Oe)JxyA4H4Bl#^X%kJxZF2Rr9aJCG4
zq&FWZ$Mze<_;T#H0U4ZRG_NSfo*KPZm1D^!kJIJYJyY<pvTU>2`)WBh#oaTe65H<X
zdA}mt?h!nt5}W5$<YguHv$wRqB75sCZLP?XEM~Zz@sXC6V^3u7i)Go^z!}J<Il+FL
z%CP-b!-g{0_g+pd!!q*wOf18mgczQe6W)dx-;@(>6(}&f6dPagM<`xT3d?UxvMEK>
zUfZ6c^-h#zlNA_`9aZWjm1J>Y7@kN8lh&7D+rr8a@-(d8^Ac=tF+*|*_G>W_&Torh
z)k|`?=jambN_eBKCD@vXz<0&j@rY6=a1jm87H21lW7wFStWaTmMK&R_C`LXaOZ*hc
z?na{4CR7xDtE*j9aVmVQsT~p>Mb6Zogos?N6Y{Pud0PiV+FR@T#zc{Gb%nSnGB!$x
zjnYnv+UqK((5P~0jxcLnn_VZz<oy1pbgO`z@cBRP6HDoU)70!RvM1EzvVooF4Eqgi
zBJ<d5V5^zORs&loct;ypnjqcMv+IK4h@Qo2Lk{TKGPjTz1H0hn{Z7w*bdzrA*-XiB
zNYB!xd}9pkxwHeicZxY=qC2@}7RI=fSa%`GLzv+{_k9YyudMhTz9#$mvl9RPGQChv
z*yca(p|+h>1_}eAx6YtCl)OZ0fniCis<)n{My!F#q!#q5e^tfjSWZ~UX(y?AYohCL
z@n7hzdsb&Z!-|~Wti%nfdE!j!xhn+1(sPf@(CA0YERECclG$-i_bz}v<1H~VyDAut
z%PdJ_J{QPRG`e(ri{?u*J0h8H2e5d(In|HdG~|Py`<?|;{8+qK=n8+f!%Ln2zhjZE
z`Lf0N8s7G0Kj%X%NBKxoec4W*`b&M;MBhwkOZTlIyYrJ-`Gsxy$-ex;rV!z9{!<_2
zg7`<gVfed>dqzF&)gahCpOs|s%=|-1c9suWQ4Gs2%yUbygBt(25p1JYS`yBZME}d-
zEY3|@5YEoI>E=YTbT`YwNR}cQezdWjlG+75sq;*$z;5Vt56ZLY2E+4GY`R%G7tUUo
zLso~g1b5Y3bh$^J2VrcJr~j>DEZIw1P>jv+_Fq$sjkQSe#n?WJ?qnHu(qg$-h9%`Q
zEGx;@<Woc5>EroxX$TYD>e4LQ&#<lpOO<u=%CTFrkE0x$5$Jue9JKG?4W-zjAdgw4
z*j;OgJ)BL*uMT8xFIXzE1pB$5YP)i&aPe~yY<!WQaQsxMvnz~k4V!`FJXSeme^v6R
z@)uY>SS4g{RWhNfu%jwDR8?41O*mflYqb>T=^*V{^}a0sdv(9Ye}wy=(fvqH`1e=7
zkN<z>KJhu>N58+%|D>M`o1K5EOOf~YM;L|5=mxNQKK)rY7{JV=M%cw9QOhO@O$Q?2
z5Eaf-;rJ(%sU0icr`5lpul}oj`Ya66Os3M2Kr)dtObx`8oZ+ervruWKOs;T-w*eR*
zl8yzE&Aj1IAUVq$VgpGAFFlp9uFr5?CN~9-je+Euroibyj0#I>f#i<XV|pOD?<SlL
zB#+!+Oh}IFg!6&qj1EKLhxHyW1IQSI->m>L&**V1fb2GU%nKk7Jo0V8v1h*20P>5c
zloCJ^y}afJkQ6V~uIZ$=w922%utcr%C)X_KKmKBoZuwzBv9#QujL#?i;73;F)8lwk
zK0S_)<r8uCTt2k8uk(5C^CRng>OAx#FMRZf<Y-^?3#a=^v;4?m-`eqhWUAk3G#>c;
zJN0j~{e51!%FI8~olhjc597bAJFB)z|BCLe+HaMWc1W}u7ATP{t@sqHKgFGpamd3z
zKj`Pl1R6`EI#4(WZ`UN>!?^J>#XC1)rVM2tANa{fmgBPJR9wenluVot^Bg)(9Rb6+
zzgzeGpVjBHXh@{TOD&1vyfIk5f~l69DcA-FBlMb@<F#bGb_<>tW$B;S^9##z^8J&2
zlj5`hK}8xYj^)V666$&utQ;X&KQfP_(VPI+u^iTY=Sp&<m$9hWoKzEMP!g4`5y35>
zp@4RI8r7YrSa=~~H0Tf&;c`k{-HY>i*Z%&~wZ2(cr&q<W*9&8w-n+dpT<4Fm_!*qv
zB8<f|-577|yzL$9O;+<Vo_c~NbfSfv(u!BS$W^VBfsuNx2`=j-X@M8nDy>2@dfQm<
zu_sw;f|h;PROg^4Sz|`Sx!Ww=@*v~f>&@{bXWgqpu6oq_!GolGoJL7><%g?%d_^%f
z@{+PxDrQg?N2{SJb{%HWDp*Ix8DUAjno}*wUGu-^I3bf0F8`r}xq@<iMJ)XzkK9QD
zqLlyxKn-RQUAgZ{KVQ<Bkj^63()Lb8ek5?};S$c%bv@Ge)8pKq?Av{+4~e=~THLRv
zm1d()a9$GQ_2inQPV(dbpC4EMxU6^`wka?jCdWk)gS6*GwFC5lzfaxc6YY$;KDeZ`
zM4}bbAvF^;hG`P9Yt-<zh~g_ZEVldD)<u;IrNuZMt#lJ{SmdVrQ6j6{Q29TMgDOA7
z%ZTe{_<JFWTP2bu-uTF07A>=b3e!b$iyD@TB$d-`6JY{xz-rz^c8<ap?=c^Z8u?i3
zHB}@rq8?tSib;qg>gB&*=dZswyDUWJ{Hk>ydcr@F`7e|HC|4iONBoz@_v_LMb%b#o
z>BQdQ9S9gI8AnYpJzq*KKU2tM6T0!#gmHI_zQfleSXiK_v*qd{Mrbp+3z@4d64Wpd
zcAsI1eAo>}w=oR2=Jw{2oh8r`z+9OY!>XA{9Q35EoDbfxaF#>0pTI=8u4iGZc={^~
zOXcYj{$u+av{@nSW1HI$7XHC_Q{Hs`yE*7An!l5@he2kVldx!tHo&|Fb;ko`(K?tv
zKFq1Z=V}>K*EOC+0X)mX9`JM?A9kD1byKx`{Li1yW!Lc+b`|RVlabEJTo{ID9&%w@
zavS3O@7(_#(&8Nr!;3c#aAA}Gckhq%wMx+(iKc2RIfDj{=g2xJ9awv1`h}vgw4ek(
zrI>n}&+&GSF8Z*jW|zVI5=t~)l>#f;*)(VhmVsbgkes6?OyOZY+zX2Ja0p{D$HR(z
z`6t3q^8w52K-hMkj^e}8{{7|PUo7W;SFTn4j&IsBR}sbYt8V2g=5fP1ae^-B*Ww0B
zhPHAwGHAy<NC+Vz9x%DI8Ag(7umw@;fU3W#X7%H!M*@eJ(-_b+EvIT9T0LjT=aE23
zVMBjXdgS|XJYCC4JkSrSWWd-~z41AI^C9uET#b6AaF~)aV9sw7wh77(#~9>+q3Gg<
zp`=o@>g3W}NE9JaUIR%-=>KZ`j!<!dy2i`6NL@LnDwQtx5<R^R@j1i0B95MLCKz}v
zU?Qw^m$SNPKA6$TlO4QxfQNB6)>x?5x$3q$%zKdwyT-82IPCoYYT5p1UP85R#mrP~
z-9kz`=rFX=`-3H|h%@Xh{_0&Ss%?zgN6T=n#koh-YMW;*&c71=r}PArpO4lzxZFPf
zpiJqKsK*Y90kP)U`4U61JPk%uoFz*~;+T1qp6p|mlRA>l+>gM8H|*DueS9ytpAjr}
z9eE(QFVW!zFop#>a$XZ~Lx=9DX)nz1w4y^t&OwjVkxZ@OtPbmT#Q8ds;8qdc4Yz>P
zIx<C)5KMw3t<;ejIteG|>!2jN%7+f~zXvJV{ytthynX=|eAC|lEp`$<C*2#n{2ED3
zLTdW|0PEt!>~ezgU(T>v6+wo192QR3TF;>&Q%9bVAKp|mo(5x4jLR>aTpyHGGlYpM
zP_Rk|eQ=nYsr69s^n^X*pI+h5&z0o@-euK7U4{FEs*5t;V%>-u5YGFO%7j#QM_bi+
zfVw<f#L+PdIhJ$YjOsu@mv<a``Bh!lpdzUc;r^3MT6R+n6CCuR3@bko4!?4$Mz&fP
za8D*jbXCv>>kHhM$r}A`1o_Zd00RLtOlsv`Y%X#~CdbW~4`1P4<d#f+ao<GYGsDwP
zabkt{CJM(4i`uJyozMM-Ok#atMK#XXJwqmQeKEg6()`^q0&&0}W+u=4-JS3eu$bZo
zYh;KVJexlTOjVo85-S)w5`|RNpiwe|R$$A1_6p>o8YyV;SO&-pFh;w|#9bP4kLh4H
z@8CV)a*#LU_%83aO+$7H(iROlEVw#G2;UTf^(~}rOW4__s4LOcd%9zZEQV&dA80C1
z*6>JN)m@dT9gCh<ZB4HrO8EcB2iJU{SJb4X^BLxFw2@&vN879GDOXZ&9KvGaH%hP4
zCU|84Cu~;p9SZ$6PB_fb-5<9pY8knUJKd%F;~d(sL9Y1ux#Y5YJQloC!z>PMQ~*TY
zV^>jC<8LIj2&v`1R8Lyn(W#My+dnCvtuaiEb!k+*=Z@kAWpFVk?sG?%$&liXd@#H-
zBasYu%_NouoG_DjqTewyIbrbKfJhq(Z!(kDM)8Q5j5euKc!gPyU^bW!<M{uZv{dVx
z(Q9Jvs)@AnCa8-YMRe|_Q!|v^BvcMpUgKQhf#OX@rclp=>dJR<8^aQO&$SG%R1@E*
z3)aO~>f$>L^1V;@;f5>*;~&cnMx4~mfi=I#=<GcCyZg8=rKVIYVy7aEUovRF_u&}{
z=8B4n4+T>4glixRaVi~68{HDIu1J3!y(G@>2G-s(>7IzfE@r?*E8Y>Y22?$sBuZCB
z5+|y*|E_WY8P%4Mw&Hf=A{E~nRr9wcW-PE4r<&EJs;~jW)PmE5b<RchnMfw*0fX2X
zOtQlimJdE;CZ~Au2P2GeF{ran5N;W<BEtU%GszHzB_=GOgv3m96Vef`+Y5A@*BSM2
z-fom|%|W9c-p?BKIGb+VqYffvQ6GYU+NgE1V`r?pqIw)1qgK~B4{{lm<+5~@F7P1h
z^%Go%kGST8y7w*Z<&tft1X%fV(m?@6pjclDOMVeXTWgr=0wJ+TAU`v4f<V^t!Z-nz
z$58I@Rvlb)i`T>ZV_pw0uXsI9W(l4%H8f2lozl>q8rYE>)d)Du&Sh8DpiCE_K6{uj
zo~N*8%VOxPsK>9Efa6>q5nu1dI!KUV?w2Vlun1eu6x!Dn2+oDKw2a}&Br0Kn+8J6M
z+DQ^#)5qiO2_h`s#xPI3;$b6`o?~$|b165tCV-4a;*Hko-nwChtO0Li+v(={+KrrX
ztKv#GGr_BFKmn|N*uaLk-2RC?kfBS%)|Q5*i0A|*q4+J*hO8CIKJDo22UO?MgGn$U
z!Nv}xxY&ZKrag^?7PPZCl=eol4HSlckQN0A;xokko(6Vaqfjp<G50$fyz#=HkWI|}
z7DP2um+T_Ws*WlJe$dCON=v!kw<Bz&q?QFOVi)%$N`{LtsUHKKRDDMW4tG%TBE_mW
z#NZ4SaF{ngsu0!AHkKD-VV}*ngk=$5eTIn~5`146Nv7a?*GOIpc%L4*t1I-ok<8Qk
z-ZqkLdiS$Na$Ju#RV}ww2o^L0@rDr<11j2Kz7nomDEJ;XlFfqeRwMKm)LODb_t{A!
zd8YIIKkS_gcvQvR@Mq51vpaiBPO=FJH(9O;URMYZysr1u>sD=zR_kijqPBItwW+mr
zL6L|kD+oqGToomv=&A@oK^O575Oo2;h!<8t45GLoYEY5yH=CdY^=)lmzvuhj=glMj
z=05+q?3_7sX8tp`Kuq)%-B%!{``UJ<@fm4+W~zC9R6kar&cadsv|ns+be-!LqpYs?
z`Nb4#JEAstDkk_@0P33Xi?2OJ-}uB$-j8>tK?f0^n`)U~e52F2&r!X~Pl>v|>KE5q
zT^IPpRBIe^G<qs#a<swIwb3ued5b3d#hu>IcBZkI{<N53qY$;9d$YmLHGD&%cvW?M
zsZg}4uJa1TNVk5|Y4TOPTqr*Bb)8!%Zt@r1SI8MJ6j8L-$0&ZDXg*}P80+M@{g`w3
zqlMy2XID1FPjq!1RVW^EWp%at2Cz~78DH0Up~(7*HWi4?Xqo9q<3$3z=&-)_i=__A
z@~NYGBqNE{^-I54W_4|)T-L_~dEHa7(l5q(yRPty2falL{nYZvopP)vz<P(Zq=0iA
zEH_WFhQ3-ryspg!;#z0dIR#>>Q>(3-;T?Eyfq2W?_3i?(-CH!iK-}y@>4Yvz*Zez1
z(R@?<hPNB0M@0<#*K36U`F=TE?j_C^;_MzNy-!BHCVBCp`=SyE<Kt2-)rx`WdM`=~
z<1Sr~K7E)Rj2;wb0H_J!QG%`>Q;atEea)1Qo89;nVp<qKGy^v~<aU!ZZg5x_JEw7-
zlvkqfflUsw{4sv(M(KSvnjbv3+nlgh==s`e>Qh8%OHH%c%gn2pXmS-W;7{>(n@1RL
z4D+-C|6E&S3Ij83xwep(=eTWQ9Bq3@V7%=i>Vl%cyG1fngcxrXSr~T}gR&&F`lREn
z^=@AMezDQbdO+YEH`_&23#tmtqu+9iJ01R4+zhYYEp9Q+Dq5=b6CAVJEgn?f96M`O
zQL|fYRceV_%y1WH+;W~<r}ng)^HFk<+ajIM+@38SIo?z7p-0~7u`u7`u`ti@@E-Jj
z-nffY|K&Vm>d!hy>-<d8bIRxWO+D{YBi-U<m!1UazN4RAEO+haKTaIfr^62W*oTQh
z?RGo=ytgkF#|ADGXZ6m9DdI=1f7t3lC(~2C8rz=Mp@K;X|2#apUp4iBFyCqIC=?6x
z`@BC?)<j!;lHce3Mxk$eAuH-M<>o>kLALMQ=Z%gv(w^o}cRD#V_TBl;1K4uS!n-Wz
z;M40|=F4x&DCc<GeA9c6MQ%=>lB>-=Ifr=FVG-svhlTGO4*i;^%Q^5YYnoz~bofI`
ztT2N-HQsVKXKIZV=KV^nbRN-&uS;*YX%Al^t`y?Rq8FT;q#Cf)$s@dqgS0EmGcaFo
zUEYjN3`<L))Bc&mKA)H2rMwJ_^D<z*-n#5XCy#}nUxt%}IH~9%C$pgbs2+LNs7g7-
zz2-%jbB-7X9<$cX-`2xV4ofPe%X<;&@?J!`m~)QH<}eGgv`$@JzX$H?zgD4g>)i1Q
zomGV+6{l|cKcINZgixlr!f_hrC#^drtMhYQ0nRCJbXf$=xwQ71{BKaO0g->|$=$|3
z^!xP-951wrMe_NN``GE$+X~IJr)@;}i`nO6rn{E4L5YOZ<gES!uHhf($#A1CRX)GU
z{HL|Tj8m+WLsoI1!w9|R6t9`T#eAJrFPA&TIOk}BBiqj$_SL)$EAuj}$jgBFI%|wv
z<`g&n{4y|0kLY<9^}sQZEk;$Vmf>Q|cUf`C<m@h%FgohtCx;~!(%q6zH<wQr^Ig^`
zxydQ+cIvN}?R{(>UvK33&nwPn7P0_wojHUZMw1;O+H|Yqx0v5Ut0$j(K5_*ZGVWFu
zLGM@jKDI*!#l=Eg97QM4jmG(?Y#L`;m~SyH%#%%Kg5(ht=LvCMG;X5q`}9#JJEASj
zUl|tWxY?y6%zsZheOL?PAu7w0yc<fr=JvVaMD5xX)50ZbG84(?*S+JcTHlXM@wUM?
zhM8tyCHkYxBecI>bJ+P|{F(3lcG!5uct6oRZ####9G<UG^kX@9xWp~4l5H+=pNrLk
zd>%ivhR|KG_`tuu>~>tO^POP^n0q|gp08eaS&aW;qwiPf>Cyi4%)mO7&VA?KzDClQ
zY3~N@KgSHbi^i*+{zs!TL+i~b<M7!^qngt*<^YUIhc%Y-W{%>QT;dr=ulb1VD1Xu=
zmRo@-9Jg`?Zg+8nDsY=ieC%wX(sUhYU5>h!+$0O0)%%$BD6&MV)e;?ucBh3H+V}*a
zCy!qn&d)qdI{I((u$M)B;bHZsFpJqzUwP1vRQR5U<6GvZ9;UYD4v)CW?I+|yw{yEk
zY;ad#PI&UGclr7|j<+vVvKi$lkNU_6vovOEW7=U+qKu>XQ>{j**E*M&WR<^%4pu9$
z$R*}E1L$Mj?hJ7Fd6vr}{9~@a>GJShiC1d9O~1Us!6#x~TKIGn80pZ8mvI@X54YyS
z1;yWm_<K3)ev{<Wgj!)JRvK<K^-AFFx(AU~cSdg3{EWVzn&N%qcy<Vw0cMiV?QDm>
ztcr2u-MpwZ-$&MS2+(qVh=LJkAp*~HzN{-*zq^*PJi$IRiRv>s)^P7I#6&|s+_eAB
zzkGgr_2L<$Z_Z??f&3me18<ldF3a~<EzisNzijmV#$=5h|M_O%1Ct5DxBg4;Uy|=v
zA8Y^J`qfc8`wi;>9sOosjB_2uXiiz|=(WTpzIK!~b8^uNJfM}O2WGg$T4w;AO%q*K
zgNsRouH}5)oWK~uxhm7ig7GS||NUOw7p8mZ3xS)wtO2S<uh?V-#(O#b>q>gXy~=#Z
zD>kSCLT+|DXL`|)+Yj@CAL<L)@A?A9<&I*0a_bzusM_1CGAjFXE5KXSlg_}4oVaub
znEgHMvYK4taTjWNnSk%!7kD?n$9S09&X|F?LwsdgxWvEh3*7_@r&pCvaI=SuA38nO
z(q?!512XN>O<XR-<>hZ0Jf~kGl~sm?`AuUt{}%1vjQ<M5!rZcp|3yMvR6fpN4Azgl
zF$QXV(1%viQJ3Ac9_MSyulJ*3=0h)ALH!oy>;2!Q{};BYl&^KOWd16v$M3i;%xm4>
z#s9hG`v=Dz%5U@Y7W6gpP4HWoZ`(z_eEp5KsJ~70inwKA9&LRmKMnFXJ)@l{7vjHj
z{@U)J*Ri7u7~oB6f>h5*c?Z)Ky-c=FYpv=$4Downt-@P4VAnUKA9nkNJm5e-dg#W>
za<1CgAcswG@#6`gfn%w4Fy?tq$F(l`hSS3L9cR%ePDT;eLYJKP1G-zLO6KJw<x!7R
zi0S6=6%{-+hrd~YS`YJ$3Ng)NV&2Lw><aNjLEz;I@n(U&rh@b6qvYEaB4e9ao+uuH
z_d6v?Ije%*zst?nE5xhaCKxzA*K3qqNn%0s)e5n(w@zku-^b*#3bA^C^S%nXbwJ6z
z6{5bP>)jRNkxEBmpnSaY{9Q*6`e^5OB6KAmIK<D}`3<ss9f!9OexrkzYwv0Yd#n^6
z<6beVae2bwc*`MII4lC)Xu0mN<OJ(`^_{Or#)B!cobli@IgC@yZy13)(XeENFgH6L
zce&(eP7B{Joki5<D=ydDF1hlD>+xoJ^+~w_ylxDeSb+kIVYl&rXOF4WjmN}1!C#Jh
zi@)rK3Ng08Ly;dZXpofugF+L_nj&>mg;*Q7R^Cz}CYG8vR*37moI{Km<<sP*0pi|n
zkD8Mz#M65;m^gmg=Mg!+LcG%7wSItHIG}Ld0PZ#^Tr)r{s&p-{luIf*7gp<-rrtK>
z>+J(wZw+#jgG1e3PMgm%74Kfl%)N1W$l+MykgFUPfo`^3cUp4N_v($g{Wbj?`JKvM
zFSr>kq8w)(>o{(%n~B*!IMn)#3f$lpygA~&McITL<+jGK&(HliV}ySG?8kV)I*%+z
zb<Aez{nE*N=IHBCa%Eldm{w+G;r^-9;{0@*^SX{W<e74#39uK70a+uuf-%E!(lc%`
z*LgXw_)Am(#f6_K3-|5HPsp)uYdm3g$y1L|qh<L-m)I)3H>0!AIGUmVR_p2)*sJHV
za3ABc#<|2e*Umh<{8^zBmc?z3Jo824LHz;k%8s#ZzuRS>+boh&ukaFUST|T~gWYqI
zB_=u)2lGF6_{Labo5PnMFfM5?cdIekC?8$T#Q|#TFm&W;^OI;H7{<bsHs9k^%ZH(8
zNt-`&sfEMX;iS#YZj~A))_b&hu2<bPOw99X^H{&Sd6*bipv`X=sO>{}CD-OxY_(yi
z_`FD)Uo2KDhl<4kZN8&KEgUMQmTL3IrE1nt@ktkLPM4|Mhl*#*wRvJ!HF~I+)J>b$
zcT<~(h}Q1fJg<j(dx&_dr#6q<LoFU6ZtkVcYkH|ChKP5A+Wc5=b@vc4yN@=H?yGJZ
zBF6O7<`#}VRf*O8wfVsT>isJ5RE0K=t5nOX#MFV>{P94wpi11nSKhprdI0x*^5%Wi
zq$=^rzS^ALPmQb+&xW*l;{NL6!D8M1ftLr1dj|z(4HoYW3fweUd^Tu33v;@@r?yJj
zf(8_|Myo*TH^C>jO8;^%E5@am(Ndf7%KP)?r%_bwl`rMZYuO~`l{w=e!o0}7X0LqH
z{2k`6^(;VMXX&_aS>6V({2*`MVfiO}<v6EypYHUth3(P2d9l+!!7Eqg&6}M5gjar*
zH_vsc8@=*1mkys$>Uyu7rL_5Z<-g7=m*>qND*q_2{6d|M`)p6iCXa0P@X1cR>9evv
zvDRl@>)-V$k^fDpekH#V)jVGKec3yw|L;n4FEC&FALOQL)UQS4!XGWu&+Y%O)~$cv
z;S3|cSC@!OSjg7>@rT>xUk&#|`Suwp)pUbr;a-A`NBYR)VyW2GHPz70(~U?z->IlM
zT#mXf^(Y%5q~~j|Y?FTa@@S(JGun)kUOCg~g?XvrzsD=z$h&Vg{L{Sh8{;6{CpkQK
z5XSLG%y)3K-79BUI_@);pWngKym_7F|HLCV=gl`b{cI<l?9^#)b*jxC`L$Dr&$ztr
zc;uTd?S79^EWxIgcHge_md+_|ZGPPCUx|C(+~W4H@W}VwXXE~yM}O&g-e;lu0<~AK
z`*!^W?3jv<`A>{xjO&b1MwfL%<V;hI93q!FwD}oJZLN~?oq2bc+EOKNSK2(rt#VcJ
zbGJ6H^QcW#a)no$7y8skRWjw*=4l0LeU-eaP@BIhRO_l_o2||3i`0iza%HhLFAAvE
zD*0H6HYZEfdsT9L7j53&MP;kxM`hZ)x?H_gB^P(q=DFQeOO?F8yEfn2L#?Wk*Y?!r
z%{|rfD!FM7ZGNkldZ$Xh6x8N<z18X}+1N*$C-+saRmsu)wE5G1DpMuj>#xn30cvTL
ze5OL1XH}}^DminYHaG04Ua68}_R{9h_EJl#<hs4JdHFu-g(|slUu}M5Kb5YM4~4Y(
zj{VhhRq}>G+Wf^J^=y@#J$RhNlCIjw1N6b6R%)nte5kcx=q?RF-|lk<pZrbUwAmK5
zQL2rmm}O{X97{~?yxiQmuAmN4e-=mA<bMz9fRanaiS1*S=Z_`Rr5GvMg@B))3p=dR
zU9!->pMK(8A<k9nrMPGyYZ%gxL`(FADEgB(uJ7oh0fh4jHhY%)hlu`t^Y(uEH9NgY
z?;5s@%#tMuy$#iOt=1mz!Sz~W|BiV5xe}w`Xfb#|hn;K&dXEuRJMH|?_9{3<4BrR;
z{QMqqkJfvoFW%z@)R;)cHp0cy!^Y(mdb@_6yX^eaWwL(Jy>YjFI>G+FdkyjH1K8D*
zK=&w{YP3pDey8~Ze}{F*!5h&o_oCVR`mPqo6<;OJQs;~F`2?M>uTpDZr~1-$SZeLx
z$!&+!H?^?;mT!GdUN^0`o#HEtC&Y_R4-U(mGz@>#;ed`ckua<C^Uae{rRdPx-X`lW
z-f4%zwb^k*N7#R*4F8GDdy}~qz}ko+Zl{HE>h1bcp2aQ?4l7(f_WHPd7&p3fzsm2O
z<$5^Q56<Ls{{n}9l_f{AtHBaCSTx)mOX2*qMYJWB-Vm_LI<a$8wfCX05aGZGamwEL
z`mpJnyur%CyCn_9ke=^n|4Nu+*=rcMOq{hdopv4Sg{a|f_%@w?9wu1jV{6Cx2e8HQ
zF5OR>Wq|LBUrG<V9k0{ZlORv=!9EtC&L}2_Kd{DmMZPgR`o>AS^@IPU%{uof&Z?J)
zA|Z-g)uNXQ$*_vZn%&<&`tw2bSKP7W8Yji?^o1?A^61j4x;h1HzxR#T=Tg_<qOUqY
z9;?ofCwB@$`|7mxh7T9tFn+JDm+bXqZ;H$-8u;!PM}4TH1Ah{ySLN&GpO<&)>GC+S
zkOUUW@~2#Exlxb1<OY4;%3Py}CB}@QZsBeu0~P$@K4-xfPVtmeed3fmoazRbyqm3r
zF1g61xWMnF-Cq!Q<kQw$FYc3FKDE#*s5V+Gxg5v$SEF<p8%Yec*pg2fdauM}N6{me
zc*LP*Sdz8Jg%;Yg)LKh^WvLsT^4i^%Pqx>G9=M8MGQ^>35m(n3YAqMWblw`4zZb`A
zHAxxJm$y_ZZl*b0TaUG_mZzyJ*!!Svmhyh7Qk@o!+tb&J;5I|-)trh!9k%*Lavf2p
zhSB?8ZNGJvEVYi1ebj;SIQDXU*BrE)zB7l{rz;CkTX?P3skn=8zKztr)`4QMZm+5H
z_2pXmEotgrm-wZ1gNw~o+nne_)b^>ebd6IV`C8!A6B}G!m+Ce)@JY4FLZ_p4nPZgl
z5ss>O!YSA1T{d(3kHw<BT5qu{SBH6kNrH>}>JDIRSmfYW^^qg+w8aJtPopIowMKk4
zBaC;-d!1^QQ@-p}uRG-jOlXk9rKY&#{Vp}fB_H0sx%F>R9js0eN457oHPkvn9GEW`
zIzO*&FV>wF#k$s_SST+X#Rg=H#p+Vll4eRZ*TL$)cG<v@C<j}TIpN0kaqYrW^(%*5
zZX7Vf!S@P8e!>ilaflC0eFMT~lZ_}ZI@B_UeAl5kSirqnlPq@KsFWoeJHN?m8IMxG
z5+}6F=pA&EF<sxDfO<nM|M%@LneXY_MZfj$Y<KTFkUa^fU8NrhI{xl<zS*5Eh8^18
z&i{hB3sVXG`7gk-_iNI_GyWafKA!34JKqjYK=xmC*L@{FSLl2X9_N3kHFk{}_ZkoQ
zMaoe)!!KU3UelKK%FCvhMeg%4FY>5+{bH?Wy7n03KdN2!vU9AvoLmgznn5QsoewzK
zH>FpF$?Gh}gP911QYrSvER*U*zuaQ<_?TTbruQ2^-(VJ*pZLZ7u09(`P)(Cqmb=wP
zzu4k_MEl(BAIjbnzk1g%*Z6sW?*1FtnYWX?n@o$m7ns+#=iR6m5ZV33J{(!r)JH3i
zd#|^ARqDOw(;a2g`p}2f>fZ7t$Hz{#Yk149>my$Gs^z`q8ZYa%Vs1g%hrPwB0=1;K
ze5Zh~hhkP~j|X~-H%nE#w_IELC=c0NyY;B=Et<NiwxCRR<IASFm6!V7@`>K++1_$X
zZ}oL=Ij)bI+(+KuN2U76bRU)JBb)nl8VaZ<eFm`~N>hrrNpZNJO)gQ3o0+&Bid*xV
z99F%O3mhvb)_2A4cupPDdCWLi?w|j;6mt{Hd480IkCGOuO2_DvHLpp1GV~t9;)brt
zmbG5VDc0_3?$4w#FUJ#F4jvd$c9Y$czhhvlX+7tX+sw{U+WXV@=28bUwLDyi!;86Y
zGwN^UKq_aj8O4|oqJxGL316e!%#g1**s;L6<L+s4z0tqkpG&0*GA17!IKOjUJSS0~
zFPKK`t+-5gn8g?LBh_t6UZSm61^A#hNumK>KEY8<r8k<gnD#1rL0xhhyD|BgZ3Nc3
zxFuLWqTV;Iz~v3o%g6XH%sm%z=ZZt!rMNv*hiq~1sN+TvJvug82W-<H_8Dq!bOzpV
zYPI6eImL5M9>I6I)J&Ir+NEA{$&D`cnM;mVYP^z<D)p4&v#Z*u<l5adkMEeeOF8&V
zJIrEV$B}BPE(g}D0^G7mIk<+9a^OHY=H|<BbG{t7P!7J8P>vQ|j>~arF}-XNVQT?*
zx6EOoM#<$49rtaAn#?B`hq~S+XITeuDar@B90_OO9Va_n6gx8(>vG)VQjg>x-Wiw7
zxfFNnj#cVbg_=s0Rx+zpPRZ8qm4gl1bcFm?oH?c9P>Z9g$E#H(@-l_>@1^rg*utw8
z2UvvC4r^uU6tqYhYGFV&8Wt|k7;020pS60lmWWM;nph$im@7?GYE5$W*b)%)TxwoG
zZgUOB<q_3mS%6cS>d}Cl<sN0>^nmSOUm_OUdrvFnR4XT8Wva;YKtMcM<RjG=ipmLd
zeX+vj=3>e`w>WS^Kx`=Xd|E6%Exw3ts{!?4Kz<WYH<rj5C2Dqwe6B>jQX+FD>dO*2
zu2fAfmGeqHFO|wgrJaA>dK}!P?DKWm$Lg}brOS@>@1@V?%l>M<>^M;NyYpp#F<*9E
zD0_Xr?3?mszg?I8HS@_*ajUCGTYyhp>Y0FSa}CDjVb$aHfLN~7+yJ^lueETZ>>uf}
z58_1dxFXNG5;>>H^GHCXi+rTIw5Xgg<BAn7x9YMlC=QGdh);?=+ls|DUG}vBl?%x0
zO4KbSa#o3YvP3Q^QLmNA&r4LiR8A;WoWFRc)U&KqF8+bCb9cnv7W=;=fx2COpgi+-
z`&N;E|LQ#N{^55r?+h7OF4@mVU&=pwcek&S0aiaYeCyBlai;wreQRGV189qU>&NUi
z-{1J2D+7EApQ!^O>kqr>&*u#?ut>5Ku{~T78z}WAN;SzPzH-drG14w0d(&8Fecs|n
zFJ9(u#&&moZsldey3@H!#pv)q>P{W)?Y?B!(8$)k#$tEnB^L9I$<oU5al&D7@M@KV
z2^nc|R_QA5v-)acp4Z<!KsxeqpW(e*%JYxh)r&NXI<^B8@*RAtWC1|`<@X*RXibvx
z)WhzOauOSZd41Q1-j_*>iSDY-Q(VGpJ?Rt4bD}(Zp&_>*1ILgJ?mXn$J!_mPuiO0!
z@q8Y=^3Slr$o$vqiLgUjG#_6}xsq{Q=UIA(O!*1UkWmH`!v#cm#?UqVqQL})MY_(v
z#_!f4escO_b^6bfJ}ECXxGL6q%aE`AH>Cel%lp6K|LgwnQ|qU<&^xcjNR$08WA(i*
zXpLeXeUo8vb<%{+4a{#t?b-8B;uyUSm%lreUq5fC<`h#-G|WldmuhgDlZ8BsMU~~I
zwT27GckAWtX<RIh8LrddjDE*&#N>q13sPS`vqfIK>km@@_B!RO_3m@-mVeB&<voV^
zjlpdzCd<0(jMLDJWLjxcEHbT(DVsZIu4U$nDRC!C^JRTYF1oDbHp$k5HpAL(@WN-^
zWXjQ<W3~Uz_Q)S3FxeaQw@cW;FRf1`7a&?Yr2JyHU;fVUdP9Pn3Cz_PK9Lrq?ic#U
zEWiH2@V$9y(FZ5{b3xU$dc#vjPgdDMVZF~ath==X>xsSD^v2;zX>z092a+L-^Ik0Y
zJZ@NNed|D{AHM$G_wLw#qc|Uym51rWRu=334=}wjxS;-f;r9@K;_g<H7l}*HWjlw|
zm+HMKEk2ZGe^CBC#P7IQy7*x>ixY9J4$0D_#lt`MgW-EKJ=Y(03tIGk_82=R^6EzF
z4QrAiZ~DGGKPkK(!<oSIukamiKxLr%kH_%eQmvcwV>sLTP<r}}ftpi!?e1OWf5&jT
z|37<X{nRn)f5ZRRV}5Vmg7l$wllzVvB*PQ)1$I}B*D6N2TDkLYJ3p5GK^()L$xdVV
z-T5(`k$kd|Cbd<j^`<G_F|Caz2hKVr(J>xhD2^GX)7WJUf5DK8<i5@Nm-547_|ANH
z8N<h#a=M{M@(&Di6o*j^W^T`!)?&RG)Oy2|%Q|P?E_25izS5991voSNInOSJ5Yrm1
z&+b}0iEio~E&sdRBmZ&7oW~t-R1){~ZPJPx^v&A4El_sM_x8wddiyD3ILn@_EcTyi
za6FnZoYDJjgFPtL#|E#Tohq??Ol}YFWI5m?{qeoYuof7c@3eS0J^w@D+YiX8ucch8
z$NU+F^$^M^3~Rn2XMaEZ|JP$Ub9et?gD#hsD>lxtn|qgufBw78!PXOoJg1PU_5HHv
zlls#00JSi~@I7wG#|@_Y|K%f{{(xSOgROVDAF`0vnIn6y*SFvKTJ@T^Z;c_>7{{RV
z#I!h4`><&}rB6(CYQTIS$*0j-jy2q&@zdoX!x4oW^Kz`yGkqV@EHivuEC05ZV>-)w
zCi{Y|d8T~y$K;r;>x0J>^)b(2Rk-je%m&|r<YT%%{@J@nzAQ`z&MABr`DIUHzb%Uw
z7%V~fNP4zTW1C@dAaSH=-E5*h?MLe4e@+^QaI2I&w~%3t`gq2W>!t2*4;j8DJ;$Ox
zw&yqZk2b9d>}vku`Zz>Su+IIiPT!KHKe<lB)+>g*pm4SRZrqdM?n7D1(3duROZ7`0
z{bOSOAOf5J8%>$~VL1-ga{MQ4dxAXV0P7P&{`Hy%O?ivq+h8*7_VL^K*kIvgvT04>
zUS-pI*Od2~{rT!>T7=*w;B`~3&O0+Ue)pGupAPAdN*9Lt$n$`HpMG0f?@5#qSlr9?
z;cm0WeE8$68B&fI#QXOha)`dAog<KZ&#~5hf0Hcl3?=zvlLZ{zeNg)5N-nVFb79_H
zpT94_<pJqqvG<9*`#&FVQo8>5ZS(u$C;z%E<~ovl4Bx|g{!Cx^)UY^c%W;o-Q^tR+
z4c^kfbH*6P8-|{-hL^8zuNXdBcC~KDyG`qUlW$Gd98*60V`+4j<4sxcZ^%K0BMKQ~
zkb|M8-tZ#LQp49`@YNDI?lLXD@XRo+*`|Ex$K-fK*M}ZsWKYJ2)v|yNcDLc1Wyo2&
zKDHRv7kqX$tTCqC(fQ%@-Prl4PJ`bAzb|6HA&dBB-D~(r`VpN5_vms+_G|V`nsVfi
z$?-oYjYIS^?OZ*^P#+9E@5zFn{46=dqCU?3u1;HI$xp7+u*G}$1%-?;j5iED>t#vC
z;G46Lm-H8P|G3$-ChCJv*1cL``;R;a{=;@TL53sNJ&YzSwlS#W3}4cex0=4Y91L-M
z+F*K!TC~^nK?eDT9&x@gE&S>o)=dts@6pb?j5r<R4IhgyJaU$lv-EiLuC$ndF%RUO
zc+>yw@rHT$@xF^i?STB4RFHq&F5|oZXpU^_-v|DCt13|y&~t3oKBd)ZCufJ7>RiTr
zxPR4cxAeH{&}AJWZT3-w3J&R<E`IHbGyW`p8|<_?qt|Pd(>hr8Q$xNN$6*bU-PoJa
zuVB#k{C+eq{XLM=)`#eg12ZMs0_lX^^kQq#>hBt>lMwm+0)>io_Ms?(xJZrMb+V}I
zQtvl#Sf|Sp^-DQGvBACI^v?3=JB$CyeM*Nclya`VEorgb|4YdpZq~x&sNDyzf4%Oh
zH;;9YEG?>%0}2l6oG16OMm*zro)wK@v9|!zF5OkPfBV^Ob(t8(#*+3tJ-hF7Q~d^?
zCQd7B_qR^5?%Oq$d>VZ?@9nJ>`|zvH+s_o@OwR@40^P5)4z@oC@rNSbr~b}ET-TM(
zS6BbwOU0$_VSM63AujY>E-v3`XJkHV$W?rR%ZD$?pN(|#S>h?FSP@*L_1NXp<|XiA
zC;N;p<zc-uZQdD&c@7hYwZ~NjYLMun_Z4VeXn!f>%?*{1+<x(j^zw}Qu14~0DEJ^g
zw9E1Gct)Hvt=)Bh`2?>}$9sM)e%+CFnfD;kXP>+*>RWUBZ|R@^M)Y@&DXbe!F@8VO
zM7`|6`E>pry(XwAa-%=R-J3HI)7|==nL2(-2Hr4GkIQ>HW&eLh_fzpyS&~=zbSOI&
zZ!uQn8vuC=^7l9T&~*5Ft!*n`29)zqu2<Z{(X2Yg)84=So%-3S)^Io{s&nQ9ODC`E
zsCT%K2Dr-4Nzm!C=yt7$O6%TR$NnAtMeB;4;VKz3^?8k=HZLE6X1iE`Ry{uVvU}rP
zrlIcORxb*~@6+|H%R#g&x@WZNH8#NH-MWhdg*Z@caEf=$E*u*E!W{molZ_xB66L40
zjlK)-Kh=@&^XiT0eTj!|ceUahPL>@22FGOBDwE2e=6k|mTWv?36m^_0E}F$DXNkJG
z4)=ejeSP_D6-6V&kfZbU-IIf?ELT~3JmMFRTi5f=aGtwpmR~G!f2nt`<ik{Tw5b~H
z;A^DsS_e8}ZO*W^qJGmMZZ~{rz53Ybzun{%mmilm&BOBXxT+ahS=(mX__PsV0=mqg
zbvygTP4T=D;6=9OTfZWDj@EE8@L>Zj6bxA%aRvxJiTq8qn4Im|W3^Tv+y6B_Z5aMl
zT9L{=>{@<Ij|`;$|H^Ne@y+UDeb{O2)ct<25QB?Y@jsH?!dhOvMy|K<u$d#v-X+JA
z-?niPXJ9yED~qQ2`5>{<tAp$C|M@+Sdh9J%ou9p0C)WreM)=tYedS^7xy@_$T%@&W
zljq)o+CA8w%pFesP!{Uv)6_rM4)~C?Z#Bex9$!4E6=Uc!S(^`UiylJsD2#}G3QrUV
zRpi}#qN@;HJwrraCW)kJi=IOC^q(O1MlZ_n_AsR)C`8a6DMg4tzbd>&oEO?z?(Tv)
z+JM4FDGn~YUy9?&^mMjsiF5Mbn9=c<KRfGZkL?)Vh1%=NCwg-SV$o4zQ2YGu-}&A2
zKxG;VjAS9bZwl`Mdby!^5gLO{p5b~vKs)o2pmS{hqilUeAD;Jm*U^5b^30KHt>i>5
z&&AiJ593;`w^rAIPcUaF^M^&h{qpv5L2*O=dP5w{*DxxUie9WW{^i3`_5J)2vHzgF
zy?xG5co+Bd@-S;puc+f(b)PjR>z%i@%S7DJKE<3Pe$VLnpj)KPk~`c?*n4wT;}}ls
zHMqInq2yM#Xmj<R?B-r%t%{L2$Md_?Yp3dFC2lZ1<FvZDu5BDvHHUx6;Y-t>)d&66
zdoJ+;I<?T-;3#<qeFRSHEq(5M3W+@LD&;`@YL}ijY5grp(n}iZMF+oGYng-BTi;@b
zc+fnOFLP$EmpH)aIIX=L1%mzk`xl`T?C>%9!HD=h1y3FRdFL?B7~a{On>P1Cb>oBW
z8qzxQ*upyH7S(sYPfT)eM}`UB?oax}EHC@vcX+!up%~PsYm4;C+VwrX>Jh(Truj$p
zf=67ri6^P{I}q&@`UdeLG%ZaqIONU_B>!EuxYLQ0qSfQs!o8~g3$_)C=>=zfQ7GmY
zdUB`|E93wX@u!Z{pBJB%{;$he{qH)qoP&nHt}jPVrRVc9&JX&xphws8Twg9$TZLZ|
z#`$~9V_o~k%LQl4t}90gm-f8{HArR5RSH*?p<Yj$({A-z85-Yg%ws%fj4BtOdkS-9
zTshm1@XNe~Ys<t3-alb(@fBt;`yQ28rW6#uLZAXa=J^GR$ZHD@{H9FY&lNglVyRvD
zOc{49X>+Ts7L<vv>~hR^7HJ`778Ncn6Z496+?$Kf+*+n@*L@1HN<D35qODZj*j0`#
zQ}fD1W4W5xRi?_n_s!v_jLF}QkzYx1B*(Dx_4%{va6;83**qkRR&v5r&T{H3bsspC
zuh)E5&)=u}vbl!-@Kf*8rQDw4k|k2^RWx_k7lQWmfBIOIzw5sJgR0hIy+$g&aD1TO
z%0?O%#vAl?1bR(S|4b~5`RZ#g59{oM#YPIT(eS*E$|lpZQfoccTa%w~bmu#_!@{`Q
zq4zeU84*p%4h!RVDd>K!(`Z+c;dzQ<^$yQGizD>ztR>&pzueiDh4E?2-D1fX^=XY2
zmW8oX8oGTM&ra=w-j+W<fjs%T9-4puQH?Hf1?Lh*%fe|cCPsf_8)4GyG7rTYX2DdK
zxZZI*_j4p%KEh3P9ncY%bEo7mReEQ-#7jm>KE$>s^C_I>SQh4|tiSU`$5}|6Z=99)
zyV&W=I7<84Vj<ZtG<wX?I$6%jyH&7p8wHFv8^2(vHvALxN%g)@JGcn=0==-|!LQ!I
zP@?0j>Y}s7FZROx!_NS9SmBi-!ox|2{no613t|=0t&$!V?RKl1lTWoC^NHE)AwUtb
z!<y|AD;-P}wNi<PeJGXC4LHr?nd1}dyd@9$M4Q(~`0IR%@Z)@nFt_@An3Fyq=7)Th
z`8xV(zdxVoi|+5DZ_iM5%vpB%J?i(>b2-<=%d&{&r**oFyT|kARW>TZ9CnTt<NINL
z-Z^&r5f{(NqC3ya6ReZP$?fl>Ki}`2K6UtBJiG6fgV{v=nm$;U?`NOV%Ad-CoAo(Q
z_A=u3Z~XRua6Z{Fr$12)**l-^zz!Xt9v*bJn>W&1rdx_$^pHhYM#Y|@=e*$N>ug7R
zRCMgm=&@O!V&GkqeLForaj-r2Y&M`e3Q_m=g5#8(ZO8AXU(vUDRdF;%ACK{(^du#J
z&vr$lXN!x@8^?LJ>0jVNUyL5DUUhgmowM3;3)xcki#d&@uN1d&OzQK08L7~%^S&(L
zhyJPjqhRKu_b7g5RBmvgyPbV3H#!PAEOv*33SH~4A0?RMSG-eNMf|?GQ4nnpW1L4V
zLYszGLAljwqbBCMZ*>Bc2-ZRN^j|K9(f-H!FBPY?&$WE*bJSDCUI!u9Py3B@{3d2G
zkN=v&==eYLGiou}u=e(b607B{yj$x$|2y6VIQLQ0pBDRL)y_0`?lUbKr8Q5}9RF5-
z-NDMP?teELJ)iJ!GGipq)d!Ti-6I}Vdc1zwt#0#(HEzXKH=EsRqDO3VbN-UNY;FPP
z5Cf_*CBGydD?c*6et%s0X>Hhrbwz!vxZ)`^-cXMlbYOPF>HL1?w*0x~8;mQh(&mfN
zQ-=Ot{)M5<W6WdP`$|cEPHj&&#NRwG=>_iD6rcJIA9+Aq0T=FA8w$ia!?POIw@zye
zN?x5W@Pl3FF1!KduU_lMLb2J)wg~ZXK}k!2c($Nq6$+sXSgs|F&ikl$NKc<)HYQi;
zks$AXAYT(3yzJN0uTM)&6fm&l;6b<lOsD5o6gIi7yS!q)`vH94_moWVifx_}lsDbv
zJ+wW3r}Sla^T4HiJ8a>VIQ=|pCzx$krxasW9M(LBGH>Q<Nf^p;O9aerF+?T)$*uT5
z&VkU+3{j`;upWDitFxP7mZgdW?m508+Eh?{J1aEU6L19f#17KK9&@l1fjtewQHCrS
zg<&TzUOJvKMTn1@F^?(Ynm$uxGz&~oM>t`dBB8^>G)xznLY>1BP_Zd$V5|g%axhqK
ziXdl5(p^n40>-<Wq8ayOFH@ACOESH=4gkjc6CVH20MyQDdj*Qfv4;nupbL9+PgB(X
z4)?vt4~l(EVe{!VyB~7H^k7p|p2xfA5bQ8M+!QI?69+@=;!snx!pIROvndYc9Ak>=
z^BKEqOc8^@6G#_EVHU<=8%)D;=1$2INf(ArLQa^9AfL9Mj6cr~`xMFtlc$=Z5vG1c
zd?-$%K3JCs)>2OL4gQ9mMc5N(k{^tmP5EFP+7}WJhF}`jzzj?hPy7z~VH$?`6rDZ~
zdGHTifIKjH5$%F|<`Tkb_e-f~?2*f87mmrLFQ>dbyCZ)lf0+IY`9u3^-0_dFn1%XQ
zkse9D(7v8<xZ7h%AA9^p+8<`d)1H4o&IIiNGq4UOc{ny}ci2L_7~l2EnZ(A?>z2hm
z*MOa|ID9Ad1Y@usCSfB?!8A;3e?9q4k`DF^OkvMXr+s;nM((HFFgX)<n1LC{TeQeQ
z8=?V21Yr<HAECYHQ~pP(e;9w9_QpLqm;9hTk9LCb1@v?LgHQ9jfH~L(?S<3_8{*T?
z!WiXXUA7K;>IK5VOf&gCO}a~{C;U?{Q=iyluMiH}D`*eg!!V6KjMhYTDdAZ73qw{M
zg^kYI92-m%*h6b5ANJ6@ln;CQJ<0`R>uC4O;QPoA<Lk*Eatu?nz$^@2PCl)~hcOt3
z37CW_*aXus12eD{=Ad57MmLZshf!D!lW+tKeMo#5gBh5DZ7>b(E6EpzU=G$mdn5V7
zAgqHSn1Er}2vaZv(<qV*{+WC~p*%1K6EF@NVFIRM61Ko-j(lNoGjjfgbYTd_U=2*c
zC=6~P9T<m=Fagsr30t83DRS45-e=?s<FH=aSu@VT#8=40Ga=%0h!{*4pxPeB%DIdO
ziXILTzKZ<!aEJs<2OS~{Q+*sF#2RmC0LwZsR^bqhFb>l&39~Q-+h7{nSJMu#5@ul-
z=3p%hRysr-48a5p!$z2Z%`gqKFbCV97>GJD`b`98VGP>5IA-=lE|`TiFbAVh>_z&}
zh6xyijW7z+Fa}#-9OhsGs((-p7=$TU4bw0JGjIgV!Z^&q1}OGME@;DM7=&3Ef^9Gi
z?Q5uSSP5gW1}5MLn1b~%0~=uuHbZ+K7V%*SsyOjsC5*uun1CZ-62@T)Ho!DY!3=DM
z@qLj)yF+^<>F!55Fb2ag1#4k8ME)?kKlK75Rg`}e`3#{Rp%{uk3=P9yv)aMBDgLk=
zreFw$4niIngALjprl2^4aMvLRtc95{>1q36ly5Zo9*#UP25Vs)#$W>0!z4_?G)%(`
zY=K#rgE^?Kr+i0HJ{W{y7=g7g1y!1H7S>_U!4US~k@OGjA=n7RFbyNH1x8^G#-JL5
zTrdcON0Bb^BbwNwFpfO|W7w0h9;RRtrePDzzzod7R+xjLp87eO{B?S;9D59gU>w%K
z1Z>7X1Ebipuny*60*YgZ4{ex+A=pazI4obtd<(YVo`r2N2kje>yM}hgKLx|sGq4tB
zHF1yrf^xv%vB<COFou5;wrKlt<c~cD)w9S4Lz>4E4u(&l{4ffeVH`FRJ`Ho&Qzzn%
zU7UnmFbIQ-c&<c{Z!GNrD`D=J^mmx9MGkF;wS>!_i5%K~7WH@|_4Qlg!!!)T9E`%?
z*|d+g!z2{vP*2(&w!kpV!6<AX-S9=&Veo3oHIDSSZ?p!69>gCeXHl;=QSL{mKNyD*
zn1CZ-62@T)Ho$0#_JA=cZYDe|hY1*h$w#R#n1b~%%p!WtbI7p(`E<C2)WdlEpQYR|
z^gQWm`wOHC)6L|cz<n|K!Z2)r5txEv3FUz{RJTxWm?ZruOv5D1!YmXVV6$Ixh#(BZ
z8W_`d;>BT1yKkl3*fTpw2Zl^bWMNcUA~XTJ+Y)gYwJni>*<wpnP9)zFOVqwV|LA6k
zI_$BYmS}=;n1S{l7VnmXgXJ*S%MvwE1T7JTnLd_Cz$|Qpp#hd?fnk_~qQVlvNu&d-
zH7hOZh<>&o`C(6ohzBz;4ReDm(FVm}OW2c<7lvRGj({l`hoLIcfiakcaoDEaha%r?
zxWhP%!v>gzO)v*DkVDy`6$Y!RhX&%oFbp0@d0-Z%VGg#y<iV8xcJhZI7(0aW!#J#i
z37F74itsQA755oLj-ei~N1?iddN~&PU<5{C{5VS_VFEV6-0_qHvH&OSDb&x2go7Da
z2U8~zPP_k-^rqqtgU~*Oa4-n#VCYm!G{g95gu4@-PQEa7h9&A@7$#u^)*@&4&!mez
z1zTYnifQ=&g?fQeSPMlR^$Bg5f=QTzDX8uu9t^_7Uo8=XNmvgvSCKx<!i;vmn(`%y
z2P<LhAG9xw!#Iq@2?wLF6(&a#?ry@vFpRL$mVi;%s5ypkFb2gv$cMJd5DdZ^h|YUa
zr`=&fljFBp?GM{v3Rd5X{4fF&<B$U;VFQehr#`hEW?>4p!B_&hrsEI8FmVgzhDlft
zLlfx_Fbs1r2SfKE&#lM>6O)k(reFf5VI#C}qyNDuY|;KO2Xj!}Pr41%GmOD%7>5xU
zy@Phu?yw1FU=C)Xnn8RRgz+i#7np!`FbNZyQz;)z!8RD3hMbM02cs|!>tF&VV3^CG
zGMe`y#{;wrjKIWn{9zI{!t_kigVBdcZzleaP_HnWqF!MPW}*EU_46R@0&8FhMqwD%
z!6a;exj7c!m#D|N{4Qa*iT(*AFsAK%X-R22Y=$wIg$dXOQ_!A8y*x>~!5plGeEtwI
z?GBUL9X4tEeEOHRL-8=-7LYHrVF(6c4U9aEoG=O#Fb*4G<{8=%#?rLIBe=t$=0fs=
z30MzPFbN~iAukL+Pd+K^Fa%>TsmGNUX;=NbZ6;ss52G*x6EF)KVGgFDSWG`{Cf*YA
zgISn_v6qkw|2WLS1k7lEs2(NWQtAtP0#>u8YQIc6xQAdE#$cUZYeh$F6O6+s?nzh&
zv#<dMU&S9rVGE4G985v`G310H$aPSxM^SD#0>)uIOv6U)zl`?O{;*a1L-jcRuo6bs
zATM&H;0Wv)Si6k!yi0kZSVugVdY}B3^Su24IibCQdV=W>NpA)9@)7+Q1~(x;%zQ$7
zz{F<qd5!nwPe~tUw;~see@?pEy$%1Bgx`igjDJPBpGB_i^qWPr(+<i9!_p}dFl{(R
zi?%zQBKRD3%PB@cq1eg=LmpHF!>G?mUm#oo@t|#U#R<$7p~i=Nk^wF#fss<Ds9r^R
z%A6t&MOUY2hS_dTVZV-CJ)ErH5f3I|4mN4_atbw@{CYb@EwuX(4klqU4EJ@4@+YWo
z7=gil#D^)Eg=yFZqy3R{4(U`Nr)DMoFbdmX7FN$C{y_49p}mkFCSe-p_Cd}j%D=Bu
zRKoCn)C-s0B|}b8hut28JTL-VVG62wq(9gxYG4|UfZ;0Ag)!IybFlnL;t$0i#)eUD
zn1LA>98Nw@5e`OS=m5%3zG)c89yyTq(Ec!|{SQLU`Q!_$VfbLe!z^rqnM06k0ro>F
zC$z()1EVmh-47!j7&;ueo<<(nOn&hrDF>^~xuZxI_uSD=(SSX5402=7!WQiD8q&j_
zhD|yg%)rDikn0)h6IR0Tv82D0esLV}Vd8kFh~b`wP1s{6Ah!+=+puR&q~5ScP9i+}
zsZtTzMTdt?*kiwR@>{2Woq|8iz!v=NQ}M?hhglf=73txgft9b~{%hn&(_XL!hEF43
zn1v(oPt_71yL~$Kj6DN$+Wid5g?kQ$*!~#*4emPJnY7nJ<bqL{gK-!<3;Ch=E&0PF
zj1ez&HgfPg%)$r^MJX5V!E^A(9)k@q1r_5%`dr$L-%I*;<og2hUVz*%`3KU+J@rTW
zAIw74LjC>;Iq;9eIv9%)5BJ;^)DN`lkoOJh<!Z_cbAP8F!0a`o0~6QsyID=TV~|7h
z2FeYCHzW6()W-zsi*&>!%1`=HXunALVF+?bh=>!;zJqu$3GKJAPo=#0C#R7<_H+{Y
zVRky@dz<uTAP4?&n1LDCihJY%<a~#89wa~9)6j0lA6CNjLzEYWW;yi%D8>TP)trMo
z#EZ_wuGvI8z{EWA(eYshhM&Y8reJU}?fDe)z#t5*p}a7LJ@PE&hH=;kQ?MDPVHRd!
z8;ms5K1-;F#nc}R!zP$nLOMFVrL?yuO2O<b<<5`~jKQcTx<MN?m(!jv(N9)TZtUUL
zsW<GY7Q(+veZEEeVvoN~y4WM{kuD6aCEk13*HI2A-e>&NT#uYE1A}X+pAX0nCR(Wv
znBf|r6zOF?qTaD{ZL<ikgP#)*#=ju^``EXU9`@*$)b~=_6J~KwevMq~kz2Z0qeTvb
zTQp$ObcrD0f|g6D4`^@Y616bybBSu)bAFd-#2zVfi5T`wF?RxB50{~&9(%f+aIK`%
z!zGf~?LBbE9_#HA&Dy=6OSEYB0WRhQ)K?|(VQ`>Jgkc!g!U&APD6EGGn1o5#1XC~r
zb5OlP_&r^sd;{e?lz1>4c8L(~;Uh`+Rl>nKm^zw|==evDK^|?dA$|sVj&+F|7(9-R
zFHjuM#u)8>f=g5`BR;Hy@so(B86n<s@;#Y&Fmx(+rNHE`C=ax2sfQJ$e+Kfy&~K3!
zW~2DS*za8;_!{Mc)i5#wxnb-=<b(D_gokOEgTafDV<q{*C``gSn1%_Mg^f`B!6ni#
z2wPzMkI1=-{4b$CU^+&7!{DXl1EZG_PP;?<b=)tfJTML8FasN44yK@e1?7h!n1vD8
z24m1}p**k>reGLmVJ!?^NqR5}lQ8@j>Vb9$UPbvoq`j`8o?vhk<;CB=j`XqTU~(h<
zeKd9$zriIUZy?`T^3m=$Qg1Lcj{3ws469*8^CQx`iF$%L*aV~FU5ulYE8!AoIu@Z@
zNgsQ167pgfs56bjINP8y+MXodCgL}eKFmHyIX{8ig3+kSMyVF!M<1geut(+~KlU_R
zs%moN&*qDI&H2c?n&jB65r#4DF>1y=l_uTIj1SL}FYZwo!ya6WKTIv5UvI&GDdmP4
zSPz4*ARmmpiaeiEt_=MGhF8!|Fusy@--`U~6iJe92&Q4?4Z^=kJ-tbIn1xAbzlFSn
zx7Sb(?2&hApSNhowYY!AxU-Ia@HXwZp8keC_#y29?Tv)PJ@pag`<(o9)EDs+umz@I
z4e6v|6y{(9`Q+MY7wlpi>A@gugfZ9*6R?_elQ04^Fh@N0u!s@Z+0D;bN_<0!I`U1J
zN@QT%p+xx?l-or(7;`Jp1an>`s^1}fzY-Cch4nCG;}0W6O0>dcv7!#}ht)6^P&@~a
zr$h<WMm?7*Q3FF=hz~`X63s9JQ-lk5RYc~$ZsY^gJ(NhoNKbU}X?JM9OTFx&L>NYU
zkq#7nkRPU@{T|`^lHWG!b3f9-o*abxTIvtRp%}~sk1z;RFa(=n7-nGvw!sXv*AWj^
zLQ$neEwo__hG0Dm!z7HrCK!bon1!uS453`_6AzZdAPm7Utbq|2g;7`sV=$rZLzQTR
zahQe)*aDL<2h&ikM@|@oSy&BoFaqsiv?C0`I1IxEn5w4SFb$hw7Pdk$963KA9xR7J
z7=mF~1EVksW3Ucp4<bIy!7Q{7rrux>+O6aZD`6OhVHDQFIE=vrtcS@k<$@`ggBhqc
zkUk8;9IS@oFv<mka0Cp)IE=ssm^zAbz%&#e5+9bs91KBmH06LcjKUDCgAtg3QP>EB
z$59UL5ABWk!%7&1VHkt8Fb-py$J6dG2{SMSTVd`5;(tWGClVh9VHk#BEeyjLjKF#r
zJBj!(0b5}bijPSTmctAT!7QwSIT(c^LOEa%CSVvg!U#-j`^m_$2|KKWF&Kt%SPK&{
z29vNJreP9hVH3>33{3o*_V|Qwuo|Xe1ZLm}n1ykegAFivI{gENVHQSU8;n9bNB*!9
zCSVvQVJ%F-7|g+XXrF;RFbJDq2xedew!$bBn<*D8hjAE!!QW6%FbtzGqV4>y<Ju0B
zFwE~W1?%w7!UT++N&UglS=1lQz!vTQTl(b|>N`q4Uow85PkPuB7w~(6DcB6tFou8b
zBFc?DbTRUMO1dxzQKK%J@lRZe{VU!N{!acdHWGIz>T&;?`QDAxGvV!<NDq4~K|V0i
zfF1Yv9mofhQwhJF=jol)>sH+FqFgX}H}#2o>>k<!+V@dkIvm<rWB5l<_1Xx74-x(w
zo`;W6ei)mL+%WM3<=g@1P=3N?U=4PAKJ6|H5o*OBM!DFu4gc7Oq=!AZk@ztDG2uTW
zpG~xfH0T@j6V1)YgL`fZ?TJ18DZhJ|*ou6(hd!s=pHoj?&_4`AL|_d}!g}0OFbUHz
zhI@1y>1aF5!r+&*(-))zgD?!MVFX5C48~v_*24r$!X#{hY1jfYFbA_RO+K-&Nw<ys
zzoA}Xcn9%e1~$Qn;3_E?h2^HfdXrm3VBB!?ZopnGhnr_M`Mca)tw*^$_+wA|+#=|p
z{Da)04yF%u3uPH1dx9Iq!UlU>+#(0XHKgOhpEIH%x52k8(jk0^V>3<o+Y{ZQ#z}p^
z5ikYob^0&~Gq4H9IY-k9Lz9s6OUeO5Fai_AOLFuktK(0>o&3Z!(#1b>7w*_oN#ZHw
zy&L&q=w7!-;h(#Ye6VNlCw-_d>8eN0_yd&tEApL5Ixx%upE?+Y4bXmwa=;*Lg)vzE
zHT4Wzh;MW8Rt@&}qizw0;o0N|(@&7@cKQjIgjIT|?<VBIo|=aoF!B`n;2wF}Et+9y
zA?bRN=SAuh{~ULGSAK&WFH>K*XO<HldvGQ71jQ<ddzP!fln*)HA-^5SvBoW`VQ#Hk
z)Z(7lKsm9Cjc$>Ku}|Eh5%<hix3Gm2;m?sDroJS;pY(PR52gf{duqG%hz!h_9#LLE
zK2DDq0mHB!#$khw51U{bW?%+3;-6L?(W=9HA?|Ug4=rb42<Bi76h7>Q<m2~<DE2I@
z)Bcbf(}gJTh&cYqLej;af@zqB&A8`m4{M;*V=?hzyaah*3bw$UrcS5SBigV>VGes7
zDuZzZmKRZ87{s1~)lhWthzPXd2pEF(FbtELWt0m>pfHgO24N0{p(yu=S{Q+KFbh#`
zBZ6I#8-`&kjKVPahq@6CitdDi;U37T?LCpN82Ml=4E6G`*O78T<shFR`NAM<#XSYX
z*we5UW?&3vVLi-2J3xK*!C$jK>A^$=<<jvg$rnZkdPJo~`g;-%+As#=dm$gp>_<4_
z#Y41T3G(bu{c8Uz+5vlVDCLBaVaQnuhtu9p(uGkNgLN<g6EFvxVfX;jg{cF{mw2Ir
zXb%_eFajfR1dPHsjKc<)gejPU%`gWO#21HP*XbNdJ$0d8k0M<dIvRhNgUy=9U@xOQ
zzwj`gP+zbGd+0dYSCKC)hZz`#Ic+beoF|YT_RxvcFHFEj?GKxweG=s*TrNVo+Wt%G
z2}WVijoh#a|L`f)kG4a*EA4nL_0Wy+{XE>e^ZWQc>ENFkK|5hjUr2f|^asj~dk$ux
z_#^!Q2BGjE7c7Sn7=kfa0~0U`?Mp~U+hf?hl>1W34a1jH-#+RW*1<GPLU9G<f?=40
zi7ROjKl%TebfEYP<%2e~3y=d=!Vs*si3cMv0!P3U4ELm+{z`o94n-05ph^9Q|3-Ki
zxtegKlZG)E{yXw$JIuhyKL}rlyf6sUFbq@IP%dqUbx_1<XBdUmJ*d}_w3l`tO})X$
z^`wh?at!5z_6_ti<ch+SmKO$*F9WM#R{JA=FhRX(-j2Muho+GZOu;6Yh8Z0mwnA|i
z@)lD+upEY92!>$|jKC<2CP@coU}z8he53p@dk^VqPUrX4i~5^EKZKD+!o%bP$glYj
z`2?t!S>yw=4<j#3Kgu`?BahQgCD><Eo*?~y9`ys0&yhdwv8A-P_RkQ%6nhKp2JO}4
z4^wYZ&%Np2?^8bP*$)WUg>+l-NA4KRzyxfCDNUXJ2I`Y^Q!t{#=LiQAo2lP2(%C{e
zVfb_8gqbgpvmAHWKz`w`NC!r?)4y<!eM7uH)Xxs$L1B1#_on?^UQvsG*zM(<CH)lI
zeQ773mob@s21j7e*@TDjA}@z^h+pazm0f8cSOX)l7WX)eVUL!P9?Zfl<RLEV@Xx|F
z>^W$6!@Vo%KpTc(5Z1yFjKMIhhY^^BQP>0%+P{L|e|PLK(!(oMCH6hM?9rh;dm(3c
z<cC2R>+R*+8qc>q36DLliCu)eqD9+bbRhD<1Pt#_d0`r+kUKG)^!qcO97Z_J8sfvq
zNt9y%<vxvig0ZuS2U8b#MLBYX|Kw$FJ@Q^cxE_?}GN|+UGxdf&Qingx{*8LUJ$McA
zu_xl#Vf0$U?MePOQcpdRlhX@zFgc$5anEq3p>YuTOr(B#(+^=2v^o8dfmxUwNWPP3
zhZ^MOgoM36c35{D>1tw6-A24q=nu2;Kb8LXB;|y`r{Hg}&nF)!79kgmyyF#-GjY!n
z4~E{QJ*vnLHbC(n?l1(oSx-b^8{u-W{4DBqtyfgTEVPHvA7CZq{2^;B#Dlf?hu<e(
zn1C%Xvz~CjCBF}-Z<x>|d<r&V54NHW1V%Q{Z*b4T6pV1|bVl1@<=K?;Bl^cs@_|7Z
zhSe|%qxdI3COw#g85rM0_$YG25VSub987H?eHi`>|8ofUIqe1QFQ``-fsHT;TVVDp
z;-8EE4(d<m4`VO_>vjGx2~)5M=3oW}g-^tZmxPTl%F&n{%);{D;m+aQRvk|t(j7)T
z6L%;$avOqir%%+t6pX?wjKd&zrbUULf(aN?KG6b&+b7g{louummw`<%=ivY;6khU!
z90(N=!r28r(Eu~B8HNjqUrl*n5T;-RX5a`Iv^iu-xM-12gwLm*VGM?gNeBOQ06Cyt
z>Jyd2CG$$+!FU<vhY6U5S(t-4h$bo#E=OL{Nx}?_bS3`_C<lzdST`ScqY@w1!W4|b
z46KJ)n1ngl1Vwk!fi`S~L6{_+ly--?9@O`N`1ho~e~&$goY3w^d>HSK{|Mw5fE<L2
z!fNcX3i5+lSdF`=L>}!A>tSwBA9FnV#a=%4*pdFeq<;|k!w?L?8W@IA7=?8(9-@9=
z0;XXKW?^oB>Kn!e`&jd%yf6&KP|6Q&SPz3R2}7_6MqmcUtBDU2&_0BC!^t1UU>wF_
z15CgaOu}ZEhFO?}ZBQIYJse8BgJ=&Jha+GD#$ggRz|bMc4<oPzrlB3i{ZR6SVHkxG
zSO=pp0pqX{CSh7LO#gtX!^rnA(t*`510ygCM`-)ulpp3`Qu7GphvF#YhBmYhm+YUW
zKf(|UYx~j20mHBkW?%!19z*^x23uep=3oM<BZyanJTMHaVFuR1=r5=T7=sNk4pT4z
zn_=)+>Jx@xo91!Ib0qa}Jn>-^#$XKA!#GT8`w7Sc6R<_|MEd1X)Xz!uCzygYFb$(H
z1M9Rsf*ddlQ!w&Neh1qB6zbz>@;{Y$P@IO`(1r~#2vaZwn_&cIVGOpxEDRlkdoA@3
zqc9F*umQ$l3MOGQOv5Y;ozCx|26q^NDL4YAVH{>)1I)n`w9g<u48c|yfoO<h-I02O
z30MQuFbZ?94hDZiIxqs8U>vr<6l{ZOXdg>{uo7lr80KItw9h0R7=jHj0#h&sGcW;L
zVG4>14fbPDA21uG958wgavn!Gn8Gg3rTj2`9^o!xJUO3y@sGnAn1WH<W4|Xp3|&aO
z!_>vJySD#{_|U$D{4Qpkf>Gi{WAsDpSs2G2xs-BX&%mU%Uq(1>hiPrUoN(F>lTchq
zx-bUqKkz(;AsD?HcWu8G5-)r`zt2B1F5gDEVQLEb{t0=e(vC2mq`$(*bn<}-n1ks?
z(mNhGXHiZlP)ksG3FUd5c85vWpzRz+Z-%KR<Rx5o0sSO~9M2LChF``X_uLB7$DVly
z|4Wg34RW7KJ;Kas^efohllp{Nn1Nys`a_oRF!3(!3$ri=bFd!T?=kMc2uy4HI@0Zh
z+)(XBIX^%y7~P2cxW`}<cJT@IjopUPy(!NY(#M{HY9HkOoP4lHU<!M78~I_+!P<SP
zx9zk8_5>9B(T`A}(1bk%8?h%Hev!eRf{_sZ$}d{AKWxLE^7=(`f81@qATnzwei3Cp
z84vhHGYoa{^UaNR=;jw8{4=l)du$KCsKFkG<yFM*Lp<yu*n~aPpK#c-uyzRH2l{z$
zB0Oxv9^41{ba>b>l<*<HNbB&hdKm3r<rgj3lQ4@tQtjv2N`1omYU=YK<Qb0qVZTtl
z>0d|Sk3DxJ@v%p1{H&EwzsC|DrjGNA5x9$!NEdrDLb(n^u9I=sJeBgo@UJM(LA2B9
zex6bAH`E`Doke~JQ!i&z4w(2I^{DOV;eH6^xrlsV<WI;8<1yqo6#Hd<o=K#01@16b
zhkKatR}mhDt|lEA`3LoR7~$g73yfb!dmN7YSn3ZZZszVnm`+gMBS>cw@hDFmiaxX(
z48q`K!r`B|4f(N$8VG+R<-MJD!5+SYcETQ=LcG4jgGua>d;FpjdlE)q4%Wf&z4*ff
z{6ECK4}5Ibxc|S-%;eu`I%iI$1i@Slf?!k-ggd8Ad(t*^v_Z7NXhYLBZAYbT+NSO3
zi8du|rxlg92U9|WU@k$f8w?E%q8-E)1cQUP!X1R0OVs!MtiAVS?>&3+=j;4_-~D<e
zpV^=FtY<yzS<m{j*WR;d9?XLUFfxIk8j=4H_JQ#aBL`-{c~ISt92f=bpMsr}$bq4c
z(cY)fei`b?c^J%sF)$Bi!H!e$%ct<`Q;9b)&3SYhdpOU7>zu34l8^Hk*m{ujFW?V3
z2SZQ8F0d6WfN?PTMf?q>zzmoNm%w-y`<k%h%gBKVa0JYP8Bl!%IWYDBa!=>{YuLqg
zRC=Dc;XM9z<T=lMlX`QWT)?l-pd7FsOoI_H3wD5cFb=A3Q6De_rob>b2}Zyy7zLNW
z7+3(~VD&T64~D@s*a~LB7?=b5z&w})3*b1Y9-<y#2%HDQU>=Nu>tGxVHKP}doJKzZ
zn>f#cQ7{K~gLyCk7QhiuJxsfRVQ>bFf;lh_#?X@jS2$0D>RH4ESPy2w2$%yqz&scS
z+2B@5Fbt-_D3}G~U>;0>>tGTLJsbamO<)>~f*G(I%z=Yo0UQTI-^M;L0xp43umHxu
z>gS*z41)=<6-<ILFbyWaESLiGU<Op*p`Ks}Tmi!%gDuZUQ$H{YM!*=@0VcpcFa?f)
z8E_KJf%9M<%!37R9aP_?T>O{&PwYCKe*RnhafXj)ai}lX>G1;f?WDi1Q4cUv9aP<~
zpg$iIWE{utV}oj)^YEjBtogC)_@IiOh&_)Bs_Gc|o)}~;$2@XEkb75@`xMT>>@$&n
zCFMRR$g>sL5ecgKvlxe-8&n;fr@=Uw1MAr*$h8ES2gnbmME?0fH3^2nc`yRz!5FCI
z`X8(ZlVB^D0%KqXOtR0Ac>(zZUl>%OSAnh6OYlY1OYp@(wIcWu?0YrXM)`s-4RTK#
zd>Qq74fwC<6^sVeIG8vPWL^hPqWo^gm6J&qY$qKofH}caNPjK)P9<INAnAe~)I;#J
zplUh?|DBFqf@feCSO9Z^o#ba<r10{fTB2UzR|M6JT;G8s{gihW^}Ymuz6$$ajz7T|
zm<1DH9!!Di)j^d3!(a}Kf(0-RhF*dHzzCQIV_+6cfO#+ls@ISo41+l^3KqaP7&?>u
zU<6Eo9bg9R1G8Wf%!6rAb>mks4CcWIxDH0aP>gm3o4`021ruO5m;@7G3LF8`U>eMT
zGhi0XfjMvm%!BHc#1U8zs@Gy47y>)M2-pY4z!5MGrojX_117;7m;zV8G^oy^Jg^?j
zf)OwWc7S;>4i>;cP@RL{zz{eIhQTZt0hhoiSODW-=xoXZBVZbgfmtvC=D`%G&c**=
z7|elDumHxvrY`b>9bf_M14BL3OL%Y+OoQ{nzmEEV5s+WcR%x&a%z_<Y9_$18p#wDn
zhQUcN3eJOZa0N_))vqQ$*aT+54loxdKbSv{{9xpK>;{wI5|{zkB^|71U7UCm@?ieW
z<Y(O+y8!=zX>bxu^&t-?FC_hP_>1U2VD@6{0CWAs|6Az~mrx#<y%hg|>C4bRK)wX+
z0!9bW2gV1{2d1vY?kkYLp7;WzH{kbf+8Z2^^BYM&kNSeqKI{kMU>Y2`n0kO|Fm#A^
z1(RSNOoOT)e}G{y2eyI*Fn2rS#W3Y@o&*zM>h0v0^P9+b3FX~Pd0-NZgBdUha`RV>
zgK01eW^cj&m!cnB5&wY-`_(%r7tDc4Fb|Fk|4!mscyI+Qfa<l_KZ-mU17lzUOn^yn
z1WbWxFb&Rt888Rtz!fljEAe{{@c}l0aWD!dz-}-NCcqpx0;=242Zq2IFbXb#DNvn@
z9M}Y=ZYM6lG?)Z4;5e8CGhhy!2lHSaEP(5vN?}hA`oShJ3`W5S*bS;XC|}aS888Yi
zfibWk>37l(Uq?FF0Y<<$7z2}F3e12RFb8JA6)*>?*JBS@4;H`(7<w0az&Mxyli&!L
z2Gd{$oB{J-4h)T<4~&574cG_Pg9)$|%z|-Hy&FAp4$gx)Fc0Rzb+7=2;>g{FAHWb8
z1;b!B7y%Pt6dVC#U>b~r1>!&Q9_*5IFb5{U0+<A&SCT$X{JoKMFbo#J4lsE)?FOd6
zB$x)r!7P{o^I#4P-Ge?!2S?BsJ4`*m=zGyazl(u!FaajP6u2(sz8^a|kAjh_=+9~F
z6gjYu^W1&t=R6OlIaeRVpPYxlCC-x*`1O4BfuTX>-w)wm&a+?#=lKt#m-7Oc<UBM9
z&v_V};XL{g?BYBI7C29Ql<|u5B-nH{<IcwzuQ|_van5s7j60m?!Ew%c8x`Ma!5%Qj
zdE}G$@fzxp!9MsD7~wqpZ?q2>`ZV%j3S0*Z)5O8G)Z;Uh3&uZ3I;j4gdJQ4}dF%kg
z|3Ud+Y8F3$`7fYf_%Bi3b;xDWBlu<f21dSuonY(%^z;%pbLat6U<a56<6s6H1an{t
zEPxp>{8j2B>EH@_G7qBvdi*g@d2fOT!(a}Kf(5XT^wc-d%Xu11bDsSs`b7?0;ym&#
z%Hcc;hHjv~4`C<g39y6n{KM3r^8%RUJoIhyaUKR|IFEjZcH%rH$a&(s*z;!E3v5ba
z-y(K#o&n>W=e~#Coae!D&eiuB7da1sInE<X*v)wqtbQBz{D5*fPk>R*Q$NIhF#99&
z!xz9b=ZR(dr{GU$-y3O1un&yosSlU~SHSGgNk4?%BeXx5_$7M4<gX|n<l!Ek=_ma+
z)E~_J7v+KJ-=arwmHLC(-x1eu$3MTvKiHA{Z}fwzfZZ2RA21At!B#K|#=tn308?NJ
z4E=$A3C6%~(Fd+@UI2N3Plf)79xwtXNzeTWJHhmy;cxP(=>MP(4E-;5fSJEy|IO5U
z1Al{szY{-T>L2JE!N0r~I|k-_`_wp?2<%gNFkHD$HQhqJs`jZt!J2()MsV*wwE||2
z*{71&Q2@j5fUn)By1~@3`&3%&3+_|%U<O<Pv!J?=I0Ng!0vG{9`zRlbf(bASPJ$$;
zl;{KJIZuOmNe9(M#0xk>dg8c!s`{POqmJ^y?D6CWlaJY_*1^zY_wn8g?0p>d17i)?
z0~VgJkN0Mv|4IAQ2pIX7eaxBo;mO!{8~GdesW=#Z>OPeLV@>E2d^&z%T@if-^~R1Q
z80S3pO!R}{=6$@o1N)yveZUNu0<+*Gm;<w59$W&|v-k0=DscgZSkFYk2$%q4pn4AW
zq^K7dzLb1m6fA(<AP<$P1Q-HGz%ZBwW8gfP09U{iSbZ7xfMGBPM$sF7F35QV>;_|C
zAAABF0h8b$eCR~%7kMzlc@&)IJO-|aJeY$|fz@}=Z=Q#L!6cXfb6^?_w;(U&fLYG7
zU_sKKPrdI%&kHCY%!4UVwIUCO!0LCAA8Y~>U<Vj_5%ORf<V#^(XYNyBumDEE$cwR;
z^cWbIbTG$x_$8DJ=D`d+?~G?38GIS~zz8@3#=uE14rajwm_$AWj*C8U3BCYUUrzpi
zrF<|GrF<}a06WL94~z>B4uUyw9L&o(>G6}$0~Wy0yYbt}v_BYX$3Em@V2bnTDadi2
z1?M?WoQnKgi9=A`MSZ{~&I@3K^XNhB;5-E;IFFo0y}>jXhtGoH_fXF1)Qj^77~?z%
zrX?RZ1LnXC_9f5YocyYj{s<oh)d1y#VK5CQ$)5oy!7Lbs51+-k;Mw?5@Kx9WCeI=6
zt^m))KEc;fE|@<Le_jcmk6ytyVHX&^nDPbtX-C0JDgP?$9-!U8#1)heX0O6tFmoO4
zI*326#~)zyZPXh~--Q1JZ>AoCx8TRCX}{ZP55W}v7Q7RC!OVN`>ow>dr#@ilUhI|g
zH0=TA?xQ|ncmjK`<@_VW519Wb^#LOv$6h)A6#Zfddp=El!02bO7fj6(=V0y&)aN?<
zki}k5JxH8@(Ru0vhQ5itVC*}@)%Dc(yVM6Pd=EWf>_3qQvtUlzaS6M}iLW1Hr^x*j
zInHxGqh4V47x?W4>^g$JyNQqg!d@`@d&WC3T!6m^{x9%g_<!KR>|a6A^Ed1yf9UVj
z=U(EiBE&j?`c{QhbrO4OLMjU%IVPmKIgi$c)FhY#m%swJ4u+2n@qRG!?F-RH_<Mgy
zr34=pVjf5S_z?3r@{b8|ZAgE7Y)Iwg{Ba=_K14YUA?9!D{RGMb^G`zGFc=Q0RxtN3
zA=L+FPoR7-`4r?N{i(>k9sfTAJdB^3Ln_XB8XN>OU`o!P6;ktH^tmCPouge&#11g^
zeC#D(=mpf9^C*}D6X1%ZzYx1b@5`|NX37WWInPJ2`@Qtvldua6wTDy(=}|DldFm8+
z&eLEL%z!KK>4PCPF6Ut1`|$T^$a5Y8=fOCb2NU2rm;@)0%brgCM)2<$lq1-QKKRU;
z*vEPJmB@jGv+>va;m@HSVD3EH2|n8!Vm*Mr-i%+s0+<3L7f}B+c7c<e^RS~D<UDjC
z`8f|?6jJr?Kn{$6DX;@n7vpCz56+1EB_a7e7_Pl3AIyP$VC2#e-=*Lj%!8@R@Y@Hd
zPl9qJKbQiOm!l6p4~~Gj0pvaiUP1l9$d%{;V^?7pm<1;#{~&$<Lst{8@1&k!D_8*4
z1b(=N_U1f%Ej;Jp>nKm~M(l%6za9G}-w1l(3!~^6#s9bBmk(jj?UVy%?m!QG>`vMb
zOx=b450gGlKF-s3V?XCCbX4S4+V?*6avr{)cDtWA`6O`w&%>FjkMr~_{-B=fi^MT}
z7|eqaa2-s5O}F6}Fbbx?ZZHjI$)EWWe&IZv#XeAdnSAhtIqaOIJ-$Ue3I8zdcRO<5
zrd%-p9sCD|zKb5@3g8OoYLWV+kOSA@<KLs5KSKKVsV|uSA?Y8b{g!DL<Ptxo954e8
zf~lWi2bc!4!h=g-7EF*Y{qqptx!@eEz5_eJFsOb(yMQsU56pmRumH}3p<iSFouq?N
zFb!tWm-sFG$B2vH;TQNEI4<V}kn<>5;5-Y~Pa*#Y>H~)Vh`n<DC+hPq{QYO@0fzrV
z+<{Rr4aWXTelQ1y$FSpX*a?Qg7?|Hc4vhYTc1B;iVn6Q>LmsStH+EL;=lx;GfiW;s
zwV!KQ%CFwfUI_jJm%uDID01L9SOBX(PMp^u$9Woz$oby=yyu5@2gkwqG2|ybSG!*|
z-GyDpQVtjo!jql_)53?)_a4dtBb1-tzhCu%iAU|{y<@}|Sp7-b8EgfkkK4~XoZuh7
zUrllze&T-aVd5vSK0`ghNzn&(aGrTG=V11!oc|kkK5f4m0khyd<;0%8UuBU`fO*ji
zu7hc?ejLAm5ikpOfH`oU{Gn%J2j@v}T(B8CKZTtUcrf%L^unu`>{p??spm`K!5EkX
z6X3Y;FGEhw!6h*IugKqnKClT)gE{oYqO{Ma@ymhzDhg&#CBNW7>;^-pVIT4lun&xa
zNl=}Roag~FU>=+YLuZf=%z^8Ios@eo<-P(t!O)r1dz$u$(f*tlz!a!ni9aPB93ee+
z7It$U2eV)TEPzQ+-m{(p!(bY01v6j_%z}Mj9!v_JO+5v>K=fvMu;abxeLdxY$vE~2
zo`-%=T|~US4}V^a9bl>-IWUsg&%DF=Tkzj!u<vrpdq3sAm3RYV{Juv43|)zS((~8i
z&ouT8VFwtw9{+#|a9#Kt@aui>Z$lo;593ELJW6|ffON1G%->3V1aGGtFqGP_X21+s
z{XyjJL=PBw7xsc#a2||}kv>5^!7!KrTLs^b9GC^uU?`0~F!BNF2gW9---qBog#BO`
z>;~0`kq1-vQ%|q}Hhq|Q_z3oaX)p!mz)3LvAoT<b^R)N<==nPS0+ZjQd@%nIc7p0*
z;swm*kekH5Z{vS3366l-?;r;jz&sdQMD8Q-OT-^o05f3t2grf(AJV@*3jbs50>eMW
z9xw)G!F-<f{uugyj^DxfFUSw3!Fezb=D`BE4#tk4ZwkA9NxXv5U!e!gfJ<Qb*R<Ei
z@yiPJ1J!S6Z!ip|!7R7}Mt+O`KS4SFO})Sjm<F@p444OVVDt~jgK<!OlKTFU^1(P5
z0rP9LH&_7UVDit{1&02D|G_jk39A3WPB0EGff=wM{5o-wfd|82`VssMX2B6Kr;g)2
zW9SVW$KE36mB*<Vm<Rjhyy`gKwMqHlJQ%7zPUXP}xDLj^(5EPeqfY<l=UlHjOYIp9
z?Rk7{RdtG_26*|C=T~1YG6#a8n|vo9Tj}dS!bocq{sN!sb)>&Rr+32j@F&;DUy`E8
ze^Rjiq+s}@VADy#$bn#Mdoa1@P}OMVtrfQgZuj5h^M80xu=PMNq6H8`ICLOLS#pS-
zQ~b%#!0~On;vwbC@z=riLamfTCZn7K!6uX)su&I2=D*$NyG2e-ttSPmJAx5kuanX`
zrJOqSjI$o*X>Dz{Ks$fU@F~`<`GCQ@>f@+OOQ578RN3&`0D1;l&plQY<CjCe*I3om
z^<=8n>8}H=L)V}40`uqXHoh5wInMi-51%K(2gPaiRP~VmHs2fN6aJ_^<$;F`O;V3F
z<Oh+zR`eA8h1>C0doX&aa+IG>7N_}p_ee|8UYm|H)F^5DHkODP=2u=>u(clFLnUgY
z-G;~?XFi=3JG|l}=5Xl;w+Ig<epo=C%$FIzq3@8-|5{(L8qGcW|0(*v|G9hcwv@ji
z_W!$29q-+q?LlYxJ)Y$s2*yyQTKMav+~gO0a!bPUhqQy?%GNzPplJ)ZZtJtQW0-t1
zU-YSq%Gr@{_~Dd*S2sBjOo$y)uSN8YJm6EOd;9eOO>FOW&1LEp6@9(@HDXuC*YMMh
z^!b*&%sV9*ZTI3aMvBqpj7t3<{QtfjUhk`BDCe3T)yH4y=^rX|?G_c1c<8BMym)x`
z@xbd$)qKvUP7!~2^^3Tp{laD9Ax>@`m%OHt_onUMj)qFc+aDf1JNnTV{`v0h;Pq;%
z`xi&Y4w=)|MBlG{>O^r6{ypUDcZ|PvRg90MKSt8cL-IAlC(Gn(C%u#OH0g_yr?lN%
z{m%DAukew$;q^<rFU+UjCVGtVxj2qoWQ`mz4~7S=&xpx*yg<Gb`L2_=E{^NYdC-5!
z9*<ei$Y0A`oBNITykMIYE<{7gj3DC<uSem%Dn9iiK9?)s_c>?rOgSA+Mlu`r@cIkx
zh56L2Th-?}@A`;6%j7St`cz<x{Jw8GOFt#Z(=?8if;LBwtIaGtGQabwgInqQwKMnW
z!N|2v#?UA2H6;3ePn<dQ8S}8s-xXf|mN=Ouf9j9B>rc((<Mjn<{!gsSnE#}mHrEUO
zkNK<>0})56UIRAr_1Esd_*A11y1%@>*k7byw3FUPy6862-&{<ugX$%HkaUVI9>ViA
zWc}Mm3{S;F$G?>Kx82oC+MBQ0suYv@(V9p3x~R%m_|<D1?Q=kyb8}t!duQvO%)0Un
zC#CBq_VuGLS>so?ir=>#AN*JOyaouZ%^27Dx~0k<<KOjqV~u?4wf>_vzqHpfULC)C
zJNWvCN<8}L*|8w{p16BE0z95O`J|&~N0;b3f#0l=wkk6Y`{tZMBK>HTe6dD9S9ct`
zpLG`dk;KoGnZ6+D<@8QE^_Cl7rT=Z9FGqRq{#VEC`|)S&-jAK+%RTex_)+}9V?;b_
z>@Pd+@HmYA4Y6kNhxV6q+~F||?q&N+#+^0z6?l8S#lN-O9t)r7SKkzU<@|g9&ipIm
zSP%L#FW9{w$H=$x!lUO$ZojFOmz4KofbHgW(#!d=k@V`eQa`rAD|ojbyG(siS-+O?
zqrc!UapZuLA+vEkGa==-`;Xdn+8X+n4(`5Pn%V9No#sDk^9$RK?3wx%q3AUqxUWB7
z<T)Rh*Pjx<3+T(g_UP!7{@1`j6h6-{KVfS2uioN#B=OxwdZc&vejFfQ-<ytJe9xh;
z`x3wBdcF-ikB~li8T0NI^SHmvI#TjCK8p2H!mrqBw8eADI_+++b(-YwC4cMXeznHu
z&3T`7#KB-DaLC;K^5t#OU)=W6`%V+&Unl>uQoeoNz~HVo(b%vtw$OaPac;Dr=K#BG
zWRvz>MUVWJ;PreKJqLqX{~=k6aLDybEt5icz^`~kZb?0@a*T~3u3fg+7wSUK40>Mc
z(4*^{_ZK(hPPWyTT@jJx5Ie`nzeN6j5rSUuDyc>6R4pUv)1<GE9yZgvZ0RJaMKfJK
zTZepJ<zIn(42Qb@FGr*Bf#VH*_Hj)32KYSk@>%?KmMPz2$}@cy53#G$ls{KkJs<gA
zYgJ6f)_&5%S8T>9`-kRr-Az8@x^A=GTaZ7Dd<6MXQ(tjkvptw7hK>E|g6vYxBKbzh
zCpye{DVEc(uNgPXku`nb(aiVAztEJot_N=Ny+vOQh_v{i8MzE{Ts{{Msdqd4B>dxr
z)%7k`Tj%RF)0uX4x~ytM-w=G7e3+~GvrT@?l&>}U(@lQLly_f8%)yKOc6q7SGJFdD
zJki5EWYz07pYPSyWlkqa0WS2Hkn_9ym$grwaqLt3{%ebMx#;Uc-}se&y+3OD-?{JY
z+`n1y++R8njH62ThY9qJ4EoijLKtz?hfDM!ew-8gNf-02L-=L*oCm)KKM&94Qt^;>
ztgUB!fd8VfMmaZ0*OF;o(wj+-U+tYP<#m#-uECFhbqL=JzfQgv3aRxP`}srgVdU+6
zGa_T~9q<>J^7ek>dxJB8b^VbaL0<Pe$-|-R51)f~$IBZ0JUrVa#iNB!wQR^|;V%}}
zzHX73*t(C<?Hsmx5N#*lI{D6UU)M1{9}Ffd<yzjn#qokY!I8?7f~m^W;4iX$_I<%Q
zqFOyv>M?=-l_9@+lGtS)z2Gc-0e&gK34S%k2Yvg5(YckPtLz(vzQe(hD$1^+?5gW*
zpZ(YQy&{^Kqe`y{8z0Af{WiaPy4gPt`4T!TI=HV83|*l=`;0Aiy-(65@;Ca`XC!dE
z>`GPG?ehO&pLg*o24snc3G^-9=~tJCe~or2?uYrGX5Uvg){BeC*T37Z<n@%E<>wrJ
z@n2BwU4D)Lk^bDsz&7|kzq-YHopzAsbkye(Pj{k-L-Y-xZ{|MMY3_Kj#vA8;|D!$E
zeOjBLZw`IqAM`68)%L1yd(b)F{AH{0M(nGjvoC$fuYOT(JapZ+`-Z1N!$8s3i@w48
z{pvbz{~d7MkNA~meUTE4GOkafZ}Ovlb(0W!JmI<zWQD+gA<h1eT=rwm>k}xo#=jYO
zmW5{i&FgIGZ*@;F(ycX#hzZ{epCO-noNb4ngctW)hsgK9r#<)q_;Gmq_#<|W!l&T>
zMU+qzz3vH}riXgbH)ZOx=M#RejJ{=4-^r%FLq29$^j>VvryHb;f1WJq<{|p(o=E${
zH(R7|{58WD;O*nP*xe4_J>{3LOqu@looh9P<m)AU{Nts58-h=H@MG{J9{d!165d|E
zu0Q-BybOcZA^b9Y0{+Do2@1ak?`2Od1FYENUI#Y9i#_gmXoDAf-11%UVvk$CA71Ry
z>rc}rv1b^*&qL2)__&9jY4~mrJqz$L4?RcVJ3RDkz(+mg>%v^Gz`NtQ89oAE694c`
zE?(lI2R;n%)z2h-Xq)uI+oaEKlfJx7`o=ct4Rpk<>~Gs9y=R;Bp)JxSE)JXNwS2Y?
z;iuv2@vFNZEWn36_#^Pu@OC}Yw>RJw{KrLkabA^+3*(WA_XWc&nRP<7l-tZekwjjv
z*CY>z@a^!E@TY3V_$Pc1d>;NR7e4^s^a;Ousg3XC^C)}_zG)99j8m@ljC-CqZi{J0
zk6p{?i+s|r-Xi4`>t|N(0;^_{h^_q9o<RMO=N6tNZ>-yG*V*Rv@3M2Xrtj(}_xQR>
z=u?c#Z+(BRAN`?EQE#cAVNX%N?S9Yku6+bbH`YN@lK<0w)lYWGZ@Zp3)4HB9Z`&C4
zM?Qx9(>BZ7TsKuY*G)37*77elZSGST`Xv~6j)Z*$^Fb16*B0cOKI2z!5If96_)ho)
zJljykL)x_$eh{8Z0Izm+?{mesSU%}^n?~Q{48L_>EX9b!1^67iJwAJpIRd{9-@c=`
z^8LhXHF#1m>hpYn!L*?b?0gFG{_lP@E1W%kX~E5F0N<4D_NleZ*XzPj^2a~VxGV8z
z&u^^@ozJ6u$}|4W{XmK5W%Pw-{p#m#dklT9{^UDUrry_i@h#|Vdn)T8^rs#A+2@h^
zT02sA+OC(Vt;ERy`Rcz=I**LPhu|wjpLvM<1bj8Td)}OdS1$Pms73g7?DCp-MBkd3
z?w+4(pT_!zeC~1@;aA}8c1byH@cAvu=`qvY<qW_tkx#~8X=mAk6MdubQhs-lXQf8E
zoQmC3q{m(L6@CtW#DiakPkQic@Pi(FZ4>?1gKvcI^WfXy-S)I#PZxYQ^5cBo9CzCZ
z3S(Y*y=`96gBxN}k5Td!Jj$7Xum7Uc{~|vNAM)TA;j7`Rk+BYuUxim5@`0xlFCOJK
zz>7U@JuUDn@Z3f%9-_Y!K7xKd{@L2C7rqr<H>8apGUeTR#^C#q*ZXB=38H@rJ`V4e
zpM&p)4-~C2{J9Jt^WfLuJK)&{DIOAkwQTff;a?;yc3xhLK0{wK>3P!a{Xk;49exQu
zA^FPAYm#W_89=`8OMb=nTrvKoexvXSc)NbFYXW{HySblvskZCn;&ss+>GNN9u5TpY
zGJNg<_Tl&}^=ao}Jl_>EZ&vHRw?TS-&Rn+`b{FTzA?NZy$7l01(eqX3K8)Di4!;in
zWGTlyq|6@p(AWIxgPZd&^F8CET#=jmN&cId?I~5Sb>vA+bKg(q&BNqRKIoU9Vbu1!
z)<f+<=f0%>+ZA3T^#R0;@nu!)f5@*`7HECe`r#(VAEroED~<Ub<{xvOyi)s_JJr@8
zM6&p`1-TXE4)NI-zvKZ{Bd{gCi}ddAZtipQv<Uk|B5dRzAbpT@>5h`W+sbUFkC8q?
zI>VGsFDf_Fr%4|t{p*r$tWypK3wvatqU~EGy<?H<Yt!%4lUp6tI$hdpjr7*<ZSL!f
z8sTf7#q|(8+iJx__(u2+7ccGG1|KT;)m>aqmXCY?v5&J&__~E7#=gxE`4ho_dXxAD
zKa{kubH0Cb(7SnK<W@ucEub&;#DMCjJw5cf=lj=tspGLm|Fg?1ETRX?<e)fd_s(Y%
zui=1t(2O6Rzy0bS-AfJs_LClYazM#4&^pAw!|+WW{9*X82R{v84{smuI?=NLAA<j|
zC@+pf)_TNz4*V*2cZ<Bz$*?#gyV%w69NGtcQXT6Mz6HJy-abwV-w7Xg@e(J!@ZF-v
zj7QqJIL@%zG_SCrUSWM^m>{1VqIZJ)O(!_ZllsoWhv7%W5vB3tYH$A~Wu6m_l3TAo
zYpHnr*#ULZ&h-7)R{L~xG1VjbP7J6gc+}e;bY6dmpGJ|7JujfHk@zjPU&(#e^L=Id
z(*pTZ&krcRy1f&BoLer;$*rG9Zg?*9;R^yPw6p${^6DLD(4S&k6eNBcrkuXkfVxNu
zcFjZVq;19r$r2CK$WJ0)Bl6}U`~rL$-X53Y*CX)b@E;IaxBeS!`pd*$<B6=NUKDWL
zFOu@w;1#^RJmI_GJ6`PMd*S;<{``Qt^%!vbc>U2{FNZQf`9{1F2zS&<eHSUG>C%8Y
zM+Tbmada|Ipy=!GqJxPa=~s2n!~VAf)H9@F+uOOX%(NRNx7OE-zNRY!>MKHQtIv0T
z`Pv!!rqMTvzQ(GZ==0Z9ZK1FW6@eD!+v~RLcfLP6-Nlo#{x`CCDRH6HQrEi&y_p*V
z>cpM($H#2ZO?10Xp)YoGKpozCe0aOp_)v#Ut76YB&bXBR7kEDYgnx$^?(QGg+WH5{
zqNfG<>UWgt>4aDC51Zp1>kj!k4a*Y$ml*AI%d<?1BBk{VA)kI{sh%<Targ(#dTKo}
zt><&TO+7J7&m8itx0UKyhL6A>F#Cbl6W4m4>)+H9xAfG$0RP@ms;3dY1OAI5==RSi
zOa0S@{E|zL^vizu9Q@xl_2}SfGWSQ!y|p7=F(vIZMgGV=tRFn)6W>~?9m~jv?se9O
z5KwFI)$sc_<A}*un#%a9&foVqE>NRluC#kI8%u@5PJIpV?eHt`=ZYY$e8|T}pt&BF
z@_I>cdT+qkufl({gUtWL#W|a;5PqfgS+wZ#4wElJKKuA8ewa4(T_=JLecYHWhFMrr
zmB=4Keh@wXDuk>31}wKp8i&-gj*YbuSGk?=&G1S1`*zl!xw2`cW%d2&uwL8Bm6sX+
z;+G-x<=?k^zf6;Fg?x6uNINW;`d-IpvmIV-wS&}amGtoY1L{~wHxJ<hT=3Sz+x1Dj
zHo%AA<@<o9--uV&dh!vk)uZ9Z9`YAldc}_e@GJ0q)nW(pf&ZcH)>(7t8~H%M*mrcs
z1HIE4cES{9*tLdy{Rd0yTg#2I5WHM3maDJ--jeH8W=%tHC;5{TPQ4O;z3_wZpB6z^
z{P`xV0HjNhEbTFdeD#M)*WFX_3f|sM?ND>@>*)WxTqhg)i{pxHE^mIH@q~(!4SI9G
zRLZS=iQM0H>KDEdzWd`&UgDz-J_i5o&2gk8KK!%HMpVs+f9vYcsOJ#*3!g02I|jc3
zub;PY)yGzu<Gdzcv3HUDOPNx=tMEDa_*U(EM)~$_rqYFfbLy3NZiioi|H973g%4~s
zF6j10U-ze-<%qwh_!oo!E}z})yy+L;tk?V@cCM1YK>lNQ*6;qfot<smz{-54)XpyW
zN%-e(`dP+%V{&m^_mnQUb^Rs(XPtV*{wer0yz~1^jIYl5lgFra_?ydG)@gjd%|RhA
z{@g%c{BxV@10AD8s#Bl;8D8sT$=~)eu8%*@e7;%F()hp9JDw!}5cwms|M%A=v*b^c
ze=oYML&rb-IJ|wFka1`gKDiVyo-1>XldrYLNh+XKiJk@~%q;SDJz{qY{0w|bB;DiL
zCARUbw0ZUTHbDOBAC&4Hl?fXDU0!;b*>zD&pyl=n7RVp>(0c^F8(#0%x$TW_ueUKu
zJd)q-=QjAXt2~L*F8Fcyukv||etK6)P`<*+$WDy3!vy;3f9Uj=wC5~*2>yi4_}lDf
zb*#9H4l~BvRgwRZQ;)P~-~jCbKkcRG4!fSx1{M3-$v?7Os<#I|3IACyz3<vy?_u(*
zpE&i3f2ZNsf6Voy=-u{u(trPU<5=J%=I5U}%Mrgcz$f5exM_cB|9-M}{}#XWNdCN2
zuh>5T-v|FL?|mls{opIg>|1SK|DbQ?h_f8Ae;Gal|0h0g#^C{De6ybC{E6rEtmCfX
zWbFT?Q?JBb3w$5EyyC~*|NXbv+trA>UgVd4RjOwQJ_o;K+IK*%7b9|A;G4I`BZg{8
z)%HvwpZv8`kN9&Aeh~hzBDifl_<p*@vRs!_$D*of#aWK{vl%`N|4u2#J&yF*x?5>C
z(R%yIpK$3Fe-6X<!GFt3?-y-)Ntd{qM!xztPWwd90=$C%kq^W^{3+vsTz|8Mb}ocP
z&j#|D-v*55);X6$__|YwCwTj~FZ!F|MSfNU-Sz)?shvH@M^{Vr48XU-AL9`}zKv2n
z6Uf*9&Z$S*eHK0he`sgpK;L%bK<%lluYT_=N7}s+z61UPUiIF={$VfqXIy&4pF{8&
zc>Ns|XM0`g)m~G`hyGC7UUTsE@D*a8c}P1hoAL)O5)^(7z61FV7hj8D(t~e=pMe)&
zScm9ogU`crIaNG_?}D%XV=3PcAAz^qDeX86-vpoESvzu1rTlfZl)s3+nLjzpX@Osb
z&%mF<XLtM-?|0gl7l?_zMjW+7zLNPLKIbY&eAER$4}S}v-R1b+Y>V$Q<HQ*G>v>6s
zySyp*5WL%ebMV#hM{WE&4gYzR(+r=1=ha?27-#)AZ`V#k=nMVDSs(HD7<@InU;Jkt
z!cV~~7cc&vgJ1u1Kz%}F-Q&_bxAu20Spugs{-XC0DX?_@aL>nI^L##w>*!Z_#pOxH
z`*Fnne#%jQb=FtxABJE5-+=r?s%3xaI^(J3*BNt?-=$aj)iQhm{?V13c-71KTzr3-
zbw-@rdOy4Q46X-=zI(m>#LkxEYXHeIeu`T9hR_!ZRH*0dES^}=mhbm6o-UxTfWDp1
zqZ`PlDk@6)QytD5fxlyCc5#JQ-Y#kPUi2+hI?EA$2tEhzj`K12c^BV+{1ki^{?&Yz
z_GF*+OlyBn;&_2{RaK!*4H)Ug>sjyT=YnP0d)qi}c{%$Xd!6->IPQec!@p>&IBqN-
z$D@+}m{PqH@JsN&p$xNsm-G+cV)=FK5%Q1JI`xYGH{g@-j}^V<A$;8{4Ee`dq;UK-
z!>5q9^Ud(>@Z<3Mxn1Wx{&-fyy64GdE23J@fXE+PQL+y^D*EB=<GbjefFFVXz9?{y
zZ>*FxWfmZIE+XF=EY-6LAAw)>((~g|Jq>5lpImxGe+&EyygP0?;qxARFZ>exu~M#i
zNWF&ObMUr(zRl~`#}=<6^p=E_J0<e_ob?iZ4t^fq-j1Sw*_40zW;|}{e_2t#ZW)oU
z<%+5hs!;Fev-o*){p`ELYDR4g$x?0`^6~vndphB};Je}fz~{2@`jwJ+E&CkC1p2Cv
zbCx6J&%!Hsd%dL}E}HVZs;_MM{?B;#!xpmCy^{H`ZZl47emL9m15WeZY@Of~v8R)K
z;p0o~?1is~x7#W5L-2*iIOU}s#^6`rui|q_yxXs{NESVF$hX!z^$5QVAA#S;XBjUA
zgkOVi^5ARFqW?Y4j8mI@Bm9Vqm+`m_J_oPsrN?9EdklL>&p*CGKN}=v%OUv&;8);J
z6hi0Y`-JkDL+l$Pz5WTM`KI8*@Lu^u?*i#j(z)Gb>U~R5ucWV%9w%M4*^F|pE~ZPl
zwP!OPl5QV=Bwr)^;1+t@Ngv-rZ!hUH9(sr1GiCBgxra&5ZIM1pdSQ$7Wzs`W^scYy
z-yl7*MS4RQ*MnQ6w~?MGlir5@9@0~!^K-IR9GA{pXO@fu2pe&7nEcV^^6@n*=@*v9
z>mq!si<fa}6+QybE3<U_m#hz*-@E*Jnfq=Du}}21y^8q0xI#V8d!6K7H*>$nbDbok
zn7&UtioRTbh5i0UalGa!OvgMY{+&fWc}ayD76rz<Sn6N4{!yZ<YCK*V5ovAzhLlJC
zJA^2c|D2NSe2LJZk^2i|ZxNj=%)*yeC~h;A)pvn2v$kWHd`;v#8g__Z7ST6|zC#W>
z-1jwjxq;)RhzJ|wPu**nPsy*xO@mhLU^9Fc{x0Ddw_Ne#TL1f!Ud=6WGk~7@%PLfE
zXK_<*|5nG1=$k{|c%ni*;%%2J4t+oNvdg>;s>k2DZh8KxLOn(FnTPnb89okwwQyzP
zg;&lxqQlz1Y#>WN`P1ZouH?sm7g&pTPNg2Bq-RO5-dX?rX_@|%5cPHZEu$~_)(Ydf
zbRjvUoHh6*_>%AITh|HB>%u3O83*E`Ps(Y3E&8r-&Kpur4}1<@f8T4{c=11}OnsuL
z(soawFFaVGF56k$yrPUg9XHY*8|aH(U7@%wrrYDKuIIEH*eHsV9yimu-YPy%A@R^g
zdYbf4NP00IO8VKTv!59eA>|K|KXgrn{kfUqi$g^JVbWuyUn%;F{yQK6w)y>{xGmoF
z<0Ud08RO|P`BUU?7Q(QvIG(=V8crpRL&~c?*O0$Ki1PKh#91E^Hrl6?{5i^doOk=U
z$A=B?ei$w4JB+^cwH5Nyx3>D@Un@?X&xc30YHx|tRrF<sDip&-@sKzT^ss*df0B1O
zF1!6)!FtYPQBf*>>=J#~Rj98CQS_tLZsv2?pRl#t=3^0heK<z`k?S|tEd#c=l(w8E
zz4e9)^)^$#ZGFz;Ogd1iX=q8+_8dWe9C_=yrZ{d(92Fl9@x9&IuA6b%_&VxCey?$>
zkuuszuTNGO-&df%oA&VVu3?Vuzx~LCk^8O~R*dIjd%FDW>)XQ3I;LmQmqFh>qR&yT
z?<T8Y%Ma4dt5W{kD%5|Q@@4#RrPB}c{J>dG3fG9fw%0RWqfbBAzI}auu~mJ<kE7^I
z-ng|N8<3kuZUnglQV+`Idn(26mxx`9q|cB(u(No6^;YpLb~V0%>y<;B<ryzGFy77}
z?~sy1?CL}=G+aJz`$^B-Tw#9?m^mKZ<n#Sn4@i0h3!_W=>tW=hw^SJKgWz0_7XGH;
z*Wq6xM4A5OUT5k4Pd@byr@l6*K%Dr6*Xx?1zLIf#*ck+5<Pg2>an@VpcdwUv;1lpV
zKDUpLVXycQ{S)Y^ztxNj&gBq)&&FAQ!#`69^z(K){>zCu|Hp~<+bh&tHDmk}eQWS5
zyj;e8omcxtuBYDR-F{MDGwF$USJ=LvDf6MBSH`7I(&KmSe7+en<!=-f<^7)U^1GBb
zOa2Vyy+`sJ{w1Ew?^zO3@30<YC8~7$BVTw=g>nB!@^DDK0_U-Qxw}F|g+LE)^eOfy
zDW{S2k$WnXW#{Jj#<%G_#@jCBSCGF?^p&sI&CYslj<;jv@4nZ&U8O%xlio-A(@g!F
z_BhAeW#kgbeP84Z|8RX&cD%jREB+XiCAS`Lo6qON;R<!P5Y%h4T;>j!AH>cc<dg5+
z+D`HRFmfZvog{j(^D3MFMb8B3lkcn0*C3M4_v!f0+vxZovyDFs$mNiWntJT**bcW!
zdbYJf{bUa(u6B{9pNmtWJgy#LzSiC<UUq7=qNk;o_IYuI`n{(f`}39$d+E{ZPth}k
z9@X~G>zPB(<V!2m^`7?F>-7dNdy4g{eG}u!%gX7o*UM8+v0h#1sgM5idJdx}cA!GN
zz=xl<Y%ia0tM)pAo{p0%)Kfk6*z5I2FaH$l)%<4mPfq#g^mI~{0rb=#tWZnRUc_*5
z9pb&Ny|2vttnCtgbLgAws8I7e)5jBCtp_}wOE2oHyMX<O(~pim8FzcpC;fX+{BIt@
z55X7SU!h)CX|cw<H3q+OKlcTMW;mC(t`6{V3SLcCs9!qboPH`-_}24GuXnDiPYK4j
zN!G-?puH?xKtg@VNpbb>)ARkNl$6aO<5OcF`|l4q?z>sTj!thUy@Pa?UAjHFPUI`S
za$@A~C4GeS&3)U=-&>IO8zy~bvErz_7rhyMi|FhADeFHm!0~%HzVobc+WJ8pJ^x*Z
zTaiCS<cY^azH9Z^dXP%!`b+vRDva;TpDO9RFYJ^DMA}&YnCWJfHQ&Pj9{4o*elAS0
z|GKV&zT<3(HblqB*UgW1T;|AEvL54i3hV>42pjX%BKcPe>`MyasQ(+?)z{zq4qU`~
z5_!6jdtNJkL8XzTX5^xOs4(6`>74(HewBK6Avb~?+bnK<?L`A*p<-PeAy&uVDETtv
ztB`!=A^Ze<_aA9bTR)L@nT5};SLiwz?dJSlf@RWkq)SW~>AWXSK68lP4bt<Z*J#H0
zCw$$-tcT$3c1WBy!;8KFNhs5v{-5)-w7s{T$=Bp~^2))HUGxp1Pd!p$f3C_{pD;RY
zPR2dXW<HzCvDZ2&wCFfpKwlhv<@(tw=}FSxzN2ySoGnI4<2t0RpYp0IclG-NE!a9h
zzV%~vpKpqMsnG87iJy;<ul`Au>JR1W?cDEsLYes?jw<cvmP?4oXIFaqS>mUQ^uZTa
zsw<>C^N@P?!$+gLvtRU0kZ-BosZaP>_{`}}Udma7Uq5qq<w(BTOX*Lq*<HS7^0kw1
zy}MF<*<4?2u8aL2_gS5sK7pw2cLT^Tom=U6|A^FQ6h04cbDNf*Fy-z2QP&?nhrHNe
z^lwA|BK(Sno>fzSmB^ci=m{{;iaq*zn(?1?vu@`G_`*4r#r@Gk@;YbI&m&#N!#2{z
z-pzUMLY>ZgQ!MrRH|ctjtG>Ka{jVRobiKnRhW)vrE4=z0-+I1em%P91b2+|f8C7p8
z!=JuOzKpmyMdEBALA)@Se@qBt93?u;mjk`W+L%4Xx_V{FVvLtl<V##psXpi3k6nKB
zd#@X%Ob(f6H_(^7s#3i{^pzRUSur?<ZiZ&buJgCOh53E(|1N(!I)=!fy}Gj8d#7FX
z@%_%rtunsNp=acpO7#;lY}@$aT`iu=->Br)*O+yeGhSX>X?)LUdwsw6(kFKHpeK)>
z9oqFOFFiOx%rfqOpf530sot@p_V*2KrBAm%`ZCv5s=r79#r7{*XPxhyZH)+!{B3M3
zC9bbj3y%0H$v@+jU;Hy98&k<jwYa1D_@ia!r6^joe-_Y}dRwJRc<Xb$2iW&RZ~w$a
zoz~YdfPZeRRJ}5;m&Sp-8_@ncf@gT%C)3&tef{Xm4Ogo7dFyk<yZ?2b`pkfk{xgfd
z@XeKqSM+<?=P-_!3Pxy|;)0niF>P5L{{vSrpTDD0egeCAwD73`zA##;aH%amSif5r
zTmH9J+ODf~UeVV@zK(ZQI-Zjgef{t;_*s!8-ZtmS3$0m_L67(F+1AApXA|UGBA@ej
z!kpI;e%|Nk7^tKSjt2gYkbh>ZvUuP6kUTcY4j*@@t0g_a4Yt;ISE?z=Ksz7u8FyxV
zHwLT4?nct*N$2*FWw-S`l~XNS=@rG#A}0BI$XD29KJnie`RebgR8JH|<{|tPeAt7Z
zgKzTSm*FGukF%73qGt`h)x|f%*Ivc?4E|MS|B*d0ACn~w#k3#w*Y43DwKhHfBcFIr
zW%2v)2;ZR>0RCh5SW5uu=e@|Sk5{T&wjL+=9lT<A>dW+q|H(9}oincQrqS1WPi67?
ziYt5OPuT=8-miC>ZRQj^k09TNe4AOXLp+2p>lpu|ie~EesvTrFy0_B){QwFl&g}aO
z2c2Oi?c7ejN%C3ofjy=9T)*-s`G&}sBi|UGH^*ORT>H4|V85J__M0YO>)}er`)q|@
zfRDht+xv(q|0pTPJVbs2K8pMkED{vH?rQok{F7XKGkgr*t*0Hn+k@|ckHbIOrDp)X
z5B?c8UfO9CJ_-MP;T_`xUn<q(udyzjMsD1agEv~!c!#;f+al>Rr02`c1J3)#4|>ik
zVgrZti^gl{UmvMdzuAo6;(E>h(LL6J4bJdi7xLAgu5?^Ki(mWUl?Oj8`ZKJvMZbBp
zfQR7=pV{5@h~!%&-^k~8mrv}gy_SF9FTI{>gzsM7y}lmu6@KQ_C*%2m==(*b@%&G5
z-QnzK9?z%7$g0QlY4VT!x>9L^_SfS%cs+xTjOUA@pO+z=AQ^NzcPtt2WzLiMSR=iU
z^t;Q&N80gwC;sFX0V4X^hlsaFDtG!^iue6iv6VyoGlssUe^jbFg}{DeJTcZ)vWO}E
zoQCf@=e9Q$ly+Psf2*oePnG=U(EzT(C;4&L(}mN1@$nNDhJd8kUdMWebUp9rbmPs0
z@}^0tXEW&`f0cTv_xi=PzVZjltY6|%qS!fvzBuK%_n*e#yW#EQgUC<8CmO0s`qdnK
zAN*rQF?P#SxKf{GQ@&h%H%L#DuUvf_uE)MWmFn49eV?^mef!ZDqda$ghv7Tm-Ss^z
z<@1s&_jUg?d^fzkzS2Gm@P*2%9qw<HxjfLF%3S~6z<T4@Ds^YMe&QTQ%YDC6Yn1lu
zM_=YyRVDjE!|?UbsVe@y59>m`zTy_{YxKZRTo>0@#%Db)&yp`jzL%Trqt`3`pY5?0
zEZ67{FAqj3yP3aL<P*=WDn6fNtZxok;uI!B#4EJC%tsAL{C{GVI>W5LA%CYOj|6iA
zf9*-eqvur_`^}Dd>*C_P)q-3<a%tpJeBSKWdfZDC-xqy@ZNA5vHbf_qte?oY-_Z`v
ze6DQfub~_5c!d1*t@ziGUtbMG4g_2EPn+2<WL~w+c-Qha#+MgWsj+hUQqJ+S+=gO`
z{1Ugr=o@))mHMH#K9-)2OPQy6nuips^g3=4ef4d-^Ru*1?Ty68F7ruTwUck2d|wp<
z7=MiQs4PZ_VB@_NI%>lr%ijR<eJ`z289r~ufi=GC`?coJ+1*w$zMIw5dS=m+L(hAC
z=qb*lmL5G%7_SubXZAQ1vAj0lvn%lxIK=uRTBSZ^+N0zA^;Vek@)Yv|;B4zdhyEba
zdcJBW|0MaJWVWBtPsS{1?ilInM~!UM0H+8g`DghXCjSaQ9^U2W#L<8JV?L_~vATMb
z?el5>uRn|N91=I}!^H2IRXUc<b||h7ud%HTPqsdjN5;b;@~Ocp^&CLrKtSfLG5C7;
z<Ai|M_uJ$%hvb_ky^r$T^TGmr9R4vPNIss>((*@4`D27P57Dz>%1g6Zhwyc8XMXX}
z-wYpvmu(yC5czia8F=?PzXv`GZ!R%(7Lgwi{Z~~fce$hRX^(Oz;K$+J^_n&1-St{D
z<=y&M;Zq*^12-A%$MjG<#Lfoz0`l&9wZN~#yX)0y%2yP%812;yzv5y4kSXuBf6SD3
z+dl=L_ppBsehL2fu5y>*GqF<p*WhR1-S*esY{<LqZ-k#j-tGT3Q{HWVmnrYIzaKu0
z9=HBs_;Gk0?`9pu|A$R^xBsV2{ciggO!+t33Kl&_;MZU2ELZy327CcN%x9yYZQeiC
z?LT6q@0WD*5WWRo^x2Bh{jAfJch|2Meg%2=b@PxZ@2=mNslVDP6qI>#%9QVuanhJ)
z^yUa#B*r}MypMOL=l8Eool=ht^o3sK^o#Iyw{ZOm?{4pAc#(Ivce^R?_D2uA^3Xp3
zzur~a-lL|x+aD9Aez!knP5FSgKiunv-+QjlZT_fz2jkUiO8wCYKLhXfN1G|{_D7c~
z@AgMOe8xlnF#IHZN&K7gZhuUh`rZCmFy+q;P^s<X<0Q}Tf7|@g@J{@3ZmB<7;Ai07
z{^&I2-Tvq`<=y@mg3oy9AA_HScl%??lz01M&eZSr$FeE^#d7{|UcVgn^oQ;Jh|Qy1
z55-IU(GFh^@AgNJDSwRVQvvB;1E##&AEWRgm;QF-C*Z5$*F-^SySn1s`}cdK+*R~s
z(c|`C;8xbJ@OJ+-BHsWn^49nJxGp=ylGgv6J;mjlu1`C1OK&XoOAmYw-tCtGQ{L^D
zQB&USmkIcJmwxffEPNKePBLuomq)zr_lREtw=w^mSL&Ar_%yuTFCyP!%Dcz;PWTk^
z?)vtc^6vT$ney)Xj=_(h$E|+~J_+yc7jve(yIq$}{dW61v472!|CP7jT;G@Tf6McF
z3q5j(KiY5S`k}Yf-X8ccyxSiGro7u9qo%yu9~1EP9{OkDL-1~YESmCef2^AN-Tnx0
zK`#2syw}9-j~lm}SG&;HcR{H?`r+g7Zhs7$@@{_|Hs#&^n1=6m>2IbT7T{y>|FU^K
zSiBCA-MHeD%weP5Hbnly(zvg?1O4!JKS?_`!;8E-F5BTd;NA7=G3DL$8ZhPE^%{kb
zdgz~kZ-sBg2I~-eX5r)T?si^;?}K;SziP_6?GM~()Yol)1H9;W+uvf!yY26U_wr9K
zy!hwcmhqt2KLnriuzw7G$;19B_{c?7>S-=LbD|%fZe2V?|1x|Q{!>NPD0dCM@8T-s
zIes%u;-~gqtast{`&AiF5Amz)>=T&3E9-kupO`zwvTx9ae6F8$tvI4M{#y61%q@&*
z=YE#)^Z@q+$udO#?B!MJI!FHEzLaZT^PlWF4)J7AyVt-@Zi>);K0-N5Z)Khk!aU^j
z27DgA)*?Z<E~p!0zUBJ+Wy15LN&0u7!u-0fnchNr6Y2kIrt`f~`k9d~db>#PAf3yL
z;?csVe)#x!)vlfw>?Gd=`RYH!_1(_=RPOiGqhgHcTSMQ>hpW`_GENlRt*qbw<mq?Q
zzs;y<C$Q%~Ql;(^`<(kXw{dq&mtgfpksm<5^<(VAn&TAf3K^&5J%z^=_j{0&L;N;@
zeBY;c=Qk;5nSAN#svSL-C+%K)7wge4S9w0yD1K`uJ-$|@jy3DaKA&;@MNn@(uj+f3
z^PY7l53IUwZ6h!GhR|2|pQER50e$(uRjEFQeO7-ozjwM}>yO4=_8})@^iZ*{;XU~8
zkt+2*hdyI}(N^F8cGfpWeXn*>W_|n7SNKPjdJx_2{Ysm@`<<Ej{v}n=jy5MS$zI3b
zEc!xws!QIJw+LSiZy)DnJ-aIP@l~rXQQ(ME8psS&k*gbLyg;s}R4!)8N%?Kah5V)E
zcfnV~+shaEet6~LCGLjd*D3EfK1+Xe@AplZ>3b#JJaqlx3*>W`vk1T9;-#Eb`1}^-
z)ZT5RyUS^W7k}8xk@#qXj|Zw%>*jjHc<w>^gZ2Av*Y9zLmps4i5pm7v8%1BNvRb`e
z>ga5r*I9n&0U=3MB0r0K26-+6-15b(V!Qk*@}a6~b$O}$>2Cev--dgrAM);cx4>5)
zQ?1^xvwertwpuT?P|h&=)<f0m{LS&0@zDGoVy?FueAWXkY?^lj6Jow@fAWRzDUH8H
z_<DG|-QurR_z?X4q5%Igeihe;zPqjEp(GmqZMc`~8RS1Hgj@bTr@YwHiG1kZQhR#g
ztKseT==mQ$^TBHM4H;jypNHP<IS*|!|4W=6p`5|VYBjr6oR0XMamujM?qu}9*p9xI
z!|3}&wfY}Ed)V!|Uhuvim-ZM!Pvn!;>NBFp?cZL@zh~=+m;O72d=`1HaYEu~!A$>{
zm%biL-x<O1mDXn?jsovxKF&DXN9=2WkHDWK`W)Y*DgMlg^)({hA3KqcAs;P~zqHuB
z9(YI+jd^_t`Ru2O`_1{K7?1u|Ru0-HvbO5BKI?L($+tdTt-fTor)~Z4vEurHTvCp1
zf8<9#S6yzM>3)v$HJ)*1-cc2OE$?IfG*hi!ytBCFvAI@aN3XBKdd*<o53}qWM&HWk
zt5v_ZK36>X&-T<O$~eTnMf6qARvYtnX}@yod;3=UB(56YkN>{DyLJ*gddQdkMzy*q
zz=@X~&gW-ODYO5k$GbLEOrbBfSglTR_hYG%HQzkZ)sM~nJL$Kp<d6SnwaW9^!yZ<&
z_WR7fZ+JDE_@gC_e}B4rfAo_tnm;=J5Ibhkr~YgAcC3-F^|wdQj`sWL4{N)(V~Bi(
zKOY@CWPDseU%sM7J)6(czK48qeaU);c^`CD$|K#qz6pGQ{s(`o<TDS^*8m^eTVp)e
zq4n{5)aG+!jik4co*?}c$-`K+ISyTIjdyyU?nQ1KxhII6dDMYJ@M(B^xx$aZ_tn;v
z++Ui4kHg#NQIVg6?}m5lS%xnhTPnW>zXI=;ul*qN_oGVrM)*E>@riXvxoz+Xc<b6u
z(uD7VpMiJpoAkqH;C&)!9wI*sKM7xHk)V`y7(NaEIN`Pbi(jiX)<0(YK1nwZ>F0~^
z<K$Zt&OYui3Lgw+s%;O@J?y-=(9bC_gBkT`n4taZob?mCTHrh2&ocG%+_U5Rz+I$|
zkRCPDjW-p@iJ^CZ^hpoBqws0?m<a0n`d*<o9XM^~Z;JFB>1^A%;?2kGt}7~&rKD>A
zEh8T}-rEkT#|G&!((5IIF0c4H51qf^L*>(T`;(r3yfeN;Zx{R$yw^HK@(qyQ*H9YY
zqwsNfcYI91cf(hRo#r8WX5nKlUeAB<D^IRbPuYWzv92n)E@3yT311o0G1tMT2P3=>
z&(7%Op5A|G{4o0)C)61GckXrC+pMJtR~ife#*)QouO9M68f%RAleqKUvMDQ7lKPAy
zpGMx^FI(Uz;K$*2vrZB}ER!$y6vn3jC-#2eeZM$dX8w(nTdymcxo{{vv*xILPhILe
zBo`vjbM`Oc$KcmbEaj)9eE3HrV;$n3Ia9tzNc>DQSl`b$xY;k9-_K}7bc1|h$`@a`
z^68<R3#96Hk{T!J@5t%*&Kd2fw<8D_t`Y3-*XZ8k98XXnx;dm?{pcyQl*auq{0e-P
zmNfo}{9*V!ygTlv;g{g;eh~QuQ{K%VDWiYGlz)M(T<O1cA0gfj)Tq}9Puv*KbG=&M
z^pkR0NN+mXS-$wQ6FvferI}B+LsV`V`iuwo8D1s-0CFS9$!F`3@of}7dP<GDNk}7J
z>5#IxGajY8+UjBG5j$s*Pb2STr=%~Fo-dOwWp9ukKDDOw_fI~``mVzq7m<@g>emb(
zf<IXZ?U(Q&-+*=tb{dbliCh<Qt;oH|l+(e){^m`-x9V`jd|me;<O-+N82eEo%OSBi
z2H*Gk8l@KirTz9`Fz<6LRF8NqRJAr^9yo%&!Sia2-yhU=N0_pvitQQTg0cSm()eqD
z55YfPbdgV9PN>`8l()~j!greT$D3sf2;XbUyZIsbF#7HM5b|U2P4N1@0B+TTG()xd
zoXf#r+F5_T&Go?77QXe+!zb&Mn|z~{w^qpQ2YyV(<I3v+5&hZ$m#i4eA?4Ri$^Fd#
zH{}md{+N{irW)h9<I_v(@48;~-M(3UE~sp^AKt3=4pI6f<<@?je{W`8BlG4zQSLi;
zQLgltVai>h+%`TJ`_(0-{c1|=yI^~{Mda#{d$C>L#ijZ-kc%Mq61$xBw5!>l#V?JY
zVEji;KL`F#_+_{4ahP($egFTqhxFIFPcr^pSUUeU!z&NI9ey1<tHqDzA$oe?3oc&9
z`2o>?X^rX^S@*ig^<q+ypFq9?d1;Fh`Qq>CNTRXsT10*v`J@nT{g*q}U7|mbA^wmb
z@sck-z$=Nyc-n$|$7MCf_ca(75BcN`MaCiXP8aFjq@O61PTzdrkE9QfK1llSis`(k
z9Xa2>8}s9s=ugzBpro6J_;U(A3a|T#jh}<>gMYOp42sM$eE4$g^mF1`w`|^T@rS&A
z-?Eb|4gbdYe?^TtO~wQ4bB)8U{SyB(J@=82BDbCg`q5XQpNl%{ka`WnOaFKChvD<^
zaS;~(@OY-Q*EIadV9k#AC66FKxkGtrpSn*meh{~(n&lqiRix5Be2Yw97qyVyQ6^pL
z(?z=2_b4;}E6sVcA3g<duc!EV7=Hd{+FKTSrG9qr*Zs}&euC{ewM8j^v_@Sc<(r4t
zwF+N=4_PEAeBjggA3p5j8{kD=*TYN``4;$f555y#-C7#Ay{7yzF8xFBqCa5cC2q&y
z#U7tH3V(15p7qL&)&PE)^`SUacWXv#5&IU&KZ6~YXvX-b>kps$o^xHN>p#tS;lVe+
zr#<)<k-xh}{n)0zm(QK>@q36@({5LPakt|Mp8bWlleK%zpJw}tf2Jv?``#M$eYsFB
z_G{;TUjKuxeNfX@iMKWKufMlO-L^A3&+)X=v`6%{a|5IG{WayjU*sMqxJdF?mD%hY
z6MdN)^{`wJdG!a^_cQOR@>0kGkNVZ2;t2Xy7M=5x*u4Rt{#=bZQv%SdoTTe}Oabq5
zl9VI*IzNlP|EN(PEoZk&--TuDw)7oFpL(FC-1qNT2iMrI1A4rzOLHM%_+b@&vAG&`
zhi!wUowUH`81Hg5>gV3^U@yb}5LdXaI~k&0?~`<*C;ROh<9+i*e_C;AJ`Z%BZI^`$
zp&{}Pldt=`HR|q4PKx=8>wWk4N}p8WRnb#|ai8ZayCmT^UOB{U-EM&y=HnmKs26zG
z-yOf<?c%o!eSJS<-^E*>dmL!qPTz#+`%#U0t<2-w`zPu-Kj_*T^<9(t{>1G6#qk4w
zv!7vG7w|rQ$72^f*x~xg2;`-Iwf{Tg?N6Qks~NrrKKx7ejl~a?V_gUHoR9oEv95`=
zZj$~pihSnxHL6+S)2p7&`$do1>UsVaR4k(}Rj5%c^UIEtzW3VV(cJH;`#j^%pK8>#
zlCRVbS3LMU-x?+Bh#vIh{<eAj+@)6$qSV+=7&6nJBLw9f^6|z+(70<Mq|vV?kgMLP
zQQtQG$h@NWMIy%gF8p8EV{MF30ougMw@kjw-_3P^(az*EUy{K$Yc<6UjWAEO7@v)C
zqV7MKAINvSw!ru&?c5BXf24FjsvUmGgYSXQdGG`9^B(*teAa`XfS>W;XW=s*{386M
z2fqrRhL_m14*49IWj^=sRTXA`HTJtcY%VjRyyRML*cv&cU0aYJ4D2=bMcAJ(-Y4^b
z7U<!BmziGXxd!)m#>-Or&Iu+?3J#tWOzt@?7{9@5v@*Z1DRDiG{+YA(8tZabyZW2x
zS;dAe{=leSx2}>e9o%cQtByBzPPElVoYj7T{#v(J?}2Q_J>$2GSb9T+oxF=}{ROXx
zJ?-QhJbSPDfO|bsyeZ4qIKz51#5IIbqU0MQU+SE_yV}=ollqfy{@lH4)IA=W<Cihh
z_!IW)8cfwaL&{wvfA@L2D_7#A`HR?l{@xuuPblMA5AyL#_a3$9HmA_X4acMM+-4oB
zHqe**@-fQ3zuW*{_a*!be;l8UamjeMikwQm7Bl@MA<RSCr4wF#<rsC*<~UW{C%4Tj
zG1t7J+eP$_l0WjmF{;DVDIoj=d>_2q&RO_4d^tOp&Ge`!G7o8&HTV(oeZlPSu64R=
zeE0K9^&ab0q(r6I*Pdm(oI6Gx6v8}&@5xf11*hG@55UhnT*{BaN55OjPr%RrXDL4m
zANye`zX-qd<5GSVKK`>(KJaDqA1UP<;3F$eUiv``e0|{<H7xyIk0ZWY^u*=AdymHR
z^nVf!|MVh1@>i!G@xu^&_>oe641Q)$t)sm~ehNNTQOeK3FIAWF%kYWXQhp7-I#kNn
zensw2m-3D9-H&nd;)gc)^pk2;s>BZ;D)EEJ_ly1$YSm>jZn?+pKl!Y2n>pGTj}Ids
zeMYT1b5q{9k69d7e`z0A8K@0^FOqNkEqm1<#aM^<Zxvo$zSr2-FcX9iFm<)U<Cfwf
zd;@&)t+gfh<y+tf;h!SXw7*_Tgiq76WG7S?=_90HYNl`9zqrTU!NufhUY(4-g^mgI
z)n8F-{C*APZKLlNFHNFn6+QVYYt`YM*>#hbo<{Pv%n=WRw2SDW9XHptEa1##t;qEt
z7rvoZ*TE^ruZ`<^81GRXMy><7110)4pCb`{Q^+NDpl=bmapX=e(RZz*+zsTiJJ8qo
zRj!}6u}_cx$c2)%_W9gv{6F1m{BOtBQSwLMR;$>q({Z&;JKtNbeHPI(gP!gDxq)1M
z2Xc*HW4ySrR=uFapT*}I^?qw7a$)3J_aJEWZ?F3A_o~12n^DPss8-$P^Q^z?y3se|
zRey6^M$b#j=!?IjwEwQbcf;!o1@4r`gRLh8qo?VWnb=YHAoDHhm+^UX9ay{`Kj3;!
z?#%7_Z!h}R-}%q?-zoHDZ~f={?;3hqZ{NQEHp~;xcWvK)+mUNUZo7EvM=rhtePhUt
zAh%urokcFQ1ARx3TiV7x>A$sK=ihs3)wNs4?}e`Tl_=3;TqpUX<NtjB9YfCydbacD
zEOPlB$Q?nh`tI%fZ|yhef5_Q>FWRgBzQn8k(r-G+AGxPieP~Dh*FU=5{>5R@_x@Vr
zzI}1Mz_#BW^BVp>+jYNg1!G@fk$kNe?^Ul9&N)97Uz^iH(gt$s1GV<|@3Zze7|i-j
z{hc=bCqpAH>w=bVGXIlL&aFfEPWXfe-wWRduh;2j29X~!<=y<4so%{{!6(sktW_u|
zdge@dw>`_I{z{kp8ob!!=4%(|pC0x%!gqV{ZSXO8x1C+4yqoVg^}G3Dc(KP_ufwLi
zyI#|#ez*M#@M4dfKLX$3!EeAvJ@~qB5kK&5JDcG}-p#kei+(rX12666wtoO#;>T_0
zD7?gvo1cL9YOh&%X)m|@BD}Ph+n!ZZ-pvOd@{Z32_%wRl_P4-~dz9M=pYq^);YZ*D
zt~eZm7ysD#24u$I#Xs6keSKAYyj1VwOmCCExJ~-n7U|NT>K-=Ax7#IrGrY8qn{S7g
z_Nj8!uLoY*$1OhqFYROJrQW0P62Il@J+)2x!ZzuvTck_<YI8>UcDsacgqQes^KI}^
zcz3<K;9EW9`{5%lUg|vz-vnQ--V@uT&ux=_WQ%mEU*OwD`R@8Pz=vJ-ihK)vJ-oZ#
zo$w(K`Cj;H7ccc5f>-e6>V0^d^x19Fm$yildTf~K?t0gKhxO`xrS07eUx0VlyB)s%
zO?#Cro2;Xg4?QA3TdP{itp}X<Gal`^9x%Um)QG+*^o1zr@luc;7kJYt=-<P3gITbY
zyNKM(4~|Z`qObA0#K+HSRc*O?INv+<`!f4waWPT!4WMu3=d~(a!HK>OX2&{QyuK)T
zA7z#24L{Ll=$k`d#~+TKeRYe(>z``X!{zLAw%cd7Fi)>fdeJw&VP0=h-%DvNiN7KE
z$Ro9Czpjb#PxvwTR``feHu)*|*q&oc<mceK;l*6*kp8u7${!~rdfeYD-Z0bM`Rcxh
zKhak%UyGUU&esVa-6CJVneNUv4BuKNpTzwH=`&M%)r46OYrloN5%=f~4L0|sz6+xN
z<9j{rmh@FK{VAp%9w)*pa$>9_YyXq}_1I%ovk=-}#`9i{@U7^z@*VP>U+iynh_;hH
z|B1aN&ujI-XW^~BDQcxY1MoBO&lJM3K0m*>KO^=YMlSrRy~X$Z9^wtPmM+mVEBZgZ
z*LYsq&?C35c#i@<;AU<xiJl|KHBIkTZ{)Mo%ecRFj^3}6x(2?_d{6p_q&xKtT6zuy
zqmpVo|Ac(?XTAL_{^&B(YjqCepYZ+gihT0fI>f$V_?h|g`X<cu$6A>{(J>33C7<OJ
zNfv(5ls`!b^ALU&zJPq2MS{WymKeXkZnlS+CVT^Y=9_y<*MIPn@b>q$i+m@1Zeg$E
zeImm5!q3BBC*!Ai2tNcLdDvO5_+t#d!{T)uzNy&ml0Hp(H|ft4T{``eV!G&EB)$GS
zrFO5vhu|M=o2W!S@B`$(yVvnvYAL4yJ_K*QC;gDme~YoPZTPK?^vL%&+f7!f5>H+5
zt?(!FS>lO(yyAUlb~H6(wV9MZjC{9;p2P6*9qN%bT|hql1MXj%^P{nUc))nB!McBG
zzu(WeVcss+^HS{(mCFBcuW|j4U$@?W^uN$^o|8Irh&?@`??-!8#9`0oa~9@(N}ea#
ze9i)siun(dKexPBJ%8)`Pw~nxeqEOQKi+FR??-*)%Vg3%Yw+{%x_`LZhYnxTK8-(O
zzV^`52A|)d9*L)Z<RkgbcyZ51qh`8$KAeDWC7+w0g^$A5Xpb5Hbo`t0?(4!;Q@{Iq
zF0jn_h@N9zdK%!v@OC{?j~4iqpOvpim+1Sgv;RrHe)#mNcRp#CQ8T?q?4T8x=gjXh
zT^4NRJqM=+BVE>btjB-kbLbnDamA3=FVVTlC$Ve9k?1{wT<d@DwZG4#tlk#n>we7j
z9P;{o3B`UuKe8SI@MnD1{d_B4#qXWuEBv9fJ$m6+;N5;7g3o*KWAIDxk3y$)NIj-Z
z`Nv9q4ZF;7g_mUP_vy&B+p~;(?oXxdw+25CUv7O<_Y)&M>KZ4T;R|bf)m1iL>}rSa
z{>#q%EAj)#k0Aeav)%0DqyI@pJ*@T<zfOq!dZ}M$;gj%gzb?WLdho0833$6-C5{3=
zHRMll#nBUNaU^y$BbWTE)1MMA?UEn9m(QEyy@Z(lJ)SFrttac?<xLiZG=WOxB;OGE
zGP}$tc1)9Rg?#RQzW|?ycl+ZA{E`R10iT0!5WCGo^w;GLc^w}nFMeu<7ybJB%hunH
z-{b6WU6TKAd)37fC%U?u^Pm5Xdn^}_Xw0L-dFJ20m)7Snd<foMpK17N7ccfLz$^Ge
zX1O?9j|bP;?34PfA=mea8ULKiA?;E7GvWh&x9!+YzR6wY6FY{;mnWaQ9mn98;NA6}
zg3o#IbMW)<?si-@<?Zb#{cp|G{|7$1#}OVCl?b(l5j|fv{+#;#gLUQ}5BdMK<Qa-c
zmU?v|Kf<@)-Sz5+Pr|$FH4H!K;-xN!;S=z`<Fm2O^ZnKw){XTq>CrvMIOau(gGKlb
zcwN8EI3;s&TF~{{KrZY%X2<nv{sqeYrS)ouUq_F-UOn&y7ccc1fM0<xSFbVBXDG)$
z-%GwJ_$>SgpG|+<WcfqKKk1QxnQp81jkbF0_(yIWId}Wi9%26$-Y@#iL*yIbM?Cm8
z_@q^yO}-0$9o}t!KfJ2oxfzjV{?cD+Fc-p&P@|+LNZ0k-!v1OGmXLGXzW|?uciVpi
ze%^!MfX`axiA@|*-@0G2UZ`~1Fa4$&J_^6ne$#_|sA}i&HHv%zd3U`g;8)<?^_qpx
zyLgF{MffH7a`ClB`ee1UevRa-{T1^O{C54O1-X%$o!6@u`M$lS^%{bY!@KJ>2H)-C
zb^OD};LFu(f%Nb(&U&>_uOskH@V$KAoR7AipT!>yzs5fDUF+k7c-8X>ORcMXn**fi
zZ%1zC*xl)ud_&|bkZ-r^%xUrshD!ap0H1(&`|}8Vp9jAIABPv;T8EDR6+_-WZ-~9k
z@S=Y=ew2K@<eS`OKC$C4`SRp*_lIftC3tr|7vOUq{1Nzhcy~QFOnG-b>waVC-)%iR
z$rswcJO4;MhsoDLK6gD2!$;xW^_+%p_23uaBk=Be{vYPf2fmJ~%=;(zPX0BwH&Lp@
zB}$M8Rk9&Sln7B$8fdXWB18!gCC~tcR;e~hktopy2vQ(QSgJ%DB}$bjajDXkC{gN5
zl_*jAN|n0ACA)N&DshRnN?hLWbI#1%nYm|@Ta?ec^XcuqdCv3v&U2pgoag+VnQ50l
zSWe-YbMZA@$K%X7S4pq<FOz><dcy+g?enBdxx3x;rTq3Tp$|ZBqa1qu*G&+8Mxd{U
zevHtxzT7DgNS`3Rhx8gho%<F8>HA6VpGQ9REc4SCdC{wy^ik3s7gN53-UNM{h2HMs
zMftm+Z;9|r`8Gor{WA6r?|Y8SlP-Ep1k?FjF2S94^Lv#LwB642?ILo{exr~4_AXuj
z(8V4$IZ1CIz2(*M_HHM=@*nK!l2<qBwWJ^GWy-hU4nXg#Dp6~Nj=sU?2TA&N(%aq;
zpT3*)rN@+*=UiIkXGt$QwnTlzg5L~n2_4L~lS<TmZrqQogRMySgr2{UyxqESCE&(C
zI>GB}FHxTjID#%e^s<Y?bcs0w&{wX*Zu$Iy{*nBbh0mWQ@3v;odP(vb>k1w6=K0fe
z<g>nqau(#2&q>z%swAK9SvAo4NPTtwp7Ipg_fsUjcY*Zb1=4pekUqUYy7S!p`c*BE
z-n2k^=K|@y3#1P(kiK()^yvlCotXv7zd(A^Jn7=+oo>3gvv*0ocSCQC@e7d~bkn19
z+o9LT$O-OlH~rO;nT~hiI6CX5zs^q&KUZxD17N`~mUQ<LeX60?LJ#UA^d{&_p?iIe
zhzPwMdZmTl1-;xt-weIXLLY`+WTB5iR~Gti=m!h4_1q7A26|La=f7oskxj3FK4qcT
zLEmGcH$$Ja&^w{;iqLiaLm!78S5Jd(dR#q?x#`h*+6{dNxY2sr4}CPEht!kvJn`N_
zuYf*eq1Qp*Vxc!f@3+u9q4!zn-OziWNA(<lzR|)z0)4%Oz7zTy3w<y24hwx2dYgrw
znx#LF(50TLps$2(s|QJMS|GjCO^>VR-UZ}`7m(k%fc&(Z{z`N;@gO|Tb^d6|7nfc&
zPx=xmKk02ZhwtMNyR<{E#cpx9-ER8jzFxd(f#++=pCUg<y7)(&{Fs{_C%>2U$$8}G
z-1Ip4ia(k76_<a5n;s|MPWpP{Q=EMF0_lSbq>n9-zITE2xdqZI4$QBA!vg8;3#50u
z=_T$sGx2~q&U99uInOajddH&0%9dV*e~gjdl3MKVW3oOW`$3$4;GsQw+-UBvnTBuU
z0(|0cse{Bj_-gnq?c^e@j(OpUq*s$Z8j~*L=4R5zNxvzxP8>Yf6dkv&jUSzw@#!FV
zD!tg;PqXki_)S(k#;48p8$}vH*Zs8fXX5{jCF)2axR<o+3g}ZOgyXZ=p$_^U=r+Hu
zCcV{7|AAn!jv3tFO5E#hf0*@h;qQfi-!Y5Ld4E$*e_zj>7x0(kwZ7ZoU-{;2y(XYH
zLXXpHznh+mUb_5$q5R+-CgpH1U4H2MpjQeFeK+yo32#iH%kQSYUD6}v=LvwC;_(Y!
zFZ>5XdS}LKqQ|hC9_{DHpwA!|rSEq0kJ9%;m-5JT$GZgId4c+bez-^ETiRCzbm2c+
z=(?O2>lVT7oy+xGfgp=~6MRJ{F3wtaX@_10U3k1pes@7HhaS~$v&;WRkC|`bABMgZ
z{x?MEW6&F+9~+_XhTayz7d!8V-U5B8@ayti=GU8)H#JARA-ze`sijOj3E!_*2VWn2
zUj1hHKH|rn1|Ztu8-niv7tf!^a_B_PU=?i6H}7Xo3}rnwRLVVwd}UqsxO6-8a_EZ%
z*S&;)0(zN+e;Rs`g?|pZf-d38y98&+U-3uuc08ic_*6rmfxak0Z-TzhLT`sY1wFcc
z*9Cn~gf2GU41E&%4+Y=EfqCL553sDqkowqYr8ceX+KHaK!D*vhK|im6z8`uEbnP#?
z{>=$Md2^G<rT&NdkH|GZuYxXkU*@;lo{e5)AE?Csz%d?g`(ERABEKtwEBSRpABP@|
zF9R-rrR1me49A!4Zu;9LJ%{)*4gVhU$;8EQd~seh>CyIB0eup=D7_B4lqX7WhA!m^
z+Fi=o34I6jBSc^KlJ?f^^1oAPx|~<&_+p-u!n05yi~KNr`y%o}AA>#vJ!n6n?}mO5
zdQ`vtF8|T+c$e@yw1A?wEY>kENUwli3BA%I@-6&z(3e6F;){PZyZmwSWgY3Y$So9K
z2H<Oh&#T|K_%a6HdiY*ye3?Uj2KiK^d`t53)IR9Z_)-mh%EI3SeUF8|9r`5nXng5{
zz6*LZzHEj*4m}!QhN17U(8r*ULXXCm-O#sL==-6se{0x3rQV!Go>~L_7_o!)!}n=F
z^x{Gl=^G<*;s*`TD^CjJiC?!uFNZ!Xc%gnIG3a#=l5aPBL-1`9KAmsklU|1;_=BXE
z)o0spJM<#xLH`r}3Fr!XusujV(=Pw3`EByaw0~Xxq`^DNPnRbhnyZelD$>ir?G=)V
zH^e{hT&4S7v97>#VTgW$+m2jWWqjP}CVl4Q#Y%?%-X(Ga(Dy-ql@PUEGVAq{zI~o_
zvBPfC`x?UIL!s}7KJ@l%y2A?(556OtUID$VF`HfoedDrhdNcI?)3WKE(6=qmrguXh
zZ_1_*K;LtEHhl#8%o*AAozRO`X4CgVuRJrGJ`276ongB8ZHfmV^)xS5ujhBzZ!hrN
zR>#OX_*P!Duz$D1Hwj;ye|MAK*pcnu1JLWCNBw&QdM)&*fA4hp<NSNtO^@?$r-1T+
zdno=b{?ve6|LSc2ZH3+kJ<fl-=1CXa0n(RV8m=Fqk3es{EStU)`j*SH>3gA%uF0m)
zLNC8Eo1QAfzH77TRnS+i%ceI#@AyDAy%qY#4`$QXLGQmRo8Ak3+xl$!AoTGMWz)Aq
z-}B)xUHo?fdgVtJ_TO3f%KH|Z=YWLc^ML2*5@#wn@YN6BwfuJD^EF;z)b&sL4C&GS
ztrhw{=u!V&2Ym{9)PH+j{y6^~cGKhhcPHrw!R-<~<KlB?c6^>guJNYDf#($S{tx1<
z_nh~NV#-H)G(Ois-v>R;zgrhb?;^eYA2R&{@8=;`QQoZk4J?qpo%E%5FZS<$VD|!f
zvxgymuv_vUUbuee;OqEGeEn7|!v9E*)^8p39nhoo+YEgadbEB!UH-WG?RC@R>UWs*
zUEm&S{q9As?5pwhJ4gCB>CyUKQbPHl$JKA$0_m-!myg@)N7hHWNZ<2=#p;(*;l^Lx
z^`6@jiHYz6iL}FE`1^jiSbbIa^>`pL9BhX>CBKKW>uE3aGU(BInuT6up{G*RH1ufw
zRY4d2xcX~y)Ajm^)=!@JY%bBi(@l@7-(J#1|3mG6#*iyJJiI<2`R$hcptp$%#$Nu5
zeI$LB^p&Jv>ZfN;7)bgOUU0jG^w;_6?V<A2&66&1vDHlv?&}EdI_Ul2X6B)peF%};
zOnO=Q;?R9`&CrLT7eSZdt(3=KM=|fQiL9$8zHeI>(3|myH}IJSZx?uM|9k$IJ)Zqq
zI9_`935k4Nn*NRZ1b;5_zCPY~*nQ6J0|9x~B|LetLl^SF_!qnnM$!k|bUjZ6|2={D
zD0bRT`cmTODt>#H?*E{7K>v&o!~Gg>8`6sE_u0(Cw+Fu0iaq`Q!rYe>T9--|<Yg^P
zxfzNc4W-1pBf|A1`nN*gLi>)Z=Poy0&o5ESdq3M|=>5nA{YLT`hTaF=Yg3|v(8r+n
zKu-(7y>$GCz7cw@&_Z@t<C#IPRnEEcuMs}<2;N^Q<)|n#_^<HOGtbM^<#*Gg@uC&F
z=v(Q_W!7&*u8VYue_C(y6*kFlGxSO5{~!eD?+ny?9i$P`6>-oTPn&gh_Z%lT!}^bF
ziTK+za%+&Y;fg-aE2uBhgX=RwuYg{=bFtEX$lr2_o^`_i<Bb01skJ&;r?-;cNBW6E
z(ss?<X)E$wq;Dhr1V5el60pMn>HA3UaMR86-_O^FPDQWnlKxY-e-a)pp-(`ciO@Tt
zPeWh&DCN&Be(bl!54KTa9?RZH4zl*c=ar1_$Y)LnlxKlB_3M~?L|WT%5WN10#p);_
zXgjhaCBM1Ej$@<`kuJYYIxA=H`w7J!d);(TM%aWt3w;Z6LAvzIsl)I;=yk#vdf)3M
zUc2$%_bNCI@J~f>M3+|Rd!T>GwKw;TZq0Kwm-H^u*Zj=h{|N2?>Gh9=<ABJGK(B=!
z7gr|S^c1|_CGlVydfU(4aZo58@bVB{PetbbmnFo{Uo1A~=1g4l$0a=JO;hmGN~~di
zFHcvBzD>xrJ<dL*Wa|2{(A%MpLJ!6#U4G~Xp|5cHxewrUuVN*Afb{xbF81&H=E-dC
zuDGf9?WFg`q)WcLN#8?yFki95e(00X-y->j>|kEcC5zUQ|B_eHKkW&Q8`pX2>GV3%
z>q$RZaI{}`h0<F|ZzJ7SPtqQ{NZ&~M`z6q8`(w|_!1EtkLXVt(ul2F}yeA<sWotpA
zl=1Vu<g@-aixtcM{w01sEBgKGV)a5M9{Br>$>;NQ?Gi$@jObg%4bw}f7*ECN8-D)9
z>KJ`H5<i_^-_7Jx`S02K4nr^ckKFa$4ga2JUVi&F9F9Nj&(^mU`i|e_u5T~=eb2r8
z`tB#6p4n`DopR#QA9L5Y4*vQBi+PtU&SCT4us=-1`h)fLWZLa?oE{{f@j2S7_^Eq|
z|89rA@2`v1Su$}m`Dgt1^hB2bPQzbBG<do7ZGH{?Rem~4-%jW|3eq|2I{^QlqV&t&
z-sZ?>a&bB<J}hCNup^z$IX*PO-&gkX>pMa|J+I2vcPI2Uug+cHS@`SA)9P!v`R_fk
z{%ak<7)RCpA2-VOyf&>^ZuT$n-!AAIUzb*^Z2r4E+kc1Q-%|PV>zm?56;p4>*0&1!
zo?~*?w-x?_OJ9C{$H=F#CR^X#(Cd%SU0;WZVA}~VzrO3pXXvfj`u0NKa#HU4Zij!z
z+lVK!(QJ#q;qgPl`g|tF4@vtQn6$5o|5m&XeNRoRH%I)p4*IUfwEvt>Z-16s<F?|x
zXylC^%sH-3_*X7ZtDfBSt%}vR&U(Vj*LQ+^I?haUPp~HG|D?T5L+^WMT1~p`EuimD
zZ2B%alJU-2X?1cT!Z!Pc`?u3#^zBGa&aZDb`KZ>knU}dL>+vu2qW7fLhg^M`KU|e?
z$7512+eu$@URs^+%E(s(p9$!r&{qq=*E_N<bEbV=rWKJ?CGqP0X?1-jE``o{xGOuC
z2F`hynRaqTUYK^ec?k=cb$mL(-O`;_Z<Bh7%qx=RX1vMRn-{TU-q+C#>mYJ1ooWC5
zIj2d_Ug?#`?7JovS=0OLG-jNj)P@NFaS7gjDc|+!zuWsL8jfPTdSm+U@;(aDZ!>t4
zpH3^5Cj<2tH!rx-HkkGvf33vt_k!1db6VZR@2K7730Y<mCy8cWm3lqv2k_hGE#i08
zZu(JL!u%)sG(j)goK~g2zb3w`7c>%QnJ?~A#~l+N$A_hyUGVR_C9STB`kD7$?$OA5
z$6{_T8pTe6w-dbber9`dc>Q6#bFIyCS-RiFTXHn<?K5dro+IAX3*dEvx8-*1nj_xo
z1@N|mx8{ztS`+6d;pg)$kAYh+H7NFTs)&#OlvbaP!;8GP?a~;)9@l=Y;O)9It==Dp
z7uN4>F>t<q!{F`Nl2+?-!y_134#v69k(Bbzf_Lz9IoB_*-L&F~yC_*#XnF(Xy(_Ia
zUKLqaNF4AMSgJ`{2j9?OTK%W+nfOfP%B)}R^_~wyRF!x>2!F>H((2zOBNI1G{F6oM
zd^i66A`<@un@ig3UgXQRrq#Da-o14Bq3;+<tM|s)GdzAcA;z990x5V+$58$+rPVi+
z{NeXIfw&c}?+;q<BXsLW^d123;8)XTeU!iD68Z@A%6o`2nqvN|<7+4Ma_GMm68W3;
z(l6>^2%Sok{(+^<`!bDOFJE)WO(HiK)tk)<dD#HxQ%#r0o8RblbYCbzQ+IkT?O8-w
zlDW`EP4Y<4C<4r)iTFkDvBbl#r`4DceEm1s)Ykp!cKA2mn^vF9=pFPUdGS*vV;rNY
zU~-B5_9NGFUs}CEQ_O!tca{=QpdS~YH}SgydJlA#5AF3D8V4o*VrwRX-wDpr2h!@i
z0KSZKx}lGcrPa|wr`($ooI7)QL~fAu%I~MM&ckhoUJgBaK5qiL8c%2KpG-sV`$0Oi
z&nx(I(0icEFweV$zT}Ovf09kFhQ1!U<1zDH$EOMUwjZX|6+$=dl=^U=A^#q)pT!eR
zrN}a)jvL*`O(Dmz{Ak?xgBLdhe;B^{M;O;hJw))6_5S#YJlnj?O#d(X?n>wUzOK}p
z=>LE9_ZuIzgV+D$-)DRz^)dop$8WOhWheAD=z2c|KDi_=@0IdEf3Fa9YhZ4o?~mb~
zJ2Fk7CdAL3<FM~jvEwebPJ`>Qi9f~pc{4a_DqFu!=m)`nzv$s!Ql4(;jqqRW5&0JS
z0Q4=;_eSU=!v7!Xtou}ULSG5}cJUAQlKx{a^s?Wj70W!H-(-!S6Tc3RmV^7W71h`e
z`K5xX+vg>I`;@rVK)U)pabMEI_HFm<i@_yTmunsTJ@9KhO*Qmh=xxuX)dyUfd`Z7D
z2z~TV%o{UtPRC#(G10WXi2+-%Vv^^^bS&PuZa;Waf5v`sc#(0=f5(hFWt<~^)9{br
z(Hnh26xQyf{fmdbu^D-m7l3K^&4J%OU4#ryFF0-arRokL7@S}^qyA@oJ)+oa0-RBB
z-XZ}i8>cB9?uRR^>sq1%mz1xfhWallRo@XpB<@`4MH-67>)+kE1hpM_m!^n`UY+3V
zdS$8ln)qS1UeWUX#MZuGLfFi6w}ZFus8V%{5R6{NUb^27-dFO`aJNf)mwsm!`TE+@
z*m=&9<4wA_iFZ}=qZ)cGa(Z7kv_E*U=kB5X!FKo?;g?~*cS-y1vfvASvx^_hw+{NS
z@Sjk6Nd1eHb1!o1k$arqVt4l0e(p73sh2s@8{bj-cbgA4*U}zNE&aR9hda@45WLZ4
zrRx5i{3iJ>>p1nSbYtf{4kdPXPGJ7Jywr?C_**WaS3p-yrDk7KQ_VcN4*Eg(D}|=*
zYECN1DQ)qSR?^orm#Sa8>8wrAFl0PHT=<0-3nbC>Q@!w)pH-?(5dwG&6NDdbb3c`=
zrU~u{e6{fX+~o`5{y2;)`tOB*3jW}DS?IIS_gLsD7WyVF^eX7v-d(C~B3a8NI1SK8
zq3d&Bnri5+(04@mMgMis$DyAlye1C#cHxdy-Gg}JzdBe3;h%#4oD6@U|8iHOngab7
zhN^;hH*!Vi%x_Qa|L|49R~gqIgyumBYuxn~TqNJ-6N#6trRr4CH`E_q?ZpRew=VdK
z-cuSnza;(jX6Ta_l=|m#&3czPmlU|q>QjNK2ocTn*is)8$oIdmG&C+2y{4hB`ADf+
z#_zCRnfvvGFI9*90(@e(I{4Ofl&S~q?K1kFwx?{(?@TlO(c|Y{@b+9>YUXbtyCuHu
z84gG3@P11%q`YII?<J+?oSqQ5M8Dn8w?JRy@Q3j;(?3|x%O$^M9X7l(-H5bqcU5da
zwp~_g-Y04L8`p0+ujwC*5N_B1;ok=T+YHI4uY*1bJ$Nob^zDVd3;Mt0WY6S~HO{$t
z>GFeDzot~38@JvRnztoSwhnV#Jh5}tTPe@_QuRimVb9Cmc+>!W9QrPyNA2=`Z%iPG
z#xCpN@Ay#IF5-8+(EFh86vlA<k9l=2{n-e7jT_?o?FlzMB{=RS_|wq0Aa|zFLiiu|
z;I-eRPGWqD|F6rf9_-7AfqdJ+8~W(N`S!xM3qG1@F8=!3`RczDh~40oZ>0Wn!+W(A
zZ-E0}60aKSnO|H}YTip~>ff|8Jr2|BC%4e)(MbBT#$n=D-N;vVmu8*A8i2m%Q;cIp
z|A=2DkMrldBpSck34h-WVI0BV3w;K<{Pr&KqgmnqOuQd0VWUFQ9Z!gFk*kK@Gml)e
zn;sqSbwb}5!PDi3zCJ>)BcB22+dg|}<2~{73FM}bn{Pcq;=?R_D~JAm<G!Yo8IOPI
z?=$WbI}d=j<L*+kPDQ+lzHekZ>AOf5UhmT7hdv4Y%R)5mT)zxtP|x%Yr`UZKzP8~~
z-R2F|tmC9kp+ABCQz1tDE^(h1&j|fzd%unUH6ge3D{jB<0*Y?!&|9FF3r&~9KZdS#
z?<RfxoAG`)=%xqf1ET+S=sS=b7hLxe`ULcj`%2a4JtE&ipN75<x}LYVX+ocaUN%}9
zTK5zBk_O5Heca`hFQHdMpM?H=fG+;j1bxT1O4WV2#hZR>ym2RZlFtBm<@cAG`vKg%
zggyej<J+ZK>w7z)w^`_Wp|@D*v(UGECwp9+dOPhAx<1Dk$hQjmM(A=}#JfbF2AAI(
zvr3xKTcNLkU(DfMLSF~H19~(*^g?g5@DD<7fv)|>1rmF2cli$pZNc$P;+MAZmuqgl
zZ|uB-@#q805;F0YI3C_-O*|SHXZxd0Gu~=Ke$B(B>VNF@-;@rIH+~*d{~c1CCO!k;
zt$e6d-D}4St@+%Lm-PsQW$Ai@vlpDv@z}T&!r2pp(~Uk=r_vwnEL9tFI}dP2+<Ab+
z`L>!kJ>3yAbrpMv-waFskCv*_0}dteWeocGM5!X2x$#9-gN-*fK-x?C)K5#*KSk#^
z^v{{ijbv9cFrm<U8@1-#Mnxmzt)DahveyGH6fz;N0jLLA@B37m{dmw87)OXd_ma=S
zUzEn}7e@23zjwxUXu;bJUeWGSbtk{wIG*Lt9}T<ns&wsjVT#Cd30~DQ+9!D5vD+c)
z-(RrWL8F=Vt1j@iJXvb?dm`hez&!8kfoh?}831V?+mSEdTdFqO^$AtV#%#aVK-K&|
z2TsRta$C<5J5--We1xCvLtEU5%=?n5`RpKm-3?yLzm}>#!E-OkX8`)Hr%Kh=qke0j
zzs2n*HVUNRO@p`eY5M25_8VFEEi1G+^0IUfde(tgw;cQbSE;&AGBD!|nGec)$KLBr
zC?LGg`z>r@?{&y^Ajj}i+b^@ulYBFyS|T~^MVPrHpF#N7KU?ab!-QWJg_8f7=WY#_
z>qSUb0LpnDk&zX<?nbWuccrREfZR*$upfF0^g*G;`(0bu?>JC%ahO6Q*ZoFA6Z0GJ
zo^i{=`r@bcNe><zL18!)&;N<L^cN@S`NRA#Pi2<))Qx=0bEU!aDgOK+&<?H+=Pt^d
zb~GmW{|)kU$j`h)d9iZ?0l9IeH0${rt<dWubg}<B=(W&akOzEV4S#*d+s}yj;oZgY
zekl2mfj9M+Qgs%;y-U|W^zs+N<6H5+{m@&WSGwy0oGUvyPv2XSxYc}R?njjRsW^l3
z{k2rRLil6-CApUq2)f?<O#u22(W4#t$`?!3_xbHzLhpjU3%cj)k|uF&GxTxjzY;>W
zeIorp;$fS0#Lm0HY2&S5pK|>&%g*8P2=8;Z^jo3>R~?_K6~ybjGIQR}*UK9px$BUt
z0^J8qQS8@_+&FS)XSH{8zX@!FiNry#>GQ|?z27pQ8AN_EQKnk?E%u<D%gGN}MPB9c
zi9L71SClN%d!E87m)K!1^h)S`ujLP4Z~t7ziu6$UIo9p3wHaa=Y{m}ND~Vr~W$M<9
zT~S$7(o5UPPv&`B+$I)@9u<5#k=t>Us~>u7;zW%^gXP2lv2QQwyGTFB^)t!|u6}jT
znR&XPdcawk_^bDa+y0T8Il4?;80sg&^^!cC(G6(+ctnC1m)LC%`Lbin%ze#5<Py6r
zIg|DS{Rf$Hnz&@|f9{>nf5Z<u!P~O5Onp`|@aq9RSEMH$@10_aPlWXpUM|sd82N+9
z7i)_7PjJVe&p_AxNqqY}Cel7NfG)qtzp>2Bvt4Xm{&(U}Zz}WOvzyg^LhItm#C+xN
z1h*5sJ>Y%C;Saz3z8^;SCG)K7k*BBE$E<wnlS5LT3G%5tzD)PEZgI5zrlHqE51wz4
za?U|-fzEWwrdK51B#)i1oPyW9ig;ODrfv%PW1yU2yREjaJG&bSQon=X^_*Cy*wzii
zU(dhY^Ixn6X8hY9ChBtUMSgu<*dC(iEc8C;x8+vuYZfYZQ#0-NEoJI6x#3;A5Z(ZI
z<tLS~w;o^a#CW*aH0$6_kZ%a_i)rw-fv5M^1d~hqKlDlHjhbTq6Z(>~Xm8MExaeIH
z$Eu;vK<^Nuj$;XPYkE_<s2x%>>9zG`YKh$rk@0cj-|f-1Wrd9{{o{z_5B^Ww{3Go$
z;;)JAHXJG6EI1qAR;Dfy9QTs`CiO1t0sS(eg~zp~U&5;5KXvexpIoM{oX0PN(F`#L
zk;yWfr&fd43ts&xW&ZORD3`>4vtP<6TC3s?7Nj1w!@m)Jz3-^&fogy*m)L2yn;xG3
z(GGEv73uM!z}WJdtc7WfV)}s!I_^pGS#7V+73ry>&|J%Y@YDc`-PVCO(@>_?#l^w!
zxFlgcpRp|6A&63sW8jr7D+`UIguWYkk%hh=x`H0P&)sP;{1-|&-AiyPptqcs&0hz-
z4f<C-X1;~L8Tt(L(<1av=u4NE@w~T8g79}k?>{}<&V)Vyy$|{g8Fr070$rVvP2UN9
zqlLZ~`V4ga91s^v@ModduP8I`0}aqq?<U?tm%8#U;je<e1Nusj$hXiNpwB=*FF+UB
zR_OIB%hX8){E^+?McQfdw3vRNQD7yXVepo|tIRx?1w47WisUl}y%u^}?3$fVbY0?)
z^Tl0hHz^i+X3nOcw)bBlU;j)pYo!MSGtX@Wr|sM_wZhfQ8_zLyU6#;8xXk!a%GV43
z#`lzk)?G!PLFntD|5ku)<qP$viCuB=ZW^5O_m-J+bKuA+Q^|J@dZmTFgpISM7J4=G
zS_{1idVPd0aZ0YdkF_+Pqw+SE72fr|8xB)P9FZz4>c@>+Nvq;hOJ{N9YdC}Q{Fndw
zVs;scG2t=#n-8~@av5xro5Aho`(SmRy1oqD4R_mdN5i;xrtP?+F0T07Za%dPmW1Zq
zYsHO@<u0|3<ruLwfK`PZT9)Oh=lJbx0?!}AhQ~N;ABKiFGK3fTPUOp2+xd~mUlfrK
zoRQ~o=n?rw-A@c7KZN|nd^^Vn<xO895SeEbw`O$}G-O?m`;p(nTEZuZ>&_`wyU^`~
z&nh;=1ov^U<Pv)~VdqN5=m$i<7p(pfjU~UbwsE+`*9O2Fr4Nue<~#&msE>!prQ-^G
zZN!!nq@M4w<{OPIoiX`#2wsYKvXVCP?^2GdV(>z3Ir*I!ycWT02X9}iYnS7#csbie
z@J7Jf@?ID3`7hbpOU`%_x8}e*h*RAq<$VA=->;2dWt=M6z?dj&?F0x_&8G=}YGLs4
zJ;Ax#;CQk0)<p6f!MU-thc5W1KFC;?-_C8pd?W4YifDVN)${P}$Pca0Q{R&OuJ+{_
zi^<Sc@8l=hZ>dBFU7{l9Dq_F=$nE<`p8AdW%ely9$FZpW9*T(zje^&}M%%`XdFn~*
z=p1gvi~8R^F@31^zs=z7`edF;pr`ZPkWIfR-q?J2d%;_Ivy1o0-;P(!IAPaTj4tKf
zYQ>A%?}<43HDSMQ@Rr^~UnO{#gXjAnexM_fck|HWxSzi`!Z3X$VF~~)!PyB;+1FXa
z;<vLrh!geW#Mv=!tZ`CIr24>7;#Vc};`GMhh+njVQ;Bm{V}IxIt+~|WqcLH&L)yzQ
zcpVSq>HABa2f+*4iB875$13rou$83$k@h)_eB+Khb(NHBtC0`1&x?ZXQ}kcLBxUjk
zdFsvLhd1Y>|3mZnVJCP!kLKxk<E+jJFV?Tc9@|B~U*_raw$3RLdq~gjxlQz*Tl#Y;
z-z@Sid-7CL%6C{!`g}RAeBysiEO@p28*3^OSDyW1xPF@0j`0=hi1@MDs{umyXPdz(
zr}NQzJp@j6e2TXJSiPj2d%<gaK2N<*^t#iE7j3UUjp@%C#gD4l4_Na@H_l&Y${FyZ
zP@J!Wza9RADxvP;x3ku_i;mNJE%r7}<Oid4qggK<K&~S%p&k~w<-Q#KPo#hNOt!yE
zxpyN!gZyix+{flr?k~(&ZeH=o`>YdspWi9TD)(K%_9On;3jg||g!-Q7f8YyYe+af$
z?oba#HEFM+{{Zqc$ZP$dKt9_KqV+bf{?nrWB3J(hjXr^T%hG>I3jMiBTI+w$q3JK}
zp%wWV<UcR%>&A%uiZmm7uYoovq812_;|IanxFli5mDlEEhuCqY*mXa6`;JKPd~x(T
z)ruEwUpwO3z2Ncaa<%J7SHHupc+q-_)vp@7&ET!PBB9RaxAWwnu6M7VZb*E{n~~x&
zW==K+{~GuY6aGgGKhGe;TOhbs72nhF4Q)!OqxkLIZ}`mCC(oC6xrHyqf!`e--#zhs
zb?}Y%x_EcR^R>gb$K$)r&R0Rcz3{d0Fo%_*-zLL{8v2s-VabnlIj`<q8%`Iy?IgYN
zhJ-$+uG8rsJ-gkS_^7uTqwOYmv+#GoFLP_>B7^5W!%@<gaKxzc#)N+En{%$0pV<?Z
z{OU;WA^oEwzl!uweu;~N847<V{FCtO_H=v}{~bYo$$tR;j=qF`uY_}?m;YK_SAw^l
z^l{R^EBPO8@ccDai7)<S(D=!;;N6ta_a`_n-lhF2!CEj?&(@Z4fCjKq_{|ph<o<By
zS@`0{8UGe-wPu{rjC|Xt6Z*Lx&Lc)XQxBi;ipiZ=Mz3zk4}Shs&V5EN^MqSpExq<I
z3|~KdVjJf!!}qSR`bz9F0pBk8_6y&Q(fkv8Jq5%Oq<@-&|KQCD^&i5&!SH9+bU6;Z
zJ2Qc(ghwv1QymW)?Y|?T_DLK$&*<aZ-`gV}3eBUnto+x?rwjS<FC^4n#v#tNR(VFh
z$A;Fieq=rC(E^)+7TgJNSAI32rucSFio*@*l{{E#Ur+JI*MeKcgEnUVkWhbOob4QK
z#cfK5%bR?4fgN{<F{oTpm)+oQ%ukwj{q*OxUv47KiAzfQAn993Z{)Z0n3vAG2i^2B
z(sy|24`!$DC4CR+wIY9ymwt(smv}cv`aaUdcbwb3bn}!{^MrNdr&R>l8ISL3JKr=I
z&F~c!B-Qtpf_I_e%kqo$!D@Y<-AL;b=h+fuYq8uqp^_B)<1<LH?$e0G>#d!eq}*N}
zlfU-gx+VDUSxNO3@rRo~XB(feV;uIg5v$(IV8d`+;%A$|ZM!(B?qI&+oE?KZ9>zV)
zdWdnEKR;{+cN*OOPb3vnP34qYaijfoSKN583A{QUxIXjQr1~#5D4fT)gv;;7Uvt_b
z`7cWX6GeTFLY$FH^y&s@*I$$B|B7CBMQ{#f4<GI8z?%TC?M3wBw{tmoCVms{%%Vu<
zneDnOgv-pI9UhoI$z22-M^Vm-h#sNxB*tQjquWq3ID7IOeNM_*WpKRs&smU_I{uo&
zB$~e){(2TWZV`Q#XYq44G7a73m-adW{|@-|I6?43{jQY8#OK}c$t3C~zMK;cpJ|7Y
z`NL(|{g}k}C2ZKWApbFufALPwj@k2%^X&4i$j^BBKRS<mO#TDNH#%<qcg`bk$zSZW
z8~Kh`xprD@<h^>h)g4!L!Z!zB`K6A!Na}qpe3&~DucGaOGa8mNNN}~<=;R^x?Brnh
z&{dAw%x~xDdCIdc+n(LX42%5Lj^00V4*Zi%&*+|YUrpJ&(ru@udCXeN)itWUMt!hG
zC05m_3v1NJZK|?FSff^k|B<zBr&a8G)L!GL4~U)a%O(G${RwbnBKGJ4ujN`t{WHIv
zo5714XWfu(50T%Fyy|w;7e#*UJn|pTmY29Qi+trLu%~YC*78K^-Tnk$n6!PG{(<#e
z@J<lCBdvJR`k9TX1MM#Z;He%*-6Q2Ya7Vm-uFWprI%IYuKZLyO+c=LSzo1_y&Z%Ly
za^-31mNV0hi8E^y&Ty4o#YWFZ$cRhq*+f4u#iq&ylHbkN{37K~zA>g9wMhRmARFJC
z9KCPttoF<A$MI`x%FdEFTzh7^^1U@`ZD5pIgQUKseeVTl4LGu7>zruSD^kzNGh*~=
zTxYX}yt9^knkuk&ucIF1xAVe4Y<*o<Q`VBMKP}yOX1ewQG4N7~qyr9Nhe2H}+DrTz
z0I%hGM_nR#4}(Yjab}m>*7*TVF0s=Xd|Tj~=C^ZyFyE|o-){!`Et8jka7lY|ICnU7
zgQM=2-#455!u^GNcJi8l#%^aWdNd)wzRyvQiu~n4d83EBKj(scGrT{iaT>KAo55+j
z$x+({=ae9h*KfHHU(D7+$}xfb9^`)^@`nZO;mN!2fcxiwylV}SPrZ)*_0w*ge(v_z
zdQ4d2wD>_Y@=I@ZR8suyVPD?&+eAl=`e=>1vZn0JnzD052l3#hkoyvX^(A&41aHl4
zj`}^no!h|+wqu0DcKx~4uA<j8I79u8e!i`9c?8FsuZ8yY?0fWb<W2OdJCgcNyZzB|
z5j?HedYOW|mGuRSUh6eZH#qfWj(*;rbK*icUy8-q2~OE79rYEl`zZ_I+!BkEs$@QP
zn4`WSI185Rj#!*laHf_JzXj)rh4i^C7H1Hgm9KX6{d!KxLO6HE;!J}xdbq343!k<4
zQLw(^^{GCJ@zQHteV$ziCtjZ}aC-j1Q6plXCl|sQh%MI`IQxzuUI@;k3*ih}adiB9
zJ>$jKy8Xn1K^)?S-cNB|`IbQ3&~a<Mj$2L0kH3!iDSF&Lk9=^wJ|N$Vd~Kzh|Go3b
z$K<~g`TnEa{O_JeJ|=(XXr<KAjv5gC@0v&c`k3+~-%&+>E%LX|BX7}P;z=*^wGED9
zi;w;Xd4D|U^&c&nB|SO4UQ4}%cjNWAVFH|OZ+HFtqJ?li6pOQ@ig<FWWA^h;wBhLX
zV(yujo%U>f)=RnC!Rc#s)IKR!p$#WkuCLp0bh(DXsXfhMZVAqFpIN{@pO3}a56-UT
z^e2MzgbgQHuKR2_djGKQ4b=C|j`|B_bRGgH*e_Y<?TG=~@JYtc(*AnEn;CFak?6H4
zsF!Yk{xdW=iA$du95FTOb+nzxkKf^_V?>{ej6U9*dML7*CVi6hPDwx4r1NAs4!e4z
zDYO2P0-%12qt9nJ%dO?gIv>OnBdrrcZ~ajE-%fBFzw4+sCCLBCVEH`%<^gH`nsxFl
zo8jdwnp{nMwu4tT=;-I+I4|^D{GlTNXZ42;!I=YR-xnQqo`YVGgX7nuwmV9>eR%SR
zc>&Ao$mQuH>n=^Q279-ou9NzE$k&Ie^3S7O5ZdQ#G3Dq+ZsoAUUL|sO`Et5t%iu^h
zqkOaQAmr?3)}hzUc7ikW6-VEP=v*Ew2lh4oxFX#XK1X*_%z9i8btG3Sp9<D7SANY=
zbe+uGbHlBQ@dpoA?9~Ns**6@0AGY(<ZJymT_F}PUt7kB6?G~-i2y%PA>8LA3p9g(8
zV=r$UN39iZF1W?3xiezQ>D8Z<(|IHI`)5aeNpSCp!5s?Yek%soTi+JHZwGfHeqSoM
zTVrs;XQ`jGF3ED1TH?eAc=g|R)QzI^)j>S`6@T&EmD`pwaYEbA?9c2+z7KhQ4&*%K
zL+fYB&^eG!@~C(d^N}Aq>M&`y%Y*s(eifb9(ivF7!8z%ci*0lU)MEc$@+sR%dloyr
zaI5DJ!FpYh?hpHKLyZ0V1OB@g+@+I_T30j=?u--imoHlPS(c?|&`mC>*Sg~vzdhn8
zwx&6c8L^9Qw>>(Zxud4fh8wP~kRCUjnfMRh%oC3KZ?K)C{dy7G%DuW9Gy7I88v?&Y
z9UTvMB0u$GM_ns%<N)@Ij2|*VB>VvU;6zy3WvZI_)*i>~D?aDr=yqA_E+Mb=+GSwg
z*o55FPgrjhdpr`XzldKxmF<^e&tBw5$#;(5VR_%rBI^{1FWB9wQSa;R2Cw5+^fzLU
zyY1!p4@)^x|44uEq@zYfkBl6CsQZH!@7O}(l0Z4M9a^+sG$Y^ktfT%a`Q8|`gI|tF
zd*Qj;mgXY!OtH%#ctyW+)Stz!SLcG4EQo0qEfwJH2XDu7j@b`eZSXcFF4M~@m`tUZ
zd+#EBt(5;fW4Fw@F^`Nc*BxXL4x#<70sbNy#-D`$6vOYYA4@#SbY8oo1J+t(<Z9y6
z3(mNQQ~J_yBtA}nv+uthb$$|kp1vi}4m>|}??roC@Lo&f$ReLQo_Kx0m4Eoq<fXov
zkuREa6ipHTLEaxv1nNH=?}y^f{fS)$!Ru4`W<6&^P#^HZ_8pD0ujn-mPGw%czTeAP
zWz{R%zJ71_OVhsUsJt2Q?gQI7!q*G8aDxOV8gvNKo&pn>=&=sDHHmx^=U&`wvrkly
zi8wu^zQ({SPv)C*VvmC7$GvcUC+?26S930Z4*6}K{5^**-*5u`v6HX%p^LN0m(SQ?
zJYWa&JYAekAAit(-;Mk}<liFg`@*0-bi4_SKmU*yC_!laDgEb8aHfj#)iL?toE^mR
z{Vr?V-WW5`2#(t;-b}n$oUi^Q?P--2H+mn%cVl4nylEYHYnJ4z^Cdo>WW|frfAU1@
zcml3&sekawUy-l61utpEi|E&?_kq|0T34e^uTd;Qua&j*jdBk2OuMVC*P8)8|GV_^
zKie<l-*6)NztYYB{+n(7{IcaQ?P-kscVJI_-^FTc{!x3zo<9@36oY^@ug+Ht#W*)<
z#fy|Dd2LMmS})^?cK+M<5Bcg}`0X4Co@t+%_OUh4KH!l{^cX;H{So=<3aQr%t$IYu
zWk37?m*7o<SN6Jm^^o|ny<Abe_833bcy(`K{C8Box>N9^T-k9xidPqhCvmJ7yha+Y
z?zawn+Ov}xcj$3_e7_~-+ll<toATA=Qg2Tnzpy^Pj?+i*mb{hn)#j_Gq<oL%gm+dP
zo|Las@ZRE<@18?1-!Sq+^~5*P=f<4$`D@HLsIe7&X2Gjnmam*wfp?J=Pe1V>IFJ1K
zVfOIA^g>@!&gPTw_xE5oemiUZa{B(x({=rBF>z_&5BPCWwHf(??fLq-H_oX+dH3Bb
z97+3dWZbIjAGwxW^38oM=UK}W^~ZVdYgxi`$);}0R~6Eq9AU+ao|An%CJuCny*t4h
z9dPw4wc_QhA8`7T@zEH#OF!q1j~=}#&~CEENAHar9|?~0Hr9`~=BpBkH+RpA^M^Q`
zYH*stX&cH{7YOFn1}89nerIs}EdJ6B|4Q_KQur?n<{KHm+!^To^$4O?uZN5wzYqDZ
zNV_-*`RsPD?>-3naa>^YCZwX*l9P#-l;dI1>#%wBiWyh6B0uEGKi3zimq@uR@=_lI
z$k%?!jsK4Z<)if)KcAIy>;-4n-TCS~vCrK>oUk6rlkD?>ic_f1ZLa*LLz9<w*^d0i
zd-K(`lK*Ptv+F17_vLYMRPaW?+xE?T^&!DKB`3Ue9NqwUbKvdzZoc}Rj6V;v;zj+Z
z%^n4N@>bVyyK-M1>og3cdh!wsn69f)@2^qp`JPv!R&)A>lM{*4^zey83m=oAmmIj^
zw;5BJonMI;15{q)xAN6<vTk$VjW)YwoiF@e%s_FHHZ7NwcR#qh#uzV2d7rl8M$4Nx
zBT}xbvdZ=GV6o1Lv(M!*<&}EveLMdC5W!aTdcdkz)K7jLQ(Qeh*$rOD5A)T(i=S+=
z;zi^4S7ZD{uRB(~gYnoSZvVXsyqI}bGG<=giG2T0^38t9aq;rDcf5!{3?o1EvwZ#B
zY3Fcjc_Q{nTwt$<M$pV9cAo>c@3DOS+(_ri8*F|S9q+y}#_sDy&*oE!$CLT$I|bPN
z5i8z`^h|gi^Pgi3KZ7sGC3+5n+ww%d+NAp@D{f?6DQSOJHVaF2;LU>9zsH@2tpzVK
zE>E7C7ap7-BXZS^%r}1Jj_1$LmSfRAGr)mgE{W%zjkM=q=PMp}!Z{>g&aCh1_0qsT
zVB+cUa;dw%Ch>d(oRv@JD;^oZd@qO-iRV1gF|z<})_25?`;o8brr11@f9iT$eMkN1
z$v8g}yoP0r*TB>F6F-s*UNUyvCH}J+yuPRMITMS1H(T-WpYT3JVaz~R_LSrjyG?_;
z{<ri)g1Z&mxb}Nt!fLmw(^#K-CSN@-^4D4Qinf#MV${;@qzk;3xqS8KLh!DN!Hev-
zyf<cDe#kAS*lz;dJx+naz31<PEB;%xoOt^CeD$yV)_&vLFFGFK-k-?EJWEXa5`S3-
zP9HCK|BJ-sIQ>HR2P7Yk2@iUIeGI(%*?ctvwzD=^uUUF+m`^W<LiYSAUwvBiIw{6(
zVZGvBVWsQ0Rq#p*OuQ<YPcM0^ZpdIO(zR?}>B!)R5^X}MhY|kUkt$ICCgpvmH{i!v
z<>jec77*m59%jMmSX`hsia$RHPWHGg>dz;~`Lp0PolZP0EnsaEyqj~vd((V)1K^Fm
z!qxA>obY1x)9oL;o{9qXGqKxoK|JE7l+-(__US<L*Q<=?d{5OG%m-duV4h#{!lr<|
zBJ!WK%XcC_<jFsJ=<>tJ*S^lp|E@!mPZ1xck)M21f$Aus{A+{q_>H%3%$8knp7c-F
z3OZeewm-M^2|DGb*c9uHJ|c5PoX9)l5_r0#WzR^kl5wLrZ*oWdOPrit!TkQx0+q**
z)4A_cf%^3A!Sj5=_P8x(f<G0Azs)P@pVt+rH#*V|thmwfb@FFcJ7?~T7k!7pt^H7e
zVo8Gj$BN7Pc6eO%l^A`;X`^xp?i{#lK3brTPJw$@3~uDy#Fyfpb?f3vJZL?W@y@3T
z)Hfua-fzW?#+N_Em_f(WVep2oFHro8(=+QGgMW^>FUmXjAbQS$yXWQtvyN#me`GwA
zoOd0w`JJ4{?k_Owm>Vd!-%k=J7Ffqzhd!H;-*J0^Izr}s=f>DAynlA1wSRm!kE*Y?
zrnpa~GvnDg^4qwzK%I&YJ16=1x$AWtLism6p4E}C68+?ocv`oL`W-GX>m$d-m(#ZI
zBzEsYeiC_Z0cHKz&)1BH?dQjSYHRcFN;hgh-U(jiJq7A9!F%SD_VyfUA5$?C8Lxea
zo)!GJ=NkoP-PMj8^^d>C__3ast^;q!Xn|sjfw&XVQ_lkk!v4YOWWov01VRTV>d<ct
zyuNQ2==X*?w}a=;V>0WdR3=MsI)U9ta}H(}x%Eua{tSlmf{}ws=EQQ|;-1VpU5A>0
zr|K;F&j$)rqv%~|t*_{~e1pEz=mRVba5G6;japSxc5(V(-f0}eI+G#%MRE#W7DX=8
zd>^V&XVmceN!gI%2TLZGB6)p{x|px!HHvL3crVc@{BE{614mTy^zIfbE1<qpZ(FUX
zQRizZfX~reUShXd%2T$FI4yp^)o!<UN9-o?vie=r--89}mDR{S7O6k)oLPTCs2{CA
z!mcb~LSLd!FSz6X>FOin14}(d^`Q#YnCSCg1?Krxp>c`dk45Iii9gu2Y0>lB)Y<Ik
z{m#`R$v7!TJ(`d!`+b4ghr2g8zVh{mwv*U>II+h7c(s2hP>=9ikH;-~oE51bk()qn
z7jh4a+;V^1O%uqp2X43swTBAfZ6O}b7AS^E>>r!)|0a$d$pO(SXjP=EKNcv=ZEzVc
zb3aaF@C2#UM>BjY;k#Y@>iC@I5r@TuA>Ho{f>(afokz&L#Mr@KH^`hX$$cIncA5pZ
z@vjByH&UJh;d*X#k1%Ws*{M;_8>-*U`VMluu7&fW)_RWmTkQEBnvm)SZ_ob}C?5I6
zIKk*a<w*ZS97=LPo8RWvs7kT#2>e@;g=W2Bt2O_qpUu18Fei9Lh3e5a#MT$jUJpMz
z_SaSR7BobkEmy02&Y?Zj6so1g;3lo>b^0kV!SVK*B0H}4JQ%6B5pc^l7n=JFxBBad
zA^$!<RBvXVWE#2Aw-%~by%K#Mi_vE?8H!u4dxc$}Nyc<?NjV$NW&E(RP&FJS_Oq^^
zvmTxw!X2u#<Mz|H$R*_*0Czp*e3IYJBldm3i!J4xKyK+3_(v&n_I>FryALn2>*Lv7
z;zJdM9Y-G>AD%VmEQ0Z&iS!xLb$ocrOV5rE>)_jQYoThAepJruEIjYt6Elq0=Sju{
z@Ag6^b3Es6D_*2MB))4eZKGO8IaBYUJ_ic*^I)B;bHS4{vzEzNGdGcT+Y(TReB_dG
zWH<S>U0tXilKIkB^7G?7%`VRbqNI}y)wH+XRfqf-^84;|{p7}=d?wyU{Y2zuk?Y@r
zpYYqcJuEkG{Ch9!O`j`NpA~ywWwlQ<{yk&2g1L{b8@!cYDAdo*b<Xwmu*CO-?nr}o
zKGdSSTrB0No#4!XQ!9EMIWNxkxOE|1Nu|zXJo&LgRlOLTQ?2ErV#0C4iCdR+<AlWR
zPH=m^Sg0<~-EQBDvzy>;2XFGrh3W#CU*_hguZ)=u>2bN!2Hr@aevf5Lxg+(O%(MDE
z`wOC9tKf~YxGVaVTJ0EVm&w@YL<-(8cs=*K{ob=VowteY_XKYiyt3~Us#P+dzR!vm
z-5+}~W;)#=cunWye?KTxof6k>%n5HcCa!6`0q`1s;+FR!D_+!o^OkoSyvd0|#StOK
zlUBTFd4D^fesvcRKb|O5gMxQNPIxVG_LFwk3*Pv@6{?E_?|JL_kf?r@ad^P#OK|ss
zyX|*{szz`hw&F(TZOLE6G!$<?MdD}Oh4|xt7n*T)3FY_Wb|&sd$Jr9^*CAK_e4&0%
zhO^a|Bi@DAM-rCj-b$PsLB43V(A+O{Z$w@{fysNW-VgEuE3tY5%<DI_|ARC7$3k_o
ztQXuIQ-7iRp_7-#wRagGG_|unb%6NGZ|6FLXHJ!~h5)UT^ik3|ro?l$O!_7YDf5d4
zXuYIY9xOEX<=viDF8_I+yh$mtt!M6|-iiDqn@Jm_Jl96#IVq6z4(=z<N<<O7@toKt
z^*-iLbA@V`#A!Lt8JTbBL$v;x_T(4y!s`>-&g00+CH2(~-p2naH1pG^gLu?;sJ?jn
zU8H1QeF@GmI5RI6s^dkkBeMH9X&k;<iES3GI+T=eKRA1M3&UFk=WuIWj;u>2M(q92
zdNclgKlaKiQp?5eC04v>`%3)E4(K&6?Joo1jwg$ZKe>7a{b@VtlcZ~Za`W~4se*Fu
zCS5s2N`HyHn$ne@kh>fz8OxG1OTv26PZu`npGd#dO^2i}Y3CIe(O!#+cs3GzFZlJR
z=NsNQ=_{epS);0kw-vcj<n;Xg2_qL+U+T(C>pHZb^upg#?AFUeem?#<NGc^$zmex0
zXs=tZ%QXSc%0)%$+oG?uBgWU#aVKbNWqS3jMUOjY;hTc*7sBVZSO0kz!Tq4D=Ute3
zuj?TGmGEu{@uTxhKK^|l_WhK^Z|(Ko<2Dy_{t?`bsUrOzwm`q4?cE{6VU}dqdG^-j
z>ColgiCpdCB6DAyoS!xG3gnCs#ng7*58od6?iIbC^5<0nI|rVlpDeI7??&lY>Mo{#
zE-h03BYuCMpP#|8mp^%Q%)+Q=0EvT}!QJ<YBK5TBcbl&t<zU+8&Ib}*o&j{lkHV@i
zk)J?*4~yqt<#)Jzk^aT<+#K=S)Ft>&MUlBbQ2I;aUtm2V>;Aw7_{%Gc%>99Jb_n+)
zhkSpalxvuLCXaH<b-8bs?0(ZyE{S{7$Tz;e$gIz;ves90JT>q7T-|Eg>oG;@!(!*7
zqjuu%OLy7E-01-mm&B8G$h93?qza^dU-ZvaYX5ehTc7wwsCrv;oE=84c4?84=dU|Y
zSkHOlAmMq*M`8v@qm0Sr5`E^tEvhL}rJ_%vZ`Y7M--+lWa&?`=59FTaxARoE99~@f
zbV#nzlpnb*#}}FB+dL4Ia~It@GAs3!V9O=>4I@`sTV(DJyxEi=ztn3P5)+=(2G;?>
zTei^s-CoJ>k|K47l<#t@-6H*6k|%~+=JW1*K&mgLeXcH2g@SjYufOp_c^Hj5{7S5k
z_U4T`{;Wg3jdI*7@+Coernh?kBXABX*=mbF`uSno!BKB6QoI%re_-7y)J_xoJ^!O3
zFZX_XzSxB5Eb@~l7MbUd+#6iCB2MU?U+?be>fpFU8+eL5<!a^Aa2ez4w-%Y_7s~nA
z?DZV(I}iC~;%9dI_PB1TaR<PisxMNXm-4O32{(C3OvQP?d%@ZdZr{m8^!eZx#^6qc
z^gY+?!I-ai>zx=LBF7#K|I80IcR0DqpKSE-Bj$kYR5JNFwr3Jwt10VD?@O{-lRPgy
zl}rGfxL5M<$!9`dqjM!YvS6!-T_Ap6QB$@W(bEtWo&*~^>*R2%A)Or*OKj3Y9IZ|8
zATz}I^$|}`&g2?}BR_lwfDJ?B2U}29LCS8R5-V#MZ|qC9x+?lsL-ip2Y_CYoVS3_c
zUcy=44`Wnv;0&?JJn}<M6vM6kW?~KNfh&s4b4woMe4x!Ar^4q1J{{vXQwi<n8n@~S
z;?J3kCvj5e&KTVBkl!TBV&;+KuA@u8)(!5`vx>~~hp&r2&&aA}WOiWIwa1X(gZw&l
zb<VZwm37|Y>oMi^#vz1Ewd6|5%S#(Bk@k033~snzuZV$du^x!#IeXGCcazVyD~j}c
zXPqZv_KQOM{fXb$!-tvQObFhUMP{Atu^7DYIkq>)=&j%TRI!%xAr}-WUcJP4+U!5+
zerGZv8#F9R`uj7JiNr&}zqH@9Bj3iu2TqZGdxKRU;$!&v15d>)y!1F3f7}jk<A;mX
z3vy0kbqwxI$R88e*bO)1#a;2o)H?dhPr37l=lt^0jp*WD;}wv;#QRB_(M$T3X5`B^
z6{%HXuZNAiKQGYzTX3HGlh}Fc063MsluvN(w3aX0Z(kf&kK$+3;7wj%q~9m)T%8l%
zXXEgsoOK^yz2io=oSA*rz&s+ia(08Wt<RlD9Uh}ssGTKd?A2)2(<cP)rXuyC#Dk|I
z`-9j&aJFKCg%GW;9F3r3=e?Jv9;IJj@<HZz14W8Qm+=0y2#&YUKU5sr*Lp{c-wv?{
zD3{=_19#t+BK6u5aBqvjjl}1|nDzBweBKG}_#;K?S@LimiQtCHowy^b*bI4shJanv
z)%sRkMf-oSNWG0R#GLEQ+TZ(5%yZAZ{XOx=E^r%vS)|@8{Yh@;J5P<7KI;2ycY@dQ
zE5`9s@0%#US+|mQYhH%+Y+lyDTJ)GhZY2+)uaI`OA!0Xg9vk+*@5lL{;5DzO{r{#&
zb&4LR#^8nH?~`%uOz;N5tADCUmF0tXbWV7?W86@mC)f|(p8sGTCHg&YJqMcg9>W)6
z6b$-b(}$R!{U_^5(q5j9!HwMa@yZxQz56~S9uI=M^mj$-ll*q>3*vh7dGmysj|YYa
zdXSC_OMBak{6^&U{byT)@_IY1c3HZf^||nP=!}?gi>FrwxOGf?XJ*{>xeW&QV)x;!
zb)>hF-t&Bs*<ZYzbTdCO^ELX-zD)1o&(}oX&BzrkE>=Hg>&S6&{r<y?JK=sU`TCgn
z;B{<*J1zPwDOQ7mdr^!X!sGtrpJLkal-pqnZo>xFKaVI@f06!uRSYhx&%tvJdt>J1
z-a5444uHG<^~LIyqVGw$;eISe-yrUOaO>Y#tXN8+J;mTg>~KPieS>yr>S90bgkr^3
z3v;X7aF^wPI|%N!`eOBV!F?g-++D=Jr8(GP7To?*i`9*S`%G@Q?F-=Q@y|zyfB#*i
zelGF!@gT0ASC8}FBlnR|!3`eWV#f(d`jWUe0M01wXD`2<dxJQByN#?@CHn1gxlzY~
zY493(>Dj9#?%ip{%X)tYPd~ISgbYzOxx`N!K1zH2bCDwS(eGGsqx1jdQ!(}K&C>;U
z0NnAsV)ZeJ`}XtGS<ka;iP5*mHLTcmKe$WJELJ>fk$rQkpGNGOTpJUn8>^-KS5x1G
z#b%%3RPe&<Fv~Mxu2KpAI`~(@FJ*L&jPm=#Ydxl}gJ%%_jqra$_+Rwx>-Os`d|jM<
zK3U4S8@Z`>7pr&3_~J=l&Wuk@9F3OqRWV_|aUFP78)@I?7pvo>p6|BeMfYd#wBqG(
zE?e{;Ait^3V)I_etF8G(^)IyM2bb7-8oZW&S){%p{(q_!FYEmLTVn=X{Xze~hWPa0
zBDG5V=~ydnbpI>)s~APS4X|M;Ke(e0EmD0_e=o+Ivkmv#*XY}e6RhEIcsOB>7t0OT
z%{7(hrw=ky?P1ZVFL_3~pYNH(dkhl~!ZG(Hn-!+B?M;3r!SW7kEUZEC%pCU;JsUno
z`G4r@x#@qep3~?#^dnc#!vDQ`ZoZcJ_pU|iMydCkd+h61e~)_SH2B|A?{(eupO3os
zEPWaE{2TpqFM9U<%+>Su>s~&4{*8L}ew^{?&ljl=O1&SRlb$>>fd^A1uGQ<qvJ}ki
z1ia_u-8Hq++|Qu7pFwj!ljeR#dJD_VLw>WrLf;ZV^&>&7pi$@4?4`X|(-F1ta!sx0
zU7yIsp8sF;+>M^KPb^X&6?-1}^6SZxH1_<UzJp^vdtz=sjE-T??&}yo{d$q=l>X!H
zkLO~~_fhHcY1a3RNEqK>TmT|>ec%FT)Kp&Ny1;4Sh|eYf-9(qJd3uQXG+m*0Gzb%T
zHp}kZnZnH{zV6ZmH1TQZVLUUnNd1uC&e1{r^?0`@Gv57bbcX5;%k+7VUT`Wqip_fi
z4|HogY)Y6n0ZRWpO!_GK=>Gd@lOCBDzNG$p4&0)r7b#wO!FgmWZdU(Y5i=n4`tL#X
zZDqpV^2{Rj8S%fnV{nH;^Fk`-15_p-9x#%iJEk(Zk!Mv+<pt?&wBb=cJNS&#j)#)$
zIVJc|i3ET(`bT_i4kf90zwSi8S@i4pFIT_g|M%%P@G0iMzjO6_@LGGj`2T3Xx=qCE
znMJB!>UYJ<rys+vmsG#IMZf1=`#t`#|8@53>Sg@!Cs)6V{&(p&O#4`JJ>$hcFH&EX
z`hE5qyZyrJ4#Z;uabm!<Uo-yRNY`3ZdtrJH?RJXKKIwz`K1hGu<DAL4L>gv-hEDfQ
z`==ex+aFIR>1X_QEP9Ti=Z-m7&#V6T>e+b%`!6ppQr{GNKELs0w<mVOo;-nyek(pM
zPA0LtZ%^ruQ#Z0coG3Bxt-d-&&(ToamcE$XY3Yw?t<oQ}^)4Zt&2nlM7ob00?S}5t
z(z~esN!(ymLb&OV<)w5Bh49hjg8i|~n<vnJWpRmlf6sxdZFY|Cn{9|$Hqp-)spw;U
zBVD5Yi8-(HD0pUH!K@=h_w(dd7*>=sn<@Hynm*6o3C{XbSFd~icD=TPSGmO1>)My5
zR}=P{183u_O4Ov3?>t{G)>q`zq&{zWv3HD#RXTR9<s7to|D;~FYf<gsG~L91hqI|A
z>kB6toEs9$7Z;qBS^7=fs*f}zXyW?T+%iUtIN#-|!lGrVf-<ju@g-b|0}|d$Tk3Tf
z{Gsv^bDs3TN5l0>J?O<S|GsJNUk=rSR@5JF$#`lOyvo;<C|(`JK5Ycg+xHm?KmQ@_
z#RT4ZpxB}L)9mk6l$htA-(zsI>~Ql-vxDG|fZzAJ60^^Bc|1PNKEdpWvm-4vx!PIq
zQ#Z3dURk12Qjf>R;P>gUa>)2%_jTa!JE}zGi`}33NVp#T{f)5QzZ|m;<&8JRk9UGQ
z^oA1iT%0F^xVewRMZeT$;>R&1>MmJ#eJF_IuRCY06Q35dpW*q1;C6!Be_V<BM=AG%
zR@|)h+#ki1+jC^W9RqjG@!(2*-5-NH8Mfz_VgjDT0J+4TOKwrB@q`lfV~Go!eB5AM
zcz+-aNL*NLiwo`G?0R#FDir-LGB|PVf!-?Uua_+p7j*f--&j|o3dF8Q`g#V}d9&*4
z|HQ06di5poX34G0pX*E1m!<sAb=mwhy54(Ej9ELRU3G%j|F#n4h#ej=cv*I!T`}#E
z=SCiq9Rz<T_>HHOnD^-27=usTk+{J0_mJ_cZX=VoyK!el489u|4i#VOu^0T&ca$hz
zy~nvktGzjA5E^$R?~Q36GAEHsaQA|{@w5`POWN}b8|?MS!Sdk#<W({4dDLwmf?L<m
z{_lzsb)x8dz>1r7pXC3E(RV1I?`ClKtST}4^UuZLvWphfcPPg3#_=_|hWSi`J9<`$
zx<~YV$ch_XKag{o3=b1BLT4z4=g^@rpkslZ@gC3e*ut|shVoYOxYGnfOuBS9uON}3
zKmVAzGp6G_r0VA7!}ewM{ybJ$7y_7{UhKO0GsLrVO4NF3cPGW@*%Pj>x5t#fCs1G0
z;8wPlnD-aI_+h&rL~u`D0Ji~s8$L^Yy{CkCOQ7!~;QHf3`W=Z7-g)TR!19k77OGj~
zyOA$CkN!sX&+o}eFK@h!wLhS{_a+`Xd#?A;S!(QTIZ_%R$&h@RUdQ55uCkVuIIpG*
zle7By3I1r)f5;G?l`am;@-l$Fyk+3AW0H4%P1$+wpYlvwDp_h&+yZ_9zSLf`J$X%G
zEk2s5=n=}@bvxtXOG^~58sT{aAF|g+f2f|tAH^4?{CFZW3|x|bAJ!#-@`;+Vj(}5M
zswa~P29i>GhLkKMn1Q7%9Knx!#`-037~YIuRt=!<m9Af&8l!K-e{%85Zg7{bbN#X~
zH{4wOayPhBA8`HhvGs@SmrL$ozw@dRH6ng_AM)Afh@<g>7mVw9V8Ac8;Fm*rEWzhV
zB+-5uAmKjO8DDBLZpjgFEdC)KG1zdEKN9$)cpI{3QMat(<Cgt-aGvM>Dd==(37CbE
zNBoFeUSfC4e&d!IB?4}#`-{{+F<$vN^Iz$wpSa3i?#R60?6|ldh(Dd+PWF_j4+`$q
z+;C4>09VE-W8k(m7pwjJb}k3kk3Wo8^}LAAEpy}C7sK<S@cmO2V5IJ3{Cj<gl1)x$
zh0$|UqEnx2lJsiQi*9h!PYI_>yKW}E?<U5Lvd(e5wVcuOR)it#Hy6~@HnD1dDH}J-
zShXht@!7&*f3tBztm9vDah~pk=wMjrXT5=@{4RT4&m`zv@Cw>7T@3%TCIUA^BA8sQ
z)XyCHZrfa<wk$#4M?Yw*Z|<HAJ->wDQ@Js{Cx2ObiqF1$?ncOGB`ZJiuVw-43+9Uq
z69@QQY8;ZtD+90OFVSD((Q^Gft80ATk3$~hBd&~yMCyb@=SKa$XlBX@x>i|VlV)~<
z8+%Q<P}rLQJwZeI2$@_)Cc=vj#JR*qK0gjph?-(@Soj~a@Q=tIvk5ktPa1Y4kn%(H
zBare3d9~=pC4<2bz`d%(wx8qt$~%kIN`5<sVb{>P5W_ggS2ujSwldC^cJaao!uHqx
zI}>;w+GR%XgmINTTqS|4@agBXg)RP}ggjbIZirw>iH$cj#YgBN=rpvaWG@TM$QXoD
zMZJT$Hu_b3p7o#M67wAKdm{RI^VRW?e~3S`#9@@&m47L&u`J77#`AGzYE1hxHA|Hv
zH?KdB=VNH<A=aNe@#hKjZM&yLT_FCvJVxKCkiLnvHI<leA6m}f%m?}O6mWY@ezFKR
zA{r;QnlI{{N=`h>2Y-|(yN(ZbOV+`Nwed4r8bzT%B8LD}skGbqKu<a@A}QjS!bF)9
z_?0*n9kTep81UjCg6s)Nc8GkCFaAPjm7r<J%AxMz@x;WCFC%)9h4E~3HvZjWj}ue*
zjBXjNVp{&83I<Nl93#@1xFLR9$A2x~Em2<)zrA*y#c%ta%vtl0-)?a(O%FNC(%blq
z^4Z~>mL6v<yx)=bN`bK9ReEHDSiIl%JLksutvm~8H~I~IzeIgp<~_$o^z;07Ds<lk
z@1$?y9gnNiQ_lO$&x`qq^~B~9LZk{VsNpv9eP}(y=OCK*5c{T_#4Xa7w{VA(a~?@7
z@bi(RKD?@*&lY|U<*!I@<1?y7s4?6Gmu9?R>Ic(PbnD$R#9GH&A4DSpxcMiJLuK=Y
za**i#`OOb-;WO86zNWvx{P-s&YEJs4^VWvz%d<y#UL|gT&nBn~yt49|^e$S-B%eJ5
znkfR!cp@=ETDz2cSE7xyGe|>KzW4Dx1K&aTdXg*X&t&>4GL)O>K)goLn20+rgBjGP
z@$ds~e&hQH@F#_HFRACTFEU^HX^FaC>iPaF?d2K`-KU`IdAxXadbC*A^LX*a{ABDT
zZ7NXDlwe0Ou35Y+y^HV3V%F@76L-MWBqiQa+)CORq_Lh)+8+3(`0Rssrg%mAAfKK^
zB14JS970Wx7H8Eo#isBJ)wI;}#8&!~UzMmbnO8i0h20)Kq4+2DjDDGV&iE`H3clKt
zpSYj&_e-h!^4sud4wT^2lD3WSQ6lCJevjkZyZB6M8A^TW0`=UJPr(+hXBp=W53wHg
zn-cY5>fAZiTCV7NR9VdQwL{|9EO?{;TB2qpewA49SicCZGbH+I$}UWA!!1T}@Sy}_
z7o3s-w8Ud(dy+<V>okJ;mAYlec=%94hgkwIy)qSm5eNfVL#|dn17Bi&WqGl>umb(I
zuCdi))_r{sl-mQmw+<k7+z;--i;5MG{N+6()^bPBRsJ~UxI-hVsfI7JUVd4zxexwa
z)Be138%?CQlfLw~CFVJ+r;;8SpG&1>hUfPC!31X*oGA~d<fY^62WQK_x%xao`Cp<w
zb$8SMJ?-M${nBx|!6}+{ajtslI6J`^_i#>m={Tuj)(ijL)u-^K<FtZP`yVdO<M{7O
zwDTZ1`#c<J2QLw48l0hLTz%HQbe!t1FuvU9;+*u-aO&{qE^x~Jv&6g?G3n#5zhLgy
zN;GHPuBG=SMv&Wr+@Ha4p1Axa*+cT51*he|-2CtMaTd(K`m3z>A*b`d+LyEM2Pf?9
zS(hK2{%76%m-{#i=0Ad5`F=P5!+p6!&VLr1NpSu}?D+I$o*fs=zxp2P|95Ww5BPG2
zlz)@dKR9K-cX2kobeu78c6m5wzcid`vB5UZ3q4n&SPtO%QU-_noaJF=a+`DDy>+$P
z59{EcfnWQ<i<f%#J0v?uzTMz#n{o4f)ZomQ?+E<me{l1?@1^A{_MZi3(!;s-rQ<Yw
zjq^A3r(H5GSpiOPosju^W)75iB5*K5Z^(0tp1!1C?geLt^N$x5fOBjF$BfUT&tE(_
zW}Bu(#t*x}Q<oR3(~kh}!5F;AdhK1WnScDy31s!x89#iIb&UkL(r$v~wd=_<(k!<T
zot|biX`%D{$OiHmAfKsC#p+gmJ9h{DntcVatGBOkS#)2aR-Y%`jeN)T#i~!_uQGaW
zO04nM@n%V%B>fRdztBrJ=S^i?v*cdd!wtpiwUWNdOFvsbuTJW#j`T^=(|SB=(zDK^
zhVPsGR!nh~w1Zyo`fqgCiw+0R^mBeZ;vp`Y!d=>xlK*!2N8zuN{13#`Z}_<hyY2aR
z=;whsBlM4b#p--1?_&|XkRN|I?8e+RF7?%f{5bL#i2T<1<b$svq8YgIy~wMZiq&Nz
ze--kPem*lu<W5%|Wqf<+{C6T>i+q)?kD$EXhsr#c=c%Z_H0tLIIp4sZH*>#{$RF?P
z@7n){M6$%(Kdl>XB}#Hh9BDxA;O1iWR*@?S=4;lU<*=1MzWtD8^?AK{9$hauGq<?)
z|4gSYKXFj<C;sZ}R5f2C@Ri?MtYkaddCceY;&fx?elzo)gT3%?gkS2&x!>n^ao^{$
z>qi3#e(Ia7U&AkDbMB1t^TJx)-o*=9>xQQR{%!DoPSzE!h2Itr!uNYu#T-A-&vV`k
z-oei>Kau!yZVX<iT_ul<*(PX_GVBGfe!#7t<4t+|c8Xu;Qa@sss{8P-J6yY$_;!i4
zdn^3?@N2t2w>nav*>>-Re+YhU_s66BVY^Fw-wyvc{CfZW0r+ipkHq(dUJWGmnHr@&
zKSw)~`n)X$HxyTrx5wDOqYAus@V0!RSaF*J=V%Pxro@#x4lj4_7nd^k!Z!oo4&hrH
z$u|^#5}yeKfKWdw`AvYc=8JBAC&lMC3*R_=I=>@dT7Kde4d0^wzq?p*oQ`wCm*{%%
z+U*TIs88C97c-=s>)<aRE>`2h|ES>)`eR_c@VU5hO1|5{=?6#Wd*{OWPQyRr<$Lu@
z%UATT{%7{bwsD_^#JlC-MB;R)J@NSW(0+s7Zd<S8SQj|!zgDcq#12OqoWQv6Y%kDI
z^_qVee)aWYb&2p7`uuJjOZfNMN?;N_cf((KuiNgQy?A~-W8$*dx#E86Ys78$j~JYQ
zo>}p>8UBs%iw@4cKEJDHxE%|AH~d@vxmdLc|84MVe=%|Y2HHu`f12SLfqxhLBf`JQ
z@caH_9e*X(+WY+$ZPz*Qmfr8$^+F#{^wo!7KODHdSn{vlPWytNu*!Qve10?TH~BB)
zDR_b7IXnrko?6t$2i>Q)>ju%N^X~?4<Mv{8i{Kp#9{%LDpIZ|j%(y|N>2F8i-vhty
zZ<B`KFMp2lT*@&E&dj%q)sqtEp6am2&v3u>NKBm5{Z`Yr887}zu{uofp3MpGx;Q-X
zodNJ##){QiX=ew(%W7xA=alk{zU+q9SO?Bta5jFg*gU8D312V2etDRx`}iM7@XICk
zS@Ip)&-aVXb1E}(!FrCYw<dmMujdY3&z;~+fwu;1=RQ-OOg(SNs^<atJ6MMzY%!k9
zE`MfFmDm)BlRCoGA|qEdpS|F0d%jp*&Tr@H`SX=>rygLv3I6X(J)Y~^D_ridU)*Dz
z-|)Oh$-f=EwgbiL8p;3RX#R=Qg9R7<&G7Gm|0>~k%bl^)wLx}WPh;?xAEY0X@zS+9
z>3iIK`ljd*`~FgFo;UMAmcC~N6{tYR2KZOLP^=ylKfT@L@2&qzdOPX+=G^p6+3DSq
z-~V7A(SJjB`k=_GMJ9c9cKVp)pIoGVF7|TkE13UY(u*87eR;P09O?D>+$SpXCuXNt
zus~E);HDp$o!&tDJ}<o_JH4IsU4^dvfs1sU@${3iVK?bZix#P4#C}hc?zi*s`8nQ*
zN(0rA&b$q%!}#|Y^5w;g)OykXAtRsZpFWVOE*gc@$A0+R;6F_Gw;FxUbjM+>&{E$u
z=@YUJal1+P<Ex49E28gNyfNmvDBk%?!R-XMg?0Dk(yp$K!R-m{w<P}@6Ciu=6}bd=
z4BU;Si`452!967gcP6yomE0Pm?@Ydi)woL@q<>&NUF*9%2KOcCyAIrK<%?9?E6}$v
z26rf|Z%dgyvJScWN}S&b?&upAnSH+t!8Lw_&$#!o+?Gge_71G;DCze9$o2i>A~SD4
z&&XNgjh^pGKGkE4cj5n_<J#Mj&o?9ah+HRfGbb!k6H@<T&w!lwyx=QCa*aBE4<gt1
zmPKYBb!t?<@H|TLnSg%_{KtrXN89u1i{#UQobx@_b53*H;c>nkaX+_q*o6G}a<?5y
zy;8oob|`Va3x3tKNcBqI&%EE`mwuV~zCTXXowD>x!|->&zd_3N82q;RUbtU6KBoET
z@ye{|d)6YgQServ@4|R>ad@p#l<!l&?_Q)HUj&}Sp=>-30EEt4ByWg$-&a36$tAdh
z;4WRgNc~E1-T0psk0Q967r+(!&w@MpfkkSN-%eq4-044_-(MH0dWiYfA4|;q<3-}U
zsb9Cg!t)QoZ-svn{wBeHI?C_YufLAc3;zuK|0(>Bn0_Qu&SjBt^(XC7p;3<uc8k7$
za`A5b+wrQ#S^qdtqROS8T4BYDtWPHf?E1B6{kp(Y2f6=D@CtLnyJJ4Qo#0J^S0Z?i
zSp6@mU(EBejDAagfc^gL;@$YS;fW7)g4gnw67?&7XSFvyZ_(p<_t{_{4iD$u`I6v_
zfV0oTIV_^rA>hn{)AK@!`nBluR3x5c;cST2r{RZ;Kjs*xOI*L##4+D*HBRt(=3U7!
zkm-mdzV(9B|6+-H1#RECHlmL=uMMv|#ofl#A?<HBcpb@<dV}t7j9!_3EqP8}W@J<;
z{LaJh7r6Y#EzDmh{KYACwa6Y8<xi~k;H80g!qW-AT9i`qutVp-`)u(s(!P^Rt?~Bs
zbYslENu$_tf_&CgrqoYFulsVzC+__&jXHK!>|}g=R7%Nql5;J1rr$R6A?i0U54$aH
z9wz;3CpcwQDf7JfRY9EaeopeHyy!@`R_bRM`JOkV%yY7jHu9PNHSr10-l(M4^LNAF
ze@sdZ<e|6loBl}RwO-dq{v#fsV|bD7W646xrGCVCe`(4*5A{f2Pk1u#b-E`selYnp
zA*bG$Qtgu8;bA#%eDh35&g?sMBUk?>H^0)bT&;T)z?R>3<Z6#gDLM1%6o%!z{GPMq
zw;#EU)oy+-wtMxtVEL;459@XR=*k_)U9KIuH8rl>bGge6AlGrcEB8$9audk4)w*&|
z<u2#25!iBqEB8e1at+9>e6uU}SnhIN$Tgnm$~}_1+z4{@b*|h)xye=Gn$yTtz9pqz
zFaGiXa<m6t3N-Fc{lxwC7(2BK`@J<~=Kq54kK?>{>UL2bfoAHi!b|*VMt&Re&qzKu
z2j%_yhof;W?)d|H{b~@rmGvpr1Gcll$IJLDk3bCGh%4=1;>~X4`jLB|=&{0=Gvj%Q
zTi)v}hy$6KwJC_mFZnU!!?(G1I6huJVX;FK@~z0LlT&Js<p08j0Xv#~!N59yaQ(`)
zB(hwh#~?UcPDz>fmpm853D-yRgzR!iz3)Z-U_;8hujCmcPrZ)>>s{te4jsnS+f(K}
zs*;b1^Vr!9Lf`Z@pdrC8m+04k+>Upo%zcG|@AnU$ew+34r&-F)nAu&WlYG08-*;-t
zeUFJ>J~v+~_tva1t)xHLE*;#mlz9*HV@A&F-;w%^?hmvzD>eT#{AH)5)C^)y7Jqo3
zM(~$BD)YgVQc{1yulowKF3)+G&u99ZN^OTG_=lFK)N4KdxOVgXfF0c07CZJL-_zvE
zKjhmX%U=@~d1-e$ksn`?Qh$*A?+ePuw!2+1>wt~A{1e3cGu{67YQOy6erHyH+XR2l
zJ5%Pp-@+g5Z&{+Y^|#%~9bDzcvkfL6#*dly&ANrP|3hx3+3j!FhUL8e&(`1WM{eo6
z-27ID<>u>etA0xSJlpMWFAU3h`Pus0cI4KyxcQwMmYXlX0pvQ~?aHmnU2X!owsTy$
z<+;l_KcoLU*OfaZcew`SR<^owC+05Kg<Ru%T)E?Nmm5K@{=Kf;(Yeb_BUgK#D|bZh
zautu^FKw>eVY$gk+-*g!?EI8Dk5Yo1>2H4)jJwkAyWv}TLCWlp3w~VO2rdA-aibae
zG35J@e_q=CQx^o}W83{TaqV8>acUC#wx`VVh9B|qGVPJz+U|`j1M#Z~xgO;7`1dYf
zE-QW|vtK8r&+qgiKlDD=4x8fT>FhK8h?~Fkw>y!aLjJd6hqHt7S^e$xfq9CH005WN
zM~aPvzKc@o3xcyeh~xEVX8e<Uo4vnnMt)yM%Iuq+V&v&>?+w<w*trY7$&20oR`SWQ
zza2qt+a)RW5z$ZZ53#@9FZ!)csrQKdaenz0>~E`nfj?iGQcWUvw2_;yzioxT_A<A>
z&En7QZ+qdNfnWEx!oNU&yB+@V%iaFc#W(8?;d-+5mr~EO$PcY?<qz}ikmav7d1>Eu
zkE8F}l=?KkourYcp7kq4%b>|6?Xw-eZR_0e+kx|K?K842l}yL9&lbTO0q@`kQtDx;
zhi7B(!s{d_$KZ7c-W+%vuX6Q!Dh4ln-fCX`ns>9`wLYbOAo@KXgBRAXem?yM!CU!Z
zcOL&p3|?5j#W8r=e*3}OvLR)jXZB!Dc%}2<HT+-NQ<sZ(-`|e68NB+Bx_Ed0?Ra~^
z>$}>;yYp|ulQ>)bOZKNXrp$Z!ZjRtFuM%hGyrUZ=56=s)_vvt}&*gQ2Q~NPjuNxP_
zIV=`u44l4eSyvN(+hoJh=PzA--e|*FFYUm2g7)0)>T_KL$6J34`&q1CNPKApukjNp
z^Zu$0;05D!;60JacLn<qJu%Yb?*ZghPfGnobaTr^yw&4xy5ND#{Kl+5?Sy|4{{0@m
z-=FyFR#*H#_TB`(s_I(&zc&dQFv$ss8Y@b8O*J?sbs~b8NCM~Ry%-B97F6npbwapT
z@u3)-8_V%{TiWU?t=i)2<a^p`t5Td3rr-={6-RL7TrNWt2_S0z-?jHScS<5^?eG7y
zKl4%U8TMX#@3q%ndrf;Cf7|xdFJ<rgn0m{vFA6*@^=75|ncnY_zi-Q_DErq@tC3HC
z<k=Y~rSO%mM<-MDyj@oK<|Wjd+T!ue;ksT=eDh|?mETYlm@D&oL<&CqIVIQR^3A@V
zwNBrW{{FZq@R-2+b}#U<`O?w7z*BtlC=B^4=6L<vrx$qH^zxbgivh3n#-hL@(!V`=
zftTICBR{KuF95H}DGK~l;B`&>Jo`>zFYpxKtiVywdQ(y0X991_=YrSov*1O5SNanV
z-nxGt-V)$V`Kbr*)qft|z*n*V%=O?s_s_u-zIh(-0zdcm*~K~Vy7A2cJ@F~UH}3|{
z#9w&*dVE)K*s8PQ!qWWrLmA)AMfy9~5BCHolW$h^1V{1B5wGF@`7f_Of6sx_GvDl$
zE(A|E0dMLrivmZ8pX4s!rTC_n<Arsm;^{BS9-Zc%>`}mZ0XU7nDhhncb-{hQUm5&!
zUM~MEcpZN8Yma|Q`OnEeM^LZqR*!$C`<v#2z3|Tn_3ovfn6V0+6yDPHdf=aepSz{K
z5BJde*~O`TYQ6{^rIC|&Muwi_vwR@v^9CORXYFr_bo}!XDLAyR?R|c^L2t0X&Myj#
z;X%QEx|}cf`{xn{@vfe7Ybm#vl<PWO@tc!9rAOYM=e-x%xL}KZKRV-mjQ3OSC<>_e
z>$<=HJ@2Ra?_cfyeu-CKwf|gp`$7-z@V<%q=ScgDdC&Z&$8nx-&P&C)3|s@hqx@_s
ze~&JoYnM7BXJ3?dLewk#@1j71)cb|*hu_W(d6%cju3X1sT|@aw%AY9ZXX*0IWN#|O
z4j}Mu<NX}otA1bg+5H|t`KKwrobu{i(z&UAYrQ5z?#R0{Lyz_rj_m72YmtwC$9m?v
z;B?&|J#Otc%e$hR880CFdOh_5zb^{>K<b^~k7KeL$3%5%3Ymy^mr%~6+yL1}j?L^}
zT2GH_i}9pv`sJWd-k9u1&^sViT-y@hmj1z`A49jFNnh{qKH$I4@BY5vP2@lNC2Oo;
z+i8k^$7RrG1@FtL|4Vtlh4=L(<#>6SrgBxMp7-;4-{QYd@hx8;_3Yr8_6zXNsHma;
zWS!guoSA<_FXg)6;qLvooA;}Ef0?|$N5A*u2?f7T^S<&=MS)g%e=F~M>jzd4`mR)F
z2`Ho=_1RB6<N`<Nu;MM`ox6(y5rKQUhO78#tvVl?5f`fcn&T-y<<CVr?)BJIKhpdS
zz8KC~KSD=0QLk)4QQ(i#j-khwNq;<6a_jw+YXW{u%I%!sk24GY#2omtJ~mKqHT7<g
zde5ioW$69hJi$FP@gvxf`iH&^e*aRW<JEun8TB*$LTY_!IsFpqFQooPX@5qlzUsGc
zN1m6}Z;j92Q?KJ54=>}g>-l!%YqIL;a}%#oZ|1#4YV8#qq3ikl=qDTvz|yX#zudEb
zy+i*ff0Fdi$Sr?XM)`XGn!Zz*KUq5=>X-esC@?=r{a45P^WyWLreNye=H^@kH&I3X
z2_L!{IIZ^=>AVv6rQpz(=Z~7w-5(`%`ZV>1{jDf)5!VH`cCR-xqnecenDX-|e~Of!
zrOT)Bqt9Qc=_}Xk;LvxWAHV$RpIyEJn3E}A_JGHij-)*J_W2U8)t{7$Q7+(@8{Bg_
zS>Jb4&K+4CcwF$ihc2fUaau1LLjs=60~q-~>O~M=o2Q!BwDBJDQf+bI)dJw|9M_Y+
zkej!T)3n1_7D^xU7>SZE{m+D|^)eZ_Q^ynsUXlL(Jq4F}Bo9(h?<x7;4f>R;0EjLx
ze?kYhQNPeC4!k4vjnsHOIzUMJr2BppqTUPCYyClSpg`(vPPGdiru4_UoOrsYdmc`$
z!cWCI{K+R52gddR-hDm7BVSB*e%}3iIiNj1Uq+|*!)t&$r?EKjBf<OcdV$-N4fmcN
z1B3XWga=oRAGodKivv?+{O9%vH%EWY`?TlrH|p`b@c#+Lf#ThOH@ru9x%r9n=JgEF
zPfx7iUIW}YlZpdE{sl%aaPQ5c=e+xShMV;r*%yFYKDjvXYj9HV)b~CYJ^!XBxI*=6
zwvb);Jv0G-gs#+g5FhUmZqB)w{D0~@h_}(+oJ)%XFDp9kvArBR&OfG?<z6fNZUgXU
z{-ijtNZ_?=c<Q6Pd3o=6Clyn8l=6etBd`6cI53Org17zh^YgIToaL3D@8d`KQ;70q
zw-yJM2%RkMvA-mU%9_voyL&khydr}?{T{d-cN7N(@vPvdy}+HD4foAn5HZ(-TTg#K
z2JXV&6$fq-d|aLb7w#q^bK0JHPB2^JRP3r&;M6Di=MTl&|2=9~a4zZ*j_|vifHUWh
z#etKgKl=bDLl14#TVMX*6uVSAQ{y$%TSC3oKNSZyOTBHUX45<4U~%T92V#=3iX50E
z`6KHTxu?eWFs!+Gq+cV&9x3HWQ#Ir8(sRi$NzyNJT+NlVgTNqn6=}(I{KE$9o&QrD
zxL(>nB(vXMr%wy|J1;sGJFFU)5}#H581+~DZ*ibT>UYuq)VLLODvcn2VD`X$LJi6I
zrTsq_2WH56e?DjY+76MsPEP8D>}qcY-arJjd+#p}+$VH=Yme}9`5k!76U6fWB!$)d
z8_4#U_bUIB-%qkO&LjimDZ#@_$B@>wf!#tN%;1&OoZb`jksPq2G?MAlCH#Lk{aXD{
zabUkf`n6w={mSJ(KkjjypW{2MLXU$sA#W@z)_UFM#*BIK<S<U^W=thDG(C)`UQ>H<
zppVSwQ`GCtul-hr7^s$$&M$K_^~;|s4h)t0f6A<%))T!*v^g0{p$9>AL&*=X0jKck
zV*OpYpQhlX<%iMT<%dJ5K5#SiL_L%1f{VM?<75@XR?U?Qp6V$-h4NFR{K?(R%L##0
z1<J^u=o8maZw~c@<_Zo<)yvRFyis1!9ZypK5$e0te^~10e@6YeJ=g!3`ct1N4jd+U
ze*2VO=PAD^(@&w%TtS;7I^g#!iuL*Bzw7!cabDi6)b=o*a_3R5k#b3C=lRTbQu0_m
z`PDP!Rx(QVC|{=Z1T}u(F5I^yaH_z)6}TzB;qjdVd*?gCH$JBRohysA-}&+$`<25t
z^4fatR&7A&CiFh`*;U1Xaa<RS(fvv56KEe=--7<MK5-4@=TKh7jUAL*KJUfM3IhLb
z%Fle>qvt)ll}{;UV#pG@e2wz%KZ*l?lm2WO>(6hR{y9>bOP4ZV13$o?_hND2L&58F
zsd}06bFMy+zqptEwj*O7zXZ5*Ru>1hi@f{OUf|})yI1y-fY6tBrN2vnyW;KQK&8OF
zxEHwD-)qbNpB@<_IZiz}`aIwc+Je6C76;B3x#Qd(;pXz&0X>T64JA{0iQAtd{g2U3
z)%s%ny_ti0Y^R&tG_MzY`*PD{;JyajIUU7;M(O|CVSoPhJSzESN?I()FUspC2&jH{
zcOpyyw)A_%hv?f|iUX(0KKZ8{_<G;X)knz++vB=k>ye3qdoyr5K7!6g-<s7U+<H+U
zGZGEt=k<aQU!RozZUAm!pd@gT?4Kv}2p2qO>sv#5f$P(Wz^&hkeppx%z@!f!?+tEt
ze?xopjEEJiIr%$^|8E2C>b*+>rLqq9fG*TxEmJ~~Bxc)~W)QwOr119w^#bt4^&$_A
z>V=-N?F0mafA+jw0?0!<v6l=g(eg)rk8pF>!#^c|+(vum!6kuJv|aF$#;e|6@@A$s
zm>H=nO2LEq{{`xmA5s$duHbERkMohs*Wc@T__YdN#Ww8Ahn57IWgWfRBfK1aI{&*p
z@&WRj315i-ukrAbfGhBx>k(c~|IY2HdkrPEy_^%Gw#?USw6nUZMEm*f>am?}eC3SZ
z=$-HJ_CO&G=ySBB@gCaFd>vI1cv0x?lpfp5rH`w6VZ(|q-UhtYBT52K3cTUHz{{2!
z@+b8I&=(x8p|2kTx3RV)@Q~2Qej2W(t7wXt#;2~nm%5sgy2?8}ed+I@^Yie!X{k{3
zB>yU1QsGJXMPvv3{=|~N_htU?31#zT-*1{Tu6KKx7k^w8z<nCHW_^ja(>H6lg77?~
zDczkZN>2HZa`P$oztkz1MLEq^q^Pi!48x}`UqK*Bd4pH}^v^CYa@lyw&!_w-!S9i}
zytY&3_(NXHkV`!~xvbxtso(UylE8S`R}4Ll96M+3cPtn7Vs4uzczFkSYbSwk8Sf|!
zPtW(YscDja7wtqIp3HiYawlZAOTT4>d!bF7I7|BnlsMd|{9qyKucp3gXV2c-iBPWe
z%#y%=OFKJH_T|<Lx!?0cT$j;~haVZw{nT%o;<fV}^^q%c$8#v<UZdQdXOslamv*E-
zdY(o8lX=d{KO*~0(Z|RO=agu9G(FFN4yp>t^nNp+sa1cI`L~{W)6Ojk+~Ci*>JNsy
zyh}a&-kayItb6l(oZp+5_oLM7vr|`RrmhrxnU~)Kzhh>JwlD0b$C366{WLHCGwch3
zhj*lZ=aqPRY$m?)>b=(HYc8hs?17)4|5N^Cp+675IrNvqpYtO<@_XUXxAwx2YSr+R
zULT{q6&IHTekJ_ir@DVR?RDeRYkT1bEAsNr`z%H+`1p|aN-y*9aq?&5V>0C{J_Uc2
zPYNGCg!0f)s(;G9)T-=D+IM?(wipTBHjp$V|NA{1|832?4frwO2d0;hs|EP^y^KFw
zFSw-VF*fD*=$B}~JWd#PkNa0se*URFPM)@@kC5?qG5#p@&2_=^C*`iA@28gqj*T*{
z<f&i+%1iz8sNYKc3#I;D)K^7Ny|9JBNK)s~$R3}=SG3>p_tXzS|FyEd{-oR2^q*lL
z+b@`9TJr@$*>B#F{{Lr*&fD=)X8S4qyPKT;dQaGr&pQB5{x0GF5rJS}&TLN}{AG`D
zbNBl%Ee{Ia-c5VUZz>7g!F9pK8V~5#{=OCUabH(5MdAH5%A4_$z+Qs4lT-bJ|M_^s
zhcv-Qn_}cX+LRnUC>RV>{setN^pJ6>`q_GLwj7<`*o(gEBd(slM}S-Yi;@6h2>W9S
zF8vaVvpS-TJnk7vRkv!bjN21SYPG!e2yj*dr%}cy{qy&6owwOc<D&}F@(2@p%lmo8
z4SkS5p_8IK;QhKJ@T|b=jZRwoW$9gWdf`K@{S;W`7d{WTO}CY3`|ho&@oM^KD)0+?
zhOWQoE&yMBQ~kReIEC{|0?+ME|78AC>nMYcS7hs1Pxg}UCsWTV$PWglJW>+4pDq_%
zsPU-RmuKhH=MdEnT&{<u`ZI!hcea)Uo)-Ezp~wE@ekU$J)XR1-7o2DQO)%|uJNrzy
zdO#p(#DE`29L+z=`izn%rqd^K)_{Q7(rUyGkatqkjQ4qI-X~pVyttAwrrmDZ&$=xq
z8i6wx8-oKHUN{3@NWmNK!8_E4*FOc%IsUiP2L#;j0fGki^a~736^Qq_KpM2$-I1!9
zr!)R0)SX^;THS=Y@#D<vH&ik>)81*?k&0oaz0I^=H0>wd9c6)ljG$RMZ{Jpd*Dhek
zDr6S!>|?~{GRvk@Uok8cU${^JG%r+>20FM4IrlE-Cutaio2USQHE!j#!9cjBGcqb<
zZwWicn9jwOX3NINJ7#-p7k?e5(biB1(xR(Or-2%qyBbUR*PZf%U?BOJaeAxKKi{-h
zC$8DsYuRjXl13DKXKt%>qGeU&YBPRPm%XBSZNAyOBY#Fg^%F_UY<}zG>L)HZ+!!2F
z#phbiv1WV0vvQ*@>z~Ewkh(6-xCRR{xV8eb=E>-Cx)&*9zAR@S>Obkd3!2TXUD2dM
z2c7bX*NiVLgdv;uBNcNg>F)khzvJ<F6Xiwo!fC>=4au+pG8ayjhb>)^{&P*|2zUD|
z_@liU97Q{P&{9JFOlR&CRrqs`*L05b$Ez;A@p{*4yxw)s<29W<dmpbF1f2>o&^zVV
zxl?|^EgOy4>oO}&pKB&T^UbZyXRKlc?~?naC&L(A8wfj>>hgc4ycKVtV0}d`7t`dz
z3_I6O3p>%7$vr%JvYOjV!!_F?$6C(rrc)VmrWA&1-i^5a1VeA8y~(uKyMOx$9cW%U
z%&OTCO(fg>`tgQJ>C1fSXZ+f#aQu8T9DiUAw=_CbUd`kBaT$mE+pA?FmMRLYEi@fH
z1k;8{Spc=t!^V((O~u5JeO|>Bd1lJ9sUa5BG$}qGDDq^c+z4EO-^6by9xan+axDd_
zj8b43rJ;%`M(Oy9X-5C?73D_%P(`WHzn~&yZ*zZfi{SbGiiN7i-4(6!+q|^gbTsZ|
z)bX3uYq$N6ymS1rk%~sMdD$>2DAZ`i$5%AE<13|z2S(;=#;09fxeL;0Ia8iyEy}0P
z3<eUT)nj;o>C971#A&LM`DP@wX3b(Fc9-16F99=gnok~lL27=Si1$ziwTW%lY+hVz
z4xe06YsBOLo$1V|G@Wr(yf&SiJhF=Eb+oxcXzY@TMyqCH<N-52s!&=qlLOK;W!X#3
z8aFbpi8T}{w48?W8~2z~*fgu0#r7bh4?E|VoAE~~N>x*l3e)X3RGvmEW(tcsFC4$7
zVy5NIOsJ+Kx;Gt3R;T-KyH?GnNSPU*>UP$;!N?}lnYrC<m<g+TTk(ez)VRY;RTJ&G
zhwughsx$iUZnck53(lyFsrGs1kw!Vau^<g0L!q{zx`5dptB_anXE|Yb<P(tt(qonN
zW7^A2r!Oy}TN448DI+co)l?d>EliQsytFj4IM@aZ#CK7t>C}~)HHFd5i6=AWQe&m5
zOpueB%inSril0|8Q3lqSJUkO3)5UzM7s9a*7?m}j=L;NfK82y>&gbB7d-EA)3HLgm
zp_;Wl&*uXQEtjhK?BH7ZV!Fp2BtWBjIz#bmS$i!_yp_q^S0?kQ^Z+iH8?x7iYu<~L
zh2m2(=QDa`dOp?IL-qp##GTBG9;Q>8H~KfwR;&W)7VNcT%%$oab184+&!5Wy7tGC^
zztYV4%a@zaGk>ozf1P@J&NE^I3j_~pcb>miI?}vwyR>S=3i)Ao?%*fcKZBmvxN}%{
zLi|U6!Tq`Q4B4Ok9ZCSpA3K!GB|EYai^+YrU3rY&m5srQ9*?T<Hz>=I>(q{{Z`6wM
z-(>AkOJq;}PI@vucmoAq_6EJ)@1sJ6>eIq1*+tp6=5y;_@MGz>@U!@xP4c37;XHo8
zn%KD6py$d%HfYw(V0R)P7Lk3X<<<25ECu9`(a%w38NKMG-AC`qB))v)L<9c#O?92x
zq2)#WvugbQn_Z9JbS4PAUdFEmMXy56!WI04Te^(cTQXTrpXbM=H)`3bLiX?VhP`hl
zhT)Vas9JYZ%ZiUt`?~CvT>Crrh3wc@%}n;y^U=J7{rW@MuL~+nr!3@5Wy4NJ*7@Uy
zE!c0E_A73l%t7;F_UqTP_Ukcfzn&}IjbF%qeL4H}-(_*pB>Ocxj^3<4xI$)SamHpX
z!!Yf9S(DO5Da&>ZBMaG=^tfG1BT|ZGthRT5ubxr%#rEoTalxOz|K3*7DsY<@mxmmU
z(~!MR2JLUxWxwThPuul;si(H<Ka@)m4^qpkMl2#+J1sx66C$#=oTYd<!txp=La%Z6
zKaJhmOmhgsh~1eXzuzgO+Ptt;h}Vd1<zG02q%F>p-=~7vFT)?^bD%xV9|WxYu|n>Z
zW|7#h>b^QW-jL!?|5ABfjhils3}>RwtdM>+FLb4+MhtJ2pkpm}$<mbkf<7~G+Lyz}
z-0_+C5V-OOK2}S+{}<px4V*5e<oWo*?b5a8g{7DnLCIp(--U(T2{)Ae3w~%`-kl#x
z5&2_u0af~Q>MQ@!`BtN#Q|Kv3Wm@kTDg)H4f6hW-h4xLJm^`OYUfCf;+V~u`m-1@9
zj49q!rCxb5ef(}MmB%L|X*+#>Ha5*kh07+7PIFN3b$>;xg5gy{YI18t0#$mDDKLzf
zWXQ9eXszW;K%-EClkldHuq8LKZ|2K2B2~>-FLig^CwMQF>^Izzm^rnC2H9RuGmlTB
zq}zT;5OH&fs9RP%T&d-m`U*6hn-$NuY&KEhmNNQ@rf^FO*$*yQ58vcPsa97|O+@Nj
z{g5<xcg1Sy1>442e(Q_{^%Z4z2BRfb^OAkdm9B6UwcpoQl!u-3Dk_B&(?C59I4nQC
z3z+en6d1Su5gFu}mB{N=$&xezVWY^mZ%2+b9T+?M-!!(9t!e!)WMlZy`d<^hQu^Pf
zjQzxP?pFOnxi(^#XERY{gfLppP)sz_5b;tYT=YcsSR^ZF{(R;q-13eQo79bZLJTGD
zkxq(|H1#M-N|DZduw=$>^GFBD8qzr{lqMb7y^;r~>BTF_L@qp5=%u299w^D%h`pfb
z1x?Fx#><336!as+#wTRs{(T=oX8JV*MPKB#bi$p-YpplC#m8}}M0)16k#;n}{MQeK
zV3t{NrrwH&Dk{T}L#?Kp(TZ%Ox0bzkCe=)?m?9hPR4aa2S%!M+E44y7e_0|e`;>FP
zPdTH7aQ3pAmnp&-n4bL$u-}Y^e6Fli+oI^%J_-3+@QW!D`a!#lT6Fb^CbC*&Kcz3l
z$CWA?dC~nD=Lk(_KM~^+VYEtUEmBd1Y@D(di9Ux29)`e>Uj!1W>BK^_=Jk~PlBTy4
z1swEd)+BqQw<CI_w|%?O+l6DHw>%zua{V4g>|^jNqRmiNp#0O=USGjlZaP8pF6Yjv
zLWx+_4pb~8wSSuN38iXoUv%%dR>pg&l#053HIZAT+F)I6ZbtbldMdA3e~;zsx|fg7
zWTKcO_xxWM(DpTO54MdA6Oh_J3NOmsKdxa)8C)X+re|G|KCU}87<haIB<_}Qg+T^o
ztuQ6$^{KY}Mbn_{Dh~-8N71Y9bjKd1Y^3{03A>?8)oH-4(on_!we1Zw(sV+5!$fI|
zCsX(z(@RT}G~M1JYe)XtTZFo$DDUQT!Oy+?w70bKulIa87d&6Be_Vcmu$>?IYi|kA
zC$FR^Vw5c7r@f^z{k%#)uT{_CIDYww`Z+_V{LJ+8CjES_dOkn>{7(H`u+ZMJ+<R_1
zlSR83#e7^_W!7wu9PEq&B`}>C!>U)gEyL+={Msqbs7AX1hCGA+$4zl(TkxRWyod4o
z1SE)cUn-N*_pSAAm#f=mHRkxEYw5Q%@GYmgkOH<Ey6M~}xS*v;XjEpr`A(rbQO<SA
z<=ol|&6E^Lk&<n1QiOf%`u6z(GTyAjGhMzzm2Z{j&V3?DQT|lS?WQxT)UtOoos-$D
zMwN?(xLb$WTw544?QprthQgpLg&TZ3S9*^2mn|hFIloP`zexQus*qh}+EWY7>z7nA
zqDgg=>&~n@tM2SG7bjpbu)TI4mSwcDC5j|oPQfh0S)wmb5-(CdvC^vqE5F@Rr0@2*
zAV@1+?wO!0aS$Z|Dww{O_wxHLrj*2q`g!6wev?N~A|WJ`9GwtJRaIE$hE#=h?)_4s
zzgIz;mR>5xj)AMujaJhS!ZYP@Vm-e}UBFwRr6Sf{0SI9oTFuQ}mM6NW@?QG<Kf5E=
z>gp*4WtZrUseX33mrz-{#%Ay{Q`+0??l@1wJv9wi*_fo?k5<WSbh$^%yS!AZYZ<}k
znbZ<mP4B3WsJ+*{$b<RjZo$CZEdPj*tYyDs+FLFAlV$9ErRKs*&yW1zydOk<AUj=u
zp6%<i<wjx4wQ#N}vd+cExI%h``c`VPW!Ab^DEEcn5w5n6um6JRLI#|P=vv`_wN&=`
z-?{Ssl8RxSbRih&Cycb*T_sQBeI`|HMdA^4l}aW-(>(N>j?n7EIPql}oQM^^Tzo?7
zZ_NkVKSbX+97VlMG`sI04YC@8?(wRr#gq%#?}-(CP^A%AR&WStIID`*?%4QYMr-2#
z68?@Tfd@(GG^|@QV!xDE(jw%>2DHrG@{4>F_~<mN`O!JNLz#G=e=X<sCVqs*8m#sf
zxt2fV-kHjPw1}H*CDE#WB7r+4;Ny=)wEP^wPg1tAhfU{@&QX=YNMF;LHO&1BZ#qYT
zv(?;|yT9c&`AkFgJBd-Sj9lN4C!ZeUn`10oRcULKx-Qk7Q`ay(fzi!Bw0Af2OOlbP
zF-rwR=u&eyvau1noqLhL+Y2gKpp5exQ8gkJ2q+(g?T)aWaN`H>Mv+J7sn;@{8wA1d
za){_vh4tw1LJnCZW5nd7lKWTOXNg*_(gKax8`rq=c;Vq|G59j$vnt(zGXfe@ZzxPf
z#r5_)b9FB*qjxa9M(jf_nXo&hGfY@L!;)+Hvz%Mz^V7?m9m||Kyhfgq_RG@kKjOE4
z^YpCtw@#7vyU!2}J)n@0^5J>6DXU@X-kYn`eb#&}lqE4p+3Rod;ANZ4)-gCWb{Q22
zE|o>w&%{tr=1!z@b&?c_DeH6Sq|EhKq#nwOU@_DZ=Ovp#%u>`Qi$Sv-Sr2c|Wf`)+
zER-6<V->CZ8nFOSJuxqvpLlcvAVnvz6m4D#A(GP=^pbF=R4QT-NQ#Wy$B`O^SjuI(
zCg@?nB@||~Xca#jQt-$rdTtMtG)*Y!LP{mrp#qwICQ2o}-tO|}?}ceu^LI2wlFxhd
zU70R_d-nP);Z4T+>^e)<CsenZA%G3y<b~i?$bcBZDCR`2<qv{e&W|FvHo3^MG9LrM
z-N;kj-#Y>8_4iS~zal)VmNmV%NXxy@TdROi)0@6c)0=-^N--f%|Grmx(*<%&v_fxc
z)Bq7rogxcJu2^i;Qp0@<$6H<V(|P`)6wTU4)DE%f#rsV8NhU4!6HtmfLyPxs=SFDp
zjT9|<jQRUN5kmC2Qe>DFpD-=WiriO;whPA}bp=>6u1=;!<69AVmz#vh6Qco2Z-jbz
zf3Dm)f2Kv6+!zfpG`W^Prmce?rp@Ciw@@W(?u=$hL&E%hpC6e&>?0&F4cS{|qq-l@
z4!u3I3VMhP@Wn0y2$TUd(!a9-X8)AwTwCt`jatdpESb)zgWROV|0G{ach{z&jP8cB
zy8Ec^E_U+MRZqus**luwB*I{OzM&-E>dr(tZ_@U`&F-*tfA9PJ{mtv%-?MAe{nfk>
z{r3Si6={0Zw`qFx?|pjo@5==L{(hCo|2%lz`Jb9jDkXldYOedZx|8;IXDtX)z!{hI
z9fcX!UYqK<*WNPXC$>ra#1mfpM5;bcY2qi^h@SxCep{xvccB`i<rpE<+^r35@D&I{
z5s&6)X|~+P3l<2hvCr;<G8aOLbl+bHcVXpL3t?}W&rAvBR3~#G7_olRfz+Pt=6w(D
z+WcrK)dC1i@!RD}wzI^!{5r$kI@(tnX1>`zN@2pNggN8oZBa#8V~v)rGy~)GCyb%U
zgd(#w3jV~7GZE;bUufuZCD0uY`rA0$q+0(yQqTz*m?+RyQJ_x+`Y@^){lhS<2Gs>w
zv$cW9Ks69|qyokh_h!K5BCv^PAg}-g{%Ct90<$>D4-o?t0uRgQA`^k7H)bPH$qVrb
zsGMoRCgHwvj@qRlZALvA9AKy1`#iach^^?+sl0Go&X))GEAy3g{nEKS3&9DVy^zNs
zh2&;|#4XH^;t$Iw`uxF&J^4vj*JrP}{S^m58G=Xrgqq1mvgD&o9dOMEZ~gr$xq_a_
zEV?^?0OiNkM7f)}_K|3`{2hZ$;t~E~9-Al%CsZ1ibNfv0gke<^X(HF@2C;u2f6YMR
z+vfJaKo4#QoJMa~(KlHcQbGP;ozoN?Jc}X#XK_sx?KG)pc}WnOv482?G{5lgy|w#*
zf8Q&=@Zfdl7i!Sb)8<F-luoC{KVS9x)#!-~N3P|M;mlKy8BQzr*~2-S4Z!B9l2=`v
zSl<4Pw^_@p<DrC%{d*}zdfUH+crwPXZ`0%V@BQ)n_q~qagV%lhYS1#29C@*l&atkr
zlRi?hR^I38e`<WbqU|YfgbS>oto&(F?Jc}%_4Znf5Zif{VT5?RoO}2AiGrl1qNP?E
zrG5Upach@^m-L6j47ogd*?GM9PM~f<FufSv(xdcxZB(`~xJfPcFM8Q$^U-OGT0?cG
z=^Xv8JaP7VPkva32MYJF7ia0CC(^%$Sf>$NC|#z|&*)J?&TJ&FN=B12DDN}($aiIl
zb~b1|?b>1PZq!xF619zGxeZ5|K-kQ$-uR=>3Q`rntOcTnlINschOktZ5|$p|P4c^{
zNl$kFj+WhTlNb9Y2POw3OOqwZqGZ2hVRE-*ffy51@$?j71UbUJM4G?|rDO4Wo14+9
z)Ef6USYo_J*~C=1z!C1yED+sC(U<oclW0R|_Q`uQ_(O(0qIm-<c6~*qWj|xa$7loS
zm_pMYp?o!5>~7lQD=_Z8XvCl>I<h5s1o-65GWWcJJZMJtNyAq9F8&l#qOYpZJ>aKK
ze)IOc$hVre2cz#A3q}=UhaYLiPcCGi4vG_}#*B|Em(8kFkb+uR>3$0Vz;vV&o7`uI
z$aMry5wq8SFjN0qvB)WN9IhlPq4>hcwR%EoTqd&Bh+Rdj3!a?v5PqS;Ft7+Qh<-b4
zud|v*R0NEc(|Mn)@$~cE!}iD2id=x%$a2P%TQ$q3CkXDDQA~UQ5nrH$P|~-&s)MNd
zcqJ6$uHra)$evcNwrH+qVknf5ghTnC{Za){8L_9u7;lGRPX!f;$GM?357bKTlJ^mf
zSc)WS#KekMy-}1Wx;(pFtPdv=PlR74nGrIfZGhM&S|bsbC%1ICeYzW}**@c2X8cT+
zn~r^bOF|rLnY7mhgxNei5FMvGzOU-|Ot0e@B0*!m<rL9x3H*xeZrO6pqib;CG1oH(
z2oHu41d|j^3arTep1p+lTalypQT>LQdR;eKMhT9uH=CCX%U~_ZvgF>$fr_GKQrX8#
z-Q)IWS}~NenwfOxszSGtC$cNgM_<dLS5pX*E?iSl6>?^SHpFNL$_&MizU{b9LZVSk
zCAtd8msAuc4^#U1>`EEK{rzPOqpN~C;KY(}3BR-v8x0UVjAKfn&tfZnN~uquGXG_k
zb4s~*E{SOtyBKl>R}r*e5L6YiKQQf=!}ePD`Z;tP`2|3yRCcxnqkCHM(<{y9MNoPI
zpQA@_r&L+a=>Q-gQ-IRD$wJ?lEZ-nr3UDF&P0M!O?;<7RBMZf+N>pkk&N*yuO0RMP
zNz8pQ;akvEQAOB(SLQ8Z*-u+I;>yjM<<r-hHElEY61N&d2r-XD^sPx2%njQctmbRk
zOIswMPZLDpDZ=(-IY9unnWE?^P;>(=jAf)k8Aj|c)UoWb<>I_b+`$d--u2-9PRRK$
zOt_gb;ZLjZ@bTjiR6kV<1!-LeEt<~kLi3Q3ksq4&cC&4JzWMN7|EvE@<DS*#Lhr60
z;h!_UXCcm<gA+@f%=YL)vB<{@CRy<Uxh=Jv!C~h*{I)xZyHlYsZVSRBtf&lUahX-K
zChCUm3t&1+3Z-wD+82v}RP|yW5ZjXwe7n52oC8FvIuf5Cbic-|Ssghb701U;LR{vb
z=|sq0i^n+nuH}rxidpFXN<Hgx-|ygPrVw!A!f$b<|Ge>=%^PqaoQ2ir)ySom-6dhH
zg~@*Cqsn0zIYW6DATQQ0J{2w~n({SZp$^%d?p%!Q!qOo8cOuJtWfdQRRD(y|Crkze
z5Uaz#?iHMihF^jKf6$PVtW(vCUHL1Hq_!YwKN(f}FCFgRyaDof&XO4a4$Rrcf_~6^
zq@U%S#)OP51gr7Wgz`=0{1*}w3vj!8<7<jbN6KZb2=8Wf{_*O38guDuX^MCx@(OLF
zp;Z0})WMnSY?vMR70JE+4Wa$B)linE_n^7#Ck!5-FS>8OO+%hPHhBjdGn4&-%=gjy
z*K)3<x)+1@LP+*yEi>^VV6``>^`&K{1-z|m{x}#tRh$J=VW7a#a?)M0cwk;);qJt6
z=DvbY1_@`+!<2+mAV2W3`bJeJxd#>HehJmw-zrYr<^G)nHiDXaFo35~t*$cGkLjE}
z1^O{sZd2=icB9okx=}i*`#69;TFzO+gv9Wt&mN}uP00DS)(5)W;P<5!^vjcFX5WU0
z&<C8^m4J~A%>(lkZvi8SjZPO5Z{JP5WbH^hGdx;K{El*-J#L-?xKpv?^VHTmT-ksF
zlRcUG6=egyf?~<%(sQNyCmouYsvr4D$QiE0@O7%nNU8FgPribXjQ!yH4KQ3r^bbq?
zDW96oiKWH@vs6)`=`_N$%(CR}X1uY#qQdbNQ-$A7ql|E8aeFilqfC`5Gt?_HQ{r`+
z1g;Y<<J<=!uyf_Ec?ainekWJL2bp3N4D?GO#YCw*MeGniqgG&v{+9WCj*U~j`AzDL
zXCzyS4MCWBxqAIGUQ6tODUO|Cicd=HD7|H$yH@XW8>I|QPE06y*a>)JHDVVEaBsYc
zAIOd0vr}}>A_r&nsz&z;9bPR!j_E9OkETC~x2bEzM~fuLnp12x@f^?6QwG1nKFn?<
z{E58<Vgnl&DdF%kp0FRfKirER;9aWn$Ki)~9tfzAoop}`TwYq&xilF0w&h$-@Wth2
zJi4&5u5(E+`X81TgxP4V+>jhXd`A58{?^KksS=Sl*pWdEc8;)fVHL{7--ZqV7l9ZP
zuwJHxrYEX^Ov`>9>Jr8|#t;k@&!r^zj#Mjju;DcdiYY9IE!6sT_eV^i<ON>I-Bn4u
z&1}B96!jBtA8%y}o&HD&g&|-d031~z7$@Yrp5fmmg0bFAMZ_U~hEA&4RH6$Nr1PLq
zqzKBDOOe`?I8duB(Er6=DxN-yadgQ?bjvU0v7k2bGr4k(Ur@=xtsPJ2sq<BNEIn`z
z@A(stWdcnm)0DmP`15xNz`YiXp#1+7Nf5*F|0#8gpUn#-o=~mPDR0K~{N_@^0!8zw
z#e^6ZqDFc#nT)e`7>lX7RWBx?ZpvV;k);P^!<e^)km~33MdG_!Y;I;wBO>b$OE&10
zAxPAP>=G+JmYorVSoUdb|D$0~oS!o7lfaHokbduz`IcRRmZ_-mH6eDTK`3GK8E!*%
z2THH-j?`XrCj1-uQ>H}K`eSyjU&<|v${->jhd(#E--k!JQ8TFDr1=vf&sI4M=NyCg
zk!e`xu2tl7F?^I*vA=L5`!T!TO4odFg7;?*X_H4omzxhB>HV4ZB6G--W}BO54q0vn
zSD4UaTcW@WwwVhJ?@!)581()Spq5i&m@uuYAj@mJ!b3Rxl7Es@upPWbrzEPS@tRFD
z28QKSOzOp$L>VsxKYd-=D~}A~x_Xtl4gUI4M!CU>4zO1*@3w8N%Y5arMyE_Rs+gEG
z2)N__OABG8GcG5dsViBL#ZQK~s4hkeA<N8@1Wy^UU#RO*g=k{YHKCe|%cAe9BVdTF
zl$iw?y%)0AyYKfkp!?_($*Ix}dxhTbYPLsD^MtCg$WjW(!3szMAdwLn0PfWQRwfTh
z_lUzj(;pTL_f3Gp^2qPi@J)L~@(<Ooa%j+(A-#YN;qp5$5vHgjJ^yC&N99+Y$-kw>
zj}MfYZ~myS@uP|Y8N(%eZ%2SV*j{Nqzua_6%<4Atv5O8HmMmPq=5}W9S<`;bY}<T<
zJg?rNA26dX50-Pc%&c}3l9&jPwZ@O93vdVa>x?EGKD2j-6(7;xT6j?PQ@@<N{11yQ
z<DTti{>V^#(C${-;v&=DVYapHXXYb*L!E7lYs}zNW^l7*e`K{S8WIY=Y6V|0^Do(Z
ztr=`L^XsLjgDNRUO;92=FWK9bn8>zeHKE`$W)M<YI>Zd_FoW-#!I#Zo!hGzM+POyz
z|KXdzmad0_E9gS28C))e+_s)UEaJh6P;eD!)uUP=qe^@td)LAlAIy8~@&!M?pGU;q
z$g-bIA0GFI!{clA?#O5YC3xsFbYU;vY%znM$O;+SVYY2Lz<eBn35*EVJ;tk@X5Ve*
zL#Lnro5uE+tS8KB7Sy6c8MhR#ZZ{vyK>rTY{z!MU-K>6zx;#Kf5%h28t}QWMHp)l*
zj#>|=>N@p%uO_H=?~af&e(&Wn87oeX7v)*;K?DO`1KO&0GIZ$Zb+c_F;C7nTNqK-e
zYPD@T!m55FEQ5ePz}G(n@uA=raDRvuTptcT8MdEi3I|%jMOH9r1z(kdOw%*c(DqR9
z-B5f)WjOep)z*FpBMUKqYK8}fg3p=3WGE<&FEO3NWe@3)iECceg^jmWcAxEakJo}N
z>rsDLT3^Ln#so5XW1YxI{yA?X6W0+6zC6~cAIUGQsEsJiCxQHru})~DOE*K%b&&r)
zVKA?U@+VhxoaBrjxjGbFV+LOe2j2(>-wWFxSix0R+p>XS8DQ&v)L#la1OrUvU|66$
z2nDy9jKvD>G=qz+;L`$T`$_qeN3OMkuUWwttl-PxU|WdA5`4*OYh#>GS#3)W2?gH{
z)m&4tJu=`VXW&Q~TnEQIYZFy$kXH3a=A-_6h3It1UL|wQbE|rle()m1b3~~6Mdlg~
z4xtFmK50JaV}|D|L%|Qs;0IRqt5kVCWWNlv0LH6U^-~!SLe(!*mL<Y6ev+$yqzL{=
z7D3hnSpiEk_oL>I3Z{>AN+70>+wc#9Pnf|&e$OfWB<H@Rql!tquODPEiABl3nhR6w
zkl>vEHWrka@amPDjRhk{8Ve%d?K0ce6`FmYGvh^nqyBdDvDES~?s?y={?xSJmvNcZ
z0=_MACits6P3iKFBUuLAdrr*IeO$Ct_|VbcEmw-qk@CZydGaVxeAwsKxGN|wD&_Jw
z)7$7cNYrg_&!c9aLaCz8_U2Do>~U1H=2PS5(PhyC7HfKhWXqP-l@Wfoj8H%0=GwAl
zdBMnAFpAQqtIGn>)#@Ok!&$^9BYPrCMW!_UXIUV!JUP*;?=-Uiu8QoY9{<&>sWxH{
zsE(fsr@_K|1+P0J@W!z)RL(ToC#qlMiJHP%;}!-ou*0;8+&GozCzd8>10vFgxkw&m
zI;T;uzkuf#(L~ipR^gXzq^8igWszwg#Rd*nv#;R!=+b4Q%Yw^l%NV{%`~8vkRQC#W
zyK-(_+G#A6_VaZ6MHrkIzgddV^5n7;{rXgA2sV<@s>rUY*HMuA+4@xT228<hJ<nVA
zhnOf#=djZc7!bIzL5bFAssW=kUt-b_xl~NiI(IXBP{=uK7{x>$J5Z!$qjXehx|HmX
zPoUMxYb8u`o)&wN2-DAjbq_dhbj)w1yQS-i{o-e`!#VrEvcHCYkU*!@=p67r%mgoD
zT=T5bKqMl%Qc9o|<qE3=YJKxk@U$nUA%tTwn_#jPxgD8elQQGI@2)SDW_e`Um@vjr
z96*+R6&FbBmW^=`V;koG(NqE~Vkg?tZq=R1fl^%GjzLJ>Jz2~@+Q>NppdmJq<|UPx
zi`+T>!$C;l$F^w+{#FEW>WhDb$JrA6?=~t4{=+KDuL~#%excMoc@Yx)Ia(d~lRQ}8
zs)5~=0yeK3u+ucKKMAm3YhV{k-B0OAV!8m+;xL9(G12}~!a+p-#psffbo520yt4sW
z^D5tu5VDVzou+viI0j2*%~sru%(GCIU=<~(5bkNeAF6rZh_yfro;_f7*#1y#7<;LE
z2_$qlE03V}VX{=8uN4!RRZ~zA`9Pb$Q8cEXq$Ed?5H0&PIn!O3+*9n|8TQeOyV*wv
z=h{b4#h$4eR|gUbm1R>zMs-x$Xt@sXIu0lm(ogv?<_9sUMqf(y=b9(UzL-TdztI-f
zKh}tam4M+MtgA-a>~4r%)xwl1DtX>c@%)Y{B@2i?sXZ{~e0H)z>@S?pHft);g*aHC
z?(scjp2wEhz|sgdY=EB);H84^mRp$Pgq#od&4Zpi3#Z1yB`);ev8;qy?}xcAW6sm_
z-Ce&4Yz3b4jee8XCa{-$dHtsUCnf)!ezW3Z1>m36Z}xq^NByRU`QP%*{C|b|ZU3GB
z?EHW9)y)6qjQLl*yQU*j6m~FwomL*MSvg~92o<*G*vPmr8{@c;os}O4`Ps4H-%r55
z$A)X3G@Abm7Y*TJ35(72f91w*gIQ{SmT11p*+l+{dlfhTAjzitf&U)eBJ6w*_TMk^
zVb}?TYfdbmfq_)DJHTpQgmYj8mYgbtI3xBG0GQ3~aJ}uxfxi5Q5Zoa<_<xA}jBm@r
zTZX^4ZAP&&mx;znXWugI?;>9z5O(OFYBDPTcsAVj*vP)2_-Sz4dUhM9Unnjj+SR-;
zIKN-h9@#B4{FL$;MT{>JHtpkRor(%7icQ|)G<#6|S^$g4d6-Ds&K30Med*7$(jVkB
zM+v0TpMI(%YD1MiA%ZSn{IsemLOI@fWduLQO$b|eW`K!p?(1@mTLbI;q`I>bn~n?y
ze92lf^(=o*$ZidZK!nwfLupSMF|1nbr=6lk)@(Ck>|)&F^TFi)j*rh#<)ohwpW}>g
zi@il8z0=b}RDy(vf6V9GG94g#4@th%%#DmcKBHWOJ&EnYtuI)LgwxgMX5_O-jsree
zCer=C)Wj}EI$oVFtK|m}9Y<_;&Y<KT(T?O5UZu!ha@2FK>Fi;~c_*Sd=}J2M)ER89
zO#o$h&-nD0#1R<gaOlv;{&H$BWGB>o^(V3jyW|g{!3lxrW)bq9Nq2(rhHE~F^bOT)
zF<RCru?&PFIWiqjG7TC2Ej0mI_*a7Wry=JA@gkb`TVgb&9x(%J-R6&FR>iIsF~sfY
zAuD=T@*-qvEoPj6U5^fk8_={lt;DY~iso~NID014N|GZbjQ17kmY^B&ykk<ouF(DY
z2cEo<0bRm{m#6R{^DFp|d`nR2&wma+anFhYvHM7Sk{8954;wiq6u+R5v?)gHMkq{#
zZzgdj7(n<;em9L=h5u`T-|4=?rljIeLgM+M93~XJvYKQ~=LiX(7$t{0aZP5&PY{b?
zZxk{cZ^~RN(w*)KU9ze#1+PllioTWXr{%3rfS^6XZ9>~w>1t|0H_^d5UrzE!`UmWE
z;pm%l#g!JSIWlq-7Hln_Df%&;?}N!bp+D`6A1Uh;=$N$I^bAF}LVx<@5MJU^1x|Hj
zuoWMjk%I?%MjaCs6?L<wf3zc1b4-*eEis!%m*T3&x;tCp3syzAr_xj``?AuoEn&|{
z$;gjf2uT>R`AYC_z+4**Bz_?`&DwYD35PO+<3bMRo)5w(nS;?^)p8G|XNdK>$nSs1
z`5rueRkW(^-e3dzuXND~nl&q;B!=m4)_i2d`ijNRsVl6%@uV`d=7Z?a<b?niz1l+W
zZm4ceSBg9pvQPC3MruXj7acnUelfe$9BJGFPaOENSW|uNT(s<y6h}cHKDG45v1N0l
znQf*~|4~B>$JOi7yabWFz(s?2kgkCK(xXxIW|rRANUdOGU~E;S%46hLCuR#m2M1z=
z8_wfW=79_~Ew6H&SgYPO@oxa#K8U@7_gVG@IwbZ5YykFj^^0-2rbLf{>?NLg0Vez$
zo!u@d(hW!YiIqd2WWX%I;8yVn3x^TIHzBRjQZ1ygJvuwFJga>QYuf~E%S=ey)AVmm
zNn|(lSpwI@TO?Kpj1jhQNZmYUS~WbsslC)Hr3|ac>yUVdGFp#VO*1jOjKZv;Odmnx
zX6T||rQB<D8ZCc@!c=@~oft7DEv{zsdC8*$qh&vNdm8@;1}80EHb(x<8S)F#D8?Y&
z@E5dxK&c6}kN7Bz)QJ%$4eyH?V*n?-l+{~TdgH{hIcJnf$7N(Pb6><Xga4~%Fkjq4
zG-+{ae^G%NhzM*VrwiE_v2vNktYa>c;&8MM`t{|le@Xrf5|@=RbugL>OZ_Bfgd-R+
z^4w%Czgn_vZHb(0i4{V^7~G8&`2hlC>aZSgy#7!`6(VEabCqw>*^l5Rd_2*ol4eSt
z6xm|?!Q@v_uOdfCr8*rQ`Hlp*mAkL-Ho4j#uOBQ?A+dzcel#E5kh0h;mYB|Vcj^%m
zA~DE^L&%H3`8jZ;wHx`x2Ej%heZ~ExO6|z*15^<U$}>*`77$C{_GId`=w>W9t+aEI
zic6SL&S_~CyD)>;h4tb){QbMIV`5v_$>Hb9XMerSA0~6*@FI9&Uh3va-2N4M64|)M
zbXh}M5jmp=D*4T-**<+AghsQkxJSw(=W;FnvTYU|1CjO|(}AO~Dh|MTsJ58DF~MTb
z5ziz7S$mf`WP7NF^UXi!MdD_83rr#ealqlH!U1=Y0*K+9V$sW!k$P!j+qOE@Li9JX
z9ZJZNY43^L!sXs4*#)o~X)ZFxZ>q1?RPt~EPnM??_<elv$vp+EZl*9<tZyvYO$N0Q
zI4Blp&-r&28%?{L|CXA;v^_*ZycoBI6mRbgi4lj;L2Q=6nY(W>je}d0dr7k^6U}Rb
zX5Z!N(H3JOJZ}dN>+S9OIYBftOSV|X!7ptwN>4724oL1RMORRCm3k8CyTv$TrE&P8
zD=)X2yYh{nw-T?|WwktK+|pLqW-MqsDSqh8Eyh`GVS8EFe$IV$LrH*&#Yg__!!Dx|
zIFnZb@X$r(gCJY}ns6Y<lMdtXHq#jOK9)LuaD1$BPrw2jws(YW{8_UgyKV#~kG?ur
zHAc6~aaALf;gKHX$_lC{TwIHjDu~S!M8ftn;hN{J+Am};4{6dfVv?_d`|4Gekl#Pj
zFd~l-JVL<9A_91hW66ZsHpA?Z65I15(P%ioo8IyzFjR-+%~2Az{bZ<S$8^N9bW8sO
z(zsVGg=*FtEt8PXLN!lB&n3bcLX=6yGJj_fGd#;URI@5-nekb~l(q-;!&&9gYibt+
zMTn}dUX^Yfd4e=Id-kt8uAnr^@*r}wW@U6kvM61ox>Mq0jGJ3)t2ziYU82v8)*B6L
z?__)<=}9dy^DRenkyy;`DgCV5woUpOn<x(@gi{(mEF`ABRT2S?YV%A8FIl1coAo8A
z=3H5JLXrcOwzSq7H!n*%^fq~ewQ{`$JqzNR+W~`9t*d%tx^K$f>f_Id)l&qG0mjr8
z8nPo)lQ3GUc@(Ny9zCO1Or6jTQ<FSQ9aO#QbK$3!&?1eWT4TY|N15P&(clVpruf*A
z`0vCYaNFl1B5Xgc5phexLqynqGZPX2Er__i-ot8LCY>2AHv=(2TKjY~z|$)JbsUQM
z!;mMoh);u&BFqfP`pd`<A?b@@-ZeX~+&`g01kl)%f5jJu5~*JpKQ3VaM)UjBMz28q
zYyE6?vZc;AYjnB$uB%u5@qgLHs^6|x{SL)Tel(Y6KIbxTTd%@V2uum$)Dk~F5h*Lo
z2h$NLgr{Ugq~Iuahj9+zsv~3@F^xx;H@|;E=gSLae$40Bn$2B#rg36B;lBK=1}D?^
z!D2zAuKV)6U?lZ;MnY|WZ>X0E$xomaOYh$-emu;Q(Ed)*^x$X21h~f=EyE-NBR*my
zHHm-v5828`RH)E>!W;XzPw~WT{v`O2>X<PGQ-`QYS#nY(auTtTRO6_<z|j$ya|IaZ
zWAOE`nYD@gDkojE<QpPdEOppYu2Uz6^o=-H>5{%tQWBA7DrfW;$WJK}3Hk_{&2V~Q
z#V2#;oWe>}!A1|IgN>Lvf{j*~52b^RmYG9vfJ?9uZvPI^=i1gYwTm)?jaHbCWlXIE
zTMQH0zN)VoZ(vJrOCD&}B&H7$<3V4-Ll6zbkRV$v^RO~mDA$DStkjl@K}1UEERb<g
z$OHsjsa&EIV5br&U6vuwak4`fo<d>qX-LCm=C_IFH*21Xyg_o^ly?UEdrflsezJAz
zes~rJd$re>=cUSBsvFHCRtF-(b;KHmhbn9(A^Q_0wOkG@z-&*aH!ET87<@!fE0EAd
zRz35D7@EW*IAXPOp1hnm0|w*UN6@c{M;86M5->Pmj0LrvGr%6@M2St`8rd&V#EVq^
ziDl->O*}SQIsq&pOOH?(VWOd2#fwWyYnX6#r-o0r#vj}NxPeth%QDKVGq5%9N8RKN
z#)3wXCykrijF>C0oW?Q+q#~)-ac|Z913!?wh)+XqIvsoyUq^}Lx6%llE8-{b2?L>g
z6jReOIoZ(Ha;_{-?k@VV9J+<tsJPxe`yFL)#_qD48nB4v>25^slP;v8MgErDS0(~N
zkZCYlqU;U{(fdsBuIv&_1ILim^f(2$_CcRG$S`kl8?p(Y6cWL@Rw-WE!o-^}UwZ5f
zvt?hV0aYjZw~Ty??9G^W=Q9u5P7%4q4;p?4^$!O7MC9${^^7-hwbaf&zd|JC!r;~}
zxAP63$*1G9#b^F_6(e>R?yrRYkir`gkMFsiALkLlPN1Sas?u06E=SHs+kXQ*`l9}W
zFAE0PH``geinhcb_q;e)lo?kaU?7gXu5-6wWN#HHz1IOKG1yhx-HTshW7aX|0Ukn-
z?!?wKlT7o+M*53VXbtTY2WHzR`Q+#^oy(zdIKpZ<l3~>>HExi=JnWKUcii8y#e=xU
z{SyP!#-vmZ>gtUWzpogqm_W>hAW!}VtEjOZ`DWWEd7+w(mT}@n^CA7J%Rst8)Wr6-
z)cElqq?XT?uN<T>XxYk-PN<yAC1(E4*_Y8i80DCZyYfx;=-`&*B*OVgJX2^5edDBf
z!7*0br}<=9GmX(OH)6xK5(k0>+(wNmsBmASlGsHlaphp)9@fw$sGhSiYEcG>=q>kZ
z1@~>Vd4jBD#2(f?;Zrc$`MW%C+mZPnhv;ABnaQ0WtMKgMKL+Q483!r_f`cVv!JD?1
z?1pW$j`UF~&ZSujCk-?Hu=qN}u6eicYiA^<D+>$RO8Q2wo_0Pr#VoY;VG?*z==Svj
z9uDz>Z;h7gsSLnMVGK(6^h0k^bPI#geUgK#pTL%;nJSA#J=S@D%G_7>1K06~JEQ~X
z+2t5i<rqUVK7Z-GbLz|+>w@O+pEXe+QamCrT5VpxSmH#JM{qNdo2ha`(4~$5&S@t4
ztK=P&silmhMP(=5tD`{9YGK;8IDRVA`KjB&i5X13G~Ve-{shiiUcXol#`<+0>0al0
zwo1Rw(Fy}gs<g;}{FF7sZQl}dTH~JbXnG-ZlNV$?5Uk573z#j-pe8wkwQ!__iU<`X
zme54lIW{yDBg*TtUaWW+rBFhykSbIRQHtn8L)qunn{6K{x;JZ{L8eKV52op!XfWs=
z=Fa+HtFKvl)paT2zj|LWAQ1L&R7El$<%DBS8&0;5+Hi9G&<%L`G2Xm7dmxqua7CVD
z#_G1e0a4ooP8?*}m(yFdR3dwepp-?siA{jce#AkjF8822kg(#%zy9%uUG9Fb_^eG~
zD4SpWUxA-9Aigh#pFh3+Iq~x>pnJg2?(-FX9^DCkcCPLnKe%oV3OSdfDQ^r7eHWHT
z>I0ufMv#F5dKQzsPbNfU;2aqGw#;JNM+Iiv&V2SkNaf`esqBs$4pLby>~|l8VB^O-
zgwo+vZR-l$Q}%)D=drTe-le6YO0(_l0{NhbJ+P7u9hNh`QcQi3VtCGpg&ci6Fzj4b
zXa-lCxGW_{{xNXz^ky&m8v$0~4x_(?a@oIuNMbyi&21fW!lvfK=vy8H;_Ll5e4s?j
z<vdy#ip)k`qKWQ>Yc@pIl6ZAHE;QV(ukw9^oGjDP*Th<r%9Hmn`CpPxWJ6M?^?t-5
z8i;h*M@+(%Y;t-5XV9k-@^=~w_725o2R%z#6zO1s*tJC{Af9m@`2yu^@VR&<us2>O
zBBXHrwYjD<dGys;HukmP++Cp|oibFX07OU>evsDjdd*-lXTBJda24b02=!g7WM>_P
zZ*BWfKB$uhFgVdlITeLpx9!8sS4QlQywTo5Blc@4Wh}Tfpbp*a86p^8P8BIN{uQVx
zS;PSwb%$}12)QL)9K7-Ep`jsb&6*CQg#+~f)baWH7>pO6Z!9<&Ho08zXD^a-Ri4pf
zeRPGd%6m_-dK|2z&pm*}M|70G7V&it>>UG*=pE|JEyjTjDuJLX`KBWFt!hhJ?*?9x
zWxNSdy5$O3X<{*N#R>ynR;W(OChB+c_v%`A^7~(?lVK6Me^~uQPXGRx>R&R$LCwb`
zrZ<a)qwkwyt~6RMre|Vu`OsdGxR7fBwm+oljbX&gsWE(yx2)b?P8Iy_8Aal0`bNm8
zMAA{o195q>QE{q-4ZF~t^PCd-WNk}p7mFm8V+oc=UmZDf9A^U5{891{l`&G%h1G1H
zegKw(P+zU?_2XKmW^1w#)285Kt0)DcVL<;Fhf#;Nsu>cGwsv00IV_f|=u5~iA?JK`
zW@MrjzqBifdp<_-^z`1RuCaxazq5oOE1d#Q9gPgtoLd%sNq7<}7G^gz1LTUg+_smL
zcJgTTDiy#lx<h$#pG@{w@57IrE`}?CT^`~<$Urs0`asALYFI*Xl5{V6xN7YQY3)y{
zHG7k^H9@!a*W}OD*uBybvQ#lfeQ@;W{Y5BQ48z4s-@g_W3y*iZ8l<xHh~>B+{8?Fw
zlgcsd8;|{`+J2l+_G8z#A8(v#i2e8<Sb|E&mPhwYUYIr@t4ER3JPYzw;gD!<NO_zL
z+97k&@(%6inAEYS?+~sdQ>Gn%wS|a2n4F(6S{{*U7_wZa{%rn4o1^u+v^jdJn4{hA
zy{Ju6|9k5$Oj0?9XbEF^k!FOvEo=i;%hKpTYY4d-{BB396Q-;*Xb^8iiUvpeG|1tl
zbYUYVDICNnXYY}0klC%tnB4>Y*-d`ir(4c9rE5o*C0<8C^(VD$ZN8NcS#!=D55eC&
zA3;`#FDeL<XS7r%d$aot4iM4OmOkNaU`l`ZBKE<jZf6_(r|pAFU(l1W|F3s38D9hY
z;Dfh;kuPN*gr8#I>5O2YMU?jJgL@VP0w={s2zLs&8;iw0NZh!5qf6Nb@4_H!VRBOT
zLCYBPBB2yH=D~w756<X*i2Mqv+1{Y7gTFz~%e4+F`?=(!OW6nII%OZ!Hz++UQB|t`
z+0SDioFMSBlMAh<bJ{$(kEomROJS0yAhmYLwvlNalt)9qI_n^uMOg<AA_jT-e;_r4
z`U=v0>!7ubSy-9utF7yuVjh&u;84ti2PtvwA_S)9Pw_s8`bj!>e81>O8R@?zK75^D
zdbqL=V!RCv*@_Al!QTtG<`FKZ1H{Y+2avcSF$R#CK-in4!3qmY6iW~famGa^S~br_
zua+Ddh&dbp;Bk7(z`iJf@)Aa&H0O`p$t%?+W5O}Tm4p-W_|Wi~Ws#SXM`Is!MM$<2
z%04J&s3CKO5n*yNIAL5Sq9{m-B$GsEEz|Om?3%!)ZOmYF-zjjhTUqvQ{$0pst3-vA
z5VJ%O)+T44vBrUz0odm<@NtMBP14KY)K)f85Bo-}iE*Pp3h!eEluZ=&s*r_E^qO2`
zk!=KI{Wp~?_D~O5Jlq(W0-g<(n^tn)6J_+Sn4-Xsve~b9N3KxV`60H|u(GX2&Nhcn
zEsMOIJYAZv+t#T~fw2Y#q787$s0z|vP8=nC8>AhYiGO0>JUbr#G6^}^lzyw%lORna
zP;f+Vu~#ZvqDpQeAz<o379Q1!=$x|}@#7yQS+TqGNniEI(T}x!_H+;OnY;8G`RsGZ
zXG5M%$!D_A|E2QT1J9_odXdkDLE7#Iqy%Sm3x6;;uhgGoP4eZ?QRU=ItfBx*YnE@L
z{Xzm;{9MG*uZhrh`_o!Z*!r_w$O%0NZQ`^1dJ1iDU-9nAhTqq;$!5J^H=%_!?qB#7
zd2}~o07Q)Y^zkfa07v-3^4!i}d=>KC)+hBmh3D>Kp1ub1T;k{dI(csYf?Rp-ReAEI
z<heVf<~Q;j-rj#>dG4n6Z{)c-ijnsu&t10c>nzW0d>eW0khUxqo@;OGNuDcv<QsYJ
zbI5b2F8Mzv&%L{Nm-5_yd@6hP|Ksx9GmEsG@SQokkQ4sB<+=Ah7Ft;2zQM1^bH@<n
zAoASd3$mEOmyzcVx$&!z=f2aX=jqxTb}>(119@&=`(G!|g+CG_M5cXi5B!H;PM%vS
zu)dM!{=Mb7M;`q~p6gwn`^_U?XL)Y_SCHo>{XL6?OMW3z3q9~se@wrvVn*#8Q>Z`Z
zRpzcC#8S3_ecn*NlM>JJK$-PY|8S~CDnvO!(n=&)YY=m9ZCUyZwFiGfkMOVa;Q#$~
z5B_D{;HTwH;*WIv$aRIuy;J^onA>tr?yhi;q-wZk9SN^R8kZxfm#YAx;|Q+kAXq8#
zopAix?Q;oNTBw3h-*B&|AfFbEZUBax?5pj`IH4^2(hm0>{2Nqgt!uh=Z6NYTfGn5j
zjN38$;!9s0m6*BY4PxIWJTJ-j!NvF*pXzqjy1~eLl?(X}KqS{>CRWZkC+Z{6vxgAh
z!1vxb&~XCCmCDIDTTbUZkIEUqsp}jKk{fjRR@#Cq?XPi%Q6OYXe%VNy$`4!Ve~;||
z-l%l3tMR>-yN2}W8Cu}52%+PNE>4yE9r1ppKXob}b*IF8HD4!3CzsF{FPU(Zgtt0D
zwThsTb8^3to@T{=AC80PG9RCO|BPmILfyzB^6h5iubs`C<ZGUvN5vETOV88cEb!9x
zTFwcQdq{b#c92FL1Es`;6@q!?e<C80!%C-=)p0_)&L-(Ssi-7wOnebxJS(Lt2|5S0
zB;T?bKMlkCi_t!WgeQj(X)%3}goXG0fXMLjNIwas#%-`7xf`*(ot%J@2&AG#SW6`@
zk{`(<q5RB&!v6$j0GC^O0wj{dn}Eonq}`Xp<uRUtSO0q^>s-kaCFC%a@sLNBPzU**
zN!DaVqS+HA2O1mv1C31r@Bat<U;V-VpZHH7UQ{a}gZ@L#1yvHaa3W!7!{i&-hmke9
zHof>1y=L%}YBCU5HLnRjnO&94$Fs!RALjlVJ1?hI`0is@<g~DJL3z05<7hEFD0u?@
zCs>vwRG(Zy0N9caVKE!K1%Q#qFe3o$p?|Pumdhdz+q28v;eeMw=V(zTCGom6<36z$
zrE<rYCa)LN#H(cCJ*@A)@HU%l<oklNcq;Mj5ZuC!to2P;Q>80kSX2w0<6>|g`3hMt
z--|gm?at*g<;_*so-<cnXZdnr#v}uveOXMo?pwZZrO(gyyx#lLm;bxgyUza~axSd&
z>8;AAw_&~0TicE_y;b`3R^=YNS%!C3xzJMgFScD4c18*%UI!(TQsU$2o<fQBDSq<B
z>G9y_H9d}m98<C2vb)@|3A)Lo+yEtY^HKTmMe17v-qw>tpKSKmO_8pSX0oOdYZT=?
zV^{KsOoY@zf2;X^0g+7ciF)tdr1swL(01}|R>2f{HPzjlTh^c{;Lc&>jWY6m1>DJ*
z;OZ&$h1cW3tGxAS(o~~+7YC<6zuL^<9J!nMO}y5dxtWQA6#ivBO{I*tpFftppO58D
z#(sVRw|YO%fRz}^(-cZm`-!)eOL(jjq^^^+>Csv?Ja3VmhNGR`d_}j_ejcm+cD35U
z4>)s|ZvanlH+W-f*g1%eNk$tX-CC{MkDM8m@PKl+i9lW%&pgU|8`4@*sUY5rDF>bs
zZ|-sbleft`JsDuG`Uq^nv-0|@{2uIR#XWL(y&x$|zU1o%pVm7g32z4%8za|>aF-J(
zD389XK*78j`>Rmrpxa=7Qa5BN?8-madt~yW<b_DFp_)&w8X(dvv0MFA#FZqJ{ztlG
zq)tVq-Yt7S!C#rFT-5$lUo)%Jh&?Q?^|9Ula%`6~yODP}hsL4P$m@>_ZrpE^93Jyu
z9qwF`;q>IY{mf(9a*SnV!uF!<z#dU{oXbu}+5JaulwE&6%C0bMZ%*7K^q>RehzUoW
zdd5GmZN?AP0dm#%Xq%56*@exg2iu$k=2-;D364wx<cd7R*9~b;4iqFC*%;0UX^ZTk
zgW(b?pd<S@eP-<64Ke~r#i+X<9ZTF_@`v6zI!@=i9O5T5P9`LBxF3bvB&WH&P|9~D
zxAsc}+j+UQql?wquN6stIq$(s#7h6A7ArYLp~Xtldz(E6+bJ&VDIO|*W{q1&DipEm
zO+i%>{_us)-(Gy>S7E<9|Id0ZADzC7x%?W~@6L#R0sEcKXR%YF>Q2p!s{17o9jU0g
zU%n@##92$CO6AP$>6}N*ve|{~8PM5DUG|FRwR{_ONB)fOAjw}Wb@ZV)U2ib;h{n(n
zb%#mJNVoI0rgNk(f2m7P{_?KX*5F<DEPqL|*lzMy$Qj4(!e;WIVoS41!_G;5_*`Zt
ze-%Er{0nFDw^HY($tB%tac<g@gVTL2!sjf^b3?;~&yo5h9X{tJK0u>dncTxWo!(i;
zVO26I*dq|8j{{+Rft2pn@j<p3#H%jrO57@&5NY4Nx9n5Q${3huhZpfI*`LcJCwp;W
ztnuX$vh(dh3|$+%^rOfLqMy^q06An*=v-Age0phQqh${etT_Wo!!bZ|4pGA?Xfy3$
z$(wbImx9!iygy_QY?BVyZHcR}FQ|Aezdyv1NneI^NUI5zvv<TITHO&Do)&4Oeew&c
z&z7n7uTbstX&0I-YLhqQQcAb~ds<wiTTIT=G6mT@;>W+;j^${`AFv#G_ME+zrtC!=
zyeo6hhf>(;CnZKK&k#P?U%m40F3B!`v@Y)!Q(V=Hyrb(0w8TEVmCc#I#3b*9zV*MC
zWnRBwo|+vZ{qL`6m6;*bzt;UT*?#2-VAYdy_f~llzfG5MII>2$iSE0y7@QeIjjwZm
zC84GcIc4IHR5Ve~oqDrk%AA=!x$4HijeYCp>{d5tEKzWLRK>DKm-(NWRbPUUoXoZ8
zE#7x!DN{w6Dx;EENc8)$<x+r{D4qkGhWMh2+)b1_%N{#S;_s(e_LU0A6nQG&pqfgy
z7J?+}E2aUhk(3iN>+I7eiq>OU@!6*2WS**$M|?5c12L9ueASkYkzClQEUJ($PLXyn
zZ;YO14CUxBodf@9ca=9)H1R7%X3D42=W=7&H_YM37#gc+;@9M}netfv#C!!P(3={c
zW<&GdLTUvGDtC{30_Vs2L9O?o(Y=xfd~-ymRAe-<g{01V^Zg^<^65AEj^6x`b7beJ
zlznTY02;*yrnP<R2yT&wi4rCIkcgzGsV^KtVCdzM<0N!dsoA0iq`vRP_rXZF%z>l+
zL|r1@s;`4}x#Ku4E}t=D`4H*EH|Pr86>kEbuvNe_K?1)zTRgvq0;)TF3=R2rKDSE#
z<yXt|QP@KcexiFT)I<;Br#2WpUN+|TW~lHS0j99_Zn7VZ>T43X2?iVVOECDH|B`EL
zuh&#Gx|OQEZEh1_Qu4pDCw-zq^v0AL{ddQ(g<Z>Zt}Jxt1({bzebOp&V48Vo`$qbE
zVW;lSaFh@kO{67h`D)m*u>J~D<Ve(ky3R2&KM4B6+~2IF2c6_-R`-1WmwVA5Zs1pI
z5K+vLxTo41n0g^0+3u$DR?yJ;qpbc*>Tf!p`+>ZR#Dd+nldNqV%63OY&t;_Ugf&8{
z`gAmh{^aur_SwWTmyipoFgYMSNM-bHZsR!X%E*4EQ*GK+Dy67B4VvhTtmSwgme=HJ
z0hS)Lj9~!Zm15`?r^2CxQ%H6|z%+#Rx)9p=(Am-s(U895n{%KuP8$oM4Um{g%tPLH
z=;WMMs3sYGLK!8`E_A2Tc{Tp)_4vP#eD>5O@VkHh{KN0Ge765ZUw`@R!HdDjmpcEj
z>-;Di$^M<4ALTCbWqi5(DATC=O@5Sb@}vAen;+$b-zxX&zjc0;d5<7UzxXTP37fV*
z>GKh!Q{uQTM{GE!ZN@KC=d_C~IV@sH-Z6DjTRtv@6kF=vgP^JokZ{tH?>Te2wNp;F
zs$)uDfu7aN7t{8z;#YFI_0!~G$r+s54cBa&{%v)v&^xQ-9V^7;^<q-ntmNDZC$s6L
zoJG;+yCZxKM$WcI4wVBrh2)@<#FL~Zi#>}t66W9xzBRJfDD&1^JW4#qKVawaS_B0*
z@{-6_=q58u1zl*Do7{UBi14pY_iU0J6wOO3NgKmipUv(qyvnd?af<eHr5=1=9UblP
zkB)Zg)PpaQFEA{r2hUI2wB$)-f^X6aA>5ECIgmOxicKCZgw#aN1p15f_{`Ew+fiE{
zuf>}fAItg8XN{I~<N@bKIm{@Uzdkpr-=)uuPE+Sbzjd45s;B>87h83XSxjL{&RqU#
zo1FNM(m3ifdDr&h@MuQoqsJspMER6y#sJUhQ8mp*>=mZNpKA5_yYz5l{ly!uj*uqa
zmRVEh=V$Oak<lE#LZ(f80zR~S>7AKZ3Y%vLJ5V%iInW#Gt2Atm=u_O+veilUUrGI5
zPuBl0=4aer?ZNcP`lE1%8ZnNn$jSPQ{8#FH{c+=q1NzLoe}>&nu(3;aDI<o{LdcFq
zCn=n6`!z{*?Dym>a2<n8JfM0e1g?(Q$K*&mrPUW!5~q@GDcxAccq8O=(C4So;9D6{
z^r_xQ^K|#o43=~3$1{?-ss2a*;P-t)^4s$IfOMzV{YrIO67`i!&&8O4O>u(YneTu3
zc#a(6<2YIAo$kd*!iNphGuv_?2Ft{E8JB0N5UZn^&lxhC1=Y~=8DFI2y3U3`kb~&X
ztYNN=yU|ml5Qsay=jHAdspt3%&f`X8;76{Mb>8mYAJ-f+?VlC@&`i<fEX%o}iD?iQ
z5sSSmnQ;IP`$v!dp+3@<_=jeO?Z>3DyG1#t@D~B`Y+OWB#YIGlm@bm#X3)zQ_Yd`3
zNK@jk)vhRqc2KrVSYK59L&NaE45I^{?sEyR@eh>;qo#Hfotoj=S*+tdOv?1^A3B^j
z8T#;GZk2zi${ncT76v2t&?s}2a=#^Z;K1^%D_;D8@<+Zv`bGR9I%QWM%COTI3-<I9
zhm0#Uok^uhzFD=HluGNBc4eQ=S@{BT1xmaGQ_DrASS(6VqG}6+62L&vh}c{tVb=%D
zs8Z3|(JR$tvzfTJaS6TH&(luy7!n{Wm*}pQsNXLT5MAz}bd(*?ekEgs=zgeaXVaHg
z(`vtIw2?wg)c!0V<zx@eJ1bR}+z}B?e@8hU{bhVg;!4>0IAuaQkg?=sALg@eOlhmK
z)7y&^l1y5qxnkXmO^&p2kEPQLz9^4|eqcV9PBZwD$u~(=5=lO!_mN~aY1@Pz`=a?!
zI)fw?GSUnZZn9~ZN;8Nz^i;&?6=eHWW=2xH9h5wQPf&>6lE4)CWFH?d72gEOcr%Le
z<pL)Uv$Oauw!NSECi)(qD`)x$E3k*_Ou}%Efov2ilkoA9d0b~WY;L3JCnXN%NpV=L
zF#9f7XPC+2wnDX-+)XZMx$P~o1MF?u-^$7kfSRo{2)AL2$@b4->{FgOBX+A`mjlp}
z>G@xrvyqH^Bvp`n3V7%A2V##-kP{4k^NFO`-EQ`EWq?LZ48&?j)E|URS1@8pUitZE
z(C)b=7lM5F;v%q?H)F3*{QR!uEQzP^_QQu%A!x-*ui<}hwI=OQ;;XPXON;UW*yU=g
zI!UmiQhFSPePO-3`4>u_zDs@2Ry&g<XU8+iv(x@&?G+rW_M;(dg@>M~Aab~y&2PKv
zh9n8m5O3EIpGe3cQvOK1Wj=0<mc3*LlvJ#epyLbp3`z9T-D~)*w1lN|bEL96|DZQ-
z;UMiT%%`W4*Ll*!&n*_w)~GGA>FmScddfQkm;A#1vf-1y3VY1aKi8v)pT3LHd=30%
zL%;uJ?J<?R%tvwNQ^IC5<K6drnkQfC{NkGe>zjD@fA4trr+@NIyt_Dbdd^4jm-yE?
z-u<w<FtuDf$2YYo88_G7($o3HiOtHa@=d-l<1_Px{mfCsA^F1aIUsoa3-g72N4M2W
zJ_-{8cF$Q#A9^~!NKT5X_EEKb$>D?y6HrP-`8+wqzD_AA`rW8Sg>z2Xg{Y8Y4-&zL
zgvfA$uVWrDR6M@HLA-WX1m*Jx!tyJv_;uy($3K;fKV9y?C2Z!BXMAIHZTHOdow(q{
zQ@crAao}O}1#;i+j=VODd3-7P@6@kE{+r{;f8kwB>eoU3Yy20=e{J35zeQhK{u5Z=
z$bbLl@?Y#5`R_C2zvi#C{C9`Qf3ve#_~(-UuKq^;`yBZzes+CI{`;5bBm0hSs~7oC
z?C0(|59i8%W}L4{sGMY#CZBu#e?j;wZqjnX`3<{}6M7K--c)Mf*Hri;fU}a2D!1qc
zEb&Nk6&O%OlDlTImgFKcG#mKB_PbeQz6$v*I$O`nGoyAfFJA-s?V{2DI{EGPzvs$t
zlW?DXIs4rZsrilk_U|pf70voae(PO++jRBUS$@0pm&k8-ky#<-ozC=6;|%QcUpJ?Z
z6*$)s9^Vx?AnmP}^Adct$t}BI_JB3waqqx`Y2tAgi;?GX|L8ukdCXR(138~P?4LZJ
z{jGVPzrTv}pu^l-0gorYOoc$tu5=yl*_bli(}}`grXBEdUc%i67aAR&lsJpR8H4xi
z4>~^s<JTh|lpZnh0gShjTD_0AA8)_P@g7X?ReXaU?_GcM#@p>cI>A`!po192WMqk1
z-i0?zFTR6dI8)-f34EI-v2IoF^K;pCxSc7tW$rsG#pBNL2*RfDPU2H9s!-odQlG$<
zk9DfF(|jF|oDH23{N8-iJI*Jj>_R0H))pp-7?(N`zM&SE?=IMHir_H3w2x|slIz^Z
zu>XW;l*9X-k?+gb064wBEov}<$vPF!6R!C*@?C-pi1%(+$M-k+@!qKbgY56O?7RhZ
zJt2Ym#H#S+1@}Mys^a{syu%Q+?nOKRRi=LuLPhxTVJqp-VRT4NA4ud})Zj=!RWN#~
z*tc#T2U+p)gmT6phaHBCLEk&<(3y^UAP8N3lU@!x?8Ycm2>Len0y^a#cA#H!+M(Qi
z>t4TKzm+2f?W(cJFQn(S?owV#v-{JmH*@-@2mR{#?3B-pVjCX;0itJMSIzyO`6@?L
z#VuAPhGXYcp^KZn&_(6JkC2r?f0ZLMba5-+fRiNS>Z>&Jxkb*?l0yq3kx4LO651!9
z=78WN3`&J!>Q8e_QJ?16H@!SF{QIyZAm|vdBKbatd_?BA0!qHl@v@v8AQnS^o#X#w
z?_J=dEUw1?Y)D{1;u91#Dqzs4p`s=VH4)HVlEAaFfml?q3Z_L7uORFSikIMSgokx2
zt=3DcmbTiL)>`db3wVQs00C4)sES%{Uf@|)1Vp*0u)pt_dG?YJy#4!L`u+_c_L*m%
zxt^IhbIzG_&M;Blvrh_eF$!bKm9xR;5xMtwMD7LguIUP7{mUIRfsx6wd$hiv<1Eqf
z61!2+IxAJRy)3o;S=FX*=a@GsUDsdIS9Fx`2)w2YYP3$!&Zh*;U~__2nd1Rk)PIE4
zQtCehl=_d{=!W{wcVxdz)Lt=1{yKlqUtwO1a$-yr2z_6D|HkTxnneFW+1HThZLm&9
zGoLc$=DFyLh#BH`F+<$z*9s!(=@q*M1mEWU8FG;&3;nS8CB8#h8VAnPnxg6!5%D>*
zEPkR4GMDI}$fqx1!RL$~<amc~eia8IbTe`tL$)n|5m*CFOzZ%ORVghgOcrH!ZwFzB
z&S>AC%h+$QU;495{yp|l!{oi$&KuiexBd?L5{I4pui&?GZ_<M~>W5!5nEwX+*1od;
zI)3Z)Kegt!;u7<n^d<f(Ilt$({%`YJkKFJ*zjbJS>yGRHo%yZ(7W`H}G}tpJI>&yy
z@ANdICHCG=2=yTxihpKH0?<jH+bTUS64ZXto#ZNC_zyatviBarSEtU{b<PLpJ<Sh{
zRQ$lRMRjcD!UK5hhOn>%&lbseXs%!-H;I^0$22)&!WeLgd{>Bk#Sh%X&MI_t<QDcY
zx$*>d5ys#W7=sJ>)I~7{Ud0%Y2RDXlFZRP9h+7XRyE0Meb;ucE96U+JLCmpBWIx>h
zN)AoBTvC3$uJI0wc0<xp_7;0MSN5e?jVn^D26rFsi4RIsc;A}eh)_ujexuV9imu08
z7|VY#7vA?c%?K?XndUc?f%7-&!s(e^m^GmlbAmlH%*h^m&mgFTmdwewu*6=@__k(F
zs%SF|37t^Pi5N!{R?G?Z&wP|>>!{Y5KiKWVFJDpfO@`%C>chsqggd;;>=(yl`r>$R
z8;Nv4d2fUNOQiU}Z|lG9^XU%1to^r5{k`zZU+2H=Vp6FU@s0Sa2S<O;UkOh5HvCo7
z*fh`cU(H{Q$f)bk{MFBA(}n*#{ME#(G)cbV2VX;yf6rfSx8DfK*l(~$ArcT&_IIzm
zH``B*Y_U6k2mb2G-v0{z>WMLWF!vXK&0zi;@K+C?_Fu<ey^1|kOMUdnqu-Ukx=?a{
z&tLuD=CAtKe$QVWn!oCC#lJIu_2_NzSMOfh0)spJ(z;t(@>f?0`6B$)N4KR|BSrr?
z>7QzqzOPPizeIACuLuii$)Npd@m1yKyyY<GgY({kKK{*Y<d`DVu9qv!eUSyT<k5V$
zJmgQi=UL7HmoM_zlw{g!opzi~E01*AM|IkoWZDaLT8~aEk969bblT!%TDel4HmJKy
zo9~uKI&GCoyC6%YO$3h3uxI1^i;n<-j>vi6f*oX|6Y`Kh-H9As*;*ArhgB_+1<QCR
ztvuvUr(MelS9N3oM;=&&<0kGtYORj^VZOYVe`(YY;2n-2HeOo8rag!B+CJ9^&%<8Y
zk6S+cK}lg7)pdE(<;d&}Z4XZRDH-Yi)>irvEz_GB>7Q;Z{i!X}7i6S=vaR%c9%#`X
zn^*0x-3Z$%{YgpP>Xbv_q}QxK4`pw>Ogd;kE#<tFW>%Gd<_w=&iCf{?#9i0J@z)&x
zUf<rH`gsbG^F}=$)&dy@yDv2}Bn)a+tMd@xTOc1f;^-@#iWFgWITfqoMBx3Tlsnm(
zAUEn}G`B`-T0l*LkeC(nkUu>u7I9_<Lpb5!`sT=&?@-^yTXcPQ)N(>yo33dj<;l6V
z)XUAcI2j(KVn!pYe>Yey_S|GBNM|@ze@4L3mJ8^TjC0r~nXh{>BX#V_|HfQZBZT`3
z26R1N@Xw#&#5p5xtc3Qa`B7MG%$PA5=YVnqX9l=`{EIAz7H%rV;e6$Po4<d|$McgO
z@EH&z+?@txPEQYlg<VFN^#R8(5~1j%eEW}45i1QThJ7r_5cv4G-MCo%l9c!m1)(mG
zaZJJla*j#lT3{TGsB_ir_Tf`x<a%=mgb~7K`%HmH<anR;k=P-GV?U$b%;r?eIBc=U
z-A68!CNN%dt4gK5%+;sr3lw^he6XNc51dWgXOJ`gV!Ft&vs$+2j>#fyP&pomzoPUb
z=&>B+UesAN4R8cMN{+GPH8u`XYqswLNYWVbRS#IcUb=Nex~@*Tb+dk<`!|E91B0jR
zFIcm1x%S^EUnb+redO6}Hw{tyr1qC8jtGpom*hLn2k_O1;XTd=qLaFaB|R{EyjmoG
z!x8LprYct9OYLb29b@@_hug2L?)M(-%z5v>%$c)mau+i?7(?*}^bLZi#9-jEeC2y5
z9^<zf%#M4N3H%tsV!yq|$MGu~1wS=8SjNe#)kBt;TpEos1T)0r4()SI=ECM?OzHRf
z%W>HO$g*OrMm(AARo+L<j{B7N(Q8zJoad4(I6fYzlq&Y@@v0hvkF`2R#3KNHXK*~K
zto8>dtK#++RaN{9DZZC-Gpvh0CRu#^NGVoV<BsR)7aZ!DR<}lFzc2pxl!Ax0-fwq-
z8oxAtK&68#HCFj7Tn>DJ?+)a!gTH~1xZm2Robc>TI^juZCp>Rq+&x5`@En^q5to=i
z%0hg+FO<-ZbB5v9=C!0h=?kL0r-<X6YTOoDui5Wjq&eBMkNX-<wv|{y=IZ(FK=jtW
zYHJ5u3e)bO2_{khDsSPg$;H*t@rml5+{oQ7=_kChs&uzFd<re*N|(#M&Wf$JUac;F
zO`H=f^XsW+gvTLc=UonlnSO7i%Lu%P@1=Y%OUnqK%aW<alS4I1HR5>bu5u!(N<T<r
z6uGors~F4>N8<Rcz?Zl<>q*!2N13HgP5$z&M*U@+B>T&k2gew5D_Ee7j3@c#xB@w{
zjQ!=SgFe%7*rOw-76xzg%yr>HI8a);I$b&RgfX}B$S&S<bMk{Mk3}xrHU>Y6cTOiM
z-R<4I*k#<`;3?VRHRdk%zDN(UDvhd*bLiiBw8RtMZPfQA5Nm?Ak#>6b?2&eck*y?R
ze<4yTKHZN+nYCKn6@egM^@~c8{n(Fiq$7T~d{#`n>7b0^G45X)kI>rq-9G%F;PgOw
ztZJqhRDu$v+tO{*{(Bwx8R1Hjh=@|o?R)OS6}wSiN)-NlgO?r>Qs*B8smmNlom#s3
z8^OmTPPP<$JjUE5F9~>zDqEman}p5?0mKtH`DqP^YU>pZh+kgl0HWI3lnIF62_PPI
zJS>BRGUgfHDkw2Fgdd0ZkcaRe!@=$^Fg-biIN%C&Ht`Z=;)jZ(n_Y<B@wfcN&D~?C
z&`=XeSp3+3h5YKn8olZV9Q`$`{@*};^>)E`m0x|mf6F}1>stD^d|6KLzMFr`SyC9@
zh20EwR;&@^d9XinU!)JpC&>#SB%HbtM!)1sW}T{XrKWj9jX5}*2`(05?c~hm20i7A
zaFo~DLHSmpN1%@3<@(VIU-WX`BEwjT|HZy!I;#5zkYJr+md7Uc1WP*3V*+^!W8ydl
zuQqYFV5L2u;onB-Q*~SBkDRYKPbgCeYOXK<D;1jf%>$isei$!E@xMZ8I*DsZjAo*8
z%Tr*UgifDX{&HY_yfh6W^u@~K6OWgzJL$w`rdnrf9XB&;B+HYk8KM4bvjX^}hYFU{
zQ;x@AmG&#DMHpX@?Fd@)I>_B;y()xS4lZ#E93M5Dmz``{{nyew)B69df6FWUN__Qy
z+P~#|JO<ml2PKib!taoN%+^oj03R-kWwzc9vx=RwZ|)cTl$|iNxKLkjr}WV9w=G`8
z6{-+!<AORAQ<;BBLB!X&@4o+9N7SHQaUXRz)j_f4@s#tFtBM_oSX%zY%^SjI;Lt38
zVHvHnyVSFOti?X7J^rrT-lbfWBkm@}OWB|+@%;?>Dx6?3fkMR+W-yDA+QpJUcTtvt
z^59u09y|-;o!|s<OPOR`;vPAxrKi5;oFc((nw(S4ro|7s@Iv#>13tJmXl}0)Y_Y3o
zoAl?=Q&W;Xy{V?@?Kb%FJ7jJDZ{o+fsi*}5?9u$VOb#QzA|KE5&{)u!@Ov$ENre|L
z6t)<TK#agQ;>GV8C+IN6i|?Y2G%r3QeibN`{X(3D+VE~7zxh$M^`Xd%e32WFv}{Yu
zi&9#V-0hI56?p<xw32^`L_zrLD|1zKZSmJK!hL5*)k-?`jdd{pdbOSd<+{1Sh4#~;
zjR7xxHKobyxbtLrHrtc?Czs<ZX?_~l?|@eOuNx~9tR?pxQv1O7+;cu2<Js4a)IRV2
zySV2i=Q<;nUeB6;M#Kj5eDybGo;NAxd1I1!{$R?HyL`qE{-Ky>MLPtKiT7y9L96IA
z8-0y0^rdE_{YCK6uVnDiwaNkQ!&RD=-r4DEXz4aM=yhv^2ZDt0N5;TFZ)`20k*I$i
z1Kq7UdOdyU`B|F#4W3g~nuxs#GVocS`N}_?3^BCB-*Kb%==U?V2zCh5{Ao+38E5^7
zZop2}+#ISnzQ?7E(Bc*xAM!WOAvC`nO!0b~;PrxIMgQLGFRv&F_N#_)1;uG?f6&Du
zWE1vJD-TDwutPxyo&W681_VU+H^hxJ`3ApN+MxNl#*#+ZxmO)_E+&p|!{LTtok$>B
z3I~uFq)W(XAFP_g&u<a|(=rDLf!h>i3IO1dgU^`dJA?gHtNR|*YQMF_{&U6QK+-;_
z)g2vqe`$kv_fq&z+ROI1(ko7#g+1R%i;eJ&FrHzgU1*UfV&Y#{v*%KEpgvY25e$ZR
z&!??8%kl8dv9tL}-ValwH*;;MVBW4aawET;(M61fD)MF5kUd3j;2HaN%F{LyjV<=D
z@`Lu~JtD`Q_qn21QhPKMi`*@u4i&zRF!|yqg6X%|AsQu=$h#+K9KGg;YQ?A5`}g~I
zOWF0J+Hbml7jp>uo%Zi5sN%cr-@&?Xzklz%LhsVIaFr^}W&hqjO=6nt|DZJ4zZZ7b
zb7Nkgui3x<z~uRU|NdVj{mwo6-)H}Rdw|}*OWS?>{rmQ}zu&(Pv48)r|G(q@{ZYUF
zef#%};CI}=?=Ah;@8A7?toQFG8YTPp@yH;B$2#&%wc;Il0{7Fop={({1T9sFPAv0B
zA1_*)rE}+Agv>U2)V)`J%E9oK(%ts`SIMC>77K8;C1Oq43kpRUByh)?M+rU6Xy1)z
zeFmPFlir-0(&=lQ^q!XK59zF3Sx<-%=FXp_3z^^)Qrof+Dm~)opQ=i0?RzIA)8C_R
zeN$P&MeJ5tEpu`5QK&>cA}l#}cs9p29GWOeh){+YRv;LOyXEW_GYX`lFRDW9kC9nw
zDBM#d>NZXVvk$6(W*vREH0#A8`DlMOKAmxuq!tK<iy9;-9)L1{_+rrxV$G<&Hqf5>
zBgq*q5>+CfT<(`2Rtb<jU@0BR9e$D4%t8#bTNmgG-bQFPg}97*IBqdSa1%t!B#RGq
zJb0VUgAcU?v6I!t3P$}r9V{faQG#JLBV34oBQF-&#MswOqH&Sj-sx(&7*FO>(mX>_
zN*8S}DN_vz%bgDLNx){GBA-;N!q=*JglBdaoxY9)&S8(FpC##cPgLn?Y<ReneuBM8
zM|z0#IgvH?D>{-6gwJ;(OYC_P>2!rdEaGEO&LXlRwn6F({y5pv;LQ%W?j@ecI{9qW
zV@H|<*K!@C-um}-klO0^OE6W(aR5Zgzq$&v9DtPQX3Qp~s2Cwqm-_YV%oJ=o=^k(s
z!n8Q2*G&$bFuwtQ0;kwb84Xhxdc--3lA`LQWFvf$O6q{_1xc;OIXsy7WRbO`JI5(<
zg8hI_M3=&+XC#vM?oOf_`zD>JkjNu563KfzCsB#**NqcALi|2ho@C>ksLe!4U)5yl
zL23ch%||B1gpU5;k_%J%hPwv?3Xzf)*xM(l<d?-x8JSGqf*;{<0+$Rw^hGX4hP%Zs
z=`B@Vhpx{yt?MI_TYZF*dHaw={p)!60)O;&4#D>*7GAsKuT}o-edQld>ROHJhn$Y<
z4})W()+Yj0eYz3oMp&I}s0(XS=}w640G^fdO|IAG#*^eHBP^nUq^bW3!rbl0{~Lto
zpETYKElI?S((E+nDLrj`=xbAc&G@4)sEVj?`^uLFHz?=&A1deiaDWs&6^4Jac<cA}
zQKtjT<Kxuf&nhjC#3BDBjs!tD>6b!&pbCkJ*t35|0a?0$*W;(ATO{`fyrA?sv}O3?
z&cV*A_!Dh;xR;&GSDfNDzQg(KkS|?KxhCh})|h@cBVdGf(pBYgx4z-4?*!Q8HAW9A
zw5!h6H0h&zcO{JCRlAJKUq?vQdy)AZ1<7BXS=uNu{|4u?<zE1i?{xp**ZaG_;d+5<
zroa2sZXo76*>CTZvc9)3_`hvm@Xs^9w=dvy1Qd=d70!2*bDasGU{nUT+6&J3ceXDW
z;OFRdYOf6J{Yu9DIh-GWPyW%;8BdhsSbJQNut`aGJpVnOcrL~h&*$;eV*g+){MP5<
zDy0Xq>ZGd_4oS5qp13>dCq)U|VH?ay4$710N@B>6+L@y&EN5}*l0m&aAMZ=5O2l5}
zyVkeY!uVPd#>-teg{}SLlqFrKhzHdC;5nvTud`f{I4`M69G^TgUGD9zrpuGD-}5Eu
zXhpIGmM=7kvR953f~twDYjU`0JKtZ#k!JoyFm}kHjV>n78uTcX?RbT!EeAOl!M(`o
zOhf#q`h3zM1!gDP-`PA#MA@pX5!Kdpa#VR#@-zWC_Evk#X{wz~xD9$z5zeB5r;mh^
z<?k{^Hnibo=LloOYB?}^gMB%FXkqZ^__Y#4i`bJ#uGX=EOOp2<R*T&_CuWDIE<XGK
zFtpM^&Aj;VC~1zm_)xjCG3s9w7<2LACz9{09rpC3S8~J8Ejzx3Mrd{JBwYK+d&I2!
z-_h5pX)O_ozVa%WS=;SLxI9gWw)=bNW$)1UA6B(R-y15^279nyGGSeG;L0SOpH#{F
zDtg~j_&vS<ZRmZjSNtk^|H5LmD!+!_mqHFf@8|0R{=d@umv+n8G1B@lyTy_tbZ0@9
z5f&sZxA%#;$$3eG3a;{VtUP4Nw$Lg$r*wIYLk%#lOf&nTp9+qDUyfuJ`6DNx!CGv0
z#jT?<G(jB}Lz5s$;%i!~1CrktIVY_SNHC=hsKWVFqLZ}J1zaX)dIc)~F$byt#pyzU
z&e`74sZm$2chH7Cv7bnpgV6Ei{`lrWZk=){XNAKGypchLUUk3WAPx}+1Cix{YF}t+
zzArkAorxP<Ba_``^b!<U-xS|mtK=TM9dZvI*Y0saAJ^{To6Fp@8-@LNd-y!=4fREi
z!4u&kFflTx_F9Mja<AzAIQp^Pi}Co#t@h~w*`>Oz2V}rO10tJU%K;g~fc%PB_*2Hi
zO$Yr}T-e7Zf8;cd-mzx+AaG=cITW%ZfnXOkL@%o$T3yQ!HTWW#SJ$6Wh44cRy5_{+
z)r0pxFka;}?0;^&Qfl`yS`NK6T*SZGv<h`HbW2AH(5DYnqDZgNYY=8ee^&BF5V(k8
zN9G7R-fm~1-X(+$mN1OpBPxj>3N8PocErT<mAwu{t<9Bmfl2Vv0g4tG>l-R6c$GNg
zE0&StO1`5Pvbkod19rc)(`T(stP1UQ2VM&8Z6EBPEML3Eu{JC~Y?QFikd{ycbDs<R
zsG6p)_gkOXCsUHOB%b>c^<*K>K_p54l)m05-Er0XB)xgjaHvh^0NVrzG<p(!kmvEL
zrAAnYDWA2)AHA~3{Sswix0meSURoh=kQvK!hJuIFL}*2OhAv7@;@7F9!70iKq4ay9
z8R=XE3D<9EfpPz$XrEt7(MecjfFXDhbYzjQ-=KovJ&0SEoX38NL&s>}2Y)7F<)dzJ
z%Oh_iw+GVd(gyqe6Y&p1`{O+A-TWj$5n5d1h-ODMh4yy9e2P?8(XRM=z(l6PGeYDb
zIYVSN%_9IFB6tG>1};KH3_XVyn$|mZqX_ek!Bh#Ft;L5jNf62HnQG&%sA}WRcT^ku
zEJ?QUe5Z|rrHw!0N6T*%{*VDdt;A=&rkH?T&anJbwQYkP2B!55ciiqrL&hENp3*0l
z&OGD{U9C=YDRFY$_D|Gn@Jdm!)>Ew$4fR`_m}=G5PH*BZ)K&(iM&_lq(&;JrJKz@h
zW&F5wisM?91Xff~Rt7Ga6E1z;GM}Dcf~c+p{X$JEQM1TDUz#K`wn>ccvr0TpJn+V_
z2=yBKU7$W+CJA#|ib#sto%sydOp}QgAPL>UWs+zl;+?grv_U<bbje3DeWgy1TosR)
z8ObqvQka$7P!A}eB{pVu=M@xJ-n0Kh4R}t`rA@EI-X)wYoTq$Wz*0@vccl|$d`Hbz
zeUANJ=Tr1xH1~Fn^-K$cx!kFjFw@!Du=vV<UZ$S?#}f|Mha{o-yc%6X%k*Qde%SgU
z1UUoGQPp!DVRjlWOX52*-+0r~qTvqMJz9<PCvHZKXL*1P5!<#6*2jq&HqZ9t@s4hZ
zEmHUrC?k^1D8;)#719v6JXr`UKT%VN_EKnnLZ%f(Z>ID_jY*hj)wo2>I5WigSXKZB
zUQ)TjYt(PHQyM>qC8OAo6BiaD@|D5Kz+)FHbCit!6sP-x56onLN<NXjx{V%PJiO);
zqf1Uvx+`rJ@QE;liJCGshuoKC0L6@SNYr}L1IqaAlDHbPbh#Ot>du;f9l$lJ8Xfr8
zsE;-C1H>|2m>-h3wsd*8LB)|$qEmnRd$BRMK}VAuvSmVIqmx2^ADQ|t`l4zZ8*l+9
zQg&Vs=24{kU#giz{klKRV^YR#+d}U}4ue|Y;A~R9D3^K@Z=z5Qf7(4n+KHRY=zwf>
zvL&9NN5@un7aW!Om*ziMNmB$#MF%V!PHnhwW8d`S_AMqek$s_lF#&NamT%;<>lwXR
zY0&|{C$T-2a*bl%Bi#?9UVr5D&ho(4;U<5i?+$;Ltm<B$K?0eLU*!6&ZD!;Cb{9nZ
zKSg<2_66h>sgTv|x3I0-YFpjtb2RrZ3P$)I5c5*IFNyrtfIm=@+4z30-vxH>K3lzg
z$lHF?I{jC?NgMpuN!&n3t}$3U0t&196iF8yu<u8-^c5*Qw0KI2jL4V^0+$x>Kz{RT
z3dJck&C19rX7t9K`GOI|9)vT7#YR}%EkMy3;ZX!cLs@py9~0&hd$Sj3G~n;8_Rsq|
zaJ-Q(J{M-cOK^!z87SsegDeS=Qr&z1UKKl_OKGaHjMVqgCZomI_j^!C^PpmZp||e#
zQrHF&`ipaCkS}Mx;@r+%y1b=991avd)n?gdXy5t9bipzd-@{rT+I**&46J$2<UD50
zcC&nsQ7?Rm+3^i7y6*tZ?Fzp;r2*-Rl<xMsKJ(73I<|izFu2Gt<}Q<SWo9A76V8*R
z^%b-aI0TASa_Pdc2c<bd(nS2?0oz-wK%qSHVIC7d9b57oUvzwD6)nK6|2;bg^WyZ=
zKTTja8_g|~z{zqAqPyBUue#Tl)z(-DsT)}cXsi3Ip#`RE8H81#TJ^;lBhKbt`9tP}
zB0%)H_EA%|s?Gg29`O@Ma8fG4XZ33LAE6VRmq_mZ-s1$vZ?Jtl?Th%4`J?gwfM^YK
ztws_=a(DWqs=QC+QNC<aA5dZZDC2}Mz@_`4MTOkljH%GFN!`uzg1{$c`Kmxn&eQWv
zWL6jOKRf=m@H5s?PfHQe0VNcESu9)Cn2Bqo{?_lIr8`0gwiypLI3I?GmS%?zbeVi7
z0IWG5?S?U(pD|sHiB0TJX8cNiC&Wjaq3w0?k%SB5KjL>}+|O@*d=S62aSy*!;^&&v
zn&l`vUdn56{4{<G7>rPJ3D65QkBc8mf*F#4-MhIg-icoiF5pAWg7GfHi*;^epX3nS
z7gi8{=M>Sl$eUp&A-thLLwE~M`xAbEZ$|sqp7%e~e(M<3epjmfYeK61H(V-@yk%RG
z?LWb3|EbdcvsC*_lLH}x#ourMG5_o&AZF@<mUUDG9k*_mLkz!pj0VJdo_35Mo!QAh
zC6)gIoqx}fD*rqGOy+;U$^V$-|6^u;*?&v7)h!ftjI7{=>cF{!AEsJSHL{UM?vuk>
zGdd*S9}T%kreya^?O#BSdab3Qy{_Of&fYI&KoQivpi664X?<qdEr}4Proi!rsEG_J
z;XhK@LCo^@X7eBq1!OTdrtjrxT7x`B{&Yno<=?A_r2GdJk(B=%O(cyb`z2%_D%te}
zXM*L&&g_$-;bu;kCZ|_Ll73af`IXQ>KI>B^WU9CL|5KO@5#Q@ai@YfC1C5~&JQTvG
zJavT9Ac6-3$1Nm<dD`WIY<fK7ilZ{l)}j!NBTY!|C-7&}K3WBdiq1P*Y({;uQyj(z
z@T!;xo4uNZwKgrSM<F*ZuqlTfp5+lmPJ;m+0PXu7T^wZ}rJKt7d$Fhv&}HGwo(+78
z8mjfB%k4Lcva&?cdk(-L|Hnf>Pd%mek=!4N=rWQwoJTx&mV=9o(6y4Xe58BwHh%MO
z#y`n8_NW2RO3vv=kyDfqw0ogDkiaCV1-37H{$3EZ5DaHg2G;D)m(W3sa-d}&?aF44
z95`)jhGr53WuU0WY<H13c!lEd^8*OB`?OPZ?}%$%b{~<uh8E|C8v=bqn~8bJWe$=j
zUq+y~WkzeQ%9Mb?mrP!3v20B+0*Sy$>9cyp|8jrFS{fz$rrLfHxy7r(9|UeuL=IHv
z-7*1%4Jq?k%2APoYYDF+9z~{Sc<?3@6Q4C3dB~r)`EHq`{9$xoiHzR5Tb2>Q0<U%V
zM+8Z{SHANX?+Rppd;yR>ou+t~-Yx6L1%o70CdKTkHLuX$iIWX;%u-Oz&p2I#<7s5l
z=6=-kvqV!S{W9$%lO^iMj?H4C!!YbOqhY0|Vn(&P7uPPZvDj{e^WKFwLeZ*G>zzY?
ztw;2nLo6aX9m!E-zhe~NI)ZAO!$oz{c>c`D{Y4r|TFJ|7cfT`Jbv=IStCMt4J51-~
zzz%0zFGoD#j4R$T?$^3vk!OnpG*XNJ(SMpFzHyqJDvmLoQf=8%PFJTKHPm_$$Y?W7
zPO$e%bLmi>l&Sqx*$lA}9teCGLFr(qAv?6Ui!uFHq5$lYGTB;kra?i-5zCasMh;cV
z;z52V#K-en8^4BMGd_mj{P-w-YvLn((YvLNIEo`L78Oz|YZGY>>+gwUWRfh7pHISq
z_!;~b#<?(e(75=C{JP`a_$`hf&2LE@+2$Y*SAawZjf_JA4VvN~^LSA=DXm?hI+R0>
zqHu)BjUq_5ESX;s1V{u52oy?yq=SkjfW73P5(#kfHOM1@G6JRqJOp5HD~n75BPCEn
zpjHAS35=6KErAIV7)OA?;|ds#rtW@-eu~E5ES~Z{!+Edc>5Hn@G!pxBQ5nrIeYdJ~
zTf9%p^(XezLiR&;#_SWA?mo_2LQO7+V+e;YdK%%^C{c_z0=6+XT=X7qD0c*!`Did)
z3dk8nh<rtTnM%NV8;m{h97QF}G+nPl<ybjI@!zQK#2=DJP5kHbaK~rLV`Mxe4^QkC
zMc)I?82*Uagz0tcDkqd569*d-R}#C>2^Ggg8BO8}V*{K}Z49M!6;~GHkXVJx*a?JY
zhKn{zKO*<2MK;4_Mi^78y<iF`SkZ%2D1)&j058wj5-1d6Rs!%Pj4go@0$c+$woG2Y
zPmC`C4*_th46DWX5`d*-d<l#sP%D920^=kwj=%&7Od!B&`b!-xGm7=%Hj1_4sVHpD
zmiR70lV*99BqiS7yHJD%92kSD1lP1Au{Zr7N!I-BR-s3Zs;*IF$(;2(l#DNNxGc;K
zb_WBp<OqJ)j-E{Ax?Sg5-0ibOd|8s<fxcd)Oq&lx%5nD*O5_;RpQmMJwEM$-WuW`N
zV7fLW*sgp)F~=p8+AVGrvM!7D?8<8Qx|1ti=gOO`a;cS`*a$UV7Qe>HVedeT&x~YI
zL}<|jp@bLJ3MIVA6iRqefl$JWN}z;8i)!M1%+S_4*pkqq;y4#CEn;EwJ0;$Y-~9N|
z{JMn_UQ{TQ@FGPCFJeTp6(u>ZR}xazEecZec0svC^R}Opgwz{(8dB?c+P1tza;K$o
z4cEDTbvyuw=9%kYVUhsL;Af|OG?MkD*jVp8oV`GKylKdSd&4Y$(+I5~TrK9;E5zME
zp&!L)c*uK-9wL)?y@__ezYpaTou6L9vy8ci<3GeDGanJxzB7&KS$UK>rfbCSdMEK7
zeBT9-4GwQep<9JFJT)I=7VTb1dC3~Y%L|+2(%6$^Usy(+cBynzT6wx^WwRN%T(<po
zK1+PYLFl;^VPQu8tlB7)$I#9qONjZce)LckNj2-v{wxu@h+<)eSNqDB7~v`k)co&p
zgp9ex*2jwd-D9pnQu&3sCT`-UtbYIDB<uLOu)mN+E>C!y@V}~~pZ7FE-6_&*b&2ik
ztczCq4yybQC8Of6pC@$4@*h1^`80I5W51`$ds&rIX6+Asc;}iAr7dR1kEL0jaAL~3
zj3zxwQ=C&JbIr!m<(}Qm9;33c<5I8j^u*pY)@$9A6Ejl{_8?&a9(_~o?etac-A0EG
z1&=~wdOuxkhP9)d2TJ*e=~AWP*7nerJAv|;gxL|>f9b-uDesug&7j2u;FmTp@t8){
zYi7rls%O421ACjs(@V|9_j0^-w{<DX3bIdj?m}kK@u=(q15nx3T<UUpn|Wd8Fa;{R
z6vuvYm>!q(Y)!VON;;y(=Qu)#9H0FH&9=thYh9Qh%cgi^?jXDlJUy`3=UR%7fo!$7
zVm5MlV_u6d$T3+1v6X!BMg|rePY-hGEV=r_-}z9woVB6g^@LQc+IK4<V{U;Xp3(Dj
zzqtmQ{4=9|6d!#Zu{YK86Y)%=f|#B@TE3vlyEs+e4^(-@Y82E=e;>)bxn`?b{<%?~
zC&@alPnMUS@4nDp=KFbc*cpr+u@BrC>*+JT==QEqKsm&EdP<VD1y3`?db;aj<lM0?
z3J~I2DWm<rOqGA_SCwD=mF0(Cr~H<aD2GYZ&|(s0=}E*K%8K<AxjQK1;Q5oAYR@||
z)Q7?!FY)ov{SA%ycJ1*l^&abr-J{^nM9IVtL8(a1mkYkCJ*V?AW4@%vw>7>wIaS{0
zv{CvetM;JzvQ9d1==pMrd=4F8=J*Nu8aL)t)ZOM{`5rSQngfB?P*lP4brlX|{pOfU
zvs@L;yg^1}4Y2~QV)|R)iYa{?M0_CrQS1iX|8{~D8=a()zaNism$sMfkQG*?h>1=e
z5EVzeZ#liy<`TOQ7E-OT^nhY7uJE5~smMb+5jx~}ZUgq;2!0=uP>;v+gboS6M<v;z
z;dg-cR#`5EvVRFDD|1n|w?0+=kDc<{+`k5>^4r+IVpG79-exFdI%Ii8O3Z?*Q?CM#
zlT+n?P8$vhk9ES6w_4A!FBrhq<-H*Z)%^U^SCtoSqr8mGZJ==T-)s}eQ5|Cwkd~x}
zJB9yK?K$qN+OuCOY~8=(+vwkCO3onjX9b}{!t1Fv%1ic-{quHMSlZjh{`s;l^}l8R
zlu4oY&z?ZBZTR(5?J2SL=)GLgBWjxA>koRQ#b&+~0%RXR6uOD6@<&i17v@x1H+5AG
z$=WXe3B}9{JZ~j*NO+EtWUa<01D>X8Kd3T20i5+-l`8)@r~FL(w%%Oxu~~iq`i}y9
z9oM$8A3~D&ji(!0&c;LTCPI=_E0Sa-!IoWC_~-9bq}RtxLWk_{4U+5-{RPY3$jofn
zqC*l%^jZ&c%f=+v$H}Sod`_8%Y|lEWuyuP}98_Ecsq;P)sTH<W{ul+nERl=~AN=a8
z%D<hDZQ@(#5!TBC8klXYm#b3cpX-#LIld`+r@JI;6aQ+GbBDQS{WsmVWZ9@~E4G!8
zwIcN1`E{Eb>h^hz@EjuQ_QA*eSq18h`pao~-RE@SI@JZ4qAlp1Cy3VYxs{N>KePR*
z`8kS@|BCr3ZCCR%UTVx;l%!|lMaJCKb;9VZB|&;(1v;~9cQuiWLT%5gF5hf~?v(^`
z+~_a=*tjdU6MMwlR8;P|<Ak$CK0IJY7Hm8szT6e5sAuMVnpoha@|ahremeDO+R9yt
z1(oti`Js&D-k<tpZ6nuU`E;1hbxZ2gXfCi;re#z!CKdZmw`4W%kc&@d>Qk?}<fn!D
z)9I;CJy!C`C)GTzKOLbym7%h9Q9jkEv(ZTIm&YbMc<x#<RFO7*Gj)8Bil5Mj_~8;i
zn)p{z@k7ohevrhYT#@^1Dt^~&;?bhXLYffCeIyls>HC1>Jc&P=_;4!zs8@;i5dS>j
z$g(dxkO#Z&2xWxfZz+`Vt9;Un4NoE_=t5EDsi^%kKTVJq4*jbAd0Fun_}EQ-goW?>
z@i--#sCiW$c^C0e=cHd0BxM(`>I7%%1V_J@lwBN4St8}>$<yvFFX(@zay_VXJ^!AP
zc+5UNLv|rDA33iXZY>LKG(vkj8`B@9k6wJ>;s-gJx41|IK91<d7jacbZ*s?$0tBD2
zP+qcQV!h^7A97+(5eD5gR9h?48^SDq`6os=A;~xemqTuALz+QVtQBk({OKaipT1YR
ze0P(urz^~k%i^QF27(kSiVydVkw8xT0;h`PdRFB(QNFC_$w6HI_NcNpc&S5V7)fyh
zE?0w>nwpi9MpRMh62JAsO6&E;SWakDhtR%UWBP0<CVG@hb-S|`X!>2ts=}*pX(w_j
zrNgS^I{QiKcQweDSo{Oveep5LQ9AW%HH_BFY8azDVjoMnk=)W$nsz$PDVx-objDM2
zY=usfmrAo?tSZN=%PHPSnm_0?v7?i9y`a-{+NR36s$o|mc9%}GB$ehtoo4e#D$O$+
z82_Kpn8#BIZq^Bw=mhP4L;?>9La787>jaPM1ZN!UOw6CA67<mtLOMa6TclW`Vp#XN
zo|rRu+V}Cpd}|>u6Gc3qwM-oCM@Mv(-7F!Da`<;C`Zz$ynA^cxf@B5(l(_~Ksa;Bb
z6gTQe@X^<itLKG3Z+3+nrZoCo$f`Nh^OYxzyM@44$8;j(SA<J-bo2yYbo4l1^u}6|
z|4ZaZ0!m0<LqLh`O#&YI<RMUITF8z$H;{-j0)-MNAy6y<Ib=ZmDZ*n8DkM-qpg;oo
z)zLrHF&s$c{n6Yej*sLJY@8g@)W(lDBRQz^uy6+=*IR@-&1===`;5?F+FTXhX4Eet
z;ExV-RT^`T@kR&Mp~2)ElT*j6OKg-i;P4ap#Wun}AT8^w+!tzeSqBic0j4p#&5k<+
zG$O-#+iYH{7uaSkv|@#=^wur<g}3f=4rQJbKy_S35i3AM(@vIU-~VT(3+GUqMAXZ*
z^6gwo7C*}uTC~b<{m8B4@z66A@(hJ=R1naOSOnsDO_k7x)18$VC?__H_&Yy#xJaNP
zgW*h@JI3}2i5MBU7cH=U*~Wv7vDFe0TC_LziKwAOvVl$P6QPq*i5_T-J=G%DFB)Ty
z5FyY=?e7X6KZSnQ`+FZkbgNX6(sDwFcn>ux5kP)n)E_PBFr@}c0y?3t7bXWJc8XJ1
z>{6#er31lNH1I-sk6y4>T4qMh71a@lG*scSq?bGon|l(mp@ei_b7Of<NxHB1H^w&8
zubIPKb&ZL-eI1PH6QmjRIMkeN%w5h1Jb03fKxal^XJV5vmra@yR5zgq81Hj={r2O{
z2*;v$t2T`VgI%#k+1%Ui#iIgt)r$uSQEwuR&{h4}(ji4({(}Ux#D$)M=r?_q0bc~X
zbETk;+mrBRfi|dKoRP%dV|9P7)ur@O^H*5ymh*R8>-nn$m@5HSD8cOgLe+wXRNkE@
z3f%fUr{>)zk!N!R!)i-lkG|8_u6^uhU*eD4dfV5oT`WY9GcmJWRaR`Wgi&fTWtv~>
zyyVNvDCeb2UTT~dj?!JR3VGoGjH1e%_+p7a&3SRlOAqG-bxl{Si}S*%x+|9Byp+hx
zo-cI$9(md7yo{8Wb-c{%WUjeZPrWzQH(49;(~Y@mDP_n00uf^FIWG1bAB}ko?ZXnm
zd_uNwJuW%+tTnCd*uw-{f}i!P#`7#8)YW+A5R#dtu*gB<xmgO%TrY_!3zNq^K`A4e
zcaNaCG0xK8*m4MV_#*9NhtUeZwbmDD7t4~iff`1}c8LQzLdCI|ge+V9kj6GTv1V+I
z6Do);cS7#iLMK!h`@0h=i9P9r%3{BDLY~-zPN*gpl@P9>sk&Z8W}Cg7HGR9hk5K^4
zjfs{a@Qc+FnS`?0xUrqUF_M!V8=$}MGR6<wvCFuVBCLTsV&_T`dya^mrHW2sw)+}m
za?~zq_l`9tGz?W4VtFc2w%OCEfB!x*3qCQPM#$|%+C<9W->L`yZAlYqZf8d2`?*<x
z4$xs8O&1FA`#?gm=TsTlW=ALcADwrX^ZqdJhZuk9kRE?RUorkdT(la0)5Ua5F0@!*
zRcEsEzeHXRo)o0nO+FY46@(Eb>P?S^$J+5hI{8zb?o-iik#zoOXF<yCV($@yVG;Js
zoPw>0tx3J&#AHQmF|WqFEbdNWO=Qb{nk}V1MYKPXEq9enTP$QoODg>jc}Ws#$|yx<
z{rW9M9!(R@!y(1)N~O6-r<vQRNV?~FBuTN+sWc@z%`bGCTiztiT>`C0?zyQnopl=T
zovNIBNvcS(V^ay@m#fAU>I7SU<B(!|J11MaLMKSvp-T9m6D;2eRPk0S!5?*k9S2l`
z#~OGjQtY!GniSj5({}GvJi>2NxhCmcb9Awtp-$UA-(1W3_lmNM_5!sZovq$@Yd}k4
zgxeb#mS1J<@VQorQq=^ZnnceCI%>T=nf(Iiou`tnfQys@r%5I<6v{o*9!W;}_4Y<6
z2=tHg@RMB#?6Nek5jhj?_R&*N-dQD`h~&Bo1sr+VJVfD9>voP1E8$$Tyf`TORPM=J
zlvWjcfYPcOE!j&YJE>65NH_VQ#^UVLZe~ZZ8tZntI8u%d=qZ^$-JX~AS6696csZ0^
zVc^U*%Me0OcNvj`J&jV(2@9VA)G9fiLci~ErH@d$&C%ErM_KWY^Dy2IDvhlI>9uHI
zO)*i?sgoBJuqODeD~sHC(`IdgVgZ)aQh@H6qrhcP-Xv~D1LsIqGeg<yG;FmFo!MGz
zpGQXYLD0ZqToQp}u%|<xr<lG9sR|XlK};m$oMaf`s}$CwM4$EOd|D#<TeV0j>Kmk4
zC@_esiqEQF#e+9V!rNMTG}mwBA%EWHdRvE3+qzyfDW2NFJE-6ETJ;|htd5*hZT)>O
zA?zN|(pBmCUf2i!K>sA#r))UuUni)XiZMcW7BNBt0i-{2a=g3JkN=2Ab@@jVZ)d`+
zBCH5<U#}(A)<?d^FLSF=l4?w(mE=z*vm_})O<n+qmi1P<mIGO(a*g)aMO0yyHwSX<
zPLh-cku>*aO7=B=kn3|T_FE@UP;Xm!L)Cu3wbBBs4|*qPz8S^zz-t_-)J`~U@r4!_
zlH)vSS#-d{lW6}hsLk_t(Q@3z{x@y0EVc}+<tS)m@K2$S$|{X{lMA4JtLk?fVHX+1
z7AkT<zMs1c${UTlK4#3udP4`=O)TdUv;5Gl6I{VF&B$GK01r;WEN`4xXhweV5U*ym
zPd3hQC!y)2v;#r57v}#>n)5Co47z2_DG*Vg*tsz$VStoAI+EuU{mr!#_ym~uW@u5u
zylypekUm|wilu%DHB39N=EK01M!g6P0AQDVZZ66a2et4|H=+u0eHV1uZ$z)Ef6)ce
z&TL4Hw4rm+z`FjphN>64A+CyGcg#U>R_!9pK9W-ee{@wgFR1#%P{~CON-1ostm6~5
zqj*>MWg^g1#uoU`eMQDIBgOuYW#8qS*j=E>rMm8QKZC}Qbd4|W_|P=<J9gIYCRcDk
z=sZ{OhfI?$`F<B3#pT+H^3Nv1&iT8bDA~2tEPrFt(c&GSo}I-OC~y=IRYFa_YrS3A
zh;!gz4Fj_@VbrgHors^c;B@+@BuvbQzYGL#)0P5zTRacjq;zAPJP(jZ{49VqJm`8*
zY(qSEzQPZo#bueZrp0^#zD;r-UZ@5RNrq`uzN0iVz1Ax}*FU+H-UuzD7&vmJpYohA
zjqzjC0GOpxt8}wfx^-Ot77YS?8OHLLgL%HlD3t1g*cC{O94JmEA<m^;yC6uhXY94q
zU%q?dJb(G-N&l%=7l5j@*RV;e>PQuQ*bLD*Py{H(m}?dYu7J7T?&uD`Bj|PDHs$3b
zl|~tGv`A4%3RR@P9||`{h?@!64wr~IOTX)hxC<ADYV->LW3hlyfL>d7ix_*X=C#`T
zQnV8}zY{0ZYW$ES8R6ZMRMAT>6JlC*aQL5A_8lS;^L4~xNcc-7plI+jL*3Obbd>4Z
zOph3N3~6QHfyRLJ@24NpI3U(rWl453!^p!)cdn$9$s$G`${0k_7F1hX;zy?yrk$I#
zl+lXcD)#q^o7PCA4&o|i3R%Y$qF}w6l^)5Fl`aCwQ5Ojjan!>3ik4{Np@@xZQwjR(
z1dr(i^&*#4#KsI;km&|{7Ek-v{5ZHv9xdjhDU*b%2C~o@@49nY=TT-0*D_U$#nKu$
zb}uGEt~W@-$|nu_PAvU_EPY-oXHI144`lZ7GIL<N8I?t7`ZDjp-WYA#C&Xp_AK+S?
z5tJ%$^Z*vdYo#-hwzC~LX?JZ^;5Nd&)x5^2h?@~5OPPR^g$#FM%)PCsD^XqTCxquD
zst}PCLXz|X!BtiE#36n-;n%lSM|+>?2bUX9lTZxyid91u3UZqH9s}1^ni`;bF*WV=
zvG_hI@EaAMRU3o$2cPB~jLGY7hdXXH5&T-&i^j1YQ0>G37CN{R^wqUenX1~oq$lc|
z-}>B%J4(lKji3<g9#Kl6<}&++6{^?4bJd(N@!mf9OhJA!oyvz4-h3izc9Go4*)k{O
zl%eZ+2+vcf${xB!p{J0T9Hwq-%NXs<@kU1yV}RYw0}HZ{2ODCZFtBiJ^S}~;Bv`Uf
zkqDg!<vcGq$FxA^<*x^h0EUPA#E=UE;}aEU>x&E(tz8gIPSMb4?^3>Y=Bp9Djr}iF
zmL(T%<=(d*0{jLd%&5uq=v*|@%&A+RUAM2DQGXTD{%9?Raz#bH=0=#%gs)d4p83`J
zSqPy_8QDC{$(*7fGsO1wYAD?;IAFD$Z|*R{)l#rp|0fb+2kKT*X}uGA?@kk4zqEvD
zjZvS?cVEY?f&tK9QgY{)%xGuEu5(e9HA2qM-%U>*bv{V>hm*^g+q=ZtN|{)Ub;Ogz
zQsib@o9myM(sI$}GAdsuMYJoWb}jN+SM;W(NePQ;uSoTEdnXcd+PhAPRJSUNv^7bQ
z>W^gdcU;}Fy{;VsimDkS&hpmvFS^yJ??9?*SIpOIXX*0H*0aA=%SfD_sxO<6F}K9}
zM1a%0L=CNISG{4}wM8LOty%@6C->M*VHCDWUH<6lFL!~t>F8ZLxWomqBzMo`6h+Nv
z>-L>7`4(etqi;-QJtT~cPH9940=IX@uw&yD>6hc=G+)Z9?6t!?V=&hsAUYQ9NYrfX
z_FH6%ZNTG2p%fnfZ8~2;GN1Y|g9enU2E=Zq@nYg3KK&t5C5O-2hTUbgHQp`0GZeCQ
zXDkHfVMPg86KO_np9Ht<D74ysm_n=L{-)6C^*ofk{m4{;4~MD*gLQ&4mN|I$lLN^T
z7V89CmMNa~RaX-4=D)A;ZUImGBz{<l!$VsPrN?{N<jVOVEoOFJZ$N8~>57<aMdH2r
z2+>i&oiAjBQkI>Ws^@ZDPs8h~rEh)UG~}98f_^%|Z*+oPBa;o8{+@2gy*%w-@x#5{
zk-=qV$j&z{o{=jGO^Z$aH+9k=_8}~Gh~yzoN8k}7lZ(yB_!56)u*V-6X8I!|YW$Ha
zMsiU|tv@n;9QIQaxN&oe8M(R)uOeayZjsv}w?%I2PKu`lYdkCBYN{Pv#*RQy7DZVU
zWl@wxQ5Hp66lF<KeV`uaNrPILkj3KACFwanOY9Hrw}@l<To(ITx6F^q-X)rQ3wqT}
z$@SNi&a3DL<FL#KPgd)9ME3YEZA#J8HAyEX+|e^wS=#56V(JXQFin5Pb!qGJTj!Ve
z{EYI3A5@;GNTZXh3Y5Dfgyu+H%uB5*Cdhulp1a|)L~UVa2bj}?RgRRi6=|o6aj8bO
zOzx5N?sNh0o1wi44C|vNNXGc<Fn91{)7sm_IS{`BPX;5M9Q=qqIxOl-T^J_?PugU!
z-IynaWL<Gy8t7oZ!y8ME_>F|HeGz+faVh2f#{r6Mw#%JoDbHDycD~(A!jURXcj8*q
zC*wUc_st$%L^3f<q=$`mVdMMlu%U39rA_8@*PLD!cW>SBD7!pXr0;MJaHhnUuF(;a
z{>;*~*EC2vPFY!g9VyI==3w#8hI$(>_Nl*dNe6xl!jN|u%MTS}nEQZ!+o0c`(Qj|-
zw-x$rjeh$;zrCv84(PXL{Z?>-Dzj0)ou%Ji&~JYI_ILd@R=+*1-|F<+ANAX>^xN<C
z+q3%ZQT?`3zdfkmZ2k6g{U&l6dK6J_1McBrPp7}JXW(JR&T28b>>pqE-g-XBJV_6j
z_ygMOkGT9$kG=LxYDa2+q|*h_KAf>FRdVp2JD`F5y;h=tbhCUGd10>|e#_;UFlH2{
z=2z^=g3Kj8iy;~|e^+{a$07%Pzh+Oy`UmxU_kp-W4dA8@O|xQ`9h82=YZ>K{{@51j
zPdh06W|Q)hL{@Cb(Jk878lSZ8PwRJu&pJ?s!e<LGqe??l)}Q*m<tXR-V{LzLPJX|m
z?eG7Q{64zv@6(gt&ujbp)yeNY+WtN``Tal(V5HiAYV!N~w!e2seqYe`_bphqDEK^f
z(09RSX1_shZZc{UUmY}GTcua}7vjq%RZw^uxJ{141u5rt-6OmHQAhER({XX@xfFZ1
zlSQKzlu;`bPTJTLQB%IW6$qiFNbJg@^X1Yx(cv#D;fo1DhR_8S7xqagqUPr$A~C!S
zX<Laah~IV+V=9GxM;tFCO3x)EzG}qc7W`|9`5P4<C1&&|ga-9@H4hT=)2yX~hJx{}
zOA4)_CCx+=)fBp;Bs;j3i1dC&eztfn%kDSD9gr>J+ZOkVDlT<`=vU<pcKiBy+~Rfq
zPD+QC@RSK*_-)J9O-+?8^9K@yU3Ych=xVFc*SOE^-Q6Hp`bM&cMmoC%Ld)4e{H_(m
zXU`Wn7?sOXEs*_68AOZ2vl=Al@CV}0N40qvFfiQ#t`YsBGBUm^;}2lB1qPa&CpUiX
z=H_T*cGUp9YnM3UX8DRRc@9<J1KSAym4G)ixIYT@gVg{)sSb6;o*){BY<NF6U0dg5
zdta0`RpPzKsDuW?u;&17TD+nC*%R;ZHGY`mbFG7ag63^1*76PU!zs<cg<G;2ho_p6
zGj^7g-A@&LP@#2q4$TS{Q&he<CYc-W?z6@hR#}rvXrY=9@x#2KJDCxvr%o<W8*`dz
zOwvngJ-{XcmED8$3j)V+!(iY7alzt?-0Zebe_OVCuW^5Kd_Xlf&i6GVeRu9sOXPDN
ziW}d<`pA_db*5>-Zclze@CE4=zOmf#B^mQt&*@Bb$NrNVE?JYZ3dIt%U+xnWj&E|g
z`(nRpSASpmx<D5>1;90o+y3QRX;*MKC!ExvM(TbUsR%2%eas^0IOdc3kxBRMuNz$@
z4}>Pm?cuq)#rdkmzvZqd>aB1Go+7cK6BqMPNI=q`<fJc=D?Jgf(OK*pr8+N5INuwo
z&bL<VS>1Ed?nNDf?meq|E}K&u=$g5r9flo)_^JZAKp3*ybW7{|4RZ(HHv8o@d_t!y
zq-3Ua-<iCDiGD8+tC<%37Is2D4)*S@!e!p$BFY7+U^$xM+bZ^JFoB#c%%F(Dx`+up
z$o~_aUj{RFHTVi($|(fG8eT|!tWJG_PJOmh+pVfLBYc+1p${&MFdlzFj-Zpi@9$L2
z>`E>=OEscms|KVUX>e7x=k<DwEbFzJ$q+g%J{T}&?013NsQ;(vcBuO~J%u_JkVpfU
zDv7Jpz_}__-zmDPTX^WI?oC$pkV>6w+;mB<8aGJi7@W#6Dw$)fO7pM8<wm_hnT)3|
zbRP1|T&X~id+b_tKvMigdcMmMLN0@aS4MmaJ+dPo+;{Tdd1S5-Itqi1UXYj+1KdYJ
zFABITWwzrP7<RyF1jIuC@jRLKkvjpefEn+a{VsF|`cQ&g&i<%mkkOWPk}6M0R+v*q
zvZ}DlZ8qz72k(jB<mFssyef*BG=@>$zg>;;88nabXh>JxkbqC2K2i<viL9&dKXk&}
zRKmELkK9k_jSSUuA$SBLr55ubkWZnN;#woUMusvUTFi+h@pa&L@h3$i0|S-ciQKDn
zbr0~6>j<3PS|s4IQcn1)Iy-YTuvTNm(X7dq^%?g!#W%@*<lsl-#|kgyQBj~bc*(na
z5ZLl^8Se7+MtGe9J&q#;IqhAekkj?CW{E`#7r8?(v_HuhMEXASu>$7XJb<J+{+6xg
z9{C#0{arTZozr#7yLHNY<)N^a9>s=$##+;Ss#RdEQ51WrPCS!G3TxdU<p2o}R|9#u
zh}3#>&zn70dUh}E5Ila*>pfrJ-B{bka2!v5u0M(9o<dtNPo<X_MQi-s8d7R+*p!~%
zmx$}ek+22q)5sWhm_l^ixmPLCn@DgW%N5$frIAB06$`CYCO?BUQ8v&WFlA2{$*XeA
z_KqT&kR>H*N?1~r_-F}S0{WlIiy7MCLVVhvLk&-8r>kRQ=o44R6~R#=c`u1y3JE6O
ztN?pvc_<Qj)$tAVM53k`TCB|FH!63<d#PZcfNBYuS-}Dx{awK>JUp&oCn>d9$Pm^e
ztp4JW040OOA3JO5Adbq)hYGE=bdVp(uBM3&6Y}jOA>ZQX2+>xFox4M|dFf4Xb?6S$
z73daU5gAkx+M6BhAPFk128j;-T~a)w2tMvxzeLIo-O<Mt*k=vxlTo?ipVIUX!%$FZ
zEs>L^q*p^BgsNn!{Y)TI-eiQuD~eyPV2MmXWV78K@VZQ0Bdp|-fDF$B5P14qPxUQ$
zeRcWdLL)qsoP>&va3!HC<USA^l{rRu8JHnb(N$roX9Y`OC}+A@X$@>vjK4p69pL@I
zgLfES-KE=NKcoP4c_{Rm5q^ud`KVfmwfie0*FmXO6sD=84tNI_8cpzy-}T9y?B}S1
zGodOWw<vTQB$wB+nJGeb8FyXGXQ8|<i00tbNw>i*Vi!oTIoUxWk@|BC(w8=PwI9(R
zrV+55&-YWcAlHYadsUNkx_qI$%zkp%%oHTI&|^mZhpICWbt!u8MW@B_zX31yye3H;
zx>L^AWex(mKC!1&+?O=u2?;e1F5{6Edx&4osKrID5%%)}@tE)DFfHE*iB{BDQu+m4
z5HD7v3B3#%3xr@dI(K4!M`F7(v=L3my)Hf9y`fdI6x5OJCzY%lH`Cu~xo86rtj-EN
z%)_4*s2B3l70A~u$o4)<^QN+?Q)wmpXjW{W<WNAH!#Q`Xp4V>%uLjAe;q`Y3${47j
zD50OfSH)yP@J~qyA~*i};h1!lDmpk?6&o0#NbJ;T;6_x<pZK$$x({743!j71$?DbU
zwT4xCcQ1AYI>n2mhZ0+jSQDb(<I*kcEC9(4<|@*k)nAa>utveF)scb4Gy?B!YkZAg
zz`AgAJG_x=Xrvoc^=;lY%Tj4nHYn^Uj8icx^ve^Rg@h$L`G=8zg%6IzE0^$+1lFf3
z2j8oC&tQ2#u9Cfk>}V*b@Natk*Hl@Hz2dDE&UTlm;wBgWeN<yAvn5sE4XMTNc~vid
zIYt%nWBHQw;xAI)f;affC$act8zRKwm%=Kosb!(5vi5(?+t}s`rlc9UT{uHphqzc=
z0HYDAryvuqZYq=Py1J?UtmX<elY+O$p)#tWSXlI>Qnv)|a|&^~xmXueiT0fc8I!ca
zsKiE^;trl0nhH+rLu2~H&+vv4u3&L<g<3}O6R1Xp6DO|4p$d;HG?nSrDKu4hqoox?
zIqAtPF9W5Hou%P<(eRWSRvMClvjsvE{gJC22yU?tyetq5U>KvIhciDxom=e9Dn58s
z96HPCB`1KYm%$o;`P9O|0Dg-D=Tusg%5XQ^W-Fae#7`ipJ9w<>?vZ5Z6VF5C#1-t|
zbXOpQ^gyPhCxaiB{h&(xKQbWc`LLYzK`*)kYSoJ>aq;_>-IoS)nu&rL+wA#EE2>@o
z@-g79Yd|_nD`Z~-C(A~0H4*G>MmR_yRMFoh@Qe+V*kn%|D`!siSI(S-)>T*Xl3%#&
zDsZ}kv6SjU0EUwzfk<ao=j|+)O>>;Z!X}ZUSB%UisNwZOOQ8D}V<ycU;-6Vj?RCHA
zbwhn#ROAkQ4$l9Znv}hZ#K;TY8HGr;9zOb`Hx$Q*rO`X|WF;g7dJh!1K=zSJbni9Z
zq<(6pP|iBmQ<E`wh~Jo-tSgC!-IFe;n+h9ViM!gaOek02T$r=$;1Th&G=Gm2yS-x9
zPSoq7C8~yi>neTj6vLf8N9S8yl{2RLy>**;PO5H&VN7c{bVEf+Gf<|fLN^4Cj=vMB
zNKy<Hiei9PSQ?rN+0Y<E5r00jyP5N$rqX&<jW+ZF2gRQ$`IpcK%LC`jzArnhni6*L
zaz)Rc?Oj?`?W!)nig_?Y8nCp=@1j345dz#qzBh1@H&g|MgTt92dMUGC%5^6S&v6X;
zDsG>dRh+vsv05&=#KvmtcBB_Uq!*N-`ggz;I40iH8>!MAl#e*vrQ1Oe@$K{wL|pY1
zt2Z_Ohl2}IFktS#C39aP!sYnVLcffOk8q4-Y7bnddN~G%HsD}EK*13*@wpVm9jwln
z^nt^quia&`$4gnP49cYRpwQ@}<2}-YGAY?+@C{AQz&C1*W*{3!{!QQ0Lk9hk+xQ;T
ze@dSHvJE$x5}E1qv3bNPdFhQUGE4s<;`euGDIdS3MR`-(DDUcIc|F=H?-Y^8C*|S8
z7s`32oeO#umfLE!Z<WlEzQ;=~k)yiFgR`N>Ng(YR4iEZ*3@;Wj8$`azw}Pdd8-ZsI
zx0T5+v#EVzRs6%tnsnKJ6rNp|-9wkXaFZ&#K_286!|3GxS!4f-mBfJ^Eh$7~WB-~T
zb%IC4)6ca$ZK{NZxsK!+@T{@X+;H-5q+I*5jQr!<%D*HpbG%}xz+{#ed$-m5%dOtO
zCcWZ6LERkjCG=(YexnK#tOM>B1n{OYc)j@9hx}81_M@~0_?;?l|J?#_`*<P2i8?8<
zN-Xqrvau>z@I4Vwa8$E6U-Nbv-sO@*!}~AdLod>I*hU5K8hHS3(UeTX`^PDGJ;OlR
zrvbDiyw9J1FuYG|+5b#<Pmug_{+rC7n0IjgFPgp*-namat)+@&`(j@M?_~Pqd}h7f
zv_X2C#rDbk7;fLnfsg>Ohlud&-whmXMyJ-=p8|Yvdq)slv3<3SL?qXvGM3pR<(28?
zq51MG<C$zvP2w$1A)6{cO`vkNu*F%Es;`D}cC42Ml-aB32d^>pnrx5CzY5bo@^iV0
zs^}aUvFL!8SE*93QL#<-Z`C+%u%APGCe8ROPdTqcm-{g(ayrM<f?s~_l&?TwTIXb-
zB>CQ<^*bl5Zu7a*POBI^)L+5ozf7OSgy}V#g2-n$NtxDkuRtO6{tlTjKSVq%@*%*;
z6`Fg*+4?*7Pa5;!XFjgeoHPX8=q5X=#B$AckOOB29--zs`{oW=&Vljed`K_Xv9oFx
z)=`hTzd}kcQZfb41TM&`<$n$TJ^U}>KSwfhX;#*yP4=nO;?V1{<0(2_;H;E<F2yw4
zF;1%x`og!?+3Uof%c_`dU#S{eF$erV3$pSdbAFZs5k7A;n=57rlJkmMCHiwyH-d-d
z44sd*UGRwLo^7{lh~T_$m(Z#wvmagu7j-<8)qLqmdvX;fR>5S>76=A_ps0&XU1sl7
zZD_VHM1@4g)yFeM|I7IyMk}@UNm83k&J`klOl=rQSTYZAXUTXeQQ8T%OHSn)<8EJc
z=xp=(^!Tm`o`&dXEuy3KhW`^3qrBG5Yt0BcxGUf_txHy!mOJEeqoi~5UZh5-gawZv
z3cKIJ%%S~HvB09azrsaXx;;|AeT>wsR+ka3quolBSW$b>L<<g&RFrXR$<?8TgjG=%
z6xI%TeEYhowXWcieq?V{S|{MD0&DxNT>@0MQo-g@41mf_(Jx2^z?DR@KR}U(nrh|k
zcaI?wZwAb?Mezfpn-UFD%TA{jQF3Uu-#wh~JlF7K|C0Sooheb(_!+L?aU_07s=^W0
z1~q)DJ>n5V^gf#HUpx8l)A?)c<K(cD3@{7o2}NSk^_V+z3|<d%*x<>(lv^V*RZzyJ
z=c_&NNZ}s2i3ho|aAm%Q$r)K4#rn2+aTe&L`lPY7)#YCXJ9+nvE@RMK@eXFQbQx%E
zx9@ydP6bABKgkiaY1;de!xycdE#}<4y^)Js%z<FW9Jn|&2g<(;<j0RulK^`mx75`U
z`Dd|Rf!?3}m(TSacpy(rS@5fXuRX9EJj12<l^VMf{SbKcbKr5df(Ksw8n?R51?g$|
zN$}XZeJ%_+xHSp#sE$JD4?0hE8cG7}Go+r>+?V}Ot#1wosn-a<Az<PjjXIw8FIceD
zYlKC|nEg*-k}QzMA(08%yzU*o(4ZME--}6D`=e88k;=|uq37FA?^D>K(Eg$7cLm1F
zl|?AYRn*$|gAG)Bqq*0p`YKS3O4$1!6g#R(wRV8-zG<7)n3Zo1o*Wrc#_`fShX3`@
zB9}G1Ow>cm-$p!O4JkplOV(e!qXIi_^*LYE46Pg@+vTbi&34buSy|3{-z_NTJYQt=
z9NE!Mlx1@0xw{X*u&!o{^JTp-Vw)u@a>p|J2B+*LhY8G@?U#6F0z9k6K9`=zcy<g;
zac3F7Wd0_%_gN%n{yX1u8OQXu0N-Ro5^1u~J}H_}Q9BDndrtO{M_*L*4!5Cfuqg+R
z&uNlI&8H-Oiw^j~{`@R^0O{HCjwVc-g6Kl$o-1K1w;hk>++O_F@ej436GcI=d>JPV
zp{4D7jUQ+81eND?B1u}`QzpthPc|1jOza-$XUsbrO{2e>jhoS)e#e}4Ad5XX_-^UD
z@k-Pp$66KH#=M5H%{d{Ugo#oJZR&0z5Ks=zN#?babMM@-R(AYwQc=z{nsxn`90)Z-
z6G<xe_$zt0r@ufi(uWrU_<#IGXbe5Sox8s5St?nRboAtE<7rNj_ShfEzQt&Op#>d@
z9Qzadt>;kT62lW~ttJH1LkNJ5rAk<(iD(Pw<{ePsN!juCv74UHV?K#L3)YZ7dgqrk
zZ^;)lZ!I4H@?Qx{RTl%aHw4H4(^rKf!2?60U8jo&&b$SZ#A;4gH_MneOn`DPD2K!5
z^3Mb38uOUZ2Yk`~mf5%|+nlyf!4xVgua4ZkmNnYhW4+=+bAX5U__^L_j(e;%I6GdV
zLSAdo0XZ;2Q9XAU3B0|Uy^Y(m0sndN!^w0QamGAV1ntk|%`T?>8V&;4Tc64#LMf#q
zX#^f!2=CXhnUovb1z=;N0c4Vr)K3TBFpJCPGm2R(Jfl7!%LhGj(cK+Kn0u9!n~Tc{
zix$4dyqwawf&rC_V73ufcCaZrgSZ@{{x6h?jsUX!`xmLD;ap49hoT_v;hftW^*OvK
zvJ2+h-U^CQq7q`%<zDt$6@!@yF|m~tm_}!%tHt)DWzlbwB31Msd66XbvvsVS+wJ~|
z^(}&axvvx(pkBjvjP)9K4&FFl_SX1R+8R8?H|C0eYC{;Kc<@F!`^hKK_`zb|%bDp|
zpK-_H_(`fmG(q3A^b@jk3{%oRSRqRFZZRQ}Cd(ZD+&)q;r_&?B4DIy0T=G>+a6V+7
z?CWKYbPSb8gy8l%+LWGs?B{9uDMN<)V5DKMc&#_oW-u7?k?nGDAw^|14=$GRRD;w_
z#wXAX*~G@qxOEBk;3Eq^D`r7q@a^zGXD4|~OfxwE>navOVp3?o`%Bp)H~?d*AmisV
zCNqM>5Lu1OmlVDSBn8)$?6KFA7~+V7THhW-88-VK+lic>%?*OHIL5M1>qH6l4L*@w
z@x@ej2WHfpOxMwvx7@_(?Z|2S#7#_qyB0J34H$DdBNX2PxCBss(3HE6@aie(E=eO@
zn2Fqmm+1~D;!p}gBn~5#%_Dc%_@fh01q>9G%@i*N=){AMjJZG5&LGxoQ3zD~*AnIP
z4^&d?bt%WgL4`a^B(Bz&Ys&>(wcw`sF`2{TVXnoEyLLlOnf)#*DltNFf=F2Lm3tN{
zS~%O*FQTsnl=Mr1dTEeJU)$0kdo2Eb&q_8AF`>)xStHHEaRup7JDD7*c5MeAO$w<+
zD&hz~#wDg2u$u)nbB^NS(h*;@+u@+;1cTQ#w6Q(#y58B1u$kqpSZ3@<Z|DPKes>g^
zIZ|3<mtsxbz*V|xsH}B<o+arXqyK{$#5QGOs^y8s+^Q^Vk!bg0rx04=^6BeraP{zE
z+Du^%9(^j`!UBP3#akrdsz&2yn;32pwHAU7jqrccaBTHD8`I|y8q2~mvyAW~gndX@
zqq+Syf0`ILv-3tVs9Ceow04@k8fAnEWttUAi$>ZDSyT!Nf1v0(F&`BRz7iwcUa_9A
zD@Y;i=kT8;ASyPWcO`kG@>M}tXP6_1yE(d8L595*G*$G3XH+wfQ!(w>-^H^`VWOrm
z+~8F5TaDtnigrVUaLlCEDgEim_1Q*!NMZ_zNkdcSqm0d*TwOxFo6mEQW{R~^OxR`B
z2P52#cfn2*bO-kC&=|AWd@kLAWvLF-Kt!RX#bPkR;sDL**GM{mHQuEX!%Xsk?VX0p
zk)#;J?s?1SdQBEex{0&W#%*ghiw&FE@e?r)QR7>`+6X@&gGeW8WI`3{0o+Y<lLNR_
znjX!&9piz4#@x=EWSaDXIwx_pwOLjbD07P*KDjSa&s{aHP?TZ>h8*d=YU|U)g@s}`
znk8<<k#sms9|cDcKTQMCsF(A<Iqu-`F#)!UWOF-{FhC90N~@T^Vga%>#h-rFdP_N_
z0%dv@O1+uW*zC9}P-424;7=yD8D3KAW0lEi`LO~Kj0z<S*uYbOc_DqvilaEl2i}yd
ztmQRXV&h1jDwPSZ=kn^eZXkcq9mi-FlPtg0%WvJp368fw3M$0nudvyxi~egWgK3Q-
zNfk-hl!OpnCPuEUr%DCWTrAQkr`WWr3Y)7`IkB-y$U`f!5|m0On3hR#9*R?@?Pj6V
znOJ{PibY($jGo&*k%lY3_4*aADGP;F^-1<RN4_EY`_?W_|JXh9na7xxE1}gg`#-VP
zw7c_@o_($Nzi|-W!H#Hk?Y5s4R?ymSzk-Rcu!^6O(P}~h)}uOl)ohMT8aUorRz2qS
zfBGUf*ka6A%>0fYY4;-`TNWq&_H417greH(JnJYc%o0)VP@+|8hvJ+??_|Zc+z+Y2
zg|&j<2!IO~!F`}Hk6FNOG(dJRBfN+8r01E8kwCzh+dhpXq1wTEZnGo!!&ysMR|t}k
z0kMB2n+c&BiQ`ATh_t{6KPGFJSlEOqwX*M-_Lq+JCx}ambE(~{)?a>QQ9)opA6F0^
zQb`Z5E@hSo0x|7*k|}dS81*7qPbPK8j^~ZzXalPGu$Q4Om9$^7Q-()u5#91rsJ0C&
zw#MezdR^&qtkE~Jo4}N?2g`O_2}(~H$F_|>UUcfEJJ4KpUx5D~k%d|%*S#qgIGXFh
z`5Cxlt>6xNQz!_84Nt*~ZfzG3m)VP?B<+5|FLRR5&B%&}uMm=cYb*3&gvT&}?88|Z
zTFCql<lZvF=^~))+g)-+j_RQ@H`_NWC<`ES>lk8b>quE|WuXuC-YGzk?CuMq-O9~&
zmlqYL!2u-Zw$lc}Ld0<QMhb^+22+DWg$JTz8U~)a{Q%)Xs?k7*N`>rycy0p-Y<_J4
zfjy8e3m9II<g{d@OwJS-&^?m<D*qrb{3N;D_lzu)Hq?j^z}`)N?VYOAGGDHi*AszN
zY!6LUi(D>DEfEPCHGAx(D@o8uDj^DEF>rETynQ?;o*f5PO$gy&?o`4@CE-I-FnH-1
zOP<a4oY@)jXb<+ffzyR_)gB3L`hz<I_7E2~of+;3v#O(}JN5{lg@2dzhKlwqj%2%3
zTB|idBL1X6)3V5L)i>pR6bZ#w%xEvZVt(r6$iz0x*RRZ<rf8~4-$i}G<1;GP2wCGZ
zD%Ma@ybB(Aq+QwZ4!$uG$gy^62ZMpU5W=AzEaSit;(38*C#bqxIEoZjx4~~22!d~X
zvNgXp944^0C>2KgHqur5@;|FnL2qQh5yaY~copEnQuk8hq9hUa-9jNyMKRwZ18k+P
zx77CNygh}j7TcqJW0ZV;xy+d8fED^p&7bIi(g{kUFRB-r5X!0{<s(vFv~Q`j=M`E^
z<((q~?jm+%Ox{WIm@e$bR@pr&|45y`r{sT8=g-FcDmuVlp&C@iht&CmeH`RkWIz#l
zK>N36CO7t|HbPCOnOwMkt^!+26hZ*DgLA}3NR818yMCh=zEq4}j}+DM)#&xOa#&*Y
z`g752^{(&IHF~{R)WEx-XrKp8FYBmG=wOeyL@+^#<CX|=00|GM#pH1Tk|D=)gY~xE
z|4-6?wKs#$%xGBOxI}ihsZ1?PRN*-o8@|UHK=IXHPL_pmNz}RCeuWqN>OZEYf$mQ+
zdxAa95tV?S*bd$eBL5h0?#~p&+OvxN(Mh$k{I+sNM#sBLc%__|Wg>bd&*wTMP~3ZK
zWfTXT{8LrJVktZts#DF7mPanrmLyrS9m&Z%+K+{TL+H1^sI$F>l#sTavx2#7r|}$-
zcAJp_pDq^Iuv|el^heRhfnKuhP-OQTrA}>W7#;AZA!08o$AoBJaC+obXt3`Ex?R0~
zwhL_X3Guy%Ptj}4zueE|`aLVRCkgG3KFA~(#?FF5AjO-4)r>0ef8N>BAdZ$C`a^&J
zgH)xzAMbp3#3UK~_Oy>?K*T7y2qub-Mgo$XZXoU8G1VflodQYVZSKH{MxylH*ge92
z=qa<oK9VuS(i=`e+1ty^VOtz0lt_*Ij5MS76p64!=2xwwdOA)d4^xaT;i4IUSDp_!
z&pFO>zVlq>JY}X!Izf~2-0M8ulq~NB&a>EgiUN|vo6d72Pk;2;qB?n6&#D&5a{}+u
z!a5;2tb2;4Ncvu3l}?_soOkg8BJa;Q&j#nY%6V>do;#dp7UfC$eCJu{JjH}X;yuo@
z#(CB{&j~!GJrBu~_S8Ag8BV;M0ZaTWp3*-_C(k*~bH4Lj##74KAy3jL^KEqE^M%MG
z-j?*VN7BhNOXA5VLKgX+OjqE<%k@kWFZU}*y=Bf*(vRgTH~H>Tm%7yuV!kAZtR*Oa
za@X5PC+v?tUL*(4QmH)s7VpeMbsaF;!y;)W1GI<~f+i*UMZzD}^}E8TKa#-AA+G0X
zG%m4!Y}Bup#I7}Z5~>~e3nkHMLUVxJLR9uw3p@Zr2nA`H;;;8Z$$s7$Mt!0B_Gi@q
zr9Tz*mY4%}aAG#`e8G@qGTn<8X3;47y~mmGQlR*RG+`c^J#NY&NJr>^2xt%_kzNrh
zh=4$?Rqp1>yaE@0tlHTzO0X*PKpdCn6`Ik@B^1aLG@Mr=#EGfsPqmKXl`Od9rKZr{
zb`yKl?Ykm)?DGP`x~bVeHo|TVn;au_EFjUe$0m&TWUo{O;bg<Zy_%dh9O1J*MjpXA
zIv=Q}IDV=E4&|RjfiGoI$wK+Dv*@8*pC+ArQhLTHs4n^~bh||GWTHbSR(0U@&yuSO
z6j(R4qcR$EKBB!PZ~$Ef$P&e&34WJ2Pvh#eGfdZRvwWp#3`G1SUnBjC?6m?}i!DPc
z)&d^MEg8Wb?xi_`RHg0g_*@9yC@*f@<%w-tx1!i6X2WwbSxVo{XjW_x(Ey8Cvx~kw
zPX~Ez$DH{<y4GUOh`c{NVbpb+w4VtBaVS?>_rk@^fjr}`oiY#4r9@i-x4M4H1QhVI
z`xV#Snti=d|C;*HZaf~LR48YRQ7=a+b+_hTXVm{yh1yfVf2dH0Ym9pFT~T+d`$nVw
zJ{9VCvr%uUP$x>cQ-uyAuju>L-P-voqy9QVW^^D#Cu3})8g*e^*%e&98d`L?OjnN=
z2Pf7lxnpc^u5s5!kT<i(sDDcW3LdYjP&?w92tCh&0Wvv2=2>22n`G~>4#Y<*UlNPV
z^0$H=<f!8Fcwb{dNoeV+(1DIPABfga3#zXFkGVGikE+PRhO<H-2{$0Ypa_iy=?G|0
z(F6h}5}+FrK|$QubU;zrgl<6rZRrGP+E&J8bjDrB8Q0NqK}SbSSb{saf}r5I_BA4k
z3lNn2?|Z6l_w7z+!S8>*=ks~6D^<7dJ$35TsdG-9bBcH>-s&-owLSgox41$Rll=!f
z&i_*GSo;ZPOZ2RRNuqcgLOcLgS=Bb9`cck6@jg!$7NHkMY7nt;m{z>WsHPJ`MG)+n
zJ5%s15J6-?_EXF7q6hRctOOb=0)<VNAy2c>4cF1(Xk9FXIk?%WQ(jlK3g38>R9@Z*
zl$oA&)z46t%R6B)ruWum&@QHvwS{IaG=PCSuoZez%L33A|Eo9!w#MqG04a7g*xPw!
zxZ+`aKp1DJN-<JNsP>=x0Wn&H6{AI1v$Wi&TZGx8g-o4Ja_Qk}-7=Gd1g6r%3#107
zU{~=T{5hR};z;U-4cx?|&bc<{5z$YnByw5FMT3xAG_!K!-1y6IFL|e8U-ch`eV=gV
z!9XIz<RN)XpX_k`eH@MIqh9Xa(KbB%TY4tK!yUS%DIS*UmM9*sl$r=0Ch<?`TIEaV
zVq*8VgqXY%bA)g&5*Va9n$xjl9I{;bCsasq6)l=bK#a>3d`c!EwBl)*i;ZwP2IIrA
zO3sS=QA7C!w6TH@;fGc3(9K)quba6SV-KiD0>=B;;wq@8_YzYqA+<NoNKU#Jz}6m2
zm9xK4+9$9(2uOJ2Q}QbP6GTV>Tq2R-PCUF<<@g#VcslqRMj6#XE*%8g7StgjUMDPE
zR7wU$JYrNMu^~2$L)bDu#P^N0<C6XBUh(s$h>e6NG-xPXmXI3dFRtXhjj(6eAeksm
z@*2YrV~2y!jgSf?bgVrCA-M{KW1#@}isv8;lTqCrWmo9zWOv|5GaKbgu|-V7;Y@k{
zbO4rAhx;JWcLhn^-ERf);;P+`ZJ``?HVD`d;2XmqpU7{~ImxIRhHuf-InNzbSPb65
zzODkeA2g)8i?=Meurhcvv0XXjW|@GhOm+!u((<l5I8f}?zu>Ul73_Zi*F0fU!De%H
z25{u6Jp{+_pA7#;(ww#pJ2DRIVdgDv@NO85Bo&xM0al|NZVv_PjH<`*c<HLb&~@**
zz`cDKSqkh$jRO~Uf+Yx&^+N}ZWy|plBi3Oo!u?~}JV?ngmN@__RQz+1d>bX-qU4K>
z>U1fk6dTnC$;20>f{DvkvM3E~{~M`G$8(=bsU3Ee_odVx8_Mfa%0LgQzrIBsz_m~2
zge>Za&BH0B%u8Y4l2Vr2sP2jqW;Po$%Y3Bne&^*7m*mvvSB4fk%?soK5=jk8##&dh
z|G+s$m5EKze_*0f{g`@zCJiX1&H>R03!%{+e5w#kCr)5GLGkC8?*ff;YWriJY+@1+
z%}z>6(y|e9Iu&5s%At&;xpRN|rizS&!`^n(gUTr?rKiEE)?5y01VaP$AyTT=n}&1#
zlvOa~Hil=MA-PDazlWa5zkh-Ei$%}8V=WG3-$CrMehgR(dm8q}ziHU#kzAr8ULx2l
zLZ>31cby&fdGPYIVBd#KyB6%fp={E9l%{!zE(2?D?lBFqZuq%4$<vtt=M!6kHl8Qq
zsYQs%at|2=!~P>6KVK05z7GXG{Mhl7#tx&%8pflX$!3R9O7RqHZ~CeU`7=2MT`0ka
z1_gF<7#;|xklz-u<N$GJJCT_!J4bO#imRmiz>@4zOpt5kgzO5_%VWRbC{WxeP#jl1
z)G2`M4vlhhMCWsyCBUpDW0pyWxq0p(a~<BfmBEEM6$NmM|K64SeMK?OyFA^g<G+N_
zU@Dn`3JCHRn(qsS_Jz;>tDdcOoM1Aq-5z)td;^;U45Hz6cOvm@;IbTdD6PM%_IHpo
zKnrDk=MIc@P*M+#$Y2$ZAc*SXQ5l}2kc&R;y^?{(3T~Iini{P1^@hKk!gf&ERb0r8
z;|8Rz<egky98z~EA>e1Y2i2WA6?*hkM4Q_eNZjoF4RFa!XUaGtdPE$NH8(r;pEQ{r
zC1-Prz+<y<I_$~Dx$dlN7(C-A37H4Xx2eWQSU=Xct3cxqtM*AW5*^roo&lG{4m20?
zA$TE}TA^{{CH%v8Xz-Hk&~>kZBX&1dj71fxk^y*uEz;Pj)K`brLul=XR<&G>Du(nU
zSsF!0G@f+*7PB+^Dt${Y!6kQS?C`R@=4n?{s{~7MH+)>V>?quwH#oWkr=e^XDM+J?
zZLCvfPG;jd9AL%Ho23bA$UcV?ojf_db;uGhw(&N|Ub{02*_SArPm&cyrX+kM7lz&;
zd$b1EXbY~FIj_yGcEMNzxL&S_VyuD}t!Rcj24yoh7Ov|tatp31PHYUF$KmUl+cmz9
z`$KRYXM@Z4=O|n^plmM1j%vf#HzZn(ukWDfwFuWy7F<Cd#~wDmg0DvLb@%cpTo0mb
zN-%149>?0?n$Q|t%Wl*7`iW$E*l_){HVW73`Y2pCqHI!EisB1P{@gxMjM1#nBF4hE
zYRE45Ly%oygY1dhqm*BZviYpq(=0jkp3~Jnemr0zZw=|cyXn7=`B_dkWgVup26v$a
zw`B4-Y>YneN))4~pC85O2wipxqlMqPxtQb#(Xkk!<1CbowI?e**;qm2ggCk|Cj3Z=
z+^fNmjkUx4o3@Cy+}LqGB=L2P=Hm(#xD0@vd!4A%!^2dho%)O_oTGKdyIP#6Gj7on
z^)yh^3JE1(o=?+RQ!~$_VV<^FL0?_QfTw2{njsQXU>!3B6u)a!UB^F}HB>AV!yunB
zXpsp$-GS3Nhi+27UY(3$j~#*|j{pBz4`H|9w7K2ULD|L5&2p7;Kie7t=f;7#A;?aX
z7q@BQix~xSqEfv%_g5;tyTap%yTC?>1Qaujs@d}WFj8>3weWzX-MjG~*p5uf5RhWr
zT85|$%)qF$()JoOwW1M5)p87#!@uxk4xg%(XMAOFZeAs&osAHba*(c_0eZ>M4cEh=
z6@H2oG$8UUT&<BnI}?DS`3|<7J#w1xZ8&^0C8D`G<|I7NX%No}NOBOA?-9K<_zG1f
z9%K}emJm3*%X6_SP%X94SRAfkwOEdk;~wcCs_&P<(!_>Fr}<Bg5?v;Rf5)d>fqPWH
zd*rcDwWxIgc>zTa%*7ADU_CTt`2Z8=M_$^T)?E)TRoYj@URtoub8NT^KcxYew+89L
zRPZCB>>*120G%0E2W4$`1wt0IkSg~nwO(u{XX6D7fPhH^@Y_rxdJ)lI<opEk+XWv8
zeIm7dV)@OY(BqYYv;8KS941R_g*wxq+|=Y?72$RRh}RtyiN5q6Q3?@7NL111WiY&j
zlMy;)ohoy^v@)wmL0-JeTPkR*pTROz^tMj`MQh_qeD)}gr)^Vg&6fA1fv?w(X)`_5
zpAsGvYH@N~p4dg`OmL@NftX$RKbJAxm<pni1SYTu7kq3~l|i*I)*ca>|Em8`v9aQ0
z>Tsc<n_tC_^QTi^a3vpV{2H29!+eBKL9o60h=IT2k5c2dI<P8VN$Ny+a6*JFe)nnv
zEhR^cVN)_FTk1+ybv?q@Fw&@^1;p1-?(K)GS19%3O^#J*scHW%DOh+URR+nOl1v6{
zJcKI>Oi1|z{)+*~3Hc8yWblx12YR}L_bMfN42_%?jcHl)>Klc|;1P2SIv~D4pEbAx
z%Pl1u=gH_57>*$8l1zB6K@rW&Yp+Ob>kC3+nUsPjb&?%76TBh)5?ywhoATNQ$nKy9
zB=-*ia+VE{<=Ig{mg%z79M(oardxpA2v5$#$H>MtQH&%be=QcEVC29xs_ZnMKeBBY
z*|ADvB=rvgQep#S^MEKIb-L^{`?nF0b1XovJ^GJe<k{z=82Rg)ve^qp{-(=L^C6xm
zwSib)4`_`1c+?*O<OCZaS1yWTWV$Xp&7%a611a;5UNt;9?XHrXg<Y`F{*zn^bA_z2
zQP4}c#u`fi05|Wi5a5PAx6HRT0}C<9s4Ar95^U!#MkdRu<M4;C2&S^5P(bP>bcIN~
zZjkQ$xOB!2-NFL>aHSse@7-G+GZ$tbwJ_(rsgVx0pNZRn^09I^<d`oTcu5;DJ=OZ^
ziq^lHfGyNK8=dmaxlv4S(q*UlG-BhJ%ZjOr{*JP*q0Feh3x$f%;^fM}Fa+WoRn;(6
zl^JUdf9)3kfeywBFHKke^$_7d0bj#OkEaWov+~jI4o%93b+P08FIvRriWM50Pmvq6
z%<gP#?uTb0*jxf^0;Ra&q#g4h8dYDw)(8pOsNRl(g$pxNf!Zqn{dKtpsAuZ{SueK%
zcAf<ocy7LUfhca%Q<t6QC_vSg8J}$dayz*~%a}<3$UFaz&iI!9Mi==zy6iO9GV-tu
zr1vFeU6xkX9|B~A4Umj!Q9x34*=Y`n0>Y)-6&IYz_l`n6<1b=XW1OjBlm*;eIRbBP
zyM%Ph?NTi|PFK2GmCh}8I>Maoe^)^Wds_O>x?E`f!aZG~iV)7<ry*Q~K)BW*e7H)Z
z?`<%b=I60F2$ye;gYd7)G@eNa@6hE!b37olmhV?M(eX7@BIP3rHn3l&zC#{aD@Q)i
zK=y_IY1KU`b#cg!lTEh!^-xk;9E!t^?6Os(I@AH-*(=L4yW`9#^C)qM*z;C4E<uH{
zt1T3GiS^x8;784)P=B|HOtk)A8il~vmItB~xJj3t=Cf_&!XGcw2uS`zfDE<)GUc2o
zAQN@jX`awVK*m{sEFw2KZ07LqC!-j7@3JT$TXorKK7a#8xPRiL=r)v$wPTV&U7@S~
z?LSmttf*pRXy|#*V<WNTYZB9Tc<Y$2P=k!Fm60&p2+>ubQ<Jq4M_||7pz-?vSwd^W
zQmfe_u&h`D+Zo+&u|t6FoKUE7N}1U|sUFH1L<$2U1-uC}N<2pO5}4~af^B`0DLquu
zMH{DC5FG9;q}^i3z2aR~y$tWD4E~Gn!aYOo&~gYOIHeDJAY-3;G`;oPVP-hYz;Zr>
zk$X=y-)G!ysO0GIUwwLfwTf}jNeAZ^5JO-H*dFeP=E}fYcEr&|FPs-+XI(A;gtB(I
z12+)}9@B@A^H()g1dhYKKjvO)JZ<3Rc@_Yr1gSLyH(5#7JRYT+>?KjU>7>g}^YS(V
za`W{X6EBcQ9X238;G~*@Jk^}dpG5(AO_!bKXHk8N9w=3B<L_0OzS=E53NEj*m7>mQ
zSb}*lxm{xqHwbrOr~xDx>DCAB#+oC1>$dnBIvRetRymp0hya?sNC;fJ#muHPIZE*p
z7=%SOdm%p38pW@;PUGPzuKd>U&?3cuhpbA16I`aGC?3SBDBe63R))6F$Nr@n97kKg
zX+j?t&@)s|%lKW<X*oxiou->7Uu_`NxfURIkk_<^mnML0c_a$ROCLl5vC2-frj2{g
z*Gn`;I{hI)M%e)QR2fr6*V?7aPV@9AAml*Z5UC^7(?d>zTHcV|7I0Tlx@`?hvDA|p
z%P)ti)Avl+ra(PrDo)YcGEbWpYxL~l!fy?NCiCR{XLO$4e>gf%TXflJ=0Q<w3n0TR
zKra15fZX?wC?M@^fV7JMax=DwwgB?{wHhOzlE)l2M!MMm`9cezG~n#81XHsekCtHe
z>{8}CV=7F6qJQ<o_RJJ%`@(}PO?U^`lCU4G7rlwUMK4+>{EDXw?bzY(j9DSSdQ3XB
zto?4iMvtyhj<B1Pw;gs7kn%Pb5B*?QuG477AvN{3C7Dk1PRRR&<B8tD7vVTo0UlN1
zyRyPk;oIX6QQ;5aNDBR+zo#6pdxlX(<9v+95GP~gS|b>Gcq7ny{6Aifj6gKcSs1}b
z)CU6F5e&4cRx(LpJHalEST1C2TE_JERM4PAOB#aV_!}|=t$A)HZVZ*hLAYR%#_?TX
z0gP3QHv!U%0=?Wg2sta14_}lGbaTwMY=G}SL=gmLX57!3?WlyOhSNL+AQH)a3lV>N
z6ya55(;}+AU8n)+LLPP4q&x<2Si8aYKy-1xr^`-r2+oJv0?5S{AOUiN!v<vCgHb@%
zogD>agDyKwhG@41kZo6Mj3oUbK#FaE+-OA2Face5ngwkHWUK|qLb9d9#>mrjrPUkt
zzUfgwe$i#8DJLy$ppiP*fMnHvk9B$Yfb_Ki^4aVtAfM{8(>#&~RBZrcs0GN3KLp6V
z_eU|(-ya2}K$o57O%%S{0LXJ5jge2V&<`IYxi&zCl}Cwnur52z^fm(0&jLg);5cj=
zxl#OUm5lw_j3^+V>$0={dW{Y;mMM(K!a?WE)+FBB7ijdn!o}YjR8fn~vC3kz1`>lg
z9t;c{UIjDdTlW~WWoo)x-!5y*x0^^S*WMeYkrj_dG2+){r-@^#HgVR~^EDD)<a%!n
z2~7a`@t!CkuZN?6Y|v$=xbh<q9LH5g^@&hOd<Wn~*aroeb5oQ#*K;N!n2pfcn|%!#
z3s195x~mj%rAAD;M%7YOH8Jb%GA~6n<Pepjnz9Ju7@%-q9?-cbX<{@Y*n~H{fi>J3
zT`YwRD-S;`C(><}EV?VYSc`l>QSAruE16EJKjuKhixQTervNlc7sKTBxQ0TDMZCja
z#G*cI5T^?fi$Y&$;ImN=;9K0XYvyU-!$8X6Y}p$6BtS1)Hg{_W_id-S5Sjpp9JAQs
zCOyLX^lZ*t%cMj}Odk~f3+9a|z9JU%;6!+SBgb?eUM5&EI3Rt_$h!>Pflj==cCoK`
zp7&~?3l@rYEyDNkT#cHyNgOT1XSdM8PDqLIYU><P=_QvSRGZVe=YNXbENE8T(`WX_
ztIvDRIgC&1Nx3rm>4>oUIdUvuM$GN_4Uc}@9-(QAuSEWDxLdjdzqx`49T8`GPqweP
z0x9$mx9tvOA*N~_Jl&DL1?zuRci%w-c6|W+_zsT8$*&a7Qo%BaqM<8h7PZgNRp^V%
z-8`4B^B_#jH*CH)2d~5=WaYmMo(2Tt{=Yg;AK$Qv-c03*b85c-%@kJV_=b(KSHf>|
zFK?PkD+^3X6Az{yfW|j?tWn({YhfKe*EL_#9A=@VtZrmRib>xqc)i0ixQ=jMlMM6O
zi~O>`A=U6Rm{MA+R-$C~<$DPKXgPjSV~3+|cr2pjWjPL{m5oMzW&>w%7oYBdN?-8^
zME$Xw1RWrGH+`&rf>Pxhyuhe_p4wIDY>ZsDe2YiveRT+YXdHFG&{YTkK&-?&(r{Yn
zx-I@jn11$)g{n5q6?o0Wi7Zy@H{pS_XOlTRB+4Tc2;6{M3}}q1Kchy}jg=@2{1wP3
zHEyqCryF?^$4+z5LIwd;B2D(l<m5_(F)8t0!k8@aUWYN=HcKyvewb5R7?T@L)9Q$y
zE+8V`$AvLz738?5gjsZgd_Sub<@-)f^E=|Dcs%f;C&in|tp)RwQsK#ymb>uhi<l2R
zXE&n6OiG{}<vAVhSD*)U4_+p7@`M1Sz5U~c@%EK^7}GgNb}hvk2HcmFrvm-8dcf$q
zUR>t;s)hZwGKSL`1}v}sNDah4z_zJ85wW?1BRUls93u~Jse8JE01hPP9`Xckl)=<j
z{|b@Z9oSWg23k-n3U<3gRk%t9Mcyjs7l~aw%weXT%1MCl6>!dn`MK&_@r3yo&iCMR
zyj|(Kr^(;bnWUdw-_e@l3<OA~<pY69RPrQHRTk}FOu+5L@U>hOLALwX35mMlM9#^T
zeC?v~?J<&)uGS=R!xb8rdH8w^ql)4(;`QMQrD0{)*t|Y+|93k_GlAyN+yz%r9+*HY
zQ|=YI40kCIw8jRwJ_8Z>lT&|8GzEg%`w)xiFUe0bs)}f4AoAgig;n{Qr<?e;?H2W0
zI2kPncpOdXzM@Lct4LdARMmm%klD<)?iF7{XJf?+^5=VqEqM1H2-VT}BOWc>4UT23
zaV7g+clZtfVLm*}m9?xlus{N!XEtW3BG?~XXtz;y5&o8m7fi<J&Ki@aU#>Cvj%fEb
z-8qWM2vuTVgYr!One4nH6;-wuOp1%vEJUAhBd!RP<eRiC#H{|CES8Z&7y%$+5R9r+
z0!RZy{A^2Lv4-*1nHt6u;w=zS7$dW7?Y-Q(t@R(V!Yd;ROb~=o`1DK=v+y8u3dx%1
z932sg<iXA5So%cn2pZgp-19IbS`rXQE9tX#qeIKc-F}${{3@{rw2WMksW`z!k(>M2
ztwN@ZeTHFzaSB41)~ZTY3v~rUQF;43q3uf#7ef1}NbFHkcnyoIWoY|b(5{!2-!ilb
zNa43z2yGKmh(ar~Or#CDTeG0Q0H`Scsh2aM;#v6_o_;(UswY77GmY>Z@0sTD0$dMV
zxV{T-_Wq;(QM!T7yHsPky)+{*8wW*j1Jwsb|C_-bK=C=?xt}^I0`+jtLs_2!4CSkO
zqX0&JDn~}@iHg7w^H_wpGPWBz=SVlzOA-2O@_!(f;YKwtx7Q3g_c%QReX%-aF_P4f
zA!19bGw>L|l*ua-BSmX7&>xF&qkS=6`{&3EV2jX;k*q*(v>*VivzQs63tlCnSk(@2
zP|W~BVIYCXkPt6M)W*z$Q9T)L=H0?<I1`_8Cho0&KyyNB2tWqH-;uQ=oZeI8LktsS
zPJ$25RV`EFz1SuN7lY(8E#o4(X40>wL$IPk3kTL_>I(F*;X)wX8UDH#XGurYGy5r~
zOdvxsx>x=#gleG)Da%ykl^|*r+UUJpB1C2<SA?vi&0HXMjeX%a|D=b+&>(L15h6Xr
z)65by|DO<PKXa+1Jl+?+#QM+yFafeG74C)AfDe5ee*Y34o9bO3ITVw_D(EY+9(Dt2
z+|LEyZEHQ~7%=@rU~-b#S-xehLpX?GftdVXWLt!U3j3{RfEyvuLUhGy9ea*e`KbIg
z`$dE!&f#yIW1bJX(fh2b7=;S@awqQz-wc?A9FA9fO@<`d6>t*#Z8!<d?!etjHjxF+
zD7MIe>TM&bKo)v&Mvo3AW~2IwngcoLCQ^W1Ol_H9cVDa_tde!#I>GAQsrv7lV1>zB
zv`Qh*X^sR4zQNPIg%Hj$9;h-D&^Kdte8b?vyw|9%Lm3JUEC|$*-hetIaUz-*{dKR_
z8V=$yNXd5j1bNT!c4KXhzhSDkk0dE5hJwYg1DxrG<}-PLvEn0ne@%+qgy&zk#ovI+
z6Yz}cfS`sf>A)xsN`U@D9p{J54yd!jI+&M%5Yo0Ufe*&of%0&zepohMrJ@Zm)^=2e
zm4(OhZ7!x@eM80usR@Y_<TJ>2!OwgJ1qX`T;Hh4RC41^&Kd4TWac@(g&b$F5ko?g|
zv1`8-&4*!6$0(rcz2UhCuZF@SBWUcfupBD8_q+NLh`ob$q&zgB0a4X@8n43$<YA0}
z8WJT~jLsW2#hw#*jR4nYv9rr4Uq_*@Wzu<OswN#badjA~0n?>G=U=8wpjtJcv%J&H
zgk?=b032>15K%R23KR_7lBL24wUjl$0%8M(lSs|lA!^oeha1@<aD39!vW(oeO4O^K
z^eyQ4zn_>Tq9=su^ekP5r(r_9sILkVcz%iu-ZQSbfxAO#Jt@CKdv&-1=K^$OgCWOP
zqtC4pyXyo!dh&j!nT?$}yaV^`M8$P|Uz*&%%}fW#*1*gG62|Ts!F(NuMl0K#|4@Zz
zwExig-jftBld%6z4onT%!nv3u#{A=IWTVQ3KcIMfCY!@h!Y%+Jv)%t@F2eDaQvR8H
z6tV(Rhrne93nG$Fz`Itj(cggg$cy*j57FqqMnM@t4D%ByOPEt^ygG~y2v@H^H#%B_
z_ZRI6KLX@ZzP3VjrsCU(<<|nxD5QE&!jCX}2K#EkhrzzbHHp)?0pI6N_YANLTzD$s
z`r{5Fh<C_ThZoFcZVvJ|P=s(7fA95CF55OqQ#OYoJCQi>AUsDLc-&~NWO&X@P%Bt}
z4DygxIv$<wQGz<?QJ6fa5Vc>WstDuntq9{69>5dSQxTyu7YaW@reh*6Euz=ft|A2=
zt`)bhx|r~LAcgvPR5<S~i!S#`i|n*;&fuvb7)E&dohrY^_=;dJTr->TH16R=D$!?v
z`ZC{;nMQSpxCku(cRRi8Mbv_M?DTX2NB3r<8tM5_jh&CxM%7|GFdRO@sg}X{3RH{<
zor>HHb;)t_jYL7GBZmVSWoPhe+Q0k_9p``TDt;5GOwrF*40cw40x8NBFb390eoue}
zYj<bVw;8N20bdMQ@1vqJd3|MIn|t3Dck(t~r1N7%@=k&Yu-uA&ce8=D3w0`MN11O)
zW-=hV8SgkN)U~@?i~!pz3%0raHHRt!N0v#X2;XsJnQ!nMZ)g2fs<aVT?&9s9@krjE
zX{?>l8L2$DQ7t^vo&0)5;Ege%EEoW4fmowbfzbiTtl%~Rf9st{o#Dv?2uGw$_2yu4
z9EHV+Fsk<EPLTOU>m&K*2G+!6jDe`q^53}6$o7D~4+ZyoxC8rmD?#uwWDS^_S5feV
zXEg4!#vOwQm8Tb5@ed2qvGnSXl>|_ANC5SNJFqav9Xuoa@r7K@?YZ{OVISl?M;3Vs
zkB#S}C3z~|GR5Iy>Zx52_H@1}`aDE0-C!&3_Eb;U8X7+fKZYFcQIfI&Z}cjsXg2UY
zTit5&u3PPoTlXz+a4zN}3SN!zAU&})p5vR2r$b~sM%8~fi{QvcPWsI4KQ$Vi({Rnq
zC9`HYE}c6cYj8qFj@v&f1Iu{|@D@8j50WWIYOvjm)yOQvmfbuuZ@eIa%u@E*l$J5z
z@;L+el{9=M&-PA9+vRPiZ(gt?P^y5sxwqMIA^0*E-(s(`??0~KNtpkPisG+~s__tL
zeM^&I2~*LZhg_k_STVia#h>UqOpUeu%E8OO!xVD^`ZExPbB;3q#`|!Oa2I1mSG)oH
zZ8-RI<LEzSJpv<T<NuI=9RlNtu_p~Vu>qt*&eP2KE0I{6J3)f=0XN<zze#%}7{+Z_
zZutDb#_&Z7pz7Pu9TzQloJc(9JudQPap-gp5r0es`|_b+k$D+@WoQ?nunK`<NR==S
zMPI|<C7Gc!UoAl<gi`#?*H9TSU7PCYBf|Esp=)2opRbE(!-NW-Qb7o%)fj8uLz*6x
zmf^U?UHle=ceEh?t1EPQvajK!>t8U}@X<CP<@kvjDJpccEl7D0>Rgh!MA&NUSl@WA
z{=i&9)a?0=9qY0i2&Zn#2&P*f=+yQP0QMx4`PAF;fmG`QPjbj@8v$lCseV#h-v00e
zji0e?e>)Zc?(5AckexaE3$aON28L(h<cpb9Q)t3NunpuD@ejm{BOc1s-V=H#JH-})
zbw_+s(205|mxzu93zYd+qKux(d&X<1S%aswr!q3Eh@dkK&6R<F(8>aFwnwa|GGc)e
zdMXd8ABt_Ov7-2Yo`Kl8z5PY!!p==158fm%3$76xR>3<ef79Lt?JI&yYBP8bJnU8b
zE&e`PUAr58?Pkg*Re&)m_CArBl!qmU4o$LhYR~|(E(`p^Q#r|5g2c(N*izY{Mt>)W
z%N@K?vT9P(7XKGy8amq@x-nlOtBY%qAC>p`gpb9P@)`EQ-sL^UJP#iM2l>xA8f&BQ
zxAlbeHvTg5nlCJ6&(Jt1bhoK5;Sx6h!D>F{;%^X%Fx~yi5wfoHXiak?q#7F?vi>3=
z50a6E?iR@0p{jhfx+SsMr2GtC6;e^}qHKFLW{R3Jt^I)2sCoiua8m^l?{a=4l(o~1
zY>U{G*2{aLO93#nxB~rXxBzI-_>fjI!=vKcYeAnto@X{xGhRvJQ90IJ1kE8C;X04Z
zDKk3bVE750+3r(Ak{P)G7+P`^ewk7Y2c>r_<l|S6j&YxF;mUjl)1&i!K^YEb{G^qO
z0o)^KXrF{P;AVJ-Q9S}|v=V7=aw-ZUcE52(HS>B?bU)^7JvWb|D^)+`dylJ{#9DRJ
zI8ro*W9~u+8Wsf@=5gbyLs&X=tL@>wcnp}c=W&x6!7!fC-~(X<buw%fSf5NO2wCSj
z8Dj;LC6HP<KA|3p#E+puQeu(>tl0cK;7?N_vC8&5F}wbXrz-&tvI!sn->4qKHHd)m
z9CyL@kfTp?!QhPRF?PvI_k^$Ju&F@k`LEuK2J@fXkuWR>>Qlo<U`#E}g3dDZgM|7s
z#y<*NA__njCPG?05ff5BnmL&e>Ys<~YMx%<zGLyN;B9K~7zJb>-2T8=f5iExD^L97
zcWK@d^aE-cb#+I)3rRkUVX8g`i^Ftq0by20;eA5Z%zB4$(l*=)a6%!YvG&EYI5ZgJ
zAP1k~t~~@90&he*ho6MvxiCUFWR=eZhT$^%jNV3dreJhx4$@LVJWHtSYa7Gsc)fi6
zJo$RdHZuDWgCivccW<R%V;Og~&ILmU2jB#>zhIgWnGh9USG$5;Gkw=~Oh$HWe=Ses
zyt~WlMs-YPkK=7UEPkk-&y0IMQ$6pl{W^7EP4w;5uY*~szH2(j^EDaBN+Iv>fP1GE
z9aaQq?#GQ28SWvobA(TLufatWNl4t~4vokIX?uEUJ2K{_k(eRbjSvobia7{K)wa)D
zD>c@7OC8R7CC3FMe97LGhGsWRvJiiu*VFDveKiX<&q@dp8#Rk!3a=4ZXiJlx#TDrw
zq;jl*3J{0~>vUiE47{Xjhj1^Wx&+SbqK(gtxQk6*&rN_<BtC;nAeq~X<jCY+pjNKn
zA-5<-!R%fjA<_}(A>qlMw*CC4LPq96f&`nO1;Z@PD@ogtQ$36=a)x`H(!W2wi5SBf
zE|wGyZ*jDTXbDh#_{)`KU~<Dxj!Fo62|t6xC8G=M0(sQ`WSlE_q${`(G=hxBAAmG{
zgC`i(Z=!&EMO>0x*Fa)kql$tU-BK2!5_qnJRPl~c^&o0jb+AHZC?C5*Bhl}=Lj!k5
zDQ2}Rc{lPEKZ!nDala#{GBg@?TfD?rdtr(z`BO+o@PLLh(Rwr*Yc5RnAxkW*pgv@Y
zU1$CamAG$-V7!5%sPeU}+d*Ys-h&g>>JPCD%6zYMpuhz&82@(%pCmpjf-{ihwH%2{
zV$6Q0jR9`B&z&GF&bB10*$ciq+%}{i=;zE$<$dz<)nZ%%C*#q9@;*7E1C#nVMx(`v
zuO*#XSKg-(9QXNcKt$z`=Rd=bQN06@x`X#{+jST0bcd?LL=yvzyl4?Vj0rjbU?`&n
zRN@qXRb7o{^CrGZB|LElC8>!!@J?j`Oapr*VPo-!3;MW&r|#ixdPry=m(y|q?sH1p
zX7UUNR9*a`v4T9^UHl{y&>GcW;SbhUKSmgfL$ae(2l+>+nv#r!a?^Z5FexLPBVa-z
zR9RvO=9vVO`6*=*VZWg1nsZf+x652D;b(9yR%Eu&T74Qf+v0aTm#pe6AyXX|o?j6f
z3C>OalDq?_0e7+ac-THM#pjY#ie1ULMtA)dT0?S;H7RLZ@TroH^S9KuXEhC)#d|%S
zX%}a#160X(&FwfMZem^=6Dm0^e7ajte?N{_opvz7PG#c{KjPvp{|cvVOepPiwIft>
zW?@u;rXS+$%C3OSfw0lyf?n{M5Fdb_TYX5r@jhN6Bqr3zXhG~bVyfo^hRfv}58uf?
z+;JrFpiDA8`7@Br34tX6FIL%icrb%!gZIQbh=|L8w(Ct(pY)s`!&ro(o8>FY(Jy!7
z0zj*MLnd4p^$n@eWvBTZCM|qjm7SMF?zgne$~0~9(8X5-hf<OoFF%$<(8z3sV-|`V
zzQG;{h-5YI@&TBHT>+Xg!Vl72fNN50BFt}->KZZ}=H^G`jqvljUv<Fbrd9-BCLU<P
z0Fp}e>ehHTf0Ur!v$!HqWQ9ez0)BQF_&TL6^nh^~j3Le7{K2ko<ejP*>|1^=#t8<j
zIJr-Bqg{W3;XwIOU3NnJGYV1RI)ka9Cm2O257p&T-ejWeCE@XYDjn*6Ta}Myt9bkU
zj+N?Llu_VaTppa3RR$h&2pQZL&W@egIHSe#k(!w3@zDJ2V&{X=!nSKT)u8TR{5xm2
z961nrh%aU(aEDU`IB5>?6%Y5G2Ap86VIL+dej2nU+EBe<oSuV~Nu_Im_}A!PSIv1e
z$t$qD=%2U@MHu{(aUleI7Gw73qEK$Exj1=Xjobg*AY+9bc**5uNlB+CRTvL_Zumz_
zKlOSh(M~I?YY#~x5s9Cm&P|q%(1?(<_V)cVO6Fz$4O=iAhaDO2U^n{4oFMoZw2#sD
z*g%0VxIiJ?*O_cSk1;W08Qcf|jUr%olp#OXX5WD{W5s=f2Z{nCk|KcO`Wg@RVIDAt
z`+OuShv%Ba&}+hcwOpY0Ol@WgTZepT6UcFG;q=V@itsEi_wYwPtW&Ya+4g&oU)0kS
z>5zbYsJRuPq37eJ^>fwpF-HPb5t)SEP=)rKYPd*fWQVd<S7+AYObYkAmS=Y_UFpe2
zbn_CPNg=tK_QaT#T^MoOM7}jSPTU4``ijrghl~-=O;8@!`l>E!S1?x484;TR$PezD
z##%SG5%Bu=L8P8y1+TH@C<qJ?78c+%7xA{C3o%LXRbqs0C~LIpupN7@_rv;j++WbU
zU>oG(`DGQM{s_0CPuA<6Q{zN<EiV|$(jZ(Z(n}exNU!>1azfAbl3Fctp}I!>WC*h#
z)tgZP$cBG1!=O5UE2#Bc%B<bzdgZ3%QI)V0P4=x5Cwr;6eKl&vh-cPNa8qv)J#M@w
zTkJB3>(l!U2l+xW1?#*FPYdf@DRYXn)+PC=uF#dv`f@hs-Kv`<@gCKlx>ys5`4P5C
zYyR;(UMIRQnDJ?NV?}UrUd52b4)2u}!7Fnr3-&-HIHRI?H}miA2@eKd+_3%Nf^EQn
z{JUMbsv%v!Tc+1)sz8Muuu<=T(7GDJXQH_x@TVN?cO~xHMr;Ga^RU1Eh8wgU6o*3a
zh(=W<PIs)GU@9hq{)M760vFr~tRpd3Z~^4<?_I(1ut@9*|9!cP!5!G@O1%<@x)PS{
z$JN#u;}NJ=W*-Hs=OP>ZN45;ef{LHS9*Lc(nCq$=$V}uURx%;eh2aj6NE6W`T)I@{
zC&L-p^-yVf404d>IV{WT^vOZwB&1#JNyyc(4h#!#29)65K(nU@uKQLeA!3;L<qWhW
zPr)gyTrvL9lE{1_kDv>Qh^_m7%pKR-xA55Wi>Y{&dvWZQ9qLfUe!>9nf#y#bP7omF
zxaJJ*&$wPYWAI=eFr*yz0YfK_Bj&z%SMYkwWc$Wxg^FIy%-Hda_g(Ku@}wdE99G7`
zx={}3eb?t9y+}z4F9>blm=mb2Pp_&mZmX>u?nnx}cF}tN@*1|@JsKNVNBj4Q>E99k
zJF@?{jAmc(+0l)S&GpZW^lu)3``I5~<q*8N01L1$meG#OQ$VhltII5a=S9Akg8R&(
zqZKe6d@4G)ay(0UO~IGod1vhNUG?+k<BRN5U^~y@725bx)SrMy{tI%EZ&EQux!GBp
zV4+cx-CgGG1wOXGdkp!QNE_maQ2IO=dqc|n4fX8??ygT8xO-KOv39S&ZnOW;aASqI
z!i9#8nNQDPou?0c2OP}y1+(i=Xf;SxkI(ySAM+o;l?GmL3kYWyE@a27RY=&t6C(ZL
z&>#;(<wCi0@nd%CW$S&H{{YUHPFKCZl+VWXCfnov;^ev2e}jLn*$z+3bqWo$5K90@
zMt{R1qxuIvqrb>Luj)QkTUp>0(tE;>TXpMEAm3ApYn(g17JsfQ(JZxRU-H;^y_Hga
zgjLxSxE2blN|$(0x(RAa5?R$)eAZYykBAFhcb~uUNMl6_K?)6c*h9oEc?CMzo<=w}
zZgv$Ql|>_5vh(o3Kpak8=Isq{n+3R3%|ff1&lhAqjb%SzTfu~1j0?+sMYzg9?wVPY
zywIq=?%1THm9U^7ooJ5LxiUB-ud?5a9Cz(+sqWCZu$bbOAM+doBQ2;^X=XOSD!XbN
z4!7ocaO8F%)mZinYJ3e92!lbvSX-Lnui4_?5C5dU;_s$p5*o;-^l0z#Hy&ZEI14~x
zv@dvLMr)h3N1wz4R7`sFNi}P~(C3eJ*{EwWYnHV^&)RE)^{mb8)6%RJQogd!+8{M+
z#q+qqaMnWUB@XIl>dJ$`D4SK?73KO5jD;H;4ix+cuEJfvQo#K{a|ow3IiW$HZW5Z`
ziXZc+9#&8IeIJ0m-+utNNDPhb@N5U^@GtzBCcLbhV)XI+M76gg@+q<$pY$K-ZLIkE
zAV3M_4quRXIj(w7zO)=a=Joher1vxa1O0I+w(5Pc&}7_lMBKm&*Glha@MD(Qd;d#V
z!4<0aSX|+gh!wn6C%xC>$4r&p<Ajl{d)nV{g0Z5%^d8h_E_=t^jWU8-6wY7Hja;FT
zf$MjjrZ)vtxhUCdRPSzxP5_ttfB82F=K~fLF+F0{)t~@TiqG9<)jc6~acm)uz%DD&
z1lInz!y>Sg6@j_D7J(^`dpPw_j4w1#!MDlP$W+%o=WlQtD;$I?H0a_)xIq2M{}N0N
zz>oPKAx+);1%E@nvEp<3&xQs)J}&_#QUB#I>Aed-=3-6Q!qA`fA2{Av@ptK+>z<Q%
z79Tt)z3;(~ITXFYHP9JsBGXuQIlB59Fdx%cSd?63R1b$#>RZJ7zlx>A`>vF~S{k0~
zBX#L09WAAHxJ`w=LcT@qryJGnrIdjMM*A9WUBL}2KS`-0B2-MOE&iHJ?r@yTnUAVD
zudYNlbBAQIh~K{^6ml6ghQB+VA|6iSMyP|hLA@czhSE;dHg2B7eGhHiA&g$k+Yomr
zgA7TEkZfTeQ^#-r1P1u=gIm?dtNw)Vg5Y4B$645HhqtCOxD=;g+O4~?_&1|^G50)3
z?nj=c>FEWB)&%6{40Q_jZFuD%+Q+;(Chrhd$ZUs~D`ftLsB2td17z-%5|J5}5|O!6
zN<`)dQX(?nkP?wuBPAkpjg&fGYg9jhk{y|g`8OBPtt@anV(3l0U!Da><>BwK!5_wc
zS*jMs9$3Z9AzfrPMP7+t?J)i6eF~ITKb+?Q{eU}e2-XC8@MTQkNwx{x)20dh22oy|
zz$=E}`yBAY%)%Etfip0HUs-<n(-FW>eT|;N38(6j|BOfkz@xq4aXb#ssc*v@PvI0U
z%`xTv<LCzQkK1Jp-H#vhKyGy4Se(_W$;YOhu}!m8(@Zw4k8K+Lxx8=$e#}Q=n{Iht
znnL(7L$OUC;AUIw6`S#6&W~*h@88R&&+%iP7u$4cHW))FcN%`o5?d3o_~pZzY$p9e
zEaI3NO9q@9%S<1f=TwH4I_t|ghnEp~bRgA>@abcKiHHL!Ziuo+&u}ej2T~kx1x}Hr
zIAnx%3_cb4FbTjz#d;cds4EKG!O2*MlO5g-kb5wVU(oZSviKXL`dU4Oe?D1H;Xr<#
z0S#7ok2t@jpxGUmonv0Y=WX)JfxqjaVz+C$LM&UUmQDIwA9)MnK=Ui4G+s7Q=F;?g
z<`7d#Hd&R7Nz<~)a+J*}3@XroCAN!cApVK?ULo;O0)*{UENa!WEP4=-kQA5qDn+8y
zGbRfV3~Wr_m?=O=`mD9OjEoEP2(Y2(G|NNaEEZZ}A{{K~9))PoJc=CgC^|zik->;9
zH-F8Jq5^BFD^n<jay#M2yv4>}NGN}^!WW)l0h9{WKbBIl35*bbf(&vUP;6uPdBSL;
z*h5UU+(wE$E{<Z)!qOoioh?B6i<1JJo}(1Yog?Bu0k#7r5wPwHe|nOh$)%F(*+#Qs
zrZ@}DLbKE2X!c<%9o{P}#7{_^xU<OmNS=J8IW4G(JUv)V$Tic2TtuGE=n9shY4&$q
zt89KknzaN6s5*s!$Jc;cI{TskWd|<9#}GtKOl7O?VFu~4x@t)zO|)J6fCzDAE2Txq
zI*jxZf@HNr!~YkVK_zj*Ehr$Zf+#^^U5?*jFxSx?#+=qUhKx2(7czPSKjxU6n5NrG
zrRgU8n1!|`Lb&aI41hbzIKTyDvo4=S)|C*}cr`R`0`?8ivwVl7KW_5`XoY4bBegWs
z2y}@~KnP{?Sq3+2>|&+dd!CHrPW+fNsR|-?Ma~3yp7az{Zyfm<)&D>Nop7+MB(8~8
ze!Mv>v_eh=)@WXr)WvNcjV7lP7^I~~GpJ8=H2qLEL$Raj_K=LG3x3SM*|;MHIubch
z!4gXGV_qNIbWRuPRf!*SI-0oPHvnk6oR|&R4_{84ir5dFije@0L(U8#fFUfziWxRJ
zv7(sae-SZbcRx)Dp>ByJ#VKeONij~$*!881Xghw)TWqY6fcy=rqX6;@3$4uEZ0q~k
z_<r-exj9xaXIgabE*T1#G%Gj{W%FG{R3i8huw)Cc?ri|<gA+7jJQPHlwbV2R*oTZu
z(nR&k4N<_pMcFKh18k<1o6pBWJjUWS{2>-#J0v@CbJSiMznkd|{|O0<RU7^k8(@<N
z*ld^`Y-_jAl`_k{@nb%Lv<y}gk@;M`p5?b#P(0{<tL{Y<TH`?r3N(U`XmK1(5PXW-
z1U`tYTI#$I9HzddunZ5_^m9=*KeS;P>+_#$WH1ll$K1sxJ0toM6~c&is7?_^^!B%U
zm|w9FKQ(b|^?s)wQYqHt;nU0mN(_>HZNqLz$(op7LfK4Xh`3DxI@JQKq78txw*dPm
zWtGDwW-XryVACk{YrxK><bNfMr2tGFKEulj@;JS$kg<kNR_8*Z-V@$BOX)E5v6`F%
zw=Z~D*$;{1@OXY-jmQ1mE)yRTtMg2zdyk5fL$!RMNCV;|WK1Z)(AhtUW#b<`BDAmt
zKj!;3#DYwAB?%kfjvw<yTN8&-6V}AAjfGZ-;nw5zAWo4%G`CKh(6`=|Zo3HGH3R9L
z8Qqn-p=|Dhwa+33z?{tXQ0~EwXo{zkC+-xOy*<t22(*oY_I{&B(=pL#;<(PnK6*4W
zD2p^pL8Z-bozo(#HI)8|N+T_c_G6UIeXy!nfXVUlHGphYQpu%8)k&DQ61bXNh8oVm
zp=}!Gi3C1=1{|@GBAqRm|4q50S(qL1FrTK#=n}we9<sqk04Cp|0r>E10f2RnvPjXZ
z7KPT>-jaNc$Q~^M)r2gx=(QW+KNeY>{d06FjzifjqBERrhM)e60EW5mOAu`>zka1b
z?xcnhYlMlL``3@tAYV?grdd3e#^X`%ID>6_^fsG(^?@!!6PkqkW<%*~j#gw2kDT<!
zb-C1>OHgf~53xWW&q6CC(8&V*UldZB1>F%3x=urQ5@U^I5pt6;zeJ`xPWX%Xl?mU%
zLOcj@%q)1U#vUY{7C>k+;R6*F_F$lK1O#B_mZKDwxX-QB<wDa<NNiZjwLlzzg3zR$
z-^MMJaBmGFvtKpOZyh+!kKwn)3dBbdQ3VinQt8r_@M(ohPC>Hy9FyzWfN~(*Oz?Im
z8<fm2i$yM;Dim5<JZD&d?xHl(>~uE4rCvNwGfGPH)GL-n7mrm|lt|Ngk-7i#SlBo4
zZ^HQr3$4ug9S)7q(+>|$&HL{}?2ZNJl+jT*$Lq3!(>ym0#NHN&#VE8k=Rfz-Al^oa
zr`bK$(afAbuTU93=SgM_Q})^B{6_vwy#1X8HRp@0y45JOHs@n3K<nvW*!DTsa^e$;
zI3c@eIq~jQ3ZYy-x1el32?4<l@%GO&#Cus#5Z76CJ5gv2;=lIPs4f0O5I4jy9YFan
zT1-K<g!my{E>u){4&l<+h9Iz9*;ak{0iTLHVgDSqIdZRtU3z?7)c9g~e;oIE`xrfz
z*_4Iaj(yF&rbM<Yjs5RFkB;SYT`n|(0EtTRQ^cIj3bvoJ<zZRDVvbN4;>ZzaSR+0T
z1)R@C3}LnE2*qv)6Q=_h!anGs2ks#ZcH^xW!bYH33}KTSWd<VRZ$<*~ciY9HTf>*h
z5`Qa$4=eXqq>XZgM#S;s^Q~|1hdx#ja9BRDa3vNW*xhv3LN7+NFsViVyd=emdr4$+
zdH)<Zx%PJ;XJCJL{n#0Q+|It|Xg$cAsrV&k0x(L5lQjJJN?n2R*Z|;nN#m_{xMe)8
z_@+VveY2ixOJ${dLzijj%;fgI73MjXxxK%o%cbV(Ph;_yNPW0-+F_{=-K|mmhhlQ#
zQMI5x47OMsgSs-zyA^wgOmJR;3EnsLumD_iltz2r;Q@HMn&k@^ohE6$8Fj{z1Ka>t
zMIoA`&^+T4C8QjIUtzrcP=KWgkqC<9rh?+&>KAh>``6tyM9anNBI0#zQ5>?U!0UQA
zRJTzXpsijoY1>cj;+V#r*4v8kwq}?H$f_4O7fk+VW4k_=WTo<>l*k}+zZ@%MMPJnE
zP!)vzA$<ztMw85ocEG4hhm^4_&_Sho1WM)=ASN#O%P3oO(>V#XVBxXQ#w~(x^YqwP
zQG9Ne#g)d(h+4e8$hKL(sWLN*YV!ulW)B`#Y30~m`=#i`70F*)dhx51`NfU!X{}71
zfkit*wB-Y<^vqqg9W#gED>)dZXU<-6vpU5$Y@YW--*w5Cd%3t6HaLqBqm%Lrk+%Zo
zE-%7PqOLgN=q({Xz41QZFt}gl@x=@d-ldYq@)IqviPw(Q7@7&Uh~^g*Fcd2v7Abmt
z9l@!JUO}LWRGEpm5HX~P4b3bf72}!`*D3_<;n!_0`8bL-25u!<a#fQKYssZsLwJ}9
zUE6trqQ>-z2sATS!nKCGR0j}@-E?~nUfCwot)5AQ#-w8!JeQDEXIUC;6$>O)eY}rj
z#dx!=_XZx(4DP09V>^}t;Ls<-*5Ur+x!PoVx$I25r5oREN_)dEvJhy|USb;14z?Tc
zS}ZBg%;u5T?EFh`DpSm3rb)3l+(QY=9*+AgIas1ZgS`PHQfht+r>yXMXT#f8AHu-9
zbNJpvjK{G1V+VV|5f}L=4jNVGL(ujOsQ^bnfx+LQ;czZS4x|H;uXGboWvopKjeFJK
zP-LuNCS$sm;81)VHYLj^h)2guR_MjoPF@7R9UT>IRQ*gNA-$LDm5~sbWsa<bp@KSe
z^ro(QuHKH9vZJo~k#Iq~DeFwNbmqV}Tb2%y<1oE=3xV9aTmyMAD!`g6kyeP2<cO54
zcNcHur7=sB=HL%6Vq_)*PB_%_9;}n`xUn|VO3HH_fkLoV)I;~u)vmzD>hW!e)6xlf
zE|7#gU*XZldbk&_2kP9#i1q%O@-1VAK1D(DKE2Bt3G8E{=a`^cYmd;F@f@Ks^K873
z9K}o|XaSf()<~WiXXlkG%#<^thPoUDVK5cRG739_dA5MS+e$I$(4ad!5J^J0x8ujW
zPwaV-rk=eq_o3YG_%W+un<iW#z0Sgqc{!RYLRTW6J`-u~uP6v37jOq-*;lAH)-Fy7
zcgG}iv-v<(q=qwe1yhpZiL~%O43<wkqbkzFU+anoR7Jb+hq_|5s%RhHpewFd6&c}Y
zb;TT2(INbxu9%Dp#0qqD6Taf#jj9S%VE#d<XR^t^9*#^%dDtSMe$`n|M?SmQ`D1iC
z5)vvBVKbSV7yj#-P{HH5ig5=uBxkNN@$-BMf0Q7u=o$R_7N=nEeppJW0P`-C0A^ZZ
zFzqRnhgo1QWtYPMQ|H6Km;Se4HuN-T_*N7_@ih2Fmz`!8yjTH^!{c=PQG(;i-yt3Y
zXrw{=K~6|`_dyRP)DF+SO0UGNXyB$0WfvRSiR|LP(nrN1o6o2hSmgQeXF_NX;Kxjg
zY05pi@h5CI@Z0^!G{xQ<A>3<^l}<O{$9yxkY2aXK8iXJ7>DZ<-v!uy|AM<u;Vs_?U
zgmQ7pETcLXC5#-OMDhzSPv%LoDX0~NH^K&YqpytXOL>VJSIgA3!qC)J$1aC4ZNn9H
zeS?q$^XCSM*iqzkC0<l=iBbJ00<$=!(5T)9S<|<e<n#`u&cx&dvDZ#cdpc>jPHY)2
z2-&fcO__qru*eDat{zF|N9x1Y+;+TF5Z)d?W`1nb^q-_@3VzHEu}v>jNz*g<F~5gI
z+JyDw8q2Og7hyg30<oN>3sgmFIHW6Fsv<4CL|2@yD$>JO>I$YL#XH)CFVq#es-k_^
ztt--0MMk(tSNsHU(4|ATudeu9Rdft@(-rTkip+4juBcHJS>d07YC`&ys>lw1p)2lH
z6`jKG>57o5Fv7LEVu`BA2|ukXu2dDB!}sZm3spsz@J+hHttyTPFVz(^jRW+q;aR$Z
zd5%$$8@@<abVCK$XtxL(O-F@dqX#MW`qv+sm_ON*e&3s=2}*K29R{Jh6hU<w0z!Wd
zgx+M<I~&V900SVWgdfRPxcrl<NDbeiE6!0BY2oF%qD)n!hrPO@P*t=GPuCT_R7Lyn
zcwNE#OZZAg_)J~#JH%U5bO;aB72m0fj$wzcV3<6f$P630f}#GX$O<0<J~->lgoldk
z@NQl4h^pum{zO;Yp(>2<o4R7Ts>lhyq$?P5k9TwqKdLLHqXIM5B{E~<QK4o`Qj+@D
zAJO`Zeb-UX7(>Yqhc%5-Gxl8(W-J9x$siDG;m`O%TpZ`(r~X7+{q!4UY0tn<eK%YE
z)-UCG{*dAOW0G+`j<aNNxPjh9<Zj;i=$B}tv^bm2QIV^L6&Fe#yO%e|)rwCCO1Mdq
zt0gljla2_o<p^CLK4m0)%VXlB5gCny6wFTgj;r7!m;X@e0)%HDN-?S(SW4z25W0PX
z;TwD(3)d#kvu;sH!2w?ob;uflef3;sVNjL|q~i;f!8Rr=Te}*TbkOs~X#JRkuiDj+
z8WDOi-z$_dWKog$@J>4KYwq1}4Mo^@CrALfbHCUNHF!cN2g;Y}viAKSe5rRTVf0>5
z5t<Lt4=NOsW*iS9DdT-C$m^kiMYyQ6FrhG7CPLyy?#M`oUob9Ik1?vhN6Bh3|3?%M
z7ws?#d<TllZ=}D_nV=yCaU*AMJu0BHSn)8Q;Lm|Ikk2={l96CT`AXqI=FQCWuixSd
zjY{?-=f+OPEn;e_B+prB%I_}fNB5(*Z^__PApKSpAy6ZtuPzPh|8IoVReT6{2cSU)
zm!+H2Bg4p5P4S~U6dB#m_R)RAKLYPCnOE_To)NfJsvSmwKOr|SJk1@NXwx`c%<_vA
z5eQ_*Knndx$c%&ok|~)sC*;5BD%e6y8pSed8}AW$MG(tgN5QhLL@cVj$3mz^__C&&
zcI`FQJcup{EUL&V0E;TA21*pj2018%Y_jr($TH6zfe;{&N)|1vS+uNXIqSzp$9PKY
z7;y{7M5v!FjjSHmPgx_XJ`t)q6Awh=zt6PdKV$S=Tr+eYWBw8EgT2{@5bEk5P(bJ)
zfTzAI;qRZKs&tieU`@#T96TNoc=0xB%AQLuHP%4q9qK)kI<JnzW2%%;ndERNSV!}c
zvFsi^&1k=iy^DR<q+aYj0wLzF;cnlG(17*$F=t>ktM-e~K1bTGg8+^8MffpCMB0a-
z{VZwUI#Sx-!;je~(tb4B$4h(p3TYpPACns|-~T6XceKxz_J@W@`#tzEzv7xHn(jRh
ztqY{}wRzII9zP~?D6+K}tyfFyyj|d{p#fLm$9xp6eD`!Ozdcdf`#~Z``|%Wv1G;^N
ze0#36&%8z2FTsy_d8D0V8!PSoA>g5ZU&?vzNITzum9!hGo#LQbpxZB#_s>x69|(LM
z@nd#~w6niQ+TX)fe0cv`_%Tf^M8ZGI*8j5C6nywGUq`#IXqF8(foG((3P0xKx|O(5
zc>myTY2AV!GZcAu^xK197uZh4k2zbn&z5grF0k#+mHyx0$E=jM&z5hyrS*f3(z+Qx
zriA7c&6atYC9VDe(z+BsCPQ;LuGum#71I9iVrhQ@Kjx2Ew``wd8~26(mG*P-W4<dq
zVXk)qMy6)%X9&>1+8)Z$&+69G&^lk<eee@${RKbf?fTtwy?JOq$BVpIL$6*f?N{Na
zei1)B&)W@+v!rp7YMjW%i&P_fR!HLyi=<~ge(Hy@alZ7NEsec<{7j&Z#!r23U(tM{
zng(t3tu(5?1sM49-F4Fc4*bB9lI99zG8}%y2CZi%;dyLvyw#&J@O!E6_j5e$@c#;L
zUq05;dhBDo4E%FM)t6v1ZezrzN@K(!^pg~ev61v~=I|ZKnpOT2udtcJ<D%(HX%5HP
zT;%qbVTw`SIEcbSOf)@>Gli}oQb3@-sC?!0?9%#S7`*p%3|uYX!f%Ak`r$`HaoNhn
zuZZ;ig@Tg1@neP=x{4jnE+efE|6^zZe#xyF+3x}e!|m5=?5z^Cz~H_s{L?zA^IS{T
zACp?ZvQ%ly=Nn0a5YHveBcm`L87C=ZOpPJ~_YBceg}^*dHcXw<vx}JWBYqq^OYFhg
zjQ6(jf2Q?{i`PzFfG}F{?5a}m4VshR9xdcS)xG*1sP1MR{zodrWokX~3=T^`bX}yB
zg3ISJP_l#x_FwA8-;~&Ivh;q$r4^4r7N0)@b?S;V6htK413SU&Cp2a+#`8^1S|GdG
zcVS;+mU{U}dAK>3I0vywQ(qq?Vs}52Bo#6B>Fb<$p6?_ap+0w>hWsZ3bp8wO{knfQ
z^e3vdjnLjPE@a|p=>Hu4&I&#JTf`s$YrHjlG6@;}jVRzzjQy&|_1I_NVIHT%oQcJa
zz3Px2`)GM{TgQG3EFUs<?Y^KcSmU6a82EjluY_MUmi>%%qVk?}w7$GWM1_Q3HaFsN
zl8F`JkBcl4MEEaAtG{62ZeP&??>Y7DRl!Y)@(zzYPRaEa5S2}G_2W+>_l7YVxhDe<
z;0u!nnGk1JY35@Jso_p8{fHrt)Ri)MYde->&ZpvV>-=5gmiCeu9j<Bk5l^m<S9H}I
zWFvZx<l?ie@8%tNNz@`vz+aO^h3vRk7uTRQN)@+QR1t_!#YH+;v}&vX6L<C)2l<@e
zG~}ns!wKg`q}kXN(Oy|w_2DS))0Er6Wkm#mP9|zu&?3fuJ*dC?U#@?<ouVnmz~m!Y
z47sA9EcHEwn3F7qIF@iFe~g{VS?{R~e1i$|%y042i>*)7HgOoAR+E-H3;LUUT7A_~
z5$G-ENvu=E?7{dALKf@fa1=n5IQ$rqq;Hqm6TY`x)7Mk7jpB62THlG;+fDz}OI$K!
z#UCWcP38j)8mX7z<+jbjIz+c8cd)Uy!9(>DS0@>EE=A%yXo372NUSvu+tUK!OL@3O
zda@s?sCi8vD^X|`rxkiKSMp67kA&w+1&?Q*a6J2|v4sx3Z{Bi1(BYZX$|PG0k1JEd
zv8gb!GC^NFEOs_$hInF-eaF=I6);~Lm7<`Pt;wj`DZ@B`6lWix1O)-9GErcb0{?;Y
z)r}SY1B-CAA!_{x5a9fT^oXRlTR&2hPAce@Mh3_b$V;t!EcPgJst7)$EEh@%wFC*R
zgx-KlNri{Jji+r&XhgE2B!V<uO_fl$T6Q%OF&d+UmerMK6(*Ti3B~P-Xpm;^OG5ot
zZoYQ>lkAIkGil)8;{stFlSE<-wG8}*eH!?jKL~tkGr+@5G#1ep{zt?0H`HrbM_P5u
zrEU|E-$lXixf*DzPy(DdN-)ux5<4^@c2J;uE~tn)ci3<)r;Okd8OW|H(kwixvhzkO
zl)r)%0lhz)dVe<ce&p`O=35w-ukH9#nw38xwN(WB(k@mJ_ySq}Jx7%JO7d|y`-QiI
zJ2WXD3<_CrdDqFO7@M&+)iU_JBWSUo&QcykdTQ0-W1i14TMARA`S<f?DSbZsCQ|nC
z8it$s0vZd5G~eJ6-s_o{mDZM6nIR5c+ka8()-LbHv9Koc?g)jgo9XMUgnv1dMW$nl
zDtLTSVtM!bf%erKEAP5)`0h>sPN|ovH{C(WTM9_-=K>5?avO%NkvA+WyTw(g_Z6RO
zRMSm`R~CDxxI!1epho;6XDhST8EcR5>-)fz^{6&Ay4NfG;^wYObZB~W7juy@d*TCl
zkC|qD>>$<yJ~qp!?t~IHLVS?0X)r@f*UGEo9PWN9@hZaAF$k#+Ey;&2@O^k+XO0Mo
zNZ|4zTN2$Ekv%8Jg|y|oZ}m}p&4pY$uuZ9GQiQM{^UQ-k;g;%O%`fp?2vVR7UL%eC
zhcgKh!zy`kQsOzcc(rCtU;m_6_XlbGP@DIS{xa|Br_;@z61qsKqUV@jljt}bbW;I>
za9FnmC6x}42EQ$y6V%mcxUy|wFCY%C1<m4K#<iMn;<#4uMG;y~v<K;Nb+X3wo6N%D
z2Byyye^hl`-2Me9<gkjvSe)Kbm!rGV4I4<S5&k<FF}aQ5&-ir+4OSY0g#;p+?;3L`
z`K}#w0Sg`T#r-@TP$@ww0y9Y7_y<BD0o=u*7r{_Yi4#YlDf8PIYf6*JhK#j8yo6c9
zmv)8kRpa%{WsXGu{zlKG+_LXP%ntV!GW%yhNf95T)lGbi^58VUO$~lV@BOH0qDF|%
zmcSbxu-}G<qZvyp$2<YgGv12?>_TS#47zOPxDZ~B4Ejilu#+Hscp3qOag|olU?m9!
z&xE?d*#y1N-~@EEoy)R826B!a7pWH@)8V0%`CWZQS9=Yp8Y7Sd4w{Kc=4eIH=V1{*
z`Kv;eQZ!!t6Gwp9b&Pi%mO#YcceX86Lq+lQ{5)nr{3cwqmqW2qejo$lJ6tzF!R8+{
z3SQw`V2)O|3E-4QGB}i?nMpXrmr*WSK%9RlYnMt70(S}Cuz+k6fqpU`kxwT9TOyy1
zCz>f&0UNURY4;b*g--pLKBh$5y@Ln{Aj8FAR^Xf@i-8q*o9Cp6FV8}_x{QYb7&-OT
z(t<5r?khxYPIc>G;B9Jb@b1x9&C|Lg8J_P&0gDg&LM5|REBPfRD=!3+LrRr=b&tje
zedcY+c_Z5c#R!;Obbj8-(5VL9b|gRV0L3bvKnMo}9OUPvzY<I04CZ7B|65`dVt+M?
zkcQnT#m(o2O9VgVFNRA5id?n-OLe8LWZq?0U?sN#(p;$vd3euv6>svShfg4o^eWR_
z)|>>ty>L}OTvLE9$go}x*R!_0YS;I%ui_GW`OQPNl!lUju}tL$#-$^;Lkic^^+U==
z|Nb;6;Xo6Yu!KX>LXWhIxGrNvQoYlDtrXYJ(xmXe0XVf4q1z#{PAfC&(lX$~y)?t+
z--Ibzno$|N4o^>!)RPmyOnS+?TYT>Y_V<1v>jCfMC0ydle(i32Hgz)QVlr0eE}kQ`
z{?2s!J8#zStV=6`B03@i{iis5L*{soj2}F%RmI@PVh~Pu!7ii96a+051VQ{dg9w_#
zXUq`EG8qRx`YJJvqY!2!f}<nlyMiOUIEo{8aHNBuz}beocvG2i`v!ONhRT9(JWKfv
zYjCFtEaxZqh|~U&XEcaF7}AU5Jhv%O`-wqo;+9392b*A`)b8JbO(e%m9asYv|NfMP
zm4sW7he{o)$Rj_&S8j=Z#p96SMyBwEdH|3-IeI?3K75;#$FrqL=HtiPMJ$ys)OS7T
zI+R{^h*sC3q4Qu~HOlv+=2X;RE4m&vE~9+g;pR8pgOMiAZ<;F*M)I5f+Siho&CEFX
zCXPp9O1OnG?de$D8G_7#wMa*J03LS_3K#wrx4#D7g%2Z=njPp^YTQ~E%KA0wU1kLg
z>=ogzW7&%oHC}xb|0^@j++UisujYSgrAY@?LNCK}DS>_dO<M-;@HcieZe1Vhv7<EU
zCse0OH7Z}y9k-PIho#b_y)|E?CB46LQho;)uH@-xtUW(1upOVmiDm;K*c9s8n6w?$
z>49B%GhSi)_O6=G@$Cj=OGL+U?E+iv-!8$ow<7If`@lK{`UvC9*UFM=OKZMKD^J>7
zx)S>-pvD=%56Zr2tU0UESd+7IV&h8igc{7&Szs&BM&FtLB^{~@%CWC*0`~*p7!|H@
z$@s~*um(n(i>Fb(K)%Mcd1!h%Io$i(EI4O)#=8Erjmc=;a`j!y32ZxY8dU;Ykf0>6
zB}TBFZx5erk_d50tAB$NX>8YrJ7Z>7oBi@*=}+btiAUq-7Y;6eBhL$9elr4Z5WBxB
z?AC=&{k1gd9b@gH<iG*(UDXr(vYw}HdYTTF)_e_A??fW&MDt8s@53ae26p0@8QbDo
z-Tw#n0m9Ktgm(Zfq{Whm)iu49u9)F@?GkrwZ*`4Om(WtucJ<}0{4(x=M0(mp1af`{
zAvho;(mkeU7J7C}+%vP~p4sS`mAGei%RM`xXQzZc#~FbwqQ-W_@_UVYbEl+t)i{Nu
zja3!-85V6Db_EPKh-4URK-_0Fu4H1-MD*<tBHt^t4Z0rP*`jOGJm}hu%xi~9*QbS>
zr|S#9j?gs{)`G5!j}zvl<V|x-?*#PiYD(X5+v^JXKOud0{Wa+gP)>5-M>~1jc*wp8
z4?$+#aVde1K)_%=hZOTUwXrnmBh;tLWW;ixt!hmi;+p7;XVMb)U6dYZPz)%tsD#i;
zlkAJCOB=|$nMHL3x@II^86B*Z(M;E_=-M%H*G#LcZ~#SYp8PIJAKQoxW)fFcU~@dz
z-3(5U9r#!wJkmX;XE*fhl(?tSa?c~tGbeG+&Mo)ML(eV=d%BJYycSthu=*fcCg}|u
z^XQI6mBU4qgAJp*r4O}XJr#02A;_>izZ457X$Ni@+ff3ABDe3alm?dMJJvc;Kd>ge
z=ZnK$S)Y8FaAi5TV<h2qddG0d%G%Y-zLw<v1GD}ZdtGe4^T>UzEhaR-KtPa$=GR&Y
z&5tdy5}HHIfZ<^mgyH|Atm!{<Eb5ZmT<aslj+Kw-obD+c+-mdarsL821MbB-$h(k(
z%SEl}w_KDQ$!>^L`k_%y7cayP@c!#jGx5ty_>9h@ocLFSe=htxzaqGnohyc{<^40>
z#keGrZ$Zv~cWAk~7AWjFM)Lndy*xvJMjV*>6g2Pw_0w_t%^Bej|0kNBXCmwdae4no
zqY1Y{^0ij#f4qQSW%hsE3dt{1S;oz)?htNiQH}0EuZVeMefSq(LFPAlz72byoHay@
z_B3-C%l5*yA(jsl1!!0>0$dYu{erEnU0LwnJTO)S{FDWjvxG4#Ep|4r#@JfB|KM+*
z$-rO@Y)2K=X6ahaP6H8J3u6ppYhj7mR6Zc@Xr;Gq$PvADKu%d;(g4UlGT@5fG?*$T
zL661dggHn_%aI4Mb_x!<xjtRR`;Ds4A+<6$WcXbm4tSC4$Y7cfk3aKlfFZ-{$Z;-8
zMqtEdEH-R?dTc!+V`Hhsu{o@<{f0B<R>tOfkply0012an?Eg7jwpng*gl{Dp;gzVA
z5$*v1_7PU2!JG?VWQ0z@j}aol?ma|FWQ6n%RkO!Ziz6JiOV8d>Z5<&Xh>S3)EhGFo
z(Fi#Z8DVzZ2=C(vLzp_T&dQ~#f7_{HyjloWj7IQ4XpG!0*#Qq!21?*02w_{_&k4gW
z?MC3>Fi}+C&Ncr=n8(x&ozTi*K)RRY=?abkO_#-4Z=Kc`>9HSk+NNmQekUCci;;eF
zgG6xmK-f4Y{sMTw)3S+ABX-BE!sN(&$z4E;=%+g;I$tpFgk3PGh>>C<>v<|F3odaA
z-{7Yj9lS$1#<Uy(jwdh<I&D}d**t*hrGU%AoB=p(S~kDo+Mpp^P<@j1?o7O!EC=?v
z7*yZ;No%MMl?;G&6#Ds|2)Zi*LpaL$V`Y>cPirH56dw_E2$eKtDfV+;`v{LwBODE<
zc^RRc|H`2&ZC-HP`pk912C~Em-^6`}k+Gj*ebperCK&sJJ6ah#%+E6Riexh~cAiv#
z4l>=rkw~sPGLl>u3<7ch?rsc^fv>weG!mN;R7-$aUxo`G!@mF;a87t#tF+hGf-+!i
z!PSlj!N*3TdlrwklJG5e;4DnGwvLWO#Pbk$u${YjWCo&Qi$-{+5%*v7BODVfxWA$s
zEne;+Qykvc-N8AqE!T4~@($Dt6%%_r#wrh|;Jf7D%22z9sg)sU+_9agn3H3wm{>Xm
z;I_S43@rXCRrKEE@7=+PfMs8}pF`0!lQqoAaR=t$RK`x;I4!g9Cr{wj@@3h(nwfmu
zHHp=%E?}}#Ku<*hFJ?w)d_p#G1IH%P0<4sj%V4T>CboJOQV4Xx>S<JM{v9^XLcn5f
zWa%&6XaN^nXPaICv*}MCV<50^?pV{rzKOGR+@uQIW<=hC`570;Kys=-K5D6Q1#p8;
za7frBN^r3cC+}rUo-nPK`g-Tgxp?-B>8?OmoDeLgK@*H^u^2QfgIDL_Vnk0RNCxr`
zUSqxf*ru;v6?wg9n!HHNV7!y>>1|m_6{!nw(8_->Lyy7*EG@rmX!K=A@MSPz_I3G(
zXC!N(tuogxeHy)xd*BFrjgm)Uv2wuG5I72s%7R(X1KVD*r+}OMcck9XR9IKW;@?7&
z0fkk=e?J?7?afybKd=CX-S+io#C1(2VoqkuIZ?#80}EjiJ|lb;W>ATsMwK`O1T%Se
zPySi;mo$C2-1cxe*?15)fn}sjkRB6W1V2rxFKpT^+tw{xb<;h-g<!BvEenp!;lzK9
zKcT*RE(_H1F4tVw+PB|Q|5XHjifa6;c_rPxuU)m@riRkGgwlM0%>|oEeVYqQS1yKy
zbUpqZ=zw#Lg<Ej}r%}ZdKsRE(iAkXqpyOzwqsR@<c!l55u!sG)08FJlu5Py(YZa0z
zKqFdCAICQ-vo5J;{zqUE$qO^IiT53sapsQ}YP&^y9mOx<5>)Vzu^^Wm<XqU`(A3f^
zhBlP`(ywz2y>Knr7E*_nDE<De)<W|1REx-S&Ab_0MO;Lft_%lhwZld0!w+}S@^sn6
z@#Ex1s<^wLaF*t$&+HU11>Ct+3jPh92f?{g+4z~IFPe*UV&JvjM{gQ+bJI9*l*PP}
zsj9|vHf}}Af}0KA)R<FM<1KT8M<_#LnVfc{gSRKT32P&eO(qOG4b-Kxc+BB&`$uNL
z(yO2hzYn}&y_KB@2-Mobjayn-YerMM4(E^X_$dYVJR~#H_}OanaU*6tQGEkwqH}PQ
z$spm_xSB-*M+n5!B8@5rnsGt9Uh>SCJ#W^<p2&oh;5unW0ClJg;AUR`Vn>ouwE;x?
zH16QoUElN4)vT`w;3DjLF!wY!u2!uWa-{>;@#3M%z|YuJ(;i9Yee@%7+ZNab2s{fA
zp-cS<;-AojqObkXqG+S)C0QTp&aVDA1Gx;aY(V(ZWni_Rx^U~<=wOd<8x-E+w~VTD
za6k!95(IMv>P?<j66{bJL<0pDrnY_T)T$Ns?FSY-o)Z<4hB*}7l4>`VXS4?aW3oqO
zz^yRWjeA$jT*>;e=r4Zm+f2`oXUELHT7SI04OfAIk|9rXiwKnoYn3f6!Jg9%V^Uk1
zryKi_Rh~%3cOv5ZhG(Q=1s(_3L9bXPd^f3(iz><N7yEtEGrZHrHQ7=TyVLxZ`j_{u
z?;BOGV~z;}Fqu00lIa%%ioUZho~`%P_G(YPv=9eiMLhH3o_a=W+u&)D_j}ZfxTnhD
z)uea1r!EG~@*m7Wt?#Mkdls-BvWn=Q$~`%-)0%W#bXVUy{9O!sU>`Y{88cr^*Q@{f
zJd7Wr2vjJeYBDz=-hFDP$^^@I0)VnM#~UdzWBG#Vl(>U)u}(LFoAY;Z9@gutKycX_
zS+GZ~mimC{3L=AoTC919rsFaTd{_2sU9xu~tOb#!+8JxY6)@{hiufZm-GSZ!MlDEE
zG$bUYxb+$wo^u$B^<1n^xIwrAZ<}YM2pHOelrwCgEYv&=NEs%}R(t}$<Jy4SeOsbK
zVw{ggu2VBZghL85bOO1xKppOjBR4#T{LJEqQT#fMDn^Kc8J7OK5%{&ULgJUKuqFIn
zVFQL-mB1v#uj4TBOWV*pCfTCmgt0Vd;~LhM@!4hzExhhg=nd!NqpVFXa^-0Fn~vli
zJ^-6Ue%FLIDDx)8ZQEBYar;_)Mf0X>$QL-)izW+agEJa#<HUx1U5@Yii~-oH13SZy
zQF|xf3zdQ0wJaX@jK2FA_5t5ZTZ;EDK2b5g^vHIdFGIk2^N@^~^=t7vcL0}S+f@k5
z86qve{sj9X!D%8*XyJ$6A@XoPDmUDVg{W|7B<>LY@_g|z(9!@nRTF^#HBL7)CybrP
zlTqJ`=010-{d0STY}DrpB(aVwv<NH$b_cN4yfWVzbG%)}fF*AS<L>GX;>|@+WE@ar
zycd}d;T4I7_14?AVXczy;H^+Q;K6``a`Qle3OL^e$3Ay)9efxzxsx|VbR;z@d>8Hl
z_-+ipvk-Vm^h+LOf8om`n$q$&DeK~t)W(e0ho@oc%*E}R%wJReuSJ41--;0AT#Fzt
zou~IF5M->*H?l1{-(RAy>>)3TjO4#>V1G(pK*_dj>iY0K?d{NG|6L!|HIzJlSGxU)
zsQ-@A;Yg$vp*au=CgR`Kpd6)6C_E348P%GBh35v~GD4^i!<-9mE^J9u5Gs?PAUMl>
z*A*st%H{IZ>K#Va3NU?325XLTCqyV$eg9aQXSW-c1dF6q1H5I@@=fsyq+}Qe+Y~!&
z9h$=Cpr?*_<G=w)JaQhuN~6SJQJCRpSf_ksHVTOlZ~#*fLBQW(n2jPpmQW5>;z$@A
z^K(>M<?L;Y*MXr4TR4s6uq;8e_&R(84aH0HJ12Xvu(8Cg23gAS<8EO>F1N$eH32+W
z(ueW7qwKHSNSki#{5Hj5KD6gp9Bz?)9uxHg=iVm5TSWBy>oy!tlaDOLgLFBf3(-fL
zuwGM_VpCiS!#<?2vDkdb*r4gQfQhO0xAK4iZbKkVbQaPq0_ZjtnMMgzy{#Y-jGgUo
z`!6l7aKgrBfV}`O!i)WzkeLEN2Cu{4Q=If3f^<X|H37B7mp}KK4FOZ-<$?h1r1oJQ
znp5HWNM~+3skIFOQ|xc;V7*lkAf!nQ90n;E_Sd~6b80R1#FYMhLqbZw16}|Bp!DlO
z7Lk>ALJT~@dJd1!2io7pbQ5uej^GGdI;<oGiAdyoPLs81|5aWgv#80~*ceB~qte<!
z8+Y2@%4;7<ZJW}H9H2bXAbiR}cnE9oUq|^JTL8>Pwa`ynUm-*7uMW$0Y|W@(kc4b!
zke-S5h27F>`2u5&pyDQZvmF&_8{$yWgrL<LjAQ7b=vzI|UGT<OVx9sMh&s-;b{3;*
zA1uPQTBrFnO~eb5L|-+7hhpr#G5QvFL&zcE(rM+vIXzsPM&<#xc-fQ;UV$#ccq3%5
zGT-$bl0C{!0pXa!*9Zt4J<5=X#AA%8ZuFi2hh8Mp&6LTr@f>R1hF@%;+{YLzfKE8}
z{U1v7x=yO^Zr{O^po5ha?@@Y04EGX|1o{EQp+V6es}oVF3%HL=4Fh}SMM_6-Q@Bhi
zLsTm4{!^Mrm<SXT1VnI*yXjbwfTe%FKJpb0E)^t$h*}NgGpQr+nI5zQmB~ivkF|!p
zi<zOz@}}6w!o~Mt#v=B*H-C$nzo@)TbF{c42hVfBf-0Vr2a>%r7<qB@!1s_F@tWg)
zf-hl@oWVU#_MXLf3PcNeaS#%*R9hyzga)w`8J{wUG4Yh8^ofSk)|b4pj!053$!_|R
z=mZ>wcSejftZY&fZJ+sv(4f)@3$VUn1NLviA=UMe?Jwn|J8+q!=WMlc*-TvtUfWn3
zg?_BORt(Bm0X%i;U4zzCnEnGuxy(IlRK!jowzC8;{Fm*8Os+%dK$k@hr+AWZSG87h
zs|aav@<!M`q*j1dPlKay3R?<|9gZ6~5rgUo;z1A+^EoAZFLo6-czPn%D0ECoZxBx}
z`0Hg29-P(7JBpeM(g=CKS9*~RaW<XR(v0hf8s#l>R3$!nW?foRtZFRM{N{sp+E()W
zjsy0(sQm5@(Eq+7cv%iu6S&}Y8MJ;)Q0yAF5h>ZG8Q1&M1Rm{r|F$4ryU2?X?7X$Y
ztdaV9sbvJSyvQLh;hl;6wLgEAW0ZG#mV#AN$-^{i_jqd>zi*<tq6PwUqM(69Us+=N
zin!ZDLsm}s(VaTHqJg<{eHd4gdDs4?_>0&h<I#6E(HCPRuo10gfH(l`Sm%8iSOpOU
zO>lSgD=ixk6TI*d+Y4U+%-V=pA_sFqk+ibyjJ4mksFF^MywP*HrIHSF@_ks6*I`XH
zeV<xBn5INFmv+(jbr-t`kS@^0=+ikMRkPo|7<|X>uQ-2bZ6l4@<OC=sq9-((%mK0^
zI~$YWseK1AB$W_`crbyLje<UzVAdRUGSSD{Po$alt@s0qNAPTAU>{`x98hShoR;f5
za@(a{u3y6acH4h#P%#&eZNIIgVZsdtjM!Q#giTH<EIG!5bEfF7tFThM*{B+W?Kg5v
zQHehy#<>`!!$xLqU_jZJ&WHl$>1m+~tB3X_YbGbturPUjcsS;f_WX-}iJ4E?Z&m!y
zR-C)J3-*<TrW*b)ey9jOrM%D(!52#Fu0xV%-f-|oBPnVAY4nccar>;7uy|<Vx`BjF
zUm9=>9G-6)o`DKXCiERV3LiXgX?+DUTdPQ{L8_bQtQa>hE59E-Ad=r?K+ouq$`~R(
zeCo)L`sDKeU`A>ifzNID)5a+#|7sr{#@mEmZRcgJQR8O-GD3|n+o@5ZxFWb%%aF>1
zmq3hE^DKhAIyl!NcS7o)XaC+9>wA>z3L^9mI{Uv*|HQVX75zU&|53nNr+;LW5&B0S
zcAI=n`q$^PK7BCb84Y`DtD?^O7l{-l`F$ZgL5XC82UB*0{sxguP9MPTY{Ep$I#$Bn
zHMTeXHS#7{sy#C>_0wm}n&F0s;R?Ch@r|&?b%!+$Qc8!I7blQX9FZ5(dItds^1DNs
z*C~#{bEv6&>TRbikz`iZDZ6zT9d3-loswrVe{6zJ@dwuVD~d;Dc&6hryz>8#y*B}m
zs!G~`)6jtcfg6@U6vTj0JAjxdC=CG<2yh!Zh>9yNAc6}Bm~?{*YNQjPX<HfhQD+>N
zQOA{02T@!SmIM`*#X%O4#f96nAd9j~{<rF!yLCEAhnesD|NnVDpBZxd-h1lSsj5>|
zr%s(ZzG-=5{MV4mID#xDs0`m^59)x0mQV#T?|>!!@JH-TM==B!ejw*p4F~e+sax|6
z(Q|%BzE5;tjsghu65#kRi#!0T0kWY7BF(PHC-AB7Z|6_>AII8K^a{=lUh*$iSiZ|^
zX9nlskvI4v!PPT^sm=obOg*j!Lxdychlarp@t`PpAqtckA6}+?XCp`adLDEX2DZ7c
z1~gGJ5<AG1x$G$b=Ti~pVU4<*<`XE?0ZzDwpft=j{N@r)-{JzjLkXw1#&iELo#c08
zYhc9WSysF!b@hvQyY2!WnI0HPI+rI^uV8g0Dp262UOh70CzZCvauvzQ2ttPIE>dYX
zs=<WPBs3sIGVr&=8l=jSO`zIJlsapvt@IFn5~I!}C}c(s;|68U>7Bj@zq!*sT<{7Z
z^?T7c+3!{SI_hV<D~uJERcob}e)g{H_8WNFQgYQ&L&GS!ie9(Tdp-Uj_qq*rv`uDF
zIIj)tJbv8N1|bM^i~2gv-<taAZ!Y_2V8{itsY5*&L$gCq5^4H*lyZux7_a|ygY3{T
z+=XP?3xdS(@$fscL!0rk#eiBm#3`wi13pR~J-|gl&J?-e^H3oJ?4+U~vs-6UJrGwU
z08mB26VZE#8y8}UO{6dSCdZUj(NU4LNp2UY_{KCOPS{J$Lc?O!Q{a)d%Mh#CshN6(
z9Lr#Oc#l=Lh<pl}f55?k(~+%!R6cCPrDgQ_tx79bmtv#kT$;<GY^*Oo_cPj8?g@5O
zl~2xB9s8h`SF7%CechBrO`NOqT9#y}4!n{Y#1S^Q?_a|&1lL7d!)b9uo2%88t0_E^
zjoEKO4W+{e4iL@5d98|qgOJ<RQkk<CH%bSfssrWrmd<hvSIQ|>6g7{%O8GjzYI?EA
z_%EI19ITYn`h4lE<N~GqUwqXJ@4e1f%>m_kzDmIrOUkSksB%Y}iECw0TeCQSUMMAk
zzSlqoHM}{a9+o&(AbmKpUqw->aQdu2uxUn~fmJ52UDjHEG_x%Vy)4EXqC%DdCxzlF
zfsM~&5en?0pcc7xSE`k`EI}$PSE@zCEfvB^m1@hh@?Xe$7b3c5+Uo}Msf;*~m|NA6
z?{gH`%DFsNjSM3W0|_6%j7RG6ih2#?_ffmR=40+Bvd+fki2bjT%@OM>3xt1)a!(;q
z95)-s%D>!!n20UCxw#dAs^<bH(v`W7;U39+cwoC<uwPIwe=9Vv9}ksJE^*-XrSAle
zW-4<h5{Pi$mw%;qJ3OH}_SftXK1rKef@Cdm_?Ne&Af4a&WCZC1(kpdA+P2CRq%HE=
z6<Gx#5J*?x3UyUb*l`ixBZsMe<dSsco;dYnkQ;A7?yh@G<nEN$uE@Cta%bR5r|5fu
zqb_A`dwLe`JCBZqYYat4z9}iX{gjhI`VC}m>J)8qF1{^?W=(H#?TXypPN(QpT<J)^
z8#s!>$=B1faNi42*0@nfKk<e{y4Oh|eTWl3QC|<6@YY;oBK@_zc12d8VvrDn4{)U;
z{Tj>eKj>MwZ-18aM#%2=*Co<3u|d4?N^r0R>0zkZt5dpAUb`Y`2GUMkL3Zy{%8z3A
zMIr;MP)BZ4r;|bM@5tWN#lZiIDZ3@|+7&5bM5zAt&A0+`ex>}n1d)5?HA%UFCxu*!
z1-ayoCgqyQYgc4FVg`cUpW{kr_hZ-&uFU<Ao`w5<-B=mj{||}uypAVB(aVr_s#CO0
z)TC&tymm#p8AzvFkbX08w3{+FSs>je(#U}|P)B-Q`pF>uSI*-U1FK2Eq_jg`yCPHC
z=#(CZE1lBs2aaYbb4Sy&aNiX>8;SJ1S0$ypo)pp%PR<la--WW$`oNkguU(P%TkA-_
zjw|Jp0tasth9~z7KVj2An_EuMd4%Lu2k3qSJGa)nBGJB??P;y8lGc4qaEiEg9_`$6
zvUi%k1AFx%*u5nM7biCf%no0SGK9!Q2pqlx)fV|;no_<$m0oPvhUMu<ttES6tz2qs
zCo|5eisPyM1!<tV)P8r7Nz0A$+7+41h>#w*0ar}R!#<^K4klQE!xNQqPlAX(`m&^6
z_DLc78&WfML@#{M9A16pwJWl;l}_44xDtq7iei6E(PE|SH_U?rhe6sW`Nf7wyZ!GH
z<C$dj8co{47L1#AF-hx?*U<k4#!kjqI9$&Kj&@Y$(&2g-TdjX=<k;$^BfXT2OQVqv
zBUw}@bKz!_%){ihD>9Z4OF%GRd`VKzeNu=xEr={R)ui5HdF_g<ZIKuvr|O6-B<s~^
zip=7aPoZrJeljUCNM5@lo&*v3(~FWKXP*=z`;n2Uv*ziWO^Q4zuU(M}gvb+NO^S}l
zU&-n;nj*Ja5IOf2lOpHHYggpL1QEIK1xXPyh>b^N8!|d|iuCx^M8qYpU6Hq%Cq|Kj
z&r3ueB$L)?id<<yr0shqB5mZgD{^Lnh}^Ct()6Sd`HJ&Gg|J?2ag?t#9OY+`^q7c@
z{P;IXk-OP4S}H{*WLJh-5Xt@2q)2ah?TWNd5RtJuBKyeDG@3OZA>&h*k(JX-M5^Vr
zD>5G$k%>@b?Q@bMx11Cr=UWiT{=`J&Y<ca9I1)s}qa(7F>_?+1@*46tb&AZn%S7Zp
zdF_ha36q%!MJoO(DRRY0A=1r)$lu>E71|5(+7<bgLf6996wH4s1;2*Qf0@!23#uNV
zUr9L6LwURcyPK8AD^n^9<~>9Y$+263U3((psFb}(77H7on^rYNmS{b71NQz!_U8d=
zkvL(cgXhqvE!eD#x&gftG?aJiUrlS=S7m%_GjcF>b_O3esW?|&yZDTsMA*6SS=s%$
zWY7}tzC`3w3nF`7H0A1mymm!0Ikexf<8_OU$O*C|jYi}%<ZbE{Iex#1NR7O9Md)z7
zL@2WL8A%cUNg<MNL1gcnCL+7#wJTzlNUlFpb%l<|FJwm=O_BGJ)u~ft-Z&GH2jsOY
zQciJRG16%G{H*c32z7HCm=k^cw4~5wj99{RqV{4=G)PS4WHk%Dh&U%0B*LGI^soP$
zj7g)(@;4-p>SQT;!X(Q`dF_f!rC@ym&hDZ=OEP#*3Xx70M80~)9K);RwJY)ypWe{$
z&^bp(WEmNgMpNV=WP<7x$$8wQNN;)Vid>r@A}>89DboL>5J|QmQgfzBk>m2(6<J4F
zya}+TvyR9=$*MJ)BD0azsZ*r-6cdpZ^4b*{ksu<EJSi#SIw?dBAZ61)WRJ<3<?`AU
zsici;2~ebkj>vN`mW`*#Z5Bj!U2IZBlh>|DzXTB}eL_-%&zfyCYqle2Q>Vx)t4xZ#
zB(GhOw~r-8kwcG5M8agD8jZ+R7DOJLYa*gwyCP>Lh{#kO5h|zOctpNN+NMsCb32)=
zIY(Z*B7ebIx{1ihPmf88%pz0SXo?K8AkuBUNs-g#wJXvgK}4?A5!ruIE0G_6YEtAG
zOH}r0BPtt0X`Om0A{QaoJ<1fpe(*+9qn`zd7jZHmu_zNu8PCgWSELz`$gLPUPdK;p
z*wu~fJB)1!-+g_e#(p0O@Y=BHSo9O?m+|(;)|;z&4N(-?6Udm!lDV4q>Y1d-@29Q$
znaCy;`F_{eY}2j=3TA%&<S%XOjkfhuWJ~ZK!2(gnqmBjAji97lAoX%?(}&ZhPb?nq
zn^tU;@t|}fq$4#looL}#$S?h3RRZ|6qV(sw3O2Y+{4TDIUo{Fg6nF0~3N|zv#nwR4
z%od~kvCfI$TknE%@DYQaaTc77EgK0fINxsLF7T7}8)}U8=E)7zd#|%53FUFqjsn^a
z$AuUu2b|KzIj7o4M~|1({mP%Hhaz=+6gA_WyPQtF>S3g!qnJ22VQdA^bIAQI&D;-b
z{@EVmHl%x&o&J%~=T;8YQD0LGFp}>$`FBSa==@O1D5Hi`<)~~ugc=jj+Cpun@`6Xm
zbx$nM;1T09zB{Q6=XH+N_eB`{o^-a?`4O`(aZ>)yF+b8?_TxJ4humL0&?XHe&m%vp
zn||gV;?nyvlYA{{yJknC;s9JJftQ(B%_A#G)mwJ&inPWTz-c`}@^V<En7Tt_6QQiV
zCK4+EkvVItZq(26r6}WMt8jE(bWCmRoR&84*KX505$vwdm_H=N`F>uLV%CeCj;R-7
zsY92BAJT~ulaiS^kk~{inYARL-i(teHuj<Z$gJu__(`0si=2_Lj-ygWl@m{famJ8H
zHZ*sfk$0cvOHTe0C#gC!k@w1*BS8{iS(_xWgCj9HNwa)TY#Or53BHusXpSy<P^VU%
z9L*$UW-ZZMFGruYF);Evj<z%{kjxjNgniV1`c3Y?pzL_;QbuVJv3oJzhQ_)!3X20F
zVzz1i9HLIi;uU=68f`NcMFGT4;aPGE##b0Syf=gPVbnxV)AwI^_5BysC=fL(Qz?55
zFM5N&pUnP?tE|{8=D`XiNPqUq^q>qPvaMGjc?cICWB<iro#yrIzfj#@TJ~Q6;|T4)
z;FNuA$<=qL@3*DwuSZ$6{pJpgkLMeN@^v#?;_NFb^>I(^CX7#P%;fVezF21CFYm_?
z%;gkE!$oUov%>i%CQ6y66Y0NEZ^Slm^{pq%gJ#FEJB)<_8@FsVK;SuW4Uk5a{g`Y4
z99#C|;ko2I@csv})s%PH-MSnU)c5~HW-YbR)7<}o0vQ>iWLoKc{op5!O7UHT+(mmm
zFk4@R9osZdAK*$^9zp?RR@D#t_ZLpEUK0%7Fl3Pv|65U-z9)>#R2T!9qtA6utr}Mz
z3nM-;)AEUpG|6W&h7?NJpGk5)bs{<XVHIjbDV^m`@_CVO49#fSSYX>xBEV)^z|OIN
z6<Yu(;}FpYKor7Gu=WcSg-(#7E?|8F((Bgz0t+l^s|Gtk&N8|D6d#Nwj&LJ#NSkQ-
zEOF4h%K~~c&7<|+!w19BgQx(9Q;<>Bl8alBuYuxLRE&=2Q+VPHZWjknVQ;lMU^41k
zkz-O6{E6#ZT}73wjoln#zs~mPdAht<cRq`r?s~xNsn>#z&^O-Dxu~Pn#2Y+UMTIMr
z)zWlD6W?*uJL4f;gNnRV<;oLW6&Zm`LOixQRUG<UZ9#~3A?YA#r=%KajvAq3GaEvJ
zPAdz{%1KhnZj*M_${Fl`!!!~)%U;Sz&|_1%Nsm1KJeh(}OHwV~P!Fyu7VIIRQ*k%0
zJ@%u)pB`Q+KL!Mtkpm{=2>y73yLJB9>yP2}==sKYuFanj7JS~o=NNI|Blx3+fXWI;
zbr0~zg$h~Q8X}G84ch{PKVM4zBvgg$gEE~!J|v_Y!~t)b&@Q|TWA=hwcprai)lTGp
zfAO*Pj@S>(`k(f{(|%T@IpegfAAFcdiNc{s3p%|%uPWQXN1VGS%Y@2Z-6Q7!TL%?%
zy}kjd!Q>B<o9lDv<0ImJJkA8<jetRn?)DF_y<dD-w~4H~-~7bdd!omZkF0l2W<Hl~
zprDkE*1gJ;n$Okiye=g|$_-!<$RSU+uxrZ&eVv_o5eFO+a$XHBX?`vaVJ|a2=eyVb
zss6^N8enK#g&gNo8gWYOZr3M~VspEkL>>l<bp07=wZzUZJ|78Z2F6re#@w;)@{lv}
zK@s9o${yk&jq+|EmfU*x#A%aIs10Q|Cn1cJ(wlcYLs@Y(rW9F?X~cWfI5mrkF=0#U
zPQ=2rgG&%3q#ALeHl{E?Pz3SzLLV*FKkiG9-3yJeivx2~to`l$p{>8Be}S@hI5~l;
zJ1S+XNFIWRyrHQnQX8UJU@30GEKS39;pI@;*l|2yoGiwuE5pk@mST*k$p();676le
z|C4O{lZAfn5Bw#!ZYB;3Jt*r!!Y!T#D!`Ku<x@Sz2DG7vHX6EDC}px9BR1kjM)8`O
zy|l+cA_CjrNUINQ^oSo{Y-Z@IIO2BKeMSd{iw<BE&7?V?@0Q|eG%dy!%GyzwdM8nr
z13`h`<i!c#XU0F{IDi}P)$voxXx)`?R6o4o2EYH-o2E@7>4cvq!bNdops|xxW4xPQ
zQ5>pFFuv-GI|xfachZ-k_wD^dd>KW&QNTM{nfo!XN*qwbt-F1KF!luJ{i<VS%{Fhi
z1TtZajy7P968Ml!d(+6b_#5*=F2C>~x{e_f`3L^SyfBPkcu&5truGX00&Nf^2&dKl
zL|cY1N51e(?HA7D7pNo?L3oG$8Z~S5LJm3i=p$Jv`y6k0LT!|^<Vo-BuTk0-rexxJ
zguG6}b#Gip{z*930<?3s3Fv+UQ2Lz$P!1X&nP~#uBCiQ(C0{!sA9)jQ8DBgoa}X8}
zQU)y^hVMjr#>M(>%f~txADh_~<w+#gW92n{;3B?ulE~!@TAWK@zlqz2Gb~_5eWEt%
zhf}6Zn;-)BV^W$y!}@OO-+%m+DI~*-k-(M|nHLw<x3hG5`22#X%H`C5MkDR!#mE><
zijJ;L$LGv;14X;%&NsUikk{0$oB7(wdOjy}(Bks|(c@?)7d4h?<*4e<<5`^m;SRU<
z(+Yg3LnSVs=1XVgGBMs~y=NZ}V!s%jO+@><eFceD`2OK;8ueV^yI5BEzE@QE#;$+N
z#%f0A(5AucWxgULE};qsJSwWUX!vGv>xPF-s3@t*2N22%aqr%V@8S4CX=5Mz7j-y4
zDf0Tewfm!6*EnUMg%3fd&Z5cm0ixjRx}E)iI1MELL2~wot{pr6MwAxea}APZjZ6FF
z-Bw1$qOf$}@7$#Wk3H95!%Qln(x`I{CYr$Xa}BQJMK4JnKe#OT9eT$`AB#QK>!X`d
z?E0df2Z;XCo$JfP&=wpVE9alpARCnhrf}Df(bE>l`oBiF3v<;06JXU}#CvAAt1<P^
zZ?hmm^PBiKT|~MPGU>2ZH2E~@p;MrX>Y=k8<2aXP>Mx|mHuc{K_DKf=K}JBMHo+??
zzy+Sz9fK`4ZjgP7F0}E-<{#9#_SBelmHsAr7wNP@5eB#ojo-i7H3of*zn(GpTkY#a
z!@h1@)R28GCgl&)MTZT?n9o$UZBOukY$~<#v=Uz=yY{QJ5UK>86|Y8U49A64Azz@4
z$T2SnOM8yQhGM%hFSO=Qh%+^sMrdPoZN*;Y*T=dZ>Va`#YXZEZzS<2Qw=}pAAYlz;
zgAyMvBl9xtty6DajMUVmNQ<~%9c=+Z=>;Z`TT5`t5f|rADV{j~_Qk0LWI6t+jY%sD
zkT-Q84cW!$tlEH<`g9ujZV|@qXi+VrIHY#F`DVKu?!m2~8DUMHLb9X^?y*ruGPlhR
z-t)F~G+}&6d$@uMIthEYi!Tj(IQdO$iv@vuyVUs3Kv6_Ko!DJDqZck<&+;m9A_h*w
z$mEQIq?&E?JUFTgN+tpY9G-~k4Ku&Vtyor8p*&Wx%!to0yetd6b4++G0k50LP)Lan
zaGe2ApHJ2YuayZetx@n!v*34@j-Nm*BR-%_YVa@|iu@$Tr=Iqib+kw0QX*VK?QzON
zJW6lU+eco1-NwII`-Ukeoh2aBILrx!#rW$r>)I9TYFsJ%6AwWynP)#ifM$w;J8260
zC6Je=2xOTPQ2jgsiu#Eu>@6^MFX7#jK2PB8J50Qe5Fld?YdinLoWp8RqqgO=I1?;7
z0E7+_-~t<8^12S4DNz2IZzN{brL!G1gZx7*aqnW`&=_`)l6JOF*AesGL`YGLo9&-G
zSpey;s2ve=bc4k)(h2`(6OLX+e-N+9#~RPSfz^>E|FH2}+DpWY5zwg9ULNE;gd2>d
zWBkr6oz=n-Z;pJBU8tIEV*Xw$Ut~bs?~7ubhM?6Osrtt>gKk5aZqmaf`#}Aspcpic
zorm!-HR=w{eT}@mQV0i>oN#)L{FczGHhNjc$Nx+5nAfHn-Tz;U$4nxo$@$MKb<soj
zhYc>0-ys%!;;4%sZr8h^l#P+<Lj5pvEY5GbaSERoL?O8wZk^O$o|2I&Pst$VK_LK9
zn6Ia)I~YIxybOJLn9mP_3V8u7PVW4m{uV@E2b4PW2d@k_=13C5U$&heM9aeUyUVXl
z(FsRu^7XsRZ`qi|^Svd1xAAYG!*&7ysA~Uh^QSR1kO@F*g_u-A1z?7m2D5HE=<0-i
z&{bk#sP85ly}=Y-DnSflkfC;3M!kc0>C5PtC4WJz$L^&RhA@ewA(mvtyum^$s*l4Q
zNkEgL=bC<$CpaCec>T1&z|4!{!&vkerK6t4vZNO)(RkW|7N?3r-6+yp6zqn%8=c*<
z9?~J!4$n0F7d*u>oR{iY0u-O5GhiBya3R-FUqZY_E+J0mDy*%651K^#usqks>$Tfr
z@M>bgO9W?&LWrlYKq<d$59;cMhQR4E*Ac7qimGjdj^uM!q2Kkc@k-)QVcTdWF&~%4
zN+P3(DwKk1=hen8H5R*@Fo)4WL()Mw;O2mFN0bA?gyW(hOu)&7hx{HBDm0|us}A3F
zo{);L2R<4u&_ldQ(Kugy;?@|N?14tHe3ioc&JrKO5SbIEO~v<{(FdCNZnS(rkI}~c
zK;PI8gzX=I=9)1L2c6x@u`Y_&PQ+JQ&{v$k8xsA>*SExU<Lp{rDV_*t{?-Y4RM<yf
znLi{iuZgc~o<k`Y6MBPaoF|F{0F$Ds1qVLL3l;m4qPN#(;K*1UIMN`+9y}rm%RFl_
zxSA9lRJ(bqy}9oe3l~6^CTGd^kXcMT9Nth#PEq+m9||cq!$u>P1W2n7_2EkIg@1t*
z0^0&7UZb*sc-8&@iJMDbpz$Bs{5P9^BmE_lnK<92P8SDxJg!Dn)9ijTX)c+=^aXW?
zvQ)Tx07S)FxokErta&PzBfIs&n4<nR>!>HdESqG2_f3yEo@VDwRBstXlG#vvlxHG9
zr&@qQEPxw|F2@vf<#kj4^G5uOs;T$Zr%!hM>O#F$p5|PPlWtMIY^AS#X}@BB8zhe)
zg5%68_!RjpsFb$SmtETL3LLMb-w%8Z$>g_3`rBIWI->B}R;paUP}FmI1S6odU!hVS
zq>DQpsMo*?1$;WT6A3)eW>MWQUTz2%pn4paE$b<&z@7^_aXF7GV>cb?m0;-*SZWp=
zg0NFB)Gb@VCqIiVjL8opiBk>I$<N{Bvx_NFzmO93lh2UXuE_7`AEUR6F79-o5F7aj
z=n_`OsOIlZ?X@$pR!B8P`a<S;{~XXB0Arw(oq;<z(^o0ynv9Y-MWOe&OB57l+y-(1
zE!m}OC&(_9fwY!lgPx$?B`WENE_s5(kR;R#yjYRORR_~VQM}NrBv*xP(op}bO=k2$
zVDHZX<}>|03Q=O1c*LkvJ|B)a9)mT{%A?>4E{bqasVi~<jKEP}m@kQZG=o{iV1A*$
z4Pf0#rw<A+V6##-0NSFo-!P^8JY1;Z(GZRfS*rVUU+dETSDWt=wYvQKgrHV)dKFe0
zyun!mj2h(uW)$_L5mI@gDH%-|4J^t=haxdidxR)MM=aAaEz$c%qPKCzGM}U)4p~;|
zkYz7HmZvP^nU~HG*SiGKJe&AZMwz>%{bu-2(PcEc$s7y9K4({=Okb1YEM-wj>5)sh
zTq7D@10wOAi~TJ@5Zs|-f~bQ7zL6a~3pcR-=|SoW&ThUoD--94!_-p2=QJD*Lnk<U
z-MCiDyW+NrU6|v>OWx08+K5w}ak{jO@UIz1oSl-D7Qqo!H6H*x>Oa;*z9V_W5!A&u
z(qjvK1_KJTkvxOiLLWYax)yzKVyuNeEto!+%1%vM$DN|0r&y}cJLIpV?8!8F9JR;2
zM=39nU3nb1GLt?QRERl{x)~l9aaYEo0fIw;<t|H_OTqh46b0`$`2amY2yP_}HBaTw
zNQQ%KcpV2>c8S>c{+%ed%oF@KsY}$OgaCO$Z%CCvm8T2xW##D$gvvO610x3EM?G!4
zt(0{JhPHFr^??Rqi?%RcWKhAO0BKhGQLrM3ih76tPLeqryIR3pNZst#_=gX%p3*ue
zIHq;K!g;e>=cz$o>-<PNB9PPsBI~U32hlIp@x9TnmtUgo>{T8*gqt#-aCiv%6{`wa
zZ=5aql_mP+Ll%Lhc7xfKxN5MiP#G&<BK)BSy+L2AOxn%vDnw6GBZsh!O&jry)j(M0
z$82vqVM3jfyBX&qC}lH1$<qFpE9KV`N%;gYtPP_^xr&iG|CG{Yt4oieCR2YNx7R=m
zbwydtOOfNW6h$?+`f_RhqAY64g*CI(aEC|K@Ev&T0xrIZdYZU(1;2~{3L5y=A;_j?
zZ@_^b%AB7dDmYraeNpf%wS28o_HP<Ofuk*yIdtAd=>XW3ztF{9O>R`mALXm2w@IsW
zmve$rejndUp01Sp`Knp5Qa+ilnxicpz*l-#iccxOlCN6e9*uZl*b*2P1t&ox9&K5C
z_55Z)zr{=(pK&YlIC}&2t6QQL=xUGq7hex$(a<FB-5HRgXVh>J6lEK{LPzd&8BDL?
z085X1m4CfA_>(udP0iL+_XZ^}9bfVUaiT-;tjKZte*a=JwoB2x;}T(lkNVCi?SF+I
z-{QN0FJOR=`jpcCBQ5uk2YE<)8r!>gXwo7$6b2p1_8MK<j(OMXwDu6<wc=VHHcA=U
zYujis%7bvpSQR6rKzV;?i-P%=<3R1!8BHglQ0yu5#<cDXyL!41wAN`D9bLS^DXlZT
z;a)VANsCa?WWw%Q+FeW9otLsn+r%6`Z>=_Yu8!4l)`4~HM#n<yP@L)^zC;zenh3ei
ze39k8HRRqLvNyHPi97>vlHOEnqKsCx3Aq~D=!$)Gv!DiJN|@$IH6wQqK0cP|<(pJj
z2~$TD3MGe(SxQm37fRc*6;I7*DNsv)fvq@IOh##2X#G_9V%MhTP?6i+-k=s6`uqEn
z(w~bRpUBHZ2tgXLNu~Y9_{YOumH0ae1K!LVKIiW14%B$VXWoTB(Gm2<MR>z+edDqd
z`{|8K@F(h`H%`MF6RmH2*@t0#jz7_6SlI-Yxtl>U)LQ;LDs0C+L^StLKCFhvW2q$E
zwbuy3jjvnCn4K6fNRV6xZ?1JlGeNU`COb*8s4Out7Bs{39F_iKX?DjGCu-`*57g(1
zarb+*0B`k`UNfI(>a>Y>PMA2I*O6#`$lJgEi}^f{f-rIwHEur7i;t58Aph}EtGc%M
z^P@R_XN&jibMCm^>~4HeDI3iCfpWtrwTdznIkifh9gMQ_(-40#BLB-UT4dzkI6wHm
z81J8dwN41JDWr~g9pNK#*8YQde*&x9$F9=RsTHn+fZA8LYizt>|1#3*5gWf^<8!gU
z>pZ_(tlc2w6E8>c3Lq&GH+(1)jHC_B@kKhsGVL}SQl|c(_?jBrPj&diNHnp>*J!?g
z8uoBsOK^y86Ki};4Hm-@>aXp%65oXTgx8v|M&ChppS)k}9H97`EjK^2j`*6$&!+**
zps;M@889s~UVKdr;kyV(w+24(;%hoyBVzFyVZlqp*UTh+5nsc)h#p^4gX`;vujyT@
zC%&emSQp9Oz9NQXZ<7~8u^E*^k`SoDIGIHx5HTh$mG&<oQ~g!k25Egb_!w?4cG<$b
z@bE@F1qU?cnvoneh=({iPb=WBp*hT>aMttrbAm(mkQ(+0Af)D^kecNKtS0OJz_!b&
zJJt_uCGSCsK%9^ozJidNi$ZFNf9394U%AWvmDrFPeP#ZTUI?k3P9e30<U5!|<B%E-
zdj`=|%WV-;<J;5X(DL^&v0eR*!RoX$V`>F)TEAbb^&(5_*sz-Fz-a;4i{YEBhAx-9
zmZ$Vuc+ETV3|?Oz^9A2kQmopNpRNXrpc2wDu@fXm291NXshR_Iybc%}r=z#T@gC4|
zmK_R+)1CUTRiQ<ChOIv>`xC@@*onvMSi#kE_EYg?q=;p_j`or0yUMUaEuwXBmrpiY
zmu>>D6|Hk$a+1-yic1ZQeMYnnOS|w1Y2yb{`K}eGI#+{+`uSy>L;rnx#tl$*w_s=N
z(8H2YU9>DpH1hcw=p`9d>tOEP7suP7SN))+|MPAAr}bQsd4iDuXBU|#BE!V8-aCId
zWs<bu=lRGaF;Y+pY2;IT$_$aukr`rrZat4)tQ_OG&(N?`tX`nzzL5hhJSnoi7Fz0=
zjT=ToIdBCIrR-}S*mO$0b;W{gaWe+n#5cwQR`{WH81?%Nu)f*cruG^I!EM2CornyW
z=++B2+l0#nL!hW@t5CodB8vSDE{LQaK$h$4q#SCtkw4lKD~V=Itqy;ia>nXhN&Yir
zLie{H=5dV~4f;B90ya&Km03^IZ@qKk6x^eQ6G{@mDqHO&fjEgCv>1yV4CDK8@-I#?
zzHemG+iD_YlSJzMj|`YscYo_tb}{*iNVu$<9P>w+<S?fnCOJg^v8;ymRa8OjDipd{
z&?Q}dazyB0d^J81vcP6ue;zQ`*8f=lHTJhDFUW*~yx7*G5g<p#4ec(ZjGOCxDzVD8
zYt=H^^mLiqicI>fmEuDFF0ZA_)SE=$bhp5nZ^Ge<8)EhPzen9gUL9v2cD?Z`xezg0
zffsrUb6F#w<$cgtw+CO8+vp8?X4Iz-ZS)mKi|{%>8nwha|2a^EZSg@Cmz1&!KV_NY
zSt~qii)T<G;#nGQ3?Wpl`#`bO9(OAF?MS_QN*T=#nH7%8g|28pq97i#fGD+q$eick
zT&PA3cXs9&**L?!hw&xfsmu$kYWARcfk+B&Dl^E>e}H(9WU~)3MC3C%;}CHaag@&Q
zBqA1A)N;LZxJO3lR>Y{|g!#Y_%A~j#6BMfBgyj-T9j8A*G8RN$57^|xTraim52fQ`
z6F&8~1rX8o@t>I$*sAWRmit3{s(5NW^_LFzri>R^Fhq=4SuaBDKwIq50s2q~h4#Ip
z4feoe?GmH5_BK<BeVX2p>59@iiTMDo=)+~!zKi+xGjpu>76|)KnXB>r2Rpqeg|2i~
zN=rXn?~!Q;2sg)(z@fV^L@&Wy8D~r%!D3M>e-WJ#bvB<d{fv9R#r#cLpe%BB>hC<y
zk6p&{yy>Fw%@{<+KqA>x0wXx!(mZktPi4$hH<6J;Bb7$urTS=ukoksMfSC3yj)L?M
zhvZI$_xU@vv>ZzLsZ$k@uN3=nlH!CvzG}Gn@&4w=MX@A73VoOI@Opa@umIY}Qi#x&
zqk3VFdCffmXO_)@Hm6*=kr--e{Vumo&7yf$9u4$ck*-NwF{_(;f_Yg;VZiVjo9WFy
z;47m2IW_|nM}b6!>0R`VWk57Guz_fkrVPcCrd_f;!7kWtN+)8=u_3K}9AM9yz)&()
zba7CGj-l87c|XN3E%o5;ODnw(vN@bGlvy?hs-Zhf*~IB(kj-q>z24U)cda*^Typ{P
z%@;X44({(HtuF;~x9->3#lWV_EMjnS%4`KFAp=tEV^Z3XuFQaOZDqE+RQea2?`_oh
zHRD;MOYiG~6C!C92$4`MUR4e6;s{LxZ%wx>V?pViDXIQbLu!UQqKrb_fvbRxG5j*3
z+bq9O>xafk2MomNmfMXQiys&2vZ9o=Glv83$aV<$=K{VJ2{I_1=MSM_NT0sk^65s6
z#KD$NKPfFLh2_|sB7R@KyFhsii#o|KoXxTQ6*$Mjs}ye2ck<IJ#GwtU<1nox7!GS3
z5#BgN@1yTLxut&z0!>NY?5MOEhYIipY6=uo4eNqcJA2Udb1*y#VX5Y)+JMt-{AYhg
zaJG^<VQ|*QR&xTv{B2i@uUbO1z9fd$@x7NgBv?P#AOW%}SlwdT3t5mBfG+Nz^e+B=
z4|Q75gX%waMW==R+B~av|8ej#g=uAK^XN<*EG$*lF{-?f*w(`H7)Rc)NKT(H=_g2S
zU6oJlF}4=Eftxws83}w=ng5N(diVsKK9F0X<<j~J{T|YJKmG28->bxU9CO+H=DE8u
z&n~AtNe(d&Y+0rxX}j?$tp4#Sh6jf@n)s6o-g88|h9)~d{Sa>g$`>Rn!Ky;{?@HO<
zaSMx0-tfTR0}9qq&#A&6lh<NBd58m1%XX>Gc|)-LiEM#A+EV}#{W*7cp2OD-73F=3
z4ttt}9V~HH;p3FM0H_0}1FANGG4p2zH5rz<4om6-e^Zb(6z+S~^W4LWum*#hTq`)-
zcZj&zL);uXgJ0=_Ur|I{tF_|u|DfCjyq`w!n+o`Nv{k#Z3&XjGY7U3{9{U@&-0>K0
zqFsNqGy8b?Wmxe)R)s1q;ejjX0M6?d5e5By^XE@?pc8a|A>Dsb+&?S-;0mV?bKZeV
z>F!^|SI^`@$35zf9!0z0c})g?{W2$i{U-W)c;L7vP~0`#caXSwu|(;W^ZwB1BLW}1
zIe@@-6(7y39zv_sNfIZbX%~8|#NyPO?zX6f(?e|}PLl;rJNh$DtFdwcP^+j|b-3@B
z;wG(s5t-TpCx|7<-{I~DYP19WjNcmlM$kVA&&htm7JP~$T9UMfA<M*)AQ^0pHb<+W
zzPql5Xob?F^as4@Ir{{qX3*tAyiUu)ubyfS0j$p)(_Z10$raQjP>}{hH+GpEBC-Bt
z@{7hx%?~zn_?i`A6i1ynDVC&F3lAb`U#^DlJVk3eld;2!vNt#`r8=Kb2K;3iTn~cl
z!+C={wA=Ei$@R!bu=vQqWrXO~>j}bE?a(R4{IM23?M-|rCn?o}z=9bGArKi*Cj!??
z1ZDsMq0iJ%^7B{eWP;frh5;}<Wp5z=u!Hwc5j~;U;GENwA>zqmxIZ;}mCE6V0~IxQ
zArMuqY0DV74P$NT?fD!}5c#2E3rg|;^J{VFecC{i-p~6J>h970b#`~!b%Ne=GwP=I
z>sOk+2fd$V?g@rxCWgRWbtACnT7f__AYjnjZTaHK)B7?;4)iv4KV1oaC4YH^*(-1_
z9>dx(fURRA9w2Gh6WKo8aQn4B(YKbOk7Fa1xUoP*1rm!0ERgVqHVki$fHyYs!PwgP
zBsbiCu*BzXG{+zt8_BH)pEoaWkUslMME`o|@V4WI-k;kWZvT#Kzv~)_&-0e{=QP~D
zShjynZ$IABe)pIL@jp+tzfEu7&C>o~4Y%K4Ec>sw-;Nu4|NRZOe@C|8b+z7qOZ&bJ
zw=b6MU(?%<$Bk9GzEtn8SqJqybJUU?(!$}^?SrUHf&H{dmkn-I*F-{n=2NQkq1CDb
z8EPj~WeAE*c;`EDfj5?6McluxFy!_kh0Us{12t7j;7n}WRX<1`warQYqb#>W+daY6
zo=UA*(XAUOsOin#x|lxf4fnkUA2$5~ZxAc?mH2)^sLMlY@GJGudeu>dY&j(NK7@}C
z+vin=;g!8=`9VJ>fvr2Ec~SOP$hd9d4W}2)vjRhZhKKV0S>)LI0nWLARXM((AT)da
zaSF6l?#cAE1NMk=96A(L^!Rrn-8poKdZ@g;)q}IOA6u&8-0Mdwkgw@c2G=Naj$n&6
zJt*6Y3!ph4sQ5ZbPzRzN%+BEZ0^R`?7FT)ufX97^;cWmsU{j<F-l@#_fZ-id$`;~+
zOA-c-<S6B||EgdKF$ti(EjFl?TBZ-C6Zm-!9q_t0lw?IPwXo2R{6+p=0YAqHh<NN#
z-d^T$S1V-$=`-P3EdfDoahRbQ{YMW=(jz%|UGG1-JSP*sfps-EKY`PJJmHb4+<YZB
zZ_mi6hxSF&4E-nCW2#<_ITc`hNBMBd+m#ICLjeQ%YCu82Pz)HUJU=koJGnjQ)9LN+
z7VQb`hTDtpUu*q-f6=~ULhZ%(yI9*FZNW4^>R$ri$C4WLpHl90{67@!yC&3L;Qy?(
z{oSHH()JVn{<YTj{Y86(;*Its4m1SzMVrTxzMHjaO$v7%#SH6jDzN^U&X3T0y<9Zy
z-B43O@Yk(PgQ97lhMEdmPq#K5C7Sk6tZ83s)ApiiUPDbqUysts5PDxX;8-DylEDo%
z6$pQ7ZTc6{bXY@81)0jMO>Y!U)rOi1ggw@#XN#tz8fq#KZewlw3v?>_dTB#V1;Xp-
z+zOpc{}fHHYN)CB>QmOHGepyI4K>9YB!=I0)}{kQ)0-M<DiH2&ZJH#SA{{mn@!yG)
zFpR#gz}_B^>9&TNim$$5ZAwS|q3M){nhL(&VQqS`Xga;2rsAs?SetebP48@|si5$&
zLzcd7#55TQ-`h}A!Pg3F)4y`l&>Ug!boE}3dYWTxJx;Wqmq2Ur?Luqo?xOYl1X>GH
zH?y|>5mRwbI7EdT8|t^9_R516lD#ZiKbAmif%$xE>sv%?s-4r&w*}^2YwI4OHI>t8
zsI~ZZ8*A%d5ClcPUr4z1YC64IR{?K{)-NZ}T2So~YwPKv^{WZA7X2P$ZB5&}fH`eO
zZK&Vk+a0Z~f1@~eIP^{etp(LK{ATI*BGH<P1vd0;f%((c)_0256iaNVwfOe6*4DgW
z6%KupKx@(OuGZGHNdf(?NT9XAeA@v_zv-iBy*z=|;@dA+TbGK~RSC2f-@eIg?HlH~
zf7xo$Qum{UUV$GSO<}hO9y4546lsOc$VOB0n#qUt1doyDT7DM@feAnquG@AjT(pn&
z*YmT2M{plY8rfxQeP?<CRgT;WPvArjiUd)0swAv9?DIG(<g_PpJ7AYp;O3FY(*2-L
zc;M?e4^4x0p<o{Vv&Hj1y_u$dG4Z^?!!UIXr4OM$h=q;4#fax^!|N0#+t4f~o;Q3C
zJ{3yNpe8Z#JUyO`Z0Y<0Y}evQd=<7erc@VZbt~~ryA?mqOj7ZyANA*8bHw<toQN17
zLU#_WS5I09TTvLwtft49N&2$-0k6W~Q7seCuxSFRsD;6aILo}dZ-^QK9PD{g%1GJL
z&T6btHuFrV_JZ=|U*O(BeA|JeR*<KcqrElZ1kFe=!_2ott<x*#Q^b@K`S7(&%{3<}
zNd!P2nnVP{q7U{SQxJ7jlskT?Q13Vrg+qNe(9cl%M*4$|ho=yg!|69JvH@LpzYf$L
z1N6u)2D;V`^a}xWl?1w+8imt4*)hG>0Q%!ZJEkuQphb3|y#>&7CD3UA8f_MB5p5Dh
zjlyNoRxBL9YC8c8bW6d0bS9twOp=T>PJ9An%+PMWk)MOEJEJYpM$mY(pz#Piq}N}-
z>w0~PF_)d3JUF#3+4aZ+p4sIAOTD^0kohEeXs%Ws#;~hfCY~N2S0>(^XJcQ7Qk{Kw
z-(;tB{|K}1hru?PSWZ7f=_}|DWFnc^6HXsR2V$Fo_UU~(&@*Fz{zM0mhLS(A1ASir
zT`Ykvq(<TNrgltkGk~s!v|FWjfdJ~Z13gs$?JR+g1<-ghu@1m$%f!b`@ClZQ%f{6s
z6Bpni$;3l=-5SowPpV5_q>#R70evwA`l2=Ki%f8|mcBTCR&Dvnl=@;Xp4sK&e3Fk$
z=nLPyx~||p3H^|vJ%k7c*})k7@caXUZ7x;>TFSjT+orOtvwm=qe(1fE+4gO|O%@i@
z&rtdY^arwVgc^m@2cupt$$|v>?martQ(}N_{F#BiV+Z=W0Q!am`Vtz&4&zMRL-$-_
z7-KZ^FmCA(EbFKJ4XY2L`^GR%ark%`XJ`SrG_g6!$}+iss`hwJj9*U8duHAI8jWXm
zehtw1rIbM@+s3nvZ|kwJ5QlG(G8>6U&(=x2h~?4b+l-%>#HU|m<69E_45d5h5BOF9
zMFGCeUuXk*Y?cmmd<@WT0_f2}HlPRSXDIzQ`U9Z9piwN}Zo$3Ue7m#;>!TQI{WJ{`
z{yO>gg<Rq|1Fs`qSm*d^DaV%|nb%pZr_?>do<5^)j=hCvc8)bP!g>L{IGnmDU?b|w
zck4t=#fX$Tj7Qk2ADC1Afi|LEK|e$3SJEF4^+{?JPT%&H4d^8X(DzxkP4>?eKu6nw
zdIZoB66jz6jpfuQVg$vEuvh=kIW-7t6?Jl|n^?%u?!xOvyz@Whms8u-t!{p`=^o3k
zL`Rqps}6DaHkZy6H<j3)J9WN|;iW#4#2t1p-##8-<J({9XDIzS`UAdgrAFa&7o87o
z0{ycAw1#Ed1p4WA2Ktm8=${18M<mes02<4;X1G^-gzY`1^X&nwan#ATTg3v1R*Bc^
z)`$A|n$pnt>YrIRzoz0@<HpyjtK#x$>wPwo4x6d-=?xY_lcZC&F-g<=+xT?Q&3rmU
zf54{;i4WoQ(${T3_s!6OUKs<llK{Gxn)7^t-R6h@x=RAxfkv@>x*qpx^GQ9b^XdC5
z>)}%+9+J~>3SLiqd^Nx?r#8Q9-Te9r&+Pn4bbNIHvT?@O+4tH={E%NK@oy}ICg0xs
zp80lNKO2b$(a%u&Mf3-JyN{L*!|5ykVFT(mfIb%k^acU6pB-qf0D7JT+5<pi`S!9H
zKQVf7!C{?mXI)Vb-&)`y@ohX_uX}u@+U*y)iRdJ5#&r|_-KB1(WuF$yw1$k>&6mez
z*4?vhblqN}Gix{orPYWv-@?pVc!7;sf1;nE^hf9qn6;J~h0{B~Y6JS90dzl$w<!Vd
ze8)gTcA#YfXt@M>4}iup>xdXcG0ghmpw6tj#?-^CYw?hn^&VcQ^};&sS7Z3))XwZ&
zH@|{-c5;L4?aSiwZRy=M5@#3de0!KB(IoN3o0-Ii``Gxlk$#5KH_;#P?Ns7RIDNv)
zHlW|!p#$w71N7)72D;7;bd>=5r3AVHjbiy$fP1x-W6$4pzExgY58qzGL*m=<->lhl
za=uQpbrqo-6v@S~N~5V*TTI0!;YT`;F_$qFGt;xQJ5C{<EepBK$PHEoYqSXNhnfa^
zQov>qIrJ`X_F<*0Ogi)wut7J{98?<-^@0xIn2xMettk*ZprqjvvoV#^Kq((DJ^e00
z*BqLQrD?OL>vY}0l89G)S*VCnt-Y|3={oX!omtqS+xHy$6-w_-f6)7>7|4M6{!2EP
zE(7L6F)&97m}lEyb`vnWOPHquCb0@haZ!}K;mo)v#1P66GqE(x#3-&-dO)x$U+Z`Y
zvkEl8Obl%VJ$NRTsT~<jQhP|d1g{HycryHPYHK>h=g-v{CVvK-{GqiEYXBt<k8S{F
z@pyCxPHiCvPV#8ORGmkIFaU`pI*(3#%RG7|SMZ3=2MP5J(yvhZeEgwqe~vcbQTrEd
zFv|>>yC5i5n6C+#0UOMF1k8IS%o%`b9ZvL}{bIOSctjHN-9DX1#TQ$6B!XVxm*mmq
zcu23miPx<G4xtb2{4%D>H^m8USjJPgj<xueN#p4Q+_#OV%y{DoGkG3Q8T)BG<!kSb
zI#IKq##6q1Jgx8xy2>y_uiJHAJp!4ecp!MiGp|e6Gp~-FD|kh_6+(Tt(63PX_w)zd
z?@C%FoPIMheJu|BhABGCK`}5-{F`BZYlFE)z+5X~evUS=<7t=}FBX$U9L(9PtG=ot
zi|P~O$&76L0}ttS2VRdio)Y7aQ@g)IeEwvooBZMNB={3&JjL=z0cP=d)Xit3=e)@}
zJ@-KDr0g?~-ui~=d1Y_GBQc)b^edF!AAhLZcVp0kN6VhG!R%wed^!f^H3H`OHkjuK
zn7t*;vj8)8JiQ>si-kudArJ1+dDPu&;gJ|mCXbTwkY2wIuh&1GoLMx}a!{m@W?IQN
zv4P@47I<yJGN4wstHrPk8c_4vn+)qq3J~W*9`@a5L<q5a%7-lys9mvnc2=Ht>&O!|
zo2O*uS;o<p4WQ_(VnNYNHTbjk<E=W6MquE{afBz;TFZ6Jqj!4=9*J@EIQ<HxKS6)c
z?e%EGFi-od1?B<+=0OOG73QL~4D(?d%%FfdU&5RNn6cyNgcv884u6}2=%xP*5|GF*
zf<-yneIvjk>b(|iL8FK+w=f~JoA8KU{s=Fd42t7FB+MVDmeV#qe-7imuJEvhOYlc2
zn;UDOV)#_)iO;8X(=9a3yCo@U<DM-W#Cp$PA$D>+F|V#)!*p%lQ}9ZRr$`Ux)h_%Y
z3iJRCnOAo_Yk~XY%~rU>V&FCtaJLd9Oo#>CjRNi_33n~p#Ez*^xCc9I@QVYw?x@bM
zuT_Izt$-31W{4zgqSCZ?@Q`GyC0;i<#`&9c{5f1c;Bmqmz9}oM{NSB99T|fuinGBA
zvzoz9C7*NXd#Z}fmD5_>*EhI7@VP_zcx_<+wp-V(LB7NNOZWXXDXDT7S_~XM@j%Uh
zK2HWVCD9(b32RaKTXnCQorWsL!7A-DkcJC$BCGq_tYlC27Ej<0?C~5<Ytex}I?n7c
zG->zHdA&X1VGghR2md*dQ}CoHd=E~%-MN<rY^UMGreXN~HOi3>Dhf_b!HY^6?R#V-
zH)3mFrZR_%OCSL?uw$DVzI&U>X`0C@7FB}>0zWiW12yAHoH%8Df*SbwxO(XO+?oZj
zka@{Unl~>U$FcQO+IsupIJLsOGwD`eSkiu(bT5bQ4W)aR)4hDUH=6EEq<en4H;(R2
zR|CJ6;(Jd2D^z=+H<p0Y)I*z1^7Hq8r$))tXs^;XwI5!}RBM*`e^ec)1Nk{B7KFQW
zz~X4K*uT?i9=0-|_#+j~bbsgHgEed~(pLk^(~OFtyt$$H^rWOoqP~peZ>HpL2PBx@
zi3PuHg1wF^XVy9By}{o0_qnOi6&S2Chbwdrw{<%thaaDS%`gM{d>hN+w%8*<Jf4VQ
zC3zhD!Qk-ab#j;re_J`+cW8VL*Tism3w~3IaYGyiBP54S+H-!W;&SFGE^l6%$!=F+
zUMAhjv9KHW^6B1a3%hY|9Nn89huyEnXE*jcqt#x;m6}(J-9JfopHA#H;#JC`I{BSx
z=l7h`{s;N}_wn`f+dt_)<M+@Z|Hp5LG8Iuyl;4kZj^#J$Z&s-^2EW(F-za!u)32x?
zN-DPFkZ|ESNd@zo2_<_BN|p+Y7KJB5ss0EhyHk6oKxfG+DA}`wl0BxB{Q@ij1L{@e
zz(mx*cBt1opk5EDmA^v0Ry%@613REzPmp>&7`;gi?1XyVntKrPpH|q1^lKl|uNYz8
zoHV*c`n3<~*BsKXIXQHX^lKl|uQ{Y&b4JrW(yx6;zvhsB&B3tV1N~af`gJYo*DB~&
zOU-Kj9_d$n6pi*mzvkd2=+~vBUss|y9qU&F8RF{Kt##|ycBjVDpY*F5{DD>A_u7pU
z?BrKT`PEJS^ceD=pC6z6yAATM!4;hapE&uk9teHc2TH3?nn`|FVIR_WeZUQa{J2N@
zuFq%-`Eif*U7zW3$PaxNkNm9f`jEcsQ;Yo2cT9fLcd2#hJ1hNT^xY%y@oU>Rlm0u#
z|3~zHchLXQAG=a4@*hM0cAaABFZ@SLlj`&zk0j<lHXj@7KOVREkHPDRvCA=*)WyHj
z&c~XXi=-#{oyWagnLD3GTHv^o9LXPt&N~Y_&gpd@^XEtC`1+#olq~Eg{pmP+-Z-3l
z?v1!RBAoXo##55EBv0r2mr#4XsggC?DrGc2y+L$<e9IJN&H=nEJdeX_xcD%RkX0*j
znge-e<p-6rKlt%hXucDy`Skrjla#4YfRmJQ6_b?l`2SRIpBDJ_8Ghma#oIFQ&-RQ1
z%6-m-_{X~tJ7LhEwXH$hxD5&yB6Nxtq~Fq@6Px%SJ-E!_%hkUqza+oQUot*x`yy(3
zEFi!0EZy%kT_%j@Pg(_a|I^9xA)>vtT+rNu__}{i^q(|G`ndyT@(s*89l42jA3t8l
z{DbtT7h%IX{ZlDE3HYbKUscOrVG+{((-rY#h&)vxL7WyFSAqt`l^~KULxS$=A76r+
z#z@fi`XwkDBSBD+g&1)p4o*`X#-;X=qO+YuXB&x5Dv3_v!n6a*y@h>J%y%IHP_zcq
zO<AigI!}@4<N$yZ;L*<V#RMb=+vVAX1-|vmi$$dfc?n0Cki0Bv$MTYT8suff(f<W`
zS#d@E^78oDI6CLQBrl$R|0gg1p}ahh#`5yrsgRdb4_oC$tVhZTa0V2N=VPnQXf0gj
z3$7IG&Hk>){fja;gptaw8f-}VkT4GRVMkdSk&*P2jED*&LWSzR?%m4V8*o?EjmV4(
z1WVPxm#Exj8j&<=8aNK~LFI61!X4NS^Kl8x$9n7_h54w0`M_}vG|weJQksvohJQrk
zzk|&jbck;boD0YrEMWW5A>FD3I-C+;2`pgyu>kgCsk9&Y2dkt3p-)cr@~7%CAo7zi
zAoFl)gYQi8>|haFn+Bu-`(de^yDWDtecpe6bRlVkm)bCgk7j_w{SF?-S~IO5Cdu{Y
z`200o@o(+yon0?`^Ww6XG`zvyC;P-_uft&PPe836_U^@F8+(ldr<lJMZ96U%u>f`r
zEc%`3T(}^O^m_-Je(z9+ey_#ar<k=lq~HM`oV9#1o`R3zEDo>ek}BdS_4)&G`1xS;
zL*nN*sm#wFoxsmqerqH@n_poYuKzJVtIzvCe*TC2bhcuCUXu=fKDFQEr!~GTmi9>r
zD_2%1*(gno1siB?8Vfr=>4?9%Yqeu%P!PnK^{NA@`#4%DCEAQuI@Uyap*h0~#p^hr
zTvNfzn)rF<dA;`|7`!uj3d<u^e9W#wkQksAN>JY5uYiUk^HhC2T!KO}J9w2XV<GmN
z9BPH~KzC+fQQD1N^#_X6qt}`0YSIGLv6*~&fe}vMUZbh*Wi$U=RoKOm6n1u==fpu+
z&aCLOx;~=i32bECpv)=8yo7$GRXH=zLG&at4Y!m<saXdr9sUleNq{1d#T}~(`#^0}
z08;d9DngFd`$`lw`zsIyorreF!Gk!uk^$ua5N$=FUlahJ&!!2#90kE)4&{Bs=_lbT
zd46G5^MZN9KtNzaC!-1X+~RIwWdX3n0s(K1Nz?w6BNhlEYq3C}_s7ORLG$|gHvss?
z<sWkn{F>9NE`BA+ruFe__V526=huL4|6Bap-dpg?y`~O+<%3gLsGN>f%RW5fAT>sY
z9Iel%>4WZpOkx@y>!U71A9cjFw&2>+m(!6qXcFyi4iChWtm7?Thhkx1CJi_s(PuL%
zM+SGGVA+QUn1daS5!XIC)&yycH%7*vDF@tB7;tTQz~Me)8hu)fcSv}KZM<db<1Isu
zHyjs111?<-xK0>wZE3&(QZ$=J9NO<IX-gxHI*2hh6H6yz%mJ7fbEqGObvGV!Xa|1~
zKileqE?pmVo%BHmC8rO%d^1e14>~}QThcPM&gTd&mVC|m`nK`LsZgXZKOG0<sAcw|
zSFwGMXy8ijwrF1sY0(ccxdtDqa}R3Y|JEw0ddO(}#*LkyU^_0U)I0O*8In$+S8XbF
z$nXQKQaeKbS@da+gkxcEEqyu#7{ut)aVB@`)Th;j&teTR$*NNSZ16WmpH@4cqF04V
zonld`og{}(sV;nvp$V<pBaT*`co8^^!p@*%wR52W_g_-1Ek!xI7k@lX%;FVTsbF(@
z3Rchil2|SLR~x?#{VMpK)5FH^-1lnnd(ZxO{GK<cK7L~`PZ%1PzoTWl`uO`GzWDzG
z{+18?pXTqf9kuv7I$QAf)i2`n*Q$>Nhex>#4kHAgeDOQPVaTLqNVnQ&vY1u29Mmu7
z)u*yMfXg0mS*YyO%@JrF&*O9u7KYc>*H5D?5jbwu*VkL%>HZP0e$`>>YYb>oOLmq0
zB*s66T#UZ9jOUDq7|&8=XUGA4Dh4z|lUlo1T&?}50Xok!Eo1t>qqyau{%V_GIy!48
z@N3Q%Tz}^?DyTRbVa~v2IKhwZJg(PUETP{ozEwlNZSjbHUhFLnt`nKIh03C{3l1)K
z_%HLU`2`shMcKbAbKY)(nT~r43Po+fiEZBOZ3tR-RNa~qD51G#*x8E?d<<0VQUixK
zD09U@si2+*CBs#m`I_-5xz*9Tib6Nzv_t`OtO?T-x)2NFShQl$j=g|{V~qiw4*?C|
zTcdv=`>>~a1qDvj>ZSZAd%x;ls?6yGSo9s75q~l2I+88@0NWMmzx#01<xG^IMtmdn
zA{>jWDuYq+OGRj5JHB(cQ^ChrK)`<XArU$^E0feY@^*1L5)P?DiZC*%bI#<^L3vn!
zy_L@=MLjR=sa>t`(JiCGdFR8?r`xCp4F8&Hv(Bbxkg*(3_Hy_e-t7IpjvmKWFOEaa
z@Hl8<K&33Nptl0}YDazN=VSPm7ZU`e(P=op4XdCO{y*2-^d>rW`sNg`V_T#(lYF=X
z<tRhLff0N9Q4~rKMkDW`FUWIH%3j9>A&@d6+$TqMM`yUy^4-1;nC<gkczE@@v`+Xu
zmB0??^~Ncu-r%kXB?qeRuS!ro8cp#r5Nt*P0x4bT;#|rm$l!HFwBN)8*Vaa;r$l<k
z_c-B~Z>rf_ayP?sK`CO0g`-m3G_Wzgr#-GWCgjqIIv_h%jTyZ=@i5vXcQ>GU9X}Ny
zjn3afEEhLN*ZFWe>bgVY)Dzk*+t2WEu0!q#>JOmG75&|Vl22TQ!1%`||K!@J)fK2F
zP@`t=<#S7$gT`Ju!FCl&7Z;!+rJt9miR8ls$-OLYQW_WQ!iK5}Gqb#oqa(vk2-{K!
z+iEpD7{ay<!gkaYHjM=9+wLS-e4a31{>sNXk?>rk36hScV>XaI>&v<dJnD&M9xcmw
z1Zt)U;Zn0VVeuI49a~k$*D6k?1ySIheXkwdDFJx`H67`Qx!GAMTJ9P6Di}7}6PzmL
ztGCCoidL8gR~4QK0SH)+j^ZSqH&I8*pdDS1zi^qd=yY0Kp+cVy%#7i1gl@q9aUPF*
z9eTbF<5|r{p}o&}*bQ6f4Lds(!Er>drqEya=d*889bb9F9o(M4(wYK3JK2-{nJ4&_
z=g{|fqsYC<H=!uF)e~4&Q!xLAn*P_<_@ip|G8)&W?x%btkNbOHdV#WN%;`uf9a7VO
zOjq)HkTCdBk>d+5WHtL}k$V}KOifi~=u#k|Duqi$U1xkMx~W$GM14}M&mGxYGFc6N
z;R&v%vl;_OI?im5XzT?Am@89_S11O5uPE}RmVwVd?4{(kKQbwj0}iQyFA#a{lEo*+
zW3`Z!NE@Uzpj02JkjsB=l{BQv*@tLuoGV3H4|%9aWkrbnvoTy$n1u0E)Ln(h3_;RD
zGo>x!wU*YQ87W>IPl9S49cQKzp7VG)Fp3J|C-#<HR1}_M<W^h(Gzp3)unN(LGrYkP
zD3N7U?E{?<C|W>AUik^)gx)=e5>i&=q&yJ43^LIX^}(;Tn;?NkcTs`S6Rfa8^y`rR
zXZkne^hWis`bW{fPf<21UjHb(D>MSd9u_r+qtSwiwML8LtcYPLMWGp(iClvN5>}(6
z<AxF8)bmmJkoG^5=Ir4Kepyuhqwh4xsUK8<YTBU%AOW6m5e}bTMrYXi*TddMo5RYH
zprV$$q0#IGT}c^YjAN`t#-o!KdyZlKH5+p}$W2*vE(%K<XznI7r!t!I3#xm|jN!1Z
z&>zk$b4V>HDzEWn0?$5OnR`dI&BS}0v5WHvu(a&n;@=WgyrEuM(Pm!90Z(uX(5`*{
ztw}_?zAXrTjlrY_e@7KzK}SS~R(RIzjyk=e$tfNzWXz$}bBq?HY#J^=>Ac0{LU^+^
zFCE08;3geT?}Va7x(z!X8<n}&;Wpn1k7U0iMfe?K)le(gdt@cu1$jTL16d7#CXnD#
zC<(Q?YA<OBOv2skl{sW;=|~YWU@4yJYW6v7o<+C1+=@@7TXBSs<0LDjbs?p&oJ?IB
zs4CU{E^YJ<8Y8>Z>|IoDbEoR~)$2IK1{jCYyR=+9CMO|HIteM-w9_c*c>;#**BG_~
z=umKH^mK1{0$c)bXaayUu-2Y%pI%rFzCi0uUw{c!7QwdS-1`06s_m_kiX6WmYzo=n
z9ISaw(Ka|a1=^?=205HLn-QR4znH2;;qTw@*UnF2KZQdk?B`nI)&I2pe6lkQ@7ngW
zW*aCb?IV`b4dd8!cGhT%d8Fa@4PIsA$aCWqtpoGOu!}KNpcR7`P%>%NDo7FgBk&|0
zRY^^d!5V@~S)HE(fl11rms?ffNV1MtUB3~f0!R0jjPnG)VPkT%Q%O60X%BiA`oVu@
zG}jZpmTZSGCJRs1mj%d{bR|QL<Z$4^8hVG8hCYC8XT=ziL)sx!Ws*Y>iutgzNTC2!
z8!?-ik&a>GK;0bo^pqJmWG_EWb?m*GiZW?mo9*-wY~y!7s2Ii{<M$6`(S^J~){%<W
zuF(oOmgjYAC0!$*^5_|g#1&1ML&utXLw->E=Mzwx5a4~t!tuI~l=L1E?$Qso!JEAg
zZasNnaF^j6D03b_8v>3)qqB1S-RWfZXeLyXQg*3)qLlv#f~(={9FeVb5h@a6mAvB2
zqTny89J3Y&t!ic_RKx{{pQGk4_7#~^0Uolri6MJ!Rz^|q4<5Q&&M72j%Sd$tIQ#$b
zQg>)ieNX1%+AJ4l0I;1r1IWSH)9#}OI2Sk5o4v!=z6j%)+;>*^KWjJQA=zf(@uz4n
z5Oho%;PGFF`2+h5E1|q-Z#vCUgG0%ii{d;ZJPt1PLQA;d)Axi&*mPt#HP7ot{oY}#
zyzZY-L3lfc`ydF1mWQuIv8A!f<JbaM69;;DQMu|Y+%0mPI5;$khdo>a9H)w5?}w{@
zpsFc)LnoM9y=bTltzsXI`(L$J@mH4z%o3Xy9IOBsa{fGI0KF*j&CZ{6vf$;Z9{1`Q
zLsZ96kK=IR{Fb>`vz76t!v3kvd@O;gyV8%kx=WE`ztq3U3oXnCHsP1)tyM0w$)9T|
zrCojL34RL`!d8w&P!0CV@{d#3?4hjj>|M&7CYTj^-ABF3;G?vs9j-lQtt5<ri4dPc
z2vsVrV`Pkg4Z&6$(~PVkS;dn~Pk0pDk+dabd?Eq-<AHyrf8cp~Pkg`=YC{%Ae#fyA
zz-stYNyewbSA&d}&tYm*y;N8mc*vN=USoVVG>XMI%~QQR*5rIali3ZhI-S|8j+xAU
zB(2VN7!qw}M-r`GS+F>e1Tro#D>O@mjBegcMrSWShNxzEVf!Fj-RK=MK$wk?D8c}F
z9VfImEpG>ob%Yl{i&)yv_<#iB1>j7IOOr2&Jl(<&s2lC)!R85l(uA%TxqtPYj!*ec
zCCJd-kk{Vyfd}ycl0INt1pAnwI#$41{f1%325XnrnP1pYl>LXd>6EMto|3g3682K|
zaGR);(t-z9IbGbRz;c)2Hqk`zkoE_(3jO^Fe_4bvwbV<~@o!VUMzixorxK8Ycd6*E
z^1w>cE#V<Dyx|0&sAFmn>s}vmWMiZ!)C`k6<c*E1!FC8G@I193owhwTVzHD}TLqqr
zxg^#fE!t`M%x=(5Sy)Pd2WitzW}t%Rj?Z)uwvW!lK;UGP)^Zc+mE#?K(B*kq+Q@V=
z8ipaGlP9VQPeTj_ESZYrj?Mm7(N1s%)5tT$OdTqM!88RJevv8MJZW>mysk9cz8?Au
z<HvRe5K;8e-Aqvn{mApjOhXA|flOdxuPk;!TYG}L;o-3t7j5eaIkSrR3~CUK#)`-N
zyGI%RyBdb%b7ZCxF7b(uJnmFw_(rH}aY!LC#DAIx`+*!-w&nPG5eXxXwx{p-dPWDU
z;aPA|m(6Id`P*ajQnEG`e;A1_MTlKG{^@`_=Ny`QFn{&#d}YzUDGU45Xf}fp&pdRh
zIUwQ*WL?sDh4%6WmeQeR2mPm)!s$x#ox|?1G08*Nh^Ku~)Y2x`L|cw8L$3K{|2p1K
zgz*?l#+{n?7t*oS+L#QyZ+jf6#4U?|j}20YSD>PyoPo5aF|sE5F^i$%3H8R&e8`Oa
z2~=GHkP&2xl94?dBW-|6iK7u|WHH=X63JzukSPz<u54X@fN;KwGq~Tv-y(=h<R4aP
zg$^?mlOegPd&SH%Xaqa3GF=TLT5Ywg1%_TClL}GVscmXY0?N)Cilsx{^ugI{o3tU{
zlB*h(b{4MeQ7s3zRO}Xzl6^<J6Ezs_x}qUH1)>j2@i<mQT}6;+^t30nJG`Di9b-XG
z!6G?U%Y-DuCKgl;B^6H+ZA}g#iLOM+!d0V{Ma@7I_)6%`>f&t5h>GF}dz^NHpO}7Q
zqKD81g%fdrfCF=xrB_AXN0dZ+gqqWN8wh{E<?3{BDNWbcz$5>>xIlGpLSSSQ1fGXr
z=O`A1MyJrDv-C&gh+#;!MOr#X+OTndlXece0;hZ|yJtE00{fF<K1zNhOG8%*#sK3e
zHlY>IrlV@2IBxd_+LKm%JMBNkQIe|r3t)`g;bVJC#^c{kC2a*|cpeL_kQF`O8=ef}
z{<N3WOrJF2dx|(@Z_)!WB}EPdFv$HR-2U|MRyYyM*)_?~xvX;MqaGoVvlxHH`6JT*
zgvWpx<eCVDi$>!AW8pW8u#9`nj2tz4jjxmH*o1L;P$dKZxi*gYAFM<u@H5JE&fb)Z
z7{U>UdP;@bVzoTzg!K;}8AQ6L<a*Tnq*Um@i8vk1Rnb9=kiF#8T&C#GHK)kQ4$@2s
z$W!-T_(pb549n{aZV)ErX;d-Py&)M7Gh*mKT)T~=kHfrx0`xi36nT$l590j-!9Tdt
zsBi&4TE-JrfH)ja7>bGd?KILT6hIU5Jk^XXm~(ZpJ_(VbxPtFAB05Qb4-y#>RPf=H
zitoI^Z6<>(`ULTU<Ko+AfwP`9dss!XIw>eU(NQUX8)F|s-YGo$C{CA!jfS;1l#Iu{
zM=5_4Z()%Bs+7Ge-)D7-U>!R!Ha&ri?x8TA5egUA4#+Pd7lwrtbItc!3oRj4@Gk9)
zby69SKdnt{L%LuJ&6Px)4R|@DinB@935w1|+memJD#S2MoS-I(g1-)#*XP0^RfQKi
zfNhL1+o@F{j4OC*+B2bVPjEK<X=L~j51voD0qg%8FxZ3x5L^*$Cv~qU_zU(fVUDvL
ztk^EpuM!{)ig*xI@Ymk#od`1!S-jal;|vmI&bN37h_NB&;27kf*N!kR=Lrm4gi7d=
zm1?*Ey{GW<kxsmn0n%wC*>|NH3KnYAj4p3qBOL`f<?RL%lRlM6qOg1&*j56YsqDMq
z5j3i@Xg`V7qi7vhsj|}$U!zV#1wwPE@KwX}hav=<&Q-%Bu)B0MCO9jt0-uji)MrqU
z;Y(`r`}q`@xi$XXYH+nV<2Ly>TBrhO$o%;t7$$wXr6gv;r$gi@nOJN0>4t-$JR`EW
zbzy46Zk^$~3x93}9+>_d>TlA2_hBDM$@z8ob2_uIWb&)FswFdv95{bQ^mLu;V)m-N
zC7!ZlSKP|RE@o9L)2GYOeL9777(kN_`~K_3Idz|)5TTu6di;V_+==<k!N0==2df>J
zIl`xaGRMNmDA>k*${acio-Eibn3o!VJIHnCf~vv`97*{}2Mgw15S@TKojhxPMIhP{
z?MO7E<Q7kGMoLsI!U2axp-E)+)ojE7gtf%_M!MJWGcQAtQm)djLx(U5J=t3U3;`_X
zMQq%Qg7;DYD^FT>OGN#Ub`+KW%s#=(U#%?aNX8i!6OPbQSYT=6uRuSR7I$JBk289*
ziNP3DYp#mSK%IE)p9Dy!2ismmx>3(!HHKBN3RLfsMTS_xB)`UY88if~5kz58@w3oF
z3xq|O8zEa8d48MV^RA~oYjA;RO+b6>D_Z6Dr{#Wz=gO0ni%E>g#gNJh<_Fewr`C(=
z7{Xs%zLb}DxxRK075P~wba`j~+(dF;viBBW$J2?y2<pKnIF%obpcA?18GI5<HSmla
z1UpVD!jQqQw4{1*x_+7V9O@sMq~$A%e`17+j?sd^W#Amhq%3Mmg2AZV1}qVhExys~
z-iEpQHu4W7mKUp`Au051nEnjzLXrD7gkN;ZwG-YV5%0<`b>iU_3-L_5N8!tTr~<eO
z{7*a{_9?Zn|3~%A;b1_k5by5=h1gyA9)6(o6C(exgiGx9Hj((e;S+5sK96jF4@79Z
z4g}obNNz&R;T|jpLUTkZXy(S6n7*(@o4+`E%ff$M0sAXMX%=Qxph+~{$J}NK2vUfn
zH~#?TD7ybTPq;Cq<Z#iqUl2W^XUSnRKD<0y4h<N6z(x?FM-eUCLjD}c-h*u^fN$qX
zi#Ep!2zfNp6_$&IyU6>y6930yVfOywQF5qzvnz@RBft+a*lQQYb`VA{tt5Y?O=q<H
z?Q$#dim#ROXoa$<!cjpv13XHu$FzB1;WQ*WEDGz4GvtxZEyQV6Wu&i30U!XLL0X`@
zeMK$ucRa^^Uw<_OeE@eqdZE|4vesX$tkHU&Li0_?AH~(nK5vzTRn+qxNzqBXivqd@
zht3sTTfnS{+(c#~Jd6Sf8%r*M`1dOKs2A=PDZ_t;o`9ARyPiLCTKpaY+!KHipXXVR
zT&jZ`)0eE#1_L~%2U|4<swG<Gja4?y5Y&*O;^;G)a3d@S9}aUUI*_t_vr<Nz4&fw7
zm;RH_S|vrE#w~JPq5r6ShVWRB)XWPbkJCd?oC3<tSd%+RZ|io;vP80S=IN@VB2GNR
zZvUDZ&I*=Cbv!Nr9;EH=1vM-#3SkYCf@p^DH>{#gQ;r&xAhb!RIDfz#uU|1Sq1>$F
z_0I^!8LdWpgB7rG4vulQL44EWt{@9hi8+-QqD?<xAv_40S9-E5irg!Uprx;hyo66{
z57+*_%^z9KDHvG!68=bMOt>6H*?ZJAy9;=|D!&wy-QkhXh$o@RY4j-66o&`H;|A}-
zDgui~l=4@Y1&8-4Wv$3}k&!~f(e@(Tf@B1j2d9}MP8>J&#h8`j<w7{f2nFxd3Ysu0
z<VrRChdm^JuU8W*j#45^+mV#OL1Eu;pWfOdc)%+tDdfj|gT@vyEyU#98AX*jgwl6W
z+fF0VMsGh92JBHZ9~wOD3H~~K9>f_kJ<tJo)sFdOAleU2swtc|0B0pYry%<r=QH4>
zwpl57gu)=p98ik2wH*zD<EUn6FcTM;&(rh@$+wu#@1<;a%mCn!<j=eCDlDVI6uS48
zw1#vmpRCntu>Qe!*)vgtGgGcIJxc)<%73M@sHM4{Qc2RWlw$-V0IZUv<5EZm78S9`
zQRz{Jth_3+2=fc=4nob82by0LVLv`*wiGg;cs2y@+yYv*%|XBnix{5lUz9no5|iEE
zAqDF@bQv}g!_WB%#lLXIL~(y86=!rj#xy25qQOkFfhTl<kza)f4dx0IoIYHF=v7tC
z$Z!Yv*;oP2UdmI)h=)>-HWpl3aHU3ZawyfbNCp8jQeUu%8Ghff$S3$Z7TA=se~~Ow
zAO>;iSFuldMsKoN$Ts@g8(dG$T<}XRvXZ9p5kzM`K=Aj^w1To8w<1q+7uJ;E6mI}P
zEFJ)8)gbKrGhO76FNtLkf&_Ks#iS@r`wJR+F;fA7w_F_VfUP{ZhBt_;BZWio8;Zgm
z=I~vKmh)A7criZw6n*$Qy*;6c3>(Hg?^S`Ub`hRNn-0yb0Yt3cZ~)2fWO9qa)y~Dh
zT`Hm2Fw*=D!b9u+0p;pdYp2S;?d0E<@^2ITjmgJDd=F0333V~8h2g)85I#`J&ac7Y
zg<wQca0TOp8QLf(d){ekFg43ac{?2`T%4XXv!CkN50+rD3m)v?HJDCex8QcfXOAW?
zNhY3gEU2O_MN8YmYIfhTuSOg9DKMr86$RgEo*&Np3-wbw`@|mz*&&BzH~Xs;vZLj$
zOblTa^K7Im?Uw0E7~yZwDnqjIh%>~p!9=K#UB0fE6TJbrud0Xx6U)JvdD^#CIv^}}
zr#NZABa(eTzRKXS@QFz(uYr0Tzp}4i?fi%^gNVkG{}`1C1leDFUy%P9`S(%$#Sp%n
z)0a5n0!`+GS|Eo6YJeOP%H9|ZCB4*>jiWf7Ej{kfv9?w*Dx5mk8~g%OPf_#>*B<vu
z<v~>5$AO>DhdqIc<6id~_%0x{^T`q64hsr+fEIj6!<2z_c?h{oNJZ>G6G_~{;P^b+
z68WfsrP#x{6kFL>`z{S#b9}(H4;}aK%H6E5mr;IG`_PnA(R9f1f&slcgE_uk(Usn8
z=nTqkQY()(@glfqID(c8Ckj}75&hPx56$_@aZB|Acje64Mg|W83Qk+1lM^Pv-#<DG
ziWgG!0~aoU;LN<l5RhiaNkC}b$cTtTerl&Z?OBc$>uM(@D-!Q4^R%7XV5-F!9{AK&
zNaFgB1oOWCmzd?4J)k5gMYwFkMG{nVsBz(`MHGNFU*#*azX+F7L0Jp|=gih(<-IxV
zjWe2W5(3lqnHSR<yse)@jed4T$#qW<xtH9{(<w2N_vtQ&8wm4vkW@@d^wHk88f_BQ
zFbog;=zH|-=n~PlCfqk2KZE)*f9jiM>;Vby5^i@){?xzp{Hc2BQG)|d<I$szd?qm(
zpzSeHwdFH;!l{3S3v^tq{Go}hd>G^xO8Oj`-_)f5%lu4;9a<LfM|u-v1u}z)?YGDi
z@>KrOq@ffiOMcV+sGDxFmxx!!pFaU@OMa6+5Rl(Aswmv+uZ(l$Pfg_cR;2fP6@-lR
zrrAruEzEV=F``Is`d$KvrWyH7gm+yzPNqFaya_p@-|8#Vq+;M1(Gm@5YPj3(s4{06
zBortpWv}7_Z)C8ZSWIdH8M9>2u~IeF8O_rzH|#X!SMalv?ocfQFm3V%X)_btScru-
zH1{*@0RjuR9!V1TmleY<SmAIVa_<qg+XEZ;i8ihheU)3pvCvy6CVM?_H*R3Bpt_LN
zzqE6)&h`sbLlBC#|2smS&%@u^_Uwde?svx`QMSkuqID)1GZuO?%a%>rFrZIXS@&m8
zhchc|+WEE8YcWc<u}%9x+B8gZRzQtoe*C2}mx!WwSG(zuVZsn(5;<68!>+9$(?bqL
z_BwBN)Q9O{Vb*B)&19wSXLB#j)B=!II|r}B>2>N!99sZZm?vIEh+~f?ujZj&xd}tR
zM%tq0{}d#vSs1I{tocRGTKPr6-0A`n6-$PZu0PmqpwKeA4eq5g?=TXLlC6nG(B(h+
z&yQYIOUZc*CFe#dbz0DuCbw4FQTC^-#9t;v?27J?cF)(`+jSe!+qSZ|r&xO_{c*(J
z$RD54k&H0qBF#*hfzSbLaM=0&)yuS@fWw;0GQKD~n3AX9DPtF_@alPdNoP1(a#~~~
za1u*j7;LNfhuC4j;|PgISQFh>awf*n`8<vw!5fQ$S^=MJS1_jF3T-kS2?@_P%Jo<8
z#u$aSHH}4c8jURSVsep(!y`*|>;b|&O0fQkP!-&p_YkyRF0yjAVc0FwA|JOhinCCP
z1r59X+B)2YhT-h?6kdws<n|j->|7spNKA=Ysi@I<eI-WS^0$NteT2VO6>p2LJL}5N
z83}h|#xQR<^~q6T=UlaNdy|5YBX=$GRR=gbQhLr(oLRWWzuyz6bQU2`XM0hw(i{9t
z%|4=59%+I*x|UUjR@!GsCckKY!vkEZL|`WNm*ir92@EA?>QFkTnW-c8mx##?0tY3N
zX>Qsf>PCbC(+<&M3z%x8-tg=Oem^yI?4{WaHM@wL(G<rM?$8CpcM!!gkc`dK9IT0H
zMZqK5rC78jZAnwr4$*v4yHro8RWyh0;?j3EC9EL%%qg{~h9UA4SihLzYi&PjmBfw7
z26ogn4J%e&yIr#c9L_%Gb^K6!B|1j8#yYXXRtYYD|Ayf5di)h!j?G`8@sHeO%#ikS
zPAzBpQOwynV-UjgJT#&m)DZHKvCjr1@wyL|oJ$L^5JC#I2e%gRWX2QxY&67w3Z}p;
z{sX+>S?u^BT?8SBG#M7afT<$!?SRg~lY1ZBNTOI;%21qiIPZK)Dx+L-gr+EB&GR1v
zcj|#DAF$^(7qm*5I{?yvIJ!M?<O9-plsJ;ACypSW7s=H|;>Z;+13O>_mICn;&LwP1
zmEoJP;;oczLR&0HI7Q-!Gj8IDCpwN3N9bf2_ZKrdAdNwpOEgg{cQ(;_qM~}V9p9sU
zntZPl?wM&N&XZ0n+4=#D4=i{Y?+pNHS7;9cw4OJD*)IiP4VT(TGHG6SKFRUVz`yXo
zOTU2vUO;9hJa8CYmr0ZJ3mwm3Q!A0H>7)%9@;hFGkeT*`M2a;nixjd=zJMzu<O$g(
z7m}9MWs1|{5S-p$f;pW<vwDIXgk~klYDd|Gq*(Jwlm^HE;?2;k*c^tX+Pr6_XnnT0
z4$W9l?R*w2fInhrMqSAM^$$5fU|+2H8$BTMPBVX_b4>n5xX%-uz_AGXgtRp)VRJ4s
zR#K3=0e@v>@nC(O1eOXT-QPLdQ!JsZEIwO*M1~7WpdEC@!)EeE5;{UdVVO1qpozq7
zbTkc>&GZ)j__v<mZ!qJ^BF^V%2WnH{w>cD!MTFQHZO>~+d{6j$H^FN$D$qgG=s6yk
znoWn$CtFfH81wU@7a`(ktvxq$G%OTrH*E+ior^R+t~)35ArQ6uh&|0s+IjC|>8;v{
zBFjlJ86Qtoi;Ry_{Dr)&UjupT@V3xgU0&5Sm*_I+D>MHo9Ymjh55fGK(m^W8eW4(A
zPbAqO3=qzH6#UV?UBny0Drk`<dlSugkr5I&j7*Tv)D~+Hk(0?Fx_%M)AO>kvch$_P
zMq)@DvJ66E2$YB@$wvuIs;<qoUb}T?$eJbsk`#(0m|y;7Qbmj_UU<O^+8tF)j_TDQ
zN3t~6tzWT|L+q#GNIg$Zkw3Bt5Nqd;{06s#C}@$F|A)Od0gtLW1OBr@SnnW2Bcco%
zH7ICep(X;7KmvDkqEQsFE}#NJQAC&#EF!@P%XJ)}i%YFmtG0EkVzsiUkPsvRH_(cx
zRS*~MFe*U=0)qK|?>YC*Ojs1H-~Vf$e|a8q=bn4^^Pcy-=UorbA93$*2k4LVHxv3J
zavw@agw*}bTM`Z&yH_2Kd+c#E&&uqTOVK8?<{M&{?x#Yc7t;AF{1i@lPl*b&tI4vC
z?3|Yb4J*{$HzROl3~5Rm6AKSzi~;gCi(U)%GV3yO1)7$C_Sq;Kkn#Aedb!U$&nd*I
z0wN5ykF-sxtVx@L9Y<{jh**p=lokmv!-c|nrPS&bsw)jidqR%lh5E`X5;TcEZ{qI7
zl{Uv8$XTM)@U=omJFU>6aU0qkE!1@lp{jFanxe6;l<7`zE?{oY)z;t=wq81&N~d*&
zqCuf3M($z`4-LZ4xo<6bR?yo)w9^uVAC!#trmbK}5Xak(IB@g*^quHWoROqIA=F)B
z!9{<9i{S-(ivkAX>$SlzWjiHQDAarn5#0$btGHe0?2d|_7+^eKA15i`awBhyPmxd+
zT%F=ng|o6OY8mmPtyT6XV1LEgZzFq67)sC;K!m0%kRY(1gs!;n@5s^WN`<d{aKa*K
zlgY%q_;B+L<(^+^OMSP#g3??9Yfo4D3fYYFILNZ+6(AuY5S4|IBzD#+3mLJag%9pn
zb}OxgL5I{@kmKw*uHO&XpFeYGg$0L+>4$V{#tYkJ4_dCziw_@aK04$X2kI}J?4EIO
z!O&m8;9QtDy=EmVFr0{Go816<b>}Cczwk?Xcu4()jKkGmD5aLe(O<ZZKFGRdI3v^Y
z<Nfs)Mys>8Vd9nU0V}set-o-ttG^IGmpOc!i;QK{Efj(A(+j?<Qz$Tei1fS}I%|es
z6%29PWS_iY52P+VP2wABe+>qwpX!|M!ft5_obMCi0^*v9WzNTgXn%NwUoIL9nTP0U
zLc%K&y3-Hnt}EaAzWel!WzIllz7z7$@lVTH10yL}9{Lz~EIujC=ykD)RuqaN3B?4G
zBL{s>Q2|mc!?-@@#J*xR)5{m>a+fdCW3E;r(5&iB(@sxlFmRhZP>W%WyB%CDhVbce
z`w=W_M1SEWFpKCfyz~^O6$tNdN@fA02qdz}UPvm5++(3Il>UO-bagBwIt*3u@oD%w
zl>UO8s7d+@yzZyJP@bf}P;yZH1(enLF67cU!|tYf^*!nfGtWbPVHaK~oF2-4<$j0c
z9^D1uZa|fDMQSfpA|m*sMdRoMu|e}$=fMx>`qZIC^clgOI8Y^6$uKCZVvn4^`j=dW
zCf|q=3Dy%rvKqd~t;~_SuvYv{XqnPKDhwFALFA00#pK8ki$1*RL=YYgDb)e7W@aa=
zf=8)>84n1~j&U<UAxvZwNNV9;ig2_oU}8pw>{UlB0GGIO4zc%q0!HAx0}UoFji27H
z$;S_P#@9-IG>6}(o;(Qr7A3>)LFM^i%o=V5t~?)%i9A2jc1E&5e+Y_J_R<&Q3*q!4
znVwKIgph5HJ$z?j6#2S;>8trRjftz|+F7oyqp_~OFfJYR7hkxgzB_6A2arSXWT7X7
z2vU@gnpZX?jHw2pD;`7bTgt~yQ0%9#0>=PO>VSm(1pWRGSuf}dyYh)PDTAz$|44z7
zaLA$B)Dm@qcMyAyuGV^yrmKiVZGF~oB~2F*2wba$vIK%{;v~n__sP^d{5m|L2)}M3
zu8kJD2V^r5dTT`J_B@DGEkBPtK-ph}4)WPwe$HwvS9dfmKW8<NpCiRh7NGBlu^Ra=
z9B6;aEfoyCPuz=jXld3B_6Q7$YSzb(%H^vT4XCq4Us0TTcmgft#Kt^Mln`^fqI8M1
zN>~+;yEQtPlh07BxH4oH*NdjU82%+RXdn2CqfV(~(ZMJ}J?OM#^__hi<u3iQ&ni<2
zJLT3W4vi~B)h76SY=!9BD<u~MMSJXSu=2E6p*j19__j;rkgP2cd%Zv_UwE3w4tyjP
zZ?IntiI<neza;!@T5s!9z4>G~_euQyVO+7*e&w%nj=ij`1h`Rhi6`-SohXoT9wvqy
zU=5R|idh}Mj+|Vk<^-Py5quxYq_n4uqcL>HpPeaDOm!_6HeZv0ZQKuwGkE6Yvj(=m
zy>5duO{GZhL$6~u)+^U1E(&F$9*R9Bhus;Aok?J81X}x)-Pw3Gy&LS6x4E+bI-Jqe
zv~fq~<dbGJ87HTtOg<;nbd53lD7I6msg*H%E<cJZ>+*}|6pC!S7OmB>Ypp(?U2N8D
zDH{7#%11jgt=-+XQOT-%`%FHsa(Vt7k9J5AyQIWwTyp7A3)lLLr`M3Z=h&}2w4k&1
zA7G>yv%ds*W;8v3y{a*r;4~?!xZ1^0u@SW1G$XyOeP1;h3p))RZBa3ni7D3W%cNG*
zc=}rcR`fI$?yC7RZS2mexEQMW5@&armr$aFA`?arusUUpTQ_p-E@`;?JI2CyB)x+4
zi?Y(XZ!;FIt=W<`_DxlEO9#I7l5c^mjB#&{?7r4mxQe8<CQ1G*?DY|kRA<#13*WF-
zCl?#{)yNr5o72&Yn|%k}Q)7_2R}oa~)xFaBw&#qtOgK^1>9sSOrr&iBIcJj7Sol?P
z&m*_WERWkcvin!YLK*oyRaiz|k-CKXQ=(EoD-g*J#OviwSe;g@W@>mmzh{X|RBS}|
zUB<%IWG_o(r~6Ka(kPix>l@n;`tX>6xG(0`)31xl*lY4=D}TS<x&31PE}=tdN;YpS
z+?G57=KlR})ZF)-Fxu+tkuow7dKN9eCryInNUL%Ay!Dmo0AP0q0H-Mc{FeSJ06d<N
z2mqGMISWBQ`+rTXiFR-G4PVVV0iQeY8Wjdwyzlj^sya-56-~@WbJs_JTj#OM1v<Oe
z&DbM=ZOq;$Rqg?}Z2|5*0JjA$X1Pk{93fRlFF*_i%r16dw%)9X_8hxb!E9sqH8Ywt
z%<iEY7iPB!%+^prYvqF_T1#im#g|O!_{`~}{!A1mrz<}*;fL1f9ve@?gsD^gkQfB2
zA1`arrynIR@G~X4iF%BMbv1U{*lGowb_W;4o|Vp5(_|VMteTo=+SpYpOSHqdRU^CC
z8w;z=NV|*n2;60q;Ms6MDuYXxc`LEjG#^`yjIG34ThhH|#vVPo=~O>skKU10z+Cd^
zzUJM9-+Rfo-}Z_8N*2l8IY8YTyB**!vCc_dtN{2Sidk!#jcbqIIxCaLwfvCdx<ys#
zjH~1YRp&n_nF{ADbGZK4l0m02W`xdb*saSC)>;h{?9Sq$TWg=(n#^MKG+IQE6UpA*
z7#~|}g_WXpEF7J9PkqR!kWQ4mKr<;SG|#yDk=@yNvNnr!4p|#nLwA{^%dr2~)XvzW
zQN$nx1U1Rsk5mY-j;kKoy~bFGJFa%uCF&aBO!0XX^Nn4jH}w|T)Pq$fwrz=Z#C~h$
zt`;cad_JF(rg%=q!ZpbVj%}Sm73|`^GOWI>rPLY*LrO+5DW$E`e5tG5{>xBT>!H53
zD-MPXb$NWKC0fj|q}is0UACpOsdp_~#9C9b$k~b2W{nM=Z)lEd+TB3yf?94IJ<w{~
zdEDzG$2KTDFMB|`RziAd=QKg5&4574$TxrI44F#0wLFo%1-q65%W1Mcd4G|qlaF#2
zb<Sd|ja_q)##+lE(`?@+8fz<!vD|fu#@d&szQ?pdysxQE1?6Ynw^L168k4F(IQkL*
zgz|Bu-EI1df*J*Iu`x*#Ju>NQ@<hv;#BTA8t=8aR0}k1RI`05!11L&{FBh_yJo!98
zg9H6-mJ4|JdWSw@W%WC?rWhzhvdPezLxh7*Ijt2wJ+P|BlByEW))-d-xLezRw1ZBo
zG<1$yLU&drWk3rCjd)I3H97nm5vICMtF6z(zeY+^_LNuKbIqM{ggLfLZp!L=`zRMD
zQ8B|a!|je)+&-n?{lBLcR5ut4Iv6uWa$<%v+p1(URG4B^Svo0|q)=hT^lA3#e-zrV
zE}X?AuYGu1Q^ETMO$9sgnLFz~xlrGFSqUbfSnmjVHjpH_d6x;Hih_A0`vFS8+Cjce
ziHqcOr1$Fn5|c9fVZ8S)lY7JBT>ii>Ew{GW1-r4ugQRUm)`Iu7I<KOHU7^m#dHNE#
zo~KLkR+!=bCOSMF8B4{Y_EeC0<16h`?0?dAt{!lf9#6_G{IW<tADvh#8Y1>ma#3R5
z1`5)5+{pLd`Zv{U`&s!!T1&onrA9N{uW=!dNbjp8cO-ks>h>waqEFr{HPqRqPT%@A
zYYqP}q0jT+P<fRf62sHd@SIPmD?bi%J7nY*G}&!s&hb+K0a3}%l*IbxamyEXnP^is
z1@iEp`7h)sertPzcPswRn0jXSNa-v#p23C^X)Dy|HD;qeO*h-cwlm|`WX!;fxM?GU
zAHA6IIgSyS*l6s2)>y=Mmmspj%hDODSiiJ~wl&4_lRq4<KaBj@S54wDAW`B7{o&N-
zzG@PKT<vo~s;<;kQ>}<@`fc$@2K$$!BH_z{A!JnD!;rajK=iLnH6)%4c0TT0r5m1e
z6LTfkgbnDgF-#not!N6q9lMfVxRpnA<?Rxc2l~4eCuR)&wC}2adb9eIhEiKnIo-o-
zW<K=<vlr>TCxb~fN*fqe&j1refSG<fNQ-e%?YF&w6ylZkJAzLH(r7*@<ACl&hjhGW
zWdLl>_*{8iBoyeaUXL+zrW|`PdO}k@;$9#;Fh{^K*KwR(Y;?z|B=YMDNE&uP^^_C%
zvfVUJsg4!!3%<`Fk1&5q>IQiwOLVp@6Z*qzqoIwdW~+KP`*vekH9nWyU3~@4Uh~#$
zH!fdGH9eM_N(YAZsWb~}B&ESP4MWp`+f*cVyW>c%Y@w++DS;_3QF97LH~?$D#A_Yq
zvp#j{VJ)A@s5CqoHH5vZ@hCt0;nEssmAkVQME92w7*)HeM?4a82Q9_bA<h{_D9INJ
zGMk7jXAcKkSat}*=%Rr+lOK_+`Qku4pK{C<YQmT27Ak%eiG`9V?n#P$)~&QrnrkA@
z%t5ycX~s~mOy)7jWmvI5Zn0t_M~2{e?XBQ(X16sk$k=uL1zx(^Sva5vG09!D0by^^
z`iWgc^4JQ=;}&nAb-|nFuI;elV=W5a+_l|W!#%l1R;dHQ<0a<2+d-)@(|!T(=)&Qj
zu|ifm&d<G~cA1xV`^kTbd~v0IS++(RuF9?C3+{NmztHY@Cm5d06OQIw?Er0l)dcUT
z@qvjqo0jQWS)7wn{Et)s^pjfzPHz!^kr(Aou-BnLE;BGjW`MYbxx)lLU<GFOcot-)
zL;m7mGu%5@-ox4VKhs_q!S)AqXBi-tVt3RXBlK>53r19M{Z$iE*h{F`gc`d}9t@_*
zY)Ha1#Bgm(w$w>uuN|-AV2_gM@-4ON96lnc4vv?PqejYNr}D8?N^C4&+DozE_;KTT
zW{kgK@_0UFrNqvQ*BF>MR@FHET2*7L7hhUSp{piNyh?q!IVIMWMCoU$^fT6hHx#LI
zQ?I_^hU+Mmsi!Hx>Ih`*vfn-q2$u2p_`4c^PabOgZ|!S}ej{i>yUr#qH4}iIW^vUQ
z!Q*2$Y4<mq@s+O91GWM<dmRbn2n>}vx>JXoYuzTwvo>~_)K!{0AvM@vYVoTg0vrJ8
z>GmHeDm<o{Uj!Qt20v5P_YL-2H<B;>qJj;3wA0>m(%xbLSAl!#3_clK5@Xw=6YV7Y
zA@*1T{WOnP$Ycoa$uef%&5nkT=?_m5d7M$T0tmpNoW|Lr<D)SQ?g<?R+oEentA8yd
z;9ck$ik}zh@hKV6bnD`%OTlj1V1JIUaj=jm%wZSNget1J<Td9o7oDYDn|#*!Sw71!
zQ}MGo+*7k9lbb9GJ?Vj=MABsEBziCBpBbJ4Cb`)QtK0CH92Y+R3uht^o^BqZf#3&d
z0Zo~7QdE4H?APt+A4yZ<wr{5xw?%lt2Idiz#MZ^-3ubr%_20OE{ox5Fsixs6&ZAl4
zGW+;n!bv}20_kkf;tJA<3F_m23BQY{7@j$@<9VH8bg&ev4=<4O&$OOVj~O)&%3G%T
zTeK!vB{QLQTk_+0qE_$5nP3JeGe9{<K>uhL^pCwcX;Yrhrfm59a5klI9Kf{p_=}pF
z*ed_8H|MjUFq}lGz1d_J9mC!vXn61WPpQ56YaY_s5;X@Z3Vg5~8!88L@~ZcP-C_d;
z*gf_Iuc}>{lNyLhLY`erLe={L)c%_6-?3w4v)nOW;ai`kB8e(LJ<HA^pM0CZH!c5$
ziW?K(99Mnk!JID#vzIj~KHP)(%I`UtS6%!A4rZ^tX9-lYI+%S)2ea3qFWvJvbW4pl
z!<gB?!Xq25K{CTZ*oo)z9GRZXZpkO@YB_1Wa*%n+@1C>}s7QWD%#%c!;(Yg{<q%dU
zZSesoZGQ4en=2=+ps7Gvf?nuq-?Lh9#E(306W!G3?YUH@w)l!MN}S{#v;#pza?lpj
zcY7$l(&ZQ;o^0m57wS`%O`AC<$nOrt?EcK_^-m8!FH}EM>WcHdlSTzr7WZ-v-5W@k
zLzn9kM23A8&L8B^&2bOiEceh|_(bzV_i1?#XXibx51lb|O>gr*0*Q2zZSIwA-p$?S
zCnj%mG_~7V(d2E;fhmV?EBEkirw(5uB`P;OD$Ck$gSR5BLrP4Yv~v8ma*p4&&hhI>
ziCrkgbfwPu+fJRo1_D0$B;9M}cCQ@=a5qVn6S$Q+fsc?^If7d`M{qm$2=>Zsf#-JF
z6-POT@L!n-=HpRkK87(1(U@}xQw^>f*zVrur*MvaRlVBp-c)@G=i3z|#82Ue34$O8
z&>wy&&)OK|rJTYQ&ME9u@EbpcvniT<3hxh9JL+_8<x(4vKf?Z)6lrXsjO6Fim~03+
zf}f7P6hDGh!XIN##?Kce&jr13_I?wZ?#&3I1T&DEST$Fs@DLO}SAhHF0;~Zd0yH~#
zUl!x&NzP&%s}`ec67m;{Z2RV9sQ3@3$eJVl(rgFm|KU*u3-|F5#N<~Kppkw@jr5NN
z>7OjKUOh(7y2l>6(nb9r%QEEIWh8+5-<2wU&t{kGzb5;9b>9|!OT7j{|6~Mj(F)E@
zfk|=)50A?szBrP>YIYC5j+zvYR$gv>&0Q2{tzY0TE8iEvGpFOLHREMjD7;f9*-eZG
z$~P;Oge~^S+tHU67rPoa9dN)u0stP~Ldz+C`)7x<(E60$W!v}v2cGgnIywvf_+Qk5
zKfyy*>oPSF2Vd|vM!O3>YQ=sFeh~@of<MaElm&l~><RfO_w9OFP-`D7lTc$u;D}IT
znlbY<Io-o$o@htshq{^OsF#b0@7C5MN)C8x>5jG>Ka<H(_!pID=VOluH$zm?gWJlj
zS7X=m$6xe%V0iKEXGhLoQ@Oh}CeGcz(vl+%jNj!hq8|lcX#R&4#p791sBVpEoki%2
zzyQoII|lk1&)?EMH8OmS85v8}%Nr}dX+80+5*3%Fr2CfGiJ~hE>8+e(7vP5ARqYx#
zDq%oNmN2&|CEZt-U$X~=MNy51pY)t+_MGr7d%YN~w)aPJ+Y2nCwQYo6BR_T$`*@_3
zydaKzeBEnHtq*FxNSE7p=+pGTd2UUp-bQ+7gJ}w?#lLy@^4GKAjdocrQ3yiSXlCQ}
z1MSYw#A8HgC3fAa177V;0wMc1Ig^aoaO!v$AePsO7bf|KHN$ONP+i+JEPq?z0CzVp
z*QN2}HE5C+9^U+E7=H_e*CL0vTheeD`Uc7y2m@>2gjIVn@R_*S3|Fb)E|!@n?Y`E$
zMr0ntW!vn^U0rSzZ^R`cvj!hAwPs?^lH1$nR@SJcYKapjk~$MOgzv#4xVQ`0#0l~%
zYR#A2o2<ssQ9#c*w1JiDa^)oKo>CGnb1%!dZ)-Q~<K!L7p?1&%J2qX8O;yW($Qk`4
zHnr-aoc^%drWrhBZ#~DL^@+;y+({qL$I10JPY&IauF)Gc$9}QeJ)}3O1JZti1UWa?
zOD*5lN-Z1gomZ<6a_pz?-mkc(yvN<I;$PPnzL>L<c(u2w)FAt{*BQbh>{5AFPct$g
zwZ!;cwMo<m8bdoPc$B&oqLK>xMkg6niZKqXM%tbsdl;XN1#c!cd1YTuKAxiFPFl1s
zxQ#-w@%-T>FdEG+55C1B!8OH|-?pAK6c>i3v&{<d{a*>#aM}BY{k>1^@3Teu_DVFc
zItJj=^vyAzzwW5i(nvX*9KWT~c4%c|3HV~-DtD*viJd7T;wlk47F3s2RR_||UD%24
zGG@*r=|JFg_x^io@3&>|*Rc2RbM}5<uNO1~Qp=%zqC=n;Q}nJ8`jC#sxBrWJ`>!aq
zHq~rNcQ4~tiVY?XlXZ<;&mx%}0O^7+5>ut{nLq4bpXFx*zw1wZ9cxVR0VXU(?+HGz
z*`DA7RR#DUO5boEO|`;3&0M`n(81oEi9?d-AIHG5>3iUK_;L?uU<WUkci=}11mTfS
z*L4tQ5coIt2tEjO03TqKM}g4G;DhDhgAWdc56-7a!3RF07}ww1m{xJWSu^p>+l@Fj
zI8_o(!n#Z*KRby@iU)vM6ChG!t>nb8#_&_)gLi>&2Or2L@8(kFCn~D^<YdesMBCC0
z$(Z3koM=<rMjSpnY_z#;9PIGv9~E}^j0d~JzKbak?2rLx?*Qb`YPd!Y9{Yh8_d^bI
zNr)qdkCtiV@a~mK@g*I5gM9W?;u!ZDGv@=sm2l3DJF8>2x+FC}&V{7jof+sYP7Q+N
zZ_lb+<*nQu2#&nnOjSQ81~0wcOjAFD!Sil6(--LUQGvo(e<%CsU~f13Rl!r-?AHam
zl3kUY6zp_+aYkEj-%-Ifiu*4#JQq*JNL{_u1&18D4;}5?hmPHkc0cpO|2{C#9GhMC
z>{bpKe0ZM%gAF_c4CXQPWH5kZlQ<*Nu5iKNo+U0Zr_P8xdo~GiFnI4J4F+#s4j3fM
zPePw_r`w?!n11lTa+EJVtx|X);sD%BSee^Flfs?vj?97S_b8;i=!wVGKRkS_G(uyf
zF#3V{;J_W~d!%nM`e*xak<<1j4u*QuqBQ)1EEUiyG*wtBTgh4SBDI5<iT~^3`$$G5
z43=7l!NL;;OBn4!e;*u@PJ$iMnFD~!#cu?Ci)t;dc+YZ_4$C7!<sSGKv1?rZh>*mM
z5HY0|A-T$OCXb5treFf;ildf7Of`|HZAP`O$)37Mft%Jqd;`t8X^^~Ez+qK3??ik<
z+xtEH?P;j`itk?H$HM@ke@+9&thX7Fn#xGq$`S~~&@Hbp+^Q4c-fAhu?iW-Gnv>F&
z=456n;G|Rx(43TFcqYf67w4q3)IWuj@_D(WBE`7Yd()_E0yj)VigEhN;xkj^GT6K8
zNX<{-aJneB*zO>nT;Qj`chW+P9G9PR?Y)4RBg7C!;c$5mXRp6UgIx|-L<wY)6ha$g
z*+w3V$Z-SP9iF~)0}%=r?qNx^9om`p;`uHnH}puM$qwYY#;Lm@;P5@~9nR*JgB3C1
z^Y>y9_Vwhw|7o1pUG}m}fLSK=$lt38J&K3y<2v?Z^l=V2Zm0^Ud-P4bGdJ<P=qn0f
zgaiA=^X^9eOkcy7l2FBte3UFwQF|&9AZ>9eMztl>7CTw0gn5cr7b-j240k~^_<pc7
zHbrWvuy0W{1h_`;ve&R9-3%whF2NvDv<-k=H?e(e07=eU;ODZ=?AQ%R@B&@U$QXNP
zv5h`0B7{aemwLs1tSA=zRJ;wDqJ3(&Csq14de}keQFy{QAJF(l^yGXJm_zW*I9|$K
zd~>CPObYi$I&$%^vHKb`KO%=8t>v1}(3aX|uYOLp(+YwE#<7fqpzvrcGn(Cw!FtJ3
zjcAnffa`LL<NPEnPQf>Q!83Ipi64lQ%)OINLGggSqN0?cnln;%cLSd5jM+joM_=cU
zi(h=*za}mt9!@fRVpWIYvHE9VglWuPC5?B-tF)N?XZUKG(#08vF`!Wt7}dX)cswJ7
z;vR9U(o1ltDF`XYSM-iC`?r)Pz$EjD(R7Br=~<a^BI_YD6J|f1HF53zzOUv}s@|MI
zltj8cfNr09PNc`F;>iP*fm?BSw1H{&gJVEco9tt57M1@m{j4p=56~h2ptQT8`vub$
z2il7M_duq#JX{7d_H)czobk_k3qVxsrjXl87r8wz#G99Ic9(@o$nA91Wz8mjwy#ER
z!X|Fos*qa`e%kt{aExEmKLyYIUHwd1S=`rQ6_*azs7*0HE9{?(?-ap8E^70-sO^qB
z6R1t(lU4E_&ffQ1y%YP<y@Q~(I9e+-t$e>V0;pH04HmfLfRbw~N;|inMZ1xHz3u`7
zO`NpXAz1T(`a^J?lWwts=YF&92jIEa@1&KswDKPyVcL&wUB^<ZTW!zZsp&n9hwQ}<
z{{f=A4`6VqmgbD-O9f~>w*8Dtwkq*&zWojfLa!7_9j8!-+-Z-$2posGb8QSgT8H)Q
zC0Fnig>Tp}t!2Yx*}tc>6xcR|Ck>3SXFK(+lltBRkew32*JJA()-o6iR`b%>N>?$;
zc_#BWN9e$XaJ)ENPd$;Pi(D=nbc0wQJS&bwBE5@PBx(GgPYOf=G+gtP@UuI#l7h4p
zqFX7d39}>dn=HEcHxX}jXjZJHFLDzuUbl!41o<0mMz;z`fE1;%(!2^9oW5M|gnaud
zn!Fv{O&kQg__gE*2EUy+qAT`m*bE=r``5B9YB4^#g19f`l+tH;OXwVgc;$S!I7jHa
zmaHs2)`rC#EXeLFcz9BSzu;ji2eqh4*trX2Rx|tk#@%jZ1iTpK)eKvE)?CiI$TX;>
zo%XNz4V5q=zLm6W-QM)Hf&v2Z{zX>JYp>M_W@_-h*dy$x5*2&9J?0zv_CNTh!!pSL
zc9vynyN(?DK0XN1@z1-+0J2)C`+TJCa}U+$-~fSxH!slOQEZQix4bddS{I=g|J1!W
z*X>0B|8n{xqh2Z>huNp8)^^#ms7nKk*yA$~dVX<$VYS>jxKJIEQ%$?+DTX)@0Sjm5
z)O@>vSMokKPtTcYrSBXl1L0$i{g!;h<88DxBS`?IQ~%rZ-7?AbKhV7X`MQ4JLF=ES
z>$jh{(`n~w5_EhC`jj0nL;dkS^>@llcFUZm$|QQ1?2kk=_i$u}(WiFdCB%97VqkN#
zeeKx2Li&gs8jd6(6}*A##KHxmsKpmM|IBVRlGMH4T>LZVpJ)wrTg|DTW_GI={x9lS
zHPH+>3g#li`6pi%r#k;&V2F}wA-C1k$(ZH^a-00!zK!Ka&r)aUx8+5fC!QewZdz@m
zR&SskzYE^<?IK>%x>#$xr53zdvg>QYl@gRFoY4SdLXKmPQ6)P6W*Ch!$Q7|!amc1J
zXka;4!`EkpcBf4mE*3s$`z5Xy^Ud%vs*t$s<651Ci!#pFZek2(%oKw^f6=&{;Je})
zlHe#)p{+UF#j)0JZ$w3r7Y|m!OA6kM28Ax-c+QD+N>nfUR#HFwFsJV0aH2F3|DiSh
zR@gv9y@4~F@vWi7V1a7w6>05B)tdOI-D01d)Yen6-{?t@0)aQw-D{aiNA0Vg5XfQo
zB1;tX)PeY?FlmW{T3ljy%2N1Kjxx!)Tnz?-2=KaFC+hjo3xi-HRHsg94KmXjcTgS&
zSFDr34{M{`rL@kSK#SZsrWo6O#wq{YP7~*OgB@d|r5aT4hP|ni0vB&LE?sM!wtTW*
zT!4n#pA*j5Eo`Nko23I0qHBeRvN@r6uk@T_@eS*H(V!FetQdG^`6B+@Cg03gjhRa+
z08B-{mV%+Z>BeuW;~(#=$*M7)M;WKbi0#IeHFnbtZBj%P@RHupGl!)LSOouVAjH@%
zJH4;aS41QvAQLUG2zK&yt4s7eSP(6PLKJ{KDhXiEb^%r*86}2Ubu@WR^p34Iu`+=G
zj?6d&oa914>;xCW#XUj1bZ}+#J&tU5)oV7U`_fT@M~F8lC-v`~DeFPsd2#eDln|ch
z(9e2Y;DLA<etF{m<{H$Dwf;v%+>xKA3Qu~>0Ug2^hL19>39Lm0KtTMaQKF-aFA5DS
z%#6fe9wd`*t+d|eyc92h#517=ZU7bzz{RH*65e<}ey=LuYHvGN_al0BLftvp-c`){
zMMO-i>qa`QMutG&)8tBfpg;m*WKmDFYNO&VRvF^5uOxU5hxF0}row8HcsgI1OB0yt
z9kbgm^c%rcNUHGLyAFdYFx5J9Ndi+*APG}_MGi34x2cn}aVXJ*Zig?7OWjU5Abm4<
za;!fgUSubuI0*_wak7gjPHuzqp2#LR1LqUzv0tJ}xh?ri@H1azC{T|kr`1QG-WNU_
z>VV6g0KQl@S7b@kc#(l`-feZP8?J6ePjd~bt_n9oU9C|q##+b^TCUjyWE^Q)I1)&L
z3|S4OIDX?*?)oeJTwnmt={I1K_=QpR2bo=KE%udiX$0*rNlYfL#c&j~#$1w^%#~(0
z=1<W68u3fU9Mo)KGM6W#{WZ-dle?ianQ%YKn$%uu0TyUvw87rdV`$%Bv~Th;>>sn0
zEdw;FJ_pLwelmAq1IvzZ3m8=~!2%Ax*YPpg2N}8k@K|OoZBn*BGO8&yRmtx(eqW*r
z04qhdLceCKs6xL*GKEARSOelWX8ulE6og+73O1_Fky%klUmJctFi!bfcp_TB2c~?7
zDi(MxHau}()%gBAh3~s<q*kaKsqr&aW25SZ93#5Ma$Vyp735Rx{#`rN=8q3`W;UoJ
zj-p#?{G6SPpH-4*J&W6cwNVs`l|D3#j+tM8n8Czv#}RYq{Sk932QlAt6+w;!nG%Z>
zt>M=U2bY?WE@KofefF0cm$u12Y+OoP1Gft<J@d}J*ji{r1vtj9Y!E6*@-P+u4HI8+
z5@jyZ49v%Inut4Gta!V>g0r4<bE(7Gd>m5ZLrm_Gy(~9o3$sz}rS5N-+~WC$sX^cV
zT+_MD?}^henP$-&+~ynQHs6J-zA<|&1zpJyY=&aH%OlXKX)w7XZ7*Z&^+c)?9SLAO
zBi9ItF@cYzQ(6;*w=M0NLJ)HCa*xKu*|EWLy8s<Q6+mpmveYpT>K_)w_p(dVli|90
zK02Yvud9dJr-ZUOCLZM2HWKN1I)dU{I#EN=g`PlRWC#IpaNKhf5WF&QHYYV8hdj{?
z-`Z$eQyV#WZO(Q?P_;Y<*=F4!fi()=YMbI-p)vT+^6=T>{8s36+_E3%vxdSpJrCz1
zjlq1Gl44<Hgpxf@M?awJ335jEleJ!42O`oNrrAwjDt6O9$QS##d10J0@3KEXg@cdt
zq4XA>k$(5i;?BIDgGdOKP~Y4XC-z-XP0<GXwX$U5x;cEz_<X$#NCnq6IhBX0yO&a|
zhd(QKtTCd;(76sujC^$i^3^l6oC$x&{+OMXOzC+=5q%9g439R<=zd3TwY+w(%3Z)y
zAB^oD64n7&S?8594@#yyoyo{^3*C`B-zi+lQyhj54VR^a%QI$Hm%JogsZyiNp1JA;
zY@kz&vUkH}Su?8_r+DP09-!$3m&j`>Y7J(giA6luU&U_<l-P}9a1Yk^+0^K<0)8(^
z6;dO&!Cq1W*Mq;@#`ObAx47U7qCblG7kdHyFk>e=@4i+aI8p<lt9RLdqFTT*mZ=Ki
z_I_C&72BQvr1*7ea*F}Y%+x9>SKMeqTUwj3tcL)Gnh9{%#`=Iu<TjXI_Ju1_!Pd9r
zP7sD1+)X`G(i5*tS0#1Jbg5}_4TeN5w!#l>H^H<%08AiuAt!qY^Q+jtv9*lta_WMB
zKEd(G*<czqU~vu&B&O*UX{uo7Y_K1hxld3GokH|1jMd)~Hxh-JG}s^<Uo%z+>?ENc
z#X4YJuaoM(2$UvOPh4WEKZDg^dbX<ix7wxDA7jg`0~)wQ+ZR;{y|dYV@j=pCIJMD_
zC*?gW26ZGkllqfRe}wgV?w|KHm2gHGGoPeK3N2(_BFm>t)>2tlru;k-Fj+I^ZIe8S
zjzqFwx(c&3jMg{+uswQxlpILL+|^`LwrjUyyVhjSCYdo9Rex7aa3zQjC6Yar8q`#O
ztLwO3GDmukg+@k&<kijF980!qDC=0VUAvsHF9d4Nd}@a7Xy9^Q9^*yq>ME8UL00<+
z-DseMtqqItsBeXbm@*pX%6O^2m9GCf>MvQ`fdblIZj@@J+RmT}S;v2kY?EUD6(k%T
zsM%EZy@HY1!nO8%eo3B3OEe+*;IO@p{*zL70|jiCqXX2SnA0723i#y<YB0Y8HPm0*
zM%b9*wlQB|?NknLuLfKPHzdO={Ks8(8T*d)6&@S%DS^0ryBix*xMUJwLCBcUiV6WZ
zMG7l`5S*9D{uNR$8O>RsJ`E60tGQUg)DEh20U|>KL_ZP~KzuEE!caQaW`WE|_LFd4
z69DnjH5wpZBO3tWi(Cm^w86fKWCal7R)u~ytKpZ_ARAhoBneR6ESV#{*Pkp5wd@x@
zbpawk*>bB<OdE$*%U*Aajij&lPEUe~J9$ZhiEpn~?Yc0LzPC9{1a%X`Xd)RVZc?4B
zwi~bmmEPA=i~U<Lar7YvCT8)XVd55kNuJ;J*D!I%(7j0q7WZ$?wei}i&Nu$>WRaOB
zaEZ^T8KiLuXDiFfjLPB;o59`=Pl6Zn{ds$km-bm~p|hiZyKi4pZQ{TjJs<wicIiVe
z<@_1cX+Pdgwlox=$x*%<8%?xoYIdg!l71Z`*~@`o8l}svHkZ{FtSYFMXQIL+{Z8?+
zE)HdF%v)2UKNC0+)=r%r1qFq^0l{c^g6_!NIc-09`htWccq(Hx6{d@1Uyj*a0-mnF
zsu?`F#<3@n+#H^gYUoT200*KR4Nu)AbEJ0}fvbS0aUZ+z^iTqxS|I*$;prTwuL{SM
z>3+I6=BW|Q;OW`j&EaX&c-2G}O(et9BMv-0i2Z=T$`op`2Qo_q)$tR78&a)(x<cOa
z>qLG@)_(moSoOYWFB(s-{+9UPtQUmRYh{`c8eSSuLii2?vg!up$eXNrZ_(5O`>Zu*
ze3SweZ#@6z0s`jAr_S;zyWmY(VeXH39<=}74ikl!MY$t$@GW||UZPM_;5t(JkrFCQ
zpFU#QsZ?(NWw@S)3+SszW-gF<C_aXt3-wPC(%h$h%G7txRrAvDk<7~}RIp4KKa0hU
z7I7EsIY{|sup_9IvoiSt|F!_sJ%0qC_5o0TqkuwUnSY+@0#uqtQ1_9b0O~8r6F-?F
z*=;XNhNoj`LJq7~$))hqc<|F!d)<`|JUyqnq;A3bXpdySf|Z~`PhV<qdQb93dJj55
zjj0P`(kIDF6m`(kLY#EC;PlO}lF-vmUXsw$aNVqno<{C!4o)8*ubNoAu{k&`Q+=$q
zFQ65fw(itoe|`VHCKNfEnxab_9JPrQjic7{OENZ`rGd%5K!B-=YBZc2AxvcZ@0d=L
z>$2$Bd%z*_?~%;Z!mkqVjy-jSwcUOOKRkd&XJ>#$l}sK99n>JxjClh0;ttJYUPI)#
zc13tG<5p24+Gy>*IZ}<Sezsm6(Ee>#$kN<8G06tLKS^x!z?B>sNfkBVl`LM--*rXP
zsYq{nsyb83MS3r(S0u&FL_Aq0H2LE9_~R^5Cpu4l`}51&q%1%=FcB*yf$YQ{E-vp8
z&GpE1=ur%s7E%b_oXAfDd1c}8Ic1P=M@di_&c?p~vhU`*=;ir{cL4)+vptK1l9eq8
zCML$iYOf-YY+2%%`z5eI@_ls1=Y{l|;C~2t6^U-K8?dd#kkCZqZ~`9{kxZNxTysGJ
z3=`JaH{#kdlKJTULS<>P*Q~3`okOc4yV3a~&*fI~V$UrAB7{)ulHq)^|B#x-&R8M3
z+f^+{EeY*KE3}{6SXHj*8W<g_a_@1TQZo%K;vp7V{H#_#b*_4TOKu^5<!SSj{xmvy
z_$hY@DJh>NX1Y9u@5-mVq)++Ir()+>!Bc7)q4KEgW7JPwQ>Bw_0#9<yPx^F^^XXCj
zX;IRrYUk4${b^&;C)@eds6S;fBW|xfGCTCz%agY9olmCqWNsyyV5Q2vS0LHfV1|mb
zQqAy_>LOxVcc_(-m6D5zTm^o9z*PW|U7UUfSry&P#^%zoUr_}BD8EaKLgp1?;Vtg-
zd)a2ow3KBsB75m?1p~aCxLbW15bPv!DQO`F(83<mz#$l;Jvc$EMzQ=yc6NivHxks#
zA#OtVPN9v+i>e>?vES@%iq03{3TJK$I+#$7n9q3;OgNDv`TVm{bmdM_YJJ4!{ne!k
z4_ul=KAuUE%pSflUM7E6@^daIwF4<(%I8S$#wBXIzj5qW4n{6yCb$_2!Fb~Hf-AS$
z`-Zh~Zq~m=jONZm9d_Po*4o{#`dGt!u+w|rEpOrMjgxqA4tei}1nkLRqIvugl6pma
zpuP4m&`u<i7}~>*$>O(c{r4#(85zHtYjF(nm})H3CLvUqYRvn+bTpZ$-q4Jw9z&<W
zj5k@;aw(`VBU3oE(C)Ci@<EacWpXZQR>S>5REI~(?Rc|5gQ*X%W2Ho-_iKyQR6Wv#
zsS*%hd;)*Ut&O5BTwympCy4!)+(P^HOE_A7&j^+ka$?)lf1Q}KaJw05JbJDW*Mw@&
zAM>;auR+R=5x)SvtO~Dbjma}Qn8<vJi}_zsS3E*tiQ+M|$fhZtV05UgR6i@#4ydbq
zkT>~PSNW)V%6_g~z)v34Dt%2NUE`HXK`V8Y8mXxK9<^I5Q)IJNdS#3X!&C}Jp`Jqh
zF!f`YevIK!S2=~hPUcFTF1UkkCDI?&>5Ei)eIi}<7?p2S=?#f=!4;%8s&p}Zaq1UD
zLApX4mBoqlVLIL9QCBJ2lWu=>x?ujg%K3@(M|HZW?$=c=N~EvR>D4NIV<Np#r`sw$
zOK34YIbMF!9}kbZ%6ums+i|>O!l@e!2Kxd?(oSfF5u!O2_zX`*Pxl4@cpQlw`VOmc
zgYa&O?Y%8%GS6YpT(Zi53sy;Y1mOTlgCSPGALHcFq8YwVW75OO-#AI~-y-a~roeH{
z&wKGtF=n1%No_AH`G$$&!!UZKsOn7Hl<zZE6f%ABllux3uU6ROe+O#rAh@E++}jk(
zh^1*P;WoyttE=7WJF9PPN9R%rJkk|135PX)#zS6~=lkbs??lZv`Xpa7I=Px6n1@gC
zm8qP+7*+SmI8j=FjZwiRksa)4tSEN?2wO$*O~{BmyMHD)4&;(2H`PMTvAirIliLPK
z8vS`Q(1HVRfE;+rHw0{y3Y5u2yf*=v?}|bt8-mBC_#WTKV=JcbTvwc8$p3^pcUUD`
zs8R2-zdU_E_O25j00;XFd08Ptx9`0}5H?o;%tm3l^UM((%V?_AXyo{o5JOFNgK$vj
z!eLE(=th}%;mUZFcoKL~{XeY2gH+)r`*r#z9D<YL<4DLa2ot^1dQIe17U~M$n4x}~
z$8$5sMar-n(P)PGy^;6PqfL9v#T)`*7Man7`qenO&L9`zE3zc#^G?pQ$?3Q9%y1u!
zY+h5!k$do(Yd@dQT@eO)zbdEjjtRPnX->gR)dUg*D@%!olcg@QJw}x|Ecku{oEn~W
zYUtzCP<xSdQq>@oNUzgmPuAHzRKYqsm#65N2z{;sBnVX;>i6~addQ=k+P>gjh8$G2
zF=ScDP`}rlY-f|LJTh60dAXDI9J2bYd^{M~8%`5Ubf%B^l}jo>-ixyU5XGlKy;9aa
z)Gy@J^z{vT0&a0?$&dyuvSt2?6wSUKj3e*C&{F542Q!$Ry(-XSz8OX*_eMTU&v#_T
znAG4enUXD=Dj>Rs=i#ZCogI8T0Xi}fCzR?LWFuzTqZM;^mpzxK%vKBavCjT>pk%7E
zck-0k!haS!wP%u(=kU+%D7Quvc9Q_s2l6|?PP+1Tu7bLt^VeZzF|J=;r^kg#6O1h{
zzJa~W4$=2^1{4=-)4X(<E4wpwz|BH?Y+z2a3^h)M-IhkTA<e@2)%D4HG|}Fkao^qE
zM5nsPsqUcdUEpM}bbEFO8cG`LM3R9g<-c86bq9{f<5XZCqy>~PcG+9!sv)ybiW%pX
zhV<|FBu3k)X5w?|+^4m2)H|Ak?6W@6f(gjS9{*6WU!ZlB&!*k>scl$N&J)GP=>Yt6
zwHM9N0}+2pN|Vu1&y(XV)4rFl+9*2DVFzo}<5c018gBZ|8iuJFcG(L~f&BBdklUt;
zSj@#!+%gTq$ZROfJ4h|B-?{|Y9pp7F9H%+gUEYD>!Qheefb#S6!$S+LOCVZT1<vtD
z&c}X^&nVfL;q$#p(_!Y?V5YdTK<A*|@eQR_9F%V;QE^bdp-^Zjx7sc@F2R3nhph0R
zVry_QG=m8!s?!>oq-k_G-=ul2#)F5^RlW^U-{|rPevc4{q{}17Glo24NK=$4?-O{R
zK$oY`<tgF2D#>ZxEq~pPPoU#uP#quhqdHzq$2mdonj^K=&60=w^ILbTl<=(iyqVT)
z^{7*C^4$#2x<`LdkMP_F)!RIIgztKkzt-LIS2{YxADJh){1IJ7b$6bsP?So3=v1p7
zt7V_PKw7AqUCl%O8J@Y4Vsx0NK7?mg^G4t0VRV?KbI+1D`NyE^c`#^s$Ug?HQo^&=
z@J2!Ps8et9ok6eHAJii}ccXfnCy(%5Hh-<V<*z$v$;F^`W?7?os=^;VXnNcr)z{6E
zhy0_*DkVItkvDp*9(C$XzSH9rP7OY&M|f_QdYdPY@LeAMT6fD|x5tu;9_!4i$Ew1A
zr^h)`ecdd1$Ul0lQo^&m^1+&|9(C$XzSHA8{Xsp#bMw{PJb8rgD&((qxBPW`EV<~h
z&a8T@D*ShPTrAbs&60=wqsJ;GJj;|1)@=2tQ*ZK}9#`lO>JgqhOufyMNBFK0{I%|u
zziy8u7d_UQRgYDL|4xs`NcDBI<RSm)u}TTgnjjyn+3HcJ-sC$yo}xdfM|f_fdYdN?
zFadwr{gUKtUdcs|b!OFLRpGzU<5}~ide8|E`R510ND5d*9@cF2s8et9oevM{59$$~
z`>1-GCy(%53;1i@Eq|rQ7n(Cx>RhU;s-_urD&>du*k|>vR(PgG{OpuNQ&`myADJWL
z!~m8#Irb>&rZBJjj!LE;;`!gcrg{F}I=|hH?5bP<IhxcjwMFrp<Hos;Ugms|kNk7_
z-%5FHncSV_ls!60|EjB<=g8#bJobf`%5B>RR^TE3^r@Udp7QWt<We5%n7D$@r!%%)
z$v0Tbz5Uk5<>6ek%BFI|Y6^VpUcHeU%4NJdxRziS+(eYzu*vo^nAlQUlzTrd$|KR@
zZ=}}nUlvJ=9TNSey(vGky#*tk_JsdHd-6!McRaPy7hzM#kdJirh4BB#7a_cy`Ki>U
z<&h};$#hkEj8i%%E{}j(spnf#`C+=eJQC#}k@AtH`6Sx)tP;Po<oApGW)>O%*H{~+
zPsI4i`(x&N!8OkKH&Pqpmq(%p$4jl@ztl@h&F4GoN48h&wzo*PCyzvXf4^0YxR^wH
z^cg7BNB-!Me4(Xzk}q&nc|`q^o9jt)_|66AR?3*6J}DB0V}tD>m8+gTMrsQGQ5`-g
zw9o7!)r6PI;mRoGA^$WS_tkmT(JFaI=)BcrAg?^+pU&&ic^_2?<PGS&_wY_$dB{JV
z_mgR=50xr`ymM6ETPGkvnUKh}ROPyLn3Tax<<=4QlPcv(h)W8Ig&b;mc@)Y^6tZ*{
zudqvwbhnht%r>efQb<$nN_Qej_^tdSGEXKI$kr5xyPqI!^M_Ahiz*eiBi#DjEgCp(
z=Rk}{>QUqL+6Dz<FC})nk{2ay;Ne$^JqX!<AA7^Kcc#7dw@7>6fC7xF2UUB0%*fO{
zyJGHMo&7yk`!i&Vy^&mdDI=l$JxS&7NGk7XUjD{Il^>Q=eu^%?b6}n}OewU_;;ZU3
z1~QECRH<cEGyIa1RQ`ImJfr+r71%SC0_zhZTle;<W<Tm5(Hx&QlgANGg-HqaL3i0#
z2P07fPaw{ei~f<ilP9E@v#!aWLn?}7vgKbc51$O{OfivimH+23+BcK(m|w45JXmhe
z8|-1^_ggX1vE0Z--HVq_uiMzu_F2;ZN8@caJFODu&t>uRC&_-M=~oJo*=Js@o|i?x
zBtf4u?%xD|hbtnonZaD3gek?d&)`CF(=AM#WSvQFcl*$*=6?7^;3H*+5=-K7n%2({
z^1#i#qR>ROR5HD|vkddClgvmEYweY(m~R%Aho==22zBDxm^XR)1fIe{Z*q>Or33!3
z*WdkPpY<V;nbNVQNZ7e{Rd%j_Wwy$@Z`O9M>DalZ?QiFbJ#5_0wVP64MR#`cRH85K
zlbN<Nk$DkSN7#s-7z$2boacNgPu+U171)7$)LuKXq#2x(%zXdW_9_ez3Lx*<=bSB!
zB=|l^CGx2Q_9H@(DMZO-`!)(Va?K7>zjlci?we~bL|Xzb*!7pAEc!%|%Q{g@(tJIL
z;Yj#8d-C{nn&>%SE%M7ApP0=0U^V4Kz;MIEJkAFP*_(n$NPcKs6zVsa{KB7GbcN;}
z74tqCW>tL&9H?*}+@%wp9CwjJBFZa9)zMD2Kaowbn9`S4fU}m!@Bvqd0UscOET)Ax
zWzb!~UW3V~v-=5hb6J*gWaT2iKmlz&^9$Xp<DFhT&b##L4CxiTz~;b~yl?FXE|=q^
z-wjd&wv#o|;?x4M?OG|e(<n6Id3}Ej89cHX5px-JC`&#nI?3tE-IwbL>gsgmuf?h>
zdY)NYcxrxeV^E68GBjvm0%qsO`D<v%9h|{-d9KT0drNpYuN*CVvCgi|*Q~P_oaeJV
zfq>@g4>774BAQb5N6>W;(Z`W&B$QNl+3j%d>yNxJhow<jLUPI(9YT^&7kZSxTJ#cH
zzz@=^dDMmEG<DL~^MiDoM_s5<l9i|?l)^%iE+>3l$je_RUCw&a3st)5q{||Oi>E*_
z9+r(&<YDQJ83{?_!ZJnAPc^96r~b$j(g=1<+0#={Sjnr$#rbM<?R(UiFG)Z6hl_Jt
zQgCs;93}h)!Maxi{i-9C50c|B`-1AfnhpE8v)UjhqA5>yD_Tu7xqm~O?NwQBLs|6m
z2Q(zpWuKd9=)tCj?`UYNosY)U{@a0_7yX@#j~{0ESy=}$KP^L4;18>bGwVV!fAWtL
zC2+PGej;D`8R~cDC3@#QdZ`BYeBNc}E$Sy2tkA6alx1w`Frm>#+5&@ESb<q~3#mYu
zg7zJX6TI2}S~ZM+NA5BLh(xU;$7P2lZCH<Y2H_*x%Z}80VPVfW4jclzkgnb_RCjgX
zFx}Oeyh~TxNms3$%ap-SCB+m!HJlmbyVf&+cX&R`7?^|B`J7SJfkL14ZDPZUQB8OP
z{P0`Zl>|Z}#-Z@TO;R;K{7MS0m#c&D!-dVNn#y*2*qlDN0iO;1KDxMlN-W=@r$oB3
zo&@Rah`xGW!!4H-vl{NiGOM_3khLi-4-;Q5JS|V?%WTKqp{s3*{4johnU>?LE6b7P
z)RgNfd=*4@r@iqKNdLKF^`MCpNrhIy$#1CNx%5GB|BK|2K9xFsdbN+U)*mOWHJZ}z
z(W?ZFAqeXD9vVS)=IK%k&iz!!JIB+e9{)xAkDmlJey1(Q&oX|;_>1=&Khm_M@#i!C
z{G{>o)fxZL?-)OQP~#_$8o$%0SJ{3F*1v!Jr#j>3*?jy%fG8DMNsQ;Pri~1O&$$wX
zeQUeKCxo!M>DcH=vSrv9$25J*U}~KY#_aZ_8=-BCM;SeVGQZR23CpG{2YK!6pKI%+
z>%VFEZcEQb9rR(hFVvK7+%}(PL@0QGopa*>cFxLluwKlaF>|vBmuF+}w#HnXupY$d
zImvnuOK7{0819o#HzR`yuJKZRXj}iC@2Wea`PN1=)Rbl#1M1A8S{``3`)1-%S}tj~
z`j#1qCr^rkJ`g{sk5Mq5%Nfyg?(#!~EhFxr{wxzmtnyI5u@~wUe(xf^!dLSyP`9N}
ztuP+zcaWFGZmB32;bDaPm{z*lB{;{IU2>vR$6Zbx$2oQUMc3i0`6PLlAR!Tv8H<i`
zAKfqp<KSTu-lNZHvetw)repP;KIzJWRZ(SE9sZePQz{axK3w3W!RIc}oj%cN@Nc|J
zr+d2%Zcb`&Cw?9T1=kJa#6c^lCkzHW>+daCm5k45CgXMaZc2-#udBSyZ%<OXMj-@F
zMJqd4FPIUg2ZcIPUhFHV8qc4^hX}^};UQdnaLb4WDChK4PkHzp$lHbk;i%yNI64e_
zd0!lka5Px$1CD$GNUfmkF`TT4buY&SC>8+q{#N30N14gjixDxz@Y-0LQj3?8T|0>z
z$9aE_)wkXkmhc}&Ra?4Sf@a|)7HMTuRN}<@tUd16FJ+8~T5%-lSg2!CiiLW)s#=*y
z)(74Y-GWfx8usp<KneQw(#R2_X@I33)K{O0o<PiJp_9VZ2vb?USy<|zkB|X5TBwcJ
zcZ%I)eIOM3yWi?mBVDj+qCrHTqvyx_6S!LSrCWpK#2so!T3t@7y950at1Io}%pDJf
ztK9Z)RPEClnrvGm-z@#2+kc1_m+KZ|cj*&Mvl#@XpMR1@X@hw>C{6a)55i~X?)fS3
zSy_R`XZP>?@5g6FyMGdV_WN>;8d_IqeD)jO1vPZ;b@=$~VyBLk=j%GobLv?4GgZe=
zkIz2w>rP+nH24AU(&<rdga5;4|HEhh*YMf&ZW^CW=J{js+0-3B1wIS*(D>}NZU6oF
zZ0y%R0G~DESHL3Kr>Hbx$Z0CA*3<~1*SQ)ay~w*Dh|<#!h1KBxQ5KC)*yr44t{1Xt
znp4Y{=jd8)a%%bZG*wIT%@tBo-&~u~Y2_AfJetvIBcRh1fgsJ*mC<3SgQO-~J55e?
znoM_^41ZUXb!D1Tn=f)ZMXCA1K}4aNK-0e+3e9~{B%1ruj7D1_G}?)Y&7<yzc+8gi
zniFhWxI>D*j!|`#5=C7Pmq<bpDS|E8(}g5;|H(XED1r^QNwJf~XZ!I)hL00${C23S
zwXs$Xy@vY@rO4Z(-XA_$aYx5O(2A*WC<nq#NH)LKD>rsbV#uTC!#s6!_aV0rgXS!M
zw;gz>4}7Ak3-z^A0s&DX%@U<`Sao8>{TXv-RLx^e%VAq^xi`6U<D#M|Fw9r<M(}1~
z=y{apDapz0Df2J%M=9kMH*0s~iEexl9iMdg&$1%@{C%e61m21DHm$z4Xun(0=%u38
zHgi?58~i|6Agcm|6u3DDFkZ<-1Y$8{M=P~_Qh9a~)hMf_>V7!GMpe>h;ralO=gn_<
z{diyyw?kRcRO%HLJG?$7<_PHZr1>~iCQW#){-W&@akIGInSG<GQefFy@2tREX3;AF
zOk$}&)OUSK;FkR->r*vZ4^c>_*O@F5zX*(Ao{^35rCd1Uuq~A4>I6~1W0%?EPgb+@
zOE|3Mvh}M2!_7WpasuzhE|KOT(lOaAdc~*`UqaEFWtObI>(!*a8|~#xT94%US4?;|
zqWJ0#O(9z0mx-?;Khe{qCs5{y-lF`Qv0hDL852pI0hQ2f9#_GJhZt50YFD_<d+O}|
z$LRCpOrA;ShYs&(ZTE*y%q)es(JRq~`NB(R9H?<v<tZBbaKnUV)BFw44_7v%If6@m
z=~vPo?5B~Y-9{Gl2H{T+%;Tq0Wc<07>wN;FrsE)u+Wz2FeuAzX&zc9`2-W79$n@DC
zfViS#_|=?uGrF@L*p)n;fjN%^zOF!z*B|bA0`0}lh|AMtd^t`R9_$_;pXrVd9bLHt
zTmMphc$j1#E?)(1ya0?*bt@^RB`L!9E{X+CE5`>ye!PB!Lv!?n-~P2^#e(f~fh}(=
zOXD}|OJTd`$+kt}iT!z(TxMqnqM`EcyQFu&8lY!CE#5navF2QtDP&ajmdUB6Q1n!R
zvXC~vOIrHUqxB5+<(WJ~>OLek%@KsXa*y9Rkbq?UMd6dR%Hu5BR-#X|tEt@=`s`cj
z(`Tf~sWu*LA>1XnsBBI)>$iUEE9PrwdTQWoKlk(SWyrw#J>^s(2Dfe%4?9(y+Pn&-
zm?>3g=84?mtQ_6-89bBZ1r;uye36z#TN#agf6>Q*8;~5GP35uPYX5{jRXy(IH1{Gq
zxLJ>xMaB0G)!M$Ie+4@49B8Kowh>gvW)2#aJkP#%AdI(vl!wnOx2}biI$Xx|UNO@W
zJSx^%@N6QvR+3r3UKH_n-!7B2m?W93l0?&TYT~O=vmp<%T6Z0#hdh^O@@nm;FEd=&
zu@_Q3AypmwQ)$q28eDUdJJuy~&?>NT_v^>9UkxPfaz?DSXAWS5FzpV;T5agBhjbNr
zr1~iDGM*cq>T3?dT6D)Gk)dP_Up`U~=p~-b2ITU)U@@|QGM?M0zWI2jI1Q#G#*_a&
z<M~I)p~vHO#`A0P$as!+s{hl8db$p0JUg=Wc)s9yz<88S)r>lkN;o15`_4V0*6^%K
zN|smblx^~YBd?f!ww~z5V%@Py-esb*bjJ>g8qLTHBD%6Kvf1{L7uGW`_Im7=`Mp4X
z_eC3>-*Tkc^W{{4yJi2C7$UCl;y|Hg3uo)ajlR(XlQSghDc0hP#!iVrEBq=317rNe
z)wW(&j_CH4RT0vpWMxYzO)c8jQq#d%Sm<h+FEY(zr`(TA7s!_5WTM2=<DD{+B_Vo=
zkj!h2eZ_{n6YrByJ9*|JAsxv9zC{#_lk-9j_?L<$B>)d=T0WM5Bcv)tS)eXQwh<yF
zL~5IGr4M%YisfQRa$<84xk$a6)=GPVw1)nFu^(F<G9eOr4>Lb|4%=0{*e#&zMjozg
zRE@|<E2IgfwB4OlX+zFMU59<4!LKkuw7)R>l;&m`ch<_RoG1;9PzEo1?CHgfclB+I
z_f#6hh{1b1qbixxvUm>Ob2i%sRYZlTLqjjUuSk3fQ(j^bn*!5F+1*FX9n+`Zxa@SY
z*jIN2e4!(*W>k0!@SLN32z2G=PM`WIJ_O!ZKj~rb`*8V;?PqEiF@`^l3bYRaVp)Pr
ztMTt72A&)2F4P(`@F+yzvslqooN0ZboC=IlK;d`=+-zS1?8>~pkA<q3X<=H5-DVK)
zqg(BhuiV#UKg1uU5)gYWiM~jj&!VyqwFD)I{lkO_aFLCwZ&Yt~$Ta#Riv)=Mkr7Bw
z?-4kU8PJF2;h(FVYe^`noR*Vf%=|=thRQlM1&_C{pMkTrK4n=(WR;{6H><=d>*Qp7
zfh2?yURlK~M5<yWkY%66Dl?D4p6(~F#5j_$gdX{m1L7v9f|_+Eu8y+oIY(0>RE<Ng
zTfNFl2H|_6_SGDTRq&L5AqR4JjOdRTRpq=SMlby6$i>jc8}MIfryeT{t#n9&c2wdQ
z$hgf+8S8$;T*=C^9H_p`FN-u#D4!BhUP6Uw_>_?4v@bkX!-L~f;<QZ)2#x~?vh`1a
zhdsDkkjMg&-e1m9@UZP@frp+{piTUJGDpBeuU~0+XiKfyFzumVB#c)R2EU)E9=Qg;
zAIe)ed+V7zI0a6>thxFS<UrE;yYa<ke}oZh-gA!(T=2q?Y)rAjV#|#%BXb0?2};05
zz*Lu-31&oDrp68QaSO|>qUV{?JkEkVv2&Bp$2^ipgI5>Gj@e%h%%QC1z~ZP%IsX&G
zN??vEjjB7+5XS#XpzL9Og$4j*xpvlcSt_|;^(g_;Brtlo#AB6os^m^&%)FU*tlkuu
zdF7%t2GnAQPLM%F<;uj>ZDy4k6JddLz8oOUE8vzVfAU!%5QEZqD8^n;T!jr21qEFj
zz=%oRI(tE`OcPdc*fNWRv7?fAbhYh^6Y@p*SSXmPkOrAuv1qAR-(v#IUT&q-rN%yq
z9wQzgJ~tl0#D$l~zI9q^N+sU7z_jm+rjHP^zVLArl1o|exTsB~&EeasMgE{8G~-y0
z{lNwDOFNh+jaLUR5qJ39X<p2&l<t6XBiY-3C9W*E>IfRnvR8L!*GsR3QaM>H)<ZAn
z#OZ5a<Ptz&s|^2wGvwOVpKL+o3+JkPDc?{P6nR2$M|6VPQkWqY<rr1h$O|62lY0w1
ziku;GDfi(LvSkGuqJ7Ah$TQy={ReWyatSDmotgM3^rjFL^*`6}RUtc2QOC*j*Ow5t
z;vJ3aCQ_9vl+wZ~JEI7Mww(JvQ_7XeQEF1C4O>OkmRt{T5yYFlj@646sC3y9nQ|;*
zK`RI{elfbDc4dh|603SAA&C{dXe6Nyjh;t0LlSpvj~^Nn^-n<(m#CkDBp%0i3oG<$
zcKpx)wo?{g%^yJ$#!VVYY|e3!#I&IYLlVnWk6a|NSl+_ftAD1EMC(gLH4S@F2Z~vX
zuJ(yTz8i!y`7TN^SM1Pq*~M)+g`fcH>~r}=b!y!L|I%yrv&5Rodgago!3Pf>^F8ZD
zSKRfw=uBBJsV=cv3d7$7yvQQvb4Pf-mnP^=CbKm3H1E>TnYtk&YQ*olfWE#uMdd0d
z9si9Ort!R;XQIDJ_!2W?g%OgX#=x@>rVs-cCJ>m9Eez=-!6@=gOSmj8{NYE13RST5
zmh8Fkv5(5kgWo)YFVJ2#s_s%BGVkVta;Pwi_mXgV4go4W%9&IoyEcNSnQFVsQOcLX
zm?SSV?;fdP>LRAyEyO_NWQ=6rp^JS=9_1+kp!zF8cK9;6<F=;7^J&QOD6@Q$_9$~N
zSrg;;p;hUNT+Fz(+6@4o`16#p%p54wCg)`sZ1Jcl@TnoLp+bMS_seGxFagR7H=SoE
z#<!5vLyhm-$!dIkX&qk?V?bk(YjDQ5+1`__hj%fk=z!tX>ryR}hF9-b!@K7QhIco;
z!Gng+de{CKy=WQ43sjdF-h6j_0?eL6k8jF;<NLJWVB>p-)I*K0<-=-xm(zUn@pb;L
z@vVJGl{$$$?(*5^s_`xA!1(@{7+<<GzV|yFa(oL8Ilc!URO3UT^cB5+nQDB1XtVX(
zmEUZ992w<uOcjVf#YlD(Pe$VZgbpym(XxV5l{>{kQiM|Gp2iBgr4)$bZ7};8U2Xum
z+%ab8G5*uT7_~-*TEnh4>NVWe5oNlrm2?%YQud%v$U{+6dtHWs#fdPFW|k-j<w%2=
z!%#o&H8<8a)*2U+Ewp<B#gJtS+egT41Pc82hC}avyizLX|6rVx%Og)J|31?0O&L<Q
zR#6sn=@m3YmR6XQ`w9xQUQU>NML`G!OA$GGVQ}_qp$p2vE;kjA{le#h&zSl66^eZo
z=qs2Hj|2VQI$fi<QVw51aj)_&DDEP5zyY+Ct78|cg=(0bRgU#`dHDRCMfEaq>2CNR
z;`eOAM!TeGvbVzi{5d)lT45&5mmtMp3#A1s`pZr~JJL_l#7*>5I2?V2a*%$W>h$xz
z0^QGCr=L#>w1*3m@79V1C5kAb=ht?t#=;piDCc`~{ClYR-w9;@sQG`%S-8Zw`oz9-
z{)e2V=YIvODf92=UFQFv0^|GBwm)M2Z&`5A`QMST|NQ@U%XiNI6Fqf5yEy%Pgm>v@
z58cm0&i@@>==rarL1DBc=0DE=JAqAxYF<`((Wge$+kld3$t|*H5lzJUCvdCcw>mtz
z6P@P&#?I9wn#)wxJUPP5ZKS@ycr^EIAw0iCOo!^qH-WPWde@k!G>O0a3^RZ)W#R7z
zagsC*TeT|`12G&sHcqdWTi+&qGODfvDcCKc#iCa$^w1aO|1<sY6NMWF+)nDjyg6*f
zq~yyb8Pff=(-^yEGhRrN%;<YZ9DGPFOD>5ie0sW`+>?1aTr9^PFnEg4j81%&czluv
ze2NOQ-@(}lsOhrkToRhGzmnI7C|IJ!7XCRhJSdXQ_8QjE43C2_hmL)URa5dJ<(@t{
zDv5GWU;k4@CE*q^t*M+?0jN$n?&(J;fA7AcFDG>>N3N6jFgPlLIT0GRvXvrM7k(>;
z^1{|i<m(!30L+NdB|hVE@1FQ%RIL*LbUfLM)KXMlAyQPlk{h_XG{tfg(1X5HH(PnC
z7uLHQyX3d(x5O@K2yRf$=0$tfsG6qIry`8PUCI{wqqcIe1y{w!XxH@`zH$CN)Cp3e
zoz_#yDXNmFgSg`rJg6&J8#_7CBk`yI0!%O0pZ+7RKmFLB59aY*aB(yx4n4{H6Mjyi
zX}w}vt_yepgo`-+)UmQ6O_Am0;qh28d=VJuho^La)+S*Jelj>{4`t;9r}>O|L{w2;
zwABetqZiu^P6N~?g468SKR8X6QS}#D2df7-CQpI#Z+Q0!=?R&QAZKK*TI}NpP{%Ie
zoQ;+ORj&P+V<dDHTuK(WF+czr9l^lwL@?+hVods=0?3@@FB+8-T&;vpXHkptB+lUg
zNx#Y7*jjcvJS(8!uPWq%h#(1KAdzHX1N6u(kBk;1a$26o77v`F4~dg`7gX_ddlywK
ztzZnU-l!};{RYlP=4wWSgqy*)nCJHNIVE24ZQ|-^n%0eZ@GQ7>l;o4<p%%I%9)3!Y
z3Jvj^)&<3gk*u3xNWcqwOg_U@2-OvWIJx(WQS;b*m|%#L-ws|aPAYCq0HfkxD2A9(
z)l;EIJ!kFB6XZf8A$^V{S<TTp=19VGpcvrJPj#!r{46A-&nB5bW}B!R1o_yaf_x|s
z7&6<+1BT3<)pw=3R;3FI272*k21`L%;z3XnhZk2z*d~xw62GC;4d4KrPdUQ4<V^{!
z<3?~eGIpY*n9ZZ>ba12VWPx|0;y{W31v)ZLIk9Wv!5q$UgE@SbrPXoHe*JsYaWEjM
z!GL6&SriZEu;hKh-mnb?TzxZN4rUU|LsU|?ib`su-@%0O%@G~Tj5~2{nuoSPf{ikO
zVwQ=Drtrh8tk_7VjU`cUuq**9pC#deTAXL)HtKW)*ihqr1RA*7(TTUUyOQH&YaGjB
z`4fw!w??d`1L+c)1(zj4jdC?`qNLdS5!i~Pma8#DuZB=Glv@iP%CWmBh}>Z3eyWec
zE_=UecA~lR(aPyrDFGr#AQBBvDzyLnkx*sLh1&x}xXo^>&eglE;AFkq7V|E<t)z|G
zZONn#GC-~K9Lp4Hm8j4CZgWa+KS`IK>Xc5`rA574_G*$aFCi%%{>?XvWpD{k=U6@n
zy`)`B?~9X6iVL97S<e<U7VDeXfbgR<ak1kBJ%(ut<*>C~vl&N*`D5s%8O-62qnF+}
zF-|Y_fL;oM%|`)wgf|WK8$eGJ1XDcuR7r+lx{spHn7TP*dQ72-1IMJWKpEOcWg2Kg
z2ME=-?$-0YnWr<~eiV_)XRb1;t_ElL!$<nTD5!J~h_n^T6q>3g%PgodmyGRM7|YtS
z;eJA!tk#agPnYz9ZIa-#Uh&n$PWKhOg2MQFD25++G}ixwM`Nq<NC_m;`dG(uYkhgq
zD-+xJwK5HHAl9(d&`s5Hm8_a8BM9d!mABjYEiu@-_y}kei_^FMqM@F^IEh8a9^;T3
z#38pn5Jl<R(LrCObkGes<izoizo<H}HdZLx8TUi-RvSAd0f6&WeaATUp?L1r*R5Xi
zZkE6a4Yf%mXcD~pEG(!`6KawLh;;fw&p**a3YMEoljff*^jjv=E$IdCG5<t*c*j?>
zmH8*!43TH#ZUK!l*`ZOIE0{r}{6q?7X_Ig%P|iXSEsZ(vQV&W9_K1y$U0H7J7JSUI
z5HJr6h*>})OQ63}DccIX2?|e+h9~D|(Ky2C;e(ikQ<3YK!y&B6p1`MOx8;5u)_>r)
z+UAP*9aW-GzjUwOCxPQN`q|r6Z~UqjaZ(|liA<0RwVLvQ1b{baS_AVmtuT<=b37uQ
zL=XN!hi4~_o&(O#4)L>-z<1tYcC1^oqf-(C?cI|zlQoR}>fpyFw#_;Q($lH>*lbyM
zn8&8CXs6E@2+VD@KVB^-!1c|K%~mXv5fUz+2%(+(2Eu91MXOEpc}b5jOW|^6s*P!Z
zu)^gj$?@?t<5kW<b<hVdH@nrxZgwd`c9Ai&T%`D{YT$JDzR*WfoOpzv%9)AZGxy94
z);cF;Y<a<(u@V=8q92I(Mjx*=F69X=wBPY+5}eLV2M6MLFNDa^jZTN1V4Qs=5*g?0
zT6wGno-@4~c$V=lC*R-<7kHKk@FbmGGLw&eppV`^eGL|EzJHZgNPCgts4e^&g+ZYQ
z-NNsf>{zvh_Z+x|eb6@|aG5OF;QwMYG`6rmay?sk9|R6t*w$P4ir8hS3;N<)Sj9hk
zJCP;OS8d^c3VkYDI4R<!S#&P@*Oo5_-M?D`AFyl7yXc8udYqp4LA=Yvzn<n!{L&nz
z?jXB1X_x+>EvmMsOW88DnzDtCJzUDR+}awQp_cRDVaj^wE!y_m)+*%V$lAl)qGlrG
zqX+@i%F9K}rEER>EkjZmy7)#_EM67F@;uq7I-Fno<b66zdM>vY9bGMWp6pYC0=lv1
zY-8pqwNKCW1Wt4J>5$}oDi;yir_M!0_NiRmVmxDKIJcDeE&RY+%E6;XChtonS=Kb=
zX`MBAJOH&TOv00S7w~vG#RZRK0i{;x++}xoPw&fC+v3#CtJ**453vVr^YTw&Z;-iH
zgTWOw-vb8!1@@r3Ykz>ffvX=UoV4clpqJ+8MP1!lFY1N7%c8!=j)A3lSoWaVP93wH
zI@&vR+@<UI>FuW;IZAgr+iCEA-lfwgx(yyg``6_){LdcrfA*kepMS?5wEyS&zIG<h
z|J~O(!nmUTC*9Xx^$D{WMd1G~lFvlK;O~Zuw-#vcBk_@2+b?3n5aBnYHHcc7$Py@0
zB;V04$=AW<4=Z|4DFh#c-ZQzkp&5#JE7b4OBOLtS$-)1;EBxQ6@IM#CrRaz?r}>1E
zALuDT%hWSxU>+`w@MqLvAc~6!!Nrr35Q$_tH{S=N&P(1xN%cx9uFQ)iHIGz&TqFu5
zL(CF*t%cU43dP+OxrHyZ0uGt5bthp4G8DRNoo41;54(2a7)9_9h?(%pLxo!6Dzzqd
zp-VRr)zp}ItT1|+g#_KyMzMZ%EcZ{pgKmmOm`%tiF-Nz0)WE;NS(Jp<i(f>45Q!V^
z1V=wP0`I}e+~b?wLRG}{{jQ-m9V!&BL*wRc*ThZbqVFMY65QK(So0n=5>1%fO)`y}
z3EWL8RriYw;ITTua>xxdHp=%MRBhm#WQz6(p=eK2_eF?WZM+1@3h(^irAjg0Q;LUN
zeowdkJw=qbm8lh9+wf282FevtWyrKoldqwE;|&e!8#-uEzm|6a^{qQxP)|5qaSa@H
z*%!Q_=~v%pacuwUtN-KA?a!a{71jQv{5f6UVe#j{_y2Xs{@=LYf8iqg1Mc^S=FjQ-
z{q=422KbPNT;N9YE*s#>uiOo=w3tn^|NTC!(7obg56l74=hY2FakR4kkHm;*z#-WC
zevJ6tBCW%`_;>tLBgJvg{&1u?`Tyy~-+#cx|E&KP7ypr<(>zh|R(ST4lM{HBn0mRs
zW-$#`%GXf87OgdyO(sm4fLT*34Q8_&TrgWAV3x$c6BViGDvf79+6bOi^0FVoABa8o
zQ}72qjcI7<_ssV|%YOlX;N53`68=C@mR`)qTkFL<gLlChOW0V4%OBX$Qr9usspCuD
zrH-3)9X~yPpvq}*M=RawX-<QgZiD~h5B$%+N<uvN6Z?zm`Y+8NIEv?i@^j>g|No*_
z?mr~G@{D{r$o<q`1ii9MZjtuGUO8~$(!qm~9N*~(@IXSt5H%TBywEXr{GqjG4wJ-K
z@TopDvYz;!L*pR#u1<$ZVzfsHxLdAZt`P7cCP&}Gh9X<&D6)kgC|J1f0Q%zg|Ig_Q
z^wNLRRZMPn*;{Io)c=0O`Tyika{hnpod1t~&r<$3oc~Y!kn>;1*Ai`u3&aBvx~nyI
zKV#<ak@(~7Te*a^k2;pUsGLD+gTHrpZ{{xOK(~%37OaY)#?i;|>8Q&+AoaN38BZ6T
zg8jTRf{(>1<Ny3K{?9+7;~(-M{u%Kw9O-w}w+&791MkPrSyzQ;2;Ua$YnNho`~))9
zs;OL*1;R`Tq+M3KvQmDcLwM|L(TOADa54%xx|!Xtyd)EE2Jf%o{$`yN(oCdiv~yC>
zy<}Y>X*2o?U){!e4p}CR*e?sDV?cv?^I2)Kd3wM9O*@Xf?0?Av>^Jf_U2OmQ%%WY!
z@2V526}rAV#S414-Di6#9nyx6R%SH{XxP6kR*!xIgv%MpPKUQOEV|>v)+wr2G9M38
z%1&2fjL*jrYW#dq<KNUeC3$|X70osZ_IJM5@tygRq#jPvbE-%)eeD^a=g5{u8A=rQ
zU(8j$6e2I?F5swJl7eAM!OntJ_WQ7#&2Uw2wU7Xo@`n#+A<GFyXmqbq`9~ABdnq|G
zQY59CDOF#1@?i}R#fA`HVW>fi*|t~C)1s9|)vhC?-Y0cn^F=CWN@fNT?zgSO&a4%h
z$#<w==cE+97Eif{jHLW)Q9PwVrySiXp7N+p`MPU7<w2d&19MiVX3_tro=u-NxG5f;
z(l{=jCrhUce=43bOs9-(h?f%81M1oOw|I)FQ#RccFIB8lrY71d)G5DDw50?Ak#==x
zKR7)U<4tPrJtJOEilkWg<!)4?8K|anJ-=hW5dE*k{Nf)06<WPwhVRH-B)OLWYy9I^
zx3!UqRO@$Y(TIm#voXV50u-cp_-|UBQn3Y3&BDIh>+kcNS|p?DVnfs_PJ?CZx1Li$
zf{m(wNUh;3OoSgsmBcM7EBJ)avS^WK`Ibrh(u3Hz(esHDQi_Irj+t26RxkTnt%T8R
zE>85Sp4jDP%}1G5r>weC3H^-#!U|+%m0H(jc}M{WrGM9D<&=b0fD%Nt%^!Aq(~{m8
z&kynJT%H;{&WxOkUMQ}9*KRQ*1M@Hj9kZKVh(-7@u`ZlfLvqaUxnAc}x&9Qu`Pu8G
z#`Ae4J6}!>9wS=czP0#f>e*9$uMT!mCOxI1;yErK-7B<5dv?&@0_ma=g+wK*r07-S
zwvG&{R21pUt-Ym@n^Q~HZY@cDW9BO5&7{;QZ7eO?ZQ!Jc%`ct`#7cHiVjfmnt4poj
zX3eHdnGNMce#?=J+*wt4|J`2owOWBbwwmks?1~n4^d2f@p^WFR$l6&;2=xM4q|nRQ
zAHK|N#G>7KUz{R)9)=K``%Nd_X>GHW0GG=A3+yziNjFi5FBbSvX=>+LCSIG1y@EQ;
z@b7Zf-m@yOj4sYs`7E=rc|#}4ATaWFpg^D#WV>6zxbpRqn1VX9uBAYvARV=ZC2)4#
zVATPC_{Ci5fZv)<2L^lHjy@>)t@G)?VBG->4oY5>T9!&V1>w;@@jm|mAO&#U39EWT
z(bb}*cYRLt{*TI*21FVb&OCaTfYTSU?zX!yV60a4q6?pwJeRA@x->nMJDj1MlV$zF
zQ#Zf?=Zhq)`~bvp?TzP4ypN{hVm(yj)xc}V+KT-ljtOYfm+!~IyO{InzMTq|rSa8n
z<1(8vi4KrRUsj7zgh?>Y{if)=JZn&X-Jo7f3ga1Ch|I|Uf7p8y=%|W(@jp!x2ngPw
zpixm94P&ApiGmUVO_S|5bP#u3P?SXw5rl3*k<Cstm$sF0HXX+qXU3VIvpDJ-MR6m|
zk^m}#jEcAbgTQT?C4dt4{6F8S+Z&+coag($_s)5oL;9{&b*sKxeb>;Ksb*-_EOkZP
z^-Go*HMM|>f?~nz?QxXO%7_h1ZpKyok$90hiz@w6Jf~S?(xXsYA#G$sR=L$Hf!|P?
z94O6_JYNaU{6@_}8Gx`Keto2j_z$MM!k8Dx@a%1H1<u3Q6`Uk!9t*;mKmSH%p*~O$
zD?DmE#Nv^$s{*`|=kC$Z$!sn1lx#B|8UmcL(*z+_ZFjxzV5L!Rmqd+VvD{0?MG!Fy
z1vn#DsCe7S3^4^2KagJ9HbhAoO|YoUAnPS*3>vFSHEz`8YieC(mRolYu_jzgD9q3|
zi1dY!XzC>~tfiVnN@$PIx*~RZ@|)%=&{fZ<$R7!)NCUB@(DI+s93H|#FdDNI@f4&~
ztj)SsXz0kCT!?8WnQ?&aRwjrL4Vds4ArK{tjGF5iZ3SV}%i?R9rJ&s%yC%83nHi96
z>EC_S>hAXh8(nIS)Q1Ve!AbZM=r>V6Q<=cNzfyhSm`q2KqQDgF9!~c@+{>v)5xRM}
zB4{Me86#QsD&qNDjCm&uRi|>(WTEKk-p<ft@ovWU%z8K5^_P-?ryd_#2{j_|-XfW|
z9Nhwy%6LkiPAwP6{zbPduSa;D7@%AiZCnaF$)jUGuINO45ZM$Xn>_ug2UNSUlX>?v
z#w737@@^gPmTNQ}H=Nh_kZ+8d6ZpvD&x-54?=Ua?lbQAB=f#HLLQi|1BvH)H^0uYA
zQabWjp9UAH$t}0?6R1PVOqtpxdBO)ucEFBl81^*^Tv;sqD_jk(Y$GGi_}!ZIrSPv&
z%vUvu*Lqx~?+NdFA0T+>Uf>_$VAWRF!rJ=zvW!Ogs*;sPa40vdPb7a`3R<tgl@aXl
zSS`Y@90a+Xw^9*gg#sBqH+m{<2t5PJk~2Ysq3}(JU*7XB=v8Q}TS*zb;QtX<t`>01
zAv;t-?Akbf!E52nB8%`;U@h(nnwU96NCR#kE*HscM<e`6qLb`brN!_>$)JxMA+@)L
ztDLH4Xb492ISO6-<`|C%6C~eIjueR?*ONJWp~mEn<Y)<yv8wk;yO>%g!J!9q4Aq6D
z_c7m)o->eQy=}=D)uB`gj;qK>lAG}ciuDYmVyo9EUy&-6t+WanOX*Rt!(^TFMG%y<
zKfM$>>1h~42=wrwGH8`wN~Jy1gNDhNGU$zRz@UBMUW7-H*@scfB}w5=@)~v|w={K7
z8E7)a;XZ|MM+ERv#Ke_|0c~VBP!c8XT0<Zt!*d%;J2|6FkpLdeSMslA7Fa`z%B`ur
zWLYsCA_d6zvdiiB!mbuI0f8PuAzAWM&F~bY%~eFqfoG;sF(ucixDwdxJb$Oa>|P<-
zyG;jcgtzQQyeQ39V|pcDiPzRd`WVt!daWMPkfA&=97_VDel)+78RYgDhEimi6Zz?7
znIzH`ZYMK16ly>^mh@HsSYA>S*pCTpOj&ke?m6)pQ?&4C5!Re93#iu1g8EJ5TW%^c
zLw6k|3Y|_35b@Owby&GWKJ+vB&`;wn%ZDCsEi^m%X};Pruol*sw51S22gxZ74KkU*
zDXQV)&!EJ6Fh8#-2s5pT1(sRVSgLWz8qy~T&fc~k$b_o}WIEM8#4=4&W&YG(X%3+f
z+|Y6sv{Y8y^pt#HJhXg2WMu4d`0LBu5GLmSZYF!+1jd(OvNG*%soK(Zp~`O)9j{su
zye;z1J|fVqBsHH=xr>ClWWA_a#0Nr?r4p@C`w=HmHa>i^EP8=C`>^2ge1*(LWz>1+
zfINX)ih4)NY(#qrBq;h&;7xgle)KzmQ&qAM`!8)}r{5meArH};LR@q+{+@RI2W-Pp
z1$UFOZ@AG&ELfuw4A@U~;tgGCj!4yC9Bd(ViDZAO{S$}LXZWL=_oXy%S{1aeK8)7y
zNVX0OO>5nhB-*sj3;0JxchFh|ky8!{xN(~z0Y)uRY%S5|L{}Sfl3#+;7yC*zAO0S8
z^9ubT=bFcSh!plvJ!R5S!y)OYCAyMdhhCEnF^w|2xt}gtw*$fw!jQEHdh=5jBM41M
z;WkTCb|ty8GEhmng&Jx4DB`cPDZ!S_!abUwqaQ1P9u-+*6iIUPOdkY~m$*egukZtZ
zduVAB5PO$E>_@d9I*cz`vegK_$PGaiwTDiX43ClvtDrf_y*B;xk2kxna`y1@J}M6B
z&*?pSt!nyFt@a=wRx-)e#CSlwHwsDeC4YvPaDa)@njB13Fw4OhbtSCwQP$*7l$Scz
z<WF^e>-aU%x;)9RdXVF1<rq}q@Ocg;KE0tP|F3dYiQF8R;a5~s_Hv}tntK085pu=|
zyM)L_%)(FEK^u?#Sv^?>;bs^OnJk=NviIH1lcYM3<Zfeph2P*H>9QBTCrYSA?D|yZ
z+pV^X3k_KpFjF=8Youp_j6%Q4Un+;PoBylQXc#pws8RL%f}afgL0%$TK4~0>@$_Hw
z>*b~-M|gw-5>62fiYzlK&r5W#%O0HCr-aOh-))yMpdssA9z8o=uXD(oLQEa_l)Zv!
z2|1B=s6`f@>9X6XP8aK;OP2IXnkj3@>c`l{zYyLgVg1wrWhjBSB%Phiy1kCa<Ybo2
zl1jBVthL}284m45>fVF-L-mbvb>l7Pds_Ub#^oE5pB2bGr#_lA_mX@wODDhbPq)xY
zo(gMqo!z-LmuD{)g<eXimRcRC3W<LUo6PVSB<Ss?Ye}rD8I+`cflivn*jdt_0;h7u
z$7)U`WEKsH%Pd(!bt_wl4jbNflF6?xa}#T0f4#h2hTcmLH(e~Uz=~^$0KmlPXOgIn
zm5)!$Ql3qpmdfn-wER`wbEf4Ky9YO7#xePklJf-9?rFD?*Aq^J-!?%T<g?-v^tFg{
z=yALMzf|j$6W^jdrrMYm^^Y2ze6`k<ZlhyW0ss4$)(u=9qGrCaYN%d;z5aOGT<f4V
zfc`F1^4K*fRkTZIlCmFD*BZT6WzK>=ylB6$Ou)I4?aEZ7O%sBYqdG5j!x@UC>4s90
z_@QqBgy3Sbv6<}T#ujL2tI<wA3(v_IA&-s4lGCuj9!;}iyiqV0rBg{K=J_L^nigM2
zJVA@`TGfeGB)FkXaDVm`GBI@ixRCUVBihd~U8`C)&_VHDdkP|oVl=4{(9vB;4u29V
zV$`0%-{;*%trR$TzSO9FfM2iVv4J@)&LPKd-E6KTAu(D3Rpzd!h%@Xw-F)%hSZBG$
zlNolFzNQ{X&s-C|AN?cG*&bkA(g*kE1yAq_IQ{dy>3y4>1^;9KBn0moV?t7sJib<T
z<WC}$1v*m`ZC`cQZJ}{Zv1C3;eB7FhcghaGP5&8%Y`>b{5fRh&>j9&lv$ooeye~bg
za$(jw=$ZW-TYkAD<kTxgx4PP%kfHYA<S!1B)staR8UQ>nYNs$hvK6?=5JYg85V8tZ
zK0#DfYGT1Qt0J!<b9!_p1CS4X$@yR**Yd&sE6lWyHM_><0@E^_&dzX@e>pwNkVrM7
zheV;f2tx_1{*Ezhp-+YJY7E0(qEcGw;xE#3XeLEB@3~}m4xJ4Q#xCED7j&E5+V{Ho
z9Y&pD_d<%}8+MD!d3saP8}aJ(81GbdcvH>!qQsmNohI*~RI%0`^-cva;7I^j3Se!c
zx8vT}$nGWOxmTe1#r4r2u@XY+g(#i}QS^nUvQysabv4F%$FKX+uir$fX~5?sO)KAO
z5$CrGXbG|yl`S1Y>C|Ip^pZTPichdlYJ^ahr@cJ$`@CErFMrg)%iZk9mS`#qj}js~
zERTWutm*FPRjju?@!Rgc2my9%Tyg(A(o5yZUSlfc1}}Lc7p6%?6)Iqml+C23+$8Ez
z)bnXoxiMdI!_0n}%)BO#F7s3W(GUaK{>4IUrsc*q#-&+bXlBl=nH00gwm;{lOaX#w
zi+!8=-gWj3{E{rW$bN^rsx&E2w9`q(`*Kfbv``~Xp;sgmqBykd1gjajQ6p#~k^0n(
z4mP&&2Dj`3$J&^|jp)MH`U(#i50B)DYS<Ux&kBXuyoY<`_zI7xYQiOZ{R2p55Ysk`
zOL#Q?x~lzwCRA?*+n>%>ddeMX+h`XyveTm3@{SADDye98-*>4Q?sOUl#v>93;R|E=
z2rkYuU7-9>@&~l|Pb7OJxGC~O>qX3pwK*zV6U615sHh04#VxaB9XpDHUifiNM&M)(
zV?z&1t|Yb+!Z(;lwJWKq5wsdlL$alKz-Pgi(u97M8bx*#t&zmVxacJz5Na^fsEnnz
zzwc0@{fdN?Uto81+CEF9{KP(`ngN@%%1&ZgRI=}|lMr1&I(cxQ&Ecn{f<ma;gZI<|
zw~YD`)nTKfi6d8x=<IIJjj?zrw^nWSTDQ@|4Ji4T1|0hBpTB;P8K}zfHi{0yAqw`~
zYxpRu!CEaEK?Pt(Xqdq$a*-R)ivmGuvA^Pu@cVwh(ax&9=4sP&N_^!z2)Y?|2m%6U
zaAVYA3lZ@ZZlKJiF~jRczUCv!s8*kqFN5%?q>5BfkkTKhQAH6Nr{Oa$651(i1_7Uz
zB%V?Zfh;k30uGRheJGwpiS2bY#4gblX9T*_>CG@RI1N~E=#7u`>UuL)hI~4?sJifw
z8X2}zpE00`PZd(;6&~>0h0u&jZ?Io}0+LSTZ7F81ph-%O9G_k(l5>Z=-pxKEqDc->
zLaxO=YlNG@B7+pDRPOfSdbumj2}SZE_6bR<M(gR0QYKLQ1ADH$W(e`C?}$3Yz5sUm
z{pZ*9J?8i3A98-T?f>5M>tSY&n%}?i_V=CNR`Pl``^^R4HNVfOyWcUtDfH1}eN8<w
z&2E<f%Tid3bbCk_l2aV%0!79Cb~8>RREXRYWqB1OC9SJvO%UUwb^HREFv1qu9i&1g
z=Fh$vfsUFMy|+*1CsROB@*nvM4@-0D(AQ3&?_3~*eZlANIG+c6upJl&cnJ8oQwL#9
zgN&HrfUBV*qlc&Y^Kx<pmSbA+k{rV<w9U{}kWtaP;+EjaORlz)$uL1{<REQ6kZ+y&
zcvT6c$C;0|GcIE&>}1MNo@1)oVK2u4;h3IrtU6B5z%di{l}y<B6v-iN!k%tUnXqY0
z*e2;OAs=j!31`BN*t?l2ChRY7A2VUF_-XFwbxcy)_X*>Rf8R&K3uO<QE=>macarrk
z>nx(AsFUhsn+!#bT57#V9dGz&rpYLu?UnJT3OF03!Q*^DvHpOqZ|M&>T1H77hIPMM
z@yV`+%pTt6FA<aMO!UZl+Seo(Ja*h^PhIeo^;YxI;=n(j=M9k|B~7>v?mu}(3FE->
zRUz43g|&nfpc!UiO1ImN+b!8%n6B-z+O{t|Tr4V(#8~=t{Z%C(k5AVq)|<TgWu3ew
ziy_bJ(FF>;u-=>PRxC8@{pOp;Oc!K!lskIu(d&)K<~IA@mM6tO%9@1h51%z{A6R>y
zUlpWE;XzU4vl+JlXbumm$mkxs_<7gs-I*58+n4bd&jVXkKT9$$^-^i#rSdvaX_Pe`
zE%`T8^>f8y32wy~rb^9y5;rEK-<X-kh-$w+mQbQ5V!S1dOw>L{a8`)%DKo@GJ%Ozx
z!D^OB(X1q^If=PSYrosS(f<9q{foY%{Vl@E)ITLJNIiHMnj~FDx=hTwPf^&+8AFt9
zT9`j|Ix_At#jJpXMEELpbVKqmULSMi?qjdK<Vx&TsLO<{=s1-5?6hw#-jg<`B#Epp
zJj_tCjzgVm`B>)ka_lkAoO)eLs`Z>URAWkWOKB+ixM)uWhjE<y7vEn>nV8FAGnvL?
z)EJV4R2l+hBK*gE<fLP+1Y!euJ8Q<Yv^Pf|^BkGQj+)eCr*QHy&x|_mqyoXI><$Qa
zW_xh@ja$=Zd(p1%HQP!OJC$iZN>Zr#me&d0O%>!W7FN3EbzU#BfBf3NUaXMp1IK)i
z2gQk8)-;8FlE_wh5FbRPRu;~hSsosl(F&p$S5E-mzLE{bqh|}RVPS=c%DSFYA(c2c
z3sE6oWa!L}|L6cw%05Ycti8#-qq1)s^YCri?=j|e>Ra<+pqr`#E{4|!z>f(uc~@Q?
zo623jLQ+&lCasD-PP1&+kONPqC_Cy{F90==eqFa5eW|YFtOJ3-LSN_vuSg8xfjsHW
zYiLz;yen8K4iJW(g-1zywue_c&kxKiuVX)QLU4;Aclwy2`?+%i1G|blM)Y>!TStT5
zImd`3Dh;VfQfA>kHjeCRqUc;=-85%C-L(4UYjJA2q!(x37w52;;tRZmhpS!Nm};L<
zwjseTR?kxy`{=82b^*frtnpeZAH{a%0$Hl)hy<n57@J&QsjoEJG-fP`8(^AdN{mHU
zR6&tI8+0M!G$0%7(AhY(vFJ)_)HE&6c<hfFoli57l+19}cuv*M^PCD){(VLpH!K@%
zT)6bUi@o9TE`f?3T*`iDYEw(>T*;ePyZwI3r&c((8Z(M6Y$$D2giMziW4EzgN-wpS
zs!Fo|v|pobT5YdPtk%wQYnR<g3AF9=;k`-mfKoD!R9286mcwL&CB$;HF_T@%cM7vD
zD!F(<nAPO+v~&!F1?{!3XVxK?#w&XA%W~D^CxqG2#ss=jIn~nUyN@L5gP5{!l#Q%o
zyUxWo*O*anh6iI3ir}u_t6K}(S~J|GxVGLj%0CUydLJX4=baV&EjKD)ul;c0$Wm^I
z9(l`nV`Hz$=%*X4<*_rZ<w+D1|CN5&%1FD=geSCrm&ZEfiG0=06Rtdhl7zepdyMj>
z-Zz0_{#}t#ZB(o)Ts14w&bxZ!>+f@^a3%Vn-NyO+zcG8?$-7&28$+qpDZkz8M;n`$
z?lCqm+ilzukp(Z_%aTV*jbAjl8my+~m60QvU}|vvzU*5d5grS)&hE6b143!{CewKP
zT{F1r3Ul>FuD0fCxv`+%L?kdXvcqky@c;vn?QV)=kaCeKvN4jlt??Q!e#8GIlKstN
z?e@ABQuLLbKo8(!mb~Y4HITW{ZMyczBc^MOr*K7Cxc%k9NU0bw3h*o{A}`!2xMg7;
zAeSR9dNjCL8m=~8+~kdHb5r-!wUO<S>r-=fG~Tf3I-*-7oFd9*rB_b5>p*bfCHQl=
z%dNF!=XCq9$QUmk=Kofj`hq4ulDrn>)@P<`wYAlBtu<$FmG<Oeuj`<Ep3n7#JY%}H
zn#~`YuBBSVhM)lGU&I!O4Y^<f$R|}9P$^J<ft?G=mDGX}8ncha?;#%R18cR~1Rfa>
z?tX6Vhf^zqhda;o)P6SOJnx7@K3B5`9fk{czUn2O=6`rxi&0Ry-VrN<n8xmS302aF
zC8Ir!S*<TDVw;A;NUP{!R<fLwcAntjPE-1@N`u1vE<^$48Wiqzp|z%YjX7eaJ%v{>
zhh2DKx$B@&7p6h)h{d`ES5%bb;fn0wzU(Qtdfpc0zNb*N;vMl1!L7@9nNC|5U5FX4
zPU?L$e^y>{(0EK1!xL<2WjyK^a0)iI!k^g_u4?hj>esr+s1@Bd?oz>hnKPr&tK_74
zU3tmj>G$Z?JPnntilQaz)s|Kdl3LSM?%HUMSY+Xr1K4cFZ;c+rh>8|(m&Q&(izGTp
zf4Z;d<RQ_A@?goznK%r#^160J*KyesJmd-trZ?B93i*OLTvJo0<{><z6;szrdBS;&
zD?bV@JfddY-t)J1&WAoOzEBmeP2Lepn6qd|-sd%M_&%2`7{-{DcIOw{p>V2nUC6`^
zXecjojdB)<F7H3j)6lwy_%FpyHzWIjwG}b1cSIvk#5^(!axc@<`~?FU`Jjh<)aKaw
zvuk5l0pZ=kW|61v#Buc_J%u<eX9wQvkTJk`Eo;nZk5%cC_m0)=(M-Ds^B65ID-}G?
z;~pMwEgv0Q>6x{psG{ydHJnAM@`Vp%w8?B+yzGL(Ii5FU+P$m)sWP<2%+)az%hlmK
zw3kEhV7o~-s`_)mgCi$hsVWoBJ}AW?Ck<F2TBO+rbI;?X_X4ra%s%++!>)`;1q;yJ
zaZ)<K$e47-0#OvsJ~->=Pi9OyarVKC4c}xhz$%{+TnCS%+DUo-K5ro#>&;@KY%;s<
z@HBE4ObGXAYwT``6*=}-PpDwlq9S2jmSBgcu1jV)K9H+7;Zk*BIU4DbkBx_a!^a>4
zJ$4emP}yJ$u2;KgtfF|Ccf{RqXZT#(TQ+&DPp!{he;>3J(gxW&H{AV<@ZB$DM8zS(
z`hxrB*e~?D#JY`(jf_5<a(#969l5;oqp>lWhN!4*bb~jZ`r0a|!5(8{GA*%j+=-A;
zdhBOQZhEjCZ=E+bCQ}r<I^Ik0%QMQje$m*N%vS8O`1NtiZyU$;OUA}z;$r8-uUmaL
zU&r;5u`!v*B!Y~d>nV()i?96%v4h#5V<xQlGw`66ynlFp@TYit>_^G`z$4zxDniTa
zvGU65vQF@I-7L=Nq!})3nt~G-b$fcvBT<t046n9L*C!~|7kEN>xL_{9TCp;=KuDuq
zSm+&*qd=%|Yw*Ah<58I^bHqn@;lH^|7|typW%$HZQN+jS2Du3_wOxJij|}yHQa#eI
z(OkWyx`gz;zWjYg@GW_W#6cLw$wKtd3!Ku2@B!Bjvv9ZX0$)Db)x&r*BtIYe;43*Y
z3Be|-7}NND(>$}vNmgWHdw7DfcSk1QCGQs=uKA4m>9-bt#*il60HauEmV7yRFsyok
zH{AUqvv8-^TH}S3qPH&Go!We<6pU8wQ(JoBeP`(QeTAPGPt<c~ayy^vBVXZ%xMzHl
zA^@fGhuJL#ATh;byw(`8TaB%shMFZ}cQnK8GeCOlK;c5;wS}gues+t%mGRIY)LeBQ
zzqCWfoKEfPP7&EV`V<$feY0Cy)_;?2JhGItHyp5A2|MdiK6atNowdKbFyb4#RDjDH
zi57c;8;;O;YPWPL9m4uPG+v9O-tmRAWI%-x<F#d`YuW4;0YKxSr`2$>zifmo&B@BC
zYpurfW3C2UMj8+8<v?BtE<@Jn{5ns~Y2U8yM0p6}^t?KE>GR-Hm+{(CGqb}JTs6a$
zt~qV%PFw^f)Ua)rj9n?PZS5~yHM=Ea`7iq#4~fW2OiZZ%ZPHMusyXFVuDVm|D$$6*
z8Rv3$c8lPT@sOlcFDFYao$z>(Jf77?4;G^8R_D3;T&7z+*14^^+^ViMU)G9NS)+Qn
zrOsN-$!b?uiD-&tr6G&&Q}eP49+a&H9&Bl61oL1Vs!(WFk<%HrkLB+;YeSl?9X-Y#
zk)<iz?;E?^S(l59*N#MXwi?@_Kw)RcaV;YYkCYp)H5jk$PrKecvT&F2+Acul5+?WN
zh7K8(b2<&IoZ}nlDzD2euQOehbJ`E6oKrr4bF)=>U1?_doU8{*=REiT7fQ2A>!xOx
z&gnPF3{PysaqHBN$Wb3LyG6*75nLmrVk3XFy-2hx8rY^(Yxp%D5sC8q!m!G-6YBh@
zC8;pHfd<4{T|Z&>!{>rljm9IET$+D)#qBj6r@Z$Ui5zSu=xFQd=GcV-3SR4gw{W4g
z`gNI4-`I_cXll~kW9++XT9+e00_R@==kG?Mt;Q}>a~kb9ZrRAfcbU^Y)vmq9Ys*t_
z`NHkn%I)RcURdp_haBKIZTA?vQd+DYdqBD=w^kLdA_aM|XZDsO>dRL~wzeAkp=y3>
z$8jHyEL_R^YpPwJ9fL=m;&`+QEMu=XtKqpBVM0Rq;)j$wKq&k1#R{F=4mzDe57z!T
zN)tG+wa3`C3ZwU-6&?Gj`tV4sIJlATO#2x1AzTAvjn~qK2tJ>rhABYps%JelLQ9Ef
zps52RnA7QWhrUSOHgo<BQ%`=m=cqrFBo^Xg*{MeKddVymHU<y0H6D47r)MoJa^AI(
zC>1UEoXbgC@Yh9jkU|T7rOs1n!Adi;^TS+aALfcSL;UEi^nu(xH*q9$^-J0-x7KT9
z?Qn~{pXEy6w2yP}*1<bax50Vv;-elsS3l^GE*`{4D^#LGyQ3aFuu!#_p}XKg$cd1(
z><!$Q(>|x}!~t{K_o*A~l7KMo$fd!pxRzHpIFrZOUO5-DxR_fvIGc;h6Bk>nYit^E
zi*3jWE_W$13@wVZjqaB{Mx2(3Kr9B-<wD9vN#C7L)pO0dU8l|+zL1#h{+FvE8fu7b
z7-D?%bJ`n>aZY=#LCU1(EIuAkF<l4fIXgO2R`0+F;}OvoO0j_sdm_>!DGEI)v^JA5
zDT;TIP>TNi5g>`!9nAheo4n98f_Eh@wKw};H86al5ge1abb{IcixZ=*jNtghrFLfj
z{jGim=@}=N9D*ObkCW&_`iiDZZH2;i;*Yg5m0Qg|umymb(kECC0D#9<Bo)O4E0zk}
zhdOji`I_rpb(O7{g3Q>Z<Ca1IctRE^)Hy>Q>M}qGY28^cf;m|OK`0(p6f>guL8i=|
zOyL`8^y;4}^a}j2R=%l;)k=q0EmEYVNfE2v-pE#ne^X>ftFe0(CE3w&+}@FeO;8d>
zq8N2k{CWe7n(NCEE!QFW^%%R_AqXqYu`QY)>@1EGr`1Ojr`5a)WlEz6<JOKWT*LLI
zE5rR@DB11m1>U<1sho4|5Lex4<#kuNI4y;rl)CC}gq?UY=X9A^I>$eeQ<%xU+1xe<
z%<-F?x8}UfoGyL1-G|d0PTO*OD7S}l-j4GVXj?UXWBa<RIt-Z8X`&gv*QmSdL{IPo
z0nkrOmq35+95}FPEfx7m%=4+jlgR488Hzk=57bKmB&oez>IPOb7CG@cl7B(;pCUMk
z`V{NCTWkZEv~qvXj#~L+NnD6>khoQC@A&#&??8Dd=kA}#Nl#9w(>ZhGf?`^+pZqQF
zVcxmURF&MvY$T^e$5J<yc&qiH6y?209pWA+#i4t@{1XC%!<}<pX`*_!?C6zxasK6M
zQ1$kGM?i4A9|qGhUYdF+izNOg;r|dk(Bi*};BRF`J7k6*aM`(f97fIOs+q>P>+V{+
z@>$uAW}PkG$tuUDSp0F>!2IvQA=xc^wCJDs!^aK8m5!)E`B<aoXZqUZTvLTfWgo-1
zfBw%V{7Al1g*zL`Xer+Bc7#qS+&PNUvfl8mY!cSlGq@x(GZ;5BUb{`d#<)a}lz6dD
zo(lK=bfTJ*um7V-?<(j2h|ZkivZD@*(xb)h&!e$Sy7mdB*B)*H1&RI2HEMCiIxZ{Q
z`sV1nLLNfd{<l)rZvrPN>$m1NY3p|-@jlM__0os3ey6F!`1<|rV>MQjv8JxyAo`WU
z%JUBC^?Qt#i|cP*l-wie@%`EvADZQT3R0o-IIrSD;{?UtjQ4GadK~Oz^-D7RJ2{=t
zX|TjKbEAg3bJ9os6cIYksAuRy8TANt7$5cg0R*9kJ3m3vwbW7H=!`nU8TFc9>rpFs
zyZ#y!(YT(q_$!2*SqEjjg*XKQHywCUz+q!e6K)in-|5ULhy*OWN)zZoG&b2);!uop
z6&^l|6gaCR9Y6Pd+V30QbyWM;rM16>c!h6i-=PPc)98UHwFsTbU4;Hs(~I=`aIf#Y
z@8*7KUF!Sk^afwWIK4S8J;EI|eqUy{NM^TxaHcyaa4ArWpDOo*Gu+_c%N$We$1MsF
z2uf=scQ7=K;#}gaX^Ult?=BK($$nzKhH#_i8}(AQ#RY}5n>b$}plR>;m4bAm=0kZz
zQLC4)S8&r8V0l^}7I8RB9|{c{r4I#~2C75B)d$|x@K1z=XZ}EGU*>H78vew_GMH><
zFn-K@*%^8uGlwrYpZoS$JqV#*i=@}P6}dc}!-w^ubTv*LN>_&N>WjZgSA~hLKI4dO
zxIJjUe91cdTv}DI#cU+eZLZjTO={MP1LO&NBW?U=VkpUt4OvjifbB1zW<JQUEHr8i
z8FWfijL++%^}p6wT8u|-kVzJA%gBaIv>lecKR$^sG6eN@Xpks`F&l*2TV`mI8ymt>
zrmmHdJ5W|@sjL>#VOgFFgQj5i=GW3NdmX15v#*c|GG$a!ze(u0o}_Mj)Fky}W=_zD
zvNTP*)m53VkJO>e*DGf#B!7Wa79Pb=^wPXVTd^7ReOIDyqh<n>n@hLp{*A|P<9tDX
z8N=dVsxkO)(f#i(P*Bo?p4RF^>3@Mfl>VPnhthv9-G2|&e?QvN{V(T8*6ZnJy<U^)
zAe}U7dT@j1dXKW#3xm5-F}P+)<0cHQryi71^PXyKu`hf#_5yLM$561=9{!Z#a$R5=
zqv&fGE{4qsHA{525TQ`^xOs6jIZ-Wa_8nYMXadh={GI>WpOV>9kvhSjY}#cx9{Yj^
zRNeF$F5yML<+56)CGsNi65-AhdDj_F;_W}nW8vPeE^1j$`D>iJ305*8)z+@q1B`3+
zs}6&blNFo@gSuzIr95R{s(bR^rWfO>u?YcVhCY-P7@-c?6^*}rqI=w^`vo+6(sA7x
zs^e!!n&z2*3C-#Ci0SU_6VS;B{%m|wtw+305W>bRo>20Jrcokl$V%8=E~CLJmO1!B
zMkeVvP!<CbnMN+<Z{qZc=~pYW&~6RN#9BG%sl>K;e7NvK|2e{|&x8Qx22NF($)BW)
zmt4UIgakgyu|k@cUr9rnKXa;)#^ee6WX7*n<DZ=Ad20Nl0@@-b=db!ufcD4wP^RoY
zb;y)Wx_$g8|ENhaWu;76ryr>)yX(&~WmUANrwsO(5xWn3IWI91qefepJ9N>bF&@84
zPzcRHhCTZiYDE5P^=QJMCXjWKI;7tT?%Ulgm-Kr!{r;+(>UTFu(L74}(fzgpPz7~{
zf326Q4-E_Iq{xF}ELQ&3AFD+=M0N@Lw@5y$Q=zsDEB<lx`fOo+eAaGzG>GM_kFv}<
zB2~Fwf6?#6+sEYquSL*px$V*IpYOA<7?ZMH8K95bO|u<1(9&{r2T6Pve^bC<8sRMf
zL56>lH*|%4_0PfPP?bBlFUwyZ+?VUeB$X2=s}4=UTD;ePnKvjN>)n(rxF;e12`E1g
zP>QJx@8p8&zIWzL+6pAbvb>?0x%Q!-wR42vs$3-DHXZ~n7E9QuD#oL}{K7bNA|EiW
zEJlIcqUKx9Pug4M&hxi7gEMn+na2S?Pwwjdh1@@ZkH{j6e*8wFIrPtRpSqiEgyVD&
zu*W^0sA=m&-GRD)s(QbpbGItbv~X>&%9SV7c%=PSs(p1W$?cr><-Y4X?w`ngcL0z7
z+zjJq^=j;iA<Fp9QQy~vfx#G;`A-IKOQyi#I?aQ@VZ5k{$UA!D<zYXiy-@6{L@Pm3
zk5kCtQxGgGkR1R9LxHbTvT+b7EzpyEYbt*pVxQhlz2-kNG^D_ow{Z493B7Ddn)=$V
zBs0s6i;9;O*B5{2oFu<^Zkqi*&nFe?g>%kRC?k;SwYGTQzS#K}!;^5GUAID9fyBqb
zs1a3`ID``kNQlCPoOwuBASo@<s~ay>%6?*)R}v}2Ccc%gD<)&kQNKkA&{<`^ZaDwM
zN#J#t^N;=bQl6lE?ta&llfq>!R<o3AO@Y^DjQq?l-i;++PRdm^s`pr*#39fdlCWo0
z6~L%b&NWUE;~+pQ^&H(mc}hLUk^re#UJ`(I3K!q1GImj5m`V(5R82>-?WbZS_fyl+
zY~CZb9LgH6jP<4x!ybLIC{_^fpY|k_bUZ7&-G5TNE!<Gn$XlD|dPBH_;KR={FSL7}
zApLe>Z=hZ7)to*7nNX<%jGCDo?k&r888rcp5USkvq4y58MDOH`hSaZ?;}g~DlIuG}
zr8zrj%sa&wp5c<*9ytC4h$p-*C)Qe}@qj9AvCpVGNQBS`A~?RHLqL*<1KBL5FDD`T
z>wmzCoTqv50-&Y{G1{4|R+FH?@Tg>ouP)g<xf9cqa-%A017_H1eQnpH?s5Bd)pBq1
z*A%i&dG73JJ<qAC<(}rRQ*Tkynmh5T<x25s%o|VgkR>kv$+#6sWK%A{VFcF#39<I%
z!cu2SYzi)JiFHlDpRenBRhRiX)u5#1GHSf)*r{i3%p)BarV{4QTDUjj@@EnLLC&A8
zft6+$sTkJ+=jt?f;C%dTos=oK7fF5;W8SqVbo5--$q4)w*_wdVrGahHt&B=Nxj_Kc
z`bKe~t#<w6FidL)_**NvOjNXulsIHwfKiG^Yq-{fd``i*9^_5`)*!3JDfq79Wk-$g
zkBRZcs*?o9SF(OmP~uA3VrqyIGC7WsNr}d<t(DO`IhMw#c^v<SLyslC;cD)}^F9+|
z;&2zo10E649uZUlElK!xSggvDKzq1~D^MSOTu{dhzQr!8l_;A=Ntpyklo;MT|1`1x
z9|P-6KOn4AC;dJt%&ud!G^}49JsVh$p2;89vbv;s(ivpe@U_Jo$95YvTL37|Wi1)z
z$0={(hp2!}V%v<Gwd%RM^K;0B<AAfF!FiN`^W+O-IU1BF=X=BVAZZgS78U6zxnA+w
zePZ-PBFT}G?LYES$_5I{BJNU)So2HnI-}8$B^J|f2ckb83+cTS{7T}w;$_L+N6(GJ
zdwUJTahS5BvX@iutd@}pylnOnn)=?O33%}c%!^Z>fEP7!1mtT3#N=sQdvl_1b2HhQ
zf?p@A^XKtzm8el(47~g8U-RCvUvsuVaeuxfIsU*O;$z<yJ6CR>l^pb`de9PSo-5cY
z@v#K0wPX36O5=OeSGo3dq4(A|3q;jv_aV;&GO^bZhb97~x2UWl_Pu`~k1l5ayikTk
z-oMl;KoyiTrI7n~CZP7Aos#P9O~LgpL<TTosv)J@Ki)%hEA?kjj*U*sKuz`8>*CdC
zefXG2FoTo)*{I#jIB|c()ATy1A6cJ=rDc8Ab~!2gI+*h3D~#HAc%A}0QBl2+saMy2
z*Y|!F$%z>AA_K$SC+;zBjo4e~=+wsphOi$fSh>fzWfkM<o=8N5r(AJFt{juadMEne
zgVcT}Lt40!ej5Uvsr{ZZ?!ZOSDwaa<@6;sz`LBrMo<v`!d}Yn)0$jS%P?g}wWl0?I
zpBKlESbls>#o;*ldSFR(Evp&_R#o6q;wZ?>lu~&%)zK49?Ae=@@A99hSift@p_UlQ
ztMDFNXMep|A_1Fi-<<**jduAA9q*T<kKdR7&-y?9{{!)V9BTvXzMYQz@cjRg1TFmj
z{9gw7KZ*Z8ocM-+!T+Zz02g}>I?7dEamBx$g&T<0YNc@S^s?nRT&0yQZ#277LD_C)
zcEvWkPwZ8Zt!zUUrfx%4dKbjEAvo#o!#|;qH`wBug8$P15|OIH6ssnY4`r#ZEsjA*
zq8&IEyx)x@bnFB?WCXi+d#qKy&?SRHSt~?e-e^*$2r=#(U-;HsU&%WEWo%A!aQt*l
zInf)w8XxJE)V&Vm$L<#QDcJ5pU)v8E9df`TsH18gfsSXSfSF4+!n9C&ycW(sriI@g
z)k4moMDp^}5Fz}f!UvtP;8yL^V{yj{q$M_g@v-=;Q^&zZ;uL)R7n&j5<<B-7;p&j{
zU}YZSRZcbG;GPB&dibn*9iprzMSX!$dl@7&_E7Rl;FZ{0$upz&7VbxH<B#4ht9<)f
zziC~nY!X#D<S4=HQ-G7i6&x1vzf`3wQKzIts~V$*W8E+j-I$+(ZU=qgDWr(Iv&a{o
zF!Y@q?h>bFU)?$-VFJt*xp2Hl9RACFmgF<Mc?=bU{_$IEHiY?CJVzdd!kA>3Ue2Y_
zB;~%k4#*7=LD5Fl3nGOlTi%u-#NBPNCBLLl=NWC}x5fVB?V3vedg{S6_uJBheG*j;
zV8Mv%{Y5197+M{=bGWZ$qyOCM@RXsj{WbA?Io7(CmEMxi+03D>A??M)*fvx=Lq)}N
zd9^iVI4{e<&u|9*=<j9Vdt~4poq<0kWFvLp$e1#4QUMj&zhcCA(t}iDA&RSbqOUSp
z!e+jhA{9gy$+w-uCH2bva-d(ar>p1I*{|}PlDCrl2zlL9%C^HOf+lA8&qu5s?(JJK
zW^$=Fbfuf9d$*+3;Qy7VL{0t!QuPHy;txl%$PtSU83(4jGXmW`C}h~SX90InaZU4v
zrw>JrwqKONr#<Wc2T`M_IeNE$wnIkjg3)tjB62vE6`U)yM@>X(dFUNXg=u{u`*$|W
z!vKlB{$+Og?||Ed-o}bN0WKxx)P86ZNtNTjmrxx1CxVocCopVs7IqPjE*v2GrO>6x
zdI21kuMqgtm&;d(VJm*D8b*f9GE0^RmI@${fs>o3^1c`Ym<{%W_-F@W48tu~)I0=w
zvHnC2GftyskIY8sHuO-R`MWR`MKWywRE6ntHBA+(o5*zav9pPX5ww-K=~YoJ0mg6c
zF^1M71KwIO#J*>?lD#@NREq3HaKtUkMbe6xB3a8nWG~y1y>L@0Ymyl$vVXxkh&<U&
znna{*h_StqZ5EL(!3{{8QoB+H5=rz`V7H<#)kkjU8|W_C*Reh1*xBs`u}JY4>yj$q
zmoiCUMX<pM*dkPhtzHZD|A_V@Fm(g;yvYd4-h!i3CwC+c><aRj=J~LUoE9q>J=Yta
zz#e^5lZ5Hizae@rqPisqZSZ~cbHocuVq!P+L+wWn*j;8xXh1nOAlY*CQMDf>!oj{~
z8?xejnWGl|o3%?#y6EIDp)u&{-I76&sbc$%8RYRTqQ~~-mwK)B_5nkdWhgNcDmesH
zWve}!Al|(U6HU+=&_=mcVDDmh(e|9G@GLW7xfzCK<v~U;`zJ?QVl=f#y(!usdFxHy
z5&`n$VVWeJ;7=t<bA6%P`c%u_Qnp>hr1*}}?4b%;^8;>=+j~&*RamP$@Yge{tyR?}
ztEZf-e%DTdqplR@um_F`bu41Lp%4T9*GCku7s)2KmluUzMR9$M60@ZlB~x-iNGc?7
zdz3I*7@2>ouj?A&pIc&A^B{a_QQGq!=lR~r=N;9bFRA+TD%GE~vMSbI4NCK5Xkk4e
zSycdr=y;RyqmoGGhFr4{N#j7KIbR&(<sS;pRgy&|_%0KyoKX%F_?%-F;>vU|le?cn
zy@x%m+0Ke*2-kpOUC+5ttS`Y4zTF$yoOz`<l84%;l8ETbS|k(7Vxp*?_J+GGu6BLR
zwnxZRj;|2mWSzJ06PV!)L+c*x(bLJ#!UNUTbjC0&ryBhiMnGjKxP<<{_@(ZDF#T5-
zHp>uJb4iA9vmQc{?McEHNM-{3773qt^<KRlc~A7+MBE8Iy4<u#ScN%)4jyzm*#0Xt
znT20U2a}u*4uDZ9><P~oG~z;&gTjs|u0iwH$D4mIDt0+Nv+8dYm1^pF-2X>xFwjL`
zsDCT^i5187wbJvxr}U@IO7xt{55A;tpS4lG0Obl~q{YA7?#;Mk#4TU$ZG__qwQKSB
zl~mJw+p{z$GDAn6k>;Orn(yi~AK8e`GcGisgB9MJ!fVwB1}5rCUE}#p`8o%_u>T~#
z=OUU<|DFP;!<S~pXYvg<V@xY+c+~fddivYHXXTUndptZN-?NN!frP7^=D*MP{9%Ir
zo@e+y_It#BjsDL2R>F}$kSB>0Z=@j4TC625iPL@Lbm4X6h!CZAApuWE1bcRa0+%3e
zlg2M%&UefhnP$lfNlzdwpf4+Q<QMvjCj3%=Q8VZAMKfop2^$#B5@Rz~=w7qpC<cBh
zdtA8v(}XK79Te{L94U}idPCPExm>$cM3>h5SKcO$|3bLSQe{y~LBw<{Tz~&}W8n?X
zFqb}+z`|;0q#uF6DM+I13F%lUBJSD!r1n&!ecnBZSy%fffJegaV3tQ**yT`;m?%d&
zlESDuGy{rx@V+ynKT^^`vwgvUAEJI$H$HWbk=tSV<^Mv7^S_{e)oB=V$s!Mg!Bh@T
zjv@?0q|{a?3S6a9pCrDr3sJ60f8YVJ{{{Qs|1%AQTYsT}a1!SNga@WMK-f!^W2~~K
z@c^JtmAF!*Ml3e8(c5X`k4_sGI&I9;ZT#@{D;NJ%54yM0;oF?cpey1Xepmg<3xK(!
zD{B4M*3+6VK#bLe(0X<>Ka`^1o3K`*CaCvDY}5q%l$ro7qgE5_a?}J$p`TC_kk2Nm
zCfKWln#_S#zop)guBX+G;d;nTHyNE^Lre5&1uF;Qceg2M5Q(Nq*(DwAynj$!^C-f}
z2L$(<!G00sz61U%ME`)~bdqd@bKtyvC*}ILdoApeC!3*8?B7pPsnV(4mlZLsKCz#Q
zV1p`MTB?n`;<GwMBud1JL`7vS@|B#b(fWrgX{l?IJR4Pc4*D&m*Zuy!Nr_zgUv7rl
zidkIsf3NBvQIsy*N92yBPjvs!(c?nhW9-SJdE)J3H4nLw-vkf&x9Qo<c-JEnJA}@7
zM7)}ephPoLB?7Zb{da54Wn)z7wy*PRdiFxe|9*Pr6)y3gr)Phft4YJ@KhgB;cbp4p
zIDg9br)Q&_Ha>nrw{fe}#^(D}8$Ucf`}%P`=uu9G+c}p(2jU(6A3gg|)Z_g>diGuP
z?8hTDJ+t^t(6gkz3=#i*1hw+e<z{FC?l#-Wi-i-;QMPKiRJb%D>0T_FZK?+-P4`mC
zDu;qcIo#l5lXSS@g}A0W#o?ya<TF*$cb8p3T8*xYNfA0Q)MY(8pTNbjv9UX;@Z~Ex
zJmn;Qy(K#*wNrMk=5IXI4Ng4i_bAT^6`~lfXo;PcWCltfSY9#>&D|m4%Zd8BgJ5a<
z@we$3L9X|Ifm}1}QH_=>9@BK-dd>wcznl~od*5+GvDM}m!AOjwWIz==C>gEGlqN0B
z9tvR>d#KV!DgBpNw~wp%I<_qDNyZHyimobNnfH`fH|Gkr$e|yKwREuC-!X0)MgP4e
zDn6KI@UWOQsZE1){l4LtHO+AMG0LoY@;#b^jJx<>aFAonn$7m5UyJ|GJ*0cBpzS4r
z_Rg|-aFyyLOJt<44`xVKQaME>>hvl>G+c?rb};jIg4F4yF4w<Ps&~CnD`|OUMg63C
z)@~+Oh~e7tBfx{oo<yj7#B57Vsi-@!2$!jEtd%i-V;9Lyl=JbM{&wPCMFzx`F%r7U
zV-)Ml^kx#fgfvu{=lT!yZ)@T*f#Vn=#!&X<y#bl?=V*|5`cVxs=W;F}^OuQnkU4e}
z+-!FksI_3(w>vnPhJXL~@58^to~}zYR@o`|ci6$d!|Ch$QSwO#|28VY_gnFA_qXC-
zRN>zjb$T)fhxBBA%(+bFtrOyt`Hmo23jTRQS@~e!e<RlI{61Ls%v~DmzUlezW8IIx
z`JaGwwo!ZYF<9sQ@4~uQ9@c=;&C-DK0_OrKy~oD^<yci(v;B)ojdhO?OW}N)1t#&&
zoW1QyV9ZB7)VV@VNli4=7y7GHN<+%(NJT7s8*@CfrsriCwWs1V>yrW;u+2lBU`3~v
zz&W<>y(29cnR1Nqo-8(3RKM_86`h<nHgQRL(9Dw9y~`BNsD{_suiPheti$+Pi83g`
z@0ZO|hdVh7mb5Z{6>+Z;15KxzWk!v}?t1pNaRpBIhOczR&Xj96#;=hok!#nePIQvQ
z&OdFh<0XjtS};ZjO4RdxDN%q^xlHqh%J*+tOH}LEVq$Z}Zb)tEw&hJK@`9EEPD|@)
ziIff)83?W!3dLM!pC4~+G53^931huijf;$hV*3b9#aX%Yp%XAdNa`5$t@~;69C<I?
z`^_g*<kBm5?Q)_F-KrUzI1IamCdE+l$(<^YBwyu>cC!fUsm&pamrx30laQ{QDfr{E
zCUIV&EBbkZm+9vk-H$KPPd@Kg<Mc`Tl3e>|^dv^d@#<l<Mmz17DA1rd04`OcO&8Nl
zE?KJ!q-xy|RavGZ)-QuUWJM*jmDpGc)Hi-?@4?K%%RaHfpi(hvYG^@f!1O_><0siU
zCK|E71sB!nS+QTn;f(y{fo<|sk#vUfR}4A9{x1YUgTQGqJX48`O}X(?xq&V?`(ePT
z@C#9&&f$`v$Vrf*6crwmfu%=u&5S6Q;M4eQO2RC+No^6q0{akj*GILVm7Jg?kPWL*
z^Nb8#inftd&h4{EgRU}dkzNk7=q?Gc+|-jNXb3m4E%sD&<aijHz`QVU`G_Lr++C*5
zm;y=?8Z}L{>f@c#qzK1;p83#AXaBa8cPTrl=R<5-iTQZuAwHWFIkXU!KWbpu{G`aw
zMENtE@-DNuAx8YffPG|x8ZHH}WYqRWsY537e|*Sa@ltZgAFH$YkZU>9LyqhBQ^vdN
zif<k7_Sv$2x5q|GVz$%|`G?#P`+rSh{g!h{*6(V;kE9trv3^mq*@H;w?L6wVb2yl2
z=OL$^cHh#DnCtKdXz{05IGKOy<?Q>lGU16_pbW0VCAM@ppAOXkkf+nX{STgrPUeVQ
zg%nr`W&eIwJdVqWTmB^%f_+*UkBcv-A~CHMQD~crsdIZJNX$tiRk-p!DTL~S5ljJe
z@TNGCB1aZPO1I#UmBF--N><*Lcf!3#KBmaZu+fkeQAN)`l|KX-2w8c)o-cu{%;M1n
zZm!#>{Ps|bfKSI#sVF9*2UFi+sQM&bZ9LTbYB>va9x;O-bl$(`75Tm32EEHV*ZDoe
z`8}CmMKHY9M?ys6vz;q5{PSnNbB6ySW17S>(cf|uZvdjek{C7T2_I3$U^3{HeBnRK
z2R1?_mVh`6X@@<gzW`z^K*3670v70X2+7Eq8s0vdEp8i!g<jmmC4skpj!J_!{2esC
zh)Om|`BKmI`b$grjcH=2hvos<-5~p8GFUp2&7@H?OP$>!VeLDm1nF7TVl~$I!Z5$I
zBmHEU;I|}<&5?w}>=5vohTgr+Bnw(xsD^n^hWU3c$uRpKXP9E)qI@W0eCE2eStr#R
zb(^;^5+UyEpJmoV+54x*A$0*axX{D}1*tEpb9md{3|9aRqT+I99N--0a@xcMf4%K?
z1+vppK(-5)1Z3|7WK{#w6smNZa>ekoR7|Rr?V)PB^LrEGOi}W3<-)E`kOsoNp9?AY
zeP%=)eoJIJHT>Fd%YxuPFuYxc{Vs4A6Ha5#=JVt;pX#q6^T*dB{iMh{_{T^Nxl)m9
z`bdCa(JUg_4YoX~wtZiyr!RD8PIbv9|0bVBo@hcKU~<0j)EuRsm8AGAB>pmDH-(i;
z%1Opv+M?_4IzRSL_OiOc#ks&nK}O&N3KP@jw!nhe<Ep)e42XteWK}t4->TfnWh!T*
z8L!`zz(XUKdBI<Ycs4>B@!~<2P*<qx<jG}HgfnryDks)XI8cr~A7=(u^`r;m%lw>L
z*6g-iP=TdV56>5#mb14k#}&{-i69Dz8ScDfdx9Q4beme-yFAw7YT9+l)LzatSzR(q
zXsJmPq%5gP!P}4UHVdPyWg_BSA&-Z9xBj_W%T>3>MVzY`fLhB9c9*yGT7G?NJ7GWt
zppi<c0vh3D0~!r;cqSEiWByWMKJIVfm-m)9_$2ZJdv2Ub1nu46)A(t^e~=#>zLB_b
zt=s_7mQ3eeEk6w8k|5fL0*J@sKkpvKmdp4X)p-3Rp_cC0CXbQs^1KKdP$jahE~yhp
zVQqHUAN7&3#R6NUgc@TLG<U|f>H$530SrO1!-4CKT#_MNnLY#w+tDHnE^mLoOhfr!
zuF_QL_xvK_{|k6`8IN>_9VCI=sOci->42V`;JK;@#P@;s-|tC<_Y)KF9(_xZYfz{m
zqt$;E$Txrpfc)9_9|iKKaN%Ep{D)f;ApiI+$AbJIu6+l{|CF~=LEa~ihkKu_^QnA!
z>v2H75U(X6UoIYXKwe~dfd>upbJUrD2q52IgZy#it=X4+E4)vi`YrH2Qf>h6A3czO
z_nWw+_#YT}Ja|8fKK{Fq|5@*Eh5S#Z=)sr_#)16zxg>+RE`2a*kU#%Y4f!t*){y@v
zevhx;mHHNQs@#`Vx&z~-xSGVTp~{isL%1z!HZ6G<s>7qGVLmLE`8I04VD_uS)1{<a
zIjf@NamBAYsxN_G<E^4<Em_oapj0IErGtElQTqn3s!~jZIp3J*p+fcQv`)4GS`XlQ
zDEpy!`?6KDU+(3sr;4ahjZc@xU%F2<E-5mi^2hlC<TV0@E2wFteI`Xun!}Z9KBW>W
zL~?bbV<opMl{|->>UKpXE(CdmFYqQuf2DK)P}ENqKZrv@fhxEp>+rsSbCL)m6p`u|
zX+sH%ndpKQ2l9q1={Z;a$bdqF>AqS&L!rr1^$hvztsS~k^;K&Fy3;|bQ{@7+l1tL*
z(4#wbT%hC=SP<<sn-aSAyiWtdv;6u(SK^U~ir@}r-4{AVoY(Or9}sT;5ueW6)XXi8
zm~V{j(I=L(b=@<l=Sk<gf>eh+<$Cchxj>d#k}mi37Qc%DdM!TaM_UEt(hp@7z_48%
z_Ow)YT@%AEZ%uW{yOU191yGF6Y%N#fpMYw)9ulMlOsN(oo~RG;HR7Jv#T$&I#M}Bx
zuFv(4Geeh1wD#?!YC-qE2LH^GrH)N|nP`e7)|Td#+j~6@cYVYzy-V!U_5MY%^Hb=*
zYVQoEJ*s}k+v~bip4~!P3aiNpy;eAw#(!`wM#YQFd5PqqWEsL;w9iG5N~gt((pF(D
zx)f4vvkHsM;)AThS{SL9W$_k&$tvuYYK+2Ur#P|Dso@B6sc@yaARbn&j5MU@mvDrA
z%1CqEa0D|EjzD*$gWK81Bwh66Q+?q<EXOXd%zXEyNFjmlv72KzvUTzj63yZ?sYqp<
z4U&)eFOy8u!E%_XiNmEhOU_aNrvjjFk;_idGLwkcV99R(S7z6RzLMqs&qXRlB7PrS
zUpz@;MehKph^wsN;(V?NT6k`Z<KjCeO(&JZQbHCvNB)3(?I{Le=FX|ks53PRmL_U}
z5_g7oKUG3Q)%0hgxxw$-As<F=1r<t5`=Hv9&;qKBH_G^-HU#{CU*nF*KT>>rRn%Ie
zot{~;sc{R>YO&>9=?)yn!gFP+g$F_rolVzf@SwKv48jWYZi<CxsIu@BU#oS^)@lE)
zuDQk5G#Q9ut<2g*foyNrhFI=V%S&LW;9irk|5Hrj(o~Uc{3&FLbE1FOv%`i~&JpLO
zE?O0PIDG36)dyPb(H?M1#gxSLUu>|$*U;taz?B51#Ky&A-a$~Kb`O%JDG}}z9vY9-
zf%v;#E`=%pm?i)Qx7m*cxZAFk0G7Z)9U>p&H+HeyM81vR)b<_;r&snKBI&)jx?Anh
zvv$w-2CKBe$A+91q-qh-?}mD%1kCTnuUW)Ddt(+0g1WPBQCh*<f7?H#?-@UYe@O4E
z_1cF|{TFNhzrf$EkYLmwz(2&gN0W{N6Sb+}A<l(tw7X7`je+6s;qO-Av@y?V<8r5s
z22c$#;D`4Q`Nw!Y=nAL9_c@nAUl;H2yZl3X2vrUK^H6HU^M9?sn=07*zsKLLJu=X@
z`@8KB601D;)BW94C>nfSd8wuOyLnRm-JpZGnv2I<>^nT(o=EX{3&#E<#p4YQ*Fro<
z!r$$VZ}WHSpA<(@{oS1Y@pz+u?c{bGkGJ2Yc!>NwE;~w69nqFe7@!5mJNb2X5J`Xb
zuV>B7$?y*r<(yj?Fl1XM3c3O@VDuNANKu-;epi8GzmO7UZpmm_ATJle*0<jUm<QYv
zxc*h3A~v;}qy(w=-<SJH;Fph2cp@+2l3>E1tKwYW34?QlVOsr#^HvUTiJ&moc_lCL
z${QjmIPYyfjvM?v9z6l0`PCEffAaIu^0T*O(GMy=>-N4)es<tbl5Z%<nUIJ(bG(J`
zc_W9irBEv-N0DXw8nwTaZ6z9^H^3wL*G9#q6}~I-S7d)S(Jn-~DKF}Hk?j`z^dm%(
zt@Vbh@Z&)h3v|HL$&n?JwFIV=kI{hm>RlS7`g1N&xMZ+~LMgYinM_g%pK0Z^Zz1_a
zzRDgLZjZ7H<)r+{F(VtZRh4NJ8Ormey_;R*0IY@XoPmwyZoMm&O)J-YZnbS3X!+df
z+g7n`5zx{=!yF)65zCmvXZXn@M75{6X6WAarZs83(Q$xnHV)V)Uu5KZZKLBrn|u4X
zx6kP4;hsm`BZu#L^`;qI$cw6A6eU@j0`uZ+ONSJ{kk-8x5>vVSPC?(xhtWCW-nF9S
zBlL(XNW0`i!sbU=1lgJ@SxU%@M5Si5Khl!i4@pRgEGFJ&xxSK3Mr|FhctdB&)L&K|
zx=*(HOGfMIzho?=M2GFX$t78Vvg$NCpw-VQDDCWreTB+eQ0u(aA^k07)DUX{Dgws8
zglsZK4I6Nx<0{sBtx8<r$J-L4yOGFDJdb1KY6wr?mn6WBeNyQ|T=_!pL?05GZc|DO
zX?NH@J|aUt!l;=<v$4~vMcI(JwP}>PbpyAs?-7YyEqz0YH}%tm=nH-mx*R!3&L1ez
z2l*8l`y&D=R7ETwv*ruUa8rfD-w8i-;)r(GZ`_NCeo5)9Z(Om=(pOzX46<y2ywEkn
z?H9?jLKK%g{$Od%_P`Vs+k$wDU(G-5jy{>;akMzu?JN1l-`@<Q*o~c%{CZ`tUP3*@
z9e#IcdIoDy{GmPP4wZgTN@5pf1=gATqVWGjwga+Prwq7C#R=m8hSo9nF~aNAJr(6D
zWy19>pS3}vV1D#ncSRP@wQm^2NR_izYFQ^`|LH5XDg5>HgBPj?*Vzx}Yn9myZl``u
zX~s2X_%=Ay%p%wiO_JD<48ZfQEG36hpdI@-Jj(+o#5Q63F~!OJbGCw|k{b+rOGn%T
zWNSnePJMxNDX*uj*X(V5AW`KYkU|x=m{MfnsQ6o1r0~iN&L{#>eoiiQF^XU&5<ijW
z<kae(?+aZZit+++caz8acqu(qV{+FQdMke-ZOcmq^gdK><Ervp{_EhB4@yxK>#X&6
z=%M@g`eHgaYEI-$kCc@+YEQ@(!Kg}ku*~_Bc(4%m9&TcbLxw**SgP<~Q4ju8T?&Yv
zmgICbmkZ4e%|K1t;{SuB(oOdkU5b0YS%|0qQuB?3E}|<6s3?jE$|-Q?ead)|7vcR>
zZ&51hrFe_lJb@zOFnXbIRg1NYfCthtL!+9f5KX}EkxA`TR<>qq74j1r82|<?MZHmD
z2sVXu?xIYNDI7KVY%*fC#Ky+;jU|(F{nO&kgzFr)Cg`7kGx^h0Mgp^~6gG7GPm--E
z3r*girT+J$f9F}Yo6Y+C?db102Op%p3*zlPp4J|!7v9_$y`QVe{9ag*_AM5IBQ{$Z
z^iACMvFD@+m6WKO%Br&Hv!;#2a`_t}k>TsyfSY6fIxJPq^6cxn$vSTV1F?w6E!;x)
z*;lYyn5m>X?qXJ0d@;HZDlJxrF|uToX~yPn=gkBg=wt|_mn2U@xoLDL8|Xln=+8J!
zqR3qF{}rw9Z{?}*7<+H2?ef#()P44<8CV|Ir4CPz&3jg2Y+!zAVsuwA6lZilaz-~p
z!ugLH-2*fmAD!fna7K0_#3Oc|Gagbl#>cWljio}y0?~dje~8Sb;LT9Gh>M<CGo}LY
zM;N{s@H)_;n4pTH8^wzPRRE<HGa4$Gbv|_VV!_xHb$~Iitn_)-;c@wTV4d}<oy&2w
zTD_h9x7)PA#XleG%bz%rB(X0nkgUk|No5cz$iuH84U*>cWR?8%G!CchL&<o0hdLCC
z$%gxtk?`%4CD&*H4d`5><2Vuro38-{Q9rylpj}4PRB&DfMFM^n9u#PrT<WtvuxGU8
zDY^K9TvTKUvJ(9bXWsBI)YJ1Sa-Meu+DeQg-$VK?9M;Go1V0}Pf36(LXRN(df0NJp
zhHPL8qO(_UO=#2OA9KDp6RWATASpaiq%nywN!Q+r3>QG?#~50Hb6DpEO$ocwr3{);
zJ@zDTJKkfy@I+-%-R4oVWYj#!J$RFDoB~(UxD=nx%EyB47aWHmPL+m7(=ec|Y$Bi1
zBZk(GrIm2+XDFA+1NWaqPG9CNV}6)F)z*6L<Mr~d6<peuJj|e@ZRyg}fF@{xo9FC~
zpvAFHAlInrh&zE)%UP)Nt+((4+x|7LM8#V}$p2Ar{2$W<j_(#MLyu+2LkgC~8^ZRF
zX96@b;mrav)$lZmRpGnUv5hf2UXE$-_LK(w{ZboqAJy2UiN*qOE^xxM?gk&+T#jX`
zmiy(~trVMCXWw;ZszNJ;f01S$k<APZ&~$1ZUx53g*LqLVR#{Y=zH3OVv&eaQMZy)T
z^kaf5v!)4?`HG`pSts(ZYMp)H!q}?0_8AaPvu_#frk?xc{<g|G>E~bJTs5OK{O}i$
z$8Cm&!2EXFHG)mn!dS;7ZBq8B;tv%`*@5t2uf*j*;d=l<sM+p{dL()asFI+pvC9!v
zkpb-ne80Tm8N==V5F(=>D_=}S!(~eGR;ipQP*8}7!WKc<ZbZOcbUI`jEq+ka<|oo&
zHjqPHL(l35j|V-S1yCrGfxgrX^)}=z)Y*NLhMwWmMJiFrP6EQsLGLflNL>u%Kc!zJ
zxN}a`)XOTT20DuwufTbD2rC#pgA=*<3uX@yaJYRs1KrE85M4u)5$2{LA@sldW-VBM
zF$^pVZayO0<=eR?l66$!LmxIZ63)mPW8;#5cu<jCHKB{89xP21I!*jCrHQkgCjR&>
zO*E8E&4@jS)r1KsgWk0^I%X;qYi%}G>ZuJ?B0H58un)>JIu7E0Wghp00J4u6Tx8^4
zUuxvuI>hLBO)2+L+271@87^sM6P;&<bDg!ToJczp)jBp-s(bX#c5#hP5+vw4vsg>n
zQ}}hHY&E~LX2K(C#4UuGMqU_hf0TEeNj#5r6D`G)09AYvyKqe=@wrkVD&Ibd<ol6H
z{OU&C#C0i6e9ARx;`a0=5<8sa_!kuE@xR7z%J`l9?AwqqK}<0AYEbb*%)NY29Am$U
zoulwY5F-bi5WJmrt{~hE`r)7Ou*Spx$C2P|puoQ8H*sVY->y_-eTZ}CUH{)n44xHu
zA&H1p_(CW|^v`t=E+AbA!b$O|?}u<#pUVEJZ31^S?zt1Vw<w8vL+?Kx>iu$PD(d}I
z&O)94aJ@#oO}yfu-T|>NfO>c23F;;FUuXai;&v@4(3fy%S-l_8hycJZZV~|4qOj-;
zuF2~C{_>*$fOL`)F|T);WhA#&&@Z)B$+hC(Cp)&#2*J<yZqP0FPiZ;AHEG%VEiIej
zGIA;nhDTlndJO@+T;w#O12K4uIT~asE0O~+r>s;C1a*ceDpAh*$rX^NY&c`o$fHc^
zmBX=_D+JPeEV5$g(msMh{VvoX*o$8Q!6d&x@H$T=`F&SFL#&=;;~>M-1d2-TVA^B7
zmH$|9lbW`#xFR2ScmJcN4fURQDdTrwOB$-v_m&}W?xLbLUS^Z`!At#b*{9wJXuMh-
zy0qFtIV9<bg8k>vU`F87*y+{Q=9J5m<uXh5)ll)VP<g7xI$iJTm*_f&AuD-8bOR75
z*g+d_W0j^*!D9^Wm-f(;(34*W592>6^Fe-1K<HoPM?T0z{$GCNA0$8W|KIr$pS=VC
z`gijq{}0QL_<8TdH+*+~#Io}htS8}{_!-eQpwAFD(hhnb<<3yav`rjHL`fnZUBQUE
zbdCri4Z}-osJ&jk!WSy8E}1e0e-4-dX^l+c4Vr{#h@V9Je3A`QoJx5vUyEiI)dmtm
z#Am&4|7HiN%iqd>o@e3Lg}e<7L_Ac=kGu0t0v2+8;gQ%SlKJytT8Nu@M(}qsSa!;#
z;vQfW;E)HkG;a9JD7*z51)^T5G|P?#VrmvZ8!IyK2M}%Sunc^R6fKaeT*<AL``7g`
zIu3!NnvmC08XJmGQmW{tQBb3zDY!mdKJHl>rqPMgmPuPfr6;y$Q$;FD4Ph1k`v=kF
zuz_FABeH?Nxfzp4-zj5c=mnyCb^CAfT2Yy+P>q^4(-H@WEu@^XXKWY7)R3E)q}oHW
ztqL|Y&6-v~bCcbHtOltBz`i6mzG7;w?L7$3v7QZ?E+dyI4KZUkEJLuu4MNAes#kpE
zb5c$dcvp!(mEJT97$o>IkvME!Wclo8#RVA7n$s~U)F%0Bi}$T_^grAp)6?<n+@b%8
z7fd1@k61fZIv%WU-;$1}qy9%$^F%tHi(w5DhG-tJ9tan~cMRvkdzu7)vFeWddg{>{
z{c(GyQeUCSJMO)ysI8RB%X+ZLVd7aunnkpRPb#qBJ|OyFkwArrvA!au#Lwft5@hAF
zFyiZl35zW2D*|4wEdp?EDdM!e2+%1nQm`Y>4won3$}`}~4;Bg7r0`@{lR%C)bhbBy
zR=(s*9i9`{Z<(PPPny;PPtr;qHUR!t)*(+nsUR*i<0bCB#Jy*^$N$P_x%ZOX<J#*C
za4F+k!@bvyj#n==I^M+bfE2sJV8^a7V;}A8Gs9O)``oYGr`iwCs56m2DL!B8N5+If
zi`SCm6#f!Z0?r{M0=ttP)|D6l_V@|AZG=2XyboZ4{~x*L@IWCR0M{)s#=JIIuUi2%
zT&fGdmZf`vOR{vmg>0qz<smkRUmn}Dgt#Ii?sQyAL~N<;=5T6N-{uT0=I7Was%EAY
ziE@nEbUp7r)RJ1Q3jJORy$fyw32_Dz{mKMIx!4R#ET9k|s1VVDVo-7WLNg^Ppi%RC
zCPmDoIiiuxjp6fHN_KKye=<^Sc$@K|{6LcJFi8^%aG4fOo>8@0a;cz`nduf~{`ex%
zoCGMgAwJa$ji1yT^XgsoWND1O>g!9Zeh-1#`t7x34EjjkF7$@(<L#YxPxZF{w5eT?
z@QTcEmsuF4GG&{aV`dJ`i%p}^`@T}4XtKvH>P4Lvp+9Va7_;OXC0yMu<T4JOGrhcr
zu!#eHXp9^0Zd5H<FQ|2Q*|Z%oa<d{5dqqbm*knEmP{wrnh0Z;QId8qtvq8LJT4Q+V
zZXv}x#lS_2%$q&;V&O&W#9w>~hq^zM0NJC1rL9O!xp+(pm2m{FwDn>B#YiQx=Y$-k
zc8SoN&+3;?mQ#otvEF<-7L%OV>2d!w;`;HoQj01ZA2AArMio?-peH!!HL5-r^VIp6
zh1^1!omsIzzEGCMf6mnU*ttnwBkRkHlm3!YPejh2W-a71fswWL)B4pmQ`^N(1HP(D
z4o&Xp3lk!Olaq|1_5s<Qh5F@d(^#Nm>>P4NVuIV@*vd}E*=aPVDbH+Q(1)Sh6UV4c
zjZ$Nf6xcvx-?7XM0WadN4p&6`GmZ&5OF3y}h=zrhu_<06dZ90Yx*YqBLaG=9t8x<o
z@u~U_N8VQjh>D80li;hzlnL6f!L+||q0C?*Inw&|D&A`k>A@meUnyN3!9;8AE4iSe
zu~c%)-S*Dnb{Q{IP{<`&bT=;`29L$sZLi@n7XzJMp7l0(M(FB2oji4ebFpS&ZrzTe
zHb{*<y(t-%QoKgyKRB~fhTpX))W)i6-&loQ4-0BU@yzD7DtCBeRVTOzwf++FK^pw@
zNqmWNG3}y|yyYE~MZm>cyPl;}fU=(pVn-`H<PEa*tcl8b@K6uqk&9>^Rg~Gh3gkEq
zLX8%7Un_FS3G*uXyxQ92Gpb_6+r7cVJl&eB0<uMF;(Uc$2ZsA~XW~xnE{LFuL2b29
z<4nyOb0pI<AFS51=1!fp-*K5)Giv|Fu#cKKx;7|=OK;$Ck?C3^<(Pbh8<l~)Yz>Zv
zWG#JF?gtN^Y6M*zg|p76L#_ZzNeTU#QF{{CqG#zx7`oIXah4kv-LH#OAKh!;dVvgl
z6KJh1t@bc3IAcdex7$A4vt7pD)rxmb9s6c3tFiB9CjUOmBQX;h71n5${np$Hd`7x?
zLajYkWqUTaYE7NAh_e<AmnXQY))fG$`OK($k(Z5mQo1+O`gGQYHg8A;qtypI?oO>|
z9h_o3A}Y%ISf(-WUFN%3DyF=AVgWS)s1Co-#aBFeKGnCzo8fVAr%g>l8BZCN$kfU;
z$<*3i*%)%FU93|4V<+;Sr=k2zSyViO-w=4VZ+0DNAw{aB*~dvotd~#GSVd@br{KY^
z59Z0oo$SDLsxi|OJmfNdT0i^XEcuw<M2ffLNcyQe0<a;`#Xf)+4qVaHV!yRb7~B^7
zYn^sVqTtdx>rQ7PgMBsjP>X%rT_}K`h;LQZZyNj;klebI{s5B+MP|u_0;A?@S#im5
zJ+nXsVnC*_b64*(`<i)^FA80QkHxCV=c_`CQjamy%oTu!SWYw9P}|eH^Ey=Kd^1?F
zk3hP)@C{~k9Cl&;myDx_ClpLgE6wo#K1wxv`mUyjihX9ti=7cqc2Pa4REgn!yF%CQ
za_?Q3=l5e~-bJ-9%2^I7@`cLaF7H(rE(X86k;AGYj(Nc~xhga2JAe7J{)aUAvCp+N
zgs154$^9fYGY14^Ei3k+;>5c8!F?B-RtcUGfEZmWwXL+ygHazKw0B_}s_j_QO5?9Z
zi9o@yQb8M%1*c!a7sW7Ym(xUbVIu)@c%x)_BQ2TUl17q5?n`*1w84$TXOtZf8Q?;(
z%wdIx!+J|TF&_CjZ;MzI*^*^Hb%!h=Y)P?S9up$yjclUPEm>aI&Vkm0Ju(J1miJJ@
z_PQW0OUShP)eQ0g1DaG@`e(JZ*#7W5vOy9#Z;dM;0XgyI(@4ZyufEQxk;>ja<fOy&
z6&=nABv$!y#KR0^66~H^0k&}eO%(v%x#vm-?sWO60Qsm?ZO4uUBq>HBVpq5dQCalt
z3z$3kXC#R+?Il*fuZKO`3Z_B9*h(X~P^KhwFB`n>v#t#1Lrz9&I1_QhZJ&HT?F;{u
zAQY9WTGHE<?JeKo&eN5;1_dA7Ax7+=G*mK@;ygqp_RGgoahC$SGJtY2fYjhE+*?h-
z9|cH61zteGrO5tF^NkchTJCd2$#Dnl4_1&3IQKD2mfSbOXTfkw9RR8a8On-cDcjKm
z{Kw8veUtLl8j%tJ&wcPDi5&l6tY#48FlzqEszeuao&s=2t;~v9h@y!MIQz5A$YFe(
zmLLe)X<+6x%65wCjC~@KyGW!ZhmA+(%Dadr0%X0017sqjh(nVAmnr{UO9or{1;AE;
z`l7+%e3D-;mNdRI@C<6i3ItJ?*wa9_cED?s5*npe%!nf3tdHWNJy~NsChXtQL-ZU@
z<cp63Ub*(lEegCIE(5$4y9K;Tb^dytzg0>p0zn>X6R?x;h8TMrU--^kWl*TfB~QOw
z^7SV`&$`lFkO9=$LvQ2T!gX>irUqFP(;CzVvZ!qx_7o-}AzC8TV{AuZQQH#eC~;2U
zXW(?vo0ql{M4VP+e?o)K9sCB^D}$<1*ywCu+$yb&dN1;vkC@$(oq<hWS_0?t>|d&j
z&Gv5BA^bnn=r8i?YP5!;!<QX{8JcMdaOc{WoX61F2b^k#GR1i2Ka=qwCyP`vP|?pc
ztCTGDworxp`8Ixnz3wTEt$RMt|Ct$_4#oV3CwO^=e+Bsoi^wMo)muk4NUJB>PE9`8
zlT}+YilRcl(Ab00mwF4EB_&tnP?nd_TZr9KSZhC{Rt$CtFf+_Td|U9#KLF^EXu9NG
zpzu?3zMwe&Aa=`fy;~#Vv|E87vd5GMMBEqfdv%y*unGdHCk}o4igq?;`CPF<*4^DQ
z1~ry<Qv<AaZPOswGNYr&)dGSC>~GEy!DC0Ybx%RHHM)pwQv!ULjajzBTXkG?$NeDC
zhhUL?=OzVcXL<m%o6kyh2})lN4Z!m<1#b52trSA?CpigD6FTy1b)DdT5^N91F)wIk
zM)qZT6YR!oyx0&jZ~-wM@$)1pu#1S6>%)dX^kR83>u0CW`t+jcXKL1`CuaSKH*$no
zADo=@OQqM>^`y2K-omdT?=tBu4;<z_ILwB$Nr%Izyu`>WK$5p)vGK@$5CNfFO?<yw
z6mwB-hMKQzrm3&sE87NIxAYdi(pv+DYlmo-K!zD4@@3xl$h=SQD)Y|nemwIYC?dzV
z%$ewl@{%*5m*IEP6T2-ad`>ajb%J%oR|v|=Os$a7xzXDg!LJlC78xSk-fPV3w3O0<
z0Dd@Ysb;&P4qUZWcG|g=j|^SAlttzk$#yB^R_?0(ZD=UuysSyd>p!N+;8aRF)IOpb
zAA?|lP5uE+e4*j&KG_w9O7Ux3jC3xuWz^itJ&&^Ndek0dVDQ2I>ofertHZr|G7syO
zla<rcRE4EQ_S|z>8nCplT+ba?Qr_PV^b~(M&~EU+5DmyQGd_lEk8rCk<Rz)x52Fk*
z@<z=DK`a@3XiP3j5@_xcmmYvoJB_7}eF_KPr@ld~@&iKD2LRW*OUr!CK!6chlP$Ff
zw2F5npb{Zy1*qts2t}AKZ8l~21EO2xS;{}CnV_6Zg!HS{3RUF{7ZHSoiA}IIt>xii
zI^kI_Gr!zPK%ZP~R`X-C<YVKZvy@D+(|+n3MoiQfPD(!O-cmE<fdqSyt488k%IuW#
zt%x?%9}i&;n+k6_=&umHNp7t3Tt(-;v?at7RT09`I#F*3c;VFMp1fXx;+OW4J{T&4
zOTZ~^IS=B47+jnxQ`-|ZD7^31AG{xNx)ke^rxANbAA$%d`>4`S{wMj3J@mNzM)9dK
z)O}^c9piP90|i*d@4<oIIVgrFIM8)Bem@S>gXfOnKzZt7vptd4()kYtWDxsU{xi=l
zkd3q06@ot^WnIF--ZG(x-Q|*|h+R2EvmoAt)V&lAMUIFAwm4Nqv-u;e$EZ2Tw`%rt
z5A0{>aR?#oM<l<0!G4tJlc0o32->RIj|f5U!+xS^lo0k~D<Q~XKTC{9YUt(vWA9zy
zqpHq@?@Tg~1OhuCNGMT4iAdxc1SJq40}1TW3D62^6)$ZSwOX{vjL?cOFo|X}9n0y_
z-Y?qLo?6>VwWVkkGQ?a!g@6S`M8FH~VYo_#gxh@oXYD<gU{HJBbI$v|-}mw3m)U!*
zwb%7o&-1M3w&EPnnCm(vK_5VZ4qk1{`!o`yP+?WRLWM~Zv>-`>eoNiVhq;NsiU4J*
zM8$mT9R-vtCjgY2`lS*h;eR@;&-l+EG=X7?Bylk~5~Mr8fA=!M2jpmxRs99GF}Bc+
zn!_gZaB;>Rqa*LDdFF5z%v9&6eV-sW`-E*uOtYtm`$|67G>=rL8AWwqNwtT6t=KP%
z+iaSfnCo11u8CSSf1hGI)r5P;3C*`?Pi36;aHdhm?f9AIESD8?rl~aUh5Rgp?B6SA
znj|jrf^nM7q1OuKLBKT+EEl{Q>T?d^L4FG1sTDw0T9y>TGcc9#<Ru7Cep2542?Au%
z6L2>RP;tbfJEE)d1n(mYEEse{YS2*3II7MmJ;;Nk#Qt8uT2vIXbhm=_7w1E6zPhq9
zG#n4-M(B+M(Gv8GxtL9F3PjS7pf~Q4^86HfgCLjCs?ZzS6nb;4|9R-mS*<20K!6xT
z9qt1S07JY7NqX~O8+6fo8y5!V=Xr0E{y{nB+C3_RLfn}`A%w~Wny63c%I6>z_sEG;
z9WnoKRHUCBC_{mlsB{U+aJ5Al2H5gjn?799o2mE|`tanK&qE((?NnQ_%av@!X?;@Y
z!}Q~EMgKLNK;ZT`fat+=4j|_}d@QsNA3ML?DKWUwb{gj<_oawFuxvhM-iLbAI_y2h
zZSr!XJlDBMw%iJCOKrFWe6&7n7EHu-dFsSB3`Y#P0A@|f>2$sBXt6)&fIsfU;9QQ9
z*4+z>3$K^n7dcZ5-GVpg>cMNFiLH9ko5IiP&!^Peq6Zgnbn+JJ`Y@CZazJ*xW>Wxs
zb8<zCs$|W=hmA*r^YK_qgERk1OY?S!_xY%A?jHcI431}S9R&15x>J^-fs?Q4g0OP@
z5kByns+1$bV~Y})>cKvE7l;I>1W$u`bjWBT{!F0BWJpPtYW_-aV4H3%z&K_Wx~rZX
z5K&jnuo#)py{5%>@|jQpb%%1Gi49Xq<#RX-_gBlC$rrh*2S!_@JLWsOkV&yJUQF-k
zVwP~AEQw5kXdonwc@j+uiqJf>UoZLQO=SZXL`hZhI)XJBx43d(BAs&oGqOC<g>92B
zfM*mmTFnNEDppJk`E#q^MnOK&b-dZ(`=TdQ?Qm~7tnQi`A$Lu=>MBq<-OgoQG2cDW
zMe|o8*@DTEOR2t!sUs#dpq5y_s@GYZ>o2z!X9ICP;@47%j?GQFEYcP*hNWYB0SrZF
zxw#D8!OMi!P(o0cevt2jYy>npO2{v+dFD6z%8gadQZPy*2V-IL?Sa$+1#E6n)CVhu
zqG?A0*h0V&Aq=v?@wrzA0w?#JrEAM2Xn?XvbiK$^8Xn%(+>~5^g?b$SmK%Gm%I1!?
zI8mny(KZ~e_K+3W=eQo;>kM8~pa=8O{CKmn0w=S)cLh%7`d${AfNb(bJklA20MkTx
z_39r9p<qB>u_YhF?XgF&anJ%qPC=4q`^n<oss+Rqf*HS}4jIH!bvat?5|SbYf06)*
zJf{iSg8;$Qo@W_6t$0)`C8`yc5*Ac03inlTm9m`n`=cA^SN)}Fq4E)FuDVQj=oV@}
zXxp8OTu`Qga(U+CeG<2JeJsMEpV@FyKn*PTgTf5RfkP^+dPYEfHp~9iVr$vAUM|c2
zO_uV5BeLvYCS8{Ot$v*>J5psgzWpNmMpyv7Wx}L75uxli7hcdUZEBNqm=F<`T*fG?
zEE}`TzE*6Gjp2uyKbeUfs6t)?leUev`Z8Vh1>6&OPxYmVbm_~?bNj+&Nq}H8b_bXu
zQ2Z4R#y6#T44>7ah)n6%t)gmpx3_}BE7?blU=!d_4F6}VPDL6q`U_4&5s{_UtYF##
zZ5$3yuylAtmFdbU&AKLA4_&JO9N1v*p+r%0Ji*#hgMmxgPFg^&Ygc!@RS;RsC)-b}
z{jPw+WBk#BIp7n}1lUBHzaA^tc<308T3XE?q>#})BBxW~1QfuC_`D|`bcz~!Cf){Q
zj?q@nE6h9I;P8D}V*d5lw?su@Q++ea8W-9cA&r){M&KkO-XjTMsfI#YYf&q366vPe
z{LqYQyquAe^sK<r1YJX(fGR}%RKKcUu~5TDSqt^^V%E)8j0n(NM7k{0lWh7<a7B}w
z&0<3hQ5V=(Fl6|rC~cstmx}6oF++YCsJX2$%eqLeTK3{lv&w_A;ttwgHPUK(5N%f?
z?{f#<S3vRv>C$#l$F|WeDj?w+V|*I|ui|EKI}q}qv}_+pnsXIsOiqG^9)t?Y(&&b*
zA2-AbMj><zm(L}WC|sU907n5%@2HiAJ2merJR37_;}6hi&f^!_V$M<TADSM1qlM8v
z(W%kgC{zpUZw4M682tinaTv}BoJKE?j*Jdhd2A)o%-UD%5r;-*=K8Cd8I5pv^0kzg
z5-hYiQ1xlI`NM;8cI8!($j5mHVIkPE5H1lcVq>&hxF$|>kJW!AUglrsZ%(;CH-FRm
z;s4wCo4&&>(0pj5#ozSgT|n{&;GX{v@i$j;ru^6Vn~&v-|7QMX(Ph@+M22_dZ|)*p
z7U?Khpc9<+S^Uk4od0J2hA>C}H}W@M>+)aC-_&=HldPJ5fxlTc)LQnBF6+qORFN*r
zezIpL%MJql6#nLi-Tnps=7owRfAjIBR$u0;z9jjZeWXiY7M$Cce}TVAr&I9R|5x)j
zBQyTX_?v&vjsr_a{-!&|KcCItc!pRD_0rIe{LLiNWuY3`^qt^}PvvjEn)Rvt&G)C-
z{7vg6R@*MxPUUaHq)XfGj%|Mq{^rBX|8@T6_4m%l-xx%&GHduF{LNw&&g!t~Rqr2~
z_wf6_%HJ%SdLI5}it5vD^Kb8eKK>>KOq|2tq{#P)jv3R}*v28~OEl|B&{vfDGF4&n
z4hKYzl<T#J`wD{|T$-yFZPu~qK$&tDbA&1Gl5ObS_Uq5jwf=R{OE#l-Q;{SFir4<b
zB4)iRA?+wFGhZ$f3Fylr_rw6xd86E_t4>qL&Gvz3W0d_SpQL#lraP3wy}Q@oNQ9l9
zSo}75rwBtj&@TnB_eH+(KpXbE$TzMwA*%d#u*pTXflY3k?;pw@mpI88V&j1F(YOxd
zKe5F<;v>S(aW6u=6A2|m<Rf~B{KR+@n_TZ6J#@Y0u4?&PZzD7MUZOC3Xw2-@qNHcd
zgOQ$fafqU#K}3e|-5;7yQl8<NXWmV$oF&joSr1M+5*=g)9omC`Y;eSyFXA=SA^b!c
zY(|S*;xtnau`%d;+#mgV6Zrum%7gg&v=NwtljK=Bpe&{i*+kCl_y)F}9C7cm0)foR
zjs9L-iI{*1m@A__nlzb@#A)amDzcr1#@h9~$fmXsK|CChRZns%M4xnF`$>k|Z1&{W
z7TnoC9prK2<xI{R#Pq)>!4Ok;PS=Rp#g-%0=43xtJpqP0w1>r(23P<LJHM7T35J`{
zg1i|IcQaH03@0+|o#ndZz@)i@tbsNSw)oeXyvuBD2Z31p>n`<8NBJCgmMeL^96m6|
z8LJ@G?Km_mblb<Av@pw&KghlWtjil&Go_VfsM_j_<@7pG35V^&>t*)gl~bUcU47q*
zen(dq9g9t(a&-;f&k>S?DB&}xgKqz#!0NU}w^L7}-y>bR-_PzoVS3oGv@epYtBvxH
z6Gu@LIv+Ffh=8b3bm16M{5f6W>wHEoQb)P(f{qusgBp&G?7NNLSyCJTv80SjU#JJM
zgEy8SU%bkaFHTLE%j==<u=VT@xGqyKY4^4AF*{k+C_#3}bsJZT(2!qb%18rg5J3y#
z$Dvk`9VG@8p&}>#T=P{4JkU|CDSPj+m(PHXKQs^a6|8MXKY3irvgzt}CpTS3__O1a
zzSIHwhzeO`T^61SeaaC-FNtUm%jIeo5^T1S;7OKx3bH(ajZ2Y}(6^Zc@E5~DFkBFa
zJ}hevddsa#YX5PuwUQNsEC76scUi%?UE%<EuyX)JI+B3FEMV})tL)gS7>tNyjkTL6
zb5{OMq|44msRUfA7PK;0NC3#wK-UCDLU2}I`c?Nrd{bDL0scgK^S<vZ(XYwcjRx9A
z+kJeZKp09uJ}xmUusi!ZXB;PV25!1BY?g7`$E+<L{mL*Nnc2JMv^2$24pz_xOj*zt
zhYf)?^x^2hZD@<jJ3j}!sZY)eZ-~znyzy(n8%<j9RuG4`0)fXYfwwGk-pNkk?UME2
zdO+*J3li{_Wsa7zB<AfpAH4nV#&@^pTi~|+Vhh}E=3T&TA6x(bV0`zd0amvM((P1y
z_e;{H`<L3?|JU$c_)IqD%Fh3@@!i|FzjcD|o?K_)yEC~7_{%j{Nm=0UM{gzJ@BfeI
z_rEuu-&_=&2l4_-2@o(x%zp*fpmPz;m)y9a5Dio|x2*1-LO7o#1>%ZzIm$p~_$Z;n
zKt!Ix%-HPF60r=sN<mEqpNbj9O=wB&2eYaYvB^ql4&S0KUJpCkATFQru1AQf^gye9
zN+EnSrV<|EXS{e|_$tM)MMUt#QC+F6c6M{FEB!)Mj@U!FOJ4CE^cXwJYL26Tp$GxW
z-9;_hLqFx&9catc9(q}&hTVa^_`{9u=5gSwHD9~8%j;_oV^VZ)kDsoS-}|>ldt3ZM
zpgzkjGXFVzcT8K7-<3kq`Pyld-w)<%@9dqgdHG%P-tpIAmAu_}-05#9sFQ++-=)xj
z`P!`qNsWf1xl*F1ln6(&q|m&sj`>>S+m4j<Tq`|2`DNp-jFkL5D?dZNOPBN<o_3~N
zsm|1|x{&J|DCOjP-$?rLzPx4frq#fT#iHX^s*e-B=@KvP-6|OwR;`RA^-FPRP`QcE
zG9%kaE8giLo<+$?uS>b-0TZ#=LzTpR^o<Ryh_`?71`q7;V=7Wk0VRFgqkSt&T6~v#
zj9c=a!~6jKtR$~f-xkEbO{(WO-&m{ceN7fVbl<u%|JnWv_d5&foZX`DVUHe%r{7!^
zho`*~u3W(rA*_Q6mb}wBI_4E`5VrdIWbI<V<0r^~SHTh%u|6Ws3oQAt6@TUan~XP$
zT09|_gNRIM12;uy$cQ()xvTc(^Njd1VgD23ZTGzy9b2|yY&V&V%(6P5PyD2tJS7b%
zu}XGSXEq6EVh|EDWjfk@zdGM^i2Z$_DP6}o6F)=e7`*;6nFyI9ZFTt=2k*P>_vm)Z
zUM@aA&cyue5xXC2er^Q&VlleG`(?})^40+H)Zd<7_4Vf*cs<AW1815R?fVT%6ZRoR
zT>er=fo~tTN;zT$zISABCH7Lb`M6phFer%jmAPtmV|0!09?qK<bok$M#22}Er%ZG+
zbywdjfrBox+am}cmMN~fd>jhJ`QsyOf2u28EAo5!PZjv~JXbK)zqlLiZr4LM$Y~3g
z%pJ)kU8#qvNZnN3gYNZmz$ty?Js|oQ?!4LL?MgMp(O*iNSx{C7b05}?SxHcA(`sk3
zPa>iS=OjxHwOTmeSY$4LEc?T2ubHiI)uZ*ki)94;!J3}n!aVb9C$p&!-toBE%;PF?
zh{V_R<`iePxIcz03N}Jr4(qb~U{}!==89r=w8F%?!o-L%m^lJTO;ZP*EOgPw1?y&&
zqdo0YC{ZLU=zzLy4U|hM_S0y0Ni1a%K#utA#yTv5^3T&%)S8>Dc!;V$s^ww{e<(pj
z0g6jpL~jjN<dv=F+*j|tq<Aa+_m}pX=e=0jt(L5>IvTyUc&A#?czwn7(P_^)q+f_S
z);pe?=RY;iS17KOHNxY=#Z~5NtMhwFretL|mG_E`l4cO#RP7BsSl}$v9&OS?J+{t}
z$>Cs?oE!l)mrg7SnV9i1a}qKQNMKUTbgX-ghSV9M&iIV<wZJkmn{^b(RFe{=8m(rM
zthK^jkuf|bVM(pGI*-NIYn|#6>s2>L!Z~(WGdxn%s&VQ^QZYrTh!aa!rmcQW(Mt2X
ztQ*&n*|d@YbXd3x?A>!=g;-##P999zKIJODReY+|frS<45XCVB0TS1j$=(wdYupy(
zJIQ?~Nna$%_GgHX=ic~u&KXMw_+wmg2xJ)BtjYcWhll@xVJv9<#4v6oDY-_LKR|pu
z1OL<G*@k!0|G;>DvH26@36gZa@ob*{Iq*ZL>(dvX*#Cj?Y})jR@%){nbH@`8fF(HZ
zf%urj!8}*==?dp*wYvp72rj)Bl7#jDX5I<BgXKYCp&;U#Hzh$f-E$%V&}yFJ-SV|!
z8_A~rAle&#p#j9(h`Y~wT1_)0Dpq(eB9hYDv!?6gZ1L6K<?^2$=6!>|qr6-AJIQwg
zf;&)vY{pQZyyD}@?!$kS9Q9s6Kv;*rbj&0%VmpM5TSgR5byNI^18o@#2O#kDU1;nG
z?9F(=NsD^XM!lp}d+1vV*QjCQ&gIJy{z2|GDmg=RcJ?Nb0W#U-Filb7s^B_&*!<Jw
zf*~c6qU>u>`g0EXbW1cxRb#zz*S+<f#V~;m65;O7@mIQ@`3_cCFhmSOxGkYEWfrfk
z;)*KTCH`VsjW`rp^L<-kmYVQ=q^Oxb&4c0&JVkp1>k`&#I;0u2Q+%*^XEf!4()j$-
z?GLm-l<z853?Iq#pE1`TQ`7&B%YSB=_f7te@^0ntBwwrC7hGiCPrww!Y%D>M608(&
z5dKUo#gs=NOis*SI+CEr_dC2132ai-qMz6i?E+iJS|F0XNy65$^pVA>NWO=lK?^eu
zW!V&lR21v_lzCG~4e7c$VvH<+KmsdJX01SU4PzV(JJ4Z?F;XsBuWQqfKq_^u{D|&2
zCODt-(N63&jyGgzk2VxEM84gDq@=Eo#YWWjlaq=>-d-xcJ6cVqoL7SLnPN{N>JLPO
z@^77RU*E6SUm#Mb{k}zeScJc_QnliSh$y!(J;faK1km~JS$w~HiwCti_z>&~wj?#b
zm9pHY7dV}vE&n|)Ys7l5_@F1$W$ATCQ}(XK?`W&%WMU4qog1jq!|yr+?-D3wwI>ty
z2o=j=r=I;rV6R3}ekL+n0`qodf2;_+H)SfWL0w&Sb1;(QX}ml+c*@Cg)p<swlbe$v
zPYCoHu_vt0U<Iqb&%;?Bd;=r@CVi5#V^+#C0d4iN(hH@^OyLi)#^${X@1?ZAMIss3
zzw7kBJK8uEjykhm7azR9CI@5t^|eQ1Q&;4`S$al*XZGuXjp=xp+ezcn{ya%)$_#v{
zxmM(?p;TW=!Natu9^y9MC2bOaN3cnd=YDV?o3rKugmeq?RyiVbSQCqX?Z7X5Z|dj3
z-wEp4fxjyU6a3fmci@7h|M~vR8TVh+pKGsCoaXJ~#bR@s+(k!JNqEfJ<ttcHm%nWU
zOki{IPPm%;E0X9K{!?2$yd*TY)qgU3;b2h3PYG-?x0TuF7FYpuVT0b5?|qZmh~L)4
zb01FkrUsRUmwTI|Ona=+8)4h{h<tIvd|LL!38;q{pP3^LXQxRRiw*pdA{^IFm~|Af
z^AGYE{X?=xwm;$=;XraNyt)L)P2u0Ue)Af}w$*zV#=wYvu^C3#uADq*!22~p%LvGC
zD|AM)8J{~iSr6iybJkoxS<D_|-h)PCpzW;pGQJY(lBQ(X;yAv~d}fL?6_%q$JK@l=
zfOLA-ii0rwCRg?ik^XN&_os&Tt1@hK_a*dsB8QO<^i@poLsYD~|7b%*<R}2kRta~h
zBs3`}#wj+Q@?PP=z`gi*B?FsR0e-x|)_1y%V{(3TbAMPVyV7}O=_qfsbg*|!=@j3-
z=<xWdP^&4FRs`XRQ<BYpU&v$e&WOg3$JmbC$CpjrF8`EKKBpVP?lz8A7VSW$LvP)I
z_JXR5-67|d`0ZPy=IW4ByE>FJP;g~H$QxXArLoI6QeO0CrSVVqiGR2q|Ew$`M*N-(
z?->2Wo5&}OQ^~~?dLw9S*wnf{ms^ZPIL2Yox8Gg#n!9L|pv<b7w1U$h2&?EFPtkGO
zLs1vbC`N!H_c3AtntP^hUavFqaF&O&@(|-829C_FQzsvSGHmy46aC1BN?g>lFcZ;0
zCmTJ+bsf&4ZzE+%p;#)WigNgGs5I!!zCF<4J=TRAUF1MzydEHYP@wJBYA5F~FMXRx
z-|mw;i1ZV06{C|T=uEj|rIzb)JWkXqXC{9<nJCA~9jhd<p7-+10+l*iQd=c;k4i05
zsk0^Zh?WZ?m7=$*L|QQYbinC*TtqBGJdQSID3@)uaw_HXj_@}pk7#R0v|i{3>kIT)
zgYSdNlA~IU#6O!A8h&}?S{~@1Y$Q0JHUUjR3B;ce&|HLc@X?02?10nZUnJ<Jf!(g?
z1|hpr!iT%dY>r=By&fH39+CGP_YUp2zAQpF|Ea-VqzO~va-U5;_z6Tmx|)1Ep<}+j
zoTK8cfrb!wa)^$m$hYicFOsf~^{f6%=X)#Q78ibdUqzR)sUB3_7O`i_rmA2sLHxIR
zOOeMQ?j)whulde{^CqiyT=vYC`1x5|?O-=eFP-9@Dq<g?G^WSa`^@P5$*pDZaSGQH
zA4mK**>yHo=@b_e%YBaclOXrJe}u>JmTEP=pF_^e*~Zc+!CstWWOEar!^f;|2h$w)
zAZrm>${2Wxqn>kQDGLQLCpj)AtE2xm?)0b`iw|;(IJWRhzRd4Zw$LNui^wyH+V^&=
z=QKa*HIqPq%VKG14xX>FpVNsCF%dfw0?X9Q#Fj{S+1kluMh24_h%ME=H;O8_WFQcm
zqCK1|CMTgT<2*#Y`g+b9g2%=7^8SGY8WV=rBbQ-_M0&I<utY@C|G=Nb9lTb+iUWmu
zA*8FU(J_#C@o|yE#RbwbHAj61krmRL+8yM(jTU#&5$&NaG;7JDGqE15G;Dcv{uqyA
zQ!&!wd%H~goh6U%{*)z;j(iD!5GDchZ|xD?ngpC&w3_>vDkh;op2dZL=Q5saub??b
zGGIbtBystKJ(6uqihVhRR@0(hpt=kiwg2nZv3?WB;E17SmI<eUaaIE~uhoRCXShYJ
zb^|j_V}H8xe2v|i+SrYqHulv4G?uR#OG|UofX`|mEsN)8?B_BXn@3~z7-sR97{gTc
zf;W^b%{X2vLrbtIZ&DOiIRpt%JW7UyNn&Yl!xsBW=8HD9n)y}>%$invl6BQq<0g6n
z%9(PYicG@Y%^jTLmWx^snWL@*kQ7O7fFx@*VLpo!bBin^{@Z8fjfXA&D|=I-J^hk0
z6Xz9XdDlc9<&jBiS7FpdW}^f*EI=IA9#HdS!`cG%G7}=JpzYUu%o$V(t1UPKV<|ZM
zH>nm}`p{TLYHTh#p@$YY%J4tZYI~4Eh=oXBemfoCt_YE!1<>KQ8nxPwfH?u({rnPr
zg0uGtbHxV<?&mO%3@q{r*$hPD(b=2k98miPK$2Ldo7Bs>pmvS;HC!yf)Y-h>9tCrR
zy3CBXz^$Ko*5O}CNo{DzP&H$HBInoR0I8C?DQ40F>sKtHoA`G{o)sYOtgQ%PFa=PS
z0ubsXyq}p*OiJV(ftJp``?n+P&dxIOKC&v54WsVpVI(#2MVFCqcAl45^zW&4wg<6X
zz1VYQYu9j2QZ`ZMY+%}GR5H!T%@m~CKgO#~O7QHt`H=maSOQ^&Ql`b;?FINJMSe;a
z72T#{<thYt&RYH=wIVr|eX^n}i(oD1b~+b1;!z#y(j~r-=k(Jz&F-VvcAX0%v-4%V
zHE@CINKWMcPYQI)m}AbasRG>*GVPW?_lxovXhfqI(Q0mI%FyT)4zrYIN~5<6jouD4
zdi*YV^LQ(NKm47;+ch);1ry~CzeQQJe@dZehRs|uyBlp`Gs{^}S3XRXc@3zCth8K}
zCW<`!i^j$b@^Zq5^UD0q1!Z-Mhlv)iff9|U)5*z{X3B?&5-;&Z7t%+B4`;={5Di^}
ze0G|;e1qu9PD#n+){`0u))O6)TEM&8s!}v~$#N%Qtx~GYjEF{0CQY<=T5U6Lkw2;=
zY~naU5jjSZe!?G?Zex-(3V5WTE0Y~XbW64$;<}x@RC2SnVqflIW1=e4PwW=<h2Tfp
z>R$engSDFeWcW``(Q0yeNHQ?ZzIP%MBqh{kXB<*KfgQ!`iMzXL4&pmqy<D5eSqH}H
z3$S&l6OwElnxm5S!q&A4)CkTJIg3yL$iSo%qlktCNyw707a}sJfM9@QK)2wRT(wEX
zNY28{J~t6N1<QEL5>Tp84bFAN8_YF1*1m+2roiZF-$hpC(Sjt4xKgJ5LwCt(?|Z_b
z*=jMg0p3NOHcWd~!vrBsU<D8Y4O=*&RN7VwRy04SeHTZD0Tik2!8}TPT1{_Z#^k_d
z-NGcw+K7`hJGfm6)oUPdByoQvOzhLhpCbRpAL(~<<QXQYhU?%&__aw6(s39f%wjA;
z2s?#H|3E1_KMqh|mwY^t04SzcMKxg0imt3X5;vnUvPgPTFQD;gy_{%@-g1|0x&Kn#
z(X4<-g8gzb6Cm>TsY4iH@u4St`!JqO@S#oRNGaryXv~x~x3xdOGxo@_$VUFG$R9)h
zyVm885y_DF6h{aF0}qQTb_~Rf8_koSs;%&peEL29AYMT8+V0%~tWBVjOsNEJnDgBP
zpa;#X^&Z_WD(=Bn<5q2Io82lEO;;5u`t99?&}vL*#=6q}3lCV^y>v|U-DtOHR<vu>
z8BLGUA8Tbh)9_sLw@--P%SdvepIpNpV=K)(iC7><d-y@wSXR`KP~Xz2it$~cJGKbp
zJ1+CDhgk*$1aFz&+93j3Wi}fT0#5GCR};C{Sh;Cs&<u~2`?bHwML+7>aVl4<nQG<y
z?B5eP1MKhM>LL;Zl3KsLJyGkKH>FLjrk|Db6=&kR_w1a>R!;1>M9u~~=XxvWCm3)<
z2T|<}YZFC&YZrNqO;65cW+LaiD(CsMwA{3a3MjG0S9MSM?O(t5HuvRSUBQ`I`m&?9
z&s}hro{bHNSdsAg7X~Cgue2*xu{cBHu6QLelFRLi3z#1jawRm*^NU1oU;Ddjtr~wY
zI#J`PH>?>@_r<NbrTSY{x6Hrm9y+5x&+qLEzWUAE-IveoLVxJABQ4S@n=3S~N=wx6
zysCj*Crpl&`_CH^xj(gY;T<B6TDgUb6S)uCt-oUBbZt)LeBI9Zz{=VDkHlEq@%GZw
zq7`&y!Lx~vMv|o>C_fes@4awY7(O`7XtAWYH)HiWuJ+kPHR)D05al!luv&RIUT}>H
z1sAZ?=W7@>+ueR)&66+w)E8m+6UCT|<V#tH962V%Yh#}zUkXx-(PkniiB9LQ6!{r3
zs*fW-3J#P=(h?162&Y*4yv$uB#&LBPFne)!sHyj%>TV#O$Zp^JM2rxLT*E4d^(*qG
z$S{JhCmUEfd!3BKtjHCw%^ou^6%IS=D-8&jYDlL~p)MsVv1@~pH+2v{l(WV=`7))x
z6%J1@otP`$uXutzi;u5FCYMv}53lpLD-$Y_)E)8d$0&uKmacL{FGzl?>K6>>DQT)6
zqCO0L8v~qJ|Ai5MxWHAHQ%v2_U09uDiy)v$!eFd&bm$TN?eWeOP)?vZ3sPOe{?f{u
zQ;IO24MV!6F&JxnkpUh1Z_md#P0hzzihg1~o>GbDn~zucGC8J|E1(J!g!In!1iQ+7
z_)AA8&QvFSM<6H6#AI$UtS-}yBhkF%xAuGpYtdFcSmq<GW`p+-^DtUbqu_+-Ugn~|
z5XZCDTu3!-NJmD~>oGDn*r)V(@H6J4q{Do4@7RBPJ}&90=3``M^U?oP=i~2unH&@G
zCwd}t_XK+@cETMvnO-#xFz6Rw58=@~C0o!vxiNXZl<CSY@a@OACL0@^cPqHrs`fX4
zWwd{By?T*ruA(^ztkj#q8(&vfp*@RUtn_&VZv><&>YUlC>L8I-xK(X?^{k2&P6tx@
z0_69r#K<R$2DW%YWsb^{^_AL;_3qFj@pma{_FkxSIh~jvISTmLdw|b<-J(5}Wz}|X
zS1Kxw{$!POySh7*FJ?L23LOpn=lf8PzfS&icq}1SW)dEQJvz*nJ^xSUSo2TOPrze;
zm3TgQoY=8GJvbS*r$j=?AW_2(YI1UM)O>|{)PF{Qvs3%42YbRFdl%Pi^)5lY9Q|Ty
zb>N5Tb$#%o>M0T^thxdsai0!jrB!0*=JKB$>3fHCZx-{fIY#-mtU}cex80RuNX9){
z%-=prt2x24x}F`02tK{)PyY6izNe)8*-^eHB5#xB|HxsqHdGXE<;sibC8-@izFz0d
zbc<n^^kJjBWP=tE0q@im&VH4ls~n{xeY;5XW={2&YP2s>(QMa>@(HohQNBLz!20w`
zw0!Yzt6HMhE0ERst{jM%Kp%)4T#r0D1A+*;)TXr{cXL+tweho5OT0sr$-aLUZ$R#j
zEFU{kDn?Wn{S{F%GDk*kgc)T5Gl~VDF(1|0lFrefYeNd^QurWpclQqPA^!Om3SZvs
zbZiCpbA<ZV4HhWLt<$q^Y*>L&f2ha(Dy3)L^sIC1JNG@(y<`2jLs+=ff*B(mO}Ty^
z`8kzOLumDB`1UI_o`CNT{w70R-2W;v*%Jg-QKFCr=1|?BfCQ`fV6^8-PSecDA+1Jo
zz=8Rr{HKO#HBfMxu1LpMt@={`sY`rcMCZSFl*7#5BJ7R#0`;11_E4{yx?37tQkdrb
z6Q6aF&z_Xe9;eFkQI5jhrE`6c+TZMGRaMlg*9>!`dbRFvR!L6tZ+6lxteZ;eV*bWX
zlDN>(i;54H8>Z_eI+^BrQT~GCdq=K<ncx;pi7Sy+!4a%Gw>z>ABQ8njF(C0nl)sc{
zkBo!S0rOX)su@)v@g8L&Ji)=r&cQ)BI_?}*dWrYq(qZ1WBy(DwlSq_}j%bQ`BJqAg
zzVynHebo!uPV*)?w6&+q_RVU1w@(vwnUbezYun8CtkhYdX|4W-?9y)BD}lONo7$qn
zg@vZJ`ZpH%*FR-vY}KZ=*6(#@ZJAb=qgtg08ERmW>zIM$9u!GRfuE~FYb0R29=eIS
ze@_dD#GM|MPf}B_)qczz&CpgCUdeQxHm_5C(Q3p*N0q{$5?O$Bv((OdIiBT|tUSpY
zWM@4^R)w~D>_F-|Yj(F&|D9A90?<~M|7B}<%;2kxFT6MByh9AXo0Yv$nTdp4t^N%K
z{&0K(Ht?mkdIPb9vbVTG)2Ve+fy>`yWmEHZCP-VoJ{xAVvFrRm+fp?-3on&bip)jQ
zVdDq2a;)(sYK;XlA{R>T-`cJwvM6=~+yY=W4-}DLz1z_kX(vz(paFn@DoZ|4y1Y>U
z%`kY(p(&;dae5k=nArhe*z{y>S4B_W8Q2Lu*`N~7M^B=BnOt7tX?-R=*<SML_~Cil
z>jXc{7C%UMrkzSF_Xj{;=o6cG;5<>JVRps+#PClIHCwgXpOZ}hVJ+}89>m(jcw0Bd
z7Dg{Zhcr+MbLEUDNC-lLSwg=LYJqQ4P<Ftj;=<)9o#)#|a`l_jKqHqr%x$k`W8mT`
zOqauAcZ#}JL*FA>z%O8=tu58eXDI@vsS-Pw4A*K<ky(AaWM!H^w6d;~ET?NVwkBrv
zRaVwwE2~tpy0}(5C2N$G^;IitkYsgrt!AT`)qSk2>0}|@cdhQ~^1lNZPe%}350vGM
z3Vq3jOaDo>>{dWho4Qe3-HxFd61yC>nb8iAGSWGv>7gon7h~1ltqk*C`C{sJZS~3Q
z&3urKRE^;!Kgjru4>GhGG3ZHt;QWjaoZbhMg}Z!4;V$0U$--Sfqi|R6VB$tIOiyX%
zdFEt8_GWizIL1GX>F&_jfnt+W^p<%yLSHOlj<_A~=s`l^OdP2NwzA1&;zyZ3e+_Pq
zWF}t^?21L!s2st(IEare<eC=awaDX=Xv3Mjuax(-OiY?Z0wC=@1vnq8kM>npA2rI}
zJ*4*TmF!(8YzMQW<o24sGV(x1hy7;n-^V2Mc&NuORE*Jc&TEEBJm3Bu*0H|Nv45Md
z`1JkzZQAQ(|DsqQs_as_BHoj2bQ<CKN`L7vwS6IIC8qd4G|KipDsprD;sgKWfp}hQ
zQso*L9RMRVc%HZdR~lS(KG_56BUF80E9Ka{!#tsHvUj!GCz)(AysadpYikje2iklH
zR7fsegno$~3?<B{<b3oz{AcMfmN#Y|Zjmjl)m%?)q>jCu)U)OeJ9R3luFwondvk(d
zYzFN^_s)m$vo>PNF<5ynV`c`P7R$n{$TUczjql+{RenUm;M1ipbV&<{WF1219G0MS
zbL>vMM9-m<7byx@AY^WWog?v6B_~M$3+x<&oaAu2*{Ri}CJ5bnH6ke3dR%nFdlUsM
z2wi2P2Y)-bWP?HuNFO(b_hO!iXL9J;)-uRk8D!4FHVTDI{fM9KnCiJg_b13;9KnF2
z&T3Q7vcXQUGF`R5)n~V4x4N>ME=fC`mNqHvO~z3BoZ<{BV29eYz+Z$j5Gb*{v;2!M
z%JgZqzaW)L7GHz`{#tAS;Rej&W^479lP43AEy-$%`q?>m+BrnVvU!9vP4bN}CAnIS
z+*!k<Cz*@gDp#u+O-Aa<w=j(6|GJ5?XTb<B+bgrMtUc{*nTD+ZtF=JqS%>TvS9o7H
zSE#h>vgWkH$4_4s8avn=&`$;dZ}2jREhkb3?lHoF@Gk@HeHYH*FmQM{yZ7rkmH>8D
zrodn10Sc|kQjhn^V~%>fT^_rs#~b9ahkBePkJ;+6Tpqit#}Xc;`EnGtKfaJ7cyD<_
zOW-MbSJL_>d!=@O3sJnq3A@%Y%rsCUW}<=w8ae6<T0FqE7qob~I!pFEXmQ9VSQ^fg
zk-N`!u=lp{VeJ{D)1e+c^E%;Y+9hZpN2$)`R|7iM_c`$4U1L5SA4X`eb9|WRGPZ%l
z2oadRu(w#>K34DYf9!A-G)5LW)xn2jfkJ%c*r_|c_Y&;!EN9vQ{%|Xpl5JTvOURcp
z6cxG9o7FR5h@3-wM>vc+9fN%)Sj1D1Zfq28{p2DajxBdWxy0PHt@>r5X->1fL1-Fy
z3GU_3E>u;gKy+dtJ^=f*Y5vl&L%f`Pn^+6vQ(O=dSx3H@wh5+M#WP$~bol&f&Cany
zz-3M8sq{)N{a}Q0%S=>Z>g9ZZg=;=;|KPj3>2w3Sb3nk~K18cM$OA0b@Zo_ogSFbj
zyiq1yLZk#dY{F?PoWpYp1cOU>P1lNh@-xb??M7wR#~hO!hE_9>Y}h=B8jXNd3p~L)
z7S(;s97+j_7b8P5IhKX@zydTlLX{x1*Fa{CPg&>=EVfOXx&<t=-<93yT6QKatyfyr
zFsiE_k{qE-VZI4tFT7t*#aSY1jYLLJziRnX9$YJi=Sx4$M^rhV5$Q#$f<MknV<TS^
z)IHG8Xwxvl@84*3QH-i9izIj}Cn=UkTRx6*Ou<+qB4>~GJ1lE$fBQXniBaLy6`sNA
z{=K{X?Q^u+Tst8{B@EDNv0F-e9;ixtwlp%1Otl)*Ia|o2hV)i{d$#uQ6}+=j%nYv!
z7fcIz{wVY40Hc(LhU>0CV{3dSE|Hli024a%ovo$W3;V_ge;|5!a(<-HrLGmueAPm?
zsy{~ibA%l`L;wodu;}4iU=J)IIpK^&5#%ZQsGMndx3@xM9*0#(pLlU~ANmD+=TF3D
ztkLb*6?uXW-NvrSkNHg*z3)PKu}AL9wnjZUI+dw(YRd(xm_eB*mv3hBvr3;U`PppW
zSb1?;v*)|?c}z~yo*e=VIj7b28Ou$zTCGw|I9`#VNGEzpX9BS<+VT)(Enqscz&owX
zf96}h2b1m0_1%|jXO{2l$#&-Wu9cTAcBAg+v8+jZ_KQ&?`SDcW<;jn)@eN6SJloel
z_2V4t<HsXzc!|W6N4UX~sXpRo97M2TKBKv8dBFx^MduX6$esYxrpBP>kUEx9(GTE1
zPqlT1Z~Kx8zP*@0ub+@dW~;>W;oGM>)|ZqA5nT5Q5i-?;nFLSpGUb$0&$H$H;ViUn
zfvYS!P`s02^t1gpg@|C3C}%olx>>QJRQx|;=K8Q~D<A$JG3EaeQ~n>ZNxoaJ3c+Xv
zvE{_|gOkAU;*<le7-l-!#RX@U!(Tc97o5%Bs1y_z9IUhVi?MTi#=_wqqC;P5n3(q3
zPB`ni{YiW19%dhm-9zaqx10E&Cp<HgUNec?29<nx$B0j-C;bT?nWQJzSQ1yPG1$|%
zCxm+Z7z!_vPfViAF!gJd0wQbuCv9Ub28SWcbxU<QHpBR{56^@~%<GYMyrIkoo44P;
z-cdJi_-TlQ!+$bkA+f4js&=fHS9p4br|?WU4`<6)%qc`Z>AN8Mo0Uq+y0dr#Yp@j}
z{_on_o#FR-YilFn4|1}1G4Z^1<!58|j_io>3O?yB;}w^9a-VeizBsimKXZEByiCW`
zI!|Uga@mZC_`fF62l4G^lbN6CKgsb`c;xv=mvhuN6h|7no=$4Z`;x;2ePW2$jmN2V
zIsK5SIwEJlXCgoq9zqFF2?>y_9eHJB7@^yfDGB}8#|oY|NeIYu^<U4c#Ph-PPQFa3
zuM>EdBeEwrL3!K!k>><FtBYhRi_R#grUX1Ie=>F`r<~tXx?)A4!1HPIqqT8(KCR&S
zw1Vf;%AcuC{F%l8ow{ScoJ+-*sfLeb;WsMF-J~xQ492;>Ol{n^Y56im12*733UWg)
zGw$=cB8eALSa~7U7uX8e^TGQw!#*9}pVCs`J@UXmJIrtV{CiBT*DomgiS;s6;`!EV
zSjYN42fz2iXY}{msr^l^Kj+^(?0R#QIGeydutiMfMM+pu`~dt1D$X<gwTJwy7HV7T
z(2AIVMIW9oG*(EePMP7}TlqWDd&3NE?LA{1kj&VNiVYbi<nx$%_D#aYZQ{cIkm*KU
zX(ZDAEe##$uftV?RePa|cS=ha8qjzB`9T68X=!~VTMJaNk028{oJ2%yq`1AKWV^BM
z)c+nY8=cA7DQB!BvY#whsA65YVopl2hzh&3X^k$UaYo(nu|gx&Da#WapE_a@+6!#M
z&1wM=$yP9y;V~+bZe>fiv|l$=?T`@-vPO4_>#qfTQT;o{ls{Yq*jZM_MJc`doebN%
zjlaXan<KZ$P)<!;I7Dv!>@W+-PqgLYFBzG|pJZaBj8_p7^biUPm&`fQV~ke5^{E6h
zIi$$Wqn*L$$43-=F6q$;eBPxJ&j+8uj`e*G_}o(T>HFy`w3nnGsSY{B*uO%lU1q?f
z$Kezn0TV3%H+rGycMQU3?c#cF0+8hpe@)nbQB{-!B6{dS2hy9GAF+<uT2u@?8snzp
z1aVXF=D|>Sd7Ts%LLK@xi+@xL+$ae~J1bgV8guT#B598-{nwoj>5e0@J(Q_NAX%Do
znXe`CRmvtS)k7|&^jRg@gM3eM?#XeC@I4{F=_7nU7EPPT;N%JurO$+u#_;)~vWw~5
z5cDA>C$!~lWWwVNPwG{!&_grm8n#8v)%RH43hBH2?fn<Nfh2_Ub5M8ei0!3BbrUU@
zUgldD*+MPocW2R`qt()%Qma3uc7IB({xs8{GmPHpTIGOh9*->NyM%p(q(Hp6=B2n^
z=JID`M&48N6^=c}?Xy-U5NNz6`HLmLLFG4}lYa(!d~4)C?7Y;9=>U1<ksx_QS18^Y
zuawl05ue=}Ektp0jQ2O)^*7aD%C3@SuC1ip%Cf9uTCJS6L@D<WR~5xX@m}*7-2zmi
z*#w8w9@<E<D7uPvc^vOy+P8Lu%HD52@>h<Y9Gr^8u{Wfr6Gc)0qIv_fmp{U{UKVw-
z@9&YPDR1$26)@g4%8rO?@D`wz{pJk2nx(25sp44mLsG>k`+k~R6Z6YiRaJ2%U6Kx-
zYhR)I`vukCj}Qmj{gsByy??Pf+drih1YES@+W@zeE@lVEBJYTiA&d-)h{#r+QAUI2
zxxYHfQ)S7=)xDTxK_|oG=!AH8;<B67dJfmE_Ddv4to9_h$N7^d4=8-{Cy82lE`Rc4
zm3TgUGO=TQ%AUx>g$BV1;;$6*PJp9}_D#%}8z&&~^C{Wv&0`-pyW9SBPVuKhI}Q_w
z%)4El@Rh@%dZO}`ThEE8rLqVw^uIH8XuvIBx$bV!$p{9<i!Fom9#^C`X@TF7AiikE
z8^-4HqBq33?8J7rV^d`j!B{@b@D33hObkiinU6o$YUgA`P8_wNDB^v@aU1`*-R`0t
z+`a)Tcp1P*?Pz(#M{bL!XantV)pk<`d_DZ`yz%(QO&0&S@%YD07XP^M_{U8a|G4pW
z`FPVc;~&@V+ZNfQx`p9Mo3<Q@Tv|l*kCyMu9(TyKM~q9uhw*%Cb{J;^`;wk--?=)J
z{{=dSU)qOwzU`KXPd5LBJ6gs{oZ2!T$8*h@A?|A#xstd_64BxGD$n3hP3mY#ZI#qL
zDz!|d&X&|8xU<Qp<r%lCMA{Mmw`S%4c3k}5-emOnzrCaU-*T1z8yBFa_`fxY|67X>
zgZ2rGPpKX<5aguCZNp}TO1niCz&$5nPr)OHyy1nPPG7!_i&28UL|)n78T@__QSiHf
zqMv}@uc*ZH!S4ed>$9z?hGLgs`4_Iv>FRG6L+p0tUnf$rW--KW(`9fH4@~{W*Msr&
z`Hb-tbr{bndY+t<_<rnbjpyRd#*_W2<9WJceOQIrLmJ3-Dz0bG<scdx?EQia2pNkt
zATv6Y4MQlX>WiYic_I^;NZ9Sbtfsv>d)kVeEI#sGKphzWs^!gPd3!ShZcLiivPUfW
zliT<R7qB`V)#?PX7TdxG%fUXS-r**ak<_s(`clexnXg|C{*3kS%KFEn+Rk2wy<?iW
zEy{Wadpz_?4un6P%bM%KaejFV_FX1F1jGFnIPF!jUoqd1FeS$B8zYaH$w+-xjfslw
z1~9<FAP16xB|f$~y~UQu|1O5yejl_8E1N?N*nTCy!Xa;A*Rs0FOoVv&<)+;)RyIbP
z<<?g<GHmwFIa1eEd@OPbr{wtSraR=htM!~-=KpX?nSZmttZqrhDkoK7R-9J#MGEKa
zvA(iPI#NoeugYkkik$kot|_UGRq5D+fpG^}9a-4lXuBk>Ef!N+5N~(s=>V&zdf;S6
zRnGk8u7}q(O;3M`>i&23IfbDsgL)tLA~n!p2{tTps(!Tu_UxHd&#L<}U8~ZeCL;}!
zj!fEPC*i9c9Y8p|W$i~u(H>jBMx>IiH6oxa*UIZxiEQDoZf$KVj-CtufK6Wd;t}kF
zRt2?5SXB53XuZ<Ex8C3G_bpc>0pHMQxls=S@>5^hHEbw#Iib6xbz#1zXuY>Tkzg~C
z>RwP$vvtu02oaD&cGcEq+}N-NbQim^q1@OK*t=(0dp)1~vRr>o7yt5cD)q>+_C0ng
zqUD{@fhyG=iHpc<O4R6j-X6+^3Y>=)F_H}&yQ}VX`P<VM55^Q_hceKO_x}RB|A_J-
zn<cONq7^k8mbhFYw?oaz>n2CP4dsJcpLNV%X*3{DK@*4Lc`l?dGq7h$_M3=owAF8w
zys~&N)3m|uXkkP*HrPW;^$?E7Uz)uvc2;0N3o(A==Zwg@*wZ+(EY_odQTKDHxmF^I
zC1f{eNOJUk92V4-ozIW;3dOEBNBkJO2r;RwmkX||=W<Nj`2Fm(`GG~<FmcuXmiD_0
zZy64z=*xYD!hZ)#pEmP;key~YpOzB<T%+$m^y1{AO8%XXb<7tzv1KtW;RKNNrP%aI
z`4%bPY!-L;%)3FdCeaysLHp_6f2dyUk>sw{7vJM2`f9Rq&NnIN^<@WyFW~}daqu4R
z364_N{BQ!4018Y;TH3mL{+RvW6KvI>cab+Mtgsbem{J55OVcN%0pRQ855eM~Ll0!d
zZ+9|#JOxk5l|mAhK|Ydb?{dN-Dp52`=1b|0gBK+D2T#enRj07j^c3yWYBr${z{!5N
zwz@=x#}TP?-S34Ncf1^k#k@^{7+#{kqtpv|(l_Fim6<0M=i4YthKFdsg-_^#GY%{E
zo;KYCsAnZ7Wd2IGu_VjgJY9^!)683bC#&6+!#oZ^5}G==#B^s6V4jL$eovZ@{0Cu4
z93&v7P*>B5&s4DdXJzpC<0c8ZT{u#yIYD!%InnldFUA&X;Wz3KBDmHGRf-NwHqUy@
zXRdQVd*y{aUvi1!3DKEqd3qaO{&e7oc*!gmVTEU+7j^IQt9Yb`N0g_Jc=(ja8C5=t
zh%ufKo+N$@RpY~v-u?|o>O6%xMmQYF@$a4D-{9x9hrD)8y!KR>zr0X$trIjA^-oeL
ze~5gtVNd+?WceO;`JRzVT9cYK)JrKlxrb{V%aInjf=pRoqb-3gHNln##TRRKgu7B=
zl4WDf{;pLSR@S)4epx>Z!?>H3Cn?m%CCwb<aEG#xsKTd$NvTV#eSuP-AXDdnw)~I0
zD1<r=OmRdB98;&e4ApUdk^jAV|0%y}gY%O#Cuenbs<O9!<SwZrq&wCMmV5mW$f;$}
ziL%w{3ZI1*#0Y)!URShdXFQG%X=U-Gw7`c`vUihmh^x;^UR%7A)OuCD1*cl=9IA};
zm6jM7k}(!bHhmFnY+IhsC8^`};6(G#lcK7WEg0m~(OnPfJmD*kfwkUDZy+NC3k=>v
z0l5-S1WJ*5{%{~vPGf`_$ha>T(9d(1H2IDZ2IGDlrR>VL{8pXstl$T-DHDAWCE_vf
z<q{REgY>GLofe#;I}YnXLegH7Yd-QDs>ryT78>&S#J5*EOYerJbW1!p*y(yn)Qdf*
z9((|8OM_`%AVVwJ<>USYJk%s)B)Ik-Zt+_|ban~6x9nv>M=2(K;O_WPeSe6)Ee>0P
zitW*RM_SEL4K4LcwDYudG0~3I#HBQWoY!2s>|A#1)g(Tg?M}H11J{##iHm=bBYo%h
z5O|1z^6)S=w2J7<LdspC+B543#g3?e%WbC~O^pQKQmIWlg6K&%N(;T0RB|YMSezlT
z1V%X{#-JcCZpHW$k;C1_%Y>(~FUGisD<(sw2RQHD&&}(E>qphR_y8EI{D6hB{_tx-
zS<VB{%LCTB@8V{IU>}H)U#fL!xfRe?uKnb`$u@3`XycAT)7@NQO0GLpX}YmVCN%4I
zR8V^GhODSlzV;a0#x|81sNyyXS;)kBBEFu}q+yw7^j2QH_YYenEG`6(JjYNvCN-Fc
zZ&Np9JXwD@X1@1xbv1+@>~hyS;g5m;E_d)`j80Kt2>f($OMWmdwntdv<a!}*)+^;A
zkIhK(gmm@F1efLsjuoVu&y?~rREB92w5&AH?8UHj$d&Gur31&a%?L=bu7y(O=(jCG
zC*dx|Hyo1HY@T|@!6uN)`|=AVaDN}U&F%;9N^H}^<|e*y2lER94}e)}1}Jdo^5eDi
zHy|d!BGzF5D@h29cWU4JDeuRp>4XwuOXxyGWVUZ4j9lN<vya4(i2)!xU^}}0N(9|Y
z79d^bib`Z*hs}m3)b91(04a8(%scL~>IqX%Sk>c}dKOTRIF}lSsAipf6B@UMtF_5G
z_VD4D!tu`!p&xF8m^~5mXCPwAn_gA4%Xcc|^K!<|+~taUi8VEScXl#0dv<j)H4p5y
zrsg@mNK8$wc<d?3Yabp|hyfw6<E_fq5U*Sq4CZ}wV%`I)@_WSP7b9Vr`Mxp@`F8bl
zRQ2RoQ~#1R(-*%KpL*pZ8|>1T1U2;{XFSi;OJtDb)CV6|Q-3ef9hD}4Hg%Fjig%-$
zdJp$Bc0Ttf|KqUCr8W1{<fG8I(h@cI3m=Nl{gv^#KWY{TL16CNeo4^|aWNV!7l)+^
z9W=Yyknqkr)lH@zA^fAw_fDKa9;)U{0;WCs^)m!s<<L1mrXbiipC3s-t*U5>VqM(C
z^^&6<zVYzvQ{A9w!6H_mED_MvJ|Z0hmfg+HLLM10i4vSZFlWVLmI%aMX71c^3MXXm
zTB&@LRDNzv-WQ_NqnAYq2FN`~>Cpng*$nd6eD}$+k3_kbz3CI_miK{tHhi~$({A%N
z^?AqM)qD*mLoze%LQ^Otz5U?>r{ea9qLtF2VVpxTHr$fj^6^p1W>=mxNEyr}xZJZ6
zc_K!UAMlU*eklO>xhj}+P6e;(!Rbf?X5?zQT|rO^O?B06eiN)rD3uusMQOR+v|h95
z>QpH{RO^+lH&0b4UhWS!X0S14fFi#HzPgUzZ&7MtnH)}gfv0oP5|H80dbtFDQyR3N
zM)f)kg8b8x{*5X4bJ>9`wHdk49xL(FVvA7wm`b^g(2SvPQKP3&U*V$mtMh75RFxm~
z1c!J^zFwf!+$!Zle<`dJKr#MM=vTjU3KzN2#@gqI0<8!f0*sBu_-P8KsT%t77#D8K
z{lWa1P1b#qr5nQwE9F{LBCB{LfPklPw)q?(p@mVpRnSK5kEMR#Z?@p2*}MRrF>WZT
ze8Ymv0$wYPvtHPxQRa9_gdo)(#9m&w4Ta2-ALWtnf3Z;fUP01d;fGTQdao1ap_|2;
zL58RY?LonQVUBePkQQA4zb>WT+<uD2gz#xKcaTvT97&jl(SoCT>&^9~#E$4%xB{T5
z_g?HeK0VjrWfLzcFn__9(HD~(sn9nLP{v{I=Mn67i1?FM`5#6%i64gE<iHC?)+1Og
zh@SABjK^)5W&>Qma9>E*>%HHEmW<YopIPg{tT7MpRtnsNn>7AXxKiefm9msq-z|Jx
z-l>d{ay@`<JZhyFHHE(;N7y<ZS4pAZRH)%xVjFDp_0<QpM(1NlQ^?I3vapdqGkaJz
zSA9u>3S{pmKxKh<O7T|x1gFZ@=tSwE?q4Lbxm&Y*&Ze?lYd9%Y=%E)?x6N<e1e2V_
z>7jV*iH|YsFmjsI0Js*RMwNiiDb$1ZP?~Ghkmw+!Ob9j$CS!BMRI=bT>P2$(;Lp_1
zgpRPktns;_aRtFg)c{>^0BRP?-OL9?xcSx|Zx<QwAQ>MDj>P!7CC1k^-qlj8tEfWM
zyfDadClPF-9^?+LHlF5lO^N^K;CXI+=b92ZuBu1?$QxqZh|Zaqz;1XB4g=i18_jXg
zbB$bsbX~1m%3!73l=xt|o#*>hE_Zch@P#xMv>Us?ZY=x(jDBXkEwo9}95}mxE?y^H
zydnvXavr4$-L9hbXP>*jwaAvFznpGTHrq~#t_~d1&FEjPZqB2iwDCUgGAH-gZFJU6
ziCequWkFIYrvl;0{`Ot#da-BtwT}e1%I=%x2|maS-^5nj=^dQ16<JYCqX<UAv17N|
zYrD<mL~}S^!PX@D&4UGI#_I}cn5VW14LO5o$oJ>YFwRc$C0#I%pqqi_21$YJ6Hc*H
zbn}#|@r3E{Nx5dTJ!tj*D8H%v?6L#Gg~oTH0)6O4FXFB)F1)jOMuCMYy@iXo9*owB
zr*eC?=xbhvgZHpm)y_7)s~{$d5Yta>>^lx`kE%V5RK>h#A8i9wlBWj;s9FY63+iM7
zKxwt3<vCDZ*eB*2V%~=+#XS)oK@0VkboMgVO=QMPr;{pJN7WXZ2A;98$7px(L8cs4
zW~tx@loMOb#Bpe@KBxtin$BJK#4dQ@a{C`!O~T9SgSHSfPA+XAz^v|gMPH-Y|MWo(
z`WlD*kFyqMuIP9!MsqCehOMn}bWk`tXr<V*m7G|}j^g)hRjzS_EqWpu-_I@hHt1{t
z9<-WYs###~gUID99XOR<T_76a=r`i$of030^BaXp4sw$gFtz}U&1GmuydNN#sp2#M
zS~#iDo+fAkjXGl87H=yyrqZx_X^4*RP~Ue_>O(UbuWwMBe7Uc~e$<06D(q!8U;-vg
zvh;g``raZ?{s-}|FR`=`_o7$8tXvOOvgNpE#n5DR>KPd^Jbjl%1`?($wRX<;N)ew@
zN~@7rZJ4WgicsR8$?}1d%G&e*C|s+VLe}wV1$kP{HYpT%KoU3d*n#3}MWAVr?Py5#
zc-n@{loyu4h3L&?x$3?4pd0~i^`Z=ks@o=&1RJtRXwe4k;g3`g4x5h?>RfS;&=5J4
zz?3-Ol!w_Y#FAc+Vs(@He)9yEpK|}694RRHq51Ft8ifi%6g+Iy3=jC7Ejt=qG+x2n
z6OUW}^b_x@kjg>lcKz<H^Yx-FL{~O+qqN1ir$w%-M+ey=7_Fs1I*x8q1|mri&Dk6s
zTM7ih4b@{XQT%GPKcSeQL7G-{D1HJJ8#GHuKuB|KxrVu|h+A$IsZX6mc~5>5XvmW3
z<4?*r=?k|>ygN_uH)@}IpmstTw3_#k+L4n^5FVb^%qKA-kqGVmZ*@-qd_MDwpbMr7
z<mGk{;I>VFJ~<J4aZL8m=PY(rS9j2}D^0(<VSc4?+FkTA3g+J+6*#I+&f;5ie5wG!
z9-b7#DlqxFdif5t1%@g3WmL>>APqi=Jme_S$}Cs#Lfv?=aE(k)$s5{33x$0NmEsWf
zq9VecP$A`B&IKODBl!CGet~6|6$$le5yYt2%^=UH!Y*NPTR<`!yaUvUNFoD1(hUh_
z|0IaRUqRAGOICvb72_K%ED86|G+Ioo_)Zobbe{|9mxH!suBAa0qFv6dE)GyKZlOr-
z0DKtJe_95_i~?ZgjGMs`ELUQ~xdL5Lyxf-D1whle8$m=THwk*b51aH(Ho|U^?7|lQ
z@D*!c1Ny*s>PDaj*$7|;pnt!4Xk|9?X)wO3axtaZ0Dz+KfJMyUdOdtHLqU3AJq(@j
z^sRb^5Hkr>CV>KE`{-~d_J@*1{!rmTN3)~GN2`*vEAm~;7Rb7u4e1*Ir$obd>LKe~
zV2&<?m&2X)AOQgw#S@G|f*($lsSI9-GRS3IsFysdfI@pn1uTX=vv^KAP?j4x%L!Rz
zB5nE$Nl1-v*)96r8`-j(0g!bbqp-#Be%>t$fg9?;+=qDocIUO)8`vHZIM5X3w~P<*
z&4xe3g$nD{Vt1)0Au!&deeYS`*G=G$c?lDrASvK1Ew{_$yAQ`ONw|#1BI~h$$DY<B
z=fN(=z99wDT+f$CHB1T{V%)#|N)Gsaw}1ag?D^p&xs7_W?SPmUoiJO!hdQU5OGTb6
z6f+#adFbce(#hTI4wml{wF+B$F_;WCrT`dh$urZ4;ANqJb1PQJ%>pBg!iz9B*w_)0
zBt$=^C@1x0Cts!4+VUC+#1&lBW<I?E<i>>Owngq!X$nFfEv%RE!jatF1BCSuFBUrN
z49C^x^WmDy)d%cAk@uFy@q^$`T{QvLL>vk13$SzV&@dn$X<Z=P23wJ#p8%0S_Srok
z?@~m0G4BOtPrmF3&q^iOOvFl&Zyatp6^p#Ui&T0iyr?i}DZHrg`gx9Z1*Dp<1Ko;X
zlp#ASV+Y9|>e2UUft|QPfF^Ijz6DS510#6rt4s~}sm$Dt*O~S7Do@b~(Sgys6p2*a
zt&j=frTz|#MBd;}^s9DynG9pNU=ZD$N@p!;3!6}7OtvzLBx4Msm<#1AcH<D)jTcC2
zezc$Xq9IggRZRaSf^JTj*MGyJyF!v=gD_!2Mq$?0C3hh~@80$<Rn+tD_45gp%4NKs
zP${7=hp*P*=G_^iEW*oYCq7J+D++UAwBe?JCu8{Q?vjIE&WP59L-;d3m}frFEb!7e
z6zb<5mZ?uVqKTH;jW`~`HGw7%`Zg<CsXC@^ws=!c97ENFix3|AT7|pAMEoUfvTBVX
zPFC%2tfDqq_4W`F>g%P*XS7Qa)(GC<9V?Z+-z42?paXCJD=_BEm#LNI^I6Ez8~{?3
zNj`SxshIhQ)M^*-?lza&uXmas54K9ZMk(78#QI5*-vkbfcUw-v!TXWaAM+HUI0a#Q
z=ff1kxDnAX&bWDnI477a#jU}kF>N+Kw$pnDR<BCa0bzVNCdHAf4Q!-)Y^9LX)D4LR
zF2qE3klT1QI)Q4CEmfqUOo&&5G(~-CRR#YNHYZuJD20q2@gSqzfC^X`wV@INsf?+3
zPpzx*Htu&?&2NBicMxq(6_owBcQ0a3T5OFDi|=>wt&WK*&~Xr6rZ`r6uuS_=v#z;;
z;jw4sn-Sci2umOH{zDHgD9~1aGcC|aG<ZG?#2mhL(N|J8JoLI%tFhu}&*rPGc)|ql
zEAUUg%!k(;J{b>7tQt?~zR|G2Wzc&uDOIeUyW~LiMU}=_uF`#(*}sjgV(eu!BC{GA
z;VOF;mdv7mlBP&|XqrQRfn@mypWCWETqAWAAt;IH;r0w>pZJH3a%FI0sWd|E>)N#a
zvTH99+2v@xWSjP|Xq{o64hqbh-)WHDO4wR*)s?_3m&)P3-%7&^9~a8sl|@Nz28NYc
z(oc?r#>d>j%f>fftdr=&M-=}sT(Rxe3Nw>xBtp7RnEPl0&4dt#f`~_*K7b!MJs<%9
zFe*7~%*{O)uA;Nf1(BENc-r5kGXh@q>!s%$Un}^$f_^$pexXP^g{S#YG52qoU!aF>
z$J>?0?aZ)=Say6020pg|>l}0k6${)3!hAA1*~Q8P>i?_klq|C+<BC2dJkOk~lxnKm
zZ&6LL@L=OfXP@M`l;>#wXg?+TN4Nl7v5|!e8H*&mDJL?Un&5OTRsLPIz1zItcC~Xm
z?APmcLUIHb(5ZV0XTx@Szr#6~JE-MLUGboOr0&@%N3M2Q`2;u&R5L7%vvo%^i}0og
zy>}yvbcfGopz_ro-Y5qP_S$XXQ#dT=u&}DHA}3_`j+R*=B`-QfszSEVJVWhW>LL7y
zR#VC6c69<3YWx0xE(kR&cC&r!)#q|25R%$x-bw+IEbujBI;wL)#%!%7L&^tzM5|qr
zrO0WUT5p9r?kOyj(*VZOa%EjP{NV-;4?haKHTU7lVCiPcdrK>W_YOt1DDFMljMrsT
z=5pV5fpGCRJ*1q1xMP$8-u2qQ*Q088)MM)r{i~`^jP;dKIiesc*^R%YTbufZI=T3z
zA3+}#eQ5Sk6?yMlRIP`6Z0-lk)V40uYIX_J4Ne{{(4MQjNCyJ8Zo>!DFXM#i0ubdF
zB|b&u4+Ki$g88n9MA;ol471X0Y>Mn6DUQGB()}SpAZ6AUTFndOGS|^dt@$7t`Bv~-
zljC@xDOS7{;rEZY2FV@PgE?E|u!GwBOA1kKLkj?UyCTrE-S-AeGT6!&j=q*`+n$dj
zTFrH8$Lf5xLGat`0{;Ys-`c@%6D2Q+-_q6S?PC(b7fmhjj9NbCs9vE40Lg+O;Twb)
zM9zpFOIQT1@lZ434xh<z<M?t8zLUD$MVsZg5{_lK!!aD6o6(fFB>)_JN5Zs|3T)Qe
zV1q0N7;|%Kd{|DLSA|N?kdtOETPwR9#0MHmoc8k~qQ{a6F2F}j`Uh@lQrkoB)ar<U
zAD}w6p~phN^jbWz=}<=mOo#TfKdc+mq%XN{LBhJ#7Yhl0{E~G-qc0q{C=&TS-GJsu
z=VsbH=FokW;XTL*oCg&SbeJr*>f;hl$6)16i1N&$fS}}vU;-vw2Er%+IY5#HRIuYM
z!cP-Pk6FnaaFCZwfKgNf3J$f}-?Ju>TjY>nua;V>c<y&4S7H=!+?Fn8aYe}CtBtWI
zW`)L{kPS+|mUOqymFAC^OMhT26xo&qrXTj1?lr~@@JbHtGj7$r2-dLFE0_ncU?T~7
zGmzthdF0x4%n&SMk&4QM4=Mn^YPGWPkp}*Nqtv&s8JTVyQ(2aKu9p-=1JOP3qCi1|
zRc$6ydxS@B``}zGLRsrvynPu%a75k4Em_fTqVDRfVvBSPr#jBDpH?JWwWz3zZZMuq
zhNFfQAAwhqf}!Rr3W}5^@bdL3Bun`G0`vW87RO&;zNMZft^6g_X47Itd1~Z&z4g3E
zo>%i6{X#S^3Yeh%SL)0!QnlMynicI6g_=T!tm%t4e!1%9ZZmju2M#hxk7h%7)E!Yh
zg|iQv1))B#G3OjtV7ZFd>uc{CF+Q5LfA`N3wQkpqH*f_QCF#W{B>{s<Hwo_IH$2)i
zXHkCvG6%g2MP`Ml_l3FkKYh@8CB|w^k@JE!265e)iKw>~_a`Nl*pH}peX6LpRbQJT
z>V*;=8m|Y=rdRj#guWT89CXGV?0Qu&pZ&AbH#~Y%^hUzvxJwRK0kdsNJL5LCC5w1V
z`BV%1L$OU2v1p$plGIDCM!<{K7MvmCaP+CcYruOak?#&#kJGbv7ut&vKex0Ozxbu4
zy%@s#e6$yTVyjvjowah}dqIFwsTWuz7$jpF#6hefL43m3PR|30Iu>;U{Eq3`W%W@|
zTUg%`3G8v`*)8$ZW7_pl*$C<4ZY?=X?V{e=bz9}5ZO72<&Mfd<7`?<!Y2|~hR;stx
zG3_f`w2|u<W>p%8Bg<$NA#R4;Y$sPR*1m?*YE~H6MNVmV9@B0Pn+KL;6SP0KM|nBI
zh@n(9ZwsvqUvIk+qI1xT!;*4D8!4<PQuUAdfqgt-&K9yLD<7($?nYl1_n_t|$g#sR
zyrGuC*@kq)i$NP0t$XB2nT^nNkk!mw-rdH{g14?Rob95a5ow|b1mJ?GT6Nnu6P-cy
z8*#mxkfqw&g>bQYLJ=)R#x;t}O=I=iL^^L)y^&Pf`5G)$U6kMG7+a$k*0W)~BL&`1
zYV^W;IKg(6{T-N|=Xlnk8*j3Yvr_i4kU!vM9N^LOrxtiD{ka7mnY;^ld=IqKxx!DT
z@8}JJxth($x0EH6b-q*nN^Hx&LtR+Av)pgM?U+n&6Y4ADnDA8i$KHQYWQc$)wL~jG
zBu0asp*`G_bS<D9S*=Uo7G+wnhWShq)>M)J8gO&-^aAsP#TFP$n)(@F&}M-_JAoh&
zW3Qx>g5f%9cfyiX)S^G1Q0<7|aX<ULMIW?LHacpNu*sHh)t^slcfuXCJ7G$UM;f$n
zl#X^s*IsG~9G!A}hh@n7`W_B*=^T}~PN9LHH<^>Fepb|Ha|dyIlF8K(<{B-l%8c}&
z!yV4k$~|<>HM1phm)vrqK$Cl!1CvUAY%S{Ve`+o27~W-3Us$RZmH0oF-5%Opd)s@0
z6EUk47Iq>ReZmz_`uImy9rNuv4)HE^+;7$44!@sJ&T`t}NQQD2FE59(pLc6BwtI|f
z_P|v!qm{r55{RMt=Hd+z(OY>i$+Yl_XpCtPJQJ8yV>kHmPpnQqXgAm;-r$ER4RQtY
zNzn#3Pm=+pMMeN~a+g{0h7|lL%{Vtnz8HZvmv2&K?Pu%UZ>3uzuRs{d|3)7utKOT3
zKAFq*_<p1MUi|Ff)O}G8wxoE}SrRQh^gwQ9@G2PVBcFsLY-G=YBLGN|juwF)AUYfY
zjsTq`9JRO;T0&@3y&E`k3m|2Ka$;_@ghkwpR)vXUizi!-I0fDwJmW}o;<($`6760t
zFRl~EUFaTy8CRhUa;uQmR(L@df}&~`sVSzec5xdg<GF{_9L->V9ud7@*pq!!A(u*3
zH8Af%yNB?qyB;VFvv*H=UFavI5$-bE3f&HJxAnxTTrYe|Z<)7XpY@VwK$5_mPPp#z
z(eJCSS#<@X&w7kLVd;Vqj`)x(h&{XAAMe+&OwIBPIwGyYOkO~%>uI&!n-b7g+TW-L
zv*lo5xBo5GJ})$x!>I$Qob_V0|0`NtZ?zcxK^!AW&~?FN1HWl$w)^pG@3JJnfh846
zk{Ja^+7K6VRJP*C01-dIVyQq6-h!}kDaO%qH6Uc-78vOn*fBR_=Zx;g6C5QHh@y!0
zP)~tVk(dxunf1d!xkc!zz6E~hW%r4<b&$7+vx-pd?8Y=$IO})Bd|z86TbHJ#F{J`q
znhVGH9_?pEMk)o-LOQV!s(nl^I;O-n+!!bP5u!*zVrWlFUe^Lj@Gp`{@$Rmj0?IXy
z{aLWNFtk{dF`9Y8yze%1l#2W<tURgsJIT@AKp&=BqkBw^?y~skZjuxKe`a*W3uScb
z0CIyhy6@Pdo0=6FEu#}IUG16nboQqb#^_o_L^w1#>DLxYp}1V>iwp?4(mENY*_Rho
zbh~69S2_+L=vC()(KVGs)!~a<o*6wex5rb&;rO8TP`m605wl`T&qhcrQ+Q9hj!{2)
zMG=j0CdiEzntxf<ar#7*vIk*A<d;hN@E$eFSps&O%l#n4*jQ_|-(cb+5(tVWKW$td
zDw2q6;RASJ+hVh6G&nQVXAkkNJtBB2+RY8v0G2y+Z<}!_d?-Wt-|oxQYUaSb;cCi#
zI|`q5*HNn@idIk>Ym)2e&Q?0O3*^jrEijR?k!SfsEJSya(y@lyxE~-EpX}t(5*Z+(
z)|X_p<9&MO8S50udIa{Ic8Bt35Wtg44x6{j^e9maS7>;+vqmxhz_p6}Dsz}JF>+5M
zvj35~aWhzTK4q71ha1wJYh)yW)VR5k94by?d%+*Oz->65bVY2&xsqF78`?Y*@6Yl+
z%}V?BNWi);$*Gj%UYj_Ice22NJ!k26jhceDz5V&EEc!r69ht;;O~Wg2Do1*vUUE>+
zi-zK}bw-4s%$Du0Q-1Dj*;-@k%)RVS)@+65B0Gh<2#sxZ<IJRl)pF1*dfR(dC8h^$
z<wkS(aE9Do8~8BOTZY3j@*B3BrQhQyJrwl8dWN&~ShK8Wv&XT|I_L-5##dh!c|ssr
zPPdUC@}z`6O#P13QrhyxWVyqq>C3wrFbD67KEybwJ3b=DJ}zPjef(G&ypr)3fgij>
zK?B~RTzL{1Mv=%mhN46F78S@7c*I*YRGx;)(`b1bEl=a+X}mjBO4l39bYe68R<O-v
zrUc_9TWP}-%keoca+zX`*-{aaWPQeF87Q0JoXv9KA3wQS`cl;=H%m6D)@H$F0QsKK
zkx%ZIh^gigQP8IN*0JYL<U;S`IiGV{FKQR*j^i~?=$0}G@Z;wj>gz*=7lP-yGk<e5
z=5J1S=5LP1{LSgk{LRtC2BACiH%DXs=5%NN=4i~{obJru9F6&#)1CR7qcMMDA;w|m
z?=|L62!o<B-2Og`jdL9vX9o9e9rSWvF!9>{AX`wCS&IJ(&is|EV_-%ukdwNlIEjOU
zBN8D3l#x2Z?~sJl>--~B^Y!01KDs4N9!9#y5O(X!jBjdkeCcX@s?2v%#y2%LD>4Aq
z0)hC!M-W8}yGMyA_R8}>>v@|zU%+z|wuj*(hBE*1G;)+4yhd532AM=!JZ%1)WC7HV
zD{ZMnl0TS@QUV#YCwK=dDTM!JuD$@8DubikkZX%P-v6cZk;W$XiFbtX3j!0u|F*Yx
z66IWYA36jofpk?GcL-I);u)G>F3@TWFZ_%xQ6iu&LiR&R`jPQ_wIz-u=*Qby&8xD&
zIF7U#+mi&uJNmQtL#5+g<hSFi`&gQA8*Efs)j~lk?(ja@6#LYsSg$)aTAKp?EjXP0
zz!BIh`@t*w!7Ka0EBnDK`@t*w!7Ka0EBnDK`@t*w!7Ka0EBnDK`@x&KA2#}aEAwt-
zR<ac;*$S1`R-m~;Z%<jt*Pp@&nzfRhfTm5fKth?V?T~s-25|oJT>#{xyM!rBS#K`&
zQ6bMY;l^-5@<I^aj<l#HzZZdkz(8a5b+R_8L?$$x4c7>_cLs*U=0XmLuAt~GZ*O<e
zKalRj?wNxZWCJ?)((yYuK_xU|A{>m|MjIZ3;MW{3<OreIAxp66(JHuR*V25{UN7q&
zS^!Evn2y+4o%hUczY|s{2i@AMGez21w97lw9eS|MI2qobfl&)5s7z0AY@yf1J-_HI
zlGN3rH!PO~_h1lkxm+y_z4@rp5#c~PzIssPw}LkKI`X(Y82ccYcBZy`g@6~Lby2UQ
z+fifJ`LgIJBujT}_JpnlQJ&kLz{h2R^MH>zJ%JAkU-kq(EPUBBfiHU|@MTZn!@`$6
zfe#B`_5@${!E;IQ<!0Y+-NAthKJEZMW-0g(aY&Br?!Wzqf(?`+a1jt-z#>b;pyz<a
z&sP8zJMT!G739b;SFV2&L~xeV>}tb0K41D>>oofe?{a*;lI`5N*v&Gh7fVz*85YPv
zKuCKrcBU!fOau^3NE8ugw&=x}>OVt*lqUfh*E1V+<LbE3&JrG&mRO+4*d}9~Xqbf#
zp9p^X+8ul-Xmzls-N7H+8}Hz`mfpaYu^(B)P3pjO=oUFJHOA#gO?B3Iue7UM$GePo
z#(Ap~OOB^>!KuyW6IAx9+)t<cInL^#YgyvyolM2Ll&NSwcPf$zO-u!nlWGw62~%N8
z&h#QFGa4cVvNPm1H!+sy2)SjyzBVcIMO?g5FZxJdn-l=Op$|G?$$&o6VU`U9z=t@v
zZ`WT)9^CmLMdtgFE%S8{c{TK<7{X$13D)IIOe~&Dqf>O^HbQSOzeOT|*FnBW2iXb#
z4}0$dUS)CZ|0j}2z{?I56cuHwQG?f@qTn^*B0HKWtv6JZpn^~lBH2-_H#EtS?RG1z
zmwIatR@-t~+R~#USc{-Q@Q$@ARV#R(?N-4X7ZvjVeAm41-a8?9IX&k*&+qx4Jj#CG
zd1uzFnOU=D&6>5=<YkNR5=(A{N=BN)b)V#aX?(Am?y<X36GwUdBNB7ZR<D1IAHyM8
z33`~zbcqsGKgE#%5e{$yST1#}bOzmdwi+{A>w%h)`>MO3px>pV%JAGLg3T~L8XwcT
zUxUINk^FFVBv3b3qA3af)J}=^9h4ujzvT5{&O{o=5wvJ~;A*us`}#F(_!|eL=fhBB
zExjvIMq=HtlXB5W^NmWB*|Zrmznm)&X-@E|Hfd(k`wE`zhfH}e#axq6_7k3BT+N`W
z(#H3UMrH)cg&)O|cqnx+nC>0afsOQ<#tJL7+~VwomeXtEA7pw57To!Ww8&s1t4{w$
z{iY1fQKaKVE=9V9fSMYS_VblMkG?}@7ro{y(Ypmo^h?LUl)du&WHhkP=alDtrke8n
zPZxTvY1ae4MQfT<o>SKl-Gl9R_yE(!C#702z8KO-sE;%n8I8W+nE!0XNuz&wek|XK
zS)_<9R9v)WF2nVw_><Hm_mVpDDfjNb$v>kO_hDVJ&L~Pr$qm%3LdT2%oIFStkw@UG
z1Mn~W*n?m6cAm~~69?+j85+`~?7BVip1sfZnxEbH%@Motb1w9&I;{#7D@H@sDzT)0
z#UZXHbxj4nZ5Uz?uV@`U!rUT~c&W84{4OUeI_x-O|L-_nGJE(PJ9PO))}}b-#~Hd2
zU(9wZS^k2{%*ha%H~zY3jEkfO?UTzOecQ8sN;H0vIn3tIMRZ3xHt3v!`1v^6mF6-B
z`==i0e_`Z5E{zR3tpM9IAnuaOq=gHsW4v3w$Pn?8W${EZ?u^z8e++xaeQz-3fib8@
z<C^M0eaae(s<Gy(mQg0Nh#igOrBmu9*Pjx#L*JL(=eP<$LXl?OcdIr1?SID>a(B(U
z#9|J45{pG(lw9ea<O`g%QnoQv)Yr`;fe&P8TvMBxL>P_Zs#}34h;5BKReMj0#y(YR
zw=Qh_v8*xPtHK!WT7%=gEZ%`Okyy>Qe-OHDq=zT)pKr@~^;Aa|4Tpu|)l;2h!`8;J
zn?`GP6Ln(;`ZOLWFxE*?w;y0tQ~Y+Zd$%jEs<MG9>7SfD8uR{;(~d0Qx<xE6OcF&D
ziKVbb!$qv*2D&kIhWCX0RF~@vnhd+V6$Va3K(3cd1@3oPv`<r8v5=W6O-X%jw9v0$
z7{fuI`9JEPN-TNmM8bNB>YuE~q)hIJ<Fl{|-evdutke}QI7e2>L$cKUw2uziWgmcX
zLd(OdQd_S)vp#u9?*B_Vg!B>gJ^HqIUMw0fj~?twl!d+y{Us{}q7rx-FF?3o<oio5
zB^^T;sCK1WfL|mgLHMXlBUK$DCEZkERZoa^s3mh*uJu+Q0?Qr1^Db80NkJZYZDBA}
zp@WR910~~oyv8@an>lH*GUKFmE+yOhPqIA0O>OYkxjzx#!E)c3S#IVNOA8RkTPt*Y
zx4sisGW2F8-Z^o6;G7ss1<r`?lwl$91!fXD<_kLc`}vpc86xBT%kI0!I@#ULZ@zz7
z$ML#C`GWEC(`ka0^wUXSIu1{@L0sqVJ(fN7_dY-TeZT*X^TS`)`IT_v-rvGm{~tI%
zytDlKoFAIJt+T`U582R4kTO;JooLarTgF%J)R^jU&`+qJ-v!6~=3~CSxm)rgmGNhM
zzT9ZaWl!r4)+tDb(>mz`{_ni*|IX`j=Y^e|*Xg3@WA?a$z4z#m9i+7m`kDWq*$4fC
zrChcwo7)GOm;09NgC5h#xBKii@%L}E`}vlQN=J(y+opu(K09Rg?6^(&-nKpkXL}|+
zGWsn{I=5ZP+WOqTK|8KV-)if#{Rv5|cv!YMK1OWXCjBcq$J_d#j!5jFz4rGs^sx{%
z?F@Zx_+K~lLDqTeRxRA?+>uA*8`OFE@zhf|-5x<$gzb@>3NIZyrGej~h6$4=;UQFl
zDEOZHOxp-#iNuR*i^>Xh+AcMD3ZN!tui|J9=nD>_yVzp6QyD9|G14slkF;IWZw&|M
zC=4F9j9gCiUYrXs3Z@-f(a0GFH?$1;yz$e_*c#I7DsMO_HEj9O-5XG)t%<E$UQ@VA
zR)=N%Ut|CADuK%IomieYnERAC^HhaRUv?wf9#4_E6L-{AL9x_XlAONQ6->`mJ%(Fl
zK~=w%=?D3(PJG^fVeO#LBQ4!Q#XCQ}e7la~mOfU&cbEQ|W`aCr%Zs<`1F0d@R^ab8
z_}Ddai0i}S{{FG_v&iJ)2+yBIt|?erc|bwsLr7}xTTmPK=_M?~{$%s`-efE)W5<3C
zGGVg#`38AaEo2v>yY`X;TJ@gnwTvH)P|45Ps_YALRgZD{4&tv=pT8O%@NCKy#Zsfn
z%92OVu1OW`Sd;3xqps0VM>MUq*}v@{C{a+gpfCSc_j`_2x=#ZZSiJ^5x27#ECp{ek
za6-!ceE6%rxgM9jo%u8_GO4vXRgD3{)76VIU8)ryP!~IYZa{ld^W%rrV3N@E?xxtf
ze~yc+ezHHi56*jN*u+Pce>OBS`P4^N>8IwAHTo%fgfCYvDB|B!7xd)c3l@~|@2CZb
zjf>Q;`(j+=^Nl>TIsW-bZy)P{xAREew4Rs8zZh2)`TTD@{mt=I|ABHT`x50^POcYt
zdB$?R$<t!X^`>&^^%><_M6Om|-nLvTczW7$tx&Gld3{Z}o+cMTv|CG2%j1T;9}<1l
z+9wL*qYZbpV3f6>Y#xsj=ao|KGXbC*3_ynlkh}?y^{*<=-+2K4Nc}r{dz**XRppE1
zd7S@2uzuM|JS^j3(Yrq7>ekvp&&BsUA=UFHy1j_Qp6R(gNV0q6PbG!V8zu0Ok)QG*
zL{>Imlroef$Mc_Lw2yygP20M%8)_q!%ZdFx=&g9~!bOqmO4$xn-O!!O$(R-m+ocP5
zSNeJksSBmw9wGBUjA6Kg#YR}&z+Jy^E4z2W&z0ZZk~dfWdUI~ByxBW9S9UxqJ6GC>
z-o>=Bx$-v8oz0b{leRcl?yGM<SMJt(ve!NQXs)~tHY{72Xr@>{JM)i)iSi7p(tQYm
z3fagJ=sI^CnKRv#1s0~eK#9+E2<45HJ#I}|>2@I{rvkG52+R@Q|5;@2*0YTBp`t)<
zoau_bgL53Gjjk950N-<W?+!rLj~y8zGytvckyhH)w7Aq;_aVCc@)|^!#XAz4BC)jT
z%dHv*3bi5_sqfztU_T0ip#R=*iu(nJ=rzS!{hP@?D%N}C$yCW>V!R5s2161hv+JH;
zz9#Xh8?>{UIA988>A3R)5cgTOr5UVOIp=S4d-3izse|NDnN8kS$?ub_dfF<~*{yEf
z@T}aW;|>DZaRwv{#MFSdu3pXQl3CM}|MxVV7-BO?qj>ZNjdF~xWc#lGPyLE4)>2+%
z1-N{Ldhwx&o**i*LGG=v1!&CB)F+E?o#e@Zy-5B#RD2UVXN)F-g{j<qo>HTW-wmio
zTbHKAF~)#%3qSl3%ioAw+Df;N8fH}RDCIn$_cN%-MN9xCFd0td?%xHJ?CTEBl8EAA
zQ_rw0T3y!;FR_>`SM+w1gZ#gZTe-8-=aP`4Ej_i<-^^qDYKTEHU4u?1)tTOgqs_9B
z80jcr(YCD1{l{K9c9KE_4v069b_6n?!v1h>Tj93rPjCbB1^od1->8<!qHBK{Pf24C
zOU;|33UIlK&3iULhqID3u8q=xa;MT(Jt_(GlcO-0p%0=Msz#bOYE|%{#*;j;tgd>|
zN70&;4{em`?dJXzs~oTYYkH#G$~;LKh(I(wi(7g12wJquR6_VzfLRU7m%29ZeP4B&
ziz0Gp=14y?Qy8Po>6>GP2EQh`uPdRAsKjs%Q~;YtI|(_2+|dAAcW)$FStszMj)e}f
zanFN|wt8Rp7qWZ{uz0Dvja=d+0TcyOfK!&RX3L$<9X>;Icrk=gbFt`E!4zk!1<B$e
zBs2}|61iD3TUPc|hWf_>_@#RNu?F|~#3EuJJ~6`L_+6e@Xm)9_)Ko+ZucvaC@y(Ej
z&y38$s7aOynnFxXQ)Q`MqqE@R6tVEU%*XwIY%%>N9EXqopUGH@%^N*m>Q4THG;-j-
zk1Ak9Mq<N`=@nvJKNf*;O_f^}ru&-kDsQ;twMIwDgy@#ztVpx&fP}}KF;R^^l19I*
zFUejfk<fG`5eKAvQ{bFM8;UgI(VG2b>7?WFEG5e371V$G6Cc%(u9$bSx*~Fuj&Cfi
z;kk6hN_Pp#;<SxAfdm)`O*c&TpYG}VTk9A?9p1W<T7D#OsR7$hu+FJLs*|`>F#j+7
zQ=Q<r{1bQZY*Ef?*Hu}W4V9wEb~i+k+}BM_*mO7jv9eWU-5tFeWTd{6E~7S`!^xj!
zsM4-oEd29q^!<u3P;)r(1ap0SIl^bxX4csrL(3*GJ1?KyIOzgDTxFtXDxiJ%?|3)m
zLb1?hKXZ(W`iNrzBRz3KmXVqaIz;cuUPJXm=QdlNMP)FP@c}cL>i&JYUrhH>j!!iO
zcFyb|LUc=DY#GkZTit6_I!V#Q3i^lX+t-byB!#xnCEK`Rd{^W@U(Py)!%8|PW3#j!
zOWRqnM5Xonebv^Ef6D%GC=sOAFmT34rDEc}H@`U4u!MUy8Z8q0++%`zZZ8J?(K6X{
ziGxNJYHlILT^DvTR2vN%U*UdrJqq`^%|X^1%hD7<9Kh1~#<KM)PG7I#m(aix3GOMA
z5ums@F!6s2%xWJsWZXlC@J;h-wUsR1+eSld!cVE<J|q~Mm`R4UzE+}T`f5412rEtX
z8ayvMQEsj=o>8ASNoq*aBpJmd`9?5bJ)Acej#sJFfD_&&E!C?MVa|BR{3#$4%!R%F
z!_S4UP9%c++*_?%);`W9fKT>PUpyG}$*tBW;<D<F^kaOq6$V;V_YfFvCcpY)ETX+*
z^Wsy+OllZ6d5Su14@Rlq#q37;b|B(HbD3fus*sFk^{26`*C^ZA(LI)d+HDLcAIKM~
zwnXL{_FRvaDf*3jsl}H0+~_VQK>>3N7$Z5=NQaO(*m2b)W|zsVC(`oO53=aj2bfF?
zFcJDaWAo0RJn4c7@d=X+eNkDzNy2`A!!(-3G{o?nejTXnXz)<)l`HH150+Vx%~on_
zw%TzZRH}GrmJPJ67!t&C6(<%|b9@JaA<|!3nHH^zLN=Nlv2KerFP0fTL(9g*C^Coi
zn$-Pe1C^L8e&E88KQx!k^GUPvlIHlNU*sh%^hrO<OPb}AuFp%F>65O^OS;1+U6PkH
zgQU!EcK&yd#~3*xcGNxAut@VS83(O&2oq<|fz2`7)U1HAMyQ1lNgcoXtC38g*3qwb
z@LSt&Q+%{c<QILlRn~PEdkjK%-Mq5^uXFESCw@gxtmZNqQR&y9ri$*+vmkTYBNt7~
zn{j;k)Eyd=i{=-x#B3`ea`-_k1r5jMPp%(3WsK28$<oRasZ{ne>{Ezk?(WYtkErRz
zcHHJL&H+71c^LI$ri{6GY<z4iQ8KQzvc#r@Cn^y)hE_HM+<{PhJ2)TGkf2+{Su}@c
z@=Nb5<j2mQQ$sNRUcYtZ`Xjgmocm+?FJJ{czvx=r653W_7&m`H!|18~mqi|~ExPuT
zhK7QIZi^x<+mP3<PLFU-gvg>wdf@N|u^G7}IP-g+&=|;^&=$j)-W73fh8Z}`uOB~U
zOvBjG7h}MbtSyOM`^lL2`Qsr<?w03ra<#ie40_^(hBz;K+vJ%BwlPFZwbwT`x=)A3
zwt<Q@mNQAMx%FzHn!H?PY4a*2@TZwRjbBY2FKmx0n_AQFZKC5X`YKNrK`LI6r4S6>
zp^)vM5DebUlfW&QM%z={uF!0+(?8?I@ay^h3!oRcU;6JxGlm1SvqJSU`Bw2;bJPWj
z&iW9KUiWk{1=#%Mb*5$lc4~59o~rKD`8I@87fao0&2qmxOzn8ow=raLs>H2P?JUD}
zSvh08d)?B!97!_X0b2_le`=T>%uBw2&HV?BNODV9nP(f~)tCy`3=-1KCrVF(;2SN9
zw4BpZI83DZ_>I(aejVqOe5fSsVJgnXm~ZK4)MDX7Y(6tbCFaBCPVKJ&%R<5Y!%Ss0
zN4<|+b|CPwmn-M1NE5_P!=L5)7gT>ZDE+QcA1(=EiEL{lRa2NYgicHh{ep9?K3|jw
zmqMbJespzD%t3u1K8zdOMMGKo5;)zlt5Fy`KcXDnD`cHk0T}`lubN7#*uX&EzGuW-
zRtYEp9Iji6j4ZCBF}KEkWX}2dAqC(!giv`C_6$2x@CmFqt6$he5DXmn*JRrY(JjJ(
z|5KeU_d_;W4+hnPUXEP9fRY^0iF69w;a6)8J^>2)p4qDZYbT`+dth+lu-~7QI^g%5
zb{DCkI7+Yd4RtL;)JoW?5Ddn)2JowR&ueR>c^kEa_TEno7S1f6Jkb9I{GmY;xyvIB
zmrR_{{{_wC3>@0?hr6!o$RBJ~XvZIHQDEjwjU}pjrx$l&)`s`tD&FP%i^U&CPZ=wN
zN9u_^Vs96Yof_-^g0YP&sZMO8yRqD*l|@rq3#N>{a4c#2Kp6qOx8ojrmUZABi$Ik8
zb=wQZnAXZJsJ|Op3ntgcCy+cIFc5n_2da}iHj^H6FCUE1+vLLoBE!kDRa0_~ewmW_
z_AUs+BdtdQVHmEYZ2F5OgFvTpEffR6awgAnvWO$qQ5{cAB`eHS)~u6b_@4E2%q5hP
zky>&Iy)7Z|d3;cEV#oVHh0{!x>gWXdp7`lJmFG{}uc$a~)V~G$b-3M3eWeSE-Fa7v
z8`U5Q!vaw9+~|Y4QmEV)QdmPu2qqo~m4r)NsKW3j-;WC=YhyDbW6G8n8u!JbGBZT5
z&&|;!>q}p^p7816W+PK2J4+w^*xOl}ue9teGm3tURi$L<nW_nnYBk}LXk_HMFy`GF
z_iW>=F}G0#>ug=HJE(WfB!~d}SjpJ@v6C7Q121L0j%^*Af4)|`hOv`ay~%X2NVSgo
zf^JGlJ%a#S=eFOkpuluaIl*-Q0C3L$@Wm4*jh;Am(uIK_5FZaL1Od>iqYa$_O#oEV
zKiFkAGcWywF2d|)`X76QOV6j5cU*cTm*p=#k-1OX>hoaPG}V;&z#V%`p*AOaEkwG8
z<Y(~cE(5x)!~T;fMd|ueA8{VR;*J<o6lZ=-m{i|L>b{_^rK;T=J$CmFb96W14ci?r
zbynTxDy(p-y9;Qv+=%KF;Aebh+mN4V0n_16^8+v$<z5a_h)?d82R7RFPVa2%2;t?I
z>P$O}wgT<#v~OF1&0)~Qib5dK#7chkX97o%wkk*qYg(Xai~axRZX1u(YUg3Mkf3W-
zBXe&wT-GisB&-r7sU;k*f`-N{-w|q<oF?#?UE}U!dr#M^@}TQgzx#TsItUG*rjk;m
zJdFw^<;<@HA1+@>rXqj-ynrp=(^HbN2D65-X=g}OwX2&#Y`;@6M{S1@Cvw7P2anJ4
z96oBho0yM}QnL6cXSNm*gr9EvB1P`R|42OesJ-Dbvo^IMSVbY<@_>8?x*ZLwZ(uA{
zgOHu5+9^^VG_prk*Kv%8&{vZY|9E0d@knM&RV`+B+h>k9doCN#_>mG^VzHw}m5peC
zS@<@S(;aZS2Fl<570c`}Lrt%=9?{p6Z2J``Y>)C(-Y^j+7fryYP6e;z3Ha~EP+<@5
zD)BgS#*>jAClI!3F!D3V^@zb)Dl6=nfx;%VGAbrHf<hH)87bXjtyQJU!HI%#NJ*@j
z^8)=UBs@*u#6;Xl2lGTrDkU0KiVk9&5H<dQ76tK{<SR@3NlenmyS0_BF#fScxm<E7
z`WKv8)i{Knn0t@}>+;3}p)woQ#v^!ArxrF2RT{Oj-Tys@M_fr3&M$!&=q^?1pje!c
zKaZ9fF^u-f1|$Bcl0~5|7UcE-&jO&8;ME<-r*w>zEPNQ<zI-u`7uCaK)A+|7MsRZC
zi9~vgU<-0%ne9ax1FTD%7WEcoD3=zq8T>~2-Rj@-7*nMDM!&^ld8`8~<r%@RX13n-
z$LREqB}Q<&1%s2QudGQ-jm2225L-r!SXw!f3QmQU!*TW{<xH~FF}mYbR8`w{J29f3
z$KG(C#E7X&E3br)qP2k2YQmQ2mmaKRSqt~#k><auJo5i|w>zzrpgD~cB*IAZuXvE4
zDUu)nVI$jvb!mMK`>Ps}kGrwP<2?rBBA`8fNozzC5(YDS&j{#&<AZke@DL{!nYY=0
z6S&L~b_jk$N_A@VvZ}Simlwuok-o~^tX#jyaSz+CdwP^GDWu#*I{N^_IlO4G-pqcp
zuZt;5Ryi0figf!-is;YF4|@iHN;N0|>gCTDSno?ZlrIQ|O~1MFZ#4*!=CY~!%3Phs
zZv$uiD3$1S0@()a+{U7b+j$ue%M0>G2-yCfo0*W`TI63b_Ig2tNvfoKEy@eqN*hW#
zeD{uF{NoKd5VCj6Lig&akpOdt8?KL*#Y7LZb?3bK)z|gb*S!83s9f}yeuMT#nxFWX
z^Nx?FFn#9pB)^dC%>l79{E&pLnx45O3qP?x+>Y(uJ*FwCX0;5qd&M7VBk;b<5Sfdu
zhFwU>3FXV~cjs`+-I8NaB_R2p+SRxI4q72XovGhJpM`s;#+i~nXQ;pW;la4lVyJPG
zdp53_-xVERg5c4Q@E+e~SG2!Ww(9|D+oBSRX17IsFR`7V>Qn~X5wbC|JyUJr$3qem
z|5`wBGx@Mv*l8cQk!1%p&Z}<B;o2h+mzq%JY6gO+HH+%hEQ>H1C<dEf)S(D^qpPSf
zt=*py(@>5r`>}Sxvnr)(S?X!Jgt5ApD&u1=Y#`~^HfGR~=v6}KOcI3iLf+lk#Da&F
zDlJ&&HIrOVDiWEMs*LR1n@QCPoHEv=kXR-2R07AMLXC-~E-H<s8lqBe&0+{8$f<3g
zy6#dLg%uzS`>E<4sAp~yaOVT1%u_7@m(CjvQRSG`ZB_HO=f&MqgmJ*HBunLx$v+a|
zMi2<kjRl&5<zu3a!AsCox<O6WpP%B#k&6ydqWY+i-}vSAV@WDjzM7N?%3cMehKxRx
zlE}-xNYFj%5%<Mp>QlG;7=o;!Z)d6!THpkS{p_hHZB$j$cvV%`@;eCy8%ZrZl6AIM
zgfbk{^o}qRj!3!}i_R<(-D8u~swceQ!n#xZ+{vNRw2R0^4Uy(VDrYf78?02bXBe=T
z-uj-p2<gDLAX0jx<>7j94#<0O7{X!GSp#f*G`Trqe1IafS2*#u(7(;po0q?hIM#tz
zO^V1ni8nB<imJnVQ`}9yWE1$#E~^v6V2Y3D7qhG(C7dj<>M511)0MU7kJ!<o+E5lo
zjf)97TnvOzp{;rL>YvYkB!Xo7rZ)Lg!+6oSCJfkvf*8baEy0UuFnPS_Q7bkIc@=Mq
zDO&rY9kyEgsgpq~YM2B{{Bq$~s%A1O^;BuA;d}Ihke*5cdYHyDv>GlZF~@O5j4LkI
zu!$JsH$k6khagyD<bK6Kw}3Behj6FL3SOh`PrSB|NC}hqnA?hy=U^_g1TVDLke_lL
zgM|VO#CImIfv^1#7$yS6g!3rX5RPASrPu~-lThNS{HK{bGqeZuDSbrnT`d#=sbOws
z@~KdLeuqpI@V1Hm%M7w<M%j7C9V+uKU#M2p9}voVRr#C>T)TJ$g*Q8Od|XqAQ%5iJ
z?Gl?e_Tu{Z<<T)0XkqNH8s_nG!IZHL4N8$CAbF4F$Dc)NB%!JbRsY@zEE;}S;>|gt
z!71dDn(TzJQ^>#SJ=tr4ei*4u;E?_b2ws(Rut&+ON(Wyg{DMtRd2yF7KE_hdBg-M_
zeGNJ!tyG-)>GoLATG@BXgh>}Jt=wyK{EpueetUPoZ#R$M?g4)13cs_n_}vUaVmw3m
z>NQgijHQs{TptDVg8wX6cmL_ruX$1OukGoWvrobl=+6D6Jo;*<hGSDjyG|b};qSG^
zv6)LT6*@}aFXwyEeh;76WoshWeF8*5o+-!=5rnaZKvdOD@2?Si+nW&R>YO>?rdesf
zY@_O{o1QO}F1gO@HX$Sb>0_;UlMiOa3vw?l>J9i_gD%t&Ao=^RbqmkZD9V1vU(#bH
zJf4<~1tNr0mV!-z?)3|Xf10p+KNbvsb>eul=7|y!(<~vEoZ!b_mXH|P4EU?w8GnAn
z;5UiXY2yf*;V${)YrGEHc4|0uNUG?#>3+$QlzcCBptNi}A#=Ji&rs%}WTpeZ!~nt#
z+>dLPQj@Xodv}dEYRLo*(_-r%ipH9r#hzex*-W0rwZ+=~;gVu5oqbTZf+0(bj#g*<
z$LAj#I?73Z%sDgHAEi_p^oO|q7W+dV-7CYl)E^I3x9^WX=snr%kNl`VK4!jpQYh2R
zO+4XWju@{OMi-0K%qN-$P!W`WRvXVfDkD5r+9O7)ee<Xv6^c7C#3i(}3a93N0V<eI
z+0@+Aqq3KNn40H<K)O!+DRs=PC(_G*D-X$Zy3I^+4s}!+wKsnzM7-3at+}jD#_mgo
z2Y3ig7i_hJW6UJUJ$Ssj$RG52%z`D-n}MZbzMn$mTJ)am^>6wCxusx`mP}?bLR;Z{
z0-C=>{{2ETWngnv3<XeRFBO@?OL|*G247Cs5#U46%0{>@tLeKdEO`WCqe`ZkYw7)X
z@tGee%vM(&)BI9%#!`s8Lz-o#nK?53OU_w*?)0-I;bUgcpteAqY3v&UYJ6B_ucEAo
z;BwVh&x@do?p#-(hk4_F&m^*l7~Y4*l2?}1ySK)96yBqGnSFhhOy6vk)6_wYeXOaC
z&#Jz^N_3*WZmMq%FRIU0s-FYO_sJ`nU!`AHr@g{I0Zi-%t<yqfK_A&)5;SO~dyI)E
zAYz8BPmOzI4$y0*+Asu|WNdsTFN0seqzH3md{#SPj)Be0cvos^e!odFhZRDS89ZGj
zJ|%#8dPBCO>7NSf324BoTuu&M!QK2$Km&cj&svh!qUoEFF9aQsx7H7{wH^okd?D!L
zY8HE9MyUN^-azh&v{>}2e9>SbxzooWI|l{mp=V>7$t&FePzwQpxe0%byYV!QrWH0G
z9gcRS<pvVc>m>@%lO|$pxF9ED#9x-LYcL#EHjY(VFpSH6#+e3kSo#5g_`K;^*+(kU
zyhPD+Yfy(ME`42o1_OYFU64TppB}?Y`onB5LM>5XoXl`&6f4q|*?|!{HuXb+#SAnK
z6K=lHzh?{0;7ONgYeIWbhTF#;HA|CB#Lv@cR>l44`ACN>g(qw+Zf_%kW(-x$N_XLK
z-^<UFMF0YNjI^Y%h)&<eKbhimadu$R4`e5|lxqf}%!9~Oc+i;xg_rfSkY?AfR%U*X
zP0R6*v#2y2$Vl@@F_CaUj^k7Mcv9K{i!>i<nE>c^Q;srT)8n!ukf&{kG+(W(9VF67
z%XkBjCzTEZ{q&DW^$4cN2&AYdi?D`kosFo5%V{{v`KJSB5d*9o1vy|RXCE`W1@Ja!
zz^9zY0cz9NTX7`?^r9{hVQF@k>I~;FJ~LDjh1Te!QOIT+#_g4hA+g=VUh4DQ?jgNE
zyHZ9wJw~8R-2Z2LasPR~<ca$WdCd?3zRg_<XMvvl>N+1%lvI~Io3H^$cH6~Lfz)-}
zkw{(1u}Ba|Z#zqR3x$%|CX@*K{+VOg;$>xz8|wtj3`;am@?{V0$h_>qaWwJUUUe(?
z?xuT6ck>ceu(#K(abLO%GGF@plJBmvmG4G=#H^nI+4MiweZ$K4Dj0Bua!F=;KQ=10
z52aiojZQbPXmZsKR^cM%bhqpzXg5#Be#tx`NM<;(q%zLzM!A4~G8YEr@1>3YF{_s5
zzMMcU&GuwvX3s5Xqz?tnb{gqDNq{5d4gq>7AyhKk;nON8$bC85k~=c{w|%mvdawqp
z;?X@rvgjs%U72TTvIt>wIgMPlxfGd7kEO+>mdzzWSJ$bX|CE09jOye$re7V%1&yX(
zwZ?HS(W$!qbZW@Fjf+3J)pORk;k;I-&Ox_24BhH%(pR}dmE~Ub`ZQI{=Fe8OJ|S)$
zCwYf`^#w!JuAJJ{Ce_MwH4}1^Y9^4SIMlEHH2aF(eC6smAMfu_wDb9Rbx?FfFqLfs
zI#Q!@LGVR9COgSb?f_KFobb_a4xfHO(ajYA5x(Rp0OIH7Z~nV$e2&w8{gCgoU*CT)
z{cij9dhpI}y6->7cgp6Q?i+$HGxFPPo9=qPz~b1<*Wi69zOuV<HA2i4A9kDsSQ&gi
zr;bk+?@xkmdQUCjJzU?UhLX-r2A{J7i^`CTr+QtyUwH9*nrqfDVZM1!v;VvX`_J0c
z)$H@yTn$MmCE^$5*?(%!<e|zAN{WD-#v;{gC!n%RGPAZfJ=`M%BsJiuznD2_{~n<^
zsNy&W=Ab>VkpgtJ`*07LgU+_)xpM6i>|-@RzK+@6K6abf3m-{SDHL)Q6L=5n;eV<o
zXm6hNJ?`iq5I0YE$Q`z36aKz1==6Zqwmh#j9@pwlRN9BUsQ9_PvW_W%UqjY^#}w9V
z|GtXM?XEM{?$yaN2%vN_ZamegGjQWc#}YkJxXG|x+_%-e@B#aBx~`A+<XK6iDR(h9
zPxw&kIe(t#wEOw|EjFil{yc}loc!|f6C-l9jxKf2JR^<IfMLfP*M9jZzhBu=lRf9p
zvrhZ~cf=??<c`cQFNN)dccq#e@GF%~_PQki@gmtMV~#so^-kg49V8~2_2*IY(MsNl
zWU>8&Hv);4?%OllZ5F>r;coDSz}lkJhe*ZGY)z!;6&vm#M!?aLmKW?DTnI+I=)EFA
z{KJ{zFoZdNlc3hsg-f}AEYf^4`PdK>D`?z|Na=}dI6mY5A!`WNg7$GCgTh5>e{X!J
zHn}em?}(yjH&WClF5~u^cN_P_uS4dV?`Jhs>7CBvu+PWStR3`W{0*2dG1|VHKJLV0
zHNUx9R<~YQ9k`9$n}sdk@+C(zpj~#cKKU2u=cjIS`Z@5H&FSZ+YN~s1ReSpR9NrO(
z|0s27NIy3|W%N^gv<?34gFOAbOrAXYd6>dk`uXzgyz-)-es3H7oTswMUZ(^gZUIC-
z{p`TI`xrp&>E~;pxmQTmXs`a#)6e@ovh<T@kKgnm(T=(0<z<|Bx#%r7?-aP~B%61q
z`*}xj8cjS7DB^l*b*I1YyN>G*7e>txV5$3b`bK1PPfG3XZG&udy<SbfcjK2!&g;a2
z^TKiVw>6f84Oq^scEuclA>R-q7;<9=mnyouI#s0iQq;m%AE<SEe%3c?9enU*9A}H+
zs3w|y;D+|;#vPPJb8Ayax7H@E!Y0tgniluY($P6jD9Gf3H#Dk}q!i9a>mCl|SCzQa
zsXkK@N=sTJ8h<Emy@}q<%AHkEc{uP2b?@rmw1NANBW&RA(hoEGRkBe=6QA?AmF_Iw
z-2g^U0Bbk+5gJw+jL^S0zn?wre`9_har%FKeqVItx6bc(2QuOI+VNkV-+z9`6KVeX
z@a(ml&+k7Dqq@Jp-hO`fWR(2;K5Jxdm^ZoEOKpDdJ<!H@?f^f=Ysr&0zh8mNX6N@V
z`Q<ggt5+JCT&J?hUJU_=2gsH`zYpczZ4Vah=XW0^uLHj3cVwNXp03+>GQUSCShbuV
z53f$1#;kqct%<1Oi%^W9Q~4t+IQ3~FVPZ2s7hG|XlKv}!0q5rh1|)`IdLZ{n6kgW5
zCUq4T>flY-<%FbN)6!U%*6{?AUqjE@ME-~2>E0$+5G;_GtOP;qLpVzX@grU*dZ#Ra
zzUejanV}ZB?~AJZPoYN}9!hA)o+4K*`@h=c#U)J}wrZHnp-@|<EO**8Zbobm$8|1|
z7KuvXJuhbRg#$4cEi_`CaZ&HacL^|zg3t0?K^!o`rhecGdrO*Yd@?g0JH;;&%gx>a
zV2!5-hq@=l0wDVtkhG!{AI-s42w>q(2H=IvzB!C^bIf0478BeYbH6oT){wtO0iRd_
z6Kfac6lUCQ+wABQ|54%aEEpa`y%WKXO9)v@gx{iSjFnKMGcXR(pr4KY+N>EfmwApZ
zjrDtxT`iXo6d8{m^fWi0{3A9WJ97PXB|;@u-7Dx>tnXxM|DpPW?aHF}i`=O?M%#*O
z^A^2>NBp+Y*rK-yzxf1r32i-?lhP>i1&hMgiWGtEhAjza(7|uT56!h*=i!mk6OcWs
z`F}9-#}wp`MaUnYD*6QS#}PyXE>T3__e?<0O<$uCLOyTYP4?F(GAF|R!Am|p1Dq7c
zf{olL1&Lj32ZA4Mwlm{kBNW=<&rc1YB|+3gAAnGd`qmY8UU9-<@QUfV<<!T+lK;7_
zqu<R1z4t25m<ZGBUC=MP6~n!*Rnv|wP@K1>&=+0n4<6{Y_N;T)!P>J-WyvYFsIV4u
zhAgJ?`K!iM4(xACWp{pr^|`0!n2O%tpqQHvAaRcuKK0z=$!;C!M;_zfr#&$-Gz9T%
zd#=Bk_H<EX&n>iNuE)zW*bN*p+u9hmrQEk=Oog@ONBju)pIMW0p6@?UTRsAi+EN^}
zWn)QRTeQXKd_C<FoB!~|ug%qexR5N1amz;2Sxkx8yj#kuf5v|Z)Jr2xKeSo0sYcSv
zMVp8N(B>wdqzcnsfUYTAj|3cVFyZ+roBvhG#$|~q%b@$(<yaCfCm!FbSYpa5Nkq%J
z$#xZU24kkd4iiJ|x(bxjk<*cLJvrAarz59*txj>(P1EDc;N_YE_tqv4s!fh#3J?Le
zI>Cj@Cou(%X9|4Sc%bp9TLFn=la+JQNf6FWu^9yVBgSO>#oA=N%xTip%I|_pT-G$g
zY}aKD%jLE9z;dbwy%ER$Y-GMY;sBrq_GecD2M_o)ZV%F`Q=`gIlMKZoF@CFJKdy4!
zm34X+AqntB{h39BZPCgbpW`?qj5JHbMi@_VF7AS8<Tly1^mU{K`w7GUt9X4a-Ynq%
zQ5JtE{8x95|35dwzp=JG{u9A}3~8O<e}b}3uTCCYo47j1deeuJoNH9Dn|<b)Q-XK{
zqFpmm>x%B+xa`|-{86q!2RbB5lT6_3(soKYO!VyZlnTiit?tOJ^GP^>_r<~a@K$Hv
zwg}JdW#E8&Lyd>~R<YnJ^gXdudbdSA%IS;voW;IfyaT)c`4z@Ohov%;lHo^%@UBVj
z6C<{(9I|S|dz}#)EHK^sY8PyD$cdWOC{j@g>Ypewywihp!McApRHEKhs{41jjg@;(
zttQNBsHjvG**d|!JycZVD<a&oDmpgOB6XW8di8{WeaOQ+LE%)<EY-tC!RleUnzHr~
zt7oMS*RlPTrBdQ8v5qgh7P9gmZ8x@?vv-L*1Kho`njL|qm0NpYXZe={$5QCC-B13;
z%7An=h2Km>8v;{vQ?fS~!Rggt%N|GSZ;sVu!0b->NZc1(T$%=i-{S8mt=zq&G;$qC
zuDsEKp9S#%lf|zdm`@V#WZ#Ap@!>MYYIxLokSUJ5vCa)a=cnH*JY>I4o}2#qz;?r*
z2mdEoh$7+U?AsRLzkRZYziWW`eE_BfVLe48t09}wUxq`rycVV}YLAfU-<{!Mot<9L
zK67XA?rxtYy=y1%x`yy3wa?rcyc64J$?~h<c7b`n^MAzK^7jn%d)kDj1-}nIu)e&3
zB83=Gk4LWWr3HmcsABz|*A=yV+f<V}043;4IF)^nmBNc-gPzB!%=lYhE-8py{|;k$
zLU79fj&zmo9S(@Fk&wycJ5c=DT;_wp1k}CO?Y!?su4XQ}Si{d9-PNgW7lQy%a=TV1
zFDqeTiyx<X=JhjNX3nZ}#d_|1WEDD*P4W}`9?$Z0ye&Yn)YZ(|O@!8N{5$d&*2yeB
zh#}R9zSW5{SbR<{)!Gr&Qc?kZWm#hS2OO0mU;FiARfqNC3((KJoz2W<oco`jHxcW7
z^qX#P)^X;JR7-5#-*-#=ah}@^onIcc1naxWyXzGEd7c(;TfdV8r<U;hjNO^DAYAT=
zUO{N~QxSzV9&g!rT%A82u~Z+7Twg@=eKj`UV3k$l;rM(g`t~%@*8=uk^wmH&>UbI=
zx%Z;a2gXu8D`FQtJrLDeRr0vR(G{%i!%GMSQBlI6_hx2S^rq)o;1OI~hxgV1>1#Rp
zPR6XGrXotd3gx3{kKs`=8NbynruY`rCikgMUW(NGUi_laemr^gvcyl8F?uF#Fq%jk
zKUu{HE@uQ+`5JP<h9Bh<oFDa{tnV<=CTcL+)hxW+&vC35HEI*@o2YR-qkR&h#@CI9
z*h+mT&>1&B!%b37?@n*z3lNno<;WXf#h?2Z<&7o7+OOA=H~vgoC+qcH$~rv{D~M~I
z`};FSTsM?MT+3`F^kkIdr&G$a{B-T`k>28PysH6PO|oHx=zH_n!Q6Xs1?yQG=7|Z+
z6Z?`mmLjmwKBn)^GQXdfgK2&s;c@-M@~vp&l1x59=kR%J-_G!Pbm%wX!%0d$J~xxu
z@VR}h^zSR(_8^kSlqd7O9bV7rdw|zpGmAkiz$dRqj{HUp_HK{CcEZ5ibF!V$9bDQ~
zdS+gwPi0=n?~P}kNk7d&SzeO(ul6Ub-Y<kft+b%yiL?lMj3L(YveGFq9&8G){l{^K
zkykS}ZXh9OMnJvsBc~DHr63-~T|(BS%)5cEj;eUayj1T|H-dLDrWn5j6AFv#ij7yH
zuc(h0MlCu!&4Jej`9KeT_dMIxt$<>O*)nB~y3aVr5~3M?ZGGm{fOc-CpN&~u6!EsE
zCrTfy1byeKjQ3-cN3_e5s-?%5((ZFgbod=<dYT+uLXY&xnfH#Ic~@bwhy?I1x{n^9
z)_6#UK*8KKR>P@xH5PZ$gWe8A4xp+fr&VKaSBo&l4sev*r^$*&R>$3Iw(f?1;BH#N
zhVyl3*+3XqS2z_Sp66@1TeLx{usXSWWbP@YjDVuOHAK1jxVM6`HT00#I>J+lJ7?nt
zD#k9?hauL@I32aL?<@45i|-=E-4ns}0$LLO({Nttx=YQ6+`QFS8|Xk!ulO!(ip)KI
zOI1_)ov*1lbqY;G&x6{4vm@>Hw2l40D@eL6GwmCa?{~j~L_=`R1`R>GzZ^Y}5Dl}F
zHtplZoFJRxou2=nRzSuGxy#Mb@SIQqIUxNJV_h?7<7K<*Dq*i|j5IG$V)lOTS8@fg
zwG(Y5y;f0c|FFp11Ins&e%eDj(UMwRSxcp2+&{Bz^$Q=NYbw;+Zn0D&#L0C_%bAur
ze~(D>L<0!nqwhm92=#rD<`y!BIzQ7)4kl-0E+Gxk-6?R<<2oHJ(p=*9@WwyE-%FVx
zg+b~S(Z;<^5wM(M{hyo>nS1IsJ*tlExou+$sx+jYWsM)EALN^5`aKVUHuKOfQbtBv
z&PLUjzD0#isVNkiuTt70Aci~_+=cC<rGdXLfJJ|*XlYx<l9-nru{_ui*w3)ci41x8
z-j>6+D8%<GY6<Xd+Da$Uhm{HE3x(fGz75srt&>VPZ}3`%$j~&r9Q}I)Nk-wy#poTv
zB!A;=E}dV6-p5~s{$`;Mk36UqW83d`6?*nIm$B!VInieN-@Nr=gt<j=d`{Tes|y3B
z+lXDsX(gGhVYn7q0{^ge8xUyDFF~}9G+$%Wkoc0TIvxTjso%2ie>+g;hX6ZQv*B*5
z*<-CVt;r(vunRc_D5Q4uvke6J$p0`r?Tjqf)O1^Ae8`^yRImG7*E;0@^i3}$pPd3!
zt@}LxQ>6Jfd<p04UCI@idvSry*Bxp&4B$ox&DKcMs}PONSbI|d6sB%lW{<4DUCkb=
zbhh4dngNur7I#Y6b8tSeWujlcInnQDM86H?xkt_PYvKHiG~Sz|_Yc6sa=ys}!)mr3
zAGjH93ibT4DE<;r{1bfD-Ou#Pazk>CvIi6NetY&vp7p(utflJsk98yFP|a!2KO$UU
z8S;-zZEnKW3|cj%3I0{n?M+>X7HPQ%%yftJ=ZWQM%}W8>E!T!;Hf7uJBfcsW3R}cb
zT0h4}x7Av5=x4T;*nMrpzSfl_^|DN>A9@2q2{-=Qfpjv4v{zHcLC1(v^W8?0@IDU8
zJGJtLa-Wv~ut8St&Z{qt^vKJ1PuVp3irB$j0x4u%<Qmg<4KZo4CMBI!Qg^=D!-=r#
znzDh(Q=&wdtklicwGz$7#UfX8RgNMo#nE`BPDdsFa$~WAVC=!*1R*ZCbd0OSEW`zN
z8a~9uT5j7;6cK88^+ICrqBgI>2Ll~jEFaBrtz8QXhfdd})lzNYf{x$%aJC)nzY}M0
z$NJDR^H|TS&MK$tvJ})|WbI1UJ;+*Kleo-+9b$(KrL-26*{}TJRW538iIWE^R8V;=
zF}YHy<vx#$I1{5|s(v8gM&L<ZnK)yl1g4>})Mb2NF-V<8t6$2t+6ArtAlGV+Bz>zn
zFk@jPEY*`$k$xrpUt_;p$GxcaQcd(2J~h^Qy%c;_H$p2Y<=c*G%T?^=9HGsHq9SwM
zU8v7Mq`pJx-k@|@dxO%e`I2W)I+@o@Xhq<~mYlr8eLW8A${L($=E10H@Yb2dubgX^
z+3&4HUSxt8z6=$e>`k3b^EU0cSP~;+oM<R_hw>}h+fV3l*^Fs%MyYn;PT>}>IS9j7
z{Nc{IBt_-Q5B}ighkLxIU6YTuW}pLzk>*_l-^XQm`#j=hc*SkKZ1$#EU*ZE+RA$i?
z3oW{07tjG~YY#3)Z^_10c6{#s*V|;xSs&P9s<f*-oPNdU!@{W2EG5b{QpKepu9xeG
zUNDf$i$UMbiut~g;<euG3!{Q?BF%4*m40Zoevq-<AAG_B5-hsnF9b_yDAvLyKCa?4
z(t>cT?~TL4ZlOEks}f|Fs~hs-Dt`VYd<NPa?IWvf2Eg|cK126;5Xv9MU;VeM%#Loy
z4_3F$|2ZQSn9#j&hBndMhe+1!`T&0{tGBp{TgjX`=?zjX=zv-M+Yn#`t9H>ltN7I)
zqrj2MP}ETKa{(1g2pktgQ{2uv)aKs^<<}^U*C?fk^&#S6sOXVOcL3w0xd9^zRMjze
z$6-);-T+MJT}J2zfblaMNycxX0E#SU^8j+;gv%U|<L^TgW7$eBDGCFO!RpFmgYL1i
zShEWPGwxEtLE91DOR#P^oe$_s@Ug_=V+slgBi;O4T2OWE*SJ_0#2$g`>+d*X*6u)Q
z>?T+6SwRw3>37h^#-zH@daNG@|GCgy3dofpl2~;=OsqHffLv|WgIdv@uFsxi2LZXh
zG!<2M>naSh!LxeME0OC*Q5^U4zfx0yn|X-#(d^!R29qE~->Ul0h0Jqxh(Zwv!ANr<
zSVOG4^wJC!v10P5gdQXqv999%u?9iDbiGkur1@E8Ni4y|Y91G&;Oix~uV47b5j<Y!
zA1ish&_7o2SmPg~JofjGr9AFvkN8PWZXDZCP-VeBLy|r6NqN5YI{$r0_Saw_lgvF%
zQ{AiGhIJ(c>7gJptpD1RQ%5fto+$g{$*HnGRyQrSuw$IXpgV;zf8e$!YmMB_egD@a
z?)QTOXIlkST<RmuU*ditSNcQfz4S-C<cLM_CA71TmtErB&t)nqCW%k_>^;%EZIA1H
zN3QZge^DnDD4$LM{}ExM5$ZSPYp_f?0<-A!U-+6wtHJ!5A?!$=$*=yHUlx#w`IU?K
zX^|N%+~+nnp~^+Qxe4X!UxMf5&6^R187{KQw|@}xv(s3gs@_$->VwJ&tc+?^EVDy?
z?+j&Nnp%l(v@X)zBnL5Obv@0N;pw601pL}N^r$hVeA1t+fJKwCZWk$X+r11fWl7gD
zKIYY>g0|W%Iapn0ZVYnQ(IR9P;X!;%K}IkO;$xaM%MOIxt10{_bcd${OJnnVWK19I
zwU8iCGBXb1X%LcW+DuUb5jfR9gafPNH^2W%IfBd^h|WS}Y9PeC7zK3%Y|VA28}p$&
zrKZrGRtuq7REw~vRDR=uv(Dm)=x#D(FK8U1h(h`}t1!-yOmkUG8QE}j&y@S<Q1Phf
zZI;2g)x%-;kh;;Ta5qfzi+Vr2a)GCTSjeybXpF_iD(ny&tE(Y2%>c$}4Xr49v3)Cw
zXobd4nKYi$`IYr-pL8{G8gfK}nJo12F7ZLMoTTotz!(rev(lBGO-uytfU$*x_;+&c
zZY_|HH$wx%QKtw8q6&b)TYqnl!F2~=w5P5i3th9Lbq&v%NUnDF_d)!uqV24?(7;7w
zFCSe$CO%%`ucv`v&dpT6(mQk1?fj|!sL~kB_4?HsMd&sjU9T&7r}<V!r}nCSmNE@;
zjXS`lG6(tnkTwH^r|f8Nu!Ivkvp3Ml8IZ(mEAM{Kmwa-$TW5O!H%yW@;*X+Amc<VU
z_ghj5a<{|_A7r{(JRAZNDW2aA+mNqmVQ=C&Hoi&=)ybUQRB|qZmpWG<Q1LSLF0E4+
zx=+s`@D=hk^o!sdB>r<B)RaiiQ8Wkf(<CgjS~`3`XkkB--#TyKy9Z?3CplMV;qC>}
z0z^Q9uJ#)nMZ{6#q;`dno6T*~_9nr&Sj!og3NqQa(C_m!K1a<iTgY$2QEUs$sP-y5
z2rqH(cL(d#RZ(&7sQbt3s79NXAm#gVnO$=PGDCxG(}MZGunC}HV~1rM%caSyGY4el
z@lMC{i~Tom@0+BtIFtk)g1y~x5=1oCAo`O%MsqNpPVtfG(ivNzm)mmi1EQocA_aGa
zYVormkZnh3G%v8a9u2|*wZ(S|@n`*s>07Y=hzyLl>0tfp&sMD=1i^B<lQTVtr|kOm
z*fcV@!}rrrvd0-&5`!k^h>qGtzp^fcxh*7jq~AT8aUMm#Dxf+sLNRaUv3JnWyZ$1j
zxB6hn43Su244dvAeQ&tObGYO+=~(jOHL(QN2#^<N`rd6{kSdiMNFzc>9pY#awJSD#
z<j7bO2aIG~+sPn!R$}USVKh(e;qq+7&N{t>xLLGBveWbtS8BVo(2!}i=&Y(%Jka`V
zF?q}%m<0D0XJX=v>Izd%{e}mzOwq2fO0@pzW?pjS$bF~s?|NJDv%G&7@w0|~hxl2I
zR2JAT1wLNqlallCnq@v-Co9+H@w0@XL?a>Q_9u^o>pC@(lb;<snioczwE&6a_z6jl
zNB4=HdtGTar?#WF6~QT;_pQ8=1%+*RC6%ey*!Rw}f@~|5f_OTU--g4*7u3_aNLkkJ
zW`q>vrSA*K0hGp5Gowwvqxn2TaNuCd@BV@ir1mVcjGe^CiZq+9Hyi&o3)6dpmk7v?
zh9M*EYwHjnYyH0M=Tp6ML4NwxpV7vP922_d$eDhUr|f)^{x2IStM9gcE>jLCuKN&i
z)4!L%ouB8cZ8SbvBqJ^C;@Z-q`N!ICJQIzI?z-_R5W+yw+a<hISpcY^Wy9zloRCGe
z^wM%+iv>ZYt9yYJmb`_mVD#83BkR{9Ei=iH!9t3mb=#_~`5&A3m?PjBBAL99Ycqm)
zOfT)DF3QDYvdZZq{RUkGA^eG4Ib;=y$&e-RI*h#1tx8Ki(-k?D0Z$#_t`uM?G0#T_
zq_QSWR3S~AH*xF*tp#HzjX96xm}14KGB)1#1Ut@^22}yD^ucWfp-lJt{To=3ikR-r
zWgGZH$x0eo0=iZF24S0q@o4>6Ai)L^1vtv)jx>)eDd;%5l@70;ZfoLF2+Q|iSyaC)
zq@^)L&2oD=mCZBqW(6;Fa+KZ4K&5LLe^9kZ3l}Kh#-e~rUr%C|pIf}GfrMWwRlKcO
zYN7<T)%bJjfbo5)qS*-D_GU1&@#p+F4&578@VL%D@&@{3Q5<4Gn-qL|b2Jm{)=|M1
z;XDEbUygohwl#tvwlr2!Mj`%I5zSuB!w6A0Dy@-zUaQd~c#rh+F<mrIW|B{TbhMTr
z$?20uTL@<5-aryxq+GXB;q1~})Sqa1q-x00@~wVFLsnB>H(`pp@E$LaL!Owi2a)y&
zONiESW#-@<0qgj#lX#WA%EVta@2q;XN>c@T(_S`Vg>_-$9wAR`Jjl-?JdZ~)%uuIA
zTqk%i<x50sOMN-fOJV$PN**C_e^RnhHy6xkw*8WX5J+R(>&sa0LPe)>&!1SHNBva{
zq?iwEg=(qei#Bc=2kbqFovH3(1rnpp#;Z#3lHdN7u3QkkzESfx@63ODzU1i}+xDba
zp3N0T{`~&_uU&y*{;xt)J9S~_?gzB`WjqbhDq*dvSF3IazAPtO_R9*DsSm!a*B3Zi
zz0Oyl0;%xa`FKQV;K$R^?c;?(KbB+Bp<iycncpn{xk{x#15GvYAC;IVKP}fsF*APk
zXZ(JzjP8Hh1Af0VPu?<oB~%0hW6xt@o7v3gHX{n#>?2-XG!|J3o)rlL)yxxhBcGOX
zfu5SM%-$8)ituNeOBSOhP`O(49FR*6c(V}2PO{fq{J6cD?&<f~nR!G`&myvm&Dhxd
zTxhLWafpaQZwZm@Lqui<h+N->@ezp3$wNfnwt&b;kI0!q<Q{5HpOZ!8SqMs@k(xFV
zVd_5hT?+ZYoxb5~f{|r&{niLl{T3=2eNRo81cE3T>l^K6vh6}Vrw4eh+~o1RBM(n~
z+X9|*3arEa%#Zt=D$@_KX%u@YU|`*OzXhlJl+v_ur-q)Xp$8UViBeg^(p1InsIfeA
zSS)o8XV-5dl&*9;^!3U(c9|n$O;2;aGfIqkVp$CJl$~9E;3mIQLcE2dgM6#|uSMgv
zV%^7Wt~H{8{-%rT6!8jP6tr{QM&Hh9yvvToC_^93mIV>r(?&JhyZ)~sbwV7A+fY>`
zdoAI|m8h*x5@1>|HLcvGzoD%UTgox}ZiS+2?8*&o>EDpx>1Riq0lFcoQsI_*{Z86C
z1Po*~R0*YoS{hn*N;n$Jg{3XvCkJ@0GQ2$j>+2TABkFP7LpWYQjp@BX0M9ARu-nN1
zQ+E&I>Ria8t-f#7v^$HJ^nJx)3Bn{9XC?BoIO|Z#DCp2s)K-~;Jka#@C1LK&u0cJh
z&n!q0LeWy?=hhXN)cfuNRdJMbUVtlgU+flg?pHIv%oX*wLYBIh`D~GYGDMUShI^~{
z8@z0u_jh65aY5b<QSzSIY2K^DylL7gxX&uD1xPA~>3QH9Rbz0g4*Ie!{g-ST^Vh_o
zq7f}=3e^j*B~<SgR>EzlvXhnY^FFzi5M~`NbpIq-OHd`FER#cvm=NPd%g=u?V#0=k
zaK#W*tr!Bx*_>94d%QHlR^vxPqBmc}n)Rzc@$h0d+#_2+Vqs%#cG;e26cTBX|9E;=
zEj;w-t^(^9!#}oP3=0J%7rgP)U9}jh(o&)GHm@P%_-_;y$>_G(ghZT4l+hObN0d>d
z*|<wu$NWC3NtVbX%|F$!h-lN-@s$1;>~d5SY1SPoMuh1@voxajO10ID{bTNQ)d49J
zz&V@y7M?Q2>1(relAf6@@AE4Bk%xS3_DlM0rd2>!bat?-;wC;3;AU}v4p(aa?&X*^
zNHCh6l<9+cOrHe`@(r^#8<v|iku|Z>tFzUmkINPNbvD&w`bQ13<^Ok{JfzG{0Ysbj
z80=}<*Y2Va8Er%XlGvj$@VlH~Wj~0|3_2p4j{>BPfvxQP>d%u;iE;&^T_Yjaa}rtl
zr$QX6d3Wb5)vRn!HBa*;k7^#}RWX28yD4xa&YV1heaNWJA7Nz!0YzddEsleT<(S@u
z?GE<SW)-=EkK-6FMX&j#C>H~0dhh(DNWlkfk1#4&ip-njoqyU=w7X&{(kpgSB%Uol
z@bUNg*grvXa=_0w*y1srANMqvrf<yBM?1#6l8P<#4_@dR+z_(cheEE92B$A)w-Jtg
zI+Gi`ZG*uZR#GT_<h3U0*&2i7RlQvckh7_`lNw|<>KPhLn9}qBp8S{eCD}(YiJ8j6
zUcmU?EWLai-`jy2J>Rpk>;P2EeZ5mSvmQ3wM6<K9_=rlPs>gy5p*jti>z0BL{SjzB
z2vJn>Lb>~ez~}1_ZzMqth~_t-{JS*ZM*-|me+Z{k1CCM+a3v@_ROayL%B-Hw^@k<;
zmN!eZ{n0GZum1cjd22^un$?bZ34Xd@FXM|Ag*oK4eTf)uZQ^U4na<NAf#oAeNtqu@
zA7=67xpj23#XB0*E}s0JGq$iwjim|&JPLxzpU!J8nEdZaU*!fX%S>S?JhY6cZnr<l
zcnGME>(nj=Z?BGwtwZdi@r0$wvU*$ljIqDjOC12$QGev?Uzh1aw*SPb+v~$-S;4G|
z$M;-`2J5Ea%QVBRE#8Cu8TWs-gBNU38ISsQ<ME@QtONsLl-nl`<V)T@F@9nG9#I!r
zXJXm?{`cPBok&E8PWE?;dwS~Fe1G@5;LGOwyBU0ed7~OThBk<29t-#6#5*z<lM2p&
zPy%zO6V`#)pAugu+3VP~Fe+UPdmC<Ry$15ubYxNFp2wry<;89D+BG(#Wcd@nvDB!t
zOMrp2d{5al60$b^fo;a*HxY6zI1m;ZxBbH`G%l}7wAQ9BB=XVw?nflaLWA9##8X*l
z0I?HzXlLZYm+G}!KExpu4^O{eI@=63#xCRZ`(6go3^q2n=;6|Tt#<2Ilwij;v8-MJ
zk0Q-;K~_^oNbC4ws<BD6tC^IJ&1n4(HA6T4z5p1kOwOYX%neqBmF^~z)P|F2L$)AQ
zntrR-joG5NlP^TJ+#@@$6=d(vA=@y(BYUDiB3zCa$p&${kG7kAGXpFz)0JhH<W=>A
zY~_ZlD`}C+_^nb9mFbtiAu7|8u%GlPYXA>e+v{Ju*s*eCy|2zOAdf%2L6PO?yd~~-
zie$DC=-H(D{X;ubpaDPd<hV*$GC6FYA5~&@p0YL4$M*aDcz5?@4`Aa$#_ATJlN>3f
zPkevrK2ukeyYYL$A0#MxPl+cfpw3=ozorv?DOYx2td&voSQNWokVl06#RFe@{cbyZ
zE^9oB!#l_ynA;8K-ur7f(73W}Wb5!K7AnWpBo7Mhwq}w~?sv_5u?dKw2-Ql3#m6<D
zYnu2gC}#MicwUl(flO~$z)*@eEh(?z;B6*pk>=NsLO7scvGP02&#EGmhZX4G+ET0z
z{iTCEpc^5-Pz-GmF+C(jvXbfTcyxuwa2(89XXaep%$y6fQi_!)^(sMo+#7REjTsHp
zzZLGPQjHt4%?=E)c_ad@uR?dB)|s(Y?f~v&a#KT{l;LA6(*Mx1u^tD7CZ0A;0S0je
z{5$ivE~um4?d(gHs8qKL#>B?}V!IBAEg99Js&^uupfohv{6^iLoS@65i0O4?Rb=ku
za+|#^NixWYg8vCl^ij5tDp50R6EUyg^g0MH(Dzn1ech7)vR3HpA4FO{=Sls&^|(m9
zc;(MOZmWtsd^~+WX&DLI-E_yt95uYg^DB#vX=?*Y%M%pHRZ^2W<`%+<Wey7MQ;2L-
zQH%3XE{oyO92f03Z7hkj{Enx;LO%o-m{9N4wAF*UMp}NR9E=w3Cqxf2bFMmf@e))9
z8fn*Mdr|!o!G%Ko#hoIom`-llUp48@BU8zjxXWH+SJ2;h{5s;m?f&*^Cc#^-?nN=I
zNb{2_mMk8#MpP@qrQiC5kt8$?<ks(>^Ue@P&B|_%c(Im+ihzx;ooFU@e>YfH`>Ts5
z!TeUcpOU1}8RgFy+Lsn?iH~90bA9<+$!zy^gWp*v7`vYPI2>>>y-=N4q1(GJsSpQT
z>8i<^T|aaEIt+w9%8bq>FcuqcT;0z6sFK;$6?NRyG3UqWYF$S-KkW3_wTr%#ynN`%
zUAU6)uN?Q&6AE<QP9IA@4O$)c({UQ2WN`%vX5e)&??Ja5&8;nobS?e{+<*Qz>*t$F
z`D~&6#@PaQ3CZ+Nq}j6_F<HNk737t@l1$;sFqlAN^w=*K(JwFM`sK`neZTZ4tC#3I
zQq2(%>0@;?#XYOjt`1aV9I6wl`2;g_uVq8(j+v@WY`BvHOa+#cWQL_guthF)hjR9&
zw2|U8QPUjD9&r>Az;Yd`^Af=ZY}R=)7FmR)Fm!W)maKUK-9g@4VU5V`Dvj&1j_6l^
z%3tjMQ@H}3Y{W|-J0hM6rwVr)AJfz9HSfG|^=e$ja+NmzO!92r_vh`qZ)c>Xrw$5t
z=ATT1R>haiz;U&E>SOtvt#*e{g^v+tU&8KTR!YIuQ(w2u6!{g^=LmY@tj)yZSUW7L
z!6GxjS4iCAp8m<RSWJqqEUQ=CVu2(r$E<(VT?3NqQCpHzO3Yi5JL}5r+=b*)G;6`E
zYTAUrcsk@K*T?O|mbFwD@AY9gE98ws!Y(8zAm+_tsW-qqW)(K}JbEihaeKs4#Sd-`
zF-Hck$Pgp$N{q;3som}+Nz6s2<k_&?!F;-^57|R$@xtf*gt`mJc@rv1vQ4P#NC(x;
zD?M)WN)PC)Qkv$c;@0`qu6d5Rh(ZEf2h1fX7<2Il3z&<q(_m)0c+|7|`#_<;CabF#
ziw-C-eYwmcSy@MNUxy}qo^%DO8GNT(-EkB!QuTVy3iok|#!Q6*8R+DiB;nvMs*w56
zw_fQIB{)Q$oOG{%!9VZhm)o=1DK`E&0N!3mnra!^-16Uf&&g$rHXtlX_$?@CCokPW
z!*xK8D?0z1jeE|hy+ULl>*0?}p%o4j=TJPBBD@H~jdowq$iF!ejTe-}9cxk-u)X8F
zR?|MSx7lCaQ#MeUo4h@{K@F%l(tHb`WiMZ;9Nw;do5MD?NmiL^r<~J(qtnhi^lQda
z{&+OcUJ6<~d4z}yTP@0!AcA>V=y81A?)uy5h?a#KOVt$L8JuBht?mu(9f{0cxLpCM
z<2Wdo3b3>5^MI8Yu$4M(8tj1t?A`#pFSpXWYBsh_<7z5l7#|VtmSBm&9kNKl(**@x
z$1V(CW_*r)s(<|X>WQ%q_rGn;jMe>bk@BK4of%IP2q>vky)TY$h7G>SbYixX3Nxd`
zB&Ly~=Bs8m9$-P=DLt?6zBBZ&>++7ArZi3*+b}vl#veINxp1tm3dgS9`y`CeSkzG)
z<BQta##d&GHHkOf$Uk^CZi)cY$c}W2i@n|`JRx|HcWnZ!B)XBPAmFIge37>6{g!rq
z_2^9Mb7zi*5R>;?QP~%%C;^lr&C)~ne=XA|Hvs5UniiK2O?+kF=kQ(j0#LAaq;6V&
zGZ{e6amAH<f;HD^ZE9yPmps^&2v?|=L$5W;WNjY-D#1$TioR;YB#(V1>*O|7iIvQ%
zmZzXo*@_v*J_?&LvPYUy{F^{bL%5G62Q%3671}D&qYBFj=IK^Mm9o*6F-25e9Hjsw
zeMwZrQBMAHrIuSNDHWu^j8BzM&kqNJTV>+%N;9NrQn}RSe3a~YW;xE%%#jxx50XdI
znOXTvqc_v4c+XXwua1qERY*zI@}Hz;>LBYW+%Se^1cBv3*Qd|q1k?-5h|jQ$$coao
zUy3D;UTU;BRCW=S2jg^xXyUsegxz>nu8{gOuc0Ox+|eaa0)|{E(mcS-f^hkFSMV{t
z53hcIhPK9yC#jk(6TLqNpY^J>$Cq0OfU5_(T0Zg4Ui9Va<keAk4DXqzbJfqlv;gvv
zCCv!ihyBp@VW-e_5+f9w?JYO*KXl(**4E=->^=H22$kAxZa&06102+_g;DO&{l9C7
z<5%T|cLKxfUAK<V@Sc)uAX0Z)%sPLZV`D^`6Coa=BDUy8smw_EF%#E_ao(b{*Omu1
z2TYeH<tn%JVe|2wR~U@1X9m69Z+*guU<+F3ZYQD2wj0O@mv{H;L!@~JPDIp@h1Q@r
z0pwGxM{Xc=JCsF9Twcu4cnXwc8b5IdcRcXKxo4`NICqO4;2kzQu~!}+uAdmr&V#1J
z6Mni4tID8E<A;K&l9^%1!$^+nIgnE{D*@_*d`a+zg0;g$bLi>^x_|I_?J!90MP8%s
zDIMP}%fi>b$}1w=9KK{%mb3F#7H_g6-mX;zdt6L*Li;Dbo?sWy?mp46szmF_W{bm#
ze1XrZZ<^L~4)hnGHm$cq4^J1|n@Uoo<veoO{oh9+DKtI9TjXJEKlwHetBA@H?ly`R
zfbJ?%SOuPpA0A7^u&~ZvpDXhW1I0bOniea_XLs}FXdV!<mV$>>4m2<naRS$)vRp;h
z`yvC0rw3CQT%kOy<&`)rmZZmk(u`R0R=?*+4vxl-8Vub(=qqhfNX-8>jJGHHjxplz
zj`2xge0(0pgQIEbS@UND`Xq#^J6DC0xXuAcm_dT=Pp{$qv7PzHeer~e%JF)HcMJ}?
zKZDD8kIHU5u6<gMxDWMK<}QMO#$dG!5_*+AfV8`YevtdnTTv(zYJCJycuvqy3k5lI
zBZR!O$i!s4F!}E!hyIBg5i!$KG(*<tg&A_VZh6%B<Tt32(b0UNqL1Ae#e53qi(q7m
zHD8S01;s5S9C}DVaie#Ui)u0xwdH#Gj`ZFLs4Tr36eg7bxU&^=oz{(@8?>0`8E5+T
z^>qW4C2vzzsjTcz^{YRMp)&jed#3HlnckTve@Yo)E-@fp!L#Srf`SmlrC@7Y7?ggj
zAq-IMCE1(t4zWi(zM^J{T3Kc{w}mcMaah-ZuX#(BsX`$!%nVti1tx|hbI99<la5#;
z0VFwK<Ll5)vezblTou@)kB23C<fd@coJFqXE00_$$W<G1h?%9u8`c{g$s6qrdjz+>
zW6#H$h+F%-jm<Q}g!|fG^_b1b!%W|{gxUEXvkQdTZ*}TDo1Iv7;wAP?;WBRAI<vn|
z%=h{DE!Z}{)-GG5`56g<(C-JE0QML!zFg*zpgg@@*tiqNt(-`QYuN#0ORp5hh!u72
zWP=-DDKPf|CYP~`GR`Gq=28zX{M0zOGl^tt0NG|e(p(fk@9jR}7%csT=mqfa@Z#5m
z_<|1W!IL^J(|SM%WY&X6c+ET$)_RZeKg|KGC3CZFA9aRt!`ymQNZ70P^Gm7^ttK|R
z&I4|CcKuMRNjSUg&^Mf2-)QWzyKpnJ&vtXFE6Fx^X&;tJgGzUd;4tQHwO^f`hJh4h
zDl^B1Eej3;L;0U$vHT%_koR^2o?ff+!62v8ym&x%zi0^4k8@+JvoShPHRLN)e%P^!
z4BiZ@-H{{*BQ>wXNc9zn+(?!38je(T;={}_AsWFxp;U*Fne_q}D!V#t4y@DAbuCq<
zP9>As_9ZKs=-@mjmF%7;jdbafH~KTxSK;W-;>BG6oUANiqd$#g(Upz<biIV9@mn%=
ziUPxrzLgEPm)%INYTAfa={=xGtMst3K53Pn{YSW#$tZz@#U$8T_HXt+Op~K+L}{QU
zdg<rdd+RW6C@OUh<IcAO#mmsQu5*PXNw0V^`skc~iN2LhcdFN&*|H^M3|GD~XDi=+
zvsw8*V``c%dIR<-TKrbJzdnkdXFBMHw3c4QRWUJw23@=O4zhQq<vCNW%UeNgn2Rh_
zdpOLGdW}Z=HKVai9NSh^wDgVE@AK3PdK;yF>wD*yZSIk^0-wtme}&~3UBy;&bW+#a
z?$e{1#s-nL>`|bCN4d)b03q!7{mNx;<oc=&?=NzlLN3+$`#ZkOQ?buzrym+=T=iMm
z;?J_a``UJ)rYQ<e)6g50^Z&rs;W2G@cpSn1b*;ne{qAS`@T{#ju<*T$G*?9#g_Lbp
z5j#}_FC$E;q%24grDCBeEJLA}vX@0bUc)p;>B-_xR^*aODI&pR2K`u*xIl+3IKh!G
zQ||YFk{Y9e+q9@W#x~o~2<nJ5Kh&2m>^?0=;<;GjE0^3O>!-UApmx5=ul~?O4Foj%
zz~-_+Jg^mPE<1_`5pm%1pbT#K-5kq#x6;6dMBLS_`dkAfZ6G=vr9?{c#EA6sIi>WX
z4=E=YLAjW~&7vG9>RAzODs#v5q<#5Hhm5yA8dz|H2gJQ`+6N`K8%cW8pe~V{-?x3y
zjb)3dbCw<H-)Qv*v+mXvA1lhj3-i5J_QY*XD_fm9*UrFiAQ`zK0In@zb1VXU49Ppf
z3%jA$U=Q&ciiQ($-8rUky>}K9u}GtyAguH!Zq$xm3O$UhopjkBKJ#-es+P7O!$K92
z<_ifd5bk$ivD1|)V6o{F`IZww@n<als8~#e&W+K-BevFXg+zu_diG76B;yXMgPcqF
zC^5}qs8o_s`~H|Ynpb!3XnqR$y*^HaGE+tP6MS2oS)`4a6GUg);Og$8tuPJ|t3*%R
zf8N21TS|Cy)}~mn!5!%yQoM7RfI&h1RiO3{S`#0*1=W|%MDB&^G}Bc^<|``0-Dr`P
zFG<kErDdh+gDCITGP541Wu2<>PTOMBR#9BUnAfzHJGa!d%qJb1_9_W#nn3|gCuq{_
z{glnh7MoY<t~*i9^7~6QPvz1*Xk%`)wZCn8qMSwtgtE1E-(Ii$z;4_XXd4l25yj33
z^X@*XpiZXbz}QhJY#RFK+;n`81!HRrNV$?a5W~GLmN`A(FDbfS{{83wQa#{(Nu=G+
zKW0N#XWbg+_ZJ>Qe8-SK9qg8^5&h=$heoKd0#MUVqaTfM_md~x*OUq2nn@A2@$c%)
z0I3Hui_m8V@dt(&Grh+Xo7TupZcZQRGsUUgfc@3(8vF;2sws;`nsl!Z-4OFyscLkO
zI08xcIJj$8`8c>MTW%kOC>bvsFG?D3NCw(R_M%?<SZ}F-o9eZXx0X#K#T1a<WYX&(
z;|-lDsP>nFs+!L6=M^#fw^X~w2Tl^kSo4@tO7dUk6e*>4?^G#O;-lMXf0<QFRp<1L
zYIqjbFMyS+kIu|%n&}(MIj}Qv)~L!WrRv-dg2Tp{Y8&}_MPv^mk#D`7Am(HNoA0m(
z{p!y~^%PW;?m2R%tG%)^XfK00&&qrK(L@{acKV|``JAUex`Ef6{s{JN7I(|3$4wR>
zrcA&+Bh3flLXtmSDh=P5)#vd|Z__TzjK`)5(CHS;9EUb^&{E#8@f3L_2mvZ;tm<8r
z99EL3ib5+$162cCs~}%V164=^RduaZkc9bN#w@-<b%*#0CmYAKZpyKhSmJ3d&GVS4
zZthRb&LzhmZv&y4)cK5}xHW`4P^>`^#2Um?i3xyl2MeE~akM;QE8?k;(or}UMp|Ak
z3Ae>(+vJn$M(hB#y*Dh8yg0NBVkwBtpA;Q8VPbsj6x3APlVdb({kZZW^z)CJdzriG
zX}<{`XuaVbIAl*4I&hf8lJh_s{jBZI>-cf^X+odCbow7$a8}>4C9ZthhaI@`P!hiH
zf>Uvuz<09XY@q-DhZmflTWs1-xS6%xS~`J*P8Xbk-@M@T7}m*xqctx#gWxai)|;-H
zt)9aU*{QSj=BoXm%>S14=Chywm)Dz-1X=&K_2w}0bh6&0o>O0Tw%%mu7@ZQ@EcWY7
z<&N3)W=Waa{r}Q>GXxHnTO<Bg*PD4<T)6pq^D9!t%x8+ZwOend>q}O}5XhIEt~ckB
zbMy5kX63iI-t^;h-g>hOuiT%MWxQgv%~e_cifF)<U>=F|Fp@iw>R-|Ig8A#x?Hq=N
z@=#wlPoG11{t7<H0KRv+oas8l-Ob0WkkdsoSckQn+>1M4E$Mx>aCvVoyBvCKA48|P
zY#M2PsS&ZteC<~6w|slbHf&Q#4%W}<Ji3DeJS8nk;GLnwU3zZ<yC-7vfK`AAA%lUD
zL{C0Z{W5;q#nfpod(wY-fuB&OT*b5Y3u~0dpVkxA9iSv2+FmJ}yZZ!Q=qoD|ZW^4v
z{PaD>#a9_1y+X-9A(`Ex_rMoaw+zWyAgqcIg!;mr<Uy!i0f?DOK7!<MmdAI?u{%3I
z>g#&zbC%w&^cyRt3$-Axww#GPlh!|8-YtHzHPiu_U3s#2Aqi%e`0o^<1y;QpEYB_<
z15juLyVD<FkHPNr(BGRvXma8S0-K``TJ1jho!19ppSWbpP>eiesQA=mgOj0@og8v3
zGOgZ}L)+cOp7dO5WKUY1_=j5t8>g6?N!Adsm#VCHb|#X0*gLW>SSYOX{TbF<#PU%7
z>(D=bXVQX|OIuq1v=i7CsAO(p1iP52MNm#C4<ldRkq1A0HXn17F_eO&VHgNrlAtQ}
z%XF<&VvH9H!cdd9%T=(G5ta)FYAZ$1FJ&xe$0+NQI{V1ZQ6TE|rJt?~4fm1?xKEf;
zZv-Qy(%QFuJ63s`s7a!k@!MTTihIRA6M`ODKI9egV`3PN5uPa%N4br4L%<K3p77_b
zZ@4`^MsqdjpE_@4PayRsTbYR*`A-jO)5cev(e~8^VCg3Dr3Q{9iv=&dpCz6?Fzao3
z^!N7PNVdZMo)ijf`{HE-U3b+ky#$j^TEvB5VJ5$yYB|&(xZhr;5#U4((J=S~ncaJx
z#s_;?BH^Y_<CE+(P$t4aV}m{o`z6vmQ=h(hJZ*2E(^^PjXXA+zkH%4>Z$qbXY_A3|
z))MsF*|OZS0XqCGjh`PNDTsrCInWPGo<)cD+u`_J`{5SG$JxE9fl8#^_&mp#aD3vq
zp)qHtD%($e@A1hj=`cP&Rvprw5!6x*g)t^xbv-Xtw_p=sovS1<ARDa&ClxW~we=u7
z`4c4LS~o(Qbiso*9YXz6Ui&lI_WR?-fJA3oVfPld0%~)jIv__3r>H}7Q^aVO*$;-l
ze(&~vwb-|p7%76qhzq8RQ=3sG3{1_=-xiM4w;Y%0V9&()r@m+Td!UbHxhe&){%rqx
z-v>JXBxm|go`UmFO$FjP1beAt=Y7Y$R3(Gp1~2e?sS!3JelMjDTi8qOu+a8WJ^68G
zP;YuuH!<+w=qa~Tyok#S&DH$pVw6m`N1*NW4ZL)c`PeY?t&(TRoKoiNc}f2$TO$1d
zkLgE1Ej;fDM6Qsuwf%ITy%B6fBF#srW*ElEba@tt`rkz5c7+y%g}jnsr27L2#y!(F
ztI{4QDASYm&(7e~NdvA5^V>{Kj}zu{fBz;-t2<UYusx7P-%`F?$MWm{86v$GsD@SN
zCKM-`xd~+_nc_=%oa6}ijWg*EgP)yA+zBf&FmE>f7ai&6Eb443r5k{rewr~2S^`<z
z{t+zu*LnRiN_wf+{NZp%^-=ouK%9>>FIPLEggWjchOidt6>zP*1U~f~4(A7$`Gd;l
zeCmJ6Yv$RoNAK~94w)H6HEA|;H}9_0WS#;1a|@|8cSf6jD@%{C3Gok3Y!g=KQIizX
zm$jqvslrz($$OQD#bO!>nZrYTIulYqd@U!WMw%xCuvbvdy}+mR8F>|aQzzapIQ~fa
zDFdQTyjc+bVz{hy*YVPMCyrOyTqmB%Yp0!9CNkQr6Sp_w%In0$W7N7n5AWQb%#H##
zyxN|9+B9#!9gA=0UL==n^2M<77hw}#Y!Uvm;Dn2CJi7=-ZEEMumTvE6XG=S|D07sD
zo*5X{;`i;|neUW#SauLnIg&n<@5XtA+~$&1Px~C$f;Qh}L-MZ)R);L`vo9-H{rMju
z8#yZ5*@lsIK&HXB3c?jx7RL7#qSHl?TzhZJK(MpO6Wz}ZLHa%vPnN)F!#0?2xm9oT
z4%t)RJLTFX_Jt!>D!0oH7M8?X7oiGjTZ1zUy8kB|$F-Y=!~aTCPYFk*1Nl6%A|H=V
zck>L-t>m)K2x%y2kv|{FO2I}*;{`D!q|38}v}+y>EqSYR8gd6vHZ#nlns4Bc>$mRh
z@ZG%MK6vFD3F&G3><LK`RsS_2`sgnmh-f0<y>WtF3B=xH7kDV%sS1_55T?%li&z-M
z{O38(Q@ZDTZCXQ5>Fs%I=PCUZx#dxOnua_zJMScv;QxG+UYtE@&az?QO~^utG=_KV
zWiPzPpS12oX^Uy^9qyte+c~7P3NoPyM7NsM{Z;{2B_{9h06sX<O7$8|1sK=+3bqDP
zc<_34r5(JMC)wogz(fi>UEW^5iTrKpM9`9CXIPKlJ+#Mo@NV0Fk2iOntJ#0Ixl2gW
zxz?%dzjN*N>KOLh2V~1mC1Z%qn&S+cyKVrRUN)`m82B`>(U$u_vKm>t&y2zN-L(m_
z;f5%^ANF>-zUJD+BLUFCLZiD(gj(H0ln%Sk&wq`IJNG3&hoc&{aN<`h@tein_z&D(
z<nk`lm){f^VqgL8o|(>dJ9Necm&qZyvb}$evCYJb)rrqd8}1K?BmMkI5G%qQa56Iq
zo*%PkEkNwS!{^lCFJn#Xw~kz2yp1U0`Rc?*Lai_Fv8F9{e$lnD!ewo%P-DD_S*Lb5
zY-?)oG|Fmuse5?7arcWN_txyuP4QU|i?SCIfTwFMS3x!{<q)N~mc+D7834E4&$8e)
z-C^LG&qUPW%cN7XU*7RwS|(BvXYBXJMczX(iAN_;ic~=&;U3j9-Os0cb-KPi!k{_c
zr06(#&eZL^vCX?RuKimFBsb383`q}fo%=DpCLRV~MeupHL~qn7>m|+tSIXnDH2r6i
zZU5-~Ya-2GSqlQ2=nrDasq5Vj>6y$*nzi(|*=B7QH0w4t6Mj!~c1P3>*&MZG@!r|Q
z;l2Mq_TB|Ps_NR~PfP+q!4p(8D$1ZygU_H)69G*OkTWnrEU2_9;sXQ~MKYr(KG1~f
z={PM~z1n(jYu{>nt9?<ltq>kb6d&LdwF<t^Fd`@dQ6Bk!e|w*KB!Jp`d;kA`?`=NH
z%$&2&K6|gd_ImHNl2sa0V(=&@)9w6w?XsLow?M0*VYkrw+l2wN9tVh>p!E~Hw>Gl0
zZDki|z4FK1LaXNw1s?%ia@&t|=tSoilk@a#!HlUhFKn26!SwJ+98bYKU+muU@rBWg
zr*eSSnR_SGK$R;lW=VToF|EO#?{QhZvF3n^tgeS#qrGU;)+3%32LTMF{-+w_U&I6X
z>lZkKvK9&%A!Z2G=LD!8f$)#jLS}+vA_IKVV>P!IxPMNUaG{>=DzX7PxAih`9QuYH
z_8(gT$PztQ3I8hePo)a@RJ)0x^6cjM-?#Vg(=B||#w~qE*&J@^;J)Yrxn=p+0{3!S
zciu05*cEUq1cDg~OMAFUWdSS*1nC(fEGDXPmj97n%{5L^1lKD4*Me(f&5HEWrcic*
z<PI=&$~;e%9hVi#ur<r%7N`n_*mORCtZBS4R7i?jJ;W9u9^ncmidll{zawyy7r@fl
zTHHx0jvsqML~oA_*vk2rFr^K`iIMq~baHNcoh~8+w!@OBvr*tSZ>I+CGR|}QnL-;5
z(OO}r_Cp0T92_BK{cSJnwTYqY=sC}?eNJ$)1&S#_{GkRg+AI8YbmG`gnSplaO%(nj
z;pz?<SG?u^op&pc=v9Sju}tuJvrO0yvv{Inz#aYqx~_@GtcyN^$z%>M#7dG=TjbUk
zu`g?GGnfRimlOfsLvdsjz@v!Br+~74z>bLbu`MD(!P^#!h-}Ertsirv0P`oZ!wkS=
z@-#09SH0}qrbsF3hy0P>dHy6hySya~K=)P3YD{9#?@#vz{d7#C?5E+NyatKNSDQ($
z^&k13W_X_P;t~#@(D57|>@-8CNoSKZ%jfAmc_2Tu$M)17n>qQ?$%+E&H48B3?y@aW
z<NnU>u7BfM9;?`!)&sAa5uL{8plMf`+834P;bP$@NNTgnYODTk4k8{^6dq(qoQ(HG
z>=9=l;Fqv76OV%Z$ILshU$aNmM1KmLk!{1A9~)+v#i$N%MdKRK?y~}?@fX}1_@oJW
zW^iLgH_i<5L!6Zz)L0GX2xgQj`?6LY4ILfd7Nv(SPzuX3MoaDaA&#jHP%4-~tBiV>
zj?Rca^EvfUR1zim8>9qF0u5{UH~nmUdz%WNRdd7UgC&RTv-FqqdpJjcyId&gdZE-@
zXlyQYtDcJeLBi00TyM#6^>??m^RyO9X5`HjX>4575qn?M&#Z;6GC{*SgI5MpKa-rN
zyDU$U|C6UhOJtJ;?Ms#H%d7=+4~7-kc-1GQyd2B_qk0%M{Q=X-qG&%iAr~wbOml@=
z-|1svM=R=Pq+XPBHq64OpI@#w2Le*+q%S`SmY%XVXt5DHI7}o4WLGIYofnoHg}x%-
z7}fq_E@&(Cbr)PLrqnQ*Y^GZG1(UCAm=>LO4T*$E0!xzv#Fi?+r~pio3=F#aW3D%4
zi8^tj%YuIQa~DjXcI5?EOuq6`)330mcXTRU?TgT*4h5y1`+SN%<zZrI8Sb_}eJT#=
z_IV(a<r^nG)rD^y^qa1HgDfXcODtjsaDZ&BKZnzvosf1ReGFVT@b#M8&j%&a=zfR6
z^sraY8S@eOVQ+d#y%#I3_o(Nv>-{^6Zqn<eCI*MVHht>P;?vjFYNxa8R_GbY?t${z
znSJ9){jdpbI4*L~IGts&@p}Z!Jian>WaLNYtB#D!oOb1<Ix=EnWwiF7+#25OpZ}nY
zykul`Jz02xsWtBw4Sm=`3m!Ib9S2zk>36)(V0~aAi!q?2)FnH<Ux1M?X|nxoAOH+n
zS>d1b6ME*`4FAco_FIL&P~TK1`52oKutG}mKpE<)QxP{Y?7Ux-T=oYZbTKh(tiFH8
ze9vYIoY<!Kv<P3SUFs%_ZNa<XuPmW53?Onpo(M7pqVvQ}^bo@txY^(5F-_Gbt(`={
zKZ!hJ&3*vgs!OyGI#FYwqoY2jlTX)xChXN&(2zcs9U3nRJ(R&D&iTX#m+E)C&w+f1
zk$gkjGcoMDzhVN<ppIA&H3~&p!jQoJZ#b>YBv`*uXWFw!Dn#|zM6-AfUw>r2a)_^A
z&Z?o7`wx@*c9%=$J!prOUb0*CJKpD3eXwNO&&f*=S^!|`5dHzxv%CF8Mr6$LrQ#zr
zKU~dKIg^$qH!W>X5aFoyAEd2v&7Q($OC7H64o!YwTbk`-64F-W$5yJ5luAM61<*Sw
zhnxDC<X=J`b^x!X9!frBpH`lY7SzNwz=*WAj3+ukW4TvbgU5_0cSQ0I4Uv7cL7+U?
z4m`$T9oxW}Yis>lDbJaEjcG0REob-*{7T-!KdBRVmj-s(!`MT_|65Q$4oQ_tVHIqk
zE|fEZwEGKmhYVV}sxvgF2R%+op2RnM9q7EJ*46&E)%qoKh&Omcaqxy2>3*{6(iWzm
z#Y9$Ijm8uWWzLCmHWi&{7>`($DfXVaH^O9z5hhbt2HijOkexv9Z1-v?{lai0qhH9Z
zkQ$mgC3q$lJo5(LxeVZ%T9JNI15=0EDFFZu{Q-c~88)j*OKNoRCHu(TJR*5{mVZ~!
zm1Jwm`vli3{p*A4g1?o+C-_s$wKO9P41Q<oV!+n4yt^io$Iwb*e&eN5@bhea`ddDn
zBS3l^sd)_pnIJjr8;YXl^SsFym^0#&Y_vzA$x30iyEc2Z7}W%qEC{!Tp#GdLkDbRd
zPsoo=QP#fd2lF}8$pX0&Ca$b$?Z%3m6&oA&MwZGUUkzCpY0?2eP^!hb#?nNotw&bq
zpHNNf$ZA;?lHUlhzr>${lhC{+`U8P-s(%(2g7?LOnozO3m`S;WwgEw1jN>vve7V&#
zG>ZwEMLDxjEb%w4fq>F$i2&YjC;6wJ?=Q&(^w2K(`k&%1V=E7sYo-5~nv+vz22$!z
znSP)=b}Hc^jGhW1kJg6053;W$9?#T$7#GqG%L@r~ss|DC-FQ!q-$+p4Nkk~3K!I|I
zzEiyx2wDSQANc&h%>$nV<bch9vpC#3(n@$ifq}3$CKUFrDbI*9VQ*qZ*gLzj#v56U
zR2)4Ra|%MYU}4Io+9I)IBwSslVf0T;&ki=QPptOa77N9c&?P#C{4kqqfd$)fcBTIt
z?&Nqbe#B2wDt~#kS=C)7RG0jZU7>v*T^JP5V(kOGh$nG%Ewd4{x*)*>fDlLu<r)RJ
z7Oc=%{{TI3%hEZtpf+pG1p${SVXLr}g+@9|y6!qL7tl$PR+UK)GDIv-zW6A)T+e*K
zGL{m9*(F#YgxK)Ail11<685?oepjyF@je6i&`z9YUZVqsS)7@R>rT{vB|}o1m%#7f
zWFX#^05@5be*U?%%uco|c!qJ;bnG;N6}<HZROyHKhP07;Jh6{$Hv#JW<DlKtq%u25
zDlr%aZVv3cm~Y{H%Sq?+JU<zT{}i7=I-louUaw!PmA0(b%S_-0_Bo-`2HokpTGw;G
z(`rpKFX-@_FZ#Tr^ZBl+>@GzJ<?%_DKj@jXg<^iOhQ+EoGGp@03!}C^U=OYl6K#ZT
zhJCTg=C+KaQoO7<BN=bQIi`n^wzKsBk>ZWCJ+pyZNZX0vd>ljs2J@!BWm*^gc0RqR
zl@SimVXMtRsayGpe?QR%vfb;}gXXnOCcd3u3tQT5?r2O~0nL~sOrF8Am<jddM~`V&
z&WLF+y-bM&#|*~T5+b6S*Jx1wh>N?7sEiTG6k(bons3k}2*rwtz`EcxUB_D^38`lZ
zn+-Cxzw{>v0{J2BSsAD4o&r5Zyy9m6@YFT~D1sFkRp&@WsdSqD3iA?z*EFP0kfl0-
z`c52Xf`nQDi9XU8R`ETxcb3Lv>izu=!$z>E*%}+X*et4nR#Vv=9+p-*k5By>eic@f
zl^uet33IsaAH@kV`P=nF<{=_?(n*f|=&*?QPO2mwuZE!>+fkH|&`JL0YCk{vk&!cA
zk_Rj|A4S;vTdJGl3-!8R+q^}O(x}snf5Zhb$7&Y^*HzWOBc1uXsrPr1wVx77W$XPx
zTt<ZSPl^74NSO0<f}LOd(e@4`d~8qag$3r?r}IUeu7JrgKT;|oyQ27FlcFkJMJ{}I
zUGHzxUo!I}Ihs)${I|HK#V$9rIimy^o-R6BuD6Vpm|hv6Z<f1jC{x`b<hX4(j#kA=
z_m{Yl5r5?Gc|Ri!iu;xO+pdt6XIZ6QIW<)RKh$AlZCd|hQ;s*7(#Xt|`e;hWrPpgW
z_4ba~#e8~mjpZo`_I}9E(*zkPtZ-d)gkHcJ`N~i7rS$@r$!}-zK{679cm3aT4dGnN
z5kxPo(Q5sG%WgcVQaBgVxjlMNc0okqXQ@Sop9NAMc>Ms6>km>&eJs`U8$-+FH~1#B
z|E0Zaw!j0y_l0x#;-B+4J1u?orPqKTiaj+WLPNZo`G!~)0m#S{Go<8A$`Bn@?5hyz
z0;}}t^zP<DL)5uupchJ(bzA}oQG{KvYb@tys<D$-S96mG#=0%l6KD+ukoZE=pfq1=
z^;ES`e<I(V%Ja2U-@t{t4JCIyY|*Flunp}qa~DGsrQg7(KZ?mI25%Dbhtu>OF3GMs
zRWa8G!AeuHEN~T{hOx71WAxl~{&DK@)qRC}eD6ILtZya-`3qdhrXZ&tA1TNes?~pp
zsZCOB<y8MSTmS_`>jM-h=c|7&mo=fWnmBy1>-y_<&iWg&&I0RGe|n_I|GHY;vQ#`U
z$A=i$KZMENG6K5i&>o9awh~cO*)8fKr)+9d*=<~*t<tq*b$V<3^)J6SqdqHr2Yc6M
z$S4~1eJka-Hho8YaE&g+`<$*1T%orz20NMs2A`Kfs;du54@I?zC@|wL$QCLZUN({@
zW3nTlT!H`LzwPGr%kS&*`o+2s@3TZ7yuN_fCvQM~w__M&$6zf&b$=3gtp5^=!qjS6
z6aw#NNzp^fC(^sRFCySw_N(%VTx-5!UpO{9K)V%ucXwkvs_PgJwPWlTjPU|(-&JUS
zc8v4DWV>n)un?tbP^l_XQ`wKX1P%!GO?jlIvj61kPGkAYJ-dO|{r7f(*Il|0@AEx<
z0IwH#c{0LSkbqNXN~5&^3Gnt&-sP{JZ>3a|<eg_u&@<<vZtS}Gqe1he^f;R5srlc6
z=DG6tZ9&5)z-2Xj1=LRdmLIm?IlMa<#ykyULeP9n(ELF)ui-~(vK|0M5o_PnO?F~w
z@;Td4@?qYbHC8xHFKJk&MT;F%s)rsQL4^uP4(umslYda2;{88rWpwFw20*LiWZP-*
zvc8#@^|IF$AvlMoQt_%Y(gk}Oo5kT>Y!;sB+*j%oY!-j9&!v-7T*1xYB@d`SGu}J-
z#vml9!{1+zo@|++?LO3{`=dK`Z@Bq+n8o(B9cQ`U9%@IA)tMe$5usfeSyuf)&`1y1
z@VoQicg<Yh1;2Y(t(lfENR-Pc0r!|L(nkz-$>Jb!R|St6p_NBXY?&eYXK_by77+b+
zohB`chCWsPI;yQ+9f{BOaa+N<6PLGbu3eE&N)<1KAQyWtbq1>K2Gr|FRl6JtflJ+*
zk9Pdt%q(2BUQ03Ck9e~;_(@$1`iU;!@*4kT)6R5A;U7cpFM-@I)Mez#N}&TX#Fu7B
z-Er?O`NOrQpDcecAiK!CGYhg^bA_R_k^*`6S)X@2&7ZaRG=7MZ`ikpqAVY*Rf6vX$
z$UNcrIVIuv8O5pY;lw$lDo?r|<#X{oBNbp6ZuNVg&TO#aV0Un<U2k;ADWTeQiCf|H
z9?hu=A_`ZzjY~_c28{u?+fOmz9(&3*QIN*Z_lU{H>|X(?wbbo*1`n6evm9uJWe6?t
z!8hJxh|u2O6A@bNk6~x0Y8pS!kFk_n{1bSX&g}CubDx(c_2Z#}_Tbm<GF>d!2VLw%
z7d(^NOB;mWaUS!h&{3*S?&YX1pTT9l=hE@?#EdVv{4)bI0WSE<fgjN;FLwpu*?@42
z0pZ!Z0^zgO7KFV`Bm}#OsF9<$Y%_s4s|AK$7a{KE!qJ5P2moiw0(88YOi)AUYO`l7
z0LjSyx&Ocr1AtfWGyr%?A53^pW`-6o0JQ4&w|UH;Oh@YQ#&LG0vCD#)jsqhwS)6q@
z4>u}J2{xCab27i`aAMyaa$9RdY%#Na3p&P?)9ty*i|)2v9i8sVKrHC5DAR-b>z?_w
z+y4B0O?UKr{iC+u=cj3iWb7+-8(T{|LUuut=W;u}IDDG*!HUUSJRwnL4)<q%nRmJ(
zJ%PQb)V#s&B(i2!VkWChPp`=T{E^Q)>dB?4LqS8r@sXrsXpfZuyi}Rd?^cDYR->#Y
zCgkda%XmojX?V=LsobB>PY}y&jbzpLaz>mp-dBaOnenDFzjhk$RC)vC#$vMbct`zL
z#@na!c)Qv0`ro-LXWSqEhH>u%|JQXj`<Ih%r}0Aqb)R!R`R%<;gnBvi_jgIcLOpwV
zwPR4Rvx*5(T)9?fSQ6OW{T-|^yRtq$xfntoy;)&#SV0~;EBJH!H|x>>(&V2M{3%^R
z|EJt$e-F2Ro14EvDok^-(9Lgl7dXM6?mU(s{1J51MvF>({Q1`&7Dkoqi1gpAfIl~0
zxB&te8;0R1c`-CQsY7%aH|ne2pLuY^+Ysroh8KlMgpA#T-vgfyZ~2r|@;MJjmqfgw
zWs!I#=;AcV!#CWSKO(PY^P>Fdei5<?kb<kE@v}XoB83``OZ5t`^fNyXt;e4YqTuaL
z9?YZQSAG06)6+8`B&tbqgrq4)67ez<-Ksg#<1J>wcy#bE7|aUg9+~??F5sR$gALp!
z2zrY};|rnjrID(|v4_Hmo2g{knjc)fITSmoUNLRQ@YaD(W;LXFbTZ!Qeae26s<;~A
z*|__w+G2h(pO)s4c3#B-M!dxlDzW_g)y0S+zI3|~9nKxfL&=xS@M^Yv>Y33sU8J78
zjS*RMweG0>5O5hmDv0Lvi-9g6WuGs~cW&3*HoDHyi;@rX&B7zvoQ6elgte{O5PS3s
zX1jdn*&fQ!qcsDc%+4?N^Yq+4OqJ{I;n_*G&QKI5tCBmjnM`8f^U1ZqK{&TE*|;X(
z?a^k2y3v`ih~QN&4)@mB>)`V&XJgno`bElll+=e}`=+i}+ZD8Z-d>7M+vt2_rE~n^
zYbPnZ35*<NG18g4jj4wdBj7IeY#S-hsKJZ~7ka%e=8f_SKQ<TKcs@AnG>z1_$b}rn
z*wzuA`=T>fD1_xcS;ig8j1)L`EeZ?Y!gHT??rAP=cIG#aO7xwy(V5unzjsw}-bSaS
z*Ra9pKIM$@yp;_0*v0N+bfUjG?!abU+29=C>^ij{yX2^GYB%Z}>oiL6Xa_5PiO!eC
z`h@$p<jf{^Vsap`)22EgyQ!jAq&JlE`sd8OsZiJwXXE5d8(T%{Qf-58g4&TDZ<}1r
zb?GgT8a`Z`QwW#4H=VhYFpVS+<)8HZnojSE-Iu%<jmJK@A{-~m$LqOR=7ZvJ<A~Dy
z-w`L=j*L^8qhRBcmW?Pk9AsVexH%{qdC^02vgH0AkD)nrj$}zz#Gmm~s?EQf&(;2?
zqb-;F5CI@dO`m=`OHYZiz&Z^*l~g829kFpG3#(ZR|F#Fk;+NuIz=2a-(?TlONMb5H
z%A6#B>^7-@=NBuwpy6gWJ{>MY41uZ&*4&PnF5I|ufOrW7ZX=1=CE>;oBo6y0nocp^
zg&UvCug9zd_M<599@!c(p?a_R-<fV=1^QCuc4P_3Q!oeNmhxPnAtVuv1YE^A;L@{=
zt>ymsTNsqLq-OI7R5>RMh(rE7-l#K%OTw*0=IQAV{2RC?spZ8{md)hABkXMv6c*f7
z7S?}-ZXAE}1;y@w<!<xV0{4kOO@Dp9{)6DdUd9nhx7fLDiI6{jQ;9p^Ik&l^fO|XK
z#IdKjRWA`NxYm8lbX686dhj{$*_YIQ0Fi{wZKnLq<=ZR$gMMj%ohleH@ZHGesmhvo
z_gb&;*wKl;$0}MeoVb?Fx!SM&*0zq(iJ@F;4RO9dB<b#i3G9sg_uR{uRYvmHgcJ3Z
zlz0rs&xWeM9lZjJ+?09onQb**tj#GIwF0|t{R%feb4}Qbt#NvvzJhc`YXlb=eEo3i
z2vJ^gu8s255|TT!otEvi^l52sx`~->L|wMI-Y4OzPh&r+kDpo}pHiGEpaNdKM_Jr4
z5Rj22^;O$q#~U_t4?VK@ofj>+<rnf5&(Z6!Ye%ZKMxPIZ^9DNgVeFz<%={SXwAZHw
zWqC*74_u{ex&&!;l8=5)kH$W#mG{G_(i{9cxfV{GSJqa8g1dqes=Bwvzg|sm?>r)y
z>=ysG$ALnLVV8QS89$$51c%K9aM{uE8;&jYYxNkjYmp!Uhxx!C$Q3>3xj7O`4n9TV
zry<>xL<Y1gN;mx1s_(p0ssF;xBg@288*dg#UGQCdwZO$o(l}e_Bxw`8^WIPZYV-RA
zkwh8t_y_)mpYg&(VR<-zDKK-I)&f5wQw!*D9Ra@U1Wz|V=_UrXxs5G8>z_Ip0_}Q(
znu#LvxyDiC<@Ht1QP!2Fk;Lc)@!AF6NRXnIRwI3<WHesUF{^032$_6^=`cQe72j8x
z@7|aVv|U5ncCM|l_vzVVqmJ9)dS@5MXSaLo27JBqZ07u%+TFxC=y|U=O*2GztJ<Ag
zFVh#~tR9~mI@@dD^X?WRzE&j9<OZ3kw(xbN+BCKhxO*tlGAI^NrLC{kdn1eMy(uLU
zl8?f9RMG`M*cwby1+)F$k8t#$YAfgAF=6a40k;$BNL~#%J6~GD@=v{u<^RPcX{!0(
z)6b4SiC4h;bM>>Q-pJ9<rr#>EwTfW`dTwX^>^p{L2Kw1b@J-x73a-)5@{Z?1d~j70
za(=we(fWW;TxRG=RzF+IWBxKa5)po5g!*XpUpg<CV0wNb*IUW1mbNAd3R%T(W_cxd
z@ng0BvkQ&o&U*oAJ2u>~u#A^qn#?JdLxpNK*Oi;%0XJ9rB|jxjd2<~mpdOg7@qh4J
zgJ}N=TZy#i7}A765Owc0AP};ezVvErEx8Qv^(+I-`u=}MFFEewpYl@!y`N9*%8kR#
zuFUR7xA8*`zQONa>dNl!`>`l+me;w7StV%(=QKXf5LK-Yj>Xl0+3jPP-H4L<#N^)M
zbtj~TL}*Z)%kXMUw{X!B5Nxr$8!?icUus|{wq;q~{Zj&#C+`}ZOqlyivRVfm@K9&|
zIC=1-;WUKUWu>X^Zla;L(Q-cU4>@1@eJ#L3#x<Y>kfk~N(I0ZX3?{8?qks!)HyoK7
zE-ZNNo54vPyi}Ws@H(JVs~9|n{HL`5M-s;Anog%)*3`_osYFsqc2N$YQO=_5%}*^#
zH$K(bL^{irMy!5aGk)CIu(vr3pI8vk$O4#eBz|dec)-(yuETuO#53YN^1eh+%YCQF
zuo_48$mPC$;l3}xeP44QYrVR!{-d$D?<!5bpKA8pHkb$9MBy6(8X^0O{JVdokv0>=
z{^S{n{oWmw7_>5y==pk0yxZws;Y!r>(ox><m8FQ<Ba2VR8@W;uM)1jznIM?@_{0#J
zen?%8@y=TrLM$jB<=wEdoU7%!N-q`ar2-aRIm#Qq5?(*C`gGc26Ma59YD|JRH7=?!
zK{6^kVhLxg2qK>959JIhOjxS9XPRoJx>=H0?-eewgX%_4Peu}B+;F@f;3;;iRy$39
zV+5L3nl*$hKkdIF><wB%BxS%KUWrt_kme8PEQr@x{!kb2hcg2HPzQggGyEYEzX1MF
zXZS<Jn+SiX3;09b8r}#6p=a@jGvE(nisR?BduPKRo=o$HG4O{oA(AW8{Gly}KcI(G
zGsW<Sk8}9L#{qw+kDrX6typYA@qllJy_4&`GvE(!U7T?6ht{tA!Jg@4so(TJeh}=h
zdNcN+0*h3(Hq8u(*h!B6A@~sR3q|k<d*>Zt1cZ^dz#*C@S^_HiS#uT`Y>3J>=TF_H
zc-<q&Y%O(Ee5ecM&ABO*NAb5r12V%F|Hd(&v9k%R$`3<k%Nb3%hN6=JnN7Qd?OFpl
z<+<zGa6;Od5{gRLNivt8i!5$!L)NJL(0^!i`4QRob*4G}@UY<F!MP6~+U4OZavl!H
zNj^^Wmw%4A*x^5NTG#Dr>|tiUNGTwjVyIf{O6)@4RO}veDnT4tb@Uo@G%3Arbu=kg
z)>+ap8+qG5<ljYlp^@w(kR(y~dN@(2pD3aIs4IyiyER&y<?-|41vOq_Sv`RyEc+5*
zx?b=*ayCQ`fQGn+A>&Oy_Gi|%aj7c+O9p5|X2_}yM%-I`xFL)Ry=_&IxmK$?V7Ers
z^2akUJyRb?kX;vL%TCnG0CM!;`ot8B9m?wh5r5Nv=oi8x^6mh?dhg0&zm#W%FEdX4
zykjT+V~xDVdX=`5?_}gPifKflGKTxM`tKhNHm2nWGv^lnckdxbTw*u;h&;r1vkLX`
zqqHR=1Kx?c%F^Dvy-=={W`AgGlqm79e;|Oj!ju5`2*k(tFm0g+PG?WPep7FT9fWNc
zOv3PzzZ$N^y!|d*g(3L29wzv`sLtXy8q@8*VH*1f-7i5|a*XcPG;RxQ&5NP1T(HLW
zB5ki+S!U1?T!;^zKHJDL6ZOGpe@HW)$=I3?<+uMC9SOX>hpCTNzsLBrum)@C3U9`+
z1Jf93HQ^F~v!@JYeCyNtiVoTW<OpVkV*gWd60dd6tcpDB3keFo8S-8iQnYzZOI-!p
zXx}nvDNxf?^a@A|F*}!(an@jaYTqn^f)^!faFnY;cH@8@VuKKeh}IBiL6Ibyo{zm6
zZoIK1FZO(@OyX3(h^Km{#o>5NIOZ!uCX#}Jw4|D0D`=@yj8jk1DDP$8XQjI=NQSBA
z*ng8Z0K~NY_vT45PzUwDzc0Y8X2D|{U{Yh@Ph-svrbUteP40s2mAYLc9+qZbHY{KW
zw;6{uJwI_nZgO;U9)?vbHBGikEL<3glaarn+D#CxnTK*SXLdzilw3lyG5j}BPl`*a
z<(bhx{j}`+{>er^z*hh4eO(Dqc7Aq7yNaj1kEeD&zw5c1p5MT(^BZC3bvA8+{94S%
z<yV9nXw2ui-1$@hv@Y|R&ZX3HE6AEzCHLatocX!%nxQpkj~g2Zq4BTzNzFEH`NJE0
z-&`BA@vRm9v-jGW7)CTPxsabraysLy`a9)|`vce&^k3<(uwb=pZDR6j^_JZ)jEKxB
zJBG(kjl{3QT)r-PlQ#ZN=5qfZW-i~O;m`#PsbhG)Kf>Eq(|;)jpHcC?YlL}&Qd3h?
z>b-6CRok!K*L<#@xz}*Y&0>YyR0C<rG>x8yz1wMgN1AhDL`Uj?>}JH?J-ljmiPN-+
zn>NxJRV+RluJT#*JsJP2-ip4lP{{9p?;e5L6i$fed9{#;+G@k#YN@7FOVm+qDJrjP
z_K8=E?{Rio=$3FO)AFo6X^++N=tU_R(=!&_^i>&gu^VB!XyEarG3NSdW9~X@%za6g
z+c7fc9;Ti$#@sQXXz#Q!7y0Icq?jz{=4HJLH*UAK*Ltj@&ty%n$4)h-*UP?XO|Ogl
zePz?@CWPfp5?4+IZuRjiF+z=??`5%G>Gi7V-<s;9wZYcYX<=Ro$M?p{{F%7bUb3=!
zdnJFSu_naQk^DTk#KaQJ%bzLbhb+t1yDrPJnLz9e+$*UoWP9C&%!g6drcBgI>corU
z)t#m~oo671TweC~BILQo`;7mB)4It}Y>B}VYV0i@_<ZUl-903GH;UkFyH0fv+PTeZ
z3c>~5T(30TI8tU=tCD90hVzlh&`KMsWrnH3-fOl!iKL~H4K4Gp;ga~(p*R@@w`;zZ
z-t=jDr7S#9;~n`?SkXwBc}uJ}BtWJO<dbU-NggQ_<<Z&wjUh9*;oP=2*PTYyg)?|I
zchRiw7RQK7%;K22Bm@J0CXNjGu?cq3pE=}97QNlt+dm68b`&_b&f_&QN$<4j+jrXZ
z&1;Q=3|CqHVwMRB13_Yi`&iaThQln!M}`;8ucUC=wI{fVIx6G-wXN~v(>A}lfa&GA
zFRXDJJN7_lYehTbgH!BVXC7e5s6Q<PL^78fl7<VuX$f^Np6)~tEh*e8vPh88X8F^b
z{bA1Bdx1X(mp9R#e1mtg*I`VY2RAJ5QrwbZ*5+{yChXL`9Pt{^zH$!lHXJeV$<*a~
z#wyzOxf6H}qF}5T$>Vr~JvW;rKsrBgQugR9Uo)p>&G!-w$21xKY^nJkoRw|U{wb9|
zIKD5>cRm`Mip0m2)Xyco%40$rZ0z;%QAiFOc3!s)JFVMS@NI@O>xQ<yD9pNrwQxPy
z!yV!N&8Y$PRUgkRi+F939)d0k8sD|4P~lgmpwj%P*|NC?i&DH`lsB|396tqsIZb;q
z+#0IrHL%ZGI!yRe*!w(v_d^2<<C2_7Of0*Z<LSvzbhPQ(kb<@-M*#M68;3TtS3ZxP
z27L9BeWX4Y$FD6JGP5MQF6`|isKxhNtUDeAA3{{v?0S`{yUoBvRNA6*Q-6qf`!#C-
zUUTwV_>hT5Pmd=$3C$I6;0Co#s>8;ii+Ss3(IK7I*L%v1_mDno-hZ`uKeifP*|S-9
z<X6kQ|7W~$v3+CezJL$Q=(uqvD&@ej$gx>|jJ*nfH-)ZV3Cr7!P57!}+y}OLy$;Z0
zp5d4X$_PvUPU>JQuMB(=l6oI5wD23ak)A;=Ul%<&5|5SFS8?9|6Oj8A0SimkjXeL6
zf5muZ-iWmgTttItv-7=0)ceg}#0hM`Q}vDlU&|E;6^bIxUXCucoyZV&=u7nCG(BOK
ztbv}^`-hpHoF;iy8H4vLKEv^2!4rc1B?iOz&L=sS%xE_MwWtlT*yR}eqx(Da-4Nd6
z*x|6!kk~2wF~!+cN$XJ7pMg3-lPEKz1Y(>pU_v~(%b9KUUqMchkC#iTSA+nfJ#g9L
zAFMccZwWNLaS0E|)SByVV?xetXR-KjiZ`GnS@>g;GIn@S6}ZE4K4Q2LNk?df-lo(c
z#(omOJK}^>ZoKbu)3A|-&ivXChYo=A<>jdyBLwl6?#gvUigCc1#duMRF@%N(5cgFf
z+u!S7Hw*GhRfisKb~n&y#ZkD!Uu19Hk&Ax=7b*2bQ%vZaUAyFDe%DuRiVnk#JwgNN
z7LK1^uKZ0)+?A<t)!(Sg>N<5V==J+?`)G6zUf<!LXWwx=O&aj(AO%SG>%<8YF-FwF
zh=?CDt)tJ+dMWj?CBs?x$=+(>G<Gbk1R(y2cSx688cEE8XIk%})A)gbX<$^{Kky)e
zPVa#i{UryUm^xKxj$yR{PvZL<w4{Dqq8dsohYrGx&th36I6#&QFx4o`Xj{gec-ooR
zV1^$eD1t^js;DLvRd?g1bRO+jv$?y8R0DbZix{8S`#1T7;&9#q%?16?YGH+CVepJT
zFzZpX$?o{D$JYwECf-MpDE3!JWOcxEDaY;_;FfEN6}*0PiDB+~%|<hc)&6LV_!e~L
z-!Aaeo^Nc`zK<SA;KzwIn_Cc0m}GRHNPH$f?5~%kPH??blZUcD!Ye;=8yDxNa!NMB
ze^Bx<l1R{6qnRtSm%)fWk@$_}sXkd`GWdoL9A3Ge;C7B&g`Lx-BpS<ibbqkqut<D*
zMXD_O$dq|djhXkSra^p~=$#Fcn2xo38OQKnbiG%Cb?81;I4v97+s^HB{-pLxw>M<z
zZRghUT!o6D-pUXB@)-n3cyIHJGi#qzW%h-<Z%aeDj&?9Hz(PdG(LAa6R7B14)IsTQ
z@*N_d*~<!{gif?~SrGxe3%r#WZ^uGO`Tnh5Mj_DY^xm~0R04DIq<3v4Hg`-yS88E|
zo~RgdP#aPary-chaQYIrGrK&MqoPV4z*YlxYCRV52<s7vPlh^^2xcn;;cvprqk%J<
zME(Se$Sq?G01unBD0O%i7~)qvIP+Jj0U7w~_x%E--3hPxgbxb#-DmBYI#BUHRofbR
zM-s6t{7Byb{Q8#3mrF=%Z%l{@B!2HBdm(zPRO!an3KB1D_7fjlL3c2~VZf<TnoIWK
z7mdb*%l&d(9fvB80RjjD#^FPYIJ1exDIEWreDZI?fQtR!gmoHcL`l99A$Y62wL7g)
zc7347GUlM42Aq%r&O7U;x-_8e9}~{CN5dgT-;sK{y{11&+@zlRB1<Qwrll^$^aK02
zb{{^8=$*NzQBS3vzLaeltufl^uZ^IFc6wm$@<HFNe)?zKHkwUW{WOVwD#_5__$`Bu
zHE~K~*FuMORzJT`FHj<*l}RtqH$hwUO%%+psBf+})hS)8Xu9ZWZdTDG+`%fE`4Ovg
ze53c5=p5M?pNyjU-hV(jwVzNlT@=lp0pO))?k6BSogus{HS;IhfxA~Tzop$~yeek+
zF-{$~r7n{b#j2UUGxsi(N~2~TpH?&H<f@s-DMrn7vufs+O=y{@o2e6ZlZb`p;HI=p
z+p}@c(CjNJnaDb;=2|VXqCD4rJQik(ag3nHNaChl1U(`laCF$;s|K%k{9?sBI!!mD
zlc2f&kB2=Tm=1fCP9H=)PD<wUcA~NxNOQG0=SE%92i;Lug7C*^U%pGmSLkC-yMD<<
zv`a@;<=%3deqlC@n7GsQ1GRGIPbVmHSw2iAKAk*}H!3L7X?%@EPxTD1TxWinG**pE
zJ5v2K^fJ<ajR|l(%XDaM3t{tJwuKF`)z19Uu#ViIM>%05Rcm7_q<Kj;GeM8YZ=u-H
zn9ZCfW$7U3(eP8k9rx;8bIN{B?8ljSz@!2<Ov|@~lM=F!&DZ*mx=N4rk(iodBa=(G
z8^FazVLqznfdS-a=DQu_H~+3d*2}hcnbJE!f3oBIMP_`d`Ye%BOkAT;#%yTl+{+o6
zv?yXPlb7;conc)`&*4MdUcnr`&Rr!1+u4{RtNpm4#%iCX@5qbg=sWo5joxk%{Ys1I
z;rKPO9@*$#!xKO74?9(^?-p1rxX!oplr#r@AbPV-(!e>tk{RPGsKdJn^*tn<xT?eL
zzsX`OT!BE}WM5D|*^hq&5k#YdF+fCm;0sff@B6|li|W|%U&=n{G`(w3&f@bbzK?L`
zcQY}*PJNt!m-v-J=Z516Kr-RI4S2xLfB{pR&eZ+Qu2&j8zGpflFu=z5wg>UOpV|1{
z2LjAe&<%vknR^M%cZWoaV-N3)>4QzIu1+K6hWAdH7vR(QUU|-36YryZUIh4lkbH}G
znup{nW(^7Ot@m2|KaVIT<?05>D<#7GA;SDWn(@^r5J<yoBKV{uxrmF%Pj-*~o*%OR
zX?{IT%r3J~l=ALpv2^EIlq)cIbnXnY<B#2)-VmuEfHynnZg$X$;SFU*u0ayOTR|j-
zjTYU~X^rRhg_js{3G7_>07Lcr-JBLNAu+X_eHkG+QyPbkV7q}!ug3XPVc8U~wp@N(
zaJ;q}8!_4~$7Cw-4<TxX38gXSqp${~Um>~&*G3Zopaad`<v4i=&D2%(Qb8{h!UVt~
z$c~#-1MI84hN)5pM*^e?qUIHrSDpnsekl`yU|1Y+TWgJ9erFcv4JEP0lTPow%?Mpa
zI76?S;ChX7c(oa=tC395NKB(iPVcxZz-l*xcK4;*O;WoVY9}#X07@I&C0F7;vH{&+
z#p+HaJmk?gOuk6(Gh=vfPaEDlX6>yg>Q{(PCWv~U)a0z)U00%KrOoaU!^P?u4Uy5p
z)D0RMG1MG8V08Ps-uZkeYTBB$`<opov-TO-&YyGUwyAypw&Zp`jk#6v()L~^T>98q
z#%4eNbSp~jUHtcnQWi28V`S%q3G(tfUQWslc2}&A+aDu#W(LGf4+CXIrVhxGspx50
z5(PKTw04?GXlyO|sS%jnXM#J}=nO@P9w9y@YLYrEjr+L|$6AxmgZ<(g+R~WY-2&;Q
z_)Sb0v}F<HnGgtLZ<kT&d~ylbn8YH)I?N9Ff5qV_bI>38lqsNBKmBg?i@p~4fd6iL
z`(AtgBkb)(HFm+y@Af4N_D^7M|E&1$u(x;O-`Fd+$?`tlh^m3*y|Pf-B*=<--1Tz4
z4#k*KSY~bLDXyScSlc@$DY!rMv9s~L9OFA7Fgz9{8nTZ*s?H!1#UOiLvKhL&v;93B
zAEbOrCU>R%9$4VhKT7m)`iCK+kbRS{a;bFIBeJa3+DGDq%Xc-%uT{(l0Th_HhcF5S
z9YYn)zyx6Yr;lfk8{sNJKV9KIo;_~V;`V<T`2cUq3O9d)!eX1(;!0VZd)#P+`$Uc_
z1;Bn(DPPjHJ&eADN&ZN;Dmk;i<kTJt_P`|1_do+#nJU(IR2Aab0K3<>jnHIdCZ{PO
zNku9bf>TIh6BG>NQmQm79}^G~G@e9b#g^#BrS9S9@kG_~=$om5SrB30s7gubSrv?f
z#A70Z-l||MFX)k9nPD^zU6mIdBI_;u2?Ja>-kn?(qO46<@eGE`a~RD^sCC$TMiG#O
z_3^7HO?o%$g)J?0gzF7m#TQcMCcgn`vhubuHw5-B<w9^}@2W1rct!q~SZNrW=)uXJ
z+(_3a!mqdTBQ860H`B4C*}u?O=8;fpPv#>6k2QMWX4^l*8h<k9mnxjOEwq;*)UEnB
z=BK{p%pa>jP3P`rr^(l?_*l%++l`zrGiSK!C1<YOwr*ku!t6P~n<QJbNadtwARo<I
z-H%}MuX-sq4dqQnapGsM38lKrAEXy5LP-k4%|nf?xE6DRf!lm~&kiH{dkrDmTl9CS
z1GNw!f|kLV8-pY#50-`t+>Mz=Ms%;cS)O>|Dw%DJ#RjC|XT+-vEIL{;*_V=UQJ{?x
z2h*H;pg6?b=VQOi=C@(_RNvtN)*-M0-GdpwL@Lv}nDLQ#pNzhfx`p{BuhY|=t@F4>
zR(%84$o?m%Lwq{X8xV&YxZ`E~MK#uWz(`_BT4RU-<lsD@327pJejr8$qNfS7A>_|!
z4AI&DIJenu^n^phiEB6!h%W(-7wE>P8XX~d2s;Yh51Xcr1GY!3JI!fQ@<x7(r!q_!
zY39j5i7@7Cr|C6=;E+qOa(Z61)L)LiOh;dsoYog`Hb`?oUl<9)M2<@C!9&>{o0g}I
za1!{_IS;rY&=-sc4iy{33Pxi!(eE2f+m&YQq8aZ(Ul@eR$!Y4&yK|-OjJ~j6&#vbI
z6|QQYd4VsiuUW&j{v9NbM-G?#RRg|cG=<I56eyA|l~mZEK&|9oc{Dp!L%;2Oqkl`s
z4&dQi#DlTryVe^to2Pfy8~QP_=rCrI)_3;nnS0*vaNQ<rV|vi9RGL9YB*$vxayFtV
z9K-SlAuXFbukzf3jIOZBdQRGB25N%QHfo@X(iQSEszScoT4UIl1Z8rlNHZW{1vq7l
zgrE?z)>n&Bk+iJT;5ux$AuT3vwqo+jUoIxs%lOOzLK_6)%r$P^&SG+I^hZD8FlM=M
zVhob%v(DV5T6o0dty=fS9X7PZ-V4O!u(xhh;@BBRQoiG4D|o%TZQWNrSQr=`G2E~B
z*HIft^uV~biOJw-A;NNI^oYp9GHuWUvKusdT6%LT=|Q$NRZeLfh{$!?M5pAqv5!h`
zpj26U(Q7(A9$S`F)^-WW!sf3iB;z(zVA|nsP?#y~G}qylSQP7R7-|P4R^)m5^emml
zAf2YkoEY+>S6e~)3O*%BFWuJ)(tkNRO=+!DO7gU#n~iY>8it=zN8(=KNF3q1qp{j^
z_}M?jnOi97fcQjXxCIOa91JT74|q|I#^%qv5yf8=u6mj*^KZG2aa(_I&Zo#SzlNnR
z(P<DXeaWbyGgb$LtCl*q{Sov~oNe<5-TVz#5m~y&z(r_TWp493yuW9u<Oenc>TtOE
z-EKM=g=d^F{XZQr#oMp6Wq7GPfTf|lnmIQUPd&&@?8iP>%z9sIQiS#%URr`0dInpD
zz~7tc?uOD*rJ-u&%p-p-r<dj%b$oa!x^~GKY^z8qiugGwKjTX)QE2OkkF2XyTjJQO
z#f{)QUn5pWris{?<b&MF(x7>id-vI{?Rvl|aeb$E*jL6k*Sn6BcGcXgHuvn=+s0-l
z%iN5a=H=)ZH!*gR^QT#hrg+yaYN=_<YpGe2H)qzGyy$~&;<~n+U~IbPXSj{7SJ5>m
zx~kjgdX-+wL-|Sa%Oi-}abgE3k&mC_F?$>NkCdIf5@N+P2yi9ZnIFIgQ5p+#6@4h`
z$qM1euqbeCqr2HadGcLs-l~&yhkPB@eeMaJ5Gu>R#}a19F|JKSvCyGC|B*U~SmHKf
zUsw1qT&Xk(R}o)Ei+j}~F=7$HxQuB!#<q1)VpGrGpitXmIfT=m_9y1VW%s@g1EGz}
zzR^$h2;@U=J;BZ!{3zYm%()TJ{eXVj<aN7~Q^GKjRWY>T)j>c=p5*nal+&a{&2BpG
zeyz#TH;^u<kJ8x5JDxK?qXd1az5d(*|FYNrliKU^24-yC|Frh{p%s}qe6hX$r)6dz
zXYpGs!Bz35O=$fl6-UNcpCfwfl$#C|`VB`K;k#aXLm+*J{$G^71D$4rIOD0wufeR6
zgLWf*?=UPUBYo#Q=`?LO(u%dyf6RC6^fnoX(^SCEdV&(5Pw9jlCC;ropj`Fdd#QcX
z`etCiHpvrqD{rUsZy^0!dHahk+q;stjj8=u#<UB0`xIlI7tW?l+&kspu;%%te&6F|
zo?nwOau4O9O#Y3u&~5W?Y)ZZ-GM&jkQsOl3LF;-1J9#QfQ;vyewD$Wy&@?TBTl+m(
zMl|hR%i&5gvJ3nDQL^8U%AKLH-)nxcd(v~u=HIZBTISasXY+4RBm(9eI36?!gz|z;
zLV51u&n+;j@+OvZVL2o9Cz0};fGV9|YFvtx^?~{d`QIP8jR|K&Z@7vTy}!^uzYBre
zWcPSElig!V)-a7E(#bMS4qB75BQ0{juXQllJ&a`<e%dME`apxkIU@HHS`0*PS&ers
za%bf2zQ<a5JNoh8D{rs&WiYSrB5dc38)3Un`0@q9c1~-j=^z^aeZqFm;|SZYbr!b6
z)*>Aw=Gdi0+6vIbd|`<`X$st*Lx&~_*pd8@6n#^%m7=fdmlk^dZhQ3XjmS>klK*b}
z_tAElo>~7T%k)oRkDm4k5c#U{-<|l=m)oQN<KnLN=yNZTJo{g=M~8UyU-oEx;{UQo
zLz?~%+N0MW@xR|5?bf2yek+uw@15w4jbA||MsBm#=!{6bbNtFh2M6&hH`@3W)NPrh
zjZpkQ9J)eYINZYhH^{Jzoo<m8iVu@etU~EwVph7wuGq9>CQOSgNh@-mbefVzp0Gmk
z8~QE}9wzDI(-!F~GZ8GuriufL^kL};meQoog=X~kKt7hkE*;;2J^BmcS0YtdRCg~q
z?#3QH*w~i;-uM;skc=oM25GJ0SGFGZ#qlc|o{3+nmj@(cmF_&>=-cVJD*qgh#8&QF
z4&IGDIwXTgZH_%!0`Sk$0x<C_x_@|f&?6bNf>#iLL4rU4mOg+0d<z&5`0#5wFZA34
zkeHap!l^*Ozvw(8{mM`ka^qiMl}1|aStgUTLOf)=mf4JWdMtj%#>Ra{LW61(AA<3Y
z-x%6PkJSSh+G;168yMR7$*VyO+fg<kWCXS=g5STIfty2^ocg}FJhF2vh>^Kp$sEG$
zEOT=RGdCIpCxbB*<KO}VbwbZL3$xK6n7KJPWTQcpB+r_;gJ_T^)gGB!$glF@I)AtO
zfRLYutUR~<y)TjHc8aaV2eHMMYcnStM8#wY2MPBFBQsM#{FZXZp-$Pl{UB;hwr<}9
zcQDAD)=rbtN&IdPY~3~-#Mrt`I0&|G9w+RBsOX%>5x<`c#P7c+AmjsoC@FMpq6Qlf
z^6PI33ppRer)Iiso2Y85|LMM#LjT?J_tp>o5%Tw@L+yIizxyTY^-mywC*S{{lfMs{
z&{h6^oh$!E`TGHN_OE!5f63qfSK~phI_Q7D{M~jk@^`mBUn+lNbM9=E&XK@P>a`F2
zHI6Y!OPas~F%>a<ot3~Zhv)5lmiixeuqgl9y~Bx^f<jUi$tef`CJ1ExOeD1SNRJ?Z
zEATNB*z$799xWpCg~9|FtwL#RD2dZ_xRETZ^sW5Rnb7h56gtkKnv6A?`0<?d&?OE1
z>N&|{OtZ;5c`zqF!fEPapZ0@z5R+dan;)9N{kQDXIu?~{y$#|ic4eQwg{H=)J&P|a
zU=Tij!vUSeZ)2a<VGao$I(4I<5SeyS$`(#Q4Dug7^B*p^N>0TWQajcPu;M{75O)s1
zK=e;XVK}!x&RzV<CT&A<nSKQ4C)4pb^+vj~`7JW`@k%c4S}*uV+Q(b`qxRp0dJx#h
ze`mm-%{-Bwg-KDJm|S9n>z%Wkm>}zy($OOqW^LKVlznD8$l9$ZgdiuPVy=$L7$dxg
zt+j927_TgoHzXTiZ4;l^fV^~oHHnzNI4{cA`&bd};n%)IMC&3_8zoMumfz9}6K$1F
zj<R#?NG<E7{3ted#O`b4Y2#YLYt}h-WPh{b_}%wP5j)}s^0e7-Q6o=lvt?pOIAxgo
zIP&z%fjk`?HT&`aYto2v=ybDxoyj4&+Q0A&iO?PXV;@@)`nSap*}q$U{`24d5%TjN
z_qB`D>(wt=oPPrO`JvbU=j7)%B3<R@`|JP9^7AAf{g?dwFZ=cX*?8&`od5mu^X<nX
zKezPQh5UTWhYQ4Pl_Gh&+xYo@(NX-nPwbeD&Q;x<KaDJz;#}D_#fcU@v~nHJjcBh6
zpV#N>TzjRNgG70G(G#XP>lbZwZYEqgIJ-vpR5GT68Hu9X4<R*+5*W7lt-TDKSGo%x
zwtsu-!70wo#Py}Ef}AvvOe<URjObvKwD;?#qfFA?YJYVd1j{2Xpzz%K#2`Zd%E&fz
ziOzmv(oA(5F>o_E^%Z_H0Rh`T^E%G8VELLL5qgqp-pygYO2*$Ln`b0pOPuGX&mjK4
zaap-L<kzOD)8wk1jvRdCH%4`C=!&wC$`0<Sx}`NO)rFH=^RBt@iWt{MnuZ*ttM(@>
z*r8#P`IGDA)C{BMv-{ZOSu>_lJa`(VC#JMk7hiQHH%|g^wo)u3OLsuJi@VEi=eK{e
z4woo^-N=&IK*Lqb8jh>?CKIATOuG_HH!kC3fVs`k(o;$nBD7h5R3uLJ)B($sancku
z_*Jk1wx|K|oR6oM#I0KC+_sztBLfzhT&~U|Eu8fSV9${MCz&atQ^fI3^2M!{iTOx{
zn9rj4fpgpUB_}2d*J&ag|Ecy*9Eo@V<Y$=>&P301-9+Cu;xVV27Wo`|*lz_Z*v8_u
zv4S_WAxa+G2K-AS15&7FHywnX&m@5-t%xzbPufdi)t}3Tjc91R4krE*H9_l~nZDBX
zxB9p8ehLAU=f}?FqdGq}*^LK<;fS9-AQPX{&!0d`-laSbSjTr+_}*!HhocYv@w807
z$~S=9q<Ns0Q4!nU-@dClKYG6|jP;AuW%hNk`%=G{;#^fof)Fs(ASH)Q!p@aTr#Lef
z4Ojki!kcd<u}lNouIttiq(ho6NW9*ESSj6ua7^k7D%R>=ljVIC)jPGLb57MMeDkTN
z5l0fk=9EJRo+v`pOAL$Z`|tRk8m$CDwlk^{@o;jnCY5thh?xA(^hK4|271#?-9nlf
z$VLxMn&Y|VXL-IecOK2n9cQji6663v36f6mKOk4TNm8?Jw*ZeFEI{gIWFN8vj2$h*
z?_M8#M!tS^5ZsTh5fCQ%cbRK8O!Z|8mz&LdR{O8K&$P`#P3MXoS<@6Fe`~QOm?ty1
z;mn=Dtt1t%Nz`NHVM5<HPfDj7Ii}5NAyRyC6oP0j<z{COkv`8;-4bc)-ur&}3%rg%
zrM+=bux_pXpKc~~Z-GwjH0I|0r>dRFmAl3NH&=u$C`|V%xWlgJLDHtEFkSJp8vfv#
zvb_LhpA-3z*gn$`LtB_mzdzwI{~0=xS^PcX-1X)+wzcPG8?y6J{&gwx-c~o>>w8Di
zYhyEh8Yhyt)CNftP_C>i1O*Qu_xR_ec&IR^g9mUDt)0>)i(>=*eaCh;NnWPq9`B==
z8*nMQR(+DSBpoZOIN^oz{rKC#RLw0h_^g{hG9w(l9Q2GA-L1)yyf&<Yaf82Or~2Js
zs<$z<)QPr-KWBQlDQ<hXP6!?!Jo5+xo(4Vyj&XWs4^yO1KVRgr)LsI~Q(M~w>#oNO
zHFQDlSMOTL{gh_JuW9{lJp3%>2b=q()AVyFos>BxL=)9hT28V-nd5+-sGzqT_Cr>q
z6=MJq8A3>ESJmburgP7Gs>fpI_KW#8V&I}01wun#Uu`IJ?;{Y|x$Pou3~1I7`iq~e
zPZV|!d#{EEG>5C6By9dkHZzA}l#b1N)gP}HL0tjZ$P%Z#unbc~H$|=w$l<AKfRB1)
zx$(HsVhnCKMRunR7An+S;gpXrt9HuIE0Z~6qW(Esp1Cm<E}V3dspYJnlhoS`dh1fu
znZgCL^8HWW+NO<FnjftZH8WKY%H76cwTJJ8pit!h;fU>+`QO<w1@cqLwJB3ve^C!&
zQR5sk>#n?ptQrYTUh5cJYK|?8c1bg&+6iFMu<eK0UarjP<rA){m+N=aOR7grOE(o3
znnlkWK*d=ij6y|*F!3QM;EGld2aH(oS-bgsl+RB7eVmL`N&1Y^Eh^7iFG-2>XPdZ$
zh7ar;dYcSp-RcupQZ(!J*x9Lz#E?i{#`*KccX{cs+F;~=DBIqlxepCSy|g$zcawyY
zh2`KzSV_*vo7(s^InItGZz}sx-EqQ3)aNySVxfvhD8m`AB&lKtLwg?3@r{B^wTZ&h
zYHlaxQsVr4rFI&Zx-jg0$RM8RZ^3s0gCL6q5Pffh2J;Bl1;Ud%4+e3E!9d-GI&R}L
zB=@=!&+$zm<!OUYiiat)+KPhWywh6>hp>o9fZqC!u|l>AP7|=E!IcnKs=4BVn_$sM
zq1Q-``j4C;+_wwUIcwS$f7SsCs9f*Q;1fA273Lr713ZmH&ZUIP3A2(RJE?CTp2e&;
zxuywC>7IseXUwYE+$}$PDtYo{CZ&&`2Yu|H)5i~jJ`U^Lhp{0GJF%kp-&$jd#7$c)
z=3K+4JwF3sZHKB31F`{CrQjug>*`|7SG=<T*iKMY7r&aPg8G)dO#7f-rrO&iqqaRX
zRRuDCo6dipc^R+d`4xtcf1UHl&r^6nXDnef-fFXitIl20QjphDJB#(<JNcs%MR$Gt
z5q|$5uQb2^(E3rw<2@OjE@kPRYcf`EgEr3sBBIS46(#w<orrf%31_plZKps?IP#sA
z<Mp!-hfao<9e{8<T!*!FB&V!f-tCdH{T8<Ignz(L!|t5<1@=hMV$PI4nD06xbik0<
z0KScblXB2giTpT-^0p{*^Qj;@v<1PJm~x%q=p%vPo2QH9uJ-SuQxk1o(|A*LUaTiO
z-c9fLg(1Cm&S~bg%7anNp&%D7bS_o6Mdm8}cPM-R`+R-p2rcO_{KW@JeXs=76e=fB
zp*N>|;zbYiP4lX5WV?wEzE8j7eZJ3!#`&swO>6387#$?Bf`so)ug3<Mp@%I*gbA<5
zrin2Pc~i`tqR0M9%C9!P9!1*S;vb<tG}qh*qR*wiCUt=OKd0@^_a8~^&;6aR-z)f>
zSYzRI8IS74i{JRHW6Herdf)QlgDj>>vWTr6kKPlowZ@yP^PIUlxf=GK4Oemc%DK(q
z7e@hH@9r{*dJ*prW%u!E*iTd0JUUYO^EtuijNo%p@Tn^Gx?df9Rs^4+;Ikz7%nLp@
zsB7A<2|iZ@pNoReM}yA?_zZB;P5i-*EOAGfE)RU3cxyPWzb>4Y*F=C$J$*;wP3C4K
zen;7ZG}78b*WQQF(%S#zGld&-PF{zQoN~xL>)+iu=XGa*j{CEaAs%Ak2~wd6JQiG`
zNgX_v)RbyasRnu!_8KW0D@Lo(mUBb|&k&ETGdy;Nn#|D8Nh<9<hll78Hj7pu{ZJS5
zM_B?m?YCbuoVGmRwB=GM$PO^<)q^cP9Cc`x9zM%8(ZjR%=t2((STmfKS>;C~;@F%B
zBbc3j?hN|bBd4El1^w*3n|{P=yPNTW4DIM4LZ<ZQ6RA7v6H6%T`Lu*G_;(!psWjM6
zqAxman5Hr8aB^m^_Ghv2`8+rINag1pB4Rmz>HN>}qURZ7K&2vaYUl;MsMw1U>`tT?
zZJo>Lgx;)dIx%@JKXdwX<8}BEb+Dh5i6$%US`?(QZ2RgGy%~DBeG~K&SZC>_sRwh*
zhuRB9NMr}8)|*T#5*Qo!Zcfg88tjlcG?bEWK5cH?rlsALMYpMrwvmLjKZpmOw?i_d
z1V4k8pK*eL^u_*JTP$*R5&ytV6k{;2gf|$}48%VqGw^GqLCsw85Ar0`1V6_c@$YP*
z<`|*o$h7!}?L<F8&5ZbW9-1gGnW2|h@o&>ByB7b3A83*Cj|XRwvWja$%H|HH_LaoH
z9i_IHt8#kT$TjscdpEsw5&v#ks@2J;#)khcT5pkZ0iS6U=!{)YKb;(sN$qZ$u>QZ?
zbA89--RZ3}zqI-ROMhO@(u>yFr8n78claOPXxI5<b0fR15T_9XpY(6sw99q<|4ghu
z<mFwj>lFvs6?x;p?7CjaHLXZ;`&V7pBZFS<&FSUfpqHQSrk5`3nk&{rXV$H=OZpz4
zX1$WL2X)@xiK4~(vVPri*U#+V#t)HPO-0an(JvT8KuZ?Rp{3vF)$VL(asOUF;U0xA
z5x3Z`H*nKbF1m{BfvM<4VeegKye?Hj3_VCMOG<RdRW5moesopQI4<qCE#KbJv?%%_
zXPL@M7HVWh&-=_jVHIyx#Q<-|z~}wu*ShDW9)WIEWYO5_#J>bbtyZ1fw9cq9lmBXT
z;)(kk$>ah)#PUx&86|i>1bf5(c_@VeX-Vp!6gav>FG4Q2;vI5oVNHk1H>~!*|B@AU
z@BFa6V_qly2)-8pET$J(5zzwd-B&UIyPA6$fZf9EOqH^$I4_-wP6+@ON;yINyb3yT
zqdtIFB!0Qck2WAjtrg7fe#*dX#ZEBW`f>(lN||y83zvErpyeh3w@|x!a2jgA|I|Y5
zgufW5mG?1F8^DJE)kA<vL+uV8`bto{_(cn~b5rddIp@K1;Fq?)V^x4^C_*63Fn(jc
zf9f{gRGjBDJ-{z$NG|U{C=fZ*Ul%^|>ox<It8#fr<&$huc*+Ab576tQ$LHu-FX=CT
zN$|poC?oer08f@HcEU2ZaaJfVI@~`<!ro)A51RkVt#2M&>uyO(<7oCz!!WcDX^X;D
zXN4LL?WAh&$_$xdU}0}nz4w`a_lEy}5xPMucTMOT_pyZT)BUo9ZWh->=<+_>J)v`&
zKEXeqYs07tdU`mgr{ja3=C|*<r{sUC6X;r>q@`=U_)N1Z^EuY)o15t9OZCkaen#J1
zX4-$TzFBjE1f^F0`#hF;C;ac$%aMOXCX76!tncVc#REJ1Ma+WZwkNm?p4&3+ouA*o
zG~{kEDW=l+g0-~g9`3Z^WyRH}JCv?%V_%jo@!L0b&qEGK4E_-%Yy7A76k@jehw)nc
zF$=PocS0x3Td~B{pPJUHzW5&4<J03=2!qY@kF!JC*Ss|EsUHk+3lNU%Yi~)vcApwv
zJ1%(buRh3`t&#WcB%3*+DX$ogG{0ANGwc0Wmb}lGWUrx*zkoptJApf7TrtU^h7>q=
zFABAtyCk4*RX6Es)&Az{l7OC)aO0K_^U$J|40Q)I(SP?-(a+X+>Eq@y8SdZrXKWFC
zqos}Q9kBw+MmM(a@63IeX+{!9{PnGm$Zs&TEH8F2k5lh#_||nDPv}|f6<!k6XOE3Y
z=w3gWFS^sY+t|K=6p&c@8`}?P*e@_-LC;BWE9La4)Jdu**SO4Bi{yB?@K{4HVS`+f
zQHc7_Dw2mbDdE&_{#YtNVL#ru0Tn>+4pe~iVK`g-9~W)w@cVw!JtsYe@@*AeJME*6
z%=!Vpt+#xhhx~d&)xrub;o4(_hGfYsFIqjH=#bt8PD#<pJ=gQCx`eNN%~#A2)uF3q
zwp1UM$B`4b)=$mO!RC=&8?D#aZx?+$crSE7@}eY)-sI~yWDk6UFMh>uw{`&E54dp;
z3F%$0=m{=!ccJcH^t-JcspZ`J?E||W@5y$&r)0<b-9M(s8;X%9(2lpre9ddA4l&yP
z!Du%rv6d_}(r3Jlx9l(wsQh-(cwQYz3?9Kp)1nxgWZ3B%%-l!KP;nI&jj}^MoXgxT
z<0Do3?V_H1^4#`8X0E+FvUz<1+EdtJqUO7f>wdNE<Q+QsIa%YG@3UOy?sK|36KJGb
zf!9jghv4-DUk$wesup?ndBJO$eg21B=J_A#?umMSxz^JqE-}8pIl9}@ab|^?XL`SW
z+5NQtC1j-N9r67!a>WokupK>^AKO!|7f8-tse{dd8di_en}es^B+tNV|Fk2is~e}v
zE$SdPF$A;Xj<FRI8H$x)uBR-SSj&*QbW914WVEb@o@?FTFoR;_=|P(FzovSO@mi~G
zl@y>48C!er0t|Jasy5jMpc}FkjM!AzeX>ut4=@_1KlW+PGMug4IxbMbh{dGFmz76k
zZeoMD-m`waaxrS08cRsdpRK}U5m*gu2RPWN>;Ir@V`Gv}N=BqR^sYqF5#(lfJ$4FK
z3gwMra2Uf_`e0}=$6BUHs<+x-u-uxUO8qgJ?mjR=j_n#7m%1JpOv9sj#{X&TM}hoY
zjr;=nVq&bZ$u;|&|L^N9smaz=Hsq!@G5ol^+wq4cE-AxSy)Jfi>T9+tB13%#n!4Km
z<S3Dwr6w<p+qj&}L-+$cT-{JG1Y!wyXRPa<SKCsEk6JRfpu~%jr?r{*fvI+jzZ^7V
z8aO5lgv$NP$^n@YBbnbN{x|sz#5Rti{-xJV5UY^BE09%Z1#Nj!*W@V#Kx<o?AKP1f
zP`!qc&U(tiuiW1|-8cDX)KagZdJT3Ze<RaT<IyzElB9XUhH8rq7HCsU%FE6Z+M;q}
znvgp9oL$#xLf@z7+zEMlQ=;fFCKRARMSud;=LQJSdHf5WOpkv|x~rYXe^N01IE{10
zZ{%5n(l|(Kgv3H@4sqdAa;e%1isQU^){jE`Gl<RYwLaxU&7=%sA7Lkz-7`y%G>A=Q
zM6*m4{_nZKtRi7EtKr^kj5-Y@S}=HBbHVwYQ9G0$GpPMWTN<?+G96}6o6ZetSNLbE
zb71=$nr9~`evu=uvu$mCCS^d`o}H!loIn4=G?uqO43s1w!1BVc-3}#iNf6otLlk8s
zP6LAr$$ps2Sc{L)+nE4}CC+Lh8whBiouUO~Aj0kUi9cy=cllcg8UfuyLJ0T)w9J3y
za|=oc#(Mv?-x&PJLhd@c2Vt_XovQaGit<T6ubQwm6oVy}B!K04HRsDo20TTE{13Ow
zM<$#Hq#_!{0c0CnEo3YF12g?+Aj`W9WJ~>RWfrpIX>Q?Z2q2{5Wq@FiW%qdBArovG
z@At6t%5LNz({(Q1->Fw6ijKxZ0p3%RBtQ^$@x(NGbVmGzEosC*E8W-5h<{2jgS%)v
zWnOajBU^J&g#GJn^)KZb%XDsXZ`yXnpR>miitcT<E{N?0(UyF>=!WAALq8gBc{N}C
zKRjp{`aw+KIx~TyuXCBZ<8=4^hj>Av&uO~ktyVDn$NsHm(Fc!1W9OF1R|N*2XSV4w
zA@f`2UF-c<moe}(zwK(@a`wuI_U21+^x>WCCCMS3f9KMB*dZC>if-w~sI2ZU9kn;n
z1FdzX;)+hm-Wa;!y--ui>gMEGizF_EFV#Vq>O!q`)p>byP9uSCiF*vKn?EaX7v#h#
zHN)Y*O4e_J&3irb>o18PP6u~O3`VX;^_^%AE6YZ6qD(hEJFg#RPPxWl@T&bRujgyM
z&`+>Zs08#|(4UellTZ<4+%Gp($Ztm=L_dFfe}n!Ks5juU<#<M?q{d3xcfRoj?JrBi
z2}_A>d5TAZt5FgS3v{Loc)v(uQf?XWpU{p%9~5niy{C%IDzoV)%*77>y(QXi=qsJ+
z7tU+Bc;ZFR6lT^;^`=-icwQZcxN%?TpG=awn#}54Q|ulS!|!};$Zg(H;Ql#hg*GbO
zhV2Hy5Xma_uR-?51<Vs8C^_9;K(yJCueyp9w5+T4fA(JYJT2(9hrjZIZt-u%c1Eo+
zJUf#y$Gzh;9fJ}WfeRsCT~bz!jcJ};xxbO!oLds<M0G2ik^*M{BrZ$>y6}*zN*gNc
z*<_I5at;;XWB&vUkgyoy=K&2vtn@O1t|uGe<-FA7^!_r;UNkG@Ux;L=4pWn}C^b*{
z_A2WWiro8PgVua6GMXDPX9Sm?qmI~(;F>C$NC=c`$A~*?{fpmC%Q{5Jg*}}3*y9Pa
zU|y7MGc0GBZ=^`5!&<*^A40Ge6N|N%33GBo#uKr_*d)dyCM9N)W93=r)(?%EG&Yoc
zM_&v#&2j*^$%k8z;`d0g)tBmpFzcx$sUjhI@H;*$i|r0`5w;53&G2O2SD`GRM?69w
zU1Qve^Nby&9e8Rp2><G#Je9o@ec!$ahf9F@hi4M;aRzu+yZ@jb;KWu{D)wIRAOQzv
za1%=WZ*y0Dzr9HG+UgHk-;75(Z<ApWJz}hq5syZhz|dBiM}on`&4?@S`?Gp$yja1+
zl#LbaG=IPKfM@qsFt=)4sNujaR<L=@JJ1N?yq1IWNCIY~pyICxdr$h`d4paVc}Pli
z+Q(?acmyekPsjj|CfHhS9FKgAHjXFP$C&ovD2_+|nyzs?_!uL`$EY}-w2#q-@^tYr
zDw^lWCyWAAp7k*j<%n-E)`69TXrA};v(~W7xHbiA*eC4RUAl9aNj^y<4C)y_qlA~n
zVFQA`evs4Gp+R52*iBzatJRbL|7B|r+x}7~YfUD8fn<|M;mRwC3|M36&to~%s*MER
zPU9K?n_)A1x>YSs<EvaUEDaxI^ZNyn#L#QBL#G`qbbB>2;4L@5Ig;OQD9fF+g=!+&
zW;eIw8;S+ByWZLDPRVF;eU9<T-_2*OkD}PlBe3dmzEs(&7h^Bh$B$Hzo3Mvhe+(ZZ
z@f5rrJ3`4&M~L4v+Dwy3W63`<21Cy=v{0%M=_>I}fAi^new1=-*SGuka6k19`8?A-
z(MjyjIXy_}zj4R94*$=ucY>JNAC`|lwqwsUA17wT>}p#-zS01|Zfm$31xH4P%v|7d
zMgBqDRrV@nrL7jfB6~*+X3&u;Q~oz^Rk&(3ks65!mU%H=w(xrgnepl|?<P2?=D3n;
zcDv+=Bst?daChUoj|bCaXXo)<&)xL+hJ4lWjp#H!|7-k&w%TzH;74YJ$ZJ!--^Cw{
zz_;V8*MI({5wQQe`M=(@?DCnPehIt$CpbSf?H54gzm)$AXEy}}Hb*6KyI5pQCFp&T
zMKYD3|Kk7&R}z*GObq&-TgsK(TF?ru?_7@JD9TYZn5SAt2=9X@`|HV8Dg*JC{GrY&
zG`_tp_jIf10d-ahgG$$<(DzI|3j4#Dk8G<hHKBJ?kK!!#_mmli0!69Z8$(RIv4rV3
zO$X@2Kw>&f_6$TZQy@CG8ig(m_{UYF2&=L=*}sm8P$2p+QbPwB?SpC*CY$}rRF9xO
zw8~Kcb??|Vh_fkIHx1WP;||KUl_HF(M0CU(R7Pdv<I~dAlzEbVg4RP6gM>^*%A8Fc
zN{GH|x@#Qj=S8DI)?}Eg4v*Gjkd}A$yFjTPK?)n6O912hB2g2<RnNt)Q{g1UiwLQw
zz4vq9Czc<d0sLT6lJ<MPZhRWJZ#j?prlf*lks-56qpzd}yWUU)F4Tgg$v=QF5$ius
zR!*b}$8Ef>6fA22DA81^2j8syKa3qx_8=SzX87?!pTpf4p3=V}UMLbL@v@|aWIn>1
zY+hKh0L(tn(;Rq6xHYj}k*bZR21llzz#Qfc;SCayn;IObCBWX);JBeHu--Gk`UwvS
zyaBMdxQ?3GRnItcZ#Q7X6hS6TxtW2F5j5BOAK_ia{CZh9-kqYDg3bl*kg287S5xQc
z^-64RN>4P6P(-~c_+W~70JK+=gCv;(v}1GOFUMotNMC&ry-M?<A7$^_{lqi^018Ho
zmiic`c7^sdr9*-Xo#6PS6>d$^>Wq0~*z_&%!(Y9)6F*dZys2lq5khWLe@-S{I#YM%
z?<>PGCMn_*<L8zT|KGTT`2V$G?*c^Rb4tS(t8j2#2y-FoqJQOciZ!ppuda9z7H<od
zOWzfwy%z5U6J;b3<7K*MZ+fqF;@H+t|G3H2zS`esKE?|CVtYQ5J763Cq=CBB%u}gC
zSt>U_i+DuVBm5?i0doecR{9PLq#|D4lB9y|!qkdI1wy8OO4jcuvSn)sHh#(-@QM3G
zwrtHSZvQP*s-bMnCvH9==+v<Jh_W>=yN^4;pYG(At@$KVwg&EhCWK-|SY80iv{N$V
zsMKkkBU0UW%8NZ^%8T_?&6tnz@nxGusqec7#vIk{-12emo!I-~#Mx~2o0#JeslH)O
zEO`5YoXWox9j2HqTQR4xnO8rR>QC}{73^H$_Gp7Kgjhsxg?VGDo4)Yo=C=#N1^c_+
zLDY0ErKU4m$gYR%=B@sn%K>~=p9V#MIbjScbaB6+3xN}?|A%V;Vdow}GB-9f)oBac
znQd%v@?hStvZ*R7k}1WbN(|=oIfY48RzCB9)0E<tRm7a8)#f|1)$ychKy8nPK4`Wb
zso6RCdljBwaD|iVELx`QX;o0@X9ZGUP^+iv^3qtFDT6agP>EAC6M`nCbRn?@4EI;b
zf!r{KY4lk1nbZXt`&3Y`V~pNKtxn03r$^Ky#2YwEhR*GAy6y4Fq$ZK6$D2FVxqTor
zh<%th$rkp7Ie9zR%q6sU=c>5}WfK{Ywu}T}J%UUI*Ic-}YPo%<n!*(?yl5q~V}9@@
z5?b0q<yP^o+Kp^q|CdCC?W(ROQfL+*aU@_D_*7V#IcDj`9b3O)`L0g?jiVsLV&}Gd
zSPZj~20Z6BcgR+=1J&oWaMdeRZ}>d-+~0E?LunTi?HjIYb#A+Y2S+6ew*z|g8jk#(
zwl`9}3N{3%{p!W7WkC^cIgNwNiw2b$Bg#J3h*IDtE;lxmQ&V*TUlOAsv4jp#!0r6C
zy(Hbk6^H;bDztY+n>iv8@yMTYMH?i{Sjlmbul0w$&^>Q-qVQ%n&Uvgv&*sxx@H0v2
zDh2x~szlIHOSD>M%5=Oy{3i6Z+30Iy(9=evuPxzoB>LLOKwrBFeQk#e9-^;tbYNt$
zvH-VI?wV5#C~aemzGG@~R71)k7&*rolG_=4E&~%=mOiwii$3%c?NaY_e%Lt8d){MA
z%l;)w%9R-Q_y$;3I~>56CUEzwyvNWo{~iOR)&9Ci(g%G54MqCXF8J9!J-;G91L`^a
z?1yc;;%Bok(|6`)-5Ad9_}N-sjke~W&QL{GPie{JXIXrPzRE%1s%XVo@Td>`5N~(m
zms^Va8zGbAtDQ3U=+c0;e@sbmDxXCXH+Iy+`{D&@ay!Y;uW;2z4f~n&C7By_NeQwN
zvU~W3$Jk28mi*>)&@Z{ckSo$_s(d(!J<?q`O)qOR1@)dJ<x|^<|ECwLs?$|?jZmwz
z2!%bfzi%k75@M!v$$ZazuPqK&wZv8%;`yE-o;RB7a-88#TI&y7VW{zwsi~F}8~cI?
z?%BCSSe+bgI!V$=bf~Cr(7}f1Ob07dM`cH(ve<vl;SWDc^M};WcSXU3098wK5CDDp
z!o0n5;(6jl-{|z4(!YtKQ@O+;kyiJ%q9MAQeZTduBNgI>Kn^(FXo6d1<b_V)U>MLW
zDpR5}*=Tu233vq=#2>FDC_K<3Qh=`=&k@nz+Q}1_K+b}1l0Vb^BS&~v>Y`I)Q1m``
z2RtReC!OPz3p#K0Ki?4a>=v8{HAGbD)Svce;6F!#q~iT%DY2NYG#Yda_FufdG#EGA
z;B9rx0P%ru_J0`k-78Ws2(2eplI&$@?D-)~tkFuCD1(D;dav%LgY$z92CD;|K2AOj
zl7t(#71u13Vq5RjZ3`zx9_2Q!Y1cTy$J7IuW`4ibo;t2eyLf#l-Bvo#b8h_1Vt31H
zZvILh332?p2h<g_);sOy2zlKq)Yfu>rL1Fx^GcBfHE9}`uHj8c(2>$LtXnDMcX%nB
z;D*w6PQG&;F~xgp=lMWzHv5V7nPn6}#27kxXr7k5Yy`KW#cOlSUAUd%lG<5Jfjx^)
z+KTZR_-$?~m#B(N+_*So4_PV5i{<30RWfM5BthGl>?S6=6^q8T`V*UTP}@-CuKqW-
zY73EI*{jLr-E*u<#Gk3t&wI~g<zG%ZbenvwTW$k$|1)#{*<^?Af4fr$UHc!n2&tGi
zA`E%mrF-99SIGZGD!g@19d(d&zH1JaQ5IhZaPn~6mE`U(@Kx^q3P`i@_UTBNv0>oz
zQ~N2cb$vPhRd*;=%IZSuEBpkPO<xi3+H#yrF8@#9|EW&z+aBeX+j`p~HQ`V05pZ|2
zr1LHQ1<w$?i#!oY%yzYf%Q1)-+m{%(9LLJ`<~10Y^&aDTGOic90pT$d)ujoT*11pE
z#pc>c`LTU#Hh0gD_1#>6D_i2#f(JpG`0N?}8Gu&zqVMu^f?v%~8p)MCyTm_{Uuykr
zT4(Vi%dd#wQ>rq1PF#gi<3&Gm<YjB`h#u{FYczpLqC1oH4G+w)Il7(b)1!((;xVf5
zzuR625kE=Vr6iwu>$i3wWp=}yKb(z$X*Db$gqd)K0am<d1YPK2Wepdrbuo;)%dNpt
z@8-vjnPLo9VVn-7^}Jz{u20I3!cjTBL8yYdnyRN#98aT4b8u;_?Wprpv8Sfgw06^h
zkKtvrWcy}V){#&Xgd-zpchs~rm8oK9p1FG;U&7pdP*?a%k6aVNGsGZumDJHtxx{&8
z=pafo_F%pSQ{p<qO-#h3urmUZCn`JDzX3&BP81-C8_R3)XV2(nAb`DkQS_)VS7(Vr
zj%E9aAUys1Zsx$3?Deu6j7@5EHFIt#JCxAs62&$r1|OMkPXSJP{26ZgZDv7kD4WWy
zz6W63b#(Qjky_jqGuX^Hoe_96ltgfBc90XK`~&T=KKzmTCi|7i5!ZAG$YDiQoj*+O
zFI-_j#82GQ4ZKI9{7cy!UZlB)-26rEV`m2nc}~oAVo-^HV3B5Q(}rl$)!~F)2fQ!-
zuOH#eGdJg%p8jI<h+KOHQ@-6UjLv$w&?_QGnS4@q>NGTlS!k5zrJ?aQo%oMeT8Il8
zdp83OykmL(cr2m2hel}@8leChrG7KWlYxe<S1<Z(pmB$QV<Yfzfo}0P4L1w3bu{n8
zq$&9LZ*h%RYV~cbmw(2uyV2wLvQimkOf(<tWPDjD6U}#^`g(}x!24|A$kaVL2aZhO
zx4|j@N>+Yhspc2W7X`;_Vq(f#{da#Qpr2P($?8-zwmarrv2%J`4Om$%XKkhQqKkBh
zt{QVPK4YEw;@bfYQ#hBcFrZ2DL|>>dpzCW}h7V>?Bl55%2?-|nFY0~tJ;U`z7*F6N
zQxZP2SW>c*d()+e?f?-HcFznhnqFd$rxu43k}TfYAlZ6;p2T~iK-8g$ox>|A`Z$#c
zArn0JiN6mg_HxE?YqCN1xSTb(y4I}0-uto!yx6S4`CR*dn0puSD5~@Ef0ryI!Qcdq
zii#RFYEn@X0n19PS+apy*%hpaR8eEsQd&_d*##;Hf!zq>xJa$Gw$)1S)@nst!7C;K
z62J=}RZ#>2D$KInM7cxq`@CmnlMSM6zyIg|Jmt~s%$ak2&wJkUp7(Y#ZEntzZp(7C
z`hq4l=)5!z=xl4)KI%nT@1ARN@>SNmPybGyl=bdI>QPzm{@@O=-c>+W)J#@g8e1c$
z3L%yd(D~M1Rh1j9-^uTcB|>!DO)zY;rE07Hhp4UZ09#Vm$)8|qR0@CkCL0Yd6+%#K
z-A?(`d8xA`!^QIF!qnv{jR%3CUp`)#I#&v17z<t^ZL0BBejBQ(6ye;lZZE0KPI@FG
z^&G*5Nsw^F?```hrO*2B_Rmgx@xR$WwFM{YiILFJmHO&kT)GRBEKWSE37&8yQX46Q
z2YJ4JBNen!E3B}6BPIT-9BuJD`lgNap5HkeX*Wilv61d?J(#hPCV3N(_{i<(=VRL;
z6aOhc(HS1W#B|{&zJaIsPsS=%bY%zB7z@97jOILNjOQ_oj4__vX^dT+G2TM%4rT#)
znmzyjzm3%zhhykB4`9WU&H!#d+Gzma<+X#`@$)8=^f<XY1~6vs4dSUFj2`o4X20%X
zjm8eRBj1f3=n~C-y@=P;;MytOT#*X4i+2v<SH)_{dF6gSSmQ4jf+EU~ME|-cb~rmp
z_p4nlcpeD+?&n~CB)hexFRl<)k4M-)Yo~ZzTGdjcA-23r?Ua0%=3kbWK}Z2U^yH;M
zKIGI+IY~Yk%X*02eC?Ez<qMHh3u2$Ua~nvmrTy9|r`QE%EEjIHcFL)Cnb@-Y+9{{W
zC#Z=G?Pg^yX!m3^J&|?%$ZtE=Z~DAes16bY>4+T;Px@BS{Eln^KjiH+Ef%9e+ouA(
zmN-;sbq|x2{0)Czxr0COw`KdR9(&pQ*~6<O+J5X1+eSA!Ao3+KG@5*@nY32-fK(y}
ze47F5hAy5FlU8r1b&CIznvjk}BJAYv4oUdqPT@tMZcH*8g7|N^>y`h;*{;;2V@$Ds
zs7ijLDfW^#(&kBt{(lLJ`TbU_Uakc-b-31Ranulw(6*X~;jd7g&ZMksXafqv>T~Rm
z;Qh8*cdZfemu*Px*lRy68JUqTPl$a_`YfU>&~(#2PYBC>g`RkIJ}|LQ`cSk&d4d+g
zLCaI2L*-7{rUZmywU)m_*zcGyt%}y+lp^PS`@E>!8f}&FfdssOW98S?+NR!qJ6lR|
z=%xks-;pxG*y|qz<mPWxjp=W{cD`*^-)<csh0f6jo^@~539if?q>=AZ$18Rn^PKw6
zBI}KkwLsiSC4=!DyRo0y8HLxDIwj*3oifgMGL9vqZ{J`}LZ|S<IpJ)HixTBfZ~KQZ
zw((Y_ok@2`HuFBp>Z{%fpYkEEa;g?rlH^&WGCzUDv})^j?72MX)?+*f?U>82ba2!Q
z5=tpfzv!7c%Z5~a#3L^C>iXb}^Ck3!dnR9(ql6xNL$bOeFw{tJls#O>{BpIgJ-_zJ
ziv5Z$P3Bb1Gg>g2?8GT~eP|OVj`LfpV|H0_S?1V$1cfnfvb`mvece=z%0zcbopfyP
zpno<2w|zIw+wx^|kxsI}XDgkWx(f(t_!E+9U9#T}IWE0{d!(1;>(z$>KB(T33O*up
z5*Mp?p6+Thcy?q8ji?uM$u7UO>KA@aaewk>xcsS*Kc&LZ6zXAt07LW2UD9RC%XXx?
z&qeZr%zIhnB6Ec1!RBq3_WGX0O>O6{i5+&wHnhe3|15RGFmUPawcAqfmhF&m31{iy
zr9|h8BkJIo3Ii;Yc{2Q+-3&u6q%$CynE#w91EG0kt)^DBot{NH(n>&_b_a!X5cce<
zeZ=^+`Yk-rmST+{*O#tm)M-b4>r`E|Sb)>>R~QREv+sD#wWPXHm1t5Ql<#Ez^s!F%
z=B1r63eFG%5rtG7Ksu1>KPDP4me^?3%UWj%TD@v7@wP~JIdp!21B$U!VV7`BnfP@q
zy?RLinWk6jr4t?>hh9DKt#s4Xs_ED~RRz46(5qwXug|Psz5KiS?`^N&W!J9=itv7l
z9vaK#Iw-V^O0E0~M@AyLC%f`<tiAD!?Yhk;NC=rouy%@^xNVZ$|DRkZDI09*D-tc#
z8mZb88^c8Z+j?`}z{c8T?Y@GMnl%H6>n{hq+f+n4wA`uDRmR(XuPIAo>i1!8QAk3+
zB_vmIRU+yZr=rqV#K4zruMBzWO6!!Dvt3nnJN(98pXTQ#cyNx*+NV|Rj2%7czJ5dw
zO<jkno~ZJL6PYM2OZTkN7c;(fNcd(fk<qm8PPZ)f89M_FTkz4?Z+-BEtaA3p=CXa_
zsPUJVvWXV9MUI7tZHDC-eGtKJWScE}*UuRbt-&TM%((GFyj^r!h00_kU?K&<JvAqA
zF(Of{8ZbXr%H`pVlg<+ygom<qG7e2o1sXof8Z#Fw^auhYLV|IQ9E}z{G8%zpej5=>
zVvBQd8Qj2%*5Y31sr2*-dYbIR%Rf-Mk$%3DUMJ})BDtJ-W#D0%5{UP29?fI`=lVL&
zf7!cCeh$_ZY5Fesm!HmbSjnmtrfg70NNYVSgHf}039WKx=_Qpp^D$z=iryBq^V`90
zg3mWxKfJxRGOlabWY<PGgoo{_PSgRLQ&Yu@ZnfxgAn8v0g--H0nL#CES5XUOm}NT@
zp1_HHu|WLbZ3?Q*LDs_?Iz;!fvK`4n-kkbkjjO!djGbC&PwY^4Z4h@*ameyE)by(L
zj*cQ6Zg9T>NU>jQsQH(+sAp<r*}B-#eC?qPRN))=oS>}s&}#n1mbwuo*`edwrCu;+
znqM8;d8oRUJpl_Bum{zN>|sF!TM%QScS$TGiH9$-jD*#6qyiZx!;)XXFZl_W;4>^s
zcw>NnnMk2ZRVXx1$h<p0Sb|OFh@t_0Z2`NKZ(qGzd>6n<iQd{Pl~=YdbrQGyN@YF&
zp`<hWmn#<|LI)|Htk60Y?aA@hh_G(d*`9Bws2f14!9NG7Y<pIg2iUL8@iPkDJPl<*
zS$*;xUhMC&rd8f13~xfMu~y*S%$@|iSJa$Qd!>SRqkEAJ?-c^?%Yk=&1_C+zwau{G
zA+8|%iXMH>rbo8|M2Jq&4xvY{sW4WrjEAUMi!YE5PEgQ9|K%bFR8;9EImNV7B`q#z
zi8N(O9-`y6lbFN_^sboHLq~auS+5rBPCmQMZ8FqE|M}Z9+MFnD4(r_J1<N=ik%a$G
znJO{!k94BDl!ivVD`_I+Y_*#IA_u4bgMQ6tA;|LiA9j%*_mU<YiljZ6F0#dX#4e&`
z7OAz1tc877@r|U&I7#CUUwN*!%bebY?+iv&8RUBkYqxgNIZ#z%L()3?LI~Cl#REJ=
zi45v#K3LQufWx?r$XQjeIPfw`dKPly+ldrSNQ53NLFw~Zpya)Po9!LRwu9*7%XZW)
zmo+gSDe+!2ChN+d80GdZ^J}3GgXYg?li+)xi=4=yf?C~Vu*CPkz3z&5TjXS!k2>*~
z^1UYDf=U*|>wT}un5r~?i;u&s{Avp-t8p@B>>`y;d5HQtR&X^wi;UE))fH05Q#e_?
zOVL%9w!jK_cW5)alUgx*YS9ULVoEjcHSXFe2+ZSetMMX*SHVMfXmbve5aiwpV_Puc
zxeT8!Z9&h(kKafPDy*nIdWN>3UaM>zkge6dqO8|&%ZIuIz0DKW1|>|up5&{Px7z_;
zQmfqUQdqWwexJo&m{<F%lEiC|)(3_6^u-RNN_f1<S4i;FK`_-ea~YyCbI@3M6`)C6
z$mUhHN&h*}MBV6xz`r{i(5G5_0xkMtN8ECkV4>f9M9pCk@fVx#p~y*m>Y~*Z08{w6
zJR1`w{<iJVul=&#Z+u?+xjU!9&(4?^J^gj6gZnwuQ=9n~M}0cz)*fo)Nsrl4m|c<6
zN$fK9WIN|TJ1(|%|8FG^j7)by0sLRy63RFp*`^S(VkMicG7kLMHJrg&2b%#ieJl=1
z80k&2*$CNuPK`xcoW@qH)xE$fNe5zcC;!MBwgzK^Oz12xTa5y=Oe8YM@mgJ9nG*->
zg2bcX`|xU2GoYZ&99b*pOAv=`3P7@*k5X{MGPQ0i&aWzOz>T|($c#(iO2BWT!U_<T
zg3f0wNtV(M$_f-k(ufwnn_i2)VJrvL`3icRb+1mJg#Za0V_cCjfsdNid6F&RB!U<4
z^r!4SThiDDtTQ)wfX*L;e^oZQbC|Xc(854<fYkSr%$JOz8qiw5Ya*uuOd(%se5k5>
zSB+B*TdRAF5hO<gVkp$>TQf*rJ!P!Xh4P`D%+B2d$wPnWvc8amo6+pYA7||o9#<0o
zNC8B57Shu^Dul4f>Ca$3sr&ZKx-X_Z%hkE=G3%)NWU2d?>QLCfLK;(2W{6viG;KlO
zihWJ2=NAPCt9K@!=U2E%8_(MDi#ixBDDJ?*H^O>kDJ2|WSb!-57+U;RsqWZGtNO1e
zt>P>hs5+0mXN5oZ2yW@--|VBu4z;GBGHPiEVa!|&_S6N8&wuRljR+b4vOZnHd>fnX
zE@w_x63kR^exUMfEq;GDo5z@>YV9xAQMPZBE`jmm3X$69uM3y!*f8!3<IJpljKNYn
zjL#vh9mYSVYJu?>e$~2DCt2Scz{;g&mstMEH)*46hw5J%q6)3lV3WU8UsZ3@U$yug
zMAbH8G{{;>^w%>x{Vvs8TNNPNJ00RcYIk}XOs}e%V&`S{{0Dq!@A*urm!41Kw`@nJ
z=53shcW>{5#Pb8*)Yrh(knOPBBHgI&+>NHS>2B=jbeZnPZ@AID9e^A7(B6%uPB&zj
zaK6b$MSiVhLe18TPb!X}^x+JS;CJfG+Fz4!ufoa5mY$F_(-gvQ{shv|Y~A^5RdV0Y
zGD`l?E?FpDIl(D;eP+p0DOqNhd@Zx&C3eZnW>MRTPRY|VOLBB;w)X!@+H`n^Z9oMw
z4Y5wj-BW7rli3gv2MgFalE0OqJ40RZTh-yJ%w`u9^Bu0PDPyR=C(UP@3N~AHs>S~K
znT2N9g|6J0G0MA~LTZ4+?LzD3W`HJW7rOTTi~$aC3aPQ3nK`x-8Cxf0POcQ7I3sb{
zBbky}|MrX2NN!r1F_N{C)@jlfJf>ja%PjeVUGh#i+xAKOZDvU|rm1$x?97sr?UMHr
z8@GMZ?#L{u1~y2QbSAAoG+PY}nqqHv>^`N!tRbW)x@iT!zJIzo#6D8*tKH}J<upa3
zA&kh)S7!?ZV%u|svSG0_0<C_M%{yqk?YrK(k98+B%9pc5t2;_gdu2Z*VG<Ml@7|QL
zq=pGO>T!mEt9@l}6b|}KidlcW5E=O$6q82VxeKgg9X+}igM^89|GVyd=NDbm-HA@H
zyK<J@l}}nSx+1%sHS_dNU3rgt3|~1-x^lX7<-;#!v3~R5=T2{LO^d%u(Rh8pNQR6(
z4wd;mb+FkAqdaO_o=E<(110VNz=a%CdDm!(ndAtB-wcEst4cl+oBsXpO31d@=IjXJ
zG2X$;(GzsP6WISzS(}<GE+}Y5?%KpfBZqL|Ejb8tmaWYkD4oTmvSAb1m&1mRSGj$2
zwVu9t{6C-nnQ7lD{%_&`-C9qW)nqLu*9W2>B#(TNrpUW_V%`>P%mCI%0oDz@IsvQt
zE`X)jfbB&9>lum(%l5ood{Sod?o#~J&c%O$jkOKyXQlXEQp{OnkK07*v;+;vP9x-J
zHks(vJ~3`c6UGQ>W>itc?>(v(*QXC=6uH4Ja^kj(#pP2))T+ABF7kY4k@M^#MKh@;
zO$tv`MbvWo;*ks*xP|eslAJw&mE`P!YT}cBVvA0ll*&(?n956aPvxY#r9Aj(GZthw
z&Vu}-K!lU_$FWTD%`xZUVntu?MFJzInK=<&tHf&HZEPEDfxDP92F=Su?)}MAffn~Q
zF4`^C?p=+npF>~B+gfvz$T7-CM?Xy`5JPrRH-Dmf6|8LTq)V#2+qJ|mDeXs8-_XJ_
zYD8Dg{O?8<A&3COscz)khuf0RaBP}OJreVG(P;9g9-Hq@iebNCcuwtPksqpi;uHNN
z>ji@luf5XMBlAz^<h77#{MIDqgth0g=AS1pz@JOFVzXGp!ae>XCz_2an0ur35E)X@
z_S$hHOY}dZz2<|0S+5bxJY93$W7I5Qututy6>~c9=L$PU-N`pN8ES8~zMcNO)9P)1
zUh@dEp6z_@C7-49Rx7n(Upixn%tXfN*qKYovQCBuh)$j<0`1Ir4l}mTrj#5eZA(;Y
z91qWw7HFOKM-gZZ$$6btk=560b9_7m@CZ;cEm>XE7yEDJSxTCf=;Cq>{F^PzQg<mK
zP^}g;;J92GN=!qJY6ac9#pObj9ME=|0-lCD=l2dlRjQxZ)Z_kYhxwFz9m;@uZT7cm
z3a9I1szG`t$EHz&asZH;38O`vhcXUfSh*w%)ad+-m*aPEAi5)M)(?S}>@TCV1^5)%
zhGx1sNJMU!e8{;-tGb56eo$gAV9eWy;0?$Jjh#r_)B)4_`wp8B^>(TnkCOz>G9`y(
zI`c&o^WX~6d5(bn9yp?CtXB8D06#WWEavL|#B*#4A!u$A30zLFgv%vbJuiX4E-kcM
zv=?(e?IscauC%Rmtc{zyxr_#p))5fS)zdZgBtTPow9VyGN8Cm76g%jS_L<QtkI^Fh
zCDmACU0F-Ej3(W&FOb<KcM2O7-jwdG1X5i`ddR)iE_eUOWJvjBg|Hj5XhvXYBu8rz
zA2x98l8%qpF_E4utESkQ-(vB58px2e`|pzqP=d5F=3-Z5s#Jjj>iwD?Vmm9Hv3^90
zB3~S?n?8jU6&e8oN@N0Lc4SI)!-vMWi)<q_Q=uD!lucBr*0YO5yeRG@RQ%P)2it_S
z%vd7pA!8M>7*xjS2dRynsAQ+&H&I*`*bCD{pWI1aEUQwY-ix>ek?|4L{|=FH{XAJ=
zRnRgP7r4etNTOOIG3Hcc>qGwQ^`+#+)9-L(#nW#F)5Td;bO>eZ1PehkL<d`J8Sq&t
zB~S0K6u3FIfhIOgn2I*hon|MRZ+j`U6We4eQIfS8i<QLo7|PS(FCv~qYMXDj@WsOr
znf*RXZxZ6qnt~qBVxZEmtM0yu2#4nY0z7>dczTuJeqT|!@4nLV()+H6*G~>buR#4E
z3*>L_gNK7DWy^QV@6{e+t8yjbnS~ye-#qo)^4p?0sWZ#H(@qor-~DPYuwvX3l&+jj
zNR%1l<?0~(F9QQd7v)T-6TgdCd&q>viiRpFcdlrxtqC95^Soke=8l*#-x8KDt#Urk
zCzrio;Ln`jQ;lSN61KC*IN1*?qIrSUJ4Gy>{0aCWS5Azr^0roK!}f>5JH^`3*eUl7
zBm)3Cu?$IhyXD%h59xy1jU=9BK9C}UVCMp(DIkGoD(nkS==y#6*1~i-TwGN-Oeu)l
z#mQ6TiX(tr70R4BLwV2>m2RYLW$z~CpeFHdL|(o+ayh-=D!!<uEhs-VanF-T7*C(H
zIn@)sC_gi4WkqdsOU3N+Q&US7sYbT~%|UU%?65?YrnXexs!H}x8xSyU3sa(|h^bhi
zpUA%3mMASl?{-tqIph|)p~y*2QZR<CqRPcy;kV;AMyf=wu*<salWt<E*%7*I(OPVh
zGR*J(&O2Bevv2lrJb9fZNVp3)OE@lB%#W@DHLyhCRVu!p*Rpl0>gb<R&!(*$CFi;&
zhq+^!zPH<uDl$~uZbN#m-M4>`FL@he6^_EL$c_MrrNKsP;=MAlqBhG*_t=v6eCx;u
zHr9<Ghxm_(eyorHAQBT3x-kt$)e|8ZN@<ijLFUWWCw;43pM)wYGFn?y7Hb_H*@QX-
zJxI+B-aT6I{nWdvnE8-w#Pi+W71OR|%%ugk`ECv>qPy8ZI?!*t^ab>z%YuIF%iv!M
zn}q)NJ+z}u?lS9tkI#nR4J!dyJ%BDeMjt1!s_|D~@y2P?<r*%G92^^5Ax1>XmFC0x
z!)^23-$MfjO_a}QGq2Q*39y-q8DFbAnup4dbk76Y?Cz-jG88ud-@jwOP@S=;XKc6V
zB}VzmHTQ7E1D923i;h}dA>B~zI99l>YZFBS@m{y-5q4MDYC}BX9F~F@cXE(f>{ew~
zKdIcE)~CABWpQ_Bsg*5fAzea1UwDVbfs(f=o;6`m?SN9P4pU-R?PNDkm)VUFOKM4L
z?c^?{(Q~D4VUEb&Wzu%v>+m?PS7A3@Qd{)e)ahuG)#Ih)WND-VGmb9f^Q4QYLovSW
z0$apr>%m`V%k4V(mjsOUsSBKJ6Z41&{5NiKN}XGU($r=Fl+V{KWEX*EK8}%n@;PJd
zvhICcSmMRaR4?R17!wSyz9d!H0xx7f+BG&1dn3iD3N$meSUEZDi){TuY`an|&~NeG
z_z&P;hXnt>h5vP`O!R*X{&~OpI{05a`#A7l|JYaHe~2mhD*PY$&3^;`J(=*gFLKOS
z1F`J`*v^zY<x$-zDDpq>ZBA&dmg@=W%mp(M&M_BtB4NO{9Gv#mwmLYC(k-QzyopU?
zmNqj$hT5q;T%h!K<WV7aKUJz<7E*&&=3n9W`K%d*-;@Kt#mB()x}djI962*}B@2kn
zNZv5*kq8PBY5H*Cq=D38qqjr|o&QS*wz`o@ovbntA5lz=K>VNcQDJhEzjr<he7*HN
zQ}Go*`ibH36dywF&w}1@X<Y89Xj|r$02~M)N+w~tAWWa=M)%YPhkjut@dRD}58yeU
zIRl=TBMbbWglF|Hz5$+<eCz~Ii6(wY<Pz&9Q1-ZB{Rtob4`9tS@38kn=5vj*G`GHE
z+jN|5J9=wxG+??G&6nL`T_kIaae{~fI}AnA`)Nn{YdL*j;oy{?0hbHS{4dHA_Dst6
zw%ZS@<~6(dF2}ZR?-$D6rM>^}*!@4tE^nwn6Vb1$;J?PN;ovd&^=|Bc6u(^9YpcEJ
zc<c3(pC5x?mK%&aE@BPf!~X%X{%d%;6fwSFCK9>-$@Mz_;ctNF&-r-V_4+ika9psu
zAN@apwexz_jjL8ScJJh$-O%aXxa#Fj?`GG(X1-_edTPFoeIIW75bY(#xH^2c+lmvN
ze$@Nj9T%hbC1QC(SGVc(tUzYNe_eg;pBEnQ^SAgsO5*F|z%W3`Z?e^;wmA5{)ZuA&
zXCYGgTIhZHt_ktDTllt!DQ&}W#4{%#YLFT*?OZHMfXFU5=gp`ZWOFKh<p`y%xU|44
z%J%-=QxN_siR9S`ezCd#PcA;>SO_oH%Q9DDTxa_b+AePPF{=G|q71T{5L?qw7};gJ
zWzGwvWuBcTD4@_mYc~6F#t=Xj4gvf*nLn8&D%wkoloFhC=G>KecDCs+{@W%~Ab!#|
z;4ry4+4|!oacYds6G#HG6Nx--rr)rWGrRu$U$|e}88VL;*NZ>+aq9C-R`osAsXpgT
z)i>0xPm(gPh&y)M76*IXIE?R`o|rzF;3I&u>(*!KOM;6tjiH!L)>m*on(WBGcUmiY
zU?71|u@vViA{)oV-b?;9$8vb$K*)K$|FhH(NDyQOIU<5)VlTv+D)6VL8i}X{oBauK
z=z``Y4@$<^QrLG|PE-z;0)-0GD~A&&vbwo)yd1X0TBKBpjh@RgN4iP@PM(Mt8m$jG
z*)!Q!{T8f}zKFzmsifJ~5>HQ60_pFc#b;r><ny29bF9-HNXqoOe^(iKtO=ICE%jZJ
z)E`?!fzXMOFtMByg9e9U4vs;iSbhul;kYQyc-2;KCw6=<t1+K;&Hn#*#;(ym{;rQm
zB4-He4=3`(fQH`LDME=OZ{k!8ln&Qk?TU<7a5lT%Bo#T65=;O|XJW*qg*mHK?Z^!_
zmHGQBho}4VAQ9Z<{L;_v%>_<xM7Vk#eG#$I>C%&!9i~OR*{B==b^jNJIPjD_QLOCr
zL=ClXwZynNV+D#lQ;zn|3Y?19vf1^sr|7Jivq<K{T9$xrXSro5ah0Zs43sF~b3&je
z&yiON?6u$OsU~Nm<(-icBp~e{MxEdLTN(h|%spwmJ^mqpXF46|S}9*+GX5bs`-b4A
zA@ecHdXPqBu>CYO8yBctO_0Zp)^#;%{K`8lSpZf`K!S|+l23nAdu!zDSKI6Dw6{cn
zYW9Co<+9t`G{J`VU-M+<H`?uPCyKfXgy8(K+gEGeBI*!pzsK#WAJ>5o1=+zwzigHg
zgKwxnGM_!3C=%J67=S<zpK42PE)Qns?DJ;}3<Bo#QPyk;>&}2n?LM9B^hv-HvioHB
zC7+IEwy)|odu;lvz~O7!mp-CXkoFrSpSn4{qkT08IkYd0%?HN7<aa8c4U@NjV#DOo
z6Ea}3mH_Q(m|V{)V0M3?%E;_y?;BEKPwsH*IWh_)lOvtkQ}_Q${{F|!Ki$r6T_hcm
za(8F6WVd*|u_kB^D-D`MMuoh~YO;gIuu&lcPddH15mar9we*T~$1X3L8#~Y|>M5(g
zd2tAOo-e&3hI8V!iU8-gR6$kQyTrgajdPWI_fP$)4}#`x7~eI9N<M;hPjU?8+9GOs
zV_!o~6f&|*zj#QoWIa9gOb~wpp0w2OiNVo}5Ba=Kel*~1oH|$bj<YGlo*SFq3t{IJ
z`n0bhKf-ki7-HU~-f{@HXx>PvMx79RLBj7zjuZ6oGCgY;G;CNYWK(+1knQcIkZ2lZ
z@3ytb`w&Rmuu)>Ljht%8C=P<k>u2AP>Kr);+*l~)#(Ww^p%rB1db-s$S=s`(3fghJ
z@)YW&>d?J6=GUAbYi*01Lv{JlZWRM2v_-k0W)RcJP^q(G_JlTLH({n5NxD%baX3z6
z!?E$bq^ctOmW`l!57EDWSQ@<e9?0R40Rit4?m0DUMkU415EaB0eqNU;+*ethuf;zQ
zYGYOc4x#7d(-TuzQsqV1zF+ju!)=R1v8kKoMH2tw1l|0$9@~O`stIFrYd;b_wGRYJ
zmIO-hcg{n`??!%0Ko`W7t1W1uS*c?mI~-XiyC|(x4hXp43L4?kfcqUb!chT~5S;T>
z?49dJ5ir!&FlmEe22RzD>qpVeoXGk6D#0tv?P@A$+buS?HNyjL0zuWtmI-{WFO-p<
zMI)tEv&*^me!(v6iyd<ANQ6n0cunvTV?q1QAKO}FL%aa8WzFMHs<8vs@+9;?nTw<S
zFb7vZl^^Z(R8I6}c4!f?w0m1_6Nbnf%(@vvK+z?FAA?7!nCQ1+W{Sb`dPIA8bFL&G
zPp3{ArCd3Ev%4uRMLl-BpG3zc=c#ILW!}aVW)^$QDW=Ubn3b;<)#`pldh&L%WyX?!
zgOKO8hv!NzkpE7|xEs@R!r*)D>I$`)x3ED4y)898u1Vw->)toDnL{PTND|PeMNj+$
z;1K0;S68uGHV(x$Bi3oHu9;M}FS(8eGuyiUYuXYkXGTn0&wr(@C;xq0T5L59(Vj#%
z)ni+a==(R8?aMfW<a_#R`N6*VT2Bw^z+kBevilZF60iQ!LP;x?G_;DrzVKB3(h5l%
zE@{=0HeS-IC5>%mXDvhZM4v+Jqs1{cqRpm!f)=Ia+fr(`mY>&G3hmZ<=9QA6P;YA_
z^t^jn(3{la0vX-?rY#T97Mw5}9ukq3h<CjoM|UQbTrE8kv_Ahs{SOe{HGbwd_a9j}
zINL7sRjkYVzdY>hSRMQ|Zn7ZX`+<^uavwp%(JtJ7L3~WMFv78|B?^0&fOjdT+q5QE
zi;IUUQB!kdqyAu#I_<H-vIEU_G$9OLDA!<pN2~it`lskA#O!Jb(%5jYi@y3Orr7~)
z&<<TGLHKkIgqetmmQFLXMAwe9<+J>_tiQZ2`zG;!h{S53=I}hlV?L7WX?N4Sie|RQ
z>Jo#~c7Kt&84sZlH--gDHe5sCjzB|emyma_t_@~)S*n-pjc`obh<H*rJVjOy3h5>h
zhrN3zo)a){qtp`2sHZ{E$b)nBX6xyhQtv0JEZv<_19o(j4y_VK;i9TEI6KF4M6d4X
zE#xQ(@!McM{$md^*do~q|0Y9JR1VImC=0D&Rx$tQnDH!82;o#19iqgg4A6Sya2A>S
zpY=Q8ZA3Bk^RSx)z~8*6klbz84Io5`W`8>kGNCQvH62L?pNtuw&6i4#7GfKL#l-u5
zZP7B@OaaG*kkMkvw!?NEJ<aJ8(9bd>S%tB8x>_S$Fd#Ant2h0(<Emx`<F&(XsDAy1
z>ystIq8;bO+WsSt{VE*uJzN)|YM*TB?u}N<p)8lRjx;oS#$s!=d<C15x5_W^VxsWX
z9r(!+17B-mWS;|N2^mf5vNDc?NBwL{c{(gf$?gDgqVcsVL7g+~Lmij=lD&A~O*>VB
zCo@=Py=^!#ku3))ar&L}G{ctLMT*rK5h3+yH7Dcv4={1pLg^_onx3hP)k!n<*={)k
z^?KED7vv<BzVC@;GMe+1l;D7sr!CkmruWFXZ?08d`MpIkiX&CF_{bEdJYx8wOd*`E
zDfa`ebgu?URZhuQn)c6{NQ*l6)m#)R*@~&xv{Twkp%pqrDGB@6o!w1T@xU9cku1Ms
zPmG<Nxz3eJf%i{u>0n>q68%rPIL$joN#+$+lC>%3cQS+P6+eQ4S57OX)`nM96*Q#0
z$yf54!TZR5{2$d<Y}Yryn$x+y>0hmHxcIkheZux{xti7cz0M6DE04;+pBdYiDa;`z
z+ZvQ97~Vv#@!={I@pF0%jj>G{Ws$rhJAyS+ZVXAhR`e1tWSBdL<7KIQI2|Fge2}cx
z5$?fFPV<OyoWIC}HL8of+Mg(ws2WNw=+lPns@oybi2P}n*gmIO>C(2hsdt(PGcdri
zU%w@<a^Or~Y9r=H+~k|h;X2wgbv6;jY<H_dIc>u^gN1>CB-QOlMN`Yg^^p>lC|9Kx
z%S}WfY+T?MvJl4O>O>|i0z7n+yDQV5b#q}Y3FZ)N8Alg^gpaG?aa6GVR^~|PqJ*c8
zfw~xI?|^%)GgbhoJ?<~c@)<kmr>Bc}@m7ct*8r_<2f2~g_|4Z8Se*NN;GGt0v0VCr
z98Fsg&lZ`F&m4EZ2k`h}Tds~=B;Y6%a(T2+Xr$bt!!RopSoW{-)ir5#VmAtMX>m6X
zhSgx@YtPZKV0d@Hz0VhGqgVC&m)1_Fl}8$K8oCFIvb4HspzljEa>u}|0(Jogn85eK
z2vqac*k&}W*|x8-Fal|Pe2L64LJYUD%}!h;iGmR+_J%vKR|7uq;|wzCr(TujH!qa-
zU!q?aN(^g`)wha6zhoSqk^dw<i@m^NcNP9m0+KG&kO7h^bL#ybzi~A7+0}%COhY7f
z&T$}8w={C9?`6SGJfX4LER9~6+^p&+rg9oI`eU5NyZOz$ZjwWbH;@5?kJzRPzp*UV
za&_)9EiU^l<TU6vK9gqqq?;8Qt6TTbwja3?Cxv6Cq;6?6+JO*L1A-C=Ww2<}6aOr#
zr&h5I8}2vWwr-jNL4*nDT!nA{5__)dyHk??v$Xi*QcT=#(BKG^1;1R;9{dEs_TPh%
zW9BL^=r73F(K-|F+uwZ5%s+x=$)0&E%rkDV&7A-7<U!wfTm&H9#(;O)F<{BRtFHol
z@*A7e^>t+|OR5E%NVF?kElFcjD>8A(XI>gRS{lKENi7C(LLY^Tc>DaH<#MSdz?l@7
z;Orzv3Giyh5+QHxeBLdK%?H)0Bk=6h>kR7x0Z2rbw@L=1`kv|m{we$y6Qe%HPP)1i
z52|C4f2Wg5<ar1Cmx19~Q_t!&!@gK^YoK9k7CVv^{V7Duo;s%+;v+l?fcU^QOdfNI
zD+?x-rbhXVCQhnKZQ!JJoEBIg=D2duZFKo?y(9%K@>*2u-7U#j8jdcnc9IY1MsF{t
z@Gcw&IPt$9Z4yUlE&dsEN?>@-p;HU0!MTF5I%b<jIVLZWo;k@T`D~kAD{_7b_IR=<
z{$Qk-`(XdlY5x%aIgxTs_qezsBlc=7kaua1E>7LlROxXC!!=x@voA7K57(6IGg?18
z>T*s04#$lyW@Q0ef+C*yeaxkhp70Upez~p%8Wd+8hBs-@b775>g^@!2SNi^=x_9?|
zg-+-KX*gqM<z|Nce4pB4PVr|=smPiVjJ36DbMC}KSvUS!G>;bK8fYfNy7L8LR+bV;
zwys`06ic<)!&SCtifYN`Cu-qreie1n6MgD<=4F@FSCwlP{<2LaZL{X$MW&3(GQ-zN
z-fWeZ_zAnLBhL#*;D<!;vdeiXl$XuU%K*QZ*oqU+sBHH9Q#A%<*ZoE*n^GT!$)+Sv
z@`W4=<(H6@vPIaNq@H+Cy<sVg|7tDC)+ok9C4Hc>U6f%hY%J_GVqe(@bw~VuhcMtl
z3}4g!m0?#PTrf+pu$q|Zc3ryhh>F;Pn6PJTN`Xt8BgQ|{lA1LY3D;BhZU=@odwwQl
zSDERBYYKGlo~he?&DoOX<30;tbCqnFvg3kGj@>UWdGex%8@SwnK8>z2?^t@E${exu
zNUB&mR0y%mGYV$t;YN8K;5Uk9U<ioyV%`w*j=e5l!*)+7{AJL*b9|*4-0Kqhoy|=$
zu>;+-S*Oq<E}|Fi!4xd)nW?*1wY7-Y?oMCZl1R|+y#wf11;R^ILwY!G#z6Sz8W@QY
zG~_LMK#MPy8os$3s#%FxGg``((!s{WcsJYrXumO{k)8Z4yH5u^k^5o?vZD7%0Z;5;
z?(~|M3K{#F7GG{->W7dpKP2qCG+1SvR=Ll=*OjBy{gJH`i{R(oz{c-;O<>i=jEY}&
zGA3)VA<2S<pZ1%c*|2bJky|RY1ylEWDjx{$?OHKlr8Y~Vha{io&yW*F?DYt|wD=04
z?=pPt{x=k<Z|MXAEjB}_K|2`gCh(eED0~LmoXG>9DVj$|w8WoCVd;`D-w(PxNMdBL
z7klW571F6*0DbmA(6NT#3Xvk+n|D79jeLNT_c6+6>)~eg!N|K`q%<Vjz+_NHp9kdA
z*v=U5;JKc#G2a>sw6Frk)JHal>R^`bY%R-fviMO-kB))I{ZC37;3WXmMSP1e7p=Fy
zbh`{_@NR9v^4f#<zI3m=RW9RN!8s*BE<GE)VM~~ej(M1gl?1-cxLg6rC@&(Z1sp^$
zDtG|1`Mer}dcYufJ-^W6lPIk|l9Ffidq5Arqd;tU9^eQB!sLmY^kvlIH|iT&@~OvP
zzqwoO<_fHKS5)P$_T@Gt&!cCye5T3>&a$UjBwfHyThPGWZwc|_*TZO9;{%0O=rh`|
zxOcsxNS8M319C!^-qZK5?^wFFy+NYiWyr|dBB$z!N$vshfpQ+C>d2NPP<G8l(Cjlu
z%<>o?#I}~k+F+aRm0jJt!WLyG9|KUahL%`Ui%&WaI@h;!E0Vr1qwiJpy)(a|`cF&V
zgW8<m2)c#$(dWK)pIbBgjGG&_RLAsrE~oNK^;nzg?=<?`*Y0m?M}I%C`}=-uOKGgN
zG%|<2M&_u1^?KqpMLIdn-1<E<&2P|m>o=S6G!R}?zRp*_{l7ba2v3)D{;4!0dtI?D
zNJpEkld44qVAo)E{S-HWZu8xsoG^r=>z0erbE)=Fv2rqa#P(p1HF|_Z^pRzzBet2r
zeHG~C1#1zR3PI+>WI{O{LP!4GgZ4%gPU<DfHAOa!XaB}_l2+))YNdOqr}L~IJR|8U
z!T6inzd)~Qx+!*N1Adb2`iDE!6T5clRAzI8D6&daSq>Q1InI-Aox+o-9eX$_)zS<x
ztO+7)9i$H;<@sFw?y{2nCVy~%xl3HNZ4Qts9w)c;T(v=-d-I%Pzf+!EGON}{065hX
z|1P{L7_!=p<U2qZU_C)ysUBbXP-w-E|3SCz<b#y$W!>&PslJ}8`kFc+UA+vZLh9hy
z4z!&H^Q}Hkp;GHSd4kosHzdERKc!X=C-Da)%JIFk{DpAo`<0;eGa-t`n<^I1;h=eA
z4jK&FXb6_97VXOS1Lnnnl5HXPW^HzZ>?I`@mw6z#UX8$SMZ3U{8-!NrZ?K%?A5lOD
z9Sj+*0ixM(M}Tx%i;H({z(AI<-ulB|g^x)EjU7rL8!}dfN)7~#)j{I}xf#scqQ%yL
z&vK(~344VIuLFrZj-#xj1LsWqE-DG+xqC#6@xJc;aFS1uCAPICkmz@%w&3D1+TBaX
zXw~(5wDI*VWB7v#M(iW7jGgZJmi+a9E1&Bd;4ODWw{e|Fq-bcua}hG9vQF_exnXK{
z0Zbp<7b2O@16U+*h}P=L=uh(R(899%YZHA+hb26H5J(Y#zi`40dSWPDdt17;E8tx_
z$uIHok>_*kT?zHkwZ_g}3nU8g^lZ#8+c)<MI(GSP{(3G~f^F~T(d|L+rpSdM_mMye
z|7{PrmvE_FyF6U_N4%E?T6`<|dB{8;c0E|K8Mx{t?=iX4z$7`lNt|JXOY4xdS%0|;
z%Ogz0A#WUY*NI?(NL4rI1WOJh2cCA3DiKt%Y!G>cj13{^#ROI8fGQNi6~nzYU|bv$
z(+V{HDpZA>-~>+}BO-fJZn0rH(*TPrCw*fj%_}&gx+{Tpyb~<h62u$nN<7R1CCfwZ
z)q&W-b0(e|^nRel?w|@pzM8rW^hREE;~+k5vytWF`oWMXIbo-?z&J5_FCpLxv1-;^
z*>n}$;$oLcCj{Id2fR1u1hgR^6aBex0v4;46g;5a{|AtfzI>az4Yk-Wc;Rj)xd}cI
z0$q23OW9gnHmXc@$6SREqH_Qr_D4TQGb%F4*g?E<=SkiSR#NRpqJPN4qvM3xL7b}8
zPZ#?KQHdma?4PdoPdEDqm3kvyTJJ^cQy~JFagiZ-?KzEbX|d1FA>aTg#Qk-huzR1q
zpDO(Rw!-gkgWpZy_nzpsfcJf^PGXB;CT|N8GcLu!c78o7=0L24Mk-q5;L?yp<J92x
z8E^VxpP+L(P+j98eBn4|<4P1M<H2SWK_8awn2SE9m_Nbdc_@G`Ly2=4axQ=Id`YTD
zM{`-Bq?JnADoJaRv<gWZ{)Kjrzj!ygoMJ)x%c>=jns?OFv?u!K5Yk*n1GF?huz#I1
zJ_=nbg)UWvL<7WrzqByWwmA9;La}VL=Fw9^Oumg4THR-`BFWGB6LdF`o_s|fp_79y
z5h1_vdEzHmbCwN!ZtQ6|)J-wyp61w=`jXG}HI}}nMKs>s8#Z^-wb$x%SK09~V~4s#
zE{Pp-M^549v@7IpM+q30LzafvvI<D=Fs`jw&VEBek6O?|l6px}u1czxBzrt~e4E*^
zmYm$(Mz(RIXE9udo#1zKCqx$`yJGev&+Hq!#x}Xf7{j_P=IE>PyH~~PvnVpj(@8?=
z%KYv*&UYz%AhxWl^J%X0-p$Ci{X=TC?2HQSc&_XOhs|yT_T7Z8=9E`HlXFPk14IUE
z+tgrr%xgU`AiwxN*7ZHwUuP{u{Az488dGEa+QMtQ`6TvrqQ_rGi7(74ZR7aS{HwJE
z*LvWr26y$XPEyqHa7R@C@T00I-ZB-$&bM_F7#W)*J!IkgmsjE&)1&=$^QF{9OAQpz
zjwwLy5q|YKrP+la>t*N0{J`4u_l)YvdaH<xjg5S1&is<eU{+xMIHZu-b2Sf<BcZ&G
zvR|w1*IBjl%fDt7S5-Y_%ipFU#7&m?3qx|6hM+Fux{c-`ljRGyZp`I}TQ}y(EB{D&
z3Ua67J1WsVCM65!@xgjx8X3)hJjS!^^>cWwox-h*Fz8c?g~#b?UGoQFD3mM%>$qBS
z%0K&CD^btMIiA~($9JS!cIqfn)nG*YFZq=Y;7vY?VWrXlsamb#A=H=PevXZUd5A3@
zC0+S~XVEAezWG4L2CCwTr{go1+B%3@;yXo7R(ERb7n!h}O_G14JAU)de9qE2(ld##
zIC~xscms(LQ*A5~&s;9NWJBYqh9RHqHaC$dDTR_!tcPVcSROge=Y4zPNxo*!LsHlf
z8HAVz(r@g==%+M1pY2;%uR@)#g_6&P(psrecv?x%??|sF-F9juifDUO<iu4k#$gn{
zxZS=4?AZFgCVc8f>)lFB9_~7BQ!0Eaie2oZ)ZjK+e<Jg-@+<Ub3ZdHlLA@jMiIm7F
zm3M5b9{wnp=(Aq>FG{aM9f$0kWFfB|C_Pu?)q(I3E^u4QhO<~psCd`rknz_f`V|k_
z=PAyK1_jDrat`2dU&tyB7M&aEDx5y^DVDbVezddA_=sgQmpd86buS0kJuUuy8j@op
zhXPL4$(wn_A4Tet&{1Dg*GtJAc3u8XbzRZ9E|K9l@gE)6!CXPTc@N?eDBAPP@!1zB
zsPDCWS29*x4cE)sMKE>M5iS0u5*3KY;724Tm6)-!x=s17s^Za8RH5h~<>h;$V1L&^
zHp=v}ev_^<vWYt`9pA*rd#O`+R^G3xQiS>t%^g}dA}&aiKctNM_RmyqI@@2BlWd4D
zQvaWP-!%V5IbNZ*o<4S^ON+}@7fLCH)y<E4r3U(xlp@Q>n;FY;`_P?s0O+Z1&Lxhq
zrJU`uMC7JtRbo@MREvxFE*O^U&L)i?mgs{^DQgAyduuC>9BKfakb$pax4D<NUkJp(
zhuXhp;)6PqcHjdRu!0Zi`O{5q&D;3EF%xtxQQmDxA$t)>T}6Tnz-CfBVsmySY>m2S
zRV+p>;l(?&P`kf~hah)W2EzSjn*+VAT5LZv?9F>Ys}raDq=)Zv9vB+-Z}BMk;vt0r
zLuH%R;yWaBCG~u&Qn_6=Tt3t6>)l_I>-D@$R4<Z^elzv($%f}=05$oV<m-$u_AKYP
zqrGf&xl}hjMOf-a2g{7ExjKz8KO%6tJ;)6yj;Ic5AWoM72l?ofi!4i_7KfEkwM1T#
z2QF{Vw~8eXRn}5vyS)_Z^<(I5o<sItX8HYR^tSCc$Dy~|NYpdwEs<{iGkRMA=Ov>$
zmfnti+y=$5^maJu$D_AZ)1kMq(f=jA{r-2Lw@0P(bfI%o9rSj+8r(*!KbgNuZ#ggT
z{i+u}WR(!dS6vd>!RGWSp578wD1AOlT<@N7Sfo~3LZk=qmsQAzx~k`^L_GAeBhp$1
zUkzN}(f4oYSe@ug66G8XZTZkBch!J+S6e`|Hu71LLpuxMO-L%|9^*q++=+jd73W-V
zr0khlaF`=PlasQoQlA7=CdA=>Yr-rRn=*+OHI4#`wc*#$zJM$p<-4DGND#y%cl1O>
z^v)N2%fHG2ruApaDFSA75U}-%fIY|;$@^)!0JOr<zl^xvZ~ib}LRijzlT8>)rE3zs
z|3n8BS2LTy;=*oF>^^x6EB+c9&3B*oE$#l4JT!a6k)5qQm>A_r$J1*JhL>Y=JbsXw
zx6*hU`eLMvom`9@(TqK2pAU>}gj$Ln>K3uMm?ySL%l&YWk+%{ZPm$02<-~K0J%Mna
zU--RCYr1;-Jr&Wa49_ooMqeMMV^ZP1hV1BNgUoR&Jrev`97up?c(0ka-&kSS8!Z;0
z@7vMjpl1I{1SJd&nOPvbESTs$JLLT+QtC6iCk5Vv465;Yw@=)F(qe(%+enjr=0;Z0
z<O1>=eUO9KyHoW(4i`d@<U%Gjb|o(luV(miWM%j$APF0M+jyUd|6IP8C9;q2C7r)a
zS?c`Q<^!=6oa71)+w#%aV*0ZZ@y%>8H;l_2uzGl)&nzJNy1GLeXq+q1=nX9B*ijo6
zCsrBd3yd;!f@~lKhxavRNABQH^f}{wz#9sWIPCG6d0!ZB$3Dx(i8^|b@pi)wkN2on
zC-PE4BYXk-TZg-idhUwZ&m%mKnQOd*IMS#6;d5=~?SO@+-8Gc}k;>joZ6=;}ICvQP
zygc$Sqo0_7oFf2jg$n1*w<WgpYfd2ifsr>i-M6GflC3oJ)~LGWPQAKrq);hB+PcFK
z>dM-wYot57oM*aI_X*F*mHa`T<TLwyAxCZLSW=s*)STKMEG_mN-{qd|)OwMi&i|#*
zr~SeUN-X{4Jl>HT{`p?W)2BBo@+1q*kYsRqlb8E-#NOGvJJSDwk!@wmYYAD6tGbB;
zfx8)b0+(cX_fPBrHm&GV`<?Du)oKIz+wRCD$=#O1jgp)&=2LX{{+CgQxyU|gb?W2T
z^6nK2-Nve-jh;7r^WEiVOgJeqXjOT4?cw^`L$~=P##>H3k#?i!S3Gcqv0JjeAh~)b
z2HUwRYFls99%;;J^p&nk`0}d=?p3ucb-@GOjK<o{8*3Zis6BK>O<rtyeyZoo8ttaK
zm){oI?O9cxJ8@gWle>Ratfeq_nVeTL^sBg#_!Pb5hON9AhZGTvOQard;LuqdA#>4i
zeuCb^HK+QGi;e3&Fr!G5)W@XQ00a_?DkO)Q9W3Dh@^PTyNS0%_EUuhaX>}h95ME+-
z<=;7>l4dBO-q4yAXlTQ{k^7Mc9n@d8zqTPqdMBva7bagKW-a-me^WOn|C(x$&K>2)
zW#tlK9jh&fCh<hc#f^tMu5~^J+`9%F<34i@GDdvn;b`)iP}P8YyNJy&wL!)P+4?Am
z^;_jlB7;Ik_IDXV$oR7wvZ02I1Tk_d@--NS3=*5HmWDeeEw&!-ErBzx`tD?KYVHjO
z?EQU&+<|f=Xf9OH8MsiYj-HnMxscLWQ%-2$KZ_(ui~m$o!remQX~N@7`$0l)OZ-%c
zI}RF$l(^&FfZ6X~v90wb2Nn6y*KF0bKfE(xplGjK14h4piIIK7HtuTXam`MB%@$>(
zGmB|78e^O5k!QS<yIKz~_nE;53%PwQ-rJX$esz@u^AEHc2OAC|Q(5gaf^|ygcC?xI
z13#xFUt*Y>vK1nYNq27rCEucZ`#1U$c~^^VLq{Lpr>HHM$>>3)5qzyMDQ9y>zM>>I
zO}VS|@LHlxJ`Vr7)%qp9_Zj}j3ne&<_b~A#Sl3r61bygL9uxZ2$an+Gj1>w-d+5ZM
zu}$?Q%YaI{{pg<*+KDKrpNN7^LlpEI6&XmVm6G!y3rfwFBqa?xv0WOJ91liHy3K2T
zpSO0gP;vxs3S*__A4$zaVQlMqt0Lm-gs9U?_7$<^6-l9M?U^S?<`I(lF2)d$O<yt(
zN@u>&Nu@XMVrNDbGnUr^sARqKf$qRUzrdUQv0gs@;p<AtEd$bsUFwkVcB)EMD#dHa
z{AZCMXaG~5V);c;U&?O?iv~eY5i>Znvm<^<XZj)J12%r46xYosr8JyLz`H?<3zNmO
zw>XmT9qSQ)lzI-ZYoj|;J@|>_m=&Jn$uiI8tU`)mrQ<UmlBbaQmjP0b_mi4apgNTf
z)lrovH%YA}1l!xFu3iTtZTyGSyvHYf5dfEekeV+sCe|AcL28abYTkm>Y|11xD<Cyn
z5Q__|oFf;G!gL0_Uuv_&3JO~D89&H#<_fFBr7L7oESR$O6v85(L+<T9W86`})uV{M
z`WzK%6LjwoYICwO_QiMdBWvvq*+7RHLdJ78pr5nhtOhD3ENG<mTkfAhUQ|P!X-r^7
zvy>8X!==3xwfVFLYIELo2y!ywZw=Rt0`4A{xLeH%q|!qSQ|&;6X@1u?Ln5DXr$T|i
zJ`sfy?0^#NO-ok^8MP#~rQUBOGX$(!ypA&MLRLL&u~eT?OLaSl<n!*B{+CdAZ_v9p
zpapjZ6L-0XCd$7}C=8}b5nOBO2tZ(1!IIrvxrp3e@xJ@ll}T_+EN$P6?hll_gB%+%
z{Y^|?P-ON?-E#hnEj^&s?ISJe<ImjoMLkef)7fe@k>0+r^FVSD@+NO|QjcBRS3BwU
z+AiZwO7y5_fJu?S`&bQvhT^otr6SH6aE#A0;f-7LSjlG`a%^<enWd0=kPpU-M)6I4
zb>~-b+P;a847GxF#k?{JZvGb=nLcEQP3OY4ITEIsSZqNK?D=BA=qZw@G;D@Bsj~$O
zxT=SEVoUI&6cQ39BA<7Ombjf#L308IDxNK3opJyRjNj6h+%&fu6NGVFJp3KKr7Kln
zdG?X@IalA+9=?4-1(9>^opfcTw$Q(&Tdc)BhTX4E>}c9r!HOMDn<}jJuAhEVY-vku
zaZ9?AXQ)J4d<ruXvF8-I6DuVEhacRO<M7>Zcz(W>HN+0)YcpjYll}N3=Z#8}^SwH_
z^brAeR^$R|Ueuj_tBV_~Aoa_b|9C*!A@B37_`D+DKCq)sL<X@IYy?DPz?C#-Nc^)l
zV}*4prHl<T4hwv>L|6VMZgtO4>VEAZvEMWH`;6Vb+Ln#J+WI#VLll?QU~^gZzS;vY
zXgSM_&r{dWMf_%06NwsYg)xIIOVu8}EwUw1DeTq8#LzZX;Qr(c>YbaoW>xJ$7`p}-
zJMEFhId2YF9K9}aliOJBRCB5EQSB!iYZt#!d-!y1*4uyqX0GldfeCS*T@?%2F!)XO
z<q!D(stiG;NGsY**=JH`B(7;Q*4POrkkD};om)}ccAFO82RsN&wu-l0ZPp&%lEOa=
zAa4dVxC@E2N8sN9rJk8kntmhT$$*e<kE+oIQG+yH<2N>@G|n3{+7y`MKch<HVC|-j
zwGD679z0{hr_z_mhQu(+=1zP+c>~|)&TmsTBFVVZe$HxRPqLSKspYRLzC6-5aT~r=
z4!Ev1Hm1RK#)Qp@8&?TW{xJPun1FZ9fHxzn5;wLPhizzxe8~xoCoOQrs`O1Yna(0s
zO&tI$2U-UJ4ZL!9ZKjI%2$0?<fNydW$-Wnf7tm&12mwkO$`1X7r>GV6Ux7&5@~x?u
zQt0MuMZzfy>)%7iz)#k`b-5|z{Iw#r@Y7!^<V!F4GGmEQk9IlrEsImfM5gViG<r%#
zJ<;>ztkVAysz|rA?19cLZICajrN7G;vUel9&2MGw-!rxs1Do3ES)8=?b(8(SwP{F}
z8y6&QpkAw>hv5}s{uCeeL~kYLm)d3<j@T())Iv7nnIcPI!k4@GBD8F`oqT{FMI7U{
zIUn`TBT4?%?Z8xv66I1Nk@u98noGL;KBj&jRC$r`>ylsc=BL}m5DHzwD7<)f$Tubb
zo-Hk7D9MMhv@>5m@K4IERo@m%)i04`JX2K9kCa-ZzQl``*~zQ;aftbNol0tXmw)1V
zi9O9Dj=hdtosqCX6ihs*x-I*6L$2h+^d6|H64o1+@Wed!l9X`V`O*(_w61TB!?8%t
zIHK^#w;sJza>kvU7!p$gn@E(t%?IQJ6dyx3L`$Ft6VEu^7$?TwkE@wdd%P__a4K;M
zM#_BVw|xUA=0$e$Hz$H!NE*(bB03F^WJg{M7#~`z@;Ny!3WjOrD_a_zQpBeOLVH2m
zOli=)vm9(-Fqm4*6QkEcj^7em_9N@9pu}T96-14xZdGM%Y-M)rQf9V7fEx(k%^r=w
zW-~8>ZbWqle&uRvt=`lwLe+#v43R~pF`B670Iot^u<|lx#9FW#J^?|KSRW<+=pfQs
zp>N8S&dSomp(8%S^N<<EgkZnGTxZ<rS(N+5&M%Ofu>Fh$4zQ_K9g*EN-z=D^Uo4uG
zh9q{@JFRC?Ux<m7jvziu>@up6#79`4(lvND{3f6Z(wS79V+Y09ozEB`rB0Ol$UfET
zhCqeDO}%7esN`s%VMmuL<8F!nj!)m<e)7i;9~WrYo+Y{Gj8(&=Jo%k;d<w8@-z1jG
zF1)WAxK~V=Dr1i?=Kn=MWqu*|7?zm@ZyN6*Dp8>p2-X)tG@|542vHWI-IkA9?p~wM
zn~2Da_fv~}=HNUyfHMedHgIr`_Gp989D;r6;5?t{e@Gs3s*EwVY;Xg|SN$b+<~C8G
z>gP6Fch!LmT!)EQ?Ra`86!9dh_<l(oJYIppXI`661(P{-VkeH52I|5M*4}GyQZR4L
zpK;hto%h`>*F*kZYEP7(Y4x%z9Yv+1j1Lu+wf?2j29J{Je8#QSQk@%ndE0v0x`Fzt
z@HejFoH*wJ1wGI+V2;GET1WkX2|Q*K2eWFrBexkYIa5FM3j=Z_)4WLd&v5UT#u(){
z>EY2Yc@p=a<nP1txR-Jgw{;m~^!~9t=Ou2-QqOqC>fVFVH`Ngwd{XkqJSl&TvQWan
zFuF4kuGg<}xje2(c~Bz{CMmxCyOCkki-4ISj+Jvpsf<$D!ws;Kah8BWt8`i~>phj`
zP!=eaP#F0q#kyJxov)%%6*{IgtL<NZrM`}adf-#~9l_ekaxi1(+9;|oOZTQC1i2h*
zp}er9Li_+G@3y{Au~dt6WV|fG$<}pFD?&V_75SBab|3mWUxnhzSNWBH_SaL?SBz;z
zg<IW`ew6U*(!_8{AKsDvnM!x;Zt0TRW*_6b^``S>H!sqT{K`MOooAh|Et0}l`IUe6
z*N5cmSAvNn&WT}aU^P@KGs8*p{Gxi64gYW5)e-D=Nqy4Jaf3Ynoadx)nn|JEA|7|9
zOpA*zSF#9fR;jP4E*{fWE#54dg7EOkdis|XiI>W5&l4vm`93gRNjmkg<h{U2&4jYC
zF*z%p`4}*3@l&O)c)FAWX!xAugXtpekaik2><^M>MMoaBuhD8I_W6>xQ@b;ML1V2>
zy50_rx--?=aZy*RyTJK)9L&|~zNJ1oL$ABc$$A|0)9QZYd^`^JX?5yOC}yV<@@aKS
zD|;;NaTA(T)m%WWhI5~ja2$-|zG>%Ui{$Q%a9Z6%d=yS$()qHfLC&onGdk9`<2*xp
zFKchDq#qwh@pUk!)*2_r@gNm{UvfOJa-=b3HA(hbXV*ahbAILuN2|>WuayF7{YN)v
ztn(i^EgcWg@n1?yL!2DPgLeF3$#H?oaV*H=3Hg@meCxF4wfJoLwqv>thcxixF;a!S
zRcn8x^YwT$5uYgKpLKE^Z#v>XksKyDWKKRgR}^5K<>O;R#@m=yazUY-zF}(i62k()
zLB04};@twBiiBeK;Ve4Dya5!C<`}2KX}Fp_iWVjUZi4{l;VX<0yFF&K(7Z9v`~Jj0
zFicpKyK=4xk4w0)LOsb_U_pFgVtS=6(Gxf3r6#DCAYP=E25O*i)MXUx=F(x~2GrsG
zW*b3O8>$B~qjB)I;s_DOl;AG-mT@mioq67JE1GTBi4K~or8b|DH$O=C1{vkce2JgB
zjr(A}`puX6+68A<w;KqbgIf(qjCk-C{;$dp7`Np3&C6k^CZ6Iq`l1W)ND>BMwu|)y
zrSm7!fYGS0J_L|n2isvys<7TYNSuM4I+rHTx=o!WoHzql-^c92{Ns&8q;5`C^;B7f
ziXj9?h%q^y+p6<83&6&2A~zk$33ze7jepUV$`fa8UnCK$F)Ru)8`Waitvk$cTskj3
zcM3F8z;BK^LMun46}f(AcnVLN^V35S6M21*=^+@8V5$u^iMyXTtBz(GEV!S=ToKVL
z6kfylB9~QpZ!4TwA~)7v6VCgYZ=hDw&F}3!JMw_fB&Ph0IVdk54umzo(Hm`HHgV~H
zide++fo-W5&NFrQhi#j5GbFO8$UFgD!#0oihQf)Ds4FDH{eCep>O#L)@OfmWAFB!&
zH-_UkJo8oO^zdC^Mlx{&k|3rS^uQrxzTfb#_DD0yp~7R*YeX?0cyR5h2$<LQLYRs3
z0O*`A_)BG@i#(CLecr)^6UV|IfkFi{eFIOWRnO|kPi-kRQ57!kSA=3M%m1UMzdil*
z(?0X;0Kx5z-hU5-&o(?CBB%EmC=xt>r}YL;0H>7v2}p9bT0ssrez;@&hiEM*Jay`P
zRjbNWvrbMLJ-g`5gYsp%I9Q{^N3126Tu67R^C=ka22`l!MI87lh9>%K75;jtIeKf(
zFf+0>Kj{6U26MABWg2zk7FSaCTMUP{$}s`1yi_kCF#UQ7u@S(Br;|CnHtQ9(Tw-t#
zltIE|1Xi~OyiLf8cXw#52z7+4cn@+~@y#9(=_jk7C^qkFvwlWlWW_H^*R7x2E97&j
z8lxJmGj1}AifUM*d@H9i&Pe@Ker_@xY>a+Z8PIX!No%Q~GWaHP`Op{EysNWaFvrJ$
zPl!0jpkn*DVHAdpZ^Lhj=S6YkG(2gnm+8kbWmriS!7v_tqh&>5J_HG)fFAj=x2AC7
z4+umg82tRe6GWN3jC)<o5DR;SelaN3u#H)7lv($iCj`wYIYW%Rg<@FKZ&hM~+vp2P
zTF9(JLk5QOCt!H6%eoPF!ee@XkA~DqmYVfy%H4Xi&zbTDNGad22BIUqt_g$QGUGw>
z2ON3(RbadSWdQBLP;=auGVNdH6PiJ0{1(t<DHNkvdD}4KUv|tmiisUxGvmu-ixwTi
zhjw6;!`Ri~46(M;j6<+K5*j2YP0<eEUZrzG)T}3^aQe3T>66vbw|$-mh<2cDSfU^O
zZORWNik=)|^nPw=qW5zOH;IhV6AntnLfLCIUL~`;Q%z^k7$CnDTpk)SE=*5n2PQ>M
zl8J4hxsGKt*u3Kd55$>eau*OuDRQaJ?1S}C$h^;mufW$M{YvmHSVC~?bZi(-v4Frj
z76jWkm`BdU&|RDLXNoXzB?PkWpCkislHu;d@cr*YjH17@F#j&|A<B;eC0fAm7d&2U
ztu2?4vQ2=ZAtMTNco#Ij3a12gN040A^Nzu4@yQ6)MC`VUW;zC(yj^5%u_a?Ogl6)!
z)H<#0kjhtV^^m8;Rf}(eBX<ut(3YVe!Qe^{aZ82ycu_55@d?8X6ijXduOwC$-XOR+
z3teQcvEzaZlgVeL1-WrIeimG>&$xnl<py){9NFu8NgO3*+o?$IqApv$hAm#NU^ppC
zoqj&=u)>L#%AG>s^i#fp*)`pLcqeM{g=F`c*#Yw&wg~^T?84dX&G*Y5;r*N-0OlZB
zp^@{w*I?l$_8FK73cv8IYv8wt<UoQq&(h-KsfLhdNc{7*EALOtA?mf6-y>N?57+*%
zREu53+Yocac9s*}HmBsv6;zzSPfZUcc@jBv^8^$yL9VfCINU{toCnfc`KyCOv6z(-
zroUumkSP8_Mpw5Xl!8hg$V8Z>A+7Qta~i?leMAw`J%lMCFTSC#QWz@vI{kK8L!*jH
z+R_z)G&9)ChNTj}_}L<g9F@K*fl8nHo&foJKOuCIus}d}TCt*&ba@Xq&REeaMa=Yh
zx*n>8<WaY5b4bK$r5q&F7zJ6waCb8N#d4z687nQ5{v5BE09E*a3hYvn7s4sp^UEE#
zs4*{&{KyQ!Ni0308+YcY+ZNxDzFBugY>drlJ~7rqG*AOc2PKJOO6Rrs8>r2M>+B)W
z5C~*+S2dv3J+4%=lemWXYNkgdTdWl@@j9j}1hD`;cc%&z&lJ{hy_zH8M&f<tE4Z`O
zZ{}BdVOl4y4~5avqm_Ze8@_>gMKy0$c?*_BmtwlJjBPn8%Q}F%tCa=X$|@i-$DiRG
zq@Q)y2;j_{dT~`lQhdYbDv$=vn_x}LO&h-9%l$^d7m0~VAC+%h&W2!rF)%6;UlA2G
z>v~~E!d{<udf~(~0>q0#va-lG@SK_+K5zMNwfGvoi@b%#L@v?n_kOo<VuNl@px^!G
zm{*F4=ydY<y#-%rby1#@^Y|kfV6*1v;VbFIVbl@El~TY6enHHirAM^*M{;7I#?Mua
zDc!t=8p{o{yLV+x1GOEFzM6UuvZ8k)E3XyRGF<ERLyDf%jD(&%-}gB5<gK8w6a*B)
z!6bt&zGlh^-+6j~>zV?__eAS0Bn6{Yc;7VRJQ^*T@u9>(g7(}YhY6&njNkNuRt+$y
zN{tqRmedQXmU*iRCqfu*pzj4U2j1WkJJ+9S@#|q~)zRZVpn!9I_y(64yjHo~m?c5k
zM09Be6n}Yv%vPy)P~pTg71bo_qFvc(HQnL$h-*e&%rDze(3~u4#OAb1$zT3~S4P^U
zBxK&rmUAmg$MrS60?k$SaN)>Q_&g((JgA0$DK|8SjP15bke^V7uP|Hk?;N}kwONDY
z93T-UWD~}$8LD&4E{r)4VWreA9Jx$!UTOnAN-u#qIJ;h2whoV1Tam0EE)bH1qIO}n
zrMwM8n>|}36Fcx0c3?aMcT7WrigN)LmfUT<BtU$WE3XjJ!8MUB_8LS^DB*h*snD6g
zCiXyCdcD{P#eitBHR>nQ<XXutz(CI}0l3yn+l8TvFEuNXF-v5LEMM%i1NaUNN_fU%
zENE07z(B?rdZf~v+RV-k3gA5%qH0*!PijswxXnR0*imebOOl_^@1R*6EWuN1g9KFz
zBnEc?QCvB-SzUoesARjiFDl;k2#R2+a!V#v7T$F;()%ErS#jiiP?XS@|I%i?2)%+R
z|4HCuEx1P!WeCv#oAef`bPT5k8B<?`MeQfqVNvlFT{rDS1&5s?-ap!ptzC!_)HP^~
zXF%0}jF4`C4AfR25jcsVR&nGcWfQU3I!(=)0-&H7M-({(*{F`V2*Q`Via#R12h+ed
zGz4CBjl<}J-VD#pk1|EOl|{5Z`7ksuZQsx-zgS=%Cx1`&qjdg|d1*U{v0cjmv5lwC
z&|0tr?YnSF;3;AHj$xG?JQY?+!B~rnf?4rQ*HIWmwKW;vy<4zmi9jQD-@j|N|No)c
z)#+wGVtnn*uDh$f+2jl4z_0+0Z97ZjOWs%-eZG|Al*}tT3YN+;ufnyR*H>|E_Utj2
zFs1<lWJ<hDHNC6|dseZOQ_I4q2B>D08G}>zAlk1wASXFC(`FV#ml>PTp<dliez2G1
zfS1?Z46gKWSE@PufVlnV<gP>&k$cD(ejxRe|G2v~m;aaDeOLkJE8SHntM<!)m$0pM
zcfxcge+q`ln1t@h;iH%C&^-a2K!qC|l4}8{n%5nHucv$0P!kCEAJV;Z70K%^dpdL|
zP4aTa$&@zZA*{|Dp+vupOy^d6I(u_ECfqZW4kjEPgX!D`y|k_`6MIJpq@r&Fgv_vD
zg}$X{Q)XJs9@S(<R2vR-Zq0$F$!2gMw!E7$6dz;R?bt|l^Shka@@AO96*7U)I`^_z
zeK#mw@}F$GHc#}uI}f%=-C_tWf*wzi+TG-jh<UJ9K!YR#9v5v&#ti7MlTXL&&55f%
zy_W6xygmmM3w6d9HuK-h%6Fdft!_LWN8c?PcR75Pz}KtW+2}%^clCWIeN`LpGu}oc
zqZm-&TFdrcpoD(O0lapY56taUU76egmdo)SI%+&vG@9lTKW*cUMvQ~ge&rY5Y8w><
z!v}-r6_sXrD_+bJJFV_tq>6(a`d~k2bUAj)Q?)#ydS=q(2~iZWY~*Rw5N*L7tsWxx
zek`^<tzGp5%!jeT*k=8esxaS~;PcfUxp&e)vFm9~+x1)$JAC`3uCLy%vZT#=EN^Oh
z0X98Y_H@(|CX3*T-)k}31s$M>oPIHVxT<Zs*ro7C3pKdw$5iIh$b2^p2V6J8(PS1|
zJ^aj5nCYw)4ovoz<VNA6FHO^4q3=Gqof-RsY2&Mi^6X1gV339qG*E9eV44~Xe>l|a
z_hGCBgS3W{hL>0fF7f#l6WFWu+@_&MzYqP!ss>B!UmN_0MAPP<T3k-*e4{J|Uhm|>
zN)CbNTyEyg4up3j2~7;T8tbt@qtj3W4K<M2SlziDZRW$$sA{VrG02^`rb5}C5?9OD
zaG)F7JWS?T8uj}>bgxzhu#Q(UR!J1ZUszm|m-#b0pojO+fuxu3_Gh|BL~)L1MCBG!
zU83xmmwR_>*J6ZoIUVn10w~XHf8si~7f$UFso1gDerT4wB(4E&?*g|K#xi=P6P3^G
z_c^`tm8{4FOY|Yz9F-`HSHupuBc~I9v<^lUf>F<P8FW<4R&D!NAFH!o8KN$83{gih
zr(~AHsTNn#MGDMVUQZ8_<$PPLD)&i@$Fck+-lOPW>jV|jZ45}aA*MF%eYsmQUnhA-
zlAO+4k<RP06Ti}*r|opRKTq%?1)ToO`I<6&VJzCmVDXYs=0jdH(bIoSJhD-2tg~<I
zr7buScj-u#Ze9!FA66KDmx~!;9rks@HmxxNGlQe&qLYjpi%~J-X~|U_c>PEj;$#3T
zln8J}*XAVuA}_0xb{&z|gl@3bhZIsQ7jNuhF5M=M?lRp(Ka(R%GpFp`fU(>9;SGn|
z@XNlVD95*Ni91>nGPVX*<LZe%;uVR9Nr>_h7oz}=w?(e>)wa2#*Ot{MXVRE$osgNY
z5BcQGev;7iUV#{ye?;a#l6k%xVODa1-ABUP=Cm0@`XnXH7xC<3n_J83S>M?0D$9a3
zTeJm1Pwtr9NN_mejy&Btn08Sn>%_R*Iwp5&WH`ZSqN{xSn%$8wUZ|ejR8X7&h(%Xc
z-vM;$Q>E5y)fVJ+p`27VwF~wP^<9)gf$BaRlRIuI)ip&|tLh4Hsp{gf`@!cebYcXN
zAGPAH*Y4WhrWGT?*G4YWiboVxYa>@_CGuV(FMJuVzC2P?%P^gf<Fyj!z1TMHak9)y
zXK_-=rIN@sUwxv9M~dn@a;a2usU&i(>d4j7kxQkLOC^zOcSkPKB&$w2spL{g<dS$>
zPQMB}a;a2usU&ihcI2w)$fZ)rrIN@sydzh2M=q60E|o;C@g2EpJ94R1a;YS8&F#oF
zuOpXAC6`Jf*ZhuL^&PoXD!Eh=xmI=LYU#+OQpu%~$hEs8m*9RHUXn^Kl|-(5^-0Z8
zVMi{NN-mW|u2Lu0$aqnOJeD{~CC<CeI}~D@P|7U1#_&++mH@4OxkXLvk8)*2YH^L`
zm0U+Q!~CRhaOy+dg)sKo0)J61yRv_HtR<^#xhy(yGlGE<!=%D7hQDVQl^A~-${9)w
zX;V@5Na~`+@1xz2aWJqS;XxyTM_LKKu2#$<kqge%7LJ=*NCV}$?j2ZAk2!ywAEsf5
zJCKlYjhHTQdG{D&oWGFvr=ADrP~KevS&-2`j*P>I=Xe;o?c3zrNk_&N>UKyG)Osti
z&vr+DYsY!ar)N|Vq^%Kox#=oK3`clD^p=CKNN3Rft)`9<g~`njW8bRna4T5l@6z3^
zGSCX^If7e5$CPD!V_@|*sal{$u&SWQx84kBe$15)@Y9HSJtDLXvLzMiiR<AC>y^BS
zcZlx<Vz*o)M567=Yv}5p=vLjkGZKI*b6&G-$2MhBOBN!-V6vqx$RBWOWcTcml;Yw9
zltnvJrysuqd=I);%C~D0BMNXGsro=J=PucxNU{|edARKjR}RPMwrXL_n_iI@OpzeN
zZ(oot;m7?hEglCVFR>H2piA#>+wSnEL>CS=t>W(pBARLWqnmc~x2Q>$_DGU@s*gSS
zsEu5!jU-D?m8EA<6C=sduaa;8QCyAT5@F}%qVF7c+I@aL-GQ@}T`NPjrQj`W*{=mh
zS6i4L$HgNrm?%JE)|l&D-d>m#XTZ5AUfdy~@x;Yy8x@OdkhU=BFZ3sR=lUdSe<H6!
zLPSYk$A6LgSH15=nzaQtxImB*!^il~U8^@Yag2gp2Zx%v>0&$O&4%TV?#5v$klXM5
z#Goh3PoLCS+t{KlXe6O2wLpm#v;{e|7aWddI9s1uC@4t@FN#Gb3nh5DvruMmt~_R;
z2)xq^1z>SG$Nmj!2k|N7bm9|G`#5m8cd>gpm^<eD;AmFCEi9LU5<PaP4b1z9W=6AI
zg5y{&ql?{%@?4~hW6qx{IYX?ML#&q-WPEpwF?9s%rGS8O#6@Kd;i8aUFD<BLw1p#N
zy?Aom?-E>c%=sf&n*WcwcL9&Gy7vDwB!K{t334$imQYihC~8u{5&_9T0`K4iv4Y|q
zix+IQBFuoTioqnp>vSxww%XI$YJ1w+V}Gs3D_%*s1+^j<?>CUDyyJ+VC<IjU|9tm;
zXEF((_WV5m=lStGWZuhu_ugyowbxpEt+m&(%VmkbTv{%1r__`r@27AC{SX^%wnwc<
zCE95h*9Df>Rz4LGjWE7`Mn6IYb)1`Qyo*xIPfyKHg!zFIHE=}0%+Ipy`B}#NysG*6
z4$~9W^lWlkTkZ6`uoyoz=I1=-rxp}`BesnbXW^csb|%Jaf^d;vwW&Jz&?+9SO5Kl|
zpcBH4IbUj|joxiJ@};O}0<!%n;un;#ot@hQ@j~;U9LNoO3W7I0OEGzrZFi90*<(6^
z7TFHiWnNhZGIq!Yf>#Lf(6j(lV^%l*%*^G_GzF=doX;PpJAbC*_z-;-A;la9i=X>O
z4z}G5sY&r`3EcTgc*C|y@#t1w?+$PHV3J;w|2wSrQ(oYb0`E<VNA&%=@P_21c+ERp
zJ{8{J8UMgB4ZBZ_e&4J;Voq{2<%i%k>Iz{iJq8Nx$(t*8rsH3bdD;ZhM4VyEd}SH>
z1;1~o2|PF1@YWa+AgYaRkh5xFd-C@Ti1s@l?ra$oov5o<bae_>HRZcIF3o%UG^@Zm
zQ=qndH3Vx+w9a9-#y~e0q)tg+22$1O%WkRR>C4>I(do;))Zp}GJ|+gghVGml_b+>7
z(UZ>eWBkjBW*@(j$$nwp=_bqtQr=2T($|+cfgMKa`>N=tyQ_x$_Ni~8w}FV4*T&}#
zy<~Cl$-=Tw)f#LwBGhQ2%9lY&RdAUt7<)sWk|zE=XL^^z9h~?W$12^8S6}jxbF!l1
z@8|umzvTUov)@~P`6<AG55ZodEcHMm<uuGM&M~@yXz%zBOXReCBXb64YuVDxyX<VE
zo<UKD#|@gx1_c1>Srea8f-mpYm)DS|K!JkCnquRNafU64#Ag)C!}=s=#_1(G{#U64
z01!Ij>9u<=4`zt`7sYtj7Rzy#XmOeZbFleg3Z!pvl^(rfH2RTlha30BCA!{um^tmt
zw*@3EfIG3`5c>1I1f9@|edjYjr&_$n$nFI6UT%UBc8y0^7It4C7YPFqM$~Bwql{qD
zA_HMK%vdo{DZPnCI>Pxems7xP3Qv|#9+N!UT(El=O$TpYr5oe!GDcabkYbQee#Psm
z!My&dW;2qQPQ>QsNHDyqF7S4^;q5jYD2^gpT*kCaBXzFl?O{VgAJB@RxOz9#J~hX1
zG$;%k^HLPcsJ#lYMk*r(T>i~;iKGT0o*RzqWpAma7zlPG>Gy@E1{OB&g4pkjHf?A6
z?I(O4j-z%6hTT3SNok-5c}eZ~JFf>*r}>KhVYaaCS2u2rek&aBgVcDr6pm~MYw2cp
z{2&y%SWV|7@8Zv5-SG=drd+Tw&W*|GfoB;hcI7suZks03pHl6mbk1}gWqod{O5F>P
ztPptBN^jdJ2y6S3^&wGEay4jv<$8nskdqpyD!QSB=O?!VMq^F!$25Ad6rTw!B317M
zZ@5-pK?pF481sqM$Azmt2sTatK8C|@9OBSMkKdukk;KL56zfo_((T#;)9Xxy$57#7
zw6CVN*iY>Egk?rAM5D+&<dvEaIIs>keqGgu-EAFRHS!4_IOsjW`7|Chy$1mgC$22;
z``54n>rDrqL_esj+A{aoGJN|jW1q)^l3?)$)08`zDTp%@8nfIu!vp1lp!H3j4w$-^
zUPB;fEKlBx;A{xb_k{fCm^}hNzUQ^@P-np+6gA=E*}q%oVOA8!`FsSp6H&(`8!+(H
zCFTPU&VNFpbf<z%V;QS()izE}GkKILO6%OhiFv@c%XU82N5fH9^;yhI-a$cJ6`-bC
zFsHT&vs6P<F;yk6=dG3RI$;N&Q`@H<V~qT;-1H|izKt4RrKt4n=gf*72fqur1*T^I
zbqNH4X0yOl6db9U{?4y*UNruRi{vhYIUeUoW%MdfV)MSPqGMbqQAR3x)bVCSlCyXK
zQks!;RKY{4AaNaiG-G~*eV>%q3>ud=e<ed_-U3opwQmYrRPfi9h>A4>u;_(weUg{h
zIki>6lgc`{V)8#VoGb-ZVknbYpz=M?PQ$>CX!lP+Eizz(r-)#&K1HvR2T^%AF}EO`
zID_C{LP`$nh~RZ;NFLxq0vam{C(cKO<CjG$C6vr7B9SjqCL5`PjsM`uKEyBGF?#be
z-V^_kNK}MookS={ks0W#PaUJPiC}r<c;-}Z3D!DZiz;;p%XpgXJ$8g9v5rMm`Oc@C
z(UbID_snPAQ+Q8OTrf|fip<!MG0~7jL!5<>)YEBz(+sNPJlkaBsk_FqD2MfG?7X4&
zA`QA_4Tm(o=D0&kG30{e^mVe*`WQrK@tVCsYF6b|Ui`q!gwHzUnyRkFhn0rf4>83k
zGQo-Whr4vM{G*q8n8Mdb@QRcda=OZIH2nohgqYr}N=?2RGp`_o#_mk@2YkQ*mMXeu
zYT(tdt{<Bo4Wcy&nZ7OVJe>_Ib5jK<08+UPE4vw_Dd@n?^x$>n?^tm+;N;8+qe$X<
zGBI7rln99SgG0*A#s2Ms_I|aEJEKS;g{3q)J`8<>;R|gecy?aMv-32?Y(q1X%(Y)l
zKVF}#*LkIxw+!1cs>R@nY7r)xhA7-uh0{m~nrR{~q9}p~A<(?&ym0F(5(2Tr-;swv
zQEIT511v-xVk$%x!wIsOHLPk=`3YdK2~gPDPG5qJoAhnGheKIBy6W7|7ON|;4Zg+m
z?Y=PEOeoE^_I_p^Ls=S|W3Q)v4=!c}2FV)E&heYe2q$hrQo(PCL)#{4DD(gdhqin&
zl?4|LHpJ+l`d@USIwFva`d(j>`Opw%xSVhTE?1kA)VV9X4(ga7=xs-Ftke=QjBg2C
z<%9OV2pT~@rb|!&FH(zWdKsc_NG*=rEBSLnsmR~vegGT9_d)d*+j{ADRE{cG5OI*$
z?%fRUF$@cY9jN-In9dmnD5N!F5_~=VdN{B5B_rA<Q7MRP>W~sn^E{ygWw6w6faL~5
z+Ad`VFVMXml10XTd6CpZP>VMiB=jpqInkdWim6Ah^AUUur0fA3EAr#i0AAuu1yN+M
zz^)`)FRw-X;1&i%pT$LPWg)VI!+JiIHW9xy6Mjc8rHne-BZIs>43F3M$^o!HAktq)
zf7Ip6)Ol*o_L5dF*ND(odgMgb4Rtcpu90Ql<;>FQD;&qt;}|`NfzGu(3to>a!-V1p
zny<z`@J$56LQ&;w;no#eENTolQ`iZOCQsyj7XOx$CZrdcUYLf4r{Pn~QWWHa==n|p
zZ+bBp)>4FN#@(6SnIS;I#*L<K5mfUv-alK24;9A)fSP1u_+vPM!UyX^2?MIRko3WV
zdM$M`t0F~+kd=szgrm511^Ey5PwzAF^VozqOK?iozg`ixfN_!uy06y}gPSNs&ZBZz
z*1t&bADeAVqN<kQ!ta`Co?8?tH(`j#L-G+ZI8Vew4ZoSB^T<^DFW-hD@-U4@2PqBX
zLh0EiCi09c2Zs1+uOY&5I8N=Ik{EUoI-l(m6NOhWl!X6CqI6kpe4O*PbBt|!kshN)
z)h?VlA)L)^JV@)G`r>ulI<`$^f<>oz!M+nc_I}6=v)i1+_qZR&`*G&IlbGXaA4*{B
z)phZc<$)i@kCS~S+!G(7y;y=6X3Q!?g!SW}Chwu2S@R3J5OzEIl9M=}cIKzg_s!q#
z-5`KAWmQOBu?I30!9;g?f8Su-;VwF!J>?$?wPmbcG&(T0mqOu6-_}Xrqx^xWaK(wg
z>z+weT_Vya=0RX~p%{I8K#v^B#icC%aN>%Yj2F7i+9~?uuo9G;EsAUJ<CGI=FH_;q
zG<)tHchZh6-*hjReA3jc-`1wJ{9vsgqen065x<`Qt0C0A4osP>UDp)^>TogVSZiq!
zIUGpB6|C7#5-^Sy2X@uwqO}brh92U~coxlkx0=9q=XMVL<~ildo$_a#1<MtA((laG
z!{z_Sin-%%8VS#+DeaGQWobot#*0qiX>H?~el*y5_55#=;R0v3>w1M&)fNU!5S*nW
z_|B`CsLl9tpzUuu#X2gWUF+}^T$IaqJj!FuwY-CVahum3)(15r0^<q*BacY$dcK9{
z;Y1zdIIh?}F5#!Z9amQ4&Kc^Ct5`LT6T<GHw%JEaEz8M?qo}<XmFCq3KDPRl;G*Bq
zFLINm8@$<X5Lz{kqa!m+Yd<y*#}#w0X6QtAGn^5cOa`(3dks;Uf7aN<pb?N2wouZQ
zj8;$M*G+>&OtTt^Pk9n@&zsKjACW=6^Ok%4f<1D)KKwzy@%B*pfAli?jhA&j&|d#j
z*S)w-jYbX6vay;DrnJEOBlV^Rr4H%xqS(7hFW43n7>sy^>6>uk4&hcf{zNlB>Kat>
zc<(&kGr|Z5P_p>Qv~!u!rG)g3w#vLi`U$zCMc(;+guSiajosR07%-5w)=r~FU;lED
z|4oJWuY>hX4C!Z=cV?;$`224t@@>ZgHu=|0(4~2faWa=aD4mGXj^HDX#<Z)Z=Z`#9
z-M`@%C-un(`1soWete1l@%iTMLOUeHNK?Kr1W#g|*6>ELz)5QUez;-jYJnJRT+iQd
ze5oyuky+&jd&Q>gMwQ(jZZ);3csPFB5`IjOtDAM9C@1)D*n`@6l~1M4MpN_|$rUml
zB;qd*Yo46eyfyq#hkskM#>{=zeNmV9#k!Y!GWp75OQeDvggu*1`1L*Qzc*H;*cLi!
zfZ}NuL?Fdr&zT_DeR$$a4c@da)Q|qzNhzgFIC1?<@6#eP&qIlVIgRAKS-22T5e^7J
zzP%T0soq5P4qdR^8(0YP_vMd}sVYaxyjHK0-^EHDDpnXzPYOpBXq3&irN`;{`Oop$
z^Ydh<`FXP0@1{RLSDUiw`MFVV^)DR%)&FFE9`eW2pCA7=Ge4R8BHKph{y_8dE5E*d
z=I6%r{6IR`?3@ozO2;#u8bX6hyhBFHFy>51?uL`W(mQAwzUst(L_*oof84zleZ{vb
zL;5*({oDMwdy+>{M)k3T5YoH>p-=S~iKR<a=IH4NY*nX}&41BBK1~dNYui?w!n^^K
zGl5@mvyn~M2%4z^KfW?iW_Ee?l{Vt5wciza+iSFBH>c1(Av<*1ahPD&CZcQK)VF1Z
z$;*U(g&A!025bRGWJ&ezp%NSV6`D}w{gzu5`1sv6Of+4_XM`|`fSfvSxq}N5C}@$E
zToP*S-tB@^AM<;3s=N7}7FspFTTb#0xRS=S9HCE#_A4}v0KWIt_tB_8c~Rms0R2zx
zh&63T0J<@S9b0+?aCkv5^scSw5@I?vZg+dbH3cY*MNF8H+%`?jMYNVU_NQaE5>SLe
z^85*6el+U4Zh{e9HAZvfv7`cuI#0OCV8YOqcyFS`KGLvzZ*(020AhpeH{NEx8EwBw
zwj#?~eU||tG5pXElzc#G2_{bZGDxV;d*Jvka2yF79Inpp%};03O8j&jBZvPKM-?+#
zG?1+OvIgu>oz}I9W)tL`DL^DF3YIY;$UA5eggn{2G<BFY+!5e>NNTbPT8$ZxyMC#$
z_6<R?gXU4JQpnQ!w#BAm?>w5YWw)e25<eF9YguuzIbfwDS;N#9KK&`5X4C5qeU0)<
zv)#|j9G&2F@g-&P@k46@n}Rltk-GyOsl<eVgjd(m${8nwo)CVSGc?+`M&job??UFt
z5f(OyB!pYu?M6;k<0?q3ncB+r*i2IcYI;w3E)V*St&Q_2oWN0*H5~0uQ05CMPf$EG
z{1`NA%+(75s@=SYI=Pr1ab~Rcw}p5~{bbh8n&;XIqP@d2-Uy*!acl0#iRV3+j<|L!
zQ!0B$(=A-o|0Iw@IO(TqgEgy@H}K$+#mbv-^E@uYGgdZS+w>V4-pjbFaXnSmTGN!n
zU3+q>N*GAeFvztOQLij@bUkWFYHc?lBD1z-k8cLPQS`pnz=y*X@FD*-TrK#H)C<9P
zn7x>PxgwGXe)*ZjPn$)?+GREFbH+0jH-SePRLyAtN6kq>8f^S457-)9swgK-zvV{9
zy-H-;Z`qa?AGIgs?g?QL)v2$Xkb*g%$=_}!!GI6{nSw3@zv5YUf!`*eElVE9D^m|R
zSB6`SrW_}LXt@b);kRcx+D+%iN`j47QX+dicGfIovWmhpKG*oxxHV63GPQ77h+HY5
zhTZw-m*tw$usbi<)WQ{LvMew8Fjq{}{C=TCEggNf;o8J!#7nJR8FE+RW*I%K)_ti4
zahYtvUQN$Uu_2E!lsU;A{56k53*Ht&LYZuV=teXC@oK`|zkw4?u<0JkbGB8SN2e-e
z6}j;NuBE&wsbRa02u=M?;#>*$Sw@UV)vjQ}xAm3#ndo<@VN@wN^esJUSdmvp1j`#d
zMoq4J{dmYPB~5T~L(f7F!)o4zCVTf?lgG}B6u&6P!@-)*sCo8X>3&-1B+QyK!^$X0
zNEq8+hf^T<AQ;*I3M$bz706G)#usRiv|p_(2}Tf2Iv$(rqvIoFi8mEHaSB(@V*mV0
z6iMyXJ6rQ&$D)b}&*&K+y4pmh&W{}x*Rix2q*Y#t`h_7cytfA598{2>q~=B3r;w*e
z%YB8;T_wVt$S31`d-Qx9Hh#`^asXY(o__>94q&Z|j&^2L#z$>8xRM_W#)*y$PShl>
zBqib#SXZwCbJK61>GC%9XsBgNQEg8`LK%McL5=$!!Hv9X+JXjZ$5lI81nT83gqE#J
zRS8^W-sii}6^Lh}8(Z!bo5CBtSsUBhJJZ9EyC&qmgvyYNK2p7vv9c;4lEdWpU8ePq
z8|Xib0EA`|*1F9bIg?Hxys~twi;_=+b}~lA8}6iYHSr7Ch`yu^=-9-l%?+(sj<=LJ
zkMJs|jQ>txH>X-kobuJUz_*%Dm=-8a(q;ow@K|=EAmk^tv_~S6HS)}0=1o~bu$Fk&
zj1=Sy0)11gszowh)(|?dVQ=od9z>;jkA_TSB`5J?j!U9<`2eSxRRQ-SxlJ^*51P{h
zTy@o*hIiX=(y45hJmJf)q@((@NPkN7r$T?K^=GpFOxK@T!M=^3*7Lc37yG|=`o9_~
zJ#Y4Z*ZRMk{NL^Vua+yWFC}!WAQm@UkZ<w|l>d}RCHUBxK2=j0={x&&HxJvFu?a-0
zWJ1lS{XJT1o+;u>Y9kmjxvtCs?;=osIrTGgBM~3PO^Usi_U;VSH3jYukpPTJ76FLh
zTwd{Id@h3B1)a=#KQnX&!tCT$QP-UK*fMu)MZ<iFM-AMgRW|nd_R7~xmV-+chwA4K
z%ZZY!PHALRC5nf0WlM<nza9Uk=tkU^qNm`PhvU9cjqdcqRFqnSbT<qJIljU~=ABew
zf-!Is@j(+R;vde8wW0Wl+Ge`LZVS&C$f?6nL-#=HSM=Ff8nkbL-)7;rjW;OCk|byG
z3DZJu(XMr%Q(?&XFCyCg>>360Kpm6(27NH}s{Wc`@T~bvkF_5XxH@?A-?$~3yaJCd
zNghPejumfhudg(aqjrTuGy(F{>-^-1s&OTA`;vx4M;`AR*-zmuejdFKJxGq;91-s)
zhYOBSKGcyi1aoZ8VwK?7C4$EHITAVSV;86T9>lB_?^t*{B~bJvr1WcltKr=O_d`zo
zHGCKdtkxmlIjkiUgyWP%;m4%;E{GM8vo|~genXUgci576CBgL@_I8iqBQi8+{@9UY
z3uB{4jxC6e2+wFWg<A9KwIWmBHlOzaI+6p}&+`_6B8B6cYCeW{DIbnni3d1Lmo%wT
zAnlOs;q#W0dGsv2PQ4*N%48lDq9umEw*38e@3EgKuqyGhZPwA>rgFi0KJ|WarFA<i
zN-7eM#vwjV$l#t*p@C&ogN;Ap4dWNQ@nSAO2_2>fp@-epF^Z??&Au_V6w*(v45byx
zi5I=vbwAP>#kEh1Fx*f`vS1n`6&sxMi$hOnd^+Yo-mhwEStvN^1%u4*;@ai?7|%HH
zAD&W6Gz;a=sl|A-JobDVRsG<;2H!g2>j*>2(B^eoZR*O045-P*`AH-`w>S}63f2xv
zgi81+Ua;Fx6L(Z;XvwQ|IoKo@<<xPZRe?am^%BAE=WCx{=oEg~?^u|Q5q%`sc#CSE
zaa^eCin4U{I{Z+k5p{A@D&9XOr3mqTd(7*v1OKxhH|FtGw1nUpWwZE<hPI3ezNUq_
zzfW`jt;@6KzJga9TbTQ$S1aD}cm1iqi-aZSOYgQTq}qJNiKjs@@~D*`>Z<_gBd8BK
zBT8ADO(!w_p;a|pOKEAzg>;`tlom-2RRNM0gC>2rG?Zf)hER+OZuFM`+P~CL54NyL
z<@MQFlj<HYp^<~N3@6INL5DqJ1pIL=(5X}&=iGm~f`Yoq=jLaU*CJ4o0>bAY-OzG>
zq81wm<y3cETouvyV2;V%$Y>LmpMuE}^(2v(LMPv5p4hosytBFh7F%5q-5J4Nx2`Q5
zAduUr(&QAH&;&}%`IzZU^QZmJ-v$cQ%{aNX>bkP|=PRQ`d?xw227S&HDSW}$_>|9y
z<zv=<kKjTvOy$*>eZO*HG$u5Wd)Yzgd}jUCfgH?4!A6k*q_AL9T%$=x{QX48%*Xdt
zg+CuZFa<j1V=|-$DMIIsnGc)}ByaokaWa?tpO0HY4VsT5C@^+s&F9?%?&^-&2##wR
z%OQ`?^EjgPQxO|;m(ShL-ses-0{el^^RZ*MiaktK{)Ei!G$9&fZ9+;?r-$9=A~?_b
zIQ;OFX&k<gjgp@^SpgCg!w+8y4u480fcObM3cvYo8ik){7{VOdrP_$Q+fHusR62(d
z=W`AfwmSjO%)4pSU#Q5_9rG_|%#Qi*FSr)05Jkw+N*gtdT{AOiP=xF^FJy0cZTykb
zCx^tCId}fKlehpOV52vst-I8{#~{LCBCK&g^1jb>`&#G;_9Y?YwRM*+ORkPy5s$sz
z{E_zWg!gyR9_F`=Ua>81#KA!{?`_#-%LFOYK^pf@-z02;cXN+2U4*9gSg=QnEjA-w
z-QT$#d-zJ7y9zcP3>`^bhD9vccogr$WRVFr>NqPiaqtspM>JtPWp{HjPaoYWy7PZ7
zWmI^f>3U!fGkG{rdK02B#wt}ZV-4As3hw4%c2j?WyoBQy_}caOxH3!@p@!=u<wPk;
zOnWH@Gx9;S0zDjzu@>oO<#khKHjVecThh&2l5T2{Zt5i5VEgheC;WA4?f$q~^ifFy
z5AK(XrG6KRPc3xUwIoRuyUcBEc&-~xzKFQJFjlq%Yuntt4QqOZ7VI@-s&-dw79#Cp
zL6sQ3^D%#H9^Io6`OPIABl7bd@3%iXh+^JwWQEkx#_KEjSB>81Dtl#C*|$+ZJ$kgt
z_N1)ExowOt!a6hpL2`$UlTD(T`cDs=JusA*ukhal%U&KLdrWok*4FBRjkSwb?^>3_
z@RCiYx?&IB(wjpqZ|8*?RuqMLe!Oe#kktgGaTxo_HBFmbHiyAR9ik5>PIWM#PqwBg
zJ0T6%QA;DDD(EQbmGzG58iFmu9WH;dVk57{2f~n-u;AK*lh)cv(BA3oPgtMuzHFup
z?~9>6(gq`bsIPH3+7Avyy-Ho>;gfE58|99B7)+;(T{Q7|Oubm6UxnW*Lc@uya00La
z$UL;;^PI4I=H#0woiO3lvDeppn)sQ90h&pop_=FLH9;S6eL-%tTjhFc^QLT74MBfO
zWBKuL{}d{p7lRM|w68%|@>sbw&lc^6CYX($5pT-8I?W(Uv}v8ho0^=Q$rwXdO(<Z@
zc6rSo8ye7U+H!9=m*)NH^+*WOZs)L}BB|&YZ<H;A;%TH;Vz0Ze8dnfFXSo;PcJXAD
zr(m>?*Vnw}!rK9z$hC!4`ODmkWaN0eOnw@v!i%sW)w6Gim4#j6f}QMbppcgNU$iW_
zzu&(%xmZ?>F9>)c5<rFHKQqv~c)-Pfw%SZSbRJ!I`&uj{FY`eExZI>){&DHqD_v^8
zrGH$u*(+UY)#x9Wvd;RKMd{0oZ6i8haoV2oJQ2;ms=euMQ#NhSSlDb^0LuSo>`e<b
z=wWx^o&3NNihQ$B`-k1Lwmt@beET5Q2NVe3<$y)Exu>lfSB!ydTnQg*M_1^M>rcj^
zf=A?YNltBN*IR5ui#P<LRq6yoZQhAPHM(SHWQ&LX739I#VH!=ILYu~hGOmDnQ6|kP
zvAwbTv-<0Cb`OvQ(PqNhnLLN8I(U%mRV2<RW@_o7DU6%)IVGtpBk>cU2T+h*-Uyn2
zH~v5dR(56a(~IJ#^!L_(pry1NUPMag#PHugWXWp5qi+L;R|9g2D6-QYes~O0c_hGj
zZz9O*X@R$bEIz9H{q3gie!`svE7T8qzubF}$KJjCQ48jSTlgS#5atOMPV3v^wZ;SD
zZ}xj0Z}jec7G8Ue`KZ<VBW2j{CSQX!Wx<>LO-bkbW6C<;AAWr2`(tp($^QP7lRMuZ
zGrsfvIdz@x$<{nXn;cR%f71y(<@7{k9)G0M6Hk167ZL{*o`w-I_u7Jj_R@lk{ikC}
zFoH23lZwz>%w|hWUQOKd<HWlNtRYeP+)0e?Q4gjEUa>sAXD;X%_@6(`z#pN3znJ}o
z9mi8NF|Fguw3t!rX2x6+4d$l$YmUr`9!hi3(Kl7MkLndGw%P#03R9Id8ZEu4+o)bq
z&uz)1mIyX%qPEadQE=lqoGJ({)pngjzYm>K0?^^a&^6A2m7+(?I*cD5HctF_TX}%T
z(GXy&5ISt-+*79l^2mi5jI}QCr<8@`1L<|cPfFl*W3)U78Xml1I9K)8@T}<=t`_{b
zu)Q5-xbPd?tQt2YkQ|_riQ%8#pB}24HB@(=ZwEy<`tySrDrq^qlQ=<ShpJ?{J|7W)
zr9Y3jsnit3RHQU+cI$*PcL^2cBnR?1BYPHjTP~mq5OVM{*|Mjh2Oay_$+-N<`H=N9
zKZLU0-C*>LpGT}uj<<~PRJ<ehqw!JX@)UxDIjw3iCqBN+9bbXSQ-2*$-`cF<iBDO;
zG9WnHZf~I0CWX1JT(1WM-sJ(iu6&(7;6T*d8thrNg+r`!SGGT@H=I{q1%LcyR%?rz
zWfp##W!B%kYxPFGrKQ;F4dXY1zv%?lGl|;a#2ZUREuFYcAmJYks=vN4C)$gB6PmH>
z!Npp4O|3%D>pTmTXjMS!znKo3cBG1e9Iw=LAlP(~C>2%SOO>3=%qx|lvnW_p%i&<Q
zw6b`P&;VsDpSYzX2~|^z1JU(kYu7BgytJZb(Y2-DsaX^)JweLSX*$AawgNv!7p~(S
zHaUh(+9UPf2%WbjmzWax)Yew)lGaYUYSv^6I(rABQU+MJ;Qj!zj6{J^rLilMx6q}^
z*E*h@XR_1i=x3#+4w2IDq{+h+I@D8MO3;V=_sQ4b<euA&O|b1=d;f0kaw-BEzlYIp
ztjb{+GnGfny<d?cgxN0luHZs_2ibmVr@_tY*GuL-m^IL-%4cTnq`VXO(mRenmgG*^
zXh?3RkyszE(l*k^D^SrR&0Wl3$hTL6As@YGrJTd~vV(w1)~R5E(MCs&!RmHKMphPN
z%!a!)xl$F*brO%6n*@`u*(q_jVs@l;=c+_kXwwEfL5_vg$@_c{L;7mpzrpt!*<x?Q
zAy`fpEH~ZZOhv<r3dwx7U-zc_rFzZHm-XwNOug6GdhZmN>3TbcV=-e89dNo)!tV0^
z@tUC<=Ok||<;YwYdcnXU8$vrjl~48b(5k#rJQTYb{C7~w6y?NvvLbqz2l0NvhsFi!
zujz(f11~zaHCVHUgqG1hGMN;GM~(?L9RX0)_>LcD-5+upgm8RJI2S>I*nUlWO^2hU
zGaJ_jf4NL?Gj44Of%<H)R)z|m4HdkgJ82b4$ObEe)M1ibn|89ZSs7Zwc1decB27+e
zBov&Ok~9d*scU+Q$;+c~^x(>^slk=a9ZzB(xGSscKM6E8o5C1Vo1vqmhwxUQG{kT$
zh_uCHFi0<g(Tlz0v+SCPKWB_1$VGcm$bT<1#ha}oBn>M{LiM9cbCANnbA|>Nxwx`9
zbrc;c0hjY~qDPw(OE?z?T2wiQ$yYm7Eb3@qbFQ&0YfZp-@DwT0l)a;}a=Q<PbNLqg
zL4i}g&LP}5=O$9EJoleH?da&#83n2PtvuF2{}H<!Mx=79NFlcJ9+D_`GQF1YJzjbz
z!?ns1Pw1bg6&-APm}17g!)8`cNP7uQ`WGy>8Etr!7S)}EC1Q@-h(Cd;&M<xzt+4l|
zsFQfWW<hX&>u3Af=*?DQDh^)+8@tn{)9|=ys9W#`lo>Gb2W*m|#I5GB-=${18=}s1
zV=X^&|5S7JTnROa=0O-GP@{wgti8wm>^b0(Y%P(qv`%VDXKLR$%PDVB*kfh7Ygh&Y
zdkP}EE)xG+=^}j#Nvr2q9==tCaJOA29~1K8bgyB$U(x=GtIqeZ(B-XN@K!tH;KVH$
zj@y4Vj?hTa=_U@3%s@IP<~$|>1Eh#gnz>;7h@J}W?+xBuZU)8X@*zCm6ZA`xj`#jx
zN$#kH_>MG%OLSfW`bR7RBBgpKztf#k7qMZE+fNnk4{<{}2#YU{`;vQY6BM#d2XGfi
zuF1J>JRT6}X?h#Jx?s1Ks!6Fu-Wg78lfaL_<h$N9^aDdzACnLJA<TV&5skh7i^7h(
zJNj<wFAku|!@(#?tjkb!hD8dtlPqj!BFarn3^g#x#93@$swu5Thq^>Ga<Tykk<Po~
zZ4v!*OYw!=nw}9foR9(13~9gZFtVG}1v|%f2F)C6KKie9*DQF~&dAV@m<fbIe<ozU
zBZgPKzD1)?jkBR#BfN9e8O|BbEN~WBER(HUF7oI+(16ud;qUx6lY%JN^c}uV9tLe<
za2vVKA$-C^jU{FrZx_Z@x8^a%QiZI<cK<msLJ?_e6_XWzLKj2xN8Y0;(UF$A8CdPb
zlN#_JFqU>>fq9+s0(=Q|8}06IgkCP<zE_gy|E!t>l?$B8WzN#ejvbLIcyHq!c)h=5
zlK>sB=anCIdhjB5P<@o2p7W^h4?oozvKH-%IgGv5S$cy1&l$pzmiM|jL-uH!;9_Xr
zmgfXsa+U=Bf20I*mIVBN)JySgh&9AJS*X*Tk;J(6@R03E4O7~FiuCEL(VEsWuqYvu
zN?k$NBd6-k*&MUnUb)`c#bNBVl1H@gC&u%drJ-!RlN%>qhI6hBk)?Pk4U)03{<J4A
z<^uoIs=A_Jqg-Fem%xZ^jb5Rc`pV+`Hi24a6Xk80)ALopDv1V7OOCrXQq>$?o2sc?
zziWrNA$~7&X0q7Y`kpo|+xm|1>$9heoFOmsb+GYGK9IahpI1|unM9mO(<0+c@uGt!
ztJr&Nin`W`Agys)-j&7KCrBTP5Ltpm+#R)yk9pOLX+pH;oJ<A#7Gt5dd>}%!eZgjn
z_D0GZw$_-d!FN-y75!k)9bFvI`+N>5sfQ8CBHr_tsuiDlLm(H^k9ak19=$uM%m_#E
z&`*aLe4p`@SX8x}cT*bKoBGKz$H$ul1S8{_->czx?Xkm>mvgtc`azgrr#I0vt4aPC
zJ4%C8t)WoUY|FYukGv^-Q2kqh<Y7EWuQ!-#R*~2nN*~GCFEUET9!3;1&MfVdD@?V0
z)8t!<?xrW<>GW^4=@$nB<Z5EFGCAJqheHQg@an96R_2Y-Gs6w0)(WD>OPlp2ChNxj
zrcc#8#Q#~ve1BmT5)zBC>R10%W4`y%VY}PwA2&j@sp?MNAXXf+$%xv0ylz~0N0__V
zp(sWdtPp$85+A%x8!7P`f7GWE@58%vcmpWBExIE4yptlN?Q*h?@Mn~ERc~%EQg<q9
zy;V@-bO!o-`qUNZiF!u0)4l1Ux4_fv!+?l=ymyRVXFTQ)1Z@6(fJNj#na;DX=;I9#
zC>7?;iu}VKN91pRQ`EoJ`!?P7=?9|i2CoO{8+p#Q|D5Efq;AZTe>=%Tnpd+i?7^<^
zBt}oiRi3wo8lU-AOMIw+0Z*1-;o!mTpcbFT_HH`yerR7p(sa0kUw)P*QbN7{1${Y$
zM?zBl({5s#gLrf&H)&~0<uv)+s~k~VqDr#0&122ABRZa>C17?6h`^jb7Yk_m9VJmD
zeEd&2D3cGU=+pN5`EvNb%!4i7G9JL*wNIPQw9skBaqAmqKo9m-aN%t<cfqDV!J*Pq
zZM|7C{7O?evp9PSWz0znBo<R0-WzqA#xn~6wbB?a$VF&pj{sbHP^<vgVWhhh=}{&W
zt&+wUUAO_{ydr5ZM$;ql^AZhfKe~n0au7z#n|D))R)^Zc#`j5-3%tX$G~h>PS>l9N
zdy`i+0|V;S#pF0%VQTJLIFwzuP=%|Djik-aZ`-31PP`Z227wr5`9DLv&k&Q<(9hjj
zeNZ4ai{nGdBI-up7s8Xtr+Cq664zCU*!C?{q0G_xejwk=UKTxwzqzxYF}AGvD?-61
zUo^q<G=Dn^<gI*pX#r$yD54j`Hni&HU{esrq3xD~3ktiVV58+V*IHu45*zHT9;o@T
z`fW{3wHYLc?Fby1G=TPa;=bo8zPImr3W31<+S3&Njqj_UxfAH%iz!&Mrr6y1=O~&D
zyyCeTeva*#`qXR25TS|~U9qIP>FAM+MW6?^=2%Z~gFR+Ws;>^=TI`T6hJV5U1tP3`
zO-YeCBg3ZB%styLrvJ(_v!?%~3)9ozXzK4=v?jY~P(_*i(328#lZe!s&-OWp1RWFk
z^yc(LMo-I{#24)(K9@C#TfF0X_>+jc)kqC|(`ihf{J|RscV{E{P+sZXpc>RTb};f)
z>fp-PQr%d!dV+ZguoZ|i_{-&9&8vpAG@gud$UB4^?_m8oNPi0WlPXIcl`2hrQ{=B~
z4eo_~Qv(Ur!`)%riJ({OPd}?ARQ=wEuc*q{VI2e^*3Wz0JdF19?&re$yZ$_7%RzKH
zknDJGM*lA+0^`hk?B5STm@lCU_2uSgt+wt)ezW$YQp%JWPafn@>+8s@I`M@@*CB-r
z4v$vx!8uS?0)mK!hN}`?;gu*!I5FS@X3Qw6yvFWwM1AZ|Jy3M_J@WhsqTOXn&Ys#B
z(2YHk^D@RGqnh@LmufHTEjgHjH=O^9H;DS0G*-zmibAz+x77_-uJ=kYjzrx1EfKcI
zOBi46xF+^9tIzwxgD79kd7Q5GPfOPyxAluLJqm5h@z$(5P^};HjR;~ywPu}nnkoZ|
zJW5Ret8e;YHw(kZeSH{A8;UPOuyw@vHy;H;^zk%A3LdjB0JPP3He|g9WN)19%AJ&E
zxJXCLKp6Ob;P+(N13K^7iGNCIBK>K6E_(93(mJD@WNNC(1Iuh_rN$50IsPDIF7oFD
zo1O(|XlLbXXkdbk<KUVmYLGeU>ASaU4>dyRsb(dEbY*eG{a0k<<)zhRJE6D|3b0AT
z`#oCPPTb?h@7zrx)(xJOBD8&U=e8yvg5di5S?Ysc7!QkC2;mfi3S-ZLJkCnqEW%E&
z*)u#9J+XfD@E*MovX14{2tKiT0g||@sZ_esM4^kFVh)-Xa1md6oN+46F8p#5Xqu%9
z=#F-RBSa^RGH>pMMp6*Dn@Kg8-)ajfb#8dZ6$KD`BmvKu;jqCutu4?B)VkH^AX>fq
zi-Z8iuXb`+8$xsD6V!RnTm3?J@j^%?#PSF&h{=*Z`sS!DbO~fYzE}LCw32Wa=K`GV
zoZYP|ilq8@_1r5FH;kkrk>yTR#y^t179yS8%4K-Ql?DDz_Q2gNOn0-<Y#qY!?`Cy$
zu<dAxDo!2cBy1VKueNczYc)@%$0hWb&a#b|RUz_I;6>hINTB(Sx9neB0Tug4P=o{j
zPU7*>dTRFW)*I$^ruoEiSBd{Nye_ics^@*RiGYRN+T05Q5<Mq%p*|JnATFKx9~ff(
zkWV#%TKtQSGf&eSv*DK=g8TOE5b^XE-ZkU7Q6E=TW2xbM2~DS~wxa1}L1vE5gH-Ld
z&C*!DcREkOE6q+B%TsRkgt-I>gN-;XW%es3$mfl+I)rvkIEbD8UKoHsCe@C1FZk9O
zT;FV7fTA2*0TnlJ8zK`OE9>S~uInHYuv>F3s)K+mcF%nfZ}%cxG#ijJrMr=;^=A3w
zhi60=q4n9jH`sWisrzdD#oD8<R?RAz`vNX(M9-e`U{1Wa>eV@qR1Lc=_CRW>%n?rL
zAx8J9=nvIPvo2!O$s<Q>?VG1Em=O$$4a?G-vK)8VW6q3#R7?#4+DFMoki_}Nhi6>7
zn6}&Z65KO>8SQS3Zm#+<$!nZA2~=j}Jr=L5+CFDl72m}kPoZ@s2hdZ&rYEFxrP*pj
zHo`>YLyBZzqZbnu(7a&*6Em=}*vvNGOqYvNu(MMfpwtB>qGaP6nsbYGXk;AMsRksI
zYt@9B5^2+lp%Fx$jz(g?F%Z)LN($pxA|Ix715;_h;3LF`(-t4ULQkzY*rc6?p?UUu
zaN5zd&;4OnTES8@wBkx@tC#!BuD1-?$g<VnRA?zbMIjW~%kR#0-F5yWb&Lhhon|3O
zo=5v;5%PskGOjJ1$;l99^D<(cS$gZ<pvz|IP1wX03+ZeF5DN@|j?4fQ&AUI4BGl^e
z!rNr-v@7e;_q3$`9#R#V)%2~wthI7R+pC>qUuasqvT<^0WMyMjs@$rxUAH!e3R>-1
z=)(c8(d2@x2sS>hnS!>?Jz;097Kh8dq$Z1l&Cz*=W@|yjE+>pw(^K;=Ch?__J5y|%
z$bJn7pi7v+(j=$O+V6T0KKg4x_-NO`W~~G8F?$`fXdM`Qyd2D<W;P(Ix&B>_8f|Aw
zE)JQsBVvG4@0!^V_0ZkRLJEJ(yuoAP(uYcn>v+~%&yGkT@~rF_nUi4NsR|yY4pG@I
z1jy?J0fI=D$x;i+D~<Ki#Fcr^=>^-$U4QeV{dM8zGJzR>J{|?}aS=k4J1+i{aT)<M
z?R|nxe}z~XvUf@%4<{^U%`o%99n739Sr#+LqhkvGwg)p)lD{JEJL2af*c4^>c>sPs
ztaLx@ToQoT`9j!qW<Mc^PQ%XcdeLHKnw=LUFUV%+!|F$0(%utxeoUI36X<UrZjOP9
zuyKZ&7r@MQC!negeI^z%Y#eqv_X5y!nz83jr%!moYh_MxX8cfGeDZ<W<JJO=I0)+C
z8V@(`VB)!Jx-xMm!^EdS=Fcsi-i3+Vp3O3(;u3iGBK1VPTT-R|`MkT4OP_bwb9vy-
zO*Wk~BF5F7DaR$xc4v|i7?CZm&hTqBX!x}ngr|05)}u<jJ4F&87}egu*SP|0wAF0C
za%5k<wse-)E_)+%<WgCweLnr#^BsKJO=dWC!Rj=hHX?Uo_&<J;=F?}5&f?Q|3c|$j
zmLPn3JD$y2OZvjwaB_RQ{D1f5)CH?8pKj@~KR$gAPdo8xreA!zAlSGW)VKUu6x`>}
z#~B@_ky$$P=Y!3Q!cxng^SDd1=e8{N{B8Q$!JaQU5Px3TnLj`DZ}I1c)BM?Ddh9|&
zsp6C2(etN9;*iI$pFeNyL>`*nf>BpC8~sLVtmV4O(rTthG<$^Mx(^4Em$8Hm*R6{W
z#oGai!fy6$8KfO?`ie-vlju<t&P5?j;41kK4a6*qsLLve8!JnhcuNYZY@WcPIXY~b
z6sf+Q^}P~F;I&}WndYJJQRn)+Q`QT0<z^Oa(ivJck1T2zU$tRAKj=aXj7SeLI4{kn
zUlyB|nJSA-|0_>y8u`6O#6a@=zo0GLzv{I;Wma37P0uvaOhxi+TKCzsqZT0wmzPdw
zh3HJDWz#IWV?+hbqPy#5ySmQHtgiRG>(-^AiS{t7izvW};WK__8MPLQWz_kc;?UB$
zlP46o7O~ed>fcJ-O|PlzM`}&^ta_`qaT0I~TEwY2Zx4h>wq}BYjSs3O=;z$Zo#Vu+
z7jkb|wa~FS8gt@yZNz>^_E|XfMG?6xv;@ScKlK?k0SUxT9}c9Zd`*m6ik&)kqwwf0
z@aQ&pw76a;9^KxFN4KY5mU19H2G=lB;?dd9F4Z%5G|%jiR2Qs_RWT;1<9U=KL=#Em
zv`MHg@GR}A%{>5%9?A=86{h^jvgl6x?c3=ohn`^0137k7U<S77pJIB_qB$-|jMUGN
zO%u~CBVaCJwpy{O6Bx_qpXTKJ0PVwr4;`=NH%%5vvsSoUu5EOzzeS)owH!u0XOXHz
zYl7(v-q_zz!B%;1x2p%yza_uHBZ=&=+#S1omfPl(dz#`eWVx3i1EkkhMY!QJs{b{3
z0=8#4Pw7~Z*lkUC2I^7P03!N<cForXEWaH=`Wq5fzrzxf&PeO*J#X<U!*XScfyR^~
zN8r~Ypyo{zqf-njyNSM<rS{v>dWwn5HLH%|WP)228<8pIzzi=coov{2e_O1iQ@wNV
z29m1{k5*;+XC;TIFFDLQFeLXALtPEel;q$8f)Ho`X<aFTq1h|YPFecJQjsmlK!x`o
zhM}&|8vB8sO!pS?M7QT;5r&JN<(VOK(frVZq*N7xi@~${YvO5E`vH!QnJuwVUL}T~
zQ2?uLLMlyv;m!OmH|mTPY9S0xoU?s)`zw^s_ofOO9+qVG#Qk|XhNnc<ttCid)9+!B
z$)O-pUEm`U<T&c^rSixRHl3$&6O9Po{5>vxI$_R$EDpJY{;K`#(Cq!}{Nq3s?PWjT
z8$Gf^exHf_&RKL0;rIWm*~Tub8hTsoiPY+ddq#C~uHiiB9OR%gaspQ3RvJ@0d3tVm
zNGIF<<ytHBdjOv$pU}WTwStYq%n~&dBefEH$>b4QpmwgR+32-)6KK;j<nIhi{!UGk
zzeBzrN@rRm(`~hh(BeZNF8H|Nf-t}|1gD!WivhCYH+vJG5oQ>}MbilL%JM!A*+9*;
zN6lKB7M*K^&Q_0=-lA4#^S&*dxDpKnokwKQ*<kYL%d|z^3e7hI)LLE5NaDt8PL2D_
zZ-kmO67gg()$CE{!I9y8$BQ@_r2munoWc0CWVzW}@N^oGXn%I7(=sSZ^>IyDV))sM
zEF%=+TSoZVcU0x$)~K8qKBp+n2yYo<U#O@zcbImp6FP5LSK1Bh4*<6Dwdh4gR2ZOr
zs>H{#*s+z(1S3h_sg~J^syAiPv0-;YwQ-9UZO`ID;rOWz&(W*Q#!aQP;U{cqXOjLE
zk?lgerCk<CmEl^p0ux#_buwtFB^)Y#gg^(%+4<GfE0K7Z<uK?G)GIsYv{YStM-JI=
z$t-wgb#f-kNC_-HUGQ!=0VbE9(uOR(5nUPko;IQ!ujwduj*9h45#Y2nb+}%z1Hcw%
zd7s&b7JCzjHm~O;{sy(b-Jq6u$MHg<#2LR!Z%_}w|4z2NZ=IHwc%RrI66be?VyJ*R
z7@_>A_ThhrSpIjVp;}+U07tI2m<1E@8Q@^c00S8Ycu(?}4hHzq_J4-~Uj215z-#v~
zv|4A`3=leGR@={(8U`qDuYa2XmV5~V9F*DfXEE0Q8wPmaZVO2^159)BRZs520FM;e
zGPK~=ur?B{T5@0*;6gFGE(~x6_KpKFz;TUf2DtUOeHq}?01U7ZQ8=?SF0J5Z9|q|2
zI?Dj32pSk*hf;VD4De*0c4B~)LL{I2U1qu81x%LD{csJ+a6jwh!g=_wh5yZm2qh)i
zNyiBX>>kb?&(9=wSd%y`zdG2slD1)nB|azFFE9M2c%jwNi5H%b%?nwTjvDy~Wz4}_
zlJJQe?*0FT8`il$R^#6hy|B!DzpU`W&a80E3gL)lh2y^-R`@!}PWR6WKYHu{tnfNo
zJ`gLkY|~gv;D>`ntIQhsrFdT#et6aLG&F`Eo}0l~_~D^~E-`%Kg0B4V{bN*Rh9A!8
zndXNLBkT*q4=*{EoAd(6R^s|R@eH80O5B3zX@)Td#Ta9QE1#lqqv4Tq7L&74p^n#F
z-3Y>gfnSXao=XVKYCaGb<goSE!Ud(5K%YCQnmuAy?wrN&elYYa@x^f})`c$`{wMli
z_+p87{3n(#rWLn?(u&)GybxbJ`L;A)+)sX%1@CJoYXcdUagNLCZ(#-a0cURxE6mUz
zf!Jk9HfhnHGFB6U3owGo)rKdX;vj5E{<ugBMjF!C*;f8IJtKb{ioM&-dsGIUQ8#7_
z97MiN+jB@ee-&GSoxVLM5<jh=ZpNTT<AG4s@;NPIt493}iG$$so3xke=t|>QdLeyL
zwe2K(Ykc=F!5&O0DTqoURToK`lo`$a#E-~PwUuN`z<^39c|O02H!9Jca(Kf;$~T)6
zhbWBk5O~*{{!6ChIH`{st}hA14vNn!(^l%NM{%z>L<Nq&E!%g@_!C>kLL@Q?0qh11
zvn^pWeJz(@Z-ofsh`ZGX|KvP@vye%N`a{-CZ|hPPiY(RlnO?4xp*VP>_TwRI(HJ5V
zuvP&Ue&5_zZ9d2~FVgD7PjHD184E}7<|Nm3zLg{S74?Y^@=eCZ5p4W3x9NS-7uox)
zFc%$BKf1RkF~?{SN|Y4}Aird<pUe_<ApC^7xKVMi5$>lO#rjNc?D14%^ZJo?`qK`)
zKfdKdD;{9;I<f2i_%9C`ImbGS2?1Qr0cfb_owZ+$wsl`M`}i_E0e?$JRIamC9p@`k
zVyKUh2D8!?&;85(74oPC8%rCh&lvpwR$8yB52(FZy4}KrHeL!sX)n;u8`16g2MtJN
zd=CdR_#qQHME~ez%pFAE@$Q6O8C6qrTH$`P7#M7zL*c&1`@s_`C8pNdFkaS0;ePTp
zX(7n_R+bQSr#g@rKDmw98`t}rC8Kcv{<nS1O&i9yX6#aBR_Qfa;2{I~ngJ|RLy>__
zGEa?`1~gK_f~I#-ZzmssS2JhG5&aG8H87_&#SaFOCrOZSQ8z*cjCnS7aL09;E=U=P
zjwII^ISw)b)rfu@A!Zic5LqyK;tDNR=XSnbNxr?egH4Szhv~zXkeKkK-7$BRP`DMV
zOEDh$#gC^2PMhZ^jTw&NbXRr8aNhxBUv2TU>>cxiANbhap(=*97+iSOTYW#$?`tVy
zE%{>tb$6=G7$i&RnlCI^+pd(xGw=7cSYS*x>TDA=GN^O0kf@V{{E-)WEDcsPA3c~<
zM8nH}+*Nb@%#o@iqd6XnaBMZl-<MF#3xgcBppa=hjT~<a5h|=Us9-s0Z~_pg{UU;m
z4>Kpy2hKe)MCeD9j1!#rILncmqbFu`CqqN<Xep16tkZO%J=TPmr0V#VaHeVz%fh&7
zX}AtDuOjX>sD9r;^(&9*E~?*<JM_QzagLb(&kUiAwxo%qH3s|2r2meWRlSFE0=8h3
zNm6Irm4Q`vw@8LekHpAQm`;a{*No1$^=wFLkjk+wuF$raK^bMnXg_vde?8@F1xeD|
zYqOgC{q>gjg+1H6;Lo~>3!VM91U@@w^vT~y8+&~Pa#<+twp9@8VWOy}=5sFG3EgL8
zf-8mM)@phoGZo76_o(~d@%MN`8toFc_?!S?C745e!N&KsUE;o|j?j<3zZmxAb4&3R
z_>6aTRY(RfDjdgNPuB69Ee}*g%3n3|K(7daVNOqI4zeYIjozvEAqgC$x8M4ij&Ia}
zlxAZYZ2XOCPn=sS+qJX}D0BAV{Aqu*mC0X0tE@j-#6>xp5eMFU*e<)?5ah7?TJlF`
ze}dR4!3%BrpEem~f==VeAMHyx>;haa(zK^q9M-J;j7mMrer=*aV89N~Fl=`6fmzbf
z_befDve+zJIm45x|IwjNNVjX*>^Wb+W-}`F5mxYr(Pmq|<rp*FFj`-ufFzW~!RP+z
z>tM8JBrQ}~jMh*J1J-4K@1$HXOm^j?B4#pek2LHPdyZ1~@nn`)&J*2s*xmMc`4457
ztZ#QaHBAAaqW_wcX03^D?8{m|*$!(h_4i$dKJ*}3nYCpb6}#3W+JC&@eEPW>`nkgc
zB%XmfzSo%)3~%rh#1aC@FUk;D_(8DoH1Jpc7*+uNyB4t(K%X?GWuw4O3!o@6kXZj<
zUZe%kTe(XMpo_T92%tw%Rfj?QK=$mZe3Bun!N&2X?l1Q@t0M~#{JtP14@)Eig-+Aj
zgT>1&&T1GgVi7?POu@SNAZtagL*!?4upGafZ8_d5%W-Lk;W%RpyPbGxs~AfR#ItCG
zgs8$o<LYJ2$XNwWHNDWH-iei|*8`w~v8)7}hMPAQea(tA`t$uR#Pib%^!*u+|4g)Y
z2Rf%!C<(8_cKrA~9dco++>V7ivpPAAmVG(E8jm~H6-jl|ZeECwDUl$9*%u1O!DC#c
zWDHmZEGOTehQ*2i^71<Bs;(ly>cdq<Mg$nMo2XXhpn-QmnSEi9c<d3<nX}B$$I5gp
zFE3`T%$kpPdEWs>Nq>!U^f$JK;ns4zh<jr>w%(7z#wbxLeCzQKtodX{+I(`1>@d+Y
zH4+uZdVFsnHTCN;snofj*BSF8b(fSXmPr@+0p-JcW(tgy)0{G)su&mx|DZJEC&G;X
z>^MCuF{iLP4amt-s}BQ<%q#Ku5uH@%BfPwKzzCif`6_f@RZ!%m6ssM_@qP;p@86I9
zyt_3aUxL&K*9r$#SY5hK+w5aUmg;<C$8y$w8e0Y%>0sjr;(&N_Rec&8Zx_diG&g<M
z%fAu8j?Ct!Tf6|MnhI)P{nA2l(|YC=ernWfK0m!!uH7*sDH^rBmCg6HOMm43=e-tL
zk(qq8d^5}5BFr?l%E>iirPd~W!7GM~qGR|fHtB1!xF|Mh&XC@y5NI+&nSJVHb=$aF
z8Iv?V(qCwiPHnbJcSOd+%4~HEr)mF-S-ieMS_A}htx*3f8KkWZiv?xYx#=JV>1+2f
zNN3giZ|dVsK&V-{uzRo62V-W&ey2UZl><fqMkjN0yZ1{G4ya0n*V}MH<A?2=qjx`O
zr>?^s{gL;=-+5+;Cgy1TGPBLm4_=<;mKPk7#VvhvbZZiBxzpc-h*Ws55Hu&V3ZZrT
zF-Na@i%EeUKudgPDRcC_JjFke1c$+<yFUkq25Cw7+W2#%jgL*W)Miqe+8pvV>EAD@
zHl9zSUBSj57_Q-SwK8Kvju^qv=gK00(=!C{f7gBtD_Ki-#7x;H__l$O<BQBb`f3Kz
zaK()1E61v|U3m`Qb=pTS?P_^G%>XK9gXMXTxAt#B0;_I6(Y&&p^Z&x~d<7xa_pfem
z_|F5V+y4a)eKmFay`n(|$&V7cXR%H}(=7vyagdI{I#ZW*Rj()dtBQ<zJ@2D5>nueP
zs22vKdko}8VvgY}Sw7OfdVSZM9qRQT8l^*#(eWCS^V=Ddb99_4A*hS=>-$k^e<fvm
zmZJUfuhrzt5|GKc1J3582zj<`xt-Da3MS~6RjiAuy{id&#T!rn_-9F16ZAd2kg9#d
z_50_ak@!*KpO$A%^?4?H6tZ3i-f<wm$f7;OS*K+b*N6c)3ETZ&xaxgEYVuj6DrNVF
zq)AN5ttEY4$t-fT7Vo9i)of4S^&XfHOyBIxQ1AUC47HEm-bi?0zkW!vr1cYMqAqc%
zwx{3KknV?_4iE)I2w?4f<W2c2Lk|WI$?(&W)F3F8E^;!bwZv3w1h3IJNC(_wz4+?!
z;;Y9P4KTWxecipX&rAIu!&?QR5j~9Z+h?xThPgTn1kBZVRF3iwNih}&a`(FVHOpLy
zZXEL!rX6hQt~(8PEmf61sA=|kruL`%^Y=0v&k_R6s#hvhkzuaYFxSgVF-Ot$(u@w+
zjG$lb+`l3u?AP5Zf`3d6U(dp`xZ}K67JFSu_;Zmy>K2C$TR(AS1%K`L28xmnD40#~
zZB~U>AqoTiDf9je`}B3X^Ymo8cdHmG^GR){i{?z!m4D%(<+6RvshzFJ;3$qVXQD)H
zpi|>6PIKI?!F@UI)Xi|*MkLn^eY&(SH|mz?ljXR$M%k*R`rYPD6@2uhL-ngOQDb=O
zTYicS*S$epcNj<(c8PK^-Z+8HFpT#+-vplR0Coty{kkOk3#*eccq~>Xak--XS-_Xl
z9Li&CNoI)}<*~8!WHUV_vrYOt7?w^%OXq0A%QS0p2kS!#8Ng{HWB|NS#mp(L*#8nQ
zm-RdOE58>kQ5{$!dZHd=@$1ZqC7&IK{v>R%>{!8?E!<kTW_Kn}u<DLQYdyh6?du6P
zB3rNh#!DG~T#=C^jV!$5x8lcdTTieer^6F$6T|NF;|eutJi#0y8G>jA={gPz4i*tJ
z3*wjea0U7!W2Vu6k2mW-(*R{S@>$>S%8@@UR2><PJo~*gNB+g3_J!fdu|C|SF+SVi
zy}~+yT@0Mo;9Z3AMJJXlM`rJ>cuU5@B#ZZ$I`>Ck!i?u=%T;gy2e2$|{21K$;jhW`
ztzIQB^|`TG)pYvIF5LL4gZAOZD`JzhbFIl{+7ngG=f-5;ggtd84JW;5IkDl;5F`Jz
zQn5FL7vjX>tFyG&etcUJ9$tVMm?Y)6aF@RvY`g?4!CRmt9oi`|Y=isUf-NS-P0N;C
zC->yK#P~A2S&*kqFfKn3SIb+xE8GC{l$8!7ui6a{Y-ojQ?QxD7=nxFOh+ya*xpGOz
zvZ^5Urm07+p%f;cH*p~d2zo4cMn9}L%_Cj_$>Zl2)RAzH&_e}b_k0}W)ldI}Zu4F?
z(IpO2P>ER4k{n1vD&M3$Ksdv)O^)EOsgXrD((|6z2vJYf#@IH1G!>f)S7YNKfdRpu
za-Cgk!->3BzK5`!%)Taih&lG2{4c&H1imdFTbp{zJYMcQ5NJHfClg+JOXQxmiI1H8
zdKmwm+b=qM<(W@M;(cnd*4M_*Dhwx1Kb^!^^RErZD@o=Rh~;5_nq2Fy4K-}qTlrdt
zf?%;Tqwse`ObQ48(aQhl>DjSP&$T*nJ|ptGJc29n^d<hUAi@%FmML~o!}4z7s+VIc
zLOYiQhy`oE)|aLR%FM|79Ra2y@p<?MkXPjmh!JU>_wavnxMkb1bv?HzQa<sj()pW-
zSJk3ND9s<q1gmnFIYXFwk9bw9oxoaq&YyTyE!pv^Ry&Vn#j9e%QX{k}n^(-Vx7QKx
zD&E77Hx(O^oI*$H+_pM0XC2P?MtW|i`jTMd5OvUPt6U%6wbKNuN`GTtIdKeMz%hVg
za;a~)iMf_HVd~Juks;d^FRDrLP8=-TD!0{Kk0&>FTWlk2kyOt(WWB=EnyP7qv6pMA
zCKm*o*04O8qu|ZWrZ}siXXX0E@llIMj{14*0iE#)SFMk2OWwt6(=!{`D%f<hDQ}y)
z!Cc#>YW$|6vrRLvtC`q~LIXIKt^N|f{$LZfLU7cy5p3GRO|pur@Ykr?KKs`Ub)@Hq
zPD`>R)>OGZv}>okHr2@C3v(S(B(KZ>HEqNd0mANXmou!A2&Fw;>~DuYYqAN|vp4)i
z8grc``(SPe%$;m7HyVzY`<UCFnoy(c8+$8>*8p0Q{)<?+!GF9#fU>nrIB2=S2|S}W
zAndEWd4V^ef)MsqgRuB;lWlvsL0FP0uA>ZDqLas(8i=K8Dh)ghg1*P2W#N{s$A){Z
z46{j)O6n&Fv|X`PkNzjvx-<)0p#$5%*7m?Wf&!e^9vPBCjB(<5FT)9Aqm!~)o3p>1
zo(@-S70P-}PtT(4P=m6bBAyYDV?)P>R(y%XIp#?it8WNp6;`c8h(dO}<R3N7nE(}w
z>*8Zf!B2RsRQ1Xf|4paLQ((0gr)N?~5IxUtW-Srd{H%?H12R~B2jA6HRTl=E?gNP|
zX5XF0?0Q}r)azTh)7Kxy3-29ScwcN0v>E*VD7GziK4IEE0jH{7j{Y@umF-XTGO_{C
zm-nIt&X8qJ)vK{-JfOv=qsP}&k#&hR^u2=Edb57yS?R<NhSXKIFOC;JI<oLd@&n^X
z9Io0EBffER3xk0D*tC;9QcW*{yGx7t+`D*<<Q(F160+BwfO+!Dg0KP~X;8)&E41R(
zJ$5+3qnlF$G%o9s4VwZ4={Apc1gAASn0wYGUC%xSX|4|H-3vR2xH_pM)-QFjZr4(D
zy?qp&vLkrby5Mok=A9CD-w4P1K&6t*d$8$kHJT7tIHM@+9#ZGdFPiA)B{}7w*Ny!E
z#zYfI)FClF8*DQEn?qJ7xAPs6OK$KN&5r->mn{W^6K`=6gJ$jsp5Njfe@pkA9l@f5
z7EXJ=Jy=F>&Rs{hhAy)i=J>wescg}c?ZM+(oZz?*oht6e?a%?I4Q4EUM4aJT+Fcpz
zA0EO2Nq0L|nRJ+Sp(&nNX*7+Z7q=)HCUA46Fv&bA>%?KS!PGb*8-Cy!WcyYc*-}IN
zNeg9v9BWO!DUxH6re#xZIG2>E*q6o^2kr}qYc|+~W`33^_D>Q@rV#sGYWBZfnI)V+
zqSEroW3Y6Fj}*EjcN-6ct73g|%|j#r4L_ZGL{d3almz0QvrQ~E|3z@2jztC=J~X2P
zrZhEwF`_X0=Z`P({`7M@6Q7^)B{R`xXJR*sZNwJoPzB;XtP^2nb!XOT;ykVv2UVy?
z=%fehT<bj25$X{>nnjFSC^3Q%TJw%~5)+7O^2F+f56A3$WeMQrI2$%Wrn))7v8^QH
z;)fWCpU$@O%5v}5XE7p~$8(Zk3p)}k%pAnmofv}U2M92vcfrZ<G!xQRY<M(b+1N-<
zOpFpK;yf@>#1(JY1??4H?-pXEV<Qik_&DL<gcs}Fc_3qU%JFZJIQCL~V^^;I?i_vB
zYNM7VKVg<_46U^MC@p^`7de-iJlEzLQBoAZT#HWdvCTienu(5*Fol<g>=P|3RTn=M
z*CaybG|?Ve#Ea_UAtcJLP2_nbYu<<)nuLk$4$SKb)gU})bE>=!CXR8U*%xr42XUPi
zZc@E#bOTd|kwa7_x}%!I@hU0S8((Cy3CuX>Pzg6lMgCnJc6X=W3Kbl~BDT-Ql#mt?
zf{ik4WJxH|XB6JJVN^>F1E4V@2(tSb9umPu?ZqPT3!rPCC3|zNeDF9);5>0vox3^g
z{?mzvi^5gUM7<DsmPeje7&{|GMv0MEAumb5M!LEgPiYY2aFX9vu1B63ddtY6KaU+R
zSw=xMx267%FR>W0Y&M0Hcs?Uh7q$o%w>deK+d9Gq(sJ1CX+kj<woqNzRgx6cUwJK#
zJ0h7+G5VJUzv=v?1$9F{uB%!ReMf`WFltjy^hZFb?S~+|%7>79lf>1D_Y!#Lh28bq
z$oSwTLu|iCh6-b2GvE#P!Q)s&8oXxkD?YSg<j@7N!^DCd^6dcMB)4!A-KujpB`-9P
zttV4J*bS&Z@w`niT*vK}z5$R?6!L|$^Dt$OKI0zrLANg2MRcg_coLIMGRoaf{5Z)r
zCLFB<Sy0}FqkS?f94+Ze6g<|3quqnZM7FG#5bci-SH6T0wYM&QA)^1=(W|9v>>QVN
znKA3Fbsp`I^H(`T2y-eqpN+?M1#~4ZoXA#IT-vqHlUYa)!T12A-`i~ta{lF|2>PFg
z<AI6sK^`6ev7xDRQ)kQgTeW3&Z(pwe*l?h9k?2VIvo_oZMjNMK<BMeXgH=D|B;jg<
z>W5QV)Fh#dRPBkrgCrt}<c*~z8Ws0h68Cw>t`b`zTg7roVD7jg{CeGS#dxh1_}Q=!
z%D;mA5Fri0x+IAftN_8-UEOC#IC%8)uxsRpgHuCb#J>EXC(*uX@qyFP+e|iAT<FC6
z!-+^~d${SJL7({(Y<jwwKY`o4<KsU6pZq0UC(ZxKyd4gXL%QGQN$!ZmFD@|S6>eI=
z@%vbQct~risLL?F<QPW3TNJW4Ox|&OC;y}oL#A<%X&kqo<DM^>23*TEGL5U(%C_wH
zJ$5QvzSQNSDIc3%j~8sZ5vK1jIr3rF!~`3odJ-Q8e{PFn*4{MxB~T~QbF*Rr$Cir<
ze9XROS>^iF33_{kAz5!3fwot=>QoQE99b4nEHH&kmXRdng40!!K;OI3>$Or-zRmmo
zrIIB6ZTaDc-}^e`hl^c1lTS?gl9~K}Kz=yuw0}c>Ae`Q0#lY_>JNz0>n~@!ETgDWT
zjK~GOBs-kByo>BW7Nq^i4n)KnnO?Q#yTN=%E}R0;Gbed`Mt11fKFPo0gtYu%E;F$=
zd0ex`$PfPW{mTyynQXg8+e}4Bp;U)zpiz0soy0ZB4->ye`5~N<`=Hg$VdTEB1V3MX
zXp#Kzq2!0vS@OebUw&98`GFfFKdfT`BR{MT$4@fygWS79sL19N8v)`s3|rXUlYaYw
zS>@VdZa2G2U&Rou>yRB*N1szRY{?EV&}fM9b!p^a;-V6>IX<t*89BQsnhLw*SHoMl
zKe>($c3em_gvM~~)GspJe|5AWbzj8o58K}pc3YA$pP&2viGJV6GE(25oOy?rs<L6!
zGFsjpY!o||znx*)J;lQP_OCMSb3>CxY;atAW841&EiSVyru^K>=ZopS^+%ZQ;02cH
zW=X^y`Vqz0q)R2vXsH*CWioif&opNFidgTsyh<xkK|1t{j(Y*dfeGZGZRI?EchTqL
z9ru+;d6M))s-tChu9FA_;H@Txq(lfZWV$QDyIwc+j@*3ZE5qd*qlZAyU}J>g^bT+8
z4lR}vp2orfvRz(ZG%=C)FWN6io<t)|1Df1<XmWQr<vW~~Pjj94smOz?onx@0!n^n6
zI#nBBu5^8=l(CVj4}(o(Kn<_`Ns&(Z(-1HjXwH>kk$jk#B^9kcehwA?geZGHbZ66t
zu@<_!40K1Qp)+wP{wL6lZWMIr=biZ37P_DK(2XrfjuLdZvr4#S>~!w`3A(MEA4w|{
zu}P^=p~NU78hOV75OzERrZ<F}NTT!&z91;V`y~H0h3W#^oT`+GP#Zg2&@*zIBIO=u
zA%ZvNYk^BEO`>KvQ)Zf!_PAkFTey4$0X2=`B30@&Khb&km?ZCgEVRjc@)%_TZ@PGy
zngBa!G2mU{sx`r;xwMcR#2=dcBDkheQJ8R@E$?^BfOjelPD=FOROhaXB=S5kCD`~j
zh!sv;+2(%G@<A?29FoBI2sUc#MoNi@`&<Wc^!4jFfU_GwK`)GLUlrR*PWigP9#j=0
zf(<fSCzbISLteNXWJ4#`)(wqRdf+{02}@J|29qo_xbO);&Ghdd1QnNs0(rGz(`Vtt
zpb6v=qmpgj#TqKPzu*K9Qq7g!AuJrnZTodIo?$mLNU^CTRCHYAUg`ZWq3nEP_iQ{}
zP&FtX?YSYVPDmC~aR-RnAG`srYeV`AyR~g->HxDXGIDM~^d4qCwyCb_vpJ{9p8%P#
zEmFQ|f0K<)o_;r)A$UD{D8F^(?*N5ak()htfpAu?Jns84?iZ&L>CyV!Y582EWq0Yp
zny#ZYPXMHmb-`nHv=UQu5s{eXVQZC9jENOi7Kh7Uk4~(^gx*%;wzh1`MS<otY+-Ik
zX$kDwD7B7qOcO+|jNJ(H*}{CbYCc;dfp@iVir^z7<{WKQ*5*E`6Jva6fO#dmRPcst
zc@=K?jJ|BnotPN5*(v8#A&DtIiX^J5l?|kx0suaY262gqmP0F|WlU(a92qiNhA<f|
zXQ@WZigi_@D`-lzyi8YRx~kAsg|0^EYD73OimtD$cB<Zs{aKXfWQK(E-13%Ebv9a6
zaq?&*S+cy6gTH*?4Az3^vTz1Iy6?h~^<dwH)03zE!uf*rlJpn~7FWbwlU_Rh__gPT
zTi(tkmHcN;`EFT%1J6bh7gSe1l^MVOEWm-#yxxr8lpy0br8na@B?!P%dNY1gf{fpk
z-i+UrAmcZsH{&-Y$oNg^&G=0TGJaEfGk#NojNdSra|`45EaN98VK`2Yh<hpv2mP!&
zp_n`jQ4%3<^EN-CC1}cAUzEzNb6=`cg3Ad-U{3auT2B3p^e^{?@FzS9w|oJFHNubo
zJ^1KWBo5E%7I7theGmA?cEH!oz-P+*Bn!T=MFmOxtFcLs-ufGO{xLr$q&ECt*Msf#
z3%c&dwIW9XK3>7z154USU&*b~sV&za(&9Gn4jv0pKRMf1TXx6`liAUsMT^8QWhNyA
ztOz#!C)iXMKc0NR)FMG(?r8@S0#=20y(u9;1WZD}>k2@fCOHGI>yBpYf&$oBoqMS`
zBne#L|24u^cWCLC@Dh_M+WjEh@<9hL$$i)?iR~F)@_MlGpPFD2bG5lIW-}9=1NGO$
zV#!(i;~$%eLpx$le{<?Qy)ewP+4DqH!Y%J=QM_vwg^ZSVQAl1NN`=R<*tH&_S`SgJ
zhp5&=RO=zC^$^v1h-y7VwH~5c4^gd$sMbSN>mi!G9-fZ<S>x{ZsADM*js**XSqd~)
z8pY*no44ViHV$1}YB1$_QqDj##DMH_DCpoY5*8o$H3;(2TnUR=^Np%hT2pDLm|m1*
zFof5WQdQK&uf$v+99TK$OwCQUM4`~$q^xq*kvX!|mq^}^xbHdTuSO3Jmp{)DY8Z`o
z<Tc$*J<K;-qdZekVf(O#Bo*E`;u4?>C38kJ3fWW$!CEpn`wCngVhAUG1WDi8EwdTx
zMMU&SqR^{z|2Zj<w>@0`25HF6#9!Cu?rC{1SDL$q%{?OVVWq)FSs|TWui_+^_OD~Q
z$WXNkAS6F56TkVWj+9;v?IY$4N&cDg`qDT}@>Rs$?7s}&V9c~FpVOUp;4p;-B!@4{
zKa?YM;JHZR3<zZhH#hRW!H=Uw^T3ZOeZUV(FZ+NWmR|PB(91p<df5m3u=KJI_+jZ~
zALwQOUY1@y7yENKKG@&~3Pcz6F!&+$QlVD&!-Q%FHwfT?6afPUEehJYY9A7#@3;-L
zcrDs#577xf{z-yXv@iQlC-v{>@6wjfc@nL<=<oEX{A<(S9TG`gVbyotJJfgQrOrWp
z7p~gotM9OJ8ueYeNOY7@-zoLAv1yV_k<D5?fAI%71^u1bHybt4f%JFYoclysQQH}Z
zXsPa6NxRIyEZyDLWc&MOhwjdp1G^~i7O2|?Fx(BbhP%1*th#5-s4r3Xq!o8g)h8J4
zK9S+>?5$EL|0rX)vr4-zgZq-T&UI4S{ega^4Us7A@QUfAw7XH=R$2pVY>Z8k&h7_k
z;~jS7VAC&*&hC_=DD>9q?CP_1cC!3QXXo^MFRinaB{+rdF7+L~<giG_EQrd^n7Y@d
zx_7eup|SIAfBS0ej3@a<Z`yxL%G>4LdwN^@={Mz{_IOXF3?{2q{>faPBZ@nk3$N(J
zJ?$thx8PCv+?@B@m%_!bCzV7`D5K-%A50NS_EX6dzq_YBwN%VIF}j-`JjesB<T{$j
zCMY?(T5?byMSHC3ag0pT+#)XOmcur!ft$M1kt1XaPursw5e1%1f)5ddeHCdgW82)-
z4Vxx5v{gq3HnbJQ22w#a$bM^c^QQd5X^VO+zxPW1G_HT-BBo<Wj6cEJ7M`T*yJ=!U
z{ag3e?=F#}PFwx%qS$wCDyZLmY&5@q_c5`aGAj_WVEb~UZ|T#o?O(sUA{M;K3DiGT
zQosA^SRN(1E$;wn*Rsy=EX!d-mVpP8QfR@ZJl17sL7RSXJZet$zNEFsaYqAJw|fIO
z^=W)6dbohI^nH=`hQKQlA833kwv7+v=tw@$hPJ#|DeW0}Tbkd>uYYR%qTuq*PilFR
zZtLLAuR{A2p1_k1P>j4SeIkYrOuhIj=6$PXQB7%n&7w$YcW!&+)Y92ry5(6-X?LBe
zEq^nDB_5##Uz3gA=U0OpftSNB^JTM)bgf_hT2t}ZBAsVFvtx`byTb10tMW=sYXMc?
zjn;BITH{$wX*V6wj3l%(aW_Ay=~b|kpQ=HVc1QOYDfZJhBITc=hQZ`>U5<Ax?{(%G
z1q=M^Ell5vSUXo=NvwQZV&xX^4Ba<;+D?YjMBeY!`voi1yNnnj#BOXLZkE~nxvgIG
zQj?`7Q$v4K<3{h?$s(hz-W1-8f9`*L_b!zt)Z2Kkp}E>Hx;wqQv}WSN|6?)hDn8&h
z`e8(`VX^w_HpgGLZKt+TcOy0A<eZL2Z;x7cS*U(<K<0%Bc<4084mt-Tf3r9h>vxCD
z-R0Zy)yuzj3pT;%xJcsc&%#wZ=AINujL*xSplWhAI-iBeVdz$WR_pc-H!MeuP)%w_
zrnGtX=9-(*ZPhlekK&tiK~ajV%NHQ9Ec>kHrrx1MsD0G@Q1BPam2Lf8Qz$~8QawUz
zJzV*l!-1Dm!#i43Je+3v6(+8sinag=IX8m%c>vX^t{3MNg?26vMAwmmsHLiV^r_Tg
zwT+lO20)VZD1I=R7^;>9Z^+|8Yk(yP88i6YArGKWbf}xzk)1sM^bJCR9ucyKJBfv|
z?K+85D^{7SKqPS~lJBWtnmJZIp~N`wPN)d>olwpH$^4(r|5?Gl3+ri%pT+j)PWyAO
z{b{y8Ywgb_`?KBtXi;C%y0C<wZsS%h{3gHjhZARx8!4@(@nWYne_1oCK)p!hAGulm
z&Ho!uxSRT*umdecBysFtPZ#Qwzf)OS%1rTi{xB6#CZeG_1pqK|-{#7I1pK4>sX$`D
z--rul7KhjEce!NNI5yWj$NMTVx|+7+E8^V@3d%Z+Nv~X*Kopv<%!6Pr56IS6zGf~4
z^<Ca+MDnFbs+VjDg&>TM`(Nv|$>vbt-ES(vHAPQa^V^nYAama`kZtA(ki{QJL)I0f
ztMulJK$@%qi2<+Fra?OX4g*rPd2T?ujz$F10Mi>b97u-<@!B6$y_^NoDhty5X9Q9o
z3sT-I+M)nb(g$f%LgT`2Mo(Jvhj)PVJ2F==S%Z19D!)R{fvn{te6`*D!?@+{n9K}z
zg|qLMP2F}2=ZEY*?bJ>9t$}k>2b_O;(!zPH>Ef5d`KzbD2+p>jc7pQ?>h_WH1G9+o
z&*TXpIcnb^Wmk}n)0;1vx`Ql8-^hRzB|rt(`1$>+*-YI>Pgs!7Hof^$kd{C7MIe2v
zGf4kM-9AXKS&(k!2_XGa?e7<)YxL%eKswuWeZVQ>(zA5ee;AM^c7Sxe57NT82KY-s
z+P?aWK>D7kB!i7x5W{?sX0A2ZxQ-_`<<GcJ(q6Ff{(c~3JU_xMNV$@CfcucS6Itmx
zgTK|AF9P=(6-W#?cWfHm`+jY}{h@hoW^gi%Xz|^C(^mpF@P**cFqLG$E$#sKzt<aZ
zC5Hmij{oLozccuX-h2^AOH?2+zzwBA+IYJG>2CAffON-W7NnK#R|4s{)-RgD#io)B
zNK>iXpTW5nq%k}Jq>2NAH1Nwn`s7{%(nHm0kP0nG@0jNXq*oucAbqsxD}i**sxJcR
z2~$Z1q+d|C57G&1%q(5YlS^9j8~8bHsNu5t3%LIO*n1QBsEVa;INLyizzIk+C}`9m
zL|hUDO;{u&L1tirC@3JJC>l3Zgc$+~k}v@>#8Ix>Rj(-O^}1b`dsRSDNC+e#F1Ue;
zm;ge~IBbfBO_KNjuRe3;Og7^CJoo*c?|VOfKQiZ3*Xi!6?yjotuC9hSogc=%g0*Y1
z4f`^sr8exM2wsc*HYF=h{j0QLT$td)?<<0%TSxF6Yg;1t6ND|W=!7qjw?XhDp9;Y%
z0C6nmHC?i-=d*nPfFgW3lPYZ=g}=#rt2x45OlgVm-bC;xeR64t@H2606B6}QflEuL
zqacpQc&YPo#m~KKS|a?b`4NQ2hlvQtWs0_6m$O2)75{9Gr01E^5=jL_@FyJ}7$WJ4
z$AzRR0vD3}D1;>SmD(Jaq-V=pA}K18q#?-LXv;RZ!4gvQ0!7lH*PA2hN2aty(nmz_
zC!KAQH0v=T=?#GkNgpp$B;7QxRpW8P>Xt}4Pckvb<6PuzkaVIVX)+*arM}IQbn5X)
zI`W#3GzyoGs1f(-qe9Zp0vD3n8YDej)GCq=m9<3DwUUWR(yFB<Ny&<&R{;S@Q(1nK
zLS!scT56?B6iEgBLnLi_L`doxCMgGnu;YD*d|IK(d$dT>0?EWA=?@r$Mk^hwl8(1a
zjC9++SDPd08>X~G(z`_PC%w@xL{h9G>F)xURw_gxBq=brRU}=704B}b%I``hCP`Ug
zlC~?7&Qc_u+bl_)k4MrkuLw!sW4A?hymSOPg~Zz?a3N_W%uJGWQtL>Xv#KSMwiS{u
zCP~wgx6w+=6iE}ssI}eB@|)~<S1_feRytpi)Yc?v!XhE*v@l6WVNQ~y!BU&!O1yur
zY>A|fktDr?ybY2bR3t4H<JI<$mzyK$L8i1s(w#)`C-un;wbH_eg{1KUmsZL&NSad6
zs*d;FM=g=mUotUUX+O+SgQP+=@BCg2RNIb!G)K~UrnE%TD@5=o-FQieq-75YNlyw~
zNb;Z%w$frmWoU(XXwxD|w@D@@N#})0I$x1=vLY#^S(4fukEES12}utjjENdcKlz2E
zZv-wR{TsF>N&5JKR*`hkhb^_z<C2L<(jCa#Xr(RHBJoDkvh~|0u>2;+(qN{v)JkV6
zl2#z5nIfr^BB^tjq<t_7Nz%dDts-e64#_kx@m5PFCP^<NZ-b;_Mbcly1hqZ=_vT0{
zU`k6Q-9Q9?l8#GT6iJspD6Mpbz@?SWHAqTr9ZCKVS|VxREb_%9=_i<y21y<@YyM1(
zOIxLS+o;|WUTluQeJ>n`z|V-_PikutIH5!cTq$rNa6AeT`6qQdzWjT?B?3D}5_nda
zz`rY!Iw+EA)tjc?GFh7@JLPG|Bk<VsLg3lBYCyH%tc6109)SyiPrs=Myy^Z{b;=FP
zTO#m0$;52In~=BBf;-A&oVfs5XuA~k<{|+vyv8CyPa)8jjWmqGgiV5Zrg|IBnl?#%
z22)z<zKM$Xv<pMT&+)~gE%&&v?z1ETdu>Ah2X7ek-`6_&mo=h)Sa`|qJjtZv2xG}^
zF7gi1Un*2h1_bn@W~9HpLBG&wn}{^fUx-_wVf<gF-o~S*LO*=a=+_pp3VSINTVg?X
zBEbI72(e&Rv9x~&feZcLV|K$1e$&j>(T}^sn-@ywNhW6dzks|A`ltOMR6QtjDO*yA
zszwVzN1r<mN#7H}pEN2xMAEAZgrtuJE+q9dNO~BN5n7=Q553nCN!LmyCP`J8pBN<d
zQY5XHxs>fHmfvJY%{(4SCo7T)E(npdX}*xuHcZmZD1@!_VScMf>d_)e3nUYRB<~uB
zxeX=fm7aeV8?5eR?#;qKWH()_`d)x@lcD|D+b2j%P6Zm)`KJ;4iLOWL104l*;7tVd
zH9kN65BYrm)#1<2QJ-I=KJP>9G5q|uqvFJM76G*<tJ160=l`;N9=uLU|8239{yTp3
zWPbi0P$jI!z-@#*1{i903`V^^cKV_Ez<BHftMoFayH)x}OwVL`e>44grjIthht;Sj
zGyPOE{X2e>Ls(lA_8wvBgdM;}iz=s(ux^A^nXp{K;tAVe!nzXnn+LFECTu4RaJ`za
z7fo0hVV@B8unAjC*mA<|H(@gg`#WK`ny{-0TSV9>6P7{PEW+q4uIk)@u-gdhZNdWN
z!DzxxHeqWC%O)(=ggsB#xrFV*08#nP7XA^o#e|I`ERHZn2~l``3ES@m>>U&K3yetp
z2g05+VQ&z&jxZjARNwjtdl#_aeF|_J0WT78y8>K7z#{~VRe+NSC?sI00{jjmO`k#l
z;>Y5$u7PU^xPgEk3h*KUBM89Nmc*D#z(4}v(^p9!=k(eFZns6#2L^ABlI4(5QMz*x
zhpdDgImPKiG{63clgyh-u=iKNz$SW6V9+fwU4LU5T_@^w&xPEA&54Q%?=NE8{1~=D
zvBfin`-=x~hXeK(9sZ%%a>KTf|1It@V!P4YWAtI?(Ra^(XloHUV{dR3>1BO)-gTsY
zp>597O0C_B4N|D}iFjpv1F&NXytzigj|%~HkGx4~I|L4Nxwtv0Oq+KIN>D`wxB|Oo
zbn@VSbsaoGsxp~7oh0?g3StbTa~dEGvztiw6atAml)9|}(tBe~q+xSIIdOl@T3q#b
z6RC$6NQum81(7PV<FWAzfzsi+&15@$MG*m5uOk}0nDoa~UJNN`ubn5|0N!!#w$76G
z*a@)H4thSn1y6q4BFQ7xpzMR9P*Eczi`o`Z)T21ttZI}NiFV<))*4No543dFC`Q#N
zRQJ5f>_lS)JR4iT*=i%#Z+m?iKaXvu()xpN_%kZn3D=CPtY60N78w^}i)FcaaH6a=
z4@MD#Lq$9pS%kZ7ZpljqQy82t;dQf!H(5k6YoB8j5$Xz$`C>x#@D+!UPH%v8L5Yc!
zx-f)v1p8LjR{r=w6KNIjRdL@mK)U526X{w%kh0OE^|uYA5ZQj)kGL_Fr{4UwK9zhL
zj1dP1gG%gg)#>)1q_sa@7s45fdyI)=@UskMsEo%n%J^}~ju{6VXMEdk$@pKA9dQPI
z9Fg&D4<lpgm37#}veG`{FD6-o7ln|%Yk;)=5ff=8@KvXKmq;ez9bS?NN@y5d@@NRn
zABnap0xj{e7+9+j(IV(Lh_md$l#suP?|X;uGdf3=)x~oEKWmdVzlxSY$$*XA=&#a0
zxSQfs$&cVh2;zh%Ac)s!%3_!&Rz&w9m{EwoEL~j2{)q2=-M@I8CWGx`{`hPg<Za+5
z_|Z2f!hjf#FU6B*;Bvx7bpq^B)Gjz8=mI?0mw(cO*}+SL1A_eo({|dsh%nhsJ+FR8
z+PQXcax{J2?(e0K6vkHR-`)i!aYC?7FfJIw`yp|bw@SYViNTB6I3?Wl&m?isEVGkc
zSqD9BDu#$+=m;eA7X1n2z>ls!7qt6uMybZ|cgTep#RW=PpSd#>E6FH$71p~u=+EOL
z2wA~EuY}XE@<b4}9?IXOr&I0t%EkY}UfULtb*DhcIZHkgwe<*g3j;S$>cQP;=Vf#^
zf<A&j-&2oK%8NhWd_0Oj-#k3%*&RdveBIZ=zBl>*?GM8LD}e+4595!|HeB8Yy7=K3
zG+yv+^1?r`KLMKnAia0@j&$$KHuNFfyKp8IQ6^A5NM+kD+_XSt$g|(Q5&wx!H!Aj6
zw~xA^4ISE0UAf-KR#+NzX64WnB;YHay~jB-MlW<Cl7{zKxBL^~FO**4r9zFie^`x_
z;E5q;Zu0(RY-oWi4&VLoc{vxF;LencT6jY1buQN9PH4s#sREq-WlBNT=xg$h)FX(8
z8?BL#|6?E_4(j_}#(*e+&?p&BRp?2eA&!_%6UyZ{7RE&v_>G6h1H8(!HciLDJvA0~
z=x^SMiWnIL;aPrAKbNdbhCyPljY}0vWQDZm8dO;f6~hua6_rnR_y?yuvMN0ZidLE;
z&j@K%dMa|JV&9!+ZGpT+VS5DrPRVxP=ZG>D*%sHnsoDZzI9&dB$U_!ma8rrDY04-W
z41cG=@OK&vf2YClcNz?TCvO3`jh{v8XNmfGTm6)(pN;CLTK()-KT#+M$BdKnD!t@+
z%sCZa<@1D)I+&HgIS<D^w4%1G4?=|DWIUXfD)h<!h-d<BUI5wIYb)d3!;}bJfgLTL
z^PwWz1sy&-ot>r%$MN;386gq+L<6LyFkB3zEkHtk7+ml@F|3nY8=#*&(nSB~%ut?}
zH9)#-l!>(9zL31_PNc9{UMZX2pcVD2&?nv>%BvQ8SRg|636~QmuM&g9T)tmI-RulA
zzF*`1rp@0YPQ)Sk+wXQupF>PNHzNJ}5cWy`<vLW*Z~M2@VTegTE0GAM>i4n|;kw3r
z&VCZA>$|f;Xu~4WMn$0cXA3vckdGltrMtT-;>;Gh9af;h{Of5oiaqfgR!OYQ7zfME
zKsrpTQII}wfb<+pGXv={T6%)?S_7nhu(%AQ3t*$6tz+O2&)T7<MCtb%=mz1<nPI6i
zYK9;t@#IukkQlqT5zlRtregGiI0XJOO7VdQD(}-H^R{mL4^ej55ZGZudZ8X{nM9)u
z)eUU9INJz&1?M;S>hqpAvp?qnAtFvI;*e4X%2MoSk$YzA*?#(nt%p|j+p=)kEFPJa
zGJSUGmv4~*KVM}cT_?+5L_*ixtFNUsD@N7$Mp-|l@?+L}8)tpz4$1mml^>Dpva)Dq
zeFrUIv3{bAtV2V0Bn(HR{2??n1!)Vmq^uod0}M?AsTBBV&J_0u)q&q8s>y;5&x_R+
z>cAJ#;FNyui$wb}0<AqvPS`-nmL-?q6}XQJw?SVRyj*6Mwso(=s^~<}>A{N>=oWy;
z?%E;Bx|rQd|5Yl!PrvULNOlboMB~F222|5N{R<!jM}W3kk%)}6Ric!^GJcBbC#0a*
z9Vdx0z_c{p)5Z>y7JA?@$-PSNhTNIiPiN8cfDEkHv*5M>jfIb=Da%7i5sT%~lOGuv
zoG6)=2Nf7CkENnz*6Md7tH1=q#whG}us%}1Am|I?+*tH{-OFS{vre`57*4hSDSuj=
z$%lSXKDFmW_|#?{q>{-L-&$P#!SQA&87O7S;<zO;>*dm^0|5}`Z2(Gk?b>*(=$@+;
z9i&$B+p2stjl`4Ib`eG`pD}=OfFIbLQLiKd2E9AY>T4_7jY|LnpJlo~>5@~ikcgSp
z!&9-|J*mecK%M^U5T*uE1aWbCa@fmOn?DGnU|7lIYWSS)(TXzg#^%0yk{H=i-LU`a
zc+(}fV)_tT8!LsXj={@9c6_oA_Im|fcCGe1!p*aDe4*_3BR82@2fv^zFa2JJpboRP
z8Gf(2V00Yjn+%BG_FZw9E8TlG!IkAiXn`wFGTona#wm&`Gw<c%YWIZ#y|Xb>5Y6EN
zgwDnx<!=wc{~j?(`3AEuJ6v<qsaK~{FS<1@Nli1HdS89cx||#!aai2>&LHjtMI6o&
ze0K-}_*`@X*ajCO8URS0Zs`CQp4|kgS0ASX^i>_;;;xF+ho%UrJppz3Cp9G1m9<Tq
z?>q^`luZ6swSRxUvHfo}8_6IQA${`CLX-pOC7kj!NL~4?Nh;2)Zfihlie!T0ag#y3
z-{!Nl<JCQyAnvx~w4+0{<G5r++`sM-;`+7Fj`t>6+i?=#(2g@EHY5&*pBlI0w#6oK
z=%fwXaj;~9HFUHii2GzgxRcIEZGyPhiO@nPEn&JpX%^O4Ids3iTZo%2(55@-Q@9r=
z+(}FL2IBs9L#v33YmvA-$;2d1vk>>Uvzj1o@BEgD`;6)Sq~}gj#2vg#h$|In)5MjX
zXeEx$#3XLz^{pbV=QAy}oKG?_iMx!oFof>PGn*jpjN=d&t%zHVfCFr~QxtIr=8@#4
ziQC)RN?bMHK-{(ots-vN-&!K>pOT45+z{5nAa2_kO%Rt#gciDGoRE>Uvx_2b;ACmJ
z+M?!(J2is14hC^?tt0NPr&}WK^XteVMVui!F%#I`26XvtmwCga)<R)6Ql4iJp#@T-
zneI<Ia-t&jsyl_$19O{~ooC=6Y*==l$T!H&u2M@JI5*FJG$}jhB7~N)k=lgp{As+9
z8j_tJ)FRZ5U7I3qG!a@Lt`F1wN!<<NJa-6jXA89HPC5d{Y*@Tx^9`MJfYi%MT$8f%
zr6*0|nvk7s6>%Zi`AT7!xB;g((Q*rj&;oI{GTon)-C4EVleY_T;{@6?arfgg)G%>(
z@eRb?fT#~xTC}uWlf<q2YfHqPBbk^Za7#g$xEoGug18Te&;oH!Gu@vwsgojZ#ce{|
zg92@uxEDKGiF=%HAa3rsRuLD(U93j8Y@+3IB@>gljuztPc5i~XJ#$(n?o+1wljdWY
zh_ds?TZOn)0&SYO4IQk+eZ)5q_tMx_5!bOr;-*L@CUJJw!jPRWVHL5FKuI|caZ!r6
zS2aakv?A`;2S{?$#2spHCGKawfw*;JT18yO<1Mw^qmqe9oSU^Uh+B7R6U2=oLJQsU
zA|WH`6U1X?%cbT?%k^l1xE>M2ooo;nyrxyejmF+V^WAc(WMUHc^6W5iL4+%B)N=EQ
z&;oIJO!p`4>!64mdW#S@R-jF{+*Js#8x|-zd_&81Y#nj=*gt8WxbLnehZJ#!*24;u
zF=KelLTXe~q)s~ysiPFBaR#Z^-7KUI0kpXp!-#g^s5xWE<{Px$SyD@@>}*o&J&4UE
zgVZLp-rmtdYDnu<&I-5VSzViG$A1u^g?60JbbnG$1WIHloij;@n<3Dq+wp#Q_k`Q=
zF2121FPC~*iEC0ZyoK$u=G(E8A}*x$I^P#2?sA!SH<;}IGP7mkzF@jPY1j#hxEF2`
z;>rcuG;y!QTZwy`Zy@e=#87C3*8370hRqY#M=~)-;1Jfr5HGi5`rK#)rXGj5I7QrD
z?G$lqZxrHcXOQHkiTkFll{khZCvgv6)hgnC$ChdH#Ep?mOyXv+76x$-%7nQ=%Z(vI
z3*GV(AtPxKf|0RX>WJot1&Op4h>M9J?l)MxB<`&%TSZ)Qi^Sb0nV7`Ao*yReElijj
zwcJ7?v_RY)O!p_f6R(InK@oSIK$~v43rJ3QwZ$Or%aN@ju0M9sn{T<rl1YT@#KQIr
zx?TEh8>fd!U4!X!BU0ZYLJOom%yfU!I&3Pj9aC<Qb}R(6Ioa8l>pZ6H?8!IC&Kd+<
zh#Y}U%FdDSL@-EgLU#UJGBH<MVlBkgVEWvMxb2>niCfKde^RiGB5v^YLfpFoZMq$A
zf|EqJ9Y^yGowQve;+mA5)8LlTd^>(Kf*dkC>BX#tF#_8)MO@Nxi2L0w#C0@?%bOs?
z)d;j{;&6(@LR=x=K-_s!uj49)C$Q?@JaLC|BZ#}5wJ?Y~57XyHE$1LY3*EApA}#~L
zPT4Je*9mc_v_KrrPFRS8gO(6CQtEYF;@-#3NAtv;Y9Y?BUQ)E857dHpM+>Q!$@IB_
zB;7NuWl}$7x<Bc1#J(Y^&yE*TR{`4G2>gU4n<J1u3LJsAxLP#=Kf~sbL245tFkLb+
zN1&Z`GurVMOrIOIW6E)ei&Dhh4i`%jS9Yxs_v=)W+;k^BjBSGO2n_NKowRs(L*kko
zfxlq8tNC^uC7Bo_Fw$pOzvSMSDE&hIIgfvO@y}WOa~l72<)1G6qw!BW{;}~-6#pEZ
zf<LwV^9%p%=ARn=+0H*(`R7~y`HFu&<Dd2Xvxa|G@y`eR^B(`ajX&5$OAq!Bo*O(T
z*eiH;Fe7*-?vFn$*e!TUFgbWq@Qh&RU}CUius!z6Alk$ur-STk)#&#Q!+u#F_uJ4R
zZsyB4ZVb|uvuVf9DS6~;$gy*FRAa}^5x`K6onJfEKH4+!_(tuc{c;CC&jrsfc4YnH
zP7gcq)N!Yzy<UxP3<U0)u49lLc(oY*JDc?>lbPpQy%&5n0;7#xwEm|bv_!;;+)smF
zNS$Rj?d=DR-L!kKm!~{ul-CU6R(lV1vwuj}8J9M+x@p%LUMwN5GrTwpTXl%(gb03!
zkmUUXfy8iuXMPu_|ABOS1!wngq*+ys?1Cqb@DJFD2lUK({ra0p0WRgkolE|6Yn;Bj
z#gXQS{$3ixD&3u&XRn;E+&Peq_;a`<#3{c0w*%bC`q9mONc<lKj~c}9<c__?qozMg
zDJEvg2yA`9=OYbQ+#zB%VqquZo~!)Z;hciq8*Eu^nm&p-1hF$srU$PGIY*>e;|cj1
z`{O(#m+O`c*rfKiPC;p*Dg-ym1{Xr2gS{mKz9UA09xwID1qTLvhhW0)lTgXXJ>kI4
zp~%D=u}#d%jR+nFzYtfd-hCGPRlNQo5LF!0UPb~Oi<$5u6703YJnZ~BOIC^-&_|QV
z3UpQE&<$)yJgUpZ1*o0TOx*i@5=h+LOJOD8g{9lV@t}<R5aEpcwOl21ly@}s1fmOJ
z^A*{nz+?$a?#kMppUOKXz+m|FZDP!udVL|92)CseVSLs(e8ZE6l?<q6jpFq^m$QCt
zNBH_whdc#&$DNQ?%UD_m^^bwVT3v-&!5>LoPvE!h@JVNO;Lc0sPIcIGVQAwU5Vi5W
z5}R*u%}Zoq<1HRg?xFgNND2;BZC)DeX8I%Qj7Xn$gq?=_d|9ifzv?K7<0aDW9q77x
ze^!TC!iOvPh2cm=2Ld`eP6+%kB+`G1j%)f*8LL&}1LvdAaPML~uaOSy(Mo{#P$Z;Z
zrZd?7eij%ru3X=6XN>hexls;(_pz8Ona*~1z9-IhKTW2Vux-W9cuS11MeyJI4lwxd
zo$e?ZxRO}Dfu9R<_jUNu$D_iC>?dA*ZxL|EuEUJd_XP^thZ%}lP>d?*e)-ns=8w<j
zk+*@<`C(zr;rigyXgX|6-$Fo?&fZ(4KN%bDPpHq0NHhEiN8nLP&L#f-ol<hmLfhF2
z1y_*_JOPiWayS0?yC)Ivl^j;NdnW-6>`ai2Wxt7nci)M(msLi%n63M{RuTriE4*3`
z9PsL2{PEfTEpG$g;fE_hdvKv5;RON)B46bCCZ99-406`Tpb<m;McTKgY<R;Pp#S*5
z2~xRA{l%{IpoDP3ohNP4aRR>%X8(1R3<?~=Q|NmY9}hRc97T+D{WGLEO8V=Y@XP2}
za5eTB*Q8wEMEtR2xeoIk2v?^M7x2`r%7)<84|BhZDyK%j{%i~q@1gyg_h}%JF7Kg}
zr*-znomw21>hi<&i1+!NL%-Cm*w)7FtULEp8!nYB-~>nC1n;L9&*!E(eAgjfGu?-F
zG34EescoX{6*;m9jHs}<Fiy|@yuMz%5Je;<>e<*;%=KMLA@KWUAS_b8fvtN#LcrC2
z|6-%m=&L2fW2JsaG+Vbkcq0B-bNdx_Vpc!nm(6e)@bVTJ_roCKpF#amY&?-rGJt0a
zUdKJ4PTy(xLfx2lCu(BEzgr?X9@Gy-h1(;--?10&#lWpyV4dCfnK(WkaQKcXE<ef*
zE}9FtHnK+l9o$fiepgzfG6&(>5!(^m?lRaPHwf_t<6Ur_OMoc%^bOj{%oG<I-CGU@
z?*P-Qbi3qOq0C0_1~6S14mU<>FJK=8>v@I5lV`Sx8e9=~DLOI3W6OaF+)EIrU$F@d
zfRdtlnFcNw*H<D-m+vlUo_+dMyEK6%*ggm9ogbnJmc4~0z&+9N`ap!}q?FrPFX0F!
zfObTVlO;#kOZa7_KLlb}qJ{iLM~@15iXyPA(J(h*n~V*^o9Wp&+jD$}^~K+WTSvLV
z20qRv9{OIDUN4{Q)5o9?BmS&vpQiGU3Fq%D>4NTxHaM(5v!zi1w}%UO)+nI14pb<A
zXN<(<v_Rytq6+<weq;#5qfx%-L&lp#Xn&B#i&J_!#Vb~Ii&@y}0+nJS2$i^MSiiLv
zS3bu%OD15Ps-9@vcM#Y*$n1@sQ5WjFJ6IR<0#QT%()kwl7UEOu9~>b?Yg{Gii1*G9
zo<bfJ8h>G4JaO}+0N_c6h|+}>LJYd-g`h-R8kg!TE7%t8hVL{wN-!2N9p8~qi5|EZ
zb%+|i8?~>o%Y6s9b+&RfBwM|HGVWBu;lRhs7q(Bu#|+xZ{*|a-4{D3HxCgFeA<kHo
zhl18;9Z_NcWzg}|#*@g=a1DfPn$V+7lyy*dM+Ur<!VnFH?iY-%s)(c5UJG_$)b>jK
ziZ0SCN%XsylFwE8fMZr}K^|N)N-lcw9dMOgf*|4;Jbv3|OmNk(3j0<epeX#RdNk=*
zm9*=3egHXFrT5R}ENn3RmPUfRG%BaV-VuK%I%gwZ|E#h@QQG6B!I+Fv(1G!Fy+r}D
zHtCe^a7Tv!wasNz#d@q4A!$*SUQGv9OuCkJQQ=0b^fz2aZM>zFr|DK*Fa5V^`q`f$
z%dNg;Ez|#7nEp_SP1BEyf^y2>OH_)RWDVl=<Vi6I7hQz*=6N<W2qy~1p!sltvwbOS
zs)Je)j|?Izr});n5QX@QfV~#ekdnXllDckmXgOtIOSI>5M`5LOVSk649J}iqcFkE=
zsB<9CAU_8U-I9w!*&3Nya@TUc(3U>S+!*|`qod?aDGis-bqHQh75K#-UR^PYsW{TH
zlqPiWgwPm509~BA<6YLQDo4;;M8MsM5CUgrlnVc~rH{2GO1~~`Jm?#|RItqRb1-&D
zMr{u7aK0W#Zh;Pl?9=ymYZEoE)UG{N5fsyMN~eSMVAfInul=QSj}O#g6E7?aBz`(9
zS;R?gTR$-#A}KpcM(Td8%y#0WgeVk;TLdh<Pw7V$AJ@A(+pyrnhYBkm5F>gO200@!
z&pCsyIG=##M8M!R*{0Vj!oMEW6Hil0ZfZNFEE3a?KoV6p)N(f~E!R7E34@Hos&K-p
zpaz=A-7%hqK~HqTs^D30s4oZ-s8B?#rEdH1RMBk%(B+dh9Skb9lu@g9845XE;z;B~
zGhIuJ($e51DM!x`;*8D;93-<+Q}p3@f_{h6N{MzOls`{dE<?dQ3_&QABhDvMIX+LQ
zjR$m~bF1_-`ziVR^C7E5QTCY;Uw006!$Y=3t^Thn*n=f~`(?q5EJ^CmA7pbX-2qgN
zOMp(kJ&7Dc<3Wv2CClq9$2$kimX@e(6V2wGCSh==MTZ(@*Xf)d;}nB2&freWTd(@Q
zTMG{Heu3}xNz<sPYV_e~OVm+Bs1TZ{FUM9L2?dzd$;wiqGaA*Ryc|jK<hOk=OKQLg
zm0p4JKn%J7Zcey9&=y}9H0|EcnfyV0O-Is{9ToomKFjy>)%W^mnNn0Jp9{EWsCe^t
zBcEBwC)~qB_Jag;_U_JPH0QKhTuTcJ_H-=4=5p--KEgPHasW{HF%L-1KN$wr#W1i^
zC_v9}W$nOa$#Qbpf46DS?!<N#`(3)SW)W7w1>MjK$XXGX&5&7&HurNp;gp2KyRF*c
zzqcAwU0lLxV*qX65%2a`1n{0XEiR)rcoQz}`2$z>WYjLw65}q?5?vQ1YMtV6yv3EC
zs3qoHltK_*bJ9}?Lx;_|D4Vd6gy9H`D}5wk6A7C_7>>iZ(x*7QdkaupoaYq^iSrR&
zI1!gMSoy=R_G^jlFXBi0wNC9pQAG;xZP@9EUWXg0FwcwL5dH#zkBfP=19W^TF6{on
zv$ujY9&@Gb!O<tM^-BmVJe`z(vOnj%DB7uHV?u7$F|ZNKtQb}kz(!@FK8uYprAR{d
zDYkA?aYN-Xt>{}0LGLlJaWkKAVfXRa=r-9Ht}g=k=k$%jUsvBmlcfSo5ny_lsRGRw
z=*Tcz1v*inQ<`Axb7X8UgRz*O3Hp9P$1$V^EZq*4@-7~X$S$eDUe4%G`4FzGe7`g|
zsu*ivSStXBbF=n&c7wx8{NM^bh#wI;9-J|Q`5){=DRqXDL%2<hm!Xwhm8jnWRe(V&
z;>obxW58>bjR4a1U$AkPu^u;bK3*nwc4<y%$TgX!jAk$gO2C=tKoW>Ge-ED|Tgbu_
zgXgH{_-KzN8G8`2zDhrG07jJv#6>7Tl~^Mc*XIC0l+8eiu)mG*iS@-#ooU}Vr6ZjJ
z%f^WthJ9bDi&Owbry4B1iq7geIO2k_nI3?%I^5ImLZ?!bO(*v3*r@<eGfkxzI5Z(7
zFf`exzLueR{62MSxKAm4{6B1be%hMxN#V`N^z^-U+r)~d>6yVv_V80EnmLij;C)lZ
z+|iS#b;6Y1Ufed<e~--Qd*XhF$Qk`l+_>WHY*=jqo1H#frgH=5j<E8fJ^FSD&E^sQ
z{A5ucHf$`UCf2UTWYP(pfHRB;yN=7YansGuP+YhUc?9(KF8zb9ktY2x?EhIzdh?q2
z8ojzF&O~Ac^DTZs0*|12I<hR!ne1iv{&El&HndMXa*!$nf(h)hz;OS_9+{}`0U5*{
z0$gS9n(_aevTx3wE;=owMxRUOYqR!EdJ>Ys*N}aaj(YwX`=)?fU&pa;e&`&wZ-xxQ
zY>NXG_D!El!IRe5H+LT7^e@uB*^Gi4+c#x|hV7fnGL$vaZogIIHfN9Qb_?g4u}7{s
zxoLZ3+NCmoWRLpl4mNU)z5;XKP$L@lNH3#e0MnFsHC?soz562Ukvmik#2&dA<)PU_
zc0@kDFzkqDepdEKpEeEck#j8H*PbNb>zAscLis$$4LoI!j5hMwZL@Nxfj#1IzP}IV
z75)uUmWd1Z`{9N_SJtQ60tAPI{0kW;T;V?!myg9E-b$ZZ7qU-MDFbf|Tmu>Cg3QaL
z`J3(X&yI7#q;UG}xShRHTQClJ;ew}+FubGmH0;EQ?c(%)4v7E}Po>+78zb2+%;Gb{
zwGw;g2tLA{iGRSR>88!a$vj;0wl@Y4d`#O0#}{TE!X=To;~OSTMYQi%v2E&;VcTFs
z3>Qwqw)rtbjW5_YE1-;5P#G_Wjk28f%?jE#E2xT>)4o|w`(_30n-x^V%W2;%r+u@6
z_RR{a;pMb%mQR6glY$~m`^MkrBbx58aYFVnzG~LK@y8X@!0GPrcPk0umz;njrQUL0
zqY_8+W?v=pqoG)lo3@u%sN&)dSJnn?!5?Dh9F1%ev31(#X07!&16PZ!b0>1z3D%V*
zN~8V&U@ouw81M$O)fdaQ9%s^`t1y4zDqSM(ibp0|5qx$ntQYO|Cs+@A$Y6cg#Grlh
z5v>&0N8u(AV2S`OjUdo$fm)hDpc4h!R6~e8l!?14Lk$rwTFF<G-?w@D$Y_#oIL7M7
zoFDT6Y^C{V4oQpTX6c?iszsDx(a0iduPmZeBx7c#EF!3yM19(cjVz-5*hf>@7#2|#
z0F5o8$naLQh;BUtvPdkV3Gy`Xo!(gW{3RZSkAL9HeBR0D<5@}@e-2qnd1g%vOX+F=
zsF&UVij{+wcs^=bir2<04-1jcoN1d3AtKkW;xxEvL^YNma^pr9N)TtDr}RwRIj2Mi
z`o9t#PUK*Uj=i#XhN)3VbYT9B3r=yRy-123=+a?HQO&nM(OoAu(Onn)&yyD(+<XVF
z2hXP1kjHQX<t=JPexREriV4=mG{I6#6HHH}Hdz~PM`^lsU>{_@4cjZ2NGW414u>o~
zS-~8K+*^wwvEvUmlq0KLTkucf`v)w>Pn13cyKts?wgKkZ=}zB0A@l5Ky-i1$XO%f3
zgCGoGp|O5$G0{>Qn`m(jOtec-VfBR!oD}^ZC{EdEk=p?@vHG2+th5X9i{Vk+3&W!V
zS`p8)`1}E%u^79$u9ibatT@gm5~Dp>{;kqqt1-+tI|@;y>cMtuaG}n)9hgHhRkj_g
z^jW~Rwuf5(>LsHI>tEPR3#U@Pc#q7<?}Yn@{2f;NasA1>K4n;XEzc+ot<Pg2<5eW!
zRjohrFfy(v%5wU?aHf@IVB6Z}LwYdTn9n#%`s{c3`po34+nIIP-JzsUCg%BbrtiW$
z9}B=6EvsoPpLZW+eeAvf%TspA$6CD{_JGnjEcv-LoV51V&&l71DjsnMuphNf*6WP#
z&&2o9_<oUrh8x&{*53Hq6Hw^LZ<Ox<YLlP3&~{{mY@42jC8ruZg40vbEBwQ&u`-{t
z!MARFxv`7;1yc3DuamvhFR@58sZBT--{KDJy0(7+g`$s`AFs!r=WA#m0G=Sg`LWvP
z+_uv^pUwCy2N;{Ds1UsswhwOexdXT^e-9gS4-P<{SMeRz{e8$U%oNl%3kg{L`w~T$
zoZ!D*>KpLky0&s~{73f%CB41J=H&0ymfB7RChlb0z-)F@3IVHD!P=UGL5QhOb$c9D
zf1FAkl!hXwsETjRMa37PWcI*bsCcOT!~FXIDA;x;|6ax;@J6CW{^2PN`S%y*b+am-
z{5#7Q=HCQV0kq};1?;+&m<z$_5dW?rAi=1{^FOu7zjJ^K{;iEO_}7{5AiN*)i{Rg3
zm+<ce6ixm~eVgXrW?+W+_hLmO{w+D7S^h1?m-<MQO#bOR!u-S4b>YfzKU>C=Rz&sV
z^nK|}TkZ57iPz@-N@<q$#k3B%YWgpZtO{*GH6XdZjZR*(?w@kV>HEc57Knvqg&AtC
zR#byzT(=AzQfFA31%O25X?MqE=4lg4^RyfB|87@i9NyOB4gaTBC*#ky<OABAxcBkL
z^?o8yax&v1K4{<M2RZMj$QS7t>6ijn#CRUF*Oo=Q(~T01l8kbtB(vCv5_7XwyVG#p
zX`w5+)Cv01N;53&rLF9f>Fe`83c+gIArEBB#_|j}=9EQyo(QhVTjbkVSVuy&%PI_c
zK>4H<-6V?tD`#3c??}^@u6KHm!g@cC;IbfYd+qZi4QE$Y#q>_Y{e576VmE?pK7klm
z-^=xV=Y(w!YRbrsU$rTv)lUDt;QOymTmtLlEwJSK5j30&7xIPpo|mKDW2>kPV*m4=
z4wtT%-|i=^<1gbs9nkJMcRBvtyd12)=l49jwr@Wk4(Dlkb$QyBApY;m)9wWJB<Ap2
z2;mDLY(nA={NE0QFM)vnx9(B@t5DJ4F+BgI{#R|p``7sRfdQHPJ32ECg-%|MHbc>9
zqkFz#&cM3o7v%h_QS@HqT#KCX{~mrV2&~%?qv)D&-OQp<|KRVIqFI$cSg0Ev2|u$k
zA%|5T(dPYuSU7fQSgoiSt%llkAvZ7$LW$iUt`K&CzI~wcp7ZJz8<Bb5Z+P$VxukFT
z8kGSrLN(p@9n#6TPw@X!z`>JA<O}(O|5dCYD7+Otp8u<Kya!mbKEj*HnYcf1gF8Jp
zdL5ini><>mJE|nz=wE|>u@|GSV^)M^Nw_g#ec0%VAZFf0kgCD=Ii9^`81q+PB4o?D
zg|ZF4D*1`UW9VAq#?_U6+qLs~&DhXHbXV#lwOP=?z@_&UcBD=yxIa0{ZPOnZXejP)
zQs`0<#@~9g%DVyn2!*fz1L%-E;{zQ4uo4sne=pyGqAfFeEwmjTDgwNxwloMCz5{R2
zDzn<Qi7F_kPFY&6<*W_H82&O6*|rim`qO112-icBkE;)wQEeY>Ba-|Xpg@u@CT8hs
zNb={ELV1vYLFGyyZvK%1k;B#!k4))9A7Dx!UW+dv&wsBA)&~beM_k5t$n!gpYnY^L
zZ7Fs_`}UCXPz9{d`>&Mh|E%Q%vWuw}Avu0@r)x`lXBX|6u^W1^{&JD)SS_j7H<SuF
z%Pe|voegr`-=tn#i!b#Vr~&1ABFM1t^Hs^!ZSeC^yn&wsP^W@&>X;_@na|vYsS1#v
z37}Q#0p&axl>pT)pn#vb#GC@ohxj>wfPDb4A`7;*f}id11^D^WF@vAK4pIC(1(`JB
z=Ql{y3s42&r&PZMe!c~4=t<${{i_=Bb4FaV{PeJ#UIrPZKOC%YPCw$P5BdddPN(-U
z)~~-uKMCo_1QFbvFXZ~xK|exHPpP(SHrahg?AGn3N#QkZ&abfA!fmEbaT!=s$w<Tm
z9lJ~baVa2!>oFO?;4TwjTnNbEdQ8Sh!nhuj&SiiMuE%6xJtnl@lpES_ayHs;!ZuT4
zd&zu1_M0-Gc~YF*Z_0(4d!{S840_N3g_2eQJ-7&)?{S$q#c^5GfR3y>&t8h1aC`YS
zW*60JPAb0wFo5zzDZp96Fe*T8DKyzp@C^4ZMme)KPU|2FkIL>MK$N1ZhN3Gs6<r>*
z9rhINtybF3W@<a`??-4mZF<Co<RZ~CA<?hPq(p}#zj+&eA)RjyKsrNmSD~aJ;9IsD
zk~nz4uFXl!<lo7eiTHGMCbiUcndyHfgPZY@<Uo5QoA!t{kI@*ZYuq`=uRUuunzfp~
z1sS7OH&e&_j9)`{NX-D>@{LimpCf8U9nljy!i7C7qj@0jwWaMdi`Hw74ff*pn4zdP
z`WbCBUd$BghB>H4u*_&5)87fp7uk{i0~JG)G1P7S3Y31p;|({6ln;r7^k}{gPHD!S
zpzN3p>L<M1UWQPHe`dM8)5XVMZoliOjjnRyPH^JV@N)awvs<~`{zp~g<@Vc9aO36n
zs|Yog+x@oP6G%J!&Xx0VNI^~j5+&e!UDaaz>~F2pU+yQ0{}MLV#3j`5)G#=`@d1<5
zzf1OQWqBSRNpKf%`lp-j0?X>bS%dL(%L%y)bb3#g=Uu*E^**E2@_aXgKJKv?%k#dz
zRzl8dnvlnUL_&5aD?;AgOp$K&2e?XA5$pFU`gB$ZepuHv$rOi?*AnD~JVUGV(EuB(
z^YgLk!L5Q3duuJSpXH6r)|OT{O7c^%BC!aijI+oZsSoytjLEC}JTBV%A~L{u=#L1U
zDf(!9Ta4v!QNEr)NSV?hEiAmyKGyQm{|n{)R@b`nS{Q#|=rzL7wxI#HiX*D|{jHHl
zA_v^a_J3}`ExGXc1MZK5;Q{x<zrzD=^jWPOa3u&Hi&n?NQP_XyAPR0g;I<JO-ru_E
zB-Ino`Nle=n%m#%HeN(kGy7Z9|FA)OH}<z_M~alc%>g)`aer$I989^mWf?#YqhbKF
z)2>faL**}DN9=DseXZ0$_P4G<c^pm8D%8*jsK=I_F#>Wvr6N11yMopcVC+wg8flj+
z*3r4)y5>p9*i%~`<LMgg&ET^+`05GdKd&@fdweYt5O&xAKP+G@pk>D+A<i?QwmjZ*
zZ*6&^Hg6tub8UHwHt#8U$kyg@@ey}q7nkApV0jc2t2XZ&^^7TKIMZR4Oc89?D=tKg
zaT_W%%YuLc-4BNn(jyWO>F54>^aZ1?UPy9SrAA$Gr0`ZtVw;FBv$dj8mc+xBFF}BB
zkR@%8CCwnJsJA73Yh*eI)#jau^uU?;L-`W+7snBqgEEy*1#934!SMY)`XPVgN;?Mk
zKgPVq`XTPSnF%po68G(JUz{7O@0ip7uAGntmvp-Xx5m$z{{8UEI5${}b2FYqbc@Xx
zxbXb44K8T!#=g72zOuk@HNC*9EHJnm3v7!8hRf^)c8LXsjeUWYTVPn~7T78aEZcys
zu)qoo*fIrcGq}Lzjt*7uG68BuUBRj0C2{Weqrg2!!ny$ORCkpONL35aa4<8Rp(ns5
zH0M{01DW-)R>Y%ZPAn7A_xX=t$3;%8)8=N?X+`i*#b(n5bk#(EhMzAcFK-=|J~EGc
zo<>Jk3I8w>R!c%$_=`7;gjXdYKAiA(BVmywBr=Y(%IfGLmf^V{gCh)_FW8>E+Vbo$
zuuuW7EZQ>D{Cc*64OD$CjO$VG9)Pot$wl;`5)Vs>T2VCk7L3j1F@Qtn@@L2&9&R_n
zF9anczt9)SuhSNVGI>lgaVHt8u3Aw5gq8GWq+-t&#;^_7Wu~I=8$jd2P_Kfn0yI7h
zovom+0&3yWW+(yh=utpZ!YsW}aJ6|eK?hQ@!zp8olpByTq^N$T*`Onggv<HK!Ac69
z@K<&tG0jK><J?_C^sbRAX!F`5F&G<C=SH;cutr}r64MVz7+4Q6$ZlLY^=-&rIJXIV
zp@il_qW%rChjpixusuJA@^5G^z&<ha|2IBqb^h~On?L9Czl#pp{yTL@IflVle!LbZ
zd*G7|>9HOOh9JhO2q=x;$(@@p!YlG6{E<IZJ3IPMwUBK^=pdo>j*!2X9P`A<2X3j1
zK?hUkKYg39*FFTk16_E&2|GcT`OaOAfeLT9I(P5E+RDiTA<4M6bg5a#cWXm+#5vL`
zy$2G4<t`i;$EFvR2255{EU?a_Q73DifBTKpV!gtsb04WQ<?%H*d$P&k$!CH^o{Toj
z6P~<>1n;qWY^7CbL)I#{Y?QKhM`S4v8KrFcL~-Ubq=!3C1Nkp*?zrv+yqN(114uAT
zhPMSH{RO4aoZa?fICo<I1FN{stSa|8CB2~$QXM5T67^G1Cbj}m=Ot{owYl^5xYyHt
zIvNSVRXj8lIujPbp$nz%I4in`=O(e=azNP>rx<nb%(^e)`kj7B2eC-T2cAufTyBGY
zV*5FL@a&3T4kwhT2<sQ?dB;n~r|LUn{wV(GmQ3D`w!A>zyL_dNv@cw^7v{1u%KwJ=
zXio7@_Ew<z^SMm<^Oa&ZEwlwLlJ!8i6xcT5Q4C*YZE!1V13>z-Z^+`#R;*P`2!_|H
z{`xCfV_U+n`~#mS=9)LLR`ni@E&sqp1Pp#ltyP`SUYV6&eas0?RLl1G2vxUL5IXdy
zzd*`q*59mjFREdg0GCGnIeR>@=ke|F$-Be$_yd20?eR6ZajRASW=A(Rw#RQp!Hw<l
zD+vwT<6pK@jC*>$)gG7rx48@*iOapG;gjaZ6BZmYbA6xEODbM00Q$=EumHQ@3_2%H
zQA*E^)8}7><dwI76t_`jYti#7<g&}xiyvUr!%caoR&+Dege&V;t!O+S=mZ{w8!SZ6
zT~U&r6H4!o2Yv|$T~wB?<M61&dG{1Y+BbCi%JtRcrtOyTAmjF?{T#Oy7<zQrM0wB(
z+vuN_tk?X){)Ulk9BIA;sPGJ+GeR$|s2o}ijsx{t(JnmY`u^a}e~^STT(La4$9loN
z`tL|{WgXCpKE|jFm%4i&vlh=^c&0l_Mx(f56vu^>kOEi-9H$rdYS9BM3IPvMGsJ{;
zW__+L;369iC2B=6cvy&2gbx2m96h`mPR(MVl_H6Ib&%(E4jk0+Zi{tK%J?$GZyx8<
zmR{EdhrAxZXS1V<Por}vmO4E@InuCC-@XgB7$E5CW2apbcorE&wzq1V63CkaWdFQE
z?6(9;Ng~dX%V$$3XM7p{#wf27j^dc*sVa1eX$*>O3<7=Thu+oLtKaB(J)FJhuXslZ
zb_kK?OT@w$`w;uf_s8lXKfRf-&OX7TY^`Kfc<5vnSP6hguAuZzW{^?JuO2UjF3Ys&
zGTf$#Getksd2dFp4+ostHPP59j{d#eH}HsPdbl=_H#sG@SX#SokF+-WSPqYZ{;Dr#
z(^^#dRv^G(8duBY#$Leu>4+s|^zY?)M?Lv^NhJa|K}u1z9{#~pdM@hXr;tbRGNx2X
zN~OLzjBySz@`;f`jE@YA_Y{WN!>^W#B0j@fr8pl)y6gvq=S$Y{&4YT#52tc?wgdhZ
zr{Y)e?F9o;F`^|9b=Ee|etMXLo*9;5?dm@{b&6JW7RM{640J>nLxuX8jK*{ZyIL5*
zE+5WWjZW?5Nc)OBpTa{B7|F~Kqa3>TSxC!>F^uTufn47qeF#J~hLlO4hlm(b4xGEi
zM0G0~)mc^}Ibqnst25Ju@cO9LZ8GAdk&~TSpJ+uT?AvC6=OG_R28PGMphR=P&)Eg{
zn4Q8u92J8yr<r3T9$f$DaRpo$;P6HnEi0WBV-ITkYpIWLfv$+uSHi#3t^5mi3iq%@
z;<1k#W<;d+GFT}`Il#(!D>)iN0w>IK97pcu=%1`E<#55VE<Jd*q3?OW4z>-A{OAX0
zwp9OQ_pL79PDk2S3;jWp;UJwN^ROOJJTZBl02~=y<i-n-ly&YaDK9;bG9R!fSq-Z5
z)N4s%@YGNOPGt6nduC8m7$+dM13;jx(YOqKp+@m`_U&!oaa_Qls&%`#^iue9Xk1iE
zN~OL^VX$5p7yI-Zh#}+RB?Dt|I1h-^gZe;Va0Ja;t;WS{q=#Fhfqem?SS||*n9D(~
zz%#xsKz6OAm}rmecnQ%F{VCxg`ley{eMcn!712Vo!+SW!a02#^L3cgDnf8g$h+rMs
zf^u{_FodVvm*a8a=+yQ&_=LW6QE?}9d#AS)Gi?fONdIHGKI~;d`e$U+hO3N&$J$a?
zpAHWH7<_hOu|~%PXVx#CUCy-qE`OgsFmW+@>tm;0n^BtaCFJV~FuL6*L4MD~2mP~)
zGeRK9?}i}A?}i}AZxaL=jr}3d>yWXDri_&-PLFSmwljFLR#$xQP^S29L%Jc4t{KI1
z+~n>OK`Q?sj$EmSQ~o_@EsJn1K)Rf~fm7eb&XNaY>${hJyZTJOQrb2=t-2C$FxPu5
zT6?TCXcMlRGmWCnwX(Da9gSnkxPJ-A!SmSd?m!BEZwg~15hI2e=)sk`L#0T6!eh8G
z(0||w7x5k;Z+nI1EEc3hOuPbGbFr>g#5*@7sLxkOvaeDCNro3BTsX^!(R)vgbVt;V
z_aVUcNYSs89=gWtj4q(yQU&+PP8<M=fwdbmH8aOo9qeqKAJ{*X;-Yuhqp_Bc17(h^
zpu3aPKQx;5Q+#d~PW@F*Ey4j>v~+~WBDm3SQ)E+rze_dsnX6P&pMvyo{bfFZ#-`W8
z>H3?%g}m3FP)*38u92-z03NhSfTqw~3+F9S*r(r^G9ihGcM(w<<sFs6mU;z`A^S+|
z-Aak3!1yoS8rr*DZNS-nmv0>gyTiAcHen{IhPgSK2V-53a0v5&yS4blm9VlqqHe3N
zPmI!2*ktJXO6dC#HU=n8A5ZSejt})8^Y`KQx&$t$$GEdxunW^ZSK<_-QhN|*wP9=7
z;c^;X5xvh@f`RG4OF~7|3hT=%M@c(Gt<t<yvo4yM%0Eb3mgUOYtSv|cIFAmGr{OCe
zxlSu{%v-NLycsPUpwE%f-i7t`ZKI;{GjmJ20?U>5od~E0zXgWxa9N;D!TM4sA~c~k
z_Tm!)4*?u*JJN&ial9};+xk7Ic+&X3eZl(b@b|t$WqO;`LG25G?eq^PS@z=CKqiop
z4^|1a1-rmQCl(jeHV99!@f@c;cm)u0v}NOBa(r6~cSQXG^rKNf0DWE>QYe*scf~?2
zFnh4vLuJ+NdPM!9MG1O6rp;7=g%GaMQ6hw0Szl=jcq{{^aE!y(PU_{Y*5H}rD=Q7e
z6s+H$Taw}QUymAgwHJ3RtB&(lr;{Hs-fdb!S;2a&w4!0gGQBvytR~J|lb+-I7Sth^
zghTC-oIttg^ko%C+Y5FKvKMSnpGaHg6ekDAOHB&vqpG8#rrsNFB=6zaSrb?kS!Whu
za!xWHC*?+y|JemKgR%=gw`87OoXNhSC}S6ytHT=3C=Iq(O4k&8nBJ@Y_@C_WBJaXo
zJ{>kvJ2w{L<w_#&q1ai;1vsL4V!_Pl6`l?SGh<eH5PhL67L6jk`*x#u_i~nG1ydnU
z^KyKr0|BZEr{L(+5Ca~E#sa5^(rsKgwBx-PZ&>l^n#<Ns#mf+^{I0SW99^x=O~Nal
zs`6oBA8@2?K<|ms9*hH2TRJY<_pP_ObYKBGh&C^X9%c9LINe#cqm6gRAXmbca2NU-
zX?aqgn82N|-jU<J{EN&SF%JF>4AkM?Xk?4tyB`>P++*>#+A|@wdcYF*je&(Mpy23l
z+JXW+nIEGwdqN*0hnX?jQfDmj+#dYh@0nxw-#sO};8?mgmlX{R1~PIiaBDK2QcDLE
zX!Fho&`Qi{c(-fI${l6Z?d{%OgPdi%+Bk9hAn7`Q5vFJph8;qtiniFm!!SE@d<P14
z>@PT4;O-LOfns?t#k)3-o-;YVquw2*g+~kUtj$}BzrGC?z)Jv7pr#?h4#(-!c*lV8
zR<}h}IwLPs!BMuOy(6JK$9K%T6E8d4I1;vcw+(V6d}?s~oBTYqL|d@2OviwXz04o?
zWLb3^5TfCuvORI$oq$b#FDhEMl@5xE>JSCPInUSD?yb@6Wi@T={y5D>x#93%fo_wK
z=NpO{0*6Xm;Gb%Y*rX^}1>7Lx_-MF()=-}}d>4(d`F-jGmv8kD47(0ifhp^u4&Na}
ztcY`;D~*li!$V+7?5yqugK$^ZAx~1loahyNfbBOlwqQ=oDu*@%s|PR&H=_L<SvY7~
zi3emZ{yp)|to7Q0_XsIkKLgsPG&=A&-i-O$VRUzjV|&5js(gnOS+2VKTtLyaMn>oO
zzOuB{okaF-LyzAE-fkb1oA9v{Ci;R=fFtu5>0iigU;f2rZs_WLRBmIVnI$DPQ1-ZQ
z#ouaAUcrv)f}=~^cLWfwo;5*lm$U4?uUu)WHgmawWafu1@)Ns=wseY-pSE-?y8q$d
z+!OG3zvqTf_n$g3@BuJUKrpsohw6~rJ&L61uYlOgwzWs+{|<c!9e)Qp{uV{v_aHBS
z21ttyPE_4I*v9PMo*R&p%Gfg+RGEzOTn;9+1(P}(BdL9E!e`9TS+>1RZo;oDCO6?L
zXV!-NZZO<=96c@%`(-@#zi}FT&h~3_FU7!0!{!m9kc8|n8oL&gQS6nI57Kmkz4E|`
z4eb@GeynZKcJzue#9S~wcoK|(B4oq{<C+Q*5rRFc<U%gzAXvu&x`+D?7S==^s;`F*
z!Z^{2egw?rt8%4%&JzwN!6MTh`T{U}aR$A_gYSyIuM>Nr7Y<WEVE$XODcjcuDyY<6
zoRwX$3)<+j0(<ej(fB4NSik~d9}ECK`p8@Zzdi7)f$uvg-zpVmFP<4~$p9xL%VGlq
zxG3VSkDE1&xSjFce&ajj5&o`WMlqI*=;Iz2IDm>+6(9z7uCE<TJi{1EY|0oL!7kq_
zV=P97WjElnMdE`O8|@iZ?6AHb0xOW8*Z`uYVSwX!icfu9g~XCf-{Hb-Y!#_%;bGM@
zh+u%lMwoRU;Q?0N^j8eKE!}E&p+Pt|Y;3m$^UeNX;v)k#%qg(<VrShEGC0Dv8YVy9
z!*R1l((>rset+0pBcOdFBhEBXB22qb6M+k|%?xQN`Wc>rM*sYe+uLgY&}igdf71N;
z)@aWZnjabL|5ANXkflhYF%n&7+9GilTVyek1zBv7Cy5MOgeJ&`(BF{B)b@C)${!|D
z&oDvm0kokB!o$hUnIMCZCS4^!HwWa`zyLWNP!t?#fQ$lOwP&mtAlC&BqR#*Tk-P^_
zW@R9Px8ofj&!h;x7Y4|<*c_-X+8`70cfaSRxG4kDr`{BJ4|s;{@fsh+_E>@^tL?#^
zdplG-?T<#bhmZiXJb$X}Rt2w3-49bHK6pLz@{EPb4_RcM;o(d@gJ=&xmO}*BK<?H+
z1XqRf&P}LOc8!_$Ny{l*?Y=F690&ubW{b8D$>0BOeJ}I9|6O&@)6ODSzGB--Z$eAN
zQ_c4jrOz2LL<lvCHurhF1YX6Tu)%?NQw7xjkMeu!|0_)m3t=%EP~_K8|K}083H>j^
z5c*#VqqYwWP}w#x1kP63HZTNW^uiDrV;BPC1DK1kO6Ya9XcV(r=yjX|qFPqP4{c0b
zc020+g7PT^N7JX?5Lf}!2+hy#7peK51f*rnKa-jtL`|I(yc;HN$c*sZXwAqoDnj=U
zX|?V@l_H)RA1f?5T)5-u52*f&&;>>HTa-QKH_}BdAm#ty-Hnxp4cNq{=dkY(7tzCu
z5?IJ=pPExLCPl(eI<b`m$0sgKd}qI^eoC_5^)OYaT9%OIh?4fHP9GKqxkwl3Az{St
z#0toNp*$Y~BDT7`KRe#A=!pou$vGuMQ?NP%GF=D{>?;dA_J{KSS~xT%HLg^LuqyS(
zWrOt=UK;aVD(Dm!?4)EDTt{k$CdasYxP0HbaL+0xq_f+}I1BuQeuL=O(fd}|E9^0=
zXpGR_7F&uF9&K4aUtQs@D9n=z>y(z}31TOFq2|8GZ@Kt#hRgS(EA2C!-Fe_um@UWz
zX5i|W;QOZj)0R~!oWi4GSYd~#4nuPWw6m|SY%dI}&tO<(gcK=lB;*3SVRcM^{^>x6
zUF9VDk7avd6MY7|Dx)me28#|@bFdeWgH2`HNn%sUw|(%12u5WGp(8*7qJK(%Gx!qc
zJ_F}oxogOYdQw5ZeV)XE`!G>&S8yLD>T$>@mdxyB*q_uj<ZDW9)_0m0w;w>0^~)}*
zpK*$C<tVr!OLzeW4>Ihd?1Fm8r)mK3RF#iyE=H<WOyFv`wsdMVXNTt0lDfuQbGifb
zIZR+333bk_T5axgfUdyoJt{a8`RvmcJcMU6uh?1lL!jJ;N%&MuOpXF$k2?{6t36!|
zdDJC1QJxCi?Sj`B*8T`fxgI+T#FSaI3}z1XDBG1#r!7PAbyHJUV2ug(be<h+5z*gE
z1HtB=`y0kMmR-OItX@WP8-C169yIXJXgHs2_zr#ID!GEa7Ix!CP9cR~I0cQ4fGK1@
zOd&U73W;Xo1E!Fd#j>?9g<LJ`%9*GQZ$S25fCsxoleX#$ZD~3Vgv{uLEdy;X=L}RY
zxj5?~CrSfcGz+6cUS${5q5XCMjHjynkq+PIjx>ZI<m>=0vLXGl*;`XuSYH5uS{(51
zLJRJa>7_H_*W9cxR1>1G7%7bIt^q&(AXl`e7f)u+v9t1(*20t!&G{8jq&e%VJ(|&+
zT5z;QEqI3J_^Qkbc(TfNwbz!_hNfyL-<YbQ+fMC9Wq>M7I}t-v<TcNAt^<jb*Bd!b
zBIsW@G&w@v#6~1%tMSx2d5UnPm^n0*---IT1AjuE{t122TzTt%`xE8;@5%2($Zt50
zSmgKD2unoy+>oCQ<v0Dwa7@{SrFBHy5kY=Ka_vworJwG?AV|ZG#G#nk?IezTfRVWK
zD%;dSN>;>V><PAq{En`(7bDiHF)RKHFiK*4<yckbO!z1Tx%)n6R{2zq3)M?II8bIu
zSY57<nf00rXF7_{UL|s7sp=mxH~ovRvTR>F-_gPyrC3adkch4-tmFz*VLAVn1>*}g
zd|P~4cJTwz#EgeTj>Sy&2jmwEV9csGR3mUBMDj<>8$5OTGJLwM3s`#_`lHZal24N3
z+^3r2IcAnt(65eyIl5j1bBqXPtU=d1vW{q8azaG2NTFaiQ~%g~T^-TCLSkW+0C?OD
z7wJ7058BcTF-YUJrPoF~5)MGuap7HbojVx=2#;7xb5B|+b<X;6+B?B9i%gjtH|uJO
zTi@>p-&1%Dh*6#_ZRs7cWjoq&315ry?uupZj)Wf(2;_WYc^)S%r*>W`?4Ub@QY?>@
zno4Sdnm-2jhUSldw*OIj3iBvE&$3F-m|0!G!jRC6Atz0t`4-vdzp~y1JKOsLUhJaC
zApamQ6^~|sM+YN#lp5yIRD`madY6)J<x|H5Z!-BWHK>5_j+>PWn>U6!=a0gp!mj~b
z^D3)phh-Wozv>*(KOzP$cQYWRr=Emt;euU0tpkspvxal&iVs-@4TJGy+C$N$4b36+
zC($Psdq|C?6w@BUSW@;77ujeJ)z?wIF}iL6AW$V(TjHuiNk8`g@F>!XD6~cK--id6
zZ;LB!LwM2QXw0masV)s;CN5}>r=xMR{Jx`Q!FIkM3wOzQ+A%2lfEr1K6&z3Y;;v<T
zF^E3<mg`I~iDE2c3a_%@!yz8HzOj|_C&p8~jHkN)#_=>YT6LCF{&&YyY{T&s^FMn$
zVcAj{AskP2tr|~L3?60vcZ{dlhT|#bKRliwU$7TTQHyP0V|LNqGMd^dYj7-wQeC|o
zN*F`ah8p9E(+U|!5VcAh^}?y$sb{J2!*%;vALW%*A~1qEcCdQ*@zlyl0~15P2&2vz
z-%^j`s|!pZMO{qGmf4Z03MhkV8QRiQd_Q`39V)DYdW>?XVW$RK0i8MFM_AueyP`5U
zhP;}y3smOFRKuyqBDc-@{8@QzHFjGmuH7TCqXV_KZrV`0IC6!DeBL6+Yu`a{&7s12
zA*F{!cvD8>JVq%<SU0V`(?1n<?`j-ip1L7zqgj88eL{H}6JhQ_p0=|6M_WZH+kbGg
z?GFd`x~VX3C_jz%Z_xG|8nnHYUXkxjw|^t?)<XMV8*S|Xy;KLd@c;4lZ&JJ*r~Riy
zTRT9i>Hrir|1Is`lzpn!82+!aPi2Do|J$cx%SW8QXgHs5_#QF4Z>7M~ivHhhpPKXM
zR@tX&Ed5_+pEfz38VT@T|JC{4|2OSZVP4boy(Se%%j4;Px_x?_@g)19|E2Z)G}wTx
zUf;hu?EBTEyW?mq9<*+U{S*gI+jzSGUrcPnUV^*xvd>*uKU`3U#Y*qtIr-fqw%i}C
z05}l9AGKancv$&6hLPxy{opzva1WgRj;7OHU=BYsuYQvCKzvVs$A0oX{F&&yf(7_u
zU>@IPFK{l<ki!<Ntt{9MHj1a?7MT*j(=lFqkf(ogO2)_K__h}Al=YTl%F!_e2`<Eo
z@0|t*W^9tt)1YiyJNOESpX0YZl$&Fjqp-~4<_NYNkk&##X5T5YM<40t=q%}qyKLc3
zm{xqkf5OZ0YMDg9jiDM|j&};v);iMGf`-^xV?qqOP0EiqT?oX-@pb{4n-}=h>No+n
z1tE!jV(y`){2S>}!}X2-)BRl)81gFlFZny3h4q_;?v7R$g8>)|(s#tg;1axHU0k_4
z_P`5$4N9?3kM;SJ@QSCZ{Nd*IK03V((1yMSyV0+j^ELPeX@<AsWGt*8!+rUE%nUIK
z-UWiT)UMnGeC0sc<Gvn$t39_E3-h-JN?3q+8x-Qn{2E<)I^IFRz5Lwb?sy-t_iOVC
z(2qktU)tP4yalrHfw61TDZqm`YU4(m*Avg;Q)uoQB>_U`18+4v3#+m3uxk+f5VpYG
z(3NmN`l$E>bFc`7v4MqH?^n)X%IEPbB$-ZO+PpRLYV~;(Unr~3<MTi<eI7BkpO8=f
zw9n&B^l@m7&!e}rR6HKT4v%n<%nCU?qT?j^hSL8<{2gEaZ}N9+Za=om=Fob+x&GMn
zer)T<XLI`%ui`{(tM$>JkO$3`m-f}4DDTg%cPM@~-XB?miy2$9Kl0x|A42N?ALZxz
z|Gd9IV}827ZXG|x|MIUA)BygMbph+yX|{)?=ZDgNY&v~RD1Bwq>6e7kpKX+moh#U=
za?pMot|~!1(7ei_iRYgySFK?Wt#W8Dh?OXFeaeC#jfnk>AG-W}Ae@W;j2hbTJJuhE
z_~)s-v8^mO?cLu?KM_?CpVOxiuOMs$8TeN>!r!3_zJ8~KHvq4`1VF_%K>nUa`0ptE
z@qvC#<v*kmzSqeAgi!udCI5v8gc`0L;>S05UpTZ=gY+&D??R8aB3WmAW(0DGyueYl
zFL;`)dz(&&H%>*{_{yQt?x~(zDu&vuzPq9RfoKPws6F+1=`Yb}gNP!qUxx47;rqNB
zCr?Au+HSGt5aM6o+!%ac(8Tvx-@~3eyy{n@_G99k>>S|#kWSJU^nvUKUI_t(ql^fy
zU@MW}`LVTw&6e+q5b!)U^*kah@J!Y1J~U)#Jvrk1S|-#tqmKCdKKv>#zN^yr{8J+S
z6wQaeT?HFq4o=V_@WRr!d0ZB!+Gwt@TpZn6O_;A-|M=fL^A$cF{~F-VlG7K)76G45
zg9Z0T!#lZ<H8-ydMNysK;P-1;!+d^%gMqwKg6Gszcy8DCvwi`xmJ_4KslzK+r1xmu
zv;jFd)g}i(2dG-);IwGjzamZ-o{1ER0<az>+lz4uE@-pk+8D$Rx*=ZGuGpxZdv-+4
zW`GGs&9=VPbj=<|S=O4p2Rx}+rdhKW2=c9E&3dwC;lszpNbw%6caOFgUzgfR)v6Q2
z;NVm-POjDHw{ATwE%&hG8gbs;UU=++6s+NQz{3($Uz>LxO}Prtl_Ej3LI?>4g6AJh
z?35CGmhHRvb=ET+BXaRahvnF0=wfBw`-h8_XYtC(T2JpFF2w!adXe=WgfeGi<Mem3
zd1VWuKEU4$9q31%p?AJ2Au=w(yf7*2<?xl0&wq^(+L|kwzV$OiMrB0Ex*P<5XNU|!
z;}Jc2J7`z8tet}t2J)SYpoZ+1_Zh!a7prrhci>n0=N<%o;8$pnHgDRZ0z6Z|51b){
zEo#q`eA<c58Jx+~-bOZO8Na70Y#zuQ$FMLfh<ODuqr)kKnDRVR`ZA^F8C8`k<99QD
zrAk{6KnkVh6H`t-exy=3C>{ZjbiFoD(e(n7<UZck$crR|;)m`q!tpVlC4?XjT~+Bv
zkBW5=Pfr*nL7WnU-zq^iZ&woJh6*J?dZG%(eBIC=N%Bowi@tf$_@+0$K{?|Cj{wl9
zzAY*<NV7LozItD_O@y2~fMELw0BVtQ8AgfkBPIeFR#;@-4-mTV(v)v+{awko4zDQr
z)-F=MZQ`(?e2Wgtx9x;MzWt1LFd7TzMXU6W0f&4mKwy+n5n{uRybZDO58^Z-(5^>b
zR<ZE_%kUmOmY=|Lxps^ykxq^C-ubeb_poO2j%kqhnT_(6IE5h@6Z@T#F}(#XLdK9v
zHw&}~3itbePEf3=I=-Mtc_}O?iWo|j@*l^<XKZYxpm@vISWui=9VsXtH3da9QaGT-
z%~b>HO5@l0lp39O{Gy@Fk-ZIaOpWZG;S?F!l}wS5-NE?QX8ay|GIC@uCZ>$+9V&$#
zbvb~n$i_ldk#$H4>E{Oa!12b*?1bjV`2jf8MvkC=#Wx&5`w+mKjh(+*ji5oOP}mrg
z^%rBjd*oZ|cz?(Ewm-g=@%{n;wBO>r)x+G0-b2~$j^0D@9&LFdT7WmoERW~I@^<`d
z+9RVD+OmF*kHSSFxFFhgHXg?_+Efob=;@Or+EmR#Tg7goXhl38?C^KLH5iYdzUN%X
z=%H15<|gzP|G?W7^!c8+RHugm-K{{=o(R_KofT-B0_`3Etom={!x;+HTLWmf0?k&S
zXK+=C{+$BNRiN`fM_v^Qv_OG!Rs-~o0zIfef7}Mp5(WB;0^Rlq^71Rt6AGm9!}}EI
zZwfT!0f25*pd|{FzZ0O*3iOf!z4kajc7lA}f7Qv1fd}xTj{wI4?_%WxfJcC;@41mI
z)QTz<?0m5GgOOk&M%g3JV}$z$mK=mp>reXU7x4rxR={icZ8S4`h#$gsL4GV?Heh6V
z(j008?w2pL`H*0=-*h}m`+0~wMGAML{qiE)udSjY{*cjrze_VDDCmWU!KWSy)KP(s
z{ti%Q1v*iIuB!#8{x|tBS%Gp70<>F!x+~Byl%Rj7KxZn@aAH*`P)`L~LacWb=v)Ol
zkDw(Al%YTi3Gyq@#R@d%H-PR_p#BQ<2SK+gP__asW{IN}Xov#6KrA~!zV4URNc#=O
zkNyxi7HYo>fvTT3F{1rG3xwP6%jcy1wy5^o{kgQ?Rt2o(@Ub(qaQkiF1=vS`vHh-|
z9d5txkYKc51s<jS))M*c8$#o+)@Z*SYW%&7>@ohfZ&yln`IpiRuPSJ-RM7U40==m~
z^^c&tKB7SHDA4{50L@XL<qEVW2OmyWppO)&=d}QhQ=rufG%yRG%N3|nfnH-?7b(yu
z3N-INV5KO~7YZ~0wbeT)&?W^sbPuqOd?B^pqCoLa0#u_w)e2;P3!twRXr}@toB&Xn
z0{yH&N7@1OrULC#pjYlgiGNd|-xR2NFtCah=&%AEod+zB0@WFyj{v$!fnrsUIsYMi
zc!dJRE6~E-z#5=H9Te#F^MIA6K%Et+Co6H10-dZtQ)dDzmLOmEuYZ!>_YHpZM6`FH
z77L3Q?QuZW-<qI$UxJbzZ(~q@kc~xW2#V2*rT5*Xdf(ljO7FWt0oQ>Fz5IG)wvm~M
z^l-C)K`4N|Z}WX&dvc-eb|e}7?;1Qx|GS##=~6u9M@aq~{V!j!=}C+tW_M`6wBSqy
zJ@PB4+o?bgD9{N90Qypayb6@e5x7c$iWTT_V*OKr{0h|W7l58pphpzwZ~Fn7uRwoQ
zphLu(ra;dqkdIgs73g^dI)x?XD$qX^Xa}p>Pk~-npmofvrvkmLKu<BRE(-LX0$oK=
zv;uvgK#vl%cb{-#l>&7kL0c4PjRO6PC9YGT^$PR>LGLNhX9{%dK7d|Opsy6@HfH~@
z0)4AMpR%g66lkjgolns13bb8;E+Oa|1*%b?WM)5@AYb>Jw@d%K1wZ<t>%#r-YoO{E
zjF0Gl1(yEz_0!V-2L3MEYwyR>|Ed)5Nq#$+nT7jb91B<l7(2|E8P@)Hc$?Y(cHvR_
z-%dQ}Z(kddfAf(ey6B~_J%-~EvhV#g)%QO9R5+fipev_iu)Ru<ulv);0t4x9%xNhI
z2|kCnfvnnCmG8f~mX~Hb1t9#ys-NAE@W6ZTH=*mKkA<$bimoVrd?&IBxH0Ef<7xo2
zuK|p7&B<?Uzb&+-0mT?!C*e`(OX6o6$A#$Ig;EXrUY82=b)$`#<uiMPzBd$fE_;EG
zAYb>7tEHwJ@S|@6MMB?V;OR3|z6O2w0R;LcsUMeQG|;B#yLi3O*Yhc9%!x?TOOTa?
zzRAqKtwG;&(;Lw@67mBmLZ9DuIUdK+Sh<>??H{Y?tFWDiS6uel_iX$+miM^pf*v<t
z&;!$Z+erXa*iOb@tR@V6ZW&2RTCxrwKl-H9sXdbPgCHolBxLV&1;{9`w#wkAjc5f%
zc_@D?5>Q^pJ>=I`v}MV_VUl^@a!E-Vz%njSWvl~8f0SkXQ#I-`0y={cY=PH2R-!@g
z`$#p)e*%v}?@Rn5%A|KTUP<qC{DNLbzaF{$dcc&o<pEG(yA^*~rMH#}y>D0I;}`!b
z^j?P~y=?@&w*wU7FCLYACfcGgioc-uJiMd42lj&Ar*P~QnO`fJ_dQWkl3XlfkSZgY
zAHRsohUjfez?mqN^nT!OKyLz4jq-Q>XwdsR9`r<`{0iHrc!l#!-wOO{iMAS8-&!Zz
z`*^Fgt-{|?DLuwj*gnJ)YqtD7A^ZIb<nhlZgzT4)q$jdUPgy5GSU+B9dlhL$`SbB8
z^gmAgMc0`0--UOSKQ&1Dw<!9hl)j@RCCSCY2C2fv^5Yj#`4Ig>2{;p_3;oj?(C<X5
zQU2L@l=kk+FA|OND{LL`dJ@WSgI~0_(`@hBtz^Lg`~?f9RM__8i7a^UU17n}waDhx
z$Atykk)(HEt)2+8U=ipKAi*fV0*^xfH$+}^wMqXQct`nlI_dvj(Jw{xeN<ACTr6pj
zD(Ojn{30qJqJIGaXQF7Kf2x&!?uXe&Gp1Lj)At)z%4Jm=OVVdiCL&}w;`k#zty;g}
zVOXx8E+d~Uix<mYIqu@c0XQTi;y&5^tU}w*t&0~Mux^H+9HCWC+?~l)&Pk7j7cVx`
z5H=PsR^a}tR;_aWiZh}Z?y}11;f1g9(ViYG{r!6}qs9s0bo~m{LlWFI!FCE4mpX4z
z>z)@Pk?0G79&RwKA29xzEPT~9a~p>avE%f$A?xD7I*DzD#_I$soFopXkH6O^?N;kU
z!;Naj;X)g^?KV+g{+TK{5hagwlnl~qkm1;Ju5=z-U=0oj{|C!{L*edtSzY@atthIm
zD764<0glR|RBjXSpVrHE!WfL*w4Bt5cs|{Do&uBtBtz@fV=?>GDE#T#1M%E)ibtoO
z!XSJ&OV-Ba|9k2ZVDT6pykcCb6Ib4hS9XXtsG#he#Y$5;DhG2>LM{0r;v7C{9|zBy
zC4?bDTnZz<L7rTR1;5d$4u}6QV>$7`b0(gj#9>iBr#t+<b@J>=9V@Zo9DXPIiYs*_
z0yV}t3oDo(B6J4NWQ)bGyb-VZ@Ri^zf-Pgge5Whx=F}8~P(}^3r9&{tW^{D&aA;f^
zu8m@d7ncu+*fi;e=cvlKRQ|A|;cSANwPfW`Rm62Z#CUey^sR^wM;+4pI;0dHW#F|r
z161if@U8wS*82f}8PD3od9)&=W_G6i3u$tQE!>;(7O5IERWhQKxl+^3k|&{LhSKak
zIW^N+cx(`+33EJ_l1CwTz<I`4dpH+=RoZ1N`4X1w0F3eO$*B}V&)^qehr{oQHrI=A
zUcudmlEAwb$AQ~`W$8{t?~EqTJlg{=bEd**f7;ThSE4=L9AD_<Qm^1?<atV90n(km
z-GMoRhXhB-+$Cs3ZRx_d@xyCH+c~~KUDkOz25)tgETr=<-rVDxXGA&~G1g?nwVTic
zy%})Od+35WXIWS<@<WOS(l>?l+3_0q1v4bcT6F-exEM)BC&<?3F@Dd09-irzT-uqr
zNQ)j_0XaHJrQgJCe+HmnR%*@+ZQf(Z+*x)k*0KEc*VI3k_Lh!IF7E<jlq(v%K|il8
zDr5JK_M|!dab*sh^mUvX4xXW{+%FmHPascnoUF^?oUWv(>^8RKQgm9a_*|BwI&QXB
zbebUGD6F<L<`rz!Y(-g)l40nxm&FHoYQtHgA!n?BW_($Hr6WgMi3<wWM%%q>H#!h{
zIK_S2ia28V5DXl<eBs{6{a6G$jY~zVUl}UTJv1`A!G6~pQQFE<M(EA)pX*?@aPgbk
z&RbsZ>W@C)`B436L7df9MHFD@#Mu2qj(87Ul0O)CVbAY~D`h6d6{6+qtFd9UQdqs{
zgHZeBqkeiJUIQ0%nU$RkqrM_1y8f=f>40GGZ8F&-;fnFn0b19C!}vx<L(PoFF{4ao
zw1@jL=(&lmtZJ>O3U6X>YAe&ZVU;9bAQk6ZAYv36`uj3|70P!1`=R=InC&*a2A;4Y
zd~PB*iBL)ej}_rf6M;QMe~t*Ftq6V-!9j!vh;We=VX}!p*{e?=LT4+&a1$Yy2m^@l
z3q43eRGecXj3UCRMA&FWNH7s*65+^lAiQNo&;d~c;tnEwM}&unz)coM;TozTGraAD
z@?cyrCMZ&q>9tYO?v4tR5v)I{RJtzp4o(?)9|jE)*<UK$O~*3{rT;s2(G8VGRYsMz
z1i$<THI_M2skAA0cFA*5Y5|fA#b;=>ld08`LR#%4C^U!vnbfy|M}?L|g*HVL8kK(E
zzrezQVz>>-sQPuO6CJ+ElxF{ny=#GQsz~=qNufyLly^mtpuwf`uw76aEZRs5Cy-)M
z(5`}_BBG)qCRhcem{gj^DA#4xU3Go!y13$FS7kvEDX)Tp3MwL~JQm@E@OI^)NbmnY
zb53&7rUksK?7d!oKbkX-Gc#xAd(AiB_stZGmW47NScPXhXmzTBJdWbqW8dbI5SrSH
z8i=1?!>cW7v_muShBzx<pNbJ*waA6rFdc5RFW4kbM3ex|EG&b<9cRPQSG0<`0*6$=
zAwA@f6_P`O7vWiQNN@)=TqZeWfun>0YhlG&;3ysv&YSI?R!tLF4m}g$&SFNoycED0
zRRVp{U1&H+MPm`-076MkaVDhD^T5s}d${~_+*>-s?cD2qKQtV-Gnp%bp4f09>DK5Q
zoR&1>LrfeL<3?!kIR8X!WyIyxb|X?xZT{JVU3SIPX`9vqung`w896L*v1A!aBKrUi
zvcEXLOe3d8Fm#Fzl3(gQ`O#BtetB`MCm-62amz<AQ7jR>@*4KUn3K%8o_)KS<7MAi
z6P@vaiGe1O@uiEOhS(gKM~ux~RsZ-6Hm8q&$yzg;>l_>T{Ld&i?vO0*RU{&xW3ZxG
zeLeHV#Bn_fa7hG@b$C?*7f>%L2<{Y%tpq%>0IOdR+yib=JXYrxHiKJadT%BBw7V9N
zXW;y4q`9Tw2EC!tv4&{Rf_4lxK}a#!gv)=l(S&9$|I!-rp-ja0=Z_E^q)jULL`F)a
z6WZbz-hd9ZRXA1Bx$S<WPlDTCn!s&sQJADRHhpMbSEc-Zv>2P%8_-iMF&v5L?FJhT
z;nX-bdlFA>7L0P1)jPxuutPaWTXYaVK#y|o)VwO>^H4V0)Ec8XN%P=hP8>~Botp2T
z(Q|MW1k1O7igL_Uw5`GGstcwaC65p+T7|o8W~2a&PfV7<Nqc~kc1$yI(%A4HLwigJ
zJ{m+Kx**0fyI^{CmZ_8%gE+?C8l}G_nC2CH>%mxAfnFxq(uGJw=tLhY?y46HzL&{j
z)m+?IFBS~t$R{Y~C0MbycOZue!4x;J_%w6z3cXlx-T5qzLcEN<{gPfR_}x=1US%$>
z)QbhTo5JE(%*D6q#e$t)%VHks#2WYL#e&ma!s0tc@n-NjvL_RtgPP|0$FM&?9T)C#
zuQv2PJ@$5uH-}tce<jYUf5nmuQ4(zmu882>z%39&v93|<o|d?HGow#fLS)>CZ8GH9
z4DH25l1m=D!Mqo(!!K75V6a=mtrRtaT^2a<x!23)A3OP3F=~KgJwvuvn6u3j9!K5<
zq0kdPzv{JU&5QyJ2*IwK=v%wJP}i-mpsF&Wb;0=6@ca_7G<&qO<{qgrRm7g1m5v5c
z2|+T0do(L5P)fwkKhy0$+Qj#QJN!&3=B#$dJqCk+>;Bm6A3+<<{eOa6>e=*jY&txD
zvzY%q+VlTN*8k*q|I<*x)PK6~1x!FUK)(g;<9q)`6|<ZG#AMQ0|6cJOpKE>4jywFW
z<g|OV^U)UHZZ6-hRk?|*%pDE_%WG+<jH@<1!DDaV$mxcZ4TV8OE8Yh&KKu+hw(H<@
z{#bESNa)@5c+!?E#1eywWbj@n+?wrBS^^wIBNNyN-p`QlZ<g=#N4~$0@B8b2zf^z!
zqrIa4!}5Lp$oJDg+O_`mzh9!iKSREsf$A7Pf8_gizTYU>`_q;ZBuzLnBSF3!OQs5V
z9czep08oOe1X{xDD7-ENu{1v5&Nf~pF+SQUwqGr@>@KM2&db|yX+skwZ~$W|z{M<T
zQOM?y%LFOUB0AaxU~cvx7agLLcKLLG6S@#BQ%(XA&vR&lnH^jrWI3v8&>wcl2vo1R
zL`nR<gf2`AsqVLm#d2A=$JD{$j=KQuY5gk;cBNr^d=`C?CSI=0S%E#Th}shURa_Jk
z`wumQRYrW1?Z<>=vh&-CXAcf}b^!`@s#ynAL!t_9LNsG{aHY0t$&s4MMra%A$o@9m
z<l$={9T#tN#^6u^v{Nviy9zp&SHLmASB`X?08z5dEPjhu4flB!T^)5h*C~%K7SR(I
z11AEAp3GnXp5T5|oeg{0@nU?ToFF#Zh<-!H<$TY#x0(xKIoQbRYm;x;onO)2d_BvU
z8H0o4c4gEv_oH5>8jo|ot~}}7f5_~lbH5BFH25;Ei25_rV(#0wfK(73*hCHY$am}W
z?=t2eRZeRD-JE|gbcXj!KL4J@=J|)@UTgj#2<*zFiPKes%=2#_WX%7d+Vg++)WBNr
zB+NUih<T5%Cgq2E=U)j}pa>}9d`FIQmyGE9SSjcbR;X{oMS=gOy1RVj4i_J0D5<Kw
zxc{-*8a&3pLjLbE?=Hw$D*{BG?2C$jH6Q>lUkrFr{X34Thc@wotug|J(yd@7_F)gr
zWD2{S8A?mfj0~k)VCD=_`q0d0MM1#~J4>=zLT1EQ7U?DVEGcHmM|#O-y<`+i#sfI*
z_!OJ(Q3MV|w2g3^-({eJdgv>}ujp3L2C7X@oAFA^f{cAi%XDn%QN3olZyOXdWxTmB
zkc)}K@&qtl<0H+fPBFfM@BinIpALPo@h?LnMi|>9(8KgNJ;VhRN$KG|iwvB+^ns)}
zc@eXd;$)5}iQ{BTrUg#=VS^T<htrmD>)O9Eu#3M!X-KTR%uE#>F?wE?9-cEe^w6$R
z1hsllavn6kf+V(%lf+vLd17!Vu#1{BlEh*EW0HvdPrdjUqlazc2uyl7TMWLQ>Cd^;
znEoYYNvD4Svy)E$-%(;FiH|ZZrr*|7kVM2b)JdXT0#|$qP8WpHV_t$TSb_q~QvyFC
zJv_&)&wqU+(Fr|reEua#jLpAWpMR3XVgCk_SpWPR^ia-s<j9XDiE~LxPLh@?{`c?}
zNa95VHG`N?KL1}qPZH>1#{Y79xB}ycSeJ{HfS`{{YQt@-JLy7SZGliLno<kvaFGgx
zzyZvrefbDn+6k!%;u9o5UB9<UyAZ_!^>(}8H8`!j_pUih1QJe#f~_e0rh_{OV4nB|
z@oOzGZ=f0T&VX{kBm)xXeg&L!@Z2O3=OB;jV&F39XkC?!(O?UAcz}&a*Df*?pA39+
z%)*PvQ3CnMFyox^0PXU{S5Y2;C<1|F`FIr<zz9+B?lg#j<%}<FAOJ3)^K|)64c`h8
zVs9-G;)l$;o8;_{h~0$_^1I1DXO9OnpIwGl!2f4~W6#O}FQ2XR|Jl!qf`VD(|Fg1L
zqVxaRi}Vum|5?Q>(fR-E&3Xy>|19wTWr_Sh?-euu&m;fOBmd7O|IdY}Ao)KOLWobi
z20>xN9cMyLACI}g1XPWW6YLqG*0{QkzVkxf{oIguT{!CXrGdE?R`iOd6$NLD)ghS4
z9iafTQD@W#X4~&e3TB&_T|bz8gks?tp<k-_I@97_)U&w4050x030(Y@z*S?L*f4M%
zlE5_=Z{RXM(;g!ZTw}3+O#rSM0GHJ81ssdmHSb@&LIT%2#vVg?fQmZ<xaI=579;_#
zBUs58aK*$_wF`n&f2xM>1DG9CtM))ZU2Y8?@NdOK4Z*A?GL0|#w?o+cD#vsl4|rQZ
zcw0~=K*Tl|5HgqWwm^rs1<#6tg1LmZxrDa`I=n4dq?Zuh<`Ui(=<v2+vtB}Yn+tdY
z0Qr{-d2=o0%|7o)c-tW4%|3*;K7_Yy!do_~0^SzmKH0Esmg<ZMcmtdXc*C5W47}A8
zR$NSYTj1b=iKA)QN5s?$W2qKcxt-hkryNqR5D>psZ*zBOfnz;h(r$TGY8LELvj7zX
zRSP`jW>bc8!LPR>wF?1<R4<5Dgnr@d23rwC0AuN=w{jRAyAB2%{ME-Iv<zRq($H8+
zFzx)JLto1;lA4A9bgHpdgs$Q7q^(R_N_~P!*#L#yM-M<DS5boqw@|w+8Y3N1=Hi#G
zStOBfiY{^A`aSSi<FP#}K5nWY{9ACQ)0-6@)GJKXTe?I49i#tVtN&h!U(v%x@0C1G
zIye!kKU}3%t>wi_@>uc(OMcCgv*IOZv1Bnzpf{@4(&8mTFE|S&z*cSF5NZXhHSH#o
ze~TV30H>O8J+09?e!;1nn)Ws)4tB*y$Aje1ltx7U!y%3K9*iB~8P@0!X%RKk;CJHG
z>ba;W==+IL099l+?HY8B>I*(L<wD_5<4uQ}-fr=xYFV=}EOwzyeFRVbrP=U>gXIv!
zSeZTc4m6A}%*ME-i`+VMYu&U%KG8>sIXAJ7WiK0joPj=Yi}&+r$WTft<rKq^640lV
z50ohZ(Mmb#mZ5%A%CD0t5>VKLh^w6rPJco`Emd=5rCK+1Hh%`5Tn7s}?}Gz4WQ5LI
zD-OZGM8km<JwAL}(I^=%n&DkzNKw~_6pciX%8;pRWa=;=31v6S)MlBwTc)TpLm8v%
z;5||+q(od03{9pUmt|!#^@2zZ9E)nN$;V<m&Xte3c&w6-c09f(A7ST&&zPF24gM>Y
z%$I0>uLP<mJxsqV@a#O4VFYp-1M{GGMTx-Uwz5P{X@ClKln6TU{Y&B<q1{vh&&iVY
zoW?D(L{4?!cd}#=OR8mwn0BSS93_#5WHDz}n<b0obO!z=ODNxI56cocwShm&5+0vw
zURffiIq-W~lE#v&WyxkSb%C%f*@u*tFH7X~2Y53RK59Kn&XFZ@DFQxOvWO+=vP3RR
z;1*djizNqUiHRt~GmJDw%90r@SuaYsT!En?dupk+ROVsb0;<d#rM)imuz-O}WS*)$
zCG)V7feU0_wpJnY(y+Q&$cyyEAJT=7u0L2~_`8KuCwxSVZGxL)?b>4#1cDv<kXen?
z&?IrcXtT0OnMB~RXb<?Qd$&dAg=nn@pY%=ItGDuK<d8NIEzA9)5l=&>H}zP=t-Fho
zOcUV(IvrEsHc_No$8juXiZtskL3r*uz|om0lCnb-%o4+9fuKk$(Ksm5x#rwNYVr7A
z3~I5vl1Lk)Na6D*za14iWjedlEN|6P9z`9}-o(imK3eyN{u=;?on>kr(NyGlCJk!#
zhg&2yyJ3_;&C<*x>854L@l}3cd=48*pqPhVG{#qi@%_Zq>}qsYmzouD2><)3*_1y^
zYWCKhlA5g^7^h~}qbxZ!8z@VXP_v%0BndTZElZM6vm<{J{nSUzHpt>6)NGL~NkYwD
zlqE^1*+a5qv!pU+YBoWZB%x*{vLp#LyI7Vap=J(QQYQN`Q?t`VNg_2n_yVV3U;;JU
zD)SPk*#|N&fttN7^XgEul##+eUzcy}x_py|U_)kV(s68UYI5tHf@r+3$3Q<rzPSrh
zCg{fE_l*L9;FE6G8_=pA6tu!#OM1EWVj}-0ZNdlx-^&tPaK>7giWY#)OMgPy<e}%2
zVe>@f{vW{R*PfHuyyG^B%{Bew*!)|RCCBD_Wl0ijzD|}T!RA6)k_4N(%aZ!AIb9Yf
z!R7<ciUB6U=Jm292{td3B}uUPPqHKlHdo4$B-lJ&mL$RED`iO%Y|axUiP+pt<|SZr
z8=04Y%@&!LfX%y}5tN_~Huw1r_bmCmU!horSn9iicu4sqLpyj2pJNipg?_BNlt6a%
zrQYI@_OBBC{X}|DkNj~Z+LQ8!_a-y7*mI+f?6KX@WJK-*QSj~L0L-#S|1F|mX0=fu
zs6`P6D)u_ReIS8agwH?g?}?Jd1lSdG<X6KoCN5df_Do6^i~k78qRcE=Sn#c+G->!&
zettN$U1IMa8pKX(i{5`?N^=&*S66OGNACXtN>li>q%>1*mXzjqm&7Se7Rr)S8by{Q
zp)}t<CEiIwX*SA|B$TE~mefaSo|nZ*C{2YdNkVDvkR?ed%`jP#gwphtB}piaU6v%F
zG>v6R5=yh{Nih*gD9u_?l1OP5%De<h^H-UdKxrP6c?p!}0hw2a(!4j!>@wpCKXMpb
zPG!zN_~Qy5aIM+t2~R(Q#5~}h#ca($`h)}Zu&XBj;BweI6yTP^UaqpqR%=(^4&JuT
z^D^gj3p6Veo2#M6xic=yOX=!+PYq3HBHG9kToimyS!m1fFZzrBuw9wn4B0r5DBJ>7
z@r||zRO?4Io8#)|F*DF#aHZ(3YXPG6`rBbp=&~ug+!kqyM7*+oUMKp;l?)Tx=)IQZ
zrFHfF0|^cc1xnyCe4Snxp~pkKjTxqQl)$afpT!5@5Ch0I58&)t1ITBydN=pH$-c^Y
zt9+y@IyBA`#Y}KaO2CWPYq$Ru#uNL%#KCd?>$Fc5OJo^3!PL5NxlUjnp2I_}Vv-M!
zRsv6=LI2^~mGWoB*TBdw{<(GMHv^So-8VuaUirl5m*4D>OCDLu`NFu$`*5Hg**sI+
z_(xhG#ao|ESDweGL$3E@eBD^@AQC@jJTKxsV?2ZK9G^rbAWWO(Si>%>t1QnlS}FIT
z5(j3h1AjCkkBvt`;>V1KK#UL7VXZPfEwUEVVICDPH`hn3j|vO8i7SawwTSmwXMBG^
zo!I!oNW|-&==yo@OBh@9D!{#W4D#jziqUvp+GyWZGPjtyz$%e@yU!JMv2I`Fx+*<Q
zts+ov*^zs_=ZdFjN0xSsm0}hwER{DNmL2(x7xzS&qAe2M>!D9aPn<saCr`80PoMmG
z57ePgAuPL2p3)_GI`_+@<O%jj_?Wu%$v-)WE>Dy``SU7Hnm+NJ2I!M9fFDhtWc&5f
zC!_uU0e#{mlRP~IAQ0r~Ih`0}m?5^#{0jPHbbn&>sqXy#yXliLo)e=_b;olO^vR!B
zc6|C|jOWDYQ{C|-(x*^*#qsD9Ms+gu$r#^>(WlzuGt(!Gtu}o^^(6EOxry{C<O$jY
zRq`jJPok9ciKUW0`IFM8di}+}xrQ5~<o@E*OHgL=7oUDBEVHqpX&@?Qg1`7@Gr0dV
zqGBfZ7w>&#++Tb|H(FIerHliw&@{SUs4%F7;i-~=P#FdA2}Wd)mazWK&%h^(4V+zD
z+!q_XWd7p8-q_+`x0kJT{;vl7#Zyqo-P+Zt9!KdD@fV+aHFu|V{KX&pmDyjs_p5UI
zc!oYqlfQTcriVRm{xxK6xu5ogF04!~eNqG#INfv6`8VMa7Am2Ov?tM-uGwcGk6|d#
ze$`e48u$!O>f0}m*1Sv0QG@`nvuZFk3sq3_T-GdV2d|LVgzmfF>C9M#4E8<REzed*
z;5YvDW6bv62r(d)c1HV)euMTIJ?$=#Lb1QE)>bhuxJ3H|;AFOLdlUKY(8z8KEbA>|
z$Xo9alXbM_!1C+CA%m<MTuK12tGw-7#JcS-;B!e)`8N9G?a*#yM~HPhp}A}Mz>KNU
z%Ul%$GotPSx-oN`-d_%+0999D9$=+m*dAx01SUS-#;%GxGotNX(~gRWu?Prz^jScY
z?=?1P$6&MbE4$|hc6*1`9j<S9Y`7bM9Ce2~Q_OvQxNiy+`W}~OA3z`ZZ%sw#h-vG~
zg*qcsd+b3VRLEy93g0aJjUGfA4oZbXb5`a}RSH)q3#(kgfu*jpDOXy&3Tnbsda9~j
zhicIbK4RtnbtR6<i}+&Ml&fSd6-A>or%`JZYJI?3ze0}iP1vqIG!8w7r%rY$3yUr<
zR2CLqfj>n!^xh5tn#y(c?=55DFcuDH;Z<;kf#m_puR}TAU5vm7?}lZZ#6wqcZ4zQ;
z#@6L!mIaq^U9zzdrgix*l+g65d<)LM^53%S>!AeJAg!;G5?IO;vIXLVY?HR<3U*|K
z>$PipZmLU|;2Ja8(It7f-isfK5hj>@tcK?>U1>zTgjl%VKMai%rfF|V!ej?wIxsm-
znBedM!UUg>M7o4;>~R6LMb%=K6jGrK?f2-^2-V9S@KKU5L7%3ggq}v9^%BF1Y-I@!
z0;>xpa=wdSVNirfybDFyChZy^PULTT#Xp)VJgryg%L?4Su%#(_OFsSgcKHIaYCN&3
zIVwlTu;vx<k}FyA4Io~cKsfbxbM)UV{6^1{<MN(MVp7ezz};%CxopM!`G3H1r1*Sd
z>1x#E7k}N8B(PfhvcOD!65?YN7Y0`q2CLn{{qEo~nB2Djf>`0e*UTMqA>vzM&RPT#
zg;%Hlu+62+Tnv=)AI9uHgf9n;D)&G#E~J;lXo%u`wJ3ZG*1HOx9q!Oj_>SC_rdrp{
zvbw|Atm7ijV;-e&r#oEONOc}o0_Wi+cen^H6i1YR1B_Os?bTw~;WyIF1u6?+$yL<I
zRZ)as+J%j9`$nM^e~N6lJhI4&KZUkP1o#46T8bem(|M;l8~_`w6{5OyrFT^~hKy*7
zY-7dcjT^a^4`_t1Sy+urpOpZ&^5UELz;7x=6Va<tF@+V;r(UtUQL$LBco{0<M#ceF
zv^@yVb=&5Z^`dP)u<ee<D=C&pd-;m!B|e-tj92);SNM6Nmqr%x1#0-Jn*7Q;Ydl#y
zy{D^LpTVij6HIsDN^`AzNGg;!8$6+OhpXatOXNcgRBYFxXT-UW&>#F>J#>WEK$ov&
zEa)|AaIxC-J+*45-M1}g?V<hAf2!pxl>pVSuvp7NfC{Dj8H`5_?u%^3uNaRtC3=>4
zNU=l*%6VuMy;u&_8f_vTY*qmsJ;V|buzW5;Q&_FBtaMd0buG79r2;^{Z)5Fp-pS+%
zekdHSB~u>Z8cAcBkrDsBB<Zd+cgPL@qhjFg&@=`>utZkkB{e*trl4{FRIkfZ!1m(b
ztOgG#bIz<7i4XWe&H7diUke@79yMzZYQmTfu_~0yzM-w1bGh&1f(m$y908CMy>)#}
zxC9O7Lwp*GhBwTBKbtbA$WnpuI7ig1h#DS__I9gTt6_wR_KvW<o#<3`e#!RWQ$O}t
zWigzY7)Bw2cq75(2x3uz1YU=05r?CxSu0S%cpZj8`{@q*Nkuy~sCk^bmGX&@Kw^L{
zbOqt&y*{i3=r&6VAr_Dmn1k^P5PwBHU=2yVB4m{SRa+u-Q%ea@^<5@cA|>*^tR}EU
zG%1>r8#PQ0AIcZ`hR9_G5v$##*Nx`9MW}Obbd*tOG~~TSpv42Sk*2cGM$slf)s#jS
z*qQRO0b|vdh~gA$bR@vT*G8O506uaK&a>lvZPU$g$rost5?wAHthVT{#e>bF!(k&*
zDc`Kxul@<IMjw^$G(rvUgYg>Lz)A3Hoq#!SSYFF02DjvNPXv(b@>)mcL0)rQo+z)`
zkl&EJ=JoJBaXZ21mn9Q`ehapVhGX*D8>rQgy!Km`OSvEuubSk7dr|T~mDiRHjt%$R
zq{H1N=OH#+n?79SfkRli+Va|V@P0^PnTEW!4ry1Yu(*!6Ho`2fy^dNjajmcjg4iGV
zUfGn9W^t|3s6}zDGi#M1M;F(=ydf^Gl~5x44JEP>5Z44aXscn)Zb)obv-}#CkCYOd
ztnyb>F$-;{1*Fh+DM)gCLfgTj*y2pW#F!T63zP_<?TcDM8-2KALfg9(+Ww&nZO%dL
zC@!=)N1U9{7Q|VZzMHI9X#09#TxeVM*SOHu@9q;3+V1I5M`+u|13LYFg+!t4J(N&{
zIjd`;(AFwX3T>z1x3<vsBCsbWv_&q8S1^ROa#k>ewiT#A;b@WmJ6FCC6WU5pSqg1`
zjF$+Z?P8V)yVZdH?qvPfi{C_{trhFq*-wdV#VoXaJ<TMvWuhj(INKqGwr;3z_-iHj
z2d^imqaEuH#+ETmJQO4-jU;F(y5lizt~OI3=o0NIz>_XY3R~I9$ajbC>{d1fmwF7M
zzi&S95v}gk_G67fF({l~$yz*Ng?vp{k9@E_T7$Kaa0}s|o5n+0FZP1_1SX#5sxHg`
z!JHaRqt7;^Gf04UW+&+-6z^pp05@4LvoIfm)akvf5CE?C(k7u7UNL|z-xS=(Qwm7L
z=VbG9+@XPX&O<kTOpveBI&B=j!*E{7js>T=PalP`oxPfA|1ntf_iaM2f}65km4(^T
zo8XvjVxiepCDR>(rvo)N(q9?T!X`T0p`u)R&1c2jl`#t4Po>jz5U5I<1I;OJ2B_ga
zs#T-}3+oOQ<|Cy91|tDajJM*B1Z{+bgW<zV<#mW<Z$fy<SDl}ly;Syb6?Hc)c&VuV
zt%vJ%Q?cdjj!rV%vUbOXCF~FAuaXb@{n^DPXO)84H0g&QOG~qxN*Q{jXA9AaC3G8*
zZYs~}C9mrxbQ>_asXR$H)nBXOxSL8W9M25&p9iM|PaayU&tIh{9Qoj{vJBIaj;W~1
zkAJ}o#C)N{$}-(yCF0v79kgW_iKc~?gM}4+98p_Q(3gu{%fJMUKp`{&Q=t)<Y6c|0
zK0^;-Lz$~xtP+%#(doW6C=ngb6UFh1cNC^^^Nteu9=j!X_;wYbq|SmkCd};p-`kW2
zw{VW)4)Kw{BMpG21|q=d8KK9>(xzTzQ349K4d#)lrjh*#XeDqdIgtNOVqFYzeN2my
z-HwqJg?*zivQZq_2K0{-jI1%B&OEZuSQ0A41jOJS*J;u}ya*;M8%*#HYNEq?&j5TO
z3+ao~LJb$fKYt^jy#vLiP+<vDN}xFs@I!q%4(;pEuRg<Vo`7@7Q-t=Id%pC^`a3Zq
z?v&{EZ$4a~U$^34j)B7$@dCV)=vrnBA8sS&;bSTF;ospWy2jkf<nSlS;g1)?zoX9Z
zd9S8UYvRMNg{-Yv=fsdz@%O~I;a5fzcLQhFVsjF}R}ldVW)fd#5?^Nk&*)rUFq8NS
zzwMT0xAHPk{UPaijuPUlbSr;WFVXRJ2JzM8R&L;H+^swTU)vC0+Ynzf_9gQ#_x2nT
z?h|m6WQEhQm<jmm3bhO39;)R6Up>zK2EHCFM1a6nmW|lCN$4+6fgfX3aR)~h>lyn2
zGQgBkz?7?h3rxBGw~*Su#itmvwEKS>Jxek__0uyr;5D&qbXA-g#Z{dn#|mBzHKNvG
z3Psu})IeTF4dg&-ATPU;oG$}9#t@;`zneP9%cz4KNFC&5&_N>73w4mUp&VA;8M+eE
zuJyeaQi-5`<NJeXOj}AR#I!}Df@;nsBqtC-dx>FabB2N$hx^?y1k2LleRvy%`(4TB
z7V>!zpHuh@$yXeDgbR9FD$pzOz9pl0;3_b8a4+JR062E+qja<t!N$cV3+EMX|A$r&
zqMG0ogAuc6sxFk;7x#l2WVx*u5U_36XQh~$0o~$bW8-3Kv3}^0UrV_NStnmx-9<{O
z5R0r{p<gW4oQU3Th^iUb|MF61PKaIWj1ms*o(@uQyHo$YIY$bZ*Xh4k>A#oZ7s8m}
z@?QW@$upuZNTweWY9T51k`;s})_jq-S9^~YUezl!*IP<8we+ao(sQg>u2<ZaZFJ@J
zv6}!2qqnh-_fW#$#rp5t_>B(HWkfeuvxIdoVVys+?ALl(PnPAe>}-}jfHIUwSZOII
zqy^RpW_Lp36d=<N)j31MPnR=PgqPynI=MdbpgZ`3u8#!er9N_i&_`}G>m!#K`p6yl
zU@FVrf`2h?FjfL9!O&cx#_sSPHg|YPMsV@8t;bNu9l9T)>^<q!NETd)_<dKVsY=0q
zXeJTUspI2#Uava8f;|Xc7p%&;PYI0YQp2BEb*_gY4HLnAYL-SdXVnqvgUIx%zDt1@
zty2CH%l(Uv0-_mU26g;faMxj*76`b37Cu${caniyBOrlDf1voUW121Q$ysUKPd==<
zC6t#IoZQ?JY=daYqNXnr`GzV(L)FPogsL<DodgX~p+)FA_ps)2B=E<i?Br2BwLB%z
zc@$cqgnSLdWj$yi3r)ICdRYk#4IenMBhZ<62fEG@&TZ|sz4ubxGmCYzjk;*RhhA5-
zAJ=l`812*VjPKBtL$nVqCvDIuVPt*dJ%bL`!3_n$jt<CQHthvxss&pMTS15!oh*?p
zAXMT#Yf7XA+ET+;91Zn9szN#1LCyLYz=}<aczuaB1}_KKi&qQb)=2IfToKIx{Hf4~
z9^)EFeds!&55=15`p|>ahe9S7;SR&Lw=juVLCvF!=dOcQHl>_`ktbYyv>=p^_0Fq+
zf9z3D5D{Ps*w3+0lORB4y_$7ctvZaS_o(O&+a3X_{GCNrJn->7;BkKD`=lV)IPx&s
z5?^JrMlaH*U1+j!(>wH38<p};FnVBgG9Bq_IERu`3FRwL;U!dskW2aHbd&P6g{#^|
z&rM6D0u_i}?$8ijsd{A^BkhSoasqd7aS`>wv;+~~;|^bXv@mq(QFl16lHUnoFae*T
z#}8c+yqNSjYn@tk4Bz{qnuV}YeJb(2@9=vu-Ro3mHNQ8-9iDI)%|Un*&2cKs&E;eM
z4x_!k0@W4^RAYNMnQc>HwD%p?%z23IVZ6}1?orBzW0x3t7oVY4Y0&9X`AT%emS`yY
z_*kt%Y&riDD_0$-GaIm5I;I}lkW-^%6ug6o{+@Sm0@Y@rk}+aohSG8vvRaNnR!iGL
zNJhv)Ejw#vD;dKU;%UUfY*w?g8lDP}hkDSaRAVo)IK?+Bnvzp<aEaA>&WUv(EC(OJ
zoX1dp9ls^q{Q7ydQQoBWeH(Rzs+PxB#NqO1@emOvYX;I9YFK$Ur9kvQp%Qep_eij_
zL?;r%p(Bn{1@8n=F(4}riOj@9tWvy1!j!1U2ejB#!f&IfBUafsQ}NnS(R)84!Vd;H
zvLx61f=pSX1)>q?btN`HuX`C_JEjXhWaxt5n5e_PB_;Z%L;_3HAzvoqc%RV~ym&)v
z$0OW_<?vG2+yn7KsahV5<|6Q9gXm&=7~*``5*dz=zUK4$X}jv`V}1ak5&D?Pwe&Hz
zz9@iRI6aU1wD|3{yYNCi`k3o45U)^$v7EJ%=wt4`NK}b!>;A~@Pfj26{rRz8M%B|x
zX02Xw&Ars8k7*4ByLq#k8Pmrc$rU};r;pi*Vt%Wkk9m)2p^wS`_v>TAzW>+9_>BGC
zDc8q@1}13yg*pZr|9aIiuL%sPR~_@LL?DK`N~40ajA^0tNP)0;((0IR1K713g+c@S
z&yi5aWI$LkL%3>E$FxOP4X9%p%aO(Kb~}+!jLZwE>8Df2{Bc4Ob<7z;2+-9rG|5g>
z$KalY<Emrcp!{``>X-}h&Pl3cHr<s(9Wz-DU#es7tTX&vkt4KX^{Qjqu+E99V|roS
zP{%yMPc|Z3nPiq<ggyq~Uv4$)W0<iou8(<d8c<~oEDir(AEQ;?7T3q{h;bl~7%v+k
z^fB@T@i61q>M9u?G7jV+<7GHxq)J9s`4m+Wv@(CX+0e>t$N}w0s+F<#B2|fNW$gJv
zE3=AM(K31kv@(nMTq>X6<nuT_pM+M%Gv@eOnOWWATA4>4j%#HsSDm0%=0Y4TNmWB!
zEAs+6POg;+qJ%n!EooBc@VWlGrn6Lhtki$2^xt{-Me7M#nc>+ct;`d$LV{MN4=Wg2
znS1n>?liSzXl0tQqM?-;600D!GJDQ5v@(74CVJ?<4*Vu+Wfrrp(8{E-EI}*tBFltU
zX4jc@wKAnQ)zZrR1=Tr2?>3P$^bfqG>mTC&r<Xnq=m|FQgzm|xOzk&bn9g>A>Fl|9
z<mJheGPLW^4)@u@X5-q(vnrYk_iKp?+P27HTm<a>5X#vXV7L1&Pwk*x{E{FUOx=E`
zFrnRnAMLd0;hN}Q1hee7ju}B_;AmJx*ht4#g8HjAVu<;c$VKQRPHy3^1rJ#m@;X)6
z2C0qi&49)TNvQ4$(rRipuZlE7{Z;XQxRmaD?GU0MVBFV4t{t6Fh-!$3>g_cbqt)Yi
zsLlh}w9UD=K$+9DAos(`9bCCbCbz?h1j2YDwybl7@5`J;Dq;u!4i`>?C0Lfk`{GmV
z`VJV`xr3|SS)U@{-9E(+(=iALxSHx?q}$!ou0J)Pt_rBF23S4L?|nTZJoLlqBlMr!
zp#R*VZM}h*HUQ~W)}r7!MZr7LP*Dl&LZ@iMt~~IOm@BB4wrp0zcWqXo7OmQwicP3B
z_?-wHc5Kw$ww!~wy+`L;2NAC;!`2%++1}jTV(03~=H|9HH@CgHk<I2tHXGaAg5LSe
zD`s9k^NN`_ih1LiH;Q@VRsWtc^k?(U;?BAkrYQs4>iBZ8zk=TTl#KM=d}*IKJlNN&
zb%oox+S^&Rz8`->nbWKSYA|fov59v(H~IG9G{+O%7gIpvy!wzf;G!e?B8$cF=DX)&
zF8FVssVSk4soHE)m4z)-YZWvTo-Q~phgwF<Rhu4Gb6|yqb#)%_eI8rI$oqu}AR^%B
zAIKB%b0*d#alHvYJ!-*^qaf5G<a9ZYOzu$N{7^s-jytMsgq}^cpeKIbUkr#*=OV;7
z|6Sq^u5xF6QWX3eH$J4eoy(NzF!_!{knNt+J;BY;@i>l2AhHpNE)gM#A?TvJuc4P*
zl%euXH{RswE9XZGjgnwRb6t0^R}8FRo(Hg6dK8iBJ1P%+jjHadT`7zo?|}`uP^H`p
zRZ5cRbhezDC?KJ3Xgbb6;B7vDW_||XO^;2NQ81tIHa{C6VML`v9^q|%G4lv-h)0J!
z!rT1u%p<&+BGKva7LP<1J0EKR-omyDw{w-Z6ZF3!qkgDakl-ecqX=$#d~ZNpEz2~5
z-G{k?p?2+$TUc+jA0#M9_`9TG_`9)w@PlIbfNw(#{8q)`0oUx|(ytGSXyNg`JNO9$
z#pfS%rCEIgxC^261<q*@$RBrZc!FEi;ODp^tftsb(+6l!^JOr7p`ZDf06^XAM|gmN
zo+X0IRR9w35P{-O8~Ze_T0xNhG<ew0ycLuhuR}eUTHJ&lAq5E5gZ}J<9yOGDH!JuL
z*D$IdtD(G@PdE}T;6*+CE@y>s+beh>5>9ti?WLh97WKx|OGSP$#$1G}x_p^x)(6lR
z!aR7L^5Ad`#}gV?by$S$WV|w-FQjSrUrG+653}ki4s(PUW<S#~Uuv9Wm>rKd%<pdz
z!<>D@7-otbW>n;Jn1eCQyAy^<LtTuZ>aaKp{<BDNn4h^YOau-V<}<;sYKpV@2pfV%
znBJOVTv_CC<Rg?lzDvw{KBGip(Y8YsSrpWYf=4uAAmCgN%j?Gc#(W5W-Si{5T<tF-
zh2IU%=sL-Bm&cG1ZHbk%Mw{`ktGWsHkyyC(fZCE6tsJ>T%R_`U?Lz#~Z=m9EyK%TU
z+j+f)0upbCL|5YQD_6^7%NRCu(O+BH-#N(T8~4jM_;@!S0skg=#eG#6LlLMfApy(}
zX13x^O|gC})U1!74{xN-H|~m4mDe!b?{AvWiS3<z79|D90HD(ZIp`BxYOh|y_4hi8
zfo9Cb{Rht7UL0C!u$hgX0e${*E7ZM9U<X`Hj*%&u^fI#WjDw4<z6^EEPOv6l%ji18
zAG<h>ysCP+)f&YJ;nu{v54sV%?3GVB_Tdu>a}M&bF`tKxxzP@0jsg<79Q+z4x;$ed
zib443MvVim&@0STFDkU-Qb1ueu@`q&5>MPlEul}R(b?s^Ehp1`5s(VbD8aq3sg516
z)4&MaU%u;WgsVct>z+_<w2N#=+P4_=D`z)a^u3B!SQQZ+XD&j9GP6qc0|KG7pk;S9
zeBh_!7iLoEcA%Zep6hJ`87G$~4BbFU@R?HI4~i13LHDj;HOtZkmBD=yAT>}<^HwF4
zM81VBB8Wm8OafLd$_DMx4qT5yWcUG5jEaHfz@2{1FTJ<JFwE-P&07;-7t-GvO*h7`
zhWck*s>~_Kt|?m}Cf|Y@z<u<`OZ;kvX1a2#eJ?3<c;`bZ7+w_j3-wR?n-%VCZ9L9>
zz9-NlKtT2gb1-Z4L4a->I9uZz^#xS|m(zAqt`_de8i<7&XouI0I4BsH83oQYsVOdI
z4PdRfSPU%y%J6K5lR}E}Kn7ZfwwhrAGI*X~OI+qm@$J;1trein0|9bFv}OGJiXpZg
zAiRlr$;MSg9$eX#h8VI$^jvQ*^Qzc=2z{)t0Dwn&^B09K<|4O?JSTt??_svN%EE3v
z4oomHGeeKpC;9;C@ir=Jn&NR{nGku++c^$xV`gAsQoQGx*2=fLtSRhvY7htS*)zFq
zK!C@kL~IjPapMxT@*3Y)(Jk)k#smSx-{*MB#{*i7PJItYgFH7L^gVVjjpLW#0WJ|`
zPh9nysr5q_#Qv_RBm}ESGc;!su@dM@E?~GQxT=U`;!_w#VhiBkJjmP1e>k6i(tK@Q
z?`GirXlo28+QRiNl=7BnW7oTg$8QkcVT@>9;84`y2cR|DLn9!g!0RZBye!7%NXQqq
z!%Nu0>>N(V!_kfs`ZbLbWKmcxcvHEKcIJY>2gDt-BvRREr3YSx5^c02+kE$&@W&7!
z*B|t4qZik<;o+kGc91EuicLD!r{ruTMRCL^3TSg7rpcfv&G>SgNL$RtjCa_RU`G_-
z2*9~O>v1s2Jh;s2Yw2FI+Z@pY_pJhUG6#p#d*R5*H<A=?EZs`1d#IiVH{XjdK0J*3
zbl&@-n>mV)p3C`Am4bb;(#NP&XEKVc-+D+i387<+uk$v82Lz%}2>KHHP+YX;aR9{+
z7X**ddJ-%$*Mo%-V#WAk7cMK1mmCV|qNG@R{w#FwUup+qIMZlaDW5G6TTWha<VB=%
zc7vQa@@H9jr_?B1-i$d>$xcp-_U54|cB$Q&2fAOShG)uk%UYvOJ3_ygsR~dYV<^To
zWw?SD!XYLC=ADNiVikZ-KXosK5MIa|1c?!s^paDA-xTdYRMu{t1&s<82sg9ptJ^B}
z(K#!D)R@E1vA({h(d*?xUtQlqyVy>ut1R7-BBokmja_?uxR3{+91&<#tUZVfGXH5y
zi6SOUMFYO2(RX6lCz=trLFe;~7?}6+AqWAW3wF&FYjp=RinVOf>L#rMRScB;x$$#X
z$?@=W(B;20{4Alh)$#DNH!A(C_?goAKLI~?O*|fczW1k}96t{Yt%aZ4k?|w(v)R84
z{CqCfs*ayCM5~)L?VD4FpPu2z!_U7C`K96K+@ce}&)=fb&x)TnobjK4pLwt>68v*a
zef;xW#LWJQ`R7##9FMt=^UnbylKhY2pSSHZ@Y5P=RmabLMRM1yqROe_pR<P^4?j;E
z{7b{n%t0rBpWnEDX8c^-{yzaf7u==eXMN}ydip0v&$)wYq32(a@gv#is$B+p-Vke5
zN6(?6)lJ$<sA8Ze&X2GOh^1=jw|;{CXZn!i;peRbe`)wxI^YEG^9oe@S^4K#P<EaA
z{b$~t$CGb&;<AUIn18m%d1?axY%C5~e-!`h9x)KKYJkzIj-an2gIm-zR54KU=f=-*
zgN}!v@Adzs;ph5GPXIsPK&77*KOcbR@6_Yx>~Y7#&q0s<<oJ0H;>0K5=NM%CNCq1E
z+Q82)u~v2b%n+?^(#E373FD^+iu+NX;4(L^<PCnqb21zn8cJCz09)vq*|o0YVO}xq
zo2bFm;cT>{C6%(HsgxZ}rCeMon+v6EA8>Zd@&ZS?6@Qu+^6vNiX#2P_T<RxJOg{@H
zw-=7z@;JrU!mP80#t~Y(c9Hhb#EqHZqEmuY&^FQ)wE0lbLb>W<Oyvysnmtid1Wf2>
zaeY1Xvwf(a9XdGN=K_;r_PR?>0P*^wQk@AYvTmoMI^WPqdYe!u+YIq(48^mdj~(Y|
z0i`St-O{-(&7so75hYdT<Ao+RPyAK!7Z)w!(?oJ?@o<gn1^ml~rnR%tO)~u~RP$8O
z!Yx{8iM=@P!RawB&q}xW(xZK$q7~2H?3kuDw|-4+A45}{D>b$GI6K2Vx!U=+5)E;G
z`ZtVo2t6%S^a9ePo|c!aEq?R_@DS?^J?(Wl8@b>m^(=Tk7u;4>WJ%Q0?nexDEQG3S
zX-l-t$Y=ly7belts=Agob*q7ePsUmmSXiP}idHviTelDkkINrV82>K6_;~pDQQj{M
z|2Dzw=(vj4w^8X-;2+oPKL-DP2a5xNe+TNtze^waiSh5Qyju7-3K>5V|H{8I@b8RR
zt2+LjCR*L3-GD0pPW)So+b<eEnJjkx!tn1p+Fu>-;G-`poeKQpdi}@X-?yW6{M(4L
z*ks&qX-Hz<uMAf0YZns*KHu}@`q)XO<bXFy4mcvl0b9jH9@eIvOFdjLnp+DCHz1=y
zENuMc`e=$UR}#x8PAd&Q_`?PR4}TkLSI5H#M7x``4X9#BqxI@<r1YtyS1}L%M+rF%
zLIO;IKG24XW2A9Ngj1*Wr%9YHONLYXZpO?Z`2^*<YI#O2-VLQ*#hRQ893UIArw#Ff
zHq$P^4%@g3SRvf@LR{KK3Cpg9&lR?D=ZO5|wsE{m0_U+bI)gn3LrKyGI(+^OQ{fsK
zZtD|29>@5a;(Q+4cGKKv9I6pthOY5pG>E|XcNq2z9nP2gRUB&5pb%DRlrUlKGR~oT
zQz?_d3;+fup4gc-?*BH#XWBIMiMEOh&C-PCxb_SuATQH?AwgcIDHeH%9rAJyM+5c@
zFk*~&;ARhrd5CVz5d2zNDfH|^iqXdrvt+>M)-q%`4OL>Zpih9?x|?<kb^|%QX%v^!
z=|67B%Mg+ma%v%M(ssdK6x{5ZC#E_kDrXnF5Qd|`F}7IynzFw%UN8yA4C`hzSR8>T
zMh%2x5;!{pRt9&#7Gqp*tQK;xwy>)ZA;oa!uNz*fm8moHX{awFK&qkhryvQSSoaLP
zE&vQFW+rEmb_hU2|62xK6n28gGf$96f2~CNt71r>xX-ynh`p||7AeNCU^SzC-$&qk
zu`czF(sm-FUVL8`eHUo);U#bbczzx|2ym?@EzZK{k36(9=0))MF&pMN^;uLy?dMo~
zDelgW&r8ILm$c%GLG&2-tKa>sk~1HE1>K|PNMl9}s7JIviv^N6GL2!ji}p0g4S+*X
zn_^w+eq^1bHW^yi*jEW^GfHbCzG{;;4prjRX4R@IJTU6&<_WcQJJ)*K)50r5*sfta
z1G6=F6nM{zj(NSiD|b?+H|_PF_&weCxf-4T{L86GaY^I8$ae&nH5#h>oZJTWArS{O
zA`0mTYIp1qVGlX&80}S*M_xf)S14Nz-wTtKzQG*5jcb;;axcP_?KvyO)#Wa6yAQfU
zK$Bs7gV)AbkVahG0+9xcFx^NA^bu(S3eq+u;1KClnNC##^i*)oqv03I8!G`~u4^8g
zb(wCW1pdXRd9=MkI!y^|6X~Wh-BbyDBGR<ULiuS3NiEV;yd&LA-bwA6M^6x>)1~LS
zYhH7iZmtAoiux^Nx`h%5h_oWpinr7?kBEtPGrZ$m^IFR1mflgWd9CDgEAKGZyw>u$
zwO4h`Ya^fAc=KHI+REp)-fY)AnmnPMc3y{T9*$@D+}@k%nwKe`Grj4qd8f<g(|uEm
zte+QUeJ-2<-2Nl&r?&GSOY@%QKbGNb;XihoPYE7yJJ(E3yJiVW+f9KPdg>qV-No>5
z2vKr50HCD{5a731a~53#FNbvqsNnrr^&d-_y4qECUrn}exxTb`@uoU2MpqVv2X}}}
z0wS2<QP|I2p~80^!*mDNxq~$bAb%n4-HMegsA7~XC|{JUryOOdpk)0?*fA+tvmMWh
z^qY>?#qR>gBK-0a0q_kRopKuq#SPgSk{RT87Jva0Y3f|gPqwH}_IF4-_#F{=i5lDr
z<5ExXpqBcB%^U@D9m<8FAxA0hn;ePC)mn?4-zI!b0zd!R?BmrtC`?KF_|X@E2FWi@
z&0bGQpq71ne^$_C0G&(=6-hB`V#fNN#R}oJz2BEIfT{)05;8z5k)K=!sLwwB+SZ`0
zkXgV1ztWz&ox>a<?Bjcyh8g@U$uQH8H_T{XG0cbFGlsdfix}ock$-ab@&9OrVS;gD
zq>wHC{r2(G5$|2diiUmsL}Z+peSAlp>1plp$7CO$#^K`JVa7)w|F!JnJF;b%8z$Pv
zH%2bsxK_Tw$1Cs%L`<+>oeSuOONU_}FNDx<)nFcQqyh8z4s6c$jSc9#RN@y@Y^}6M
zdvNV_#|zN;Z8-;voO`_<4;-9epqLizNPE+meLNl5euRDeI7hayaLw864#FyaG<X~1
za7kq%4Cn1plQ}WuBN&Gx5)(}1Ax0|YXM!ZS5lS=!G7!pj{R075YP_(Imj>9xscdhj
zkOgfR_R={uZwS30w12yO7esFrhS>t2;EEtxp%^@qF&BO9ql2NpM5g4L;#JtqUSOD0
zdRvL6W486e{x)VwtA^4sC?`-AP8Zd_l$_l(nYY7ao-Vir*>JTJ*Iq*o1n<^O#_a{6
zT*FXZDQ^X0i<l#(4uF6#B&YFwyw)xu<xv<5HG#1!{6Qk?kR|P5J;5ks>y7{nI>2CJ
zp}tOwc8SdgqMJEDPe5nkGQ2EP_+vSv;BjSn5LR}%MBKd75NF>OP2=|=&SJ);A=~Rl
z_dZ<AC%RUG%WH<_x)6tFHbMjyGDM>^r^g%8oW3K2kpF=l3VV7xEcj_76P+Iaz%es`
zW*voPZ8sQ!d(d<SNse8JVoKm^7{nXPWK0>Y>>-)Nt?b?5HfI_@DsAgu#cR=ahW_1f
z;=sLqN$l%Y=g!*p^~|DuJ$y52q6>8>gK@Q7GY$=#U<hK~Ou$2jc$zSj6(N6%L75WZ
z9Yx|3{JDt6GZT?pcFRi;Vo+rZrA1*?TnIiui|k+(f=0sa!j)a^vr!rrhW22C-nPJp
zvfLDJZ)sjnf5tC;dr$>YVD(#A`t7w@>NByY&Hu*e788VXEahGRU16ZcH#7PeS!DEm
zvw1zj>(T8)+68yhzS={+yH{I|N>VClP(M6YpzCLF+L4y^Wb(z{mNc)=pm}|(cPLmz
zGZ0QT{T*RjpZX5PI1;oHQg>+CXG%E$gsG2ykh8M4uE-*$*4>X*o+I~PG^)2sqk2JJ
zu=U2STt(A%14E*x(f<PB55aReg-}Ao9BJBNZ99&c@rE^erWsxnJR(3hgi8%~qZb&v
z8gDw@jQMNC)EZ>rtq>`wW27}^C615cJcph!M+Bh2VI;miZAEi?)8-iKPoz#W?CoQ_
z(|>}bV{`XN*9Lc|tTGN&xV<vZj&5b&&GhwY_=Xk|{|*140x*F-!D`+aA*}1W@o=r9
zA*czNq?`CF&vlB6wU5pQ=*vy&S@E`&@(NI^*gO_T9+3M~9^&M}`&t;-L-|7k`)u97
zzMI&$i({K%Si?l?dW=C@*W2Zp4LHgnA|)Iw4&Yp-FK%ok0|RCW3wyf`Sa81Z1ovyr
z?mb3d6EEUT$JV|L@%jxbcpx{fU9f5wNAqJNR)sDLYwuACws7e;#g^WN7n_=w9C)0)
zM53{IQ+v)iLcqw?H?^wP78!KFowk%XV=}mppWzsr$y|LidFcvcGr1m-&Ot}fn%GRL
zS~W7r<U6B^S$N0uDZtm$A-Ol8KiY6sU5KPO@C(4#O<j(QuM1G+=fYRJ{XYR;?;F@4
zzFy-y1^7DgECa)YgN&-(gp8BK*GHEc_}VSjnvSpSkwJXD6ID(<zTN_Fvj*_>+|G3&
z@)v@y=bd?6d`(A{p9^2dL(D(*{Pk_9`via0E%0mc*O%`)1^BxB%v$*R7BWr}U$-tY
z@U=A7nvSnGBZK(*E~=b*e4W>=L43XMjJgo{3&Gc^9gd5yBT(h%!q-JmW1f0^J@--_
zUz3W%M{hp`=-M79j8cHr*=u8DoFuyTe#b!9m58FAAP&zJVbwQj8K`n9<ln9h;^&6;
zbs_K<f}fjs*=_x&sobwFK$V{hKkYcGIraGY*Gn3fe{Ven2s*L7fl`M2i;R;*&`0MP
z2-+>ynj!xpL&(3Va_af%EnOPK*K^y{g~(qBzMj|mxcHimDnA##j>l2#smIsT`Zb8J
zFON9|__`eDcnJ*kEo7V|zHWWXz}M1PYli&GV?xTmsB$v+`UG@ap5SUva0!m8+(F!?
z%A*9Rcr#Ey^=tukiut;pcMHTN-J+_VP%6)403LCk0<G?ddaU-LL58I{wZ7TV`ieLz
zu-0!ulYOO-hDy27HfH^<)CU(r9lYDy8b=w3Z&Yaao({cUXK|iTS07x6Ptqf)==xxU
zP&yfXupJ+tL?6uSv#9oD{1wBzAMscA)Q-PW*S;S|6IdNE&#4OWwSmAZtaLRh0ah}g
z5{^4O==S}&u^DKB8E6juGcxq=r9QX-#~}F#C<j$L;xG+!D6sB#)4D$(mQ<*N`-s2!
z_#1FkK*ueTV~elQ{wBp?8u;6dew6Y_LOHB=QXKKdmBV!{{9Dk%|3Ycu-@@YUNz)dg
zD$dqb#p7$KijxFl5$63@_9YIR%=@!-(DV{^BHH#Fh{U_SFj&$dBBmndV*6q$Vq<bl
zD&okAsfg>C`=?|G9FCj&?^lS!44*_iN~$B~GA7tJcKW+SV!QSR-o`ScIf29_+VjXD
z5`XtMGZHr_AD<llc7Zt6F#c{z|9|`ide-*OiQ(_N%}xM+|A0!T1b_F#$_ecEKLLLy
zA{e~DU&B417XF@d-OrD|m!=yCCuHUlEe9DVi@zgZHSqVFW=3;5{%%DE@wYFk#F_BF
z5r40Tc-1iec5eFr_}dWv)-*W*{M~>`rv!g<r1<=wfWMEyL{#9fbT6ody<@LQhP`L<
zfL3tdt~j6_5LM%%NzCCu9?}X9yfNXBwt4K3R(Chh4{Gah;mHX8F4?Az#kV0NITknM
zXYjkf8hG42)}W5Z9gsmho`5Q~?7K?A=Y@S2y<1^Lp<`nb|AKFEy%%j#aA=y^vb8iR
z9FONOUz4_arSvQ)gY?CJh`PJGm2Op-rOU^#rHH!~e8|#p+s)5QTRppW0St%{a`#=4
zpWIe&v~VOa+zPG~DY_LjyG*zhoGE@D5@KOZ@hE9Dy>}<##xq!Aa!ZayHhLD&+6FRy
zgPsKt)5I1WB7Pr!Vch=WKhM6y<bF_}eMb`i1Kq;ol}4l}_4*%Bp07j|?!bi?MlJsX
zlZ``T2=wV=X2h);g4GHB2i%GEF+31V;=IWTVIOxWCv4x5=!dW^g&%@tCDbPILrBk%
zeh9SXh9APWih#%=cgFk>K8GK|o$z}RehAgLa10fHayt$|9x%7k9x6k-)+VS!+&Q5L
z8FHUZ+%?JQFw}M88?<!9)TUPgW8?xms+Y&T609ExuY}XYr}k^c+Px|f-Z3^yk#DdW
z(%x<kTohgjS_@Qp5>@K;N_cq3K~gV_uK}-wBY!qF`j0d+K1a}|QQG~;AZ=QQDpJNc
zjz5Ca@JDb?8YTP@oRdZ;@keOP3v=L);5-3;1Uecd_eXH*{s=Ug(ftve^e-q8Y2lCH
zq`!bF(!w9XN&Ej?ktV>noRc!J79uVD5uB6SD1l6o7XAp%NtsF@O{9fCf^$+wC2*K;
zN`D0BB)byOL|XVGI43!jz<QAu{s_)V-ITxzkrw_4&PhF#z+90Q{s_)V*-BuRNDF@i
z=cGPL;0ciy{s_)Vxk`Y$X4gF7kKmk?=bfzkBRD7Jd&lek2+m0b-qE^0f^(AUEz$iE
zoRd6WkM57)oK)=1*ZmQklZJVL-NGNiIjO|kP4`D|P8#9usQV*u2{Uwm1T3RcJ{{v2
z9L@`QvNj2)1l3<NVrnOM@Q53inbzl<fJ!C8HzCFSBYhKAs<mH?u5^bdjg8Q9(PR(p
z-<69<zWSvYLENOt*yLZ(hle(EV1{Ywk}<*+t>;oiRi#T-H<}RAwE(qJcQn(vBJ>0>
z6QtHClTVp^$^Z&4XN7Rv>L(>*%+NZ0BN*cxk)Pbwe!FPfV2p$fScd}j4-6EHu^GM&
zvG#?xowT+88yiE1_B!Kx{CMM=D987!*!ZR#5aSyY8(-}p^b;=w0Tu!1y@iJBSf;C@
ziSca5br5(KVGv+w5A6zP^@4vM6lBi7G}lDqw9ZXo{N4e7OvdlcP?aR)x6cU@!uw1>
zLx#cQgM^=Udf7Dl?MB}uN7=;|?|9rN;0|G$Roo|$w%pPS=EcgvDy#Q;cj&UT=(YKM
zVO6b^)2<dJO<*xN1)?2-urKmX=KI<1P%~VT>d87lr>5_uQxh-wa)nyqS`%1%_J(In
zHOYe|G8#VumLpf=NnHc)HkJ34dXS2>6KmxH<eFQFbQLc#2Cy$c`Blx&&Gj|O*%<jV
zNXC5px8&!R!b9pYCQ+A3I7l&e`h3zOB;g-LRxzLC2uYByTbLv@LK5ClS2Iasge07!
z1~W-ogd}{U@|aAMNszjpOp+3z6rNGEm!D5Ugd`lJ6edZBkc3|p9c<>43?Z4W1oq=;
zKB*9r&6U7bCP{>lgj3YVOp*p6sYoBI`Ly0e5+w93mSR7_WJ@LRB9nBELb8<-c$`W4
zM<Ll-(zE$=kwUVKcglQvNa3-qcfx!UBs{kB-aMcFQFv_c9Wg&sK4yA{&Zl=2a!>aT
znBPG@cJN*_AE79jdxkfAK26{8*wNc{ekb|Z$=hN6ney>WuQI>0eC({0ufvmSU7}_!
z(aG8Oou|UVvR_HTu9||%^o!K+q@5sNDHG1alZGejJ^kG9jB|eARVs(nlx?}LvQ^pE
zskv)>c3kodXtfknw8&W$ZM8h5I1a%D6=`t5a$W1XZVBLZrGLwH%EA<9l`lWNtRjT~
zdm#W`hvdeDWVnOKu+nF`L+}i#@?`Bdf=Q>l;Iap6S9h>=5SQ*6NFutx)dy{-KJN14
z&eQ)=!zK2J1LQG&e-N(!$aV)maPtlYAmk2hv6GasqXUF-Z(~VuGCkq0FTX&-I2zOs
zgs~fDh=lP2R){$v8RU>O5p)WqwcjhO5N`YGW0EkYX|_Fr@H{Q@lkXTl6KxxWaivI+
zFn)fiAdI{4;|WFtVHBhMeQcDqhd1?j!@E`vPl*lhrrlzAL+TygL|2S1URZ|~V*Vs8
z%yVen5vGCO2T+8?NZ}H#EqoZY4E)h4Au6UY<O2v{<x_?%MTzQo{EPlX2LH-UH5fy<
zr|tP9{Hr}H#Fi-u|2k+B%hcp|2LBqlOU%P|k$-ah>(?%^OoRDD{xyn{JlU)@Hq1Kw
zmEANnzU6X!H_tT2_fAxdZ%%A{C&s^mCjJ#n!oMbdk(7U3mx5Kh8h=duYcQ&E**^Y5
zjDNX?2@a-`gMp1<gGvsTO=(teusiGHV50;F8+j4f-N`aAUQB6bJq8223i*<O72zq)
zz%D_mE(6P|)k-8&ycB0(#ZJk;cz3kmUrur)FH@*#ah8I|jA4r0%So<L!W5a8lY9WS
z_L6rwOCd-L=0w)zEQJ`&i!TM|a+X4f=BbxpT+UL6(5;vv-*T2hfTjbmU|Y^oh|dR+
zEx4Amw1*V71=DhtLUi81GV&~EDFo+LOp#?dOCdHdWQrWiS(>K=UT2C7%UPPQ1fFM#
z{K{EcART}OyK<JQO5j13ky|-SJ>JQJQ8`PC!JNpaoTbCOV+EUXmX>(06<o?$I>I|l
zFezv0DDNP_qnxFqz4?MgIZMZSFAyBcSvt<!Log_3>3Hv1f<HM+z1~d0o}8tn-WGy8
zIZG!?=Hv-Go^WR^73+(8v?fm-M>(vjCPfW*dZV9UQk~u55sq1E)sl-r|H-NROOD~m
zdXGCfr#d%*Q+2G%snE}`sW!3^lCwHoYmLFRR@BF}UaP~ko;Gu>=p&x+vt^jc$XN~Z
zr?YyK@(Id+iA54V@~38q7h8uvoyiI@!jgnP{ZP|{{HetZgFlVlAqdNEk$-ah$%%U|
z(Uu24f<J-qiBUF<jj}d>+RI)V8r}zTcy~Tx3~$+XF}#KK4lg->(rKNUKZQO^#-DsY
z;Oe&V_!H+(H=rU3-Ok@7@~11Wpy*J@J5s(mcxjr|cSfNyXF2yUq5N!R;Y#pA$^5Pz
zS+kj&E=>PAZFCM-4|jurA#6T|&ksV!7fvmDQtBhq;+|Wf)I}`k^qi~fAfd&C>_OSW
z4%y;47Khtj{;-@JyEY5aFQAS5FOi>|X>A68p?hv@b}NCkB88D@Q$z#?y4vB~cTZv9
zpf?q_YegHuiL%n>z+M7h1+U2{b_$4L5^XjEH)`O{A!QB=eP?~7DRUO7*3Hl=;-0@{
zzO$ou#El1}zoB$tq*P=*j4EE0Q7z`tLlQTDWvdqr&h?(5hKIsE|BCDiYxKEV?<;fm
z8REuROo<Yp1Ae3wf3*Gkxj^fU$zGzp{yjcY2B65)UieflU-y~(T|y0@p{1HDUWEN4
ziiWGfuVZ&gVqw*y;L<VGg`Zd~)rB9yP|*^)I_=OBKr-)53Ky=yGYG%0RkS@)YnK<U
z=`M4;O_p2E<}@s~j0<k^?-=B-$qyE-QiHx(-gf>PT%Ch@`8YtDS+!_OYT3$?Xyd=#
z8BO`yXf=4#>lLcCAT%M(Rkf$7%fH<UKg;&6@BqcXd7nGD!<|*_2_CIXJ?&@{L?Xcj
zmrCGEv3_m$eNR9r`bhfxBR~pNfIYw}JU4DGvL3A*oL08w^`hYRvLklDr1$)?BN@J)
zu1clsNKbES*^%zP#zo<KtkF*X!zq*7mL19VWw<H_TGQ=$rJ^Jy+NcQE5eEMW68e!E
z{K6ByeGx1>@I`aA$H2QVS!ted;S-*4(X(;{@|HZ;aP1xp0?Pu|)hUa#4xeBFLc^cH
zy>!na2qNYrG-VbB<Ovnd)n4iS0}5|?T@Bx~J|-?AHbJ=G8TdGDk5_636|6TT;g|j%
z*AD)3p3n~N`i^tZZ#RCljERS9BHN%7l<L6GnfDO#h{cXa1sI4CReUT#BLjI--W<jV
z4j*Aw#g5>RJ9zYe5X8X)Jk4)7euEudWpfcp1%jVx7l@Bpq6W8sp?SoGJ=*1vB5-jq
zum#ZvHfgO<MHoA9m^v$xK^)w(OhFtH<Y!zxw7Ljwz|C|NuiF6$fqH?LvXyv33mng)
zC3mPZ$k4GPm_-ab0}SPD#7`wdNw}5pOIC<cY_ZMBCsE4hTd*nWw}2JGZQsG&X0(3E
z)mm>6L}|9jPtH&ZAT&W-<gJ7U5tjxjIhsYW(bOKsi^m&Axg5p?v0*&4Sq#Hh?=UE(
zkD|O<qCEHpP#X^79MCo;@MolW96%ZlkJ;_e_RuF2H{v2p6w0XJ;5~Xupe<9ukrr2F
zlf0g6u$vcmj2+AC?!%T9;Xe1l0~5~SZlD{m0P{q0H{4Qzzw6bkeVEu3cks|;kE`sG
zY~O$w7UtnPcf7ffkiuII6JEt-arand1(dn{)hUVPRF<i@anp;Ne91igi*UE!;fdYd
z;mfRX8aqRoGZf)MGb?^mQ-SNK7Gd!)HfNO@Tr*)?>@37y!3(|kT?|f8j8+x@Uoj{|
zQ=<QEF&smU_yPsN!{YGP*G`$^v9%1W^mT|1H}yx)7`rkj-5OZw?FVk@a<1~7Zyvca
z2WC?hE%CM^gIX>yAde%HIsjb6TUCP~R4)H#=y@9^z=!qW4Aq?+|58xVWeAfHRmyJx
z@em8li757D9TrQj1{bT=^`4N=f?Mvq_qxLq(e`qFj!K<g_Qbo@aC!&ccNiZ%?7fsZ
zF3eZEilH^o1HvC(4ZAR3`=OSYu#JsH^Q5vuDUZUrUJj24ja?BY?|{^77G)iCTfg!I
zQ9TX!GRHf`<+&UmbTHf#xs`&i+yE;vp^|yoweN982--T<L@l*{{0oAM&4{uD5Y<_o
zU0coCpdMYrx)76$->E;6)s3mPjQcUnF6H>luG6=*nO!5~)Mj><;11NEp4q+hs|J}}
zB`;z%m|f4+nD6?S-J%}#F}q&>0;{s#k-+R0yc}nC2mdaZUClR~gMJp)KKsrDX15DP
z+B3-GYF`-Qsv{B?*zc38Bm|s|JnC2K$~((`PI<?t%R3OOs-jK(|Adw0-ARO<PWYU_
zBHYTW1onc^_}@qL#I_dk`EhwigS?Y>m>{4PS$}X<A}EWHc=kZz0lof_5>ME62I-)G
zk)lEXqx_Qv#tiZ2CWt?fk|F*)-ZeQy>;!tdhH0f3Qw$=`Kxl}1A>!3@>w}1n2e6)d
zZ<7%517(`<`G0*W4iVd47Z9;~zkrB6_|aP44v1JA6Mr@^FN{2a|G_v!1mBYo(Gqz{
z;o)ba2RbmM90wRO@FjJC;hTMl^nk!{-oaA<43%d$2n@GjOfg_+v9bYRc&=N0z@Xq;
zwXL@#0K?ONi37uDuL@w;yjK9j7W`;7fQ|_mRx_^*c?5>c>2Y9~%%};-vmvjR{#D*L
z3=2YT-hv;C9je$7-IsQ#TI`4vihwPVfWFJuCVD!Ptzb#svb)TSZHj{5P1{N(*0k^V
z7vg9SN}{<w1@-dr?yr_xu1C<5E5T8EojdJ29>jP%_`kFH&ekhrEzeIG6Yag+;zG6a
z^vn*(yeWF7o@#~E&Cv|}9S}VYe+#2F{2iG8mN4Wl7CMs3)TMhQV;SLq25vR_0bQAe
zy!^m!@6`pkESJ(=F(Xc9EaV}{0bG;rNPFF?ef$k=D>^9;^PsIVb+Twj349=$IR7Rj
zd7(94w$t!CBlaHkgwdk<TAd<Wz5k-h)N}O~7s(b|BblVRaYFE9utMCr+(g@rpyWAg
zxktCFHy-wc^UgE2eaAoqy?wan>rq)`iSPM5VV^bHk$b*2-18}wh5D8c1=#X2niO^l
zxKsCQ+@ET#(V~CR17jg1)FNMVZ4!Fq_1fbhf-%H@Hur>(ZZfrLP+@w4Jsh-@QF(1T
zHV1nVjLsAM4s=m_UW^=)m6o=gSTKx&7AlFr_&q3d<%(S)glg@vu0Vz0656k%f#_-z
zF$i(e%J^2P+RaRg>o{pTV3LHu9RIlskUnRO#FfsHaNhN&IIg_>vcQ!$Q4O`<V(s-e
z11})mW=8fhzEZf~Gt8Z!w{fOyqo=8jn`Im0WgB;~_RLrtdt@8eFt?Z9Mi1FW<c0V+
z&X#TTkZts2?c!J)y!cqf#tp%S(k$Kq(GgO%TZXYUV$C_MiMT^U{KVdBZ2*3wxN>)y
z5M8yuAZ`LA=HN0+Anv{ut>8j<ywC|1IiX!&#4O0xH8HVTYv!QF_YdfjBB_CX9&^g$
z8@Br^2M0E6#5XLQov=AR_)_xthP{6Ot(Zq+6a4||@gv*eBSri}l*{il{wD69^<Z)(
z;<9yKMhmJniu-3oAT{>SI1Ei)xD(K%@1O6Ro@D?0G%GZ;f1b<=;kHxmBLH&${P7yG
zaUCb}lPmQALEMBwsfVt4;15$7WVu5e(xljsYHy;iKi*jK<yiLLYm8-}97}csW9cl$
zA}uGBKueJ_1tjcN6znDTp_LZykQtY*DMPV!!yXwI`2x(1`^d4)^<a9#*JE=FjoVNh
zBe&y5S@UFV=0=&WO{((HRv<oOv}G&hJU4Y!7B~bQQ_5E$skhj~*gBh=!oCrKu#6gF
z@4Pg{T*2+!<q0|*ivK&d6z<gf*_{j~7eESIUS(mPLz$C0StB3uc7-k8EqE*l)@W4#
zF0R26RFiS!zV>|-`8!fTTMsH}oo^sn^1cr`_bxW2Q(>LhQIN9Kt|&&Wb6CrLBgqk_
zDEhoUl)JGP?KJxt3}c4T|Ir<yf85l3egu!~f2io+JJ9I+lc*C-evDG>#p^}KYfT-$
zAn-kPHi}W}71sI)!;>Aq<PPqN={l|x49U=Sj6{mMg<_A>;qd0ULF{YPi)@aGIU?X+
z-TiX?`US25cmM+W+1Z%le-d*QTmma*PbklUd!{?*<HNK>eZtfZQBQnFKEtF>xW5m~
z37o5aJxz;wdV_j|Pc1pS0S-9O766EWz`-jHbWk8buVO879+gqyR4RkILzyC!9x68O
zR*m(YD<nkYu!#zas)^_DzHk3>tI!t=fWDw*#g#PxViv<N0tOR!8Tu9Ht_hb!c)Vul
z3}9;jodIrak>e2uDbSP#x8l^FW|Ud$-PXo<?e1X)Ji<`I=E&<sH!m|1nLi^24_MUb
z8SzQatX;{}Gqz6%yiHpJfq3plI5ZyS0O?z!b_aU8t*a3f5b?e=H;-5loz4^NmY}8>
z#z6A5)D#)pjPsRnzr3#jaC=9=R#S<d7ELo<V4u)Tb2bC<^rp!=S2EG(X}bif2S468
zTg1fMI2j@FV5E`p?-Ei4xmSIyms>o#jM-y(zLkRNH9}B@c<IrF)iWrpI`mrSF3)c?
zCfWyeYe}n(5~S5eLRxJkq}4`3T5V)VtD`8bcB@Qnx6P1N?Jz(Rc-Z#4e@bcfMoOz2
z$2t0J1g<P13&7dZWUNt4cEygUQ$&|q{|G3nOkIw58O?m7lrdjJ5>l()2;as@6NFd1
zXu}>hdgbw&U#N-Z@9$rkdYj(#QrYw{B$Kr}`w*B4KnbeoH54?VKwS%CD)ADn5C2_4
zY)pRb{<K+s&Cura#4G%iqYM+Gi?Bc~A;Q|Vg>B;^Yzal!Vn_>d5q6UpJno~{3g@F0
zd`1cBPq7eTvn6KnU<2oL+Q%IdMc6l<g6IJp#RpS_{S%Wyge4Fsim>*rz>RONks|DA
zQgnRv_i@otdzSB}?%yIv_W}H9ZAVHG)*jg)#m_I8`<mWHOWDS)rZ)a0+jvE`@hWSt
z8DX@sMYiz-b8pkz=qB4Z$JE9s*~Trhjayke9Bbn++R%oGLpUMFX4aBpFJkpQtPXkX
z!BV1mwRS&#V{&Z1wh8eM66M%Ti<D!Bqax+lkxybOAjhJ0P0X$~m^o;&H)<I2t7|w+
zRB*yWLt<QwhW%$7ZfLm$9Rq>^6FL0N>^hz(^1^0`B4rZW9zv3iz;>cl=0aNOp<np)
z0!J2oO?AWJA>kf*P&V6*ofp+l-dygyvMZtNj%~e~Fvet;=$YJmwd3BaC4`nP;=D~1
zoy7yU?ZiTCw_!;GX07!^a7=DZXh-xL425W3g6FnV<hk)E61=e(6l$gBvO-MAEMZ;j
zWc3KfD!6=mRtUGv94`esRlB2F2$@Ype)2<_e~7jX!R{rI!U(ngbBO^E@v!ye1dRuo
z#u2h7xD!6lU>t+O>3Lvy<2}KBYL-^y+ylyD8?Pz_YXr8m;c6k&`F3JUzV_$#z!o_2
zqWMHzXtN1mvZF-e!Z-<o&p#H&g)e~Kz=f~B61cD(KU&kPq55#4s`d;HO66JLY8I5C
zK<Gav657N?1!>x(e=xC0YlKVzFLloMGfn6FSQBtHShgh`?oV&YRg#DMtubIV$Wx=#
z@$lW|A|xE{f5VY-k&++oe<D7lt?v%GM0V}{Wnzhziu~mJfG@<N7>D~G=u4ETJv)a>
zREXi!J={-s@NfmOMRB^1C*M6$K=?R^jnB6s1b`u5i1U7tJ3P2T9`}cB0cb~UJk0+M
zk0-xi7sgpWR6;`$jrfY}pp^krQ2^uPO^l5^79Wi$&>Jh$9nqI#?NfM2BP>97Vw+AI
zg4tT;S}uv{VE?m?ave!Nwf7KYfeUuIm%mHQ2m71W$f65Tq;Kd>wZ7Xp-#?Cuv*#D2
zIzr#QL#$uh*2poRcaY#*w&mZi-~4hu`m0aT{b~yUUy^fvUD5p-hiV*s{Q6ByzJBy!
zI^r(~6|K@96Z^qr$NYUZ0x_Emm-wA3kNFor8prRWzZdwOifSNWjafVEO5pbfk^<mx
zxZi;d$on($2o(J$2%r!rAJ4rZp&<)-#`ZqZzLe+VJgtW?;sIHu-iu5DOdo2h_zu4_
zaCsGaAujWT{E2&#?C@V^g&6V8VBP$L6Y@${2)BLmR*BiU+Wsnm+4qV3<ixjU!U=ij
z*a`WovC-7t+|NATFz%MaXcHU8t#TMQ);kRSaQr#w@8XB!zeOtf;W#%(**vxdOXaaG
z_%itycg8P*r+R`@uv;&L8h~fyd$|9{zQZ^pFL6UXsUHV}j10FhC>vil9h84N`Epm;
z6ic>mFxrvIOIN~4IfOEC$gVfQgW}jpc?meRaZ+yX0HMRZP@D9}A-Oj39Cx_L3KCTS
zdz}+HAID;Q#5mCmH^-wC|90R8&c`8QiUNb4COaP=mV7_!&C}1vaXU@?dmwarf+u@C
zju{ya;2VT5F0ur135w}>9Dso1aj~lvb|F+e^feByp$y*O2_B&}b8x*UOLLP*2TAXt
zB^Pf+uj1&$qKh=weH3cqd|g!L<`{KxKaaoaC^yHya)<joj@_|M%x`GG(NN3al}EA8
zEDsL=UlF_G?W%K=4|~f(OSFk6YcJY*7Y+ppo5OuPTC26koc(EiN8yWE8ziE`9VT*+
zNDsR4?t=j0jls*9j#Hq=?%)pvAPybH4HEm*Dp+cS)J$;2tSVKx>~l5vshagIjOy<1
zpjQ2WG7<1ZY@J6T+`m$OfF!bfqw+AVZ`HYbG1>TciRxUUOpglk`F$!~b?tXI$H8L-
zf{Q~)v_(NW2HVtkj>_s&)h?^Sax=glmFe&Bt#IBe__1i6aFz!P0zsKn|7z&TdN?RN
zLTi2qN_h->gZBBOHjAs;#vPzVa7*AOV&Ftmsc5v(GQl1j_Xe@j%gju*lE;MztlzyT
zYX?HN+<&?o2DkbPl;48i;T@Qk_)c?I51?m?CEAE892hJ4mv%EtbCB0}KMy(`?$`g7
zoi*CDN-Ad)82Fj`(d5K&T&rsB4u2i}Y?AZqpY6PIv^=~%-g)JyPiiys0m!M%%pdst
zXJ+PG5J9N{X1>*YYJJmeEI>WXd?lbVxy|0qAA=S5ElObK-&V$%`FVgu2<y411|V><
z_J|<~%)Be})+3LYI{sEdfiz?I<Yhi@(ncUJ#>^?NCxM6mKzoLwwK0$&MUeIk*~qL7
z72`hp_d|uSX9(NMY5QNVO~VqL%r*cWI8llpV-Ngm{m}6;&0&&Sbh_7IZ95K@(D9wz
z%6(Q5hmMvr1ax#jH9*H1tbMTu(D7kR)N8`Lw~<FkxO{9JI_A72q2prYnV};&eEe+m
z;sos*vOh`!9IcUA8#pfe^b`Tdi|_$z066~gFB5Q_JF9-+c$hRMDRA`o5KCL5CIH9V
z55|GxUts|pKYSp7;~0LlE`t()V<+>TMjnCV{4sIh`2AlbaCAYQncq*_MPHr&WA+W(
zRuh&e0>Hjuoz!8iK;Cif8@^eqYl?pdDp8sGlxRl@d?uPWzZ}Wr_6-}cC#~PU;c3|_
z6~u$|7FWs^dn1{|zTqJ>N5!gL*AHXku-2EZrB=bt0j?D=@uJG&-)HPVJuyVL9gVb<
z>3}fqQpRC`;wrEuQK;RLSvovk!+lJ>mJV~p7t+$<Oc6@LuyhbAFKCb`CucHTU=MA|
zxA<I>p+opV3<B~pKAT$N`<WD4VuGq!mJ0X#?tQ@f>OzSz?Iby^@W(M`aizeR_fZYx
zbQNpw9RTdWb}BQnU21seFgK{T(N?xmU~1!j*~WC)Mg?oX9BV^dMiuTifw_fx8)wTl
zET%U4$~OATHVRn#=2#owP)pqHT_R{wYlpV1zJk@E(j9dJ>s4zd_>F0av$c6I)YcNG
z>009RP?1{V3(GMT3Dyo>nS&;qqecS5Fr6>?ca@6sf0!KzTb5xoP!RzTb?w0Gz!Z7d
z{_1;}WNZTIkage9NgT4mtPs-<WU_9eYIYne;Qaq;zyri`Rr~mFLOU=*<R{nrtruDq
z{ro>e!0s|+;o>kks*2dCpe0D~U%umb!zq%(+4CD?I0bSz{puYK(K1(gut1E-P#0ey
zQo;@Z-%KB2DiiXH{+qmafseAd{)e-$fgqP>5dzVo23>>*N~ofVfMz9;XLSRyfMUg(
zR%@;Gg0PENQDU=EmURJJ>!tOAKd)`QR*KdOCIkrH5b!Q4C@9bJh<GD_h<U%?GtX_q
z5`wk=-~WAIKAL@=nR#aBoH=vm%sFSyBu?Tsv6#*P$`7E}_5;9~5e>?KmNUe%QtbKx
z;EZ=4Y!Wm404~yQ+<-B#`~cqJqw5Et4p39En6&)>CMk=js><~PV2PG0Xa;OQ098PY
z?-y_@WoosZG5=_fhW&kr*#B3M&no*r9?L;X4GCrcr#jZQxvomTj5o}`2nrd8ox<4~
zefb4!>t^v}_pHtE-hw}#%+&rUf|7@`WW{J+zYA0eTFu)%eVI1PRTqdqfb{3HCg~6T
z0p7(U`xBD>M62w+ykVY#>Kl=3+!B(Gtg$;%r8+WC*iG(jD1wr=v*dH=vZo^pEXRNX
z9)dVb_#6+Vk!>ErH>^9@3j%4;pIV*)Q14DZl2)=jZ18<;o;M)lyGZ#1V17)dP9d+d
z^b@W2Yv6F$7P-3_^}FChzbx(n1-@8c9yd5B{^G2km_Kt1TsU96Nz{3RYfIrD5W=D4
zVJ;b9rJ1a>DFx19gF<Sp?864NZ&Hgx6_W5}n^cm0s7(ncdQh3tBxemOOFz@<F2%@t
z&{bg@_BVhp%DfcYK5MbmTFSUz4V#Hx^se6UQHOBH9;g;HXO0znJOEZY^1+xexY`do
z@|SSq9rpaG5cDals88wrlwP~U(x*)QE?JWJ{dWoITk4@tnF@W%5<T(N)KBR)P&q%t
zUjY5ECR^A8kV7wyzknJP_zSpDvk=FNpxDj=)z<86SPv+~VE{%UaTq|1h|S?tw|Tl&
zzJeYDiLOxO6j-Me1{njN0b{RSI>WQT85`h6qYh)HMrq4HiA&0|I}5ngtY<`Z2!AD$
zU8e5g=huD4z(_Fs!Cznjp8h}RFYsxjE&Ua0@eMLP^It+5rN4Ih3v5}D;V*ED)ThPY
zm#T)(!s}lA1>V5Eb>IF1b5->e2S->{!@Px=H9UydZ2kf>QSYAq0`JO4KeoSsk^{e;
z32sb=b~zfc<iM_aYA+rGH*Rx9!7LsFk2oF!z5WW~bUX$)b#zM<#GR)R$cj_VOi}O;
z><5Zj4g=HpDxx5%*fUeWskb(8evD9}U>7BVU2~Ny3O-dM3rszVp>zXFZ^Xd~vY^8B
zyGj)N2UD-L>IkShN<DQ<Q+3Q#bzH;J3!FOEt2%ze)Dx{b2C6!?&2alMRMk<U>L_LD
z$xa>HDGD9}<DO9<7QU=r1G)U>X?}wRu4<B!2X*{9@?e?qx7%CGgSOYeVJJv>aNyOz
zM~2rxK2uQT?z3FhA#z~`|6t&=efbZZU(YG1#b*hL=11_lH~)c}W!%pHSN#XJK-;8N
znpAEVbcKQ^{RiHhoW*~@cmV|*Ar<zp)<S9%3#9Vj8D~p{$2=%P>Qj=Q-GsG>@{bi#
zOOw!UB<eh)<87P|d-WfvhX25Gt^Eh$;y=Le9nS&Io!-Xr@I!+80LLeDX1uu=^zu-N
zni;st2g3F6^QXHMdFM4UGaf)O%!~(F`lV8+6;44>qZ+Dq>K{|1<}xF6BFS!@@$N*D
zo#j3-@>agAGnOKe1mmF>+@H=<z;JzCDmPJoO|zo-Xu+HX#}I_|H!2ZiiXtBUJFa3U
zfb%ju4@ZbsKI`=Fr~(R6Dt8hKIO9{s{1TcNu`PjYfNq|^0;&9xv1)vZjk)*B_zaZv
zy=)@H#0cjB#B<l;FUi|Nxujl=(>b>^x4?Q3WFI0U76$2}0nv};64(J_XA#Jdx8M)}
zAH&fF`iRkm(f$kuf4uo~x5TiuOgh3Gqa9YmD(%DlgzITZ(8}Log!m)v__Q$unTLqc
zf~$ZDdk?xC6r|U{{z!Q|B=^PA!V-T0Nf6X<@vInOhONODBL~DT<$c-uh=;A7pUV&B
z<Y<NXe<ij`!BAq^$ckvEP|fb**!ehs-@%3TS600`oKhj}Nb!oqXQ9PN$9>$(%u*LT
z%2z$&FU~jsod`7hSNLM*+Q`u2^H5$}l#`y%?-qkr0X--plI)9aFU8K{1Fi@-EdiP?
zq<3@xXZj;}8B`S-A8PrTF1GeWW5l-&$28Knpn`B}Z07k?z4S&4(A!ym;#I)ng9B=O
zjW(MfK&9ww_OJ5A-bzaW%)rDtASw(ao)}@bwwzG_e>lKJT#7Va5Gq*~gTszBsJ$Us
zVk0)X!0biBz!nczA=u-H-Ntg<Uk%D|Xob>ysCHx!Wb+|-e0l@BkyPV>fr}kv4vi#W
zLt7iu%mH@YGRk(7IKyD~6C^+<5>iNTFBH;^-yUdQAofLvKBAND+M-=C2=V%>dYU2b
z4=e=4>u3BFNC+UHMYA8SG4SkG@M?7zL8!OORiSdN?tG-Ar{fRDfwz=nkHE*yc(ifC
zUW~LWiFPL0A7@@@*P|}Yg*^N&Gk#)L%6NOejV)DB9=8`L`?3DqP)#@7CN91*lf0Y{
z$V{6b8+Tz!Ijrg?ggYRsI_M0~8uv7bxY1RCROwF-&`%stdE$WadV*d|*uRAnA6JEb
zX7t|$G{D>AY)^3yzrzWuZox`iPoH>2f~qy^iQRf_6NauLAV=p5nj1ypp9B?NS-|Wp
zL%rJMX=lsHlCEQwI0BvQ793w?JfRNO7I@%l#a|JuW2Ll6Gc9#9!d>BevC{Yk##JtS
za4X6!{I_DPV3E1+PgIPxgp9Qeu%lFN%hO)QT1<92h>#EBQz01Zhb)lFU#Ba^T4)T%
z1_B{hR!VyIh3_G$+xE)(i@agKWE^l4Ot!!Y91#MTXf5b2mYCU9;0G3)rCJno5FXe|
z;AmKx*l9F##VvYAA2kl8W{rXwx}*N@fBaqj)3wJ|=+6uY|1rq_XsF%}|D08NgK@IH
zdb4jy$`6}(PEOGh-|A3eYyo$ZxB`Bu?!l`O!!m6VO2D{iz9N(_#@g{Q=s#IinRrEz
z{VKLl;Y2g;e-Chc2>=czWdM*^2iFdCAN-5mKS8>0Slu7_A9TM5I-ck0xQG5=pJ;;~
zHl|&A2t4J|!z<&n(8Jb6`=E!FERf27?Npl{2HYj|uvpTw)5HB4^l+;~58uwsq=za<
z2PB9x%*?$K#3z*&K`^e_tkP^4wa5c*h8}_-Jv4mWA?5#BQ3HqplQRo3T(r<b4CkPG
z<Qf|y!Zlp^X0P->07wvC09p~mk<xt-gmk~;2X=oCVgMVHSUzy}mEgBv4odWjLcpRE
z<VxdxxYy~)ess_5@-IaOnBcj~&QN5K5&qU#=p}<fG6OIe{=pL%%cv$6Nae36S7Z<{
z4!uLk!;+qj45niNP|8uRM~H&>-HkvmU4A9%%f~!G{xnxqV;Z8kh2V$bj~$+x4O?JN
zYW^koTf5@|t#VcEjtVWZ`nn}I!=4sOoQbs=Y#LLegj0ht%8dJP?novy+PIBvU<eCO
zhbVXEcra>kT*S`@hh7;;EQusuwAySz@YCjw{#gHgwb(~Z!(TMEntzmcA+!MLuZqaK
zi%dB$)C7Rg9e@emy3&{g-zW;b<j3(R)gS<|xn)&q5HeKN=d*w#^a|?BI0$7N1c<+*
zPGNym{^-$a5K4^O|009%Q%TP*^fu*64;pqzIIMr;t$fbHU=2G7iLBVTFbPa)i<j5d
zudUrNLAxQy@~Q5F(+IbIzW+Miw*sNPcv!f$5!?^*lV{G-PD)V0+z~xVaqy2W&M|&^
z8ajyOQ}{UPUYoau>hUbRe4kU7;~hxofiz6!=(5`p&tkH-e*8V`=?B*nZQf~n=|{WP
z6ss=<X+LZ6l5#pE(uMI5BJPH;rl+b}YQH^HyWyYMJS1MK{n)S7J%~q&yMaWgTe^`i
zFn$1;SU<jnFo5OHIJgsH<2@u<o@rv&9kJ@J-7!L&ceY#cShr$-`eOO|YH+*J5Jig9
zGXQn#o}%+P#`g%hD3eaBV>qH*&M&Kbz0*O~^7MePEggXoK!!MMeBpp8bg06hmj{nX
zKO%Lv2IALw0Ad3M9Ti+Ubif5e2V9kA6v@`TK#3e<273W~)$Zu4&8tI_g{<H6dxfmL
z^eueJhV2uruLav(wHwOa3QD~dOvDS$>i4Sz5CxR^93T!!8=MK*D*pg*sIHCF=4}Q5
zR@c@M7U`NV{T-hjDKgFT@`x8~As^xgaHB06RMx!A7d>51UZkW!J!^B9In8y`=3VVJ
zHwBLj(xH$MNGI4NcO|QFbP&{}`w;X>(NG#P$iymh7<zQ}(E~0$dH|fb$inRrE2P^y
z*os?PYN(oM4Ew^GC@7zoK9WteLJ0^0`T}reqGZ&iD51@xtYsnPB|@&c*e^|gP}QjH
zIE230H)##>aau~ZYCwqcw`_nbfmU}9DruWHtJzr9+q}xl7OKb>u<Jq0z7R|jbT7=D
zOXzxzkz+wpyQ9;ro&rM*m%Pa2EHH~|U-X9(@ZB#&#TdZTX)uZ9!ct=T;r(9-o)|lb
z+Y!8}#mFmQ!krNY2`^)OPefZX#)B$ch6Dv^AbDC|?apopw}*HGU7Ah-31EZy_u8FZ
zXWfs5pdfa4Z3E6N2m{PB|7bk(4<J^lV~UMO>eNy<yxiL3>}|aR@#h#CSWB|2VoO(c
zQxNBd5}nLk0GsIQEOPGl=#@6>djZQtvMZ+TtoBt#d1Wu_vGnh9sZUMh|FC~Ts)tE^
zLa6QSVVnJX4fIKPyUo%R^71e#{{#HZvg#Yr-riaA9=9hVb*OOO+i@kN?QgC031eWp
zI*c3UVi2#WreX*vWbOPZTxiG_eF3y!2<})KhV2voE=0Ub-g8)l4V&D28ACzQE?L?r
zSl!p+E|E)}_CnAZf*z52b~t%5_DE=LOkuP@sT_V{j&^lL(w-<-bSNK=3Uj8}+J}Cg
zkF~lJpjMEARq5mKSeYEi$QVQ1+iPM6I<eYBRysh6Y>D+WM_7=+51oMEo9uw}VvYV#
zO^*)F?uy|zVqco3hx)zyZ^-|zA-Ev6`*4Ex?gu^02JFEgdvF;>8BMFc710nmg1x=r
z_8+_5_ptY`#O;!KA%I)-PAJ)feBe;>frCO#n5*Ce{cT?JLI{`7_|2Z=3*Ce-bOK)p
zC9-V_JP@==&n;ksr00?QL4SLhzrs)-v+C>gpVucV!Fi~U@_C*JCYWe@awsR3sdql;
zNg#1;w8$a;o*BdsW#wU{`+#|jMJ<Zz=@y=q>N}&hSU-42q0)T#dV7d9+5?nsY9ORe
z=>%s2T`Qnn>=qR5;wETM&!ASeFDIm}QG^_AX%ze7L%%uR?jEiUkZFqqYuaY^9Lh2F
zJc{!Q*?ZcbU2H|xUKnG`3CafZ1DizL{VkTOf^sbVI5Y8bIPn&)=jBBKh^>M45bK}<
z6B{?-La(<aR%DLhK?SI>EVclQ4sC@|+|0Hm+7?E)#0rVgEzyHoVN_GR<3RHeVwETO
ziBhl(C|yqn$5_?uUtJax%njQjUiV&=84ln9^N?=@^O&z5u5^IS9Zgv4Q7LwYI2cf-
zE#4w$2+RYZAC-|AQ&5>a0Z}@m)#2o+Ac<28qkRYuc$~s}bYNxT8?%b{XQ_aU!iI|E
zt1Yp2&0?D$;{zBDEIh?{PynpT?CbE`ieb$}+=HkNd9}+{F*fMU^+-eHT<G)si0VD_
z_r)us(_QWtJwRwq_^HbW#e4xv-0U>XKFM)5rf?q-5^5V;;H%<KUGfM>lui(W9&K@b
zYRE+%6lrz4<ZB`)y#tTni99h8hz@kyXOvGI+(>M)Mn9Jz;WUISAr|AsA*bvVdH}g>
zk94`JTdNy^2eRSxPx0X8x1dL{Clw0QeOrgh9QGs#cF=3!Xfij}EpKtciE^XgeQI9~
zNiWwZQ~T-+W74jBz58l=H|;Sdy~hHneDhdf51X=LBb1bV^-GeTO}U|6KLl*bJtKA~
z-t^=hVvmR<ZKDzt5}gsvA=FeshMp5H{ZNZv%B@vu^mi1^2k`(^o=q>D5TJN#whhB2
zZ6|nF(3~fI>dwRAO3@!*8$CBY2emohd*>ytKeTO31}z9L+q(5=p1RJt4E}tstqFAZ
zZ*~!JE_N0-YVn_<-cS<uB^hkmfi6<^rC<2<5eiH#{ufAY$z#1`lxgVznwFFV4--kA
zYaV$UAGE5qJdt*-OTW*6H<awdy2W}V6juN*v=ePCUpPNfia?`UyawG4CC~JuDgPej
zWACMBA>Wce6l%5j*<7rO)4#xvGETwY7RrzS%v0Lp24$VX@ouqB!DdC@EI8vqXerFF
zPAwaoI_}BzuTe`FXQeTf`<bV^5X^V@Bn&ATeAK#6+sP*b!FWXjw2vI<*bA-kj-KEQ
z-62UR#b7VQrI*F&Er82y4gO)?@r=EH;e4A+v^r9PO;|SmqJd<<EO0BJeaPnPQ025n
zycVzXR069g<uo3RP5`OkSapXWAq{;C_>WV~a*H+)Y$nm@4m@5<8)N<U=uwGXp;^Ky
zLpi`a0OlsgeyRu$(<pjWsP-BRYkUO`=$MB%P0}RiM}BO*300h`g2<m{w-xmR`Pk{%
zU9>OjhILA=3LWp@ngzRfQL3&9g&C?c2WBV(@`%?AB~;>RGM2KZ>mwMgm&{j<-FIRT
zxOoFt`0`4%cf0ENHtbX2f`ha{x%V4pi&lg^Af6NQtZY?<maS@;vK^H)y6ZU>x3=w5
zdGr7T8g$n_<)^fo>Nh*PfvP%-fy!+UJ#E7tF<~{SZ!*=$xl`^^yqfyZk>LMIv+1!<
zjbi~v2U;v#GQ&P~3=5?4Pd-NR>O$ksb;7F;mGtbq`XM3RJ?&E$BM<@>tNpT1O}_vQ
z|2OSZZz435waE_{D`JXJs*d}S>{Cy{o{JzA|C{!y^4DB?sJ_Fchasg|=;34*Xp0^W
zWr0-w&>=QG)YS?-^pN!I^l*O$J-GI%pCg!pmma*jZhHd<ZBnMe^4Gtz2;#qCpIQOW
z1&0`(ou-Ik^iO|8`_u!!v<Tw=xP5BmtE2-F;m-bxB7;J(g#jlhGRUw`m9T(A28Bwm
z>9tSwWr0-wpraHS1dMC16Ef&5>DkC&dTaaCWCm35DhqA<)V=?ieae5EHHKjPJFZYe
zSW~<Y`_xdh`JdRQM1F?Y;<Zm57xb8?$|yzu8!r1aPn7}hZ{DWHfNc7n;c5&rE=E|$
z0?rsf8gK10_a_!e<=;0*je%}_3(r8f4%A9I$Dk6baYQvLTB$dD-%&4pOS}GE=;_b{
z%RKcm-e{hp+YlwPGNWlqrg`cFmQQtG|Jr_-r)Y5Wnx~%p1v;2%p8ACH`wulw<<UHK
zuj~NYG*7ke$6#+ilzHmhz4W8q<|*{0Al;X>Shs7y&T1Qw*0wTEH9^R?^!LwkR{{Yy
zkH)EY_(Cm}$22vRrl}VsW0P&awd<|*8m6YYmHx)9)Ss^9i(?xpPTvf%IkS)GbdGTX
z>rxhgGw_9DmO{sRr%y(T7Rc3JheU)>%|jp&ZC|6Lqe48dwVpv_xF#FiVPslDw6y{y
z4mErF8*D}J$wlkj&m(wFLzrmQEm2P|@Y<>7A<4p99FG>>^3n_VvM1UvXl13UazC%|
ze*R0mBy-OM5SUqnXGCjwf@$1-kgW-y(>>U#csIAzy-x^@4685Q0o9|@Ge2}8J`vC9
zKe0+@U|=me4u^h3Knyzq;;C7{N_h=dGu<|?z@ufb!k`7xbJz#&6jrCXg@WyH2!u@6
z1_g^%Df;#O2X4PUww|4Vgt&MK_y6u!QWY#$O$aj~b2;G;rVnFN83O=<$uTxq#vaRT
zwF+q#ewGn-MfUyDAIS?SXHTnD9<5eVIHPu<*gDp(DE4mDuy31HUII3&E1~9dZR!Bc
zvRT28$uLjK1Oiay7>8Oww6<6Q$L+IN6<8K4>>e_=E?$F`Vo|Qa3YVogtP%#RysQSR
ze^4>~0G5V=*aFL71vZpt{>kWa69+{6hs%ubB*wuyBVMF7J#Ffz$!~s4d(}Fu8$YJK
zYM#{h<JqfDmim4?d(~FZ=8tKwy4$Mn$F)~MeL#EF$xr%t2pGJ_vLPL(6dkzh=VV+X
z2J6fgUIA_CUr&(C*vaNtS9?MKXr(NMfD&6_DI}?0U11Ki^arTG)yGDAVq4zV{FPh9
zd}Yr<a-~Nr8tno#Nq3L^DvNF;nrXt~<-1D9obHduEa3H5;0^GAH^2c8ndU$jmbD&O
z)}nKLOd!kyh*C?m()){w-`$`8_v}{}O$4m}8}=)Wi{+1Kzj^^omi7Hu_N&WL-w(52
zoz!|Vv`H;NP|Hz!r<P(^7R-ZPg0b{n_0aRCiyNaoy_DWPS#0(cYu5d;64La7*ig^}
zLi=i~fMLu!*_oy^X2}#bdy6q^iXwX!!E_$wl*<AEYzo$NJ^~QHT*uZpcWruq(#P5R
z?tW0bOYgQltD89I!JhSv*t7OvGiaLonSstc+~~D+L|ftZU1uh4lzsuX8;M)n9^%36
zN3C(IB?sXM0c={swxkV^hJu$Ss*0S&Wk5F!MGQhs6*mpn^8UFXJ;RPAR;y^fgLjUX
zA9ac}Ep{!Mw9Ib853Rw$aD)~KgLOyFfn0`4SnS4F5dk{WvG2QMVnaTxg`=`D`nGEj
z0)Nag4{T+RLW{s_NV|Et*dRb`>tWu)DYR}KW==0J{yKVvLmCH^gX$1Hv)sl>h$QDC
zr9APKU`2~R0W8&)2fMYTCO-mQx1gvz(JVL;W7Z@OX=-)f!=|LjF-^Ocnp8NFY^^W>
zc3aF_G)f(6mMCZ?g*4I6Lla={aH9&3fK(psgYWuz2w|g5pf(lYV-HK-!$xTvU-6qk
zuNOrUFEc)4Nr<u7#NIWC$_Pk?av8&0M)&84B8tJO+|q>Ft5@N9+W@s!pF}tRY9I-v
zatm01a17x-2=llc=d19f^QjE3q}yl9UVTRaumqD=nK2fQX4tE5lJx9*^_M}ouF30p
zA!D2`mKM=d<0rp_as$`U#p!eipVB6@)lV*?F$3U3@E}Dzcx2Q3qAm6sj%X&Y!u43b
zaOvk-d<kmgi5w5>(L;%*k>hx1sih(|CXzb81I~DB@ujLHWp>_1W1UzshYCGWYM8Ap
z>WHH*#o-Z^CDCyR*or$ACgSqd^yOHY5ugy(1(;v?^&mZY7#e*o(JhFmy({R{4}rHB
zn}dD~Vp7sFz95`f7D;U2>6OCtP<)RITP-?-c?`(5iQP!|L@t}Ze2&w4?5vF9!YsmC
z1x^^OFvqg&Xtyka)jB=J<Z9JS^q|n3P7YB0Jw@GMbQd|UE$3om;pwKdOYU#JW&ExV
zw4$W*fbom-lxFJFLu``-{VNzsx&}y&BpPsS<D9sRHe4yY4Je--33i`d9_)cP4QGs^
zUGUPKsXZb*E+Mpw2<zPzUx4q8p%plNh=3542;nzut*OCY1>BP)XwHGby(PL8*D&-8
z;GT4h*0_==s^Dmy#jA4PCO;E6l*y9Vj=o^lM-n@57LpxAm}2;XduG?3^Go8NmcW4A
z51`PX+-ib7jPaBCk4d!xyE;q3m3#BySti(nEYQ{jyPgG7`M2iV6Ko5D?O=jUm-H%#
zg<}Eh^bBPfPFAo7)-9p)@kVRi0)QvxN#mJwaojgg@V3l9ACU?zQ>J}6q`gQ_#0_pR
zgT1fCoA50!vMdZ?Tdy1zq>y(yRp7eYJVf)<;`gF-2sb-=3Yx{vdcZNN1>bc>2v<Fw
z;pYe;0CL2hOrKbjX{cv1(HRu8Gh;eU#B^$kB)}Dx`P0KhPS$Yr(GH(%&!rubujW%r
z^ml09Jc>~#3fY^<-rk(-_J-q97E1a7u|-UrP<B_lhLcW9_H@{3_VT3S`&d2DO!8_K
zbn}Eic;?Jeh`s=&gz?XVIcMzo!hj3q32+chnP%{k8-w*6$<)mfia~|m<zcaun8dKD
z#!<*n0{0oexLX2h;6kchu|pY5{JN#AOOZC>pA2ipe8IS`i+)T8m90rIm$8^EV@smF
z6ntl5C<y!;=9~0SL2QlfHbSHIW<$pGc;)d~ne(OfJ8tOI&Z^gXcGjE51V9<yvvaKJ
zN65dhsdI;;myhWnRS&Dr?9bC3I_CI2Nv+>o_qX-?kI=t;!T%ri|7j4tcL-X)|F`>(
zQ;)lrckZC4X8E51ndK}#8h?yiM)`A^MnktpI)CRJ9G_`2)*Qpwr29KQt>J0?{=Wm?
zqLF*T_tnuq1im?A0v_so<&`;OdS<*6zX<+YU_ALVo~8#bGv}X`Uu^uT&3xUM)@FXS
zF+O{Ka?Fg37L#LUX1?E0gF$wa+6~W!GunoyvCVwlxVO#xYNIxL{{F%PDZ~X1s85dR
zo$>CBPp|ClIpfn&E>_>$`02)mSX=n0HX5_%|JUFdUDZ~9ij8Bl_s4=)H+r?1Uu}Gi
ztLn4R^Zvr)+5cSkSqV6h3PC3upf`A$u24@s9Hh2hhnpNWExF$=;YBmDm65m@%Z(k6
zA{Uz?oQ}&4&Qvm6HJ;ZOD4FddZi=R$3Y5z2$O4YcR?V6q0$OLEu^x~5_-c{aHgr`o
zTfitiUu3p5lAe82L}QR^z`PD`5v=sb0UQyGadQz)EAlkRWJV)F-y?WJ6of@@Q$$Al
z2)GBA@XExOp`VSfniv{yEM$$fON$v=C53vp=bxlMT|Dfk#~wHQ_!FetfNJOoC8dxm
zCIo*f?o8Ok;VL<}Yl;KUm$;UME=g5H4(i{k7j4yRTh5=^ALp1m7{1}WDX2+e|E!ZH
zcGS#-7!NOc#JwsHRzvua1YT=;G_(x}fOT__N0B0>TeRBc#3$P7Ne~Vs2)%fNQ11wO
zlTY~i@Vd;t=8>*;74m+h=xc4!<bH!@<4E>0#6U--BhbTXSC?yxxSRjFyaZlO(RXz9
z)H90U=)0J9V00-Qlljyu`V98TeCi#2Jd${wPx;XYB8jzp>Jz;K!NmB~H~L2+ynxRI
z(d+qq5T6gy;tXZL_k+`y;0cf*Ov=-L-Yk~?YFs?gX@nn2A)i*q%OW6Taz`+US97))
zYmdbq298V!0=G7btNkoL?OwJEx6l^O>!1Xc3J02(lllr#PY%7zH%8BM6$w0D;ZYex
z%N_4+)dED^65}O=FQ7PG#(K(F5A|yPmI>U)zXS1*v&OU2ql0(7`Hb<$D+$)9vrk3n
z@wZ;s-C{g(2?bT?(OaSrEL)78fW++0KtfH%wj;N-AV7Me(LB)F43-#YNW+|TZo^w}
z(E+@frR{ab3mR)|GM>WM*0Po{pKs$tz+S7Q0+$f2f(A}Jcqva6#e?e!NmD%d1wq0;
zrp?DM(-trR|LF2Ig$Xr$!#^feu|L)7Egr1L151!a@E<7;`i{vc2J)N2c__7lDlzM#
z!NI()^{7bdM(F^^pJ#%<42>T@5g{Mu_CaN}OAGZR`o$TThzGd|(UUg@4Zb6NJ%LI+
zCs(jho}Vw}ZVo;q<?xBGJYh5#U250+@bx>=rQsEecekiZ%gUZd3b4Yn!SshKPdprC
z1Vx-t!_^V!7OZ7Cy00Nzx>Bn<t0#(r_6nT+7Y&tVj4a4w?m#V`clx#XlZbUq1_@Wb
z!Sr>6Cd+am?m;RnHqUbWCo53U@!Lmn<_F9ZbUFes>>z0r=YMQvS8E!@F|{p-M>7fy
zN<11Uq|h{D=?r8a@Ew$o<$g>9oP$A!v>U`9G}Zn3$GqMe&;yor)apudVTNz+!K)*-
zm|ejigd@NnWWiD9zybgJjj<B*JTEs9ec_J-&n<wy6+GgskR0J?3w!evXMD?52bo8^
zolqLX#4=>ez!579xR6O1P8BSA6#;R|VwY-*6tO?#i{dm-JZJ!6WhIvckBSzi8CS@y
zjPS2EBu}gJBddaV-NhOipzSNEI<6?K6d{msstDvzoGt_haK;x6NI9U;BHq%*=x=Na
zPX7#L-4^FZigv&j&-(R5gPg?Iam%4jF`fTr;RXx6sh*FzHX8Jqd-b!sTf(KwqrV3W
z!Tnc8*J9D>#I8=qF#cSo;2DRlIecxL*^(@Y6nz^>9d{st8~+>a)5H8r{okw=|Io%u
zdQ$@*BiiUM;n>p`ZRn+XUi2I^g6rsv2ZpLfCZ`V*Lf>kXA0sJRyamJ~Scnwu)N4Qa
z4pT=?!#*r%qIw}Y{Duf4gcf1iz)%5%k=UxSEjGSC+Nx!R)N->-ZavW<QnX7?cCW%`
zdg8P^Mr^SeK;ocC$Dc+L3xzF+4npRqo*IoA=_{K(IK*X*6I*vlN2|mA&bA`@a6Xd!
zJ4_vfd4ua<<pug;EVifTXn$@fY&hUXVH`C(u>|!89bj?1(PCq9VGtqu?qaelRw-Cl
zoT2VTExrlkpE?6;cW)iKv*p?i&(bplUuf}Pp)x(GqFU)VX%eqS!kmKmT5a~f{1}&%
zA6yBI3kCfa;!qXV=;dVc7JX@p);5=akfT7<;tR1ylzJZGL*i|1(ZLAKDc{7`UbP0#
z`1bAeWYo=@Nv9-Us`=O#{T1274D*))c}Fe24gNk}bj2S8jo^$+`hL>N2(U^m-XC4U
zbP%3GxXEs{_@jh}Q$dRtOP@I%QcMJUTy1EJAX_BNnhic)(1SG`2Y;Z`U5!{RO}cM;
zOtVG`d@B7v^ls)fQvtgnh3HAJ(ep5mE-w@qN3sR#uEThMPB~pIP10z^b2kSF6gKk0
z_Sr@){w2`w0WaEJPwAkRaXchxpG4xBB`hlSfXa9WmphsL!Sc!9+@jth|Kj~miq*ry
zX0dvnX^agwC%e<z>(5V_7vA1Kh~M`%XIbMPviW@!&MOXYlu?QHQU|vVOP{q9dT~46
z8POy8#L+0^xCG|GQBX3R3bne9U<a1zMm=(jzTd&nQyZna^p|)6d8a>smk6w1a-RoR
z9Gg1QH-Xj2!D$&tW%I#kkZ?d-JMp{U-0zx2!u_;3eXuMJ*k!O{B6X}eO+UCuVkKz|
z^Q&$FFAqsHrIT3bgmwnXROl##mj)9<4;6-R5_}G3h@Qmh7DaS2Stw#(5nsc}t|E4n
zbc+2%YC4%8)0~oEad4b;h$$q{N!~`zbQ&p}V^0SilKL4qJd{hWQC$Ky^Of9kVpF}1
ztl82A4=au-NGJJ%pph#ESzPm0A#6;!4BpE<1y9Nh4~zl-<cN5AFPPnsobsd+dMIDX
zM4r16xKjiz%q)t4*%npf#NkH7)H@pqY+YH1qkSz(J_K?T+7s}J+6*xU{uFx?V-BDg
z(=&Z0Xh(#XN<0W<IV2d(b*HC}ZNp%#ZV*emRFCOooffobu>d#g1Ob|4s8(Wp18I}I
zVgwL<B5oE*e+Y6=^IJr@aRqht*RHfCG=ivEpdU!kk28PgPU!iWSa9d_m<+&6_YOEt
z#)667EM1EZNKZsZ-0HzE+*~bA>8uq}tizdyruzv508LS^s*qE>BQo}!;$>QVv(Vwe
z#EZz(xDu-FUJkogQUED^1%bqo6m(drvPlY%MsQN4`<8!Nl0rU~bBZG~K?LC9u|DZ8
zomur(<KQDLYTY5DXN^R{hn=XN%)g|ZYy25%jaNYEiG%fyMLOhic2h0ypd+;$Se9c1
zguvd3@>&M`dh%d6(qXn7FuNl@83Gr`1b(bl2Bb9(r)b9&3VmpGIgWLjWhD{o&%A96
z8i@UZVt?SBnA+qFUUndbGk5~5pAPA2@pHKZTErP&6FY8IT3gg$LP>y)5(sg5jxYVs
zuWbgK*+P7cs{9pMq#?)q^b~ht+885!t^JMDtE$9H<WOgDSqC$Tf|=lKE#|yd_pPjs
zPNzJx1@W6eHB|r#pW{pUz|%LdJ1p0T+-l}Z$Jq%J74ahv4|9P5C$m22T()XUnYL(|
zLODCn&Jcnsf#A8XAZ3z4eXAEO(H1R~6}PN;xi3}(md&fhO21P5zoCw!pYk6UzOKH3
zWSV+7$X_1GUl?40Cr{}s&tZf|?m_XzF$_3W^tztveT-iEdh{6G_kE;jxsLyQ+lH-i
zXPdHTcI$Oww*aDlP;4rFGlo8VZ+2wWN{B@7McBhsSCKBw&Y@LlsE%GlSb<3C7qO!B
zK&*4_`Oh1J3(yT>^EUpfon*Wt%IuB5oa1(Bul!|y_lI-QcB}mqB6Oh(4m}8#qvR){
zl1|aSR{TnPJ`rrJbmKf9z`kX(Tg|f{CQ&d5C%0ML=_68qT{CBvyPZzUI|(7QeOV63
z5?3=K*p26l_$&s$0frYyCl&6}F(lgJhV$hmNHmu^6l_gPR*smX@jqc1O)s(5(vq4y
z|FE^qN=bok{S$+brkTaA)U#dUPVXpWg%evMxDzr&U$h(?khegtNWhf_8Ztz*=?BPg
z|J;?q^tUMDj-9M0kwhBq2(TXR(5_!Au>2p;2jCLqXnq<Y6?3?LXz_>fgtS&m2lmf7
z-ovJ9{S*F)!p$9g(8ENbG&n7AN{PQTb}=s+@C?6J_l3hR(_6%wNA_Q0QVy5C9i<is
zk^JNzW$E>J(o;7|8cr)1{U6!gQu~}L!ZX(J=aBJ%2F!VOcXalsL0V5fCo|ia^7G~v
z#PP54#SX{M6kluz3X$Y|u~Iy-Jzwlp=+|Q7c}pbjrZ+~ZPp0^yZ?Kvg6fugJW_=ii
z=<-}}0h13@$?Ng#i$25TFPOaR>}Gh8v_uhRpe5AumT3H_SMzB6Tq-hNMZ|Aog@paK
zH{!;><rQ0U<1sv$r<&!En2e6Spz#|{WnU`y!G9=~dV!vbE4>z0twQrKGhp^I`<Mrq
z-OaA1-|S#wRPAc<rH!Ikg~H0u6jmnNz{P%RV?`lR;28{fh#PFFlope*sEpVy+>L1C
zIS)mo#^|F8i`&s}sXKa~gT)O@v$1%qgT+@=vS2Yb$NV!vEjZ9oPg?#~ayxoG&@0x4
zWg&)eMT7yk5T&R%M5F|4eRJpk-9d{)k6Lcby@f1nG8dHGXU?bO06gJ&I+k)}Nq}my
z81<r5?(Hn#SQ-kMuX7=C+^=S^Kq~*LukkU~&@$t-)5Ownk)&rkuBKf-4{QNF;87`r
zfX4AQEI2m{O~cYq2*J9-vNTX{i^gz6&*b1Bu#PwM6oAkn_cKtRSQ;i)jfbV-w9Vjr
zmZbsULEyPhD38Y(e6hfVDi}6&6NNdkgH7Be0#Rr=_!J<;o<Ao?a-s(*{kNEpakLwI
zRrre<J#fL9l|if^gCYVXDc&uV`aP69-%mS4M@(nE^ffHcuU$AFJRi|*mLuWI*w><)
z-DFIvCCoS@2#xz-N8^5AhQ_@s3vlZ7G-2*h;k#8pVZ`i!dpUv<#WDkHhdj!5)D4o%
zGk$TRBF+F+%mG5@p;GGF>ygBn2S1~88>wk;G@myHRfALaREqS6HKj;jMnyWL5Z0O}
zwUVaXS}Cv~km3Xeve;@&-@&UvasMa2&a@AE^yw1f^A-9B7Rz0&Z!*S24LZb?bOvJH
zl*L=3=Ytwcsug9DO5fkDXjs}VKw(m5UlwpE6Rsy-8yM($RP%X4nd`uDNtuZMs|#g*
zigc)L5I>X!@EM!9Dq9oxu|Qi*)T$<CI!&w@BTY<`^z6icXa?~I<V^*&niP^tdOIp2
z=gmuHq2^A$C=Tym8!(=lz+vT9FmY-?3!vK}ttZ4(Pw|rG3b5TSxJWx-%(jc`i3(L*
z>xsRm6+f#WG#j#}YPL``kF&8%d8!&DGlzpRC5pf}GvO3@yj^1$ICFa72i1ALEB16D
z*Zv@D7a)D#7@Uo<#062cDhTSiiX@FY&dtg3Qjmv!uKR2@){WNoRWQ1TWxmsVP>kXH
z%l(RCFhOCOj3kyDx4|Sqa0VfF;V(Gw@n8)pDV2N8E*6eUXSn{(M>79`$mXylDFD|@
zTjc?~Fr_k*4i=kH7qUz$|H{u5ofY7IHz9&EB|W>X^=<%x-dKl4Z^9cnU=4ovu(i%0
z2Q103wW3w(D>7`YD_En&0dFNo#UeK&)7C1HFKt`v;j#(Gya00r+r|Wj<ibmVIpjnX
z>K9w<buA3kICFsBu(gAjT<79YrfqVi2RMAo#KIcuZ60J}DXZ1Bo?z1I+DPQ0)pCxG
zPGBOmy25XELT~~h#icBl1Sgw8OaI1QZo{q)w7C|D%@vjzWpkY}?e|zM(1owdp+GH*
zzDbiSp30*y)8vXLJ=#E%E1n|Jr)YA;Q&sd4nq2WTA$l)Ou6UXhy`3gkJWY<y;|f~M
z=jv!JpD*C^1zLO>^?7)|DE(VJVF7{3wE}mg=qV)@!Rk8y5X<V?03gB3x%Hl*tggTA
zgH1fAl5*k32v{3&M(DsyrV@g*b_G?+0d-txWAqAF4WeRxgp(d~tH(pz+G~N{jdPAu
zOF%K1wOYz8L8U~QTRDk5!k5F-sjHa>NASnYCyYKnCw!wm7zEqv&;JLu*Wu$(tH<{G
z=X}@pdR3R!w%0+%o5!*joRDrW9NQ~8vd$R&m0B`J;A_u>&zSEIk!olpEKf9w{S_x5
zEbHqRq$5n&98e+u(Xd+RG^Q0P!vae@t_p~Kwg%7MX`X40CHeK!Qx6AOEP~$!@;iYd
z(uClQNNQp5Gf7c4Fxp_*4erL34R&IPM%b{&2%FOp4T8U{LOC+M9h|C3%Q%Y`WDUUd
zU%>Rl&B1ypheu!Hj^IYTG?-m#H}GXWb5gm_Er5R|=1-MGI-)g5w?Y_#B~1|%Y9#TT
zSYL1glUvA05K^K4I^IQIw=BTsm14-!&qIHzd+f1zrakrwn5l3QL8z7SodTY7Z9~+7
zlM_9M3$F4I>L_)xZ5%hmWoV70P0kXKZiC2U%RNUAmYbuzJ3usQQ+UQV(Y~O}{^|E%
z=JFOV%TfA#*njGt6%!a{J<Yc>V7}FEI85ej_w_fmvfS#h+&&0xUV09`fk!Hv%G=|-
ziJGc~dz-2i9{9r^_`739_j304E<Bvx{Q<?`G>`w=`VJ2&o^|yNgr_G;c@Bd_bIX$@
zCKh<&6Q0jHb{mFJQ|HBHppA0g>&}xm@ac$KbOyEh&5HC&U)SRAl7cK6Oe4OC=r^cC
zAQ8j3i`5(-vZ@iN8o$va(s5wPi*VX^?QE^?LgZG|0ey<#pteJT*q|ox0oB!`8lgP+
zAc3mQ2%@&^m$~+pJF!5615eT7>=G9yXi3jJQ0YYLK0#W#i`Y~xb*FM7P%|u&9E7VY
z@}5U$U@F;+%{eu*S?so!HugMeY(*5xSZQW!Pg@!LIEf2_ZYp3YWA7GfyV>%xfWg&-
z!FAm+6fR(J6+5mNU1h>24$?a!uD_*VBeB_&5O!CXbm4I^A|&^)STlDt+v;z(RfM+K
zfK@AFB|oe%i<?6!q~~5J4FgN%3EX>FyUY)w_RvmN`>hW9El;P3{Z{Xw?6+4t_S^Nq
znb>c6qJIu}U}AO6M-UVdS&qR&Q{};6L@WP-VyQ0HcZGi~z6dN2dgGdz{uw^)1_lC;
z!>0SXkSgVLsEF%m;Z=bUU>9D1mJ%=FIu`0+2a;+YLW-&S1?%c3ut<4;f&YAtd8ut5
zRm@tMNTFg}D3TmjRIin^JFcq{Zj!#1Ds<XNdDKkm^q5EIvWv7nT?Kkcc1+I`8s>C!
z=b9#g+!9M#&cIaD;<2uoU4!45j`18<ki<6BW_c#|i>Rf_O%acF!#5db(j&aHs~jD0
zE1=uE@%}kG+{3q+p|<`WI5@!NujDO1lphUD?+|lm97qQ=DheWnfed~Wo9G<^o|l8S
z3;QelXs-ym6IFXY)av??B?~&zKfxnZZ0V~|1|ALRD_WI}j|1%_bJFMF$7V6%(k;=e
zz;ejP>d{@8;!9uE>h4Do;V!VL4C$iRz1SX4kSlI?SPLTsT62C^cZ;<QMOylKv4&#8
zrr8;ZbZ9r79)%Qb(Go7QFxd1pr>gM~SIq5La&MrU$+-vs=whd{kdNZi!x`pHTO>0}
zrWK}FtezLaaMhj}44TghH4XsHCOd+J)5Un=Oq9|x9g!M;F=IONzTGbn1O^f_gak1R
z986no=@(ZPMpFKT;o5qL*^%IcbPd)Q)-(xu+V#K1o7AQZ5rbg4*bLypDgX6)siDOS
zFkxH*HW7ST(Ti*#$pi)gVi7Xp+et?Dad;RTERxLy&2*lx=;c45*THg;mfil|=vAw`
zQ*|S2`y(oHVu+G=vXcpKPWuqBcS4pa`i5-23_}G8lgjxnBw<UkN_WDGi<j+j5!#fB
z{!cKJ+8@OcG6{5#t()K~jVKbN{fzSGBh7>nl^kb|VvEwn3}gDj;C+D0wx>Ui=MkM^
z2MMA4#*YET*&5o@NiLW0o&0Pr9>C91e3#nG=6Kj9Rm^eLxt8`g<)%YBZxj4UJSfuQ
zAMtw&P3cX1!6G%Yi?tyB3FgXHi&R>-*QezJxiDgVk{M(#QhGv7Vr+T(S;Pef&J|Oe
zTaO+&L<EY@zFj)WBZHmfk-@mDg6hH+B|&aj-b7-?n)Oi$;x?wAp?KvoyCoF49zYsK
z#RIi$yR7}$h`5OVTHP#u>LDJQ(Sh|b1s*ecznodcIDtlliX$d48Xv<sM%g`m{WmQw
zmi#R~U1C39<-iMDss*o{@O3GY{xBqu*7K*r1A80tCy>Apz8isnL(~7p2;zK|i-Ko~
z0!Dypg@SHCCJr~pF(Nhrxg1Rs;nP_VFTm$vM6U+evgIj#S*xR61*<z3cA_FeuOvq(
z+o>mB+NWIB^e1v^k;||P{oFV!&z8#$2TDnX+d5ffNU7ODI*sJJU?d+ifaC`wxh<Dj
z0&=3jGL*Bg_7a1s1M8*CY40F+;*w|MpCG1A$634{3EIi~DLc7}prK6US{)8tS}Pq(
z&@kQ)Dd|lxj5F>}b!E!`1Y%Xz5v#Q57Oe}X`aPkSu7i6wUAcVA!F->H6x9!Fb_rm9
zvfl}z5&e$W>c&Yh%jLK(`it1+bUELIG|+vEd06&#n`5|KO4;2l-htzV4ja_sl@!x0
zYKGnYL}hn}%@gJ!j2-RnFMVml)vBrZ8c!3;Z8;9K3In|5=SLg-9Q%7+eP09kX@p-W
zT!=Ct*pP~zHlmZ%sMU2x+n#=kDPGMu_|Z_d0?4W!d@tX4dW?Q?($RTLDf&ECdG?GS
zM%c42#D>c1G8v=`Jb0vAi*2e07z9!^>#Z*!W>l+t3($&;h>IlJTmMR$ScN~BbQJ69
zvH_`FUEy4r_#C&+`FThkS2ikn%Nm@-7T82O!J68GOHrwDWuNrlQEWamc?kKP$2I%<
z+mYb#ltB(p$ugh+bAEELd5QEdlb^)SYQ;<T!q2GdhUGWv=Yir8{=dZzgBPl2z_mKR
zD>wS&5h_2iep1VnC)PGGXVw5!zS!}wtSykI(a0+F#j23-g(UnO7T(xz%uA?^t2WLZ
zC04i^W<_5jTbqwZ<5ZQrK$4$lGG~i1l*z0w`Zzx?HV#$gq~_=YEJuBm(HY5Th9(l8
zHJBnsPb#xKdN*hnusP>&3j}bT(Bi`Z88lX}Ad&y5T4dE+p_xY3*KeK}fu)ERS6H!8
zk=_P6k`>md8v#3N4gXw?KP0(4;|e@Mhi8s4N6}WZWZO3_=CMeCR_VgIRD*MUPAQ#~
zdAL~s%V}@(K-f@wnBDjt4q7zAmWpmPN`?D_bZ#^qq#Ni6#-j!xd6B+aB`=U<7wOM1
z*^BhQsdBB6{zoJ;1OX1$3(~1%{O|*%WPIzJZ!9IF(l3hrbUlWuP5Wt8N?`>$cbLIw
zNf>(-hikH!jV?Y_$uxz)-|-t%$&7HHVHV)blJFIU#ILTW_y<pAP_GVRfmD9!Tekgl
z-qB(`D3J8*CZs>2)2{tAjyGBl2+9w&pU&~vPZ>s!_R|1pRoPGbhMI7t0+Mq=%VCvN
zX4FGW#JzwasEO&VEvZmC(YRz;QW3&)6A+hQ*~*YQiCd3=Wk@~kJH2$}w4U5Qm3E4C
zf&CQA+RCY4(*(Qrw*+`(P-)}b?L;fZ`Ng{2Sj#Y5Ezyf@lc|Vru%W4d3ml9LrMYc3
z9e4<})lj@U%J5cZQ{vY(n_A{sT5E5CLhniQU&be=xF*!!euasJvq)YO>au=pVRA+b
znI_a@*D6vSjIXon!`p2?Ef}pRGY^z`2d;W2y=B->x1Zvr%q;fPw^$&RfA{OQ{d5~#
zdl2_wInu>`dOr)GS~gLdt%>-)nmAuIG16(`kE)6BlAfLTf2jTR$`gqFcH2*NyLeXP
zWkD#>%6<wfrq>Rd#eUk15b0J2+GjsqW`B^i3s6Yy&3-z$tPT6=AWZ9W+uE6UIh1%y
z$4QWS%;B{U2dk0E6{nsY1}9(!;lyX)-TJjS>9KYsObGe&8q$zbS{7e`^00ROb5}>O
zx1|Bxa5?q2b8>$Y>Wly?O8tjYdUCiADXe2HTsc$?m8gNdv;^uN)KJB^Yp8*%3009=
z{CO%_&R@@Ye*~+is%|0DNNP|!Hkk+!aU&d<m_jq?`Rh>=Yb?}ZB3Xfs$&K8&AdY8v
z0>)j_kb-Gf2r_-Cj3levobX!v0VjsC<j^F<<%IvBO<ll}WZc6k9<FC13eM**-sRWg
z;L}+W_Fo8aG-{R^ufmrR^W;KF&rZZ|5YLVW%yN0dvDed5y^mC!Q`7`-0DumTP*Fsn
z{}EIyH6=%bf0-SI)mv6D=?gl)0A=`(_N+28u`2tmnr~D1#&zOG{OYMog4MKSmPJx`
z2sDr+zsCt39N-XBmlCCU%uu7Is0ZRxg?=`Xt~OMOVZaLY^Y4(V%1bv~gUCJ*q{^C`
zeDtB28NA5McT*sAG9{?5hKczjz35%)L&{)lfB{ri!)~Y3_JmM@s~I>)vfx~cEGSK>
zVzKf&%ggB<bl+>buL);>f6XIIj{};ieT<zuI%0pR&H>ZCs1gpSU1_Xak9?3~B>AwA
zMkraC$0$g}mA<905e0FJ%q2nit@2#6D$L`M@8BcoXDbsQjVF?($lpo$dxx|)eqt4g
zfP+%ivQVf7KRIaD=#OO**r}pi$6D-7utZOpEeYy?3{HgMDh}h9)4${S4=f{;01K3%
zcqD*<v{NlN8_Wz&F`h-7bR?94$6)#3_G4zS%DA7Yw)dEL_$@#K##|(`K%p_A51!y}
z1m?cZ*tDH<X$xPr8t>sn#bqHo@JOVPNX{J98UB4wZExYkJD%H@)bNepq+4EqU^;8q
z8spIKP*EaxAc|3bVd>MK-rkb#ilW9xBLv-;kw&Lsh(Qk-^Ls=HH+JF=E?lCZIcnQT
zeDV-JQHMzb>ZiawPv$FSSNIb(ns8xjR9HAPEi{X?k<2(6f4J`cPI6<@1T(Q~vY?_C
zT~Me9=i^Dt>bRF4zXk9EBUTz-$BGMN1&pR<vNGmGKV?dR@h_&J%$+C$$3^3QysHkS
zSYV0~MD@}*yabR?W%Oc#H6mJF3<xu8u#S7|*|-S<;-<QBT^S^%z~7!uPneFmqelRz
z2|pNZuJMjqv-4bWB$;~z^U0K8NLo*RSV&p2kWchP@iRM>zvX4y6J_)f!il~)5i9mD
zQ0eP<u<D<kt^OyOzxVoYW_Bt+<<!67aH&5o>Df75XYy%>)9sWQK+zCqO{4u<s^Iek
za49Tq0@oIgC-^Yo{+T1N18<dA5>n1ZVfr^cG?YV&g)}VwP5vOfq2LIDkY*QgCRHmo
z3N5?W(<wB&lc%jg9$%%i?dsH8>km5KQmS9YA_?2BP=oE#VPGDvP|~^u2QC)I(i{oS
z5Wl8Dp1EZ#Em7-o20cIn0_O%$1bzSvR%7_&U}>)xRH-wXR9cYHMes|zSh=O$Ay=Ev
za<Wt>P7L#?Bf{*J)Z)<P-QaF|3OoaSgiq9|@=%xx@ia$oY8q09tea}Kn8#4lLSE+B
ztDS07hdhrG;o7CXaP4>S2w*(*(O{bc5Lm!}<tALKT&w%uX<08y&IqTi&s^<!;bypo
z{YzpOylrtI9_c=r_}m3R0hGQ|$V5SjWeDQaGN_;XBXv74taRzW#(ctsOdYg8oP($E
z>Mh(p6sLcJLUW)6(dyuQho*43(MXiRHSaCya->uyj|r#7_-dXLvmmrQ6+0LX3*VN7
zOSeyhGp5>xB1U)s88{E4Eegcf%s7x&v>|{UU5!eY$2RMUFRWp~`P8|)0gE`O|ACFB
zCbfi9mA*NMhL-3NnmsYcDp|X;gLY#IEEXi$drkz4Y3Z)%C!@;mnPBTv6Ppp?N?U{}
zd<D+B9zXk_+TFg?#Vy+14Xn8K+YU473lGnoE8pZ<Iha!GXo?wDpB{oA7eTy_EP~5<
zMU2Ab6PO@V5Sr~!?uff$&cQ?7sQwb1-)Dvs(9hZjfHR3I4Od9;%4_p-w75?y85@`b
zMNAJw=0f-SAm-p^mVgGJbeC4wBIE0f^WtJP$gM}%`#mTm3{RAJtu$2M5-Bz8&S=-q
zLLwAiK99Z=vPmVZC;=e0Wi}MJ^@40vfvBicKTcQT3k%-~L?ML9eUIMQ6UXgE-Ii;Q
zK`VAQ-PSPvvpvw(E^EPP%=*mCvy0AA2P<a#2!5Q3sL&innUD2cjAvm=B{e%cOzUpu
zhihl#<<Nh#ETAneHgl!Guos7|F^9MfUN~P{G#UtRgr(&qJ#{&7e9Y|5I7x%}Xj+_V
z!P2i{?{ijRb_4(Av-2P>0Vh01(R;NqY)xsywCC_%p6BCnuCknAYr;5qKK&tScac9&
znjJYSdaGQSXU?~Ykv93KfV}ieXhd6d46k>NX=OFLJ5tP;ehO}8HgVMLGN637Pm+dW
z66ncO1G4s1qPsv(6vA2*ix7Pmc$|K-@!jVT#(Y~V6DQSdc)Vs;AbMEMuEJP%4`VPz
zmW7ref-Ob@^)K~aJnZ3**L{}9DV%tvBC$M_c$)!5A?f2Ao-)O~9}U0Zl%I^0RPL7J
zxVl+RU#Z*&Rx9D24Abia2I0PuCArRtTjv5608@le$3JB0SWNF`nN<FQrD`z^7|mcb
z5bNhjdiKTc2@&LNx6XU<7MkM^Vwk#)>@amm7}fjC?qLWSpo&98dol+&s6gvmZKv~+
zMoYS<BA5cBNcrp+WcX^li+nFT`9k}xn0aM<qxTvj1WqQy7uSOc!75M&2KNgJ_P`Q6
zy(rZ~HjV@j;LfiGpIMPZCT!=#Us^~JY(|B)Xh@K3I0mhk0omKkWsmd9f$eUg(#C7@
z!{@(FDZkj2`%9GEuTrp+!7k4{9Adp*w2CL^13d751P2|g&VLFyt2tPtek%`@gglD<
zu;E(;4!}$J{6-Y+P>!WBLfIcX0Equn5t4PS(efE3e_RPlX;o-tdpNO{!oNC`!eE2w
z_Y_<aMrfklD$zz>B?N_l*_BIMXw??L`l=wT()ST0^$9^-zd0G`v9<*ZfFf=SZo@A~
z92bCxuonQzt0wZRDcBeNOi!s*gd2i-l*7*|{1^co@U}Mu{GJ;EF4<@XZm&eq4BkS*
z9vTxa{tokJ8ABoh=i80r02<`WVqfe8`~+|hIDV?ET|u>R|B*_%9c29O06bxku3O64
z;t@Gmf0;281*L-M3rr|9ey0*}2<TsM{XZHk+n6)}0y>uFW#-TMXCnSc)6rv99VJd3
z2yx9i20C>dhOL|QIyOu`iM=X~#ooq`+uQAEfL{(Wp6|lmZZ#@aP_Eu?RGJo;(I)ec
zRC{I2{~6d(QD0F*<WXM%A74jb@i@0zspo=IIPtRSE7m=pp|9wGrZ5_!uefYZ?(d3~
zzM=tgjnY?~fs{;r#hs{uJO}!UjnG#tD3|eszTyJvD>mZhK5mH5$3AuBBj{p|aoJ{f
zEBX}jButJ{TF`tZN(+=12@HtLP+DLk!Z5>mM*3GMiJ4XizLv{A0R!uafmH6wSN5v3
zSUc3>Yx`7MJi(Hw{3S2gN{fQN!rktX^z7X2J@(!a<zJCEC@tiOsHl56dyC;ij&0_T
zt+a>(c3SYNTPrPgLs|sxMQH)v5y3R%W|4lm<eue;&qF^$^j|10j^{XmyHRn$>PpRa
z>n(8e(2uLPcvy+^0H|Q<!Ft1{4n~PVs#zv%?0R8ipOJ^%C!>z-G%eFB(CbigoTb1>
zb$ckOfW<C=u-fcuJ)a#d#-_cgFhXax(p?PTWU5`dhwg&%R6XjH0|z_G!N6+pW=ua5
zf*Ms9ki)UokY#N(uG?hqkwr-{#mG6_+9Q*i^K8|{=Kk(RS)Hp}z$#xyvf?hc=i<rM
zRt!O<jvnJMyeQQLIfIwirAGaA2s8_qJ)l$<gO%!{XrrsTIG@u$k$VY>VTHexrRP5g
z)kO|f7e@}ZR2LhK(+i=pIF)}w_+#rWMzQ=CD4(IX$fMo@Q&yB0R8Q<fZ?UBvdW)CQ
zs=~ufemr^f7I~K5qD!N#x6nQ%OB0bo^cH!>?oSBiI^&Zi<gZ(eEqDhjhC0d8TU>(b
zkx=Hd^%mzaVNbn<ZG!Od<F@q|_Z|hrCPaTRXhjzNMJ@C9u3xx-*{S@apSATDwFe4Q
znt*iCUmWY!zoIEi{k__*|C=JI|J7&g`j1fcZ<O@xOz*#?zc3Ev5Mx!}r~blYY2fYg
zuCBzZzqsA5u3h?z-`S=2Pk-Sbltq70Lj6U7(qF(CM)VhXdh!lYRB&(2nN6ujq$jYd
z8opz#F4Pkz>Zvf)67+~mmBE)oJP7Fw4ZO(uc=Q>+f`;M{DkS8y)X`-~pwy-m68{7X
z$WTa>*CASf;b<hF?DU!NsRG&{^x=iG3L3Z0mM&sadKP%C-Aio2n;W4=@F5MmYQIuD
zT!yzAoId))uUT|8e7v#f$^B(>I#TPvJvgfmQ0wqZY8{G@qO=Zv*h*(uDu-PR0tIm&
z0^_u!BZ*z^4ls$pi`GREkc*UOXjk##8!;IR#Cja~ejG@HN8DEY#kMm7^b(!g^}j+>
z+|<@K;vVjIpmb)z#G7v2+z%!;CyNuq7&#1D1*jCh^Qsg+W<$g3p|?P)mO2;}reT71
z5Wp)gCgqX+La{a_0J!*!9a8T*(G*zmR-@ZTU^pqidiNRO1YCBU0h?EigBKP#q))*{
zQ?I?6ss*K=I6aWGHrt?`J_%pCkR|Nmz3^hgS`Jd8;4DgqE+TwXfR46W3J2Vo0R_cX
zsO2P%vLe55>258Ku#sr9>AOhjR_%I(TA_Bq??n*S)QaztS}0NZ9p)NJhEo*?PQDw<
z@zjm!8fq7mVoIHb74m_|3{}=7yK`tfg1GFJi9XOPj4n@AwuEYTcGms?{b)`YyY<S%
zig4}v9T#es)nBMhsn3C;4*Hz8^oGwna^IZTUb_h`e_JxG_pmkT|3Te0v}p?TdhMq>
z^z9!GTVtJv`&ygjzX^ZJZwkoYLit-Pf6L@=mHe%izf<rxep3x9l?UQb9v0XSBpFGm
zw;xv759{rRFYtiq9%bk)qM}?)JqK*;l>Kf(azNj{&c*0_RCdZ2_=EF;OA7Utrr77>
zQoa9BS=tcmaayX|bvA6~5P2(FW+y-&qtTxnE_;d9;o2pBOZl=joI340;1<I`Ifvtm
zNhIo*?HHZVoUWpNdEQpP6g%n{P#V=QqoIC*H?tIIt$tzro5b=Y?y=__N?j`y)X7%A
z2)!gbm2Qr`r>CYM@A&dWj#9s1^2hQm^-Dd~FI|1u{<8nnznq>o{U6dW^e@sb^e=zW
z7DHQO{z+RjI78LqpMI)RwZKOx`8!+N;-6j&A4yTQVAh?aH+%woF8fZYTVTXk?zhw}
zsSnyxw+IUqbqlyMbfZe$QsNPuGWT0LrdAexixT>%av6Ij`JGa^Tzmu<d^J0;H959k
zZB3pgwZJ4<k6-?S%B74Y9hD17j$FQ)+vsXr<<gI3u>L=3t6XXikoCWtq-S5Bmk1}Y
zRW6J;+*;-0Z>4fcwo<uFLJTKmP^HR6*eZj&vR}5@lyCc?a;a{ua>2<~oGYcuWfC{9
z^8vl3a=C{t;i7U;GW`FgT9*kPtxF-aF0y5*TkC3G%D|>76Rzfk11y>swQ+ZpFQP(n
zl`noMUx2J-O8JuN7B5du2u=oZO|myLLMhnHJcJ7O(7mWd##X<OH&Feu3cvVSk00X<
zrP7i;4XdCavOs>7IY4wTs*mNE9TSWNi1ezo8A=E9_<LD&Fs@~`KkbU5)z~EA52%CT
z4Dw7bW|tW|dW*~*@I_xxlKm!?P_1+@e>)VNeWO>~I+%q{9hMH}UZ;+>bTDpjr=h&+
zZK?EjtI@DX>0n-b*Q0~M4rV(84?t>~6)<twy2&SJR*c5=+*veGJ%_2RYvn6&1nca^
z%>6+m@oHjaIPpd}vD?yJx>E<_JuHMkRnebBk}>e3O9N1L%{ut>)W{$Nx|Xn3{+&4i
zT+SC>{W)^3{S+EMMBc+SJyg%6pp~XPbBeY&Itm?GXH50uWE8qrS^9k}?X5*=paSKP
zu)9HC%cJ76r`ba|pp#ghSYqS=B<y0*Q!yZhn<@ez4^-Y{d;*+cKYs0z*wqc&;#uEt
zA<S`zkG0kKx+AcF-r|HsY_l|}Hn@dG7YrrUrnO7G7C>k_6U)Sk8Pik`gH(i#{MR<<
z{$bR7{Xm;Y3=_&(YT!UH?<;~?giMz1fztNQO#MRjbi7^*rm2;GpFVkA$Bf_!D6-e_
z{QARvjpucr8Nfy*ukx}-)73VUKNbkKQn@=2$x-+?rt>f!IpU}dfoMO72Fa@Ef#Kwp
z(7MhFAfn`~{Pgqq3<HO|bS1>(+(+0-D)^M1vIR%zzNqji#`?^yHHf85d@vz-;=EEM
z@hzN5$X4^nR;$NPY*__lL$TLEi~o%>6J|54W;@|s%{N(Qc<<S?<HCt`I3`ApQ*Fsp
z+Ts}6*lq+nSi^~E?uAp+QU#8$Kvs{Gel$(iP;A#;lX&Y?2?mURe#31zwezWwvb<pk
zc3{+sB~~l!y6^!+_lAM14dJ%IxCv`D26hi}voRS-jk*h%w3G==#xLI%8r0_APlUl0
z+_yZEx*%BXQlrQ(aP6f|qzIa@%0kS|!mu`WB^)3NrJI5=7-j@raBAU1Dim)P4(@md
zbJ1CZg?{7FSY*TnKvrQS@yUhragh?Kec};<9zTQK7f#(QWf8n>T6YGVf}FA}t>PmP
zF}HucjVcD<LG(c2f0~*Q*DYn6UiO$8b@C?&F|hrYkR4K^j^(q7XLub~s40L-`kR%A
z+%z2T3hyVPdUqZ{L4FKp#y3w`^C*eNRO^P>+xaNh=@X&@k|$q)V*KtoeCM4}8S`l?
zRyl7bp3~1FZh<F__e~fNN-TqQ=cId}R!=6&|Ko4pdy}O6tw;k4J16~Nk3GttlcoMK
zcKwg;S$=Sq@_p^{*X~iC_d6j<0UV%fKP$$`LCkFkZ+!|NePPmKmgQcI5V3qN<P;x-
z0iy`FtuG2tgcD!p0!wP6WQ3C7u%q5!fmHsbgbb53&uD~CROI{tOOYN1&55@Eu`jo^
zRHm+hUAhAQSK`{R2EActN4@mjD{<PFkzha6i&jp@dEFMH*H93Bva@->G*sX1op7SE
z;I!n-^@tnQ63sJWs0q1a6H%npE-iM5su2v^F`|q^DJ~UnKjw^CcKDBE?``=1l?DFX
zeZjx6kAnXp2YwjG0sk9Fcj5nHKj1&6P54n$JK#qtf&bBc!2hTh{)JiKPwfl-OIQHo
z|DXf^_X7W9q`UBM-4FPWZWDgg)DHMjO5lHFAMoGB(X+?@$t>_+!vby5|72_YA8_E`
zE$~M&#{cvEfPYAv@S~=7z>iV_|HJ!$e{sGCeukuNJ^$}yfwthE$pRSv`yKed6ZkJd
zx;y?`_5*&X<N@K{=09p`2mB}{@c&~U@UQIcf&Ymt@IS%=ZNYyd3jqH69Qbz${4<g6
z!vEQRz<*Sm@S~=7z>iV_|KIlk|A)Oi@IRgf{^wbsE%@(X0l<H+13!X$g8$u!bQgYe
zKj1HF6Modx4){?@;Q!k`;Q#zU5B!g1f&Wz&Xbb*_Spe|=j{`sa9RdFxNO$4iydUsm
z>1~7lQBynMM=62-p?$#reNPYkk7j}Y0~Tlt{^wW#@ZaOWzeC`E80jwj>HUCzV4Lux
zrgp%OQUd>j`+&cP7k-3U-Gl#a3G4&@S6Be>FL2;T7zB*}b4YjLH}(VmBin=@HMIkN
zloI$K*a!TJdZ73A`uA`a`2WlTZH<4F1pxou4*bmm{{={Q;or0$@DFGce$><s_)$vW
zzdr+h%HU8>BkL^4mbt$@mD|_OR9N&JQ-J>m;r|l+ujBto`2QkHAu?SQB5-v}T@49%
zol!jP`xbStDYOX9qoK|j+&o(M#g1zpjcv)OP;+OA$awW2qqzfj8|#c~KUFH1Q_&$k
zdG!?I17z@<D58~LJ;_)puh{g!k@4y>;|093me@1SwWrzT*G}Et@%y_K^)*9&|D@YK
z#&0PLr1BrR(;mN$+hqI}BHbCkt)H}i{Kg;A*7*GkHSK%+=AjhP*7v@)#&1}~4;;V3
ztJ^z%$NSXyE#9cc@A`YK@jC<=p7HA;ug>_j<g|1A&g|-r-{yz1%)j9*(ANCx%>wZM
z$9ZzK{~G<ZjGrIr&iD;Q_uISw`cwb5#&6q(_Ke?aD8=zR>wnrBzn!Ch;P|b-roH1g
zy+w88`;XQ5Ex*SazjKk{8Nade>WtsXcx~7GdjOX;*!=UT2eXV{9SgKIeiyI+>>q!z
z$FCN*v0(j}fOKd4E=Tv<JASVp*4Fq9M@{>le;P`0{BB*)*7!A?@&m{3@l<=qZ_#em
zk&`}B<JSot68?E7GCboqS6-d*n}yeQjo<Xn?)Y77#gEP4pA%W2t?@gK1+f0zW{+PZ
z?DZJGAkv-jdu)CC$FCQx0vMsa?SD|yzQ=DIN^$(&zAIz=_SFAe-^m02eOc)D*DTN$
z{N*eF_-}RK|6Jfd4(TrZ>-GcwL)wHNHMIkNloI&w+z0%(<a*%0Hw*kR7HA9p2`m8k
zZ*kz?BJh_Z-G%?d{eZt;oA9HicEFEP0{<N@{AW`0hd|QJnL^MvaCw0cB$7@zNl7Q1
zn(li6W_6zXJ8~&i*Q24puaDxY)ZFG$mWKbr(gFxTIM_FQ=X|)zCN@P9Um3Ueg{~MU
zc&`H@DH!>Kz9_CJplbN@od^{xmxF*RulPVs=2EwJ>i+pX>9dpH9iNx($ud5lblk`I
zEM<XI{;N0J<8#DkGCm8D?u?Iy9<`UhPCK}*@p<$8_KeSCD8=zP;jjA~p9x2_H9prb
z$sC`%N?MQ4+4G$7*_p4#=OZAp)%c8sY0w#;)rd$y)5z_AaeBA6@oDbhj?YmGvW(B0
zEYQ~cS;zud|Ndl;Pwi$IpZk#RjL+rhQG3Vdby%nN&Oe8vrhU&J4W&3fx8CkxU@!8w
z7yi4m!2gMFAMh__0l@!92mZ98Po%r>zqcRo_iYn?)YK06QA*&y&4GXX3wf{z7{f7<
zdE5%7(%*|6Y`FPuCm0IyKjRNj_67>j65`-1Ob>zY!_RG{r%p@D$*?mULl?uJw{-oL
zm(%;Xc1P~CUZYdxN9W+ECSxPQyBN0th7g*YZfbh%hVS6~7l@Q@xN;1vG<VW6VZ4gQ
z!w8D6*S?JNQHNG0F3ST+gKBBq$8n_R5m8`tlmAf`c5MWt>Rv0i)8_QschW7!ga7&l
z&@>s3J(>}FgZ=l|x3Bwb1!|FqF|hi{g&XkUw%i$4;G7G>E_T#k_{ZPXKV5qariqqc
z)5mep)I;>dZe!dtn5N=B!}zid;HELncn_v29B!bk5LY+j;1|QUPl`t1_YHg{R+<A`
zgCFCMoe77$HPOQ5KHgG^xP`b%xAg1i;o71;%}ac-b^7Yf$d9dG?t{xvlbEQ@w}x#&
zMal&ziSU?c4{_yHj46EtTsXD(YFJ9k=BShGaKEGxQfEiX+{VSfi4mp)<#US4;?1!E
zfQft^9u}Qp7vIJcw;0I8R=XmBRgONf!D2bo_6l$a!%{bnNF=cvjw5E!ZDW3DIVXzr
zyMWex31D~w%7$uA_QldXwj1lJrz(7A7u6q_l1|YU`3u>h{-7|cLpa?31%k9<q<Kje
z&*w{LLM6*$cUboj<?>*YAMTfVPxvrK-E`Q9i(}WL2NvdNffu``r++XlcEfc!G<zbd
zHKXSzfe_k53-u&MrbUZiPsngYq*$T0?nQVqno;LINtUe55kEHAv;9Ls_#NEprY^)e
zR0Q!d4_5I3m%|GRu5dU4Wes&>^p7>A9b%v3OeDu!<9LslfV*_xH(#ecI9Zja-d`~r
zr338Sq*%wAybi!Wu~QN~#04l+b5e)sP+%I^hGwI5S8NNyYSGA+Ydnr4EbuIaTMG%_
znLg(>!YYmuu@B9UIBTxD8H)xALT7=>)u%D}be(Z7@;Hs0e?RJcYFU(JKFtxM*Z;fb
zQ&Q#=973G=gu^R1F1_#R^eRTC)pW|>7ww%-e(!ur`WJ9I6?&#qVtLCMaQALCn@X3(
z?rL*3&2BZD7#G1MKG5rrHJ>n#IS>D@o=?>XWz&xNRCLpx^J##5y3Xj1JZCQPLHr5E
zBp@}=pI|Nwei_*+zw;Vd$InS$mOX#dYAb*2Uh-#K^&gWxzsb(;kv;zgyZ+B%kjv7)
z-`M#pv*(Yo^B>KgKhVyfyO(^sf0t#?-?YkxKYM<YoqtUB{0Hs)9@+D6u=78MK`tBo
zcK*uj`D5(-NB7824@RD+N}-3ocKK`fEWhiuJ<D%Gn$XYKJ<2Oxc~gNgtq@BnY3!Md
z3Y`4$D&P34T~`OG3u}2n`qnDP2S!hgDQxugS5MtA1&gzjg!jjBSkL<oFTIR+M99f_
zN0|JKciisleIFBWDnq-dzq(a>3tH8;s?|GA=XvY9At$r`8w$Md4nC$GZsBXrN-x5l
z{P8N^_#LtZuWMkeL;r}c&J+IshOdAz{%qkf#yPKA_*eqto#Jo6Nx(SP${%6p|4(Lq
zFO`2z`d}1r3CzNG!1#KSs(;rjR{g)q{Qh;7e@^;66v*=Zlh*go+TS1Ud~ZBxr}dCD
z_iKwk-(cr|4uhOG*UJBmoxd`B{un#|(X9DU$lT96yrI4s10z(B3eninVuU)rd31qo
zgt|gm1J6nCco`_5_31pMi1ze#u|8GFE3~ICiS;QYuLZtXgSo=#H1TQNfK^;*_D~dY
zvgASVoyxtl9sT)8S?A74Uu5^^HKcg@Q!lShf1Z%nHv2OdMY8ti&+X{X8TeSBdgmnz
zKPO9zu+Ay`6w9mApZ@aNW`Dkiy)SEjQtjwZ13s4i=yrb|Ly8AK3*^=5&rR~$W`8b2
zkv;okY<kgZX>9iVCOiL_?D-Gc`8~4d-(cr|4uf8n_J3pNugso5#?F5<d;UN>e{S~t
z&UXG~d*oL&=hlDSDF<iy{sBq4Irp#X<tcfYu3j4D<qY-mn!F5AFTA0)Ik&TV*(5I?
ze<iiS`i7k6)eGa~H0R!?Ub<rWY0jOdUU2drFJsjUB6i`WNWBb|7r%NLAusE`l&Tr(
zXc9JCqYBWj@mJXNnsYZwxi}6mU}lfngg4_4lJTU<7^N~6G2^$A@duSLOl8zDqe?Q)
zP#FVM#sp@ZAQ^=!;~<rB1TzkmjIGkIcz2cY72b?o$yls1RKVs@4b1oqCc)<1l*(Yd
zVsv*tGhUaB$tokQGR|YhGm<e_WqhDAj$y_<lJV^qL`r<M%GixJW42_xs4|wRj8~X(
zxn$g?GXAYH{))Fr>50e@eFEqqpoUY?gDF7QDSBA0UKBmtqh1s}%v3Lm9?nuPiXMKd
zUKBlaS1*bl3<0T5(L<wpQS@+^dQtRnm3mS1FhRX2dKju+9D2A2wHry;?3#0rlZI@1
zIDr{cC8MLtu;`%^GtQQbHBwpJqK7x}W|T?BJu1VZhx?c@P%@^d42vG7F{6iMoUAe|
zdN_p{+hDkB&h4QxEPCk4jQ1tu12rTTJ*?+gHA=?AD#N0O$C&YV$+%i&SoCl$Gj5WM
z(^Q5<50%WAAsGj$42vH6G2=YRFt!Q>S@dAyZBn`dIYJMJA5rye8BX;?Qo{?;VY9b)
z`&tI&OrsI)eM)orv4$`D6+D!W-C^Y6WAjrONAhSK$t<5y9|)~I^*s$U-rnj1y_Ri5
z{}HS#Icf}^j5#RXoZE|uu?~t);CWJdD$*~UkMdPc`LkI5=TiO%Px(Po{uHEp^`Fpq
z;#llk;UWaD+#YUd>8K|U)03CO1KiMy-l6U@T-r4KNSqMX;&*}Jg%juI;WTZbUfLMF
z66+YQXEZ(+gWQKE6uxg%;uKK0=)==e{^P?9-*>Dm-L7k=E}_SM(KcL_&JPfG%^x)W
zb|1Ao{vb+BKQf#|twl>2eP!-Sv?Ar8@cr001;rx14e6(u>NC?kJr-JCN7Ww#DTTD6
z3WTawM|`MT-Jv%aqqMp^So~?QF8(`=(LU&r-mtqv1gC(tQ?}~QsH_%EFI|m$!VqkK
z*_DVky}RF)1)-YfrFz`Vn>x49YRqTi7O0W1{;_jk8-v9L_aW3{f{?_yQ1kl{gRO$c
zpRVnJ{?lewcP~5tHH#>^nH;iiMCIv=&KGXCmrYlHhVg*+KF&yAj`K0+VHn=w<!V$x
z<6H)Aj?}_MuZA0TcRW4i#|eogdc$Tw%h+)aM2A(Tep9Fy;kwLs70|mnV6b%Uly@A2
z0O$q){T|PKpQhLD>UX6cs(C>HeNt%o4Sd3h-Sy^4bh<z6v{XO14Pmk%%3Q;zxU^_1
zF4qHixBL%JT76KNxI8aS_2{sAL;*{U{D5VRF0i_dO%1{Ml_BpS3a+YvUmEA(GjEm2
z6T(TjY!!VKE_xG6?rXaeIj6Di<O!9Dq2a`N(EfuW(Ul`2rJqLoz{rq^&h#Z{%<4Dh
zE@!9*(=EoG7dV(!ath}wEv2d4Q*uSb#<{pc<H83)lBwJ#zcRBWuST0K(XKUDBZ6qI
zQGzxwuEzX&`L!59`b*jb5v>Y2(_tf`5#pp<S{oeP_D*!#L;SG^s5x3^oRnGP-ENH=
zul!zW{Or$}HD=JuTYBmC=p`YZ==z3o{47u%CR}-PP!mTYXHM?KO`Q<M839QXpQ1h7
zDQNryWs;RSbuUJXBBjA#?C9E^hsTD6nsDI?Na^3!<d_9phMo%fbZuON*{eKpDeOAI
zV6=->4pCDwaShAM=1;+Vp08%Wmgsy~kZ0cI25VV#KRcHD0*atyJxgx*C4#ju3?voJ
zsZkFz?Yv*Xh6A*0zs3<O+k|%>NF@{AU!$5#c%Ma?{|da{eu5sqdY%LCjd!~6E+>mi
z<i3U?fNd2^ehtic;C+s1mjefcw{tdlm04eg_!@hNcbCr@im;hSGp7DBX!k#f{>qqh
z58G-?=D;M=tqHmfj{CW&9(b5W-!ZU~tsME)D46Vuf$twFy&xEf4b&ku<m6n5@CJuR
zM<yD!zsst%iWO!b9JuS2=qkmc2is%*VqyhG9S#D{4AVz}TjWe#YL&PU)MMgo{it;t
z0o*@-p<?%3#W79|zw{0lJr4?<=01*MDE$OWzX3$1$2#P2C)28cGNQ-0+93z8{Z8B-
z1V7jA9Y5zA7egPk2YyDOe&A=i7e7y+py20lg&&-DB$q9Wok9eS`auYSQLrIh7;UsL
zB-6`$2S7i!0RYZBSD|RSLeXh|bx{--(#}nx7)sA&=_i2D^yv<Ye$TX{fi|LO+3zhB
zx%0(CKQs1@pL31V?#_arLr^*JbFmjcH=&^5r=P;l;p7}87G!!;1A5kyNjg7qNQc)u
zwxS)NMp2wjlKT))KJ+mlx_YwAsOv#8C;r97M^vah_Zk#I$!l5i9$+uc@Ue=6T+FmX
zfFt7LUswHLe4KdK|3lrIz&BNN@8ex*pp}HZEJBs4MG;yBX@yEdQ+fkwsRFWV6+{#l
zgj7%{i)ppDG03aF?z_J3>+AA@D6~XczzuL;!3CHQSp+F4h5Vm$=HBF{O&8Jk`~LoZ
zq`7ytJM)}b&YW}ROawemLg5YZScZiERXpzd0WF$6C5XqF_lNM9!M!^ES|kA;*HOxU
z067C5lPT;ZU_^NQYe5(ud|c2%9)7TZOob|+RuAjLw5Y!qT0D|b0vbIQW&rX09XfoC
z!d9YhTEW0!qVM9!!g=13?ye)Jmh{%B?eAh$`=@e*vz-<Oh7I($(A;r}_0nlH<G;Nf
z_47>T);$brJMIg$?pE%T@pm8zQm&wsuLB3)+#t0VQP@DVm?~5|KR7|i{vWY@mp#;=
zeVHgjYu{=7C9Qn|eeJKe@9S--;Y*W(?YrjQQ2U<dJ{JE9lAwLBQp!(&grR*8QP>!?
zncBDO#^&00iAKL=4>oAuM3jN{jRXDi_)A**k|VdTk50d?A^IhL_oWv4)!v2#{QY}W
z@q>xnz=uFU_dTHou18<O0{9V<pn)G#$^(GHcSDeXt10X{G@2UNCfLBBeF>&7=qtYf
z%MGn%WrAJ(%--+Nv(Y6f>=Bu6?}WF&?e;Cd*gb{OYq}EilJ(V%r~9XJJl$*nS5XD-
zndq@KaJq9G#uc!TDYVex)J#Y850pCH?mD*L?CL~`UB|kbZ+jEPu*ph=jZVSZQrohN
zqD=_)y+N$D`m3Yg4~{I~yuPD7o%@4xRkX`v!2RJ6JKTxpWo#6?-aHIXHgua;8?w5C
z?Hw%eurWHF{oE|X?h~I&G2e12?L)JU%)|Y}beV!9`gbMzS5(Y=TOML?rvMxcZMS=r
z?TY%bQoS!8g7awg57&<{)cd{I>>?*t8FfA~^(gRMVX?b@-cL7esH{E1;a|J!1Mu=Q
z=sY=esr+piv1;G`1W&l4OL6_M9lomZg~JWLaJ+b4Tt=OLrsCRF51&98b-aIugY<LF
z7RR|3bBDNea|cH{T&CO3O`#yX+R{@fES<t~D6ELWawx2b!ip(u4uus{*c`>RcPSbb
zSMn^`zzhJ5;C|@q&<-2^l#y${*^+cFW!i7<kd%%@a747OWQP*H!JhS@vyT$}ekh0e
ztweGwjkCw_NDBjrlD#$9F5*^J6Ray}Q%xp5IKpr7o5<1v>`_}{-2e6NVLD}Qg5>Ep
z07I4!$-)94eLDy-PtqV5=AgP76o&7G@UUg9K%+7q3j-wMRSK&L10-WJg>4T5B!k)p
zzg~X<4@Y!WLDqU_A4jxNMj`Ql-*aH1<53X3gKlUmG37<=$*UOPhqJ5e&`I`Vgr@}A
zJIv9T+QsT;X^7J84JOS2K(aV2b%J8d+~B;VOM%1qk2E=eVFqCsz&&|@VhYj+F#H_E
zt)bnAUykit5d|wA*xX!U9K4FVz(N=3RUgN$_N)1Ma5(ii4dP+SO5Fwx7xbEMo5Z8}
zIIfE)(<JHdIQ2LNG^`2WEuRN8&N4;$4j2aXuRNenHw<Vn&7lE(-sgt{m3ic(8=kvM
z<H*XWlm_%OJg8RjfL;%Cwqw1_w>&^^)q7%4zZb|)8!oz>*JZRP2`BB7?vMc(;7*wb
z-o$8-AHg6$0*6dNCt?TWAWt^C?xaB;@YUnTu41yg4wiE};NYqXGue9cZ6zoNJMWj!
zAn=o{OJjqi4{`XO20cu^U^KOZ>q)-w;4n?A=a0xi^&|)Faw0ear)#Li@dmXBBx527
z;EHb7PD}*fXBZ4VXne-4#-Ltp!F;e1-Fl@3-FkHj1*K!iuB7>3WjclBP*@R#(R{G7
zh{B2~Yz~Fde6SJ&tTqMXJ2)SB2E9uzTrel-{`G0l>~CT|@WfTngmALr>E+hbyA#PJ
zIhh+)!4KTFl6`V#Ofv%6Tge$Ag=U20;EVt_6Z=H$w>%?QFe8uzgJy&jaU6;}-%h-O
zxX;KLLBmA<o&gWrsugI|s>i|rS@kM~RfPevYBPmx4+CV?e#{4}8sU)?0gpt&BM~5)
zC=Xg&E$2t{&!sdWoD7kRORt~A1J~OE69XOv(L31`uWcSIcq&Sw{BTGHr#_9m-bj}n
z&pd@W!IORLW!PE{y`5|=X@0P1^FxaGf)s#Q)(2kKXnr7h2p06Z+epg~EzL;uNo(D$
zWCMV=i{#sO`F4qXBd5%WyIQ`HH38mklyCRZn={GoUh^!T#3lIf>J@k*=lM%Przo@&
zew>cd6;sYm@VVW4f3(wYcMt0=&OuuLc6>VraVRlYmY62r#>h8|e48TQa0Hf8UMb(U
z%eQ&*jZEqgM?NS~CJ8I?=9X{w$+vsu+fw=VB)^TEg=DYD$09tgl#iKstd@@{c-$l(
zF$2Q`-r{6&BQ%J(VL-fmH`pwfluHAH6ksYQBQA(&*~`$1AO;ugLjEsfB)Vld*-SC}
z3AfW_j6}K&XC5eqZU_-cGDf0aRw-kuDCPi^aQF^Wz+8SaVtmVFG=VKXk<k*)ve#rx
zCdI6hF%sG`I2fRhrBKYHGDgB&cE5}vuZf~u#%yQk%5ctztByA@TgFKE%d{GNNii47
z7)gq<5}BupVur{VNtUv!WX!V^bFz$Cif0V`X)<O7#l&(9k*n-N4qm)K?At&Pj0D}v
z6d6`5zL8-dVA*gPrifY@21=HlC&SXk>oN=+M|nSl`Od~4vc5dJEKK0{-yJUlP>I%#
zml&k||Lb@eSu4lO;(s(AFJ~ey@_4bxm<Z#gu7>kO7%$(-m<Z!#os4N}ygVtRBa9bS
z#zYt|*UOj)<7K>z*)IFBal8zbF%ibgDKaL)cu9~k5ys1&^$f&P`5ohU`GjM_$IDt7
z7B*g9kYQot<z5*UHeOsZtkHORe{rPo0%3k-XHC9;sY2S0Q>6VhE>q6LHZaFM?*4jQ
zC8yQ}#(fF1es7>;huyO{UHmcwhiKf3Gli>?)DVkv#Le<yqPRgmfJxyA*LNA-X~f!5
zgW!Ej<1t{NMZ+ieI0st!RF+}0K=$0ZnTmTfzW-dkjpQ!h2gV6hV11zEXJ{9v8CiGo
zKN{kvv22o%A9uJYO4jv7^Ul$=QeuNj8-ICi#>vDFl6z6GFt2hrU8Gl%D001r=(a~V
za<qe$DOR!;&YIU1z8_<S%E`!GeThl*;$(X$%>pHBH4#=zb~%!fHV?@X#G!SE0vUU(
z<YG+CHCe&Bz@1+Q94PZFOt)iGh52ndj?K7pi|nw%SLVUV;lfNY5JfoDc>n;1;ZNn4
zg*oI#Qo&)gB3V17Hdnz%!KlI_KgxMQMpYPoc8I2tKdD-AkIhunq;(XK<4#(J_Z&6p
z7TWfqFoi!mcMEDTiyn*T;W9%U$bYGVYA_ofh7pEzv*^Cb+T3FOi^WmSG>V%D8codD
zO6M~MZC2DlC}?akd<>xMvBh@S=NHf2p}1X3k&lXBFs~<ypCbxUyrRyYLq#l5RF3Bl
zEYLr&Aj;X_*d(g{9IZWbs6AQ(7I3k1w+9{PAG|G=E)tin`FHXQ9A}Ydt*`i{&e;_k
zS=l#r0ljYxqQZl`;{0l2&e*9|SAPy0`lH;Ej&u!QDzttj{fTvR&Y;6$`@|ycOFO|G
z^HqJ$Z|R#?Xy5#lHqR63E69_BJkma|CSBY`KH$_Zr-XIroT#FuV^X5)@>5xtEol8Q
zl2^vZAwG_D-J*S?cns{qGj|8PIzLO_bNvzR?6~ZYfH^8^30y616Z7vniVINIrUP`b
zkX3B(8k`oNGs+h*cZfAx;_b)j2{$=e;s@|!RBcY5xpS|dTa(ilO+l@L<yXd6;|LVQ
zXl?Q7m+?4-gqJVjL2S-r+1D=IzV=V;nAF2}9tCF{e=)dQh`*Lls5|@Br$`FcMST-L
z>i6QNa=_)uzM6{oZsg&B|LG6}E6|=_(Ioddiu)pyc;p@~?p`zNC4psw_`-WRetsz4
zch*Bk4Ukg$qoNzafXfsg=^H~IBmbL0c^kIsxRJ?@V^*G->9`(3Y`v6pnm7S^T<pRl
z6!koh8g9Fy{BZq-`LuxN)3xB#FuL{zr_>)IQ!vOAaLX8aOC<^;B6Yl+>=%gNjoNRn
zj-UQzn<%u;FyEo(j_Jpt)5h7F{8{#__sqB6j>JlI70#GJmH%E)TWPjuePCzL%n&d3
zahOL48tkJygIH@Xju7AwR?lZ`Z7#<4>|#gOp3<RErSHYAoKx97!}i)eogw912d|0i
z6m$MMrQZge+))m1fop7Rs}Sz`@d(t|_qliyndQgr9rLu(cA!GPVCWa4OvoC;6w&V7
z6xW7mH8-U^H?^d*QX9YUi#BKon&OFf;?e&xy2FkdY^D}JhpYPr=zT9ppK-Kjs&`DU
zEAT9ib_`v+6nSr4K$FZYnyBY6Bu7w#S|cPME2{wq{nv+W06c@Fe%@Cm;h07@24Jef
z{f3aEl=em|H>^-<v4GIFX`PA6pQCsNeW_#}n7hl4t814c#@~*^IU9U(;-k<$qX_Ia
zNq)o%c!>DDv^G$)t@ucawcG|(Gc~>9^I+4L;n5ER?(E&`(R3I1Z=4@t`j5qRk)KPc
zw&EV6DDDYGtc=duY`%3F)h>D~lW4@|P<tU}QG#6n?S)Uvg_)?m>;i{CGFrLXyGN(E
zHb$$XQ_4rDmQ273fW>5C4${4Za-q+Sm=0H^<>r96I2bot;hJFaaj3&!S35SxrVgs4
z6-PE+*KTyBHofvpI61MN^LU&<o{VWczWh$Z@mNHv^(ARhaAVzeznY&?o}bEAKc4LO
z-b0Dg8kC3$Wqum6l-D5xlGo;^Qaft%O)(bWnHJxFB+YdBSeWzErAM4FPdJFeI#ugi
zKjm1+K1#~m-6KtEzR7GEiG@Ai;vSiT;@u-t)%;YYHb0HN0!d9eBoyi58Om+R%`{s^
zD{#GANPk9V^5+oPAy+}fM6+e=EQDW7e+nmJ(Va+TAQry4bLa50W%L4yT!6p@8k}Lv
z2k;BdSI`eYfkmg@-T5YWp-CNMQb)pa22CX?zd8p0aE{cSpN#ipyyM@<WVlgv7pACV
zQq++t?)+4DVX8VNRUMh?@GME^iO<9CS0Va4F1Adj2@wD96g&A5bKzd`4L|M^Ui=a>
z2WB!;QAcOu)GFGan*&~`5CX2zc<3-P2O+q$%~Du|5Il4ki7u2|j6B82Q;a;tNC8AF
zg|m=?pcy#}DKNGRL6^}BkYa((XSkOy1xkwQrXRa{E5B(<H8w87q6O7|r&rrV<y2%R
z;RgpLeE#18x~&n(Xu1D=fiUiW1Kw^Zpdoz6!VC$DLAcxH4}oEnEOc*_4@b0U@|Yn1
zd^|YW?_jLz#Hd5GIlr}n^WH{3R`;zd=tsSce)Q7%vOd9B-ddV^fPApXAFb$cR`j@x
zjdnRGs;!A*Qmmj~d36Z{_eZ3=Cd?sE<0^77{HgHE($QX@|6qjnBTTk`)qkP=0QY~;
z{wiw!la1PsC8i%+HPLMtCf`XDj~RP|b{+%wl7-R;-vnNur}!)@vAL7|0aw954~Gul
zh7?8W=Yb*%HciBS5=Zll%z@pMcn6O`x@i3k^MpybI1M-}>V={I=sH<=gAQ!hg5-Nj
zgZDJ!d!RVom>&b1oFn7n%s4FAu%k{06lVq#P=A+`z!;?20B;v^gOE%wDY$qO>>OWs
zhC7PMpFuZ_J`^~b5|?b3QBwlN(tr+?=dy<8r$BJ*QLq~rlZ-OtM~mpA!T7jfxDu=k
z$5VTA4DG=Lm6dOCcFf6~6DXl8Y5^(SmZ8)f^IN#@kkU_VoF4Xe3R2Sda{^QWO16fV
zdmT%yKIzKP{7ky#h3lK1QvrqCTQ!E#X9Y{A`cpy0!4SsJ6Tc%`Zl=+P#Qozj+mmy(
z+;sd)!9Pogs#0FX&PY7*uY_`OA6SB%nCoao$+ge}Wlo_7DhX?elw=z5GL(m2M15FH
zYM~VMOG7~s)(gz_a5O#>|3Y*9j&Z@c{ttfSxqcr%?h{|&7ySZ0j%j5Xjdh1smfU2#
zV^tXq?<*tGXL3{Uo`Uxjyr<wDJITT{yh9B(G7azPcu&WBI^NUq9=3L%&TJkbXYwEf
z%Jdo~IzKr$YOvm;3KQ_zF)0)%<I|1t_{4mCc0wiv1|zf*74=A15O{~$b<}IL(8lj!
z$v?=b3V%29>*ZU`%kQTdo|!jrtk_(?i}$7eK0*12J$jph8$hG?6Z4sDkN&P8>rm;{
zc2dg{Ux{H?GjFKU4~p!Aj(&bNUmXJm)W0a6m|2)5e&c+HXPvLbDGNwKgN**?Lp-w`
zb}87kXrs9UZVV@{1FLD5;r|ESy~ipIqnT(BYJOnLVM7z;{E>i*z-e~q0II>KHVvfF
zG(@L(Ien=6f6y?0sQ(c<OAY88gIflFM<sfjT`f%qEcWPc3$lJIosQcB&{6U-m8{x%
z8A?Am4*(KB=}4gcA7F`8RJ4CSwZAmozdF?X6>!-Pqgp6W>GG*rROgNa09~_%(ic79
zk7aKV+e6#3=G%|;<ErD}o%uE;lkdX|Bd;HMp)}$-q~X<d^J}eKKdzKHX#H4($B64k
zE~ojgt{<>O-T;H^7~>ieTt8^ehh|ZUBhtHZX?nofi+jV++!SYbcY}4L<Y%p8gjNuV
zb8vlt(+etV49YSrAEEUlRu2zbKD7Bc!uny!no|!?8m=l_9+sc1?$?)u;7o4#KCL&j
zejzEopHr`=ZM=L?edPK<>kZX6T}=-bj)kL%^<r>+u+NCA#<X_52pkRO;`L$-a{l%8
zqF)Q8oXC3dW?^u>*u;;#UaaNEec~DXqHp}K){E-xF~Kz>(t07|<(h%`{|DC#64sYt
zt|Y^zVUN;+;fcG|xMD!=VO%k?uwu~2ZD!SYOItM-mguX-Q&N5vzFw%bUc|}u;;xA6
z1&RDGo~bJx8qW9O>jiTOp-H3ha?!$iv83U8(HTHIio+)9gp0Of6dPBJfmktuNElZQ
zoT=eeW1&-9HQtoxq38@o!{s7QUoQUDc)6hFPq;#Fe&hOU=PPKV08X+HJMtU>xpo4C
z1|}jXCJcvrju@qm8^VH%tq@#{P;Em}M%3Ddu<(K&bn(TtgMEP!Fl`tDYnw$wNP<Cc
z=VtO>h5t_Ezq9!70#QHeSYT9b*}1gur2j_XnRcDT;uzS%;G(DTw<jHuGmj_!EPjF%
zL9eemKQkm?Nw3WxM8($TCu;(h_Xn|nB}MTp$&p+!+zjVV#6Rrlb0NxbQB}kY)Jv&#
zkqV9et93nwzf>s$??9C@upV4TaJ&}Z89Rb|SUKMcy2FcNP71}yCUJWZBM$zo?Qusv
zZ`|WTIYkUU4(Ier&<YV7^rU^ll5&B}zp(s~d3wlNn5dApK%9bS5OaYT<ry{{TSJGt
zSU940iivvzfl=<Vq15ov?%PkN-%;xA@?9<C_YsIEy5u6Ben%jl-w{v0l2&Xj90p0K
zK8MM(6x{}zBixQQDLB{AAD8vH7A27IY+c(eu8nb4)sX<%qaz{JTt-F-kP|F^4g2J7
zcjM;4Pax~IyWdHm+DRuzl%(t%b9ra{!kHSb$P};`8Pe8bE+f+^M>H9cVz&GV+>Ll$
zp*eo=L${Mqf1BuxMFz&x<R|et#BlZ;VRuhWNCVGW(#3z1)ISEdpJ3!>>ik0qF0+b7
zDH@kqsE0c{fX6JWx~ZE#Tb~bu3CpS$V1MC&+U>2Xy143SXAeDB$%A^LBKq_L8Q&1s
zOdFJB1<XoGrXEc!ZONHhRY}Amv4e~Su(>w2F~C<|4f6yor4{K?qO9h-+Zc%i?GQEo
z#e8P|#2|=)r~{EY6bChU7Y;-ff%}ckX;IEAYHX<{AU73ec?fkaN=%6=8L7D6N!00K
z5>+&2-LaGsDgg9Z_oCP|bh$uLI@KI4ij~xlWtpxcHl^GVn_ALE8ZO>44s_+UUGr&~
zeakDLea|~-gHnTw1fely3&%-FNQ#LcUVvgu7U@D+(RH?1sHqZ!{Y4l)yeV#ZiS=gU
ze7q9HFS65btr%4toD9+4z)l`E!9Uu1pkS1M)ek_963)W56wmr(h%ofoNRD1N2!syb
zC1We#j16^o-+pvvl8U<DiPdrJCKixsiPo@1u_;mJax(rURo}_)#^H%?DGl07!T%h%
zLId6qP!RJQkG|+nWcYb6G?jL<_MwHD&Yp_rLU`-DIK3j;pAy=ONPFS8_S-QtsE4)P
z$k~c3m#7KKp)a@>C4!*%+R!m6C1qT85#s#IR+1>tACpn#nFUidx@0yFshQk~*Tkk|
zY}DIb-PWh-gvXThCF{^J&hL2%v>u3=gh-Ttc@1+omveWOr++y{Gv*GiL)&W-Q>d{-
z?RZdo3ex)T7I#x;P`$!|SEBZed`a!8ml&xH`C=l93Q}A8N2DIF$)@4Tix5UFc0o`E
z&#S|Z1_DcmrAE>HT-+R}9$?O01L-rYZNa06$u^!?TorB5D+6LREgWv(ej(=Uq)sqk
z?v&<mTj>5Tu;aBETMN`*t$~ZMD<x~)vpF*t>;^1}j?_3~AK9di!yp-lL2{BD8W1^<
zvIc-%@ge{_zMKb#EbE6{;&Bg)jn5tmU~3*nIxPCAtV~;5C*Wpf+-Q{aeGa&liK&d2
zS9HcJ;nsho#4UB2#H}g3ATyx_Mt6P2HIRt4`vZufZMbK6rA{_lze2FV$~7SRqPCci
z9k)r?%Ir<TmPEJAVMYRW01gW`d9wX&1f_>aLdgy+fuO;>6i49VX0D7{Iukc_`+MT3
z+tR40MS5^x2?xi~UyYC&-bu~k4fARZ??cZ6@8zB#-WG8Ksz7*8dWP{%l6WUIf%of3
z1-yR&aj2g@g;&D+9h=1ajVaCJ-Bka4=txWb^KB~w{ZqLFx+kxLE%wiJ*{3|5`9%8X
z`saYxB~Snd=WQ#>BE0%N-J1UCLMq_(4&#I~{&*$4ZqJo?l}&CQucrIw)llYX{j;i>
z{^`nL*j_A?u>Cyp&-Kr7oSph7ogqXI#gv}4LF=Y8E|yX^?X`-Y5TSKc+MO(+h}aYE
zrv=Xf_nnnN+%00`aEbeCPqn6>CjN_Yw=v#cQIAZ7d*=}n_oPXGZ9e@4+NS2`({`vX
zCWdoe68PD9O#*M6PoX-d`SiOBDD{c-*DlWhx0lr*ZYJ>$ltumZrYBp|Uq3-A^w%W7
zN8|fFyb^BT=1AN=ozQ%LZEAeK1MO7vczvDCc*Wi#@fyl2N{i#0r%{u5i8G%FUOWB;
zycUCL36Af}P!{23f1)*bJ&9Dn>s!XjEAGZC;q~HhiPuvXpBP@ZLsi&3Ue6C>ygpef
z@k-=%s71VTWdADV%qN1^n@<6+!rKgZWuPp=tNY`v!D}8;0k0PsC$E@+SHf%21rjgk
z_!Glx>VcN<x_Kz$_2d$X*EhT(w1`)l#H)Zap9o&%PXe#rw;J$@Mp=ZH@6p!amHQau
zwTN-@ia~fKyd2pQFWa~i!>j+VE#Wole8y|uVu{xayb!dAmm={xnKPdVUgMttUVF<7
zcx}m&c&&P*HF$Lbs_0)1#>p$<@Je{~8Yc1TJod!!s>fNc=Eq|XR1@=kZmGm;Ay5A;
z;spaEn(y~yQsxuE>$Jy#*BX}rug6gq^)L0|*5LIMQUR}CjFVS<idVwxm-8iFKVNua
zczpm_O!Ii{9>REaS|srr%`0Aucukaey~~+T1g}Gn0<Yz_81T9QWf5MJ9%>C<uOk)k
z`h{@<|BF|`>zyo#*BeDAhSx)TTEgq?^BAw6ZkBlU<Q1<)yox1W9?pCsc&&#!6>-Tj
z1722?MR@glur+wOkP3Lc!#IKe#Vg@;d#1#zY|M$_b<Hm=;Z-@9@p}CxiI<;e@D}l!
zCGncZnNI|-f5IJ$7_iiUR|k|uc>R8VYw#NT0ONH#<Kz`Kyb@khhe*7}6-vBVe$zlW
zGY-O;t<E%~kYbZ-QylHR*#QV`z|Cc-T9nU?KZ-$ElPul`pxO+?i6P&CWb9&1_NB>U
zNExRYpP1lzi9}*WYBlL3Ghj?dC#K+%NpVA3aFIyFMm?hr@{&$zQ90(jYueVR&Q2-i
z&Q7T%7IniEFMnkvS!Mb^gdAWR{IrO=#Zqwc5iW}0%0NQrNK9cVoD_>CiE{uW=Y_On
zCZppOy%9zzop+u@X+VKQDI_2X*>eaIDN>bVaX*BVMzDXiP+EG@>_MeTfi6Yl?LQ2f
zNEo|=PCA@^F849>d=kd)6Swga0C7<5ns#UxJe|`u2D^kA$#TqVK13Cv4IxKXXA}O?
z?1bG?NFnB~b5I<bas6PU=$tENuy?SkAF|Oj3&tCC0V$vBYm^0$Kw1}7nafTEjeK+*
z&Pe@k;=|oR>NDZZ<+yefqPl>2`D;{F_gE7QqH*-Xk@ch5L)Tz5khg{R6OteMyM>a_
zc?R8<VRptITc&VcMd*`ACl}T=e0IX5xa|<O8ANl=?l@G+{mtJ!R2a+mbeUbQN!~ZG
zy;K*=vag3#B>nPteV4>}RCyfr#z}v3-iOv2kV-DJi4as7feHz!a8x|7IF6I*N?QGB
z1BtBu4Sy(N^dby#Ty;PP8EVDJ_cYyMmmzKy4GsS-RHS(AUh1S?aTVnOwU?bMJMB%Q
z44szcuR(DhTFZh_&mh_R$byJE+|%jY|L$<g{+Gb3VuSw2{DlVz(E~r@9#|)ECm3}<
zlET3!3OT|eCS(?sh6?RJ=TJcF|J3vUY!};$!hN{46o!{<Ol_EEP7^ak!;ZF=kb(VK
zYvsSi)PMFnFM%~E#K2=RozP8^7<dASfxGMa3Ny)n6Cj||<iEHcqh<LoVeDVVoyL==
z%YWB%FSTPnOO)LuQOdp7spAqM(@ac-7DewRx)t^c_*@bFZbrkncLeS_6c9J#3X6BS
z8$8+S`K4w6)AyCRlD=o~s?>nKm|tE&vewKmw^4B*usNfN`DNT#tNKCY$wd+Fab{Xy
zW|2f2gOp9h*YWxSV5$fSbNOj#U~uqYW!R{rxS^#%XD-J@ML-LZblq2vK`GNkoV8Qy
zIEu)ql4_fK?4Iib{vL8Z(E1MzNsZJ&Ils1eCDEkRQP(#F=c7rs%<axIm8{vOQX9`n
zSoMQhH5I|*`g9ZPe?)6Y_=MM6&SCk<{vIo7>hT@MBE!lA-yYV2&`Qbm%Bb>vLm{5*
z+5bc*iCch9Le~^&6UnFlXlf!ci_AL@1^C>GkB%q@VHU;cUNoU3Bc8~cK2T05X(K}u
zN=xIpu}TN`Mq&ixa83iQ&J(1yl{2WeRBR!_@sdnpKYP|kCBre_v(8L|zC(y_i1M4s
z{y_pt%kcFKi!JMj^D?bi|2oAz&y=ype`;vb4;6sr0wh-FnQU3VJBK*3>Pm5Di8-~f
zZ<c&0KOxzZc2uH&J<5#N)&$Pcv`(k-n11IjkZb&n`j|dzMN@=I5_cd@4)uG5mk0{t
zETr@x&Ru6q;<#-g;$S{#nx8wRS$@tr$3NG&lqZXrpMvx;Fmm=Va7d|U!pS-w1Zs80
zR@d(VD6et6MOzxdGBWQ59Ut><pQ}zNaGX%!#1Zd?-uu#>fMa9{4cS`J`;Ml-=pb%E
z99QIRp8OsbuQ3u>|0oj>S=L`7a#OAW5z@DhB}ZY67a+;zMuvsP9<jMjhrfgl@)*{h
zWFdYCAwvlzi+ieu3>FJw%>qR^3XYa$Y;|PqUq#%h*@ojbvbQwJFtp`)OVhC2^$#G^
z-zkxaTiz5hNn#e_BxCT1c!<I9igA=4pj>m71ZBnu2};QR0IsPTt;rISNfCRB4vD#(
z{oJ<D6m$8rG@6+!3mvLzFbO1!hqp(9@`+$4bGWZe!D+d9dGN7ochv`+qcb+b*RB(e
zLFx<4V|Im)SU?Z=u0I-}->yS19S>4J#Yq<~s^m@bdlTh5hg1=s?9*^zq*yaoqJ7Wp
zO`&ZTe;|(0_8r0ODb8Y`z2Yaz0>F><lYk%0VZh~iYPKA3Ut>;j?Kl?VgK`7|%?2N=
z2gbgOY(2_X6Lg?Xn6iAdk;e>U#>;6J=K2tt%@!u3nX-FL^U}d?LznI(x@-&5LH6cX
zB?;g~7Dt~k`;y6}#YQIn?XX0lrC6fwfUz#h0j3klo?)r$!)V_EiRKr}f##eWB$|r*
zPylgUJw>!ND6FGP+KJ~8>$4)8*v=4o#eE1NC|^yJP(C|6G@!@B{Vl-)Hlo#V{yP$!
z1x>>Vp-!vdoTl?@;C;i;to^P5ny&@XObwzL!toxoXbk`WkI6vZ3b6dk&?o=l0g7kN
zktoJgHizO2#QH`NiVrY)UU3mZ2*s<<kSJb$0ij6vHSAfZMS>z@4;!P**6hv0o7hGC
z{B5v_8GB@x`HUOMXBf#IsfK$-dd5atoLA|6Gt$(DPtjESPqg^a+tK38>t%~ADr!!B
zI>PSVi8wju{YyN{E%l0GN{<#VI9;}QPWEpB+OM~+!Q9-r+GzqfguXPKrU$<XHrUu)
zG!iZeGU|9yT4h4d2^6JhoW3p5367RT7vOSf`LngHQxR0|1hWtJL!K5vtDkeD)g!Kx
zt?p6LRI9r}zXXf)HMIVP>UpPlmfMZ?Q%-9CX<GY-{TAGRX;aBHFpS!9tchudU5_{H
z932~W4u7#G%n0l9pMKo{9-B6YYs;YqO`0lP8^Fusu)7U=^cLo;#>~@_N+6Ydtwd`7
ztxb=J1aZ-A5P&@-+zg6W<l>dUnUX5O89P*)pNT<`a|#Uc{uX>1?^ipCH@<2HADenW
z?>c`GpG#HXb7Z!}XLEUT_?!dufX{5k#Vh*amGBwbSK@Q-`HW9+{QN!ku+!T8Nqg8|
z`katG?6ePcd)S5i)Ovf^)ooj44?7O^I$?X*Zt&sH(m4IRTF@T$7&u%lM*c8APxi1s
zAqMoB;yZtdanl{i9(JXk)Et(S3k>mpEcSD^#vWGj{`c%*4f04F(QITAduGGgCnSOV
z2c|*Ho!8!q9^d9F7{q=CgIMF79WNe5lAN+V=JN5BmS&qdu=hHb3}VS!niBoJK?eK8
z$t)xJ<T5EEiA^PgSQfk9$1yxt;bPR-G!kc);izg9oq#gjT`KpZd0^decBu%d;IRR`
zlbx&&6WkC^@%dvZOj77z8K1(ztpvxMFqzGR6=7bAv%TBm?`qhu!nmEwgEMb3bmz&R
z4@V`#r^kR`w%fp!!TuvJ8J{gt;fjWSyZJNODb3IH($0St957O?`qD`?R13$|oNf6i
zP{|N~dlqx;k|w<HtuE(g!%l$2oUV;+f&?gELgELRj8{aXMXh#O1c?M8SDMgE%8R!3
zHg;XvAOC0ewOjLPmZY<m$q--CR`k>|bfwiZS><A|uYC>)N$;|3DP~5ky}%-9U+Y6S
z>}yZGg(gm~_?nVoB0X@joJe;M3UROhbNgEMpBv8nN3yToioR*EuYDY^y1a`#f=0Hl
zMGsGayaw9=wy&KMW?vge_O)s>PEs1&gV+GIyFIX_+g$muUo+;l<y<sY>RA6Rf7!ft
z$SolC<{8ujYQ?jQTW?-lkF-!24Q3*H#U8v8vEzG5VjnxlNNn`*rtC$VvTyo@tVNr(
zul*yL=c#k2NqyuLT8LV0U;80v=BeyY+SkS}17eR%H|Qgmp)48~SCzI#AL&IZ=x+%>
z8YOSwm4N%8hXn4u3<+FQcr|Um`1bEWtY!OJZ#Rameu{)GwRe-SMYONIo3oSs;{TC-
z?LU_Q?*W$w@wSK#r~>PM7c$;0*w>C-#CYG%I79!7SHgR0cZv77^ycwys((6Kw6C4q
zm4Uu%vIKfH&HXL+PtCseY|eZl{qu^&!0UK%5HFMXp^L<8<ISz<pM8NU`sY-}3HIN3
zCA|74OT1DCHjh`+{j*2w>}&g?wlMpdI!VG-*0V|2BKFVUI#YV;pJ4v}FYRmhECTMg
zUK+&RBCbMJsGnYVQ)~L^3rGdre+H3gUU&$vg!>y^CGIbt9X_EpH9s`fUmt4GzV`V}
z4E#?MB=Ctnngl+AeQhacK9T<V=0f0Bcu5d9lgL0>gj@Fot?94xkP5iH$aum25wC>X
zqAn6QXaDB=Yg2e#)1rOt%^ex9*DscMeZwnCi}o;@eQg0}J`udiZw6kyry1~yMp=ZH
z@5a{Pm5VzzfY&0%3HFb8CA=J+C0@3(P7JSME!x+P>cDup#!I|j;Dw|`yfpjTlR5K=
z;5Ggx;I(&(0k16<iPx%<*5K6%r~)qs;{^Lhyb@l$I!U}bpLt?<CADZ@+XL0aL^yVw
z#A_k12rc5J+1KtdQ|1%F>$C;HYt3W>UXP<J>R+m}HF*7mRKTkj;{^Lhyb@l&bdY%c
zoOWV(eY?LUesFht#;fmGiPvaeM_R;7v#))ZGoJ`vhi(L3%O@G|x&dVoUX$jv2CvtV
z3V8j(IKloAuY}h-7KzszXPg*bFScl3`}RqU*TD-VUOjo?Y!NTbzShH;PXw>^CBW;F
zi3Yr^D2wpwhg&FGKA+}7D&X}F;{^Lhyb@lwn<ZXlr=J*Ji(0g=txRIPyhRc(KhNMT
z;-%TwPUFlcg4aKtz-zz+1700a7UA{#oYvqq_6El5cE$<(FJ1|+sqH0R<4!v<yc{js
z*G^7kyzUw!@mkF@c#C*x_O)ko<`co|ih026_;>?eKeUs0ZM?oUc=ZLU=wDMAC-A>`
zCA|8dB=Jg3Ju$p`wP;^^CaQ_~etMzA%gxh&i+E}Fwa400<`cnd@Lb^a5spp=&+EK~
zvZ#OEe_d<vI*3%jt3Tu96+h#Z@TyOgc>Q*&#H(q0jF#+cmqX~{!}&@GE<=Z*o3gK+
zp=nz*I~km4)|~U0V37gy$DmQI9}eOmp&@JA-vcGPXtNMt<Jp$2ZFP%{qjP}V-D9Qf
z<eF>IULrsQ9o=Tc@dy03i8ypZ;_u&~^uX!Ub`qx#PLViCX*Zv@FOo-T4feG-qZ+h~
z3-hMXTKn3X1ny&pM{D+Pyy_Y3-zG{y?<<r{x2;uuq7R|p$huaQsYC}f!Em1=e7^n#
zds;Gh^IgDV>JYWNiSHWO)7GO-5aOPoJuPH(os1GVbS_<9NA|Q?WKT;cf-(MDvZrM+
zVDt90aWLJ8WKY{Yf<0|5*~myCeU50_q_#KOzBmDQx^Zf~R~W5or(TEdd8h~j8yE3N
zyUE(Co9d)yan@|zoZ}`81+8E){u<d`PeLqp*V9b0yPn)9yt{(_EWp;bQ$RDKeeKA2
z?tk;`vj089vwVa8$ELGqQ$p&2b?R=BLVz@~u5Blih&vNVnBI~-UNa`#dr-WOZjx%O
zuZ(10y9O!QzP6R}-%F`K?RQQKv#*61cmj!mlXd%A+zSok+MxWm8S~nZ{FlvZZ}}U{
zYcsAvSJ_mko8mn-3+A;wuhMPq$h=m^w*~wCnXydYd-ElIYk5^_Kws!V#!#{r=a+sm
zm3S>aIKPY=+tl0=G^d^2oH=cOOf1HM^CvB8si&~%P(+K`ti~3#caf35zbEuvaKw%N
zG68q_)j;h}w%Ma$E*P|n)z&L$q5O#<dwkX(48~+M6rM~?j;tR_FVfF{7r|-(Cqdv+
z8|tzNDJ72vwE~pXf1k9KwO}Y~Y(e<K*jcK{V7z3J_O&}%iA5`-ZdLm!g?O^NT#df*
zvO}|~)h3d~Gn<}BengzKs=X5>7||99=vcJ)t)=XkO}>bgv&qLj8q6la{uaSDuPK))
zbikr@_O)LT8F@hlJWbly^6(C)2YZ&C7qqXPqd`mdwWDEQ8(L6iu5e`iT6$4L=;78z
z<4It;8}yGR$wwwaIP8P2p>+|M@s_;dZ_8sGZdCSYCH@&Z+i|l%z&)e%!R?*V6zP)0
z8CU3I{$4SKY2+215Jt2*D@M|)Z+E6u)BIdyLsB3eVC$yq{WpX&a*^$8mGJ%==l+Z4
zwS`v#g<W<UzqMlR^rkTAAo>Cy?i;#!?L`cLSF|JG0K}=$5{Mqj#!mbHWBb~3X9AiJ
z6ba2!mp27Xk}v@_-M)4hqu~|5QF@?~6eUrK>n2eN*;kyneeLHoPUWViNk+(A{wk*;
zF70oyuPq?^+Uj~-rU)C`F>GUNE+bpcKW%55i%dMIgLbyBNjuv!DZ-Qe?hK%QG3(xI
z#emD2LftIxM4Ys<-H-WHco}fmzf%?ff7fxkx35;XyBNEp<j4N3f#?Q;vZ3KyGxoOk
zA$@D?ZRhc#iK9`C>}}(>1sAA>_O|B*EkwK8$S0}=OBVY?wYrW6O5FagK-Y$QpNb}0
z)fx&jm(K&VWPCeYLOgjoAU>EUJNEmRHf;pfPMlo~v(Z7wCZ;p4UeOaFgzve>B)(^L
z4#)Qd>~G1vOCxxjvA?ZoCA`!1U17L!YA5kb)AqM8Y|*Tl=?tpwK-Q1_PM8U<i{M-+
z;Y_?7a6ScF1?p~#E@=+V?-A>>5uBYFMz8n)Aq3~oM<tx!b_|2_Z?ngJ<G*8%YrYI^
ze>PXPed)BOMr)Gz8F9KjZZf(Yu{)b7J=!k*kZs@I;cv9Z_5K&_al03z)&CwLTU|M|
zsaAItdlA>z9ygh3j`mYdYX9$A`z`->_P9^|-`L~sy97v8SS3=$Q<@$d31S^$VQ+er
zLGg;$@k-#le?)@gHS@sG_p^Vey>jFIZ6{IoRf7rGXs`VD+2ejZ4fxE;k@)0HZVsO(
z5DR?1VO+f8F1!*xFC3QmJlUS{Y1$t5Px+<&?0fO&{L;?&t-e)$X_-Iv#AiRD+uu&%
zCzzSSQ8Tuv+C@KUwfX%q%fk<?Me{?OiyGmg9{2%VqTRfMTWE4|?@Vqn{>_0O+NDS@
zzCBn^cDHbh$p1-?w3u*pKeP?RgCFp%A<rxiTGe8nX9*4apEdbBp%^KF<odgCOT#?G
z0RJhzO=FEli;eAVO+wL=J{p#k3k>mt(%v?bzgcnbf6u;lESc1*^RefKR4+%k7PU!<
za>n4~9kDy_w4tR|I*;x2LLg8R8{NR2FU}LPi7@ixOucK739e5s#1C9LjH<Jl+NL;j
zQIeQ>0X)xEl?-92p<5<)BQZ0A?Cg|$%_E$n+~Z6su1(P@e#*z0a6c3u1bk{ThDvs}
z94cKVKoqkAfBZkus{3@JzH0vc{z+l~Zyj$Pr@ML8{JO%YB6k&twHKMm<>>c7O0sbV
z53k=p$FoSt!>i`iQFH4s=2vu9_uv(SrC8|I!}TyJt|g1uJdR<#g~QW7*5RHJo8~Ty
zrEX0}sjPNSiS8Ssoh;<wAX&(46hb({H$)0j2Yo{v++R;;x7S<Maw^5{9+-z)Qp{^`
z1st>*J00ro!1!dkLQMB>K=yyGjq$oYZ%HqOC6I|E{?N^0jdInvNubZeL$RMuz%`ow
zUjBIcNu(<^(I6*2FALaoj0)H%E*h_`o9J~$bJ@2M?tfSuyqM-UuXuryVV?6Ikn`N?
zwmPYK{Dkbo;gmEDeGOP!(4!Z@(n+%U8hzS9#MOvC7d)%e$HKlpY{1#1yWUiE?+4HB
zV>0>9l?b=3lVoBz9^$wlq2RtWj8J0~Tu`6F)Y40vEKAGPN?Uy>0=>9sD-s$ghN5xN
zoa^UNR#&~rYW~kh4)fY-huKz*_Z<2KNp*69mMJaL(jtb}>$FS@-j@Mh*^`|)0kqtb
zrPH#vq$PZ+u9q}?datCWMbsaa)GWi)rtL|?sQC-R{SS)Mn2KKU9VG)b5AB!K+>;PS
zO-;Ua!sG3_r*(R29+kt#+qOMS$dq#=A#<>1Y2)oPjtP>nx$*XZEX0)|3pq*)PK5F1
zLNWvO^34CKF%U?OxAYciWD*a;;5XuUyL&unbatjrqXy$Gj%vx>XfhYDPyBdcWD1SC
zh{v0YDdQDG@k$gLyH8SRbek{=wR*gflO8K>^ffqFFo}<z(&?j*w`(Gdx6EIdOgE)V
zgzrB<WYU~j_vbi`P{Z&WdA#A$2YtNl_H${U43wpfMrn=c#XxOALP;^c$4wh=J22jk
znQZD01=HV?qwSbB+6M4wJM2*ZXx(Vr0@GMY$p)is(^yb)`guAf8;!P1Y5}Tf5zD!V
zeWGhoWLhppI7Zulh}4)nucu_7<!yT;EtkZF(UK<6FnW?3^QP9f@33eznm>;}q0=+s
zc)NZ#L;vak3H@fQ0or)Gf@4}W-p-VTbkYiO(?Swqymdk{<9JiymnAqKwtl$v=c_BV
zQy<3V?X-(Pq&0(dA~hIp|MW=`nS{TNsJu_iD~wE{ZxD{<tuvDb`+rIX68(&O42hHZ
zHYS`zt)|a5TGaXEhJpXM<nd<d^RZz1Sk9L8Nymbt(Pur!X!J=1|8Y&&vX;wtU~62A
zDodH$UzW0))`kcKnu}zTKxL^K2cj=mdvPegK;7S(VPq0G%nPI<P{>sT3iUddD1_;P
z7!dkNq^Sc8$iZDYh3qJR>^QbKB2y@<fGISWDdQDq;*}^gVz;Ew`O!uS{Wbcmd9+#j
z45T`{2hTZ6BD(@}x<;SVIHq;<@$KYNww@_V8O7^YV+L_6lC?yi)+|`N`SQsK^!cd}
z^jVbA1bxO*EqNY(4h0Z>GDb(H&;1C;2--^I!z5Qp$v~ecgrv^{frEx4l7Edpy&q|o
zK6mV3WH<Md$nM8Ht<k5PV_HWayDa4#t(50^y=qLKbC9eh`rs~(78&?au&|9desT*y
zpKk{?L7&%u*6Gt01rUAyfq@i><@+7spwBr>7q8e&$v~f&U6MY39Q*s|v-qKA>9g-A
zrcZjBq)!o+2#r2FIHq;<c}|vc=NYn;cDx=nrq7*7))IX(TS1@aVbL3rK2MGYeTEHa
zf<B$7mOOs0LIFgdU-Ki=XOhD7xs&PQ6{GM<^tpV8q|fB~#`NLcZ%Q+}t6f-q4&vsb
zRJijuUUBl>13G~u!x!9JNxz1LKQe*tI9)>f3YG|My0&qQMxbGlHo$bR*A7}~+sZ-?
zoF)sonwO)-^f~Z@P9J9P4w@~f?LqV8D!V(#$$?J*GndmGm3l}{EDm<Wl1jMpKsS5v
zWC!e^(R~nIMO=ffM-^oD^?N0a3Pwhz(VGbOKPvVT2{Fe#P02u`H9tujz4eDqBRRhr
z=|i{9G?GsI1o|8x`e0XVq)+z!I(;HCa4&CX`s_=U(3-L8X!LoCV_HR@t7IV;X@zX!
z<)|@zE<!Rneza?p!>DqA$d%k0+Q7dcY;YscX1W5})SuY|Z9dtikDq?XPUGh_TV&dF
z&tuwL#595a8?Qv0Q-74S>G8Wxn-G7^^vS{a`R1C`IpDBUm_{W2V#7!&K{^N;eX}Ta
zP&kDigzyiuEM;O5MQ{XRe*=DfpJ+!FcMl%jSJG%UmI<N}rh;T~{CkRPl1h1YkK8D6
zLDigi@bjn2f==aSsR5n1)Mt?}j8eGX=_&<H8}!YvRDDy#L+LY&q_6gt^!n~gtriW0
zN?IIBO%eb0>r~4Ljws~wWWRtb-i587PB(0i(7xdL>txZL>di%5k0OY2het%F+@-mo
z+=JpiA}mH#5nhRMv$jjh6(2q*{h_o*{t%Jh-uq9TSP_TQrQb2B9y>)MT!krHTaU(b
zOzYO8?y{5^t(2R2d1^o>FuXBH*3x=}3$$9~7kZG1X(WETQy%E@;u$(!8t~h$ZzWYs
z;wzt|%4OEbRN07d@Cz|a4X=2cl7T8)zn4_mbjUcKG<iAQxdnF)O>I_tL-;^9db{6g
zuS>8^;=;S>imx`5M~<ZOZ_H)SVbB%07qv+vUk&ZyKUTXw8#e@E<Y+gFb*J8|Utd-d
z!xxU3%g6v*PvT7A+oQ<;td<f6UQTDwwh?NJpzlzFM~Im#8u||%rk7|gzX4hcy|^OQ
z-COA*IM>E#TwK<M?tN>M>KuXrQke@v^gW$S_<k-q9Ze)jKHqoNhP-FeeP@)7u8Y&M
zm2{^8V-gp@OR7WNFMS-y%ji(v`BdH~r-87;FieORPY*vt&{4To7Yd2Sy>V^$^01^F
z5bqt4$3*jrV@OCDx_l>zcWr}=ahx#@ZoNK1jPFJ?QMA?aRwIPu#kJy#g9lNH<}LPt
zU4ejaJ`zfKZ}W2al3D7Z@cDDfoyH-l8y12%<hLwz^(%S*#ns_y{xfiSIEsM9A2}Ro
zAPtWWO2gp{mH<3PwvF20V9DumE3msamAaoMEBzWt{OA-AgYOg5E{Hq^)+5~imN?Gv
zdBt0l3^0E5jfAo0fIbG;o{H|@B4#WumDdp{O;~Bg_trVP&~EpNV7;^(up0YhiWfQm
zfJ!GWH5#5AoVxEp&Acq=q_7z737s#6&E7!}*dy0T)ZnN4%5xI<vL81#`eQLe(?on-
zcBJOE6Q3j8H<gH=q_y}xN{JSK`?YNGr@zV;!=D4Ut<IK^67Nh5y0x0*MNM({pgTeL
zt!2S*gm0}$;TpamUO@|818Qcv;L9zY8Ya}Oi!Zs-e>!?k@M<}eIC%y2o<u@Prj1RZ
zbi>18S|z`oMt-YG`f6Y`a*Y!7j*T1q0Mt72Z^~UKbV*s&aDX}KRE#_j79($$c!*PN
z6YqT`r4G71Ids+vx_VeAXt_CscQoG|McqrfZ4JuSHm5VoSI8Y`usJ*y4qSlNxKA;(
z<|9tDP1Jp<%TWF%ef4Qoe^Oul#%F&@U%khr>#GyX=&5CW^<8UQrLXRfdi-g9_2KKA
z(pP^Mis9)}`g<jPwHGlMU{icO2DhZIzE4lOZ;&x57uXtob>>a~59q7C|M?60>bG#R
z=dbFke;bP4@99k|L9MtV6Z-1y_#^ezb-(EI`TtB`O~&4h<oV0rqWOU~8xi@}N4GNn
zD!NMkHR`J%|N2jk(fC(gU;U!gS04+MWE=F=lVu@pt&r7UQke$!RXb~yi)2>yB`GOR
zAYFA(Q4Jq<MXga)Tbfc;PdXo@InawZSFFnoRn;4}=$z}vnyUJl^CB%{3Bo)C1btX2
zpeyYsqVP&<Sn{WG4YT+g>?hKik)Xs!(oY|ML#KzXFN>s~Hc^G$gD>nN$#T^fk}S-i
z)NiJ^AYr7wEJT>mjrG%SbB@9O&a$+gD6J8Fxah}`P@_;o-E<9f(^b%xRcX3u$XLj&
z8H@~wcCArOk84Ub{ct8|cV17Oc8!!}iBx^m5B_kth<(C`Sxkc<Of`KWCPM56D~Y(E
z-Uz%B^(JqX)Vs(>W3<)s<A~$wg4cEWMI29KK4!w**GWSCD%JvRKbXfcL9$7Gbck%m
z@zhQhGE^&MHZ3R-#?!%%g4B|_Xh{%k)0rl%k?dDBrHXDl1T=Y~yH1k^y0M$^Wyvis
z(NxhB&W%iwwFt*}Izj{kMP8+3pvZ>Jk|I^R{=|5S<?+;DGw||jIz5^jPb)uUvP5^3
zWa<7Xkww!#zsPYKVRZd-h%owiGU%VLmZd$|L6-LZClTnw<LN>qw5qSrj2AYZY^o@j
zzCL_3wE=exS!HWSQ=8w>Zf4FJsGi5*{&^v~>6B|Un%@0D(#|5hn(Fz%jL5W$J%>lr
zFs2#KKTtBzF6m=QySSZl#cTC=`ZCh`wD%RAei6r0;C&{XVv$f6V+qm5(;<#&)p&Ya
z7UDO{LVEIY)p&h+63MjLFOPK1e||XK(3GnA?Q=ntv0ZhdG#E~2QvJBYq;moLgeg5T
zN#-CN!|6FDg;!ig$v~2uK9nT6;b)Mf)%5rp^k}SKez{qCT)&Cwv9i5{ax<o8jUHEU
zj7AS#zZ@Dy!;SjoezKIwS}B#hJ~bvtM<lbVFKW7FNe)sht3FaKw_?#TiET}(mebAw
zMXEa!MM(D8K-6{LMx7#$XsYEK2SldG_Xr0?x-liZ;$un%itKt{Qe@kYI$J22cl`Zp
z^jY&_v-J6R1Jft@BuSritRxzJ)^kkj=%dO~-cFLG?562H!U8lG$(o^0YZf5*dDo^f
zxa2e%XH=wvKBshQf<8xTb^09FRLh_Dk4&En&Sv_|XS#UBK)e!t@;6EP4FBP8rcZAe
z)i%R#52T8_2QNsJ$gaQwq0#3wj%gizd^KE353Q6@ydE_kKU<Nk8TzzFwftyPs%0?%
z^jX%S3HnT=3i6D0iKbdU@2tr5c?97YKVJ~}z#!Z~$v~fHHc0wBy6tbK&*J9ockfuw
z$bQ*Y(q}(rW{p1O9Md}b*kvg<Yo$ET>rZ3)oP%V|(5E%3<v>%aW#w$p=Ld5W^jZ0y
zPM<ZJYWbdik?C_B;h@hDri)kXqhz2@Lan4v;JYU1W7J<pwBG#@t4~Dz@-zAXil|@S
z>tzBBF-ZcA!4g579OP<0bBsnHUB4V!fWTk}^~=x6LcUIrg|y@4s4;!+L^6$iGwPNl
zrv^5gnYGramM87gXSp!d@>6GlM%nF~piyV4ByW3qAUnxk51bL1Mw8P(qesPEOdGEl
zjaQ=4^!1WPQ@#zOkz9X_^oginChPZz`sL;gatqfneeP`|p?w8Qghn45$Fzz*ZDk?n
zYlU3R%TZ(c9H<V`2dWI_pCwf^)iUnmX+{~wYJZb>H?nHkbS7x?cv2IzS%5Fg`E9YL
zTE6)7$h295aM0#3kq-0QE0hehsr5?Qto=HSHpC<t=#$feet9ow6hXfnG|6p3zx;d^
z)97HFq){SP9&I<2EFR&wCaHvD3I_f1WwM|<wSw01vebZ1=)uWCK|*aLNu`snTQ(3a
zu=!7@mJ{gCQI$;68mN|w(m*#K?$DHcT_e@<nzfR0DdIg%wfs<OWXi>z2Fg7svYBFD
zafp(Eawn~ml#BmLqugKP=k_*lZyQ*{q*7ufsfw{;XzS4-j%nR`v`Ut;J4Tk$gO{fU
zbixe!1d=tg9<@fbe0@`@<&~#{E*G}d>C%ATPNNDkzc2s=&|KH1Z)B=mhj6S%&oDK-
z;!;Wms?4vFRJs0(M&pU)+uCs-IPE!Z&=!SkHQ+D{0KCR}ZBm{>funJwUR(wiu5}&?
z6I}FSsX@vSPz#&OIzcv3;GRKB=RM&blHd=8-1O(dAIf@U(=G>S2X`Cf5`+Dr)6Pb7
zq2AG<9xdtYE62dr{pHZrP*KhsbuF^fjI5nQ4mgbZ>7Shw?QTaZF1K`~W;(k<Lk;gc
z<5J1}PM4tn4ZAxj)uHYRI^dymTJWrrn_@1%Fibx^8gB*VxJ%&&NL@8uakDyTbJ>4L
zKI_STKNZBDkpOXYBlWhq>@Jz+8A_9bH2&e37>S0RPKm6NZYOR+jBh&fiC0b~dV9r{
z2%$Vn)=0X4krJLaq?OL5ynQI|JT3282$5Q8>t|9c4bs0wI%!f~<9s%mB1pMzgq5-6
znuhx5vmVts7EOe~7Z^exoe|VW(=CSNWhGrrb3u6C&kx03g1Q$PX>~mXgrCp~s$)wu
zopg6pPR@48Q&<mobzgvoIRTmoO($Jv)Jbpb6M67t043<8uV(PP;#9m6i08j6K|JSE
z8azS$YPc%0p+362HTr1FBY%TFy7W{uwrhM)ADzfe#fnAq#P_`;HMN}>2?(S<dJ(r0
z{(lJ+wAS&CY_07RIaU0R_0fCS;Pt<vkNz=&K05srfVnXi!w!9i_0jKW`shKc{|<e0
z?-rW#7xdAc!kWY5;PMo-=4gzeHG4IE^vt(|`e=C{q&$o}60071a-oHf1gl92p}YCy
zIbC(!@H9HKyw!Yn)d<x#JY__!Z8(fSqN3=*q#a$Zcw8!{hg(K@77b4~PpBFJQ_P{6
z{8!<>6Z!8f{<}bQ`wuIphm!3Q{WqevY$%C^G2vip9f|2C*Mi$KQe?Fpv3P+8#8?Eu
zAOe?%t4Vks3H#Vw&9opWPLldyPyE@lbba<{e!{tG{rY8feop8dc4lq<Fseaqeu~zZ
z)sL}W8~&7+C}>H9GuSwaO_dcFzJ+DF*7X?W$A7i1XYrSspm^es&7kkc;wkqEdcvCG
ziMPl{i}8$cxHSjvLvqz7`wka{^xx2J`*s=LrMZa0=eLu6ABJKi2HN@UWbry;Fu<qy
z+I2N5xyLG=OR=OwVScBcz}Ll)pz-<cWHC!mxz?Ccey^dvyfybJ9hvms)1UKv4Zdb=
z3Wy<kC(|tFt&D#cM}VO49)soh-*^<C-Cq|duW}A|c(NbBJ6I0!#Lhp6a#NUc@nr~A
z+}Up)iN_^NU6w<3foo00;;&-xnteSL@#6z^NZ(}&B~-U*_Y(ao7W%oEr>1KiVDOLh
z<mu9P9MeOLMwNIExJ_*Cc8IyV4R7hAQ{G=IcI`(QM7zSy2GTI#MdId@525PjN2?}z
z;a|=-8?Ryf&v0LIk3#{SU!rsG7~^WKZ$wWdToJTKxj@Mp>g)=Mx9Eom#XVH~&|Pv3
z=(fC<FwwO@nm>b=xa%f}lPE2&b)AB5F9pI;6fX|rgVft`>9jXg7wON=6MuuutGJh#
ze5Lq?F$L!b>II=RViMAD>x(+UyNJBM(BYnM$_R)H5JmU$#EZ`8ii&#*Ca_+qNGxV>
z6?O?Iz1gEJf;u2EEs9sY`CA~!?_qr#E}lVRv6Znc5?_BA6NQa&%tYAZ4R%iT1z^tb
z`QAS$3;59@@c_qT0)$BxqI!OC(9nVvMdEqHBQK(&5T)BM(Oq23!Y|y$#pm!F_Y$!{
z24yIosi`K^P*J}ZPK1#O-8OME#qKFNOZB2wJtg-I7fR6MC+qCZ1SIjdqqa?>Y~P{c
z9cxkXed1)QxZ#E&)c<@Wk@YKn|6rg<?Eb>g-mg9t)ZU$YLhbz;@iKinr+<LchuV+8
z&=*$l6q#>_=L)#1$WO<=6#TQ8J0zfo06&d>!YRL+LM>c?XT`HHP3(h86#-}?^)=sq
zdi4z64@U^7(?zHgZ^V(XMkW*=;g_0y&n9A3YsGT>hAKn%j|KTPB7iz9l}$ZF-RIoq
zQP!o4Cq_BXvU@H`v#Y!KzA|=4DR#u6suWqWm+#WC){LAOU6SB$&ku@wSgKfuGBj#f
zFQvYs$a+4HD~qTuF;tfo@_tcq1%J>PNBf_p3-L{QN~p=57@hMbOfk0!ClZ9N7DaaN
zM%kp*_zg8_1&^;GvijYSUjo+^)umDfAcCAn41NdB2~bFHtu8leg<Tg`7`0c@t0)4!
zus{~mhz=XULHfP%86(K_TZw0;-@xQB`lZvWXK=c#%bl1Ab^5iD2}OJS68%2kARGG;
zenXAb>8ClPuwzp8d>cc<*?|)uCXmt+O*3^G*Tu}&{@UI1i^;yTKRl~A&!DoeMixx%
zDcD_3WJj7MWb<rS^CyC`mZ*{u{!xy$b<XW}*Amd>6ualrG>2zKs!5J_pbBph0$+gt
zTqG#jYp>0pi2ZC-fjYmKOK{>6bh3?o?Nja$tg4Y$Ru3LLk;!oHZdwBdKYhP1ur?7{
z#jO;edc(5MrR<>LrdK5gzOGhc^0xN-Z~US^VF1w-TlNhDK^fX2BN|9O3afSQL<owU
zV3p=E4m}Bnu7tzo$blFbeCAH{x5b67iD-67H-@BxW(Gddq0TEtk7O5<DEj+Ps8?bv
zf}ccp8mLv}4DGiMRmm{BV0?4s?nO3CRs-N6b7BDSprpGIgq~TOTa5N|J8waV;_{{;
zc8ZTLB=ii9haU!f=SrU(LThUz1pm=~U%_vK?=inY@(XG2YFF#A9tUtVN_0f|c6VGV
z8W>%2w!?FF2Re1-Ir&FKh6=&efi&G7G9-5T?Jl};3=TT8-$de|u*3K9Ruowa+gNIX
zC;LA7%xZ+86IuhGBji>JxnD~qS-<SL6!uSqA$~c>6BI!K3gJ4W0~Rk&wnDK}wA>7n
zCwmZuO^~^ZI3Br0O-EW1y<#zC1iJUUEc?vz^$i6);19r~$oYE?Vv9r%6rj!j^uBbl
zDawfhE$4|}@fA?56Cyo>uRSILYpI>$>s{P=&&T~1sOkswhTl}=rQcro4WUWr34TfD
zA}>)^S$)VqaMmOxYm;Iw+@!qy`rV(OE)oZHP}B{|;oXY5S*aGomFhowDADT_h+<62
zRqLY8yW%}1dV`{3bfZ>^2f?C-*IZ}3>&SH_T`}n<Qx!k|k6y(gvWg=f=PLHos<`Yu
zS;d?18(i<Xzl@_hkPl)-5FRuUB13nk$lU@8q4_CmP1NenaAuB+(W!~6Xf1FLr)gjS
z5{XI3gA5%hgS(Sbi|t}mR81~PLu%ouTCQGvxWM-j&&ys2l*C;qkVxf!F~r<~gDX;8
z!=s4V5Ems8KStvRED8A_>YPz0zLU#jd+jSzyenZQL6hoD8@R36U{XWyga0$+?<ihr
zDtEsZc$p9E2+xi2TeKEe07Qv$<b**t_{zd+$>*HwJqRWe<&!PG+pLstTwFkOtQKvR
zx5rL?@Uej_ZBfeMAC>CeiAFMZ20I4xN=5xi@_$&~G2RBFd^&E>PCU37PnmJfoxGNM
z$5zHajssb^%d;)mz~y*kXGk7Ai1g*mr0>E|DZx8X_z2jG=RW3s+aAF)DcPhu>H=`Z
z>lu9Db8cmKw32r7p6q;z-h^l(#N{u54P2r32bwtCmnMU+OmSo#be<aGmlvAE8RX*t
z95JNh0ZdsId)D_QI}1EcTpH@`m5SpuVB4~eI(w0SXC%81J&1ni{DM*G@|x^f+e&uX
z-4_s1+u5;nrHFD9@z%pqDX0qt8Qqrpu0*V%8$rm5j&)c(hDC_F(n|gfh{vjp_F=dt
zV6z<#NT~lz!2ExGnv%79UT24TszV)t;@9B_#n=?z7VbX_(b6Gy^^1ajhwasYIJ+kw
zTu8N2?Hgt;UqdNY(d>o)%#MDry5Fl*ACFV2kHsok>lO0|p{$g#fdnP1Mlt95l=3~!
zUO4cfRPTx_P;10zZNQkT`yK9i5Z;YV!Fp0<M^vGwf2LBsBTk84U#O;L7OJ*PlRdiD
zjthMq{SMgs;r!gz#fg}cF^)us4`^nco$OE-g3XwXYi8w2rXwToRP~*o5CTiPW>wsX
zo+8)pkp2Pq)Y;Wz00-wsF109GUpp-h^&9|Wva91wzE{!g0(U7!@n?>H$GEYcJPnm>
zbNMqyRQfpj9Yr?=DzQrS(HJGm3sk-gqGFb)e5I6s<Lst*hLJCkC{Y~`Oz;7_d%TGN
zad=XN;_3CJLmh<Q{%|L@-sI@_hrQpY8Vb8;i<$U-3|NgTFiTyFdQP*@IV)@ua6dXA
zMz3gq#xK6#5V}t|J#`qaIXoY%O{dR~z~`CUi!yh}0YjbxP-7eI&%i<Sp=x7}-X?I;
zl7`9@-{;6nTf7|f>*2l%m<fl*$8g_$kRQw4Kjana5pDWvtEdZ1zK4+0DAQ;dzo=n6
znl~W0$s0m62bB&BvX7--2hyWTvelRPvKwUo0F%bIKl=ixYZ-yg?RWhVH-A1B8_!8s
zU$Hx&OpjZJ1tze4Z874-S#eZguEm@dzu7~go>*nol__(txNOEv0~A#$GF#$PHc)s@
z4j$v>V>%vp*K%kI9zT|k7CgSekEGU^=<AM!LdqR#VuK$!DnEjxwh!rM?VR>_Jc}PG
zS8v}>sMXpcs@jTBt~d3nT`}WQ=VkL|Q`M+GU3^>#s?Q%HSRc69q>`yV@9`s*toT$a
znft<dp^}H*PHAJ2RQVU@>W#;N@{tPY%#T#S0RL!NuOl(R*1Q{R&1Fw<Yp5n8<s%_;
zmVBgwEc_T%lam9!u*zD4NhX4P0Q3KAy@K=qBY5Qb|6x3c^a_3cKe-(5)I*PbO3X?8
z=i^Db5`R5~y0b02SV-eLj32BuU)3`2HJOUYhNEEr)1eiU<R4hkz=R%E2VtcGv*EzJ
zj;Rv5^26fz7qoP2quJ>7%DO-u?KmX6pCZ-~3ZD2+#<5_>Y>7*SY|w&^na0;AtKP8G
zcQa<V|LiHOIzg6s<_h0X4AfA7+~1vnFdlc8AXg}o#~;QA&Lt)UicLHoY5kIGvU=3v
znUBfxu*if(L|yKj=#mSRS}eVwdX&Sx&?4mzeyHRzhm@SUbo88ftWG%u<4(<v?*cN#
zVErC#VAf)ti4v8xnyKJn4vRi)sj*F*fktTZo=D$ciNpT<eS3uO&(^+wHohM%PJ)#!
zc&Qp95qSdqUc3MYYxJ$xQAoq81fUSps&Y3)qvj7i8IEUYJ%<=2h{)-N8sQKj12P>%
z-X*?;s+^9I!hhC6Of<)ZpDt(`JqMRFNN8ZH$o1(f>jS}rJU1%Axi(az7_CO_!fF(`
zKKB3wMyN=^cEVU6hgKh)bCva(f&j4-3<zL)v?d5s8BEIwrrS}HoD7ZC`ka+tOf$lp
zfSUIN(M;dJJG8EH5@L<5g~1XPD@(k@HvrM${ZFTN3U=eNkU>(WLX}yIx?0`&bDoVW
zQJyuGoPoV`j$PduDgpZgIhxAx9cx|woH*xR|H-cHhplS<94g^mlt3aHERqRW<mlWB
zx-g^!VAE;QW_yV=*d}0&D(S(Z88C`qq=XAOQEiwIQP(Aog2ZW{@iwArJY@k2Cs8Wm
z1?j-Vc4*V-q$=&hu?dpp4CNHtMDF7fFB)I6NvAUd5kSLErG^>g19jp}81iZDkrmL|
z1Q`-a?g{2k{D>+*dZagvlLd;Q2N>*ttWNH=uKPNiArF&ZHO6}k71=7hyM*c&hIau<
z2*=xq#Xv$WI2|+qsv|`L(jJc)M_|!f+75~FaipTRVdKQ|+JlNZ#NoM-XQu~%I{JPL
zWSPi4?1$f|1I8FS-6|xIaF|hwHr}5?Af<otQRCO>{5kKH;(f6w$g9b-!NSyHU{dC7
zViX-}0!L%Ui{7t4Cl3fNmNJ65uAyk`P~dL_;nWRB(pR|tw4YkLfSMFjk36+GJe`7-
z=sAYweG_w3lAXee3wbBlgbq27r{xsa=FE|GATCSiN3{6>YtBT>;<Ujklb#jo>vHBq
zo69#+t<mKzoYg&%ySzmV#=&*e(p>%=!VBDkQlalMQSRmUA)qq86lbBzP}ZY(L+&&H
zhy79fC45B6mWtU89bUo8mL|^JLQCeN)J%G{h;LjC*0tT_ncWkAw1C=YOU)!lBx&SI
zMR6b(yoEYbGl~B^6@&&>G`eo1b1oDqJfw@K!o~Dk>v)GFuHMF2Pt+$)?883BSu1h*
zQd-T;Wd+zuK<)B6!l>A@KI9cWu8>#shv`(7JNtrdyrOs8ACEN0MM4#?=oM7V>}7QU
zUt5%+4QrEV8?3{le1-$|FK>_}KwFTzkhCsE#IghWZDNXyBkC97QO<Af-qa-qV~$hQ
zJ`T@3?zlgoT<*AMP+}L{HE11IB(Ph7BXZ=+0WgkuKm3alqwrVj#M{_X0ru|?1=ml~
zKhP$y%|u@YYAZ8$Ll%8~rST(Ka?C%>l<@sRavE*V=UjG)u4HbY^=Dbcr_=$Y3j24Q
zP^TK-fUmAFe9s#E9_?+K{@zBJpO~Nl+V`HOps?@F2z^i0z86j33y#m}@Q|R5PdZki
zVwcJr;&_ooz7yO-359qu3@=i<Yfw7rn+yDs{8K$9x#}Vsk)+LAf|E;{HqVJik+4|T
z<_(^TcN)>3ZsKnB(rE5hBk8D<JA2o++^wqiP`9cRui|<g^v(<_qVp2g=ABFl)otot
z@d=%k@C>dWg#tWX@<<{8Og&r$*3)$4NBF0C&?w;H{zOJnx(f0^?sp_krJj5(dM^gs
zaw=7gwVExYDghVi8GM)g(6@X<W1C3j(rZQ1F*!rs4Rya*!Y}(}zavrA^4A*5|5zU6
ziNBUVkN`z*j-YJ-xQk@5LOxi;7t$<Xif{2Z#<~;iTK=;Q`R#iCB0c}TnpwecWCto!
zd{4tkyCfRr7iSQcPT|Xg;W8HTFLC~QT^_mlRgzCW@Sgr&h4;|@9aAO@0XnDhDqL^(
zTo<r=Mnb29xw3#9V_lPKDo}rMsJ}Y;{h+vhk2l|X1pF(WdYhN`#9U=pKelh#R}j5R
zS@yfY`=UV*cf{B|gOVK4zeB77i)Fhi9I*cqyD)uPD?6uJEBj=AT?(fl`}|kw<D;^h
zwK6HSa#~d8CbQ={4Ajg|%$~dOYpv*&T2T<iS6=z6_4%GA8%u}*T4B$sH<uj-aOStn
zphh6`tI}Vr6-lWT6Qc1NO_~WfI*L}Zj?KH0_<d{T5Xc39-fp=bnctd>gzKVnG7l~~
zsCcf94wcR8mHDkP7@4(!oXlTK4=P!I%<o;%uA&bWoAm{b)CK%68#Cmf*L~*5I_B(T
ztu$ATkILLq+7@lFR&+xSOwQ#~&@f;_5+F#r6!mNIK4F8->$w)X7n0LZ;9Cg9@>4zy
z$w@jDl~;yqSg4u22@ZX7h23LIjjk*p^lq=D{*xulWiyF9h=?KoFcSlrUoW}_TSQd3
zrevSbj>u2}8C8V$rI0vSEBaK72R>$^6r-NG#q7!Bn50xR!GE%~0yM0khRJwP>@<$=
zMuehz`nuq~LJ3q%qneZ?`=BH-d=2~rV)!$IQZ;<B#j67RpO^mT@XQLB-<k%z*8}hG
z7ag=`?V0-#-=l_}=sFUoxX~%iWwXG6&`LKAzpf)O=CW~k@ZCVY6CJMKcJx`LpHIo!
zP@17*-8ogn5Z~fj4^0(r`$9Rs-UzU(dkNaIV-Sb<22u&0QqZAJaU%x~ictdJb`slo
z;(g;t*pXDBL{|rXuvU%?P{+;OVD=p5-WmsJ3Io2~^nwU$B?x1!9G4oCxuLXO=DO0p
zgr0vOo(5Sf#v!f(1j^i0nkG?oq(&3KR0<vu-d;=PNR3f9_+uc9gy=rjk#)dab}PQI
z3S^9$xuUX1rnhvUqJE^0r;4~iitBi^v#ZtomTk~+#Z?o?^ez&P=$-yH*snn9UeR0e
z%#C(r)tSq(QBY-!ycF$#|8;96K3|E?TPrUPWLB46Mq~16d`DJsWWbk%40N^*qY5pv
zdmO2;xOope-Y%9-CP6#&p5bhjk8bvBgvR;6;Ce=5A$?#ae}EAw1g2UQGONv=M>vK$
zAF%Y%^opECVd&XH=w;Ek=cLxkLaP4d45hVVWWYb6S!A{J=TQ0>O0R)H1lmyAQ<lkb
zAS^=K21^TXuJ?lvY?bY8mECNWJ@PR2JLYA+UwXc+qK~bjqnyV^XH-#`-B!`tR?*H@
z+0|Crhhy?EF`j3u=tdEh?RYHtPq$T=Z52q;PD`?-w3Dr(Jrzb{El=IzkIhrRvQ>7-
zLw^~Ja9c%Nq(-sy^<FZqtPurRWO=TtSicEl&L8Wlipi@qasDlozinQH#a0=OBJ$A6
z(`*$n2&3}a*Z^mD`gBZX`^s)qR)x8uD{PIuC<y;z@Gln4XMVyCk5Kr(-x2Fum|Ks;
z&+iBR-g}`zRA{Zt2~?VC><~{^kzmD?;d_HRqq#Cax^e=+er4u5v*&HJv!a`CEq*E!
zD#xH>77=BOso$JRS-V*)ass}as9UOA6wmx<#WNvB@r*&YtO|(hFdO-%hL<~v%B`2>
zMk5Mc>T0YO75Ow6FR$oUF(%qSg~}(jBqFG8{B7!y778<0<VXA3a8|QtJ(Z+oH+xob
zxhTT-3Oyy@38l891Y@*eOqFwFRh!G+LyC;8@A5bfO0X)sV>}PR`k;;Hia4xS7|z`=
znuqA4dAAaM+;8IfQ&Eps^v3$-`orX$t$1$0xUO+tTM69PL)QMQ{}rySwNfG2#-lof
zm){YwW?HI&s4Arb+?4=jLuqfc7hy!O(vF-H2F<ug5v{PA@2;__#4$}H>g(r8Gy`~u
z0U-dC>}i2#CYX$oM~J}y`#%G>8mQkfcj05T*AYxZN5EvX1s-5B7Mhp$rzdqC6kx+i
zpXvJXxWh9H7m#Da7QGKl$HO>pwrDtPonx_aQ_S`aitC5^QJz8lnE$|1`bUAf-2n@A
z=sRhVbz^mN56L=EI@F>5;J;F?|5kT5s~an{dr)c?Xif`m*5_uA3%^#i1pkucTIjEm
z=@pch99llXe|%^z+l4y0vj9nb*5T4UR<$%ry^wArjiW`^b8VcG_2E3b{ypM9a4(p~
zf4FZ(!gX<3hZh|J_Yt?kJ*l3{IaqoKYTo%4wTGHTr7*YgyT3~E7Y_BBR1264w;7Gf
z0+XSl398OyT!G3Lkli@#QPsV0{y=6>KZ+{JYABv*ao`@Y%2D788mn<RGU==a<$!_y
zQ8de!jBsOnJ$Z3f@N@v{c5+~c8<@>yMWB@3lZPG|<(^ZYbzspPtm$#YZtV9BLYyIg
zMis$3hqwlHh!yN7+CY@y87>P9$9Rt7=J@+qRnSaD0*xaf5)I-6-Iy{o4f^^bKvn9k
z>Y!Av%{qjF!aCk1hR@Gj;U;z?F6;BsI>j@w9`83vypIF_toP@&QHQD>{F|8PK>q~K
zVJ@2hK7rT`2Y#8|$i;(iDlrSNFmg`?$o;+y@f_y>TjuXb(Y}XR2iJPw?e`@G`3=rw
zE`!hafUh%^<0*|}rh~G)t#KVV#tE+Dq$eH5dDA_zp1NxmX3lT8i{=5J!g}9F^uqm^
z$TQvq-ltvGy3!N^(0?YL2H*(}{PIj$n@Uq9tOarY9tc4J1#t*Xk|_#II=3-CiJ6Ug
zD0&r+rb+pe`<$#A;x|6l`3=>Ujqw_Yb9S-1ZP`b_E7xb$5Wlfc<2UxHkiE{uRo&n>
z&Olji;x_;Y@f&V@-CckhUtFJ6T{?}(`w+e)>o>CAM;tF)|3IHQ-emU_B!Snc2bave
z2F5j3UnmFkgWSIDlr<cLA!z!QRGj|?Dx5avvYCazQGOg#vF8pBr%sm_=eq?j$fn4I
zjMxRTMnG&3(BfoPcOlgomn5S8>d1P3VbfS@Y5OCsiPFk8qvQ>x$@EDMXR?+eUQ#5y
zZE|wO{AzQzx4FC7+&%Iz>^tUV5r3ifv8e|B0%3NW+S{hKv$?z4+!}w8Mf`=@jUwDZ
z{z5g|R3y>(3zXQ&rnaZT&?!Uwg}Xx@`o~~|+tjv5jbiERy<}QhBMPwCxV&)w!fmoq
ze&R3Gwt1?>=8i@Yd1(4+HZ=xeR9+h!pzQwtvG*?UQB~*KcqSQOf`L6~gor4ijy6FQ
zQn3;N$&d-`jWb*-3azM|lQzW`l`@lnatXMTz-Bwh`Py3B({t+a^z_*Fw6!;|v}z_m
z5>S+Q1tW4%VQ+>@0EK{%`9IIvdonY*fTG{O{hbdq$=++P>$~3du4ldPyVhdS>3Uy%
z0Q1r$?Y#Ixj<lvHV~od@l(ABDMwd8J{tB+sdU+uu%xB4fl0MN1t2L_d?Lr%4XcorM
zd+AfajZ@jPv&k?#2vmctDLP}8<I%zxPGAh^?WTYoYtI<pf%q|Jrsg||`L=?F$oH(p
zPT$dHIC1P72>H+20BwphdN=dWW&Sh30P-18Hkpwa8?B${G}H0KoFdH0PA-N2Eb>Jb
z=CAqG3s1<kHzQ232QMopFh(t60Aq0YTJli8qA&$tXaZk2Lj!c*Ef~D@X9_ngjuKvE
z+Vh>(rX}MGjAP&no%jM{82Cce)T_%R*`25gX%+Q%St~o%a8#4AKx*9mg<iNCZABP6
zYssY|rN9>`>OA=3qW%JEkBj<?i~5UCrN7X87xfnx^%ocQ7Z;|#DD@^|i;Mb;{}=QZ
ze;0fa?A|`2+V&Ck^Vmm%7iu4we;)ft@Ive(!T<m4Bae1(ADMq{`-s}DeMCKveMJ4@
z>?6UB_L2GjVD^!(kLem;sOPnh1YsWuw%bR7DfW?IH};X>r?-y;&ubr<e?j(<AnhaS
z7j7R3!afpA*hkcE?IUVe_K{$UeI$4e`$(`G`$%WXTK17(*Y=TMC;Le7Q`$#@w2uV4
zu#W`0w2uVOZyyPEZyyPEw2uTk+DC%tw2v@-ihU&5!9Eg9wvPlqvwh^I!mjXz+O2&g
zNc)J|wS6Q=`-pmB_K_g%BWj9$B-m~r2`1S`)Gq8JYA5@MnqnVOyR?r4Kcjslcpm%6
z{0p>?1UuPBQfp?}M}i&gBf%v5NbvL6N7`T?fn}ge`$!X%Gc=FDjf>`yvC`@aD&4gP
zC30k(*z&Qz%`%I;3QxVoa<W+@atao)kpbv{()^CYN;qqZ@H9x6M`qx-6Wj<5UAwgI
zmNHmK6k13g7XA{_x&a7<&Qn@9(o;sAl?JU;8MXLp`9LcPe#Ols&n0yImVHX^!d}t~
z38i&3n6#C_ViHCAC23{aG-`&^Et?7UfNTwZ3;qJA5p+%POF3Zq3#@wtvFg&1PWWr2
zcPLL<_jOpwnD24=YiwC?b(uD>EX9WMKZzvtpQXQsWlzaLVG_wu1_k6LWl;2@VsWEN
z2zBntsB$-H2UqLxJ?ROf$^-<`f8%>d)WN92d&EuZ!7cq7%qHn5HcOE9F)F`>4P&ik
zQE{%3*3Cm(jxAmcvqd^BDu>OV(4rFehbgEPU2z+fkf`h}_<>0U&A^XsR6%2)$F#m%
zEs9=?XlNxZE7CgKv?99pBuo?t9)KToD3!qG2Mp5WHU!!Bm4PTfVPBEfB^y{!Um94@
zJ@Ds%g{4he_psd`ZRjspSX^b==rY(?>Qihim!TBeSX}rkY%DR_MxLc@<h(YPU(!&b
zZUXtECeH4&eL8F#%YQMSIm{=#B)#3nQej0iS1@U~&#N~j%U)^Sgf`Fxw4(BO7}BEc
zCHytH&AbY);v;^Ep1aeDXiKunU@`bIqQKHHlFy^~oX&*!zGcbv;uC%a(xZbJ%IpFl
z6Z|~*i7^AtcFRjoVR`vIxa2SJJWn!UfxcfUg9QfrRbYYfiK<x!nDkIKs^l9Bb5;X5
zrhf5<G{IzGq?ZW;Ou8_@+>0!wbz+>+0`q&eLbQiWco)(|mfSBmfl6jpjK3zdnb#p5
z3^DNdxD&>hKu;KA+PXKyaC{>_AvBVR<Rf7!MXqA+j40@3yC70vGU;yD2UU^6G@>J1
zux&}Y`4nG~$4ustAnxrVOU6r&j!Q&GUXw+O=88}FHK8p!8-LD4{Psi~N&%-x#HNrw
z>`G{>nS<3|{6H>Q(mRoB2fK|=TGtmp1MoAjjAoF_@%yDEC1tSM;Kw%Gd;`On!7~ta
zHGX;{dVl;_wi|qUXURAO58!76+xDAbc$M(On3f60E&+xa1b49FNbCCH^OhxEe!@>C
zQ{kt-NOTQCL?VQU3X4$26D6eDbfk4IL}PYMOC~U@G8%TIbq@UWMkpMw5Sq>}RvA6Z
zXyC~$6Gfz>1W<%R_R=zB-=&>LI1>neg1fL4-S#Juo7!DUZp5%1F(P%?7D3ubV$fc~
zL96vbugGm?o8Wl}_K7HYhUmizaFG<=O?HBX#=u``T`y@J{2rurQw7fi1#>D$iWtbJ
zsLkYbXBmJnoz8#}XbOfwZJTig4M0EcT*$qm5TY;^GL(N=>Z7968R=!PdT{(NU;)~c
z^yq`4$f+VeKC|w2t;ATkMSK9cCZ?O$$1{63H8Ux^)oK$nG$Z1<7oS;BR++|9r`TeK
z^%pjx_Ye&>A|YrXU#=*Fh3Hn{fkOFW8HmzD{UKa#fpDn@dEie*6H!m@&(+$>;szqA
zY9+FQ6AENaJ-pQL0-mr$^U>&kiN2ml5@R+If`%0%X`}bDv%0Qkd-PjbbrGE%h29iB
z=^;J%#p?Pc*>+CCf`oc>v>>JUzjp9X`G>(@!E@m+HIBd3F9?4HFA#qTeb71Z7xh6G
zjK6|^5B&9LxA<%Rx$&2J9{i<#I{c-6k@zdv5r3h-{z36q<<L|?o`k>DPldmN#9zTA
z{1r^aU%~G2SMWmcSMdD!YyJh|ub{wR>i-4&74(rv9q^ZWF8rl-jlY7a_$zoG{1xmT
ze|084#JvD*!S3)^unYVZ{Pg%MDDYRXYy1`L9)ATtHU2^g=fYpXF7a2eOZ*i)KmH1K
ziNAtf;jdtBNBo8SKM(%eeO>CXZO32gdGJ?I;4gJI075tTD=6@n`g!nIP~b121xv<X
zY6tukOvPVnclb-~3V*2`@t4{?{(_A9)c7lS9{e@`3&39xG+p7Zj@69guV9z>E7$>l
z1wRk|y67K_WwU<KKlq}5FrA7&rGId6NU{*V=pTI1Klq}5aJ#;!gMaXSSEr1Xi~hk?
zwSZv%d;Nnu=y(1>@I|ou{YR?3|46;?{YSwI+<!E`!~Ub-XV`xf{JZQwdbHd9NAu6K
z|48kA|B-sW{YUB-v;QdAasLtM{|~wUsQ8K$nc2SoNIlQ~qagMl1#@XZ;{Kyx(*C2M
zhoQ8tB=0{8e)|1K^yfME{v-PHeCGW}LGC|NsRFd>_XX@f3S$3JFtPtg?PmXx+Qt5(
zVAB4hV7L2^f?e)E>PSm#|531u{YSwL`;UU3W&aWUcfhh;>_3A4P8a)+;J<Ue{YUWM
z>2CiK{BKhCAHjb|#BJYy1pl3L>_1}ql>JBW-$~hj6inWK6uhAQN5lK4j1?PSsNL>A
z3UdFE@Zssa|0u})N9u*`KMHdHk(#pqDA>OLD44YWNbO?(k=kkhkxD~S`~D-LniN}@
zlJ_44Kg0f`WdEHm_8-l^(EUfjPWz8iYh~>}3U=Io6inKG6#Pv4k2>IsR`~D0QrV^d
zPNX%%a^M*Y?+I*P7Dtw>zLzf@w>bY0)V8-c7Y>Fmk3ZR$$FUi^oLjrz<?M#n2@XTW
z&n+^Xczkr?2_~Ffguj5I4^XhvP{Dp@SZAd0VptMoI`jM|9u)ZUDDAF1f1>|Sm;0S*
z-<QRP=T@2iI||%)WNjMuV@6z-`;Lq5J8)7Fbx}8A*SEdjS=Jvxv^spZ{C8X(>L=@8
zho@5n`NsWsWNo1Q>HK&4D>z3P?U!L$#v$owWxMxI8EV{>_s${gezv@KTnX=;?Fgjz
zPAL*~@ZLFtt`SGD#Qkr$?U{F+k(iJD3%&~Xoq6b2d~x$UwRvdEvBlqmR}2m=rvJ_z
z_?YCsBdAX|VnxFV!Z?pdm)MD7Lo`|<h4aNX(VA#3j@Cu95W{xc5uMme#26sD4wmmU
z^90;zaH46e68G7`9Tmc7XN{sKyX&xi^w&XmSpGUVZ1!QB{&9aDSsN{P^4Gb>_SeaY
z`|C(}Fds%K=l9q73!QG%O(1yG+-^DI;0zYqU+2#VFbkMZcnLPG;~*C9iLSAtnLlFE
zaGzc7Bsq(d+gi!eGQD-^YOKJ)L(wL;ilbO8W@jJWi6e>|ms}#lf8<M~V)O<+7VxZM
zq`=25OTKJTH{gn1Wn~foVYV#kW5o$zGkqh^H^fOScjgEWos}r=FFBxidw<IMS8!Ny
z!aql`_eZ;MEH(B=x4=6G{7}DmKLJXQvNdp`!C8LTAdM5Ru|b+jW?Afz26^D0qhOOV
znt<xxg=E;2D*F3rlxS6TLaXUylf&iMAAP4At~t2*ufDZ=*PMe)Dg;1+CbyChbD3du
zfyn>&R{o&NWRTXX0ZNy`Pl^v@#S)jP<Ao{x7I`cZj<@Os5{^>D2xKvnMcwa30J5CW
z8l8S_>e}&dM0_{nTLfVKjZ3az(c**E<xALks1JH7Wixnu!?a)T>(>YP^??Dpn*_LD
z+K(gX;*K{skA-2dw_okodi(YMetW-kfcvHW+5moN-!JXgB)^6zma`3Wyv(olWoBSl
z$QPW)63}+|^?m_x&CLk+Ynh0RY#Dcu71yc}18_bn^Gorq3Ft17zG=xABo1h9zwSU5
z0W^J>UxNo5PSr$)^xRl7SZ3krvX1Kp22ki-Dr=H_PIsEr^I5QeIwQV+dKkvl&-$c{
zt0G7P9KDTUl_>@`?yi?x&9j0<A!vCO)eO-oA+UiI-bsD{kok~*b=-S41zkT?bp3q6
zR<|>y1~FCCYOW*KiW6I~lNz~%r+{&5TMa**X@1hVh<ij4*H}3S{}&PPs3;S=v9*a}
z1TRGXxcSf(eMpozO~ju89+A-&Q6<60g(4iZn&>ib;4|ybb0cM~JufLNj&`^5GdGEk
zxaet$B@(QNQ`$uW8<6ZxL!n^JpI6{C^MpT*Yyln@?#slEYlwq-5Gd83Mo#$C(1iy6
zG>{GOr>WwL*m;fS!k<QT_C(MaZ38#VVckgE=)K}bs%|P8k6wuA7+vgR#MDW?#w8w7
zgdb$l@k_GpoP;+GYSGb~=G^DK{A1yv;HSYuY8(%#7mkO57l?<1Kg~JtknK-%L3k+m
z_rODsc8`bVpBoQ}ZB^aiA@#g?Nc}?akno>L#zVIM%s(I=iuFp7+X*}*wq98iWY>5o
zNIVow;GtkL9tw7ihk~CS4<-C%y1_&9FANU_1s+nrSUd#dJ7|)Ght%%yklGa<3MS*B
zVE1?^*fk#Ng1QzS3U-Buf*tWt@H60{An{PJ3p_;s!_Igpcz!$->>dvVJK~{WM?4ff
zCmsrR#6!W3cqrHr4+TFj9(vK4GOpV3ka})B6cl(!?H&&W1s+mA2ObIvJfwESL&CWw
z3Bv?a@sQdL9#Xr)LuyAnq;`*of_*+49!mJPbd85n{97&z4+Xo#L!B#X<Dp<zcqrHb
z4+Z}>;h~HAAuK@RySpyxhyFL|hX%*Y#I-~h^+Ol+Ll^Z!Ux<Ea*C#3CsvQqq)DK<M
z55e?vQ9o1!1zk7$-4ph*i~1qkUUpGGB-HBXJ45*M+snqCNRitY^+TV_UUpGGbWuOl
zV*%}Dv12LYsvQqq)DLyQL!H$w=eC#qKcXK>oG*CRuX{X!@X~e{W%xee6lEOX-}NmC
z!f{C4lCY|i3lZ)>z7wWGob?lp-;$styAav8B*=~(!ujBxfYvH*Y5G0fhmPaQtdg|j
zlKT?r#>R@T`L$ExIP`>*4nJ9uq#GlA7$DWq3qrbai&R6SF2efVDSr17E-cZc<92vn
z0Ps<gjmx?}f&N6uxE~yU&LE?T19m1-KX1ot6y_(YBK(<<431UeLWTJIBypnxs<+@6
zuT)4*P{d-U;S>XwQ&({eM&bom9hdrDil0n)F3E+j%aU(L^p^>L4((03aA#;B%fU|o
z4Q;H*LUdB8-z7-HYn>iJ0|YS-^GbzhKuF7}2uEbc?^*ah0_jw=2vHMGMd)CudLV*K
zdVbJf3im6JtP;wRRy@USENqpkGT@R#SEDtk!&KCL+k&NV+YwhR95VNT1>*il1+}6l
z=%kGLT}DDmqVCAkzD$cb*IdR3_-HjFdL5qwY*L0OU348tDAgQ*V-H)(2)(Q$f!?-)
z<TDH#AnI3&Du7wa)-W~BL}|az1ZCsAs#+)Vs=)b?xN@QWQ@p?8{n3Q}f<2<QsJGP5
z5&dJz5kV*5`@<uGqWCM02-=GW^MD1R{P{-W1_l@g;8cSfws42jWAqrZFJSmRp5qrj
ztzqKdFme3u1w_8jieLtrDBNe%p(OFnhD~6LEgq0+<{>c&01Dza?qImj3cz>9DnXMQ
z`EaMJq7RvE7^A_(W;9>C;)Olk57%aZ<!`dS@;CgVuN5Ce#sTEBrJ|qsEaC@TQeGsQ
zA?4NaMg)K1QK{-f@>CXh1@xEPnWXh?a4Qt&cj=+aaWzKha`eJ!XDAo>xP6zy#j6fn
z6j`v_?>G?co9GkxBOL(!d&}WzIDQ>hO|3%K$P=e{)Pk9tqCaB>qRDR7Oo)KH&Q#17
zT-S&yh>D8e@SpZ0b$9nSbh<05fJGtq&h(oCl1VjmlD2X;{}qp-#ArNBkY=*zpQPGJ
zHCyZmBGZ1j-GL|2u?NaTR!KcDGf{K&z$CuK6XDrCne?hyDuP8ST=_7MZ&v@Gqni?`
zi$rP{f7`6YoZRGq#)@kgECzqS0HauZ23eC-27H{7Zr7rZ6Z)nnekd;R=hBL7wyhXl
zIDp+~N#Ge23Uw8CBBVcl(h;#Qeg@csys6?gghER2t2<qc@#yt<?S&skOt&L8R$Pt{
z6o-t#>uGU5L=?eu<M;(X4yM6RUpDJY@gxX{*R+E2R^*=I`@}|**^pUd#qA;^wB3ae
z=GdE|UqvXg?w5&x_9CuDfT$G$+l$CXpj||#ORD0B3-NrRJEkU%7s7V2qCbPxab?w4
zF#e~S9mapr8I&L-bIoiHc9wt|;$Deq;?+%2J5daL$vwj*)zD=}@NSwIM*RkuJpK)l
zP%}5qtg*%q1bWSK5fgLhLOUii#;p^rc<t)e2`BxexCMhXN-4GC0Z}4NeW>67^KLwd
zkRPK6gv@Z_*F*{(sfJfqG7^4pBgIk?R%0bZG|{x=%1Sl&TOY|RxSyguYu=-UpyaHN
zCTDHFZ@sZY*z7G8%t1t-(k{;A@I;6+NO*cQ7HnQmfkt_Tszxd%$=X|#XZoyL&S-;p
zCzdmG4L;hpRv^lP4|pcgr3qOk<`<k#gp&H=wkq`$t`6jhsd9K8Z?TZ7xYYw$Kr+@r
zwzWjRkC;}=$ceHT@QXx^t<H!(h?jFVA(4(laEch|f@!9J=x!3du_7N|CbAFk+2W=O
zj!G+EI$G7DcC|&)4>sZCJKhOv->hXZZOZvYo$+J4%T;&y(e^@rh^R5{h5lo{q<EnN
zLJBW*3qlGn^a;rjGU0{Z2}L#o=NzL@OFIUrSSE%tkU_K(kjjTo2(&)qQ-n_dkSoyP
zc(oBE0x?hWw~Zj5P4p@JmAk=@$e8%CmHAYdb{+tb9i7s@m&lC#gk;2zt?~0E@jgj7
zsIz(tjsid?p;h2Be4i#9r18D3;wS;+pkn}#_(=wk&&2T<&X**9yprYM2hfNV$wG7z
zs2xCZnoR)6x7z_EobloSvd#vOI-+&}kUU$=oJb<#KF|^usVcD?X~olEaRJb7wg99X
zb(l&TZIf0k=2)=3(hV~k5zsyyL?=3;5b_1}yNraCMCFmG4Io9<H3Jv}U#)gTzs%<V
z+ms>77jp(;0zw`FUSwMt!-kOWSV3|t!z>8-eH%ii;zQ<@j3-eQQEBE3{2rd!+NnR=
z`=<&0M?fjsfoUoFhZI2hAy6Ix<vaK*0A&*%%q%e&jBWwtB4R_^d;KXq#{p#}6TgaS
zpxtpDfO4`G!Te_?3ilcCe$s@(mQ7&$ZKjZF{spN?4^R}p;jp#L3P1!#D{+zVe7e(J
z(HGBk6*n>>Fy(FH%_rX2{r#}@faBn+)_4AfM|Ph0A~Fv!uPqgqiti#t04abgo%l^)
z31?OS%NTi$uB`3rA<!Q;1A+Eq1;B(adFXO%GqCWbE0l{2fiL0LT1PI6EZ9YW*(cFQ
zz?bL_;!BtdfG__IB_L1YOYl1IB{L8NaEm$$5ph>*MLFv$)x3hbh&qek@P6lp+3vJ?
zoe<_Y7KZ%0py$_+KQJa8x~%-o{}Rn+p{L@3f>4u1pCwmOs(IUvAu<M{H|wp$brlba
z+(bgVPi80Tk3RVt-{Q&e?4B&>W<dw>O{9g>d<EYu);M?XC32}4FLH46x6NwI%`Ixu
zSm9x~5EuOdjAJt*q*GE!9Uv$AswaMgc){OGD=sJDDoW6)1K6=**hhJuC4*-os6T$v
z5w$OVEXavZO%+}QL$L639CO}?*IxKxObc@&W@82OMVU6}OmHb;S**ycILIALhaZj&
z;OTfWgtS)~9B-GAf;`!HvLW+pte7nF0u5XUVy3-C@F)Z$`+k`SNfdJ(LPYHlnkXh4
zp`t06%~P&O?SMBk;&}5WhzIws4&tGx6`5L+yk-?;0W(Ft;Dx_Pyt*lxCt7j=h|_H$
zI@A`d+((Qo0Kgn;h@m>}DU2$H)YR7YxZrT!CxOfdFmpKPUyaPWa?X!IYMYKOOBMqZ
zr9Kodl`0XdBLB(30kj8d_M0f=5(>1!*tJt!X0<h1P?4Wo$q`pH6ID)BTdE;6MGCSF
z9QPNtmvBXUszeEyR+wD^ud+lcc8Q?DmI};-R+XkC2|hqj2tLdSgOC~!REWN$38@H~
zxCIR>6ah$~&zgmM(=0^l3Jt+$+pC|1Ua*IdR7yxco;Tfwg4^-vFHtYxQOm)fyMvJd
z@hD^=@F-$hZ6$xowqRIpHD!t*5xo6Fh;_bpCDMzLIz>nX!ClA(9K>E}tQd-%CbF0C
z-R8Rrj$SKw0ZmcSRA`!lNAv9aUO!f}Gdm9Rzn$;w+`e;rAiSgnz+|_*H}ZWdHgl6B
zDB8Pz&E!S%S|c{4K!L}z&i8UEUViEb`a)Xm0zOFvsY-az8~FUa+ptG+W->aB?7;!Y
zdr;!YECEk(-MXdZ<W;ab&N)pk+S@$L(|moiSy8fc$4*@1c`90-++WStiwLH-dAL+F
z7&Y0krTKtV(}Jg++jngCHjnXmo5xvF51`Mo|L!>4K40$Kt`xp3Rc%72HRl7Lw(Qv4
zZ0^`xv47_drfq&0+wUT7v1t-lx^mZKC{aA}YrY;}qXp=6$6<k=cW!U~4wBTlt$Y?7
z0YY`Bl-GPeW?z(pdhXa#ab)K^#Hcxlerq#tl8vi4e_`Qqc8`rwF9R7KNCPDnA@Y*6
z=FvjA8G2Z(LF0H9?ZL(JZjhtdlxqHfW|3?rDPz@dM?tNq+Tk4-&OZi5-1!dPM}tTf
zDFvxOg2PhHB7U`r*gV?YjLg<BH)>R?kRfjghEFiMFL8(ML7-quw~DPdy8`&a|Mwbi
zAe`#ehmkHB9p_@#C$F=Gn)L+oH-|Cb!d4VtRR)f-ngd=;w6A$iOY?yR3do|?x|PCB
zI}Vp0FmGjCG=zP&qn6DXE*fGtb@PrbJ2p!-zk+;32eGlD4(9h6@J{o>7KDgW$$3)M
zK`^#8GN?06kuT&nbZ2`Qvdd#d&@DXAvnBZ(*Dv^P^*8E#oPCWG)=BT?!swsaw>IK^
zSKMU#Bw%QDt;PLP)pER9wE+5!2hK&H=|}zS`(3e})1SW^gHz5oxkG4_)gRWj%-AOa
z3!^8Z<_$=wXos+qQ;<8J-zSJ-p23s>Sd6}eQkMHU>k*2`=G)95+-Laq_KD9*7u#)B
z%-j3`NQVJRepx~JD9(iUHe;;B$K_m4ZiSoNUU6%jnW7WKyMITWw;3At9ku+E3$kG3
z(kpw%7SWIBO?)+9MTpg};vJN}oE@D=X#NH<NKEtRd=Mfnr3w$UNHzVzSe9(yedF<(
zc$=5Bm?s$^QYqmOEIQ%oo?IpD_l!_5v_a1RXv}48>JCP8PkXYI!q8r+hIO_|<H(Db
zX6A{PojXMC{z6cV?6!oV7+24YK&k|5iSgQ;PZqAYNuYV3AVfAa#qLml6q>yolBT8E
zTwp>nI`&%oRrfaEDmrPi5FO!ZZhs+!lU34X?Nz3*s|8~;MgMK*4ttb9ARH3}w8=~2
zh^Cn@*v+X3cJ8u@Z>4ls^c#tBC_0HeVi#Z!!!QfkZgnnYOls#|n%cS1-fTzIiQkaO
zsaaJ_u(HXG*Ax%nJaS{j^&oo0t^k-T&ZQNX#XG~|AVC<b^HaOm-k{oiBPD6`(24;G
z7H%E~5p%0Gr%c;v3)G4dH1alnU=mx3R(uuGWnA-Z%|oMug`8zdytT`w3MrmS2&8B_
zYKJP38|<F{G9qARXda4e&5FT{ZWV#Ifp|migv$K|mE25-X(8IndPw&+=QZae=FNy%
z=xrW_m!WvQJ|)v@Q!-@{B2(uEW+HweOZ#uS{Wrs=PtxJ<zy*J_l(T~&GcJ3hU1r2~
zdnvR*#|6da2*{e|hungy59L-Yu|^4xcxT5nk24S9(T>1mQjKaepH#D>J(d?T+dKqr
zwqP*!r_RWQ$r>ZJw#AUaQ|2~&Oe*JIs~j@2UCxH~Y{gSub0q{(bEPeYY>pp?Dpk78
zKQWmYCQ=RW+ZLg$14=NbFhHP=Wz4ceMlS2ColzTN2==Muj4?&zBT9`<Z|9Fnh|W1;
z$VfFklM6F>x<MlKfJAEZ7x*GLpbvkWKeAqT056Xac)1n<z{?#4Oi@~M9&#}&fDEC&
zg?woqL*1=A^yTKcw?MkoQ@TVk*8(RGu;w!i#sLW-1-uLf6x!QRHjpx;O?_wv=fpZl
zmzL<yC}voNA8d#gS!390Tg8p6KE@@9n9H6rF~%aGHbTiA6`6=I4)0Od&K(>WJGX1w
z?~d;qkDCa%Ilo~d+m+TZaTNdHwTOQkCd&MS*QwU)O#5}V^*YD;Gmn3y8MTDg_{nLQ
z_+^G{u;*8SpYNEeKQyQM&_b*!K5-m^@iMaCY3!Z*5$4DSzaE?|m)<c?j_ie!x&cQb
z7%RV$4s5h&cA)x12zuU=#)=0%ifP}SBeccdd%gGFvq27zt(<DajOTAS9!n4tcrppE
zFF(lX0#MzjSI+V23+9y+wk@8cg*;h=@$Qo9n6&b{j8Xbti6iFIVxn5Ni)w9B^tqnd
za^!v1iMCel9pfmDZ3t)#u09mPhM*(H5yUOgL!Nmh0Q_^1J!gM60<xAYP)h5oPb^eQ
zs!uHS0ldfT4EHz-Lw(Z93*^#SeVp=g;DcCY=o(pH+{Yz5cH#5{0NA(7FO|biPB2b&
zgG0+P{|JJ5)p|z>DnC!bREnDIc4{LX4L%2e8y61K9WL`RK80@%+ziPPUhK(P{}2L<
zE&p*^ykdOcJbaoFTc6F)Z~m5{H?OKhfJ@}iU`$1rm(4+&jhhA&y4?Iie>1ioA_qk@
z7{jeZr6>2t*7vo;uCx=)VT87;nFvK2A3crymv3YbByO;0w>3^ixAh!$9Orl7l~Fe{
zs<z8;^!+HdCZ+#IAvIVAJKO!(#O>D?xEm%4ev|d0nR4kX(mJQ?4NrDRziZUC`SKgX
zV;pM3I7dWMPDNrp{iO}EzNl!DKCD5^7xL@7W$8b+26GEe6fN85AS38LFvIeVEGMa!
z0qs>e)0m_=(et|uf?mCN9zgr*4d^X+lLQ<sa`<)_C;T4d<quz5`HC4c`+y*2YY>zD
zUtPQOU*#udEh0zuIMv#iRy<GE?*OCE?biY<)UOphB(0nR9EzTXUcdGu-BrDrRa%;*
zI5w-1nC4Q8=Q;c+!<}Goo@bKbFNHVFoO#8%?`)bDQTOyhZ1q%6X+<8gQ%bWQ^E>v$
z_Q(+fH@*8erD<E#y}i`aJ*BD=G*dmDE>#EcU~)@P*_uFMB-DG^qM>P0wHE>U?W3wU
zOH~D|m|i^9ugTauUp#`Rs8qiel9nyXPYZoV&X|g$UYaWY2~k&noqV9*K2_HH$-3f_
z^P6N1l1p}}i$<kOkKKyTg8J4mBB=iz$SsKIi~C~p@yNb%KJLC++#5QEk-b3&2V}u0
zE*a&*ZHr%f)`8Q8vQS5<Y8oab7B5xP&S#FtE9L25&?PZM2s*ve+RS2Uo$qYV@b_K}
zPs@GAA^Dorwt-S{Q?azxe-@X>Fa9U-)T3}q<qY#?tNq%(fVPpebfTz1sFo+!uf1aY
zpy_n%<hE)ANmZ|*z<{<ppnXIb>yBP2M@-UoYZ{4vDm`?yRWVMl#V61!E~)w>aE-dj
zVe-6(VtwveXF!XXH{#_PSNRp;a)+>cYzb)f#w5r9k#9h25%mD4t$Y(%jV_)kg<r<Q
z$(<H~vm;2w<=`gc@^~UeGj1<M<r%}TWkrPRz%!@-HBhL4oni|U?LKXnghbH_tES~M
zA>ANaWNjy+ibHBB>;8<WinhaQHI_foiKxG}$()O3H5p~qwV{EIP04vzCFQMPK8yBG
zqF91~*N_%za^w&yoWW6yAv{OF-Hj9&#CoyIr)|lv!;nyG$2poLB@$`viE*UgQ3PJ8
zdl6lhCcnNP!}t~H(SN~;OwK$hYh&unH}EXxUs=BdvB6#nW|R*zWYDhEpYH@|wt%jW
z&*Ac~O{~gpzIKEqC-c_-8rd38|J0I`BOvw0{v2ZQGKP-%<!SU^=xmz0uNNiUpn;Zz
z%QG(h_tUWka3^A=nSVr<7PFeqFn3F~<r#<m&5~``W`1PV&ysJ`0sBrUTFi%)`v~Y&
zIeE(A1vyZ>at@W%%AB;&C5ql_RZdlN`K3|Z+{Q>f?T`=#Wq)OK|MDwWO?6bg78<PR
z3v!f<1-XiTo072<CwR1lE-9#`NE5TAwDx$_=D(15Qpr*8$_07S+G8cqCWx1O@5&iN
z1KN}kCEB+~l~jMQbQETDXeS+BwUQ(F8YHtuup3W`K4XN`&nbqgQaYo3sP0GAa15VI
zbfi2Y>>U@re<>)g80x9z((0usJaV?D7R8i`6NYvfAAA$Dzg}6SXcLR%>R2e#c=}rm
znONl29+E-nf)nJ!8-}K*l{h}|s%IR}a~ASSQx3v-ON@(|VVCi5RyOc)m^jtS=58yS
zsmKPbZD+GDKRxZmG)$GoTr0tBB)~i#3-vIDB7wJI;+!I8zpOG3O}sh;N+Lro2d&cQ
z;Rurcek~R!r#bT!28aHjOUUpaVob}9opJq&To?^ruju1&;z+KHVS+u|2ju*Bma#+8
ztoNXw`vmL}<u?#wLrOU)gpF=(jm4^J%O@1n%GJ$M)y*scKmb`+JY{}aytO*YFV`0U
zb?!1IU7rq8FvIfSMW1C6Ij;61o{IkKvkvn(MlGh^z(gZv=$>T6g!%TaJLKgD*P!t}
zZ4<asukt*L7b3d+D$g=JR@chmpNc0%nzG{s!A4VByfi76wD=|8OVST&A;Ph~$8Zo3
z5`T-35ZKY@5g-zOr^W*Wj6}ffcz^{YeV%y?z=wtWEA@jGj=ypdGMpjmDTnlfh$~W3
zP+NV-EB&xm8|jhOZYG8RNIYRYjiFst8_H47rk8)0(j}u99oJXMn2hnz7@AqoOyNF<
zbrL07y+5q<BOJ}O*fW#i7Qz)=k!^>|?QO8)pZRA%(e1ztq}biwd+*tRHCxAg%b$t<
znj)Z6_>G;4D!++ADW#N;Vz(Z5eiSoSqqI&*LR*arJ3J*_sL{BW;Yhp|iR1nh=wCpn
zaAjUYaUSU?Hx!TH--cq*S9mS5Uag)gwmYiW>Zjt_{D??aFBOYU!mH?{26Y*~;-6Rm
zs4Mx@Pn;ToKhNMz)^5@#xU^zdL$MH)Wevq{#wpIxE8NDE9K;AOg0#-i=edm{zUr6h
z<BRl3en)M_cwac%rJinEIxalSfw|0HIQ()piLz*+tQ9Y`I_2B{giiVOvi5pBho^eA
z5x=c20`E`rf%hLDay%BrilAN&|CMz$-V-GvE4x9+uH28j!6jCM888h2U=NER47dvc
zMF=Qj0Sves0V5C~=*ocET(uNrpa);JDw~{P=y%3iD>OOR(65ZAtkC4FL;q#0vO<&d
z4?Sgs5XwScPX8!r0fhTRXL#@OPN&ls79%g#S`~zpV|+!gS%UzjP?&*3rHa1V>Z2`k
z<bcZ`9<xnayMt>UC1bFXvHDrW^+{`iBu$qR`M~MV@HE1o`Q6Y^G#A2;!t*LtPTc^&
zw_UlumpnENy<6U_==Zr4wZRo_Qo=6?LYEKV)UkA-(lB8mvL)4!`gixSQcLF`bWS4l
z$5!Y}gw9Nas#a(bLW>fi4_Kii5NZ)04n@p6%NEwA9}(<lEJ=$}*N1Z;%ZRXn_#mK&
z=X0uGgI5413WaL*pL(7`42bfDgtR_NxFVM*91Dk>u>2xYWQU7#@d+A~6>KS^<$1+i
z>knW4XdNJiHpUYjBI{#308|Kj5McrBxV=6uA%<R!0=+=-er+??3qpsiJ8=w}uQx>7
zJ2*yI&A?J%AmH)yh?)iwh+y@sv%EHddE|QiE8)p8t#?4%ptd<G2g~|8jsRKvimd&J
zPxxTMEJXhoMSC47G)2EB$6vY|^GoO+Z(&Jp#n*9wplecT_S4?cccumVa5Y}&yiBT^
z1$gZhXKn^u<F)MnP)hGi3xCJK@0#;6ul7J168(o*yf^qR6U1TOc5y{%l)5;c?h!0k
zM()>+CaqRHT&?I2pwPMh1w{BEE*#8;F{sXkCCn<nqbarr2z7r?NY}ZZ9L<zU0KL`4
zo@@a6t$^`!_d5$s>9P0GEb-O@Z;ul;+qA+`z`ws|lUc^~%oCV29gXIT_)~PE-c>#r
zlvGMLgXU<7O>hmMrU3*;7HPMaPT%hwJtIpB&j;#IN+Vov3)id$I`5HdW;w7R6?BH0
zf(iv$s%pg-MeiwVD@b*31GP_Sa_K`^Le&<~-eciXH4hd{RKTyj)MXu_--)*blvDS)
zw2zw(sUJJFW03<H>M@67TlI;*Afq(Qz!8%!NTOxeBr@(YS9U|>uv4&+)?)qv=}-Zn
z^8IMvVhjSTUUQ8nHj35HCaKzo2*tW{KUR}*)=RMRf4(SK*?frjLSI4QBI}Po$v@f_
zIlm4{F*&lY2h?COEFZD+;Fzrch+;*~_|Y@`Q}|Z-S6OTx>fqOQ8mpn3P&Aw`wu6Nr
zvWS(MbB2{eVFZ2PDdO-Q1<e^tI_#3xLX@FDGqPHu=>?m`tON#%*Gv>0o`%JaU5m$=
zzqGcAB2Lx^!8S`J)O61Xe|Y3&4Nj{2MgPG{^cOOQd~%Q65aE(jmWr?%YcT%j8=Q<_
z>%hRj1RR0d_;I^Q5m^hO4G1LY5(^RS0NQB$W^g(hxC3W4pgag34t2o7tZk48Y%=7-
z<QL31#m&CJG@uJv1TY6i;G4gCEA%n6G8o4mKOI}&o0Y<++4%Hi3#Pcou!><H+sl;)
z`ov=E-HZe^R`}+>U5Y68+Y6nU#*}}->ZDyTz4^R}HDA=cp9`4f8z~$qIq$JGZq|}!
zrZJF-fHA&y20$`ZUn3(4J0yqlbOatevi33Qnb$z@o~GWGCRIIxM<5cvUY>&^0zFvl
z)FMAf&_K8hQg*J#Wm1D^%SREdv;+cTx6|){%^OlcDcq=NFH2Qag$E!VS_4qXy(O(J
zb_4(AF8gaE%L)yUb-fl3vYtuVCXendJ^DH-sFa30Em$V{^@rzq_3V>clUT(&LJwmp
zFI7E_B<iUiQng46fs=zeUygLk7WGRD;aEsiKpuU2u2fBL4J@Ln{)}qag-TUpS%O}U
z-u<gpcrUrIr}QX&|E22b_{}yW11L*Z&<VpVVgj_Pg$`-eUtx^M0caPp-cBfPUSgf7
zxOoc?CUZd)zcviy-NgZ$he~-cTYzuzlw%CQ0>#{mxFkQgV-&jn>@8rNe@0T{FX1G{
zDZ(dJ16SPf6Dt2k9<do`<RxGn!SaG}-hUfWMj(pF&gc)`GncaftC^z3rFUdu{A3uL
z2Vp^iZUGI{TE?*_O$(7ZqSGw(N!F{D_C%^u5eYq4Xg<<SjtfMNR%U|!P%qiJiGsX1
z!xbu4UZkwHI;6)NggjCygn2leU;8y5&1VtZP=Y7u@@v82WY-i9|G2B>oW3&M29u7|
zaw;!H13Q#~!)e{@5tm%rQ_L9|6LN4WGL*&T_cw3~24ybs>Q3mI4G3Iio}L}i-U7|l
zw)D^-wXG*kWu|mN|LR#5W1`!qib>cPbD9(Il+dPdK4*a`Wrcnuqzh*G_jOlzT1<0e
z<y84LMg!|AYc5$6wT^D=s<l~YZM@$)kox?s@7Qvj6<z)%tJ&r%%)O$%8&m7MG4vh|
z4hF$c;k`)}eyekZH*ifwb~c`P%#uN`oJ?NKcEES)!5pAqF$eU56@yYRO<kG=Uz>OF
zq-bx;kh$82{_qXMe`&-@3O>Ni<!gYcF(R(|6WG0J>WP@5ZcO(TmS#x;Dc`PV@24L0
zo!fQ)e$;q#XauyQIh^V8F&i9#{lB2r*nFP@b4s@7M4cmaD@g*5fKz~Z6G~kpUw=mq
zVxo+-Bh46M|7%k0s}r%K1LdXzGR*0~eJ72c-V?E?J2~W|q7$(bPLD&X`a1aqbEw;x
zJ^iDYISH?R4K6Y%J87cM==ITj(2r@#`+86Gbd+C1DgM|AXyQfcFCjI<Lq;?c5yj(9
zOkr-rg)fXd8*x+g^D{Ak)JhiwWVN6u{G!^Z!pf(J;~ihbmr!FpfSG=0aA0&8)L12H
ziO=?z`Pl&-=NvnZkWM+W;~k~&ZET1L->lqZY3StjFH>-(X_ow%icj^&p`p79r5Zo^
zp%p3{%T}ERMKQ2hucU#k=wDsc6WWuI6Izw`mO&R4>f<jwUH-baegf27&pLei&pm69
z2Gab8K92+?n6z>{;Hg*}6o;L-&|^YY$;t_^8GTUR$J;O=3nJfg!*TgN5`eTo2YzjL
zXMmu84Qm{&rWOgXh=R%oDk(bj+%X_M&0Ak1<|;+IHz%Mih10~nc{pQ#DoV&hd?3gP
zQ~6g3uU?5iT%e3lw2eaN?JqnVbV_Rjs3cUN?;%S+9hVf%H0D5m)PU+Ep?+5`lyKE0
zsIOf3rnF)>g1yUL5T#1hhtcL`i#<|WC`%dr04AuN2#9_SF@piGI>wV$J^>oVxGL*b
zIsbsrW8tjT!^Vc=r(@8BL*AD65t^tYMr}@dS`^~tu<^vl9G{!0lX5~+mMa6Q<th5V
z3kd|CxB@GF5QVP|87MO?P`WhB{8-f3TBGW#pTt{tFjCQ<AeK`yo_L0_03)v>6OS+g
z07Ur6(D-WC$_Y`K0tX478!RSLiRb`}ie{H3L_j-O%xYwJ6vYuErr1IK8l3&&jqz)(
z-5|zCrdo)xh};fUkFOsl%0&Q*Yin8S$o>q!cG{@AoN~Ar)XekhcezBDE2AIGwfY<m
znI81JU)$H->DL^EnJNRbpmquRq_Q6xV##|D+M+uKWS;0%sVWcEr1r9k4sLM3a|HCI
z=p?uYzMsTj(xX4cjA{NWe!;#}{t%`tDAeTA?XrIVJl(g`wmzN8DBlew`%b5K^yI81
z@7N8Iwd_}-TQO3rhQ|jnw{sbzs}qCxZ@-P3Bi|IDvcaeAGuEf0%<BPsfx^niq8TKM
ztW9;<qs0+@Ks4HFKlG)7HYEj{jd>qqt=i!9AU?$VyU`Mq-m|@QAn!EedDtm9g;0d3
zGf+As8#7S49@-h#@sC0c7)ds6tN|$EKnRs^lFEtp2U>Mwf$HHhL&*TxqHZxy)?p{Z
zbg)P77oH!}3e?k%$~VD>RuA-3wAFly*0m44s_DXDpg$($4s`$}2=Ho+n5)Y(3tkh8
zgXj#OR<G`BD~Q<vivHVL<O9(<7Qg0>g|!V<n?X3*ac&_PsQn{^@7%GNmhf>_Au)9!
zP<9=hMjLWDR-W^osKvzbI&D1q3nE9Zd-Rcj%!>ygQwWri{bX%%KbHyXZY-J}MF)tf
zS2nI>|6ww?qvbf~^OX6Z6_vwU1&U;^_A+rl4r@hTZ9e@^o)Kg@5H-)ZKMEu;qZXEN
ze|Rn&Af=M1m=c7M!7G*2LxT%VuOj(&@{PKG=?8VLEeXZ16N=w0A~QeLT%w#E#y_1B
z3g9cK0EXfor{-tyaDGY2;8Ed?A!k8zG#%PnQHeJW#w<N9>zp)K*zL?S{)h-{=XZ}J
zLyXk*&M3ACMq7{=W<&iUH;uZtK*T~A{08~r<1XX$?VLS{aPV>nFADUJgjNkmjVSuV
zIn-E<;ldzSFLD)nb1R0^=B2nAoXf2!@G6i?FV&oH$La(`(E7`z&gBih25N)S%5Nt|
z_-8-m3Y6i-Og?q8YFqxWi~(k7fXv}SrWE>*-B6W#!N>5u_%QTmHYG>zRZ?(B(GC`F
zs>qQ`8wH6QoU2%vSL^A0o;CMj`(8MU6F)@B=Fl&cu(QUm9gku#phJAxut$|r@Ih9M
z7xD!<LML7s2gkunRpkUNrPm8Kw-#bqN38WuT@1GB1rK9<{?qRuI7+jhkR8Wjdrw4M
z<u`@zba)Hjs6et15q9XePG8~SU{7yh_FA4d4;Mq9HuslK&CMdQggR2T29{b(%Q)k|
z=3x{G?`u{LxjyPEJRqsl5aun+dP1t6h$r(d){5+b(zg!9dg*D(3~gD`dWqJ-;d_jj
zaSc{cN$VwNTU%`XrKE*eFHOreV@4XHSlqU6Io3<9K)`Iq4dDQq@p8qrc3r0b3e7mc
zW@J4PvalkW@hhk15|l%Q5eVU<7CE8I7!Pj2qVw0tj4k9^s&EoKCVzqeYC-g`v3aXT
z_YY<kW^I$I9%VRIV{Rz%v{z&REiHSU3@sj%4&g}-EScoetaS~(M!`zv9abf!>PdJY
z6$=kaHMcR3(yejYtzvb1dkcp>Ayr)?vbQ>Xm6m5pct`sHM{r?GO%IW<$?mU_Pq4d?
zFl((;#d8-#I5_1A&1JsD_wd+X4g+oXXVN`n6EHA-!P91wMa8Gk5#;oRN}SUl<P#im
z>Z8Zo?HyEr-$@m?m$C<Xh6OovB)ZzCe>b<J@T?U6IeH1sKNxo5vA43gg(wdEPKTh?
zEAY{$ot495!~izN$Q-a6g?<tR-GEnFb9zdkai~yA5Bc@)!f=}{;=<Dv3jkwFAI#iT
zXF{>U3tqGX#ySM~wNe-L6j|5?X{<#yaD2+~X^YUePORgLMJ0u|(~t2HA98(#qnBp*
za61ij+DQ_MMcSE_|1tVJ1QrT5z9}lU%lO-YI3+Cm5A6XkHbY9@2klg)8@NQy-!4_%
zg?8fNl3XGzDF4xh*QK>bp{;}R>??urggn^IU?x5#G-Ghrk~7A<#Pt>KH3|)ZLJuPE
zsC<2I>`xFXe?!*i!@sxA6@5=6Zb0@J3)Zbr8PcOS;LWzrk2ap0NVWgHE`ScW`ftD_
zaW7iLdf5rm7i=f6gp(DFjOFg<xVt>s<GE$XMA0VX`U^jisuYnU#OG*Z4)PQE6z(cN
zf<}pqMTU)`%P?WLVzCWRfNhXI4M^`MriH{E0P~&qK65Bi!%f|aU%oB6M+C?H<dWt$
z^&mtWth!@a9g0bp^yuTLh1?^Jazn$XIFa?6SRYxt&xI6F05nL|Kf~(ZuMd}D1IWkD
zg1$uLky9CR*b5PCjFTOW!uzEOn+-QAC*Kuf89o{Lo0R-r&}CuCNRWTp_%80A7h;};
zVa?>%D&3R9&iBP#AGe|qSzjPrr67yt{Nr-u6Zlz7!J4yChJi+_lOv}yut!2t3H@GV
z=LyBrIJC)_QbO*=G{l7`S~JU<v~n`p-gjjEZe;ujZfvnz_YJgeyw$q@5Um>;Z{7V6
zCKuGYaBsGbB3l23)w)OQ){S?WW7s-Ow`dF$@~6@v2*pe!OC=_+Wr`SMrRouk6drR3
ztxGeO`Z#(wiDnw#!;3%c*~u>f$3fV;M5F-LorO^$ipsyi)?<w97TaSFL4dKV$;DwA
z-DI|RQ)D;L)b3U#e<L8XQ0YZIh8qPWlaF)p!5&aN{Tk#zJim5`lN7WPP7f3d@S%D|
zs;)o@CN+U5@?7njiHtBKE0Kfg?aljH@kg=A;cR#&HTlC%1DqmNeE`N%!Vk4-ha-nG
z=-310l2kRDpyVVN=+$KHkq?3Jm%*hv1O(*RSbg~+0JebRw5*;TC8?v4&in&@VK;-4
z4`#zyYE2JR$Kr%H<mbTr{5M!G+$61_k)XYPvGF87yyy%N3r9Z<ny7?_A(JD<pHXvb
zR={xe!xoI374kS-5Z)E^Od?YGoiawOcB3rhL>b~PC1jGSc+*&_*SR?h87G>E{o>kA
zUKj<d3^akQICKilZ1s<>aD{%2UN7GrC_EFKMy)e+)~(nH(p6`xyW3FjDnWvGL%5OP
zP$2(9v74RCZevF;@+=Sux`#7uPBa{+)>%1nmedl^R+fAnskML&h%;-G*P>SV&J2iT
z^zz7UutLH=5PX5@U&((rG%0{JeydMwh#bkFtEjpkeLDvHET7!v2bF0zftDu^q6GaJ
zL4P)|KO6jxeFCQ{YU`-rQ1d^Sg1A*UIwPTI%#P$((xZzJNr{|6UG`?+KEAzjem&$5
zz?eT=R8(*%zJEp^i2`py`|~01LU|atp?pjZp*&1%p?nP0P#*OBq5NDvL8gTA^Z1m<
zrxAP_!6&SPLwTc=@EBBmQ;}SFp!^qv%d0^WzXo^5ZxRE6#D2n8bEp6v7+zvu)_DdF
z*L@uaPFYdsfkPdC=Yhj*miEAD_b=-_UQ7eT!r+4EV0`G<^owOs>vMZJ>x`U#ib%$>
z)gQjE2)3!g%a8_)lZ^og@H+hx&~Lf~`c1zC^qY<ik$3|Arc0pT^h-d$=@RHS{Swe`
zx&-=7zXbG~E`fg2F9H3gOQ7G#OVI70-&W9%YXLFi^z!58B)>KT17{*&#-R{yu{dIU
z1vIeZz(*Vxd%Yb%KdKYm;GB(lNq__SgVH=NqeBa+u2&-GXrYiV|M%L5YWa1{Ik+`!
z6597Qv~PT(eP0{L_K7%;B(-n6+htw}aRu-<_DcYNi(<$4T)^jttmkX_T#Dx??25vR
z$89)~8=>e1D!4X~h$!)hap*RR{9Q)L9vgNg@WNCWU*O{B*T0RPBna3jRdf4qKp#&3
z2y3dWfH9<N5Kyn2e2*Z20*oNw-4JeDvp~RJqbvhvL}Y?#ETDaxGvskNw7E<lxm6qH
zInR(NB&%zOmB``5Tyn=)F(g{r=aP4&DmtHXH&?6nR`O&rjC^ZNCTqHzKlWmi)u>>$
zS(C&zB5eKw3Kb=?kAq^L7!-A~V~aH?=-)gH;{kqBA&!R-$3uwYA;j?z;&=#gJcKwN
zLL3hvj)xG(Lx|%c#PJZ~cnBqrhb`s5Al<cIaCCG9FcbpTP(X2>P+#`sHE4eTeZ`UR
zhD_~&n5C`Zkc_{<EY4go$oR9zu;xhWZ_A~VH;b`*3ttLhLU`9~6kYxhKqq-%Q*Z|R
zCK*wLhhe~Bh1_%&;KW8G2XTx9yaq#;D*0~!-P5Trh<)h+s2I@SK<iEs(eE(O?QZj%
zD8sMe#?$=91cdMkPd#W?j?x?;uo3m*O87yD^h4>B!egj!O*6hRny@I#2xu=)4m(?v
z{GC$OBz#c9OIo$lbT+8NM6(wz`0%%@D#RE0<U7zj#`Ov4uD)0hpb^9mb)0XG1stZV
z#zqB)h>bN&X+DL7)K_YI?T^x<)F&vBv#8F8m|?O+lVqgKKgvb4<5hq7E(prRY%bOx
zf<NGaWXa3E;15e)_62`f^0IHcyzJX9FZ+T&EP2@%{9(z<zL1yMaAc*te6{=+iauEI
z$G5>BQv`p|dV#$nyNq5S5qJa2B%laPz=}H2)!JcM2DUhK71-kXPskSS|5EtltT0AR
z%%hJlU4H8)j=}`cqxR|^fHB-nNITU`Pz9TBX7djsEtL8R$D)Q6PckHJ*|>%kPl+dV
zM8k@o+mH1t{)bO55@{GK3T@ogU_AE3X?PngDe~5r$gn4r@WeXU9ZIIA$<HwXUxAF^
zf>kn)?=bSs#^#00f<pqcL}v>vHe5{X`AXXmc3xTCy!513dyj*d>+u|`xPbnxnFT}}
zG;ka<=C?WEc(i0@p!$PQKQ2)ti00KFm=i8>U@<4^q1`jvi^Ann0HysIO2(3z#$SH`
zy-GvLTvnz7iJ>@yhph21@`?5ketb&!o`s73{7S~fiViF=-1r7QbGcM~sJsQML)o%~
z;B)y9MPCB1vJydI23*I1zaIFBt$4Kgc+9wpO-YRvddKL6P)2>+jyeNTZF(g7SBAY2
z`i5nda$30?x(A;goKqYgcH8Lh&RsgFzF2m6Um#5OVKAyGwmJRw*@auB)xSa`l+w4V
zH$UgXlT-qVWB&ANn~KA}8`6A*hbm#Mgf0lG2WchMZay>;R5N~j3n#kUXVM-)EwqJ}
zAiY8ZCxx>=L`*Oly=j1-jA3UTcyoF%{C7ix=L6y`-A0I4aKflPV|{}*Vx|nw2Ui+w
zB|@Xva}-n(XitgbB$OjQ?YpzF9m_1RrqL4v!S*9tkAWmbX|}!r73yJL+0NEb!W2;n
zgBkjyaX)&Pe}9j9EBcFe=SfxlP|-EAKG=AY4T5Jwb#r+Oe8k~2IB}t91-iJ0@rX!P
ziH@{}3Ol}s@lAw+Ijkl9e(XB2`-jf2#<y8fZP(rAZHSdBPvG_2BJ#$=M|`OFdCq`B
z2!@>Sv~Ea_j{ZP?bRR)Sw36Pt>FHur<7V5RAuV0axOLF4&%pMi`Vu{>&IgtL?p|su
z4Eyxr@T#XIX+;E2igr|qn7Lu+SAEb<R{s`3=%9~4r13BVc;W71Ud;r$^R!kEk1efE
z-RtsY)*-jdZC=fJ8ZmRUlTAn9_T>m|$G)x8POs)a?W{ggZs3#-&u%K!YuOU~n(k@5
zdjp!d4Ov2L_&jg$0d0LZ4H34X5hCUrTxo1vh2WJw&&$#}pJ!(oLbf7g7eZc5&P|CJ
zxmc&<E~}iH7JAqRWx)p}5SWTrJL-jT#JmOtz#ml~Q|Hw_@#5qq?GyEVwBRKyS~7Qe
zv1^0T2l}+_O@{Zx21n?P5`9)3+7PO9;!F8H7WR=hcbj+FZU;zRE9&NB#gePRf<Hoh
zsmhN6z1n6`_;q-;#?NOj-=9?e2fp08WqY|-%qo86^wiRm?E&h+g~FpC<e5YMm`DDQ
zg=Z;i#}m*LZ7WA_)w|;P3`K?IMuZb8yy&Aj-qF)NbEPo1$Og2A@OUV(vDuGTZ@-2H
zp(n<0sXALOJ(ds?$qZVQrfs6M@M?#>`EM;fMrJKyWoA-naLsPZjBnk<vFC?N87esf
zLW7D4#Dw!I)O+FVttbwofU0nC<p|^BR*D8jL8m}HKBf_($`%`%_=aH4jY4pYKwOlG
zsAEEKlA&RCBMKBvWTQkIuu`7wMT$9axm`)MtD?OHpA0b%z}HQC&!-(Qu38NhI`Wyz
z4E@+{4<!sO+Ewe3fWErx@Hc=6Xh?$`IWk0+*6+@h9{nYPVbk*JgIcxs;5?c6mim6L
z%;R2dP^<ZW@Qr!OvIfm79;UM0II7Bv@gQSQr3XqeYm{)SBuB|0juN*W9g6~=$B7{^
z2)vlZL2?xbNgsp^Mu-&6<nWs#<uiBwU=0G1zc6`8rEQD$6;RF0jrQ<r({UtBWKXVE
zD`z$;nMah!kzDVx{SF^79SifVT<pn;{vH@ZyBxx{;TVPOGFC2S{s9p_VV9$2(>+ry
z_Tqt@P<_wwVIGpgXOIM*FMz6EOvBib=!I9nV<aYu$pJ46QcAa0zh+NCbr`?c90vyo
zpZ1|I|IktZGq8*Bk66Hb0Zlmr4Jb&=K=Anx%rrs}HI<nF)}VASo;hJL(+CnDV0KKS
zT>7TXOk>112HTU6o21XN*vM@xK}l>4Ywy!aXM-gNX~lCesut#vYWAEcXDpgowK+7o
z;DirIWV;TZNDhmrpYt#}coa!TF^CCWbg)lw#3=Ta7zMecU><sHW>T;Dv=ard8LRBv
z98f}PjaZ`PqSL_4eyj<LIS+$x!Fnd0Q?MU&<SFfAY<JU+L-=LB4rN^Cd)mlTh&w<#
zLgBs15o*@wo^rzEbIJ+KVp<(f{VTe}!=4{TI_0u%dFK7rocriyV1wG0W6AzF>cN>_
zZ7aGqg$pns_F_Qr2=Zl%C~vO96DTOyf$j?A1A#yudmc4LnZwW<U5giiM+85VX#2hS
zN5~IwmKFR^nZyshh9~$TH<=%DQu%=kIZv+f<VQ*T0ILjz3j~3{B*Vlva6p_Na>)<F
z2=!ocH6B1oXpGGb-~=#2u_fck10_|5LJwF>@H(7_1P^={8%2RqcfmFTUzxwb(STS(
ztH;Z$AVAdfX?X-JO4D3dJW^&A1{P7YMg=UQfJJ;@k=oE$vWUeYSE4xbM++P)I`T(t
zC|hf2I`WJov{Uz;ath|CEk6j!3B3cv4un!RtbrUT;0w1Y465O=-{}Xwc;+z0LltuG
zEFYjJz<%4fh!ES$&~e^nOUW8^#qsJ7Vj6l7vVzM)FcfHujeUfu=Vy>2B<O}ecyLi%
zUhE&n*=Mqtd_Dz#EIigde`JYo;15NcAm$#MKd>2@{1Lc;)6RorkP@v7^UVZu$Tb#+
zV5_9ykQoIhu<Py*E5IOr2#Gu47IuCq5k)_oG&p30pzDekwD%w`?zXZ;Ux^6}Slh^j
zxqKA1deHIzeMpa&;8J))Ku7(t@x1BCi3oi2#N?ILs=Z=OUVD0F9)&HvH7d#4>rpsh
zHMUP1yK|xS&5V#UD4jcTh5*0eu~Q{*#_EH|I^f@w`C}9gOR#2*bioO;h)8A;ksL!i
z!^Jinc}aSVXcuhgluKVvhzjEWIQ}@~&EHA<0r5cS!PAm$=y6~u7t<jR7KSIN&K(iD
z3d@wUhyY5$2La*>Si(?o1R41|4=a^cB|bmEnqXXkF9Dd}m;oX<tyM+o_3UZXnAIe}
zu&_n*!XjAFY!$nbfmB%NOoUqxma)(~43RT8!8Z+*o7;(U(Gl%{AV<^=^Ti-OVC;EB
z-Kc1=<aE0%7?m_%V7h*%52&6K?Pfg6vUb*@_jMc{SR4CBKLBdykowxI-tavRJ%A}1
zL+`IB7ZuG`N_Qp`JTcz(mE<2@dK4pj5NMtwL~`GxAs5Q0NDhc0$3-I4kD)KO13ge2
zlQH^&0vT<2$#CLSI$=)W7yAArBfcNOaZuLou@{LTdbTw`yNsPEhV5Y0ecHEXgFZRP
za*%e9n4>57V1Nma*(u10)jmY=t8nWvCcrIA%+MGR=#mYX3`y5n9uH_eOwihz|DrcS
zkMY@Na5=R{<Sg_^jfrs})(5HlZ?E5_>eHxUe3CqjXRr2AVxIg3`$8~((mZM7vG{tu
zL_5L>vV|i6y@4U{0aC@6?EAiq)v6vO2Mdc}=u3&Nh!24g#xfkxBR+E+!0{w$UgS9F
zhtD`BrF|Gcjd{|Tm6w<hu}T*c;>g5=NC&$@^>j=~3-EImDn)+I7Bsfz642N}NxA$;
zl;q(<hn`50dL6j_gWjO=mkiK2b$v9doxU!xW}Lpnq+bAiDWc-^t-0>g&^PzsIqCcR
zXczQ7gPh}lBTio|*bm3msYD$hG6er0;PXSk0WH}OC9|Fs_hWc=l+T}^+7+3g_Mi4y
z`j-@b#%PDmC^6aNpa4t2LqP?Wn&S)4NiP{a*E4tNxOP!T<&)_2u2_Seo<o+-?Erfq
zt+0F(t5u4t)!doJ$VJdDrN}FLet<ShYz!L3k--fu_T;eD)5W?JY=e0q6*}7M(t8eA
zT?pikC>$c1alKWn4IrZ?V=xG71uRjy=7nx+L>gQ}DDjM;*K*>psUc>L67<y^EHYOf
zf}IgYl3Xq=sh-5_Q5+sQPJ0K2JmU|Q=-+$b9(+iKV;eG`iQ*%)q%#gI@8E&eh{JiG
zE7kEJ37tr1YCEVNp>hZQllqtzD%qXdS@lC#=2q%Pj%Z_AfCw(v-fB9`Jp}LS(_5U{
ztQKeWYvoZfZ3!9aUA7M*7UpKk$w9uAA&*$hT62;)izd?W*l+X#Z#?-yV*Y_Q&{RS|
z^~E))06h0!7S$5FbfHO;st8IGDup%F$GOlc?fSTe8Y=Ag5B{yo@P`{BD&_E`n6^!Y
zE1`NSBj_yH932mv!I^^1ie7=;)lQykjRbu5y&_mF{vy`e@fT~JRU=NE=~=!}IJyl%
z!le4Zqn-I}VSZ5E!!l7DD?gw#2(NJldK+q<;$Qqj=+CVuTa$e62FN4qhgT1}OW=eF
z&ENxYm6tUv(!tY^ez(trSE^Js8L2R<ISG$>HV77xT+t0?F!1_uDziRjf4#}|++nWg
z5OX;`YrBBopv&5>&*G9Uge6^b`GM&Dvi^Nmg&gOEe+Bj`=7Ma)p}HKQXxpGlqvB$3
z?)>ZFYBgRT7V&DPSKZ_CW}Z?%?B&bcI$j$ViC!jar>QpJR!67}#%qf~sK~xtXhkxy
z64ONq>PELXmLNVKS^L4Moc3x>N@*<?to^iO7#x{C?Io`U!`ql|1Tx=NGBNMaU>shs
z(69e&87doKqwc}j^lRJYCPQ9-r~OYJQpceDZSwk??0<v^LtY2AO_zsklO5ZwlWd)`
zqfUNKvj5?W@;8V5&oBLMH+)$}De&%vgI@TKSYXI$*jFa$&TZ)T@=@YSjevGKP`GRU
zmGsTXgm;*cD^)#<s^PuhHRU80Gp{AmSf6Aaz9FbMi2>K)bV(&gE9!=rc`s8IE^>!(
zJj9hEQYAv@WskE<Lm&DJx6g-er_P`G4)vNLNfaS#+x&&wLR+JE6};v>d0f0nRe!}Y
z-1NrtyVA-pgtHv1yiEU)?M$^lnycTP6P@N`eUaLmQeUyJt4LaV0x+lvM_Cy6!3UC9
zOJFc)O62h6?^e-!9<I6yoRToVKb8k3o0$XhtCkS~E^J9U>NS3S#WGY2+rn}G2l@_b
zXt;mPl-5p<II)@EAL${j3q^XW`y9G6qV9%aa5p!5XTttAiCmN!@k0yMskdu8^me^G
z1YBtMHb4&C$_{kuZTW?GZ_Co}P}1R1I2zBf;7f||*pFd21soA&2-HOr7oy)A+3$ts
zK2%@PHsiA0`B!3{<Ie=kvfp_K8s6C{Ej+a_k;vZ0ppOy)jOYxz=_Hj3Xa(ZIEW<;5
zJuDYaaZ6QI%nOIKVEjFTjD&kQ`oGrhf40W%f3yw#-xz9&PGb+Yh&QR~MfN|HN6asT
z*+=9Bv$d5M`oET`_D8Q|jgbz6FS*9mlaWCIc16c<kV$g?rOe+s*5cqA^rKg(b@X*l
zp-gK2)kS_sIs9XHQNi_PM8M%pT(JAJkHra)ad6d)ump1bAG~!!t_kUi`6z*34|?+t
zTKLr^@GH~C@zr%#5nmB{Vo?FBQwRJC4FlArM(ti}a)w~VtA$_Ru%=}=IU3XO8IG*X
z1mB%B!^e!DBIl0y>goi3)&KaEsKzlPV<Gk*^(0a)IHdiWq45zB->@7WJ1Y&d-%oZX
zuX$7GJIV{ayLJ+w$oN49xoZ>jauCS$jL7wApNPpoY{|7}crR=%QZ>Ex^g$8K0w$e?
zyx2lT?a7bfXyk<=5Nl>YDk-etT_{idP~j)EC-70nDF)r>*r0E%hraczCE7_YAB27l
zHG%s!>#}k;vh=~NnM&8EuOw8O1=vyD>_@S=VjXQ6(dl#do&amcXdJUk`sV<l8tr;D
zt{<9q+v{j#fCw(=)U;j3m4gU}&<de433+DwFlS}^5aPC0)BtRMCcg>eqrgNy?C{VI
z7~iXall!Hpp*|}Dr~CbIT6hqfTDV1eWfGa@^BJHhZtUQm<YY_7ZgeHsXP9WUO{;Fq
z9X^hW2GDC<iFVeT|0d}LYlWE1#qo~MB5&(p#|&fsz$9q-DYQ=MAP<=vYhr?4vHFT@
zsh`+o6Sdvsk&C#15QsX=S_|hIO(-yK^56lHohbR*!iO*=BMFfsbl}a>+R%2u1LOmF
zy&aO;zrClr2ip^!+r7{c8iUJE#{^FbwNnaDKF0yT8UU#1BO}^Lb-yd~ZNif_ZDb_c
z&%*ZwhoT`&9U!kOQ2Mdp9-xim&`+bkd~jZWUhJVMzid*2^Eh(E3<_Xuvl)5BU)nNW
zA9)=1NOtf6<2O*BLaF)R0{_BhIbP2`%Kgl)%zC(tWFEtjAxB{`)(i~Jltm&lL*H3?
zOV(S%1ZCQ~s-K_PA2asu;QEn=Q{|!;{iT@4Ce9qMXVq#i!Iq<bl3qS;{Hj^FwXbx`
zt+N`P<@3g`nqJ%E*6EEs%D)B5HTEnUf0MtqC$(vJYOteV9qVM1u#U}2Gne7%L<HWG
z8XmBx<B}g6m}jwzcKx@(!Nw0KTU$5K?>BGQ5I+oV_}x~h+qitHIQ;GN8H!{*ZXH^_
zk!`$tgTJ(H!YY4l(w&|%%xtC8w>f>I{M(%6gQT^yw)Gf)>#W)y<?iv)x>>b7%Wj&r
zttTPpY#L&5>N_SD><KyHZ0uFuPkTkrZq%Ai)b$FjHT&a>wiy{UI;HAycv%HnjlUH{
zgV!`(k>7OYH@&eZmK_jt2!kl1qkm-2kZ2z~<8TpSwc3+QjU$MP<&@JR=y1dqiX!er
zK0)$9nB2HNdGnO;-zkO0W6I1`zN6^4*KYMSIm-v)r3aqSBx#+m2{rH??TOPHe^9%j
zAbD;S`WjhZ@f3SZ7e|9^0Dl0?1IeqEer%Md8F6`A48NtvdCE%RThiky!%nAxzR!sd
z{yIV~X)O*rf);F-@g1?zt9=Pzp=ju=Fc1Ng4^UaFV8)%~*NbNYm%wOGtiC6Az89M%
ziuEy#UhT9Ows~*nF|6KvnQs?sV;ZCRR_<VX_ub}1R6#sp2m4VXc<#9Xf-lxWjX>~w
zbD<2*Y>Fdzobgz1r8{ymb+<p{oi%?=XR~u5>x8ne@U5lTDX}q^iY{^9pY|rEwB>Ef
zP;B|2<p7oLwDN2W*yKp&r5FurTV-YMzY+zjXDcg*f^@yo(klD>m4BAw9Luz{C6^-*
zbgLW#$jd<fUOF655^iPtwRe2lQDY9eUftl}`+M2}grt<i4e86zvMx(Pq&$A!1aT1C
zIC6kI14%%c2M@W&JU>S?>LB5EWfNbj;w^k!l`X+v+tj-i9&A=GNRK{*VDtn`y@s}n
zQtu>9y`R9;YnU_fO>0qi*U})a?yL0`wn)_m%FtS_O>5zX%fsH~`}icjoUp&7or!<J
zllbygWJK`*YbA(oyoD=mtzAhtwFny$j7<n24&Vs94RN8?Sp6&fg+v#^+(UU;u$j8f
z?;HcQ&SL-NWBBe1m&de2f5lT;G#50L*1jepdbL_(8g}%;sSfA<!6Of+1Ryj2AkGYf
za4+tAp{7wy<y*0EAlct4*vu3XvbIx{zb3AN@V+<>S;IwS9Il*T>kM`GIJI@0RCOBN
zY7RxNWXYSnFUBMsG+NK!<@ajFwR{-MU)ZU|m>fUtd<!29oL&*<TSc?_jTIr|w)3Gm
zoEvgqjKwmTGk!}||BX6$Gf(22F~s(1r?nl%P_UF2&g>$f&HOE5R3BP8Pu&y)@rJRz
z!xF^10W<+dn=V815*>gfR>QAD52E4t`NXmG7HRF`K|M*VbnqI=YC>>&=(VCzuLifa
zCwV_9N#$0Y7F3H*TD`I8BeeFnnAS)H)OoB`ab6AN4c~=2vF4~Y@6g2)Y{J?BZHJkO
z@04#s9$6x&azWu+l|jg+?xc@#WIy@;oT8@?qUY95qNm_oqUQ?qf&1>yC~B&XTlJ6Y
zM}(#pjy<!K7tkT>eRTh>7wYhL{Vx2%cI$%k*M13Vzm&C?H8EuU)ki~>f_qG=pP1t^
z=J=wO<F0)?bry=5c9N);K$uQxZ2NwMzDjKx_6fnwiWw)lePCD-5yG3o<acuRusG9R
zgN2+4W3nYH#u#4hl%-)gDx~(Sa7cn*ZYNQkTt5!6za3(iK|&i}<6uJrcC!ITtOi_-
z1|-$KtGVP#kYrE?l3XrG!t*(fMlq*av%{4_s9kVHFS9DzvHoYQZOy3v|Dkw6{aaXn
zy1t=H@BQ!}rv7(W742C6F&%@=-=XSpSDFFBY&r~^p9n$Ug6=HyW3M(0o0j%i&NVpu
zMsQRrE0<_3#{1ZnZguR#lnkky$q03b0GXfK<7A0nwx=A|Ii*)KjFnb|WJ)vL_u}cq
zc*RkoX6#6(`JVXKEo3jw@Vxn3tASFr{p)kES~ZRqTWAz>(#@}54~*I$lrVH4Q$#U>
zC8uM;j^p$oSZMT}d=O|Y8F?~yN(=nI-x!NjXrfX6EInL(h(1x6+sGs$kMsCQuA#;v
z<n-33(MWghRGsZ_P|vpk)OhrXes2F9irt@~p~%M_FFoOpMa!|9I}~$Fx_}YLd<lmF
zKt%?9$dC3?j$jS^I?)B-A#8A#z`+!r#TnaUT!zElv`v^@JlK(Yk~63=yFD3>5Lo<m
zuXgZx&?ZgcYAcO<JfR=qbkv?;xJa-K>3I%;2D3oKXnxZw+u9a~bkvp(iOQL;)5~8e
zJXroWDq2w~)E#<ECR0=P+ob4YlJphJ57I6y2z)JwBDCmS)g%lxBnq~~d=vg4A#jMI
zeFTE8>boowTXrg2T7k2a({Q{mL6NNg)H4--iBiLtUp9|B?Xy<NJav&b0N}job<;iR
z>R!ysCyki|09PSHnn`k~S^N#!)pZr{bv1oaxU9|9N2KKAMn32kVm;#DmD4@hUYKHX
z(icw?2*^q^^2wA$&6rrBBInwc-ot{>5u^N#PFWH7D5YGg7j9VmCrg<vNO3=>3N)kN
zE;QpVF>j3a>!mIpVEmY$^ThM0FmWxlU&tm0_ZFeAmmvUzy1mtpGxtTw-0k<t>!M_N
z$N|fNo_wJU*{Ec`fs}5hEPu&_6B}lyL@E17@~%pOeWgSGzqa}3ocTW?x)AE-J6s@^
zA3e3FC}Q?xE2BHm%6Z*?f9Y*}XV=Tv#@j{umzwc?1iy!GK7oVb1nOPiM1iwxoF#Ce
z%DegWVcY>R5Ck#?`r)uIt>t2{!8rT3HcJOYQ(%rw0=PvB>vw{PcfF57=nt)^FRUS%
zaf}r@LeUd;D4xEK@kaa8%FOfFpQI``yD`}YC8<xL4F#LU9pWgs;KX`%Fh=<!@8Lv~
zufgMKs^bNuN>krUi;lKlks?ifD=j(<30|PkiC)X6Ts~ciHcprt?OjmIxM^6OhDTOY
zq9TUTe~(}aMZ<0#Y%<-8(>FL)lROUs7@9daQQe8A)+3d7)!;<iV~Cq*yS0ts`z|)x
z+QtAw)=H$|zl70Es-kr2&}iQ5fJO^_8^<v#cg3!F<-F<(&ms>jl<x%BvS}0|#?0N~
z1wL@t2ajX>jR8#-k0;5nZ8A-|LJBHFURE+UnwKIAFv4pq;ym&r^2n^Q2_E_PKVVYA
z!M|z73B?L^8SmZ(ZlQmbSqR<W7h)p}^}j%)AP7LV!0H%m@kh+P0sV!iP~Cw3i)Zl1
z907Ut_pPB<pXjE%Ev1mrA97VShrY+#7)BJ-N^2Y0xn~YrUl<bt2xosZ;#3yPeH&Y;
z3SW|{u0vw|CbiAG_!4!I^X|pl)wc0VB>fJjdivqYwQAcVOM6Fu$Je$;D*szO?Opuz
zvktZG?#2J6o}Rt*iRcr0d76GFmS87Ar7(*tMN!<DnDPIyckb~~l;`5#O_s1gbb<zq
zE$Ui>CUP-R6jq{UNdmL50TfiKpjI@+q6J}BP;P-u3d6cez13d4wZ~hvr`9TX#e@I}
zDhgN;K?StRj4KzVkOYMMzRx?en+;&wb576s<NOXE&Ca|t^Io3!d7t-rpDW6a=qi*a
zt0G&hI)If56XZ4jR$?;}eV<B~097sFDC!G$ZX70b7q;!nsi=?Vo-0w?4oJ}CX{YG(
zS4jRTTg#bAF}?3B(oMHEbhR<;X5(%_;f9wU{Tcgr>K0?38j6$h5sCi+<Fttam;mL6
zDRc~b(Kk89?H`um3wznWZnit|n|z@`NWtfxEgd<iI+Cx?Z?HQ;NNkIafUc>I)Z@UU
zI#82;C!aRf*p3xkmM*$Ef2t@lrmvT_MYe%_^fpCBu{;wQ1~%fIllO<{fowW3GSVTT
zIf~6{XLQ)Gr3rVP+5we05Vek1!$HU|5`{s$Em0#-48yve{UA&Nf$m-5&c$0SQIx~-
zO;yqhvelT~pzpGu3OJNM9!7fgX79C9x>7hMHty?67fs55-XUHXo8P&#W+%z5D!$e#
z-Yi{Iv`EM5;5u(<&3;mcNG0u*)yLN3^lP=i&}Cl3W~tlSJ{j2QZ>3X_cY<9$NxmL3
zwv+zEeE4m<8`1|_fmKtzJZwG=ZE>WF*bBcU_#r{~WrEX)Y{Hw!BGO@dxGJA{vwC-{
z`EQR4LtC0IKg%huiyqF@?jA!|;gi^DlulTDXcuReoDe?S*jLgmd|nCS(f*Wa%gVAy
ze4^Ey&P^yj(OU(N8o7yJ5s69KvN0J%>Dq7p;kRrRWqQ1fr?ax$w-I}TEo_k4={^S=
z#M6^Od6Bi>3POoNfLAmmjf_NFHa#OYCeNJtm~<#hCUe3AE*A+L1m%M<krod!U%B__
zs$_{vEwfcEvj{zkf@r=Qg$G<P!1UtTsQNEF&w_J!OL4aBuK=ELWK1Kn8$r!tC6;*=
z^#={lZedsD8<zL954B}`WQ>B?cRZTv-5WTCOVJKmvSdq9!!e(tn1vJ-O9V$EsVIZI
z`Wmmwz;gfXJLlsn;F~rdBe-QgPE4PV^C?q(llds%CVf7(r_IMHj~#nHBKI5(#18Wz
z1}n+=Fds>ccrEkDe8`c*2H5QS7PH_OmE}7#GGEo>%*gJxz4nZtGL`OQjnvp8F>bU4
z=ki|hPKiHy<b1sOb7?(oKJYsrRy;obvp1wo%V!U#I$1y`1=gcoOp7R*?P=*w@pny2
zZ(fyYne*Fpat(frK@ilw!Y_t7<uy13wZ5;m=DgeS#A^HhA)GE!=akOHb(UD6+D-|?
zA1Z|f^128>8l9KzigYH+0#8{X2y&bR3po5u#i^NnLEQS{KrB{vUBDPNGgdZ9@-E=-
zY&PG(=EAl4PT0BVG*vFjN~>pP5Drb;YzyV!2TAo&Kg3U2Q;a26Cwr#Oaw6XFiBg47
zI88k^|MZIkZTtDk9quXs^O-p`4u4Kp*35-hF2k5@G`#PC_f?gJU+b}{<8=219V1Sy
zd?T5!2-7#eUTqp$a6M5}`Q#NBA$D|QiP~Y3DI=mQi|imnkhBghK73dLUu`w_Kgu-N
z`VQlp;{Dc{sO3`k%CFlxks{_Nr4N|@)ixQZz1w{&G^W6u*C4xHdA_sVg_GMIJH&r>
zy90+@#<TfCc#(dZarPIX%j|KN9s5AY{w3eo`xlk~n6j{c-Jm+?>|ZmF6AW3cBJ!e-
z0pHobrn<tXkvu?+<H=Qmc0%yCQB{hl2xXg8)#!4&@tY}CuePJ=y&L#OzD^>mxt`4>
zSrRh7CXt)jf3@s4Xcnoc+?a}LeyZAY3fLLVVosj+*tD8ytRlA2&R|lftLk=8E(c9P
zFFAedL}g)1N6MfU$40d{0xz*=xdMu9{)ua}Ib;(k3Qc5eon2bZ4`f|3)mQ(JVt#)|
zICZNVg-2{*1?JN$?KihSyti$M)eYt-<z4>v+iCu`^S61>GATE5Q#AAhh{&mw=x4D}
zj0aC8Gc)+oz4^g=)PK#}fPr54p;j|lMlgBBAfkKdg+z%T@E+=DNrp&Vz>6z0M-?SM
zZr)Z&K1_KvSXe(I?jc!)#18bl*DkSGqGL&QI!2H>wrYBxp73vVC=nv2PAq(h5+L!x
zhLNs=HfdF2UtlnJM0~IZ4?-rL&I?Z)G_K|7FP(KhQ1QW9ReZ2ki4Qi2y5Puq@dN27
z2>JJFH3PU&=f}aOPJOB#|0faRgOOhgznnhU?VJc9MK%a`*SwyX3Qc@W;K+HfY;EDL
zwkvTq-`Z<cFf`hT4R4$I3!p26WYh~CeEnrwv~FpW!zEH@1iB5W!VngBMqT?oIX>HO
zcuUP^Qsx((R|KYrF9v}`IBUH!&=&u(zY_od91urX2_8HxDr#XK%{vv}y~7L_9{`4<
zilALuO&w2y%ac=Yb>}w8FRSN|QXqQ@X~YV2_dE1SAxrZYG7HEG-_s{=7^Gu&QuqOO
z>d?fJbyd-MSsBxQ0HIu0D&Wd9PdH%DnrgMZvLKnoY?u=y8wnYXU2U2A<Th-<8nJ(p
ztPlqz;%KyOs<z;#YO|WzV&30MWzk`I1a2BtWL+u6^H=5oh!ouvY31ET_S$Lubt>px
zGTxmzQO4{9nNtDd&Z9u$iwrggQMru|Dqh@BWO3lbNbfQ5Ar&mnL5D*vNpx^#G-*#u
zeo6wb5gTokFS%UO*P34Vj#hKMfLSfHxAa1BsQ~GEZBZG~GEb`{-d^%cS!hEGj$UZ%
z>A!!Itgi;v*Ji!XNonhgm?NO)5%Kp9v%cVQ7o1Jg_I?ucn}ZmHgvrC|mNR2L>uaQ!
z4(j#l?Ti^)#7s|u?;SpBaSioB!ia`)O%iF_<&&ey$pG6HB2-sw3QK5bc!mW2!j$mk
zcEeFzCQXS_@^ZW3=nDOG6dqzq*rdBzEQEHmFeR){Hyq`IG*d!InFac^W=uaR6u$+-
z(L>4zw3iA09w|voN!(It918k(E4xv>i)q^rj$rpwcB6VTae0W&i>;~pBz&<Xeu#bo
zcIokoHcKQ=sq>`Ri)uA{<e9P=4dYlg!W;6phCkO&uO|h0_~SQxd|;j^fz&0Rn{esu
ziDfyBWqCZHO_C)g!*LJIgF?G!cHXONXV)cq$Y|GF(QR(MOOq<vtBtGENk+fk5>2fX
z1IU@0JbQmH(bGrzA}1zpl-qT@y1_0AkKL>NaJ|-l#f%Y^1_bVSj44~$k~O934#owE
zuK>wUB+z0GX-!*ovZD#-%n_Pll|n%(S&D15+H5H}y~&y=ztKaP+C6p2XZP28>$Roz
zdc5zXz1lVP=6kQWU3;~h<N8$ZXwwSl&G_|ntM3ZugvTDP7uQS49<6`9u9bbQ`}gs)
zPw3__s#gj00JmPdDv}#Ky|KO9k@GE`1%K28icfd@1b)!|fmV~J=mus4-IO{AKCBt{
z0t`1zt#$$%rn36QI@7lL9U=0Cq}8wPH>Z6d^U%ctt$dM&;tkFFaL?v9F;yO3)&4N7
zCu>fWE0f-4v`cB2q}5739V@|~)Z_Gi){di})?}Ku8?mJ*9Q2Sl56yEwk8#Z=dwr$S
zt_XJmcToGcy&|tOKYk!Z>1+a&q<60>-cHsn49rlVx;oMw?+-$3f~*H`JH-+YGf23(
zW&S?FQ|E!UP}p-V`Zcg6Z3L#%b$=f@!MJON`poxVvS+{F+<!3pE%xlU2BU3|A>o2W
z=Wzs4kfI}rf<(ZBB0w9kA!iend>N33m)ot$p%7_A0kUBZ;zT~<96dga^gOROMZdme
z|A+LGalf~X{Ut-!hBTra;0NREgVXHzpAF`kY9Nv-o^AnW7*l)uhck7h_HMZlde4yv
zo<Dr4I@QQlN!Up-{!ID+nVr9Z77%*IV42A&rjh#~bHkDW%-XPxA%m<y>Ei0?y>Xeq
zEIln;4d2}@^)!|#O^<aBE!fh?c6Lklv-6Vf73$LQu5hk}C18c~O8GmA7(wopZv|w9
zREdf|I`JrXibN<jCZ|%g?4p*@<FjBRhr{^nIeOmq95rwM1Thb$<_#}^I-DQy0$}30
zK&eor)F%on{a;VZXEO|S5$O8J)?nLxlQMOEq8lMq#H4z^GO5lSj<r=Vb|HY)YJ_|R
zI8IMzJ*_5iy+GT*tH6G`OTl6o>tT=BdDn-!VAy8)!j)oDj@PNO^CrXzA@oY>St|#^
z0pKfk+b4*R3x~oPB<`7(6DB_uQ7t$=<`Rwj1l?du=mwX>-Zm(4kLsFTS2Xc_$jHS7
z{6NsCSC)<vkJ9N+_<AuG51qaTJ8`WBy*n5KKU%VamRm{sNoSS49M%A_E^ukd_HR|~
z(;1q~u9s(qePg%(TUuOUx0rY!xmV)|bm@DTRNnpEQT%HA{teSP4)~RGvdIsMJJ<Uv
zdDB7jrhW7cgQl7V0>F3~WLA8w$l41Lg_nk}dsB&PVIL+R?!ec@rWfg%(+db1jIBCn
z>H;&AB?w7T^7Bkyc_Yc1>e$TR;IN;1^A6#F2s;UDzTY`&tWOMs-F?2Vt#i;{`5j#{
z&3u~^9?he<q!)jsi<B;a0~Y>RHz%Db0f#VP7NuaGbvKbzk%Jfo<Rt>^Jeq_?cV=#5
zsT?2>zn1#scXeq25};82aaD$1xR^8_i}XH?rG4cQuN2v@403Ux70K)fL-!k_OL$VM
z-jJl(%36}&*OS9boUsJ{xrsQ*gme&z1R#M2xT6!P`l97cUYx|sia1o-%a)5=)rz<s
z+wdAw!0`;8jeKf0kFGa=9*V(7+JGW}-2PFqzB@+62kc-4c*~-*cX(MB17%%k%P!B7
zHGK!i(qOz20p$TVDQII|0<kRrIxT)9<wX9<<9tfKgYNOsAmo7c`rrZeTFpu-&>tjN
zUVRy{O?Hqb+nIc*w)lP!Qdmw1(G?&{9UT2Srr4SJZz4W5^CFNTKL;8!tw6k4RSn>Q
z%)c|1b~Iq>V;)BJCe!~8`V3ZQUs^iU2#{pTNDSMQ&5bi*<xM^tP)#yrV`a+5HWe;L
zva@JxQy<=QX05!*p0@HP=4~wV7G~bYHu*8bWai47N~IP(T2`bc!kWfL9V;u5oEjra
z0L?fg0J>{LZ0wF~NdQD_tW5T1Vtz|L3cYP~&Ikk8lo?}p<cog0Y|+>q1wa#nh>@I@
zvA(PWa2yj#neTF$cw`~g)sXeoWrN(usJ3l%fxMU_<_nI(yq86`U&$;eJsr_lzN1tw
znA=;j)Dpd&i6X8dZPk}nVGb3!)M>e|C1#W(Vtj#>lZUAV`^FOMQ;nf*v`<D<8k~56
z3IT3-ijA?wUc1ra>_Ak~FqRcr*C~;R*u+bKb0VVsfxzo}{PH~#AkveHHr$Us5g-y8
zyTnOy&=?R^scUs08~BpkojAjv6CrZy^b;(xFB2AvJ8i+A)C~b4zjXBPM}OZKaF$2F
zULAp6uEv0m?^u?BeED4+=u45BYKlY<Kv4-rrE*D8x%{pUgeV&A6pgiu##3~iQ*?t}
zbTdU$ouaT^G@C(K)w+MZRy!VSw7mojcl$z5F1Ffxu@Y?GuGw!{Z0$2Wis|Sz3c!Pk
zeQZ=3UDg)fQQCGn=Y*B8>_^OgRUkSiE2F)gX+CFqOVJDnuaRTM2ms&S;u6*w9-)dD
zK{NPeKj|}unsMI}dcB`jo0gps0t35MxRJBp)M;#Tx3`#GsgO01*P^O{ZP34)79F{2
zV`H0;4nTA|iL!TMxCxXZ!o2$%>s$1C;<dtw8JZlD5X1*K;>!+{rqB`bn<C+l`|Okc
z$FU>$-?aTJ8K0dP$4+$iIMc<dgK`Xm2sr`plhMmLFDGNO-^+6PSHxz2_YdM0A|e?Y
zJ2EzVf3@@d2V%2};H*71`=56(4d8=Mgw>2@Jgsmr$Y!q-QNZ7c&3?Zc9dUB)$nz6e
ziQg4;_U}fX|N2=O9j+S3ip{RVu4B6;vNdWyc5L>10YNg{^`~FJ6cd|WhH1Xf&3`mD
zd#lWDdL&ghJ1Y(f$BfM$rh#<uF-hh&7y;`M!0}zN*?$5yS|WA&2k~@6RCHvB=}a0t
zGB*1rX!p?}rpL1J+TnB+KTbT=|E_rKQ$81vA1fYvZvhY6A#?k$jmQ2rO}3Mx|B-m?
zK@9KJSpJLg*aLsHq4j_9*i-S?4}T_Nh<|-N_Klw&y;#Jx^616Vh0_0>@z{S04AkZ!
zX<Ggl#$#VWh;+4mNDh(q@ukIM|HDeosENl^Jod-rdaHeXzg)k^by__3Ftr^c9{U7o
zgl+M~=>KRu_KlCbMcwwVjK|)vRV|4<|G&m#znAg<v+>x&D?pIvANe1R$Nt&x@Sgtf
zh{yis$HEHzUp)4|6OVlcAo?fbu}?rzZ~pqB4l*y}q5~T|u7;F;#~3IHYl+3K8>3L@
z5A(?huW?v`{D`e0Ca^iKm&J5gD{nGJ^-YV_p!8`<{tm_VStsz0${%cQ`p70ik8*4z
zxIwso$T(ODQAd=UBlT7f?itxi_%EM?#NMb9?IOY?(e5LBn0P&@;%qc`-=7}3z-~{;
zpZALV`I7efawF#^>no(xC#{IO;CL*TIQ8WP<8#pg-IixoUSU5tUv+U)Qb5?wp{etf
zh`1$C<Z_X<5XPukbvjq8eVhxdW_(K8`XD!f*lm5yr|z>$k!K=&4PPL3adSCb<-{iS
z5@P(|6av!=M9p2B1u_kRSWk?_m&5nE%*j8&pk#7hqEbF6kIn2Ah!1-s+H&%Y5}X2k
zgcdOUm{(!0gD2NkvoclH?^0Do-$ZZX)OHHBkvlD~dT@^!Fw&fl&>Af&bEDhv0f-zl
zV7}+v&aea5PH0eJ<mJUPw%8h$S##1E*0lI#qdC+ua6-#`M!(6zhKL-Y=tgc9lXvw{
zb*o!j*u-6cKv;__UGYl~RUe?}MJYn~mQi)ym<;7u{X6xNgq^4+cj_5|SR{{#{4Nh+
z@0F0A5cNJ@VFq`b-%gY2NflR;8R;qo2?`QJYWL4QU2^a+8)d%OfT!fidY-6E5)+Zi
z`d7{VtD}H)CJcST6oHw89>hnOnX@{R1aq_Us>+S&8PB;BS|w6a;I!5J{1(SnEIspu
z$fKi&duWf~m7TO72pTQ)<syFYUGr8gG3pVN^*5T<o1u7a>9AP#l7N5xyv}9*u}eI2
z`pEUioY4x=BYH|J<DO~)S-veXYPdztx3IV_=x+*YL+Tn3Y%FP@zCE!~-uc)%wOukV
zJKEY7_K_hqJUCH7;yG4mxL|%O9ARnXe51aPCcgfCjQV=g0@X*iA2wDLzKM`C(t{Qo
zlFz$6<&JoyfXFZn?xrKxGn%N_ahH(AN}t$WBo}vGBNGw#Tt*bvj8JB$zB~%Wj_b{j
z#c9@Me8cejN~kWne;d)x4S(aj&H;b9;hA$5ms=5v6@DYnD&yIPu`%&ZrN4f9b|nJ+
z&ViWU-#E8RgFNBY<^U-_|GA+Sw#raff9Fu`=T96l)O7n-S>NB5$1Vx%Z*+&dG2@wl
z*uN<<BYLoFq!8_8Z}I*PpJuPy3qFve5SqwFWqgL?uKDLG@bEnGg(Xn;0rM{iy2!5G
z&wfA4em@Y)6|WF`p)cTr0Ew>ogdm^hy-0+fbEj;%?C;*$sM-n4-*Na7p<Ip2bAhqc
zU(VO|JHO{0BDL_)oMOni`=`FZ8`4?h<HYxuKu3MXE+SJ*=NXHlFEU(X6-E<_qKCRh
zaBd=&_315<&l4LZifRL~UL=(SS3)jNquYZ0Gj31I??AjT<6!I@yYYT@2MODp6Y0(;
z%a0cv_|km*MxY_ah09N{3+|(Us$`^3BkGcoUL(}TY3W5Zh^^*vwA4;~S<m8sEB5M#
z?e<=OKaF5wGkg)%(hB-X^Ro786*$Pxt}5MazBE(1UqeU49$xBW1a^J5P#+T+I}xMq
zu<EbuNahze(0#OQ&CA6$$ozm?r}JO2^p5O&i|W)?b2ROw_KSlyGUY_hwp+@yTar0M
zz@z4{y1m-_sWx#wkwNCKb@_l`AN!+s{*uBovBChbq4sYizc1-9k09R;KyPsR^xBMc
zfI9IfRmi*8IYwgsXI>D+ZtHs0R%7&_S7x$pxft@%;FgJiV$}T41p%d45Rl@P6x-jO
z&37~^__zCKf`9A^##Rguk;J*oZ>0!!fTZ1hmv@trFDU`CIIfwGv<NWMb|0o9Xl!+o
znTTcCLsZVo=Dyox3d<dThGZ^NG?45-`@=ZJUmR`gIZY(Hd5tb<SaC6>UhHi@<Sv$J
ztcva{tyx3LxpIG7<alk_NC-Sph*aSGXk#nt@EL^L7@C3ehIe&VXX{Zuvj-S_FF6V9
zz6^cM^)NQ1qR$es%48q8k=RBtno@rFjTJUaGsl%185)Ysfv0IB#&v23Ycm&P!mb+?
z@F4TxL1yHcYbq6F%|FqOD3!@ohg^Fu*7Dg{&LlcJWhm$b5+fdiY%CgzBjWUqJGV3O
zlc`14Y(qpK<}%h*U)(ivd~9T1?V6ch40khs+1%O?8`-ON&Afey{Y#9d3M}I8vZL3p
zAst8O8J&waSeLVjNdDoLD($CrRoc`#<doA|l8PyjDoO;3A-u)BlXmYg3HOTkS7}q4
z(pN9@g?+@7+~?%)_~&xu=Z5Ee@^kZZMZCSIN~`*&O53urO54hHg6k>kDSMBy&6IJS
z;Cjkx%2ragjWVtiTu*tEvbB_1lyOaNb;-gSZOn+oh!TELhlY85JFkDn>mTtt*9ora
ztX9RRTWDr0*9oqt)bsz_{4d>D$FmhYlWuT5b;ZbIe>AoJa~|+U6>n~#maSYTxSqR?
zz>QkX$%2r!|70LGV2OXVHj=;)D~M#VKC-L9h8qE1YQ@Ya5lx36_U4YibNu{@2C=i<
z@k%jLQ`6Jg*5-<}<C(w5_wWqbFdsfq)B-!qpLq|oq0)6s1e4CpQz;eHcxrk&Jxt~Y
z#z<Wc8t+I1Fv-(KP~31Qvh2(*jCJ~8wTFZ|=Im4X|9coOvgqo<ovH`*oK`HRjP{C4
zbhWR$(h)4Pvb63jzb(puCq3kFAlBJvi0&<|z(1pWlfA-ryelgVZ=1&D^0l$qyzyFc
z62pA;3h*b7)mEO*azmuRauco<JrJyCctSeM4?|j}dNwS{(+O@Go_zBpTsVa7M;()|
z$7iDHo0?}{Hk`s(Nxtb{C+lvTv+icoP-@|+Ld=oGw0pxtvhd3D-DDi|{n;Hrn>eqF
zq-MWUtgTcgEA+T%V)K3SCkN$dDGhWw;f16bGJYqq9<fy(aTP8v9ip+O5W8bqt?Z-C
zpNB-@9LD-ygz;zS$l8~)TOSQo`-Kd7;n%z%#8-W?XP69gtJ!p`qR7(e2|!kgUZkj<
ze%kq<)tTmyJp(tsqi9@!q}VbGJq4MzPhh~YiUL+UNvR5m6^{e!8Iry#@`mu`W|8^`
zhnlM~wLG|I`W^f|X?iXpSp$opT89+#jS1p8iNPU*<j)w+1fx6l2wmT|R{DjX7ZYMk
zqWE118sXNNuW=kbcLNl(IOfQE-FR!A!m-hq>w~8k_CeysBsYzeS(vJydQW*$S#u>i
zD{6=ju1xSa`YAwoZtC7P$3E2_^%T{M<nc=l`m6CAcgti(W#19L;s9|WlI>jsgQV=w
zI#H!i;|WyRVZA!`P|1_xS~{CVOSNFmvRmHwwt_bnE<l_0>@ug*FrAbUE}}&)mv@r#
z1l>xWSVj>l3cOzv9$M``DH70Q0q(F{oX?A;iw7>wDXl)79l5IdKz6vQ`amvA^gw3h
z$9fDe4O0B+#_jw+!bg*4j~}tCJAJt+y)Vi=b;s4IzI;mvhxXA^bL1o%$qi@mH#5SK
za)i%px{k^)WyTHCX(I7<inH57?E?Jsrl|eMfe(k<b|T{RWBXf2!sOcaeuSM+5&{#4
zVX)TqkZvkYHR80g_NPbAhaK;AG#sCKoh%kPt&4A{QRXu>Ixc|DqEd4Kwc!TOhW%Hq
z=59(PC_iUf_BnxXp!(vTky)IZ)u$X_hh`X=Y}0uz?XCyp`Rc504p$INnydt>OY(Cg
zRpRTc_<-^9#K+6RNtyHS5^f2<i4-UBMuq+4Nr6OsXp#*m6gB`<7T%^aA8R>fUPWE&
zY)B}dvIhAeWUxw_&9i<fq-v-;(M|3Op{13wo)mKR!LOI2?J8$K5@y~UCT0xjfZ5L}
zFA12dtx52FN&eZHKQs5pPa4ubF)!eYqyXmo!RXu^SNLqZ{{re{|4AL1JbX)vJUAcQ
zlsZ`&Y#geXDL|ha*^2QxD6=KJkzyaUNC(Y}P-(+_5tdF8$4}2QXTx*IgB#vNbo5Ns
zlEs}%GQzz|Iz_%`Tj*n@hHNVaV_5CS0J5UKfvBTKOG9#eD&CKAP<{4OJ{ux_iy6}h
zT`(Q{@QbT2$p~L*egI_*+BPRiFTzMr40!1p{IuPJ=XptdlMA$ElQX1Ck5OQ+{^llG
z6T&j9wGU4j87D7qQimcA;#CIDaPix4io?+JQ<YROdY9Xk_{cfg{A`U>u-p7(az}J8
zrIMD#nkBqDA_;*-jF=YQ>efz?JZ+hd!{(ZBKef||*x*w^tdF&2Gc%$)+{T5~t)B1?
zL<E!D$Y#s8(Ym|_ZCPmsme)pxJzgTv#q>NfT*gX$0L}5Ya{P-2@fG+~QQU@uVyEzN
ziQ*-MAJ&#~6FE~XUT1iR8@;~8Z3L&!q)X_>bRzjycymc+_^J|5<T}hWjHbdpa|hx%
z;s08zl^|jYMJKL~^<8M2kv=D2bT9~!8NwTw?MQ!1ydje$vy-_v?JY+Fv^rCgP}}yA
zp?L4FUfzL(`R4qBL>~wCdOVVZy@0uM+@0j#=sO?22XuzV#(&$Q$0s|Ut(XwqLaTE~
zNSP7&(0oBiS0n40e@Psfewo_BzIf%*Oz6#!L#=JE2)iSjcM)t{^ijmKA9Xp<hM#4Y
z5b3%*4ztN{em&fpGJB=#)=c3yob#+!8<edo7GW(_Byms46MiDJq}l94N35Z|qxc_)
z-$V?^2Hb6DIm|Ho5_L^rQTsO`j`LT_6drAGQeX~{K7hnG-;|DV9r78>|4Qd$48X<O
zq(Fl4DZfK@_#{1qH5F?OjP}M7G_HP(jD385Q7C><VIQl_lEp6evp8nmwC<VT|Ni&J
z<w&2%6M)VAwovTGZF=l-GwA<|R`YwdOnoBx%L_lnCM)x%4f3{s-JF2P&B*$^Qe3OZ
zX3FmhY*aC;(V`MiLyu*}5OY+xj7qQK*ebHM?iJV;ttyg?C*H&oF+%f2=WK$ipU(%N
zas~c|vMbu_iNOA<&lUbgG6E??t5_GDNMSBAYZy1(e_;A~l|*%{-=3-DktYl{a`#|;
zh{agNI$ncUS^+8HRf+N@{w91f?Sok5NAXMHx-+Ji1Qk~VGby2GawU}P6*tg#wh9b+
zwknb#g>ET~Rnq##fK+dI)+ciD9*gu5SKL%-_PPoJ^}}MV%qx#oYzhs&(bQ_jG9YUZ
zSV4uL-j_=`LA)ne`RoC(QUnx&m4kS+<wmp39Li}U7J>RSntf&-R)}!Mx2@Q4r`1_&
zfk6r^+qkHlNYbizfdk3e%M1D99ld#D2w$q`j!dn_mx8Aro3IWp@Gaor#ua0)0u*bE
zbcf1O=T7QM+L7ZOw3ZKD9GLni@!tU|tbOh`x|<Vf?w(W;a8||f@<H&F$p>Te*eQ6K
zQnvE;(o_{tJyjm}6hi?$ppplh<k|NJ-TQU-*VX~G^RbVIVm>f;N`cjuprRe-*Q0@H
zh^Jso$hgrgHzJ$F6wVi`_$WTwZCw5luFaX+!ap#C;6%^Dkh`S~l%BIL7TILJpirrj
z`wCO{V`91&0b=on=$wx-S({v2pYkX9c2*}iF5srV6<p}S(oei0iG>|Ys7;~5J+WI*
zXtWe*H82`r%B*cdHnESMWttTYkj{A7IzcL8WRx{w!}c7=S!&$8J{N}HphT9YHCtL$
zII{W$aO8mC$fA}baAes;aO4M_QaIB2HXBFUS|J*-_CeM50pqNbsZumOL&Pt!R^(dH
zDeEkLSudg*@*fW8aadq{c9#>X%lE8cM+ZI}B%m!`a{>1_Pt9K`R40vOB~D88Am~B&
zgeJVY&{lH>{Ya2G9LLta`68$Bi-)V6GjM2;Sl#1jYi1HWGfneM>K5M<|Hl#bNOHvr
zaWHcz6_PsXhVM8(kAqoUGz<`Njt&xmnNXXn-H?#t4aGb8yM^e+#<!BL49n}VWF>?a
ziXpbox=M{+?bpH(LZK=lQ2}F44oZ+*pvGETl~-x}6pWUSpo-w1RD=Oq5lEI@>2C~Z
zL$=D^YP?x)ywB+`=x^3)UV@4Rj4yetMYqz*sMrmMT$U1%34c%-%g-mWg(sga`V6>Q
z&e;TY2>V&uY-}xr<=jl;@|LxpizU3G!YjE;JmErgFeeKQ2q;Gm|N3z6#JtoC6~!AW
zivLPsPU0sO^b)_@8}fZfJjP2f&{1@yLi7nkxd<8`mK*B~D-<sUD}RWq(<Yo!nu_bl
z7uaiIU~sP*t#-XE5D`52>my$R#(=THSZ{;Cc+2WU-;DJl@7fe(q&2%B8zjC`*Pn6?
zRmY|sP$4ru`8sN15?JNq^9O|{?ydAU&pkC5zsAk?5ay2wmuKb^YF1<ygmLw^M68kV
z?0s~U0R5K4&&JwtP$4QyCb3f3K28PXGS?PdER-*nRav+yL>d%H<-J^XCizFme^ers
zZv7Se{`XzQUUs1h)=*fd?Dn)jg0Gmi``=>pAEw*{JK+U@r`Tp;eh09%mWLS4Xx;yw
zw(uM2l3=;#W9c2Xgr(-MmZJ<d_Jlx+(d;ti63P>O%Pr~!H!vQ+($2jaCIF;YF50<G
z)Y#-TW;f+DmNzME!>tYDK`^dx7h1i!r-Jr^tq4MhiS%X2XfXdAwXMoPR;XNgz8*4)
zWQ7@%SXWayH`Rr`A@++cbms`1Rp7IRKq-y&wROok)M`qBUUFuw^MuSsJLH>`wf9j4
z2mJU&_dEu#v~KPZ`5r|mx#$ZJ9)ArxL4dJOwnp%<f)z-NT{c2ldOlgud5N;BC6z}1
zO58mI##~m~P-msBW~GT?sxmC)MS)WRq3T#*xOBb`%DXH5f75Da(G=j|i5A@ie22$!
zKU<u^fkOpJIh~TK=p9)^vk=jO9vi~qbyW|_AO-@rTE#l>4d_O4EIB|HZ&3Qvm^@>G
zy@ACQuDJfU>eepPiMq90MFZGqX8%Z<JWx|7I}2T8Kw9l&us?BCN!Q45<TbqlgW+gW
zPdUMek+ge;7K~LOC}$D1<lc5d;`?%|P6w)FMz@!}IYegAepf&3=OxF5<EjSq_tFA6
z8~rQo5V`RHi;8PmU^)v5`n6j()|vxG3e?d;K`28L_W>SRQa^?1nVo1cpAa#KQJ!dl
zU=v0q<lh$gf+e+A5+F)X3*W^tpJg<RWwcsb@M9_$x>#Bn>s(m~#_jv3*3v;h7iwQi
zp?F_c(7!gM4Y4|`rI1$kC7@PoX@IPyK|zwfE?mXel}6+6xMwF<_F5YGs;ngf-tiKE
z7;w~DDrp)KAA1W5(Y|UimBKjuy~WhbzBiZ1(~OQ$eZ$f<Cs#|>fjzQ>K+Qo)1U8A4
zGpT(EJxDLokr9AdH`&W0U9u`Nh1Z9u<uUzXmdBrFebbhvuSbylAT*RY!w7*%m9_G7
z_9|x2_{Lr&A(->)inoX}5W#O)C!=MGb?XY?;m8X@#^vB&rI($_*_eb(=*CTIW11=Z
z?NqaQ0M)X3M$5v{#fWblY&)yxBUw5eQG>F2a%H3R|7CiKpg_*>Sjlz~D;F>3v?`)2
z7}?&7HGbqeH*zw}XZzQY)z<qgzN#gZ3dvs?epr!vF!LT3gA8z-kc$a7)02suw82dL
z(b)8PSLnV^yQ>UnEV1DpBdjb(emGNPu&xp;JK(KF+)Q4P96}C!%N-UD=<_j7Kq#uh
zf0;g2d0CF_i&f@ji>CTjS}h?3+pH$Ok@v5Z;E|&U6+}=?^C3E|LOQ4T*Z6Dsi+B@G
z`^INrupaZkV4bxa1`81irLWnsxQHuP4v)3`V5`Iy94L(VZ*M-_ruJQK_<H+nru<=^
zi(r9SU|}9MKY4+PBce-z<jq2x6o#c|N{W!Ytp8GuVuaY;YEI%SqM{TyfnElgXT2=k
zq1`d_!ac2^EBOZijVxYV6a27Y0>WC6PYalr&f=NTNd3Lc%^Wy`2A+T*v|8L4Z#A*d
z3%BB+2YV`*g4|NJ%Rhp|p_n^V$m}Ha`hy*}OM+pIIC8s`4X?uzF9C(#Wr?>Qxx^1}
zstsQZ9<XPH@=Im&XL3H!7QRFkmBuR8`5~_CbzZeh*10Ln6f~9BLD@WKv0u&NW|im8
zBQw-Gya|uBzI(A*5+<{7C(Na+Zv@rsgzS^6%-C%77LdJIU-(ue1jYmw_Z(T=HVkW4
z!Vb$u`8<8FmI=E(f2AzcG?rFaQ1jD^)zW_OSIqOq85n<_n<z^3Pq6kRW)72w+a*Uf
z^C#4U1{IG^@W7eF+jhYK+j@OL0%w_yE|yut9_fea{4DzMwZ?mB+@lA&&c;i(>%4M8
ze|tD!L|Z)JLD9oq=AFo#EA_6VYmWHMlWyYS!EUn=^EWFcud!Jra_(8YMkHF+FVsHS
zY?ns9RArw{V#`}&&gK!H&RL~IUmfHL_^*%#5qVMwHLn~PP6`mawYA4>Cl%MhR8tbU
z!otv04(ZlI{6bN=Y(E={eFrh**?4o5hNay9MZ}{m8=e(#zpLct6Zi<}7%qEK?O&*o
zlQCsM|4@P)NWjcwvXqJ!MK--EusExvhqmw%o(K_vU|SqqTV%h^BR@{Laf7g#ee=`$
zuoSU?1REenV7Y&L<TQxEPqQlHF!Jb*rcbSc8LpLxGuC7L5qr6vNwH@MR%~#W41H&~
zFe&sDd5}I+R@hMF#&gghNAk>t=g8o9n^Wi|)Q-UKWZ{F)S=C~pRY*%02frgyDhMJ-
z&KWBoH?vjl_TJ);5SzVok68s*PK>R5sVTa$g_q#P(06TTf<s`k`MwTp;OC(!oJ5qX
zT{SJivS2|1h<@e~mSkFSoxrsAS;#~Zk_Z2+AX&UKXnYdGcNycCT^O_kUIL~rvyyXx
zATI0S`UT2TO*bYhD>dOWqUmvgt@$r7+73kx#XDtD<s^P5k?&+8lo~=UpE2?_$o|X~
z=>n{d`(qw`h_-^q(9;hdN81V=^}Zsh2F&{`C@Z%)Jn}4nP@gW{?Z4kH^_sbf);8->
z-b6rTyl?E)4VG-%jilU2Xm|T5mvD5&{Gt)u^9yXIY(>Ler&2U3-uH%J{pXld_4}Ad
zN-Pw+Xakptp~ffCFWh*frI|K07QTyMppAqe5ZRJ^_X;-_N3G_$K%B(X9!UZiyXZc?
zHs11E+TE|wQC4%g@u{*$TY){=g~mD}4#WqP24dMu{U3^b*7&8KIc5G2wYv$2*v2ud
zaD{D=HsEK*I;)W~XaBGC@0xy#S}3wZ24cq(QS;7wd2Wd)6a0z~Sn7Xkc1<8QloS-V
zd5JhNYE|?wGE?avjK*PlSCX&QR><v#^_Zr8D5hzf3*Ri>k8xV5cHipePmC4K8wj>+
z`FII(DD#p|4(%PzYd#{A!km6ERtQ)%9Y~W$k0vDJ?YA=WQ0&KS&EIBByP-1HKTti#
zH9m3`v#{U+k1JLHy~fh=lsVj}5kSX_1l_{}3DzrH$S&FYmd@m`gDq!dTcv+@xEpJ@
za}{j1E3%F~KZ7#_tK@K{QRQXN*dl@hPS0r_ZeL*O_!j+YkQ~m*1>s`T*J?WRS5dop
zbhnLD!+s@6*oYr|^@ZcL+8yflZEg8a-0;TPhE=_NtE!;7b+lHyhNo!mOREo!*6vq_
zTef{Yeg~?D!NK@2!g1rM4h3IMD=uxw9-XbxXC5MQA57N}iHQJqXPcp=Sj%u&7IVVx
zuGt!*+w4Pa#7C4riSLO-pthM_tNZz_QmWO;kxTT#-2;uD{NtqlE9(NH1os+Nv~`wN
z`vhf7)bcs}Vn5sXdv2pGAjNoQ7C<Aa?W_zUVA2GCjT8045zu8}Aq>vabT!dkN2Cbh
zE?kSsbCGa=itNmli|C=`xQM6HW}c-+rPcgOo-wQ<;f1DQc*@9%?2&2lD|yIpB2U?)
zh&*adrbNZIMx_mVqZe*1u3HS9T+|fLbtzwN`y^}U%QMzBZz^6>J@^`Q0IWq~x>O{@
z)4T9pVryi|K?nwEzYIKn%EOOi0}$`Da}G2G#;2x=VQb4OT;~UV%Ei*kjOf?5S9L+^
zC-I6!K$Iu!3P`&1UMw$SgCu#^T{rMd#ZXglu~t%b`l~D2U%mVLylM@Qy5R9R;~W%j
ztN>6ZdICk=y;d)LOBfIewMC10PucN~l8flUBq*U_yUmY)ny8rN8N^>lG*Spt2_Od~
z0oj*F0?5Z5Kt5#sKq_L=*dN=6@`LvN-GzRVmUzJxp3dsic!c>OOHb4*VQi)QFt=fh
zqIa8vBetBOKpzY?L^db7a6D0$gr<-Kx__T~QTW;%^P=g_+oVqXqvGb262IKA%oT!r
zb!wZX$=}?=jHs|b;Z4<pTw$Wo+pR||0ZX1<xJQs#7E6$W5HX=>J#oFLP23>o7%xDn
z^})X;MuIZJdBN<0G}ao*STsdyz4U6YgT)|8+H(@8@^pYaJ@$%G`yliqJv-P@^keK8
z2`L#c2&X1?>CjEB_71uloh9n%elpUXN&R0LW^DtWA`HM&at0|kwwrnTp{nfr$bFSz
z^p@x>;so5anpxwslxW@2ABsJ-85?VQoUb=a_zU}M0$Hq@{jr61%oW(bl0IBc%c!Y=
z&0U({06`6qyX;rVeeM2e%fe4*aN4wMz&z@GE&c^xY0Gk-_HUfNjb-MvGfmo|0_sZ;
zlwWLO?ncKfL!8^ccxOmTIR9Y|lr}!tjP2&2_8z8>k3%Wrv%gCXQj9ZF<5OQB_}dZV
z3(WtkaK9u^^@MX(N0gP4(%qT8MD49Qcfyb53RI#0W{>ObVgxbZsQE>2i04hk`(tGV
zY`^6U%U8Tp1=fm<wLI}@4metL|Didj#&RwH#yMZKLt>Kjh)?)B@va1b&T-A@MJun!
z6$1uah@WXkmbC_}?za~-q=o-=dNYpR$hP@tCH64bM~p!ZA>yUj6<!JK!pWbd-=d4Q
zdwk>vF<m?jprEkVFzJD7twjKmkPDq;+H%~9(S#~U(u{A+X9!uqj?$MMMM&|tf8^bm
z=4>Zj0*#&3!Z=O{M!rKZdcjYGHEL|%I)<X4SB*6&deu#~1F-6sPGLKerun<i|4M|Z
zY9Ofi=>u{O&JO3;TRuL-G})gHFqc?Wa>3iqPBqL+(oE4MNDXNlH!F;wM)28eNrRC-
z!)<ijMa|cqQ^PHCHc*e*jRC_Gdq@{18)#QnyQh7~C(l15H<9kbTEyss4B46?Yz~x#
za7XSBq$NVC5k3{;8X5GW>v$ZmSQl;4XACDh#c{`5yggun?%vq;g^E`w(f${oRQ+j7
z^#Qa!awM`2@dt>CoWJx%w{;p-H~^O09B#>Qrro`f*MJgqHWL%jc;&iiYgcW7i~86e
zjICPji&Br#Uq0Fb7f&78PL*%lw_=bYPhaO&bq2XGw7oTn5nr3X1R@NhrVEXx!1UKY
zs7=I^+(h2zbD1C*4*`%?BdzHZ_ec;RHzBzJ3#J=m01G#Y`YsB}C&FD^p;}DC!Lyte
ze<5|)oQ=nv=Cr7UtI1}sahg4TKGei+_<GfFlWO=)hZ8B@Df6&dWNvH@-e?_@(N(*r
zUR!|I8vtbOuwP4}NBkS!c%E?aowT1V;!(|p$ZhO%-Z_ye4ixXF5_T}`FfP-U4`gfc
z7~j}47YW2YtEpO#PXXQfh{{w2wwdk?pRFyAxH`O>=e&!(t3u6s7(C&a4zXvJ`?t+K
z3EW~9U7^C=mBtjduX#CE9!&>~ESW7$E*rCiXO~--eJl3aa{INd^h>-d<X~xs<^48L
zl*ugN3kS5h=1I>goX>S|{y1<R`yjBeCvVxas?eUe7xEb#h|FpdxB}Was>Ki3K|SU1
ziR+-XU8i+7Hbu8>jn?7))Ja>|7wl1sKpt4p?OUVuZ$w*paH60#?-MKqfX7GJr4l7O
z+CUb#kE~yDS-evmMBp{l>`9F?h!Ul4)+EL|SC6C@Kb@!$x}L{*@9kf3-g^RaXWq31
z!QAmcNgnxl^aLr(%mP!6Aux>)f3w>U(S6E?ru*YoW}3h-?p5Xf&ovdN9~&h|6Jmzn
zNhPfJ=wZ)GiX$)EV@?H(0^4m893+Xhufi+CZFxGN?UTGAa7{zoXXK+}K=uqN7X<By
zw>#C+0BNJ2ZjG*ZBYFUY{gATa4K;)(2{KLAD{6`dTN1-BKH?F8J;NJqcp8u<AVcRb
zeZW2-=h>i{zS%ws3sja!G86%mdE5>K8q6s7UYUf81rVW-xy&Yt85YvC>*5t^N;*eZ
ztuf5RrSS?i72H0}?GS1Vc5Eywt+6vwjXnB>-PkVkXQ{?!(-<jA>i_BqxK~yfX9{|s
zz!sXmE1FmGl5B`~4^5X1DE_B?e;F-`w%Aa$vy4^R7+5b{|IZXFzwwdEK&-NTqcm^8
zIYW;8N}VI*oS2#tKxT0DCH*2@tLM2VXtlovLYPAbjA0%u@-QAuZK<$#?I$&{<Gma#
zNZVB<AIEp?s{Nc@wfC`i)gz9k4nx~v!!bs&q!Q%s!8}E_J%X!4TZld25r$x(Gf<8K
za0KS878z*xiC86p-~)rTIS(@q!DzVaP~kQ?6pMF6qPD}HQ2Vrv>f@X}femQGlOTGf
z%i$EVv7J&R<O1I4urc(OPtw@%+ZS09?*FLsKOFK*^zdSdUP$@`Jv!IRw(^1W41H28
zt9sDYT5S`zYAzjrpb3xdZF@yrUCuaBH?Um7LQmxI=KDo*{6VQ;8}MDgYqr6<c~GpF
zVjhIM*ZHt@;JU)A$1eqPms2w;i$)mQIo@zZ^@Z0&W&=#<HE%`hAlMb&mxZ%DqZ==>
zV}^S&)oHwC9aZB(;(gA|;Ugc8AyS^ikpf1<2^(yTA!izPJ{*lOP*6IDqY(y*sh*j}
z%s`d%c}@>IJyDD712}L_;cjN?uJlisVM`!3Nyeq{KZLwcG?79+y(JU0noQ&jCH=Jf
zS9sS`7M>zzebWj{faU4b4X@?CP^<09rIKOXDck~A9xeU=okPATuU}O%K5_-My0d*H
zQzIccIORd_fFicaK6WsoTbmn5ts>NLINu2Z^j2Jp(6PMzrS6PK530gEK}^A<Ro2rZ
zT&fr+yiy)3s;Jqo8A|#kv`+?Gz_LQF!s5a1p>Muo3<*`qEqin+N1(g76pd#oC&ZuB
zbU2jW<{V0Q$)WTK4)9V}WLwC;Gu%y%@*U(sSeei!&D9;2gCnyfL!0Rn21fh?$rby#
zS&ULt)Oy%(%<&elVScsRI3(CQi9ad*5VHn~$gBY*#fX0{#_?Ftfo5b<S2dtOG%thD
z3&r_Tk!`0vb|g5H>{z$x8jtBSrNLBNr%PMUsJ9Vv#IT7G^~|k=(8@jsJUtwYPsp%N
zrs;NWoAZ`R!1|W9@I1b*9(-YBSM@CSgosHwh`l*f_$8nuO7~r;H9;^rOw7(N5oyTi
zP^|X_QBK_w|4LvkJugx^<izpF&p7*&ZnZ|VazT(<Y?aVq95OGwQI7N?%<`{`d>~$m
zhd^zv-xApK3fQvCET8DS#lio11rw1>kJgO|u3+H@vH~UbI1@qqIpD{RT4FwjO?etT
zx&sR9*TRS}cSS0l1zg%o)qYp_&(c5P|05>OQIFGk<bEubTllrtw;d($xa35eo*&v|
zK?LpNbi+-Oj9aK$K9f&mNhnDiN>N<lcAMdUQv|+9oh4;J4Zl_UJ`S*{bA)106YA*X
zcZhtk62&$%^{jq5OCWi(KI2w_z@fxqHWW0j$g$q#fpA-m_WL%Ku5^i2&4WR#AcRm`
zzvrP6y5;955M$w^0fp)DkVwyWo3~ujafeKkw>tV|P7{jcdh%oEG_R7AgjRz%j)h60
zYtT`mXln}ugaWJTK?PdvgWOclbd!=-)}J2N!6Z;Ix*8H`e?h3+b@GxQL1&|SJF`Tq
zeO=zhA&NF!%P;1S`O^m|QG&%LMGG25SrLp^P!ZlZh(Q@pIr@Htw#))2+M5L%NK=d>
zADmuIel@koD@B#Yx7K}v!twLh#)Z*&O+9<%cow6%aJ}$4DaCE{L)e`&`O-Y~6Z?Tw
zW4hntMj7o>k3`r!TCXRZpq$if1C>y07AJI2Kb<MO8axm(c#Cu<HUR%6yC>#v9|b|~
z%&(^I<Y`8Xq&w`DgXAOGD|7SpLeO6(f4Xd_tz+k&6|H|J+Ip(C5CtW}?6KJ;$4U=L
z57)JA6LC)D`smuy#N=peKRXb%E#eu;+kqD_sX^5ulOy__GOAQo*XpxVqiem10qXMm
z^FQCsW|}xt-F+{*)}5fJS&B}KuFXjtKmT({$ehTs{YwKcq8vz8Di$WzHbw_m8+5M?
z7QQXLf00t<p@E=}#rJJ$75z<CQUAwmU}Z7;NkGYBy6uspV6}<w1y+waE9sY(SeTKy
zs+uN+^ALJmGnD3>Q@SnF9_F>qr7YT77#<L9y)ZJwW(a!!QW%0p+n+~vKl675z^QRq
z9-tB4QY6sNy-sB!C#w<kuc$%u_Zu#398nu(47+-nDvm}vJH_Z6YZXKZuM~{u`ip}>
z$eDdd8jc)SNy8rzDlX9%3K>I3Y4~pQ<VS6woWnCjG6IjPhmV4X@D2ixCmnb^VgUmj
zk+lL327=wQAYg-OMM334-d)`3htGSIR!hmOW6)JaaYONc%dh53)txPJafEPwF>@gZ
zy^m+`I|7&w9-=!h<X2NN|FDodE&evwM!k*9hwX#;N{S?PqHO8<#CpAORnX0$>!LM(
z^0>^uVL^$%y<su3^jTEhsD|>wPdfAwi*K(Y#x~&PoRaicw62gh({TV_pdpkUrP#3g
zQYzv;T@DUUG;sr^FV!=}oG6xs8GFz;KIk3_^JZmsthBvZ`xBXJz8%Dz=UDFx^^IS2
z=sCtz-D{uXfF1$iWM3F(-W7zL=5$(?z#pNoCcloZbNirkizrHNZ+C7VwQsL-ZkO1%
zgPq%IZsGmzoR#DReJCgv{J;cRMf}Y!p63eB)|uBla~X<qDK4PY$KHOge9Lu#EBvES
ztlwzrP<mjr@3NIQvc;{kwP-h2#%@%CZen%pFsD$DvZ_FSUl7?C8hk^3UU)1|WYt6Z
z*yPPw#ARg<e>pKiH8%Hb8rXe@G!P=UT3t{)6p>2gRbS`|3xnmfRo@m78^1&ktTjp#
z9#pFHP^o%Cnf;#UV=Um18sE(G?<qi{3^lLUWe{w~6ET<bubMLwgE%EhF4vaLek!9v
zTebt^hZ*l;KG)WDT2mE<4>Oc+<~ZB4{Rez6&$>-}S=FfwAEe?gJV-oFlLfB16FW4y
zdswPT5uMMeph=NFqe(YOH`sOF`y$Ag{jS(pq&KyU?|9N}HcDC0Al1?%lqddOu`56V
zg2Be6$M00h_b?g_pK3p{IelkNwb}yE$!f=`16RuCj0q7r@?;*Snu9c1nHSyq??63%
z(KLR{itq1(F9nYi;#rx<we{-lpLF6A-W@9MKFzzbC;|h8XTUuVdzJfa<$Hg-C`p>l
zPu{W*-aRRI{43Jjk<t4T;r!74EO$hc)3FfzIb_SqON<kX+tu7R+WuCmJUpa$i%9pg
zL-8BPCuZw|fiMa-PadE_Fc0zj!Yuq1eVw=t0lLthS0&oLq{<yU!8>g|M<$h|ZGs58
zkMeI4Mg{xNfYA(BejPW$Zi$|AlDN2Fl|jX1aEZ%tlQ`*Gc@z9gftJ%*-htIste{W{
z-Udlf=cS@45qHGL`#cye4|sK~d{^knkB~ovJyA4ylX#0{r6&rJ7uF#Y`5kNcr5W}b
zu2Gg`f!BnuV=1Cx_ziDX8oO+F-TC*ZL#ygCzDcDy(h%vQsDq^@hvOk!OO7cCLmPiK
zzeXO#JoyTKHTJE|ZGQnI6bN^SLU86h8-)7c@%i3qYb)^|j}Og*GZhztnUbl9)5>*#
z<4ts=o3H>Qt-{XmN&72YZrl-Kb8^h3bWPaHf9E%3V24inT%t{3vlf)Gi{*GuqBBgm
zTVIdVA)ix42awb#aTZ#HS+6UmmUbBd1Zqi=pCZ$SnZv0=cAn3?GA>vtkaYYn*m^jF
zCHI{-c-CRpSt>72L}v;|T8QPPFd-`_6SRKgWg+`E!xFh)R#1Vtg%ny=SU!?laUg#A
zMZ{`5nGhAf-gzC?Lf(Pf)0TIR>mNm1$7u`if^B)Vvp_xGqp=xMoXkOOSN-U#R6UvV
zx9rIx)W|8B6=B=hBPWyaIoi@I-SOc_@Vm@7!#?PWwpdgGwSSb4mJZ8s1lQ3=xL0*9
zpG9kCGkB;+J^84iSSC0s&{^HUG0z^FRy$T0y!+{y-H|8Bz{OFsb}Rk0UQ89M{=G$+
z{npnj_~<omIk`fqh3(Jf&e+u3J{5?38bKIrzp%jS8=d9(`@MGMK4#JyN9C`I5+gAv
z`GO!*j_d~GObro%9C^=`F32p}4eKw^@OFmyDj;qLmL4C4REBAkd>}#(Fq<pPh<J+k
zCoT|m(V5l$OCqOB1PR>`CfqrGlrH5f(#Px!=U7+JQ1O1@DQZV>sf?qspA8ivcE344
zuT)!#a~;!eV7o{!&5_KQ04hsJ?wt@YyMxPsxAj{F%@MVLLlRe7?aBOg4otPr3P2RZ
z>HyN>VM<V<)&7|qo8Nr#E=5~ywmB)K!Vjq5smV9)Rd1-UK;r_`W=!@0ArO)!`=t%O
zsUO=CmdoJlL@-h_g8D&zt#&vUR!sWKQ6!+1{muN#{r1{<vJ-{s7=kX_JoUbgt7kq>
zJFK3W^7;|0r$)-uTA8;LI1Hk#<_59?x*}HyZ4$gzkA=I+F-N??rgOUuj6VYwfML{E
zukls4Ua!@P4yt&6$@OA2WLMeCLFEh^d6~q-a2sR`;sP=Ohzf6DY&Kn|z$#YcDGuFU
zth>zY=hFj}i@ZaYg<1$o8N-TDYgwIpE@DHp=7OgVcH7-68Li#j0OFMdw3@3JTuGT$
zTS7<eZXCQ*&75>Y_)+HU_FfJ=gjn49C#oDwmqPKOhhGJUU3%eO@uXSf?2iP*+P1Hg
zcDJ-0Bu_!j0J$(Wm&H9sc|04^S$<MRTwkZmY1r3L=uLaGq_0-{2fCs@5Oy>a_nZ`r
z)@7*B=Bp2@kD@JewA!<261_5=ctE;-saCU!QI*`G)!q)4*h3i9J_PaJVhBsWpEiUw
z&+#>0f<Sw#`K(V!<+I9)S?EB`mfO3D_Yx*fm_J_0G9K%Ag|eo{vZnidDhD3>1AEU?
z`<X2B5%jHnl@DQ++f$)tN6w*tK(KG^qTeC$YEokPhokl}-8J{V5J!wf0?=5$yQX69
z1<T@Mepfkyr&|T+`0sMU36t}t&8)x75%O)R^zTR+eX$|G#YTiJ1!+N|tCS4EYs1Ay
zF!p0~9p-BOXX){~K)u@UCD&<UaS|WQ=PnZV;#yzqaxZXUscx0swd*G~_g^5~$}N9%
z25tQr1%ut})2SMg!M4t#c6$kdQ5W)wWijVRQ8tl-W7QcxMF?8W^D<-XM<V0bpvx7J
zE|$UE+dJqXAp>90owt5&6M~1;BQ{Z1PLA1w(}he;avQ~7t|K9sBCj7o2xdu{A_TXw
z>f{80bm$P|=VqoNvCzR$x8A$~Rd>1ZW(oK?lwk+s<M1CBBHoKVJdKdAN%Rv!eoFP=
zOCqGasbi9mgC+^N$hNVDC|;xJx0uc=`W-4fsKnjnDw`L?yBx(UlGPk@8?;35?ma=8
z^zE>s1(5!XQq~#Ut+wzv3WNqs>rqk^=`O1&)7fel+|Q%p4OnfcRlAV8Afa`%nmJs>
zJ@>?O11#B6PBC?EY6}t-NLK8-!RE~&W220CEH7G0cb?jrRw2(4U>UotDeAmPug&Y1
z3ms@o^nr)WkrOj=FE6&kN=h8mD%Li-h2R9W^3^sA$R;mRLfy)vI3;g}3o9@LCAXS;
zAWWh}>K~HCS>(n`kJqU}U$H4}RBT+6V&ir%l6ajWsh%m$YCZR7Dh6*>j`==Mq{_AY
zN_HzmVKkbioKPKwZ>FQG8eO7@4i&bNg@!?LD!vqikk7B7M^-sE$9nys{rb2ZOLB=O
zMkOi}C*hGMOZf`vSinh#eL><l<*2sRyhMu6RyVuNbLHlgL|&pN$D0!p2&WR+iLUJ_
zw52MMa@ZpAba=Hav<FuQ6%^_LypE1<dMtRo!H36&*W*r=5AiGZMEeS*iAHm0Dbb+$
z{hVKwhs()##_H*`eKO}YC*SGkV7DZzlzgWWS)*`M_)1boLQ}{s_+@8of8R6SjqaF7
zR?|+B)l_njlG)UG9No@??L5eSPbagV@I<~;{!+D5o8OVYw1xbN_&6`<r%<X~sK;P)
z)6Y0~IGy3Bg_v3LmrAFU+as*U3@m0_REkA(DmgDz^ELTPOZhog{?bL%r|S7n<Sz~J
zt!-Gud?KolL!l{2RRqd+U(z8qt^jxp@@!Mtkr-RAwvOj(1@_dRBhr<=4POxMX9r0U
z%RD`HfoTcyqW6~;;J5^lZ6)kA*7DlDZ4Ifq<l@MDsm8jF&yA*z_cVpzJx?g9ogH<H
z0@`8Z*1uU{E9kwiz`ME34X=o78e+{OL$X52`Omz$(Ju9xm%Y~7Cied$i<B9UE#r|K
zsJD>=<sG80<k;cgI&&m!z>xb>aOBfY><&5YxleOA*-7rxo{USrP_?Ptr*<XANc1X1
zYca^FV&^{H;Q_gjU8eG$&Tmuf@B(EM6(jZOuWG1^bbu|E*g>VN!LPwdz=?bH;H$P2
zVcnUIJsW`kd-+avYP9j^Kb-IMI6k$}$C)+34?Cm`k(mmy;GF<e$rtAf85``CR<f>K
z41<8y7p$m(p?FzAD055!am<7DR_6e43<AfInYm4JJ`DQ5k@dEk_4bXO&osH-X0SO*
zK2xdSsC>a^)2h<flJ~}(M6h>+j7Sy9N~PpNTo+0j63H&C@|mV33$Er<XR%@3=DWHh
zezn^_fM#MHhh!pK#rTjQn&upsLOB}Uq{nH4y%;WzMq^``<8>0t1DgrSa3j34%7nFt
zj*$tg4Efh;I|o{hxd^_F;)2wtnY`kEGkmSerS)a!=r(}24d4;rq7v+Fc*92QJUiW4
z>oOaKeLT8*JE|BtFPitRv`h2M+h1<Qu=5z!eW+xNg2qynL93jkXKGt4&9Tl?z^vh~
z?E5ysjCs~2siM)>+gR>(z6yKo&&s`wnr^d=1H~dstOnG1KRy7%=G8>;=pQZbDjCfb
zcnWaC&Jl&D(7}4Mb0}6)9{@>$AjybW-+`mz`2*oHC1cq@Z(I0wZCPcOWG>z*U1DFa
zlJGs49lI)G+4%wg8Z9n{4Jwr5n@keg$ZVHZ^9GlJco1aBZ5lop1grf6B_zEXm=_zc
z2m=jBk)7&lU|w)yZoc99dB8sJFoMfiZTR1}=ljy``Xg-+)-KOg78^Sd*B|*FCPX-l
zJkouY8RY{doi{efN~tbFbH0$gTmyy2z{qzFX}Ms2`cXF`T86kPuS(STwX*0(#61H6
zV6OG8yn9-;d?Mpht(C<>19M0aH4r(m({9`7ynwN)N>V^gJIDE$rz-K&Y34oEY_55d
zN~~jV$s)#A%mc5g34<W>%RKjS@<1i=RcO*T;4<`2<$!{@rI$_`s7$I)PXndZJSb}+
zMjf#cd{J-P&5%WS7Zfx1n<Vzc!d)Sf2=6|X*C)>IiW+~wa_b|xtKX4fPM#-Hx(Y%x
zz>h<ZC$7<BeVc~G!UF}tq;hQ2>lIp(woG{?tf8OldBD1&Wdcst4pm(d#=I{ubiO0E
z+=wEpk36y|XP$Y@Qk!x<aC&lIOIz>B{81OlMCfQqz1o7fTt@4v|4|01pCdc?S7eaF
zsh954^szEX^%VgHe&hHD!cXkwpsajIW1}EGO?n?B)hkpgJ|ZPVpQqz*2q|sPAayH|
z&4pw^H^h$st`!Ql)$9uS_y-xJ?EF|~Co@Q0EfN4Bt~kfDm@m=YO^ObzZ^1?=*!+?5
z59a)U!m4m<_#_0Kob++xH~&ZgRXO!Cx~uH`Sa;+Mk9$7TjUisEzl;tsCxiL!3{pRk
zmy#Kz9-S?yvq}xqyqBB*Xa=cfncaUjgVeb+kPbd3$@~P-j`a}W_^u36lUP8Oq}UA=
zntyLx!>Q=V3{v&8j!ufRQG^=tDMak3-<7G{3cl#9)m$bUN;4pScZp73(EqmlQRmPj
zQJt{4M7Mn#jQ1KAjQ7PHWw-e`Pi(1C>|dKd>P{+7x5o(@AG3{+7CsB2(GoHeFg7ir
z!MAzC&*=Vy_^W+8{Zb{I<k*Eh-m#`Px(!>OzBTxa1`9t5pUiJ%Ax1_vmZHxp6)Z*Y
z^<T^%<-Ws)*8k;?O68AQPPp^`j{H#%5Q+TAWNSTGbw@9i|GoL6t_KEc>-b-qKWf1Y
z86TU+cjk|}<tmKRpBbp~NBu~yAF;15m+O1EPRk!PfZC3cKk5`|giSGW^8aZ5s0RlB
z%kxJ?iHFXT*z^Bu{-`mG|DVktHDDYFGVT2T(fm=r!%6<XC4banqMiR={;0?ke<y#`
zKtS|Q<c~V#3ee)}^E$}L+RqE4gT`M(;`P$y_P<WT|C0j_$$5ytDD{Ut`YUO{&<H<6
zFf<|^E*vKt6X~9CRnqI*JOoNRK&X{VQgL0Jcxf5B1bQiJ5ee%Vx-lSMg1ap|LwHF9
z%JthkD*D-PB=$M_Nhf&AEpW6h-EASx<aw@lR6LtA_I6K@^I7cT0M?=CdcDTYUOOCU
zIj8yV<=#A-gD(mZyrBm3m^2G$Eoa0!t^08PAF@qv9I{91r)(Q#+Ys{Y(T!<)wC-g*
zD^t&6(_0J@Cq!4Q)8o_EiMy_UU*wfw>{Jyu&ghBBt(O2~#J&1Bg46Ss@Wpbb=H%Zl
z8@C=*!P{+l1k4$HUHJWA{FZgW*qm)5Z%YJ?Ii@*{w}_9};ZqeG`{|ayiAmYDW0}2&
zFgoubZ!BFjaP=^^tID`CqpES32fH${Xc<QI{$V{SIMYRLu#~eb@yb&92#kXw_H%{L
zMe6eMD+pvT#4Q3C=1-om1uvXy&!0LJIb#ng^`Nif74xenTO~NKCwzKIZg@aRx5!z9
zkN3&IPZe#!P(6mW;7OvYC-8zKS}nutWHxe-;7>BoUQOr{tYlTO#B)!6y-iO>fWG5P
zIpA(JukY}Y#1z?K{*>0`*%O7f82w>>(}!1zT@4LdSMV*?Kjkjh7<-f++)=6Fp!uz6
z$*94@8{~m$NW*_^*%Z7!+t9pdwd)wO@(wzGutBg7B)=z~FLrIV`7)O9eJKtqjTh3h
zK|u^wyh<U7`v|ALgs8F35-V)~Exs9v>Bs5u2^<nD#Q7*fm?DWx5xF*z6U0=91(tA1
zD&J5u@E}3ZIhGJZ%-2|2Ku_#RrQS)%a5IB3lw#O~(L@&s@`9^bf)LY(RZLnlan3i0
zTM^{B1F<RS9GlIX2qZwWJ>`^>j+YJQIXp4X=8rP-YBn#i-&DuwvhI7^%;VLwM)QIK
z8{Yl-?FjF7_~Ea^QTL#>Y?z0@lZUkhuhVhV8eJEOTBD_n2;wAZP$EVQtQbf+LyupS
zSjgje56`*0%sJj`p8X@DCdbZipj>+Y>+@{5e<Fk;*82sDD+OxA_4Xj6rV_2@T4_lv
zgYdF~N9L&|HoUgI4x?G6B;tRNw-7A&$N6TMG9{Ck5^OhX*F;Q?-Hz^9tNo1kth@Px
zEU?Nb^Qf>es(O3^oa#^F%8}Qm>VK88f2RJgdCz)?Kg0@h8jVa#oZfz?)xN{i#2h*$
zC}iujBcp8On02#rW*yfNIlvZRO8lO7?C5G^N5qwe9&h(cp-1De0zvkw#xjEaBqkoS
zwd4M4tzFaJT69<e`rBr63qf?iMx-d{j8^8glgS42Q68DU=8v*Yl$ZbAepw;p^T&gb
zb0`q~+2g%!gnWqKbc9UvXJ9`g61PIews7w%OsuNJQ%|eCPz($Vgn#La!4lgXyoN&f
zQVD&?S1oI`S4%N^YEaM5qvVpemCE+AN2e*lrEU7&zW%kE7kQv)z#QL<9Y@iCKIlNT
znn!s@l5~{EuWP$V(Vn|SMqE{4{Mf_dS%ni5jz=IVQr9p`0PhN*@fO-V+n$6_#r`{d
zrP@8KRftgujEsLy?dPIuA+%2oXMaRyvwYgZ3*>8YU=shG3T|xt#m+Hy0%ehX)@Tab
zDU#}6t>|oQ#LM`JAl@pJv>g%e?^C5+HdVU3PYUfi4E8SZ{>4K0V;qZuv0Lce&hWXF
z@rYNYpJcxhcoLFIh~244SSF_T4Dm{eo?=-TzXj<AZJo+a6d7T6_)<chE5de+4hM}a
zu`F#Tqq1-=5Pz9Z*p<EJ<7Z2MD{|cB#>4`#pfJzC{2si;vojrS*v-%f_)kVE7$1|P
z`pbq&ys+3vii;zAbbnriTG9QK=Fpo@%q@Pw+^uGm-X$J4pY0FMKgl24B3D{^nLAoi
zNdI~_kbV&bg7nY*z()F~_)X$l8vS+Dh|b2Y)hM@mN98ZJ0`VJcs)=HOjnRpRF2>vO
z^Iv)%wToyB&6^)ig)X#JjhEjF+mZE5t3<W;NH2zePomoIFh6}n%E~0%uvYUl-x5a$
zs*D;K#JvRr)}4vdNc)mgX*9R5&?RUL-0~H17N<`f84K?e3k9u4@Rg`cLuKm#(}jB5
z3zibubyx9Rp@dL{Jd9!NmjTniW5Yc+%N4m#o}5b5U-><A60!Jx&NoY_FJl^@+-(k_
z3|fc4RZ`n917AxR6@FWP4EGG%a1xXj5}J^m1r|WU4qM-+j+DwWm90j;`m_D@Q4g)(
zQ=KEA_nNN*PI-G@7m08M*d;%O9okl(I1D}r*ontOw8g94`8XFw{d#NucHzJ!+oQ35
z{`T|uSN~<k{7>b=O;Nq&aZ|4G@1`|w{?%J~sFP;gq`T{0_Q*suZ&%g|jS}~(P1gb~
z=KEFBDMF=Gx(qKNSTbgx`Vy<%g?yE`Bx7q`M(%ti^PY%$f?(;UKrDxmNc5JRH+;Nm
z{@kepwHqHvM0B)-50)DP=A%)aASpCud}Br%dkrTm(YrSa$Xz{PPshQYmL}QL(w?M0
z$)W)E)R=@}J4<SU&9B+;*$AU;9MYC%5xe;~ZP|#7a&ky0BrEAG$=}K-*b}+Q`UU+$
z`U&(R<CCRhY^$m<v<<<a`OYr#flkd(%{%;YspMb5VJw-$LNsxqSdpMkAB95p>iZ+c
zN+3kyJiAI4RhBL)SPe}*x<;&PN(D@;RLOt@vuS4oX~%s9AA|50hs8+QWpx+)wC}M+
zby@EAd(nVeUxR=h<Bb)dy!9A|aG&TQ?syVoiqJuk)1iBo<fO2>`9s2+(}C!rtjP6M
zjhT>^>sbEWYPHqWOX9BZtWXSMP(h}gMSb|L-1tnd{|qv<)$GN`N+b^ZNei3J7%oZd
zmgV?dj?MR&Z$D(abCWpiG&_WAV`hd6Hp~O7#2l9;=eUd`NEt_vGUnKNLG7aD5<=;)
zMCx#%h|}&o6ATpZy&SvWk4==OSBh<`H$ML`tcm`hep8*h+EtBK#uxA9o!=m(#-@7n
zwEBaZyCJX$CtwtsZo2~kSjr5QYs~J13SpL|{`OSGf^J*U(q)>fXseP4>uBVI!ia{5
z{OE%}7*F{0=)nv*rxH7{c1z$jStS(rD%VDR22Ddxl|G}S<b<eWaEbXGb5l`VXAWoD
zMi`#mLh1DR4J~b*U6uZ?A{)_9^`h(Baxj~DkQ^5TBVhgtR~WmKU*^c!Wa3+JZSUHa
z$$a9oCes5OK-Jf)iFHu$AHZB(N4#WBY{{5?VoJmGj;f(d!rZZlX}-!BlZ6@#T_>db
z010)<nk1;ZD3YQFGD#)4-`Xqy*cJWaTRlGaTd^X77>RMJu`ap|dxW;^=^osMX6VsR
zztx*J9~r+B&n(Yj{)7(aXx%-nTK7<E4!7lpeX6jC<9e%4N{du!sVW^UrKM6jT9x7|
zPX$w@^g1b>iX{b>5i2~AM};vcKr(PBhi>Z4o8<kTd-$6TjVbTGN9&&5oi}}YTV3Qc
z-M>q#!N@C39ss)xntQ%R$B#5)Uu3uJ1j?xB(;o@6g-I<)V^TS>Y%FI-%w-Qwd|zQN
zYb`;jqDC{vBiaD)IT@S+w+ter5vYV;^Bz^-R`biubPbTP-lhQP%h)pOtZeqSb_63|
zu=AX4%N0;0+p;hjO!1rP&*l5K<zec;FY#DqzuAbTXfkE$h1V&f+zp~UsUuPBK*AuI
zFy}(oQ?<!?O7R<#zw@1d@c}y9B&q-FwW`*xiqv-?wQ03Z@|GJjdr8eU7ln_`QT3<q
zA9vf8X8wovk2D9QJmWp3_a<m}sj-jHm64fhS;PwL1$7SfL+sci{!tSNClT<WYm#4N
z9Mvhwm<Yj>O-&?P9S=8lgUeH&d;Z?%oYWyo0B#kV5$Q;9KKZNCZzs;Tx8f|-@s$|Y
z`LK+!qu7$<Z&Y4|F`z~{#Tje$!PvlRHDVS$G&bOw3OMT(Bt68zhfmg<y@kghu3lli
z(bQY<7*>YOY`7_@H$CpA-ipPjQ!Iv=2WL0q9%2f#mBnZGL(Pn>!#sw=rojS`o=7fY
zBU9lhWC3FXk@pY-+C%W=XGxYYz1Q$~wj9FQA~zF0D2UmKN6Z}-?w~9fuV_{pWecKG
z?~ZO4OT;{A%Z9`pQP7f9NHHiVYFXyR8yx!*S?~8@+nf`+FP8;>uLt^YZ>}oMSEU1_
zG+#;wsM2y(I#x={rF5(+y+M_RrSt|V4J(=vt@A`4mQZTZZ7mY<sc+R1j6K8}4~fP*
z(yB))4GqYFww=d!=LuDU*T<W2qb_+YW~x`4+^O|SvX{aYGS24pA;g-|Pl;K6GA||h
zdGd?a7z3jAP*=1?2%6i9J*LQo6#qcP*BT=`8i<8zJVq!=jMh+%mkYupgle+6$mUZI
z+;v1Uh?tcV1YbW=$YZTXxFx2ID(0Y#kp0H1Wt)2xHl}fCq4xFK0KYiQC&<|%-fcOf
za<sxwz9~K*n~1IBlgI%%BY_4UbJ){?6tdo0bc08PJlUib$lKlJjjSZUm$qJYv1rF0
z4-z~`PJ-tt<l1FE36BETQbZ=QxPCCO6cg(#M8}jWhZ96#VlxehT#3_>t_JWXu{!Zo
zQa>FM)+6qDSIL{mCr1sfq*I%If!=}p6SE^_mqn_D+k_p|V@1*xW1m^5T92%<enVBB
zgC!YS^a`$0XP=;IL4tST;fhpTUF6A<#mKu<Y|{r>MCwk;izKdy0WLT29#TWB#4sx3
z9s5)S`@=_C^l!3uU<`cD0R}JvOYiVlukFfUO5mEu!A5@Q?eN%uZ3<Yp2$?hKkl4L{
zMIFLOpkc%#kjS@M%_;OFXq;vn&dL+xpw&oO3O_~m9xTMO@{mf|5U(JDI}}9zokq|O
zZQ&X!4Hgon6`6c%X0ZNH2FOMLcT<1KeyvSID*ywfay0Z73z#C6pW#tHBomZKH(ch6
zge(`kZOjsi5}C{s)?~YaMz38MVeAsvuno_Zgyc+sSlV<tO^(304vN<wP?N|H<j&k5
zK2C>cA9xjX2pHM}6{&yieehBt#!@L=wNtssSaA4L{}@Y?wy=``2w`pgL6j2>ByHK0
zK8RItLm!G{`}-nES@;$GhLQSM^?%<uwGT+wacAhYRpy}p#%;G4kU)UNaDVRc@Xc`1
zWEe3kh!Y($@JgfKYToU{lx?g?Idt3xIIM5DVSVuum0|GN623xNdq6B=H#b6rES#cx
zy{kq0@gmZ2y>T^zY%@PR0}eZ1%J>#g%JLz~3bSjTO1<S+C`MPNCz@aZ@lNEU1Q@!*
z9KH?p0>4A#H-1seV7QwLPDauYzvwHuKAUUuF=eC#6lwJ@2Mls*=y?z^oT5)j{la4H
z!sE5tTLCbusJgz56cE}%iP-p@TU$yv&>o-FnQ8u!N#%f~<*YidEaNFW!rJp6tED!0
zXjXa|2h+hr^R(LIsWbHzaeUjq(kG6|8+-+?B$%?aS8Bz?S}7-DxB0Mv&PZIFdRl5n
zC5e^w8a%X@R!b~QiH9l;rB_T50-n6sXwTqF5h$t{VG~KxN~%YF;;sCCk*WK?i4bz=
zR#xatuUXYg39-}bh@W3Z4jcgg%Ku~UO~9k7(!}o+36MbGMns4hrPQd2q7ns3LBtfP
zkSeGGR1|DbvFS#;UBINuxUdvdMRHS?GEUpebhkQfPmevl+0#9^V?u-giY&Hhi^$@_
zy_85mAqfcie($-rmVkEm%=66u`JV6p`ADkj-m|{vJ@0wXyZ)FN7+*e;*1B|PNMoFI
zZ9MuDWGpKogKb7#Kgr3p*SPahQUMfMg9;7CG|=fC2X)P88rJ?~aQ-@r<}%B0WJ_b`
z(3q^>ja|w06MqDiUN~}MpgPL6iNqGg9DTs*KZ3%Txr)L4ytCPkk<RwI?}*em(mAwl
zNLAc(DM?HF1oSV3q=EmTixPwo6@w;D#gE#hpH(-=wt;V%$fGwLKK&etZNou@`a-tJ
zIRrkgTAMS1z0#gyx|I?v=kmkK|29M3rSe@vAdV3lOp<&o2V&|x5K_s3AZI4B)xMF=
zfhv7~HgO#x5{^A5(<ojir{hyBi%dg{Ji{6YJz^?aM55T>j(1g~Tnv?lhCg{Cr)u~O
zuO_VZjHV~ja^#YhLyNx1Goi5H1U{pt;LIt#HmF`J=(XD@P4zm4UXf8)y>6tQz_2mf
zAFpGB;-hNt$P{&f(7Z}9k<5T)EkV<zGKVqj^c$EhE4qjimo;YSVI@)=Jmw|L+v~We
zo;2`=8mNc5rAjUlB11@Ik-OZ7C6`F9olB(9*e>0~NB`+r%VyhYG)+5<-bJ$gkdj!c
z8RgUwn#F-hFkjAjE_B%mx9}Z3m;bfv71fs;x4r%d*7c8kLKGo`AOXIu#+eM&y*B4E
zX8qntluP={H9ALF0SemrOc1kA@@M1{V}K7QamEDE8je7~IQj~Wvlzd65!@@Wr=+aY
z5!@~>M;a#>kivh8Tl6c|M~APOh<vCfSK<dqpyp|aY?NA+DZ(Mj^q4?0Kll~pi0GBu
zj!<pzE}a^@Y^y>%qkeODH_PF*hM)JQm747JX`+&}eIUMkLumR=<ITgF3Jvnl;2#2_
zr$<mCofpcVTt-k1Av^npF){*nnO>wgp-M1Da+Fu79Oe4n<S^Pd$(a}gEqJL4sTypA
z`{-RP+0{8=C&{KQg+d&FkQu^W%KrV4MK9J~Cve+qj92wKj3F{=i$DDb##`_Yj<@m~
z$GdjJKQ`W5?C}n<$NQ+N*I~^2GBsYIchj#&StJ))pZ;ZKv^(ha%>@}dh;;w+sfW8&
z@b*6gQeS)``hcUv48h=CZ0XC^D*_;{aPFqTkGP3+5zLX$7L9{*&1F2D5YKs)4?HK^
zt@Z-6M-q}}9ih{G@%tP!z2tO$jF+YpBo4i=fJck>lZzx7|3X+G2J@+L1%?dLj^hOM
z70dC~?$939RB*L)>6JWNGUR<z4hv6FcEqTxkhl((x<bNXh#Sj^vh~UVE_vT*oUJ*y
zufYGjrA04;AmGhdq-MgQBa>NN&{(ALaP}iPGCz6xhCEF`dD@J#`(>gl`=tkcE+jM~
zAcaIr43HvZaN<zlUfVazD=u63IgINayx0^_iYC{J2m)futDdE_h9;f~A0QI*#eDbb
z`DCQ8%Y9WE^0lqO%aQ|vgX16^Grko*iN)kMJHxI)p+RD+0;MB9H>2KI`+njY@tYmn
zv+#7Yv#DRW<#-rb`fw4h7NDab`~@V(ryn4dGrXJ#$!f<XuHuZ1^iW<V;Yk{-6UN?M
zj75|jgwn~V$C$1ng;DKxf9dC?`$Vk$nl1J*&Jd#qTqTG!r#N;l`X$WEh)+RpKtV(l
zB5?42lN8;qD?64LI1lv-kCWu?@w!5BlO<X<8<^mQg^|6^mIJ;0`fh`m*4<52y^0;~
z#=e9&l9f;HU-km>_k;GT70i>RB0IV)R;V(;Dd(1j^0v9{b+X=EsF*aQac6^?mL7;}
z)LHzWDL~@b%*JS>%zM)1t56#MDA~mOsV17mStM4NSQnpmJWOug(`9m`tvn+=x6{;G
zU~hv*S>`N_a}lN4QzZJ8wGnRVA<jZy;f>c6S|&3XFVqyY)u>5%+e9Ld=}d<FeVXgg
zqP}I@&8N8zB2gn(2MXrMi3gY5?T(yqFT5SuO63b~YPq$kYj`y4#c!z}{<lh77M>Aq
zaj1LL+j}~;=Deo2yuHVrH<T)KUbrn?<)IfJOjjAwqsmiOl^HpK`0a(h*b*_J(V~da
z!T4Row@Bh&*;bG1drs|VtG!x)dqe&fF>lyM#;;(3$8|^1l71f70;d)q#d;$V(jHw!
zhpH)2R=eZXkdBXNE_EL)+v;*lbABy=QpsvA;d6bUMVC^c+I3fP(V_>d;eLwT>|jzP
zwR^Ncd&g#v!*DxlU=k4KE9(ono{N4I1B_Un4C-*=e6{KQE~gefgSR3NLUDSUH$I7v
z3FuD?LhS+9?FFG6#7lTv)i@d5r^Zi;4)M9yaQlUu_`tpN#0lc)Tk)Cg$dgulW;aCD
zo=!@JDe$@1sXYmNrv5cKA>i{-FgUKNXyJShD8!AaV{>*@kxT$p*Ef$}Ip(+uEqx`D
zt^(vkCyn3dx;1nBq5=NvS(XNP>14)lujCJ)YOgC8%r7)ARiKLU7of<jrPecct;r|V
z5@yw!q}sok>)&&Ji#+4%inK@SD9@$g)Cmsa1>;YzkLl!zJw?%PPqy^iJ=aI(M+A4!
zN!G{=@WmagLC$;7Q))WaVM2q^MQ&oKJ2sVvhdibG99t0YA*;-N))8Dn9MwOuH5U;)
zWU@u^e(D1%EuXRorauoN<W*V7Ph*aAU~oiDk6=k*P!O^#-{l$mL0@Ye;4~6|ITYiV
zVS*>hNeiCd7;Z(!MQZ@9ZS#z)FIxDS$2H%%2z#LUtTro-Qu$-jn3{9dq)>SrH)rzI
z=5OE^uJ>^$i+60Kt<di}7QC4Yk|{3l3cp)PI2)W4t1D7Yq#edf;^A*$QSh`L@P#Yn
z4L)J6!eE;)a8e(Cm-tQ0N>c3QhT0Rqx7=0J<DUw*-^TV|PvT>}ll=)g_uTFYFC*yf
zT2QnYl^$nar}jiMylj{eX2oi9uI&43I?m=g*n_@V_FJ~*_6)CZ{R=G8h^CZ`usB*u
z172OkZSsw=-prB+?;c+yfY73nSdGAv$b1UeNJXC5T&G-Qq7x}?!Oy23HZ9|+<a&sG
z2YL6JgC1@(o^jtTTA1*-Le52J`QzAw*fw(?+Zm7P9<qCwcwt#tSdrSBv*AA4H-#Xr
zpe^;1;6}1$D=eg%SR+XFu``fIn8`UdMv38yc<Om$Sdqp8DXb#CGmg*le38PcpX9P%
zBh^mCbj&N+XY}vwm#<$>L5?DC>@pbtOb9i6j3~z(&XAS*6Cx5rm|hUOHb<Y96Z7Rt
zjKPx`jxh7>$#0b;N#Vsv0Eu!2UPewlu%rr(^|nQqk{>rms_^TkC71KJQhQ9|45-L#
z!htQ8LnU;cDRRR<KIkdw5{X{++lKqxiNXk4N6sc*2IBKbUMGIwTtzJFU8j66aL0-6
zL&hnkPECwbmDrav`pUkX=)@%Po?MQJd{3#t`GD!H=%Jk{qAf8&6)o#b?bovP9@qWQ
zYtl1KeGj0llkF+=+OlC<`cRRCVACEer>ZOsSw2avg1~P-n72L%ex}Zwe~_NtqUbdV
zp&78Eyrn}ddcCFki|&qhJdXYD?0a(E$StZ}$F;|<0Y<(Um!*d7T67HHl_?e4=1Y}~
zDO>Krp!eOf<gSN`mOyXrbS@g?kIx0Y@wygzBNloe`63m?7@kPx3=3@^^N9G)^!As7
zF+~Y6FaU3JigC`jah9a1)FA>ec$-sfHmD!uYE{iW!mq?1{`jrT^~CteTF!<t-hx?~
zD$XAKS`U7{99rmmg$c`l!%vpIV=V4O9O@R90$rv2^>()sO@qZ+{#!WRl=SrZDml5^
z@S%QBkrPmc`#+n@r#FkPCw4c}1+}<VD;$$xi)7!UL2}G3Dgs8^_#O*6MQLkM2rc?U
z9?AKIYcL#5GxlsEi3zyc>jrt%U<6TodX_nd%@HWY*KSQx#0`6-Eg!-N1Eq+e4qAfk
z69~4~BG_)vlnJ*42&SbhmVQMmuwDVzr`qxa`zoNnj&%DlU1k~YPLS(yYe3&+E~OYl
zgqW9T(J<u@4l_9;P0ulch1SQuN0C4l`kryb6w{)Qg3qFFjon<tO;2X=T}(8b+|l#i
zV-kd$0b&Ylt-t~DrMQ#^<Z|im5T>c_(hDm5Nq}{rGwXmsILcBg8Iwhyk?<7*91^S|
z+RsKQC&`|*<$s0g{fB`Qyp**ZCBt(n@cfd>DcHR1mbHIfvW81Qvr!^K|9EPA)R(F0
zVLb8K<ap6%atR2KZV55EB_CXEoFK}r1a3;px>D-;D}gzw%+u(Z0hXu<mRs}7pa+6H
z638?-Tm{>fJm~tG6uh-%vT@AM_(N7{USg2~0?7@lP<w2$f-^b@pUbE_pH&edV3sP7
z*W%OB>e%Z;T@!g0RAB^gH6&A0%L(8LXDV?0wO~;xC#KS-fR9|n(L0=^P4N-BNu8r%
zIuX@}(@#Q@<zXsw4WWyafyd32Hs*DD(3ZfKI}_KIZJ!b!^+kFQu;miuhet3gY6{?s
zWJk$gR~t{F5wT=KN+QROOu_eUTIL#@m?{A#M<h;~@+3X~iz)GnFGR7FZWDdYYGab!
zrn*QAyFi=!#l+%(u|!5I0EHHUk#(FUdyNOVCwak+5+zL(Z-%Nu1wGMUbpZhGj*2Qc
z$#f0luw84AU=8NC`6Ku(HDjDr+k@A0CE1TG*1tbTR@j+P{Q2o5F2&w8h@9~4ag&P{
z?srwe{fQ{SwvG*b>Whre3WZeGGYYF;x0`Z-k$mcC*pS4khu2wT+87UL=mpRvxmAls
zLuR?sTg+--9|8;9eARrF4+IC}_$*;9s+?T<NiQs_I#J#$PhT|N1mlq`%cbm4RV$Vq
zo1D|JSrTYu>)9RH0IF}3b0BZ0WnEI0OL8lL?Epa$1>ke80l<+Sx#)yIDiYK1uP~<O
zg_bVK@T^tZpQGoZ@hR^<DB7RT<@*Tv&Z-p4dp?V-a$DtHfmLp;e9z%~I@S`zPbsp}
zny4QDBat9}wkuO$G;hT;Q1^Htpf#?L5^*m}>&>-;n<8ewl!TXAHzoO3J6_TW|J)_G
z+E*NRO4W|5PpL|(;l^Ax<!M>&OQz)L-W);Xn>qG!QIP3J#Z*Sv&=s*sIq`dmA-vNo
zTD%C#d)NEHOJe<82ZJ9=;uN$uzPazYxyRsw<isQ{?=5_nc1lClA_aSmcz%$Dg?$s}
zmmQ&1@hI>~0;FaKg<qo!n<^m2tJvbvD+y0)g{F<lyDWt04O<uEXhmRhL1TRr%IZ!I
zzTA#2jxG9zhV_dF>07p#uHd?yg?n71)-6dq=V&cU@$;h37yXQ=<>M7=6eNub0mn=r
zIrCIVN;cyFyj$6NziV~y+um3$wo9Yl@WvkG1VN;57K2D17@ViHeU0#ihi(3;mV;^t
z_rb_&>%KD98%Gg92nVlgJoe69?)<K`5*Jp?AP*&;B>op^ZQ)?CRhW|FzH(qki=eIc
z1I{LqO=gN@l)QV|Yvqi=czm2-3=;A-M41;r_&L*Io6r7_8*;L&fVc~!1orSsep5+r
z{NMYZd7W(7nBtJ+-D?H$P6sH6MU6W@?BPL`f?w}iXHt%jwCvVOAs{Ka_u8-}_kN2W
zX~b^dyoL~lJ-o5rd^6qN#s5Hii+i?r;7_NtcRgY_<6WLJhgs$n%J=M0-y9y_Ka>-x
zsdT8oKS}*7mQUoAk6IeW3pgl@#}}kEjKkW|Fcu4xM=X+=?KKA1c6D<ACKZPY@OzCD
z_geG5YDW@i>G@3<{>||E;S#IflVdHQ4`Bisa9hq}dm5HK8Fx>Dx@?oF%*XWCD~ef^
z`}m}=1Lw0A`$NUnnlE$-R-iI#wwAq`HJ2MCg+%x_i=zZ8Dr&Z06dvwICFWE*Fxa}I
z#?wq#sfsL<yh5X!#w_(X{I4=bW8OVV>`>k9G)8}51E2?dmqsl3P8axIF+UC8^;ZGk
z3kAM!K4ii7&p`iF_&zCX0&;HKo`P>mAMqD<kL+wDUO%EG`%Dvis9EsNuT@Ix_mo?E
zB!0hBBx8RVigtkmuu!im=dM(&HU=_)Dj4hG>g*BDSmY+0Ok-?shsC+Z^IZq!epcZ4
zPvrZeb5o)dAyf9|*+xIIc`i$hGl_*g?gz+*k)gl>uwcP63CMVbn;_644#*7-^2fwn
z<+_5z<z9Wfi9JM?Zwsa#s~x70oHReo#alnXFtz9|p0n24%4+Ac=vhzWCnowOrbPTt
zmIoBREe8TFR3u;cv<W-ewqp8#;hWsgrP?r6?e39E?Xe=@!ZYnh5FndhK*-<}9VpJP
zWLZN4DmKr131B1x(4?xqM{ArX6$bE2>dTX5(|MvoY#=Is-&jcn9!ni12Wlj+cb1al
zF|s=BQx`FHP?Z7=7gJNX6cD$BaQ5~$=8XG(@&}v%mjsT19y$hrd3yhCIP07D-@Jtu
zUY$c+c3HO{5<@g&|Mlf@=KfO(e{4G6Wdmvr{e-v05X;(xTJ$J$feMj^yHZl#PK@1*
z02&5E7WuA#`0SY?zP0&l5yx5nIyVSAUF~$WF5KsOZ_%Vomz_@%<E-ucyV2@4U~gw-
zsttBZHm<pB=#Vp`uh0*aZxW4@OGC^HZsOc3w)Vk1)yx`wrqenLN-)NkLnKQ(jiHN}
z2ZTp%rEZ3n*Q9dyVZAN?r2jf1I{*m=_el((B5UCB4j4~ibl_3Tpf-dGDt~j&_-Z}q
z!M#f?dLWFsao(M2da&yX=)nby$9SdQq6fdc>+9&jqdXOQu=d>~JxK2_j(HL2h)Xt0
zQ6OUfQY!!>m&017Bk_}nQlzeJWPn2O(PCV!H7J%jX`40NSBeB|kAzk7wS2`5_f2lN
zyHjRSm~L&rbZZyuEWizp_qkrzmJ1gHul0!l)Hrsftk{~wg~Cu3PKu8>=EI<#LF0)A
zjrG$VT7RE@OKzeL%T?|Q`=y@Wv42XuSTzxFd^QP#ZFvgTbGR2$hs%R{;&ZU~(aw)3
zmV4g;iB87;>O%>#wBt^M2f;iHzpUiaNlIlcj5%@?)X*kg_F4(@fA3|*+72HIn|kw?
z2a}j@ZGe=$3rCRCr*A~}h3uE`T*m6B*r!m-yDTQesAarR8(E$o;aDTnhxJj1%?V@l
z<y^%?{hJ48SYZ4LAjxJ%0Xne&3)SLWNx>qg(rl`dEbvU>(+9cRszrl?#;70%YgO`^
zC|#B_ZTh10|4Tn>RIo}KAuJH>{~Y-<ZEdtT%sWnp-m8Zu>466UZM0bUOJxAS7`;go
zfV-i!G9TtODEvxsm@-*nL$}jtCGI`OV~P1{2Ys!j!yOqt<n}OhKtYl0p+7y?r^W)B
zl=!n6G36?=g8gMNW?S7@mJq}7^OA2~;|#uu0m9PPWvapy$|wc8#!-li998P4*GTYF
z#{0})#0gIMvpW^RI@Y8m?aTyWlXhn3|Fox_nH0wEB0d=%<wKUOC%kH2_yIgpqJN=c
zQ=V!juWsuL75seLAb$AL*R5)(V*7|#Lc%cCmCZxI_&d&HJl(Ov65`)Xg;-@SU!Q2X
zS|!4HqS?7FRUKt$+1503ZTTmUdON(>krkXRM<G_yq5Y<4Q{dhfH&`Y&1uxx3v&PnW
z7CpgjY4qoP@XJ46p59f5KYss4e=+$+g2kFr_ljbEI?n}u1;*GrB!gyp3@2$`C39C6
z3W9V2Y|CPmIo~)3Yat4ZJ-1u5YS`PEH#&?JOalf#c|IrUqi}Wc(Z8`7(%mw2hdm(#
zV58kKp>yTwPhmubA&uD0|CGiUo7j?D<}$py-G2Af*37Pz{;LPQJfb~6g@A>`UA!5J
zj7$qVhRY(ydut8<MprM>WR{iMJf$97p*`P%CnpO50upxaS&GObSF0A;&9ZP>>>yZI
za7UK0r?+feIuKJ^@lOODwCGKAB;Kefib3hD6{>{xJc&uxaJ8hx+vyb)!Y)8st=ox~
zp_7vi{+#wOawc{)53s~q-3PpHmOzojkfy1!X2BO<Z2Fok-?-^(b4fPHQ%+6>+Y;KF
zxJmUdKEhTViL6n!p7I-|{9Ba2M|Iso`E{Yarg&drIFg%*krF>P_)eC0+^Ef=E0PHL
zS=sh9&I$msj31I3LMFlNCiY<(wT5|&!C2yuzg{XQL>upJBojj$Q<?Fqa@f3wy>q-*
z?fEHb)isw%$(mdoujb=-bv(QNJj_!{0ipFoR7aQcOSw}tvtf^C-}j*;55^bi0f_Vo
zf-~ZawALZvY%!_s&etM1gJqSG?1B#kkaYs2_@r*zT?u1)%y$Gbq*s|Ji^bg(5G3(6
zIsYx8Dr^3mLti(4LCPNUPjOdCCsA|Hs-zfy-3S{XE3Zld#qc0T=Z6iFOH&{j0q}4S
z=n0il?AWhFh{}*(mw73032;X8&`)v;<-P@Q-u;`7T3V!x2?LxT^Whbbu8t4C#$U^G
zTn;4vag6kHI&o^~Ea0c-xKlk81Gr8M;QXB<)zeD#becS^l&90w(>dy?oKu~gQ~u5c
zmc!QCoX}Is{d|;Klu@?R*86GnV!sr4Mz>4#(OFa<*^UF(NR}7}uGOJEUYBW0DAMZ%
zetY%7>qPM2b!`lNj!jfWzhGWP|KI>q605so6N}J6W1ldQaHBPa<}pBsvzlOl!guyZ
zY~e<BY<PSx?FX%nMA?z>HN7Myg#%~sg&PZabB%iQ1=z8%uxvjCdA-K5gHFYRCG?`A
z{v~Qw`5XCw-!a8Ug@bw2ma=ZELYw1w5~mDntNi}rQ!(RW<ewz3n%4)f%+dtThzm8{
za#}37B(+^`g_)qSHSCFFj{9=N;d-99b4KM}C5GlI2TWqvioo3NN%}%oRFVN(82h@=
z9ehUF$jmFW!&nEVsva{6)b12bfVoMgl=SQq`lFUt{#y8vcIeB%j|_*t<7xcJaOgXp
z#*dR7`oIs!sf8aYr@oW$;|zr#X9#}ubnpW|k`8`p{O}wGKhh3<$fV_7mC4YHZ9BXf
zEQYbaRJPwvqxwzZE<9k5==-&meIw0X5*U5C$nur%tpqyh<Bu;<rcU((eX(n_l^T4(
z;QLNXOyrk0rfDnl<U#$ImvRfx9B9vMs2jlvG%(WAg;P)cOmXd~BfaHB2p~S}j(TG0
zj5PLP9!e&>ixcJHt^vVK=D*7l#I8vfyAQh#o{Th_RmorhbYu!v^OJi$=Qz?*8GJ}F
zHuac!btW)5Lz-2N<(l!hn4Pvf=ZLNk-6VXBoD%hjijNZiAv`uaI3Q8!iw(7Yghso=
z<8wlnBP?{r2C0($d@*g@wS^QrlW%ZL{0I$H^laXh*Y?5?GKf>DCEUzduk?9rhdIX{
zkia_L7)lpha3o>?Tv&Z?RALFxShVit#=qmHLAU`qJ<7J0tv8m#G;^XfW#@ENWY-VZ
zRyJdg{^UOiW0$j(SWo1;Y^y1fZCAEF;e(y1T4=FOxi8(vdKo{u*=B}#_25lh#fDSV
zDEofOxPHj?<J~5X&XVyF>+Gzo7v+z-G$qbTx2+7~6a8Y7At+PD24CojyJ<*xHO6VD
zY0LjWC2b`M#73W{1~>SJUdN&CJ(j&okrmm1hB>koA(D%>#e}L2?3;U^Wv-{P(L8c4
zjd{tI7kiNF_B~F;+09$wTKGg(2(%Jj@zBD9jx910iLTSfv005qJRYLYQ8%D3$|7$(
zetN#_#ZGtZzQWRNYPpQ};K2c>DbaEm>yU?%z>@qt#`kBZf%VpwB(QS6*CnQ*R|#)v
z{PnovEr}NkVC7cxu;^@-zFtWE)ZOLgR(sxwv)$QK6vPk!6RDs(m@fm?9P7-(=+u%)
zHZ6+yvkPPcif!pCXm=L&tiwpZ<<swGJ{9Qwb{fOzOHSL9yEDbWE}?EW>fSIx7M=1B
zt`qe=?A!rEBfz{ox}8V1J&f?H<<EZ;zk2Ke>q6fufVp;-1sLI1Cz_wy{Axn+qI-?E
z1#GmPSa~YH`n>(_K-($&s^b0ouXP|L>oEU7T}1oo?SnjA<bgL}q0IIX9vC42a<vQH
zgiz|Pz@_GWwbIDQWJ`SXXy%q6E*Pq$6!Yx1ITO=IF9A4CIVedQ<%Wmw#it4lT4LXa
z{Nu{BsBlT{^4CK`UTScwA2*T0gDGq+)EDOqEL(XwL-r~00gMGmc_qSz=xFP5&6gRP
z)P)0wq~9$ZGM2d{7pLK}^-23?n?KzIe=3Pctz%sHQz-_d@4w$#f-#_j@zzc0C0IEI
z+~l&EW!%9<0^A%Uxaofv+~kVjVX*`=XDjSkYf2m+HEB8IqXESi%qVon>WdiSR1(c}
z7)n(y`3^gbm0-l$DhE=*56yEa>x+?wIxdWA5=QXI?6X~TZ-L|E^W<z^n*@hS@o3yC
z$*3^90U{z0!7vVrF|p7TA37P_a9DgQ5m3Tm%KpZ-tp_^}|B&WKZGQY~`O!X%*FL-f
zx8lc-qu8^C=Ic2$S*f*uR44utER?%@)m|)$G-i@z{9YC1JgU|g_emfF>yVo_@zy{Y
zQ&Nqq7jPOViiokmBvAOkm}5*N!2;HsJ7~qDcl`|xT}2D{ev11%iJ$m?8Ncawb^R@V
zlMsjSn`<Y^J`>r6x}+xeS!;r|C5lEzg3!)NY_x(X?Xv7fE9Ox0Xs_|}nHHM9!=sb#
zuWWcPAa?6-5-)}$ldMA+R=lHc_T;q(XJKIM2-Rc79;y{F+0xggY?}6(-vRZcj23NW
zNvg$n=|jGVRMRKPn$(Uxwc6b;C$Z*qr`q31LM(|<S4bu*$r(s<XqfZ0N9EGzK~$V{
z>-=!I;%B)qCiySv@I9~%q3%w>P%m*369B=ZACV@H!+JtR1S++3h*&w_<2tN8_B$Fz
z4yZLOpgWbwTN-+dhQ4X!&p`dPMsdvba5zYek87>Lxa0Sb5ixT--c!eOz_>EiwlPyq
zv$==@iNlc^>GkQ6uA^b|UEp1|T?YH;^&+o9)r3s;fRP}3nl(maq_hKx#Mr}Sh<(#Y
zE&hEb=I+?$c6@Hh%caT-Q~@8X-TKpWL?`u$1VZ5qL?$5l*@pa{Wf21eBVSDlfuag%
z(x(?IS}uBCEGM{VuYz%s9!X5$);|mVLK1@#fuh=Kx{{{tvsKy^_`mwQWW#?_FUd^N
zR!ys7g@^_M9ffFd6Q)UdF?|>*E2I|YU7kRm|5|G?59KdK0ljhQbc;Y&@@nS^2(&0|
zjJ7#)HYx!gCLW&~ebLE?|6HMPjpU(_yoUJBITN{FaYYLjpD9G=pQKiN^t#;~wE&xw
zz0FvpTH>@hVtgBSc3%HF^Yty(Yr6387ENBE?Z;MPoG$Z&F(@}mZ|Jfq<K<_ka9lbN
zfc*Bi0zpxP_S{em{^}iBNRZF^5JQK-Q0>Ge^5;VSi0)=WVyybMGf~cGkDh-by{Ml5
z0CePd+4~wUwM6H`V`nc$6LJQ~4p=}zdA*L;NqiN356Tzx`y!OPT4ajBVl?4CYf0}e
zQpb+={Pl7Ouaa39=5OGG&avJHdcKz=<;Hs6Th3lwf<(~D##D-U^K#HkaZoafJyext
z7|UqV9EsxR2_f)~%I#~zaqn3vINAvNUHY&Pc9v>}Kua(N3R?*$07}_fMqB9$zqix4
zSCu?qtY4K>eu%!yvbRQ>-uqxyQo!BUILu6wDX9YF#qzz>(ro?b*Vp+v_DJxe(hs%h
ze8HQReSN%luD-#qub0dl@d{Mq`991!a=h7^WX=kZIm@b+Eb1$5As-24h)SEC^LBdr
zE0CQ@exH_+lELGWq28rO+ck{W4KGKxXg(7kN{gxdJ|~b$oj5t4RwLj_4j!6_!b|dL
z$$-7sh6(pC`Ls@`d|D?YpVke`f)qa&^MPQf#P9mTx*{w2!Z@Q`z%T9m5Atb!H7uDB
z2_&?_0(2Wf+XMx!`O8V#5<8#P?Xc~v*er7uwQWVB{XyEG9ttvLzc40Q{?Sv)pPVlX
zwN;P$<gDuPTj7Jv3)>m9@&p&)bK|4GKf~e`pAa<v#nd#fc+*FaB1Jzd6f2HB)3sf!
zK|Q&$h(0Ig?7me=3^IjgCHJ3tudd+GRF#3vaZuKdar!zwRrnIidE0yER<xa)yru6F
ziil)KWOnJ9SE~dI8uDtbI@4Nt)pJIJdi_WrJ3J$=R(H1d&h8t)D0EPEZmmt;rQLF6
z)0W*X2ae>{8ZYfdY6=la*N-%($>Ss!BHDYQxiA^!(}eu)G#0#ksN3F8e>1<9QJBQ1
z|8{<@-%-_)0oeGE(pQuIDz=1tc2k@u?^SPUhZdd3#FD$uPkhT#2yXs1jIw577s@6)
z6Pu-yK=u@PQrX|hqCGe2Hthdg@5%mbWq-c!z2vlv{dp7nvqkOCiRt`XfEm_RTP9me
z@n1xhHjJUNO84Qsw73A#Bm46{!ZE;9sM0F`R=3)m-KT8MiB6lACXu#>{G$X+B}hm<
zImj&;k|CiSlsWM-nLnx-Wk!!F3l>#k<=Ema#RrBIR!6}HaO`XI1ts%vK_5A|Ng<T1
zPQD=Tt4Xx>y4r)^7p-u|CrRija+o4>+f;I{3kfqVr<I+YYqsCoMNYQYp%A-BLem*X
zU|Uro<AZ=4X<wV1%dd}Yt5j*WBsQ&RL2+Bgm!!>#X>9swX@v|ZJw$tGv7BvcwxwH=
zl-i$>v<pruH`$!T`fl^&isY54*NLQ<n{-_|e;1~Zxdb@O&6S8{d|-Jgpv5F3A8iB%
zekp(;?|fH|34lW09Utx@Ib`y>2-D<?$j~C0ye`V++7qLvWHzsE=`{||gec9<<~2|y
z^AdJRCG(QZ*mg3nLwxO-%xf1<Nal4B3pQ$<HzqeNE1TCvCBC^s5L#}DPe4+H$tV*`
z0m*d9O*%=RdgS-|J>9DOUXx?fFJhX~Vn%+i$-3vFLOZ|Lk11+9evsblA_c%ydM|t`
zB)u2&UQ=SF_ZlWcjptm%ZO^H0=E?r6V*^!ZlVkpi3Q6xJld-!cy%&Z8>GWPwnYZOa
z3Wpni8ch6CmENo8U`g*KF(p#dRr|nNSr!XGuqQ4d=IS?X3Q~6+^p<X5;|r~nWM9z9
zA#`RZ`=SLQ`Cc~OH{$}vQ{V#oEscQ$49FEKP8dq5Iu~35Dc?1JDZk{pQF}U616wrn
zL!PA8hx}jI_O6>63tohEl)bG>+hrD#aq7-3_MUF`YM#w(-gFMIJzvQPMT4vK3aT!9
zTXKN4$t#<mHoi5<qVA9Xm#|G4^d_1AE7Hl?geE<e{p&Y>FZ-939}5$bzxqo}?csrN
z_Wz^&SdVc@kSXMf(F&FweqD@qB|jF{t|~v)e<%BwFk0#CUv<PM7h(xv%FO<i4}B8S
zADe}h%!38~*p<Q=dG&8Gh6#m|a-iV}q%Qs#(a5dY-7Hk|f0F&{kK1H+L;?A_>|Z14
zL=4{)4R7h{g$zu2s(ZC+Q(Rn>X-=^eO5UA+Q6TuU<~5n7@dQ8qyV<{#q0c{>{c98*
zWP(pDEq1}Yn@<4_e38V5iaQ`X7)K+n2R`BhG<+W_V2Y6A?_~e-(~wX9%-8Z+uhjHf
zwNq0Xy$52Qn$l=GGDa)=m*Q{#H}iinCMAe5PRakp8@ZRVwo^c)`{2(z@qXa;tfHx5
zD3$@3&<$`6ULE7)Tc8Q^C~N!5T`x0<WI9)wkI-=XI)VQ2|3LmPtXkAuSQ3dYR+xy3
zmt-m1QG$H+!jefTHlRT1AYKH>TB9wmmkA^h)Ik7tf!6<@|0|vUYk=I?kBiG6$1Uh0
zJ{*PS#d6;fx@Qu$?C))s;j#%%+AKfJKXtSGUzh(27$_kAe>MMCf0-Z0$2aHy`utP!
zf4!lcac-0EPg&n@knjJ@_sslXwDxuRzoZkcexcvlGL<xcFip8q6A<WjP`8Go@pY}?
zm!NAPhT2!s{>bro-?iU#G_Lh^Ag<Vjck2$HB*y#z3vVHiA7Wl={BRREO(U3k2K3wI
z%qN*PXTFE_y*jQ=rG~`;ef_!UqL_s97weuR^@$Kc{r~FxU(Ej>&j0lp2vWOVgf|)M
zZAt8~OAv01kcQ$1@PWBbE%|&rhXn`L)Xk8!$>bv9Be*!Pad@{Jhapk6ysRq0+Q<MN
z9ONtg3o=X<p8~U&|DF6_eT5au$93|}De;_kU+E4lItkX^hn<{$v}Iqm=)xm=NWna+
zSc|%NLl|njAuRd2${#vVZt;o_#E1xI%R>PPz1m$~cdq#>%1cf2Y55|t()QRdwPj5_
z5-(V9%O}}{u2plFTvT!;Z}U1f`QtZMmaR{p=9WF@2pE=&+1UNrLemGrKuqt?ZDsmE
zcG>j)u!GYFauJx`-zndm@~uR^mB_b|@@=GiE0=Gi6&g(P>6S_|XZ`K`Ux4Tz$^W$v
zw3yY_L#B7VLWa^euub%8HSZ%4MG@`Q-x90q6>rFHeQ#EVLVAVdkQY&>>mXjLNGDn_
zS>@XnZ+2f?^eVHE_mIw)IB3n>A-jF9ZQ8Qs3dF<x4!H8gcnx$1zcV$SLukNeZ|P>D
zQ!KnLfWcd7mk)aZpKD97${V}N(=^2FN4*td>EI`q_+_5*L0ZG-w5fQN)cuMmyTLOE
zSp}i+I>r_e%zRxikywx8slSvU!|(cC9rjqf+Qii&?>>3Gn2a@8W}-bjhE63$NW3Cf
z$%87(M->FYAImnEg+Gc$lyuUhO_8}DP1e<_Tdetuyjmax)0k>lf5Tt;g|<u*Y$#z*
zm@j_zp#}3myy(n;;|sqKT%7U_YL9$h4PyM%_~3y)BtC96<v?jWX7l|S%87u!)9gzb
z;g5MAa2*YfbvNCLD6kE7<luy{v&VF64Pvhf{18o?4}ki4<M(!tovq<ebTDWp+SIz$
zYye)Cye{Bq3%GU$4+Tn5dUaaQ6#uOvqG-{JWlRbTn_2J8$@{-}(sIYf`glTjWqI&4
zPMg)CeXTZFT33kt*DGGHH?kep8kfEy>UmHqDK!>osrYusl-+q>Z(EJXX~nh+H+cT^
z2zA%{u#wFun%Ph}7=vI|E@AGTeptMg_rAn!3c~^;Z)tZoQjYShAfp=H=@yyrPUG!v
z%YikvQ0~s6e((x5AoUgzX^5wizYJ4w@|W!;M7xrI|0+}UVe4lZuw{zT)TeBJ&Q}$E
z>nGrrVHscyyeGo|qhafklEjc#Veg2g?^v9l81^dcG~atIf!Z#vWN^>FfJVv1$hZ-v
z1h+T0Vk~VJ_{C2sP)GrCc4T3a8z24to0g3Gdo*RND!1ftVv^F*AL-ng@^ogkNCfs8
zm1DcQUloOnH}a4(EBI5p&B6d}zJB6MWSk5FuQ_ey5K+Vtr=CUPu0yym5u<I{XWVkY
zE)^gBO6lHiOTugkl|OP>Vu!Q-EfYo=@v?xD$U9Y3y%SA+a+J9WK7%aPVGCMWcV|FL
z24ju^Kw?XvJ(f>Fd%Qn<p79Q5yyk9R%fncxP<#G{UXeWx;{(c>>v<koMB4gC%b0DZ
zxia?5GRJCXY}AjFRemjF5LNWtYI2>lF8qKVduflXqpG>Y8h}H4^hNo(!0r&^l1e<;
zv<3$cyjwmGSBzPxMf=K+_-OANNr~wz)G;m|W37pkSD*YSsdsq2O7so)Rf-a`vDLDl
zDm0#C{iOHBQ&hZad&2Lxe~M_#{vm1q68-HT9eIEv@A#M9N2+^O29sE{Tb_RL)t4$#
z;bX7JeL`j(AN`kAteGHSEFgAQT6BYazoEz%yQNan%qRFsvBtsn1oRE$uXrC1wxn`a
zi)PClQwm!1t90Y_G;S=SS94POVeQi#F?Yzr(dmb+pYZT{dFV_(Ty{Ox$IHY1>4$rz
z%~E-IL|8y;7Q4^p;b3{VJN@vwL$uj_jE8TgAHE#p;XZlzJP(glXFH_{t>Hm_G0&K^
z{)W8%u{?-X7e?-vv{Mv`zRJ>3<fGrx!m||d$L>Z|ePER&95H5K?jCIx4Ss<KqLUxI
zz`b-4ScEQ?6c7iD+c5`6bYqYA+3V=$JG9}BEFv^b^ck8CkW@-JAo}JK3q;uF>}rBU
zkbOj=#4n{pb!?0~c59B?_2ClSpAazkV{<Cutwhz`0fcz5XtnTK@zKUM2AM5`MCngF
zG2SNro##(~#q-2b=Jx^($|A>Z5O0y}puN7V?pMgilB*l6ORsEVzJJ`^g;rRG7am1H
z%$g_hYu#x~=$~oV!<{xiaSP7g(21IY@WPSZ3vn<LX(Y-lZyR7D9`&!kkg2n!9t|N0
z#oaSL`r;-=b}cOspFKmv-@Ok^&Q#Lha{>(&`#+TIy7lLDT}Vac!6Nh|ZR65v&9I2}
z*Ib^S;jqjZj?S1NK?g_wlm4ltxBwIfb2C5z*OjtD7?C-~S&T7pUgi^@JSoV0GA20>
zEjm|#0hmgRUmQQwZBFNBDtNXv)#29b2(RT_+WwSfo+v68<IzzTQC-VJi+`2;9pajX
z;SX1+6L?cqM2;<4G6r*mZI?k@5Ef>E182Mr`r_0zT$uoHcD*#47sf#7x3=o-<io^*
zc-2#p&NJ)ptBmds-kW^<(kv;v=kqVS<5jz~RhyH~jZHj4pO6c46)etcoL!v9uYOs|
z8bh6rrdq#ru;AZ+b*MX8`=y(u)kkQ8v)0L3d$X9<5qrb_mEZvH>1@4#+5(bwPxi2X
zVETn>@{BIhc}x8@%)OGVWa_+U?q{}IbC=V8JXd2G*(V)6CT{e$h9MbETH{q6k<Og@
z2^dUnotJR}QGLuTi0zqt8T|oY2yZ<4USe@`9>z!i*ZF%@%Q0GJ3aX{0$3z3P1ZC3b
zE36c%`uiZ(k6}c#m4l1rP#q<BC9HpOZek?m#^ivhY+EU}Afwzl8RdrAxP?_2`4abL
zV4Hffo+n3giZSi7T!}?RF!~svvqz;YIHZ7_=<>2qUINzzKR?v1^zqB<ga<-@f8uC{
zsfA+6Fh5PQX6h4jb;W%~*WaJ5YpvSK8y!mzg_-q{)y=^HFCGT~>OJqmT|4WG!d=a^
zIOq&-+1)2^%L`DZtfgI2yl!=3tG04tuhH`3+2+uiaMywQvs-rOx9sVoJ-<G0%hIka
z_G9hu@>*Wt$jMUeb<{tJvFpTa_tJK$=F!(iK5Y&)S+(*u<gKRi(ml=H!?Tv+q>LNe
zvO6I_p1jpBK%BEkjia^321dG;)aN#8YLu-+>ws~tFO&=?ee#<d`-XR46J8%~oa#_x
zmG?yRctNJ6O>EIyu9nPB_2;*k`Qi1u8a2J8#q5)+QhZH*xUr^}8gFZhIVilo-71ow
zD$=7uFRMbf8l9alO$}>lw@k100t;T<3J`@$+az>I*?PFyZY@juQH!cpx~|6s2Cp!Z
z+w^a;rpF>VS}`A4cv`q?S1k!|vKRIZeID*=uQgS~5D&~zvnhu1sr!@K%TXNHe!)}j
zOW3C4#}Hlrz^B^EddJcuGB8-5=3rk{GVwubl@COApChY$@TH7Zel_u)wsJ<V@Sf)I
z(QxQZS>$1|T%W2%KKPO>t+mp1k0*W??&_$2mh#zl`Jc6XnjhKSw`KPrT9qY~<zOY2
zODIP3A^x;3Js~6FFg<@QFNU+v`r?1rh*PLad9i^{HBdE6^?s^j=|QP;q@_7HRJ~Kn
z>uR?$?=k1ZOBFlohgCG!?vCsl-m<Gt-a0j<tEE=$#>6||;M87js}(oRgkG#TP+!!t
zE1&6W&o}3-yIQT-Gaf3+1QX9xbksjVt(r9Eu8!<!4lT9n<h6M6)>C)sZiTvC7V6%n
zP`5?RTVH3+=4TnZw6o`a%#i2EEkXRj37{V@{vAgn@{7Gjf>7onrI+BYgLvrIM-f@*
z68x|IxRicrK*V;HZBLvd!I+27CeKZ4FNuF(xs&@``?ZL&y~H&|TSm%bEVx$&vf|fv
zgpZz6e;&>azPW>c=ohaBtATq=j2tsG8sV<lp*-u=?8GnP*X{}*y|wmQBHZ`ZmVL?)
zN&euAR}5E%jbwrNuT7tFv>SckoEb@ud9O64Ms|@Y0I|N;nm44rpJ)2`?rzK<E<C(h
z$q!{;uG2VC<K;$tti5hAe}~px5YIVFggcU!AU=<n`rAY0iF}DHE%A)y5s(<=kKakK
zzfanQlRKM0<|;ZFK>%>w_C+>2@H-ddZD6b7)4y*#@RI7O2+(#LpHU%YOqcZiQ^Ajn
zYv1~^dj*^6NDCJS@n{Nn0n>Z<;@x6uD|568F6lM$Gw$xrf))|^2M?lV2zj#u>^4P&
z;*HHfWU>`kbK;(AD?O)mR}i96Zrh?nr3Tr}n!72Tc*5%tM?hp@EplRsZG&S=j-%0$
zK`=7o8FN3&ReCy!&yC}0rB)g(4l^9B^pWBf>hlN1Ppi+L6+fpwe_7nDK7U)hS$+Pw
zc$fNorMR6>L{`Ofyx6zgA)((E`1y9f7e9q*ww^IsTuFcOqtN?80To87O0c?ioRYRG
zc?x4LT3w29apR?YgFBO2d?QQGE5(p{faWhAxk^l4MBp51W=-@pSIh6ZLXs?b<A1h_
zaqj(?%qHgJs<YX6;#-yAw?-!NkY^n*N{9we7#NSEy*eHuCi{Mm=56=Qg;P0p!kbK@
zIrW&a;tM%Pi7%KOpX53q1Cop{Df-46(=c9BgK22K|6i+JhZp@!hC`Gy1Ry)bu{Td8
zTsdI;Q8g!~rm_whe65OZXL+*FRql~22NEdxhAl&ZF-cY1Y5d{|IlIj_xUQu|S}V+#
zPx?J;K#%u|euxC45qK;;D%YF)B&zk3{1mGsWPiu}aC<X__n7Jw=<*1m{!!gD9zzHu
zxdWzAm}Tlc|J|fC##8K->k$aaH(4iZO<A;*AcvI`CG%t`q}VRNnP7=wXR0YTf`@=D
z&m_nwd<(ZMr!hyKQE8^}>A6x#KqbRg!YPrGq*@6PQq`&(y3nfeXH{dTvG517W@7d`
zD6@z6tsYJsO!g49%llP%WvV>Wm~THE!^5P%5X0+j9-*E^mx02)+mcY|+xn*Y8(w8_
zP~N#G%$XUFdQ$T@-#pp=@#Oc|%SBoSM7j#pj?rpbBF)*PKtt9Tl|{&i|4Mui4g-Yy
z1e2TNbT9pirRDYs7m?+Dt<WJ0<_3d&Y$#=3w<Qtz=qn<0$jvtk7jnFb`BJuD*-57O
z1N;n$0~1+0AVLDiiH9O<v+)~t9ERv118xcJ@;Hv!T?PBNUoDi*K!E{~&Vm<ZGix>L
zA}!gtgOqM`?BIUP0Q%~mcTXd#eAc&m>38IKbd?k^pO~iPRGl-Ju>CP#3B-$F_e0=l
zGyOD~22Gk0yF4{Mv1hdMH@s_|ho0Cx=|t>|^lio>ES_<J6vrB|7%E+D8w6Tszu)nZ
zB0Z6I8R}_~UDn5D>!aEFc+UEG+WJ^weT3CV6&}u2bNGk<b5$k(M)J?ezXB4V&~1RI
zZhjZePZv;Ju^yZU(6ak;@#iFZt3LR}#=%!A{Y7&D1w*@&Ggj7{m>M6DaBb>FW!2J0
zy#(kBL_7!d6Nyb}et<nKMqMI{Bxs@{N~ts-@%daqfC=HUNfO9s37;cl3ovLp5`?ZE
zFmmvuB0?0SD&aA`j!g8HNO@%GyQM^Ilf?#+;FO0jVJh7ww~4L8RE<PG<lOQ6KN5YG
znIZOm0NfL<jSYL3(Ei!bfathBAjT^e781%hR*C%tO2du5E&JV(PrfSK|1uT8!gZFQ
zxoo?_LM4AL`x^ZFg5wSRTNm0@?fAs*F4)^fznZVXzBfFML=yczOrhV*9EE*z^1(tu
zzxzSIA+bq<enP{X3I}6EdBO3)xS}7#5Jf+;BwHKQ$X~k4d$m~WXwlmt;DqqZ_LCb%
zB33T75NhczCdDrcp_VpVzbu4W`n2`SLa3!-^~()Hx##c?gmPE%4}@|%`3FLw8zJg`
zCFRteL0NL(A1D`1oWzQA$t{7ss-E+FW6o(X5E$(cob-dxhbNCY0W0&7s_n(4Mg2D%
zb0jR58T~xn4GaVgK$xspR$I<eIy@!Ko*K$S&=l!K*)<V51`!R5Ju`rbNvB`fYbQ1R
zdWoVHfHT)T&V%$>W!u{l6|?j$qIZ#nE!!Kf0<qh*<+pQ=lQ`Vh(oKw_HewWYW=7#{
zB}UN+%vM0KlHk?Ca?J6$I<)03YNdSHu1g5zUz0IOCOAh$@k)<jMHyj<Qjv!+7Tp13
zQM7}bD3_rG%9_RJsH2?$5{&IFV-brd5rWf@Lz}J6YYA^kV50Sc9Wwzz32G62lkqbd
zMXIzL2WN@OI?YEIUVX$;$vaRi%2hetEs+}lO+l~$@ng67SN?coIKN6E@e87X!bE;q
za~T19K32_1RVVQ%^8=0!U+GtvH*zN<z*Dvx@<F6W#<sw`jY+M@Y>1MoEmd1AR~E?N
z?<WGixE%+J@6ty#>4(VmZJj`?3TQx^_?AV`9UG*5Z|srcFpmi&r9J$%I%Fy~>6=M!
zj3y3&8vH0+At98kVs3r#V{Wp8RqMsvoW$o;_xH&SFX@*h63eV$AHvgvyMl@(pklwK
z8fT+BU(RYcN!f(IgN~dsh1s$v{jw)nV9C`Nl_LV{vuxE@84UU_i-mDWII*`HFV?(@
zS+Qdx6nMwYCY(}qH*hBHSB18+KUsd1Jh0I}grIB><;FB0AklN01XPeO75Mk_(0^jM
z3-%rf5Ru-FmV8pS#F&7j^zh$_?@OY=eG=1Zv{!#cvEBl^nO@gB+Vbn9fus$@5<}fi
zWN0(JF{`MGpX`ehGFh+q45Qu8xXlp-_Q>L)A}p5di6HJ;<8^Lza!-*Qip7LillX1I
zrf~q+7-WG+i+(ET2J^Rv&Me#`z=%kxuaR{I4EEJJDl3*n;EC9X|8VPfT}4VFMU#WW
zys=W;i({kylVqmP6PkikW`Af~+5W_PDdsNMh|v7WOyGQ;S)P<~l4Wqj934C`n-K@R
zAQTt+qcAskp-?JyvZA{e^>XYQ4ppSl1xi)<MJQnoA<Qil&m737XvMxYUxfoJcmt92
zlxH!n;n_s%*;gBQHkN0JD-&fI>}7ClVtVG!OA^(YKZ_Dq^-PaQ!XcZzg)!x*?9hc2
z3HKY{n=$K;<ypD$fIOoVnVvKAy?e0I@WiI(`y9u7jxPMD2fOvHS6fWo0<eNm>zt3G
z`}I!XHVIm{5sznOPPWK_4U+LLMJ&))d*0u-p9HEZ6)R4+_S)cLBHEP_pth~sLkuD}
zw?_iFIn8|4<j2+eyAm6BIN(<F*`1wJTpcT3>T`T0+Xeq-f3dU|dd}^7SBnUDiNCL>
zX#}AlR?fyZFmf!n{^BUH@NeQ(S#x#yT{#1^C|=m=T8q9-YcTj>j#WKmMOwRwY9mr?
zOWw_J^j6o7CFjI*F4@xQpW9wje%Gi0^@bLyr53b7U*p=bc#lN6%#n#|_TbEK^BQ>g
zTpI$!anvSA3LB4L$|llJ$h(y}sPV}>k_6Ew$!Y1EObMy1qCNOtV<d>(K$$#3Xk##t
zzSC=~`smH>*ML)&`Exdjtq&FkR2=j@u_d``xd>g6xmIfxVE5bihk$FJ7DZp3C2Mw>
zNM2+>ePt>i%LN`1)|t6<#FT1yg5qWC-MHo=_*f->rC7U)g9*Ic`Ww}v#r71pyCE5o
zaTF(OKvR({3CR`^zU0<l#0~#jW&2mS%V&>ZJ-*8%lvR(*IB7kaIaHd}f~fgL)}Whq
zyPB7r?T(Mg!UkyW#;Wq!`2*@dt&@YxtzItvD779$GG+!I3u6+ut#D^cat(3-^XOTH
zL~9(T2t90g_+489`a6ED#!Rl)MlE`gyw6xK0T1+9CJyPPsqZvoNn83x_@C!dNyuwi
zHSin4#^g)QYH}I5BgasB%K7Qh*OZd?`U_9#cGnK=(ZBG>Y~hdaECRO-*jmYF-t*_R
zi_|`yhLQ`Xg#n7+F{e_S?l_XG^@O{$712RAe4}|A&ol0S8T>i+__%TVW8<+8<_y8)
zDzb*ODTHzQ1uMqw#rqmlkpHm3!E#)PbV1V%PNIXA_%Z({l&BUN0chNfLxE@>fX*l6
zhvd>BK@tfWBW;)-Ka^{pP~f%bvp;rzpmcA5ybUeKb9|Blmvk`8r_o`c6k{jJb&#VX
z(w~&;pfC3exU3FNlHgU1(~JAckeoiEr!GH>$|4nL*_&hR-z~JOHDlz$i8N6@(W`8`
zujLaO|1`(v_;5nw;7gK&o}ha!aZJ$tm*h;+gO}hKumea)q<PGyB@{j5I%=H$@4)0W
z1r7lSb$QAED3R{q_+CJH#rqV9-Qiwi)E)+sQC#IiI4R%GxxfXjFM+B{xb)Dax?co1
zUsL%ILI?aVBbe{!%!hY07qgh&*f{wq89I<gpvOTBXj~vo^|0(l9I?|lafdov{`@-U
z$f1AjX@7?ri(41<l^xz!zWCyHUwq;&b<qgupD69J90-L09rL<_{?gszo7B?Dxr*@g
z;j?>7k6rV%N3Z4^5?)`+fopsYqTdSr&f(;*@GkATcRV}ikq$=Zk1vpuz_0n*S>Il=
z3?x+;H90=wGQ}7m(%A=FB6%2cjctmpqVFcHs%iS@tnw{dWEm`EBfw!n3mR`^GXT=q
zjh$Zo20$~VvnfCTksDM=aTj${wDAVqnfw(LyCHY7KAkUmAlFU7rqiXti)e6id{l)P
z<2CkoTct-)dI*L2)CV^8CyipUl>HS_BFc`EvdDUi8&4;|zHnYcd;&tslI2_qOY`L$
zv}GSNhQxK;hZvK)DZjXBI8P%I@}QicdlFg1-B^SmcuKoZW(?baJwGiX<?U4Wsm#WH
zMDe7&NAOv=zJeru`cjK3`nB>L2G?Hxh8B_Y%o|@^AU!nRi0WF6^hSIq)KH0e!*z@l
zvLN1ZE#jkbvrhFO=M&PBf+kI-;08XjJEJ3HfqCu(Ked%J+sohAmJN`X-2BN&q7fGo
z^3{h@^H!8K%lz;}VSYEK77MR3S%xW{lXY1S<|uHIDXO^&grA`b9$l<Pvx2a!hdpxc
z=4#-%iQ5=?CSVp*$&_Ro?nXe*k}F{1z*PYtse^}EMQ+njtCJ0N6Ve^rV2^DIh{VVQ
zkB~)7=~ODObQiV5%_f?UH21RMpMIr97Vt(bMG}~`mkar9kjSh`z6-n>`!x>t#wO7P
zHVS$z|EA^&_+6Yao&)ZtkQ{rk!Tap?wUys0z^tvHvK#}w18O0^UyyM>MD^2-7jAoH
z`N6s`u=l&~NiWBhYd<C+g4nVF>V^Rb0iSFU7-agq0dNGQUk;{*Lkv%CITCWf0}63F
z!rDQ};&(%^al=rNb0wZ6s;q|opoW5qFi|V13q3$ztpuD}bPrstxs|7l-gbB6EkM(Y
z^RIw&8VEf_W&4UMyB^62Sjn1?Do#&l9`Yxq+st&g)qUxY-_fqEyovd>FuxCLzwo&>
z)(vf(+1^O{scD@md$qoRrmxLSJg>BmJ%%!ap(G|DkIY!3WwTi$+ds`fKq4nhsfna!
zQH=!xr3p7aJ<5)O0ON<E=4Iy6mO8}w6xCC-gA(TXAU$^A0*H<B`*hg^@kIdbh}F)M
zJf(p72Wc-pV9fg&>U?+8#CD+s<?FP_`@q!Qn4|W8qKc6uTj)u{&2u0-?k37L`AKHg
zbYpvYixwF`Wg#ZhRU?A;6TgOtm=bBs$0fDE$00#X@wM%$pM#3Rp4890o@GUqA%zt!
zo+RC<vGY_0f41t^Q#>+By~>l+t6Zp;jMeFG;=L4Z2Q}Ozu6DW`sZR7y($YhZD9M#t
z_Gr1gX?k%%`DQJ$#x4rok^xf`iltn>s3dDDg`QT01aj0;yFF1Qz>w>-dX^j%_G%VM
zr4bpF4aD-6x;a9?WlUCm8IJ0RJ;I@$aA&+0f^3ZgVxk7)Zkoa()D_8e7^nsLbYG@q
z<>?9B)(r0J%{M(weLPK?r)f}i`MSCbs>@f`E%Y=F^)&YLORB%v1U4%&T75#UqFLt8
znU-8yR%?+j`08mK;%V&V#|O+RO2RUIQm&_IpvNY1)olOyo<@y=R)Z7m1}9Rgm)gdj
zro8I%mfCAgZs0W7*V8!g>x#0-Su)0RrS-->YJ@bVMkw7fLa;xpT3=^1Sa%ymJdFtZ
zCm=cUse$=*cWzTZnKB@o&`3LsT^fNN>iDtINYlWkp^Uk-QEME69GG`vn2U~)_iW`v
z|7rpZStEX`6#~Y;UYQWRzDaAUDQKGEWT-=d=CsD4jZ>XigVEBA5@{)M2aoS>oKetN
z!@)^VgV?P+zZG`2rlfpB-5jY<pt{z@%Va7U8)l63xekS{HzlS_V_)@J+Pk%odK9TC
z6pZ_gyrfm>P4&dvni73ovie|Cga-O%`?nSqjj*q+c^5>zx@nlZytU3hZ$$uD`1KaQ
z{<d|VW9Qz86srm<hx5He@I|c6sXJkpH~uZ5j0IHGmc1h<F2n&g{g|f_qrXX=K1owb
znwSf?WuZcEZujXMs<oBUQSDC>yVC<{sHbw$;@P?nOut?Qb0>stySKDcm^}AN6t|td
z>%ZsIH$%x9-swTfYEqPJlu#%|$)>g^ID=BOYKEd!qOliXeV}ND(5jjwt(w|tGdwk&
z=I5Z28`>yj13Jg{7uqpJDuek(sxp+tW|xGH$O&)e2u;o)b8Qxx>oOk4)XjXN=Ubbw
z8Tawd-6XTHY1-W~07wEfZK@g|G|d`dIgUan(X>jtuv3V@$iGR`&ajLAO`6uO=GTL!
z)d<kuQ_rDu$w5J9tU*DqWKb!ZrbT|M%Ki<yW;RhmplO0NHl>6t6LuBq7eh4a)4AjM
zVEEY;Nn$Ju2AxxUn7p@WpigwweizmPLPE^4o?U+(&77)`Ay*Ytbko9up7SvcH8O#N
z>Qk}BYD}tQXtNA#Q+oIc8*D^i<QV7^i^CpU=nV5GloZjgJy^B>%C`F2T4V>pkGIxc
zFZr{C+~Qth%V$W(-H5!`&Hh6>DW3V({;OvH1=xRU3uOCklkJy7`zy#@-FT*7ukJ*?
z7de_sF3tE<RA*hmbFc)$g9O%YleUu1YM)4aEK!Gno10L+==VjIqv8!^46<PsEhqM*
zkBszvecCtVTR;icUUzS1zJ*@CcrxF@c&(w6VWyN7*QD|-^zv=_>g03_IN5%4x`ltE
z9qcCwagM4ioo?Y}ZhORfvePZ>_>qvL9_bbYN9=S9stGIIf~DnE=@x!X9h4sG$=9b_
z_z@-ke!7JghQ`sGsi764fulF6JMeS=#U1$b$9p&%0cI6{M%frFu@d+|=-X;Ux|`Kj
zBlf*nhTxG`&wfp;Jd7ggL`SJAYPGO%H+<}}J~mq)&DO_r*2mM<#|rBstUfAHt5we7
zA8NJAO8%i%t90@YwVGv3Abubcv={Auo>#{O<l`+OitaEff|>3Onf5c_$BEZQ(!ODA
zRzeU0Oqbw<<kqK@=-F*mIbfEA!$g;~wyGa|Yn7EvSHilG^S7<4gt{1p&ttpagX`UA
z!P9(tk#e?|92e$B-XbL692^4@1@yfr!$=%BmG~xz1thbFtY8Y$hATD0J{2iOr4ihS
zn~v#yQAWXklGy__gCS~$^S%10V&&f*mKKuQg>#t(s3tlMQ7VwSBWFMF!6jp|KKr;z
z(ZOW00*(X7UPQluyC?dEJ?Ny2?+|lIY{<yYLS|GFb->$`AQtHn2Y83^gaVNr^eZJ&
zHQt(`a3%UDaAoz1gXHT?>+?_G_X}rpJ94kRA-8HVwwN>vtdMaZ%>|J5BQpxllvg5~
zu~CsNZeGZH`@W8ieZciqaJVlv9Q&`}0dHIaz|<8QgV5)S%;xAOg0a1)T9Z**eT06N
zcqXI4bpGfxeGqvL>~fA0jEUfeW-o8pszqzTTMltyZqbUG;{aLu2IkeP>4RG+$%Tz;
zn6jN&n4{IJUthwtf%SdIKMp#qMK7Txk$gEPHgN!uWSJW#Foj7OE$gCpa{u4zDZkCB
zJx)IJsupiL-+O293{UwSXFZa$Y3N_JY7PGi7R*~A*R2BMDhXPmuO=lCEZ#iWLUD#r
zLRJaN!@ac74uVDZoIz{oGgt%OsU|<GBU|DfR6&uCBES$?6!B42RKRjNF)yW!q<xA=
z9+NN6;$`A=DK5Sec8xwfRAMn}Fa2zz+Do3sInHFDAhq?G?fsxsH3LF`7ZYQ5t>F*C
z{1c+p`rNm6LO%!4%F!nvGs}#+kYNGWWBq2PHM9QM<;rX#hukUfM9cu$#@%Gflg!q~
zMS;qC$jXXTmNd8I`ukY!*Z7H)s3l@-B>@-0A#9`|o+H#omORMdFg29;OoaIfUYkew
zWAmRedIVJ}eWk<z?5PA_&xscxT((No^Ex_>U8&v9b`~Z0r;?EA0w3Kj|0RV}NqTN1
ze7P8bt^&C7-*DN`-AH4Q1drGmh!^h^Z4k0uQTSFaK1a5X7<nmG;ZOcaX4#&uEb-*k
zOk|*F47aNpiGF*h@d`a<loakJIn}5@QHYgFfJy$qbLIEnm%nzBz!C-t@z5HjXYs{J
zGmbcHq(THfWf%bcO0o1R5pl|L5np0^;0?q>?75Fk*&a#$9_}K<TC&|XKO#w<NaP*R
z=Oa;PsG=Xnd`V6kEh>zfO(h;+Z{YxsJn8T3FKs#Ic8HYjFUisxh@Qxqaabk(NaDYW
zhO`504L*eI+EYH)S^t?95ff|)e$K^%Jp?8Ti)1nj0DnvclvsqPC=B0qJhwJRWP@7L
zQ#S@7Isuhz41ci~>#yYI=%q$;!gTOSUMMoBSxt7cX%fHj3f?I}C3Zwpg(`Rj#wFrU
z3(bH(6<PO4<Fmf9W~km3u#FvHnKy<l0)$st>E#+PF)+5<%nVf-RIix1SpLw-erRNx
zqHf9zO9Gm?4&C>#P|s=J*x+^*ttbBNLa4nK-6Ug<O(>C-b_(iMngVCm1FR--Ztz)d
z6Hd&lKm)i^<tm)qPd=XAD<_W@wd8pZaNr(Iu1DGa@`=t$?QxRqR&C>``<#NIeF*k~
zYsx1$>zm0?C*(5tyibR2vOCzm;36RxgM<A#(c)U6(>yiTTjTM^B$@#X*au<`AyQk%
zNhSaXC>SV3?fy6OO0$^{iLT`Wv7Ln**rqLCMMZY>VLq~q=sKZ`YeYm;h-w9^l~L-2
z&++*b-SY{DbMYr~IQtxA3f?X`eUU4EE?(Rl;w%~T$f8AnTk`LUQBbAj?RAuvm3<sE
z{<IaD`*j7FLRbJMU#>+X@&kT4eUw@H)tKgwKLAB0hqWs=)NanAoT${ln5vHUU;l=q
zeQ%?sX5VQ&dqSSQt)8_eh9~+b@~~IdTN8s53>2Hr6t>OhHg^)X`4t>?8o&I$m}FL}
z{0vI{3O6PP<3$1k{avyQpdBpRzQPw9^?^G!_$hcf{jbLOP6mhBxQ{5rXk0ps{a6(E
z#65YMh(&P+U9ClDNfX#zngUOP1$aqkI!Rku>s*^t#_qE7q@K=8@G&z#>Sl$twE$vB
zuuX)@@?OlxGV-G)exKSW%3nNv9{FQ^-TD^DbS8w+?{@{qr1blUO`PEhvPBs_GUfVW
zcNCUwFR$kKM>kou5#=c6OW0cM^T%!~N%X1KHw6d=9Db-D#OWyG4aBEmdd(Nnm3FHH
zxPe$5$JW|ly*s?PAE(V1TEpACSIYgD_)@KZ<s+-69PUw>-^8X77Y5>zsrjH<|FZp_
z@;j3oiY&5435teHabu4@O?glG_ng}DAM(u~ySD@kM=rw;u_Z9&OThJJfMIGiUs?N?
z?H{~)qPB9>g`7}8`&Q?KaK)8b!M(oNFu(rJin8^day*tFZ(+g-x_d*qW4@u1YJIOc
zMp}d+xLmq;jX&Kl$)Chf9=hW-qOhHk>n`1dSyT>Qm`;@ZspYT|`w7Q-DL!}8lHL_p
z873{jF>-C~Fm}jyeW%45-eRs=le7a)-XPQKDQ;_C_Hk59Hb^T6uWa9YObd6yJO_W)
zC|kMr`3~RZq;YXG5Iv(<xEBO;!+1~1Met|Gti;aq{#_oK3-|-?ZJiHuU&nP)E2!pv
zROwWd-Qt_P<lpt_LWD8v$`eM8y@o%rJP{@5TI0nA;X<n<^`X^zbSMoc^<Nq1w~8;C
z%w=CCkcg}~nI6yvCtHR-)f}b@o|4GY2ADU_1(3*;`PEHGOmB3GK(*8#8|Zb7(V|ls
zM?iM<WWEr-SJD3s*f1-`^UK7PYLQU<PF^DBB=5Ku{SQ^L1!RiyP2jsJ#eY1<Zyza%
zo%~6@_v>2%BqjB^`UStNZbAY(!HK3FC|&Q@2N8UMRo@Ir!c-m1eN-CcLV;IKnm>lr
zwhLI#BWi}Wa*ESkzOL330qg)TnO!7)m~hE^y!sWWh_9fq^?`lSIvOUzsLb>XS|*%G
z0raY$KYlIr6q@SNLhW)M_wkIK>a5FWe!+lOA1gjVRv5+5aIfAggSl1oW(@BIi{Ihi
zh4zZ^te5eum+^>H6}=co9^)CS1`=7zbkZ?))A-B%7M#V!h-F?Pe$2|IFg^nby|SnF
z=|jD3ZpA5sX=E=%uoIiZDtwHlZ5JO}w3=CoF{7L~T6BVdUko5gd><`Dj_GTw780v?
zdCTTQ&UY@L@+5SavJAC3^jTsc{3&JuW(#~87gH7gxRLL|)?oIf4=zrvHyWy@fU|K5
zTcElG#V2RD#2C^V#G;Ad#02gz#fBoe{!o58*-AcZee+nav+jU528X*9!0RoEKHQh$
zc7AE>87CHa^)hB}4KPSpf4=fyNv;uECah&mfkW~-PG;mZ0yd(J=LEn8+_aFHD~&y4
zkh-3iD@Zw+#7}HO1ywZ5K1!HD)>H1`vBB(B1&iPubwFD1Nd&!Z6p|j)O-#yZ(F=Ky
zK0&^wec*|)_L{`A3e>7u^5L;b6+QRHV76VCWY|Z*S;p@GA>lGz*&(_5!yqca%Q`f~
zIPb0HF`CiB$^6f==N}v>@$Fd8N`Xd*#G{n_-1rH_)Dre)2?_s~+mjx)Dtai)xJB5S
zBpP}F5+Fs_pe{lXgu&+m%OUG*8q}kH>|Vj|;6;Qv8GEf-&oaSx)^kH*2<wTNw!Y8I
zqrNrY__dZCisrnmZ!askk!)zz7fzT5OB9)WJZvv9Q99K+opQga6iOFEw&UWic%>qH
zt*6q*{@(aa8T?Xzi#%pZ(byLZPX<^i8-~t6rM_I*Gd4%!Q;UG6_bca(M5TdWk@Eu<
zRjy|{Y#~QA7IxCgC!m$=AZ|{04UQiFsv$PSiBhzW#%)kcex#8{-EZ-6%e5;%OJ(@a
z%1CG5YOVScOwYu!Y=>`d{=<I9L8U<J-YpzzxsO~~wXX{&$4tf1=Mv-@xcjx-Dem_J
z-gV=vJ3K6N^kNaEH>dmbqJ5|xtF1&jfO%PTd+>9Ae3HWxzy2vteAX^^_~<bFD&I!s
zvfZs!y<ZMbup#(HVo+-ThsS1V(b<Y`go>iRk<I)s=4hbo=c-W71brm$)RvvEo^YGw
zC%%dQ!dTo*S^3V2`Bq{@cT=T<U-xJYOJtbw(Gv(m!4xJ>aAfW;zohtBck1|ub56+c
z4?xu&@jIW2Pu^7-K0ZuanZN@QUacIOwk^0NQJAi(@G(4|@he-O7{&{nKZ3mfLiguC
zBcMCu70gG{RgkCuZ}k5Ib<2a1g@;xBn}@+Zm2*fXLE9$cqxc!cFN=~Ye;Iy;9(`B$
zZZXaqDR-uFn6ltG$PX{U-XM?_ZrK^`x}_H1#x*FpTD!S#>1)ci<Hmolmq}UIlq*3l
zq0`f)@A%cv5OczQbEf@fto7!z+f#44ds}s!)|**`6tU}k!W+HCja#YhE+Ir?B*Qj8
z;ouSWs2pRe9Bo;VOa+u3*;EidIy2}EAH6?V6+SvEG_z@%BfP;GKKi{-plMn!^>too
zg864vUvVH>^xyf>y+v<PxG$u8qbR|a@ibZc?vR$OeHSEODo48dXv=;{!55hrb3LQE
zOQ5jUqDK+ap)I=?1lCrLNB!ZbjCKe2`3VFazxAp3{9WN=!z#6v-Td3HRUN1-znDl@
z!40NQVZ1Vgzl*8i#;EL6jlfcRkd1$w0`Q91c9O7mP#S~eHpIH%XHITTM{ohx2aYY(
zeRjpg!I2f0YYjhUnBj*U7i$d`17y`u9Y{h?ZCR88$_QJ|%PI%?6CZM1?$tc+NfJf3
z=6MI%wEnKPGP`1I@T|npbno+4=<k*tv0n7jyYT4Ppn2Y{jFPQJT)stYDGHjv+~%sr
zoE$g8N^>&5(+#XBJCba8bz+sW%(UAJJ(qY+?Ra~;V^|`j$=>cUMx5I2V%3z~?x7%i
zZN`~utIruPnXLX7_P3aCdr#WmRZpq?{XzBrf&IOX3DbYZ{?6e{R;2SCUM2A|e;z{u
zA8YHyYYpJDFu~8g@dq98d!CBlq6iv@$oeI;s?Whi<SfCr%=O%<IZuG&#P1NjrRiY{
z1sgy`z$wpf`xeh@t>>Y;t!EcV*<0+gQSzX7C$48iYG-K;A^Cl&C-&`J^ZR^tzXAla
z%v<>yc`z5xGJe@bqm!g4sR+5F5#cMPYfud(_Q^qa|026^V!Pzmo@T}3C)L~^5D&np
zRH#eX5rxslPpxP0k~=XPQh@=C<<_&o_A@qhmQkmk1qY~p?E4`MwyFeq$}+B_K-qfs
z;u9_0sg$zfmev(F$W4<Y``9Ys6^#J62*)Qo_B26~_+$rMODa9F@GpNA|4s4p#$_||
z8I_u@cZ82#xa5rRQD<;+_~?0Tu@BPc;n9nN{liCRhuGh(y%IpB6$NH%-Sae*=udlA
zOLhODtvs{*?cg)vW3xjEd6@WwzuD05YvCpypa*9NOY)Wzbc^z~mSvoJ9HQkdeT!5j
zeY8jBu`k1Wc7~5$AG)Mz>WT1fX#RB}XVcVf^|dN=M);bmL;2w)j`O(3M%sEM5Ym&A
zRPQn`p{hI)QwXBd)D8nhdd(#3kEjKWZ$VvHl-_D{6DLg|cXQhR^?J;EstI86gJw>8
zEvgJ3{^an-d;j9k@HWx)D1TRT$|m`Jk4~Dz?W*YS0r0c9=07Qbmh0Wq0!*?39EGI)
zlJ6B4Y7IZ*GrZVwzSeLB#kk+~($~Qj+;3^$RB)15ewdIJ@-{k<zsgXKMtaxYslKLH
zPxvV!@zKMvaavT_Y{rUyy!4pV4UQ)tjpGf8D8pUru{CrnJC4<MtqyJAa>8<*#eLvK
zV1?CsLQB~%uCp-C!BVV_kb3p0X7`b|-MOuQa=4GQ5+tUdRM;-(pGbWoUHvewgJ)0F
z#@(AM^6GDiv}{%pOc-)b?F;H_ddRGQQ6GjIyd-|-W*C^f`X9#g^?3edY7v}+u`W4V
z#wnxx3!^lH^dS#SiNqrJQ4#qPqwvKGnNi&RRLkzd_^<g&B%fh!ZB>g_WwsnIbgc=E
z5Nt@TWi{-9Q2%i<(*A0OEINxv<T$>NXw(wdys3m7HRy9|xFFQPz;pebk;~CuKgc_m
zWIqG8!)qe!25D=Yt(o~05wyoHmspjeW1JeV7@-W}yH`~(Iy521>IdcXp%OM@a7<fO
zIghg>HYzG!@%+@QMtb$hC?<O6vAy}}WD3O8Nm3m15M+Toh$HQ)6x=MQKLth3YXxjc
zm1af>WD=EGM9-8<`qYB5X1{E3NEO3pQX3MdAx5|hSh8nkAh6gR{EoINe@OhMj>xgz
zwR<C7!xw+Z`UiJJx-Jh*_QEw|T!rkmrLH2paEN1k=nq~87y9}V^z9=#;L*323*};9
zdzH+##!2It7R)HH;N42dxX_qce2fo`l)CZW;*ThROg01JN;A@0a$t5{B2=&m2M=+-
zC@+04J0NdT8ZYO%>DtQtJ}=8J@7o`RyRIQs?YY}S-xIWv7@*;<@mjQjx8bg<$+n=r
zTpmI@HUsr&%LzZ8%k<ets>cUBGJtd7DZa~VJEW*ylP=I(5<kk2F+WSr%WjE7Dzl|M
zv;@Qe0_c27;gh=kZo04l<fN8QD*P<>C)IMgV2U0oeYdy|A-`72Zm!q;MD!^(0Lr&7
z5W9>(XSsr*{?d=QL$4AUw@CJ#_ak1>7b^@Mra~&WQbK`IWEJt=Q^{n6Xg%KhMu1Ha
zlab`2EJvZk_lZtxp_1qdK@Ibwhdlis9nX2xlku!TqVYG!BN@Tec-B(me{Vc<?D1s%
zz42V09M4t%@OZj!cc!T$^sPs_R(|)qkE`Iiu^9!Zlr6cB>uv4fWe6X9Iw|ahT%mG<
z4DlTX16>zi%H<2IR|9=P+2fDbJN@yi|MEuzd=0|e69xkX)X2m@>%Jf@j-*Ad#Qrm&
zusbWx(U$*;`9LXsb90va9i82~{P9{4ircuGkrb+(hXkkeu=em_#)V(VWmQxk&5px>
z=?30I$rK?(R${yu;<u>Ty!x4nGZ`#fiU$R4(o&Wpiqjy9?eY+18-irfB<h4PlmT1x
z#V2`e7`GOc_&sKbeudsmijTNhUst>{=e3G6@4Ht5QB9Wah4$}I<2YcC<9(wnJ&sZ}
zj)WBGIgaE2AktzX&LD_;J3#W4`SgK`p;I;2^1wXAPVlZu5+*cl7t0Y;)*M|QyehRn
zGs#q*_gn;C7eX`@i7McZ8Sc8=o>eiwh=b6}VyOPAMebsB5IQ39G&{(-y%Lj9d!E|z
zA++IpA=xz?b+0M${EMM(|4)1G0v}b8<&Ssg0RaLxV0a1=FhBx=L>?v(H61$8jR~SM
zz7-IO4-lB7FOLzWLnlHLTUke)(cM}7&(6=CnVsEX++9$d!2~1$R0d&0#aTgS#co?P
zzJftb|G%eh-Q?zgd+iAzkK&`L{@$uOb?VfqQ|~JDTZ_SWE_lc?u6@{Zh%98M;z2m~
z@ez!kNctMEj-<896_ke%5}Amdky>C6nj$DdDw<r8=pUm8kC(%o?Vx{&(4S-THyNcX
z5*ZC*t@(3PD`(B$Lqf-_`J-Y-@ngyr3S3XBff&jAFw&(`g684|CLGuJ333s+AAe}v
zNnxQ_A`YH%5^Y4=_*2nuj!dH926^l+u#&%zM%>~d6_Zl-9u^V>L5y5YA&;V%iZOzr
zAZRagi?hE*cdVnf@-RY8TI0UVk?+QFRg_Qu9a`nTlY6sPwI7~^Ykb2KA|8mr8XxPh
zD7QMi6#Unc>~F9{v}p)ZqbrG4;#dmx9bA<8(NjbHvqcZKI2#+Qpq+Vdmk;yjp{09|
z1nUe#{~!b`xuY8=XoOt`0eu(oiuMarD`XFX8G?5~)e}TtK}dtl3-Wj`hPkG&Bi)f#
zFBYppH({6f9kk=Lf2PSVHW_%bF?)VQj60~B@BT3;U}rRrYXq@GzfUM~6}?OJhRJ|e
zbN?BM&|wX9(f`m0M{}dri(*gn22(LlO;<DpM@PPf<cJZJZ8o`vSr9hEC=Pc5$^d5)
zNGn3g$wyE&w?PuZKp`(+Wq%86ms(jX&i>58nisY(3tT|NAhQ6&Sa8-`az;CrN7Jrn
z@aDsj2pGRy5>(^}aToX+{roSX?MAVW#Kb#5p?~@C1pNLh8M)BZM9LAEOp*2hm?pVE
zv%r)68g2VZ*)&qH`(b$PB1EB~TLu*=GABwMTP<<+y8c^Z%vzHDQFL&z^FW*8CIaDW
z%-9FPTrr)}e4DroEpm#-=skJwmSfFmAJju&e}0Msr^`b)I48Q;G$4Gp3}v^|gP}n1
zbque_FAtAk{sZXXk@};9e98W!BlQZrQAmAqMA)ZQ`rzrG0JAS16?E2;4no7Q1(;T=
z01AqoA9}K(gfplR6G%T`r%bUx=)d`btZRoz3MA&m?kMOP=2={LdKNb_SI#FnI(Lyl
ziu{g#e}AP|2iD}wmM{{c=7R^*z{q;N3<km*Oo$8ybx}!!pZd3F_;FOS>In$8a82>>
zMDbycR#hcGB#93`eJS}S3$RR|N1%fMi}c$FbQEB&e)W~1d>DGcMJ~B8Z)kHJQbYHJ
zAIG(BqUirXSqyc3{BzObn4L1%7<sD&)IIVugvq~IzrVoWJV{?d3YX~C7m}Og((fcU
zd4@id+zu}NdU8A7tY3vTTvT>gt<lgaSe<$dUGB&nU6M^JE1PZwKV)}0o2*<Wr7g4&
z<Nj|=`xDs=$>AXA#n>d$l7l_>f^oC@7iS-Btz*KRq8_(avyP~(sAlUvYij^Zo$v<7
zOBspEwg!xeQZEkX2!X)HG)Z;B^9D80r4~DIE0F|*4RJ;{N?qwo?r{u=H6m8ONeQAE
zbUD9KWz!@RQca$N3pJ&#7=1w))SNa`M8cK`<uw#GfqolZCPWaXDHkS{?CgJkO36VV
zqQ8%W$^D2-n!1z*$)V($FNp}cMWk2AB5Ir{VN&tPMjC3dW`T-0JbXSlK)W&<PhBp#
z#lO^ftNx~cX~N|?9!u;x0DO^XAwOLH3iDeW%qwwX9}r~zsVQ?R1f2CDe=@((@!(}_
zD=$dCPvi|sK9oEFpD7&Zi6#^Dg#Me&kZk57&my?d9~DDa&%~=z$|riNJHkp`u8;9J
zw;@3qC>>|;c~1k9pfM%QL}A1##wA-KpW`$7({gV(T{rE)<z}!?!K(xjD#Mncr!ivl
zOvKPRl-!pHhPvJkvxF_s+i2uv&=liq<MQh3F}}wBGcC{=l>|F)ibGvLem0Ejsc8~_
zB}kj|Mdq+p?Bt*xDJCsa)8wH0VCcpJfv+!EvI9$CPZm43V+lkKyKyi`3(y3U%fCF$
z3F~?_etVs}=n&Mg<L^7MQOyv6G5(G$L}+ng`#k)hp>#<oJ&g~gW&giH3(%$q>h?L>
z^yV<A)~fy+USxb)2G%?AK@6-T;>X4MpN>DU9z$JZQdm<0H%ATtArG=h%&dUJ)`Bo5
zCm>mr!$07)4wS<_VI_=mh>$_1^k~ln+LSgU^*>NRV{#!ay6E_W^vg&s<sd!kxjFJ0
z(l|c<xMSZ8iPx}?9|q%c*gOpRTL<QBJdXN^x0&<)Rz4ZSaAc<F|3OJCYj&7F#cs0T
zZ4|~g7-ird;J^*qp|T@^=H#-27<L7kvzDCinUnqpk8?-tAjGmmn2yOAxMhP*fd`Jx
z(tBaOOsk}GrY5;a0szJYBTBHnK6{_`;J<@aZT+^^L4z@v*>f=e3OeZgcJZLix|^;O
zK^LJo`ydrsPAnhY%f3Vv+Zz`e%!xrou-3EZ5C%Kgvar<&0&ik;;oD79%h^rl6hR4&
zF<^^|C;Kf-7GU-tZ?goa(WJsnhoKnjNOD-@8*efk9Yt_L3&c|u$p=soX{Lcll?1PA
znSF>Z%XtSa*a$otMGe<r(28cZ`813^b#L=&7Cuq)Hsa2<lMGnY0v(~^#-zth6qhDF
zW+QpbqO>G?oJo&1nZ-!p$bN6|0rVJeql{uMHWuAs9qqfxR$Px(cP7k72}a(c=D~bS
zT9ewxI$Z1T+1N6;8?@Kg)e9{t#w*{E0Uy!Js;PZ2!17JT;7ZT;Vu~L+2nBk*e5Om-
zOSJHYje~8Xs)cS4wK=Y+Q9nQ|frv#%M0Vnn85rek)<ZKnL`s#B3=8<`tN8SB!3VL{
z`STWqpH6e3*c%}B=>3k8q#4qe=&)RI^)R``CxiC+q~T9TFJ=)D2xTIIz(9+6sF9w~
z$e&+C%lnn&i;iqV`R!1>B%G7jADgiiR3~M*{43HOzW<Hp<8HCW+HSsA)(vZ{P0)L+
z8{Al%q<0Ctm-759#MRujSnRLCk_}c~a(3ft)gnCaG8{fcBoOEW`8ZvoSK|(%No#Wy
zNzP}rnU8^BU&B>7-r%d^qEl>R4)yO{?0iKY;lQ3dZ}yud*?$JBxNDqtmjCGvYO%M{
zH8Jzi1*tmh(u&}52b~dgXZ95Pnzj-{MjM`*i945^(GjgmgBpgy!d~2ip6sLamcu-Q
zqUbErDx??p)S!7rV_w!Bu0Id=C!@B-Xn^=xHqO`G@BFn>f2la{gYwR<HAPO>gd&IU
zH`FHgq5B3?ijnhd9IW|jpzEc9peOFi!x$y4t|+}67jU3}?nkS5e{bU!*YJz8(Iu{P
zU)CFEk@a51Bj}(4UH=@8PN7VIC^|;oKy09E6Ok*?3Xjl`N0P(tt)SjY?z8ZGgWR~@
zj=G{=QVfCbID0|uuP6^%a@%X%HCwg)Pne{1;8oO(^f*XPW4JRY76&I{>Kw*5xqk&N
zS2fN{(Q1$*I4=WB%ou<LNHOIynrkL42>Hn$>uG`JBz**wH=HrZ*z_U{D>lO{x{x*n
zth<5MLU8G}5gXU~5T+{?TraN5q%APpv3m3uoU)9bU%IwH+f<*u#fv5w#~w7#wi3;|
zuLMPN8y;us>wO*TiMz0oG-+z}SWE??zd}z@h3<PgG!LtzF<PqsR-5#-wyA%Ig50n5
z=V&osu9wv6f5~~rpWn@)J-#LSbnAQ*x`wgnBS=EO5gSVk+WDArNYZlN5%iP#g%&*>
zx(oE1iT;<`qy}wM(!he;27NRw&<-XW4DHeX62(@+<eU3{fGs}Tb81}vT%=Wlp5u99
zag<ikkh`7P+pxNJ*o);S*oOZZ?Zi^J+euwx3V`)VI_CswYH1y{?4(RBZHl<@IIXHt
z7Tm{X!CgHQ<(P#a-4olEl5tHkZbb#rED&w29aw+F_7?Q)lE>oZ9cqTLvd{<1rVY5f
zwFO$kTk3PgM`08iu2iBmplo;Mbad@!;fsU7BJ(!u`pV2l=p+7NDs^;ma04lh>yNYW
zAvyt;X>xB=o{`$BZKO{xP`HFF{L=mft1thBZ>_15{uWi@R7QD!q+5M!ifaSiDek)q
zCxz&WOqj*VWFRM#f$ZR|pDYYyN$|fZMQr3E1F2Phh!k3BqTZKhq1%uQoyXa<uD1+x
zI%4Uybeae|vSB6Pbp@(~p~KGbl4?N;w?m}oXK9s-pep%uw9324^=Xx}$i=9)gGg>N
z%J3_!|MkUJ{KB0Yq~rLNs8#(heu=DyJWq$FAMiI}W6}<7(l&q7G_8te?#Q#xF`idx
zRkEu&x$iNaGqlS6)Ms4XCV#H#5;E~x<#}MkF!O1KnePNM4{Q1=PL;vPBX{DW&3DPp
ze@b?~5OX;~3^M<1GhdYmdXWW45Mt^*Nbd=!&me65!k1`D{sUU&HTXs6w5Y(c&liUF
zE>EyB^Vi_d8>;e9aRWYMKryF{0bL*1W1Mt@4RnbfmgrHF`Nxz-WMyA#(HZ@3EWQ~x
z+v7eMx4&tDuh8F=qgCO}T~wr!<^HB@<0b;kNBBDVn=aC-NXK0MKm8Y+EUoI_3`7h0
zi1rIO(Ht4kH&#qy1dR|f{C$MhgeW|vmW<T&dq6G|`N{SbL~oO%7wR+ci-Kk8Q>Fg`
zy&!sl^uI_S+u}c5`se5wm=)`w1)l8aFvb!jKy0Av8L2|nN&j(979X@q9oP#?tF4-c
zU*b002BBrxnNMoBDnRlj;jCJQUv!si@UNbEdvd2@q8sfSI$0s3THKl<dcV{cF2PAH
zv7qb1Vy?LJ7CVeZC29#RE79Y~7cCuN3fbLSnP4ALpK#L@Xi=Y|gHfkaARAey{P$z2
z{T;JPd8@042mjJ^Obz`rNLG8&FtayH!xB7f$aF2Opr@AR86pkJLz#XGQ!o~4LpEjI
z9HAB^Sh)-SEm|h@!Bwqi;Jpke{H;Ra@jF59xo$ArB)x0kknGtMHQ>H^(YHB*b~$G^
zDg4!#Rk13(mAgv1-jMF?g>9GGh-8lu`x2N~l;6q_bRSKM8$3Fpx%q}JBRCdVs=OE(
zMMuc?5;Sq7p0bdQ-WBTJ0a#I50!QJ|Hc8qaS2AyB?p2t-Mz_+9xzeug{0R>X%f}W5
z(ysi4zP$W$W3^_Ie|h%ua;@?JzDMXOjMBCFLw)^VtE#AX><vwG;>CNqfu^TBLi<~c
zFQ3wvac=)n*s$|@p*)Vlh>@AZB<Uy&Q>J*U=a0jFy>DU7p2TOd>8$d3;}@*iOZcU&
zzaq5oX>ahY&`hx}344-?gIj2eoc~+cG}^`ijaWX;gHXo_a+Q8RynW+v;QHy%0!!Q7
zjAk5`ZFx`B%bP_0CSo}NJr$G$W=3Ez0uJ<^8X})#w18*guo-6Ll5`KTWVRzmw3U}3
zI@)Vkr7=XPyZ?$odMc&{#(7|}GVqB+^pA)lvhFAH^R}a^q-SFwhwS^hBKytAem{|N
zGmJSc;o}>!e>Hw->wARCo(}y4oQqz;5gaGOPvm?Ie37*o*!_Q;0I=vii~z-5y`ih0
z4*eJpc2KusuQus*|54=p4HQ%4WBj4#GQ9IX%0*XXB-P0hXE@|}kyfEr(eenkwPMiY
zcRC6m1Y_F2;9v%|sJQWCq}yM+k6M;h^eP*L3-$c}o)B9{*I?@?whUu(-b0I;Syxpr
z@0wdu?HiekHA%>lb{c*?a51)F!;@AMJz~sEXXFa#Qr~spqZkqIa$}}H6BouoUUgGE
zp+9EUz{eB(uT0VsbmZ}PY`FG1>iJgYlUD{*3-{&K*OIpxJT!LX6v9p%*842{D1z5j
z_NUO)HjCjMC}EWBiv1`J*J<8$WhfQ9R%%f+Uk}_k5Wzgyl1!6qcdf=Y3d~ymQ6`Uy
zx-VP^dL_<}(D%M@3OdTPYylO5DWaxFtc7@JvmG%^glgR&lo|Oa>}D%Q;JaLFFky#C
z;<FG%Nf4W@r3|2m1<{+e^_Wj>8VM_~k*LUi%#N~jf71g#Ejq$KVURu)YS+~>NXPAU
ztqSZ7d~77_)h5+NvXG`x+OOtL3nii6*T7uw4|(45H(jf(+K!oTDeBQiX=>Keq`?#h
zTE$p&nfGcgrRIim(>$Bl502|wP?tkpe?Q|8tlf63^!jGtd0*T(MiZc+{G6P_tp=U$
zE9-x8=*p)<<<v=mUhdQ;y@ILdA0xK5>6UR0+`m`#BrFZB9RD+1vBx;?L%lxd9hX0k
zI@g$5sj7re<lPh)oOv%3OUdq1yyb{|Ks}SEh)MptwW<aLpbsAL0U`F|18zUS<bu1-
zF(cx^NCkJ@p)R&$5gGa9XiG+}ZOsUD6>|t}b3^UtcjV`{AR_al&%xp>_W58c2l@E3
zB_H~AkvWvb>c=vlAtk9U98LFcQ-=n(r;OIp6123bX<FJfXg#mS|6W{g;d~K-$C!qi
zaji<MrEWwvv`yQyU!h5-9z-zIb;;Zh%+k2#xS24=^WVY$rHJ2B9<&C6JoGd3@QNi5
z*kuP_tf@ZSAI2c$`IWzEAZ^pd7yxRct(uRXhoMxBk6TQHlsL59D1cDc%k$}_x1Caj
zid&fWV(ehZU9^AS!LI|cO?eLiuV`kZyo+gmpuxhi-XlW$99kqs-9kt#@&s+#-bwmf
zfR(oH#WZft!4bUm7v+XZo(|n=^r~N>bD5!$FCw(I>7t7Za$nP`Xj0dZ5B5Li9o1jS
zIgD-p1={0VY4i0>@Xfz@#VypspN3`cd~_hklIzl{2z%%Kl~j0u8%Gl^2ZkjZL5<|5
znJ8#?@QrY%o1w<I+>-_yBSnBD1RxdmK@TGRh}JE%7rMZZd1WaUHS+J%Dt||=56hr%
zMMYWTPIiYpkNTTZmh?cOY@AJ5C)2*t)6L;XdJFT5t6oH4bYwg)I7!ja%!!fH%3%l)
zd7Au8O`8b-xeZy-Qe7<d{`l1e{g>}3zx@ximfziwWm!x4SxfGg$cIS=2d~k_16rhL
zF#xbhw1LA_mslF<XyLPJ7J59EP><E5E^w_*j9l5(l9!)?Eb=l3Tu24<v?!pka)t^T
z^8v@RU)dJ^2ZDdJ1;?rHJtD&;|DvuAFjDP`7ma1A$FHj`+l9Y7{q2|oH1+@gO8>Vo
z4=pA53&U1?JE;BXzW^HFC;j2p^amK}r{Wp&_U3<Eq*Z_VK>mY{m47t3CF8$>YNNRC
zU*3{%(Q%9W_-)l>L^JbhpB8PVL|Xm-@^_{6{+@W!detyxLs$J>X?^lwJZa4`(kg8J
zyVB}{Xy0FkU%(DQhDENwE3Iyb_WjdZjkH3Zm;6l=v{hC3EgG+JB@c_n>tT-*_kWtL
zTkO3SyMh5uGP)n$!1Cl=Y(Z}lJr8&C6dbo%^$~!usG#P^_#Lt$=Az!9Fm;JJ*dZ4D
zIzo3_v`|~1=SB`2-ldUW;zxd#uUCGyKDZ?W+K~159z~x_c7V{j{0d)M@cmllW5A$|
z$=?pzqe$hb*lKe$kxtvwrubDWP=<psJjC!HzwF2Kw@|3>J*NK$WVdBZZ}vCDcs?C;
z(6E~0`CQ;rKc1f*?|8lf*EIi~<9QOf9J6EQZV7tzG^(egwsH(#g+;h%|6>R5=>8{a
zEANCaI_%zg?_y*<e}Fqwv@d_UwyF{>KPgtIYrhbwXHo?g=3@tN3ps}6+giH%7>swt
zU>qv?6l{@Y@L5Er3D1jamA4tcF!)@8UnrVIy=mY)Sqz+!1V$107<=Aic)Bt6#FX_?
z%iy#DgHwz>^UMI=;|0LzlWv<7*Zvmz|2TqXz;GnvPiU<p=OZsB<LI-4VcPGL21PML
z=4h34&2qHYvB4rBRJi6LK@gK@xLp_lY1*#xW&8-0Y@&I(RafG-(G|T|h%40?tztjU
zh~=m~<Kb<lwNR^E0~i^MKRh|#rP1a5n|@Dg@<??WqWPN^<G{T50fzGNLyT!X^J*{;
zfUSY(;bGj<V<)aoxxp(=#N246?$f8C+G0G1_us^X1a^@cqsQB@`iH#e*A}j+6uGtb
z<_1AnMsIE>Iu?JpD4+6=U(q3<qCe*s2@2Y(tH^JmP@A6bJS5Zx2R?Vj4upy}<wHsr
z!{6|I!%!;2*WWZst2z&UCX>h%J?a#Rp%E7fBW6m{jO$3`NVTD?H_ejxx<@Z``Ill=
zx4#^$rbB=Uo_P(_@g0ZZWMv^pVP@wdt+EDXiC;y&&iGrXRXq**hPZb@a7maUtQidj
z>1ikk%}P$imQ9)_z*U?*F?Nq(TBQq#f}Sj|6hgrZ<XY7Y_@=EN?+#6VI`qH+m;Wmo
ze#Y?d6lR2=+j;OtK72hr#|;7H?rnsa(bIdpnHMPcX0RUl6n{izI|Nn7;FxB5j)JA%
z2$o=VD_=H#fu)#1v7mQo`qQCBtur;d{71pjdxkI7wqv}(4sH5^nt*3Frh1ME0e<d9
zh{!+UkG399?;WLigiYYioJZJ;d4!`hkKpoOK1k0;QS`(-!dP$UIuy<B+@dw^o^DrY
z=~IwT+LH4~Seu*>CseFiTj@jYAVa9wJ@|#9D)n7N#imu!+>+3i_wfT0f*`itm^N6T
zRlQCu`4L0bx~dv{FjWeT+8-!Rb@2e&Wj?nz^-F8$=svn<Nn$G%W)#x<(23CeOK9S6
z$^oQ_wT>_*1`%TnVrZN4u{QUKegU3D*D7a&p4d;B_o==EqdBaZVO&-p?NFd?+L~QY
zS8`pBAW$qhq*@Re1q`81$1>8<kq|JXCgyOYPVXw~OHxaZ78xpiIhBDi1vAFb>Rm9>
zxUDbrz@v~{ijZ9WOF|E|f2r42(i#+M1tj-d{A$q<-`%23uB<=-;TN>y|KS%H`3~(^
zW%wRnJM{TdE%<WK4BwdObohCYJ2A0j&DyrIUNo`PJvz$B+Ax`~fkwWz8KqdNYmvbs
z58omW!!S)s`=v2u3PD8vbO^Az0PDGvN8|Py@So<v>RH-!OkZ4w|EFOJ1GD&K+*)Q^
zv2g}HPf$VM2^&mr2W=xni}{OUUx~1X(LGR(p0jYZ15tPPq`$>I3-EVF&*{<0xZ8N#
zEN`$tc#adE<Amq9=~%&=o`FBaO?O8W?@Z0;3Odt8(5@nAR}r-9bP7oU5l(U%xe<K@
z5bxPSylu*Di6d{{Mur(Ny0*k<n?__l{4siu-tNbB3Ul-l^azs6r+DUV$wl{a7M@W{
zE}&&r;@h1(+Es^<`yBePNXs&oErdrA{uU?y2$M#SkUAjN9Y~!fS(9DjNoKcJ_&Ki1
z#Y3xM1ZX*)cI%dwX|Nkyfx3h!mZB>WfZiXyj#h{>zSj!z#V**E|9gcP%k+H@(i;GY
z%SVSiF|q~z<z3th^x<%dX6YAt0?WJPI`s1aCp+|XkMnIz!Mf|5bD}Aj@Ob!X@PvCo
zLS?bw8-e$6Ut4oxc@pIIqrgF&xVg`r)7Uz@Xw1iHs~;Nk6?6!9<>caLlksyAejXJ+
zANe&%0(}hx(~yK&;{*7DJ#PADYzXm<hKaerQ?Z$7c(77}$)LUn=cebm3P82n>Qrot
z!c0$~E*B4g=!ZQ&FAn`Dg|4eiBnMh^WYZ0B!&jkU$Fz;_B0PIN87-Wv9=#lJhV||4
zldi}Ao;s|pIUG0CO>*P^DfoXmVq@X$<qSNEi<R}Y*V4v^VTeTQ{Mg45z7NJTSc_-k
zw`1}DW;!|9X8qkb|J;mB5#eyiWpL2FE(yEb17Bs7_sH2Ec@Fek8+Tx8E+XC`!FH9v
zdk1oMmud@>Ur9QIrKW{l_ZV)^`^asXfmr*wOI!F)y@)pb`c*I5B#z+GQtg{C+%MoZ
z!2PyV+lL#WeQ+0kjNf<-$_IDhky35{=LoZ}RC{NCsTO?~-@e2*igys--p98?pKB{_
zNq6G!9qD)tdvk^-?{$3@x)9p>$GTC<$2PyKeRM>Iw#;wS-}1z2>XMQidXcg7WBAv2
zk{pxAuq}^oacvAE*EEGpV-RDLMAzpvr{j4*G-%5^rA(GrKGTK?*KJ#@n@Ao(!06Cc
zX<$AE?Z}(iuX{t+IIFf}Kgo_`_mjNt!B&i^)#-SfT+H93_75$ibs01c)B|bOCN*IT
zYQKWqrk4FAwBO?`>?hgo&rbl?wU+%PFTieKKZ%hK{Tf`NWsuLu>CB{#IlD2xmd@wb
zv0bHi?kjo^V_t;L3GC9}jD#`zz=7TDR+&_Ogil4mCmbkKxupaGux8h?-v?Vke@}&h
zRsQg>E8t>aQ#Ke)dF~N>oul{0#XDYl?A*BnW%wnoE5`FZ@NtQS7lclv&4$><P*sEE
zT>h7+qW;J@z3mFTL|Y`_cQN_ZuOg26V>BE22mC;{`Oup*S^G)&0-QpnY0&}1NNC)7
zNpxYzC*h9rGi{u}=kO3Cbi-vvXxcfB&;NO=@%e4}nR-h2{MkX{^Je+E()c{*u<`ld
z<Y($!A#~*pMv{-o&vY^q+u@ea!?Y`YdIKvKC71mesyk)HF*_{0`VH_{<%i}S<2MZ*
zGWb;-&u@l~mTdj1mB;hD3foAC1w&>uBM`aOV5!KVqd|XZJz_cZ0l05-vTMSs|0aMf
z@j}8?6q=63OZlS@@=N$j-yr$YA}^w@$iGmldZyKH82Nn(?0vp`(ac4&%gdK|UJ}m2
zvOC!RTB@b5YpcG%w5&g`T>scp-M2Vr3-0(#^yD;qI=!p^RVLU0L=9~b&v>*lCE7ZJ
z<$pw&=n5HOErBu#1`@z3+f^7S<oE_)Sg5=5FZNwVg)>JVFGF2Ip{_uv<@p!u*n2U@
zHx7UF-ezLU$I5_LQNX_WBlVtCq={wS<oAX6j&_{dSi@k@-ZkS!wcIu7DLACF{BJm<
z<Ll->da<77U+#1c_w9~$q#q-F+a-~?MEnI~|H+)4w4|O>gIkPnVPNmk9&K{1r4F|4
zm%{$e71-a|NcYNCK8A8ZOM#7@o3I+>2#>=V8c+4SwBpdeQ6<HCXL#jA3bKC_+96<E
z*;5;P!w_#JuIafJp#m?GHFxNp0xzb~4<F7a?cX$r=)F%TM2H>;<sF9*k)Xjk_I8Tn
z%(U0?Y6^#D%STjt5S6DbR6d_@EIUMH2Lc|Sk-<db77K}W-$7y(0umz>ff(6F;lRj9
zVkDEO^s-R7=eSh#BBC%$Qh3lxA&V&dg^r|2fn*(@0<LIo)r*#UORVP9P5mvrH+e1I
z`p$yHEw@VI9GcjNhYi)(Ls@qz3F{Uts0QcL(pvHx*VFbo+TMxn9T{NA0XK_^o^Jic
zf@Wo=QSPzu4pg+@R%E}2C-h&LWJ%FK3IA^aR4&O?*TI4PrWG$!>S*mqd94f<U{MnL
zfN|cy+>hC^y;x}574%RHj+JMX-~|!f!dh2;eF+{$!yC_A%gZPE^M~c@^Wj{2nLZcJ
z#h2^1l{i1}RExcybp`1Q>F^`2(8CblfrlS8ywBYmbunSJr*B<BKN!!K6H9PS;D1uK
zj7Zp+J<Jjj8s}K;>0MXQ#}NtPH>ivI38<inC`vzeEv@Yj^;B2W)}Ylc-1<8RyO4yY
zBh8L@mbiDFt1o6hKaQ5T{8voS&u?XLf@F}=ajns!KlM~6;_1dLNv&{A(&#!DWg~}3
z3T}v6AFwWlL@gcemi^hDYTPl19scy>P4y$hk{i1{aTbIkdxG_m^Y^s552>}ji~C1|
zUstc9x``8~!AIyv<CKgHeI#zFGkGF@=x~qZr?lSH`$BB^z7KaT;EGnV{y3o(3{YH=
znfp+F$PjcX4f9f?ald;By>CqCAUg{Qei&X&+E@K=#4J^#$=IS_JOW#$vAKv2iDRqs
zi^gt=!nd$Vc@B0IBPZAfMw^te5D2B+7fv6C{;_*NZz@zAUH>3@u{ZFo5zng?{?B*D
z`|DU4k8bb|w7GRu*vmHZ!BM7#hG=n6!;|;1KFCwOir9wAEWr77(lwHEX?;QOOh-iA
z-c>yiTfEV;o{zU&f``4?Z<GW-fv8|pM^JvTGXUqO=rI87NFj6U5j{o6bWADHek?j?
zKh`O>7JBv^q@&&4J%cv;Qb_^uz^A?+Td}aO4ii8nAV+)gtL`MaG_j{`8k-ns&eW=Y
zg)fi`ULE>2N$i`@9y*Njp{?M71I^S+qAlAQ;;w(Kl6Dx1-8I<gjm!4_7VX<wW!KX1
z58uIlC4%`UX6lD=c~_>6$H<I*{dCsTc<UbJhTHm#ZQ<Bu-r%a6l3tEG5=-dq(a;LK
z2XTn@&D=BwxvX<v+8a!Z?RAh|&&*8E2xG?!sQpi5B)G-3zQ_tq@Cs2;egxOJaJ0Bu
zY|=Hhga`(($9-EH#c|b5ro_A9tOgRN$0%?Q=)Um(T!M;M=e_`XW0a&w+!3MsqJ#|n
z`H7=+93-U@3cQ@#QsHimJO}lqATXD|CLIuyh)h>=C;;@cs6}CAx^t1PP*=)ApJL~i
z5qicA_t^dG$GFD`y6gy-K{HVu1O;Cqq~LMB1xpEeU~4HZu5T9oeQ(~ozKbZ#Xq0vz
zDjg9Ulx_v3@JNG*{#LXzDCE3DuabU^{gbro2%0P&p%70;VA%-CC!I&OnB<5-(KfB}
z2`b~|$qopf&K`K2`_R`;@Px|2#Wq8CQ9(&_>2y}egWC+S2{1&1YH<jl*w}#V&88Py
zoAJtfe~fBL4O?rbC>W7R9Bnj9N9=#fF^k5k7lLj^bm0G0@x;x^P;F~*p#x}Yc!XLk
zy4TYQks=sGibEGgYjC^+yO6SqLt}45?ZWvJ2sMfU;#Md;E+xv_s;#0~7kBRc4jt#F
zaYo~iI3XE+9^2cDf*Os(_o!4O&{ldTqU3R2977&@{vfTS`cH<I7&5>Oci5KLV%Yvi
zR1PVIj$S-tMm2=QFcHL|p#w=nE!CrVgxEFpWuymKver)=dKA~(|BO;wlj^K1Bzv9U
zsV_9zkEy-u3j1I*C7Rp<h?9k1Jr&oKeMfM!KOrtqpKi3!Xq{o<7iM`w_a+qQy<dJI
zHa%YE9I2m=gO6izQORY$TpW&VL<iIneg-89jn=0^dz}cYcciv^q;En=-l6iY;<w(R
zaZ*Ma*;Pv$juVirc6Fp9@-HA32v7^_q;uBAcnlYpBn0y_MT<gr6O5;nj24+%ltOQ?
zt|S|~ZX3i=R%?6WqV^=)6TA`4$ucx2c<2Ua=7X<=w~T6OQ0kn~F>MM9ZQysr3YoFc
zuP`QBtQWOneBP!#!J}B{<aIPIm0FmEJ0G$NF;>qCG>z7(wjh_@(2pP}96P0Ubxk_D
z+d~eI`5@*$I(voYKU(PPLw8X26A#(ZMU=Rb@^-Ci4Z<Se(Cvp}ct-%b+l&{@p$s{A
zQyiN!d?Rqc=!5Wi)aXJssY1cgmf?Q;FH58mr+r2Jgh47o<-k!Pakj@a;yES3i%lbL
zJOdJbe57f_(b|!<rmc&SWx`nBLbsBCRFe0x_8^^74DJln?ZN;d(A;Us2ybXHc4d9o
zs=(shEDgZ4O~trj9LEwv%XS4~oy%~o$tZm$otO3I?euC>b{hMYi$k}g9sEKIJSO7!
z(wu_&!9a88vcF-cvbcVr2}|bGX_q!0t@Ws498b4s)hI`VHaB>Kf5EAVyf4b;VB7<$
zE8j<~2sNlVjXAN113#pQsJ<?M9B`~nboI0iiKTd4yEne~MO(Wy0a=bL6C_`?uu-`T
z)m0=>{)@sjsTsKXlCB<@tNXmTy&Yx!X?eOB){XSx?u8LLo+x`6#r0mn2H}U<p!Af$
z=3RlKotDr-N^C97dsJSCbWpG<VvY*=hiDfc67wL4htq46qYEO>kOTxUq!sNV7|{YG
z8e+y@`$vD%;3fCbBIZUcC_3nWTJbBt%Nx3dxcgjB#sf3a8_{9GQ{s&UYcA>omcB$S
z|6`e1%Qr$5gkoU>KMt^=jY*AW75KMq#Zt-y`C&<K%uH>?9x&_*LmEl6W1&0|5xmvE
zC%YwjelX3Jno38ZI^*z92Xy5YM3eA0r#N_TOS@|9qJq8bGNPqJcYt;1APgatNG=M&
zdVkf7Ycbe`9lQ#bY(*CKs^*o1?u4Gb>YD<qG-$Y9;K8C*NoWc+d&Su`)MHu>`-k7?
zG}ho=!#z>?-m@`1UK8`>_$Ln6Kc$OJ^=K5s1JO@h)6E!M<eIu?4laHQDc}k_L6O9e
z{e|e?&>1rK0Xp7vWS40Ek?t^Y#3ZU2`Y+PUd&}3|zr0`UV!gqi-*347;kp~5bd%fS
zPU~(!2AqR@2{?OD{j_L+0^hVA)%#-gB#c*#vvZ;Q&?)*X{7N>Iq0T*~H)`-VC<n+;
zm@tgpFvvKzy+HeN#dkIsaz4*!FT`W^!;CAgrl6T!1PQ-eJ_HPoEuihiH3_nfG_HUP
z*5RRg<l^%sy`w8kALs^_A;jm!_e@%oG&X;*R(Tj7^M~QGYI0}k*OUbHEMvd}LuVK$
zoCS3~KMVfh^XsVb#}vxrBn|P@X<##QZfw}5t=h7kMM*72Pd2g<v5K=l_bn=MenB^3
zkKFI28Em<pL9N_H8wXJsOkHdmE_9!6zNGDWQ5|K6$9xX^+O{8LJQkM(FE!hF*(sck
zk-u!}ogYVgwuFL-0eyH)>5WtxqB!KOXHCJdZtStS3{TujOG)Ca44SFMX7Sx>48GU4
zwm&#iiN=S<Gbjwa8ArFkBxQQCxB9%e^x6{|@Y#ZJZ0#iEZ|KHMB#$v~_+2Om>b8#I
z$ICDW@9PJ=!H>KlQD;kxsw;+S-oQ5(EIu!aWq7L>$YMC*q6+M(PRhhy7ucg)(bKsf
z@^7Th&a`1d0vN{OO?Y%ta91m?qe0^6xt?dtU(xat`AxhjrTiyYo9@>;f0i#Pf0T~<
zN2wgKh%A`JuKVk0WWF<hfe%kWlzhiQArFq?(SH1v!?0hkE=nivsMBs9g#~vs&$Di*
zs2Vs58y$lj4qSq50j){GN*hUHcf$({z=Kw_O*S~IJ*Z`W^Cb2MRrKN8oI7r9`b7T3
z{D-hdWQ=BF;^V%AlDt1_0h*+sljHv7iOyjd(gDIy;a-g$#o7B{Is%)UaU4Yq6djJl
zmh;pYK3<R@hLoN?2gLBPc+f6t^l1%XAL-{FuX8_ADE|>EV(u_(4XOTDQ8NNtuo?!z
zm`(rZP|eJAwEg`v>1sF>+wx3dF`gVE+WxUL_O8c5Elgso$*}y6_^ID*PELdh#lx6G
z(Esr-PjC*SX%R7BVO(2*sS4Ng&<023p3OM8SA?iW`Nti9IN}>-zW`G<*wCB@r=|YV
z`j^2I=AlB<!P95ug`Vn({^hyOp?a=AzxOa5k8oUTPJhsBN^hgug?H6be#E>_ovWwr
zU)F1wo>b@RrQb{!`Q98^iwneB>zkZkY3(l;p}%|pugD^kcx;8%!l_`l1JV^xvR8{?
zlka*OmtYi$u_h)6tO`?r`GHNoOA|KsCL*EBc4gyI<UFXU(E!sVQQnvOJ9zS(h87s9
z(gAR11JW()8oeFF3{ZYO8i`^0)p8OBUB*PrDYT5y-sO!gy*Lxxhfa0)7Z+N3$wr5_
zPwN<&!~g}be2FZ_dVXsT*!!3mDP2nPfmy<MB7c-O8&4FVTYoEZM|U~Qgr-R|Lm9-m
zOI%?2In}9b8pomgV?EU_42>6kgc6)+CnH0>d#cCb!9rnCkEt3&$5LH3%$8R8*OpkO
zX_8}t@N<ZTDnL_A)%42rF%?<rCz81es^oIg^)lt7vBWk_AKp4##hiBvwf@vc);6Sf
zE)7n{{9<3QLK7$S#EY2ASd-ovGZwdag55mzlZ}zvb-n8*_i?cKQ(BJ|DtrY!IpnEs
zQB*@mWurIrB{T}Se7X9k)<zGdBPs@_F!M{X+ADRr=0IX<shG$#*BmTqn)V47Qqr)+
zleh$DcRuxGf4Vr+Tb-V{Cg~E~cKl<#H{P;=dN-7Jqq}5>=^fW3CFEzUIFB0SR_hR1
z(1g)(DCv^?n^vS^4{CaTzTRuy<<TDbH~Uia@6$W4yFc1tU3N5K-K}1_fGD)=TTCz{
zYYzoU-D&^T$`#^QEqW?jqFt$fLWV6+8}r?ro2Y+=?$<E=qY@mf68XkWf21qORvl~`
z`fbMyZ7@Z2sX4U4$qwoeZOkx-Hs0z=L5Jpue*9ykgbSbEje5M*|74ICRB;i4d9OmO
zZW3LoFb1~*V{}Q~D-b*yz8eJ5!<tBnWFbgRyG1rz%=bDldmr595^w7Szs=c>UUUbH
zkI@LHzeFwFrat%+ejGgzF~zH;CDQ(r0X%@u3{ZVuFwMPsQO|<acctS66Jr}d>-zh(
z!LJRnX+-vN#9Dnr3bp{W^mnkFAi8r{Qb<GJ9oNu$jF(dHz>(}Iz1-uQim?ycJ9_!$
zDwxvZ>N#l2=HX?CnD0E?%Y<zj=)qxQ!iwbZ0LX$m7Cqro_!^48Wm@o}Z>TMazJSFi
zUzcgscYN~|&6!4jgQW$mCQ!mHRwnW`CWl-2v)Eg#c_17fS*5e$G@_-QS8J~88NI00
z0Il`ly{Fnw60zaya{qfB_k4hH$)9T@m_wic8qOJGw+0@hfbGBEfp@0Pqa5sX2gPe-
zn9=<v1NWojQ>q)iOWLs!od0S@5iOV1LU{Oi1b44vGdKKV*a7wpR4#+8c%PiZIoqQb
z2zx=#O5#qAkI`YoK)5LnGeyQ_#)i#@)$UVVogXf#9)`E#eVIMQo1Zj`_kow*2gCf(
z1vL4jZ*T<;bp##X1%F6!XMKvz&lk8ZN$QWj$eu7vB?<uPM4!ZaQMkTHO#a~@QV-hu
zcD`rg)Qn<n@=@cOF}l!dA;w4I1yE|tv3O$@ciRP=w(}WT-ryU!9G@<$#c&F=Z*#3#
z&=cpDw?^@{ogYF$ad;rt?Y@anYTOl{Rgn8(87?@-4xM{l6EKfh{w_UAQyWRd3iQ}+
z!Plu!4&gAg--maBJkX)-`c}ljV=lX*ml>Lh2{K3cF^B=p0i_4cHXe@q4|w2_<uqEs
ze*|TZ7Q%%)e<E~-Er>VZQgDeu&TcvhNLIwPrmyRg3-nQ?u9s3Ar7(=5e6$VCq4aOz
z?a13vPV4Ob^H7{Ap(Re&CH*h=9jJU~=`|F%aZ7=IW$C5_{K(J?OR+lCxFt=`E5&kX
z<CYYCbSbt=HEv1Lhm~&XfFB7u-XH%u@PTs^b?vj8qZ-wo?r4!CwDS=Qdq~*je3M>}
zO(}Kd{n@QeX`=l>$RplI!p$-@zRucuPZs$thB!9VyYp)FF$KBvvannen23J!R#3*m
zjV$iaRJvy!*Tiho0@INM`ZO7lDfj_}MDG;W!xZCJhDD^V0aU%WN^$zq4N>|ANHNk#
zgq}?hlf}@eJ`ozk(p?j{>87JWN7$w&+<sB8#+TU<yAnI-*J3kW2QpDt6|H%|YQlCS
zn9Gl&1XVYqtYoOj4Ez>14E+avl!f^_OJP1KzIUUW@MzYW7y-vnf<@`|1!?d^9x(lm
zij;yM8OF66MJW17B)fY3B5lJqH1&O46VNv*_dqT2ST<>2QU}t#1HbnBV8G|4Mf!kN
zUU6o+KGHP-g;KtVv=qTQ7x>@r7>tOJw}>T`nzZOmh>{Ya0jWix4d=rutX>LpawXP$
zJbjP|(xehBp9<#FagA#2hm>@BFG~7g<7U4PlN@)Y;mOvNDCRk-lY^cImLn!%>aa+-
zqzQL=@@`1;-9*088|ZykM55dx08&D2yWW#`W14R&8pf2U$5jn!k&M7gtBlYzjWITk
zp?flk3Jwj@ybQVnHi}JjHECFtqi2fou}>6F^VH%4u0^7O(j=%()aVdpwV35wx6oo1
zS(@nOtfa&JjFJ|<dM8sMlE0fVQr74%s71ss+?RVEYQ2vN_^F$$I1u}~3_F^Ww_Ji1
z>}vN{Sz7?+UnZ`wa$^}g0k#dzL8I?{<KYF(Ll-O1lMqW`$2*Im5_Y|9afO1HQ^@)n
z3_b7+!X=BHTU`F8{Yy~0niH0PuB~6<41OATuco5O4_WC4U4i!ox@zC+5IA&&yVK6#
zCC^h2kD`3C<a*jxxV*-Q;(xEk-{jYy)7G!R6E+h43gHgx9Z*A_Uh;ELNkxs`4obC$
zI&|6@_~438M=D|tm<ny>5^xioAf8>=0<uZkLv!)PN*bFj@CBKglHkS#Q6f35>IxBR
zMWUIcRy7h|kn9(}9{Ag!_d?=pwUxc`H42?>egtn7Q;5KO9l=l!!AvT0<_a9R!c}{q
zgR4^m7;|^32RCRS9GD$~e1l&NabR!AWeyB$u(J$YJGwh?Iw)hC;g8mF^*<tXAhu#f
zr-Id&8}hD*#X341E6xvoRU7V*RI?g__~42H|DXK@s~>P0f<zF|S}}}*q$V9$-9d!S
zydu@Vda~0JJi!nR1;=9(V<=RQqy{5+stj(4nqY~VXyl{K73~I{#pu5!JJ*C`TPP|(
z*UbGN#k37cF6uAPEt8?-9>FMm@n97V(}i941jE?EmSo*qL-rdtEWH4q;vhsr94^TT
zHq}Om{O)%JMNccmn$>M6RtSozwc3Vd>9wDvRA6OE#BVS-den$d9N|h|;>h1NzKhZY
zM^G(KI;Dvoz=hS9U{1Aba6+)TlsYbdLeZ4sOpu-lCD#Y$)C4<kS?3g93t<0B(dX7Z
zB0wR;6k682&Pj(KR_;N(&;!llcRdwvb0^=jKyyc*50Aa*_k~<X^OMVc=#9Jt8|c73
z^|D_@=Z3Ctrj6(;(?L0Oweg#VI@r0`NvnJc0r9J&R=L*rg_eOP`2{U4Ktlk~+i1|+
ztgWOS&(X!Wzohe)kgJJy{;j+WpMnj61K;A^IXo>@55{qY&|@{&{nXqQ*Dq##rDNk(
zH*FQQT-t`(molcKVWeI3feL)dsX>G;I3j}IfoA-m<<NRs!*FZ~ZVS{HiF|=_2!3TG
zg12KR4SL3kBFDP=CKhCTrjG}0q_afZC=&p?e?l~bNY^_f#(B6p99Y}%=fJ030u5bC
zJ8i>wYzz5dw^VaFo|1<*c%Z`tf~m)A3R1ojzba=Vmx1Q<w5sU{gJiG_gfUW8Ay9q7
zdBkjeLOMC5e>uA&%V5x2`pdzuq=t8b&JJ9K+bTx~YlTAgbp4eSG8Io5WA1qeyhlGs
z`j~n(u66g~PL59>Bn?m9p>6PX^Wbq8R8Jr7OX=CESt#<<U|q!_$5#$VMKc)#y<hEt
z&O;pEXb^Pq)P#!n=wOd?TQdGw$Fyzuc?2o6^7Dsx7(dTcwc%%WD?h1LewKZEqWFp7
zsm)e?262AU+Vb-{LQDCiS^0^4(++-GODp-u#7&NAkbb&PP_-DOipn<TqfoGuR9hNY
z+AXF%Ms8{hT9$!+cnx%;5-Nhi5>{z3X+!rm^v4`Se^6Wc2P;K(v30yOu&i6mmj)*_
zrgtKomq_YN`qxT7`45QD%Kx6XIsdhRHvF#?^pk3<3({-DNr3~2R(g0OGkG=wXfL5^
zN)ugi48?_QDUOyDDblg|Pwo!yR{q8uLv2u7Y6k;`!S{e1P8Eex(F!CFxDg+n+giuZ
zt>e?_-uik>5XKCNXsfblRPq{DATfe6v#{x{HbTMT!|zr`ac9Ja86}R;D#r|1o{s~E
z(2;y>^JV{ng)eQ@2Pi{&n`%E?^lUMve&FW2U)L8p9JL?z2|b6#80#nFG2`XbGw!b0
za4&3n?Y0DML(OGFI^iuU@PH|lw;YjQp!ah3?qV7r)MfA0HtenaFyZdqL%c+%d&TD2
zg3fhGwULCow~Mcl?xFPUq4aB<J4&;6`3AXOB2q{vQF~|_s3iX@Vjvj|z)~V~)41y;
z{K0l${H=&3UI@>swXm!&-iEK1@p&*jB!;8QxI{-}x}b5Z$Zc?caI3Zf=Qh$I<#Bhe
zM9FVR+6&(TU#C(U@9m>@q;YG8uS=tQZ+eneRfi8pwmJ%6q>K>%ZG6ByhgSJ>N;!j4
z4t&+ySN$SQJck|$@28F*+7aq=RmA=XR<+7`;`cW3dnSIrh~-Y?pvPeHoQ4k|(N(K-
zi(ozRb;YQP*rlNTz&$TsjG*q&Bir^<x2h>sTlFYD6o&?E_)$1^<($;&V&~hj_bOsp
zkj4Z3Dq<ZmvRyH)B9;y8n^h4TPVThm{EApFk=idr%H!#G)$_3SFHXRR$PWCfh`pRZ
z{QQUbT_=A362GIPD`F|2>g!Pv>jYQNcoAFK9g!y}c0T=jNW>t%wMsvIohcG|O^{fK
z56E7sRykJ$dj(&8nH8~o1osWCh+PO*&w6n=5t>AiZ=qj#^lKLVx|n`FK);6IS1?lX
zo*#lo2O59%-slp&*NjHwMcNmLrVWqcHlwLRp=E&l1%aBQNIS8-Cq~MaMFzRBRg94c
zLZTyzbLxnX@$>w>om~|mK%Zz033t8@iCqEx4s|U(@)1mPf0wKFa5q=r+eAGD;c-H5
zOM(jvcSu0nFj4em9S+fx)i0?1pmW6sM(Z^RTOzh33=!>DeFb_uPFjiCgb8X~ga14d
zLKkA%u3)6NIw>=piYo4P)@!ScBcmdL*otQ&6QCci#?4NBfZ#Mma_Z{_rA^Xjlm?dX
z?cnegBTMM@`$lRTpvBbBtG*}`Ygu#y={*n{X=jzuXQOKx{}X9ru<H_IPE>vE;XRPE
zD|mV26}Z;?H=eTm)A>DT{Zfn=W!`@kxg5;E_~CCXatZz#eZR7cL({1bST-!s)X6tK
z(A3eFgQrjR-2Bc<#%ddOZK}cHCUnmBYAgF7W;6rZ&_$n#9-4kreGv))8;)-YO>Yv<
z@il^Ma7W<aw}GQ6+GFTQeFbN8PGg{{tFKSSK0Q6Z+maiIsO*sKEuV^&6(V>S5u9TZ
zTwbu=iB6dBdLdS*JIzvR4=;yW;jk6hz_G$_u=#QxeF#2~6uBKg0!^Y<_Z50|bm1iR
zAs<J-@GI)Q)fJ@drJuf^Q{S$8em7r_{A9fo(xaYQG!^MYI|5OMjovk_q&gF=Z0WB}
z_tYn4!jG<<4Qp_3v`o(P{Y6<ciHNBN+MkCdy9^8m1Mgu=_ZAci*g^%{4zam|TiwB$
zA$>AP+3`oK{7-zv4QN;(rs+%U{3dSb7(&iFP*0~mp?D&wX(7@)?7+H|HeX~EXE%C6
zGcuFHPvRbJ%r+*`P>;@rU=FFo`DN62KS%_x#~M6_)*|#gOX!PRLNC1$^QyCHMz|Xh
zpXG}EC0LL7DQsWGL=KM3{anoS;Mo~#g~QhL^zc)3GyzS(>JP!4$B8wlw=koVkNwwp
zsFsqg-vW`wB0J%YH%D-FW91eKIq??kn0<uEVc9c5dx&Nai$jyJTL+i@k9++iI6X(*
z7lkw6$bIM;bQj}Y+6Rc8fgwM|qvf^gq!+4-U%=hC3!TBuwMSDtb9STYO21lL-+(vq
zinI-5%Yr*=oAJF7-^cz~TmQPp`56Vd23BM-TC{7ZsoRr)d7&AfCp_@arB%Bhcv4K2
z1XDK#-5WuA3Nje;Xjg@!e&hxkhuK=17!+$#)+re4`r47r{zNL=Z-`TL5guL!SR9%L
zz1`)i4R^x0-kEdQ<!``2vgkmwKUAOeban=bgzkL)+LQOC7TN>?)v3QP&U@|tL8wo9
z|G@I!Cw11xQJCn(t!=lE58jXTolmu{S4C45BKo?8Twh}DU;9~&JEcZ1C=T7{tlYh{
z&ymekgY~sY56L;A56k&t`8^fiv)~aaM`rPxnurL!Km&hjgt`WrGM4uaxhil3aj_Om
zeH!KlJD>JPCLs*$iT=4s_z>=qZrq%rW77Sr$Wp|`&Fs+BhwsJDQr918Jt}$1vZ%NU
z7W4FtQQVo7JRToV1>FeZ&U@djmAqey+a+HB6OO*y-JS4^L;qE!RfnlQIJ{cXVRx|q
zD(u|(9P?(Fa()%-O<?A*H}8m6nT&MY)%`cPgKyV1K?`uZ;m9|4Qa7)-1hby&qaNpL
zP=M6CaAOcgSzW7_g=2+i%(f@cGmw5tUwe2la#d8_%N44A8V?%4-YmJ)6<Xs!M=8+M
zW66j~q0~oRp;X+<{C4P~?V<ViI-HS;+B;r&6J^~k=dd^&Z0>(TG;|{?nyCA@#C7*}
zqf59QUBc}ZO_}HuF1e^E6u1$|xB_3Dzhq#Mb8}I!7j1+|&R80aMKZujYniXb`i(x`
z9emx)+kmfM`v`MU8<MU>-gXqzyu^U;5;1PWo0F8o0l!&F^AZ=mg1Yge9;LW<4y3nI
zkkyZ%qCy0#5nwXpv%N<tx=qd6BTMkT2#aDB2dF(qYM^r7H0lHPztV*ZT~~UIh_MnO
zyW*=8T$uJ=MNd=|Id{3R)5x3s76|W$KM1G0Tt{jh1yG~DuG)iX-Z|SqZwvg8=9LNV
zPOrPL$s&}T1D@zsyobL+jceST;2T5vq`8{`y^u+i8Rc=G$N37C-wiT%uPh128r`p?
z(?LYUgX|(d0UtP5Yd)oDT~VR;eS>dcK{q@J9S32?dZJ$BY&SXrS`|)+(&D~WnM$g=
zJ36RU_Ch}~=j!|vn?bO<W0zL>0YX=g{b^O>(hma7D^~O<SUt9jSn`d&Ez2LXNFCA3
z927iK`w3><>T3#C=XWXaAHwY0PRzdfx;U|>f%^Cxnr=eC@f0u>0S{0>8OxljTiyjT
zajj7k#2Fd!va2y!r9E;hw1pz|0EGsV0?1h?977XRbgeWK#rd)b%~IloS){Wmj&H#v
z#BqM08M9aq6KErdck#s##JeO2%sh_m5?z4y^84ohIhlWV{Q38R*Se%GauZ4^kSUED
zPLMQc4>(f5n$9+{f((r^?Kd89M^7PwX%=HWt9ATI`%%!ymjt)E5KS)Jp>?F<#?*gm
zX3p-M?QXQWsU^Wk_*X|r;JEu94eKfq04tTaweA-v07sbK0ECxsCffSqU?vs`&_&0N
zuFbgp)Q$E#wFq0U(K@CX=j#NWrPy}(33lhXvBus3HN&93bO=6?y`=4QSD=Lg*<!6I
zOnW`C8NYrDvWg44$(QagF`7Kf29q|uA=qndjyOmSmg5ELUm4N}(|g7q^v-YGvbNQ~
zORN8z$MdHxHZuN(<M~r(O#1)qc>Z+pjr3pA;{WRO8@Av-M3w(y<9?fy=!gyZ9sbgM
zNo)w=yT~_kfbu@%mxM{`kzE2mMVJaLQX}xAgdsRbWSzik2qSGr<Qaii5+;3!tQGht
zgweIey(t2h5r$20L>38r4`B>K9FbW9-%c3qf+I3r;F}1G_P9XcYY3AtBclbLN;s8p
zhQNh{yAn<lcmm;WgdGB3LYRaZX@HnwLxvN^C>{A1cram1CLsR;_ajWlKO;2)_aID#
z9a$%EXTsEhjXWc80^y#7*9v@eG;lA%G~SI3`HV0Xc4U#j9}@0Ec$UBi3F8iP<X_-@
zgt4OKh!hCCn=s8vM@9?0gK&Ss83J!6Jb-YTz#9o)K-eMhbA$&HZa}R-`4i3{d_dq|
z5*|c&m%vXE9!yxQR1JBQ@P&le3I8>OGYLN<@Jhl%2(K0RCxo$O4EYzhjPNkRiv+%h
za2DZN0^d$JoA7jjZz4RLaDl+r5JqPL`4@O9;fn}o2wX^*CQTw~0#6`3im*fAO9<0U
zNu+_M$A%0ijJXQrU*N%na|rJexF2C0r$YV(?m>7A;dKIcCOnq#GXf_NrW00Te_m|J
z(Tjn{6ZQ-L&j{mi1oAKNhlFzp&l30`;XK0A1>Q$k%)Ar`yqoYu@*gem4#N3_GX&mD
z_%gz20&gUIIbnyu&k;tq2KlF9+K}H8E+BkB;9nAU5#A;6Q-li%*9iP5;Yozo3A~0d
zEFtnQ@Jhl(gx3oE6T*`T`voo|JcaNgf$t&gAv{aq+X;IKPZ#(m!cz$s2z(9UD+!Ml
zcq-vy!WjY=5-uT}Ch!Ep(+E2RzJ%~qgd6ap1InN9bixM&9!&UZ!n*|SNBA1TH3Ih_
zd@bR10(T}ngYYu~ClLM-;k5!E9R++HVZXqi5x$=AB7r|7d;{TG0v{xNBjM=+?<0H@
z;R1no6TX@7Xn}VS7879^0&gaKEBU7hypiy2gdGAuM|dXT2CS)|{0Yw@d_dq|5}r+X
zm%vXEzMXK5z>gB1LwKFQYY5*#_!)s$5}r$Vt-wDaTuRt4a2eq{2`>`(9>UZBMP><n
zJK?(tPZ#(m!uJp^5cnFx^9YX?cq-xfgfj##Bz!O7G=V1&UO?C(@Fj#75^lgq9_3GX
z5#a*@4<`I$!n*|SN4Sh|jlew!mlIwmaA(3k!p{htKv*ZdR^X!}ffp0@3;Y@3C4?6V
z{2}3`gl7qSknl3X(*@o~_$P!51l~>fKEk5~-a&Xd;S7N{6TY8tn!p<gKS0<a@N<M$
z5N<%93*}GPPxyeqza(5ic$dIW5nf5SM&L&Y2MDhdcn#r7!p{i2l5iE_wF3Wy@PmZ?
z0+$h9MR<|G_Yhu9c$UDo6AludF7Qo+*AOlc_!`31ghvZJmGDD^GXyRq93q@1@C3pS
z6LtuE3E@WwH{cEglt1CMgbxTjnD9Rk-X(B9!jBTJ5x588pAudtaA(4g5q?JC1j3IK
zUMuj?i-4aX>=*bm!apOtNZ=0%|D5nFfe#XXlJIna_Yr=IZ~-t}^-oDaNkB>9w3C4I
zwBtxIbhb(0MC+KM*FFtV@>BAQM*>P;;*r*|VU_%jl}S8bl>Fk6*0EtvwET`uL48pY
zP!doQP!doQP!doQP!doQP!doQP!doQP!doQP!doQP!doQP!doQP!doQP!doQP!doQ
zP!doQP!doQP!doQP!doQP!doQP!doQP!doQP!doQP!doQP!doQP!doQP!doQP!doQ
zP!c#@BtRE1eV>18ab*wvGu`hK=XhaGb$Z9+L48vaP!doQP!jlIB#>Z9*7}=1b8HEE
z(tldhw*FRp9bfcT8Cie-(DFJyx9aQJA_1$eS$`|NJ6lRv<wHq8N#JaifYoMOe^Y)r
zK3ip=@?|f9?|bK!RcEZf?Nj(+L!7PoJ6rN~Cgr2Sn4bMX?kP{SR3l#hICi920-wa6
zr&1oLWB&hM(Vj}VeHV{bow5EF;ro17tkdKB4<SFRjI6&;w!ExqS$~UkPhdT_(zgCS
z(dnEX8g%lwu*%N*n^NTX<Z)q7*~*Lcx8l=YcE<~0m7(?b=_b$P@vgp|{SvV1r1kfy
z%DFX7>u;6*sgi(^j#c*7-{i~jiR8>m+xq)tr+XsvplB%xC<!PDm=gHD!!L8ZYPx28
zJNIPMPqAY_`qR^j^v`s^XEevjrvH7XDNH`><R3P&88hAQn@<()^p${hemPMV?D4og
z72&?GzMA@Hy2s;}zL|RcUH;~Gv)-Dn`Q6T?Iah06&H9_-CVXE5WtWihR}%OEC19=l
z#0JNlHEJfT-|WJ3f9qO?m5%wF)3*!H=_i?lzQg78?ZR{VcKmSqcHudFZfAHlIDNbD
zoIb~P^zFiPe>;BK%m2xy&+~Jl<)i4gl_-~oU47*GV;7#&KhyQcF2C)SkDa~Z^zFj8
zEp3IA1kNrAaQnh@$Lq(54$tXv+>0@EA;Ubpoqgfq8M!uNCi3Iq?d&fPA1^-H{B+|9
zFwFU7-VQEb9-iw9kI%z%e;%KQ=a|Rm{_QO<JNn&OfKCkC@x%Q&X5^01N4xMm|2#bR
zw@Z)fPe&Gk(`Vkc^^5BlkI(6IeX$E~=g;YL%;m-XZ)OQx%P<cgFaJC~BY%v3aDOge
zJ9-@$0lV<rpJTguFCLyHe@y;(c%DDI_}riK$LaI%+@E6}KAC;63vZ`yjGV1};tij{
zB5?U~{yVeq9P;oS$15KmpJSfB#y;@ygP1?BpFBLbhb;Or<-z^!>X+R#E$62TOTex@
zYA^qG`pNlY?Agl4PX0W9cJw*FcJw(t9-rs$JQji12OgdUw{0Ke4bSt(<F}WeuACsl
zoIdX_*y%r)HzRMWKk?dgo*w6)+rN1Ev7^uF*@a)u7))iDK?k=FJUt$MFblx*&%?*7
zZ`|Iq<ZR2Ar^or>^tk@<@bTiiSpj9S1UbDt=AX(i4?mcF*kco(+Zz`A7<t~x_|Ik$
zSn|yG*zvJlc$VBT{QQZfuz+DZ`rMymM(&vOd3dfbcJX=s?80+@9-s5W!=GsVU&s<D
zWSH~Q-ulbwam@3_*g2;Bxc|wPC+C-A&JWKI5C0byVL8J*JoC2gKk)M6^f>19?fB>6
z?b74)czn*!Bo=^U9-alal@AZk`Q!A5un2t_=HYq!$%40ApSix<(dYKfuDk{?g2Nf+
z`DNa5%b&}O)909{$Nf3B3(x)S^nr)x<q>cCCp!G;#t+XQ$6TJ=pW~A~p5^@5$+L<@
z$Yq%G&%7OW^^u3?^f-<;JRhIg#qYra@boz@X5l&H;p6S!^7wZ2xxZcc#yg%`$r8Af
zVb1SW%%4LZp8MO`E1o|dpVN;w{LdIcyZP{V>Bk$M>!+Q382iVx&s;w34bSsqN8gTr
zyYVHbe*wz?_vd&V3(xBV4`0T@dl=^7nRndsk5`^NeU3T3_VUN+^Zt$<{doD|`f{S_
z^Y-dQ)93Vf{<%E){JCBDc<J--y!<#n@y?g>_&h!C&+}&&p7;Ol!pEyWoF3<o^UuR`
ze~x*0JNkC<?fg&ld~&?}^YFYpIR9K8JU$Q4^Jf>{&Y#ogINtbn;qCO9$5&WMKuJJJ
zKuJJJKuJJJKuO^Ak^t|&^6?e-=a~05Ip*Pcf13NBYTRCaPOs8b+$aes2`C9D2`C9D
z37iQM;QPVai-)pIx0fD|Kbg^2xUE2xJd`}F5;)iO;Q^~K@cUeshsu9jg;4TP@~}!k
z>4Q}o%3hvn`k>l7rN34Q#H+tbf2`6|_Ag%jQQ?*TSS6tJ!72@9PvX^wlieP1`W(m0
zuL`g9-6{d44_0X?`=|6l>4Q}QN*}D!Q1(ITgVG191e88lrJ?MDoj$1Xi_#aX1nl%h
z`CFxR=Gm8c>wCQ6m42Mr`k~5Cm7i4tN*}D!IP>hiDnC_zRtYG5uu4PKXQdBHAFL8k
z`e2oYvJXlhls;G`p!C5i4P_scJ}7;#O5lgq2Q^=5Ee&O#erSDE=_`G-N<is@RT|1Z
zDSc4-V3mN<2dgxceNg(K^ua2Dvt1wT#&351XS;k<{;ah@wGT=k&Tf5B_Ab8iJ=5iN
zrt`1tk<wSI1e88lrJ?#ON*|OySS6tJ!72@9ACx|vUizT=qo-GSoa^;N>7&v|s|3#V
z`k?Y})dtmnQu?6u!772%O&?VIZ7m&TuTD4pRQxFYv`RqfgH;;JUMYQ0`e2oS(g&+F
zlzmY8p!C5i0i_RCX(;=k^g-!^RRT&MtkO{SLFt3i2de~>K3Jup?1Rz=r4LpKD1ER>
zL)nM3O&`>Hq0(=w1kN`7R{61(?wN1DmAyK<%2U-(Ri0J}D1ER><IK0$sytPBS|y<L
z!77cDU%yp<>D0<w>9>-%RRT&MtkO97_D;!L$=fOcr4LqVsQPE85AE$QwKu*Uf6D*F
z>htMdUUvN1`73=nvHGIqd1~dU^!wDxTj{rww^ag4AFR?){b!{QN*}BeQ2Jn%hO!Sz
zACx{=C7|@dDh*{Hls+hZuu4GbgH;;JKAh|Npys<&eXvU4T(1u*|5j~K?ZcU-56Ye^
z{k2NqOw(V*ueJ0}Kl^*S+ZQ|j?EFu){+(|8oa+3m^iJ>kuF6N1k5vLES|61Cvr6~$
zYwu5Vc`JIVysZ*Y`e2pDxmW*{{Xe(MU)6tA{#FSneXvU7+-nb1`Jdk9&)aK`dHHdF
zj(K>F;|<T_b9|!darz3MS^BHW>+~)!RX(bGtP-%(hjY!o+vV5J-%g%Cw10c~=ke|E
z51n6?zO}X=JO1J2cc#mW=Z9mSKkm;l53lh5txrlmN<LNzoNRqi_0=lvW9|FNmcOE}
z<ZqRL(g&+FRDD$Xp!C5i0i_RCX(;<}uIa<s)?Yo_@^h}~<B87iiPi@@dUpQt=I=z)
zi#L50UbT-_2`GKAN<;ORls+hZuu4GbgH;;JJ}7-SvHGC;gC|y=N<V*Cc`AKwD}N=A
zw(?N*Q^~_B0i_RCX~f^ZY_EN3Z+umL?JK|2O@2xr&aU!2-SkWG6Q6#a>-F(m&%dfK
z@zobQc`1ET^0Z1o>5Ekw@sB_3<fr_Ve612t`e2oYs&6M-AI`M)-i}}H&oP&$oj(uH
z@u`k~qSNE_IOh31*YSy#52wfRxi0UMoqr{7)!teqaI*DH(YH!l_3zF#eTdiI#vA@j
zljqr<zcZ~o6u-(oTP2|M!77b2zr9xWwrzQyYI(FbJszK9USI9}dH7R}Pj~*>E00s1
zzf+xFyz)8S`HMF{Dtudes^p>MVU>W=2dgyB{QjdVPgR~)2`GKAO5?=WZ{A<x*iQcO
zhPR^^um2C7e!Tpu@F!QFm3)<atrAfBV3o#+Z$FfL+sgM;w@0Tsy>q?1?c{Cef40f*
zT+6R2zqa=7Y?Ft|k1AiQ1e88lrJ?$dN*|OySS6tJ!72@9ACx{QeXvSE>4Q}o%04K4
zQ2Jn%fYJx6G|oNypytoc?ebUkUzNXA0!kmO(m40p16BU2{H+pD`e2oYvIj~Zls;G`
zp!C5i4P_tBbbV0c;ghS+O1>vozGr&<Q~WFauu4GbgH;-;f1&h2>4Q}QN*}D!Q1;<$
z*9X;qR{Cz0z}c?vDu33}R`%UaAC!Gm`eK!UoxUi4tF)ATQTm|t!7721tq<pVd&Tq5
z@yV9IqHoo9W&f2vD1ER>K<R^38p=K>eQ2u>yuIewPG0ebx1$%Y{|}vhy!@W*@Jb$S
z_4{PYThTwe<gMz@*;SsZeyZ}cN<is@RT^qMp!7lMgH-}bAFR?)_Ce``(g&*qls;Ic
zq3pxCt`BOwtm=bR0%ux%Q2J{vJ!Q|&H2qclD*d%eK<R^38p@t2eNg&fm4MO*t2C5-
zQ2L<s!72fz4_0X?`=Ine>4Q}QN*}D!Q1(ITgVG191e88lrJ?MD(g&pvRtYG5uu4PO
z2c-{6AFL8k`e2oYvJXlhls;G`p!C5i4P_scJ}7;#N<is@RT|1ZD1A`+V3mN<2dgxc
zeNg(K^ua0tr4LqVDEpxFLFt240!kmO(opt6>4VY-s|1ujSf!!tgVG134^{~%eXvSH
z*$1T$N*}BeQ2Jn%hO!SzACx{=C7|@dDh*{Hls+hZuu4GbgH;;JJ}7-q`e2oS(g&+F
zlzmY8p!C5i0i_RCX(;=k^g-!^RRT&MtkO{SLFt3i2de~>K3Jup?1Rz=r4LpKD1ER>
zL)izV4@w`b5>WbJm4>npN*|OySS4_#>4SP-#9DgFo}Fp>tN2y=Yn6b~2dgxcJyZIi
z^ua2DA6g$&f6H1L%0B(j`l!-Z`e>Da(g&+FlzmeAp!C5i0i_RCX(;<}s`X)ETk$)7
zXgrVcQ_8TNKMx--wxiGe+lz;?{BeGL%-;_4_-7lolQ+*V56}JW@B$|Pc<I@N=l(NT
zdhNwLf4qLjt4}<94&ygo%=tUfn9G;*Z<ijA&%<;5;PhuO`EYtg%%9Ug(=pGlU4FRy
zIJS%5UVmPm?WNb=_^vqhBVKv8mp>lgE`9FLF{gK`u^m6WzH)ux^_~0M(Ld4pzL@FH
z4~^~0(~dv8_}rh<v-9WS?J%cjSH3(v$6Q~ye|zb3dJ4C#Ao0qBmq)xf-t^)P&-vl@
zh1;um>Bk$M^TXqFe~#_=<>5Kz>2ciN@H{^6Z}arx#oRvd^5ob~UYs81-wt#Bd3f%B
zx?x^EcKrXSt+{Y;`Etzr3mkKK*rjjh&*|A=K3+S~^zG9Bq5XM%vBP%!wzocU`L`F_
z@yqGkh3Eb}e!Q5|<CxRq{y#M4^_^oo{<*#sGW!y5{&@O!@$J&H<Db*#;q5Swf4X7L
zKj)A8^YY~W9CLc@#dh?$f4rEtUmSD&Yp;L2^z7v4WA*D~W8PojI9~bl@Vx)R^^f~=
zY!}{6o~N5Xmk-A$n%{Wo#~c1s^J~W+_qW5Gf3APL{fU<z56|rd$DALI<DKu}^~Vl#
ze(f;l&kozs<NkK^xPN=&b9x-x(dYggpJ;lVKF2&gj@ujFE<UeMT>p4{-rjM3?XVqv
zp570Qd4BBp=i#}0Ip+D}{_Vw_KIf17bIikY%<UcbZ?C>^dM6t5{Mzx$!*kqT{y055
zJe2iEdHP&md3(vjbIjv&%=zQ-Ip*Q*_^}Jm`Qhm)+*U!9JmQlF*FUar+@E9Kf8_pl
z<q>aqJ9;PDpO4SurEix%?jJAa_MFG({&twR$MNPj-tcz(#Ou%V&-vm0cDTLqIej~N
z@zy_1|5TSB&kx6(KaP2Lj_tzp`e}zbJ&xnmHy)nz&oSqZ`=4%@>*I{J&5MKc%jL=a
zIp*QptG~QFIOged%+u$Xhv)ore6qvy^iDM9{BvxV9uMDM%+qTxy>l%-ug~qxe|yWr
zF20?=U4HE1$7>(Byf}T1dH8s7d->z(asKSEU3~6;x??+i;rw&?aDR^Zei81^@eG^x
zl!rgr*si_f>BlP{zP{I9Y*(I~KA+FC<DdJV=>8k0&-H=lk7HgQcK$p)JIv{~7xVNu
zJ?_u#ANS|+IgU3xk8g+V_~Yfl^~Vm|rEllY^UpEYH%^c9&*Ss(r#l`Rr@f6gzjood
zKexABpA>FeU`ifs<-zrbW3KPqzb&<6Q8)SNrcTC>juNLx!YL9@zc5++lEEB(<oBjn
zOeDEwyz!y8{C<Pi2%jMFYMD@?#LsUXEPka+Y^K{m;$1Rg7m3aE45|*t>i&jDXX$^R
zWbDgkgP-Sn8Xif~zowV*qp!rf{(YeMb-u(V{eBXMrN2zZVag#@`a2#o;&+ueQQ`(E
zk2IOFZzT3he!i91l#5ADxk>^`0w-SrX(vAkmBI;>fNAefAj!B$Ih{uEu-S0Q*z$7=
zt?$OMn8V?8#A1f#dH%y__gW&#A46sPF<!cprF)%pOQpM5x(`bC3F$s7-SyI~lkQ&W
z9+GaObUQq5v|qiXJ5;*kr8`-=*Gacjx{Iazpmd**?z7TeFWoxn?v?H#={8EY!xJ)n
z=?<0dc<D}-?sd{FmF{BcJ}BKMr2DLN*Gsofx_hO2NV<*E?eH_1zI2C5cf52bOZPhI
zmP&WAbRU%N6ViQFy6dG|C*8f$JtW;m>2~<JOkcV~r8{1_lcjr|bW5eXSh^2N_X+7f
zE8X?dt&{Fv=^m19qjWnwDbttkQ0b1B?qum+C*4x%E|%_t(tSd@&q{Z_bnB$MSGtF!
z+bG=*Ps#M9J5;*kr8`-=*Gacjx{Iazpmd**?z7TeFWoxn?v?H#={8EY!#~ROr8`u*
z<E1-Uy4Oj!RJx0$`=E56knXe6T`%1_>F$;8A?Y?sx5Gcl^rbsgy5prgS-RIrw^X`|
zrTd_CpOEge(p@jzI_d6}?jh+mO1Hx=Wctz_D&6tYoh;q!q+2T8#nOFHx=%>=S?R8q
zZk=?C?_Mx(ZrOy4;$nA3PR^*&qcDN$o_qV<vlnE{nLm5Mof(VgmX+VVaDnt3d5Oa@
zs{F2UUzu<A?T%3k7W(Fnx^sa(>URC^`FD)G`wqvbJC-ddUv{rUe3fzAfSCwGG47gO
zewPv2SLPU1Hh2DPiYk9Cn(xD}g?G&M%|_@sb7sz6I%n=8-%KPrf39QH+`DF$md(C*
z?##RHKwJ|!M)~G0MZCKg+>O7baPZ~!@^a(L%-LmSvzHm)&EG_yl15U3mD%^+JqPJ6
zM0A<-Lf<ICiy$*+;l20HUBE}cyruYln8r;srZUGFzm`8tH<OVu$4Tbr3-E(znDNc=
znCTXDH$qYx)b^R<BXb-@!^arLI%a%xJY>3yWP@q?b9W5l(^$#;ZjPT!Hy8f&&&(s|
zzYu<nmiXp)&~#H+`X>K^DE>^w|J3&|(>KSDrn^mcOiX_>ebX&QT<S8I{^oeqbj|T9
zf{1^-|1bkziIy3^Wjrp&<>q+2#or*)GA_SO#xIoL&GESDn&WYbPh(;;|7Q8!g>S?Y
z>ZAB~;Cds&rh9a?Ibt{bdB1uQK2v;?zrP+ZM$V@DU%xftnSV{WnRq3BSmUp)Hb&Z}
z`zmG7@{h+~3qNc8SsxnlP4}bgOwJ4<X8ui*Ps#Y^e8lvtjT}yQ8Sc75%?v7B<7?}u
zXYiBKH{+Z01&&I??y~Nr2-_Ol;dqwCH|G};zi0e8EPk5o_od1BHReQ)OqBEgJA5aZ
zBuc^VlJ<O8$l%}96B)fle@y%we$bSUnNM@R#V)>C4x12{By7ev=VQV$eKQ<_h<_$F
z-5vN!@;Bo*$oZTG8UKbBA0s}`|C{(sWoO1W`|X~G2a5>L5OMr7Yk`@rN#_9ktm%h;
zZ^R2fVz_IW!kY1kCjEOK|6AiPec6b&^fANDm+6bZ_`~BzS$uQ8?fJ)z_zgDce<5j_
z`Cqrgi1+KKBp=j3SpJ#$Ha|7t2eCNX{2*O3zG+uXZ!<eq*G$_CL+(DAeu5cLdNSzv
F{{fb{o5cVC

literal 0
HcmV?d00001

diff --git a/vendor/github.com/DataDog/go-libddwaf/lib/linux-arm64/libddwaf.so b/vendor/github.com/DataDog/go-libddwaf/lib/linux-arm64/libddwaf.so
new file mode 100644
index 0000000000000000000000000000000000000000..5171fafd63add31d90061aa211f42bb57ddfe277
GIT binary patch
literal 2122824
zcmeF)f4rmleE<IoLsMPbU=V9)=#;dkD;NY*f<d%nH);^fn#|6R&Fr3;iJ7yzS*8So
zU|Z4d5<0D5mtd@55xU6gAl1=Lb=j0@1*=VKRD3?uHf^VTublVuIrcod`Tn@wzPImR
z-{W>|&UHVp^Sa*e=k?B&oXnB)>Su0w)?M#%m&hM?i#{FA_m(e6u25cINL-ZGXHk@o
za?vlv|9x<@F1kmoYvL`hukyBX*YE}3CR8^+#{ByheJo$_%PU{<ZL~6~@ZY<~U$J|f
zzCHZ2d#!w*Z}0eh^RZ5!`{0$YPoMiMt8V+haJQ9x-}3vqFG#O^z59Y+U3HtDH;q3^
z>%*<T?-%0T`TTx<yoan5OrINWU7gY=&Sf6gyk-5u^vYN27d~v&ZCj_xxBkB0{lW6C
z)yKQ@`6cfY=IJwD)c3917jpX_x22WCN9%O!bN0OW`!w}X@PG5a^Y5Q;9jy!Au2&!5
z&THo%^V_xYHXr@7FL*)p)O&sYKepZe--W_IKDzO_SFC&ZC0{@Mr1(n<Kj!ldNv<xL
zuk!S2TG`7i@TbInpF634<^sQ9f$v!0S1j=Q0&gzx4=wPIFYwPV@Gr%F?|9?Ki5TuI
zhwm-$e_r7Ky1;+7!0!>C$U8gkFD>x<FYpI1@JB50-&)`oF7TZT{L%$}aDmqscw>RT
zb%DQsfq!IyA79|NEb!YF_;`W;`vU*j0#C-*i#t2-=PmGuF7RJp;2RhCQx^EM7Wi`)
z_zM^KMGJiXczI{@J-EPMvA|!yz?%#FT?_nu3;c!!{^<q&`33&h3;bIP{3i?izZUr2
z;s=g9%QLyaQw#i87WiWq_)`}6?=0}=FYuQw@X7+eVu9Be_!}4aTNik1fxmBoe`JAw
za)IBpz`wG<Z&~2qT;Ssc{!a`1e=YF;T;TVLpRnB7dV9bE->|?pF7T%<@WKLr{sO;f
zf$v=42Nw8M3;eAM{DTYp;|u(=3;at9{Ob$+TMPVq3;ah5e73-UIsW0~&d&S&7kGMs
zKVpHOzrY{Az@M_fpSi#<T;MNT;JX(1fdzi~0)NW_fBOPIy1?JFz~8^XZ&=`;T;Mk?
z@IPPRw=M9$U*P|+z<;#B?-KtIc4zDD7Z><_7x;q~_-`!m`~rX00`IK&xl#It`^L}g
zqv%Y0-JE~?oxJzi;LCxd--v&JzE5;+)Y~!tsV|DQ#?K4qAJ@ujmj+L-XcT=yecGz`
z&(+^iedeN2AO0IfhvOfd=l!>+ex3R}SAEv*4VBl)|3iM`XTmtwXgpt1{}RUYcJ)85
zKJ%X^=N}FA*>q#*(+M0sKz$k*|3~B-)PIBO6Y76>PZ;O2{3iL@?ZJ=9|61Oc_vJs<
zc-DM6jHebqf0}<>sQT+Fp-(k%RFT)q!S%90^mg^>D4%mw|6tV*c7^&ImD@kbd&<Z4
z|0N%x|I?I1Mfs%F|B0&4YMjgR=c~S@+%odI{2ZLGj{0oUIvJ?`-oF^uNfzs5yXJdX
z^YwYTT)yj*Ay2<fb6kGA&U;<`@2T;u`*^5NEC0RnzQ&nT{b~6r<(8KJrp9^o7edY(
z<@490{{R2|pCxeD=>M(%`6y5Q{p){eeir7}lxN20W&SZ=_IHi{Ti^1cbHf>mqUY&r
z^RLf8eOtW6%P=}`<u?7a_*JjF-t{j1hs94dUb7|<|3s3mC(=>;-xzi^qI<+k<zDeO
z+^asPwb5PINA>8gZ%LdN{o?QD=e@3tw^qCzjkov4+x7AG!Fc;{ynQs@etOxbHof^T
zUV806JiW2@#nUgZc}VKF%6mTcxNrW`S045C*Is?{lF#1o#0yW}rTCR^zv=szT=S5-
zJ?d3|d*7Y^_LD!l`#nB$(GTx>?x%n7H`o5c!(a8BgZtn6fhX^I(Br=UFX#T`rQcoi
z^3!j;>x*x{<nLb5{NU9We(RFQerxTE?)j*}JqNFR@FPC;`0kH?c;9zEs&?MLzxd+c
zz28p@zx~B4jvY>yUl?uK_1c&J_TRtszCYdYsd!xTtr&0f*S4;Sw@vXje?4pdF~1JI
zDc*iD-sbZ<7;nEDZ-?T|AM@P(F@HU6{_#igc6GcxI^O;y-h4fHas2sZ@izZ>VZ1d~
zJ`4Xjrq6GPZ(kN~kJSGBX8#>NpMUzsczZ{@)#f|#$CJZNbV+=>JKi1?Z|{jWKc3te
ze?I?sRJe)K@$Eh1?f2sC4e>Vr_*l4!{y4s!pR=ptZGK)~6>pp4ZT`_-`R~vF^BjG8
zxo!{WcKy#wqWBUL?YqPN9Y1}Hc3u<Teo~+Rfo`82-}-vrk<HiGE8^|_+J8ZO`}%m>
zq5UP@zFD{Pn=9jOS^MvbZ{MQN=Qs29xh>va7jN6+%^%O#C-2tnGyDbJcH`TR$6G$$
z=4*RzynP_v?)dSrc<1TyHos5!<9Fgu-WP9gjko8<+sor^{&7yYiGDx6y;z@bh;Kg;
zZ-=#iXE(ngd}Vz5hw=8jczZ~^y*l2)zdXdB{D1TjUeRBDu;l99|Hpg3bcgS_PyG3>
z-C_UEKJ~TEUwfiH`StiVen^b&=P&5?+&k<)HU9kW+Miz&e=FV|A8%`9^PBng(jRyA
zCwI90&G_@J@s^eSc6@vPczayDy)@n)7;i6$xB17;a1(8eZ=Vov&x*Hlygf7C3i0-T
z_3=;@yePiCZ@k@G`%lsB9d8~U?_40bOMF|`=kuHM<L%OT+cV#}laC8!yW-niylsiM
zifn#!QM|of`@gK)C&jl%^!X#=+h2{hyT#jM<Lznj=8s>AKY4Auz0+`q+f@Add$s?O
z`1S$uc7444>D;z&-&xzSeb3(gJC^poVt2f|Yxlw3m+U>Xy!+txJqLH}+r547{yhg`
zzcW3wd~j*^{^*K5)q{KYFYk$}%awz>ckJ4}@ABo{wfGzNE`u)LzjR>dWziKo4(U5~
zEp6W$A8N<)?(Nmeu7j(~cPuX-jK>on<-k?ZmHT$@+qthA?LBm5ZP(sQ_AYN<iuUYT
zy8KWjI<y=Q`sd$!@XGl?wjbQJax9N6-r2FVd*^}uS44aF?_S<sT|TfsiYfM}dinC9
zdE@Hk`*+U!Ub*wo%DfKk$Hdh7%7ZJdJ>9tJuI*RuxWjB!w~|0SjA|Ux-b06~J9h4l
zcFw<b`z5=Vm-p`59cER%DvBp}X!p<4TIqQ4!2>&X?c8x_IohXTDqeMWGV_7Y^N$C<
zbI0<^!Qu%lAGmyJX?}W_ud42zA8-4<i?{E*{NVO|J8JW~SPsQsj)U8OVEa6r<-Ktr
z`*-X=5YK&gHQIOa%DIgPw(r0d@j!PT+JA8Qz`lzQMf-Qp1CGOt=d@#K|K<DUqu*IM
z7@vo@Vplv2r4|p&XKL@Er2|*SOKP6&N}FiU!QH#nCjP!X^EBeG?mcvQwYpMwHv7GY
z&Ytghka2v6c1OFGcI@J6nNQ-fFor$zF(|B+DCgaGt(>8F9y<>#EyV>Zqg~o{w(!ye
zd-n^MR%R40wpC3I?Y$(vm(176%9*^wF%ImHPwcLxFt+6baXewJ@gZt^4(_`{<?feX
z9=C|ygE+Kv$NoL@u;Xvr8TSrzjpDttLCjNKn#a0wR^t)R<Br!%+$BDH2M%sOsIP>^
z@rj7f(n`NWE9-0J{ArEsi4I*A2M{09Q@d>URoi#Q_uA#%@j*Rse{m%|ue13*aK1>x
zB_sZZTD;=-U95qhopikLbPD&x_p6=Jp`Df8yS87ocXvGUy@$LYd<3m!T^Ot@7m$^^
ze|*6C0uCo;zM|t<@7Hy}$MJU^+P$<Vil?%2pVo?-pROHC)yj@IzxdOOmv-#G><;JS
z=LcH3ug*_QeA?rnb>3o#mvlIK$S&^g!Gzm*clWYZa`nKWy|wLePVv?BlKt_LICNEf
z@3?s7t`j$n8!sQY_-ypyGU<5Z(e2zHUr^)Gg-kD=4`qHgiLN*lmdVNj*cHz99-Z{F
z-QrOks_x#ochBB9^LQTd3R$^khC5~~XDjD-eOIouynHFTJPz;Ycj`E=v(>wHFYnk{
zIlCJMy?pShmAl)Hiw_)Jj`m!6FusaMyW+dpp6v%NzI1nd6<ry4ka!ivi)H!jrF^x9
zi{#3;I*L#*zh+&r`{1GZbt%XlN_CWdJF5EH!T7GV_h7uz=2wQ@hYsyNboL8}E?-(T
zo`aXWVVqff*|=o;&Wlxid3D$Po)8YFW9&G1aK}}5Lh~c7=8F#;SXwRfIo!GK-M?#h
z?SB@>cgO#U^DED89BbY=KB;^6U-CceFW-M>-?4Z974fn}oA`0=lI6<k7ICQmb8f=z
zmEBA61^Q0E0dv=PEN$Pvb9MQh4KCRBJqHfXFQs=}NQdUnOIFLBOglt@5eWas09LLj
zt6JW9V%Al|I(Yfg?)kczKQ9Wad};5+E6vV7bRgRDoTqQz{Gz8lYx|?m&qnbVcFuAB
z`$Y3+Xz_D5Jqh;jJ<Z@7e{cQ_H2%0?b^Ub@4bR9E@RJvWpA3@l?)LEgDfsU#&3}rF
zUyOh!Ul8guaQDf=cdJhh?r{|0?puU!{gv=+y9D3#=`gP{{D`~?_i<}*_pig->eGO`
ze+xd)ejA?nau{a^zDeGN*W^8TaVg}`hu2l_<9q%1ybMwQHl3Fdyt*}<-w8Z*Vel#Z
zntu-Sn!%TU7(CMVc|0w70`7Sw;nh>2kB{#@o>v<6U)Q`caL+3TuV_CHFa2vcZUKI^
zya*r2OK{Jt3?HiA$LGANsQ<Nn;r>{IdtMEAPy0>yR{hl4f;Z%C_;Gm$?s;|LCsgm_
zb6$PaU!{2s;GWkI?(;r^e@=bIaNpl2aQB(QZ&9BaJfroUD2Dri=jFahxUVNEc=r+E
z{+ovTdXj@5eL|?u!`t!#{5p9Ne!IK`ujNAjGW?t;2Cu-^$*b^;yawMWufuPYH{hq`
zP52pk3%=$_VVrIF)$$Jf$fi)=g%=+d?q5ClrW@z4VntCO{<If{`T_hC2Sfc3e*HP2
zeguEMjys0`(p^IR1pbp9!Kd)^o)CNnf9RXTc%tX6UboM=BzOY;LX9U0Kds}Y;P?JQ
z=#z%uPo9DQ&WA#M7G6k&@#o-ARsMPSr<8L6zFFs`2*2fC;kYIE-~3zfGJK21Q-PoN
zn_-+)c;!i<PYwQJ<ynVUuMPDL_@S=`Z^D1{lHe`)lfN6h4S%Y<1Apu{Lwy(iS>@S-
z`+m`f|Bl!H0v|5$(E=YY@W}$7F7Vj`kA8Rc`uF$~3p}~NQwu!3z%vUxyTEe`JiovT
z3%t0%OAEZbz$**9y1;7-yuQF23%t3&TMN9sz&i`PyTE%3ybsU5I^2&2@Ph6aL-@J6
zo{!*5x^9f&&(QsM0{<Ib$ENVR6~lOD@XzUf9X)^b`v0c-B;Xh7`kaJ6R`X54UwnQz
zZW?}X%{K%8*5**3g<q-bUJm}Te7N4`;rGyd3-D(tw<7$(dVDOwU#a7k;SXttaaQ0D
zRi7&SHa(8i;E&h!whsR_^=ZH_Ql3rt{@)HcwBQHjZTKgZTL-?Z$DJ<x2|B+$_>;ZP
z;S=o-;f+hf^Q#g3YWW!6mAjvxSD$@;j{2V-2szB)eqAD=pI_Z4qx~fOCLK2g@5|Hh
zwUhb3hQ_~F059wHlPvsxRjpgNf37LOJ)R=`xW-e0dpu>he=e)QUGL*NpHw+q7iy?K
zU*m7UJ^wbmtk;D)@GblGd>ej5-h(&f19(mShj8~F!8__Rh98qp;a)#8xcf&szH=+8
zPXfMG?tZTKI!U2^i*nAu3);`ZJ)RuAtmEe4yX5ZY@%a8#ME#33o)X;i@p)#S3hFOY
zpDNsad_LKyj{2I{A>89=!ac7Ryrn*Ecw<Lc{~fsdbm5;-pB~)f=)>J-0ROi74B_rG
zg1gTc{@>~|fqNWNxckiD4}E#KUPUil{XD_rNx<DF34fOQq~IP;2JZe@cu(s#2fxYd
z9NzajhaZ<0;l3W0;Z5yV;2uvEK2ZM}+~cXkJ)Q<UTMgGqAD{P&7V4YIxlPx3?Z7>s
zF1)8cJ-Qwj`tZ-HehByRM)02cjNzYCpDEmZW^j)`deQ3jd9(T?;682=eq8lwxQ~~C
zyH6HAP@g>9eF|`ozX<=D`jp^4ZW(@y>Z@=cuLgIYI{fSE(}cTE3-0l^;onrB4&2A>
z!bhs_!+pE~+<k`dZ>!H3?miQ^$3KOCM}1~+A2%wkUT@!3eG=~DrQq(9hTpC}S-AV;
z;2wV-K2e_n+{Z1#|5^2AxQ|zXyH6GVBlW4n-KPQf_?z&bs80*-<F?`dTlHPIkJp2{
zPapno>NAA9&j{}EkKzBRJ`=c)JB6Q7ee~kh>&nMVz}+Va|C#!v;qH@xd;D4W-42Gw
z{T$rK&BO1m`Xb!NE5Y5T3{R*}74AMYxW`|IpQAnvxR2X}pR4*d+{f#{-KPt`xBB$q
z?lXXU{6qNt)Mo_uamVlnsD29f@n&%MiC(gLy`85%Nx1u@;2wV({t)%az<t~-JgxdX
z+{Y`x-KPluRrM*u-KPTg_^a?os80><<JRH7uKFh2$7{jerw!krK3%x`^yqp%)Q4x)
zX8`wchw#U!ehl~VCUiZ2o5CNbKG928uPgUSz@2{*{zUaj!9D&o{K=}%!hO6P+<o%!
zr>IX6?mi{B$6tm&U41HWAGZqMtol0K$7{gdrwM<y`n2Kh(}8>ZUHI>)PY>?n_TkS}
z{SfZsjo|Jxh8NXm3U{9w+~be7tzK_i)h7Y>ag*>DsXh(&@iK7t$--Z%K6$wN6yP3z
z5nfiG65Piv!!K5S74GBJ;O<k0?^d5C+<jVbkG~Dyt3DmLkK2V`rushI#~Z-iX9(Y~
zK4ZB1OyC~>6n;>BW^f-jx@h%!TULD%?&GE4?vsXJsXke_`{dvre;)oy^(nx8+#>w<
zR9}Yscon$&RN-~?sl(l;0r&Wu@FVKeg8R5__#0K<h5L9txcl_sZ&9Bi+<iuHkADnr
zs?P-O<4)m!r26P(tJjr}mw>xZ68;YLNyFVI1NZo|@T2OJgZsF7_`6kKg!_0Uxcijh
z?^B;D+<ofsuJ#*nzb@B=pVI4cEx2EoYs3AzTnD~cugm%Pd|j@G`i|z+hx>KTA>6Oe
zj^Lix7@j;3UMHNuJ+CR;^P0i8XkH2Z`<3UF(|!`}@uc7zHJ&uw<H^81o-BN;#^d9A
zJbs-ykNU4F=K|b0m*9SV-~SHd{+?F_^(D=#3irHfaL=m_uV`Kk_)Txn>%H*YYlFAo
z%P$Y!flsyXoH(x@>JMvPeYoc}fO}p;xaT#3U;X+p&M~}I4?cn4u6cPL9>3=^L;VkR
z-Xr~7;(DLoB)p{k6x`=M4R0%-4BYu-;m#)qcRqP|>2)E80{qC~;6-@*U~tdF^L0LD
z)F%&x*K;ax=Tn3G-(~7>=hJ{6S3XU+^J&4IPaA&vP?%R2?tk~{!9AWne4_CT;2zHq
z?(vM^S1*V0OyCLq+&zVRJTv$?y1z&IcSWBsk0$~5c#`lfSB3GU;VtcF;Da}Y`Yil}
zJO`i33-GS?i|}M4^e@5J%FFPaybAZfx7OgtG@d%VEBE&~PhZEIsDHfHzjJcE?=NlC
zKST8$cvAn4<~-P^hx!ZErw@0ZAv}9=c>XtnZ}~yUc?{nwpTM`tr|@0!8N4EobbQZi
z(?5jcCg6E_65iYsejg?U-=g|7+~+F;Kk>?Ny>cENkIz>Q^+#2ohx>R%cw74=xN|PU
zopS~5oU3r>T!R;tLmlp%8*t~`ggfUJy!(&ge0hG%t%Lg0%B>4eYrhXq?hNa50C#Rf
zxN{r9o!c1h+$QiNXTrRuaOXCIC;vOtM;fnlaBd0sI@NoAuJ?LNq5k~CVST3I&MgbC
zYd;5fZh5$KE5Myw5$@bd@U-SthC8<keC<y|ZdJH*tHIZ+-t%K_4b;Cxxi#U=tqq@Q
zzXQ+cxLtTl-h(H87UtE5*W?5EKt6;g^{#s(xbLT9xO1DpOX}nKF}E4&-=y54U8`Ro
zaBfL>S^Fut*IOFy^_GEqy=CEEZ#np}&Efi=hkLyh;LfcGcWxzk<JqCV=f~VCsQ<EZ
ztHPaI9X`~41Mb|KaOc*7JGVC6xpm-IYhGQrbL+vKTOaP+2Jmbl<mUM?w-M_9L%EIN
z&TR_M?+)v726t|ezV72Xw*=g|CE?C31>dN7rQyyk19xs&xO2<FPd!KL8Scl00{qv0
zFFY<3;m)lL?`ppScWza<bF0CfTOID)8t|#+)r32@7TmeD;m)lCU)mCK^Zb0?om&s}
z7b&+s+_??ud-OaR?%c+3=Qe>mw<+AY&EQqdE7I{jFXxtkJGUg<xuxJIE(p1$;m$1s
zzgD?r;m$1&Z)(2)cWy<vb1T7}TN&=$D)6D^RfRjZ8r-?n;m)lAKXGBm&GYklac(Wt
ze@(fy;m)lKk1h%8tp|5*eYkTQz@6I=?%YQ3Z7&M*8pEC21n%6XaOXCIw@RVE=f~U<
znz#LD$}I_ZZfST``x&@%%fg*o4({CYaOYNlAJx2yaOYNnJGV02xmDoPmxSCrKj-81
zRzv+`Ulkq~>Tu`Qgpak~f;+c1+_`n&&aDe~Zaw&E&8rWuy)?{s0C#RfxN{r9hw9_`
zF}Dfo4=T4Q+_^=S)z62E+E2ipTN3WvQgG*%hC8<m{8r5?3$Jerx#i%_Ef05Y1^6lT
z@%)%u3H8U6TN&=$s_?${YjEdQhdZ|h+_^R3&aDNXYF=&lsf$8x9k_Gr!kt?WzWHUL
zkLSnS2B`lh<u-&nw=q1sH>|%2+__ER&TR&FZjt(VoX#x)FK-X?O2SXcQ*h^&hC8<m
z{EYf|ejbmnZ#mRI;??2$mWMmHBD}5r65P3!;m)lBcWza<bF0Cla>%U?_v1nX?%bMi
z=hlL6*%A7Ce$1_d`W?!x3wLgPc=FP)-Ue{zHiSF35!|_r;m&OWA6*>gHHAC38Qi%=
z8n1J3ZVC8cr`9vv>n#PpR=K6&&MgbCYd;5fZh5$KE5Myw5$@bd@DrL>8SdOFaOYNq
zJGUDA*lw+7xN~d3k1Mw(+_|;kQ|)))&aDe~Zauhj>%*Pf0N&NShH&RLf;+b{+__EQ
z*XZ9VJU_2b=QczAY2_AOw)**ob4$X@+E2lqTN>`%GH~aXg*&$#yrp^N;m)l9cWy<v
zb1T7z`@(wj{Fqw>^$(x_;f4643U_XG_)z-|xN~d5om&g;+}d#G)`8!ud3E8=tp|5*
zeYkTQz>gdVxp{ufZG`&YRc>RrbDP5ROJQBk;La`5*L_^)mVi6AB;2{B;0?_y4R>xC
zxO2<Gom&n*IT&*D{5*c&PYbC3edSh!JGU~ttNjYxxmDrLtp;~)b+~hDz)xvjO}KMw
z!JS(h?%X=?(sIbn^J8v3)Ze7s`f%qqr0)ysZ3K62W4Lphz@6I^?%ZbZZJJl4<9lAt
zEdh6KNw{-M!4p@6+|qEbw+#G;$}J0bZh3f9`vtgjE5e;y3GUp=aOYNmpQCwI;m)lF
zcW!mKb8Em;SBBg?Kc5%p)<XRQUK1V{+HmLAg-83tdh5ZRTOaP+25{##ggdtp{C3T2
z40mo5xO1Dro!bn)`Kpkc=f~U<nz#KK$}I_ZZfST``x&@%%fg*o4({CYaOYNl7c{RT
z+_{zD&aDi0ZWZ{6SA^U=Kj-81Rzv+2%B>D}ZcX@D`z^S0Yr~ye2kzXuaOc*87wchO
zeYkTQz&F1p)DPj#Z3N${de4u!O;CTma+|`PTXbOc^WmcQ6L9C2ggdts+_|OU&MgBU
zUmJ4B!kt?V?)8?3JGTOS*V{vX&yTs4P=A|pE5n^z72el=4es3PaOc*5JGUm>xwYUG
z&8rP}ZXLLD>%yH|51xI8)-&Aq(*gW$uMLk2L%4Gr!?V?}{w8qeHibL48Qi%=>gV(8
z+!FAOnpYC;+){AomWDgG3_NOSJ;R+_4*nG7mWMmHBD}5r65P3!;m)lBcWza<bF0DE
zXkK-=b8EnRs&B%bTMIr=z31oi=-fJ}Kd9WgaOc*CCtn`c+W_v|hH&RLf;+b{+__EQ
zCp51q+_}x*UT=}c>l~b00)Fc|!+P`lT<_dcsQ-|1OT(R87GBqW4({CYaOYNlJGUa-
zxs~7}&8rM|ZWXw5tHPaI4ZiD-LvEfQb8DdfZ<SjU?%dk&srEZ?=hlTgw;tTN_2JHK
z0Iz6XL%4Gr!JXR}?%XEuqkj@|^Zc0G4E4#^g~x^H;Ogfa&MgTqYd-~dZfUr4%fOvm
z7Vg|~@V4fahdZ|d+_@Fu&aDKWygTIP`7yT&>Yu9Is&MC4hYz*ifIGJ)+_|;j&aDl1
zZXNh3&8rJ{Zauhj>%*Pf06uGn+&n+#HbVU&<u-;pw<$b-D6GpF+_^>ix{vGJ5^(31
zggdts{EX(6hC8<m+_`1p&MgPu_1=)1=jZYJaiM_v>y%p&?%c}ouJ$W%=T?O~w;J5J
z)#1*q0k3FYO}KMw!JS(h?%X=?&h;TT&yTtFP=Bj(>%*PfkiHz&+X(L5#&G90fjhS;
z+_}x*$26}<$M?LPTLSLfl5ppif{)%Ga!bR#-ZJo?DYq=#x#i(a?HAzAtq6B+CAf1d
z!<}0Nep2(Q!kt?U?%e8d=hlEHKNxcJ{Cr-VTMPA%KBCv(;LfcJk1h}Etp|5*eYkTQ
zz@6I=?%YQ3wVKx$?%XDD=Qf2qw;4SBp^%&B$J`Q{w|%#AOTwL78eY|Y2JYOlaOakT
zJGVUCxfS5+HLoJvxs~9~tqgZ=75E1A_xzlX*INzsf1=##aOc*9kG0=|JGVC6xpm;q
ztqXT<J$P30>cgGe0Pfs|aOXCHpH_d*kGV}ye~WUP!kt@m#p>t7MeQfx&MgUdZYj8P
zOT(R820qigvT)~?gFCl8+_@FtiDTh@>iIFZ66((=w=&$hRpEW@*Wk{r4tH)1xN~d5
zom&fjj^@>dJGTz}#0?>bF5J2G;2S?0>ODW^HbDI&U$58S;LdFf&t4hU-vsX5rf}yr
zgFClK{X9<RmVoCpuO!^LrQlv~X}ELCz_Z<uo9E~8`1+PZ{bkB64|i@wcw74=xN|GR
zom&O&+^TTrR)cTUyy|f0)_^;=CfvET;72|da`XI{TL<+=m0K6?-1_ijEv&Zz+_??m
z&TRyDZezG}o4^~I*A(vDW^m^gX}r$Cxh3GmkB8hmKi7M`rBMHu$}J6dZdrI;`#HFC
z%fp>p0q)$2aOYNnZ`HiYaOYNmJGUy_xz*r>PlVh&Kjzjz{oUUXu5V4ab8Ew=+V8-f
zTNm!!dT{5~hdZ|ce2eBaggdtpeD=wZ!x-+|Ch+Q~LcQn5+-9hMjB<;vTK#;(xh3Ic
z?Wf?&I&K<1l4szXJ{`uHg}3E7_(YzEXM3Sf0q*ryggdtqyrw>$A9Jgq{!-;ug*&%8
ze5m~f-0Q6g_j+r=z24ezueT2Tu;$f;d%gAG&aDr3ZUgwS&xHIvKjt<<{ZZvMhC8<@
zJpYQYE@yD(7U}Cgu5(Mkom&#_+*0ta=9Pv!w+y`aS*>TdbIZZYs`vanem^c0Q2#aM
zR)jmZGQ6w(3f#F>;m)lFcW!mKb8FBwuO{5NwcwdQ3%Rx7&aDH_sowKrZaviB<Bj2Q
zp$~U%L;5SjdK<x=+ZgWLCUECAg*&$ye3RxC>G+<Pb4$Q|KTX1&TME8e{nK!-w+#Hr
z$}J0bZh3f9`vtgjE5e;y3GUp=aOYNm7c{Rb+_}}@&aDo2ZVmW`o5K3^{Cr-VTMPBe
z%B>A|Ze4hEIIOoGJgejO;m&OU&#8V0cWxtiUiD-6#?OWMPT<aM3U_WZc)1_?cz(<+
zp?TY{S8hqTb4$ak+Rwnf-m-A#mV<k}<>Ah)K-avAaId!#+_{zE&aDC;+#GWA{G5;1
zTMhN!Qf_s)b8EuK+Hb*~TO01&I&kOKg*&$%{KSbcuRh$l4dBjg2zPEH_{pz@{+=Im
zo1p#|8sTwa3U_YN@2!45T-1I7?%a}a=azyyw=~?jW#D7YD+_mSIk<Dn!<}0Je$!ut
z+&n+#RziJFxs~D0tqSjJzed+_>u~4RfDcsPggdtue5m?1ym(8PZwKz&x^U;#gAcy0
z^$hp@bO3+3avQ>(+ZdjGRak!$xYyeh?%ZZ@ueV73e14r<0)9gCO2WO~QgG*%hC8<m
zJbP=%&GYkkoLdg{?^SMjxN|GQ+uAR|om(01+$wPAR)ssa8hoSXRfjvb2Hd$d;m)lE
zFMK29=J_$V4(e}JZe6%@>%)_;4(n|I-=gCV;mh(7{HS~kcWx8-an(=Zx!b~gXK?2h
zX}r$Cxh3EQ_3`{%@AZ~K{XO3l9v9MZ=az-nwV#7~z2)IvZw0v5TM_QuO7Jb3R~hd0
zR)IUWD%`o%;M+zaf6tG(HBkR}<<^8dw>EsL{SMr@b>Ysf2X}6LxN{r8%bM2^?%YOj
z=Qf5rw+X!Sw;?yrkGaiIf2ned>Z_k`IJYFcto;=Hn2wu<-zd+(om&>}+;Z@n)F%%=
zAuqt4TM_QuO7P;hLvEfQbE}~Koyx5WcW!m~Q2Pz|RvouV*ZZcn;LfcLcWxc{VfF9A
zvws)n+k-o|KHRwt;A{Rq^zr<d+X(evR&HasbDP5RuL<jN2KW6m(${@l-%k^8=az&!
zw-h{~d8OgLpJw3BEem&UIrxU}gxowokKd0A1=RmkxfS8gtqkvKzXH$dxK+4wtHGUH
z9q!y3@RIsB;YYp~=G%fhw>I3lb>RK)hd!PkbL*l0iEq~HZ*b=}q`x+-w-Nlfjyr}s
zw+Y<2P2tXM20x|#k&f?qZTN>U-vr#bCE?C31z-Bd&?gP|ddtA~Dz_}$x#i(a?HAy_
zpBCZHtps;&Ww>*zz^j^974G|K4es3PaOc*5C-ryOJwKlp=hi~~A1k*u+_`n>uM6v~
z2k-w&IA4AE+8+lWz^n2RJa;7YAH!>^pTJMZr|`@)95>Q<okLFh3Ao3fglE+!1^4*V
zaOa$X|G?`L?)N|UxI9kx$)o;O^(nwTjuO14{W9G1t-!C=e5-KJ*ZnxoI_m#b<7~h^
z&KA6<{Wjd=?7$})XBX~qx*x~cNBuqD60WxcxW_qy&$K^=dz=&a=AVRhIE8zh?#FRP
zx*ymdq;V$T9%l+()P5T7`%wno);P0p-;aF1^mxv$Pt<SHI16yEbB~LCN~qtUK4rMa
zQH3|PUxRzTb@&<0w*mKj-H+pJq5cAmvkmt+yYQj*dvK4l4=?>MT|eO-r~7f7Bh>HE
zILC00a{~AIox<yH5BHZDJb6L5ZYN$JZatpig<(Gl?_YP{mG{F*!L!!~Ps5LVI=NDx
zg?rpN_|{(u?{l7qchtWCcmEQ+q5U#^)0e|IEAZ>&RruPkg!&r1xD>`&hgVha<2z5E
zmnQ1}Sm&h$uWk+bx8d&7fq!3px^SQ0K76YE0la!5%y$UCPCkN<<zu+>nZPHi_wkv}
z4E1+;M_9Mf8&<DR=aYmxuN2(tDh*G6J<K-)_qxi$f8ojZSXs|G_&;46JP-d+F?a!f
z;85@){AEuF^DV)B-plZ*@~Oam-fM98t;3y91782HkWUlteA@7__B-&>L)Wh4)`f4A
z_uyrDAAXH|0B^~MaQ}Ul5&W^Okh90jbvQx&y;MJi`*<_B&sX%u)$8^}9}dS&!2LLz
zg1c`TzD0irFaxjr*8Rfu7QR*Wd3aO%1^CtKQ-n8Dp??W}jl2x+$t&=Iyb3=dufd1%
zI(*v$!+09-n%wi_`E8;8ZSM}}r48@>K{$UMxYtz|evfwO(}yP;q0a#BoQLou8vh91
zkdNWV<P-Q!@+rJ8pTUpIBaPR&mCp+~C*X(Wo}cTz{!^%bhVn_nopT26oU`yxs!tx?
z)P4c(oQv>=#$SS8Eic2n@(R2!ufmVZYw&@*4v*GpJ;T?@JwN8$Lj8}GPaE!>J8<XR
zh3|Wh)-yc$Caq_<a~{Go8vh8sK|Y2T<r8>WK85d+&)^k#r13hpBk}~iE%*Ffe|9~i
z{u9b44R_8NxO2|JGw%&K=iyE57vRph2roQD*Jt<^c^Q60UV$H#SK)1W4St=x4!=p>
zfRE&!A9HS@ez)>z!<};n?wq^uZ>vuqo_w>`Gu$~3;j@Q^oJa68@-aO9uuwmNXXR7)
zM)?e$lSdk_bK5FUz^ii4&-G{5GwL7szOW9{aOa$XJLfF?57Z|QZ)(2)cg{t4XT8=l
z{FuB9AIdB6vAhbuU0#Dv<aPL(Ukl@Dz|(Tik2$wc|Ch?A4R_8RxO48ppL(6H&+z11
zw4UM4c?d83y4Ev%i+l{P$|vx;d<s7zpTQgQNaJ;G*U1y`zTES3{n_=5`d2ESG~797
z;LbS<|B3qK;Z5xq;Lf=S@1C#q48KuchL7YG_(WcXpOV+$Q+XX8WwoB+>*Ssvb8eyj
zQP+oc*oHgj4%|6+;WxZr>lvQBTI(6^oQLoukJfsIH{@gZG5G|3lY9#A%V+T8@<`)#
zZf717#*=`j9vj^AbN$)%jQW37K54jf&cK~>7QXy}kaHg1)P4c(oQv@F8h;6%k(c3H
z<Q4cfc@<uk*WkP4b$DIgfFG56e$2Ur`ae@XZMbvpz@2j!{-}=DGd%hGTF-FjJcQRD
zr}Yd!A|Jy$@(H{rpTcjF&)|J|r13hplkx<7CinbYe|9~i{xap0hCAmB+&O3A|DZm3
zcvJfYxN|PTPdzc@T!K&KW%$}Bh58D7y}Sy~$ZPNo@;bcm<j}tX-zE3_m~#vDzy3j8
zpW)8A19#3{_<Pi+4^QfKk^$T~58+jfe*|BakKrx(1m2NP;m71Ncvl{2yv{A!6mm|$
z*U3FU*PmU_sQ<3=NyD9U2JW1*@E3nb*JpTB`vtgjF2XY!e+j-pUWOOt6?j=*h3}Hr
z;1zitevV#OY``;e&yP8`Q2$Ql(}p|e4%|6+;cNAJtiR94b$uW8hg3g+dp!){?^OK=
zp1B}g|0i(wox=V4{0u&LV_3J*TSGsO->=Un;d$++;7gwmebVs0JOf|%g;1Y```>+X
z@Qmtxe2>$)6;S_=%B=|Zzx$NoP3>3UoqiZ+6&~Fjyaq4J>u}Gj0bf$RkI#9vQ2(@J
zx(>rVuP%J7{T{rk<M!dp@&UXhAHqGa5&SyU`}myK1oiLIyryu^D{8J@pIPlE;2j+|
z2|p%J!H4oR-1Ex7PpaO>=e%;L|B>dEhkIT{cwPG?_>Er*>#YngemQsrep+6IdtNno
z?JJ>=kI#8EQ2(@#gmu`2dtPn$Q2QPDn$7nQ|E>ow$$Rh{<$bv4HGub3@8fe`Bh<e`
z^BTiFuPHqJwy-W|@Z&meq_6w9N1hqxn}Bb5R`4X;^Gd->s`v5T-`B$o>Q8B2S-9tw
zr)$3e-}I6&&LaGjyaZ3aG}M>jo>v9lQ+*ZgdDY<0ydkW^I^6SW!Ux)K!PD;v<7~rA
z@(%pu(NN!oA60!1eq7#%-zxXGcpitSf0yPvf{(TDTlewvkO}H<R-YL>`-fpYN4j;N
z+Vx?+33y+ggg4(8>Qiv%lZGeWAL=vkjNIe$c)T8RsQ-@Um4`c*BD|sf5`6T5FrG5}
zq`U&pX`EHK=Uan&J=Ec2_4l|q-zMts{?V}hTX4^}L)U&6?)moM^$&&|`tYg7Ie>e<
zL%8QVf*(=;G2G{O0)M#XJB53`(I2gTo{-ai0zUpom{$^>x*>Q9KKgL*G~Dyez&+nA
ze4F}vTs*&d)IUq}Ex<kB5`3inGJNx&h4EM5OCJqhg|F4`lh@!?)z{&5c>{i2-h{h<
z8{XG`2VVPZ7-tuLSl)yC_axnqIS){Osd65|{d<zm)qQ+j9i#p=UZ3#nHF}-^_j!r*
zb@wmmd?nz{EeZE|Nx^+y(r}-b4E%PTFOS#b@%=G}`gdu*dARc`!kgMJ!JR`HzQyYn
zKJ9AV!kt46?i}iH=g@$kQGbt@IkZs!G3C&PJI5}3s{J0^IrQO0<uHKX^s$h`5T5;b
z@DbcOjN#5<0w1Wq$IBdMsJ~S?MAxpq4rf)Dgcr1*g3oRa<4?o8Uksjsum3{uEZo=U
z9NgFEJiPqpp^wMK`4&<CZ<=oj?(1^}KGA*^?%!{$!B75m7*8EOmN(!tc@v)edg#-J
z54GQc4{i&;x7menQ~w_P^ev%(AAUmh1Nczx<1^<G>eqF{^PDl<zdz|**=LIS3)E)@
zcc0|jSFhW?_EYe~zx;repIg)LC>cBlcb`1`YSkCuse6Y$MY{G&@P_uw@UHeNaF3%7
z@7^5d?|#m6%d;P}GT$cZEAkH9eSCcP*{b>;>YMUD+>bj0_)(q5A>79u!%Oc7^P0eq
zDd#EtlzaxSe*3(Y93u7eyq4t&_{RH$^O%H}?i)M>Z>mok-jZkFZFv^Hr2aX0^<)@-
z9)6SR3-F%mi|`F=!}y)6bMW~pqyBq3Uln*>>#YjEu^sx?;XQd1ev`Zn@5{UJ<MKXy
zARod{$j9)Zd<IXxKdiT?wfcI}d46hT{UqR9wgyka&%7*n8lF-A47|D{)Mw#6c@FOW
zd3fUD(5C>e?FwFmpLpB@SLRiQ=QYj>{BR}oslt!TYjBUV4qv-B^l89PT^76vzvc;H
zoNahX<LtnX9}0cC@HNZ9dvK4l58tBt0sORl2p?P?`j6n%D}s;Vo39K$fp3vd;UoDB
zK9MKhxq96;l}{3${;zP{6nyZC;Ayz?$-r~34E0%fNuGlrljq?l<OR6%DZ-sk3GRH#
zaOYEnca%>Je)2A1z188#SB3dD;LfKBFRQ)<AHF*DX~TEDCU^&a^=pH7;Wxf6cn^MD
z-iN1-g!%zIBOk&K%SZ6Bd<<{AKJ=f!&&X%+R$JHGcdcHx^~Z+%6Y$iVLjNS(`KREU
zRG)^It`2=N@GWl*o`r922G7A$ZwsD>r{x9s+CL2SC3s)!unf=N9O^6Z!}2QJIn?0!
zFNQvKcv0Sfm*q`(P2PfEC-1;VnpYRz*Z6zzGx9!NkEa88LB}1!OY#wXNj`>OBcH&J
z%V+SZ<`w<%>UHb$m4I*hO2|J6_xVb}eZJCgpRWwu=PL{M`O3k4z6$Wf2f}=caG$Rd
zJo%SlUS+uFRe}3_RpCBgHMq}L9q#khfct#4;63fP;rWf>I@5uVwBEXK&&&Pz{JD?%
z=1t+}-vK<cHRL>kmyQM>!#&OkytF^$KZSdoGx%ZEM>@{g@yiqNnLG*49|*@y!Rzug
zJW~zz8F=*a;8}P_o`cs9hWb3bAuqs>$&2uw+<7~PR5|2dM*aJB9;<M#gE~B|`%w!%
z)qWf9^V@;<-Vo;7h5P*W;3rkzho6!U;AiARc;b!WxFdK{K8B~{6L?1Mc{Ar3>U+vL
z@h9OtxZXLZ;92FIg*UXHgFELu{Ky}M`4-^Lxd`v5z69TJZRk^mCtJZQ@OAPke7(E|
z-ypBUH@_?N_q?5(*K-r~-%`$PxO48po$~;m{?l-thH&RRf^X3{$8hI7fmc;Og|GdS
zFy9&c*t>&A8kckE$rJFtJP9AjQ}9#o3H?29_jk@2)c?0~&cU5?0q&g3@SgT7aOYfw
z@9Kwf*5J;$4)=O)z`dTEaIfbU-0Qgw_j>NYy`H;puV>HOIs0|0KI+q-)8j1M_lFTY
z`))nX!ky;?-cX)XxbvLBy>25N$K&_9O~AcwlW?!w6x{1J4fnduz`brgZ;!`$=1~81
z<(Y@4HP0fvqx}-xd6wbFlxGF*Jgac8&l=q8vkv$AY{0!fn{cns7ToKz4fp!=yqRYg
z^}Cd35AO9jfT#6y@euAjNARKY9K)UG1n%`Yg?oL@;9j4R#^w2XeJ0>upGmmaXA181
z>3O@q*JlRxZ&aRHxYuVMKGc2z?$;TL@U_>6*V{{Q=UIlI*5g72UVd-54p-qP<Tdz6
zUWbq64fsUfgs*vDIIdq`ah`shYNP(k%Cigi<5VB+$EhLQ=W7K2kou3|9^VvRcu%-K
z&){DFk-qME<#fIhaG$Rve4X-1!PD32@g3f{K6nOxjXVoKD$l{Mljq@UKM?wR-kz89
zETVp*JWFt2Pb%=f_N#E`S%Ys=o^`nMY``~Y{7raE-h!{`g!#7NNqGmJl6T>0c@Mrx
z?s+rM0qXDm`SAQ<2>11549~qctj`JD*OMt-dCuU@Gg3c~bF0RmfN%U@$Sn!q^r7G>
zctM_q7v&jvNuGso{cz~-d3&5*pLx_jOnDaIzQ32?UG10Q&a(o)PI*@0&a(zz()jD}
zO~=B#8t}~@3EqSk<t=zg-iDXu9r(5zLVwSjdG=8M4CUE}JI^6J^S-b?M{wWY$MAvj
zoWPyu6uzwS&)`#eq~m*D^^b=6Cg4}glkjWgDfm%&8lLTj{+_pw>-CvM{VwI1gZuhf
zfVZ_@ggeg?{FL%6!<}aZUeNff@V>kTFMce{w+`PXZ@_oSoA4!h3!eIT=<j(m&kpL}
zpgg;9=h=s+t_$mP0C%24c=G+>`Pc~VJjd{?#y^24KN03Ng{N)|K7+59M;fnl*dR~9
zH_DUn>?cEi&)a>xKGUf0D9;Ssk4HIpQ~P<i^DMwOD$gR^d6wV>jlT>}eJaeW0#AQB
zcon`uUW0Fx*WsJw4S22>`g`8YvxWMvD$h3Dd3NE6>%;o&!TosDhnJM+0PZ}8@S?^)
zf}i|snAaG7{Byx4@S%JPAIWF%u{_fJoZA_>=WX};Orrjj@=U?~c$9(HwV#E1edgeY
zm1iFAJPYtmUkLdW;T?GizE(dkm*Hu@E&<QTtMIJ62Hzt0yqRYM_2+&eJpXLMy*}IU
znf5zy=h=m~m1hs`Jp1sqpAUHs;C1;Beo8)q&*Woxr1LU?C*)K3db#J#JR|*kto_l-
zGXeMGk$=z2^<L*G)NfUvG~7QI`}eunCyV+^)h7qf>)$W@`&R5zK>ZukrwA{pkAEM^
zef;x&8TIc~pDNt*s>A*7SxvZeYr$_+|2Ev?^Y7hwobJ;_{a>k14_?y08};GtGk{Oj
zX9)LvM{xHU!~a`-CUEze!rf;EzfV8h-y@wj=ivGH-{I}<lSKWa)F%b^e0<*A$N&GA
z4C=e;<JWaqpF{nZRPXicdXKY!`je_J!kwGfFZ+~HKUJR!+<j_rkFO4|=->St@FjT@
z?(1X=-c)@Xe!G9K0Pf$n?7=<%K0JDS`2B<de2shv_c%xJjOxem!}1B-zi&B%cRJyD
zQKVa+FF)=i;K%j2lZ1PmDfmFY=b47z{*;hI23~o3@GSh)GlS>g)#n7y!%uGsUVzt%
z!He)S&ktUL?|M=2GW^6#f>+=hUlzOy_x-d6f7#99x>1MwI^Td7RNsR8cpbR=bm42%
zrw{l2ZV31ICh*1w!}^)Ry?$o!iPle~@AG=|`bofBdqSQ`cz0j$6nyFB!PD@}<-s%X
z+iStI@b=;0Irz4E@H{+qBzOUS;~Rq);l;NEFTqd!LGUu%=dl9+Go8m8-0PtMcb_Kw
zO7&^Oy&k%7k8eQ#P*@K`xYxr7e$EHN>i}c8*TV!Jy+7nLg%3Xvd<O5`5IoYjyxwNr
z;0bv76Ty@4<DU$kg6I0d)9{VQgJ<Br4rJkv{9?Ec<lsJEdHDTQUxfR3Ww`rP;D7D)
z1NV7vz&*Y;JoDjj-aBxg_bxoE^WKB|y!YX?FNZt_@GXPjL-^)l@Dcpz*MpDYiEjj-
zz^k_fpTd*h4L+m)Ab6xayxyFD0^ZPhOu;ki>s;9<i~7y#lZX2}7U3RW1)ez;&SMq6
zRp+Y)FUjk0pT`FMhasOPe9fugEqGquhWF(i_{o0>eY)`JG<Xlb^uK}+;Lc$Pzec|w
zJA&VMi(cn}ult5x=Yene+u&1p^;^Mb@U^!Ek92;#9<rn03AnE_N%;4@-r%lJ!~ae7
z&cny`dd{N$PrVM|XV)Rz<1WKf+ONSg9|`NT4nM4Q*nrpNO}N)*3!X@X$D=kpDeu4w
z@-F;@ya%7$GxYDn&zuu{0I!`Jd<1t6WB7Gn3+rJ5uY5iD6rTEK@ELrh^%*H|pZ7Cb
zp9y$N>oW<zQR_1WKfB)G7yWs79Q6Er+_UQq^(oco;b+$yJfV4(;T~TNUb{i-4St>1
z8~lXV8~p5gqpQ9R_w}#?_w}#~_w}#`_w}$3_w{f9_w{fHU(?Y#gr6fH!`I3u@OAPj
ze7$@I-yn~49=skl%9C)PuM~Wf>eKMe@(g^7JPY3{&%w9J^YC5r0(?ncg!_I`f}hel
zFT?%%Oa*>I^;Ni!=bW6U?_YJ)zgm5o@Qm(9ZMetRgLgg}?niz2vT_)}kIIK|-;YM{
z6RID>echhGechhIechhHecg^U59j9Vb^`9}b`pN8#+ibjl&9gh%QNs(@+|zcJO@7`
z&%@VzFx;<;aG$Rd{2bMn;cMj;_&RwNzFuB~Z;;pF8|4l7CV3O?`$Y?W!SV3;(uVtf
z;d%S~`hL+x{aw_j5BKBN5bp6!;OTC-UrgcGX<jq<W_hIV^EiFKNWhOiES%pY+}D{D
z{1cj&$L0RcA%pt;s?Wjw_*;N`9A$Vz`xW>Z&9@3)me=6Up$;!SJmlcxa9&N+54=v`
zo>v#{c@5xG?GNETza#hw&1($zye4p;UmwTw^7@~l{$5`S>p%KfSa+`X`A))f+E2lK
zUefUO9|}2V;2wV#?(^c~csw3|9`!HL_zQ5K*AjfF{W9FIOH|-nHU28x<FCP!j|lUv
z!&CAGJS}g+H^^J?oV*R+EbqX#%DeDw@*cb*@56n47{LEr`8!viFJB)<sQ-ZKCve}7
zW^j)q`SI23v!?wN+~+Y3uX!E9eIB#$W#y2AAC~9gN8|-~Q(lB0m6zZhc^Tf5SKxhl
z6@EhQoOoX9s2}OPG~qrkZMe@%51#&np4Y*BUIy@^Ixj=G&&vot(!9p-v3vrb$fxkr
z@)<nJg!^x#c{sOo<Oz5|o`e_WDfl+Ib8>&*Uoxmat@DzD`@9t3J}+hXK>HQA&r22F
z*LkVIeO~JDissdTSLIE3P2PeZk+<PZc?W(}-i43kJ@{DOho6!=C!Uuf>XTm%kDFt-
z&&w3<^OCr6^>wVO{UrQ$<)4BteK@SoG~DMU1D|PLS$Op8p-&E;kmuoR<pp?JUW9Lu
zm*6>h8J?F{;03vJ@_F&|fg0*J=)Bb7etc@eXWDPUo65NjPaO-nb>Pmw3omN?J$Omp
zhnM98_>z1GugOR7Bl0o4DWAYw@+rJ6cTUVd`sC{Me4+AB!2LLsg4ea5hHp~N8TfH|
z7Vi9W@Q%ixhj--#cu!u0AD5TlLwOl~QeJ^i<W=}oUW3o%&WZUqP=8SQH{oerkJ|9W
zr^5N`z$ePN3$K18tp6U|`S;<`Z-n{*JRu*#lkyRKoqP<>$S3fP@+mwopTP_ANO?Ht
zqTD&zef>$I{#xaqg8OkL1FvX53-{x44t|aD&%>R60bbJhi}0m<I4>o*pXZn1Kh?ZE
zUgzNFEmhR_R9~m-{Ysi}kD~*hXuk`0K0SC(`Sjt=X8_;!%#gznp4%3D1b04T_(fj{
z&j&nS<}*e815_V<diC|w&mWR-k0S%GXg>>gJ~{YFuOGPcDZn@G2ssqtXO^^n;LfKE
zze)4;c$rTX^;f9A4tG9HcuD&m_(c0%xbx}3qZ`7!`f%qnfVZlleh5EuIQR(ee8%tx
z4YYpXzJE>O-|+hBEm%Krk0S%GYCj8iJ~{Y$<&%dyp8|Y+J>*b?m*gdQ=QW|e40mo7
z_;Zw-=fQPVL;Xh8H{f1ZEx5<gg-^8KgFClAyrA3$aOXCJ_msm3eo8)u_l|_zJTB%i
zMg0!t5PfFB`hh!#3|;$KxO2$Cm%M)9&Y=K5yMEwj*AM*c`holLx&pt#>j&=jREPJp
z-++6*O?XrDZNWX?Hr(gE1NV9F!hPO7E}wVLw~zWi(tHPSubUA(``NHQ#_)mH8~lWP
z3io_xaKE2bq~mz}em|=O-0x?Vg!}!hQgFYYRT}R1v&z8zepa5h$KyP6sP8JzJlyYx
zRfKo6UxH7STN!>@UV%H$D%|gfS%driFzax?A7%sY_rq+${eGA&xZe-64fp$Ddfv>l
zi~4UV&mP?Wzq0{6{byl)4&kZS>+u)9PCkY^&k5Y`OEZQ0eQ9QJzb{Rsae2OeUz!Bm
z?@N<}`+aFraKA5&=k5MppBdDz`HS$pA`AEbPbv>@X}<u^E4Lziv%Ca%o@Kb-m!<;u
z`_fe5eqWjz-0w?Mhx>hL8gRcaO%v|-rSZI(XB+j8Ql1^S|9^Zvc<QFGKKpRLKl1=y
z{$yCUL%8!C!TtWsW4Pa+c>?$QGf&}uf94t7@6Q}*9?r+_&zyk!{h5<+zdy6{a38PR
zH0ocXoHKC$|I>2tp7!%_zt3|4K2**{xN|PS{XWlSxZmfw0{8noSK)r2=NjDa^IV7f
zeV!X|zt3|M?)Q0a!TmnZZMfg(xdZq6Ja^%KpJ(UI^VmoIl{$|Dxc~owBe?(Wz!<*e
zHa)+EZ<9~q{(BHJxc?qR^tsi~du#qX5%44OB;0=wA_e!~gGj^u_aHLxivEs67Vf_X
zk%M<tpNISJK@{NizYDpQ;KiH6{LAo$>MQV;ybAApH}tQ;kIC!suDk)iN#2AH<SqD6
z-iD9l9r&^Dg>iP_H_ChP)ABz2jC=qeen0dd!^_Hf0-xL->ZkBEKM0=q{Oa}TK1ujg
zeNylZ>XU|h92vO#=HU&EzW`r*|L}Kbitwzw0(YM(e4XlR@RGa^_c$7G_ie-dcV{|q
z|J|G}+<!M`0C%4u+<!M`1oz*~8N)q}3EX|7FRVWABjulfuh|>&Pr}pk4BUOP@N-n3
zgBRp^xW`d|yKfoZ{$iL<1)hIP7=IPMOWuIHPZM5HeG7iIybE`q9=xdfKKw@c0Pgt=
z;VI2`1kcOI@QQo_Z_1}|k9!7pE{Xo?^;6P*5?;I|TxU}7t@1S7f44CUFK9mppZ-PY
zpN9{>9^BvO=MR2;uZa3JUkyLMcpk3z^Tsmj@2~m_+<$Mf2JdOV4)@>tYrxaLufMki
zzx``rUM;x)?qM75zxUUH`|tgA;ZybZc$q^V^;zXGpkEW##|S>v{usXL8)04(cwX-B
z<9KGMzd+-ObUkx@L3K%ZM*AuF=5L1aq~Qg*zt8=>PO_-4X*@Z&$CHP9eHP&FRi7f<
z^(FY<sNRp~9;aXDub_U-UxxKxgFE*I+<ltx$Er^o?!3Bi_vyheR-Xaf;~Bx-XAFOv
z`b^;-Pg2)E=i|J5eYN{}R2ubu9+iW;kFUq><L6NY)cbi<8ScD%{dONeuc)Hl&np^m
z_wn`Kef+$lg?c})Xv3Xz2i{lCJ-Bliz&)NZe5U;gJoN|RdN_q=<^Dd;%lC`u&sRTA
zO*PIWJgfZ_{LG(*<EG)!yMt%o)gRwy<?o=mpU30tLk{)#IuY)7d3gGDVcbP{P5UMI
zu@8pvl;Nl475I9MzY0I|zR<_V;rQ#QU$5~u;QqTLE%-?LZMYu?JM<5Q@pR$KM}zm^
zejMz>{Wv&)`*CmxudBbu%N)k2&nt%s+<*6WMn4|TZ=_rIKXd82@b>}Xhc64BgfG1{
zcnaQW22aC}|3UB!yr@1|_}O&}f8p1(Zs7&(`_}XF{jrGpOVp<f_xD%eN8cUBUxlaN
z6TAjrFR#P1@&<g9yb1T;-EPB2+V8+i_k8fmdF;Y_zZAR&FWnr*--kEl1Ncex8N!oa
z41GK<=kN14M*Wt*3g>YG&wnYb&nf(6=Z5+jyjcn!>HB=#e}Bt8!g_{Zae440{NB0H
zCk6k{cBoIoH$E`bXW-BKaH!A1zwxZ#IrvEKd3*d`w*}PiR&FJ@zrPIkdZ@tHpA*(Y
z6`qmT;8}Sc?)A`sd)+qSS9~wz(1zDFuRi=L)eqsWpTfWM_Rv52^6JOmBkG@qKlf?j
zJZ9mpFT!tJANrT!P4%zCGdG9&CfxO1_?s)Cz7M}n{m1aNJHz;=aMvflvO0%%)kFU@
zysQ3s_znLa>WgsKSK&|kTBxtXd+OhYe@6YgaMusvFWnO6JBHt+{?TCde1ApxB;l^l
z!XK&gm4_c!|1$jBy8l+;u5ZE*d;P;tsDB^+)n5(s9l~8dg%5ue@{j&vbq+)IPs5KZ
z|18|~Mff)~o-+Ja^{>O9ds`S!6Ylyh{1%O;4<D)j82&xo-=}cbC%?Knhi{%6#*>Dh
zRR28uS=&N=5$^gb{BJe>I{cLSx8Yam@u&-T{Sf{g<v)g>R{!WPSI_tQ=Y{bn;jYiZ
zi@F}>;WPCw!*Bb|us*AB*Eiw2b^mR{6SssuefZPwru7eZ{S<!k#xUO*{QEjD(TUah
zJUScd6Yw49hT|sTkJI%b1%IB_NgBRY&j&K_H|RQ$g@0O)FFE*&eO};I<yn9~NAoJe
zyIKz=ctd^4@ZZ>}^9%22zXtd7jXJz|VR*jLfG^9Na6jK@!To%r4ZlWxJT5<v^7GFw
z>VH$~tq0HR`NRMoeJ!k;A-s1%nAZq?PBHixUY1Ybp6?Xy`Oe_$pBMUjT%2!0<F!9q
z^G(7%-!#0W{S17Ka?Zk!JU@&l2Or7vaL=~@_k4@+jV}oOJuc77=eLadotke2?)lc>
zUG3N5OZ&oc8}P~g;7#~B2ZFcYCteb~4KK($@S@z~;(U9k|GclC@bq74-NF;{5!~|~
z!`EtF6ZoyW!n~&N)AAX-D35e}&#NT&xa>Z^Nz{Ks^G(4$U*Ecqf1b*q{*?OU;QszR
z-1!vXIptG?dp(rkn^a$hZ<bf!{&}hf?`ppe_jR}dKj+O_xA5b2ty}o!*J|CueLwBM
zv+D10Ie(wW9_k-6)Z;$f_tOFVrFuM?z}NpU^qIlGsK?XPEvp~*H>o}Y|0g}aD!{j@
zz63w-li~S81-?!7HTaG42K)nhp4@_;I2GpAgTF&RCywAJRX>4u)qe&*rTWxxbw2l;
zg?VM*r&XVW&*TO8&y;5c9{niHs|NpVy{^)LCsp5pzg^FxdhnF$NAP=Z((^-jQT2(x
zUY*0Y^z&2-UR8Y#eyx7~Ex`|~z5;)fp4Zjj*QmY)FYEbd2i{Ws0REV(!+b~Zw(4i_
zU)ImFiLbBD;X2i);1hWU{!%?3&cU<)63%-8o|Bj0Nv*>gJg@o&e21<N9e6?YJ$Uq<
zkk0^KQvC#em-BU<ftOXE_?y+awd5)Im-Re62Op}w0Dq{iGbQ*~^)>ho{oK)jPgUQ6
zKR`JT;Ad1nf){l^oxs=pSoy#c^2DvH^V#d4r{F2oXW&Psp??m3)wx<%@OA$?cm@7^
zjlTxZsJ;b%q3V0^4XPi&KcnmI1inS}Gx*)K4pZM)ozG#_XW(njR}SzasxQGGuJu!c
zU#I#8{M~wdX~B=Fz6W3P8eM1LH>rLCKdS3w;+w1Idq(vscvAV~;A>9nyu<JPjxe4I
ze1qz1@CWH}p#|Th`VRcz>OX*QR{aQ`R6Y~<7S+$-C*+CSR_9aJI!wV&sXhmPlU`pc
zz}Nn3$gKoV$t&;+?iT7B@Vx3<@Wiu2{ylg>^#l0Ly1$IzebrCkoBu70X9j<ua!!m^
z=eAAt8Tj}0_+Eftqxus3Ub^2^;Kx<pfWKGkyaiwL?_vBMcvjwne?|EW;5F4x;Fs$9
zpZMF=IdoN@g8$<BFrEy&ulfS~73yDsA6I=1{&fBOS_6Jk^&R*DJ%8xIqgfc|0G^PK
z;6E;DoxszoPkd{2J~=&KO2M<L&%h7MbMUw6d0h#9LiH8+2UOpHpHzJd{u<@qfuB<S
z0RD8%YXYCCeg=Pm?(d0jug)j&A6h5yulRLK_$JjC;3atpes8VA3cR8E2K=vdzv#f5
zs_((8H|uc<K2-e#evPi5Gx%8bsgtYod6(*Q@Tuwx@VyTVc~;=je+I9?pOXvTfG1Vo
zf=5we<=??O@UQ9lXAfRZg!&QuuT?*RU#<EXeC;oWK8e3uozI8#ydnkPsQMhdrt3ff
zo>zSZUf1)$27IgPTk!Msyr>6XQvCp))Z^L+ex2$k@Q!>2_wOwv{(f~nUDc=HTkjk4
z%)tHo3_18UYeRhjUb|oL65PN4P=SwBUxSy=3w;`J|K3FlK1+xC9{goGUjumhp`m^R
zzvefBPvApce-htWo#)9%hWZrzJY8pU@Y_{ifWO~A*TYY%z5<_|AC6mtAJO%v1us1&
z)OX;&ulfPJtojjrr~ch%0<Wk(F<za|MY_(X;73%SgWu+VKZ0Ma`U?C#x*j&*M^)c~
zKTOZxdhi=nKY;u9ZAS1@s-M6+8$-@B_&)zT;CEN&(|dfV&%ht1pO*{p6RI!4pQFd$
z3j9{pH{hSw^MMY0tok1Oe2r%WpQ?TWKcvT<#P?RuH}Qlp-xT~+emw`CRDA*N-;XN6
zGpet^YflQtt-*iQKbOHvPYLxM`1bSka|gVl`T_i~d<1{9o?p%2M^vBq{_5P`r0ZA)
zepK~2cvb7I06(t!3jB4-zXl(wz5ze^)R0dL{!m@_dhpXv3-tr|Q?;%p@HI~l^)tAC
z&n<EL>U`FzJ_YZ}Gw?_H`V6l<BOJE`KVLtO*WeA+H{cI^Pgo}{cuVy?xPK3D0B@^)
z1iwi>f!|NhA7=2|RiF65>fB13!+cZlKm9-Gw)5~Wrv8uPUt5hWg&2g0jBI5cYgx)z
zB7`9kiLqz7YwU>_B#~v5rLv8!vXrqz2%{`zoor<vTSAzuzn^<v=f19aUf1~Veq3{%
z&zaYGpZ7VR&$nB@d%N(YXZ5@XAEZ7Xz*9XR!b8<(1kd$+0$)Sli&OZAdOnArq<vb#
z7wCEG%X$tw=$_`lOFi$xZRPC4tzK0=0lbTzkKk?fd<_3$|LPu|!fidD!At$SqXO>e
z`4WDk&VBo<dJbLnyaS)7??E2i)$>05Rr7ZTcn>`v!SB;K9>YC7pTdV~eRKFQJzv20
zQ=hSl`umR7^EUi2ou>|byq<UAk9pb`@a?qj0sNeOtLH=bd%9=F@LTnK0&h8@s*?<U
zm!8kz=HCMs@CWt0^>sa;3zf4CpQ+~^_)7a#@8!ZD*7q_GzPg?d;5(>4hw#1juf~tz
z*Xevr;HT>O3_e2VT>&4g=S%n=T1V@fdOpMSyaVs4=Uw=NdftOSc0l!BK76wFMF2mw
zPxX8RKSXt&z>|Zj=TrDa>cbg)hMq6riN2?l@J!F!-`4Z_MD^^z=jeGCzIoqjo*w)$
z)sGLKd06#)2)|eTErP$Q=M(q{<&eVP*7F&>!{OEE=J2tq!xFx&p0~cM=QCP$=)iZ;
z^Dg{z^<f{rm!1#c7ntAG;eGXd4FAsj-UUBZ&!_NP<r#dS`Mv<ZOV1bZ4t|wq34cWO
zZ+&0SZ6iHz!%MjXe?;}*!uuSddV|~jD)-@2HJ=df_phFh;LoUT6Zil<pTZ}qescI=
zJzv1j8CdoI5+3S#dtp7d{q*~u10Sa6J@~r1$NKQg^n3`9^t~^F-=OCc_^0M~LinwE
zK8O3}cV>8^=dB;=?;C4>+3+cP-i3dw`FQY|dOm>vsK4(-@K^PG43E@j68MLDK81HU
zx~i)TK1}Cw0pDEDm+;TjhwVl6e0I_E4m?udaN$Skc^|&V)av_A03WUABlvXfqZodJ
zo=@RB={}IbZ`Jb!e5&?)2~YLB{bN0cyUh0;_)I<T!AEHw1Nhr|K7?PSeHz0*)bj~^
zj5&|s-|6`rKFOTR@I`vw`l<fD59)m#c-Ld9dUN4dsNQ^d4?Q2i?^hp-;C=Lb3}38$
zm%sx(pTU3A^ErI5o-g6os-Eqi>p6_p^A7w+egAUdv7Yzgqs`x0;J51e2)>8vIfjqd
z^E2S3{&xoNGp73YlXKw5%X4@jUjQF0FW~0iwJw5xt$CVx@!w&#EUxD~U(Z``^LciI
zcZ8ewb>Qb{{$1hb-?h5%P|x>(->!Yv2fqH6)j2x=zF2iK82-Ha+c5a!+NY!8_v)M)
z51%5R0)J8cEroABtEz_?@MrY=9Qd-URDF8^+|&1$Mev@g+m>JI>${D9A8QN0LVd3z
ze7yE!SNNmqOFiKC>iItKhvb9dPimYHez(?l7<{qry%GE&JwF=WHrMZa@QqX_<KfF}
zTs@z_U)DUQz~9sFCn<cI-ggGPx7I6zr>dVh@EtYJ9B$^n0B+v5fcv^nE`lGRIw|3v
zKDXu9di@-s=PmeK%BL;-1?6DFPtZ6W;Y)O0IPmG(k6qypx2g8K3m>CC-vhpq_K^pl
zu5tRn_tAaHhmX-YI{@zNqWcy6Oug@5xUca;_$<}KF!-P9V-fs3jXxTGqSifz&(`;y
z@$mPwUI{$a{+a^sdP()ZDSY(6YF%c)Ptf<x4DPBg&4Hh(`RDLgG@k|Vt(1QOU#@pG
zpGENB^u3^jucqf)eyi92ZCZB=eyQ?r3twB~*zgVH9qH;<4*Wx{S6BF3%E5(?Q~o{R
z8%?Oz%Y(15u<}0e_2fSME6ryB{8gP_0eppntMLcJ|Is)h{8PQxF!+6XuLwR$f2SJ_
ze_!*7;hE0;@$k3Q2NL+F>hn|J-L#G=e4*w)1HO&&&){!sK6Buu#>wFW)i)NvyKDRc
zzLn}~5xkw&rG(E?zilb&^}j&<!GeFRe$^J<(ydx|8~(oDw<G)m<?q0c)4ACd{)N`p
zh0oLcd%!PHKk?v?sjm9Kzt+0@@E+<{1K>R`sopn$udQ=uFnn*VR|sE8e=isYKTw|=
z!Mkdoj)ot;W!3j$_zGH=@$e%wega=Z^O*u4p!ZGT+pFGYz(3LYX7Eik{v7yDdaoQl
zO6#})K3098fG^bNE`pz~^QeR$s~lRE)a!p+t)m5>p!-H!czfL^ZTKnLza8Q0X<Z!n
zkE-*o@LyG*F8mn%{?-Hjo%V$X-$Q+@4}536uMc;%UIXBNYn}o8IMv}`cu$?zA-vQ)
zhrzGZIUB)mGxs0(P~{xM_flPrhcCTHwO<nWy&8WCd?T%I3OD)8fM2coWbmVu!yI^`
zdd}hdYrPi0hbrd+e!BMQBKUcx{^7$lPRsB0`hQaMvEXN@KevTHpnYM(edXT~ez@Mt
zfe+Ds><WKb^Ks#SX}|Y?zpLjx_}4nu`oO1Z{yu!TavK0YaDw_j{A+#gV0f%P7Q*k-
zJ#!d*h;okLE30lt!yi%I#_-?tzT@Fv=v+?VPij6>;Lj_c6h22j1Kv;hWbn<@_vXMq
z)i^nPvGQC1zsl4<eD@=C|A!CJz9`{e>ORx*N4@?pRQ?wHFU_+pe30tdhVQELu_Ju-
z=d1d0;O6<R@GaGUT==%ivj==XeXa-ZrE&Ve*V6sahhMH72EYfJ`iGya^Jp-<^@G*>
zhVXW)RO>Yiey8?J1Rt!=9SuKMpBuyf(fKkSez5XM;GWLGDe%r(uM{4rzs-PWx@Tta
z0s7oIa5GL0zh39a0{EqR-va)rexF$czu442{4CAC<<ENk|Db(g!T*rAh5xR8V#8bY
zuhzXI+>GPE&F6N7n|ZqM!8%WS!1q-j@ZfXJ{U6?6&-?J!uUGRQ0Pm`L2;kS4`iHNu
zY*ptWy!DW3{9*95^tloI2d(dDc&Hp=cz^Bp@$k`Q^|=ZBFO5G1ev{rSg-5EZ8Sqa`
z{lkBh&w-EAI61tt&btNh)@xUJ7VurQE{ovHpH#hX34cZBUCUqf`rlB`Tk!G9tu6dy
z?Q0u8Lid@D@Qu}P9k?04E8NV-h3}+sdcgP7x!}Q1Q=RvLAEMj_z;{#*gW(&iK8L{v
z>T^fKPuKZ49zI!pehU0)`3(3es^>ZI9Zj9UpVhr+5xj?<Z~42v?yG5^wuPI&`*ei&
zQ*K@1x2tdWfX~u=`oN!3T@8Snzq1U6&(%1?;M-_jM#Fn(9jCxAd#(EWR0`kab^YB6
z-gi#r8GNyP4*Z6>)$=*LW##q$`~Op0(BMUbFKY0z!CU^Rudn%BtHIkgxZU6#8{BE|
zt_|)sc#j768oW<~`wc#z!Gi`L+~8q@4{PwK!ACcE+~DIIJZbPL4W2gmj0Vpdd`^Ss
z4ZZ-rlJ-Rbzo1REUlze*c?nNesh)3X>G<D$X8t`ux?1HH+<b0ZxcOWgUTB<-4er3r
z_+8;<J}%sh-vhq->ec)`c-X%3KJd0{Rqn&h^8*?@Xz;-e9ya)}29Fwibc4qYKEA;d
zxXFJC+~l0X&GR!FJZtbd@Nn%a{~Vsk7r>nk)$;}X?R6_(1UJu@4c@X;z5cWHs&Op1
z8K-T7+YR2a!JP*0+Td=3_h@hrzS8>Dd-Z{v_wpNj0KAXJ3E*a&!3`cZ_%OJy@guky
ze{_S#@IvE^hnsPd2A=|7c7rOn6h22j18(X$gPT4!2X5w*!+UI4eeMFddA@-Eum0iY
z`Le-VmhRZ{?|-KM|F8bxW}LPSZZ~+x26q~~YlFKD-lM@i`2Xr3Zr;mp@B#4u)j!;f
zGq}OS1|J6hU;V?)_@f&<hX1er;bxqq!Kc9g*Z<-F>;G``d<Oqt{lm?DJBOQjE@<$g
z!51}n+2Ae9)a&1TuGQde8{BU2jt%ZKc-IDZ8@xw@dkx;F!Tkmw(BMIX4{q?V!G|??
z)Zn8VJZ|vu4W2aklm<^5d`5$34L+yAbGX?T3*e?ciw0lR;AMliEZb234c@lF?FR4I
z;7)^gZE&~2do;M$;C&k0Z}0&P9yIvi1`iv2Sc69mKDxo<1|Q$xNrO*m@U+2aG<eqF
za~eEv@C6NCH29(hFB`mNxrX|0@U{(ZH+aVecN)BFgS!phqrtrf@6+IZgAZu%puq<>
zc-Y{>8a!(7(G4Cq`1l4-8hlEFrwu-%!LtUR)8Ki7FKF<h!51}n+2Ad$8tT8n+cvn}
z;2j&>Y4ENM?lyRj2KO4gPlNjnKA^#a1|QtuVS^8A@TkE@H+bCO;~P9_@F@+RHu#JN
z&l-GAgXi$x`a4Sj@2kJRm++gGYTfehe^%>yJuiEF<u?3*l`41O{Wq-Kg>QXTtN)Jg
z!FRv7av#3gvy}(%c6}-j;ces*e1p%b=VQ1dPvB?h?`tW1L;X974BkgM=kUXoa{-^M
zzw?&xyY=@h%c|$Uum0X-!>`ic86EgEjqk#*Gk>p#AEfbp__g}GY5>1U9>UMk-wh-9
zz4~`VG5lOTpTKX_-`P|6X#IUNgU@xVdduOl-nW4JdfyU0N%ORpujjwF{*GzG2kY;B
z4*c?kt^Ql*E_`+UI}Hy$MD^ywZ&eNf`~b}-gukV~vq$jF^mqIi-u}UAo(cRx)nN*6
ztv-;!yXxOp<nTK+{{sG6S$%E^zdWzpTA`l*bNY7+HhiebAO7P;>Ob(QT3-*ogXZtU
zcasP3>Dpf*JXak?@D9p3hF_?4Pv93#sB%c*GxfO{ypzVy;TI{N0^U>aRl;x6zP47Z
z=ikQkfB2^AhYq}}+=Y+Od_4F_xep&B58#(6w-A26>MeqIG5N#iYrPWqm+};zsSY#v
z8|L5D!0%F?1^gP-c?tLR?@X+f>iOTIe;;VWzt=n+`1|SuF8l$_$AfoMK0bVy`f~uk
zS$#N!AF93-!Qa+?kKtRZFD3BXHGT@eMtwDd->v6!_*hf_@O9LOOZYK57p#@*`CqMi
zv*C+P{_ycyFBkrSa`51v%6<5w>catig!)4We^Sp!@B#YwGco)I<(a^**ZZdM9nAd)
z{<Y?x!;eut7x0mqe+mCYb!)Y$=l`JA*M>i$dUoIss}H#FD^$-Oe1hpe@Dr6=0Do8e
zJ%rzoSA9Ez7kaN4-d=q*ftNbJQusge3_ebuo5LSfZUuat*1d%Pp?bDfspmgN>t(~A
zF!{q>^%EEVgL3fTJE{-(@S}Bq4&X<b`w#pM-S;AR4|D&4KdF2Y_~}~r6h27v$>6(b
zU*zzy%B_Ikqj{F_33}dYThISgeXb2Z!TkG1_zbO!3;)&R58qJz(1$1H{Dm*QV|Bj@
z;i)-);RCf^F?_PdPvD7iNZ}Jr|A)^WS?#+V{+HgjfS;f~U&4E89j$it{QskRu;HyX
zu5xhT9kj1q_{-+}h3{?ZAAYiO3*gVG&xi1pHJ=E+>^fCGF?@f$ZvwwhIj8VVRVNvI
zveqkyKWpy)@TYYTFX5e(o3&~^|Fcc~!(Y<)4t#&zZ(aC`%E5y#uX^_34{4tU@WYo?
z{lmLx{t^5I^Zgh8n8r`wx0v%6K3<-|Usqk_@U8UwMggB<`agW4&Jk<1dj6+rzu545
zH6I5)O6RN#?`ppP!Vgg$`taw}p9A<umsIr}!cS8_jNs>J{xN)v`TYU@l-4DMw^f~F
z@Kse;IlQ~h!2-U$)}@5+Dz{dz=l{IsW5dre{U1I}`_YB3srh^G15E#czp1_&z~{+B
z_@Npnf}gK>#_$CiCxNf0d8Y8sweA_br*h8WM{A!J@J#))gb&v|t@ic&*V6jh@af9g
zfiKd1*oB|3I`rU!G*2JiP5mT*pQnBp!e^<^MDW+tCu8`1+V2T`toB6;-(NXr@M${7
zbNDdLvw$C|{a(UfQJq_B)bsyMdD`&5<qmv~#&O|0nEnHwZtnl^Z&hyrd@t?O5PpT;
zH-g`*?}IUXW7T;AceU;*`~uxWGWhB`_jC9mItL5*6s>y+KSb+mty$0iO6?09zPaY_
zz;{#5F1(-mg9q=a=Y9CGs*?bo>0AimGqoQh_%@nn41Z5`lEBZ@y(@(;yQDgIGWg><
zPjmQa<yOE)sZL7xT<u@WuIK-e=4r!!Qhhq`oAtRa{B89C5B`qs4?cXj`c(k`P|t_(
zQ`N^J_@%1b7=EL2NZ|Xc9#Z%^s`Cs!N%xQ(K2=`8k5wI(@FmLATC1M_B=h?l{0-Hi
z1D{~-Kk$~}RsDGIsT$vhchtEPz&DYH@Ga#L{AtsF;2SE>1Rf}#6#kjkJ%it>b<E+@
z)MpC#O!eCmzM}S*wRS!KJ2k!yzg>0iz;o>*7rveH@!&_QPx|ot^|=B34fFjAezvK9
z_?71V3Gc2xpTOs9{we%jeQpN-T>T-3uc|x?_*(K3{*BhxTBn}>!zO?DZ1r0QeunDD
zg+HzR=)rf<y7=%9)UN{gGwQb?d_SGb5q!4lEr!3SaT0i9?mzIabYIQjpK6{t{8f!#
zz(=bdN_a2TgVmv)|F@?9!#`3zIPm>7jtifx_wwLZsXzPhLo`l6SAP!S(=>hre@i*U
z@b^vr@P*1bg}<Qs$>2Yk`iH-uzE{BCQQt1%N9w(-b?f;LQ9ax6K=%^|K0xER@Xxhg
z9{gt2gAYGa_ptzeyPgl>U#kuy_+0JN7=DK4pTO_d_$hq4`gsO#t#d7h|EPXaz-MV4
zOZbEOTx-30{+sHYvf(EvX9phY{^r6j)H-_bxtfm;pRRfi;74j-gz&DKX9QoO`i$W-
zHGTp=ciHOqr4*iP9W(e2`rI7;rutq1zgy>K2|rfvWvyS&e~9YDhVQ1&b>OMa3m5*a
zsekyfs&gMcQ}q_W=PQR0{-O4D1b;^JiQ$*29uoLZnr8|RG|vqFpz_S&d+J;(;8*K&
zOZaJ~|8%V9-*RMC4>tT4^+^YQj_E(}VX7++eul{(zC<|$@LY8j!arG9-ESlKXIhsS
z{-|<G;4RataZ>oPx~FCEKa@ibKhb>ug<q@lu7n?Ket+Abp8t#H{sV8Vc{=df+Se|;
zjh^@5-zXm+exdpP3!kNPErh>m&R=*(-S=Yn=h{aJyr=ec3cpPA$>3MZb9ia`KYYHq
z|HF6Mv8r=x!;UTg{%8LGbQi0i+whyTjt=|^)wv5lUG?C>_t*RS@b+4-0KU8C8Nv%w
z|L`w$pO4|Q)!!0$2Yqe|zg~SKga4@d$>E3Sy$bl>T9*>O^flGKvpUuD@2vW<;os}M
z9Qb1M{R_Ub?g<{;Q=UHj4~-MRe^AaLJka?S!Cy7~A3jQTlE5F;JtT#9(z;~uH?@vA
ze39;B1^h{kU&5c0TN~B$KSF)UhHs&Dap32h{trJ!<9P7aI$wNv7gPW6;Tk`Lzoncb
z_-)#!F}zgWCh*^sTMEBYpPRvtP@U)Sea-m`KV5ZF!r#~Yt&QvX-=ckI!w*#5I`APn
zPhI#4CVzN0<?O@%qj?7KT=&%w{<rds;Nvy_7=DoQN#Gagb5r=G@(ey#=TQ#7SD#zJ
zC&^3rU8)nSb3Om%;;Jv%@cGKYf&Z=gap6mE)w<>1|2+6;)s+vw%H$9K)$||uN}6W`
zUvAfG{xN)Y^}_`IiRv(gXX+0b{7apuIs7!$TLJ%8=Y9#lPVZ}NQqO;$?iDtCf!u*_
ztG?vI+Z@@t${&7?=IO(i*Lnr;n@#_L$C`fxpQrvD!!OspB7xtbaZ>n7TE`52yXKR_
zFH|2W;18(IOZZ_sR{2;?J^uxozYSkU_2a;w)V<n;|E0S1;MXVzAO77*t^T`S0X#SN
zPx#JDs^=s4bDB>K@2~ew;L9CQ<&eT3QEnOhdUOAT-=lRb;LH3_&9j92>W9{*_5A1S
zeQo%catA&@=aCElS$TT!WAwQ`{7dz>0RDt>2;uFuzaseenr93z)Mpa-9$Lo~ewpey
zgMY7i=J5Xvsd6shH!fSPZwbFuZgr{W@9KQC;a6)u4m>mU55Hc|d+-j*&4=HheG$O#
zGW`esgYt~vZ>Vp_@C~(p6ZjjNe+vJ}{Qd(!(cFLFn`-<5ev9@?37?_5vNo&dzk>Fo
z4PRd07aVwZt(OabS>t=~6|^6HcsqFjzd&^r!oO0VjNrXApBR3p>MeoaqB=?852>GI
z@UL_Z=J2j2fA~1nRSADrbz*H^&;NDhX2Zvu`iHNkbIOG;)I2@-V)X|f{+Ql3fUm9b
zL-?<z{^1{)`iHkuT_y0<bdO5mZB=g>e4_Hq;h*bs3;0xX|Ae2eePnG>&wsJ{n+;#0
z{pi5Y*L}u?KcK$h!T-?sK71eb;Q+q$)>U5(;g4wi2>zGWC5B(BeU!i#Y9FQWch#3N
zcyH~m9KM68e|RVL+Y;VK?`v&Y&wqKnuMPiJ>+8VRRGql+|7d+Z_!G*_hp(+V4B)ov
zHiWOD`)UMVU(d(zF3KT+@21>R_~FVYgWsz@ki$RHdKK_x+v@%U@2StVwyNiUfpW9q
zzw18Zz&q=GUHGLYfA~@-SM%}Vzo=gY@C{7=fq$;|jo_1%PYgf7eE)?%t^Sb0|4^UI
z;Loala`*<Sp921Z=|AvUa;s}S|EJW4ZTQiu2M7MAa&zG;YTZ5fA=<w_{788K|5iDN
z@SjZn@Y9rY40n`I0=HBTDLhf1&)`!{{lnkUxmm#XSDlyeU)1-kZuR`HGWAba|8(Hj
z$zAwx^ZO6HoBDtck2OvJ|5Nh};p26$i{R&&{Nbx8=LCL-J~xH0XU<>vvD2#ko5Nkb
zR{>u`pIgGWQaxB(*Yn?AZo|*ldpYp7TUYaO;a8gc;UB6_eE9vk9|rKHy=wdr?x-(C
z@b1bXhR@Z0PvGmC`iCE)y3OEEoBD@up*~!|kJtC^627gTx3;P0|C#c!;TxO#KYUG-
zKRi&Kc<_5vZ$5lit$P4}N&Pm2ucyzA;CpGD7=EwzO9Ee_K9<5;4yo2XgZI+<=J1E~
zUIl!a&eb?2{58FowQW8BpLEZ$;mgdc#&O`SHBT3Qiq_qOuc3R34}VPa58$J<k3x8F
z<q*N2(l{}^Wnwk|1ipguN#W~io*8^qoohM#I`!=W-dFQ1;VURlYrA^>lT;@*d?U@r
zfv=_cxbS}ZTo0bFUHu;7!=E?bzu+A;ehA-BbsoVtQa_2|FQ{)M@aMH&DSR`NKYVBP
zjU0Zk=2O78QlBj0->A=6+t>4Ntva#co9VqAcstdP3*TDLd+=A3vk%`|?;F5v{Voy0
zr>agO_$FGf7=DEEN#N~NhbjDwY3e`lSaqJmm)AK}z=vp@68^BxJ8Oq}{<iY8;R7^(
z2X1TrE_`G4XAi!)+=m~h{Sv@0)ciyE`dXI=ezW>j48KFUCGaKcw<&zS_Gtz`a(J~a
zIedH7c>&*C=Vl3?rTu8R_562K9oq07atD5y@^Rsvm5&GC#^eugqkR{^Ti&SNH-!JF
z{Tsn|()claxcUACFEvgI-%|T1gMX=Y$>G~5=K|hZ^Dp6(_5H%yv7Y}N^#>cio#x}f
zcagjB9Zmm%@1g$b!`Ih73gEk{u0r_t${~WM+Sf7s9#jAD+qGX(_};3w4E~SSD~DgL
zIxOI?45{j;gtvO3a%-o0{&#CWHhg{cB?tbr`mhV1ruFsUXX#$#!=Kjk0sJKOr4YWm
z>O6w)q&ke@dubgL`1Q&yh4(i3!{?g&KYVx9VFBMleV~NDpxmsT>-lf1=WTdrlRvzN
z>fD95S3mLKZFNrh@LQBa0Do5X9Kz?Qt|Isrnr93@c6e2934CY0ZwlW>`!s_uHvI>_
ztv<Jazohw>@GI31tzGK*udIDx!voFVf%jFNxbPEoUVHGpwO&5_J>?m|ch-A_@WI*_
z5qz}y{Q>@Vf8`G!w50MBeumyRgSSyX&*2|v`~rTe#xLQX_OG>TJ^v1>TN~a-_29t!
znf&1&DNhgnp3WB^{*d}}06#$M6~gyW-9~g%|L~RdJu!iI()*_H_R2Yff3Ek+;k%pj
z7w%~M68@U@g|%Bf|F`8f+|&3D{4wR`!pBdm>dJ$EtNHuzvsEVn{7{oWe0Aj+!B5w|
zi{YzlUnlU+I`>of7V-?fmGaEt=V|^0{BYH6313rv*y>)-f0oV#8~&4WbKo!N+;rhf
z^t=ZjGQ3(BAAXP4D}d)Z??U(`dfy0sv*|zZbxi*73pJk<zK`}-25%W!%|C~)XTE>I
z=WG5Y{9N5btRD6J_tE~f;kWC(9JpuhpYXX_M-P6W_K^=iOdi1R*5`)skJZN__=d_k
zhQFuzB=9elPYVBDp20WO_&NM&)p-H`kM?5;KT7-B+P$9te!8dG@Tb&g9C#nqi3@*F
zxq0wGnx_xnSoIUYKUQube0%kQ2tHKjatuFEb&|k;Hu=LJ)%-K~aa&ctU*+&&s^<cJ
zk>*pvyJ{V+Jvz4h`=9yu|DWg_x8Yx?-W+&;)vXI3sP*;Wt+juB_^Dc#06t6oErcJY
zJR|snpH=-KhHtL*P2dNs-ctAls@n|ykosf}FU<W1ev;O!gtt)+)}HnJ*U`CV!=E($
z2fjr2VHZ9^>+ZpSSH1c0x#s&9{0me6@NJZ51aGhRis2(Qp9Fq{$sgWFeK><ZuRf5&
zchY_=;D@U}l<>#2j@DlF{2x{Q*zhZ~zZ`f6-P2t70KJz7|4#eJhyS4Z3E-pjxgq=m
z-P0oYhN_<!eyQp?fxn_WQ}|9=-wZxn=XDN0Q1|%)-e3E)gg>WxwtCj{KT)~a@Tat1
z4*Yq!3!kI+^5Ea8o_+Yys*?adNFKs>H}wy1S*PmHG5k}lR|4;(`bpur_G1PgZ2CWZ
zp!#qDA7lDIyo2dKz3Ta2r8=?UCu@8Me!RK=z%z6H!VgoO`0z8${Re)dseky_rvBke
zJ*55*Z>@Dn;GL913ZHNChhJ&xAAYLpq=5gbeO<zbY8|b;>-nE<>L0$T_O%1wLFc#&
z@2{LaxTSo2_}C*`xBUBG06#_R8^Vv*_z`@O)+L5NslJ-Pf7A0Ryo=T)ga1eQ<nX^W
zP60nf^DN<q>wK}idj8Lu{trJ}_Y()6>3J8vjlMs6@SjcpfxoAI6~HHGT|#&l^^FMr
zvBrtv*O~qg|HAZtcx>)J@SXHtIlP<ZQ^3ztZYBHzt)sP1J^!;*Z#H~4)wu(|L-Tau
zJ@vc?KUd@X@Gs5%2mZU(D})czI1&66okubJ3O%2|mug$>yA=MN)+K|FHvI?QRsErW
z|EzIJcpLRYYu|eQ-L&s)_&9U_f#0n8xbQc$FFd-=1s}e*&eH&XiRveWU#j|v;Gxcu
z7(UA654TMI@QHfg48FhWDu=(T_buQ@tIw41`!v3_Up@aF%>5sJh(6bWNBSMcg-_A=
z9{gVQ6Cdts-2?a}(|_Psnf&3d`alf-Ui&M7KdyPE@OM=w8T>la|KS&F-3$1U%B_TV
z*ZW%g*YiL5<W?>J{%6Dg>R-77k2N0`-d#C(@XIw%AAXVU0|C63<{8pW|A(KY^Dc%T
zs~i&eAk}9IUq$;OgP*JMbNB(;zXg1Eofjp%z3D%_>-jHxwDO1Fp`0D~**{dzyYMr$
zjvo9xJ@3PRK3?}9_&qvbLb~P?!FMy?zu+IKKP2#>nr8~1qjMyKUu5!!uc+J#_$s>Z
zmGIuGAM1d6{v$NL4Zl(S(}DNY`?~No^tm3~Q$6_b-*rv}@ZBd?>l?x^Qf?7^g!WMk
zUu^mh{2{Gx3cpr;HG_}T_&NL!jbFe$&A)^P+K<+O_57!*-`em~wND-Ra?4e9>%u=*
zy?OAD%=ruNp#2!YZ`Hbo@B_7u5qylvAO4=|If0Kb^$%~Sdd}b@^?VLL)bt<t8OphY
zFV(rq&FWLnzmsyX;gPxj!#_5^Kfu>D^$$PH)Ia<hoeKecBaIWnA2R(1{;k$Mh7VB=
z3H)=_Lkhn{eKLcOH2nv@^qy6o1^hA1vxM)jzF{3y&;J(Hj}1Ri`^bS`Zu&pm()xPv
z-__@R_)>$^|KVfwz9HT8ANWezk1_lx)n@{?Rp%*utUfn`TbgGMZzC_@T~yB{d<~uN
z*1`4spVE5S@NOE%f#0CIb>TOue|qr4w2nUf5Y<BfUrl+2@ctSnf^Vk%62o21KY@=|
zy`}IYHJ=PVPVbw;S5dtc@R6#|5`L!n{o#;${>SURZ1}aN|G?MK=eqFawI4nBK-HlS
ze@y3K0RKt-B!u@j{U82}?(;Fcx9+hCd|mVX3x2QGC4-Mqo;mz^)olSkMR}I+bxr^8
zThISkt-B4s$>a~;$m9?IT<3xZAFICM!(Y+-1Nd#``!9Tw@`>PQ>3w7P*4h^d{9Da4
zg<q)iB7<Kh&*3j>-3$15y>AIWSM#(Et>+(VU)b>5)K47vMALuZec!0=jUN0}&C`dk
zuRa{We^Ndn{4UKWf=|`D#PGYcjtTq$jg!LP(mXTxow|?Z@OzbW0iU3Aq=a|Y`&x(9
z^FLnu+J*<(7Y@9W_OA=?BKP2DXdEB@l<7b4+lTA^58qMs9Kr8bJ~4cW)-i!!t$I%3
zn`vKX@CUSxIecxMQw98bjbFltC<p8Cdj8#%n+^X*^LOCi>i*`!FV;Tt;H@67^7P?b
znEHpe*S#WyKcXBWcpIHNG5l_=V*=kmxux()s^<*8<g;r2Ied=k|L~ubPYGXHIaq!@
z|A$pSHv9>_uLECV@`pdD_x0ez)c1V&$vT$<_<MS<5dN_|f?uw6kKt35X992eyvj3$
zf1&X+_<iR718?b2jZ?tS)O(fiE0lwEL_PnlweM{B)B0ZQz!UX17yh*Rum^XwzkK+k
zTCV`!!PGzeLhauOzOD9A4DVsiU-%1}X9^#ydrk&FMg2L4@2K1g_>+3C627zP|3}vI
zAEkA%;oZ&sAKq8@Iv2jT-q(XatvdAK{d8Uj@E6SQ&+sX#!wBA8>l?$LQw|Ayf^tsb
zj`~st@1%Oj;d?000=|#Dg!fXOR=;}wH=6w6Gfe-1zo0x_co)sngFmj^eE4xDe|R6w
zKZHN8^E!g})_cY9*6K3}yqo5k!dt7KWbj^E-yH60oC5xx`dA5nME5T1sCxd1>cNJe
zq<kEBZ_USr->P-=;F;>shYvRS!&lci6~g;z-$n3Q+AlHu8l4LXyp8Gq@b}IA6MmNI
zKkyqgegU7XJWKci>JL``dj6?7f8m#z`zO4I`ThlOZ@&M+JIH<b%i3Q7yszpxgx{(4
zjo=HETMVD391?gxji16_(f-QdUupatK1=6F0l#1KEa7uBzIAjx|M%oJe3tr*13y>w
z;KIk5`zQQRt-BB3YB~M>27g%d58<7(juE`O`ald{NBby&&o$>Se6sod4Zfkq$>Hs_
zj|zAf&9j6bW$OQ!dj4(H_iXsys&fZE&D?+B&uSle@Q<~=KKuZUAHZMNz6jylYrP`)
zT-8YopJ@6Iyo2dK@b@%M2LD<8Jcoz6XBO~7^<E{sm+HhCP|yExop&~TuDO50kJJ8j
z;kmhg!tYZKKKx>H|A&99976b}s>29AU415o57RzP;O$j!DSW8TqYVCz>LG`B)qD#0
zeC1HWj~iNjU$Bm?=btNQ8~(leo&&#Jxw-IervJl_*82MJm$Y93_%pgMh4A0a_b>Q#
z?Z+7IYCZ}4edU?LFEaVVcQE}2K1lCXz^~T1S;D8N4z1%lw*32_`S<^)n)-(?wOh4b
z4!p0q|G;M|2M^v``_6}7uXzUWvo)U(-re+ncn8&U4Bu7#DuExR{*b~`ojV!aQVuzM
zzUsDse<?5FkDL4l*7JYO+<)M==yxOs-bwH4!oSz&dhi!j&p!N1?b87MiRu6FXU+Ww
zexBAVhL2D^C-5h94^QEjXq*hbo2h?zFV#Z<@1lH4_$pdQ>-c*9SEx_g@RQW99J=ZM
z@KGAagFj>XKl~8wiva$G>HqLfIyWPDq4kR4UG#hce^K*E;XRde2H#8jD2Fdre=guN
zw7w<$3v>S*RL_60>HqLIhO7U;XPf&E{145?gTJZgefUhBn*n^Do)6*I=-i3mZ)^X?
z@WHB+1pbHKH-#UmddT26s;+YQcgnMXFVOr;_y?M&bwWM=m$hCt{06<R1OHi{>%s@B
zuX^zB)MtEnKb<21{8;4>!hhH2M(}aUCx%ayC-CF+xhZ_;I;~s&{V#*BVfsIOw(6&V
z4_4nO;RDV6|HOL!KPw*_ev;<tz<aCjx$uMK9(;f8YahO!_H_X7rv4ei1FcI0|H1Sh
z_?yZnfq$j?OyTP)=M3)ay>j??osR|lC7n|xe4Ogp3hMdK(>!hX?^+iJ{+;@>3!kX*
zJ@`V?f8gEJp9A<Ux)+7;SJk&8_@}1-z$2Zf349~voWhsx*ZSY`Z^__;RfjqJYkh73
zcg^_=AF6Szlj`~3t97*D-8GH_U!>1<;jikR<G~kbeSP>v+V27UKJ|?dzVuF2J`sG9
z<{!g<(Yhz_cXh6%@VB(S8GL!IOHS8(3iw6Jxr860K46_(&;MuDvkf0_et(1is{QW5
zrzkfMKJtxL|CUvY4_~Tlm1h8dUpa(u*W7>L*Q(BA_-pC|3H)BYR|<bz^UvUIP5$tc
z)z1s~2-Q^yAEO+sQ|kGDW%>{NBXj?OzpeLj;X`!pc<|q~zCOII>L-AYQ2m7P`^^0Z
z{+9M#3_nBXMFKxlxux*GR96}NCarG{KS<|S0blBts@_WY=gQMMwVwa`n!gRdP<cA=
z*Oye|yYPitM-Tq3KG%m&GT(pUQ`JvGxUct(;Gbx}#PBt>z6tyt%|C^Ipt{Q7$LMo&
z__7C9`?r9fY<_=(_fkK%POImCr23K#|3vHJ!2eWVb>W-oT=U>3X#PI@Sbc5)FHHY|
zkJbK-;DxDw_!RAz1iqCyf8if$T{8HY$}@*g(0mHGrM_CiLycpdUeEt0)u#=AW?oh2
z4t%QW)`dTA?mzI`w10j0n(C_od_8#x|3&*Ng5Ra_WB4;BfA}iOCx!P`eP-}awJ&n`
zdglCv|EBv%3I9QLVx3XXe?{#h8~&onAO5uZg9{HIs@BVcAFTKC;eRU60KP=^5W)-P
z5W$z(ruy6%ZrxIO0{>Mxr0^9qP6oeBeK?1A*L|RXuVLyRK2qnhHMpLCJAJMVzgYXl
zfghnfUHH@57asfv<>tdzQ9c3O)_g+v<(f|f-(LMBh9~L|3H$}kGld_c?^zlAS5yD+
zi&bw0e2lsOz)#Tl)|vJE|I+w2e8`~cd~x7``nC&S_D<D5{8jBEAAXw7g#bQ4>l?!V
z8D5Pa!PnP%#qcvU&jh}%=|AuxdOm|+D9_>TRX+v1v*uI6UsOM|&Z_6Xg`T(JlT|+s
z{2b-x!arN0{NXRCU-|H98b5&VqIwSDvouZwzfAeW@Z~O5|A8;FsPYs(R&|@fC&+X7
zX{zS}{;F~=;T^PI*4g#^_tg8^@D)|h4t!O)3-6@yJ@~#F--nM>KMCL$YTt$MPCD-*
z__n70;a3k;{_wYyPYVA=^^?I5()@GyM*VdEguid{hi|6mt#j)6KX7z4PaD3}DV00$
zNA$c4KVSR8gIgNMhp(!0KY(9q@`raZ`NKC-KZ)T#D$fM|);!fed}pm=2473{mcv)j
zJ}ThTwXaL~aOGqDr=I`ysuLUTYuz3AW_n*2-cIxJ;H#MY;kW2>1NeA(2p`$Ds<#N9
zs6WK;(&P^xp>s2ZucUsJ!H+TZ5AS8}Kk&IPRO?&9SJU{`kb3?nXnY&~zUst*@1Z(z
z;WM@F9{fae|Ae0|58z|emqPf~+P@L}G|fMTcT=4t@PD)}DSV99H-rDF`+N@1m2&}~
zta>Qn3zVldw4VPy=KO_Usr}->&(XQ#!k1}Rt-A;Btvd1HSE<hg@cDYL5Wa%OkKmuE
z-^TEBv@QvJta47_g~rL?eUwiQ|4ZK^3i$cTr-Wap_qD=${-c$%4c}4q=D>f@?*lIU
zSGfnb)t7wuNcDjL9&4T<ysgO}{vYk57(PKcC-A<ihZNrN&Z>Sg_zzl_9Db8>E8v@G
zoD#mK=5L)_&%c|_H5-1f`mh6k;^=CgE_@C3c@Mt6$sayL;{@=|dOn2DI;8sC2tG#Z
z7{hN<J_-C~eQpYOl|u%ftIy5hziM3y_+Ro8zU-)K{?>W*{4Y@b*zidve|Qh=3m3kw
z$sc~6`hX9gral?K*S@rxX9!PJ&k@}1TAj-=e6p#3_~+_xDf|xYy9|Dp)-i|wrTt#O
zrz*D+K2~*NonO!Ys>iGMwc*n=e+RyW>eGdPrSrvuKdt%r@MZU@J~x1OSDqn!Bdu=)
z@27qe!`IV(PvFOy{sVtq`yzwCp!w(U%`~3^zJcnegkPdMv@WRUKU?<}8-A(wg#(|i
zb#dX5#`oZ@ey?)&;azS~{_wT*y&#0o)aOR<>Dosz{9Dy|0)Iz2r|^ZUpA6nn^U2|}
zHJ<`L%hW%-o8H&Du%3S})te1pc9SX}2cD}Rx^PG9?!o7p`iFn090K@?+7}`GC*>Kz
zhwHu(!&lWf34CSMLkj=J<PTq>&&}aisXhz%SlypX_-A@w>!N!8*O~qgZ<(q5;ooQ+
z7w&3(J@}id6CWPya|3v9)k6qhQS}hPbFFU-zeD3E@KrTV3g1}$DuYi@-_GG%soo0s
zpIXNfe%<3$p4P?n{A0NdUs30^17B6{!nf7A;KBPUPanRPatPp?nEnI*QR^PTmwCT>
zuNdB4_n8FV(c}-mN9&crXR5#D@KW<B;3w&PDdDYE&(^Sd{(I{_W5e5+`iCE&=Uw;%
zx+i$>ekOnTmUmXU1@H;x`!9U9a){t}sD5Jjp_*p`e^cY6@D;R<8T=uwOAdcbUce96
z_q7tfwa#nnl6wAEs(;$>EmemOe4hG=3*Xt)KRnU?_2JuT`~d!s>MDe<rG6g4JIZ7D
zXuVeg-%jhE!Z*=48N8j=C5IoaoD2ATosT8_IMtywykpD1|CxXPpQzq!_|2NX17BeB
zhwowXhtE^J`S1nu0KSjL3E^Mry(0J^<q*Ta(mWIR_ZlaKKcfAc!B0|dIs7M$Q@~Hv
zd`fsP^+W5@dj6a1+_B-is7@Sst7EFZ;lgj%dU^24T3;W2kG}5&@ICaoA^h6is?Uw!
zD{DS6+|xJ-e6sdq3V%rR$>6K&zLdic)c6H_8|7KTr<w0xm(}yX+w>p!W15cx-%|V3
zg>Qdpm5&FvwSRqhdz~)<{2ul55Wb1I|G;n3y2S9qO#bk-bbm<UeYEc~_)$7Xa`-gW
zRRP~oeZGX>rg>T;>iIvVoNf3*?Oz8zSo_h1?`rag-=)v>;RE$v0ergZB!us!@gw+t
z@)&-&@=V}8luruZMdwil-&3B$w^JP!@Uu<-fp<6Gzb>!mzl+AP;a{mgJMiA>V=nw5
z)vX8LSM&Gbzi52}_;hpsfgf!0hxgTdVt5~YZUX;PpPRy;H~k0RQTru_&ouQ9@2B~c
z@WVA9>xz2*gLPlE;cx192?zefa;;nb{m+FTt?@nhOmqK%_fkCs@I6%zA-uPqkKpU5
zKgaMHnr8y<t8r5JQ0?mszPiqr9KOE#Y5||Ebt&P;ne#WQ=f9IVf8i(Tc?Z6)>HqM-
zdftO~P@nhVFDst_K7VMd|E_Nc-%vS6@P5iOhHt6!B7vW*zL&xe(tBm_O-%j6kJINC
z@J@Q)623(DCF{z1{zH|U4c}Dn>%jZpS>@xxJF6Z%_?xN+AO4v7RRGVm??QN2lRtbr
z<s8G0H~j}bQ1egWud5z1co*fF!(SOx^??GOoBD^Jr1i3{s^|Yyhbm7S{;|e!;Ct)*
za^cIgtLEduch~;%;p=E$2k_bE{Drslt>ziQ-_-Ll{7lt(0&lHxQuq#9-weK+Jcqxd
z^(x>Cb#9jMU*y)+_58ooez)O6buKvY2Xvot;TM_y1K&_N`|$I0PYB@iP5r~SR3C`o
z59<CL!ynN+6ZkIX_aFEHs;dmXr=HK@7wNnx;IC_6l<+oMcWY!l|5LP2ZTQi;zd7)W
zv@R}uke>J8q3Y0wAFB5a;G1f_Lih^WUlH6_-;UwWX<sMs!RGvhU!r=*;9br63;$kq
zTfp0Co+Uie_|`S`{CjGD+3<PV*ADzC^=%h^gzkqP{6p<iA3j3+C4ir$dI;fPs2@h~
z_NuEGo|*jNBUC>ryo1Kc;9I<3^}QTEK<`_?PgNb3@a?pJtx@&-7n}YA_tdu?_!Fl8
zz>iWrd+<lqAAI;Onoj^9p?w{~N6I7k8_GF`Z>!uA_>-DX3V&DQWbjT}mmEGrITY}H
z)vrqUNY$HlZ9V_9wO%&-WsUE^Khiv1_#awF5B{gl9UuOg_C)|6sC5kC&uiaB@YglZ
z82+|AfsZux4?j;iWbjw?xjFn~&9i{NWBNb*Og(RnuIE2T<J<6y)wdn^iQ0EAe1ZCv
z2j5wB=)=3stoC&P|6J=E!uK@iFZ^8fs~En6`gQ^zqdH9CyXpB1{-y2%IowvCFW|1;
ztAwAf+^p;B`5&bHV#CL3o(_Cp<>12CH}_BY2dYCK{=MESfPZD~pYZQY|A$|zb1jA+
zsQ#J2yDOg*exo^m;mdTW?$tT`a@A)6|3>?|gdd}Of^~g8|2<TnHvHr}tNL`{Lv?>}
z;m@hBdhnjAD<A%z_FVwqU(bi|eKgMq{;|f1;hj|v3H%~+|A8-7J!J4p)R%JjAmv%W
zdzt!&k1*fA#?<rwQR`*HztDR*@WWJBF8mPX=E1Kq_fL3#jT692%_oHap?o6v7@f;8
z{5#D*fq$y~n8FXzzRut`X#P2TnEGA;KUM2e!WU{^TQ}76AE|Y*;b&_c2mY-&f8jr?
zKX`Co@8!e)QO*H;3)O81UwV$d|H8*9pBNsgZWDN`R#iVq;pgdnGx!zCIfwtK913`*
zK2XAsQ4ZFP_5An$y?QSjKIU`vANV19-i1%ldEvpwsy==AC3@cg-bZ~Vg!k6Ij^NiS
z=NP`c)+>Skq<xXXCup7-{7m)X9NtCu(gMD+*0+S8W6s~3>iPe!y0zg;ZBo^V13zEm
zxbVZ3n+N~eoWJlR)vp40H@#N~pQt*I;6G^m7=Dwfe|TSW{=zN2Zw4P_>L1=#>s!E&
zRt_aR(fV39*Yh8)JZ<>Wq3R!gtL_OdJTdhTUtRU!!&lI~B7jHQ7a{yUlRx}Q%|C{R
zx^E}&ZPnjW_>IargNJukIppwl^j-!0!$DQumhheRxmH}y{}-JLHr!PmI`Csvw=R4`
z&Buc;(SG;g7b~9t-jY`D8^V88ok#FJ^j<N%oz^#j_cQem|5G_+@G0i}h5x1b6!2BF
zk4pHF>f6>W_59b+KC<DH&HW#Kg1P_0AJ;rR_%f5KJbidz`VZXK_mL33Z1-xM2tG*r
zJ%*nuPv9$RoD|+&^_Ia)owGUoY>i*Qmsj5?;m;@^YivFLe>A=gA8XEE_!~OkUAU(@
z^x&7P&VBfSdOm<3uX||-zf*lLg5Rb-AH(l5{U3gY);)!<VfsIOdDTx2zgT^#fUm0c
zE#VWCr!}sge_M@j(@p<}U#tG?!cWt_@ZgC)*M}dg{TRSot*ib6KSui^g0HLn8^b5-
zyi4HgD(4jbfYvL6f2Mw(!#6ekA8woc;k~rKtXu2(udnBAc%Xb7_?lW57v5Rpc<?n%
z|AC*Q^$OsvP5+1AZ|Wa@p87xxUs>yzz}M4!QuuK?7c%%3daoS5t-OF=u6<F$r<wcD
zZT0*g(Yo94jZ`NN{6x*ug<ql^Joq%7BR+gRtz!UxSN$!7zi941@ST-I41dD(ANXmS
ze+vIdpPRwYSDobW85+NU4>_jVza@Ni)q{0=J^$%i7aQJH`^$kpZ0?`%$?7v6ytnq9
z4?n~7ANa<q&k(+j<{!aFoBJocjrLIj|3>{Jh2Lbp|H3!Zd~*1O%DI4_qVubSUt@lM
zzN4OhsyuD@4kmy2ZgLlXvvTm@n`s~U@C}t`0H3CH4B?mQeIxkQ@)*9c_E!RLuXRb`
zXDPP~K3((4;n$e+7k-=8v4kIH?*HTK`OntAw&5GisrHcrpRRu5!rwIaPx$BB*FL<1
zatPqhsvbi4rl$VkC+J*`;hSmx3B0SuN#R?Y`wx7G_Gu39uRII*IqGjE{06O;HKCsW
zx5~$ckJIxG{Cd@!3!i85haazb`tVycP5>XSejCF3s*go*Ti>%{_)OJp0^h;p4_{y7
zWbjDmS`MG7IxOIKnfiyHraG}Ec5M0gKlAVZH`hM3;V-EU9e5|ztqbq0`FrqlwXc2n
zY|TG_zh>$mzQCNn@GG@mF?@`E*G=I4w2mqKIC%!|seYToXX@N6;6JIJOZa%zn{{VB
z|F2B{f#0C>!hv6_dT`;loBj{KSD)*{M=Q4gezU26_}f~S2>!C}Au)Vw(|_QTG@lec
zR_m3)-&CFC@QJ4X!%xyWmhk&b|GBH4|6o0D!-uJE9r#c^@51jk`NMD0din4lbq@*P
zU9`VKcsF?jFEvgKpKbaN{5H)eg-<Z~!}sW3or5`iA9(>kM}4M*Z=wER-CfVWkH)d#
zSD5_a|LA>P_%`Ze9(;*8f8qOUUkC8RHJ=cE;qO%r5qu|oZVcagQuTZSZ*_wH{sKQ(
z^U2_|)n{_}LiLRTo@gCQ_(iH)>z;c4Z<_l*e4h551K&~a<-$+VIqSivXy5tp$(m;X
z@1gNS_^tYVID$W@eHX(&P`^sxqf}QZe4P4i2LDAl=kUEX&jRjhpO)~c$5i!T-HZIS
zPi^=OrvBmEY9G1q$Ca}OUrF`m!_U%s1@ODnA42$Q8YhD9wr;DIfB%c&YwP(0K2PtP
z!dv!g{oipi_%nL19KN%1DB$Os{saF*>u4n%|NA-S{xebQZo}_Xy*cm)%<pgT9d&>9
z;N4XZK75*~fB2)S=Ma9h`ceenQRi$7U!eV)z(=SLr0||v#|(a%`d$vdPq`KF*L5E#
z;a6!K>%Mya=c*2E_&oI`2fjf2+J#Tid_4I5T1OwgyZUwj-(NX|@E28w5&SFV9K(mH
z4ioql@)Uml%vM$X!<Rm)+7~(e5!GP<e?a@Ugny;nto!TvKdruG!xxzR;S2S?F8m42
z$AcfDJbm~E>JI^Yocdk}cTE3*KdyC;;a_R~3H%+^X9_=}mHH3-1?7{&TdQ9c@Ls0>
z!v|=5>w$Xyp6bwsKWzFBe3<r&3qL^Tkp~~Hy7J)*RSyAtl<G5tpQ!mq@L9?yhCiY@
zOyE7#uTprb_s!r7bYA4}-paXv@2&Am_%Etk>%n^d*Qqbr@a47d9QcQ-9~b_W=IOzo
zQGNRG&ooW|ze4L9!biy?_(Iir3_n!$kif50J*4nIl}`r$MRk(H_b}%#{6=&B!WSwZ
z>!Eu7x9WKt{*Cf+;BB=oE_|Z;h6jIDecOlMtLFpwFUm87|EU}z_!Fx07~VtofdoF<
z<PU#Qb&|pRs?Kxx>DrG4e1_@&@R8>JKdGMo?W3x5$A&*^`Vagl)s+iBK>N;vzhur|
z_zayF0sKJq!w~+aIe+1QnEHpmsyq|;p_*q3e^U3Z4E`VGoWp-nJs0q!G=2&1r**U@
z*Ykf_>t(~2?pB>g4t$`-cj3$ITs`l>U(@(Le4g?Q;B(c_L-?KArxAQ_)p-oRTXmJd
zCu!fM@cEig25+NtHiw_A918e!^ZggT%(hjXTT|-!uOPSK?c@&pPp!KPAEW){!M8f0
zS{EOFqxyLOKR|hg@a0tx5!}{1WB6FjCxNf8=TrD==KO_E&^S5#X7#ZGK2ZIkgx{+7
zwH~hLKd8I<4?NN5I`AWPpLF5JX@7a}2UUkY{7#cUJU8_Ze_8!1g1@cYV)#teVFG_!
z`!R+8xJdVZ`1Y!w9R9kw|HGeCA1mQsYJXXe)blU(xi<Vv?Joy@yVl)>cUE0_@OLy%
zAAXY7D}Ybdx`*(#rvBkm)lXu0sQD-G!*sr+@MXSG{_qd9UO9YMtxEy_K=n|<A5|S%
zkJj_QK<A4M|3~ZMz&});E_^S|$Adque0+HPd-c8n{8P<8gs-4{BKQj?fB2<(uLORw
z`a=pIta`}cE9hLy;j{F)1^iI;&k~-R{2#05|GoBw4ZlPAIPlF?=PrD%=HtQ7)cgAI
zHFb{-;6s%|2%oF_Oa$LY_wX2gv8jLfvFe{G{8aVf48D!tH-~?%Iw|0NG@lawsrHdI
zwVwZBdftZLult4r|61d?@cY%zJ$QTFAAESIbqV12Xx&5jv#Os6{+ae;3~#5pP2k_?
z`4oP!=99sf`?1=mIs7Qqc>$ko?mzG!^|{uxdj2bEd>j6-@^s+S)Sq4W-8vUM_(RIm
zhi5vc0{G?1A%xq?GlIXV_l@C?>2nkKRq9JA{2G%#{0+@Bhxb?A7Id92CHz6<V?AEa
z|0UIx4L@GvJMcx?cP@OO>cNBO>PtTSDdiKuPtoUw@Q2O)A3k5>$MAMKFB14Xtyc<9
zHGT$P^uFpJzOT-^0^ULUy@cDEkCoQ*@1*B#_-fi04*YWURTuu6*3pCCpt|zmrS@Y0
zU+<{u`$7o+N6$y_xAnO(e7^3n3H$>+pTdt<-DdFhm0J!^)gKD@Vx6ZYe1X>8dZM2H
zZ(3g)ev!^W2mY+;#D%xox2h8lex}YfAO45t8NfePJ|X-Xt$PF?p?Svezx7@Te7gE)
z3V&YvF@uMie-7`Wx-H<j?g=IQE0h0|_58b;`iDPj`ait0>cNFSYWhEX>AR|R@!=Qi
zy#n|+?UxY#rTR<+|K9W;_)D690)It0r|>}cq71&4`allfQTL((K1bu1@b~1_Q}z5$
z(Y~|c8><gE@F$hC3!kaF^5Dyx{NXpKo&)%A=Kc>qOY@B2f9v@ezPaX~z$a>bQ+P+^
zoWVzGf93FPG=2f^p>-+YJL!4r>3aU-l!FcbQvK6`ui35Y&o2B7)sF`sBKP52Xdeae
z@AbJMe7O&*eH6jZ)w;y+cXe+`;AeHH=AXjno8O<|uW29U@P+Cp1-z~5t%NVuKDDOT
z^Ixt{H6I&(vhFhu{65u>3;#v)@!*%M&-n1g$~l0qq?|+eCaTW}K2h}(!`D;}3H&3i
zOA23E=T`=wqW8_=UuwMy_%(Xp68?wY*LtR&|DVduhJUZ|9r)uWfB4b^bpFDZm;3O~
zl|uk;tLH=bOXmIwpQXMR!-r{KB=CcDZ%pB?&cO_Rrs^<<ucW#y;HzsLOZaP=zx8ZA
z|8JFp4S!qDJMh)?xh_1^zV_g|tMB>n>-0S+fXDI>euL^Ng0HXdWifn=`gQ`pL*u9L
zkInrDzNI;T;d8a_1$<le)e?T6_Ng_ap8s|l--a(UwyI|bK34DL!dKAq9{d^Y7au-B
z;{@;vbzX$<P<0r=yQ^+v_?p^B3A~-=nZn;zpU>bItFCf*Zt{n(XZk<<>rqvn)^qjz
zFV=h6@aJYKe|RQ$;p>?DKl}|n@56sG{Rh6D=|AwDRaX%_(K^QPclEgmd~NOD6y90;
zD1-l@b2Eo;q2~+uw(=6bq4Kew@7VJ1f9Bu6?XCNg4ZlbG)PXNiZZ3Rd<>tXR)#v)~
z1N6B8e4P4B2=ApjkKl)DoEZLv`bh%+Nb8cqKbL3lZ{<1sA>~uRCz|sY-g24h|Al(~
zKWTg$ew5zJfloI52fjq(c<`1NtIze}m#NPL@bz@R4dK)Dxe>g#=|AwDRfh@uQPcn7
zduV@U@XJmAfq$p<E#QmI_h0x2>TlM}dj3nVTIFNIuhHi^@a6Tq3tvt5Mi2g}KG%o;
zp?L=Ijqj@F6T<f~{Rh5>a*p9kpIVKRz^CXOOyL`A-81+Hx`*WOzFPMJzPvuSgm13?
zV7*w+e|}%(5C2)~>%ccK_aAsa&BudJSKa#XeUw`O@1vYUxTDXF;A?B$WB7gQ0|~sf
z_G1d4qUSUCrzU@RSM}8b{=0H3;fu`q`%*ps<CL2XKS}PuH&>mw@IK1ZgKwjC_u)5a
ze+BTzRi7bzsXwYZiQrGFpTzK;^tlQAaLqG?ucErm;9r~k;r7^SJ_X!6s&&i1|CR77
z!s>bJ<$C^W=yPrO<EjS-K3MDG!iSprhcD9nefULsK7fyqhwxp@_g}cBb&26$tM4W7
z^_5!+pQ(MC!4FiPIed4mZvlTs^;5#vRnAsc&%cfKqYZyi<2djy)vsLm=IYxXd?S6X
z4}VqT2k`cqPYCz)z7hO4t#1rJOt~fS?=}AvzL}|i_*UwBIeZ)SfdbxH>s!KCQJq+?
z)brok)IYrSWv%{y7qzrFaQ}pAf4T4jm5&EMOzy)MsXhbvHs<_=uVMNRyo1&&hPToD
z6ZkXQ*C~7_<(a|TYn&Y3-_$>R3zI*5l<7aS>iO?!zW>6XQ(tx9ZO#1$p6PiHzJs~{
z!{5;J0epMaTL|Ax<3#XdR1YzHN7YpVUu^0hzOQn~;Iq}2a`+z_r+{Crdvyt4`p~ML
zt=aYbcT&CC@a6Tq1K(Eb>%vFqd$b4dr26#X8+=gBCxHJps`3!NvpzS1_g9~Z;cKc+
z68PU5KZTF$Q0?ms{-((v{+9Y@0smY5u!JA}h4O#3p8vYq*EYPZ$sfL)Q;p-oJ7}MJ
z@QpOS4?kM-3E(Sf{1AS<>MDXCq`HmaJ+)sFxUc6^_`BMV8GL_@lfyUDdlm3KO#gx3
zX!_4<_562N-?QP%U0dbsz;D$!F5J^N9(<5;_Tg)4eFOM<s@o9$;-qRm5&R?N7Q=Vf
zzE0qtJcS=<`agW6`TZGwyy^e&dD<@}e2m7iUa#l>s@}_n58PJy!#6hlAHI^-%Y)yk
z_447jnBO1ZtC{+TAFX?P1b<QIX$&8)@e}x|s)rPQwmgIX)~@PHIsAC_y#oHXo-g71
zXkS=w)bn@Lhi!P57nMK!Jk8UE@2YdtgKus64}5{@B!F*j>K}ff>NbKOqW%!WS5rMC
z@b}fXQ}_uw$20gPdfyy=vg)&d4^o|!@Kdy3tU2}kx6%9B@Wb@J4!oPz#fA6L`g-vG
z8pnsfs=5u}uEr1HJ87N~{C@4P7=FAyH-X=)eUZW=<($DM>Ris@*XsEKeyYhIzMi@N
z%&q6YvD}8QZTdg_bM;#n{)y_!gMXzu_u+;4{sq5D?-jy-(DM=e6y+Sl4_7@T@Lx^+
z!*|#EX7E$gXL9(_8oz+=r9M!?&(^wFZ`Si)Tm9CCZ*J~C@R8>C2lyEC`vZKC=IO(~
z)j9_7{mlIzex$ko!{5^R6~oWd`zG)n`d*O2&s0Cj;9IFb=kSNM?+W-|THg|WjP705
zTlM_UQvKNQ4YV!}Jk{sA@YB>kJ@`+`*@r)?aRT_U$~lC4rvJc~X#5x+Xq*IouHH9=
z50hu`6O>yHUv_SFJ{Iu9bdM_Gj`FnLuIE2ib!)>{)c6j31N9{r{=VwagWsqA>BIL{
z9R~0-O#bk*)CVHCqxr<}1GQcW{9x^`6ds!Thfgv6AHGn1wSb?id6w{B^t|;>J^$0R
zzBYWA#&O_R$X)mW%F}}%rW}0u#d_ZW-qO0d?}hMlG|vcriTX?oKh*sG0N+Y=n8N#;
z{tq8(?*H)Cnr8tYqWUS}f13Q?t>-_%)IU6tJMgn~k8<IYbg%H>S7=}R@Kv?H0{B#o
z6T-Jrok#Fxo~Zgj4Bt`r-UPmao=@T1Yh5z<a;xh84?kY(RlrY?m+&5%kM&+X|48*?
z!;jEDb>M3$Hy8er`nd-`N9TeMzgC|cz;BX=@H<q85qz@hB!+j?JQMh9nr8}cr*+BT
z{ngKN_)1!r0)DRQvxMKH`CEBC|5J58vEk<{HwS*X`i2X?M()9Hko)k}H2(nJ-Q54-
z<1|hLKVN+*h97165BzcU^AtW&<7e<`THhQ#T=^963r+ul57d0DdG-9yGWo-g*Sb6K
zW3(?^_-(3N4?argg%4lb<PU#F`GoN8bq|c-ZPbTjc&E#%zLdak)Ax%MewRFh?`rO!
z@VB*(3i$mRr-Xl^`-$~_J^$gV9~*9KKRWPT)hAu}m8u61ewWt8hwr6v0{Dw2fA}!%
z>j-|b>MDlsZTdg_0nI0cKWy@cudf_(_(SR^1^isqa|wS$pKE<k&p*}Y+VHo`-+$rL
zwI5yhHu}Ei!JpQ7>cd}<2k=Ps5W?H5&LjAKTE`eZTJ?~?Z<eR<?R36p@W+&M4nIMC
zpn!j%eNn<MQ(v+^tmofZ>ubYjn)?rY7jyrIe`?NOco+2nA3j^-2k=7sG=!g}dqo5v
zrTbM3-%EWXfnTfjP2mS<zhv-J%=rs{%G5u+*Nau(E8$n0{6DJaf1~=d4d2Q9{s7<8
z<PYCZ@9V)|RX_3Jx2p~V_!g>%5Pp#AJc4gBSNBi&S;{Se->CIU;Tz~Y%HVIB^B2CQ
zKDU71sys{h!OF+_xSszHsy7>clj_8Q`x?iEAFBHC;Ag5o`|#&gKLPxG^}P`8D4z&^
ztEqqZ6*?~x_;$)Ih4)t7X7E=`|AB{kuLAzH=|Avp>I2sNdj8Lv{tq9fbHsr^p>xEA
z`>Ib5e!cdc55H4&62OnqI3fH8y;lUk*qp!c%QgQ5{(oHBcla&S{kL)5XhD>WP9#i3
ziEw1X5m6$8h!SB$jXKInw8SXU5^RZbM4M=d7NbOs7$r(@jNaL5bfZKKHsN@#-?Q)a
z$K3vWU30Bj^Io6zS!;ifT^PTSKS`ap@{f4$P<}k?+sP+!E{x<4vX0U7{rsnd{N<nX
z-bDUy=9$V5V83Vb84eithg`lL`>2o~M{cEjB6T~Ezsh_n`PS^mTK*rNZ{+_C`ODX*
z-wx$#hyEj9nf^JFpT|CpUg+ol0{cCdAHaE+$RDAfr}B<*GWmYgLoT0<bt&ZcQ4gj3
zZthD1`C+VkB|kaTzx;n8fB6cb|I42U{YSnE&v)|GLjLlL+3(Sdi%;`^|Aqhme`D4+
zmS4<zCGu0)cd7g+`amX6>3g~SP}aAQPxk}<{w9Bi^&QC9;(IIkL9BZ%pNn;G<R5Vk
zw(_Hx=TLqe-pO}l-;LytQdiMS{rnf6dHlVx`~vPLiG1^L|B;_Ty=C(G`QBW91o;&5
zb3^};AH(wl`6T*zCI1uWPA%Vt`8V>-?ilyUR=!i{Kk|>Lhfcm;sDJsI+$W=#`}t>h
zEZ->HKjl}lk5c)itXC%goO$N*zmQKMe~$fL%GVG5U%onhppsw7{;lORe1DvCBY&Fu
zY~>d+&!PNkzPFQa%sfYS)+KtSpZ^KeRV+V~K9k5#<@r>83-_W-ei8MY%eP=Yg?tyz
z<x;*R`*a|`o*XLqI;=}ApDpAse~NRhl}}<mLwQ3TcJi9P<BjB(v5wKJ{rtCL-^KEC
zL;mt*$RU-_Lf_8hi-i6oznpm%^0QdqQhqe&>_C1E-&M(P#B2Fk?@|BqTUp0eekXM`
zly4BuU-^El*GPUo-xa;q&;Ml3kyw5l=V>B;fjUX$SA_mAzc$prd=1X!LjF+r_ZRs;
z!r!0e9rLN=P3S-Jo2lDIzAgK)m9I#>4dp4`$v0(PM)G%<XVmrcf04cy%WtE868YTh
z-&8&%w@kh}_kmn~Gx-$q*O^Z#-;Z;4Ab*GFEBPx+&pgfl{a4H9WS=(jyZPQ$z9o4M
z<vX)po%|yD#z?+-IDcR7=RbuUV);L*w?uwCeIS*;#rJ0N?U{crpPw8G`6A)|DZhz*
zG?1T9KdIzbkV7qhh@2bwL9A~pzmI%|^3S=icJk>jpXvXv`$!&Bx6vE@{O_l~#qzJw
zw-fp9Cyd8W<x7VCFF%6s%H;>qCky#w%%_xJLjN4dA0?kk{%`hUEx(<*YUF$KU9G(3
zTo}sN2>nO?5&Ll@|A6|8-t6Z;q#k1VH$(pNSy|sy{s8mL<WuOkx%}U}w~(*Pca`$1
zLjLkS=>wJg7}mX(Kh8WG`7+c`E1%3bL;1<!?{D%mI8R6NXQ->_t$zO3vQK0Ay1yIO
zc_QBsPvzH<PbNQ?`Q-9@!u>~n6Z0wMi?M$P@)gOglJCp9)bfj%Pa{8rJX`s<sl%as
zhdajkbn>N`=Sco4`!V`YKmV=6?=Si1?4v|Jcc_2)cbR7<zk@t;dCWM4d^6U!lyAts
z7|6Ha_f93>n{&UG@5uKy@_U(QD}OfhANfnvb0<%!hmm~uaQ?pC&;O0k|K(59R}=YG
zq5kC`algvsSA_bP-@$oW$Tti9M?S-=<9Zv&U!{*#@|Vf2mhZs)8~K6kmsWl+^Bl_0
z4gE)cZRkJp&%^!moqqloF-|O>jqgq5k5DJ6yyX1K<h${`xqMsdwvZpnIHi0y_WMA7
zO8EPy{0hFSmfu33Y~*+1t^6kP9Lj&mcXjeNS@)5AhDFBr;pp9d{{Nvb#qz!Q-bB7w
z=s)tM@JzlH^_<I>qfZv{OSn&#@<+n`Q@(TPKk{os{_>+(-$uSS{h^hAnK~TG@8e$4
z$$!ndjO17GUD12}{Qn#Bm+#8GJ&~8pGnHS*_?i4Sq5kDNur7ss0lv4CpT<38Ab*&1
zyprD(@|XXP`84wX(8pT&lZ-!<zfYZa^4mlIksnTfi{9_&zZ*Hk@~5b`M7{>+ODexV
z+<)YEkV7utE95V~m*-3QfcX#PFP=X>7b^Mw?B81cI?p%qM|f{5|1aw@l$V_Eo%{uI
z8_Azy{OE&z{%2EHvHVcRPvjTyd@4VR=QH_ncrHKU>2Yp_{QKOaO8J222lD+{$4b63
z{jHY&k31Xs^VE4OUyi;yl+Q*#@8qlU-jV#4(0~5h&;Qe<$LB&UKZNf}<nM7`O68ZZ
zE}8r|`fV<MmpUxuCy;X~{~_x#kgv)2R`M+5FaJa6Kk`#~Z!3R+x*f__W?ee@|LEr<
z`9{nq`mmq>J@l(s{wU{5B0r0Hrt%T%lF85K`CNW7>r%)s3Hi%6XZ{2Ew8^-BD*3C_
zb1nZd>)6PTq~2Qjy7b$jd~wdHPX0-_|H%Kyx<?=N^FM*U8p~H>eG~aKyN<s%m4BK2
zn8~*xw_JWF`>~Kewf(p+mGYfJ{_@8-cPjaG8;r-P<yWy!8~Mz9S1aEz<S&0Z+<)XB
zv#&?;sd)5pKmSuh{_=>rO5{tk?y3Bz)Kw<GD%8Jx&xh#$@~s)Cl%Mp!@$&=u7wo%A
zemc+B@<TY68~F~rx0Rp6I79iDSg%gLS@``cKZE@qjr#ddx9Ir0V)=|0j6IR>#ynH`
zS=Wu9&*ZZ(elDMn`4{qIXCCjbQvM(M$w2-B`=yc}8SX#wnmil%TI}~$-i6=4^7HxL
zPJTJ#kK||aJ2CpCpZ}cHc`RQq^dI>pyf>A1oKu<nAIvA0pT~R(`G3i|l+VvR2lAOF
z(*NbNg#IHxHq^iTV&>Dz{~79EK0Ec<$u}mqk^C3@o{B#0=YL(ef65Q#cUB_5?&)!z
zr}F=iTPEL&{gTV~pr04={dvBW-@<zb@&!0|D*3PY-dcV;c{cKnebmbD<h?`r{dgxo
ziTyj0Um5EEfBpO)4)-7VBBB4w_aV1bJ{Nr^lYfnIa`_h2Ng+RqbuZ=jklR3h3-wdU
zzruWK`EiWj$d~6_YvucLP7URch5Y63u#O}7bQ8vP8-3Q#|77M9%NM3UC-QHSXDWY@
z`#>gNoche=hfwE*{9x*~l%Gyr4df@$Pb&Ew^rc$9E$iOMpCQjye(nk5+=lXt@J@a|
z_qvh%N$NcMyr2KK$upME!g?k0XSnaB@~b!(GWn6A|H!Xk{)PNnyp%VLKalTu`8c0S
zJ`er5mLJP}8u?2he|baS7|MT3opkausOOP<Ug{y5+Ry)HzAKh5P2DE)JK684{GD+A
z%1;XU%eUg5R>&8nZ<O){$#Wo|K;Nk357Vz|`IC4fe?8<czlnMn%0Hsdbn@S`E+hFw
z<{5p_&;L*SE{o;wgulPZ?_fTud@k-Anfw6Gi(GyfUdZna^)Ek=K0J``z&cj)!+E}z
ze@<?V{6unV<sXInr~JG0jZXd&{b3~k3i(9SEHTah{TKfK=iQipEMJ@TO5|UsK2!P4
z?9)uX5c@8dpUXZi<QL(kd`jp)^7TXg%dcRZTK+ocR3ooK{_@k=zeD+e_3h+)h2LND
z`{^6ewEg@~=lqK0GyHtqR}=Yt<dDkW2!DT;FG1hP<$vaT3;F)czm!j5eFySIsjEsp
z*M#x>Yx#YQ)5x!7y;}Jrq5sRzVO=`;lH6NH@|zexny#P!yVOH0|A>B`$j{*(lFFB$
z&NF$<JahSlj8n+pr4N_#M_KoQ{IPKVlrPWuRm&&fjr=KcZspH&UJT_Yg!-57&V67c
zzl`sVrtjzfG~X4=51|ed`HMWC%D+OrW%4A{zx*8bT_L}NIw|GL()R}P&#9A2J~8Ak
ze~*3I$iGiNZ{=TSe+}g;F`rI;IrTP@zfNw^4E_9HV|`<JO+JbI-H^ZhvG>ONJ(DlP
ze$3_1P`8ErhvZPo|4P3a$X8%}EBUJAQ_ELmK8^et=HJTqrk;oLlyN%wz0}W0{!-}w
zGxqa;g!@J;f1ck9iTq>wRVsgj@iX~@%qN#W#d{0++SF|+pM~>iAb*1KEBVLtv07e|
zXCq&OJX?7}UmePS9PU5z_sC%+U!U)aX6om^=!9|I#`06?Z;AXR>Lit4&VI?{f8l<c
z%U7Xp3;A!u`756*<S+jR`@NE%#r$je43oy++sHp>y;}MCj5Cza@XUCePX1Z=_h0!N
z<QC1`&;RYvf8-z2ClmSV<d({(hWn5FJ>HwkM|dIsY3M)l+4$ap{P(O^C0{f2ANkgd
z-^ec^=T`m&^Bl^*9P*dHM&B68kLLGI6!r7}Fyt@ag#D7pb3B!gLjRG!&3tnCj^t3t
zuOf$1{t@TSK)wJuRPs&uT~N!fWBf)w)BEFkZsjk8`=@*kp6}$#a$b+*UxfZYOF#dd
zdB*Y|Qa_1&cXCVRi<3hp{|bF0m;Wu?|K;0-{x9E~_YUOSh2LND&#0?femr&9$h&a=
zl>e9<hVq}{oqYN;#_Kqee@Gohv-b1<J2}MiuX8RW@_*8AQ~6Ba7{51@zrZ=0%eQ9!
zg}meWQobY459B55QptB=9c%fl<kQF}@q8=4h5a&=ufVz7$^XGQIFe8I**KqQwtoIM
zg#6_vhWo$#9r8)#i&E#A{GZGxmtQmU_}{Gx`Bd&#rTlir8OWat_aFIwA%FSYA%FSq
ztZys7oq8L}Kc^pd^1T^nB>ybb|Lpzz*Wo;k<s0CMd|mEosr(gk$mAD>`;UA!?jePI
zCHiM6Ka_jpKt2m~RmtCCKDB)MdB%0v$lnS5M}8x9GL+A_&A5I#`3%?7f8>X<Pop{d
z`QJlb#q!I@Es=kj+*0}1L;cI|WdG*!`|(2l0lAg(RauvT{2uDFlCMI4sO6`G{x4sh
z=Ue$l?DwJkQ|8&p|3yC;$(Nl#|M^ls|9LsbWBG>Ec_ROaI!Wc%uwI!wX20k1GW37>
z0<3Q-Uo+${pM!I!k{`<WwS3l4|MH`#&sM%Hbv2Y9#eVGMi-q%7z6<w+XwH8AOYwXx
zUz+<&B40ezzx*KjZ6=?M{g}%aV%-b*!|caW{sr|mkRMA9m3(e;uH~Oo&y9SB$>aKL
z<tH)zP(FL;Kk|xmb0lAf{T0pC&;QBLf8<{!pG3ZN$X~tz<7e{ac|Mol74Dz%m8iE;
zej9ywAb*TLR>>b^{91ly=s)tK!ucydJ>)OX*pHq3Zss|XAIJF7-2ME|V?MEbRdPt=
zlh{Y8{B!zJCf}5G$>kd{|3dx*xs~!~$ax^2aTEUkANi)-A8Pqbn{)ok&mrelegyk^
zD4&CII{6FCb0puA`9xpt=f5TS#PX#>{mUN?_ka1xtZyb?F7$u-_ROb{&+zSWo~8V?
zkiUE$`amULllrOUD>I)){%86|E6+mzmoE_dk9;=fKa&5I@uPYA`Tq@%<u``=k9>R9
zE0r(LdS&vzGkz|Ajyf;oyRt5&{0!E2Aisg}EBQn8fm(hX=WHWioIG3k^LLE*%TT@=
z>)6RR<K8loZ_a*?=I!VI3OU5`mAEe@@{^f=D&L4Y$>jUduX1_KelO&^vc9E!Y4RD!
zH|M>T{0!z<%U9*Q8u?b_*2*sr{a-#8zdJhlnv6e^&&xe6ny;V#Y@GYC{B8DoBHxDZ
zP36mzPbNQ?y3OTJ(#Hz<1jZ@lZ&4=$`3~e($q!=PYx%sP|I1&a&Rh8e?hixx^US}K
ze>wdAl27EjqWSyzXRKE&KW33}A5P>8Fn%iEDb&CGT<S2F59tqu{NH#fkGW3{<hRi$
zEBO&2fBBc`&yD<F^s!bxH}yG`U(CIwlP^S_kK}8I{J+xAf30x;mwy=QU%n9algel3
z9+Jsp=AX+aQdfoi)sVmZqR{{4$B=U+{}1ET^4)eF*Ht5*!1>k6CsT(*`Q5C0Cx4B7
zF_M3k+@iRj|7naL%fG?%iG1yF|Cg_iXY$2D{_^#yheEyp^;ya{;rW4lJ?f{De?Y&g
z<^N?}8u>=_fmXg1=jKp;1@+L$Kjpn6`5yF#Xn}tI`{1#Bar#UmpG>`_@*S9GCO@0?
z&E*rRw?dwib17e*-{S-Mwd7FAH)dUG`BykM8~GMI-^%A<Uk~LA;+=dF_lJ@EG;)g;
z?B~BY^%l#Q4*AP(;(Js1FSs{m@(V)#^0h<$^0(Q)rTkm$$ASD(#;@f2kwYz?b{_hV
zeEraW<OfinL-_>ip_6Y%{fy*SGtX$De*O>9$71<J#!uvnaSo>PO+x>X|B7|V<x8{f
zg?u;mQ7Qi{{Qi<(AM%$UMsBrydFrZ>za8#B^0mofDBqlZ)ye<CeRU*{Sodh*e*R05
zXDr`@dPwBA^1Z1%5BbXvq7HNU`g~U*zli%%DPK0+f8<A#b0yz|@oV{B;rx|<$i8dk
zS1_NUd?n`7$rt@>{CjOA&&e}dq@Vv2q5kF1;fZ`gxPQveroUzK52>qMei!$>LjHB;
zU&@zfzYOI6<2<e8`;&7mUyA!cBj1ktY2^pAe~0qV!u?;qY{*}}4f`cpw4eVGj33LV
ze|Wr(iF`ZOF_o`MJ!JB|=qI`STI#Bh&&fV5<;PR!1Njo+?{D(2au2WN`!k<LehA*m
zlW_jZZ({zP`~vE5Bwvnoj~46a|4;f=EWd+uHjz&Z^)KHg^dI>#tZy#=4(DkhKZTr2
z`Mu0%Am29JKjka)y|sK7&c{Z6CBLUy`A*dBP(EEWKF2%xN}>Mc4dX|P_w%0|>R<j1
z>L-z38t$L+&+ZuSmrQ<I$X}j6Gk(61uSRaAeEKQl=LhmN*>{!vkkEhRdyr=%UzOZi
z`7Go-l&{J2o&0RRcO*ZO`9w?f^Zy=o7|W+Wkp3fY!}%+Jg!;_nx3j-;`I*#tAwQOR
zmhz169mwaWUsdu6oENox68p4~&q}{-<#UDn<yTXOo&26~|B-(y{Qd2#{ro3}`@j4_
z&c{Ul1J)~*-$6gj<WI3KxqK3RppfrOKPlzkVg3X8o}vH9FQ5)<`AMvABfpgATlsm^
z$xyx>`?r(N!ag0z=VpDQCHwg=O#Q_2?}h#&{{f!LpJ2T*`7X>em+wO#DCD!U?@IaF
zoI3;gkC;y-znOkp%de+y8~J|W{v$si^ndwW<lM>UX8t32MxTtn*3bVd?5|k9FLjm3
z*P=hC@+DcvO#VWsfB6ISu|j?jIh68^LjRGk&$?9dhv@^g{3oneBVUj2YUPutpP_t(
z@b?G#k=&z3@{Sy$ulMu+G3ye`uVz0c@>{8&RQ`78|MF#6mt1~WsDJsz;r=6UdGA2J
zHvO}bZ_awv@<pk)MjlhQt^7&WaVY;f<8<;@_}w&;FU#}MQvLk*qYuaOpN0M-KahQq
z%C981Ouh@h7jpSxd~YG&INX2a`%#Aj`BIEi$ycF1Yx(umRU^MQ8Q&*c`4sxtP`)B{
z)yYrid>P3<4E4WsKmSK~Z!G^Q`y!EVLtUlvl~~_Qeh|6k@~_Z83;Acvvy?v&>R-Mp
z@2%v|aURw3qr?4Eenja1@<o~FP`(9q(#hWn^)LT9^&BPr{MTguvHW@VT_V4adPwCv
zu`ZeX7``i)A0PUU{P1x9k>5()4&<wc-@o$5IbUk|YkXHDf0pN4`8whEuRJ5SPW}q(
zK9UdkuIL;6{2!;TV)?P0BZ>T3o=@d3GyhCpu<p71O`b30kFvg{{Aqk3-yq~Kf0=pK
z^7nafBY&H9Y30)|HvSznl>dl(cqe}<8TYY~d=Kg~TBe`>39L&je}Qol`DE%jl~1D2
zXYyZ${N+Che}9m#&v{zP+fe`VUo(Cs{|#Qt_hX)o{AbLkm3QPYlsBAroqRdYqmg_g
z_Dl55e*WihUc~a>G5<uKa_*$^Q|Kp|yk`7degx-2A>ZWsalMuD2SWbxoaZa~htzW|
zKZ3u9H}ZX`&sP2c{d_3jj`w!*%ftCAe}{F9mhI<%4D*TQTZi*kzHPYw%TJ<TW%7fz
z8Slqj{u%ic@=xdwrF=)`Gmvi@`j31|yq51mZjF30IkfVf`QD-YQ`V)EpGh5#<OTDO
zmh0#LbM{><U->}({v$ttI!WcHhy3OL2=y<YL=J^~lhA+U=kZ+w`J43lN<Qt8<N4R}
zg70nQzYP6Hehm9`DF6DD@%WwmarWs*{ubwQw0uARe}?`epGqAj^4oYmmA_98nS6#t
zsekz|sE0y+H{+M`W%=HL{50yelE27#UCR#&{a=1q=s)s{S@)rQd-hi+-xVLpKOvuJ
zg?|2%S>ITG1oKSf)4Vob_f#G~JoZffhj9MNr@LbOd?Eieby&(*V?Pe$5p`b4bM{d!
zKb7xo<TrDkw({RFpP~Fp)}@m#Mh+wSoXj)&RzLsKxX;A$bHe>oJ}dXJRQ@1!o5{}#
z_kZ~@tZyMdHQfK@AFzK1@@LrZm3)4_x0Wx0H}conFRgq(`s7f47W3@nv$5Yt^0~<^
zTCt!1cGO8MKcDdv`C*)=sr+pEKqmiVsDJrN^piq93;Uv!@5wnhknh6$EBT+o{Zl@P
z=NtL&LjRW^&G!!F2eB@ld_Tq?$!qF4`gTA6%kfzLt8o93Z_Yh7l^?-;GWko?XD*Ma
zheCcn`=yj`!+Qtve=z?_{%QF8gZ!+}f8;wcek=bP`(-Hq3+vm--(??-<lkhRXr+Gs
zA962^<wtWKCGxfC!>Rm2=99_)Nj|y!5^^r&Yw-J`luxE#4didIzLoqc#;@fUuumKL
z@qBM9KbSfk%KyNA>Eu&5M@I6~n18f#KmW_fEtY@GIwtb_7(bOSMm=ZpUvMAD<x7S7
zm*38MmGXT<|B+uB?mzM-<S(Cg-SK^_k<ZM%qLoi2hoSsSJm1OZ!$<On_eK-?`L9Pk
z$MS_4Cy^gSe@o?aGJYn1l=aHxXNU7wz9jE0<yVvQK>l8+fB6y2vzE^v@|R!F_^tdB
z&cUI4ZqC_GehhthB)=fk|0@0bKMVawKACY6`H1gL<@ZpxnS3tJ(_H>A&lmD_L;sQQ
z5&FOUJo<Sh|5f<?D?gR*YUHPc{v*Gb@rUw*!~I`=OgMk#Um=I+JN^7O<a=ZJt<*yz
zUxfNe<-cV<nfyTdMlQdS?<(ZKrQeqFHq^g-GT&RtSLJ?H%der|Hu9&#{a^lV&ds6x
zaK5XPpTRng<V!s~{=E~W{ruNtp0PZ`6Z!Pt828Uqei}Js^6xVLTz(dHSjdymf8@Vs
zT?X=)K2XVDB+pvD5#QCw7o|R1`4{Z>q5MhqZzrGWuj8CY@`iegzT3}#Io2hXZyxfO
z4_Nn9{&nV`$)DhNSuVdh+<)Y=vc9E!S;im8=iqxQ`C_a~Enf<6<X>Z7xANt9ekh-D
z&2i41d~0$W$<Jk9M634mUxxR_@|F1BM7{#`naY13`j327#>wR;@_Zqmo$o5;`-J{4
zUxoQp@`~|m`E%4mBcF%&w(_gO`78fE`?`~#Fq!(7U&lDnYW@5-3;kdII{P<~Z+zf*
z{8YXp>z>Ik<=oHZe-8P}|B9FL<+!g7<Wty3mHYwDi&}m>zh@iy%G7x)e}(lL%C{o7
zPQDuBjO0ILy`qWz{LiLu$MPFErxN*F%qNv!5c<FTKJv-sJ23x3{>Sk5H~Gr+$$|XR
zaQ@045BbYK2=y;tG4vmK6aM}wzd8K<P5wOR!btua9<AQbf3?v6<!griBVUW>Q~8fr
z-%LI){W+Kagy#$SZmdfwUoYe@UyFLH<SVmZYWafnnMVFI=F`fjg#6`uh5DDD$Gu`C
zpNn%X`d&Z(tKT2@lh{sOCGv|nM^gFz%qNroi+z;KzruV9`Lon*DZh(x2J!<q7b^LB
ztV=Eb8~v@3FA@5`{Fc!F<=2x>C%-u4FJCm|zeYd*L&z<bug<xa$Uh1FM}9N+t4w|v
z`Q-A1?=9qC5BDGW-^pzt|2cJA$^S$jtL5)<t~K(%guj2vmt{Uf`H9?zJNbg__mO-F
zJo<h=|5G`yWBK*$i$wl1^_j|73xEHSFHg?7Jf+_j@{Q>;rF;V84CF<~U;b$L`;Yui
z>ba3W&GW7N2G)Hj|0VD3<oD69M)C_;-)PN#{x9<0SiT1NB=Y;2e=2{Ib;;yY*cZ9{
za{5>yKbrkg%9o~o2J$P}@0I-haQ@1VXZ%LK5_R6n@2Bq#<sUPCC*N%f_fPp=c(hhO
z|I1jHSiVl^Kk|*~tEv2L&i72dF6)@fw_uz?z83qaly4EvU-=jG!%Dtw=>PIZsn14!
z7JZ<VUqhV?<>&K!C%=X~NAj79@!t)iwfp&hNN%zG*3f_C4fU4F_h)@G`Bds8m!HBt
zypS(XotN^**mnc@1fH+tmyk~_|5rGF<<BsFD?c;*`<MLbaQ~FQ$T%bUt(@1<I{p0D
zquyfqs_e%^ejoiLmEXX+XY$Wj-&}qO>s83l<9kc_&8+)C{v-BRCBKont>ss-E{*(R
z-rLG|W*-gZ6FHAM`IK<~ksrxDC;CA@|1A#W{waT*bxh<f>zK;l<@rp$C-cwcM~3|6
z6GQ#WuOy#=yyN_;<Q4amTD~vyY2?%YXq-bUe}L~D$~U5JJ9)!ANAi!!CtA0k|5QAd
zKhAp-`P$@@+Np<3{v!J{mtRL67V<U2{ZsxZ`)(lLmUE$!-xB(de8$!J_b>Sz^ygOo
zY{*}JC*ybWZK&sw{Mb<cKkVm!Qn>%ikEK2n`D5G%Qu(~hKa>BOds;5viFp?Cm-yaN
z{u{;_$WP%uQ_0t(9%}g;jNi!bC(l-XGxa=_x15iid{*|+Nd6Q0WR&&ue~<aZ@`cDV
zk)O_brShGr!%Y6WkiYyc&cQ-{0R5qq@4<Qv<bS5mRPrh0R?GKcoJRif&*?w%jakQ`
zd<(pj-xvCie8w}!<45cD^M8zWkLCAWKYl)uf0cDf<$ooIO#Tl2IhTKg7xHsh-%|c4
z^BKr%p0DKJV4k)78TM}@{}#`;^1tz2L;3pj;ZA-4>pPN<sPkz3e*S-;K4bap^vOj2
zAa$F{pC+G7o?S6s$6S79H15NNd^YN&lyAWAk%4@3&cRB468*E5KT3Tz@=Y1Pm2X1M
zL-{=9)5)I>^)Ek+b%{3U=l>G*5X;XapG1CH=s)tmhx(Uq6!MpELvDrqno$4pEkpkD
ze{t`v<gat?*YfQdr;+a(@|Pb?ZbSJK)L|!|JM@3~)KLFF>gT^FeLI#PMjuY(IrWgr
zAK*O7<Ub3)f8{%c{N*oFKc#$I`t3lzIqO@=V{)kF`|`bw{B_>j${**uhVs+dU!D9M
zd?eq4?~OL>=YKRg$MP)v{*ph<JusDT#PgYab3B)S9{Ruh2KG@Y{|^0mApag-$?sxc
z)bc;lZyWi)cyBBJ1^Z$spK+ye|Lo-NhW;aegFX}exS#*=?5|k959^i452Sul`Om5I
zOg_Ue=>PKBnSUX_E95Vq%Kc;@-;VuQ$rlUtFaK5OKk^4d{_;PuUPJl8jMK>vAh(hH
z3C52$>gRtW{Wg~G%zjVg$FpBj`EQv|CjUL2%WwN^ye@@&7xFCSHT!xXpN;jc<nK{$
zwftH7Nh5!eecj40<{TW#4<qMJ{yO7~<fnx5cjJEk+t5E_`Q?0XBL6bqo665%{7k+;
zsDJr0lgVHH1NuoRf0yqX$p67SD|x*7xIfhLyIJ=}z8KH9@`reSC_k6)?c@c0U?l%1
z^Ncp>=l>vmGM4Wd>R<i@&!_T9e;wzU$xmUw<nr5@Pa*%9{#nX@6#BpXFZ72>z8~|c
z<#V4oo@XO}iF#<|Blgiyeq!i9@+;XdBl(5QGupJD|GV7NV)=92uM+uG@=4{d@O&o!
zWw`&y_ho$x`CE)r%0FhF19`*uR`QB`YWcJD;YR*4eW{f%#l9HIccO1}@_VSOk^BR`
zEBZ-4|D`ymV)?JhEs+n|kEwhr`DF4psH<Fl8|O|T|LB=<eU|d)*mnc@j5~~<ujKz`
zp0)gC#%bg+`=XV<8SbC*1F4@*{x07;lF!3^BigK=|BTy?`(!NNCfq;eA2WU`f0OUZ
z<gb!LE?<oAE#!-HUX=3Lndd-0TgYENm3h|ko7pdo{4nxt<!91Ahw>M%AFq2Szl=UJ
zlD{18KR@l~zsD8habo!t=9$QsW51;GqnUpu|1$aH@`LElh5T^tx260d&bxv9F7{C+
zUx4@4@^{1iM}8hTxAFn=8OmP|`OA;syGHVzsOM<&e*QC_NdEHQg#IJngK<*%Jk)0<
zzlM6q<+JnNLVhF9m-7Fxj|TGFc)pU~jo0#H$fuF-LmjsA-;u*mz98S*$uDLdNAh=B
zuV{;Y{y!<`Kk_%(FNu5s`dBJon!b_A7Z3F>UzvSW$UlE(To0vuX~r4I9}M*`f1iF>
z%NJ+<jeIG*m4C{)Ih6mGdg$c;!$<Pv$tTMD`Ts2BFMopXO5`W7A5-~spO16P<Ofh!
zx%_?Bw~$W={a?O($X|Xc^Qq*2pl)mVYOH%BzcTb6`C-g|D1VN8I{6peS4Z-hmKo<0
zZQ0NNWBOq%f0%nzBL9TCO66D3pELO@%rloyAkRWR5ijL$G0s5#3F}zN&thF_`5ffX
z$mgLSw(_OU9OpKapU?Q6d~)dj^7}YXqo4KjpBnO)&-lUky@~t-a!BR#@?Dwy66Tr9
zkEX5)`C8OxDgPt&JdpnhujGFY_ka0cc)pRZ$9r4(+SJ2PKFz%2d^-7ptm8<&PdI<K
z>gRtN>lMqF;CxBs({4IGFH-r$(EsJj@%ts0f6RGQ$QNQAOZiluAIN8?PAd8F+{bG9
z+2Q<^FSpY8yIOfd4nz6+tV<`Kg+4rzKS@7{w(jS@Ho3*}6+-^<O?YoAUygm6$sY>$
zANhsUVIe<&Iw|GHvtI`C!+5@upThICd}ZpPk<UeLt^9d%8_F+Z{++zx92v>aWIoY0
z{ro?rpTzR{m`@^~@rLofOXWwCLnfbx`po4sJUbqzkRKoNm(R?8AIMiD&q{t?$X}jQ
zKaKoma%<(Qg!-4C!aO_ql#suCE#?_*+s}V?@{HvZd2b?*LjRHfoO@IzpLX8yzRu+f
zur7uC0{TNKpN;hz$iGUzs^otS{a?Ouxc|rt=HJTiBhR6HPIBnvL-zYfJ`XuZ+x7Eb
zo1A0$nXGRjzlMF6%GVG5U%q&#fBB=_2MYPpJYUK$4*f?y%@*T*RLK`+|JL&LLjRHf
zo7`IY#ymfie}i@J<nyyGBl)%552Nk-`OnP!WBGRM(?ot_$Y1^?`a>rFGIg8FZ(=@$
z{7KfOlrKr11Np*yZzW%Xdq^!`nRB+0FT?n)d>3*U%2(#R>*Nbk=Og(YA^)HE^FNw@
z$BE@vQg4ZTHRhknFQso}@?WyAbNLqZfkM7X`28inlJN)f<=HQlJfiQ_@_)0wjeIro
zY~{C6Z$tSh;qRaFwHRk4-<I!<cIf9niS>=;$A^Fal{c(QDu0#l%H-=YpIp8o^;XDJ
zyp-QX4g>jX+)pa`Da^l?e~JCx$p6FqTls?_fBD<Ix0CNjo+J5;tBm_(v|~U2omrPy
z{wn=2kuMSMKk_{pCzCJm?D)O8{MYP@LjDBbTgsbI|ML0hdzJh=&aYbjE&6sNPr~nC
z`9{>wP`(1sck+AbGb8!p<Ph!D&wpX&AIpD3K8gH4tV=5Y9nWX-|58`E{5#}O$k(F3
zmGXnAtAYG`;r=7PD*XLHK3}MR`G3RtD_?{CIFxU}x!lRG<Gmw!PG607?&rTG=T~fJ
zT@v~KLjLl<ao@}2XVNEg`Rwe+LjGK+fB7F+-+_EW=>PH`ur9ScVgEMr^O$EVznOhE
zlpjGobn<1$Z6yB@^NDup=YM86f92<e{x6@Cb1jvBNI%Tv$1u-az8-a6$X8)sm-1Ia
z|CfKt{;K4EWW8$nMdaMb-(vh$zHPXF%9o~}bn^AN&yVCk3Hk5Z&;R0(zx?KK|B*jJ
ze@o?)$vKnHL!IaHO_*mPUy=GL<x|4_U!F5gCBKj7YxxxFxsj*5x0U}i^ndxIjNi%E
z2=y;tn7$Vk{rqpCU&Zn}@kIVJ)-jc@OP|c-PqALPe0A!)kZ%|6pYoll!-0Ha=s)rW
zS@&8#?JVQp<Bj}c&g)iw1^Z<vUzeOadBpf5`8s@Wv|B&_YZ*V5-$$J!@{Pm&U%mo;
zHIqM0o#gV<*e`{Ae)?M}f0X$Q<g4)BO1>fWP|N?$In~IYX8czEC;He>{vywJ@)yGW
zN4^EQMZ5R&Uo!mumH&nJCi1P>kE#6U?2Al(A>-uoU8wUyem3h;${$^HT(<-HhSXst
zUnKngl3z)kH}Yl3p_Oky-45lOh5DB-!M+>Gw+Z?0(a-+_&Yf7^v5tv+Z|?c2ybSk$
z`Buy`mp@IOh5UZ{UMb%*^dI?7d{-skm*;Ew>f!z)-;ug%<(r25<^QB_bn-*VVI==-
z3ctVh?B~B?sDF7uJty+ZsOMC^HhnmgPj@H3zvMU22MYNtJYULpU>yhYEy<^nFU`HW
zmcLHlXym&wek*^GIvL6zqfR>cFUf5rKahHeCiU}QhkA(RyHgK|{B`D&%D={b&*TmJ
zJ(nNOd<ywDL;shj)X6};8GXKzUqhYL@_&W?FW-uBTKS8dUqks`q5sHtV4RWsDE3A4
zi+=vghu>fFE5rR?emnavmEXm8W%4!1EtfC<?08=k@@GQ-k?+QL4dfFTr;^XbKC0yx
zaK1G1*U7n+e}!>|@|QyW%O`QJjpXmL@1kG!^Zyu+<$KUq6Z!V+_f)<sp2?46-E;Y(
zd{-fVhjXWt4?_Q!f6Dn)$=@KKT0STD!$v;cQR8}O<sUJhq5NdNtCLTlo=5VAdXDz$
z=f5B870dT$e<kv%tXC@Ei~7vu?~y|;pM~!&<kS9ee9tN66Zx)z{9XECC7+A&Yx%e7
zZ;kxd^zByu^-%xvLqh+N&mZpp@`QU)w0A%M8|jm=d?s>8<jXRjRQ}!2|K$_u54n7$
zQ2+AZ@m;0-gi!zT?Y14SS0(=qdDikpLjB9npq^X#x%g0i5Ov$hZzIo<{B!nEv`;_(
zImkJd-_1CQ{8IX7D&HXd{*upd5cePXj2F`X<yVLMzx*D~oq>E+*0GX5%=5K;ANpz|
z-<0{c@_ET;D8HV0cJl92ha>sTq5tgL&wmB>MJ!*F?@HuHu<ogRM4!pz2k^bQd<yd^
z<a=}PD&=3HpA6&!=2OXcVPDkp2VWbndm}Hy{a-$bafb4Yd^-6m;rEyP7o3mLe*OG!
zWgTPrL!tiVLp+tQAMXG1-_Zwh`9joHA>W^Kq?F&sdJW_)^RMK;;(KfP&D@6@`J$|E
zD?gZVhVm!F?=Sfm)Zs|J3He07>gPZEh2wgN<%fm)kNk)1uT(yT@5<zdkY_GmmwRa;
zpN)Q1$`@z72J(%l!%BWc$Y1^d>($8jrOsRV^W;2~Z^-;R`9+);Bl*XRj?by+*ZutO
zBez(-I{PS*|ABf=<!f`!X7YE#-{0hOlXD?IhTKZ|3G|tP{Ey71lFvh3)$&I}{mUO`
zU0V4%<S>*UNnLgF-{T|skEz>e|9<{I#bf!uL;sOK@!EL5r1G!LGG5<IzBS|L@~?;c
zr~Fa+Oey~Z_o9J(S;nd4Is3hqKh5}!e0}PtmB-Y{P<}<Y|I0UHUyS72h5l3a^M5w<
zfBB!Nt3>`Z^^?j^;eMFOr?T&I`4-$a3i&4FP|Cl_`VQnPh5Y4bGM`$0D*LFB9~k<N
zJZC;b`R4S!PW~5i8_73dA4LcB^Itps{Xza5b)Lv)dW8CyuSyP?d@}tcm%m0|E#xn<
zzNP$S>SQ3lmO8BDYcii&eje-6$S)+fR(@JIf8{T-k2?9=eAh_682czXu%G`9q5sI2
z=DbVfC(_?i`8L!;CO<mdKjk~|d?7!aIxOYeQHKNhtMtiAekk|JTK*rNZ{)i$eru<1
z4CQ|ezklU(P@g0De|c|oP(S}o*%z^VH`XPQ-$cEo@``oI<dc|xF8?3%Ddfwu?xlRd
zx(wudG0#fA2kTqQ|3q$$d@1U)l`nYVc)t(jN3p)0{KHWH^4Hnd(ZT)v=ViTO`Cpi4
zB0nqq{*s@~KF#DGhx?CwOV+)RuTMWL<&#4F%QxZqN<QOa<NH7@pB-=HpOITD-#*-b
z<jb*Mo&0Cv{FT4*+IStK-}Lj}mUA$cPYC@-{%7hul^;hvWbz9_|Cj%jaSHiLd{-$y
zKiog%cZB{gzl7&&`9joNBY!j8Kjl|3&QN{=`>~T>NZpR)?}qw6q@RBt&R_ZQ;rEyP
z=d5okFYru0-EQML%;nedU4?uWo-gIouQjfpf&3KaS;^1DYx$+rLnGgrI&9_huwRDq
zxtM1s-=BUslJCd<jSlVSzYl#fmQST`B=V10$5j40_km2l9qXIR-{tv2{#EL;l<!GC
z1Np~{Q^`*b=db+YaQ~5C7VbatRoRb2`87P>$!DcbM)EZoCpxU3e;M+ZU&%ZZ`CIg{
zRDN~n|MHA`U@pI&=L`8E)K4jYKiog%hcf?4p7Fi4{5<wWBR_-nYUQ_t{v-bz{j-x_
z7W$9;NWLpNyr2KvtXC}Gh};tSj8}61m(Px8@()<ATz)G3vydMf@|W+&J!&A|h@30=
zw`bw}mETF8jePM7$KTb;FJ`@l@~PqeFW;Q`jO4q}2cjeT`QOX=70VBzUnO>ONadeU
zpPBp!p3mjiP$z|aSMD37{1^B@{!7lCO8zUJujM!L-bQ{B>)y)0LZ2VX8~Q^h-}i>`
zI*#OjXTL<h?dQKJ<Hzy?87GlH67K)<&BO0s`4OyRF29-i7xF21DgQe29LRqi@|Q2m
z^R@gK>Y<TuL*2IW@6IybM??8U?uVWH7`}HTpZbmQIMMI=`TvIb$MVyuheUn@>zK-a
z8}2{yPecEa@5J{O^6&G#rTi%R{6Ky`{iKp_6aM}npJvB#eKzuQL;shrP0mC4t(;$-
z{2X!{$!A=A{NCuue*TlGhgkl5@=WA4<EQc)xesLW$H*s_A54EJ<j?SYDL*Ux{*_Or
z-YWSw9vOdcEx$6Hzw+}Lzm*@yx)0@(=;xh$#%0EJK9aA`Iz~tJ^Iw{CCzdbBy*H5`
zPG3spFOgd&--9~O<)^Xkh5U!1{^h?7{a-#i-&@H~V_j<bJUrjXf6w@>e5Kv!Kl00|
z!%qG$`ol<m5&J7Tx}X2-?2A}_1<xn)r$YaipUwAX@&W6W%P-*hLcSk$Rm$h#el?JP
zi#o65({|Lqd=u)hk>AF-+{!OuUkv3l)5kjb-QoTzUyyZ=2L1f+V!dMd8`N_mZ|Qrf
z{94v4lQ-=5T>d5IU&s#%`O9Bm-3Rhjsn1G&GJT_#&qKX6^7}aVTlsv<b0|N9@jLld
ztk+2X5bF{h)6ajwQ2+8F&nNQh7(bPt7|vh$qkLB`zlrrK<Q3zT@&{P=fqV((U&(K0
z{94|zj*UEGzqIn3!~I{rChOkGPhh`~<hOA?M!)ap|8H`R<*$bP<!95kQ~46?uT1`D
z^33HsaX%^K|KYu*{8IYWK%RvDFaIm=t>rO&tg-Vuw3XjYZbSJ$LjRX%tjkEgF#9O_
zLqGq0I3HvA)6{JuPpG$4zC7o6CSQSka`}&E8J}x~d=;KA<r5fxAYY8!DtS(yujPBN
z?v4D#(0}CrB<G=gBJ=6wKjphd^1o3J(Xsvf?_r<D@+0WOiF_m0H<iB^?mzMsSg%~Z
zIyo2eCAfE$^4rN_AU~HrT*;@<H){Dhytk2WO>V9HJDl%B`33ZWPQD~{K9b);-;R#!
z=RYF1SiTJ7B=Q}ZXDYvw@iY0U;r=6Ek?{-pgWLy7`F7OvKt3mZyOQq`>R<i^-`mJj
z=F`d_3jIfZ5$oQ`UuPeU<i}9Y(eeHK@1ss)c@pmb^1ri>Qu({QH<Qm#KDqqraQ~Fw
z!1$$n4e}YtS74r%d=>UxEnkHBH1c&r{_+Fp&qMjzq5sHNVLl`I<dFXf{rnf>Jc{Ly
zvM!1I9{NBkKa6>1@=4TTF8>-i6!L$C{N?-5w+HeK$*q!~#lEZMKc#;*^6$}STKRs=
ze<(kI`E>G`emVZ#F_N#(dPS4_`5(qOvHTtGX^H$G=99{Y;qMRfOX-uj{Q6M;^7F~9
zlur)7f8|$%{x9EvK3~f};C|J}uVtK8J_mUY<@eKXJNaqU`AEJyeLFg_pZ~+*{FQ$c
z@|SPQcct<t87GrpLY}#Nb^1dg-<Ucn<rCT01Nrm3x01hx*Ya<M{v$t|+*<kG<TjMg
z%er*(Pg&oQe2Y;3f9&UfG<_qMZ_PeU<QFi{R9-UAOnx-`E0-US7xIPpu2TMa`28zC
zp7~euQy9ONKTTh4<fnzd|H!}1dJW}Eg#6_<v5!Xbx2cEdq<;QCpzp=<yXeD-{0_!X
z<!AD}nf!5nx90MtICl#9I_!&5elPDG$hTxaR`M6a{Zqa+`>2txkGJxFhx?Cw6Q1wn
zXS0qY`N!N(qLcgiUrIg4^2fLbCi1C_lgf|aT*&0p&Nn`fa`|#0fBA>hNh!Y|^ndxS
zoFkR|v(SI!kFbu7{72#Zl`qBbyP^D2=F`ciKa2BM9+5+IN<aT?FC0G~%Xh{T`3xJ5
zpHJmE^^nO=p+DsE?}q!2d`{+B%4huE`1kTael<B%@-umFE#Hj$QX_wudtEDkjB|D<
zKacS{`BgWNzx)~MIXbnU|DGX#`Esm#BELHHfBB)I|H~8lWG=s++zR=t?DtZBHTS52
z{ML}a{3zyA%a387HuCL4|B+uz&O`Ywq5sIQC!djgcIqcOt)Kr^)I%)4lJ_R^eOa$m
zzB22T$tN+-Tz)I_EaX3-50vurI9~?xHsmjVl6tP?E$?mQ^Rw?-`O5Ukq5LK4xs!jN
zeLa%T6Y{V6`9H`x8_N$2{YSnU^GW4v;hB6#?oqk?fl&YQ*Eu&!`LidE_w_*jGG58|
zW8G`{tn}wb{wCwJ@*jr#kNkS}V<%sYIvmM&pw6Q|_49v*{uaxhr+yOoT8y8{*9-Z}
z+h@nQ<?>sZe<6Q^x+>+faqbM{7qc%a`FhN=mT!zV@*k6PD}S6i8OkTq$2$2U?4yzV
z0rp*VdO!b-$t{*I$vBDpr_3{zZxQmB|A&5_%eUv=Sjb<Z9!mL_L;muP=PUVptYa;|
zlJ#oj%Y^<T{~+8y<r{EM?&PPjE+cuvd!sY@`R`7Dh~>MnUlREf^s7|9GkIq6hI1sB
zufVxn$lne9M}8LHHIP5R{;K3#Qzx~272ey(7o<P8@*P9}k?)Ro^1bkp{BZhtbY?&Q
ztwa6GZw}|Ld{fpvl|RS2Wb)VOW4V0G@b?G#UaWg5KZt%lkgrajm3)iPf8={pZ;gB%
z#%bk0<32EyZ_D_de8tdz<WJo>?!(bp{rvY2_aFJE?7KvMGy5o&zY_A79}(_9^2fvd
zNB;ha<9U|y<G4=_<kNn0{Cp)ppZ!wHcc9)H`7zA1mA9NzL-}^0|HyyNdX40Vg!A|8
ze*SNT`;UAIIVbYR+3%@*3i~CKkLbg>{1b96<ZrWIO8M`Y|3F?+&z1aH=2^=R4fQYo
zkoUIoxz8G}?@+!0`=yglW*tZJ>u#X_|J=|25260$yRg2Ae1Y)$SN;V#XYz>p%;iha
zZwq-r{gm>LITr@<l>J`GV{)tI_l5J<PW`m<ms!W5{4>_8lRwLSX(YcT<o}m`{=0?#
zFW-dqP2`J*{N-zqLnhyob2*ovMx7M$nWoZz<d2fuKz>xHfB7$2$67uo_0Y(t`Q!M#
zt^Cc9zkCkn*~yP%J|p?`^Ns(05}nh}e=2nq%P*mSCh~W<@1^pcIgc{=(yUi5e>wdA
zlCR4;mhxGd|3JPc@2%v|bKceR{kfks@|i>a@_nhFq5Mte-^rKfdq?v5S@-DNe*TN#
zv3x^vNaXKR52^gXaQ~El!1<EPKVh6gzSvpRzx+$&Gmw82?*H;%h5DE8!+JIHN%Y%R
z{=f(0`3&U;g!_;DkM#4A{N!1v|MU9!&rMy$^8G^pmoG&=sr=AT|MHwZmdoD{^)LUF
z^(y6m3g@qUFZyRCPdHy{`O~5Q%jcz^wDN<<VJN?oe%{GXC+Cs;an><9zn}kA^qE-x
zDCbckKZ=}F`2_Y|CjW$-bNT(uzmOln_m=V*SLW}}^8G{p^4CKDk#EMnZsf;=`j;OP
zet*dy3;D}mWPL~S<*3`}f`0yog!5PaIr}=1PYma;{4dmJCZ8rB@84YhOvqn8AAP2j
zugv@h^4Iy^O1>J;*Yc;St44kub=b;}4Ef8C=J#wTf06M=^0h+#f9>bLFy9-?r+IFi
zTOxm!-%Y7}hV91nnaQX54*AQUWj_}3<Je!Nd}h{hAiss&D*2swEnklu8u`o2r<H$=
z^KmHOm~lG!n~XD(AI|w0UD(h6WWG0+Z^8J9d?ET|DqoUy%;YiWOD;e7k@30|@~<*}
zDL<Zi8^~v7eJlCN+yiU*>!JST+l9YB$bZW`hw?8`51o7$#u>?vq|ZckKmT($FJk#(
z<d(>nA?H;7KI@*z-=#m~@|QyYk<Z3HD&<Rs`=@+G=2OWpq#xGuGpM&lo-$4=f0_M0
zlush(PQDfA%Se7d`!TwxpZ{deomjqYsDJrmjFZZD=J`y%C!WiHAL?KJG3!;zzrns3
z$d_YXD)||q{^g%gCyo4DjNi&HV;zU`H>jUZz5@5Ik$e?Ax>)&>Lo9!f@e}!*q5sQI
zW1LL>G2`U&siFSmYjeJr@-NY62J&mjr;@)N?mzOCS+7Q3(+67le7tuk-!Ig^{N01b
zeRU+iobjVe`uV?4p0WH`&izFGOsIePhkS1)pZPh?U->_nPa%Ja@k{v|_&`3*f5+oj
z@_pHNwS2%i*vQYOep>k{oI6ALOuV;~-$*@-<hS9`rTzTB8GirDPYU_Vzf6Bl<qK0M
znS2iBnadBNehT@Sd~YeAJ>380|70C2`Rd{Km;7VuvytyW-)`kcFwdd<T+WeB{vLHQ
zlApU9zkmPM&;KGkmQQ7#iTonoo66@QpG-dEjnu#VJaR7N^Riy0e6?`?%8wzRN`5-^
zQ_B}({6;<>_nB6HEcce7d^gssldm8C{v-c(`1{Xg{rnGPpT_d3oP&vc6#Bn>#-qnM
zXYvc!*SY*O&iz9EUFKQJub@r_@{3u=N`5xu*YdmR1C9Jz#&6{_9z6c8q5M0X*PZ-I
z<};F?Lp?;7_w!$eeHzOzCAUPrK<Gd6+h^hTm;4?)mp_ab^0OBkk5kGgQ|ANuX`%k*
zn^1?f{A#|dkzXJBzx+#_Uqkuq?CVax7W;H0&zVnjML+-9soPlo5OtEsYt}K9kLY`u
ze0J(5m!C~;h5U!izm$KKzA=#RMIWf-3)4?(`30<RBmaVZ-O4|^llqr08Ge7se;o3c
ze}nl)SN8M2fE;4^lANcBd>+;-m0!v@nf!a~(_G%LPYd};^xIPY)6oCrms1aw{0Zu(
zmM_D1HS)vh!>#;g<~fvaM?H7)TiHh=`Lp5vb5%e8{i&Z={w>xkk++PW${)Zp`5^rM
zlK+PH7V;B#zO-|19LOK%y_I|(`a><B=_lj<*2t%C$93MyFW?**%5UPl=;Ws|&yjo?
z_DghiKmV6mmsmc9bx-7%FrQR@2lL6~za!^d{txQ5kk3cIE#=<{{YSnc-&M&krO(vz
z1zDFyJ_qa4$`@q659KSek2-nEd`9xA^yldB{rq=fAI0(|m}erN#Pg~A59FN57w5dr
z<yVLPFTaBOZ7IKw=LhnHc~<fnvvHl*@@vE2f8^ii-qp(IIhg)0pO^LO<ol4%NdCic
z|GcK3|0&`ADL;#Sl*rcze}9wT8|q)aF3;!k`$GShAHe)e`OP7J`Bm)4O1=bjTgx|K
zK8>AwU@L!<{xFoE&N<b|7h+vT@@MIj(Leh6|Cn`&<qNXziF{W2WGY{s{*cKRrk~{U
zC&T?yz7FG*@<&;(f&32ErIIhndu#dDoa2rB5$dOvUl;nnd`HIV<ZFcfBmZfr|7-jC
zugmkX{A&7VB43)iO651w&olXkjGxP&5BbZ#O8u1b+ZcZ!U!M6?@_SjATD~cD-pKz*
z|7_(e(BFpgA8@bh<g?TFM)C>FGiv(zZx-^GKf?SI`8UWXl`l=7&*X>EPjdM!)Kww>
z6FHRfbJ*_#`CoXxl5b7D)$*sP^G5zYeWsPy;qMRfRalo!etx+B$TwhLN7wc9{}y@1
z^6%h@d@I%~mG6LO@?}E*k$;cz3;B-ZR?6q0t_Jd>S>H;2H~XcQUq+sdd_l%<<#W?-
zhw>Hqu1=nEFB-`=<=ly`@8>^}eG$vIWS=JTwL|}rFCXe({u+HIm;WH-FTb9?SISqX
z-Ujjsytk5HLLJufYeN3=-B|ZlzCAe%<rlK=I{8i9uSW78(XXN#`uPv(GqL<m`a>dL
zkiT=L@>|I*ldsQu<?^e@r;y(f?w|6B<UEkCLA_P-C75R|-;I6R$Ty`wwDP@Jm!bSd
z*0GasNu7`653wJk8~gb$!96FI4|zV3ugmwQ@+AEIS^o5e<NI?iUxDWf`4aSjQXbO>
z2J&^-7nOW3a<1hsGM`5NN$CIb?a6Z}e}QwPlfTaRBl!mG_voMf{9EcamcPq5iTpb1
zHkIFkXY%92`73`r+<)X}hQB|^cMpI6kuS}9Rq~ISe=Sex+l_oza&F~YvM+}6y~F)e
zz6y0Ul25bKxDKP6`uRUcoyYR?$RUxx9RB_zzn^}U$uDM{Ts|}NDdfKn=dXNM`tU&h
zA?sMl6ZUm2Ujc9AzhL}Uz8L#%DBm#r{Xsr4<S&1PoTHoj`ESNJvHVxz{FQIYK1$_3
z;e5&D53s*-`Dda2<@bjEFE2y=%cq-l{C9>*{s`mL@}Du!M*bM})5_nZ-iGr1>2IC<
zH`LEaJ`3}VZt3UW(Z^!>bK(9kKZSmh%GVD4Uw&n%fBB*0S;!w}y-NAd$!#Ft<mmCf
zuH?6IKGyQ3sOLt0C;hXPA41MU`S$dsPX3E<{>txX{OHzx{%g<=WBHcUc_N=mUrpuj
zu#TC0d&bG-?^9QWyb1kZUWEMRzv6o<`Bv=fT0SRr*vJnK{YU;3`)DXXnD=(_FVR;=
z^7X0D=wJQ(*XCXq%a`X|OXNBAmdbz2{4@Fdd~Ys)f$u8hAF+<5d<XIz$hQmiFaI5V
zpqBpuZ{*K}{v+R&`Wec13H2|3mi;@DuS=arxApVigmsDKXVPa9`4OypD&LKKGWliv
zPRZrxF@7Omne(xf|1#9S{3UX$<Zs}$d@ttN$Uk8}w(|EFXDI&#>(a?LB<GQQ#5mFI
z{roQ`hgg0T{W+1}O<zsr`-lAH5Al31e;hC5S1_Mao>M0S`L#S>$**DEYx!|}S0n!w
zdA9P+$a5&)g?-n_PYma;d=mR5x}%@}zIZG@l5;1K&qset<rC;vnS48P%jJi#UWI%s
zzPFU$NS*`vTioj^`7XS-mOsn7H}Xm3*~(w0pA6+6@ZL`TGUJcrNAkVVlz#rpaUY1~
z`!SzHK9QVL`7!jROnwmK<nleqr;sngc~QzM>S`e0mvJij7xa@_{(H`;Mt&3fsFm*!
z>R&$7qvLy5C+|4dM)EgVm*~!Z{x@^qh~>NS-bDUB<D~M1*%z7o74EUQ{8Q?ukWXeE
zOZf);onauqJ@g;>6uzsL9~=6=d{f46<+ri#hVnmC51o8T>SrXM_H};$w*CC4ug4zC
zBc4y>bK<FdW%f}fpP%P*`Dx@_$lsxUO8H+y{mbto=SqGceYKW<68euk5BbZNA<v<F
z5x%RF&%wSJ$&a89M0fS`e=Gd`Q+{Ij{VU&&d8YDNS;tI%7CGnguQC5Zz8?4CQhpD0
zK9C>7cUAK9d2cO$lYZXF_hP@d@^3QFq5MGlUMF8M)W3Wea*OWn=YK5cY%D*CeVWKW
zqCQjkWOB&lpL3tj<(Gu|mwz7WUp~Xy<9#}ipTztt`P!UQwftc2IgR{u#%blN9Xx*T
zQ2qgR+sP-9^GLoV{W-d)pZ{v~jadFD`#O>Tmiedh(^;=femH#~m#5T8AwQY>VJUx_
z`3&U0XFipDKXRz$1Lo7nKPAsr{vz)k%BS6Hye^&maQ4MWeiii=-P_OqMCKpMujBbd
zz6QCa^1soaGx<5JOD=z%?<(Z$Q@5r37UnaMzsoq4{MS>*`PA~eIZqq;JoN2Weh&L$
zD6hz^lYg6jHIg6Cx<~i*^It2}zkHgj#`90)GvTRxlW_l+pFut6@)>p?|J|~X|C#S9
z<vHUI<b!bklvkWzwLGG38~JgJ)5;HG9}VRvhyE|0lkrFL+4$b*{(k;{W}dP9-0=HX
zUQ^Gh{PNI$<fn!Ezx*N2(?b3a#wq3db3P8_^Yguxd_n5DmY>ah8u>Ex=T^Q5;}7NQ
zQMaA^PWI_Yegx|nJ<!kpeeMIXd^_qbk#EfXB$a={IGOwm>Li!n&pZqHy7aeFegU}+
z<a2ZHs^o{TUbXy4yphkw`QFO6;CqMiA@$SA|H}Ry$+u;k=)r#e-=$y0@=N*NM1B$b
zB9%W#U(Mu?Ei>*jxqJ!gvyh)cpDg89@ZNzuVVp`n2Ys@ZUmfb-&iU2K|3;oe`M*Q{
z@~?&dBd<9}qKEqVf6Vz6%dclXiG1f!|MGLG^GyEFaQ@1_AMXG1Z!-T<{zUlukNg?d
zx03%RoWJtl;f?%y)}@ul?60BxIp)*JFCvGLe8q78e7K+gnbcb>|28=!^6%oQe3x+k
z%5P;IbNMm!!$SUh@+sx>QqKeVi9BD)zX*SSmZ#*<$Zrk#%YPVtf64zI?mzNr79a2T
zk^C|GZS+V#|FsSt-*aO5vCnb;k$;&!naWS%`AmLA=>PIpsGmZ<Vd($z^Qe=7ybAft
zH)EVy{^i}r`84u{Sl?E@Sg3#bwR~46-;+8V*+c(-w4eW<nSU&wOnoNux5zD(-yZHi
z@|Wljx%^uCc_F_EFXan_-@o#US(i%wD*d^ZFU~lPd;!*_mEXa9hVm6ScRKlB$#W!M
zobjW_`uYEddB*ZJ*r$oSrJtnoeOcd3emUn(F8@A#tdMUt>$pBk`Mu%%mG4WvRq`Lx
zH){FD+#4JDS3~{F*CmIc{2BU5C;x!@9LaB>Uqz4i^Iw{EiRGU%P9mR~{+7zGqz*Ir
zf#j3Re;D$YuSY*D<p;991Nj5gLnXhHeqPHrX8cCJ6n&<Z&$Pt24-e(blUpbM6Mc9j
z--7o>PxSNu5_!h*|FSO<`FtUN`M+4-O#V~qFqcm||M<HK`Euk?$`|In1NqYQlS+Pn
z$X|XBeX@~n%{*KAUE%&If0%JP`L^UdlJCg)(XgNYX*Y8I%Fo6V`AwWVsXQXjOn!K%
zfBBC?{mXY}o~8V6^woj<AN03Mz6$-hmN)FvM*cYasFfeiz8lIP4EG=T6Zl9zA@u(z
z`}zNc{SwPB2>Ht|<oQ(oT&REf9pU~XpM!l}$On9HDc_JjJdp3rdR6jEn13yQV;Sy0
z@~Qj|YUMwrPKNS%nSUq$AAMsaKY{Oxp6cg6G4y}=sXU*^mk;+(`OXKA_faO_6VK&O
zvVRNtlJuEUzD(#p^5+?+lK(aQ{Y`#zsDJshq5kE6XWtFw3x)jU|71Uo<nOWW(bN6>
z{}%rKCSRL%N#uX$`BeT0_mfP%KI7!_39Mrwe~i9e%I{?#4dhSp-b%j1tm8Vb<u{OL
zBY!#MFE80&L-|?MXD6TT$KyI2$-l~aMbGr}AJCs;`JD9gME)=4pUPL}+|1-JaZk(T
z&yaH={|5KKQvN3S4CE(-`=|VdQ2+AVsn15fHGQU)&qAI<`L~#7Cts0$I+9;T-;SQ`
z=l?$670b^L{YQQe^H1e3g!-4y&pPJv&FJTae8#iK^;61sB%gu&F6yC@Z^1pkmcJJ6
zKk`pP{mbVH`O8Q2lTN-n^Bl>i(D$O}`uVR$-Ny3Oxj!WGYgorrz7=_9@*VJ8{*7?{
z%3t9eFXeBO+d%#;#;N4H@!nc~J@aqmd+~fL|2008f5?0~`8wn_l7A=kpMUrBKa~C!
z%iki0L_Rz9nacNO-81<H%qN%6!#IWfGrp^oZ^Ah;kYB|;r;=Y6?mzMm_^w9&n~=Xe
zrJoGt)2HKo+Q}E>yGHU&$su~apZ_KFnOMFX=T{<Mgnp9BPo)oM@@bYG&oh@lICboW
z{HSpMm+v3?kNno>#^Y4-hv}2G{3^b;k<ZLLTlpKDUqksJ%%_td8Tya>IKC@-p`ZVE
zI7ednmZAU1&m!kko>QNh{1)mkm;a0Nv5;@aIHi16>TMvO8?WRo>r%`2<v!fVzgT8`
zUuxy=g#6{7vX46XSHk^Aejx9SUhL<;D9^|8iQEqp`QeO{%Acg(GWplS`78et^;XCq
z;htH_zeoQZ$Op`)lE<t|E&m?%*2tgYy{&vN`oK{B1Lo7oKVrQ`^5@AXda0lPeg7Tr
z-&nqVsDJqb)Kw~9jPK3l`!oMs-iG>@AIttN<u8Q$zkKcR_aFH*n{oe_Kg#zu^0l~!
zwDOt0IUZ*yKZNh<<e!K9<-3w+^m0G{CC(;)`T6vjM1I}><L-Un<EqO1|9j`&NlufS
zcG6DiEwm8Y08>ayfKmo%AxOai$`Yi?fECJGafGT>t2;{35u%Q6)c7^xs1c(^9Wkp}
ziR*}24Qte^--y{YxU(8Ht5HXZ8a3j$8}08ob3eDe^J(>qtnBXV*Vl_zZ{Ks~+~+*!
z`FGAecR>715>Ey7Kk=_a&uQY{4D?UDKZyUtzYV?RiGO(v@t^p|Ab*kgrO2lx;#XrH
zJ>ugSZ<+WHuzsl!zx@t>zN*BpgMQQx>-FCVJ8_Bs>mU4aC5Z2W-zABE7wuET?YH~=
zq=~->_K+d|(_sBe{B^LmJn_>IKMTZviGGU26R@`u@fO&*N4x^RD-%Br{$3&ea*V4=
zd^z;2epIjjw<3PJ#IFzHKk>^EKa<3NjQEx!zB;IXh`$|iCPVyLu#+tDccXotcr)g=
zKzt>5k@z>i>)S(#crWJHBYq$BQzrgp_(g^Id(pm1{O#yp{kUHL>!2T(cn9n%LHrT;
zdy@Dn*iVZ1yK&z%@%JFkWQe~X?X$!;Le4z#??9gg;#b2?io`2er<aJI7}!7YM}qi6
z{A~D9h4}XoC#%FyMgOW&um82M6PNh?u(t&9ZMbie_;Z5zPy8p4Crx}c{4qm(?hn3w
zW{H0&uz%t^AWwn#A;f_q@gdk}iTKCBJ>riB`X}BI#2?~4SjSa~-{Se>Qa`EJ|1V$<
zF7cfhSAse6SCaTN{31pCg?IS*C{6r3LH;HFfgt}9Pr!ci#J`RE7KjgHzKX<WpwANV
zAAozrA4ET8;`d^HE5zGi&sE}&!LHO#>-B#&#^n;PB7Y@_AA~-W#6KCVe~Et-`b-nQ
z2J@I9KKEVNKk-k(KJ&yML;C{pUm$N5iGLsSRU)1a>L21apx!7GKLdKM5dSIWu}Zv%
zxT+qj*Z<>z{S$v4{3StrAL2}s_)h}+C;lebNt*c07*~e)GcYe%;^)EN^TfA64+Y{S
z%vX{4F9Z80J_0-Oh@XkPQzm|Xpnu|@$9=2BKaKv?e7*i}gC1Ps=LPwf_yY8tB)%W>
zl_LH)>@ZFIR@hsH_;1mFmiR@1{)vAAc2yw04SroD{(Hz%BEB8^^oV~6`YaRwTg3Sa
z@r$6hD)E;E@&9M_`oA3ab&1~zJ5Lb*2aGpK{4(e#MSLO1zr^Q)_)q-z@W(9iyAb#C
z#MAJX0`ZqZ{vz=V?5#vR1^GSV=LGgo{8xzQ72=O!Tvg(~g&x$;>-B#t<adeN=lgjx
zK|Be0lEkmM-;diV;`cyrY2s&LUnoQTb3y(k{!mc=5dX)({)s;v<X_^=7*~n-VdOiH
zcthSFSDCnVg0G(n@pY){s>FYVJf(h7um9^X?=JEG1OG}8e=+PQN&GVSU5dB|J*0`J
z&^|-_=V|0$;=hBv<%$0a_EsSNM$CJW_;t8%iTK-)r##}HL0wTMJ`P?X{<R?f6TcL8
zs}}0@zY_M~67Pfj3F7a<yd;UYz)n)cn_wqt;(vfYW{6)2IkUvC1<w<2MgIljgOIaG
z+&JvdZ;5yu@_WQ@N1iGZ|04XfLc9_ESBd`tc}@MYUjOGJ4!FdpF^>u2S0i5}iQkSm
zmLmQ_$e$)Yfw++&{yW%nmiX>K|HQ9{JO$#f@_aoPiAR3}{S*H-#_JJx(7sIkdaSQ2
z#Fq#9C%zh7{i<I7=^+0S|G&^rg7`_WlO*wV=s!h#5_Xa%UVy)6h(8PQAxr#yXrCv(
z0rC`xe<ZMf;?<!3B>t=*{}Nw|_)sRk1NBvf_{VYID)CWp_3L{5AB26n#1BKx1o4f?
zFG=Fhf&3}r&w`z#iGLsVmLcvUo@9ydL;rc=KS4hQ;?Kc67Kyh7`Iq>nApQ`)5b>c*
z{Mqow3i00|&sK^526;^_*6aU;LH$GgR`^AN_=jPKN#b3QGe!J4f&Ph~0zGGlH|+K6
ziY)QFU?+Lv`=I9n@#sGy{t&-2$iKv!(cUBeTEww3@mCi8{wu`qft*$1otR(sn|l5K
z3*v)Id>{0dApUgdIZ52O)Yn^z_#1=xPy7tnVTSll_;r@}$Ab7n-1wfahXU~nFy12Z
z&ms<#h;Kyv^oV~F_bn4Y2)nHi|1#>LD)HN4&+74d{V%~UT;hKPJtv5t2|1I*?+oG(
z@kby}ns_7hmLdK^$eAU6C+s0l{F#umK>RM~r$~Gy?7T!g4?FjWzZCZ^6F&!fs1R>}
z9af2NfxW5U*6aUK=*K1gPq32&@q^G$lK2ARaEkc9AdjbsUjsYO5YNG{v&8>8sDFsB
zg+2?!Ux9T>k$4OAQzCvo^y3kKDdJU`_}8(nsStkw<g5~ZE9O^K>-GNzjMpV@-Q@dq
zg808dpGo4&Vb3YzcS8?p;;RGuC;pZ||HQu;tbd80iF%+w{I{@&BJpQn-b=)1F)okz
zs-XTPz7FzNi2niitrC9+#-)B&um67w;y>~4V7v+92Qa@$;@e?ADdK;F_G#i91N{@f
zDTx2X<FMO2@mHh&0`W`o$iKwjd552;O2qGhop{9eAikA}KNq}0JbJf(-zxE0=vn<o
zz5bhE=PvOX#H9rBmmtn3i9aLQ{~`WL_-~r{eV#98hWL+QhgsrpgnshG+k*H*{C?=U
zNW2gIl!*TT<MoK2jykPO{Ek5X#9xVgQ6>H%$fN$VUjOI7e_i59@C5M_;g3n;uY(<?
zh&!-{H1T1`lOcW+<}pjW7yajnp9H@s5Z?s<DiWWAUzdot!VW#+xgh=%Z$X`0A$~dH
zK$ZAF5Pz2H^}iS6b%}o^$iKw1f&CLd19q4q{?nlTA-)CeGsNRT{ZIUAj4Mz4F4O}B
z;y;5Q6^ZW+;y>}nFfShQlORu-_-mkt3h{eTcU6fmLLT+|di`&J{kX(8fhUN&u#+V5
zw+Hr5{0%|;A$}?RD?|KO&_kB^e?tB|@ejhT3dA=+Z$;u$LH$qsO3338KQ+j|#IHbp
zsSxjk-m1iNh)e1Z_4>aD_Tv(N1KKBuzdo>k;@1cHm-rjef0}q_kbjB)EA*2kegWF&
ziN6{06o@|`c3vd@0OqSid^6&_NBmmMOPTm4%x{JGC6Kd9d^h@0hwJtKU5wWy{vhIW
zg7_(c{S*Ho`biOg5%iEIetr;th@TF7%QDA(^Thu?uz%v4(NB^1FA)z*#NUXx;Sn#P
z|1$Bdn6C=)hoHAA@jmpgj17kVW7)O8jNifEUE*6Ie}Z@)_7jrCKaF*Iiuf-0X`1*A
z;2GkdLqA#KUkvsih#N2Q>!<?piv#@=e>dV}iTL}$J>m~TpJn3xLHsBF&S3wC_;%Qv
zGVAq!Ik-#we)N+d{(0C#lK9JE=PBav4Ax)7pO3tsA^vRmX_j~={5?<HgMJFcug18F
z#4m>3mWZbjKRx1;!Tt~Ncfy`4#5coFtHeKo`Bjm6{XY$M;u3!e>e~eItwH=DekjmC
z@h@S%(!^KYjryPX{TNr4_}9=+p7>Rezd*bZeo-X;A@pA&elO(rh~E$UDHHz??6X3A
z82wj?{}ypiS@rtA0{Oxv{tb*bK|IpzuOE}dAH;oA#7~5t)5QCbmovoYgZxYU)}a0*
ze!*eHAL0)|o+9x-1o5Bv!)Wgj|25<(6MtF||A}9)*Vj*#csJ}s+4cIr1oFGY{{#0;
z5Z{IQN)kU6dQK6)0QFd!_>GV!L;MoRpC$fI%vYZHCFs9E{OgEIMdBX{*1yEx>-qEO
z5x*GzUM4<_ek#PT2=q_<L9|!Vdj0=3;;l>k=DaUYf_U^Q*gx?%1@VXY^@zi1;%`BH
zn<4JO4zt96jQx{5@hswGfp{ACEfT*C<0=u~1-*I1pBCt!_z>o+LOcOGtP;N!@~DP-
z{VzwHbctVu`zDAF2lWr}E8s^d;@#*cP5gGqlOdjgezL^R#<=ptuR<Is5PuMI7Kwio
zeo-R+ts?B7_%g)XGVv?mcNOCAL0wcO{(_+XZ>-mU4E?*r-v)b55Wf-nOcMV_P=6A?
zKUjYe|2XP_4Dq*My__X}0P^RFzX)|yf%q=yr%3!$LH$Ym=kPC&_;-T(llU&!TZQ<)
zV;-x-3(%)h_4@ytApQ`)0sSY4zZmwJBz_C#B}M!O_;s52hl2b|`~$F`Eb&{AFY?46
zf}IzLe+%|dB<>)7mWYo9^*`|&knhUGUkLxL5U&LKCw@EX2eqtT|2Lz5mpSy7ApSAW
z_tPZtVdyhOd=<u<Cf<#>ks<!_VE>c&ZnV!6--ftUApUH$FA_JO=gVIr{yf-^NBlvI
zt4#dn!2XFp4|Y-|{@0L4HP!21K^~X*3o%~_;s?Q##6O97NfEyxsDFsBz<o2sA3~jw
zCB7qw|HL1HehS1NMn6U3`=Or_@vkHAd&K90_(Oa(@@9qjs}WDC#1Fx)RCB%le-k|a
zBEA#jO%Oi;dP@?&4Stkj9>gEw-^6$`#6KFuAL8#oy_6^3gYg!KzXN%sNc>G`Um~7?
z{2uYoz^=-~--doF#P5QAR*8?JALZ2R{~+R+OZ?vvKNG}XgL*GX{1tiMuT#W-QS^D5
zcn0&5AwB>-XNg}E*gx?vAZ{0kuR&c=Bz`yKED^6@ydLovAa0b2e--zw5WgOBR*ByQ
zJ*$>_{io61C4MjDOb~x9`biRhAM$&OcpmN3#6K9+|HKD^`iJ<7VV`;8HwWu4;wJ|C
z55zx+{!7Fkhn;xD*JB>b#2-Ukst|t@^j0PQ)<FNu>-GO-&$myP_={nm3F5ziog|5$
zh&-DjUVxvbiQfl#GQ@v{ab=0GN8HO3{~g*Fh`$!`wn%(G@@$Ft>*3cP@l!FbGVw>C
zw+itD+E<A`4!x-r_4@yhApR5gkiQbdjXSaaCEgA@NfEy-$iKu7z^^mJ??L>`5`RTt
z|HR)Mtbd8W40<jSKMQh}h<^w9$RqwJ^js#M!MG~K`yo%2_z3cviq-3X4)=A5e;Vx*
z#D5>yKk;_hXNvfHAWxdO`BUHTGQ>X@<X_?sqt4G0_k#ML_!|QIC;s8HeETU8e+B&A
zBYrOCt4#dsu+IwdFGBt*@y0v-`>NJ@{Xc+s=o0^CVE@Fwj`1dmw;|r9h@TFgCjQ<a
z{t$l^>^4h$Ipoh1KO6pDApSnYy(0134*T<7BEA`Ndc@CyU6qM{6MCo+SFo!p@eJ;(
zR@UqPpOMF1;<w)I%b6g4J9v_~{ixqQMSL9fd7Aj|i?Dy<-@&|Ri9h`jzkQzgi-Y`2
z{Kt>`?Tf^V4(y-!V?q2O{$l8@O#DXI@4rI)9b0@}B|d{VrdHMK|E1{PCH_6MPZ0kA
z;z^Qt7X74%{|(}Nn)u(LpA7MHVQ*RDuZ3UaiQ6Cb$6Fx&DfC|?-V8e_5ue4pd&DOZ
zPs+qU9Mu2BKZE;Li9djPPsQu?{{!gRC4LF?kRX2Od;WNn#NUX#nIirj_-UH>YQ&Qa
z@w+jPS>kWY`}fTg|2W1~AU=fnRwTXx@u5Wg^|-G`yoCPC#NPltRETfDxT?f2Y)1TF
zU9bPY58^-Zr=xv>_?uyeN#d)6_(Qx8?bF0N1N{?!4g4ib{NvDPp7>haw?KRw@<Nfg
z1Ai$IpMah{;$_6=GVzNce}(vaU?)}LKZ1X$6YBN<Z}2ad_<hh@g80+n7fIsnf&PjA
z82*(e{&v_~hWM9}FS5kni}rcqKf|~R#Ge5<i^RW&@s@}`jJV+u|0Lo}nfO-Z>k9F&
zL;fo9XF(pdre6Oq`;G6{F7cNluO*20z&?}2_aiT-h<^okl_q`(>@!1rHqbxuzdOtK
z-#qcPLHsA)k9b%l{-Z$u#GiYPuLqC#&yknQ#4m^Z72-D_Zd8fi1wAXbUjJ`}K3(Gf
z480|YpNROGBt8WDOc8${{4q`ZROl^3{4K%$Gw~G0n<qXGeHMs+7jdIVyn^{H5&tRL
zd&K`Wi2uaj9>jm*KSjQ)68|mktJc=*zdz7F@vGrq3F3<wZ<6>Pv`-P=3%^Sf{~^Ye
zAwGop$`bz-^pht(f%s4${s8QuNc<4|x<veb=)oiYY4lSj{!7STA)bSsSBXD>aj6sQ
z^?wTN*(Dym(D%m#@hyn+N#ZSNpCX<_`!w;pvEIxOe>VI#OZ;Kf33=ilfZhtkKOfXT
z#QUJ167iQIetN|J0dcQP{N7;yf%x6%r%L>*uoHDsz5c%e?h=1H;y{A<80;ZQ{8H#S
zMLZMOKk=`ipA7MjL7!RTzk*-qiN6bRzCiqU$ooa&A4K~S@ebIbNBr?1{t&+!<E;>{
z2JwgZ+b~~hUA_L75SLuyFN59^#6JQ3B#HkA;zNq~J7I5W;vVcXL;Mu@QI`1YAWxq7
zdtfI8;zOw4io~~|{}S=uVE>1B8Ff*a_<e!>6Q6{iR*BpFemqg@>-E3!6{vrR--$So
zApV&^|HQ9FeoPU655|=y-VOW75dRq3XNh0*h%aZJ_$OZL^8)dAf6wPd;w?Y$d5QQ(
zpihtZ-(w!j#P5e)Rft<V{r;=Oo59t|_4+?C&_D6jn6Cu!F9-T3o=4nE5kHJLkS2Z~
z>^VdH6VOAJ_ydR=dEz@@&jsR-!oP~dhoQF;@%KO;kN7p{zfAlL)Nd8ypF;mt;<un5
zbxOVdBb)vCa*3Cb7ZSv?@QWnzPeX4h;#b}2*X?QIO<(cvn;{;9on(nW80eq4deHBu
zK>VL!Cq?343-nL?v*_O=en0H0O#EZ;uL|+MM?9<&e=w+j+UoT`4!ya==K}o`Prxsd
z#50)R6!C9E4{72T2K7Jj$TR)<$`U_-{`17gg7{DT)<^w$DH8uK{GvpB9^50o*yhVq
zCSFFIuMi(cy;LRcfvZ#N_5WGKTbFq0CSU#p@i^==N&I2-lOnzXcAh5Q1U+Yn-;Q-e
zmiP|LSDyIqptl0?4<nuwiEj(`--u5_evf$L=X^bsiH}1+72-cczOEAg8tOf@p<e$l
zhMl;?A4U5F@hyS<6Q74Yq=-L?aixiW3;kz^|107{miWgJ2lB+1o$A|Xf%x~(f06hU
z?65?9H{zs6{2Yw8O#JUKzZK&5H2d;YiN6$fr8d^<e-3iG#4if+FY$ZOPm=g!nD-R%
zgP7km@l~*^4DqMqzFFeSq31mDQRtyS{ABcBB>n}&;S%vzLr#zQ;}}<&_$uU`3h^xB
zWR>`@pl8)yum7(?9+&uaf&Phq0r56T{06j75&r|^PZMuO-p>&KKJrDD_}3w4p7_7Q
zo(seuMf)Q01m>kg{2#vO#~F|KD#Xb$@oyn-R){Y^{wnbq__aE%UjIJ|;y>~GVCM<q
zzeb!%5<eOCkRtvQ$eAWSfqElDd=J(US>kVkU+0OpK|clJZ-gBdiT@6ESR#IJVE@Fc
z&}W(WO88@i`1_%^D)GyZchu?i`u{EV&t2kYU|b2}S0N83iKh`iQ^e1Qy`_mSVO$yF
z9_%nne3k9T)jaV;P=6Ai!u%GAUxIO!h~EPFJ>u3H)IY=<H~9WiA)Y}$RpJxK*XoRV
z{eJ`Fb&0P*{|Vy%H;6yPUBr_V@&AOsq=`QWJIN6L7W9@S-WS+E@y8&4f%sO;OOg0`
z*lmgU4%mrD{Iig=O#CN^Cl%sj$VXM;w;(>NM7{pU(Z5Ul*N7Vl;)mhCN#ZxbFH*!u
z_V{*^CSHI(GsIs4`^gfYf&Ju(UkAS~5RaqoEfW6<##<uZum<s;_y+V-CT?8^`zQVZ
zjH^ogQrLsqRImSgF<zH=GvrAS{~_!%NxTd8lOq0|vwZ(e6Mqo(WQO=j!TOi@x8Zkr
z;%)HL0`Z5?f06hm^j{+Wnx8}e#D9tWSSJ1h*h7W*d6=&%@sDF()S31A--USS62Bb!
zOb|aE{+lFz0_H14yc6xy#5;oehj<_IW|sI8^pGchLty{J7ZI0=#NUZLTOyu<eR{+%
z4D6ry+hDg9;`c%RD)H~Ze$-j@`X9%<xWtWF-yRag8*lUNIZ6B`=pjY?TF9R!o<W_H
zA$|eoD@%MI;%A=t3dDf|@rMKZC+=WeCF0AGXFcNI2;x6;=&eHh+o*f1#D5XgpB?r3
zzu_6ao?YS}#{4FTe;e{7iGLA!Cq=x9`=*I6A-`mZHyi%^W{Ix^&lC58^%wCMV7`jP
z?+@&s_=mwg;@2V$l!>1a)IY?(gn6$LUxoQqo9p$zfOzf_{|@FiLHyz%{t({<o+ADd
z*m;`xZj38K+<x4*hb-}}h*x>yH=&;b@e1suNc<+qSt9;x#B-1MOX1gL;@^OtE5t{F
z_(S{-+*fU>*MBSg(ItKW_LCs~cwqm;HzTj5h_A=Ir-|SGQD4s);>I@EKk?TD@rU@2
z&+^+Bh(8AVDH5+j&n4m~-RAe>5kDQgO#Cj)ONIFD=lJ8Q5<dt2qRy_@zruK3;tPTO
z6aN<GJxTm_*kOwJD+Bu{{vE`P4DscG{S)61#2@0HulnOH5P$u4pBIV$2=^@!zZY_P
z#D8|b-%pu%682Uh{;9zJiLZd3RcF2a@4-B}#BW4BkRbjO<d-Dz3oySa;vLXins^*}
zGei7l)MHuV9>$d?{y6NUK>P;e{UY&SK>iZ(6QLiE_~@O!UzCY&gI`pLzYcy{B_6ri
zpGS30z5ai8mfye29Cnf*em?Y>B>sD}PZ7@t_D}rIApS6iA7zQZ2=Oydd@bT<f%tmN
zZ;|+KV9zDuw_@Hs;%%s_%f#OTJy(cdf;?3vZru+3pIfj0S7KZ)@l#+A3E~FM&nJoh
zC&rZ`{yWTXn)r7R$1=n>B41>QAH;m+iEoCS1>!frPKv}If<2drH$guh@kiiyW#VrM
z;y>{O=DkY10eVyC)$4yf;;l>kIq=^E@dD;ONqiIZmLmQt=q*kBpP+{f@l}vBOME-x
zTb}q~%zJ_O*OI<p7l~hh`6>~=_a@|D;veos{3re+%u9v%rHD&a;=QnQwY6UVFNdC8
z;<vzl62vcu{7K?Jf<32*-wD4?6Ys>lXNdm+{*ooGUh3;1PrM!Rp+LL`<0=wAIe7nt
z_}gJ89`R=*50;6)7;&;f{2JIvmH0&%uR6b8{~v}uyTmsJ>tEtmqMs!3&!C?aal6B}
zt2FVaV;(ca3$T+c@m}PSJn^R?-WG^AA>S2=?}t81#2eq|&#y=PD%f+G_;?WiiJu?D
zAL2{M`)XUg{$GoEbcvq|J4q1lg<U0yKLc{6h`&0pf8qm(pBdt3VBWLDS3o~`;#Z;$
zED--0{IN(}!5&J)p9#D5hz~-}GVu!#Z!5$fK>I533B*HnLB0N4x={ZxhrcI?e*)|D
zB=Nt2U8RUW7xR)Pz8QMX5Wf!k%o0BX_K+uj8T3#fei8aF68|OQc8U0!!2XH9A&5W3
zKY(~uA>I|(Kk+oUO4jS&xXAZAm-sEPhXnCYV}6swuMP4q@lnW`CjKSx4DlP$PnP)2
zn3p{9S3u4J@inMtip0Mf)IY>`BOZFh--ftXCjNfJ$qMm(f&Ph)!*11u_4+>#cI6U(
zKE|6Mehus@N&Fp%ODW<fz>m_z--Y%W;$KEw%@ThZ#+4`jX2iDw@xzF>MdH6fTq+TN
zG}wP59!DN26TdTvKg2g--mAoK2=ebm_4@w??7=0z5B88Cz6tUqiN6kZm?FLjew`-1
z25~P#{F{OPiQfYG^Th86;y>}1KtDy|x1+8r5nqnH;1Rzb`Mpg1$C$4Q@v~5mRf%UI
zkGi;C|L=hPxWqpQ`%Dl&FVH{nLG+U%enFsr;$I8$FY%WlUu20tE7<=e9*5ov#P3Jk
zC=!1z`Y92ATabT=e+0Zt{Ppn13h`H>|0?m<fvfHH`j5U5@t^o^#F+%~S3y5X;%|XG
zDdLv}`X~PFK>x%~hhJogZ-k!n#QzR@E)ZXdaTSSgMn5IuC!xJZ{ME4AGVu*)Um^Zt
z_+yp$_de?DS?#FT|2@#BOZ?r)`w8Ng1olsSCwPkZCdip4el^->h~I&@mnHsf#K}DI
zZGrt0e>wUo5>LS%O2l7>I@}|^8|}-)e+qq8h;I$zKk>If&+3wT{V$>)m-uGrEkXR{
znBOGvPX+OxcrV74CcX}NIYazonD;F4t&k^A{66$wAif2DR3!dU#K{uz!^q1X@#0r}
zyDbwR2Cop`hWl2DUkp1@m)7flJI3V_cV6w^H$nV8h%-szpA71M;w6kXO?(VIL;Usd
z_bl;Ij5kkwH~gqT{An0(k$4XFQzCv>P=69X9d=SC{s#0@A^u&|4^`rO;76*fUjI8C
ztiOmq4E-dCe+GI;5`Q!DON#hT%x{|bIf4BX&j;~`_zQyihxpTj_(Ob8u>K<c<DmX0
z{v6DsNBnca`iuDe@Vg4}FCq?9iO&c1|7G?1--de0C2l+b`zL-G+9!$s1oNIEUJmS^
z_$Bbu4DqWlUs>XB#k}N+zYFtTAU+K}6p4?V>f2k1_+HqjNBo}x{Sz;v{|fQnK+jd;
zzlMI))9Uq~!MwY~zlZ)4#1~*cN#ZXt{Bfm-ue`{g$29SOf*)mwAA}yV#P`9T^Tb~f
z#2@0<2JwgZYQ)tN@y}phJmNRQ9?HZIK%NTm_ao0%iN8Epe_dX$|7Su@m-vN<4+-LL
z4e~GXA7Q>y#P5PW)5JdnIWxrn1@n?6{srhKPyFA&3&i&Z`X_!l##JJI4gAp~z8>~d
zCjLs;TZQ<WG2SZiv(b;*S+D;OBcHm&E6_uN_&V56lK2gXODW=q;dg1`uZBHji1%Pz
zS>j(q9LN*@R8apDzuNKru}J(D$XOzO2khJ<ehB_mCf*z9pZNX3`iuB`V7Kaudi_5)
zi2uZY9_XKV67!fO{(Y>cQp98LK>Q)T0{JCFd=&POCH{}#dE!;X!vgWkgZ($+H^R<K
z#H$#uM|=(BEEB&5epDfTRZ#yEKNbC`E9><?jyT{F|5XtGi602^FY&tq`zM}7oJ<pc
z9`ukQ{#vxp63?UmJn{QrhXvvvLw!;tz83aSBK}d>tw(%k5Pyg-VcsjmM{wUN@i)Pb
z)YI$r|F@{OUE=RT97_=YTj(cA{4=<3ig+Q=Kk@q@Plou(&`*~5J0NGC_#^O(0`Xb!
zBJt~CpC#fqz@9zgeVF$$@t?!rE5tt$#2@0HN1Rltdi|SU_2Yv}ybW<aLHthSwIuP=
zp|=$Amm#jEi4Q`b8RCyX&MfgqgZNMULx`&d;`buI6p4QT_D~{zE$rMQ{%p)knfQ&E
z#|rW9Le47j(@*sCk-Dm0|8ILb^iTYGxNm}Z>=l0dB=PU#zA57O!G6-j<Cymh@mFDf
zv&8ShJm!g4aNh#)UbHU~e>uigB3^|(d&JLs#2;^&cph?Ah(9NY|HQ4w{C?Ec_4+sV
z`}5)wKO?Yz;*Y{Ulf>6UpDE&<=qF8lGyEk(yan=PiN7z1|HL0g+$#|O2>h!^eA5HI
z9!kXRQJ;In=dpe)6F0u;x33U?GyJYfd=7Q8x~5+L??!u<crWHRL3|tZmL&c|#M>0{
ze?mM=6aN72n<2gh`pFU>3f8~GPs6+yh;P6=7K#59a+ZjH8Fh$9JPG?L6Ti;!?Y2Vv
zqmZ*od=U9m?W)&*GyK9O9>e@5h~I?!CW#jjS5w6Q8RJS59}eO_@t?p>vc$gyzsnQ9
z5plaf{5Hs0Bz_s}r$qb?wD*V?VJBtcx57>;#2xrimH2<akJPpG`v3dD{)vAQ{+=Ly
z7wX0&@ylT+DdM{@-Zb$CVJ8{lCqVuz@lOWz5AhEn&KHP(7WPmiesK_gh(8~3+aq2?
zeOo5(!LKXCuYn$_#P5aP)L+%>--VsK#5e8t{VPHIaoA^)cq{xUMSLg5n<oA;*jtA9
zi=c-r@vmXLdEyViuM5N<g8dYUk3gR#;t!*}M|=tEpfd3{L7x@kkHJr?#2<pasq5<X
zKMebEi4UMYPY~aZ`AQQ10^)Fr_-@!knz)Pk+Dp99;m>=9_-7#J0pfRI9<#(BhW#h6
zuODyUU!79>AMbV%p9N15@4U`$-%UIRzL$6x`pFPafFB^f`;^w2JXzuu^q(W1+_SOP
zK2N+2ypMS4USIwK@$sLpto1WUybtY*#50h8gt*b|_dia&u-oSz@p14e;(gEb+n0$K
z!Doq&gI9<@{1V@O7KoS8zDm4=_Qo^n?PLM%6>;?}U(OhD_couq#Jj-Ti0?)J3F5n6
z<l93h@r7sl^PVJL0q-K7f4<*7MZ697?IxZAPZJO1*-Jcz_8H<;*v|ptfxTskPoaH|
zc<~-zpLya_;C;mVdi?eU;@Mxo&WUHxzDT?q@{ADAf|rN~;~FR4c89Njk9ZP%ig??z
z{PwfN?Ymdi{Io(m@j8FJ3&blJSC#k_;)!uXy`7H_`TZ;62KtW??*?~?tJnMTv=JXf
z`vmb4cqj34Tf8>j6!F44{QkR%AHaRn#M9shh!?=K#P2HjaU(~(7d%h=5O^Q)zIXZk
z6o{t=d_G9L@Lr!6iC58ngm~-?z8*@%s~Fcf@xXsQ;z`)a6!E}c%EZ05`1hS9J_}wU
zUVN+Heu4Pl|M7X1c&g9m#_oFitfC)9JcWK@#M5Z+5?A1D#Pe_S@0%dL0NzQw0y&e!
z3*cSEljtW!ybAfdi7VK7n)uGQudn&VUgDjnom}Ht;s@^Y$CV>)fai&q!TX4JgBOUq
z`~7$|NPOntnwmUC;_(apI5R@L|2aM%Ctg6_^oV<J@blvo@tvPNp?2Rg@j=AfS>g)v
zSBQ_G{Q~iE@G9{saO0WvcDwKeU;m1Ddcx;1;<<nK<A6(i*ObrOh!@aLg81Mge)~@1
zeP8tNn<PGVtE%a(i@5iQ-#$e={&m0qZsH?f^4q70cjLZ$iDxGL_8H>i;0K7iU-R2%
zi5~#Z5%<9J#5*yrKH>+!3&cym_U}7LJhtfbBJuto`hGfsy3Dd`>NSFYmxu>>d7SvZ
zcldVh5${5sKSewTUj8F|mia#4e}nolkaO<`{rd*>X25epKCe<gZ#I2<P^e#m_Cb9Z
zBOc^s_mA)d@jySF#Dh9BNjzxZMLcMqA|A-uO+4r)O+5Bj{=Dxc9`v6f9`t{Jc+h{A
zc+gLd_yOdFJn^7iAMu_hKMog&=fOvazyErFKY5(^EdD)3d=CFkB9Ax1&V6e)jJ?GD
zC}S8I#Lu983|~lKU1mx@X3&ZJ-5KJM5N``{E5u77zC6UssE2j`zK7yNjKh?hhIt8c
z>h`%%Kj~2ag%DRa`u-G=_F;KqAs!x=8{&223h`%z`cH)TEg{|+;;#wuWQd;?;$0zr
zd5EV%JeU*xad(KfgxaS={H-CrH^ki#&xH8%Li|98pBm!X5YL5pF2pYm@qCCUL%c7<
zmxXvC#8-s)V2Jyk?tfSe@xD;|kr01Nh?heAxgkCt;@d;q3voZ9`X5e(_<>OSa)@U`
zd^W`W%F6$+65>~e+AoCo8$-Mr;;##FBYo7)Zw_%4;?WR~h4^2GxEtc)GDrTjh4`IE
zs9_{Re1C{{hWKBFcrwJ#4)LxKKN#Yv5MLYO-67r<;^`1ig!tYNe?^FALcAx$4}|#3
zLp&SeZwm2Th(9gF^C7-F#QQ@0`5|5i@zX+lFvMRL;>8fZH^fIm{G}mY3h{eFd_2Uv
zLfi}S>qC4h#Ge!5<q%JY_-u&Z7~+)>_g75*hYKO@uONJ04e>XG`Y~=gYX8k4u0s6j
zAs!3ylS14L@mGd;TZo?%;)xLVcS!sXJ45^(q4voT|8R(Rg?J&vQz1SW;@u(s{t!=x
z_<KWqZ-_q-;+YVCdx#$haet@I|1cZk9}l(9h4_{b&xiOsL%c7<*M)c?#KU=iFvM>N
zwJ(PFi6K4`;u}J|6ylphd_2Urg}4{ue;eXcA^xloFNgTwg!pWTpC96t5WgnG7ef51
z5U+;#r6F$IeAND565=Yv_l9^Z#Lo+HH^eUp@wO1ZEyNQc{_GI%4Dl;MJQ?D?#Quj}
zA^xIJ`&5YE9pc>~{(=xshxiLad~b-K8{(M|UmfBHLfi@QY=~bM;<*q{g?K*1UmfCo
zA%0hg7ec%v#0NusYls&^{8b@765`i}cqznh4e{|1KRv{~5I-}-r$XFcf%+eoL;SU&
z_Ol_rCd4Zt9;`+5#|t5TVW@pI#P@}`@$94azbnL5h_{D$EX2<UaW}*-3h}lO-x1=8
z5bq4}&Jgbo@nnd<IK;a`{Pqw}g?K}VcZYaWh^IsRP>Amh@jF616XI8g_<<1L8RFRx
zza+$SA%0ni=R^F>A>J3_H-&g1#5aZbV2JMt@nVSghWJQ`KQqKjA)XKM@et31xEJED
z5Anl?&3`tHO2m-=9Iwq-io|-_jDqFl+KeG<O88>bsk9lnh6%ZzP|jSNF{S1#!x(j(
zsgn)Qi4C7@%sEc+WMjd}*<$gr`1mPCPpdP0iZRfthE6fOR;TwAW3koEpJI%xj1^Bc
z##ic|`&P%7PBw;CJJpkovDIqfWMh7{Q$E=!oDiQDa)OgP)mS_s)^n=Svqo$n=Q^@^
zH|RRvDaN?#$ODG5s}|QAvu;^BE1fiIR@WQz>w2SlcrvcMnU43IV2qm1)M~>s+e)jA
zikXnxMx4pj#!y6!t~RQXb@|msf7J0-8^x#^S#3;3*X85Jm~tlMTB%|Al5%?D#-h?n
znrU{%R~rk>s<_(dahzP-@LHU))y7PV8d_~Ew#1iK8TsWo5h1@SHMPo^TD2(O^5tnC
zFdY%DXgXEfm^7V5+bBhxdE1z^oCVvMw@PMB?$zD)uxT80MonYLRB}0N`j#SNYTD%#
zO(WeeEv4<i_2va#s$^Q-YSgq2s1eiZF`Wt1>N9(!MSsK@j~Igyw-k{(NmVx)vCEO@
zRHT*&%)5QbbWescBD&Lm<Q}a?Ri?LU?Okdx%C-mj2U^W&Ld`_<Mh5;!TgO;u80*w_
zqg{f0?Yo20elQXru#M43?#S4iySEQVj9ya@QRF^OU&m#e&9*)EtZD9dW=u2NCtuD-
z?B0k>p*;{WWqfs;Ifn<<noV1ssfgLtFLypFXziY-nQIIYvcnlNjXi46G&4?K)GR?E
z+^{wVt-Kyn6)i1sX#7bvV28&)aGH5Srz%CwWS?lvv(!-3n6l>O+u<%{ytQ^S(r!@N
zl`S<Il}Xpyd2;Ra9BI2+jHqc_Tvp#vkMXd%zBWWP8#R(@JZkJzBev14#w{Z)qM=Po
zhrQR>?(8#CTA}hszSp!pE9N$89<2R);2d*9m+~6T)Rf3uu$|FHW7t;m$Z#;K#43u>
zp<`t~)r=ea4P(D5Ma--tBK6c}J2b-D{IokVbDax<L!W4ysOhM;!AuUzJ?AVf{=9XZ
z`yA1wOpj<$jYW-$RXwJ^!y=BJZdJ03199o6$J8;Wb|0C?2D58KzQ16psi@d`@tE-(
zHdjNJwz#3&Zy95z=+W1Y$nZq^7&zZNeUH5uG53lCkD1Ow#Pm!tUt`*`%a$=?*%iwa
z?>|Ntf5MIrn=OVE0PU*F=+Jg5e-005-6sv1a|sS&xI?DdYf5z$((qwDr-pXFlElM^
zIbqJo^`K=BSw_*aM=f*s_;R#M3^6;8<4^0w2&E$ERuiVV$H^L*z2O`Fx8LuunXJuM
zJlANXV{$sHV5;#38EtH^!I(3hT!YaY(T*`3iHT`VN1R!Sypb`<SjUe?H9PajXOH9C
z$BSiaO((8)nF%{(cB-ABkWssr?bvQTllIDvn~qq5YbT!i&sLktwzr$EovgptdNbz4
z)|u->DQ!-N*(q)6Y^cRlag{RHNri~b;KKvL^mt+-`w`Y^I@|3%W|!J)rX)ce;VtH}
zxZP)(?x6r49$0UlU<}Az228tbnuDg2P+yeE48G;hkF(X@WhPa(*(G`GNPn&33<nJ3
zfIVlL2PJm-AJk-0_CeFxA0W~DYBOex$bCjkyAUx)O{tDT{Wv@AjG0pV&F;1km$50k
z-E`{5AZ(pXaH!o{vsp5_Bv{j_m|>O4ef4Lv^4YB9eg5n=^9Do2K4@pfVb!$cTT@Ln
z7>lNwY%m5Q%4;yjt+sN5k&CvANe@N0O8SV}6Ai{p)YYX~TrP(i;?i!u!LBx#3k?)Z
zB(}GVTfO#Ni!s?)Y}DaG$NL>p{}{Rk%B`3D;pEpF0}Vr_{KHdfX`Rv2q<YpHy-jn{
zXu;`kk`MaUs_HtUu+}@0M_P>@v6CLj3(ZEaJ#wUP)n#XlogKCN{L$+UJ7si=sznyn
zVRspwG90>YH6~?8Yw{#D`!r+vq<(*OBW>JjRP{Mhk@ksneM<E^MnR2gKh}A1OjZ$N
zO=`w5CYp4>_s1LCo{&J-7wM3sF%}V(OIv4Xty)SL!)s?`gI@kEAziZNKBr_Gho(%q
zoQy2WywyHiy;Y4wjNOh@1BV7oxhzDalGL9KTqVk^#X-?%-gKnQ8I}kfk&4qPM$Bnb
ze5EH6m&-!L5j+xcq=*{RrHdDd*Vj{$1J@Wb#apFDF}t=K#-X@e^qHcYnjp11>U$ok
zWeTR56jwPAmy4cb+8tY;alNK?+F2vDvo=PRwD%j^as5X)fB#SaTYS6K7!=V5O?xb2
z4vE)=M^cNshg474D-KJ}Ou%1avzA#kmE_2=NNmP3rQDgb%pS{`x6D3kZ@4Sb$tH81
z<XD|&W7AsiI?LrE_GHBDiR`AfYb9<-Y}g+Y^&S#SJ*r*puPuhehKwUBJt&hL{!DTL
z?qT=o9P0E(%qcS!Zd9`g-A+=m{1+RJm}S$J>7Oy{rO@*j+$$#KXqM#AeN0IoQ>Hzn
z`_R@j_ebtkk#-eRYISqbbY#T2h*;!N!D}+<IFu8XGh^dnjcYkJo2Q~SuqzSKxzi(h
zj-+M16LADoB5mRB{Fvq!$+Fs@cqh4KcPwk}t2bI5=VMYxNzgH!Inx}`5k4g0pVozz
zU5a(>Uz2=4{h2RI>=;?(vwqW_HqC<BRd+iXv*hh#Y)@o77|TZ_|2RE5M~DVU#^xYb
z&66C5Wq7^PxYyi0Yl;C&%8;0HwP(g9G|iae?iEw@*+wqn=JnbrF2U2&QD9nvu&n+f
z?vf?-SX|a#qq-6sx74B~YXx_~k}6e9r`F$fdt+0!F<tAlqC1sTAxo{^h}&-)<B_=B
zKq?zaHWAfp%j#C&YuM8F8rPjpTKZmdmcG}Lwb$?Sym9Hyl1}yaL`KV~nr_~bLMh&3
zNvHaIBBN!@iHs3R7h>;vY)O&Dl9Z>vEXmC<=0z4uf}JjwWxXjKP3kX~MHU%@$YL3J
zJreouc{65QD&PhEwIx$Y5B(8W3jZmIl=?=37a~eRcHVMj%`|8Q_uLno*LRD{oyF9}
znj^ZvFGSoC89^j2UC2I0ZDl0=^jfZTG4wxt&*`J%6d`4tBH3glE|Se^QRgE{M%ZJy
zqPu}3<IKb=wQ)`!9j7Qs#`&j|1l^WQtp}+^ME9o3>)X3BeM6DBOrLBy$UaU)RU_iu
zuB;*#kIZM<8P}^EE!mX*@{Fk`ZqammWQ`DsOBYC6O8S|NxY9*chgLnG{}cBV)ANp+
zo=7dGCrT7IC}?Al5r`XzEs7h6E%qJJ?H*@Fk1#Hym4$&=T5YMHk7!GqkgW@GJN@Ok
zh?0JmYUbPz8(Q6=&3eBhy-q|N(auyvdr?gX@|l2)BMro9MD3HI&l1{~_Gv0Q6is@O
zJ^uG3_MT#N8Ag{=vdnJnOMPa?Sj~*ZS{5Vw>OxR0R-?VF*}CJ>rq}Ec7Z9J3NnbdA
zdnqNh%g5#}?Ol1ZL%t=pCmNgAB1+Uc@~0Nt+oXz-eAQkI@Ak+TC1%=fc1Jki>$+O0
z*j}^U*;B_4n`g_$L!;4e#wQvj5$f_-5_qrdBv{@3jS_war8*mE=#Wa+YtV(cwxiRH
zty2EPB#a$Y3*szhOolcT(K;Qi+3Z+kp(d`hJ!y}USh!Eu6orVsoU=OQi+!@YQR~aU
zztq)o|Nh$jbyRGWc%bjUXz4XS-#;cA)S;(Cj9|d(s`V3-JsnBIR>zVKntpv0Gs;r$
zmK!^Il+hzgaV@(nFO)1VRL6`mW{$8STT-6gA>vI*nXB7fnz8$p_RJxrV_!jfi0rMI
z+iXp^N~1AitC>clWXt3aL>*~8-_RkuFNH?EXxDvQl(xt8x9xEyAuuO2XQ{lBDBs<u
zj7d8#a?R?mPedJQ*x%S8N*Hg{>#W-M>+3eX_mWi8QL{@tK<}x@0=Z&oMc3Nv@8~~z
zpJAoH&(Lq0I~}=g_p!B)>|Ok^J)Xmo6=$VO$ug3LDpF!d_^YL)MXO!+|4j3el%0!O
zd)0z1^P^^LYck@F+g2sgwq#j(OAOa2HMEOzijD1}sL95-bk`WGHku2K;<Kg^x!c$}
z7k=WZ`^}r?3wJsrj<MItImQ7sAGNYMxp`G8@TjB-RgN0{mKJT%ZkG+ALR7>Vi^ivA
zKQHPDE;P2!H5(I+_F}W)HL9g%W2$jnI_PVPRhx~$Cf%meY%erN=bOjnS|q94UNr`P
zfc@2h%gnR3+e4<cM~XgczgF^0q+Qf8X|+qrUa(|9J$6hs8vAVwXdk|-yVZYW{+AnF
z5;BxHRZ8Dlk8y{2THH=puJ(sXvt44$SfpJ7(riS=(qqL2EVEzN05ugEvE%i*(=c{A
zgEFhI6Y2Bxw4IAsd-N{wkkwwcjefg*PByM>>2$`9E!yUMAf_?)eb)Ph=H{d=tKRKW
z4W;$P9=XWIMQka{JYAMaWSTbZMN<k~>9IBxJscU2tOMG0<(p_TjFi6Em5`OPuFiT*
zTdK1@Q)=AVT4{asYg#w;wypo&A^U*wLq^v@-S6@CYpylB(zdKBYU1gOLn3FvjOl!7
zs<DXV30t-`E2dUVPi@;SuhYqtWiMFfv?U^jWzh9>Qi*jBnkm`t8<TB!%N*D9AW>Q_
z7b5$^U#P{<b@ooPO-5MPkHp(uvM*7`Hkl_Ha_iJCQQEL+FX&oY?k^czE<-K#SpS^1
z=g0&c(0eHZQS+d5*l#*=)f=%3QL|6WJ{oc4GIR&M$M@vElNBql^Nr>qxsN;*k*ofQ
z-P0&bWVw$dNV%-L&$Z@d#xBFy6)Vadb?PEJHe#6){v@a6BGSpA&VI5kw*|{njv>pO
z(s)59IWuS3^1Y)S>h;bkNqb7{Qf{}`k&C=(%fg~p+u+D?))-ok`wU}Wr&!-u&HBbo
z>0YW{F~p-C8)2QdONTu*E6?k;vZN4$|1Y#X)m*jRmQ_cW$hc4T*UbYt=`Gyh;eiXy
zO;~R`1GY6{#tODIVaEGyt3MLU$wqcW?>>*%w(N1pckecg*!P0C^gQ#%V2xFh`4HK4
zUe(*F!x4QwVyzo%ls#)lGD*ccB(`j~k2jiwQCpf1$x|f>o)VLlIil=2WsWKt^t3!L
zRCR+E|9sxG*<Njuq~{DZ%XUaSFZ*K=SFQ_o`(l&f+0J0I#Nl{Pvut>|ay`?~zR+a!
zHafD=RBDXpnvF`ME7ya|+UJ{$sbx-~*;rZ@UurUjn_Rh`Xc9-4Kfe8In?4|W*o(D2
zh^pD9hvmq2L|Apwc87V6Z)19UM)o2j=D2Pvb1at&rY%^ULADn9v}MUQj$9t?;`nhz
z_WzS=xY6v=+ssS0l0CeI2D{j3E;dMj>1&M1<zQp1ei}s<?N@)Uk37{jUDKmi)8mBR
zBM>Es9_8|=5)7?#y_X=BlKiLUqQ*khE;g8pQ9ay-m|PCl?@&Iu7^3enC-;!YM6w?_
z9ku1TQCZ((F&dN0p1;&RDl%;qTW`tsG}>d0X1-DGG1M57%Td4FkRjLpJo#~mTN*iA
z>#ERTPc@hW+B8ZHF}d{q0^`toqOvfM|5QFITMHF`x{i}4_ZTJF+bu<%nGLeJx)>>M
zF#4Mh&TcT~m#c*h#=wfM$_8Vi)tTQQPvzrt8;k`vCS+jks44#_p0r@fHx|}A(=z|-
zWwm4EPE~T9KUF`R(>2RZHD(%V{Q!HP7`L_+T~BuDLPqx5b~zGd(mRjwg+EzO*5`Vi
z+mCrhEBk^e?StLAiXXHcd9hNSVoF#mM)MN0Le_hXPX0)LC#L0bSHaW|9R|cvjq%!!
z)}-F@3H7GOr}yw?gw53U@Mg_6QHtILW}lJgKMBe69nx91L-}5w?QK=EW4GTPlbA0p
zBr(fX=uX=9HpsG3T+D3mkD8;VY(ncYeo-C{Tb**+U|4o`S+<}y_)F)hP3B4R=tA;(
z#Ga3sgAp0?xEyncNM07<Lt-P&>A3P#*Bm-t$jVy&Qv-4WBWlk^&0!rcyl6}=%TXsR
znIFU8H2qOA7rPvl6esP+qcORh;`Ud_Zf2j1xi2CM7s-_Ea;jt0wtE^(6v~cVPDJgT
z__SVH%tz&Uq*;yDNB+YDGR+?`rMMP1w4I6N)~p@xbF9gzJ=q+c(qELrIC7b9aE4o~
zp$50uVvRL8LoLz4Mz`E-l^UJt=IEfZr<$WfN}7Ahk;?^Td(F{B4GPN~xg1(HA<C#Y
z_FzkN-Vxl_;>cxwxjnu-+Phr9$Z|(6$CgjXeC1;8BQaw*W{<{<Qp}!+MaT5RKG9fc
zi8J-hppMYG(9ca|XHs<0U(-dQri%f+Xc)Jjpe~-ud?x-Pj|L|6Cbx)Glr*M`a(i4q
zV-O(6pX4%ZsycqP%9M%;*=n%C7_)WkkUvi@?#un9;>_u#Oq+ye(~--dt`sYqF=NNn
zmAtOeJ}-||WK}Yx`;cc5ayf6>qq<lT&=+y!vVIIwA8wX<yH<0TBYKB$IwBhpvYL?k
zSuTfV8$~vLB1*hfRw{KqA^SOUP(YMr#YUwJv)t(>DI{Z4O){hI(lR+Iq|LT(S$lPv
zF}kc@Yp13&oo{5PdR{gfWwb)I&T8j+DsnDDl-(oGOe1<FGZ&GSi~!k)mdlXjwR*iv
zKONpFA7>o7=&SAO_v_|zo<TPFL(MT)LPq5<R7Apa;ply(?w4B7ulwa9crYdXcoJ6Y
zZYy#gsr%(=kIYZ+(V9>$!?z5#eFAHQ<K!uAUwTJMjB#FXcF7t!(A6n_&e)I2`~>9q
z^L^|jL!KzefA+L(_S$V?ytX5kC4CuIh#x~oq^;~_RiZ&0j4edX>1bR)CE5}G#xc3~
zu=$9YlUZ&N1CiM&%H#1Cy{X%`TsFDvp5?}b-ZH9Kj$AHUl0@cgr`#fuRppi&!wpWQ
z#i%scGeR1qU0<UkmjjKv<SUK#l+Z>^B|Hk1b91s~vP@03$bOFFwHU=FRcbNHP4-xe
zG1DXsbIp!i_BPAc%gy$%&}K~?3ByLOK4nmKRI$a#$tl1VBj2J1rKc7p9~N4ad~vWv
zFQBwt{{L}IEk;^)cVdT(Odd9?_d*MD%C{iXpwB0W+GOm@YfI>uG&<-v6c#i3q~`34
zI<ryP>Ga#x*L2!12BqIY36k<mN<y4=i$Bxf#Ll~Pxwf-Subt&W!cFDq#)(||z1F(c
zvYsKaP;5J*gW8Br31WG2IUAXhhGNljU9x4T&ToryXV{iFDs3lZGeWj|Bh%7$$X0Sa
ze6;No@3$!}4_A$SI$qcABWFM5{8su2|NC0ca%NY{S+iMNLZNahtBrBxNpJb4SXp?J
zGqc*5ZPLmWOP*UTmRyyVJ*~0g2}XabxKz)|*u0#MT{$V(mtp-@<t>wl8k<}uJ5IVf
z=$8|8%Ve*7QRdrk!}E7VO642n?1cQEw2P5;Im{vtR%T@(EC(SP^s+?0S+bltIiD46
zmm@GE`jE?9R3F=_Mia#bW3XYorUIGs>&+{A%ykP=!J9oI(@?a%u*{r|+LcCgF4`sn
zi@`OTecIzk8`=k!$$1!iUaz+0v;Ia$E(aTPGO>PtBChmVvyCU7TmGE*df2>U?`ULN
z0=pdfY&9lqwHTAl`Oey2K)--!Y%XRDN)&39=LSxt)fiu<Mp_MT*&Z2Old8sy`6j0%
zz-gasHRc^p*RZkpY|QXtYDOMR#8g=xMZ~JYYc|rcN1un3Qbsnk7bAyc2h3_4kIFL<
zanXvsQx<r`@<1RetGw;C_T3pZr$jtEzf7h=j;F|ex81W$mel(svo>^Bl#y=~Vdfgu
ztTK9)l4l!5rLRX+T(0FnxLi-^Z60~%A%%n=_n+dm`C;=y*|e8!KucBS;f7Tbxur-J
zVW*-sn{2dmVx={yCY2*WTa>GeIVG0m>#5#GWl#RxAjn7=KVHl96M8*2YsMtg%Th)*
zdj=x{<Rpq*)}Cu0H6q>Tk-gR@u%6N}ZBb;F=V8<J=XY1;Y7cDZYfrqYkxK0z5|5l-
zbDd0n(bN|36x(dQZnUh&-#_R`$`N6sOTwEmZ|h^hL(x=Eqh#Qi*mqP7Hi{3Xit?nd
zK|;ylf#;cBTeoJSnKlVPrji0t&NcN$WJuzyQi;kYLD_WWama!xakVF64@Vm1k*qFF
z_2rN*N5ygPj@(_db^Q<h=fGF}b;n-(ExLO0=Rgmes|=B*JtlhhgYB@M0Ih#R=Kjbz
z_v1c8c%FGpw<E42h5dq($LRL3Jcu)$*@!$>Y8#GNxrkme<n4BOO1KnlA6F9CbYWU*
zOy%Sup0>?VB~SIDC6&=53$Lz33ttJ=SE9#c@<8-Jo8(P7a3M$0<aDx}E7N+E(pkdW
ztQ?Uu<q(JHQFbgxBaMApkHy;M@E_4*68$HR+-J%*hi!S?-~zdg(|>_ZgZ*3OiCL`g
z0;#>?bK5N0OqtkWjoO*X9o9fJD<QTaHo483Y*5}dOKPjWi>xuFybG-fB_U*RnX`DI
zRaq9RUTDoWso4vx$>!K>(i(Ey+=bSZqvkHK=AGEY1y*Uf?d`C}mJf+`W>?td9oF26
zgW|+7Rk^?#YK@gIv}Rh>!i83~)hS(KRaVA}mslgK;zM%1${D`I%Eg_DORRF->A%EU
zi0_x{{xxd)LTltir{_Xz;iTAH(kiWsk0!0jb+QgJhE9nMB&~&0VuhqtXj8pOYqTxC
zc!AY(YHVbiwREaekil+ndbe2<8)B97t?3PF<b12J(dj?m@;0iOt=8N|r?Ayp*r?Y%
zJ*TUIi=w@!$BGw42TmUpGL}fqooDrIk_jnnQpNME=}oE8^Q?h0#i&YWs_ApB@iW!X
zd6svk8a&UMI@6Ksr86D5&YvaU88}N-&#{Kj(hWz?l4&lV6`wfQ%6Ft@&$XsH)XX_n
zwIg0W$Lim#8xCxiCgYpq-Z|F7=2XwQR%wfPq_;)&o@3?CP8H6vCeL>A=UC;lw~B#u
zrplexbf;{m8w(e2AKqaNZ%>FJZSUyWVdZvg7vXo<lUFv5@2JWH@6r|Rr7Mk@E4oCe
zE92u=8Y5TQV^<mzSL!Cmc<0QQe4Cxa-?bR<6xi+|^uPbeeV%D<?^4BxycaVRvHDGU
z6lV>XdnGK@E_)(UXii0(rK3k+M9X>0?zf`7`VlEPU;IeFPmS-5ebLv`F#i6Zi($uk
zHhN6#durl%X~Ne*5r6+B-)-7`q|eLDL{ep~lzq_J)m_^Lk$Sjjx>8`uAvhgB<!z&=
zoV7g024eMn?3X?=)~=m82Fq@&Y^vzz?xVU7Pj5{`CGsEB$K)4+7%tCsx7*#}MMv#y
z&2~Fo#}1ok?Np-?W7lp8pQb$$k;9W)#r>uH*6(%ckK~Yq;1O-nl4E7Rxl^8qn04<N
z=@pYsV@LjoeI0*IrPpW@JKAMC-ssTh2>e>(<l1v#CFv`>Pj61CL4BrH?||iXNmSpr
z{|?r$yn`jVoIg9xzQ=#{8NhM(=xcf?i5~i-SorUIFKa-y5#J~2-Wlx@)x^tNEQvCc
zTdW1EefUhPWXC49SfkN+VT<hDs>$=LQF-8Vo>ggV_qJFwvTJ*uHLDJZhL^>1Tde*j
zwY1qPH97NVTa_j?ezvvHBsM$V>`a|)^*FKVv#p}zRL{1io%q5QtFI;2(`ik%IK{2j
zQcJ9Ft2MhkKDyQFkF6Ux-<oJuGm=?aRpmTuuGJATvr0{#ZB49kmPE=mWtpqu+SuG?
zYw$#8cC)p3Vr+7=HF8p{xY_Dorv^Hs1M6Z#ozao?@rg67iS=?k%9w47kDO^Ow)M$(
zdp7J^+GI^_NJ<>tn3|N!jZ$({Hma$FWJSp$!|l5UHd#yUYBXUDpQiEXX<};S)8a!3
zD}VZ~nS@n7-5r$Hr|Z^dbS<1=&7aXLhxx1LY?oX)dah)pnR7dOB`2OIEhf&h%a=BK
z=Z!3r7TeorFEs{sbV-XH@wrQlg&k6iR4!?sxzrfG)Ly*Qs9b6<T-rE)>0r%Pxrp2~
z?)&8){QXqrsm0Ix_nE=phX;C1^QChBVO+NH<*<ok^+%jJ+3%0UW*tk`0Mm|Dl}fSM
zDmJ$FI##(co)_MzD$Q12$wt0aSQhVbtl?#9uG#XIITOO0^b>=Drb*dWsjO(9h#CDc
zdrYqv?b+7oWK36_l-`WpN91{GV*AqP{Bh6WZ(qOL4@UiCCK66`{47Kyerl7@hbrX2
zjk{z@zLtR6C%Z6_Mmaa@Z^%R%NB&3++mHSa9l6h_X}(8xDV(wOvilsXtg&=GyvC9u
zcy5g~E}?UcHDt$2Ypkj)&E-1k%)8b|)Tz2wwZW;bk@_`OSR+NNlUr>qHaXI!yrO+6
zZslX^s;jM`nBERrY*piNYj|a9GHxxdlv1l_mFkIGW2<)d#ibP0byM}E_VPMoXq`Q^
z&X`$em)1vT*A<VMiJ5;4^20>Ld?2zUCl9vCk&Re>lbnBZmc&o&_W6z0qU{vVu;g@F
z=`^daK~1+?vfY_G$12HtK%KG=<IJ6D<r?+o)3l2BoMsi5si}5rVwqDp+mgc)BWGJP
z5>z%>BaX_QW(~E(X4<XMmIG1-FW)t^(HdS6A85C7F*Uo<8i+ab9ab?GFLhXRF{dQ%
z8PiLmftB%vjn=|SHM7y`UFFQ2WffLA#j~uTxHEo+H6?FuZ?SS~Vtrez!8J~Ci#4|<
zKDNm!xUs=a*5casa=TSHQO?#HBkS9T&#<P~%c9$uJEeX8G%MexH^E0XbS-YM7B=*?
z%HGu0_C8U=)|}jT==}EHZN~KZs%M+gzs;WB7A<U(+(-u9FVn66=<|es$vUw8NWV`_
z9XS12U+yvd{Zz%F{pf#paG(FmnpyTvo@`Au{ZKGZ(#Ljn$lB#*t$h;QWv_QqzxM9R
zW{w<R(lJ4HZ=*BEsj2#o^zj60*C)EZKP=^q>{0Zs)laU<u3k0_xw0prX4Xi-<xH%R
z#e(WzE1PRh?^^u^+_Woiz^QRpwuYUeE59cYtGcog;ts5p(<1iZS~;z%w{0hsJ+xLH
z%E~@j-!ir6%7e1ljB6B{V&iM%K|_3CjWOcHdgWTu`w8NYvFZuN!t&VS2}WUsnwNKv
zR>aHlR?rHaa%W>|P~MzuP04QUT&o1frB*d9ze=!D4V+-~ifgVmMprs=J-$+J^iHqT
zpU$k52%B3Km!CTrS(TFA;p!?!gzSk+wb~a~{qjQz@zlU-`Dq6KXB5PT{&K%DFjorA
zcTzp68hY?ZAOFKOwA7tXsD{@yc}h*o`4hd1J`k;)K#xl0PPOr2c@1EvK7T7)H}VSi
ztSN^arQDN~BXT*b-y+oeP-|pMNpF`aIhiD9Qayc&S_e}7*`NB|h^Mx$KWuJH>4So@
zbvIty-XD@}z{sqOaWb0fZ;*YVF}W67dh&i={0G?1an~qv&aQS|POnjNrc{dZxKOGJ
zIb%PdUxw2-UpvGo$~*c;bhdoE+HdT(Wv!FOdPmNv@3m)4y{?<9{Q!q7pQiOo$ubp^
zBjr2C{(gdf7XRn|UczBBCr6$ZTID!TY+jBQnC@JwY}du)Q9w1~jI7iT+Dj|t(Pn&d
zrR=P(li$(z8dT3pW4b~0u9Rn+j*xk!<hj72(#JVUPHM1K9zn_iakM2R4;o|@Ap1MZ
zRe#KwSf29a^|TcdTfG&j0eR{clUE@0ADtsF?ow6#8zPIQbx2L?-w=@iB{n9P)21ve
z<#2$kH-{tcL`0r#>2Ms8hxJi;H&FLbzfWm=>c~9F8dJm?v{a8Axv_MLmp`JvwYBGf
zdhxn{T;@X#9mu7;5Ep!Y{JrtxuJew!o~-$soI35!%M+<`gDNRwwm}Sl{LS}Ec_P$3
zD}Fg5uN2D*7g7Brq25OR*nRo8P-Opqot$Gk`kNWD72X$B^YTLkQK@Icz1G(0DW&hN
zpMK6p^?NcEK8>d5=1A<2qkHn=w;FAf))FAXz14Jjfdm7&m7J-SeRz5PD6hH5^EG*8
zWY`)shvhv9TdHX>ptwAbooR5SX{ABTTi@fUsrlO;^z9&qziYn#BxC;MCy&@v{XYDE
zrEYnmwSb=gW9IrQ^Wtv#1sWrx3K8>w#G8T~V%O^zSEhPWo@z_5&^z%J)0I}ah(zy^
zh<*iH&d}FSo<6hPAv30*8r$-Yv!@>*%hFFS`}L26NOTu4X6e@kJWH~C$T|-X=-&^}
z+bnWCS<dDx>c}?`apbZX>5%e2vTj7b5+-*SFBCdu*)z7ht{^>DEk`Z~ZF|->hxEBD
zId(0V)3(SSx`o(><hgdWwQgTZvktqfjvcd4c;xKN|N9)uVe`~Isz<+><}5}eAa=`Y
zK;BZ8*9*;*C(q*|`~BD;?}VHokwOBT1R%>SX<bPal1q6fLtYlo>ygRtn8;=Q82&r-
z^k<B>HV(|2yq2@5m%Vb9S}w=sbqmX!&;yetpIrX$AIGeSI4e&~EptwfBd=eJG{xHU
zmRP%hvVIrxfB86en4KL;CS;!^LgQeY#LD1knT&42bZgmP602-QNI@aHG<8m*-yM+e
zFPah$<g3{>@%)0;#aOL|@Jv^FnbkYD@|KJ2oyt_x_qAPD#jdOJ7L08!X|)Z?$tGJ|
z-p<+Pq_%5WY{=z*zdbxb|NnE&Md<k9?4fhcnsx084^V1_;GKFkrKcoa%XN50EA`q|
zePq0=PwPb5u91pa3LgEF3$mZ&$V?RFe4qc>@^yOOqQg04Bx}ue`&EX_$kv!V0oW<O
z^<Z@OAL(a6t_ErWXxMb5a4DHX_-sXo{CI-AODmnEg7*GTNob^h!ok1aN?ATmnX-_L
zO`Gy)R_^Wd#KEnT`W<ln2J(oUw$v}mixd*@XXUM7d7DAr47PM@{r=k-(!@_3M_p;G
z_BvBZM?A5KqNU#&u63?&Ab<XQa>Abx>yF6_`pmxs_-^@SJNexxQG7<K&F~Op41e;>
zzigpNb9oFQZ<)-=N?k&wrLPyXM*MdQ{$KqcFQ<$B9rLbTjqMLBSnQ@bFD7P+hiA0D
z51aSM4A<r<E^jqWMPl+E(xUtxL6f|39xFD<v+~$rlL+UQ<sBw@v9n1|j;Wp|{a%S2
zp_R?Ni6%Mdv{SxSZqNs57aL-W%VfhKHZR9;8r@NOQ%Zi5M|x8#*JQ|MUS*jvvaC~r
zZtb$NOboInhsdSht>_QrT9%QYRxu7}DQlmr-SWFU>3y~9<+U?=uB?#`Ow@F*{ij=g
z&P0|^N={{rnOmiBS&%h~{;s^^-7sjj%OTiW+ggWypR$sWq4z~%75zX;_pR$CH&%D_
zSo%KE=rW8h`Ee0BS0T!h>PVclV%A(p>u^QQBs#_Xb8`OJ?^~8ea@8N{H{~7hqIJZ#
z-Xp#$_R}dlAvwKL@yxtABfBDzF)8?am$_52bE5S#y{t_(Q5KhJYnf_p8<VY+W>H32
z&QhIVEIG0kDz&tE(xN4A>fM$VhlCg9e4?<C*1UYHv@$kvg5j;)BRh|)V&n2#lB>jC
zjmdbdB=2>^#oThMW23S;v-*(q-hYC$ld+s60~4DxJEi!l{Y=n!q)SfF<gA_kxVCxn
zwwwIOQ^XmR({A!cf*dEe962v3)*)obj>+|e?aIQrH|q511%yni|J@Y{H76dkNA56T
zcKNJTQmjt1bEfPtjM=+%)0z)8XSU`nb3p2gdIu93>+9%&E6i;P{m%a${o{O@HaYSn
z?+(hP>^?~KHfzenN_jdZKWd~?*L1|5m0zTxELIzPtK>Od4#=?=`8g0j)M}laXo%)B
zF_}<_t72c06UDw}&Al~Q^_sr+xg2K8F3PVl)%toe_L!C;xc2HnQP#iu_mKK!@h?a0
zB1*cIZGUft{sD}U6;c()3oDEv73*JNj5+b8<;IlLmRn&|T2!BW+M*4AVY#EbS*{(d
z_PYrGTlA^(XFPT&?2V%1)y4ri52YUm51BEkV@5;zKU4Bi+0yw)e91HQuer#k#)6)t
zm`s&uNxW_#QkId{bngzy(RumN7&A7cx0uwtgjZ9V>$&_>_i62u-`lIbG`*l7sUOna
z>F+Ez#C<!|XoIm;%-Uz?XLrjfQrT4<m$Rf1SI(8@EoWK+U{p;kGfGOIE1gmLdQqvd
zWyX^7!-ekeO{THiFm|h){QjGM8()UE;K=aQtRv%Ala3zbm?IXpZrBk^a0cX4`7sbj
z%IbB!aw1z^PHdK-k`!Z=rGxyckNBG$HE*=#m&Njp5>=)e?U`l?z>=tqk!DBmShN1l
zM6)B!r~W_o-X1v0?ArU?kNT1HNc4clM>Cdfd`^1?G?LAS#9$v@2K&&GS|Cew%j%W}
zj<K6YYLGlalJzlw&zw^Vs9OrCTM7uMTM85?ARtgc)g>SxARthnx;0gofPg@O0@W=7
z0s^XhfB&_+^#L>U&c_+Q_xc=aM(f$T_p`tE+W)oo+UwaB=hvsZ=$%sgG=KLp`ELZ*
zO6~iByD5fL^|S)Z^>y98^J!mOdo#gh2je&&U*!g1MLl}g#}&~ld<Nm|DwJCXVz3{5
z#@deI5P_W}d=jD;Izhd{keBX-agslj{Dzz#=f?+?bt|&4kGN#?ypk3Bs!~^vY;aWx
z{z<pcFl#a?){R^pDa)sN-j<NQ{^76=<j~2_qW&?<y%oD0tZ_Iz)Nm(cD~#xfmq7>i
z!zdrnO|IjXhxiy*k9Gb&k2!SAHX7d9%XSCUt&HEqmb5C4r;5eux;ZRLtC_$2{x&Ad
zFqzn1@_8P+=_{jpe2e`FtUz8*V~H2?ID!a_K0bl{@S|#&vF`4?Zxgd_lskyS=Bsch
z91bR;xd0!goaDj(-mndCB3eJyp<cNaEU_r=$LhFM_&Bx~xiu!u+Kbo&iZa=`KJl9D
zoD6>HD7*vz2d-C^C!=-Crt*EH3+M?1*dXK){Tp`b81#vq%65HgQ0R-3xQk#T!ej}?
z72~Dnv7-yzi3saoaB(55$KBsXh@CH28TP%@C5DD)Z@HJXbzFCt+okTcJb<6l3EbID
zZ<EK1*wN+PC<5x|cH`Tjp7)-I56NS>cHhn2ZmqU~yk~dSk@x&A;Hu9<eTw}s*D~%Z
zkCoWb+q=1DS<f5y!unTlk>3h=+^XG24XDRctH;WYdX)0e#f?%P)POvAn>;p@2lJeB
zl6|bCXSEHq;uU8mx{+c1tp3nSTnfXr-R@3EJsyWgH+G|LuYa@~<zD?g`lb@=XWrZQ
zn3!D+v=sZpMOwPmA2MaV8-~2N95R+G;n5e=qq2U5wp7+Xpl>SGr#E)(TixyM?`pVD
z$L*@4`_^`;E3Hpw$zwKDf80<Wi=p~s&HCe|wdiK$B6-}k{-7=N2W_E0Zf@1%CVAWp
zLn=3~Jnn`^DdTxq&j{bBRL|b7Tq2JLwfmkkMzsy}(9K<S<g`%E<45j-a~JAf;rsSM
z1v$iIBK{x-&*YzUPQNgHc>;#N6d?2>p)|4P0{Q3wS-%Jn=9zium3Z8md3rY)e8?0f
zPwW=tV?_S9)+(A1Om4==<6bP}aWz(lV~l4qrrR(d89Vcs4T34#t>lgcMDS`CAf*o9
zDws1pft%xjW*6{TVCxR9aBvgAl3;>X*1?DGMD;h}>`^bzcWdKwad*FVn)>Vt$!2+%
zlHcE@44%j9=HCit-=Y#X-wJu$R*AnZ%m*O%^WhQ}?m-8(x@ephqX5Q*yPaFHlMBRf
zycaR4;;4{OjKQK_R-VLN4+_+K7{gcBVYhp?I)Z_%SI6h0;6=4^d&z-c6uhdIlON1q
zmudpMAS`lCfy2L=U@Z!HUYE7+LX94G)CqreUxqQhe~h+sUlJeQU>;)H&6&;%okH2%
z5q6~VN8`Qj<UX78amTPX#XH<lAFlIq^=A$@fNto3rNJ*J3xo}9p%Q^;V>7SsYRAvP
z3HfrZcfOL`LB*vy{tsk!_;S#I<Aqhh*L!$D*KS(JeclDG4R9wXwin}jwosCASC?P!
zhZoB4x4ht1V#H3|vc}(7#PjEDusCAkE-?1nh(p|dSdGHZ`5{8sVC^@fdtjyo_4o1D
zTG8}KCt)r0-Q!pf&rjj^2q;Tc=gVdMS4;naLAH9tohO0r^*pFJx<rS>dU<}t`bPGd
zv)-XEzpu0$b*)vq&&~n|)`R+I9H&$?v7#TvT3D@j!XBPyIbgwu)<Sjt3VS*ppX6m~
zPBY77fYKmKd*NrB4X4IGI$1yLa(=#l*ZJ4HRB@i!_9(WG`L_xSgzHplvaMB}W&W*T
zEU4+n#8bWg8vMLG_nzwz=)@~#AQ%6cfw3N*Uxv521BC;QJ67fYg6W(5+{2N_)8NEY
zW?;q9C-SY_!}HVdR`5CZ(M-ywZ@#az%sr;pXJ_wduc>FgJ*zme!nnp-9!J3U9-eRG
zZ0r#n1t&K!nd*?FvtUs_#t8=>8#+6OZ@}Q%O(_)6vCA73&$!97c~DA&E_ovudW8n3
zBINl+MaVO55VxoK&iTAonsf5GxD;rAX7hv{-;RaEEX3F)th}G#LlNLrkpNyT#CnAY
zBo@qu9r_(zA6q>ybD8Dd8*A!)@>IT`u@+IAao=dAGFq*6t5xzUxK>r}n=jKl{G_B-
zPu!6-LfPvv`AB_L*2Uneg8gG5mROZ|m7^Az1BUGRRyXN#Zu9%?SYn0kLBHP&<<E7o
z{Cg)`1YolQM?TCc*8YvyULNm<A<OO&x;?5ICYBLC!uq>ZxU!yO=7p;Io7J4-*U!O)
zs=R>X?~hH(!x_@RO?~$x!1dVUAb2PsX6sh{sejDTGf2$3!w}uT4N|P-raW**I8p*G
zuh+uDqIs}XWdrV!9#%!Ol4BzrBRz}iNV!-O-6E#unBJ=OEJ1m8qS%pgr;h5bsV(!d
zy*xe&@ytal;tavlFmb=y&4H(N&#NAx2j}C+J5Q_BuIJ^p{58NI40+wbU1`Yioywr&
z8T9!uB<7Z`Kw3LC=g^|&&<g1|wgylx#6n^gx6Pq>#$i5|c*K^iakxQ$GNk2k*qkSH
zI35}v+B{*l+^DL@Y1Qp2<;+}@-)uc{M2q)KT(K~^H!JQEqu<N_=!>6}?iVH=3Mf$C
zY*^0}x>YXkC)7=6GzlQYL;Zd$tOrNj+4}vf=T)jaZ<rM2dBY<!hDtMI=wD`x2BK2^
z%Z#CanK8_pS5@I`wVSOrHN%d%fclxaz-TiUP#7~8p4wbsjxZOVp?I!}UZA3`ju`p*
zsE(AkYcy+CYL4<eyKOF{%5#B=l;;AE%z{;$1#~L2fVsddKn!LUFc+8w)D;~H^LlQp
ze(zz!ifo48Th^G(g*97*NI1mIZ_b6isB`IPZnM>(QFw`c%6v`8^Q{`sw|;CALjx0k
z&bZBrX(Z7cY1|mI((fz!{UJF$mh*3%u$F)Kb|*Ta|4afr$`2lK8EeDN`<vw>QQQt#
zI_^e1<asXc%isL{iR$+tVy)DKJU{tc*Y73c7BIB##jcR&m%DuZe(XNOV|>Fht}KJw
zAp%il$n&y36j16P`~8`If6VUy3Z9>pe%C!{lL_lrb%uazNi@eN&?{qW7N7!tjR~1<
zV{iP}b`bQ%ab3ajj`$)o0+lZ_C}?4xFIPxQvQl}JXD&ftHM3C_^6T@eI_CD{>JWRm
zm7NZ@)P{vyLGZr?L&xwl^?60pEBsT1O*h|1OCHX>FHFSq8d4z4Ctiogs>ku@_WNl1
zr*FOQ7I*7;?(OMWo_`R&cn`D43#44BzY}~;;N4dhH{N%j|L9(YUjONG@bW!3`(CvA
zUU2ul_{w|k{(E(g`C(sle_yb?Z)ayPcXrB7d=ucK4t?M01~*z!%5jV`Yo8oh*De%a
z6VEtG%pG(MVel*rNwk2Yv`W0`?aZ1sTmQk(=s#8+{kLNM$7+09nd5oAN)GsL%0HPr
z%F)y70<FQu7xdpk5d81--`qa7j^2Cw*vEPw?1MQZ9`3^|HRSp8n)sc49F*+k*Zc9h
z#eJNYM345l8*eQIkN06nW`VbF(g~QChD${K-~wqM*FOqwknOvRvHOr8->o3>_CKx!
zclWvF_v5qsf@kkXuVB;f*S%z{_Q#*?51#Db*;uueexqaPw^!=78v)8s4jSl6F6Plo
z?9s$L4#SsWu)!t^%dHIW$(hs6ti%sKn%Mgcr?+Sq=)8)vH-J~MmW^uA@Oi}g*=qAk
zTpbdBx4Mp$52{1D`C;{%_5$8NXv?92!x(fSI)<reK}5M5o&`nTVA4ul!SNg#Ucndt
z4rQ)endC~Dlmkb80aL6z58%6LGR3{>ka&DGk@8V>_*fJE+0HT-tV}fJl)1zqQFs=B
zN@>L3tO}{i{I)WGn3Dk=7D!${3sY0a`T88b5y%%6y8b)*@{N?kbFl=|@bj3wGvQ^5
z4UAo96)`!4J*eI56{}3!52cHF`XQ<iJ#TO{{UJw|dVYu<8Y-YFJ>RJ2#;SW>t!F+R
za`Qtbke=`2yx@qty-Ux0Ep6=xCe3=j_g1ue1n*LMp4$^WIO68&^o%j{og;4LZ9Omj
zAi8zL&Hsa**Z(1!J>ovE*Yn+XqK#HQ4yWhm??z8r-P0fH`CdcxsMRh0NY5{S6fL*9
zwIA#G!B3)vR(EHwo@aj=&9%CXpX&M1KSnQF-10x^c`gw>YjH0UdS3Ziw9>*t*Yo`Q
z(ft;8W1pU%?u(XM-0FTk-)W5IdG`Z7&oxD_4!gN#JwI!X)(^XtpX+&vi@Jy1`~f|$
zAK>Dadwj5d@vxgcR6l#z-9J?S?2ubIw1EOo{k?!{_y0!Y3_M#1_O9#-FdDhBE8x2U
zJi~TpcLf{vEZe@?V7@}}cPip9YlC|g$9U$1V7(S&vGa-#!{yolZzDXv48z;C0VslJ
zK5%!d7UrU79Q@7K;*3nsPf^0xa!{b>*{b+lZE&+n&jO9L0sA@6^VQMI8f*yl{HQwq
zq9$0iXLMfAYtVV+h+nFye_9jVuhBu|d_2?_S>oYxeB0*0yh1*{=5lN)JlAoa;B;QY
zV!NXcWBeV()z~?^u#Cp{i`)9QO!Ia7de5;A3}5t34EXPXFR%O8P4`9R{_Hc^Wy6#Z
z4lt^gp+WQr=EXM<WI!<O`)uJ^5d2>phQu+VAlVD1dJtc%1=ZE_%mpzf_FB-uGZ21(
zNn4@#r3y{*<%(lGzrxcyizRk}=NB<ecmO=lw?j?xC3}9rSy>H8Nb%25^474UD9`(q
zA(NT=RXoFOAJpJbM)8<mucE-MvV5we<r;i|>KUMNw<h3n9?v)-zf*(q_bkt!M{6vH
z`@6yiySTN93%+g3fp!0?BKUtQuv2<+2wA;h;c)Od-+MX~Z15onp2O(TA!?%M#j5Dx
zq2Oheo}X1m4~UN}z9za)e2vA|M)!!{W%2l;B0g^Mc%(WMJld`2yL+PLL&1$YJ#W-S
zcZq-7;(rh=68{et{}0gu@%0w}PIQa-cP;+i=qB+$wD^W-j`$y0{Ewp9L&55g^?d&)
z(d|RQ{9Zl3+#Agk|5J<q$LI#}|77w1#HH3?HDU2Ti(VWI=HIjU_o9u1!PEEk{AgeF
z@?fyAU(YuhqvymoTKosmI`K^w-yE$T4Az_Vy!!L#$-&^xFZ4WrAo~1Z@a({Z;t$@Y
z|JM(P8;9NV!{N)rJNlnH3rN|IF~$<gU9}_bo2I|OB@xm0VmC{BXiZPVV-DqkUlTRC
zdcwoJ<->epMjp-Y$QFfh<!rt#Y<jJ%eQwmbQJDx%Gxg<JT=xm^*o`hnvCnnE16~n#
z{JbyDx3O4&g!db!mqku#&D3K;fo^)P0{KPJa}_2^`*(S4iRau2|E|~5N3VtB7u?CC
zs;BTiZR+KFjc$4`20L6?UzXkon`VkQ`<hHFyPl4Q9VS53FVTXRK{tAW7fX&@>UsNR
z5P?NzE9ekw)81{qQ~nzK;8>i4{PXporitj9yJiireoKT$cl4Y3G7+BG5r?fX?1Dbz
z^DsacK3%92W_FN;P!UUI`xkvnf{x|?j+e5sBgM^F$iU9WDDWXi05Y}fDUIRRX~%c1
z_W_Ws>~um9EP4=5LT<?|69+6rU<Zas%681>2+R+f_esPHixoYfvsV@RBmm7_RC5`?
zSNPpRz|d>+hTj%KM$>OPY83zId;cjbb+tZo<>Ro~A{mAn4`rZu>^~u$Rtk2P599~o
ztMYp@UE-uXG=6sCp=?H&`cDJCl*Xiv<}0u&8@9T=b6THl9j#vsP!32NIv3DVwZ+em
z^RLa1?>d${=bL?7(<bm~3|KmXUcPB~mQLT+)6y&b$gd?@ctOSk2+&Ispm!wn-|5r>
zkIuTIQ7*U;O$5U`lF%mQb-|Gh?VX5_*w_K@%U9iwgp6&?+4@=fg}I=<_&RHG;at$o
zjw{3DhFPh?qgRz|q;Rsuin=wtg6RX9*r4BK+HHh&j}gSM#gV_;h>zFeTJdFNFjp1b
zu3|^rQ5%hg@?IwI<)8uQV=z>{C-NjXsg+vKsrfw)iYtQ$6)OH^tbS3mpVPqL4$?#=
zaFp+`;>j(-KjiuwvYhn^tG1=?DR#Hf6P-@$jC$j>KH*&Z=MDO<L;@u$UyDSCnp5yR
z8vbB7;>33WLC6%Vk9Mk>Oa0DrJX^<^_yl*K0N<E|2kWnw!8gL{!y&$r$@e|^7G{q5
zK$FV<^qsTarl_i;pjqLlZNJ($MJ?e;ca%>5>%s#ayt^LfdctQ_+(Ua@#kfDL0{X~9
z-fb2`mCTuNY5v$^kmH_LB95wWIe90|W4^PcgT`nMf5H}Xqx3ZsbtuLiq(RnuR2AF^
zPpnjO&cOUzL$wGGs*G-9a#RVIrsFp%@kbotrucSMv{V%=S49u1g4L?%X%&zMAAM+O
zUK?`FIlk}M>pIjHo{ysaJZ9~h<Fk6cS+kWi3wiSb224n$5#f10+k{pX6*syMi$TCy
zMlh|2?u3Xod;mt5!q!48K~KQaOE+NZ=P)ZmYL%fcRpvC{Q5fiGEDWBb?<Dui=oTNW
z*g1PtuZ}S1PWw8>dlxET{2LW;6xI37@EWeHP@S@}{O>!%wY>+BSU%IQ_WSGMnv+_S
zxel8S<o`{>`dm4O)q!?V`et4Dfa&4u;@QG5c4mad`{H54j=A^O0M}f+{|Fn7`+Pki
z7ROcZJsjQ=xLX}xMsFB(@cf+bnxg@(d8t%$@@lHK{%}~D1uiF`cbGSW)P>kBwA_?c
zKtz)<1~YOat{J%=$M8BnkE>KOr$a?^3%j0*Teu-Xp?BcMTWB^O1_V}7Fu#Qn?t=;f
z%NPl`7jdli0<*uhUR3MK<)clZeCao0s>MP~T7SxCDg7TpSdtp*XMacoqkHcHSOf%6
zCa+@&97fCU26KE+nInYidTfAkR(SW_;Fdh3VZl_7#qLUNbm!gR^IDk<%<Zn9*A46F
z#XG^>-OA@tUHwb^Vb(>@-wD?1SQ%~>(EDz1``u{i-QeN7(aO8QlXs)FcLS6UuPEz>
z(d{1w^FQ3VDr8f(-x;q$5z`~zK*J%`Uk&8$d7Yy%R#FViw2dv4_OaZKv9#||u+R0@
zff`123t=wc5+AIANH{msaLL>fK0tj~6+Fbx+s-^U>%olZi7%)gEX!p+8O4^uMKF|R
zUtEu)Us4Y`X;g@ndOTG<Xr!b!q{WKxRz>hC7A{vIX1!JqzN`B6=QMWzC&I-bxKK}3
zx6KaC0XX*m$(0Z1j)wOlcS3r*)6vW7U^*f=Ylr!8_ea%iI*Q?l70ntTS>GtBm?nm=
zA91R>9Baa~2S)M=rD>>?x5MZTUjqP!RR@nO2Cl+!%QH^Ys*%A?%wo`23ER9~Rlmlm
z9<F<;+=`sq-mZ?8s)J=@vTBqfe6lN8uZ~c?GWBjpNNLgID8LKl&T;vBX~#?LjrKLL
z@YNn{`!TKVi5B;u$|Cq#{oEe7MRb36z@A0Kv!MR@ZVYjwd%F?T^#*|8(H;&5>+kN7
zt?R~aX657H<sP7L{pVP|RYuFZ!39mkJU8RJn^n=>-NBQp=SqYllRJCdMorT*thj5V
zr9Hs|#9plY;&F0ajW>|y)?12Mc#ENX_?FD(Hr|RbVSMoxD+opQ>h9p_?r42?@N#!_
zV^1)@CtBDO+}jg9+!L(siJtBWX6vH)x?rwu#{e2X`mfw}*68UFWM$tR-nmBKI0rHL
z?fmwYT;g>ncEoX~=1EWwzuYMMId~&{qoN)e6Lq-XD|Wpeei788LGsctd)cnn!Z<*p
zswh?AUrz<fNb~jMkhwT2k@58%30d|odUH&|WY6|AJTLyl9hnV2^AT=u*;mEWH%H^2
zZBI?UKk1QNcrE0>V=>UN5Qjr+A%Kk{D1*NL%zv&5?z6M+DZgeyzkLRX-TH|<-!5(4
zSY)z&qI1(f$^VJd+6zW=k7Z=g!EvYgbi+jwmzw8ayWQcxG2-$4#9|DV3gc(*)rO0O
z=S#ky5PNf-P=>+4W6uJ>A5fQ*KWz~A`S?Nw2zKWiRwtic9_E1eG6x7>$aE#V!S}wt
zJpDJ#e@Xc>7i1dqvI6N^*Hvd<Yr(eqeAE2@JN;LW@AuR{_~BsPuvi0qpL+?>8CwrC
z6ZncdOEt$5i0x;QDQsQn`{NIJ?;%$A+@7*q`HL0kvtR)%Zynm+3przXZSEpxv?M-r
zy(hJ{WM|^n3T7<KvlC0P;BLhnx$@uUKi1}JW$XJK!cX_uAvGVv7ktjn?59^_6I3Y-
zAEEvU_3;I6dTh_le>dF=5BmJwU2Yod8n)KlQ(cbNTE!%L{f#-UKJ(aK#@`Epo+<x6
zy7>xyQT*X+t4{6HJM*N&Ny@9Q`;L9Hi+9$7UOZ^utAI_RkOSc3=YXnmF21upN)O8y
z$5>VR9H8B7-R5Oq#(~!tqz9t1NAST$_!H^BVsUS8gKk&c3N$*5_9EA(_>5o$g6NI{
z7&ZUS4bpM>gBg4a5X`LLbAxC<#n<TdFMj7f>F#rvsscG4-6wd58+1tR;d5ky|D1QW
z@%fufQj`HU&;Faw|2LoiihcHb;=|v1-~XER5&tRiIwa5g#<Nx>4NJYgrcW5Xu@2wh
zwcGgoGuV%Pqjkaf{6Z)#`x0mAsH1kWSz*5~<nw&_9=vh_Mt0|G^7#^PgTsSvHe%B4
zug8MN;`5k~J_yC_S5W!ytiTRFPnmEmyo4-Ps5d^B!x(XU^0BKo#FhVf-u1WQ^Xrtn
z9`rt8Y{ci`*eH^)3ua?l_#(dT_dL#n!Gxq|N4RY^pm%867p0d@X93ZkJzjjC4t&LV
zlXeIEBJ3FYzdJsUe!1@a>7@X4g9LI1uh2U*CAyz=q(fgX9j@D8LkbdH)m{(kSrm`$
zlck?mAWAHAY{sEjOrJpG?)mnOmkDEeoDOGW!9?9HTu%fEz%h6H>0PXIIk$eLJf5IK
z;_K2e&E2&x&g1oZaM}3(xAl0vE#Ib3|DN(VEgt}*buZ*9AhE8G&S}1_;@L#(m-)f$
zdLW-B;fi?Mm&~!9d2kN!jq~{bM4$5g@RI_ub6mNH`7YywE5!Ol9-S6q$F_0iC5}8|
z2SC0dw$H&WOtiv)?S|+byc+C#LLaEQ5#*le)9482Uja>p@qRYsm9i(X+g(xmc`0Q9
z!}@ai!p`lGJ*?jB3hG`2z;WqxpUYRmm&Sh^o`ZePcV6q*^?YZZ^KI7Y>%8xORXtvx
z+ux>7|DN)Ao#%WTe(`!9>p{bJ<~jdM#s!`;%q|Z4y~Wv!aL;lqSc=6Tgu$|S4rfgp
zIxFR7D<*L89Ml*5hWdhY*X2;rZ}OZM0X*zH^6;8?2tqBU00`g+)c0QFA>TL80cZE}
zndS2>#+T~KcSAT&yIry|iH=1l-N}046?CalxOZoJEUx}L#J!du-)OE2JAwwz`;Wyt
zcINw|lA(=G*hUlE;gs~kQC*nB8lm^~cPzhs*bsa{eqUae&h;3Z4os|ocidso1}qCU
zR1&(dk3t6J_s%-}G}zOiZ)~5G4a7D4sBEta{RgJ33rDeM7$(UO_AR5^6WIRZr0cjD
zoJ2xf(Ppt09N<jy))zUnD~-q3=zIFKo<7}IcQQEodY@9Kv#Rs8I;uN|&F79vvscCa
z;nTD`(NmrSQDR5EnL{U!PP=LCZOoC%UY#v&O?t~?ALcmmA=lDt^DOR0Wv9nGnpfNW
z&!I=VRXR6_J5+_IkAB7>S1HXbd6rF+eB5p`2RepMX-;Ed>FUiaL~h~k2Yk>Q1tW`+
zGH_udzdgui*G?#@;^K}r^<cY~^Z7;f(FwPgRc&K6ERTxQ`ldEkK`6(zn&f|XC!IUl
zaMtXUhQez*eplXSF>{G7xC^Dc_i`-X<kwlW`Rv!!|9lM9M_wH3<x1Q}$>#6d_-er}
zEdsYhdmnKlBl3O2ckg75cnd=jwf!snBfN3;^u7DEdV9Ja{IndLH2k#a2Z6Ek-#L}T
z-QhbHY4eEVYIh@Qc^2`NH-?9}Z_`Kmlq7sP*22x;CoxWj^pCvWAL8T1sJ-LQ%}38e
z`M&0Z(01Tj!NHD{n@ZQ@mUvnU>To)D4~u5(2&)?&*1B8K5Mp$+_W_SJI@uxZZjTYy
z0+v0i!s32nQ!C;aoJ+hLRhV70ywLrWb!i*F(fEAVZ#aJc{xE(v6s_PNPnz%*yg62I
zi-v^{4(D;PLaG$sC!6PMOFCbJDVE~D&G>qoUHoQrP!waZ7d4dp+BDp+#kJe#7^TeD
z*5MLxvDUATqbv>dCHOf<VFiy28P)hL4h(|?DlFO3;6tgR1&#1(EKbbR7;B$=`IG?l
ze1JRC7%H=Rv@IJI9i@7|TXsjxR9ma4r&TXEe|sAXPx>I(2QGLBS1z};36;3i;t>Z8
zY)5OD*;cfmjM^|ym$zd3K9{=T<Tson-}e}6PuM3Nyl+RT{kv_B*DY7LUe-7N=&!dq
zBGeuBhznFVV(UJ=#XsTsNl?d)>h%CeW~KDs&98}gZvxxUt!k+bKeGF1`f}#1CL$Jr
z%(Yb+YV(iZ58A#I$9^`~#6?ggyb&DL!2@5xW3=MB_srQY@7QwIJ9UnvO?4CQ1TL_8
zw7-atDlY1EExc@Lm}>|4%Jqr(usiM3ylZLT&gS&xY@C^(4|iDlpO}%3tbzSEG%0ro
zg8?@@?0<)c(Xcz(xtOiXn|&E~DyQzOJK^`DZ?k^((k<#5T;;M{*=jL@s{;n#i(Q~@
ze!N#+8}IkcTuWB?$8v%=(T4W=UO^l^ZUhNe>K7goQIBi#ec*jsqJ(s(X+FKGn=DU)
zS!<B>BmH-jPhXxW_aog!{`$7bZH*vl%D(O!UU3mUrZwctYB^fRO~u*RUbe)Qm~JpW
zjWx{53C*HzMn9^md#?N74O}hUsM0JYuWlSlV9Lo?jjG8jewS<GF<r}EjvZLQnkgpN
z@N;2=H50Z@{Q4lQ!$ZiEO3cT&O8OboxJoR2W6K8%TbOnb>ISF4{1P)A`gKi47`I}3
zZ|ExisITvCgQRt=_#C{%$Nd!JRK}trzEsJ{U3?MyVr;LtaU9cT?$dn0r+Fzj+KVrz
z7wT=f_rkl=%i0S>?`q)s_48eHpW4^p*rSHz6>zkU`5odIa5h-ub$<H@<STbob+bqc
z6;zemlF`N<?n&zTHXl*m<JRKCm<HY0J@jx7P95X-_HYAHBf`A6iB1ziD&iy9>%rbx
zj0a=6S3F}%`wrYUzRGhLVIFvoFO~BZmC9b8A5`t*>)4O0>t0|s$R#<xnu5>5cle%j
zbnhK~C7EZw=(?oOZrAbrJUaWF@37RwSNKXxZ4>F2YvT{zagS<qJTL5u-{h@bO96q^
zczljx_`Dn0ab@xycXxMm{~fooJ6a?Qdw#Y%oF~)W4aCpyY2oYMkM^h%t9#-%cz2K9
zy<2ydkG`zD&F8D!x_uIcZ&P8rxLO~*s>fkzH2cF~;a%3H9}xON|GwcqzT2_#Pt?s}
z?x+Q)_rHJaRXSd;yRX}}n2lPw-x*V2Uz2Fq2!azBfp6!&Hpjj>Kf)gUAWNMIh}pS;
zG0xL(R3zX^cC?O_^P`ev{m?98wuZs`SzBiTtykz{FHdk-$>xqpB9`B>;eHl|JaT#D
zMrBaCJQDJ_m4n7XzS>|){EvONu8gd+{4jK^3f6Vocde59%Xo-1<8j$dbFCRW@*R1|
zH!l-pxB(n6%W;mz*ZP@M@X9&9?!qo2NcoBqf(vFmtV`3dt(TR+#12MhqcTpymzB0f
z==~4bm9#U(S1_oom|oQ<;MGy9c(lY|J%p`1tc-(C7pmk)>rqvcFSoAbm!e@s*kao1
z@&P*`rx~lkNohUhjt-;b^%(hH5c}6}cLjS?Zgi5pu2=l{i}!-4qYl4iyr;CA&*q~>
z%!vyJ_`~I4^B?K@rbB#dpl`(`!-H73hR>Cl(A6tkh2ejrY8Hk#%h%U%|6E)Dxv*QD
z^xTjp{k__VG!JUyJU_0D^Za=&+*S4a2C|O!Y}$0RZpd}0ZNl!auSvyCAZKzdfpP4x
zGTwaeEiZR6IJs-qM)KO3_xHcH>s^C$4eXl<_Sv&ozMZePHog75ta&g{M-#kjAvpRn
zU=sCMS#^#8|L?oOIb;P(g?{)J>)-Gtha+1vW~)DkT?g$W+|2GM+m>jthLcjwoR!M(
zHa>AH;Tdu#xPb55YKEjVX3d}`-4STuI>$=zgy*GL19x>E7=Cz&n>ymLIWMO#jo)T@
zM=_s=CE((NMH(<C9#k|uW6_zA_!QTRavP?Nk!uwX<UC9;fO>vXUbBk;kN_664&0ZC
zwH%?&S6q;>9v`)#CHrs^b2moBP5cYsekWuy;y%x8s+oC9m34Fa*p7UCtW_QpP^luj
zhgCu-D^+Tp%B#0I%?D9WF#f&V6g=zuEAFx91$Xo$>Au-IDPem$wpZ&}@Ba<<DvwF)
zz;aIlI^D|su6q^s482YB+jT~7Gawoi&f%E3bJo0XH*fzM{0jprZrU)%4eScd7d$|$
z;fXnRm$|xF9pRk*PPK5{oOz+2uYvD8s)?S};7q7j{VLhwF2CQk%c}P!a(oHTeUn#x
zvoXb26Lsb8F73Wm!5mp($3$A!hZX)d<GV~dmvOEApNU1_Hwg4>-uPgDtcK}%u|ka7
z*2YPP?i&&Bnr>jsnx!N0Cvztk-(vrXxNY+yCimF$RpIhme1Yu=eY6q9?{N#KHoVU*
zo!SLrR&jkE2N~DD1atFs4CTGkmks;izPe#|G-tnk^qAT(##SC4?7`rVLqYOoK4K*{
z72?2qR`;dx#9xoo?!}t=do_IL@U*Y@j=YI-lQW~mDK|6r$=LYSvBbpq$k=poGEp2G
z93L7PyUY($GZPczlheha#AI=5dVI2&7#$xhOplC@B`%FmCN7PR7pD2?^2ih~x@)b+
z+|V!G&@nePJ#_qdK0i8gad2WHKRr5?pDIo#E)_;bXUJn@ERoL-UMu7;7pL==N5?M~
zMyHyZ-Qf7Ag~^e^m~xz+nH)<@4^y?o^mu~(^cTNy;}gZn0+smVuQwl0{Mwarnkh^U
z<tK}y#llq4jg3!UDU6Q%rPy1T9(E&RpAr~KOivcZrl|H6s(NK)YKkT%J}F*Ld@y}|
zqWFQEC`?Wj^CM#uGt>D?Bcp0i;?m^!l?44TTo@Y~r5DC0=$hj3gxi0prRS2{f6<*8
zA9H^iznDKXMR85diC-t&?~hN+j15j7|AYIt{X+-#5B<Aq`j>-Oj{mXQ(|ye@Gdh&d
zj$a<4v92rImF`HLb(wTqsx#A<>h0@F=LmJRr%okvr&9z^Wpl|~s{M2_eJaH-XOey0
zBANbd>f_U?R1bk{F4OBelDVY&*$LOu*wmUCfDB}sJjojAPo-T;YhzQYTcovLe^X5s
zm+Ed(sFPuUbT?*=3}i&ojg}<c>_ctj)!L{WTN?)&Ta9#!G?UUuRtcLM2RcRCnv_>_
zD%~#9-P$ISX-XMMTc|&!!VfeJsPK<+-OBo-Tw1R~^!i7+0oA#Ub{VmXwW-iHYiVoS
zzyT#s`2?v}lrV(4`z<n^Q;w;AYieqsUuDx$wF;tc=xl0L*`2-$-MmStJ8j*N_Fa_j
zw>oE<I+b-MoAe~75;6mgDj_q_rmQmqIc1$0=>G_kOEoD;E@f5ErMmT-Re{mbF9VsZ
zku0gHe<S%qnrU3BDW$GVHDxWNE+y33thdQ7t0d&E7rL9&U8(L?%Y~X#3Pm+3N%w$;
zCzWnfajCS8aVnj$l-Wj$%r-abw`{BGkhLMB=vHN-f#%Og3}0%XIisk7?lhg28c3@x
z5Y4p|tzo1f*#oYHGCs-~NqV9t5~=2>uahD+p*owg85$r$lJ3^-ELnGxlw7*g-O95&
zdq5-Co$c1^{Aty1q~|@zfRgyWOf$F11(IzvqIr^TY;Cj1);4mXXEdt(q0;Hb0Zk%^
zRt7{_rkk0GBHgXZq`AAzBB_%?wxS?u<_km#4|J*z(;ua}Ra!EeQT}Z#5r`k2G@WUo
zY|hAlW(|!?>xJ&-j~LH1D?@eYZtYh&ED-(1AnCVEmfq)YN^fVf8cs+*la#*K$Ux|}
zbhbam0H$-Ptg`BFRhOnUTlk}Q`cs`s+|N80VXRzBw$YMh8&j?PmTk<oDU$g>HL{GN
zh1yyvE8E<bHsVt@cc&>V3!!Mp0Oe%qAIgMKT-J9CO|ZN^%Bj>WD_S{|vGPh<-(}la
z$AsF_>Vs_Cfcg%iam#8kh%n(rx?7o1khF@U%asdL+#<8;*DMQNnWbpI$bdD08KvJe
z>mc3DDb=N0^PRt9Y1!@pO<87_R+%Q5s+nokI)`+t@JzSmoJlvT)Ql}JMpkP_#FAuN
z?S-rs50Ta`h-z!Y$b=QIg@{LGVGk-U$AT2`-H}Uc;%578L}-RGhDll+ZMBe3K^+tt
zu*x!h`7H-W5TSN7HAg{I59Xz%#57Pt`i%?eFYRDg5bx|yvCLe{0BeWk1!GrpAkB>;
zRyf0=wF<NIzYS=r3^bEe#0R>?=iw7tu@H4IM4Wv9zNPdZSxq4J+eZ|u$Xt`&OE#%l
z1Ie5g7TnZwX=61IVg&VDw=YO6LLt_=5e?x$w~YZry*|K<v`BaZAy$-1&(PHn-`{Kn
z8YW0qN%~U*Y6(Pjf%Lm%dwVLI?P}{uxnxI2uImhxO*olO_MH3IlxyosC;QIjJ2L&G
z$akeXyV6~`bFRI=uP>F(B`keMPcoZxsdWFDd}mjm9?z!Q`>93hY_2ca&h7Y2f1m5>
z;01DM=P{ki<<q%L(w*t*aOwV@o~};Umr8adKJM${z3lILK2G+f!3BEExAk{+ruy=I
zsce4_N7kvnGgK;<>Tp)N{s14&^iqA7%jC1E_Ds4XtH;fsT&}O{)TvaT>rZ#V;QMp!
zd7wnf4FEnm&t<z#rBfYk=h{<!IhXe>cKI{v8JExgwkzv^c{5{IN5+PZCxBgsu!a&H
zALrXUlRz>L4hbjwIukzK0b#}?AiMFz#gWUkUzq{eEkAzg68JGcb?MDqwlWzi4vq@R
zHM!sX+UWtv*W~`~(4j;BzKIuq!%t-xdE(c<aiinF+`-|(<cCM{({5zCctzl}FgaPc
zo){aSP81ST)05!D1Bt=H*ay@6othRP^|6Uhi-X`%H#Bs$a0%o%GVQ4COwr{gM*xeY
zD+~=K3S;Ey5omF2dh)u(mkM#o(Jeq-LdRE!i$LGW>w>4s!lx*LhKqFXgdl6F#PN%N
zq5^qenf!2Z6oBmdC~tgbIx&7JF+Fmnn7BGTGFnVb&Ww#ILm~de{wa6(;>^hC(BY}c
z!NZK6HNXOc<6}c3!uN*&?rvssw4*4*+dnn}WFE_p7RN464<|;Z=$WzNWh8-5i;1zB
zD;FtP=-#*5khB$bTxEG+t&%sP_+;_wB)y%OC`^O1#{krWg$Xb}bsI_?{0)Cy)BcHO
zx4)3se^GJ!PaofZ=J@_>V*fd(X61#_FJ2!j(88^PsXd)BGl-~xbRukid3;nLTY&rY
z%-Cg<FI;A-aJlGuhg_~Oc6qAcJ}w{`T+X-CaG-QsPo}+_<&#Ob_iusj-o8vP3*g))
z3hzsu$qcZxSeR!>`*E@>rxn@4cB)OHQ5!UbUBVN=6ajMhO|ysK@I&nc5HUUBa*}|{
z4Usms8Vqji)=ml{*H$h9!v>LyDMLJHhXWG=92%Hrw^hit6^J480|tv)*^eo`6`(?~
z5QF4N7#*Ruw01FwSZ8ZnRwzWM+7ll+V3mL=!+BfT)Rh?+TeXJ0DHp%Jw!)+J9?V&J
z0ub~Ye__Y;jy02xP%eNtBOnchvWD9;bc{l_Aq!QjAUa#GXN{W!r-dmX-6|nBAk@)n
zc$<Av6@s&SV%_MWPOJ71Fe)IMMnVj@vR#rttrA>-sFCDhfEeW6Xdxdt(9Fg_&k9PU
zTD411jRE#AdQ`1~2<Sqzk<j<roFLj7*=$v4cUn6Yo4EE|h#*diO-#R~P5eluJ-|=5
z8s-KPsm=gHPt<O}f`{#GSw&_In?fWc3AZcHfi}%5;c?2N-RfD0a3Tm?6$5JsC;+{i
z8J})?A6VX<KA^0@+$yLWF^43eY*ij4t?m#Z7eJ6YPK4$Gp4F*oz%0e4nE?8&*`OjA
zT4+shnJG#E21c2N6qNROP=xMe<I-jgG1S`T!7!6jB>)Sl3q-RKVkuJwjZ;8c;?!Cr
zYODku6#!9HXsasLZSoSmSq9xo!k{QiKQ?I(A0So-Pz1fotkBd+XSxmY1NM|>CaVbn
z__n4))Gb~Lgml{rw!DPQ`6*|R41Au}+kicl>cJkXLl{JhL|xo(9iH{_j0i7eJu{$a
zbsSK~aAYG$N+As_v(;nrwgH3Y9(Xs~IDydBNQn57fI6KCF-Q-@Qm73CZp6^8m!bjQ
zIlafE)^8HjAOL8Eyr2m&=nVW)N`SO#<mWbsQL-45Qma!$zd@8srdy-O<kI+xQ`&D-
zQK77+G2|l^gwR88Li$w#c+!##82Znd93_CPHX!4$AR$W8pRyEms^XX(YWe`h3ns&@
zJX*Gpfq6i)B0<X%Z6R8FWJSinWX%Aw(y|05OKBmPOhWLnfmzR{2O85_)qrHxL7<t|
ziI59KoK=LjN}g5{mV%O?`k*S1w1>p%93ZheoH;LsB%)l9mn>w%1`PMV8Bal!wSrQJ
zSfpf!QU#HMRBUIHhs3^0YL-y4%7!hgY=|m^sHxxRFV)hkFhmsTH5mi_CLlo!T{C-C
zS*ERu={Hg0tV{L)N1fMeft62X0hGxehng$V-z$ij$aZ)2x=tW&A_FAuOZ+y|l_s2S
z&k2ckbqf8WA_F}0YP;*{I@6VNJ(*KSTpIYC7)bW?rxN7nGHt(2wF98pw?9sQ*pX;E
z=Xy`&yR!L=bZGfp>P&Aw+kQHACaL(oR8J<^kp~KQy5IF@a$tAiZ&3EB)L9bt_H^a)
zg2+iB|8i`98{56hrg|tT(b1J<!w0^D!9nGDz;ae~&SraDHrLTX2a>w|Os~s++?8uT
zodKl-&og=2(nhc3vmdAa*(*wm*9MCd0$uKqJM5;1C&#b4t3st<(ho)pS1t|}h#i^Q
zgs%Uw`Sjj<37^Ns!qmuM2@1MRC|sDC9&dIXs70m2{d8n<dZsX%xFq$Ybhv|n%i_?_
z$YFeR)Exw@)uM&HGJ&#p>f>PmT6Ur^Sacrsxg1sS(C^|5h*)^kBT!*xg{GzpgP$mc
zht8m}>B7hu&~Oy}u<I|Wnak?s1i;YHA1HS`F<O|sTudBHsCWTZ59+AR=xAZOSb};d
z)G5C?etc)_mjl4u@Qh1NOuF>=r>^&mdbU_VF+EhIqQm7Pa=zxEQ9)(`6DWO0rizK-
z0x)+}uUt=DECR}rK@Pd|R~?Gvkx`-P^Da3&e#LbcrVF1G#tN?I`k>HeZ(;Px^~vH`
z(IIDnEN7<O@bvV=)bYcIuU@@+=sNIx=3?;>O+5^9L@>)D0k)^SAV&-mTNWuZ)z_zq
z&DPV|gG|U%_H<WoFDR2&5cinQC5^B|v?OU>Qxy9(hV+Nv)^RSK?PG~HdVnLsVg{v3
zJ0KPXXEazO0NQBJTKhmwF+{kWmN~>n8pA<D;4vzkTfZTU8xgxh?<<v&h$7i^l$lo&
z!8lCYdcZgvx?M4Ph}35gQ=S4lV76$5v@^7#2vCwX(~bzLsxED5F=9vws){iJN2N1C
z*DI|;tJkmrM-8}I^}0Q_?DnV^sIIoMN2zSK9QA@%x<Ncp^-vfXr9%DABTNdngc$tH
zcwh{FR3zKFs-81E*^2%}Es*{NLaC}Agw8>|tG*SUW@{AWBqc<uPZ8P!(O#88^Gye!
z0#mP~*h3Y9nbWr-N(tuFd)=)D7rO^6PkM@e7kE^8;1yb%@|e;360m3qAj*-tszPvm
z3)y*rl)j2&*Cdj*C8;Gu9RTU3$Ebn25uz>@u_SDA3Jo-~4+(Zrbp}K`H+5B>Of6w<
zh^i#yNuGk76a+vv<mq+I=ywH9X^t8xjV`aJ8%<GzkYUiQv74?%y=&UhMz1(Un@N@^
zdj-0IsM2|ZO}%2bO@j_ZH53L&Qc4JwrY5GErN0$2r8@du`w2}I)k`N$ei2?(&YVK1
zLVhlSX0$Fqs0MJ!pVsLVLB)Acg+f@<Je{(h2DfTiQFE&;z)7zoA?XDsp2}n7J<+5j
zWLZ-^6$??_(I|S-uh;!-1YK%DK&-JWE)|5lq?BH4(!qwZmLAZEfpl<=O7FK(Pxsqt
zOcpVPNKl?&6pC~*ff%sUSOY=@L_ndcved;Mg&J`5EI@#h-T)t{OeuqvAw;jE6P5;+
z!yXY7>9m6ZRNnwhB``6Lrs<?>X*eNGI5fnnt2D%Vft8??OhV<toVFykL_x38A)@iM
z>T=Gb7I^torwghC3_`C1i$q`$dV#T^Zv<OaLIy!nB<+)MUZPM|f)8~TAcPqH%-OtP
ztPL&qi(#?2G>;%&b<2T_g(OX8>2Bo(PE#fjQld83(B}lb4U=j*387LPuuDAv5u4DM
z@w%`ni%hy(@`Tu5W1#?5k`I7W$x1kt=CDjl#L}UrRh%sq>2@g$qCrE&tCtx_N`^?`
zF9h2N@rQQ;veW|v>vg+1)9tdJRV!5eDvcGRB>pH*Dqcmx*^QX+Ey-2Y^TRseR}3gs
zqbndwXGoA2@eCeG%K$J$6+|}C>*6jVHiHKkRtuRj0nlqr_Jd5PX%<4PVTgE2iOyc-
zna-ZS2A^|j({3|q^^;WV5YAlGaZDR#`+%w9IfqRjaZ;F~W65-&OwzN!Y5VDpzAicr
z4Y8?M^(QaYY)KhxfYzN#rBi+SB@5(i@9XO22t%6X_GGX7ZGTT!GTo6phjuvaP)hNf
zW3325xV|LvL<z2TaVXqZ4s0UYWM3bzl0@n(#==sd+-i5(Gs&Kw5<<`Z4#;5oVPH3i
zJ=X^$_v+yUskXo`=g)npflsw{yL?X)K>SNi%cTm=PXM2aM|Ri{6eh3y>gblaz*nh_
zhl-c-gO>_lrSHXfAls8_Ydvzz>9O!>aj36si7?dK>V}T|(xF_uGBSpm60ml41kL6C
zsl+DQHoS+PSUO769Ok9ob-($IDm`*}48)vAt2?a{%1YzJkYVY~F#6<gtThHkx-C7q
zhtLP4B}JJ@g{R#9(IJPHcPc+VHhTR_Rkh<6FU?G0j4?iGy4tdinVu`mjH3VD{Mn2g
zP`DSbp=a%#93KSTqaNLV=;u?3q4DCB6x$_3kHnBvsw0D5Pdo&!Ef??g#hbcf#1ZT*
zsPpvo!{FsVq31tx5V_&f$Tia=m*Wl-e|UVXI8m6IIy5+lMa5|0@~`*5f6e`NW=y^A
zwat06{J1z;Jbql--J!(Q!pJnI2{Y5hYbH&gCI6&2w5dNX(r^ZDs`%#_#EGK2SdfLv
zL~(k=<eKtmx!=1ph0(%w{=eeR6y2HYg|RDzNtd}iOhjMtPk?im9R#Fb85woC@#%3l
zP#EE?CZ|)JWN&W|A{z+3EyHqvB9+3wgv5c~eWw82n-CmPGL2ZsPe^{)ZfyS0(Fc@g
zHx`md2+ehwYME7Qv@_G*j{yk3b*IkB%mbT_EnIIV9_5!o{9PP5ZAk$cGP9a^vyhKd
zZQWft$<nZllsJgQ2jt+MuI`kZY8(^zxBUndrG0{JTpJkhNqi3(K>QNY3RgoxD6A*~
z=Z9#AMHtZ5DgvKH81SNj=}6g8wY5klfcduiGxS!@kM#m-XiroS)*mG!5PRJN0wS|g
zU!#;}S84qyeVol3VZaJv=b&b-{;aswL$21OZ4w|RgY}$DD+$_Yy^hvLbrFyi>DR^y
zvGTf`JyCLh@(WQva5CCRuRy%=+W3DfxJ})G`cHYFhEhs@h$uAPsF1fk0fm|LV44;p
znJ4;93M<S}1S3$SnIMwGW<nv~0yZWU3t|5d(QkfJftX1RM4bas>1^}%f<bo>iN+Eu
z5^I)6>C{;;8&t0Gf_SmPwnt8Y)fB`ARSB>pFf5{!*pK+X7RY`?&M3dsX3&bs4T8oB
zc^eVbsq~Hn3ucLkrL?UUV-lj64f=&irK|u+jUqrG5vw_>IjbZ@8ADVB@PQ}7A2K-6
zUtfwL6ZU`gFGPq8xFl%_BH+MK37JA91Ic=XS^)!;BaKlpl8Zc1^#HQMup;c_B4mwp
z;ZvHjx*3o}9LQGbQF4<Pf`kCBl-%^B3`HoF{;@1kpDU#u5+FLDTQXHQqk^u~u)kOA
z(UB$|w3#{$(Lpd5TxJ?&ppQb{gn=1uk=_0`APk+DhNvnYr%FAoX0et$v1Tz%1?)La
zu}GVy5*GBHj0Hpte<3AUW2N^b(koOUni>!df}{iw{=L@OD}E8W=zio^1K=D)@dCnt
zDR=3)MnbRvUKj3HO5h@0hK5(u2eq>yZ!aMM+|BHPrL5mryvoe$>!oj|)({WeJ+^1f
zD<#W;rZCgAC?QFU^tK&<RFw|V>k#`b?GZc8wn()L-0q199jsTS_lHdoYbAYUkskfi
zWy&j;HY*cGR(W~dXcmTJAvF9%f?1g#(moS{A*cs(uwE*S21I#+E0qMIK>=Q>>F{Xf
zLifw;iSAb=m;$CTZZyUUs+V93o;Mf_u_VTqh3<JB;@|V?V62}g9hC1C)waT6W(LAx
z-4u)dKrIsHr#lDyL86HLW<4Rr0M(UUhstA3Fv%fiJ>exg>9X~kpXAbBD^IjKv=3sL
zc?&*pxsSA?7(yBV=C;~}n5S~+0Tloj(c7M@L##NKh?1atP-Efio|Ho3x(EWwiz=%<
z^swrML5~qT&JlmH-;gBvjgi%B8U~1$+8`4BL{tC+tdw?GW4i7{N9IhD?Yu1oI4D_%
zxHily&L9DFNkfMOkd)O2I_aKN`c&?;YtQt6oDm6(vZI%enm5fzI#Q?D&^Lo6HMT^D
z&b|zm9es?HLIUhZc1C%5qN6RJPGY*!k!tTrg4atHD2Ze?fi9hzcA^f?9Ye+dHSiZH
zAeT7Zb?S5;Yt#%zC+89vrDj}r7ut9oj}uH}X-Fz@2Jwcdk9kk0c74g7#Ovz(bS9VZ
zGKp00ZAnho(;fL<q#>`N?@FVOZ)fH8os-I(PRb`wVcT*pTW%B@&@4!d7~oMKN>v(~
zN9%tE>p~Mv)PMcGNHnsbapzLWKFI_r88R1#dfl}nN8HedsJT)80u}RSQ?V8F#v<Nk
zWbD#-!dn%{f}ji}F?P7>niKzmK}q8G#jyfNH9vCcxX)s2W^{C7TFQE`{9xV#de?<&
z{W8k-kCUCIXFr~hKD>AhWImY?vIgU#Dd%13lfkgwip0NNR^$&}8R|iU4!)f#{_3c2
zk1KwP9m$m2GJEj$7T#t#@xlJ756tYMcx7Vxx&isA{Is;|(=J;qOb!lrbSBZ*OX88)
z_SoQckgzw$m>L`|UMVDslau3<#}gl%|G;bVu|T;BCdbsfI5u=>6NFFAT$}=M&lu!B
z?{YK6siDGkmn}?#x+%x$Tp&3#lpD{P;{DGY0Ti!IV6sAH;}iN7fsL5s$5VgiTmtE&
zZMZP<$<)jzVDM4ej4u5Qrs!bawjOMx0J|P#vq+Ky$*vwdoslK<zcNYLV-Y~N0pc%;
zlf{*cr@d-iMpfYBOgoFWY$pW-W(S8m!VSeYu;-AH4V0{{Uz&0vVR>T8;44$>dNjfI
zto>G2)NncAu|ZN9f+%E~NcJX!aNvkWBH^(B0@+BDCq!GTl;i??p1Dd_PF=vo;$8q^
zmEP)AV_;wHYJ$KpF*Z6w-e3kr!YuUyyRLw=-%J6-{x`$@t?*2}M{Q{sN^<dLnQp++
zAmV`_V;^Y@8>DR-ad5IKfl6PM_hyq2>j^etRTr$KJR$5^5NU1cN7)%bgt9=!O=>OR
z#1k0`6EYO*Rb8NF3!%wW&6La|6Y!ZT;172p!Wkl#0_doa;iy*hmg)?YGJ1i`6*63c
z@?E@J_PJC_gucMG+K?vAB_UdO>4ktlf^q`PjYdp&?=?@-y6ZOxRiw`?U<ibOHVy_r
zn+n=U`^nC>321kNXcuNLHM0^34IrePq|`QIHDE*6+vH@CXyq(qbp>bXH;D3L2h(pL
zU!}xCK&@gM)o;p}rf5GGp)iQ%HZ7C50MUe}Lv&~^FwM)F9rnUNGhL!ZKrYhe^BboM
z>L+RJ6$$2oU=Jer0n*Yefp{>T)izB#447i9K(T5LuR}CdA$r@d1&AydgsClsS(RcJ
zqp<>0>nGXGLog$yvLZAQVjvZ~?IYDEKva!18hZ;ReTDoX5*m9Cv<;NWenj=+yvT?l
z60AZrv!#yrC|cb?*OV+jB!wW|Td}#cA#AXq%7dr_0B)+TRJ0-<vU<LerTyfI>9r|;
z#bOk)+ZVF(py^<0L#~`>SU@aAmLD{oaZ&d{EMUha=-hpriBC*6%MpQ_DUub_g7{;%
zto0(NBnGy9zh%8{7Cdf>YFM0J^C>(EWyz}(5%n2Ou(<^^DF~r&rM)7m4`@qCU=j*>
zwgAy8V4j%pfEvJl!=}q3Ei(|A8ih996P+&!c`K#wUx>PrV>xS%X9<K#kyaNvU8O_x
zp63EsNh^+NqiUKIDKJhk%n#K|V4R=Ow;S<%G3Q}BvbrV_qo`&<47wsBl0WcUrxCz!
zQv{<`w-EiUNN<bGjORTm(i=rg)&*i4(1cJd61#zM6d`)g8%c>!L1Akqw9vFtazMgt
zU@2*au(%EEA~LF2b^&@*Mj)!0m!4!Zt>0kkdfgv;AX97NK*aDN>P<RFd>CRW{h0=#
ze!b^~L~yZ2Pq<i-K;RNlT|C<zunw2{45*klgy_{_SwL<-8&Z2;CY$xP9w@@K^}6-}
zFq^d69hg_JsJc26!i}l3m|39w?&@?hqt1Igy90tcA;+F%Z`OhTx-uQ6PB$A5EIc~9
zu;1wIl488WVdZ=p6zT0ZP-8oPZVovEmcX(@=rW%*sJw*-JXCN;4*m0?7H2o+^5dTZ
zkw%7!n~LX7U4+}zKBG?_YW;8vPnt0*y3ryw0fQLwg3QJz3s?f%51Yzn88>Vq&c-c6
z<)8n$3{|&GJj@c}K*A8Mw-mu9VS36NNR;ABmc!$dJ~r{29e3pl7rEG1*6x0h9k8&f
zX_g14ro0uf%TN7zGLOo2^18P<-iAR(u)O8!-U!ATiOIsy$Tduui$zOdChSyIKMC{A
zjAiwl8Ed;fU1UE#^5M~6{_3BP{SVjfFeSFTbFbNZycS)u+>mv&>Fu{HekY5AGm}#o
zCFi~BSZd=^YRp%P3AE7Tm}m%qZnyF<>y9CAI4URmZ3K``_A&?A_Kt7EMNFbORlt~9
zrXhzMhS#Ix2NGAuC(+v{Tzbg$4sr?bkAqlyk8%qzJ91@WbmY?Yj|-!p6eo`#&kob`
z10z!-vL}}Tjyr|@@$@kEBO_BY7^|4Ma+*ZL`Q&8bV%dPXSBDvcSeFbJt`6r<Uy<#4
z?}+OiN5jj02PW=Btn}wa<vRu#I3Xr&Dx-UQSYb$*{n^uyY%1jqojE;1AI%D}1%O~?
z=F6}JDTP_rTod$I7EGg1xAsR7`_0fYI!5sWAguvF_HXzdieGInB6<()0lY~7S0T^Z
zglq*4IZs!lKM!PM5NiX{8q#btxWHkpDU)Hg`VB~{N_Zn?z=|^Q2Dji;k7125f=tC2
zg+&`hOk@`bg^58V&I3CQNTU<;A^T0+0l)bpTtKzKcy=2YF*wwk;IHNYJ+&PQfx?y{
zhIYNC0I;b|0b+I>KuCH3<Y~~*<1LV=nQXAz(k^Yf@PD0sQWp`Jv=q6FMv6YOko5q-
z$KWP;(G+@E8cK-v26k&hh27HSqqDKsK%z7VsNzkJ?XDFebtC(vHW7hOnwP?KMem{C
zSEN@*2~4UE%n1EPdsH0z8#^aT5i0@Zs_MsPVv)8V%C<o*fsh%9vys|D)Q=)m38IO?
z$mnn%{He{AvUTfGg#Li2Kh!Kj08g2_3SpC{3`Z!o8-zy^t_f;vx(5)FL~P#{Aqi?<
zgNayek~JD$!;XF)qal>RB%7iqCM5`>>OCMTqbP{#iGf*f<{-qX%)F%&L_LU3SjYpS
zO3?4>EUKxR(Ybc_5CEpkK&NyF#89n22xn+amy9-;4nZ5N?HgketGqw#2Bew}8daBm
zW6IML5ChigP3eMF1yt@zz{c)FGQ1^ZHGwD+@Jnw3SnUN$(d(#vg?E|MjUqM`MD&8U
z@03*tg_6JNQ9<!E1l7AL1g6y>0$zQ{+9Oegf*=O&z(jh%V<IFLi=<Wb3dmJ50h~pB
zD?PC?1Em_tdCZD}j!4fqbdgZd(p!pwU^T$9XZA!bvhy6>3KZmqs2GfS8FR!<F&|8f
zE#zSmDrZem5j9fh2O?%Tz;mZU;A+*9+kqCci3g(ek!jt}1jtHIfcSfaSTiVuIf4<5
z7U)*WL=dc10+6mGun%S3Z;M+9mVTECnGTTd*x;&Jm@x)wozSodh?Mqe@W@(9V=BSQ
z)5tQE_D2m7lOikh$X;b^jl?d*hwNgBRL0Z`V)hVrVOCfFsGW%Yq<JH~u>vdy{k4fN
zFiT+&4Y5!x)zHxn^#;sp-~?us6|$ouS*>~jO$fCUv@H=;lKHO!I3N=?MTw!5{y0xP
zqLhpv&4y@RgK!O^!XH#6fUYM7&%Nv|wxAc-4pcg8MFpuZA@p9O5t-PCZ&`@_(wX&y
z41>L%QaamBHLkz&ryW#!*1mJSxwdn?$!xawbYBwdM}J4q36RPV<Wvf674{jr{Fld)
zLl*+ku^vGig;p4A5O*fk(ba#(9?P0lvyS%1zQ9+raOS8N<)?1{Vat)q_hLVtlV0_7
zGMn$q2>hPH(pUz_`LpPHU2h-9(|8WpW;$Im25}fgr>JRO=o*xqGxO*!Q^ay5&~&i?
zb!<G&S*3EB*VMC^h@g#@VQRTgKouE>iAdU=J=4RFXLJtcAv6ejN*2#UzXB`&N&wd#
z{<S-}g?dYt7Qg?4lTQWdUk&V*fajo)o%~1G9XGEEJ(NgIPL7RpUF_dMx<IY5;%I(H
zLNjqjIXXI2>pEY%u2!m0qN!v+A%F)0Jko5+)DiT;R`X4O?#c!i+YBx2_8+j&Of8TC
ze7%&7SJB$-yG;dcS&HzMDOB8RX?e}OPYBz3>j;@?e36lc*=KB;RZD5Bi*xzBw{y-<
zp=uqugjG1o=`ElvyKi4Fhi<lWd=w2icLp)O_TafVMSaIHy%-!m<dS38g=Fyp0&xAq
zW|IkxqQUj<I9&U1;gc(X*8)IPrZ#AQ$3_rJil}dMh07NUV^<42jN}JK&_SOYasLYT
z^p^s*SyaeQf_RMN+YOs$&ZKgubzs8XI<ss@rn}Jhqu>=#Ek|ydJCrc4ol_Wmg)P9k
z#ACG4z%tnMO`GX=C_)D1{7D)J*DxHa7}mU0xNscQtNsOV0u0lGkAUFJCYg;M=7-YO
zUhsEpfVQTlY_>~(+>+APE}%<Ybo-9Fh`?%KWp?ThfejIY*~^q!>DjfE0t{z_okt<#
zdTfMVFYB?XHyD-uf@+Ii))Vn-LY5gDmU7`NOLahj%WkBrc<|%aOt*)<Y@Q04nIXgg
zE3j9M)h%)()&yjJg+RYBO@OY~$=Zb*S-H~3kTRGxG-_J|>{M+)yJ~;5#|Wn?3ieC;
zMU<RgR}wDM(GZC043W8mZu(oK9qO~m7@n4uFu#G_^qv5gi0#Add3Fg8q9nXclL0dZ
zmLbYa)~F&T)_`U0bv8!5z*eNpWSVHi@HBe~{YP!paS*9vAWQ@e40V7gAr0{<?C2d-
ztj&#v7?BJ@2pC9bijav2#evkd1Ih6P1<*)s<|0bzE2jH)yg>d25xruG9ZsVyxJpVu
zC~u=YH7zLEn#lzQ^*`BCpr<qgWW`KzvSQW?nAA`)5S!sle>@AW)K)B_oFTLXGX=x0
zUiBnv1x3;`D3P?Ab3AV#8nmd88ZKf8LBLgoS$1l+p1rOZLLX@O6bWM2Ti)k_h~5HD
z(b*bW3k~RypO89~6L{+w&fwKFG<NDHzn6<BGl;TgOIMdbe8}$3(RGbrEPuHc9jgbf
zwiXGQjR5%7l6ZBksq|#nKsf+bL!*AlOVvtmWm^r)vQPv8u^(3)D_)TEBfIE`)TPw`
zvC_QZI6zeZUKY%PfReb3=(GmJY9Z#C-a{m#g8`?qRh6>Uh*d9xGaTY@;!+~aB-o*@
zC<>y|8xZBsU-}Z_)7u>gW}F5X;#IV!4kRSx1$wn!@G5XZ(ilpFP}y(@Wk&N=9Fm_(
zpr3unEJ0|1lGudBzDp}tqBe07wJAVQmJuWmbpyokEwU*!A}dWth`NClYkEouuM^Td
z&@!fV099|?;B5hrN5~pgt?tM&dkmg7n&}5@-QXfxSq4a2StWt!1=u`I0LW?)X$4YU
zpsRQTL`zrD)rc)3@e9?3g`y+~BFcqLLP`AUmSwV%cz!L*WDA*+gU+$a14z{r*1sp3
zwuCHChC!M6V=;)m;H^?Xuv!BU>j{i6=rc057I{&QeiuVTRZEqUscfE&Phiy{A11Ty
zU0vRIAyKv!DEqSL#Tk`M5V9B*qN7co!+x=&Yrrn=2@keog$%&lG+sEJ9MJBKp+H*(
z9GXmfQvsPdx}H>L&Z~dVB(vSvL6{x$@A_o{(2FaLE-pH8nJLwWX4kZ_c1O>i`cgQ%
zpvnwRpBXmxNq6P?GPs*C-E#JHf3AZ&fX<sd%Q`|<1xe|C^9G=^IXq^V4Z)VJL=G<=
z94=E{&h@touYY#<Yr3WQ0vqL~{i8F@WiJf!El{kj#R%b7uCpU$*UJ7<oaD-zIa9DW
z?#!V~938!mUxoIrl+(REcW}!Nc}gln;N&RI&Gz>cdNxt$;mxPd-0|Z-m)S5@xzod6
zs@V1R1>Ry9V`EgIWrKxryMj2i3G%kNOG`L!OkmE@rb+?qs7Ggn;S(iqX?>|9$5HTl
zR~M*CC#NUIrw+(w015&gnLL#Ez5D(CmLt~=>dzm%r-xdHCX;Fd=Dp<s<_Kj=-Y-{~
zwvUft`z#Y~0aQ~O15mG&+`9e2wR0a&{?+nH^xPwtF#;cTr$;6Wm+hY3$d!vT?#u{?
zHSKzb$BW=qX<4(wg-=BVR&z2DKEJ=^!*SQyhw+RIP`Gc`(PNgpn_#p($y}5Nwl;Ia
zlIloew42Uh5hE}w>t1LUgA_xxxlDiiY59#H(w;q*wZ~FUvOCZor>k}>dUkZN2PpvI
zp@Oh1UeK!PRROJVIzpy+^arnCEs5w5{};B!vsd3@v89klcqp^rWt>%;NdbGah1i!A
zX;xnlY9LUnOi*G`Er@mv2<%PJRw>|za2;V<I4AtpAZMEaYH2Wu)15UD@4x~utIB}{
z)EKn3YN5Zm=dY53Uae@1PW3i;0zSs>V0{2=RiPRG0==thc{P`a>V<k&?*S9+H?$HK
zvgQMDeMnmeNlaf2GgTe@2_wYn=gs(9QHUued{apvlrFeSl|+bym`>G$KeEzBB26yc
z0TC+~p=RJCL%|*qs&n)kY9vp5$Xm$@|MDAB0|O5+2+fAClsb9$L`l%{(pq%+KGK91
zwma?80?L-e_H6c0?I7rztu8`(3VAOQ5aj|GV<HGd8!?v+!qRl4oP4OYKqKV|wonqb
zZq)^Jpn9@XDv7o_gT^waWYbgyX^FrN#G4Wr_5;W$GZA~iv{;=@-Re*BkXWEylM>MF
zs6~Q26a-PjfYusR5T+515g43q2+gFE1o}Y1njw-H$c6KM1DTlhkVIw{!p*E13)!hN
zU|KT-Finl5^Cc51Vi=PZ!LT#1rqK0AwuHQKuo>>qw}wBx2|IdS=}0-6QH|8$Gy&na
zgsHuHmns9k)I}20XceknE0oIVH`WQ`1Y#D-L&xh;vbWU*^Ql$d7>7Z#I(rWcgzP<3
zh-wbb7F0sUa1=mVcIFTPPl(0|A`mBZtzsE^OJZ{rOJN~3T`N>1F4hzh4g<@<oCrY-
z^}@gyAh?ieH(^zlgdtL-*T{M+4?wdT4dSGJ!pBMh`cfQ9LONP#8EzxOQi4dFhZr!1
zD2cxvAln7K?%ml?iUC)zM+aVO+Djcw=Ryplg0dB&dY%}zWi6>ZO?VNz_65pT&q+#D
zB<M|*U>H2nk^p)ej`zc$JA`x~XwCYA{?~hGiJ8nSM{6cXT#aVmp#NDr8aIen9h;Ct
z$iHVdj|qwIa8hUGF+}PRFu3L7_38|mGV?M!L}HZ8Bvemew1x=5UrETM(TJt+Dt8#0
zQuqTa!E-u-LD#egTxy(!D#?qCHA!_Lu|%jl#c0}746jM=Y=8AK0by>kSAPS`wYzb!
zXGq##FV}@c@?hHOZQ*e#dVP*EMAmzF>|?Z9=GqD%vR{%$nR>BYRTJLorXb`I%_kWf
zQ@RLsff$l*vjX_5Ot3uGYgATwaTix_`!&Z&mU=@s3mH2Z6e|<kab!QCjQv>)DBfOU
zSm{d?$yQ5D22};dQ`LhrsvJLpTo2KLfLPV(H~oh4U&Z-zMf%=e_XchP?8=%m01wzp
z+GU*3o%6T(%-T3{D#O-|dp7-F^3sM*tWUV5glzM<e|7D-vzXBy;ud1=boT5a97UD^
z{-)Orsddes7yz!ze;p;ab#|4}F<FwmV1G=KNr%Zd4&b`7W~@<miIEVlMv;xjI`qC~
zUrCNYeOW#CX0mxX%OWgIUrF^{)^JOoCzW+yMlNqrMW6B(93OW`w=CP`Y&$m>y}J%w
z(#nyL`-vIvv93RT8dtjg@}A%@C@DLuOZB&R<8i|-C?0WJb`d#zNt8mxCOPoUPbbEj
z6CaFyV7CN|LsNKMyEbxV=1Td39L51k_m!f-6!-YJ(1s(pFAxnjecs_8FNJ+|3S(q{
z*YI`s%VvAK>3|s{VZ3&j<-*ix@gjE;siHaRkQV*gF}E+5!|#V2eQb&Zjhj#VH=nrO
z*qk_?XmY>Du;4gg9~UDBxGZR%I))M-pdv3p_?-sH<`XZEKRY)xgEfO{Qo{YFANQ8U
znK3*rPvInFhjsCmrXB1(di^ivC}fg5hq3}W<gznk?qiG~emlbzJnStl;T;1<aBq0u
zz$r9t^|<Bfy)sXev~0tH;u}XLpWxMP2vg^&PYz*GF@6;*lfh4L$?Ub=SQnouNe5i>
zG)t6r?`s58XJm-NC{`wj5a-)n@>5Jf5Cb}jpHgEvjdMN42{hWS7ndFdZV-;>=PX7%
zxN*KRfgA^(2fxd_B6k{z^psTC9c?}BJzZvQ%*xPO)Qv$I7H!&N_{)J(XAks|M(^tY
zg=3P<B(EvIy*Cf(&Ec45W%zOYG%~RpgUcmO{O0)ifBE&vpS}Mdzc~2w!;PQ)aX;$S
z4?e1?-4%c9gA4B=RKRrLXR>KF0&5{8oaG6OiI4!G#1B|9;72KCItT+4A%wsoek&;i
zjwvlUzd@v7LDqnoN=a^Urqn==P{7-C$_fPb$u1ziDWV)vtcbArD<#B-#3B(ZbcY0@
z`y~*mFJ${{#NY@bhd3-mTb>l?%7qP{79e^EJ<70Ixp-Lyey*Rq`Vo5(lL$CNw}k#}
zW8`R{EJx`zNzYEMI-{d$6!E_K*t;##u%jdo{ggFJaQaRS;J8<Bqw!ZIy%`-chRJR;
zUrG9HJH%|+)Y`x)Qqtx6jlDp6GrC+mCIes+2MtgNIe@0(i_TEK-@7C$2#Nz+^q#lj
zhG;K>n8v)D&08Ux4)nH#Xg|Fo>_da(44O?cMM5f%j@-%v=-6*23xfHj6_ete-Ok_x
zt&uoMRn-tdeX0QQ0Ny5%YDd`+O-06Cvj;+R1nP;C;-4}FyZA{vu>e06S4dMu#LQ51
zosZ&V*Fh49`V^wfbb*gtWaVLz9$AC*c^$xSdSu`zEf(NsYUx^^e)Cqd5Md<2`4R!W
z5%T!oCa>&Hlr?oxF1|`K?_df*G<dQ|R-Q~=`VE!6#tBKwki2(hA<R#sr5>k!0{eP_
zd8#V;qa9&>i!^O9U{(MJ6lTs)(2T2@5aoj6R_}QOPKcDo0`w{tSyv@s=A`N((y2-w
zEkdkV^tZ~)9}@6ay~_0_z3puf@EXmmpc6F;Sb2E-Z^!3gSji1we2umUuR-VyWKm%(
z%#$T`h|o9EnKv3SQwQJCASMI%zM~}+=mqdUHGz~2Kun+P^{ya(D+l>Zg?nFU^smVj
z{ywl&=yU`29qM6-N9UZWDP&4;*1jqWaJLlxZSD{%5`T(n5BQx~CE_FP9;DYr;K<HI
z3QX|md_cX&=yqL#kbFnbuUaG!lZrfNpjsw20NhnS)}2b{BC!vt$NVS(=F2Evy-zJw
zbtWOpPegrWj1;HfRt)xLq>w_L%8HPq7!Tbpxj>POl9Et@BK^9BziU7t+5;%Y<9J&-
zDD#yIlfn?b)&WHtUN@;0E+BqWG7wR95k}Q>T=XzF>lIGI^NM5+C^dwPK=-OBq!dyu
z2&rn)y<19aiv$4r1!7sl3{((?)O0+n*m7aRPzlTr`h_DR%@0H)HHmFW#W7j*n!f}f
zVj*Mv424F>U_32W4lH3$v;h&)m2Nnu$uVT4Z2cB0UB2F>!Yb0Ay-KCe<kek6<-$~<
z+v#r2Er=Kp#PXD!MM!%GGteH@&C=B?TUKCe=~7|dZtQLII9<L~h+RkDIVs+SH~g0+
zI#BYLWrmWnzwKNydj?fJt`6R`R1xCNW!if(ZQDKdr89=wv0E|uz@&{+K%HK>+B*%S
z@mCBvf5(TOE)nK3^66*r{kQ%2%IiFrm$3`le;IQ7ONQY5k1>WZFMk{``1<zRZNh8{
zxQ|eeSvKCyO75q<q3YSPr8cjYZV5^PP>bcGL>^Z*Zv%FEn^xJh9Ku~ls@L`R^IBO=
zt*d{4-v8;BPO#}Hf8&JDoczj-;`RBTH{FXA^Zo-NlZlzl8*b?G{bx*owm)|ze<Cu~
z#;GyEzZAzW;hMThSNky07{{)qh{D-yTy_LT$|3ox=JP9H&9QOs!=#A|eVB+?^yS1A
z+<Jh3Wxjz|ZHqsUxPrm;D4=;%PEM{CCi&jT8}|~iP4S*bK;$xj_Md1mHU7`s$Pm6t
zrU!@f=D&H<Av8TUJ~@Oz`%oUA)JRcy>(IAU<oWN?_{<n@ZU4fG>lrU#XOh_emzjjw
z|CA3$6jAsTQyg8XL~byPYfFKt$d;sGg_{k{rtSTdnd9WC-wqR>Cgv@d4iHZ5N?#fM
zBg7`lWnL*>8K1lk=)Z{lISygApGfR4yPw|aV(>)C9pf9m2g_0;*8NlEvNQm%*`;$Q
za%NJOBk@Lvr;+5$<rzH9Y#R7%bAR$Bj!#Pdy1$DT7VAFwVClJ{Ba<n)c9gu+=FYoQ
zcxAy;_B7_@-NX7mPWSNmpSXo-_c)7VE;BiD9qDJvWv?Li_z%}`K*BXmd|66-ks#wm
zld^q|oqfOn__5?F+gud+V-g}cE!~oXN_Q;G{M_GE<}|TQ$8aU>gct86xQOjbdCSfq
z0xy*+i4X#Tsq#7LWt&1Ak%AsU#QzmHZ3Vu=bdf+T(jVFDKtoB`Lg3OOa9<H+33}5D
z>?@YU3{MG}0OPeygmi@tdBn>cwy^-tm5En7B93T#fe24Sta>OREz-72$tWs^{YH^O
z?jm-943wg64EH5gBOty)KpDM&P@|L{(a6$WEyvVF1$hlGT_i;#MChdzl)ztP52f(O
z!)Ra49}AngQh3{5Ng^r$LUG`Bv(NGOq!38d0kT_fG@`KpIM{gug!jM?stU~#l%ZML
zD|t(MrFK(VDY?W*Rzf6WCgBSrY(mBY)|^vFFynwiH3Mp@r**}VHtUL`exo<_8`Y%8
zWsa`*khjQ_Qq^S;%^8R^ys8Rqr=yh%y{XbAaL`N+43tua<kT9XhRJ`3LX@E2q!=`!
zf^?ih!+;MO6o`fvfx~13beh7~ji%$KK{S@Xf|(G>kr2%;5qr)5p>oJ0+VAO50UwSY
zB#+6YTq&5fv{YvfA`G4g(^c>JyA%i;Y81qNGR&-V2vxxQ)zonWy@tFeOoUXTnF;Yy
z34^AP8Qe=$(R<8VBW6t|iAC-87l<*)(6CByQT;dzQQgsfD+xz-Y637>kzOAPF`39i
zVdM~d!J}RYC(1>a@I*}C0MWSU&_R*RR|}a_9El~=EDQLQgwSY5J`y(w_%luXX=+t5
zUv#vo8<G~X%hp)$2r)wJw86W!lL(?XyHEj9@9R9mOCXwqfHw6Q#BjS;J0NqYAq=f%
z2*iLsXjviw7x5J7Z&ynKQ5_`28ZlYL`@;5Sd&~$szW}1ER6a(dTAJ#czy4UDReBIY
z{#c;fTI^L4@~f?;X1vctq!LSMhnmO*>Pt|+gm6g7E*%A}Lgro@7|MX^V>GHWVA>Pw
zBBTd}JkNkwW?oQ~zZ2e*ew!p59cXf)<`zSc2tt$fwnC}}1lUYUqyw!KNgGs&yreCW
zUW6ntFB1j)Dzeipt#SRr`sZZ?0fWf?BSQ!Rl7%2zBoK`qVu6k(MD!bj=80xBA+rl&
zHc&R$-$Gsr;zql=QRf5748oW*t?jR`gFndD(Sd3NW242oZK;ZRud_NWu#l}PofgnI
z2?(BOauBixG1!fSfYOSDb1F~25OnuawPmiWbb3s+<$PL6kU8|5aRUD86HgHJrMwYZ
z3ii7;JX!;$ISRm1C;zdoVy4Y529s<Mz3sMg_mOVz>P_~@M4j81Sf=Z)rhPNUb@ZcY
z_xCa#kQ{S!q5Kcg{^vXKPvY&y5i0a<Pug+sv#Ya<=9VM}e@znuADj)QI{Kx`*Qa$d
z>Acy@%iz2X%W|;2x!J~rqQLy`SR05mxIDzYArG7%^vaqXTXnN0&$sus9{FV}E(lX}
z93OT4kDt3iz}5H_L#$JP<%G9L@wn52)1euC)g@s*3R@ExGEa@8njXPl#-?xVslv!m
zf-8Dg$7e=S`cLDqVi>%8AaRk8tMI)<fmQG0P^pGUEbP0P?ki6SPNn<v<<F;-KW@Wq
zOTauB`Hc_dm_4?ACugVyV|o7nQ2)2O1CFbqWixEKD8X319F$XU^LDaLy7<aVqjo*i
zKIkZahZ0m;e}zkv?VndH4E}j$1l2tLv%M3K&FhwQ2H=q%{EK}Y((S+G5(zIjxaq=W
z?!($Aa&|a38FiBY@lT6r;jfrOlg;l?mR%GA(VI$<&82GtJ8b6lnVTuD;T|krx<rLG
zziRVcP%{1sg^_h0!03XH)5u0c?f&aDQ(s|^<Wng1SETy=AJ1QFX*qcQ+P}57T;kuq
z|G{-|TXia*{A6Zw#-(tpI6eUgKQ;3wgtBP?@F_`W`BS<J0BV+u`^G7P+zoCzMv)W2
zEnwY~8c6kQo+WS{g$2gCXHj#`CJ=t=6n8{8e&92dZ8#{}_JNzt6NybD{W2Ecx*KgL
z2_PW32ZyPOz}H~VcC8Xq3nGDe;zc?wfSby+9+o5@g0Mx1STk7c|7Go6yXz{hZSDCv
zzhb4m2Vr)=!6p~t6X3{_Y%A6+x)=!TtR`EsrC62}U9g?QKEM5ap5Et@WFRCT(i&*E
z=BiouS=Fo87^9f9;ELl3oE6&FfVRd*)uJLwMO~r6>`s*`A^A3E2uy&0^}GiNV*b=e
z3PsUpxQRjWBm|H#RB-Dw4cK<g6J;9$5L#A*ArOw`ssaT<2%y%yFO+XZr06~3bw6TZ
ztCI=7&H+SygXsy}q;XWhA|dF`Ukk^QXKix8i>OX}^<rfGi72|JB+_!Q&>DA9JYai}
zH>D*N-IP!_7Eu={v9?iIlE{>$tLR$x71DnM-ZlxLdj1O~t>vfjC8`zKU#T>2%w7q@
z@|+OLI2NpUn1#Qb{s$%|xF&N%z4B4)Ky4K}DC>Cpqbn0dF1KIPO$G`NRc_*Su(*v0
zoQ^&X<T53r8(oY+$N`OD0BQsnz5{$w_(I1BRK3lD2pA5gBM?Mgr#dRZQ!uRt=n*kA
z<3<dvVBAm?SXZ%`+`O50WrvivdH@Hva18mRQoRnat;GZ3nm57>06(TxAO+9}w3TD!
zA>+W9uzmCz!tEA9c%)!>>odfB5WJvT4LQKP+eYABhex$XP-@Pjvd=w^gMJVG>>fi-
z-ZTKle6#{%auXPn8zak6C@D{-z~1~uOVKuLfvh7SxVr1Ha3<u}p`g_jv>V{xKEMvs
zZytbbOF_y93j>f%g;DEopcZ3-g$+ICBUVI3jMj74p;nErqt0YT-6A4Vhn~gpP2~)M
z*0&Bl3jz50nIP%|FhiS~mxqtd0AG6ncH9;b5_2ic4;X9{S5X7}8{PkYw;<lM3*Ba8
z(QP&l9c3NBtTt<R(7YYs%LhoBpkYfbvZm6&IBTTt2k#+Dvj@%zsfkI-BMc^@2W&h;
z6bzS8hW_Af2n16GDBGMM<UXW74AJxoP;!J{3!#AA8tn5K2X%I@sb>;jV6SOR4oZBl
z-<6tuGz-GJ9OU6?0pT})%ab4ypCeie%_h@CYQ&GQOBKGrUe>gjBFvz(u2YGjn&ASR
zi;**R5psNRqU$n%D5xeKLM#S0M0ME|W`xfeAEKgSn*H_=b};BT*%q|}m5on>-x=*Y
z^*%TM1PYx6PmkTp!shuEw)N=6++W4K@tRFu`f6bb<$3&+Y!46S@t=)_=hDie$QWM?
zUKFFF5%gHVZ72m_In*1#;=Sq_^UG^Utdn2w^1v7qXL@T04h-<?jXH7tmLOEhxr+oZ
zlj#<Qa=8aG{<}2<^%}^6XwCs3+Pz)cB^x*n8_t@fcKpuv%Jk9p_Qvhar9U%#(R$|r
z7e{il$Za@&sQMYB55oS#CwGS_T>huSo!{L47&j=(qn0<%KKfMJ7&JZL*ZRr@%Fp@s
z9&dB}cL493@rE3o_Qg3jZc#q^{J-K_C0_c5Z~pt*OCP(>8T|eH>R&f7@kcj2dxuCr
z-23A&GeoTtd++~d*8q+~<z~Fb@fqAa`YyBEAgh4FJ&U8~zsab&Gt5pE+90EXKl(BM
zxcoP+ghbWobaeDLx?4FtI73qff*t;S;vG8dG`OMCea5UPH(lzT?N4`)pJ6HBhUd~-
z%4ZksjMp}@Cn1ez(DN6QVe=g~EIY^bustfvOm?4R95C73r%xBSD+j9s4ujBx`P1$(
zH?6-N*17o7OCLF%nChI6J9)Tz{p@COdRMyJq;stoCeIGfo?YtIdsw*`?#E&G%p=ZN
zq?ZgIl$u7cjdPS!FI4|*^6~J+0Azme&HoJdFAre+myg+s(H47Ly@OYGVDdg&lEdlh
z?%VyB!$$P?SN4ImaiCoix*qa59oPzC4NP8H$-n$G8f9lqoi)*L?{XS(vwnzTYJ&Pq
z7!C!KnDn#Qmzjxqj`hpQ9JK2Mr(mW*_!~G_1i*ymdIox6?&EJ2U{Hu8^g*ac5Us0)
z_*P(BHUr_(3ZiuiWIA*afNpjcC$kX2^%Oy#t}6)95v;NSXygRqp%$Dg9uO;<2!O_N
zu?CwRvuZ-&DDLzu6Z0|WN|qYuX5g;#Ju6P&G^Ul7sK?h{#^`Tlh!9S-I=MDYmpVnL
z3PiZ}dfyTU@SfO~rc#iRH{S3%Xx4HvUF+441{O67Y60R1k+j&>m|T2AZCSTep+#7C
zgo^-+O`&ekIi9SokxKC92UAJiC70<-G~BI`itfJ0+G-9gaui;jc5~MXKyoS(sEH`{
z1J9%pW5~tY5amJ$5m*ZCdiXAJGC0*t>2k3!M6;EYXy!frmyj6s&UK6|XS@gYHE9@T
zDhH+P8jtWb4M8a#z?iqlBoVU06KDj}lSMW*F2H=3y5}K`tf7oxps#I?2o~jh!%+2S
z73Nacy$Xv{Z#`mV3J$H7D8+SZOqm~5G$w)yBZAip_Q25v*ZjzDqh5MAG(b!+d2KxC
z8{yenb)VUk*hdI=5D38<K1}Qa7Tv&UmU~OYkx4{uucl9J^evi_hu~<dC!A)WsK`Pp
z!fDcEaQi**vC0%G5;G$i>>R{hWd=ebbpiF90)VWDYJ&u_seqk*nBl3{J+rIxLNHp@
zTB?A}XKoql9$d9{Gl!ov15|}7@_KhAQp~1I(FL#db`R4WR9<c#SX~62!xCV%U!kzt
zq-$OZn#;3{c;K`hB&w$KXj7fWAkt#%eBp-Z#EQhs=wq<z%@ZN)1UWm%&^=01^_n3<
zc7~8yY!2qIvfbNYc97rtRf&~(9p>1t4+7MI#2(7=3xM`>LimtGe2<RJp8&r0tGqD{
zt(rMagnqf>0dO3ax6?3lLVn5~4Nx51thp5tWBMU9rfCq4Mfqk*rNRpJR#0I?sAW{f
zObeh)-NeL-@)5#dQyEEThY}Fj4nWwqj4nHsjfmA%P%~~H%3E}?Q96g~`r2%OYnG%Z
zf`|~{-A4hQi;VNRYH4bIwN5~kZjPoRxYD6P!~4}LtWWilaHeg$0+-kBDPma7-pFZC
z^4Y@2fer*S&+ad6f60Xt@2aM(!QYOSpSk@8u<P9!DxE}8V`1h(rG8U9;O&X;>>o2r
zQqU{@tL3BDRafZ(&Ohp5B}y#ot58{w0O1?{&t)B4bH0s+I@&1$@jFn|QChjFc_K-T
zyA$=$A9K+T@wsgs>ptRNd9nr;XzkalCF^#(S}vnQ>bhe2fln2D4K6}gZ_V5aPB?b*
zp7w=#uAjsd)vF<=TinR*UG3Y;-XH(vlGdsEwO;$0>!<JQ)EX6*s@ltfPg$xYzw;Vx
zjlNx+T>A$Hi&nlw`0t1J2MkELnfxrKnd4=QcXT@a2_~q&;aZ$O3|wX|h>R7gBx)Uo
z6gI{w;mG=O=lYAIlc$)SGDCkpQCX&_`_}I9$?@A)Czp7zmhn`V;2L~?_Spc+#OdAs
z8(3)ga}?9LGP3Ri!P!X!u*@CaGh<Q|%e{2+M_yUtDEkn-^qE)dpHlXq0kC~Q@n@!i
zG2jR$I^i_J@eA~O{u`zLi{j|qE<X8QPbvR41n!mN7^wcsE62C?Plw~bojjfDwC3CM
z*ru{Mx`0TYxd8;%qJD1sS7~SuMErmCS@Z4lVd=$NtZ=bfeRPP0@Qb6jrw8Y_!hZW|
z7gBg_A3rL1MVSYo<}*M_{bH25oZ(Gy4F{Qw>|7_q;9m#PZf(aY(9$M$8|*1%d&dXN
zDlumLa(<IHy}O*rm01AcWT;++As6Eak%$ZubCA<zMCM-c14|tm7#>$j@e&hmH$-V+
z3J|!sI7=(wmy{)Z=M)@RD{?X`1ZM6*xTL~#I-jZZ>%*SHDp)*J%V4rr<Tns!LLp?~
zAecrq1XQ3OPK5x=&cfiuXmvnl`5vg%_h<}%1KH(a?h^ne%i*XrZj|B`)hsM7+MOm{
zy-q~%e)Vn%1yIxWrU{Gc3m_E>fiO*k6)U?WB4+YOST9<$!exYz`9M2`Z>5LCz8n>j
zmM5kp0z9@e6r`-^Ll20B&Uu(chE>J(04(Pr%Y(mFyBJ|3iG+P!_7Ndvs3-&m%updI
zU<Fv#Y~gJXG?fKJe8_JIw;%|c8sXBxT3nZYVa5naxl@F`p0cpKTQL<fNKAxJZB_lI
zEZTE2Y6Q<lK~OT4HT<nbl9FX0B7(0eAlc#y&?vMYZ$l>s05drG3DitW^VhM72+>;S
zW}xR$EyDq!F{m*C0ltPH8!)xpnG|zHQs!fz=p4P<3#x(p0%y;LdKv*zHZ5CP(Q6xN
zBa6pd3<TA`!33&*Q&okDpjuIp3~FS^#~BFE#>|-Am?_MTPpCr6Lqa8`bI8x9Z`&~F
zlQf$)U+0X%hjhIKMEE+NI7I>}2TIa#JQOL@&5RCrRt^&Cj3_sqmZJ#yDew)19KsYq
z%7jE`3bGR~=dbDVy;BfPLdDKNC?nM7LvGoEpl)H5UX_Dzpdn1K_ntG73y7_ZfS56a
z)`N!;GRsCs7^36M28YzX4bEjmAu!rU#5)osa!SX3DN%5N=x-D~!pc<T9x-yr?t&SB
zDI}l1*>whxSoXKxppB4tM5vY^JT~RFIU<cmA{LV-<Tr5f$S9AYs##>e%oJ!R0hYrr
z^Ocj4yC5IJK#zjzF%YdRC{COy`AHoRb_jykD1sU24UmwwnN&eRQvsoaS?PBQ%|^^2
z4?^|>6E%~T3f}(KV?2R!9%jsom&p~N?0z1N3_me7v`wY@M~EtB#C%wcY|=0q#_YyN
zaO^`FfQUeS=Ndvxg;W;dQsjohvQ+5>Je!Kuc)1?AsVu*vxq?Cj23s>z$(i0Emzne~
z@=5%ks1h;LhTzN<J!A0ZiZ{MoU)cyhOPX@6<3%c?u7srVgqYl9j&&m15xK&g^*YW^
zG?WBx*4ptQU{SXcv&&M(JIcLhoC{VUg&%U>`vBK`ctXK71vZh7=2zznO$$>+pKE|k
z5VvX))9WK!U^gb1>P_FCA?@)+?w?y)tun^;*BeVT6@?maS*h(L=n{V(vnxE_AFgZ|
z)tWd%$@pK`Fy3H=caE=28z;B-52nx6L7pD$L0%TR{sN@>@$lV66oca^n=_hv%#Ot*
zo<D94zZ_<|&;+7feR)Ov{_*NxGR9Y4wzYUf>9<CK(Um?!H#y|;M|cLj{KYVjJ7?@0
zXO8kzhkkv)_1_m~Z$*=6_g-l`$O%K+imsu9V<TCVD<>Kb`O3!d-onZ0Td<!FpMN>5
z9Sz?;9TuJq3vV%EoUR@opJ;H1Y2^ub6b@@IPlm0xXNSAbKx@5FaCJQ<f2!AJ>l5yB
zc18FyE}hl19f4htpLT>ki_ZK^H+O4e3FUx>!d&vnIC=BEBb<$y!$n*=6k~Q$5XChO
z0l*6x2)W5`kehzDx*y@22H-J+KyijqBry`nioqXO6X2Z_0YqoGN!CoGGXwB_B9cTc
zw{-%|N2&TO<td%o9W(!Sk6&6dw?Q#i_(`j{X*xYHlr%INA`ioE0o#%>iiy?)lFcY3
zI@Br_NkTVS6IRcJSd0?7-;nLWZ_aqE>M|pUJXFbz5Z*(CiQP5dsUI><Ypo~kH&<b^
zR7uM<&K7a<jgW016zUhFEAoL12y@At7SvZBvy6ydLx@p7B*0}#N5E#6Jf(CP2_-_R
zFXW>jI$$wf@DiCpjJi%hg$joB_Z(3T0uG7*B&g=uH0l7D0Zn2Qj@YQMwt*2*aRn@x
zorjHz=qvPi5QLcMWHwh!NK(9N4G~3wcuq5vN-4-&Fi7zp+}aLl3gtuPaPHw)p{Hyo
z2;N{qh6=A!D_Kxcpu8%AhIJGOB6*vl!}ca-S5`Iecn@f3aiLO!mssP-h`h}m;mR+w
zssO-HJpiB-3;-}7ukLb$gF-kCw0)g@4EbpeXiNtVqKqHoBr2>mYZDw&K!ku+Zq;mi
z?=_pI;M5+X0$Nfs);|lu#BQ49!4<yFCqU~WQd}S-O+d)j1s3Wq0-@3;!qW2BdI1$_
zPDEqGp#-5ijV_%Gezac9557?JB7QUj20KF^dQEl?#K=exJ{qwj8N0zSn7}}aM;R?1
z-&r6Kf<y=f#1$Jdk&qi*ka)R121FTbRjy7*N%aMh)B_M1$`YD8p$ugmj3g9tSg(A(
zQ0)(}WfH5-^j6)qh%_m><g1xue&h=%!x*w#_!I7w{;<UEwG{bcpw&X2(k)gI;ahs1
zM9^bCtlqxDhrNqbk0P`hW4F*WGcIG-g7mzF5nPAS(ZU94rsM!lOIIEoVM75sEhUN!
z=EmW-+4KyYy=ci<)W3X4GKh30$kL(bHH5?mA^Ma0N>qSB>0|<4wD%E?GK%QnMmQHE
ze4TZ}?-VR$2nN;<6wy#RL_U^O7;C<s*$mWZ8VHLeg-VYxZv@5FoucXmrbt)OCK9St
zj@jIa27u^mHKzb12C~-rQ<!LG?Fe~N6X^zDMFPsocnYJ+Udpm|XOGBlObr&Y8eTMs
z(=8(9E746T@R6RNi3nMA{_-h+HAA-YU0B#&4C$I`L}p|&59>Yu5cmiKF~2<#q)q<9
z3LoM$+PdL&{Nr!e?&>h-!wKKD?><o4q&76%H-}O{s81c*q3bKnxd_YoRqswITR8K#
zkt<QO(_7lCL%x!oGwxMa970Vr9=J@!GWcZm>nTWaV_K-`6A<P0=-(sQqEVZ8eeS`1
zf>5ERfX_P6PFm8U_m}bZQKbdxPw7{F*7oOjzo}mj90sORSPE`Gn%>8k2e@X6Pme!s
ztZog{$Lq_V?qHPn$*}i_VZ6V($^w7=Y=DaVd^nHyyb0!Z6ZpvJD!gM<w|8=h_1RCU
zy5el_`EYM$I2KQSLs8zSmx@gttexlWdOk*@_>7xF)Fak@44qU#q!(?=H68~&9_;5z
zK%T3RJl;J%`gy+6tB5PT`o%j1TK{X_k+XTt%T}LV+1-6Ge0zp#W@yBh`}@NqTrxjD
zoNk^RPzX%99_{MhkK=qiTyV%gte$b}NUXRREpbn0k3$MBIvn9wITB|eRAD^ObK?=5
z>kNO6xO4XIEXa=MI>ttJBcw%dZ;;dygA6A!TXB#V+c2Erk+kRPPD7rn^XVw~W}G<q
zd?6zxe_R3hHd#yfCi&|sqF0KFuxC|#13oz~f<c`a5J70Q2vNgyj)!PD8HF<(lSCL3
zEhm#^0f}JePN+wD(2wOEqXq|d4cKI@pkM%F=T4UJiYybJ$1@Qj%m+%th|HjtmgzKt
zJt?8`Jqi=yxXzdennN_3hcT>CHI?Q7v5HtcmN#aZ2!!6e5YE_|d|8Dq)Cgxm+VoZh
z)1Hc_WG<UZ$YUtp*2s&89>?=Gh{n}hd>K*VkL4nvsJV(s=7`dT&f1XyX}D8BSaz1l
zBuz~yEz567$lyhhn9q7SA85<BAub~9WjN6SQJ@zg7js3JLDq%-7T0SuspJVr)P}}`
zv%rAnN)#t>Lo8$wHZ(>4kcXC>7ZAb(gfS7iNf43p0>XA+x8Unk-+`)<0S)c>JukpE
zT4-p@kb>PDi7a^!5gb<450B(|#@{(b4lGq(O(;rsU`TmPg-LR1O!-*F?HPnaQ}8JA
zVh6?G5<?m)a0zoIo}`cfNkI$<G9@T*QLokCvWoLJF+d|G&jM+QDNbUPNn~a8A!Ikr
z#-})EdC<+s!+268<nqU==hy%qia8L0*)=$%4MJIFX9P-&VH)6p_~Js|Mz~869#(`c
zq$#N|c-ZnOC>W))b}FyZLcm)`9k8!tWA+=WEmL#xo{2HceZABZBHFI_!4`ql9uDD<
z1oj1_wf(@+0j@O^qW(dHBuPVn{{#iXKnsXSh-M<>AVDxhit%iIzWF+esEfR+l7saG
zLWN~LK%mRU^Yj$2$_-!*n^pj4wLliMux{SWt-dNt!xrt*zBY-d3<2~Y56|amH3>z2
zQ$3kNk%A9}b`fEVIqGnNK~OXP+Jrzlo6sZnJS?f!i8jN8KMo8;P!*^>(aD>K%qt`>
zS4ctN15Lf3fSRSUg6O7HIOlqb?rVTP>ZeZ!U!XHg#6DnZ^{Zeb9yf8xs`Domu*-yc
z#w)y5m;$pwM7H`&3hsW?88s%8qrb8IR8U~AkL%?hBC7tYw;pqB?aBA{^ee5aJn_zP
zH;SJ4Dci(DnWx>e3o#Z}^vn>?X_NKM$>tK|p-QFmU#~xyonbF6fX29*d3IF@=idUq
z86;9Ub0p=KxwA{Z3NxZ{=9bxeKHkM~q(N!cP$QKSqFf8U$xS3WrV7Yg@%~(WL1VQ=
z8GnQeM_+KfKArh&2EB!0#JdClmDB96wl}!ZWM@qkRu*#1y7=GJeoD7gO;Z<tp&j)Z
zrt_Ptx}W~klk87_dv`SW$sHFrctfZ=Xu9)X45!b)e7{9ulIxt$&UW8oQ1yB`x>UaQ
z!Z5r*U2%_-ZMZZ&41`F$jRNV}<+Y!*FT5ATJ3(rtgwEsi=;X!p+0*eRj?t3rU3UZ`
zx9tONn-h0E*ng_6JnE0*nJzb$oQ&R#7f%*Wc8~VYx%qGAiR|poN1val+{p2~XTKl*
z&v5I5|NB4R{P%zT>WlAh|Mh=;JLKLs*g>5TF9OhTB{6st^zPa8ey)dGzJLXNMhSLx
zXv`P0L?bR;X)xZ`D>kYH{6fFxlsCGN@r;eF5M<(mWri~5cQYSl4iKUf8J~Q1DC2u;
zlaF+c*@Ev#SjN{OTgdmO;1gsO4xV6UAjE{}0`FNbQ4k&n0l`9nF+n6$NK^w3CYK;1
zrU<4qLVkak>E|?=Qw7sxreHci6s6?^Qj|uK5NiJ`%r?5{+Qu-cd1B0j3s!UM$f}a~
zn3-6x-Z_MKpFlkpOY>o#_cs7sL{<xMoMmQlF$Pl%69ULBiGWr74M7`uQtWTw9c#cs
z;KR@Y5|8-_y&azQFvcr53<TSfqq|*1&bmP;HU{v`Dk99ALs{SMl8cCQ15kM%dNji|
zs>xK{C_?Vr5w)2H@1=pe@gyYSq%en+LA*z<;=NIjB=cZ+M_Pu6P{3B4Gnil}dVqXb
z`dlCoadxbGE<-uDv!Q&CPRc_UF}lOzG0_$ghL{5AC1qGLBLY(BGX_CovW&`of(d-+
zy02)7SXO<Z3?D+q0o<2|EHM@gtxdCK6`;37fxf_m&zRyD#~Z?SKzKR_wiBJWY|}%E
zJOrN^+N$vq2*VHy7l5x1g}Bm;BttpDgw_E<(vfLpDT`X1B!;jKEKbFQJ?bs;;bAZy
ztO><M#d9t(dzBl!WI|cqfyicraKs^^1__x$ex6oSGFeJ$3&QL}Dr4xe!;zIg5BW?O
zUN*c*gDJ~Iy4(vbD^es7rmu&^7gRQ20|LPuJ93pK(jz;BL!7?s!zjQJ;=91TvEzc;
z*ri%k`8JET<?6S9aPz0PVxvI5SRZ;V5AoAw2m}%lDz;~<V9Qjbm#LuuDkH^LmYTDm
zn+oII*Fi)kHr}vS23Y(FN~-cU(0~XaOa~=IWR859#VC+WBnjiv%a4;^93-A&`*vML
z3rQIyz|KHYR8|DG%tO9V<3xl_M5QbxB8j0R!1(i&+ics45RJjbU^yR>Rzw&rsYU9;
zY!PUgG&tm-Et#T2c%ryzbUNGuaj;-?Y^3OFgpGmdnK$0l422E@YW3(lvkal+T@!Q)
z9`^$@A~k1n_1hL!MnwCTnu<J`j-1@w0Z<6eMrb1bnwG-1`6y`=Q5W&a+KHaI$uWfx
z@X=*Op5eGfqeMYC=4BWS(FweOpwonx4HQvE-N=LK{1(z4qT8YaI{O;!VTcS7)wq9B
zQW(y_Y}heSJddY+4MDjW)XsN&g0?*v)PgW3=xT&3BfE90iU|5eb<@}Q0L+Gw9}yhQ
z1jS$wpXM1|LWs}6hivmrA7NTuAP|Aqh{W7d$wLThsLZc!1AL+C(2|f00CBAk)5rd`
za)>@lQD_9~80Fkz-NofqZU@=I-OmahN@vJ+yzcGlu>6XxtPh{rEqDvwsxf*XyZ^Ns
zn~PlWEX?3?=Vh2o1;^}KInhq5Q*LYKh#b@9HJy#k2MNzeP<@i2F3E}eI*05)U(B1}
zDDh0N6*pp`8)pv30M_^$)2L&0@wYQY&c&q%<lNKLO$f<Qlkk$@*6n4uuR`75sI*z@
zE<h3*nY2J|2~lU%^Kr?{(NM&L@b!(U{;-};_3hOw-N2^Ur~hLgSoji;0mq|hKbJtC
z?8yZRM$dtCSoh?Z`!<O74*%aBzB@d-xZFKLF%zEA6X)Sq5SgEUHlR!S9*pD6%;~?b
z{`LL$1I9h^AvT$t%USrRnD5762osz@<aaEGKIAOgOXWQIHir_U)9()VUvmVHdC!@s
z`25~4Zql2VAklx$aUP!5RtdYKGwhb+H>bhxH~ax#;Hmcl+aii|yf<1%osY#!TfNvn
z#<u6#u(|(Q6Q9XB)<>^)@ukMS)8`lG=xuW1jzQEuSBvP1;Q~T6H|}u?e~i;L{RR_<
zBH&bjShPRAaQXDwTk`pBwE=oL9>2{Ttic&y?7zS>*ofPAu3WiIYRZJ3=6}Eq*X!H@
z{n6p^(d~nnL8%g82W;4A_$<D_m@5C?;Fi4yIOaMZzWowK(%E&=Gb1zA9d@~{n!Eju
zbh=!2dh*Scqv-#}TIvOR2IyUVEZ`>k@qvzur(3Vca=P{G?C|u0ZOg&#-(ZLN$4i|J
zWOuQJR`B)Z(_6cj7@{4(7~}kF*oH{PEAqjxysD}-AEDQyuyb&4F|x*n@CYVr%s<_(
z&NLLV3z_l6tLuOH(FJ}o!z<WLx-;Rv73KkH=XFx^Uw(L3kFPuwxQnd=1fqQTXo(A1
z;uJZ%6lOBD5tu(A6<zF@<DDbni?iDRV<kj9pseTt5p>R$gXpTK`jGXUnGzaM*nmhH
zz30>oNPgo0iQlTVrj{xT0K#RB^;<Y_2Xc^!RzS^i!)7Cpy=Y1&1(u}T5+a3wJI=!Z
z4#;C^B<SJnL|ASu3&NyX$Sh}>CQZA14=*%%m~|R}A=E;+T(N>>zX8NDBuc6<N=dyt
zEaDcvhrNhw_F$fjLVR=RVu8pW2`-rhPNve|!oz~(=D^&wfI<jc5jFrK+kk4XQ8|}6
zuue7@ZhZ`e16A{jgxP0UEriQ2Lag9EBcZCna)AlmM&}9(VxY|*x<`vInhRhdIHoEV
z(Y=GQ86gS^U=-Ti(p6W0=JoKv#;#Z=CLy~3^eik?fTk2=q@aOla{E(}_o9<Ys5-Dg
zw1z08I|&+vorDc*2U2m}AW#-r*(fuNBy)6ifEIF7D6_i0Gi<`L0#Qkft$_M>lq-0h
zp(*HPZ%oM$0pK((Ndxf9B%>FXP<|`>38r`W3ExeuCm6Uxu+l&|hl--1yv~55nzG0i
zsa?Xcwcv!!kONNqZkikxCe#f~d`N@x;w`O)_`q9%B(!m=S0aw`Wc$N7pq5~CYY9d-
zilQMu0YVMb-s^Fq=KzQ<a8oFJr~bhAMDGbSC_V{8M*2bzq7kwJsy|n_HzeeDu3#j1
z5@B|Jh6pxI=1`qRIb`2sD_|6O1Pe<m8frbN{!1Xw+)VNleNB&`ACSzu#RlL9j+bIk
zX~0C-Tbo^viqH$lmWA&i*gk#&7%C|PC+e2Ast^pH1cEF11Zw9+=NTgu03y2*rcBFB
zjp<!PHx@wGguG@+M+t_i1%<YOP?E{Z;&H@H{oNSwwo1l4^azT4=vBXcdeupVUNt1e
z%-dpmhAU$)Xr3)tek&#2J+5e;uY@hQlQegi2I(^Ok~Bv!McXtIAz-Ah*Fa7^02+r1
z<Toa6!8)khC=6F~r~N1rAll*zqN$$dPbS9Ug}+gHQ$a9T5PoEcBu!oZ_wau{ALdDu
zOFG62^#G3(K=6u}SS)NVU{Wu(<?_3SSnn+AZ-5j1h2asVK-XRZ#_OT4op9Bhf7C1;
z3175Iu`yDMU{lhLOE#9-{mhQ|bJ^aF6MoH^x0Y9zDTt;?;B7Qk7w|{0xU{J+U)=9%
z(X@a^AZBzOse*{{C@@}Fz4b_61glt2dsJT|E)VpxPl#ISgEgFSZBOTS7GcGs(28Xj
zUWPpKuMUFIbJZZGP3vou8UBx}1g@H{asc*Dab(Qp)sH6nD?+RB1`!N~0YBrL2~<5@
zcrZV`26!XRzC3=78{7{?hu|xn;=b?}zTe_Q3p1!Ye*gu}bXos}|K2Nat{&&#R7w48
z0C!Ju8gQZ0ER6F{kHBx&nx}uf{^zf*pgK@~hTnhnt5G2V^L}sRJG$0Wy>|CIIefMI
z0?38g{S5o*YL}v@dJ4+rhY^^bpFR6EZ4@5+*9Iur{@HV^vvT9#J6^bW+50@E2m41j
zKzr9i*Woch|Kc5Q1WRu&Zs7VK-)&w03Aqe}(w$EO#&6ysh!%#P)Sm7KvOhmOW8cBW
ze<;)DfxZbooCFJlWY5#LXXk9BK*zkZd&;dNbT&ZQ<g<IwhAOTOup&E_-rpM!4SJFG
zaIND@eE_~#R_Vpz*=Tr$_kz)l1taA0X!q>KjVfUMn|p-wx94>34|fRf6RVbHXSi4f
zy~pb9@W{R0`@?&Cw{uVtNWZm9gd0l77`w5<%1tO2`?rTx+<WyH;VkYIUR_@7zroq_
zvzOyL*(n_GY>&GP@!o)cvh!z$hnSW92eu^LKI!)Ci;X`H_s@0@UL6jLCojPJ=#31k
zDzC63dxEQlmzRG(?0twJ?VdSsACJcjeCX`yudw+~;QBga=$2sB`|bty^Xwpi_3ZfF
zeP2JRHj~#Q&Tq5#zEAv+3YkFA)gP@!qegTOBUQ*B7l1jS7t`}xkrW3IE>{A6Rt1(p
z*-g|%Trv?ZDq5*At#eipB;FfgJ+c6(AbO6G#etA3hUXD1O$stnu>7z&5P`A}&=D1)
z`-dv2fI8=V7)O=t16*5FVx_ol2TZdE&p_Lp6qHBhWWkeN4AT-*>e^6n0<b=Hz}nYT
zYV@nxh}A5au1<)*akOaxS=7xI+-EAar1uzsWeXvZ1Sm-zI8U}Jko+cAJ{9nty0gw1
z6JeUY7y^f7W&{qi1F*lRbwumr!%GoBSr$?{ArXsQsGXPqk-HB$7D$w6XRwVjDT#7L
za4^D#lSiWn@PXMsfKtp3L4iQ;h3!y*h639W_AJ6aQ5D%#SnyfX#T>lH`ff219*ZC}
zt4FAjAbSZw5bE+CK;4p2pdfTc8Se?(DZ8*;pkBTcP!se{$tW(N*sLL{m~3LGB3l-=
zUpY8H5EH;-M<J{xA_RM_Zov5tSu~Q}b0BO^^^+-tipl-!+Z}*{ej`$IBQo-+iC&FO
zq?=6zy^ZKYic6>fRX4v0#okJDM{_8OlEU}5Ru&3BIUp=_nM_ni{CBn;J#=RqkbOgK
zbI4I82t+m-3_=T81y(xQo<z7S5Z#kC!c8BWDz`ame(-{Vd=Mez@pDF3fbT<>GXMhR
z!~3EfG6VJudVsyzsug0I-K(n=Li35?8C3|O9wG*0Jv&5uz<MEUbr{&>Pz;OOmGx(u
z(36R0Q%2!atw=fR6_!#uD8cK_GYl2$PW!s=MWpapGFoZydVZs+4Q(Yc+Ki@SG^Giu
zawG6ITl9f^fudOWZp#tb3&m9cCm4QZYWqfvpxm<yS$dj7VxHVo1STnFf>QB;`Fz;L
z>tQ0CS;+?Br=uVhguQN_B&OvU`S5Lq*hZ_KG}%q?;jtMDnC{_KzgGeM96wbnkDYKh
z>#E~v&q=xHTxT&gfXN#w-hGjbd>%6O7~;E7WD|q1X*h><K1XDa!FJN(;bOrTs;8|j
zt6;zOmkQds+m5Q?rT1w-&q)yOXBAe7@7FBr^%18DP6}=i7!rsSoMCND_6f8PBIVB>
z2|OLst6ahj)&8~Db4W4waz8c?n5M0GgB{88ubovzF02N9v!Pf=mtwXm!eG11UQzDj
zWgm+u0heIc5dx-b=mG)OpDb@~<JwoGu8JnMYfx|!d(izGD6lMVg)c|-_gZhHcWtBj
zd!;ULWvj;VK>hnp=5b{9HA*1tA)wj+yix_w(F1~hd`I06^k5d2WZtni+gx8qx%bi1
z{mrE>2ku`}v37sy`lh?*r`UykGW>P;{<Gm4QePwLUw<|{Jvli-Y4<p{FpSn@18Db0
zMD`DLbVFE=<nk3n?@fOHhEZ5`Pp}jFu}RoZ;%@4OE2{@5T$V8bKH`%LL_gCB23ht>
zy*2KwxIv#kd+U99VnsY~4fCtRt@keWKIH!obTx2v@_PU5KZ6O+582BcK7T7JoM)SL
z?7i6cDRTK_tkw=sF1TiIABS6jMDR20^6uFQG%^0T){pk4+m~lAL5*97dwXiJY#pK-
zbEK*Y+hWG=_EPQI);HBW>bT~&wPo&wynzGVBMU0ma>;hw?CI1XZn{bo&oE>*rU8&Q
z{NG~S!d3CA7(3R`MS_d=0P4x|(w86AB^YQCSj1=PK`+yTWHHkU6O@y(ppgjyw5XX3
zoG~9YV9{Avc*rb(Fg{37v?3rhBJ68LSl`ZKtn7hLkQ7W55W}v=0>X+YV^o1t)f98B
z*CiQYGm5DL7eTm;2?Wg!ZivZG=x2<wL5N^CV3egLVENE8Gz4JsbxsZQFuEL4tX2q7
zJSe(z8LKb@;J5L6l86|=q0_fm&!RBxClrG*P@&lXS}B*xB@yBCU{#_dQtp$su+=5D
z$s4M;+%I|whI-`#hHNCJV&Ytcxw7y$>mp=|q<|?c>yMK;>yM}g;i5*~qBTX{dlJA2
z`ZNS#YeuYhbP2+))Y#3}J@Z$T3}z)Zca~t<17o*fS@>e#17r3tJ;|z<DzNzZHY=PN
zAZUFG>574HJwk}^S%%9K2l;`y8gnFpYqbWLARiE;LYKJYhX}X=4^c3{p#TFx=lPcw
z6C#p1zdIOZgeehBwF5yjHQLV`B>LAF3`rBNGkt`;hDdG*V=`Q6BE2q{R&8-~U}ioD
z+6IJ~G|PRWDq_mD=~Oqwyn9^*>C#>(s0GJ%0TyN^1{)853t~|>gdPMc)<|tjBA$?=
z0^vA7_-QIEbFVkBJM&v$2DD?^rsnr3y4ly9gyaR*Y1@qjx_`~CXbEKyp20T<+f_eD
zC`u6+Akp}6t}s-;u{3i5W&j`Gd_u`v%9w~9&j8C9u=NlKsyK*}J)kL9Z3Yp}m!VI?
zG6-yYgx{ikumy8(p~yLr-f`&(x+9b<L)L;JOmn>iGU_0{z`cfvSv0-QK*&Q|gWu}Q
z0PUEBiZ*lAIJx<uBH}Co&}k}dMVdjSK!k%sK{Kj)Y~j%+pfC7t5<*ZUC}Y2K8DV~7
z9uaBN2X-v4`I{#)BnB~TyT}idg9c;~8RmdVp|Y5g_W+gd4-mzh0qUw9lLHVljt8o2
z&leUvi12lGOB5GD3!niapcQE{L=lz<|5Y|_x`aQ~{K&4CtO5b+lY(7NO3wUlx*g^S
z$Ckcs&4u~O@-S0dtL_7&pUs<j+icJ;r1KDF%{*!=@C6v7?$!{VGa*#o@u~=;R3RL?
z+IHqkOg?mszlqEvo=8m3?og<T2VR6Qry2>I8IqJ=iA7p3gW$Fm9o()g#lY-J5#)i|
zrrza-(lQq~s|hRw#W~Sc6dB=M?;yCGX<Cdl_DElE|7H-E>JdR_wL6>{!woI)Ke^&9
zx9C&lkjJVl&oAP%ejV>wI#z(SE`J2reCQ$Zu;qPna@X6N($lJs40y#2VFcZTuX_}e
z!#e@0A*Xrgs<2V-2;H=^LAK)3DYsmFxdce}FdOA&Z`AvASj|;pQRKjk{}~>v<o@av
zH?FJjYzpToQ7MO6#{&C%w||z%2H)*-#2#jQe)GZPpYYhfhs*wS*ptfsebk^|@9(~x
zo?e^{qkFH>YwhUVYgBl6mTTJ7JozafUw{1LHIn}80CTQZ2tadh{~09o5f*vT38|li
z(F876W#hF9{epwT7YE#CeQ+_HJbiw7jzR@mBvA(0L>FWT&v?_tSDUP$7yGq~-N|8G
zeGNKbKwJBYcc(30!#>90?(p97z4un{y|*=a@6?N<0i@z#u8)2@-1_3fFFpuYx_kEG
zoIL=F9|82A4PT;nF^PuIw|m34i@@bjsi5WSV}J=pbNHs^K4*aLuy%QVfaBi7vxCcv
zUEbHXF4{ty%ldovPzhLy!#Fh@P-bVGErG}R_YRjQq8Y^{iqTl$3mUICV+q)B9OiQ&
zruUvO=Dy-EMmvF#(#&lr=O^c&Cr~JpA5*YGOeU|XsM-L634$r!*#->Z%m}v`C>QPv
zFe*a8d4Q7un6yMB8it1ADoGT|{DLSn&55w=q)|G@A)HB7f2KszlBS9GK_*Cq1c;#2
zP^WA*;<7h@QYS@0sqZn>F?Dfn@BUw1XVdJo2Fw$}AUxGZI7=aNGXtR1s<V_^q<SU<
zfTrq9Yvzv9fiE}_0<{XKz??yEEbk;OX+hE~Ptgqkc^P_eYn^hkf>|<<WKbN00|f;7
zSZRbUh;VUcO$gkRE;E#cP3%ZFfEM!*%Gmc<xlJ0hXkuhe^GKaB_e)F~1vbNMnfy)c
z3D6~wP-a1#*pQt`sJ{j4OGT23N(R&&xLAI2+vN!MMm=R07v4h%akNk4x5rwwN0=X)
z$zlm<O3H#*D>3OP5K&NEVJ1<8nf=R8XmVR<6_fLDE8wo{FHGVb86aGZB_zQK>LB|9
zW3PY3m(YY12$nK<jDeVkDE#;^Yak76Vd>?NqD4wlm%ay<G%<#8M0h3s6j?^I65JTT
z$U&?Kv&1+N%2MViTLo<sqw_2uTR#(H|Hu%cD^%w|1OQhZ7BJ~H0#Tru{g>Vld{{jh
z^%hLCeufk#4IyV+F;<PquF|A=&ELQ}RCCK?iwYW?kPMh2A<6~bEYPI$4fVD!;5>x|
z5rhw|5fy4B_Bmu{*h2()8zMJ2&m@dWkg3$s9>RW7(EQM4)<>H;v+Z?puv`fh*06kA
zA2k-JEBMXffk?KswW8SyIHSD^?sT^Z#7io5vciBX%L%adw_JzIxN9i;DMHSDh-xR~
zYCuBaLuqN>gJo0HqZ1;9zzELT(%`<1Xox{ZKp>}D0%fPu>@I}gDszaxq2=xf2hf^<
zxR&2YBaoD-!r!tXVz39T(RXwx1$V$|6i53ZXcSOt1LY!X>jEzIn`RC$eMDWx#+QX5
zii}8FJzFB=I6wplGBKC|-wtDh2C^%Ku7>C}iYImrXpJ(zy3D>_&2vQXa}6E=vBAhy
zIcLHPH48ms;j5mZ8Z!-t(6AI8ivAYY6Pi{S6Ezj95>H|v+9b*JnP<$&{8S%jP@^su
z*&XsHs@XfF;Uj18;!xlvCUo~9AQ!MNUl^|?y0)4_UHHL+B|KkYI0qP;`8}XRA7SRU
zjF)Jr%P^Ren-?xjf-)slA9?}ssCN;kTv1Qpo-*7I;a-b~YcA>}!wtlYcC{P%*LKb)
zqapEdx`N8`l1?+dby#w0OW?V<9KA*Dt}yLe;&?;2Dg4Cifqq<3cJMj~uOObnS5Zf_
z97rJ$b7Q&A47fabJeNKRtio9paIK*72Fe7D;A84G7c)f9VT!Z<%UAmtl~u2|mk<9e
z&;*Zh=+3$H&s;gi&#%xuh;xHLFbwc|`>?tYC(q*)Ry|?u;cyE3(T`P^xpo293n)5V
z-A6WRD*vnd$Yz?k!|CB0oQqW}`5W+>STl}gj}ZEEh}!bKd!RkS6yr7ZKE8bO(RX|2
zC%5_U&Tw)(>L$O##rEx^>G88GT>w=pO6B(AhNU;pjxP6v^<r3Sd2sRSXzBO@FAw8A
z4Yy8jp@93r7q4%foPF@c-uI`3ZcV@F^$j0<@%{NeQ2gTiTf3)+(=Wb<IsFb!+kfG9
zg1eu;_<%e=`2GS%4aeULdFjTp=@+*S_rB+c@$C=3_X_D-`+MJemGJ%t-#<lheE;nG
zT@-as&Sv+n-O#r<AGI~AmvKJ)K%aVF54ray?|=LL<Q3QDxjlJ~%L)i&R5aegVOP<B
zfk%|v15lgG6^0+*SUmB<;+c}dH}}vPI6VMU-#<A$d3EyqgqzHc{|4<lUSPJp`;to}
zSm-_S=Q!hr!oW|l!F_fOk>l2OG+~qjRz2W{#*7d^JR3bw)QuitcE}rzy}iCObAX12
zydbJMP!m(6+5#*G%(hY?aylR*;D}Q)$lDFHY%miokXr~Q<mLqh(=Nhg2dX8kYrRJS
z$Af`8+k?lQ*wrXDCQG${%LX%{vka?A%oGVJ9QqW*W)ye_W>IjsAXN8gOs(E*mWR!?
zd=V}tf|6PMsRB@4Ek85}TxwMs_VsELB3#jOyv!e_crSdgHl-b;iw*TEQ31LYhH|4#
z5ZMr5)MoN^HY8tcS*r|)aNSgKI1h7riND>X$@*+Tq<bQCkfkz#wSpxg#A0PxsA!nm
zZh~ZysWHvvsv}{{>k!5^DI#c}HX>W^Li0B;GJS_|b!6=pWVwX<5VTMI<&6`9rZiOZ
zK$HXWFb99sAlX8fnWijigymGFIH5EhSk<i&Yh;Qfen}{IS1_E6$>MLtSS)EzK)>->
z3rU%U(B&6Fx%lg53n2ps*0IVWe<~ulCt+DY;;UOhFM#H4Mt%5-=Mf~ShJnAa2=f~i
z5Hlde6To_Fjvyj<-uTeQW-fb7xu~fv1$1|K2+U2S4q6rD13q^wBI0&}{iP2%Uo|FU
zkwU}u2L8&e8!8w^Boy9HWrBp_Qy#Q#JE-nqDna!O(BODbBadj_2vD)13{8Y&DxxX|
z@oz^+un5%~+8nTGHdW*lfm>I;avO!-u_C>EZ;P)TOos@btV#x`+irE6M=DUiHUQu|
z59<(^lGq%GAWx`Y8cr;2%%ISc=+s7pre*=fQ!p6xHfH)YBCH=7sBK$@&uuP0MU$Kw
zI<U|^h|L~N?{C%VSEIm`3%?My1{0b(K!|J<>MVw)EY=R_BUEkQXdn@SyAYK-c_DOF
zP2;7;oc++PLT&~JBK4;g&4C^#CR0G+b-=l<X^F{%U`&;1NfRqVTM-QdT1d!Ev(Y^^
zl-<Km0&pTS{W=2pzKlYjxnCkTx(?`Q5fH)0up!hO<n4?jK^$SR*o>Gp$eYak%gey&
zsO)wshSDZ=RS!r|Z0%bmND!fn8SoSbG@bK&Hl%`nG(=1o^)25+alt%$T8FTPIw7O8
zz|WQ+<zw3dC2EI1z}YT9*zpKY5u|-BA8la{enR}oofD-;2)Q3Zgb+uW-ZbbV)960b
z`x_EU2S8n9qY~dBdaBTw#lk%6Bwpkf9!J}jLsTv#U|H6^1x!@#JlolXU!8ht&p?y7
z5(VcU!rI<}aKk5=PAqaO!Q$4=YFOecLiHh}t*9IxS9*7O>q_T$_!EO|3M{Xk-W2Ls
zdYJEg2FI`Umj@`fX*Gz)I~jt_p@<=uM?k;vC8!_{Qn`l#4Tk!kst?rO;sg{>LwYd|
zD~2+1df%NXBZMLLjs+<1;mb#m-NRp&HrKN)(OcPXhg$nRe+qsMwd+y&zIWK7fcgf#
z;=Q|f#of<-^{d^dhn(c21&mw&<13Yd_i{f1Dyh=8F~EDrtL`@3<^Baob2M~|F&o}-
zMe0#^6@<=ISFefI5WAsR#o~C$xC|K$m%Mv<bP>(i>DBeQ)sV$#3`|>P+Fa9HJy#T&
z-*~g`KfFWin2V2dXMzd_vrBRP=cs?mKWCutn|ol}+;#BHy<7?LF1Z@W2}Sz|UD#Dk
z`0l-@+QNVT^`md0Y+qfz8WwcZag5iC6YR}i`OnpT%YV2>y8Qd><nRK(ynxpYZq4Ot
zUM|JO6pgor_48M|$2d0IIOnDZ;Pb}r!O`w_hr`xO;pWORM+DUyn5heF%rg$Iks_0u
zMDET8LzNM<gm!}1^2??BkC*ZAGHNBn0drJv^o+sRGryAIa%b*45F<-4pQ7sn(}zc|
ze5MLMb%YZaaMPI){OCgj@dcB7@GPAnMwylpBim@;BWVB|Wq)LI=M=0B5y7AwWhKOP
z?!)LqBAjM0D;E^8#}8bCA+rcfPZbhGgq)=`8uJBKIA6ew#D|i7ivET(GGAc1wR~L+
z5CL!0*ea+nrie=-HApQyleG`QIM#vL+N9a<n>0%TAru1U2qB8-im8~wnD{~8VjcyJ
zs$MCDa89KV3Q-hOt1%&4{0)&%s3Z|ElPYU`;Gtgm4MkfGe%P5-)YiWVG&|T>BQmW<
z1p1Jh^E={0>V?pYD#Gd^T=@`^VhYlf8q04{d1INfdepcEV1cg`U8pIRBTX+lAPO#S
zZAUsoz>09W_o4&R)NwD_vUW>=BU}XRD1H;Z@t*K4zlE!jj`amJl#Pi)JDStg*N1J@
zwVp>KXaV*LwhAJzA!uSkGVF)|$tp$?as;Xa;BVceNY2s%3QNTBieNP)1nM)_ZbUc^
zFdrI;UegnqG0M8r7y=eVFD`&<Nyzg6zOMR$D76bYXm+g8G@M_a4FKebNb|$L20WH3
z<h<Y3q=nolAi_j<ID-ECI$<O!7=L@HANmZ`M}dG}<iaX%ZMgAjq)|l#>=+#13SVXe
zVic0_At;#&AcFJSvf#8Zv<PF?^)=v+e*>e<2GB>_A?yf+@nHWF%856J3@I@CB1=c}
z`T{L#f!r-bh$GY)puQ-h24lhln@X*oLUK#l`ltsoLd6{Nvv>3%=R1mC{lH9S!hl;V
z#hhssdoZ2Jgx+!ppokiTD6As{FK+>Q9_?nxnldSv4SPT9#@>(I+(6QM;6*=KwNy#W
zv`9t$R319BC`M2<mrXgy&vK~)&g-h1k^`b}FvuAoXbudZ5#Z$oaGuWs))n-hpf7?f
z2(hOkJ1JC(Dd?ldh%lmzet)Z0^^@Lv%wQBvBaBEXsR1IV^gut0;B0{4u3H)r;iS)Q
z%|1|AqHfgLgBBJRTt?sc$$Ew!XfKH{ml~fvg>Uz`LC|MmJF*o|hCluvOwuGB=NFi5
z<~KI#_`kI4h@b9*o*u2vZ$8GS85hk126JkUkAwvV+3M80aToG@R6Z2|0vrK|E9>iz
zvC&%O+<sWZN5lXtiWi63O<nN<fdZetavu<PvtDZDPyu5=LJZSJag7dTd1^zpvcC2(
zcVo@`%x<krS+j9}2Dz%b>oggN2z6PDek<waycg`bxQ^or?$zRuR;5|Z)QTXvb4#~n
z6u*#G%!j$j!-u5jJhj3>@5(TJc>nGvxMjfg8H%>6IDC7Tbp2VD6#z4R_I!7G{`}{7
z);HeF#Zms<+3EdESztV;=Zb{!Dz0Jw&Hgj&gHRV8U5a@_0ajE$I?$g!$F~Ec^QSmm
zDCK<!#cM7XTJ_oPrDylQyw(Bu=%XvpioWel26uFz`>!b6e`c4KYrJBU#%;h?e7CL;
zKExUfw`lVl%M#gC5}yu`lf5{hS^%@F7AClQs2v$P1_j8&vE->fH}>D)9AV^qzkT!Z
z$HOm%XI@}7Ug4F3f6leFH=f<F&$`k)2>1T(o3Hh}FunM<U;Yyc27?_0*M9n+u-Ec#
zHEvN;H5c^#W~RsR@Pw9o#+A6o$Gdyn6b3rZwP9}$cVU)aOgApM$@g-9`UqDLFVM$*
zar`A7Hej}g?fs+67nj3da3%M2_a9Vl>+hJM?T-#q_-ejp6ZC}3Kt@jw^AFg__4ev_
z^&Mv3en%}Lt-|o}^5`07uYwy1sS(a~BWx+JV(zTPCM?s*?$c*{H7^eScKGt>6&sMh
zV=H+1-Rn1R|1p1m0rxErA1(js@yhDj`o^C(x3+hleEHSae;I!HOJFvP0J9#`XwYzt
zi3Qy(3|e|I$%3<)l%We7F*;V*T?ncG*v|7XvVpNRDTaXz>h7VMuH#r;pc!4F<zRh*
zm6{0{C?<wc_#2BdONi!MCJhvc2-BtVM1ITiqJo6Ku^L-GPTv*G`bOb=&k%mF5-Kof
z&u<Q3AKwG(n{6E(Gy5B#MVD1ZB(CW3C}2bgf#}2BRxj`B!y;X*!dZ@_UFRyu2JGTG
z&f;qG0h=tWW?mGCUtAIq(YzpOLo^Dxvg}DdL9|BO0VdL<s|+HIV`5y>%leA2=9Df;
z(+;#Iq2l<|1OT5xz)~3#|ALl`C7$M&Sya?hG31+>^VVF2Y0=rn0OI(Y=c|h9g21#8
zg))Cgl7J?UY!%cQ;bAM_+U2}UwtuN4z}*goeRVt_g4lURTI?<yPVPtijm*i;Tgb=&
zN;Wa&cfg->xu%H9S#uRGXjI5p-xIj=9xSXjBht=7;#$2ce7&dqh(KvZYNEt<J}Af?
zlSD1qS|Um<ii*g<lf5<R`qdZX8>(fZEj&jkI_IkG`cvIpfx)bve%m5464+7&;&X^V
z3#e5=!znB#pwbG#+cE_3>E-|j+@}ik9p58e*gGkJNeRhjfoFo%%VyzH*m17ju4zIf
zMg(L6eA9A(9^c!E2DUd(_(G2q!1E3=btj0zmpY1K{rINjyUjz?rFc&VZld0v&j9Sr
zLH!7_mD6QFf#{=_fub~(md7=Un{EE&pY@?oMiA`okO8#&6JLq%utBBz3iF~#=`66l
z9~Z)JUu2$##rkbMhPNhA2)93o=wh&6N+>PMunRxjQyP%D-vuI-;>^Y>vQak`VKt((
zDvl<}Tn?9KwmC`axq&jM&_YMD7YtDEIR}W|;VQ7_1%z`b+k8JDKe#ys)PN$cb`X9u
zKy%SCe?!~aUf^>XYDDyMLw@kF+Q#y=zSJ`b5PTqSUF|{GYIZAVPfV&xh%Tb!!gSy3
zwv>%qpfx8N=EJb24}j@G-z_<exr0vi2VX}}akc#t%JeOZD>us+@V8n$3fHY;xf4}+
zX<*4*{_+{nG<Y~kp{oExC@Gg*2el_k$#rI7i${N05>m20?3EHCu~Ab3y#m?OF;rDm
zc-;jEED*USVq4SloAAA(cHwx9+4j;jWbTYB1&~AhMoD*hdw4Xz^+?#iHN^kKc;i`I
zPpCj~MeEM=cOS0dldTFC;dpsLD33<)3fGUV-iKO~#U0SOCC!<OiiKhIu{`rlqBnP<
zP0I1E{iRMR)cjpuU&L4Og9j@9&hYu-(gvP0wpNywxJvgCpCv5rxWC|EQ395ZmdXu-
zn;k$eGP{FI;s+mn3L;Z`U;^IMK}1|G;9vl_IqF%cs{7{dfL1J=?fXwP$p2{c)bRcl
zGX6+E3DA-=|7(HCv%uc$ZV7x%Tuk9dUjf`PN_);x`{;Aw@)XtA{V{NMc|3!NKXT^4
zT@$wtPEUtTaWSsX)V?si*9V|MY{;%|p^()D8B2ts25<nGx<4Y}`QEcDL99|T{@i-p
ze~j0&H<a1d@NFC_?46#V)iKlz?f&6K{1^aZg~r6hi{0A+hZh%bUmxyW98BK(|K5x|
z@qfT0!QS&-(d`)<oinN4srB5O-f)X>bodIr1N`0L367h5m+sy}PkQFgV{&pz$yY9~
zSn?nEO2Z!-nl;ac(WCPGunI%2544Q~+^xYK4_i7{14M6~yghmK^kn#Y{~w2YYA%dE
z4^R%8{ks~$8dItqAIE2Gfc1K|&flmhENaCz2H5Y;Q1XpyGOl27ZPMb4`F!rYh?bcL
zg3n17;Uo)qjbKh7#IcdnJ`f`6y<iC@H7RCZKm>(isKSf_>J1ZILkS>kFlmi&2{}ir
zj$mTgL>Q_i5GQL+|A=5`rc|S#Jm$k*R0Zk{xD4gtg%`|z2r(Z>I7za`G1IFmY{8g3
zjY7T52aeN+Jpz+|HiJx_n6J4sD2xFtHa=7oHAe*5gYMLwK(L51VT;xfE`O>em==p0
zlPLNK$*xu_xJ4C1ur@i>t9sxI#e=vmvvFA4f)$y-i3t=A?gZQ<6imf00k|j=(j1&L
z+x#vflm)c}yA5IWa6jw9=ZPjWIU=A`=uL<gm_x8cu(W_DY)yn{R3(LC=OhL&wqywN
z!_Aq0!+#?36U(`8gUMKZ5XluNV!=F8Rzx*Xm`v3X_Nc<_IL|aDeP}UR=KPKJAWeEr
z6D))dpb!E9yOPS%m7^0hTYw@|BRTI$a8pj0ZF5Hz+4is^BrS=}3nF}SP%j}NYGw%J
zp@>qA8pfo8h?)Y(V2%*TfZR1}Gck}cNvm&M;iwS=`&&);C9Ekm2-kLD4<QIpo0uAL
zQevqQ$riYfn9%@1O(AO0W$<X@q{*^x0om7BTw0tlj&R`H@D{h!Dk4anF>8LkRtgj>
zjzg5cj$J=Z#fTScSue)1Apx19%>vM+8!*R-v#~ZH11~U?qi>1=(6xG0An1`z1o;rM
zUI_6uAXutY_r(-b|7Q#rg`6zyXcXF!LLg`dp>QHHN)5#zQe!p(Y>y)VjE16Rig2fi
z(7}a*rbXEIlH8V(Zt`LG%z8#M)N=yv)^bMT1NNJh&!*i#Y<3AEXr5;Gg>Ici%88Pl
zDj`e6hR5vK6IljCL$z<qcLJ~N$Uy|NLvPb}d>Fyt%<^W38+}uT?2gE_UkvO~OTx~k
ztL=J<oW$6N+f?l*CZ7lNAtIK62-_5lY_?20iP`({I_)ss3ifDBze}bmJ5LVW5M4;i
z(TYCIc8fo*04hoF7Big@z~0eOm`l5fy~ze)2Z_2Vv+Ovv18)bW_UjT`lNiELh&_Rw
ztxg1^0#QZd3`XYJfYxp?1>7b^|M~)g5vs|YWuasJjd_zk5lttQ4BD@tXul(c@hN3O
z>0a@(h3+(uPzeoTo#DW32G*|Bi*|+i?mt`aDyXm!sdkT`>9N*{IoP~+<f;%ca^GNQ
z_-?du=g}zOGLJ|6zrIqEd;xNL0at0>m=O&L6p**4f8JR_*VonE3(HiJKnEg#bFm&0
zAeT*T)LPJTj=WS`_J1thV=veH*Hn-ARMb2}%u&(cRuIh9XAn8pa$GATi;P#7w^Wzd
z5*e>>6$gNte@U>RtgwbEa_RGp9d8{j6%JgQUsPck)*Oa@>(Tt(xHe`-K#&WMXMUZ%
zPJ)B;C+iUOUuEau-5kIB-Ouvf5W3!=0o(;c0@{9__eRrUXJzTW?$fS4x&c6+@&rhF
ziV51e>b_M`t|Q)`P`daHF#TiU-qp>$UYn+hvbxg&?lQ1Y*r+l;>-BIdIGjB9R=8XE
zRX)1L^Pv5k7X<G<`}^e~6noI;pc-x*jU5koPqTQSN%Rns+1|<ixlWZ2P;o$qHZC4!
zdkIY8sL$aU1)x4_Yyw_A-N#sO_A-tp#!E^Hc5f=yUS8iTvU)t+iiMkAc#kF`Td?kZ
zjOSibkYR!10E7>z_N(FH{>j-3)hHexT<-0@-UY#4DN#H+M4jTr(c9C5^I;nu3T`|Z
z{&EUPEyCU4TM*5z;yt0Rce$!2{`jtxYt@jK%9Yb~l&fK}xx^>2wapH3cC{OqyyS8>
z&R2lG_jlCY*GQDeXy-iU8UMQW<h#VzvdpXj-wgE>Te}#<<@yo6ch9!@-i5Br69~@{
zLBIirtb@!9U@j&uk*|L<7a{@_=RlD@jM+BA*$-^y8iEj1NN@UHc?L9fo%a=a$O*2Y
z5Nw>)2T}q%C=j7=$2C|IDVsE0nt}<{C|&YeMy6_0tWmJ+uti`hWX@DW*AQ!)FPB&o
z6I&8Q9%j)1|0ZD$U;V9C!3g1$!W`fiMBN~}JPhw6C^nUvWiU0TcCI2kboq!7{Sk8Q
z78_ghwz@Ew)kEM*4j^7DDdL^0V2TIv7UPDsA>r`6EKkhiu2R0&Y9gdJfHflr>{3K`
z27)3?T9kwks3=PQiVF;71yobRRC;|Jizq*ljle-c*%4A@f>i%T>yuWnrRfU6I>Ogf
z$*3PMl}i9oVMSR?c@MtUl}L<Ak_aKV+84Y>Zw143F_o{SIe?>fo5GlYDrycjYv&_e
z4JB$7G%jUfU3T3RqZ$IEno4gQfMFd`X%Hlb%to={6|v6r%+mZ2`7K^JfPOZ(!a`V2
z1e}=<S<n@wsHA8UDlqT3qV?6bLAbB7FHEH_kPxXK`WI#kRy8IA$|&`Ogos{AkEaPm
z^Ea55MVV;)wf<3pW*|F?w0ENw5caBq5+j1>_?9Un_%=8a2t&^Dxe<_nhN44>uv88k
z@<G(lE%>nnI*2xju-i?HUb^dsn)p@q6xk*O(C}eMa?z`yZh;Xg1016TYZvGY%qTRv
zuXo&uUM&%$Dq_4@qgWO@JccX31odL;KpTQFZ7IIKUfO}5+k|K^p1D6jsXtZdg?sdV
z@N}J907lpFji|6y+5?;&We-3lEdx{MC@edjFsI0%m&@hj=L7QvBKiWbGGGk#7#^Z@
zVMj58T6OTGACj;#p=?yyvN=h~+)`=~WKbfMEg8{U)upH#U7A|R*%n7QZUB<9_zLDR
zOaTSk^lM<HADp1lM|_Ls-IwTA8j1~9V#Cl{awbbt>M;`{tZ#4K6I7ZRquR1EnV443
z*$}yB1YuR-(-S3w1o-K^;I$hT1r=L!py6n5L}+5f<Kd5=4>GFr*G{=$Qe!Hvt1VW&
zN5j&epWHBL3mF^u1!;=Tu9sBd)>m~@)i1z_TboaA5Uf04p<JvtgxUQUVPn;}U73G4
zI#s9+#j>6prmM@>j)iZy1!h5B(mV|VxQD3!a<j#KR(Di8qC4q|jU$D6{+&7e<x1e2
zSQPz=+eA=VBxpF`5#8P>f2i$ye_`t`a0t^X(cSsa0!mQSzv<lf{B(Hp$?)b6fWc3O
zxw+wc)B%o;bcrx?xT}MMd-rCc2{b2ar|+P>v;Cv}U0k^q?cKS3=i}QS|7*te@c0x$
zc1F3*Zju=OxVgXQ9SwV*4}Uu!t;OP`i(5DLHDu!^kp1Z~SPh2*C@oxjtVN@NLP*74
zDecC@?&(_`(c<<uw>?b2%;?enk_#`ykx|<ff(9V_U>D5m(_w4>l=sA&lww%N;csAQ
zA`*a0rI09F;8%BY^7L=q{}ELSS!T5@&d*Pt={%R4G`yg~3p9G8$=M0sD!`xUA<Wbe
zzPUGZL-x(R%Tp3Z3wRz2!jmJA==3J+yidBj(<i$JdJwxjJ~=^m;qC6hbmeeZdAlcW
zT|*z?Vt3zval7C4?%{Oha(~!(K5QR8-G{Lq{&LQt0!TF$o48(BTwbr4SN=KE^_}1O
zYNi70#dsKws_2dsg+kl%cWvn*cjCqM*p>3{8md0qe3)E+%*s3ZbJ)CATF4eI7N5Ew
zamxtxbYsu*$?ZSfzB`<sPBjR8eR8%3U<HUVduUuX3MMAk8>S6}OFzIh4i7-C{3dec
zH?b-&AY3>Qt`P{QH;`*M-m;RcpT_8H3!58&SPwS>SEgWu`~w~(T%Z(Yz*#Uen84M1
zY9B0qHL+e$#qt!CS|>M<yH0tKyY9Btb}&t*!GxHu4P_SARhenB1o|7;%WS*D7u{MD
z%vP9wH9<2!gh|(kMPUH}2>u2_@pU*GAJ!HE5!V!mJ`{z}(gHq&(>6Yj(wq=7CXF_t
zWpQbXFmu|$pIEKPho#S!qfw+yfU~v^$`8^e@VNPn!qc2AfC4a5DxGUzU~-;cveJU5
z#S=D^X`u7qZ>&O;PC@+<Vk=s2uEGTuh-w|RIP*OjN=3<IhJz*1;s(JwYMCK!O_N-C
z0pMX`2<Z~>2L+??9Y+stJ(ei~|MJ&zvCKmVi?R^W8*mgs$;z=H9Bw*&$iottP)H;w
zGn<E@5($~S1nnGx0#FdSSYyH=(hTY>m{@gU5q1QuX`)oMl2Ejh8GXLa(q|6$bCe7e
zwlx?v$(`c{lV&WMW)ExG<M~;DfrFNTW4=(g|8ltIN2@3}Z}&aOL|W0yDy%J?P!TE@
zU~CAS>k9w_S`6XY0;cA60;o5Y1_KzA$;g;hdsUbNn9CPx;5IUTKwUl=P_1A=jO$;L
zjtJ`OaX8r4N+N;}*{;$YVB1i*Y%>^5D81x21a&3kPywe03s$`Y92*eL#=;zEO>->=
z4uEwlA)NKSdQ$bEAP=j4z}U19w5G53TL#C5#05%GNl~pY(2NO1m4iM=#h7_~h|d}8
zjD@XrK#9TP0(E^4B?gm5<Y836!M{nm+YCY~ge#I*?>VM3tO``Ag{L!oy(-`Z&wS;!
z5unygiAERdhm1@G&%CAK0>XJXfH%}J^MQRwbC)Y+f-saBRXUXy6r>5@b)+H!6yZvZ
z*<BtaX%J%dyqOnsnBV5tZ5UN%eschEghLCfabTcklbVm20R_u%kF~@@{~*jR!`4vU
znt*5X9-}u8WBI4b0kvfC$$lf^H<!kw69|QcrTI*{qgOoyUk7aa9u4AeFx5{6uQsmf
z7-yXEg#ea)Fu$|n-EOcwbh8S-%MXSJORk#B4<;kv>vd0~-Y%phx3R6GqL3Si2f0Nq
zj{0O#a#D(N>EY5>8)({+21$BFvKQ6*gOC%&g3S%x$u7lFm{$$!>Wd{EOd3{~PgCVx
zy*2<tM?DCgFMM^w(rtFj1PB4UH=Hm8r$XQ6y`5tg?C^Y(ono|!Ky7k*f_W2+qApuO
zRyTDBZfg~`#LXQ`Qvnw!vazw*y1MVp6Zdl<(aD*XVpsQcO@4yzd~^5CO|{)&Zuozk
zhUYd1DA9`&m`B5SQJaVIuTDX9UU4jDgn-3e!kO55^4{g`H@y1_!f_2Wd~G^5iy&3F
z%iRlCr{}MB|8{bA`_&=1bog)rJO*B#_x6TkFFJtU1lP%77KWbN7!r}aiA*pk+5z|d
z)ZNE-Z`^&n@O)T!dv<u_RmKl5&t6@=jPuy(!olIo!$D3R@bwecS2rHsfP1ixqqA3b
z7+hfzzpwAyF?MzG4y8Hzi``(K<3T;q9m;>2$3y$ycE7{CE!U%6o*e<#m@N5DS&p3$
z#Bh8ZK!N}ge&pL?U+;VjEl|{!Q#VMk;2_pPCIpe0$J7WuDusxtL<Hs*qzp0>Hvqz%
z$`HarA(`=+In0N((I{OM6&58n!~AWadDmcs8^fIF(Ij)$QyZ1fTUP+S#=h8G3rsZr
zVyY>q0gySfBT_5oLyN!(rmtxVjsS_7R<)WyKO$O0UC72{n1*tCMEEv9%#wgv4VAV4
zSfnv(9m1-R;xS>H59^3!X7;ftbu`B8O+W^+!pc!aO{zS4r#grny@T8g(M`s*xfONG
zW!VX_z$t)|w5-A?sHRdagzJbN0V1M5AtEzPkDL`fQKw0L9ROrv2=ilwqIX$Aa-5Ga
z6)78q%>mJp0P2sv26Qt?CUY<neWl$WRh90cnavJi_i7_X2tw6*VHIW-c+0*+m@63E
zns}hj3$m0%fu6Kk5It9CwKi0&1HxoviqI$-grvum3|*T=0hSk&nOGTZ2}#pr{i0qh
zV#Q=a5du*QWyfUvE>$cl31RMHT5vyR&cYQDqMBkQ#IkJ4Ww!b3svR2lP=vy2a^8?A
ztb@d?5eyDXW!&8)SOtcTxwDTjCZfODs$TrdZ(DOwxB$I|$*cP&LJmMN88I17bG)wL
zbws&EC`?1CGk+3dbO|aL7o(t`37J;)5~zoTR+uunrT#4><4{$6f@z-M=1y=HfY|7{
zde*;GN(TYv%!gg!SBTy~XguJ8nel!5T1YTfc}EJue)Jv!^W-ZxB3l>V2Dvd(Kn{*Y
zMycAGh#dVR@>|sAIUP^SfYr>PfC5q1Tw%r--A;3eLcQoMNKe`%bPqkxw;z|c?GR2T
z+-!P+ONW4z{Y`cfA+boE5mpuv{8J(r)RmvoEqoiLCG&-Hl$}%Ij%z+KtA|K@K8pmB
z6rE!>>`nOK>M<7e2J@<xgG#0J3L>;38!S2pOea6;T_O}5Fc)yfJl#-I>{S|II>!zo
zEMr|_aPVDh#}PHZ)e1m7YKYm_-1)3&FFG~Iu$MXu@r=?lAVjFw?u+@bY;};H-Affm
zk!GvzuP$L}d^QZumWbp)S6HL$dT|De>pKj=xU6g)rOF&$YwSL{-HOqF^e<-+2{~0c
z6gz)hzb>y~gvDVt#!+}$#g-pUQXp3F*fQqS+x(0@H5}z=b_HxB3@}`jPE;=x2qxP(
z>0MzfVmuBEWhqDXQ%=IS9|fLCRo-9PhFM(0$m`2tePt1C)~&5Cxx=iK<@_ezX3JUr
zd1qblxc=poo6gik-2_Fh4g$yfUym0f)IES#6mU?#xs0!ZYaLgwA5*gwvWHc3@BsX`
zA7lTuwGbo!I%mCyss0bHBhz;(Hda^X;6G>l#Uc2%_gCRn>g?^7MBtm>VGD+LS76}Y
z-QNsX{N-f8o$JZ#$*6K#{ng>S6K)bfqjdMmQ>*9cwYPuo=yJFs7&mq=4!%76=NhJA
z9nXGUG5zjNEVTZa4c8AM-%Vur!Ly5Mj!s^{4xVzl3}rWe`2q|&)8?!mCj=$szx1l%
znFFbn6TGgzTG&0+$JMzmTcHo{ZQ&2#;>qDT3ZFFt!->E>|Nmfkw2v2t*8^^T-yWS@
z98TAEU&O%_#*HW^bG_b5%=jVuJiZ3z-SEtMeMQv_7OJe-1L+$F*f@^DN=cZho=4R-
znDq?k1mJ4mF)9lY`RsvqP7rEa@!cwzYuwu_m~A7%yE&5(5==5JgCbpH5Y8G1*Fp)w
zgmMr?DCn!s#_!Y!S#;xjOlmBNfJvt~L_(Y>8tNhfNOZCS2RToG4s*)OBx@9QnPSV#
zweobv09crErzP*5^6jqU;K3vU-mrXl)Mw^GQ8N{)BLa|wKlSP>=1%5XR#?xi5TV<8
zQ@N^`MpU^;!6JfiV@gXp<%$BC9yLv(hzMJT(g$-<Z;I+EGet#2X_C^Bo3xzh4B>kS
zvO(l#TBck|3_NmnML2&$)484?Lhg~4NwZFx9~HI`oa0h5y2F{*Ii12HL``x}hJb+)
zJ@}@WrpXFtAy_u^Ti7GGyKssudnWCcI{>iClX#Uiw5CCog0d(WX@Wy)D>$TNh|+sm
z<LonHqGoBD5(DIi(0KnbgoMAb&`=}*j;#w+43LBGBZ{<Nek-BHu`3yQ%FTO{fTRi0
zXA=m7X+d=_eW5C2Fnnf<s{w1P#{pjl9n)CSe*OmSS8QoFiY*QGJ|D5AQHn)NjmYeo
zIUQzNy}J`pP}zdjvP@7(W$86r711c}ndqRfk_-s?nUF1wB4kd(>ywPmOY!Ig>qA%i
z9+V-a-0CMPU`!|&mQc7WK0nIGnRM@~3e*NL2BFpa5bJU|JxT{^ETW8s7o`d_$5%^k
zv4C;((5?z0VU4%ITE%|_YmjwRL$WR+x)@+Xd1U<pSR6Ju=Eiw~QI`0GBAgsx@ElBt
zz|tC^b3E-&Z1d;<L>NZKrA2|V6TpEs63XRmlt*{N3NxU6=^aE_y^vajiXxxX1=W+N
zVXD|j%wDhxsJGE!qwFhPx+;Jt%n}GcN*vAES=uQPQ$g9KR{2dvpKOU(99VSIy$`t2
z7npa<k4Cra5RL=pE{ltBPXa~^8&*D549EaL*ks_mz&3V5zVN?+Q;438K;hA8!aO5(
z)1xp3n@0-GA#^g}6of*%e>IVAy#aPKxVX-@8LXC)<~MIXT1(lD5F#<Fk%50FXG`5Y
z`2w7sFVKEwPzM(_n7>J4Mlg`>eHLxUY9=l`TIUM@>2dUxGc2v}7q&oSqp8qDi}?8d
z_koAV!Z~y&Bd5@9!{Ytbt?9<{#?tNa1}AhEt1jj_b?yi#5ofUf%0t)K8$O^WG5S@%
zu(#U=vH{n)?#g>(r2s?lEdk9|K9%|lniQ_Btxp#?I}g=o@#2kVd!2<pj#*)O>f>Ln
zGW<;Wb16S?+?~4uIho7H1HWwj4h_Qhqc5lr(D!k3fKAh)#z7Ky|3F<1Ovdf8K&uai
z8<z2Nb2I<=-07=1c~51hb$8zjLTj?Eb<O(&4vK0iGx^?w+nsB(mH6mKsV|4Dl4_fm
z$6Fq_t{>m$+}E?)9^%%g|Gj&EgOHqIr*F3)-bUW-_+)|;DNNx*SDsDI_D}b5SSlSj
zJNq8~*YNE>hHu}z_wn5~-uVd$w~rxyX)hvj=sxqI^uwoT*qL+ox~hKX^zq@#-ItfW
z@@ePoi-XHEDZ9nRnMPndL9DN7Qg&tJlAAzBQ*aJZ;uN2^Hg>iisaX)UKf3EG{*`**
zI9hcs=5gx-kUt{C97CVA%r8JPUg6Ftr>agCo^tXrf}TR3b(_dhQXoc8ro>BpahSf;
zO@2=_bF${?D4!U|BYsU_D85>eRGtNc;NseE5eVfnC(lNv>h&p@GkvYjK6tB~S`iOK
zo2le1l_k=Dv#VxCQkWu)8r4t~H3f39Jg{PtrCV);Ob8a>`NMp~2ENo;RI7kcDJe~0
z@-$LJ%EtT{Wjyc$MdY|s3<qfzU<B5pqTF=tY{OJ2`$q-i6A3|fBpj6Wm?_y1Qy)S-
zw+Lr)VG@P(;F1oYVe9~P`F!1#O2G<(aC@!DJV>L-i7I$#6Ox01R4htDk6rGVQs*iP
zlbFkWnCmzZMN(PA^@2mYDOB-8kUPSpHPEKG3bK_$BLoyG+$m$lYR_*lYC$$Vp$8FJ
zYRCvX5@DrTjcGZLLlZyi0ij0Bxr@{rZG~_dXGJoNvJvud^e4gyMe)EWi-qXJ9@27D
zWS-TO0!9U)l{N-OB{zH%m`X3GLG)o*f|7T%q-k)M6n#cF1{J{)nHvj}g+o|6fn<d#
za?EE4crd4^-XSB=n0$b~$HH#Rs-FRd0vQ>FU>dBlbL2Re*XcjU9U`!&jV`vL5UTz8
zm#$aTETiAAn2It0rvy&ubTTw#*yvQ)G<#E0jp7NUd{~EQdS^0Wn#~tzHu?(T3JYXT
zN$Tf82l&2M1zxb0UF^ZAueV7dFU=gBYIdyri4j_rRXu6Z!WJDtYsktedh`t9^4~po
zW&2_p09h;LzJou3XT<`fU7W=%!*3jCS~fMdBk}?OAtBJ453@N?<Y5#d2=z!cWWE^8
zjH;{2jT`9|z!%T>Yd$LeDWK{BUENwRzc>?m%F5dcveOTd4|}zmR^rq{VHAW>z(3TH
zlxb@cw!+TLq)bumd`=9k9ik8IeDGV~ST`NAdL)bp!lA$E4T!t|B)%59L*o^`Ae9Zt
zn`tF6QY+0=e1>)>WtGCCY4put-e5XYt|F)Y@XegAtq{$tX6Sp}79*U8KyD5Ugd<!y
zN3|$jUSLu;clbG@RNt{j*6f4x6GyN91iG|fRTbb}TV4ES!8&zg(MXi}?Lf03ntXU5
z#9RK-GJi%3?=9fa>O4y%u2Dw26RD6*%sqzsFI<9Yn_ryBV1#oUycaYkr_uMD->%8X
zcoI8<Uz<yR-dWz{rX*}yK!c#gI<(gyW_gWs*&UE13>ggC2G$~I`z<Z>P)%xZy7Q;y
zt)Er%oB2ulcf8Us>}qB46bp#6x07=`p+7rNdF{%Aq7K}9@`}=$R}0++xIwDj{k;s@
z{_fsKxnpSZ8i(cRs7;`%Fn-nv`dK)(>llZ}hg=+wdR{f=-icTflF6+reh%MB)9K~q
z;oiyfTNs<*@qYB<#8K+?ze;=EypI$Ma<4lAgVk!~z1#nF{!i_|ujBnJKX;{G`Ri)*
zO{<<*uS+uxz=31lX`5^K^&ywm{|ejiUw|}s_kuis0)@UeKQNzN9*;Ll(Z0_w<?E&p
zj?e0$^cU(j{vBUKTFl?OcX=Ec9PPh2{r(Rai9bEO2vF8ioU%T9ne=0lej6zK^l10^
zC1=pz+`ICSG;^AI0}k7R!|Ztu^#2n@yU;xrXy2lF7wU#*@v18xvEf=>g%FpDbmO9v
zQBbWP6_0lk+K{Ns*IB`l^m4aCgt?-^t;`iR4wgnY7x>Jf_9NJK|G6H`-_ccm?@8r2
zec`d&FPO}a@7(?5H^2Se??3%R9V*q~Qh>CFgd%7rIr$4FCIwRw=tbbC&Y_{=BNjxD
z&w$lM*B;COl}rS1?K+0Y(ROERm^vv5iAw+GOe~6N8l2}*XfO}Lnf4T51yvN8LIL5y
z?zNEcJe-*x6z;sLMxL+tY)oTxOVzV6gcGX>J%UNpP%U9t$_=50=<8q_qX1*guN(0@
z_2#4gq4_bLTdTqzQcU%s{_>DxE`Kwr`n3_7=a;NiAoLW071H8yD&ucGosltSeUay+
zKEQGlMz~n9M7u0&>5&kNC?U8yUQqa3u#$gidW8LltvlVJ&r~`L^daTu{>12yOQ51m
z=x?<#Qu`^tWj)65$0l8ZB8mY083JxZgzRLM_92W)1d!8EU!cYbWsL{ZyEFoXq~#DQ
zN+}Xz=Vd6%po07;ttBHV`CbJj^Xxk!3_9lH^={t-alj3&0(P>tU~#hZ=$pnAq4OF*
zxH007T;NSUi2jzN;oi?6t2xI{3{vuz+@#fIH7l$Zg)?uD%FV4Bwcs&}Ck{9BD%FX+
zEf?p37A5cm4aHjN<R}?j?S~?bY_5D|G>XCuYHgq}#3!f#F!)04wuILhc_5^v7^Q*p
z9Zi0@mKH(T$;P&!AnqX$epQJ67GNgK&Tl>R?FB~Cn&b!C?ooNDRYGASoe21i9iK_}
z<bi{22LuDi21kscfO`fW4FTNFZ)MSBG3g91nu?H9^PJm=G$q>)2MXO6JY9!7^uEmo
zVhdR1d^RDj$M9j(gS7PZdQYRg)gFY<^&y3gsJdY`jbK!VDI#c|ZH(2xS&|I}QnoyG
zCyPj%(CU4dQ~R>WB4#Q8Dt1>(J*_vrWYXYZeuA^K2bo?AfEmhx!|r#4!<0`xlZIsu
zH4#2ED~l-fW!h_qm^@@qXoADrlAC0M2>7gaE<4QtP3CSgr>5aQyHVo%(qRIK*^c)-
zydm3N7@bh&X3(^w4>TP}%G_<{Rp3PgclV+;P<2k#+sB;2yN5<N>@?l6CWY(prg@gu
z=YzBXfY`z0%mjQ*u(}RfW|Jh+dDp`dTLq;AU!Z?2Cgrlw2wx~~f?lKJOper;?KMOw
z+?~MnZVUKpJcLa|51L{$b@B1Nv^kzjk0#ZN>pL)$Fq&&viQ^en8Wj*slk<-!B}hjD
z?{K6$+uS$0{q=1qOKyJhKBzyh$cSkTglloARnFWtml?X(#3=wfUYUM#!zgI7^>}$>
z;yF3MA*b!?HHP#Ib$aEQ3ID1aoS)w`@0otN3H&#6DzUPT*)7)OSctD+GK3uP=ZN1|
zZ?3|0JaPHw!v(Hn-GXw}!|GM)Sd42merMRC>?<?g)$-_6is&%2Y)lroEcNPQ*qM9%
z#U&47r?{zFULH93-W)HXy4If*t*bu?@j3%$xp|5^iTVq6BREldKKXcf!++d<x_9T=
zAZ3=^%<1X=^Z-YgM?m~*|3J7DbrbMf+m@@#tcIg&6YvjbjP9M^ad_S+!1<G-z0pn6
zXl*lfb1-b59Rh-J95vp!x(k6Dzf#Z7PF|VEXoWP1{wOv$%j5lC|E|ANv<psu%Gv2p
zJA%4#N7#GkLv9Q>pXx_-(CTQ)rD2?;>p%bSe0u)(qr<^wo!Z2jS<MX8@8OOASmGNW
zQIk4>T0h?3KruFZq|4*nhk8cEV}rDRej5{{z5Qq3UCcbJzOJ9t52G6T;p7!}b3tX-
zaq2rU|GD2)tg}uv<o`jExL*CiFaJD=Z1eWBHMrKj{S#Q+oy`U&@b~UL*ga<V$DU^8
zXka+f2#LPu?YAdy^#Qivh_f*|mZJT;fXXdyc(-!<113-lCtO*3{%rrBYb`9lV%No1
zaypN<T3xel>|Rb6*nd6Ry#%z63Jd&e1x@H3(EJt1uNSG+rS17~TR<FiW{Bzz8%<}X
zAJnIN1@e_;)Aggx9X(R@GK1@<>NKcJ!^aPIp5;TqtUd>!!vf>l&ZG!S?o7-I<W!1q
zZUlBa+alx**#NkFAe=sB+5O85t^f%|g!ZmY1A7ElJ~jv0Dsbu+oF8X17%jQ-u_Lf3
z>;YVE+zOaojdBr*QsR>mBv&AaX+q@5jU!kFbT~xyB<uaHU<|bf`E9iytO+ZG8L{j{
zWJSkKRWN#WCs2E^3JBAx3Y|KnhPno^6Yx@cM7&PHxS1U$NG8cH#)d;AO2|<{*(`u6
zi~>q92bL+{D-DOR${>MJSf3JTI%=h%sfXBtdIW0&AW6h+f`U3zJMY3us9LHba2^&(
zfsUhm+7k(O0q)8WcC32>3QapVl!cm5>He(O()}jg_)y2b4cku*5JDPO(NRRT0vgu%
z)ujc^(R^$u95@IyHMQn95yl;*q^vI52wTeC0x2sR@&!hiKtLLf-&9f|S1+?LL=%&=
zUZ%)Zy$6K*1Kv}R5yICM3>miz<OhXs&1LcvC3`!XChD_Q<z{PO0X^q1P4qZvG1Y-h
ztYgz%fUn=r*TOD9P^WS%MM6a;+0p`L3l(fC3@b`a!<iNwqD5gtN`-h=q=ImCC`<(I
z-?wSMIYpFT5bpVCcE=wgyOdgwQ=ROFdTQJ&zG!aKVADy-#rb3konGEOS0A$*2^Ma}
zIks_7A>0PawUdqDpUQ!!tueweqO&M!B@a(w5xVF^_@ToOSOYf(W~*BX1c1_qeAD!=
zth_IjkyZ88-|A(b-2!!V&)_q5{^nEAh)DS;vq_R^1kG<K1b<tWVdp6y)104-%(`V}
z+hD|=xwBvBwFh*N4{4r=Fy#H*c^LJC8iKiPuyzvQ2tdA#lbuVqV{+&|>a+@n?s##V
zK$AKFC@h%hKb=c6nVaaJhX_Zcc%S;K8k>iXL=b(kdFC*Xx)nwQ`&I)-rB%~nS5H0w
zc6T5mb<^t9iHJ4>g0}Y{%$T(?kQ6sNnw!e0;^6C?nEH^OqbAxcS-$oGB1J;`#F*Xk
zdV#DZ<HW<V&_5A;YlN6kO$??yp>p@VfRGkb(*$8(U{C76QUAf$>(mdSmN(cw^}~eF
z-)Kl50_)wn0PC%7`~%lA=nB)$v>pm|f54`1U5A&p0s0RC?7~=7Tep^`th|r8m3E}T
zyEm9%f3mQgi>!q7+v{QLm)9nmQ7y4=$St#zKS9*-Pcq#G)_;lG=`ygK+u(29dUgHJ
zMqix={c92B+P%55{Fvo`gFV3VU--ui(=Xnyz6DnK3pBm@7b#{*{b3V7R9e@>q15Pq
zs(QBXI0f(`FKziBtWEFlaORGl?@cp*_7dK?i*_vA9&Zl&3ddHx9qaTEU4=lVcW%e}
zEqMLo664%`1>SsyVLI9d!+SF)s^i51jWbNXJ2`@PM>PS!e)9U(umRCLncXq_eCFh-
zYN5XzK7zc~O#T<W{8WVd1_w=tr$2(Xp^3dR3*+pIgLl~M7yHM+G@V3U?7ukSfT4=C
zz-lhKdX;;zCPOLj{{&ZjTwkZR-n-cQ@C)w4@|G>oZJ6u7&PeRpM(B7KKd5NIMnSd;
zwmABqsUFK~?_NxXZ;yxhy`x<()Vc)oYj;0?^b`lDz}_v4*LIJw5F2*9I7>IEEEDy#
zB(2PDwkoi_e062{;UmfFMVvWc&gVZdl)t)Ob%QIDMW3i`tmeme(IuPV^<`|b3S{NF
zpXir(25j%(;q;fE12CZkm^i?TPKX|p^RY5rxnu%2og+k@{Kh=!&K-d1M6G=lvjT$n
z{^jEaS<W%v2rw(8Jm8y+4xwj^5_+=FOz4XI2A^!Gx*eP*<~7dCeV9pvC88)bXYZQf
z_#1O&g$pU{On7TvGxIu@hIkG{rpOi(%w?IYpr{Z&_pX4R_R<)x1OUro$dDT{%@&h+
z(0mZqq|+fHChpO!V2Mc6055Gln$q-Ha%@D{CtsswD~!R~?@vsvhN^qPauDhmYK=zM
z?43jq&fThmMASVfMW+>W$GQ~r9RKEORVvE#@A|Cge$#*)H3Z#gh{{ByUpV5VIH(0!
zZG;Vq82M(IBvuX4H5`+m0A?&DfD`h!Cl(a|<B9?vG!gua8UrlgVx`^!zY#m^X|<{;
zmg|zb9K4P&Etq0gOoV#}R;7m0qF}z@GY}Ao$q|#095HnT0fvz+?+H2Fm;g0@TTc!>
z((o{WMNX9sU$1VqSdro)!q#^A1vw`7T97~-2fRVZnR`9!supXAMW5ExtjbitjPxWZ
zv8XcO3KBj=LaD|2p{+r?00<q52=$E+!KREKYXrw^Du5V^i|~c+OW?Vp{}Mw!0!gw!
z6~IDC&_S^M08AE0SV>ZJdFkVjySQNUQ8q@1@Y2OFY6j6XVoTrZ2Z@MjQcwATk%gZ{
zbY<TKmA*h*QdEQ&mpP`Wu*9+@sZkC}M*)3&o_Uyq0F^b&mfFyypzq)|2c98-o`R1A
z!65TJK4h9rjA^!vHGiv3n<5WGT9QU;j_|#8l=dU4JBz}6LXJ&-vtz(WDFj+ka|sok
zR;w5vq}Hf_2w~qL3RRm3Sj}fow3gHI%7!Svi3pmfpZpDBokv}qXcy$hEy}J#O^Twz
z28C7-lDDpK@H;^>83C%)!ZI!1gRu4sq=nV3l9i?`G=ohB4?RarM9?4eurGAKfUa%c
z<1_I+oa>Ph!i*TEF?eUf_60C&9!6n@koyIMWns)a`_Zu$2@!^u{`O%fV1%mxib_GS
zOdS4JlAejh24Q0P|Ji#FxG1i-@B7TIAe~hcK|ld}6m)m#R#fZ_W7KG3zyfwb>}g^*
z#zfPbiKIzOu|yM%g(S9^7){kwjp?RnOjA+!{a(8>xFAH-|8qb0`+5HJ<I8pS?3uH(
zGqW?-spH&Snikkgq?0oo<8*S_@f<161UdQ`DPdrozPPK202frc<zbwexdye0?<pII
zk<|xvb^5`s<G{dJDHlj}Gqd@prb-2G8UrJEQrGp@GtdfOGF2*T@YtMnJX}^}>L_|$
zF#Do3CW|}By!cFQ!x((VVfDx9b4@MkbTDP4i?lGy#QshPZeUvHp)UW>H9AXoehp8w
z2RHo-t|(2({UcHa^-UE=R`qcXpVB8JWxD<w7}ww1IqJ$e5&wWeovxRznKIzYcs>Cm
zXu9<5*0YQ2@mq|yXG$rVa8$aA;2G%Ct-2oOCF8QXrj(7$!nKr1q|$n%CNhZ-Rk*Hc
zhnyZ+MAj$<6iE%FYXW??dQaELd{?)ResQBm&m56yi;?k4w8=|1g{&OBXIFeunGf1k
zseS{e#iXU#?AEljsf=f5_EIK~O2b#2IAT;rPkoJ88DY<XNJ}c~(b03DJ*_KC^)ir;
zbWMC^vpHvYa&^q8m}ShBWodWLMWuK4xSBi@^qB-I=3#tQ*ZxZsKOQG@TG<}8u?5bV
zPt&9`G<((C<bSEfS2gjfZEj{(%1ikviwaUHYN)zRtx}(=Z`E-Xq(y6;wGF1h+B~gD
z`^B_f`%}BlRDIoS8fUu0q#{E-RVItKxq;G@-LoCPI<-;TsNKi^htwvuQ{}2(_&h6m
zN@b}v>b!bXDQ%1DsrsoBbv;|PPVG_2s=GR=!n6bGpqj7J)l!wDVpJoor52-kXn(6Q
z>Tz|oi@&-$S=f(PqqbU!HcZ>A`D=^S8P!cY2O_?gW-LAgELwxc#_NB#%{<M@WML6&
z{8nssIfG_qjF=!lwz8j)Ew=18I4W!UWI4TDKTcax*&EK4^mhkNyYNe<JCH4=eEE{M
zCBpfO<!!sw`6?%8#O$=mOf9DOfYJ|HKN}Z-QL|?8_~sclTfBVUxJk~lnFgQCEH<TF
zf&>yzq+#S=Q)EjQuc}k<rS#UJD$~eS$tdwwoya|-th7na@dECtD?2M4`cm#|*|`$(
zaib}5GLhUw_dI5(RQ`I;P$`pDs?eK%BULJYy+^8<DwV(9GZhUS{PiBC#`0hd0%H}=
zXXdZ>2sM=lH4~Vsrm0l^dQVe4e1pH<<J5SS%3tsCYNATzulGbXNu~1Fdy<-^Qu*sW
zOU+iP{Pmu#_-y%jo~^A?`RkpfQurjHH~%tas<_nNnQF93<*)Z>#pH4P_0Hf2n#y1A
zF)C#`>7h6OQrIS;H~&)D8lgA;%Iy~$hkJzc#Bn}4u(A_^Ge#yBbl+v=vT)vC#$Dp1
zvD?zpW=yIi6{m99Cvz&7U4Z4Rcb?YrE(3yDYSyZ&y0C<{?jSF@ygC=d%1>DqlgnK6
zzLBmfTh;ni#aES2#rUe$SL#Va+Gko>*oaf7w7RAz)fO$5|CMQ=slFCv>Z|?E|MS`e
z{)?1~GHKXnOabO7Q!8^*(<bKIk=Tnh-u!`DVE#$HWqL*}(*~GUYoC#d>!g~Z4m$Hw
zYJ%xc(?U}hW!6&7*QvY7>1oZSW+o$4(YD~7EYl*>lcrY)bu!&pmhv68@2K;Y!_>@F
z*BtHKSp{l3ON9J$E-B;H@IxIBu}qYIhi-#@`cZW^H)@yGW>r4Tn-yMPc=re1xs^M1
zKEKtqgqu54?p1BHe(I2Fsd;HVxfcd0d;sUN&3U3NHBL9;J}V3VZE9>Bc0IKi9}l+|
z&fs+y#TY4i^G+jPl+-X{lp5<X(=FHC#))<zLAg+FCGYQbi`!=&>Xuu%Rjc_Tszz()
z*2Oyi53Mn+hUXRL*ht;(+;@vjx9gw%K3n>?+t!xfq*~5Tyj^{49_#$X*;S@2zuv{K
z?r^U8jQM%<sf*vdC?>b;2w(J;nq^vGioZCTnAIH1@4&~?{q0@)5q8D3^z6&KIi3aX
zNu1$Y<^Z;_Yq@WjZoal`PrvGRhE!a6m-D@MDoOFZTij;1@K1yrp*7C`5~^HYCX;sY
zJ0FqylxnJV$Fm)*&EnNLJkV*_KH327p!R{j&P4TxGv6<?De4EM)s#g!|5x@;f1fX>
zd3>vusL7h<aWA~UYt6$;i_+fJUeJ>9WJfa)P~uYAJ1c4!YG*P+)wfOD)){CTP~(-W
zl2UV=>p$lF&o7z1+}tdxX=-lnrH5TH?*H%O-R9<E&bmG3J?0fA`F|xk=3IY^3gImJ
z#e6B{np`O!(XD%Wi?duavBt&PU~<K!Ywqvu*JIt|e&YLRCQFTDnx)1C1)GkU|E%GX
zrd#8+yKU-BrIdS|E6fQJVF~tX9;j3eFF#kfjsz|JZ1%M7JTsgAVQKx+@Pfz56Vh;M
zMl=8L<S`R7Y_@^f8O#biu^%3yxWt!8AKQ;kKh;QQw{>AgkipYrLX^w<ghbhr8=Pg%
zOKy$L+K=u%8KbMY@%GqmSvfOD<cz+-Ss5@b<NA!uj2ve6tIjvF#r9-w<}n#Lea6u%
zZN$WC?1aS5Sy>ai^7xZ#q_xF&lc`_y%;{t_v1ex2D_d{$6|R?2t@UCCI=jVHe=peL
z2JtLwTD;_-R`*E751c)D+E|7=k1~!`D$nwpRNd8W@>%89WYl$a4w;=3eDW2q9A|u_
zVVxUY-H*1FTPu~ZFx6bs7T0BB)>PV5FJlketbImI8aaAIbx%)QSIR<{anNJB>CL*%
zT~Lh^Ik6iZGpo5ZcDpmz41S2Rn^<cE-669kSL0)B*3QlWXVv^9n>95jBXiuWY9>#l
zkKwfHr=3{st3zy;tjYRRpViFXW=&xd{An50O&&8~I^*Lq=>%KNA6a4wSNLkCwc9Uj
zziZz5tQ<L6t8>8O^s~-buR7}_b)T3ua>T^T{Yo}#UuRWIb@y3fC#gahIDMpR!iDOt
zW@V;^Q5n@e*==#I<n$9BQ|+T^?@6ELK0M*Iy4z$+rO!t7PxJ()@~>{zF<mE*;`&6b
zeRbD}<7{y~jEnnhHSeEEGUZxUrt`v}Ulgi!-;EKE#(5m8>DnaSAe~sMyIIyjgL<a)
z&#Y#0djbjR>7FrKcbeqfV$KhSwN~%yW*4{XGJcpgYp0Rpcyd^$Y0g^POSyk`8+U&u
zd*fa+n(OFjj%hWo07-p#s9SZtOk2_we*Kv8_k~OQvo^bN)9sWqW@<GqEq1GX;UV<1
zzswbF@dKxgzT69v-Rkx!&Y57Gr*?I|SJ%nnd-u$&=8?t!)Nk1QTC?Q9R%2%*rDRPT
zI6YG?8`asQe)=E`Ik?qW!EQ~NJ$b~Waih8#9n7k^qRno6m+IbQV)~C9--U4m)3U00
zI@=NkGjR?rkh7-AF|Fq3Bwj{ZTU_e6Ss4=tGnTyi_e$$!B~Nl*_Nuw<wxm><I6Wih
zhAh`jvYPAJ?Oi917@5VRYFs4%j$vjsSG93da(!eqU4@vk0$nvf!EV)Wdu2aN*NRla
z+ec?HykoMfp;>C>Z9H6&4u!6MguIS78c2;vnk13k)dqDTm7PH;X<3<R&PV+?vvGzl
zB#6nOU5p2#Ux<lil6U8$<u63V(S%bjPOtEiYB{MOqe@NH1YhunT2Kdqpgx2{6Sxjq
zLTiYFw$L8BKzHZ~{b3*sg%OYeV_*VIf+;Wu=EGeeb>k1gBk&|V3;FOOtcMM-9o~SQ
zup2%EsmS}E+TPiGR>f^zPF!W%T}Zt9w!hBnirfD_amHfP1FejR3f6c(N{{cPTPB2c
zE|Izo)~y_q1dwAF4o3QRgk_O^_B2SP>O{?Tj0mb5<sXZYpR6m3@%fEhFUwvx)?e4t
z?KQd`pxYk0HS%kqzwV@4*+yB6{Ec+wDtmd~$j?~MNZ-)8wo*pBrD5efmGiI-NVu<C
zSkB7`koatnr58+xiSmLa1u|fiykMCIIUs2yUY6!?oin7=5Uj+H)?d5lC+CeU^0|^m
zK2!3Ou>2NA>S4)WmTn;LNxUqw-UyI&WHIudOjy#%B5{&N;$*o2#)53GEb{&3ed9Bl
z5SGuD->`&byN$51y`6}Y_2qXfi{xp1|EYv!9m&&3FZsyp2#~OBzY&(SMp({?OC6V?
zq>;sazZ&1Svd`{BT4P(qN*ZH-r4Y^lIhJB8+vjq<lJ|{uBtO|_vh;&2m?1A%<hx}$
zLoPdlu$(vYnUcRO?#IwLZzP?Bjs4|*OyslWc*!ylBp>74bU&7|er4ZZ){*>W`{nyf
zx{Alg{d-ikA0!`HU-osy^^NT{wm+3L#y)aCCy93MqklWjl1BEid`H<<S!AC{c$~ao
zaerUpjNhhvy2`duj+Jb`EbhMx`Cb)|fgH;|U>r~P^FZ>c_}g^fKfGP;HzBWOe;A)%
zaogm5S$sg=`_ZhFrI}KBi!_zoIZ)+3O#h;<|MF0KAD7FwbCI;NNP1ah9a&^OS!7*V
zWPMqjc}PI=k;TaCTi+W@^7_XaJ>;ICEYE-Rqu9Khe!<?@<XbI&48!K`dhX79<U`)b
zI=QG3cIoh0T}SaDqx08qJmOCVchzXLd#TlGwOQ@f7;CIG&Khq`uqIlQY*w4iX1B%I
zVr_A@cw2%k(UxSl+HH2bJ;okukF&?y6YPohq!??AEyf-b6B8Q~7ZV?o5R({_6l;yO
z#oA+IVq;_DV&h{IViRMN;;eDDID1@7Tx?uiTzp(YTw+{OyfxkyZ;y|OkByIukB?7?
zPmE7WuqN0N><KXmu?cYr@d*hDi3v%G)<j#PJuxORHZd+SJ~1INF)=BLO-$nBlgK)W
z)sl!(HU0b5>DRAceUK&IWy<~!R2~7r0RaJ#Aj@?wQ}(~Ls%Z(K8&f0c%f!;sWy=2B
zF1h|y=kIfkkB?7%kfn*sl>Kjc)t~QGE3{UvT8%-LD3>YwZ&#OkpHs+f`QLgz8(l-=
z%VzISb4`^+5wkiyL2cHok(tw{GEj)(TooNc_1>pR%$H?6`YFw*j;-dW#OWO|(?(7o
zHxXyPijSfRPv7VA(>4~lQdmH&{K6&dye43c<07x+J>z=Pif|Nofh;v$#+ivmMv~sh
zQ*40#{`uLfQtPCA*wJ+nQuO3>EwWvb&e-1xQfiUXO}W0eu00h`mo)}m*{w2Zg7jbG
z1ykux&6=L$Y;2Q~QpPM9Nbl;GW{Y#{q&Agj7Q|#v%CW^=w4w@b&|=t}Nag7ha811i
zO&RJ^ehMt3C(X!dlc#6q7_Tl^r5ftr=JL(Wm%qyYl{J=_!o2c6UVdiA_72a?`TC{J
zGhP^EjVP^q_p!M5hWEOw^Zw|z8H0+}OnCfo*O2z+{UP7)-SznHp!3<q{lD0<?d;l_
z4!=((bUJ?D;BD>B&ROwd_<?)oKR(FT{N@24Zg_k3i_2e_^5i>r|JG<`!<EM-4V;yH
zU(a`68uH%8;j?SEo0l-Sv~T=_mN)x9+9NUR*uyJ!x0%=EorTj5{`tuENA~Ssl=s~W
zErK5Pi9LSry0{jlV-nZ3?YQfM!yoNguzBByA<a_0-1+d^O<sR*)r1EYJU{Y|#uH!o
z{O`}w{BO)GezxiFZ+-Q^siS|qmg^`gcyYsqyL;U}(Iai-;(^vTV$&U4-X7F+^L@(}
z_Ir5io!4bIo_YH4^4Gq5ZPnJps~@~$+LHZgg{SsEQLy}h?37Itt_|FN>V((QjW%1x
zpeAefy)fst1G|oPe9W_L%N9E<H-G!#{Zq$1*0^y|z+N@~<c7uPeh#U1|7fr8w!FI}
zHOu?mEz6=Z>K(l?=+*aK2Q_)6Sl6w1<O@50p7r7a?*~uKO6oXw{k1jUzU{q7O0sW0
zcH4XQJC~2m{i*o5#1B61+VJt9rp@}VYF4`ABil2hel2)$&$7gfuhx8?Q5<rw*Y5d`
z*Pqh)bp7EwZu}v1b=0`N_aD0_J7n~4+Go9H9)J9?XD2<gaKat0+&0Vm<jmkNXFvVz
z4X?bp^NE}8Uv$%=_QN0EvvXkFp7nW;oVodx77u-smiO4!Ro%X7vMlNI*f*be{^nJW
zKAZFSuD{>g_R|dmw}0{K(M}Cd2K{k%$@8;r{_u(SBHlebF!HuPhShzvjWzs{FE->I
zeR%yhHxGRO(}H#>`OkfN`xB*>l;`sM^qKK`$jao6$L}q^J8Hp@)t2Mo2d=Z-_tSUJ
zS)O>(Z{^daPgs7q?$5R(KaFVq!ovOex8Bk_B{%xZ7tG1uMs8p3NV%o;$}#tLdTrUt
zCxc=>Dh&PRmHR)h_td8|4{x5l{o$V{{C47rwx-1|w<{e|np3*0G{5wX(l1K?F0FMo
z>TI{OBhKD-_TjT@&%Sf^`?Km?=()Iasplq~TX-(-+~#v1pF4ie=X{g%9nTLtKkfYT
z^M&VkoIia2^!aNXtsFfaqa1fS9&@aByyy7QVO9+kbB<GfSfZX$Tj|$!Qu%Am=#74}
zHdDKwUNpP4ueG!EJhYkmm@-XsO;4CMnhuzLHhG#O%x%qs%-QC<=_^%Y{>=QBIj}|x
zE{1X~mc_XK{@2g@Kji1RcC(78U=_!5uT})2^}2Pv+N+gRcx}WR_Jd2jZ=|cre$I_C
zxW%%L1G1Jsk-z<&um*IRkI*~LH^es9nl@M3a~*3Ki>h&r5focL-E1t1j&5#CUDs@m
z-Fx)x)w@sMe*IGiFbC|Q!9#8wI?Of0<CwAI#!r|yX>wNfl$@#4rq7r;Yxb=dZiFqP
zb+1Qyw{ur@PDM&zW(oEj*3TA`I^+hbAg9U$BQtVriPMZ1eX?d|<aD8bd)HK3Oqz4J
zjqXT|>>ATJjd|<Jjg^UGU`w}=siUr+G*ZUQTush~2UWc-jw{>Zep&J?%*r>{cDb8d
z&1^4gTkQ#D+bR<c;Q&n?GM4T`1G8!Wt$e%fm$}_n@)4Ky9o){4e#Rs2E8p~(%iQ$K
z$oWdQm<}|w?hd-X&&6BpJgH-^e3LJk_0?^2mw^K>-e&n7#$D|uSDo|aZSjS3+qElt
zRk6YGm%G8$&iL}SH>vEm=-S>MH}tLKw2)n#aJgH28ChS}Hrp>;on6~3ljg<8Uf-<?
z6)lOCpC5_;zVSvado^qa(sXo9Fx;kXyY{?F270iXYj}9p^z!!c_45x1wA89y=bCHl
z1_jr1Wf>A0R=+`bL}bH8jhi%W*8I8_Eu*4awU+yn>;3=B|1Y{vUC}=N4;@9jH8!sD
zqnPyXNAWVg#lL*UWqk`<eA(}(%cRkLm}b3_Est%SMxWfvbQG$c@nvnVJ*I4XuXjE-
zn>(;nHcYKzvoF_Sxa|BdZ|kjPThHA~e)i6e2^V{2vd1smXSl4)uVTBqG3O6GII22R
zF4tkOm)q`3Wqx_vec^0je-D_R!6Q7K{hX^fTQ1jea64P7mw(yTC&(CA!;fc-HV$vu
zd*wZR8JpVE%_TP~>THw7O?8f$XQHI8u0oWQS*5)C@9h{{)oHUR$W*(Uqv~zWVfAVH
zApWczn>~AM4x5$coL;nImFMM*jlU>ooAb$B|M`sLUDHkdC$}|0pQH6^@=Ri~T346I
zin-_``8k@&YOrcxYG4Xr^saG^{QE2j758c)lWhGTI8+(4Mlk*BRcGur<w8ukr(smw
zCB})RSKI&lNm*8*T_IVl{GRx&Rgp=#^RKE@Wk<fM1jgA`)%zC?2o+97!QMV~Hlto9
zxw;2kxEjPdyC#**cy{3pds^CP8AU#I>Iixemz^1m%{OLAt71(VJ?{Ql?s-?WTilPe
zd{p_0eyP{D$4$y&8s4nQ^rjj~@4<|m%WfKo;Va3A|IyAa?iCvt(wMDIE_AuZSG6&1
zz*IghYpU~_&i{-NlX{NAQL))v^BeQ%ylGQ=j^bg|<(wBHsM|31dz>p5S0-$E^>bLz
zUE0+hbky<*uHUd}3yZTQg-ukwwPdZgmcYE#6BmqKFma-))7ZLYi}K^S(JigrT3V&g
zK@;stB>jJyXt{6z7OLfXJ_B{zL|dtzXT+~7?=<>Ql>Zc2f1~P%Bwq6R+8KI_R`({1
z3T~n?;h!eqCR#1+SM?7g`y;h0k$h65HV5{>Jhe>EXP|B)wa4gH_Okv;wzT}G$olJ?
zTPpFA*O$%|C2VP=R)e_7SP4fm55`Z7!BpQr^MP4?y>g#fnFB*3gH>qb7OFw*+O?ZR
z@lRi3blb*=s9-zsx<~E)YF5XN9Y;;!pT69z+k1?N3U&^!7j+!3ek)t7Mkv?_VAZ7)
z_*@$qt?D+6_N59jw7K#PZXS1`BG6S?=&DSdbz{ru?9_2RC--x9@8Do&v(HqMo^6`+
zZPR36M3d|$JqSAA?8zIK>f<A8H-U=%M2K>>H*yfl+9;_iR}s(=WRdq|k@iPf<b7F;
zc1meulqJIXU+!wIC0Dl<Gf3CtkLcFO?`o}wzJVTkzE#<){ha^w`euE*=jq%1KW#hf
z2lzi_uXOuc=-W|ktM9KC|4Z%V?gzX6{i|*D?`{8IYA^Nujo*>J`TsTl-2?yK1OE^1
z0o_}VcRe#CE|aFV3-gY}jhe<-lAbd!c=ZYT15bL68f9a$rm_c|RFWcP>ZOy6t15}i
zK*p0U89JCYEh}yMw9LeweJ0uB-OCr1rHHY+r(o8qnd3%hOiq)B(o~*FrAf-?Lcz~?
z%8PS5D%%?~tNb1n*G`#wVOPm~Z{@O18Rzz9T)8)G@jYku8EJL@dX*)x{cD1hsh7$^
zQd}aBahJ@46z+LQrHcF4lp`Tu=fZcbB8B_zs49uu?ljKfG*^k%D2K+%vqR-6JR@a%
zT!s`|%gU$~-*ek0{oHp?ZFl}0D$A$*J8roo8V~Jp|JVzWZYgbXM$*bY;G#EW&C1FY
zMp;DqZ_E3WptT+z?G~24?ee~iKZw@DlGX@ITFMS(wJ28oySr+6^l1t0#$nYfe_YXA
zBb+<j{VSKnxqagVnJ<pVVYw;>k{Et16%EuBq&epdp@V7VRR)~mWk-;y|H^W?5Gy|{
zJvy!YrWuK6N^M4^AL)FjTs;SyT*XIL{4zWoN&hlZcXFj)#+l2-Uxw&PzKkSxeVNKW
zvbtZ!nahQbOmq&hyV^tJ%%t4zmmjf_b=s&jo-UR{9h>`ka^aJ&;s{moF>Xi87FV_z
z##N!p6Qa_JFZUC|mgx4aD)~;*QOEeWvJ>~>Ex3v=T<I3LeO=dHb)HwwuUXlta_O&W
zd=2s``x+N=zKWAj-xuUtcImr{&2$}Fx6H0)%dAwsX3Wl(j$u7VRk-oF-Yfr`v{hKa
z{XSUky^1$;_w{(M+<FNYHll0?RoIrwlUyp7iW^Z$E)}*V$+;<4d)0Qjj<RE28C|&W
zxMhDeKL_zl%d&U-9q8F#?GK?WduK)$ZN0=^%{f;td$+Am)Y~MSHSc9EOpFm*{zSZx
z*ewScBj9Y-m|AuoUD*1I-*jISPieH<lMbu)|7{gh{)=y1A<wEy3>RgZQgz7zx7fJa
zrqS+`?S6Z)UG%1WN2&TTfz*jey{goyMnE#;!oMY0!`r=}2AR0$^KYx^o@wH^ERKV_
zLsb@&kU3)9M5YZXyUxlC&?I*{74GdyE{{uZupvQJ9+PppxTSQSq8B?lMoQa-_8XTY
zbE&K^Ug1)oz<kxx&ZIkjm(0IH@@nR;@3iXXZX~}{?$X{V+is+<;`S+X7{v4FA*OS<
zF!D#v4HaSSP`0b>u170XY@(D|m#0q6!cm$&5@(4rOxgM1nyFf5mT|4*c1}F-fa)-)
z$Nl#!OJu$I^Hoy+&hzG}!0;gVc=s?V+uzXrzWXG-d)R&5s|hb$sM-!lS+GF1!99HR
zsA_v-ukXH7q4pM$(aUUY^ORSg(RbYYgqqdfVj1sj*yy5at6;{<4q?pjWXAm7N-y>m
zs+e}Tjp}tqCTv$b)W<4Z>lc%gVNaA^!}OtHA|vIDh<82NG~V@iQXV;$7TXPn6W@(_
zA8H5R<U9@xNvQ5pR}#t~L|Jmd%g57ao=>n!zIeHYD2p@NSLNpBHmjf9F*i4oP`M?h
z+^h00;zs1&Qa+~qD|2J#m$dOMvzhu&<~(wJQBD%s9TmR4R4uSrnYG`WQ5b&Ad=Y`<
zbtg4UrJ)h*Ur#-a#K~*J%8U@+NY;^=7Um#XH&Wf{Oc#NTq@>w~tL9BAo#z<bNov<;
zNFEhG$Mw1!>t?DjavV0yyS9f1fd;*Yxt2jKn!3JVLci&gy0{+yHMQI~v?WP5uhEsi
z$K-O(Cx%IqvekOCSmew~Y$HKg>i1T)uC1p$gM&L+V-uKGBG|c*MyY1ayuH198dF7Z
z2D&zg>E+y?d#mqnTdecBxZ^Tsm)pn+haq*Km7xF^=5g@zyGA}KOqsj_!ou5h=zRUS
zNmHiJzGLpfyO!@%=Gva#`e)vdHPG1{Z)DC&oj`^%N5BXe4@c-RDsztr+ap|K$z`m$
z#81Tvewu6i{H=QY2CVP{H^CC@ClCRL;43|R7%OaNf|MiJZ$a|>4l8tvpqUu^H%R;`
z?0G%xzzWXs^n7+};7>_gOM)Iw!u9}Gb@al@9M=4)S^N_g6F(b!CrFw(SmC4d4o5Cl
zc#HINvBC$0=V2EDe@cdr3-1wLj9mhf&t2H1u#fn=vCH)Md$B@);+JEEy@Xd_g?9+w
zhrJ&pp9ipl<ntg_*iZN&tT2M`!&u=%!jE7D86fv4_A%g3J<dPjS;8x^f~0>ED|}4&
zDXcJ$@G7hz$1D%~Jn*Mh^H2DUa6YyGWIGG7g2caoeG&LmFY!;1_?NM3K+><pu7gjB
zUyt3W$G?gd7}=v<!)^lpn2BDgt$KJnR!Ag%2Ug%u?c|>z`R~FC97e}(tRV4wumXST
zZT<<8W-nIYPrbuGLDIjA6(r3*>=%0cmsnvf@n2z&1Appw{t2?~Nvy!1`h$Oh<nt%?
zFW^u8%|Brk@&90jJ%mqT!};A{R0LMIllX?%7(KoXR%l6MX<KYNAc><rRv1pW16F8G
znvU3H=t#H|wlhfjE?7Z2m#1I_E+wj~SfJaC>W1wPvOTF-A)I^$V1+Qk*JFhSga=}U
zR^%xYCkS@JgRw(E`k@cS3h{(*!U}POZ^jD!pI0g!D@ghgSfMxZqp*UF_zbMjocK(v
zkV1GYR%lI{aabXm@OZ2sX(nKWf3D-2h7~#ypM@19{S>Tljx;$~p(XLtu|f;NJP}6;
zKaeIDD>Nm39#-f=p7XJS#4pAQEr?%&6(s&HtnfNvnce?xXhwJ$R@g-Neyq@h@RL~K
zTJm`cE7T?|Gqwvd_enN(D#)>$ft{&`Z^OzA^z(?HgB4`{lSNpeDd8p9rO<@%GOUnH
z_+IRC=t%fJ?9&iI_*twFPWU-&u^#^dR``r<ei8dJd`@^RRyaa<9ad<-y6ds8=<yq{
zLNf6iv9Id!uVICH#Bah19^CXdV}*F)U&jiP{}!xp`mDpT6}w%JFTo0RN&f~`uo8X~
zE69F(3%e5}pIul%W(?Vl-J{39jTMG-FOz2-yrajzixo;(m%dKwJ$Qrgeykv6!vk31
zP2%P0141L>KgJ606aNWT*h}~zRyalY5cW98cAmfrMa2J(71j_wi4|&+<`1l}jQBsX
z!gGZG!U}nW|G}ODf{xQzCxp)sE(Q6lbMijObxBdk4TMzUEm(OrLj++f)&{cQ>{y{+
zFu!N4Ao2192ca+VaoF~Hd<U$MLVQPTvL4?F+gTvK3$~{o-wP|WBfdAbzaF28O#|5v
z>DZAV+dm2`G$#FM>|8y5DR#RaF2M?Ntlz-C2V~>ej}?9=d;r_p!<DBEI~e5r8G&5{
z2S}5LceoSMIX`z}1qtuN3KBkmJp(07E_M#<(8GCkIKFV;5soePFOYNQ6!sj*Igrcx
z!u>xu9CNY41BB;cg_VToV}+*(FTe`29~NSTCy8H#6`mu!7%O~EcnMZ`^Dg`p>}E**
zliv|`yB?m+c`wvh%5?=Re9wdy_hN-a;^oJk4)VDputFQcBe4(Z@lRldoqVsSutKM!
z>_e;rWL>$y)CAcNUf4j8{b0dftH%dp>+A6m*k*csb8Krp-il4o;}fwR_4s6LS3SN5
zwyz#P04vDn4#Wx)9)uMnJOnF9cqmqoZMz98NO(9_kZ>ASkZ?M749L1;u~~Y2Hg*d1
zB0dK@9R?Ggft?AX3D3gLhFrq8VsC?N!nb4ZfIA82Vi$wtzXZD+<a1YGAJO9<#jeuh
z^RW4Pd;#`lJ$?;#tscJ~D|nOVYuHU7d2YtO4jTz?!3zHn-i8$xf8%hxg%xDoJ=k|Z
zu3hh91xbGZ`##7vAHseLlK*Ge&tWCuBiOG&(tL*%<XZP5_9u|^$FM)c3c|l&h0}!p
zzzVVrrz8$?i9drag?WU}Vg=crrjgtmVLs<%3#<@%*x_i26&@#S#|r#3R6nfnE$gOZ
zvw)wr%Er!t6U5KQE&zg#jg7gsKnQ6LV1I(|iI<6FT7#8%D>e<}+LDeP0UGfmv4Zy}
z4#z005W+=jG*+lbd<Itd_+y776Du4dJO(=vWE&=7g>Q+Uj1|nRn}rp=CO#W093`BC
zoeHuI)3Gx^^0^Z`2i_n}F7_LcG(Tg114(ld`-dJc4aH3$k8`6LR*-NsR*-P=YJLYG
z`SivL?PoX~eXx`C_+0E0dbnXe`wb+$9h;?xXJc;%*@io?!rAF;Gj=gZ`n$2qK+@cU
z6%GyK_kw)@B+Y|ZL5|DA*g`$N2rFzMeKA&8OZWw>uz~Q4SYbQim#~7QUxO8XBfJ(X
zd_s5~R`{9ldaRJgJ@^&uTOixB11re6u@ft7CH*d}u!rxs8@m_edmX^O53=qj*iZHF
zU)aAv(hMx-S_kR)PTAP)U>)mlL^`;BLj>z~!VZHYq*qj2H-qNHH^=seL&UGaeyGPE
z!j|gs*&dp@6`GO$cI;9;ybOE49)1w}kRE;n`!sw?p3h>}>f!a+O?vos>=r$o>!+!8
zkWBt1*ppDgx_QBx+71yCk39^s{mGLxl?D=@j-3O}@AZ?WBB3Gi4Y6I|E7E7N^EweX
z3?jg&`>4sWDdDx0qa)xDe5HqFhqnTjWIHxq4@;dzci=C%7yo8}q?v^k7V~*hXK@Gc
zmpq4m!k-i_rH(={>M0fwmUS0l1*4u~F=4W~sGj0(J^o&-aH)EV`}Fh=V1<2rn0r0N
z!^8<668{KRFzO~ACCp!y^%1LhQ;>a^hkZ^G^IcYB1*ucW#|rXY3bBI3zkn6^yQmK0
zWg;d0TC95=#0FRT<X5qRQ3vswE8bZLA@vaamDM|#2=639kUV!|1&MdBYmmAHLE@!u
z;d9_GS?Ugc1D0f|HxML^)Eh`WfyDof6;_e|KUl%2BWNIrNfUt;j5-3l9$&GJK<Wu(
zJKJN0igg5?h!Z4D7p!opdVzkVk!>)_oKl9&=Dg1ViI*~`z-IqP%b7;m(!HEkS(%F4
zbXl1SSJq*asl<0T%2dY)OF8N{eVdJPl$5oMa+F+8jq=hC!bW+igs_yC1cDcpm!!-j
z-@Q8JrSuy39>9_;<&bT9xCAR0<&b@Z$un8X9<3;2NP73OM|H{@m6adXv4f2A!+OF-
z`C$uTDLY7+VH;ti%&?WPQD)dd*eEl6LD(oWy!9_-1}P6b2(tZ#-@l7}Skdo4ucz?}
zzu@Z!6Rr>9+cn1;K7Ar#!;kMl*znzl5*8%=O;|y~!?A*d-F@+~#2Nng62gYB{3v0=
zKQ16__{6Uf-UO1*rF`E~{FptYt<2v&MEs|EKJGs5kHlTdmpw(A(~!$HT*`la*3EzI
zbohe*x|y)M|C%0o!DkgeRUrFveyY1~D*mXz`B^Q0RQ%2fuJp-Q;&+PgDW4^Nry$!_
z(eFG;JWI0poxcL<lf~~8WL@zoCxQgUcYItAi|^P9Bwl>S$$D6P$J;>ispvZ{($k3V
zD9H9y^d0Zl(}=%Vpojmb{lz!+&lO)$xRk&6HfiMhioYnxeiMK35Xk-!e^HR{Ta}OK
z?iafIf|u+6x%+eOKAgMXrtr-SUrqcHdEFaQVJO@JX}}}VRS49FmSBZ$pi;2iu%0zM
zJw1Ir{XIiG!#o>!MtFAg?Bv<YbFgQY=M>K`JiqdEc&65zQ#0G^Uau8i_jx_)^|jYG
zUJkF+(l<*#ENy=-`P}kz_n+H+Za+G4&T%fAdGcnQKYKnsKvQ>uH~?nwfN+R}hR|52
z8CJLs><|kHkfhTVD|FWBjum?9^u`K(p+5|O>){5SAy{Fk&P`ZhxK0{Y7y%<;w9Xjp
zc$f$|Fb!tHY`7in)XBx(1$V;}@H9LN&qE;;!|QMYeg~V!V2`05OFi!KSng4$G^kYh
zYAOzrpd+ZzKB1|hcZTMz{%5rstEt5CnmPc#!U^~bN<#k#Jsau>&Gnw|z0iA^_j2zQ
z-Vb;eco%uE@m_~EdT;XH;=RLrxAz|Jcf8;8K8U{X{?hxf_cz|(d!P5_f%M7?d>|eY
zp(~`qL^#H*gdVomwmjQ*o3gNP;d+=3b97X5M{^Yt8qy#nJR~`2Ak#)m`}QiHYw#lH
zln3WhnCF)$ux4OQId6_4CQA<XjR=fr5z#6lJz{i3W<*v51*cPv^N#bU9i@(~<Sp#e
zvBt7(khg_>3RB;w90eLP$qErL2gGwY=Me9~f~EH1nmKjX1pgJhCWP`2<eAuqV5Ph?
z3bJ&rbepewduwr?Lp*c`RTN*8T-3KHwP<M3%|&TNd3FA(bE?j{I@!hBi`N8d>K&kf
zcIu+<sf>ODh4k;(MDLF6>LB_DZ89A;eP{Z~^oz-1nr5D6z7s7(i;)M%#}9>~aFmSX
zSjjOO?VaJ>F`#3>$AO0eOD(0ApX>fwH!dhX$P{c2_COzoeHivN`YG&}u;0S|2>UDS
zpRhAXMfgSpIFD&|#I%SzBXT3|jmV2AiBOSEBAZ2C7a0|4i;Riv8`(cHE%L6&yCYXb
zHf@~TxL4!!#*Sv{x~VN^w0x-LBP|^*Rjc8xPP8s<P35}P6M0!9m`*&w+Rob1`h<0*
zH4l|q&sta5R@q8y-`FDTY4$nx{dNbsF~$*7($~>f<wxc($zPgpEl4V8RoJR<Kf0;-
zrsDC%6N)>W>v+y`zTSE3`RmW$a6a?=*z*%O`yA&rM}(s-(@)*x$Z%w%ryQ#sM;zZX
zv*&M)(~fgYN~I|i)PxvFfR3;NR>A=|3tw}dm4b23rta6&TR;N!7pV6&)fBFSOc)Px
zPS1x0unY>}B{&90KG4)3pgz>pU`U5qpg!Un2ZLcHJO!)Z8J*{`tDz8HfR|tsysonq
z`xfj3kB|9Y-~;|}4b+7&XaGsj7CJyOq(C>FUf5K)9-jY1Qw8wOK~22}4w&+brd|Q<
zS537Cb%Og4Sm6Q4gO^|}Y=<{sKfDirffO2Fgzv!t8ihv_SfDK=Lk~!W0gw(EAPv$7
zDOi39zrYDN3sS(G3b}9yj=;}wLWhULD_^iccSwbykPeGs1-uArU@fTAni_b9_hAxb
z!!(!$w?i&0f)(%rtbxr?0z2UVd<sY42RH$LgDRzN2p)vJZ~{(4#cSVD^Ko--)E`l&
zqa0COOAo6EO+D6#^&4wyGGxOv$b~LVi1*@ngO`pEHVzUX5!&f=#0o1~Q=bH?#)2A)
zYqa*r4O<e{vVP0@v(S-fM|AS)RjXT_Z+%{TAE^gZ-l^V$yhnLwde8AbQs5|1^)%%P
z-a3BRI&dx2g<yz-1W1Io&<#>yD5zlKKq@H4LpIzFxv&IQz+<oyR)Ml=s#PrK7s$Os
zajkC#M*`WepqNmhSM9#FQ)>^deIpuHdwA{i+DmFLt$k1J6}8vYURQfV?bm8=t6hTL
zti7}Lp4y+(K2+OMr*@rd>jc*sR%dvf+w0`kd8|%u^uy74(W|2iqF;($6TLC|wdifp
zCDFU0_e8%JeIWXi=tI$8MQg>L#oomM#kGp-7Dp5}EpA@is`$tcoXhYd{0zUsZ*T(6
zL!M=)WjES~4p`1u&RQIn6=9phwuaFX72PDd8InasQA2)&eG6U?451JSji50!g%)5n
zYpNHhI{0GX0e%n&7N`Twp#@mM4lxi1Nze{bpgZ({-q06Pb%tPt;V=p^VIpM1G_mHX
z=IQ2{=3C8onCGAcXc1asUTR*3?lnJce%Ac8`GnbFZd$)Z{o(aT)X%IxzW#Qk!mkYv
z4zC{`5#BYtM|j`x)bJtUL(xrWI7$n@BRn_!mGF(>JHmH`e;EEr_~+qYh93_<8UAPZ
z-{I%On?^Q`%qY$%PUhOolg+7XbD=)K=YhFC^L-Zj+~c#{=RThYd<uMueAf7^^I7k+
z!Do}t7N4CyyM5mFdB<m;&jEDA=Nq5zeSY^j?c?xCug`S`#=uw@5BI_fxDOtHM<EXi
zLGv;Dc+mYZ(8uCa$EUeZ3m>bG-6zH;&L`d{(I?5L9qQoI*{8ct51-yXeSHR?p*}bJ
z+=4QFX87c`daTtGt^R1GT7TTy!|GwJi6X7n@o0^<Ru#Lwuj=PmrA|*elYQpXGe@&D
z^$nbW-$82K4zH#nE8nCNUp1*@sQ;QtMZnYVnbaCM@-y$BBL0k2c$rnNI#le`a@1;N
zWoAX&y*6cUU{AN-X-_Y_y->aI?7=k$cO87^VClg;$2P~Cj@^#Ej{S}g90whrIlgc(
z@wI9OR!D+~pxB@zTuV;EpYRuyf&=dJ*zIw^<Cw>Bk3T)?m&TVSmbNSHfRal)m3Apj
zDeYF;zqFI}Ve6CDRaR{cWr($$cW^y8D-yZZCzH=07y@aa%vt7zH5S$A?K#LZ8x8Qj
z!Fx@}dm#tHJ_!3L>`2(ruph&IMSr4GVW-1N>O1QDMfgV?h&U0^!WwOT%=)-hoew-8
zaX$L|InEd12={cME$6eK_G>B{tk4a{ysxQoa2w2ng>W|%!Hb}@0Qyk{sC0b%9GC@j
zAQ=Y1jgSVph5HH*6n<LxRpH^nT#KgO1j8TB^;_n5uipy4`~3?1iu~65ZSdRVx5aOV
z-!8vBetZ4)`F-s7iQkugU-=#J`^N8kzvF(t`<?WA+Iq%%&g!t9usLi8?C0$&W=Kq?
zBg-+x@ucI#%lH=X7nH&|I1kQ_Z0zfZwUpIhG>idN7+u&JDIcyQ-~pcC2X)|D2!eVL
z2Z_)IIzkUfg&X19EEm#w@Z)8C=b$fxjs*P_bRy_<(2;tMdaAajYC#?70BhhFoPg6{
z^sg;aMYKh1P@7Q+HR*@wNqI`WVcKPS-*m+EExzwBrr%ID{_hO8>(9m4p1;ihnCI45
z%Kgn%J{#(h?y*EaFHd?zP#&J_EDwL^`7!#=^Lx+VJdb;x@jOfE*x_lZX{lMeX6u@L
zYd&9dE!tc2Sj|6c{#Ek~QeM}3g`mc$IZF1r(JS3+yjQl@Vz0X>Q|EcT?N!4&$-6yD
zMK^kn@SftGTV=U!tM^t)bnofqxv#xXc>nHw7X90`#kh{-_)M$vTDR3_tA369n(NzX
z9}izY-#}lBZyn#}zAb#MzINXj-#FhS-}dNc-{HP#z9W36p!sN_?^54;eOLJ2@B5JN
zW4@33u0&7yuJV1>_c`AJ-y+|ad^h<XKpuX6egS?KzuJDy{aW}X`L#zk`VI3Nj?(=`
z_~oL7m7L>S{kH1o_1DgGx`sc~!unhMYx}qHZ;$$+8~g|Rr}>ZYztw+^|3d$V{U7&V
z>%ZRrb^ooX#DAB+7GMpq2gC#<2XqUV8!#_m0a_HWG+<f4vjNYe{D3t9>jKsXY(*sj
zI|6p0F9Hq+P_zt84(uM-GjL+ylE7tw%F@Ep5v5uNS%z7LTSlM^OQvPACEGIHGS_l1
zy7(S`bv{RKo#l0mGNE?O#JX8^=hU5B_wl-Ub&u8kz3!>HDyUXac#th9IcPvodeFq6
z$wApcxk2lL4x%qmMDVQO+~5Vli-QY-i;$F!RlNrFQtM5smtAjKz1(`m_14sTyPgWE
z8xj$6Lr6aI2#pEtN?pYK(7e!>LSGKu9Qs|T3TqVBH>`iyu&_JA#1Az5k_%<Qzg=ZP
zxo<b9?tObp_%`&W^ZxyA_yPSMekA-C{T_Zcd`iTWh&gCQ#L5U$q$#o{@`<byc`d3J
zSwFHdlKXsf#IT6S){#k(?IJryc8%;A*$>T+To9?EzK!}h>bIzq_{#2nlr?%xbQY?P
zKi9fd>sB6=No_pVsx2i_<Gv)<*t1+?rOrg|l~Qja*IU<pdD(LZo;&xPdfsofWp()K
z7OPvXPF_8E^_<mDuFhNi-RhwH@cf39R`1T=n|~nx{rnHn$N8V;pUl?^%mp3=H4A(S
z{0bTtBo|CAm{+jA;AFu+1*Pa*!TAE8!X|~*!fu6fPhL>C&RNbqQuuA*_l3s`&lH|7
zR7K6HSLj@nQq;RBy=X?!t?168my6b-4MiJ^HWh6xDnW0e&x^h+I#P73=w#8KMV0xj
z*5YBsHy4j9&MrP$?0)|@d=6FWSt|8e^-*|f^U@ZT-pkiI>kL!%I>Qs^O3UgCBOPrV
zogBj)nU(nyiZU7aLsQ_f2lT7LFNOBd5&A+Z42N7eBbNL1O2`AL|55nB;SdeU&>4C{
zDolr5coOp9E!YG5LCQ8yf>EbywCx*Z3!`4isOL4>_>J~`qix@4*EibqjrM$_Enj(3
zCsdPdgF%oEV;~n6!eUqh>tHinPFYU;qjZ=7x$qPm0e7EFd2<hk2uOllconw6c98qN
zV1df+_vysn4!N)rN?<p<4c~%M*J=1X>G(V13+2Lnp#1O?z^MN&AuN3v#Gh;gxdHgn
zum;wG3Z#w#n(0`vT_GFhg4CVufFmGfKQq2m0!)D%kortvKD-PE;72gm;yi;C9jT)e
zQXvOs=*-8igEwFYe5UgSR&e)YTH?3l!Xj9rvlM#|EQcpy6%>H@J72-&mebnfmkLI?
zOv+;;#8<tB`bOvuy&w%nKrXxtJ76d5*2%q=IvF?wpM$Easn(F9lZ!2a*K~|FhU6f8
zVURL=OUMK1bK-zY)d94otlv?m6IRHBd?<ng@U_l2SV4uj@WtApjZP|7xEbz(Cv~Jg
z_!PL;f42(b_okDBT@H%!nkRUHH~4}Ty6IF__PdMsq`W5_X~204Yr<U^buvaBjMS-|
z0Hdy=tSx3NKJ$3C2X29E*ainc>i^XQjsqk^7Z?RI;SN|1(mpf?R2Ih>Qgt4{u7V@*
zHGHF^vNiS3V$v^h`QhpwzBBw=xj@PTM)}Jq7i1Gxx{iFd{CgeE|K>W&l20gW!DsLV
zoPo1&%|Ys^AQs}GAEd%$$c81b6bhgS-h>?>b)f1n^{1e|)>ITEKzrz?v*IXaLnwit
z;Zk)&>PPYhY3q}|S<>Do{I`wG)y8(E^&FL#2QHKY_5|z;I1uouvpnEl_AFoSe9c+r
zRP~$GkE(xj{gL%E>QAUYv;OS*+wg@Q4cvX$7LhF@?MQsn^vETV=}~i{8s;yq#0PZb
zyZo-v#hLhC;$s<pQk6b|an6M$gtZOp>Gapd*N>>zvYxeG+j_|;rCxsqZ&vPWNXz$?
z_*w^^b3A8U?_><Dl*<o0%j42?qG@L2fodXe<cs`KAgYDxpleYOs)s^ReH4x&Q6nVt
z05?O|p_V8bwMI4+gW^zvmZ-Hs?NA4lj5?zf)D88}dNLbwZ>=xtj|QNDXb>8LhN7F$
zaFm8dpiw9TjX~qk1T+a{p($u8nvQ0oThZ<4PAylPj~1dOXqk2oPl3B%dk8(IJ)u2?
zo<`52=TQN|@z!2MYtSobBif{G*0yTfwO#0K^e%c29Y7zTkI*OR5c&*#p?#?xMqi_E
z(0Awu^b`6S{fdrjC$vA%U+6R{Mdy$MX(r8NMjogp@<zVM9|fXXs1CXo1)+K<6xB!J
zC=xY7O;9s*9cqc9QEOyFF{UI_JJivXZ0d}<qn@ZY>WliD9xy#*df7C^JcXL$snp!e
zG~Y(u@e1^U`91Ri^ZVwH%?Hh&qR-Kn=rH;keS^M3KcJt`&*)cl-24a6)%(kQ3YD7A
znyod`YK%amPzD-<#-Ryl63RkT&{Q-X%|x@&ZRid(2hBxyqkGVDbRT*EJ%k=XkD({f
zlV}xs8a<1iNBO7_6{8o?%V;fHk2auJ(I)gd+KRTLH_;BX3++LB(Yxrq8vAR!k3K{n
zql4&E^f~$x9Y$ZHZ_sz>2lNyA8U2cmqu<dV=r8mSI*m%vIpjd{<255$Y9epsi~La_
zs)g#HYf%uYheA<(6pkWMBh&;nL)W2}C>pg!&iXdmJI>MGA#LAMzo2Mma$Q3oudg-G
z8kms>s)@XjFY-r$s1~Y&u0=tJOJ0LeR3C+-NYn^5LCw&0s3nR<t&t7Ipg5F(l2BXJ
z9(6>WP#4q{bw@o>Z`2p{M+4A6GzbkrL(xrWI7&k!&?uCF#-MR%0-A)f&=fQkO-D1)
zY;+sC1I<Bm(R{QJEk<{tyU{&pIl2!$fF5e_WP?@cY4j|59_6D#RE%CkFQc_+J=%a?
zMVrv;Xe-)|-av1mooF|D8@+?}q5bH6^db5f9Ymj^&(W9YF!~yOgT6yQpr6ps=vQ<c
z{f_=Xf1!WSX;g~NAxDFn;TGC`BEp-6Tf-B=lWF^rcAxa{G2z+H_MXMzE5aWM&kN5F
zU*l~1dDX2BX}4a7bTIr#_z!v=(m&xo)EEUs22yKOhx(z`k+CQVwTo;Y*-ft}T0lLK
zm3FleC?hH}YAhO$CZZ{5YSgr-8Bw=I%|-LkLbMp&h3-c8pylX3^Z<GYJ%S!XPoO8!
zD)cmZ7Cn#hQ6VZuFQS*xTC^T*K(C@r=ykLeZAWjQx6n?s8@-L*LHp2t^gj9!eT)vG
zPtoV-OLQ20jlQ8i>=*PK`lCXfSf|yUR(C;NQFqi6^+tVBe>4CMM1#-}G!)&0hNCnz
z0*yi$Xbc*MCZI`ZE}D-PqQ&SgbT_&OEl2mE2hc<45%d^(0yWBSl-~q3L)W2}C>piS
zx8=v6IFx{rP+Qa<bwr&|7t|GXM?Fz*)ED(f1JFP;2n|6)(M@PLN<$;iD3pQ5pmAsd
znuM~@l>Axwx1!t895ffrM+?znv<%&g?n4jcKa~FndJH{*o<ytA)96|BJd&jly^J=X
zSJ5W)I@*f1qc_l7Xb;+p-Y=^+{5bz0`V{?*&LHt0(~HMaZ^x(>y^c=m*~-SPP_HH9
zR4!FFWz@x#=w<qJy{sAX5pBiL4~+gOV+hZKCtxE~)$e3K?;Qj4$F6=R30UbzG65FB
zD%cDk!f#NM@>oM?3xgpGmV)#<aWA`l&1?6vTPS5Q_p;j{Ub~mwmh;-Z?DjUVrTk`;
z;k@yweRaRu7#Fj~ba6YA^s~AZ4W);l^r@0|BBLG1y$$GX+I*(a%F~Uu2x(_HODn(B
z)prT*5-fG^v#4K>qWxR?SUf>px_jB-_NY6eq`ul!7ww_fMYpAW^eO6~&s(p}yEg9>
z_04{({itJ}vw9`<%u>gkjh3L3`G4l0%0HbieWJcc*+tpZ{C-*V2lc);7pGCmppIAX
z|5Q~O!>E6#s$QY0`U9i<Ym{51{Z7hIuWPSsCE8osgQf>fuC`!lb941Wb#HgORGXW$
zwO!o4w&$YuwVeO9ua#><{?E3rb*)zW+LgAgsajXxmUcO9Xs-6N&cP{{*@pJ-?PoLH
z`cJyr%;F*wBc&~>I_*%>FS4E9{<MmI5z_wTsIvX(n!LJs(gyVpZBV{tZBUbGgOc{A
z<@w9=|3Rf!(B33%O+QrH)|6E=<&y19U+C>kCo64lDygEK=}Oy|j6M&Q_E)*WI*<QU
z`%<djzErV2smeMUuj=>V`~OqB&wtx_s@EUye_K1xf7^FleQy6#?K>6QbrkJ2?(I2M
zwcAL)t*dFD@xjLxjP{DFZm0MS-yZ&7ANzBq?Gih+o!TDs4mydJgf9<&G<;QfLHNtz
zThP1cERr?}SN}Ig-_zBUDqO7w@<d+92l=4@WI?sjHK;BMMj<E+QN^Z3poXY1YKoep
z7AOj}LRMr)u_zuTp|+?!>WDg_E~qQ&j(VX!s2@s2*P|QIV00rIhHgf;pma16jYgSh
zEE<m{qRA*5<)CS32AZYK)^0<0pt;&SZ2?-OE!OVR?$++r?$aL79@HMz9@SQAPim{Q
zJnb3u99pgAYlY|q^pf_nwpLrOZ9uPTuW4J*4zwHXMf=cx^gj9!eT)vGPtoV-D|7@M
zMc<<D(U0gD`UU-len)?zzqM1^8FUt%M|8_I$x;J(A}{2F{7?Y0pxWpfR2K!K5EO>w
zDXbBwA!>}8qUNXtibAcB71>c6Q(IGeQwLKg)Wy`z)C2WGeNaD?ZO%65pczQ|XP56E
zx!io8vwwE6c|ZEV{E_((`V4)6zCuUPQS>eP9{q@pp<mE%=uh+yI&D5<K4)%SBOQ%I
zqfsUri^ijgXfn!1IcOT1fo7pw(e3C?l#7<4W$0eC0^N@uL=U4!(c@?(dJ5&CXV7zK
zH7Y<w=mqo=T7%Z1SI|cE8rqDuplzt6#v3)>LOaoJ^fr12?L!C92k0a82|9#6Ltmh;
z&=GVLeT%+FKcZvk7xWuCfli`7(ckD4I)l!l^GJCpX^Qcvff%;s;f3f(?%{_5kOkF7
z*Pyyc25E($FeH`b5vU<*jGCh6s0E5bt&sG0b?>hz{S1wMeT-k1)2u-a#L&<NUdRXe
zp#Wq-wb3=GE(%5r2y76BWQjlxQDf8;HAgK_6l#U6h;HQ#Vo^LwL~T$z)Bz=<&L{<S
zLp@M0)CcuLspxui0~(BOM8nX{=oXZYMxxOu6OBdV(L^*EWuqK44b4Ea(5>ipbSKJ1
z^Uwmc2rWTN(K2)|T7m9I52B|~9(o2nhgPEkRD@nYFQGMP9eM?AM6aREXbakgO3<5V
z2ik@9puOl_^d35ZK0qI#PtYOs8TtZ!g^r-3=v(wX`Vk#Nzo6gH33L+uiT*~X&>3_V
zokw2bfzGiO&BI%VCx&-)j<+a3)*>x@Y<O1qYvHel?+Je={19U;ex#q~sqj)~!=Loa
z^o{h7v_#g9tg3IOH8Li$gR^gDSNdhnr(b64sB|<kYIM{XG!9KblcKVta?o^iXH;&~
zJhT8ULQBw6v<%&gR-pUQgXm%OD0&>NL{FhS^bC3qtwsf?2)%$_LTk`E^a|RDUPGJF
z7PJkOpf}MDv<vM)d(pe-J#+wlfIdQ>phM_0^ac6~9YIIY&*)cl5+&0Mv@=RU-B1tI
z3-v+$P%63}-GBz88__UyGr9$(qmgJd%0y$)cr+2^qIqZmT7;IMrDz$t7p*||qX*H$
z=uz}IYDiDi#;7T3j#?mTplF5cC>F(|MAQbgLmf~u>WorQH`D|5LVZv_l!~rLH=x1j
zMl=lFjBY{cXe1hqGSOHx9!*4((QI@Zx+DM2{9H5-EkKLV-RK^)0^N@uMvtP$(Mt3b
z%0thf=g?|YfQs^8%3qWJO8!Rl8rqDuplzrGy@__@@6LZ49YCL;L+CFgeK4d?sLTOn
z^a;IG-_Kn7G0GfGdDNe82kEPo2GS?09>hXl7z=Yj#&lM9T;~ST9)O>q2KD6sHl8z)
z_p39Wb0X;$LLO{_kKkAEqHaAB+QA^mhPyz<eM%pyqab~!!l*x&K2w81`bw<;=_9pQ
zNBS_y`~^lGN`$wo&uK@jAY*vu*SM?3eI8pqwxc&Z-t^evv6In4yFDz-RnXfr%{jK`
z6Xqy5?D?(d51v1I9`pRwvsTSo42|klb9K!%HGi)8N6mAnu2(&;P_IT_O}v_UUFQ|;
zHPq`S<}q01wbwb9f!Vu_cRTM6-u=A?cn|R&$=JoYjH};*wv~;c-{%}df0Xg_=aG!%
zs%*Sgw$Buw=}5+uZ9&`I#*ZCk?ARH`jcLAS-*%{jZ;Ees-yXibef#<j@*Uzk(sz{a
zJhaXCP2XL<dwlo$?(;o}lwS?McBq42ieERs9)7+2`uYv>8|*jIZ<OC$zxj;++2Xg&
zZ%4T?Kt~z>qx{YOZT;K%ckoZ~@8;jbzn6bs{~>6k|0w^t{`39!qW%6K`G0~A`5*Q_
z>HmknEx;BK8_*`8dqBT{wdj?AEdkQ^DLAlRU>r(7NvK0$$G|Cp3j!AfE)KjW@R7jB
z0=ES2LM<&FEQ2jWEw@<GEh8<XEn_T`EK@AgEb}b)SeB#5El*m8*Ga2WJLuXVJ7dDG
zXWoFEps7Kx1bxT|pf7`bgZ+a8(Zb+G!G*}^vlPTU1A{_t2}uvRJ!B4&v0N&&Mrdqk
zO6Y{psiC={^Fp5veKGWV=0#{szbDr?uM1<m{?W&H$@s40QNKsciJlWJV^>=+woS%*
zWv$LxJ#F<JtDj;l>xtFBuQnB!3Oo^mR|*;xG?Uv!L2kj^f>#Q5791(~ol&ihf~Jgx
z>RvdoFt>1i;rhao!tc;^jN|Wu`Y@LNwxT<V)}VDouN1vn^jgujqU}X*pr4D57yVWA
zchNV+$BKU`{<T;dy<KC?T3<BQYzBSLZv~2P7mc?HB+h+&m5j0a4!(!R^p%$Jcf|pW
zIfib5^jU;?un-h|oK27j-5^_MDs~#k91rtg4Qz%tbrgM?P0$Qv{(`R14W{bkV&}nn
zD1o=(U3d@nLlk|Q6F|mv35P+(bt(EN%eYh-S0`glJ3wXQO^tD;BYD5Fai($Cusv{#
z&Km4n@ba~q+5oRX348%xg0(K!VJL=I!I&c@itBS5u+qo4;@IR4#3k!=#&&`C;UIhl
zN8no>iq*;oVjv0HLI>!sGXQ%NEQQCQHGPkb`8YZfz8~_T5H^C1zQys-MyDONJ#>Vw
z&|POKw&GaSM~M4_KFNQ>iSdlX1S@@p<Dq|+ivifhupI6OW1OBbj`Ybbj2nQ8V;?i#
zca43Vgw27f#z1!dfa414Gd>sE!bF&^vj8hR0juC?cp0ia&Y6C-@$eFTX@y_lI2@qQ
z>?e@I{iYWfV=<*azx3so{@SNNm5nPiu9^KAS2oH&lQCt<+%s-LCHimdXYAjQ&2f=F
z;}wsUVt-fcLtfRfljD{OL&5BA_HK(hcqe=J^zP%`kNeU*?nm3aOZ53%-gVxK%-n-I
z_#|_una_Qugi*>ePWfFQ6Ze-6C>go#FMYVX4B@`A-S>^Md&|4ddyD30_UpubWghpD
zZK#C%$ZqFY(s!I=Nln~CI`}8+_m4i#`^P-)9sB*?FS}>Ry<iS%X^FDfP$Ft;X~%tF
zNZCDLzGZ=Bv1OTl4_Ilrmg|2k+K9FV?F`x-v?r)hy{7f9bM{fS)r+Z@Sg&442-o~U
zAw$pzG%93t$fS^*kQ!X~<4{}FKD1M47w!S`oY()SLsy69hZdn9(6P{8LVrUio%e*6
zVX<Lx&Us7zVZIU>)7+?_F<16x`gQ%Sg6p}K&quEmZYbPb_<G?suIa6dtVJ<Jv0TmN
zdM;P=JGg%TT=bjs8vYm8@NbL1FaDwUC+D^NmtwiD8rN32zRES!xQ?zP{3^T#QJiyv
zas8BQrg7ceKzKXI^;52!f?PLSfgNHXPUi^rD44h&%JoyOn;oGOROk9B*UJP*hEC8`
zN3NUeV3W@4*lqBJj$BXIf?Q8uhiy7?J+(tyXa^m1Ucd@3!OO5wCn5+R5Sr@9b+;8H
z>Qub`w&%JkxL<$e8Z6h}58(?q494|WuDQYxxDg)Fk?X9`K}W8y!djhIu!3<Nm9hK}
z!oxa$>DN)?dTCrA<vN%N#&vKB{_D1oZ6RMq9Ems@@ohvleunt{kHZmsfD-QiCyGxO
z8~yrs>({9~{9hS&wFUOW2jGBQSOrFVfLynY>$QyUaQV!O{|9_#6F#$e&F#E9dH3+{
zi!S)ibDh5P8~D!q&;_5_<n)<4RhZ-8g3mn9=`+9K^qKcC<HA0l3qG^v^qD*QcJ%Fp
z-`v;fGY>BFnM-_2@Rs-CD~q>m_{+(a_{(#h{_=Le?fA>P{N82EyvtYCoW61=eC58#
z<s;8^`p6&XK5}(^<0*l62If}c8%JBL7P}?El4NOPX^)?LqwXiW{Ns6+g_cEl$@kzP
z8$R+i_{cGCKJtd3SA(_&?Lu!?=`S~|*Q{RidUljVU;m(xU_9s0kiqCir~jNDG7@Ek
zObnS?=1Xr4+3xhG&G^%?q4A+@LffIv$mLtl4Sgo``Ot#U!q8%;kNth<kD)(>{)&!=
z{vH|?784d<=5tp*x59ylFCxB1-(BQ?yXIQRTAfv;|J|gZsnh@7agpym0N;BazW4gV
zjfI;Ew-j#GeehOAwjz5`T$wN4r|5Q6nJ@lJ(Xadp|1SEj_`BjC(XaoP{BfFOl<;r<
z_*~v!4;x_<ROOeq<bDwi;-9<w<#Tzx5w?Nhmy1s>wB{aSgIJw-Y(+m^eD!a@@Yflx
zQRc5F6Ba7Y`;y50q9b&M6cFFs-9KN?>(^kj&US1Gyb0pBuj9TVe)|^K3fsZme~;ll
z(gxb=bi^9|y!iAl>a4+T0P*n+KR=v%PD5w{%|PZxY|VWq0g^!cf0>J@9f;2_h_5ev
z1ctx=Ibren1$Tcxk$X*L{{CR%hl1hvKTP;hcnqxEa}58#Jz*&WxR(Qpc)bSJ!Ft#L
zms2h<=B9aw`<NhQ0;62;=f9K-DwYSTDhG^t|KI08`QPUME6#@$NQI%GXbi1^JcH{6
zyXH(N3Qi|}A{b*b(<wKNgUOHux%?(BHKw<aG|IBda)dGY=|yvj<T-xp)Ou#@+oZOr
zZ7SV!oaYJ8)1D<Y->#YIoy8oD$G!jbKJA_9lf`^P$9*z=vwU-WXZn8cd(t=4FUxP1
z-<{6+U2gQhg|f*k|L^^e`=<sBb&gSs2#g6#w)C{Dusmk@|JZvE_$aEsZ+k*WAPFV(
z&L$*ujRCtTq(B-f*cBU!qS!#i-mnYUd+#C^?7d<y*t-Z~?}%MdVc+X}Hj|ulX6CQ{
zZ@Hh(`@T=k=R2ERx$>K`vu7u>yJw~_R@Jv%zv~)~ty0K()$rM`S9&b$F{9_qo@e&F
zsOR`z+x5Dw*ZsXJ_^jCY-rMz_R;2O!4l9~bG_z=Y@o~i`GFson(o0IeDovLjJn)=>
zD^^>v8YkEq#~#|C{On=pF$Uk@;dR5u4d0Bh_+|{BIsEqFj}9-IGkDHtbC%61pS$+l
zSLVJuH@G3sjBE4V4a;xPIEOm!DNOfBhvVs0WHBZVnMG!k4_olQWKzWWj}lVZ7>#44
zyh`3AS8@*a2C^;hiPG3Vhmm8*_2gC(jx*Gi<ECCj$5aoK`NTf9s>sibQF9cxN0ZCQ
z6-58%EhFLhJmI)KHxy8x{LVSuGzrH#n#lPUjeFXsJ;$|VGqNRlif9~1jiWi0d`FfO
zjR84|yh7e3ACjL)IM&U0`oZnUE96}g?yK|JC!Ztb^jjmy2lQ7zkZ|0za4gU8|H><Q
ztZN*q`6>D@5|n1fhYR=T`Fl~1jOTp7c4T|93z@;O>iIfeeJwK%;l$T7;}3@8`&E3%
z7z*S&{?A@cbPW443CE$;_<uK%dE{1dI|;`FTzx5hE-~W*e$O~UBpl~%2KSxDC<yPz
zE9qau&w_`2ua5KeSc-f6*pHph3YMA2jmAWp+;*z>cp2REc+ume`7!ct;$uYn_J7)^
z!+kQ`Cno>Jeg04G>-8J&>o2|gdOMyA{QElTzD>IC!uzc0K4=^lM*YS6J(lzc*#EXC
zJCa?<e8x9g(JI|aeauADSDaF8_YHdd>v27uBt3q^{m||Y)%U5t`;PujeVzKbY4meL
z=-bq%X`HBqER)+;X<X50UzOB9sb32Fo`YDv|J3*VpYB`!PM@+n`&ig_Y|z*zeAU<|
zOkm&8xW3_I|F0g~;bZupK6W*>fYLM`0R4hK_g+r)x%aTI(EG~9kr`bt?K-~qF}=gr
z#^$%ljQ0`tsR8}F`hJbqvIdz!Kde4k<F)9#_?6@dqH$XEToBN|YAle6ILDBHdKyn;
z8f+%fYcEOTT5agP9+Mg4YEr>u_QUWszHr=^89d);JecrtUL2GJ{evM46R&Iej$k|*
zjmx{Exjyg_T-Em|+EujcX*bdC3GQXAUX9lKXrOU<Po_=C**Rw><3c||n@@X!_B8EB
z#>LCa&1baUwr0HEK8)A9SMI*KZ_t8PZCm}?YI&>j)+5ciNsZk*jkbbzFk=ROM?0j=
zA#F~e{nYlSw&U83Yd4|Y_U&4>@7TUGZG-k3wLg*eO8Yn3zuSIc`-Z}CjQIOU;lxgR
zb_zNNo%idyU)M{xkHRs4-{|&Mw|BZN>=ty-?>@T6m>wGY`O2Pidd}@Rujhnb6MG%S
zxYZh$dPMJ0y^rR8o!|QzMhkwucVW@MqVl5ZqA^9A6>U+pQ_)e34}2Qq1Gg?IC>dNb
zq-4*52Mv5`;L`&?8@O!X@q;fM{LbL_2LCyD#o*<u{khso#x<R``n1)9va+)BvT<db
zGd^%uc{bw$cPQ^%o?>j^^74&nnQ?*tC|}9v(A&;wKj%Q&(X<~JM|=9*L*~9T_vN|2
z&Ha7upR_W@u-lpT7-Q{eoIQ=X{QiwgZv5`X?{ED2rmwv*f_GUtiMA(gFUAVaN@u5Y
z()sB&>GtWK>0arS88>*N^eEc)v>j<XGlp=G#d$e$1^cD)N@K#Yr!`iglHxc-8P%9@
zj6ChX%6CNPnZxnHFDl@5VKR?n3}q|!>+Q%%jr({l{eZ^nevmvw9wCpB3XUnN$#ilM
zd5SzsUTn;J+$xL760#o0tQ!#>yDDSp@5hk|Bzz9g^T5-Md5r(f-X@hClT?%NxcPp*
zS2m<i8mWGXK1mtPbGOEM{irdc`2VMdTud${my@eWCH>YIqVw$glV2Op)u%azQNr<U
zzh8sCgM`QB8Yf*@mt&X_WOQRL;8;fI-#(g}iN=goPF~1yCutftAAbz-kB9vC=1$~3
z)bZwgmQ`cR=$hc8iYkh>q^-Gft(BXs9Jf;Y#_C-BYgXgqTaT?={>vyV>QdCLtXo-6
z+6HAK$|`6((t4NoHv6^q>0v8}uiTcVeXwo1Z92T)2M2@cVRkfq%ZT<PcqDJs{!$*R
zHAOW%x{l`2b$U@=Ngj`|0v=&QN~R2)GH`F&zO<>d{b>i%4x&9x`<(VA?Q7an+A`V+
zgHITI673Y)EZV8G(`jeY&ZeD9JD+wT?Oob?v=y|HvXZj?w1Kq2w5@5|(k9S$pyie4
zl{2JZd0Se0S_fJeS~nVlRFwCk_2scWa>d9M-B)&BxejeT+6J@@X(MSBv?|(YS{-cy
zZ3o&;w7hg)dLx=1ixX*+XzFhn1f!@AZ39|%S+?H(R+dj|OY1``rd7~a1Uwe?ze4!f
zRG-a1ghjoIdKdAb<f8RydV^(4S{|(ptv8Kf?aMOH1p|3D(DT7+0Ry%+JtyoC?9lW)
zpyz;S|3CA8t?y6j_tob|`}>^kt^Q%3-?gY)QIYBQ*DD%PG_t6Y{=e4r|63Go#dCn$
zw`Y~*mbES`ptUROTGqX+M_Dgg-?CKM5Yz9kU$$Y{sIp30wRsNM(mV&K-~WU5Z}j<v
zE4wl(yvBtuUpZ!F&C2?f8?PL1#)#i$<<2X2@%sN(JOk)CpiR1+^*pd)dc*WCwB7y}
z`v3pi@AF*7|FHjdzdwl41-GZ^xNQTDkT#@U!ch<dW9sd!9K(#^_~j^$UryurrFBU@
zZ7^-mfqM?zi?$DKKiV|f0kr9~r)ZzizMy?Y`-b){?fAjR4?dB0GHoVpHtjUp8ML!#
z=g`ihT|j$>wvhHGtzTKcvQpXr+8|mLZ7bR~wC!ly(^_+c#1PZvZD<UATF%Q494~b)
z?@H@V>q+ZF8^!eyx~=TCa&6kWwDoBtXdBT+(JE=xv|8GBwC!m-(zpZ+*Gm{-j(K+G
zh-X*YjDpNKe&I1nc#fo;*H(4BrSVF?WxUeTpfngt+b|dz>_nSLJCb%Z?do7oz{#TE
zX4);m?ZI8N`)J{HEgo<2REyWlwJpAGv6Qxq>suVe=;9}EZHr%M$F)4JrLL`#o7<YJ
z+7#rr%Wcm!Y~IiPlC~muW$rJnerdIm|5;CIeM;*e@_x+wJ@1da?-|p3TEVn}9}9jj
zIHt`pZN{}7*Y+@)u7i=)KD&J<T9@|S+V^aqYQGk39ol-dN7_Ht{+aeKw127n%k6c&
zjLSL4cP3-Q@7s0XuJ3hwubakNdY|!(cj>iPuj##x?DcT!;nbt4$5Jn*US^E)C8?#1
zQ@(;R%10NCF4~-Sc+rtXvx-hFy3$-XBda*OIJdZUab9s}TG!(43}I4I+@Cg(HkhU-
ztPP4s6jv0FE^aW_))-ej%UoNdRY{wYK_x>=GS}F+w3Mr?_TOXRxdWdZ_{_jh2Yxs3
zxWN|<etYnu!G8>1X<d8c)78FOZG72gW%gL(x)w)EuEo)@yc1XAC@NovYjKQhycWlq
z!_FFZe&cmGG(Px{;kCoZ(<X97j#<NR8$N${=6W1wUi<X5!S!9QFXFl!Gr2Cupt(cm
zuEVuC4!QBL8^h~zuqc1r!8L^{R*W;(68e*C3GKRa*Oj}ioV;=hO@q)B(0Zr)rbp5$
zXgkn$qJ`J#_>=2&gxBRbjAQSa<W!<@-^1&4T*>!Jc)gB8ICeXfJj*e*GKynV<xP$)
zzb6}V3^=OsSWw4<y3T+y{$>96BovBV*JHO=GuQRlhuh=H3B<pyNAMcQwnSslD*@-#
zwkD6gmC1YDDt|Pl%iE02N!D)6IBu1xjhV@<azkUD;8qFV;W+tSj)OV2-GJ;%rjvuo
z@#I8u64C$TN}6+c%FUdoQ*LWa8RzMg@H$4pcmM1<9&Nwp{}u8X`TyhfI|AN!s{hkx
z@H*y8oDWwYcy(}Ha0Y#q`YH8E>W}_t?2ncgEH6<1qkcsF!FqGooBQXAKUaj0g%8pn
zra$HSG>h3sKOo`#7T#YoI%NKj(`Sp1Av5^jEPM}~-utHgLjUjh@3qo<L*vHJ_TMk6
z*BpM}oI-fcDeTAR(tF=Z3;XT=)L*L)PU;hNtslG32>S{35#i(i<MhYrKYnE0N%(vc
zK9A`6<91s3yrJg?Jtz2mZFl-r^`B#DXBMAZd~xw5#aGg<q0OP)LVKzB<>J?9Z_s`!
zPWLM+DK0sZc1g*dC5uWvEV;M;z5O4f{nkI-f9im#1LimNv%0pC-Pfjvln)&}w07vm
zL)G7f{ae_th5gw_>5tN1roT!5+kHX!*qy_3><zSAXt&Wa&zYy^#64I3&NF1@x$!ri
z9o^^0|Mt1je_jlV{pY%FiO+QnJkxD#J=dLAd{ObG#a9$xReW{vwZ+#JUtc`0_}1bV
zi(e^zwfJ?~o5er!FPWYXQziY(bK(&tN0nS$a#zWFB_BD@kN5PyumAl1kN5wze=uOb
z0n-NP`SQ_$<~nCX*BClxXwA?~hBjZP>YqGU{*&j)%yZ+qJUeEdAH(Ov6+9n)lKzD2
zQGJnK$~CF}?dQ5h^dTRT{}a!7|MWR3d~OP#lm0iJi+-n%34Y=n*DwFyxu#Tk`^>q+
zaNO(gHA#(~taEQOdOg}p=WqkwfunQH?fG2ACauP`()B9>-ou%qh1VO<`}o7_2^2NG
zS3mO_^Oc+*o?*tAUvlG&u9@?J;p>;j{mtt~*q@8gwIuY}h|lPc^qPkD*{1V>ob%I|
z$>HmnA57)>k=UP^PtW4#(=uZn2i`R)HuOGc(R_W1Np1An`yu>)FoSD+WbrwP3eKem
zjn{_QzwvVrkC^`lGUwAX*A|$@rwxu-eFo=ApCRGvxElLc?@^w?d0~w?AD$-;t{Xb%
zuRcrkmt%ENSFgo}#{~M!kzO0tI1S1S&KqkSb$vcS=M$U8Q)iqQ9jg}wMZuM{8C_>|
z4T|!M1{Do1T7$MTjTc<Y1NIHQhkcOw&EO*6x80|>nov;Kt=qtEF<*nl`ma}Y(B#T}
z_L({<7`7(g?rgr_W%|?uf<q4tI;4j3zQ+8)!zrUHJ!ZZJ^B?1>!Q`x!!8T_?xI6z}
zoyNt_TzQGh4e)ag$tA5wYm!I)(>mt!>jKh-v?ZCVV)D)Z(zf|OJ^%l$_58o{`QO{8
z{_eJZpiiGZ&y&no5Ps8myDS*se6@Fes;=>U@6Y=LecB1t1XKRwm-p+y`+3R~1DIrf
z69kovfIQ|eTkoLRS!{jZO#kY;Hve%RWu|5jT-a25Io}0MKMia#FVI-e|FkX2`cHom
zG}hd+srGYC-|6puWrPong#A}72ts3*rtd_~$Qr^4m9XjLN~W#R^j%2&+l<@%7yj@6
z?$32ibAQ^*bA7H*llj}N&Fv06jP&!rKc^|dd5v>QUe;AL@8&sYzB_M~t>xuhr6#|i
zP1`GjplJIYk2q?>ksItVYNLwclB0*NK4gsnNAA>r(BRbujxbI?r12BB-8uZ?wfX<E
zUu>2C(U%!D=08lby|0#yU*Sxv_X{>YDA;(PVB_h*#`^{vPYpKNFW6*Ku*vShrn?23
z?h|Y}H5flB7{6OE{=i`T?!ove!T8BsP9)f3-(ZVL!4`W5TTBfm92iX4CzvoTsGby5
zPY$XN463JU24##z^jPqC@I>%rV2=K>G#b%>7BA{ZgrSgH=rHG>d@-s<vwk(N{}%)r
z*C@lDY5Y|_;~Qz-&j!y0&j%0nT>u}{LgO5DXOtrjR{7E>JB|9^zPXQiYg7~c!2?Xo
zf)|1pgO`FqSudL!8W~BWBI#5xM{11TWAHziJa1~RW~R?F9TNP;_(@zS+SC|h>IT8+
zzO{|t{e#ktszy#}Fw6d0@Otn@@Fv$v)YryYn=(pKS&LU0m+8tZjXBi#2Y>tK1+&x{
z{UtMpcY}q&d%>Pri-P@FUX9&!0JpDaP0PA9OQRV5?b40nCsaL{@mYf407f*?_Wz;p
z;^5${-})YEw#RT&@pOLk-+ujM{p~Mi4j%*`1|J0<2cHC=QZy?oo5Ak~ws^_RFN<p<
z{IfY_F%o<8UtDAMUtI$u!#;2Pm9B=NwfiFYGWaTZxbN5S!F;f<OI8oAh|$Z~x*|h!
zrN8&x{mfe<;mdx|tlc-k(%{=*aMm(YKv&UNgX+AD!I!S}VDLYfEHJfKH`C{s4hfcX
ztqm^RZEDn*x*SjRt!w=5ACzuXHQN4Iv+O?vKL$SqKXY9Xed!7wUuUh+;x(?}aaESC
zPto`XfBWV|v(y>=WiyB6TsiKKU`p1X`jB0q>wFx@?HgJ9b4?Ci@#1fnZWKSI>LHBj
z9|Q+73cl{)AN#Hd4#`^HHyvEW&uf~BXYk#B`}MQ+x4-tyW&0O4lKj5>bN^p{X@sYa
zrdo%_Y6X4U|JT)YjfPHU&;N;W<}!=aFRQ38C@5mYH1+8}bG4VuZ%VR?`*KQ$)54!;
zwctH8yv!dAU?~PQE=j+>egE<O5N?Lj#u`H?v0Bid$^#*T8)-@3)PG&Mf8X;>m7!E_
z5v;|M7X)iJu2DGmfK!!OymPC(aehItPLuIP(|67G-}_D@XsPP3rmE{U)%vpOyT4bf
z+0wNzxF&e8ep7`JP2X+Q^j)+6_r6=ljPIqo8#L9}u<5&zP2c^!YR%TV=2{)v3R^bS
z*t+pM#sxFqX*9j&zxaFKO<)``Ro$wo>NbtvafJ`_ovw%T_i8m;+jB(_UB^;mA7<!I
zjkk<h*7zOA9sjWIuBN80U6iT0bK@=79%-uC;~&<XWcq+z8~=W<zPmM5>iG{VY0R~0
zeOq$RU%-Aksj<%9eRprF*y|rw)Rj~Ar`DiA<Frku&IwJAfFL-@`o4L~|Gn={F;#WN
zm4m2yV&4m!YMtEl-QTNZTQkj`bXeAzUJZ?4X?y?VdyPJ){qyjwv%IQDat*3~Qpt98
z9T}ZZe2<YXoB5lK-}80?ez%A#PBs7Tt;X*cX0_s+<@;v3#7sXh(+}zQS_OYvfANta
zD=hM{F~2d>rC9~c<6ARbhRG+b%=8a4U1_FiV-9JdISy^1`Wu^Vu&J4@X2>Sy`*CKv
zx-rYmbQt^EuwZHGL@sl`D!(2}1;Oy(fz(OXeC}riy?=9_ty6i_dx(?=&!$eX=JapQ
zMYX!8dYJWjJ~eX{&Sg+)Fmrjqtk1&KEHkGY&GcQy9Q-%eX}#3?W-h;_PF;oTQ<thY
zbNMQDx|z#OX8I*#C;pr35(L{(Z+P%~>Wo#mE_<e?Fqc2cu;8`SnX7P4+BR>SHJX;X
z*_zMoT=VH)-ELfB@SfD2)GQAUNX@h6^sml^Vuh&=W__loZdrwMDM}Tmo=!c%oQ4Gl
zr*1WKdfrT5<;qz9<~o(9hNa#z^Z6)s+bUcmE%WDQK8L4XH1k<trXO;JuYYrW#-}z*
zeMZId;Ly|yt8jfPQkBeQcyMIurByhWiK$&uzodTTAE}nX>t;T0Fy*yGy}Za*R^#nk
zygQ8XgIc!a7p=_qZTL;=pl##tKQXr-wd{e>Ciu?$^li&_jlcbY+t$I3jX!;AZa;3h
zzM<nA>1K_$Z=32{m^p1@zTd&r{NDV2S<9Uoy&qe)<Mqpf&GZnA*1@92-#li1THN^4
z<L0N=8h?7l{PcR`Pp|S*%V43IzGtTIo9PlW{me{1H`A}o^lLNy#!Q!*=}%_*vzh*8
zrpsG)2s#D*a!Ydi=XMM_2Bl^?z)a_x>EmYldM+RE2?pnBI?PPh%Igwz4Ho3Rkk>8f
z5opxMjSG4PJ%e+Z_6lBLw8viDE-2_7^yU+byyO(jXPOE!qjBly1#OCg;-I1J#%+s&
zqF`*>enDxlu<fF@@AF;1U~$|2d;)Pm;ecR3klRbs)@GV-rftl$otbtt(-CI6k(pMQ
zX{DJ~_sZv3vV}QX%IqcobgGe}RU`X<P(xRE)IQnTO!KJ3b(k4nTDQ8oV{7(^-e%f|
zdF2Ov%`|1~GBaJHuZ{`VGt>1UgMyKf<*A5}zrU_krsk+fg~|x|`!%ciTi#d9c-Fer
z)g&1`FxWCuacjf3itugB+U{VcJDM%Bo0;xzrjyNd4>R4<Os7zX_dc8HVf<g#GC15!
zkLa7t_Bt|B|L?DfYaVUt9rdr(JBFpq4^Fk}%`)UPi_A7_cnPE|n8Rq?L2#q>TX*^X
zCqK<KbGV*sYzDzit7Hy0a5kxRaI;nW9z*6?<X*ln3vOeC@gTU%;{TI1bN}`ZGl$!`
zZfFqPy-MbAr<uciMnMmPCs)ZF9yfD%jBA?)!BeYb4o{dfe@~m~GiGkDF=BfVytPW^
z_J*0m>s*JG<K$H`hd0fdykn;Cnz=1vwE2MXGTpu7zyIkYtJ3>s4vV>lEEk}$_<vtr
zfBCUhX^EM`SB#1u1m9Zxe>R8jtV-XQIeg8vZi8T%#s6n>_};3tl<$WJEmAH2)g#~N
z^5v#xm}AszF5Vpd?Y~J{rH(ao%1^af#dB(xI>pSXAk}si&#8TCCUeLNI;J|C+fH1~
zSU>kn^)|P?Qhm4`9`s9<a=R+O25_Zh&8Z~Se-+PZVCpP0ry;4;R`Hz5xC)ZiX=rNo
zRXnFPQWr6YVZrd!TB~?Y>zMhhnOb`l&u3jTpAAwQuHyNOH1ipe+GrKeXB71rVK6n?
z+*Wg?aQ)nn+SuHVO>M&Muwe7lmfWt&udU5|wn%NYis!S9na}pA9ar&ucBcODVAs@c
zt9U+>xr)2yG%2<FDxT9GsjJMK_Db!uis!T+S7_5Z?VZ|p70+pE>W0*C=5(By9&e^6
znCXdTdXkx*Y^Jl!bheqEYNn@|>FH*AhMAsirstUHxn_EvnVxT^7nteAW_pR4UTUV7
znd#+bdWD%@ZKl_l>9uBhote%t)9cOjMl-$1Om8;Rd1iWxncixqcbMs2W_qugK5nK@
zn&~ra-C@Ctsh3vqR({#cXL0KNRXm?1sWmwF_(|&1ls;tfjakPZ%=9NS{WY~_ux4;^
zv8I=p=`CjZqM5#ArZ1am%YJh5%(RV}mYV4RGp#h!(Pmm}ruAkz(M)$W(|yf!KQo<b
zrqj%He>0tKrU#knp=NrRna(iNW6ksgGd<BvPchS(W_q)k&NI_n%=A_>{lH8=G}DjF
z^kXyq%1pmD({IdlshKVsvR1HGuyMJjo0{o(Gu_-ww=~nO&2(EconWRrnCVVtI?+sb
zHPhYAbPqF~!gTFmTKWFw_Q3M#=Jw$7L(J`A<%gTwBg>ECcCFxCGrinQZ#L6g%=9)h
zy~9lJGShp^^gc6vz)T-9(?`s7zL`F5rcasaGiLf6)3t+F%3n3Nub01JZr>_@+uXie
zzR=t*Dqqa)TES0d`m34#W~R%{^mj8|S-wuNF3*n_7iMlRZM?mya6QIR<P+W<GPi4V
z*dW-5pT~B}3O4REGN|TzjROA=d8G5`U<^M$&?R&GV3(SpmY>(_Q5V#6yVI+g+nrx+
z2)5woiLWwRAla2nBD*#I{=vrEhwwJRdzjxn+W7q=d_O<)21uT?)7BS5S#jQ!q24^6
z&w1ZC-nx-@@cfV$`kZs*s?*WujddbEuOrKkaQtpDb+r7d-N~yTa(#x!THUmGXILE9
zXMFrR9q_en;<%VTr{mYx^5`=|J{ODg^;smv_f_AW@28!#JW;-=lh!NBzc4<(Vt-Km
z=E!g6e2y)xe30+*7BFR)xfDaQpAA#y>#_`1ot7|Vr03_rl=TW+KNqI7%XWDym@>%Y
ztzpVkuYMj(InML*Vaiz^FMuhZd%O)yY4Db_Elj!6n{PXq@}kGv!<0E*okEzx)Y)zw
zV9KbLF7F6a&hvODnDV8^JHwQf-tu&TDIa;u(-o$ypX1KA8%!DA#^v2%${HG8-MZg<
zz?3sgoi366HnYC^ES<YQXSm*`q<u@<<@Fq8qN#85H{oyQv@pwW^A-8&^osnmBK}+W
zZ{>V$_D|b?8~%3A<q^MY0b8PAM5O+^`0wWQGW&^LXCZuH&Q=lr9{jzWmm~ET!58J6
z81Waw7w0?_;qSxW&*^0DUwghw;7f9*N0##g_y;-WGE}@<vUz)c2>&o=^~iSk82)k2
z9g#W(YzIa6uU+R8{7-WBiY(7>ZPMxA+B_QJpW=V2tEqZ*K7)Ujvr}Ywc4D48737=!
z&7SY)_@C$O7O680e_Fwah|dsWJcQ4P)bE7fso()qC)!VD)>qFjZCUG{W>3`KnBiUF
zar<p%KQ9b=Rb<?BdaGQmZ>&!NeFl|R;h3h=yA);qM!ufw{QBzWd%^wZ<=#9GhV$*y
zG~edsjC)>F?Km!$$MU3Dp72Y{6Y?UDhx0A==9{^{3K_MvBq;2|vMAIE{Zh{l>kshi
zhucRz>aIo2+egP5aob0AI<bWY&Ip%2GvAO8N#Lt{oJBSLPkF`gfIg38>V$mFinU>i
z%h#z`52n;Q{p9);BVdZ_Z&)!BrevA@B&<KGq7tSIb$B{m1ykBOyt-lxOer;w->^<i
zMIB6W=UZPf7N)p-<BCmTN}sm6zrs4>DmH^DuD^N3mN3QTTUBfWQ(V4n#RQn*^6e{j
zgefDP<);ULDXzbB#V#<#<-1nw22)(Vd&M3w#pQce>;+R!bk=w8ihW_qM$UHLuVNZZ
zS=Zs|^!_kqn8OdKm=06i`5shp2uyMLp%sV26qg@SaTH9U2es~(qbp{>6xUCukA*22
z-rRp4S23w5omNyQ<R?_H)nJOvPlE3bQ*3?;d@^iu(V<R%I}5%CT(SLA;d{dNENW@C
zPdMMx;a%v5yA+f;T+96i{rnp_T^)WV{uJs=DH`ZJPn`|l3$EDnJr}+=OtJa-@O@zW
z6m4qm_i%YGgzpPiZ2w~TelW%6m%^vQ6q{cTp9WKGekFW=*#1S8&hl%04}dGSe>MJr
zFvaHA!l%O&o6mtC1XFB27k)78;G%n+^}P{(2>g(u8fQD-3_lcpXwe1^*K!^PKdfji
zhu?yKI9##kdmH=+m}2ug;77s~o8JXL3U*Y{kIwV^J@BL9itTH8j)5sQzpsKv1xyhS
z`>_Wq9tzTF#q}Sq;L(Ds*#4sxkKrm0I{W$K75ry`dtA{sPCx%-#nZToTmKpS<M9={
z{&N)za23~op(33=0avm8mnvStRb2no3VJYH#r9vXcoSD~{kJO8>6363+kdBGA+F;3
z?^UGJC*vx%zqn!vuHyP1RHW0V;3~Gy{~Nf9>+9#4xQgw6T=6NcGQ@ejd{&W8&%&Km
zROUQid{OZguHx4J8h<vvV%J|<u?$yn{qHK$=~HnP+y9~BCtSt#f38TUPs3Gg|JRD;
zxQgrlUXf0pj;q-IpA{={71vK!@ShZ}V*6QK^nw4oiR-tlOsCJpRct@EvNf*a`g!<g
z;VQOYP}vq&as77qXX7fiUs%}@S8@GL_~+m%wolKGtGK>?KE87%w%@g~JFepTJu1`b
zbE&P^ey_?txQgrd#Xk>MvHhaTez=P3m*Ag|tJr@3%7M6w>kq=e09Ud7A(gA~o7REv
z>*vh>iMC%DlvS2fTe0gG2E(XwA+;5|{+g9*<0`h#XW;NJ!c}a4y~+)671tkue=)8i
zKYV_acL_{icAbqXM^Qs@{R-+_im%vyRpn@0#r4PFUxusLer;tvuHyO)_?P1<&3<99
zapk7CitQH$<M6M*Rhs=E;Mf*dv3+sQ@Zc)8zj@`BxQgp<Rhdp-g{#>9HkI4qDy}~P
z|7u*t_IIe<30HCbo$;^1Rpe*xm%?C|%3Uh2g@u0je8-U<H5A*=tk-q;iap=mDktMA
zmplFK9+jNA!ktrewbS2DsoWb^aqI7ce?7ip*Wa&l8m{8{`{U2WRcxOlA6&)t_45t5
zitSIYJQ!DT{X;6#=^Jqs+dr)G2wcVWkHo(TSF!!0D`(&;u7524&A5u~A76PQuJWX_
zJx{`)hdZz68E1Q*QaKA(aqG{<zXe~h>z`J62Cm}zXX4+AtJwb8mFMCr&pXR=9{z2(
zw-vqUEYAg%7vU;y{fqH$$5-t7msVbmtGNCZ_;=tcw$CF4S8;v)d?&7A`&U<9i>til
zEdO<t>GWN=cNM+sEdTYDH{dFZ9REiAyYcTXTH^ROSKflFxXW`Z{yq4Ly*#&9-ifQY
z{$2R@;wrX(Pvw2MitFExe;=-5`wvz=jH|f*Bl!2@Dz-nr@^M_n^`F3h09Ud7rz)Sp
zRb2mB{0DIr+kd|D1zg4DFIK(`Q`|bQRC2UU4aKhWTICzKitE3L|1hp%`)^mii>tW)
zLi|T?75QO*sLu{$&O?rNj@$M3kK!tJefAG(D?VQgQ|$Vg{&PMx6t~X%xJuN23|Dde
zCAf;uKY%IGI*(IBaqE1DtN8pQnBwz~VM?_A6Vz5z-+tbI5*GT+&o7@)L-Ff>3R8Uk
z8BFo{=P)HY-=~<b;;!!(xQfregelQFPg6s2>wJZ)`21^_;`47{O0@nn)K>iM_AE^C
z`E#(aPV@F$N^QlT@3$}|TIYG{DDHYK!&O}VUF8ojWvO!>;Kxe-3#G<_qQ33iIzQto
z(fPiBuekm%xJuN25m#~jUvU+m{{~Z{bzY)|;?`M?t3>^mapQPaZZmJ*{=ZX0iPm|A
zI*L2rKX4V7|5>>bri?S&v*~eEnNGh-jaQ3ic-uLv1?PZ?TZh+LVT#YQVM>NK)#vBe
zsIR!o*%DWY`mf_EuAhUe^f%{unzv6bOo`TcgBptJ*vs=KEc7$y^E3TthWhhuMQtTo
z=Pl|ee*L$t`u2R^fh*1HRT#9c%BOaIi+3BjKD3v`t1Siag+<LgQ>QR!TgBNB+|bW#
zhr*zJRR`*HXz`v`rz3n(Q8N$gbf(TC+|Uo}bgk-6o$f6bdv$ui-!E$BVVz#oc^^0Q
z!~3OARf;-_yM2oAm*6YS+aU=0Rh8l@uHPU316;-S2UZQnRa}1v{)f1V?XOl<hO4;#
z8u%aKDz-nYYE4|l_1D7x7+10Vb*k3GRa}34{7-Nd+aFQ25w7C;Bk@1QRcybastQ+e
z{c8Nra25H^{>J(0cZgkQOjRv46xXk#&gaxnY`>vuV_e1cH^Kh`SF!zZRh!`|uD?0{
zm$-`U^FJ%D;`;jeD_q6)x2oC(S8@Gqt9W+ARcwDk)eg9d>+gvF4X$GQJ6G+3tE8Os
z$-Ck&#a&v|&*^`5tD20fxb^qI{}x}d>rbiL8&`4teejpzD)Phoalfkls=kATe)u?@
zR&@Y14ruXxqaXGg2f}|SYUbhN^dRd0fE)VZ<MfcK!>FUU^F18@M|{Oze$J5NDn367
zrnvm*su?iFt$%D4XDz9%*!7REIuTcK{gd#2##L<pl&V>{itEqD{{>gE{nM(>z*SuT
zO#EMQ727|%>RepK_0Plq4Og-K3#u-{Rb2mK{N=cc?O$4TIj-XRSK$AStJwZkRoCDu
zu7555AGnI`&#9V=tGNCR_<!OmwtrLAJY2=~Z^2)ItJwZ+Rd?Vju74-~N?gVE@2<KR
zS8@IO@YA@8?LScU5U%3-590^Lnb`iLRgd8+uKzfG7QSNpPgXsRtGNC%_$_c1+kdWV
z0j}cuFW_h6Dz^Vp)hoD)>%WTM5?8VP*Q?&dRb2lq{2W}x_UYkq71!6#xwwk$zgzVl
zuHyQOsyNEQRcxPUcU;Bw^>b@neYyS;TqWv%#B-72`XAsbQ9qCRitT?`^)ar}%ITj!
zsp2RKH@`UF>7PHV`T|!O?woJ=62Abypm=TPe9PBWOK}x<dA`MOgRj`j^Ig>sxQgrl
zh~E}hvHhQ`e#KSBIm`bWemmTD#hW|J|9jP+xQbhU1%7*c#jc;O%F1RhC$8V3nxEx1
z`r-47ybdsZsgBJ%Ch$%PJeT*>#MSAX;CHcj_<Y18f@N1S%hSwrU`lj3yHZDSwnI7>
zSMhl(m=dkijT(x-9lFC5w|;ACC{e!$uHyQ6xQfs7VT#WSV2aP%z?2NP@2{TBQ*r0p
z7FUV-y>J!RZ-=Wy{oc5W>$k^MqJAG-#q|qum8jnrSCMb8R|=;1ya=ZFycnkVydO;Q
zc?nGM`S<iyam!hXtN4C@nBw!(dd1fnfUEfaKv>*-b9rBi;`@W}6`v1IsB?P4^8Apn
zzC);^`1Oav6rZ1!P=7UC#rMxl@K?uGe7_8)`25_2I&0u6zF!Vgd_D}O_<T4_@%frC
z#pk~zY|l#)mUAs?D1Mzk6Y8vutN8vpFvaI966&l>;OkOD@#|cbu>4mia4w!6yFYg{
zy+E}7H3@Y(CHU*HjQaAIbA7nt^EnCiH%O>60<QRVIwvg8hPaCFZv<0(eqO@zjKqyw
zuTcrS0<QS=D`ASyt6+-Ht6_@IN5d4KkAW#ZKZ*BC#4Z2j3F~`v0?)S2i`vf%EfaVR
z%TiN3$T_~!a@4~0<u7M(!u?p6;MXVcTN9T5<OJT3Q0MFf|C|IqmO6^RUK_&{pZ}il
zc-#axZu`tjnC~qK{FDSfJAuzi;ByoBjS2kv1b#*WKR<zAkia)h*goSD`1l0AnZ<dl
zJm-5`Gjdfry?G4pz`nUf49~;gGKP16ZxzGU*KQrd)u(O~!_~KK8^gO&f4dmo9X`S1
z{`=vzA7<7!dcNJ}+k18NKY;ej9V{NcZ@){m*=5Z{^+Vn*f%iz@y%Knz1fKGEct3ub
z#k<C><qUZNYp_!c?+D*HhIfNcjN$65cCmPF@R_;pSMyc~X6Qp4QJ$5+TO{!81l}rv
zb1o)!zO57d`~==IftMxloCMw`ffpq3b_u+F0$(G6mpAe+y!$2GK8q6gJ05S_Sm$|<
zC)F9$===3oPv8R+cwxePa}#)8LY*NAe6<8VG=UFp<XH*Z!RKo>`kBW?KOQgPm%V?M
zB=FGXKLDprX@cLsy7@0M^}lOe&Vku&IUmxt&+x`Nnd|d4+nnVvkC!hK*6XWSuD&qS
z9}Z%Pl<4#OuJjLz`om^_Fs>5yC*dk#|Ezv{h%sgRb%ydAC0b`UYA9hHy^gtBHJ{ah
z#rc!rihTRHZV#B^^F3jTc=&nhvc%<FgWo6_Kl8l6IIk>E_@z4G_8DHi7OvvfU)zw(
zU)cUS)$8#aCF6&6)~_A`Q(V4b^+=fF@=?{5FvaCn)uUmG%g0pL!judTw_9Cx!|{{&
zoN36z<w>VE!Bu8D=M{M`Dok<fb6ygr_<TG}@%d&j<q@y`<}k(gw}2_%d;XR%#rFro
zlmV^m?axsTO!57#VT#X7ct%xxz74M8^KD^@&$ok_c*`>ZuK51;Fy$Ka`S<4gWe1qz
z`#ZuEpYH@yPW9%yGfeUQi7>_IyTBBm?+Q~Mb?Q&5-W{g6{^aUCVM>OF`{9&odI$Ey
zq4|T%`i6XO_*l52`!VGE!pFnL=MQuIsqpD=#rF5FKJfSxVg7veb1VAWR(%Gwwtex|
zaK+~-&ZQ|n&%;%Go)63Kvty)w0bKF@Hn28*&W!lyWb?TL;`^EBi>D%fJL)LD-yWv;
z-2QxPxSh2fI^Zh4-w~$xyc4WbpI!2NUc@$2eBK$qbDt}m`%(M&d917A`$@bjbrjz}
zmKw)quO3;RZn%o?cZVrH?*UVM-kEjkTyU;a|KMsq+sAXxl;WSv<09Oihr;)Q?^V3q
zxxWsF-_QQ3*!7QuUkp=hel+|M*dzHjc>TkSY+g4fwqF=*n!Raubbl@kw#?o#+upA-
z{Y+t?ZN~czSkmXrdWHSZam<%b8^Sa7Lw<tc`!?~+`W6N|XYZUH-Oh!<gzO2~N&CZo
zR8h3PVSPT~#S$s@dS(8<n~JNr{>ivX)Srf{xc(`)O4RSieXh9vOk5@E?@w*T^=IKK
zQU3s3#r0?7DpCJHT*dWI#Z{vIbX>*tPs3HB{z15k>z|IRME!$t71uulSBd(E;3}?v
zCax0o55-kn|14Z3>K}%y$Pf3!t+Kbuj`oLz!S>nPXJ`5!*FT%ehf_mou9Ml{j({o6
z%TpMf!{f+44hiSGS@vexnf~AQRp(rMC0hSTYAbgA^Rmy!Rcx+07r>NgoujCs_{)DZ
zEcBZnUl&qC@#|j%Q+$3gOmX=o)tA8(mtS6eB}{QSpP7IuF2B0^TA1Q;KIsEfd_D)J
z`22d9ve@az=2qVbQ+)p>nBw!BVT#Y^!4#k00#jUmYxV6g#pQQY-vv`#es}e~FvaD3
z!UCrF{C=3St~cJ%12Dz+AA~7Be+Z^5bhaCxXn-lc{|HQZ+4CQTDTBS`nGaLOdi*h%
z^08Cr@#-gGia+0{V9E!M&wF!Vitj%IQ+)m`O!4`1Fl94uIiH6qzP|vb`1}Q!;`0|_
ziqBtyDc^eQ^)gKH{a0X$&tHWpK7S3SO!C(2b(rG&Z@?6vzX?-({uWG`;?;i}ruhCl
zFl9&2e;20s{z90N;o<R>em;i&?U>?`rjE^Lz!kqgJQk+-{5aTg#qA??j)yD0e*)};
z;+7HrMEHrt<q>`o{G{SdBm89e$;Hdf{T?p=d(|ABz!iVKGhs7}yF}{Df-Am18>aaD
zRG8xP(_p6+ZyBk7I$ZJnGhm9(&x9#HKMSV#{A}3S#oZ(GJqND%{<$#4=jXu`pPvsq
zzj$(_{snNw_b-GgKEDX2`21qn#l`zX>R$p^eE(9|rNt8?{$+5*_b-PjHebwsas^DW
z`4ae*FvaG2yj%rSZ2lqs)iA~8@~?p@KED>G`20H9b;TW>_4=6lbKr{aUk_7!J{P9=
z{05lf^BZA`%|B(nH^CH}e-6JHrr7*T_&k_mb8UxPV2XJ2an#q@yqlav{abMr*Z&4r
ziTbzUDz3j2SBd(!<0`KIEv^#v@4!`De;KY4_3y-0T>m><CF<XWtGNF6xJuN&8&`4t
zA8?hZe-EzW`aj|-QU6|C#r1!}RigfVxQgrljH{G5`?LQ3e%$+u2N)ji55H9ZhO4;s
zmsfK%hOfBw|G-sTUq3&HtGNE3xJuN22v>3a6}U>&e;8MB{gt>%)PDq5as9O1SpQL6
zMZU(7(>7Aw@Jn1H$Z4$7km**hkA&NkpIT-TU7q>WR@~*u!dIgHW4Mazx4>1R{^Pic
z>u2LCQU3{C#r0d_DpCJQT*dWsaFwY46t3d>xwuNye;QYD{Z_b2)PDw7asAe~O4NTA
zS8@G3TqWv1hpV`LKCTk=pT|{PzW`T>`U`Ls*KdQXMEw_V71wWzt3>@5aTV8ZhpR;W
zmv9x=Z;z`){g-hS*Du6XqW&wmitBg4Rigf@xQgp{#8smHYq*N*cfwVo{_D7k>vzUg
zqW&AWitBg5RigfzxQgp{#Z{vITeynrcf(bp{@b{U>vzXhqW(L$itG2lRigg8xQgrd
z#8smHLR`i5d*LcB?>)LNOmXX^M)N5SYA9}<VqC@b_46WJ#r6B)Dp7wiuHyP7xJuN2
zA6IexQd}kKFTqt@zdx=L^*_K>Tz>$r67@gCRpf{Nf64m@rr31`jvh=6#r21b<_rd|
zV*9I&F2hw^e+~Rka24C<{RFs*>+9!FaTVJiK6))&#r4-7&1XGv72D@L5w0>Oay;`n
z?&rmI&hgB8qc^}+-1;L%^Jy7;#jd~6=ux<e>sR1^iL2Ot)#%Z<itCTT{|Z;JeO}YX
zRa{>`e~qiye%<H>T*dXrj^-#FSF!y~Mvuc)Tz@?NQe4IMHy^zvuHyPz;eU&(*gmfz
z<C;Xa|1#WV#S@(EzwPJ=_=;P9d+L9Ouh{i>9KAEH;`$TuzsFT<f7j8w;VQ1bJN^&2
zitX<)dJ3-M`g`I3h^yHCKBM=;Ra}26{!h4y?e9POKwQQ3r{n*OtJprTMBpl}ub+Rx
zRc!x|(TCwGu7CJwK5d1o*gj|GaTV9s&%fa+u74D+67`qkDz1Mtt`hZs$5mYa7+fXl
z|ADKx{tR3t>i>zWxc;%YO4MJ0tGNDgxJuMtiL1E&@wiIVPva`Ce*&%&^@D!=XFy#4
zL|i56XW=TYe-f?|^;_U7u75JF67{oj71uunSBd&9aTV8}iK|5Y99+fqXW=SQKNnYV
z{n@xm)Nh5Wxc;fQO4M(StGNDYxJuN|!&O}WbX+Cs=i@4_e+I4+^$Tzn*FO_iiTZ7D
z71uutSBd&<aTV7;8&`???Qj*>KL=Nd`t5NQ*FP6miTZ_dBmQ}~O4RRwtGM;g$5o<!
zM_k4AFThoNej!Zp`9(0r=NH2ipI-t~e10iR@%d#i#pjp96rW!KQ+$3UO!4_uFvaIr
z!xW!i15<o{EllzGbuh)}b6|?kuZJl<p9@obegjPL`He8e=QqI=pWh5qd_E7R`1}@_
z;`3W!iqCI@DL%g)ruh60nBwz0VT#Z1f+;?~8>aaD9+=|udtr*t?}I5mzaOUf`~jHa
z^9Nyy&mV#*8Ls!W#+^^I|9|PkV>k3|-Wjgwac%Q1FvaIxVT#YY!4#i&hbcbq0aJY5
z6Q=mQ7fkVaZ<ylqJ}|}SePN2vQ!vHnMKHzZ#W2O^{a}jEOJIu6OJR!7`@<BU4}d8?
z9|%)?J_x4xd@xM$`4E`m^Pw=s=c~aKpRW#6d|n1qe7*)u@p(B+@%b>A;`8A!#pi3n
z6rZmJQ+&QQO!4_TFvaKV!W5sc2UC2$K1^xmg~7w4A0E8{EbehS!s5E#R@~>La)b9{
z&!6W8pCs`71YVH9+a&O|3A|kbZ=b*m6L^ON-Z6o9O5mLnc$Wm;HI{4p>oZ!Jd#d^V
z%H>LKaj##fe~$ON$NITJk66x2A+dFIJsn+x%3hw<ETr}k{f*7Fzv()0aa_w8$8&?e
zvCEUo6?Wp*H#aDX<yua^ej7H7n9sGGA%Apq^BUOvu>}4^0)HxjKa;?l=Q`D#htYlb
zpO&-PpKknc`J4G6hUanxr1<UDJAwB};Kd2NUjp|(_t#;DRw(+pzmARE|6Eun!*xwR
ze}B{cqWve1=W_j|xb@9!pTgj|*zI2!EJ)xlCh(VIc@Vssz?<)vqn!Ke^}qCIIR2Y|
z=^t)<z3v&e|HM5m^!UvUN@KTME_LFzr|y@yenu>gs~?Et`rK38a<+nVH#_}_?r^y-
zKfY=Eh`$}PeO&(}$A9-P{h5ycp6BQC$!K@`bT<2KE>{I}dFJ)yaQPQobvm+uAzzZf
zKTO~sC-6@b_~!}y%LM+l$92EE+cR@q5#0`%^^M+-UCj20@>BD5|Au_2HD8-AOW@6q
zudb$kxIMqOe0w|pn81JbxUPd1x4vQhUp+tM%M<t?34BEYPbcuKG0khN^$NFJGwq(R
zozHZ(bGB8--p)A*yp_kJ{X@5e`Sx(`mprSEeZLeW@aFY8&v`tywR}A<M7Kk)gyp%=
z*$&P1FLii(tG>N`IwbH;3B0*}PqRGH?RG`JI)RXPvFjMVWo&<v8*K0K-ll%$`h9Ny
zsqLfs?*4qWnQyq=y4mx!9*@n-pK4lux6XA=ogN8wdL{5aP5ee@`=^>X{YmWd^hvmX
z`zG+B1U}E1Z}a-z?(pJ-<ta(v{XHJ`56$)IKY9KQw|_G)ZrslP^GLsh<u6I#cR9;H
z&|98xzJr_i{f<AhiM!i>^#tC${H11jGV5CytYP_u+>g1z9^QVNdA`UE_KxLYonetW
z2gmxk!Qrtyth1(FhaEZOYkOSBnOU5zS~sV8%`%T8e>{ZD@@MJ<!FpC5yMNmtfp3_=
zM<(!!1YYIw+~C;Q?T{NBm%uZ}d!wy7nSSYn|LE65{7juXi??9oWcs(lpuysHzqhf)
zZGTgX+y3|jzPZJl>jc4;34H4WzHI`Zkid8Fc(^|_?>!GW&tE%Pe*E(n`&DDV?H*6|
zH;*s%!3v+H&dDTmJl4#2fh#`W6{h%n5=`;=ZZO5?yTcTpPlhQz-vg%jd{3C-^C>XJ
z=X=2vpYIJ*e7+A%@%g?m#pnCM6rWFpDL$VDQ+&QZO!4^vFvaHw!W5rRhbcZk2&VY_
zV3^|bLtu)}4}~c{KMbb${BW4!^CMu2&yR#DK0gYk`21*?;`3u*iqB`j6rUdpQ+$3L
zO!4{gFvaI5z!aaK2vdB15=`;=$uK3u?bksz<h<(~exrWC<{QDUkKrTXb7S}@_zf|<
z0)Ar*uY}(e!>iyo$M9<Sycj+jeoG7=1HUzf*T8R!;kEGFV|X3>lo(zQzaxe>!0(LV
zW8rtj@QvYj$M8+y_r&l`;rGVyaq#<M_;~pJF?=)l12KGa_=7Qg3;07Zd`tMlF?=id
zBQbny_@gm=8~FSfzAgN*7``3+@fbb<{zMGl9{ywu-vRzq4Brv{bPV4K{!9$t8UAbx
zp9p_0hVKG@K8EiKUl7A5!C#2syTM<K;k(0Mis6&tFE?_X8`C&@+P}juzaQ8G|CN|J
zd%|Ch;ZxwRHS*|j2(LAAFc!y46L@F-S%~uslQ<u;Xg&_nTJ6OW`Te2D-U)o41io(q
z-!FkrP2kfK`2Gp}fCPSE0-v714@%$%C-6fO_@N2>umpa10zV>wADO_9O5jH)@M9AA
zj0Apc0zWQ+AD_TaNZ=<X@RJhw$qD?F1U@r?&r0C46ZokK{ImpqdICQqfuEVc&r0BD
zC-8F;__+!EyaaxJ0>2=EUzorzO5hhK@JkZ-r3w791b%q}zaoKOnZU0~;8!Q`YZCai
z3H-VQJ|}@+pTOrP@Ea2NjS2jw1b%Y@pO?UIN#M68@Y@pj?Fsyj1b$}%zbk>?oxtx&
z;P)o*`x5y53H*Ts{$K)sD1kqmz#mEAk2dk<|7&LE%;eZaagTFm<;;R9E}xw<8>YDY
z)SOdcipx*SISr<`{PdjDVTyQu)A<t}hh)CQTk-mxj$J~gTb+N_>!<BK9=@-@^&fT4
z^PDlJxsvKfkE0%U{ImYjf6DRC`Ah#<$3O2c{RNJH!C(3>IsQeSAD(A!-U<WE`K!$N
zKzlpC>b#C{iB(72KkC2X_?LNpbiQvp=eL`eXQ9KdNT_p_$D_-$*jb)yJimGWe=z%4
zK69YB`{%>i$HNqtKbL(POmX=O*=NEOm%o^O7EE#Zo7oq^6qkRKeH%=1`E@z-dGspc
z+Q&2dxz1E5KG&HF#pgOxq4->9DiojVOoifeovBcKt}_*i&*#AupX*G8;&Yv;P<*a4
z6^hSwrb6+#{*%l6H|K6QovBcKUuP;5pX*G8;&Yv;P<*a46^hSwrb6+#&QvHq*O>~%
z=Q>lN_*`cy6rbx%h2nFasZe~bGZl)@b*4h`xz1E5KG&HF#pgOxq4->9DiojVOoife
zovBcKt}_*i&vm9k@%ghb#pln#6rVp2Q+&Pvruh5?nBwynVT#XRf+;@NnF__{IwPU@
zTxTQ{pX-c-lHtw$A@`O!N{I5u6ZluAO4NTM!GAJ=Kb63rPT<cZ@MjbFa|!(U1im1F
zzmULROyDmi@Rt+#D+&D71pZnAe?5V}k-*<f;NK+Nze^MNTM2dEPT=n(@OKk<i-haB
ze4DU53lr+Rm%tY#@Wl!I{RF-wfq#&|mnAI!hY9{i3H;*({z(G=G=YC+@$kIp>n!8v
zG5ihq7cu-z_?Ho$InMkl!dnM#;eQ>&--dq^!{31~jp6UYzm4Gw;mcz9d+_gK_#*iC
zF?=!nhZz1o{Kpu+1pZSD{{a4TglD$TFA?54_z?fs82%Cbw;290e0dE21pa#r{}ld5
z4F3%NXAJ)wz9NQe4OYhRFYwbb{7ZOHqGzMb^GLYA>A58<hG$W~MGVh|XUFiC@Rl+B
z(=0wy8^b??=f?1_S)NugJeT^dBRq3I=0$jG{@>-Ztued}ydZ{8VtLxc@OJoZWB3yM
zb}?LidHWcyzPvDox2JxG7~ToqF@|@BcZ%Wan>)wwr7UNc7~X|CU1PZV$Zj!w(`-I-
z7Q@HEd&KbZ@SZVzXLzp|J`vtK!t;2gh|iqGa9v-iZw%M=NyTujZ&3`_dKJfTtyjMo
zzCFAohHJe_W4P9<zs2q2zyS$-U;-bMzy~MrAqjkF0$(kGub#lm68IVkygY#qOW?yT
z9`;unQFcv>+uL(3xZ?g_&u7jO{9oAD!~W2&vrdA)E?n{Jub1GjpTIXr;3E?Fh6#M5
z1U@o>FHczCQ3-xU0<TQqRSCR0fsan$V-k2x0<VQD{{2#y;MXVcQxmQ?*O1_kP2d|R
z@J$l<rU`sp0w15iH%s7~TReOmeaF7AMGS92Ke=TL{~mv<7`_w!)-hbq<J-jW9Q<u#
z_z(Eo#qb~D6Jq#J@a<#x*F4|t5W~NM?-;{>rp`_=Tz$jNG5lBf#2Ee?e3uxm$K0+l
z{CD`I82$%*w;28>eD@gsE$cNohOfZiBZjYp?-|3FQD;gFPvh?u!vp?D+&hLZr_Mex
zJPUu{7@nWayANY{Rtw&J7{m3y>9jbGzkdub$mZRLF}w%+;ejz+*EpRX!*z|*gJO6N
z^F26*Z<)=z4=tV>yp{02;)St1JpY_i(~3DOZvWQ0hIcViU$M`-=GU~rRb0O<{$aR^
z?YFP#fUCHENBqNa72EGz(-l{7{ciY2;3~G?qox<G;`+VukHl4Mzi&+uuHyQ|_($O?
zwqH`yA6Iex0r*GbDz-nUW(cn0`a|)L!BuR3^_n$s71uAvpMk5`{_vW$a23~I8~<2b
z#rD^&Sszz%{SEMs!&Pj5!<vz}itCTUKOR@H{mPnZT*dWA<DY=5*nUk-9j@Z~_4p^^
zDz-niW)ob+^*6;o30JZG@im*{Dz3i;{>iwC?Qd1H4X)z)+v1;stJwa8njLTz*WVF;
zCaz-pJJ;-jtGNEI__J^o+uyBbGOptKd*IK;RcwDs&EB|*>+geqDz0Mt`_)XtRa}36
z{L^q1+dr`8AY8@u55_+oSF!y=YYxX%T>l9CGjJ8#KdR;!T*dWg;Gc=B*#2=fC*Ufs
ze<J=_xQgwcTr(3_as65NXX7fie`?L?xXS1P@$k6)4E%F&&nc-jJnTQusyPQ&aqFLp
ze=fda*FV4JLR`i5FTy_$SF!y|YA(Z7T>o<X^Klj1zq00PT*dXT!M^}kvHk06uE$ke
ze=h!oxQgxHSaUP3;`;OOFTz!9|JIt@aTV9U1OH-N#rE&2xd&Hq{d@5*!BuSk{+b7I
z71w_V|59AV_8+O4kE^);WB8ZhDz^Vb%~QCF>pzWuIj&;+&(=JTtGNCG{3~!3+kdg<
zWn9JeU%|f;SF!!qYTm$AT>nk{t8f+Df4k;gT*dVl;$Mxc*#4rL_i+{1UxI%Pu44Ni
z)_jbsxc(>j*WxO+|5?o!xXL5W<LgWO>u|3tdCYlyeO<E@S8?lqi$4cnvFm?V^8>Ep
z`aj}dkE_`J&o#f|Dz5(<{#;ze_J6PW6IXe~S^gFHH{jk-^18G9>6)xooB<_n{T8*n
zDvz(&^;_2F;wrA+3jZct#rE@R3vd<JZ-aj`u44P`Y721{*YAKo4_C4MPPJWd71!^I
ze+#Z+``v4M;wrA+3;$MJ#rFHurf?P4FT%eKSF!zmwWYX<>-WdM9apjafwhBi71tkv
ze+RB&`>WNK;VQ1b2L7G6itP`pT@zPv{k8D#!c}a4o!a$q71v)M|888x_D9rigsZsz
zNc?+n72B_<t-@7YzZ(BuT*das)YjrEu3v|LAFg8i4YeENDz3i?{{6U$?T@S73|Dde
z&G8?=RcwFD+O2UF*WU*JL0rZ5x2xSAS8@Fv@E^ieY=5WPiMWdE?}Gm@u44O>YIny~
zTz@kDBe;s~?^(MSuHyQ8<3Eb4*#5q?Q*jm7pN2mlSF!yAYNz8Wu742zW4Ma#A5wc5
zuHyQK<3En8$PbTmj;uYh_6eBpA6<KN?UONlM(vE+r(*bVwa3*y9pQz+3AHEGJ`>?V
za8m8BxpsdWE{~Su*%)8^Ig5wKWBf-`!Sk>AjlEv-7sU9d)XrktC^xjR{n>1v7w}&w
zxx?_V{%N&m;41ERI}`s!e8t}WXV;#KtGNDo_%GoqwtqqGMYxLVUyT1Uu44O_)?SXQ
zxc(LRuiz@Se^u=@xQgpvi~lOFV*7Jy=i(}^e*^w&xQgxHR67q>as6BHU&mE!|F+sY
za240T6aNid#rE&6y%$$;{rm9W#8qtnf!c>~71w_l|1Dg__8+Z%3|Dde$MN6BRc!ys
z+NW`qW7>*``|UIM@8G^ua-8Ae{_|Yz0$jzd{{sHI_=;WsrP^0;71w_ie<7}7`>)r&
ziL1E&TlnwcDz^Vl?Lu6|_20u^gsa&8;@Ty+itB%XzZh4s{f}xt!Bt%UQ~dXF72E&3
z_DfvF^}oVjf~(m6H?`m5Dz3i_{{vjb_P?+F5m#~jpYT7#Rc!y4+TU=M&z<{sIsQku
zAC-LN+`oU+uE15?`YZ82##ik6L0ya1yb?}aKf8{thO5|qPF*Wp#r0d`e~PQvetumW
zT*dX<;(vy#*na!E4!DZzcf|i3SF!!hbzN~4*YAe^1+HTIJ?eVlDz4uf|4UrO_WRZq
z;VQ0QjQ<s`V*4d^{c#o7AAtWgu44Ox>W1Jdu0It28(hWqSFc+GS8@Gv{H3^x?GLY8
z3s-Udwei2jRcwFVy7h4t*WUnt8Lndc8`h1)Ra}1*{&%>F?N`=S<0`H{8vlD-#rA9J
z>Tng;ugCuZSF!!Eb(`QSuD>b%kGP8MkFVPtS8@F<@PEQpY=5h|ZEzLW-xmL8T*dY$
z)a`()xc-j#zu+pizjNI#xQgrVivKIFV*9(*O~zGRe-HfMa24C<RS;ao_4V^|T*dYG
z!d0UF@3@NV?~SWO{XcLO`Qh`_K6U&z3;VO=_I5Vk555AvqU1A&PlK<7uPnL0qwOC6
zPs7tC4>^1~JSbHjb@;*XEO=Jw;|@O*-U8mD^eKlQ4$p>Xmp*HF_<VX~-O;T%3r~8r
zx3|MFb;rV#@eV((?gW^!z^QX$-N`WJC5N9<Hw&h`>hRfhr@@pr9DaJ;nK0#Tho4n<
z4oq2Sc)0z~t>b-7tXIp@6U}ml{Cs#0Jg0P~!!LyA!WDb_Ukq;rQ*3@IyfsX*`Q`9D
zm|}0YE9<Uq%~>IGnzP-msk;uQoaOL2b#q~gTjz$ln_!B|Z?3xqrnvmpy4zt&hKJkX
zjym3F#WLoXp66_byWj=zg3{+5eh<72yiMt1XFJ~qZwqf*`hmkAfVYFUEB)Bv55e2R
z+n0Xk@JHZ<@WRqB9X=o40p6kX8^go>^YOYTTl2nml6JP+Q+3b4l(h=&?f-1u^Dt$Z
zQ)fZli!kK}hrd+!3QYOg;jh-c4pV+}_#1U^!IVE7{&wBFFlD9T;r3rx$NR)sua2ct
z%yNc&5xf(;Q|V<6e;?i%uGstA2k<U1#pWNuyTTNke**6YQ*8bjygN*>`4{jWFhxAv
z{$JI7)0$^-@~X3)m)0$VDLEZ%|GT;$V2WGk$GV?kipzhg`wgbJe0kj;FvaD6)~$po
zE>G8G<<T3G3=g++i+awcu}(cp*Eh=<@|N&k@Lr`GIXoBM8?M;fr!~9}OtE=Bye~|#
zc^h~Nrr6u3U43C5gj71)twVh$m@>xUo$I^86t_;d`W`UF<vr_r!xWeIsZYU_3=g+M
zQ9X@iOsDIe?a;5D_uavZOOJARY5jni{fzI{8H`^7SM2RDw0`xOr7?avet)=P`@`$k
znmHiGUl)HMT(P(3`t>97(rM*(XS;1!KN6<6{;2v&nBwxP`q41OU7j)Zj3v)J2bF&6
zY=>I-VEEwDp3dXF9zFy<q%^COy<TJCL*YY9TRMCb_-gRgN?SR69DH^7>ZSP(-wa*`
zFDq^9@GanLz}F}(G(3F#ZdJcc9>;rRoYP-zTR#D&oZ#^7>vx1Hot!#5)lY;eT^+tl
z{Un&u!{NKtPlhSI9ll5X6qu57_+It<z?6Q5hx_Ng^^AqjdX<;<clcV_jD-(Z?Cm@i
ze>hCB`Fi+k!W5hDkG~ddt<o~5{s{cF;fn1ah`$a@vH3{+bzzFl55iv$rr5j^e|?x@
z^F#1AfGIW~jXwgW*!(d34PhIW&T*E%7JnnSV*5wbA5}jRrr7+L`eW-y!4#VxUw>kK
z1x&H|$@MeqD`ASwXV;%rUj<Waen$OS_0=%N=I7L(S3er2*!+U}i|WU~6!GlF&wF0N
z@~6`^P?ulE@^c<O!mnWY`Tr}zuVVS>^CJ8jmY?h8Mfi0re>y!j!mnrfIiDZlH?aKt
zAJ@dg{rRT)dG(t@6?=Vet-rl~989tKo%MIukB2EXzqkJW`psa9%^$3PxPEh(V)IAq
zAFJO2rr7+6`lsr*gef+ErvAD5tze3HxcwKf{Jg#Zb@_`dKmAOEzs&OUj=~6kmF4Fh
zg%SQb%TK=);cv41yiO6}Z?pXTe;VQMvi$U8O+4KG@6|7^-wCSN>${}>!}^_Jip@W+
z|FnK0OtJar^<UQS0#j`Mb^X%%U15sNm(_n?KMAJT{KxvA>vw}GHvhGLdHwD%MLgX8
zf3W=Yt5BD(VEK7RVT7kye%?_S;aLq|!ly)dcEeKmUJ;(t@I8F*2yfN!Gkl*2&udr?
z-?xc}+rOZJ_Y*=Ddwtu&r@|DQw{PgsFbx*2Z&;^OLzjmA;fn2dYv|E%K#bq3p;yC!
zh7Wc6$vzFKS<@{)eBSKWP@2!{q$E>6<oz24!W5SeY8V1jTs|~^HJFm&;r+Ne%g_6Q
z%$&9S8h^f1!1%P#@XKDWf!PDI+xFrAFB0#sYt}2QGt8@#;X$yb$HVQpcEh?22V2`A
z<m)$#XgCC}*vqp~!>EQsWBkg7%7()XU(4Cf)eU229d7yI_N;4Y$fv(0?sglSzcEa4
z`6dnHV2aDf=Whm6GCbVQo3s49>(R`)dAl+GDm47E`PK=1TaSm^X9E04sw?*P*#UkO
zOtJY+4HIV_4bzv+C*?OBe@qPDtzox@88Liv!=AH_wRpHa_iorXpT`}^)DQW74bxzX
z%lB_M5T>|%dj3H$CBwu0=immB%$L304o%>Pdpz83N5YR|`4xLR91TAnrr3N&!*R1t
zfa%NTC*~h`{E0FAqy}0HKZW`y!xg*EtcF<)r^NWDHk>|drp3eUc~-+Y`J9g;nK~gq
zx8Z!4;_?d`E`lj8zc~LAnBwwF8!m?_86Ix`D;h*HUt0c<UuDcFzuM#B_P?g#x`tWS
zdWHP@h8r4Y!xek`+|)3y;nW!a)`nXfPBZ*w=kb1f!=1BExBPJX+|zI$OQg8#dw>1|
zFvaB$HarYdT>eP@qcA1I!^iu4mY>&`&7AG+^SCi(XZ*}|D-52%&V21{mcJYQu*TYc
z%JW11bSy6ndh&kt@JsW}_$?wlcHABY;fdu8v@EV|7uMFT#`zJ~XGMIj>oj%Z?DR9<
za%!FQ{PJwm`ewF6q2X>FEq{juuCbrvuEQ19e?DQp3%vP;{)@Ak*Ff{_PJR8ZnR4!x
z73~4jvie-xLHn-F!|kInapE|`LB?|JLvg;w?(w;nv4ACdC1$<EU-Q;0T;DfieBCc^
zC-@6(pA8?@S!8pzo9+|c_x5sXdxrk|o*(iL68J|px90oF^UZTmeQkeTQ>U3W@1J^%
z#c^E|D30qf<8xg<LZ34IGQasZns4|yDSiI*Osk&>{jWSf<X<Q7ZxZ;@1paLTU*>V$
zFZnG0cM1Ia7~Tp02ajhScddgTE#86cpfSMY|K#y-`?O{IoE6zVd6Dgz**<x}0P7ym
zb`E(effpt4`0bw;#Bcw+Ab$Jj1@YTIFNoj%c|rX4&r8_;c|rX4&r8_;c?sJ;FJb%Z
zDn-0U-rD||`z4S4m!pRmuFtcd8^gQ7&x_&u{QmhdycPZhF<hU!zc7Xuz%Pp7`aJ%{
zF<krAB{5u|m%lWIcZ6RS!}U4(%Pp?HME&Q_4esMzeTMqUUuVVh-#yN*%kySdu);hp
zt}t`Z{v6g>nNUBN9bZ4&<C*$}L2iNkD<kz=jdkl}j<2#9H;(t1Tk9Jxr^e;rb;G7Q
zF25#$U)#jP`nun*v+9Su3;W3&i-+|!?g#JcZmQ$*xe>1MJ$SEQ6A$Za|G6=yzQ*_9
zb<8F|-2Qpq_6g^!@j7_db(0_R0<)dxMYzWC;Puc1erp21t%+xrr*+WATb^(^+s#(}
z%vbaN(>my2`*iZ*a&|Jyd3#g+4CgtrU{}t_D)w<~R*>=Ui1>?h%m^85Romxyzn~JP
z*gPxHI5WJv+N%@p|93U<@cvT&bGM;x9gQ=?yP})?aJ{;k^}5&N>fO5W8^x`o@m@I2
zZ}P+Ws(-uRnr~+O$-<z!si42f)CqZy1l}`&_wsl+UmYhr5YCtTE4+Vu&(6#<oNwq)
z;GTLg^w|g@9|wQP;^Fp5nfX3!exv;)<VA)*(!_N<(23s`Tg$2E@zB@!Km1?Q<cIUs
zxGwXp`G#Eg<6|*g>-%^N&x1b^;hE#EC*ex?yx)nVi+<kr(eZ$I{{%j0fxA6JfAs{v
zJb|y7z}HFO>nHFH6ZohEUX{SdB=EWfJ~n}Gn!q<3>u$Hqc(8@RdpTPaaMqq=?w62n
zId*H9;__`~Pk<>d-+t_lFvaCN73>UCTt0E^t}w;rlV(qbDK6h*!9Fm><@=7E3R7G@
ztzdtc;_?H=PKPNjKWO%$FvaEX=Ntx8T)razaG2uqw{nhvDK1}<b0kc0xgJMP@t9Eb
zxCpoZQDb@6GEA}gF|&DB3QV#2arn=|6q{?@o9AGP%}>C89;Vp*B<e4KDK?+EfcM(N
zl>djZ`vI4+T-yfzXx7Y%<!=T_LXsp&k|arzBuPS&BuSDaNq@FoQc04KBuSEN$+l&y
zZQGJ$OOhnnk|arzBuSFicb#*;kM-QweVvD|?>OK0_<qj!nOU=D&iS*}%u4!Ga-7v-
zNYe3m@*^=M=}$|4jTn;jadNsJiy=wJ{r*}pB<c8^iciFlq+`d{i6KeH<IGRR5V+ez
z?9zk+7w2yG++MAhE`ol%GtbKTjQ@kXy>)%(b91lrg#HHc1?9_1IqpxA%P0OXdHl)5
zrzm&#J5e-Md3^k7#HTBdj}xC4xvwSX|83%nh|BL_nU~wr@=2eOI6p}*IzR7u{h3GY
zukiY_j@tjgJO8tf+F$MU=a~Jn(Oly5MiqT!MPF~(=%1wjrrA$k4?p(4-i79IlKpjF
zf6-C<pLzYoN9}L)`b&=5|Ju7emmamh#p^FSYJZn^eu^&rA3a~5I8O5RxFX?2->)cI
zNqiOY)x?X=&tC8R6!|ZnuOY`-OT6ef2fX7H`R|^uBga`!yy!TGz2g*llucf4MP7yY
zNuF;Yr@N7O(eYE>af&?S`6hCl&BTk2Q`|dFk(cy*3pvhK;zh@);T@;QPa$50_;JK5
z5I^4YZRC7zC%%LDPU1yhS8eZfi~Mxr^@yM4`7Uz0yNT~1zL)qu;`@moAbwDJc)u*~
zzL7ik_~#~v3W_eF8gf7DUcZf^Ka{)2Gx_H0vE}8jLRhcI!mG<8rue_2$3^*(^?EG&
z*6Xow>-AW;^?EGadOa4dUyqHyuEUATEqOi*i5I&f{;HCX_wu6@@ig&#;>C#<5HCf%
z4DoWNmyOClX?<N~ql&~U6F-r7HR2}|uSNVc;&q9i`Jw%FH6(r>@n*y?Cf=I(6~sFb
z?@YWK@f!^<F0WVjz9PIF;C+bqCEkyCf8qm(4<tT__+a8gp0vNN`-u-F{t)ru#2+I*
zlK7Lv#}FS!e1dZ9d@=bxK1X~q@fV3tBmN5UnZ#csK8N@}h|eefCh>*D|3iEU@pp+Y
zC;mS1Rm49czLxl>#5WNCocLzqUlHGCdVaJn{cTBk*RjOi54!7NzP$dwLk#i#aEb54
z5Z^yb?-WCP-;n-Z4Dr2U!7eex_l@Zv#1P*<Pwy5(eBYG*Q4I0@i}W5b#P`kVpTrQ~
zzfA8HLww(o{#gtWm&aZ4<?~f~pBUozx2As)Lww(s-Y<suUQqC>7~=ak=>uYj@4uBi
zD2DjHJ^i~F;`_JhLt=>UHx&FKhWNfCeOL_f{mz0v#Sq^MOGc&S-J}xV%NG<ALwv_8
z5TD6wYzQ8w#g`{Oe}01)l61W8_dhWt>3H35qZpEO{QTl`F(m2u9NJA{NYe51(=Wu3
zq~qtFo5hf%<MrDw#gL@q=OA0ekfh_MZeNKZNyqD)Tg8y1<8{lg#gL@q=i}SNkfh`1
zU*Cu!NypF4w~HZ3FDw477?N~+zWNR^B<c7$`*&hU((!ZlonlDR@p<guiy=wJ>(aZ#
zkfc`>|3M5%I$lrSErulhc<~>_kfh`DUH6C~@c4Ow{ym@gbx~X|<NuPc$Hs>LjpteJ
z`k8#)OpY(^j#D-|W_8j3MbYaUWuyGjwwGvE<T#)4aY`ooMJ~_h68-W=`pNUtFdJVE
zI9Aco-RrLMf0BFcTmFBgT-@bT<j094+RKX}+OuMa_6lN%_KISN_DW)i_T$A6?Ult4
z?I(yK+N+2m+D{Ziv{w~Fw4Wq~Xs;%QXs<4YXs;oLXg^sD(Oy#w(SC{;qP><FqWx4c
zM0;&9MEhxCi1s>Si1yRP5bbrv5bbA(A=>MSA==LrL$ucyL$seIhG=gfhG;)q4AI_D
z4AFj$7^1zA7^3}LF+_V~F+}@$Vu<!8Vu<$h#SraH#SrZmh#}gWi6PoA6hpK(7elmP
zB!)Oo{(S8x*=7WLmGr%0i1wew5bgWK5beK+A=>wgA=-ZxL$n_dL$v=UhG;)1hG_p?
z4AFi_4AK6F7^3~K7^3}8F+_Wz7@|F@C6Cl3+KY)H+K&-Kw5P-n?RjE|_OuwHJtKx_
z&lf|qA1j7vFD`~?FCm6#FAzhtmlQ*^ml8v?mli{`mk~p>mxUQ#P7Klg<HQi{<;4)~
zSusR=1u;Z>MKMHsB{4+%@nVSf%3_H26T}ehRm2eOCyF83tBN7oPZC44R}(|vMUQh@
z$R;6Szq)i0zkjiG5$!F-5bc+UA>r|B$gvT9K2H`y{L^hE$3Vh<P3a<j|5E89VgD5A
zB7VQMbdj)MOS*{P$6pddwBs*VAlmU4$#Q>{OdSV*fdmOpcXs0MuoQj2E|c?!g#A-%
z$s-yG&S&y|q_$YxFFH;eIR+B;Pm?~Pk5eacoaFIOCtjEM8N}-)JpTP{Jbyeh@MEJJ
z<mWi`6JGRnT`pe};?94Ow-rOQUm=EsU+-CRe8m60x05as_8UkS@%vXw7YX}kOBeC`
z?WK!^{f5#-{QgzaMZ*3$(nb7!2k9bVzmaqizkjuKk+6TRbP>PbQMyRjZ!BHJ?_VQb
zB<!CjUBvHqk}eYVn@AV&`<<nWg#GiSi}?L6(nZ34Q|Tgp|61uHVgCZ@B7VQCbdj*%
zOuC5QzfQVH*uPM^h~MufT_o%`moDP>ua_<o_Ainy;`h5t7YX|<q>K3d8>EYb{fniG
z`28NzMZ$hd=^}prM(HA9{}SmUe!r)5k+9!Nx`^MuNxDebzf`)2-|r<|B<#1AF5>rZ
zmM#+ZFOx3f_j^kh3HxoNi}?Lpq>F_8%cYC>{XWt~!hT!nB7Xl?=^|nO3h5$#zpr$W
zu-{I)h~K|Wx=7f+Qo4xW?<ZX(?6;RL;`eWtE)w>yk}l%+`%4!I`yHf<`29Pii-i5F
zrHlCe0n$anen;sde*aGCB4Pg;=^}oApmdS2-$}ZN-@i+`NZ9WzUBvGXk}eYVyGR%D
z`*%wh3H#Sd7xDXprHh39uF^&P{yow~!v1yAMg0B{=^|mjn{*Msf3I|ruz$UD5x;+*
zbdj*%UAl<hzhAmY*uO!#h~Ixex=7gXAzj4p|3$h;*uPP_h~FP7T_o)HlrDmP^6}wK
zVsXFd@z`JG7)aRfC4Iy{-3O(Mg#DYPi}?MAq>F_8-qJ<%`MgC8(cVW4(SEBKqP?#e
zqWv~8M0-CmMEmVxi1z+si1s_g5bXoR5bbx0A=(FuA=>W}L$nVPL$u#5hG-uwhG@S>
z4ADMB4AFkC7^3|?F+}_QVu<z!#1QR&5ks^O6+^WDRSePopctb4Au&YzFfl~?!(xc`
z;bMsPN5l~AkBTAM9}`2gj}Sw&KQ4x7A1Q`te?kn=K1vMH{-hY9eY6+?kKcbiEO$%C
zt=&0(KBa%|Q(gMb%SI0;`bi&7{1M`h5`T>N2;z?uA4&WP;-iQ^NqjW%r-+Xs{xtEi
z#K#dIPy89;6No=cd?NAZh)*K^Jn_lIUm!k(_>07+5`T&KG~zE4pHBQ0;xmZ9N_-~q
zzY(8B{59gUiN8*K4)MPepG*87#OD!zgZO;n|0KSE_?yJvBK|Mp3yJ@m_#)!}A-<US
z+r*a;e~0)|;_nh)M*KbE%ZdM&_zL3h6JJUE1LCWQe@J{a@sEhFA^tJ(wZuOmzK-~(
z#Mcx5jQ9rP|0BMU_~*no5&wetX5wEG-$MK=;#-M-O?(^iZ-{Rv{w?tx#J?lHllb?<
zcM<=A_-^7q65m7oC*pgF|4e)z@n4AVC;lt(1H^wLevtU@#19ewgZN?Me-bYw9+h^F
z{qaAOkLQaKKZbaUcpmXI@eJ{N;>Qv%PP_#10^%i!mm*%8cp2hliI*dO9P#qRv&1V9
zuSmQS@#BeCCVm3(D#TADUX}Ps#H$gnPP_*3lZn?PehTqg#7`w&oA_zO>kvPkcwORW
z5U)r4Oyc#4pGCX@@w16HBz_L@M#Rr0-kA7##G4R5pLkQ^7Z7ho{6gZ*iC;v#1@ViC
zw<LZE@m9nyCEl9&WyISMznpkm;#UxFNBm0S?TKGSyaVy8iFYJ^4e?III}`6h{958&
zmAlWIE$}{X7LPaF=Y0CVXAXC-PloP3cPn)Fxi_K5?`tl4lq0`8CC887*R0)rKJEYC
zad1AZ<G}NyuOj(h-tW&>mosl3UtVyHUthgWU2gH``RLcjV(&)!*DE(KXF1*Q@*I-I
z`49bE&%0k)bjjKMCSJeCQTrEo{hmkdH~0Fzj@rN2>-Rotzm?bTbJYH2Ucc{A`)$2`
zzoYiA^!oje+V9}?2OPD3jn^M|)P5JQKj^6a>%9KpqxQRd{UJx~-{|%4J8Hj|*METY
zhY~Nk_V@9Q^C0ODBVKfze%^70lm4T`i;gqEJI)BwA4$CEID@?7j3WKf#K$Pl$Y%g!
zi;Iqb&O;cP&>Q7E{`~W?>Nv5FS03J9+@CxDu}@Haw{In)iKZvd=iA=pP;~x>dOqo>
z$9c%>Pd;jYxYwU@)c#{$f9g^DBfb8#qxPTl`qPivALI3B9JN2r>(4xDe}dPab=3ZI
zUVrvc`;)!?oTK(%^!js;+Mnk2=N+~Gir1fi)c#Dbzu>6-*S!8)q`#1O(e2{z-f<R@
z{$k=q$9cm$&JxmJO1$VeZ+gdBM*7Q%7aix{-f>ot{z~FS$64wfr^w$UzJmA%p06UO
zyPEhK;%kYoQy%YX(fMDUJ3q0nSN(WzH<(^F+E}{iNJWn)%SN9Q-$eWi;+u(oNqh_O
zuZV9Y{x$J!#J?fFo%pxJcM$)M_)g;A6W>Mr2jaVl|44if@t=tACH^z<eZ+quzMuH7
z#19bvjrc+0zY{-1{14)XiT_Ewka$$azMU2$ehl#x@jT*b;u+%k#E&IjoOlW11;k4x
z{FEclqsvC65}w?*(!|RUFH5`}@#Bb>C!Qr<fp|sYm53ityfX0<h*u$gBJrxkPa<B8
zcy;16h@VWnCh=2<*CKu@@!G^sBVLF2>BQ?2KZAHZ;%5@CPy8(64Tzsjydm*(h&LjB
zu5#=1J#c%+=Z6%N=fL{+A!FCSml%6vb^O@RQ|?ap*r*Bd^NBYlegSdo_bu^tH6#5C
zi8m*H5pnDHF!A|jEynowNA7Yc8(l)YHSx=dw<CTP@s7kh6Yom=dg48Z-$cAO@mq=a
zTVr3IcM=~={C?sO5`TpFNa9ZsA5Z)_;!}vfOnfHs*NM+F9DgV1P2z7WcenSl(eg3=
z_a*lCiLWC55%IOeKPA3__~*no6aPwieEZ!-{9EEXiT^-+5AmOg?<f8n@k7M_Bwp-k
z|N9$X4td1$iI*T=ig;P#<%w4$UYYob#H$fMnRqSYrxCA9{7lpHqXuQI%RfIlo4ECR
zs>S4|ehrO&d3ojg9Cf<5{o?b78(-z0ZtP8nHznSTcyr<{h_@u(ig;_{ZHTue-i~;C
z;vI;0RPJs^`N8W;vFq21V%M+##I9fGiCw>b61#r=BzFCJNbLG`kJ$C=9<l4!H)7YX
zZ^W)&--unmz7e~AeIxcx<Z|vpyesi;#JdykLA)pNUc`G7??b#V@qWbn6CYqWc3|Mg
z{tn=Bh7TeB7j+!>cp#rVzsQg5=NGa+W&G2PkE5So#QxW^cK<=*4-wbzhl-CsjP&*I
zKg8EV>-X@n!`APg!>!*}hg-k554V0_4sN~Q2X4KO0RFK0y5jRcocJTeA0_@6@e#xy
zPx}A;{t3?K$fV2j*7$rrk@Q4=RMHcD>-|SK{*$CXn)p-1#}I#-_*mlOh>s_3Kflh8
z?C00{k^THSKYE57e**DmiBBZ{9PvrSpC>+<_zT3RD97y@JNDvL;cmcRBK|V*SBSq#
z{BOixBmO$^zZ3rl@i&P7llYs&|3&=Y%H8d>Z1f-EZxerq_`Ag4BmQ6F?-T!k_=m(l
zdfLDK#9!}P;-4Ch$Ke}{<HI+S{uiYGrP0T}Z7pk^&;00X;@gOSLwq~&Z;9_9{vGk1
z#J?xLi}(-3cN71S_#Wav5#LMvXX5*a|3Z8}@n4A_ApRTigT#L)eu(%V#19kylXxNV
zsGNO0FGl<r;wj>J#M8tx#Pf+COT0Mo62uFLmn2?_cxmEgOfMak?O<L0rK984+FptH
ziNtG+wU2WO>DM9sGl<tG$7w|Td~%#-#4jS=k{tgs;_b+Bt|H#CgMGPmBK>RE+Wqdt
zZz9LPne=ZXK9Km3vG)17pY$Ih{uuF5<oHh!A4~iha{NierxJgK9DgS9*ND&QU|()?
ziO(ZGpZJ2Y_VNEke9>CFzm)XfBmI@c*O23U(!oC6Pl<m<j{gPmt;BbXwNLkZ(*LQ0
z-T#>!XFu`Zh#w;UC-GvR*ykrR&i3M0+g?EWrHPj#p8do=er3`>k$5%YCzIo!M!eqD
z_W7w#`i)4xG3j4Gyu~>CbT1*^n)v19`0cN@kKchD=NfXHuH-n~NWZ6f{Ib!_=5fkK
zw-CRT_-({*Cw>R<JBi;#{BGj+5Wjbvb@`W#9w7c#;=_nPLVN`ACy0+G{xtFN#GfTT
ziTDe|rxJhJ^wQA`;(xo^y8KH=uMvNp9A_@+&odm)_vaH|U>qO)e-U3~9H*G{7ZYDX
zd@1o|#Fu|!Uv3|e{)farBK|S)Pl$g?{4?VJBmVg~`|H~LiS1vL<9tK>TjJjl|DN~{
z#D66I(>VM5?<4*z@q@(wxY|DcpTwh%cK;aSdBiisk0oA$cuC@=iI*L3pa1g2E0W_J
zPx@7epG3R{IetyjKb3f$b@tbFCOQ6D<Twq9pG&+6@e9`3=jUSLZ93Zhw#3^JZ%@1f
z@s7kh5${60EAei`yA$t0yeIKq#CsF(L%c8Xe#HB)v%g<=k^bGp?;(CKIsVY`_US%E
zj`J|_M~FX0{Bhz>5Py>RQ^cPpK92Y^<L%2~BI!>eKA9ZnMdH)Qai*`c&(Gh;ab}a_
z%ppFP_&mdNkJHA7=Li0#;rM;vg~oB<i-<2KzJ&Nv;>(CHC%%ICO5&@=hnEAsu8)YX
zCH^V#4a7euzM1$}#J3UumiSKMKM>zT{Ac3(iT_6Y5b-~W7kkG3e&rF*CtkvET>ncc
zmtVb*_ZQ%O>t(Yp?(>|JpC|v6eD*Vf&wnoJmy<pc_QyyU@%zU~7YX}MOBeC`<)w>+
z{jt(T{C-xtNZ21IUBvItNEa3&VgH?z3kwmyUqOzIg#GbyY{c(Zlr9qXpOG%&_bW*k
z3HuYIi}?NHrHh39XQhky{mRls!u~|*B7Xk_=^|nOIq4#PzlwB`us=z<h~Ga^x=7f6
zUb=|iuPR+6>`#_1;`dLIE)w=%kS^l)t4S9L`%|Qg`2FhAMZ*4z(nb7!4e26bf2wp5
zzkjlHk+A=gbP>N_Q@TjlpC(<z@1G)FB<#N|UBvI#k}eYVr%M;{`=?453Hz@|7xDYG
zrHh398PY}k{%O)h!v3q$Mf`pp=^|l&rgRa%f4X#$u>UvdB7VQFbdj(>OS*{PKSR1m
z*ndsBh~KX#T_o(!mM-G=&y+3__FtDS;`i%I7YX}wq>K3dv!siJ{l7~W@%s&=i-i5T
z(nb9K+0sSA{y(IP`2B{`MZ*3(=_2U6&lxy2TAwN`d_yem$G$;)e!`3H@6M59BjNG?
zDSgC0KaHe|g#885Mg0D`(nZ4lo6<%6eq-q(VgD`ZB7Xlo=^|nOU(!YVeiP{;VSk}?
z5x;-Fbdj+CZ|NfFCm&ZV60`dMNqEua-&Br`gvVJdeZ)UM7f2Tg`)^AZ@%zoBi-i3p
z(nb9Kh0;aB{yWk|{C;!kB4K~2bP>OQk#v!;|E_cqzu!W-NZ4N{UBvHSEL|k*zb9S9
z@3)jL684u%7xDX-NEZqF|CKJ{_ghI93HvLgi}?LZrHh39_oa*Y{npY&!v0F>B7Xle
z=^|nO1L-1uzm0T}u)j*Wh~K|lx=7gnP`ZfUZ!29S?5~zC;`gtRE)w=Xk}l%++esG*
z`)j0&`28!Ti-i4;rHlCe_R>Yd{#xlGe*Y@zB4Pg%=^}o=gLILwzfQV{-@jVANZ9{W
zx`^NJC|xA%ua_?3_pgyI681lnF5>q)Nf!zG8>EZ){m#-w!v6oHi}?L6(nZ4lM(HAc
z|61uHVgGaKB7VQCbdj*XNxBI7@%=2CUx-=#&BVVXzJ>T##J3Xvn)o*2-z2=~e(E~;
z%8>AK*e-p<zudY>7YX~{N*D3_*Gm`C-dzj{kF!ILf%wO{LAprT|4zDy-|rz^B<$~$
zF5>rZlr9qXzn3oJ_j^hg3H!UGi=dCs@xx_}Ui_bboSWnrNO+td<QRzG|0P{mh=l#;
z&A$iTOOB0%{oQhG#6SMc(nZ4lkJ3fZPd+Z%BZg@INi052(e<sj92*Jyd!>)~=jRsb
zB4Ph$=^}o=k93i+zfZb|-@jG5NZ9{Hx`^NJD_tb)@0Tv(_ivLf683+UF5>t5Nf!zG
z2c(Pm{oAFBg#F*7i}?Ni(nZ4lLFpoX{|@OQVgGmOB7VP|JR?E0?@G(9LZW@27@~cE
zoF<}uzjP7j$?M^vT2S4;Q;vaXA1H=sKOo0OwBIFNMEf8y#Ch`k{2}KD@h_jdrHh39
z!_r0k{$S}MVgFC*B7XlK=^|mjP`ZfUA0k~O>_?{-79xKCUg;uXznF9pzki=}k+6S^
zbP>OQzjTqXpOP-(_aBfhqCLvUxtD1Fi*ym~L&Xs1$?s#HoF?L*?q8*gg#EO15x@VS
zbdj*1kuHLM@^tgXtp2eHFWS|I<k(1foZ`|){PQzRx=7eBAzcLh`0>x-5@@>rl3uYO
zR=;1Myy$#BET@Ttr&}PWi6oCdT$&}t;(mO71{EtTES2!&<yM+_8RBJ$mm_{0@$$s8
z#48YgBzNhAmrq5~uSEQK;+2V?K)ed^6Ny(PeiHF&#H$mpLHuOmHHn`>ycY3OiPt86
z8u2>BPbXfN_!-3O5kHf7ed3Rj>)~0_M{qk$-tHQZ<D5;rA@OsFHzIy6@x}>{cjH|7
zn$9yEx49;UUo3x5>U_g-*)&af@^ZL<cr)S`5^qlYBH}HGk4!u-NS@DG#4k=9C%)Vs
z`@ic#yu(Gu8Ic_!|AzS2hsU#ziy^*`%#IX8e19VQgc#!csO%^)#P=t&Pl_SFkIs%3
zLwtWK`;-{s`<Uz)F~s+$vrmg5zK_k06+?U<mmMdD_&z>6UJUX5nd~!Si0>1!6T}eT
zpUplihWI`)J5dbr{kiOOVu<gPvXjIR-=EJuFNXL&IXhVl@%@GD3u1`xQ?gUU5Z_<S
zz9@$HJ~ca44DtP?>`P*Z@6)o=#1P+K&b};$_&z;5T@3O4mFz2Gi0?D9GsF<zU(LQM
zhWI`+J5vnt{cqX7i6Oqv%FYr)e19$bni%5y?CfkY#P`>;uZtnR&&kdaLwx^x_U~ed
z?{l+r#Sq{Bk^P4l;`_YpJTb)gH?nVtA->Pg&KE;`|7Z4}Vu<exvJ1oz-`~u>DTes|
zR`xA1#P@$?|0Ra_zA(E`4DtQn*?)^6zAwry5<`6dPxe1zi0_NDi^UM%-_E`*hWNfD
zyF?7}{hjPPVu<fcvrEMg-`~x?D~9;KEW1n$@%_E*dt!+1%d^YH5a0is{jV6}`-<!e
zF~s-xv+s)`zOT%#6hnOfAp3zB;`^%XDlx?O53?VNA-=E9t`<Xl|0w&B7~=by>>4q|
z_m8t5iy^+R&8`(geE%f-i5TMhy6ieJ#P?6LpNb*Aug|U*Lwx@%`<WO55C3kF{B}oi
z;_^q7PBdPJ#0!&E4No3_gPdOcU-iW4{*So+yMgif+(`PL6W>Jq3*!3kbH%5-ne_GN
z9mV}GNq-CRuZV9Y{x$J!#J?fFo%pxJcM$)M_)g;A6W>Mr2jaVl|44if@t=tACH^z<
zeZ+quzMuH7#19bvjrc+0zY{-1{14)XiT_Ewka$!fUI+Jgb>rJnG2+J%PZ7@}o+h3l
zuK)gTd_MC@|5)P1iI*T=K)fXJQp8IWFGIX6@p8o5n12UB{%#@ZmnWVjUV(T;;+2RW
zPrNem6NpzKej@Rz#7`n#jd*q9HHe=~ye9Eeh}R;1D)HLHPa|H3`02#!5<i1@J>q8)
zuTT6e;thzOO}ruTbBH%0elGFG#Lpw%g!uWyn-af(cr)S`5^qlYBI5e*N5}izg7hyY
z-jetw#9I-+lz406ml1D6{Bq)LiC;my9q}uPw<oSY$1=YBuOj^p#IGjak@z*lI}z_p
zybJMX<@MY6zvT0mYe~N=@#~0pBYr*c?!<2(-h=p!#CsCIiFhyKHxuto{1)PUh~G-Q
zFY()m_alBg@&3f`AU=Tjox}$czl-=F;&&4tO#B|=Lx|r?{66CM6MumCUx*JS{#W7;
z5`T#JFyaprA5Q!c;*S!4jQ9xRj}sqB{0ZWth(AeuH1RIv@&8k#KZf|z#K#gJM|?c-
zXNXTA{w(o{#GfNRiMake@c4f7dD5Ru`~~7uh`&gDD)E<yPb2;^@#(~0AwGlntHfs#
z{~PgH#9t#moA~R*=Meup@wvq7klWWkNPiyjH;B(C{!iiyh`&kvE#m(ozL5C8i7z7l
zAL74}$90QI|83$+h`&R8De-rSFC+dQ@#Vz-OMC_K_ld70{sHk-#6Kino?OpYlYT|g
z|A_S05dWC?TH>D&Uq}2?;_HcjMtlSD{}JCv{Bz=)h!>LE%NL}-nfRB)w-En|_*UXy
z6W>Ps8{*rEe@lD^@$ZQ5B>p||UBrJNzMJ@u#P<;YiTGaP{~*_spGkio@n4AVC;lt(
z1H^wLevtU@#19ewgZN?Me-bYw9#xEAmGFOVqW>OB{CKh$=^sNpMLdtV_jghfKj%%8
zeuj8H@neY>CtiYh0r8T=OA#+kybSTO#LE#sj(B<ES>hFlS0rAE`0>Om6F-4?72+on
zKZ$rX;?;@QAbv9On#4~bUW@pt#A_2jjd&g6rxUMB{0!pth@VNkKJl}NHz0mC@rK0D
zA>N4ixx^b2KaY45;^z}@O8f%i&4{lh_oo+<eskg%5pO~KV&W}{UqZYU@k@!fCVm<5
zHpDL{-j?_k#M=?Sl6ZUKR}t?({A%JIiC;s!6Y<W(yAZ#Ycvs@r5${I)dg9%Q-$1+v
z@f(TvBz_a|Uc`G7??b#V@!N>^BYr#aJBZ&&{4U~yl)K;CFB{$6`R>jw6Tjyl`#qiS
z>3oUd_jbOwb1TE|fA;=oFExDVvqPV4ZTLf-AMSja;SY<qG5nFvk95A=@W(no*14_W
zk9U5&^A(0a(fNta?F@gi^OK#gOgJ8I<2?^gbuM~*ew;iW&O|53r_uTE<Hj#x#{H*N
z-+8fUT;lSNf3Gr6e(~~n_5QfHUxoO1a-3&~Pays*@rlHrQ!alJF)AVF|0nf+!1!{Q
z)Y-q>VxLTW3h}ALrxBk{d<OBE#AgwoO?(dVxy0uYpHF-N@wbRCB)*9FV&Y4PFD1T=
z_;TVah_58Riuh{cYlyEUzK-~M;u}ma8*NN@e0xvJdTgp#bh{|>H1SOI1?k(KBK<t#
znP@XPzU?W}&m*3Rz9h%DJw^I?#52(ra(vrUq@PDT6MaRFZ+nXL^N44nt>pN&r$|4K
zcqaOq9N+d7>E{v8MBB*mZBLPY9`Q`{4LQE;Dbmj)o{6@T<J+Dh{XF8C=v#7p+f$^U
zM?4elAjh{oMf!QfGtqbC__k-FouqGjCi<TAZO=rzNZ<BM^aJVJo{4sozU`UlN7A=F
zMf!QfGtnM$eA`o`pGQ0s{X~v$dy4e)h-ad`<oLFyNI#EwCi<Bi-}X$jkMwO%k$xWW
zO!NymzU`T4Kk3_^BK<t#ndnz?eA`o`pGQ0s9U#ZIJrn&#`nG4HgQRbJiuCh{XQJQ9
z@ompUhe+S{O!Noo+n$LIoBd4mr|D_pnW&KTZO=qeCHrxy?U|?;>D!(neR&3K9w!wY
zV|pI(OqA+kpMTpkQJVB^&qVp8Z+j*xPWrZIq5{&lJrk88ecLlp8Pc~sMf#bj9665d
zDbmkG<ty3WFWXb3pGQ0sWzF-Mi7FC5p7;sGPb7X4@#@4+CVmR>Q;DBO{B+`H5I>Xn
zS;WsKeh%?-iJwROeBu`nzmWJv#4jd(3GqvbUq<|L;#UyAlK54`uO@yC@y^7rC4L?8
z>xth${6^w85x<%EEyQmnejD-IiQhr|PU3eFznl0y#P213Kk>g1|10r_h(ApH5#o;#
zf1LOe#GfSo6!E8tk0bsJ@n?xYNBnu>FA#r`_)ElJCjJWXSBd|P_-n*pC;oTh{~-Pb
z@qZG3llZ@g|C{)Kh`&wz9pdj2e~<WoiN8<$1L7YN|7fE1xF{2?CH^V#4a7euzS;D2
z^i>z@{G_9=i62k=8{#Jr|Cac7#7`#vJ@HeBpGy1(;y)5UllV`>&mw*{@t=wRLi}9f
zzY;%>`1!=``@3{>59!<YU+Kuc|4K*p{Z~4AoE+c2-$_UI{Z2Zv?|0JCv*h^p{Y5&m
z?=RBPZ{#@k{->kgN&gSx_HN7T1Eg>7c{;N9JRRA4B|p`@*4~F>h}(Ocj`B#~-r;m)
z?{JDd?@N*AeW@s8o^C3#cPtehOZq38mvbsQiFkG5_Ku~Z66ADGBgZ+N_!-3Qy-GzT
z$?4jAl8P=M$G?#HMZ_;AehKl*h+j_p3gTB1zl!+P#7mRQ?HbbWO#E8n*Ac&-_zlEw
zB7QURTZrFE{5ImZ6TgG_oy6}VelPL+i9byI5#o;#x9^Wqk$r!Zik>FN8AtpX;`aSi
zDk@8^hcA%hyh!{d;x7~b8}ZkOzfRn~UrR;Dk+18Y<T!5<&ywT(hxFej{toeXiB~jF
zH;>%!<dOTGyy#@}_<7|1A}_LcK9B5tUS#jQoKJH8?VZevP9XggiJwH=zJ2A9+gBcW
z{FWEl*Q-2oy~>O1?_*xXzK_+PvmO`aMKy_^YI-KBV_puKs4nq(#Oo7pK)fOGM#LKv
zZ$i8&@n*!E6K_GhCGl3oTN7_Xye;u|#M=|^K)fUIPQ>loQ6}m_`dx{4Bi`NgG`W7J
z$@McG+1Jl>WM4nik$wG4NA~qI9og5<bYx#Y(~*7sOh@+hGacF2&vay8Khu$Y{Y*#p
z^)nsW*UxlhUq924ef>;F_VqIz+1Jl>WM4nik$wG4NA~qI9og5<bYx#Y)8zV@j_m7a
zI<l{y>Bzo*rpWnEk@KG-=RZZxe~R3%$@4z*_L7QjB=^_$^OU^Eex8yST}h5(f4}m`
z*PBPa-aL9fZ!%9e9rZB3-b~<S<oCw$yW>UojzynioQ_ga&*zH%CHecYH=CY{nD-(5
z+lcokekbukrpxPHrl*Lfqx;N$I{J(0spvuC51XEj9wq*`>8XhMD6=oGo0*;>o{q+n
zzU}Gg8MB{`CYqiiF0ad({d6?N^c3-Q^b+aYo{pxQ{dDxI=_%srXcp-+f8Fe-qq)T2
zAilu#RAhTP`j^>HM~jHRO?)Zw_e@Vkwx^>NW<MQ$KzudvkBP4{Jr#XsdYbx1v!9A=
zPe)&nKJzW4|F!AqXuIjD=sV)Oi2q1@FY#Z9A0Yla@x!Le>(!I&`<ImIsmOMDCx_Wj
zN5zSkBwogJ`TZ-?)6sFnD-b`PcopI&5wAh~6ymjspH93U@w13GBz`XOCd4lw-kkWw
z#9I-+jCfn(R}$}FdW!5@Dq=f!jd>h-9Bz6ly3TZYyluKXzBN4^^&-yt>~wD-$LUM_
zcH#qw-(`A=oc~m0-*2Yq<CekZ@zc@0re~rDi2s%Nu#MKfWunK3k0Smw@d?DACq9+<
zE0gT=Ig|ANtvoBwA@F{>Wy+7sJ-;Xsy<fTL`1riv*jEz&fcPrnXXgI0tvik6@joQ}
z)ynZ6;_~ti+K-gG=SL-?HOk}j|1t5k%1iy<@joHHPI<}y>wl^|KA-y%@AJji8=uc#
zl*j$`>Ns)#Gv#rAgYvllKjm?Mqw=`_x$?NbNqOA=LV4Ujlz9Jj^6ULWdEDQujuRjM
zOXYEYi}JYtmGZd1Re9Y1TDiNPl#RA2ci-Q#k^cUoUrPR;eS0YtS+^JTKTzLyce<q_
z>vn;@eLE@@>Dxto9DO@-*XL4^zCOFlr&N@@e%3g0{VWwFub=R^pS*r1`^oEPvY)(u
zCi}_jCmiR$K)&8@)a4(4UE7I&tK7Z6zLfX=dRz~2Ih2t9xx?s}7ymBdI6pWJd?)dr
z$@lU5L?5S%y~WqHOL_eD{$MyxceiqU4ghxh$F4>DT=Y7RypPOud7l^YUx@!|dS3LK
z>GD1x)AOP~OqciLm@c0fah>&bWujwD&x`U*&qNv1<>!E=XQC1(*r!`ydOET_6O|-=
z+vR;Iq;GpBDoy&f%llSH-*$Q4WcKrjXQHxZKTTZT|3dn<%llu<ejf2mbe!3j=Y6Kj
z`)Ev06PNeVn0<L4jp_0}8q?Fn<@c}5ejf2mRKe`0iKmF?5tsM-kmK7fzb9t)<>$Pn
zXQE1`r-`SC=Mm3D$CKmRo{1`xzU}g9Hl%NRCaOaEwr8RfN#Az)Ig8oPBc6$>n*B8K
z6!ARbndl^PeB0&cK4w3UcqXc5_S3{u#Pf(}qUz-Mwx>uxk9a1kL5^>GiuCh{XQGqI
z@oi6$zWknyd7MmC)ATg)6mj{z4)Zvf=oHh_#8brch-ac&<oLFyNI#EwCOVZI-}V&g
z=Mm3DwaM{qPmz8e@l13YIlk>F($6C<zn?>nZ+nXL^N44n)5-B|Pmz8earr$Wa(vt6
zacm{)ab}u$COU&0-}V&g=Mm3D^{%tekL{VLKIz+@i5if;?U|?{>1%h-2MZ$oJU8}6
zClq~Mc>d*{XB7m`E8X+50`k19AhMsA6-4&)(1Pe(b-M2PashdMT@XCKj?cgSe6}EX
zK8t=Sd1k3!e{j!p3xemlao>9V0mo^q&cFOA<fyp#PW3!D_EQtTiGa&F_G-kd6aStZ
ze;4r|i0>x;Bk?`T<IBf>y`>;{ea5{$P(WTcD2Vjy194x!o)CZE?bmY(g4Y4$qK=Bm
z_hnuBJo%0x?(@%MU!QIwhWLKC#Q9=~@1LcciXpylNM9g^_+GJ~nHb{x#`J|^i0_}L
zn~Nd7Z%SVzhWP$Px`i0x`{wk;Vu<fwrdx_3zHdoiB8K?>Rl1cJ;``S0rDBNh+tRJY
z5Z?<5E)zq1|0dl=4DtQ9l9!7izHd*r6+?XgHhqN{;`<E+?Zgn@cciZrLwvuppuHI4
zdtu3|#1P-h7jzIqoX0zsd>u7@y{^1m5B2L^?)BAzDEay-`W57Qi~iNQBjf1q`0n-9
zg5dSlxc{=cox0CiEs&$hS0$f2ieP_YFD8DK7?Sj3#5;%~Nl%GiErujLPrRcTlJvCr
zHDXB8<&$FyJBcAl&lm43h9v!1@h)OW(u<2<D~2S!gm_mmB<Tg>*NGuXFDc$l3`u$^
z@$1Eqq?Z=&E`}t%jQ9;=NYcxS_YgypUQYZ*F(m27iT4ykl3rf?CNU)GS@B+CNYX2a
z-z<hCy`p$;F(m1g#BUKpl775+A2B59mBnurL*ViCU%&1h?|DaceU7jH`t|U*e~s$L
z$M2MI++O12bXM-}FG@zqpS$68V0WC7QS#?0<&GSuWR(1Q3Oqhe^5+ydPV8M0ryIY{
zTr4UXl_}?LyZE0;zn1j762FdkH{#b5?@s&%;ysAps2rbRjIXz+a=Z=?-&)qb9KI&L
zjrcdjw-f)C_zvRV5#LGtd*Zu@|3G{<@gIrrA^sEby~KYezK{4X#P<{bmG}YTzY#x3
z{CDDqi2p(SF!4W$7ZQ)i?Y$WBV~D4S=Mhg6&k)Ziek}3g#7ht_AYPLAO=>sdJ?WKn
z8I#y=Rvzz6?}TS%pJTrz;mIBDL;P0aeTm;jydUw~iT5Xd2k`;K?<78u_+7*Y5x<-G
zVB+@>A42?I;`b51pZEjB|3Z8y@xKy(koZHyhY^36_;BKn5Py{TW5h=gf1LP8;!hAC
zMf^$PqlrI7d<^lYiH{{dj`(=u&k&zL{8{1?i9e@2e*JAy!tr=J_UDzykDn(ikDn*L
zpuFP$J>Q(7JU;%5#HT8E$0-@TlyK~=J3l3(X~bV9KAre0%Hz|WLHt$aRdQdi|Nfw3
z<<6yq;W+<z294M3iXO$f$Mf<}^7s}$Q%(WVK1&SIK3fdYK1U4EK35FUK2HqMK3@#c
zzCaAo{+1Y`eW4hleUTWVeX$s#eTf*NeW@6teVG`deYqH-eT5jJeWe(peU%uZeYF^(
zeT^8ReXSUxeVrJheZ3f>eS;XHeWMtneUliXeX|&%eTx{PeXAIveVZ7feY+T<eTNvL
zeWw_reU})beYY5*eUBKTeXkgzeV-VjeZLsu+`SIwZr6R~H4Fr|_oVj|L$vo7L$nVN
zL$nVRL$nVPL$nVTL$nVOL$u!~hG>644ADMR4AK6e7@~cc7@~c+7^3}AF+}?aF+}@F
zF+}?)F+}@lF+}?qF+}@VF+}@#F+}?WF+}@BF+}?$F+}@hF+}?mF+}@RF+}?`F+}@x
zF+}?eF+}@JF+}?;F+}@pF+}?uF+}@ZF+}@3F+}@(F+}?UF+}@YVhFtG{`Y{~rV;H2
z#Sra>#1QR=#Sra<FvE*gDJ(>EKP84}Pm3Yi^TiPD#l;Zq1!9QyQeueqGGd7Ka$<<~
z@?wbg3Sx-%N@9ri%3_H2Dq@KCs$z)tYGR1?8e)j{nqr9dT4IRy+G2?II%0_Sx?+g-
zdSZz7`eKOo24aZzhGK~JMq-He#$t%}CSr*8recWpW@3o*<o)16xy>Q^_P9t4(Y{y=
z(Y{0s(Y{m+(Y{O!(Y{;^(Y`_q(Y{g)(Y{Iy(Y{&?(Y{6u(Y{s;(Y{U$(Y{^`(Y`?p
z(Y{d((Y{Fx(Y{#>(Y{3t(Y{p-(Y{R#(Y{>_(Y`|r(Y{j*(Y{Lz(Y{*@(Y{9v(Y{v<
z(Y{X%(Y{{{(SAS-(SA@2(SAq_(SBGA(OxKqz>Ds`n#*kt(cVG~(cV%F(cVf7(cW4N
z(cVT3(cV@J(cVrB(cWGR(cVD}(cV!E(cVc6(cVQ2(cV=I(cVoA(cWDQ(cVK0(cV)G
z(cVi8(cW7O(cVW4(cV`K(cVuC(cWJS(LO*7(LPWN(LP8F(LPuV(LO{B(SDy8qWu9e
zMEg)NMEiqci1uM(i1y)Pi1XzARI%Ffh)kkycPTMMds+<9o-c-IFD`~?FAzhtml8v?
zmk~p>mlH#@mls2{R}e$AR}w?CR~AFGR}n+BR~19FR}(|D*APRr*Azpv*Ahdt*A_#x
z*AYXs*A+vw*Aqju*B3*yHxNU#Hxxs(Hxfg%Hx@&*HxWa$Hx)y)Hxom&Hy1;+w-7_L
zw-iIPw-Q6(?&oXn^^n$L@$Jj`vC*TsTU_Xm5x-bo8Es=6XN2_I8vaEwxpy)Aap|`=
ze57~>!=DiEX!t1cPKIxl)9qsT*Wz6be^QRq&G6CU-3@<Ayocdq#Csb4w0JMW$BOqh
z{5v_HeGDHb{l11*kbXbI$4kGz;m?Q<FnogeK*OIEA7uDM@xg`<$jZHo;m=9`KEt0E
zf57m`;zJF8LHt3(Ulbo^_*C)Xh7XkM^P`4Oll}<9Ult!}IDQ{&l;P8*KicqD#K#zZ
zNhx_v%kWpFKi=>I@_nCR_)O_fH2iPklMJ6FKH2cs#HSd3NKSXE;j^Vb&G6U7ryD*;
ze1_qF7oTbPT=7|k|3iGX;q%1j82*O%T*K#!&og|1`22+9=SSF3x12@$iJx0pj^_o=
z-;yICZl8;Mp%|ilkr<+Vu^6I#i5Q}NsTiVtnHZvdxfr5-g&3lJr5K`pl^CLZwHTs(
zjToYRtr((xofx8hy%?f>gBYTHqZp!nlNh3Xvlya%ix{GPs~Dnvn;4>fyBMN<hZv%L
zrx>Drml&dbw-};*j~JqTuNb0zpBSQjzZjzZfEc3vpctb4kQk!<uo$Af5N3F>6XjWi
zME6r-i1xG?qCH;>(Oz5((Ow{iXfGv(XfGp%XfG#*XfH2@Xs;lKXs;xOXs;}WXs;rM
zILGs{c;6Pt9wPDM&)DA*L$ogxL$ogvL$ogzL$oguL$ogyL$ogwL$og!L$t3DL$t3H
zL$t3FL$t3JL$t3EL$t3IL$t3GL$t3KL$q%YL$q%cL$q%aL$q%eL$q%ZL$q%dL$q%b
zL$q%fL$vP@L$vP{L$vP_L$vP}L$vP^L$vP|L$vP`L$vP~L$n_dL$n_hL$n_fL$n_j
zL$nu)A=-<bCJQIgo)SZ}r^OKM`C^Fn;$n#Q0x?8;DKSKQ88JkAIWa_gc`-zL1u;Z>
zB{4*MWibSf$8UJ=4R$U5FLwNnX>9o4aQAzsN&h&T^s3hv{a+-#NI&)ZHICZ<pVzOY
z`tp~BbMJX5I{vxu;7sE8pzxTo$O{XPl{ZDoUustU^K$*z>m-hk<HTN%c+v5{$R_(m
z{#DNNgY$EK?sP-{CW~)K><yBqoA5@&i%$0fa{P;kf1f+u`0Fh?&V^pT2|3+n#EXt|
zv3HynN9|wY^^1=4vv>Iv`LCY0BFAr|9M=(dJ!yBMyh0;!*YhH8FNSFEAckn~D28b7
zB!+13B8F)1Du!t9CWdJ5E{16DA%<x0DTZk8C5CA4Erw|CBZg@2D~4$ACx&S6FNSCz
zAcklkD28YsB!*}oEQV+wB8F(cPYluifEc2Es2HOCK`})8Ffl~?a4|&tqhg5m5n_n;
zkz$DUQDTVm<j)tX$bABW-A;N{F+_VcF+_U}F+_V!F+_VUF+_W9F+_VEF+_V^F+_Vk
zF+_WPF+_U<F+_VqF+_VKF+_V~F+_V4F+_V)F+_VaF+_WFF+_U{F+_VyF+_VSF+_W7
zF+_VCF+_V?F+_ViF+_WNF+_U@F+_VuF+_VOF+_V8F+_V;F$5mp&*Jvr{=1ai@BHrF
zzl^><?iUu~{u=k2?tUcUxyKL1O*bE($P>q+`<=0J8%5mtEb{SUi1rC$i1vwMi1tZh
zi1x{1i1sOBi1w*si1uk>i1z7Xi1ry`i1wLci1t}xi1yiHi1s;Ri1xW+i1vA6i1ztn
zi1r0yi1xR{5bX=a5bcY^5bcY_5baCE5baCF5bevv5bevw5bZ0(5bZ0)5bdkP5bdkQ
z5bbNk5a-GJoo;d)MfB~ryBMOqhZv&0rx>EWml&eGw-}<mj~Jr8uNb1epBSROzZjx@
zfEc2EpctZkkQkzUuo$9!h!~>%J~2f517e8wp<;;k2gMNW!^9Bn!^IHokBTAMM~ETX
zM~WfZM~NZYM~fla$A}@?$BH4^$BQA_Cx{{1CyF83Cy62Oe7Psl_aoKi{sliz@%_)-
z^WxBtset3ezV>?DvfO{iC4Bu6&s0eI#v@)>nDouWw-Vn@e5dmK=zr?#y6pe%f3>^&
z+5G5h)sJ2GFDJ*jg7}rhuOfbR&g08DzKrEk^Dh4)uju*iBbUPo-sQjdh*$S~{}K1U
zF9(SqCSI(2(K*8R7uTs`^8ePQ;gjWB=&pycuh03Ezz^p>k7a7$pXK_~0^gAH>48_w
zeIEFXz&GalGXwuT=d%Lel=Invf06S!fp5<F+`zxg`Mkil<a~bMU*&v3;9GP4R^Z!m
zzA*5D+~u$+@NaVc#ex4;65pvMfp5?Cmj?cA&X)y#L+*5!2ficMUlI77x&F$)3v=gZ
zRp8}w{nba@-M{17CHML{P3|GCiSpXN;rQI1b%x_}d)6C{&+XY@I6k*$qv816o=t}1
zb9*)$j?eAcVmLmxXRG1(+@5WQ<8ynq8;;NI*<m<7w`Zr}_}rddhU0U4b{mf0)7WD;
zKDTGD;rQI1eTL(6d-fZS&+R#2I6k-MpyBx3o<oM?b9)XOj?e8WG#sDXQ>+ed8~%>D
zeM{y31^18szNG_q`<5TL+qdF@yL~GN-0fSbz}>!;3Eb^lxxn4Nl@HwQTZO>gzEuj`
z?OWx*-M&=`-0fS{z}>!83*7BnjlkW$)ePM2Tdly|zSR!g?OUC|-M-Zg-0fSvz}>#p
z58UlrgTURsH4NPCTcabM+_%O#4fm~y;n=sPhGXBF8IFBxZaDU>h2hw@mWE@;S{aTV
zYi&4otc~H=v9^X|$J!Z=9cynmcC3Tp*s+d=W5+rfjveb_ICiY7;n=ZmhGWON8;%|8
zVK{cIr{UPKUWQ}GdK-=%>yz+!uiTFH&HYQbWBmemJJvsNw_^hWcRMyPaJOTF0(Uz$
zIB>UPLjrd@c3<Fb#~ujW?by)3-HtsNxZAN|fx8_W9=O}FM+0{|HX?AhV<Q81J2onC
zw_~FNcRMyFaJOS)19v+%K5(~V69RWTHZgFwW0L}RJ2v@<CwFX0PQx9WYB+Xmn&H^7
z>4sy+W*Ckgn`t<9Y?k48oHpBV?Asi}v2Sw?$G*)o9Q!ukaO~Rx!?AB~8IFBhXgKz5
zk>S|4#fD?wmKctGTWUD=ZJFWNx8;Uo-&PooeOqZb_HC8n*tgY&W8c;!+~2pgxqnIS
zo7=H<fx8`BAGq744S~Cz*%-LnnN5Ma-Pjzs+l?)OyWQ9txZ90wfxCU!9=O|w9f7-j
z*crInhh2fYeb^ni+lM`YyM5RjxZ8()M?AR?`*RxZ!vVvw4+jm$J{&R}J8;-=+};Zf
z$L+n?>A8phiPzbR$!FZi@BSE$+k4t@+}`sI$L+ni;kdmQ7>?U@DZ_EQE@L=u*X0by
z?Yg|-xLsE;9JlLAhU0c!*>K#hs~C>kbydT0yRK$9Zr3#u?%%F!=KdvlyLPWH)e79*
z-fIW$ZtryhcaK}@2JRlW)C=70L;b+r<CX@2yT>gJ19yAUC~&tYjRSX&Tbcy!9=9|N
z-0e@Zz}@~d58Ulfi@@Ffv<%!mZfO;`+ojflyIpD%xZ9<+fxBI57r5J{_JO-y>JYfw
zrH+BSUFvkile^R<r{OMjH5|Lt&2a2ecf;|xrHA3ztDc7AaZ4}5v17dr$By+e96Q$6
zaO_w=!?9!i4abfRFdREJ&~Q9%8Du#2ZLs0kw;_gO-|jOU`}Tn0*temEW8WS$9Q!uR
zaO~S~!?ACV8jgJ%VL0|}WWxP@8<qQ)aNkA;?sjZU;BLpp2JUujeBf@!CIs$wX=31R
zmnH@7c4>0pZkMJ6?sjQv;BJ?u1@3lfdf;xCW(4l`XJ+7Te`W>l_GfnBZhz(k?)GPH
z;BJ5B1@87|{t-{^%z~VTJM)&|*qMcfV`ml_j-6R-ICf@<;n<m_hGS=z8IGM<Za8*k
zh2hwlm4;(yRvC_+S#3CWW{u(4nYD&vXVw{xomp=<c4mX&*qM!nV`nxQj-A<TICf@>
z;n<n2hGS>88IGOVZa8*kN5cJ`*_r#7aA$S}?sjH(;BII31nzcbZ{Tic_66=97wr$+
z?azV0-ToX5-0jbyz}@~F4&3cbVc>2ziq+Mx|GV8t1@3ku9k|<#{J`CA6c60(MnT|i
zH%cAx<ZhJ7X}BBZ499MiHypcB!Eo$GCBv~Bl?}&kR52X8QPptlMm58+8#N5aZqzg!
zyHU$<>_%<Fu^V*^$8OX$9J^7^aO_5X!?7C;499LXG#tCp$Z+gNW5cl<O$^6wG&LN%
z(adn{Msvfl8!Zy<??%hqzl6KdDscDwt99URPuc|T_M~m#Zco|;?)Id8;O_ZXhrr#=
zbPU|>OsBxz&U6Xf?M&Ce-Oh9i+&#|e9=O||9)Y{ZIXwe+k8^qj?w)`34&3cnpTOOY
z^$pzZSiivCj`a`R?bv|8-Hr_m-0j$)z}@q&!ACr~Z$ok#?%REaW8WSy9Q!uZaO~TI
zhGXA`8IFA$ZaDVsQNyusBMisBjWitlHp+19+i1hFZ(|I{zKt~;`!?Qi?Arvxv2PO%
z$G%N69Q!ueaO~R@!?ABu4adGsGaUOi-Ei#N48yT+GY!YS%}ThxZ?kj%67Jiaz}>#h
z4czV9yujVQ%@5q|+k(K|zP%N=+qZ>*yM0>}xZAhIfxCTM61dy9rGdMBTNb$6x8;Gm
zeOnQ@+qad0yM0>~xZAhYfxCTM6S&*AwSl{RTNk+7xAlR$ecKTDodtMgxG`|IZ<_*l
z`?mRrC--ejPQ!iMYB=_7o8j2E?S^CDb{LL*+i5uVZI|KLx7~(g-}V@eecNj|_HCcx
z*th+LW8V%Kj(t05IQH$3;n=sshGX9f4adF}I|JWi|NDY{OBs%ROB;@T%QqbRR@`vx
zTY=%&w^D{<-^v({eJhu6f8WaI{w3VE3W2+Qs}#7~x5|OLeXA0<+qbHLyM3z`xZAfH
zfxCUH8MxcGT7kQLs~x!8w>p8leXAR|+qZgwyM3!4xZAe|fxCTc7`WTFMuEG1YaF=S
zw<dwReQO%H+qY(cyM1dOxZAfDfxCTc8MxcGR!2O!Z>@9c-;VJ6nQaWmzO^+R`_|5I
z>|1-ov2Ps=$G&wm9Q)SEaO_(b!?AB&4adH9GaUQY-Eiz%55uu<Jq^dc^)ej$*4uFG
zTOY%*Z+#8NzV$O4`_|uZ?Arjtv2Ozn$G#0R9Q!udaO~R<!?ADoCEVY)2Xg-s?%UA7
z-M&2-xZAg3fxCSh9=O}LM+0~JHX?AhZzBVD`!*_Yw{N2Zcl$ObaJO$`19$s2K5(~h
z69RYpHZgFwZ<7Ld`!+dnw{KGd|E(nMVW$S}_HA0=Zr`Q{?)Gg);BMb$2JZH4R^V>m
zW(V%}ZO#!-?%Uj)hWj?paO~TB!?AA*49C8`WjOY2q2buKMTTSF78{OzTVgo&ZK>hd
zw`GQ7-<BJWeOqBT_HCu%*tb=NW8YRAj(uBWIQDI=;n=rzhGXB>8;*V3U^w<|qv6=M
zO@?FNHXDw8+hREOZEM2)ecP7%mvG;<2k!Q5N8oPXb_VYDZCBuK-*yM?_H9q#Zr}C>
z?)Gh8;BMdc2k!RmK;UlQ4hHV_?NH!u-wp@v_N_2*w{OMj#gG5v%irx=DsZ=N>A>B-
z<p=Ket$5&W-wFbE`&KG&w{K+vcl%Z@aJO&e19$sY;fN>qtx`_IeXDFZ_N|KH*te>N
zW8bP7j(w|PIQFfk;n=rYhGXAq8;*UeV>tG$uHo3XdWK`)>Kl%IYhXC`t)b!Aw?>9z
z-x?c^eQRPk_N}Sm*tceeW8az^j(uxkIQFfj;n=rUhGXAa8;*TzlkoWV<$f={ZSG&f
zeQOuE+qd?CyM5~rxZAgmfxCU{6u8^BE`hs!>l(P*w{C&Eed`{$+qWKpyM5~!xZAg0
zfxCU{9k|=KK7qS^>l?V+w|;@Ued`~%+qVIMyL}rNxZAfufxCSh9Jt%JA%VMnyDxCJ
zZx00S_HF19Pwv};ISu!1nBmyB;f7=19yJ{MHo|c1+epK)Z=(#yzKu2<`!>dK?Autw
zv2WuI$G%N49Q!uWaO~S8!?ACZ4adGsF&z6g)o|?FG{doP(+$VI%`hDMHq&tI+bqMe
zZ?g@@zRfWl`!?5b?AtuU(^cj1zu_721qqM$Fkf7r0p$KAxrfK*d|}|#3eaB^c=23+
zao{C#z9jI1oG%T$WX_ibK0bxhT^@L;Tz^I2rE|VA@G?1H6?oa4uMWIi&esHfT+Y`9
zUOwmR0<WIC+|~!4&Gk0~ULofj1D}w)95w}BG1uQ5_^@1mOW>7q{jGr?pYv^jSI+tN
zz_YopYsV4C-<id`qff~7@jdf*ubrHqow>H}SBmd4yuJ8t!><zGV|WMgy@p>czR&QE
z;`<H1M*M)`wZ#t_-bwtB;hn_~8(vdxzlDZ(k$$l=a~GTUzJP1RQ-*gHPaA%nc)sD?
z#ETm~PQ1YI>%~hM-d((m;WvnvGrWg*dBblMuV8pj@k)l@Bwjh;?(Z5Gi>f59Z{=j%
z;``qd#j7Oxu~!wZYWPXw)eNsDUc>O};x!GgAzmxt{@&Kk{Y$vFbpm&LTQ_jGxAg*d
zds{znx3>)fcYE6~aJRRO0(X1cIB>VOO#*j&+ca>ux6J}~d)qv4x3?_<cYE71aJRRu
z0(X1cI&inQZ31_D+ct2wx9tLVd)q#6x3?VvcYE70aJRRe0(X1c<%q}EXY6X%oQAvF
z&2a2$cf+x(Jq*XL_B0&3+RJe4YH!1_t9=Z|uJ$z?yV}oi>}r3*v8w|N$F2@E9J@Nm
zaO~<}!?CMF49BkCXE=8C0mHGYLk-8SK4>_0b(rDU)!~L?S06PTyE?*f?CMCvv7e(1
z$9|4B9Q!%OaO~$;!?B;^4aa^?NVvbB6LbF(?&qYy-F{9E-0kO-z}<dM4czVLw7}hd
zP7mDe=ZwJJe$EWs?dPn(-G0sv-0kO_z}<e%4czVLyujUl&JWz}=Yqi9e!dmB+s}o8
zyZu}gxZBUgfxG=&61dyXrGdNsTo$<7&*g!;{akUxll!?cr{R9CG93H4+HmaW8pE-l
zYYoSKt}`6_x!!Q>=LW;EpBoLwer_@x`?=Y0?B^E4v7cKF$9`@z9Q(Q5aO~#}!?B+`
z4aa`&G93H4+i>jX9>cMpdkx2a?lT<wx!-W?=K;g9p9c-cejYL$`+3-K>}R3j*w141
z!{-Iq&y?ZV&ve55{mjq(OSqrK19$sb5V+gVQh~euEEBlf&vJpg{VX52+s_JtyZx*b
zxZBUlfxG>z61dyXs)4)xtQNT2&l-Wd{j3?d+s|5oyZx*kxZBS<fxG>z8@SugdV#zB
ztRJ}B&jx|J{cISx+s{UUyZvl@#FP8kB&XqiHZ>gk+01b4XLG}`pDhf>ezr6m``OBH
z>}PAkv7c=W$9}do9Q)bMaO`J$!?B+o499+UG#vZc$#Cpv7sIiiT@A;6b~7CN+1+sL
zXAi@%pFIu7e)cjP``O!Y>}Matv7dbn$A0!R9Q)bdaO~#*!?B+O4aa^CG93FkIN|<&
z4$1vXxS#h0?)LM6z}<ch4czVLgMqvK92U6S&*6c){d_cVx1S>dcl$XqaJQeM0(bj4
zI&in2V*+>kIW};&pW_2}`#B+Sx1SROcl$XhaJQe619$s5C2+T&Qv-MVIW2IvpVI?(
z`#B?Ux1TeQcyd2y<uu&S*@k03=NOLtoNGAtbDrVY&-sR9KNlE|{d~)C?B_zmv7d_!
z$9^t09Q(P%aO~$&!?B;s499*hHyr!9!f@>8O2e_As|?3}t~MO|xyEqp=UT(DpX&_A
zey%qh`?<kz?B_<qv7eg^$9`@$9Q(P&aO~$+!?B;+499+MPk6kaCyUE7fZV@eKjZ8F
z<8uCYCi=zY=Lq<V1UpN($GrHT=*NDlTu<Wvl3tB?b>iQX<L@H=1M%I&e<Z#~xw{<P
z-+|hdxEzwcoA@5$dx<}n`)iBIopGm&ztM~TioP$-rxM>sj*q{UYaM4l=^r3|koY0u
zhlv*wFLsuFK2yZg#Pf+4Ctg6j6!9{|%MmY6yaMq`#48i8LVQ8u`;ObY`}>kL<ra^)
z>s6805<|4t7DKex5ks`s6+^Vw6GODu7ell+5JR*#6hpK(5<|2%7DKc*5ks^$6+^T)
z6GOB&7elnS5JR-L6hpMP5<|4N7DKeR5ks`M6+^VQ6GODO7elmn5JR+g6hpLk5<|3i
z5ks_h6+^Ul6GOCj7elo75JR;06hpN45<|527DJq4=i|S}T2*deNW8<bR}(|D*APRr
z*Azpv*Ahdt*A_#x*AYXs*A+vw*Aqju*B3*yHxNU#Hxxs(Hxfg%Hx@&*HxWa$Hx)y)
zHxom&Hy1;+w-7_Lw-iIPw-Q6Nw-!URw-H0Mw-rOQw-ZCOw--aScMwCgcN9akcM?Oi
zcM(IhcNIglcN0UjcNasn_Ygzi`1_t|d3;#*1l)q$e@QP#yaMs#iPt4wg?L5c)rp@$
z{8Zw#iJwNi4)GI-pG^D|;wKTWMf?QfRf(4;o+Vz1cxB?%h}R%qlX#!pl84vBpDV`K
zPXBs)E9v(oe!4nc{5{;_QQ7FW?*8#(zn%CU#P1}27xBA^-$VRf;`bB(3-P}ycYoKW
zZ1m6+|8j_ZIPu4bk0kyi@iD~55uZT(IpULvzes!<@mGk?B>o!lImG`#d_M6vi7zDn
zAL2`hze{{M@%M?ZBL0!-`H_3SK+z7k>tTN6e!o5RwcV}jZGN=Q^wR(L_m6tYy`b9@
zcl^?k`+VA7fxGk5J8<{@g+771_b>Df+`WIHU*PWj3;hFk?_U@YxO@M?z`))67X}6H
z-oG$7aQFU&A%VO1FWeWnd;h`%fxGuF3=Q19f8oKv-TN1Y1@6AT!vlBkUwAZd_x^<u
zfxGuFj11hpe_>SM?)?j+19$IV7!$aA|H9b7-TN2D2fm(M54&}=uD7M54Wz%3_@*iL
zalSPB?)517%^-C?W1mQT67k8zrx2e?d>ZlT#AgtnNqiRZ*~I4%pG$lm@%h9T5PysK
zLgI^vFDAZ(_)_A_h%YC;!t?UcvC&t?^$`9w@o$nYzntv$Ilg|bbjJ^T74g;H`N3;v
z?$)w~_*&xYh_5HUf%rz^n}}~FzJ>T!;@gOCcOG1xJBaTj$Js@EH}O5h_Y&Vnd_VC6
z#19fbMBH6lsvo(0N=M%&ub*;-@~@w+Usj$(#E&b!OZ2NB>6ebaPkQ3`yUG^rdGd6Z
zl}dQxI6qXieK+wRi9bP(zlZdHBHp}=eSY?m{?EksB|UNZjI3ZE|CeMxarx{g{wwhV
z#D61xkoXRAdHzoNhlu|{{4nu9i5C)ogq+XD<og(%WMBTzB(JxL%l~|GoC%~~EP4FI
z_q|$a`*e><_7kU@N_yfrdBoGiGsK4{&wt|htCN>!!t=>-jwN24c!{JR`FhJn1ut5c
zPuZw6@p8no#48a$fp}Ho)rr?MJwH12q{P>C<nqjqYAdfG_wDk}iJwvz7FL%RIq^ED
zTujkv$-Y4Bb%>u%ye{#2#LpyNpZHnC8xTL6cthgn5I>iAW8&u#Z$i8&@e7FSeU86h
z%}BpF@r#JJAbv6Nmc*Y)-rf_}t5&3cDe>0CFC*^lM&fkakpAVw+Y-Nmcst@(5^qoZ
zD&if8UrqcP;+=?hCf<d3SK`+Z??(K3;@yegK)eU>8;SQMeiQLt#BV0voA@on`w+jC
zcwgeT5${L*cH;es-$8r;@jHnRBz_n1LB#JSKA89r;`b82kGOvPAMfz}r2hc%zYzZ`
z@rQ^HBmOY);lv*y{wVRsh>sxtIPsChM-hLL_-Nu!5r3NaSmNV||DD|5jVJwQh)*E?
zEb)oNClP<1_zT3R5Py;QRN^lYpGN#;;?s%0LVO1CSBcLgK8yHk#Ag$Ko%kH$|0dU~
zxuidj_#4FM6aOdiH;Mm?_(J0UCccRHe~2$8{x<O?#NQ#ll=!>E-y^=9_<xD7ApSn_
zmBc?FzKZyV#8(sli1-@f9}{0o{1f7z5?@dJGvXVF|Bv`a;+u$nL3}guFNtp<{uS}9
z#J?uKjrcdjw-et%{5#@1iGNRg7x5p6?<W2u@jb+UBEFaS&&2l;|AqK|;=dCAjrc+0
zzY{-1{14)P5-%hkRZF~nm3W?BjQBCcQ^fO#r-|niKbClL;w6ZeBwmVmY2sywmnB|~
zczNO#h*u(hJn<8VS0R2P@v6j6B3_Mnb>cOMpG^D|;<bpMO1w7l(}>q0UYGb8#Oo2S
zPrL!~vxzq(eh%?Q#Lp$(nD}|bn-FhG`~u<^5^qkt1@ViCw<O+*_@%^K6K_MjE%7Ue
zw<CTf@%F^8BHn@c)x<jzzlL}x;+=_KOS~)bZp6D2zk&FT#BU;gGx6TUZy|mw@!N>s
zPW%qy1Bl;Ad?4|=hz}w@nD{-!hY-Jy_yfd;68|gl2Z=vKd>HZJ#2+R881WIrM-qR6
z_$cB}5`T*L7~)S8A4_~3@$tkb5Pz2VMB>j8pG5q5;**I_AwHG(OT=F$KArds;;#~)
zNqiRZ*~DKb{&(VYiO(bc2J!jC|4DoS@i&RTMSLOgMZ^~qUqbvH;!BCYOMDse_lPei
z{$JuNh`&#KCGii4e@J{a@sEhFA^tJ(wZuOmzK-~(#Mcx5jQIclAA8pTE;+NbW80av
zZQHhO+qP}nwr$(CZTnA7Haj!t%&hnO?|1J`KS@`=U0q#OjkqTWel`exJ_vpx2!1gL
zekllkIS76=2!1UHej^BeGYEbw2!1CBelG}qKM4LH2>vh#{wN6kI0*hE2>vt({wxUo
zJP7_G2>vn%{wfImItczI2>vz*u5h2e{OtEj-RHCKg7AL`f`1Hxe+q&Fkw1O;`PK^t
z!J!~H5(LMB;CK+62!e+T;vX^yKOF>Tg5YcroC|{UL2xk$E(gJtAh;R?*Mi_i5Znxc
zhYNy72!clpf=3F1M-GBV4T47tf=3U6#|VPQ41&iBg2xVm#|eVR3xdZFf+q-qCk%oo
z4uU5Mf+r1vCkuin4}zx*f~O9GrwM|m4T7f&f@cVVXAFX84uWS1f@ceYXAgqs2!iJf
zg69f?=MIAB34-Shg69u{7YKqE41yO5f)@^g7YTwF3xXF9f|m?}mkxsG3o_4_4Z>e2
z2!FXC{N;n-6@uUugW$!3)LSVOKWMG&<sV>ceG}L^zGI<qe=Z!b18jX^MOuLZXlt`6
z24Jl{2k_Q6@4OYn0D-qSB<n3|C8UIEeZ!&y24DgnARG`LhyX+cA_0+sC_q#o8W0_b
z0mKAi0kMHNKwKam5FbbYB(!QFt$GpxiLEUOkQ7J;BnMIeDS=c#Y9I}e7DxxA2QmN|
zflNSVAPbNc$OdEwasWAjTtIFh50KX?pU*0v&(A{KFXeA-@Kk<F6Z&%~V9^DELO@}l
zh$XwIMHK^z10{fxKq;U!P$tCMvOqbYJWv6s2vh<pTSyh4Do_om4%7f@0=0nJKpmhi
zP!FgNGyoa`jey2L6QC*33}_Ct09pdAEUB%5Hb7gT9nc==0CWU80iA&^Kv$p}&>iRj
z^aOeVy@5VJU!Wh*9~b}(1O@?vfg!+9U>GnQ7y*p5%8vp@17m=(z&Kz$FaekdOadkY
zQ-G<!G+;U~1DFZS0%ikqfVsdtU_P(_SO_cv76VIwrNA;^Ij{m)39JHE18ab_z&c<(
zumRWzYyvg|TY#;=Hefrj1K0`d0(Jv?fW5#zU_WpGI0zg94g*JkqrfrXIB)_u37i5>
z180D<z&YSNZ~?doTmmiwSAeU)HQ+jM1Gov?0&W9$fV;pw;6CsGcnCZK9s^H+r@%Ad
zIq(8_3A_Sc18;!0z&qeQ@B#P;e6n7<2SEsgK?FoW48%bKBtZ(KK?Y<&4&*@r6hR4;
zK?PJn4b(vcG(is-4h#=Q03(8tz{p?}Fe(@gj1I;CV}h~3*kBwmE*KAt4<-N;f{DPy
zU=lDXm<&t~rT|ldsle1=8Za%G4onYb05gJ_z|3G4Fe{i1%ns%NbAq|R++ZFsFPIO^
z4;BCmf`!1sU=gq=SPU!<mH<nFrNGi)8L%u^4lEB=04rLQ6Dom~!75-?uo_q$tO3>p
zYk{@FI$&L}9#|i205$|0fsMf?U{kOe*c@yDwgg*&t-&^6Td*D29_#>i1UrG9!7gA|
zup8JN>;d)!dx5>dK44$4AJ`up01gBPfrG&z;81WFI2;@Sjs!=6qroxYSa2LT9-IJ9
z1Sf%$!71QWa2hxroB_@RXMwZ9IpADy9ylLd04@X<fs4T<;8JiIxEx#ot^`+stHCwk
zT5uh>9^3$K1UG@3!7boca2vQC+yU+ccY(XXJ>Xt&AGjYp03HMnfrr5(;8E}xcpN+d
zo&-;Ur@=GeS@0Zq9=rfv1TTS?!7JcZ@EUj>yaC<>Z-KYLJK$aL9(W&o06qjCfser_
z;8XA!_#Auzz64)^ufaFqTkswD9{d1)1V33583;iT3?UE-VGs@x5D8Hb4KWZ4aS#s)
zkO)bT3@MNbX^;*XkO_I9a8P(C0u&L71Vx6TKvAJ+P;@8;6cdUC#fIWQaiMrnd?*2w
z5Go5Mf)YbXprlYTC^?h@N(rTcQbTE=v`{)IJ(K~;2xWpYLs_7#P&Oz#lmp5M<$`iU
zd7!*dJ}5s_04fL-f(k=LprTMQD-{0{N<bx{MAj^32RkQpusPj)J1zy4hRQ%?p>k09
z5WE6Z5vl}LhN}2+*|HJ={v~~-c<HK8HK;mN1F8wtf@(u`pt?{!s6NyHYG|cvL5-}f
zv9&dUnnKN>=AT0|sKpn$In>e$t)SLW8>lVR4r>1;rvuc{qB}vILy#_z6S{uMx8>J@
zx<TEc9#BuH7u4HIIW;&rHr*$L$HkjlDMyQ1P+zE@72Lg3BGA4+Gyob14T1(+{ulxc
zwU_S#hC#!j5zt6z6f`;{ZDXZ@G0<3O95f!908O;eN!B(QngUIQra{x88PH5<7Bm~0
z1I>lzLGz&n&_ZYtv=~|fErpg@oXepV&`M|(v>I9it%cS>>!A(MMraeX8QKDEg|<Q4
zp&igpXcx2_+5_!{_Cfoh1JFU}5Of$i0v&~pLC2vJ&`IbNbQ(GXorTUp=b;PGMd%WA
z8M*>pg|0!@p&QUm=oWMvx&z&X?m_pV2hc<45%d^(0zHMELC>KV&`anQ^cs2ty@lRE
z@1YOSN9Yp-z#t64FpR(`jKTQ;9425AreGRoU>4?J9u{B`mS7oHU=`M29X4PS_Q2ub
z@Nfh;A{+^h3`c>Z!qMR9a11ym91D&O$ARO*@!<Gy0yrU@2u=(qfs?|?;N)-$I3=74
zP7SAl)57WC^l%0^Bb*7&3}=C}!r9>La1J;poD0qk=YjLW`QZF;0k|Ms2rdj4fs4Y$
z;NoxzxFlQ(E)AD~%fjX0@^A&XB3ucs3|E1x!qwpFa1FR7TnnxZ*MaN8_2Bw&1GpjF
z2yP5Fft$k3;O1}(xFy^QZVk7A+rsVO_HYNdBisq@40nOM!rkERa1XdA+zajv_ksJu
z{owxa0C*rg2p$X%frrB0o-+&{1`mfvz$4*N@Mw4pJQf}YkB29~6X8klWOxcZ6`lr9
zhiAYu;aTu(cn&-lo(Io|7r+bQMet&H3A_|u1}}$Kz$@WZ@M?GsycS*uuZK6l8{tjx
zW_Sy{72XDKhj+j`;a%`<cn`c6-Usi855NcEL-1kv2z(Si1|Nq{z$f8T@M-uAd=@?j
zpNB8N7vW3rW%vqw6}|>vhi||);al)+_zrv*z6aljAHWacNAP3#3H%g(20w>iz%Suf
z@N4)D{1$!(zlT4-AK_2di5-YQ2#g>IieLzi5D1A-2#qiZi*N{!2#APCh>R$RifD+A
z7>J2@kZ?$NBmxo<iG)N(q99R`Xh?J<1`-pAg~UeUAaRj+NPHv#k`PIRBu0`TNs(ko
zawG+k5=n)mM$%YI;-y8>A?c9}NJb<Rk{QW@WJR(e*^wMbP9ztS8_9#@Me-r}kpf6T
zq!3aVDS{M5iXp|35=cp;6jB-~gOo+eA?1+@NJXTQy}+I|t5rt4p$bwJsfJWXY9KX{
zT1aiA4pJAXhtx+JAPtd5NMoc4(iCZiG)Gz>Es<78Yora*7HNmHM>-%Kkxocwqzlp&
z>4tPidLTWKUPy1Gk0rZrNIeCB0@isQ0NAsR6I`kv;!-Z|&WsN3?E4}8ky_9IWFRsK
z8H@};h9bj|;m8PNq!mUXqmePlSY#YB9+`klwD$HKH{Qy%E%g0OLVhN=65O)mtr}d+
zKc0+uLq6;La0)_MXYx}K9+-yM9&l}U<LSr@WF|5VnPqKum~DkQ$XsL|G9OuhEDTB8
z*!PA-p*R;?=_SZgWErv?aq3!utVC8JtC2N+UUxmc76}_DU>&mVvu^9Z$lri$L^dIt
zzofrc!#~Tn1=)&h`-V>2ksX#bJFPzA8zx)r<ECwIEJ7BAa1{95W1B;^=7Fxi9E)}#
zyR3Yt6$9@9V7JAw=NsC6-9L7}wzYKk_DFG#=Pu^N4(eidAN{)A|HRzANT4t~$jEcX
z;XWj6a7XRW$8NuHV%xX-k^NSGv9HicV1I~4&7lLxfghS(T&ep*^+X$YF*mj`+d_Nh
z2_CHTtRK?A=62><M|QAY;`r9y|7brs=-1n=b3ki;^hyJ)5$DwJ`r=3Bf1BSK#g2Uc
z<BD5n=y>wynb93%zGa=6)J5#r8G)`0r^g;b-0RR^jSnM7{A3+Pj#=sB$O#{GFLDSu
zX{8TY@u4td#z7Aur$Tbeg6^E)XnGnsgPcXqA?J|`$VKE*h*UerJ|nmsAXG+*Ti0%1
z3$`|gtTqnKW4F4ExpC<HVCm43?6lK^+!A)`ilzD0keb~&!$z-#XaWG&ksFr%ZaF*0
z`Q7}|7jGfAE&9$E`|bQd_S<#Z_owb6-Y^uVEuAV`qu4HG*B{z`8@GRUX*YJY|5hBx
z{(B+*z5m(Ew!|wI?QMS>v46HMZhR_)vayh?FS`fGL*!A2Zytxr31q)5(b3rMBVUC0
z5P|G>O1PG|@wY7ZFXeK(UUburNA33a+HdP%+v)0J=Q#F<?E^llTcj=3DI2)`D<k$f
ztnbg^cWQL%{PX?awj!+kPb{0g<KNctDe^3&jh-VfKHKlrd@u46dG)0QUn6fU+L8G+
z`-j41L2u8$`=z{BuI+Vy{al|r(gEPDmH#e;$1Y`~_THtum`nMW_uB1JHlO`_A7Z`Z
zeLMXD`4}=1KOq1LqJi2UvLCw#{RQg(j_vlDyc=kX^8TFJ&u#@*J2!T{>&7nrt@zvg
zcI|fmclw|+3hWsOM)z8mrp_qX8>anH6tnW2+HDDrm+kb|+TZ5%{wgCl>Kp9d;dr3(
zAGY7s+}79D#~J?wN}`7l%GzxEX_P@(%SI06El;@fpR2uqihix{Ncy(@ZjG)S|Je4O
zUAxWYA6$*y*gyBzQl~8I%7Rje-A*sCXCfI@ECc{lR6}*E{~PE~*wxml&qRI4^4-r`
zf35xf`R$b5=H6iUHply3EI8$86Ffg~P9P83m@Un}gd^YcrJck1c*xe&K4ykTBUore
zG!hyajq-)lE*WV2+qi9C;A5Yi>#xD@PuVj|RI5KbAsQO(^UP+~ZJ&pDLvd&?5*>Ad
z!(BPR8Qo>emf+UdQh)4c*YC83SCb$2N@xjQS+@N#zStiVjcM6$TNk?h?K@il5DRsJ
z&0*UStW9I1aZpF|AG0<zcUf?#b^miHZ2QzV#6^8mcD}=BUp+XKvk#<S*fD31I=h^`
z#Y639#P;T$cjAZG;<kk2y98gbgkPvcU#P@iD6gj-D#_;@*V3eDGBi1w0!@jgLQ|t@
z(6m<C3HHcOhNeU9YoSw?^>*x)=JY^kpZ-hxxksnHNQN(1#xGQ+FI46)l&>6{&hj}2
z0DS#u)Bc`y^1ZF#a@&Y&+pou7dw-S6ie~%LCfU*KmX$d|EcKq@?M1F2*{$C1T-n*a
zC<_MaKVF;tkIHs`aY{M5I-V^H+O=g5soSC4y)TztSFo_x(#nzSmbByMR$s`D2GY;r
z+8Z(=a-zA=+-M#&FPaa{j}|}+qJ_}HXc4q1S`00YmOx9QrO?u78MG`~4lR#XKr5n^
z(8_2Pv?^K+t&Y|}YofK#+GriLE?Uo;%j^5h=M6&WhG-+SG1>%eiZ(-=qb<;uXe+ce
z+6HZlwnN*a9ng+wC$ux#1?`G<L%X9r(4J^7v^UxZ?Thw9`=bNUf#@J~FggSsiVj1E
zqa)Cf=qPlwHMYl~W6^Qwcyz+QI!r_-p_Bik!W8u16@rb4|3BP&?6qe%e?9z<vSIW6
zxqmL@t@HQD|C+oXwZ|*#=WP3#Qr<d$k3W7!htOqgO`JQJzQ+oO4s`Yr2(x8)Z3|t4
zn|807ePgGjv!9AiL#LxN(3$8gbT&E%or}&x=c5bIh3F!5F}eg@iY`N!qbtyr=qhwI
zx&~c~u0z+O8_<pDCUi5p1>K5nL${+l(4FWmbT_&O-HYx+_oD~UgXkgjFnR<%iXKCc
zqbJal=qdCxdImj<o<q;07to97CG;|S1-*)1L$9MZ(3|Kj^fr12y^G#M@1qaUhv*~p
zG5Q33iatZ1qc6~x=&O+9$!qit`WAhMzDGZVr2Bs5xaj)eZ~WH-e?9Qm1OF}$*w?Jz
z)|d!&hVktZHiv!n>ioWs|DWb^j)WgkJA|&=_vrQQ<DXsHzRo&@eDb+Aab<*-9XM^5
z{}ggR!7b;F1DEhe?eg9d{**tbZ_2gJxnlP(<xTmP_>*)W>s?0QD`DFv`+C+lIEbC&
zAME=@PK&zlKH2xpoTqnzu1~$z0f6t_ZkP7Wcisqa_I(jIWoz390<b>Nx8(mGpMC2Y
z?eD3@k>YE;+ehpi+vmTdp8l2;Zymow;_s5-)yhl#nr!!OnA?kOA3C&KgPn3QC#Rov
zpRIYwlV_X9eHLZ+yg+^JSM;;xd&}FYus?79@1@+DenzTW){X=D<nHI$(D$0;XXzi)
z&u%%VMQz>eIqApB{|dL$kNjsw061mcyR+}#*?a%s^fqU2=eTdYxUp?P^KZ^?f&6cm
zbbrpg?C#z9*-6_xZf(wcH}3m9HrgB-X5I01-`R0uhucfLwfwo*_1Pf=#2^gD5DdjI
z495tJ#3;;eFB)S);$LaIvfvej#oW3$jK>5_#3W3{6imf5OvgS2IZp}Xf7jbi?A{mm
zjcxCGJ#SOKxejfYcIK}@Pd~rkTJKTa85#Duj{Afs@cr%Ym;Ga$S3>4mceb@-$K#*S
zu;*^B4}YwN;M~5W&Gm!Z-gfL@_FF&p&#k?3z~_4ok5gBm_7ASbw{yH--Z*2`z)Z}8
zg~P&IAp#Z=i-b9~yZgvk6f7zh4U3M&z+z&tu-I4}EG`xgi;pG15@Lz4#8?t6DV7XN
zj-|j-VyUpySQ;!XmJUmgWxz6GnXt@Q7Az~44a<(@z;a@_u-sT4EN@61`LO(00nF<O
zhjQz6W2YBaM!Hx%+6^}5r4LzozQOf@{rtikoF`j{K0o7fr2{}gtPoZhD}oipiebgE
z5?D#B6jmB5gO$a~Vdb$3SVgQ7RvD{;RmG}d)v+2_O{^AH8>@rW#p+@8u?AQ}tP$22
zYl1b!nqkec7FbKH71kPSgSExlVePRFSVycA)*0)9b;Y`2-LW26PplW#8|#Dh#rk3W
zu>sgXY!EgW8-fkRhGE085!gs<6gC<ggN?<;VdJq0*hFj+HW{0OO~s~R)3F)YOl%f5
z8=Hg8#pYr2u?5&dY!S8?TY@dcmSM}W71&B_6}B2%gRRBZVe7FC*hXv<wi(-kZN;`>
z+p!(kPHY#p8{32J#r9$Qu>;sa>=1SsJAxg>j$y~K6WB@Y6m}XrgPq0BVdt?6*hTCT
zb{V^ZUB#|p*RdPeP3#tS8@q$u#qMGEu?N^g>=E`DdxAa1o?*|i7uZYe74{l?gT2Mx
zVehdI*hlOW2H+qL;V^E$e1hRPPT(X?;WW<REbg?W)5`ANnY;Qy9BzMI<)XhHH-q|H
z-y}4Lc&paFAv0uiNWev0!ev~+Rb0b$+`vuTgNMVz;}P(PcqBYB9tDqzN5iAzG4Pmp
zEIc+I2ak)#!{g%#@Pv3GJTaaGPl_kQljAAylz1vUHJ%1fi>JfW;~DUbcqTkEo(0c}
zXT!7OIq;l#E<87$2hWS=!}H?>@Pc?Dyf9t_FNzn#i{mBml6Wb+G+qWTi<iU8;}!6V
zcqP0tUInj;SHr90HSn5vExa~f2d|6Q!|US>@P>FJyfNMcZ;Cg=o8v9;mUt_?HQokq
zi?_qu;~nshcqhCw-UaW9cf-5mJ@B4*FT6M22k(pb!~5d{@PYUsd@w!)ABqpdhvOsg
zk@zTlG(H9&i;u&{;}h_S_#}KXJ_VnOPs69<Gw_-CEPOUT2cL`2!{_4*@P+syd@;TR
zUy3iom*Xq&mG~-rHNFO4i?74i;~Vge_$GWaz6IZkZ^O6aJMf+OE_^q>2j7eD!}sF{
z@Pqgv{4jn5KZ+m2kK-rsllUq8G=2s@i=V^K;}`IY_$B-@eg(gZU&F8CH}ISIE&Miq
z2fvHo!|&q{@Q3&#{4xFne~LfDpW`p^m-s9EHU0*Fi@(F);~(&k_$M47KmsCQ0wGWW
zBXEKsNP;40f+1LfBX~j}L_#8DLLpQ_BXq(bOu|EiBf=9Ah=@caA~F$$h)P5wq7yL)
zd)A0a#3Eu7afrA?ypVK!A_0+*NJJzik`PIWWJGcz1(A|SMWiOu5NU~YM0z3vk&(zm
zWG1o@S&3{!b|MFnlgLHnCh`z@iF`zUq5x5lC`1${iiF53N)#iC6D5d}M5&N;X`&2K
zmMBM*Cn^vXiAok$+1jdDTUBeTMpP$i5H*QfL~WuDQJ1Jk)F&Dc4T(lXW1<PslxRjY
zCt46KiB?2wq7BiOXh*asIuIR+PDE#-i&Y)~x)R-p?nDowC((=OP4pr968(t&!~kL-
zF^CvU3?YUR!-(O;2x25LiWp6dA;uEpi1EY(Vj?k#m`qF|rV`VL>BJ0TCNYbcP0S(Y
z67z`p!~$X=v4~hqEFqQ>%ZTN~3Sy;I+bUu;v4&VntRvPF8;Fg>CSo(Oh1g1LBeoMe
zto)tCE@C&ahuBN(BlZ&qh=ar-;xKW9I7%D~(e*fSf;dT>B2E)$tn^vp9C4nwKwKm)
z5toT8#8u)Nah<q9+$3%hw~0H%UE&^bKcw6P;vw<Kq8<}Zh^NFe;yLkxcuBk>UR&53
z;w|y+OL+g80<aInN8%F!kbM!*+MGZF5DAkAiCTL%cJCNqBu)~fl_DvUCK-|?Ig%&y
zTi+7dK_EpdPa<V&U&Q+Qodgt%Qpv>D7yOO{jkNEn>7+rLwiLgR&q_Ibo=|!32y2-F
zHvr+t@MHusBKZZeaw3tDNxPk+kWtBKWOOnH8Iz1f#wO#CamjdOd@=!<kW54-CX<j!
z$z)`5G6k8EOhu+9(~xP&bXLjqWCk)LnTgCyW+AhZ*~si<4l*a1i_9G&)qaD?Kjb0(
z)89_n+6DjFv%Y<FcV~a+NN=a?FBR?JQVy4W?64{C`9W~mc1~V0ADN#lKo$TBl7+~^
zR$PQEN){uFlO@QKWGS*VS%xf2mb38kWCd%V52#31A}f<s$f{PV08ovrPS&ufn$}j!
z+G<-{9kMQ2kE~A?2O5wK$wp*jvI*IgY(_RGTaYcuRu)HVvJKgmY)7^yJCOEQXLjgF
zb|O2IUC6Fhe!h^mRlAWx;qGJ)vM1S#>`nF|`;z_0{^S61AUTK}Ob#K3lEcX1<Op&k
zIf@)jjv>dA<H+&k1acxdiJVMMA*Yhl$m!$^awa*8oK4Ol=aTct`Q!p}A-RZLOfDgp
zlFLZv9_ey&#b@dxy3(rOy(?jjSxdjw*0zQ$WUc4mgtg?l5FVS)(bRWu^Eg-I>%VY0
z=^xu~AUBem$jz3FE!MX6mt@&`1`FHBZRB=x$LDs~N$#@JyU9J)-YKz-<g7I;@&PuV
zi`cZCa^h{|UUDC~pFHq6-^LG;hb)f6<dG0gx1?R(DR=ZUzKuL)QOC&><Vh<&MV=<l
ze9k%RBh9TZv<=(HbL4sQg2j1}y!1t)quXWj3VD^hMqVdxkT=O&<Zbc}d6&FL-X|ZB
z56MU5;}HHQ<Wuq)`J8+~z9e6fugN#$+s|?wUAK|%$oF3~akLMu#Rsc|%l(o3WTgNK
zq#z2W5X#mCr7#Moh!EP}6TT@|s_Rp)%&<9L9+ILcnqof7c5s&BD4r51S0^ubSSoa%
zv}a*^3yu4xMM|XHv@Ox4?YIyiQSz5u-<$$r-ggUoP5w_I?zr{W&(S|D<{(31Z;sm{
z-yeI+{s`sHBw@?=*6g2aw~ig0xyp&X?d72UC4OJ(>&Kcvxq<5r#2FY<D3#JEoiZqs
z@=)QZ@KgjUA{B{>OhuuhQqidBR17L66^n{Z#i8O-@u>Jz0xBVuh)PT)p^{R`sN_@%
zDkYVQN=>Dq(o*TD^i&2aBbABDOl6_6QrW2NR1PX9m5a(v<)QLY`KbI<0jeNXh$>7K
zp^8$)sNz%!sw7p4DovH4%2MU1@>B(?B2|g1OjV((Qq`#HR1K;oRg0=k)uHNA^{Dz(
z1F9j_h-yqVp_)?7sOD4)swLHmYE8AF+EVSP_EZO|Bh`uOOm(5UQr)QTR1c~r)r;y)
z^`ZJw{iy!b0BRsLh#E`{p@ve!sNvKIY9uv^8cmI%#!};`@zexrBIQ2m`F0%G|9{b6
z@qqUXz+Xxs>*(i?*z;vrEHuyWOgr<&Bx({h*$VkSpV7Fpf)j_`7XZ97O4!`riMX>@
z==kUAnDluT3|88mC7t|0es*&F`TV7Y&9il%@{O7ch4N@1|N2VyrTyy<n+nbA$o8TR
z<xRUb+V<OYSY2$~*}Oh-k4<ju<am!XUQS1<Z#pdPNb$<D<#=V;8u=ss61+Ze&tC$?
z-<}PFb2uZwtC6>Uug+e~O9d+7o9jKxvo&_ksGYs<xuJXB<~`~=h?9161KI2?5t#a?
z&ba>8^PlN~z`f%4qxKQ!_e=d<5(AB#V3=K}JL2rvKjoX_<ofIAJF3G<auBzKSC%_3
z<O{hrvo-U|@oM18bIbe2URh2_TZV7GFKzQq^}C|<E$z}?yX~@$7GBEX@=CSS-jrL`
z7x^AKv=na{-yElI*Dp5DHgXy@otp7oSHy1VAB&w@{L8pj`lG*+^4dF-nq{?+llDsV
z<~x|14#eqT-eZw-4E3hJMmb00uW`6}t_I(Z?GnCRjs)-V(@VLse<ZfA9)E;C5bv)`
z2qg9Y51VbBW6h!FQuC<!)B<WDwTN0wEuofD%c$kl3Th>_ids#rq1ICCsP)taY9qCY
z+DvVswo==u?bHrxC$)>(P3@ufQv0a=)B)-sb%;7l9ifg=$Ef4f3F;(uiaJf5q0Un0
zsPohX>LPWCx=dZ6u2R>i>(mYECUuLtP2HjHQunC))C1}v^@w^*J)xdb&#33r3+g5H
zih51Gq25yOsQ1(d>Lc}u0%(wiXqZN5l*VYBCTNnTXqskdmgZ=l7HE-{Xqi@MmDXsT
zHfWRf(BbItbObsg9f^)iN1>zA(dg)O3_2zqi;hjlq2to===gL3Iw75iPE04ElhVoP
z<a7!;C7p^+O{byL(&^~*bOt&jor%s&XQ8vw+34(a4mu~Di_T5wq4U!D==^j6x*%PM
zE=(7pi_*pD;&chRBwdOwO_!m|(&gy#bOpL1U5TztSD~xY)#&PU4Z0>>i>^)Aq3hE1
z==yX6x*^?&ZcI0!o6^nb=5!0XCEbc{O}C-j((UN>bO*X4-HGl@ccHt|-RSOg54tDa
zi|$SLq5IPP=>GHo+P5DKqzBQ1=^?c9)L<w*%x4i0_t^@L+SG7*1U-@-MUSS(&|~Rw
z^muv#J&~S7Po}5PQ|W2+bb1Colb%J-rsvRe>3Q^gdI7zVUPLdZm(WY;W%P1-1-+79
zMX#pUSaq!Rsb^gX?R^8`pP~Hk60N7d{;jON3c-&Af9ZD0zw|$!cApFVY;5-d`-z<M
zRL)JgPwCvg;>OM!!uH<fx8u-fN-j5PtwQUiy_Eel(M{PD8tSQ@n`g&%uXfU*Yv~*G
zo$#=&6dc(=|9AiZx6H<$DD9U0C*w^%<I>+3o9Qj|R(cz~o!&w3q<7J~={@vbdLO-?
zK0qI&57CF|BlJ=F7=4^RL7${g(WmJ%^jZ2GeV)ERU!*V5m+33?Rr(rzoxVZeq;Ju;
z={xjY`W}6sen3B@AJLELC-hVL8U37oLBFJ5(XZ(@^jrEJ{ht0nf22Rr00S}*12YJN
zG8lt11Vb_uLo*D+G91G*0wXdKBQpx4G8&^Z24gZFCL9x<iNHi;A~BJfC`?o)8WWv~
z!Ng=@F|nCAOk5@&6Q4=IBxDjXiJ2r!QYIOboJql?WKuDynKVpVCLNQW$-rb}GBKH%
zEKF7=8<U;M!Q^CeF}ayMOkO4*lb<QT6l4l9g_$BuQKlGEoGHPSWJ)omnKDdSrW{kA
zslZfZDlwIrDoj<T8dIIA!PI1GF}0aGOkJiPQ=e(TG-MhvjhQA)Q>GcyoN2+dWLhz;
znKn#YrXACs>A-YkIx(G@E=*UZ8`GWX!SrN$F};~SOkbuS)1Mi@3}gl|gP9@BP-Yl2
zoEgFRx7_!og7q@D^hjn@NZ3G+X2vjMnQ_ecFq<tSG(Lfu$V{@r270Vj%0KXUf20}I
z51GtNW~MNszl5n4_cUfYGs8m0Ff*-`{hW1-MLS{E7iu;$hndUFW9Bmpn1#$DW-+sb
zS;{P9mNP4umCPz;HM53U%dBJ8GaHzV%qFYcW@ZbsmD$E@XLfv%GKSg7>|%B^dzih<
zK4w32fH}w<Vh%G$n4`=w=C}`^t3mMiL<qO-wUf*#<}`DLIm?`5&NCByq+IwyUt}&Z
zmzgWfRpuIVow>o>WNtCHnLEr~<{opOdB8km9x;!ZC(Kjk8S|WZVU>HyykcH6Z<x2t
zyDw74Fz=ZU%tz*vHT8ik#KJ7XqAbSZEWwg2#Rk{b&7oO_Wm(SR<U_axR%9hsW=B~q
zps*^dxt}rlwS!ywcf<govj%Ij9yS~so{hjpWFxVW*(hvOHX0k9jlsrbW3jQ>IBZ-t
z9vh!cz$Ro9v5DCvY*IEEo19I-ressGso6AaS~eY<p3T5!WHYgu*(_{UHXECr&B5km
zbFsPEJZxSzADf>oz!qc+v4z<pY*DrtTbwPymSjt@rP(rUS+*Qoo~^)EWGk_i*(z*R
zwi;WVt-;o0Yq7Q2I&59G9$TMnz&2zXv5na#Y*V%w+uZU_3$_K@l5NGdX4|lB*>-Gu
zwgcOd?ZkFwyRco^Zr{-cU-x3L@%f{;-7^FIzFzwnraRk%?aB6Hd$WDmzHC3XKRbXO
z$PQu$vqRXS>@apXJAxg_j$%i%W7x6mICeZcft|=sVkfgx*r}F(rm@r68SG4U7CW1r
z!_H;rvGdsl>_T=CyO>?VE@hXo%h?s|N_G{ynq9-LW!JIm*$wPQb`!gq-NJ5Vx3SyV
z9qdka7rUF?!|r86f2qBX-OnCi53+~Y!|W0ED0_@O&YoaTvZvV7>>2hfdyYNNUSKb>
zm)Ohf74|B7jlIs^U~jUw*xT$K_AYymz0W>iAF_|w$LtgKDf^6l&c0w@vai_J>>I0X
z-?H!6_v{DuBm0R3IFN%lm_s;}!#JEHIFh3{nqxSY<2arZIFXY$nNv8G(>R?oIFs{m
z;kfWz1TG>MiHpod;i7WUxaeFAE+!X?i_OL1;&So0_*?=mA(x0t%q8KHa>=;lTna8F
zmx@cxrQy<Y>A3V<1}-C)iObAo;j(hsxa?dGE+?0Z%gyEC@^bmO{9FO9AXkVh%oX8^
za>cmfTnVluSBfjmmEp>A<+$=(1+F4jiL1<2;i_`gxawRDt|nKDtIgHn>T>nC`dkC9
zA=ij&%r)Vfa?QBrTnnxx*NSV+wc*-w?YQ<_2d*R6iR;XD;kt6&xb9pJt|!-v>&^Ay
z`f~la{@eg=AUB8`%njj&a>Kac+z4(YH;Nn0jp4>}<GAtM1a2ZXiJQz#;ihuaxar&s
zZYDR2o6XJP=5q76`P>3-A-9NI%q`)Ta?7~o+zM_bw~AZMt>M;k>$vsY25uv_iQCL=
z;kI(yxb55yZYQ^k+s*Ca_Hz5U{oDcWAa{s6%pKv5a>uyi+zIX^cZxgBo#D=M=eYCS
z1@0nuiMz~Q;jVJmxa-^v?k0DOyUpF<?sE6I``iQWA@_)T%st_ra?iNu+zaj{_lkSX
zz2V++@3{Be2ks;Hi350$hj^Grc$CL@oF{mar+AvTCQqK@d0yZ}UgBk5;Z<Jab>84j
z-ouCE!}AgNh<qeIG9QJH%17g)^D+3Cd@MdTABT_2$K&Jk3HXG3B0e#ngip#R<CF6#
z_>_DqJ~f|)Ps^v{)AJeljC>|OGoOXe%4g%V^EvpOd@epWpNG%O=i~G91^9w|A-*tQ
zgfGe$<BRhp_>z1nzBFHkFUyzX%kvfZihL!$GGB$S%2(s7^ELRId@a5<Ux%;D*W>H+
z4fuw9Bfc@;gm20><D2s>_?CPtzBS*5|JMBQH~+5({(9igdBFFs&Ho4e{g&D1?0>^w
z5B#rqz&V@#(ev<M;}3fV?|*;s*HfXte+wqD_~$!!!SY=^*!Ov1EeVXY<=gS?`3`(X
zz7yY>@4|QGyYb!m9(+%}7vG!j!}sO;@%{M${6KyXKbRlF59NpP!}$^XNPZMQnjgcD
z<;U^k`3d|)eiA>KpTbY&r}5MI8T?Fs7H_YS;JhPG`h17$y;Ex6pPbFl;pg)6`1$+-
zej&ezU(7Gzm-5T_<@^eMCBKSa&9C9t^6U8Z{04p_zlq<>Z{fG{+xYGL4&IjJ`r$tz
zcHU+8-`hI+eq$KA6}<lh_B~YSe<!p5Wh@b}li$Vf=J)V>`F;F;{s4cFKg1vAkMKwN
zWBhUc1b>o0#h>QS@MrmR{CWNYf04h$U*@mySNUuFb^Zo_lfT8^=I`)#`Fs3*{sI4x
zf5boLpYTulXZ&;i1^<$N#lPm?@NfBd{CoZb|B?U10|F>O0xTc`DqsRG5CSPs0xd8C
zD{ulY2!bd`f-ES4DrkZ(7=kHygm6N5A%YN5h$KW7q6kriXhL)$h7ePTCBzou2yumY
zLNO@55MM|jBoq<}iG{LY5+SLOOh_)I5K;=Mgw#SBA+3;3NH1g%G76c5%t96+tB_5|
zF60n$3b};bLLMQnkWa`j6c7pug@nRF5uvD1Oeijt5K0QAgwjG8p{!6&C@)kHDhic^
z%0d;Ps!&a+F4Pce3blmVLLH&5P*3o-QhlL;m1<~hjfBQR6QQZl%qQ2&_cf}y&_ZY_
zv=Uld_Oub&3hk`eH@NFwc%O#2h%eXI=tEz=Ja*4v+|{dnujlPIU})<fF@1kullnXJ
z+-C~Db=$P9`R}YJm@K=VuLb*y@zA>2<2KOz>dWVy&4N?DIyrNJ{qGMpx;LPFU;ZDV
zz2AE~Umw|Z{YZId4HmBympT-1?IGI>m64xcztr)fQ^%j~1NN8s?$`M4xA0Evtc&D3
zLwjj^Md+`!zrTO?2K=X!K;^w{68d?iH|OUmx7F;}wc3q+d#*z}^@N>o?6NjTApLFJ
z_0qTW^j}%Xc?Zv4*VkS%<XdHbN4|ZAV2@1aYkZsXN_A2;Vq5ehKU;>get}n-FXi+#
z+v`prvCsP4e-sH_k8e3U?^|jA^1j^8I_ka%0JIl62pxq^LT90i&{gOrbQgLEJ%wIE
zZ=sLSSLi477X}Ceg+an#VTdqP7$yuCMhGK?QNn0pj4)OhCyW;+2or@#!en8JFjbf)
zOc!PdGp!@^EMc}VN0=+j6XpvGgoVN)VX?48SSl<NmJ9YdiThh2tQ1xWtA#bfT49~A
zUf3XP6gCN)g)PEXVVkgB*dgo`b_u(MJ;GjLpRivzARH7935SIv!cpOva9lVcoD@z8
zr-d`ZS>c>;UbrA!6fOyug)72U;hJz=xFOsWZV9)AJHlPzo^W4yAUqTv36F&*!c*ay
z@LYHyycAvuuZ1_lTj8DXUict<6g~-n2#Syhi-_p!t)Hiz@#WoDwp!jf0tXvEu76O`
zT8QN*!ryX%z4q5HfBh2J1A)=M{pGJ;0(&4Z`nSLQ^-Ew61V;b%m%n}q?18}O-~RH~
zFM&M}82#H{{@s2FtbK6wZ+i#!je9*EI-dMP|4!tV{`3DK<kn;@|Mxfi4|~8`{_k)2
zANBxgeacCTjL3?d$cxrPQ&AKpQ5F?Z6*W;84bc=mVmL9p7(t9EMiL{7QN*ZXG%>mu
zLyRfL5@U;T#JFNSF}|2UOeiK26N^d2q+&8LxtKysDW(!ri)qBPVmdLsm_f`aW)d@t
zS;VYjHZi-HL(D1W5_5}r#JplYF~3+qEGQNd3yVd>qGB<zxL86gDV7pTi)F;JVmYzA
zSV62PRuU_VRm7@dHA|oBVhypTSWB!e))DK9^~CyO1F@mlNNg-N5u1w5#O7iPv8C8b
zY%R7C+luYP_F@OIqu5F8EOrsQirvKSVh^#W*h}m!_7VGv{lxy_0CAu=NE|E<5r>My
z#Npxyailm(94(F!$BN^`@!|w=qBu#MEKU)piqpjD;tX-7ILoSIwm3(eE6x+=iwnes
z;v!3{#o`iisklsBF0K$)imSxc;u>+SxK3OzZV)$$o5aoH7ICY%&9Y*<xI^42?h<#4
zd&IrsK5@TzKs+cO5)X?<#G~Rd@wj+GJSm<MPm5>7v*J1Nym&#pXxV&8yewW3uZq{i
z>*5XZrg%%dE#49Diuc6(;sf!a_(*&#J`taa&&22A3-P7+N_;K85#NgM#P{L{@uT=j
z1SC*`Bv?WuRKg@&A|z6xBwAu5R^lXH5+wUgAJN)NA(SjBk}7GEE*X+3d8BYscngnU
zZ4pEABT11%;xSAVDXJ7riY~>FVoI^3*isxRt`tv-FC~x?N{OVzQW7btluSx4rI1oe
zsif3W8Y!)mPD(FjkTOb{q|8zlDXWxC$}Z)Qa!R?R+)^GXuar;9FBOm`hy|rWQemlx
zR8%Tvh2l~Psiag&DlL_f%1Y&=NK$#Jf>cqeBvqEGNcJ(Vs#Hy?F4d4~O0}fgQXNZ&
zx>7x<z9dQwq=r%>sj<{VYAQ98noBLDmQpLJwWU)VORKh0JE^_YLFy<;QWCL~)LH5x
zwX#~KtJKZXvb&{c52>fr%koKYsgKlG>L>NLyfZ)=C=HSZOGBigmbSyB;g-fDENw?h
zqomQ&7-_7f?Kml-G~Uv=x;Vkod!nWHBx$lVMVcy2v$Xd}(=7{TST@X*1aX!$Tbd)y
zmF7wFr3KPLX_2&8S`uQHd;I>@c&W5ZS}v`SR!Xa+)j=h%k=9D<r1jDUAC8UECTX*@
zMcOKDleSAcq@B_(X}7dT+AHmo_Dct(gVG`CuyjN^Djk!KODCk0(kZL-Y3Yn~Ryrr0
zx9AJjc2T-y?JrALto>E#nsi;dA>EX2Nw=jt(p~AEbYFTPJ(M0vkEJKlQ|X!XTzVnB
zlwL`%r8m-B>7Ddm`XGIjK1qNK%8(4ph>XgZjLU>f%9KpYjLgcM%*%o-%91S0imb|-
ztjmUM${snK9A1tfN0cMUk>x0IR5_X)U5+8glw--U<v4O&Ii4I}P9P_g6Um9?Byv(Y
znVeisA*Ym6$*JWua#}f^oL<f#XOuI^ndK~URymuTUCtrrlyk|s<vem;IiH+gE+8L7
zz7@XJiUs9Da$&iMTvRS57ne)OCFN3bX}OGCRxT%(mn+B><w|m8xr$s>t|nKPYsfX_
zT5@f<j$Bu+C)bx7$PML2a$~uP+*EERH<w$;E#+2nYq^cwR&FP^mpfQkN4b;SS?(ft
zmAlE^<sNcRxtH8q?j!e=`^o*~0rEh3kUUr(A`g{^$;0Il@<@4<JX#(jkCn&C<K+qR
zM0t`tS)L+Km8Z$m<r(r!d6qm|o+Hnd=gITs1@c09k-S)5A}^Jf$;;&x@=AG?yjor(
zua(!y>*WpdMtPIGS>7UVmAA>;<sI@)d6&Ff-Xrgo_sRR^1M)%nkbGD^A|I8H$;agr
z@=5uWd|EyupOw$a=j99XMfs9^S-xV~c2&M6UzcylH|1OMZTXITSH36TmmkOv<wx>k
z`HB2gekMPcU&t@zSMqE5jr>-AC%>0J$RFiTGN6D8q`(TIpbDno3Zak+rO*naunMQ}
zilB&!q{xb*sEVfOilLZ_M+v8dS0X48l}JitC5jSNiKawXVkj|{SW0XqjuKair^Hth
zC<&EBN@696l2l2iBv(=>DV0=8Y9)=5R!OI%S28FWl}t)zC5w_($);piaws{KTuN>w
zkCIo(r{q@(C<T>5N@1mlQdB9X6jw?pC6!W2X{C%(Rw<{HS1KqKl}buwrHWEjsiss{
zYA7|8T1suDj#5{tr_@&(C=HcHN@Jyo(o|`tG*?<EEtOVEYo(3SR%xfSS2`#il}<`$
zrHj&4>85m7dMG`WUP^DJkJ4A^r}S3_C<B#2%3x)PGE^C+3|B@dBb8CgXl0BtRvD*^
zS0*SEl}XBEWr{LYnWjuvW+*e2S;}l>jxtx7r_5ItC<~QE%3@`SvQ$~7ELT=2E0t9W
z>bG{J`|gl$yjoeKtX0-2>y-`4MrD(-S=pj&RkkVHl^x1XWtXyB*`w@L_9^?71Ij_=
zkaAc#q8wF@DaVx)%1Pyva#}f~oK?;#=amb}MdgxmS-GNIRjw)5l^e=U<(6_=xue`w
z?kV?`2g*a`k@8r1qC8ceDbJM`%1h;yVvo$%${Xda@=kfLd{90rpA<j^RY-+ZL`79h
z#Z^KjRZ68*MrBn_<yAoyRY{dqMO9Tz)m1|^RgW4@4X;K}BdU?q$Z8Zdsv1p=uEtPf
zs<G7AY8*AL8c&U{CQ$un0{i>OU;8Cg6RC;SBx+JMnVMWpp{7(*sj1a8YFgFtvhz<*
z!T0IZ^lAn*qnb(0tY%TOs@c@+emeTUb>yx(?8J6n4mGEmOU-SCJZfGwpPFASpcYgM
zsfE=dYEiYAT3jummQ+irrB(Yo)G}&WwcO`WUbRC7wW3<ds<E<KMXjn<Q>&{r)S7B7
zwYFMEt*h2k>#GgahH4|VvD!p!YVkEwo2xC<mS1#irM6bvsI!r_7Sc{_uXa#7s-4u%
zY8SPu+D+}Q_E3AOz0}@nAGNRAPwlS`PzS1m)WPZyb*MT_9j=a0N2;UL(drm=tU68|
zuTD@Ws*}{o>J)XVI!&Ff&QNEnv((w@9CfZbPo1wWP#3C;)Wzx&b*Z{cU9PTBSE{Sj
z)#@5`t-4NKuWnE`s+-i!>K1jYx=r1#?ofBCyVTw49(Av}Pu;H`P!Fny)Whl#^{9GG
zJ+7WmPpYTX)9M-Zta?s8uU=3us+ZKu>J{~>dQH8q-cWC<x76F}9rdnyPra``P#>y~
z)W_-*^{M(yeXhPxU#hRv*XkSft@=)VuYOQJs-ILq1GSKTW&INcq`?}Zp&F*)8ljOI
zrO_Iru^OlGnxKiAq{*71shXzgnxUDRM+>Kg*CJ>UwMbfIEs7RZi>5`_VrVh7SXyi?
zjuuyor^VM2XbH7MT4F7UmQ+ioCD&4DDYaBuYAubHR!gU)*D`1swM<%OEsK^_%cf=5
za%efVTv~1|kCs=<r{&iQXa%)GT4Ak-R#Ypd71v5=CACsoX|0S_Rx78K*D7cgwMtrL
zt%_DvtEN@gYG^gJT3T(bj#gKzr`6XQXbrVST4Sw=)>LbzHP>2bEwxr!YpspeR%@rV
z*E(n&wN6@Rt&7%G>!x+rdT2ehURrOhkJeY~r}ftcXaluD+F)&nHdGs?4cA6!BehZ5
zXl;x(RvV{{*CuEawMp7!ZHhKko2E_IW@t0DS=wxEjy6}Dr_I+EXbZJP+G1^qwp3fD
zE!S3PE45YHYHf|SR$Hg7*EVPywM|YN0GqWf+E#6wwq4s1g6!0GX}h&O+Fos6NP53^
zKs%@%(hh4!LefXIW7_f0Wlv})wNu(@?TmI-J7;0%wF}xs?UHs`yP{qF%;P_UT+{4e
zkAC|X?46U~Il)TU`1h7__`b#cHT|60LQMFj-Pf%7@6GeNtg^NKhIfq=-?w#tFYVMA
zb`8Ai+CLTCwH<xWE&|gwr?Xo1*H(OTEc*2$w6`q+QDHsyyAbbx@CB;(e+B#bG46Qi
z=gWU@$*;FWbLfWlGr^Vmy;=n0b7u)xo;MCwA~YWMA8J4P{L^e`?q5lJ&sBe1%Ru$o
zZy^W5e+F|k3SG7`;{Be-<@ufQP3@L;Tf3v()$VEcwFlZm?UD9ad!jwno@vju7urkh
zmG)YDqrKJMY45cU+DGk^2I!y;>9CIIsE+BlPUxgg>9o%1tj_7YF6g2z>9Vfqs;=p}
zZs?}&(ZlKC^$2=IJ(3<-kD^D_qv_H07<x=SmL6M=qsP_b>GAahdO|&so>)(!C)Jbb
z$@LU^Xn*`CrR{e3*88<7^;CLlJ&m4LPp7BXGw2!hOnPQLi=I`_rf1i4=sERVdTu?B
zo>$MO=hqA91@%IDVZDf6R4=9%*GuRn^-_9iy^QX*d0D-jUS6-DSJW%%mGvrmRlS;C
zU9X|n)NARr^*VZ8y`ElQZ=g5S8|jVpCVEr7nciG)p|{jq>8<rPdRx7n-d^wEmFM>*
z(64*f)zgiCUE=piaO?ArD<d8CPI_m(i{4f5rgztS=sopbdT-16K6+ohpWa^|pbyjs
z>4Wtl`cQqCK3pH6kJLw5`J?qQ`dEFOK3<=oPqfmL^vTwKiau4Jrcc*r=ri?M`fPoU
zK3AV-;q&zc`a*q?zF1$PFV&an%k>rdN_~~ST3@5Dwer{L>-7!#MtzgMS>Ix%x9Z!h
z{eQym`@H+RxWZceBa*|G4toU=i05nAc72DwQ{ScU*7sN~vRB`y@7E9L2lYexVf~1H
zR6nL4*H7pt^;7z3{fvHAKc}D9FX$KbOZsK~ihfnUreD`@=r{FS`fdG=epkPz-`5}L
z5A{d-WBrN#RDWhkeXhUIU+S;)*ZLd%t^Q7b{~yx!wqGV8-r%JDF>mg#Q;uY(H7138
z-ScBI0bo4xLH7?oCgG$0@t4YnuFbK<yZ6`4PI>eG3>8|Vz-eF4+j@BQ49p)G^_Ft&
zBK`VL;8I~xuP4Tb`R37^_s>vawfnP(YnAOwyCz?s2BK~LK=|*%CVl>oVCSEZUG3~t
zbIAVBY}Xs^tl-8j{v)w1-Trqv@0I7N0QP%zu&MD#=-{9KBlY|9+8!M5GyD1Hemmu~
zfWJ0Bo(f&h$B<qT8vUNM{f(hpzqfbzd(X}H#@{3Pckwv2x?f^D@sG&1%X=+zsP8N9
zwfASrdrRAt>rsEyoAR&0i~na*-{-%7lIx%K(<dD;Km#&h12IqoGjM}2NP{wHgE3fx
zGk8NVL_;!ULorlCGjzi+Ov7V@Gr}7YjEF`gBeD_2h-ySLq8l-cm_{rkwh_mOYs53+
z8wrerMj|7zk;DjYQ&J<Dk=#gOq%=|)sf{#7S|gp2-pF8NG%^{PjVwl1Bb$-k$YJC(
zav8aeJVst4pON1vU=%b88HJ4^Mp2`fQQRnDlr%~irHwL1S)-g$-l$+yG%6XDjVeY}
zqnc4YRQ<j^bT;yPf_rZzw54m2upu<h-}GM({HzCR7{3yJ<!mPSoM@lr)Plx-xx)Eb
z+y04i!L9gKj_)ku(#}<#uiig0yV!3HIP-`dyYCXzG@LLEaf7e?Z_(ef!p^trvbS#?
z*}qj+p#1Nt-{En6=){3!1;V~xzRej{g1u72pI-gM_a2Y$>L8)%Qz5HWxGQ^jpGvw<
z?!FZVx)<xLX=K+FXq63n)tw);zm`$ksAJSMe66zSdOk?~FSNZTga67er;rAQZDYfb
zy-kH(`NwXjh9O7o(6xL!?cc_MeB#UDjJIz~{XULHhTEpL&5eyFR=TOt%s3UY8bu&o
z+}17&+I|Y#M&DQOx45o^^sKPbovYqI-~au4f$Jl?=Y6tPp|MUpt-b4sy~vf2UTLr4
z5o~=X`?-_D4*>2HxNpV2t?s42<vBY)>|NGxm-4mP83CVA+b-8iI}Y6My}JDql)ojm
zrCw{jls}i73Y_nqw`~1g-aixDJ;?E{w@+R9yz-0Vy+C8m*RRg}XRoysT0>WRHx8X2
zEFD^sllDac;EL79%Yw}f=jh|uVAs>aLhQJu(aQJ~@)X#A%(nKqlJVAWm$yr~*C0-8
zBfglE{=4`0fY*zEnhM)f-M;4@h3!7!1n(>nsQ=ozfc5O%T}#W~q904SHU6o%jn$*Q
z$A8=6wnjUnz0twwXmkoWTG}f$IhNbAdT8wf*&mwcZ~Esw@Tc0{k=xm?^=&P?7+sBS
zMt7f<_xAPgp<I3Kp7irpdrP|V{!|=%)Z51{d*nM-hwb@}j^FD4{&$moQ(hatM*SJP
zZQGn<v)xW^u+M<(^EO|7zGa^;@1LN5&VE}H$Exh8y_TXAyz`v9`YQkgvd=zKby|HW
z>|g(%u<)<UuX(`V|GzI4c-%W<-o6_9noj?wydFkRqnFX!=wtLX`WgL=0meXMkTKX8
zVhlBg8N-bc#z<q7G1?eoj5Wp?<BbW%L}QXM*_dKXHKrNUjTy#FW0o=7m}AT}<{9&i
z1;#>Sk+IlVVk|Y58Ox0o#!6$AvD#Q;tTomd>x~V@Mq`t)+1O%iHMSYsjbP);|7tLp
zM?<%_&F9R-VRLN6_bfg%N8t31kRzbo8+Kaf?uU?FA!qRReDMiAWj%5^6tX$j=Ye`f
zAp3$@^Z$W|w%YMvX!KXo{v*kjZ+p){?IWnOma}sO^y41zUvqi4u{-3<<X7|!RCaI3
zk={K@7+;PUq0e}{#|_sKfBkH$9Vvlo`4!B*2jd2(hCq9}cK0r&dk4n0!PPcw{3|;B
znX+MZ{EPhWdLV2c`|&wGtPB@%N2@!Q+_Od}eF)iO-6!|X0fAZ}(ERUzYzvlhq}kG4
zZGI-UrMTLEPi!CK{P~=;vkzq9|1ak66Q}KeXAkh7za3lcD_7e`u4nE0!uAsa`?wI=
z8-d#2m&aHC-=)2KY_*T6j-JkO$2r>i)(!yQ($Am!Z|biHey<07`+soS?!|T={`$Gf
z@73(DG}{Bg?rXW;33l`fi--PJl?I#;8V{Rx>k1qH+OaWsfBWyw3G2syFXH{W@V}7)
zzWh&2uxqsc?w<PZvF_hHg8pj$-|T^Z&j<>p>DSNsf|dF`xOM$xgbx4Bz2)C$+wW=T
z-zDYW=f8iu#=ooOzF&^N$G*Q@AkMGff3au2K&Ae3u&?WHd+Jwowaa(0zPEHj;4|P~
zk^enq{ol#6Tf_<ODn{=AQCCKW!nVGle}V6>`ClFXh?l(bzeoFTUA=py{iS}+1N)5q
z#sTA?amYAq95Id>$Bg5~3FD-3$~bMDG0qz2jPu3?<DzlNxNKZ8t{T^j>&6Y^rg6)-
zZQL>L8uyI*#slM_@yK{=JTaac&y45B3*)8n%6M(OG2R;QjQ7R|<D>D(08G$?OxQ$B
z)Wl5OBuvtzO#hzrt(4n)f6mtb#8Tfk3jS#>*HiXa8{WI|{{-dM?8NSq9Cwxq8~gMB
z^QqCyXlvcn(M;GUCyp+(Nt<8O%3kCBZ}{KwK<K{kzhn8o-_p=+_dC*Iz4AMx{+039
z1Ajg6pWp%e{J;*@iguqV-!uS(9sfUr{5eY<ZN4qv)jBk%i~o)Pdf=}IydH4J$v=H%
z_s`VlTKBa(Lk>?^eY|CDDr~-UPiQE-7wH07_tdb@!N1tQCgon?{)yOj!jH)f>o)g3
z;eUG^*7AP_`EU2@U;Dfs2-Kszxxa(5Yxo^<g2`Y^*7W9aCT|L+XiBDRDyC{`rt_r3
z;m}RPG)<2g&J1sUnWaC^*6!LuZfuwEKB=%#Z!JGgxsn2xj9^AIBbkxSC}vbMni<{4
zp1}M+irVl0eg7})+k*c*;`r-FwElkk{@Xdf^~A!>59Wt|zO{d)#;{hn_I-aGR>uD_
z62pvX#xi4@am=`8JTtzTz)WZ+G83Cg%%o;AGr5_<OlhVvQ=4hbv}QUpy_vzxXl61q
zn_0}PW;QdsnZwL!<}!1edCa_KJ~O{rz$|DMG7FnU%%Wy7v$$EpENPZ9OPgiPvSvB6
zyjj7lXjU>Sn^nxJW;L_AS;MSp)-r3Gb<DbEJ+r>qz-(wXG8>ys%%)~Dv$@&AY-zSK
zTbpgHrx<O`c4m9CgW1vSWOg>Ym|e|oW_PoP+0*Q0_BQ*Nea(Jme{+C2&>UnAHiwu)
z&0*$nbA&n49A%C+$CzWyaprh)f;rKgWKK4xm{ZMZ=5%w0In$hF&Nk<mbIp0?d~<=h
z&|G9LHkX)7&1L3tbA`FmTxG5{*O+U~b>@0=gSpY%WNx<f*<x-DdA71GWWU|q5fbk-
zcbU7*Jr=#!+-L4L510qdL*`-gh<VgJW*#?BSUD%H?UZ@iJY$|U&za}V3s(A~dC9zN
zUNNtl*UanY4fCdX%e-ygG4Go9%=_j8^P&03d~7~3pPJ9i=jIFZrTNNyZN4$zn(xf_
z<_Ghm`N;%4pa=569>jxsFc0n_Jfw&6&>qIadN>d75j>(t^2i>=qk1%t?lC;3$Kwg-
z3Ga#EiRb}<NS?@^D4wVm1pv`J(LFIdF+H(7u|07-aV;#KC%z|vC!r^iC$T4ql}_qO
z=1J~J;YsO9<w@;H<4NmD=SlC$;K}I8<jL&G;>qgC=E?5K;mPUA<;m^I<H_sE=gIFW
zV3jQBDdZ{aDPmDYJ;gl5JtaIPExMGo*}u}BGM=)Ya-Q;@3Z9A<R>@P@Q^ix&Q_WM|
zQ^Ql!Q_EA^Q^!-+Q_oZ1)4<cv)5z1<)5O!%)6CP{)56oz)5_D@)5g=*)6Uc0)4|ix
z)5+7>)5X)()6LV})5Fu#)63J_)5p`-)6di2Gr%*@GsrX8GsH90Gt4vGGr}{{GwT1?
z`wqA$j=ulhoxKwj^^Vh&+nrrbP*4}VQ|uKK5erBYv4bKiqKKek@7-7udvBb2_Kv;8
zZtTW0QtT!glNi%u;{Q8G(A4L7^FDdrH_!W*{d~XkotfX1{mty&vA4Tpo@btKUSM8m
zUSwWuUSeKqUS?iyUSVEoUS(cw&Nkc4Ys_oS>&y=Gdh-VJM)M}~X7d*FR`WLVcJmJN
zPV+AFZgY-#k9n_opLxIefcc>LkomCri211bUGp*Xaq|iDN%JZ5Y4aKLS@V15bLR8r
z3+9XFOXkbwE9R@__s!SLPV;s12j&~*Tyvf|-&|n6X})E?ZN6i^Yrbc`Z+>9@(EO44
zq4|;dWAkJ4C+1JhpP8SSKQ})$e_{U8{FV7@^Ec*i&EJ{7H$OA~VE)nk+{{V5BuGRO
zC7q;~ib-ygyHs2%A$dq8rBYI9$sidePst>ek;+Q1Nv}(9NN-AJNs?rVN{XaPUXn#B
zCwWUgQhBL@<SY3}6{Sj2Wl59#r2wglWR+}ERjHa3C{>qgNHwKeQf;Y@R9C7e)t4Gb
z4W&j>kQ6L6mYPT*Qd22ZY9@tA&7~GnOR1F<E=5SKrAR4Cik4!eSgDN^C$*L0rFK$#
zse{x}>LhiRx=0C9qSRIDCM8MTrDUmx)KlsurAWP{RH={DS4xxmN$FC5DMQMX21o;?
zK~k19SQ;V?m4->fr4iCdX_Pct8Y7LB#!2I)3DQJqk~CSGB2AU1NpDHhr5VypX_oZ1
z^o}%Jnj_7X=1KFV1=2!kk+fJ^A}y7cNz0`b(n@KSv|7rR?9v)(t+Y;ZNb98y(ne{M
zv{~9BZI#&E-6n09c1Sy=UD9qTN7^IpmG(*dr32DI>5z0-IwBpF-j$9?$E6d}N$Hey
zS~?@0mEM!iN#~^t(naZ#bXmG0U6tOKu1QYmy7Yl`L&}x%q<pDBx+&d~ZcBHhyV5=B
zzVtx)Q2I!EC_R!smL5x=NS{idNl&EDrKi#t(wEX#($~^A(znug()ZFc=?CdY>AA$o
zye!B>7G<4$R?^GGWH;GeE-sglJ>-&dDY>+4kd3mZY?8~!W#!l8*X1|lH)XRd$+Apk
zMZPbovX^X;%gNrdk6d1^Ap6RGaz(k4Tv^s+e>p&|B3osfTve_n2g=pu8gfm!mRwt|
zBiEJd$@S4@1G%BxNDh*N<;HRoIYe$Mhsw?5FuA$hLT)LylEdW)xwRZAN6FE0j2tVs
zL7Q=MTRC2CC%2b7$Q|WQa%Z`VoFFI4UFB|alH6TRmV3xO<z8}%+*?kS`^bIeG`XLg
zF87x+<V>_VKprR$lC$K&@(_8bJWL)gkB~>oqvX-@7<sHbP985$kSEHM<jL|Bd8#~3
zehY0*muJW`<yrFE@;mZud5%0+o+r<j7sw0cMe<^KiM&)^CNGy)$SdVl@@hF-w##ee
zwemXIA+MJ=pv{f)CV8{GMcyiJlefz|<el;^dAFP+?~(V)`{e!d0r{YONIondk&nvn
z%E#p6X!C@8Qa&Z0me0s%<@e-sGMh{1<qPsf`I3BDz9L_h-<Pk+PWi7+`*YW4{#EOu
z|7HHwdj2cri`ps*PvZ`=Ki&#+i|+6F{d?uum=ylKZ2zBK;VLTecMY%0AILZ4Tscq9
zmkZ>Z@-6wc+>XB^-<9vl_vHujhw?}AL-~>XvHV#6ME+F%OnxGNE<csOkiV3_a?R4e
z>z=*p*MG$WMb|0{!=Jw|@s~L-W31MfF{TRRKTrLywEW8E@8E&o`+eiDNh{pDU(S?Y
z-ap4Ie*ga7!m{o7-@hlgF!vR|^1#2}1OLjgz|M^S?C)Qx{~whtI`00_@x|c@@>hTV
z*&g`i9C-PAb)kA0|D|0~?BBEg#h+V~;FWcu2iQFP<r)wyR`d&1Vffe2)vx7m<ZtEg
z<nQHY@(=Ql@^hJ^JQXORBGpknEk@m_J1tI2P!C#?mZGJpff}hNHPJG(EPai>PT!z!
zQZtpPOes~UO1-FsmZRR(hnA-ms4w-S6=@|}nQGLZ2GA<hN^P_%twsZBby|bgq_t>m
zT89>$uUL3XJp1B3Kxf3?Zbe>T>va_ASK%uU{JsZ@){pt04Nr)L?XCDJ?EbSi*Z+P$
z|F=^AeSRtO!5_8ozqQA&+I{JPy0jjxPa9B<Ye*Z>AR0^?(<U^8Hl?Ao84aV&X$#tt
zwxZ!Qg0`lSG>S&k7#d64&^X$b#-ki7kM9`(#|43ZuRMP7`Kdg|MZ+f6WnI(@R=)7B
zusp|wAf>Q<j$`e!^2{O<TvR>|`nT;D_MhW^+5ca*U)X>A&V(9@_P-r{x&N&FUzY#v
z{{Pfr1i$s)pDX{erhkWO!L|5@)kbiIo3VJ2`fI|XM*o`H{`YGs+Mi#C|F~z&`kz_+
zqkLoWe^&k<mHu_!ulvs8?P&+vk#?e;X&0J66KPl4jV4jH(pF*V?lhV9pgn0XnnHWi
zRN9C3rD?PuO{e{72F;`c=s-G%X3@cP2pvj?(cyFi9Z5&g(R2(QOCz{(bUd9vC(=oD
zGMz%F(rNT9I-Sm-GwCe)HhqWArgP|AI*-n$3+O_+h%Tl}=u*0jE~hK#O1g@!rrFd^
z*U+_e9d*$4bOYT;H_^>>3*Ab$(d~2x-AQ-R-86^pp?m2*x}P4P2k9Yt7;Urd2t7*Q
zrN`)TdV-#$r|4;VhMuMG(R1`Xy+AM0OY}0mLa);I={4%4*XalJ1}*xPAQvi+=KjuB
zWbu!}h~IPfzcnqN{`swd-lVr&=holv+HHD=-lg~GefofYNI#+v=_C3veM~>0pVH6h
z6Z$!QO243A(y!>(^c(su{f>T5pV1%akMud^6kZV&qKJx4(JRFiH^p5ku9Q$bl#)tO
zYo(OZia{|do{C8+qm)%%dy!LU@w)QHuTqLi7KX;+FSlRjyo&u-Jn+(c|6TR#vrJL^
zxAjGEzfJq!OZjuXDcY-FhyR}b7q#-T_M((uhc7MuNEMbS`g||6!Y!yjZGTkie<q!c
z!Jiw4|CxUM|IiAX7yrBa`RhADU(W5Ke*O6#zO3VqRnf8V#}>br!}|1l>4j<kDDRI;
z{cq(I`S<T1{(6r5)$zZR2Yx;qisn;c|5#3;dik0DGUw;z3N_0sv@FUiwEj64=Kt0H
z{JYlo(r>?1f7ky0wqHdf`OE(Qd_;e)i>!*~K~enI;cwe1OewPaqx^qYdQrPY;qSFm
zl*hu~%l}u>eqQ&#T0bk#M(ywX_eZ|^`CR(zb*ta~=JETfe|_t(YJBN|qO;21J^Z6%
z=pXf)m3g_Rg*E(foaOwsm6!H^R{grYpO=5x&hMxGetwbd%iN#uUt#Xg^O!Cw^ZU7f
z{rU5c&L{ub>HpJy`t>OO_v62JzxdB<d-+C)SL#2}13w?j|Bn8j-{)WU@_)YlS1tZk
z9$+K+SJm~Zo>w0DPxZhr&uG7l{ip8JtA78dc;J`w?a#){iloR2RTRb7Q&qeai&9SU
z^Ym7Hl=4bN&kBmK;-^$pDk+r}P4QO(lq!l<u_;|Wt18u$K&84;L#e6MQfe!8lpday
zJS%(l^sKAYQ+gTeE1G8mrJ>SD336@0N@Jyo5~4I!LX~Dpn9^Knp|n(5Dd9?l(prgB
zqLgTCDV{M(tkOn_Qvy8OD)CA?g?P4CIw&2LPD*E`i;|!uDqWRsN|MrDNmhC&J(XTc
ziqcz2Rr)A>l{BTFlCJbuGO%ST1C)VEcjF)>OBt*TQHCnRl;O$<rJCnRWt1{n8KaC<
z#wp{K3Ccuek}_GDqD)n$DQ_v$l^M!RWtQ@`@{VFP&Q|6qbFs}+=3`r+EL0XLi<KqH
zQe~O4Tv?&4R8}dgm24%@)2^&h)++0ifu8FWhf>3Hy|O{ssBBVddX_bAR<<Zxm2Jv)
zWrwm;*`@4Oa+E#FUS*%MUpb&0R1PVJl_Sbg<z3~NQp@wWazZ(&oKj9JXOudgXO;Jq
zbIN(;f^t#0q+C{P#u1)Zl&i}7$~DEQTvt9&ZYXs<bCo<LUnx-5dEQiRDYun7%3bB2
za$k9%e5ib+JX9VjA1ecmkCji9PnFM<C(7r_Q{@ZgOXVx&Yo(s&Ipa6Vx5{_Q_sTQn
z2jxfQxiZF+Q+ZWTi7Ki(Rj(FP$9lS{?rL$hgzBM|R7<I)RfB3&JynxB-m{EaR((x<
zU427+Q#GrSDyvjgu&Jt-I?>ajmQ%e|AGN$%LG@L88vWFYY9+O@s;T~Jfclna71gTR
z)T(MVH4xi$&-I?w)f#F|wU%02ZET$BSx2p_hI-ah>#J{iHc%U?Ej$~kL29tt7+VuH
zL~W{us?F3ewYl0tZK<|W!_^42wHm2LsnKeT8mqQZ<J7ilyxLA}uXa#7s-4tG&(3NW
zH9<{OyQ<yPB(=MmtoBfQs=d?{wYQq8_EG04ebqFzpPH`rS2NU1b$~ih9i(QdgViC%
zA?i?dm^xe?p^j8zJV&Xc)iLT=b(}h0ouE!sC#jRwDe6>pn);SHU7exMRA;GgtM8}{
zjI-4_>Rff6I$vF&&huQTE>ah(OVp+6GIhDSLS3n@Qdg_ls$E^9u2t8m4t2e{LEWe>
z_FUq*N!_e&QManw)a~jHb*H*Z-L2-Rd(^$^QqO(re)WKQP(7p`R*$Gh)pyln>T&gi
zdQv^5o>tGOXVv%AbLx5Zf_hQCq+V99s8`kZ)oZF#y{@kIT<!URdPB`s^VEE`K)tEn
zQg5qw)NIeY>OJ+o`au0q{YZVNK2kqcAFH3JpQ@j!Pt?!Vr|K8#m+DvQpFP*Svj6*e
z;P3e<_xJPD|KT3#|CN3F!R<eL`&ah;|3cYG!mI87vIqXz9Cb6k+Wvp_z)y37=LC*$
zBB#S!GK+C;oI6(>4+eX1CAm^uY0khIIZw{SmEp>AuW_$)SVxJ&`=mHLC&($B%6V}X
zt{msh`EcdA3Y;(J$5rGiag{lZ^XCG%Dx8(GaaFl$T;QMHs{iQ{f4+@>y+n<ldRY_x
zsm0ai>Tq?rdR%?30oRag#07D|Tw|`uUlt4Dn*M4F<^Jr}j0@wM<FSyIxOpNRw<omb
zBDp9onv206#By!8IIb-h&$Z*)a~-&jTqmwG*M&>q61lEiH!g|m&Lwj_xSm`uE`{sO
zrJ@Ym`fz=@G^GA|>-STBSuXuIdB3z}we<fdHoq+K`!QBe2AAooX#h9yPtKu1FYL3p
z!GA$-hM>No+_2xNY54D?{dSK=a3i@<+-PnLH<la6jprud`10c>z9>71o6Jq&roM<z
z<KE(?yJ9oAncOU>x4Cz?+1wm%E;o;x&n@5<a*Mdd+>#e1{`Di^RSiWRSo&i26s7z+
zT*fW`r#3IktoReQFH14C^2PZ6dQPq4R&&`u%l&1!KZ@CZR^rz+zKXx{z$*{D^1v$(
zyz;;+54`fgD-XQ#z$*{D^1v$(yz;;+54`fgD-XQ#z$*{D^1v$({2e{8hFkmU+V20y
z9{97r9=@{wzvO{+fBM(s|4V!SYG2m<@elijKk4_w5BL3DKd7@G(+6?vXK^oVZp4cd
z3A?ewi{r^Y#C(Yjw|X@33Uo2cVLFK8$W1U$Zh-}I8%)R@up7AxE>7-o_i>AaFL}U)
z!1hBhPd)+*<RRFNJi_e?9Qhc`lgD6zd;)eOpK_n!_60(ous1A_&%r!-3Kqy0U_!nG
zyOFQBZ*WrsN4^E~<U6oHz6ZOJXSm6MCqHmMV*mQ%1_zELAfABy1e8vIMFM))6+KHr
zUJ~+>ke7t?o{0BEyeHy45$^;0zDVnfw7y8|>x#RPOr&KZEfZ;(u*-tZLKp<k@q7X}
zh|?1SrHAq(Iw(KV7*@sjuHeQf=ME)66(c2}ia~jhl29I`2~e8v1~&2`sLRABfkRMN
zStvbJG4eW8F(^OsCX^qP2a%vWNGNKhd@?u`wknh!su;0A6@&66-cY`z87#{4J;1(v
z81}0o-xC~$mMTMuP<rAIrHAq(RiON!ioq|%5H{zkA*B~WfmG*vfm@)?ntTelCHAlm
z-y7T#v3gJ}&4V<6@_^dKHG<m31@qysX~Opbhr^~RlrNMAX$Iv%_6dEs7JLNy(u(g3
zjzC``puk)S5(!m;MDtN79m}VKqfj~y$`{Im#6x+IXr#C2`-7v=$Bs|}lrQNF<qPFO
z5}-Ut3}RjR3~&r$Nl+dnnU94>dh(gzShSx4B|_;*DwH0oIOz*j9I6EA2UP;fkMxJ~
zBXMXclOG6<2L|$4F6Bm^;|3g_4CV)e+rgJZp^8Cykl|41u`q@o$Hxd0`8GnFFqO~a
z<AwIZEWV4-Rp=@75a#oJg>)fPh~Ol$96pf9N`5szQdq-}5jOA>g;=C)Mh_%1S(qYh
z=Xdh6gdBc9--H{+9|sS|%o@(O#K@fj_rk3{y>PTO=gwj@df|4TUO09=$T`ed4~(-1
zxqxx@fX6+^CA8*&J@g<~P`?Msg*V>kpMi6+FHR^P%7c6W#d0~43&oLlVNt-}1y>M6
za*Ou`A4lvCe;<604~6vu%t;T-ArJBq<`8Sok32$qe&iu9lE?fb@Gjnie2TsCAiZGG
z1b%#q{TYm#mj-j8X!}dl!IRniLF@_63z$P3Ifj()`Fr5wzz=8<Jq4cg-++U-(u5Zh
zz(Jgm5GW&#q|!tuB!NQ^D+XnRA4(H<p(i*Du@X>5^sqE3Df9*74Njyqlo9i;G%*V4
z;3&jQP)7KxG$|`&f@2YT9m<G#SAo1K^asZPl8^zWLNn}@D)ay^;k||OLJ;PKFZ#re
zb6-*sJ@F;)!()|&ufSIUf8k4T1T3nc{bD2lp0x>8!0|}0CS-w=w0gn<zPlDIjN~T?
zQ-x3=OlTpr5+a1|LY6Q@7$taNE_<Q07iO{-Jnn`0?uEHL8+Q-##6;Y{Iiw%yPjZBT
z$O$2Jxu;|e{5KOh>&Y%|Ho^^LE_frE58gzUg3prG;P=Q{@HuiCoa3r%3)xDxk?mv$
z*-3Vh-DD5hOZJlk<RCdj4wIwgU2=>ZCnv~BatgJ%q2y}t8L|a6>;QJTYT}W?!?Lh<
zZZ37umBOPOPp+ZVC4`q?ah=>Cd8B~cB6r9=@_>9q9+Ai7Q*wmNBj1pf<a6>p8A67V
zVWh0ck=9~a(TzlkQKCu2c|(j5W5qV29%*r6TQOd2C$<;O$mt-y0qc&Ux2Pwb#Ll8s
zw24*4YGR;RU92J26l)=0Pil*G#JXZVvA)<qY$!GogT!F5vDicm5u1vkVly#JY%aDC
zTZ*m3a4`a9^rSj!t&Y~Jp^Y{O>maO!w8qFw5W9*=VzSs%Oc7JXzG6SIznCdzh^5Iu
zgr!NAI7A#Kju1zQQ^aZFbaAHmwm4gyE6x`eii^di;&O4NxLUM}Yek2+LEI#65x0pu
z#9d;JxL4dS9u&`uuc4JA=)a!4D;^h5il?z=!#UA__(klYo*2-h%TR9QD*U7;*RZ#G
za$R&H<%W12{2Gvl8r;b1Kmk1AMsC3uIO4H?B6$Pxdr)q8fvg*O0Kd4AkHinbkHn9_
z{=j4S!;N^u`crsIgmNQKpjcW7@)W8B@kQ)Q_|T1fEmj793qQJ%@5LX)=OV8oIvw71
z?5-=JE2%53GwMvbvbxuGZ|Wo+)u}p*&RbVr=c}uztE}_aRnaBr5_Mg5-E>L1?z&`M
z4_!}PFI|eRw=PxJN7q-Ert7Cm*Y($B=rVN!bOUvRbXmH=x*@uux?#HEx)HjOx>35(
zx-q)3x^cSksAIIwS0AnS)yL?Y0lxZJeREfsfp~`g1kfC~inPPPCBV<Up1T#O29yO}
z16~JYzyg#5Dg#x36Yd9qYwpY4_qneCHUU+O*DGENcnx?Rkb%lTXo)r@LQ6CN;!0Rb
z)GJXAm{sChiQ^>>lsEw#hi>Z8#^a#JRgdE?ypQmR$7$%MB^#6s1)7$OD|x--Y2bXx
zTvu37vQ??7rQR#GwUndOd|-L05~YJn?<(CAhy>aI?SV$6ca-i|IvvO;y|wg6U{vXC
z2)7~Zhj12b76HqFY`_7`K$-G}00ZaG`wRY<4E{QQy?-%(H-C5k;{GN4J^V}hm+~*|
zZ}2zzd-|LF%lMb|f6f1O|2O>K^f&uU{<1&ySNv6fFMo@FIe%||AOG_HzW)CHxrWb7
zPfVYio|?WeeQDBRJ=<b{J5T~B2^fJoKs}%V&=3d)T4Y}^Tr^xVTsB-WTs6FJxMpw~
zt{Xlu+%V)B@(l%sn}%D4+lD)ayM}v)`-TUG4-Fp~9vU7QJ~liyd}8?2@R{L>;d8@N
z!xx4x4PP0)Hhg3F*6^L-2g8qs=Y}BeIBq0v!i8{e;dAiUH}IAdT60mjeK!`j?zR>p
z1%Y-D*vc#vE3iZfu|j7dK}ZsM2}9^&AypVhmkRxaG@-wcAq)~m3l3hUGlZG=94SwD
zB>^0avpi7}!NHt2(Ls4b*+?-c8##e9y1ViK+yoXSly2ZAuqX-T4P_&xp=?mT#0cdJ
z<xfmd{=}2#NLj@M_T+i;IuwsjEr0T+k^~OntVDvc5<fvts8SK!6t$~LcW@{^r7TJ^
zxEW&JN)K=|v{)X>8_JFNLb*ZVQxJ-McMTwwp#t!EY$g6mPw;v4yNdEDxCLNSQe4WL
zRD<$HnvGP4vf=xuH>s)g2G>wTQX5Y>i%7GPx=3TW{-i#XKWT;X4V6@IEA%G_su+|v
zX$<9!Z>jiHR{DU$5etQ4X*LoDWrOl3Euj4IDUI^Vm*A_|g9s=$(h^>ZR9b;s!b{Om
zJZTM!SS1bI8g<4&6~lLkVkBNkcPVeu9?F}vLvK4O?ZHuKr!&%Q_%>0DBq;sC(Xi+W
z1v|bNNmAN_y8y{b0yt5@w|6{cT@2qkijfp00~`a}R48vK8|e#WgYqZ+p#1TT#fS7)
zGQqL%a3+)$%AX8`@+Upe?<}P!xEJq6hA1iEHu&x^Oc?-fgE~h*dE=WfM@A_F!ExBX
zF;F~|8yN?M&s6kc0u=Tdwv(W|Nn6CGD1*RlVKEKL4c};rk?BenxE;Pp&r}A3+rjp2
zDC{r#JsZkKdH@-)ABb-=SwI4JKp26&4}#Tl90lG`?qnsDJ2`@$tX6J=kDzyUC=SY<
ztc7B^ggBrGS*8eN1D*>Ph=9G_q~M=CD2{A_;-K8gHYj%}LUus05_+-=CD?y!-XsTe
z-y6!E?1gfNB4j@lA*a#yLFFO%G}=B4#X-4~qfqWpgdBq+WH;JAfv3v_%y@Tl3Nzjv
z%A1^l^2RqnZ}Ohf*QMOac_?>s1$ACjz5riAotL3FD0gxdisce=4T_MnsPj6WMHk32
z?9~lrId~cNDi4Z-awi2)?ofo>g2KM>-sBFHH|Byjxre#HlskC<<xV!C{71@W@FtXh
z1jRwQlgCgjmyl1P2$VN@0_Ba7<;YWvEC=OHzJy|F?&NDIcPK)>g(Bp8Jj4E6*@ADR
zTSys#CsYUz;CXh0Ji=gv!T3&Uf}RNrUUfshfT!D07@8*{G*5KU!9))oOp2*HV7~*_
z23Q#Z11yZdY@{31*~l^C`FEVx@C-ahOwc?j1I?4N>Mq#qf`u1yEPxkMEr1tlwg7XH
z@1@R#g+=v4emOiL&k=8Ep7=oXq&##msQ?{JeAOJ-=fK(uD;r>ig$=MG*9Oc-zEzzM
z3mcxI=SWpNNzajL&^!r*=1FzvU{V7*nAB7c!u}wv8^J0FXatKOU@6iYsY{U)geUAd
z5{#$pIno#!=YD9MyVYZ`IR=Z?$YC1iEU4DVV=*2voU70Ziv=SVjPKiJ5XQqQ8jSN9
zIGDt#r(kgkd0mi`0CYiK0?-Ay3BX$9cTv~EA^}h9b0iT@>~o|mG*7xg<N6GAFzF5*
zOp?_t=*tdZ7mx!S1daix08R}7axnHGKn_Mf1jxbohX6U40U<yR=0FILgIN#)<X|3z
z0Qmm|p*v6<C;@l?C4o{vX~4^c9E@iOkb@Bo0dg>=AwUjBH3Z1PxP|~Z7}*dY2V)!J
z8eczz6@f}XWk3V`fdHTi(8Yxucp?PIfiFUU9C#xH$bmmXfE;)v1jvC;LVz52B?QPJ
zJrMQ;dI2dwZy*)u1M~&95IrE0H0U(gZy_u#2mi%|04yF%cDn3>5t|9?%{Z1svIWec
z#CXyV3Vz@)v$<gW7Z^-3V4s1yb|HNiN^L~A5#cV>bsTvt%)#-*k#uz;>5t=qgZ(6u
z2^B&PVyq8hj1OXLF&==3|M=L*x`AgP3`U&gxq;`y;sTBUkz53GWPm!E3{-za9Y3Ou
zA5q6KSR6zC8RWA64mq+J|5ciRGKdEwo!PLuR>Sh9x*E2(z#JK@zD0(p%VBp<U4ygH
zIMRh1ivAD9zMVo(PoWRz5S~ML3gy2-9t(4DJaJ@@I+bK$7IUzlPKH5+knOmJT80Q-
z#LM92#Z@B#+{>-1SJ778t7x-u7L?GDh8){itRbd!k)4$b<f?NuxSFoV(JFJE<?3_n
zp}Z*9Rn97Sj4Oew0^OL~40MI=>*7pq2EQ2(mxUu9$wlMguo!&bYzc0KYba}RjRbj?
z3%ZNCOS;RtrnvsomV28lBgS&<s&7r#Ro~j^2aDNUkNq|As>W4CtePvWx=UB**mYs{
zXdh!{TLZmi%ycbRZY@_zE$jhHVd-g>FfNSi=i)Ff9bp@;zoiYA0fcdxE)L@cSP0UY
zWf(UQHf^~<mbP3L5XKF5aTqtmGSo86GTbu4^79{K2XF(po-W|(=1(EZAB2rD(_<}G
z^rRX$!%~aP0^R{G09SxZ04Z0CxB(>qZ=gI-xm?i}P_AgJhxEok2+$0u&($Ic2wMU5
zpc??)pp$@fpg%AG7zhjoh5)01F~E3W0<Z#D1FQucz))ZqFcX*sYz4Lf+kqW`o7LS~
zI7aN6eN}*s5xa8F#)ORp8&Br@+Q_wH{@5^s{Gb_Eb8(=HtGl>{i)*^LmWykHiL0FT
zg<^FSrm=bo6|1XIvHA)XtFutCdJ7e+yHK(E3sq4YtcMlR!vORz0KE&qo&;b|0<b3m
z*pmS4NdWdF05(<^Gh4RbjF~;#cgCy?+keKa9P<HVR+hCAfIUh;TYh*Pl5tlTcXM%)
zi@Uox*~L9v+|$LqT%6+K-Y!mcaUU1=b#a=D`?)yX#r<8J;o?je4{-577Y}lAmWv02
zFZf*ax#V-%=Zeo&pZ9&P`8a*9`+VSY!zb4#&nMrfz~`pVEuU!aw$B}(yFT}P?)yCO
ziRV7_`N)TGMYFUHR|k)-zTEOE)go5Srd8FdX@OdGt%g=ptEJV}>S%SfdRl$0f!0uK
zqy=fgT4Sw=7NRxPLbYaEnATitp|#XnY2jLg)>@0yqO@o&MvK+jXmMIwEnaJ<wbwdm
z9kotcXDvZX5r)xWLJzH%)?4eZ4bU12jf7F!7;T(3L7Sva(WYtBwVB%6+H7sEHeXw)
zE!LK5%e9r-YR#^#)g0OeZIiY|+otW%c4;}<UTwd2P&=$0)sAT=v{Tv{?LF<hc2T>m
zUDd8>*R>m3o>rjU((Y&<YoBOOwFLk7QkE{|!u`T)gf|S24<8pkHGEn4p74f|Ns%d$
zqa)`;IwEgIeu-yf7e;*>RW{ljT`M{$x<ho&=+V(TqfbWPiN1zc3_WTq#21e*8}A$6
zKfZPQk?p@}U%ErN4z)V;>CmskjgI#^KI!;l$MjBvJB{e{MW-J-mFR5h+`4l@=l-3K
zc6Ljwk=P=!N>X6bgrvDitCDh(ZYJGJ`mDQKvR|@SN@7Y@%C?j<DOXZ%q?GPmrgvcP
zl(b6eHPY**H%t#rk56x(zCL|y|4IFGGwx@+k*Q|-Wm+?*WX{SQFksk#jROu2_+-G1
zfwu=f9atx8ch-TdjKOCHe>=GU&~Jv;7!f&Q@`(K-_>mqXJx5j>Ib!6bk#|Nt9QAb6
zvr!(SrP1o>KBLn|4;tNSe9HJn6I)K~I&t`<DU&YYdDEIxn@)|LI%w+RsokcfP1`oj
z@z&|L7Ea$heaG~fGs0#bpLurX#hC+VkDM*f**Pa?&WCd%=XRQ#IJf8AGjku$eL9z)
zw`Sgrc?I+4%%4Ah{roixoC^vTlwVk7Vbz887Peb>Z&Buw5ldDt*}LTElJ}NeT=MOb
zAC{C_YFg^GwC>X8OQV)fTe@iJvZbEZCeb0$Ev)mct$+w15{L$3fjA%@Xb*G*Is*wn
zH=sMv1L*6*0&6<Lbn60ZCc;dFgAfivI0WGkgiR58aSRKri=ii4CtDo|HvpS}Ex<Nl
z2e1ps0rmp>frG$d;9cN2a1uE0!UF3hgqKkNRfJa&IuSY%-avQ*VK%}~fzN;^z~{gZ
zz&6yv8F}M6qhMTb++ZX|(Wo<SHf}L)HEuI*H|{W+je27-ywkyAbjK^7OBg+jC5@$w
zrHuxo(dcPRFeVzi8oL>jjNOgN#vaC=#$Lu0V{c=sv5&E@G0oV|m~QNE%rIseyBNzD
z%NkD@Pa4k}&lxWpuNki!Wn-SPz(|dX(aTuQ=xy{hRy0;NYDRx!fU%0Ps<DQ#kulWR
z()h&qxiQYz));RbYaC~sXq;)BWqilD#JJq(9)6=u@o@j}65&-d-wfx&E5=*n{P2=$
zb}kiMOkAvUvEIeST<q@R5-#>|aVZy<cCo?5Mi+a6+2;d?y)9J23q@Wi-3z6Ep^Cjw
z?k`k{7s}&>D)mB@exVF6l<|dP{x0l+2mD(RuUGKnO2FqH@V^6b-A{2(S1x)S&ipXd
z#qKV?(T1hG<I<^-OcR$*ap{gO9Td&d-I5unq%jWc&DhVCa&acpY8>NxNsKG?VC?S7
zZIH!u$r#32>5P|8W!%w~zCDWRJFZrSx@@|)cclzq%ttUj;j)i$^&!<&%IHdeIEv*y
z1xLgV?KFKzYuC5Qs`xCe>e|>h!$5$2E35(31Zn}b@p)_o*yl34hk$K?Ky}x6vXNwC
z$VQKi8yhh;R&12m_^^>-W5Py*jRPA2kz=X5j2t{qI5rX`FvCkAd?!3Ll7x2*uhhdm
zxj|ORn5^{WQ#)pDk8)<!%<MU%Qe;~6hrM<4j1luAyQbXl_%yn1^xXE{+us?$N1T`%
z6D`MAL(i+B=he{jYUp_&dd|K>vHfCwE_|4peb;3#iKq$G0%~Jl*h?|olB)vMfIy%+
zPy?t5)B<V)?Ar=sX3PBMmfQ?4Ur53o8I0SwzMD7UR#;cze6hy54ritfI4f<zSz-sy
zMmabW?Z;W@FwQ{7ao#v>J!3s<eb0IhXQ4|t>o{?y$+s3*Z(46zZ(HwL?^{2#eq?=U
zePsRE`WR=Q&v54X+<G^BY79Xe7p>1w2UCwwcDYMEwSHh-f$bU62)7FLKecW~Z=Ryf
zZ0lNtBDV(p*aVAHuvml80jxt#4)__`cEJ82@*HUUsH+7BT7QVV^$4GWpQ4u=5pG2N
z&tSR1de4<lxQ%G{5YjflQbhV=wEhw5)VcI6<eY>>Va}(n+6(hVt}s05>ft8X>_aae
zqwY=MXYkP$a1Q+V2wvL;ork;~uwk|$6x&1Ad&2EPU)Wynb)_*r>FQIC^#sP?6zo|m
zr{VQ;t{$96E$^ZZ=FdWFrrt$O7Z85zs{aann&ayG6<3Q_(1**e9OilEC+5wo)|Du6
z5_P?glwDRkEUqG#dEJR}2a)>-BeWklgAsQk_AWH@{Rha~ZM_aYh??@yC)V#=Se(SH
zc#8dfiZ*VzYGC{nR{5^|e~i&s1-pE-c^>=-Es4l`iXJ?0*%cs#ja&gdBXW${o;|`W
zTaQ{8GmkJ;I6ij~p2GZNHutgTEbpPqSC3HkBcxtI9^oE=-$(3Y_+8{ahTTc)R&e3S
zTDhDw8&DOf1_T1tff_(fpcYUYV8;|=X3LH##>}1_wTxLA_8$OaR*wA#z?hX~{{b*A
zY=@O)XDG(3Y!AFhB>{ICB;Y^eSp0vGfaA0;j?y&zm(UF_N@3XQ;%)eUG?we%$&l#Z
zeQJzveAkpx-S_q;I5U^-Y>sG<m4+Jn0Q*P~$^_v>D?xZ&OECTq55^q~!Kg0*_hS&G
z7pgS;XWj?chhIzfkz|xfMqV<0CmM{9aVr<IUycUjJj{3>F<DYMlcgJw0(3{IKEOVb
z3Qk4MsVG~hx4L3m5!>oYV=9%~=1Se>Qp}R6vgP`tUxndTmp@Wm+{(qFE>3rONrZQp
zw^#|?&-7OKt3P_uA3f=hn))N&2JtqCw?VuOde8>@!~7bD^f;u)Aw3T1aY$$3TKodD
zmJrk*fSdq$tRMQywr=QMW3<V<(-@-@fE4D_EWFYt0e)$X|MPJ-k!x#(nlj+$RG<&g
z7iD_mT0knsHWhX(r!TlQ$`SOYu&vgJv%O_kThehAWdM4Vh~Abh$3~K|4WGkRfoeb?
zP#vfN)C6h)wE;Fu88cfpOBpkJHcJ_^GHjMIX64u{Wz5R5S<1Mu9afgjQpT(-`^06;
z%Cb*g#;h#+<Yj$gW!b0iy`*G#q&F9o-8efWJ2X2iyH$2Xc4T&Rc5HTBc6@gG?2g%;
zvlFtrW+!DQXZOrb$xh84l|3eVT=s<QN!e4fr)5vio|*l2_U!Dr+4Hj(W_#Pq+kNd7
z?Un8R_A2&j_UiVU_S*Kk_WJgQ_8@y>dx$;M9%gT0Z)K0LN7|$9vGzE7yuH1>qrI~|
z!QR!LWKXvDw5Qlp?S1Wo?L+NZbcB7BeT;paeS&?eeWv|w`&|2c`$GF-`%?RI`%3$2
zyWPIl-dk8AOc0_SJM6pcIrhEw{q}?Q!}g>0ckFM`llIg0i}q{w>-Mkg75JKtD91Em
znQ6Icg=wW}m1(sp+hjMbF|9SNGdWD_O&d%bO`A-cO<PP`P1{V{O*>3GO}k9HO*y7L
zroE<prv0V^rh}$Kro*NqrlY2JO~*{fO(#qzO{Yw!O=nDJP4Ah`na-Oom@b+wnJ$~I
zn68@MH(fJ1P1j8ym~NPIO?jq#Q-SHG>6YoX>5l2H>7MDn>4E7((?_O<rbniaO^;2V
zm_9W%oBBoflT$DDsTzJSIx>DjY_s^U5_%38H=^PAJrll}IDLlDOG>?-mfyer*j_WA
z%pV<|87-zr>Hg!DC9OL?>igcfZj(+WI!CD!Pj`AfxmW75^m8-DN9>Bsk9xP;<z9yL
z2LtruJB<HyTGhFI7k;;R>Yx!>%Z8mABfkCq<bt+h=PpBsk4#KIJ?O~Puje@1CU!9O
z`XIG*-zvju4sS8%Qq+`@xshih<-rGrJsFcZXXKRgi9b%R9sZ!bXO{{6(=uO={(jKG
zh_#(dhM(;{D5>1AqtTt(@&m)huA96kWn%9i6Yq^))-@?}V|dTVQ<0;3JQ&({^rgw?
zXMPzK9P@FfV@W^ut(3K4cCQ6<mz-O2y!*hE#OWEGX5hxv1>L;+hV`42aXRaZVSPtd
znEuIF?-|YCem!bs)c%;0X-6iW>hxvjAze47G#HxM|8DrVZT57OyKL>>Gh@MsrXvGq
zeKn`q+&AV;iP)I6edg{tx4MiE|Dg3J?HhKOpLDKY@PKDyht8PTJz&nHs3FNulY>$h
z^>NRL&rBI)7}jZCK;ob|m0Q2r@nLGE=~Fs4NqD`-_&F7$O2;I1Fm(@4Uen`VZ+*t?
z%&ZaTC*GQPdrrgXJ$-1*g?{rgz8kl4PTZoUOXen@N&Rq?*N|C552epfYdhsoc#Sc2
zqKZXjce<ST{?KvlmDKIs>rQVq=W?e;k%wa2waw_BA6cpY=>he!I%OqgP0wmG_rOrk
z@!w3YHRFdFpU!(W&u{+r#rZRK&Dj|7pmnRrQ&D%LBBK|_>f7{a)2Qv5w%t0s)1^nk
zTM3^hL?qo#n%R9^kAbP?KIQuM=~p?uT*k~nVOh<xT4%M%nwIreR-?hA1|J&YK0Ii6
zI&N2aJSuB++*re;Ig|J)wWnO3>NaiX^gDB&&#gNzvrB8|C;4xTt`NQ>vPa~|h>*yU
zktd?Qi;9h%AA37?TiYh_G4YA*{MujYbiGs0&Ko*AyM!mWC3Hy$OnkSi+%2kGn<Oc@
zP4bOCXZk2<_JP&YH>LN>&}Y`ga^mWM8w0)=(0pK{foBJ889ZcY`(X`6M2-1$OxA>;
zN#iFSoP1{T<H?h!)S8|?WB$wmvxd&OF}DO>rrg}wJh!>CNp4H$)q=%!-)L03QH(Pz
zKhAj}x3lwde&eNYE$xmMmvzTkyF1QlMT+SWd<M?c8C(YL*vY^>IT^U0XShqJ>aOdy
z>ps`*(%sfw(cRGH>hg3S>K^Jo(j5kl=)%4~3>?v2fW-yfZeSm-jqk(N@qM^Hz7J*g
z>8=9r15V&N@BwfG$OZC&o4_sL4saK^4?F-q1U>>D0#|i8sP`bs9fZw6w3Dmrryrsp
zt{<r%tRJDz(y!8I>&NQH=*R0P=%?wY>fh2&)X&q;)UVZV(r?pm(eKgk)gQt=L<evW
z(PjMx+*x#7e^NhCe@1^ye@cHrAEvK>yN@d1PNNFA^QZ#yE5M=xY$_nP0`kv-HNYPT
z0h;Um5cfmePagn;0AWCLeI=w<LV6{nS3-Ivq*p?EWu#X|yfWgI5!Ya&A<ozzVF1Da
zr~v3{(AA);Ayy6X>d@5@)<Aj<=o(0`fp|^mnh0wFwUJjFVI72Z5C$O(LVgfzgIw`2
zgw6HANDD?h82t!FyfOB?F>D(ny)kSX>ze=}Kp4;*F%9qs0)P-83}_Bj*n8IV5Z4w4
zZmw^N^ro<Hiu9&PX$t$MNDoDNDB_`rha%2A&>VKnVaIA~j&zo4)u-ugKp5b~wbVy~
zTe&#g#St!U?czw-RDg8_eN~_-{BHxQ0!`s_8&DN!3V+*xssQVeFW3fD1z68)KvkeA
z>IeWrQ9cyqLg90^&!NZ(#g+z}P}C8MF$vWNqNYHEjr6Qvjr6Qvjr6QvHPQE)u&s@-
zHo`gx>maO#uo}WZgn<bC5wiW)5Heo`AY{I%j<7ny8VGA33`A}qECZ1nh~8EMssl9u
zUwsSol#K+NbA>aHX*MQo_OTQ;#~8C2#x$F4to0Do&t@5$YitfOW+}{uF-vD7%VuBU
z{9}8}%CR1?ez7_kvzf{EhRsVhD_ISU3pMiuYnjc?LT3J8nlbYa>j|5uY*w<ejM+?M
zZ82uEkk!xTBAboOlFdbyUvw0)63mkIo29cBi}sn>vy=dg7YiA)naS)Jvl+_l88clt
zk6Eu+eeBp~<HG!0$n1zNOkrcje9O|AJ*$O{D65lc=1*qBe8@b;nE9&kxMIxg3y%X<
zj%k*{T4l#7W7b3FL#El0S$K@GzOz0spRl8~a1WU!^9ZYfF+1|vxr(K;o)ng4bF2x@
zg~2W+oG(H)&zWirYa3LdcdI}#Th=;$*+d=95F=b|FgqFu*9>WFFPK%B-srLp!!cV_
zr`HQxuNSt(I5vu2E@pPD9vjZFOlur(6|8k!zv;eaecf8YtGrhkFOyeiZU|l@S;kt{
zYOoru#jPc*9@di9Qr6Pe_IOEW121p9e6<qik5`X2z-v2wxbj>h{6^dY$7BoFd4!!s
zytr`J@#@7zxQ<vauC?o!_2SsE%g!`W2&42CeL20i-bY^^X9HjOqasF^oxj=HxeCru
zHk>c2VKl2_ENkNITN`sY2;OApPBx1|;UzXQ<p6J>Jm9M@$NA#7=Ah@n&l^8)@;u~u
z)90bjn>`PE-u!us=PjSNdLI5f;(6=mk<X)^M?a5w9{aq_^SI}2pT|FM_q-Ecp*frz
zS8;sB?{WQOrFAu~b*#1C!F8YqxK6;XPRz$O^KLeqt*Wh>EznloR>M})R?Ak~R>xM?
zR?k-7*1*=#*2orQ3$``3HL-=*n%Y8b&1_+|=C&5LmbO;5a9f0}wJp*XWsA1O*kWyM
zY;m@>ws>1RTYFmvTSr?bTW4DrTY@do*44HGFIQa8ZNf_wS95E<gz_^iGcB_$Z(Ej?
zKU1D}`sMP@ia;fxGN1weKmbq$umU!qDo_mw1gZlyfSN!ppf*qks0-8s>H`gchCm}A
z2nYrm15JPspeYavGy}qb=0FReCC~~82O<C`a2@ynxB=t>c|bl;0Ney_0k?rWz+K=T
za36R8d<c95JOmyA9|MnpPk>K>&wwYu=fG3o3*bxOE8uJ38{k{uJK%d@ZXWNP2h0Z+
z01JUdz+zwtuoPGZEC*HstAN!&Hed(V0BeDDfCE?$YydU_n}E&07GN8&9oPZv1a<+t
zfgE5jurKd|a8Z~qtQ5LCRtu|ynY69YNmwg%6B31m!XhDA7%Qw3970W}Sn!s;4?<nR
zTVQ>`0AZjo7|N|+xUfdZ7Lpxyp`SKgST3v(<_U-R!~7Axrn7iKO{Y>ooQHCW^DuA(
zI10QA90QI6CxDZ{Dd0441~?162b=@W0~dgcz$M@^a0R#uyboLhoWOP91K<Xb3*-U$
zKml+QxCPt>?f`dzd%%6*0q`O45%3Ur1bhrU20j5k1wI3w0H5cI&iTL|VBt^U>YqYe
zp6K)is{Ry)7KqLU01M*^bk3Yy9m*Akn|})TBix;*!<Zr673$$DJ$$8yuk`Sh9=_7U
zS9<tL4`1owD?NOrhp+VTl^(v*!&iFvN)KP@;VV6SrH8Nd@Rc6E(!*DJ_(~67>ESCq
ze5Hr4^zfA)zS6^2diY8YU+JCI^Yl(@p5*M3FF6x{M4&6s4M+mI1Ia)SpeN7^NCA2S
zsX!l~FOUZG1JZ&1Kn9Qr3;+fKgMchxFfard3Je2=10(VSopE`A&Lp7iPhn?-eE=5r
z{V7cQDeU)Cn2s<9VCDAw6z)aH%I*6pWN}uW#rx*j_?p5@GK;)}d$8u<p2YcN0a-{E
zk;P;Q?p#_<z96eeHnEd6q*ytj+?V7c`HWm8PssZum(+2V%d6w`27G|>Kn1`T@B=CW
zm4M2C2KWO3Ko!6W*np})H6ReE4%7f@0=0nJKpmhiP!FgNGyoa`jesB^7-*c=N55R(
zSI_R#uyPu%VrjT`rs3+BhHGCMu6${@?xo?XmxgOz8m@S0_>C&ab^k=LiyOPRiHk#A
z+|<RPE^g-HFc&v>aSIo>ba5*ehr2k!#jRZ&>Eb9CN4q%2#j!4K<Kj3Mw{>y6i`#+A
zSfjbJR`&YvINX8N3|A4Op`)>}tBmYL-Hmark)a6?1#Zp_v9`dk1>3A~?axM^u$trV
zOj;H0)!ovsRn*kZ(;_z~(Wu~IYo~tJwsuUJzOxf!yEdOutZQ`QsI0+*-C{=esg{`@
zwKKNW%raIjxvaH})jgc?R2NTb&vZ^2<LE@j*9I`oi((v?RMtAT^QY1E!)t{Hg*U={
z=n}CvLTEj>_59Z7TQ3O=a@NU@iR>0RFfzy~=j8+@BW#g3H*!_v+3@v|-JAt^B&r~=
zZdB8#fl+0v>!S71VbSfP`$rFp9uXbv)bi8PPDd9&buD-l{Ull+vm~ZgOtY9CF)L!e
ziZR4S$99b!8|#SO7JDT2wYb;gBHLuN`K0Z+xG&;Lww)4JwXLn~`nDlB*L~jh>$dv%
za`B1rA<i}VA<l>SAID4WeA_wWySMwK#<Lo3?Hjaj>O7fuw7s+aQ>Zrzp10R`i0(Y9
zW|t0!I!x;j>b#rRxMQgEeqNuBDIJG)yw&k`$11gc=;+s}ey5(D5^FVcj>#KZYjdY<
zopyHW;ha^_%xNp&N0;k-qE<`i?)<jS5AqT_r*ytkYeDDtI$!JjZRb&4>eQBNhdHn0
zpXkyop=HA0gslmy5;i5|Cm0f?#Eywu60an-?%LexQBc3@v&0@<$8^1m*pq^C-Hvr#
z+clt0&u+uJE$%k3Tkkr(lUh29=iW*Brh8cTH|x69y<2Bi<m^Z;c~SQbBd<5MBzH=V
zPHyQuS`b$EyX0}nQ9W8YQ*+<yq4p@#Gq~r<o)3Gj>D9`)GXF-eH|kkZ!kzZqn3V8(
z=_yN7_98YdKh#+wFWmWEet7Q)=f2#7z2EDd-21iE2B|$$2c?cnjc_V?fvHvc^yyQr
z{)s*j&WriqruOL@;p|ip;e4y$c;DJ-QrevQ&C`aZ4NTjR7KHOdNWa!NlP&@~3jESr
zr$;*7@<*o6Mp(Td%2_6NaQ`X&*Ed+*e|Lk>j1C#&GEQem4Sh1B@hzzVcvfyRd@nEz
zh;}Y7h<5HSh{3m@XARwO&F5)u3_h7+oNwmE;B2A{R0mEO*tF4{MzKzs8$Rd`!V3AZ
z&IQ1+{6|?;f|?JG7~IA=G_Q@*p8v^UA-E0tb9~6DA-=(J&XKv7hAs>KaOfSpzdg=5
zzM$(czVV4+!tjvcfsNZb{V<xL`SDQK^9PS;i_f>&Bfc9EkI#~LoCmv%jK?>Vw2>{H
zoeQou-a3+uD$%6Ds2%O%o%Vuw=Z=Dw&bNU@1>)!>(^Hzv96e?9;?dipwv663djIJA
zquV*_70@wV$7~qmJ!b!y2V<hgoE~#_OzxQW*#Gv<l)U!%6ssKaWbD(iuZ`>AJYCRj
zTzjWh&@m(-q`h-XK?i)^rG&H|pFF<j__gCFjxROg_ISSuDHFy|xE6A20zdKFkS-HD
z;&bcT#QcfXn|?QOZ(t|q#@tTM?s*5Ao@lyka%bn7T*uVIQ>AGGr*(E#DF}9oxo4*B
zoA%kXV0<!Oc`LzrDKEkKIPaYqPi7crCO88Mq?xs5U7O{cHFVauZ<l>1(fM7$l-aYx
zcFpeU9GG`M?C6}W9lhsvbB5$~bDHz}G#}9X=G-LA)ve8woO5z3&P&4gvD@>iwWv7X
zKL5!4ALpNI(cNh+Xtd~uMdw;RZkfEe2R_fgY1zZ6%j@ARmEXfTGrvu%AD8HsmR|bW
z(w<H(e;v1nTcRA|4s%DiqujgP3GO6!iaX7n;m&gJap$=6+y(9;cZs{qUE!{B?{iM>
zI`;v0gUjXexO{F9&+!5;@_OElFV1`LrFaAH$(P|@<KN)Tyv!@S7hjI|;r;kZyv7Ic
zRrx@^249P>&DZ7Y^9}hRzA+!dhw@>3bG{`X&bQ{H_!zzo-<EI3ci=nmUHC-48{eJp
z!S~{O^L_X<KAq3t2k=?^5FQgs7|oC6C-77FY5Yw7D}EkdUs%X{3Cs8u{3_ngujAMA
zoA_<~4t_Vkhu_B^;J@aN@$d2{`4jvZ{xts{f1ba{U*@m!*ZAxF4L+a0$=~Mh^7r`<
z`G@?+{3rZp{O9}={tNya{yY8||0CA=5Cl=s3vNPj!9yq|7z9tDjPRQ9hF}(CK@lv1
zk5EDI6DkRs5Fl8EszRVpU8o_{5^4)|h2h!=El6l8G!vQ&EroEQua>H%X`}e@{3L!d
zKb>zUIP4vTxB2z<clc@cb@sXZ9DbucQQKf&#P`t_^Go@mLN{%Mkj)>nujR)H<Ap8u
zjeHYf3%`{Q5q9x!3v-0I!UAEdeY1U;uwK|8Y!o&Ln}sdHR$-g4UDzS)6m|)_g+sz&
z;ihm)xGmff?h0unoeUs@$q(d5@|>(A4m{0!nOq^~iIaRl^2tqdo7^S$$%o`2`Ivk{
zz9l2b*W^3$3{R;VMNd4xTL#alz9znor%&I+GrN)~i&RuZRrC@qVmUmy>m!yID~P_L
zpIA|>gr`U~(O(P@tB9P)i+GG$6h$4L{4FNBiSA-?v4rR$mJ~~grNu5{qS#IBF7^<6
ziM_=>Vw#war*H>|gT%q&P;t08Qk*PK72gtPh_l3Z#5v+Tae=r<Tp}(LSBR^`Y;lda
zPFyc;6gP`o#qHuwakscf+$SCo4~s{|W8w+%lz2vbPdp@E5HE>W#P{)Z?FVA6m@nQG
zZ;N-u`*>RRq4=@*iTIiLx%h?nmH3VLo%l@r5o^5&I#H+Bx#^1QJanaW2A!v_jP5nv
z8#=R2)+stKT{)ePu7b`_S4pSo0(4z;HeFR+HC>>tx~_(<rmmK*wyut@uCAW0zOI3;
zp{|iGNEfVYtZSkR(KXeD>YC}obj@`wbS-tQbm6)PU29#WE=m`zi_yjE+UO?eChBI$
zGv!(G+wwayZWNT~%Jby;@&b9GyhvUwFOiqZ%jD(q3VEfxN?t8z%XWE<yjET(JLL89
z26>~rN!~1Pk+;g*<n8hfd8fQf-Yw_Id*uD{0r{Yu=IG~0cl38;I5Hgr90MJL99fRR
zjv<brj$w}BjuDQLj!}-$jxmn0j&Y9hjtP#5j!BNmjwz0*4&2P>nC_V2nCY11c-!%g
zW42?CW3FSKW4>d7W1(Y_W3gk2W2s}AW4U96W2Ix2W3?mOVRx)?taYq&I2`L88yp)Q
zn;e@RTO3;*+Z@{+I~+S5yBxb6IgUM!y^ej3{f+~UgN|=Z-<rNNeQ$bZ`oYvZo1;7>
zRHQnpr^Tonb*IH?3F<*h(o(cEHBck<q$XO1mZfjdH>sIQRG}*Mq83_?dQ%@-f%;NE
zT9H<wm8nMkX#lN4t<*-V(rPr2R;M*+O<IfArgdmtT94MJ4QNB!hz8MM+L$(>A+#wC
zrOjv<ZBARzmb4WOrxCO@jigaDn#Ryr+J?r_wlto$qwQ%2+L3mmooN@EKoe<K+KndB
z?lhV9pgn0XnnHWiRN9C3rD?PuO{e{72E|W0bRZo>huH_yp|q<uoQ|L)=_opyj-g}e
zcshYjq?71mI)zT9)97*gbUK61qHoi8=xjQN&ZYC{e7b-xq>Jccx`ZyJ%jj~tg07^i
z=xUlx?Q{)YOV?2cT~9aAjdT;;Ot;XjbQ|4HchH@57u`*B=pMS4?xXwZ0eTQ?772=|
z=oL4mxZ<IdQVfcxQbu`Ac|$Q{9b5$~;FiPMw-vDJZ6&OD8-Uert74to8d&4D4%W48
zfc0#Hv5sw1tYO<6>(_>3?b;|M1}oOK#agu;uu5$gtWetxtJC(t%Cx<)Ds388q|Lxu
zw1cn;?NF>hI}&Tpj>WpO6S3y(RIE2U18dE`<632wtued6wZ3ct$JUo!fwg6`v8wDk
zWj$7s-Ha7vw`29#-B>wxA6AV$gcW1oRgPn&*we~ctPpzvtHWNws<2M12%C$wU~gg-
z*t=K(_Cu`x`Z3mh{S0fqeu4E~zri}M&#=bpuUB*Z`P!|&T%olJo)xRDvQ=2w8mw#u
z)}ODo+8R%9MPX&t7_6+?M(vCzuztRdYG2nXrA2Fzvb9FPQNMMqDEgiH{cl!F9jX3u
zHPynkQeUo=`f@eZ!nIU?xl-z;->js{R!QBe?!&67Y|YedSReH))<<QlqaJmwe|ib)
zp|Z75*(#@O-P5~R=aj8_`nmcHE1Z6%evOq*`+1G<n&CCmYnIpBUhjC#_L}20*K3~F
ze6Iyw3%wS336^4(;+7H?4@*f)DNAXK!D6&{T1=L*mNzYCi)4{4)Z%0DvuGB7OBIXN
zVzX4U1X^la>RIYr8dw@yLM%-!p_XQrFiTZS7fXUA(bCn@&5~s4Zb`QEu=KR_vZPpg
zTT(53EPX9wEIWO6`Rw+|@!8|E*Jq#4exCzA2Yn9t9QHZlbJXWupJP79eNOnC^f~2o
z+UJbVS)ccO&iS18;WS<oG@^-`4nH0g)7&(7t+-Y~^Uz9arL@wTK{INenn^38mDOI;
zUf15x-qg&Rq{$l96iwB<G>cYF^VWQ{@>&JWSM$><YL&Fgnx^?{0a_KUi&jTyAS7!&
zwG=H~%g{2lf!ZJ~OB<{W(S~Znw2|6qZLBt4o2X6JrfP3#GqhRSJK7v=p0+?+q%F~w
zX)Cl<TDG=ETc@qpHfo!-t=e{Nr?y+$qwUiUXos{T+Pm6u?WA^EJFA`3E@+puE86>-
zQ~N;6)$+BQ+HLKw_DFlIeXcDtEH|t$tTe1LtTtpD?1nXlwT5*Dhhe>8gJGj#lVP)A
zi(#u_n_;_Qhhe8-mtnUd$FRq+*Rap9-*CWi&~V6b*l@&f)bOt1nBj!sJ;VQF><-}D
zs0u%T-?nV)Mz$4*FrY}0qEn+5OtoOtiV+GFtPr3;fC>dGMl4XUK!AY-h7>3eU_ikE
zaji5!g#uFxPAyV3>eQ-Jt5mHzwd&BSMWXwE4?$oK|Mc_u@#VdH_wK!SmrL4oX~WtB
z)~41TxVCX^)7rz=Hm^NmZF=p|Yg^VHw>Go(#I>z!PhQ)$_O!L_YfoRBUAuDarE9y_
zUcPqK+E1?SS$oae-nG}S&9A*_?dr9+uI*cU``Xv^*Yv-(e?|Wr`s4j??yv3Nr+?r6
zME~3R>-+cbPxim7zoGwt{#5^g{f+&H^f&b%-rwARM1Q*f=>C@e<N7oGC-%4YpWNTp
ze_DTg|LOhN{xkYJ`p@h?tN-l&&i-@y&+Y$se^>u`{TK9K)W5R-(*ExL%lohD@9n?7
zf3*L`{+s$&_utyz*MCR<n*O``3;k>R2m0^tAMSs+e_j9Q`$zg8>tEmh<^Cu7zt+E@
z|9k!4@Bcyn#{R$d&-Opv|BwFK!F>kz9enFxVz6%TZG-iL`wi|t_>RHk;5!H3HTdqq
zhQap?9x(Xc!PMaU1`ixOXs~hc;K4%%4;^e8JZ$jr!S@d~4}M_q!T$8%QG-Vh9y8c7
zc<kVDgPFk-22UJ3X|Q$hgM%jzo-)`rc<NyLVDQYGXXZZRLph$A|IC7Cc6=uG%&VT+
z>6x9M*>lTlw(PZ~X3O4NUc2RWTUKm&{gyXudE=J&mN#vA^Om=4sok>AmVLLpbxUGP
z-Ilj)dHa_7E&FZRf6JVWfuAeSk-6f-g?#@qXXAWXAPc2J7Rh4SPNK3zmdY}zl<j2)
z*->KhD%nYPmgTaG>?*rSmFzCBmOZ3e_LSGiUQ#1_%WLIzG9;gs2joE+mWSkFc|_L9
z=j8M91sRb?<uUo9td}pzm*p!mDv!%o<p~*+ugTZt8&Z;Q%D3d(vO&Hh-<9u4ho66+
zDQC&q(kbW2x$<%8lJn$z$;pLskz6b*<r2A6J|W$5nOrVc$SS!~J}EtNwOk|DO0Qfe
z*Gpb*l$B5FN4n)Qxk6USmGVisN_ymKxkj#)Ub#-Lmm4H6H_A<Nv#gd|<W{*&`s8-G
zLp~*I<W9Lu?v{dlTGmRx49I8X9vPIP+$;CV{W2sE$b&L056Q#wh^&*($>;s-f2E(B
zUm};vC!||0lgs4_StVD>C*>;Xk*nnzxmJ4RI=NnMki6U|H_6SiT5geB<u>V)+vN`V
zl&q0E<u18f3i4@LEB!JcpOJfHP>OP|+$Z<TkbG7i@U!tXa;MxScS}J&Eo-G;2IMnx
zj|@st?v?xGei@R_O4!$fGAs|t!}5r%lh4WL<qI+*kIG~6#fjZEHu%~2d*lFlucYLC
za-bX}jdHLYB8N(o943d$`=wbvAV<iNl9r?7XgNk&<XAaQj+cy_AScR6KdW<(sdJC1
zbC0QWkEwHysdJC1bC0QWkEwHysdJC1bC0QWkEwHysdJC1bC0QWkEwHysdJC1bC0QW
zkEwHysdJC1bC0QWkEwHysdJC1bC0QWkEwHysdJC1bC0QWkEwHysdJC1bC0QWkEwHy
zsdJC1bC0QWkE!!MWS#dR>%0$H=Y7aJ??cvkAF|H-kagaNtn)r(o%bQ@yboFDeaJfR
zL)Lj8vd&MK>bwtG=Y7aJ??cvkAF|H-kagaNtn)r(o%bQ@yboFDeaJfRL)Lj8vd;UE
zb$$X@=Y7aJ??cvYJV+YlU^zq%l_oh%4wv^!vwT2~kRv56N6RtNBFD;ca=c{Z1UXSo
zl2-YkoGhnEo17}A$%mv}J}jrpM<gpBl{4gH(jjNcS#q{?$~khbd|bNZJUL%3kepm7
z7s<u4QZA88<rC5^m&xUFg{+b*<&$!i^vKn6ja)0ea-Cc+H%MM?l$+#cSuMB7t#X_6
z$sO`3xl2ARYvnU?j|@st?vwjvNIokM$b&L056Q#wh^&*($rt2Nc}%`2>*Y)GW%-Ic
zE?<==WK6y$Uzcx4NxmuHl5fif`Hp;7z9-}Ieffd>P&Ues<j3+8nUJ5#&*Vv&l%LBl
z<d-rfzmi|eZ)B7FR(>bHmudNf{89cSo8>9_v;0M7<gfBK`Mb=@)AA2_M#}O}`Il^w
z;HMtXGFRqFMCQvvsgOmoSeD3AStgaTz3d=6N=$Z=on^V~BD>0NQYEjJJ)~Opl-I~!
zQX_lIYvpyaLS8R#kT*(P-Xw39w@9t*Bm2r*B_Vb4HhH_$%YO0>Ny<CrUD6=$kptwt
zl9B`E5IIzu<S;p0-Y?B^gd8bpIZBR}W28lnmE+`i$;b(EqMRhH@<BOSPLVb_RZf!+
zNxOVlPM42JRz50c$j78Z&Xlv{Z0VG9<Xri<bjf*gzFZ(Vxlk^Wi)E!;BA3c1q+2eN
z%jF7LC0EKP<tpistK}NGR(j<+xn6FNyxb@^$<4A_ZjoE%HtCbw<qr9jtdTqAF1cF@
z@@ZKs{W2h*k$YrNigK^qC-=*cd{!Qi2W40ul85CHStp;9&&wBNL>`sL<cqRiz9e6k
zugIu8E?<==WK6y$Uzcx4NxmuHl5fif`Hp;7z9-}Ieffd>P&Ues<j3+8nUJ5#&*Vv&
zl%LBl<d-rfzmi|eZ)B7FR(>bHmudNf{89cSo8>9_v;0M7<gfBK`Mb=@)AA2_M#}O}
z`Il^wz;pB*nJe=oBJ*W|ER+gaB#UJ`iOLdLD$Ar&wwE1bM~TU+WGC5Kmdh@(tL!FK
zvb(%m_K<4XQ(hx`Nsa6+ua(!y3VFS}LEb2Fd6T?Z-XgWKkL)XNm4wvE+vM$1FZ;><
z@(xMLJLO&SZfTJB$N}<RNy+=<KsiVn<zP8P4wWW3Ob(a#OS61Hj*ufIEl0`Ga*VXd
zv2vUoFBv&OPL%NVQLB7VPL@-oO-_~5<U`UfAC}YQBa)Sm${F%8>5wz!EIC^`<s3Oz
zJ}zByo}4ciNKP)4i{xTiDVNBl@(Jmd%j9yoLRQI@@=3W$dgN-kMy{1!xlXQ^8ze6`
z%1v^!td?8kR=G|3<aW73J|%19PPt3&mV$g*2IMnxj|@st?v?xGei@R_$^-JC49i3E
zuskB`<a6?Q`GSndqw<)1QP#_s<ts8OkIPr(2^o{G$=Br@Qj%}Vx8&QhLB1p3mG8;8
zd|!SbKa`E~Bl)pR$WP^G@}x}4&*c~LOPP{i$*<)%vPpg`zmwm~wERK-D1Va8@|65p
z{vtE-SNWU#U1sHJ`G=I{pYku+BEgd$>oQm7Nkrz$0$C^(vPc%ob`q5(vQ(ByrED)d
z$c_?|on&WOF1yICvYS-N?(%BcL#ky@d5!EPHL|z7R$eD7<n{6fd85STP4Z@Wi`2?K
zvah^V67n{AyVT2mvcJ4TlJZV@m%LjV<UMkLyjN24J~>bhl14dL4v|BpNe+|4rCB~8
zN63+qmZRioIYwIKSUFCPmyDbsC(23EDj$@S<rHa?Q{^=IkhIH(<#hRoWaXoBhIGi8
za+aJeopO$xD<79GIZw`)3nV8O%0+UqtdvXSQu%~*%Vl!8Tp_FElX8{x$klR<Tr0hD
zom?+BNM3G~o8)F$Ew{+6a+~zY?Q(~FO4i7oa+lmK1^KkBm3|qJdt^|Ga<AMc_sfuc
zRvwTCWmq1PhvgAjC!dqg%NJxs9+k)Bi?Uw6Bwv<Md0f6KPso^jO};MQ@VkbA%#pb=
zPZr7|*-oOeM3%}jsg&(y2iZ|#@+#R$c9!L`i|i`9NtNvW<o;eW@9#D9{$4Zh?=|!O
zUNi6SHS_)(7sx`XkVUdswv(tVk)^UsDrI}wL3Wgwyh?VGon^V~BD>0NQYE{~t7Q+V
zmOX!(^m;hy^>EVb;iT8YNw0^KUJoa|9!`2aob-A)>Gg2Z?~o<ECQf=yob;MF={0fE
z?~o<EE>3z~ob<Xl>2-0^>*A!}R!DknoZNVjG|Iu!EFX{~<VZ=&QF62#BQ0{Q94E(1
zMoy3u<s@m956a1MinPh8a+-Wd+U3L2A!o{2a<+8JIdZOiT)N~uIbSZ2oLndu$;Gl#
zE|E*+6Vff0$>nl|tdc8#8U%B8oA-|8EkQ7MyC7)z#oS;xIVY(9%iLg^xqr<KYTh{~
zsP>VG32oNTofl-3$Nan6HsuZMQ67oR3x>Je@3808M;Fcurj(0|eIkJJI##{Q_UOD|
zM7gVSUeKgG#&P9Y&T#b(^MX$GB_G*XVC7D>vt#FZLFC<Yf(^@kc7u<A?Avu-;A4w|
z38vUqH804rYxj9Up0#_-3q~2)%ed`V<I|1W*tPe(U_yOrg?^4R-`CFz;_Qr@hwbq<
znV<5?HyfvN%D*`8QEu8tndyD!1=AdUtNGbJUN<j@HOvWm>v?<-^z7$&T$waK^{wxA
zT;)u|yr7%S@1^?M1Fe^G{2=pV^&#e$34(Uku$xJinBnlD_G5FCbz%Cjc|nPp!>wCb
z|9<Oxf^xI<;K~nJ4^A9mJ=lAs@jLG9QB<Be+B$H$WnNHb^|AIp(f&-bjcK-X+J0>r
z+ut)MNS<I`Y&%i^wzr;SeV9Mlc~{?hn*No?KV*K&l^?cFtUaCT*L}pgpJYD%oqL=E
zA5%VHPO$DQ^9<|H)=yY}u6d|mb>6(7sN8+N`LgRm<7LZ5)~PiJa!fIOvGK5lIs3&g
zu^*edt(*GB%d8udtE@LWIKv`iA9P&CxsFrzOI)R2<rO`)zjsd1c&+}GQ@!TP`WwuX
zSx#_(WezcRvi=xni;pjCvVZCp<KpUDt*iRB+l`B@cNiD*cQR~umw7UBxBfU%&`)Yk
z5Ue$B?J5TBue^aduDZuOSsHZxoMPSY)lRwZKKrx&0oSAYF2>(CC)oI){lj*{9%meT
z#Ja1`f8OzxCzw}Gj(GeiH$Lk8bM<59)#iHmqW;*u-hQn3l5uc~1vY%y_?hK2S2OAl
zrwp-%<4kcQGYr0Be@2;Sk;AMUH4jd5h7FH9{%Jw5h6xtg#3^PO`Kt56IE!pzi7lLB
z7b73iA8SINunwH{F`(UC`E}!GH%GXN;~e8OGv6?e_8{2IID?XTFv<*<vy-ct=SCJe
z$x&|N1UtTI9R6@j`?vMO4yM@fUHdcgJ^QnM+&VD-OXCmAzqa4$?o)p>ey)1T_&NC(
z<7fTfv}Z7@Jv*K;-j8@(mmP=Me>x63m|>ndu3?@97CFFC7CFID&amQN)<3I1##zr4
zhuOv{=9t)`KPFjn9rbXA11zd91(Be{4V>aQ%iPG=N6m+E`uiV2inVhhL52x-vYtIm
zvA{--FwJqcbDCL3{7H{4R<VZ(_Ogk6Y~vc{SYVz5EV9T^Zr~JW81ct_md}j@HB2(a
zR<^O5-5g+nC6014rx=@O{|@&PR<V`|*0YICY-1474_nyBF%B~|-@37zQ{1>95=75*
zJ{MXqW)??+Gz;6A4{M|LXYUg06V@+{1QSdxiv%-lXY?%B?~aim$rRJfG0Q4{+9J>7
zPWETVa_h=9yEsp0>vvcCG0!wtGs_~oImAAWbA*!|=M1Mg%Sfl=>}EZ=f=OnW;d)jb
zI4789PI)s^%2idyrCiM-YdFdkoM4<YtYy?6UP`cr>zK9w6jREZm{*SN?s&?}*~u#Q
zu!aS$;0WU!XM)pAh4uFDX5?Jg6Kgok6h}E>yI&s+GRoELWG#DG&jK4b!d6BO@_LDJ
zj&WRlnKKObFdrX^zLII%r<hRotBFCHQRdXIVSy|6biHt#S=*~$qaWppy&PY;hBb|z
zC)mVwHO9vkdpmDz<|sQ@(0-WH%4=S$Ub)Pvu%Fkt9uA%pRIl(jR&Hdh%j5U;&L=zH
z;`m&{ly+5bb$sRag!9K)mYDEoOs2znM$faJj5GB%^JClFjgKpt=Kzb`z;6Af-fbOO
zINbQucb}#|wx8`fI^X!uaeUTxIUlTNCmYzqMi$t_5mujPeym}cwTxY0oQyMnzIEej
zwz20T>+AT9-TG6mUFC7h<|~~?uD?n@Y`oh3Ipez4yg0*72EF#9UjYpYoaHDhu5%qR
z%J?B(k2B3_=9sx&dlp&Z3}=|Uf%a=))uHac!`Age^Lx~F!`b!Lfm2_#e#}2%JvsJG
z$K%YmU5^)8|L-`S{d<4t_{!NIE3<=H#(rYlT+RYFOc*!EIl<;9&6{b)E_Pq|x#M$~
zO=0;L`U%VIX7QK$bG(M%8IN-A_vXcwoZ|Q&jBBO)AFG)8qw9>r%y1n$+4d*b2{&+<
z<1B^c&8`csc*=TQ;&IIyrv7YR+`vvwvWHVFuy)4&OmK=Le>ILvjrVW%=Ma<Zoiz^T
z*~!kQje}h*GRIL42lInzuH&frw$Gg(L_T4CS;f-)`9X>sm|=3^{Ggi+?BjHW{kWME
zEH9cLlo>3ZAH=$yM<%%<YJbMr$)P3lgFJ^><ml4*!FafRd;2r7<NToJGW*3GpY_Zz
z$+B^duF#Ki<LmXqCKefc!~CGc<(%RaBbU3+vWk6gG#(b2<`A=77uOF*SY+dy^}{Ak
zaivdji(KLH%qo`l)eko?&55@f4=35f#yb75iKFbP*AIJH=E#2Lx60#@NzS~({5Z=_
zM&4;WtYDFq9A%6X+{iK~7`xJWc-Q<O!Od*q(0j~_%MWnASj9fZ-a9`S3F|q|_SF1f
zhFL~GY2Dv9KZvuQDaH?+AGEQSIZia{hv|do2g7V(i6fk1^&!T^ZpN;%PK+~lsQ#E?
zhOO*mZ<Bd4&mt3t>5nN+v5{p)54Y|;=D`H3*~ArWW1KlwzTfy5<1njOVhyLbyxDoY
zTK`8{e>O77V%oSk#7?#!H$Nz_<wX03^(R>;u5UH3Yh164bIk{hg9Wy+$Q*~6XX0ez
z2<uO^-W=jIV;{2K*BTFN7;m>etYwBR?Bq)JaDW9?o$fkdoD;0&3>!XTT)pPSID4|j
z#a^~?HFI3UJcn3h;tca+J*U{pGGiUq`#O&sCOOSCE6>soW6U$jBHPa~KNik49u6>i
zy~hXR{&Y;`dFI9D^UYU%nn}(u!&!DRdVzjf%^vMn=3K8_aiQ^Xl*6`f<T$4p^+#!v
z7dftSmPzGVX4!SIb-BTK7-z*w*N6H%ON?D&oz$n;#sa%J%L3DvT5o1J!6B9z{e<<&
zTL&iC!8A+k<ce<dU^j<3$#EtxGfu8%>_(5L9{m|d{A&FuXE=JqoM6qh+Od3{^*VA+
zu>J=9v+qXZWB1MaW$qU1!nWJ=m-ak-yX%MzpE3?6?lcc>zRU4BQgHnrWnI=f9#aG6
z&8mBhmyx1%`ILFz>-a3(XP#@Er~CEG$sy~?(r2~jx(A#eRu3BoS3Tr>-042_u>Lvo
zi1W+Yb;ix|=giM>ieJz_TOKvPqs{X%^W*q>?Ktpd^JC|zdh4=^o$O<ttxxEO`7!-4
z{WZtE$@rMy%C9>vOYCO$8?IB%a-7kU$064+cC+jETjs~yw;hK?_As%*IM~T?wtd(7
zt#;m66*}(v;UwD_|AFi5aOdZT_E#=%v_5S9k?V(JEHnRO^S&hrf}c1pS24>Hd)PSP
zxXk|4ejNRo`Q7UA_oV&UJn6Ws`ML43lWmS$W?s4X7xrh<FYV7Bmbso)w<%9KE)&19
zACtd!TsHp3e#~*4CC-G~e`~)!>%}BDGw*nlzjwW`{twn$edLeU=l#wvJC(<oQ11AX
z{*^~K%qf=GwORk{Vf1#7o2QIN`-VU3Kiuyx_E*1#CFRtNc`J9btUUBr>!w`$H|yT)
ze(`tbJKWBUa^tKrH$3e;aP>bt{%xP;v~v41&i@D8m&&%QA7M(l^`F*Fxxg}O{$<_o
zupaERy>E+l%9~kGUKcC~#@Rb(L6A{D$%w~q``iUVPPxoJuA8?Y809Rd7>{V@apqq?
z1#u2BVZV_D3xX!)&CIf4p?=lZRxAj5l=CcdDlDsCw^V-~FPoMv2x7<h`F7=kAjuqy
z9(O}5ab$-DL7V#Fos5GuyDSK%S+)CupsK}v^VJK26zlg~5OgxPw{dg%8?@&@TzgjS
zv%t^2-AC#c1bO=x-o7B1(SNMo@$Ygzncz4x+7;iS9aBmDu<e}-g0$_^@6w-g<UQtp
z+?>D%-2{ECKFGS+KE^&aHtJvfrh~1^@y<`vf?z~_4=1>qGweIeJnr^5Iov$8A4!`x
zOGg>6{nj0=Uk)F$z|Xy1zb)pgef6>0a}~Qe%L3EK882HnrG4~x#|!IEay+hLtl;s<
z1WRn<2DY)a&G}*ERL5fz$C*EEK@iROxoNxe#J1C|H;e4!@{c$!E3=NnijTTZKCPcK
z%;N;>-9hCwXIe+)hEDTPPM%}@%41#Dhq?3Z&*lrP%ZZ*Ja>mE_h1P*(7CC*9d2z)h
z#;u?7rN(!X>-P%%vifT6*>;Wj*k0tYa<td^WA-}zx4JHFG#<9!q+jiFH*2pvaI5)n
z-R)FAe8+;Iten2nx+=Hd<@|rp@z<(XPWBsza_>FXcdhe0XkC=!_c@;&8?xT&M?dR$
z9C^_G{T`>o)=@dh9yYMR6i3*_3FbJ%RgBti1Dn|TkmKur@~g@xyMCVV_*1{}8;;L>
zNk7bd%X-*8%ZaeO!TA|5p6?h3H-6W+So)rJoE$d}j(^|y+4V!m=c<j??K8?hw$ALF
za6CqS=JCSvlh&EVUpP*<{nw6jkLQKo+K<uA)`8V*;wEM}`;`4z__O`l_7~S3M>xaS
zjCCD!-(;LkOfkz0yV=P;_HgrGolh43Zv1S0T0b0Ttf;?djDxF~;Viq^SGFGqILZy2
z;AYOS@}JiKUgwK7%rMCu(=0H{33jvoU)GV`9Ocv&W#=I>ccJ$sJg(<245Fua9kFm>
zFl~FqqJ=?Hc{594{o;i|nb{=^gT#I2y>wxaRqkB2(EAR~J0t3+SjA0Dw7G687Y1!y
zwf({%&)FRo22Hll?5JPm{7(8&?%i4c%C)=tRIO9PpX=F=oA)q2)~{F?^s(WM#(A3O
zr#CMQQmm|981&e`W}k&Yr*eD3c$C}fs2r)cKco9C3`W&g@4qmZ;F@<B?}z3D6G`)A
z)4P=K_dLU_^2(I`860STW)CtxHa0E{YTD-nYYtu*q&aoS!l0Y8hb|0;x%_bJ7uu}d
zhdmD;LH!n(VsqL!Iee7<*>$vWvB-?}>yNd5L&kCZ!eE9YCpfP9;)&+@S>N}xTA$Oc
z=PA~Q-EEGme)3f7t31|je)?PfVf!(|CjDgD#yorUx2|JhkW*gIJU4Tg4QHA!yIG^(
zJd+&ZsQo6p%v*UAvs`|j^XRxk=Q|$zE-=22c)q#N@wj58^Ty6gjZ6DgpD-`Rx)%nq
z2Rt8K?mA(|75ZiMmDYz@=2`Q}g~15Bt}-tDboDq-S?A+w`?2*J$6@-~g~60|6TSL<
z(Dih^^=3=nI9Yk4{y4@Fj^AWFTz#|thF#CMm@jK@wI4ff(_X(D*6Lq*`JnU6PENCn
zk%v4^S;Hce9AcWo%(9_qKW5m+c9xjs6nhzY*!9RN7MS1wo0z)S@!858v&^%DMdn#z
zfm0k{nMKAP@p!z?`CxFrc`?ciE7{2e^GvbGMvk(H6Kv-UyBS?)ysTmTv*ycMrrFL;
zu4E6pS>P&;a1F;f!fB2%@;T>g*nBz3CPp5zZj7;;%h|^&4zr#mra8q{mf7=&d4Asb
znBp+oILaKym}iMaZsI5->&%mtoMC*#{JvmbOft<3+t|r=_Atu=S8;>|j&q39%zw%G
z9C3Xy!4aleVwM}&&2jc|>dWTE;49|ED9dagbsiseJjU6}Caz%{3(RqVc}_lVJS=mZ
z6<;+TMj3g`yja5qCYfTIjm)x*-CW5&_Ha0?A2TktvmDm5>Wi*_Cb))8EU=C1nd1cW
z+{7X`l&m+$Im21T)*I(H&5u#0Sji0I-?Hv(WDnCUu!SScae_UZVK1X!vi_{$6q5|T
zZJvxW%Sv`L!2(kpVI#-c#A$A3<jeNkV7^?=qQ`#|OYGpV$MFyowr9U%9hmv9bzuB^
z)`3mq)`6?PZ$I~yfgd}ba%94~vYKVqGV)Q+Ym?UHE9T1tS2N8OKQ|xS$9`p9xO}tm
zF!~q$aOm&Gd4}haf0(ECBhT1RIrA^`<;>iQphtZ}q#_t*&-{vDME%r)ieN&yrlKM!
zGqb27m{uQOToF`#%=^I6ilB+*rOKnu+p>xv$<5nWc;D3an10x`yu$mX=C?~l5bf~1
zwQEI?(Qbwb<@_EML7r0wR0LU8r7D7)?bYwA@cyWuYaCb+%y9ET6|QajHC6;QXBx*L
zj?bP$wNpRUWIyGx!?fd?!|kWOtJ(M-_dNRn?bH`I!{CUDAf-Oa3@cf6mi~^c2s)Lg
zm}e?&UD(VL)0|=p%gnLrs~-1Eu!l|TWgCat&Gqc#Xt>>RGDquId3B3*X5v`=aU-jq
zu-?a6Pqs3reZ%qQ#kNdEFwXo56+znev6Jklyy=75DQ`HXB8Z=@|8B=;!_^hRC>#5<
z<M1Qq+v$01)OkN=PEh?d<2u*R1IKB5@B{O(eG~Ic{?K{kYWC^Bz+n!s#P*G@3)cR~
z`5p86lQnGMl>L_f)O;Lg#m|hF1C!=ud+rzdQEvOC`7<?D;eA)*`jv6p-n2<O<(A*N
zE?D@Tc{4g~+_qQ$!T#L9an5jteSfS7VqbIrVVs-U#N?m!|8dv*Q~C?*|EwQwnyCni
z%>2zb*#39(*KTN5`>(q{KdsD`XN*hz`hQv%PHwTTY>X@l+H6nFU*va9TyGVNyl?7t
zXLM089PYPtQ82;AWs8DDm-_9sXXI6jg2*@Ahjv;N)G)EjqM%QG&F+hWv~u;U7X_V6
z@3|-#S0CSdQBY7`@!CbfC^N5L6vWQ6o^M(dG;!sdwdeY`Xva1C*pHFKq9A&{^T-5O
za>o7xVSUN#O4e|U8QVMGw#fUZuAllvK~jBz8BR0D=zfcQ@8<cJBifDZzbGgwujeR7
zIl*yG+uoLRJmq#qziE9~b%E>Yor{7LN8V-J9BnXemRVxMdyGr_X3m7|m{gu*nwwdb
z)9!#pK{jm1Zl>ACHV$)u;~e8O$KPw+zNH_=*_g6^T*EAj>}KqJ#=~ijGIii0&mGpC
zWp*;<_^k)okF|}~g<S`0ACBt~$79W*j(4GTZ_=Kb!<4`6am_fpnN`2yaN|&pvyHXP
zF~L0RL$%AlU;nH)!Z<i~r1iIbB5j_`A7#CmI@)nISP#b8e2o5?I?lRY<Z-|>V;RR$
z-**C)hfcC?Y;84PuK%EQu)V|)PH>!&lg*DgM!(~}#W)+<oR^FB!?f}+vs}+^j<Syv
z9Oev5OrC0e?3X;v^}wl*I4&o%wsYM_&5NC9=zpc_{$u9N_?gCO{~k^#m(TLJ`mWb2
zXPYPUj9lXR^BmWYavw7+Gsn!i#={&F+O>2UmvR?NoZvL;&od9(J1@|lQ<qx@4y-c&
zOWiN8;`cm0uQm_m_%-Ii;a>f!-*BDvV8`wD8`m#WpYVM5DcisAdSaR-rpzOGr}44%
zF8$bViurK=yN!=!j<dI5UATcU{VxBs{+L|re6yKttn9a*#<ONXzshUwQRd8`byMGR
zukjnt_<j0QUvt0y!f~;aYnZh?y3X<0xZZfw&yKnt!*M^ZA4b1wy=*Ts*6n%w3G?C9
z*BqCrlKr{ro6Z|Yzop$}9yi}}etzIM<Br2sKh!@XKhi%teyktuRz9hp(BBxR`q@7^
z&p)*8f3bed{nI#X&n;LS%otCeQSFMX;V6r?k1t&8y#<elrHg}MjxAdpOfa$i;vllo
zbrM?~#96bG{V(_U++}f)V*9R(gS7fh%qrJcEe;ASz1seqe$C>b)AoiM^{m=^aS*%0
z{qA*(gHl*tu{dZ_u8BK7hd9jETI02S6=OegeQ;WRY@fwJLb-BZ$K?=XtMvC)$5HNM
z57)530!KK&aTYnvAx3`e@yIH!V}hH)`cL|KMV&Hd-nQ8L)UM}x<FtKdKl5bi9gDqR
zZJY<_U%8v(%JGBDTX~qtt32N~+MgZlVQ{c@Gu}+|;vmP;G3Lt^Cm9zzPIF$aoD)=^
zu{g+Z{G7!>o{0;s7Yp5vtN-cCjPob%BUd;d`i)&>9?F$Hj>}Eg=vV#f>-3|XzuxiK
zlV9xpZ|i-Fev~_IT^x*Z<Tm^Fn9m)&)_o@Q$?$P#9XQD*u34ksDcAL#=6j2EV$bhA
z{y2K8pA+4sUb*>h=jC?S^`rLV$X6VnO{31+UHX6A`DXDO`s2Va&7Yfo<+yiy-T7<R
z+aKNce`9~9ndM3rxh|~NF0;vbXVY)Zhg~e$zKT=qWtkf|YWwEjxvs+YzjvI1pAStN
z52xA9^dHp!$@3+Ll{a#VHGi@W>W7(T^=8NA0Arsvzo(oh<w*{6h9$=S?0nds`HS(h
z$UM_Ct{e7oiqnj))$Z@wv*T&)x$Yn4#nxwxp97rcEMxs%AO6caFga&C?|pe5Wn{DY
zvx<2pIKd{?%-t?%V;j5e7oE3VP~;RR*b}k;fY&MWw+nLGWtnF$i|pelI~Qor0nTs}
zV^29>3mwn?8<}CTV!NP+=|$TG!(6f0_OKnBIKnoTm}6!;^U!WQs=v?Jf5~=1l2uEM
z!}cVH*~@VbafXp)`q8ebQajFYgsJWI^JnL62mP=yrX4$8Wn5gnlm0ls63d)sbZ6`E
z7wgF>{fshtkDse8*AFMz#=c#)3u?4m&lEQ>!%22>nmwFhfn|;`x~uUs#=L%pIl}U8
zj<3GDipt47^grnJ)NAz16?^HAWkzSryT<sHXF1LGy|q{0!xU%O#>y4emtE`&>)&8M
z25&TPR&a`yEOP~8f90FD3*xM0ifOj7>&^P(>|2bVt+o1N@4otDAE#JgnMKC_=J|$k
zZb;~l8<}CMPJbL?A4fRMQI=TZ6gRQV;BET*yZOIef6UhFk6p}gB|Eu_J)GUo`m=I>
z>&zS{xQS)XFgEM_FwV$3^v7yuSkF!_PwFqMf2aN!=Li!VXOh#bf0yg$Y4<@^vHIPv
zd#-43-7~>9CYfW3c{aSq<BTmF<v1tUc7W@g9gP0NJXyn)OfvS~?SeGp%(B34CQ{au
z4IE}8OKj#8%PceYKJ$OZIxx=if#%POgUp|m?BsIxFxF`PjB|u#jx%zI`LmLdvi7WE
zH505l)cl!X8`rR#>kl(d#t+vY2b%TAVNP>|k$<`#Sj9;uILjuseZaiAfjyjHfm0me
zG{;$Sg#K8~$iF;JSi@PS7&+2>8D%G9>|renY~%>DoM11@9A?!P*E5qWGtHW`aj}&>
zEU?H)mcs2v84u%(1fJ(v#Uv9<v5C!WV}?0)G0#;ja)6^;$5hdM;%LX^nq#ditB*5Y
z+uJy*yphxFIKlDmb-!fU_WBc*=jfj)^{ZO-!__A{9-B@ze+KQYAC?)t&;94a#%sUa
z=~Rw=#Qc?4GoxIawVui&>{d>HRDa5oEGl=M;ry`pG3#)@_8qQ6HZjfWbB&uDbFO3i
zHD2sEL!P%jX?%=aqd#Uj!pZB5kL&Zs_gUW`-l#p3tF43md-^<{II+g~)K}i+{4md9
z*59oiyZh}w*F1`R!10EhU(T+h`sT+RU%Bn8)|oX=IA4pbKl`G_&*`6dyfHH2d6P99
zW0FH-&MT*w<0j@A{hD#Gl_hq4-FR7Ky2o|#P3y?9?-<ul-5)uk-1L3@D>rjSdBaA>
zQ66XfYU@5>f8`doDQ|qz_?0Kvr=0nvewAA}t~~i`^~zI>USr*VXI#onOeqij!T6Mi
znNwc=l<my^)%vS1&6>Y*?rH6>bzPKQ2h0c2plthU7L}VL(IECS&o7)(j#fm2xN;?{
zdd+jYXpmAaF|FLaEE;5#SFuOAVaI6Dshr}da(O59%E8W#qr7_8Xi!k@W8ylGvsXuh
z5#@Sjl{f5ZJ6m2G4aU{4dwn#R2+MDb2Gh#x-xBqEhsL>2)bAI19l38bh&*Y$Z@0hl
zRDCq)<M95D&)KBoa_F7raf8<h?}_?7K-b%QwPWf)$KgPue)G0BnIGE^GY?iBX<fMd
z80*2zvDV>6kBj5AW6ufEAjggmMuTClIK?=*^3-ThbCcJTAF@77pB@eJY&s(vlsI#?
zao^03n+Fr;J02%5GCuR!#2jlbHcl2;v^{!>c`2{wgmTR%98Y<i(bd+Y+xeSx-Cd?%
z<&LYYvvP@P*7P_IS2E9y9A@Hb>%bn)gyn0^^XHx?dd-uaY-5Stj9uqEaqN2YVfjYu
z?|9R<T5shU#(v>`dYj{Ohy~l1-)=pWOB`3O{gnQcCmHd5OnHrYDrfGrpK`We|H@;W
zX7zx1{?h9P#yQR=)_%tExr#k(A2csE7p)TqSY~jqdHKGnkx3@*H!rSxfR4BFA?u=?
zdf2)vCqHML$}=pp%-F9yKYiZuS;-WunBfX`vYtI`V1Z2>VGGCE%4xPU@@wnMDz0RL
zJ#1nh+gM<ZL(Fr8MUHZmB~EZ7XE?>^Z~Q!x5#JBSzu<aQPB6&^rrE?S)9hx3eQf72
zJ6YmN#`QD8Ddka?xq-1w?pxt@PBF!4W;n}EMn<d$D_LL_M_9vg#yQOdBfs@}j8#lA
z!Dcow!#1`v$4=&%W0Bn)We+Eq=M4K8{hjN8H5_J=>zQVWS&p-t6YS#@hdIp>XE?>+
zQS)b%G2dq|XPh-mG0qGV>|~N@>lgcybzt-N%$McwTMyeCHX7G$p6@2?$ErV>7ssE{
z&i3Uqj;}m2Yh9*|=O5OClUuA;pZof}C4O(y{h(q=kW-&tyd)^Hec2Mfr|Efj$0fmp
za*{>mp4gJ0tlY=gADl-{sPEf(Nsv%3vWY`%<2bvyk$o(4gu(J9{;iC8bA~Gz^?iO5
z3x3YfxQp#f?Ybn0+~N6QH~lkNrC-+Xz9h&q@#-ahZ_@o>5B)G+y(Fmll>6zPOM*0O
zUgP+z-fKxP%vnxwrpEEs`1#G=`sLVb^~*J{TN3oJZ-sHP^Yu%DDR#WUeD8E$dE=5G
z#rC-M;qo_`7h`W;;`b<hpUD}ne~WSWdB{ku{>*DLV@3V$qkO;PCafc8-@e4Zsd3)w
z)w6*`wz0%joMw^Hd7kGO=M0;;d_Vg$$sV?{$ZnQ6z-g8kjkwP<&e;C;XFan_vYV|e
zu#F>J#R(3v%t=<w_j4X5xS36yWgCNcxQ<xCJS$n`a*nc^6I{U=)-t-lI9S65CfUd|
zo0(+`ySb7D4sn$0IKlOt;TWR}trKgwkx5Q6%}va5GrKv<J_bqG2P;@&C8xNYWmYp*
zVcd+fg-u+=EQi>`Nfuf0PW`Z+)66jHb>&LNSzsH-*v;m5nHM`b$}*=|{chL)V&{=H
zEHTA&gZ<gXZuYUj^&I6Cr&#eG`)}uQ!5TI*#ZI<yHM?0p!2WDa*`EWP;$}vo9%t{f
zKf9P>`9Rk{Q;pg`;B^zH89CTGJ!ssAXvgHC+OfMy|12Hmam~p4^*d~Pv+Ibd4;T-d
zj&R*DeWZR_I?8!vcZ=gc<Z*DEb?11-b;k4w)^&+`7L>ECu7_6{C;N8uc;*Pl!t$%_
z$6+>p&^TD)41<%6dk^zug7s`-hEq?tZkSb$oMOE~+ni@kaGb-Zx=y%}Rn;C}r@8K!
zVVYCyWJSAiu$sfxuZATya+)hX?D{aDI8$t98*5K@TsE+e9US2ZCpg9#jx)N{b;ue{
zGs#(|x%?yM!9067!U88a!c81!Rn~ae$jCC!6RhGYCb*tyR({mH*up%k&d?9z9A`bJ
z*~mzx^TjH*Fu@F)*v>X~GRGYA>}HWoAJZSxoMxWU?Ope*VOxiOm}MJt%(2Km&T@p2
zGxfttPP2-U9jrU6m|%h}Y~n^{8JuPPS<ODiIm`@8T*WC4v&{93?dZ5nu<>l`#a?zY
z-Kih8ahM$}aV4kN!!mmri<vLuT*DNL%y5{U9O1a@zxN#HRe3cF+{jT*GV-wY=el0P
z_MBnk$Mx^=GR6c;Y~ncExQRJdb{Q`lIKm<m`Wrf5JC-icpZX1q?qt1k#>-mv*dD(~
zzhRlf%3T-RPdUd4<;W$Dqg=trBd+^Poqy#t<I0nta2+U5F|8cG%)FFqnN#k%TtCV=
z7L-S?FdpSGmXs^6G_IXJE;*x|`K0Scxs_Gx-0!aPI8iP#r99K)ILfokDmPq1<rMSE
zJ=a<XZtitmsIR%sc~c%`>~rpqH|U2wdHb>9ChNyZmRNs_^UL^c=J$Ey?{hqk-fli@
z|CD*K;!f?EzstBecDM0<!TNq$|Lk1r{Bu*k_QugUU|l%FDbBLY;4{Xx-2545l1<Dq
z%Z)7PXLita#Mr&goBHJ}u#uzeVmUnS{rV5ftQm2=52;rkWs`E#1CF<g^T<x+)ekzZ
zav%GYS3G3=%5jb=cRuWTR_@}o^7=>Yr##BoqrQLrobf1EGO671dE-*fuuZw}1?NL~
zfIZ5aN6bTchQrFq$Mmb*zzOA5Uv!=A>imR0=6YXmd`y1X`l|0>TDkHo&M#As>nCi-
z33fl>ditXCK4v`Z{JM2yYsvgr{HA$v_FIn2H5<%hy><Dn_MG^hakKLK#>>VZ=$|7$
zw63iEk#@$hjv2;(?7Cnr^Q>o)O&nz>r&wTQH|P5&&I_9u`;zj6^;V8B!vu3|W778c
z&y1f{lg7`fpS$ij{!8bTeZR6kU)KIN_GkRJ#?6`ES$B?1n<snzX#Kw8yli$Iu;$N>
z!|A^mZ&?1D^<&H5jdRrfZdTbiHZra}`LuQCrhhoD`i^JxS7kg*aud_s%q$~i=ZA3?
znBgebaVp&YPsi8aI!1OkPF8W6Nml*Kezs3-alLSS&e9<AxcSao8YI{=e`(Oh^uncn
ze@^>FOM_8PEnXVTuozt$)O^+YFI^g>nW|js_v1W%c3A57;hg6km--9?=jByPgP7M5
zn|EFsq*%Ml(jd#0U6%$K;}~LIdEIVH{o4}Pf7Q|;r@nXhr9Qi3j^CeB&l-+1&S@qX
zd9~|@RqSArtC`^#b4={v_+!?i+PJDc{y5GQXV}Q-o*u8PVJnjyV1^r+W0`%7?WrF&
zGNs=>jw=swhU3htpJATS*Es%b^v4n9^-L&FaZ0(&=+~_8Ue-~4f(hl-%&?}$x-!Qi
z$C%Y_lH<y$y_W`MHoeyPzwSC=6I))l)ML|rE0zWY=2>EqGn`@7H>~sP&4bI|;5gy&
zSzs4OxsIK-PjE`P`Hj{gEOV5r<Hoy}>*Y<x%j}!=!!;~$BS$&O32tJ9!CM@k%Q?dq
z#%esy80SQ-d9ZaK+Z|_;S>-8qvtnQUvx-$E*BP@+yw$pM14o%nSa<D;oKap~XB^7$
zx7qKT`ej*pGgHbfZ&$y!=OJd5N0?BK)azGy^?ufY(fyq-^>IeO<-W*H<pLARW#*Nm
z?{MCjX3FtnN#n79FH7n-a+)jNsh`(6kIdM=jor*Ku72_W^=wZ$4$BAXpAAjs$+5%C
zi`C8M!|tQ(_d3Tv#&NmkSdV8$PO=|+T8)d<rx-`Lz1@CXak}%c!o0KQ!Q@%?<LKEQ
z2W&al`Dfn+_G8V3)`Pi=o!8g9zPs(m#><^Qu32RrIeoSL*m<qT4@=j%e!2W+`@KQC
z)z+P}w|e|BwZ?ud-Dw?IQ*gf7@frJZ_8#lT=6kK%8;$1y`>|%&d13d%)`=UxU_Z7#
zYTdd1i`I#~PuMT+e)M(YWw60KnPiSbEQaUdyXMD{ALvK@svjBWx2^w=tt)#bj3cc7
zsriNVKQ}(s|62bWtlMw2W7Qw@%h(^ypT(!lPrH#nTSxns|DqrD`C04#Cg=NU^I`lM
zkL&Na?#sp(*8kJ_V?(ek7-sd{Wx*87^OpHpjK}r-WkHJL3zr3*tX#A#D6nJkvS6G8
z+bs(sZ_zHgEJ$!<=`xQw=Y83-pqtf|+H>^|%YspE+HqMh!^)kP`8`0}cUczH)SAbx
zj>F>a%YrPkuU;1PaA416K~B4_*DMQ)$~}AOPr2dsj?d0FE(@aHb)Md|%<u7;&zse2
zSMwJAC}(ROPq~ZHeVj+;)#vtgT;-J<RgNc?`F%d~s?(49X=b?jZOekH?|DAl&p4D@
z_Fv{_Pp*^XvY<)*?0d|Uy$3D}M$}InWc`>qSXuoBM)!4H9HL&i<<Mn8TzT|x_2aIS
zX2)YU+qj86Z2y4s!HOg7$Bm4B-#VwYXX{bgv-23^=gJoI<Rq(p;CeaEdUAki$J=zg
z@v}N({EVMqeQfVN(Ry%A>$0H4;8f$beMP(V;O5hv-ygbfpP}EkI^M?|U%B^8*8}T2
zmDMM@oFC<x^YyD7%`NkLbLM@i`6$<RyPh^W&sSPEuDH(p)URW=a`JZLGXAkUoImwd
zpE3^h^=r&ad6=<;>-kRWp}zIg#`7cV{~6bv`qZHF#onU+*m|FN+rH+0^XBxB@v-Yc
z<Kn7^t>=$jN9)vUU-dcjXO`1!|Ge#Wt`pX<mq`|wvfsu>^{+g`EGr*#T*leQl^o$l
zPI1K-t>fDq?@PwZ5_9^gf8087`4jq6zm5~i8@}fFKXIS`y7sL2hWT-X-5e{~U;F&G
zjGrsNZT#%x6syPW|90#Beb*aDe_($${mAj`zu{-ji*oR!{h6AyKjS}lJxy4rUswn2
zQopqB$`w=Q&6Uiu=~uREKk{qmq2Bm6nYa30rj$p2s~x+3r=9xz@AdOj{r|!Brar+o
z<stezQGOT6IMg@HSU2Uw-;GB($!X<voKoJ%*v}mQ8OI6TVjVca0-J+M@AJCe=2m+D
z()pZM8I<j}iB<c#??o!TUuiyzwBwp3R6o76GHB!24wXLJ)p=#7?E^bjdjHS)dsSsn
zVrp0WPr5#Ks|@0d?O7QVwQt$0())YXqoy*LP~N~YH?eAe>%6yqZBM+`@st~xW)rhq
z$!^ZPPJi66qB0oKzWJ@@p&YGq+;=$Mdn<zk8&j3uC)AD^<?{RV&%OgIgJGr`9rx$f
z^RUWbO1by_l|eMAJ>#5dc6_cs!tojNRzmnS=lmmrIbP`Q7Tx37a@>EbWNKip&rtL~
zt<l|EZ<w2p+_>PTikla&j^48L*2>#rckFcg@@LzJ{WM8taBfiXY|X#_Q-e0i-#a((
zYgO)h(cNpG@8^!iw@1S|U*Y~e;r~1^*E{0AQcElEi2S?0pqPGeZqTay{8u=(5t)8u
zZcrOmHbr-@z9DkQg4_Rn^sqm_E)bM$e|G#~8((34IF6Ao&J9Z8yq^0C`->`fd}*%d
zL|?{P9gg$49&1#2dJTGQUls0`-u67gc4^x;e|c^Y3){6scW-!pzBfnjSbBS<N_|Pr
z_KB~|4c0x^uK7Rho?G8LcDOwpZ}=5j)UNIExq*)k{m)m}&#3zRH_T_Qg5&+Ke!_Xq
zXkYuSxqjcp*MH7O#j|H4>@TLD=(pzviSRhvJnuX7J%8rI_9^YhzB~8XdH;XM58HQY
zKlFXq$t#$5*uJ3ssvo?v_Tl=EYv1}q*Gt&H^Yp^{Ti55#K)4QN?K*$@^6OA#{>?vg
z-D($Pwsrl#unu8=P1?`=^5y%>+P-1xmG{@Dedq69zCRz~8#Mp^mG?KTee92OgGOWB
z*5k!TiUvvB!?`^F75=}Ejtm-JX1{Q~Q?|F;?rr4%x!zgrR{Uvh&=<Db>beX2>9M_F
zdn7z>|Jm+-^P>Ai*v>~C1}ir|cRjr1{62qnjafS%Q5dv7^}p{sVY|qDkH<f|@BBZ<
zjcZrwbJKmB_dmy%)-LLz$^1X<d<0j}@K>M5uDh3Br!UMST>pZ0iP>#m2jO-f-4s+l
zJvW#QkN50-@P+$UxZOt*`FW7Xv;W`vyocL;RF2<)oEs#!u|2%+)Y!iKnU~(z!}_H9
z3iX!xKVM;gY4w}8Y<s-VKK^Yl1wQB5_4xnYU&8ZK(7tb>&rkk;*3(CbcyDgrzwgig
zbswyJ_HG)E&qr?rg{aTZ_Wv(jXD_<{Ep&Y?@wvvY@Nu8gKE311_t$27ZS0lz=OYRH
z?DggQ^H1UZyz7<q7p~uw_MN-W3npJO-<LkF!gcXac>P?==TC?2wt7Ad>*BW8+P*Q|
z{xXlx@Vf9%T7yaLB4NAdzQX>q>euh}^7HDky|3n#%`5D0MElm)xsJkPY&G6+`-JVC
zwkNl-JsfA*_FmiZpRce!w#fNc|KjmKJAd_?{5^r0u=UH#KRm8~dKZkp>E-9yY5S1B
zKk!PgFaMM)==ApqUT&WL$yKn*_LrOIl<fuEx1MKNeO~?6^NcMvfAv0^{$=MGK8};x
zCF^|-c=$N^ug9C$hc9~l60S>D`;Gg*{JQw3J6^-Svim}K{1NSI-fLd3;P_#C|HLI&
z-}uVfhvTi<&NbriFEsf7ZCzhU+jIUNLpj|3pX=d;`$)$2mJhu0^W3BTCV#h~aT~`A
zuRp(n8+5eH`+uLO#<fcyJ1=Ms@0Tz0{20#9uc8LI<K_h$!s8jg*Smc$e!W{2^_V~2
z--URtpKZNv5Bo`JSDo=W^)J&;o9*4UPlVh5$LnUl5*gH=;PdNW+OF@#&;Q}^hPBIT
z7Z2Nc+*jT)_x9(n;c)x7?OiXkJ$!uol`fy<H81%0cP?Qk|NdSly5!&W;aYFqZ@6FF
z_Eq+K{#aqN@OXa3Bj{AWBCObIJmG$R#UaSq?y&#)3ir#Y?@+%ctbO+W_0s3<KHE3j
z-WG1(>iP=zAF(}g;&bQkKkNGM)e5&y*gj=@tN-8D{$<;1PTFdF`2EiO#%MV1s-?zm
z`_|+3Bk-U_eSO&PHtxG=+dFKp4!1Y{_xb63Zu_(AwT<n0+q+(7|8QKx&u!m&TqX6{
zm)S2|kLl;Ow}<1}YCYqs{3z3Bues@k*ZV8@zQ>OOgYH(>(aXM0c>cSje_tnA?XxF)
zeG(pjt91+K)nog(?JvH*!uo>x_1mZ)QD0Qwpw07N;XM5a=-GbqVdYlG3Ag)EOVD_V
zzvHlt?cwoazC|6e{omiIhK<xoT*a{Z7q5F*??(~Az*hC)aWd-r)UWjaTVLPdemUFA
zwl{>^pZf~y^XhBb{`>i=s6Mt;eU0{`>Lco(UDy9S4qp2DCTusYU7L2#zD|De_vL*r
zyxtCvAKTvJ>a>?0KfFHT>TA?*2+#NbbA3EJf9*%x{k;v%w{;$JwzvEHIf?Lk+v+@p
z$Lq5_ce?wb^Yu!OSJHmqJkQ(V__pdV9M81v@toHQ6$)G3@1MQ?cW_;F`#T`7;B|S}
zKB;~Dig`iHD_D=PeOCMQm9M;gpZ2+{<^^M~;PDuq-;(yRtLFtB;rRdS^~j4}|7(}=
zcYcO6+j^azJ^wpeE8ACu+n@Ui>*MOHuYc*|GhEk{`l$MF4BP6j&Gt&$qv7`FzQX=;
z>LXkA7uM(1Z@%uO#|i6;>L<2QKdOFA{npQC6VKJB!eefApAGvf+djS3eqnvgf3~g<
z=NW&lKIi}cJ<k`OufqMB{HM`;YQyc%eTDUH{?n?y`T0tQ^*R4ptv<XQpZ^MvlUF~Z
z{@L%dUB@qeeh>E>_Mh1s{(F5&>Zi6*Kc#-dHtNgjN7TRg_^SLqm$lwT`?&hm>YJV)
zY}i&(>Py>bpHaVV8}*&)3+lJN9(tbZKeAQ-1@+zAXg{L9OMN(o=fA@LA6MVGjpI(M
zZ{0>ek)1p)x6x0P`sQu)lTe@BMn6sJYq!z9O?}li>T~KVwo#u~AD;gguS0lU6xC0L
z*F`wlZQS2Vwom<!?bEhz`XAe)JG<`x$M(4GoBzl5CflFAZeM16S=(p-$NoLGm;cB1
zqV0k8dfEBg9(kGV;dL=>d$`_PUoR0ij&Q%N9|u+H!})AopHLsJ^Nafl&rg&3@cayi
z^Z)nr%YS};9=6Te9$uF%;r8dg!uoFY;onp1c)pTheV_Vh-rt?ts(x5~hx&#W)rV_R
zQomY#I()u($@e`k{kiXqcB41W^Kb8bJ$oI!a32f%iS6S0zRBMO3!m5i$LootcEK&a
zUki`-pVyNwecchROPhApxBB~K{(oE7ZMW?`wzs~dpBG-o7i=%xX1$-=zV-VYqqeW_
zd+z&)@EE?r^_x)Nc>8nL%d@ra;ha&QR$mC8C%5@??H69RhW*s+>iK2ObFcTG>nE&F
zs^7F#eYk#U^%Zv-&;K|NVY{4mEAR4s!hf}U;q_QJ-hy^rcYB=_o{w#g_l2Lshy9Lg
zpZm1uq5talh3g<}SJtlk|0sJOILGd?-v8`2Gn1LkZWoDml^}zSut=nfjdZ0EMjGgp
z2D;E_7YTHw;dZ2ft`cFr<mzaH47a(L^)}Mg23T#d3k`IUNLL!@D#5OjYZn{rYNH)#
zuI#lz_IDe9thZ5q@8_KFnUizQ_ayn97j&|p&*yo*&-eNMJ%4iYhnE-^_#D)JX8oT>
zv)$*OkIedm@7Lg2@Hn_=>_a{mz?VIG=^thA2)M-L?H^)Shu;nFT`yYTAx$}5a6?nh
z0DM4wgUX2z%mw)IawNVu|LKD#`Rt8P_%#2y2%p#R5`P|k%@dE{CGd3(UIi~`@CNun
z4c-P%Yw#ZUJ`Fwuk9lw)Bl3LuEqGb#p_#uD@W(uMQjawFNe!L@uW9fi_y)LlUaf#1
z(dg^oc@5qIKcMl`1z!Q*E%i``)Ni2tGyVDYgJ%7In0XaD9WV7vz)L%h`!(wiejHqU
z*oWXb@VZ7{1ed({>JMJg;C1j4__FPszfx8Ud;p#lT(iIJ!5jRJW=ME-NZ%hSyLG`P
z%-b<;g`dEFS#+NLhSV>m`0;v3Tv_l#pH}-sO<YCz;{EP?iCqP}{TY6Dk<Z@pgm1ui
z`Q6W)@LO?P>x9J9f#3ar|GcFS9y{sAB@ZL;1b9u&le+7BGXKVxY2VLX!aH#I#|-Da
zS@Z_KJ1VwTJ)HGb>QP*#|9_GENV%T;2w#P7K16wZ*4a1V<1KZ)TVvmaUxC;43-LdM
z&j#?4m*@-W=kO=^ytV$ju0mS<FNN+rI(z*x^QUxDPEPnQsdo0nDeYB)@5Aqva?~Ms
z6@2KyC9Veexi0r{WFP3--?-PyF1n-K?Cr}$KBc|HZ|Fyu!~Tu-ko7g-yjkK(pj&&E
z{g~*~A$S_R^Y8xgoC9xZ@FKYU{^<C)5kD318hFTd&R>bI4!!~26@07TyZ2dQ-$9rB
z54XMGeQ^0*)A4mp@DX^_qnCDzUe15O4{hV`R(Z}iOTw>w&s~nhnE_9L4`p8!&_1Fo
zqHBgjJe%azIr|fdqlT`?O?k6_dEyX1E#Y^DjKkZ#e%$?`kFIrTDB!-R`#z2Mjq;!9
zb0}B*2J{DsFNIEiU$nw!U7m9AN8r7AFM=1qLt>{6@mB#q2tE|dQ(tMX27DqK@~uB@
z@HqImKhgKVSNMI?aU6*6E;GjXUCFw1Kvz3C`4?U6N10Do_+39~r>%J0{Z4dgbk%G4
z-9ecj1M(%h0=k3Og{<pN0p%vpRncvtOLCujmi=xUeg6i2zi~o8kn#uU&c7+7xi93d
zcl1RR`xbuRQTzqeTk@Miw>#&~ue4(peDqfG%V)>l89zn%b&XvGyZ~-K4@J4-&tIAC
z4<CBFzq~g1g}3p0nJQkdT^~Mk$Zt0S-w&P(u#3Hz@%0YBT@w5d_(<yKIe(Nmv+$`~
z+;(RBgYN~uD0Z&)cgCyauZphnE`Dz^VE$>spSaEKU+g;IRq(9p2iAJ-<b42t=G}g~
z5DQQfyex5f_BrA=4!`F;A?v(dQ{OcF0r-&Et3&K^;3@EiU>-Z+OYmpl3&L;pGbi2}
zeDrp|-zK;LJ`y{P-!6O){-B1J_8E%b!*0Ja?jkSYKj3>L@4j*Do+l;#6#Db%D}46m
zP0Go^XMf2*UlqYK;N$s{{!szn4{q*@w({YgZ^UmCUGA6N_7YDAd==b$K2ejG0sP7L
zhOF~l4=;WrKW6a#S-;;ncmaGfpg*SJ6Yule<-qrVZ{l0mz9sl`9y^Jn3f}hMlAi|n
zN$~v({Dby!p6heQkJxw7o&GQGcmyAS=YHLdi{H>o$s72g3G=+zC(y0`rr$mdUH~t+
z^5bu}0=koT`0dN!HSoq1`v$t@54!E8-P_<1@QBOa8ApBiiyk|v_XxZXeumGJ=A$@+
zqx@UsC%}IizWpJ8TsiQQ;AOGX^tTdx^uumDiK_~3fbSN&fO%4MEp+G6txZ^`MAt{R
zmxl|@=R^X=mE<w<<DCEh_u&0U0=@_DJO2gmf`{;7AL1_uzIyNYyy~0>Nq;KAH{iW?
zRq$irX1i$e)`VZF`|Ud53Gj{tp|KmlpVQcdUPk+YHv{bA@CQHXuXhUk0Qh+PlJ6{d
z3fz3YHz40;{n5q#&}}bytAdBYD*^qj317U=Z`T1o1a4j@+$z@@2LrMDl;19N1$N-8
zu72d$#o;&Z_uHkwi{L@yE+>8)e!C)g27E1`epUGDXZ&^z@OAJN*F5FK*?~WP(rqX0
z(Fd=9CtT(E=cmX%&Kp1HwwLyZgO|XA@|qUA&-?9iVh3*L$Ga~p!LK#lcG54Z;92l6
zpY22N26)<|m-yP?`@q{G*7W;6d{<*P0zVCI&NCXj*vpx}{@5L#l$QjrfuENCqOr@u
zr%utn5|270{sMRfe0;o!zcTm{aC2X%>9=+G1ApSTYe_la=5t;eyB>Vui+;Ny_(AZX
z`6c=j1oe>LE&)EkZYXuql$U`&t+C64H^3VK`6|Qj|8mGUB7W5&`Ko~*10T<q;7#x{
zc-|KCSMUz_Sq<I?k3H<ykHFW!S3Q2BS5mG9Pk^7%;A!xS;Nx*hyXL_A;O2b@O+P8Y
z4^R8;s^FX8$0aUJo}2K8{?tDocfb#Vd*kSXr@`CePZLKd$vUd>7X#n)_>(**!8_pI
z@tFZ{dGwNpJopLlen9zU_`;vL<Bp=Ofgc3-meT}Z_25!Y2Yf&HP*aZZ1Ng{Sm<MJ4
z)Z`)Zlk8Xj+#QG5#lb`1dDr~u%)4p$)koZRvW3ZkC&BrNW*Thr_ebJLD(G7s_U96x
zYv1EOKX0NdpXK~U;&JJmeXzvcL)ZLz@ccG{um80>Zn2BLg83Z0$7fxhlJJ?w+;&ls
zg6{|SwpSi}uLqZMO5l6I*ZFLfV?TXrU0<!iAAvs-&|WS0vw!1`L;QBZTi`+MHH0_L
z`RyWC(MKK+ZQW<}o<AqxH$8Sz?=*M^d@rBvL+~7UPlFew91kvWSHMT$=Jy;l{j&jo
z;P3q7z74(#9<mGPulVbMCq*y)MB{G+AAiDc7v0Zw9dP%3ZKuB{;rH|9n(^|?_6LuH
z``RBos=-U(A@JRvxU1kJ$~Vs&bn_qlp}+T+-vQ5nkGF&5p%0z|Z))-&eCVgRe)JC^
z>-w@LPjUGAlkW0lyr#g9g2!F+f`4C?M_1W&+e^Mm;77p6;}ySE@C|Tto|-VeTjKXA
zb)85PcMtwV-(T(!yb3;EuEZ00CGB_Kt(W}7!FPin=d*4-O2Z%3*yX@W;Nn|%pQi+W
zcmiL84?i7j-+~|gb1>h7U%{Sjo^O7Um`3oqf#OBOA@z-3&AuM|kN{?0oq0*@lJKX$
z?YGN-p99y~iQfYJo`2!`9G|^@g|EP8;By*Y%5A`Jz>kkFv1@}Lnc%k%-<aSxlw$qY
z_>F;|3$T-NQ}EI6=;IYW2Y+A!UxKep;A`+_Ch#rz(1qagd+;k0_z`>wJ}uXiJoo2f
zK(U`@UihxQ{|KLg-*W}ObI)g;eGWbnz{~!i1aH8%WnVmHe<1n>`s&N)tmlQNJO?8&
z_0S*ti8<pmpY22Dmm&Ddm2;l^Htu;#bg@@4@1Z*`##{5SUzbJ~OU_x(MNZHa(5;}G
z=C6wG6uOF(8!-P#{aRA)PpbTjmP6w1g6{#Z3gEJL_ED105xO$EGctc`^XWVXCHlmx
zDeo%En?Wz}<<J}Z=UmUjN_<7|J>VOB4$7<auNt}|=vGAM>7No$3;r1V1&L=$|B-kG
z=nuYf&UKz8enKnc8{Ck7sLg}(e3ke~qTfi(xz>NFR|dQYo{@Nb*Uzozucf>qx(lx&
zjv4YOd8nh`zcOddo1Q!f--a*1AK|liUX{4|@NM{x@UH&g-Y-XfhV#LnnX~Rkc;<ca
zlYno+Piwa<y69`>jI@-uH6E<}llUpZ?}snBc>lPnp{t-X_ZJiL*+#c<&75^U;M2M9
zTS)s2(VtAK@hUNJNL-QEkSp+&ZT!QPCuiJ<E{SgR+PR7M<E344=uW(D&U)@!({3gB
zL)WTt>e;_YIW_n$e2dTSc--yQMz^-AA14w=AASQqDSkBNgs!11cz^$J>Mec}=vJ<q
zvz`ml_{qSZfj6&vy7K45YqmeS6R)4Mu8X;J?(%BrD%b1dmUvq5$Kel1y*&Aqa(eJ*
z;SWoD`uc_QeTYz+`REOE*7X#RA1NmepM%$xBmF52-#wu6$G_zeJO{q-&2z4OW*oc-
z-UH8waBF<H`@h)N&>1)S?VI4c!K-5L%Ab>GvG1WPp_9+{5$D4Y{0MkWK$pFff3b<Z
zmcIUT?)h8tkp#a0zQSj3-o-8ppE@{atP8IW!3*HSx47p`@mCf+7d*e!;VW;~&r4$8
zhA-V5Jm2);kHfE{4a&FpiM)>MSm;i;bk2ES0{*}+s5nK#A$Do-#4Y;%A$%Ub4__4n
z&A2JUAIwi5=M8iNbSvUV(@#6_k$39Hi?sUyei{Cp*ax(`#2dYqaf7ZQI#0a9C*jv_
z)t4iD7QO_p8!y5a;cIKb<E;w639qx4dNkqpMc~yut$S`ybUkzjcTU%ZRt;l)*K}P1
z-HA)*i~+tSe?jGD(G_-2*Ok!id(L!S9o-O}dB0>rxgB)L=T6rR(G{c9b+PNn_4hMg
zr{p<}?&uFp*A>teE}N{A{!vAD<~>gT8vp*2+5Yf7_{jF)b`U>3bSHj?`Jd0;eUb1Z
z_>1tmeUtF9*E8NfIv4nT^b~yf9`-|1)|WiGTHTpf#_t13Ic50xC)NC9jyLCgTll)z
ze`?Npo|N^%_x%U>6YvqV_F?vaWoNcuz&azk(DkebpPn;{V(gk1ob^QFNT93!v6_F(
zIGp>r!e`){@N42nGj9~&NAOO2xa}+OnJ>(Zo&P($tRD^d4fv4wSBKzj@VyVxPGf|`
z(*r;FkkgOG^CtWVz5t&RU!J^+-xv$@27Fj}bqJmWKLS2hoVkC@fak%F3NazyMRc8q
z=Zw1eoRIGty4BPA{+GbC1%Ft0>3>tsTco}N^rJ`SwC`&WKJo_Y^|fF=0YCgJJs-zD
z1K)areX)w?fa`r;&VH+i?(BJey(GU?_~r$5p2@%EkoX$lgYW9g7rPGp+Ouvu!TaEG
zW8OM%<==9MzY%zmm;a0e*lI6py%#?AM)n;`!F&pSZO6R!y+cxN4*tZ>dDr(+1urUm
zy#EMZ0k5JT$0d$B_&Ru!&$@ov*4T-^p0bOGojSzd5WI*#mI3WPB6<V;J~D5OW6eGz
z317ngsK#FUWfp#QdESUgMd+9Aez5D~yFd1QbE^^{hs0AxpX4P=Edey`P=`MYe@6P1
zXWo&1*M^V2c;0ir!@Zvt-2mNzz0^zj30l9SY&?#>MD>?|@hSdN=t@5}Z{2U3pv$9M
zed%<66?DnObbn2B#*fb%b*TsC2Gye{@x5%`y8p42SASkYZ(`oMV&1xrGC`L>mv}kj
zLCWQP%6b0GId71>WYHN{(mzB;`;X~99{Jd=IbP9dwtETP8V~ti6y5g2t}i-^pBnti
zE9Q-pvd#ybzlpAm?#zDr$0htDyUWwvcugahZ=|~oq&!~Q#jC`&4#7ijrhQ&LZycZB
zg3WWL82H)O(rylH#+?N3fS(cEv(B0IhcCWva^9uim(b;|ogdq0yVw01{CW7(TjjX<
z7W~HQy!D(X{lL4v_25qj@KUD{{6%<)#Xba&-Uz3`6X3>m^Tx6*7A^lzgNMQQc<`JC
zm$Hfq&q}+S<Jn!WDtzko%m>12^4o+zcm2F|Kg-n*-TRduy8IjFxAryGIC19p5&S85
z^LmeG{g-x(Whv*4UVH!eNu!J3FmLT^CXB}dx&pd7zMXl_?N9PqMRy+E_`EH61H1>m
zSM1dxcpH2GzHEd16}$&N)Zjz#5xC6N_96Pn&vISifZtCXe2)fCfiHu5<H>^W1K)2u
z=dZMT0sH`XPH<1V3SWV*z-NT_tUJ;k4fs>=hooNw<XP&`MYs7D)=SZ;L+}B3_ZQsj
ztKgxZW1ML482G-M=Z#I}L;gsdN$`3;cwdl(UtZJmQeF|h^c(*DNCmw0!C<=v{K|iI
z+eu#9;Hf+3jr9q6k+=t9|B-p^^<Cj3H!+s)Rr?IjxRkz<fIkS|kaDJ6Zx?+IeYdXG
zW$pgdxxZkxKl<<=&KqrPjl8|CIoDqr@D2E+@ahn|HhBNkymh_6GmeGt!$<#Q-nt&`
z;U&({K{>xt>(G>XN&6+yhw;ZUwsi=e0XM+C;~@{8JU#C^kC3=Z;BoMM;)S@z&vS*Z
zDLa;NHD28FWD7ozeOkjyy?XGiPt)IJy_=z4k+;yk`195)4t@aKTdx#&`4NA;vfxE<
zUA?5g7UB1NhJGmhXu`T)LwDwnm@g*iB=2o>N6)&)h2*aXUitd`)_p$jdG`qZBK(Tv
z$J5`%KKAp(*=2o{@-=)4KKc#zCjop8zWz6AKJ(0Xl7|xfS@=_Y4w}zIS4Vf~@%gRy
zI_UO$(%v0(YrT2vdW3)9?Rp=f=tt;J|GipAr|2b)#9Nsko>cpA=3i%D=d8P;%cARV
zPOn!9UGX0$>!cm(=tAFQJ(N6a^4NyI0N;iV%A@!hpsPHk>Z@tbNRD~?f6ZIZ>1p@`
zd>?)#puIEj`TxUtRY)Ia0lxD8s`U^5x^|3VS`|OfTL}FAZWI0pyyV)-hchq8c<92f
zQ;vjTAL4faUH~`kJnO62Mc&5s1bE;02Ve8}6MYIitHHD2E8rEoaQ=$E0Nw<bSnNaa
zGWaR*hz;^r@S5m<Xu(wv!JFV!Pr2f=11|Lrs^0*<4DYR9=<SR}k3T6V2Cl1j5?tzC
zLt`JJ&w!r;_tq~D-UIj6uLOS9Q?A%n!CT-#^=QJMhWFN^11@<SZ+D5S4_?>cBk-f(
z`=vjtL-f&`xj*_{e?1c5O>l2L(%>h+$IF#^<iM-oLG>uXAA|SSqY8f1<4@vhfR{9Q
z8+;AioA(}gL4yy$4}*K_5jn)T1Fw1V5eGki(O<t5co%#>vFXNP4t@Z?M|gEeJ&K1c
zd^}%*SHRDC$`QN{-q!eODcoD{F8CSr<Mm76X8_&;kIH$nc0cBR&LQ>-+&6pHU+*M%
z1w5!-v+zgZz3o~6-|+a8`jx?p8oUO62;5u0CU{<hcfi-cz4h*c=fKVH2mAIL{^tXt
z?_gW<@BVrxz|-JC_0GVr!h7qT2Ve2{lX{oH6B@h<z6ab}?*@2GgSWw#!M*kFfk#Cz
z9c`BV-!162x#wGnAr3w;)Ow>?H`4GI;Jx+Efu9HW_VXfmSA$o;PlJ2wT?cP#@D}(P
zaBsc4;4N?-@tmojhw{t^bM81Lh8TDbJkDqD`KYvC3jPqhx87OsgC2jPFMy{#xQxp(
z_&)KojepG0Kbz=x&-?S#0gr-@=R?ZvgNMP*eKfx-0%WeQBk;_EzuwVz@_Y_>T!fnT
zPQs_)z4gw3Cq4e8{5<%w2N&NZ@CdlM{`l%`-7gUPI=WccU*DGa1^3ps3mydzVQU}K
zo&#_LJg8og|HM8M-dnFY_{bB##FYX+ufen6U2tzdE`XoY;AQY0_;@{}U(~?Qf}fLq
zF~fY_L4Rb?U++G69z3Ytp<9_Z;l1^afgketlX@q?Ga5Vtz8~CM?>u-)gO|Wpz`gaZ
zf+xYv_k+w(?>72D#9!|o_&M;PdXM0H@ZNey*JwYFKdE;D{Imv7gEzp<^F(xVh&~5?
za;HBZMerv0c)dkm0Y3rm?YDLCDtJ&m+VIEVz4hpUANBZ?a)#g~4IcSL`T_U>H1;9-
zIQVgJZ@Z?z>)_scWWgmKZ#@d&W$>VSRNyz@z4fSruY3GSTrKc|2JeC&1h3nb;IHTh
z;C*m!Jwoqd9D{r75d$yoTCna*DPQ6z3BKpj1?xQmV|WJq0{B^l$sf_@!B6a7u-;>%
zILSc?{N!^MCcf`Lbaiz7%hdesI`4MwyGS`5bbEf#U%x(h417GVl7kWWFt)ID{m6U$
zDRvwFp0DSnycB#2{wSaAL;PmJGgmEW@2g6EitvYCt?C^x?~AU6uDqgj0ri&h+USgH
z7RIjQJI@UW--lo3A$N0~@vLXUhYHLSuh+*bd>p=c{et#BukdO3)t_4kd`=_}f9%&8
z4>FGjocBw8E9la9OxHEho%*c>>v`7+{(9)@A6Dzf1YPLewAr2Lh(WHO=&tKXdneE}
zEB<kk20sBF5_@$>UUJ~O|2uIC=DBVod<lLP{*Z>3@@nuK@DbtFA$SwK1U_D#;2rQa
z4=&~O!L#6!W8HaL=snCAnsQ>`8IM0HCkejagG)IX@c4vs3h;Y1<&?o=9)A*R4gB~=
z7L3$({t?iAQf?bv^S2kQ>k*nf_u=>b4>ccZ_|Wax!<X^pZ6~R39DdJT?tDvpDe(Ot
z<vNwb7ch<`zC618@3Ee%{y%;lR{WRYhnI$Z?OX#t4<15eAL6eG-UUA`;8tFo`+8mY
z;_k3@f7ZiGc|-WvbNuB+4%1)3$IFv?#=-M@!q#&wTmIbl?L?Om-Sfj+?_tti-xFOC
z-I2?~*7GRjO*h`8o;C3o4;v@>tgB}Weh4o<z5QD3d+-<GPYAyiw{t&b1i${H?)r*d
z^p{vy!4D|A@%9ov315TH1n^n-^}S*3{4e%J_}ojv+W9mAUxiP;G;DnjRD0g)+&7ZC
zx6vQr$C=FQ!vXzJ{0`97Ulz9ZX+E9%I)Lb7zs&yWim>$_jw$<4saFPl@2B+j7Jmi!
zQ?Crq{JUQ@^o^ehThC=MF9-FfHoD?9=qSTIe>?jFiEn`J;&s9CMc&J}di`wiiN6&3
zGj9s^mxHgrd3Jvl^y_a4_Sb;V{rqhHWSsZVm)F9+`&L8nD)??R_96O6QTE_&T<RGI
z-@}i0t%}&3Kb`CC!l&U^T)eaY5Wji&HTY#d+lSyK@WbHVII7^`_qfNU=o{d}cl+@+
z_$Ij5PY-<UcE5fIo(1>nBfrAfFZ%H~_z`e(o>3Ku@;3!u*66d~9SvRpZ-a-F5BVd0
z%HStGddX`I`~-Mfgr2;MT}zd-EWA1-#x8glJ9|EG=GUdIUpf){5xP^q;$8=&-01tr
zH8`h9zH)_6!VlrieT`>7DSor?iTC;a7QmOmgZx(D*Wk^4n5Vu{ZbR(fA6#w+{viAw
zwDuwK^aJn__{y)j+rzB?`-vaiY;R8-;x7r`_1FoX0Y9z5^WY5)UIIVn!KKV9c(kn6
z$E|hCz1~WkEp)~Q!`A)NEuFIu=!t*$lgPB|AN=0ma`$(${zu3&_()?X^LP?|1V5C0
z&y;mR>XS!*^v>|a=fov{6?D<xcJ~{>>)>H<?|5y28{m8SV;>TK7koFk&{A*j`aOhL
zgU@Mri8uPIlnHM>CmFErNL(p&*}L5RNAN883V1~Pt3&Vtcv7P;gD->cvBmrqeJucQ
zDtz3()Vl+|@`<o@K4I3|Jx>qdFB}hB`&<t%<wgE8vHw2(j?eZXe&gVsKVTmqpeCPb
z`2F_=mz#$_62MDYW%yI@%i>=hX8plypLF9APZPWjo)@iWd<x%%KM$YN@Y23R`0lB&
zb-p~l|J<4#+54c2eSo;XM8DhGx4ZM1f-inKy!D=I@AZQmeE+YUd|Ue$XMC36S08oq
z>g8+j%?W%9e)(+J`d$_7;<fL=SK(JQd64>z#6P@lU6=gFO6(!v<5GWh2%ZE#|8;ji
z5j+Fl2R~qo`D>1U@K`r&eZM&1{95Lf3cBGp!ZZDjbPRn9ef3N@@OiEt{JFmk-p7yN
z!+#gd$NmfZioa0nji#Ta;P?DxFrS0JNcrac<XI=Bz9sm^KNJ5Y{A0>ID*0`oPke{-
zFh1Ld;BD~p;43!BU%`9e>-!dc^U5#)kNlcnFLB1flmAXVq#sN<Z;<xRqEGxs*f>Ao
zyx6Qix`DB1{to&yzoKuT-@kn^;JGRP`AZLddH14mWC3ICd6aX%SNunQoq6uEMPpxR
zHhoI;&s#KN^Rwv-=vQfv!=j(k-jc@}`i)mCTJOPejT`5@Ms#g-{i~e3jP3Wfe(zj#
z19W?TYSCDe{^n~(>wc5yqU)@WDe@-m?JC!K&Pm2!3SHziiw1wxJnZcIC7(Hn!>?bo
z#xwOj;QBs{yS=2`3i|5xi`ILmw&pYUzDIOTbnQ2i7d}sluZJ#w)1r3#N&F-D0(_Rw
zx^*P>8_XZ@BjGjcUJAZ>aM9RM{P_GU<1Ysv`}sxRe!mDF*5DQJ;amLrI{2mrZ-I9-
zco+PX1|NXeHF)SZ*`I0f7<dVMpVUtslD8yy_3chOjX!rU?Vg2Szj<-%zTKpD7k_2+
z#-|sx@0$|74qv-<QM(_P{?LYBEvR;wuwNUX+oT-x`&rn@A^t;murGSRY3K2F6h02$
zIZ1uC^AB?!aQeCMY53$9g6;G0yB}QCUhk3k%kb-8TAcXa4AC{v)xWHCu5szi2h#7l
z=ng);<mz`4=KwqnF220|UF;%d@(6E^2hnhdHV$3}KQDl*TxUKI`wY4?KeC(@ojL^1
zgC7D9*&u%<o)UNlJTACreHFVJ`~mo^@ahn46TAYxXB+=;#pBLH4_)co{&<Gq&7nIU
zDKGLt_EQ)AcpSX)tRGK-U;Gb0o(0cu-{GpS_%DE;o%7>m@YJFouYp%0e!L0ZyVQ?&
zz}GL^VZFzi^5l?m``|}^#IGNLCtu{pqrb(x_Yyyz05AQxA5ViXzub@Kz}rbbUIbs;
z@5d|PgRA{`9sKaC{dfz!bgjR>UGRKnhp`qiQ(*o_@-P7J-?+obd+^YQ*h@aVXzinw
ziRfeC`%km3Dop+eo&>LepB6wJf@i>spV;Ah&OHyF2TzHXem;Jl5C<y5ufwkkAJCsg
z*Fd-O`#Y@nG*8fV(e1l;hjrc`pp)@8Lf5U6KR)Z`wHOOq^8OuT=TYu?F9m-X{$PN8
z4*tXh`x1PAf_)7>#*d!o0{pk&55nupmwff$kHVku%@fYNCA!dunV&zqLo>fQ^NHju
zf$l6iU3tQ1;KL6D^9A@7_*Jytd`lb^_%-<Egm`6rZK4~V++kfu*X|>o`vcN1`{>V~
z^7qRT_&M<XXmtHD_Fq{S;mg7Y^dpHojjs8{>HV^RuHKs7FRSQQzZ~2zoAAfl!Tq8O
z--Qoqry+dgtHJisJ1HMN$UX_bKEXZ<-wLpod==q`@S79bS#&jYjYp>U%Qm{gnc#T)
z@bw9NsKQu*59*h3_|RYMFa{Iim42B)cjhnYFPHES-}!}mzc1sZguZ`vhv$0>&h?R+
z@DHi^*R%hY{IuW?b$58bKjQkOF0=omyMQi?jeQ6{0^ii&(f`Ic2anid{)#>U-qzr0
z@KYK*2i^eR?eS9tuY-Hzseo5Ce(K;G8oUKw()j6u7c}?)Jg4y!`tR(sG<Xa=t-+Jv
z`@y~S%7E_!_tq;9zO3<60*`9&DtK7qrvZNPF~9#d_<3+|d-cG38hi+TR)a@ALPKfF
zje}p%=u_Z*4W0!*2ky;70sM>xFN2@b_^E+6G<XyIxCZZlOTE11_Q6kU^ds=529F+P
z-PZU?fFIM~Y48n=pB#8egBQUMYw!wqUW3=c4}yE^)dFAD;9c<j8hil0SA&Oso9lQQ
zJO&;H_x7tK_~@_wcn17}2G4`{HFyd99Jse$Rq!(!ya9engSWv?Xz(8RF%3Qh-vIa4
zEAl^RFAW|CKdix1;CT(61wRPxtyckjRfCto_iOMP_+Aa(1mB~<JK$k(Z@v29qp$n%
z5%>iS9=(h9(%=d3bKu^3rNPf=@ErIl4PFG#bG;xmwk{<2Tme7u&pV8?TxXbay-e1l
z7W%{DN7iL^h@UR_=3HbZKcWv+=_iqhv2TWQMV}P?u81*|3e0d_HIM%I^Je#775(!g
z2CwLv>R<K|ZS?UMMYP`+jKcTfH(nfZtyf|<0$&GD@>%zsf9!WC{>R*Q;x7q)5PZD-
z%>6%j8eH}!*8bkPUnF(~_*IQv89X_`t`5InW7h(YPq6F3@7351!J`3oQjh3Iso%v#
z>-k~L^{ym*4_;SKvCqP9!b@NA=2iG2{NC57ynC+u2w#QoU~iw7j9*`rJT~F$|98>V
zo`QG4YvAMKQ~dS8E8r`9_MUf%UFdH1E&t*6Cw4LL^WR&vp6~VSKZQ@hA2gP%>jNh5
zw72j%_&WRspLN%dOYqCvCtUx6kHbrh_F>jv*)7{3f2F(*_<`pH`y0S#;rEW&ne{)$
zd;}ix;4$!n;Hw@y3BIAhGvKGdS3LSW_-1s;)h<$Q3H&U$*^iWs;8pM*xHq1L(x3DA
zZ-XEGe)n}g$wv>o0lp%7O+OpKci_$Xd3cE<_Pbm&+T)Kq3El&*h+lPxJ_CN>2bX;P
zG7r8A&h}&LkoZdA>#-$cSy0dYLE&qP&k9ff@?Mv2!8a$^_Y|+Qmz<B__r74sdOz%z
zfB*fK`0ugKEH4>V-}#?&eMJ0a(DhzO|MKbF*ISCB`;o~y$!AS;m%H;Rd1-=o!FBZ#
zyDoe<?zbC&8{j%S@f*2^dcG)l{3PIu@Vn94hm@BFFKF-_cplu_kBi_3!Nax_{)(Rp
z_^Jl4gYVb)Z-MXg=%pTA@bKQ?dJN&uU*Rs_tbdI;?d5tq;S=yH@N0bb&Sw&T27UuR
zCi@6=h+Q7Ma%Hex8NLf|{(h^n6Mr@E{jc!nuL+(2_vWty9@F4`@Cf)G<y-!U|B=Ft
zv3LcKevIogSGoPiz!TtoaNW9R)*t@7@MHTi!Smv8|C0578vZSZ_$z_uUKyO18hjnz
z+?SbFR@_bSR?4534){rMZ(jP~$2Ir}{3y6LFVT-%xcPq3v2qjO<yX1=OFh!yMeu@X
zHS1&^{&WB@`6<IkUhS_>4cq|t)~5-6!4rr0>40y7OHB45cptnE?ycuY;p6*f(MLbQ
zx<t8ao_0)tFaL}`&NO%w+#6>OJfy*k;KLO)@2Wth+zNQ+HSRd2E_H<m<+lxg3_Bff
z)*rqP@12K6;OD@-aYv7HKBK`C;HSX7`Avhjz`gm+DSXp#4vD9DoHoCPay|L2fEUyL
zIP2hR;NCb};0HB$7km|bWH^VEI{;6-)*ol+_bvRaBRA)V7<eDOH_jw@_jUd_GvH^y
zy>aHjPigQH_z7@toK^73wf;C83NLx$Y=d7wKfb?^`u4!rR{e1f!E@l=I3s^R|I^@c
z@DzB}Q*H|U6u7tDvkE`r(HFq?T<4Fo41N^c+dpgIWpHntP4J=y?||pQ8=i9e;1|KY
zagG$e>Cs2;Wxjg7zugnyC$IO%nFg<ed*jT3S2cJMybSJb_X_x0#vf;0;okn)0$+ZE
zKh7@r?l=159Ds+wy>W)>%tzwKlZP01AKV*f68sE)#`77&Hly&Md8hy%y@CDicBde*
zD}%@06g+>`;n(23`-2vE=SF`$yWpq6z4aM@pVZ)?PqIFOODy&w<0l4Q2lv)9sc>CA
z#YYzY0(LrH{1)L;S%2IW@O|Lkxa;7{8oUL*8{8Xr7d#5?jeDSQU0mWL@`qgSz)r_Y
z+zI#we1y;TA$S`6IJh_N9QaWUUIbqU_r_fTFN1sIt}8q)g?i4@#77%`1G^x;4_}$U
zhwiiD)Y(h@;_y}5USi-7JOwWG-fJS(e<YqP_(|}TK$>`q@E!Pc0AGc_Fu}eFANg6m
zy~Ndp-v{q)j{*3y1`nN}A8GIyxS_$5;1Zv=A7sG$8axkv4&2+`CGZ}&_k5}f-UVNl
z{HR0f)zIk8_6JYBMV}Ah`|uZXdS3j7K1F-J&3)ZM>|)@pwI%ERx90pj1%K)ngZUhM
z^IhsXfyTZh_P6PI>5Db^*az4r%6vKgoci6)dAG#hMtAU|OU8i^|4@hEJ@BKy=f)G@
zL-50&<hs%v|Cn;0R`l^tQ;#n!@lKcNddXWBefcN#*Fl9Z!f#CAtMHWxd=viY1ilMj
zoxl&_k4@mC_mlexd=mcn1U?I2pTHO4PfXye@Qn$46aM4`z6;-+zz^Y1P2i&q`uzkx
z34c0(mwuOpZ^MsuM|12Kz=Przy9&I-?X|0ePs(>2Uh=&cAG-Or4=?%Lr{SgC&}Xdr
zhJ{y$;4yHq^WsTx=^tJ^11|m6i|4^h8oUHv(BM_@oCa@zXEb;lJf*>V;0X;r1dnO(
z$Y)tsG<Y0*l=Rmt1wPQ=S@50*mvLVJ?||=>9BbCa3VatnsGS<{eUD#hr?#^5=Di2r
z*64@eO${D-fPSRG<KR^do&qmx@GN*ygBQT_8oUgi)!;Sov<7d2CpCBnJg&j};86`e
z0uOm`X{YE()`%<h?I3&-UhH)3BzzWL$_r}eB7AIueHA`2!M+JE_1{NXx_;D!m%Pau
zs^f?7s}uO>=P(Q4rN1TN&wk1M+^^I-1HM1NPWS?R3Vwsny0|Lv^$GS3_!ATCJMg<1
zzd`jLz(?VO%8&e!HBSZEC*ap7*k|C+Pbj|tKbXK*;4e(z8}P#kd<XvG1bzTNn!ras
zPrJM#IDZNF&;&jMAD+M$;3M$)ZIq+g4_4q0ToueW;H&#1WB04v&*OIBTNC&Jd>=k7
z{ZCVVq)GfgrRNivB;XV9Wr=^vzES#64*mKoiC6Ri&yUJ@Dx)iZQJuf>Z#e|7f#=`q
z-w!mw4}b^t(=L1#ep4K6-PdxSD;&bF9Ee!YcY63JCec5ppJ~cXfNxGHHv``fC|CRz
z;OjZ}^8_+4l)-D@LGxK1z5$;>>#dLYZNr~~j|i_0!F%8x4L$@vt-&K-U|rPUaqtrw
zJOwUsFWZIk*PQ>srJg0hJ?p&0RfIR*rq&11a0p%j-wnPjfI0-PgYN<N)~^K~0Z-au
z{))Z}z875jtbGVR08eT3p$F;C9{*C07<dMJzc}&KL--VY9{#`<?;eji_$vIWhL^ru
zf^WgMg=c(N_jld*U(NcXJNR~YzY)9zegNE?mo9i(qaT2$H2Tmft`~rZBo1|m{}^~o
zgD1hm8b2BE5%uxLlLx;59=4tHSNxa2H$AxIr3!u){EX-)%o{Cqhlyj{ue3`S{1Etx
z*n8Sd${oV5d+em#$e&pL{N+0Luf;xzZuiaZas|(T8{oV7V;>Sv9{eKZ1&!}Ad>Ffo
z7-{CCI(!n|o7WcjUJc#_k7@7$xWw)C6Z#_Sng)-7OWcwh`;hu1m4017O@6cRdHn4a
zULBI30(cR8*#`M5cp1E;DZd7O7~IU8vJrg~d;>h8F!>{R2fU`i``{-%{-qux@H+T@
zap0+k@Ue#&WAH)aI|V<0U){2I#=qn&2Om8&eSDYEokTa@Z=^mo@Dt$P_G*IHH2MyB
zRip2NZ-9p+PIZX?5qMF9M_Y^^jh_T~R)eR(SHZ`}q4>{%@7Lf(@R0|Pp|5}sz*qR}
zZ4dF+fRFrwznnJsSr0D$df=zQD;j^okKhyUh#2b{UdoGoiJ0KMc}s#H0r%E71HJ|>
zw)P?A<iYdc=6KNbvod@EK4^ZZ!<XO-;?%Tv`k9o~hTnL-zn}EL&%V<gzr-^HZ-EDu
z7yUA0DS(&qlJMtlb^8@O10MNBKb{9)f0rLGfj4jS<5lp)yZv|r{Lp*+cpJQWyC3g?
zpE>Nuhv1`M^5c<*SqI<i$K&Anq90FzANv(Qo(1o`&y7po3*zTj$Dez2+EMrleClX$
ze{H~@fL}+e8y_9`@Nc`zm3HZa53%$1*AaLhTr~C}aYRqEE`ta4*ChOT_@Mrig}(?N
z)L)D6>s5E0X8pkn;6Z*H@TCA=>d=AT_^8{jS%2`>-F|!ozVCPac=S(cr{DAA3Gm)M
zemo7n`(u7Q2cG`8A1{I*`Gg;@fH#i&@jCeC@B8r<c=TRB-UVN+`|$yI>630;@*es#
z_SYwZ`(+${@a5p^25I>0!x8Iu<~;M8<UbF80^U21mcXmv-hNpHFN1sgWdnR2Jg8rG
z;5Xod`p*FV7<`VHyz{8!A@UXWj_{c+-g%x^VoAU^PrK_Oc4_eA;6df);ZIKB%TjJy
z)k||;UWe~Z;M?%Eo;sh^*!SW4{}9}Mp*HDwGPwQX@W<i3?Uw?tfP3373tj^EwqF7K
z2zXHYRp8g*gYwvbKMEhzejWG@d{Fxh;2WFndPw_)zDmCU4=Ohfe_{fkh98cC^Ph)L
zeJ^6Y7u&PHm-5T-1NftS*3Ij6_?)rRm;V;{D!4cQUGV)Hd;q=|+}kdpKj*qJcu>2<
z;S&@1G<*_1D1UkQG<?u{P?qvv<KDkWUTWZbz>Au^2;YJ)z?TE~9{gGOWB@;c?+5Ub
zqu3*?WAGudSBI3F1Q)xwV4C?Z3tzk@;=120+5-3yaAO<)2sp15T@~E{#``%wJLiM$
z>jI){p)+1PSts%K(Vax6i&yy28Rj+k6ra7<1tkx0__Oe<!mC5<QsBnx#^)7hKO<%3
z;Md^I=V2#Y-zcNYUmNi~_fZ31Wn2Ws-Ga}+ODwv$d&)i}ygH;lL+~VaVH@PH;E}(e
zuHd`JaPb`nkAbfW?%96}pN3Dv2ljvXEWEBBQf?XkAp9QjuMY8BQ+QG^Pd^jB1%Dbl
z@!_q%@ICmZU9M(b7{OnFuZcbLlJ`A{vA-lX#;qB*$6m@z!Jmd7k6Z98cy_xRmv{=`
zm4%(!_7c7VzX6}-v#!1k_y+t+0N;VX0AE!6_<J@at^s^+hdVC8LtpdbQs)?WZgHnE
z6n_)OYZ~3&rJcs+1f5xbbergsqSLfz1%3#xyB;BNHsB+~@9np3@DX<7xRloekD*`T
zv$uW4-v~Yh&y2Knh+VY9z8L(7%u|{;lkgjno!WU<{AS?`JKgJ*S%2_@;6dY{0-u8y
zANC=3b?_6Hj<>rr&j{a!Z|>e1_#VVQeD66st#PgC$D#kpeDHmWR|SjT82CE4Gwz-J
zpzta9lhK{Vve<b13ZH`yf4`oWI+oxM!F%VMD)>Qgr(Ab^oA9k42<E%+efR?smu9{i
z!bdODw?hJx=wDGC`1~CI(7s>9d2gQ7BaOZk+iAVum4C}&)*pQEeA;C@fG0mvP6__d
zGUI*5avJE1Kk6^14c>pzPUB!eIeqxpOJ=W6^ihV(%lzdez)xQhT%Qbl@+W35r-Xj(
zDt|du@N@fv%W1-AuHI>^&zQG9`r3-WoDq2BHNoY?&eH$WvzL=WfA%_mIeGAv>x0WF
z!#CeBdp~HRKl5gPIUVr*+2DRKfIs|mvzHV5I_uwC{pBRVhq>T#vhazUcN&=)+oz0v
zHSaH{27c<D!R55zFWfqNIRo^Ocl*l;{WW9pJ;CL~;hTqNFDHxs?63ICDS)rMKe(I<
z{E=Usy_^>M>aY3B>4JyWgUcDhr+#zxa^jCMAAiVSP73_Y#!ll<z`T=#58t`d$j;ag
zD(DkO{pHlbYrh>_P8+^=*G_&bjY)ON_wi-z9ilJYv(q>(aR)qCD)V!!i}qtXjf<BA
z>tM`7)`1NA>b*Oy^9Y4Yd3o?t;6=f<&VT*qGZl2ZKfTlFNL;S{mUI72)|Do@^Iv5@
zAp4Uof7bndDX$BE?17!u_ZGHze|aNxN4`cs5I?@>8Jzc_#=k-SJ4)w@%Xto0@|8h%
z<WW_w&!6V~N9faMnP0K>uG8YL24DVb_LUOfly((;2Ys@;)9B5pAEDp;2JJheKJho~
z!ycbKo*epve@lN5|5M&)A@Ntx=l_m=K4UyB^wlTWF9+(K_n?XY0s2}`wWBtlZhh==
z`t9HEG|mM2clJTjFEi*5JgL9VA$$S827i&y-u<}n75L&N`!*@hb3P{VH{d(pRJ?Xy
z=8nIIe()66b!7Z%>+6m`a*pwSUY+ll<vaUb8CMDTGyi+1am+U#xW{J}-TrUy<lN9I
zcl`YgQqLm%Irx<L@zhhwslvDaAI<|L53c#iT}}&K=s)!5i&0E_@Q1(WKEDxs2%gvA
zk-sIJZM%Hed*a}U&@StFmaX~3d7dZ@zX5N4k5qHMl!rgJu*)+aIre4vW_VZN`(f+w
zo#?Kq^Hc}jh3{9ofO$&tKSbBMY?pC}&)#`Q@*n*>u6g|6F6;OD0{n<Bg)XyqmuDV!
z&$Ciq9$o$=yR_%E!k6Jo@EtyT<B@(}hfn>)u9^C==)35XKe@{|BkRZv{XX;reeUXA
z*6$p8+E@I=;fE`<-;CoZi+=suUDo?)J^mzbMflnqcWK^-@2n@1mm0dl+jecef5i9x
z2l&Ce$Uj=|I1>9Fe5w%KZ%6RQ;5WtI({CltSdV`4E7SX38r|mmCigq>S3nm!vdelO
zr*D0<)?10Yimr0UF3)?wo$=CyUoGznJiqP2AAuj?OY$<FH*@^MXFs^hb)7-*$loK^
z;BoMb22X*PHg>tL^NOD=___u!fR{aZ41F1V13b%TZ@iMXI(!TMpo{m9vktlex&xx~
zocBvV9>B*wOuv+Ip<O@R>p|=vXs<i<{v@sxeCy~g<2aw4xZQC{xp{Qyk21bxKG&A(
ztXq<gD*Da4cNqgdd+Q<jZNfK>x$`dZbihx7mqYv`VBQk{Lv)dk?J|z>*@@fgUlMQh
zNy>*mIYYdnPoqEdiCxCVjCn1hPu;i6x?b$LE@IXnJ_FyE_&n_>d=vigiCxzFYCYpt
z;_1R4{0#X~>*s+f@7)h=G7o%qm-YMD0pn8gn?RR7xywju{W|;QEV=`q+hx6{IAHyj
zb}XSg+T7*4ZdnCC`6rBjDMvGYoA8Ie?6wns9q<nLGN0{3^3~tuI?G=M&x4_VWWNDF
z5+hGOrQUJ)TzC3Bm_fJxjmh(%#8X6<{M%jJQ}dT6SQY-zw{{t)xA70{cyW)@Hu`h_
ztmZRKf9k_`;P*&*8b0(*>L0*MUgPi=p7zg|DewWf3^)4_eHQ#2`1ti`$zuV02ws$W
z1&mM8Rne_{+dKdJ=am+^;zibN@i%3im%I+p8~>NQ%X#vYyh<Fgr)1xD>BRmne$(g*
zi<cS+iNiO3+~<Abw}^gi>C&n5W)0mYx)U?hPyBY!XP<MaHE+1`>)tmH(UqQisj-5M
zjIZ(gKH?|ZXYT=T-nVm&UuS<J?VLh)EPAOmuZu4ZvCo2Me&AB;J@l?P9D5lDa%}t0
z2QqIqwv~Q(NA2J57pJ8Cd65^G_ejK7`IFm>i@Ujw@`BI(zu%K%N;@a9$?^a67q%Jc
z9oRjr>}YS#JXo`4EW{jQSLOc){&bsB-;Uj7e>9;yXT6g4@9_WJSGSq(2?;MKyRCW4
z-EXB%GS8&`e4Dwxg`ZLJk*D!}iug72|Hw9TUJgH@bguSr+EwDu(odHEVw-XN65{{f
zZ26LMD%e$7oaMYb{G_fNr`;re8E^5w-e&GI!e3E(&pIW3`{-ibZRYRehVP&3SM*Wx
zzWg_|o5XR~biKSMGx@lR`@PfkMfCY|N`KRIz4U`KPi-^LgThxUy{kVv`Io$O(VwEy
z(hghtt$yI_FGlD#2iwf|R)?=}{95hr?=K13v-L0AjJEiFvC@0St>iC@?#wg9i~sOt
zlj|q_Mc&hW>R-1REzv)F((3QpdC}?bV%NehG1_Kqirv$*+YPa6Z{Kd&Ju#b|)GHBU
zjD6pBV@=BYnzD1XgVR4npF>|{lPh@+f8NpS@+<lZ`jzKxH=nl%->39j?dEO|(YMf_
zN55Cv<4(uF^Set<zmR+l(C>cXcB4c6!?!8@lsrp0ajqNhdC_+B`dRo^ryN~9;^^f%
zbNt2It^WE}Z#}I3C-IcfReyZDv0LJ~VYYb0u8CbPsoL+=v)M^K2H15|+s)tI312a}
z9#W3{p4O39Q4fjlGNqp~?@KvZ>^iUAZoVfbyfD3-GWy7Ms+?yYm@wZv`z^Emu?uCl
zoA1L9Kc(yf`lGbV0R8Eo-EPebPb>Xa|FYUebW!#t=ij#7{N0Z5la62Sx{yM5`0d+`
z)7XT+=GFQ8YeDuqH*YsiNq>FV(L4Rs89x$74gJQU?bbZ}mEd^W=o+_dH@~M7eo(J7
z+aFyfugZU5digOnj@@^v@;|TlD{-dLU1U-?BYC(_uaolmiDBc|FK#z#(w{!zl&{8-
z>-PdgUqhdM_jYSNykF^E>#mb8>8~C1`Cn#y%Y5?@rJpjs#V)kSyz?unoL`?@4s!F5
zdh^q4#@e53x7OdcDm%~mE4n<oqv&L>6}~~~Jo|sqRnXPGvE4i$311zoYoe>$x+{Wp
zJ#^{6QT{Fu)`gbn7q;#)y-s3Jpj$_`BK6pzbm?8Y@7n(Hki^d`vy4rfzeMqx^SC0q
z?Bm;wjQDx>v(|Xm<gJG82s$%w-%>hF-rDHm{3uvn{5>}A&wbsTpQ<u8&{akEm2sW(
zT!+*n%6@f-Zc}s*1nW}h8h^`tBD(v>bxyg`kMro_f4AMdP7uCF>0I-avrb9*RrD9p
z9}&NID7~iM{Dh0K`ULrr`Q&z`)68dmbgABU<FNR<Wjs!Iy?OPxQAW2{bT<Z<n^d}G
z(Y-oY$5&5{)A$>R?xo}9y7N;;7ybwK38H(!xXy_W$~;p1w~0RcPpmI8kL*zTDeICl
zH_tDI*r)$xyHR953}2z_^O5Ht@?M|0$60S=o=EJZ|NkrV#HF*BD|S3mU>r?eVzgL)
z!<Wq#uk?c&cIRGqiPdi3{mj@naq=g+HoE0&mF|gP-2mO1t$R3F$1M)yBs#f%8NN4I
zmqK?A-Kyw56s*gmyJ+if)9WNp6?C!HON_M_;_n8f^PeyNp7(sQjotYVUSece-@{iZ
zyD9xa${S&~hnr|sv3u_9<t1tVLGu#xx@7p7hSe@pt~VqouYleDGnW_}QObK%*#*o4
zqOYN^{aDCYk@f5WrQaIg{{2M<eS=N<ip&T1c=gu)2Dj!R{zvF5FAG`g>xU-CBmFGF
z`G4z*ka2>~;d}M|MVCdF;>TNS<2uj$F6EcdokM5#v(GDk9vw3C5Pbvv-j|1r3ZKJw
zdCT|bqldnXeqHppPuEAD!&v<Z<^THW`V{)p=uQ7Go~|#TKldtC-%FG}puW;SYv?b2
zC}bRz_O$gg^s_E@;k!cS`$fV}-*5HLfPN$8guah9yC-B^ka8YX`Wg03DeNL2Q}Io-
zbLLTL$0BwYKd$=GS0=|N`a1e!pHThjf$91#`quA<%=>=fdz9Wa&fNRP&~qu{4?@O1
zssCNG)nDRDVb{4gWd1%w_>Spu70|EOL+16#@a>c168|;yqfgRbB(7VP-q-%l_5Kd}
z<@-YBdkn%id*gA=JBR36=r+XfjX{3h*Gnay1oKwpQz2`gf4$egd;G~fkVAhFeTmQE
ztCZgC@6P%qe#_`GpAK33qZccktG%54k?5P~58toye%a(WMBhh$;4>lfdq3ezru&b6
zKl_8vs(OCs(-X&!_)nwnp+Cpx@DtPZMfBYV)cAa4vR?97M_>GW$cRXL-S5>~?J99}
zB#tKISmL->=>qbYL^DEv;0qyZ-}Mot_w_G-KS=%n`<YjU%-^*M-{#oq&SNF6Jo<Vn
zWaMNWyHlrkw{I2wS>{ReI@<#}y)%Bre;a*%C1l>G3O}gRyZsN*?|u#aP4f8_rT6VK
ztZ^m&<Ck$g@0yVLTuAt9)BR`BAAPOz|M+zOW%R4pD*sPT_uoXn`?`>MT{rynbpL(y
z?bnBlq15-8>HeeKpxVfU%<IeH?@iaI(MR7HGVecx7o72>yFMoQETTVogYy4erKjIH
z{m0#2b@Zt>DgV!#?!Sxv+?yGXQeS&Mart-mpU@97FK1PIT`}E%68*k>$lCv1t@QLC
zC;p|6b6<OImHmg=|Iwd(XUJ%b$1_1+MW48p`AzgQ<fo1PI6ty$*4J*Y3I2!ZSKk$~
zt^>}XkN*(+-P=_DZM`d>?)J)}?>wm1Q(MnGr0Wkdzm-LQ3O%2<`m^SIw}GyUE-yNJ
zTzPbo?=HFn4>6wP{Lr3X1IibD=y}YWf6uxs^V5{^E%7GNpZ{{md>^dezcU}_(CzzE
z701JB90kN7ek<rNw$(gl&r4f+$8Qr|<InB$g6V$y=v!x)uS3-DF0bD5E9FOGjGGSo
zEYbaXur7%%^YxH%RPuG3UMK5I4qfxHkWmzWHz}R=yv%)Hql(>y$5}7L?v_b*&c0I0
z>tJ{INydT1^?}*!%=Uji^XWH3=5r|i`uO)XN%Tk1FU$D6S(UT3zqaz3lKP{&*k>Oq
z@!Y6%jLS*a889;ssZS02v;V~UEdBV(+3F*9UF_=5FyF{|tzE7*?@s<C50M`x=6|MM
z67PMgysiG{&qE6R`F{%;yCn|~IeA!?>nI<e{}`8Jt@#gK=G!6Txae%ZTlw<)t)f5v
ze?!)FBYQpHio+QPEp*j?2^mKuUVFb2;8*f8K%ab8?RP$};+<i?6Mq5ih+RVB_r>Fn
zKa0NbA0hL(oA9IFJUa20(5)}cS?jVr@6bOExUNH4`w)r0fj%9Xv-UY->%PA~Ipayj
zbsxL)JLjzHG*78`Jo|9bMV6`Gt~vAj;o--|b?){|qRXJWh)sBGUK?Bgj@c`M^s7Aj
z=%q?;_Y>MPNMA*NZugw|y@>IA2kG1B)4W9cxb%Z5{w0q?^d~QyGb%E!?D(gQOR-D5
zP}Yh$^LN3w%F)`n^Pk6VJvL`_@v)WHt$ynChYGsH^XII6{u4p{)7h7{(1(9`&N{EL
z*F#rc?N+eH;Q;*!TW`1T1bysB*eAST&N`p4`>`i(s$?G0&KdOK<vAlI?ciI#+~Y*@
zSwesQa{8Oh^S1vf^OV>%v5W1UGfv6%)bFW0&0sgcuJ+?|*8Q|AoqeZ!yt&VJq`dg$
ztVb`Kv#yhk?I$PMNj`Ge?b)a7?0uzc-{kB=rJM@-)tAp1C#7H7`@R|K)yD30a?X4%
zJ$&!%^%`M!{uOhEJl7Du+u6rXnolIoB$Gw&r{=8t*7o(A8RpRfb|-(@9;d22SO0V8
zqlP~DGjqmiiSOar<LhE~_O)~7a~NCKzh;Op@}uPAIu+kjljD>2O`$)?mkVps-@i3k
zpFv+hpSy9+SeNT_Pb&T4$n%eHb4~bkK>NnS-0Ba_T^E~s{SVJwzdV=uk-0a-=id0D
zxf{4aBjva7SK-USJwAuOqbuJT|D?nipg(sT@rwR2rT2_y@f&>+*Qq}?XYB)?Rk{iN
zHjRGoCse<+>ouj{N;xI$j{kuw$If>^Iihc%Z+~*mx=!?nuD<U6(?fsm({tAIAv5+<
z$y4;jobTVS*1^xKay-{*C7u+z*dNXreLjcp^XAh(-xbiGMSo2Ci+x>khCJ1=YY@*_
zDaRhCu5shEv&7X!pJ^!lUAjCudKu3l`qKdY;cfW;h|<q6UQ*aCKcL3T9lCOy_K>&=
z=qrDu^dFk6m$+)^M?CD(mweqhTU=t-#qPv|j0>@|<C;<*v5UNf{p6p`ajhM@52*5{
zw2#=Ov5S6@{Z)7@&Kc}V*d@NI%DYV6513*nd2C`gdSuT0K3w<?W#_A(vrp)wKk=8W
zdr~j^K2N|tQ~XDNjOWq*O0|=H-^A75-0hl1zxV6ZL;BBqRXhQD$yX75waY$1^maVH
z_}%NU#MQv=*f&%^wd);F4=JaIKK(d(nxmYL%%0!qOX)*B=4pxVPA9**{in<qY4q`b
zV7?fyzh_<*T>;(NlWM;Hfb#3nNj<CRVw-c;eIL7?<i{!B8NZ@$qfh^%+SlBs%fDMc
zM1Sy`bLRK@!nWR*f9Jd-P9dqM)I4q9cXP$#^asK*56OQHyZHYi`7#deel(?ji(M7F
z!9P)dv3o*SAAfn0hYtT){WkTIe*UPko6tW-Vr0x4@dflxD*X)cC4Zd#;DWOIz-;%M
zrKkdSr=C&!Y5O?<*En(7N%Bxb-~U(oyVU2|*~{r-7yGw4>$?8q%5FkAp_kEro@HH?
zd_OdMIVrK*HE$e~et(~?9H*Vk`lD}LI&YoV+vT|8a`a~X(XZ{EH!|aK`P$PxPl#O?
zyVCc~tNZ4Y>f@ZJiCyFhxfi9%v!8pIQl8W+ja}^p^XB`+!go7)&|U8oeGz?OdER`V
zQTYAS^>y_7Ua0gpP1kqP4{iNbll4;X5Eov%FPk?G?VuemQ+i*$t@!}Cd5B#KyY||=
z!Kpger<C0c<EMyS{PuZcQ~I_2yv7XkNdvq7d*_YgA?&W1y}UklnIrSYfhFwhem6s$
zv6pl0;y1~=^uK3jFE5MT@(1UQy2SbP>~<CGDjz1Fl9vVboRDu`cK3JbPi^cD{WtO=
zaehygH(^{2(VzVY<5uFkM3qB(Pde|DauPqmzWAf_*1GgOW#=l#nZHDzL%;TW^VYuA
ze$HxwzJfk{5B*T;aZOPDopq^&e*eejt?Tgi^JO!%>kzyAAIw|lZT53>uDG0eh-#RJ
ztlx<%sehgMOWNlKr~cMBx31%eE{m>mV%~b5;HF?*30?J5^XB)}x1L*MKQR71eHmwU
zbf-S8`n~-e<dk|!96js~|Mk52UWTy!TqpG$kJlXk{O96l86THZubb3!n=|-NVVCJD
z|MvGjJpQF0<k986q1K7dPyRlH#9c*y=5giM{=SXIZwuYIbMzNkf9_J>_X(Is#P0z8
zp(p08^R;U}Z{64T_!V9BCs{vx^Va?Rn}c;JbfqWft>-^Kpmdt+s(ExL(B<$QzE!W2
zJXO#Q(3PY<H!7X0KJM|=LVx(1DzA3=)W_K;I{nzJKl<Lcn0F<PTlDpkIHIqh4bHQ_
zkvMK};&5N@vc{qKO{3rV->Sdcdd<GJfUeC$_{-+_cKqt%rKyY>`r3tgqq0mK&nW$r
zekpcc>@MtHF#2*n_VgcH?L5U!>Jhn$dHWX@tn-rlzo6|O;y;P5_=5{Z_)_t&bW{9`
zT>-oF-UXw;{kZUL56&D{9lJJhoySM`@-GI))j@aQngxSbz;WK9bW`GzdWZHij^D9h
z_2c)qEdQE*oIrO3o!O6X(d(q1S#;U_f^p8ACzWnW9Aa0&Zg}g0bwBCV%5KW~Cw6V@
zI%^BYy7a4;&Sod|9$}ZdVZr>p&hVYePBS0Ge~Rm?e0jsn{{&qI-TJ#1tnqc9-k-!<
zM7RGv3+DIz!gnd1Z@=YV=Ns6Ce|f>WKVaLr#=Cod=%MeU&&W8o+ciKhaYbIqeD>xA
zqb~cv2UJ{B+D+z*G<Ij+yI`zIIp0%uu6fIuheTgQzwgL`aZ1|j#b2`eo3EX%`9<_~
z^ojKa^Y^R5mrmDr(GTt*9`SF-<Epnip3v3oM}KQUUGJP6zvL;2KDvSb5dNQ>El*-s
zz^-_7!MGsf;?ddc%=%*&xm(5e@bvh)=tsvEtnb-8sPt3zcV_#icy8&qitql};={y9
z^PeLp)Of#VHapDBL&_~<zjBg(D*3!)HhUSrE$p&Q%H?zTJIc;8ekFf>bfG_9u%3&)
zOZA_v^~rsmR`k)I=Ko({97}(G!0B(!I^~Qri9e0L{osO;m;UyUqj#^D?(r<~m$19=
zCky8Lc*5UOcAn>1L{~>=d~v}@^C$e6(s|}*iMxX?kIsC~=vk%P%7?$6BlMdOF|SEI
zpHX`6JfyyzE&da);=0k77p(jEcYb+m-0Jco`W*VrhZl^a;{Wo8C+el174+FZrJsxb
zA*J7n-?>lPM3?!q1#5rum{;eoXCM8_S6Hv5eV&>gNA%U)xBIGUmm5x7ackNog>El8
zvt6!MI#0Vuz4GX?=n8xe-{|PZ--~S4A6*CC0nxoWSl5(t|8hZnuSV%Sc@lp;bOUr}
z#ouL0=Q+QSb_%Vq-}{=HUl)|lHGez(UHm4|H#!T}bHLB2e0uzfE{87jKiP-zIsBxz
zot*Y8qYM8P`wD6IN0rXo4}aI$Z#K~<A6>BSdj<3pv;OFI^D@S|lz*QS=lJ=LS^uA5
zpNY;a|1Kv^UB8y`o<x7<>kCFv`qKxLe#$y2@f5HNbr;O{iG*)=%JIfiMYpH7V157e
z1>W{`_iyprMt=;wIc}cowDY)MiF+V^pIk7%-ygQyS-UQ{p9_k=hJD$lisw7txZUwc
zIa&0@e_XK6%e3RoS$~n6ht#8jUF?4?Sl@TD$F(`0+|Qph(Op1iY$N{<PmV|0w~zkx
zKP?z1<T}+Sl-}FF)I29~M6Y3gHdwH(pMKZt-#O1up^JQ5tv><%Tm0qGwa~Tr9DYRk
z+gg7de-(5G{$;^@&q?@xPr2&bv69~=y7d=?t^0L%JM}r_yN&Ez-;_KIusgLJw&qQ{
z-)_wt?sgP?EKR!;Pg(MOiz;WrypTbE;=+P;edt=H*R)>|-Nye}u+DR@^wjfr+;K>K
z>*!bhmGLfd*z3rY@h0*2uxo#JK|SZHTd$UC_RJ>bL|)5vv45lg$^Q3SN<XC>u}fnY
zo(o&gtKXpNqqD0y?ICt0?5gu&W91U;ubN<IKMsJ6)T@bIZz*hDH@aHcZS^O2{zTtL
ze{x6Id@ok`1xoK~M`t`rT+!FjXX9aO-Cj_7?|AuL_kKpo$zZqpC1LY-b;Hl9{Q2yh
z>vtve=^qPQ{ouK?l@pixV|Vn2$eZ+sXH+?MKUU*}rZ;-%5{a<+z4P$XO1Bny{`ySM
zTi}30@)5t5ahVJoDf4>5Z2dyw%wf0ZHDTj8pTqa4`f0{P8QoEIX{pbLbnRpJQY)S&
z`ua6t>$$=A&XzZ+#{j!SuMJz*S8r2xx_;{EZ}C;e>$NIAyMMd-j}xEtgDm<QH^Wm>
zAG?1B^aIhC(Vw_3Z1B}jXM6|rXQ@XMef(#`)_n)Nf6h>k0d}Legeipo?Fh)**nT&5
z9sT(?!qz%q=PMvCv;U(%_WrQJB`dC*>Dtjf-;~7vQO2><+nz6{)Whum*!BL0>i>3s
z@$@UnQx9FS8n(VaX6t<I;2y_f7kxcz@$ZDq-wO!a_14Dap3gGaoxeM5EQhGit&{qf
z+pdhA@p0yX?PGb<mgnqCB+eFgXO4%Bu#{)7PgCrqorc&QtB0-ckzTLj3}{y=Cw@IP
z=*{Qy>~@_}jye9ZJAWc<o!?!f%JG~>nEfAJ_0wVN`qC9jXU}K9Gw*sYhQ!lE-#i^Q
zatqYk_B$mWu^V7_?h*D4VmD(w%=%~Or;n=g-a4sW-R+aZF8Mc%YbkGHe{kDXu}l9w
z`4&5Sew(3w9qd|M^yQKO-(Q$L&d?iVzsI~Nc6ZKhm%{GQGb*3<K5R;y3EH8EUGG!O
zU((<2RppJ(r(3%cYrU_dZ{4rvp}Ulx{t<M3(nY_~Q0qg`e%G^pOFKv2$a&@G822)N
z-9LLC(%7ANFl?NVacJ+CXUIbdyT&MNJ*WAkbDrbW%h{L6cxs?O++u&h=kOy+@0s^R
z*A>6$4vOx9VBH8^58YAG-K{@wlJ<(<Ks#KrXq=Sxx<lz`FZcBwXJ3;=e>}Ws-Cw;;
z>6v#Y?aw9u73_{(x@f)k?!C&+)y_^nkei3Z*T(L^tCp<i3hnC)<NfJw$4<%_qCd5=
zWWJv@e2Xe)N_&Z2f(sMj*De|BvR>UhyImf;?5eW6X?D9BcE_(*cJ_6c8RG0>H+ZA6
zyLR^SB5z_Ic(byzufNPtUK+dd&nmmCW-qUV-PwanMqcuH#q4%X?2MeUyL@)L0e1Ut
zR(AIFpc(2He>26sW69tvlI)viD^L1m4!d)|xMW?&u&+x5tZOoEE9g`7|8+ixzo+IO
zb9~$1CbH(kCc1s^QvLlY&HU-<?|t;g3bc>J|IF<3TI@#7oenP<r=)$Jp4~2s-5M`B
zGVSd6X2^2|yTSXF-4nBy*T(Mf2bA4ov)hfZ8~&QI``YYw$t>6Ve^c3gWp=v)cB2o{
zZj#T3X1A+jcj&{)?t$6udf2rq%FbSAXK07$&obv9UE;R{i1Yu)x}L$Vd-sxcecWDm
z1Lk2FA0_mSk1bi}+4j2b(!0;A8t5aRQ2y=xyi4!Q^WwjUezUIpe?aBUrFZ<x_>24;
z*IE8>$v7+LZMQ4^)_Aq9Qzg+Q(Vf3<$@>1kt($UQA@LNj8-9v@!{_i#ns~<cJyK2$
zed*In*7G*k%--%@?Dl<j$$I|pdSy2yJ}ED96Z8McCF{Q7m6OVIpTDHBTl*vCRoNdr
zZ+5#9cGc#RA@Ac1U!v^v@1gp5^kY9Tx4K8of7l&3wPe2UHhh_~+iEBO`9dH406mY=
z^Sz=;@wxZmF*Z<ZUtY4le|p6vJ9j>^*d_i<^^b||=GaO9t6;aEm$~t(TAnBL*30RC
zO?3UQE?MuBuyxvT?f94W9bgwevt;xo-xJ%(orm~aIN$mj{Z``Iq2ijMKjpAX{?8@r
zIcEEM*bH%2vCBTXWE7-7JvHfile>N$>^8ox`tR3fw+sC|`@zSStnbTzUfIzP5Bshs
ztGvvu#w4F9?2bIXWL;N(WKwzVd={}g-&^8l$h7*o?Hbsf+*ITGyR(<qm->Bk$!JJ<
zGhWw~`6~8S?lXLgd`i1Ns>%zPKSiHG-}~Rp1EPO;y1s<|^wUe$`}-bHdS@Je)avm#
z<`Dl4^pS5b8Ow5h_6eo;^+V@8q=$av-<OOFQtyu_y|({3d6sgbIhy8@9ag>HKfNAl
z^cO-qta{%%U0+1so!?>A`zEEIQ13eW<?s%JN5Q#Hrt}l)-9?}I!5!xB&V;X0`YH7`
z=l{2Hz7gADT$FM5g4ygOUuo?2Ei791V;3gZN9MUA`u_3`^Y_`pw%)VP6<rNo=7maU
z-=FvBB<?o4%^%reJ#Y17z<vDR-Q|1F`Ut!A7vcZ=sITpRN}eRH<lC+Ka+<~cY*k;+
zdAP)tLzmmX!)Qo8uU0x=yZPg)Vi)~s+Ck>&8)mobVAoyQVf3Xww<x<Q^^rJ3H<O1O
zcUaFO+4JTMai*|KAKYO*=l$gD<rT5(-m=4bKIdDr+cmJ;f9nqGI?Kd$!5Pm|zdm+@
zU*2K8kKVoyG9@q4uVaUpKi;>)x_)fO>6-tX{ic+YK|gr^4(t89k4>nT=RQ~&yX5?$
zvHyo?H+!C)A-<N_EiYn=oqa!>_;lB0q~8wE?|;#vb-m|dbsp>Kx90r!3(N!md53k~
z|6Zk=Fh8Zy7e1i$ADXT&qTgRqdi(m&1pjsPq5q=v_H~d6`Y!sjw*JcL@r2&NT=Q$n
zzkOX`g8wA?wO?2IXTAG0|NX~2`sBLOKRI1rMQ{9u(tl;TzKy<P>+hScAEH0@o67&4
zll9VX;<s==^bY1%K5v~DZQU=hR%z)s8FbOI@@t>p1msctme6maH~n6%;?Vf5qdWRR
z<@fUG@pjSYeoOgX2=+Td7x|F#`yDl2C&Zh`b3F&W8LvIQHSuQAZEPsN4^8$fc`KvO
zepu=4eN8|dqHm&K{;x`Z$7KI;^nLUL^e6cozE$aods+6kWACYnypy&0PUY8L*8<`Y
zzbW)973J67XK4K9(VamzlJYN~9Iw=`ioW{al-}MS1jHfwHu?)MTr{fN@c*>)+@EtD
z-8s(}{SbZj@<pRFhyE$0512P)UXTAL{O?^fMwg+#Tg5-a{G7wCxw2@Thuh;mpd5*-
zg1-G4u7C46{J6K@y5|+ie+zv+t@IBny=OibT_4>hx(njhzAoeGx1x*O%6*L2E}DDo
zt^4qv{g%X;L>GG9qV>GhdsVps>!SG0qaUJYTgr3)-g-IbwH0)GuVo#ScDzyP{QD5s
z`;X1`7rWI(V@>>D>-F!>o7w*8583(`PuItBd;)z@{QKq;zyB=y0ebVfb9>(q(0?UA
zW%QNn7p?Cj+j>tsO56=}XETe|bKv&;<I20!&&6*K{rNX6TF+BHqWZ1JujoR*$o<VX
zE?Vz3en3Azh%SNdD7sZXZ=HW>{AJOdL}%`g@6?wo^(mn{hwkup{Jmf4eC=(W&zbc{
zzvoTlN%XfXy{rDteoXW|^rJVceBGwgyYm%!7wcD6<>6+f_snOKha|cxIx`P9D4iw`
zIdn~QW*+SQzegwYOBr1c-8re(i<Lj^{Nlde(Za5D)1q~q#6Dm1<<I?mgTz0??%dC-
zdcIU2zvM4=8_zqxmALpEzD()p$IiU!<Xik^&>K1B*M9!mQ(y60M7NI4^lLx&J;84s
z{qXI|@7L6Pt?}DISG;-Ade78@x^=)E?+E>#L(1<x!G7Zf_Dkrxl7|mX_AB+vqCfnO
zMdOIfW49^2tDn02T^aqUTU0)7R(egpYoJ@>$21O095)8X+eLTmovPozdV2YxcQao9
zlgh)D!R05=?YmX==galwOFzh>E53Wtx=(F?Uq#biB`Fu(38~Kx<!?eiXrSNw9yJeN
z;>0=roNoeOT`3=3OZ?j3e<A-t=S89Sa2@aVMdP^WzpK7Sp@}zv?gF}1X;=GuF9Gc;
z<2r{v@k@(F>=N{k&Gx+xv8!UYySQk5@7j(>J0Cdbxl->AcAfVvTJNQMo|8{2Kkju(
z+G&Ko`hL}~pR3QO#1p@r_evZg9zJh<Ux|5U(*1n#pTjQntE#_Vru=L2T1MC9JfI=|
z?f$a0Kk>)iL|^!n@@u!R#%~W@6WtNX|5GaeuJ&@z2N4F=sG;t^zE>Zw)GLYZ*k@Ef
zyh*Q<_Q;{@qdO+^`qfG|q5KN^%*jQgEP1$F?^nuiqDy>k(RzO71LHb-H&2_P>!FK&
zUg>TL)`fnFdN&u1ro?%Dur7ga<3Xjf=Ls|K?sBu}qF-dcEcLMap+;9iciz_7<5{Dt
zqg!c_NAdUc`1o{}+d-H7lG54ZP2+EfZr_)c?xA3Rv0o<74=dfhdY!a$8eI)tQsxEU
z_apuNw}}4uY1Pj5_YyVpeGT0RT}<kIvnt>7{G5!>Ho6Pwc%=~Sr*u>13$Ytv7v?&^
zJ{cc3%x;%_FLV5#FB+%jvAc41y8?D+80Y5u_U!u15N92`$p6RQnZQR`UH$)=nE*4{
zK$Ac~l+7gxXsxm;$|RtM#f`=tC8(_dtX%{Zg(fU*6N1{2AQn^t+M1a{Yim$>YfBVc
zBhpsfwYCJLZv&xKAixZQ`G0@Ul1wI(fL8mLx6S91&&)i}x#ymH?z!ijd+xdS{>f)N
zoJ4)2kFGvb{weqE_n4=sea=3>W<T7TcL*+F26pu?_WWUkjo*};mie*Z1_4(E+zjD!
z_J_v7R{&gNozJ>o@Fg2x9JtxQt^UCFBU{O9>v|stZWC~WRqy)v_)Pr|++82qa`<*E
zTw6Ij1pMreY&mq=9Y+pNo{7H*+~e@T>+Fkc*3VJ#AK(ghGw(?NZiQWcJNi!a&IW$L
zK^uOUt#>+rUk!ZaC;0zf@c+q%kM(z>@|WKS{{5sx3x2unzqSLf{!PAv^{BK&qekt#
zC3areA}@o1yK703<%c=***NktN%(-fO!%C5SPY!_umHGv;Cf4cIP1k7@Sz&`Hy*U%
zop@LW@Y_Yl(j?1o@!0JGKAt}$deZNtzaO&Uoj7|3@MD1g=*LOcynTbs=MLa!03Tjv
z!#{Rp_{V|Q;P;9@^IPEK%|k^08=~KVzvamA33uU#K4Rk^e`NT<z?VLnWSzVGm3Z(i
z{=MkA8TeN#?e&$kc<`<LkP6_hek{qzl07~UZI4^@g77{kxS!Z?&O9ncz5p}-B;UJ$
zzwC)5qlE9x<0l5*?EhH+R3#ZTs{hw^{q6YWf*%8X-EWhu`O(jg3_k<-H`d$mj-S&C
ze{23d4*a)YNHP*cPjL(W_Was6fFJXsJw9%+;p6DFL%==!JK~Izt8cZyS$JE<`^k4R
zpLoe0501YT2j2wX9;!{U?v<I}g0F8>oK^iW1Gqyk+xW`chkF>fzON+N=OnZb_abnm
zn{0f`+lSi)-0DBraF4YQmwpfO`bQhi>CZUr9SL0HpKQ3N+Q)Y@aG9HJI7go1;9CUT
z$k%MR4ejHr2CndR8}60%;ob*s!5cQ*>+QoO%tqYbwBi2TKHMPSYTvTg`9HAX%<<FW
zhiW_&05|*{)*Jcm{m_PMw*Rf|u;3S{e&B~oz8$;Pj{cPVR0IFydr8(h-rFtoM$4`6
zz7JgHpOftKx?|zm(vdue@$kM)x6_{;&^;3P<i8|Y`8|tm{O!;!dTs@N@RlTN-`0wb
z=}|i$20mPuWW`aRu;F9)Ew~qf>%Gl}bLd9CqWK}XUBLN2V7*%7eSK{GE#p1?d)h|<
z9|ZSO`*0(H8~nfa_;mU$MxUzQn}K`i?@8AD!0E3z?N|id<Mp;(>_EP%fvet;WXuqK
zj(jz@w{5>}2R^*hhTj|8p0@Dm#rV4aOtQ`caqLe!`dRH81AOm~Y<;_>1%IsGyA`+@
zyKQ~z*sEr`TlilA+=RXMc#NVq7T<HgeY?@tw;#7(?{?tc*k|MO*!DM${z)!@Py6lu
zOllu)FmQ!o8=qs(<KUYF+=7S=cS8I4764au(1sh(KHO^HHhpZvIdR)K^}YezM~7^<
zv)jja2)Oi5Y&a)A9S7gZbJ1r_Hr(j;@l613l96ornT{V72j2|fN?bPF*V@PTFmRRb
zWGfHrIvXx#+(@sy2wZwXvZZewf3E|*)d>6o;0H_JUS#8KM{h~KPo9T;?VN1sTPNO6
zyQ1}r=$HW9N5DPl0&f)GEx5MhY&P)U_S$qi{n-KCtAVcr{xUcC9r<jBZd3mQZzLsK
z_k%m}`)0aZ)1!7K&qwcZ39h+r<*X;f@LO<$fvZcg;T*b~@wSZPNx&s^O*X2;k6|tS
z9L+c3TL9dGZpqfUEu-3pTMeA|c=|#3oPLX=Z{Gm!+iCQ#;GF)7(~d*H%}!6Y<}Dq_
z*U1Z5pUX(L^sOUb&FyW?NAbM?_*c8z@Y7@4(;D7vKk#SvO1ADx`IZeIL$C0z2CnZ3
z$=12o4juG=d-I_8fq%AlvURWJJvQFh`LBJhi0~(WpLy*`Hvao<_zv)o1io8e8~<ZR
z#(yjDulBR?KXYXK4+CE`z=nV2$ncwhH%_tPw;UP%5bzJ3YQyh6GW?()&`()5yt5A6
z0e>a|Uz?q5?I&>Zt>J%Ef3><NZ4vNA18sOG-@F6(=YaQ~ZqpMtZqRxjwF~&lGi-P#
z9?=2)y?=<_Ka=qxedEMA+R;yv;|aj~&$7pzlUKwziM87^fSYi3vUM-PVmltujJHL9
zJPh39T()h_`<J&5_abl$hS+dUy>amE0<L7ZJ<jg2@x>Wu>80q85jLNWkl&zjGX{9?
zx%N2tp^dkLaW(_^+L1PXr(GTN!{fjgo^Rv-#gXy90eoM-jemm;-vR!FGW0~Q4e#Wg
zbO1jX_{&Dy@C`@Ce>3p)V{G`QBg0n!Uvi-h@9dlFfSwnD&&;>S&1rVNUkBr+5%_1v
z+VIY~RUN>eypTA{c$*$4|F9K3t;bmb@E=XE;hp`Zt>9bYJ(8aVz?WWvJ=Hk7)26=_
zd<%Y!vufZUzbx50|6{2QA7`As58QK?+v99SY#wCGI7=wUfBKp|ex7I_ZV+&d4xCeO
z%s5kf3V{1I@x4WS_d5BY9oWkSz-L}Xe+b^;S2MgtC$G#uv;Dvyx;oi9uk)e~+7Dde
zHOWR_N_q#{a53vA!j}M{R|A(RI4A!z4%{H%wmWd1_VE<}7k1!2wB<bxzS+RlJM{gz
zeYnSMd^d}}mu$E=e$OW0249<O@%`5}TpYP*1nwc=t`<H=pTxn}`(E@Ea1#XQ<c-DX
zOYv_Ea0%BXTkHLfK97U%R^a@=nflz(lQHrmd=<d;os?|d)6)UI=YXpK?%Sfz(fcv<
z4dUH);NA!BWch>hZN5-%iydw~zS8f*Pr2Tf2M0b*|BVE$#)11*`~7z_a8Cl4FFLPl
zA8wId@56$-)P|!y(dXo;J=MUCxgps=%^xw}P5j&r{K(0)U+|~3Uw`ub_?W;U9xeOi
z;_!1YaNP=%t^A4uw%^n|UfcS&Hv@n3*OQGB;r(+9eDpcrqHPgyVc^VmZD@guoi9`a
z=lxc)Q6qdmYai}?;LiMpJ#SkYA5Q#C_z~j)IFs+iHe9n@wr-E$2LqpQiw%EM$M9;`
z&A>ki{4UY!%v<7&%SFI>r`rBW)O;z{f2s!Vao~!CZ-8BYobmQPaE-tf2rj98xP$<H
z=d@%ie>N(f6kG2g;4Zr@*}BiXgZNDWaI2>?|53e8JSYx*vw_RJ)z(8!oGnJ)#J|Ty
zp9AN_qvODB0<IqVOg(<T9S@2#ZX1Dn$AP;iKHOmH?fn3D#+72lPj9i|;;mQ5?B^(;
z++Cg&<LU(3e`g2fqRyEz<)3mlC#G2Q%&*zyn&q&?URMM6WKxPX4|e$0JpL>=$?5yR
z4ey^~ohSW_jSs)#vR3;VTlUK(FGg3SP`~J2espw;Ph%+8_xKcpE6y2@M_+C><xcLN
zVy$nK+vVE$&8_nnRbMsb?&<-5J5it0fARVyioYtii*gTfICz-v&FejF>ua-5?Bojk
zgA-G%ef#5&zI~G@=N&*f@nv#L`wCm}pY|<p$?H_VRZz~zNwN0ZI{n+qUbXm-lA9NS
zufD*BkBVzEejj#LCIq(&xRWn~-+XV*dw1l^K4nSur!OJCb9ss}LHvEirn{9t+WH)?
zF~Hw^Rf-i)`*jEWi5e%WXEx;uuSv1uWlp(P?QF5jf?qAVu1&G-Wq-o1ryY2;_kG}>
zoRnh4BNw;8N81zOO?VK!aXoTj`Uf4iS9k{lUp+a+Iv3K>t8vEPB;bZmNwLngbK>aH
ze2m)fFFF<hzv-qFE1&nzE%f@M<>k@TN4kjy{+|Q>P*IAt|JYeCJBo48NV!{Yv*q$J
zyB@|tM{=ol4_eCjnTdYjd-FJtX}91CfE#m1iZ#DqYU7WAGy5O7C+|jYi0_WRZiZ`Z
zcZGK~@Xy@?-&McUpUv<s`tc3mGH0h){%CRh`i1Wha0S4X2%n?hWAKU2lOLjP;3@^@
z=;da(wsaN%-+NAqHJ=$3zkaj*z`Y2ZxnFu%EL>Z>tAT&A82Jz#eOln7$GPO<4d5Dq
zGxOxnwc*<8xmNoq#E;}3)4wmJSm)LbXu%&lUIqhKH8;gNhrg>0*N$Bg-kX76Fb}+Z
z_ja-2<M;!MfO`(Ot0fQ4dFFB8s)5@zKgII<|8D0Q#esVtxMzQmV$`YLKiP22{btFF
z_?55>e*F+Tsrk2)4|o*gXe8w}mC>#Q${ppo@2YPG<+d+QF={=OTWZsF6!op9+?fxh
z7`;WOlYbU>+_vNetG?}&OJ9~^tphlDj7O+X^4WViahS>!D-Wc&<9sgFGXeOl$5V`x
zJ44^?N8hdmluKWoVsKSF<M8OqJx95kCy{e6<vvB;V<Y7TtwWC_QSNI;SD)l~5EF!}
ze-Hm9pI6y(9AiJlhXUZLYEz6&>R(5{9)aH~w}^5hH`#i5zKuU_|F-xGqU%M<CA^tp
z?eB8@s2IA`pSytT{T6mz^gq=?e?0qQ_WvW;ueb3RByWyi5pBPs&Y2SY1mG*)WgMy9
zuiN<B(F<ztY~W|SZ~HBOx8aY1Pt}yWx(<Is^=vr$a=R#(|9AAK$~k_`5$Y3vPkt0y
zccMqcH>X@2{!Reyja?~Lp3*Zd?T^P_;hhcqbN{sMnbRNWr`UP%<G^Kp$UKBH(RLTT
z-@JcQ_%;FexC0kuPov?~PmREx`H`)^Z@1}e){Cv}j{52373}*u44v`^Cm$WZMb9M4
zE$EzT+{O21y5sO|0dQGeQjHe{7v<MkcBeHx!dngebHJN;JCOJHflKzL8k>aIX{S?v
z%sJb_n_P)JCfRt~8Q+2%3|wJCs%3vx*!+lNe<lI9ASKn(7mj?J{oA_V765lwYN~aQ
zq%&?DI&HsP^{xgkc|fXlUi9ABev9&dfUE5a9A%p4-!b?k2Zw;`-7VFqP5|yD8(%x)
zRq%sWBD397t$isDe5_w#&z?l@B;fOV+H^SZap+h8+;hNLdDSg+G>@AoKUwlv4ZLw;
zDoPK!opE*)<9HY4YWt>I>-ZnW?>DtGeHG)QAN26OnSbq!55bQCzJPu){n&;h(?0|F
zcTPz)P8R)NvEwpFpkM7?O}Q7dkrS2cYL`0-`>>sIcb!c?t35sJaxrqKb|gOrO9!V~
z_x?87?Qr@l&N;jzfiD<>d`mB!aCGgET+E={@N;Oti*l#g<(lhhk>iJf8+>l6l~3uc
zcgMhqFE0XjC@<CWqkGu#&35DxaPv>?Jw&-%$D~^Gl#gTSXsvft&!ETQQ9kl7|K@|E
zZ|}{Nn{X5D0Ef59E*GOOgntomeQ!xM4ka8teu^1Q^Nr1i?{NhWk2V5cj%oD<{E;#~
zvva=^$Z`2c)ORr=;|yb%8_`bYKg%eY=)BKz86$Rd@kd@}Sk-*e^dqA#JusKD{R+Pl
z`1%}A#o>E$gWwO;cqYHqrk*AKh)?zW*dJNQ=eQ|n2FBa<?eG|p@pheEqw565sgq^6
z>Qc%X@8(4=p{{z5KLU@M>9{zyeorUbnHoIwt**g?w{#1JCm$Ewf7S89#!J(Jhv$0&
zjUFSk*W(QhPB1D8ziAAvqMdyV?=(`xB732yuB)-mf2vW?m_$80{gDT^bq>_JjOvR2
z^+#r;8f(qx+x(Fg|7%3*p<{=qPiUjtADKKWJDlCg2=sCJ8s;`N6|C54L`wR519c}D
z5qEE+qV$~H$U`^!0_1B~mkiB~R8lt0@JGg9VpP<5(n3!)HLWc@D>t%YsH+)oB5iGh
z_Z(NG;!1ynCGTqb@kicA{1I=i5!nBjE9ilT70^;ZI_E)8dgz+27lkL$Z~60Go9lZR
zkx`!B4O4U#V@AourK^m<!!H<t2m8AMOZvM5%YSMF!WVO;VVYlj2=y$aEr$$FV5Xft
z{E?@ppBG#^`TXFoJ$=Gew~q|2^0+qFd3uI!JJG0^GS3J^{*(~h-_;-4Hoz6A^K=h+
z`hn{-f5f%b2vm7`hwD!8M^xsrE=I-Pf&R$r2b-#k`Wpe?;mNf*os7+ihm&f5*3>k_
zcd%(~5p57pygq-#aE*FP-=Db9sCc=lsmBQ9SM8{aG!<mQpS0`!!D4rh20uKn^JIp$
z0=td>*G@1hZr^4En%rp(xxCv$S>gGRHa6~Vs@@BKmUj0?#ILKGnyTyL&{FnE)7pBI
zmL5^G^aw40mVbb+9vMm7Jdyg-8~SqeYZdLw=w}4F&<`u;PYPG^`}P#*aJvG6F?>eB
z2k>FaDkGqG+u+kposEiho=M?Ro{WaVPnrtuf)0judc@-k=~>O;rh=l*{t>09xh(o-
zs@p%p$9OE7=O2-uU<^KoXO;6^o43+-u0O2!*wZUC`~Hi<&mm{|qy3RSuHFrmE~DT8
zGB3O<JUtrfJv~A-sO25^-7vhYsmoAf?&NR~zC>tKAv~21sPps=O&V=P9^-j&u@Nk0
zd{lbg8|k0_!;w{<>%#dL8IkqH=LFY#P6%fqV^zp=ggU$~f20;!-YotgAHI~_F#07j
z+10b5kUsPAy`Hx9)N{!<<7Eo{^E-#1mtWo?Kl>bkpIn{&FY~i*zAGSpru+;1yrLa`
zUK+*Ex)W;76F=+EWsJhlrsB@QrgM$R=f=;j{&o4sd54-h>l1%u$-FL>E;|^d%l4zo
z4z}pB5c1we=X`=LdjVaB4*63rblD~7GIye-%f_|nvP|06tjjJ$myJ7uF1rL>Hm$8L
z+jk^ghE6?_F8ketc61rzuRUFME_&M0W&4_SSw`s9J~6rseJEXaBC_^bblHpxKAkRG
z0ng*<vgc^yzpBeFhZa+pAuEin@0Ofw+rAs=<5h{4yxfo*8GO8L`>v&5Z#Y7~-sp;y
z-jN$wl9yza|88!i+9`h<<-glfKCZmoLHUKbk)_*`EE)Sji;NZ1=4Kh22d*Eq;My5a
zb{8UJzx7A<Av4w8jB4rZ#I2nJzJA`oj)Csr33IyydOz=#PxK@2N`Is~wiMSbeJeJq
z4qN77$x}As4P4_7lJbI!(dBwBJJW~{Aw6!{oD)JHpff+@nclDD`Ohfp*a1@7D~wcp
z4d^e;GXiDU0NL3L>}=I(BZKvnk-hD17?CQ^iDApWW`vGE#i*EiqkqJ{KY4=qLc@x_
zVFa=d=e{l-J+*&cP-Rt@;6M1l!1iW_4)Q;Xa!a=51qHX3`qsNMO*>FUThhKRo7vO0
znLV0qW+z+DMtNFn=H3DRNEn;4_&|Jn{qp|!_WIXjjEY~N)74kU)8@hdv~2E!w#~f~
zn_G*mi?#o<xwX(JAEL$ncMm-QKFO)@eKMXSf&cNZ+3>|SKFLGIW`E>O{3(6+Asai;
zb3KudUdYA?j%@tIA4!jqjoI|+T4>$JvBBHW2~Xv<$i@fQzFU!n7WwFfe4G%vg=da@
zkha<^A5(4lSW4Tf=&vC1aR~W%8hJ~Lk&$%C$aUx0K3H04>#0UX*-ictd-qy0QhG~^
zjFb(qWJLZ~w46M7no%J>r=5bohwYw1optyH+dQt&{GRez{E^$S<4^CgWaus4Z*g0`
zgjsHiWGJ(Z49!s4ZTOBcGIaa?`0^9n7hiq`(my|?zjvUQWWS1BB@;)vywm)h@L#tZ
z-|~L+#KcO^`D>~?Cq26uf7)q-<yW~v6QkO&7#kJ)eq8i>^h@mfyr}mj^o4kL(Bq;%
zuMa!E`y~3x(M6T`aO?4N{qXWio*U<sOgx!SuAqyUx+Q4NgMO5~#`3S#hW+%feD{5P
zCej|x@(dN<XN0}<?*YEo+&6cmw=bC&CG$oaCG+`T!2kF8{{jC$<iC{vGX59xU(Wv`
z{_o}gKK}0?`Lf%H)XeL$re>a(e;@ye{3r3Byk^ULM#S)zoM&|7KY9Mh&_rY1`fH7K
zM%N#VteodrvwoZr2`w|$)uk>RS$Rgud7&4Kb(QlL@$O#!?;E-Pd%SnM))_8iP1TK^
z0-+oi?|o}R6YXcKItM~`^UR&RCbY_WRtg{cxQvF-M%TI;eA3c!{&iK<JNG2!4a}on
zU_6vg<Qa6#U3fuIy6mE^Mg^gR^y2Rs!SnfSe$Tv2I-;KOG#9@{-~Yz<(p8=S^qcj_
z$1P3FT~`I2bH8WR@!M>{BnB$Cp>LtZgxQ$4u8OwK#m<S2%0bf6NxbjTP$wLFcu)K1
zV#lm8(kGO71~8}Q25aGQ>GAly^m`({|M)qRYo{|096u+yb~W>vr_gu7{_fyY%pr^V
zx7Bw$3?uG*XZmP-4*cWpR~XD)zs4MPB6HcxnbTgz-1gGo;d?F#HhDUkbMB$=Mf2LC
zPbSy;m`hFlB(XL`-BmtgZ589V&XW<POEW?j0#8^aUA~LT-OhDD@n{oX@q7aRg43M9
zfG&MLGR`oMpw;t9yic)VuHo}|{`2kM8XtS}ta0)q%3N+gzm!keMwQo?%}z8b#@X*w
zR`gl#TE<%m<zvTN3G<x0&FAT%2hKLrlbYN0X?dP%wk<tW0v@ZqX`vTw+Naoc%(Cl<
zrk&#npesG}U8jC*rpjZa<MP!<+hkV-^J!`P8}vB7$@_M_1=QQLA;F4!+|m^}>4v-<
zhuj=*#yo;+7QI$>#_By~gEsBi?{SA3(ed&<yl!GVXYAS|T_pXpKCRdAs`)*K2N(AY
z*LjRJI|mr+sva{ouY62%RoRF1&_%Le=;KP{J%jkg2_|1MLTj-Vb;xUz$B6j#j^|bL
zuNhus7(*-PUmHG--}MKZUiH2?DiB1M*PmttE5W@Ly#Mo6^d-D9N{qlo8;y#6&^MRy
z@@}d>at)u-g_WI+K;u~2ZrZ4fkaXp1cX=xMOdm3QIKEx2aJz;Eg2Z!#TX;q9W8mic
zGZS|e?O0N4R1{t4kIa0*6{rIDoq7Jq(geof`Tj_8UdQvG;tR36Ps|D`#^WcBawGbz
zo_Z?5dkXb#MF)MrSlf=wzi^$aqVPsHexeb04;uEtvzZ>FnMX!vqk0qVIRjacPI;N{
z2hex#d`v82m48H-aa)SNSD)t};bo349ax8+To0U{6@AiWXdQaz*Zls-^oue=&+>gA
zxDFg@s(yy@mC%>mL;i$?qZ0UE2nP6lo<2GF5$Q$O`Xl1Q%qyWU2|i4O4_CJEVcI2a
z=Yz%95(}7rO}LPLuJrT@F9YWg+VB0i=}GVPBLZc1|2ln;NBh~LYxMzReK37cb=qu`
zk6h8#Y|kZg^~jv~s=kt5_yGQ0VDnady;Xd5djgWl1>k)e+3M~#){36>^Lv{1_YUaU
z55M2yd9zG*;YcK&4>$SUJ@ie%z^ki1X{vr3Ue!?N^WE`@Y+lvCtDAuluVh=M*zija
z<F~Hzk5C!)j{~p%siA+a0#47=Kf>`femnhhneeH98e973aq5ijpNj-Tokh1<{c;EM
z<Ds4Dmv7K7)1vz2#yI_Q8~uVGvew<_EVFOs_YR*8KJ_u<aIJ9WXB*X7>Zh6A0%K$P
z>76r;ioQxMWgLqC8()GpTiy+iQ80xu<H-BzH@Pb6nIqqUy)A;bR$q4y-AJEYVDmVg
zy2ayR#QGc_7sc>6$!YIA+6$gLu+!?#qPuA?K1Mw<rWotAJL0r=o)J0It}BwSx-vso
zt3P}BBk#~Z2Pj+Lzpc%Endj=Ge7lc!Quaf5UQZc~#g=(Tk5E~z)t~i;x(qe@MRZDU
zKxYr;w6Sz<1V?QAq!>CSk3&<U<PjP+QLp57t-H6?UyP-fcxLL!myZv;9MeDFrhiJ%
z8&3b+7}Y-|-HZaKZ<=m)RTM3xZ}JiX;-BRA`gEhB2HJiB{w?@YTM`Z0T65kG#@DbZ
zMxgM*lJhkGDSAM0C?m*L-bn3zxnZaL#di4>(dFkqKeEP6Ip#h^k5Uf2P2iQ^Qf1al
ztd?>bgMsF@p48mdMLa9|xamjU!(H0Q;t<Iq^L3}Kr$x0@u~x-Uo%Sl;i!BYzFOqKP
zWa`{`)H@fL!d3W4`kv<s6y|jfjLZ-{MqroQsJPjdooUb^*%`j~)633vlx<IT4*FZm
zj%4dn;14i2yoUL37&(p5Ct-Ny9S~nm>uou$LznpNy1ejHzHy73W`?#<mtY+^Eu`=3
z(pckIl@RzVpO&1Rbe6xdY3*auFE8M;VsmHwmh}SU`HpR!0^6{cS0&_zWyjW<{gxgY
zK%I>m!`Szt|6xr2Hfl^h9Y@w*Fd{{7Sz~0zYs5`tTmMM8*P_a8j8pC{%ciV#pV%xP
z3DjLV|AyxI7MmmJJ8P|^a{l$``x8xlfAAtb&&X-KbRvGw<@i7N$hX)&@`eP{N0u+}
z5pa#P?LlnpgYaGRx{qmRDSVTSErG{>2S(%ENGO>&lll_TmE!^<0)7``WzBsP<+FJ^
zl}vp3-qqig&0GJv<1_VowsP^0M@qJ2n=X9HsMx_Zw;EF#XW75RUZfI7omVn4n>k;Z
z+lXxC{WkvlRr@1(&k8O*B)eQpz4D#pqZMIe)*8l;^N>~fQR|`aiY~@b!4?8HjOPRR
z@6Uff{xw%txoY~hbd`U^658o?8N<}Zd_Gm~=O!OALK*Za=}qY+*sUPXqWSO>ehc<7
z8+PsC*8bfiJeRGhqn=9a%#Zmke*(J0s$c6|b*u+eq0=7Vo#qFsE0KTszh3^ePNG<w
zY-a-hTE9}f%AA{k!|D5U!ylOo4$)H$&Cz{-kNG?;v>1IMUaRg}##1`$466Tj-q%yE
zBE~=cCeOv=ENp=I`cL}2$>YX{b_YMkpFDU=0&>&|dFqTG-333IH8yZ>VScVTz2bDk
z3jIOVw-2AXiC9P->pP7ePe|=6?Cg(}<0}^>!hhz2Md-x?{avg_Wj6HfimrAOZ}l19
z>B~I0PbcF${a6Fhx{U8$|L`63lgcR0C%$c+hpt0EsQn+i@PW<mw7Co4C13o0msoT?
zZP?L2H(37!{;vs>5qb|j=f@xXGjh<gn?G_c{c?~oP{g{?D37<{1?IO!=#x^9o}Uo<
z7@lbzs1NHkZfMi9{QLdkDtM}QT1Wes^1_i%xuQtZT7&Vh<3jo7MrcGgV)L_&;JNT9
zm$^WZDSzNs{1BPXrOY~Tn0QtGK+{_JN7e9Y2DT0P4=rUJ4uQ@vbyV@a$!*bD1+J_F
zJ<ovW4xK$rI`zzJ)2Vl&b06h}!%IErI+M=zHl4$4I)^}~D~iq{+9^6+lu;k{is?hi
zsaY5AOYsF28?L6zn|zAynXF%KqwdB_FG6-MM20S4&OQd2@<$HelgFIhZR#U0cpUjx
zA4;#NA8(-_H3sy13iV6h-N-Zb{d-?wo;O-D>Ir^4Kr-41{GF+%3o_~r9^Qa0_u}^u
zk6eOX-D}SEj8OO{Bd|8_tUv_(8h^FNTm4YeT`>`C6n04RR@)01r5y*DFPXBKk~_Q%
z{o}}@=-RO=H@FpiAApNH7fhMl2Jh>ia0SC%jL6-ryIOLb*S2i`(M->bfMoMA%0528
zU|y-RMsQtMBQlV+<b$;Py8H9O8f(`f1CpQj(9=_qSIxU5uT$au*k*b4nes|(uwfhT
zBv)gR1L#IxeYU*zGG#T(meuo-0paa~oSs1cdyxe{GEhtZd0qS?lal3UqvSN7XS>aQ
z&4=F?!S@U4*9+(e_3P*${bKg(;d_3=dl&uT4j%Rp@1hRri|oFZt}tjr3BL4>y{=z*
z4~<?t^@=5Xy3g?~ujh9W-}A57x@QaWzRhhEXdavftzJ*b#9Fs^d7;|~N{>8!r9UY7
z*y7G;Fc_nf4cYAAFO7<~Zd9zldjt1_1hnqWn2I!Bng>m}#EdpnDMv#xwe(TVMU0Si
zu091f1D>FOt66V0ZBZXrdV?SQ`x#F!vsOHnxxChjPlBcu)KO2Js-uu{Dxb-7#hT7U
zPF)F%i%v#*6LUD_o$N~!9Ue3PWC$`!ovguI^{=J;OnwJh&)6}*2-ebfUSerJVrkjP
zrEiWE&!SI|H)v19j<e=mfUjTLzpdX?hOH_Er})z1Bc+EPJm0AJo7sn>p-25j-ipU%
z_M7mDo@#udcsO@3e~O25E;vQgUgCjGqph|cpso9_@*o2VW_ugqUzXt?k@L7eC|j|Y
zeoaER6My_}R>s_AQ(X&}IWdbH24Yufzs8B|*7OZV1$#Nt6{8{6wWg}Se;xF#TWR-E
z2>7+=&V7_wndgj0ml?w}`HJ0ZymSoxKRS58Y4d2S&9b|)wfmt*G9X){&l2$Inds<&
z?Onwhp?ue8z*PcYSD+vLynC4ETRI!xc^+9+zgN)zDsSLBoyvE~sI@kh5&CKl_Q7ks
ziof$}zvo)~oiTP9=~b0gpXKoEr~C`&Bk=W9Y+mfRN<Y);ufh12g*o__ITlTKLQ^CC
zvE;td;UV;;^vji|Pn#Yxj<;~$28?XOP})<74lM3&l`Z1=4BDPfoTiX=7Sql`<T85v
zOuj(zn)J~1W<439A=uU>z{-~_0)Mm*RiJv1H^FP2wGmpbz-9<WW%6yGa~$sum~z>A
zoHmX2Fm}2S@AaZ<eCV7+`Y{Q)N=Dba0@;is@mTpxIl2B3gVy8*PrtwjT!L&(Mz%t(
z@@22M7A*^X<-B0dO8<z{zdAZN@Fy+rr}6F;*S)+yKbVt@Pwq2z*P)xLHW-^HcQST&
z$4^z9E5y89x@aZO)t2ShjLPFI8I|7okl%gz?Lubj<{N=Le%E8~ygXw(2hL$EHx;{r
z2eA*ohQEL2`99=e?F;@$J@A>lKa2j)LiehUZ9G#wKH8KN%nc^frqgNDDB4uUSW&yQ
zcI%@}iL}Ri`sm;w`~6tnmAXoo?HJ$*)*}ZG;QxFd+z##JbywhXnd3{e*QhPXvPnDe
zY5blAyvi1%Yx~@5gyj#+;8~b)T?#MG@fxPjH5=c+Y1cj2q>r(?MWg*Arah4xy!A2v
zh}(vZCdOra*9&dkp}XpnE#B!D8G%`@vSm}BFaj%hw~%+k=z~eF`<AhmF?8K^qk=0(
zTYS!i7WA)4>od1o&ns+tJ@C4S{zq4?Jsa9SfS)(Lh(E=%`cC-XjP)BA_``oguWhFf
zehN<Iv`mKPon7*R4Nv%k>Z4u6aCZLC2sWJN4%TCXcj5bP3O7{`_hApiO>5O>%FWSO
zoboVn+K-zCYaI8ZE`yYBt}uAj_>l))<qC;cc{SYwqu@`LVMK1b-D8g7pHXfjIMmnD
z>rGA61uw;8l@XuC<4oEiUnusu^q**L7>IqK%vOBF>A>euHmehO=sySdSm<`}%U_ua
zocyZeX!lm)6q3(WzBgVvfw456F*S~{HI^}!kA1udJMJ;<f#{GuP+50WS>oHYDJ^v8
z=|;sTUHgQuV(dOXrbYLMC%eJhqWh&s`x*Yo3+QW&RpGmsEf5d!`)b9dJ-0k+Tus99
z@H5Zw8mFG5I++jbF2$Gebul&%bEPfR97$`f2dMWZ`9F#8EF1QR%;jb1knCA^hJE<W
zgBd%G^!uCF`h(0XcFPyaq<nA6Y8`89f>9t}^$q;zQtB?o$C!d`FHMzS)xAOU4}7j_
z>He+swQ|$k^k3m8O+$K`I5HbHkc;N?y|XN9W#;k*`qS&mTqxWw^uKU7%68hgg)bU+
zciu(gZuqW+TYc0>e`>rtb}BqMkG{Y*+jfd|;H8sGjNSFrGuh84G2_W68@orJXcS}_
z?s6|aNj5wlxaRw>CEfCyJ&7)N`MA?xSeBIgmpx-$zKspP-n%DzPSWxmSK`L8zZttx
z-?Qz{zAo=Z`9zZq*Y5fx3twt(ad5}UKX@%?kUuyz@~b^%N$>7C{mk58*M8p%24{r#
zYzBW$j&J#RS5o<hu9Wi2muy`8O+Kfe_{!pOuH^FRuH(wPxs%JsZQi(enk%t9$=$Ww
z>*`wm;gUZsUd{X6zS7rHU8&{X6KfZ*ne&Imi+Fe3o}cWQzWJ5Kue!RGj{{e!%Uk}P
zi~g|Zk8}RG*h@W0?!@x1PTIT2OS$Rzi{8_ZTkic${zh*$-}yA=9JgHUD7xg)*Rr$x
zLGSC&?5Y35TYK^!*uQ5WJo+%S=(Szcn>EL~eEKQH!9S&i_9Rp1KWOKN;rI63N?qTi
zt@oW)^V(OkBYOr>*S)m+jM@WxE_HR?nCMD;Wesf~G$(m^_MFt^<JN3kTz2?|r>146
zEce0>_*|X?|NnXUpP)DSl|=eMv?kIA+3<L$*$0Wsv-s|X_ue^)Hr<IP-8s-WVaS}|
zr6XnsFVFp6FbiDlx7_2U{P+Z8^8?iJA^&;V#ld=T9q&GV<5b#OM;#Nt=Uwijy<}dO
zPjGkJxPx{-@SBMnH;FFVe;@tvN9Yr8H^bX*Zg+Wq@iQSWoXBUlU%k3G)ty>?^WW}%
zV0^&~i(i4?sZZ9>7hTI&@t<m>l>g!a-|~y8XU%Ue-uNqcc(HMOxyM^Fam^KfSlrE>
zQvOXN;gt_X3;0T?r~jhjV7Ci>%eT|t6Mpd8;;+{FgZI;KyTCo)<tb05{2A1_D7b0y
zq7lC3XOw&|_#NZ8a?x`Nw)m^=<I5i~Qp?BChD6{ldGIx4%P4;h9GCEH+%GpSp6E{6
zIG(yV>#n@-uQo5vad#>YfVZ35Q~uQ}H!pVc``ff#Z92~Iln-<#m9Ifpew8@D8kZ~3
z&u|4^XB=PbO5M2VHxoAA=IXX_4Q(qM>s!8w&k*CK+?BL(9BrP?`*D&T{>S}h9KXkJ
z9D9m)`Ly%A%QeQbdEPR<yyp1o%QJIqbz`hDcJYDNWz)~u&rg0<vf};DiC?qigf`O8
zUhqgxBpW`yXGy+e<fIN6Hjvvw<h3s{>c*cMdnotyafYiL{3Ei9rVbysd-CuG<oy+7
zyaCxBh&*SVc-K>7y@}=CIR^5ZWXqw(jbYMw_@3Y5SCJp@VVw~jY_K*ub2RyVeBX+0
zN=9cl`>(b5ubVW#NDEZ}W9oIj&*r=I*hl!}!pHHX5#bY#(&hL>*iG+d{384+*}J{i
zn8WwHV9v=#8Ad~Wj}^VL3XKsZ<hbN$J<Zg+MnldN^6z=K6+h3%_h~L;L?QZI{$JJ<
zVwVZVkSw1+l7tN?W`2o3Q&5gBzxCeS;mMyg4VL~+>g111r|<Rb*27JMt(;s}LmmEI
z4)4ZOb|AJ?FjKLi!k2G<I(Qqptmu_^&A{+j7q*vo`M_Z3)78fgzC!BW%Dh|o{5i}4
zbAX)&PT6JQ%#v@wXCn0}_je~aUDxD<vlEO+Kf%zZY}%d;AAHc&hxQ70BD9SIk7!Dy
zyz1Ad=q`478${b!Xv?BLAMZrdPUsM>vEc9lXW{~9A}~jVi#i=#P4hLkbK@^~u<r@T
zN+&ZW7^Y7%H^{cTL(V+P*R;hepFEgo46Sk3oVOJjkpEQYDLHQwazuRP$pgP9zJyJz
z>0EQ3851#KO3q{7sOg_}$G@w^7U#Q+wY}h_*3tC47JrY}WBPt@yaf&uhB>>JI!k@V
z(2|(?o}|7y+1{9Xi0zs6IDVw+iS>E=P!E3Pla62MRh~R_5@^PUBQM1RpMT&F%g@}-
z^Pdiok4YX5W8in--_gY%+?izgbMnJn_-pFNjr61BKz^KXtYF<pet^aV^N+w!DcgAI
z1@L(c{2q-jK-_G;HD|4Z9;3z|`R$LPf1l}#J}F<cuBquGe9<S{^F?3zHomA`w#zc3
zVwrqe`}fbl<=@{lSaB-{kNi^Ml0U1QgC=~`dgxmhg=Zh-9tY3XF1D`-?RP@E^umYC
zcb#}ZtWT(U?t0?L%EM4>C<9;lA^6zG!ybVyMuGH&=EGs+SI-I=qdn#ufo%hbyHSVm
z%SYP|UG?;@*U)?&9Rpvz&;p&N%oxOF=jWogcvp{qMt_*G*(~B++0@Ity*WNxL|O6w
zdEgZHeE*ZCrA5e_w-dUGwhM0+Fk$4{%UDv5|GTuko;gKJj(=uD;lY+1|4efH6Ft^A
zpMpR52jJWD@f7QH^r+_h(xZ=dz{7Zc^__>CmL3a!^&n*Ei}I^8Y}`lVSHF6wX=!^h
z8jrtyjuHO8@vSe8zrV3@9}R!+g1_Fr%6W8|Ho1&(nuG5(%9YqKkGYpmzxi)K4~zoF
zPwZtUx_XBvG1MU2g{@-G(^}1cWh+<V7kmKh^hN&gE6nwFdXhrZ8H=v~GXxmn*`a6H
z#ans4f-)tHyIYTAuOId3_bTjjBECT(I($5OM|M)Scp7t2545UXI~n8olu=Aw@cFzi
zW#0G!bXjXdzJ_@`*Y6@|DJ5sSj&(0=s)?@-I&z!8d(7`s?BAks8hT-ZNgw_PctmT1
zC)s>{G2hp_lFdCqlc~Ri_v1}klFZnD7CuE0^w&|hQ=dscHn2nbi4`9`{j@)Ze(`B5
zeG}~`DvqnUz4R7*S!%7<q=)wNT{^n)QpMa~sG8`vd?Y6pzW*vW{(}_@pKN#<w)ZfC
zCFC^79!QV(F<cD>zxTpZ#fxQAvy$_|LDnbw(1+XLNiF)a9(oj;cl7Z&^qu<5gKsE1
zN}gwh;IiONG@Rlriru&9?d}bIkv;iH+MCs#{@Lhm(c34-gU6q5559^zOQB8ca1L#0
z;MfoD_1cd|*&g<9!PaV@9rmn+o{WYPjSrii4Co0((IXs^n=S0A>vy23z=|DPxMgRy
z_h5bG($V-2Rve+ulK>Apg`8Nwqw`|p^y#e89H0+me^=dPt#Qc?$?uk}O`%^i=<l`I
z!I_<nND$hm5-UE*YzuP+?Cley@bjTHNL)>8KeF{&U-DsZYuv;Sc_*Hff}@n*vbS!^
z%bu5j?-O)Jscm;lvAa$^LEzOl*_4$|U_O$*gECpNu{@jX$}oA7!*}TqJ-7V!L~|?^
zL9Zo~@z(+l-}7tYV65Rq$FGnf*?~9lO|+&&4j(e<lFt_Efv!k|2GK0qWlN&zp6uz~
zu#bHse&jez8?QzNtB~IaeDp=F<@xXr%6J#SkC4A3{URCG+OwWz-|r8r?Ruv*-7w{a
zLvpi&e#t`44o2}sx>Dtu-@_~M=^Xem&h$mtQweT|PkKI{=f&t`$xb%kvsuHfr%vH_
z<Tn+(S-i_<4KY?$C5!5VdiX9G9>{kGUlDEZL*Jke3#QWFg{%DJrm|K|p0@ld=&e|f
z|NAW8hj?1#BYz+31i%lW&L?90rh~Ugul&xOH)b2eZ|Relq1V)n@KXBQp?fSgWCy<e
zK;}UcunVQo)`zzCQ!I`A_c9l2ALNde0ylxV<Yes7^YBN$zwl~~*Fa867IUiT@_pH>
zTGokYb{W<t3r_d?BNqdA2A_YVo-N?|C-bt<HD`oRht7+si{yyN>FDr_DN7u*+WcMU
zA0eIRca<!=n7P_&u0bgwUvwa!n!jnDmqb05&G4GGG|6QQ7S9(l{!WC}pRpHK@;<(c
zvG!bk`@l1vHcjSJ_JwomA`_@@q1}#K?azC8w;q1{13JsEIXyfL8o6fMoS*hF5?Nm@
zS(XnT)isUs<DnzTOI<uO=hOV&)CF3gQS(djbPD=cF?rFT`UN{)cqu>4t~WWR{zBxV
z6dJW2i|#b%wW?q9CCzz7M?JP(ZB)I}sCOLK_$7i{bg3VbJGZ7oeUi^}^#5S>qsmGy
zcM?nRUNbGs9)TWN@HYz@W#8(}IIJ(^^y%E)O$Cntvy<^IxO^MVY5P=g@1X6@99!*|
zy!oJiEHp`GeAKJCzdi?=^;>iG9Omi`$Z0<9OXU3-w7Z-#!ihdG+tms$WqrUNHC|{C
zUg=iTpP~Liw801dvCx^!|E>JX#wh-g2>dwe7q2^vFF=D66X*~xICH@LS>hIl?|CkG
zAW3V;wx56=_A+Lid=9O})#HyTFLojNB{tvmLF~th@413+;U~#f`jLYg)`qn{Jo8DT
zqAJI~?rqA|=CHrVv~S&6Mz;2{Db8>w_E_;7<&6$tecOD7o~>owQsuO6S%WU`%{#4I
zI_u77u-3Mg_o`F6)Um+_k`(89(bQKi@Frp-h3j=-i^wSuE}yxM-aXXCtdDg#^!E3G
zlPw;=r)*cR(~OG8B27!R7R*&W<P%sq7UD-$YA*S5mTe0Clr<36*0jdnFJsBF8(Dj+
z#GZdhS<QvjW~~cz7D6PCc9+VI^KZCX)?yM_i_sb=cDf)*dum+1g`J>Xwn=L+1AVp2
zrvAjc96zNx3EigkD100~&AhMb>GZ$K=fivH`spt3Lis=q)O{;9;#S~qN9Gm@p0gvS
z^7%5lTRy+aRiT4bj@bD^*`8v%-f7f3evNl|F@B&Qm{Q86%^FDRO$%)~z>I}9>s@wO
z>oDS<_8@>WpgcsaX*>BKmzX?_Z~wi-qI)8HMqmGL<cq4j!)KRkz@zIJGyOdS9(8;B
zpXBe`@1(y$)2Ob-?kv`xcAU1N7dd7->(Q-!Gy9%I>^~>#<6>?b&VE#WY`?FTE>mAr
z&<8(;|9xZD!kl%m?5K4x?M>A>7;?ip*t@KQ^)%PPhO-Wq$s8u=_Kyht+~2$&TtVN@
zL<Y1b=4Rc9F_SX_d|FdO-{p+;cyqutEZ<{H%<60mRUUArhx~EoSKcoE2);#*&((9`
zDAu|9G5_l0!hgl~?Eo%^{HTHSS3Yuv-v4eAYtO~x%;d68mV}R^XN4JMtXCVus?EMN
z0y~jA^q_3nh+<dr^sOH^sh@Xe!`E^A_hZ~7Lfc^EN`8WJa{J!OJ{QCIj^e|jx9VV*
zp>Nr`TfejT{TjdboBF$Zt97(!UqNk;*KX}qaN3>8JjrRdascH6N#1?Fcb8?a?73Wg
z*m|hR<iqo{vm-t{51jZgu7wXn+T+8Nqu|3|r?=*V({9-&lP{4jL;naLV)a8-g0WkA
zggIzI0k9e?nrn?RygN0&lnmxCwc_|Qk;4__RqZgJE6%2M$vpIpbl8TfEXww0u2jUB
zD(vt7&H7Yhx5k0w+d!^2Fy1TOEqX+2x{_nB^Z@Hv-s5WClU=L#cwfotSG$b(-)`f~
z(q-h-G`P;JST@SYXc)~Himp?(xi9oZ!?=+X%b#zdO}e#dgO!7H=v!|5c@O?P=dxVY
ziTO}xGZ#sGKnGT<{aJ_Ryk6VGSX;7Z&g-*AS~+p}4ARNf%AI|jXYvV@+a>)pYF1WQ
z<6n7U^Qm9)Vx8l$E}i%?Z63~ean`aO{h3c&$~qgHGd;eANzhja9_7{ese|3B6~*9Q
z!gIwrO*u<?W7+Vn>C07L)~w;-a~O;NL%v8UIChd7rnz2(d4--IWPgCpw~@XqrN8R=
z{;<bu>gg3WzEbe@-krXDg(tJY&$ulDuW#1u@XOfGd~h59R~E<SjT`MBF`hZwSjMvC
zbqHfQhjo=D=#+8fY}5g#GgOio^T~|)Zvs~g+-h=Y*1MA%T*Pg6VaN2Wfq6h_M(MI$
z%uBw>I8Wt&y(@M4R`karXx08u@lj*F9(t5pl||0lMYOHwtdU{0FU%gxmyl(Rzk$>_
zh&qLPI`ztbn@+uNqNCQklhB8~LaP5t#+tq>PuEM#MEXZIT(-{Dsccy)<EN&RF{Frg
z7g5&1eZX@<C?0;{u4Ih&gD&mC)11JUOU_M-RnI_Z8ATn+U-RLIi$7j`o+@;m1J??M
z^#j>5(OAx$#DUL3*R=;P|4sCXPi1@OyuK6KvpmQszr9nZhE-p^WY+%O%Vk7n!MDas
zFGTJyK>o)t4n~vTVdoT(H>L4Zcd+S6<DH%XH?}WcTt@SDqjSkb&3}J&uH}cM`y~ff
zuH_|9a4rKr47s!GriaM)xsbgs@S+HxDhs~Mg(q%gsBVA}*nFUADKa0_8j$kgUL}s|
z_(st=h^5#r&8=(ki3*XW7pYhCfp1V=&o$oH^Gr0neX`aV+p*cqzm&Ikh2eT--6x|L
zYpnZRJzmk+AJw(2VJh>J1LhdV*JJ#Jz^QRw%sf=NIN42eUN2)F<vX0WIMMjzfl=6j
z?6b?3O-?Co@EV66$eLTa%y)Rs>r>g6)?@da*CoGG!J*id*XU8czO%6#J!0mnzGCXp
z?xr4<9DaS8r{XPlM)@7ot9e@y`c`{Vz0lX|@aV;*Zg2T0Pp^iIx$~AiOMIu&EUz;v
z<g;<c5#{xsc`LcC+T)k;3OR_ot$NfqR_@Ap;40kR%cZ--!+LjSc@f{E*B_#7qj>w;
zVrR|9&fnR<IDLG)nQJSbM?T97)GOVjInGq-*PP^Kc$rN+HHUmv+3=h>)>&3w)_F^B
zFe1`fB`;_%Xj<qm_&SnRAA7rYc#IKcXWT#0_w&`?HMSao9cjk1>^vEPehv&|4FvzL
zx*neT?#&wxY;ztqV_<~xt#>Ln8{C=)sQ;Yj(~uwS(H%^ml)T^xC|`RU|Br&xtUGv7
z(A&vBVia>h@fY9dJ9BAQ$&CpC>1h3SVdF~JJEb_CukYxfgL~ZJF2j`jQ^G#08`&FE
z58gcgS!Nwtn^I0UG)K0PGi8*J>rI<)pv~gDl_zbDzY_LhbyWT&@~oWl#Jbv)uZIVc
z=OVkUk#np$!f_pp3ty!_IE-;&jsyJZd9;1l_l+=eOdQ@wpFzJ2aizcVEMvykg?>cF
z>Cd%Zo+a61L4J4kSIe8n!U)C!iE!0fj2ZllwSCc1KZO>J1?evNWbdVBmcNtQ(;OF9
z{m=;iEM`npPW4pWG0h0x#n>Yu7u(x97phrK&%tl8b9t2`)%;xg3_kZqejUBG37yfN
ze)xCs;pR`thZ~NP58pciAL<@x;lo0c56@u-T-bw_`E=UVRt|lwJMERs!($eE>2KfR
z*{?IVUt7lfInii(K=aCMSK2EB(My_tdDZX7l{NU#i9P0)Eqj}Oum5EB>s9E=x_{1o
zJ&X3L&+F*((5d8Lb;~SIJjDp^Xh%ORCRfkbtw;G5=F5rbiaO+?CUwh5BW1<NV&bh^
z(8qJ}5d<fg(i|gLhK%GgR?jxqK(xkS#ks?i6%%~1Y8bo`tU<Xq=1mU2m1k^b?^E2I
z_LrIGmm>3$H!txK>#V)>(5ADjJ&m!rO}hzfsm0$P$$p*%f1P-GtJv{qBaqdc^KQk|
z`(PifIr&_3PA=P+xW8%XUFgwwbaZjd{7*K|nFBH&$%RZeb0Jrlxsd7RyrfLIkef42
ze^I%RWyB57#wWO)&mi{nXTS0XL!2Gp<PWdKCSQr~gpO;@k^BmMraZ=#?BBW_ek}G`
zdmvVjBPl(ooYVMoy^Myr_>|MJ)#GTJ=6X49d`5DFrIV+*edXgW@Q-+9+SK8bT}jjX
z;Y(?rXU=`;ALTsvab-3PV4mdURsI#-x&+@$Yd*4<D~njm{J3ezX}~)9mWnTm&adIa
z%6^JY`I1LNr+h-uxsW;O75HgKL#J%aK4jRTX*M(&hnj{+*7wp*YaU{)E5zn*4%;U^
z^gltaBxb)-O#Te^BFq@m8k&3nH~zbHvtl(1C^w6?$q&;R5b<IIRg4$K2F`J1EYzHC
zIREQ8*XkgA(_A7*eBhind)l&bcXOWX8}PTsO;(=lD&Woqht|Z*99DQ*O1+BNYdmTW
zY|cxV|7J1&?c?gz@H{eM<+f%vOrifX8H-kKtIki#3=M`q_{~F(w{aH0X9s5qIK8eD
z$eZoeAe-ypc^*9Pz~g8<{l#bUZ<Qx=8MqAgRdgMpecUzY^(ip(Z?xCqJZCPdIfdq;
zv*1^BOlCWE%4f-%b$2)mT78TUVyuy&;QVy4nzYbJY_a+!3!W*qqqV$V@V^;9^BBzw
z6PXt-qz>#E^_~-!o++YkFY_4n*(i^1r%Q8U;%efP`t1eiRNpzcIMZXT&ityPAA8yT
zs5W?c{&$|o_KjIC#apgA#gl%_v&EAl;$4<aZOJJ*cuO8KsX6`c&A6oGPB4ETZut>S
z{fG-Twv9Dn<Bu3i7=j&^?)tLE5>lY=XkrN(w}-yPzKuBJR{YvZe>!o5`V1?Ma0~n^
zqOYUl2oLb=NO6Q7$jgD_tvEs$`Eue2KH?{%m^0@yR#5)L5fa<P5$*=R;s`%Pj+{6`
zBJ=*Mi6cydmVDv}5k4bbjp|Y8eaYE_;K~JFd-3(IC-2TtEWwT&<Ws)aj`Zb|i5t{4
z#|`cdXVc~^4|_c*SA?z@Ld?L&e0U#Ye7)P(pyw;m4?~eHeRpA3ojLd+=EtYsf^NV@
zl!7B)^JL0?%v@h(E2&5G;~tC`(WP_u-bK!Zhxx`@b6(HbMemvA%CPIw!75(_zOne8
z(Q{!hu#CCpxp7a%h4ykdZJvdl%A(D^T-_I{oqlYH`p(A~i*9Ev?Hp{kvk{tC*zI&-
zhlaFjrxmYMJNJGA-Q}^`SrpYyl~p^Bi)rWkb~~riPU$DwTb*O_#>?Es7n(*}HIGtT
ztu}i<Rhy&p2{rZ)eM|n5HTLnDO<$(T9PdZARkBn2$<1(V)w_F-U0YQ~KYbpy>Q42y
zZL13CC!<Tr#G8k)&VxK@E+l<uaE3ykL++q#)|OOvST^k6X}cKj|0ivicq~~gMK36B
zTgraMA@E-I>}>NhEi}HbQSru}&t}i&2EN?(>>B9%qU_mIL)+T3zw+#hv}eBu|FL4v
zW_|rX!=8<zoyUqjt2x;8k>=*(u}eoY_lmV=r=TZ})w$Q3H-A3%Yy)^=?b(w<{%g<v
z9dogG_G~V^mpv;sKRE;9B=&#o{%rQ_5BGn$?b%PD?~Af$O@rIovmAK(McT9D!GEmS
zv)|qHpJC6+Y3H$K&z73wy=7nJ%i2%bmpz|vTK;b~F?657d{^tI#D8WW>xxZ2!(M%T
zI{Phe8?4+Pt*iNmPh}0wAV#Fvwn46wKBM<;9;uG&>^dHespAUjP#$0Gx<mI#);T~;
z#P?Sc)6hC-+&KHZN#T9&6T_pyud{Xzp!+m$4$r$GoXLE;(LFh=IJk1a_Vp*m-(UCf
zXni?7#Gd~O#X+VppRWU6^JSeE7<Tswe+7K??i+?Tx?P*|*$29hdNSBUTkpO;te9sZ
z__W7MbM5uu*Z!_ba&vt5x7-zT5;&Bnt@_^PGdAC5aHjf$Ts-FTTE{NtyeU6(lWvqN
z>d%_F+ZYy`-y+@a<-N{GnW=MqR#|7HFsCuku5-@7)me3)oNb-6qP(RN@E_#2&Ja_d
zN8@cgTYb>_JSOF{X)Y@Is)#WxVXbE$>voFIu3&AY9y%2hU&x#)Hm`C8al|5?vz8wz
z;j@%awd+0VFQPm-Dv@c>AYDh&UWB%qXZ1`?<s41g=Sy*M=M6c?z-AK%9Z!BA>jFC^
z2g)zBaxODMzXzYrr@4c33aj$`Bc7%%<y=<M*7dwo&ZX9F6_+09+ejW_;&RcOPadJx
z@Wq4Z^Pb}7lSc7@{$Q_0dgy8B912f#_Jef}WJc(0WJ&R>mDFpV<w{=Wzrw5gKLxLL
zLQ5>KrYM%(oQv5J53F^u=-ks-S-8@aQ+J5-W~*l)R~ly;Pcz-FK=gRZXWxhRnrJ)~
za#or(p6H*GjL3DgXC{3<lYYH}{?VCSE1^+iBb_m%-+hU5f7Z3Q9qc97`J$5TnT(@R
z;vef;Rg8<+elA3oqn{1_H_3mmPtm8-;>iD2TmBUj6yG|7&yj!0ekErs@vhZ5$%k2^
z)Y(d(ZXC4M1>MsvyJ7Y}{o36B+l*HI&;F#A{^z`?=Kklrygx(74EnthJy6=e?O9|#
zVy81{!<&5G!MOjt<ztE?AJn0}Lec$SeHMEOcy8*}sP)|f%7`Y;2;^+ASY6SYN9ku;
zJet86DH`f$U5uO@`b&GeWFwR-sr@iD$b2yBKCvb6MK+@FEQep|p&3Js$o)K@d8$2L
zaz1~4oapdFb>xs^t^T2JV{Oqlc^++xqV=Wt^>yAKjV-zkxKebqV~eihceE{X@Lo<|
zw5Nw_(R1lui_aB0`x-e>9#*|=i>A?6v9_of`{MWw(K=4F4>f7;9(oJAzJ#_vNO_%w
zwi4NWhVPa0jKCl8r8L$C0;@C0hoRSHOIM&{>L_;#&$adz*M~{)N64dDr<kL1!k-3r
zO>EAq@~x2*bXDZ#&c@}#T|E}2&$=sIjZe@MxzT#-7VhoSey$>9XGh{&%ZC4@ySY|7
z7`SxgO>6XSawcn8tC6gg9q(U9{_*rW_LP}xweY75UMVNJFS=Q|@}pQ!ufb0;I5Y9Z
zuc9+_&gvv<t(1Lu>tf^0SE7$zaJS^Izlg4$3e8#2ki|N&vsRi<{aUM6Zg(kkkS{R3
zl70E2qnb0|WD}J`AUbrO(qquz^S#BIarfogx3+~mVYOoiIq{tD*eWN!_F!yIytU3M
zeW5afp8{QczdRE@Hq*!WZM)Vw++1s|qFq{Rh4+;And`J#Yqe}rj|SFP@bk#qv)ih(
zzSQ4ZYu0*fJ^hhs_lI~<%lVf&J5g=3*2Ar~ndLiNb8VfUBL7-)BRO3}|Hv<Yyq9&p
zU-X`itfN?G{d4)3dmjH3^c~$izUAy0@g{m*mAx8fe)e(jN@FQ{U3DbSI-0ldgtz&u
zt9m)pU-{WS<iS~2O=4ZO*j`s%gp6dnlH07So(z8ZvdTReh2B@c5AwaStn4T0%Ws92
zh4`C^tktp4s=C--S1kvZa#ge!QtxuepB_)W#di5yDPO)OeYx`J>KG%!^ABL}n>9Ur
z31fbjCndCoayqBzlH>gAe!>41SJ&x&##IXIm)`__Iyt9nrcMtF?p~e=M>)Tz@%;m2
zw3PiYs$YBIxA5DcWg}x^0<<i0B`sV*{lY1H{{;3Ivu+JvO8x)vq=vM2@#oZkDRsZf
zf0L`5S$`_{Zv%c2_5X3|tzi?+rfD_5$*GC_FZET;8f4d>9NNZjXCJs^zlM8C6r0`t
z55=xp=CZY%MWVZ0)&E}RvEBu)@D=1hM$cROWy^+iTqfTx(>=R&*<YT?np~j~@OzB(
zpYy%Rqq8M_%o7rsFC?)yz#Ygntoq5n*{t(yGB~$yE;^`kgR%K|eaFA7`@jf1i7z%6
ze^h7beW35yjXH99a(A)^_@{Y6FZu4-{Il*mg51gxRr4o@E9d`pr1CHdIsd%U^Ouq9
zi$?{6o*TmJi_Z@hCUS>BALcg2=LMVkkXPH^6WsZ=G3Hr+)B1Cs-vA>r_}+wY!$9kd
zqFvYd*9|((SeHb9ErPxVXktGpbE%Y_)8U=w2#Z`P);<7xo^&tsq}9JnT&}a`eDqK8
z9P+V~YR)U{Mcte&Sac3{k8|3airv8`&Oj`j$Gx1aZ5Lfg{q}tbZ(y72pi?wz-ZzOe
z$E!To566BDt)wki>-YQ{tlzY`fZvUmj)%wNSZf~3S+gE1_Z;1KvEDI07h`KR*IkTU
zmByLtjs`B;zZk`D`4>9BR<fdb$9|n_h%J|IiGFCFYhY{R`lLJBIm`BsS)Atz4j1E6
z=SS}29=rk6Cx2IUHJ*m8gXf}m3G{l&Aro!+d`h2Znr&)*u6&wJzvl1qFS_zuuqigI
zd9J+8(>mx9KTE+UKIRiAko@=V$$7%S>z(Go@&!bXe%I>!c6cA*%wd%&<#+RYetY$v
zzSzxs;qrkib{?p+bq&K<lhv2I=7<ZJW3aEWt{;BROys*l^D6p#Zl3c0)5!61h3+Aj
zTDE@%ep9Ru?Sj6UDg%vc;a3&>(mY1|s%qv}Mrac>X`a&^9Ll?{WDfe0+5wFCrTP8_
zlkSYr^ET|$<X07fOECz^;IGa1>7my%)vmVtM&q47E&n~^(3r(l<gV7TZ$oXK1s-p=
zjB@11%-b&|e^q&kQ-J0Cp}4-L^ps!>?TbKWOj}^Ee-<5^n7}7F8{_)5y%SCTkodU&
zhepL6v_*UxiX7j`SXQh-u`$W<KJr%&kiWVXIj)K`w~`!JQC_m&lE0b}>Wv%=hvZni
zQjG08HlNB&KDFLIdNjU9P1%>**LVo}j>gyctoy@ua}IN?|Ir(scI1EjtNX(ez%Tz}
z31h>_>+=0~f7lncKkNtB|95{F<HNMkj-PgSL&t0AS$2-Q@|SgXjB?zi&!Y3(mCt+`
zzR{1-Z=WWg`DWxkUOsafIxU+VJtx=wYvj7`aQjCzkn6rPD%brPa^0`CbKO_r6DiMm
zAUKsf&L(U#cf6xK=eg#7>GpEpdo*bOZ*=ZE{_l`yIEy$sr#xx8mHR%09QWwlchPZ`
zndhE~J?#<t`y@|=pFH<d9QuftDGnm~N}%1znPzU(L7qE%w9)yZDLT)+2R1k!P1>Iv
zO_TOUKZ8xxIoYD=1!!XJ!_2?Fl6MB@z5arA9{C47%)Nlxm)1Qro^t^2TE+cwH_AWY
z&QgAJhhDH0AGw4*!X4#ht1qMTvZrF#hf>$4%gas=jVDGa`HIcUZpLrsWv82Y+0&>a
zjk${QvZd3D>{!8(^0FOVv3c3f^Y-$x&G*CzRHu02<YhCr#dd2COZ$1*UiNuuJQZn8
z5C5nb{?{YxRrtzY_@wW8&u??jq|W7*zp7`#eY?3XmmVtT-nsN0R=z;={T%5dEkAk&
zGE$T$c{{rJ=Jnt;<D2J4#W(Ye$W=U_d6pgDBwqS?$9w;FioG77I*6y9OMNp=Wv?G|
z6O%uzNysl8!t<he_>t@zEb5Ps&S$KjDnEQ6aEfydIl`J-Kj7r+J8{kv`EABIi7)n2
zUDUxnZsxjcbUkUOx7-2Jy#H#nea0^PYZX7#9@}@hbGO#*AF+|MJ2bweKc!3iWjtu^
z6>@o9!C-&(OZDaKc-rU1uZ+DPWJ+Rgux<eNDc3vuZM7dXEyVsF+NfBiE5xRiVRsM*
zRm`%s9iI|9Oh2^6r|cg3A$*rSZGlelP5Vrp_-phY-kIQ5U7yxx{g#dYB^&>i40uXA
zV%JvH2CZGLWUWs1tYXZ|zB~&oy3vfQIcJ-Upxx+B^jRNsP6Hp(6{noWfAm==PL6#k
zdRAwhaAvtVcb;sYIWnH}M5YD3%gf=*^jXuw<=`wLM#B7FXP35frb$kC8t@z8^El=M
z%HbD&bm8W4#A$Vwii3YF_;bKt3Vc#ZV)^au>WP-K4iro2Yx3vU!3cYcTJ1gaaHj-w
zH_6dM<hZxpSB9Oo>G5F`2eYqC^vK67f=2Br8{E97Y({u0c4`Ri9m408tlujxEqmIN
zvfU}S7P_y%URA+Y#fYu=sC7=h^vM)#Ruy_r@!^%&r?<gV$^6jTPsQH<>o}X1{X$tb
zu6>&CfXmCdBW8K#U`}}#F{`)H*U{xODeouuS~2w^>M4w}InUBp?x^!wIG4Ae59hOZ
zp<S`)KAzUGXm6YIS(q~;N4l3w^Q`ForxD^K&N*bUa+-A%@!RP?_;SywMnm7x%&9)h
zKAA^Yrz%2jqT{)>JUh~S>R;I>^Cb9>l{~DQuKmx*!^)<e$50;DlZssrG4<}J-zU@c
z@5gRl@%n2%pS<EV;4$odGFPFm4PVK`Wt?+ei!N{xhm77U<K<3vS8~aD2K!~6Pn|c?
z>o?Z@yZ6kDL-+q*-0!J%arp<a>*8IQr_0WLoj!5a#cSxBE%-X}t0(hZ{@?ZHXIf}x
z8utMGt*xJSH1_Xj3%=a;Z$9*WQTFdItWU+-KQBD}BJJNt)OoDfzsIir&#-?}Y3DIy
z|IB@&Gyk{an4oi}LF~SoOVJa@>b{z$t3Dt5_Yd$m_Rox|u}}0p)@x+{qHSM2x><Iw
z&%N$&t@es$8j*ju?Hl!f)b`CKMj_j$wYKs2a<XSZ`atoG=Z`Zg#%=#>_UypCFSkAW
z6ZCyi_ADFz#oDt1o_&$_Y$W)P6?^vKmH!#`Y%T3P*6i8y_IQtui&uG#kEA1vLByd}
z^3Pho;(e9)!0CoR@(5=!OK((@yHI#4arsj%|9C0SXX0BcFXay6^`CeA`;@+R{9APp
z>%NEjif$w>t@uBB?M{;}ttqtRHNW1cb>5WP^`d=8hqEVW>S=BFia70e+FaO9o3H(X
z+g#tLb(_z(+gufI4}jv&QEfk)cAdpP_s)~=)rnlB&g6S_A>Yf@Cg1DF4_NtL%Io?j
z=X#YAqf9)7HAU`cPa=PO=K#(qChp$Q)rd482RS~&yn|sBcV&@J8X+!fowwe_h^!=s
zO!xSHKpEMUCH-9$x>Hs0`JdxIHIiR60~y&z?$UbpR;(nRDtS_Vs($w+|Kln0Kh~1}
zv6wuPqBya7onI!MEBr07`n1r)Houg^)JP7~o>N=rW&M-ijh9{oFD@i6>jLt!th?Kz
z?|l6}G%Ckxt#VArBVs;h<|1*1OvUGwZ}na1jLo-t$)>gHQ0qLVEPgAGX+7`N-nXIS
zNVyyl)(QGCRu8bo(m(3V67|9AZB0w>CdRDw=xd2L`(w^tQ+yoxDi}+g_}o_KYxUxc
z8|Qqj_m-XeW-t4Et$SLXuQmLZmN@w&a40sde5pp_<fUeu+&N#XmmM#Ek6h_qoUe64
z!}HDOYxOkG*XoI!Sm$DCUAAXv(iKPYMSBxBKOyRTt)30f6L)_XnT^IX4m^%8dbMIP
ztVazKe>q=EYb)|UU$)nrYAG9U&1nVeys<I&yWwYERLp%le4I+#vu54X=KQV6#NzYq
zSp4LeSbTn*Sp0Z=QuUk42tJo_azgX@Ti}m-{?@sz&fij>PHuDlRxk7XE%mKKYs)(C
zd&^F+`&n&hS?6utcV@W`bHO`4lXr>jmwwu{vr6`YOLv6rHMDMwjUR9QY(DITC0}kI
z_9W>0qI}r9;Ggtq^qRzDJo_Sj*mCe6D?aS`1^*d7Yy#~(R(#k>`>d00*t6)|c>LE_
zy+5($x$<3=PyaN!Q?}Fb`7S=OwO<&oOwcZqcVg?Ze>oX@K|VcxOZt0!ZyGKCsxv-C
z7yK(Pcf+>zuX2B6`&S!`KnCYqw)j^r%fGtG_OI|+rej0m`B$Z^@A~@rgF7BGlm}tv
z4e!Jsi+<jotulQw>i&RwwhyrUvW*$83i0D9>Wk-N?Vt|ngjgSoyVonW;vdz4>m23}
zjpWdq{+#moKWBd~i@LN2wvIX)$-Vy`XFNye+276Y#!K_z{YCh57jkdB<<B+JF8T1E
zHV-~Is%;+HwvT#a{lGg@@B?Y<=aF~+QST@}kh=EK#tZB=w&w?)$9wh370?lz&z_$3
z+1mX_=$OKst?&gS@VgJ1mVS}@nxCSs=zYyT+Jl@O)xPFW1~A@^aL+|YzVAP_9J{{n
zBNIO#-?tn*vA*wJ1CXiz`o5;0eysSuTThT4NDqxr-=PmKPc|yv`|D@(eSbLT%kBG4
zhQ2S#_g&Y&t?#>?XJ4f6y9xZqitk%|`G1D*djah{hJ0UhFX`pjvl!p^NpG;V@7p8B
z_r0%I8{fB0nMAwHeD-HY`^_iyw|rmaS)ai7HvY$}R^0{M4^z02*ziUxHrx$)pYdCN
z<PAN4n&(ej&lB}L<c}0^k3!)pp0Bc=C+PWu!0Y*aJipI+{t0Ju7tSN^)s96U<acu{
z`flLvw%{6hKI1ljBwgjd!Sioe&;QBunb&eA2m2=OxWS51yEyw_zMOJ$gzIm>C@(tW
zU{kgBEiS<aX1{QCNp~aiSKjFi9>M+DhFcP83-?A8+-3(~9Jq~9a4$Ld!fo-@M8W;W
zgzFx<5`4}X5BuOpRlGPU&r9>j0k_Xf`Z;CgdsUf!ee1n*7t_~*ttZ~7^Hmg|R4n$h
zo?kNpe5RiVzh~aS`5)AM$0eLe!I?{i7t$veT76Qc=jZq%S4uX>Z7)8{dOn}$T3;xn
z4TU*Iq?q3`h!a(-Pniqp91K72X7T)X;?;Zk9(NwYzLe;=xblb9f72=V7UwKAvKIO#
zc;A92SJ2P#_*h1~IUdgp+NiS=gzqZwbw_6Y6@0tcqw3%r4L-@?TI50fB01C^Sjpr_
z-boJQ&CjCS`c6-c(Y9xidC8I1K5xZ<m4jc(o*?a$2~kJvc_UB3+x6TjdOQ31brw<$
zXMY#wvFC;V!o^0#%d7H&weUWX^?~u+gQPpo#?MKvUES0)<j!8)uer({e1<t@eH{7J
z9JAh(#U4>{{2rkYe7MtmZrz(T4t=El*~{LX1Dt))*Bq;9p@V(3Cnq!X5OHGFbr&!P
zpe0^iFH1h`u}}yP8z?LJj933c>KCjt7SvYhh>>oK4)H-}LOJ^YoI6+~TP|pOmHyG$
zGc%#*)6PMs+jSS&`&yodPU+zFW?M5tR}kkt5B;e5t#pvyz2-A2u6w_&?{~EKqdq~|
zt>BX!J9`N74D<o<X5Doay=TC=->;O|w)PCPoXPcn?|#(ICQsYBYc2V|_oM#*z903S
zOIqIx`k#6~>Vq+S_&o1NHSYd$&kf(1b#!yXBgKuRPtk$c@7DLDewDS_BJ_Cl+Q=lH
z9cg~}uiTG12K<^IF2R=kcmMkre?RK)FaGcTcgBag|DAOeb8h)Re|GM7a|icvE>7d6
z39M}xfqK>tG*;NJU9pwi0{I`?%zI780H=LndBou@T#dXJY!i7QjqJ0nzlnSuw=r1r
zmQTCZdrA*`A1Z#4eBgWRwclChXId!Gg}exlbq8|ve$(#k*EYyCl`quD*@fo;FPciO
zHG&53R^;j4&5Y1HoTCw3l^c}5T8pn3Z_R%yKB4Y>&EkG3=ib*+%E#XO`nC70eW;Fq
z7`;z)_q(hsP`~&_Oe-?hq@O$Kp}##}eJ{Sc@)FdBQvC4t&Z&J6Uws9>`W@_jT+dyA
zCHU%<oomjk>0EMNuz&l0`rFKZUhe<t{q!34R=<sIl;5a5jprj1Yx%A7VtX8FGSB<d
z9kJbL<6HFq0bt&-=UP`Y*YYAuzQdDibMPY*4_kMqYOclJZ*XQt%?UC?KcOzojaHhz
zczS5RU6<O~o-h7Sv#+~{-mvTZw7xj^shIwC9qU4zsknABdRek_*z7ZM%{m(ubLh|5
zJ&^6~)%^po|Mj!E8<)Ae=Bc_@U2~>ECJ+Dr`PnnbdD9sR@$MSbJV)mv40EM%4H@S%
zc+xnNJIy@1aw_-J4f{jS<z>kHaPFXdmK>+*E3N#eJkGDgN5~mLS(RhV=Hz>PIaA5q
z8|yJ9PW2c=_aoz($hz(kJm~S}c+r=RPpxww`?%5?a>-xvatD{r!`RBX8*ieU4AwWT
zdyz9jeI~F6*f550_h=6Hbbn_DcZ92+9mH|!885nrR{7r1`*)-7j}?t^=_6*;Odn?i
zIP~f6J>4H}?R9>4SvGeg>Kx9koT(vtbvB4Y@02+7?j0YW-l@>L9eQKOl9`WXo)_Q>
zX`Ql?bt;WPgB-13|6KE2fcEsY&IQmO`48V|eJ(&cIiQlieeltd!OyyXznJ~{(&cYM
zoAls^oj4PO`i?bSelhJh8eRSf?fh4D`B~KUX?6KM=-|D`@n_ZL8FoK?Q}m<DcbWK%
z&_X`de{<=#M6=&opApucF25Go|LXF#x_sT+lKuaGy1XWQ?CSE><KpYaFRLyuX@}mU
z(dE~%e*IZ=`E2B?n6nBkpEE7=dFt}ybW0c9Y_F})PB1DuQD4)B1aiE(1rJ?y964Uc
z2M>D^0+wDdLb-LshOse<r@!<Aqhb~Fr@VTf`Ap}p4B{+cua_9AQFC5B=b6@ZWpCRd
zBZ#ezxIS+Bs9(N2P`AMd9DiRF+}XhOXo0J8`$vR0A4linSm%o^vF_1ko|U#Rs@!PG
z^=T>hJoj7nt34n5uE4>2Tj1u-GXhnfUg1j5k4HMR)OpOac>)j8hI-Ck+WCY(Snl@!
zN_8f4CeIXC*|K@Ah07|*zuC`R$!SxSr#E<(H{&tuyeuP7Ioh@PFHv<?c}@cEk!CpT
z^5&HrjLmmbU(jp($T=%E`<I+AgMX;=VzbHLo5~!?JpYq(jH*1>4KL+W^wpZbuNm$o
zKfiuM?udMSj?NuXYX0WEJ~iKDzF5azgAZA&A<yqe-gjH}v@~8ikv_c~KlHL7eQeEt
zIa74IV5zHCx%Zw);W~b+&QgBY;WNB%zQ1O8zWM&z@H=`B4PLz;&AO$2Lrd+){65<s
zdDVPRdHo*Xk8IL!Xv_b&%dkJ=^Qe9DX|gz@NcGn9srstyHWt}!<Xm#IjrIE6!28a2
z8@pJ06kg>FV4aCt4So|3=Q1VWdkVLH7x7!|S*`lPpB44qtj}(r&gHK1Tr<3g-!0{@
z8D0<lm7Z(E534-wt>U-yUca-{KH6WQ_q4zMVAOkl7x7#CSY(!`{^<8=PsHNS0=>V9
zzT<Z@ety@7c~4)?=Dloo1?`Pq|CSti`?h~C&~0`(ClB-&Y0BTUVg{|w5gKg-v@WJS
z6fZC@kPlinzzAIbR@2gl_<c2V@Yu73#N+6*g`D|9v3X~Gn&~f3)t&W!$Ta5*y0hNL
z+T>u)7i#2Opf|6z<_+7JZ)7rO;4UA|oyV_c4zK+aZ`k`Min;S$XR|8rQ)jaGV;ze9
zv-bW5-NV~Gbo^NEj_0fiowu)Zi8kPeJNL{tAaBln@-F5W=H3j}=Spdpa0_2F?(V#^
z_D)#1KhC#sD+fSlDoYPX&n?VYhaLZU`pvd;<E*1NALynTU+$RmxzP7T<s&W8`XBur
z9dEAT*^%PS|H}D5Rp38X@{z7X{wn_i?$Pc?JCC7!B=dZP)6tJdbML6mOw}0)(wUl{
zcR^1atLGy;bJ3CVa!+7STCb=*X_@Apw0DT(SbDVwI-B?=c$~c40(7g+2YP@rt80ms
zzcA0g=K24}-TTK!U0wPA_dOF}CJDbn5+JCVfM^o%2g<Lgm<gy2!5<Z4t5%x;ZJmH<
zW37eygMqZ$V6bHrwZ(QxblqmgW=psDBmMC)sNHXnZdbHxyZh;`6KS^z(F!P<sF?5b
z^?uJgnT(S_cR!!U_wo4tF^_rwxbJ(<J@=e*&pG$pbMbp94}veCy_Qy+h5sYO98gQn
zH_cDv*Na%ztiRoeyq=kM58Bs1u?Ow1%QZSBc0ajB|Nod1NOY)q>`UNVdd0n#*)i_7
zqUE787q+r5dNkeQvx#qal1D*xxH`tw)BZXg;}Y8a|60e8AMZpuM*n61Jsm@JpGe1e
zBT@Is=omkE)zLAM_ptkj%@9xgpFHdDb=IFk=tzyM%bw`0zqRONspr>qp|dGg#y#t7
zKlP=abyi58m{!)9+%o{4R~huRzwWHFPo4$ve*+(n{uTJBLcdML$6ogO3LgPvonouL
zW#eON>}$m2J&nwJ1|5hsp0v4I70V?&DXy`ZwZIL0t5~j1zLBqcXis>4Z0aOz8OnBJ
z%bXaO>CO)PU(t`QvatD0WMJ8p1GcPq!5`VmUQ^l3U0iQs&5az#_C5J!cXZ&7Z)T0K
z$nKko{Df!Wfr0s9Zy$Tf**iANI`CtjX@1A{>+8n9z8cv7$h(03U3ld|WQeiKUn>ll
z`Z)SKd2s4CLqq!hF>ID16V5q}I<V{d;=q6}GV%uB$aWsb+L(B!mb!pB^3hcl*tpNz
zYc1*W0f<i=UnXl>%*}DWmkev5{`eR(|61yKjh}2WJ->(N0iJh^>09*JEMvo>=O6H$
z;L!EgDASQ)7Id?A5u$%l_ORc_e6@vss*eYex1#I4o`(wlNO`xfE!ZUT1#GqL8-MR+
z))iRuJnZ|AU_ZWv-COW!JkI|V?53jTNs*=1iy~|OSZ22wzm$Bc)b$4cf8y6nJ6hW)
zJjK+n!miT08sG}@JY60D$@{^v_T~(Z^#sOx4Qs0}5U-ew>o(RARR0%%HTn5O@Q@7i
z8~B6{0{0-y-JZyr+_P+$f0}^#DgK}3mu`IIYjVbiJgnXf<eHbbO;7Ajdz|uO)9I7e
ze(r~-x@I}Cic@(8tt@yxf$s`SIM0v$5nlTfxUcn;zZOT2?q)AvH)qkLE9Z_$Tx&bR
zp-q2zG0sEUq4SLfzv0Za)VkB-_m}uvEPQAlho8W)y%rArI&0ik?57iedyt;<Vxkk#
z$DS*#Xgm1U*bR7dB3i%s=(D10XAN<nL3aEYJHLf+@H=oL+Ebnf;l^0Ic2dUn@uZgh
zwaTK8rYq|qR(1>WM)()q22J5>TC*HzFtmqUSO(wG-h~<qyN-$|@9cK2f;LjiS@7+-
zY0Bzs8NFM|H=@IL6EcT<y)XOy>}l;XkrHbjenxb?(>J$zW`<XaZzn=CtF|m}Tm9|I
zw#F^KNCvqiH+wSMwoLH1t=h7J=T&Wvue7jqvnQM9Sv<dj=a;u__DtY@d|U0`T-CPb
zzAM|pV<)vWWKL|$Xlc0U8#y^`-^iKVb|*2fI>$=ui>?ewU8D2iCrOG?D0Ss8XR0o2
zv}LlLH@nm~Ua_R*uXWq{R$(czAa>r6=6MY{sq1kr9~{FM>gFv`JCaY5!SKXjJGB{R
zp=@UHH?bV0Z$LA?$xd6(jWzR%;0wKXc!QiFvz>QC-xQYm79?Q9ztoBjt#^{Ks?&vA
z&w6;T=c<3EWt#L}eG+~=jGfb$PeqU6=St2oazdQtIqe5haW>s~uKMu_93N_9`1)n{
z#8W>KJ-WOlT=`CEzEZd%rmfVMRR2)Fb4$&stylU^9cm-Fe))2`$1VFv^sf4>BFXN;
zVdrG)x#(~Zr|3x1eeoL~X*{nX2fiy9qMPSzzPDj3aoVh9?2q5I*Pfe>-<9-!p7S2w
zy*)&k_>@NKNmDM-FJsJLJ*wYR#=Z?3)}%Vma_USjn>sGSmx13*U|!_9OT0ULT<7x3
z>si|0_?M;ZarX7T!Ccb9+VbO`=UXL5-REoUm~dxY+&UzmsxI;3XVkfC<Dwtk=8JxC
zv!C<9GugMC#du{$kK>=0e6hbV^CFMo7gzoqoxvO&W1e~%9pRaS_eR}1&jYUMz*NAm
z`0b_r%imcFzWu#k=v?ql0oDc9l>N=`-TUg#Kfd(AUwpjm!L#^AIq?<WEg51Z`sTCF
zi^%U+o0uQZbo<=n>2J)R(X=)Hl&0dhJ+$HJSNr)lndr3Zt*CD^aaG_*?{fI&-K#FA
zKP%{075!UIKP!>VpNi6NTNaMy7ieK0yK*N^{Z#PT_n6z<xj=Kn0Q~zb?>jh?WD)xm
zeBNMtrQgiAyuSU?8|Cjjl7;N`o2PtJSl6KJ3#)@=Q@vB0*!OP7?dwdBKjN$WHSs!~
zyz8T0_nmjV$#LJm$ooy~^XdGjU|Bz9LSxPRpD~BX_okSu0Z&1%;3zz9=WeO4!iRqO
z^xy+cMV&j>&+gp$oR!_XnX^HwPBl}|ZDYPuP2`4g?Ct+}VA0QjtMg02vJ0((ro!Xi
zdV`*$wp}<}7#;@(WWXMke}VF;?;quTEinF^_u0ssN0tWrzIz_$0C2yEvpU0y-+OUR
zB#U?Ub?)4VkL#b)4`fKJ+mpM$#5=9&uGLobj+rJ}$GNYgox_11^KwG>+Mdv3ULMqA
zvICJdivy8N>Q7Vd@UU|4p6}>|%N!kTBmZ~vOSZ9-c~9@{c@LT^fu6J8TFQB^S-o$d
zgB<euW6IlK1r3())AOY~pNmeo3;VJbK9p{0_%E`8Z55VjlkTtYB%545%6!X%jDEg#
z^)hd+WSoBG*=8OwI@Ox%?fbi}dfiL@+V_o)F6q864$a6Z+>DMsZdZZcC-<k^XXY`M
z)#ZHCOdaJJW?mQnzF<bg5B$E`48j)q4`f8tpYpp+eYf6UUeu)A6^8z}egxH>jAPG-
z123;32gV?dGp0q>Y+GdG__PF$1N_fQ!SVkTCc)#ejE%Qcm{|MVJq)JBXAZ*DztkD`
z5BdL?pN%)ms*e+|q<Vb6E^0E?N@uRIuXF6{VY*QBa;@jhXWgMRUwHd;Fe;r%bmPv^
ztIw_=Hp;}-5GVMBzh@m5UEo*9QDk0eVTP%<7>|%Mx39G4_Qbp&dTe=FC1){EzBKvV
zP9JS{(x%P|EDspwKdUXknSp}YG<Gb34wm@Nt?0MR$~MoojwQvEDWc3w{Bw30Vod*c
z7XG}yTVAGnXT8aTtn?!LotRq9S6Xj!`r@_wB0WcX1$|+y*~ESY&N?hJ{~-8ZgM7da
z+P(C~DfBNNohLW8m-o_lMVGA}-~N!t(XB+c?)pq}Y_8&yKH~h0!B|<^8F-=KfMAin
zkc!vfcyuD>_N|`a12`x58)IIMJ#G$|?HAa#XZIY=TBg3ofdiVK-^w~9w7lmr$~byi
zF1mbS=`0`eEz2x&dGJxnYtFKH9X>CC&!vNCe$kvZll_@GSFncjG(zxmrr){tbDcMS
zh?ncBX94SSwZQn;8tcI0%RC1Z*Si{@Wi5LK<Mhw-Vt6HM@}*lS`&G)dp82(Ci}$)d
zm3?B3iOjToO@F3bh6z9LH{en8%X7%po3VF@qbm)go3;M%>(Q1c?}{dW^9@htetqYD
z^Etb`DQ#vvI>3SQCSFaOqQyPbw}ae?#8544_Wt3bI&}8h`@&1)2M85dtaV@CS3I6G
zz^4S;Lo=;@Uv2Zs@;uWYTIp$TZMdP2oG6s}Twn15)4u6Et6%n~i_3FqqZqhDkNL|O
zOKc>^pYahibNsFsZ5=Dl*q#MFj&^p%K*P)f-L{@BJJX6uA9?(73w-))`&0Co4PK#%
zr{ZgTgLs`w`>j9R7;OPgmH*SM1WqZFj8nyf=YXU4U7VhIPqbyuz0u@vUKCFG&c*3i
zySyotjU}AsgVT>Hgwy=kd(`(ZIQ^Z^EbQVNM=zKX>*M<C@V@d3$AQJORO3G-*3b1`
zzWspt@I!vU5z~CB?;IT|KlTH@d!O%aSY{%3F^AW9ryVKdyAI}eueYG7E_>;-CHQng
zHzWU%V?~nllTCe)d7U$F>UD;ik8+OQo!_LhwWE*UxOkJ--`jybUDMz@qV?D0Hp8?T
zZ*tBu*0%=TRx~WXj_m78iBS`O7JDc6{X6rS<{d+vX>uL6QOBlD=qJD#@S6UYDHlKw
zXH21o;pc6Abertwf3oSKwc*Ca?=_H5$YaX7&tKXfLdLZI^v1=l$i5@!Plsv$^&;=T
z$_M1$@8bS_@8nol0=MGx_rHaI6x>P<=}czXLtXqQ&s~yT%oDqZ=B_D`HFqy$+@{2C
zv&VEwte*cn_$7Zg()^-xMU&^<63(b6htlMlh^ePP)mg;Ztoz=g$Tnjpt*=|Vc$<HG
zQ`jnetupS7;H$}%JsQBy*W4x=M^4407xZM9+)9%X5sy_eN2~AU_n3MgV_li;Z}Kre
zmt=(7ZJomMH@S9BGR&jR)AJL3UC4hKzvMpD(Fe|`yIM3wyhn8=^L^D>izB`C;qtn=
z#q0dpP2y4c4K&}?(w{o|5U30F<pO7IqCW@ekKlTmzJz#2uFiR)(Za3hB=m!rg?UBX
ztDn+0q=)EReHSJE$v|((I*9O~avy?o;ZN6nTo;0u5cT-(2|iGn?PD$v_G?_g#ct`3
zE$Aw%(M=nYb(TO`WX<WB_P8GjI{Lvo{J+O9`8#kZdKuC?6S|Hw?mxrUu&_Bi*dAWy
z)ePoU{6JpjGw<{R(&I&oE#AVuOYSgx`oLMa@$|m&72>nu?Nh+(JKk}~wXvngykn4e
z8OQ@~OtPWJ_#-~cANl^W#gXna$-4!v{dvK~<-aubt<=|fsj0q?@o2iMZbOwnt0~AB
z9K^n8S*AH}I%6}<wmbfTIF%0s2WM~>X9UZ7N}*4mvGwxeNx=>FeYWNu-cJfXYv1RZ
zNbx<s88>)+O)=V<%(sUG6F<&w>J5C^RM%jKwB8DRbLRGX?2sQ7y|nY&vtQczx;4JH
zYrUynhaIvNI|O?qqV++}3S897_o_$mtDZRJHc?OL7E_%~J>RCDe=gd;^T)II?;Nlu
z^tP<yOl|6kS(!2Fv+KE>ddfFjM^wksFQHH6_?zB5JKWw2&8)v->Efz;vLAix3bWu#
zp5ZWu*E%r!>e9np5lRoU+t!+LQ_Z|N3=i>}ojOCnkq!?nUmU&8H?DKwKLqS6fPD^U
zS(dzY_p9qX{-#=g$C6%XWG?iBJ=YZQhnHM#nX<wn)83W>NAns7j^fqn;aIh5bU2n?
z``?4Zp6|b8%C@G!6R1hh$4%+s>AEpJJfENs%Gvbsxe@5&hSBN6^BLfPR+fI&>7Qui
z7Vtbbf#+Mma~M3o37*da&(N!l=k?&Zj{8h>pHlw);C$_BQ+5^oG`|Y3>@P<jzLq%(
zUH(IO%hB!d)qTVCy~Mkpdrbc&l>IsH@2WO?R?TwsKg}`E^FHL2Jv<}UO1VSam!;y5
z@v!;pni24~@+9#`IU9dhkAS~VkB-0RFK3;s)Rat4g^%xS_^uoQzAMth=kn6(rOHif
z+CQ|0^HVL~sow4t>FX`xc{;fwSx`6Dw0}L{wEtI9oy6+4<45V2tO-{+b^Dg5ue+i$
zecd~f>Qg;I$_d8K%hK0l@jM-j<@Y!;D|Df$cIn)P>r;#ka{d14Ca0}ve?i+l!3V3X
z@wU9n9w=Wl9(zFjlbqxI&c7sN-EGkEF00`7H@)}otg^CWRrgGI^qe!yg5nf-JHWNz
zt*l57@8)27cwHD>SskRFWH?<I=K`ZUu1gmX8#sO3HQB)Y*4e@KCg2U-)0kOl`AS=v
zPwHlx65<=QAIY8v?EWKHv*`aV^nY8?z5?~71X(|adeye->ZY!B)VsB4-_DYInlhJL
z{!-sP{uzv|J?3>OeGY(Qn?B3Z_ql6v`aZj3)OybFF{-^_c;Ej=V{{U-XE`$GIp*W!
zIX65%LBHpx?^DHjBlIaTS3Y0DduZs8H!F7eNyxw}kb!RdKLVaxkbxoOp~ft5ZUVn&
zr-!BMtn{$#rB9_}3UX?&SxWMP512ygvAp$R;!JBSPrWr~INsxP6Y`7aY4wBB^zzH)
zmsGvrtntqLnk@HSnO{O5p`)@|U=*+UBE$d}nEA!b$34ssCD`Wy=8BL9{gSzub-UbM
zIi|j1I&;ez75#NN%gfNoU)jg{`=K*~(SX&lM0EzO@RGV5e_7}Zt3P#2<Fg$+hE7k9
z$Cg>?@u>dcJ8ge5g+^*AZ_Cf3^z{|-d{o&)UtGS|IL8AC{4-8z@qgN1f&b&#kDhfB
zv@e`#zSZ3OmDK*7lIUN-2>s)E+WsYYVCEFw|2KJHTM7@DX$~yx(@m@U?afOMOEGk$
z@w<q=Ne;fj&z6IfFGo)Ma<RA2g&p7iK79N8Y~Owbu*<i<+Va@)Q98AJ`!#nv^NMf0
zeA7cZx}m&ip>gsE@J&h&pTj$zre5Y5>7|ktCHG`KDxGP?n|Hr@izjQC&eUXOp{s_M
zNM2NdqfExm&)CVH=*HHNoR%F?<IV4tE#%2&{mNU@S8h17_Im@>H&V{Ex8lmHY-ZSY
zvHPq;YYN@o$Q4QD?6rmNf=EfyGxOoVcJtzy5iho17iXp~OL|AWyUia@ixd&pD7?FM
z^L)EG-5Z&j^sH881A)k9>X?`GoU$*QVqc_%=W~*thXwPOFO00p46mG>^t?lLzgQe8
zqI_Y}^Uc&>ba$z3yI!-zyJJSuyJme8Iy17DZ{)La;iRsY&9<{5UE~tbx{Ld~R?qtu
zMfUPseuAXuyUi(u5sP|+kD1^-L|gL5VwaBUi=mF~37h%lH-P6Lzd>Kg@HLmzazj29
zl}oI-6xi)fiJiiKA;0AMvB`I1lMj9O?&8Rr-KRuSeJXX?CZ~L!sqciwi}4BIkJw$c
zw=B|><d2XKLVJS)-wgI?-0bVw;SFcI*OvyL)wsFxP48=rzqc7*+1wN8Ur(aPNZ0E1
zHth^rS)>Sa>kn?wT7ccwrQv6%a4jAL&)CXN{qeC59~Lvm%}HY`uVUR)G7JB%Z7bt<
zv2EqGr<j}-(=)DNk8eG6-Y-9lpMIAdE3<t`XVtA6^d%YNYpODf7pD44E@92mn2e?>
zbg2&<e@N<>ePV1cqYo!DMhQMjt#4>76Etw%C+mB8S+XDI%O#OD(-uaG)0BhuhU!zf
z`R7MYOH=OgWExdDQy!5YDy1Lt{|vA1@C<kTaIhcp6M2y(gEViqJI(eJ-F%VbC#vKB
z7Jl-X4aRIWWFL?`@8*~JX?(Vp>5ZdjN~VVvA%l(UC)tOeWS{LPX<6uueWT^GWxC05
z#@<J42Qdu22k|XO(f8i;n#lb{CX&tgFUJQ~h3{(xKC^9;FNpjF`%}C>@p*IL$DE1t
zI_Iayy%S>3&ok98L)Q~0n5zda_0)Hwn;-djVA2B{Z`&|0Gp8xwDSU0>QtRrguDh*I
z{B{($-{v>@dF$#zd@o^iybiv%rkR|gz$*nscLyJQ+p=OSPh)KmdSZ>{fkIPo`+0#^
zb{_RUu(PnrQy*uIGic%0`(LcBp=ZWfPb~bIt}|o!m#fR~#eWGdf|t*0ngk!eZRNx!
zdL}l#Li-aZ1^XtPZX*A}_3m%h^i9MkwY${p`HdCc_!nzJ(@Q*m+dDpX`2L!{pCHrT
z@=lCR@=Si|FzbOYq<eSo<VW@H7rgs1<?+SmHe0V>r0eF*yZA5cdn)nnZJz!3{=&YW
zq^rj>`99SXOZRTVft`Byc)E9IIPbon=3Sv@a_?c*Z1pYcF;fpGa4)=fpbH)V@8=bm
zoRu?QE?9Z5@SdYQCXvbDJqNshdgjYJ%RL3RANFqF`L;DFwuL$-P6}_B0M0h0X>Za@
z2bPWL-jzD<Zs(nFW8(t2ZdIN53n$<!T&s7RYx-CNn>s=5m<dh48E+zA<USepTJ+1p
zkFnp;7Y`uo0tLYbasn^!tT+RBjp;4o`MlH2l&d_99sT(YvhHehn3bxZwm;2(nlaul
zJXP^-Vn*18=Q6IFH@|+737T6qmdg^~pVK|?^xNKv`-yMuzgXq*Zwe<DaGhFj4rBM}
z=N%e3Kh1k+t4Zz7<y~?ggXoy*V<-Awx<0}$Y5TaF{)yHF+f)a(XD8rionl{y?dwTg
z+hgE8C#G`axle`Lrkyh#+8M+9wjy)D%l`z%>L12W*#9rIqcJ=F@d)33%lY;_-s>C2
z;Of^;g)h<l)%GN0%%sOIjvRP<U{cQ4Z?$EG>XW>9n=ut!e@;_3_=*W%@igyjm|1Jr
z``?fBev$M3<&oY$;=J$Vee!s8pc803D$y&`jmPG!^y4wW8pPp*yc%E~;&4J<4X{RW
zI3ceFSXYq#{OQZjX_|;HuQjD@;(qM5L+B9c+HM(_zU?FMyZRu0C&sG!75E*x$}xch
z1qL}g$zx*hNhAk;H}HE6ygoT_VCNBUWT)UhngsXJB)E?z!QDx}R|5A{z^$=CPBd)*
z{=XnMza|`8!HpWrJDlrwUDtE{I5ZGv4Pu}ndsyst%3PXOZ%du)N75ft=lVpsp}9Gs
zJEYF_&!_66Vd74H6!^qkuW~Oij}Ok_D))ziPt5fy$6P<uuF6%9v*-F-E^y}hTluf&
zm)w7Sht4s){?jkC_15HatQ~D%ldN+j){c}LXVf)tVj+%sy`_pp(;B#9=9UrHu$s7m
zFuyf9!S*M-)`3fc3!47^pw`CoW1nJ;I?P_|)x?7nBeTaYH#6A&ca(b~QRcUlsb$~x
z*Psd3?YAq2?gsis48(R~Ah!F`#6YY@KYfHXZ){THAg1<KC=OzbuJe1@JCKNp$nPb0
zR`paTCc>_FF7>{jfJ1P*FuU;nk#*ey;OStGd_Q){1m<TKrc?P=@TdQ-FqW;pjyDU-
zuxsLLhGHw`@ZBSP*ZRW^!~tC2_c;B2g7q*vwt{j)aR5_e&tZd4>K}NdZ!iwvZsGv$
zi6(#J!~wXm6;opwc6nkeuwQ}Ojsy6hOmvbTdz$(b2k?910G@8Rsju-dU&K%R#B&}~
z|8S1g-|YR*iwwRX#Zfe#X7zW^3AXRTC$yE=imk+9G!k#|%&fbkkDP7wE52d_W7Lg~
zP(r>Y)&WbuOT0xZd+)XHE<{|Wi>tUdyyTyOftbwg#AI$y6O*|;T});t-z3LmexG~M
zL269q^NHuVX<{;`U9Vgi9ZLkuRN_WNPh21O5kI5Y%qRIaAe*1DwQWy3E@b35fD`4(
zJmuWr#*c^zs3fOF0s7-R@P%TPw8wEZ`lZ^qhqiW2H1*3org|;=CYIL++Z7YB7rk_O
z1#9Mtfh4vEeyXmzBG|uzHJ?Ia_@3wcMrdat@cNO3nSLjRNwGKVzuR8II`WLz_gA9d
zm*!z_m%tB?e)~ta_jrxHZmn|PA7`%KRc>yNXR^LQ+xL~59QGewy<+xLj~2ssw^)q1
zHDldgWPauByhr`S6KQYKB4GL~_?t$|MfX?}xo)!Q|DHYm*nOU08SCWr70e~wnI_UR
zfjo%V1qa8nmdpP!Z$a#XO!gS%upelaVou$)->ET`JNu)7M`{MV^;)NrKAv3Wptqn@
zd^npj>iY-8d#G<S#u&S=THjM2pC)hEK4cdE3x%K8$c50#uLxYPqfeWF&*~efUO}JM
z(Wh<neI0$;1zwlEKTy4#=lFa3OYs%$vNC%gdvBmx{ayi{mxE{3`S9^^i+0n-K`$~6
z`><t9c%}RnrlUMk1|13St-KeU8fW+1Ptn)ASB-wg--+mImoY~^W4^KT4@+k?z3w@s
zS1~;^(I;4!CmwiAOzZaj$YI4E$*<*>@i51B!~1@G3m@<goy`-@H-qQp%YuEC=R0Gy
z4?7(B*`5!rm3}-h-?B3I%m1a^2<7IK-Yxt)aYMPW{~(6O=sZPYjhwM^;*5Qhow^!W
z<5xWKvmY{MTq{n<E$74&YoASFY&Y)*Jkxt0`(U7YhMC&5$veGw8P|$2ZY0LIlKA32
z+K{~}yY+Q)MRY)8g<31ZXOZc3eUM4<#n5eXd@;EqY#(GFeQqRPxXhY1EWX%<OL5YI
zsR@_@%n2&rK>5`74ZK%;F`LNxvl24nL}S}eA38k+`!{~xirz&$@z;qf7EK(5R?y21
zCwy7EnX?b06C57Y38Z5r;)heq9b|qVRxaVox_NQJ{^$P|e$GA-4>2HKVn8y80ZBUR
zw!uUyvFBSG3i~Rt{kyVQJAqF&BO5Bwr<Y@w=v~z$l?#?dxxT?it{wib%MO-lkJa_T
zSxxT{6Vft^b8X>k;$q-e^65d78uvxuOS~ON|5O>}yL8Hluk&N)2;amd{(?PiiUA?7
zCGnWxhxt?T;22|4lVy&~LRMZgQ1R*=p1h{U+h;sFysl|>U4nH6_4N>^ROy|vzYyP9
z!Mq1|KDA}XPUQw{9p$_6e3!1yaXdeGRWRCR!zS3L#PZ&S20Wbq#yqFCB&)lT)gks;
zy7#Qp*fG+I{dUJrGDEULa>Mm`&auZ!F{sYDyL~m6GESE;UdxC*BUh}~IkW9JIl~~h
z{$Y7oyu_Qtcde}XwJEE)+Y_y+H5)68>93q-+O=oEj>m!TllKdV|Fs9e0H1grIQRJB
zd;aIg<*VJ`iF^;3w-PtsNZh>2E@VBRhrFZm89u-}KYSkLxqmXbWURvT%Eu%7u|cNh
zA^REMXLwhPy`VCkoO9s%GrO?~US}^wAjes=X~n;vZq24^;wRT^<a3;h9sU+Dyva{+
ztt~a}sxMAG6KGFmUSf^5s_35!wh@oh#v1Je?30PuC%<8B_N}6S-r07~w=-RMwprs#
z_j&yLRo5+NoAx?lcsC(ix{;ab;40#IYOD`!9#FiG4bMxgM=}@I^jP&3(7XJsS+pI^
zG<&qpQH(97dT%8L>3-sf6o=G6Io0XLAgR7>)He;ieA>Z_BhnvLw->x`{EaDlpSf4_
zt>155UEW2U6+YX_fq_Yx>*^N!{F%g+6~5L=T&>Fa!AaehOqsra2U(-%L;EH2V_x1%
z=B-)ll<`@)D?+!jM)Cpljhs>)e@c8eSRXMas_%84Z+zZ?=MTF6C+GU#xbFU7V8I>e
z25L_<vyVL$b&r{-`e5_Gb$R&rFCi9f8S-c;bglT?U)gb%F0T*|H=;b0-!!#cI(eAP
zd#Z0WGP5CBZYF&Big}s7$dQ{f_&<$ba;%{b-@XqWsqid(5ZD^{xVM-5syq_Iw?C&Y
zv{<oiVa7@EZRpRoE@?dMKeYSh>?=-&_YGhH-XYs8a0+{Li*4I4wcO*$wwcN`UufHY
zZ!L7-eVhNI{Cqw$x$v7-eJk^N&scM~WUnU@__t7BhnMqQBzNXcxAz%&vMZt)xl5yC
zPgxfAoqkC)bMB?l?D>~PCtUQYXwK!!qq)^p(fk`%M5le>@@T;=S42;_<I3o1VQjIC
ztJiz7SFX><y=MK`Q>xedPQP}2=G@P$&z}F;^%E|-ZvCW7u3w*X`3>uHt3S6s|Hd2F
zPy516>kDrA{Q6Vws9ArSsW@JkQE`0I-KvK?P9A6fr^zr;Pqqa-9^ml;PX_Re0iLnI
zGcG#m5+5-6fhiN1vVbWYn8pLsgy?A-46&%>^tjvfpB6@*WlRRX9N?P*e7V4v2YmU!
zHx>A%0pE1sD*(P3z;_DpoeF%X0be2TS-@u<Hzxdw@O1?GN*;gd@NX*i7&>vs^zm^f
zw*y)-#ba!|>brmm{8m3-0N&%Q7s(_4J(->OWf$oE;Ql?mPtEI$ttOq(-NWa@c5wHJ
zN>><sK0@8T;7Dx_?UhwOY}nGYoxG>xUHaKLwxUn{bzx}y`1Q_CU~K%jrqhp%+WN86
zugave=2eHqzE8!|Y9FKx)A83kd-yK3zsq?hoT#7r#x76aGAUm(#{4AC{G@N}J@C*p
zHVW^uI-7`HC<PyqB{k*Ve?`WY!iS5P*M6e?ORKQ)C394_`>(Nd_X|&<z4`E_`u1t@
z5VqQmv8KM3HgvBwD80Ly>tvkle}3SRm-y}D=Z>S+vQ|*e9h>KQm%N|Zu~l;;zT>a^
z{Mer*Rt~b;ES%H!%~vwNeCjn>H~;de@1xpRvnu}MXccQGy+42FXqDxAsfx91;*nnR
z{j%yMAJ>`3Z+n&ds?xS^uFSmom$z%*sqdc58NTts2LhZcPMbCjy6wf$P2;TX{rvOn
z+h$)+9R1U6zxbnp`F6RY+(>4NiDXq+k?bxjQe0x9nbw%doOztN+cG9HezPYsp~xF4
zJqw=PJT8(|<dfaJed1nkWYVgP$XR8cXm-We$oQ_Ylo=b%-0O?@R{0|gOXQpiZ*=a0
zG11bZanYl|klg-W@T;+Lf9@FRJ_J59Evq+SC);DVf@g1f&3?bhYSP?TVrAbq$I9Bj
z2^&q{O5XXn*SZcg)gR*L*8Q`w#A=I2ec3jCp61?OgO881?`>Jz<>Wi`CBAEOzS(Vl
zQ8HBKPs7Xn9c7x4%O-oWU1kaQ;(NE<RN1kBJ&DP(1A6;}e3_e4rYTLCSt(_<q$yL7
zQf6bCGLuuvd^t@SUrL#q)07!tzeRGtKA)z{dnskEO;hHrlrop6Df7paGRr9ABM!er
zG5hG>?mjtaqEzGH{--PB*xF-|31jVi2*b)Sze5+qynAB49{hV;FMU&czGRzdFM+fF
zA<Vx2I63=$=y%%trkJ4kCiZyEvZC>K8ZM%2Th9v9F8Q|FqkR)5GK(_qUh?kqgYAXb
zS}o8odztz}9_^hQ@<Yj{wD-re_gVcR?%m#VQfPU4JCKdV7X{mwQ(m&L<XqYrV<s10
zWZFv?TlPM>VxG^OWcp|EPS5Q+&ZSL1eh~bldTu|%Pvr-PzA-`ej}kiyJpZTL+l=is
zQhUv`XMjO?%3z;;n0e#>R$n#F_|TY(Dj!5{EUco<<#ly^9)y<s3zFxB)~2JC;BKk$
zH)V3~wHgX8Nx+pZXL)e~fA8A9aQ69w$79frjZ4O9S}yTLjGgvaT?@Ua?PBJD7&M`_
z<x`g3=p)yqa@gbht`1#1G`4l;Ib$2TnE37stg>?wuy$a3K1OV~;QcJ{3f6<39R>22
zE(hKKdm{_8O#K?{gU+03P19DH$ZL<8NGHCje@()H3x|t?4&YLqs$2D`Ue#Geok8jh
zT|nMe;;dd{|ET;i4UBCjFp1v2ip_8b@CsJ#lL?*Y&>J>swVu2C?UK)fOP-s3!C;wm
z6rC|tIOf#b1K@9yC$|?qtF8s^&HTPH-#ODt{4P778l0|zN5!W_-NF8)hh=lvdnsd&
zXe|NzR`sgB7GMog$5wul8On(?oaaW*15`&F#gaM4<kyu?*KeNzsrr?JMlwR})B^7=
z&W99jhiR*Y-=)AECf`g5{6c$sv^PpTFT8K!UvRiSfaJUwpX{4*z7(>b2_IZi-|Rd<
zv=dGAO?&8uecLCzINx5)x6L07*f~7pFAOEY)0z`(-^wr3D#@(zo7?3lEVha>3&+g3
zy_Rdq)z`pV82W4FC)uI37U^m6{(<VX;Hc`jb05&SaSmrH9D@H`U<fmIjZ2APCC_dP
zb*1+I25?jPe#-Zz!q#n62k|G$>vKf3ptuOZ6hD?yKBI!YT7|J(%65=<Ozm}(H&^`F
zO!?Y()0Zc{Wk>j(fjynz!aoWByj8rm2>)>>-}uR&CO$9WCmL9V|Cn<9lpFS3a5W|1
z3LHskhdD)X{RO)scv$CRI`G8bPG9bi^11TP_dlF(tfTM%G}!p&z#h#zHNdAFAIbUQ
zR*_4W^DJM!gWp#Uk+1jzM}9f;pK@e4{Pi3#1;8ott$iPO5-k;4C2LnP?!r@yUlus3
z;wODA$aB%pR`v;ppk3*x&iam1-;>lQeibcfe4y#4R9?An-b>15Bwo?}I?2EQ=j05d
zuf%wNS9m3_mgI@XnH*th%Y9pT<sCA3aGY1cJ0ZSF9p{!0c|O88|IWtaP(H*KXj^*3
zpbi0Cf+bmpxQ({M^f$TfE_f_m+ma>1g=>FmjvfgXoqd{`w`I8O(m45hX}dZEKe+O?
znemalZN|r5iyV=>oq9g|h>%;0;l)~TqPZ=|Tr~{m@T6#2Ii70CW#_{`;_Dg{Ddn4C
z<&tExay%u=uL|Lu_FUPFtgIgPE%<ZgdJ*3Ot4()xNwTU!dQn1Fjf6+&%f_STCmYV9
zv60q6`8zyk&`9`w5B$11<U8k+>tUHiz6z~VkfR1&u+-WVePfo1c1=VVL=TicC^@-;
z-xMpeN%=UCebv%=T)j|!WgoeW@W+)J=GpFYM?W;+p_M#wJ&#{ja%fqwy>}`y2fZ=i
zulRb9UoCmN6oXI<Pp~J+);Cq>>D=3OvZke6d4F>2P3WDqo?Sa9@tv!O2Ej`=^+RK^
zO6K?OMNa#|WA}y5^=8o^GDCBg%Dr>GZ2e2g4e#iv(!~Ww@qDYS-0}|Uk|oH+;&Uy0
z#b!@A`m5xC^w$!~mY}b?x~r{s@@yA*C}yI&o_?;QyUKT8T$zAD*RGCxF3-?sR|!UM
zMybk|P!3-}z354JviKh?4}8*}gOs=1n(x%vEPZ&sqYsakhex{JG1?&qPpOk<%d*!v
zE+N0xfc(&`oAg1$7V=K#b5)+lc@>#vzT~ami-+BJ6}*GS7l_6R$=%RA0bb-BE?oz8
zeOa*m&I?R?q4vxZzu%o7Z12o9^Sg6=O<KoQOhEr?6DdHiyAYfymb{0yT|GW5J(70a
zd+7t+wADvF(m|Q?7v9Hv>7a4=dP_o=tfVgKd|vC}g1_^a99y4+E?s?c88Q3R)82zl
zxtO-!N2hEwzD0HDtirp_3%{N^6ayZ|ha_E6b<grXZ0nM4omJE+eR2RD@-h7P(knxg
zpga0t>&WD;bm998{1)Q5a8tqBKxm;eZgKE*=R(u|RoW_BMxGmQLGMz0^qY2?jm7eL
zr1Ueux~<@80G=;Qebk2Mi9{bYr&Yl#u8xb3WI<>l=O!E{hrxN|?q_|()@N<r0|&^>
z#q?9_!o?p=Ty!Zg=vio-S*YjoiNB6tX)pK?PlOoD6_gQfS}n6karh^VALOx(pK-th
zo<-N<MHilC#@fZ3bSW2a-N10NZEV3#P#cxV8n=x&vd68rGpSzX$p1a`)91}EReqjE
z_3tvt9_L!?&%!~7A7^Bh>fOWix$dz~mE6JFsrX&A5?X57_qzQ^@Nu!e!_G;~#qgo+
zOLuZH$c}Tzb}h6j8aDiEY%BSGO~Q7|u)b071bNRcV_Z87{>Y^7s?vOyZ1a7C?=FQ#
zoB3`eyN|u_?1@j21!Ejp5N6DhWx=KM@HMiYolX{9%)7Ag?#cr3t}6?4jV$<TLKbMO
zMc;Aa7k&lpO3sT%HJ3Pg8M*!FuYtEjzug(4+X{QHaGl0ztXXh6<C82a0?6ZGvI0Fv
z^}m?J8>;^xxdUArZVb3_?Kt5ml;BTG{*wfMHdF6c;ZN;3AkSdE@+dgtYuYCyXhpQ~
z*U^QOv&C&&a$Mu{K5L`Nxq2k4Ws^%^QT{#YlNs3ES}#OLss0`CI<k0b>_5*%#}S^8
zhkD<^T<E_09q%Z=zz@9p_{No|LG?39zE+5T?D4~f*E@Us@_G%|cK;Z^ubw3BH;M<q
z%Xr#!@S4{v-Nwah9G<xYyh?}J1zt7(xp;NQ=Y5-BoSZhJ#qkMG?|a8EpV{*o>+KG{
zlmqTh;7j|yG;bN?sc`Zj_+VTY)PW1T&4rrl^Ls0hyXa#5q4TV=eOa34!2|Irk|ibd
zrw*PL-^({}6>$5h&&6dkbNWVT^ls>N##CZ;pl=^~hRfqGCFUu^dg2Qy^HhelqX0Oa
zc?!B${=R@{Uo=mBoA7}YSkp_(tW!$YFz%UCW;ET%yfx!-VpoBqc3ef@3gDCMP~DpQ
zzK~R><^<IlOs>;=N^gNxK%LV|pNFQ`A~){?CxxdHSLMnx<XfCE^DX179p*>PhvmGl
z<-MNyuz}RiP-33y<ZKwXpE~n~vovp4Y+X73J^Tx=b>KQxE+*%w(Rhd+lKn6NV9?sH
zJy#6sO1Y)-$Jq0Td?HoOoKmD~#_7+LA4%qoL@Tq?(25UQ0SBL;l{h$a=`@*-lWC%s
zbsPf?yJM>{aAc6;bd-Z^S#&I8^WJBdvW6_b4YZCNa%s@fHS=s<PDg`r`ZyB4w1zzr
zzAA`Ma`DxLzeD)?XB%I`ZD>dS4CkpajCrBK$I6%(<|6UabLSvmz>#=4*$=CEF_p)}
zhpD#k$@W*VMkDoC^Z7{q-7LGzr4L=xU#<O1?yd%AY~0;Ge?`Bqf>;#eti81Ki++Y|
zVcEUkCoVO4t>7BI4Qp*?d$GIDvfDR)cs<`qQ_p=V^;A$#Q0v=$&U#I9yN0#+m#`Jp
z{x|s!dvZ5^!reuaD*Bh^%ATAOJH-3sZ{$y!lDliC-W4-8;QXm5WjgSY8B_k6)(4Yq
zaJBK1L>sq^(8d9~4JXek@f44^>xIe_eI7sAQtq>#{CwaM>5lFi<ME{O#7yrvBc=Qk
zl=qxN{#3sCSl{t;uLoXmaxmLDZ_$t4zLf{q!wcN=!;L%Rvxvz=_m!;}aQZucJ@6WA
zHT74yi{i*A(VcyE(F@L6qx$`oM8D4-q2CWC_4_}P`tdT)-{qIw@2}90-wOUjj@#sZ
zzew5cl=3%I{>8JMes?ivsox(Z`tIJ_v^l+^->{}Edj0sS=b~@2j-<Y69r#tow04U{
zj17JZ^x0bG?5SMa-<|4wH--DlX=?>P7dGLA^}p@rqmqclI+^=Cxjph}K9XFI+E1o4
z)ln<DHCd6vz{I-tj=0tozdSu67)7)4hlvj7()JvF_;7ZY6jk&Wvo0Pup4s^laRu_B
zscyS1-no6X61-^Wr`}6;)_w7tuhez79^JQf-_bf>{AhVm<>0!RU~|{VeHVEmQ{KA!
z0k!?Vpf~v@1K>>l7v%>Ot!z9Soz>$Zj%Ubc-b$Y@CMTAQ4`VzB$jie0UOTpDQS!S<
z;gvt6Zkx{VnHb}3qdY&0pJ{Wyd5}5{xm{9yl*ut|*MKkSci*6Fv!|f%G5&qE-+U$X
z#nz+Uo%@b9)^#714$?Y-GxoNe(zoZz3!~931$~{F*usW&`TFySsbPLWKl$kv>p*9w
zX^)OI{rmpx$gBd!A$jbSCsVp?AWRP8uyvrg);geA1=gpJ_!$?)dq{p4hd)PLC47YL
zAYA^2{wB+gK={VKyMXlw`L7PAoYkiBH(^V8PswK+?5`Id!o>6^=*S%_<xW)D9B>d~
zd_#<HC*vDpd<%=Jdqecc0@k`MH$7W!u}}Bftv3MY<hm`VJ}aM<)~TR<a^0NTC;9F3
z1>3>H)jpqTuiaA9XU|KN+lL&~``Rs>gP1htbAW4a0(KXsDZnEB;@|dbtM9(-%lgvM
zUyF3*3urT=ZxQX*%TBJ)GtRhZ^qBt8mI~Hx%n{);gwCnDaxKq+yM#;Vu@)K(&2-{v
zlJQ?8eHp(-GX8Jn8^w)W(>?IWF6vJ12W`(&+iUOzxou1K-ACWHri@LqEk8U5eDU<-
z?h9W(Y}`McGVWiczB}wXojKwEfiG&QQ#=~t-%oDuwT$Ij#_}b`axG(7Q?$HyGdM7Q
z`P>|SN|vALY@qw8SM)I-f30v8ns8ZP9(?gt_~ICR@eq8G{~sG3c%8K>3w$*)4&7eg
zibn8|po7Vx1Nr-yJ8ax%z!P8d1pDu#?(YBG@PO7VMPuTJ{|=3*?Ku5{wn!sBL}z-w
zisxZy{~yVv8R2&(IP1__)ezo^qxxig)mMNG8^y+FEB_<mb1!`^IW_nIzKA1gOZJEl
z+A@|W;wu`YslhhV;oW18<M1<)@t@mtZ;)}f!oRw=`58Ia_=bf#FkIH<W*BUpM7&s{
zKaHO2KQUIJOw&(}Iy*MAj{jE9AGKq(CXDS1BiAO=Z;hKR)2<$;Ty*yMNp5dNo;~zm
z1CQ)r?8Z^9F)?;s;uFT5wX}NQwT(CE8}Wf?QD+fJHjrbcpLuYYY{+1|RHhTTpm)*_
zlFtjD4SeJnv*o5M7bG`ji?4!KYPa0bCqBw$jz}8MVe)f0ALYjGl`MqTT)x$Q>Dnzf
z_OV|9xo>vB)3oRC)KSJIELs5{>RTKe${oLllFH$;-w~9Irkwl!{si3b;8ReZL|1QW
zUPHVgv16M5{&g<%AF*SSN9=9iAs%VQK24VI$#aIrpBVVvruMYR&-k{R>+F5Y`g=5|
zTZNGyfyYA){`1}>j>*5z%RUs-eu#Hf)|ruAter6jR<C7WP1W(GuPT07@o?{Wvt!%F
z1UJ@@S6zFBRA!wgxN+UFdtcpT`HswGFH0}*?ZuXQhi@hVW22S1A~Y7ev$UAl0kbi4
zjM+Gacy96ET73&H*796(vV?eI!LsQxv%!V^JHW0!C-*a>-8p0G82EC}SJ0Z0)&o^u
zeGgjZsU7#`Jt|uK8FPl7HPe>ra&(H^*cTFYr_z#e<pW2uonC+*o%=KG`=#6q_Z4%!
z=m<kPjOx#w#C`+570z!;;M@<+{j6EKxYfFK7`)x`M$Lw|D65$5Hri^+%x?M%WAQKG
z_htXYrb5=m0+idN{jmJM#NN~@@cd)eb85i#A@Uh$-|A*??bKaJKBmkSCHHu)+3GPH
zbHU>z8~+otI>GsPuD4nfv+CX`+<*<T$L(XI$G5`AH<gTmcue1gXseMr+`gPmUtAuL
zKJa(X4m{$1KN5~O8)j<X9Q5S|odc7U2NZo?d|8WrWZ}cXXBK;bcy;aR_y+&i{$axd
z%sY#UyuL*$Bi~IvbI6^{A@4DVJj@*OoF~8c4c5Bx7f0OlXs&=K;_M&Pxl9$rxT}oC
ze>Xn(4(e%q{?upV4SO%@YUsFVv!}cb9h`jc!*#aj@WpNROj?v$_rj#QSK-r1rlEDn
zxHo8{h&J^6X70P}IP@tot&>SFc<A{bJPU31hduv!QM@61QP}f3|C=w$H(&bOEXt@K
z<UA^M`y&0XTYZ_1-<`2PM*Z(4>U3%M3fghol&@kr_YPe7v8#0rJg)EN_+8651IJl2
zV-7Es{q;q3gn<`4_8C1N-8PmzAmi|B_*nP$qnBseacb`~Civ&rbL*@#hN!b}60y(d
z%f4dM-o-dsmTzIVx2Uvm%xSlCUtLKVVjptLeTBEzN|tj!iF@tCX?fw)XAe$cFB9jg
zHG2#D0!7OIO0Hby8NHtl+{zED>kld8V=q-J<t+AHsoZ<sK&*M0IRIbmh_c^Qax&K&
z-g#^e>vqT|l`UbvL-}#<ktpX|hrzx0OR-i?KE2=r+sMgEelt6-%sTdJ%&`1+?kVxK
za!=<`&r{Shje6W~FY@L$wdMyGXR(K39pBd_z7O&JBJ%4#?U~xt!x%jEyNm5T2fNr;
z_BeSR<fmNCKXRP?$kR%Xf^+rHz5fgM+JofYAL2gR@cBNqt37CQ*e`JlZ3<@PL(!fM
z!Ca0%FxqfhUnl;ND)02BUEa*z)m%5{qkEX#CUVm4>BXP<qZe*^wg<Y40^hpL#QP#I
zpCk|bePar94ox)eDEuq$CZ_kvhK7~J?77)$WoGsi;vb*=hXUnT1Q!R&ER!Sr37&W9
z<9*;^g^h=OJ41;aEo%jnWgV%q3UYeS+*J@IC*h{)RclKo@7h@au4=}aBkSOspEnft
zeF%)Z&SxJ9YmDE^XMK@<3BJAKBfgDy_chPr407PBoYlEA#CamxU-bky2@oG5ekjg1
z3*Vz(q6O_Q{vvxci&J=5@~9g>UInz*$(*k`igV4Ly`InYbxmP@hL;|r9j%x8hy$0c
zRO=^?Jh);FZeas-aD&zNO!q|i5C7$6WC(LqZg(NNYBuM?QLcO3v_;?4Ghk{Q>%b&<
zSOXq}NB(fv78Fc^=Xb#KyNPDc?}6pJ{Qqx$E^goRUJ$eAK*snr_Q9-OcjquXD_>D3
z^N4UKJQkDVVfuJ8zX$x4fWML?{Q1DYi@$5Z-!qh#?xcQ0hlBk_A6n$LuQm@Nv(?X5
z)*sZ*Rx@qUb@Wr$jXtxe(LZgWTmBF-WW^wT?z8DrIVx@XgcjB&XhC$8Ob_haj)l;}
z9wKMpTH3Sm4m}FjE#OG8X?2{L*9mQkCw=&RLZyo3t3oy{M@Cg5t3JhkH8)<>*{}9>
zzEgR9|5bEP$$g!@_b&7z9pK+T92%SCaal#1jf@L>u=+(ep&X}e;o|F`G0{WRqx0|f
z0Z$!ptbNRi;#;!c*=_u%6&0+C#}Per(Vl^4m~VIJI>5V3uJx~+1Ud`Qk-_;f=3Bdr
z?k%p9^$C0+rHb8={u+R;?vTF--BbHT*YX=^knGL?4`aZ`Snx6q{P>XFesXPF5oGUE
z%oQ<wt+wtnkvcR#?BrYKqSAn3qMpC$**mv<zOQ!W-O&x`x!vC4QtjEFPQF#y;kQs$
zzL+ZhS^tmS$p3ME59OGJozRQq?Oso?OfvcBz~Abv>GLB$qdfN^KRH+DNH_96O#Z(2
z(QPC{Bx8G!A*INWD$eQooHfHfm!}T;eunRW3;a0aM;-mGIcCoX_?+@KTei<ceJA&S
zZ?|VgQ#bp<YFYP0mt0v)o`*{D9OEe8%I7JUPBv(~EAcOiRw})o$RWn4dz|Ta>H0?G
zVGMa#g$!Kmoze6e#?s|W?d?6ZcEcz5vJ$@RVSW~GYR@XVQ8f;*VZ7;wC%eDJJ_?Kd
zf0U7|ldabMtzcC5;!nvV@u*}{&_BeRYWEH3>lXIhZ<}4wf9%PM=$%~mc86DPt1yut
zF&9)#H<Mp0t?0iF_{)I%L*&BR*}pGv`*qiviIHEdF$Zo)>Q9;7pN(nzQ#i-eKLuRq
zfz|NV{JOg~^hvJhEE5-g(f1Pi@QW1qMd#{6vV2in+S}*w!Iapg(52?Re|%@)k^31d
z@#t^a2Y4UX^7Zy{9a7#s`s<^QjB!8y^zHc5w-*)TPoG=SKb5kT#0vGmqw*tEUWgvx
zxBW?zi~XjZvr8Yj)2=%&b`}4x@_QE;)K)w7E0#byuf|vO01xI$*U>ZEUI4!PfbWZT
z9aCaA9vpb&Pfrc`WlP9Mhptg?z!CB|r;vPnA>uE{Yu0}V-)hz7@pfLiE7-H=o^haD
zvz6rIn@b+MY}Urlr!Dct0{-9RU)L&g1+w)Y;E~@H{d#97^DKKdBkSRjBFfoy%noi)
z9qd(EFw=d;-djDpoM)$=WPQ7k)osY?3CQWUnY({Ydjr$2Si6n6+ehAE)%R=mKw;x2
z+6~+7Vn5E`h5t<Ud@J?@dt#bG{4Y0)7m9C@dGMjmI&gePHq7J$wBh@BV1dqmiWfWk
z9$kAKdt*Ceu-!~LGg1`vM*=0RRk6<bF3-cyFK^eq#wCbtCpwaCd@phhI>UZ2F_lql
z0trIwH7?1!WV;0)`pf3`8Ig0LS^K)0eMMXc^!y8p6hAm<&!@t299Xd*7r@)w&EDm<
z?fy}*SNn48I>}l2$!`t)n3Ng$fNzn<3tU|A&31F+n8<{rZ+=8S+`1*Vds4osmG3^D
z7Xd%$?HS1aNzsp*WdG(M?=vDTO^c(CKUfxh;?WDDKWv!M7awQZ-k4~$RVMcP+w?4d
z|1C2jxs1;$cuct@{y5dsCcERm3cYQAN1NSa!w;Y{Mq=cN@g08s=#wuf&#xy^)rDN2
zRUUnE&c&S3v#ISduZ0dJ|NN9#i}&KTU-4~_I%Qk@6W4Y8<U`k)My`!Mux!!+`Ru`k
zeFo1C=BN(gV#EB%ex5(b+K9&N2<tnw%ul+0lk0SH+=A{J@z08fJL#i!d}+Tu7T+He
zd6v2w@zZMG@DAcieBm%TO4z?i?ujtpyg~mSpJEOuezf(4nrETg1;USHz=OOGQlB}u
zf^&<UwJKLOCuG_}`Cax=W<G7&@BEG)d5}8nvE6p|;2PIMz~aIeRA0YQW}gfE9iF?s
zqpggK%9N~{jPK9We>;6%u6x#!kbC5x$+3Mx=t4UK`0a`lYcaCL?Q*Og+2xQovWe1_
z8!aYdU|jIPz_JMkbdGHYW20C@?Jv+8M;G_MWt=$UEB4d#&7Mlm_X?3iey45I<&y`*
zid-qW;eVgUG)-+W5yhmwcV<S^Uz8E)^<+fe|M8gU`*YZHK&~JEs?10>`~EUH$78zo
z?=}3*MW*3f{2KXf<#!*yCVt!a-Ouma{JwKh{NnJEo)uQVzlAfz_$JObalVQ3O;%B6
z<jpx#qnTa)$eYhd?qqYu>Ue$=_)X+DiQi;?IsB%y^)Ivf`#)tl@Dyc7YJsa@Z)ODg
zU6NUm6`9eJ6$y|-sOLf2>&l88`kK}M!EOA$V)e%xrnY_9Wc7de9p`(k^Yq~ttF_CI
z-RMV-#$OLFiT`=rZG}E_<dnVHk%3K~=)eqgj3=%Bfi>RtfgfA_AN}0lA1^e=+1Fd$
zi4IkG4}17^O%9vFI;(y&_7b>W*@>RqJxhJEBDbI$X-t}Dnmuowe@S!~`}u2$&uW#f
z)s8GK!Z-2r<^4X^`u%%}PuyF6WDR^0Uu2@jY+3mxy!f3nkz;3|uPh2i-;}<@xW<9S
ze>b}BShHK-`II}g<=hC)uk-x)iZjPseOb(>`3tOQ_GJ2TrsCy&u^!-RBrnAg_@*%1
z9Fb2@{Sa^NBmYi0{aA&*6`~)%LEhs#IPyHYk@_;3HJhGU?8&D;iVe5OWBuL?v*$y2
z_CxY|^ecxCwhFP9d%o)lI_GM^$J6+Io<7Le7iPWZ7`W{Nx8Ts$pZe_Y^!<$3hwy1v
zgYy44`bg&);E6d48W+y{6}OiBzWd3gQR%Pp(XFP8VvlYA4F8q=n_d;1Me`bWcG2EL
zzz|2b4W5E+N{qC=>zQi$3q!?=?*L{!12?w)0gkn2I5!nG@stmKdYpGQzC;7yXWs+|
zcU{m!V+sxQBD0#&i4TE0zjEd*AXf?bEtbpg!S{Q~i?MtR*IU88uKmHXIOAUa6RW<9
zxYy<5dG|}`OV{MnD8HYxvUHutbsOIk@49?C*VMI2*Qav*1Y@e}BCgx5`WE6~m(S+<
z-+))wC0tWy7dGkgv$&?7&AOh)^+VLJ>jlEAuU9mq7&Ybn-9#G}*DJ~lb8mQM4|-28
z@AE`Yx#q|Ve<7xtGMoADgr0O=q-*e_>%DK;`(SK-S;ciLbvy-~$)~Mc!>3aZzLe5l
z?v>A~g)x;c+sWzSi%sMGT;SNYmmF2I$)yb4&eb@=&xQE7-vkzP3v$i+WA~$vwNdW5
z5>roZ$?9$RM&6>F<{zg%V5e^Bl5f)XTl_Y`pS}1gtE{X{{N9U1Kcc-7jTQVV-Vkr=
z8@1O3F1q1g@s^LZA(w}}z##r@K7+VHa@UAw^Wj(Vj?KI9?3>W|YmyaX&GskJ6@074
zMb=dmMYfKCHzrtpp>LYV{+U)(Htu~h*~b}ZzWt?4)82`_I}4nN7K@?9YoJ}pcgc}v
z<UV>_?%&X^?&G}kq1*2An%-_?hVtG?$EzjB+b;H^#+xc^xmIXq^aknM27Py1ML#)l
z?fW})zfAYj?fWn5{u$PN$or)7x9EP3?x))KA>E@-Fh50@pI8STIZxUX@1s8fqvr8S
z^g+KRIH5P-3{$t@tfsym$|x@k=M|=fd4<|cg85UrPl9=w?vr3H*L@Pq7wR6p<?1*#
z`m)i_816>5(p))ZGx32Iy3bYK=sUM%MB@#fw!F)k(>pTl^Tp+t4nhOR3bCbQ9ZR+@
z&EgD7Uo1W)yrl6;tG{t2IrBbaIsX2Y75(|Fkup~Fc?$ZOlPl}kZ10Xv&K;JHBl_u~
z?PB)wD=(dB@FD7GJR=y@zxdQBb`d(Qx!S^4PrmL`kq5+_&f#5it#jXj+|c_X?l<|(
z5ij}rGm$-2<E^V}Hj^h5yT2FRX5HRNwjH#7<Jt|b9pv*9$B%r}_<ox;F`JfeGJCep
z3`W&{@Jdr%s`imL%CpdQ1^4hKagY7C5T7w{zS%f{uaaB@WsSF1^lx1YzAXQK-|=M+
zb|Z(o(A`w`ZGL0V6@kyO7msrHQBHeWe8^5eWjDc-Td?06udL|b2JXa%&DV=Zv-V#;
zKC5X0baeLhX3zcn|E3}s{V}@UB+rEX1LL>%uD;Gx|7PQDeI=~tZYwg8e;7}mGuC6&
zhZTI=bgM;v0e^3hvz8?9ZfQr({EBr?#_}v=)sL{X_<v>mq~@bnnD|lV^Fv+Nf>UHV
zdoE&+BXc)h>&W3!@LEH@l`iCMDKfq0PxvNvjXbZBjMX*rT=?3Hye&nZtNbcmBhPD?
z4=i0H&uf?qT8Nb`E#jJQD|C%KuR*4Eu_jZBJg-6KZ`L*Pyykn<uWRIa&1~vt-$_$x
zMYIH&{(bgiu-?><jN5+$_*~7{h!z^IBA*5@moK;K%?y0u*HbrRnmq2ZbH*_~8hdl4
z+4IOwcoY3QRqm~Zc7u$8=yob{PkFw=JJDH?d&d$ouL(Mn%#&<ecmL#w<XaDZz*fn=
zD@^3y(N}%Yk7!GDC)rD`uTt?t9%Ca~*`3XL|8lcP*OSrD1y^vn1J`r^Zq>W6DW9=)
zD_1UGAow`bY9#pZl^q7Y?St@r@uK1IU1}o#2z(mz?lsC^$G>dNn}cPo_L?te=CbCY
zes^4A_Pob@E?(7qV&F++ojn(~Fn>G@4%JWfu~WE2t|Y@c5m@8kI(ZJUaY;G!zwP_L
znRL#ouCpUO_=0;If@RYGs<5?7P4n&KfNY<7trac2#}mB~+-;p%5oJ%xEBVl{Xu;*d
z&p^-JHOvX%^5F#R@r&WXzpt?2t^n4Z*k;qLg8jSLM`L}s=~YK&6~rzEMy->CSr-ap
z>#u;O<O_|T?%iP+550Sqxkz~(yU_P^uHP?t_dUw{2bMlq%z4@+6a7t%e{W%fK%e-5
zr&<oqH2wkj&j-$Y@M9tT$Qnd-3H(@$KeEuuKUB-Td`gX+DKGdJAGzmMi#&c8&LfTi
zn1$nhe25wkAI}@*uLjpTGd&gGKLxJZW$E!PTnpzeo?X1B;(I#yp1R5tJ;dBCx$iGC
z?O8`mS>|-|tc$LbWT|-SJkInL?bc$iNfwDtG=JFgbg!vDD0$vPKG0HhuQAruoVAd%
z>5Ha*UkPQvgK!jPe2T%5t#j!*K~uyl<|fnAUFzROC!~E_AF+9};+)~Me=TtZ)R}p<
znLi@`(?+mt^fp!`^Z!q#3~yr<{7)OHc*5^%<0(K+{gK*Urv5D$z3u(UZLcaF-gb+L
z;2R&-_A3cHt`<9Nq;_Z1Zu7j++g+E?^K86sMTbt7d1sl(4^rCQlVm@R)b2Rijh{7o
zyTfq3F$LGm37b;deK^r>{Irq#+cS&2xQxSSGL&|QWN29mo|l^lGJP1HHze8(U{{XR
z-~F_!aTu-LVR&v&!87t@SxUR&!K)Lr6`VS9+drc1Ft+??ZSPN}t$!;SKE~hFzFViy
zl2elT1DV)|Q=B>MBd&vq>zj@{^H~SB<4Cw@1Rlc}jRw!0WO&LJ4~M4?zaciolh_$g
zV^`b_Y|`CokSFqyuRxxx!-m>48{H6jRE10_#MYKh7sl?@dZPUv8*3T11@8~^lD}Q{
zk=8L}UuiG1a&$JMv#4I}`Ke6EDd{ei2{|Qv^kFMYMsvRTp6_a2L}vRpJAM&&?p~qs
zXH8mto`!CrwPkxgq+A|nG->Wuo~c;EX7aOEB%MP2eC7r#s<EF#o6C`*<;Yaou#Y2O
ztB|X#*XPtASFuN`C4;3WHS<pP=vw+(!@0HOGpm-3`Z#&!^^Y!jpxM6m(O+NeMfu5@
z=QaYT4Vz*mCgH#Nc<F;a@6;xL$~>3PJSUlN%W&GVWq6)d-+|61ocuANZ-t3dbm!tC
zVE7*M+Ei;gbMf@vt`9c7x{7!L&ADFThdh;P`x$%AoyMH2e9BW}@tNKo-vu76hiXjT
zowY0)Mvqn;-^0&mMwq*+3r&7+v#np_JDbw6r13Kq*f8NG-DlE|25+>`OzCYwhnWo?
zRaSIzh<Y2baURCDd02J{woO-I5L+Ri^$~L3P*!%2>Qi0s{EIjGA@$|*T>j{uS)A`A
znxp+^sH^L72QHsw**d@KklrVn@^fzVR@#sar2Yz?Ab8uycUnh$_o~ZTS6#vSY8C6O
z%UN%&WM9IkqS$s$o+QS8D|*6b-?`^imj{cisZHme<LC;aJI%#Do=Hy-4Zcr1sdN~n
zy#Qm9jt;Y+L)rDdqO&5UMdad!21Dp%lJ|GsWZ?(MimgR2t3OVzXx6Jz*R+l?E?UQJ
zPK?ddjE#ID!uMuyB%I|W@ZSRdTNAidf0~o<`~5!*JkkK1t&GjnlzAGwwWf@Xi~9=d
z6@FRc$aU*$W$aa-JNELeU6mLg!InHe8kcCAaam)JOKxl<u%wGY_FWf@$_KCyn>l`&
zbI#jZcv1FJi2FC0L$>Xk9J!xdn%~AAZSzlPYPJer+q4fm6JL#de?8zPn{&zaY!3R+
zy1b@>UDz*ct@{d)N2QWMQOaa--qfbEtojvs_Z6_dWj}|<o#)f7`oI$Gx5?N&;NlS9
zN#3dcI_`bc?_0vTLQkN7QkScL^8ZRnZO2jM#i1h3?34}v%u=&sEIRO46S{o}InpZK
zK1G&I12@5^9U96*mdQt2D?5pDd(i0<cF1mD5kBnz{kmeVEx)7ap^dVWm_t9uxz;CY
z=i?&giJy+%j_PObf@ZVqHr5rL8bRkjVcmbG?!fL7*Ug-4_d`6eZeK~{ee~cH!TmCI
z2is0ucT;lR)8|A6@l(XvG$+xAr-h%`Nwsr$5I;|xgAeG$eb^=Z{P4te55xU}QzQGR
zyBxcGjc5<M-1iW)S22wC3QA1l$`WimXm71`mP32nv56%+;y2(IoOyX!>s<CNV|!|T
z3C?xws6u=KU2{zJ#FN0yZGyk$#PBl)FAw78`stB>JPG>0PUHKxqu2dpVr*^tzyJK<
z^grE19zBV6F4p)yI%+#FtNuC3eORA8L`SUU6W58)m$|XlROccWUiako-T`0Ne%e%T
zWj&|_J*j*)<AWbXc8m6ji|;#-70R=0zfb5%`REK^LpIp{i4>VI1z4LOa$t3RC$3D8
z?*y4(<5}>EmwFOD6X`d5&~G%>(p_plm+&*-BMM(ZEF19qfLroOaQ%Ro_#iZLCvZsa
z*uICo!*#900mdidz~cI^ZCEJx+k_uyojpG2Tar(8Q|<AQoove|_)jsl$?a~U-SB5d
zZ}%124c|X{yU^QqUs0mn?>TaDu-y{;j^N{=v#n?&dhHXya3Wdr6m7=0o|r~f$cA%e
z<dTbrXoNQVPC_0$N;}Peb5iXL@st0wp?1cb$bX(hJDX{zw&BF>K=Zo?`!i-{<i(Sy
zd#%PNJbK;KYr}8z?Wzlg^X;W3(w2~KvzX)k$TzKLlrX=RGr#&c=kF!(T=l&v&iR-d
z>o%<OXE)U{?~8ux%gv6n8B_6N;1bElA-euEc2gMtjc8hB4{~p~7r#lbOUH8y>5uuk
z)1OqH6MyYv9rE1-z59whkr;6kbD($8_<b`?SyR5*xb+NErtz1|mOUYv9l{q_cmQ84
z{Sho}6^?AqJsa74#x*vduEJOIwTIbz=^2BrF|{|(nz~<la0@!U;;L^3HrqG!u;W|%
zdt`Pq@BA9yJMb;ir>AT^KOa3`=MUs5He|=0l#gO_bb9id_D%3Nh0d5_`_}4qqIY9+
zTy+xTe3*KI^`noo#uuL0K1f4(xkI#yZ{hrtXy-NBF}I$$ops6b`3EIK?c|xrblMRe
zxN<jqjwAnEx$NWKrkArFJy+)ftGr}k751pUV?Ra{<qvc)PiFG03YlJm%wEcUiQmt;
zDwJVeS@xI8)g;<<Wh%LV9%()&MYg5L_ebe#^Ou~y4wI>rll*e!Y80BY{m%(nn`?&C
z+e6rK+X_s3(@Ds-dxhUMe<gnXrI8<=MBO)2cc6Cky4`WJWkH)YTo%m32XPYZTtPeW
z8%J*^L5oB3Z1db98ez?PJMARPia!v;6~Lb}Yz|BruXEJD#9BtW@zOZCW9B0-_Sz9-
zgT{+>=&8x=|3dBKzZtFliE97ak?Cbv`&v&))4tl?1+7R%?YiBRb>Xi#(R_I1G~~<G
zCx!3BgS`J#lFl^SMCPBwxc-iI0*UpF5o{n^H$%n@wG+)68dv<L?7unT{QgVYiC3Mt
zKQ67>c1oEw)DC;#q*FBEE0dkA{36ONlAK3pmnYv|$CW-<j^4GIc|d*^>4Vw8C^_+^
z@$5UCAo=g;X#v&&?e!qaYaLMYRx*v84~-c7Iit;Ae?#94>rBahKv!oRoVQkS_6f9+
zna~;Sxr_ch{242H6Z9b1^6-JmcEBrX+YX(5<Tgv#4z=Vq)f$X!2c46p^7u_l$FO!`
zh;bN=hCeU(%0EfNFX5|`t?R6#oEdrYbj_>Hw@VIcO+_(GxvZtUi>#gxj9N?ag2$dQ
z;RlZ4TjIO@(sj2mhiWZOxYj;0t%Z!FUtb6;%@>S}t91Ici>rswuXBLoY4QNw$-JSq
z_TqPw?!rEO8;7O%aL2j)#kh}T`%eds+Jz^kN9cY?o_%p{<VM=Dd3Th$J=7g$ElKn+
z8c*#{u6um}XY-!8?%q?u-?=BQdrorQ(`QCze01Wve@opRXPs2tFAvI`RpTSyIthIL
zlDgxG^@`DO(v+-YJTW%%>yxPa@2T4qpBU~ZlV#Wyr$&yP1Wvv~-GSLBuA8ykK8Taq
z-pJpc1l${_JD6C{7!4<k<&f+hGbb{Kx+T+Gy(d%g_J1B2RR-K7{3q5bQs+_4pAO%h
z9jQVFNcKtw4DucG*L-}XC!+gHXrqI*qfzL7cS1)PqMy2pBX@jw;=0cg{L@Zc_qt^I
zsaq0xo4QF{Fz7D`;&0UaQ2Hx$%OWR+&DBvG@%j6(?_3==$bCBB!R5$6%{2l1@a|l*
z7n!GT-7$HB{StvGqs!&KQy72NmxQko$E4-rNa?IJV{)$*{SEZ1_I{E@90q&i+&Qgw
z;?SI?IK<RB?OtFbhv}$u+5uqGI>tzInoTcBu=OO-i{`W+0-NNr<^|DBYa0LSv+93l
z`Z0aRp~>CiDbb8*GD;iW*nEeWH{VV2wGg}S#9nF6*EM!U4fE1k=7?s-WjXU^`Cj67
zxIPgLKL||C#L13A!!P@~E{aqo#zZi=eDVl<QkNK$*&2WE=;OaZ{ZFi6{MF;nS%p_7
zaC|xcKY5Gzxfir|++xke!`h3NHJA)^B=;N*&gTg@zJBff*IJ-_V>WK)5%<J(6?hZQ
zh?DK@AdjrpA2-$EzXETYt{^T6-q}<}S^o8XGjUqW`9{9YI=-tVo^6i4VI5!<*URC%
z`>>nzt`(k<ZT^Ddw6V=)muqi0XVV>74WH?q;%YxfIUBZWXKm8ur~YH$lbE5p#9Cd)
zHHr8P*6LR28aPDf`qm!z<q7!znfIUKJ+Qd%YCn^B2fb8W4$ScFCcX<_%idMszXiKf
z@vV*2Ta4cMLwt9Fqm8^A=F<+Jm8<_(!Sj@tPFBG+`7MqJhAwhhsQlj&vmHja)|%=a
z_y~$+Lyk3Ncfb#gY53vY8OXTn9NNoeJwm#mt4BWU%IK~$Be8^x-U{t?!VfRO5B~~1
z+yI>R+Ad?YHwn*s8QV%?;0hDt90Cp>cy`MwPSG6`OV_-ww0uqKgZ8ILhvHn|9f3+m
zW~h(dY2bfR@UKiSGv0IIZz+i!O299fF$h1rL!J&B&ua7IL`+UIdbO(q2jy!@;Ja%X
zaq<ZtPS^Rw&JOx;rs2bxwm&@2_2Ep5y$4(xgIatt<~;M%t>8&($BKE@I-agIo^kv>
zHvO`8CEJ0u<wzChCyIXU_dK)TvxYVF-q`P}8Q=THns$||g+EGxvt|i?{zN^h<6Yux
ztH7;%R<cLzGRudT`7QM*rbuO^YpdQ}Tq{nj5FQy|EmLQP6blcGv&O49!A~s-`Bn_A
z57T>pS$@P%-xL%5IdIW&=_lnIw!rSo(P3l{v@%vz$lcxm`z1?EL^grsoNR)v@QUn$
z?AgRd1Ixej-G{98|ABdTBR;en4rWI#r2O}Lb0g#J@thiam^NJ>TD-#S8Obj;4ZoN>
zhXsIFKA;--J6@EyPSCIGH<Il!SZ)C{53b#J-K-n8at7`Wd_*OT3G<`lQ&Oz$rNj|%
zkMCyEwsmV4yS`1ypo7HV${$){%{Z?d8P$SKC_c!=HVdG4zel~I|JT^ZFp`bqp}!;9
zIDOz&bYC#h>YI_p9+A&lQJrPWxT8~;Bd+ZD4zfmbXY*X-2W@_h|Iuu`KNX+@FLK5;
zbuRh6%X`R<eYEYP?N)fOm~rv}!_))}^O=i_p*_i{D}hJ&Xs~hW$ZO_B8yD+{Kkhhl
z2p9R}8yE=}&jDBPy!0}m+r<TRH3OQ;$JP{0*)$If%3T$Hn|xmhK5t=uz^7}=h^LXQ
z&BQvM!uWRMb3Mj)cW~C7a;f^n598rc_WHOo?2yI}UE3YMh0O6I!TbO)3-9T4pOMDT
zh1rF5RnLI!SC&7y+&i^b{^XWFJ24_(SN$dFeaD~WoqWfO=tp0oU)9j@A?`)fKIpD%
zmZN7XpEPHt?WjfPcKdbbDE+#Ty5qCc_iLoFkj?M*&B0|}Yyr4L=jv}JR!jXAKZqA4
ze<X+Vk-z2aIp0g4gYdC(M?6H^t_+SdZsQp@jhWjw#gfbyd;w>^d>XkY|GV-p=<Mgo
zy!#q>*@sWP+mqkalj2j)Lv|d&E^=|U=beG4eqhsrBMXI}&!B79J+{(bi|t^qkFUra
z2;q<422IJQpR4x4ui$ii`fmGqu_M!+_9eTzJ$Zxei)Z~s?0Zbi`SR~8rieWsJDSn4
zg_}F*i_2Fd&Hcxy-%NMLCVB2hF25|9+$fn0|H?<RH6e>7m&G&M|00=u1O2Fy%#0wn
z!22+r2VPjgyG`v@y<)_QxGzPP>stEKSqZ+<+<Pm2bnTmwES3(Uv8{#oY<Vo5NwS%_
zv4-c($WgVq0-Z^5YL&#L$u|9(V3Ge`dK5l3l~*i>;W{~PZ4Gg2w@`Ln;`<Q$!ApS4
zmhD_Cr;GiLbpVxJMp?nE^@B}`Ia@lcYr}<rO**OK=v0U1UFo?!e3M)kzF=F24O8CM
zgXmY0uKCuL8Ja`qfQwqjPk1P&ZOLTCRh{TeaqSJ*3yw2wy%YQ;@bBuD-QcMzffMZu
znnT^2_+}L_l%R7;k1$+I-*CTa#kP@7qJHU{Zu+D-L2!1a(Z_0`DcZH=Sn8aRu=#gm
zFWbHadu?EH$~rDSd)MbGS*bWF?FG`c+DxYdE~CwkgiVvWmY2{0cl){mk<5hsq`7cV
z2V7}IqwuWo;LE#j=YJ)xEAzJQ{3otA98wI^2<L2{?$|b^n(M(^mT0}is&7U=+JxR<
z+b*jdT}wKG##nuL16hW?_SBv9P0!Mud;E{@k?)(ia2aDJ-9Y;^wbwA&2Xo*kYfsq@
z&uDx)cyIfaWuK@lZK^%(0a(Xg5Z!Mi{$J0u7vwtjf++S&GOr38+WHbYF>#2)^`%6N
zzH+{39nsa7!qB+ep8OK(3w!$>k#9J}9s-w-wRZM3Vi%L=B{z2Qx6_!b$%UA1P4g$b
zyAya6yEqb_dL|0~!q_bOQAdnl9x;9{u8XX^CiQjUZ1SMezUWpk`Sd)oA3%GkCF_#o
z<$p}O%_G>z9gbeJ+qY^?q%>hu*!oSj)t5<L%-m{x*CU)`{imLRN3x)qO&TlqgNC4&
z!WQ&tboWq#$FPye&FjcL?NN00R{3Jm{nx_RZ^D1<_v_z99Tw%zpx<^q|As7)u98%b
zbSKHr6V=nj*e#$Q$uE^v-J)H|ZdXP&Lf@|JQ2UJWFqygx*}(h3SYYWfiUro5PR&DM
z;(lwWH>mhu^&5U`!3L*Xsbr_0I@#CwSHTbj?qs=sA{c7n3BeHH--SW?T4fT>)Nk>z
z@Zii_zL@5<6*lg(IJ+HRMFLL62zNr8!kexoJM^E7!?n~kI44ohTH4Z_Bpl+a`2_qc
zz@hSR$PN<@u@k{zrj5f|zTYJH`M1X$9EvW4!#e8yG3^JywQ>%ym(o7-RPYEsoolEZ
zM$Wt8|9Y01OF2K_@UL<k<yow8iAG~V_A}=-3I5fzTkElNh~(-&dGGZqcy=K?R15Dx
z%l|KN=N=zbb@lx-iQr5U5HwsxlR?o;5EY9`e6&o!3q-4x2W{;wL2Dbp+G4%YY7L^#
zlK@&y6{*<P#9NanEw<81Zw4=YL9`9E+S=9{w6;O41*-zJHt+Yh&)$<WlbK{<?dSP}
z4=1y4>$cZkd+oK?eyE;x!sEWWa?U7L;m2bNZ`E&R9-@nH<&6l%w>Hv`&e>efuSR<p
zyoIqcbKJYSYNxUS?uoni;F4b1b4AQGi>uD8Og`)%cPp28dS2FwR_XBIoyOSwfHwo-
z)&u;)twDMYJQlDIO|)>=fqRGLk&aVzH(zkE4wGl9;S_@_eb<BQYV=U6!IRw5Hn&-;
z#j^uEU76aa-fR)w&H6kr-G6IgYqoT6n{?CME$i;RELLCfu;4KL(wAVlm0ZY<jt-Vg
znuqhZy1HSSyK>Qd9XXUQG&Jt}_R8pa$u{Nh?Ks5dQoxTepYPw0qe`*Bj}(mA$-Sk0
z4a|u*@s%S7m2JYM(3{ryKg2=K@fORs+s!@2Eu1qYrjEkT=Z%<5-kzFR@ropILb7u=
z7X|BEBe=$@1HC?LOyGy8qQB<xfo($EbERx6&55t_J9hB#J;0|q*3J0RPZ7<t`{uUc
z>oPvdGUi?feU)<0^ry5H%-kKB_bT;kb!UrwdAhT8H+-BuByw()y9H$zdy6ahU32*<
z`dP7G!`$9`2qo>3wbwY?lppFW+K@x&z&mL}POW)Qk>_Q3q;kb01+kscMDZQ6D?NVK
zUH9eoZUX)W`4mcX;r=qVuY5577>$i&{r+v}2-*Ac^PSvJ+gbP_)OIIrb)P{vxOQ{s
zL-u>lanbW?`v=;3oD+oGCTOb|!CY-;u`a0X)3hzO=K*fq1+-Pp+FWh#W?fR-pV5}J
zCT-j%+G_nTLN1isZZm$QXv;)@@+5p;%!gL|nv>bz$kx!E?E8<1B-XH}D)UB}Jg?e!
zs=eeu`_9Z5t|aoJJ-6(sw;A90pE}rko(Rm!&3Fv|Yu|U9;KNSNX7_xNvVmf`lsl>o
zeDu!99R4Ra&lt({7XDB0_y6Pn1^oX6|2OgfWBQ%7MQ`vl17{`cQY|uG&G*9Z%r&;5
z?0m`CqDax!vSBNXj-R)r-n@mZxtA*j;=APk9w<*~6uU=s!xs?PjQFpY@~yeg*+8Xi
zwkY$zx{w@t+%u@>9zq>=3&=;jbGzmt_aXEx9VvbOEofB7{RaNta0dH&*?`sj)=<Iw
z4g9XQb=-TXFNpcEa`57B^<O`czK@9PTfm*zSGj+F3HI<6^etcKBJNC_kDmVcc3{Ca
ze(k$nTX&(iFYqajZ(mCPy4PCA`j*6}5x&P-AF`2kkG0;$dNcrU%0?#7C`rstFu8Yr
zA8C7sJMbL^-ny%G=c5oA!=Blze0k&#=;j`2SK;+1UjZ&x0DC>SRKRn|rec_M<|!Ln
zegn}pPE5j=SX*>gw;R8M?&_9B#_!bIH1c!&V-&itEc?CO-%z#$oSs5P>bYM(CNg$s
z7jSFO8RRAy)BY%Ry2H5%pq<H00KK}&v2ryq8v7sElxMFVoCMnpYzOI7`PCMHO9OU9
zSK*^4FA#sZXQF&8-FHXYezTvq0lf)+QSb@o+cu2}9UKjG*GF{drhoa-WrwM+Zs1g3
zZ(EvP#okJBU;16S17|`X4;b`L`#03*x2xM00U!Iet?Ea%mh7yZ^uI7tv|=H+>;R`d
zI^VQ+q31K-v(Y!86M1mx*U3f$^ZhOZTf~gl#hGlj`_M~hBf9q|N8J-yi*Do%MQqkD
zvA*s7Om*9A_?x+Bxt_k7t&Sd#ZdcA)caHOs;Eo)7mc#uy_`kZ*bJ0^dZ%H;^*3CIi
z1$(BwpNX`QNA@An<5m1$XOjPJ5jh5~8xrLFOvK5DkBu+gvZK<g>Qk2-1X=4I?Nwp?
zJrw)j<le+2_OZ4<{9vZP3i|6NMon@zVQKB&#%~9DLiFBIIHCQd8>{!uK#nEX;-Tca
zi~Ho?vh>DYF!#?-hu$7#Nq(=xF3U#mLnynQ`eAxEe%lM~pF<bTTgldmz@)g*Ix`2N
z?Z?n=&G!9Il#UrF$Eoy~_MF{?*oEe9Ix$w<P1j!Z*7)G|p~D#0>wh1*DjGk+UzlSb
z`YiK#Hu;)`lk{vDr+<{PrlU(n{4%(swYL_Z-bV`9yB3nGE;zTX#jnwzGga1#8RxRU
z)HnF4FZqhJXH(wL$&}0Ap*2zGuhK_aN16}9cSM=<lU4Ay?wgei^R^9(dD|3U`v`jp
z#n(2JuouDyw}^IUb8dL2evb?{vAJE?5@(Y`gZ-ud3w(Aj;+H!NpTY(3TzMFb--`Bb
zO>3dPa-mjOUVLPTx1s)sv#Q|Dv{YQcru04k_e2kS$22W2hI$WSE41p4Y0GebIrFB5
zdDDiy(8xTJuj=c>McjEkGJI+Ez6F<|%fVlHKdvH=$%4Cz+3(pHZ(wY(_QC6nXY7N8
z=)@9l!`Hz@bKpw!68o*KZRpw_?7oS}{F7h0YVWJep_(blHnTP#;MV4=_nt;O)zkVc
zKj^~c)%$80Prf4k9>Io_t`&`{89!J@xx<N#6~HpOeJilYuF<;LP~>g6f<6`NtUd2_
zw5!99u+Z8I5x!4^uG(*k$EM#m$pHn<TED~tx8H3=9;8=`u{&ybH$Zi2;B^-`DTfm|
zV)jju?CAH%uobl1*1?=>axw#-mFG#k*8c^-r8*i@^(v?*JAFRiAEiIu`Z4hzVLK)D
z4jg-2*<I7YwK<2sX%uBw!jH7G!b`CgE+fZW9DMnf|4VPEs;^1ZPjdDl+6BIQ<ys8(
zxCNA54n5UZ<M1&nnsj!+y0U=v%k;%J_RPMNJT6U_$KkYRk7?}JG<l?+lSg8-I$f;F
zBH{#Hyo%(qo;{xPqy7YVPbXJ<=HA!YWDUql5wxrw$sE@=wA380g)c>#<M>F74%kLq
z2DEniU=y+s_D4QI4iVAA**+b}LyUfB$REkKiG!hU=||D5ReQ9I+$Ws}!5{Xn+ApNx
zO}*y8W?vPZe}IY6Z90P3R_(p9*=vrE`%!#wt%^Z>rNEEji<>hEJ$5+xMHsWRyr3;M
zHpo96=<)QoN&fYx>~~cwyx@KFl#d_|KKGIr4A~w%jQ5v|$WJniJ7Cx~YgnJVL;Fs5
zfBg<{YOrgw^G`Rh_u`yomG-DQ2dmjW&M#&kqW#AXbc>0Fy&#ehtr}h2Fk=`#an87j
zIV3)bN6V?xA^i!hufwk1ZqER;wyI42nihWhq~^8eGy0Krc(>?K&bQ$ayx)XQ7>%!4
zzrXk#=PLZI^*#}QZtbf>yM9GKuQqc&BAz$WFM7h9F|`(WRja|>@H0b>KOugy9*6lU
z+>5B!4xS4OlKWD8Z8_LK6B=xJ)H_#n(ESJTv>0BN)Ol5vz)wGw!Us8<cRu)T`8jv+
zcn^Cs@};$@$-*VL+kmUp=H`(d`|R8J%aN^IuucWmWQOd8VRdi{=BR~La0*7jEI7-6
z6F>02*o5GXq(IjC#*JTS<n71AOmP-pTfo{|$lAM~S$ku|OetPUdafKEJd2!YK5n@1
z5PvlB+#liJ2xt-8L{0<jmKyB4#;+x>ZaO+ybsp#1=f}OOdGjM}7mx>Xw(ng%XNp&~
zfEcDX@g1wrI_9|abZsn{@0HN444Udp4*Hn0HK)TX_`4E*t1O{2ZtCr&AFU74<0&68
zx_TymOAlX7-5UBYV;_-7jJZQ~WmC4G$ECy7o}4^ewI0kwruQLlTCdB<Ymnq`*}1c2
z<AR_3@{bXFu08#h1DQuwCx&g@pP}Ez6~<O9VO;eQVH~Z88cR3_>j8NzKQaqi&xGcB
zpY93s{+ws|KoUvbE>7oz^rPsmIpZN;X6~IA_*`W>?H=LXI)O22Y+Pp}x>3KsQtsV4
zn%@=6FbjO#{L((woaHD^fbT2M=S&9Ls*UFPZ)n$y&!V+p^j7J|vFt&0UL#(s&MnxF
z+xeX}`XT+D?VMo|v{2dO^rb$^W4(KrYIvD>4%1~|9@G9Lv^Dk!`w{J5W|}c0?U(R-
zSB~{^4rMx@Nn0;N`{3|dQ629`yR{&~cdoOVt%nZIMm|;W<*<=Ax%DDm=0AyE(fYUr
zom0Vltz@oF<E-X8&?}RUnzK$mt|p&&=DIlw-*_o|R1bPO|8Xo*x<Y#CLg-nCeqh}!
z)&H4(@h<=`>$-AQhWz5n|5w`n)=1|U=Y0_1%zX3cJYb3Lr+inz`;Pm++}EEyDw;HF
ztJbSl#y4*m4#v-nJm!PP2Q3~A*3UfWjQ^dBkNN6)=VPXy|AddZ6dHIX=wA;X2k(uS
z<9B}ICDEbxZP{o;a1T>!h31atu-a%ntjA7gURRaHydZXqexmqul{dPZHy7j!z%E<d
zO`eJCsQY*P4<7mW-~IBVMqlW+$F@o)1~Fbm#&|;pH{Q1gJKj+l<8dxA82nab8Ba8<
z;7#H>&J0p?6zzrueH&U)N4iHe3)AbWEd8mkK73JsR#qMD!~I-5n0`1963*HB`EUA}
zj?4tH%UR-<mvJ6hk!+hC3F05MuE~DMjK6sI%QMYfq#u)KM*Cplblo?xcWG0h_44V!
z$C_Y1xc;<nT87{Lc;r#>4cuWea;N{*M?LF_V#&HEd-EP3R$}GSQ8pJ!eJU49p#M*2
zO*@S>?NrvZS*&R@+XTytC0?n<F1jGd@hR9V@B`jYUyDYT`%mrb84=F&8OLU>0KWKi
z?n~}x+md^tb`JA^wzFA(P1}|+{%d>E+p3*l(faiOXaC7_yba3lYjA&%7>JYc{cYzg
z<?Wt%;kqr<t$VA-?48t}xT!T=Z}xwmWXlNbvv&hqG8|ii9l1;Xu+7Gf-p?;)Um&|o
zx;}iTY!z@#hAzVCk{cuE-uX%L&Ft=(w+_0j8+V95e0R@??=HFI>R<4-TL<S!AA<jn
zU?+F4K^NQ@S^OG0;StvKyNM6H?u8)ds(z32_venTZW|jZDH4uavlm2$Z9R$gTXb25
zf7<c><&&_dfT4C1Hb7NiFJzM|@$vUO6eT(q-xN9bx(@}s=-$~A$i%p~f78w$^5ZN@
z$wZjG6JLkEulCYcZ+Ud>$e^#auiQRmvFQ6oR{D09u+Ne`W@tSB1OENccxB=w6Q}Fw
z+?4SAQ-%aEmz@IdkB9e9L>4Ef@&8ZRm%P$5Z$7dX?;h*7xO(g<yN;!NHRXTmnHO=g
z_=&jxSMI&{C+7?I@4uWkaf}=meF#~;(b8|bm1W-ZTe&@5mVvD^e(F&FM8-AqXHIDT
zbh-I6!GG$-KJ9|}vuiARz_zWT?Sppy{L!}E824X$A-!!i@z3I0d~=2Wplw@R4Zquh
zw)KCo{H_}75Bozpzb`@NoV-cS7DP(6PDkdjLk;|8&!T&Nmp<<v)4Q0@_sYd1{9Vr9
ziWwBGf2{J~_N3p_$&i!39DrYPdmtxnKPz9e=HZ#hh2+HSY2zdPw=AEFr-D;UfYat@
zElyj;`=5I@9Vh6q%h2P2ll{**dQ76NZ~6C(ZTtKo{!P!Mw~ag5Io0z&<@j(se7HSm
z8~v5#gFnuHU|TvLmO4H>aGZY*ZOwe0!rVt!%<5#mL(2&N8@;xj{XhF)-mwYJiS><t
z(!{jjgR3CNuc5uZ$?>ai`Qs|c@mqE;^IqTN_$~8;{Z~btZ{~+$_bMjweLL%izVW~7
z&PqhzQ+oC6WbWN`#Jmk3C-ziljlYK<&UR1!dVtuiO8M7$-x533+2iGR1$yXo_QxHY
zxd+UdhxQKIpT*frW$qbV?AFDM+tHc*409%BE_Tb&Z2J?EMR2+n8tB{7EUs@$vrUil
zZD}@N-<D<(eOsEfJjS=BS+%|`&9*<vw`jJ5{`DQA*%0KqYg5ld@<FA1PfOE%Zc~9d
z`DD7U!pU`U1#(UOR;@Adv3@NwBHCXQqJ7=wLDC*NG~5@^{sm$_yMB^C?T0dM*W=k~
z|MKu&+UL>{F7EHFF#L}W68=$<#pGh1C%thFIjFjRkU#v-0b|$Cvcv!V5d7$a&iJhf
ze-w5Jezx5&Be%6vIcwm5$x@W_fU-&6;w{Kfe{03xqr3-8Uq-hyCj9fckCXcQnuO0o
zcBS*3?)k>S{@KCbfo?9D?AP%3Ql}%DkMmFG?+Aa#@0squjx12t8E=RY+l=lF*+j|L
z(68U=;SO0ar@n-35XG(-hn^13mB+U41Yez%*0GmXZn!Psc=OPHTJh%2x0*J8R|Y(I
zU3W6u10J~ec+KCdITu!ZyxwHngx}iD-zylm<9pd--{(?x74RtbGK^0N_%wezV;*Jr
zaBFGH3%hAPKg}cgdbLKhVV5<rP86fB&3wY2D<AHn1#!O}x+=CqV`@!nls`3No}Qup
z*9HBD<JRdruv4htXy&QCPjp_1u~V9?J=jF<7{#vZK2b4ujKlc7!})b{a|V7H;~%N<
z+xp@s+;$!r(i8JX`{#jA9Jz}B^JM?i8M4vESjlhpFB_j`EGHXv_YPh*yz2tlc!III
zZqHvfULVH%Y{@PgTPe#X8+sqB<F*XiZA#a%zol*Yompwuc_y@5$vl$%VC14@s^Qzp
z2dDYuR!`Z`ci+-8?+WtVIT^WbVhKL$gW50N8N7vf1%EeuO?0(6R-r*9`zpn|#Q9b%
zbOJx6=A!muiiN&_`S=0&BVMWB_<pDOAHr_u@AdJkk0OVC`n;}Tth%rE+EJeqeQ)mH
zzP=sYlWPLpGxjf?4)4v9TW4QyoR)51S9|`&PM(^J{Z0#$)^p93X7*b6GR*o~&36Uo
zsiKR@P7{1h{qttA;QLx`-mn*4)rU8KE%3jJy;&_8fB0m-p6?dv!lR<_(CElO=gvFH
zCk~)jhkkUZ|Ca33kgl8{`MDtj#thvuTk>;LUl^@!>2&(U>6kO&pV2MDBEI&5%Ym~-
z=R?f@1qsi;1s;cCc!#_O%?%kaWXSN5z~E)c8^`=#FBv{68=aOM<rDjpHdYs7C9my&
ztP;j*zOgU9ZmhGwuMba#MErf=HDBw~KgXK23OU{t|8<2gTql;04?9D4$l0HgotD|@
zvhxGr^seq7&X-E?Yc}MDlQ-ga^?`HUbaRd;zBB>XFEe=Yb<yYY{>OcsahtEnJ?<sh
zc=7I7|G|v0u4SyQFZ9mmCH!5--)Z+BGvwf2#_qT}7&~)5FJgUTY{MHfr{jfzF1!60
z|A&m7%l}<GZUFyx1`Ia{e{#ZUpOOiK=pBq*<lm26X8J_R&W*H<;*3c9WHW#Fo9zEM
zgDxYu|KbhxHYBx|4$ajfelH*8Z8(YFmx8Ct;+Mz#iBaA<&FJF@$<Jr{=i^+-&!xHf
zxH6lZw@t%WZFI`|c<VHOWyZKs$<Kuu<7ViSX`<i4zT*z4PhQ|`Ia8lZ3i9fU7PXui
zN$(~<WpgO8r|bGKevWgoT|XJvsuOt+Df!6^_?D)xmnDMl;=b_7*4e7PHua6p+kT*b
zQieWlAqGDAv0j;eocs_S7xXXFyNc1T7iN{G_3*&xe<M?FjoK1VU!&M_{Uig9`xw_d
zzkfV`#kh5!%8KXuGl_3X;Tb>Lj3@n`^6kaEeYgK3T|RlQaZTOaj4?BKzkxA3$cL)A
zlNoCu`nok_1-jGF*x9M%!|B8OI5s8rq|TsAnNvmg7PMUsOj>_GBmB?KfQ7jkzH{_7
z;ZKg#OjrcRWcUp2d-dn`;y{<M_P&upYu39p%{2j!wa?w0#eTkuvAqAz&STNp@V8~U
zKiTRGox^X*p!cZx<P*5qtNO1Dx=+^lr}sbpM>PI9`H!D%Y~t#xCS;8L3il5>X7<W^
z6j+k{-JcGh1}x1r*<m>=tiPSS&q<`q`_$gOMCo}2ZF}~m%i&*mC$#*7{qz1HU}!i!
zEAO2>(b;G1Yzgw=nY9y{bNd;|-g6l+{2Um(lX~g$D1SFp^-q`Ai?IKzv(lwgYa6sN
zFd12KYugJWea9=U=Mytz^B%_SIKCH-X8um{cYpkO3OJfi$qq+Jm_NWExK^GP?DbM`
zSlX0MB@PJwd==V6Xcs@LB(R0{3-+1)`3`D_27czt1^+Sq^RgLu%cp1MrJ2WRc95IL
z8Fr9(Y2byI7Xh#CvcE*XZXa0ATQ~jr2vYkV`AD=Mz)#aq8SDdRfkSg5|9#*kqW{$F
z`@lJrxqV<Rd*(Nz1A9jIccqWq-OFzDQntI79~S+N4(J#5ElV%yE-!JIoza$3@(Km#
z`8&`{n~8Vhj?TtklLJb=1LHHu(Df(LZ{6ge->}cXt@Dj$-*tfBM1M`l5juaB**ENq
z_to{RaZcBdhDSHzhZX)Oq}@FoZSJ0~3E?lFOf<sp+&vZkZ*xYkc^zH{MhO2S`r@y3
zKsKD}cN^bEk;${2YuqJ+9QTbF^qH7--1R%5NAI}D8~rD`r`BKc0f-I{?+xg1eik~M
zXW?<@42o}Zw781<Bi^WBzs_5HTXpaGBI432wP)v?ETV6nnc+LvozaIMD|`6OWnP=v
z$D?Q59$s(TU5n1qTyEOS`hQ?>j-fF{Z+9Qeop)^j=MH-xEKSy`16dP}&mvp$8Mmr^
z2Cwc_`z-n4;MIE7Z55xkpWv?ut)p#Wx?K>w)w>Y73Fa4xpX?~f&@UNs+{l>N-F@r?
zC&y;YP<-S-a{LVbFU5p;G5qCLSF}X&`O61~?vxGtHnAz9pXRT|3CruJfydoD2-8sV
zs=7v2TZZ|?mIh(D83q1j?-sOa%_`gORgHbct2z=|e49S?mW}+O9o+xgfj`u}qZ7Vo
zqnsDnbX^zcC8B2(8Auicx=!aK?mVLoe<-p3<O|_$5&qDnCZDIyzas6&ioV2GrN5<9
zN_@_k_F<G=4NQM9=iA7go%0$?bc!>#?-<pq@A8@NrJ|qBmykifRg#<3yhDyAhQ<xv
zvT@^%S#hl$SNc!5>Ma}TnMU|#-m=Ny+uKprcN;gAsSlfw(H+F!Nsb#O!|+dYeH8ZX
z4q`hTFSSm^E+}Yg<9+rqymKcW#^B)(_VkRY{9Vr)`Qi3H8pPFR-Y+QSKIomgZ#j#1
zJ-I)rJYf;O8Qa7jw-URq`vqOZc_xs{#1QhtbM98p-|ej5HSxpz`?>#lmdz8dn5{a_
z?8S?Vxbx7F?2SWCCVS7iw$I2BhrBdh4}S;xByIlMw7miK6bH&Ww5o<Pp=f+uD(+fw
zpu~P|EG7Q)&+J77OA=W0_TCjH{!;f`d6R?KkT!6hL0*&{#HA{J9lel>r`OrWLFh4+
znYl>}VI?$hF`13Dm;X}oEZx@tO?XRmx+zZt?{ZPT?QQOfDxOI>a+O0wxobry-Ws2$
zew+E<&G|Ur;W=;gWrn_608N^0{@SptN=CaZO`_W?{N>O^v38p4DVh*#H+qDLdjqd1
z@I>1+kMKLJihm>FH*z<2VyWkUA=uCFiccT!cLBS~RTe)h;{TSvZ{u6>k(~MLRzBW~
z$hp?QyVG|8n>W>)*1)^dcM8s9`93gN^$qb+-=mXNxAWa~4Bz9ERk!g?zW8YkhbF5~
zF1MEJdt$O`72h4abJ)P0?3?(m)0>Btp0B&X+$-DHHO1Z!#->`zx7LQnqXRu@)`$!_
znm`}klq~u>Bu7t5j<z4<KMj65<9ZBRtx<1jBOmkit+%upFT%GO@4$@lLb=vF#%mzY
zQ|3NW_LGxatqG}n15L3s`K{;O6UlIKd8F-lctM=p?pa4zc$9-=lHlp}E3e;<d{63~
zYh8!;&b6g{N9`KIJr;Am7O$8X@ERYa{J-)Y8UEfg!K^i!GcTcscTt9&zAN5vR8XJT
zq#gVgm+jtK9Q<~a=l?0F*BLJ@4St(OE>(UL+{?->+z;aS=UaX2?r0(Tt2(#~>CV!U
zWxX(OKQur6aNqvOmCbFNOFt|$`r$}_FZQAMS~$VNvxz%(+#7d%t>(KAU#rnaA-*nW
zJZGz<jYmDl*J%7eztYY<^hs*&l^yF<Jqk@Um*UeS0i8y02b$lYe=xuPInAHQUT9TN
zZ+(38$w58*dAeVons+w_^X_i$f+=Qu&2rE0Sa|jHM}f~9<xLyAKYD3daJSFRnIw0_
zx~1ch;qBZ3Gq~QIA;Y1!de5P+I_^yNC&NVv=FI%y?U^vHqdyU8``<9Urv>mHHX_gy
zUl$z@V16^FR%;x6qbI&5`1OsR_$uGc!}&%}tmHeXZ}dbH-(AD_Mo;_?-wpakPb}lR
zT;G++ss_Hfi!rT%So~}GuG9B%$*M2$?dki3WYtxC6X!jx;iP2M<$Ndg{lR3_V!peI
z_@0@px|Ht*eV<Ma7QV~*UQ^Snhjb6a(X^UxL({W!)AS!hfh*%4hB=cB>4jG%uPvke
z`_aqHy;bqLlL8qao<{M^$WLc{?Bw7#?o<!qH&gGDlHj)qy?Vjr%6Ip#e#QB{(P>W*
zcT3!~lYQNz8A$fG0=u(S@{#??_^ZM)QH=Z-0BiUzhJ#BvLVA7^#CX3=PQo|ODKK|1
zif!K77-xesn7h}rCeJ{p%qRbZa_%f(J)WUB9qt7zU~i&azY%>Clc2kjE#M_vte!JC
z*@m*iq=UnAdNp`8WXZp#dJT3xEe`AIbtOhuH`%$ZJ6=v#{~!dD=<8q-eHXAt(t0mj
zp_%=YY>C<}zz$9efKR`xJn70V2+Cw*xUw!{nM}JW=u+g(mB|L#PT3bi<5!cT!i<ki
zx1F4K%3Gu}%7u(W?7O)?mLP6p25}qR*fN&@!%pt^>0Ni-3Dj7xkprg*o5s|`rcv%R
z<x^XUUE}iO=q~AN{F^~L@s>Gj@~hSH{~YlLo^0p-;~emC`0Fm4Vr)&mVDO(~_m3*?
zkR2u3WWyicI{cUN?eLF-x9l0wp@shRMv?ow&i3c*wr<)@1{T4uyhyt1ngmznmb(O8
zS3;9JEv|23yIldU!db8_g^$YBp}*B$Iffo(p1QHTEH+~1SY3>tZLC-5NB3o9CmK1R
zp0Nu#FW=6%^3S=w;ASVsA$|Sw5OkQmHx)jEk{ow9yO8`i3)#=OI~ZZRaDVU;zQRqp
z9|c2%Jy|ecXA<MA`#O)A`1?{bS99cJBW7E2RtL;6@t^q_(Kj?#Ty`xy(w;&xcmn0>
zf6H;~D-<7y9Nv#@v1rHP{sZhQKDS`O^p&w;D-@&Mz`jDU*)e3LCKC83G%pHh6TsMe
zw`iY<eSgBhYUG9Z;1=jvM66pa-%F8^HO%QfSCW?ko5<A>e@&f@)OU5-r}=x?7jXX|
zRj(S@O}(n1uM^S9d!DTD--d>+uQ+g-Iv)!9`iSZbooxF0tE+btv~l$|1oh}^{hoiF
zZ0Zqb74+v5L+W6AIvA7w*6;b_NdNgzow$SR`Jk^c!tv}9(^qGxUTVw>g1)G?YtKoZ
z|8rMobqKDXhTwm7tm#X6cMP7?OO1I-iWa-}d?n$3KU60*-V>oZ%M<4PA=A${k#Xp4
z=tZC64?g_PJ)esE@F5tBIw_iNOVMiAp4$=zCf(gOeLdK>ud76>yN>g34%L~TK~L(e
z+Vic0{ToAdQhe^^;jTTW5B2wAdtVc(mkAfJuitaubOYCAt{(hN(Lp{maD?uid%kp(
zsaGGWm*VxL6n{GRoK8G#s7{LR;H$n)6#U$Cm#m%_s+SsbYKr!&_6$A6KhxDg*0*QS
z-q7n~L;abq4l<B}iSMP<|A=The6n8^s*{3=bxknQ&#pb!#|%uzhU%qYnv?3QbI%)N
zeXZ$+hg!$oys-E&Ugw^F1@fo7JALX|{HV8T&v#DtwRbmlfF;!zJP=%K1lQ3~1D9+n
zS8vk`J%J1!PaD=K;9tMzJIDEZ+3!YK=e2i{9r5419o+DT;0)!(n&1w?i^m1>sXAw>
z{P#T%JyO7%dLwRKd)t8xYxS0n>>v36mPnWDZe@l)=(7E=MaZcvn|mDjLrg9c8?#rg
z`=!LTMdu&oKWTM%f_tYa9sbcs+nBn7wox5k)lb>$IGp0Yu{c@1fo$&DbN)%bauvy^
zGeh)wj(dUV#u<`x;=&CLe{`~cI(2S;HoNcW?}Y`*8Pu-xkORQCnYAbIE01X}=I?U;
z-V2__4;H#d>ioVZf@`z&eYy9<yM*f|bgjd6`!W8j_Re4|gzKmeN7@ehsPbe4cY4Ei
zB(dz=3;PjoAw;;3Q^38PLe{SRs5`{il+oUNp<8RQDPKY!<m)acpRIWJ(~-)*?X`aq
zeP1Ly1iH<~mMN0&8(PVhDZ;+2mG0*|irwVoVj*oC$RDje?GN!y$ydAQr6Y~q(}BK;
z(x2W8knT|%_Q9365J%os*?*4j*9x({sUx|_T-!IZwzqROzXf}A4E{l_?e6U+a^G$I
zIx_P-dD?$Oov|04<X2IC691yeqHF`TSKG0)9j7xd&JiT5ZeJdbajlyez&-px@7ARC
zH;Cu56&gbL#Y6ag9Q;JjuEV^CzARf@vcR}u|Mf${k8<I6FmnG6_1(Ux9$8ob?}eLu
z)v`@^lVGFlp|Blv_rBnMatnPm#QV}pIk*fzSx4qew}_wcR=OdIO`$wQk^|+P(Hy@J
zxln#Ia+_2-Ij9D&lpL_us-19G{W|59hQBTrx|_YOc>EYL(M6u9weaEh@Zl%O#l!GI
zbd$aJF?eF~=D&QTKOMdt#+Yh%u$9Ad&PK+J_ok)J)G}yyG5C7+{3Pr{#&5hzbT+=@
z`4N9BV=DGY`xbX*G@6(V`2ZibV}6}61($SG9eG$J1O4&#PsAaMxA+_$O6jx=_)Zag
z_N*jLr%|s0-b#l}2=R6-ynP70kjY=CHxlCSfqnTKmgVvEr@ZpK|FbVPpEoMOPkG-?
zB#&V(Ivzy7_#})BhUut&MYA^ODOx6=WsLr}K+gp9#2($KGcC;-e09CC;cxZcwT|;0
z#r~C?9BFA?%e{5-J{THHPl(RC-|looOK1))htAwJNk5|puJ9asxd8a7lc^(|9B7`q
zJmQ+~k^#wso9{YDklbAhTy>m<$PX=9=+3g&*vwd}qp{L_(7>eg;b5IQ$$t`gmp<CT
zc;WM5-PadAG@h9|jM)Lt`y2Cq;b+&2Y-4U_tO`5UZ#ggA%vrSdRK0n-Ph%Z8mGxj2
z>%vUd2kmEmZuSUW&jf4S9`X-_^Djk1xd*z~M=D=OGyj`?jgL*FZ}}bObI*=_`;6__
z0;-37C!d7$gTrwXIO3~H-L?D^cL6>A?l11*QgCh{w{#{?wMO>t>4y51_~Ekc>B<_s
zs&lNoxwX>0n>cZI`dea$?#5=pHzipV%;c*vIi&l8?{vXOUV?n#lTS#pm$F$nk0=I4
z*?nPJy|WAZ0XxXSvWLHW?TdrjR|A{u3(1T0kC9Pm5}prbz~=0WG<l(37c#1|qv-so
zUt?(}84bgwbCOJ&$xn5jm6go1w9&>_Rlwfa<Wl4uIXGk5Qh<D5WA7j*(R|hv@b}x$
z1Dfx$MT0Y@(ZT#@O_AN^d==p{CbdaolV&?(+GEd{B<sq>^&&Y@wI_y#=8UNeU1EF*
zqXOIGVdz%D{A;DpXcpV7Gt%ozaJE@<rfoKVgx_xc++o|S^eoPpK2ZR;xqW@|m+ax+
zbIi{O^z4~c$op0MGbf|W%@}jEh`Cyf%~sO(E_ZO{H-L5zDW9S8H!b8GkGHC}$`^Ri
zIO}IRkF{LinvdJC#lcyAC3im8!Mv2uX%YUN>+pHa=I=AH-NJq#*1W8~nM^;>cKTii
ze#XDWxYZ^n8{@K9SqhJoLu>)Ceu+F_HPQix1^11V&r*4N<%6qV9@%#&Z@p-Z{WAFk
zmES~p+=y3Pbq#kSZf!r<U%(h)pOEs-8a`f&osPYsxhXzMhlXt-w^n`%J~m*d^_idO
zX}t|&^z`=e{_;>>4!sdm#M>~X_+hUI;TV@cPqb~~j->o~A=-9fLxpKu&)+rBR=y<X
zbL>FYl><ARD_s6W%>#VzDZI9$N3}*fyc)BtKNaBBVb6Us*Xpkacy%s<j;ZstjmP!+
zY{9So6nwVeSbSKdP5wN^b}gb$7uzL!t-shV@yxs}1h0*4crNpbZzGT38G%lcf7$of
zqw|#erdD%mi1!dz;I@_x@gD4AZc5Mop4_(58O^e{xbtaznE2h?eX%?3eX;E}hv*Iu
zTba6o6@T+Xy8r0jO8GfuiUr%oyvp?DRlnY2&WeQVo9CRx{5q3)R>ORo!@Qf#T6jhq
z^U&l_s3)dEXVxzjj%)8OJh(kkc<|N)vio1;P>e(lULm+=@}92p`AbJDhOB_!FC^As
zDY;-5ApeQDw@vw87jW0r`RfitE~MXTpGStElZhviPU1U(JWXLt$-esk??2jo18bzC
zOEvRuiHRE-xAjhP3@L7e^J(ZfuKgWwckwC><j%R&@HNu@O@6PVkMvlQaVD1JOOz>=
zB%jz8<<4<BRJn6RBl({lJ>-jgm;09s$P->q&KIpqiutI4E|T$u(1!KM$cxkO75rUH
zAJRcHtS?%6Dw}_JANumk_@edphh#+bs{lvkZF+})`mF((GPVi&A<p+T%%iB)4~<#;
z4d;VDZH#`Hz`pCBz-;zi_$9s`?7=&u^C$W3RzEap4<6DFqsi4Y?(>Ch@*N94!S)Vw
z+`tEobT-*dF43Y7RqvZKEVd$cF8OK6gV`;8*n)2MnET){9XP&(KD+?Ay>?sAnh5==
zon&jEwh7v5eyRNjf7JI3DHh71uREV*BZK!mOdfq`GXr0>_Ih>jOuiufpP4V{(~MCE
zf4evjt(QI;LQGJ7#dLie`eHlWc0@I2^+AsQg~({WIr=|j`}Rf#eTQ@O|Ei}TEl0oU
zH&2*PwEc2!YG6)efq6AK|68$76yvZR8iZ+bJ#$sGkbTlPT6b5;wZu6|@czJPWV*<_
z|ExONvu2~)XbS`9rUr(#EHErTVkUdcqMhdtS-#fL54laFA9F-~>#gx@W4sHE#2XJg
zRQw3&r(8~>+pka2Z}f^0Ioki#wMRGiwh!`0UY2UlTP5&#HTQ?fIklB_b6Xj<M>ntq
z^vEyol=vxFn<L?|g1l27NsZN;cPf15^25%aHJ5Z|$u)IsvP$`{npkI)Z%RJLX}p`0
zZ!WBL7N#V7D~CUMYIeo&eMWbT^b<cl%2%K9NaI@N$C_f{)SClQ@@<JO%8}*HhHe7R
znZVgos5eP%E?aW>L=QJM&Q|G6&K!3iMy^EZs$$m4N^<EvRn&0c(b#66=bv)R{&h&h
zfv<mH`S>2bw?tya-<i5{{MJZu@q&@D;<jaF(~I%J4aa9GoYkh2f2#X8+LTp#i+57@
zyR>;dGQ4=}$l~JrZ=ntO4Th7~Ag}s&Q=hyC!^wBhdYHE@8oBO!;dZauak#fyd_UtX
zVw{B|i;CO6Up8I#Z96b(tt;MLJH2Rk+4RY8l}(pkl)lg#Db34je=-p|&;0ettatc4
zJ0>0)DQuYAbDh`L!#?z#e-+&7;jfT<m0pv)C0~A4WtB0{7w>*XpGIe;_-6AJ6$ZJJ
z4uyBm{1V>H67Os-#K$stM=ZxI?9dW$8wT$Z@a{=?cQf?=uI1fM!@DNKyQd;0#g|T9
zKK|**u;K?smJ~k#T}t5HFw47eyVpOEqYb<(fp^2;U0(I!T?xD!2JiB!56?>C)Sr}R
z{l}=Ep#GFR>pxRAeb`iF>G)*TcafzBti0-+c{eyqUcUg1rW6b-9$qlK`00_uir2kd
zHhp*%{=`#w2M5{v>yYcdCmC1W5u)|7+UYxN+l90xPjfMEw-!g4AFY2co8AhYzpMY@
zQ`7F+>5a%>8!~ujWY|v5@0|?(vj7>4{K@<L%-<FpIgISrFqb?j>puP-<?nXd_0@5K
z{2kgy{!T@2%);&r<nJrw!Tx~cZ<*xJ`Rwtxv4(5y*4!Zv`|erneOhOE+bY?|X#Uq?
zUq!1ue+%}ZY_040Uwa<qJw6Kgd>Z+D9hv+tZ6-&eE4~0t79qRxIgBJ{=w;Az26Wy1
zftBNH`Ty905yji4-ZXx4L2>b-kt2%BmU_E)E~uPd!}t+$IcV%?q-ez)>@l5dl`l=6
z_0o{Y=XWqx;XTpM?{`o1m`VJ91pl8g;?qZ;I^xrpet5)1N6#8@(WU2(_{`C#kNC``
zb4Of!^vn?#UwYaQ@0|71)?a$}w7W0;_Ox$bI-+v^@O!4+bLkf<=AZp?#r)yR`2VhH
zcU}6uY2Ul_zG?SedhfIcFTJQDKD@9pe)fl{doOhkf5kiJ!_<3%f6FFZboM=zANk6V
za|-@E^ql>uchL>yXTLPzPnTXaujHKM4e_(R8xA|Wx$w@Di%%{a-VQF>qcyOWk#A>(
zz7u@67S>Kznc{BlFD#ordqHCQMc4!t;0+(P%|RxMpyOm@s}k8NMz%zI>35^w3ST@K
z*;;R8>(@sGvc>w}Lr#Cm*JJO#H~kjrN51}tKGXHvX~@^9ZOD_^*ZlbxJ!|gxMUbcP
z&2u8=Jjmsal&y&`H!pjzi*Y354c2CubHo2;&%1~n*of^S`_$#sYYe?J<jVTIGn6MB
zKeKQotv#{jj2lvLNVbEuS$@tSZ{mI6|8awV-?xFVx%cT!jBe<V_%QD>oK<c1cHT|b
zpR8QgD=s8v@jG4{{NE}+M#J^jpWJZ$GXC9ga^v-7dn;&@m{(1X`-rjsmof*h!UwW|
zcRf<M*O8wV?b+C~eihiYM>6@&*{_Xd9x0#qRDN&97E##-v%l5*7h|yJMzs&8>`I%@
zdoyowZpo6*yA&UMHox6x!M&$2@H746vr+cGG4{Yk_?U`~k4e5>_VmW5bl60@k78fH
zDb6>#LO!S&ui$rKe|Gu!SsN8EXK0KZU=NP0A78k!)%hwyF{AJP6FEO7*kh%|&7r&W
z);(?4M_VTN3q$Y9cSG-2Wmg^OZImx*EN?PI?VAj7&Xsnshd;r*$uN3nX=L=)4*W4o
z4P8gKS3x8B6R;ijVf$~mfOAaQS&D~K+?;TcKXQ}sI5Z0$hi1oPD|mEN^p6KP{7Sgs
zi+-ch>v*FL9Qwt@yhV_K3-~!)hK6w&>1{Y7gi8dUo55upxX5QTF$*pev*Yr0aN#V|
z?0YkL^04Je7?&E0i`o0K2QED*;L8~J(tV%eonkxZ8(hYu@r6BI3YTXXQ+(-?-T;@s
zBkv9H><Y;TzATkJWaNDm@~-_yY5QEtM#0A>?%uQ(l&)w)-lO)djF`?uk@Z~XS+%rH
z;>XfDnCT<C#mU|LL;dC0oH{#bf>-s(-9pYy<U=|a_?+Cd5Nl{?y$N3@-(g?<WPI_>
zoEvC9NQb88KqxltWMGlcO0Z<o`}+=-mc#Ia1h7bM94waui{kl2t4jK5F3nD>{rjPn
z{7H^pKYczpJLnJI5%g8Ze!O3J<K=#P7I?4XEmQga{tm7h_sw(8M9<WqZ|2}@vwpV1
zz|SU}-g*cA+xLPq`Tr}*$a#~-|L*&Ow^DXMBfXohoL2HLn>7R*Nja?=$+Pw){Aj~~
zL%Mbv_!wOaEr~rH@Lf@@;|=%&4FB=ZCDG-=Wj+0h$Jh!fpIkhYo37TrckOap{S5fa
zbL6eQgEE(!PP954Sap}{__TYA!P}unMgw1?{M{Pg-Cx~|zBTt(H?eMqbZ#?!*Ks~1
z{-woBQ12NhZ`<Skla_y5Lh{BNN^Mshh~65&Z&gmt(&dcvzxb>=pW=NN>T8V%`>VS3
zMiRV9v;^l6b<k9KqpzWz==rq`fxqf4_IoboIn5r4=Vy=nMED{nb=C*6<DQ#;wdLt`
zZzLXg`i-`guf2h<YOk@2=ubAmYJ64G@aLe5tgj_M|HWN)9L|+ezJlOws?zo&DKlf(
zz2#thRVy9*){fc19>n?AjGqCUGO%TO{S04(<`qx5y=p<*TL+7V<nCX_ezhdIQF3Bz
zk(jr*89ed1FUC%q*BJGVe+$~T-kjXquJzj5S}(C4%D;31a+s~$`NNtXZ<;H8lvanc
z4*9SirGND?igNv*=|`Mv@$BME7r)y+^>uKLx@XwB4JH>oz82oIY%1a{i5r&B1?H-v
zh_|F3pO5Bvwy{oh?THC6W2qgv!DrK^jj=1(2ery}Igs}=_V=b?(=Wzmz_y51b|bUV
z^YBamrQmz*x8MH8ne1y6-*D8mPu{We-C57vbZ_y&>xN7?PJW!5{w04$NqYr8jZu+O
z^G;3R6ARubooHzy|C{+8UW!)N!xO=+Sb%Ks@9*Ge9!stQzn<=Zj%r`|4<~DZUv7Ag
zKHjFDnHN^BVvM~2`Hu|^<V!i{-#S=%vdP(O_n<G3m-=g4({q`-IT@Rj-+cV79k<Jk
z%N{%NN`;>w$GP}egnSqAK159MBH$LKU&(hkXZMeRL;20!KINcj65SUeUPAi`?$z2H
z-JC^LNw$}wTi!gU*VcFS^sc*pFCZ7U_5n$9wSUaw=la%M@k;bQ75BkC;IVx-kY_wf
zp7uukQ20B|nT^VWwFaJ$+nc#{VwkT3`O<w$8@FePh32~U_rW~x#bb$~L;8EM|4x2=
z;UxH7UVq^e(B?5in}afF<9II`<;(w%S{&W}Fd_b*GC9Tn<@=}ezu`i=ep@*}2i<CD
zIwe1OJK2usSsyOrtx9YdZN{s7;HJ5fx%QHKE|a_!E%wYCv{Cxbr1hcyL7DsMlbTc6
z-&%?8hn%r?P3M2Dp^|gOGAI`B_8~XS9m@PBj?v7O=ZK$BYz4HP_Yd|#KSchT*k?zJ
zgEjVg=0O8<q?<CG=jc1Zdsnh)B2$~zF2x4gwXZ;LnC#O!*2w%DhhEhG#1;C)>Fv|p
z(YzV8<jTF$oddt$!2aImx>rB7g}}#otzrlFqBnn~^VraP<l(nZHa!{4^S@&Q=*>5e
zd7e2BjV#zTW}x}C5!|Hnnyu~;@3-K0dGd)Hd)E!=9Qw=DIo|>njqm1!bj3M_Z$HI`
z?Y)<kHYd2NDt$f>T(?-bx~z@T_Mw$?U%era&8DLsxUBMlb(h7adJnU%Z8SQOeg)rc
zN6dOp=W18k@#@lSmEc_GpL^5SkHOd~^E2ohwpHZkF}g9O$9nJ0=sf*&==;u=bpKNf
zy<1`AK6wAS37^tn;5o&@)4)0}x;3F&obA*w)9MuqPdR(F!RYEE9InLrsqZbJzMZZf
z46Fy*{+#_73!MixT%Qi>TkJIk1M55RRC4dul|-m-2WxnJe0fXy`kE%wdHUb}XvZwK
ze!vCyuP`>2kzeb7YtUJ6IX;&S!5S_3Xb>Nur=cBraPyfzkJ+(0?7Uw1%NvbeZ#zJ9
zo43VB8k;bfJM^i!6UO)3;QI+9d+BRw8s5lBKCm=fSQMKmJi>eo%l~_RXFX3izT$X}
z|3Pp#o-g3L!pi(=*86tOxNGehw`i_d6XE$1YlUo2*^f<}g=<gLf?Zn4-`Q-^3mp%v
zPHD>`W6O!*QQzlrp8a0-Saa+cPJj2FXP37BVvo~Xz2~mlAGx#Fqv7$(o26g+;c=d_
zeWc^D#dS-`&3$D1z3wAN^n>H-0dRb4GqKRbVYY#1a85+NH}-z1J09%+6nE3j{!Z(t
z?6y~pjHb(WaSk5uV0`J3juY@7ARF2<?BH)F<Bg9dt2P&S(<E1`@kKfNz{tI|n_ELZ
z{<LyyBZT#u+aHYtp78H8*^5aAC+2|j5esJndBM`)wD$CE#8v2b6H~!iyU{hge{1G9
z{!;b*u^fH3+P<5W1I*IE?3=8-bBBE2oWq0ociw2;*hDOCf}D`f548i|WH)bUe>URX
z+I>c_Kj~nubrXZ+>NtBTjI*;La`EPR3s+Yn9WFQT2h-Q*9sQ2%?aS~v3;mjjD-F|c
zBDo?&KX5A5|C#&zk2?At9`qfK>3QMpf?GvX`LMc?E7Na=zRQLGOox9wJIn@u?y2RY
z!;f+JlY>L>Y{5R<GK4)seZ|8DKKc=SlB4$$*EGiUKcO!TzVUC+AY%LN(4BqYPVMR4
zK9YC|{T8M{E_%KW9GdHOV>0?0q?{8A{JzThW(!xd?zvbTC7bU>&NtY;l6w0zOJ8rE
z6Woi~<NP4@tTdZk-(~yiBA!xxh2{E4%Jf^BT<0l^D{a5J4`X0_99fi2gDmc#&k8Gx
z%h9=&dwYz1oXD`7a`E^Ihd(w#7=Pz?NYj%kf2h@y);`caG8;WUW&5tf{>!At%Wq|&
zN1k#y+xFYce%`@s^skliTdfbH5!z%sTlRPh%axgR$*wz>u@9Z}|9aN^?&rDp;$45)
z|MMq&VpgKO#CunMma5R+q*eT7jnjTuzMsr>PC8v>8dK$0ADY})w!b&E0Xk0St+^%G
zq_d!<(NlIm`>6H19?$P(#opqJc$cS&eg9ha{d$+JYJYDe?};vIR$RU2cAoaj9_Vk@
zaci58x9=h@8Sia$XXDO3bvQY=9bV<cVH=z?@cKP;%q9=NvtyQ9Kg>XT?<+r5n8@W9
z`0>w!I9Szb{BF;h&l#Sj@55uw!FwjMb4<?0A>MAq{mR!-hu^glKTyqTa^-UVdlvt$
zi<B&iV^<`QL!DVFo+XaoHru+HOXgcFjtz=e&#?X7K5H=j-DLaou%$BlGqMYe+RHdz
z4eX1-HyXCH@|2fFPF}bJ80;nb#!}pdZU0`@!g;puF1ud}>&@ribT)n9%Qp5vo-lvV
z_UqznWBcLb$@2c^YT|b#$AhL_hQ7)r6B8VMcCNW~D!dO{(O%tlR-}0AomNJ#V~->m
zC4ca)mB{Glkk6a>_ef;8k<mqrT^lJjv1*c0(Z%iCoSm2pp1si2tm}5K?BEe!os7!=
z8;-Ai@rj-_w>}Z<ox;AZ(ZsFFKjY4m-V6VK?clNd)G+@q$j1LX>Hag@Z?mO)EVLgD
z&z)P@+q(6@`Su$_dlXk@+Jxs$o^X7_;Wr3+FN5CG|3mb?+QDPv&cpP6_wQNeTb_7c
z=;&>Im|<UAnBEQ0JL&~%rPjg0tXp&J7!7XUy?^#OO^&p_W8{g)v5r22;MW-V_0;2i
zeGC82S<GP8i9!o=($Xa?>#6e-@Yh=LXYy+grtjB~iCp?3*ZK1^kN2!;H1y~jOE>!K
zbN0>iB3qk2=#4z_bJu)rGkQmBbc}qkx}&-bJG1BKGj`8H|8?P`y`1s8IOp7qjvkfd
z?3KGX9oYMC5*K$MHjs(u;_dZ?)N7Va7>a8!_cG~M_q#_`69WtWy>TSU<5=3Bq}|eg
z&ALVUKU-{EGr08YGs;u0)>=C19`XO>T7I>K!^uiwNbej<$qH+%WaZ<7l$H6mZ`Lkr
zC-nN;bIHnV(f2XUo!;}@SRMB^SXZ2nstupgVAlQ_4i4-055N8G>|4{{xb(ent~GPA
z?XS!F`j<bj()gE~zO!=f@^ud=&%qL%&6qWvK1I9bpW%ID&W6p}JSo3%M%r<j?YX{e
zWbMTk%6IPK8njN^^Ql`|_oZ9i8kM<zWuAMxdTNt-?)~S-i2pTw=sRbl_O8FPouk+y
zWg{btJD8(-FJ=>a7@fP{_JWOpVs1`mZtAzpITinXkW2hV?l8)3Fy|dd{C5y1i2Z%l
zZOMHL3WngL7_)O!WXx8NF<e~imN#sy)@{TIhT>uu@w?`Jwz$~YlwC>vHsS<Raj{1n
z)D|P&XTe(H6*>3SJ~0zc`B8bt)6D&_&Esf6PL!SH#QPOP3wLjNv!%mL_&kJLN7UPJ
z19Yh6KGb9E-4qjE>j(Fsi-<Lq-(9(sB$J|TJ$j9pmb6?coZTAQUQM5hg{$X&t#qF1
z6R(!aiBZkB=&gITPy9ZhZ8J8t;=-h3V@nw$6nA(ibV*Vk)|a~9xZLJO$(0jh6mK#q
z&x~?nXkTh@BJY)Cz{Ej<(|o?oJOdvKQ+o;iPSM1Z{sRXCKQuA2MBbljz8(ClfuB8X
zdj5wD_+Q@*{5H=<IF4-~_`^9plq*YP5|h8itRu|3T=e=C<FW4ap_l0TYt|R${H|#H
zWPjnL-h2~{#EdQ{W^^^@>IICY`|5$LrQ6s0XOXi~awe1!Gt>qDn>eF!`6%o8TX6t)
za?TGt#3bo1M``=5oc&)8z0cI#q+KFXyn;5{G)Gs^-pD9-YG(3xBBr|x)Zy%3F^W5B
zKaX`x^>r4zV@Si-^jnlYNhS9gYLT_O;LqxU*oqkmZ}%09BY8%jn791q>w75Qhak`T
zR&MC2#DgQ-CXebV@K@jDu`P>npAx?Y_a=$WVJ_&KJhrMI*Ee}=_5SWA_UerjgKy;v
zX_QS~MgM%K#r1|_8yCQ%F8Q0FNoHKH@|B85<SXq=-F<&$bno4Fa--K1*HvV5ON(FG
z@;l~|j~d4Ia>$4BkuY{@T*Va2776Fn_%nW!8%-|y^z*5I+lI_@zkC_+*Gd1_wI{r0
z8vEVa1oE%BbtH4WX<^>G*dcfB=IRD(&P)?)<<8|4Lopki6<?)2L1bKVUpc?++a!A+
z`#PlD0$wuErJ4ugQO%9Kp?x0t<XU(;lRfjIrb+%v<;YyJ@M`7ARDMk5ADH#QKu4)f
zg7?p7EG1w6ot$6LrY1H;d8AYM`s-*TIdggp`R=1bpWa2R%(wcLx6W6~8|LmLU!!DB
zd|&j*L;O#YYgq6+R%Laj@~H7W(0C6ro_EK<<839!Vrsl+<Nn=tyjdrN@aMhr87<(y
z#^S&D$U)<OlkmT7V0b3md=mzLf3kmw!+&ZB9^OGWc}~A(;i)=e(C{n}eeC<7Ip)9N
z2k`7l(dVZJ`&T&nObNkrft8P&Ej(?L2My0@qR&lv(WjSRQ^xt{I{H*t`Phzp@I8=x
zB!vI+fyYA!u1ev*IN=}f@SkMIdlnsi_`u^06Mp}b*Lc13es`q*P2RCJ@*fY;`$6c<
z`qX{BrT2qJ4VvCN{s#Wn=LJtM{)Z%d)_w!etV2TZd<b}MWPW_b!gG7&py7D}cp9!9
z7@jljnq=ljTg?BVqtDn7Jd=ROhdxUzJn(I>`l?0rS&|n#z4BN!(O>82Lk=F<c+M8t
z%)K7zN7+!aU4N-J;(6<{zxyK%z@R!>qciWjG~0D@IXW}C{S@;Cy5wXT_nwSxi5=l_
z-aO-p$l_-1Yt8s6HU_yV2bvcbF=le{z<8q<I#cuFyrKTzd4txBulxAA8@4U7ILUZ3
zRx>}a!v-4nH1Yp)1CNWo?j3i>N&dNx|KyY~<Idr2PT@_C%?|P~32*L+4mkcKjlW>v
z@zDpnQg{zL#h>cN$JWyLX1!#MopAy3cd?bfjTM8IzX<Sn7xxbjYo&oj>*k`7r=;6w
zRovSFHo>F+2crKguY>>m{>RfeY52c#vX6Z`VBf!>@8(bC)%U6tZF!sVQ+f3LL;CLc
z_`rRmH+uWtcbtDl9(^~{ch^S;?i-ox?R(>N|A9REZlZ7R{DJ$1-s@8|Ic1E$I*-0D
zqwjM2CTM?aJMz=p_sA)JK^}d7oW7GE9vJR4diz8D&*sthsq|g<p@I7b?#>iVZal>Q
zHTO9OlJ6<>-B2@d-|(`RCilkuvOM4(P2bID4BU4b-0KeUC+5+2&tH-6QwQ!FxO-``
zsl@+k9yIBu@2={B`(6~5!PCb3SJU@ZN1SEy9$Y!`tSYT%J>+)j-v7?=Gdyqi4*pl{
zJ$HjDujAdY`XfrviwCuTfqMb+9dz&p=;ho|t?(M=HWqkQ;$5~qLx<qwy{&%ssGVB-
zv<Au^XbSBUM@4z>FAo}gTlB5!e+;8v)AUDy|NT7rUM2Vy|A!9FH4l*qBX4GmbIBhZ
z!lV8)&;Ldq<6Ox&%^&E0948-UoVJtF$03j1^?8i*3C5{Aw*PU|zr)GcXgiMbU&B8z
z(EL1&z8j|W+xL3)eZO7vOy93e_s<3HuwA9M-pecdx2q}{OLh9OtJW_h4{Wq$hM`ki
zNUroATvZ;l8p#-*VghsX-rxgYcBORLl2ZSWJo^5}YrwCVzybP32lw`!nCuVDqwkmL
zI~gCi?=-kSRO<gN4<0{7-*q|iEn1(Gp~>X%TpKdZ|3n^rZ=mmn9QV}2eHVvma`9vz
zU+jRg`7Qcxwr_*xn8yZg`Zjaf$mV$wU-vr)lKcOq?+%;Sy1%}mNiQ!i9_rtcN8ewd
z?=G9;y1%}eubn9w{Lm>TPqqAQ^_<0AlgBvci#|DWUOU<&FJ=s*e{QTy*FRG|pID3m
zX>~H=)LB1#fB2;Fc;jS$b{>6CqHo=O8E8&Ht6n~QGvQCoqwnFOkM+L~0QdS7AFhq`
z@?nbSD{tLEvh?Oo=z~vkARN-@^UCDjaT2{g-E3z(+Dlx;T7IS80>uY=_)mM*xW9Mb
z+s{21{N>>|+FWOc6U1L^3H<QpOmqu(QrsOR<5#60ofkH6mZvj0`9TYaBXsvsJ>c2!
zll1e^w0kMYb3SnVLv#cVou${~%bderH_<l1&vozCz((JKP3MfxkDKZ9U21&3y?0Vw
zy};j_ez*4NpY*J`zCT=$iF|PRe-;<d#eraNBzBY-Tx!m~!JN(3>_@zI=uW4>hyLGB
zd~OGyv-`s*Pv8437N4Z!%^8EwnKT$aECOzKm(ls$Cm1}^V<`WfvxnR6s%{%)bAFn5
z6L-G?c~N|5uKDs|ON$Omi*S6>v#+MdC*4Y%kNE0jE>kw$c|<st&D9O$GdPcM<vNcz
z9NIkp<G!&xX>%^mxqpb8b2bhk9G7F{(a!z<bo}N!&`opS#lj^n?!Aj=;K<`_rvtu)
zX_pp9nkPM;w{X;1T}XoalrGE_AJXw--f7OkkK%?P$ED7d-Mt2UqSGF=GN!w0GdXvZ
zyq&~%wz%YnEKChH7p(eOfX-WBVH0meqt^E!MzlBw47WJC6a~83!QkkVD-Xntj<2bh
zq5$?SHrDaI!mj&Ut(?6^@i~`~+u$(bGRzz%?j#@mTx;QSYmJLzDY^%}mL-nGjA!X<
z<T2x}n48D$+)%L@jvuP8GsgmAGhMmn@o~t_Uw$;Wd7O(slPx}a14V16<InpdBN=x!
za_Pk)$7{Wd0t`jm195cCyyI$UXz#g(Y3uZ3Ybd@oOvnD_bS~QbX@|8dum!`kak6Xj
zDE}L>^pxx0t_Ke1oU#<;ZN|<C?pkEx{9a_~PI70@%OXqR^%1|!zkT14{esa|xoF*F
zY2oailpI={(#7w6?r+&+JahH?McZ%E>Sfoj?oZ2B%{<fpIP@5ig&yx^jhtu4CRWPI
zPw$#w<oMrRBlBFFj<awySer5tiWhfr@vFJx@LujMA8h+>w)72bnjp7zbGNf;vfo?w
zp!J50ef3zZD?LVXfsHkc<!M8|&A74&%DLZX_XDdE&&P}nz5Mkc_e9O`bQ{{`MKQ6H
zd9DS2u;X;u{P3E;JBD*Ff8EN|TCf0pRzZKV&6oc<S;b?3LEL1Xy74hPMhEx!giE$u
z0|w>{S;#dXzH9qSX4nLZ#ngNtrfFZJ?iFOYPnk=9ueE(PTm2oj1v7I|T>E<V`J1cn
zWe$HkhqB5pdQtPq>HAE*DErQp1?xwU!-&|dLE~EM=x66r8m@Px=dzeNNL**zzMT!3
z4cAP4b<D<|HGg_Im_y-M&e5Uw58lgOWs-%Z!LEJby-NFE+`P8=@!uo;SKl>LdG$>`
zx?mrbUp~5jF}|_+v*?^<DcE{-j@tvtwtD&Do;6>$^m;2-{=JO3luI`MVBsiF*-r1X
ze$P`!{K&%5Wo_(A?ob+A0zLog{^+?-j*$1oe##TBTOEC@429vU=?AX=^u47^EnL~=
zS+2d>dB{x>a+CSKL7H8FKQ5m=#MzEt_Wsrm`FLI_PWh{z<laKjNN-8Z=82ngc#v~J
zITWIdp|wQ07?gv7{hZ0cAinOf`4{%*O}D}5@5+AY;p_wX7frsr!XT&iNa*qNANGtP
zUeS;KwP(y@e24Ejq|qhMy9iMWhx3mtA0DjLJBHsdx8`;7MA^FtS_h3B+xrObmk;j`
zKkQlK_lL)%{P_FapRN62<=*%s&+E+tSH!#w=K(ah(Dy+8yZ6IS@m&j>vxl><F}*&|
zHPGa&44Np<X4xptkBOODz!^$n<k5Q5d&J}g_0wx&#Vd5TB}t6wo5*A%`B;|2uNd(y
zni~bg8_8GkS^NcQ<xg1J5|^X$%FOa{k)S<s)G9wFv)s17-uguTE3^Exp#PaR2g(JR
z<y(UC>xq3*{})lN|1)!Z)LQ!KZK+1eHFu?J6IYz#$8)rqYuj{SAF0h2&Q=olmim?3
zXYDN?QoU~Cu;e=RQMA2quQw#Ju3(tAZgaF@?pZnd`=H|?zBl!!ynhCU4afKsmnPT6
zBORxhoL!r|s)D87x=5tqlnQcRPS4R_rGpQ7Rewfaubu2y&QI=5`OxQkd!>&ylM__$
zHfE#ESlf^G85Yk~iE+dHa^MksJ4#p|tGy~u@Dw!6EzQx-P=_Be=N7-t#7~E&a8qBg
z$MLt!_m(*PW`iGh2~2)dVieMHVEy?AJ!>ShlGUWn1`<d6-oumAWHxfR=SyZOU+=v(
z!H*ovTbtMm<<$4eKj25E1%G$JZ*N3N>hC&ePZm`_GCe3?`h&jvnJ9O@<j2#zXvO{?
zjBbAHl|YwxcC84Xu{hnV^OdN_KVr<i$c*QvdEQRX`n43lk?$Kat#+(zd$}o;N$-Z=
z{&7Aj(di~=JTnXK!M&IqxefEQBd)h_HQ4*N3nvG6)aH<vuI4D#g^+y{rBCV6_qw0`
ztR1V|+V|o8>}!8Yr$M%TS1w!eT-&d+Ih+qkG|gpmOoyg_-O$gvI>hSC0emaR*|D9^
z()mD~kI(JVM(@mSH{{w&PH?o!^sQL`aySp&5ODdC!R7zv4#;kJr#(Z%K<7~J^Bs`?
zN3QQ{GI;3L&)LEHxhhee|N42CU7tRU?o3-hIg>ZGXRh_r`c7W5<%)I4*4~{dRArXi
z_46g}1xojypILr<F#bdfUmfMy)`+iKK6DTlAl=UTxhgTIgf{`R*I#DqC&O#!M(%Tw
zQ@Q5oz&?EPuiR60=b@}mb8__c1>08_z686jtWR9<fuJw$yJ}rgKGGt+?M;7;^rgJu
z+3@(Jlc(M_bA6(pHB))+v-NYP!_TgnZNw||w`S^Ic(#73Y(Jh|GYws@E%7VQ4Xxql
z25WdLc;#9v4@O??TDeMVVd8>**UDAlwUV`Qm-ke{kBkl0LQiYs^i%xEgw)!(%j>4x
z{!RHV@0w%%NO@5Hy@z_nR7}9O9O6x74VqUmHn~xGQgxql3xCJROH{t3es7fA)H=JF
z&u?1y3Xlbzi>R(*DP|mAm{1$uL*U+JS*6yevWU01Ys{VF^_|xk6&Yg;`45b7RK^&w
z_cjK$d>XA5glQ%E49nhcH}nb9W59kmyUIrALHEOXR)75*iyY+KOJ=Njxz^h&UbcI%
zEIB*edgtt?kM3aIV;$~h?r3f?_g5r%-)hD_Z*jHD4Q9vHTeg{df{)p;+`iTMQjNVt
zJJ}<Hu@z3Y{lO38^WBmq|896~J^CT?e}2EO-5EZ^X$7yr<N+Ee*I2f*Ch1g{3pv}l
zWoBH)4-Cw`xe?NQ26@_s@4OW7+0lOC%{Lo8F57VVS>H~x4a2^#_seJS%kTG%H)#Mb
z`9&V>=3U$VaCB?7wcm2d@}mw%Ym>5nT$R{XY1XY*C)+g;T-~}Qxl747V@Uq)>>iwL
zcds3@JP+IMW@s=AJj;m>mp*a-hv#s3A5aG#(%Xg~_B`C|VczFA2QIfbB(2StZC(x}
z=S$&Dc&??(czO)jS<oSjbDBKoskhFsFnjjwDi%7c%gmKsnS-af<mgz(Q=4-w5$fCN
zLh+%QSpO7%Y+k6wlad=}7kVd{y=$KSyiz+}vpu^i`gCApEntqm`gFQKFKT^x8mGQ6
z8jLe3eSeb+uYYV0bbx#^l70LayAn-NGe2b0wc~dP``e=Qt2q(iG-6O=y=cesTs(`$
zx^`%4tmT~lWgY8{V6A69nKx;a8^F+#_$1lwE+25}y%c)}S-|?EHEB!^yYI&qo(Ah5
zh&>+Uuba(W%=Py1cWj%kP~5>5&i{(k*2S>U-ke?XUW{mUD`#cX&;?=ncjs&-f5DKx
zZ;^!SY7P}3OD^_v>GyipobbK(cg+gZ)5RO)l9|srK3e-AoI}stiwEcT>O(l+_MOd#
z@cXX!?n6l0e(S7G4$t3QK7=Eo^B*4M+~P64tr}_j=jRJ}kF1b)$@U`;-VolI8QS*l
zERVNVgLkZCH)D6qt5iN0?qqI9|0U2}w@V(_KdW48zupJu4f;y`&7LEue*rl!Z2hXj
zvg2HR&-FJY$fctGstP?*UO+#3H`(N|<UZ_0>>th8Bgu!MZ{?EFU0D2Cil?q%zSILp
zBlFzkeF^2rXoj|RM`VwuUd#R4+2pA>lRb@MwoP37>hY<#_Sw8|Ur*kgnqqI`nTJK%
z6jSHm*o05nz;Q~DyF)Ozd%<V(c5SnC0eN4v#wouhx*_$3n%>YeZ$^T%;BIwrhw{~2
z2Hef%0o<AQhJO^my(>EZIKPNHF1o9r`z?Z3u+HNQ^MDYn+7lUAUx0pmFRJAIZQ#|r
zaN-B=R&V_%Z^d0pn}4uZ65Qnb*;)(jW!svZH_(0)d^CA{bU&YOGbd<o@Piko-Z=OI
z?~A~#7Q7cy-a*|t$j*$5)7yz&e<0o)*?LHC*NIkN2BwpdEAz%LFm-c&H5#}SxBlii
zrz4-IA*ZJzud|R_y#ZF;h8!EeY!~mmTm#+q&`%vXXqw4Ox`jMQ-36nG!HBJ>zb_Kx
zK^pGu8>MqJ@D%KlZ38>++YvJwd_Nz^tyu%X;Vok2-J76yQ$HqrxTo9#ZsyK1ZIvI%
z{Ekd44gKE1y=LLs0<P?b&3k$B!D{TK@AS;On)P*bWbD@K3dio;#5;hS_GynAY2W=K
z_Ze6xh0hPndyr$ucQlqfZll|OL7CoW+zecLTSjLedf)G4@K3$(M?6Pb9;guh$^*4v
zVvv`p0az=PM@RTuSg!=uhBpIPoecN)zTeM*ryPGwwwzRVQ|8|H(>p$&;GgpD=>Lxx
zUQbw|dC*Nxc)j~4T8-X)?KAPn=oOP+!$yTZS2NE=vnapS!@nqX--br92xmZ{d2<hA
zb>V-}o_{R4^Y%&>$n&InUZI)qyQ15V_g}@|QRy{b7DK+md1*$E@b-<X@HUQF?^TT-
z>+QP;`c@#zf@>7-5xO}ZC%$_>3tP^&2s3gxT?=gT#R#@=4kziX-?=#*pXOKEIlU!3
zr+IT{Jg_{xUiRcqm;({!LIJwE(7at-WOa2dy0;t|HuLSgKu692e#x5VdINe$Ie<-m
zq)Fc5+33?V(FKbrn}c30BhP9jd6A^A&Voh@sB7{ckgMWC<a>c=LES}?7y7K3QgTNP
z^>-G=+FS4)D5tX-+pZHe)L#vcr3VC?=1Y*ru&h#lcQKbteY;Mm{)U3G<6QkN>d)3#
ztP`43vrV~ooa9Bkc#8OS$!9b7uU3!prsc|4bSSh}oouuhoomRI)bzFF)hmzIn-0+x
zHSz!Qi-tw^E&}$_7-vVy0meIRqlV!J^u4P~rg&AWz*TQkG5^}NUiB1=-Wf;tHSzn7
z!s7PgNNnqM*l~{nx2vZ*(!tER(i0*@EA~LQ9n9w|!AE7vxA0`an60(Er*{}R4_+nb
zl-4?}H@sa@RojFP)i*h(YTMA~`X0{rP4F7Nze>)jTD{GxZ*oqV^&0=~tK^(gKTGvZ
z&Z$~*JH+)(tg7iB{r&0@dQYop=faP9ZOx3W+*(dfD)_sW`wiqEBY##|`)h?o?c$aA
zw32#iw<uDwg8JLK=vO(WS8npo)w}i=^7kUnfK45ngG=?wp@DdK7Wv3@j+2_>%<b4F
zY~awm{>~raA9ec7YwDHSd0kV^x-q}Xtlyf~seELginQIvJD&2l?g4J;o}J|U+5_F6
zEGXKl+`@t}%%cSpy|ylRDfkW-e9YVa;QJrJXXkdB-U-7O*L~Cz{ogW=dvl}BVjj<A
zKI?q_@mB4X-!3R#A$j;C^?pLW?_9Z|ln*MkCINp8n(J-nYJDqz2YHsZBYWrTESNd|
z+)I;<z47dL&p#L%xcZyG)6{=9s6SeHK~(>D#|HIBd%o-mSHD{8pZZ@N)IY)1FDeS^
zAL#j_@mt7=Xet_#r?36_O~G8PV~_D-!Kj_($lO)v^={ce8T>vDdP0B0?=k3cv!<iR
z7b;&Lb-Oi3w-@?b;rR~cujcAx?4Z(-cCO;DAAMegwIqA4!_OGH=I}F3%5RT39~kT4
zQ#tERJviWl*_C)9xR<3p=Kp0($4M48*;axryf26{Z?%65`!FU#kKcT!A0KO;`}+xY
z+y?8H>W$aAu}{2C${%I-`R}|uIDb^c(cj`21Fr?(<!}w-_v&|g*4znx<>>QFf7F2Q
z?a{9}M`JG4vG2~ce|+JEKpq^;v-y_7?|MD~O#iNLsKbs~#~Uc(b1dY)aq;nv-*@Mr
zZ!Ub=Y~L=wzoV<hF@8ELN5)U*5eMM>LY0H}3*BtTDz|addHIDHXRv;u%k4N_Ha-)-
z(E7amLI$V7`GqcU^y6I9@J3@@n}=WMd)PaiWtF36&3mq_<zYX@d-V$)Z{hLW-Ge;*
zLKU`6oz-#DYXkX(6hqxAKT?)>@mz5O!|gb%3097Sx$NeUd`*%$=Rf*){7ipY*R$pu
z>;40Nrabk;Gk*y5gqP(U%FWgH>Sy|i?K_*FshTp$p^MiU%=y!Ow%<CdYqx~XpK|$`
zZi3D;{}1WB#KP>>A}33R23B{yS2|y4`);=M2*(8d<@f1y&Wz7L1G@b40nURsyN=p(
zYwc~K=umfV9X^{j_3YVms-8W2?o-d6AE)Zs^W$*6@S3B&lloU2n#NDftKoy!;fFYS
zTm6!k4riRf>hMB4PSX0f^VZ=8r@`s)Zg?phuglpOdFt@6?XmTN-t$2DyLHZe4g3%D
zA?;kq#?1`muij)~bM|LUu(ceU7T+PAS!828jNH?=@!jK7$)!s>kVRK!)_J?GXVd4o
zY=^ZLwxp$7IJV8{xG;^bhejtFn!L}kVDbEHw@Wi=`S{JhYP;ltH=165`i(i4?tFuL
zP<svi=+DrPm@smd^?Ua5e$a8Yh0E#PFdcL0-D9BTpYHE#>l!^G9b;oQ`n>b7U+)_P
zoAEa;z}AgLVnN))75E0(Ck|%K7-wO}{~4_5_C8ry{|=_VAx@^OE#hJo!~N<0@3Ziw
z)x;fSzY{CIq?Nx1`F`nl>3Si|7tNV4Z)6{94KVthv6L%XI^c=>d)9mjKAC*bd8`9r
zePQ%Au}ztJy8-;8tQE6~DV7bX{lCUF^O!ZmBNiB0I?>c)t%yc~dJ*>Gsd}s#re1+P
z+s)Ii`KF~w((+rjqV^;5_YFpOtg!ufA)C{z-4U-!ybf^rH}zPa_c`k=EX`Jr38y*W
zRHK|F?p#zhmA%gy)@dJtzd3pK9(Yupg-6WE;H)}N9!<0ObXa`Cdpf6=B^#o#aOsuV
zM~%#m1*fOm1KT<6ZsGgzHr6l;n_JJq_Y1%FytAo7Z=+@4oNI5fhqhY7<#&?&I6r~2
z2X(hh__{SOWdqr~0WHiS&EN2yL031RQ{TKQzi97SvkW@rYvX0}@ukIT;ioObm#Q<*
zHuOnFoWBq87RUL!Vp4T*UN^<tt+O}z<(cF2+PPCwQ$5))#xLmJ{A=NN@mXiI^55z`
zwLRdjH<HcU$aY@L92WRG7BhF#bY(a;2N`zyBTY7~o*Arc-emdIWn)7ef5Q4*x->8S
zrg|a$mIj~IZ-a&JVh3NAJI!wHq|q`%K6BYh=h%KZKQwQAIvo>3-*vN&sqb#&H(Ne0
z`J*yp5C6;d*Npx&?a^6H?AI!9>b-+*euvlU_Xp;l|7dgP)~v^o{O;Vw?KqlO>aTac
zmbTybTleN^Y0kHebJ3&N!H*5%;MachC-}qnwx#P-`M@>Dl&dsa9?X#lb3$>!ZjLNv
zPK4)3Bz=yo&zvJVpUIpfVZEMR{&+tmw7%Bmlt1c)<gYQqN74WtMHl@a=IhcTZ{HKp
zv;lrecQ>NPobJ}Q;BCbBsd2X(pLbu~-3IMG)ixNNl%5|e`UUKY5#I6AOBMK0qhIi<
zMiY<S3asLT;Q?{QiYb--VE8dLh{;x)n5{b_GJ4So58gIDYU>JK)qfNIsxRr^AfHL_
zdut`RAFQ3y!r6wY1Fge#G?xcM%gZb+lf-F=eoohfX{mARLv~cQanZ9UwsL0Z;G2)^
znR@W}-+`~j!N(rgz-RrsVfZRI*GcGX=L+&zv`ype&RcwZq;ak2kbplY3~5>$<GkGY
zuKSa%qcdcy*Pk)E{rkTuxYdkHUy`xwF7v7~*TVymE&bl*2mk+(|1<X&Mt-8{@*}ws
zy>iKp=AvZB&@@9{_DEj-4|%j5x@bO@b514tWSfr$ZfyRrEI9gUkKo>od9*d4+bT=H
zoB98Xt$lrzx%@S&$v^jA@+PbYhdOX*w)S8z-%Hz%r>tJOh4nyt-b_E%YGAH0Fg{{p
z5V#w%%6ls6-)qh_g5R2nOZL7o%x^ZoWqIS~pD#wSV=k-1#`-&PEK|^Zk_q+@tGx0f
z{f`1e#}My$;Hawiq9-bTBubqth9);AM>ot}MY(A5NI~f$>S4>2Rh~!N^ZB>o(Ifrm
zCLYOtJz3T5MNf!E4m}P$ssdh&ZoiSX`;Z~|*yr2vWAwd-oNDTOiS2tfV_rVg+o-l5
z;M>6_`ZVyCHRqd^+16&=W!WzLKRwZpPp|ZAp+Pw`GQUkIGQWL{-#T=Ebma&AkMOP7
zx7#o3Srewg!HffaG){XIxybBe4((RbCUd?W53K5E)IaZxI+*vPFR#Em{&Hw?1^Bq%
z3;4YYTpsd9oM3+IIMT1Szh&}WcrC@YG<c1u@)H&>^PBMEx5N33Sf^Fyx2}l!t&HC;
zG;sEwyN2<6;kjPeu7lqEOTqU$$~rRO8wY&)Exa}hwiX9l$0)zR!e)LGZ2a~v{#U_f
zeiLl`wwK@j%fJ@Mt!V7+cf8;BY0)+Pw+L_3_1V{PcX=%HLHKArE1^!y{@yO$5!)4?
zR=scL^lEg#LG33}NAjxgGQM>_eaouArg7(x>SHqPTWK3TrFvhqn!PS_G<<d_UWfNz
zrfzk$S%+1hIl>xE><+pU-|uD9MlD^dvDQOJ#Zh^m_Wa4;?pZUs&htmj^V-TrcpLBH
zO|>p!A_RXW^{%vYKD_U7u=~vc?4LHU=Z3}TbqkMT+E#_eFYagjq5;NVY{x&9@g43d
zy!S(A?dR=_#=UK^cWWCHL%fl(cZ(X^dwP!7*{^u#Xq_;11N$XLn*?ntX~W)VWaYcX
zjrY?g*8AIH_uIwj3va%+tq2^%%K>?F+Q7V-6Qa%I_vPlzW6$=_n@UTYcfT6wgg$a&
zVaeo8A~gOz{fvM20OJ?g@n2wk!yCr?zu?W?;Lw*hy}WPJ{DS`pJ8u%mDf)k3fBe2V
zqt9R78Tj#?JiV7bm)Jgka%VccU%U@n9r!Y3HZ_LjV?J=#Wx(B%3+_Smd8Y02<_x$`
z%MEwuVCj9F9pj3OF^*!4@H~blgYNra+xMq3`X2Q@^u3?$`;3gf|8?)b5BFcm(=E9^
zHly#q<m!76JbljgJuai~&iA43M{M5(8GUbjANp>!eee8M`W(8;^c}3<WoH%cj<WZk
z%{f_g`xHM$evry{tDh;36|K1BwB*BoEvzJ-ZrF-DBi_!$)a7gIr#7yQ_4I7;BFT;K
zetDCL%`5Bn9-Mh1KDdsiU&X%B{Kl5pAKqx{*zrc}nk{$KjBl8$z7y}B{!DcHvHsE5
z7Tr<g4c}VAI6H|Cy@|0t&-;wK7;AUol=hX8kt=E=BX+J_dehpSOINHdVXQ@w=++wg
zr~$r3@6NpCEc!fP$)bllA_uJaDmKRJg~QrEyx{W>kBoM%ol!7i=W$;damTP@Z(jTI
zvH1PG19vv_|KCP>e$VcL-KwjY+)LF*^cQP;BExqc#v6oxyLR{;W!?chJC5<@{W9VC
zBci`tTUKzu&RMh_@s$H88?m$NXm4I8_XIW0--rdAp>paU%Xp@ow*x!Tm!_QYOgU{*
z<wsFIC!;-WQst8=zaXPMZBpfxlrOgBiapc#v`LjGC|{D%KW$RwydT)<XSAnHs{BaG
zTQbI{O{)9|%G)yfr%kGS66G5++S4XgemLdZGRCJ(s{Am@cVv{)CRIL>^4%HZ(<W6O
zr#u!3=<n!5n^bu@<>W_7;}308<z<w|ZMowwZBpfjQeKtOKW$RwydBs%C!>Gbq{=5y
zK0l*9ZBpgDXV<yZmd7oBX_G1+Pr0AbKW$RwybsrTyDfL{(<W8UTY{Z!8SQD4Dj!4n
zgBk5<lPc%kxz0@)?P-%LA4U0gTkhbeO{$zc9-aGax#JIQQsulQ*cmHG=MQaC<p)w8
zx8<%qZBpeUDNopPhd*sn<-8%-S(VX0ZBpgLnRlL>(LZfc<-;kzAftcUq{=xT=v<u9
zo;Im+a(Z<(Wt7t<RnEPG&f9JINXviPq{_K}(AknPK5bIv+(qboFrz(fQsvxZ>D-br
zK5bIv#Itv9%jlmrsdD1nJ9lKXr%kFHUqk1<jPYrcD#uUR87U0->-a;PR5^aa&XKm<
z;ZK`XIqOvCxQzC+NtNRl>#PpSUr&gB!*|Z2%`rwlAF%Tmj5)uvhi9&N(~)&T_qen^
z=sfsRe8n$r@^&XiHLcyb|BAIoUt4m=XaChRM)f?_61Uc|mtOC+lIJSNe)kji^x5xr
zvfu5D&t|`SR<PgwGIiXZ@glyp2mQ^;zWd$h{%Q6KozZi%?{|9&3%IMeA93<S*!K?Q
z-pl^@oFaZb_lC!CPo;axy32Y_^s4q8#+k`2-orfyvHxTLt8;+23JWTAP9E%o8`d81
zOu?;Vz2rvSRU*gC#_h|r?=9tC)u_r6$~G4yH~zN3+gR4*Eylkvulpe51KZgQfBu^@
z3GKzpI?8u0MIPQf=M3OE9k@;-e*e@q;52v9x^GE7{7BCS+a6g~w)cn24xQe5%b^cH
z^30*rHxVNq|9Yk0e37^9QQ+n>4E`8$pjkS#@O#YB!tVVW84q7VK--irp|t&Q+Gv~@
z{kXB(LSt>m4-&s*oEhsS>QvdWUcWowiN<=Jx3<`$bw<w%=$<y#N8#fq#K+Qh!Pnnd
znRp#)$9g6-)-!Ib0q_!hLy_D4`KNmax=XMh|M008-=MzbBN1G`pl<83Pff4)yc3$2
z)$TolzhxVL5E;|&syDl5{}bQA&llWxEo?(Z_NDH*K1Q6W@<TwM9g?9j$WNhHMIOzE
zA32~`hKfdb{@cirWJt0!FVeL3+FupiN>Yc7<}M#{1U;=BjjsF(Wv$5353L;GTbtK<
zKp;n5$k7*(qbT;BlO_0zECu%)_Z%j_@T}CmM&!@%xThzg)0=%eE|QE#9`3oytNQ=!
zy?K08^}YXp&P<S*ggq-uO#-$iL0he?Ei?mY4d7A{wb~^Cv?fGrL9s-E1kg4R@Dhw-
zp;rQS$&99T0Sny#sl8FOVo__`dnJfVLfk-*M8$lcud^g4lSu-$_uk&$<M+orX6BsF
z`rhB~&-?TFxNxthZ_(4vfi^uYaNvG`=L=2}?rW&iU0*IesV~vfPo2K5@$_|#+gA_t
zr15pvSM<DAI(_AO`pR|t>Vcj#K9`<ELoPij)+_q(($kkTt~sIcHHI-(@AX?{>Y%Us
z)KJS^n{E2~S%oe8L~9T5yGQx7`sC%)o6mPGpI+l#oku>EdE`@pM?U?da_RF9ybm&8
z$#2PugCAP5;$b%?>Bx$Qk@*j|$2gNBpHQbeSpgkA?3GK2PG5DNzUth*I?|Edmq#vX
zd@ep?$%jAk-YXwY=f7|^2ArL;d=L&#K|U-1S6#`6TY2Y|57i#|AU)%i51&#l?3JEz
z<-)HA*mB_}2gZ^MH@PtG$UmL%xsp2F@v4hYS1xRH`kLwKYo^;*5BSvhTztmj&lws^
zH~jgtO*Vdizp|Y_f5UH^KmFkrWPb-6VmGmM<p0-^XAQN#n7^WL*$nm!k8eQ!H(qWm
z^y+{^euKNy+jYQIX6VsT$z|(5+Uu(t?6D`>^+0lt;qdEU9X;U1^Uf~#wZ)bHe#e$z
zPiG@M@5=vX$$w;jqjbRSmJaBE>s$x^M}dWSSGYdfa&o-eU+{JMn+8nWJ`Y9p8IAMd
zPM?4A^!XRJ&mM4oggP$HWAX5dycf<39T|K!|HZ=>fLB*OpNx*rV?K@GcqKS?b^M_y
z9LLi0%fW9~e7uTxVQ@oxl>z8M`aT!CQFsoc@3YOMCRg8QIr_dUehv;)K2>OYG~64(
zwWaT4;Q9~!ZN4t?z`ewUdk=hFMV*uBGaA=Fcl!LMr_XP?efEIs?^DOcbu9kAhWFj^
z_b;rqg~Z4oSG4o@ZhoH>e<Qy?4S)N);qL*wlRo~R<nId|_<sy6T>k#J`Q-RJRq*{3
z{GH?Ux!=?0ez(saaQ-26T%5<^@BiYxm%m5zU;KSBcs*tQ2FIt$-xbew&EG%f-Tx+k
zKhw|V@1-8NFLmMG1AqURI-iEWf9dpjt*6gx-9CH3bt!dRT*u<?*}U(LzaMwj2L4pu
z&fk0Z-4lPWbM^P?)iYYti36OZ4*$BN!{fnoS2{eMcU|$gY&AC~;I+A<b$GzfxuprA
zlGajR__%Z_y1Q|oxv;ggv;Mx+fq$F_{&6n+d%$@*bprGgq`#HY-}GncZu+w91^SDY
z=jS>7H2`~8o-`bH<Vg?s_IvOhi?`pPO)qbM#li2D;Phm9yPSE*N0;uF-Y$1=EFZn$
zB=q;)f9jgQAL3n4{4G08_IQu_I~XdF{`SIMIJR_m3_QQs*XHe&9=NY`;obwDe@dNT
z5B){sdArl!cRl@m*X^$dJg=ZmcYJ*V@4MscozA-4%Rg-A>lgXmRZK=Ud5U=Y*@rBj
zi&&jylY8xPZ%l7U7dRfrbFZHzf7y-06m;O-u46B*4g7(_w@%!pgUvnLfo-Y>wy7>`
zd%)!v1-ouyJkfZ((CO=AVCwSg#~+*=ziNCg9%J$AhqUSC*BK7p=7Ou({OUO~j(BWa
zEKPVD3(iK!Pw5zsm5uG<PI0scpY>Ix;6J%>G&dgmEYF3z#~t5ExC2hgM{Fu{c+!ob
zxi+;GgLTdW>n;YdOECyf9QH^bn-_oXz*O;$pW8596BX}RL%d^+H{S7tV0L%6ao9E9
zc*kFyzE*kqTIKfDkq_;@Jn;^V&&6LX{koF(ifhz3@hdmRQRl=*U-@_2w))@)?R@w?
zzkB4v)hEY?<G@)gU+LQpF6AF7uKrKtLko{?oTJQv?Pv$K@_k3Uu<gi)o$&ZI>h!>e
z79QO=$8}C$Lp*&Aar^24j~btg$5?!rrm=W@-tRehD+gDn#D~J$N%G-S&&1}#_j&$5
z#fJkNm_EsTCELV@Pad;mTaSELPn}cYL+*OB)?Ol>z9Md4J>XB{bMY684{Lbe9Up%D
zW1A0?JbXA%eCY3bo$D&;L;0|rUF)uMHSRMOde^!RjcAvxS30)s<={{2UD5J&se{*T
z9-egNYgcxyca5tKKk_N$v%B_Wt#h%)71mnUL2Iq6gN*%=1Mf>b@V>-_cMrT-L>;$3
z#YfyeBU<nB^og$QAZr&neV*&-^IW&j9&mgSbzB_B;?XbgUN|mvWa|$doNm0+e%^WQ
zsk5%MVp8&1!Kte&4@KcLT3_zp6Pr&5f=|nqg$5LhlHOD-O0u>Qy{TAKSGKHIZ+d-3
zFPy``*;>bpfm`nQuz2Y&z`*6(zZ^X|zCA*nlj$=Wx4oP`f9>h>*KVIZ;Pyr8xVVkQ
zzuS1<9sl;>y<!w+fNSAdzccx5-v#J7n{f*Fe<l)tCI9QZvy94Wqj^lG5qh+S{XF%4
zV>)qW_86Ia(mC(%EY|NC%NOI>C!alV=QShOb8m?moSwZnVJJCaYqA&jxqRBDgvx1G
z7j4Tojp9S=HV(-)<EJaXIek}lQ!#7%SEU+N8V~JO-s%hN*+1EMWHWgO`>!z$m-D{v
zw)D%(Q;cz%bKPWezu#W8R{J4pHZWgb=+S$Z8DXvK2#0DT-AuIh1s2g(?o#8hpE2e%
z-oExN-c?Y)oHGooeDM{l$OU_wv-QgEEUm4j+^VHUWx<`fwZ(kTVvnizAXU?UFgY}?
z)E8)4!5B92e4|f$iR?4*tg~FPA(ii{wcV$B8C9)QbVjj{HFiI1{&C?G%Yo;44m`hR
z!SitsJohx5=fLw~7oMR<<GD8tc>XOWJSX)LJULF&Xo>~TaV|XR^HktDGZs8)qf2=5
z?w<$G^MRLhH{+CccrN%Cfahx|4t<^?JdJ-rcxDQoe)|mVwzF70{C+IasJxl^rWnZ<
zA3gyeiZ^@W#V6PQ>+#|nab55tx<<0?7~eO3in*?gHCNi|l23T|-_0ivp2S?g_$lUk
z>A&Dyzo)r&L&N`w&dRawLFid$MUvZf)&lfQ!<&m9-GPpH6@J+<$ktmm(pz6O#_5cQ
z8qOCDo>;OEy|*>x*pjt7KUlJ_`A67?=&yUa(_frtZt1U<Qd@t~j-|ii(O=k0(qDIR
z$IrigHZ-o5vfuq(Zgw%boiX*-SB-6s{@UJ^{u&Hyt^JQL53WqT3fthnNtd<3xd&Z#
zrweCf@27?H{juOodmZ@I3uoR{{L|nZTd(c#x5N2&SN`wAdE`F<&gcIN!udK6oaYG6
z-N+5;zAZ^cRWiEI<!2xHvC@Ah%hUc?FreKoX^nUPJX(uwlb+#$!SJqV&7%`*{y`W#
zabFC%7Ofw>{3iYQ-^_0ZeeL{q;EFEz%>#q$|3Mfm{TGD6W)BRi1%u`0^Y}|APJG1r
zUb^y2<M3B{S^i33SoJ0E>wNfDBiu?(X+5ynMb7W5>{XZD^lZSWY8XL|59a}FAujzm
zdMuv3LdrD_>>7UhRm8}vzLQ(29L59aN7Yx|9d14HOjPy&`*&Z(Z`$cwvEKMh%_TSf
zhxSu9k7dm)rxksAoH6*wAy;1woLdo~4?QnD(K@rnms-(?j%6?W_(o#(S)VZm9U^Bo
zi#_BGAC^9*x~f<BN$)WYj5FO#ZF+#aD;m^y(b#dv6O5MsqI@G|rqXscZR?DoDT+NX
z-uQ*-muGQrklH6kHD2))%~xe~KEBCW`R=?{FfZj~Hqv%(QP#Ky+EzdH%Xd!r;HvY1
zZ>Xg(p0iGTWfPBHO5XKHlf%TVPJjc;chnwwa@LbHUdbE9XX-Uh=tzG0*rop%zGk^_
zkAbhQaK+(jHjXup7`XENAH~(_|4q2svd+fUGiBgvw|uP5dE4TtdVkqOcYRKA`8K}d
z_wnAqd=7j??CS;Mf?mF|@U$|gou?=-o;u{#A=kIwzjLCCEAf<g>%KpB!Bh0pEl;s_
z7?Y={XYmwcY~v~Vws?v?3>HsOrV~#w-VQuP`xZ~pP6wWH=Cy@+Sv*DC7EjT3gXXw=
z7d&+VIq_be`YL-F+Vjub_=$0}@e_5YJ2;vn9CaiA3}TzE4D3f8&aK&N%-cOtF{XNW
zTR2>XJmijmoY#Qw#u>(TVq=xFkUf@+<oAD)f7IXym)s383cuoU-;&NU@=;$qKB=R+
ze{$<tGRu~cE-ob_pXmyp^wkNU@oh44d!xS#d{WQCC*y3xr}{1#yA67@@kyCZ_+-2m
zK7*Ew+)l2kjZfO?fKO*$_c1REpOT>^S=$<DTXI=6donUou}|T3$qd#^7*88sY2(Fv
zZQgsk^yKk+A9cFJ>vy}r>vvrI#K5b?qcL!LwOdDUb!4d*r&s+S#p#HD5>A6La9ZHt
zbfIwCg*+9XiWenU&xpn+@}j<XJD+~|q{F9EJbcRUBjge_Oo30)bMWb2FP~cYd^On4
zqm&nqzV6nsWMDgwik2mF57JjmJBEI`<<Ti!@F?{x9<_9_W5=j(@hJA0C37j$iANc4
z2Ogz;OXku}2Of3ir93)|M<tWRqqME{wff%T(e7og%b)jN27fY^HvXjk+xOV~*$Z5{
zXVb7(&$@T}1h|iWcEvj`&bz+rFTh^8qyD(aM}B`qeH~|y6MK`!4#SQs_X8vLo~E0=
zrsQ*%tq=Q#?a98HJ%_9(X>Fn0H>@IHChrMcZ9Jd8$#|rkeW={SQTY-wy%D)I1Ua*a
zbEMSH9QL3Vao(5PRzz(Pj~Ua;czzn^i{;biaJA`As)+ZMt+m=UQ}(b9vPUp}fIX;1
zoN=div;Adj8(ZH!vfmeM3gBDn-lnIxKTYRfW@+y}YZB?-G7e|4#?i=F#`Ek<#&R2D
z<GiS*5NjD}Cil?rt^Zg1Q!9e(5#2(rSG|8Q=im%wPhe8y=09+^8RN<HCs(}6{cBn~
zxs5TXj>-P|W0X;y5cS<U-=Plk9AEAOF6OX`u<|iV(l0M!y(5qNiq4=7&Xa1<?@WFV
zX0Gb9nLaN7zaN5wU(x0P<YK*l2;)eNTtJ)OppSaW*!RFCMM6CLu|IjwGGMzCJGz1L
z1&lRdrdF8TQ8teEiZ|<gt$N;lo3^w3p+{Fx2K>^0u%hS?=l_^G7fWZpc7MlSu77CL
zY~YpWA6AiW4s8nZI}5nzcM-P!)()^sj+{aNzw)J4+)jU0z(RKdiM9oo+jVaf^D#JI
zOk)*n(<uMKvDU4R;7e#c7q{B9{#CwD-2Q9s{4=@x&&PgCKWiM0kL5Qivn*O+9Ss_l
zUEyahZ#nS)(BB(+K8<^bdO_21krwFtm}nb(+y@;<2i^xRv!JC0Xi0I$LgtZYBv*vH
zp`|ZFOR786!rRcu%T=7|@8GQ7Kg_{TYUJhJzN*K7Nts0(!ee4&AJ4}7Q}zt^+c<+S
zDuNaq5-W7)-5%cWaB&7q4%2oaILr1YR%mT*#StUCu{e92d>`rh=KLwZWHPYP9a4X^
z&Z*G)S<5G^tHReSm@DTYRmvyRn1j{2_s`dq122y><M&K6{S~FAziHZ1ofjBiF^BU!
z^Z7p#Uopq<R}^!8=vmle#qj7V)4%89Ap1tSx2%-&BsfcK=DYrWk-aDK$6ZG3G~G9_
zcoOS+?}6uyoNW;TmWRy&73aR1Kkm_@?~NO9n(=(DZ%}cD%7EiTw4*US&D~-7@NJ$M
z*mG?l^r2yH{F{C5O~<pPN<+pY!tZRx_P*a|;j;AW#^D<1yU<zNyxBCi_M^>0?%PhW
z);Cik-vfqq_|<oN;={s=;B<iXPvPZ8;J$J0dBC;fS-&dtGhi8g=2jN4m8{Id-_2s5
zafY#TV!L13v5hf%Lt*c_Pa*4{ie+nkR`>aO*J3YVtTl}FR>mqGRUc14tKtXyY|r+#
zL%V%RdcGva_{f>WKaxE6b2g_9tB0B6Yu0m}^QC#CU#ah%^8)sQ|4+>|{uJig%bDvG
zYpyZQ614E4xtfu3Xg(R5SByjS6?j2+efpXnhyDWhEL&g0d54N=yblfRn*056!m(&z
zA@FISjKNtfR!qb{I+8)$LTwmE*;+T&e;nJ>y{|1mzj^d0devF9y{ZJi&UZAb+))c3
zHZJO@lfoEN8Dpz2v8e_c7Tu=49182d<mt=4#EL4$x@+#ujM2u|rHm0-zvX6VLgh?&
zNn?{-Re1y1;*QgMubkxPNBCQ@<fq1V%<s<;orvCaw`L*Z8{)w4HuQJCKc(pb&S0q0
znW@lx9Xd5&4ngK7HBBZTGY=Ub#0JRycjJ*7&SF@|`2J2A>-=|geh@wXWn@U9->x$p
z9#)-0X4%>VbEu=^6Pk7-yB8vpUHx9_4>r}nBSjx|uiN`F|L@c1WX8D(Se~x`w4?t8
z^mTxHU^9%Qiqa>Pqu8!<i|%e+cbqv#-?3UmIn`C(g6@#D^proPVh+zszv1Xq<ns#Z
zXCa?;A8R4}T2EPcE60i#P*!$;<|#Ss+5n;_>HpTbS>RRt*HM;#WYL!^%M&9NCu}`<
z2jAV|(W3{2M?d?@3+ew@lnxY+2*1LS#v*vTI&fo~4rI*T=)f;II&g@k1BXOXfx}1i
zDZ8cJMoEpN0)s4Q(nritHcDZezDu_BU4Pzh^ys_Mw37!sZ+GC?6KryUiRc&p89P<+
zO2!aOHpa>J4#1B(3s-0RahB|O#UEqom3&99OomQey^{Y;<M3vU*U>ANqgO;@h2*`s
zdgX6xJL?s%PI-A(*E(gOg-iQvDtG+3ad}OX;d|+8o!t@O{I_(|Y{Gt=sks=YS>c|~
zaT@h)U#=&+-VZ<9d@b9j4mb^kuS@;OO@7W~`A>LMXD!?gkL%eS&S8OOTV$6{fL~Ym
zhhlrf<BaS3&~Y~SJ|w%{9LDqbrV+@5EaU<7taB%mNMhQOb(%3&yf~ZoGO^9a32xAs
z;uLLk<`1CnvD4sd#i0Y|uIps8k8@}&&7!fi$P(b)0)Ay@+P3jv<aTmo32^?BKN;J2
z2zo8W(rYC=Q~wtKV*7>|yX?%Hg%g*5dHy5X3_x$<-7IMH`)?TGG{!60q52t&vB5XA
z;($+fZc5WrzNCubWmkTffh-wQdGGpS+N<ZC+wb-K7ta@V!SlMi@?`C8$%a)Q+q{1#
z-?HbP0)L_pon0om|A1j^6-~!u*IEBtTe07KO-1O1py{iK$EF);hQ_~z?s*&h|3W!f
zX20TkXlhk2<M2|-v6gP#akvYArjd1UV)Yhoje)Km*0t>|+CAovLwDG|qjX0ezN2(U
z9`f@6XiU0yDE4L%vfuR`XIsAG5PX%Pw(p4ED2MhWlSGq)!GZLS+E@;ai6-54=Bgcs
zKBwVd$#0ZR=;{-zP3Y708+YT^d3DN0bV?rO%ke>0^q^M;iWV4CsXximD>|QDw4wik
zp%353qA^!Tm_sYx*y*d9={L51hO(}2_Z(;U#?mv-Q8o`A^FdoXX-~Q)=(qJvCT;x(
z@7w4Vee*W$WObo$KBlZ_uiOVr%^|0xb2|DDi4mO*Bl>%jZ>^`CxcxWb7VL-Sd`~_e
zzL)Ut+6|H~0c1fr^86{_t9U>m`kb?5EB^{k2hdI-cnpBM!N`_eVE8J!UB3Pb-{3v6
z|K-2$MrPdV(Mh?;ibC4UvT&8u6j)l-Nmh(SRwUBC`l^B_B-7M}d~^F;Tibpr1xEYl
zjvB`}#+SoO<;Zt<pW|_iB+hwm(HK)Ld6OEM4Xj-|S$BzFOWj;ob|7a~^1cCE{gzj4
zTRpval%vn>T!rTR$-qpu;**YFmKeDkcnX#uUT@;Nb%bRudPsVEvuq&7cOT<RX`QsM
z4%kVb6<!kx3w8lux8G+rJ+*A<`W)gMxmO#9r{e3t$Im}a*|AH>tU{(%!(*-B;sA8D
z09dpTZ)1*?_rafELN6+QrE>K=E27Njn2+p%Gx(ODl?E<9qz-3ASB|HApcH$$m+^=n
znJ7L`n|fXdpQ=5*TShys4om}HA98l}c+T%{pp5`|Hig_TeG9r>>zT4?$J5t%&e^SV
z@No3fcG!J*y?oks*qsmTvXR%Z%H*w;-QB&7>!nlSJ_Q-|HwU&wz*aKlOTcg{_KK_X
z{*Jtt&a-3=_O5i^6!6nPeaQvQ;|1Nd5oiDZ9RDRBTs@cX=(#*-x0K(3b2oIN-Do}c
z2hKH?p0jOI#iCNtX(^FE>`*MqvM((ix0C<*ZS<HLd4qcGx@>60?dUT36dI3Xms<5m
zu(ISt9dld3JfiK=jykG)+jKu?d$=*jEM!3)?aA+wtlkZsWIMJ@mSxNMth2~;E_J~4
z!RvnDv3z|ddg@jDG1)e6;D0`6wb_1FuVhRXw5WCi)Y*;9Q2UAK6zRhA9NR2FA3?pR
zU)f8!lsS(wD9SC=!#*&9WdIl?M&<zn$v5xW&5v09cJ?hbFPC=O=a<y99KUC5hxsKn
z9YjuzwdR*(%`chx?ZD5Me%kSE+or4$trG*d!Wnms$ELgh9M&OI7I^&s1K>$xm8~;{
zahJ{=O`O8cQSthsDpSTB^j#7IhN9U-#%sgT*Th^b-%&IYcm~-5yjEZjNDmeGd=;6)
zj6uSS=tXj&p14lHNZiA@X@_MScwrYEGmtEk43SOkp23!T5;k=&Xa3$;jU!KTgg4E<
zt2oUBYt9|-5Y)bxddvRxS+Rkes1J^Kru*S+zu$Yt{m2uY;~%0wJC0&TYJj2qcERv&
z^o#{NeD=HX(?yfX#1}^MyAGSsBqpY@YuvNwcPp_4VqaSX%Vcafjlmmxv3-;7^sIq@
zZsthG4yJ!}(Y$+*L6d;7;_cG0@=?maW9x|&OUI@(?SfzSf7N)zK(F58kxl!N{aL)L
zqm8!M`RIE)$tUU7fM_IW3=9lTA5`u$#wYP#u~VJV=IYCPIrH1rmnp=ujmUk!_r#x>
z>+gBr0Bzrg{HKkUtlm0PCoNKr-mUQsu1IuzG_QQ`s6Ue;yIZ=}pVFPXbpIT>Q#2<(
z*TNUDlALe!2XdrGCF^sL_16HOX~=rnkLa$Mvh8Jyj6}{)<CAYDG>woC4bCO&g}1I`
zyVfTH=MqDWT6c(+?H2=sShD?MVC9wNH&ZT%omT>^ihvdRxx*N|afT(-mEG5sJa3OP
zbgf%&1g`Qg!t^7Vs(3NFVXJHe#f(`G+ah_I0exflZV8%(bvL9DhaG2T7SEF0Pz(&Z
zw&^%_49u1V&V519@e1sd6~JC`qb&5Q?6;S}m1`>o!P7YKl#Z>aIFsT<<-W8w+kUxY
zD+ZhxemXk#RmuMzY{hzX>Y=+@*QKLBMXS4zd9oP|@Gp8k$U8lk?Kr@p+lAnw5L}c4
zqi*a><Wy2*uxLMqohcfUohcdZ%5ZO-PS4{l8t)kU4p=hC%4ZrI1UG7@2)iqn_<$ey
z0h=xPamFLE_40r#`-&>E$-7d_1Ns@SbvVh5Wa`QWl-(kqJiRD$+$_c;`**>gL*X#{
zk%Z?l=*{8yB=T*_Xv;KGDjxnFcfvqtVPDD~!61t@E#NWU9*fbkac;I_|F*}dMGKnK
z-#EjfD?8zV7<PheOs}0F8^MPzm5uNNWb_}c_Bz7Imi4A3=Z`Vg8pbM_kPcjG7;gcx
zPBvdP^H;pIo<1I5Mr@uq>g;9ru3x6O0=T=4x@Fj{dfvc3D<gB`HPLcfviqlu;p}Oe
zSNokNHlE@l!U1=fJW`Epw)L&qG=<;N5lN2S5@ZZ2Q^vS#+r?}eq2JgK!oeuYZM4Q#
zwSF^WQ~c)ue)bG!e0tYDKH17oSbj#S1)I)xjJqZvU;VhVCh#C_)p_8Q#khC2jhT3m
zHRjZ&RN^zz69LA&)6yBTwRo@J&`~b&y|I*OwZ^;78L#3ZNs-Sv<JG(N@y4=WQX*gT
z(1~Cvyq!v1EM(Ph$A@eX*?l^5;CqbYRqMajeZ+q@%%*<ab<Ez?`vH8WR7dX%hX<jZ
z_mPS9*h$UAbOL?@doQsm9(a6!POI~!?%D54Yw}?yS+TtTwAUbJ6JzlqBfY#Y`@~&O
zxCdMW%)~wNrJf)+Q?X>>yWm8tMVqoEgvY0Ti~ag>>!_W=iPQHq+CIR#nwK66f#KYr
zgu)4Y_ks46Gn19PeEmvu<@yR>OKg<0=52YBK)GV%2|2zqOPS-%(BCvO&cboN*{f;h
zxp!Lhxa^B}Tlmd@9!)c@;ujhV{8H*mYMO<-z)s8&e+7)PLB{BEc&D8<cj~^QKIc|`
z;SKRkXBxHm)i9e1kn7TES&X|;vIh8P!50~xb+#P($YIQ0St@%t!I@_!_ukBAo`S8`
z{ztJ6q}W6uxO4q}#RurC()II;nM)ydfaIoRVmf;13E;8uQTC#+Z?k+Ewh%hrjR9Z1
z+O>I-;3*^W4eG;BkKXc%9TR9p2Skt0#kHRQ+i@EXY(iu`*GJy4-?~o=UEJdO9Ez)C
zp$A2G*^FH_h;&F5_rpn#xnrL|-<s!2@`Mx6Vbh4~=}v)Cd{*fQ#SMyprF55Mw&El1
zI*Z~id9+P@0UC)NV~Mt9hA?-{*^aTak7J1F0lhhy_W^8}u3!<Z_b#$v5u10H(q=5)
z^;^7a$I(UWb<9ulHXXW^UMYgU#eaoyiXX-`Nv{+^M*%Yqe(i-n8dnhqT}!WwIo_Ij
zjx~m^ZE)9q2_PqB6S{WzC?j>xEM%o@aM{F#*x-V%;x$3p;pX6`QAWz1S<q7YB;%0`
zY#ld7p!n8t;FZTa*~HmyOmg&(V%n3^8y|r8;n+l4+u8-aW-!mX-`HzgZoK?a&Ow%}
zu<@fcU&RrUB9Br|b*0;7GaAsz0lpvNIX=bV0*i-JBY&p8@OP_Y_hd7+7oq3<==nl;
zQ?PbzfEx0wWlvc4HMCj7xyyyXN9$%?+w+N$=RRn+3j*K|8g%f7z64hRquq{S-s9c%
z59v#-ji482W*UJ#9}ypKdk21H*O+kzu{Znf4%ha`>p&xZi$<n8G?Hhv>9=TPszoDy
zXe6#_II#o&xp!DJ@<2;#s?LV#Io1@1Jg{Tp&G2tI^OEgVgHG5@oLjt{f_#07T$pT~
z0k1U{aJiH?ntV9!xWgw(YntPUeXG1;RO~%{-l~WERlO&uR|EdCvC(|WrAMwD#6Ecq
zJ@h(s^#(Y96Wm|QS?;;CeLH(Z_9Lrh4-Lk~D?>Ku|7{6r6+xca^rE#Cn_f<X_d*Ft
z6_XNDh|>&?`1pT@+5z9HcK|*00e#5E%=f2SIYNaAS}#epa)k1zr{6{3(~fDmZKp)u
zh2~!NrBxh{SB_B1o)6k`gi`h#j}KH7GA1L)+D*{z`yk~lnay)|e6R4V2zo51J~?AC
zV_K!RXKl0PaQE@7bHMGk3tQLyiqGSGw({A+NBHh8|EQt$%_Bk6ww+~jJOF>MU`*Z|
zq-IYJQW3nf4m?N>uWOUT2aoI^pREBnb;?14M$(hXXJgM}7#f*?PhQ@-WFLIDrA#`N
zeTFCUTGtJOm&=YX+4mS{9BVyx8}IG)Sm81)vJO~1CY@)&&(29&%QHJCDa~5b2vEO>
zwGqVuGlGd0>{n1md$(NKu!r``kqvEmN$(ip(%ZAQMX%R(Tvten>^s)Ft^j!E^Z7O(
z`J5{xvpE;)q;izFuV=ZFqck15zwzjjeRlzm9HVc=gXC%y4>X>?h&$V!HT&*)*UD4s
zZ{;by<L@7N@7erqm+i{m=FL;u;p8bjuRNt?`P<eOeQ(=<LC9-g$2=w3Gfz`y8trSH
zLitL{Rni$$UF9oj?^~%6uyWEiGgfzPxpaUhXNi5Sj}Zs7{9Rz6y{#*J?R#4%0p~jG
z32!`1_;X|IvImEQn~k@f2kfK$uB6EKfwxN^3!o1Zm}faM(6y%m0fYOS%O=WK8;-B9
z7^%s8qhosLKFf~IXZ)h^a%8V!ndQtuaWHqUpK=7<eY#UUbLr>I<sM?2<@nKR!@hUW
zw#VQ5HTQYOn8Q~+b2y(l?ER|vv7_(j`ZnHtr+V7!Dc|WX;>{-mkKb8#b!U4u04!Y}
z0eFl}28Xgg#Mf@#k#de6ho%C@mh7v;XYk}6A(QO*;C9B^KpDfyJ+g9Np)~{gQd^3v
zxITkyT-SzF|9SLl#a_@^udnRcm#OoNQ+lWdJc|C@@rIE<SHV}0`%){?7_(xVo92GM
zZLD`O)}7GcapYGz^4`rslI~X>VxN07Zg;$1JFlzUC~y9em4D0_<*RG%x1tO8`^X>0
zCy>pXg)Wtz%)*|MtvZMCE@UiEP-YXfr~IBmXPwbRSGwh9Q%?4d4>@h?$P{#BDmpUV
z(vifqtF%t6IFP>8UKy}46H+TO0!bC;GjD_6^2uaJjpM)cj@pzAi(W@bZ__!puj_?_
z`oHIB>$=ZC%fl>s?t1M?d8QwsUkd$pj;nkmD=tajZf=jOTio29?>oAsJzjb6$VTG5
z<(6)V%I%5LEy`~#M7QL{8Cwg`1sR;Rt(;_Am$<q+EfUB4?cAPry)m^-ZxH`RXMeOE
z+2qk16KSguy>XjkQ%38H=-j6Zff4d+jr7|E$gbxvfdBc3?nTE_p@Rm-7QDb1XD&9f
z#RrO?Wb-_T{pUW5mKTy$`HpN}=8?_$NuInP<QlZU)w1V-r(|=HN1pwSGm7h?WV2T;
z|5kJFLM{*V%&R~1+Q6J#8&z|IC)?v5$ds7*K*9EWARp~@#aoK^*s|Ns?HAm{TjHrH
z#J9yuqIs9k9<Y6HD+frnCU&K@9@-QCyot^EIC)9%QPK<OXw9LGFX1EEwJu*NH#mS@
zDBfDZ84l^hl4^Xxis5Bfe3)E$&-x4_SWyW49DcL>mTUR{kMP^}_gmLZ0?r{mvOAt)
ze6l-EDwifmE)BLvF>>)N&Ut;?pAdNmyZ$-u^V?|lFRo{PwF8}e8q1!KZ}R5T$WGAO
zaeGcp*FNS4{`Pzt$wGM6@g2YycBN!?8oof#-<|J}+H}ytqg&qf9jtne@1XqS8st~D
zkrw4UNG_&Xa`CU^+?F5@#Rnyp%x}+y(R0P-HGiL(X8Dv^;MBI+vFo?l_IidTH&ZOR
zd5CAiqvH5o+3UG&va@~7qT^Z+cL0FTXU}h4_Y5D`Ug2Cn?ke|LF%<EU8$)>$IEwBi
zi?W%sANqIczR;s9a*d>>Wzgmvbj~tj;gZv@p&wp{hvY|nf}g3JpasC8%E>cP9)#^P
zX-%=WMXTGH<Br=#ZKLfDc_z|l?eYJ~VedWg>zPMaxgnBQxyUQY{^81JqTTz%$K;2U
z!@ttKG4n%2i_qm%{08NRtfZ`)ACdumv;q&U8MNhxFt2fbJ3mD8RDMVUe!OH~m~yPu
zY&Eb6HgJZs<?B2D*YRKWTwBfv?R=V?k(+?qZQQ}G`1+%?`B#3ce{b%HZ1I!H7uj~C
zU3WYV&%1i$F@CQ@c6;LzZm!AWD_T>>S$ODZUq;hXIk1;MFB-DoaHX9;V#~{9OI}Wf
zj>KE-_J(}&<TiVw7+O+{ag>iWOWL~?m|6A?^t3Zxv2&Z2avXk9TPr9RZD;Ji&Gl_N
z+W)6n^RQ!MS&qK6V`ENkhND-qthh%Pxf#ekH#Z{-8@Ldddhgy9Tx5^gYaCIz8MJ@i
z$>e4PJLYD*^DD&<JLYCgqu)PIv2~oz8}P<TH8+>f>wu3vM{+S(FC5chj!8{Z^vsIw
zwC88Iev5px9Vwn14fOv#j{bN3nWxbIsqj)gI_qygwAZs2cycv%5y#Njm8<bv=23dv
zX#BERYaNM^Wagx@{XBHq2im;PnrFxSmj>pQ$XskVcb&UY4UZPY+c^6P{fnO5ybbA~
zlgZt1WsUe*wviq4G$XmEU>n^HZ0cg$M(BXVND*V}$~JoXa67NoLBlgGcyyoFaUJb-
zm)EiVB=S03-%WWPu0OO7-$(jWJ{;#w?YolyHRNcT#1UNIZ5n;QgzuI?ZpY3~y#888
zev}Q`SwGo19m22V2{D#=lh9B1AXg+?v`$-&Y*8FpzRV8t{&pc(hVxGSA4IRc#>e(y
z(j)I6Q_9f|HMA$+Tsa%^&t*TBBUi%6(iOyKb#7ZZGA0q5Sw6Q{4|TOJbAUDGLfRHR
zxch8mN4hdl`bX>aUYk)eu&#p)l+TsYHr^)~ui7kRyk4KBKE8b)#Ve0@Z}+vf$-mBg
z_T*$wUIYB&<~1l@p}d9_;4>HeW`o~s@EhcRycw*R27ZalKA&%zR&GNEykq&;ZTStI
z^@GhPc5Xu*^XbagaA71{V|bUgMtbCS2R7xjCEeiK8@IOE8`eH9%ci;q80|j^d*g$v
zv=+D9S|?rtY@+=l$#dBl!pBMF8N|26=eOe<b<8th%x!rFC7IiL%rl@ZGmug-m$?)|
z6J6#R+?MUcay#;uWa-ZL*gs;;E4JR#noxEJo#3<L{T*@*(0OjI!6(R#2Wc}JPTpLD
zuQJ{m#%rxzM&}v;gYI$-a;Zy<p~qZ<m5gDKHLv#dF&kGWk!!$wgV6ga<r?5yD%T*@
z8DCeq2G?4!=^Phx<8j_xgO9hKLaqUD3oz!B&NT?yxdu)2A$XoluEA()>|N}^acCsq
ztTV~>Rb0XF_}rhh>bK)V`qIrc*u^+rwf=X^HTcU(<Qn8D*MR<ATTMA3=V2q(qt}~R
z6VZCVrOU}T$l;xvZ=h$fat?;~oO7_<%{kcY<Q&|?_&HUnL(V}J&vq*3K)CUaf%f-z
zlXq|fbLoqoQ0_rF=UGME+ykC}>f8hHU<TtVZemRMo+p)iP|f|j$~_qHip|enU2O3#
zc?Uc3i6ncnk%JA$z-)XWH%?wi%&LHMr_P2hbI=_(;x~?D4rej9T;_JYS-!rCxz(Tp
z6_;!TH}b3G??wBEqZzmSL#>&O`f(_{3_mPD`3`vrz}fWyvMFDPZAo4NSGgET@=s+C
zl(W`Pu81XLT%T5Q(Cf2aMn0LIMeF%bLcl>EPyUjZh6m7REE?Y4)0#Ul>2}Q>yt!-c
zzi4hvz5HE`p|cE;d~<cGd<@wKvNy6=Yu}HZlmxvi-g_^$kmMV9Yq|9m+g8e^jPf0{
zXKNJYW;r&~=PbKPd#O{fon(t7S++<uxx<Q;N?$#}nkF)2<^kZH!Cd~h#aHzdcGEHN
z)r#&Bebhl4-L8EzR>eSK+5XiQ%-iKop5s4hJ=<FI4z%l3=GEnz_r2C0LVJB%vMC)M
zYZCK3sWop0M|qZfi?Qa7Pv)+9ANr8J`kW)uRcu1Gp!A{6j!9q4c@jaRB^j8l2TtYC
z=~QAA`F>;m82F>kXH+QvVK#o4a!1nHyTY@X4cMy9&}bml7-#PxO#?^Tvy&S6!DGIv
z^y0DOWWTB%Gr4NL=vjLrmJ<Vt<;PobVDfYZTW0_aj@)#IozIy??D_kSzjplN)~!0{
zPHojPKjBsMUq~)P0e!8dj%@76jo6SGKb{f(ef4}|%{l2tuy`5t;p`{K*$K@w<^E_!
zeDJ9u({KLy{HdFQL(|QK;s9sh1a|eStfB0*UB*E2mB!~le~K5xUp;pr|4XLve`M3L
z8BJq;J%8ll2RFR+z?vC-U%g{S@rfJv-7qmS|GN{7K}A39JM`Jb4{i87zn|gzF3#$y
zJ#pQ>ReT<-?KgDAPx}omo)}u2&8Kh4jSKsf+^{gAq<CSVq=-J^D?*t@<;A8^a#7GI
zncmAN$?I#B2tM)5DPqrwyU^pCymKNqjP<{EA2hqU_Rmva*?XiYuKtK}g*Jn~VDM@1
zpgk4Aobxut4_(6gNfvWyU@nDAYBnS=j{x&%WKIdsCJZfNK7E+OjeJ%u4sQtaS<PHD
zk8D2iz^i;y-=QOG`wpE3+ycx;^SX%nOl2;4C4~#8F|R(rEf_FL0&zx3d>^C4$S^9u
z$#@fjPpvQ76x<-Vm##MF3HA-ZzVx%kymDx)7#xfQ2P1*`Fv`EpxNfk<6PdqyaqWiE
zfA2p}aIHaBR4}dwA4wRRaCPy*hp2a!>J2a!7E@R9SMa5+lIi@H>=90c3yoLr`doeE
z!jX)xg7?%dIUBf~1-#w{HY<J_KXfJi^#?xFfX~_deuuGK^hp1qwfz4saH?cnkMars
zwExhr@%@D*zu0gYpD*%z0N<DJSxcV-KDln+yNvl<zW*c`Mg|Ri>ybf2&whN+(5HSn
zXy`P?vx-kGAJNBvlJ70-UvksJfhF@6#+S@p*stWf7QKjWL@y(ago*<A=6le~P0-7{
zfkw$(Xy&_vjglLnn;VmjlETjzCEmRsS&QN>Pu~@s7XWU#tIT-~z&iH~V_tx@g{+<I
z8Avk5iQZh=h|epZk+rC1!y&VJevtVJU%5tnvG6sVctg&jUYF-Tf6lxb@=|huJ$ub8
zzBwN_Hvp&X3C5s8V3f7EW<&0e`_Bt7?>gvF_h=;0Rx#}afpO8*MGFJe4^Te{?u<T$
zbw*^<b8BZLBv#MQH4=&osn<lCIl#4;HmAXZt7vB$ZBGAbpEi7oe>IM|;4^`?G8v1@
z-+`-VEexDtEVOuvJ}GDMbsA-Yj3=A%Xlx^|E?gM6Gk&P(ItyA(pqyyfKo+a6#-TAt
z4&(%$9-?s+3#Z76V#Xp`RNE^x2I`5wBrme>Oc*LzF;a6tK8UAOPjW*z?*lyww?Sk<
z2Jzstz-<;dRiClW@ongB><ySxTDYH(TmYjogZ>ON_obZ%=ZT&f3de_jG-Dca&iHKn
zhSAKiP~~S$vew+<Pvi%l?q!S)o`~0>r=zWR*G(edoxMXQ`{G!?wVoACA_p(DJ$;}t
zZxuKQKkBRUb5G6eme#$}C6gO;=1DrTB|Y*b-jTySPiN9#r{ySrQTc^gJg>$set>&u
zR8MuJ*CoTx=G`Xjy(e_n*Ei3toZQg6vW$5w=Y9=a=O;#n-fR$OByWkbij(E%`d?I^
zuFm$}N%7cMTGu_w$6cc{$j?OXZz*E#**8wo-uAuhJ!^T6wp{)DGf#QT_PpWT%1w;n
zY06OkJtMhS3%2W)S&Tii(5$TEc>({`mO)zu`u^UemIIW1mEW1wS(TG_rc|o^Cm-=8
z-9`JW`PeulZ*(_y`2g%fBUD=t-UK_&rELL+wdfqi#kr2o9UHAvbl1>n<ec^<=QO}s
zwPvOCxa?rgO4xD_Ypz@8=T<7O%gS|UY%iT=9Nxq}kHX>LZK*M@hI2kF`aUqQa;0Gm
z7+F*}Zdx#*B4nn&boA0Z+P;uj!&k!vvb(=_dL?~Uu6xv%Gz&XzHu`lbXNmA`uki=7
z5}DriJd@`Zyq-DDiXXV;cX75rz1liISm|wF?JjoOT?+iDyT(}bmCA*Txv(E+TS9X>
zdrG-wRnU&|6zhSNa?`c`#Qigz4-u+u90{zJo3&iFy-xL*Z{^m_%9RT=&B4dfo^*}H
z+eg0BM;>(8sSgVWQGGc0sP3YV=y{1p3nvo`VNP>_Rd(aR%4xqls}f&oUI<uB!k;4h
zrV_c3WX=1GK^Dx)1g8l;%P&wll{rBEPIUWU0B)^*KeP}8U-8gFLihym3}%G3i;r?A
z8S@VG6W=LbNKPVqUCRYizD;w){l;s?O~LnmJ|oi@e}A?AE45+&>D#LP=JQ`HBo0YA
z{KPE{z<o4ypF;lh3fc&KHf4j+D^x4E*Y`GSbuL~bce4k28(SJVTeRlqUkR&?P2B&r
zna{!HM&-AHM%4=1YasW6eRKo0->ODu7oWK(Ts?Ae_(A`-x9upM5H9?j5iaOwHqXW9
zDjsBPe;Qg&z{ZWx-dXqqxn`e3)6j2<p%$BcRt^AennQp&kPlf~INaE-b+0n&CBowa
zm)XA4W8~#%jl2}wXAU;S4cHnLwZRREB_o^jv3aZg-)!FDAJ!a#{^F=}^wR0Ta~kwN
z6`u23^4&o8+{HWbn0`OaS;WFCdSp%ZlV?>Lm+hXI6%4gxnmZ>7UOFE&y+CKPl}!u;
z$Ymf$3ta9s8opdv16(AVhvEYugC4F~p5I)({FMpW3nsM`_QOwIRyHA<c@mRrnZ^6r
zd@>hKYMHzZm}Bokt2uWw79*bfRrwB|y=q1seFpng&#&<h8y8L-wyhjK*H{C+jLWd=
z=hdLs;rEBLuN%~f--|xKdPX^Sb2UCwJ3q2&)ePyr@Sj%yx#;t?M;f1b_DF!d=<uqy
zjx;PcIFr}c-1>9QXSB=Ac>3+tGwP^Y^la_?Lw~BB@08hg=uBgK>jTDko#msuCDs1a
z&)3d>`t4OS+R9w+TiCkM7@tg;?2GQ2k!O{8XnszA@<QyswjH93Y&P#4-FL$2)VEf1
zmJws;E-v>ukQpx=Y=UlHh5iJy*EvVG4VH_5WtsGv4a*QPti_jTSl;eK)DJ~gfa4nf
zH+4_g*sa7VGU>0{|E=cRdH$lGv#F^+jJnc8Yv$T(sIn&;{B7-6_4KTsyssNoPiI<F
zuOIakTQvEISJiGc^e4KVLphZZ-Fj*BTh{ZW$O8J(xxG4D`53%somak_IHAk;nZ~?L
z=w<B}74I*AkHybfd^f)7f3)$LRY#tB#`XnDmyr8OY-BRAlK^MfCLLb9PxBc>UjZYj
z0=^0>c2YAa)KYy~s8%wyYBTYU0puOV8MQ{WQJINeVIKxtBjGWpJ>>=+<7{F}Z#n0C
zi(Y?6yPa@72fE^3<wM-L8%?(jF5SM~Gu<j4Be*U8D?Aa4e*L0fqq+6WZs^x8vyJnl
zx3`Yyf_~jH++nOct7Foyr%WgMb>4NNU*~yis!hKK=IESNn|?=kL%(Z)sfXsqh}Qnh
z+0G4f?6n!uuGUQIk<U7pdx2@wpy*M!K2T)&&#Wt1d7)eCp&4{U%Pz|5{a<+>%jW1n
zZyr4paP&+ax;t9W;B(eCPT`zr`0|hBPFea0{Tr=k;?XnHGDF+*u`zdvHu-NN6MeIQ
z2X&WletEP`$wSXKoH;pMKXOXAX-a6j?$GW^ryQb<Poq;7SunAAvpbzqk6zUMj?yVN
zQ72k=%Qlc6Y2lrvQ@HDFG{2{!BP^Yg{N+mH;@uO6qiaV5cTSAI_O2O`Rlk_urd#$J
z<KxfKdD~?Zeej__&{@AM=gf^yt6x51EaKPa`R>H8%Pl=%$>wN&ZPzo2pIXn<a5p4(
zQ8w>LOdr>ko^i@-i|ppkN`LyeSbC<d%)ZkX?s)(7ak2Q+TPB)M-FMM^>OSAWy^6wz
z?md>RBiS?kw668c&w%BF=o#HlC|*OajHyQVzgY^eqI<l0M*8Of&s{yUjJo2*53tQt
zw>v$vPxTx<a|`vndPeQKdgdw0xq8M+ue+`1Ns+(PS1dgfK+lL~<^N@3iz(h#51r3K
z$8;t4a~Ve`J77+`+{a%XU)Yt+^7^Nzr3PE3{-2cj+qkE$E1M+|ct*?oE5Msq<|`g9
znSUwI7dZ6ro`c(KJ-BT<k9W7nh5)zNsFn?}6}zDd+{%{NsPj;e#~YpVP^>i%&O@2$
z<O-F0&O<Tjt4{kVotUj?M)c<Hd2FrKc_^be55?Zs6KyLzO8uT_CR+Zq*$dYt^(cQ_
zd*L&U|KGD0$QSIAcJ2VK(X{i&B{uDpW9uS2MoZTG{d(jB^s|F^_q6u5?A8K@eqP{R
z>u&j;eZt3zWrOx3Z_{5X*&w-qjG4(=!n{pM_S);eLyLV_=Qt~g^L+Y*T2`>%r-?m2
zdH8B?Lsy6VeIl2bq4E27q3@|%%lUTN13L@bQg*lAYu}Fcw_i-T2X`5lm1Z0B6mtxi
z@q3z(!2!-9eg}UwfUkJNEMH~qXN*BjoN-)B*>ui4UTta(keD)ejArnCv6)a&+bcBw
zyY#b)eMi5fTq|vIPVLNce4ajLzv+^*O`NM&YW8W8jdCb;<B<5i#+aLUUTBp`nEnoZ
zKl|)i6~DYQ)LgzeboZa=dm3%`!QUcgU%7+6S1nDg98OI2y@AAi`*Bv<Y~!$E_5&z0
zU~_8a*|ay{lPUX5{MjS4H<0+nfzJdk`C7j~#TVXLvUbpHqw+m$^QG)#lFwVq_c_GQ
zmtqgS%KoUyYfEcKRF&4wSjIW3?D4t4_|E;`;d3{iEqta-NW0`(K2I*{wc!VR|D4a=
zOA<FMU*zAg*|`4x*A|_&VUF+m`)3bJyJR_^Np~E$q~MPFOESx_@A1_Q{u|p4e>>OL
zzo|d%?PTnaFyBEx2sLYdmwsj7hUMVuyTGK*4D5M3pL63&3Y#BVT(_as-=}H%z>4+q
zziSo;HV6lE!C|Wzc#zoaWrD*+;A$hW{yOwY9>2L)cU~Rk3W1;E1*#Lz`G+c>502*0
zmuy<Kv5Y#0@QDLv|B4*e<8sY}rUSHj^wLY9P5B@fvCo{4=5E`U--2&&3%>19d|S)*
z!p_-(e|s-<9$@@O@p0u#%Fm6~Nm+~oKYC5}>pjbtB*tg8cel~pFoO0j?8filedFE6
zwnP2#JEnBucerJA&vb4Veut+_v^}FSsE=rS#(l2)=3RT{)e*Me!MO>NBWs93tjUb>
zo99brjA-+9t-G4GEasWVma%jYHpee`?&_dRsVDie`#UEgLwccyQfwJ=hTw?|;ry*F
zeUTwSvv0-O$d4v)I~Ur>-)hVge-^V=DO!^pQQo^~LuK@=09vUv6ZZ6{?pyHlJIIRf
z72Pl{{RumFk8?FETj6!dowt!sJD{a{?nMyqPeX?`_;tQ!-=;}C>x#Ytw4F{Hs&61m
zZbUBq(j+HAatPX;4L`jNkL#@UI<wE7Um!2uh34P(4~V==ndgvG4a{o?a;lo~-b8!v
z(#E^Us)re$<lCQ+SBEK^n`6uy;mE6g=78z4^(2@2nSH0fOCNQ}qj#SDe8paPm6%z@
zyYy8|dwrqd8)$34*}tjQkxhq@P3Iz;avj+;kTT~wvguq$Hp$lgBC^RmJ#fjneF7C<
zLpEh1n+6_Pyl=BP(2`Am;`=gW(`IDTLFP1kO=;~EWRqmc9Awj1kssIdsp7Mh&-uur
z>-fBZ4EiD8kMY^EBx%D>7R7CN0@-xklHMDZBb$~DOS|L&KCWz<93`9beFK^X(4J(|
zpP6qavPtthCp5^CO*a9T24vGa$fg=()3cUr>f3bVz*XyaKpS<AY<dt}rTYR876V_&
zrW-u6iS;u}Hsv7)Y8=^A500W`lVZAR!^gV-vN{6o#2fGZIo*tJYJ6Mgh>!>WcI)G=
z{P{lo5gmtf<5`M<DNYtGi)vh1bX{_fwoaEZJzFL;|6i0%?{Sx3SF&lk<WQ7sTD>T?
zZ2BS3UD=dHJ;|mYU)QtmgU>TlYbmDA86(cGxPE=_jYGa59>gcgBMwr8-JHwb?`m+B
z%U+I6tcwPruWWPZ7jvIC=aFwaGYDT>|DQ6gxLq*l{C|=6#PI@sb*{|NFQ(tad+Z&p
z>7~#|TRT58=N%9&xb56&&YPwGZaa_g9y$!tj@8ezycb;#Y;RZklJ&EkSpM5gVyub<
z93{s3EU*d?Z#_!9u3-*3?fc!(<?H_dUHTPcuw!+fW3I&WI>(yrGHtOs<pp%|7u+&V
ztS*r<o#GjuGOX)%j5Ry&loMsmJJHxCpE6dA?xJq!@#msFzeiURqiejKXLCYre!uIl
z9pt%7k9SZ{^w@l@bfwn)dWAnaPj><I4malqSf>cG?i0_tk7>n!B~NmR|IQj<pTnzM
z@eleMTNXfv9D=^3;eGSb!Yl4Ml6S=c&MOEsDMr>h)M)Xc&uUIft}w7M@23BNzidX0
zFR+30jlvDQuhY6AcKs%NKj}i989S6Up<_Rv91dJPv@JHLGZ18tT}d2UcVxWE85m>r
zTmB-?>#SU%WGh!_4Er%;BPpJD4R(fjrNKWW$66nPew8y&hd=4&0o};Bvd96_*=~>H
zQzHL};Vak3K4Y~wLM|`5D7|>hxQ0~D-Sf1U&A63&eNAs;V36@<6I+BI=NTVj+Y*OM
z1<s1A7{uW&ryt^QYZ_R4%bqyA(pbEE;)pv#wONNJHxKu&@BF8;zVn{1*?)&o>$BH*
z9`>&BZ01Y~VsLA`Ydqzw@sv4hJS&((n+$7P<4LmCc!n^hjl|P85`P!{)hFzn*nlln
zMjm51&yHR?4g61q4)QpY_(JGHw(bRC=)_vH(%SELUbo|T`<YWT-MewD2=OuL7R?{q
z!dfp1AZIK)_qvoGb<0r3R^XgtF@0PYzVveO^Z%i>BjS1X+EG%3eIqgSjE$p5fa^ME
z?MS?*n4V&6M{Z;7h&Z1c(<6^4NwL1Scs{z9;_pe3)znoy#DuqHr>cICZ^;R#Eo=Qq
z>+6c?|Cj1ovHPUR66#7`kQ-ptI|jYWrck}3#GaEBQ^$8#Kgwqf!F$J$1>w8CJ+6o`
z8cXw=pQ62uzGVE`<j5rKUBv*8(#~$4Yg~VygUqqkmrvvTl-|%-09x~`HM6c0bYg*$
zIh(j6OnI2c`x#qG;Jxj9XSXie*IMcivzF5GRHCsp<K0F3$dPEdjXnYc2D9JFAIAS^
zX@LHYF?PuqGtg1Se8Bh`SxX9hYv_hytN}>I$gV2mp1JDNmQFavy}g#);4G#>^yxLg
z;a9$tJ;y#d|Lz)W)%X*O_T}_3wq~0tdvZ=pxjP?!GH~w7_3=jQ+Wdhlnu5kBYm>M`
z=_oPG@=q4+3nUm@%idYE?=r?HStGbMBlFZ>a$<5tQesj?EBO@a`$0=@N(Slfg4D>g
zu&=85Du4JWbGn!Il<RU6?Fb&q^>)W8c_dg_@`!o4@@QwXEsx%(j&Lb?^aXyeU|qnH
zM=K^)8dvY0cn0!l_^u}=jBw=<YYpk|A&<E0&$n~gggE4pKUyA5VcmrDIHr=5;+03y
zYtEB+KbcSTn)3&Y!_5(uJi@->KDSWIm@ABMR#5WDUN>*fp9-zyK{Iv^iMxibyp4PR
z%o#Gu@!(8=&{$hGZKK_uWRqawl}(M3&99%dY_j@0gZ^T!3+|R|@;A4>*^Pg0m)Uk`
zEdKeyF8p)1%;o-tt^2$1&pl;2`RC5NPX4*`y!9{6y0&B!uoRDCYgV=4E6P7#30$ir
zn|6Eb4sf=oq@!$--6YxcB+o}X>)PL;u4KpGX4|r<ZOvgyTU+gG+sKW_sr#a2A7i?T
zy3uP61>yzx^dZWr-9ON-ZO`-$AD^N<p^hE1+pH9>tEErkhE*aP$ZfLkU3!jl63Dk&
zlbLpUWj)WYeG3^vJiy>wLD?wv31t)0KPHFS&>6*{@hg9(a~qBMI#V!{ykngwC|l#Y
zhW2_j{?nVQ{r^6}tw;OsWqvKWvU)dX5vhIhPl5wN&GF>3UnRb|IlcM#OYFt-r#GiB
zGQ#S=5gR2vV4w9ncepV=d~<$t#Gl_>G~5i&U28Pg_`fx72lZH|YDTY)ReU5*-y<yB
z&x)IT2e{<Xe&EhY$O&?(k#lvY`I;p^6fb}7HTdRLJMZZke!IH=_!Q~<3)^&lwg21A
zm(!N|2%I2hi!QoU|LLpl<KAQ6gdXaEjqq6mz6yqfS}x?hWSpL12aMNzlzW2i8dHGW
z%H_TAx@<o1pq%ETvJJ$F)lUsEH)}5JeGzUi2Dci=xz0GUh#gB$S#?yNyT~=JY-e1$
z)3fb8<808lxtlZ7>NhDep7y-?%#vS$dVCpRC0fY_R_IN8yq^oTBvP+%nGIXbuRs4)
zM{~=5k$x%fonLROpY}b=dGqaaINv9S=Y-#=?5V%w3p@7rKL5MxuZj19=jVZ^zTJG>
z*B8d<H^Uxtr+I>xzdG#<i)v>d?euiNPz(8jnb_qzOLjOi`~&B_JMq;MqgvP9M()4#
z@ioMuLjLRTH@=?H&lq>k=L5#)PG=v>VQ6P2bA0~GX7WnOt8sjG_=Yrn1g*~DT{!-4
z>%aWskPSuT++~;C-W<di9%XW$H#q_0u7@v!_FnC8(uQIaRg^o*9@TRC)p;V8Z*2}~
zQd_~`-_~bs8nQumRqnzrRn9;<XEM$r?lqXTsWSAaeXr)=$o!xCs;W=4j@I6MwMn3*
zt<5sp;!e+%YG*0-gWHbI`rxdB4($}s4zat@%EO#VTSl;K#>K$<Ro~8ub>zbA@`Y;C
zXBuJAbRdIVm_F!TbZ#MID;OU79lEMgxevDizsdd)_xl3FPY-2ep8gtR5KOXwNfu+r
zhi{P&For(z`x}Rm0nay{xp4@0PaJ9>mXMK_ae9^+$l(r($AU)o{prN1GCAW%bd&dO
z8&9gE@{{nHhJuf__D{5KZJ=Cy-$~6Y>4Rh=`u%cqIsF&Xcc2&hJFL3FLnd_tW^kq8
zCOkgDIE72Mt-23ex4w<+r~$7-9lUA|<SJ~HOi7Qzl~u1V`9$<7m}KHF3MR5OBqMsd
zuT=D|av2VdkDJxHZr6FTN0s;FId64}^n;y~$9^O0{=0+Urz~^a%t!5*0W&PR?gL$y
zlFy`eb%rppfGXA18Ljx+$gadloYkM+>wJHEPqH_cSmjmjL;6rVgBaHa#udFkTy5&y
z;!XV~HLK2M=(>82QQ1V<16CV4J1jY(eYN8m2eiq4y>u&wSMek9!CXFu+0J`GcrO>;
zD+f0T#DM3T@hfGA$(|LTOb^zrpBoNrs9@g3C3BlAXtNOdDg^h*lxt$VH$V$F@c(A;
zvWjvQB{|J=`BtvwH0Z%?A6#*-Z=gf_Q)xek_C-Gled8<ChIq)ut^8WSCVH>h<raKm
zpP7?}eie@HBY)J0k~7L_maNfygV5<HGszl{&a5fq*^2m=*N=KW&5<#;G#4RTMl)ah
zt1VZ4vt7mvrmo^;TN(Ei$e0>S#&ABT+6}&pY)M15aQ-o}rN)vioJEFA_zUe+Te8Kr
z?Z5Fe_A4S=vYfV#0W-A~Fb5-3sE<r>>znvfe}Tum^`}!mgiMjV6Hj>M#5Qo{^T>%O
zX)7Ih5Mb<*2b_)HK^|~MekXY_|0}KQl*cT;-@C8Md-hIuXJH1jLSe;+6dMvwrkTM#
z)A5%M@oX+JquUq9Zz$#**;44OfpbuA05)&GZ#-HXsXrncZ3X4CDW6R_?r7MjI~eBT
zXKB4eXCYmK+!_MRkX22E#D(&D53%A+$8XiRZ9hxnzZX0WBmQ*DRl_zYhV%qy<{aml
zVn~upb_|K!Z1$Vo>zwi7jT0TDy#V#Ii4_%I71$sjE@i0^mYns*i}wFid(*~@EBrin
zB+%DNVn>>r)`oAuKQ37M%7j(R(wobc-9Mppac;PD>FLeIv$QWUp{Z&%IlR!wg5k0;
zlbdeIF~UW}WDYPs<t5A4_CD9Tlkz8I=j_l~>hQ@<$`;{|ufRT%KmI!7Zb6pf<Ks69
zhaJy5b<gAc`>n01UA<FYnRsx*bGCeXqrTnWdJR4lUXgWH`%lrI${xs<EpF$Le|%Fs
zzFPu*ejj2>eTglyu0O?BS+m@DUT5K|ejwARtSS9Uct=8Rcr$H<SnJ6*jP3bpM$1}g
z{4t$1fsUMoj%*-SN$z^BL5yv&`s+QJXEx6#8OvtW|InzF?f$ZK;mA;SpM=o%Kt|b&
zWPFNLVjk?xomauSO~70+B%j~6nk$EF<h#nZYDmiBg2z&+r*pI$z@_fyNW*S?8J#aY
zALN<NzEjM16#8e=@^6!8Z9M;5awA6dHpU`%ldixn-1>`9%e}s`KXYFe_e`gA_HTM5
zC1d9i$yWVWoA;qh_1+-nIh}dP-be4g7g#Z=MQ61RD_~s?yE1@JVBaIHnB-vgsiv_{
zbx7pq?-*4d-^89A^wnm@@P^;^-`e-FvR{(;@lkBCE#SX=I5zEx{JI?EaQumcI`YOw
zH*&U#WUus2fLwF!>(TEM-&O1~J;$Bj9n24#Wz74G*OteZfXj=)=|$jnI)1s6+wQD~
ze?Xt^KF|+<U0sa6vx(K#S$(H?`c8?wLf=~J694L~TD4QfGyOgnIQe<!wym+874=MG
zwrziOCBM~<aCA9y5DyGP&jRPY0rnvg2c36-_)Y*BPrPA^_1wD`iMUa~uxZPM&t&{a
zoh>u@n~C_#_MW6<@jZKz5?HrEH|N|-j7WZ#pXcN;Zz*J+_I&We95{DuM`wlE<ui%P
zEYm)vVIwLhm!Dl(2A$1e50`ybR8r*db<RA1gT`G5y+)7w8RSg}8bA0G`j@?m4;pAW
zjq|s6P87e@^@aX3*lR{SCsuzC(BEgN{~GXp(dsWT@&aug0oJ9+6SeWK19$y?i{HY<
zLF~sH&XrANuPc0T)oJj1Z)+_<{4Tup#P9b4voXy1ZfN!v(Jg$xRD4f73OlEkk45k5
z??t~+CAhMer;S$sO5FcSXtiB$T?nmymAx0lvHf-&+XQx&Ed_nZmJ)sJp`K{Jin+M-
zK_2@*g+5jTyIAybyYO=g^r7;bpbd*Yj8Sd$vAkb9eH5JneSAax_dp-9`rA!^E`40=
z(8oozH5b@zcIe}J4}Dzg(8o8RkJru-tr%Op=L{r~dm*|wRXMefz1X*4FC9f^#FB4M
zS$e7cZja0bt*O#yv1Hy(+OlPveLqDCWxX*1(F=NfixnT5#rhKY^Tevdx#)Mp_H{Ui
zW6Is}Ckn7rjKd9y<wNQdSFFcY-tPM2>bn72jrB~jB>H*uIWr;V^G#@8_OSQt9*ymd
z1^;}y-Ty#rx_y@Cr$V<Xzsr?tdxx~q?UbZ;y8X?yCok7()qf9k8>_$N^ykv;MytQX
z$o;hSTVN;ncZMtX3-eAoNA&rqRW30S{#NU{FG9!B_<4<($82O4w##_V#cs(bc8CqL
zeJ9U0@yYwog=?n{3#}c2eA8Ns!LtM46q<-M@;S(7xEY9?4vs&|dshx2rw2*a2e5-W
z$ojs<yc_T_3a}vx9hl^4581qtmBu5xCiuwp*SK9CHXdF&LAm{zqioqxz&J*vl+Cz+
z`jYk6I54@Iw$x`dJfi=L?(+T{=x!4I$C8&{&>T-eUaGu1cX!TZ%=v-TcDnn_DbQVi
z_1^>C#p>@M{ke2!Ixse9>vUijiUDWgEY(AINe<m5KzCJNpbm7?Q8pQoz1Vt^U#_fq
z<7Qjd5%+%2D37<+Z=>lI{N=nf$Eb4Y%(5qdZwDF+8uOmPMk?iul^XnuhF-?Qfn8~p
z{=eRg8)PJL2gbv51_UZ+LwA$o`nK6bdpFxSY=S<$Hqq~S9zy<0Z=Zadwte&)>Mo@p
zOaFxiS#kvU&6qN@9iL(5BRj8#vM#-5P{uvyEY{gF8jE0FeOIV?J@vMrQ)U9=#|MSB
zzr>lN$FU3Q$^E*UckaGt*$V&0f8symnFl$|MtBE%Ox+ld_gwbweB{>Mf#+NNr*TJO
zFXBdV*fM@>ULQV#Z7V4^*D#FQnuFR8Vn)(953vxK2L|R;HZre<GvmV5ygT4GD+hlA
zIW~kC0soiHGvuq};8)BG4KZfs_r{jNM{b~;+SESXL;P;d$A?}1g9-J^@8omGgvQ&A
z?XAnTpQ?O<vGh(pKbX+C+t_X_)&CU}@@B<VPTSP0vav~Jde_!pST?csZlk4fq{;ta
zZR6$UcH~-ZFjISp`qVZ)U~Y$AYp3e}@_x0A@0;73M;I;HBSPUicqty=Z~Ef=x?*B^
z(--%tdkDYe_(;}39*7Gc2L}zYd<T5=2FrIyZL_E4vprXAuREyjPnLw%3J$L_NA2yF
zU-XyxMwRiUvKj9Z-*)`1y@7D3B?VtgG$0tZ`&=oJ=i#Yah^yRsr5Qd|+vFj}0=_B_
zeXVufn;uy%9xIQQ<E&A?1)pq&S0`tTZsVbY<gR?O$>Aex3@;zO#q$vGbL-e=7!AqM
zJPz}27H#qF;mkfGD<}VUl;ubGd$;q+{@FI4yh2&|(#1CelSO9O;{DZ}$Kd#$tOf36
z?RIbG8hgL+3d%jheD?5>9W8%Y^L&_j{s;ea@q_eiX`1rChD3H!-YZ|~h=FyGFXZE%
zB_9kwOZ7bd(O%2Xde3Zw$8Q{1JP52BpzWd1jQqj|*8gjGR}Vb${GpbQtuYPhqOD=z
zd1yrCU&l|4hLdE)9N_Vqe^}&R3r52t_fYmR=3!i4Hlx6y9pc=3v+v=o2l^5}^{I}l
zwAPLA*K@wW*_ZHF-|EvUb2&F7WwqIyoMCKFtMP^7>w8xw3^Q61GJ=(c;j0Z67~9he
z`FxF-zY$k!3@e)$tbyOkdesK^>U;GBqwKB;!DfCNf!bh(xxH+uSzET$s4X+gCiW?a
zuM94P=ZrqJ!D@4RHN4ihI-xRH$Fs72wZZpn{tKr0C^N7&81ii|5Puf(zbvsfxW>1=
zO#ip(eM)Vx-e<KD4ETAURvSFWzkLDn5Zg4o6@ILV!H<d~)L8sT9#&f%Avw~-zTyV_
zw*&ZZ1-w^WhJ4>z$)E$oEp%_f9&%wC&OATdS{fG?uN8jo)OqcB`g#A%P|IVCuds{p
z6<XtK_rIkpcT=x=dHX);!OpsuwNH9Ed-#{zd-xN1j-2M4iP-To+4Z8`9B4##-GgV_
zHlxqOBW^!Q(0S`T$%drJ7VXD&`YFQ>Y~i`;s4c<bRAtV;F`t{k)v3Z^DfPsw?_a|_
zmuo#F4!^w@`)};EbAvJOgtxLdPlPo-%LkV~UNglycc7Lvy{av&PmiLEWXU?_QA8ZG
zjyc7W?-6nXf*D3QDa)jv3-Has|8mo^Q6A&nsgD0LYy7g`JGQljwxrij6^;|F_7Wq%
z6g-^up<~R~x{nXKRm{LZmVS$Qt{6TktUek?7}k6h%M7B=*e}I*e4Wm{QOrX0hE4ma
z;&FqW@yNC~MjX?-ess)=wc)3nB5%eyZGO|C#ao!`iQ9ieJkKPq=fl4w=jhTn>+F1d
z-G{H)ptbQhY!mzbh!3zujx%p^qqdxvYE*?NWBzzji&5XFGQ-Gy>FayH{Nmu^f@ZxR
z$$RPX=rV!gjOKdy(#~~CMn@+R+f0m*Kve}yb5wU&jJ5}>o<A|iyC&hD*)Cq(bCw;K
zR{cI**N=>4&O0f)gO7{nwzI^+GqK!<x30Hy0<NH~mXyx(ypnm=%`Iq_4pN!-D054U
zxxO$rqggVLgO{pi!5idYxA=0(X86f{mMl>0Rk2#Nu|GyXsy~hK6tPB9m=bE4_R~q^
zqZ%#K(9=5Kq#XP!HzBE4DD0>0AUqr3ZX4fH&N=3P2JJV{&n+oN%L|{hZguTcFD)&0
z;8s6^bya9p<63BaCq{1N-2y(h@Hs$V-uR9DK&}0YFIaC_Hwzi0x*zacbbr*j^K;kt
zY@fti7hB-rB;<<X-r}Ql{ASDcFx+!8lOp~9XpiNQ@6kVUv6Ojl0Z!^8;Jl0Q&f8b-
zB0GL_^itEJ;gjj-*pqfY>tgitj`MDf)6cu?clGwSlDT>3r8&9tamV^!P8+43_K!OA
zc*%L^!s=GqbAOAb=kq_--f6*HYeULwl7FCk#rku8;Q{_D4^uGG8S71%jF)wXYWmZe
zAm4W8AzfDw-L*o$A>MtR=aQqxMo7+ZMwBC$8>p-KNTw%Y!)pKA#gr9IkrURTjSHQ&
z^RI4Qmq9MoA?g{#nzP7l(%Cgx#QSoIjpX(L*L<>p6=$-w<nn1`4kK4jZl1o{*L)W1
z#~1Z7TFxFA+J5msWBW7ET_4I8^L#by7#q#Lhi2iEK4>Ob>$uueIfwr@2A^5~U~Qib
z@tnt#%XvImA#%+Z^$Mq-VYFy0fsnC1qwEjZRd-CtI*T!##hA{~nBu~@ANL9e&S6ZW
z7}F@m#K#&_-wT_k_w5~fOq4z4F`Z9;=R4!!J3Ej5^5~C`4TGt`AQ-zp%ARU}>5CG=
z=><kh##s(N&H^6=%$;Xh*D@B~=Pv3K4qVGv3K>fwW8q_u<zmLtH}+U4d#Yo}T1bBj
z!9AbsMfA0Z?=p?SXbF}XEjf3DTH^08I8S%d_JjfE_IT`yK9m~?-s27IY(A%i|5dcT
zivIXyuc5y+d{^;|?_d@E-AB9k(cd`w8|U;#IjcX}^?XjLziQg9rawN}KcT;$@Lj_*
zzOn6Favq|;hv=_>{tBG_C};H->Q$M|=al-}Lfc#Dk54vdIt91!{ac>#9sDi*?WDh*
z^jA)Q<xYQ;v-+#2KR&0_Umb1N(I21eXXx)4zW4HsZ+w=PoEPZt1^RoK{vLMvqny=W
z*=d#8d`_i5$v<zrOR_wG?<IL;>54ndX6|`IU$w`-et3Py_<gK8tTS457HMC)r*7&^
z?8YG`AX_|%-<{)T$g?{pS+Z32e8NqtZ`<<)OD46HE-@`x+KcD6&Y#qh(vQ2-=JI^5
z{k)a+%v--bspX~qJin6XSK7~8cwR8Az1?Hhx~J3bWXesp%e|{|W7^9#dCPsCa-X-$
zy{>Xk;I}Z(g5iP6BYfZbA#2kb&k^+K5nJZ}opQIn5o)<|0MB3H`78GG7ggWat8zv*
zF{gVuyLxh5rR4vD&2i|O<VeYv@Sl9-|5C1;?;73-4mb0>jQ>ya{FWu5mQiZ=R@%MQ
zZg+>C&n0(n5YK1xe7603yPjVeYN;Zxzu*#{Ut&LhOwT71lS|_Hmw5gq`*|(T3qDWY
z3;h;+(P#;)-0Ad}Ot}=wrP$>j;Q7si&|j2`<sTMthJYI@bmN4Y$34`$@<{8Jqr{G0
zq`jAz(-qw7Q4_<*T!Bqh!+XKS>jURNTgr1&drN8W-uM2o_EJ3U-AH>c9sbAK^Lg64
zn)Xuu!STJr9&C5M7to$yH-<Lv8KRsB*1^F+Ecj`yu6#0i%;fHtfvYjpeHXaJg6WI&
zp|TAh_a1Z1fo+b}S90W@x9N+1$~Ln%;mdZp0QoR#Gm|oI`O}^9FTT}YetuN>WKa1)
zPWfcYmv0V@S0Cl%_-Pz!U%4G+&|ZLYdZrv?^%=+i_na}BP8*|}XoE6pBhMMzhpayy
zr(7Y=B#YW<$j*Or*Zc1Mj^t72^U;$6ZEL7o3uuG5bc^EbuAT43qw8<9Y4H{M6K)>=
zq#ZZP6WRow|BCw6%Z$ne#4$wAT4y~*e03~#p60Z1kkL}leE`q$T)2+zBU)Y)D_axj
zChzz+w4*tH0$#mxcq?P=E_N>YU)XO-bJ1za-wifpkQ1f)-Nk9rfRk+Imznnv<Kwl$
z+n4V&npd1|w4@O`OyhY2IX1z*lg2@lV-;guv3ZKM&byoZER`RM5AHtGUik&UYmAw^
z=RZH0a`y`I*>X-S-iMvJRrj{WbKZPDW6QSo2Ys?Ozi)Zd_@(RDw?OY%t&8_HkO!0T
z{^EVpfPwsJ=^W(?ecW$YMN7ZI75mv2wBd(F^Mly6igDX#-K0d$|FN%X-F$!eN5k<u
zKWs(rl3Pm~&snsV7}@(I>qNwVwJ+wj95=3GhFgeZH0S&A@0}PAey*FB@#OD~s;j}(
z_@7T|`8wZe`25F!XEtR5Wt`b~m(je#=L_%nguRmejFzu6hf#@^PrSzK`^zW(3qG;l
zpB3Z%i}<qQYtgug5A3si;AG1OE`V;!d^;!Ba}JsIDk^qz33}^&e3Y)_cO!JGz6QqV
z>o4@>rH2+be&YBwvH0zG?A6{zewJu^TNboW-<F?6Ke1$2HtP|ZPqgfRkamPm)z$bK
z2X%&(#^?I<Ilx)Iy!?9CpHJ@ApHGe~K*zm^?vZ}+U)j2D72~bovyzW^=c5Ge?e!7U
z@!%Yo$}iKn#6$AUu)V`ePn*;{{EkV)R+1tEvsf!3t}XoQJXGx=InHMxy1)9a@(BgY
zR!k_2u(sW=VnV?e%O)27nf0B!R`dL>356dT+Y5XF&QB!<P0mhWgt1+4F7d_b9Cz}}
zM%-_5My%j<9Ng+%!Jo--zf5QEj<{br>L$7A%AtCR*rN4*+N9qF?u>q)7TL-gjTgTk
zUO$;R%Xj@_jpUGWHO~MCv+mbk;563Rv|bU2JjELOZTBK4?=@Pk(YgWje*1c8@<)?e
z^1#)S7`V!Vu8pFC=GpM8)+-dlQT*lru~R#DZgAv6<|976*NU5@M3!3rlOun0;wi_@
zG^##Lj5ZBgQV!zED_YkjTDWaLk6&Y#Pw$TX(k{lHSd`K1t`7?~rqhlaBO$)DCKyLM
z1MK)xFkr`*;tgWG(7tFzc2$otCiH_HW3qE;)YltliXMLp9eQ%@p~EZbQ@ZOVH_ir(
zwU3QhVF#H~jXZH-?qd(54R<GQ2E30lzB0zP4qB=Pe`&zuvp3i<+a|r$54{Cng?N|F
z^Az+~FW~eBJbnvxq%YNmaC0SPJ{j1VS2c#&oJ-=4qr(`S+<x!9&SB<U^Us`jLKpKM
z-f`Y<T5FGK5o_MqT^onk^FF|H&HF!?TUYbm`A?X4F>{`4&Aa0rcUf`9VbPFcHZxgg
z(>@>R9_}(dRA%Y7q)6%?WtWgs3?8(Xn6)KKr)v#YHoAK^T^4n9R+pRizN4RU*p(dy
zvST;vrPZAA61~qTpj@pu?q46c^KaQ&Kj-|NtjxOgtOp-9&M9BN(PuQ7=TxoFHIkcj
z|BAOy(eb<JRc{%e_BkULz2!{C7K_$3cg`N&!oI&X$Dw!4{VHf}P7Ih!hwg;lmO^jR
zj~2~2YiqJMq$iI-uM2^b+L#fe4b}H`l2x{zRnC#_A}XS-+>)$j_GeUT&w<X|I>dbP
z*w+zYzjYZf3=(&7;h4alky7?h<N^Ctr*R)N=VoiazRN?}A0>Gt{JHXIWQ?)7vUGD7
z{KWlaEnlPET*joB-dVvH*01<!(uNxt@5++w=6GU|@#O55vhV8&-d8Y|Gb!J|*=l;1
z6EL<+XWXSu{TrxXQJb`(6kDtwn@#P!P1(CjikmNC%y0SoMrx^73oI`I&cEcNvwlLr
zqc8hXZlruMXIa!16*sHgYM!Z$3jWXK_d(=HIq^pI-^hK?x&zA{%hTB57crJq#3?t@
zzuHuL?@;!aB{wu*O8;+juH2t!_ZRekDShwd(`pW|%J!rE?^1ph{r{=xhGwgrGp2|5
zzmnhL=bDnUoc{YnUgf`QmwRQ>9iMAmx15h+8s0mvPKGznf%gBEc{A|ez?+K(bk+l>
z%A3V8+W1%D&GTc7?f>V^{~g}^_s_Pj`!SzS!<$q8@UP9AnT+q`^yaVGPhzqT-Pvbx
z_2*dj$$0hW-TjTK44y^%pr@igm&It~)AFeHVx^)#j}upv{%l4Uy86@Ib1D6~5}lRi
zkME>EvzUule|{sz*iME=e~3QR-bU%q_=FeMfBitxhPmjGypnOvEqu51=e}D<f3j!g
z`AL*N&K@JZ8_c^e;rHe{_4BAdq%mnjzCX><pYqB6AA9c}A9a1@|9@tN%S;lkxdB0w
zfVN4vh{`3gP$r352)4>a(RM2Vwl*P91#eKn1k!c`K}!^+CT<D1Z8L*uQG+Gzx&&yu
z5vm2Lw%x5IfNcY@mAf-aoZs{H`OGIwhD5=2x82`&|Cq<jd_M2%d7s<+yw5pr&$6!v
zGLdZ=E-x`lgZ-QtH;m()ki1~QGsraMRnhZJ%ym3_GW~WS*R-!wtm--TVMD${e6`aU
zS3w(7sH3{?<9nsLwaDqdj4659bpeelz&`7D$ThX&VbA?O_1(zKI%KBmt;RO1{kG~C
z(cV;apH}oFjn!RT98lRJ*ZKd0k()oKJ$uf}h#Adb&O;nYYcx;E>8|G4%sj`2=Xshj
zZw$}VL2k8io#v@K>k`a)wrs%9&SlNBC}N(ft9k04k;r-eK0ME2=ILSF%(o%SgbioC
z<bhnkTovb}xmt53$NnYEIeO1*#{x>nedr3}!1;Wb{lKO{o&C$#LwmMp8Z_|#F!ff(
z?IhouwO@)i_sXYO!<p!B%UB!P>_4(T@$#MaTj0X4S%(_zk=3-3!tW>8|Lt(5wBZ9c
z>&ac**K^o`U#x{|*Rc;TbtRg4IG>=-lkAIXu$}w{-!=Jcoxvy2ekOhT;l9TDUCzY4
zA2ugzJeEE^0UO+6>d5|fALG#3gZ7j6(~sI)z`L&6>Q4Xt@tIJ=m#L%t?$K)%Y2WD2
zI`!kzmroya%{uFK-ZJ@cInBH-Mf0#rJB{(;FB+qAxY;^-9(`?ouk^9#G1`2_UPr|)
zXfGyv2efg%y%=xsUeQ_DelnW&=3QcYk$WiN;qQirHvE>4{E~vPvRiicOG;vo58rA~
zPL=cchz|+(eBKI9*1~rJ@CfC?8utE$bE}Q8DMZdo_vXr0WPnGWZ(H%S3B=P5UU_HW
zH|(F^?PIKeTkFhxmoo1M*sIuhB%8YZOzZwOWu2~s3-Bni?@oAq^Yz$f^RbiUF=yGa
zes0>ao&*k0n6S9e_CKEW?8=4`y_S)EI*DiQ)Gs!a2FAOAIo*a0{NEV2&MoYHU8HT~
z$Gq#R?T@mJ*k=%0+j-1o?k72)ULQW6H6Jpc@=stsqnXPnb3UEv&+)W%E@R+B@azYi
zPd;hc9JNn2<$Q$Aac&pmu<5TmK2eBGHS2xOLFc)umf>$zxXW4fkNQ8%S>@CJJfrHj
z!z`O)clL81>mE&el6$giM4v<1_LtLhLdhqFajuZx)!lI};uw0EzDOG{H<rjJU1u}c
z*mCN)o6C3Yo!b>NQOY?&=@6r_xEJ=}fyVY)#`-75THD(g|6;7s@cSd74KL%zp0+K&
z-Myl0Ml<;%YlrJTu+(!q%2TuJHY3j&dmTKsm3!jq7_*ywww;5ruKcpVrgFtiB>KMs
z|JOa_ij~%X$%WT>#(g-*Q={sci08+!IV-QztvzMSZJN{y9kx&=6e1RzoKW&(4xvYU
z0UNUJhgowuIegjIpC-Qwwt%s<&)^qJefeG8%9{F_2lGZ2y7w~AAi2`A;lnxVV-js-
z!k>f-ib)<Dj`gZQo|(_=cw}O|6eG|=tkz$iu;P%2_1fy*->1qraX!|I_?Y9vh_y40
zhhx3o9#)lClvGs+-<}W6|2!P)b?`RJ_u&t;W%kJ!v{u+oXJt@U@!uMwb$*eW#hE}>
zS9i{6Z8eWr<{`KqzS%nSkPS@l6c3=>6?*s5SMf{ZgU?y=Nj_FiA*U}0JOguj!1sFM
zbJ~mh2RUzow@cq2l;aHs;PJAR-49Mb0FFEeuDfX8Jg?(j1#->Z8{I02SbyRPDw2%G
zbnxva;9i05oocw-_7G!0EOFy%%If`U?xl2d7IbL1Vfr$(_BMjVA*?S%-_r9<^NBO&
zb0qv;cQ+}IdR;%(e!h`&7iCq>iJyoSd!f4#-Tr?eW?=GAV@cZk<PyTJ9Yilk&sQIc
z-*@<jbDv8NdK$F4Z67cY-A3lF36jUE{h>VaZ(07(T8oN#<dF;GM_7mLj2nv4!mioG
z+TIn$4Pw6cx!)XHWgI$>8^k(nHF2XQj2qt|h6>#9(#LT0tM7$z<MuFa%%&|vu@Icg
zDmKI%gD*Fj&RB*ihCUo4lK!j}8zNtVP`>g$^kxs|W)J5<j>WL9v8-zxcTzgcb%mCK
zLqAWPMm%R?z~VEs)mqM)&o!z>>~vOT(eAOU9KMH4pJOXmTehP|mDXrBa$S1@<j=my
z{ay>QeANZEMC)AUY5I7&KfWKVee(cg9R9N=o{;z5#FJfz@ox#^36}uQDgsZ6DXaHW
z`-4}kvwSB-)AD=&GO@q%(J$nTSMQFpXV6(0aZ@>U<>X}Jye#w#__Eu`f$!C~eu=X&
z>Tep(9fo|4&`wpjjh0Va=M@Ryd+;kdudw`mT2kR-<hRp##VMYb(a$0HP~LpTK>Z`|
zmNB#8Kl!;i?qF!Fa&$ha{N&DrwoTCRXkc`feS-d{f&2fl%EEJ<Rn6nBD=+8HKVhu9
zz>{Yf)4$}4FDmck5P#m7w5sn?Cde4rBQ*>G$1NNlV&d@3nDaQ?4BYA%<Js_DtQowP
zEwmN>${Bhfi@nPn^s!p#LHii(U6Odd2VOk~o~gX}zfpPS(R?yA_C5Lx?*%ScUt0$~
zue(_5`yMd+31gVWI)4e><=e5A?(!b_O7Y|h4v|j_boJ0*@w?#NVsm_)>E3)3xH%0R
zEdW=ig0oYIMfjZ00N21{Gaf<oS7gzjnKL4S{`R?T-W;Ys@#b%>kBAZdUQ8$6oNLkF
z)(+l0CaZ(~^2xbi^X8?uTD<u|+7kWsI8T4XtC{q-uPgc+M!8n-Nqn;zcq9OC@ud0S
zPlumw1YUjF#J70={a*-e_#n;V+voV!TBwbT5O{S->tUbAC7QaV{9CjhBf{%(I=mkD
zoeMRbVLiUY7_Z=6SG3%nzVmC=?f_$ajZdgtx<?Pzttac(i*@YHdb;5?9y4~u&Mhjw
zA>4_KU5I}|x$4N}g5J=YZ&U?1*A60E-0AY0#wS+%4SB5fZnk9c`Sn)J8hicuL%fau
zi2gs1m{dC#NZxloTQz`nGvk+$*W_}^`Z_)#imwShZsA5`J(J$3qnI@p^}vyJ@aU~+
z;GJt=*^Kn%lT92^JlY@Gqn?;0+!*RVPFoK#UW;Z^{C`4cG2`BlU#-xA$&d1l90UF%
ze$@IIqwxsyw96l+t*bdZH|y~HVd}TCUWM?9@^Yi9SGud}5PVHJXWoLA|A_qlGj#S8
zegWF&#lK4~IDPy0d;&1cLvQJT;m{FPP0X(=82&H{hN@@6kUE;n^SqCQ;gK$2SR01n
z#wZv*@iAc7V%GtNqb?GLQ=(z`(kBB$@Ni!T4F7d-)!p5|@XJv!R6P@h)DaBlM!|4*
z{DpXUa~OtSh=SquHaso?55H~K0fxUvC%+gx949}DNIcvR-@~5tU!~>E&|U`&&yA?M
zyc-zCMZr+@Oc+u}Fzg=%!)M4n5lzb<%(Q5^{jtup%s%asY5B7eFs!^t7{2wX^DsPp
z^Hg}}6nN<8;H5XhQ|(wfXO;Hr(zzs;<M_n#k^Zf{f%JTx3AV6yi|AMWaTmOUkMIn>
zMgHHLEPGB@ac0Tz=-Hgx4#u974gZz@ndH!9S8|)q+*X<~(8>P$;kgfDb6MKc*fxUx
zHakuGN+*4xDZ;iBY3Il(=iX=9GvLkFk^iR}JL*_s7dMilvX(u=ICP=)rrpr8-Hv20
zEgQJ>l(Cc_M@->$uGGL%WSHi98oq8n`|bOohI@$blI>P@6MLNU{aV2DOBrW(v26*d
z`2X;U^oP%stV-)Xuj~Bz(ktWr-~R{e+x7wa@_hMMb{+F4_$x1uy#~^|KT<Edz(zaR
zw9!^$Z+!}Q4C%1ZTCk3`(e8gwu<mT5t;UY}+YTG;5YtAhXM$-WFb&&iJFUI;0=BLg
zX`{_%FXpC>X`@ANm5+gG*8-o^o`ZK?=_1|Rwa(k>BI6IYTprrs=i}oO%D3{1cCuYU
zD~g{~%-k-<VbafVbP&pahyS-j1JSuFMF)|&D<?SOIX>ckWNel4%bSnRUrheW39k&Q
zSq-c+mp#~#Blk2h_pg7^%3pbya)ZbLIh4Aoj^wsO=rQXlFI##AeWyC&&AgKp*oI|C
zO$YC>n}l=OiYAi$^;PIG<eeOBwlSz}H}_B3c`w_*eYax}`74v#9MG%U7L4t-)m~)V
zNxZZ2?OJU=8E!jlcQE7EB5A>lSIoEe#?uAg-4=Y$-R*>Lx!_+Bb_C#zgPsZJuJRH;
zP5u9^d5LcVPPLyvUgGO$#|Y;oUe0>vK=(QD-8-O%N$dfm=|N{bI@fV<o)hht)Pmox
zbZX%<`<6+~PJHzHI<uR>EBu&)?gZ{^fYv;NjNri-Be>_$+`v)FW<BBx?4?X>ni2dZ
zd+)d@M&n-aq7u8Fa>y<u){oe}V{^gXH61x>W7~xDH+l9}ukpp!c*r|@5P#u~w;4X$
zCrmy~-Q`R!0x#WBIg=+a|4Yr8oEYewGkGpJubjyp?T2$FYcIUoY2{3o&()>oO}5*s
zBR{gv9_+ly_Vd<YXq$Y1{(JH!C;K1xAhba^u^qbwII%U-_R{q^pS2g1+<CJgwBfGH
zLL0uqr#pEg*-tWfTlR0Y<<3RQ{!Zihq-6i7;HAm_#lWU3*<Zr*u<XC6ah8I|rO-zt
z-;0zl@xXB)ANlHL0<#QYmsS7G*J8f<(#e?IH&4bbzHDYJdFa-%mp%5=Qz!8|+q0G&
zx@qKouH?6T5lUXVX^--+m+(9epT3fprtR5?U*7`$S3p-Ipt))It4YSlPNO?ZMQ_tQ
zFISiNJT-mjvmW2MQOJ#2_Q+{`Z^V~C_o!r2H<5a}pLHYo@x16-2IbMY8sZr9M((Uj
zLk?`DUA6fLZ9e;)r)DF0aGN*_myT)IEu=lwO@kjq)?G_(ag|p)($}S<>hob|)`C+e
zaPj~r4{(YFPRiF;0-TNlrxHiZo{|-w8uDQ8NoJe{z@&ix1uqrsIYZuqvz((!4&TnR
zA2Xho2>(*kuOmEv(f2X@DF)-)F?QLqKm&Ur$;v@|Qqetw*x5AinAqP`-*G6}^vRe-
zITUKs9|POYtfSP|`TiRC<s9W0>=Txy(BK+)<s8Q#bME9+UNeW>^@1CA)UC3a%C7P%
zcIIe0{UW^EE8fjnSv2o%X3XN-iqEd2&sunSY9aSgz_X3Al@p_R>TK5Xu=9K#`k%q~
zEMBxszN8&_=%+A;$&4=@``>EXRldYp?y8YqupWJEHFKF9p37u(hG&>ZmghIsQ@@v7
zW1bP<*V_s#j*_!F<m{ZYy7j#ab5<YWPLBs^Q*~5c{CF_>h&{F`?^`+SFXYELW*+-G
z=H*7_2>v0b$IOARJoX9UwG)18{p|Ld0~SA4u65<QceAF0S<{a9*h$_p`Es&}>mKHo
zu_@WiF`n_E`RqIAnu$E~7Y_a!{L?zm>SCR>#<u?Jj5-$;KVCK!Ti?*`dGV#tNzw&$
zV$sNKXyir4*z_SZvIiIkoT8DXooFQFOlk{oULqPf7V}2+?QbT9X=G^!jcf*oUZ#E|
zjg*l?TzGZ5gGQ1gXk?H{BiBJA%4PCJ%Jl34c6UG{X`&I%%A#qcj<$6djOZk}_Ch`5
zHgIQGmo%}o3z`_zwy6u6NMH|X(S$Yj$>`t~O}qh3B$+gE5SnOa?xKl<Q8dxq1x*yN
z_kIAHP#u*QO$>4*hiPJIpnICg?nD!U_rWNd&{~Nmv|bj@FAYS~L@R4Jh&AkZ-$4^e
zVVZaYnn=0`n&^7JWz&P!bRFk%(R@$q*+CCceh;FDZBs%UKAR$X=zMmcaS`zfZH<55
zewVu$-^KY|UKpDrxGG)&-<qwF{+1KEfbpgJM1QJ_Hl(-xE#eih^>2;zw+s=h6^%n5
z<%jWq@d})^{Wrub+&(0<VKyJn|LMB_ztnYib)oAPat7a7j(4f+uCsOBc#B@wMea#E
zbX{WRqUCrqa$LSZ9r|vbH%I!eyO#4Zblo~^U&NCI-PkF7*e*RojUc&QgT6=e0x$RN
z5%42RW3DiQTd-Bc-eNTRk^5`#Va-HuoW|aVdrC~bu{f+ZO8;HSy|A|aTgd$*=KO-T
ztheUZmHs=Ky^{2x5uQEO#ovpmNh0=1xn?)cyHNjl5Pd6BCx452mdst&>29bT^wiKL
z>eZ)Dez;zp(XE~1<LTA5oufOwx(<8CC#_ctFC_Dt(IXPWXXop`th00SN+^aDdz2kZ
z`6$n&f8U4S6SATc?sd|?qhdCtZ#;ElXv46<|9g4b9P(^^-2J;<xBLBj*XI%cwLOW;
z+_(RC?@3m{%cA!rg%|AGyWEqkv-cz|oXJPyQ^%f!xaVkIRtL^nar$9?2HqNFt0roH
zqI3V+M^{dCXOmx+eM|Hn{!;fVJ0p0Qy@wy$v4{WU_A9ggAK0%XATt!NUJDPAAN$wM
zvpMpyz-MY%(;ZIB_v=2MYhOc-f(!7X)4nDuCSH7|^ak#&8uan@HQQeN``*_)!uURc
zeNCr0Y)2O`zSMoqan9kR>GyBAujv$r{c;y$`@en7-zL^`SaN7XI-joc1pL=z-T#dJ
z&52KGw5)52iPqaMlywI7mwsQuA08feskSuh+^n-LjeINEmj|`wat3Yd*JWY*asxgZ
zpR_IQGf}cBH*8C@$7b8oI^U6cX?8TbtyXNy%0Xo7z_uN&<2`n?Kbp4XOSPj}_mD>B
z1(4n=|D4}`(ee>Fp8xUW#;3Raeanqd!^O&tf5VT|${j4&970|z1|j3ziUZtBx~&Xf
z^DhIdBJj8nSzUyTmalCE&n_yrMw}HJ++}VJ?5TEc4f$FX(g(3KK`(vWL;L?{Yx*Q?
zP3LnHrQvg{JZWQ0e!RoX7i|#Z;Mht&^Rhl>K6A-QPjO*(G55i=KeW?~$%`)IV;`6~
z_=aE>zPmBSY1!uch@9x2;<SKWw-ubyxn`=vTG#jPuySMT4D(%nNBVae<bNq=-Gzsr
zof+ETU~Eo4>HUejNXRwgw4UL;>ZTfwwwC0LL#(sV@LZ_>{2lB!sgv258{EV=-G;F)
zy(y#0?dVy>zU6o(F&BAFN#?!hX@+6?jccqwtZ<Uc=EGs)A?7K1u7<;?wCDP9;Pheb
zz4MtD7yad0$D+0o&P7LuyB2lt15V6VzI(soUq!nu6O3SOzH`5`Ofjt1eOsT$c2rk>
zJANqf{xz(d_EN30vHh@jn*4|nnB0>b$oP*>Cjaz~&;;KOS8~8Vf6&re*LC%EuB7eX
zCYO7NGfl;Wc^~4wUi^^_Uw%7@(2sB7^DLj1PaEytm-5?v{MP%-{rT-J$wqtO3G124
z)~j5+(O&jue)|vk-LF2sU1hV*SY@XD(Q31$pV40XdVc$>f5~r;+nL{<aVWq2^NsoK
zr-_eEK(@AAYqXytZX^M|p;(G{uJQ(b<+B6CpR~vHGzR!x$=lsmHq@{_?Sq+{Z}-fl
zZTRB*%V%zXXC-$QWE#stoU0cLhncfyl(DR-*qF6rcl^>F<?-8h<PTiB!!>aGj@<+J
zKVbWga{bmby^CMk%Kr16tKf(DgeP7}zEpA`#DQOHU&_VbJ~iuoKIee_7S<q{G1~9+
z-_2QN>yo;fq!mWyAdRj3%iI0Czq~Y-F$`Ye${aGl2*xlz592yolDq8K3)tVjY%F`X
zmodO|hp~)zjoaXrPjLQx6q`*JIUF<Ql8@10Ou#3h>bCaW12GP7&SdWA`;KFEb&SIp
z-#9Ga2Q4JL`2Ad8<hz1U?+NlBx`R5<=!t4aMRmxTQW7e0EDOB=F6_RH`CqnuK6~P#
z-o}8U-cw>rUB+S$_hw$}s2Eb}iZ2-!49(J<=9Sjf%zwD9re!uUJoxTk#@UB_gx`0?
zXEh<eTUjGFa65+lnEHq}yExXEK<r`Fwe*e8O+s{^YR6S*;qYN#>7hO1h}tU@^YwXG
zmAeOL_J+}32mE}%uM*#6KkyZ9mwaz%Rm@24{){u)WBVIHPlmC~-QQ?z1(t$o%s&{*
z*1!)nzMJO8R{6_XUc+CjJ+98>Gp?XcMo*vTcIsppjUP3xBg%P~>}}7WfA=GOFBlj7
zY<(d-t^&ptA0Ags<hU5qQO0(N`OP-K5&EXReX+$^RdtLlw$|l~N$crr1BNNUp7}IR
zrCdDoa4>F-`B7jfoD=Q|2W>bXJ>7eJ{H?jZkDAAG-OR%cUc13-8&BD@pKv>#s1`2A
zGMD(}u1sJXi~+_T!8kk@jaBp3Tr^&dwV3r+Y*b92yzDjP9To0PW&Py`nYk&?r}fQZ
z-ZwFCt%(s{6VGx_rpebChwwB5Jaw~1MYPv4!UzuD^f}*T?#FJON$z*-&gdptx-V6C
z51+dkyLOn46(jE{X{eb9?Tv%>-ku3h0C%>4Lpk$}Ds#Nx`9^HnS<oOky&A8DF1`4V
z5@VlL>vEB6VX*(Vz$(+_%~{PHI9IEh7@ot#XSfqdawa@Zn|{VI-c(mo$?$WbS)5M~
zXzn#7_Mr1T9UXMWm*jCyzU$!zXs97fLqq&G(T`&A$V-{^8Z^{$)eXL4@HVUd>MEab
zc8t*;^Dn)8?%Vri4)NmCvU~bcU-|Uy!lQFHlS2#~i5cox<{so&=BXeCng8-7(EFAV
z<PPD#X!q#njK&N{T}>vqn)$@!Dtp|}9J%qqrOC!X!Px;njRzjdi(HvQBlwhW_l%|f
z@)_F~(q0_A%H~rh4~3ULw8`r$)%tvfyr<&~d~H*+h#hPUO*Tl?su;fbEW!ThGv3Cw
z;h*z8bi`4``V7cOZ>S+JnZ?8Nr!V!prf)BG#kQTHu6TGP|4zG>b)UeQ#|HRTK789X
zVEg@Fy3scn9NEG7eJ%QC9ln|stl1{+E_R03Z1cCgz82PW-xOngnah~4ZJtqekeqzF
z%br{#ISYQEyUL9vv6N3wtf`*oSW~U?ud6(F@MbXQ)*7QxI&9H=$`dPH@>S)TGnT|r
zXD&Q=Rk%(wby_H^xw<HC*A2D7Z%=95sf;@n8FM+`mm_!h?7n>I1M_e6DPM!Zo{zh=
zx&O?<ZRJxDevr2~D+9b93SP%+&BAhnGwlIyFduNQO??I_C%8%GX&qbeS$i3n2#>+b
z4m|$-=FWI*^A31^^<-CK$ur<_9e7*^9>Whzc`yNau)~>LvI{)k3=SWOz~gGp58eQO
zMUNW0_>(=yW3Ckcv`2EYr*N)R47^H#TQ>a!@U?421}scQ4-U(tBoBK8-anPNrn(6k
zDE-p&h&LcVy(~wssyU86ZOy61tR%xznaO{2wxG?wj@Eb^C%cRj;`?sLQ`M7cXDT{l
z=78@EDfnh=)sz7h)h|El*p3fxBd`eCe9XA4?h6M-8_SxrjAbu#_o3De{59`G)A(A3
zmrb(QZTVMk@Y%Fuk9iPdHi%WT#~Q;}M>yiDN;&g#Clc#^t+#!UIo>#PywLY?<J*pN
z(it+_hgC_ZfTsi{AC9rE8<|6e<LT=7tI!up;l0G_#*BdG;*CaI7RJ!Vw5g*^9vVM~
zcPYrUEiPa3Y)|G8=-BfmWZMYJ@4gd$ap!jTPmN_2;IVs$v8)w1@xHMR++Gc=rU*vB
zCr0=UJron4yMX)Vh2NryOlYEr`{jY>iPhlxu>kjQm-fpnqVBY*!_6_cbGZ+0OD~^i
zgxlxd;_<Z%Z<^E>9j@Orqdn<M$nn|8@qETY-UO3pmBO<gax4>kJwJs{KpUcwL||FV
zx*uiTGgx=QGM04~EQ>gUNHpA)ZvJPm?*2y|=eDzsb@_8>ch2?&%+Jp{*0GL0*6{&y
znMSWww9fH1wo*5+bnka+&(JQN!`9{O^?;AF9#3{F59^RGlAWSI$v|5k7I7b3f!1m9
z5EDkR=pM1a47i>sxq4z%1vC&V`3H}Wt%Ju;G};s4@sfp-eXVV|%g$~9C*YY!Pk9>&
zKJtst6Ng-)wG_X1!~5sI-o4D3_v<K`Gnt%_%((@=T=PLF`6%#@DJ+|jaiw@*+==*=
zYpP!+P9=@@XOo9n>tn!g*vAA5;WK65bgmbk!_$MQ>?>lxd)@h~xyRshiEnK1dia3Z
z?ijn>UY**_jcAwi7qi_3w5v5&yV|e#!2#JH)Ml;I2(J2wHb+LZ*%WT`)~K=Wq0Pv#
zHqq{1fq`U|c$Q?9=Fzc72<yhtI5P+My^U;@F5^L$$$ZIK)%rPaqjXgd_+#r)=sp8t
z(dDEMx<|S)<05n@;cA_0=5}BH%%##*!IOPAO|tN$CEjc5sfo9HGLNxd(vfUk6&(zG
zp8>wlu;}PtX?r{Le>?R2>91u9M^YW0lKD^Ke@g%M-YKhRK`ivU_+FEa<4ZO_5t_A$
z{ZvLzPo<N5oVHGq!QARxv$xllCkI~0Pu{-i9BT<bu<*mvR)}rXomMs@G<<-sb+@aE
zoB%<$*V4&D&-C$CWR%U&eX5~<GJ-ATmE6U;c48}ctcG52<!H}(Xt%TKci0|T)A6UC
zxy9#k#P1bfsi)l{<Wnp4O3Bx8diX6q;I}`~k+2sWF`pm$hI74gHYw+t{2sRPzqL0p
z84Jc`6MqwYq5RgswaAo0Y+7&d&Kqk4XQm*FUAG4A#qRaMZMi=AN~pb8&9<zZT8j19
z%>NMWkm%gZ|8xo;gk<>Qebl*~`K!)Ov(EYcpWwgQcgcjnz2Mfn!;GrOmBak2-r!Go
z*D~L0+Pb!p>$;`f8`OAPO08#Gc~;A~YO#eW=k>EH!`|Jzv(Ysxu)~!Q@bd2aDhJ#i
z=gb2e068|gj&D3VJRdtk9`=OXMelrO&qCQvPSa-tZMcCUdR~>g=hRB&DsFwqyz{}N
z@jK0a`}tbGt-MzWdyAPT_|qmEYT}iTS3g00<?8<r#xA+|4b1_%6kf#}@s(~Pv9jgn
z{=U{qBe)J4ZDsD34c6^n7KT9~IT|$o`@{1u<G($3<%?Kkjv;)HWW?OR8lL+s<}TQ*
z_-tsyJe8%bdEvI2$Yb?ol@l!S-B7M4`T8rSQF^e(Y{z$MTq;+1&WbVV>i!AsErnaD
z<dIM9;qax#Iekri%O@KB%O*LYy;SHdb&L_*$sE+4fvuts{R^)$j9T&=vp<2hC-CXb
zbLEaHgC7~(vv@UQ7Vk{_J#C+J`cnHi17*ZVBo`Vvs(0UOx<}HoX-DRmGIP_g9>Zy`
z5dR#_$$FORPovEya8J0B!h7YXxfVFJ_Dea}{=VTOH{u2P#@r*l%QRl)yz_XBfs+%B
z#Z$2V`{6+a&!tyY8b<${ii@*LJaLtUj?^~<d+bbEi_P3P$`O6ue>K>TJTLEieXYH3
zIQN<heRsf=33UTACe+1`nXr;^scun1_Jr>0q*5mxSgG6{;r7*+)-X5xd?wHBGTpTU
z4JW9LDsY9|-{UKs-o}g`#@LEp-r#n4@L={piP%u&1LJw*&h4ARZO7c|&50f5T^839
zIp~U+MxNy*Pa>Bmz$eFbj7NMTIqQqsKle4pTX~n_{XbA%D*mgF)%52_K5pA(RAr<O
zu2HN5yi++?g7*UlcdoHtIg?)8oD0uOGI`!3=rhvEef`R2D2`F%|B1#QYmL7Sd*l<e
zog{l0<37auHT22(R7aoM%VeY{)$DM(+YV_z^CA6xo_({~AHF=g_u^&vtZ=nEn2Lw2
zxsAO8V_3`lwgAUe;8Wy?nP$UptYdxk6YL9)NvB|ZVg5{xrLJ)V`Ix}kwC@bV|M%f~
zU6q$!F1&h(I^a^H+V85I%KXCd(Pf-Y;+(q~S2pk9YgsSBKVFD|7sCJD$R?X_DrQ*E
zA1AgY@_7=^>sa54u+9`SOLs|euLwR7Z#d)ka<&-er}6%TE1#^skNSeqx5}OC6=xAy
z_kC>QA6l0&sqTZ+m9C!7w|H@qkpv%3sI2{>!&e86{S$K-(#^Yn<XyCXxP8ZC12WQ%
z*-|WPi{?t~Q!4R5<@n%99=qK}P<v80eA|Prj;`2%-fY>~S2@?K9(QLZ6XVOBeBPYI
z9^^yitl=#0?x(Eq_yqHme0hg&@w0b$r#n9-3nTNl{duNxMxM`=FMPD_H+8}%U1okQ
z&Mg~`a0WGHs8LnS2VLf|Yx$Hooo!QzqljVrQ?L(spzk<`r*f^sxpysmV57s)RtV3F
z<6R>2*^Qkyma>az;|1y$@jPr_3#iN}M||ZD{Keetr-`Fs?-^g|pq;4>L-R{enGufI
z%2LYsutSXCy?!@iSBeRjpGkSyTjrT?i1&Y!d5fmAsUOSp@qD+Tv$(JD`fAB(q!{Le
zm5)~+4dd3mz>Az~0qNtd=p_0sn`b=NLLb$%Rg3P^#`9zF_5{{s4tn%L#wD2}y*G}v
zD`dRN*L8S{c_&S`ecj$oUuDd#l)k+3(cI$oB_JmcxvV~>(U<y(r61l0chQf|CnVF9
z3rzQVvVLYBhG-m=JTk};bcQlH>KmJd|NCC^PGapr*)uIkPkh3(%{bf+UoE!0JNt2l
z2(1a11jn!ZrzMBg2Dmms{Ngs+vfd{$j?TEGK2_%P;WA&D7~1gHzSep1+1ZlCPV)?H
zF1$*z{yBK_{loI$--&xCPclv{0)OiAxMLQY+kxJ=W0;X6USEd|KFi_WI|seC4`swd
z7Qo|u@LX*5IU0xV!4mJa?`bQ<SC_Scw-_Bfr$6{0o`dnU0estwK3|pDv!HSa&x_#6
zt>A^`pmyG#q4Qen?7L_)KDE#jcgpPbF+S;YW3R5LZV2<9ud;sNM}m*BLcgXScp97i
zf0}J1_{D>K@UJBLl)O-^o8UB7{430ZZlewHAcJr5phWaQ@u0#t96s`m1%JZY2Ul9}
z-0&xl_|q_lk9~RYUwNnXkA(5cFpO`Hg7G6^7-#a{hO_U(;EZhh?}YPXmjLHJ-N1R}
zCBXR{Fch4>ABJT#oEw4V#t((_g?UyvL(G!=6;7X%9|(Bx8&fYy-a9$dIPnU+zIC)w
z)eOGg*CR0D5HV3#GKMB_Q9L>lM>V!)>I)a8lL{B7cEBjn-#m=_#KEO^!NsGrDO?-}
zE<Qm!+E@IHu}h!*T6hl0MlyJmSlM)^!`BS1*yA|;erS9hdC4@Ej07Y5v@2m6be(k?
zoveudV~pgz(wWu2a%fK#&mCp#_w-Txv87YDKlHOY$&jw}{z#bo7??arn`cazK<if;
zCq6Gc%u?Q|ge;A_71+Gq(Rbp7eP?#vcS|=gYz@Oudk@VaFx{r-B!4R~Yz2lUJu?Qu
za6B-4(u84>|K2bRFAKxa!jYuPmfIY@R$!=eg>L5TxAEZX(ReUDj0d-M;K7eC6%YQs
zV-8VxK%3EckQbiA+hrEdxBw5r;{Xp{jKYJx;_qWPJM0z@ZtZ$4J_;t|qVeGKVLX^&
z;sG+p!h-=FeRqKe)4T5bV)5XC4j4w^0b_{9gA>3`v{Vy@VOMz2)&219eYw7k>>mvD
zhzjSNKr?b;^{P49iPG`dgG9=+&!hiHo~?lvMf<4^?@7HcV1HZ5vjyy%Mj-o2Wzz}E
zKARt_ZFI=03TG;J+1WJ7xn)=<$N=x%$Bi86kF}x`WKAaW(3X2TN7D0C$SVKt)a^~^
zs~HjUav1ORt`1rf9aV&7+m*o3mTAh_uX_!!7j?+CYmsY@o3s?~uMNYnAPhrGcExwd
zuAPi6y8S-k_NDWy{RiN6w%#8f(e~<a+t)_4Et%-wJ!iWITZ&|3gGsBMWuw+Xyt={U
zM+ti;_d)ky9V(E`+Q&8bA-5`fIpM#}{{*ubcwb##Y_RAYdMCbUKd+#Uo)`06`S^+V
zsTx7~DG~aKt(%x@(FNZZ99n^~&9nC2a-L_^!LtO9Ck2av7OqMMS#QEQ!GB{I7RO7w
z))AyfHJ}sy`$fQGF1AF$<Ppx!Y?xFqZyP3&^PbWTJOrmf;1B*WC;BMIt_@rAS$5S<
z2G2hXuF>!=is;u*U3;BI0QXqnp4AQ9qjf@^Z=34@jk+Une=yIr9+7zeRn|jzZ{y_!
zYZ2B5kFW-!t?2r*yQ-gbel5udVeUr{P+z$&R(!--KE+zz_Yq|_Q>MFIQ_8K<439YG
zO1)-EhCAgfeCLeInI+ngUsM)$71>?3VCNA1O<_NARP+IDJki@28$*0-A3g;;bA$Ci
z&t<QYm{p0s7>8}>ugH*J;Zt)<@!i??IE-=k0Lxcdn*re9HMBL5cCMnGUtvoPA%7Li
zu6w!`hs&kD;aGePWxbS5qwF-w>RsfsTX^Q6p4yIVcO=iddv>z@`UB4wFUfwVkM}Xv
z`4QtwqYr~VuIZwl#;82BqHE#Ug|vO%E)$u9swJ$KMDkm$=~3F@*|wJ6mR(c#5bP&6
zwz=2n4gE_uA&<mSX#Ka)y4&Th)P5o9>eU_k$u!p7v{^oE)A}Ix1L!C4zN7Fw=~`!*
z+vDN2Z;dtD+uwKi-X-Vl+1W1kVLg29`Pi?A)_x(;ao2ZSUE}<znKzwO9wpgqZeg6l
z4dKCA+rBo}I57$y*?gB#wc|bSN$G3Y@Mqn39XXTJ3orjUb?cB<XW-X$Nk+Cickbn~
z6YKw`cw_(J;lLRClk63f(E~QYqYrZ?s{cpO0k`vP1m$hGMbe^&=dH|1d$WqL4EhEz
zYk?M}$4Os#Lwu33Nrp%AMI#I=e;8J_ZKnm>j&!-m`E0^3OZkbPFaj_7n2VXKIMK-V
z{NkH4V!&yS13v%{v7mj}qcWZtBWbVAcTD~GE4FT8;l#VivgPLbur0JhgXTWnZQS);
zPy2lbVx29o#k}HuEcO-e3mKWll2P9(8^~T^iTjoQ)2BKrtNqvjM}lvk?`cf`BYui+
zL61k6e}C#-6)Zh4a)0Ryt=vuLGira_=8E&L<r%ub^ev$uycpVTkpGswcDYgYJpL)(
zWBKi0@EFtI!QM2PSnU3R&|}kkm0>P><F!{Dj|}PS{C4$KPWQChzO5$@Ip$rS<}T!(
zRqja4n0tADW9j7%=e)~}?75fYU%J(uR(N@Ob8Zkn)2%0dvvEk?FLQ%qoc&`@xW;7l
zf7lh@A0LNnZoh}S@Z8gGx&8RkPjR1OeWo$s>Lr&A%uN49^(*PGRA0TM=YYyvlV+}c
z{k8)Ij$YHQBG*pl3h!e-<h!2l=M1B9`UiyvW<2bDtiaJf*3D<k!~JT~9`@8s<&*w!
zT+OhDV{4}I`NfI>HP7*>Uoo)eX3E^eyI1+0sr)@^Pi^O3Re4R>O_e3NBP(y3^}u8G
zxuYxlue!OipRsku&ay95X6B|<mN?=npUu6R=ibU0tMV#Gmrche)sN@>uyOUPEO0mm
zcvelVoVIFO<u6y>RC#m+wB{P=UmzRa?~DO??2nY|5`XZjW5W&KR`A)%*KUOEGhN?R
zLjEB9uAEugFNxl6Hyp8f&cKA!*~a2H^gVnl7Ei-Qg!~+k>T;L3|9$<Cqpq=8*vw)J
zca5zi-lEC@ZuSDd3wLE#HuwD24EGhr(lw&t-p2IM3}bOC^#|kE@?c(eB{)5;&^fr$
zxx)Ln_8&i6;avYRxL)T>8gUd}_ZB*95$$3Nt6D}I?qvGqJVSQ6Dd1!B&g{K~c@rvE
zJ*@ii{s!v1p^qY`u`Ih+V1n9DbtIM`7iR5<F&2-|J}(A8OmK5SL2>q+oyOvoZeteu
z#bW&0vTh<zlUwxdN}Q(oWzmn?^Drm1SsY{Ja3)Z78)ekqUgqL)B*cy|nqJFd4y~@i
zS;Z@3D%(m6pI^9OLH0)4&qd!TU|l4;G99s%W*@P}0PY^Hyq<P|<zjT4S#{_QMZJui
z+3d+VhpoDTcf>z0E@GaoyDEn0nG?DZe1FJ1?YZ3~J^_r>-Wckr++1XcV0sVbih0)z
zOijJS1FxVD^u(MEj)1x6cC+8soVhExGELvRGAb|EH}ez^En?2^x{{}b9&;>iW4^7=
zteYWOTQtePq+ow;uoa)t)r{TU{*?osH$5p+?<ijC-f0Y=%^ds*m*T@|`ksWcfS2sd
zqFd^@fA`>0;f7>K>n_S`-ydneXTNXXD|7Dd3*&7w+}_4f$c0Y<pT2yzx!lv5)Am;P
zOM7}o|9y|m7%-(`#=u{%n^Ak^-s(8u|D%7aUD7|kcF74x?UHMZ+9jzO#^TkEK5L#~
zjZ@b-7Gt-abt7#_*GjGJXa2v7|B3vMS>9vjoS%ElXW!ykf0Z!?mZ;A6`7c?TY78*{
z|APO5XR6WP{QoEZ>#Q=>=vNZMne&a~)(nBSulvDMPt7<DEFbvE>KWN>t7iBeefOp}
zr&s;cQ;kbz>TDYLJ^@^Bi`%>;nR`V7<A1Vb@ZoRF*a$yTe>Da^2~Ea;<<Qd8JS%Me
zOg8zuvr>S;a+jxaqsxh1Z%EeESm@R;7E6ErMGs^8!8FbTS;wDp4tQPBUD*%C4ynYi
zE343z`o@suKdAXqX#Rn(m&d0lmoC0(S(ouWWO)P6zrypx6wPhO@)!Ak7ypyF(n|lg
z^M4Wl2dA{SQnJ$C4~>&9o8o?L$k)pUn$ODK3yssBGR3{0X9LV<Ex{0Of_k=(XZ_7*
zc#DnG+<wY^0h0gPBc!;0#ruBN`#@-1fM<W@o!aXU?Y{%Q4S*+A0f)Pb#$@Zh*P9Jb
z8#>;A3g(*W@l>v(%}nIdbhoqeDsbX2$g$96#*$(0l^!@mT-H4wgvKh4X$$2_9DS#4
zp{=z>S>p)SPyb7&8dq<DmSc%aD0w|Mc+c;?76?Jp^LQpYuA|;Y7d~N*Ua@u5Jq*tQ
z*Vnlz>%QZzfIEF}^)zEBduMl>i+A6q?OP1b-m4w%$~ITZ-d{TU?Cs-p?;Y(-sg!I)
zhVMP-h-rHU92*1QsB-kJOmz-u%cQ@1itf(VJLKE+dy1~gUIm}rN|_S&=Be!UU!~1q
z=%S+I<JfOC&iUYZ?87lNlO3^bPJZ7Ej-B9M;kESjSC?n62bocSL%*7s53Dlk_ip;U
zh3CqdQVbmLE?Sta`iyV--9;m_cTwg?l%YTLX7M+x-$*)EPQY__|J=0AxuK)fogVW%
z`Y5=MPt?F-@Z7z^SF^_EA<`XI#-wlu`(vU*H~*hu&hVUd;x`4HU1z~7vY4A2TCany
zxjUugF!-GT9koIyZEAaYU5y8NDWUy7?TZe$Pb@mHU|-D)-%3wPpA}nb7R;|(vX(yU
z;ahc^;!;LUG6u#h_anQv)D*NYJ}~X-(#K-xyN>sL;U{t5i%aPX|M2jvLSr-fmS}AG
zj18Z%b!!>h+TxPzk>Rn4r<5aG>~Uv0yw6W%?3ujBA8=hJ<ui+mI{kM$jBC<*=*%|*
zKR9nr20T<YO^>^INY+YsiiuCui}gM=W7@qxVBWDMyXpTZvP-xftM+LlZYtky_WaZz
z*~3sf332elx8Z%P_w-aFuH+~_Irg|q7#nv4XOCcPCVtaLN%4YC{|jihfO)4S7*z|+
ze!R~Y^Syv_>SG~u(fH{%r-<>7j6=>`k8FvUhj{L=Kxo#_ptDS9R<JmVE;)jAYh&FO
zu|9ug?WVB?aje}U*63@j-#x5f3F{Z<k4q_7QD3uY#Sd$~&Dv?5w0;Gw)t35xDUYy*
z^}OrLm<pJa-o^0y+2{JDjDe1?;<J`H+`Xdog%aSk^~%y0>iL$wI+{ItEHLQH9;{FC
zqU?Uf_hd^>#uP8iUdz1FFJq6AKC&_`9k`-*kM3jSj2d9%T$RW?2jk-rG0)iLJ!h7_
zK4$UeGoe{qnQH`|wrxh%yO&>oKy;A78e9q;<o7*~Pc|Lg&Dv%L>R+4shkYlDd$gQP
zh41Zx=Vt*^@TU40aLriht{J_;UlR*V7XstgfM*Q<7XshE0Pm|-cpsbk{n(TlJYNL7
z-&uj)3cP1*j!kj%t_?Wv0`6{}7w~)?u)iCaPdoRO18&~s@oprr|5{`Jlvtim;rUvX
z_w`RH_^dH-E$g5%Cn^^|zxsRqQ$$xPv;R8{Cm-SWNY+Gj<$k$;%KjhiKPlROmH%27
z<Z7GfY&W#jAG+!PT5hoag1fWFfIBxb_y1v<H^-9C*|SYMHqEnNO^9{BT)kkWr^cr5
z(ksy`S+f#wU9{B(uK$d3CU59>el7niyrI8Q@!Bo@HlMub&b_RC|F+@yo!D@C2O8)H
ztgfQ(e!%V>==z=FuXXzWD!BbB@ct{$M^mmZ<zA)StI$B?f9?~1{uQ2$q73@<x_Zjg
zLmQF*)2=Y8eh3YTpKRfKG<@NQ;v?{cO8Obeb00iIyrhIa#ZR~!Ts$zx2meqVKjp<o
zM#Dcw4l;5whZ;HJV_E&Vx5(y;YmIF2MVqI=&)URm?KSzI;%B9gI2KQV|F*eev&2tE
znsYa<88sDN3jZC+xXC@6qxf%=_nipMS_?nms@&IZe${uf-|(HRS--Ynr$V#(8LM9V
z(fXg9>~~p{`OL|)zQ#Yl_G(|>$-g@Ftgl(FZ`sqYeQl-x<QEL<nacG+9(>-E2Yt*k
zPt!;2xf>3^gHAZ%x4ZfOHgvuS8eIr|KfB`Dn$mynw^(%9j9jmTp2Zt0x5cJB3a&0>
zF5;0RwZ8Df5$N!v!?I))Ybkr;qtp@YR@V1T8BN_$;D*-pQFy8a3-Bon4?Q0xSnz*D
zf8YX4M$^tH)_4?r>LyQf^<Usqcf*@1eD0bx@QS|hs=MJ&#~Js^72e14;Z1#beh=eM
zU*6B;LkqX|O?igrU#snF@~QN5ix1?l*jiJ?*xW1n)zrhQt{PMN*j#u`R^5P<O}tCz
zcR6qv)i5AsC*SjzZ><@_C!KkUUasO>JWaL~H@s{<<-Ne7KrlfbTm_yk+&Um73q0-r
z0ep_R_5I0!6!`!1;#b#DZy2Ae`D9R5v~_p7>REDR-W8=U%ny_vc#bwDd(w#49r&rz
z7y6@zisx|$L(UrN3@@IaJ*;>h@L!aDb@AftG03B9uoaGkPStnOl|~M0cg<Yn*4#-(
z6*+uzq&F1i8ddX=OY@LRi!!lOj>7(UwUM)AoRM=ka%y3Yk+a~k&hn}ZyS;oPQ`3w_
z!!YWtbJX*(<%Ps5%AYV7o3QL&@)wx;b*FhRq3m7Sd!N49idDV>+%WZ&@V!J8oa31P
z?R%)Wmk7W7S!wKJ-&%%Gk!;=a(O;2O<yh&hcRHFT$@Xw45ZdRIKYbH+)iQ(Qrm{)t
zV@Foy{c=>5)@C<nQa#lMeZPL4<)8Lz+S54Xv(Wy~uJCzq=ku01J&fnl=wE$!(X~#q
z50FpEPU;qtM^fj0x(`{l_Vqlgps#}q#%9ZR>VX;fKMXS(P2Ce7sJoX=(HCnUtiwMi
zdY*CU<;>xDo_7Ry0hT?cami=qdD_*zL2cGJvhHWUF56=*&%MASvW~_hn17FVz+|0Z
zlK$2e=i#8c?-=hNfy3h_91{GGQC8#9I@$gx_IXca%yt=LUdh_qcWrEwt`eS?=Ja7}
zcRzh-?J5|L`?8cyYv;h%^n$gk<Bq8C+Rf(<4twqH3a{N)G-mevo!9Q)e5df4YR8V%
z#5f(`pVmYEyYdrqgRl13g|qh9)rQ8;-Czx^y@-E|z`eEXi_*ZG8|W{Md%uWtIUYU!
zT;_C`IG9ejx9{qX@ek)*!5;tk@c75kp8Aa(Pc87VecDbDdo3F%?XEilz6t;G{$XNO
z%W$J=6TX+aw=*=;5g0)`&gIy%c&_!k1)tDU#6Fw$yYN|RSMAQjw%XC|y2~zTH!-T+
z>$+%HFcu$}0*u861Yd{S2nx3LyNoX0wNQ^e#z58efRC!{p|0C&?O$rc?Yh}>>YdtE
zn;p-Yf8=xPjL79XH5{1jX6;#bcN#HE>DbDUR}T152LGG!0nX^}4W=93df7U4?;+py
zH(>9?uAgA8Jv7R?V57uWkh{~P@!?tajfLRj&ZW>E^gjjMb*H<ljOTVwba-;>T?4%J
z;IoMjS~Fv7`9yH9-qqizPhWa@2Tr(Bz$w}p+C{&jqv(Fc1HIVSo}pjS5&4LZyXOwC
zGB#OvVRq`XHhdRmM1S+??@H>6|2>go@xS%7rMaFOE_})N0n>rDtzUF+=L&JhS?4J_
zSF2-fQa#?2X~4CRbE2_~-yqIo1#MwV43+_V#p)pc6OR7b^}L(?&&$7LpTXJ2RQQ|v
zvw6SP)P}hU?=I+%`-Nw<z`MU9ctd{~;vaW7xr1=mMCUiX^)C2-I%^>MGvR%F)kNnv
zjC%Ozr1UYPJK$ZO%w2@?yJuV)x7*{cbP((E1KKr!r<q5N@vp{bx~!MCJ_cC19Wgb;
z<;%CSUhgGG<g-x3`B8UsV0;&>-CA_2TKXPKUugkz4#(Z~L#mAZ-OOQM*K^1pTsGsI
zw4*h=BD{vfX)_w8*8MRq-@DL5$NjU=g=AS%Ct2n~mN}7K4u2oDW6HDhaWE|phT~wk
ze?%~;05+l<@fpql>qS2gz!wU-z~MUXaEQiXd`@TOv3_}DuIVJ--lHE=zCl~8VTXKc
z<+)^RWF1?+{e^e-x~Dgd>R9JzhMt#i|Cud3Pw=Njj8Ayh+y#A&#KzSEpWjQnz{sL6
z&lOdk6M2D1J;UzPbKDu|&@&?XpMM#67S=O<YW9yGKW$oTbR&L_H?S@d^tRhNTML!z
z&L5ZW3~P4!=APUuYgB1%q(@1fV^>~ZOKu0j{w(d)vL1D;$6?-awkBURQ?IhuMf9jM
zOsn4;Xg8wIa@+6ryu1|M!YeJlnalmg(D!EK{S^3S5qwj)A1SMBx>fsvX?L>IfX6++
zcspe0p_D35y8M-M>z#eP^}zGEO}of|pwYuo?~H?2)~0l<X?bedj6aeKuq$3!L~i+L
zJo_d2D_W2%x6^N-?#B|3t{=f#<^~*&s6LN70uE$MWPkZ-tf8qV#rq4wYdAH$hLJF^
z*X-=<9`H(Q&6Jnruz9bB%k)E#ALRF;kwVt4nf2P~^wwMJr5FyykH!0KIn+OD&Cbrg
z9$)D&Uk<NXSA7ak)TizO6)lSouBJ~feLe~8if&iZuT8slfB(e&H<38fRe#aGxoOf{
z!3p&N9gQvIEZGTciiRO?2N;XX;4i7*Pa(Em$=_W5-v_@X@XF+|Q@}CBQ=eh((qVt2
zy71OF&}p}ARxG}|E#JKVB*Cw-iB}(c03MC5P&$lr3#U;Zt)qISFEA#_lNNrv%e*<M
zJuh2Q%NX4F@fYbmGR%BW-?lDc>IjT^F6E-%tDRQnXmD0k#&61)cW7i7mVRT{v_k!z
z)HmPLhu$0X*=1kcscZJt-Fx;rUA;Hw#QaiM8jCk+PG08cFc!CPH+#6BEPacH?YXBx
zznXh1<MuEv$+L_!+3Fo_#>$P=k>iV$^)|m*A$~($Bg5MmDeLfe@E5Jk+ivq4;V&|A
z05EP0P$#;)ooDGye7PA@gPZm|Umi3t<}zbohSBs|rXwcHaCq2%S^1}=JK)okMeIOU
z^gBz>bHYQzejw$<P%uXycVr45rJwXPd0wLbOP>pEIEp{S8_1zb{NqcIBZb@*l#$6f
z7<UEfo}fP55wwH*fhvIM0_@xc4)+?xn(53%@gB@+Rt$G>6>N&FSqq-8UA7>AEuvv9
z{O)aJ$d2&cI3=8k=-ls-0p7+P4tGfldXCEc5}bd8SQDO^xrKLd7BZhUe@L6JY>Tbg
z!I?}G`i;)#?79YW$ZQ|jN7k+9-XfJ(j^gpO-8$To!-vSP(wDfYGx*<x@XNU${i1a~
zca*&w8e5m=&8d60_xM`qKN)z)4<FlMa5Xvh>@yd0pO7DxLHS+Z>z848bF%)$i+`2H
zTNHnxIE?hfl~#TX#`1wPv|%Z5{%s#{#)bby7{+d3EcrzYkO^mOo%<&^5==O6H1GLK
z@CzoZb<f}aLFRoKy610otkG~SW4)JepVOPO<$15q504l{zmw^I8-6CYIo4Jy9_cXk
zb^qU0z)^SfZNlg4Ue@bz@S=z@5vSJX0Itf1rTj@FSd%HVGe`5Fol-|)+e+4<1UO-9
zTvC|0x;o2gjKfcioJ*<x1x`<8!42M=y$kRGaKx6RbN<J<n(42jyZ^2+`yJG#d@uH$
zfqwwjPq6Pe1P&@j`HB0HMVxcWPt3kca4vYFan1y%>~X5Siy5cJu5qp*57e#T*~N_0
zP2Xq0D|<}$Fec+%Xq@=$`Tc*_K4BwR-;cVN(8iOq$RXWLC_D*-aV8pHmeAg%-c$IG
zjB^Kfn!XP_g)_dG|ET`V>qEjg^N@)%W5JnO;EcybEawYeALnTuIJ2F#z9Wn?o2mZ~
z;0(6ng!QaJ1GrLQ;!0v0{B~CKopY&<ls5T(9EJaNjYEUlc7hj`5je!!j3Xz7xi)LU
zI5eWf!lAj~N+b?x9JibJG8lXr<oB>PUhw5gdwk%CJwD{oEVpCm8jT5={-I+^2d_1z
zNPHO-#+T?Z?Ti|ecp<)R;EOe;x9&slWK6P2&ElPbp1YrX%%bl>Uh$(r=rqaxMbCvc
zG&?!pmhO>dG)Cv>{yK6X&vpKut+$v@F>8<!b$6j+;4by<!aut^-(4vELw6T;v>(pt
z-#M4*XUsc+ie!6)H%tXD=D0k^9Msi4Spyk|@NO656z<t=HFIyFd;siw3+?A_p8uKW
z(Kuwj|Iqufto=b?&h^~;na??R9{L|X@!>s!8=RJ$t0PxS8Ed*3*juz~#d>|0|JonC
zI6AapvIBbkFYxm<)c<?s=Za7GTl4dDXyK#yxyJcF$<NQ-d-44I$A)!RLl!Z)x<k>H
z*O59A{^<L;H*k$~D&3Jd2OEy=Ni4X!vRXb=d(ns9cE$QRKO;|*qiqwiD;7Sm5k03C
z{qx(>eZq2|n4JCZIQpAy$!A*p`#5d(`!`Qb2))LD)~=$>AHf^mxrBON+BwKQsiUd;
zSL(hRQ5XKY|5fN$<3AYg^A-C1VWX!;{xF5q^-yo*veAJ|zO&flt|nF$TVPN+v+8@|
z$b&Y@@Wtd>wn@ba1?D)=LBny!?7g)&5nU?3rg)+Dd=A<ue6(z$?p|?|53h{85$;<!
zFClltjz@b2QkVDgIkSx*a)|v9<*{{YKa_)>Y{$by<}&^<{88;b2=8XUyYIK-v0*)x
z8~n{RX3TNJKOKV?xRUo`!`T;kXN;W--Oc>m#CEvoM?BhaOeU8@f`2>xiD#@bzZ3mG
z7!}$u2Hc3=_qnqz8z5&$oatageDsFEYUJe(r>9MOjq#g|{Tjd8RX#PzsG{qLQ)5r}
z9=!0r(cYlq-8J_6!(+cMJoeie`)2ZuT-?~LJ6H>M8C9&+`odwH$%JEQb!Kr3vHu3+
z7pyeDt5k-v>^se}p9|0P-OvZ{N2h6XId^vt_-#+twHNE!o4vf-w7=MMmflPKhN4g1
zNM0oTB{;+N!GAZgr;gdg9t0a9_LBMq%%_Ow_c5j-WH~uJ_dUSgR`-nQj$!2uh@PX-
z<vngmCLGTqcV7fQe#hF+#`f74I4P$|5qsj&zJ|HClis(6_j9;I$JQrSLWiXTiTBZ-
zoW1x?{6=EvyKtTZAKyg(-N3*eXDhPGF1HfB`KOGx23_c1>0_w$=T8xfJj46a{lHM`
z>vp76>i*%hL239|XMR`sQ<&v_X)f|y@V1{n#hyfalqAkMd(ihoy^Rx3KVwwYV&mJu
zUS$Ke-tV}$7o6`<p79($*|S1-8YiTewSGNyW)QuZ`Z*rzw&odCL;kXy^ROZQZRGHt
z;_^NpWPRUt;RoMa`344~cML*rO7_37#JPTQ$%O1eV4^dT!gHYwsY44-ioam@sKP!*
z-n7)fDr`cB`2WmsWB<S8TezE7mQzKdzV$<)dA&QV^316hv7N2M*;563k8kPc4gQQV
z{E~H$?Mw1kwz1PUPXTv62M*l`F5Q6awrn@xnCU~^!dQM;Po87VhqlBoijd=KZ!7JI
z2AfBQHcSUEJwwTjhu#>;mvx`*MtEr}zSb4MC@W&WI=Rz+^=0;}o|@P}?0MnOBhVYg
zpWD!FHiq}B;%nNkE@Zz-?t>C9I;6_%g+3R;KR1T=s~f{S^ZZ@5=l832-9l*JY#%(0
ztZUtcW9?UglWB7)g#XCy(A|B>vR8;7qjT+zY0rPW_0P`d>z;b*WWfq|%^c*5?#GNl
zUWu;kyZhw#m`Pc|Gn;a=8OQZUfoBvSwC}uF9g|Qw4!ge-J}90jdT^7wLVW8!@*aDz
zlMHfsY6cT`>?FPioB4@EmviqHU@rWZ&29)db|3ilb!g=Nd4_LUj1l}b{6T$RN#A*{
z3wc?0_cz=7@W7lr@J46imha=QKKKA0eEtk3p0VB==AQ|`NxYvs!jx~K!A+m5$S)E-
z=dO8wyvbW4Z8{C~C0$#%*;O3uSzxI?-++$^&bM~M%WApn(3Ue!^3+(e#^Tqfq0I)y
zx&gS|1~2>1R*RPjj^u3!o(6vRB2Vy@Z}>IuqUWNv=aI|HZogC8UF1nBWlj&9FuXA4
z{bS7sdvK>dqvrF251CKxCorFB%%#Ab&xOA2I`8&mczvy$w>5LtrZwUY<-OCOi(}A`
z9~!!!JFvH4KPiQ_-SGK^;I8QCFMl?k7cH$0(@`envhXWebXUtsY#nV2u3kg#%sy?h
zt=&${rsxQRxryrwx|o;n+!H&fGChLEZ2A(f6fclHx{UJ+(VE}sshNWO^m4`~`V;Nl
zflRe&?^bfOMAF`87Dv$DU50OI1nu3(cs>c*6EEIYP5zH|(cq=upIY<u-}ikH_cFeX
zPNU5+W_|T!BeBhizMwfvk2+(<QS7d>c|o+UE8Nokso+kh`&0k?XOm_--34#++?CL+
z&2Md7xF5PNgznFPOWJ3OcfQd@8^Wi*#r>)1sh#dm{ZSWVv-#`hZurvQ^iB(8`;Yh>
zbo49nvcBY14lV-bCD3JkaS1VQ-ryrVTgWqfxdRLMeFUARV%dm5t1E^aL9zaW{MYXo
z%I-mbxCz~0Ep}+>1!`06{gwAWTDCB7GqUL~uD<?PDf>g#@@D$p$A?$|v;V%d|24|5
zrT<rp7Y597;W6RU8NgN+{1g4vEgKo`KhA%c|6T2c+|Xt3k4c*iHGki<xt8&L(zI!G
zfxDMVoA3PTLi+xDq0Qzl#`b@-`M06X^m89<NaNF;j-Q17KEbfgkBJ}kzX<<ta-O$8
z>AXm1I=X+o2!28A{`73_bx&BfG|)io`CxR2L3|E6liSSu+0o07au<6xcd-{!ek|p5
z)@+^&v0rHBes}FZ@#|^iF4~e7eDT*)?le3~_6yxln+7i<7HN&{+|qg6d+>hy?#ipX
zz^#tEE71v~<yxKEMn<|F?7i7Xrv3wWR`$Qp27Vj-beHqI4g6>9Pc>gR<Ili$;DL{>
zMm|nu?5T`vE_v3`n;JRaDrsU~n!~U0ZLrP+tU07QlFVEL9*=eR{7LxdLGHvA432(!
z;}Fi)kF|1UtUY>$!=2UqUg--S_VBW4q@&wO2l!cgXu|`*MRinuCFA1v^g*ma$N1h4
zZByP9PoLa?#>mDYDA;E#`{+Btv~C{O)?B;reCxOq>}|%Xa|PMj?K{Ej{^~fdwC=^d
z)H}h>pJhevt)#>J8oc`=IMDdV3;9}Fq)jGD?-z{zkP+JO)%PzJ$DRMJIIcZ$G>+F^
zB91TZ0tOv8&OWXS9B&j}n|S^S;P$32a619No=+OLPyauL+s-c5wG(bf?a_tXp9Z(L
zz9-wL3)^UK>{xE>5+3YYG1#|av5m%I8+BAEC#CWPHWym9tdun35U(`GH79r*&$xQw
zht$&_aP{!N2agYO7L2V<ej<yT6O6`m=)d}><aLD45R2KCHJo^Mc$;q?{t8LlgEY(-
z2kqxfi801*!agUv--1Kr8G$d$hyJL(;g6a4X>-PWA`@OKzBU>EnxjA1I0XAqOcS&{
z#chl&;>--&?S%Q91Iw29KK8;^+C7R5GJ_brI;SyVIA{3@yqk~ha~O8Pymi-L_p^NO
z4=f7%CSvo&rkwR-)Av5vzmw<eSsT>8?Dx&IqdsI;Q#($z^X!O@c2r(Ij>JpOQk*nr
z&%7Jz{}Im%bw<p1-lrXnshN98G$zGTcOFxcdA|BX>fqadd>+1(>EG#FmG}FRW{iW&
z^jS;7w?EPU^k~`jll(Q5MW4*sxJtPuZ(<Fnv6cm_=~UKs3ihVY`B-byM%j7XDfBhe
z|9Cfjm79H~(AN<EO0%yNe;H-1^&0FaP~W`Erm3f~Ep)`l!EY@m6zbs%4L5?J`Hmcw
z+sx<45y4@w|2fK^8}1G2ev^sVEQ6m$HoJzl$-dZ1nUuLkRn8H|{zI-5?7V~h@4t?o
z>>AuQ7ug-8o@@(2#w#3oe}rWpJNIeJKIVOkT;Z<4vX6DzpV~TNXPeSs(>`Xy%$m<2
ze>r*G^5$c|MsEAayXq>$f7~3q$6S-QfVJTMuQA5@L+0}Y|IcLupP!pE<#cH58OE4+
zI@EBAd6jZL0`8deN?>019@e}pU%;O;uN}^Kb6)bxPG?@V%Ja$@lg^h~%JI9smV1}z
z<4C@8b|jNu#p?T?Bl`Y+xNqQL_Pq@pv-@tr-mCi2eSbfy?<D#@#hhqk-RUq)&xB#x
zcBI4R*y*15u3>7~91D^0-L?0dkI`OByp@Aew$X!=kmK+#<;-uvh7lqTq^vd6@H?L8
z(QgJe`nq{Wj^-jBBK}ba{hI&ncn|moxgTbUri;iKD|!}Qi7s{#hmm*7l^yi_%0i2t
zD}g0)FzZQ^FC_VY%JUZVPqm>lsP5a5E!irs*rh!DU~O9VGS(x+IJ^by{|H|AMv0aa
z{dKf$KzHNF>7Kfrvk%S1mm569H}UN2+_}UY6YG-xEO#hw$FGQTlY$>?n8@cde6Hiu
z3e4mqs<Ac0Ba?xH?)dyRaB2mYIF~sOKj5>P=UKoY0500~zQeiDyWsI@&RjzHaCyTt
zDtvmk1DBKi1Hq?MSF(xAr>U>;z8l7)Kp2niVBHT}XMY!gN0u#lB;)DLTzc`5oys0p
z#VYtYzRFJ_SC+v;z9Snaydo7op)<-2^NgxNCJ#wAeQb{X8b1jax-~px19ddM@37Xg
ztv`ibaSHIcn(>9tRWD+E*14+o8wUd)Y_P|rJUDaV`&z@Rm5*O*6~@5~=+gWjfrG@{
z&uT>;fTQO9Rr>8h9@w}jzMp3hvlEt4Sz%n<8-<I5c%BBoQhlxWN4IC;WD@nd!pY%g
z?16=oJ;FHYqU=iMq;*gqm-AcmO#D=6!*_u}s9a~PJ&-j$kvYAPJ-v}ZZuAHb`IH@1
zMTR%$5VV>>ZprTMv!D%AKE==CUNLy5_Gqp1k>}~)J2-dN)f@ey7kWld^o<_q9WL(0
zbNZK~leB)?@ZHBgL**^mG1NR4K7!nO3*7i4IR7W;Q2U<NBjAr=jJucfTk+sr`uR_I
zhxm#3hucLQBz}<EFYN-Kj&gRFy29a$S;<&dDEIWPiN?yZiARaQQm$FSJ(cI|MT0Rt
z42~?hi;Z!N(|KY94m3yeA@rn?;J_(pzvxkKw#h@_FIxX{OGjCk7dNzH{rx59c@b;S
zp`(0<=O!;gmy(XseLI$3q4FK;zI<|rUNJmIyvUL<-x_J@72l++;8k=I*#=J;cQVv)
znw()9CEI|_DVI06-sA=G&{~4OAGEf^nPAB^%4;qivH*CA=FX7gO*A*_@TJR^#jKNX
zP-8OpCGde$^m73GKg+nzARD-Mugzd=hZx%%jO{RUI(k5P!;{Q$X&zdav*Gca3Xf+D
z<Jsj*l>TrLJizjS(7ExfD?=OJeD{M5zvpwYbbz1iV)p=JmW}JR{ow_lFs^&L!Sw~e
zPq;qi6U6neqt|_sxc<(9u5tZMo?i;CtNcgd`rZ*1uJ56&@M;P;B^*gawtN__&jP0|
z7T2F*UlTsNy$Ia0&u+WE_s8awABPS;eGzo<HOBgJ=-{y{LK{+`fgyZk7YxGh19Kw$
z_+9YvGH*^MADuJGJ_C;}F>Oz=#@KhErPgnG0|98b2z%4uZ+ioc_-5aaeBa?5+*XSp
z^#jQEZ6?35{H;&DCfS~7(sd&AuDw(%GDfzoB=i@>q-=!lz1UAU!>_V<l@-hV7IhDX
zdDVTCm;O_M3@Lrs;md?JiiqtlTh%nNa8=pF3iz?&0XKeN_%`xgyvoQ?jNut%i|}6l
zKjLlj5fE>?>|?+%wG<g5eKxAk5aS5ZuJ)X#;brRY{&0T}g!^;Q-{woyuS%Iiq+bFF
zgoqEd{1SX;KiE*m$AcX=lh}$3bnmSCZ@w1u)t64j<i2?_Zt-O^W64{%7TJ94r>9PG
zUbJT|XUg(rspPl(3`<_RX^-MBN_Z~6mXepI?U8TG0{&NE&z0ZdG|rjie>?|S+r}A_
z`~~HMDF4Gg^jW{GBtWi=hFbL3G`=@R`L@KlEk717I*~zn133`Km^X%FC^pir+C1;u
z65A1rVb?80R;VtzW2d^7Z%eFcH@1CS<kw>P$2)yNVz&cxdZ6d@M9=AE=CTx=GJ%r^
zIC+3mEO3fZo=4zx6gZVQV)m4*@YLXMxkong0$@_W|ALna_9(8)iUl<Mvw0S6Gxq>P
zY#*l0Tz1$!*lq*Pm^EqGl4~Pu<{|K1c2~{&7&i0Uv6(NRyq9tYdlt2E7$0|R?xxLL
z_od9iU%(*ujNs4${>uMmPS|FSkHMNbVVk+h<H2*`_&>IUHZ03yU*C<qbPy95ZBuOd
zGr5Twi`#7kE6`WWJF)s3+#6%$2=5Jd*(A}Ldk}OG(=<u?m`!s=S@}d{WR7f-(Z1#{
zvhI;~_A9`LBK5<Zi_p7dXFrCXHq~KpCpvl?-v!{E&I0C=D^c-9@~>hpCJdU0uMzIs
z=LVC*Huo%S?o+>)RP%9c?)k(`McUjqVRMhPx64OQK7W?Y%F-*f&PC984mNk`nVQFH
z=9<~lTK|L2m}9xLLk!iL1m>f)*O^MB-8}=l`!V#U?(FUv*xhvot2qj1>^TZ&rr>WV
zShvu3y7UG1Csthac^~$morfUozkZ0a;_Zr4S_z)C4##&^e1iFF@9rLM`JJAD*V*^2
zWZ-|LI&<lN7X9eXI?0I1hWl6<&!lHfUjO%frkl+8{;OxYzacM$?eivIiOPfA{l&9L
zU*AhT)BSoEZTzjybeoyW{m5F$O7W1HU5w4PE&W~kTX^tY=Yzk6=^ODs?r%Zg`}ipL
zq8EF{C+TnT?CB3SY~j<D@4N8Qo#xFEZYp+EI5@>=j9rS4*X_vV`^a&vIKLKnk9>$D
z^{h4fWFNBjg!fVYe(ot+%6&m><hHq?^O@YMsGO9tGuiKi`@j5yrPD;?zi`)$oI3C4
zZrO`eX9smYth^JM<T8EZZ5`XXlOoawe*rKk=JUT*_nG5}Gj*1aqx;x(yVZTlt^5U%
zvG8v0E)(zOY<=&z_8T7eVZ+F3f9Sx17-QQp`294_kK@WhkM%J^kBO%jQ7*Rq`o~Mr
z%`%BG*_c?-Hh$$J)u9ni-+1&B@d%qgOzUDjZT_(H*h3fio5|iFUCo`4Sm{Yfs%&|N
z{Odn(_*Ns!WW$mD#?&*g->gQi$$n$&7p>TNVzKeG^~1maQ(m9+fkI^KG4$dQeeMj*
zSuxo+ZN+DOX)Bv1rZRT#%I{7bp?fq|rUoXr8$R+y2UWIUrLq55tPz}xT}kb<(XPg&
zcMC={o==mPoBibiWWD^wi;?fg$gv?Gcj$q*kQ>k`!+z!ER?M#C=9+bqn_c^b4tmS$
zvt@_YLiSG4=qAZ?`VM0I)w34%P#NXiOG%&CmERfoB7XT}U2_5(iF-qboHdTKnn>EM
z`BiAcoG|T<rTjR~D6Vs*27W`1d+F_`v9H<BM1Ke0yfm6!1`JHwEN8>_u|}uS!S7{V
zO!}v-dF*LEjGir84*MQQ<cW^-19;%n2OI9^6LMK`Ai?3%+j|1zUg+(;%@`2f2b{Dv
zHz57n+MBxlgV6sD!qaMjq0VheQ;hZarOeP;=AfgL^~&`fo`?V26~=m%lkKeuy|a;X
zy_Mm$mF?;2uR7NU{*ddFja=)|m->T<Igm}gP<s!TxA72oaF{rQ<;li+_A=vJN8kgZ
zoCC6ff-4o=F<c9L#P@W!iOS12BMpCc?F;ozeX75+vv2gNTwu-(KAo8<w}cCsq4KA1
z<{Z%FtSU58->~bLZHC{gzS<OCE@0d$ul6F_Qhn`%(txRhzJ+fpe<$UIr|Z%}8wT?(
zGN+iz6!pyy)PW-^bIROnTDjO-dFSbKefDb3Vls)>=6l<_=%b!1i228dTz3c_0)J;?
zV@l(He67wBJGT+q-4pxs0PN2Lu|LN%-UP;-$oeL6k3^3u#gSz8%jYb+CwnY2pS^ij
z9pJg{56VnrkBj}Fj_;Ivu|IPrX$&SVbiSkNEV=T{*p?&sRrB0Ch+Oycupx7PU6I7y
z64>%8IM3F3_a9yeZKy!M(RufRbjoqwy_&LmpP6oqo6A~5IOC79R;#(kI5PGlmi=96
zIF2rZxDU6(VeXBU%Yk?h*>z`SkW1A4O;61+`Y2dd6j*@&1UYSkS$vm9?Tx45mr1-{
zNg6n*GBNlOO=I7{GgCf@|4QFq$bP%B-cuu=@h0%?7r@@G>t#-6`|O7z>z1%5RQWV?
z5ak<aVZV9PDb57WG7hJaQ+n8u<9<9h=MeCnS56E)Fj5@+TkH*LUC#YSz_WjMV>8Sr
z&l&#}Q>^n|<(&w@0}t_BYy1z2<Kp)=zH7_B7$^jPYF#OTH^-Cbz;#F9KR8#ZE59S4
z7+izB+ga99Yc<D}1k8x9!oL3UqjzSn4)q>yteg}074>x2ROC3W>D~1>enp@5IIati
zLw9mVj^n4{aa1F>>~S;!v*>X&0q4kZ)Q87W%N)*vcb425;{Qqc;K28JS9CZxC!@D9
zPB3_YJ~_K$|2D{<5qEudMNeab8#>{8+f1ID@-lqRRK(uU{BNH#0eA9K%u2%t|Ix4D
zgTOe+T}5s?a*9=1ImKj0$40t!Grk7Kx^PZ0oeNC)l<99UpL?TvQeXK5%RZ$&9K4XW
z>~%hU^KH=Dt<c;oXm2JoI0Ju!>BKYlH2H-4)10gPQFPqHe;4P~O>c!721CPFF!pyj
z=ReBXhiJbQy+QOZSQHP>^<m#QUckJHKGoAF9Ncp*)Ol{?Mj1&gd#lqr$2}50JDHEX
zE#g@*G&YR<cX_uDC5MBt<ch?{@qM%WJ!Uh0`Du(Ghfw6X?hQOIBe&O4>g$}Vh&GEE
zTV&hCyp!yv?R9E<GHv&8tf6h|T+K@xz;hk&+?O7P<1+&k_nDeypY@J5;h5+jMOo#7
zmYt(w9{09z?)zibU+2E8<364H;)lO)mwxAVKKFf{a>|8K2VH0lD@@+XU1-opBJZ|=
zTZz~{gqIo{cV3wHy$Lski_FWUi5SZ6z-}OVX#rP6AM(HKs@>2yt6k-yh-_DUBD&qv
zl(pN<g-_Hno^9awUwN)I)|iFg|7O|+$ODv0EW4>+I>99uI2F#fR1RLG$)@1;A7wuB
zC*?j8Q%*~6XL}u0Rz4Ww5@U_^tA`;s*pt-F123SVx-gHH&run4m<}#&V()R9c`kYW
zynoUjctxat((0bZIJKqn<N|4U8Tbx^e~MRa(HhgY<{`U^WUF|f<maC_cM<)za>l6n
zeT(`1j=pSqk^D#I!QT@6@r<`{m80rQ;xDeIN!-Ij`{)MPf(wU~O)9z$KN@t&uf2lp
zBdiw&=2&;@0xOfgggf$i5bk7LB<|cuIUD|WhT*^Y@(b-U?v~t~Og@s|=)5J;Uy3}&
zSk3EA>P-=z^dvtNbGU&q776Cu%_iK{p3t^aQ?B9m|3o)@uk<nWxqXrL3|pU<9-=+n
zaONX@%Rmn)g4R0PgXR=ZV($&E{}}B_E~PN$4D5YrM$;te!G+GUNf`<JFWWhB@;UT)
z1O1=<Y2m7s6VtwtTR$wJY0~87PT%A>BUt)DFJCF~zjI@p^@V-QCZ!E(nxu8gAZ}V~
zrL~w$%=ctszKiHfaEgq#k>2#$@eela=Mx=sBv`}K#|qX)nWO5&FFzcfJwC?#qv5H%
zG&Ves{|EZ^C9Y5O+-jItH6NRf-^E5ANypNy)5El!i|n>(S#&I$pWuZ)fp0;Ae>nQV
zO6X5{Jw?mzUY%)qE<9%yIY{cl`qm!wi%#_0!x*Rfo1onc<<&x;&LwwCB(1(r+^}eM
z%DK>3n<lTIU*YouCS7z-ldD-D7h|^R+NRHUZF^`J^y!87T?}u(lX5nFD)*w`@srC$
zpBKhCLN_LTntSUo?di<yfrzzT#@g<>=(V-Zwkv3(%-J;QENf!Z$wuxwYJM~~+os9;
zq45XVuh}>>hkg!UYCoLI>0Wt*9G`;w%g|&KG+EZSY0}1PjAf#;vVpuC$afOoNoAAz
zu{LExnkETfM1K|JAQ1g+e7KiyBj0vBk?se!?*Kmi&IcP#@zEZ-tFy@@_|F^Qq?>&o
zducQF*y4LhZHk4hMUU29c=Y}MvG?ZjQP<c0|7T`cK9h|t8;ec?txX18*%HN@NzgV4
zs8yo2*qVS{vS4kj8*WKJZ6IKcg4Dz|0dH?JqgY$PN?R`h+Iv}AE2Xt|CBfc%69Op6
zGC?5U=j-#CPnd+D=)Jw)et(bOAM==*&*#0I_c`Z%-shb6d7pRU`1jA0W6e>1sc0D{
z+feuA8Stz3TedEmh%P$1=GO4<;mwiYOmXqDfA16Bh8W$a?d#-_^Gr7JP|CVFcidlw
zM)w_U6DvP;75F^cKHm?($BTUaJ2_;!ssI1ykU4u!uqWoDcYjDuu>b8GG8MpNoMTR~
z3&bB=6esRQw~s-`k3~O=LqChhzD~ftcGnjmgO(V^6!h$D@)u@*l{tbu?aprwWEWI(
z*B9%Va;o#bvcR>Z;c|2;?-V;;El0K+xhn$LL5k^8nYW4amTjmUS&A_~hV4L7lhAuS
z8;s2En2?uka=&Noc%%LS<i~^foWFtWn9F<l(P}Ti--3O+h&d}?TiejqE4^L=8B={_
zPme1oovIAkP=e0oP2zb?&5SB?ZC3$v_0YiDMX{|{`c4iB`Yz>NeD#$suX}Bquk}h}
zboG^;Gl4zZ=r-G3_0IgNWsb@2Y{R~l%{WDC2j4?au|AOprP#yXBD!^8Xl_{Ja&m3G
zZP^4V#HS^Pe*L~Zt_<$PVjMeb*95W~$nQ~#9%<PJYlv$FM{3u>^E>F8ar7&nru>;r
z#4hZmjLJ75M{3<h_KhyiUE}X8z(1J}Z4O^|EwsA^8qS86v!H1q_F4h<njIf5nWsM9
zqHW37apUZDr~esYug;>s?fFsuRsGJQcX@ua_b=b+a~8dn_$Hl2mt5Wd_P}S+FC72j
zXVL%tEz7^(M}O3QfOlB+4X!G0WB>hT+phM7mPFRF7|OM{$@d)Lg(a+C)r&UGuzbL7
zqub$y>c?`|E@G`|df08ndpNuxJ`g`>?GZ05VciigIP1>cmyuh-6Vn(2Z!}?VDQ2Y$
z`+#J(J05q%*8RHX^WoN-w`L6IcSXBv=deYi!^Wa-&-k_LmT;@<k27{ZlpWk%lNui8
z9?M>R!;IFNKh4-w^XD0xYyL80_sPqHyIo_#zK3&yzD4JU-HX06!?ozy8OEYU%KdeQ
z@=h9yzB}XBtS!S9`NF$T{u6Ea!nxSUcij{Sn)GSgT}jrOqS&QUzY&!GS!>fb@|@Tj
z#quSE#%<SrrX5?Ob5vS?z6$;aT7N_X^pG?5WSn(4dVfVc_4}ngtA-yqwW^wS`}+wE
z;yGtYX0lJ@_z45_ecNR{DOUW2N3v)Ld^;5WHQ{3~{2YTUiX{faRi8>ur_YfaP-hHo
zA%^HEvf~(X<plCaysbPxjj|(=6Gu2pFwUqR*^M7t`e*g@XXpC37q5f!CD|`GHau`k
zY51qWco(sSiWS;?*@}iWz*2%tQA~dNJp2WxdZspEKd0k6lZ~(3Jtx4Qa&_i-#&o4I
z@26NXlgV9+E_<3>n#Q_x$t3EJpne;2({P2SoA@m<(H&#(wM<KoX;dte`XsKsh<%Lu
zk>Eso@o)26eaqG~*jFFU^HzMudZ)U?4ZoE4NOryXz1*N=(Q^~*+&5E*w|RPeOk*oL
zon(;cpd2}EL#wak48RHwTz0D;<x1HDUJd|TJO6dQ<b8gt{aVKE9UNGgNiJCLU}NFo
z>t=!bLTFF`E%KqsXOJbI#>Z^Sl9LboB=|nE_V`!(+4LTxUcOhwcq#5hbU}cwn_3zO
z-iJ)T0(@10yL%=#G)x0u(=B`nE<1*GO9^8JZ*4|+dMtP<_KfXXjBP62OusktTmIY*
z{1jpQirW9^f-b_jJ-+17k7%QWHmYgEOFi|shk7b+0++_BdVir_H|vn%%YMf*+555~
zRZh=V5=(CoGhKTrzF%}W`HiH@`oO2|q!?{7zlduwSX)Y^le6}zZFJ~v7xgtK1yc!j
z%wL%kiUH}3wP0?_cjMR=vi*;LH4mIhul+acE|Z*f#zA~J7VlZ}BeF+#WP<cQJ74uy
z_@Wb>D{r;z1i|Qbxpt(vTy>1c-vln&cyHq-F?0+6@o&@zSVxrmw+i~pUsgju%Gqn;
zYY@(?GVG_S%sr7Z?UXTxSKp9H-84RB_+3i#jBJfl^Fw3NIT`IsI6e$BF|Z*YS_ppR
z$cC6eAiJ|?;|;T@?@e=M=GVAJFfY5!0Qa$Rw#=3TXW!4!I5p2@L!~p<+Zn%XD9N>#
z7+U~dOEI|Ddx-Hv#$D9&igC~!Ner%MdgxW|OhvcY>BFC1N{sGC&a%F8*{X)!l<8m{
zb8zW)C4;|Y3xC)3;!k}fhhqET@8Sq<=2^K#ZTvCb#ErC>&s|`r+f1U(B&*HK`?Q%9
zI$GS9CS#&#LOx}G;s7*}d=cH!x%({<nn*9ex3S?a=#fF*(o*tw3ePJRxkeQ74qLWc
z@5;uzGRrAfd%iKMmb-qJoIi6{IeBqw&*$DZU-ig1Z{W#_%wLWvbj8N_{^F`EFVD=%
zXALnQnz?Hm{1AhD;Oy}%^Sr>5CGHsO4q)-wV8$e#nAVSX{)^{=vmGCt!#l#e!#m{a
zEb7J=+u|O*L+7NEF8y}H#ysPPoQEmeNIo&mTk&@bImM=tiwxaUde8cJ`e|WZOR@5b
zrG%O;LC10jex$v+Ba7LKWlq*`*RW)qc;h?Zcz5~KEX{>HD^7s3%FC(avEt4BrOM^S
z+<T37O7SZ;J!ap1EL_^WefIq_?SXWrG>vI;yDL?8FLzU~IMp+q+*UD5-WxjYAaVw8
z-y25UrS+qiNcS@8H#Bh13$SXhRWRtc1H-exAQ}ENa_1*}+Nf{GCc2QrZsddqxf~Ur
zI8*bV`j6*@??u)qw;bopyQ(=y-2I;GN17|C%#(#Tt~@lBy?UJ!^2Qg3WAJ%upIdo?
z=0hLyY;VwSH@`Em+uJ7?_4(<kjnccTF9>wUaXzgX`PQ+hIBXIx)`2df_>Ru;Rl!Wk
zm$By@^U2i4!t}s~aeNn(!@Zh0=;gQGXR?Q}@?Y|Tb^hGoGWc_vD`^LOw&Rbdu6nAF
zTt|gvqZ<{cFdkoy(>{F3SiD`^;K2<1<TKdkuN{N_``0||fRwHhV67dGj{x6(2Cx)+
zjXTrWbAEO_wl;W!zld3Qa2NU3)|>RFyky0+mq}ivs!_FFrg7@YD{5*R-k03&d2m<8
zAY*;WI}h%Pg$D9nNwyu6A9y79=8ha&$626*V}WBFa6E6x=F{uWAb4!m0e4V1Za5zu
zgnc>5_zc?mEwCKE?sRP3K>1-s^KaIo2eZFmyfwQ1(*3f}?3~``LihVv#~s?YLi^(p
z+K-0z_d|P!?n%(y58XGqV=P)Ph3@*zeGx^|B6R=h+|i9XYb&}x?!|8gUYJ|!T6k{O
z1g!l0CD7LTPaTtYKGtW}U7f${ZZVDZE7#-&mtwEgLF;62Pb}k(KSS$GXpmVsrZERz
zTLWD?;V1Nt`cC+13G`Nch8Nvx>_aszqP6rlwV4l%8lh`6|2cdRi10xN`<b7jd@Xd3
zf$mG8dnSGRExMCC3%bWZpW+cqy1dYSOwE#p<FuO(?MoSB0NO9RxIgX3LHjW_?V-Eq
z-=Fr6-s)Z<nhWQ`wfJBvd$*#03+=rL{RR8E@W7BL9(ZY=9k+EXR{qx0IZJD~4||Cb
z=<dy3Y8o3P`+RYOf`;K*%NpKo1juU`Sua}?YG&L79HwE`mn?DzOMzAV=I8|z&=Vb<
zKH9g2EVS}rw6J&oJ9L~RWUtoS<*AZU<k*KkU#DHYyOH^C#gsB;?MVfo?J>%9M(s&`
znX;1q;zjKpwNmeH<W(`x)$YBtdp1Ab>R|?ZMd)C}4@lQpeVcv9%75b5#m-sZLQIZi
zMG5`dW3%;w&sbwSol7D*9=-^ekslk-3GNi{lKZp!2(;4u6D8>V@|9)~n@|c5cbx2*
zQZ|036+g6wvXVzr;0NJAJXf+t=f?xxl520l=iZ3yDTl8ldt%{1@m`fBf9e{FN7(Ww
z8~M`>4`xXIc#QRF@L(4?p!>?7)VlD<(H0LT(r4lTJovXSx>wx$8+Y(NXnQy9iTAt~
zUPpzv?|Rin#&yRxPs^9l@YaXPmrbd_RjoZ!7k2=hcc)?`TEGc$-0KR`$j^>WCms`B
zl=ra{{x=zC8FRoS*4;<EeoHd>!TaHDYCpWmM>`$8t6TCRg15a%!dvoL@pd_QbLMVK
zqCI!N1KwnRNN$Ib+vcdzb)!d(sY4$;m_(mRy?9fubLj>tp{K#yeQ&yh3&9(E1K^Ew
zy|hycKkZ{Yvhx=(9>u{~vWt6hMZ+$1jLpc|E@V?2xfsgR;~EQGmcMNJjmWcUCv$gc
zAEA`z$-fH(AH?phB_=CF`R!RFb0WE2#~?ouO6#;oR)#DV4`(s9Fy~wpk2Dtj?`F@~
zI$M6<8b&s9CX{_FWV6=j3$(8R|L0T2#P_T`GSbzjQLfE>YuK@izQj1IIYXoKv<7;Y
zV0qv<&gFw|!O*7<@~j_)U!K8^{0Vw?e#HZ?T62WCwN$Zhj9K!0FZdBo%E1r!Xw)nJ
zpm3wLLHyFnw*{B0I9$pa(MdhcCCPiq`Bvn7DR}AP9*hFu&m_jqOFW)~d*R&=-YxyW
z!h1~D7VbdR{QfC^Ea^{@QBK`5=C9^s>3G{lTzP9CD0x#&Kj^>pT1zBngp(R_0<52}
zcrEfBGp>8q<Oa!^6UnD1do(E&dWKy1lu>NFQ&zECA123FK4#6cm$Z)Obe&pt5A_2n
z1Ml;E99jPMg|;l0{FglEvsN;_>P}<Be@CvT0HY(<kJHDw%Jp|BJCI!O<hk(evc^8}
z{><6r`qzoyN#u+YIe*vdY`FNTT6~NA$>;o-Bkx<`^=Ns2CG!3<@dbRw-r~oS+1NSf
zEVH*pWcI_1^`pw{d%tj|%zoCw*{Dzr{C&3los*BA=CAMX{ct(%$m+An=tZN@)6-^>
z6Udh3I{U8q>8x|p`pIjpbJJPVqUCk@$PdO@w7kw3Vaw}F8SB~PbuxV>_mS7~6QzXw
z;OxFX+Va|2=dPn2M`nDGyv`$c>bc76`;kle$Vf+4D+hpLG|Q3EIjn01=#JaiS3JS`
zkcAIUa(Xm!bovL#>Yom=WpzeBS^YG=uxMG`eT(fs^bwcXY{}5#@UzHi$!pzB@de~E
z4yJV(6%S-t^8)#1wTYa~;JIXKW<;K94Rd6w#vUzGC9?}7a&_@hTduyXz4LRBpO<nD
z-jRuClb>_H{qf}I)lvNYPNywD-%XPIJbmX~K0H`}9_;AAMzyilh^xNRi!N*$*uaC(
zh0%e(O<wM3z1Q(Q%hwd$o|%TO2OXr#d?JDa_G1pVv1b)sM>c-+f7Nr!sZDQlUNANz
z7r(rBM*;S2^ct!4F>OR`o#p4+B0tw)Z2BSC^h2@fO?<9i{M|9ZlQUiQUfPxZj2^kJ
zr;5ETV#$+c=LTc`IWO1&O-r@rx|4QPu>O{kJ6r3qZ2jaBOP;@leeGlD2yOUL;L#^C
zIhP~fu*rPtnJ_3=fSyy%Ia&6b`<z=YA$QugA<0($UlaT)->dds6tmNLF=Il{+3GeM
z+ZMZnTIbuI^8`!ay_gbX=YpEza0&Yrv)O|Qupd{&I$l+Cez;;Dar4BB$lfdDx7N=#
z_U#Jh8TDGfopZ1^ko!L^-n<rnPiQZG;ZE|y%WvK0;d~%t-;3X~EyXxV%<qbo*XFXW
zkLn6AC;!YCo^8yv>_qKvY27Aoy2YEyH<70J(dSOD?JaIQrxbVl)Tf}MDR2EE)_*5&
zeMX9rbu%(ue)=EdPf>pR`4<>Pud?o_>=xkv0{9yP{yNYpl-qtFJUaLrj}F()K7??X
zAIW|H`$a}@t6MhM>D>2+=ek!&*HHfZ4s0FGEy15oEMsj*{toiD<EKpeWPrFy=|opO
zg}>vV2VZ6vc=`hU`1w@eCzEa}|G9&Y`@u&ozL&k8aem~;2<fu2fpu5ac+Q8$jEJdg
z!4A6d8f>U^?*D_Px_e+AWBoBU+H`Cn;c(4(`;Nand^DefKYTNdA8tO6vc<;1`S?K1
z2khMc!Xdex*WUyTX~@P7;7h6RS>@2d!uNB;{*ZSoj7)OqkVn6L=z#5{JCv+((8gPg
zql0=a<nsRn&lQs+`s^X5JM6RR;{j&k)Shr+S6<rrKTD^j{pcikGLCS!0R69>*t3fJ
zA{D#a+y4{vZ^D-!hfm(>!zXs$oATcNvn)PYN`IZi)pl!NiZwfj7{i=cqq`md^8?`M
zJ#=f)R_{ey>B6Gzrg)>M201?!I^NB_Z-=4pc=qTNvoIfD&`mtw4Q}(`kKOXcLf@_U
zVXgE0$wt;u=t~a9#1hUMi@r@yps&z|>dUVqywpP9PTt9Po5Wm`Pj?Od%b)ACvmP2}
zMA5i7LSuY@)31&^-_D%R<M$Ehy;1ZguHY#6R(sFEi_!R=0=`?Am#OD8FBQL&^QOtX
zl<u|?d;>G{Qhq(#cboveYnh8Z_>VO&HLec!<wWmGp||cejqX2@{<nV2{-5sCzr8PZ
z;PX!Z)2#kQ>rBorDE`4&7c!x@=Exs6OJ^)(9VuWv$!A^p4C~9M*}J=%H~_a5S1S8<
z^h)XF$)S|Ucarr@+-l@|1mD_oQ?Aw&K3WqGGj{!FPqFuZ48K`x6G!loPhNEt2dnZ&
zDK9%*zpXi<`)|S7-~6`Srnrj!<uryMV~{?7cvR0SBh9{ZqGz$eTIph4M831G$p<9c
z_p9)V?$}}v$y%o=XN@s>UC)P)&qYso9JoHJp78DCwyxx?|IvEE|5x;ck~jX})Dzwz
z_BvWm_!;L8`s)eloLg|#*}s>bFdY0jdO|ZWM8`-=-!kD(=~?HhC+z*)-%n5YI{5g%
zttZ5P>%XrjysrF-=b$IFM4d_fmtX(S(y6*1oh%s`(G#A_wDpAO{vV@%M^E^ud@_)p
zP}1A~KbD@b^6~!}J>kX(jidF1R_6Q%=?T&J_JeOnPxx?rf4H772z;MSPxut{mYxvZ
ze+>OQdcsHTe;_^KZ#O&rf4H9TM(erh3B#VU^@RAycdYfD81hEGhw}aR(i8qjE@Rn;
zXVVj!7=!eLy(2zcPxvCdGO(U-=6!%x{3G^t{*CQ@@8aQ^{M>h8!`ERuR-tQiX2yzt
z-2a~OqqU*7L)s_le;1GT)SY{HZYEDV`4QIjpd)X^cI_CFQfF|d#vP1R`*+fpbiaBk
zcJ_+7sf~`W+9U@_=|zEHC(o9mi>mK5^k~QCUdG;OH8FzGHn)#{SIjqdwqp<7&D}iO
zle;St7pVP#;q-L`|3dWh67+VR#}dwEU+YYT{HtYAXD#mnR-Gj~64_&N_6?m_zy%ot
z-}@n2{kq!nTRtJb_`?4nZl5tbdoH)quFBj4JqOBFk<uIpzJk1V?y=JTzvB1P@sBCS
z-Z^8A&AD#!>-HJ*{`2Z=@$~)2ApeYV1a)9LrD0!q@mnaKGN$I%tU}J5D$YNZy%zPA
zN?&fy4SY~v(dP!r@FR4BzkhrC)T&?ban7$F|LP!g_P*!WW68lFUys9!nfQ~mm#uv^
z?Xi8HJvKjn!D9Hq#7^4>{+5%M0pG^E2jIyU;mPNzBOg)EWOuNP@)NlqDiwc875)U>
z1)AeZ=u&>~8{y5l;4=yT;pZ6Fo?rE>>OZCc`buy}(t!6vMf0!xL{n}t8(Zd@jYoHp
zYyLU%-Qst_zc&3CbH}j-=fiKZ1#7V<SK@O)k54>;&qX%gX6(&l;7T^$+wibpdJUM)
zCbI=wUtP+P*~FS*-(>(#QjI~*2=?LOJ9}=)rsjU{o5-_m*>~t-_@!j$mH7j~Vtibh
zXI;bw$&WP~x(D!aEx^ZBf{#nNBZ~2H$*<Lg4JN;^%E`y2`uw)?ep>a%W3x>J57=!^
zj)+otN;x7rv1w*<9w_=;{_(Fyaz%I?yKPjcr%H2#oWk{X{7@S<&{XRj5iy^`b!V_0
zJNG`mvVrcz{3!fXi~r!`@{{r{Xb<6*2v3cT@YFSD;i<BrV+Z7^==~Inr;5$SQa;Bb
zJhh&AFJ76C9DY;3<zGNvIXv|{a?t3^t9a+4{|@ia=b5}?`v->n1Mto|_V@eWVfp@q
zNG#^e)BJNsgnvdy@z3|DE4iC0{_)uS^N%KrHgYEKA59iD0Mp+?7TtN{|9x4MX7SVM
zn8$%+(Vri-Wzl0#oR&o+BfRwJF#CS$%>M^-Ogg!envngsAxl0=j!CEPS@SG;6weol
z<HA?P-jSUThBd}C?fiPB$jUNe`4q#SZx|z6X8N+UKBNs-+>_hSdbCdK-0BI&&OONg
z=O!CF&C$ey;m2I3d<*z_6|W#&Qa&i@HYXp*3mUZ5<8fL3G508Ag?%>A6MT=g;^Y>i
zzF@HNQfB&j<ewoHkNpGfxp;vuhx4_HGgdyyy~L^LZtWm3Ec?(?XO%6;su=9LzN*Zq
zd=6ZZ`<%FrxGu$Z?L&839b-(N$p13xSDj}Z+(x|2?FS!v@^M#8UE6;R9=6OCU-x>v
zQJ?!?#;|uh@s{5CPP%dM^>m}Y8kxR%XYq-dkEA6`m@?s_ug`EL49B1R^%<T7{1ki-
zPI$xm9-43oxp}@m!<+Dg^&Ok=uJs+C@Yz9nJ}lwuC++=$&#H|@#)vm|`m)r{yFC9a
z-`2BsJsX_xg!OE&{p_Hg(Z2O;sQt`kWUH??PN=Teel}RoViUe@J&U!UdG#zlVYu~-
zZ}l6mXTuWS4Xf@j``HL1dkgyDd(f&4+~Z5M;#FEBbT*R$-MUvP7yqenF1~z^JxSf4
zpt906<b$o^p3hC_Q{FhEdoue#z3&xID<9Jcn@5oKe%(!B#p$!pC|$SE6;}tHc1Z7M
zPxxRVbZn*GY~q=gL*I>GHY)R>>9QJQ#B9c|JU#>Sk8eQ!nTL)p{_zt7B>sWF)@h%9
zc3DN%3!D$oKD71+Yv@C<K<M<-wZFKAdb3@zbr+(;3bwVtCLU{JzB~?WkN5OUxr6`L
zmQBp+@(c@w`{5BBl84EjFT!IYZKz-DpJ{5pKOW`J*7N!BvhGkUrrrMdBrfAa@i{PV
z(g(!NCSde}8}!n3G2ljfdJ`D8XgHCNY+&I>`ucmHY8oSZ5<V%K1n!z@n492i5;$6R
zu-N*)8h+5;Uo=0-u4~5bwD<r#cq8xCK0Gtc;T746(Y#XPHb(a673K4-IW-je#8~@8
z<hrll53a<63B*7^qk7R~BkwPY&?OIeFDkn|Yd7$^fcHh0x9)Y|)&F_)`6A_uu|uwX
zba}%M_}xR@&62&;*+`lF&^ACl$+UO4r&90R7}G^%cVy|E?!J5n81!7U+sm_@vWv5X
z!x-j6@A!_fR}@uNd%5Ce?H3%rj{ODZpJcM^QsotBBd$N4eq7iscOjFdCp8q=`LLAB
z;$?p8+(Yzz%yvv=RD3=%Hy_z*rcdCm18fUq>rrH@Bl~Nhzw8kM9!P@+YUu|*f`2^n
zS~6biz+J>(1CyV4m+38wi^J&V)|htd9$4UWXeJssbk{rKtQy_dp}W=y(bS1wJNdv>
z><ig4U?8|17+13&C>|AF3OHk<IA3CL{U$uMm-#fYtURl#(pA|?Imr&$qqos_Cb;4M
zONEiK?~RPTj2x3C*mfH4BH(exc{$_c43qz^$T+o*iFO)GZqzt6Pmdrk<09Y8hkBJU
z=(DZgcol=02#-$%mgcjJeOYYv4PC^^FFVf|*~B>JS$&bO2pIjYm^$uG&ECuU)cYPD
zn^@-05+1Ixc-^$_?ki)TRqLhBgKUPc2EwV<*?ef5nf^(OAFQ=@f{`7~6RY6~@qi1Q
zi#OP(u=t|Y{m_rZ56>}<HSorR{|kH}dleY1GbTCEwT7{KUBnl$o=7IQfN$$Raz(L&
zY4Dil$)I@b3G4jAKy%?!A89UV%+7rHB<E26-gDvOj``o?K4{FDAA8Iz{(;B5^aIB{
z@nes<iX2M+sC2$YW1cBnc@TT-gYnx9Vb6UiYlvyxi(||C3+s_(mb^a_CGY1Ek2ESW
zuSXF-_%t%)75IBK`2*i1)=TG&?!!m+4D#wYd-TeIC7+pcfY0UpB6e`mUFG+3mMzhr
zGKcl2hjYp=vR1K{HT|nm*{tuQ=mo5~(sc@`6XQv#lYV6&*Q9fmBD1=ft4&9YO05x{
zoQ;&6>>y65lRgh4TYd5DsRMrob(BL~KI6_IfhRLPUe4-yyUI9crE)5>5!uVSQiOc%
zU27B*Ah|AC@LZg+LhF`fxz?^Jj7@cFfYr|NrQ8bkv-UIet3+&=eDM1j@ce1;eKqzB
z>()%$ukqn@xOhN1xT5H=ix~G+(Ba3>As0H_3mv+_oqX|O;#=+q|ALb|GFH5N4mm#;
z;lIDDe4#~$^*5ZI4jN+z_gn<Qqv#Ri8NFk+XLOzPxN6qR<<O(dqK7xMF+z_FkJq9H
zXL89w#vNGrq7CSo;o>|4@l?9o+gay@$28h0VO@6CdHGQt++P)id+9^Mzk~Zxl+zfc
z56aiQ4f-yn40i+U&>H@UC4u7|qiP$HIS;$r%{f`@j@?57hqS(l?xQ&4sJ7C{Md0Wl
z(lKOXd=SkB%y;D2!r(PAqHEj*9drjrsZsr8N6)cCOZeUnJv#X<_}VOe*xQv4Ez^e(
zYlL5XYYe&l@Qs@fZEI9M#Wcoa9C`TVtF9+Eit+=np6=#e-I<&jE8tAM^cT&!T4<Yj
z^_BH;toM(jn|=%XVivY(VUkh5jP<{mIk5d?-mcegA2;Xq!4E$9`iSd7@7#U<oOj|M
ze)65svqQ_00#EwUgDxujTGqwrrIWCY*Sb^cj*T?xL)c7v(NEEHvwwhH_yTs|7I0QY
zn>Fx72KaYu^`kfE1*6Yk2{!SK%C^D-OUmu}>*N1COV{=Jr57(PFU`94p+R$IGo}lH
za~Wf~Xz;kn(xD$O_*&LGoR95tSN$l+nReA};d^cQ^sE=lFU~?oEXrprCS$2BE6r*t
zpP1D#gqSE`50+<$$3q(_d+f8ezI*qruHf&^qTe9<o-ord{YY}(S=+VF-v__`z2*K{
z^b+8n{ITI~|6hQ+znvl*r5&D#jm(!=Y+dQ3Tam+M@Ndp~qjDc}H3lC{CgqUVp$csM
z*~IkT&ifZP8P~s#&b#}QMy2HZ@@a96=<5g9Z8CPs=9E3CHrkQxD_r4MY#z-;{@OWy
z`~O#2^&$P4bJ12zmUQxV>_x2uvzUX}O*`~^0l&q!tFgs3N26^hy$|qS-?Fnl&+q<a
z@MT#sVZG-fXP)+_%|jkaZ<f7Mosb(wR;`==cy1Vf!aChw;liG?_kTu(nuggnhvM9-
z*+ZDmr+tD^e=5Py+4W0HfFHZf?=y`{v7w9F$?>dM9pdNww6#HY#TB$c*@K&yM;${0
z8#qT)(abug@ySlH?G8I9z4oCUKU{x50rjUzMmcuZd(dtUZD2Dzk(oYqK>va4N7-ft
z&|Ln5LdGb0v5$||tbNEG(NgOTa1>q0db9C0d)?o-+^9_B*~XL57+Tx0d#C+SX~@+Q
z<xZ3T2>t$I+S9so5#Q=VI)nTHzvO)Ah47R5RNMRc&IK3C>30EssUUset2pQZe;2u8
z(M1xv@}SX0@Z!bz0DJhq8U8##J^2BD#j}fD!|Jqmd7&$z?m$uiKcn%(7n6*v=b(r1
zs=k_f?fp3H{YhDlt*>=XzA?p4_g|O#`!gQzeBj9+(8s&@6%MinUgnOk3k(UY9lppo
zm^P&51^J|!fKPY0>mKugXjY=NH?n?-W)p$WmV?vfOSN>s&L|zw1wQ2O-HQDj3(cN~
zc3OwxSU;MeNkI65CI;WkN6YskKabWB$G0OtZ47ppY_e+bS^#~VcluU)D&zP-oU)ss
za{;znl&yA#Kk!_}m`5KrUuF-;m+inLzC`b__|gwwi)SpqRfO*}M)`3Z{?r(yyEwXy
zXxI#&v_<JQ6C&@&^R4;|lIj``fOGlYz2NH_SHceQ##(siBIx>Sc<dc`zDIr1*Aw7#
zBlm1v48QF23=hd4wGW;<SDw;+=O4yX&OTcAgfnx}vp4G3T^qg=!z3&HzXB#-TA*?w
zdXLY@t=x-`T>p(Uz5{{EHhotID$}pv4vy)@w3pM2^)uZ@qVI&O@|TLaA7otb0}mOO
z+xkpqdv^U&!x%nsVd;H^-q^Z;%lD>Dr@p>@$5&A^-6+z2bm4S+-@*IobMx&dU2XgJ
zy`Qmt`%A9*VBh}robT|R$f>*?n0<p7*BHLdKxOM#zK1iuDd->r=nkd$RJ6`*x&T=O
zoYfcDYaDUpBUj%>ZV>kBE3l7|_x`D$G^SsmehhbIn%Xx8Rkn`Pw^^BfsndR6JG{63
z36b_E*zK!br;l}<+e)C_605De%98Wd=4UIpJG-d2KJ-ye%~sZ%k}K@>W<1|L_`KG$
zPoa40cHVnfR|M;qEjWi)rs@2Ikye>L$tYUQn6&0a#{oFG{^6<m+fMYPv^r}PbNj~l
z(`%IcW?G}Fp{MX-uTe?<jbn`svaPtN!&;--GuR&=tDFz^8Z{F*Z2su$yYJ->@NV%3
zc-Owvwy7WNyHA>G`|k6m;-h8`UW2@sp9sJGLHUNOq4SHZ6$AP1KWzN|<2@-3z7I3!
zYsNDt#-H}hPQLE6&M=$b8h0$?v-zs8|J7;7m1xtwb<~-Bl}voO#aAPZX-_hS4}<Rq
zz-RYm`}VjmU1tR>f3MSD4QF`f!N<A7?fxvE9=vAx^q|`}>GK=s(AU9}Jt-^48q-E)
z&`xBI2q(Wjhq{yDqYoR)D$2-T{d;_lQ|ZSUmwdV!Qzv7S&(i7J^$B}i%u`DTwdN1w
zQS6h>Q(Vuuj$;1{pBMMiq^}>)X-j7<E&nj~pY+-2x%f%WZJ%CW`|9hx^|9@&`m8ys
z@62Pha}1xUU|7i+4xRD(Fg#2E&-U2+`m&t9T&y|jtCe-GKdi4KH`JHqw^#mpY;VV(
zjjmTTkNzDW3ifqZGy9}%?5#Tb)-Aku_Cs6K&)g4Xzmt8$zI&RNSbLxBV_NU}?PFT+
ztbNim_Ac#u@sWD{_AB2XI!$Lkv}bDXh4$SuWiNF42kevbE;drH@7}0gZ{YpVfpiN;
zCP}xDZ(h1ZIrQD0(pR@=Wll>ssOCFbw_ty~7vIt?Rv+%WmRDQ*1E=F2qGhl4Nizm>
zhf#W8ozCHdP0+3sm};S)<YXrETRK>*_D0Y>T8YoA5=?wcr^`WiwRJjg=w9IB4Dq|E
z6Fyn5oDbUbi`FqD$EHF9`CK?J-Hl$6-4-?Xa^XSA6nt8zd62oMd8b^YcXEEJ1^yE+
zM)P1hJm~bJ+z8@D@u6%Ud;-0ED4))62eD6hmi{+E5B1Mn>eIh7_ivzotxpc`i+<XN
zlWnB_=JEgM{EwasF8m|Pudg!d*Mf`vyXIp(y>M-a)Oj-Utyr&><jS^f1J0*X?=U{A
zM|m&ZbA4pr*LhyW^Zxt2Wsx~5oZriPmAx#2o5=nhd-Ta&&EW3o1KeG~dMw*WwvhGP
z(yfz23#cplm(!lwB0pBj|AxM*{)A`s`59|`@m;Hd)p@4z<?>wn{o41B-t(6a`GfZS
zwSTVi8mshW7oU&2SMuPHNZb&x%1+UItcl`B_0!6^Q%4p?{EDHkQ7_sLl96icgs(&7
z^gU<{Z@!_He1G`$p2%#!qCO-&7=M=ZVCme_g=@GICH>h1=7#bEjS8JVn;doI1~sYc
z#V?ZPsvQ&Ui=g})>5ok6Ek824yit2bc^Ce-^p|3L%MYP^AjO!%-68L$&-V5{H=^5d
zHJ{NA{l1(2?d0C_hi8$$CCQkwTJZe*H2ep6uJ)~de|x&$4wX+erqIqy=?iAmdqpq7
z)-tuX&E1qK8D&gK2Vdz=oY(vO4?OS1iTh00YT@}MF@X)CYajp3(&a6OLJNL*==m3x
z-mrK1zC$}MTzjX<J-EawZ|4krh}??nfcf3@{L?txMEhwYE!f^j|L4=se;VDd@yHoC
znWuJ2vU}nDf#6Rtrfkv}i#)y0gFJ5@MjmP4?5qIB8v@}Sla~J`^V$~=)vbNuQ0I<c
z0_QIeWiH=;==rt#4gu$O&gxt6#=!^h;=v4~nRD;U`tSndcq9EpPH#Woih_3u<@@sv
zaJ`#eeNk`u#Zl$G#-cOIw`&}4UDjLvUdogIM6`V)z4<hKDtVs9eH}Gwzx6baR7AC3
zFaSIj{ZE|ck>aTGUh_=&Y5%44&z|PBIZ@^D#h(Gc5$Nm3Gt&D04^St1ZW-jR?DOB<
z?|*f_|7O4cMor)P#uI)26OR(zep<i&byvsHn_cYNxvkib)#wvRpHt2t?iOcFlFX1C
zZT@uNRoPRr-@N38U~Qbfo3r`I(IR`z(jHYFZOJ#f#me96AE&sIjaIt`<2pLFXO*o#
zoL6re#N0iw$tveO%ix)G41LB@Hy@u{g+Z<Y{CR$UYcFVaSy|RH;<1_{@phT$5!#Cr
z9G&dvJx?r^{6TH3d1^=R^?x&CnMK_NsvC*rDkYXHzl{8zw5?oEs;fSt>kD6MCu0!)
zMPx_jXnanb5m%o9S5t%DalZduqxpO*j%@$fzGL3dJ7(ViWA@cYkNL0Eb;jHR9WsGS
z>*pl&C&h?KXY!#l)iBn*jCCTptcs(?x`UV!m5+X=-^w*0A7x~n!<S}S`GDnzT1NcX
zB;q*Kui97qnCi@D9m?T(Av8Gy2fuTl1qW#s4qoVogZp}MkUjto()-}xJJc-zmJB`%
zpnZ;F!O-m#r{(7(y-;u#ga0n}zNAB9cNE2gBgILjgPVBvuhz1ErT?p0&ut&A&#(Hz
zV~NWcDZ1^&*ZBf_$7*X0KDJoe-3OkuPQ){B;u*hSQM{dETonJ(MA`ZHY2(@3Qv325
zFL#-}{pIREWpiBdT^ByOOtD-$d+^J(fzPi~=W(l#gphBM?SGaIae#Jr({8mjj<4a9
zO9-_?hyB2^QT<WZS9W36HPAwMaNu{|PhiZ)Dc{SZ>j$5OKI1L=T-A?0!+Ys7VF3C}
z=tG~W)GdWBY2c-uGY+g1mD&^C<1ziQjHMTb)#h1X_=E++B+(b2CU~EwIVZZtlxAk>
zx#qDCoUI|pK}=~`7V@FKc!M1`r{~f;V-0Uz1$&ZJuW|PcIL{<5H-=}kpu3(m6FV#3
z*-lK;O!gtFRG)8^DQqv!DyB>|emK3~1MWIJ<NZd2FQg}T@ag28-s_xLEiiaXCuQC4
zHR=Up7c|=lEEAyFMBa;c5=t|&I`B_Nzh4AjC6rcV-Ol^nz_1BeRS)@D6jyqCRugcf
z^K2IPr7Un6b_^rWTD3PC;r%A+$zHJD1H0<TUWg+;Vc+Cs4fqBRdgPNWU6AGDT{Av^
z`I;mre#6)VTMV$tmVlSAVSIk^zi?^s7Vjj7oO%AUF?KxQdz|M{JfQZFB)=aUW1aQS
z)){}~>br{HVy+O!XJkA3VP;w&+j*DCyA0l`FMa-ncEvmC;LosRsC^$sAHKOg_AGpJ
zfyFn<yME#h7cmfL=3T#;c8_ugrjrYNI<}zpx{pIk$v$F7h#|4>Q~Y-M{aL;rfM@(9
z`LU9#DP4Ks)VB&g;rki)n7Xu~f$ZNGphF@v(qaSIzvXv;yO&xx$JIhE%>0x{J^0G1
z$9FCDyzph_!Z9OrZX}KlIvU<U_AjVwa2M0Jd2b90WN%Wt@AphGMg_9}mEURnR$U`0
zko^<>L&GVuM+LihQMnwSX3bq_JtJo$bSx$YL+hNL>9?EnN@48X_laSFE{R@bSSe#(
zQhr62#(tkW(EUDhtJss;wFe*j5^#{S5*)ybIcu2@@S)17j{Gj42QRwA){VT&_axRO
zGcN7<JqdgztTn5w*pC$d<NR-9E!wu(xPJQu#s~seuixh$ds$AVQMv4kuItG)Jf@1@
z<(DoSQ!v8o?}cfYQU51+QuwSz$NK{KY@)yM_`cMiNq;7I^nu43_Tiqk`b+lTNq+`;
z?LJ4D6mW@+@4sCzamQFH_~aftf0<w!WK4Oc{6Y5aNBh65_x#@qY}<g*2R!DbOU88a
ze=o2W0;k{=tT9`R>tj7*FRS2LG0!+7IA$WxCh^P~&lgkYXgnF0n*IXzjx{cmap||$
z<@KjsX^hm~#N4sO4jkzzs&S94%kzxgaXI<?N<C?H-(}1Wo`cXx^m&G7iaiqjlm}e%
zvWd8ZQnx)X`{&6&afkFQJ5T-_qx<R{&yKeAtT)W`PxY7Q*0X4xV-s~XCqG1<KarW8
zFwnew!)VTk%*%oAZ_Z#&N{5tviXS6nCK&6Ml;53|LyW29ICsV}_maBiA**y2H!t3p
zj$giOKDl|G=G~83?{rr|m@|qdJgGalYdNQQgtdDi{2T^n#pLsJ!_T$l_hpTNcYU-i
zIjiS;_^yV}|0CbM!i1lhzf*j!(bisTHSr?5d0yf%rkL=eo=aZq`5$<mMp=`+ZasHL
zp6}v$v&vg@pYqHNmH(B>>p3*H%1566JI`fDb_`iHM!tg##xs&{Ywp2A^T5Gz#`i1e
z&mzcNotmZpM_BviAIhh^*2Yr4CBtg@cJtlBx0kzgCCf9(MZevhS~rV5Vv}bJh-s*B
z+5Fo?A9e6=1-$7yj~u@v48L$=5??ijwXDXS1aBtocnUvlDfnFPPOH<MKI7qA;q5cb
z8^J$!XhXw41CL_D)*yRCBgr1gDA8x5dvt_nr)J&V%d@9*4oBZx{fU13`Yt(-S>xf&
z%mMf{vyc9fbguk*a`;*J)o<~u9shFneDcwJt1)Nb*IR=8arjm_V?}52t;UazJv|4!
z$<CO>J+zI)Q!h)Jfv?hJ{ULr0JV};Ij_(0~nbgmb?v4&CzE&BPm29@>{^eQs_u}z`
z^QM>LvmwTjd2u<s;|)p9cOyr15BDOiNx(flYF_C1CipI&XN^`JllZUH&>`qsOI#%v
zkJNh~MIL^UGcVGaPWBA1!*+7^Qaj*1#Q~V~E8VG<?>4^k`Ti^4Eqwo(?+m{G$oGth
zT+c&CS!u;>Ciz{=ixT`FS0Kahv1E9%|HNmQLp*!HlHp_hVg5IdFs3|<4FBmC->Yrp
zZhMbs!fo|%V@eCM`}r-!uLh&!xwQuMljr48^TCnlb;$E&$a6D3aZV<4Lvmd*y^!B#
zy4PP}$@Cb18UJIFl1IiGjW<kZZWBXNk%Ww&hkTlLv3#=NnBT&i<W4%jGZ>TiJZzWW
zxhhv9mr~R1HR<OXUz{;z2Jfps707O8OdEMt9m^Oes?0e5Px)`~|LO93Shte>Ki2yg
zV@il|n!xP+)akXWfN>Qv&!g9_rIe|QTDzR_X$^D6W{!yQdl^$qb>j`#PZh)s7CCsE
z$avMBaG|wOxWPB%_f|i0gPEBW>s_(&PQ&GmtwC40nSChn`drqu>63{Ogx{GDDbtXp
z!pr6^o8DnhT!>uU{zo(x^af{a)fy}RMMu$aJKsB?osYh?_G*0=y$XOmV}$7!e{0>G
zj!fPMzkZs&^nDfIf<yi1Mt(c<k4w=~1grX=2)v31(*Hf~F~ndc`N>n=I|kLil=3H1
z`mU#2$=#b_$)||}$ft>Y<kNoYmY&Oc`ioI#kx!F8RL{+3P1QNbX|cw^t<2*bj~$n~
z#BJcO^TwpJx2QE&x-aYQH0h7h2Q%T99Pp`}ns2jj+(DeEiESWX{vvGbAnRDpGptF-
zv=p8P;prUqZQ5Bcyso4=?y$)A!*9jy@HKM5BsNqsa5KM~sT&79OVEq4qY^)l|3Z0T
zTbR2(+H3<(<!{X)pR3weOz%6uq%uvc)ANY|_!GL&G45xQJVYO){~1|Y<4*wZvB)}~
zNBn`{${?n@hc)OpYo_A8Ex7r9g*9vU<G_qwf1L4YEmK~`7M`2H?gMu6rxk@0&@Ipx
zq&xog)9Cf+pUMj^Jwng^z%$~4{msn94*0SYzKmfmWWtx?N%5x1|Kt(L{*IFyNA4z;
zAQhMkWJ9POzME<P-)RRuXNulQm)6*?W_&86{0<HbuTc)0Z)z^@H1FpLmx;!dOwX7d
zIoNp~_VI+v?Z8p|9dsw^7XJ|Y0vmZRYxpc^Q-Q8rbv?Qdwr^p4AiI$N#kXT0^M47k
zu6eXwOuysNWrPo}_~DaAWed8B#wuMZgLehU?QIWx$7Z-PVv{KoJ-)KY_{Q_y!uU+y
z`_u;Xb;igXEQ*VaaZRM0)faeUFS$tc-TI|RZfGf=aUXky_1|R9>CP!P&jrV7_qaN@
zXB_i0*?&8G=B4m}4?5N&XV%b9kbZOa8<k^HzTI#ib&n$hxJx#rKOSo6I~otN>$ZW1
zrL14#t>4BP(~on9k9h4X)X%|=-XfpC{ork|t5SQ4ecGG~-$%EZi@fK*$`p<`jqe&@
z+y*a)=;uGxZW8p9jD>bN8(ftJ_|EwSw1Y=Gsq2S!7Ok*zHi7?4XlL1vR{{h7tujvg
z(04WUGqDq`GSFA&917@fJN<2^zdmhxfst|awt0;`hCXdF4&f%cO^v~uXt%kZHie^~
zg0pe_?qH7I74aiTH<b*K&a&|w?G@;rr89?XlKaZpuO&Nj_QC<=?1g>g>{C|Vfo%@S
z-^s|xd~C!U`Mw)JKnA!`oWFCnWHh<E8+fMmz&=}&)Wz9`odz^<&X!a&C(}OQY>9lW
z+n`@8XG<pWX>!FpkL)YD9baTV@>4!q=RCvd^Ce!+mvBFbb+*Lk$Ir{z66_zoJ2`t$
z;5mJ^M7q7;vtxkWA?$`o4Di5ubp}4_OxD574PypcTV67nFS2#tna0iw!OQLV%>0zM
z&sg|Eg&UIVyI9BNkJ<N-IVa)a;d6!=+!=<PKS2EcK4SOx6T7dv@^9`zj_SK-n6ZKQ
z5@HB_{sjDW*AoB#xN*t!Z(*0<hZ^xU&Y?bztlS-sP61v@;T6?;4tc$Qav=NN>4EHb
zt_Wlw$O&ZEW20zJDaSXlu>N=Wyvv7pTEE)Yd;BOx!>>)8bLh)s<_s^4_vef>Du=m8
z5=S`FAHerTnUTYRJ%PS*h8UH@OEa=$YxbO%dgp5KDQ(Q-y8}O~>@J;Ye3$VK!yak^
z#^I$GWo?O+tL9tdk1xGAOXnFoI9J=sw-5Nm^FG?nFpTb=nRedI{Yia!dP9=M(=VCn
z7x(9B>zV30{;|JWbqBs9z~Sjyd>qP4dz82y@wDs-+12;54vuyu?-0Mprj{)Bd6K*K
zSp2MYF46zXtIy8QHPB)!IvepM>=pPzd$A`cc~ar&*yr1z?KK0O(UA=)-@45|srW6D
zt-ELRJT-Dg$KhSh!mdgKUinf5uk;a}w+Wu*yiF4N#>U8bn~jn4Hqvd*b{{}5@9#YC
zEWCe-#ru!;qtErd^tp5Z`dr#a=G;SF(cy!9CD#0VE$u8YTy{>n-Hbuizj0z@<u`dB
zd|eLi##Qe*Bp<-mA+GCv>|tfHHso;UQ~({|>GB7%!k)3A2cUZuYrOQi-9I9Jnzdo~
z0epP?uZ5;55g*?5@InbbJLx*t^1GFL-g+pv6`uB{{pL6M6Mo;|HQEpPT;9FyJlndI
zb^aheFXmqUgslxe*SNi{*mHLeHKt3KS;YD_hI&^3`*dI(L*22!dz7`=1ZI=<skVHY
zrO)XMna!X0XBfju*7KG~`?d7dF<$MD-7CFQI{F2`Cp*CuPqWsnL5I*-xW@~dDan66
z@2gMtOx+0l>Srr3c8>oYdA-K$-NbL%sCsA6-bQeuybdkkFeqE2On$tTW8@p}@JzM#
z0OZpU+`D^y8q>1waeufU?m%MSx&M<yXYNlPfVU?1;jP`&Jty9JX2Mx`YsxwCmiX$K
zamKpK*-yWMkK>z@9Fd(cclV6?2kxCwFFv!+-Jvfkju^a;M>k%NpF?LGmVp1IoS8fT
zp7ycMDLx2)6h4j7U5oKU+ja$f0dFqBHppC#t_jcPqZ@8N)iZon#c6+nQ*S=>Swfqc
z&^0HB4iBB!uS@hIf7R}M{_DM;_r;I$9@@$#(V3eXep_|Xo%G+uf1TAB#yN_2fUAf4
zw*kvU_R(ZhC=NH4cdzqZ#XIfstzkWz#aXdCfVBr$TYzUcuvS*wku^MKM4jRGy&2t}
z`0zTb{XljP@TT+sVW&@ER-cQ2LuK9tX5V8rT<-vL4=^f@-l`AG`k&7KR8M@JNqJ<j
zAN|6QedISsa4wHICBLEb9GPpq(;7+s@M-8{I`80jo=Y!_{_nJ_{lkm+Bw-hR^(^hF
zYzH>`5po9H8Y$zn>!+^n0Tvw5&%&&wYFG89lJlnA72_{AZJ$`@e&!=EYORoutc?HD
zJm!v7&~i2VYsettkdi~yGqIJh8@=3L>Srx327ejQMSM{Q4^@e-{9amKo>klp{=jz{
zZT@+0&y?J#cD_bCX?uIDc2wU-J9*GS=L5Cx*AAYw4ha@-XHU_eJBCgh4?NYtqjqjp
z{f@r%*I519^>g{10esouAp<&3=i9+=G<{6U%m63yn@UCovCsD)-?pJUH<f2)-G@vO
zPBicIPBAwf_*4_{w+!U(M@ElyeEz#e^_4YEqa0Z?bpTm2wU4a%Idx~DLuBxQhM`%J
zvp3Qmv?nedt%`l;0J=aNen0Iu2AH=xms0}#is6%N_H*Z!z5d6BwsZa|&ZQg?*z=TE
z{9!I-XVaFSeMT?qP;un^Q>@Ed=i@9^9?xQ3F?I38;BDmpX4WY17upXGCAhdpoagb(
zg)*0S$Mg8Mf$N7mBIln3KfXAweK3k5yiVK$_jvN(*Dr2i7U!Fm)7}C0X5T?py-T|W
z=bK&!p0>gE`6kt!2aoI(O&vY@(F@KZYo}SV_RfAZ_@`bPOdo&-)BDiiHtH4#|M0tF
zTf_sih|^P?Y#U=xoNP1SlB4nyr-Og#OVXk8BRZq%ME~!F`^%YUfji5B`>K9$5ATJW
zyR~UMDlP{dHM<YoQzLMTcSP$Y!0*KOM#HTb4aH^%ZrV)LcnXu2HWb5Gix`&`ufbSd
z@R-`s^8sl`J312=2mRv9F3J+l%3TSZ9rt!^=UpCrxEy=qfMO+RPkgyQnuga;Itwl?
zkF1xG_#}KD-vSS{L)eG-LvA<wjc=gSykX|zBLgStf6ndBYs>9^kuuS_^|d!Xm0SqY
zbDiAx`$lp`h5hah)>@y-)g@mE^L~oAlyz`0`@$}F<tCf92jvgq{$Tv0u8`{JOq#y6
ze^^VIG{ZpOv}2IW2Zztmy%l9Vmu+a3<9yWHv~NB*a*mf+vKT(Ge9ZW9m&IHaH#v6F
zkjdUeV{$cZWYCs>kdZynG_o_}?0tEkkyg3bsvp-|-}K_^iqtEKsz)xnZ1rhAIK(Pz
z4jyxv+73j@ppRPbk>OJuSo78PXOl*H@t^x#-ilUW*Vwl5JbG-!apXAVUB}5)Hw05G
zSQn~qr_aB~c!ewBEPA{Sj-vbiu<@?8<HWODjI8Ntz--gerjOS<7J7Rsr9*2yF5rEK
zkNg6}XhUm@hTiybBXepz7Eh>5S)>f|b(;Jn=7{q~F5#JPlc#bo>qDliX|CFc;Y_jr
zyuee%@EGw3MH%NAqkLX`=irv-Pnv@`yN?|fi(IaN@2Vnv$FqZyEArE|dAt@3YR`cu
zlQ{;Dc8SjnquPp<nq?46&VLj8zJqaUT?JR&2LCl)#%-00VZ6nRw}!H^*9(DLzQ7p9
zSj-rm=jA+?+>T*v%lTc**!D5D5Mx_L&brx*t4i@T*ax#1SJhynayjGT`I8qaPKI$w
zhtoN#*BRSxjg9q#=hhi3jZJkX@@xS<i2aQ3g-`x+Os&g|nM8jVx+c}d6MsYb5ml~9
z74cslGr7YP@1IS*Oqah-xX6siS&dbA(0Dc0{xOqVdzx-A-OYD$#;!s*<LqYWYR1;$
zdIX=7?rS&vy02C5H}U=+_(kt(-Npu;O}(75iywO&{3rQ!)?2#J-)JK^gFWj(#!kr?
z+174sER`941<w;(7jnM*(l*U6BcR`R%6G+g<tElu+1RffeRx-O`8}`hqr7|qx=X3L
zeA=tRjn4h3jLCQP{dd3mHf1*RslI>etG#8xo!%Y3oc`1Yyd__|`jDK}yY<xhEg$V2
zM)&yxp7pj9>C-;f*EdGAXN!k3>|SDeVu<O9CBI1=F{JUtqb6|IiMu`-UX+cZJMwyZ
zxC1N&o=dI1;Wlz)n+EaDi^(U<vr;!X-Kwi^(4L3SHT<B#-E_^TjNmr|?iKR+wU9HM
zd%)_ukuN_%zKlg4HM@=O&fB;vopU5^@E|{68SP9Y7U*qoRLz}$TiI(c<Fckp?-jm}
z;V*6z4!oQ*B+kBl3;B)7^(=n5A0LP4<@+N0GR#MvhadMyQ$v_C$^}ymJhuT)^<%E^
zVfw6HbZdACcR#n!G3u3r8UIGzWZu{EjJ=YBsqAxcZ*E;Jxy=>NW_kh}YLTtphlbD5
z-KiPS-g|u#@@1?oS5LYsTcBCT93xw2@@2yjFu3seEk^d;{6DPRGwKf>ON-+UbJ|Ad
z?An4p+>sLKZel;>ZTx3#w;A<+)t$kV|2=e-jP&IOD!oa@<mc!!=An^uw8q5o=`1#~
z3s`Gnua27>cj1u9o%G#xGrmIlTuGnc5nowarQ+mb9*VQ-b@Hx&H6}Ky{9BT94-J{4
zHRVR?b<&2$v5V)9Oj#WzQzjulSLj_tuCzzqNv_OBZZ79tm^`4wx28zONWLuPon%ZQ
zGUkPMhxW>tneP&R7bRo%b03%Fj3r}SDRt2@ru~2&TPNA$$e39?8%W0NcTcMORr$a&
zrjYg>ep-z^G#@yR{3$oM)t$7%oM#+d4ZaNE_*0I1MF;1Wye>YRd-8HmN*R0$-MS?^
z4)bn>*I0iuv{uY^t7O1Ku7kDULwZFAe5JXrJNT5l-+X90Ibp8a6$AWr!qwowlf{Dr
zhbmml8gz#*XH|E^@(H<J^}1KE<;J+i3d*|pJ)4{udDjGHKgy?qy^_KjSAFgy?bkLx
z(spe+^CgXM<JE(=x{R-UHwHKv2m8P#dFxztHN4MZ4cP`<8do>tDj}{L|5UfeE!flG
zU1G^Y@HywGIJ3xkD#Mjn_chA4@OwRTSmhFVCi!z0cyMrV7q&<;<5d0V=j*UbWb5fX
zy>PV-ef0=@z0sX$t!K@T-x^*-`%TEk)xg+B8OZ{jjnN!kNKR<v7WUY+$fawLPqUFz
zvyfMX#9tMVJJ4h4k*ecT|J0YfUJ>a>?Wiy5J?iVL{rXZLC3YX7`?~GB&cnqn`Z|5r
zdGhSjIq>BVEORIK$$@_}Iqml%yA-#b&;C^%xY|eV`xhejF;w6eR{nb@_k9(5xt;eu
zuIqE;Cl9k8X@9MS^~D^TYTd^W3rsd1ke!mP@WwH>w=v1%<xU1O)PXF!gt1gXj}GY4
z1}(G}$)4Qq9<`&w?XA;Yi2L}?Bp<x=_3E1M&bYm%IJ~^Z7uLOqqTy3>13}s)x6-Jt
zRpf_X8Dn%egR53>H7?S==<*&g+Utj%L&UjjVZ`vW-L;Syx~r6P3Y=HbT?^;`>XdZ*
zmzMA`znt5hS(XcLq1U^N4O-LnPS1xh&sq)Nn|A(!e)kcO$MUde5bL?e%Bv#(yVuox
zgYQ8jxN*z*_q8lO|J7hsPH^Mf=Vy)Q3}kzqD`<?azTs7JL33^{)Q((TbDObq)|ZSG
z_kvUT6n}4xD<yQrmyH$jgZzcE_wa6O9(VV0zQuvd1TK?(EbBk8^WVw|fZV|@Ob&UM
zUzLUKG2O#l72UR66zJZ}*_gb2<2Xx0zE?hP{1dTUgN(`@=m)^#e+!-=Rx<RjJWpdT
zY7JGsdBtD*X|J62CPdovTo~P+?uJVZ{fv5??|Eas&IFYXt<O6=qrMuPY{3WnH^%ZG
zz{R4?{7DG~DZ7<&=6RFrGe@8Uf8WMUWk1{u8UQzkd8Rg=j>1i?*O<DF+}cOx7#5C;
zd8f6%-DBhU&~3(wySPW;?jc6^Z!H|7S6S^Oh905p-Mni7$KdlEam-!v{c!voI9|m0
zpuEHGUL4;Wg=6NbUonjAV~4)%;Fx{|=h<+4y1gXEk{r72EI599h;W<)juS)ITR2V%
zeU`G(c@wN0apX)8e=C0b_l#RKR{ySaSAB`*#wAx;xl1aS_N<x)?Swyc%+NIE4mR*h
z*uXEP{|(!>Bez@6wLia~b|i<q@L7i^kgeaP@X9NOF*S*2ZN!I9q|8m0jgu7mCBKL9
zJf4qi0r}Ts_^6)ROyj+t$^T?OOAd|YnfO@$MXM_4_&a3z-N0YPytxs1FWEXVd<y<b
z3RPINO$x<R&nc7C(}T=N3VkW^ZV2yG=X~l!-=}97f$lWq_1oy`?XgBsIM~B{K?nE$
z2jBn6_piQU-=AYBhxlT9udh!V_>4ZRjh_wBMh5v|(u~$CO%uJ=sJ=4i1b0^&tnVjW
zL0=;G$nwspu9=ZfIg|gz$eLoxmIAYx${ii_+aX#k_k_zS!@AyG$XGJCpQ8gg<y&rq
zp-p!cb*inl9+}ZZ8{!Go@BggFGZ=k5f%R<|>)deGyAiBKBhkl41y3&a)Z>52mi&`l
zqdQYXAKjP3`HQK@tn6*$jrygm2k0l21+FCxmm{~9jFde&rmK~;Nzdiu9Q*F~ZwRo?
zOUFQmU;F+X-P>-g<=&1B9{ijgx4G)~Y%%Kp1})kxS&|gG^7q`84R5{5Jt=L}RbG(*
zbNh(|=sF>wbz@yBcv+_Z$fs9(de*n;epK$>Rk_D_-Z67#c1JS%UbH`VCiz4DfX@f`
ze87i4%|8!acpQAE`u9^lOsvDtPV}rBO*`Z06C$n4m_U5w$>ObkY|xmKv0I-fMgYBL
zojH@UYNv)yBc{K*g1YaZ(`8UccifujL-zUI(V>{3y622LG|7v8L}i$FTir%>^##aS
zaM!`OHRiYBUD*y>(8ZA>FLit>(5<_FbmvbgKHJWTGlTmX_klTq4RxE@Z>aJF_c5;h
z6NU!6zCSp)ce>GiV6m~G7Cr2R!B(DL*5UZQv5b2YYb?3vmzs=~`IKF?*~pg7N(@8S
zZM<9V-QMuR4`UiL7ETIRaS!>v=dTWS?fP_Ze-8aE4s6i9xeK^UiM%u2Q<l5JJyk=3
z7s7iNjW9O+3jSNhoV^|VRMFqONMD-YP54>u_IJ>JY@_tG0{ZaLhwxAe9Fh~&{qALs
zzPCvBmIr^G>=@znFtDKKt$PaDa1-aH55L^AN_!OVO@{W9jqdk==kRpiQD#5y25NiJ
zp@(*vnp5$dW4GEKWwotbS?3N<qz-VsOka0J;CaJ=C&G&sJlq2+c(#2+cn)7ThxvE|
z^YVJ;=VzIx*P(}AOFp&1mYmld{3EiGIX~6nt2`rHyzbEWnYV1d{OYz-tG>eLF!M?J
zY9j0ZO72X58kpCEuNLNUe;)5d{<iR5GW9e+Cxvd}JbEqt(&w~l=F$t~J(ipe@qL&z
z?52~<L*{`qU;kO}!K>zLA~<i3lwa3xzBX9TM}>ZL^wg>=fc0`dJ&Ok+pW+yIJmXIQ
z55vI6aOBen&Y5~Fo5hQ4F<i!4Z#pt%s3(}ry%8PcJ$dCyW1ZxR<QMUip%nIdO#HiV
zKW7B@poeQclg-->Y=VCe^6jQSomzEN^Nw-9LN240`JDZk!5N@r^fUY*Ey>0PbjYG)
z*3TAr9v@FvIeCy;Mg}$nRhIXeR~S>@$|JU)_bzPs0`#~v*H^!5d@e1)$hzdBSmT28
ztMFUZGEeX|U2nQvOXVBO!LQc=4B)jW!`#+jKI&~;3LJ$COT&K7&J`kC_d++F6H~k)
z`y)HG{>~Z^*ihwiRg_@MtIT#}#VqDO&$`mkrK`}zH3t`Xw>8wQ^)^;vH?*RQYi)Mw
zqBmQ0_d=uSx)m<(Qk7Rby36*_ZFUX=gPaswHwUuAw+srF;-fH_L&x!pZ<9QOzfNe4
zdejIvVQ0MT@rB#z|54&Z75}My4ClFV32_9jaXX497za<_*QueLiOnE>%Li|zi`YjU
zeBPa{$~%RfQ+p9Kg@?6{G%x<AwauPqXS{c@(cN>Ku|YBgKTY>s#$VJk^QqcX5ACYG
zL~F;G&@NyT-<xrXb;bBv+7=H9cH|h{JLpe#MmutU59NN1AL|>$3%_>-c8SNe^HJi3
zTfYBbP<t{Z*sGyWJsjK-NBq6ZTjx()@tc^$b%$aSf6M3aAwRZu;mJ?$G8dMI3%(cI
zn30~+C_P6u=4xWF*6{f^@`B6+55hs`#n@Rc`J~Y8PqO|4yVna3FaEa~#^CBJJCVKK
z5eE07+!}`Weu%vh);$R??|Lw}k>9o0T_$#(V#_=e@Bt1DbeF&{TN!H$Wk#iQM!+cp
z&%C^NT-bz;_#qCqrL#8ktex+zj3*A5)K3QI5`&&w!;0t0V0<RyTfg`VVUsbACC<lW
zoTXJ;8&eo(%l-F;w^28Sd3E%FxA70-V;Xg?p<rlkxN`*SW{pj|YVK>#5IuS3N8WZK
z7pJhMP8=NAu*4nMpuM;UYnC=NdAwa-?ls4+=+|8Jr~kNd;zK`f+&hu{m1PxS=H0qZ
z{MW*(8~$DcuWEjazMtW~Lo0?M^8YdJ#eDy{tAkbWpL}VfTw`}sjpvMH6o1uXPjpPg
zF5ue>tU2&m0G&lX7cb8Q=PTeO6WeRIoBb-{1q3hiZp0FNxgGGGcrlvy=D>S*pPKnp
z3%pl4PP{iNGzEIdpJ~P=)uGq+<GoaPZ!EkwDs&0Fm+Bc+7l!x5b0O&POYl1p-jh9F
z@sQ=4+1cf(YbYc?vF!Ryj7NO>r$NSw=O;cKR6X|M>%_0s@Jc2$^g=@~^z%Zy0&)ar
zT0B}779VE@Z9Y}3f%vq2rmKDhXM^NFc>w&j0h{1|iaq{X#_nb8qLaqo30|e|Xs)hg
z{dIVHD(kxZG#`Pt>&4qYJ<+rNKWPUW?FrfDCbA6qC>!_*)3Je(!R!|l1&Hg717B&#
z#ZqiCb3;PCv3m0i_oIQe9#`v?n(IdMq8aW-jI|#0Z1Orhu?PD&4Y(G=Tc4zUdicWn
zyygqhIY)&~ystHEROo$t-@yqF2gUQzb6_C;*StA;fII(~2jbUl<5L>bz(qAMZRNKS
zZ*>1hY|pCb_O5WH)=A$yf&X>o--b?)e&@`$kJ1<GUT<I92k1-vw0OQ4-VUs<f@9+P
zyE5UWOz!m5`qAlG(vZpA$hp*W(9_1*Rb=n0w4*v^y0Npxb6)uPDSVa47Rilyf9)wM
z#TISxoFA^j&(+L2RPtCL{5*A<@af2R6MXK$Am<`2A6O=B#E`?fAiiL`8SkxAd(ECN
zgr%Q<mpbEqE}Ly!sFC02(a+)Qu4jG!EbIJrtoPTl?q7qxGdqYLVCg&3aq#VD8~7Z2
z@TKoTSJ2{*ApFAGZer_T$3B4_`$YN+*s-q$y04_1Y}9?X+24ElmVGMOZ10O;mx8C}
zcw^l+BF{R|A7wXpfM3i1#hkno7-M<wysKrdJMSuZC%>a?Sd)+HHd=MZhQ7o*=^E-!
z>%87+uD!@SlWuj-;Zv3`Lvmd>EP=m6@L>PBo4~xjhWWdVPYZKc^Z54rOT%~EZ_nj8
zcrb?foVg*k@#d*<jnl4-YuxST%rG?iMuJ(_#`;;JIZZyK9AGMCtvI%Z_1bOj@NLRD
zn2RjA_whhjbylMv2%g^cgEdBL4r^DD)|iW_|6yxPGwo@OS<ScRif}U!?~J3ZkHR}`
z=%u0;yuV&}{6Ykep8$_u+S0oKzJMY6&3ghyEIg0nz3u07!&e^otDnDbu~DD+r9e>j
z?Nm=<R|#jkHb&Nr408EP&TWN9dU}i?G0^f!ta}AnzZF^EGE%ZWDYPNR_Dh*@$#rdu
z*=wTQ81@oH_n$sygpb4;-7C<wn}{{6);SGu>0cfQmjkcjJ;Xar#0AY7+Ay~Y+qvue
zoEQAz(uTs%SA@&yZ+23kJC3sGZQT{x=Oqqp6SQh#Zszi>cqHx3vG?A^`H~_p<vXEy
z4CT=cvx_M&I_FS+E4HsUJ<vUN6X#fn4cETIM*R0%&?ApB-+zqX`3U0+;?we<d}tSU
zp{+OZEytY9V-MQf#d)!Y7~|BF#qqUWrg7rQ88x*HC+MrT=b>F&*`ug_@1b3HgAc8J
zqP=1clZGYLjT<(uu7`C{_;?;zWP8i^wFevcj%@de@b8V_3GnvjQOSnn&<fgkS?dch
zbpoS<|I(X`U>Wx4SlX_7*a%kfI|=>x$H3eHO*+Ku$n*pAdsZn%H3=QnDJNQ8OS|&Z
znsF(08-WM?E?7z%woa(rrLqZ<LWRKeraP(b9_*}Wf1B<IJaLD8*PL>d%E#igFMW6#
z?F(ivxetJ`yW|2J-VSsuOK!jmU!+VIV{1bn`Z;i-hrcBM_1FIWRPXN!ev2<8KT6>j
z`Cu~Og;L;AJH381`m*LX?S6)KWz!VD2hY#6@3=g1#{hSCY=P$&1cEw?dM`ZRoFe_p
zzRR>H!uzEW-p?N`-naK;p=tNc!0;ZpE|sq16aS}#y1hNC<Wn}|M#2B~UhO#e|9xQ6
z9C#0!AH(*t=fK#mv?QZQcKkx*&O-P)481hY>gmtU<qU0Q2mGJ<@-q$Dx0HrA(BI|E
z?TzGgSaVrJgY>^N*>CX3!7TP!Pm$Zjlhl>YJW%|Id;&htsIF%8w$aqf;obPjD;xGu
z&qY1)*4xwrXH%+;@U+SFt8>j0v@e29I2PP=Br-3k+rzw|zoPen|9#dHjp0+255tdp
z+^IWmKEWNuk$JK`N%JK2tn(zBd6LaoGMFcO$jzQX`84KA2;A*~hQ}lGMdyca9+pz~
z`C;6h!QQg^uCwOL7<e-^^v}R9SdQ;@1-r4G?z8wkHMEs>%D`#oVab$HmP|pG99%l|
z*}28Yl)aWrVcq|HdAJNXCL$wZ!M#5sBMKujr79v*6r*Cxlu=!QLmw<t@(<cFWt3z}
z+-clt&sDhU23OOu%^X~X;yxHxSAeVc8CNN|s*N?)mw=}d#@8Q5w+tIwmxEm={<39?
zjiWu-BXhx%aP)o@j;d%wxVu$6Qia_Jf38Ar>*Z%_Z6_vt9&;GDJK=%7=(-O7=YP=%
z7I>L|ylYii_@SION5K=)eN&kKPP>{HlX<6gU-O~|Sz~yNph=&$tdZ|uvL+>TF|e+8
zr_?3E7ya)OIdMnie&m_9ta%T3qUFsP`Y;_?!`_-?nfBQaQ?3d5*u;OyrQwlsz}j6+
zxmupTE*W$icWW|UeXr&lS@eWt(X4;7WRdkdKkE0@{ElV3F?_syO!|>*Dut&y;ZNfC
zE%~H*@8Y9(!j~nZz}NY}AsIF8koG|bKHHUnzbJF<qrdTf^|eFZ+`k-(tvqi|%*m2n
z71*|&KYfpV?3nEp?1y6WY){5FUijLq?S=d=e64W1<e2OL?U%j+Os($IJ{T`Pn4E|o
zMRR34XTiemn59z|-WOhnUNIVYQ~C6;->DoO@}KODd9&eje@SjEr+g9RQ1;fTjWx)N
zZPb_jxfC6%Shg3j^D8KK7~WlqAE?-sV);<GXJ%<J`99=-;f|em=W;LkT*_>Dv1e5Y
z|6R|rPuUh%pJwE|`FZ@lY25Mc!vE=pZl?T|UfZwSLfgnk3*RZt(3<?KCF29H;U}nf
zxh8z~Cf32t?g`&@o8!+9q@|z#b9@(CJ51oFjCFq*He7c;Fy{b|V$+uZyX?kh#v|Ah
z-|tx`AC~TgPeZTIAtp&@xcuHX8w$Rc+$fo#du6ujewt5lPmbH%+cC6hOj>H%`57+L
zzx8<4%U&b%yV6C{*>~1jT!?S`9@<nLm7fP(sjifz4s7}F_pF!9@^YuU;Dd39f4~l0
zn1#PXwhVrEY=7Y!n|yCB^*OJ;G%-Re`Nc#pr#<!{*Y5*P?T5<7?SO`<(6IOYv7YtH
zZJ>B7(b&t_GFB%yT7AZwb?RTZO=nIEw^lA$csBZ6Qgp5h@!N0VHPQ6i0ca|ET6Byj
z?x3GvTlo3L!BeYFY|(spEht^l$<vpC{8!uafUyWzv_>k%EXOeSR$FTVcch~~XpU+B
zOz{n!)^qu`1aBVg=?>H_Eg94uk8i-?nT^m;JR`ap&}$1gZH}5NCUZr$pDA1u?_`c>
z{bMFDbPz+Ik<Qs26M1$?Z9@}zZC#hFXvi^=x@0Fr_bJ_|2Kb`OxaCu1%+ci}Cv;a*
z|Ck7keG~q`dzmB0*b~v%iGf*nWbK*r<|gJ%Yk5hy1|NU_d855T^t|pP(C9w!q&EIG
zKpU#>X035(W$zIvW-Es{Ut&(sy~HCq3o|sI*#AoGTFiL%GM;>RS9x!$!J!vk?eF)^
z2lvb1-%MBBQt7UD(GLFl?jqy~I^DaXpZQF#=H|NB27oP}@fl?$;WcOMVc7d4RlxRH
z+RXtb@$@9`ZyT0;FR^g}{VZLW8IHlP663Y~$eVdz2Q1QMI*6&(J3qcJ+XrmdUqJo3
zwTX@LBeyaC)sAw}J-)Cad@V5RE{V0&TPvPNKK+2tZr3pDF3x!7&+U}2IQY=6wfOK<
zZaL4?MjijLX}T3NR=aRwSpDk`THW>Kz_OkBPRvsGGFR-<Ci)M6W3{LF?;k8&5WbH7
z_j4BIb=rNA{;#9&H~92$--XI1(Eisbzl{E0FIy0{%0*y$f&WYSEuT{hds24)aUq=_
z(;d>fm&%Dd5&tGLFO#gf`IDgZ*@1GBne07?SIuW!2e&}yyY>Wvr6bWT@R4Y~iEk8p
zlTIw5cyWp5sd9+mlfk!E4_)eW(ADzS*EX0ZbDv5=Cnw*`j;9mM9j(@UK5ds=GR<wp
zJiLW%QkyWku5^zPd;mH=pg!qK{24<Ys?V!!mv=|buq9pdi61de)exIaZUXGjc=jgA
z8{55_HD7Zv55K8k?hmi>nmF*bU>_1o*kxh|nn_I!UTni{qlw1?$I_`sa~Ib!_K3{5
z(RDGv?=_O^TCpo;0Y|DUrmmcFv8>-ZN46Zi6s8*o#S_-OJv^TW-SQYm2JH(MW9TCv
z{g1ts^*1vorBCgqeaSkF<<I<<9k&u3<aow(J%j!<5BbxAf2sg~u6*QY;P%MFyG-uo
zUXSnNI5wV-bCoxJ(+KBsW~>Cf-Gyy=|5seWv=PR7Kd@|}k7zu7k9F)5JnxT(C6tfG
z!}@-Bs3sTsN5O+7uh7x%yTBD(34hCOeS<ddW35i{ur~3HpRQiIUjH*h(r=yfL*%Hj
z=#>gCP2m!~+W?o#1>gHs7A|DBC2{_HbX+R&(21c}cqd*u48Egrgde`>$IOwVz+!%@
zIK1_7U$_*Rbp+arx7*Mk6a(jij><nVpLHXHycQoshnqd7@=|pjrLSiA{HWW#L%h^Z
zANNc}f9Lss(5Eww(Tqd(Q_Eo6cDe;vGs#1fDc)lo`LvZB=VdIT>so==3lIE}^IjS7
z-ZuO%duh9iwii4ake~A)F{J4CoP~<;pBvihE=uA1F4`6jenI~lV>Ex1U}K#P?_U|B
zJQrrDBtpNbhkDjOMH`M@eK)ei`F&^9?>qRd^<8pAI4Gij+4%bJiG1H>@j_zg8s2H%
ze)%0+hvq`0?r^ai+2vu6bdZ&cH#IF6pO$jN5R(plSVxQQxhW6~qT8ZlomKWEgG0%l
zANR^0#epSZrzD3)KohM~VRv#}OGNgh0UQ3IK60T9`lMKLA;ppl2M0THAqlyVQrC)%
z9B4kQJ&Rnphq>wC^JxnQ$)PxKp!rbCyKZ>iJY!y*&Yy7dfnQiTh@<Ipl>O?1(4~a^
z0ogmlEE#{M4q_I`H)!KgezFqrDfpPixbM3lH|S$u#Nu^q|ABZt1$pikUt-g@Quoa$
z9)E3$dxgee^6s8BMlhW=(V+*#rOwAn22O+5zXLv#@ilsB*94!<;L{JUZzIOC5WMez
z*Y`oMv*FW{FLUurjXy14UZqXx=)&h#V$n6XnIk*pZyIP_)cvU?kv5V}^{kg&;NbFS
zo9!6aWAJ5kj4OKF8`9&r^Vy0ik{-6`c}tgjBiaUXbh)$HK+(3LX&T+K4NYuB$wb+Q
z%FAwI|Hbf~|60EF+vHnx)N@~&5tOV`p6f}9f#<nkQq0EhIQuNPzAyk>(hnWo@U$Lp
z$Aj4IC85{aI>a$c4*%TZyTO}?!Jv;_w6C_W{uphSA2_w@y;kA%^d0VsUC58i4g0Z`
zW3ZKDu$8@0xKO_Ly}}3kKIj75Gb~)hG}^dug<L!rT)EZ0@a5p44cKHe2~W0;e)<l?
zTKJ)yj}aBqVA<2y2(|Dv`Db@xk1v(Xk}WJ9be4B(LwV3_tb?a2*dMQ>{Ze$cQuN*=
z%5_151?bHS`2P)L@iNNQE%b+FYi|cvh5v`WcaM*%I`_EuWVlQc?zwT(1X3jl3ROfB
z4P_F%1kh>&-mOIGsR7g~Xpwp$n4UJ=)KQcQJtaU-%?zL@ghJcX1o4~(?}$}<+8zdI
z>m>0C0cKQ~_xoFW?_`L9+RJ%A=ly)%Kjt&D*Q~wPv(|dnv!45c2b9iQ?Za>Hp6v0R
z(EcRaFQ9$lY-;b6C2FH4L2j$j9TBW?Vs3OdS9x+b<Vj@WQ}}4?_TZzT@yJJ`5*Xy4
z;lV${;K2NwqfPLslP&mo^Z_q$-jI82w~z7pDDTzIzj|61LT`J)pUUq_=cDwuZv3U{
z*D%&p>WkObymk0&c+8y^sk|$@uk16TS-xJZLr#a>pU?Zlk>y;u|EIJec_p!*3D|P-
zfUgCa9eKZ9W-mi#&x@TXv)@GS_s;Kkb(bx=@i)?aw!fNiMm}r3nJ;u2C+z1_`*md*
zzpfRmq5QfY4B38Nu6)$S*ye(FSA#qA_^+$BZ#juf)YV=b&K??O_EFb4Sn?Q84nCCP
zC$u+2U#tY5&G^HfX!iX{K|gg|AMtQf)%Y^rlYdI0|E3QgrK&#F#Z^73#@7tDwpXeS
z>qMHJpNL+h!FMa?Y32|8QRQ(d0f!QG3_91`vrDn%N6>3p;7=3tQOA5JC#CSG37@K7
z%)5NV2eF^>z3dy#WcIVU!(KKfl^0Mx9UK#{y^A)2w4wj-b%^b9+7MmOqpoDa=}sF3
z{BB0}QaN#k1{c*vkTp|3CG=Cr9<E*M$FDXsq`g{~f}g~T$5-rlNavRAXSJO1z8#Yt
zBr`O$TYSaK;Ij0i+GG0uF7W8T4F0Paj%}9bO!ilQo>jgT7^~<LeL{?})gR$^CVIQd
zBytE7Pbj`E=Y!)bx>H~OU5$SGUVPQ`uI3jVz_fJi8Uyjk*#cg%CSCf!iJk~%SMR3Z
zPkw%Uh1&422gCgTUF5q~ud$~VmEq%A!8!gO&w?TTzHE-C_OUIq$cKy#!u8t+zthY7
z{-R0fa#JdlkK4|>F8|sh<~$i0Q*$(dJO>ssTsAuWHshn~2}%Dp7+lL?eO+JMPaR*|
zPhDTz>O^1LOyg62%PZJzz_Fiq^0lqkICAaz&tm?cGvmq%!T+D&YrCHE$P9dK$ybEk
zCr~ue3ViQ1Y{bUbc2Fl@+bsOQWG5OD!sla46hFkzn8zq<?92V)I_wf|mfF6yVcL6?
zcjasAV~nyLcC5|7&}i01bzNUu>FsJ?K&DKxivF4}WhL*;hsUXOd?_nS@ug%eWsKt~
z`uk`2PWA-88v3CR<2(6HGoR_98~E<Zck(Lz@65k^C%@s;@9aA{#gwOoW`J*hkM3~g
zH~(+z4(9;hm(v|~@I*R?@a^9sxhL=Q2ll`N)K_snypd%4K1dJ9IzVT9q0cD$QhGgX
zS|`=(L9<=Gp6ntO;I#C5e)>2-`~SaQ?w_HT>)=CO8Dm|8En{@n8RxNI66J&ci?*XA
z^l_bSM~&#9mV-NO;LXWwM;5k&)4{1a>iw;Dpqadr*U1iaDflWoPziC&t{te#u>);^
zMlXU#_-ERI-Z^f|n64eDg!5Q-AQv{*4wM3)v6wxS?y>%68<5*p1RIcYgmkt6wf~O|
zNV=uJ-3IhU9kDGhrH9`0==@I$#alT4ck15uZo$JNB|rB-C*uk1dS+?)tWnF#o3QIm
zy5pHSEw65z6PaNZH9zjz){<>)C)TJ)@q_Opi$!Mmi`1^@n9dFPH@!~#Z{eG;1D`MT
zvmd_XtaI>(q%7G=dl^~jxklpIE71eUCXoz}GX?*j1v|*21do=FEHxQ@vv@b~$H-~Y
z9b8VGAUR%@H#mvsW^X|VLB!-_LAF?OTfhozB!6NnI`@sL=jqdm?smJM^;>WTb|AiW
z|LsQdU)@3bOZ!{9pQT=$_9ntFO=7%fdHPK8(Wmt7*`Bmk3w)QqhHx<7{GU4IL;8Gm
z*I7%Rz1Y8P(F6X+U!&j2wA+guW>aXlfqs|n7!?@K{`r`_&@Y8NnscmA9%5|$sMGJw
zQKW^m()%4R-J@7$;sXQy@z2<ITDPxXnUcI@^oI{THlW-Je2gBr%F}O&c%_Ye_v^=f
zz28tgPTx@J!wWWcTfSgpIehD|9L82f{`}=@zh1k1or!<8zQ2a}=jXmYA*pX`Uu<NJ
z^!*(04&d%A!FR>i`VWy!XcS}G<w<^-SeosN=Fi*~MDGx<p42+I|B{uGkENfCdy+>=
zZY*Q|m19@AhO?QoT*`7heN)@6xCH!>3~&)K$R6Wsq<3;@-@+I258#7v#KJdoAisAh
z_EL8O{%&l*nzVELupK*!hxhhx91A}bMi-O43EswAHQv*>u$Uak8)frX92}Q8u9&IV
zBXBHSy`wn)Ib?KX=Zc4_it|g9FTsl4%>TD2PH>Cg_*V-5<g<N%ex(x^JlhiBX|w)*
zcz*B?z|#N>lH2+iT(jdA%g7ZVU(h%(WuV{Df2t$7BjUB|_~Jds@gMwnTIea-5YOM6
zeXM<`y6i#Z3uFSyv=`r}Ej@SBUdI>v*nOVhVf-7~uJ8trO;p|#@@W55x<gMW^;pRs
z`1Lt?84Fj=^ekQ(8DYmC&iTvn75Fo55snR92;At76t{ltzLFqqn)Np4-TQq47hM-$
zF~KLEAN~gXP~X1+PR;xEd`mWvJ}V#E(Y{vi+rF@pN#;{Ww(tqW2Crd{>;0coruNjv
zq=Ys^SEl{>_=@&+e&w!tM(9@Ooo>z?s_n}u+r>xvYqgj7-zAj4z(@UUZ$7@F^j9uz
z>>fNc#)=)A=rMN>nQ`9PHxS9S0>8PBxKwi|Uq(PaayQOJe=OM<nL9$9UpTdDd^RzZ
zIs<EGSiARClk;P?jl*@wceU03(<Kf^s%;)z@q+iWevw?~8UK`fc}CZ{$@huvQ(Oto
zE4J*|eHXXyJ-x5}RtGMacflp$OEu$Co42}c#(SQxIZ$2Iix4j;ADHO|XVOCRsGpc$
zN_)?jL$2rF+IB?kxn#yBx?h1l>l@B{%gG&}{tg+vzzcO#taw)3t5~TNd=gXfZS95a
zvNv{sKG*^J63dws2)^<#`D43rjwqg8d1^eN8fa7Sm5p;2-|;X$-9rn5X+yV#rVhQg
zVeZhvI_7f?`1}{{kFN9HSST23@eBVdFa*~<7_4|9iF_r=FE_uJ^t|-l!Ka=&=z+H7
zaW}oue;|i$ZGA9U>;2kB{KdB+TWu=3wIsGzcQRq~oOcVjzQF&O_Fge~@%CEfj~Lv_
zoe9$-2c#>=4E@Igti^(g$A)+YhQgGs10LH3kwv_2nvq@qf*jc_o#hByP8|y0*VD`s
zv7C}qiCc<iTQLj2OAqC;_eQ9@&+7>`!D9_Yrj`uwX`DTdFZz!Y-l^jMHp*oWQhmjH
z;0tlrj!gCq>)1?tdB~wn=noCfxN!=-t-H?RZ1Mq%Vxe3a^%i`p4)E;C`lUCf1^zP1
zj?-VyUW^b!ZgIYaiBWrt@-Vj9FgETQBkPhYAN`+v5I(2xefSD?v^O-Qw)XJOpMh~7
z^#29y85Pj`+)QE}Zc7f7R-8_(!_d%<kJy8}-$>m$a4HWQ7Jdrz;R*UDcem#M8}n0n
z=9FMI`k@N+3(^(M!uNvDrpb(NGVw6enS)mt-}?0r2C-AT>^*kT<HCb7PpYwf2p53u
z<8I(XX<c8|(#}b+-Wh8vV}(An$ICxOxgS|==I|*&wW)XYp74u%N=^HD;F$VQ+iF+(
zCDFPkdDk7UJI)-&J%hYIZp{4mHD>5jHFbr<wXACzYx4kWt9^ujalPUa8oWcJe*T+B
zc`dO&75uIxer+z#ZC6~ue)>B5>T>qiW$d#l#3oFJK6f+p*@AWohh_o$<UmotPaI0~
z#)r$b_kD^FS+-%$dB7Eahg>)Ccg<<uZQ-<siiOvrTQARY&R%dcT)nePy46mH6V6`U
z$Jq@$6ipJouusQrL5Cszt7y?hz%)(gp7smBMVqzfRQD#{lTC5&FPI0O6X)i9>UN%+
zD(2&>lxshj`pl8eEzObI6rFHjFtp+fwE?b;kBH8l{4Te+H<i3so>0u&BT&N}<u6-W
z{^udSAo1X_1Ku9N{Zkd+-lHf#&AK<<w?|QAU3d7E9)Yhzn<Cyzj6Nm&GP*JPi>$l2
zsAa@8!B*<r=J7x8p1C#X&vfP<+RQ#4F)$d0rmGF^TUlP!)7igH+)+&z`}uw1GSqf+
zgUJK&ap|@JihG}<`=DL?_R`0}v+eyn8ysit3&=?U{%3^3lsB@MPu7O$n$AqMv5&fI
zoIN~jIk`62yV}bW`v|Agp?hhe*FUt+($}c#j@cb+cwI^G7RKtKtr_6sjQjfqUWC@q
zK+pGhH!D3v+mkOI3r~&icjMA>A3U_=koba(V0^O`YgkYmH1qwqwXGn{ipIzFC~6>f
zCp^v{iyY`?=6)@-xS09ZzA^iR_`=|E(a?_d_;;QU?VTE2Kun1rKkT7a^fCE^UU;#!
zt@&AOJ<$BPVqTCng=<Gxk9Qxm{d*<vl<vb%mpRO~D(>>HL>^gpRZuu0KSkvWZd>n<
zUEoQ7`Pz8t<H_WUE;#n!p2fBDDNe`#x+Eb^;q%9)C)czVE&TCH6Vo4ma8J!@d<Tv`
zxaTrp6de&xE2r7Elz~gOrr>jpKk<-Dt!?Y!>$QHikM7{mCCs;AI6NaGc!arXGkWaw
z&@9?{1=_iYxy>JRRzSM+8uD<wbo;~Q@dX2d@l`es7d&p=3m!+~qk9yY`OLNFvzPBg
zT)vw2n%7+!?COjS6Av|!xsUR{Z2F324c}@_n@!x)?87Co+xWhn&(c^)Y~!(#*d6?4
zJp-?KN@L&Q_nmx#JCk;Q)V(y;FQqhg7taIOE1{j9-RJZvjUAj~#m?n98U7;+Tk4R7
z_?Ym!8QEbH-;pWZgLQiDX~h=lnfRzCeUIoCZ06fns^8vVp1$$BHvBd5tOM8KD+jz)
zx3HJ0$>)at_C<KSw%n_N@ddqt@#$794Zk%%a^!c9ml9j^;GU*O6<dIed(2)ZpO4r_
z6GxdEjNIDUhdM3vKWE8@I&I0}8NdYY`<l65g0(m@g*$y&k7jR=qFueorGJGL+cn%O
zYJ$Iuk7O-?NA#fYG3f#?Dbl&!E^|X$4$^;_VhztJHtj8P+L{FKv}=Gh-?YP;*0C?#
zwuW?~Py1-2W-#|oAa7<5vOZDldQNqZjY02_ZN4gOr`$O_`{vPsMcm^)YkuXu`N=6u
zay;2@bN+8%l<J>f04}wpK061y_T*Xgo6k4+QIPkbHCE@(Q?wr$Y4eWaiw*Aq|0sUv
z*WkDKh?G9d-kdyY!$I2HKI@rR4z{fSz}U$PmOflQtJlUkv}x`IueneAs0u&N9z`{0
zFDtKn_?bC*Y1X!Q7Gs>4v|Dkfny;I<=P+^4*8#(?X3PsVEEpSX@McCE;$wn7?g473
zPLJlWu8I6&8t1s;M{1Vg+mCK`Chy8ezScW7SV2C+I^O@5%6ybnj|tY%hVG0+R-I-c
z>wZ(?MF!IuI}}@q#_VIfYr*Yxx!&E1E%c;X%eD5k)l;4GJUzOA_iDXYIdm%{dY^f|
zCfbPKW^Hv=bRN%hnXe0=Q$cTf^v4EohqhJ_Q&p2|=VID%J9pEpyT`<a*Fqy|QsJeD
zc@I`+L`U%MX4*f`llJmTVq_*6+VsGlf;pPgv{S~0*!1avJ(bi|T*y~|C6PX<pI`JD
zykskWH>=qPW%#Xi&?s9MbQ*g=G^&2~*x**?kg;sh9x9=&VD8<)l|%g7MMJ$Y;{2Ew
z!TA*XE#IM`q1#+Izeq!U(D3t#%Q!-tW`EAM>Kj?BPqA$z!nqw9x-})!z<9w4bkv5i
zZ6y2jy)lNKZ)IH%!G{XQfxxI7+6L#x__rCHpZ$!D^P?UvUwpQ~QG@rD-?s7o_p<xs
z+IS$Gckv(s?_cwXCn`C|;4yoqDaD$f_v*58-!sq5X;?50932>C?{1H0gV*4Vi`R9;
z4JP9CLHY>h-qR&Lu4O+gVXtqQaZga^$a2oL)!eVqsC%3Y9;Sz$LYAqko?006PK$Cj
z89hK5=X2#X;2d>Ih)Gr+qJ{<M0#jPFVZm4V?jN0l4um{j&-vlE-S;!d^(r|cu^ss&
z>8__R>%NBee#%GfjpqG2Z@DACO^r5cu3qNc2bLUf<M<Hp)X`raFin7;$r(~L-V5(=
zVmss&H0@mJwDXPVGqj`k)mBbg)%ZGKm8@G^?cJ^Z-@gN$1avO^5c(zT;^C>}LEyiB
z^^&(Qk!@|eWXkaC{@5zos`E~b2EA7nhN`cO<_w`-?8YukKEXp94c-Cw*1>NcUUxk?
z1nqmx*Lb_J&oe@w-O4y`;k<driU|(8d`RdS_`ABN=NWlM{#nh{CEJtHSvF&*4JS2@
zPbT+*wXmu<PL8`cXF>L{q+m`ed6<&P!SH){%0X7lw~u_P#0f3n{HudLC^kfEF8cR5
z?H}Gl?lJLp?;s!I8(WKB<_I#S;7|@j+2b3b5xX9~sc;cG0mWJ0#Fz;v$_n$Y;innH
zVPL;j>%;u`&?(e0A7$pdys$>!tXbX%J<m71J@a<CnYSwo(OI2e>-|P_l6fvKY(mda
z%Y0s}XWpr4<+*xVw1nsD=ySqc_>Y~)#LDYQS>!_2a5VDDttQ7v`~Io(UK{l<TUeZY
zC+GS^_~q)Ci(7Z%*FtWpv*!B2o2#P9g;uQjQsVOB+DlpF2C~m_Pp_)+X?e_Ng{P?3
z{XK%Ik9LnH-%Fm3k3B`)tscyS$Clh(2fZ8u44b{zM59;uWALY2wp3peRZQ>>!+WKL
zpl{4$T5B6~6lPC7K`vFzcTLjt=$D=EB>K>NSMjbp-%liEM?e3JGdby-g-`6acFS&D
zm2^||C}oNZ5j?ft>)YkUPbe3SvgO6=kQWCTd9ju9MA_-R6Y6!ymHQ}<JY8;ZQL!rF
zao}0^g~jm&y@Qbz@Nm<?N&Fc4F<$X_`zCq=n>b$&eFxeGy{#PnMf-R@G0A#QJUDvX
zSd;p`&(?)V#(gmXmhfD3A#;)QHpjR8n(|f044sXI&R+WF;yX4RO!?sDgOi_m|KOrA
ze)7epyfmxVvNv0%JaaJg{woJVy*@hV@&<JmSoLKNP4)GyDsLKK6_sJrh-}y}$I#Lt
zC-Mk?B9BTUEnQ9DO}t;{%_xkF#!mOavhrQGKQkx!9OQ!D50@_*wQ-L2XhSvsv&Te}
z*Fc-s?)2>5Rxg~sKAOk+C$7!ngmKnYYi$NcBg~0%REE6QMW++{fQ|#1ExC0edh>>A
z{s)(9`A>VH&RNTQ)lTkp!IpI;+nayGeEo*`%DsSm97DDRs|V?<*y6)ytN`DZ37(V|
z54;F-wRo^-0yw-G`fw|42)2q3<Mq0$t}=;r1#evajed6{9^I@Pe!<JB!@3)t#I*_I
zNTE%^D_^h_^7oXjNnRBM-j<&9Pwa`&N0Ij?%s4a#KjSUqefFh8r>~A)#B(!xr~DnK
z1@dn8M<tgmM&4`j_9$w)#ft6{|2skQT}ELo^DCMr{;AU8>!hbKbQ(H;4s98py8oyX
zc;H2SSib}wn6{#cZ9VL?CH}x|>vY;0TNM4d__)?j*%w2;$j4PDSp(KUXT`@U7Q47a
zy2xt^Yj%jfT^sF98_DF2SUhTJxvO(b2CrIfduC1!`Q;+(JllibL4^fry|*<?9aJcJ
zOZ@p7#(5s+d!6^X!W#4?o6!j!B8Fdbiq`EY@ThDmWqX)Y`JiddKB4>&@;B>c^hH}}
z%hegR@ZX|QkCgl9KlzyrbEHpQG{B<Yp@rrwrS2>6qSBFwU)4N_X8b{Ijs=&2X&*X^
zN#90?el{{W?F2WfovgzAv{c&3GVn`o(wy{VPgxmN<v-?qVz6T9A0PGoo9!E<_S4~q
zgS6Q~{Z`iWedtNU!&cOXd=?y89Q45_uOBl$C^=p_`LlbmN2~GS>7#S!n!>!k`o7M=
zqwAy3)6dNhq01P9E%<3<w%1dFbq`K&^0BAt9!zcuk{2)R<&0RD6!15oFT26czgyD<
z%|c&WUt{L<MBl0j#H%abR(aW27sV;sdP$EpzwY?-CiIiLgU3^v$TK=NLK~G`?5k0<
zaR^*}JPElmVP8B1{NW!ubaIImdywb0$FZ{$?{s(t=NB;xYYhLC9%3J*YrXHGj@J7v
zbjOuz{YAn9;2I}iA)UFxmx|NzX{DaZDmiy6@KL&zXT_h-rG6Uc*}PIKP{G{Qu^w5-
zyTS+2GUff_jy;2ib>_^zK6)+h%7<F;$R@j)9NzV%)^1`4x}^WR@VV}49^NOeR(?{#
z<FuA|{WQ@S&ILd1oAv#~-b2Oa`MSagIkIb1M{~kibUx+b)y{maLm!~$_0IFN<o@GX
zdZ$Y9a1GESp3&n4I>$qNo^W@)g^c<f^(rNo_a7KwePh0F_@kl=lc7m%%!_h0guDa5
z`5w`{89ky62L{;t2j20ae~GV{M2wtx&MJ5}*(d9;Pu4p2Nto|g3ICV!8P={N&CorN
z1;3<U<RD|8R6mdKtbHQ-^D_37ndogI(%n38R=}FMbNuk`{*7g_(SNXEj_jtj@W|Oq
z$=f)%YCQMDZ}ffa*=F`NaNXDiT%GNvUxdrHn?3;?mpgDt|2326)uq;Rf=zLhwb0_`
z8N?sKQ(sulH_t_UV<$5)*$1{#|0e5`;qbQ7>C}8Ld+JzpH#%FFvj?(-qfXs-sjD@(
zGNBLMRVv!^27T0kr&%A||Cr(ne!!eWlKjtWZMIa84booJ)`N)_lUFw{X?eq}^9s?`
zzfoFf1q7FTEUIUA*yuEGb;wtZqdM$#X3i!;zY^xG(OJtcJ7;CUA3l&2IQk9z!WjEQ
z%#&zc$JhrIw!ufq&KaKAJ@5hb+&Ngm93+nOvJ=Kx#5e~z;~Z?pIoTQKaE<dvMT}GX
zmOPeU80Trx#?nsX^m=yx_FEk|`?rp>598E&311HYr@>dAv-zFR9y0h^e`dh?7i|2W
zG!_rX=3wJ$CceqaF^Y}<<Er8${FcqUvqsM)z~k<rFFWro^t%=s;m+kn4nF<LhUbm^
z=AuB3lYgrQID_whzud-wLG0%~_vWN6D{dGwxX|Y3Ji8xuU{SuQzZI6>(C2nw(HSK@
zo$|~;i^kPs`zRrwozC&@)cNfQ=o7U3XZ*g9^5uNo`r@y|E4k0^`w_}(y;nyMlRLP6
zsQvzvyuY7vx30z|{Ca@)BJkgCc})p&;0$<qWE)>nM}7Gk=<Ijv(U*Px(}#1;8raX|
z9l`!K<@a1<_dSok(Vd;pw_tbMvfI9<Q`^@@|I@T>ctO+lt7cxVjy6z!Rgv9x1#SO^
z@~`u`oR8b4JvZfvZJIVNF>OqZJ|p<@>^82T4L{}5Gq~?-E`QEi+~d?=OZ{s`seVRi
zBK5yRc?DxQ0-xZ%lL>F#)CIpViM`xp&U$>xlWiNQ?89S-mzVv@eg6wQLRQy2!Wq1`
zjrW8z!VSIu`;Vb1{Js}B6WbI|)WleHW}<uG`?|t9FW<bc^Yk|A>%TIGA83a~_05@n
zZFGjI!x_u_D-+;d!S54rVt|bkkDBrhysqo7^6R6EDWAhfvXt9T(`e?D^YA`1|2Ib6
z@*4OjTfQC|ok;&i{yNvL`zUoiw4?Fs4EM=C$Qf?*^tA2lCDZPCyemEZW&4hsTu$zM
zJ>tyQS^STjo-UdCKlr%)pGzN!^IPrImu&0S5#9=p#PQ?_7RDnxQK!Ah99$jkXXcXm
z&efb;8|}q&mNTBjcFKm^?R4Y+zWo0r?MaSy``(k=wLG1i+cnPo2>AQcj{E)qem~U-
z_OgL?pAD2h#^(!T%d!7I&VOz@DG6=LHrt7wnRVZDlruiXy2}rLny6=Zm2#~|XZ!VU
zC>IYrhJEAmz~R%Z`j2Q|^&9j*`*5syO88pE0fH}I;A`utSDC=qKF728TH!;8d6m6V
z=TkAi@4=Tq=Tif`i{w?ElfS&#j=yN&jD~iaGrA7`WSrqo1{Gcfe9~pr!FLQae8<30
zC4Kn3{^yU<R(-X59xL`#Il?kR-##;Gd3@H`LeXEzaT<^Kk%B)QU(wEEwfiaAJeJ@a
zg`C)FZsq4S7XKPUZ@)*sPcR4C1Mb?W?SZ_zoR7{u;ka~q?*G3`_?>89xRtgN?F%!^
z^EJ_0bTzUsOy_x4!n@M@$!A>c3uoN+Pfz$Qn}S>Z_vjl->9Z?+V=?8@H&${UNf%ql
zv-FO7mQL|J^W337{;HnQDVqP$DW1i1;#l)|u162@TjZXt=<)WF;{f_FO>|$rrg5GX
z=Ustp^A5VWd7}A7kC$cirix|K9LLGUr8{XGc{l%&4!vnV+SfQ5+x2)^p?A>ZrBL34
z9`7ATkJpGEuRCSZ<JAIBJ@fA2xw4D%Me=B+IbTlH(X1k_T6DJ-S}I-ICr1+ZTY~<N
z^2B}l-U;;*^nWUcSK!<;y1GB=nKQ&~|91)Rxw<+(b@!+|L3Vwe=flWp_uw;g1ld({
zyvCX1bmmUa@C(!SAUnSOcgT+4WZaS+B?}%#7Tm1<S9i#Q&+2)7hb*|BXKYb-t$9^3
zjRQmLnCCKNFy(O-O_2RH4<8Ft=K4tWx9%eGwaH7=%o)_e`J?@&^Idj`<}~sIqxYA;
zQz^VIz96B}D%p%}U!nu-`4wl_z7|uUi;4b3|4KQs^A@eC+qUGG#J1JfxGvkb@8UQB
zjxL}b{4gGUK|Y8Hei#SRI(&<6|BLNgbQ^Vbmd>Ql){)l`SDY5=g-wM!i?IpVej-nJ
zmaI&t&m6|2d3lz1G%oqbxcLST@Lp_Ze8oKGko&g{&B=sz=`5W?SvtQDJ=e9bX&ZYd
z?@RcbzWsanN%V~t{-zP;ao^o1^*Mdi!sqnquYb|!v;bHvX#al*7lBPar%MmVMT6f!
z{(fUvg3sw6s3TrE(dTq9@4M&6hJ-dm%YXjghL+pywA1p8&`Z?QJ2nj#@0JnTM44!i
z&d$#N1^Mp`{*!)d=-%Ti{+)U2e4n5ENwv3Smz~hBrWO6dw7k#n-&50rTps9o$G(66
z9<{5!b{rOsNh5cGZ;8*!SW*SvDQ`q$pS{KY-m8msKhj=utx3Q9I5`#;lk>3#JC<x0
z!;n$uf|J6FHu5nYxkj-pJL~>%_&B<rG?Qa%i=*p7zu09=qI5kqhEAQRH@l0NaP8Mc
zPJf5UrJUG@^4Iv;L&|UP&h!5m?p)dlcV>L|)VMRS3*1@7x(Ihh@$KTyv9_*p=W^<F
z#+@aUxwvy$LL0)Jyp!P0h0Z&PxHF8hf8)~??hK~<Nj}1zW&d-0MW*)LMBBgngd7_a
zE$)fx*mri`xs&^P9|b<qdw1_8vG;PpT{lNx{cwLU6B}Y9=c9Zjnv{bTpT~jtN<`lC
zJ|B5y>A|K~!UyF?a|?AO2Mqx)efSuPXYzS{tM=j-P?cok-fZwLLOXS|(ez-`D(QCI
zJRWJsF5WZXE8O?UyYp`Hty)3+V`AK~@jstv`=4tbR$Y#c2>d&OykzJpG(<86dnHx?
z44PZ<FYf=qVeaYF-Z`DQ)H_=DP1M!;iDrnW`{nPt+VAP1*Qlp=)ULh-!xqZEYStwq
zG=g>6wCNw))30EM`DgFx_uBsPJ$*m%%U^a+@BatSgK}^(@jRG5=hS;T7d+@3gYYxf
zMQdB+teMu<calAQEp<BY=_e_3_jF!D8`{%jy2Ou+&?U}0iF^7i%If%ZwWrUZd<`Gr
z(U1N}{6DyJvOO&v9>%%w0<mv~{^weOJE{L8p0CAbV0k<8N&1NY(Rq$<xXDq0FXHZT
zo;27S-M2Ha^(b>8nP_IpyDP`NI&jq@_E7%(dC_G2s?UQrYQq-(TkghFzHG@!19^Wa
z?`D&GaUW;Qa_YYYKdsywikZ5ZJ+1r}idh@RSwsG-Emin4xcmByT=LqI4|kAhV_@q}
zd?k~U-zB%<z*WjOOn%zMYTE;ksJ7eK$8OtdFR^Xn>Q899kJGkf72W5fxjY%o*!64|
zd-E%H9-Vyr#>e6}9yED#@88qnv+8FthEyy5nB*MtQQ#*vvE7GrL4W0$K5l%E-iCfQ
z9p{YhY1KD=c>kW?WAhO_;ti!oOzxMlMEML-`eiPWeO<Kmo>Bhb0_bWLb63%OZ*dOi
zbwg5WtL{6}d3`tMwQMdk$=5WCGh4AWT0i+5B$n$OPdDedombI4$6F3*&!?Mn{O`5d
zEFgYcd%pA8EuNwHviJ)34F8Mp7Txm6VvTg)&8gyzu4X?~IcLy?^WuhXL)VMoQ|}6s
zLm)B!$kH8XUi%ENWm9qw5IeL3+|k<CK|kGndjY>ir)|2P9=iD5uIPG3=vwEU#C`iU
z%6`E|Z9a!Ae*w7jkBsrOgfag99{YZ|D&cw;u~l7-YmNh>Xqs&GiR0>fl5q`p-boyn
zkFxLc(YWqoT;00b6Y!v!(3<A0%if&%`>h9qxBniW%uEwYv1=>-nVkLE<enK$Y)s{2
z-+wc2((?yvzOw6J*<;~@<N$5mpUNF4@Txw1$j099Gr4?p=4P-jX2X*vTd9U$&B2H4
zefqeKJ~q(DZ1&eHwBMWebiW9>o<p~Jdartwdt>fMN?G#y!W*|e>PcBLd7rhrfxI()
z9~!#tb<a)FM$aFM`zD<pwUYj=c<-_C!M&c-qS?p47R)AJR3rC*S`YoC_;q}o`trQ@
z*w=!47iLEnLW6YwXD{{T>7|^#<{nU&M;0y8eiJ{v7k=0+FJZsUh4yvkoBOceR#Wc?
z^J=kw-$Ea7ce^gZzMJB(qf1zgJRD&@8lkPh1Rtzp*ho**C1C4CmvEGF=@Q;b&?OwC
zOuB^5d(+*M9>a(HD%d&KRXXc>H}pM&_0bt28nMI3>gh%wvX^I*R}NloD`WUBW2iIw
zkW8ZwIqHl-_cBD_-86>ggfYD0jG?w&A3}Z<#_(U1*D;2z&KPRZhwO01P{BS>F3Qe%
zakd{k&iKBVw<<A4tqj@D*Sj=^ob*P1|57t1i<~6#E2vDuXHVb9J;4g-OJ%03tM7<a
z^Ryn%n)r;)g<l5`r4sk&wE}-{n;$9$6WZv;!7T#*vuNA5v?S``T+Okv-~K*jb_}*R
zcr;ge$hs2~M;!J}Vh@~r_LFjy=g_|A6@Thhc;{(Z?2Tr8lkthI7f&xfw}koAeF69`
zntRCCz^ilihB7>!mmA=@Z9iOFPgy+7zBk}V8vZr-4#pYlBI<MRxAAY!{M`0$uk2>k
zk5s$(wTH<I9--bs>WSW@(=K`yr(NaVOAnn%yY)%wOAh0EuNd+D%%A4q!1=o8!qLg_
z-zBsuy@J*u3=E|_D~|ZcH5W4vif5eI9?yv1Sm39VrN`htRldbL$qz&L+Qj*<JJU7(
z6qVD5%4^gvWfA%k{E2;y&@(ViKvqo5Q^q=P@+BMG*_5AA8cTQZM(z158+Ux%g}KGF
zogTXDQjLlHNKSih{;oS)j%WQN?cU(Dd+ZY%&Kn&(a@#-p$?>d296H4FRHsiDX9e@u
zJK<k*r}zHM^Tl1f=kN61?>oKs4$ocXK~B!=xEosilTZBRDd4Gl-}l|*aa#gEwE*Al
zN@DkJgP;0<yP-EacSA3tem?be|4%_|!5-bcHH&*ZCU|<cUPF#<>?m8}_|-NMs}t#w
zW$uRlK64}-7k|Zlu%UtYX)M2fAabPg=HVAiZk9@Tt7gg;-(vSI-Q#W0f87balrx};
z^I*XP6N0)2diKrM?ri#9ehcxs<OH|}T$c~$-P|v!`#knR-(({a?M^JO;2hB1EIM1I
zFHxTGM(WN?poNQoRrLI@!Jm#Cd~P1!h0Lo<-`q0kMue+>nq>H^H>4wZ7#gDa{jO;z
z)8yq=oh8Ugo%Kgrld^;}xqVGIXJ>KFhB#+m;*7nAIoEl;p7l}NTBArGdyUSX^w^ur
zz7jlm`C~60?7T*2PYNGQTqp6ySF={~zu(JR`G}>}x!?GpZ`B~i@AARO7~4}QuS-(S
zKWqCU<b|q-8jHyv8I!;B>IXeRXp8Z8u1c}}ofnadN&e2OA503a9&E+#IoBWD#rrAv
zKd)wupbxrZCbTiB*UJxkQVoC5kMG%rKS=$D`2+FbKHAe6S?S<|%NMwOxLYp1;BLbg
zoXCg!SmOoeOeG&9e8FbU#kuWgD))i#p6i=!?lbSgH~Z+vHXe1Hso2;!Q$L|xXX@sJ
zGxdGSy5b9jFIObsRBYpkw2<?2ldqzrD4+N&;X^*>W->Ie61z*q`Q*~0-Mb6mS6Szp
zE^HPv*{c<-m*{)N=~nC|>Q}J;_7cCOzFk^&M)UEk8qRy|*AClxdgxokp6mS_Cue6O
zJ^gF2J^NQ+3wDBSoder82R2J_@(D1m`nYQtFLYoGlcQC3$3z%4cbYeMz83!#nDRTp
z^q>QiJ5K@mLU%DwgB=)<r|a8*;Z9(+bp}bn!{i_^d3LMOqvzWD`W#}>6`QT`&EvOV
z)Sf*r$r`77)Z(0%hk+$B!(Ws~o{2i_uNp%weuUQnQ=ROsdd83NDxSs1Pvu+tTJNe|
zJE#9e^sjTgGzdH<2Dy#))t~BZN$8`->7$B1{Ipf$^if40#ioz+&;{l@EmV%&bd38r
zy2>S->9+!wuc}=9knV#PJ^mb9k@CMTD7A`?IJ%O(*nsyVYaC@h_hS2f0Xp4;-S<bA
za3>}8u6FFcO{G>~kg@v?3boKq9(G^ZIi7rod)+t-WJ{8dq;d{NPRG_W`~1Q>&a_%&
z{2Fk+>Y;~<8;ILzfbYDUzVfgMSJJ-5xA<oz!6o!3+l%ZlHxp~~5Vn_Ec%9?xu~(rV
zP1IW?=2)x(u3p#MxiqwIl*j8J@M$eln4iaazjK~7<x{BZQ-W`=ozph-Go5SJ9L3}g
z%Xng?;&IjYUfv~s&FD>}`@9(%Tm+s}v5(!HtD{+K>0@T``Tu5~)sFinbiQ6{=BsO*
z8tBMHQF5zw)~RXVB<j@8^Q149eLkCf=Ijx2RlU3NyxjxMeI5Dp?~d-`9<#CV{ZH^c
z2|L*24gTO+%>M+|;YsFyUdBT!rDI#myMxfN<<nL@c$2|>2z5rcHn3HCI#*YwdmV<6
zL%x}HD(GEO$epFJGTNK2b;Xvq0R5ZtK(1#WO{T0OW6{dR_!NAX_DtM?@-ScQFKV4N
zvyd}<_8Q^`-53Pv*-Gd?6J4T<<Kw{bs?XwMFLdC#it|ly`8<Qr*C98`CU6Q^ZgyZ1
zd=4z*GLb#Ig2jV8o(PM44Ys1!a$!jamN2j=)~OQSp(5da8GNU<BzZgX%>E~5YIa}l
z2w_f}$t#O(qCKxH`5_9(F~2#v(_Ju|@DW$Mwf5A>_TkBNv#yQP<Z5Owb?mc+W}k(j
z#ofU<-SP1*J{MoatIoRGbfc?P%-&J<yKq3bHLe}E=0z8!T3g0|TXXpiCi#ojKkpBQ
z;N{MC@T(qtxZ1PS;MacMmkw9^SbEkq@Z$0Xe;mB1G<ZgSe6yBmC&8<X)`hI)>;$|j
zNV3L0fel@2Im^MTmmRzs)@d!zHT@23&D9-%j^6iwIJ=$z7hFG@AD@PfnDre&T~{A`
zGrDHMITgHf;S`?g{`ao&zXQ%hoVyBs>&w9Dqi^x*E===)$@)A#R%ab|(1IJ{V-oYX
zlMl%`>&^|KAH@IX*nN&XPk9--mK64AYJWd>o%)MHbF-uCz1ilz`4rjVlezN<dZV1o
zy{VH*oegtOk8b2XQ{5k}+{~(TIr_MW*9u6dQHwuogGXmk)%a(~NB1o6HlWY?aDpee
ziMzKyCa>y8oV6cw_P)k{eXVc*gj{30vy=L_+zcL!O6p^1)?V%;5nk<1eq-gRU-VlQ
znLjGpK%ZBV!}*+?s`9=U_=CMU+p^JBXLI)Tx2*ZeIaX0{?)2y;@APPLo+sGvQ7hWO
zm>L*UYL))GDXM#dlQ$&=Q~D)En@6L=W;_jyM>>b(4PJ69l>}SZBU6`ki(b~<ihWG{
z@|FFq?XLjyZQ$aa#8fQs^fRz7_4G5au0}o+tdAzYyt3ExsjIXW1>BLMIqF;3BiQ@?
zp26(<eZkH0FGC;T-u0f39a=hu#9T>Q!(7T0N3n&x&hj_YSzXhGzu6$_RhD+dQDpFJ
z^L?kv9n#Ol(<_$#&*QA^f4Y>MA!DrA{;9}0+zTHWX~mL<S=-am@vKH(iu}+U^nV5&
zB_1ZUE@}7riQe5`CwAs?KKb~iy-)ngYtM0?4Sad?2rG64WwUN3_Zi=jiOGTH^*w`&
zhFO6Oo(J<iWFdJFCL{$H?XdAB@-%kWg`R-!{;Vsp0@3Oo9r+QwPA-IOf6R^%=Dv(0
z$l3?Gp~FcJEhKkU4Ll6}6y=cv#myVxOG~{senm2QPm%&*>h1%MwsBUhPgHqdF0y^M
zR*}0In_;;6rDFLbH&2{Y6rbvuAD&V*K0@w^nede1F(t7^)ftJci1D9!Ci)f5AM`Tq
zcP`gJBh0hwr$a6yllz2zn(0IS{<5=(=0--)4!@NPMR`j$4?QvW33<U8S7vAp<&Dq;
z!Rof5J@2-m_hmy+8*8b1GrkII>8FCZIB+iciyB7-O4GB+Uu5S#dGwExaneJNP*-iX
z5L4Nn`y}_G_S`2EY2!uWsFeTYE5Eeos*M;hc!%@DjO78%#nbTWb8P>v`FaLl<xlyT
zS9jXkYf+=T59CYnLI0I6#pFuK^2Fk4e1>>p!4zT@<HSh7C&uR`7d2F8MkBet_O)6I
zo_%tZ*o|r@=KwMJH_=ywH8QZUF4yzi*0Y2=#Y@O*4W3RRt_9gXzS`Q3T$nDnrZV0<
z;Rj`rDK-v?FQ~#Up!ryIdwfNVdHh_w`RgVpAh}a6y35b`ydbIKu8O<C`z-nxQi6{a
zxd-9V$0!#IW6?cnku-3g{}prC$l2lIMLvBt)2GH?Mn2Ha__2Ze<0{BaGXnT5?v1M>
z7PPWY?Hu37J+_%xpKp#1Sj5vL^)A`iBT%}rdw=JSZsKTqJesu8yWF!e$yYUg7`|5S
zy01&GD!-UEhy7@Tv-WAB0j&G4fini2!##tzceB*FOY*@zq4~;LFsRGCFUnb<`)P}z
zc{SvI*+1Hf)!b{<SCRka6>M(%N6V+7L&x<_O4gD;qzpCpZXUYC+O`B*C_LVWKjME4
zNm_n{bwA3Sea_nd?vU~pAivPgDqz!kG3HG^a=>W57Aa2%`+1ki1Cy<Mez732k_K14
z!=9eevmH;C905lYaN@VL*}U$XUFIAJ@9Y_P0i0^%f8mN39C2|%_+woFUD?^g(3RQb
zmWr^hnz#6ZK|#f|rjb9~kDhKGc^@Lmvr=j2S*f8<&4tgG<>Xlz7>vB`=2@}lK=;*u
zpLuwjJS#_DwqicUD4G@N{qUQ0mpyYZZ|Q3XBbR@85V{qO-<n($1`g4zZLRkBYI_z2
zUA+G>{pEGet3q4KtCBcRb?hOxo&RLqiSx9CHrAxx8?1$vucO}WX~fjwn_9#9L|%bH
zavhwIbD;^IBRqzD1k_)vcf3ivcMh?Z*FY;YjvD%|OUx4yKPT8wJs`@OZI4e+CdW&+
z-L>?iF`eFN%_@QAS6AE_T+Q9HYrvb=h}-z_I`n6{i*_JuG9#5W85-)rnlw56DR#P&
z{7ZG`THErLE-kOQjNj^O26IYGU6^;&*JGXfx}3fu-YG@R<kd^e1(Ej+Vw9aVsoc2q
z&AgA+AM}lS<zP)8Y>CdA#HT>JF6DEDCl;wrY42lyZc1R&U~;BhS`w2jDl$d%;LF*f
z@`1<r81t@pIPIAu^ph(%6Yx4)&r_i_*Vwd1^eF{iY!*DhWcX>lD?aX}OBlz^x)aT3
z?#ob&ufN*b=!X{zPu1Cz8o2+boCQ;pw(ED;J2>?9oA5cmuq3usuuu5%uz%X>z|Onv
zuut&B+9-E(KeTX`Zyhlw=r3s;AGx6<rn8-UC|lz<cw+vsoU;>|&ujQh^~4mD7MWVQ
zU31|3zO`*1u$5mEU(xsw`QFG`_``q4#<-uDQ11XcZ^k;W!KWLBGWWn>=KgPh|D}__
z|03m)8O}K~j`N@ABh0;N-^~A)TifT|_IbB`ei-WpwGR%O{XDxQR>yOAUP=3%4L{X0
zbD%pL!rv*0#lPc;RlOJA@)OE0fL<yG#cY1RKM|gL!ll8`vv&uZM<fMS!)tzcmp}Ru
zG}LEt7FO>ruB$GO4*TTw;^x==v5!W2Vjo?KPd00yd@m+%N_BtuUYowX4-MPM-rwY%
zW^xcIr^=`~snHK<@1tb@_A2sPD31lc?(o*#f~k2{EPu|FXv@fwSnF#4cCD>)So9`;
zMJhQflKnk`Dde!|L%xf?<gs|)J2+SguOu5-U3I_cEXJ_8`Ww+b$WB|m<@mjK<gc*(
z-es${{oa3vPI^B0Y5TnoI>F96!P~W+x19D*v{erZ{SKY<Wt4aJd%u)2<M$3co58P%
zg3WtX^bmBfEC2VI_#uf-Y7J|duW{6`t-iY5?|lr<E?*=bhP(_>KW&{&dF1Ko?fEP$
z^1;~oECvT7ab%|7z*|9sWzW%hwU0Ud92$1$9rTnZfhAwQHM}Ric9^pzU40+u@R9GA
z089Ay$R58Z??F?1OA6(Fe4{IoEd*<at~)IhJb+%6@#V#Oj(Z85>#9yIbxgnb&T8&N
zYa+mFE$mLL@6+Xxxk>OpRph2vS}xomZ%LtOc{8~NlKcC%HSFQJy1O~c*KjrrWt?@@
zSDE|*ZNKEs;1nmn0Q0&R`=824)?NP=<9yt}oF4j}%7L9&@A~j&#<rQU@&6vm?Y<u=
zcl%Y20k_{UXM_6O@|oSIs~6WAzR0_q&jHtf-MpJc9<-&)%7aUJpL`p^SC*CMU&e2b
zwOza=IlDBDBFPzQb3bGHGh=BU=imO4@)F<=6e2G{^V3O1$+Q{trWH0b4+Vkl+mKI+
z8m6WdM$%XVz0cYDXM6x7?5XC_C9#$<>@8@}`*TaT$45ga*~5{idj(sb?Hzo-)!IIi
zy)zlQultiGcv4%|z@L!!dvO-{vz$443;ylL=w_>+q2dQFLSE9?#b58^Odb5GJ$@5+
z$Jqasu`8BdbKTY!uV2sa>F~CaZKse=V^%PERdXsfFYcO(^hEZC=2%(Kb}z8LO74^O
z8xJOPjuybrFvcQ{b5^epXc9i|GkjkAThaIrQ;XsYhT!l2NHKXmWAOvzTf=s4<TUE<
z-`OMZhk@7uz*X6yB75lvAHG`72l)-lo+*2k{O}urYf*wd^D5vs=PB>nG#6ioy~w1L
zM`lbZ@|k$VsdkPa;Tq4#`>`?j6ezArboe6b3is_CLDQnLJqs_J6r0E#74xij9#_5u
z)=6t3oI9WL@JG%*JVg9I&uyO}b3pTs#L?>mv+DzPhWY|;^VJsP_-pwRvZ<FS=MUjo
za=zM>?fCDFTX}ZB6So4KZP1_Yv>QgIGPESs6Z7afjr)U<0Zo~Bc-f*Hd3ZlE@d0G)
z$Z&FD<Z|xxHhPK^@=%2NzwGDCKXRw&rR2y~wefTZje1Yd%!lMi#myiS#44)dTlP`z
zA*RE^r|dhxvI}`9|AXW}9%oWMxmmPt7bA0?$3AR<50#7%Bu7hpL2{AFO9rl&T*Y1l
zuW}Z?R-8|ajbf*j2SGX76~`?*;!NHf#(%?4$b+Cb*X)A%^t%?>RxrqaVG^=-KDihS
z4CG=E43j&<P!0_D0mBSp-+>_q7);;QH;`ldzq`y;d$RtoqtAz&{zvh9^+fAA$^N;>
zqT;EanHpd5J?H;3`5)QfV_(qDH<JuplBJTLvGeLKf@juTN&YtS6tcI8&j-e%)7*J_
z*_o&7|E75wP2bl7M>w}f;EyHo6<6_l^>o{obqE?-b6@sU(bF3pTUO0PE0AeyS(%}6
ztaB5&6Ev5<@}5uLLgh}7-EI)Jtf8T?1Cy37m{nXjoUs`>LOPUbqXOrV+ueumQTffs
zFs{fLPs|#fkW=7*&&UCd8ryr_0y*$PT8GGpl9+Iy3LL0$a9~lFIFOFbF1sKKe8V)h
zYG2@IjO}!O`<)ySSN!bwiorY!KmLn)K6EHP;`%N0pv@XL<r<g9UPpYt=09(kH9yBg
zezwh-g|+L*8_qhe0LD7<1J_pn(conSJ)yzTF5$9q^G*8u40%cPNjePaGT37#pYdtL
z$%<a}qs}y9e>I=a@msOKxAAf7Yu?bErbpl*+_I*L&|P>5@oIx<-z``CvE&l>+3aU%
z;ZgDx3kLPQnHcs$-cjG5P`>#R^_?DijK0sMywm#z)}I59bZvj8{_^u}SbsqM=P2*0
z{=Yf(e@FdkW9<6hqyCDM)K|^{wg0N>EB>3gxP$uhD6e5mnm5rYjq9|n$5-?NPMtsQ
zIRDmjXfyqEbq;N$T<4IPH_n<M&u#bNTL=$#WPyD~NCwt?r32SLO5ev3gKpvy>7#9d
z6<bDsis??%*>x*)_Ewu;`k~<3Sy~jq=B~4^N%8tx&+gVZbUEg%dQk5I*R;Q)lfIjJ
ziD%WFJewHk8UEPq{5E{$F*_HKJHINcA(xzZ>2IkHed}z#jlSFKP!<8dZl%n_ClTk%
zdclW-Z__C+=97psd0KDQ{=2L-??m19SobYP7D2aoDShglrgQANOQ<XUVJ#oGzRD8Y
zjeOOv`+dsYI$!0tcy;$VEx&8|VN#yeW&G^RVLRuB`#$=&bmctIcoX|BJJarabVA?C
z)#1LE!|%lUmCDJ%9E52{xbEXy^JnJ}w|zo1f8Ch}`JyXUMX`GNKm1FLCoNRVe5G0Z
zelOvyPT;wZP;PiB**F}&sCKwjPt3T%pAYpv_;a2ULw_=x#-FH{h(BST4gPQzXupe=
ziq_8N_fyze6~i@wGqIX|qqCuf+%;S2^T*K73C{U*1Uj7OoIlq&=T9EzPr5mOh>N9<
z8qOc-@wT_0KhoVPch8{E6PZcNMYs3PDk>DMR!o?5de^<ex#02*?Qxe`hHnsj%YmcQ
zJda~B?HGFIJ4nCF!D-p(-L+8L!pEI_*1+Rw?cH_VpYU7nG!6GB(&BMjkzETYZ)9E`
zqisE($#Wtul%?3Xa798}*YNugIw-dvL+_?Y7xd-$?s@ceq8<yrdx|G^7v<_ZuZP{|
zsDwTbp|dgl7@f_R>*t$pKkYgv`a$P(jrvK@*-Yj6&{U`WYrgzAE_U1J-FEo_oy`Qb
zpP;k3kY`tCqdhTB&)|dMUmcx|pZ#(U<+bQbD)?QC&f{#JU7g1kbRP1@-(l!|n&aE9
zoSm5_*8fR#9@074IXl0c&MAZTwGJIQJ2OL1qVwoWc@2JePda{h%GsGhS)$IPhhXzw
z6~#u`rOu=IBr*R#Ax>EIyVB8xv~f3&Xo*WNKIYk-n?zkmi^}0SG&j;){6)_PI%I<V
z3GcP*EvWkkl_$tq@A51;%bcN(oVDhkc!qwP@tHG}J|rXkO8qCuNZa(B=EzLQM_YJa
z-ILgU?h})pV*~SAAf8jUycPJp5aU0RXZcvko;Mj;X7<dI*ivkH;_Ih-tWRchXGk+~
zMGJ`eZ+Uw4VDgBj^uiZnCi`d+a(&Ax$;7rjQStKP7t)+KdGW|5Mjjs7*c!<Jpcwfd
zWpu>;LqiK(TjLKXuZ91B{>7SQ8>DS>M$qmA`e+_uw_i;A$}P~*{vg`V3@OLJ0qA5E
z?O=y|1AEja*&%b!OSD4{GIucC@wV)cgF?4cSM#B<w5~5l7m$8p>_2@ziGPSYCe6zx
z-ZA6Kl^$Dhu$dv{H28FLe1-f*lDSJ&V^CYJE-Q(-IKaDZ4usP4Mg*>=9r8opwFG~X
z#Cf=g^03)&_V_!s^M>7yGiKURea5?q@jj~YR(CPpbDi;?L){bP<AnQTCV?N4uM3fL
z<KBL!%m=t*jqTT{GeK)~0q@F=^-Ie2oG4=t5MDmrv7h?r*`-mAj9tZk@=-2YXWmDy
zPh;I5hX&|;u2^dYuG{RK$Lw$AYW$r0t<=t^d>h>bexAyqZ-K|)q|t>OGIa)pQeVgC
zq+0j+_T&DS{@epIfcs$5h^a`&moS67{kjFDH<T}eCEtTI+xH-=!cT7LfvwgAa+xS@
zW>9I2J@m%p(@M!F?b(eV%JX^1?ecfqPF!D_>_VeG!7|DsJ?(tfM}b{!gp08&0C%{D
ze`CXf3&^=VggnfrM{|18-vLiRdV=pLmmg~wsrDE@f=F7Ad*hFIip;%A)Y(_<3B<V*
zr_Ou5L+5UY{z7Bq-Wl2S$&p<|p5Xbl-j&65v_DgNjtjZ}mpV1daf<Ho&;jnTdEC1#
zew4f9)aC&z(D)~GeFywS+}UAl(4wKbmua2eI}5wkDBc4m;Mo>maUwh~VzZ0TuX%^Q
zp5&c1%#HB&LG+J)*07m&^Olts`ncoy0`iV#Kyw;KSzLvl#C_A&v=HmQdaCtF1-gXQ
zQ>;(+@m)E>9~_BYvbFV@gCm!{b};pWR$}W?Us~VmkvC`M`sb&P+IVmZwy`CnJ|Mqw
z>PxM!E-OdpXzoBDuWtz1q5ga93H5RPgb4w~#$;4Z47&Z+_P3@r47WbnfuCR*JX$_|
zHKRAoM`t(_U7>90IoR<tSX20hH<S~_2W~YHSG0w;)<9#z*n@@*J)Kydp`r8Bp<jKh
z^AhXUpmQ_N&{f{ut~;pYlcDtsdT)r{0$phL$w2pL=;T{HjZencX;1WFHuG~BI{8cE
zlQASzOu2kA65Ehn%FtojDCPZ6nQ!@IjHfQNLALovb3_{op@kI_9J~BrXkkWZ<Znd_
z2Zsu%`zf?qzI~dr#Buogb{Yr1CASd+k>tQ{;C^L1^f#m6PqdZoz&?ff(>*ZX<$eO$
zl6q5Ki@&JeGc-Hl9p(S;p8&6D*}4l7;T;ORLqhSl1n<z$@wBAn<*WmHC9oeH)>?>9
zz9f(Qy5t6Z@lWtdJ?*@@nF)7HXb%aNDQ8>DKOKVqz&lC7PqCwv<$f_o_g86uCA9VW
zxyi(wB?Sw>5#h=t@@z}TEL@b1dE{*y4obhg<U{gsH}?&!Kl^=yt8U)y2=wiqPIy#v
zI9@-z3-~hye=lNn1V1`%);`n~{438%fS>lef`5|iTw@&G2EU_cX)}zDU;A?{p9AZx
zz>aM4;4=^M=c^n3#W_d@*TR?D^g9C{^CxNpys4LtbON&b1e@0Wh;rd%&AXDHZ-@&1
z9m?Hh&cclLvrzAjA%<UVRuLZ{o<?&j9CXi1gO92M?EX*V^?RrzUA4{|(I~Yc8Q~Aa
z<?8o*`jS3g|Et{8;a%j<En&ue7ym0pRcDmWn8bP-`)}bpx*R(+q$~Knz$RUl+n4lF
zCiV^*>XzjxA09MR{fa)i<u0AP444w<wM@^Q=2g6FDdmFOeP2AC$M_8m35|o+ChpT3
zc(W7e4Sd`C&^N7%XaaaRt{EDEujE~2^4(YjEk0+_O2Mw&?7+6Ap0!hdSMh)SVq!cy
ztxYL(?*zWCY@qgiXgK@P&?{)S=+&<by&4+oM|q?Cp@Bi`(iIGuonYANz;HD%ynRX-
z>^)y<V8{%4=*y*dRibwnCen`~hTeU&NAzPz=)(a?%X=|@Q^BpaE3SeUm<CTU72cp6
z9^o7KLS7k!XE5;@f?IQ<?>OtBv1lEI=l_lUQFgO*_!SUr%M--r$Szn9?sbJzl3(h&
z*b{ev%Qf<$q+P{#yePXSXXp!j%eFX`y`p{+`I}#wIzvKxkpFL7t=NWB`CIyozooU%
z+GwHk9Y{WhY;SUF^MzKd@jKSEmzZlm`ID3J+i1=vPc&zq{3&0iyxEKYV$Z7a6}Rsk
zztNktyI`0V*ih}=-I9wfZH*PUa38tJDSHHdXeHlI?cfgKg|xH2TkuzFtiaZNR$x~N
zJkf+6!T0gu3UmKwGyIWs2fD+e{eG$0@JPAJ6*e$*7C8tj={q_9oIr%N<i3}C8>$Bu
zaz8-fYJ6l@r($EtJvSJpzV0W9LWlb7I=-S29Ja`hb%=cIzMLxAJ;#vC_+HxjIC<ka
z_;z7;NO;eqcc7Dcr;c_O={^$H*Oz3Sx4HV-Xqv&@>!Q*@z?Xl)_GeL+X#2aGHIeLF
z>wOa*On0Ls?QV#l8_Xegua0{NY+EfpNsL4G^;-IHW&F+LFusKM#mmX2DWB$(wZok%
zQTaLIhf=6{@=em%kjdcTCw;gSJF)JC>l>VuY;7;|Sh0pZ0}A8S_)W|}Z{*C`{+-^y
z_7B((_c>?80xNbV{U_c#GhEM4f7kd5Se*H~H!|@qDBT^Z^Z3GaYx&P#|1SJ;T5IC~
zYg*KsU7+=~`QNnGs5iYJoWc6ir*unOD&$v*?+njejIumjZJ#meoH5<$Q@FoHXAH2#
z@3YUCICjFIw|rZhH@V<PmUSNZJG;$0uwdb6XxzyAfH9>N8`(73#3ylf`tfUU<0hxa
zt>APoI3vFjZ+bMjzZDBrbEi)R`Sj5@v|wY<T~||jd!rlB&&ua|qxb4<m*aE2lrykb
z2J$gB?q%4xS9^N5D4)oBY~0HKDE!kLT$Eug-$q-7oEs`%;OW&m10BHa$*-(jzp>Y<
zg83t(6Tn^HFc1DiL!zqtE_y)en+1~}-2E@ch`&r>*%8@!r$%4k`C0Hud!m8gQE2TG
z=)QgH{6!hi<{D_aZ(>JYdn+5-Lp_yMVk@?w8PD-7-KB63eA!mRH|yZY7=7=JzwRv(
zPG~J6oWp;4pFJ?*zF^B}=nZm_cwxy#@bcVwmbr~Q>eI9i|Ll2wrHgsK*_mhA#bpOo
zyo)>E5#bzjm<3P%W#(ITf8PDX`JTnxXud^vHQ(RnIkI!2Ezf|Hx9}{Tt7t+n?b^b_
zWBjowe2?N|%5tpp!qCPw?D220_R=@C?X<R6u#UCdsWX*#H*>CvhWwnfLVLpxejXhz
z`AB-*tk74V!B34G5jPXBQLDO)Py6E{-c|mg&7a1%MDV>o#F?SBj&Me}cNm0;3%o$^
z>fB(h!<-xE^K9#>c^4czmuJC_oz>7Y={m`$YUo+*m+)m6&ijU*b)r*4)$dMZ8hD8+
z@IkW8&Ehpo{9LlhZPMZ`ncvL5O7U3pCoHoHvlm)LE!Cw(i;16{0DYSPeG6AN6)Uc}
z`3n3wdRwvPT=YH8fAU{W<{jPblzp1&zEqsz@!;F@P;v8g>Qg3}pLm{jdRfN&)ty;t
z=v683{J#dnfDRZ&00Vs3CRb*xWc|&vD+eM!y#gNOK);*%5zhnPkS7`*^9GQ{i#^zE
zWlyjkt-|zT{Hs5Hi1SM_k@ss=<=uI2*tUL-9G4aP#cuI5S)uK;<)iO?I<KJ<|8<(R
zTzs+aQdZduJRiCSA1-*4qc=cT!AE#x2Oq^tWrdb*?7+t`b=|Y+&<(_wW5<iIe!`_g
z@b5-%K83UDOX}wz;eFwf_}=z*r;uNR^6+;$bVUEEXIDpbt8E`_{B?ZG0?ONn_qDLQ
z^alUT93ksXqFm>@@43?g9*=+He(nLQ!QU%_kC*JqVa~n%6RO7ha=6FpQL704f1~ls
zfZqL{{7mR}Hpw5O*82zJ6G41`EbQD((VS#_GB)9pv1wTQ-4t2I9-j^j<FKs=o@QWh
z;W>lfWysvV=PVnZo{i({ZbOfP--F<(#iwzt_pxH#OCeZvCxx-UbB_ERcw~PU-;lHL
zKZ^y6<XFLjT~z)dUBdDSeInS9yW7t3m!f^(EiZJRp>M_}zLs*`F?JU952Ycau;#Dw
z`^S{Kb@i@jp!@8;%XhlY>C>pc8C$2`{WZUDp<KR_qOa~d?{qrX`cY4G7QL9Ev%Pqh
zjZ|$U^INp;an7|<(YiQx$wXTB8PB41!fChPQ{nb+H=G=|BWfGmuIXpv_SAm(9{dfs
z{Vwl!h1=g@j4o`N(=s3P#vD$dTymq%wFo?pTc?Jz!{ldy7u!jjTEjfe8EbYvbtSvH
zb;s~q=b`&-&bLnU{=C{?-fOzq^FECFn)3~moAc$b%=udCCC>Rzc-EY|eHvd3#^XLW
z0e>2NsK)TP-qpHx;^UT4uCvlTCl~Rob5d*Po|7GP$v!8)ov?N~CtdoXGj2Zb|08GI
zOy2M6jGIAuHu81}=ZNU(4d7`aU9YqCdz*X-biEhyuMZwpw7}J8K)W5iy<-cxs8`_X
zz9;Jc?=|xBz|cjMBWG-haNf(_ptbs9JIdiQFjPuAsy__c=bjHUI3GIB20QNR+&6SS
zq=(L-?iGwd{L4?#&BVRFQ|kGpdy?F%?-Jfiq|rl}o6a<vHLKU%osvU*_;y6#mGqnQ
zf_TG>P(HF&AKq)PgAHE#k&UbDJZ)}y88~@}cGUhe>&a8VTv&R~ZI64M4)I(6|IGP6
zihWFd^rMec%fTtTKLt0%*UCS*8Gg5g4}951bZFaimOWJLudXgGn__ME_x{)7W^4hH
zbN$?}SvJ?&o<%%jTyb9LmBM?FXT07(aH4njXy`IB^QHl^3GivbkM<+v=hudn#v)_L
zk+j1Kv~s77?p!Y8{|!4myFcJe)*aB5JYP7>3LMPs9$bW+T(<^Ud4wm}#P1k68??9n
zAlt%hZ!kg`G&Ht<gd;zX1J{g=!Pi>xI`CB6^3{#sbZiOUBqt`3`yFR<mZbT(i#>_E
zfRS0KE54wm8U4T4;dy8KWB<-v)_V6KzfOxbdrP@vF74j%n5yv+-ZwS{=;Dv5vyZV$
zSNAPqAF7CPcK1dyYp(VtrCD2aw&t@x^3i`!fbZFWY}ia6MqfSB9~*A;==Q#l&bsui
z(*uw6vG>Nv$+j+OyV)CqLJv@`cC8z+DRgRMAND-Gt2X36@gQ~41-;?!i)ugn;@+_i
z&y;C&LAMcWCq8_(({5~p6Jto*-x5ASmmBZ4{Y@$ie%ZG5HTc<azHdrCoE2!|JP+oM
z32H9oH{Ihm%-smtF(osk6;kgFH>RuwoZUq{neJ)Vz3h|vTk~~atdY+*r=i>EAFZ2#
zY~ZxD*4u6OZq_EzcK<ctNVIcbpy#K*XUpfrt9K=zi`O}$CBCBm_3s5mH|xQd26#W#
zY?{FX_RSkNs-JGVHHQ7rmIKV^x6B=^_nWqL?`5s`jbg<K2<E!#q3}!7qG9&Da>A+)
z-Q9YSezsO$8C9O6rY`i!i=gp(ua^HM>!+A`wPk&saf<g)EMhmx-{zcYGP<%8?~hsc
zj_`9@)WYU>h&q+BSFvVC$t$ci%emEFvqO4@Mr`K%Igd57^(AT2mpt08FJVnweM!TD
zBGzSaR63LPb=l*rOD=kogmszSX<go>uf%nEOV7^zwH9`eF4tuzG@!4wy#DohC$0;5
zAr-48dNxbz!kTDq(dBX{?tHTzFCaezy;F@0J~I{lO@gjt0lJO_Ug<iB`S4~qx{j+H
zUB}gqt|P<IbzJS}I<7IgjtyPN;EB2p`RNKr(4Q>d>b*MpHa_dUSpTkc9nBZovYgR(
zp!-t&tI>_<-U-3w2L~2wo~k?UrT78Qy1&B3kB4}6bwSz(4c>my#v}19_fw93D60{f
zcfP5U8Jfqp@=B(2J~SaSzvalxO^(cbSoM*aZ>OHhBr}VbvA7GhkTUl!%WR(&TcA4^
zE&Q^*_y&L@dEC3c7#b`+dWe0!m{`ME$=3V=?2ePTt6FDd3U^bNrCQtFvt<@~C_iy;
zWn=VR&AIaZ;<6jSt+{F3Ma23#`1IL((m75oJd|bUkrHlS1Uz*k?hkICdZ$_MVY$|{
z3FJ@NHynHE==nkA7Q1;Y_o*X$yhPnR;q)Iz1s0JL+(Lfz?eil;5aR*tvZ+h%$U*O$
zw@<kU(hI}ux*K}6id<KUsn1#XqI{AcjWl2j<=o1tt}4#!Yx||=gG<OAk0Jv-+93lC
zGBVH}`u=k_{8u~ZU3(1e-$U=7h@438k~9y@jrO?a<v6w%m)<o(zq;I4UeE4k+UZR1
z{M-@X(!1q1e39Pe=}yO||2BHJ6*};@(7V@U*K%~5iS(|C@{`fKTi-sB-nn#)v*qJ|
zl#Ug3n(v=!eiP<<t(kB89_~}ov0wH%H61I|d^>dP7u+lRe}#^{1N{|Udh&0iW0{@k
z*tMFc1Ufd2=R`VoCC?q}-a*GEQ!Y9tKIBq<i+)Wz3H_2jUG!@_^<4TT`d7rW=vZj<
z{e~`B+2Hwz`9T5_$otvB*Nvv0IUh&a=i^8{JLjW(@kL+Ops#*{_lnjLzss`)zh>{5
zL80G}TPuR>Fp0S5ndmY;KhUixnOL-ZVxJcg`z(EM+}ph<0-vk3-Ukmn71|a#;KbZK
z?T_`L&wczaefDEd5c3Od${t#AunM_pCNa<Xig|{XB;(r=sqR+9C$Nb4XU>~w{ON8*
z@p!*r{1NzA+BSXg|Nh)=ftCHRA^gy>V=S>^ZP?Qi{g6K9c|Y%nU&Z&JAfo!Ko%-u&
zPxU7{_o8n0$Nt2#;W5awA>Ya{&+c4Z$o#<To{)RPJiBtB<L9CFnrZ76_G!DH2Re1*
zFVQsC@Tza6cKCTP7X^C^ubUQnf$~PlfeCHM-^}pMv{B0Y@|h67yOX;6jv5*8jU4Fw
z&XMrC=Uw3Ny7HUI3_bUXc-^6)P1H>sXUG|+<O`j-8tcC&jMb%4RUgH-tfu^X;F-&B
ztx`SsE%D7&L+p2-OnCPl=E<C4oZFERzM!pR`(1I+dp)te;(>=oKYb^e7~mq43n5&+
z7`-mGDtNG`fJHuf+woUjNSn3XN%bi*VFl&2+)a8vWt-7stM4@CslJ+fouprvPP;EQ
z5Tj$abDdsOC%sRGtz+k%cHIFy$t=@0cYd38heW?^+PyJ47oF^u>Kl!3toDS~KArKb
zmd+HL-xJ*Vvb@yV{RA>>T^D?=?tG~;yz7a+4{dMRew?-58@Y3QXmm3DNsijjN4WXa
zAn-C*IAWI_KtB5+ISyoJxFSeyEHkGz4_MU?{q|@dcbtEdd`aAQ#T>cw+7K@aw&W%U
zn@6WG&x5$9)1J3c&b<A#IZHXkoSoKb&IbK2&)L(R=Ij{xiQW0poL#0lOFMDSN~P<*
z!p4omQ~l;HAA=k4%89t~#?u|R5vIP28;7QnkBEK_O+?QPF0@_hC%=oG8{(gZ3wJr=
z3e(4-ORd;%=r568@8ntg%iWg^dUoiwd(W6feByS>kAG(C#V=(oPQ?p~PwmVL8r?JW
zdf=tD?pd*4b&lS-7QHk2n=bgj48#9TrN4h6PDwn&r|2m}&!G=S*G$j=a^bXS0Qer)
zy^hE;=Tg5v<z3a6E=cwNmHKlf)3N{0q<&kLKPLM0ZQir^xcz*E-#^uUfWEk8HHL23
zvHf#tNB!hw+q@$(=}GHWI(0?c1jDy@R-b+8L;Wt{a~_{gaGSc<Id$cyQ9_;TO}(yR
z`g*5+COhv=J;ggEo!%MmyrVN)IPQ*Jd-_zko^c9X&!bJ@`k~YQcW`~{9>;&(!S%OT
zi?Mu!FQRQ4Ll!hg^H2{z=8oyNMxWgwFCHhCv*EM)NS{3|`YF$M(vEOTcQhSl4P-~C
zL;l<B$bWT?{3rgY7XIl2wc*HrweU~PJd1y-M{nWwdl;X`uIPGx->&_49%OuTXy1Jw
znHk=zw8(wVldWY6{;|}Fz<0Elr#t$7co5mJBk(Zpe=aUZ;Aa|vQT$9Dcg-qx`BywY
zM*UOG)n<(op0q5(o~vhhewueQR~z{KW#($F+DMqIpYYsyt}?Q^o~ucjUC-4R=4w4~
zxZ`yBWbqz9pnaFdx$?f~UlrxjMYq4hS?BTs^Z8G_0DknR<O8nySqH7J?ZgL2htb|P
z``@Lxx10cvt)J3=H+F)@@K4w!Y?y{brx}=TjACQ^U*RM6zj-1bQAmG+p_*}sUb<r$
z#IyKs_c>2~iBH>piEddUKX@kX=zY;ZGbYBWb;+T;V_ocd@blkb$`kdInLO7VpWc*=
zpUk4;DNQ&NkM*6zkMcRjAU{eMjzm1@c0zx)yrlk)lgC$ZoeUR_@V{_j3^w;u@q};w
z`^j<P&$MwOTpjrEKm6C#JiOZ_TpjrEhJovUkFUI`6FzLAzv<YnZiYvcY^nX8qWB-=
z!RA}-_@C61#Q%s#n0}J@pAGm*2UD%{g3#6$bgr%*-;V#uXpjF%LO*_jpJ>}z_=yt#
z<8$m@=&B{}{I`*J28Vt?xpErT(QY#^s%`15Wc!++_@9xo_uxD1#Q$`(uUMGDp;D*)
zD%z0`D0=@*@|T!VnyB|z{7+`+j$M+4i2tE(0r;0s%#Qk1`>w66w6o3b<57W`4(#jE
zy(Yqb4doWJM{Nk^uG?|oq#e~ygmGOLFkbAycoB7l??(1v4JGf)!v`YnO*y6QPUot8
zKV&b~?{DyKB5!$?@Hm0D%+qrx-codKIOW=FFD|$9%gLAI$B(OSW@zjS#MMkxTuonm
zX8Ykg+aDj=0r=9U5m%GWT`k@KcWduf-f`W_wtb?fJ?CfkAnTJHbfZD<>DwmEMJI_J
zH*%3R&E(b?c7EU`%j!3Be&xNBlT(+pamNcz$sxZd`|UNX?Xd4BBP-eWwY=LiX?e~>
zYpjJH^f%n^B;BnKyiVrhJB-~aRuY45q%UMWhgC?%vfq1&_pIU8d91@5!|v>8??uXM
z{nl8Y^r>t51{Q%s$_=_N*W%su&^^CCzM`tY_7{y%b`1Tz{PpV+`t}hgB-?EUaR)x^
zb-w%E_cKCQok5<kp8nX@vB>tR+CQ1C;q&mp!6vEoa_<ZB7hoq#$SKoE`?66pj*o|Z
zep>rDex&hVXpjGg2{4%PdrD*Z-ECNo64${!AO(jRgJ8<%Q$x<$;KQEiQh1dT_RFy1
z3GMAZM7tG*C!dEg%tJV*V;<hc-e}>A^X&u}e8fqeY#!F-AhR(K6=%c$q{;?L95MT6
zR|@xE^jY@i<Wa;_JoC!IkxL&gZ(0Ar!P&hw&LOVnCB^!1*H5Tsj8(tr>}BQh=bicR
zGjmvrqUOh~ZSiqdQQc1RojB|DmHp_Sa?$lmo<J{f2k>p5K0g>=&?6Yf78{Ru3r4uJ
zI*wnm<oZP4)^vPZYq(3OuF$HlI{3hz(Y)*HmCk)XJ%Uw79^4~aZh^{tlvUFXZ72^I
zxEgE3hBL(a{4vQih04`Al6>*#)O0^~I0e0RF1~a4=da15&vlmsl`D_^HVr#NEbm{f
zXfyWZGkCXc40qXj(qG=jeWKh?7$`XQz@C@Rvg&=5r5r1LTzQf5xeF$RJNBmcu4%ns
z;i{FNvTw`c5A4Z1+p6~;dSH(S7)1jl+v+YD_3>_>flK!E8N5XIANhW0Md8QHIpN-C
z{AmyJWzOgkJj599raj?)HtjU$UK}hOf-M(#C&uE_+Mq{*?-%5woMhm8aL?iqE_@~J
z@GVHyJ%DyT&(CR3`8=Dbr(B-D!=9H2-=37gOa7ZYo`UUO@_2TJZI57ky<6~8=KJo$
zaRXbFHtN_P!omOKw@U|f=T&DM++Xbp9LQB1P)6w1KgaQ@^~Xe;6t7XCv9eZwqKz<f
zZ=PlA=UF^s7+$v)z0t3jOX)$&z`y1V8|I{7LvnGjWsh}lA`TAdgoCfrR&(!%%L_hO
zR^G(>i$-mn^V03$Ffn$`#MrgmiXL?xadzOa;+58VfsOfpFCc#Yo6$U@%fVj_SjC%d
z7pxBLu0v-f+j4~eO#XQEOw;G*M>*pH^5b2IpJ_ui|Fid`gNoxzP=_AQPyMIW&N}i=
zk0kCF9MRoZwYlTbFP*+Eh^{Jvze@^vxCPgGU^)vPPqbu$r&r5tzSp3`o$TqgSaGn6
zh#T~ov2B=B=N*La?4WH8QwJ65-8Jk_jpvnp@fDJJzD(U6)IGvJjy&#<Hcu}Brt1ph
zY2;(&+{owrm}TVl>!aUg47%S^aco!9wrI?ieAi-k)?D3@FjqdxwSQ)S`<IbdY%zJo
zg3QTC@`}m-UhistG&dEzml)@GBhQPV#rZo<3lw;;nUM#o2EWYsbmA+aMJ<oBhYz8%
zW=)N+A>$U_RUNSD5%^x<(xgeWwU~2ga{p0*$+T62{(DiMW##cJ?6#WIJol=-IDRCF
zZT-w?OTI>KTj$f(inQp@wGX`fZr=yVU)%>fldJ*uTIi0ltWY^RGkk*!o1D4Sxv%r`
z2zZb~TkaW>H&?dB8?gU>Gn(nOihO&?S)OJ^Gxm6bE>5OX-^EGcnRLCH$3B#|T`>(F
zVJf^rIXuHR;2o|c-sTE&#M|*U7H9brs>irAj@{V5@|mAHKKT!v6|jg?8BSi}vQg}x
z4>rsh%NZTcwPNz84EL=XkAJ%HsiX{_b}Mj8X?%swLzCaFy3zP}D&JC-<Kwv~$%=XS
zKZ#F=eKTD+RImy-E@mDC)1CZo;Eoi*bwKoz_59cmF9|Iv9nCk-e!d&HJ7q0;=w_bl
zxIbkK{yo~;8Tdh^(N+$;h3>1`4<F_J-plX0QY(;Ua)D%pmNVvvlZ)zbb&p_#wby(q
zZc_J;Jl0*gsKzQ6)f=US@Fw&nyF%cSj$Bll7vfA<r>BaQYZD*MnC3)le%e1UCs#8M
zF5J%nx8^3_T`zwB3$Qn1k1*?1e`dh?m!0E>ebQJw9J{nxE6$Yc`&lb|syrW86(`~2
zY}Se~94-0#*Xpal@ZX#P=mA2>%(M2ZezP~m)sqjZMEHCm_J82}Ek2c^LBhuiDOWwg
zruXz)evQ)SXg@e@oL`HM{U)u89q(+~ypK9+^IFO?`r2*A_<axMxA4)s29}-p@F&1>
zqu$F!4x{eaRQtVFev4+QZ`Boi>t547N)JgMRheRj#M6tX(Q}RDdH5Rj;lhfHKkh2k
z=@`F>10PNMW`8G3$9a8p3Ux;Dar>%q`Z|Mp;uTb`yNPgUG`y<dP~LLs(RI&T5dL%~
zw8G-fxPiRm-q-p6u=nQiQCIi=|K~HqG7}cTBqRi62xv`$S{Jq`G(&I+xKI)Ig&^&{
z3E=gjxZu)kT>`;nB#H$q0os}wMXd%UT`m#2L}`0ftV?ez31~YIwX(@XmiawjpCy?L
z0hhMlU;pSI^O*U3<}B~?KJWA1&ilO2BxH<u=U({6nY1%Bp^uxLKKdr~p|ZnuR+aK!
zp{&MuTtb~2ojUP95I@L!`D)zpmw4^*>%J4gEZhk0^rUCW_9o8WwII{+A+M7xFGnT_
zZ<6;>+SY$T_H%S*^gW(crWl?jdEa6^+cH;iOMg;%@S!tGiTv$N>wRkEBlP3=CJ(le
zFTC$U_9LgIkY~UXnnDh|$Okpkl`}waTJoQ~oO$;>bxVAtNlr@clJrUs=&^q11?U0b
zq<%Jc?s+-q?6qx>%h^AVdL5k>Io(K~<i50Z+)?ar@JtN(_%QcRB<7cHR_s;PyA#4y
zGp%!ICNYpH#6WH+D<DtyuviJXt7r8x*OtN?i{XuP3XMkjR+T$dvRpY+72BdZ@fVRz
zYov2~*0&HlNsMG8aEDsgxOZEoMSk`GI0C*pa44KTkbtumbT0S)iA92cjWZtX%kSv<
ztDLpxKA^pf$L-VYX944=fLB&l3Li%3Lhw<G?XZBk;Oty@?^n@b(641r>E1i(K~X*z
zvA)Z=cdBf)87>`Uw9jL_3;KJlJ2&QXhGfq1<T9o08t&KFNxRZ-q}xnIw^7ba?!R3u
zI>UFpPT!jUYk<|t{fbUjy*ik`6gaBkH`Rrm=XA>PIe(pUdZ(D9a(vDg@hm@TnWKNq
zL;t8*>tB(|8L^qtJreLUiL%OdDLhJtnW$&iR)>egk$pk_8^?RiJNypc_{`W@Jnx-0
z75dYCV@2E>>aotV8t~{}@LvjYXzFdJhJx^A$+T+Thq1TB2jhQp=hu5@%hJjT!n5Y~
z0puOB^i|oeEySEDR;U|U`YN*Y)nr-POrM%((Y?!)#e3yb@bO=|!;{1O9>aU}VXYC-
z4|<Ve$`7+=rkty_iYZUPQB3b?n|=7PYEOJkYsBemtmyD>R^3VY)jcUQ3Z0EId!0TS
zocVj0`SZa)HCIJ^YmQr~r+W<3=~Mcu=JQXybLUv|`8Llg`=(QN9p`lu;d@p8)2F)@
ze(RJM|BxJT=kV9OPn^SzR=L#3AAbQq@%DzF3_@SZKyS)Ke;SM)m4&ZmNcd1y&k#1n
z>tXWvD~E-AE{YrWp-b+#_@mw1z1)3U#d=Nk5JzF;w^nKGWJX@%Jan`wm@oTFcf*Nx
zT80oGPQQ}jxo1oW<vKd)RAS!L#?GalJFRw}!PedmZ*toD-B!CTw~eK=QCDTYwnk+v
zy(J^^JkPf(-?5kTbok2?`IGMqV_h!sbk*=0Ke2R*vD*+I4{sVAb6{V;^D@t!<Ygs(
z+4EYR)Ay)%yY_n<{l0MX9pU{|9`d{oX=^&um~j`eB_%f+p|goEiK5ffUMPzglQi(N
zocNNV=x7<)Mkuqw2#IgJxtcrQs9T<)m};G;8Wib0-O2qA4&2=T_#rxS|5tluw@GKG
zJavSZrAe?|0&LNdh50)!B=*(Gy;MXDN6ty`I@<lznV)#PXBb~bdvp_as?*lC*=FcP
zk5StWZ(InyMv+$m?t`d99=ms}7I0rdcXzCwPQUUWwNO`bQvT0&bjm!z!~DB*_7y#!
ze1R2n7^K}4^T_=EJBju1&FY%pzopVx+u|vo*s8I!R=&MNda==HKW9X)Krd~F&Km_c
zviS4D?Q!9zZU@{a8|??TVA~)o1IWilVx3w7P2}-s9mRWx3pm%_l3G4dcL>SHW99Tm
z9%#&VPXCO^^#$=|_#e@ki9@=NJ@f6#=|9-c>AxNS5&!*14{%Mt7OuYl%zpqj3)e|7
z|1a+o<=keKLwB^=FZld8`Gwm)bvtmvIf56}KD1@c<+Nb?^E|g)i%%N*ab?HTdgscH
z%fQ!V*pyNBOL;#T`j9VH?+o($-^x43etgx(y-FXTr$wH*JA5kk-|(tmPFRVY`hYgV
zRaeL42T&Z(2dPH;hqroSAHr8TuOE}|^CNi6Q}B?r{$OJh`TP9`J>ea<7IFsu%2>)%
zJ;FOv(O>WB72a_iI5_AH2guzYAa}p=_V*=ke?Ri}pJo~fdHXYB_W+yD=Wk)3rvW`p
zu^BH}J}f(jonnE+vy1W7KTHn0+r;0k``Od2_2S+oyTLPv^)e{ZMBSGY{H@=hea&HK
z4m-|Wlf&)?-YbXQ!wEU;uI8Pc!|p2b_79F-&a?QN=0Q0kF6Frnzl}Qw7xV1SL0uKL
zF}{@`GVTK2@11rnJpCGY`_=IHtKjulVjEw<{WHBgWcTkWXZaq;L7fL)bMZY`@*Dqy
zCA(MRJDP36r+eaq=oxDfox?lozUIho_<IXyB)^F4euq8{^n+*kmMyN_(^lV?+I<(f
zeIKCjP4u1GJGNtXZ@X`JSjFGb_fP4wmAO#=5Aa)Km0w^pdtQFqFYs*c^*uty6zt5G
zUYanXUvRBuXI^Wx2cE^w9EF|PR58KR7ak>CupX}eJK%W)7=GcvGne0jA(vd&l9MUu
z_kzy{J{A)rDL9ZH`8yxN2Yfth>qSq#3&VuJ1BTn^_c36Qev<}2*V)BHy=tj=JZt|s
zaFni?0d$kgsB>R8W!E`npP=mJgY2?Jlzm2JH+8k4b)Hf2N{><Y;eK}6iIl|-OpDI$
zTJ|!P<$O{|Feu+AFq}!*i+OMDOCxs#bG6!mCe?<X*YIuGxX%AM#4qUoA3Og`KI1>{
z7;htMZY1x9!#{4PFFor#s@l4gZ^<{SADz9Vok_ggiyYKDj7Ce23bv!!wzFuni)~BY
zy~xgMd9SvMq)*bW&V8%Rz3_djU1Y|w+PyHjUFz*cww<ST*Elj6U3L=Bd(Uy&L{1#5
z&9TXCQg1J^;dHf`ARA8MS@a>EB-<=U&)~q)M;*B!o-~5@b@1t8e%DoH#D?+Q0N+i+
zUS9{_Rh<pw{|}M_;05^XAZ%;hwf%zlBYB*aJ9;1dH5;FRY^Hj6uyiTydr800zL)m7
zn0w2Q(2MrnJuvwZbeH!F@LhxVZo4JqZLTAC=z-T%)@h%6&y-80fw|wu`v!cD4cKzk
zBaX~zwFCRD8a-dIyZgQRecvlx`Sy0&arw4zw3TNUM~Qs<9qWB+WY<rnqw8)<GrSKu
zxObX2d}y-r1NtI4+-sZn!(dqXb=^Dfa?&f7m$IK7J(>MMuMxW8MeafYX5a8&yJ<{X
zyAQc|=<Z43YH|xyc#O4sr%l#9WVRf@_iTL7KXh7Nd|3f`lErgc!KdI;T!nb$xqNFc
zUva~!<OsmW`7CzXv)La^YA;-`@ux>-Q|5T)rGQ*>tB{qdzlwJjkEM;X6580te_wln
zyAa%VI&uxCM=o{hXl<&l+8)Qd=lLkVl-?!&CwhE}kNR5!-cCUW`z+kara2b=`h!2w
zvq3H&*@%yD-+}s6AFaTXStI#6nYpp?>f%zoM(_y-vh!8G7}#7K>}GylJPHSg)^(4A
z0ZyI7aehMGTbyy0GS1ygbUyWe!h6tL4>9NLRX?kJQf%sHb5AO?c#<&y8x(yCe@uIh
zz7LyWt-q2%@?90YDcxZY`qiPkH`cFs`EbUc|3Ph5b9Oed?UAn?&iFNL`<6_KnaH-`
zM&Qk1yi2}A+ZqFV-r{}6iJh=p?{f?7vEWnE+-M#3OISz6*wSU(2_EFX-n?IcExiDq
ztg(t8%eIlPQ8;yZa1*+ke2<Iby)B;6{;I936;s#Nhtnbp@bB#5y~eY5TIapi)4<o?
z3;&<3c5Pmn2>)BW|1$8ud=&UMIq;8g<|T0)KY#UbM&i7z=Q-|`ztMxv=tXzzfezUd
zU9uPcf!_EBjF8KN_7P9<32RBQJMs}|-t7C%JMUp$!@S>xA53e2c-DrX_dg#ut{UFo
z7=QX{KI1FHbia2!^T3|(Yv*vkx7PSKtU1bRJHQ&5&3}th{<!>{*Rq^@zVEi~Vjc$_
zUCCX{es3_p&-1}>3VX(<Vh1b6XFa)guXgTYUQPY$XnPcG?uS>uNN&5Ra|d$^{{_q}
zYv0cA|KswURaq+n=8(1u&gt)9AFKO2k2Bj|;=biJXk;pVxp#iAC!R_E!JW?C%%kSo
zcYe=8p16Cal3jx1Dr8<OHl)tSo*g%9gWSWcJ$eg1><|~ea^UlsLl+As`1&zn%I3ak
z!8EfIrg53je|IpwlmwGv3)Zu4T$s{<sScR54|FB}u@8wYu05kPCr@#D<R<Q{PreuY
zkIZjj!oA?<vgS(U2U~bIdz#D@bG8%PZ;DBN9=`p2pH2HSxjVdwInv$XGn4KPFY4y*
z@Ktp-O{tE`i`Nc;cHF+2xx-7o3qSWYC-+whJUI)`vG%P6&lKRw?a5qPZKdoqX^VWD
zizUleda~L!G6$kVx9w<qeBBQ8<!Weh2sG)w&*A-c-WNFZlm|Uc`BB!2IrLY=zPWI<
zpD|~n$NShrFM*FKC&S)p7qGU@XN{f5T056DHyJyv5czETSha7Wb*24d=^@eC_$JAF
zBp-1Jx{iE^o5@QoAENaP4g7{@$(~<X->H#5uRpx(Kag36?*18lnDphLPcQ4a2YU(Z
z6$Xuv;VYjWbJnxHr{Ifxhx(FN#WxsXl_@L41_EaJ-~#8wmkk28t?Xkek5{Ib-|SZk
zU(M`QHvSkt$Z8}13iP;s;Ig?8Kbf^BnH9O2c8k2h=M>}ig2x-KhsVmNA|HzKVBd7u
ztQB6Bx2a(6*zu+G8@SW}-p;$gKmE^1;OSTOP2QPr*5PBT%g1-;3FeE>)XQE54}xEO
zT<@eulpzPpEu5r99t9^y!-qd77%qC~+pp(Ld2V<0i7)S-YWg={cxdv{oiE(?`keoJ
zVRz)F|J(h_3m@*j^WKydMGv*??gQ`99F-BvLXO)R^SH<R)F}_We&31V-4{Rf%iW8p
zpG*B*%ICG0Z8>#H%Wj>!okP4$f!Pne){I<zM)mT+%x{6$*OtRMZ(r~7>BGx>D^3Jn
z!EcX4`3=$|Io}Sh&*J}#%d%GJPQm8y8tk16iv09!_H23YyUe%3s9=A#(g=N6%^u=u
z!Eg>`cWh%0&Ga^W@Z_@!M4s~W*?g0kQuB1hb?g7;NvWCIs+@EwZ68$(UH`Pn-96@?
zCwycM<81y9CTut~F}%S%Ar?RMwQ#&55UZ<rcS1|W;}f1{&+a3hH}GEfqF2Bh7hDkx
z@25TK^LKm&e+&1SPhwq(&&ZdO_`U)j(E!gAy>>UhY5#jTqs-FHQzK3AxaZO1Z-uW(
z|9A66xjvY(qxfLF;7~po*#N?$c-iyV0*BZSlr8YQ<Aaec5aXSEFx|l-T2tMtPbNkU
zTU~qaUgTRdbf@{p-#@kk|NVmP@6(o-{`B7h_^Za)V(meuMq=og(jPv#(uA%();jcY
z_mgtt=Kd!1dg;(7cE3FTPrH3)`eq-r<NwXB-9F;T0;bu9|6xXS{$sEEe)E&vB}0F+
zyLo=g?gGQtwvkw|G~#M<`kFO^cHO&0{faJ@(q|3l*8E1F8lN$!M(3SRrH`BF<9GBi
zm-hS7{@i=}t?1|H?lFrt(x8ogD}2EJb<cps|GV(?*!|4uR_1wXwrSBxG3!3WyVEMK
zUH=Sp^ijo-^{08Rj}7<y3A#A}x_NBEX_eQ<3Jy;Q7kGxo3Mx;4R!)eW4xT@Tu1;q@
z3OvJNA6E>EoymOeHUqIUDrc_WRS{Ufn|r2rL4yO3)qk61ymn?U_Ru`X??f)m2zUmz
zRq=g%%4^HNzH#7+cbG5HTwh>kZ*9dKU=fYYacHj<o+KW$)9bfr&wXz|d$+=u>~ma_
zZ|RX6mfJS^EMztNa}He=GEd?+o9h4j_lKd4&S%ktOAF=j*uU5I_}lYcZI3?Fy4oHu
z!RJ1&?J>#W9R~K-7HA;R_IUR>%l3E>JMO{k1p8|j<-~6iZI8EjcbUUCr$V<|7BSAr
zvQItXeM4lQB1g~*r6-8y&OkS4MK)-yjD6R-hnzcP%*bf$_<g*WEZdhL%jz9jR);Lh
zq_28MmWhX_@hskbJl|Tos_W_^TBFLlY{|>XwmtiK<YoMKUFGEgp0zgHt?$&xK*mVC
zm1Tc_`kx-;rI-2d!8+|}+2Mm6dFk$rY0u=R)GfY-Jz->324hs2II?jgv22o!!fD)*
zk5S~~_s=J8ma<nm@-Ye>y7KV}+H&RNvPv^t4gc(vj~S649W-kT=8hX*y;^!%dZhA_
z__77kYmk>Ev?*O+@sB5kYv@C|x$fqe#okaQK7tnJ=zo~Ml^)5{^BC8;jBhe}K_T=#
ziCo1t9>q5{kBeJ0qqZeGM>A)Nr?`yz;(4N{X7;Gv|8cglSD7Ap3EN(KnLlD2?te3M
zPZDq?>n@K`CQ)~JlxNMwBi46%<Z0SU=97}o%?bR^mCt$bv^ns!SKw(W@Uz>Ix8jYP
zIU69llzisAwk4lG9Do1o_ibOl`_%h49U-4T9N$$wi*_$ZKJSAcY#?WoWPE-9^cn*m
zI{`RtnG%RB_5>UK@StXoe?^LEG?rI3O{j@X3M((=%5RzBmBa?D#0S$SY=)O$m$pGS
zebae|{&Qdd$+4Tr8GAqcuKx)}`vb=Z8;_f0G(HW^*P@@^Z{>^azjGG6?006r#X5tw
z!O08zG<jivx32Gs3m2XmTS+YTf-{5RuwWoR>`H9ka`IIue&Ie(-_2e4x!K3!=X2rb
z8_-8Ae$G4b^W*sb|C68JHa*C__kC()tC!>%;ZoLs%f}Uap7`G7<F(dVZQD-y;89}i
zkOAW3f3Wy?x@Et+eEjflkL2UxD>t5G$@XU@+xspS?fpEwA0NvnS9(}4_~Fo(v40n8
zJxgyBU4heuEAJ;SX}OV~Qy$D`O^jYOLTeLW;CI;*)Vi!R@^$~nDn7&%)QX3Ha%CZH
zi+}yn(ql_1?KM^1!x;StYwim4q7rmT*Uwpw-j?j={OxbM`Z;B{xa|~?UsLT2k{=|Y
z9ejgFwDZ%XcFL)DJ2-FPz1H+^@l|z)3*zs>+S|(|pP6uB5Qox)UeHB{IcV!IgV0}+
z^_H!yC*qOt&6tr=`tn)p$G4&w{v^Heg&T;&p<VfMTY$UyyTSFE|9VU3O}A{3gYYTc
z3H;`b+J_w!`Tk?%KmpIH15Jcxp*JpI?RAH9&H4K$+I-Fr?!?oir`9|Ctwc5!w%aYh
zrZ(;XFZ)@O3s|SJg;vtXaNxSV&<NS|r#ypck&B?exI=%%)VYJYvm9J51edn_OtQr$
zclGgpmY?#ypLEp~7I9Zx2C$0<tQ77>1jFg_kE469KYZ>|U;Lge^-d1G{=lMmU*CXC
zD?Yv)d`r%3hQGKrp5jAO4w$w3J?S-Ed;tDB?JrAKI5JmsUJDMZ8K=(Y2#4sx=uW;!
zHT6c)m-GqwN8SIo_Huos>5&Y0sOm^h2~$?{ZQqHM9%*>CJ3S>W@*B#jj@s3?U|7q$
zTt{vU2gl*>b>ewHe)JBT*TS<WvYN9hqS@Bo<XS>rb6-!W@T#$)R=(HFHbU=>#D+c2
zX#W}O)z=ivuV-C9d`&Q{z1~^O`HA!$rM~RcKtE3mUsk&h8^}M&$al+W-#DXK^O|A7
zx(+%~{W|7kRZ1|degylA^wXD^jDn%YEgC;}Ud*Uw&6a>iw@wA`MEk4m4_f;rmB95d
za#?e|f$!pN&_A$m<MXgrJjR}{{jQ(dnXhjAmJeEM_jG(U*^Zx;_Uho9X$JfMn{An_
zJ)Pn_bb&nE&$^cP3((o#K<*bK&&rTvLFznVmG9~=_5Sj3hQ?XPf3g9Ud%R*qu>E0Z
zrX0A>VJy`fgZa_J@zE9N4&^r*p{cx6UbaL(x8Qs=PD}{v*7aT2Y(CN#>yF1AL*-G%
zaE~*F+JrH{dm0jbq_@((V4v^6{)Z&ki6cD%_8|`JiS5W%D5kAhw68Jkon~6{M0*k0
z;92vIow{t6#aq%MpYU6}Ts)|l`yej0#vr`P7TH*TF>R?$Z0pb6-Yn*;cq96dgG0Bi
zvz@l&6X5`P`w>2(9^C0=1RI4{`F&s1`t~IGa{b0G59^|YIo;9AxHR9)T%5LWq4v+#
zX`fd6cDlo=9X}6an&I#B*7E$;49l-OnsRB3gFN873ei`h*n3*ri_n7#%*?sNv3YB0
zcQ5p{2>kG_Z8)+$*YqteAa+T<0VAb+`rF!jqnu(r6^ka`;4{(73^QbuS563=$Qm7B
zG&bE|HKFeQiU}`6=Ye8m4LrVhMDQ1y1NrAnbL8V!;v3xN8Tq)!H)2?Dc=oVgvSw}n
z;lfxBK3w?^74u&NoQgx@Ztoe@z#9PGI>sP)7m$On8hCkU!5c6$+SUN8-~Sf==8P4(
zpFZB-*roBx|4B~Jol)+}8=g6Qm~z8MKP`LSZ{$9%GdJ1jprU)u5!Bv6o2sMo(39|W
z>0t2P0pEeR<pWK@2f7#-VZQi1^JCS(RL{74=#<P6_5C}cAN<Vz#c9s`;Fq1DIda=-
zj>Xq~2%Pc<OTX|jZ-bqA%VFM{_s7@0&;J^m{PphGtor?YHR@aV?dtpN>hEc{^dQ@x
zC%zy$lio81Iu&22hWCmuNEbQRqFsBRRrvT3Hghsh%jse4QXA5jXTYEBy+bpCpJZpb
zCF9Z}e?n$yzHbAU(kFLV?`{1taoy%H<`M95mqs=)U!o7qk-^+>{$)m8@>*bD!zaA<
z;B3>trawwXM7_SvIoZw2(U*1^r&lk>25U1<uU%eXq_<55=ZSr4T{i$<Vi^zguJI<8
zlT7W(OC&qtU+|QigZFMBrq()hcs%Q(gt>>ewU=1>urD%^cTwh4dX46)U|~*7w6FcL
zD*D<<Uq#T5kGr<Y8J{1TarbWeuy<3&7>j^=33QZ8OtWHIi)lx;Vvs&gqWv=3*14$y
z+7xY^;(ufLq93KLm`AzA_{E6}Y)@fNri^vJk^gIGOYsj;ZwmSTgY9{o8Mu&s%bfc2
zs9&=-ZH3~UTUbYG=R?Zgzi@8s68Ogl-hPp_)LTpcmkbOxKEr3LdE8v$@n`gd4sW9T
zT<o^BrE_B{cOUQ6Mh(w%_$?oPHL=s`e}}hEWGl}uEU$pqi-2Vb_jRnKf3>OhKBDY1
z3+KhA(f^0u{*m9)?$h)?jlN&y6E_D~{r9K+|Dya7`u~0DyqHzaf$1rp7xVis^jE*|
z6sP~bk!?J?JlgR!S!aIU$F6Yq=?>t7>29A+XPpN>5G1Fh7ypa)ybbI8^gGxUSw{Ks
z`&r{!7r}AMuOZH5ew4d8_doaj<@wi^#2Vr6=a9c)C9$iOXRcVjn(+)rkC1--aLlYN
zKO7%ZMqW4VJCTztPci7${e;j%Ona{U=Q*o(`3Tx+wbt#R$oHsM$2x8@V&lY1T98B1
zp;jUjD#7JCaP!G!X1EpotfA7@i}=5meFXV2+FGEGC}Z&VD;z(Cm}=2#F1`&PZK#f9
z^tF_C%lO&X_16`KR}r7CJjhYXWTW4$M(5f-Qsq-4((nFC9ixf=Sfk1NF$Y}#lCvLk
zH2Emp-hp0*p5HL$s$e)1{3@Pb_%+5o+JWEN=awzse@#gYr$Iv$ols**fu=?=4((ko
z#7DE0v%MS7{QmN7;Cv@?U+?9c45n8vA1fRlijOJq4r-f(uU)v;ew5-C(c!^Q+7WHu
zL7Q=O&TVHtV$H{5r%mzFNwk?wo5jpaIrAc!E4!%>Tnm2T)YT(nGYioTWUtzM`e?Wi
zPc_(wP#pN)X3pfoUxlCaa%?huVyp2#?`N(P_lxfQE_-6w$cg(!gRT9d!IAB>k;8tG
z==t_aPq+jhiek=n&xH1iTKAi^tC&;4Dw`$1o)P=3wSx?7Xy~sVTMnLQ=}?BV2Y#3~
zMT2{&FPT<P%vTw9lWb1T)^T<cU6^%T%^Xz2&rI6#h|a)CIpaBr^(Xz@m1(k_Y~I{y
zBPHTWxZZ!JEpJrrUHTWipJ2lYkKOId36GCLQ_>H~>)udg1oNlV2g7N@jgTArvk<@D
z<>{5y-D@+wgWI-Ydvljjq?&s85gKCHU{Riv>Fh3OLglYG>-)=Z2S+K;x#&!A3a3{>
z7sBsyaN7iJv_KmvjK9Fko+x^b_BHeyzA(e*MW>(*^{c%T+kUj$SxkNQw?`Krh>yDy
zJj!pifN#~;v+5+%SmNH^v2w6mbcVk`cJejglX<r8Icx{7qBrHQ6)#|Kb7J5=Z>*j(
zI)UNrIl~h_1vj_<S7G@3BaF~>;&a|1ZOhJDv3wlkxC%Ze-9u+twI_LX0uChO%Dh9{
zsu;I?q58d%-$lX!@}Zp^BFYQjX5m3JYPVBF8}1tOQ&0VEqn^s=0FUTQ_5Mt~PuU9{
zOM8z1i{?Xg+WU}g^L#ylZl$lOzRJEyo<Py>UC`lK-XrNZn=*;?d)s%8M!#Ks!Uu1b
zt?_HiKPCT9Y^I6ds?!%X2)kfhhh5-_ya3Ei$+}R2UGOq`>Uc8)yWq|)c7b?K41AY>
zlN~8<E+7BrL5^K;XNO(j!I$2Qe$Z(bWXx3#1nJp(!Jlmx;EzF;*mgmtZ5I$j`#Sm5
zp^wJEb@;uZ3E2RyJ|{UMeeMe8Z)3Om{+-?E`<WL1we|gs4t>9YeJfkvx8YEHqOI@0
ziM~I`()YKbKWZG(_wj#q(f6CX(f6l5a(LP8@Ep}qdFlK7zBCg&S~@nk%;{F&AKyja
z2lv$Ps_zT$()WdXx2<G-KgxV$I`ff3U!D5?pf>4re!o37tNt<decR_5<J`UL^VB-k
z`d`lch%Y{ezvpPau^jlHVjo?<D>}g~$?-<tt0K20xO%%E@q0<JMw)lU8?n}A_=)!z
zN6d(PebPVn1B1r0DCO<t<6g^jVvX*wVvWv14%|wtQ5ZS$<a5C=4#JLDqjkg@UE#zU
zX+3As?pJA3w$Lha6Wt1JE=9jB0Ve6yCU(RQ#@T&rQF@zvJaf^P+}NT#k1^(9?nF==
z&m1SVX!9I9wkR9<pBP(orqyp|+erAc-~TrBmbv0x_{qaoypet0d)O!NA!2)^WBafd
z1?MbehTyzR{$>YG#VUOsIA<~kP7Ktz%h72*51c;w-p6{id1HEn&A?jYV0?`D(;n%C
z;3rY%Nc1%}R6-w{?7g{zH*@Fie|q6bJ>W?_@u&2%_UBwW`2@Xp|7XOf9iTnMr^!$7
z+3{)Vi>1$fgU<$HgATx(MKfW=r~RR8eA;MeX2utcPZJ;GAhE+gh|{3$qsOPE9fgMM
z__Ue?8p5s^<Hn~g{(|vo4>32$Z!12{f)5(8`CEEhIq-FjPdhqHvJ(VTBE4if^pXtI
zXT_)81Wa{Kd|D-QVWgE$zvkE2vgl(io~DUAnM;Sqw;MgmC&mvO;W)ZRvnRMvKJV!L
zo;#b^n|paRdvkruCvIhL4u5p}R`g2$@E+mK*e^Sf+kJ9)hfnjAev@Mt-PbdADtdaq
z)49_Wo34L}(YO{_w}f{$u{T%7U5@fKEOGYcR<fTa+PKfZdHGX6>9ZmQo34O!PED1+
zoKQZjd}8xy=$3^>ds9}^#I1*Wgts2<87{A^p3r<Y?=PX>!@a^Qujuqkxiac5`b><m
zdyhVBzI}JB2>Ipuq{e}l&l^|wNFlb5<6D}H-mLZD#@5L<G{j7I<jmbMpYD%keRlOL
zony(F68e{4NwJ(Wy?!f}PJSin*IF+dfmLh9g}0tNndMiiS1g^gesYKvRE*tUd7n)C
zpDka`hYy?wKR6e@Fqv37XHR>Ry{B!<nvBR*OYQyZ67B6klLvlf>*DR!H~at39A37(
z;>-DzE*So=?NbT>-{<iueHM=uE))Gs%^9|z=}vH10v}8CGp*s>vHVP;r@{D{8p&ZQ
zKht>PCtN>M3Vx=Uj-P1}`b(zQe}tc@hW6!WdKfyB-$Con-{+0x<6F}#Ii9m{eC%xW
z-=7W??=p1Xa9BE|bZ5Q)lsnq4qfhlyP2DKJAM^UGJ@%DOd)2fzbXVGnmEO#@AiPXt
z^e?<8_A>lXy8nLZ@#q{=CkOK{#Fm_bJuewP2K^wf2QnN#*3=7Rqh=wKe33r=CXMea
z-a)xC$~}b+vBA@~&BQkT0GiahHvCG}*kK<Kw{#QdXZ!QnVD_KeiXOZKSm&a*iZ4i3
zM}bFnR}Sm*0>(CY;e?pR7b92uZ&*vZKXVj)o<g5$doKO%%vhN<mwx|%ez3vQ2OTIY
zqW-VI{?YFP)bS0pdA4m2rAN%3i<bA>i%r<m7*oQyOQ`F%z27?|(p~#%8=u9DY~T|A
z)tM^)q+osuF>>n1^?m3Ji=P~y!jBL6S&w{h%XKM3EJ=T>t*l55dkb#)9C+i=%1gHp
ze8STra+&P}_8jaa&7-fhG^YNd$O!j2%QV^-g15cXj?GhAINPpR0rT(BOC+n3_1Hg@
z!-M`oddVWjm<wNBggzo&_OdUimq<5c6T;CAKT9t;nr>_BC5gIiqF&<awx2g{e%_u=
zy~KjALwD^?FF86)(n|zWcX~-OOrNEfTmVe2UUC)mCLh@7Uv}yx;+fc;woZbr9>-R1
zLSNCo)K;DYGuVS?pQN09sAI`{&8OsKkt6R*q1!Ja?{Dvr_i2&)e`wQLvb=Zuu;qQ4
zCGY3ZPb%v|@$*_IC7)B?yKN=Qd-wg(<h}Jj_N4k0UOIejR_wfNgk!JG+wgO0ZLNbZ
z)Z^#zADY>mhpv`#s892g<P+Y(`Mr9^As<WU`MvbW4}RXM9~46ydp6m&=`QOV|LR(D
zW|v`ySTTYLv4NZ5$0yoxF!&!fk2!Sy(lEAS-l4m;EbeEl(|*c@$hp2v@rU}A#~;!j
zO$p`t96E2Q_A_$Ns9C;paCO_*iu;zwM|r|;Vk0#lzH3XgkFl=lFL!NOMgQVsx&y?Q
znO>8UIjE*(4S9Z^B%Tc2R`F!w#eGd<VHx)%7xeRtU&8+JJkARQ?lsXbn<gv)52xbi
zF6IuW8gSaDAMpd|r7QhL`>7^z_V;=zw{b!r=YHfx>=)~P<dug#;gy`PYQtYX>nlO>
zOqy*i*o}%69%cA9pF*4RhXsfa4iE#O`0%NwiC&!2W;k);{dw=ki7O|IkN+8)bcGqG
znkhBUnAhF;5%6!lZ|L}~vyA-ztq9!tjCsTOn-9fDZw1D!z*txDC+>NEjJWgbWBrLG
z-f)QfKltuz4jbPJzZPt5PfiM#oW@y5eEwG46TbdAtTp01xVO+~M|M~_LxbS=9&qZ$
zK_0rBbCDhKkExNZL-4sd{CyGpxI6z>hL3nwkJ)Ch->dblIhBprQh8l$pXY?wH)#J3
z>=MNS313l<`I>ypF=C%(|Lh~~c?13j#bkXl!g$S&MOF+^dgPo3$eZ9zw_?~@C~wbw
zW+X=J`X#g*_1rKXc|Ure`oixNCH6W%e1Eap0*}&h6l<cq1m(m_C*~#i8ub+uFWT3A
zQEqHhqHpH!@xz?N`uMjW=IDNypYQtD^TR9yCgXGZVWxje>*1&21FYX8Vx+yDX9RUV
zQ2RgubWW|0L_MdDJ)0G@v(V9Vu7*z!Px9HxUssP#o{LR+Hg;&I|7CF7r_iqLe|cy5
z*?$=9`0Vbo^c>g!vIC!88$P?82|l|Q(aEoJe0Hm8`yAS4zbLJH|I6Su%bxJRgFkIB
z=P$CH^MOb6b!1rQ1C#wPFFNM~U0+9^W1J7X((>2oEL2A1Oy=a+{+A*6@Uooqfk%g_
zJO4{YlK;hpsXIOAMay4j!_*I$Ts>zxcr&;w@Y9#<xV?;^Y#jTH*dwQ6Yj)$qSjaq&
zNH{0h>BG1ymXqMa7)#p)oDIxje&j3XY*ZItc}_QH0}J8pq9@f+dHFB0I{X*3->v`R
z>@NNb(HgmblKdC!$wDilxl&92x+~V);lFrid6q+eIScQK`FL;pFS^o>RqvSo@veI>
z2duqTd+#L*9c%rt7A&8|@4>g^f!@h~{tD0Xn{JC7UN-mMFXy|+9Qv>AyZ9J+{Ll1V
zOaX@_%x$9YVgc{|nZAqbX#d~7i~o1Ni+BI_Z{G#JJuCMIx~+AF@pbscXZicS$ezlN
z@A>zhO5(npbc@6@{}Z9XW6Si!Gyg}E>6upS)jw)aB@>ujnf?vQ^nT^jdp33YF1qZe
zB=|1m&uh8AazZmUj&G>Z{!-;j6PmCe<<GG8RoGK84bR$U>`33~+Sl-ew_-=i*O9#c
z{_nkwW5voI+t*?10U43Emvs6rw72og4ffu~M(dmWpY?~A&A$7~=?4R{{<Zak=-_{@
zelQ6fChG_Dc=ylL4`$H*zx9LvclyDbAO2fENY)QtfnWS1^@GRn`nP^?Ed5{%H2ANk
z9}EB{S3e-mA<gJhKK)Mi5e|}1+Ksz7nvS6T4Oc&CLO<Ag7~O!q1Y-bk5X4&e6lXzh
zGR0c_J$ixs1z#rSp&%*dA-kKH2Os-|)xey_p5b`*KdQgL{)g=^xZCm<e1xwxIo?73
zf++9*(eVy$J{{=>(-+%%Koj#NKf&8SKD=z!!Y`)>^w0d))&u^M@z2!*3cz8q9xzAi
zfW45Tou&DEV;rW_{=fBr|95)88*TsA0}}KAD<48L{31TN2YFHY5L?xk7^{B7TJ<O9
z>NsLA2XIfLhjY#z{MMYa`?|49`4*dqcb!>e?2;cghkFJ5<nDN~?*p$#+n(Ot=d`uE
z`wkB-%(?IPyDub%zVE}f-8H9uxcftL_jC5~l_}iOx7h6Witg#-&b~+#zwrj_$_?zF
z?Va{@`khAqmjK7bz;h8X#TSNw&+=_>ALE1BLx+WKWFCt-tF)nv{8ZjRY$<!5(LLsK
zMVGhk-p796Qravd2SH96=lgo4S~)!~VE@-g%(!AgZ}s?A)Oo)aexADWx9UDH-Blo;
zYbrU=8rIwsUP*oJW0sQ_B)Z)Q?Wi(BsoVoFfsf8RXs@$&wGmRe7IJ$<Ift$KJ;~Qq
z#2p3H$*<?`N6xk6H*-fy_1dRzDdA3$_yO{*QMQ#fOMgaL#^ifxWXMMh$0F_<u+O)e
z5&FyD0nQe2k6AVHDb9TgarSAgy1=q+wh{UfGA_L4TVdJjx^qvy?3`IfXzb-icpUqx
z_1xQXI<T(y-Voafe&$^M@a{IgIm5d-H$Hjk+2m3ot}k>Ucq<^b(MQ}p@xxYbDj)x)
zkk@RcwTHcU`OZDYbCF2P?f`qg=dh=JfW3n<Z=be$@+y|}9%AA6qn~x|W&6Q(k=MWC
zE<Odlja`F)X%Mibn}auJ0NazmYM+D9{sVWf?lf!HUHi50PnnZDX<KK3QkXO4P;Ta2
zSadsgrjTo><t#fdak|0T2mV(Z>vT`XDE4DVaYk`Zyx|~lJgR+A&cC$tTXl=LTSfQ$
z?BiK&7@V!pIrKX3yAz)G&WtsXYhAQZ*WY(ZlvpvBwhZ>vQ-ODMn|+sH1NY~>M;mqE
zw0viryvO8H<M~pxRb{+(L7KI{Y^|+bchcAXxb^!Zeh;L5$!*m&h;7M9crIs;<V5!w
zSen?!8R|R>{wR9{`d|1^8}(irCsDp#oTP!1Uub;Lp_QxI!3i<P>y(q&Ag)S%voB3f
zpVY{2i4*yW#=?J`du*s<Y-^pd8G2@HVXM8=$V-$JK7Yis;3+w1<8zh%2cN^q&!}@k
z-Q~)1{fzc`#iQpqK4}#>hM0SUGi9$&h+BIh<>+ME$NoHddGCTAq^}y}oaoDMt#v!+
zL|P=Hj<aDsjR&{!Nz9Fv=hW!|ZdF(GG=O(Y_y~_xjJxk0woa9p*DXprzJZ10#vu01
zXIN+9eB|Tx8R)(D8?oW!PMJj9h|e^*i<3Nornz~he^HzCP|u;sTbBI7tZiY=n;9Q-
zZJkLg#owm<8pFxsYqfuBVY}iAbT-({abukqg-^Tz-ZegxoORiC1))z;$(1OWE}vxO
z)UBt@j`3baPUq_;SurtMqx~4GK^vPo+xR&9o-;xhLAxDw-lI;`uG306tqnWZpN*s6
z@XpJ-U)^rwyoqs0|1W0#N*IToi#RQE7Wn%)W#V2hGR7C)f1z@Aq##@RkSD=I4kurv
z5IpGo2j?gnginL>M|IG@;w3~gW5AW~VDXlK;hVdYI0(+R<b}=HIPqTMq-Lbt6I{B;
zlhQVsTzTO8LSIi~pzq$`Qt`w!<gz=FIB4sPm&eF2+h*qPopvGkoC+*D_sHExUauuz
zwj&4L;}adJ{Z2bxLph!I^IQb4jS>Ue!X1IF-i;HsRc)G}xrwqSwsYS_G54Fys;rn$
zg1r+}9`>qVO=zw9^@Ns6GgNXm@m0jq#N)(=#XWpXKHM=&?)4k*H`f+_*R!?+xK?n7
zjMg`DVyxzJ4{h%yZqxVuNy<mi@N{u}S>>l?54G^0`Pig(qor?XxKZ$C(W~eD!6+?`
z`B?ux;x9+im*`$|5FN=m`&e(gJ>XX^HMhOxU!uLAu*QdzW5wuuMraT;cOG+lE}x^F
zcbpkCexf;69>aa!9-LLS&u=KVu-4nm>+Cb)%AeK_%sCmx`2FOw$%3|aFwR`Y9>peA
z9<?dp;3i-`+W1FU<IW;?6Jzw-G+5;1B)y{&-!$}@m~*XYhn;h61Ls%oxDlC3ypQf@
zlpNLFj5<H%1D<^jJl6Vh=Hf!&s0S|VJnOOM12}BB23zxy<D7ZD&BK{jE9T8TPnaG#
z5qJV~$BeILE&0;L3(~AQ#l5^?>m6~s?mOkeDDKrGTwLi{TLyh4o~=ndYbic|2{{L}
ze}9pa8(|Q*jk5PF{EOC_dm10#hRuFEdX!5Wsf=$UwARFbpG|A&7Mvxt+0h<6Krx(d
zd-0j^WjB7o_B7U!YsdwE+u>zT@;P+(1}nG9%fRG=N94kPbK$vu@>Nws8-AbgWAo2L
zcfVwvZ~TE(uQR8*#wz(K9wYuOo?U|e*_Cf~=AqfqcsOGTZR~(vvuS@7{iHx&+#}LH
znYk?{?>TWW`GHn5U%WY}weiED<g5yyC(nG7weqS_J0?_tPN--5e1AgjZFE7w<V!E)
zypo-JOnD_z%)04w4dZyh7pOMEK7;(q+?f==&{)V_uZ{7`ym!X8a^F@4y5R~Vzio?=
zZwxM<eqW<?CNe(^{x!df(aB4HczKxk3GV6H;^S;_WX;#YoUMLs8+v4Bf1_5pGGyca
zfw4*ckqZymlpcxDmU3cM7X}-fxg*m(M}O$<^Wd4C_r;w-?s}auQ-3D;=?sn8IMd1<
zxp{Pa*;vLyT+nN+@X=o6V$=N9SIvy+zQOM9nR$u-$+6hwzE#~%UO+#Rd4AC^d`-Vg
z$W{0Pu=V9#3;gX~U>>V`FQJ`bl$Xp>IX&Obf0AQ**0^MQH&|m%i);oDDsvNMH1_YT
zMrKv%PPM_|gIkn4X9zN5D01rr&ZG6R<W?&=G+cS*3kDlY`Wj>86O+uEN$%F|7SA&|
ztL+J`x~w3qHM?rE@!I=5e+8UugGRQ~Co(6`Fng~x%wBwY^6A0H%g4jVTuUqtcc7L}
z97mlY1C83@+|ju`wJ4k{r()pu@x#cF&mpH=`Q*wgqsj~&Q$E3C?m$NE{(7g3ver_P
zjOxicmyG&+e4|rFH9LH0Pm+w<b;B2LPkKpNhpfMzdAkmq@>=Fm^8RY#LGAmJ9$COW
zHGC3tQE5!6;ti}vOP_<c?6GJhHBxBNNGEUDw*GL&o<3@GqjQ$JGyjv?Npso}zj51g
z>Fuiyy}h<x^wydG>36g#-sb0A$RcRl&{+`Ht$2r75ez##=2fHE8=B?vl*!Vq{NeqV
zNw?|)jrN5`ZQW`c_hgE%tkQj%(52{gH8dz1S57<K?|IKV_<{Y#=sMoV|7zC0M;X!9
z8mnAaJ*d~`q%W7QTsr$AdeGIML1Xj21Wkxv9F4}V`V#GRrLl{ku?xY!XkiNe3R|B%
zd@HoYM{{;1^NMWv*f@AXsFihW%Yvip#5X$gmd&^3%$_fgr4L`<jQ@lAN?!l2{wjU-
zF>(uh9zO8*%+ue<W9;gy-SGm?m%!_>=INvB|6X3uz20BT94+PZ(Tj&Oit)!7-}Z-I
za_7i753p~fbS!cOZ!&Co&3!D23-4Il$Y=IGroZ~GSu0%l&M0grH)yyRo91Eio=Wbl
zLtj+>(&5-Fb-jYN9f16nFXz_plB1N|Hrv(&^ILh|?lnS9!0<5b6(g%!d6vAmV5?cH
z{RYLi?;9z4>x^%gO?L_WMDpz=;()SyWQ5)t5MS0IPZMmqd6Yw^=&*S&<5_+!$#A_l
zo!{zPa<Z#_lot5~_VoGSth@6P*7%QtpXwz1lnX!PU$pRp4zAetpo5<VWT|B<IXKD#
zM=khql5uoV7aXNU4)d%tsNJ0b5RQ5#;pqOO;AmtLj#9oLjuwEUL$`pVO<L!D!uw~7
zKlg(__qY72vWr^r1BoxM=39JUYrTly;@PWbi%*+2pN`|}tO~@Q{7!sXkbAAAPrbu$
z>2Yf|8Lx>}JkXz?u{SYit9bWKez)KY^$pOOJnmA%rmn<}Em`s1*PB22>F%Oe|8IB6
z?C9<t#FY5%DO!<oX!_EkLq#>Ro5}Gsqf>@n0)M+0_(gB{V>j9S?MVKUjxJ-{%l91o
z=kuTcB}ewL_|LZMzBs>d?PZIfCFvr+{}S!VUcLt!xSP)r_6uv|v+S3fta?YWU#S0C
z_Dkanhcm9D4RrEnjR^(hL~&$Kl>tqXt8%jP>&o8|$ZPtGMK5D^j3l<c{qfi5%=!85
z$bv1q7iYf5Jq1&tj|-M6Z-ZzgrKo!PPP6Wo;n^uG;#Ke}WZVGi8{~~?#pjuwIWV-B
z+@}-i+lReW3eCL?%}s&kN})O5y;D~Bp||0*rMf=ai_)HPk8gz~8<XH04t+nW_Q`t?
z<sNUrkrMp=^r^Q#af@+MCk%gkzXOJkvwxcz+5!wifuW=aJh`Hu<)2gg!;Rr@a3^^l
zV@I}XPh;kriF%-5-ov_-KSh2N**EO@HcH>qeGO60*%p|_+#P(AA34R<0drWxx!?f1
z%PHgOC}a2W^YFo>d^>UPfY->On<st%{|)^QW5}Ql@o~+Kr@VYR{;0g`?D3Bd^f1nt
zgpZ<5xo@uGZZ^&i&p>X~{&;Ap8XFuR*qDv*|H1)1nOE}QP=7o1)ph}G%g%YxV>Eu7
z-vRtHH?p6jzR07qYqjJ1Kra}7IeudK3gzb*WaaG|6xp}VibZ?wHpibL`6vC=zDFoM
zvgbXswrtLr@r)_to<BO6kQ+v2^M=Ql_0&9xCckdeP9p9LdIaYS7o(5^26uVBO`lWH
zopN(iLM7D6_6OG*_idV3EdSfZ_fI!{##;H`G&jDWu@HMX-<=Qb(YiYND%PUA28((@
z581gP-=VF(dVK3ap2_<da{UI@^YGkIq#t(y$K#_*dl;|ko$BSz8W=M8&!641{Zszm
zMZ3eLH=H}nS_j7(%a0ffcY;2fd)t|vW2vymQq;e^>sZS1D}1~AvHX`cmQKDPob`cc
zTjQE#k1L8DY&}oP4e5+c;+UliThC^0Nccg{uoip~7jM@1i*rM(0!CvgV|3eTA^*5=
zk=uHFNM$rne$H|ll-2od7jLR}ty_;ihI3xg#i8)0dKM0;8>XD*X;mQDs9afH=ExaK
z#~cNd=7@eLQU8cJ0zSdy&+XYB;(yJNpS5YSuJYJxYvKHT;ou-SEdy^J?R|ImVJL5#
z+R(j?+2nLDVZCYXRAZ~jzry!AA9xVIXvS`|{PQJ4S%;~S>>T7ZYqpO6_KnnD0d^iR
zNRAG7e6>4Io)mu46MRm7n=W@eP=7f7JISXK=vBUsLTE|8_F~Q(SF;w%Sp#Ln;UKpy
ze_--G8mg=H>efG#`hsif<E|dpBfMvn!QF!<^J7F-^(hF8f3)JWeUvpDoz0z0lXYLa
z5o#n~tMpXWAJSj{IdGA8Z7A(Vz0NbVl_@x(8Q-e@p%P%L^KP9`+>7-(O8UgP*yDEW
zy4p~`_2AN~&%U499|3$VwA;&V7d=_~H7cueQSI%~&*27pJcBeIukO3+5#G;uI_|l1
z#?@lw&h%R2n+(4a4;+E-*X4oR;DI|BqkO<)+3#hKEkBVLW>~y1Bk~;mMVTw<Z2PJ>
zv&%lMy>DRWEPQsmS-TZpn25Kz33&UR=sp2&zgK$+czcECWW4PMXTn{lFAn^9ZC{+`
zYRfRY&F=8{>JMx@Hn{y91&>ehzwrJ`%G>(=k#rIF8VeK0rJTMlJuFKa*Q0KKqFd&v
zwwrN%5qfys8Aqkt?oq~ZmotusG>%QmFV!Qw4|=e2N<j<g*pi8n)*(itOXrgL<XUh4
zQvm<|Z1itvT=ahEu&rxLcFtsc^;I{F*E*`hk6G-(;f(LPgz-ImywO+<%`e5*ue0s@
zT$<lx)4ba0Zmzxw%xZgz+xAh$ILR5~)f(euo95dYV{B$GboSoZ8a{mHCNUh6)4JQy
zi_PlMJr{Wzx5iotooWpzN4M+*=>hH<(7w!gXANBG=mSxA--CVoUC(#s@!a3B2HZW3
zjL6@%X-{L^_(WVr5^&i!377rc@jAHl9~GBHjPC;cdgq7RU7SwtTn7VL2S>wge+Rd_
zf!$hfN5Sn*{?|J29EE;dJi0U_Txwk;j`ik*vA))~E8V>A_V0}K_dL7n{matLTaVdv
z^E0>Yqm1o&XKb4(AMAHzKK^r<7meN3ot}99$b9_p%RGa<cKJb0XPzt_!I9UZ>1z15
zt4Cbb2meNb4xqBqAzT?<&;RWA=0SrW7b4@;w|wLGgTGnG4v)dUy>VQqu*Lpw0{z)E
zof<ij-&&WCG8R|2zZ-b(vS2>)t`}^(SAE<)E504Lhr8PNw*0gBaIC$1qiLexZ$h5t
zu;(Mcy|1s)?)&(O=>_<M3w+4h{*@ET;ltG<j7A@2Ue;ch>EFDA_!`~qR!Xdm?shZC
zL1`NKj|;x{O!ivd)m;<z{URICkyhU-8EW4_{5H1AI(#5;@|G+AkE=f?-X|l!jO3K=
z4yZ%Fz)olnT638Zd677na^P4g8H*nB2EX6nTfW0f!Od98>0PbvZ9;EQzsg@2L~l&K
zgJu+ER|2Q<8BYS1Ch9Ff$2iIAD?Kui_H2IRB~Ggc@mf7uiwQhuljSF~@GSft0A@e<
z6P^Q{DKg3{CMbs3XW(0UpnQTqXf);$GqD%^EdY1AQ$+X_E;Sd*Gi=_QwxWf6KL?2M
z`UpS9%iM)hTu5FOr<{-f-5l;FIovhw?}76_;eS)kr*iTjDPQy;V37Xs*lfjb4Q*?J
z?^Pq0%Dqh!l}n<fclpFSMsRNy@dcIOCWfvRm~8x{l5)!b8<=VAx{>$3y91Yf3Vw>%
zBhF-xIF&YAX<sm&!(AQ1v0{FFyc=Ta3_~J6dhYPDm~1EZfe)}3|0!dOGGEFe<=)l0
zy49?WLI*SFjvrqF&Q0#h(^!<lH$uC*PbB+O@(|$H+0jmp2x0_M$bq6*t=aAI8OlfV
zGWzb`X`MXs)Bik=c{&%n8Gm61pUjB-W~d!!Bj2Ca!yWV|-?r#X&n}%Qw&=&eE}Btn
zQ62QK0l1r>uPEb4L#N(r(b}NM3o8yUTR~a({emQVD+YIpBh)?3rSLwZVrJ|C$}3-g
zlyQpQRM((Q(Ok9F@1RH>?b>l9{_wubBu|MUVJxyGq^oYjzvUYW9KemtZJ5PJcL=ST
zY`j(t-dY@AnAT4T|7|$HT^vciuy8lNFc0u{`ob=xZ|SZ0`MtIuY*n8!XD==-vTvk(
zw<dltPvmF&(Z!&hFB&sa_XT1``cI{gDs*jo|Loc1n33$OI(%Tye)c|o!hRevBk;**
zllSBLeTnv-hZcW!)8S=5<&%8xn|Nm`v?ac2@k}$-i9fXO#gtB>*v=Aog5o=MC*}y=
zDMxWm53?qny!)DOt&iW6ce|OK>3+k<otWu0#rQRJKjh}hnX#tIcPCs}5r_rJTeJ0B
z1>vog!(wmVNRCJR%~M%lt>lba%AKl<xnHsxnkzF?t^39Ia$kUWMHznkHfSFiHlrH4
ztwydEL$|H;shlf|oO)ZFy~4zpt+#)2<h^7~&N<!af7v+M*GKeh-x+G*oiQ1i$Q1XE
zbk-U?-MYKym-OkbL*+6m<2+`N|Ne*f+Sg8lw#9qI+lS*r`K&wApLNDiOkFF+E8$Lb
z$y4>Eb(nZZ#Tv$xd_Tu$!Trcl;C|47dqD!+bq<dZ?p?kBujz8Pdu0OL=m%*oocCD$
zbiGsK4&b$XH2>}I*f&jvKj(AYFY-(D6w%wi>ir^*0Uz?e;|`Le-!Jl0<bjFYPPz-z
zYu~Gg&BMNgecwnl-LUQ(`Gh>qCGh=XXc60|L4MP0aQ#_lBr?d4wf}fK4`d7)bMrv@
z$pcy7<bfn<GkG9Wj>rS)r+w`|eUJHd^FXGMxA7|SK+XY{BJx1C^WA<N_bfa2jXXkI
z_(#bNI5?vJ2J_$9$dj2)-p3;9XYEK^F_XNHEv$Qu$xn`tT*jQ^C3h(G(8C+Xz`OnU
ze~JGhm!hBCz=I>J;3;F#0rcDSONX*^FdqaLKWA^Qj@-`Gv{6JI)jdG2M%AsOANj{J
z7M>jwTruSRJMay)ga2%um6s8DR}WrQZxJ$6G_CsR3hh(KZx|Kcfz{1zSc1R7eIAS-
z?N_wtj(H*ZrE?f_mN{s##u-GWb~nyu#yQ#<=U!l5>5S7Puhp0?<COl97ST8>8K>d3
z$0<4Lj#G6tPU$>}<NT8|&QiwdXN-)uA<x2%?lJI3<}g;RbB)y=v+oOy+1=-J?>tS+
zZ}0Ni`;k3vY;s4gd-O7`WrJKdx^F-_=R|0{8K2%OKelteDYub)aoOpQEWeRlmZr}P
z*L%tvrDL@q>x<_>pB@80nRNKn2s&V`+SLBtZTPWd$6Q65_W!!C($1G|<-f)*7k{<o
z7jb${x&Qe7;bniDd!$@YoAN)d>OU!_I;&Yr>;r}hfPwXj47B}Dvsf?rz)=n@+4o@>
z5#=whru-bOKeO|WFLw=A!(02HLvqiul_PZ~dw{cfccH&|`JAwCMGbT}cj25^4Q-Y%
zhs-<oS{rGSiSt<B^LV}$8YE|3d(FbUnAYYi%=1)olWL8teIM;l<!&$Onr{13Xg`nk
zt0~{7UrLSI=squCVR#?(sQa3QvnMS4bbqf|Cc1%ahDTWgN9KzsZ<Pa&pPWFW$rmqp
z#9K;$QMuwrcjSs+5G(BoA7H#=_`c%0U^oDeSxvdY)KwhiI^e#XHB=8?bsv~;=H_Xa
z{GA2As3)${${o+zc#C%Gkj?HL63=Llmb+haoVNCXGqvS22a^Me`p7}IzR4PX3m%nN
ze<k&UoQ2UnY$fzloRDX7J#*zr$jS68+6s_+$p`E^$h{Ou%Dv?4Cil`f>~Ecqk$#mJ
zW14sm%CYYA@N+iEJ)5IBaqsnY&!gPUIg`1ZK`DdYnz;{d9=Q3CvnFdfYoZ)ui?Ho-
zu>o@_muH<v>C-mnjK#|f%zkax5Z6sk*M^y1Ut0;Wc169jtaB(Ak?UDHzIcgX*IhM3
zIghg7%AqTCSItIp`0r=l67Q;sLC1>qeFPq*oQKT`KCbb!r?W%3*lZ<N`c~-9nn4vt
zco8(8cxTOM=0f+>l%PjWp|8c*a2l6%uzBc;#pF+1QW=PqS3W+W?B0TKS;er}Ty)O>
zXK!lJMWut@hE1z{e+v@s#~ome!-uWj`M#LBl-(n~xdEM5`zO+mO3_Uhp_|I4Ivcp9
zn~niT_WX6tMdk9z)1Q%k+WmjF{+AjF^_D*<EpiU|7+jv358u(8!so2^htZ$--PlJz
zAFti^^ylHVtObYH_GHZ`^4j&#W-_lmM4O+7*Y0u3^#Rt}Ir3%L_YZWrBN6!^nUHM+
z+c!c(7N3UaZ>RjDJYPlr=VbmOd?fOhab~J@A4QpUA4O_J{Gn9$QT#4*#Uf}hci|l|
ze=lS(JZ3Mv;Sa>Zh{tTBobH{_86fcv;zX=FQQm;ph>w@yn-FiPws^}R%U^`O-cWAw
z7TZ_w=%0xlf;Z@%M)9Ui<ZE_$lkT!{?}{*?&st#F3!S)a%m0+v_8|UCY`el~TWf5u
z#UHxfDV2D?!vye!AMjbj$g<=ezQ1RE*;ygu(AH+rm-TFBg~%bjYl{9e%a`Z!|8R1<
z<{V0CeuccQDi_~m$1GTO5_6+{JJw*s4*WqW*pbB9TJc!hn4>B1jqP6fVzj5uc{(rW
z;hwP17e&#Fd}dlr335_4jRor_dmmbPSd-r!(Qi^;>fcYk)a3q_B=_goP>KC@r<2Gg
zmOdhSle~|D`zU=ZVy-ndyPxz3=P5T!=ZG@4`SexCI<&`@S|c0wYs}3f*oSX|qh{zL
zv98){_H@>tMg5kZ#yaliY~L^f89|)Ly2|S1C6BXDx$EACrT{};Pw3T5*_>O!T~)O0
zmMf)<%H~jR5wy7&IEDY*A8?l&@5(t_Fbdv1_nXFR+|&0^3hOC=uWC?54fjzEicCe1
z)*W9#_CTxYe~>Y##)Y-H|FBrI$JpG2&+HHEp*(`E%XrbZ6u+7pIjakfQ)`+n93QD;
zX;0q0oAnjWYlwCf7d7=qlPq1q?=#w`;ulOY&_5V!F)*j~42Hevsea%kukB_J<Id&T
z+N*^ZE&!G{I7cX+=icY{=e373%1doObig2=F7Y9v-M4r@^IT(>;<>~FTAAOsdAEvB
zS(o?TNXpZPGdA-+v3@}hV}1@XFuwHaEd0;&eTLC!#h~=%_W&c`muBQgd#}v$52%~&
z%jC{-qv>^j9d}b`-BgLUb<Jr!T5VBwEal{%mAtfg7yj)4xCo3l7IL|3W7?gxeU&F%
zcmKEX*M5i3cP9ky=@SkV8||ySfmnsb`_0I%Kbf`S1y&wo+O4Y!#P;^#oWc-e;oftA
z?OHRu3O}6YRrnerJ=u{ti7|{Nm6P&C_fd4`di3xd_7F<=F0uB4xg-9O!^?`fPorwB
zea<0AewfqXhdisC_JWI{^}BhN99T;ExL0xf8R3JQv@bT8eWNUBVF)pJJwq1nsj%WD
zniYp<>(~|#|A}O*_!i^(IJ$;2!078nd2Xoi^t{ljD&w{2NMaYf!(v}OoxAF|_gUk*
zZ%BMujBnoq=Z-IDUw#p=Ocn2gcNyLvOz?ANdCHjc+5=UA^?vZD@dem3(!G4u{m&oI
zILDSSK5UNsvav?H51gV;*w1<JE2kXe<ouhla39b6)gN~gZn(eq_;`O`tn7U3!iS8;
zvgw}uvTvn?%Puk6H+YAwSFHC2&U6Y-rNAY-CNF*I@>15Udp2a}$R6R1_{^~<@}Skw
zYR37%Vzc&ka;+9;;kRdPY@e+?QQOwI==<2beeHOJZwl7Ch_mi(j3)l{<Lsc$MAHW6
zQsBWM4>9lMBdEKdbKKt;9NGqt>CJft7aq;KV0y)~s4Gls%rH5zL)u^7$M;`>FS;g}
zzw_kDM~Rh4i|iV}7zD$?Geb8*>mTxL(Uq4N2F3)vhu&F+pWRD4PjG&{+n9^A$X4p9
zOo_8c_x@A(JLubb4xq>LtTCR<*bH>UwLGgI^`Uzko9JT!xzXyqH>?j#WUY=_nN?C~
zG_I?<A%>#a(BPdJTZvA(ZJ;q@C1=l8bKYEZR^1VMVCJU{FxG9IGkUzwfkX7ZNpOt9
z|B%`=(TDGlz9&A<eld4itt)08<hTDQWY(6zPj{eCzZ_Y-ySNZ~f)6Y9&Lr;c*YnX2
zpp|mwv<3M;<Wb6>j|~CsNN)Z(l{?ZogH!??sqLjcW8D;Ij;niio#Vox_8c$jXU}mq
z@mkprdP5_Kx4j=6e&!sHgr_sN(495M|MfZM_)dF{AI$!GdT0c5yg+l6FgJHObJGM&
znw#^TxiN?-o6PSBaf+P3|9I-5<3frjn?zh$c*zpt5X+~RBS#cR<|m%4oP9vWm}wq0
zcfy6vglJ5n1M!=gR$r-+>($4!YvD21upf3cJV!R`mFyMRXHMc}J;FMtuDNX9)qC6n
z=wa2^8g5L<3Dl1|F(rGedT3w4@-gWwto$!S{!cL_HZAx*?mhNi>Wls^9~5795_4nm
zaOe93zK8RXKSngH|Ek$1Pz=Ud^rQE(b@X2M`RH4=hW4?9M?Dw8pCs$`Tm1AS>glW%
za?*O2i0@(iCs@7#zP<dfJtWm@0AK74HB>wJk{+3Al}(Ebw7yd#xevpq9XYj+F}tz$
zl6jJ8c?ohVkRYRwb&Wn`ls~6?88wRg<xcV0{(v%g%YEq;%TGb}&&97peuu^=vZ;i;
z(UMbZM;3&4jOvtAx5&QeCeHq|WYj0Mwv77YlU-%hn>>qVTp9H`&%)_W%6AuQ*4@~J
z&o455jZtIMI5jrO-wD>Z&J8EWhke$#nw)X{Flk(MN#lCV8CL`4kMOZO^Xbl;^pvCN
zAO7Lp&uL!^{;vL@&w@SVz<yg2?DLagzsZ69JDL-3PxOX?;e$&>kE!f6_E5}TqcsOT
zjrmR3P1tJlXQ9tk69=JnQ<4=_o{9wdXM{Eqmyb*c7524x<0{2RHymg2#tS%WIg6OU
zmxkg8qRhjTsRl=-#|QHl@76icl)Sk&1oI0_V}5BNc`VH8tU2cg^A9e?uf{vS890+O
zomr(*gZVRgPBGJYUYs@O61$GyJi+?k{x9v!(kp;Z|4$F*AG-Te?tGx#Yl8VxO=CLw
zSn^WL!B%~{?aVXxPP>d828*)%=Fl_CC~NQ=yjXUe%@a633(V4e#tUcG8uo<ubAR<G
zSN1^9;>=8y5gN^!Q~8zmo4az*tHz*Hr(>^5=2hY&le|;R@#r4Lx)Z@;CAm}JCFuBp
zNT42nGd7IuxB}vowy}>deN}aDr0x!Ax<g)$H1glzzM*W|(A}wJ@bOdmZJljA&S;lC
zEq?39GrttE<Czy|Pu^o#FlsC=zumyuxH9;yThHaw&r`31PkXtC8ha`+XTVRWCq7O5
z=d;;A{A#EL7+0MTUnbkmAiksoxQdZ0frIGV*c{Q3j!uCu{<pO4>c;yyUwP>6!j2e8
zwev^vG^o7rSt7lJIvc1XxZheTx|P1~3GZPJgnMV6+Knbp$aipSGyaL61epU%ucbX~
z<Iv8@&}Yl2(5l%+NcU<-z}3Q2(GM<R-dq^q?Xo8lZ7H>F1QkbXG~D(e<<UFz`xbsL
zK$mFXw|HD?x_!R(Vc=Xqo9_F5&ie=So_w+k&_yhr939!pt)sP-AUD2ajg!0_DnFh3
z7~S&ucKIgCSD??T&m8L<b6Vt1mAxXN?8GC>p5c_eiL&A)KG_{3Cb8aZ`=gp~*TxeL
zWP{wOvXt>THpmTn2G(ZB264+@6~Vs-o{HJmzX&;9Ji-i3<y-SrWPNkD@i*}?o{L`{
zd>I3Sjq1Zdr?>34r1@02DC^-E^ZF`!!%^qe%e<B_2hC1j$@8mzk9bF)npes74!El9
zb4{OI*_U<R&pOjIXh5)WL)8iE$NFO9H0GvHzO_X@jK79$pKKlWQq%5xx4cj_Z2dOg
z)nNm@fGxCYjbdEVA~iQ)Pk3j>>Z^XRUUC875_X7pZHw2#$K+$IZHB+%li1=P0Np~n
z@`3uYja|9f*p|@sC^OhtL(KlXflb$NkK?6F1{%}3%W+Ok&m~#&_I+#1#ijGsuk`ep
zTl?#pthM9{xw!O{^}6d`Ivu`+kmu#mHPS;hKiu(S!J|A=8vpwi%s0far>y5zp3Awn
zcki@|(fOQwRaJIe2!7HBb&uHJ{^Rg6R~ORQ)E0EQPPurjcJMi?ujoUEm;ElG{bKgT
zgl~JE(<8s;Kb3oza<;zU1@Aq;J3bobCkK8ioVUP>+_f&;C#?5Z75^lD8JTRnru8nH
zs{Z7H@J`nIy{DM9<<Lb7<CJfunwVbs{Oy<_d+lrPliwYc-?SXTZ<6Tp^e+77dipPB
zO()adQQJ4X$^5Kq`@u82w11x3hYuvT&zwiz_j>abvr~xdwdIbF_`^U%^A_La=m9q$
z&whC-dVLymoeu5?**ZZm*r-@3@ISg4`xkpm^8Z!a{xw3Y|EqjDa~LX2F=~rl`}f>a
zLaVVeE`Yw2N88VN?>=GO!DQTW3cBee?g*^pPLl%umtODybqj%|`5~P>=$RKVd(PdA
z9K;7Ozt|W2^g!?0tUcsc*-w0LyVsMa{3=>MWfvOrTdI1mZK>+Trzf8td{|Fatfwm0
zQ<cG*DxbI*zNx(u;?d*-!(JGYm;T{BTjXaO3f&=x^W>vbyxQ4so3;DczxLuswPl`i
zcqw<z;Jo*F{}<}+!oO3Dt??GLRK$6$6fZso(_e#*u^Hago+?^p9oK%VA>|5a5a&@t
z$#;XXrtg-8Jtqaj^0C#jkN+mJdU(9|ICqc1XRU!i-ri|fFb9`27c-cX%ZO!|4xL`g
z*+g46amybhH}-Jmbg$O8)&}F704}wT`m&A^=iZ%n#*(MGucS`mSsvAQ>0}Ks%jUG}
zq(<&wtsqm!)+38c^MIfKxG$`x2p?_f2yzHmdzW^e0G+i<d_GnmZu^4i2KoSA_+cO~
ziroJ^ec7~|%9*nSn%&eR6s<Bsq7S2jyb~4Vov0x1L<M;#DnuIz^wFn$;?y2N{7#*|
zv6<|j67!K)gZ`^Mj65@?#t+TFck}1IWL(Og*W4Rlo_bfw8P!?2<S!^7XWR&zFXxxd
zH|Nh{Z^3;(n?0{S@RZ%)IxxwYzn^wb;XGRyI>$#m_qXhOlp<5-U^5PaSGSH-d&Vsn
z;<wUXb`ERhea0d>^|C*2(_tX*FPwL4d%y@!gAUbZIkf2NfNEpAQ%5%Sdz8&4J`kQf
zR(&a+atHFh6rY!3HdH@RKl=tWMLwMl8axOM9=iLo4%(A%&BXt$Iy%p@jk7Cl^f{L}
zdY$PB0RL?AuzVYMMTh@=e0-U5d#JqcQ15X&z=eK`-p~gu{q6#*&(z4w5a-93j{@dk
zGx!(%`b@3EK%SrVrFlqU9;Px6GdZ7F$UFqkD9`dS5AwMeG7tKHrZW%jd(A_NGY@LZ
z(mOUe`A=@nVvP-9tqo<(odDk(2H)!y@;Q8u^=$FIB61RR@Vzzo`!0d+@!i9JB;WI6
zGaQTWnfyPRvBcnKy6;<ZY^LFDtA<bA!@TRx)@{TAir+fED4XBX-$we~%lBV=9ro78
z+2g+&T8)j?*2k#DH}!1xMS)Nu{P(Xsw-UqqQkJRr4`weJ8<GrY<vqIltJ(9$hCGz}
zvsErL@?uiCx9oDyW*3u}l5$&ko&|hsDF-e-&i>(Gi%<NH_btG50=N)<_fES3TwV`O
zuLHN_Cb{_<Xo%b-n`}Q(F}~vz@6gTi7i~4*;Th!<qbHw7ta?v;)V=Zsn;A7ZX2#|r
ztiAS|dxrmbJ~8O5nVnuU^uBlT@*=P7zg}~H{li6BSHgo!xC88x-ogCe8^&niu9dsv
zpsmqYF;?kM(B%AYXBOV|Xpfayx?9fQ?|jAPj?05yu@ll>8H*nqo;{Ad#(tkMZrr_-
zwv>4@+SU+n{PMO*`N~tm`_b`U#;!i>ultOQnjOS8<w>sLgSn`udFjO!#=w=O#{9?`
zi?hniyt&|KhS3AMB&JjRU=1`#+=|v)q<MN_{yVor$6pP$Upvn7RnOP{#@0+@{*EVB
zW{om^DRtyoFh>`*8+8Li!wowR+MrUR{Pr06?9Gl2^fu;~Lob0o#{6t@bY9I^SN0C>
ziY{B3RchJ0{=8<!xbgyHmvW|UI?b4|m3@{ae80k2x3bStgMGQuJEX0MZ<V>pG}7Jz
z7je&!w&q>&8O@Bn30nX^;ut%AJ0r3mUFxG1X6}CGYTTRTYgjQU_kCz=KeA!?$MG?O
zCy%yrycsp6-i*yxr7zBkp4>CMiFJPfA5H6I&7m1Oz&!tDj}cP8iVxoguaJ!WEBHC+
z?UT3uG^19s*6<l)Ex3=z_Bn&Rn)rm}vs?tM{Zow5#KtwEZ^xQ8cIspBL)m|?)}sf8
zXB)45%Du!pp-)REgf~W?=oQ{cEWC1{?FSC^*UotM=9;zdGp}vlp?NzkS)Y-&pIn`P
zL~mS<KU?q%ZjHf({lo<LUDy`^dvSkbtl%H>X?%?E+J$#qW%Ca5xmr4t^<UppLzVb(
zKSh3%2Rm;;rdc~mymAk=^ZRj&2h|Vk%7bqFX8H6O<JwL;20WN{p3Q!0VCY8t(ox#6
z+ATlT+KYIP=VsY&#~I^H=>A@4F?l@hJfI(-FLutw<&38##Ta|r$;RkpTsyXQ2d=xr
z^W)%EIK1Xm>E8DI9}RzJJM&)rF|vZOiwA~J;w<W@u4DHU+hhM>H)9Vcjr~W?*nKD2
zV?UYs5FH&DH7TsQjxk=XABz^z3E0d}6As#s3pUpCTXRtKjxz_)T;g07USq>i*$o`u
zqhGa=I1iOBEPfl73*7eKwA=S3&GE+T?Dpq$)Bep#<DBcXU6f+CeJO2gOz4YgFTuA9
z26vSMGbukwa-ku`($}w5eR!>jjs8YP*Rlvuo1U6ZwPeB9-Lhu{8(&T;JB9x&dGp)8
zp^eCm^W3uO!N&igtYpPQj7P9t3~X8_nhW7v^RXJb7rd#!i=6t{m0M@o?SAaS`&FJN
zr3M?rw3%2gm-p6Ma9}-2<<1H=u1qQy;JsDPfpdt;Wds`^rkwnAf?+r7FtP39DU&Uj
z9Gt;}I&k*Ar1pFBUm_e{w=6ijC#mc~WM?8QF`lit0B7?lE1aDN&V(ZuU&57i-Ik1|
zi2?4L9S=SYa{87bQ?-9CIY1mmo{v1bP0VX6WnDh|KDyx^c-hOq#Q%9Ey^L{|eYY_#
z`hM23@91+|sm-fi>1Fe(Rg(KTfzXZcs{aK>&*69m_Ekd^JuqMnY4amXj@DPdYshs<
zUxG({)&Eb|zAES1eLds!)hau4!O+k)_*nye{q;~h<7jOUyxeZP8eRA=-qgINpY<NQ
zp_eg#Gcxi;;H&1IT^~9{F1kfE=NYyd>2r7TU-(<WrPZ&0r6%{KuWSz7TTzd!-t`hX
zylkA`)1TlhY3vH;#yK{e-*Mn%-k!~VaID3@7X#-nRPV*EbqZ(Mb?)rM<Ad4Ir^a?K
zb)Kb;=<SLmdb^$f66x(0o<;K?4C+dk^LU>~Yb7cN&2LL8cO&l;>FfrTgXZ6+oM`MR
z;B)Cqv?lrzo&6_kQns^na33G#T+n$6#g|IQk}pTPl<NypTi>TG*#M>Y<I{2d4D2^_
z=VvHF@5h(3>q%^)tMQ*>@8|79KeqF_naF8ubFa^`0RrgvtDv(A?(~q2UYH(VmQS2z
zfj6sdHL^cj`r&_@^A+diz8}H+9NuSQI|NQ<eGo4e@TShqqrdv;<7+&`|7<%HZ}9!?
zo-M29l*H8T0dm0ZWZa^Kvlv?xTJZI<_`khAy!b!LnOD9&&b(HLW`B8dXawt{H@L0E
zhLo)%|KH3v%-U_%Z~5TUB5`#1ET`Qf{43V{S#br}-(~i`$_G6=^!x|2-##t05qjB0
zJ?RK@nKSx(HoN@n&_-Zvv)-rXeUtal%!Ao?2146-|32^K8yI8FM>qZj_FEGD3mtPv
zog8NlWB17~=fs-aoQYmP82vsAJ%0!`(@^|$JwpdJ*>-m^KAB>CGR630it))5%jWjt
zn{j=e$Jutb8;>G;TXwf>?kUXuKhow_Zp~AOKj^Tz2iP{Z9~<}%Y~Y=<;fYTwcd;2h
z*lS8noP1oO?^4dP>Ybja42ZpW(BrS!p|VdHVYP|Q5E+ckzJNAF|NHrlbKbI^Jo6>8
z>4~wIEv(p+MZ|n~v4_LQP2?P(f3xyey$`Nr*S|+we?ix}j+|0W=(@_eth1RL;Y}X+
zRSSK}hPz5Ru=!81j;;6*qQqy^6Vq0og)f2qx=E~uYV_^EKx5Y;=G^?rqAcab&HWL6
zL2TGM`cykl{m`rpd#_(#FzMX+ZQ_6NmD9Bs8}^>CUhUNJPJV$Xd|J<n!;DY{KgV2?
z-x}lUSbT=y8bLj^c?PgGu}-qcOYOqD4gGl(@ArGMYE-8bdr0kW!>=a4?DmfF56)|6
z&ofHA%bUH7ftlF(0q@W@>D@2yi_Z{Wk)HktW6=B6z*p(bbnucHIbLfN|5Fihc0sdg
zVm-d=;tR^zgVI@^rio$v(6cURnuz_*|K$@)*_)b${g9ZO;$-E2R}P_R*Fn$MLf6+o
z-^4fEd=+*p@ePx0yH)dU)gwMhKDX|8pZ@RgZ6Ff|SZ$O0*;+rHd#;~cnaa9JvwW=b
zRec^mrhHX<9G<APqczhCKlx|*t7OYBfv()Oa|*vl0)u>2?|W_fP4r1U$(d8pjp{Wk
z){Avef(=Ss^Fpl=%?WEFUuT}SJN4y@cl}g%SbN_ym;-#C4o@<O(TPvC{hrC^E2Z<W
zM-5JV5g%}Af50RLNHS+Eey3{WDL$ZvbmTL07g@L3uN+eCX6fzY3%+g6m%pf>hdF<>
zzMG8s9?1^QIH|t&NawMC#fDH?!3XAiujI#2BQ?j2jaA;Lf_dir*{XMsIlls$^y%Gu
z#{8H0ZOf(9$Yao^+n?HeRL{T!orkuv#@FDdP&{s8{(JG>67Z(6l;9sz{7o5oq9s3;
zEs-3x;~ir&dr+?@G}NnOkEDqGLdEa<jyr$+C;0sB91eyRBV5lsh!<%d_Ao#5_^!v+
z5151IHgBxX%IH|Tw!eEjYwkVP;AY{`p2x9@ZMhCur0ca*y)?mI>s`xNv%X}X|AKlN
zhdYK#66%#W`@{A47bN%atIY2MZ9&J8MdHcd3O*z_nY)nA(hLXpOK7W&^HjfO9P>&`
z#^3iH^U@99M2_QEkseY5Y>Dr4c)z5=xO84=&UodN+~mo)unhl)%hTg!@O)y+=F)GS
zbYpnZ|3}@s$46OR`~S}~6JRDc$o+zv3)*G|#Bv8qn;~eM1h0UX+S4XLFG&WpSc?RU
zNkH4cpmh+7jXh1U?P+EZFD<m0)6*ZIZBH<YBIj7KrzK#|`R0Nb6eU3*zxU^PW?)D`
z+w=YYF6WPV&2!n$-fOS5_S$Q&z1G^y&B30_v6Z4jY8>}{vMkikbJ;c}%g@bOg#Mf+
zez$$>`uX<!<uby(l#{+Be6(}Uhv>lncJah7k;hYzqpC-^lK+xZxT1aQ9$XKRubHyQ
zr?Y2jTKiVd+51*C@KihJgj;hy`MJd_d)Y@nd!G@0o_o<<?ev@+HAClj=~}X?9h|DY
z9{vT>sQ~Q($06Fa;9w898#w-C!x4U;_rv$CJeF*7giDc0{TeIG<0dv&*==LAl#Nz;
zSmJqXw2kOtvFB~j&a&}(jOE2VFEtYVbDn9+e;b%pr{f`Cq||WuucfYT^dI9J&~2O%
zyboN~#PQrSf*-q-V$>y*VthAzk4*aA@Ml}($5}WrsQKrR);v#71Fsq3mEciz4KH7X
ze}Bv$n*D(7u{>Yo;X{^4|I;}`#8HxuQ+e3brtHvVtWA6gMkscVFZ9vf$dJW6cVSyB
zH;h@acWPJP{GTeb2s_}=b2=X>HFWapqnY={AXCziDd{0{Z&<m%PO;xBIb!Vz(3iSb
zSSOI{<d=@jfZ~dX<2c%lt@>9ZeX}BrU6orznfI}y6%yN^f6+e%yS^FvC3a5Mr|sE~
zv}8HmT{}~aqidn1_6bXOW6#v}2>W_BGB)IJ1*W@=eQtO3J<oQqf5y2=M<pZ5(eqX3
zZs7P9c-2_@09@;t^cTtocNRO3mUB&+eccN**0aJ%`^-)4BN%%N4D7h_`F9=-f%|OM
z_pg#~P-`74K8*5qOj}m?^vmX^54b<Z_sV~@o;u!#zWBLBwD+QQLx^WR=sA19k@_vZ
zm+sV#FH{Y7X+0B87C>Wkv)_om$F83b?r($!H$aQ)(L1igUT&WabrbIo!u$UndYuNA
zkE7T7Rv-TVPp?*R|M${s<1l(%avpkJ{rA!9)Za?4Im9!aZ@$*p(mXBShGWdr8Z*&+
zOW}>c!u&He2Oc~Q556n-WBkP&Bb^?7$@>n^d)asHb7Te3xfq|EA;4Z_5&PzQ;4|h?
zi_fOPXR)yt8+X5C4dTjqwB=xI-1%!~o^RakVcZoB8+Yg~`wk8pcl2}Nis-mgp2gU>
zv-F%b#?f~6QHl~6cT+U(vcs3h=s3lgrMdecWtz37h`zs!_s6+@pRz-B(`W94_cc~(
z*ju-8fBt#!W?;}9v4y$y@5TF6@Lq^qi{ZV8d8A+mdn}v*roFoVr*XIi+4WI4EJs(2
z$Kijx6den3I4mJ=P7H_t#`}02#`<F*TfcMxo?3DNo|1kmo?^{x@zjO%ka!v$hYq5L
z;^XB5a0=di4}D8~{`e9jI4jPlpkPZ${~_9leqS#d$NLZn_wo1Vt8Z;weeP2??C-?~
z>3^rbw7B{TcAo=Z<i7*o7vt)4pQ?_B?_=xx@5qrxXc;d@y5WcO$&t5s{y$ZYj6Kg7
zh?gT7!^Xh>8*-!=y#G&<BhT;sXgTsM?=K`r=3RiN7F~d+{&(dFw#cVla}-<KYQ@%`
zy|-g+t@}m8-dp$fd+E;l#rq^FcINKZ)0?M^G+zGZ<DOv5XBoXraYysN!8^^b1rHbl
ziXC*}&s>fDLhovMSIt^hvT1mkSgv8)?wuJrxmAAl_|!Q^$j|;v+>#5sb0$76iVbZn
z!(I`MU;4pU<gZ8$GHiU!*qxj0n52iSeHrwIH3i5>{=Xt$w3y#r@)XPNT#LU?GxOIv
z*2G%hY3=IG+SH=>Rjobod2i|aF)>NVVd<>L_^&v|T9!4S*1Uo9#*1Zy7f`QdqmITT
zUC({|I`t;-(G5(GS@DlI(`VV0F)?Br7TyI5__KUIHSg<NJ*&~Wm-Xe<(eDF%ueH_}
zn-ybmHV?G$CVXXpuWE4BjZW};;`gfOTe;e{$IlV+wQMAp8$9u{3;*dF%EZ6_xO)Gj
zdT%~Yz4%z3sTW`C8p@no?>~n=WS%=;?xA*aj=4Ugv#?~7v13x*i|}tX%^-e2mS3Y}
z^v;py%ypczSo7d0_91Lr)VGfso6wU6Bh)c#F1hhp2X`i#krHU<ahkzScyiBY4Sc1t
z!l~~W=*hHoHU1;m7Eho@x!E@uOAN4Y^!==bbHiVBUNqn%7hnbFZp~thWBWjdRGydI
z@Bwl)Vmo-c=o^<<Hr{{d9y_o1`Z1>B4xcU}=W`iz^h-RC`SQo|(|pKSICanO+eL5f
z*(e4}|BAti!P?B&s^#}<e&yI8^j<u$YqD?fx5|f1A3pzXv=0?!^eL0Gw~XMNRMs-!
z<6ppq^x*y9)t-bM5AeY)QGemJ;1m7Y;x%$uTX>jLHW&gQ9`K<U(?oE-9{dXL9&qwL
z^?$&xJ$2N;9-cSj_bzy<fv3%aCp$duJn&p>!IKq!6nJ9!L#%j)xwc*AF2<#4?XSC|
z{*;;FHQ=ne%(hp&Kh6k-hy{EC*m}nKh+&!&+VCge;MVB)t7gw&Exazf(;CKX5ja<D
z^CK@3f8a1?=^NJ|wi#?3D}YlulGJbE3%iAdtIXT}I!;MA5k6et#m0$p`WO~oVmM*1
zk6bmQ213G9;hZz$RPmW#jMC`O^xML(MWYOhMz5uaM#`6PHiqejqekZNSSh}H2pAsv
z@4|3p6o%i}Fg)angW*?E7$#eMa&E4)2|xPl+-{O9f+ft)15PU86Iauh2gbuEoNXG+
zB<EfweDWUs60fjNHCPL7!g0LP2wt+HFo_@3KN}{ScQ;xvoeN9idGPXauw+DG5g#i)
z+7B%2qOd4l!{S?Dd6&Gt8b{wc2Ns(~cSP~i_m0gY@wEEOKMFr*Wv)ddW6mt`iFixn
z1-r<g)sELU_?p$u*<89`u=@13f8QDXeqNMTF<JU7aJVMmJ5HWJ*-x;CVIOvf-4l$#
zx`d1G)IL=e_FUP@sumfR4c;^wH?mf+&bx47gX;s{c_~-ToQKV|5<3y`W?gGIPfxL-
zeUv-QdZr3LI3H^w)n#ILT<gf4k(5bJ2Q#UQ4X>@L^M2l6$~TE6<RYbx#pE67=le77
zvF#{^svkeI*t7oxt{k2vPnZ+(o5^SDx=L-CN&QLucQJo0F><FTCbQ>xVrctZqj0)%
zp04GY+ogOINdb488CuJ87cjYYj}H)ANPeXxt@rJI!n?}1ARp?4H0CCw;MEJ^&D}U>
zR;@|h<c284t}dMRYVTx>G3Ww@7@iI6aFX8!bBzAo&>;~z*meffvNPD<CWaF)HwKeD
zb3zT+9@c<|0?zMf<Ugrt&a8k@IAh+?s+kRDp??c)%_B!v(ofBh?`Xly`1-ZJgFgEb
zd8g-goZWfy_swOGpZd|S7v>hu4dvWACxq{;S92-(p8CZT>*0OH3aif9{5P-Bm?)f~
zzRcwQ2if@YQRWec;`fzjqrf{^dAe=8@r>Qfld{cmuXyr}CUB{o@cUJ4w<?$D%<HP)
z*NnY<E4D@HR1UTE<W->>{Nh*Qw_1nY`_W=&D3EOouAfK_75ozdi_PE>WWMY)%Bxa0
zX+ujT@;v~ID&vPXN02WMz_VSBoUUcmzX85g-5VHd0r+9VL^HIW+#Kp}HF&7L#7JL9
z?t%=bF>Cl-Y~^BEYtKc^^k)%eZP|Qv$T5xcm~OcWd*fX8I-_}FDC>iN4l*X4$THzf
zxpYq5^VfN%-PMW}CC@Fm4KZe7@rbtrYZm<Cf?syB$0a^dj!qZjHU}R5CH+#Ks$zUr
z58h@REoU5bM&l!u8`@+)<{zjd2ma53Ph;gDCkK|w*YG~Rd=a*%8z|q&oSJFnAtru~
z{LS?D=PTmk9#uE{>kDOT5=_edtTEldbLQlQHI8idsmZ^}wcaVdJigA`FHmP8b{p0C
zZ1g)1-|gwUXJeh_czg!F$*-U5Bgn4m`x~}xXflran~b3E{?cug{3~9d)XeVhreE$X
z-%R1GmRQj(JeO~X;CmK$WAMdbmtOVvwsTN945@2)JM7QGJ9b`~_<Y>bwN{MOe#Nih
z5fff<V55%eSx)#K8ez*EyvZ=TBB#q9Rt&2fp9RemrAh1hYoX0?WSn$0d@TmA1&7+>
zi}8wQ=-&P7Mv*u1)SQPCjguQo&Afiklyxmt?q*zB1~!&7HMh7=-Mhbbq_HE1*f!OZ
zOdZmZ<%5lX*HPAKA?@oROBc%a9?RX~>M}RIifwcS?TVJ#Bl`e3DIc)>Q)Le~W80L!
zP*&5LmJagY3NNbP{ysOH!1sE;jxlx@-%?lCLE5w1v2&WsmigB6CO$sd0sKG)wO7>R
z$c^S+x(Zy)1!ra8ZVvYR-&s1baQdxd=&fs|x0)dm1e3QVE`JR&&d!fypT7rRu=kJ=
z{#BBl&!e1mV2xxG`pF9V@H_nC|A0(8kVtGIvQc{{?Mv)^h!JlZn>at|p`vTbtXzt3
z-JqNoe0wo_bHoc6X6dWgp}lRCpL4yjX+(jM{yXwxxUw7PmpEOCYr$VZld*iUv58m?
z8#lz0guUpN2626YBZNLGSgL`=Rp^Tl8{#c{OL~P7{6}C`f8*uSAn_;ha!EcElHY=%
z5EvZMdwu@^-=DqD3`d}StnX^?<s-(X13dd*QN8z7uGQX)_nqE+^DVKxatHW#LWj8h
z^0ju{u;DhgHzyO*1pj`4-+*(3mpHEeV@~@lZ_y!VcWX;2dt6EIf!bF6huPC|O(NDA
z{1q5^{j%M%hkdjQejkdSv3+73;~%;91@h{#H#tkbb3Mobo%Jn0>)XipUCuk02H!S2
z##-M*&+zsh2H%_Ety0dHP`kb8`hDp6YPXd2{G6;7E51hM1c%lF+Eb{}TAFfqQhxz4
z4B9`7@$UGzKG-qf*>U~I?q9?hXiYT+g>&|b(J@53v$pmVU!Myf6R-W8J*TKmjrCZY
zH_@iPSqA<WVS|?*8Ouwh7?&b=PqZd)-{wV(Da}P6a9y(|>L);a^;OY2j$N-Y^K85C
zvC}!y3I4A79*@>X?BS<|)i)tpUu=JtIE#md$63JJf!JADYP)}Y$FkmW<}$^dpS;5f
zKPA9Vapzpat3yuLzW0bB_|Pf8MMqdMiVf(Ll2wI_$p+#gy1{>w*3S=pHrV}RXK?XY
zY&iVChu=(fF=ydgK6{toONh@mzA!3Nj$c?naTzNM796C$a>m;+{52FC`Cko2gxCV+
zt4wbmF~cfv$1=j7@J{y<$C>*C?%VK((pk$rbMY5IE_b5Kyxri7^q>=qKMl?Z(EHeP
z%1l*RH~UP|4T~;k?q#311iiU;e0eB~v-HTB76?n0qSF*jFcy9h_{2YY*Hy+IXtw2_
zcJ%%0jluWt##Tby{;}~!B*6Ud`PL;1+WB^fJQMvt9vLc0Gtw0QB3zxIPrdgTkuBuS
z%*8i_7?g)xzngn%L6WiWIQ^{u;NFdOj)tH2F2;71V2n;oFh}EPFq&A7aPQU;EL#|F
zpY{z}d%w)7Yc8|)UpXfiIkly1R&$aoFm{A5a#xOVC-g@43s+g;LVP9rXZQw%msUq%
zT@&B=FJnIm7%kWe^6u<o@0xyl`|e>sw_(hJi!RT7O!w>Xs~}&wrC*3nR{%rr71*jq
zC#3cuGt7(IuM=EF_iatZ&;O{0`Cs$?+^e@tEWR(4`jriBsbyC`K5@xKg{kYwA6>~<
zp4L<_u;kIU)FrnTPOO`qoLa`aM0^*^cvi-<O3Hb;ujF0jsZnf`8=2(996aYe{u|_Y
z9aI_bNv_?-p!Sn{rYP4U@{4i5gL{|!ZO|)y9}F$5{bXnUx}htkzrU(v-~{i6t~VmW
z?H{Q>HA;_fn!d<TDmgajs~g&Uc!d$^gXcbkKE2Pb%fAL%&1b#1Y_1WkT!b&F+qkhD
z8ok+Nh8}qT-i=45kW<%e_<5gn;U(x3@NhgG)#jU@9ueyMg)>C1m%-sQb>!GIB`29T
zp00V&bp~{8i=%58-}x9_hoI{&`g{@@m%&&oc#gFnWj`6ESBXVa_hSz`;a%PpBG+d)
z^V87_z2xzj(vHtk<}kidJVUI0i*Fe7;u*&7!b59`lf*7|4BkG>`NqAa*Lzg90A7-x
zKDvnJ9WVHqUIH$A=y%T*oRPQy`xs;MS7VK77p2)e*h3wqd?)`2ebWmM>c9LrK0VM=
z{-2BKoA_@M{ZSsRUVKFh;lZMdLm$C^?f;+fUoY@UwlJ3riVum)Kf{M@?+{BH<->2?
zWAot!`-s1V@js-G-;L{IBYkv7``F9anO0vipuD!?eeqwzv+y50v?ANMvk{(($*B+U
z%a)8fC|>4$&-KV6;(oO5WiH};%Fm;JevWzSYUZn}n78b?yLa52W&Ptjmug;nXFTH<
z9wkTd!kSC+(o4u~XUSspnI7jDZz6mDRZ)JbfS=~UPnYADu!XTcPve(yUcvaSPEAPN
z!1yj>Y&(&|_i2nHD{NW!lhke0u^}q!zIN4?iI?5?c<R3*>%Mx`PbdB!dG;1E>^fxK
zBgnenBiDY9T-%GR`YG>Hk!?Ta*-v@)B;_V@|0M6Oi^{r3kag$0N7g-ptW%kZ$ht?O
zvQ9P^{AU)r5{>04;7hpf1O7tf(;R*dWY35HYFaqexEsRvc`N1m@VQpm9_MJUrwBR5
zZ~QY2ArIdmFOP08le*?TQyQw|ehzE4Lh#fE{ZzN?2p(jr_}h1KXrccTdvJ!nV){+>
z9!sW5cha1F{Rul?O2Hc0YA<|tfpR^P*VEGTG&j5EYU~(C2S&B#%hr^U<cmmtxH61c
z3-BRvl{Q8~|I#|2_Wdu=7dLSpiSzK^bt8+Jdn;1pUuhi8XWlJ&W_^o`b<r0ad=I-)
z{@8+FXn!5wC^nA$0(fc^Jayqb%C1kAdlKQn64RAL9)zR<w=wC(sa9TesK0vukH|&r
zB5tL72DZbg12bfA&SOp2Ggo^SdExK#{t$aw(ygT<z6LFJHgGO9`9$>oLEdYhK-U4T
zPe!ksx$geFUB~^pE+yZPg_jI}4Y55TWXi)%BO)Kmp;aXvQQg+t$~9*N%~CGIH|AP;
z5_<jE@Kf01Ysl+T?j@#)=Pu~oa|i3*0%LIO&m2Jy^;`pvJ^<Dpa{3=*4m)`;A#|kQ
z2=x#f>oOZ7y;Vje5nOM@_k7)|_Kp<h7<{#tzc<bp^sG*P?AzFedeMWD#D~m5>obht
zwe_Bkq@2cx_@xwHCCAIcp}P%iECt>NfWQ4-!z0^&GkqfHW?v{ZGf-0N^SGdU@8`*R
zS6|Z6TT0G=15-LmkQ?8`m)^BHVL=u;P-JgOz{4}I+epXGc4JkZvAq2fW8t;z@oWnw
z1h*Q-m?vuMX8PU90r>$}n+30WoVhc4MjDe?UoY$fpZMYW-CV0J&w=)iQZvK<IJoVj
z&5HV3?p^-ELhgC*rj7;lCkBt&7Ce2-d6h3t4Q%4Nyw>nA-=#BOEjNhCC`iHYkN@`6
zoB(@#k%G&N<xh|=GLdy^c~NJ6J^k#to4M{{V@3=3ppUbf^MMik^a7_B-1LF3HTV(P
z^mqHMxs+$vjlFw_Kj;BA*MU$+K^*Mm^)=kP{l0v=FD1ZU0S?uV1>jV52=<<6Jx?&U
zH3xZ4UA5muzY9hflXjyYC?4Zv6*{BS<?ll;>EC))sDd#VgQXW*m)D0nj*QcoP4=$=
zcQw(rrGM)AHQ=oFzyyna*!|M56%M*-XUp0z52#J?>qV4N&V?A?I^kEvIP@c@;79NJ
zQQ#T=n~kk71TH6B>znDtm$H@k4e+#ZJU*0ueDginc;{Vgq<hIlR(ij=+}lLldat>>
zVl?~Olh)-|fs<v#x?6Z2ojXG~7OvO4c^1FIt6TRUf!9W8C>|M(R|}_ne=GQm(LCSG
z_m;r3HGM-<d*M0pl)G=p=D9CKd9G*Z9G)xUehIws7Q8WUuFJd3%%6Oa_3_rUK)&{v
zx0*)8?!VVBTWTWw@gOu#cBTd%U>$Jql=J8dyT9MkYNqygLz8d#Z=d-R<=%3R4i`95
z{65Cv5ysmCNhyIRul04j?VRWx8gbE`KH|p?nn`~B&!wFsv|mp9Nwkk%e`6~!VBfp3
zCapPN^I#2dutxGT{?e8a*K!RoBs!A=^MIih7}f(rm6>e8aJzr$%m;wsh%+T@wE+xa
zU<f271(pKCo6ZT|oxo5{+pXY8Fci}UYs-haky(dlG|tx=^GgHFD;d~*iAgKNu3hxQ
zD}#$!YeLhA$=Lg&i!~zUpQ4;>SF!Q(KI60%pZxHD3@toCj*s`gc~$5b{C6B(&67qx
zx~?g#_gv)VcZYl7`6HuzgGH~|e)uYP@*s9)ctx=jl9w*#oGGjG$F4$lxy<}7*F4GV
z{BYi8<^<?$Fb6bSc0yP9DxMiU%LuUcgRd1wRP=julVV%D;iK8S?}p#5)IaifruCl_
zp3c8=PQ3^0)zsCt_L6}~*1OE`71n=7_;UWQC0?~Hn!C!kkZ+>bpW#|-C)rShlR9uB
z{?U9P+(^bt)?4p^BcHl7zn}9QxH8Z8{FA=HRKWoLlKB^$KK7>sqv|+QFSeWn-mASc
z&ou7I^W06pPU)Zh`K(6H*%O>R8;Cv|!?Tal9b|u5oP$sKPdJB=7$Vt1H3xf5S67wk
z=wFO%|21|dmpQh}WoB>vZ7%C`u9e$75nF5n^ma`mXA|puxAD%#+)3+NzU>&>wbF`X
z$PND!a43J0a;)ZX&e@P7yWfFaV;`g6huytlwQ<yqOe*2JkNp7I?6vo#>*LrIZ{q$0
zbKxz{ivqHz4`Nf59exRLHM7Se+q`6EDQB7Jc{_DCKI^+yHt_Y%{D5rjmFQrK5%D#Z
zZo|fYl<^mo9bNWy>Ck%|83FPZb*Wz!PIq8E_7CRUqlsCzy?s0VU+l>2s=^2V1Bat4
zKzlKp@?F2fPYRpWt<K!QSo+t1P0+Rl=V3FJO>k`3PnlWHv4LNH%?Nd1lg><*?K?C4
zJ#h1-Xn%A0Ur&Duz@yb4&Os3lnxp+$+I!E&L^C;%LSNo;CWqVT%U=4jE!vlcsEqJ~
zAHSK{wShkP>BBYAK7_DC&*1C^oej5)GULtcF43;oOzA>DU-*RS?%DwS$+Xc5O={?4
zFZ-6#A3bJ9po+3rQ1)@2S5RgM-Bs`30KNx+?K<G{n<;?`es6RA4l=5neT^~D>}_D&
z#l8mcTKgJ1fmL?(rR-}6h6%v<W9T6m>HBt{>9BJAd%&B{phKr!C>*Z?Zk-P^wP{n!
z5cR&nbMZg}JRm;pfsU<QJ9G{1d*O%Sv{c@3*{nZGXBGeS!9O*Q#6WMlZ=>JZr%4P~
zgYymG93HaxXULJ*Zz5y+nX9xHc>i0R3w+W@D<#g}O<YRJ>X8|Vuhk5AzM7xzG2HW#
z*fXvz+S5{Dy8G0BkGbo0Pui~63-erFt-H{Tmm9#2?m*5_*_DlHt_0gA=c25OvIg^r
z%4&}Vylg-FJkNfP-TIv8Bkc0pv$MW4WEZ$Ny=3V{Q(P{?6MI%mJe^5SeFr)9^}bo}
zm1mXs1$VMhA1kMK<$5>5nCwb8`~8{c<|XGm4<Vn?=cb%fcKOBWt`T<KXX<rRA8qO0
z4UF@!>-nEa2zuSVjT_KIm!XGlaHj+s(Lo&vzK9_|By<AfHD_?cW;0XIkl8O=&z{H&
zewSzLpVvEB7dbP@$3yvK)%lr;!3{sXNb8$BCF3unj;mIi3!2C~XPit6*7Kc7UDec8
ztokRE1n-JI>&8ZFJxiDoyyNV%cMMlb(9b>ZAF|qi=#t>qxo=bqQgcr5D_j?_mtOEG
zBT~SAXF)apKK`5er_a2bW%(CY>wjdZU?tB^x<du!lsTDi?S04F%*`8Y|GnOe$h&l%
z?ByBZ|Khr4F}g47ziRe<eDKC9@=I4^Yi%ea#+CbT>Yltk4OiOtcj%ry?}mxSU?cBi
zw)NUabT*D{XBR!R?y7b;f}_YaUj3{YB)86{YWA#8Me~Q6H^%l<oT20Brt$HI?qqu}
z;25&30{ie{_M;^GBpYLU2*=TJV{vPYoy@z_u|Fgkkv}91%=mycmt<`wuxeiF#@<Js
zUFygVkLFo-2KU&Fi6Moru~Rr){ymH>tu@3?CGg+QRh|yzgg$KTqu6aD$2Lg^8sdB5
zW`gQU;-30-U&8(Q;1fQe>pRMEIeor;7Er97T{;UkR!20y<)`jFy*Vqc?&@LrEmQRl
zTzrCZoN3SA-+A^Co?~8!=Kn4s*Jy$1@NZ+j#P1^5yM(;H@b(|zHSM#?c5u_TeGlLI
z?bQ#zS~)S8M~vc?{En}f5|rN3oZc9b?K^iIu}{d#I&}YLc)~Dq1MC6LYG%(~^%k)I
z(!*M+m;MwmR*IeLT6$>9p7*l6Pko<#$0fF3sNU<$xH**3d2#B`&z(b?GiXnBC10>E
z?Hy)$fA}$VwNjVbs?i=+j&E=`IhO@nyL{Y$?>F3YUJg8au5HWWDW`otx^y`4vA(Ne
zos%8CuVJ1n;oi!(KpR#W#XYKiY)X2M9G)Sb{mp7<Mf+Q#?du#4OHYf|+fEK#!Se&&
zTi<aXd$0Q*Y*W?v-YPG*>I+fd$DJn~qkFmJc8W3e3&?ljG#{FZ9<N$-x6c4l?Dtrn
zzY49TZ!Kj_*vz?o6|7gA9emFkquF6ZT<G})BMR<p#J;EVj@D6T7PbbL+s)p$tA7{k
zyBW^L$iKiBkB-h!91(QS4Yw#BAH2kPqU;==$nkp5L&rsNJaKuHjy+NQmVjTuqP1+T
zX-xa0=27rl5r<#l^J?y6<tk1LP1RXDiTFhYim`*T9t{yk6hJ>f=ZP$1EscKRFJ?V=
zZT&K?-B!-E-%@uoeUS~JW?*RQI_mHY3~gUe9q2ZG*#Xv5M-p;F^;}!O)v5=5WZ~sj
zJuZJ6`ybcTkMCFyzDnx7=iu~7i~m0Q>}m1vNAcHXQT}qr^*_cx!h4LrOx}MKe+`lk
zTl|$K{(8=i3;$TTochsn`2g#q^U38WX=}J#4ypZ^T&7;v-yxT0BP(L^RC4(DstX>7
z$>nFc|2Vn)@(mv^m!JRk>CI2Y)jeD;x9c5pY!~Hh96CaS*ye`&3-pd7e?7W_=qkS_
z*+O!D;s_342b{%N-0{j4!I)o*XnF9ob9pCrqeOIW6JBd}m;oni{nC@pqtkai+M>AN
zgUID>_^z+6W~Q6<zSh%Krqi-HOlQ51-vHy$I`7PT?IXzHagxJxth^$U!$omp?gj^A
zmiOh@ysiCz`lUU-7!C)juA*O>f6v{&SAW_Wrxu?vPQ_2F!G-ErL><=iIQggh*clIB
zuyB_dUQYSpxfzrz`<J-`Gya`<U2Uiz7gOG{d2^l5^#<nhBjhqX=t%a5nCF_oQ$J-J
zu+1*L+OTYIz1*)yK3(_Xguu(}H*TQJQRf)%o6a=v7564AcnLk|DE8$WYnOLSPBhZ1
z^4Tw8jggXSOnDKT3-(;<AMHo(Ed0i8PjwWaH)yPnS@{jFNBi5ju32?O#~qY?k@_V&
zce;%`n<#%xN^&58y(Nh{maSg>@U^weI-bOCauECJ9Nuq5Z=6SrGq#?H>>^2>CD=uh
ztb7F%sOuH*e~?_<0p7cTsSenet_pXwB8LP+@=9`bV?!#$@3dx>w<GDbk`A^1Cf`}O
zVIHt>!(RDO;pO!S9TPrhbZ8!zU8OI*aek7!asCnBUCzA=zIz*;`)$*h{1R=F8$6iS
zd3m7KOzUsNf9@e{)2S(A0xtpEyU5}yd<b@>&tE0nEL!#Rj#4AVg3DaFi0gC<H_KK{
z?wHJ6qHmN>oc*CYcd?J6f31lQfrCl!tlpmv{?n*?(#XaLxuDbKS1TNqL8B^TjQ<e*
zHB-z$@io4g^nF@U0<qjDoy)7qWiyBJMMb;wiSw^pL=0o8kyN*f_0fF3olidX^x8W+
z6i;Z^?~6=2IRswP{Jq3PPR6G6*RZGg4c-a%wAU{0h{3*}IwnW!Q=6s0cnDdqcB&j>
z{7qbsNl6Q&UFVxQ>4TwZWAJq-U>xtpUKi%uL(a5t5q&jl7j+c7jP&B7XY;Fo*#zb)
zU@kmHjONL!_6ydH<X@Itk#BV@zsCa`IX^9`Q*OB)`3Buo=DSu|&i}ecHYgu<PqSZk
zckeq@Gqo<P@)*m>2^!E|aYOW-{zKr@i!PVM`b}kOI6p(*wjp!$Ek4TLBzQt~lyF|`
zcznm(;S+sZ4$r+0oE7Bf)Bf>zo>$bfejQ=n=)o>rT5Bv9kBZO6!~ez9Q$g;mQrhYL
zWNUuaYIC{#AXwvi{hXI9IOg%apYQ#A-@y0JLVwxi75m}gy_ffuyszYa74M6+AII4n
zZfyLX5haO*<f@b2J&$%8Xs17}ok}ywi;qQRBIQd>{9v%F4*#x)z6^g>3Y^{Sy?Ln9
z>epq)@@DQ2)AtMcHIj1-A0CsKY$Ln~UTuX3+R&eCKT$SV<1Le2+R8&zQbbOz8x2p*
zCmhx}9Mz7rU^eudfz4&`H0QeF^XomedjEQ2xUi{pC9%JjXq?8D=I-}kORGwepX14m
zSK{Y*f;q5!X!ZVb&Is{w9`-BbLY9rs0q&G*$~8JKkT;s`L;TFLXfu<xw?ZH3Yq9fo
zyLOqIRu(%3?*g8BuVYZ>T1t<P#iqpjBK8Hf_B+3i;<bI`{b#Pz+UNLnlI`a|i#W5e
zY|wS79T(85xhzv>pES<T#{Oa1yusHd{F<zH8OZl9`#i@PugrDJ=Rte#DQqavvXWd?
z^Hz_{@W1XKxCR@_1T%Tw6U8sIVC(8L83&cCKld;`^kM%h??B?I&+YfGsvCHrxU+?4
zeLnny{Mbwq`Oc5sM0|n}3)UT|>!>@x9@J@M7IMz>%;tPAZPdM9H!z;E{f?x0TZ_A}
zxhM6>huA|Kd>ig(&aPYK8K?!e24M3(6UeXNyQQz!4pj18otZfA`QqnW)|-ia26}ZR
zZCBE6MV{MRN4pgVYC9_GXLKZM+(m6UxxA}?erBL(oOG{@@Yh(A;+yApu~$<#4qFIv
zr{I)x`3C;ov|C`c+ibP#kG9L6>by?+Tw}WW<{)=V-L?&>6kN)NRErI%2EDc&K04Db
zHYD-6@-ChGJa4k%vTM+d&v}jw=~bTRVng~j{?$e`bW$6VM|&9OwY1^J<{PtVd1&KV
z%2rWU^FkG6CA+-|#<V)h)=@Twqe{yDfU>o~gY1f{BX9CEdJa72JO`ewJa+>R$=Gu0
z_%6(MXY0$Ge7~Oa-8s+su7T%?e5W(S?kZ;7W|vvxLT5YI<U5GPJj?qr-`oqygUn3$
zJlE!P&dl{@VVe|Q*0FxTw(M`Czw1WY*S+XZZO|jJ$k?az!{M)fgZH&=`+Y6rRyv12
zMQfUDzwFgI8(A`C7td#~Zjs-P>d~_%^oF~OuZq-OQa0EJZx$ds>WUL0lFiv)YAR7*
zE~9(|d4r4(CL(VVkvASQvuperd1Kq|t5VisyFa-xziHhWdBd8|k~hD6==}0#C-Nry
zONJ-=9C>4(kNDJ1<W06?a0M{bUxM6$HqsyWQx~>ZZ#<6UeW0r!9}}F~dsfE$`C41X
zoX^KRmKQ^FrS_Bx3KJqZ$QSLA6bw0+KY`xp8Uim)*<v5HY_aQKw{5X*r+Z#+v2BO-
zX^b--Wrv-P9k%)T=>fCIUJI>ZEmGjj_HSTZbt0eg*xxU}7d?OX4_a;or`g1M9Fm{3
zBQGGI?`P<@a$vCcy0G&^!^S)_k9^>+u!pma4?!>K^@Zpk<$Q-eXZeZfxyDpMblk?<
zew&Al+ib?kYm{vsHg2;yze+l#*7EV=HXD9_f#=BGblFFm;TLQfkqhDfqxOl0)~4-~
z9YArT?k!`2%9B;tWNa%WcOL8Lrwb3vJ;nadE3W0d<18g)&nbLT@KYcLhp`_hG!`n?
z+90%IKgT<R{pDNPQ&vu%Zt7izZJ`F+l$9F<JS7&Of1}TiP01!-xGw?@(@XIQ*af{L
zf3`3-F5=xI*ZXE}BFDSxkS$3$P{vSK>vzoM+MC$fXD)B&zj>6ez6LwbPM)`~*__|X
z^L3LS&1c;BpJ2?G?8z4MQ$2=Yq0RCS3ue?xr=}eb<5YeUl4nimb@;PX>g<LkT)zx%
zYp(Zc&)@RD^RR#IvDQrZ{-Ar5@#{Y&UmhbkC0h3^=EDN^YNflCJ6+zA0sQp9OAH_6
zOY#1hZ=_?$kM{-gM`|v>$0IGw{E~#;B7G{6pBw#2dXaRrm~J$I=hDMkYnexx`^Yin
zJq+&juXSh@bscsldfU*mD-(>g;X0ZVzMMxL4d_X2;99zurN3Q9JKQhio0vWbk9&m&
zY}uJh`NkhB3rvEil{$_93vo)`2KKs(_?|tdv?}y``Fs>2Gv{%?lzwcW4;!eX^{e=z
zFz%iwr=oO*!>p%!`N@WvS%_XpnNs?uw%0O0dbyYGS;%#~PUqrYz8S;6c>|sNJ)Vmu
z<ny)8dJ$fPZ(=>X8^E{LAya{?4}5!f8J2$PxyVQ_S(%?Mz1jt=ee_SdWD@Pm_p$+)
z<nw!&`QXR!mG;j{EnK_3h163)eZ%!#;W`GtaP0+umM$E{wQQAp@EM86na08S==Pjw
z1uT`ZI)GC!ijMujho0iCg6G@7t!RkfOnLz@V|Vb5!)E5@Uj5O!>^I;?c<<pCdv0JS
zb5XbT9d!%$7GHxy&DFwle4T4qBiZ|7M({4mTnXQgq}-y%9l^!(EkEbrcNr7i<I1f4
z`R-3T1}nbDJdqQ<AL|&rntSBWNBWtGFT^LJq2>VT$0k3^u0Y+)tvgg_xBk(!Dp%45
zZB2}|g<Zazw!FIMeHrh`FNr;VOz31lcAs?CYth`C&V(Rwk+aIj8`E;4GOmPvxsr`p
zItT3T@tgx@?OSAq|BD>QvXAKuuwQZhm*&AkJZr;$?N^)uwzFY2zHAo{`~iD~-o4H{
zmn$dG=A0dB=lRaHdDb`o#`6!T=Y7_xZO(kY&F6Vmc&}C0SnkJm41LqE_Ez@r%vwX@
z^LBi#o@Ir9%QN}I9e<d!F^5KkhVZxB@?&$~VPZDkSYif$@?&G)Po3sI^_}(ECgp3;
z`-jL?+>M_?&y>c<I>pN0ST<-Ty8^xVv>jez1Yh8N5AS<<?@n<CrlQ{n|9XawzfU^8
z^qeMiBJ?=&^WjqkzoY9}*WK{z<FxYzaQp>0ehM7_6ounn@<=F0<1g3#pkt`P5gMY+
z>DYy)7uohB_3J_UmE+3h>@xeTCad3+JDy_<zW5t*lwgO9<#b%h{4zlPtCa-<GYr;J
z4SefL&JBn@><`JV&br$OO{YxA`Ne^0=r)?a!_T&MAn&_er{?Z&#vZd}O;v{lGqNKd
zZ(mLT7o!w+ODuF#RfmUjDBVp39U;C~j84DPH&}*mm<!)fCv_blhjTmagy^3O-0cKc
z(gDF;=osa9utq{Z$a!D)2j_%(=&#o8oDYX@L_s*dUn>WdQ?Eew$MAH{may~=VD58d
zc1@=(&D)iy%Jv^*%~M^rc6QxlBT`*<-|TCVy}iIJ{|A-xuA966AU-~oziVxA(U!k*
zLSX4MUj+Z8qb~3v|Ffmjj7TGMY7({|@{6apj$mGfj!UV3!?JrfK2W!`L(jJ^yJ$+1
zX+)HJi#0{09D9Kuy01qkPG(Llz{b_gxT#Auun}))X|Aj3z*jl4BAv54(gtP}u3o({
z8yZOu=p_$tHT#yGmM-ZE`*^Os%=f`5=Y~d#vBN1&W5p^XG8Veu#k1CtuH|0(w{XnB
zjK&iU`<<$5qUy@@R<q|RT}fv?U#_}%Zr9WBu>4K$T5Lo<Lp?Q<wO3-VOM9V79p!Yt
z1v)9#Tk)1EBU{E1?vv^pHeQau<df5Uwco?uc1``nl^gJ@m4C+d^_Q<Kg7+JuI{gIp
z80OVaSc#uT5L{R~y$f65I-`v}^UfA@#C<i><r8K5E_D+R;Q&_IV5<c?ynUMd!5W`K
zpS1TaPv{<>!y)`qeU$lt`}eN!4StjLmV5>AaqQPRMEkLlmGZB!&g`Z?jSqf#pb<G}
zm<0npd?$bNZoZW)m0Wml3S(aNf1di0C940=y2tNn2w9{1*ST+lr*}HX4(R?>>;5+G
z^R4?=towf$sODYU+KUGETKD$(fGYpIb$|A(!QXR#?0P%*??BajWU*}3H;{YT&K-k2
z;%V6<_E%c#2J8A|uDg*<MgMj7Sy$ZqPOc}?r_1^EfJ@C0H6y_f_!K`VK1a{moHkr-
z_|2@~SyA+PN%a31xY<6!*j^ELKb8BdqxZszWcn@9`xssdDRXo5neZZ8OzghR`40ok
z?c3$|WX)ah^cSPoiD#aj<%fI0Pdq=Y(tVU48d<}|c%hAJ!TWD|7NsA$-;NmVc5xkp
zuiLt|X=V^(E0~C9=HJFgwRLUNsF7>&#)=iEH-AxWM|rR9<k0q8L_6Bt#I<-&xRC#j
z5B^i^cN_dBJ`lfML)lhG7QC1hp2HXs-^thQbE-22FMEDvx{vZ(Bln->J_dI+_g7l?
zQGVlox^)lyT#Mf(TlaQ9y2+_9(Ym+$vWt5!_tyMRe}>j-KR$sNi4nv~j3j1a6gq&5
z*hM$_n#d8uUhD_X5u8hufN#2!7(e^GIGnGyw-*yXN8H3#=Dl{-agu{!_6@ILPXbw*
zR?7LC81W<r@k2Jk6SSu=!ia3;yW|&r9morRFZ1S;eER@0VQ>Amj)UmVk26m9Qpd#F
z+qqBn?*f-wDYFfq`MTQ6JD#MCmw3OIHYU_w!Mzdj*KX?=pOO@)i`L)gO!X$aWM{D3
z*v9t(+Sq38dD?AkqmIkj*Vq|tLuLH55w0D7-Zr+@Ztd{UhL<)ZFI=C(zUMR|2k@QS
z!+N!wIr#woT^Y<7C9I*>(T^#gH#+p}BFZb)8~fH##d~|QTK_86+kJ(xBj1Yk&JPF4
zckMRv1LUU&;$slm#aV-#S2CDq*){XR5#D!x%@@+R(0aXzw*En9`*1%9-%a6+vv0nV
z5Ip%uBeWe~%MTg%=m3K=UaGR-X{Ma(Qe($ed=p|#-TO&nyXcb0-iX#OwV$+c{sgr3
z*M}`y6)PSPoQ<#bbD!wna;dR!65o@v`e9E>VqgmUMR|N5T3awsOZ_3nc+EKZa^(40
z6D+J5#oXd#pQ%35Q4poG;@(PX<%gc<Hz=d`e#%{b{NDW=ihUu`yUy7dxsGz;sadrX
zxi=zp&^yUY?pk`&BlG>t>DSz}<4*tT<gtQdJoH%yJ!CI>1H5QVKA^K+ph2^BHUT+R
z7=N)G>aIoj^+F@TC%D%`&tIUsy1o$UC`ln^as+xGInVMu?#JFE219v$YajFtw5QG)
zkezA`ZOmZL4m%`!Q%2^M%w?a(*LTHG*~5GAL-7*FA1;s`JijXu9$;;P4Saoz_#hVV
zKNUOpG2}$^>3jEgUSjNMM7JITjTP%5UQ@i@_mi>%o02jE^1u88dttT>{32}NIzw!1
zIPur!rrFSV1#oQVck+)uX#Zts?;Bi2-SRsgPn}O8<7&hwjE8n;R11wt&CwQ(YNIsr
zK%>$qjXdDqU8^{U(SJ>&Py98FM#s@;{CQ~Pf<{TuNH!kfFGizFqcmFgxXw$(-w_&>
zK$}u>-D3|K98M$g(ceNJ$&(m;ezCS{z<U82kz3?%rcryEO{1TY5B%?;(UyO{FpUIT
zj840$cMo{@CgV@II7}a;2Tp;{G`8WZL5*+qMe^rLGq39=_$?IWx4LBYCGT(IxAG*r
zFL%-Ahf#j}5PthsQdZzD_^k?l`^6c48w<bX!EgED+v&?6Z#F{zhFpsAnFV81_7JxM
z&k?^wy)MSJWK+)Sgawj4o$%c{i|=y$wT%09@ZEaKcn<u^;yaBgw-sBH<FD3x-mRxh
zKeDC*|CDvegdF+)@Ejd7tr?l1+(zx-OLN6F$k7_+pKZ()Pr|?2zxBeG+n6irYM(%k
zCk9I3LBSP+srf_BK%D6tocZF6fSxDfmpT3qLt~b%s#~e}plbXwC37WjcmKQ2FQ{Oy
zEN9OAJagygm_x57ZvUzfbE=i|PkoQPp}96Y{44%rdfcLN=3S@e-3!FjujP!83?sDD
zFe0zBr`CxdENAuMdojZDT_?VtGy9a=Fu(ux1o8r>8Vhe_o;d+ee44e!4|5vlcRW|n
zG01xF>)^!N>p(ZIE0!OS+h4()Tc^1WTvZYigq_~n`%bK{<J#@#yt{>Uyz^6L0y3hm
zenLkbcy!|rr00^u>}|l8x&ChE=I5C|!puuu)Zd``dDg|ZFQ^Xc*Bq=dsJWw(xkGL2
zlD&!etc5Rn0s+c-Xh-X*rQ=@6Z#6Hf+s&RMYpy$e{P!~sDp)&C8=?AbdHXHK0sB>!
zygdQ`--B$ehyOj+zT>_7`?5ZIEYC#V4#1x-^00Jf8aoW;o9*k*9m_vR$_qT2lxxY`
zY2bIbynQlaZaRs-`vCmk@mv-7M(#)P9~;LnQK$M>3*Y~UwMK89WLtiJBQ&UBE*8xm
z<#{9DZQ}PZ<&9+5bxo<R>x}yjU5C$nq#Ie@y{2(?{%Bi<|1)KJs7Lf~B8FD<t)-2>
zjP`|klZ~nC(Ag51ulmsgWHVX{?fm#dB*VkdqJJ0u5Vfp<mZGOTP)P0+=+n#E_Q3>O
z5Br|si`cr@Xn!%!rE6VLdq>9*<+fl`o0yUsxC6f2JEAeN_cMu)y)=jOg3K}fyVzTP
zl5tn!Fm~(%rqPbkUCP0|3tmXCnb@%#IEwKhV9zmaLR~TUM#QLjvSU)J5tuxZH8e2d
zm(q{UyYQ&l7`d|;es!ezJ@C_=)KN_z=dXIE1K$mcU(@UF<T}mo14gx%c6w<0E7mvo
z)BxuzeB)cSt>YEGBfX3NS@tCi+AplD?kF&l{d2f~1Kg|J4RsScb^)Ksd-M?CE8^aW
z%&&X0V{&SG;07DMqixvw_JO;XX{W%E><5nvUsnHU=VjWFFU1<#mhZ;oI>DFhm#@fC
z+8OS<8H-Cs7FhBk-}u^(#!yba`&$oN^5P+_`)>OD$IFXW!-zznNjtLQL*&H!=<7N!
z=LGsXKC@oQtTyzrNCGyoxdk1Dm)zd)bUo|s6L%OP*<TNS#~4t~AY|%b=bC~6$<_*F
zZYA=X_}Kj}>>eex?H#rBw;a95i~YyNn4E{dd=hq$dHBGO#}-ucbz4Rn9%JE5cwB9?
zL!WkJPzbz9Zb$}&s3#20JO?_4$$aDrI1BMEOqnG1q$Kl0&?gs}FBvbHPkoUBXQm~C
z%7L*R8B{SYT0cBv!A>7y^-BgxmvN!XaF&$6nz+Yy=G+PF?QBRJ5zLuI{MO!?0rlIB
z>|c*hexSB?W~DnR;6wJWKn`htOLJ2US0&)B9{KaSBd_b`p}A3g55I@v*!)`-r|+HK
z81s8LtM9GeUsJ^V3%_hyckcYVVl=sxM%(kR+Oy@)+4=Xu4s+8zw;7?kkUu|&&b7aw
zjuqhS#2x5<bE`UPfNc-9JaR-3`*U%6BD%6`wR3?RdX<Ai#@6IL#igD^a9sOiU#KrN
zF>o_9mCm7lPM2N_{j7e%7t%9sLC*F@^^Cr;v3`EMUR#oH>lwEV>*w7`IcM~Y56+`!
zETo?&$f+{+OGb!8_y*Ol50Py#{bB|6iDtRTSn*lUk)a){7)LRB&Fvjpcs?4{S#yMR
zr1R5g26MzM=qWv?@l9cl=!Qn)qp&NlR;>Pbe)#kS_#x5KEkC9$&LmM=J!9;)#zfo7
zqE6{!Hb3N8`q=sSAu*00V)Tz38nSe-%c)CzfiGUp-%{7{U!CQxSY0t5%a7It&Mi5S
z5Qpn{TwG{ugxxWoxiH?3!_UG+v&+WCi{wL&*G)eT7ytSZ@b^)daM8)Q5Z}A;8}tyX
zvu8~~hh&E0d_1gqCHJIvco+{Qj2Ff8AQwA2@e|g3P2OCu=Ino>zW6yCSsJNk9ag=z
zarR(zy)O7A7sb1h#f$z;`s2C2{KMx1mCa*Lc$D^JuldBGvvb1BS4*!P8!qD6$L(o%
zJZJ2aZM=bVgAAv!?Tssl3r0SE+<p`D2l*u}e=y?A*wg;85&ZBMM)2g&_lW;@dXwQx
z<q}ohs<+ad^K+F8V{hoWA|Zku%#WPDv4{4yp&Kand>8s0G9MrG)ep}@7xbg^HMq$^
z!*kh%d!Hje8L=({oHcmjZ8P)*=9wAne|L{Fg45XpS1xA!5WM88*>sS7?s3c`L+o?+
z(4P|azuVdW9^!ckd+$AKn)46xu7W-IJ(Jhv7oc}OflNEI4^EwotxY}T0ugKmb@Y;Z
z#!Ef;1<orlFY>#d`C)$f2==Z=8TCE9^FZ(Tel5i>Uw-j>$Uzfkt-X_L7xQo_`Kr3G
z%X^4Z@nGW~?(da!;H<xw{8yhSvVFda=ugb&E2-W);QjW<1xa718%W0QV?)ty%kQfi
zpIG^QdB1Yj?<)!2&GP$VeykuquZs9Q&ogT*zpumtw%^x0BWd0Q+6olezF+8HXMDfr
zq4Olx|F!Q|@`1CyUrE4FS7iHtVW&UG|0|L9E&s0r#T{<SX)Pug<(F2Mm*`D;+84TZ
z^}P?zVa~Z7o7?x$Jr80}*!#@)@*gy@5u&pai|gOO^QG8)cCqHu-t-3kz4WJ){>&rZ
zux|CpjAZ)b#~*Dx{TWYR*mLjO0)NSGLHlr3>|KbKtWl;Vju_@2g@4JPpb=}kbN#09
zFZqL>rwn_Je+l}Y<xlkz|GV(f#1^rf@qLbOn45Oo=r^9IpN)LOeocA7w2QKW34PM?
z4HHbj7U#>AKlvfbqH_#}kb7tA$eS$RTQ@MB^BkCdqUZR$JkJ05`tof(KTls)=sDlr
z#lLc!o~$xi!#c3{I<0d`hMeww<-|$4s*PDC_^o=Nt8Dbxt@dNPytABK-118=NpTDu
z9$`!;r@%Xvi!Kh5v*KtuzEw_BHgKJFQ@|N|W_X-w3=V!^$1-(t&T<y@NM1~b54+cn
z+19;wG{01SDg2W8CGkt-=jP|)H;Ug#ek1sCj;hX6UF+ayZhM4%(mvW!9+67o5c;1p
zg4dw0G2ViEi}&R3B<JS_Vz`&pE?v3JO!Y3Sov_kGU!MwZdgPOfu3So=DzchdJmiF6
z&+BNd*N7Bej4a{(_;zx<C9rOa_PvC-uXV&wA{zoOa{JayG$MbduJ@TU{!jHO3%=-M
z9jQM3t^Lv2oDRXkH{IWzvrRH;NawdAM+-L@*LQQ~?BTU#+lsjEonq7%^M5GGvF%V`
z?l!&G^X^gL^}APX(>pyo%$c=^*IsRXW0xO6`On3bhbG_sd|dfalrN7f@1lG~TzTmE
z-O9M~iIkrgS3ZgI*Tj{F7ruLKT=^8rUl&(CmGalem4}bMd&8OX>eFH87|Jw$<^%Y&
z?`J;FyN8ymZ9cvme(C0H+Gc2K;v4?>IAh=J(dMQeVvvqJ<qKh}xA^@{N1){j_HD!F
z=)haVdq2f|{uX$C8<{?2ruNH@@wAy5c&7IDnev%uPa;^#8c=(nPx74meFuqmuV#LG
zi9OOGuC=eKeL3m~R+*#wyOD7(z<>SxTCv6W__pg}W99&3v~#pEqn~+C^CFA+qt`&&
z@%8?d*OJrX3E)~b!btC5f^QkT-HmU{+w@U;wA&JmeYcaJ>TQ0XVjue5+NCr1)h}IH
z$oEaaF}eQEm8|>w+3OA#t}2*fI+|K;bQp<MJX>C0w6cjc^)F~&xX`#49-gPH_>8?3
za(yQUj?k9gH8UP+vYK1wm?>QjGqFqK|3}BsiHxTCYrk`Pvx9&6F34|T%MQ-s;fzW5
z(}!NsK7L_}>$-L1B`k9Lwz-;AU*XZBi`uR$<5%Q1wh51Skw;o|sZnesV`CL{BB$_`
zvGewxtWq5BZ>=1&D(4~>nB-L-u@a&={y@a{6@+`2ki&{TXk2Mu7~O>SvijSw1Ee4)
zCe|)nsrhl6=?ZM){)PI2DQ~eBS6R{3qND5~(CKOBxOb^<dHo$LCpnT6eV_2H9FtFd
zg_HbSfLU=l8|#)2bl-2@IHvf;76YHE`HnH+g0C3MH`YxWXl8x;c9U`A+ZX#bzD?O+
z-5mp;;{8K)R}B0ocz;te061eb-%6X;LGu@&x#)j;l<v1f_d?b;7R`b2N$7q@l;%H&
z=0}Io{NTsXd^&BzZ-Yti4Q*Epr0~{9KaT(ldEo=`c<VmOxyIn>`r6x9N{87C-u80;
zCU|=r-(Hm!j}Mti{ng;@9s2MLc+<Z1#`<rpobO0UG%xk7oCMxV3nyE6OJ|MMSa;`u
z`5p7dNyU3xiolzJJ76hzYpk1W;f;I?H;%c)w{Z+*H`aY);6_JUI9T^73vZ&o=BpU5
zynVmD*E#AAY|!M?Ca$=@mhnffxUlB(szT%FbBw<f@^e?dvwEZC?sy|H;6?sVAWmnZ
z%Qx!^{GdKXjQ!+X->h(b-M}Pb?VqS$I`Cxu?E~X3^38gx{*Hm4)PG~(pX%=%n19)x
zmY>!y9|&IdO3TZa?Q8jQ{gQ#VFMGM=!AoCidE(N&Eze*2LQCzX&$o=r@@;H*&C21t
zu&9v!8{}w1hbeRUHY&%x#+hJwmOWi>rf;V5^5Yw~ua5RBXv53*RR@ftn$HRiSC{%S
z-b|m@kmY+<dd7G&E$(_u-1X?V>(sdG<TKa!_RTAy&Qj`Xqb>uV7}c+52J}30jT||1
zO+K|V*VysSTxZ2y=h@fB#rA)E+?;5mbJF7JlL-zoN_>$lWN3-u2xOaCU6LWsI!t7Y
z&KAw^9@uVf@*$HqO~fWt^R1cqV)=JLUxRu3S%;w<8{U^GQ^<KZ@$pE4PkYh^x;ip!
z(1+gjmHX{{yThM<`2x>xjXsa>hx&l-5Q)X9yI2dBpxbs*|M!cD3p56%S4ZQZs><Z=
zrgLety#{vEOn8-fVo<(8&Db&Ivvt1jZjAp9*)dYzrSe^|5&1sfWurqh7dJ*a@kMH4
zo$IjnlsOv*Jm|TL=hc)`>`V+N$^m%lp6A*}Y&SDw&vY+53Fp<+(*SJ3Q@%B(GQ*Q^
zXH3yobSc(PZh!aBTJu%@qt>IWC)vZWWB5P)zt+zGcl_u6qs-Vxewwb5Q*$3K$U+Az
zMz{Wx^JvPY_ycRd{HM(=mGq(V=<1E7=Ggwb$yvhL0}I{ooZgo_)7-*&1^d}c-dN9E
za)O`M%l1B1PWTP>s{X<r@CtnXnpt}iTjZ5ro%T(YKe{l<nBLCw3hWu$Bh|U?<*eUB
z4s4-3x5|t%rkC@+mwP)OcwV@N_Z5_jm1)!&_PqC4_1L*_N_gKJS5F)Dl<>Zma=95s
zS`F_!l+pPNs>iN7!-7lqXJNH-UFWjCtx-AV&=CL14OL4W?fh61XEOI%eK`wfh6QJQ
zUku6!PQjq|1)qGpIL|gsc3}Hk;U_1oy46p?V&Q@I+qqU5Jy*TA0)vb16r-U12EioR
zpPOW)Nsi@?R!qM7CYsp&V2n;b0S)T$|5L8{AG1c1f7uE0S~WQG`wQ8FvcIwEp|)>B
zM=K;Aw}!eZzULbdyn;`(iq*4(bzdpDzqe4|C#X*}tK~Q37~8M%HIx<2ZgFmI`84&Z
zjeEw)M^|=L8@B49Q8Vg!rgv&H#uI{pchehyw}Sb5kZ;7pYOk7hZFrUMA<v?p`q)Dq
z;s>=I<AvNa=d5cVH8Z>czMMgOHm&u2w)OlwJa2OwGajX$a&Y<{@X5Yd;>_sUgT0wC
z*WZW!d6w5R!{|$!r%=}f=5ZSy;oQcvML+U9lsdEe8?%gs^<{P+i>yA{Jl94%^enzV
zNN!~5UXRmWyZV5gyoCJ&(cAi-n6~58J2Q$y<=U{}$hG<|Jmv9BFdS!$$J1W;Retto
zk<-GD8~nJSNiTID5!_Z^bHmDySWaF<t!GNegBU{pq0e<&{yens+rU*w{V`m<fq(S}
z;Qa`;GX3BBr%}_tNg3ic9`Z~Y5tJ=|JZGoJZ22~B#N&3qjTD=&V`E|o-`X(Sw75_%
zCHi2ETVyZ&*BK0F$L{enawglt$sb1AW0#y@*4P#AYTQ;($0EL83_aB58{k#)>OyT^
zMR~P%H|19@j^SN!O4j9C-@+%G&i2u!2|jPu*cHC**vXu*@GhFFtoUPB0y?&GrBj!1
zYxs=YyE)VT%zI=<^_pF?^}L!rNsafysLZKlj=;z8OnveAFpyW()N6f5eX<>@ye)^b
z!?pM~#oB-eEjaf8Qzx(qz6;^Po^SqzJ@|9&7|jO0b<A7J{buV5I=?CbpJF@zoBG;L
z{q~qUOE<|^!O;f1YG1N!9qkJa`9?~<cJf?&V)I94xQ2Io_^CeC+sL;yT(9HT%=21)
zDeABFjop^&)OWFOy6JPQ-dKH-tCFLF!NI@etID6DjoOOJa={wIcPI7s#?>v{$LhWi
z%!Sc;MKIg)+J@Vb<H#<xFL@5%5Zh+2y9VOcUG`aY!_G;WYXr*;TaU>>$CXZ$?GwL>
zx3Zv(!x|Sgw0V{ewhU%(-r@ltu!j^2#vWIQKCvI3+0C;ycraFvc&ZIvR6W9fH+^Y~
z@>(0bmc%z9i`RtvoNx$Ui<NDp9r3&B5TCa*p5(t-$eKX@=PtgLzh*CMBDV=2Fz)mo
znHDsdV?<Mp6ZzEY-1S1WPfnapt4}%M9`?@KITuB?y@I*MGw3XXjm#bT&P1=4U0dHE
zKlkk-4oGF?kM<YjV0;Xlb#BO9`|ODe#Uz&)hWz&*R*oF4fuu`G-|C?+mK>}Y5k%oV
zBL@rNE1y~LYBR8Gw`8=PH%d6%m2Hm$!KrfMN%8D6;6vr(<sCl!`}B>T50`njkk`G2
z=Z(p>%u`*p)YH!IN71_O2A4K1@v$ufuhF`O^Tcb&P1S|}!t`2rq6VH&U0<P|MbxpF
zZ+{$}Ya~BUFelu{yN{EVg8yyG3VvH2+48b2_2cDbBlAZ0N61U{Tk<kCHpOR>n`%q_
zY@{#ZPhV6AwPm6$BjRPL%AyllGE_LU>VaRc<=aMNw%vxt74y&VHYBs-WUt21g=DXR
ze%cOfd-$oHPVgJzH|5MX_86*-lh?z?P|aeE5$r0_F(kRAJ}O^fh&?swLIvZ9S!Fy`
zQ>GKzseEiqt)uM=jj2J#Z##arHN>N8OqE8*R3T$Z-)T&>EwRVctmv3hS&gYfj4Aag
zeq70CCl&)8gQJ@mGUc&2-`QUo3w@!U_spM{-*o6*%`YL=Endc4FVAXkdgR@kSGym3
zp1tuZ_Rq-)xG(^p9(m9B`4i#pcm3p^#8>s<TFNN5XalyuN-M8ua{n!pnp?EzIfQ>f
zJ33v@$ee(3hkvh0_A|{p$Rd1to_Dw&+v&*Y@8Q3KK2_lx$sWU?0Ui~rvDA^(buD(9
zCml(Fou|kl-c&HKtLe|P{fmfG!Vc5c^rP7?HB}8f#q)!_KghpqeGgCeg@~aHtp5b_
zFypHAObkV`Wyetrh0bR)&~sxk6pd!Vz-Hi63`Oj__vnM>nAjX~+`{i~+aG9B&V}=x
zvy~Zs=K$;1XwHR}&uUFcoFQ>oB~AIWG{1kGuUsZ`iu~bBgV+%lJ|UknX36Iln<FyW
z8E$?C8^LH}ntXQ~9!waxdkwKF`9`GSH0J<Ya}noqsZ6RdO?LbvlyklFv-!RJPhWt%
zP6^B|oYMH2lKt4zA9!GPVM^m?rlCWXkaNCp?Sr!m*M4tyh*%u<50<xk%RO7K^F=;w
z>YS9Z<b&5QG3g>RDd_?DzVj7Nmut`EU9Lq5M@y*tKJZy`3u7$1F%l-mCV-ABAC*eJ
z^X%~k`bOXLbB`zKG3ol~u<T2q3v=%MXW<EB6t+tI{Ek!^p<_wLU;?z*4jjl}+>MP$
zi(~Bg--?%<`QBX129O*6kX*TnvFk=pJAs`+df*2<Q@!2T5Kdr2IClF8&#}qm4u8d%
zbvI*Q?Yv2uUr_gs=c+nl_1{JPml9j6*xgwDZ^YGqEL#7cqxH8Y8I#n;G1_>KHr|W2
zF=IUEqcN8<&suhnS5*EA<j)n1bBmu`;Zr=DwnTB=AH8S(pHG>a{=zTDPb1-{*tIk6
z+TdC`nZ}mlk+H$RD~gSCg@?e+A==YB`&mx-PjUB!OVAI2E5q;&{(<M>cWmW5df*Ae
zJZn#SS?|yrjy!E{qWskV3%Kr>ZR20`Dx{C4^wCFMzf)Pp$|1^DlXpe)#p|`FH$THS
zi}@x#H)iIg_MY5b*u5ID<LKNf)v=vA8qsrFfnWDeTd-w@pXC28uWxX8`SxMue-bVK
zIR7<^ZJU*WjLoD^|Hw1NP;H{0HD81Gu`yLsrj2$o!NVibZ@26Hm$4Ns#%{nn*)Z#F
zV{ezeW$nv}kDFLmHhc})ANT$Jao<-{zTq~z4-Gu8e%uT`CcKb8FP6(w{adMb%=w#a
z{7yR-m(O#F@Ww9#+@%l0pR3x&Unh0M`uA1p`l$YWDGt8BwSV#O#PX}1?>x3x9D;JI
zxv-^ma?V{&GUv-;C+tB#%>CI#!GA|SuHv3th*lo9Jmp<$nI61tXm;?`HE!0yxna$*
zwtk--KKU+ZO7Ki}#C7=19Z$D&A8LNtg-!Rc!xw4x%5LZIlb2wj+L7+_ZWDW8<1U<Q
z?ftjF6Ym+9R<5-i@FF|fe_8tKh0jYvHe0zVYaHZI<6Eu&RFCG+_Gk_^p3jinz6idT
zued?oDqn*wK{+K)HfXG6hBJ8|%PINcIAqq>N3i}I$v*Zd_OV@|Q_sO?F5{^1*^SIp
z8wKRG-o^D)a+a2N2ds5fx$k~!T~%%bq~F#zBpS2623*$ODY3Oa#oc|QB-rDWok8nI
z_G5$}_87FExb=Kz#V;{}PY6epsS%DC(|duNSO;r<=*Mn(Ky;<9S<rO{`E*57a+|(<
z56{t+!aGvOTQofmeU$_A9%w9^l3VnpeyyGEv*?=_ZcfA}5})S+a#|*$12j9Z_tvlM
zsB#&T+Mp}>yeI9Z-}ZOe;T6&E-i2O*LG$0Y;`*fhymRuL(%#Bp{b`{;hp>Icw>^)&
zizeb<!P(13XQ_oV@E-hfT-|{S;H!FA{cEVdha8#RYj@9<j$e(Qd+hpi^G<#^PI}v1
zVkB+f*+g)oHBZkH^1HJB%i~_L^08;|)^zPBh%S284zH<fkCnqBBivA9%ikqxo9E&=
zSN!+UJg2exYLo{R7;mAx#@rozZ;x>^q*$xJ8s~G3;FX0}dx!xVe;?<M^pMj*_I=s?
ziL3J}Cp~8&hBK(IpYf`8;FYO8jNfA;eKS~#;`7gWAN=b0249?X&08;|j1FwTKkWx*
zp0|?IW;k0dxQlZqQt+b*(dQ@NyK6>s*0VFkpTcwfzsdN20zP>P->kRs!+H?E*L}5j
z%zO&}tCy)SXyi^mO3sR9ug_qvPxGcAE4JaMwG(?>BXr)GMQkwtw99_AVdcH>n91I5
zc#64mc^CVsOP`++*s!~*qm?s4eB2+QKL2g1FWIX+OX|<#z_0ls);D~~yzFCo6@w?+
zM+$uu4N}=xKS(=op_f<U$Dw?K4a_6h+ZU$c%gdT}`jhlC6@QQ_XPW;-bRPYypHI`z
zD~K6MC60O*eM?8aTKVtr&ytOJ3*VI{a}KtyvCF!N9i4NU{E|yoZ`>Wtbyt<kd&U-H
zYPm_B^}rPC=k4@!Fa10i?dLM}k-lmlS^bnB*r8Fa`9;PA@1hiAM$t&)#v<|-Q}@g!
z@Vp!x3nqPYqw?})gJbsbOVc^uoBzGQychZ&fWFUCU(w04uoaPquN0UTvG!RAOg-Q}
zz*w(+y{4lScyi3m`Lo>ckR#Ju!+(2J2C3hxfV;|>(eI{T;@<)zzrPG!lr=Z&3`<r`
zD&(F$3S>)u{}SeG{6@VRQ~Fmq=|_rpcpMp_xn^9Jxry_af(_&&GSVJxQJr&v&1#o3
zZngm1BHBGXPI4zBoJ0AW@p(n}Os@eC&ug9n4^%ug1l>B}eeL^r;7{41V*K3(TuH<S
zEJaVAP`k8)*z@#Oc+vz$#en+3m&I??DSnfzTU(YF-Sf$ios?80#wPVa_DhYcO^)1j
z;i-q*hqAW`zUq55wsTp_oI9^6p3btzJZD<_oH6~<|7lxijLmhb<9e%(%<$L09+MB}
zKa;fw`H;2C5!Bw8;OhCV5jteyNp>>Z5A*P7r{}3$L;B%%!-X$4utTfC&G+8>aN+{?
z>__Z+B|l3(`<&U6>P~XaF*paQdVdn@I{&F^<#_97tSoeC51w)7V*TNv4uf~I82gFb
zzehe@wU2)vKJ5cDN=F;ZOB#F|YxquMRXT?ITla2ET#KECwbGe0Cy+grO|dg4?A)%2
zqwRAk@Rw39sH0W)8w0zck@EQ&bHp>Y&Dy{Q{l_QFP3o`B8(HDZ>rGEDeU<(^9RKlo
zT!-(yma|`s?_;F=Q|!AE|Eo3GJk}_(HOl@dnX4R4lASfL;41>JX&#H^Wa?vVG+T4%
ziVn@4-I_z0OAC3vcCvCX*?R`eFPp?y%8O77pEj^oN>p4FYnpYZhN7`nF24u<uS0(N
z(aV#;aV(Zfxs_{p4qnpGJtB6#+OzpG?RD=+V#LykE6X6hEE63k3mqpL9VaJrYHdO=
zcLIBG;0zt&o$36>5_czixAdJs=QywO(CoNvM)1`iT^YP*3God@`0qH4h{mw`-b1WV
z6=PNN!fm6-ck{(n9U9YuseEW?D!7}pi~g&B9>!^1vEs+*6XUOr{`i5vlJl@)@nc>q
ze$3^sR-Y*=oTz-Q%2QT2s5?+%#geK2wLD`@pglY*o?7MCf&1}{_iw*g5?GHMx`wfh
zkJ61A-|f)x@(+i`=!~Fk?$kgVw#$kX=K|oFud~<cP83X6F0inXJ43Wc{Nt4!s)N3z
zRZ@@6{wjiw<hO`a!53Y~axb~)3W#%E#I=X~SFBI`2G`|$<3=vIspAB5wZ-?)Pjw4F
zmArRZ?-IQ=_=vlZIrw$gH4z`wOq)7?>?vUBhCapqM*N@HEBo`%W}QW3+Z?jPpFM=l
zk+LSR{YvLXQ#L@E$1cEEp?A;nRmHo18(%e3*Rktwfp2bxe{O=07Q#;p@Ryn&8gh=b
z<d<{}wY`+KC9`IKP3z6SKKK5dvBjJP-%g#uIwdNf7+a>bhVJ>CuOs9o-jneyz4;Ai
zhL?B}zhignZR8Bz+zvmnmlshkcCANbe>$ISXlSnZKLdC(fjbNMv*||;{GW@CpAd|}
z^OsT4@eWKq7a3D$15<5+d1Fl@a`2N5PtOvac|C$L;Y8=M{SRcrXfP6%yBHHw87Do+
zyG6*jFLEw1v3r@<@-N*(?=%nX0p1@*^T%_}S$|uevG7qRJ{I&-u|zMzGrjQcr{UdI
zqjLl0&^1v!cQHA%&{G1%&*wLoDRqjUlTUD=^a*&n2wla49@WF#+>8FAv*4Q0t?qId
zvkr?7SpSq~8`Ihuubm$bO>0Nqgn(yfRNjP<H|`IIwuc#S8fzh9=faGut#R@u4D1?j
z?K~Inwlm(ksQWJ9Tu;8={v4m;<!3e2+PTb1&7`_s&MWk!{UE=TvC(hmji06K4P3u5
z$`^6K-!>m-g<qBJd?Y^er{?T0;e1$~FU*;(`-D5?=-+~D()y!p1?O<xIwQE^Pw*LX
zy@=<rv$^i+9@;FNX)GM$>~@v!q@3u`CRo8o=X*ob?x4OJ;D&Bi{d(_yz&EpZs9?I{
z>wh?^Ie?8KCkBJ)d0zSv0~t@hWzeq&`sG2tE2H#t14}9ND~EpT@h7e_$6EB0|MxEB
zNGbGN1pNe?=+}92h%iy$gJ$h6n`R|EJ0Hzz<7fu`{wA93rC*;0wmRY=M6=qYzouDI
zA@)Pge-o|7qd(T+JF4p!&O^5v=vJdx2k6#}-cu6At8g|Pr;=sE>6maHI=bWNxF$-+
zn<>}I_s6ckmGOHE<M?LA^G%HFg~*`=tl?}qB)!R!MbN%Nbt8-NzA9Pt8@@9c_YTWP
zJp+5MZI{E&9F0%u51X5IVIQ((j`GH5dKKHDxlr}|FWzGd;Jx<M&z)yq<J}+lHP1Mk
zm->&~qi0#=2flK8^Gn<}@*bJ_k#n-<Uv%=Ln)6)P#ccSDa22xV5Ip8WKda$PO4*%!
zdB%<$`n({~*pBVtXd^r+9BYh79yj3cTg0<x@5T3n`}Y5^&r08|GBp!}i`fs@c5rC(
zt<>S#J=HqfJ63mfwy{J0H8+3nssYI;a$-d~krg%YsdS=#<d60@r3ZCJ^`IK`AoOqR
zyfNuP@G-W8yZ=fLT5?7Y$`1eG)X-+>L7m8@J;<elQMvSdR1bPSDwjOSz2}iXU2$?r
z`o82+XH+hA0;BXGKX!yxuR%^nVysy6)snAo0(rhSnCtS%J?w3DBrLC4J!V0rxgmcG
zaB4l`r62LQD{HWE_Qfd9<_Kp$%n7amXVu_L^SKZCRLlS4(Xuzh<2N%QST>?@{!Nq>
zEq=;7>C9iE{DxI=IUJFhi<vjH4s!GEfoF{yw*l{lOIR;^jOA~Vm#~#wgUSv0n3>`|
z2~9SSzIvd+%(?STo^3P7RwkhnB$EexCu`hC*H#S#7{B%O(`9-RrBg`O^gu&$IY)ZH
zs|z{V%-nkdy*VE{S^4LE9d2TnY~55oAbDrz+dH6-i!yHJD$Tc5%w3vqPq1!yl;17<
zw6@YZX8>D}=EYm7cQe2Lq~EdqP}{d8)B6{E6^F(dv+|G~kALT?&>lzb<SpwHLOtV%
zp8)<nj&=E7GiS2afOFH<<u_yZZWqrnulc}};zCsC4$fk1hrdKi&AS>GPT+{=W7aQ0
z<5X+s$LTN9S<lE0V7}6#RYo|GaeL~XotDht{a`_%_Jz#w$&fv^Pu;WI@^5^Nd)e3D
z!zM5PO;@3P#?*V(-qo{K8ObGs@%-<UWnDb28rb)8y$czky_1?^V^)0m=d3#IwpE|L
z6)t|q^G5!E&HuCfs`)+!$1l16`gE-m4P;DI-p$3Il<(DkIqeo&GQ|x4LiLO^rZob`
z6I>T^EjXHiWAOE%&2=}U1AUG4fhGTpVBaSV^3|5U+Hkuu*l;Jm75rB5yO-Y@e&6A@
zp8b}^=i2>SSIL%nVY~lk-b<!#|2ypdHNaLgpM4<Yu)U79{ef4|56SxXp+ij8+v_&u
zCo)wutU!jgE;eShrUNT-qB&bKtuZq6VR?TRwt_ZC>+8+wM&zr&1%3t>fuF<ho7#Hc
zqUUq%*M!VW;i{GWzh>%sn7ZQMYwg7z!K`xVq-!Gq+YvGURjW?t3^|oAGc9!TmUQN$
zjL@mM2|<<BJX1sYP3h$Gg&&(~Hv|6F+;f#^MgDO1W<qOH%RHyyeU)dv+JVe^*^>A0
z-I^aZ&X<jO;va`Lx3MSQq<5R91Q#P4rdYbU5nRhV)j5Sa4QsyBe6|31=7Y-{(dq4+
zapQPj%+H?xjNrHUPUBo-W$(1J^IQ>S#Dk*YXP0n}7x%yC{cR(R%ukInGLzg!=AlF*
z^XJJ%=0Bzynd`<Fnbqm|AT|>lb{{cR8(2fv|KIGrdwf*Yx&OashRY1$D!Brh1hghW
zMHB+5+Dw9%04mnvwe2C`X&Z!E@lH`mK-+|1WfVoBm4MnNqbMp-sP+)F_5`U4Qmv;w
zEdjMAMB5?=i3sz3fA(c&XL9d3zn=c_`(s`+v-a9+KhLw)b6wAVR{A%PEyN~`zq8kw
zlfCW4P}Z=lO7AJb8lz7|Wza}}&#E&D-5%80X?BfKXqUx$&L);2y{WyS50C|>Z;37$
z;Gvciu?zgm=IzY8n^yaFu#XR|K47hvLaS{$m+s6#q4mi3M$>jMLX*KcgLy_5GQU=R
zy)PeB>;^j7we{xz#G1R)$cfhTOQoZEw<{glorw-tP5&Z3vSS5DDQ!i($Dr#O#4=Qu
z*nMuq9PGiQAbiL@l4p8<qL$xtmne2%<=2qkhinh9H{-8Np6%mZx#aM<*eXF{(X&S=
z2PH8aLB2ZubzS$6gRwHGT(0AL>Px_>f;E;s3_kZ5n~<*ugzIbAe0o+zOJt(|#Na};
zW%0ZCN7QXax9Y!Y-nwb|>Mo0xD{NZM7A+r154{R4AF^rr5!b{s=)jzkeMa8XjFFCB
ztKxZnr&jJMymQKb-b2f&7cBIN%4O#2cZ{L6`^211{L3%Fi`bU@hLfS4+s^ykih-Fi
z@*At+Cu;1A$FLb{w|zyqS>Q?RhxbIcWD)ymga+6ft<p*5T=VnZVj*?LWFLx_HAf?>
zbf5l9C#h}d7px^{S$ceJy<iZm*YGUnMf{P|k&jB9(wxKKc@h0C<YV#M@bGkgJA73F
zzWMzB`-J1G{>CTrnri>_!v^k;E$qj(4IoPf5YzF5B8JiGKT~V6pY|vwh?b%|`abVU
zXkzXeRC(}c`{Qf(%{k)hL#=Tidjnqdw<o-oepS>i+qyJ;av{$oXJ}&eSn^_gb?0U9
znd+lvw%0ge2cM^>@DAG;YURE_-PsR}yr!i_-u_A>ulat1_pFT#kuiO0_%>|->XNLg
zBF{+sGT4s?>fnQPYQATRUrwcNgg1HGEcTAXF9F^M%Nka`y2MMK*V0*&t9-MlC1Om}
zoC+VOt&w;;c?yY*mAv2fWA@bU?_8GnktJ3ADyV^L<%czXfP98$MH`JN`Z(jNz4;gB
zyiM54H@1o1rO0u^<LB(6eO8}|RnX$ljA_inROX|IdASH#dSMOoWX4B!((i3PlAVj0
zKj~uUS>?!1T`y&>e#7^he5`pN9^OCu_^NIEze#gWy<gRPIye#=V<|cB>^W$hD(F}S
zZTQ_<yuM$^4-Y`!=YVM@&)cZ@9&$Cbe+vF{aCk^|YkXhUXZyZ86GQ8+<6JH3)Q8EJ
zy7Q>c&h(mR=9%}u8hciU_n(>E=KlG*e~FjeJY=<VmX^<B(q}e2Bl}6Vm19Fmo^u$G
z$?uL`wEPb1{hF@MfZSskc|oJ@yd&oNwrXBg`PQCW%^Gszx5$XvQu5i<9wu&4<Hg@*
zkBIfhSwZC^2H+<=#e6))J<E{+i#-FI3-ICh(-t1LxMq2-mFraL8D#1f`SAJN+r&Q2
zV)kpyn)2+csFwI#&iJ{Sj{%L>GH2`1PuSrHRNudq>jRmOdd5|(^<+LTAiuPqpnV1P
zQC^5*tk?LA%kN2CJHoQ3`{eL`_A2b+y!G(l$IO%BWRg`MF(x_O*x6}0e?c~3kGCE|
z7u17eBhOj(zRoAar)53Jo|8Nl49sEfR~5^q9-nB^ESn!b6iu=`<*OHaIF|t&)IUCl
z#(jq53(Te9(z7&{YC5B<D$(mZt|#YDvEy=R+C;nRDVLBhmI2<Xe;#?wwvB#p0z5Pv
zUP^?gl8|l5mYsxLD`DJ&z>vu}TK@*JO!Hc`lse$PlO`v@F9tQoYd`Sps(#$qwKX!i
zW-E2Tw?^`)AwFvI)(Ex4$DE_K$?NDN8Qp}B1OMf!&a`CG9C%01sP_Ha<f^6LZYk%P
zAOGCq(LeG1As-`4GJQC-xDptz0M?nnj2-m@+m3q8vZL0mxAr-d52km|8>uaBzJETv
z^gO*^-M}8u2aoH0cTf1oiPVyK>in7`r(Q@doxge7M?X}}O3p%Awi=&^+FJvfx3PZU
zlh8*=#!B^TJT=(5pYyw?>ujI@y6b_b!NEUwUdy!1-~;E7FQdJRfz*LGN-gsrLicNk
z`$QthYib{7^*6?+5|d7%cG-I7HlO^e4VfB0DO`5@@l~VzsnMF@X1s))hA+9V4*b7F
z4ykrW(J#Cq=gfhpfOQA8zZX->|9YPN24h~#_|tp?E2nXO-`Zoo1C`q<SWDCp!-pKq
z`=$5M?-SmO-b0Kjh&`k_*hMMSip!wp24~qt7V{qZaHF*anJoCeKgxpd8sJNfhY!2I
zg}#pfUkfs84Sc?pbs`$P%=zt;H{AP9>i2&2S!%(bK1-rzQ_IT-KWiPsIibYqYk$}m
zS;x9Oe&OzH=(vA$@BwO8w#@5q?8@bx$tL0&`JSN%n#T33p(eph$*~e(Fz-2=HBKCu
z^}MU`RC4FfHd>D!EUXa^`<XXCxHsWDe3iY6MdtqIsOD1kOm4>y*ZQ;fv2w1&rqCHr
z>ExPd|Ez&^SUkko)JQGgEWfd7z>Oz<Bk*PM?rA)0nkVqaw7XK*7@qGvHkIGT)ft1c
ze>Lq5WAd42WYa#-_{vGyznc2ST6C@cX94p7<|oH9V3~A432PyO@9ZIVDBt;g=uV8C
z^V9?3>sVts)YhK%q<>8_HTLF#|5)l6%>(CV_How2BVNWM7QBlXS>k+RQENR$a}~KM
z>Vs{tX?|a|1)62!u4P<}c^_jw{hWWzTGp}VUvkH}w~ly{IX?2weeZIQf0_DgoW_gD
z<M*X+7SHTu-n7^EIP!1HaEou6<M`$ilW!6@!!O1+De%pHn{S|Dly5#Ep6u{VHfvHm
z(*)0K!4`6!r)NEJov};);I3rq!KM;Jwdpt;{IcyBL^gAt&77+aLlNg_ErqtF_;t+Z
zrbgP7ub?w<q&K(c;s<#QGfzQ%g6hM1orFwOAMHtJ^BcTdnuweD@pt@boUaQk!e27{
zC2~=YPU1Z@Xm^CQcqz|2%ySM_2Ddy+n{3p>@WU(AYgWz)_66rSP;*fKktOeQW_81q
zST5f4X1nE+H!%N^bBxxi-$yn*P5aBdANA8GJuBDnkq#O5He)<)gof}f+fFjMgf*f(
z$VQ%#!W=6`D7<yeFZ_T-*ERoY)4PLtXIXZUa?52WdF*S-e=_0ap5<}ym)r1H$HBj(
z1NejBd?)QLnLhC*a6s-)DB=4De0YvzdU*M)<EyUYe<Cos<2s5ZJch1Nj=W=&d;@w!
zru4x!OF;GyL<bB)7Ys%x3_))VWuM6#l0EL|t@FT3zKF(>OjXW~_Q9neq|2&&U)xaa
zJ85$jwc)oe9XWY6a8!-L2A|^DrFCG+!?Urub=JcePhMm(=TtoItKnV$yuHka=6d3n
zkyQqM-cjm|FHSHHRI$!f^LH;iX8O5LjG|vkII$7?Qofq`e|UH(|Ig+bqQ9yCmVOi4
z`<tfzI~6!Ys}uP?nNLQlF|o?`?UpL&n#h_w#YJ<~LPyuO1i6-Owo6Z522Ex_n@ge5
zCD7_(Y~<<q(S1xC@F?=G5gP?MO~O7}s8~ZIIeXYNdF0Bp{*F9N`LiCLU7To4+)Azr
zzEbNBY_C+_(WAa`&LQ|Aby45YCU~U^ds#9f#<RTF2Jee!WhV_pR(00z4|YH8b@@|`
zEqjp--VFJ3$zl0;lFxPUd+A{CBd%0MeAPbz*nP$%*=~Y8kNw?zU!Mha$Z*|n`H5*c
z2KN(p4Oa~`HqBygG|sFc#(|~C!y@v*6<Z(6?@Z=FbF>dTZuDP{ulgzDt@S0%`vN+7
zs2Np_U6KVax#!^5x5i>=)k`%8C$=;)2g<t$Gbiymw4B4zBD$B@bYE=Ky~L(F`v<L}
z^E_yk0*&RXegRF7peujbA&pbQl`a}T&3fysUzy!cX8=2N7Tw52{CYZeNdq*E(JeLS
z`PRs)R_G=fiXC9mjocEGZdvW<HXOR8=KSuX<EwOb5;gPZwSuS4M-_i(-Oia6;M_p$
z+E2_x`&W`tTJu`_;sIR~JSFTmuwD)v#J2zL6Rf?DBNM*G_c!@m%jX(CgXuSjkK~zj
zYrpZwSDCt>-x}A;f62LF{MNUwMdcgMxr{LykUiBlzg6>lI&D?(TLIreJ{RdfaRm2#
z7rEx!&2xoj`|$9!|8{)Uc<$SGCi#|pB1^4vt`A?;2ieru%yU&dK(>ZaXZdr^UcB;%
z<VOaP9nfTj@{7<vp)h)<5Z`X^b?hgdnvZ=?UHBu$%Bst)cW(4Pvi9rI6RVteF6AE>
zypzH6O<s5BqD!9{W3&c{cVatya0@xR(}L`Kk#h^({k*&Hqvp9}E^(He`wm7{-Eyho
zajMx8i>*sG^s(_C1>Rjf;|-p1o&AhC%(ce8y^C@GN`I}Je&)Ds<I8UN6M_FBe4pp(
zzm)Mc*Y7fiqs{dsJ1;T(ZJy(2{udj@fs!Ydnz*^IU%~YU?bx;xZ&nOh>&1x;34Y<b
z@7u!jm&j5NGS!Q0^&w;Jx%IIR_gcSQ6RG==n-Q!@fzDqtr#09c8s~j#95kgNYcE2V
zVACJQZf-mY-|aPHSIu>vUHiv)LJ8QJS$yzA!;RxSHAVbx#r9FIgY18;W5rJz8RH;h
za1LN|kTdBHvKKTmGHY_9ccf|iW(}bRegXR;$E^6A&KJ0sdxe8lV_{^@suuPpkyYaH
zySYYDrA_sHjh+6oYxA&OCzP`n5%7)J;ScyL^ZQ!0Ma%7dp}nVbh8?!jCgj~*<i^&e
zCr#dpe5xkCUp?id&DC~%e-!ckQs3G?NWXp`8p>x}hyAvXngNo@S3d4p8KKso<jba|
zBU(z3-LhL$YfSa?m1qAVKIE3AqgqA*W21anu8BUnX3~QDYj}Pw&v(XYV(-%QJ-IJy
z2r#`ia&uNf=@#ubXx~A54%M7ZRV0|u`<ciD*_f&eKOUIyUve6WnRwEqM-s#3$igb-
z=~KSNzopn)Rm@ov|M&9WW7=OjXL4jt0dzIxCbZQa<656_K<DXkrfyCnHiGP}b>yix
zFyDonto(|T-X-pW&YDg8tL$NB{{8gO7~%%%b2HZji}p;>bz$Kj*vo#3Yupku4}Vm6
z4EQur^YHL+-rtB`59C<aM}$Xm{Y%FBg7vcIBqLY!s^Co8tVzUUKJA}dek$_$)5xX@
z<~d*apPyh0BkS|gk<<B|1D(j}+%*6ko?Upx=0W6iRxUi9a~;SPLw6^5j4fla<rm`v
zy}6$=->3(_IADw~=J&us%pLyAK=x$@WvYgC!n_*v?jYpQ4fw1>7-QqYXUucXM>Bsb
z7T(D3gn8S@tx>F^0@$|qF*Yp&wpqY78(l}-#LNpz;P+FkD{5w&u<cwpZu1$y_B1e_
z#<=984P(Dx%f-O97TE4%oy{lr4Zmu92ER`SHu?R7fb9%mqvnzc+Zn)iKd_z27`qle
zyIFO@1lw~97w~&v6gJIC6Fk{s^L5Eyy<3z_{!&u7g7vI@iYlHnf_;i|;3V(G;?uXY
zOg>G4Pp_h;|8VG<kKI^6y~svv$?`Gywii)HpZ0QS-@=&Ac*;xCSR*o!<@iBauCb1&
z25XepN96pJxSsZjGiWz?1isb2oWr*!kHEL$5%EU~e9|Bufo~VzZ1JtdBPnJ+X32Vs
zM<kELtHg7|TO;Syya*r4e=B2+>G{8e7sNN|HlM7+mQXuq5#-!%!z39b{jXXg;tMO6
z0^azQ@&P=dtA1zYP{12IGrvp=jfOwI^?Qpqp5~ft2<1gc7L*ec-%6}c{6_s`d)+66
zzYPxJiG$R0h#<ED;NFN_7H#)K=SJ!*XziEu<%|P+?R&^wY|?Mm{!^^4{m@!#U%nIe
z@d4vtWah)nkLG?fZQb#M)||r+T66zXe$aFG!^g{jK{gaNXHEuwEjp;nGYLf}^%boS
z!B^6mk~7ypOF!diPMtOmfn6mVOZ=|3HngQKiQ-m6?Q6PMeL9j$$8NIZQb#iBFxRB(
z6Ta0m-8#7g-8$UouMCVpw?Yf~0|&d%t*!aSmTvVceGW5LI{Efh)RsIf{hAW&m44lN
z_#fA=v(M<getif!#_QL+*LAF4#cz&&ec}H@{d%Kdiqo&x0F!vutzS1H3nV9q5w_8<
z!}uSsU*|&Cj`i#CPW9`ByW8v6>F-%GWDVE4)~~~DIWj6d-CoBBJJGLGxbEoJk?EFx
zZK5vH|F2*FXZkgd_1XeIim#<x#gFp)q$@qdbsNWUHc~#hCG;T%o%jf~=XK_j+72UI
zD#jMn_>mFR$*YtumXF1IdU<YLTuqLjZ01yS@#F#2J7*kScl2wU>(oQH^sDj~N96qa
z^N9HlMlt&J2=N2QHg@aSc-vU-UmLb<{PP8F-c7}BFv9m&S$raSEPj>kCms8OZR<KZ
zb}#%O-nkGS60f**>|+jG=veLZ+B$ZHTgQHm?7#aR#vms{_NSv`m&zvP+HS6CzgF)#
zIyyGrwk=DdIyNnQ4>*V~sP~XFk(w0g*p^Mu*^h16#QYSYd!=LXF`_zlHaa$7+m{La
z9$?#-f|HoUfl^{M4>G5k|5IqwJZp~sFZ8Wo;JnXp1<#khm7d99Z@wq`R(&0PYx<PX
z^)BeDHKzG>+U}su(YI=ALuXUprkVOy*L1JGWBN8Gr!tuf`2ij2+YwyT+8uXoH~My|
z?aLN(&MVKU#$IYnGA6BpC!#*<2S(Iq)%tXNR^_qo#b1@*N<sWhyQz`0=y=ROttOAg
z?Vsx0#h8C8o*J3+w?mfxl)oka^ij({-RSmD=TcLxBmcB)3^6|Wl-RiyF8{Phz94pP
zk!|O?{nOWPw0N+9H7Ng7JowC7^yjI@7L%XxPYJH8K9uRBYCSkQbPGDP7GINh)S^DB
z=n?f%8ACp*Vsq}Xw!8dPQ$FCQ%6Hb8g0jPdk`MT)j|n#PsO3A4F#XgY1Dn>BTaW%3
zewQqmf=rNq?f9wr{Eye8tDvtLi)!bmrn&X#iU#J`@l$Wv71g6F96xm-Hlq4$=bEEO
z<qya{ZR@9|MfK=H@X@|V)2YN?iOX32aUiD%KlUcBwIZ|68D->(R&%MzqP0hya+iG6
z&+skCVdabmYE_XBR83sh@d*p?WgVZenLKRAC!ET>WS^|uqtwdn|Drx*RtEJYpxJML
zwG|w*ScloR@7REBOo{rA*8ZkjAF=mZdph?KJ3dfF-h}2sV<l%At<Tdge|WI%4-d5c
z;elQF!-HJ@@L-oeJlOV!hj!x+PaSRH@*vNa4o%6hd{j5gSEFNNIy5EcAaOXo$5@JP
zb@Zol2pu1_EB*N%wSr@|ucbe?KE@d|@P~XC(L;F@>Coc_{ww!G{3(6<OIx41`Dmcc
zM+^8C-xNgSJ1IHaZ8#0&k@T|SIZc``e(M=o#AdFb4PVyMv*I85vV1?WGwRDm^=yr7
zQ?9jgP2<Qmc66=Aa&$lu@3fVeah|kr4ftw}45v<%^z3%@r1UItJA5+o+raH?V2}=#
zubGR^(s~$2TUG~tuA_tH=Q=uAey+xnuGM!wW5BEbbU#;c3;xK`uKilmXN8WxfR4)J
zbmIMP`em_Sq%;1Kx$g8|Lx1JS=pMC6uj)IdS7UN(I&{~bt0}jLl{<3FoEO@sa9zIa
z)mQgSw`LI|mTpyyxCz}lnY`tP;g=d@c=$TcE|P0Qrx635%7=9kPC@21z2K>t%YVNo
zwbIeEO^+KjlhLzBKbtkV-i`rxq+^$YTa4#M<|MP06@QT)xRYxScA#UMsF&4|j-Bn&
zv2%N<V?Vi}y^ekNXO@rZ=*1H0SK_?!KC1Mq83V?~lx}IGU+oyMTfe$vz+LIq{}fDd
zx^*Kk#rvrJ(U;P#^Z9n`))M~5>(;u@I@7IfeAG6&^=EIl*RAWZ2PGRm<676cHD>#*
z2Orsf&blWTEGjqFa7{I7N7}lz!q%;Nhe-Oh(blhx)TEz^Zf$bu)-soF9m{V=w@zo>
zNVop0>(yTa=V4@KJvnl3oPj?`F3MC-g6R($+HZ~egYEU}X7sDhW|w}gv-N8ex>>R*
zfKJ)KwSRWZxyaVBKjGP(>DZPwerih22-c-^Y{oyJV~>5my^j6MPc1%)*RgYfsUx3t
zo1H5^0l6bydX(>Y{d(Yl1*7z<eAX1kir24Sr>)F+?+*Tue*K*9-@X;~V^=tS>@L}?
zT+4)q+<t65Iq?pUxc%67z%!`>y{a4`>A~?lTY7aJHktnKVIE|Av94PEF5h+?y42CD
z(_MO1{+;g2;QOB)GuGak)@(g6cc)LKmqfSS(A3eVYID=9n*A*4Qm1b{eH~q@HtAA*
z$8>2-PTc{WJCjojxF$XIqbs}7qwKflvfrwh@BnnF_FI+TC4H7iyk|dl!`xBEB*}8^
z5wM@y;eM-hiQ~H-#mE1WeO>vk!bR)&3v;hEvAHypydL&k(V4uDml)Q5O%?ju>r33>
zFSg!6)1LF?A4gV+C(QFJ*l$`#e-H0E2&YHk8PQYyo~EC4Ndx=9hp5T5N<Q)!?GITp
zs3dM5S7#{R!@X8c@<{yTl$=xG7wPb$jB^*)Y(II0<0n_Mk6RJvCs(ttq4)dNv5&h4
zAFDQQAGhA#$E~;bantZeGwfK^(fO7f*aqI@%7h#6i9cLp`N@m1MQibsO&!i!I~UqH
zdioW7<d+>CZtvqpxHsNMei0wp8ON=|OXR!bAD7^}C)@sUoxP9yo?t?U&-Mu>?Yps8
z0ZhtKirMu^;bi2W<jx|#l?&$h$G7u8ro$C~NXdEo?-BF-!Ukxo+(2jD`#qzg{;_0`
zdms1dH!U4rK)d4~KZkv(J|1{OuqYRiz1*mO>>k&&BcbVY;M19Z9Ojy0%&n}S+leuY
zR@vy|672uR{nj3C$^OWu8fPDiz1O*RjO{7Tow*(w^>h#S^v2j8Zr#WKdwaO1k8bbb
zz5$%G*kemTM($uu{a@|jiqDTgQ~#bwZ8<cmuzl}3>{0F8Rs)-}Z(DE2iqnV{{}=nV
ziSXTGbV8YH-?oyr!@iN>BkV68B3|ttvy8Zp#&crJ?(wcMb+&5O=sl+qIj6G@wVq3f
zEgvP%NBnvOc_f~7$Cta}*}-u<dxY_htZo}$mV9*L%i=*RzMK@EihL2zJj1tm#ELIl
zaqoUMY?43P2UgrRs+U>w(#wbW{>yJ8tLm)ya#Sxj%iiVMIq;0~EhHzL_%iv3rf(I~
z%PHYc<{e)pS|0R`%z2Uca=!dt;>%fD_pbfh=(<NgXFKbjwUuM9d-=8b%vF%KN6-(N
z_YB(p*}B+SZ>xZznD?2wiz7>i>Af}4NWT?N)_eS>?uCv`(AW<i?s)Qtw7KKSZn~D6
z@#GXUN6xLQJCaBDLHn-!-g~(&-L`sWH~QL%DZBKwlOMI4{3y;QZmmFHOFpUw^+9so
zO58dddn5thH;d0vbcd<8pEb-psiVZ48-13}Rz0vUxW0$F%f%Ve*-6c;QFL~)sk2Mr
zy*b`wm(ETOf9Iplbarz1X?Vrb*~#Ip^fUdx6OB!W(b>OGW?vY2+`Z0L?v<spC;zQ$
zon4O3)_EZv`Q6*>+^d!`#+L5#uiScj5OWlZk)=Uj>S{e2)7#PftNxbn?dWao4@dPj
zGEu&_;#2W@yVlm*8mBY89iM;Ic)eS1Cz*PC7cgmkJNsMN$Qa3=pYSca&e7S+_#e~R
z$|*_7+4tAZboTI^dTdqs5~j{(9XT=WtvirI$OgC0{x!N<wr?W*<LGNgHpTeEv1QZ3
zuY-qTLI<&H(%a=-rG|gS^_DTgEv>A-RkqI7zHq$GuJ{+$*~_G-|HbmI#OJctB_|sH
z9H|w36PRP^;%$S8BN3C+ej)E<Py;b3{IIz%JTiQgcI`1}Uzj{0;%KQk?!DozVgd50
zC1=Z#AsxlFTcWvFmK}K>Ytr<&X?Nn<ZoS=ATsuSjvDC?#r0zHCKVb8RvoEYzucNoc
zgAU((6B#4EspC7Qw=F(NwPBLpcJ_tg3#+byc*FLmTi##{^tO1z@u!c;#--0C@QvG_
zmOk3kPH!iNk5l_seDSWmCoG-qkJH)Fb&t+=eCDTIKC^VTd~WG%?FVb#Gim#0>ul{C
z9K}9w!7f_^9ESFPyNOFnk2!i<zuV|-=y((wx6#|Q9j48#x7*Ow)Z4rl0sbB9?U-Cz
z3+>HVbq6x(5!Gx)XK%P%@3;5oeVR1#nn#e=JhG-`)+q9tPb6pkq?%(>`h^@HTmH3V
zuzYO!*HcrBNiV<$(f#1ZWBS?5v5M;EWK%ceCpVXpue`@QvRSrv0k(A&_q%=Pr5|*r
zhZDnZJmTo##PFZ!Cp)%blziuu@T2(7=D88P2UZ`qzpQg!N}-qKH_NV0%em@PO9zXm
zR3BFP&((dYhhgVGTYhuf{Ab5+o_!iNg?wFX@ETX_+w@V{UzU%m{afwhntQmulQy3Y
zy~WFxk2)gUKrTx%_>c>}#q`0^o5WLQHllx}V@1EHjvdMVF?#q#$A7l<u-?;*_F)|D
zF~5uqaK@`~?Jt}D0sgam`jNK(Tx{<z_Y-XR&z4U=(#*~N+bUq=xsD%j5i&#a<Y~SY
zYhdl0IndSomwYKRb2}yTc;^P%ims9`+9%h07?Lk~Z_UxWd$&jR?oP*7mY<+LxvYQe
z4|5;O(YwR|JIrVJi|RnLC(xAMelK|s*A%B|O*3*ulK}57)w6c%n=L=NnmS&Nzd()Q
zncJm*@kN`7i@(9Tl%Gr?phPoog?(eEuX2x_zVch0zKZ$$vt`ms<d9-|FY@d?icfR?
zn*18IJ@<bAkNg=u`vIOE@AsN{S6%tiwr;J4_8s}g|7Ggdm~Z^uPb}Zqpxs>az3_>r
zvNptzP8>_J<Sf>_^6aHs&jAO=Cw>{ea{I*hu)f6$O?=06tK}0H*f44B%g3{QVoSGb
z{cA6n?@ZQzahz`bioO1C<C<*X4t?V2K5$C-RB#whtlIR2@o(e{XW4teygL>?6FlVW
zmi<ldVWsD+Wo}NRP3zfDtlC-6id8$l@^pSXzOoam{=eGy)!IHZ<KNIl-$o~W3*Gch
zbkw!Hhjb0KKKh&QHc37RH|f>SoqT5KdkQpk;?~;FjrzXOugKg7P6^8&&^5`NH2OQS
zYqbUJYn{oRdg?<rI&vp|FPQc^u4^y&-OGBWUnkn}Yw2`TMxk5F(FG5}3pK1Yb3Yh3
zo&8|xho%<{b1!%cHmvO6CLiw)at>t1NK41E2F)`c6{jv`oYB4{m(QCNuBM)C$8qYU
z@ZTPGbZt`DyU)_K#i`mWP6=<u=Pe<ZM(^2ou50D*O4p|5+}Yf<t}Vykt?{<iwdKfS
z#i+|{T`OO=r@HoXXdka@&jBAt*UCrz-_*4lucx|ptYC}NwTXf)s%sO&^N}HvFT415
z>)JQ@AJet6<x_J`fwqpWm0jGCuI*RfUe_kb?`1uGlWV4p%6jTf*CuF9J8M2JZ>ta2
zl#h@)!qT-(?2~F8m)p9woW0}<+rP~uUhU}59pq^_`m@NEP4(znr|-X#u6@YXZ7*4H
z)+`&>b|1M;d0KJ%$WClmdBs-`Hfkk*rKb(@mLIjpdz`j^w%y?9Y3(PueOWiWoZnX~
zAHk`Yv24G+H*4!#@ub_AjgLXQbDY0Vjp~@bO*Q?9D<86Qw4`t4Tj5VebFyOkHZfey
z8W%qdve*B*=zBydIp48i>Q3KY@SpAV?KJF6@xW@XN#822<?z5(+n0^yT_uI5gM;*K
zx?<1BR{62gx6;$nLDIMKQwt7stZ$t)-QC{s|CPSgdi+QA?Nn&!*0*l@S^74qjlMmP
z{=Lz+pHNr0D}DPR*QIY;FI5b>?K{IsJA*aS>E+&}<_!F`dDQ)AqVM(8@R>&KnK0**
zU+f9Co_=3p%LZ~no}v9M+Ml`phL(BM^;ymt6;JWKgKyQ+$smSt3H_H7hrZ7<XvfyR
z!2<=<4Y~NfU`q=&$lUdM_m;EKsqvTZF<Ph4zY6`k85pVKUz5arz+#^LsrpB^^4`Cn
z`_tJgu3}xOZJpLv(5emL&nUgTgqoLIIn$55f|*r63bs7SSiEQ7ypH=cX1UIZ(mmAK
z4sc#X)}W#{%JG9s%=38I_s73=*UWtAJI7O0Csg;%<~>ZEpXk1>cc8PdN#;LL@y`6D
zt)C@4`1Cu0?1Jozvw#2D^rznc?6*HY`dRa|*3aZGU3!TpG#wl{!>09b)U(-mLFwjQ
zcMV+g)?Eo}-m3k2_;29#mS<?CXf%i%w+#vSj?~dn4IS0b`7M2S(04F3boS79UhT!<
za&UQ?cQWUD1}>9)pcXsl8773UqkVqh&DF~{3|cb;`2MzVe#^K3?-lZFa&tEAfp+`o
zvw?fFxsP`_n={cx27T-L8=D66{5{l#^so*FQ^#@-wQ>yn!nX$nw?wFkv<+Ik&A9>*
z&J_?{gkJ*rL2ohs5I%ngzg^_Ne#R%?d&0Z|eC(mf^S^P%&0Bmj!SQ7Cxr3U=@b2o{
z!1~uMgVy{R`o85Ev`p}<<Jp2Ih!5?+qx&3qN}1!X;HiYxy@5w_iF^v{TjvDCpS`Sk
zp2s}TW1a`v^E{n-zL<Gd{eAJy4(9t4d%iER=X<a{-#eM_=a|0@%;N@ozBkzOeOtd^
z>r-5Nnro|Sr-!d(9oBhcbDzMRFJ{iGnX}*aGj_Fj2QE_$hp+RAc$1q|<5+Y4$$<A(
zKk}#KHS^)4<qPj<IgL4A$@32}=Zl&1_4L`n{ikr>O8QKoy^?2Bx4F52Yl}U}&DPp^
zZ*}E{<TZ;usm&hdy^`7+s<l?k9M5MBP`hZJhk2(?62AlU^q#HOz&v!j>Lrms-TEnO
z;0EUZem;9VL*}XeKkMzla^|1?YjX`qh6@ht`Ay4#V=Zu$0>^Ss0`-+rn=@Gh%XzkH
zHEF)@<Jntzw$|KzJbNq8794uE=6gBM6@UGeXY08e`9wTJ=k4X$Z}IF6JXg=xI?_3s
zm+^dqdZ6>Dsay>lz+>i`rc@a<CDdvy9v%D@K48e>8S~g}%*m_XF^_ruqfZKEWS;aP
zaL(nPEa;pC`~jX@;Wc<KAATBa9H@uRP1MQW<Mr=vq)tahYQ{;N=aEzY#o`wNM)qTR
z$10QaQ6-OwpRCjx&^_v}m|v<VWm$CmV|rJb+RuXuT9)w)5_fs-<QCZ^B|KYoDz=;V
z2KIZnm%P1Y@~O2pUIk9A4`;0UFCw*{!e@=Fl~mS>)9$DJW7^a0H4q5Aw>oQ`eSMI>
zQqL4kGO<BKlaj%P`Tnv~Kh%A0ws=7{(FM>|_<j45_WCA^dNt}d8~A22rq;7+=H(my
z{aORMf8~EzHGOZ@+CYvsneA513b!22;@;7$6=%-2LVwMfXl_93*Puz2i=X`PQ#$Lx
zFIx36cKL_Z{Xy|W&M(`Mm07=9^>d6f%U7@U8qJ<FSFX-ClA5KT+|QJpm=ApJK3>+9
z@OAg|0Gqq+hj7L}As*`qXMK6s?(!s~w)C^RcE3TL;u7YwnE5RsE}~jgpVOwCx?9kF
zny37QSuLWy&g!Oq*UbGqtB5th`Ba-q!7so%aP);EGm69)tPRdGGi$6BGtOe35#$+v
zV*JI7T@H--j49qfE%3Y56;CFbGGrO&TMl4d4;X6653Qw2#+pL^M&E$2uH{e*ZaU9h
zY~Meh`ztpjB0B=j4U!Q&@4kieTE36Jaw+{k;l5}1eF^p1^xMZ+KcRgvZ98de@C^)q
z;u{>^>KWRs+I!Ey^FzqBk__3#d_4o-55Y&$fAPs4=^mc*EMpAiSqI?x6R5p!>K*9-
z=6NXRL`wIF?>}OVmoFUKBKVuom2dO^6XxVT?w`lmTZ35V-)Ec+)GORT+kN~O4wd}B
zp5Lnf>)_6LIh!s9cS~OJ&LrdO-e=IaH-OI!?*EkMJS*J6O}~Y&U>!o+0TbUr;ZJ=-
zs5Lmuyk9!)Oz@T5628*2XM(T(3*U&1?@q=T&$EPUCZAbe&%6Tgl^ro2e1)@vZ}q~{
zY<vfX-vRzl!S@;NUk<*5!RZFZd28<cmbYko#>W3?{x9SAZ|Lu?Ym>n~m+^jD=sOwW
z>6dF-6R2-E%S-&p$6iPuvo5`KWj1vU1JpGPP}eYF!HM4(aIARuJZ!oq>Ko4U40vN6
z=S5%7cM7(~v|ml9ZeU=|G-?G>hm1WuOP^j%+e^sZ1{d!J;N5(5nHOBe6Z=_@X}$r=
zCM;aovWeQ`Y0x*7Pr5Iqxs{wEt?2;?zh8aL-jp@h(|;!YDCV|FV-%vVsG+#45B=G@
zZJi}M2VdLNN$|%q<jySgkm~$Vmv7lDPnuaH(4cntpQ(Rb&v=SOrJ^sYnFHw$)#h^K
zkfS@Ug5USKbjPomM@#N56hB9G$3?)A&oeyeQ~aRTeCa)OuHd=l%gCk*;K{e)$wyZ{
z&brSD{C@S+CsWoa&n1G~YXl$Z9nK(XqjwrR&^xNneLG|79`)DyO7o=JdS_uv(b10d
zPM)cEs%^a^`bE3}^IqwlM4R@SAJN~zv$4g}JJP$-O@8JijX8;4KN6`GZ>EEn<}3hS
zS?lcUUFx6nS$k8k*9uvSs)PP|wPdrSgH)GWGWnJ1|CkOs_{zVw4%z{H|6?6Q%tbmV
z8(NjH*4#R1CT%^^LBy{95gl|c<4Xt07VA<6Vav*fb#&0F^mpWN4t8vJI!LnjC+ML|
z;eFM1m2BStk4r8;%Ljd8%3nwROBZye13qA#x^;-ocX42O1HR};C;U}<0KG7S=YNWR
zGi5E$pTV=G_mJ=A^Bs9C+1!~-{tM4@%k+KxkCV|mC8NJQNo)R>HAfS4c5C}uT*|!`
zpZGog1FvB}-LfxOBOiJdzO!VQ><*p5n|XpU^H$bHg={eLH?#2D1K1&)1xEc@<3Leu
z`D*IbJ($GaHFdOhJUrOHqYfTceL>}Lt8Ua2D?BT2LDszQO{y#(oK{J_{Tgb6CN9!5
zd6wkB0N=<R*Jx}{U`PItism`UXTw->c{(z0Hv5fb)E=)Qk7eC;s=GKmT<9@Y3g&ot
z*AY8);H{><p5K$y>_1lcpg(Et>cFwPc5mm5qGaeR_|lFQ?#7{5<sX<<IRN+rMsj6c
z3Uz3JBb8bR*V8Wnz4Zz9*nQAtS|+uT(2Mf3rO#%g8w$ZAi}6K^5j>+Pa@X!^&MLa<
zpq`Nu{s!YqPY9RG_^nv<L(m|fGe{rxrc};GR#p?Yn2Hasm`FR?vKQ??aMuI1UjGio
zkJEi4o3H$_(W3oW*>ksCY1I7iyPleiVMc8ZuuO`h)04<~`P=bysGz@_4%u;ZP(9$@
z&_OgW9&Oaz@fA<aL#%D(5}ePNcc9BseAu;o6MG3M-s05ZYne5LJ*z_2sATtVOxc~q
zJZQdBp`~B69B9-U(9$FLjxIK7aReGB8UD(&fvJ`96>_+ywWK@;H;po(?Mv{-VPNs!
zKdYtwC+RIEti#Wld#&vT^s8b<9_DeDFRfX1wzE{zt&4fMioA|O@+A-RtSZ*|VXt?G
zwbqlu`|nr0HYF@w=HQVA9$CVpuTh%;9&Z;PUzI(C+RUsy;Zej`$pZu6l2%y<yaAs5
z2llJ7SbN*q|J)C(&A>nZ-e3##J8&`UPc@OV?e*tnZk4wwdN(q*Xz)7E7mn`rQG6&u
zeCq=A<@xB#wsikP@$r-v*0?i&6F-a8KFAo@d!{UDI`Q}_=l5S+zdzu&d^bzqCWq^J
zzG9a8FI!jNx0q`oF}#gy;@kh4+PUqRno(fJA>|)wezq|`w_O>mslk`UzwT7_Btt{V
zo|mGsCk5G~{pRHGz08Sx$QEyMWwkAPGJuVGb8Y0pT;?amlnW`QT=)*~T5=%?xsXy>
zhm7oqA2xI%7jAR$1Nn9ELvpy3F~tw%T$8=xZ^sugd&aS4-1BmnSik|-yex(O9mT8s
zGp%^8=(v^mWwF*N^iX`_j;|Edr27KaTKA-OxYkpU=U%PLA>hru@443ac<3n{{9L<j
zy-}0Nn8Y?Zq-9``WOYh7m$g0&+>-|;R|Xi@4?U}(XAWz9JGJ7cLH8Z3^-rKtXY@4X
z%eCz1j*iKf(->2+6VbDNiN)KB@0OsuI*LuGK1s1XM$+*}t?XuJU7y(rEqmk7BzNG?
zhzG91mw7QRt{3miyn!v<;*~FRM;l+p9pl?i+~#WHHkL1QM;l*8F`%w}nG}~VlN$A9
zo}#vNHT08?@?#gJ<HN|8NvSg0#lfz`zH!IFV!q5B9r!ZD54-ebEO_$aL(7+W4__wP
z^ksS*Lkmy?yQ>&l$G(geLvwr?Cx#|J$nj-Fd-*c%7+Sn96CX=!jQTQGJoSGgmUa_!
zB-y#FNc<i<*A1Pr)1Ns`bxi#)@VlBbBZ~K3(CX9zmoHRByOA+2H2NiEIA<Vds_w$M
zsUePHIYH+H-331v@9W#@^t+LMI`cs5)@gf)Ha-7(p8vRU^`sAsqDk<D_Vy+Yg#SyZ
zIp|L`CSMnskz0a)tlzp0JQK3}u-BviNx{kWoKaI0V6VpT4@mcT7HFS{niC5YyI5?T
zaFaiQ_l1X)a`tig2)|+E3I4`GjA#FzWf(VA4=%mDVjz8n#rhO+E_NW9exAU9^fJ!n
z)3^oXMrba9BfZvGAQ_mx!8-56049yC^Ii0vZ5TTg6G+f~+c>A5zWzR(-QyW~R{CDg
zf&%`NLuKAG$GAGz!FP^vSrp%L_MoPMSN^a*3)ayezlk#(IRl8=$pfHK{RQ`4?myYM
zL;I&{4?~-=z%c;YTn}yDfHwJ_J_{PSH-DIQR@W?OvfW>L`5WLnm@)LfhW}yyYfR@^
zYR{%Uhjz&T{cqy`e*RD8?3e)bBc_-mTqEogyU*ft&Jo`_3feMvPwY;g{NxAeldE4#
zpS<;8`ef1VN!p&EtpqvIhxpF=;l?i6T^>*3jsrj8oKde)SwdV<u}}B;ch<R3uJfRL
zUg|W&&MkMI`Qb%I-bd4oyv8ZiR-a+y>6stV_91Og@XUsrIa^^0=f{E1VSfLPXC96q
zpSV`V#}6FI*o^PcuKe4*V>m~R{(@09z)tn2{Z`v9t>-^E2G1GHclm&18+Plwq+^SU
zqUR)4QSZxGkr{&4D<_VyYGylQyu=vdi6<{QzUmCFiMH-ouW9ph4rU^}D_)W>^cZ}U
z+1J=Onos731+9gR1;ji#`;I>9uiqn0UQZ0)&$tP!6V_qte9obodyKP)IrpZ7xMPvw
z*^!>adS!nm-|#leZY&x~9Z`>`c`m=RhqA7Sg^t}eYje)F^vwycr*Bp~DVsRx6l`6M
z%a|wl+231xqH)uJq|((>$;;3fr&9}7=Y4J^*7)hFwIeiU6MUq7xOsPZzM=l}JU>}I
z-IGu$-k<9kup^(i<Ft2|nPX(~?9&)yIb*D~#~`k6?nP`k-aq#=L;FVA^Mb^$v~T$-
ze1P83InG~aUu2%*KjrX9iD7Ip*XtCWE#@Pytq;CJUu@TY*s%SHH~P(b;oE)2iY(&z
z*`AD$&MlBlEqW&e`-E~BNADH{GK`vr!As9ADlWhL_Q9T(0l_|b&DdTEL&;G$yo3UL
zeERU|%cmco{u_*7>3J#lds=EFV~2Ye*87Z&*=5Pp6*(!CKDJL@7WI{pzZ==VS>gBO
zgz~1G8*2R6sEOdCs;;!=Gu^IN-pG2a8ABcGG5Iyf)Qw9FWU`SHDjYg2q;oU2HyA55
zmcL@zmRg=yyCj*ln-m_w9_>}U;~ns^*TXv3`9!jrW_d<5moU#$`xEEoERh;$rnOU5
z&6!s8lMI+cTYz)i1K?>a{9y|`wP_k->3Y(_ueL~cK)a1$J$GAjDBF`BnpTh#3V_#s
z8;>IJ=n{uu42MS?93HiCcr}K@S9*cN54yo2tvwDa-oQ_JN_couLfPv^gU1P>d9%+n
zaY>(T<PocAZMJbL=?<sjGo$lzor6>6a%*0^Dbaa3a7EAO<*VJ`^dV!#&C3dNUdq6y
zY+PtsriDw7=OrVC!&wdv!)zRu#BiwV1rC93aCo6J9JUFEvqIC>^%94w7!Do>hw(NJ
zuf}k=zZW>X|BJ5qV@U@%P)7*f$O^s8`Vwy}8Z$0b64~SbCI1^&7`a6sT+phylAM^f
z_so#yC@bJ=l^p1ne;Q&q*6*=pK!LN?Qq8qC3K?)^hd7QhWk5xo3|QMKj(3_eU}_Y{
za~&CAuQl-8JAt(}zIQSpV|<ifRyjC)-C1if98T#44mWgzLuzL@Yy*daNug=8dx=AF
z42SPJILvm|S`3FnyuaIC7I!=k=XHa_$Bbq1d~6>4o-}wR+oV71Y2zFB-g|lWy78d_
zna0BOySz2zOSLxHaxAMmIaU?JX}p8e0%vWdMc3BWUf|^K2B+t3oRG&Wk`~7B3cfkz
zn136%ZL{=?aLe91KIF#92pGr2Gu`6V5X0-}pKYEgbLJ|BS4A)Idgtez$pwpN?rc9-
zmfkEIfo#YKO)KlA-Ykvj%{LqzY8>4^B04u$_X3A?-QY02GaR;o!?rP@Y4+UoSjW`G
zaCp?gVT+^tV>q1J3mk6j28R)y;ounw-=E4EbYpubyNt0>*;V4;u-(SNJ2E;ChriKt
zzR&LlhbG2~<9ll@6@bIK9Bh|f;t-7CFv-E;zib=|V>rCt3mgV_gTv<bIPA3S6>uo)
z3qPFJyLl)*EjkbV92~MMZCf~o!^&RZ@TVuc=II}IhQl^+nC*ujdWl0_42O6BWXq*I
z8;4h8I9%5Y9G>n5hbue7!7~cElmI`R-n)4)PLIyR6AlhjZ5+Hhqb(^cd*rNM;IOD0
z98T#BhXQa|Hwb>{B@V$D4mUeETw~)<7{kHS3mm3(gTo=-5su?&n;*adn`By9FL5Z1
z;ZW${FxTOS7!EsmZcpuzv~F;Ctuq|935OBzLyvJ-fq%QvsEgq+%)()Xf1!!P#@bh7
zIIQgj4vkNA&C?IG#bKlE-{PO22o9s*hckN04;Bu_8Bu;{_-~V^SNJPz9K0t+`Qe6M
z;P6s6ILz)0hXUbn68z9h9D*?%o^^0|)W)GOhQoQiz~M*T;BaPp99H<t1pnzF^u&s3
zWtNW1F7ufFQUL$F8-K}~kJ6Z~yVJp?$<%clYnQ}u8PE${zR?XX$G+Z%x3#8NPbVQ?
z&$4jY_7CDx7sF+$gG;N8i}$4H+WI}u?<tRGbc4$qE?kH+ZG6RN{JnO`Nui%EJtOqW
z-NaMzYyH$dl}{@?HCNf&^5L7)LN&y9WgAwrf8V3IGGh90n1f%yUUxiGx+EE0vbIC~
zl1<;1J()J~t;WYY<Nw=C-}Zqhez`5euhyF$!z(3<m+Y+-+3P&;(m#M#FoxG3|7gpE
zG)E?+NAa553%s812Cr|q@KT&GD%Z-=;VJnay_5;1F_{o{aHw(SCWgc0Uf@vH4Gv>F
z!(kgZ>?LNmt(Q2|#c){Y;IPHU;nf%p{d<AKW!>QL1@9_bdOo-1(2OGD&=(PpzL2=|
z1;nS%XYXSQ=f`@@eInw#E41%+{zmrBZir0qsD6xV-)(I<=V*Rl?z@@&9-!a%k493Q
z`*QhT_d)ynLUH%qL%&4!>zw<tbYElp`<BMtcN_iA<v#6~IQOohjo%v$BR%xuWye=N
zMjY9F{Xyq?=}DnyxK3U}o9mU%bt5(ObFTj+b{%^lJrt&`!rfMy9(t0td)#e2yNb5O
z?lzvchPEHN+l-S!57Wkej03|)qx8g3h_)NuZNU>m%W0eEZZl2{{g}4zy4&hTg_h7Z
z+uc?=Ds&fZ-*UGFM}_X7?J9ShF)DO3ZI`>->PCicpzRWOTj|KqT-u7<ZNZVDf2VDV
zyUiFGnnl~!+--FuLf6v9euE3&5uqz+o8WG%OAB2_+c<ZdkrtXxTaLS}E;V!^ZF(Qb
zo@3~j8Y-YI!`;SQo=e+EcUxUbXcBG7?zYmD&{?$U{p#p=MoQ>(+O$s;ZL3QTWznX*
zp=euaa%c=~%4Jep`I7T>?s9JF>R{^&R~=tf%$@~%b(_+SlxBndj578%8rc)!Jk~tj
z6Q+;$`T~q0y;2wKJjbX8omb@AFKXp^+N%k$N0c#S>ABiFN@edz`?Qa;SCmxRC*)_p
zsH=UV)CNzDp4<8=xfJldpP0R$J^7dTU6NtsHtxRwScjYMH+cdD^i2%^Zk@4m?r3sx
zcvoT_XQ=62q$2RpKBbkrlpel%5a*z?ucP;i?|Rr+sXqB}eNGq>>+^#8uos^j*JlOi
z(L3Wb+2foZ*XKKlu|Dam7>B*flj+0zDq-mxKkrOtmz^5Q)?OMgU7<d}Gm<_f%-3Az
zO0Y90H)SS0v|70Z`#F<d`)2;x*`a#u2M30G?ePc3k5BBw8UJOwk1xJY=IPNs2h^t@
zwSd?YBH`@sf^j=BQ`sx&cM>lhXtXk~3kLwR1LI5B6b_twy%nn;J0*tqs7I{v{=#@Q
zyz7ub+*0es#J%A3=$PaJ9MgJn#&nPO;#XqhU8M1bm0tc1<GJT`EA0*~?y~!AkLxq`
z(O91*yH8zQpH;3tSMXcUdMU1tZ*^>(ZR%5AdigW-VNO?=c*(B=mn>{??VbAl>=zar
zA+5oZv(5R#-pvg)GJpQr-cTd<p9OnLcr;^cyw&dUu!}nz@8|?)ymLAn?-Gs2no?bB
zH@#kW;jq;1b5~rSQ`f}s{78LRzqin*&HCMTa&+xnM1S>}7vCrIE73l8(dW>NSWce%
z9fSR>?_6Yr_OQv(%t;_`dDfuH=Jz<?d;Q+X%#4NCw*)ya^<&<*7N6_=VN=hRjtk{K
zgG}2KneZaI_C0S#Nbl7tKkx$1^OO8gKYziv5OMMq2K^83@7tR7Y2Vfg?)&t(@>y-2
z&9!G}lTMHvKbeoNscwtDllUf=E0GuB5_R^{C_XxOH87j}6V|o*DDEp9+O@L}afF=E
z0py#`MHV+Cb1pcvQa<0a;G}QW64ZSfNAIjjrYrALGTFmNa?85r2^Vnh5Zd&=6nWmj
zessE#)?CcHgy`Iv)P*!<`6Tlh!^01o&qxkml5edA(dRT|fg>|Z+5dLtK(sDqya%{P
z*W>5IN6y1~?$xt{d{=YUdgIalxy8t=kv#9enVVk?vvR8r&G4A-F_oLO&MY~;lHb+R
zM}NJ59GBQR-=(x`es*lIa;wO}T5)r9K8J^QapqhFebi6mWizMhKfH;#{A=IVB<4<M
z_e$qDV||r2@z)UWR&M7J^7jv4<t5+2XTpU%+G+AF`wrr>Y;tC$zcj{L^c6W!W=>}X
ze3ZVxIFM3SvAXg2UAxzM`{b=X4xjfkYCk9MDRL9<sY3VSSB+2>>o0i}ITwX}@{~Jp
znD;?M?<d%2OBt9_$$L9F%A+ZU_iyJNfe-KTth{YWpU^r!x0~;RCWpVe4V#U31WFlm
z-2h9+jjW34xNWpMIhjYyeD7aZE5Ac?I3dbMiBUdU2_G#XN5tWyBztbfN7A1u(5akt
zBzpnbv}rDQNSEr}RD*mKt;eC@QqNqgPc`$W`Cbc7j-8=(D7&IW_mZRHti{F9L48)z
zS95WYcUYz0!(Z#tu87Wy@=)A%h3G5Wg7@2UocG&gW5~XcZBZ1w_wsbZ)7+hn;SYKj
zrkD50)0yU3ev8I?!E@W%7@gOhr1u|Eb0tS70Ka6qRi7k1e13u>BY7uyr6p^}#`QTq
zFxF=+eQK#oDVriQuHT|zv3|d^$I`y6`+1k05bHDGAxqv4p^q(-SD5SAWm5#z2e|vu
zNAtFwJY$V#*%S|(HpRP%whqCjkWO-R(T(=_N7y53Grr5F__^KZukn3cHpPF_r?yW<
zu5{^#^mF603){(g-u<$p=<~<8KIdVRIDL-Vecp-dQ{(FMJ=rjfvpud)Qq)FB3Gb%Q
z#J>Jq**e;<MRuEOtutGvBijA@m>699L<h!tnz2w!J8e71TE89GInH?GD4RBd=A*z<
zv3k+Tu`vgN>#hBV=E@#;SmQc&Q>XSta`>|G#81?(6Z>L->>kEj;vTP4`yx5~!CB6D
z9orWZH6H8h2F7#G>joFC=h=O}6W3=*)YeJ~ze%54y;-@kAHGSyHtWr0W1Jy-i$0gf
z_i@=6|4yIIY>Y<Up=_d_s$`_jSg>r3l&Fk6B3q*&CL@1)am?0mbiQPt-nksXr*Td&
zPx?b`+Kczorr*jXRi8H3(f{QA>3wul_kSH6r1LlO4BaPK^sa~Wg<I!qJoUSP{;I2{
z|FV-cj^uAX?UK6<o#}t`Ip}|$Bbj^2dB@GV*7|)Kav@&-Pn2wR^uLY&eqU0QMzzq$
z)c@QoSb}^@-)|d2-MMaZ3*EZbk?D?qsNBK;`d78iCEE`p+f@rhx_F_TW9Z2B)Nb+&
zuO`pXk?p0t^J2+%`F;NIw8xB<MfkdNp_%mCHr|W7ZE$L?><N7Goyt92q};>5#c~fj
z%Gr~Bv4mVjci!Ps?-?sKPJq0_>YRd_bBV`JCC6|r@869MQ>$y?oh?Ud^zKSZcp|i&
z+Aa@~+!x;Ch~^-fdUtsEZeT6}UcC?8lQq1gHMWLF@*D?W)dik|-Jm?isb(Idm5-51
zAB~?vj)`ff73B0Be^<`pJO_Vr7KQ&gHvWsjzi_?qU(}Ma-opQL-XU&}|41`VJvS}~
z>uWat;*GZOFEZ`aM#i$>Kd0rklR5X-nM-mOdo`D?T*b)_E}6^Q&87FJ)?EI6jfKmr
z9pch)9#cZ6xL9*h8^y(*3vv~EycS(~ihc)v@)X;x#fR;+_>cwv1HFL%k3Va_XW(8-
z_r}9do??&TcjYL)|E|qT<S53&U%0}8KV^jl|D0aH|5P{dUl9*K`FlNv-<7*p?Z8j&
zUOfDBmRaymT4uq2RxjXR)D8Tn#KTYSUXS5-<?Y?!z)#*@JpAkLvEaY`9t(bNFW{fv
z4g8-^b9mWa|Kx!77=Bm&XORPcfd#)?7VW!R@Gok4>23@DcX(z`Wzon^;kRVb>rwcT
zMQ3KjWKr2^J(Wc}k#YFJv3;>53zwaN?8<g?G5QW`E{@!8;j*?vTsoFTjX&+0mmi4Y
zV$Q`*|F+Y5G8Y#7uKb;kerNLX&Oly!_~+bY^TJIQ{6FXg{F}Rhe@;C7p3{2{zY)u~
zsCD3<+8+M(^KD+3Z^5763;4^sf&Z*{`0*urzzY`rU3okAI`Ci99{yLqYr)UvjcJz*
z=>_~(cLTpS9{#dk!0*c0xx#^eZhQFm6<hGXRBXY&hxeh|^K!@QKdT$~-(f75UBvqD
z1^ljjol_k67q*9g^fxW|k6dfP|7<VdZy}y4_}be=mMyV99)9w5dc1yIxjLWkw)wZB
zJ^XX7u;8C`g$4iOUcg`94g5F7!%wbGkKuRa>Add1|ELAOTNkXKA@~=y+&;sCe@2J!
zcWjqF(kc9wE+~w`FT2z)U9b}$W22uO^d8!!7B9PU&mVAbA@{tUUM{lc;`Sm7mr)(!
z(lIZ5r&C<4wKOD(i>(XDH}COWxN^+rIPjOXhksw81^-Kh7W|*^er!*9d15#4?_sPq
zyj<2JAIH|kvE1yl9QesEkEj3W^DOv}oNK}VN-yB=+YS8B#=}p%p~v)h<(7LL_{lAg
zhkwo_3;s!yEcloA0{(Z|BkD>PEslrZGq&gO8?oH3ciypO5qahD@UI_lumABD{NL&Y
z{7-fR|BQI}iG%i-{=pdh>mB&XDHr^1S+sAg;Kwc<Yr%h7hwyhSi*D@{eoGdmN8v{n
zr4EhBqO!5QlSQta!5=udkTV!R7o$(HdEsOWmsZ}t?I|x8c8ZH7i#}njHoUy87jxmt
z6U=wuCr>aQ{yFRkC|)xu-GYC6FW^6+8~9&|hoAlR9<L==9^eoM{y=-Zygtq5g)|HP
zM|%PPK4Pd{@$&L`_zQXgzboHw&n}yn)7tCheZy^DpdP2<Wpg`(zhho_zEk)uUielN
zet2PEmdOk3@ow~!_jja_*x#ORV}G_@h~>;Z?ch?=9+x@P`AUYba|a2R<Zx~;a9P|9
zF4;CN$qUa>><$|h8>y%8yK?^Sbl~4&!9UTC-EAFQ(Y&7b;*%HN+HxE3$_xH}9m1bv
z#_nq3a!hA*3jeKU?5_1fi<grZPV6=Z@aYGQl~3^r^Qqxe&F2?<e$MAfK2Pv@oX>hb
z>-bdhS<B}!K0o90Q$B0>tmgA5pGWwt;`1<{hxn}I^B|uG_=NZ<=C6HsD+Zq&ehXNY
z2d0{s$_Y@umU03VmsM<DF@NQ2X`fVk^Qtj1h>!BMw70K)fdC&rAMNdT7xRCf=Q%O|
zay#a)9Iit4Zi}(|otS@+Sgw1||EpZrp6;XEuQ>l@lVUOdaWi7^V8y?y?0tVH?qAA2
z!b<LQV#e{Y{}0$hew;BxlLEf~Kur17K$rWt*1lvn`|AN};N`Qwu6_2rhsw<wU(OzT
z`2eGq{Q%Bz@P?1D*PefK+r9Qw*IxT%vrb%UcsqN{ssU#0wWpeU?F-p!58UNhseJ^|
zWg&apC57IFi<kAu`#Lx;_F6Tw_uBjI`Rq$I**Rr<p_A^ph<+v1e2Uc$NN&y|X7A)y
z&oyKAiQy3UmNQ3M6WVXmSt-_jQ)+ZCCAGgXYz{SjD(P3uo(uJ4HjQI^J<}blpQ}Ci
zg;q}X>0H;iNegpZl2p$Xm^#|;8gt=s>KJyMYooO>^5<6m#zgk|HAV{KYMp9q<#qU}
zP2|o2$T0Epo9FlHI(eezeF5%s??<hH?xl>;RUW_t=KlZi@PP}oK9j@MxmrKJBLCMz
zUWV7q%g{4aPv($Wzt$6OqOWSORSzy`si8(yjQ)w%d)sZ~PEvS0^sfdEw{N`Nq~k57
z-1#Hp>H6@66OcQFJX?7vubDX%+H<<u#E+a46UM~wViU&y06r_9Mf+C9$ptm+x0275
z5h`JCFW+M{uVbBv9_9A_+*ROO%)Waabav-Oh@O{mO|n8YL7kip&Pd3~@fbVO2Q6z>
z&c=GyhyRX}mLk@MaxgXkPciFH>qB`J+8cLrXnuCV@f3GGBf+>kqO*9&xiE7?Uada+
z67|_?(%29DqGSF*WIX#q#=_YqZH_J4X42uZ2aJ{O@g79K-0aH7`INKx*azEa1j)fM
zj5c+W+_hWKOX${U?$5>|54k_&a5CP;o7ayE6+^oPCY@urD3`??oBW>te1bJ~JTf8v
z`ET-kjjevl?;<ydoZE4s2krc>VNV`krTU(tgELkxZK6klz2-hAAIMpACY*aMI0ak1
z=I{&UC>7RxZqm<MALdvM<3j6z%b*678^4FRuLS(6z>hqqjVr;g6#VkQ&$;iGFZ#Cb
z=iVk@bKv?3|BJzqdv>mj(wMsKo#431#_@gbQ+-4?j>l+op7jO4h40%F#bdErSL$EK
z+As`c5AZqbV+d>LQvdN)S+x6^Q?0oHw5i`<dwn@Ppg!W2gYc>P8NyLK$9D<ek~8Iu
z?W|9;{>)Mj^=IPhr!M8alzyt?4o_w2TpmyO8ulawqh!<ji##jSgT`~JVJf+h{w?dw
zjixb1sQ!oP-<aeHKHoUT$m6VsTIt*RLL-#=>75TWu-|_X<M@5S=arvu*ypKf>@S>R
z^$agy?8x=GlU3tLbW)z}>xUw%8pj09J@y99lKn1Y=-Pwe@}K8ZTgX-S@z|omn#fX*
z`Hn(R^^N}BA9{y#`WhJTh8K^oS^(XJmt?=j)bA4I05I-l_PCdt--+Sxnse0lEE&<j
zp-CeBbib3&yaqUL0VdJey+$89|G2px)IQ06#tg=eyk^n<i|_e(&!P`9uP^efU(GS-
z|7sih`*M!ha`y;(JGU{H)?B27Z?)%QJ#(R2K<>HlFG~MLo;?>=+jHTcVuVJRb1@?P
zA!A`zJg;1?mgrohflmr_PYv(;p=V|OyvdXI*>j;hs}IOMxczY3`S98}X+Ewq=i@?f
zxd5Eb=iQMh$Z_W6wYGEeeS1y<%*ntm=A;=IHP=n%H#NEJIdSWz*qm7TXQ~Uif&OLC
zN%N!JKEXW|xZU&P=$KsB{Jd>H@8b#Wb)fq>(u1tu@PqW<#&ed~&(d?&lNZ_1b4IzI
zqkU!J^(M~=7~)NTIJ2xzDB~sRgSNU?_~_YlurI8&XVsCvr9F<}CDaP^vbI+OPe(8u
zof2D%D{UB_28PHKYb{1=-LnQ|Q|j#8)yE^)y%sG6^KRz3X$tSs@Qjc7mW*lUyP9tg
zI7r5b-#%q-o8Yni$m%R|s<Nr^mF-!!I-h!4vfq5<W?fg65K><+x$P%olc|RKU#R;n
z-Xyno!RMSW;-{8ZI(50$p%cZovW@k>nE&Ei?KfjLO(?gYukjA?d6VaBoF@7#^9G-H
z^1AA{|Htr+Tc&)SF&z8MT(48C_3FroMq5T)L_gUuqH$wCi~mKFr@&wQeNB{>_L%{%
z8OlQ<-}&57A~f9lxaG@ceYvMza$3188PH-5xh}{|vyPTiH%sHHrdI2l<Uew5Z#nU)
zZ2Z7!vJtRH)`P!);oKJRI?w=}1e4Ao6CT#PS{4owpEb7!M;fh?Ee<@;sV0KH^_#FD
zJM4O1CM-T+xsLNnRl|$gUV^2X`Xx0>(_7vJo)X|WI8t?u3u_Eu;u)sQwbs%99`3*F
z1owTWeKfbF3cD~K-+n7BJIT?D;xB3vVh;{z4&pnHEjvH&w1=oU#(G@Lx*X(LzIrQb
z(t{1CIg!lBU>!T_)4ewHS)0MW#)Jyi+Vy<gV_m|ymol!#^fKntjK7uN%c&<f%NW?K
zdW~m18f?9ov8VB!eQ%%8Jg#SOUHuA@mal$_nv<ikO>?MMH<mhfvpfm&wrQS$kGT(J
zQd3c9UoeN}T+44|9c)^>5S<LaG^AMTKxgo}_569P)p&d3^Fm7oIkv`%X~$Da8Osl?
zJe>WJVWht&8^N@vJk+;3Hme*Mh6RodC=XN5G2pjr*!fh$u20R8vC8G{hYstHJ?jb8
zV2eAlt4Qx8t+R5vo!XoaqhFMB-C)k)Md*wR8AEI8{F;c*de2Zi^@?!A-ndTuKE?>$
zxykZ(-MX$CyCc`ubywKBt{S@|#ng2v;cWIk8<7FBSFmSnyCYV^{ZyW@=lY40_Z^OG
zEG!>t$|T96uly2w#gG4F)ScG||1>0&o|pcmQ3I`88<rZfvsX4Qwd{y$$q0DjYdlN5
zsC6XyQE$tR$+Rn%&|_Z{PpvfPATd1sY-@g;HLH7-Tlot2NcO9~;+V(D#q4AJeIFlp
zeZ@c0NBuS4Yy39t490W#-ps8B)(Ub_-SdFGn3oN1&K#w)1~Ze&Ry*@^hCM$PkJ)<M
z=JSTbkrf7XlFSlpXTQ#K`OTR#rpy&Q4&Gm|R~3)<l{Vgk;_x<gEHITTZ<h5^;^jPP
z;1F)kdcLR-U)sj^*$K+gO$^`Lw=MlT8fUOQ&Ln%?JL9ph935|sJ>CMwV-1?M8C%Eb
z9GJeWPkU{@W`wSxMrHmK<GCf&kw4_?!<w>mvf?3ncK$axg9*8wg$>qpoe^rh&dAGP
zeX8c}Y}zwe16fmIc5xXr@|(7px26#}t9}j0i~Oa=0p#(_Mr<<0u(F#MJuo21c+{0P
zj6h{GYy1=Hr5E43c*F8C&dw_{Lcx3UH%#MO_51Uwh0XlU3{ZoW^S7D<)MH&o`zmkJ
zj!2>L9P2o5J?9TZuC?H8gpZnhjL-Wjf>-t99e5jgR<g-Y$>A%2w;p~vvec-duX#41
z;EgPC;7u~&ZQ5_aTW!PpR5$Q)-bxhSwJvxCXXAC~@)Vt|6wLb+n_@q7rOqYq?+2fs
zgHNyZ%NcFY2g%)D%kSBq`&K^$UpLa9ImsyzA9CN7z^<{(|BQDz|2a2m!J!$J3~HHm
zK~3uz$)PF8iM1n)b!)GU$|Iintrx^&M(A3;HP;%ek+Bu8v7e>)F(%pVleBifaTfRR
z>`BhEBmHw5c=p-+*Y)XK$8YJ-7rR>ZP+4oQa`uB_Zn8VI{tsfCrQ7RFw!Zu?_|crV
zJ-n;p%$t8oOb&j`zEdOf=Ggn{r+G_{uCruw-U9YItGDNEM>q4Pn(NLwQ%!bfotg7C
z#<Ico1K(2S>1yUkbLH_>a7J9Z>En%Ko@8%I&cBK;v-RJs^H3z$4?~~&WMgtia{UDx
zAIbGwm+;Oa@<K5zE6$h{K5)Aw*Bv_$ot-!TnP83JaA24PEJf(*;-m*x`_bE8^lXCG
z4RD)l1p9G2&*{w1l-&FM^VU4R%XbOS(EONdKx3F^vL}Y$8E?g&UKGq~XAQ`fRA2pX
zq<*aI*=M*enf4p{TQaD<ZmmE*I&#~R>6zyHQjYB2dPmQ6>qpSXty`Z2esdmNK7Dt(
z^>Wu7bfjA^v**BzKVCThgs5(vvAJvAdM<uPyl(v-&+16G&Za$H$NY--q(#SDOgdV;
z)m|4`bn8wR&a>&+kuEe8X8<pF&(wuCzQ%L;Jy7s7ubSU_+Xk4_0h|xoa83hGcbrbL
z#fa*{Oj8$r8#vs$@Sb2ycU^wAr3+v6bwAE@dz@R$XUBBwkfPXlU$e)1hVh(t367!*
zJE~Kh>MeahI<Y14@n>I+6h1i1m)cxDtYh6cYq)VBOS*A!!EWhBe_HwpmVUh3)Q{`9
z_7(V|Xt;sRdH3$^LyX#ypWppJ@sYcCzoh*&^yC-5n4T;q-k(LyZoLoa=t{-;IcH^e
z0A9}d^sWak=A4-XQ*RDLZw{>d1bL=&lS<K>8#s4lIr_2~y(#@^>P>tFQ=VNA+-&O2
z^Nr2Yn-8Nme}BC2!H74t8QHdldNDI2Cs_E@-wi%K8y{1D-fikn2cJgHtrI>q0i%|)
zu^%wNXDRsj6%TXiQQ=d6f*YSC>s+x8@TvA%_&nVUd`!J+<0Bk8*Q<BC^y=Mh^y+`Y
z(~Z8idbJc>+<Ns+{#$yrZ7q?b@w(NnDbm1Nxc52nEP8@(_-cjDdMfJ^`+YaRd#ZD9
zJCm`{xz{>y**f=1{)>lh;CfdvxD?j3bng+?bQ)_qpL6%J2DjJ2`SyDDYdw##=ik)B
zcRw%v>dZfD)SUkc&iom{{0EtTAFvdecAw>wsK4gl-)220cRK&|_Wb|07xQoGXZQRg
zqZA{F>F2xK>E{{Dx2YGXQBkCGg_7g+^M%Ibhw!^(qgFfXTxZUJXTxE5n0={6+yClF
zPp`cVJ^jOpo11`TKd{V0hkpNgOHb#cpE<iL<nb+Ay_nys6>p%Yv#{@^tFyEgxv#{Q
zv47@Shh}shgOqG;-e|3XCcd3@_AzqK`TZfkZ}fJq%lC}4bopz-OV92^m%q$)>7d>8
zkN3Zmcn4bR(DA=FvPU@UOV5Hv?DcANik~{){%htC-|_5Md`G^x;ye1TlFkX9V8&du
zFQ+>B4aiOBKE=rb#D)y&)z31F=DGJ6Ep_q(49*Wd=2?)9ENjB{(s|_#*p$}T-ta8L
zXYN5e<H$bI7>gN$J;dn!CETy^^MQ>$mzmc6zD~z+p6k~b_I;AC&e$HtXuyZkIBj*H
zCnq18RC6D3h!xIxAnePmC}&@%jPpRCVa`*mpOPii*e3>3>@BxrVZ(`qwRxZ2tVNXa
z7%?37cJ>}_TeIjU#wg{ikYe6fQf;H}(67<n%W>M4(WW_@WzJ{&v$PdI(p(hx;XP%>
zIZQl3vEtg%<3jI!Ej4rpZG%NqY9nbc<zmM3P>+l~kes`PgV#K3b3vfY_<9OwTikx3
zv3ad`xOoP`?Ocl-_bd?YtB>#T7ai|ENn?EQGhjLvnIPNGc^5jLv2^C~LDrt&b>2;n
zKg-y`Yo?7?w!KcBI0X1a>0biu4*hT8x10Xou;@RmEBZUndI@-K`fqgCj5;BX{(U>3
ze~t}j<P7oC|D67x0E<Ka(QWBJtf%x}+5!Fd+}b<(AJQ1i({}L67-gJb@sqWd#JB#$
z;AHV}i7mGso@K2q$T)L}EgS5$hkP#L%oqPK%ZBjbPstV{h8PO?{gs@<(p<rq6`V1L
zY;E?lRs+~b#RI*A2Vf&r!teJGTQK~AN>86YGZbGayl=4?Q&^6zbn=AtH=Huz@f&`W
zHGA+c_!N#h`O@n~opNcPQQsY0$p5~hzBl+fv;B#|*Nu9TwoLwK4xZCz;0<%OrGKfj
z1<Tk+SH4Swa63P^Io;!3;2*zqgm5e;Mj;!_!EqVy^n%X`bBQ5N<NSlbJw^?=JFWg=
zBd>tip=gD?BF2uq^c$^?3^_<_`xv%_%Z}dZ=YIK!rQBCChciJqpW_PlM@4%_4nKQd
z`+a-c4)5^(3+(&Xo!54pbK~}B#Y<VEjN#RumPwuQQt?T~33sw~x|3xNFMasaj(I7c
zG2F83EY?@NEW65HbEkE~OTkWL+3mJ0Yd~g74y7^PUgWWnZk#Y(IH1EN4<yS{k!5$_
z!%LP`A<OUZ*5y4CiA<6lE3xI+bKqhim)&w~5aU>I_e_qBwsAUgdb|(RGumfbwC|A|
zySEeCH{8;e_Pgm9Px}_ywC3J4;p|+F^_2F%WITuVf9Lrw+7Igq?Jwv4c-lY1IK83$
zYc@`gfD<-}X{R{0iNPA0s&lA_QCdElFRXmM#pudckpU&hn{;H+Tz)rV2gr`hX<GDv
ze6|u}06yD*%K7}3&!$+X{Im^>Rf^BHJl<!sWo01Aigh}2M7+l{7GzYlm6t){U(<kX
zR)KNgHJ-m#Fv;HFnI=s9ZY0KwZx_x<s+&BEF{Z7PtO_&_;2CaNHJ$iq@j%a|<winf
zfY08K`~N`ase1ctJ9jzbPnnQ;sdv-|H!SH>cCPMYf2VmivheTd>ds<4)Ua3~8Q3P?
zgRGlYaB?Ue8R&n)l7~+0C&;`NlUs*uWpAwWeU<Ot+&1>}m1lY%``JB(wcW+O%C4KN
z_*<c3Kd%I$v7ep9PP^Jy`BiKC*iR$R>L~WJk9K$LNBLdlsv**Wtp5Xj#do>q>N_#~
z>1m3wwT%rq^fu#a9niVESWyFX75%GB`nTOT3CeDV4o<A-qyGR7{E;%@iyz^R6+PVx
zyq>V}GHkqF0<X4qG_j<iHeFaZ(t&RX&Ms(mzddI2ITp<vTlz=j5C~4u@hil*M8{Ji
z$9SHd$HsGH!>GQ)E}r4!uPLv=o!{ly%0c)`HnRN7Vsys36N0U;2{v0_h)-g6Y}?$g
zj-I*sAADxGhtKScPb=bibnhu`VzSq2`~ltbWhp%4j>!f$^qwz2Wsj>XzHDCL;>#xn
zMEP<*@!zia^7qtmi;u~AStlLw<(I(V=1Z-YtIf5P7#`9A--&)E&)IbAj?enp^z4++
zz{}yY1e?!(A^79??41taJi~_bqp=<Ekrk8O=?6~nQ48}W+%n_%<Q3OG<)YKA*z7lt
zi%;6-_i$!lj`no4{vT%F=ny`Bvd2G3xpV8_PsYya53aJM4iN`9Z1{7X_P%zz_Ni8S
z{W-UJhfd1%rA|8R%b4_HpR7r@^*wV^ZokQs4)+UAI&2h0?>nkB#(2(s@G!n|+q_%n
z8HeKf<{nFrj&mUH+HGH+8ol<LxN9#S9T&a!aon}TUrdT#`!McW?icydYkT9a-PU?h
z^xB`}uD#eYV-n|1rgY^e8VSbC&FEL{-&#3c)JL6iLP&WP{zbR9R5QOf6MK@~T05E;
zF?*$sA09w1ZRPqlbB<DS9^?6?_!HISh4|Uy(!I{LHEpgfZgcIYZLZzj=GvoeuHDt<
z+6`^4-Pz{a{cWx-YIALQn`=L8bFHGywS{f2{iw~gJK9|P9@pv)M{L}0fByMyVh<hF
z{?pl+X8eg9okPrr@=mp{rx=to2UYmCqJJ&1K8LnJo^A9qCf33iPFp^0_(-%3jkXmE
z#y)CGjkXogmSMJKMB7qnEA^>gR<!LL+Sn(h?aXM~S82m`q-}DvEsr+*8`^@=w#l>+
zJDd1<>x^jINZN{9BNHSyW4dh$IR=H)MAY81RX?ydbn-Knga1+FdmU@hp<9Mcx1>n_
zNp3oQPQQlZ5#Wu{sf9M;GqlC%bcD95V`_`h=`Gqg)rz(loet1e{H5Arbox7Obw||}
zqtoAL%P`wwbowi8rC&rQevX`S@YqFLLu-WezOLycoh6?`Hb=t(Pht;kjV<fo-QV$y
zVmr>(m961^#*SV-V`~qe;kMZnbC`e~HIsW4!;p-Aj^Ef`InMhKm+;?`-LW|5t6v^l
zCHu_jbH3Fld{)l!RWEa`D|uLjFXWbms)2Sh?{Y}~ZH7jr*lKmq><;X-GZ^=X30G=P
zCBMl(&Uxv0WRvo_PvyVPACF(#?)c*)z#_bE$4=HgBTP7lhyB1AGU04%FNz-0mB@vh
zA@sFu(4?Fj`Hk+(xy2kOG3@96)_%tLV(&vE+<DlF3oWvr>GVBzqv$t0+?;)U)h*^T
zU#@8-Zqzc%3oqJvjAjhUime&!%_!f;sfQ-~r7QCL8{@@m_1;HEY=u_k*sh{g1GHL*
zy!wFWC_lTwmzJaXAm=*g4wF`?;s55E{J(?5Py~yUhuSi$5LhG&UN_(WxY&mM4inGR
z@LM+QuK@c6ChTqBCpb3QvfG`w)+6i{7n2vbgxJ|fd_<4V{_9!>ecj(BhIdCgu|s40
zJ!ZVox$a)G*l-)O%=+V5rtM3dYo`-4)?5=e-dT_AE+<Y@GNA3d2*~T5io1_{gjfXc
zaS)$xbC&lq@U>%FX1}}W_gCnqb>Q5)o;K0&KTO;c!?!}4F6?z;^H#o=X?JoCW`LS^
zjvsvk&+Cc3zVZic?e&@A-rMUQ_Td}5@S`I)SoZoH`O)Wc{sTUv@)M6g+qJ#k{CRtO
zJ(*{9WUmjUJ>FiQZ_{xMbksb%W2z75$fk|OO%2wUlPA#GdB%r){lj1Q`jWfk3%A-n
zpLD+J#(p@`Q?r-%LC}@FSCSU4hi|IUVei3Li^+#8!`@OZP$T<;tFf(S`TWg|@JE`5
zdw8ce-^V@)IZ{XZ2V1MpHg?GdYa}-fy0*5!Th-()*L%};RKb&@I8R&SBzZ>c_>%cM
z${O0sSPi}r<RgvJ`vTz)kxAcX4SdP9MJCUU3?HEHxdCI-+Wy9K4eb4wGxiA2s7g0X
z#eQSv9%Mieoog`W=e$et0r#nv;yz%j0ygC*O=E1md%?L6$iETcKhOs`@>~P<PX*&@
zOw~Ki2hVb1_^sssho{V%oJAbJ9Q?ET8wYqdjeIYIy*x9=y>%>ketvR=FQ(6O`b_6~
z0d#8u4$&^l1HCvWTeNC~#(B`Lj{5_gQ9akgS=C%yO#YTbYsogzSoaE#H15|LG2aWY
zVbnZm&NSw_Ly?)%8Ile9w&sW2Yp!Vzv%7Oeg50MX$huE+%p7vB-^@`HEhqYdTUJ0P
z*@f%Pyz~*|dL`u?p-r;*Hj|dg;UDuq!WrnIjpitiz4sBGl*;&V6?;>go~w2AKF|K_
z3rjEMn(tyJhi_pl?b&@od$WD*TJv4c5#jH1O*Hz5_7ClA&RY2{*Tf$)vyQL&6W1&`
z<mD_CAMeHV;r$p_PU%v;ZxQ1S#}^TA=-r>cJZRMHWi5-&M~Jturt_-d4Qiw^Un%B%
z9T9J^zJBTA4U&ypi^)-y{?6dLg>~ZR(@Kuqm)^u3;tAa&o$iMhbk6)_;BL<k$?!vJ
zcpcZ={BSz|#S6u(^=jxmG5{|y-pjzSn0Z5fn)HqE{6yx`AP$^iuBWu{N!%-*_yBlD
zL;nWfNHfoQIqjNDhc6QK-*41ve63@xQTbL{%ZaRW;U=0)09WyjXya!s$J0jZRy2}q
z`K8t_aBA%ec8yVRBr@|%d(Dc5T6@ZssRHJs+{2#J|6}jX<EyH!{{M6DP2gr?$^?ie
z0j(j36H}sM2Gj=vf&$J}g4Q+=VvAMlP)vXhfq-(=N{g)o(VARDu{aPr0Mb5B6s=IL
zt$o@OKy4rnpiDtSe(%p2?mf8~00s5y^ZVnz?%C_?aqYF%-h1t})=84zu=??Uw|8Y<
z`XSnJ=gnh(P^9sJ+jo)K;_u}lI!!WtktQ=9?FH^IX|+%ApX9r;x#gL(IOA!RPXnJ@
zKMm8R=Fqe)rC#CC;Yq=DHWKYxc7%yRjl<%zur2Gs?_2=QIeJLTu3r64r=0583(XI+
zX_vs@$f7>M=joGZ{tV!!+wUBjU&TB1Artti_B)5>Yj`J`UwkU}n7p%es~+}Jc8vE?
zMnL-yYcChYncF(&Jw!S2bQN|lj_sxwJV__w@brD;sfOOuVyrs^jk^#1n8thn-#p(N
z!~P_;aT+>&jm@+HV?4nPmdq?>POD=rnVAP4)zH>J)(C7uTglBC<a6Yv>@A$T^X9wq
z@k{WSHWxdZEE(bSt;8PpRg8NZ@7kU}EL*;*<kNm-4*jEU*{KHK0OsDmUP<~^c-t__
zdua}e;LRfB%|yHGEBu>#DU*JZg5yY+b-@RymG4JuJ?Zc5{yt;Mt)yTsWkk=<1Aoqb
z_l8|xHt)nMt8BRDb0yEhh4zEZcfC;a347#&--+-WWuGj0^)dO%;Ti3dFNiXpaofg=
z?)Cm$#xHqZ>rL6%kM<-7EW6!4@JMQKF);Vqm`M69`j;7J&Hr5HkM%1{{mh}ROnz^A
z`&7z)D$$b|haP5fnJ=mFE@IbifR`8p^LQb2cmZ;E6!N!#F=%i7-{#)>R(q_D%-LUR
z(eXRqIJEdC-nsX<qFvUNXFed0=AoFrX--$0_(KK**ZxXA<dJ8yYp6?kU$^uAi@X}c
zWj37r!HITz?!8v*@YZ|z$GD?z*<fHVZu{uNR}H={+)-(7)fK*qg0_6%)Ej&!&Zv<O
z=R3^LyUlBRZRbA!ZO+O6VIE@Szk(dpexkvLPZa+;Gnur$!La;j;n(H-e(EJ=n&HD2
z-q=0e<}uMjF+NE<PDCz}2i{{{BA#<<`NUXca}Zbzdl12PM8FDxP4Rdd6_3SV{?No^
z@DK!6X~b?UgU91on+MIh=ymO7N}~Io{RDN1FO?^*NBP7-$;OZ|ysNR{V}LWDfa)v+
z_6Tdw7*F0Ext=bK6+FxCDHFO0wZT5Ak=V>*sbdBC$58i&$im#_w3#n`qPEArUN+5`
zNemU93tumL%b4lcv-;PQ{vDv~;Jn*sB&YOR>hYIMW$k%_J}fZeH!jtC)|1mNOPRFb
zl-ur`aZ29m1^Ib_rSv6}I@CYq%{ryaq(XeEE}rF`v@)UJ+4s<wCwaG!zUX~nbiYYi
z$=)G_o<3(U<lRc%&9`wdkayEg=`v&>?}Q`aM`Ng=TrBvR4t@sNW79ryjmDOfH*)}I
z{16V9%Z<A=)^Qe|V@_y`=fPcusQxO-J2F7BS9AYG)8IJ9_8(7=;hErAbXduJR(P;8
z_`PpthMuE&e&0J&K64c@JU4r1PUU$)f)N-8ewIQTFZM7dub>|PfuBx{F&>&23+=^1
zd!-)Zj!MQkmVA0&0xgLy)TYXL**}$W{w?5tA#JW@E~~Kzeey&j@$^G2!`H_6W)2{|
zc9w6Z9~_@fAGbiq8=>!e=+|q}eS5WF=i(u~^2WZCR`$H}zE_j;R;!+3&Mjv9v{?_H
z*D{_u#$(pOI9H&jzLz@gVN7eE_05zXV(o0-%zXZL#hlP9ZH{-Q_70aaj<uV8GaJxT
zn`NQHjXXPL7bH-g_eCnd-ZyiZ%CGnI?19}$+Ka}_xuo-`!>rTmommC$&QqGcr;*Np
z#y8o|>!IV7uio<dhsk;Oy`OyNYK>(}`rt+%aC0o+d?jPqmC(;DtGWid>RQhl;nX#i
z=S6nC9z7dz8`H3>Zlph}hIN~?n>KpH-gMuYDYvZN%=4KkcdlMUdud*H8(gov^`uGf
zCr1tWFyW+0ukpWtJWuuPJLHvwzC+&k_~UK@uM0e}St~s;S?Zg3Y(}(k$5_oX`?$I7
z(6;svqVXdBwP(?@L;uddWbAfis^si8WbWI@RQdNcAmdN=icS?f#MrI$3g**~&z)#h
zY0;}c%A!}Lmw_L2j5#s!tZ~q7rl)+#oCM>UG-$5?nvuO`EOa-;<7=#gUdBRqCB}gf
zerWbu+MELY`G8M>{u-!zkl{DwXbH3v2kp!Nze}ONt;oVc=&um^n+^_D-)LZda0Klq
zO|fauEKlFzgURufkAwE6KzpK{DbU_j{ue@fYiD~+SiZ`N_MnlmMvU3^T%OH(pu<5t
zCs0p3^~6Dk%A2mbpu-IQpM(zoe4^27%X(v`kMv;bQ~g>?7t;5&^xeZbxYT}L2AvdM
zoHVI0;g<U}-}9kCXFPS3_d|cFlzkHVQyouIZi~hbz1(9z%P03H`#FQ>LTGIzbrr_k
zbYC#}merB<`oXLGaCHXJf3C;dcs=u`IU4YB%Vf@HV?`(BHtj^}OnT!VuKkpwlUsc*
zHoxqd3eXw&kwucLIyb)~n>*8X*VlMGcw=p=&6?F?5;iI`{le*`$-T;0bE@Dqt!s7k
z;bkLw;}q7k5@0ph&`GDLwXA|Zo9~cC$hXN^v${;u`dP@Dsx_1~I;X~utcx;owozsy
z^}Nh|MHzD+2adC5#hdx#RfhFp5bMEdb~%-)fnJ~R8#%<bN!7Yo0v@ww^$L|qP&wAN
zK^MjkIgPS|DO<zX)UL{_?8<l}XM@dy;x$J<DIWY3I5O$D>_JAu|C+lO!M|{y1nwpC
zwO%^wXe@npucIM2<H&>twC_=V)g`)6eWQW(XCD0MRbpnvP0B4bX08MGY1)hE-`<O;
zuKDna=4}Ogku2&1FN&9t^B&_)WBz!a9LmQWmay-LWe(LR&7op`>3tmZp}HCkW7rht
zZV>yASmw^m$Gqt-bc*I@pWwYLIP=nGyv&oz{DJ(Aocp5JdErv){6J(_E@RO;kB%xQ
z7uh7a8G{_jwb%I=<Vmi*&Wq=Td(FZ1ti|SBF{kit<sgqyt9RAZ9m70n-{{Q07x^l?
zSjpLV&$^uXC+6K(i7a{o`8tI;8;x8QElS@kIlBRw+Mb-1oUBBilp$x9*>ZL)a<&pV
zTSh&iu^RT47t<$4&Ys2?m)dgHk&k8e8ee9w@hgynWwWg{K38Rtoz*VcTFJ9yd;++L
zw`Hp-r|mWVruAXjsx|&}(YflRpIVo*l(zf56`ps-Fx!@~W0A2z<l<OltTUEs>M7EA
zz{yR>Sjkq^C7J8URLNII?n=Hoa(6v*C|P@x>O|IVMAimblh{v(>!+@A>JPZ+Q23L4
zO}GEmzU0N1u{LkB*XBo{nSt~p0lEo7H}9J?<7;eyX0$eIjTpf54VpLY5$!cP6MQ&p
zbY;XE?I9hxMi<*_wCY>Vnmj@EX)ggTowa(bYpq@h{kr#x9_GtguMM8tqoc9Vkwb&d
z8tu@L)_eCFJ&LsGC~}R?aIMknJ6WUI^O$S2i65R%psvWZdcBKgrt<92m51jxYc=#U
zANq0j01eQO<gx09M$9!@YxahZ+OE@)@=a%EouhYhrtT7t&MiH!wt=(t4)%G@*?OCO
zrmknL-p+aYZERC7m(S;6&eO-Lt!Iy*t<LyEHm%yf`WRmn<Fod#{$Muz<}b%544O{!
zoOE*q{|5Hk;<1<_bgSq;=6U?XUt*si**qQGiXTTXe>-L^o`_t%LwkaqocDvQ?b^#|
zk0ZbCJo1J1H|#kC$A?S%n>(^NZ%<*Jtb%6b8*l^vk$ans=yJ5T*-am{x6!_)82X>W
zy4Z+Z?QCzeoibV%R~%Hn_V+aEw|igmrY(EidlCl+FR?yNGrT4aO6UV)FxMxKp4r!H
zebSzO410R5PwbB;7f`>(+@Jl%TBD2kUudk$8H3yiA~!Vd4e+48zcmzmj)RAnN@f7d
zwfFVYX;b4J%l@K}cE;Lr+e3OFJTQ>;W{l28!XdaVq^=C=(%RVoPR;V*VJy#MDPKtc
zma^W|)4!#xH(Fn3ur@4Zy+O}4xi4kSv@PFLl%~z4q{Wlt>}T=hK+c0D$n<Hf6J{SW
z1~!hOj_LHFz=*A^IoY^f;~&5tMtckCtwlRt{zV&ZJQvyN_GEi3bQl92Ho%WroU_ck
zX~v|q&RMMM_BqRIp0h?XPU!{oUUM><F&8oyI%kdc%vthBzs^~{#yQN3aNiACzL7ck
zfH}#<Mq6_tSw4k5f{*8O=x>?MTRfLBFOuamw2o_k#yn^r;G9{uG6yBhONqS?P<^9-
z>Aa=-<}wfRcP?XoDtI>QVJw4qc4V=6F0$un3v;xUF+9l}ZDEcyZ<-UOg~yK8+Y-)7
zC9LB*->k6LarI?8<+X28U%)@S=W9eK71+-H(eQZ9^Nb&SzXV<+4~qGB<UyyhjQQ!>
z`^e;`pSWe8OKu)TTi-c?wmPG|kldurD8}c=&7IB2P4LvN+$=|KB4=Y9xe1*(a#L&Q
zOD#($I=s;z+K53n6?;Otc^;H6r_O?p83~o*9rnUGUhytx!Wo<`mP%%_ex@;(H}GG|
zIp7uKVghG4(PJYrvvih!(tE653-MRDnEBJ$!qick?_ww2Lt86*_U(1kDgGhoNaCJE
zZjaBnIIDDI?2sqmla-v)7E%tqNzT98lZp2Dra3Z^cH`hfQzkZ{XM(Ownb?fZif7Kd
zfoa%@$cLhU@y2rYjYAKowV}W;Dxbj5P4BK}oTi-Qf4q^GGY&p}^<THYz7n15T2E}r
zD<|H*TJ*n`I9b}Kq<P}aJ@z(q$C6v6$jY_Sfx({_!}CujpVVv1Oy5k&s`2r8IV-R2
zJ!yfhqg@$&`+W;M3Bd)PZb9j4Ro4dUE@#~TtF;5%*PptyuXE=nUQ6d4JQF&vc1Aa`
z;3x(fkPHffCsSsDC#45DG7DUVWRxkJC8K<%jCwTMcxE~{(;b&^Hi)+4!CL}&>%rNm
z8#1T+b-gEj2yR+D@g?0(>ODmAyTy}GvJTwjdb%}g?=QJi2Cr`b2fZ1?cad8y;AjQu
z?wlWXfuppWSqDh>;4JYWIQla<`ZId$55du&J>7$U_Vft;862rjQ+}||Qk|Ckh;1xE
ze%!!%9FiZ5-H{&^^xKgiF*e<_#}_)2?AQ|Ki$|aVH(zKT#21>E7a5nEA1qpkYa9UF
z;Rkf*CO-^<Hde3>X%8VDSOE{rm=!x|0rbBRK3D+#uYmqb;f3)T<FaPJ11o3;{d&%m
z@PTv{@8Hw3^=SEkc?|IZ^Zc3l0J=aY{n_~dx^Kk?@Woe-55QF$J^*K0t2^Zbc%U1+
z@VWT_x^Kk?@WpZEgCc8R-5wt#L+9@G!3$sJ!9(snb2)sj{hsz(j;?PIvEc_sue(~Z
zRy?Bh<pyBdce!Pjv!DGevfJs4Wb`AnT?k!{?RjFavZ?5aNo#*O78$LzNpeDc5${R1
zt1pgBb@!)J848}9ecxx1q2IzDz>%TqyD3AVmxc6st=(tsxfasrTu*`}+mM%%xsq*?
zai(me?;+VnpXM<i+8d2_%eGGDG$}&1Z39=4b1M94P6zPso>TXH&OO@sJd6x#GoPA2
z_k3!8kMVr!JgIYamTT{zG<r#E|3IIWUdMc0KpcF{UoP{p&7Qx(%-0k2aVhhMJ^p0*
ztKV}<UiOn_Kf5(92Y*Y+FZy)mZ-*~FI11cpZ>4=nA#|CGd>Mm$iE3_nHr?L$DxdT0
z{|xi|wb<L)bo^Q5!~dDR9XR?ta;eib?W?}GW9;qj?QFVfZ%zAua&Ole9~?%m9x)&M
zzrMFS5<d94?(I6@gHClMN1<De`3l%-&Ec-2V_U5*la9((i!<XC?&%6SKflP`2DVzY
zgGT1vr+cyr(q-+~Yi*3M*V27l8G2ydshPSE+g?lOxuv$f)@j&lEzLj=f<9~9#d&KM
znz{qaUTY<HfeVcUQ%BIqy=V#N+!D^YmDp>QaK2Sv9DA)5<c+k~x`}fxI*}%9N^<mm
zaI$yO#nJtS1hL5~<(=%crt>byJK1Z^v+cFU@=o`zZhNiy+$Zba)wz#-USo6FYc0??
zq`$^qs|5YEiR(`6wU*lFQ|V8&x77caL5rNrZJRA@dgwp;tI5TzX=%T=bj`)=-yEB*
zV$NC8$xdbOSAtG*EI2CD{X8~X!l7&=V$gTQvTqy5eeQJdCHm33Lg*>Tv)WUc{@7_v
zVZVMo|1)TBDRWuJo$x~JW(H%gCB6D6(o1Jq_F99nIa(`y88lu>pF(<6(hJbvE<k_#
z1bTJVQ^6gc**<3j*=sFjEOm^_tb;Lb<o@m^>L_JA(ybflA*5T+=l?bIv@Pgu^LU=f
zIF@pk>xbUWvgjikxx;hHmT(T$`*M|E@0+<^<=1<9e#pH*3wAQgNux(dGV4Siulv`L
zN~4o+A)SwY`YHQ)D|+b#=z#x>{&xX-;8)NAJLB>5&KwUoe}eJ6#(l2JtG<D*`gEV?
z)Hjvq@7i^Hc)l0<Y!RQ)r+c~E-9$Sda<|(Zo2^wmcgJSyyWp=y_+y{G0Gq9+lA|WQ
zg1y#j2`3HFy}`ZMY^}g%>phR>((%k^3HDkGJpL^8O?(F5)N;l&=Xy>%^qp?gd1q(H
zkp4E}-s}E-9p8I($~Q-$dmb!*tj}{lcoc1|K7zK62u~4uZoZ?^p`QC#;c5I4+-)AK
zw%$B~wmu7<TK0B~r%1c7`|x>n+l382yKM}zc@cR|ZYNK9M4l7c$@7DVJiW*>&GFlu
zJuvX{kAFNd?T6l)7<?gP(~UdQ;w}4%>G&Szy*jEnl$UQFJNXR1(d^`NkIm1XNcm+a
zKajfF!!#A+|5=p6cL#`f>>l%_S*^$1S=o2&vKK^*Wy@Ke)IopU?Y|Mx{#l*1A5r#C
zcG;67+FwiiMqXZy)>`82)SCYn*y$uI?J3f?t^C1Lesw6-c_waI>iqHdOpNhxXa3|9
zH_K)|wx_WsE!i;Zno5j{jPi5La{qgqk@WIu3nq>s@BGpyZ(b2!PB|-o+@;3tYLon{
zGU~l%{@2Lw_FtH8&&O!=C@(SBg?#T;^Qie_&hKE(G0!s|aN_-_zT)exd6e&h=5d-g
zJdbm1Tx`WhRQ?M;?;G~HZRO*J?~GzPtjDic^(gkE;>J}K;b)s*47K9EC1XdM7QA;V
zzP{Mkh;AO>S-wFj*SGcux(E1k-n^zdFLC_%Cd*4*xO<B-hRTnmCDCYll6ozl>%`z(
z^2(>I9-EErbLBgmLOZ>KyY0GvVESXE2JaxfC6*ZUtWW#mbhnonyu~T&OUe2x&(xXa
z<S!+Szt&krtdl=4Fmn8?l?~B9nz+U5FA;1DcG=p?_@l}vR`C8gzLnTff9JURdxg_x
zM1TJTT)1%BznFAne@8oI>2D3s?*8VJ4)yn<!}OQ;ijPo!J-#E4SiCxt@=i=KeJ7#y
zw_1{emof%-?4q6zS@D|P-)bo)rvFg+<_<7&CfVO=DJFig^KFSg5SJMo{YErGj41nC
zElJp_h&B>~zng;3;q)QdFG5EJ7eGVcNPbkmt?Jwty87L=zR<7JmX|qGTMYy7sf@P1
z1@|g&(egWe4lRD0U+H_zi)ZjtzANx)QoMo>G*-%f+lDVjHz{}naQUSb0iVL}I_JIV
zTbCNF=e@p5d!-Hko5w2m58!dYCj!5e-zE0@Hx0c{3I2umKHeAFaM9*lz|_y*(#H#c
zyZKza9Roj0{)*QJw&wGiOvC#Ai+GGUcjmWWdhz|1Bjx)anK()eZpXh>eON*tj#T#F
zYL|V(EE~3m{_dHU{C48cPD75R+iQ;cX^ta*a7bQh-C>NK%PVBJTV7pmxBaZ$?-}&l
zi4kxl^6D1oFWui-UfsYv<Y7aiJ{I#V9^J{m+kf$T($6EW8jx4je6LKjB02RV>T~4O
zRd(61oU*>f_dmcTziu-uT9`n(rJM0|F|wrrIaSfisC^#U5?ObttL}mh>RuI5cXnjm
zDTWy*MRH*KGD{AeOP<c;zy#WL%Yp7oj$RJ@j#$KXoydU~uCwGofnp;3C_N+xYL|8{
z2Y&rdTRE_qw%l?6+eGtQ92<d)wzv1juajR%WAoza{3Hh+H2FCt_#R^wKYz=HziIMw
zO7LCa;^*stU(4^C&U?d}!+-N${Cv3$7eBuPOzr&-ZCwJ~&ChOL=!g&6<LNP-@pJ@l
z+-r_EG57&~tm?;O^rJ(bj@T2G+hw<yWy3su=NX4mx#OuF6H`8scm~t!p;_#+XPW;R
zhH1-W@U1KDGaP$!gT0N?dG^1%53Kc@{P|}G{LNeZlX$Mye)6J=Lf=d^%PE#f-r0eE
zKgAE3SR!Vbt>>9#8e)v$D);?IMg%<CC%w^+eMn;PG-x{yIIu;AksZi5d1&BN8@6m;
z%Pyk`*w8Zq{lob-8S8-gV*)4IFk+SvJ3J?lVI&56hhdwHa$uQ*1Bo__J<u+r9@wLa
zfo@?KeLg3Uk(3^Yv0=2k$fyDqe{LYkhGp!htZ{B2<L7CC7S=rVnff*vMZiu@4;-{%
zl%;>b%6kU(+OVyvFa5kg#+uUuyTbW)8RftxpAl%ZVZxX2mv~_pV($2Z{lVkooVV4M
zQGZ_GzkdRK?6vU9JZ?h2y~@9AM8J64_^z?(oIt_46mv~BX2+~FX8ZYd<=2H@G`}c*
zK7L+)9)8A3!&5%;<!h0lcKuywZ!zsjo|-WFG6<OF$%vpyb8crx(8Kt4=%M`Vz|ZNo
zO%J>L`QFy_;2jw-_s!{DOnTT*ZQ)ihqiAFxBRwwghcIjrpM(o!EIL0>8-}ei($5cM
zu)lxC4J!xsy{N!bZdg6ARsKNG4a>`gZlVK^xnWhns$v6G7HpT<7lUsArpE*xa>Hmd
zqdqq9U>HXKfI%k#H!R%~$jBQRSP+Ksjb>my{DGf_VT+7<VBb40Fvo&zGU);QC0=aN
z!^7awriWcdo;Og?njUtU^xzq3(F1+^Ec9@ZMGt2EbEv-+J<ylO)h6`t!_?L?%A|+&
z5%h3*JM^&b>_8HAgy>;voJkLvJ#6`Ky*B_~?aHV--K2+;!#uRhSmy<gLj!4H9@=E2
z`vMu?IwR26hM7EB4y-OQkZi*|qNRFZ&kPUr2*Vg-6#N_)hzrA38CAf}j0tpc*9U!M
z)F%c!HY~%WO<>gtflpcY#4GBvu?|?n>4E(=jC_j>=sM%Q0fCRgF!&zWx~RbWHY{KH
z>VdtT5ooYs$c#-!URPvGVqm))Rt0QmV&LC4Y#HA=FbqFD(KGOt4Kv4E1dQ>%;m)@X
z*sk2bYc`BNuQH(NjG^g)mu(n*-ei;mt4<62$%fGv`Uh<E34wJsj5Zb-d9l>jFYsF%
zX7&ZX$*AfXcrIKY{fi4^Y)S|`ZNXMSE2|9XAn`Jbt{Z-QXz{I%oGXe8EFfL=Varfc
z1{HY&-qGeaYP0_Lo2=88+*@SqiVo5DFMwNl;{t!B>`h@AX0~$>m}vI3lr}WG%I_KC
ztZA#vHSM}KG)w=71inKZp*3xGQfr!>6DJwAD5Hp2%d~Uf;~^Oa-WYqHFR;)J%Zmpe
zzCeW=Rt4-5e_*Z~W+X7LT>^L8uzamSMZi{_7r4U>TL&!f+`ujFvgzHBL!Q8Q-TBIa
zEjl+a-JP!<SbA*WMmH?4JNcpmMQ&IXu<v;S*SPC5deFwmz~ydO5wJ7Q3tZ}ktpip*
zGBD0vUwTh)&^7R1ZWwE(##`Wq)dMrS21dH;;~Oj)#yNp(H>?WSCFci*xXZF1$T%}9
zaJm~-1kCUT2D)MEfPK#!IN4oadJ;H2Cy-{rESiN560fyr_FU*8M6=~dfh|9B(QJ8K
zh-OcB(`=8fA)0;f8k=S*n;A*7v~#gdv;Etn+58Ba{dPMvn>Qrz0(}b6?9^nFW{bVf
zJ}gQ5utgchi6+gy%r`#7LnaR!$<SEOz@IFbHFoMtywMu_r_?LI4vXiK168Dp_!f%R
z0Ea*Q%aW{h=uCfT%+8);r8D-T<iHNf{?pB`wA0NV`}X8^_;q%~*l%iQ?BzoOce%%&
zpVE5lbCNB7WepX-{`%K$er4>Nx&)S4Fl+48mso0z{rB#%=cNRuwm0_K$=2BOV%m)T
zCTHxF4MvWgc3uOfK0RuV-HPokdFl5IHOC+s1>RYwh6J1#-)7nv8aSV_n(vxN7yf0(
zV~>86PriBY{pq6&^7`59*PQ&}N152u4(wqZ$UPYyXOyuB>%b=V4U4o__%Ew($h)C|
zxzzP8^Ad3eSmmE>^`nk{$e-G5JAEj9dC`pNVy4T722P;7L0^<M<raA|*t^Y}X(%4-
zBIC+}CiPEkXYfw#pX#(v`5P$je80h|vjUiKb8Q>k42!^x`m;XVA7fZx|6Ch4QS<&X
z=5Y%*HDmq<+%O*D=36^E#f{<gjk?b35I0soTH|I|1a5`}-k>iIZnSO~>BEpU$cA=t
zGt9(I{ne(tVBa__(60?{h6VC%+@!R@&F~1^s6TGp3=gbwaKk!3@W+{fbkDkxnwx2{
zKbn|P#h9W+J1cIsXvecAy+`?Zxs%({&+|?njp2chsq^i2>Bs6%Ya9)az|rtPr3*(E
z{S0TnoEvERUVHR2+{Dphr~UHbf!8VDntp}{4geGVyqYAr;^wUp5jawR+&CH$_zq>o
zTQThY2EOGF3?wF)a5UY-(Qsmra)%K0q=};}zR_*+*qLo{bd%FZV?-cGo$ceu>Q8GN
zjflX}h(H159XhgbGy*!x39M=tN92dc#yjnoj|j}Cd}|zy2s{N$IQkJdvcA(7Mf|2{
zzAxUz{Jyw!FixyaeM?{td{NH5#5(jV&iCI;{qzPaW|!)!p-s15YTD1NZ)dyp(-r8a
zhuQk+$+mtP-F-+uokC3bI`mS~?GZoJ)=wv+pH4(SofJ%>jkVK<>RaNA3Lfnn(n}?x
z3zw~{(ZRRGjjfhmN@w0`eLom|G`@`^)bCN?K;ITWm9|Z|{k=KmRoeM>Y#Q&Ce}r%r
z@m-6sZpiw6u%q*JaCo+jzbX@dPP{l9ciML|7IgNU>#3hLNjl2c>*+J?n|e>=a6K_A
z57~EODK6SJxU)Z<`W;&S#k-0P7rnXpu5QGp>rOnb9>nG9$^7<WeiLh&=lTML>@o8$
z+c2_blxMS^b7y&La{KUI4c|lO<z2gBWRN?RmPy7PJC}3!MXa=z6~w}fE*}~6ow#P}
z<3>&tZ7Po9Cq54`gSq=zZ3MP0Hv-G4Z#H*k(rfGkc7XXRJ7m=Gt;(i#ry9@H^zR-h
zCeGYHy+-Bp{f)qy>!Sm;*LMpvJkIxp`L@wP%J41tT0gqG4C)cSUqQclFp)SxzP`jV
z?HepVg>QIz*Ae&Xz=(N@t%xsS<{iZcDx!@M2hsVqq#3pPe*8P%7e4zzH>vm#_r`}f
zDflk-`3dmN2}bJ1vfSw1*gi~N##q(PZ)m4%sdx7{d{#327HlOj`J$-a)^!qhlvsXF
zod>?FI(u&{Yw_<MhmD3)=dV;}S=8=v*q!9tb^aXK7{=$Z+kJp^1><;0v7q_Za}oDr
z2eGpr=vkNZCa{6t10x19##p}XH-?yNJNc&5@99&fFE6J88us(e#+nz$=gi}qeKr5i
zCq6^WirI|oB-%L0_!TeyAa@+A_^<v;ev|UPL>&Vur@Zj>WQ}h->wN1mhR3&#@%fED
z8`FMo?2dQg>_+<T>1N^TdY&J&ai#h3(B}r<fe{*;|Bk5#io2XSBKHBqw9^s3FDJi)
zr%61g(BFJ}&L@y=IDzl=ZS~B|*hP%hk3GLBZW(p|w99_>k$+aqLvcRtWiN|+C~NA4
zIfdXLb80l}7qMf&*=Wy!;kVEawK0-<{s9hWlJ=9||15nWPsRH!t!T&p{)pkl+#O8+
zbzV)Ji5KJM25d?EeD8dkXFlJqj;X9kpv~QB+1FB61$PbpQxwxyaVOKV3{UQxe&UI%
zttq~KjVbGmOVgo)hp?F$?OT_V2_8hN!bv8$sP>*YyuCU`qm!+>+kb-JlOA_9b6wWm
zn5nwvqSsZu#N4}7-*?mVY~4?!<<<H<X=gV;^L2fVOVj>kn6^?StY0M=ae;Y;(PR3w
z;_QJjv6bnbv^O1m@BamKZO_{tp7~~F>XzR`&s+zcZW*3FQ-0P?-uHN)5ogWu4xUdU
zZv*_8=IPs5w7q4r2m3GKdK>Qq*F5N512mOEd|d9mQk}ZqBF{3r-8XrTbG`cu=?wJP
zs_QkLqg?McsvP*&yE>km4~6UeBWaIaZavTYT<?BQTJlKcUf}sd*SqIPFSE<7=DET3
z?kUn!W36&e@VwRau9|d4ckA6_JpaS>ZW-x(yPps9{5tRUOqhi1orny+6j^);GI;`b
zyW@#>8EwV@)IEjnM?CyQgIarwrFVy3=GgcCOL}Q9^8#f()X_FJWXq^n$?;8+>H5#N
zWw_+~+PO)$2j?bbOOCHyo|Ns#`t)dHrR4dt`;)RAdESIP*L_*l>)y?eZ1-+<%kyV}
z{pc$0-CBG#2JsAk%(L#|>IZlNTeow6g$=?Sa6K2eV%$3SX?Kw>Q|#r_usgk*wIJ4L
zdT5aG%t6ZeZ$S1#Couz97l=ju&A1aPQw9)Q>V{}@O~_<T_yw^<Mc;~x>Z}QWKwp25
zHCt;!`at5*!H)&RFZL(oHD$na;!E*lJu=Z_%h{(XlS_UBdpa|J*S7huPQ-o$*|-zh
zJ9q+X$r-FA8(2$LJ8MY_az8aB_b);&CL1Xm*Pb7}dx48*9;B_c4|{hnARdCVmIQz)
zj+12aU+ns~!!NDt57&K$S$FEjwTD<!Ty>YJ?z^LQFTlRiSyS!=#y1I)O#Xu({r0*L
zvtfKr3^<6{Vyz3}YsCWbzn<TucVqZwg|iM+X&qq9+vt<I7P!XktaGvS$!r6^*2uNs
zD*E881();8HwaA}y647Yu7TFvT*G{o#}cnzvXpsq-fi=pV9L|<ZuYxjmYm%R+%0Q0
zSI{bPhWj=4Mn=kx^JmPx>QmkA)wvG6h}m8{bxQX7%WT<8-D|rUGgYr6d!OxMT$<sQ
zy=U067aH-OV98!TwyCD<^~5U%Qb_hHHndy*>R!r`zi~W|2UpJ8*Oj#7y4Jp}4c6LM
zeJEn>n`*6n^S$=khdpN^^V-qav^J&v%$PY9-)2V^zmJ~VdEUwMsiF(&)fzbu9D1=C
z&vea;_^IgauAQ%wG4?vSK5b2J#?)Zq=%lk7z!B@YwPtKH*9_DC=M~x&+)w|_H3Rz7
znh`5}Fo%-c8_1)%js}*tI(lXiaU{}4q|eM?t#bPR0(pdEXPtVEbdyUi|Aw@)Mm)vy
zN3M4(NIUCJHP4N%caQ3wE$f%@{I=`euSh#<(h{Ek<$Cv^-r4Ki{XAm_8CnDH)jNCL
zS-|sau6GrroptBOJlDD2%_i-vWq0$u-u3QI(i*?B_S{CgmiK}^0^V330+BI#KmD%0
zYhuOdO_$DjQAXgpms%Fj+iu^%+js48S9%_Zfi~s>mtS}X>lJ6Iq~NX|*0;OgI8|q*
zq~Lp`TYOQRMdDfi5?BYjaR%wm8PgXS&N}rs^Bd0AcOnj8XQVsMWbS|7{0H|d|A-5$
z^`#xCntT4rD&H^9TQm2>HQ$0R>%Y%A!)Ki{wz03>as}VddBnSUEAabRbKB-g4ZcYp
zy_ZegJo5BrZ<Us2?0y!zi+p(cP3~b9^HU#g-4+vg^GVwGo*P)h`q;L<l;DeMb54}m
z=B*vHS?g+ZhSTPdaGROPs_MD@%=(kj4?P<k9%wx_zN<hTMVyb+_iL!58X4u3iOl;e
z<$cl0dkJ~5vj|MJ_dYs1-}PzB;^O`ja&FZbO#6!u@|&hJPuRGyk3|<`(`z;Bv&yPW
zmA8Cksmjfv+#I{y!ThFgy2^QM{)j9$Mdh|pZkt`MOF`3kcR71c8CmX9l`FU;=azyV
zRzG_cH08O<RnWh3`n6}m1n6lzbagRwJdXWTl)0bkbf2^#X7j<1jR5m)+RZlEH22&4
zy_@@SrkI>ajJr|1w`s2hdF0UF)&WM1d|DgOVfcMUP7XAb3k{X`HYV5FwAmk;uA(l7
zJ`4VSdSC?eqIwk9y9oMK+O$ccA6sc_`v&5+Gf%^S%MQu;2F+lV<2wsgml%_?C-i&B
ze{WuP9lDDaVz-WAt@d$FnGFs3CAZ=8n5MG(GNO&mEnZLK7}ohr%J^dPnzng88|%&U
zZ(8sjVp4Gi4&KW5WGR!=!1@u(m{YN@YuI=9>%{KcoI8`a8T3uQ(PKIHD2D3-uf8E0
z*Vssmjw!_MxE>#kvGK<69mM4-j7zPIyD)Ff6pz1g(1pgDWyo*E8d3YPtRGk4^Q(Nh
z9@a^nS*3rmaVS}$e5o-;llaVyJMnhI<*jk2bbGja7q}aD|5iD0x9%ci@~|}Y4C9X;
zf7O)f2!E%1PW&m}MrBmz_*47s;m`kG*Wr36oJ~QtXY&2=IL=%ja9*9kx5g{>-u?O*
zkH2!X&tF-XukZTC2iNgk-#_cSzW9*j@m=3S`@6nnis?dZ)q9UYJqCVauTqcr>p^6x
zc&iOxAyXUp4ow?ALN2ZoAKCI2`_ol!S}1tp^uUb~w4ii*v~WWNEnH*MLeX&iZJ@PG
zbOzbz3yzwXo^GF)9+B?xbMVp}c&X$_c!_=45%JQ~?ekJ{1pbt64}Xaf_=|J!$N6p8
z5Mp~md!Ge|CO>t6!%IIW4v(0h+QDI6qs>p?O}d@W%TMX>(>=$a9*3XY`vmmfy9%m@
z2i&~z%>CZY4_}7OXp6T->&sG}&2u??xOI7Wefbq|>1v&G`OiqN)%tQGK7-ef&$*3#
zhInEv>&rmb`l54p9rZfv%Uaf#fvgQTpi6wjTwC=0n(*54Z**?tH`kVpoay&s%Nb;C
z8RJ@8e3YNziLFfFr&v%sSy#%42{I>%cy>vWi*do7^xq$oTsfAtMKMC0wIz!Fl)RbW
zbgQ|p#F^`g+N+@N)vPOZUSfEW=hnY?n%w)Pj&L`@g}X~Sz}@%=++AejZe1d{L!WvZ
z`>wj9!5w<q_HcLa=fIs8U&@`P961c`wjBZP{_Wx0TG%|ZKMC(4lY>(}vG$O+xb~25
zoy;CmdW^2&J*4(%D!YySw)Se5svLXBTU>j{jjnRe9x}4rD3xOmd5dcg`FnRcdk+~|
zZkWnN>>;0Wm2>uxEgNDwJr@mRZ9R>(bs_7j=<zAm*72;V(>&cP3;C7s{Gl%)w7!1G
z`dY;LT4JxSOQGqlJ6a}Rfjl@Cbxp-T`F`r+ytYZ_wU7SPviQXM=EeQ^>7M90(|;l*
z`0!-U1O4HF6dR5_F#Q~U4!j@m9>BZv>&7pEUpzmRUt`)`_YU4eK7He-iw!?uo&|dc
zD}cuXH*9#e4W9#CYx==0Rz1!h_J_cAhM%5*jXLjI=IVR!zM8!Q^evR=nr8OC&UXU;
z&G(~=xD)dJ$g%^wY7%7!7=ixmakp|7>CSyvvCmlK_ncwwA=r<bb{)l>7wS{<nnvrp
z^n8C^`-|ynm-{jkwyeJiE9dU5VJ`km7(Sc<EvW9we%w*=?V7y<^u3x<HT2IsLkJgo
z|EGUbH~s%3eV1M~vYkr~(@wJ8&P>|TURQcWQ@;ysj_zuV5N%iJAKs|bfBy-@faM>V
zGFt!0<zk)HkasNu4lPc`My}YKTp8oJkhn<32+ps&XWRR2qlRx|kw-A})su_87v|J;
zp^ir`$nmT0f(z_6N7-$TvfCVGw^?AfS&&nqw!H;8b^3oKKZm$>l+Vu@t^aMvTK&(-
z%c;|Uf9_J%$8LE|Z_>WjpjdO>IseC#=KQt^xW-y{pzH7=&VjEe&6q2c<~&)aG-DsF
zH0RPkDh&?&N+Yk<DGe^__IDkz7917@`3{<3jBRuic^=MddR}S9=vVr_yr$JkZ)1$A
z<0pAdPboczu`7LNUegMt`;W5PyeY5gaiw1@u-d#nuW7l`*Mo!o<iDJCRcUZip>$zh
z(?d#wo6$<2pVzclX>jCM`s}=>`;`V)b^AzvBd_URrNLQ+(tY_BkJ8|7^uDemRx_qS
z(3tFS9RD2AAbyS^y2hrf=^1!J_W}-G3nsdj525J#4(b%WI(|m4pK!>eH^F+Dw44;|
z*#RGB+CEDTKSthR&sN*CSA>jl^XYddw&v5hTiWN-yOGI}{8KI-?}Se;)Og^-Whb=H
zr+gQCQ~2&YDOijxoAO7!W!;^N*Q(JmtBo_LOECc)-v0ByEZ%<g-|h3ZDStZY+evoc
z?xb&@m$&`YbvWK`>Hp>O_7>U~ZzpQbkjH!DEZ%+#xSO~Cs<ex@H!JPp?N^m{@%Bqf
zNAUI^1#|KCI;CB_{X3;yyuC(g7jHkKw2QY_DedCzCzN*acD2$j-hNbR7jIW7?c(iU
zD(&L!pDXR+?FW>0@%B(?tcAO{=DWN#d(j2$nGl5?MtJQ@+uwTaTXJb@o;oMQQ)jhW
z`z{nuIW)TU6!YB*n;+lkE1tQ4_O!MY)X;vbwQX>M^^MsChyEk#`GsB2i_|0f{^)b8
zU6+85!_oJDk>|@?yH2Hj(f2hPH}pNyrtb{R<+kwJb)wQP`tGB&i@uYUcF}iFr6cG&
zUN9GZ`;~Ulca+jD`Zkny(f6krq+RrVKxr3!?@`)C-@BA{(f4~wyXd<?X%~IJt+b22
z>y>uV_dk_((f1Gk)y~@GH`l3Ee&|x`RJ4iL@Y-}*-|*TrKVGz$6r4^y?eWRs)~0{J
zFXr0BKG(fA)m_q>k6vI6WbNGL_q67t?;i~Dk=fq{_K<JcJm~F!k63$Fx!0bT&<Seo
zx$$qVwFiGV@#iA&MJ%1r+B4o9Z({It#%t~?E#3>Y{es>0_CBAV_h!=e;drl@JYOd7
zji!C^-VZfy=-|3oYi%h2?&iJom3HyoIZC^DZ@AJf-aA|A2;Lhkn2YxYD(&LEQ<Qe`
zUWU>x-aAog7w`2^+QoaxO1pTkr_wIoOHkUydofD8crRLM7w>tLcJW?wI%ya0{pz31
zi(~6KH`I3z#J$};a2n^OF|$0Aqyt&N_Ye8D;ia+I1FZGLlqeQzf+wMJWi;Qa<38A<
zyH@gbGYXova8|9srl?y~LDQ?#O0&)PoFfuQtFHIa$*deRBYWkIo=exxHfC0zM4WH#
z4gb6~K5#F0-J2-$VN8$8dhCqUuG9W|zW6M)zm)cguS)yzt=b<+-3he67Cq2Qw6FG7
zPMZ;K-+q^Vg7uDI7UsCxt6%pLk@a79r1hhJj-&0#oz(v#I+n=#ryXhi$yWVS$e&9L
zapAKZeHY)Q?74ExP1y@#j7!%BJZ4;|wa<EH=3&q9OS>-%dm25RIef(IL+d%@{1uu*
z;V^OzHNO?qv4uODdg6U)oWhGqAFjH$VZRVbA6Fkm-3B%(s{0bkXpH6b75eL0GNv@U
zjInu0SH@VhQ3AZt7iZE&8MM)#`}}xMT;&32bE!?67f??;eP7Dmlg1TK-3z9bWSj4y
zP3K*nzTd;UY1HW-Gc7yq9qb0FFArXj&$9ZGPCC>V@Vg9J?5Ho>u#<@FOV$zgrJl0x
zzGP4?vnTc;^ugd=MY7SecuaA28hx0}Jy5ybM<-7`^B&3r&Zd$svhxT}_2_2JadJ23
z2Ui;FdidHItMaTP9hs*H{H5K9O$q<$c6~}uCGC`Te8fZYWY-bMlNgg0Yde)Eca*Ma
zSDsuoV@(@*a$~~L$&(mUo`l+OSDxH4Bi#Pc%9Dut+m$En)qkY&B%=Oy<w<+>cP3A+
zx@pZ($&-jVY*(JR=J2TGNkrZ4%99T2?oggwRl4Sg<VlPvPii}rCwG*r=~SLvHEm6&
z@<e?(5_uBQmv-ezJAG*-Pv}d#^5m-GHHVca%F~%V88cAwq_$Ie;>vS0^5jT-Om>Vv
zypKr_^0<9WHdP$GkIAf)I`=WT>tgQ3@G+Ug{=VSvnIRvOJMZb-$K*S2bnIgi?8@1I
zbND^9-7o-sX$L+gKjFP}bq|yOXnjn6VdJl=9Uqf&omCi%<6|P*WSv#cQJ?9LbYjxs
z>a233-G^E9q4}=g*X+e^WzPgJHd{s@6W>pN#u<Sm1Dic!gs9vwV56}yt=@KF(^9X$
zQFKwnUVa|^(f7{xVqesJ*9Oy1FCAYhBmIm(!fl5Zmmg{wI$JRSh*jqJ$rMwjYFl)Z
zlkXbxNoTHh99TIp;b_ZS&5QrducP=vI#)UMDmL1s)Loxw#SyxkXWfzhoqzY8=q03|
zBYs|;*NP*gxM%asctTd(v+qG0=AAk1Ur1iroCuHZxM!>Fx}7*;=aN<&F&}%YhBPZy
z+4Jas_tD04)ZIWE6|R^?SGd|Z&8{olh844DiQV>X%(dcI^(Wmz8~S$PKH7Lt@x@NE
z;)}g{FZPDL@|qreQTHV&!Iwx^UzATQSbYbiqHo2WMs4-g`S{ZqLznfZOn>x5<dF@J
zo;~dGGu}Qu@LQF;&d!HEyL^r(@SKy6XD8p&z~o1wIB=up9a{Vtbw4^jKWBMieopyE
z*oyN`cD#=f2k$ZJd-QVNP2`=|YnIWwhZT>RyBd=w;hS|QT64Y!+;kKh$%!eqg*@iG
z5Th**yf9y(m~wyTono|M2W-Zadl=f<Z^xqB9Kw5Q*4Y-`vz&XZmwC6Pi*Z)|-j>NN
z#GOl#P5GXd$%;qULOi;1o@Hkl8J})8zAJw6&gGqK59`OZmS0srJ^I*97lRAvv%?r}
zV`;;V;kK&aho^<)SK-3W<=2SUE%{~Y%q0uJ`}MS?bCzI|6V+WT8SzbXK9YjBbg|^`
z8RYro@6C%3@>AYyzNaLcvmb)DZ>YQt|A8If?Ka@)z&`-~KEL<u_qW;ilsEBS-%oni
zhCgq|cPj?2d&zp>TloE(UxMnV%?E9J)hXnO0rofEiH6+cIo&lL$&e!QO5aexI5v{M
z`L5sMU*W-~(2H%MkGmN3w8*`EzG(d1qO#-*srvdO?~38yX~YGKwf%)g<13U#jNzu#
zrG14n?4PoVWp^EI%q%AcaCJXpSWc2LROL#7c{S7U6`Fy4#K7p$l@}`>GiM*&xeWAF
zE}89Fxa5lD`<LYMEtm3M$PMxm*Qv3J^KE97o`G|g%EXT?%j4N7`-lwAUTL$9-8<;x
z0O&h*$6fa|7Er$tTe;sGTX|ZZY{6oKMGMPT&YoAcawU1E&dXg{zR<d_UcjBTY_C;U
zJ#}T`N3fH=Hl!HYxkhSZ7T-6U%KPszwmN;&z9-+yP9e59chPkx<=r=MM?zpedVoRr
z8x^wG$wLn?Ef1fm@~WHB72J#*t*z(0n-;@2)$|Wuw7*+QeZ22AjWfx7etJ*docZ1G
zIRtOY=iv-Ans>E!-Z4B+kI3uPS<k+BbWdZLzr1`Ra-_q$b-q^JdD#EfbvK5o{`*|@
zNA|_w+-&xl|IyuyVa4SC3Hc9#qip7;oOMre=M?+$wy~ZE4o=U`K85$0dF2z!_;0|c
zuXpp5Y_BKP%*(e=Hf|+<33(4NUVT%o5x>dz&<iv&PxBLAUQ+mU+(YwQTAnR|{&#xg
zD#ucOJhpwB$M<~Qg0C@0r+d0>?8djk76Jdj+pV(OZ|+&Lg*kl6W8}#84?A&Ub*Gx&
zw)61p%v~nu-_YDOw=;L(FD5TMcLwpUH8<<*ImzJv4(^w4q~DsqdEg^*PTce72M<@;
zc{SIC{M>V0&e|pX>K`5LunOMm8!sKz?abdg=CO|N@%4A*jjTIeeHXnk=3>58<}WIr
zm`eW9{QIF#*56v)mF&A>6ue)643KU7pUgeW==Ac5L&&Q#ial9OTCwNe;{IK>2|nAu
zNO3YpupiYpi5Ymiz5`f6UOnd!H$!~y$46EEn*48$xg%{-vDaTYjk%|9IrZch%_@KG
zCtXKKK1KG)LtE-s*9C`CGs!F2Cp<~sh#pn;t){MR`qh(u)lq+DkzN0RmZ9pq+EBmu
zE;zJ!9q)_re^lS_(QV3|mYMxqU`M*YYJ!fP{na6!wZAH7EpqR#4gl|Lf7M&OKsoj6
zeV*IfUtL3;s@vILZ71K+?5|o1!)?4lS=AM}zbc>&we9S$UM62h`>R`7SC?V?;Owtv
zlCDOd+iHJxbL;(8F?k~QS2w8KZLRlL*E#uI`>U&fIs2=|pRm88?nl4P9_sq={z`Lu
zF|oHFqrOLP;@xy>e`VRyqy#VGoqK;(%pJCH{!7Mrxc${n$>Z#=8hCc^ugXbxw7<H;
z%FEoQX8nU_@E+P<-Awve?5`@ATle{JG%;p$c5ufaD8@!`XeTjp_j2D;*UA3s<1y{;
zuRfaJ`TlClrndX5Sn%H7{wm6xkECF~sPO)3`J2s)AK|C{hqJ#r8N6wK^-CM>?5|D&
zuKm@6z<<W?0sH-J_Wmk`_u60GW5b>ORS)3WUsVAADZiiai`-vzC6D%3WxR{rU%d(L
zobiaB{N&aCYNrqXMDlBY^(p7c$o*A|uj^)w%Y9yZhq<gj!#c0+<XL<=gZkX^<Za;3
zb6#sewsOZf)QtN|{at`Na^!#QvQ;-2o41eBxx`wd$55A>$2XHtabMBDP4?p}t8rA%
zy>1OMwN~e~$Tr@G4xBb#?4XS^BidNgQ5%W_YoFJqB8%5{H=3$Bv*{jEcnsS0*Q@^n
z@PE3&@)@ZH?jA#x>c^(H{u`VF!Fye|Q6Zm^ft}d&%4cLCI^((Y!SWYrZPUAhGaWn;
zvgzHg{fOJ9mwt6*)B8wYWAgmIwoNbj{4uHR+Voa(_WVIRHofu{sbh`Qd@Mc*ytH$6
zWxp`g#2IxsIJ*{HnDaxMZk%0X<IFkRO|o%Tg&p((aOS`Fg6!%j%g-i;J&xmNBR<o4
zID`Fe25~rhJz$-Ov4ykR=1lCgeSQaRpBK^gP`mAPaAdaK{i5t@Z1v>h6T?2pY5RQI
z#>XIJgB_Z$EN8wH-y&>-J&XAwzd2uVi3YxGM?PP3_@>MB?nf|Rr?;LjwO7ZU$nouw
zu3+^3mSM8jUYy0ek*?d<GE8~{2Z!tLKeSk9$9Bgyy#29V^f|`nMF+DJdoa_!yfa!n
zr|sA(Tw^n7aX7wV$Q0>0&O<jCspnY6JLxjONr!rl^}IvIWEXSZu9`dLz)!gE7r(!N
zY(XYsn;hPgeroE`tUYNfTVlrXS?rS66T9IX?C*|6U0XkBnOt^^>Y9rG#B%DAzT|<?
z)_Oh{*(6*~o=Yqw+gEk<3oW7NRj%iiJiFKY8p=6qe)ZgwvfGP`e}K5Rb@rOS+Lv2H
zz5`mfoVfV={wuWRFOp8hns@fi+V5lMVkqtqaSZCamXA#P)Tl`_cxGO<{h2j?luHMJ
zoqPgw?5vTRd-&a)`>y8PCk4~I#Mt2X_#4fOf6ebPevk6g`q;aR@r?8;-+(>_!#5Ax
z@GEV7OFD4*asM3nV*A}~woP~+-f2$|u;I_ydx1pYI(t?EpU-a|zhu&C??F@Vk`jz1
zkK%C8;axZT-E+3S#mBo?V0ZCO<54+i-W=0kz^iP>Ja!q;w(<+N?|6veNtxrNb1C9(
zwR(UttWRG{=dzQw$0p<-n1Rk_8hV!mY$T*_$s9Advh*x;G2FxXJqwoPqk9>F4kp*|
zH>Pukw}ZU7obMGIg?L{)`x~pcZytp1B^KSwwB~~Q3;E@8=Jp_8rrCZjUg>Sn#jvRf
z=}U-bp)>a?Q(w}vTZj6Rrzq2rPNdv9f7?2dYwWyZ*z-^4=RQ-{+h=P1k3PZDiRg^@
zkIw41^&;u$MXLK)dJ&a*)z!}Yh<2Rwbspzye{V}SqB83!gMOs8cZ7cAbodGV$Qs>s
zX6E7h%Kr{@AK9-?S<~OvkMIp(Q$I3*yy!=2uOm+*I+XVGBaN}FZ?Wh{C_kPU1TOtZ
zExM77e`bErlQb^k-3PI)bR@OXkt_@ANNTq-?oqU*vwL^`btV_T>in-U-O<yE8|IeH
z(ib>q^Tmq}rAkMjynT9DwCA_uafHtOv7vK+E$7&zR_E?JGS}P;EOYPO_xbU?%`*Iz
zEndE{%f7S$eSzpwbTya#oP5<{@K4FYKV=-gDUIm+GL3ljeerGeefXxdr|%Qp)>C&3
z@g8<ES352;)=1wMi!ZPAeU82e+y5}_p3)BOf+x4WC>>f5E!Nw*7kw}77wm0hU*phr
zq0yRN%k8}SuZy;HK*D2ZdY~$7Dx}+458b}yYpavl!+u(49Y>E8*{0-#%IiPVYw3p6
zrsSPdW_m<F4REhA>u9q=`lLK-zO~mmQk{~Yywc%x;a@tOc>blskt}ueG<~=ubL(jy
zTSR;c)<&njKFw`)J!=^6Hu4<JS!+H#=A5<e<ymK~o~*s@v(`M|?VYt&TogVBmD^<_
z&srY<cb`*kBYiYyt@~VUe5Zpp{u<H7wH>wLI%{>|e#$&IpuchU?i1|#BhOkFN7R3z
z>OT%=t$Ub1_99=6vsOELtoF`YUU1RgS<A3-=A5+-Fpt97(Vn%Qhwh~tYwxVJ-Jy+$
zbKX|qqB*DSx9ql$^;xSw^Yx{lwZKiQvli*dv(~r4;nAM88Y@5h*pAm(Yb$!TNS&w7
zT9T8c%^mAJzs)=MS!)n6x3wRgBD(nh&sxEp3tOMHn##<xmg#4D<@4rQ%Y44f^*oX1
zqdjZ=irB@-H}n3wy|dOs7g%SlN9617I%_RKm)qG{>!%yrp0$2MTkV~-o&c^h$R7_i
zFW$g!+~(%RWBC>G8^h0i*4hYObk-VW!=1C%pMdMEH4^xF_B-dS^#|VRtTo(*J7=vm
zz;)I-6ZjeYPUjbS)_RIO+IyVJyU4RvHSe@PNatPTS?dRkDe|nP{2J$c#+XQ%HugO7
zne}7_*o!D`<1W*-hx4ps+mj5eIMTKU|HJ#tdUZb)w(nV!!1o!+FZ-V4QtbCF`<_*9
z`=0MnPWC-cz8lE5gT0FI?Z7I4Idf*77txVu4BIy~FJ4L;e%T%om)Y}JUQI0jdC~JK
zIY$f^+%s+JfpjD7&7YCa9n)Mix+uZocf~VT9P>fRhf>RosKzRE3sVfvcl>7>-0Ab<
ze!XNAY0i4){|(%^FExCP8T{+4kZX7w>$@)PE8AiNU9tYtkw5xxzUy~2`_Vz~yTXh8
zfX}oaxWe#kY$-6F-pd)s%lYkNV&}@wvgK-Hcb)e2=s2snXJ6_~Y@AKI8O(75dwJ)(
zeVd5)E1r3Nj!{#MFOBwP$}3yomN~}m>s1Fh(s^aa&b#glQnrGaJ<sy1<oP|$O-00j
zS-_pYeAC@AU|PH}jaAzJC+B6CVZT*FKbEoYUyIIl&xBFji54&(;p~s*eW>&@AKgtX
zMR1TuU$GeuW+vrjb5^O0Nx0y?fz7wC7CzHG{+IKqM>tU){h!g!yktep%b$|kotIkX
zrMAtya2_}3h5sX&mjhEgj3+!VmoqPaJ5+H0j{p4dH^PJFXPbL|(8D%>o4UKXv+a}C
ztNJ2qj%05w-fuuR5Yv43>+_<GXM1yAGxp#8`i;yL`++udRm54Lu9vYnjrdB=eCe*m
zA903TVa{DVa~EH^fM=a$%bB~CoZpzgfIGf`&Ti)15hKH#JI-$Q+;N|6&E0`1y2}pF
z-CX7ld%#`B-}?k+BNJN9;{|zZj$|HNMtSjNjOMPq3;65`o%?H=@h@D4-mExX_Jq;U
zcT{jc@uv1d>!XP?#hnWAfRQus={r6vHiTkn`g`UzDZZrQ3pSwR7HwBi59h1hvUjPA
zH=ZSav~0n+k1;muj^~maiARjAA;#n;|I{-By+@rFXt=?sX@T#a^IdlU`Bg{xr$wK%
z8K@axY_1uQTO%2RY*}O!of#<T(KE1Yl(G51gH~NJ84GIbvhr&Na{pcE@o&scnBQ1{
zo+pL4%PHs=s;IXjo_(m@hcoOx_?O{JX1D$Pk+fZPR;cZ_oVI5!sBMU7dk%D%O50a-
zvD%(S+YMgs0QzuNVNAjUdv4<RgEzrXL@wT7!3AUQ8`%D$Vd^Tk@%#<slk}NyqpyAk
ze4}&W8=I+(4cIFcgWrZ5@^YS?d))!>JY0U-+Y@OIo&IR#e?9!ag|uS9D6j6WGpTPL
zKc(l%wuid+Oc)J4{1<d_5j1xpKBr#O=k&mp#smBLNe@^JjwFxuo!+60Niu%hr`#pd
zzTi&#8|?P$(7P+oTgpR!l&1pwS@r1!^61@Pc(<9K6>Bh-IJt4ya74r$oa-f?oOh#Q
zN&B0vc$y~=OZp&mx(7Pl2c7OmCYLSt?0%PcmG3}H_4w*8hi~hBCj@_0;CVo8>ztF9
zW<0aSo79-cyS>P^(cobqzn$Q=5&f*6agK}5YZ`}+behM=DV&O&LWhITOF-+)IP7-f
ziM_f2Tab9{dx-12nfRiCV)E`~J^YwD4-jueZFtZ}sSU-``k4E`z37>>2N(^nD8^|$
zG0};0o+bYIlsk2mQEWQtTNGQfA8RCjM9)+_o?j!oG3k01lWzF6m9C;cdx=SF#t&7U
zr>M?;CO@V{@%>%&B2GO&IMnj2`qu!xS@}{ezNH=I-S1nxB$@V>`jDH@Rf`vUH2yzH
zFrFcXc42h_cEV1(^n<?TC`M@U!LB1-q2B6Hy~$?18jtxNo0dPSUE28+JfOF2N<G-}
ztm5eI1?L}wbH#lZeF~S77tdZVoF_MaAH3ExhGNdt(%EQDq8-VT5!f>ZwAZL+PviIW
zsr2lglCAdYc<08iaJ!YhR1l9i&682Gl^F4=qndoO=SlPQG3Bu4r5gRR(pwpy=)&YJ
z^#1A>GRus2EZ$K}<G<1WkBQs1m-mYKnz_5{aE;LbhyF*c`6;I!mGj3NP0}y<wf`BY
zJh^XHdrzoD$F{ox9P9uG13qk-EF3^fn{%Nhze#ugMr2wbk2{(y@I3{coN&P2DJMw(
z3+ew9^`Cu>e7s|!Tcy)Ue?a<Y(26r>Md;d6yM}2;V{8b`nMDhtgL?AqfIn3>6TPBh
zlxGtEPqb-3Z+`e#y1{bxFK?Rjl+vh}oa&dA|0FX%F^!)Qf4`V-?PJ|B9}j+K9DF_&
zIa3&l{kR7_+;7t;^JCMfMN8_J)=J@5G`hd3<ypxwrNv*OsVjh~-+#4f>qg>k|Mru%
zaZekVGwoT6)jyuOG%)w5tH>)E*D|UL>tiDQOF|AMBM(!Mi>a)Wy@`1f6)3j9*;#L|
zkFqP(_d9EekMmBVr$#&)`5n(xzC9vc;ePHEMF*+G0u}9Ep_rgP&*o*zjm?h?F*d)z
z|Fx;c1Gz0mO)ho>RX2Dxucxf;BA?;;S<X?_bFa=Gh^_xa>?wC{kUgn!^FPURyKml-
zeanqN%c(}~&Qzl*+h;WCOd<L!?q)RI&v=U+{$(C-<$lPa4beh-IM*8dedJ(1^%RHZ
zgl|nkznYVeefKZf%e}wmAQ9TCp>LVUA@=kmhC-Vf<51=##+QVBY)s>9XlC}ovez{(
zjcGRH$z%>x&QA<X`YPJLdA6@&iIeAc*O)a{jnhwknT*dFPZ9lx@65F=vY(HQnv%VI
zu4nVx_Zxv<`#hWf1J1A`As%(_;Jy;0W`^H*ARQY-r!M>&ByUVU75!?gPs2;qzHep^
zWNqC8?%j67qrp!D@Ez0}<B8cwjP~76(4QTr=GF48`heyl2L8zaFS`FzY*zM8SwpYI
zP9EHBrQCLN4`noMqn;}IShl)lv3tG@WZ+-93q0I>Rk5b2Tm^Rl;@b+=cF{{Q`+{`(
z{jZ+T592V?@XlMLHO4&?u7t*~fYvXE<}ZWxC&QbQ*aLJi_W&k7%(bQU-2d#8mS+>0
ze|;lIw5ItM52;P9x7E;r+H2rn?fmUv^J4Ymw@yFU3#8MJ=k0#H#`~`V5B@NvV;+3t
zM_(@<)VJXd$AgPqV?G`{SlRW<;lU-}?3f21{>|~>!B2^+?dHJ)q`ycW+}C9B;6I#x
z*gW{A-H#7=|5f0@hmt$yL4CXI>$DE8Wju%D!RK6KJ{~+6?DFOCpwX5G?{L<^-#>kP
zc<=;=_O&ju{-l1vJeX|rU{iNn7T7$vm$YO-!dHX`Ur6eh2Yb2b@$0Y`{r8;1^Wa~}
z<H()k!GkYFe>prj^O`p6V6DT0|6Fx^c<>yD_H7;<Zqxo3wHF<Fz*+};JN>YEFv;%6
zX}td`tb=bQcFcokx#;ohz=O@R56^>p$a6e-up#Qp;lXWJx8cFidGM2`jt>uB)y-ai
zY#zLf^cT4oowVQL!4XbBY#tn9_hT&YzY08fpjXE{c!`T1zYaXu?+AD>(KY7du?}|q
zl6Y`JCp_5qIPu`^+@ZS9gSXgss$bMPc=JAs2QPQ}Ve{ZbyC2heZ}Q*<=|z*#4W*zX
zN<~-H8=X-f^rC&aKaA#1%epU=KD2s(t<zj>Y+k;>Kria8S+m@;xfcEA@*dn>q2ElC
zesiu%zsd8ga^d3Y>=<-JOVDqA!gmHmUs>qfSMdG0ecY>Df&P#C_drW7dd}@ePUGuF
z&L;!7Q#gkDPT3H5r1Nt0os*>Rq_611O?~Hiw!X6;I=vm<ex|;2ne?5Xl)bKTO5b@Q
z<MT`3sd6rT=S%2sGd$=#?R@9D@SyQ)%nj7(KSG`7uYK2MKQ`*xY<=5t+v`T)(dC}a
zj}P!{)}8G>VkCSr$*8Ge9^87*{C4!7Pf71N_nPb&^pZQb;|syR^NrPFVkS)Y7(-3{
z=K#jcT(#1F=GyvC=0^HYkE#EZ|6WpX!&R(x+?!O<r>&H;^`F1rMm>2?9>cW`JQuUJ
z8PL<i=Kb$AR+=;468rvg&xEU?<Ex<OE1~Nvpzq7keO^}6vf(r8K4~+g`viB6?(^q+
zn-{AeKXm#5pBePycDo;ocz-PU?4|A<^VxFj!@kaZR>Js>gwLkB@Nm5N>^0`$%i^;^
z?ekf)`0U#&j}M>yk=V<U87ALB-|I+Qd&)0{&;GE-;<HDbe%O5Wu-%X6cz-PU?89yy
z^Vv(->wKO0EWr4VgwKBJ!o%_6v%Sp2m&IrIV;|FYJu4q6K3nj_@!_+b#94Op*}J5_
zNIrY}V~fw~oPOAR_D8!P|K$DQ?$Y;QYqlR79{1i+`^2;|Z%rEZJJq8+oBxPz%1`XM
zc`YrAWG^-_AA7OKy*1d3G^Mbfwz3ynj;#fIq~2#3vQu4!FU=;mz1WO}R$cAci*3VS
z(7<M^syFs7veU@mo3!#5&+ZoJUyR>Ads*EDYYpGe-gOUto@r(5W3e@=qR-Af{c}8T
zoTa(BDm#X~;9I(<r(dG`f3VN{E%l6GKleMvrn~xB>Pn@*U;JJDRoVVCti9`Sd+(aU
z-gJjIC3IK6UU&73M|;-?8I$(9HH^!>cg@#by`5*FYup;I#@Rr9e#YnAuXlD=zkHNo
z-O~@?o*tZeOxuT4Y~IqcKK-syGaI`%H;;F8SFdq-JgFO<etn029c11#C$Z7SBF#%7
zu@DQ1gXr`#1^7;4q^&0w;*0xQ7U^4UveVPv^jr@zJ_<iG?)57;i;VUewV&sHezecJ
zpI1HVlet#Xr@b+)d3rbLW2KLQ9~Q~J`&Uz`lNdr%`TmOAzWYFq=Ye&WeYcsfk$l40
z?>GbOA8(lUb50%Iu0OQ62WO;i{LH;B>%E`vbITsyPZ_~vBRB{ik&Md34pDg>`v9xV
zRoT_D4{+^~U;7A|0v=X7c(7&4Q#Ky{hxf(s<__pI&EsuUEWnqIyqt|uc}?-eYrELA
zhca#s;sd<Yb4tln-WOu$(g5A!BiWSY>AG<W_8H@_r<jjTvSKC=!bT&`WAM(XC7xNW
zY@M^FVr%6|FUi3Er8wG(8MPBT?6HsKXO{tA27D(rFY_2v){R!)^?XCKn!KuW47TRj
zz%-3Ej2x%VLBxAD%R)ms&)!K{<yCuwVyt&lc~{80@AGa@LKrq3*iC}<48!IFqm86N
z$zfO!*tZ1h6NbGEY>HqfhG9E_T`gEf7#52y(q)335{6{~Q#|lN1H-UFU}FUv9EME?
zc9CFbg<<o7<qI|}3=0A~Pq3UY>}6mh1REKK?F4qVVEJKKEV4kp9D^<l!?J*73N|JT
zD+D$`u#3a6>A+4B?9wo7KCnK5T^5D~fh7rcRT%a%Fxlo0x;6~k2~75agP;@5spc(~
zZxG8SZ4mU}z_Ng4d15Qa$S&wwV|OX}4BO`*H=S5|q;vD|Mb&>Mez5w_&uFaVe;<68
zdzG<!KD3sF-+5t9x4@Wb(<HwF)1fWV4(DpVoro+Uc6x<PyRq;^JvNTm3hsV_|5)rI
zr>w_rkY{&2DzCbhQcm@$F41DkTz&Jqd(Ed;^gy@M6Pq_*pdqUKz8yXz5Jb+)#@oMZ
z%SS6V5TDTF4HPbu-LhgUdV|aF&#8Irp>t{;pL@cAt(C^g?e}|D*89pwzVncG<$u!3
zN6L<S#h~+R-pR(7q-)tq$$>|Fp3Sm9)_3Bnx}LxC+sGm8^RnOp(|+(D<i&?1YtMvB
z>C+{g%_s1!H|u-R7ynUvj4#)o{g<4v!2hD#TUzkJIVyYhMeI*j8R=nr_6sVlx?*}B
z-k$vpL$cMfslUtagMaH0+p}A3*N5%dPjT9weRzBJXKA|u8@Vsap8X7eYkT%Vq(7@Y
z`vn&p4~*jHfmhx3?B$F}YwhW~+uE~tx7)9??buFH9_(O6zm7e77xJk5NxVCeU&{s`
zd=!H|DHgp_9Qvhr^h^oxR5$dc?c1|Ap+glPIkxPwSATa9_Uzb>zm4tq2HT!}$8gKf
z`ylVrv1ecE?bBGqJK3JgZrQSDPr{zPuW8RN`(@cu7sKO)*cIpcEPM8PWQ*+C7cef_
zv-5A-h|B(c#-SF|{(TQ}Xdm?+T#c-t9obK-9oc;1Yu@xR`&Y?5*?a4~Y~g2PzizPR
zVk7*FV+(EX`)WgW(AX0?cBBUVQ2sQ-*!?j!=cyj!S=m|t){FlLbt9{SX|y#27~kUz
z*}tn!KQ_vu1<_+GyLS3x)){S_C3|++w?Bj}J8>HeM`O$G^h+`rTlU(9LC8^T*;SXh
z|F`>R+OhL46Fc^Lbe85j{52fA{TEIABw@$iH`tQe+KyfJ(Yd}9(~f;zgdKaGZO4vZ
zk!i<XCp&h&nd@0UWsUk`(weJ1;YxPwOMRXa`4y;qHS=cKuqQWa99om=OdIy();8?y
z$wD^l%$IQ6KwtlE_MQD2@3CR6t;U93ICF4QF8s1TYR`VXIAp(`g#CKo;0Em1MF+B5
z&-Gb$>*>Hcwp*vq*r|&iEW7n&({3F)HSOPJzg~0{^y3%(cr5za4;^cdct5^NDb(-K
z&JWt59oc0!v_m`Q9@C~B(M$!n&V)`Jdw9{h=yo)6z_Evaz?|=-#;e=0hj-#p9vY_g
ztPeJ~<B<m!BNxUYAI2gl3R&C6pm+9}Hn&ZzhY#BJ@V_C(v42-Pw(N{KWXsO;f6Tg*
zg3TY=I<C20kwLwwyAN&jrL7ZavmY|(M0^{&w6bNF+)=D`)0TaM_p{luvlcIV-DBCZ
z^M5bjsSDY%FZYJd$g6qw-l_HLGSim*t|PT&hZd``W&bOC1IHG69W;vVcdeg!lzf<s
z?9iN7hvqcwLm=6**Y~p}Z(y@sVcWtN+2uvM6`?YgPn&Gq^`5iduyc672RVeD`-mF)
zoe92W=RU+fI}hR965~q@ot>weXJ@Z@cK)9`9J_|gTAiIuJ9luQ^YtId<KRPQQp?Ug
z(X?}S#_H~C<oK|2U$cCJ*E&Cs^0u*af8Vxqcj{V3Jan@T{86<3l6(ombJe~pOgr~|
z$b`>l=bmEPx!-xI+pZync5FL$`uL~ETNb<LvfiGH7<(>nVJ<(0hqX_S9IxqrV9)0s
z)~X|&Ps?Y{;^#WsPQK2xlfTS7hs!=a5q=XMify}y?xZarxohE{Z^B2{z)x4hS69Ka
zSF#`NYVvGr8~Dq@_dwLu0Ig_$kOFV2jf2s48=P@vgSd~h-go<o@GkzF9rA9Xi&nqx
zy!-dt56`==k>_~w?jhSg{)^__zg*HW@4or#uO{!F?C_P%yXhuh$-njU^X{o1SiBqO
zv|;mZSDSa!c&~E>^59Edcb|^yn0HTh(dyTocX#~Y@Vr}3p5w{8-M=K>&1%cLmR-H}
z29JF;d3P8wv)$|NS)`BEx|{vJ#k-2jZMI?aZf~=V#Ne5{|0?kAi?JQ^?l2dve%*QZ
zAm570l&utdZTEeXd(XU^JjauF`38o0-}FVVy9+0@S$8dae0cZ3qhC$ly~x*^cMC`#
zE8ZRRp2fR^oi=RV9cZ?Z7|iGWSAln5kLj3qFLKf9*PVCcj(~T)E_@u1^X^%;FU=Rt
zySun64f}PsKJUhSMS1rM-P5|xyOT&CE8e}j(c<0noi=RVJ;!V#F*uR;Uj^QM8~sQ}
zx~eN~4X-m_ci!#CSP!@ECc5x(Jb1Ujw*UX4d3Qo5yxVvAS99Gh_O#~RZ;?J$yj!x<
z;@t^O8#eEbHQPuG-oShDZu4C)pbPV$6Z4`Q^PwY)LdP6!#?Ql!n)_YrUQ7Dr>gDK&
z2YAsDdp9p<KV$j^4DfBP1xDPguy26R7uFZ^eA_J==Va42;Lc8b1MolS*f-!X`s4Es
zqd)%iGwP3t;WX@A@Fe~5dD0&<4&7Hsf843x0OOW!cm!kjYcH&F?fDJZ`3AdiB))X}
z4LH2inGX5asW%M_`3wy3ZGN1&3i%97FlsbE>BLHL>YCk-4!K4;WcKWi&%nN8;xmvE
ze2zO?)5elMSv~{i+G_d?40+@$#GA~K^v1FioNeCGTY6>L`p+`&n3IF@E!Z>RLipqY
z_+=D)Qvm-c*57}daT;6ck*UwLmx5M=S4WThqaBw0WwFx+ys0+6W#41}koU)uHy>g@
z74qAG-W+?!)jZ$({r|hXc?n}b65hPXg`?xao0^|5i#L0=&zq*7!MJ5#P2OD6qBy)^
z-h7a>*3DzVo4;zXcyqSXhRvI^%r+8(KjZze<jrT;FLlJ5)i?j&<;`h~{YZFoiVH`_
zgEuulUlwo97}wsqY56AHSoPK9&DF%bcJt;_q>mMEKKCDsH<vhV*u43m*+ydUN#3`N
z()~>;YjSVa=02>^eOaqdU{Bi*d&ua3V&uB_v}-nS?~Wfp$Zz2W@8$=k!;3ODO~b}d
zc7dkf!m0Qz;MdT`Z(*+Ow=fC2PRd|Yw99Q5c>ZjwuJ-H#=kWbG`7Px2wfz>(!uDO?
zeRup8wtGT;3;%;JZ^&nXK09mpb38vhQ*wfR8+Ht)&jNiCFPJ_H)M5H8+~D1;Se>TN
z0(~`o77nwg9)6fT^}f%zr+(07laXTXsnHWpIs$(N#;QH_^^8}0@EXSK-cy_Y40fKY
zTsRRfLjDYl-Pr?owx2fr8NN^4!BO0~%x&w>P+|KsICXVolc8~${tR}%hS>eu8D*?$
z&zE5z@L0d)%RnstRbgKSzU#TSWwCr2%CWWB!CY4`KbhFRcVvg5`I8;SKI}01c3_9$
z%;C}6Vboz)Rn5Lu{czh>i4M&@H1Ji;$O2n8rTy&_q^<MqH{r=^;LWSy(W~IqE7?C^
zLCiwS76U%Qw)Tv`)XVrj^8S{g_&4uz`#bz@u;uUI<a>&I&v176U4iB6;J{x8-pbd3
zzWCemb=ZafuKEcs+xj{%9*tA)8~B%<#{=(Lz7DrL<Fn<^E#~+Vg9~_H?DBP}a``%p
zv;7?A<L8iOM1LMXhuSF~qphFAk1twN20X&g!OXk$@O}=pW?ASf3);C8nsNC#nD3_Y
zu8?=OpF;>X9hmLs5Q5DIX8SpWU_oHEpF;@tGO#JMg`YzRwiDRZf@OqZvG^8TCfF%q
zSQaqb&mmN{5SZ=f5Q0qyX8SpWVDo|HtG;33`hvi0KZj7hmx0-S4k6f1V78w_2o{TP
zf$irIf@J~AR2yT$Z4?5t{TxF1rUSG6973@9z-&K<5G)AH_HziqUIu3SIfP(4f!Tfz
zA(+e0Ap|r19AaWC3-NQ9GSkz>&tVMTaI0d@JMwi<T<R%PJ*KZiEIxNf<Lj`__H|g`
z@^#42v#XvCeH}J<Sm%AnkSJtHH0yg8)^~&T-5+f583Dx>R}B1p=&c^n83&ny4XNpe
zxW52D#4W_F$DZ~8>qsj<!~x;B^^zm3=dJt@3(Ks!<cH`V)H-hc^|GC2Jx?dTglTJx
zA0q3y<%d|VSh3Q35I3HB&G_|pANCzdA6)V42ReNqetl%@{OhqLSM2=Zd}p#wHjxRk
z5wzMx4&|7zo?#ev-X@IiP!Qifk-bq$Fr7Zu)2AT*)_W#g1b#0B&le!0M`7dYG4181
z<{J+b@zYsIIu7N3nEaBD<KAgrykmJ@%}!u(_;!`y&y_*H2I22j!gnEa@vW*vKE8s_
zRVjWf3k{=b2KMcZynhdWuu^0sa_Ht2d>68j*tvu7|C;WJHT}P4V2drganZ$e_AmH;
zH5Ic4%KxRz^NkY4DQ>Txjo6Kv?WY(+-SxeP9WXJu&H83g-)Yo0o%+)3Ivddi>Dz}3
zqYJXv%6|-Acn@9RuNb!@8%yyI(>uw=(~w*2Z<0#!3v*!OfCU7@FU*0>0EW$eQYn66
z4r~Fip9+Rwm;-wP*c`#|3v*zv0GlNkeqj#mJz#uuE2$K}Fb5WojFOx##V^c(od!&D
zx)i@K2R06v<a8;1VGe8tFv;ms{K6dA0$@`F!!OK%JpoK|x)i@K2lfgu$>~!3!W`Ip
zz$B+j@e6Zc@yIC2=~Dc{9N1~VB&SR93v*!OfJsi5;uq$?W&o3%F2yg*fh_<gIbDih
zm;-wPnB;UReqj#m6=0InrTB$8u=jvTPM6{r=D_0d0h63A#V^c(od!&Dx^!9?HV&BN
zbZKcAHUpUCbm`16YymLI>C#)nuqS{?PM6*hhP?tzHqE88!m#&%&G7JT5>MR5rL$W5
zqs1X(O7Jl&nKmPP;Z?@wwfK*1hprb+<(cn!RKODz@LQV4*H{ib2EVdG@md`ICZ71%
z!ahbXzG+e-Id6XFFcv>qcvNLX<1z5)Ja`meOViJ6JZ0afY^f(9cCDwI$#W|`ea^m^
zGJ|=Sz&GJ@d48Yg58&sg;ODjQ^ZTBAmJEgu2gA=no1YbLTm1JVymvah7liNT(eBdA
zjNNKGi?-*}_8{7ZU(D}i4#a0pacNASH+vn}KS1C9iC71a<&JH9hR)K+-P`On;7zRo
z*LZ4L5{;()=;xg^pa}dljA9MA0ef}Uhnl%*2imLy1B}gev%>2@<Tph0EgRDxoo|S=
zSqJb(-)`G%ht>hRAA66qAI@4pKYs1>gSDVK;#(#!GVjU%A9e2@A60$l|DVYuWF`TT
z`@IuHYZAQF8zf#f6XGR+6&31T6QsKaao0s`twkl6b~hO95=Cig_e&6~nNccLs6^cb
zWZR8mTO;+-cDE)(aYC?)+%jC8-}7}YlQYBQhIHHCAM=<wXFm7O`~H4^-XD0u<H{E=
zUSQIFD_&f5U++5U{xFN~GltVR|L@TK0~2%yQ77GREi#sE=M$&<l+U5O=>Bh7b#|)v
zeEHSsF20PO-Dke+I)C>~XB{|y*CSs(s~f(ob9jB>%dT^HCC(T)hu25G+|U@`AB$JB
zKjyp6{psY(|HWBqXMd9U@<R6JyYBt*2BRA&ul@N4_NUF}%hEmmFL-jm==T@o$)y{h
zD_!yA2K|@BljH9$hhN$}IsWbr-q}1k{_bJk**rP^?m6DsJURaEP2Sl&IsR@J?`)nN
zf7c&AX!GRwyVH1Q^W^xu%Xw$><oLTgcxUtE_`8RBS0-M84&%)CIo{bkIsWcV-q}1k
z{%#lVY@Qr{*B?G;^W^xu(|Bj|<oLVGd1v$F_`5rJXY=IvyN7va^W^xu=XhuH<oLTc
zd1v$F_`6-a%hlXwch0Rpe9-2}@p7l}&gRMScbD_d=E?DQcks^U$?<m&^UmhU@psSh
z&gRMScW?5}=E?DQyLhMj%T1oVJ5hHUz`5@lbf-1&<!9&4D|lqKr)iD<*N?4%H<v({
z#h2@mi5<Rdbi<ctb7n9VANIqir^07VetDIrSNt-WcaP^BpPP5DITGuVcmMiuEP;1l
zE?q5&cmFT?pu+=t;>j0IGwJ`*YwYvaedNhY(ao?E*=Mlfg{=#%_GD}AktbU`V69_o
zb@Ak-=2`6C^JHrr4j*6~o1JmM2l~j98@l4jmvJuHq4~)?`HPE;Wk>k9dGZC67tL>L
zfhSj4Jb527k{R2v#i%XKAt#_WJzqH=OLb2=GS~Ogf{(UPNB->$?mOG(@ct@KZJiN#
zH-bFXj86TVsn$AA)xL2Ln`IxjWT{@rFxGmxWSDO`>y<)=kt`({hO^1$oj)1OOKWsD
zetMl@S6&j`!6unawngc#k&<9x8|QEL^6nwxO#;ZC-yr9q&WlQxojcmVCd=Jxl+&5#
z2zEW+IM2*#?s@m||3>a(+>ER_nDUXT;*gKK;PtK!99_V9wTiEngjS`Q_f@tp1~)6j
zyU&xXoOs7d1YEe2T-186HFdA2WY?waSp@mX(w}|d-*8S;W$$CpG&a4jV4ga=e6!uo
zxA;$Yj2|QyWJg&Vy15tIN4gcSQ)M*Or&nIRaZBJk^;LllQ@QVGzc-!p&E9-R4z342
zml)SgMu&dkb)(ceGwoUQ!tLnd;l~06bB)qTx6?+}Fr#3a-^_uLRWkq{<MGUw{4Y9H
zHr|-e`f*R^;Jf_j0a*i~L!Kq0(^;=J%4$!R^ygms40MPr?zZ<DwVZda^_?<x+sK>w
zE;0uBGVXhHGWY#)R~b1fjHS8*6&c*eWm`+R6MWK1t(QbsGgjsCY2of2-JdrTo4eZc
z4=11KYdJMh-f`wNE3lY+9MIH2F}X7Mj%aVzTRDFMYmE7`*~=*V+@Em;e8zlqiCF>i
zYP9e^(l1!(^Ncw=(BiSmWm#vsqq^sBi_ygS<60|M!_e@F!2MGtM$=E{Aa_?eV;e<Y
zOr4h;8NQzJ>Au37*vHj14}=7d*4T%V2Wd$D1vkZ(m(kuvK6__e%-)r-hf~-~#gF{b
zy62Pm%l7@`3}V47+jl~)pChMo$8Bqdd`)J#&nUMZI5T0$emCq&#gPpO?`)P`yYt?^
zNj7|a$a^bS$O)mt3#B*N`9iA57vi<^g+Md*1Ak_|5U;1!%onoQ!hg%Q<_SMF;{4Fl
zfeS*-nZ}y!13ha#9FewWN5H$r$rbVk#_Hq>S?yJ>km0PyFf)&+@`c=zo0u=;H<Wks
zh3qF^$l-<3J+6r73<<udaVuv?IzEF8)~z4wm&rQ%zyUuv;4xuorsxv+#ulLCy$fB7
z{1)28T~5;R4to2Mqah=F2)sCK$F_Aq19fku@}mTS4Xv$s3-?Q!cUZdfkZEpHziaau
zY=Fsfe%dHw)+p%J@5x1G!Zq~q8f0+y7}QtFejJ(zjH#b9oqnK;$^E=G%$PNrepU=K
z)|Jw}?jtmH1;%XBz&RETbe{vRIMG;lIL(NPc6H$MELvyzl8T-)=6A3!#mqgIwtUc2
zopU!tOQCHWz#Y-eHtK@^h1F>zw{mWN_dMhmpBG#MmpuBN*@;WC!#Qnv`YE?kXM66p
zRK}xvNqvsYPV6(_9onuuVwH@snmhvm&&c*Xe)~DEj|@^c5t~N-?m$8IzCZ!@2b*{A
zm2j_Jspezqy`#<fsGSG7Cl7j*&z*+wzd-(e*6a}Y+s2wjykql2@PpUk1$o%@_<i0G
z(KTY>^5#|)__1v)O7qX#Oy6y+jq1xrv6HnqpS4jNJE7MTv3V51cjkH?T9Ieojpl3r
z$?~6!)_iBPX36s<#{)S!#wg#!Aou#r#%FVwI_fLSJ8Wx>H>+k5_pvEw$f4F?D3`Va
zp6vEKo~L@oGUo2rL+zZve9XNWZ|$>#ldbmslhtX%wl4AdYP8?-6RV##Y@j~+ujakh
zFqfRi6<#A6VZJ7hVtv-(qux7XD)?9mUS0-%UJ9OG0&Tk(9JcNx-FAVoOl^usc=)J(
zoX^q5YT6L(dgX(j`5Zj1<GAs-M;>u_+`Yhf?|Gd6`0}_FU&NOGHF?~%mvztM$osKe
zJZ?4TWmECE2XE+^$8Act?kjKmdYs24+*f|_S1lgrl$(4-Cy#U9-NZY=$yvaOo5$VH
zxb%La2|q7~4ngNq#x}#hO<Cyz<KFr)MuXr;`79G;CFnwzveIov;qj7{LMI$8D~&={
zDk$rel_nu8eSoag$l5uw(jWO9Ay(j4WTi%Q<<*SW;<1vKMuZE!zWjbJczO?+se|{a
zWTwUxGSmBA$V`n%GSmCE%+vvY&s`Xpi41*}?;`kxm+{ZP@6kfWUc~SEIg*)%hX3<Y
zU~B?%R0(pF`A%|y?pIXK#!=x+!C2KT9a)00>_xU5HHtY|a#Y*(ZWv39#XUsaffI}C
zz{(84*?u#QAOX(8r+Ai?BTG5u{+)7bY+1^A_nPVgPs{%VoG~UxR&V9ZsovM}UNQ7N
z!I^By#|_4gfmWF?mPD(L7mWSmkxrWRw*q6Q^Z;Z3#FzzR^V!E#Fm`1hVeA)|r-rdX
zNide40><)e82jRX6Jczc4Pza=S5C6XbmPd8L;ldAYemzJ&PyhG=I}({*t#ncXc_p{
zNz1NGq4!-G*ZUsIvGl&OLFw~1qa*3=+mPp<C+A70^B9Gr;oDm;`9AzIT{_{tIpUXt
z(7pIxLb=x|C!1Ox_dck+<PAUXL#og3HshZsxA9y0`0JFB-WcLrGC>>Pld+rnfz|re
zM$`MyxO(rnj*%144`Uzr-sQRU1Y^=`<a)gpS?qg*gAH|*ldiZKdz>+@{)*QR6DM`I
zG5;SWlTxRe^2!ZcrLtSNua~kaSC77?aVFPqaOyK3)mMM2@2>kJ>i)uebH}&IS5=7L
zTY1)A;&}=BsqenvV_E2^9g-nESy@Hsrw5^L(ou_S9ThpOu*lX?i)<bBphIuDqggs?
zk*%Y)L2vWWQHyLH^`K2}4?-_P%srN7-7juL7j3(0f@c{*8~TkACQfYqV8*69%nv<=
zo;^YQVQBc4ON?b7!Ye*1F=}_1@1$dohW?I({*DPh&fIjra+tHZt=Yvk{T&mhze}!*
zEf*cU*Ua-cDqKLHtiw9-p7Z!Ex|p0J>(I5(<wH|Lk?FxBPM$1>#(q5gi{+KOkEYL4
zPPXE_oO0)ZV-G@~o#)?EFPNg<xk>d-rCz10-qtSq`)X3XQFect>l66UMgl92+^ToZ
zI0}XP%=rZHbO0a0wcD<99qXuissr4tf0vKSr%_gVQRF1gvM0!IruF-X-}>*+|2R7O
zUpAlTZuZO3(WR5Sb9#Q4^>F9&++pr*>U^HpKacFs{P1lsk0IedT4lqpGmoqJFSf<X
z^?CTte&_|6=m$RZ1V4Iv7C99?rd;z4Vr`_iuSaix&p>B>&&m}py?qaQyK;_q*n0bZ
z?2w0Sy}fye5e<Sb+7I;hrIFRC_4XUTZ7h@gq}ZKg`|wF$we<GrDa6fCMt02w=t}M}
zIC}e0{Uqt_#ZEuy?G;Hr+3hFU_RNzkpR8;|rryq&rMK@vcl-%@*KE-TmwtYbHBF_T
zS2M=%+WPqt>Y=+3&okQ8&ktSe31t(Lgbr-#=&P`$mb!HG@jRP)AiB3(M^~HDL7nzg
zrZ`DQSD72o(aXq@=q{@msBNs@f|Jgy<=*Sh4nbG$q5q06KJeudU%3i8icK&7W8kB_
zpK-4A-Ve}wTku1i0gecETBi~B`GrLf3}fwJ#eNd^8~!`NDtWF|=4^2I6L4DnzXqM}
zO`pG^{w8>ayU#&(pTFv&&%@;J%yIQQlztCG8x<#^xtaPgc)Rbn#i7V*Y%avPx@|6z
zEMr}ncTBt5sRTwV$mbdGj5ci-Q+u#o)U(Fq5l!&ht1a0tpe6a@%jELR?*MiVGZuWi
z*e^zy_6t9HdV>8T&}qNeXxlHA(7x)MF&4niIUej6w6T*pq_STecw)I}zgX-|v|k7o
ze!^T9dB-Y;sA<1&U`O@~!F0!hU`XYrdWUR%$m_2u!$wml{%YDUvf8KeJFge^i$(0W
zVq0?AH^F5UZTjMN4DqlrrkzK9&GnAnimp>r&D>P)R^VhG@m#XM6m1}Pv)Z8zw=G8X
z9Qbg<^=#nt5c@2@V7>Y@<Lazf3a5^{{Ly0@!`Lj}emgpf*1j=q%+}jIL$)sR3~zr3
zyH2jhXO7i}&B!O)3VTr@`#*bkv+47n2F;ub?JR|cUWRSuQfw=i5R+%wR_>eJ=>u|j
z)1$z(k1>lU$$u$X%WZ!VPjdHDV#f;H_(x0TR32RJoa$QMwDp<<S#yr$jLM6;ls8S?
zIkmj$VNV{y?;zOD@&J#H+?in%j%DnUJ0IqMNA~QGoR~wMF6B?^9h3Yy0Qs}Zlt169
zuS$?V-^xvrKbyUqE~=xf^l!<ac?T2a&kC3PX_iH1dy=v~^jyiG$@ND$^_iFCPxUAH
z(_J@;{_=||OaA;3J~31N<oW+x{$$>6`Sa&FiSp-NjLnok$w6%S=+OU()Bmsv`I9x+
zQ6gALls~zrZFw^|lEoSI)|#W`&$e$Q%AY@^Pe=ZIoZsRPN6DWvWf$no(F%UNB|l5)
z)GwCTSu*5O_ZfrL<KwcYS?&qSRar8m`FuXl<tgeto>Z@za*JK{PV1t-e@&|QUAsTw
zXBV=kIgS;S(|qsz!;$6x#K)99Sv%F!Jq`_=B~B%K&Y`Si&#A1JBYR$IuiZ`j7b{T?
z?99-i65+ldnv(_X$wpr5Pn@-<wm$s_=$hj;AS=DKam%>xI5w$df8%@nU(w%~v|aGK
zjk{QY{l(a-<j*_6^DR-!b}$m1$@J@`jjVC(Q}XXMqch2`Cx1d@TcTfYvHW+mF$!Pi
z0Pu+WT;@*)XH0(t-;wuR{)l+lMK5SQqST9cEq!P-@Ths<&tB`?Q&WHH--R}M104s%
zACNyK`<2tCXhI0Mbz%brM^Ea^S9xa~!sZ25d#U8i*WleF@Y^iUkenQhUd8@I-~}y=
zr}Z2Q7sSuRD-QDR5bxxN$%U8A@s6yifUg&cml@S7TFmmp;(FNx@M7<b%h{*t?AJ7S
z#8mcAaDN$RYpmSF4%|Of3jFRdWvm3a|41-^jOCPjpK`Up??>lZXKS4Ihj}l!Yx=#J
zPdyHA<Cu@$Z{_{*jyqUOym@?|h|}v!+(CSwTyYxLI{TC&P9qIDR&fXK*l`CRbMCjE
zed>MO!2|KQ1My!!@vU~;K|`bj`Gfq#d%TaWSWgb|2>vEN@drz$<<;a-4*ATCKagzN
zM*M-_=O_NaZ^rIE)){|5jJm(QI7R$H3$o$I?AevJzc*Fv!F=}9t)o8A{IqX3Yd;yE
z=tqSed+>L5JJ;}EZ)}|#{|0R8OJr+;_sf?eJG9~ty0Le@<<Ku|>TgxsHuYqC`Z*o{
z$9B#I<7WCkNgL!FaG!aHN3tD#SFn3K`f1p4WaBJgZ&TSg$9arpo$(0W+R;s3bN^-7
zTdbIb1e)=FAZ|xD%Wb9HTHsGG<j{-HcqjP!<@<>?&OtWZZRCAVzJ1|7zWud2lPll8
zX(LGT?aM~s`1WNZNcQbJbRh2AcjCuNET8+;ciFT%MGV<%+%qQM{*UnOYb=TryA~Rr
z%C~=1KMvio`zdhxf%YWZA|AAT`#1E#x9>Z_SSP!|s-ArNr+51HtD$G6Zy%at>ubau
z_rbSMTSwUqTy04QGJX3=eVV>~SGfTEtP<YZ_@(^%!`r7ovrWG~aRQES{{Xx?*|*=;
z3*Wx<Gt;-vI3HqN@$EPC+PCkTuiA0+N%{73X;1nnI!lA;+rKjylI&vYp~NIgCbRtU
ziYXdv>avaa<EyhR-B7Uz+BZMG_zvW}hq7I|^dQ+5EM0mD@5M`qjcAz2y%hPI0~@k`
z8Q5UPM(|#-5l%ZQt3B`$BbV&c--r*cC!hYG&gtH#|1;Ys`>Xe)Qz{lQ4cR2=>|T}5
z?r|py_L3$2Iqzk7woW5{wv=yd=<OZe3}V>QInQUE>zllJ<qBl7-LjL<Wj#hwR`g{%
z>zBtm%9a)|Mz!lclUP4vcMWn^<m3BZh!Mw^=HuOPWA|&wgl!YxzuyhaEc86^0`~F3
zY}PjdPxeP2*hXy0`q8@|cr<w6fo)%B4yE4U3$m?q$4iJ9HG8i{=F4w6;VYhHMGGfy
zs9-E@6R@FRXK1HwA7hzE+lmF5jb3k!afG?A5z6VFm<sV(%72qS0^SkrEy4x%T=SDW
ztN9JL=O@_E{3IV*a~$42n|Z9{ZUsxu4<PqT|LHupcks3n>;zNdXZM;JSJ`#Ya?Y0<
z?~kgz`B`{AV~O*8#!_tW+4bz%_E7Km{$Jb2Y4ZHu`#9kvR?Hzhe{EMhf71THEuR1B
z-*wOP&$NB#7jOnW70=I!_1bs7R{C+}B^J*gpL7QQkK^Jz-z@hV%DH&H`EC#I1dEOD
zCi48Dj7{%f<Ng0%<jFq9Xe7Xv&)<EF#=n!-L2|0}-~Utp`Mw9X#p5*YJvvTfRu8bY
z%=V$zao#r-tbHF??4^8Z!plb&WA`UcBN^6$Nw9VfaP?fLd}-Fb&W5$qlVI&$#wJ)h
zwU@B=*QQ~8jML~7oO%C7;p}DN;Jb?lI*31BdQ87A;H(`u><gSt?*h)A9-Bzhenh!s
zIQviD37#H%Cy}Oo@Sz1~kMKTL)vqb?V`4QH4#h@43|VJ5_LvdaWkzB@8-@KW9s3!v
z8psfe2}%*G;fgy;iq$w(ac8M*=bMoO{%Wxr*u{v|Ses-kUt5}FD>v=r$RAFu#w~jj
zZROQ2Te;#gh}Ec7tj0y?-e#-@{SfOBuYZM8A2}%@R>M{I4C*?z^52lN_;12izWe@d
zJ4Sn!RU+>?@fz~WB*$v(xv=|KjX8F#MiKCrDpuoUa6@vP6RYuS`gCmNZ}3~Nym!X+
zz~*(p=(WJ=HNfmQkQZl#B0nZpqpF{o?*V<*q_g*xSg{((H2S?UaeKL0?hVS>u^Q&{
zKk=+sjpTZ-C)ImZ?L*t0{>r=P@0Fx_KePM0hW*uiyRey?WBD~@HSZ^XcVzi0KFRSK
zyErGC%4YrqWu>3p$GSN-^Ly<z{5SsVMU2B*VjPyre(@z@9M)oQek&g1kYv9&>7Pvd
z#oAP7;9fh$wqIB=4r^t<=qAP?v7aRSh0o~+`-Ng0_Tl5r!<Rcvv7Q4SYQL2@hauQX
z&LPf0I+51f9p~WKDiUKHTxSqmI&?MlUsj9*dTXbh!j5s6(aRWzUf3$k7>A^O<1r4d
zzU>%?wRVid+OA?8eg=$o72^<|V#PQJAKWnx8PsuN9HNv-igD<%&&P!qUBoy%(nX(&
zP52l%cKZDz<x<5s?0GMBj6;RbigAz)r!Vmhf(z?xhIMYvjBP+)2Y>TB78s%97T>_$
z$%aFGLqo6Q8<OC_9pB)ky(-!>Y#WYZ8wCIIGs})+#w5gTIY-ANc>Vqw)t4<tW%r<O
zPsN^N*>b#QTm)xz`ee&de8Uvt8;*)?NScRZi%OV-E4IPhlK~dK%I_rHQyq7C%~5s@
z%U0D@T*ELct|6Pa27lLa4X5Jc-8-ZExQ0v5Oo(e(D!ue3VARL@^){|y0R4ytowCi6
z&$^V&ycw2kW}hudh-;Xj`1Nk$8qD*Psb#ajskjDYBV@IuNpZDH6=&d%t99ZHkhhv7
zukG2LD63VtWHqzw7Av;)ZS;(ITmyYM^;@0#wydW9;&Baj-7VC0;%evMOZ=ONt3_5@
zI1*Z(N>+QZGp?cf{O;o#I_$WH-*JXFRa`>@aUX73?N<79WVJGWcPFd4<TMjM1{Yg#
z4e*z@+;I*6I4UlundQnUXU8>|&*?lXt|7TzSyH{LDQCwunDzDtQ}=gOQoW1q{&wN_
z=|)a7+nhsL&AH(1Bg-fANseuJkabKYr=3Pw(Wb$ynIoqSwAb$x{)>4tut9V7_0ECF
zyC)*|4nqDNjBYk0bfn5_#Wr}&*oLJWOS+A1SXyewHq;IAG_3}Po!Ew#cs><)mtChf
zu?_WGZY&76&MYgop`JFnifyRhc4L8aZn?9p72D82JtwxIwa}CYm*&|y7UVOpf99gl
z#;UI*#5M%MNyXcTCRlzj<nN`(nQP<u6-tbznt4`RDP_x~xP~!0!w&CQ#aLR=*A(L;
zo*}#S%e*@zz0Qei$R@4<|3*Bn!7Sey*RY2ek-al!vPW05S68uToDIHn20997gQ3?t
zORw>YFU$fCD~W4JhTrG4|5jXsS?)>7J&K<3{OR$y2J`)|crTdyaZ_Sk!^fPN*89hK
z-;<wG`kWQ(<i%f+i9fPmSogs1!GF<V`!DtqyL_K}Z-{#~;~Ac@&MF_kx8uZ}Xm1>U
zrOpM%_r{4iVQ)@$_GbLi{=~F^byoNfUoqAxu4)}~k-V^o97EzuZ^B2bIdf6Lv)&t=
zVMY#UXdG#rx6J6gZ@G@L-%9Jezqv&)${s6**>_6ko$wm(-Q@XNr*_T%hbH{L*Sl;5
zF<$F+5B=S?k5h7s&M+&#uhW)~+<}3|jrpsPYwke?iKPv1C)V3M)7yfdGgW!r`5qYN
znP1M>6bCe(x)sDJ2Z*sW26IMMK1t3CJ9YCIxBMs{bM9AlZ)6=L$IbO_;_Pq7<Wklv
zZ(Q(EKe|jCd33AoyQdBE5UQOCl>L}7UqC&{MIR9xY{^B|oVT+!$_?-#u(N|c1oMiM
zKg1pETI<bwW3%p1f6VU#Vmxxdqr+Z*IM1`GP;!?)qhqrA&!Yb&Jn#G>b8>Eqb!}nn
zrSz|PDK=I8=vnJJf^~GikEP|zTl^XRKYK2m6Hy#)Ew-1abC<TxiTJo*TJ2~Y8tZKC
zgfFJ=!{9K7ch{e2{vH!%pV!NW>9jG6y?5FcjC2J9k5kUcpWGEJX&(iH<7nT67jI|V
zb^K?r2f)b?pQmHeP|76trT-c|);{`K2jBH`J4%T|cg8pSpyda3&-dJevGu=)HXOqL
zs(G*aI5x|xwrw2Ic%1qM@bwO3>S-Q2`=fdl_Py1@HTBt(Z#8*7x;tC=^Z4P|`k~x0
zzl(7`a2l~Zz^VADV*Xy`?5k+i?Qb1f9%RgBp1djpp6B7L1+i=COWrPh=Bdx?r~dcn
z@_*KUbLZ!$j<?PN$*<Xn-TuhJV$N(ECT%^k@Kxxp2l|@^kMx?kMh?)IuYWP;Au~9a
zkxs5vZ`el;Q77g?aN{HYU)EE>kaf0mcvyK@zB;TDAE?fG#_2n2P(s^N=%YB4&AIss
z{G|U)&Xpqz|EvC|Uv!;MNckx&KIi4!t}~9ba0_!drNG7a9NK!Sm7^v(rcbmwG$$dZ
z&*FU!eT65!IoIZWDd_91Ht(Bk$MoIA`Zu0X+~M;GAFY^gjnx~>sBLDw9sj=0=zatY
z?0|lpxh;l1Gkj~{qKw`BftB#dOWtnV<9T7)qfdSAJ5uu4+;2SodH&S5KY!@tw$FX{
z`+w}ef7*}pk1X1j$9mx(&(0g*pHAFlcExDm3L512f0J_s?U@LyKo=ZX(fMh?$_Kxd
zFYf4l)*dUSW*>Vj-@E2?fVdjv4bmRVe{If-xwJ4>oguT%=?*jJ6@6RtBBtca&I^2T
z!--&{yZn#c!N&h1PM-K3OC~xFuyIK@urbAkjS)6%yu*266E-rEV8ift2^;n18Uh<f
ze7kqSTLl+8`8aTKJFqeB8y}^Fi-*YZmb)rzOvT{t;o={Y;Nn@vDY&@4w{XFHj)Du#
zsSCJR;K0R~nNzng;mQl`^)L=^nD`F!{s)U*K_|!!Fa}tt=bRGq@mo&pZ^V|t_Jc=V
z$zXNVK|Wp@kNZUi+fre*rMTb5q;p@l!Y7=(%)-x^T3_hS_n^<6`8S4#f8Zs@5wcCL
z=fuhWwc`c_mU`y<f`LJKKd&4e7|QRTFB$Fo`M9ephO?j0d<W0X92>-C3nvcdC&qRb
z*n7F-H^TA%goeWhyvmK54!^K)*&2rz{2dBy&IsSp+i{qCp!`LzS@`JHIX`bGI)U8U
zWf{=*e)N}#&&#M4&v58<)Z35TD;CXmWMa|nm4?yqi%BW=#HQW*p<T|Nl!FV&wEL)i
zfp*{A&AvRDZ|%#s^O22d`xDM&<_3@x9yhKET;-WxeG2%tKejY)afb5Ho;dN|itkMG
zXV(Nhfp;UK@g^Qy@jRNJHvx}FKnpq3Y18;$G>I0DF!A`b3CE7dSsr4P;{3(ccLIM&
z?0dP>H+1-N^nowKUv?r3iH}{J1iR#?5bQSi(~YZ&?ltB&jzK>dbK>Ok6O4xcrA`ZV
zL=P;Pc&NEHRm7lj9yVorTkZA&yNvmFpp%r2qOE>L!y773JK{|~a==|{*H6Z!SFHMl
zjU!H+>|1N$%qx^N_w$nzYV+V_E#P8B*7vTiPyg9nJ4>+TEbwe-gDzZlx>1YlnR3hp
zv>W2T`llXwJMz<~KCj;O%g^gi{`7O@(oD53KXT@AlQI7hVD^Vyl>0ZkoVk9dvwnkE
zzd_77%V>B+V_~fIoP7$VFS&Z^Gf&+WnW-Fh<k=WvG-M7lYR~PW-Fuz>KQrc^HV|2V
zAZ>!T%1!E)1tkXt)P}RRwjL3e<LF=VnIp$Ja@vS4`n}QV_iOB5Hv5;&J^&lyMc1qE
zlWX3tXZ`Beuzug$^||I3VeK`iOv$5scfyM!R}2Z~5D!4kv1qB??>Cd+@FJ(*bs6)Y
z!=F%{$$Y<JG$=P|1btNfIPFSiwe&MHw}>gzoMX3}3{R(8?G~11^h}$_t1scG-|EYe
zhfNx&e2c83^i09a$w}iUf3}H7fsw}i=YW@LctJUGo$}X3`Vn7vYmgWKW3psF*}vKb
zE4R1**~Kbr>K9)*yPEyA<iN|I!IvUiUjj|mSrBqLd#&?=t*^1Z^l$N>M0!#4R&05N
zVv<C!&f@$Hx)yz|Uj!`fMCS+qpZz&|P&C`vy_r0qzO#%$75vxAe>dbM%9uao47g;8
zOMjine`F64|B)@^Vsj0|e>ndOUw9L`P~oB_)%0IsoH)6Xc}W-ZdA@SCbf~>EI(d(q
zw{_R{db{la`1tT~Y<H!5%&gCs8M6h`o$FEUj2W0do@2htX%`%Qj<u*}jfJCvpD(-4
zH#%)Yzk4_4S3?KDf481#pC<!G($GOX;g`VQ_kcs?=9Im`*WZYm@319AY<tFR$pxm}
z2_A7ur(H_61eMji@GXWn;)7e(3tNTiEk}1(j$z#cyBvMLj&^)c6^C>Nr;h&}J4D2=
z>=4k*sMEJ>5D{z;jakHP+ct;_Y!L1?Rz<-f)ycEQt8p%m#@4?NKK+8<-)5YR_WV4|
zuaS4sEuB7O7m$rXWq*f_&aqE)Wq*+^?};RPgri@{_UPzW^1qntguQNfEVh0x<LOFI
z+-J*k2c#!L_d0CZ(xH9Q$r`btiT1q?4SSutm|nMO*CxikMf3>$vBi`Th9e&gi_1>8
z{T6y8dLSJcdbFAGhp<7(hN*K>jnGB4x#UQuNf%9e2z{z{(Zfv2iEatbMYm@2ZPG21
zj&#}}oVoXwo~$AUM`H`XUwa4VoiezaPFZ}Q6X$E3cHskkZMQqw{#&%mx^TAKmWz&}
zqetW6WMI?5Md6|F@g5h>2__>ZOeW&oCf*B{_x1wMHnATsv8VF$IQV%tHm(uW72dh=
zMP)s*{ZUqH@5>0BUC3`Y-nDp*{6-s3QrVR?X5ov2SIvS4Xi6h?&@882_{;=;JMB35
z*;|~{{8hHM^M4oGra3uyr};m@J9CbnfX(wPSasuRcX8Ast-T{(gzRLZqlU?Ikwe${
zp0Q~d<0LUak94D%awEOQdii&K=u5&^Hw~&}4L2~~-$5^wYoNoXAG3JAF2z3P(4O`&
z7aCcO4Oi`IuGGudo=Qea-cyyW$2K2<p61!~wBGZz$?<x&Y{1y^lkaMF=ZA}!upxb<
z)8~MGnlCsTInEgDuP+X9FG{=Slxy=E&B;xtZ^XXxGUX4lM<bK|)BEp2i%ab__CVuG
z%{9YDpTw6`)<^w=_Ik+<@APT5&-#trVqE36J(n}CsO<fet){+d!?xRP;MuVi6C1lb
z!d;Ck(~RA1e1DK-%%5l8qvW5Kn{J$&>%ai*IeU@IUMQYF*BtMt_;`g=TL0XAvBdS?
zJ9(0OJ>TtTT%|dVTr_5k=zn}&y}8-Wx_aPwy0`E5z=bo0*}y|`pPGl}syT^wD@L*}
zy!&4E=6?G5(WkLE9({-BFYCv1WRi!@HtiK}VM8JwyZ3%PY!z=2Bl(%z$9ncRt+rD6
zSWg;n`SA|sSbn_MIFBp;gm_>xcZt3OKG)kaLNn`yOai|&hAN-h-O$w$USrZ$p6g9m
zN%Ywru<!Eh?jA@td}&VvQxWcgls}?=xG_nvJ=+^>aC~dZiEi?Ka5V168)EtKaya9t
z@-5(cs`ANxycXcK0$oLZydXY6+m9Eon``&w_TwpEi2AsdF^y*p+&(bq@}zqh%Li#A
z+H+`o`=!ARDw|x+h-FSbG}vewmTs&+U2A8rFFLt!rQsUhrS|_>>ucH568(RozlX9c
z|KDQt;tJYOZkc_+=}`6I?2j!A?gKyK{o4B~`VcSYq9x8gLMPTsF4Eq+dCw-hzV=VF
z_gar}p7>_9*=M4kc06YU#djz7<Nix$-qcTH-r~{8{cndhq*_DPcal>-M{+LlbM^4p
zZ`tx~ayz0iYRB9!a#IP0^eosCT)5w_^cwRd<2vn^GbgA0{+bu_uK+)UC+zvG3gE4A
zN9<gk^NaUuuk%9SLFJT-N_57l+ZA59?^hk=ZqKzJy}4gC6<+Cn)oOHnjn`-MefimY
z@)s^VCD9kyz`1Ja-nYH(@&#^@FEEW*7wlcwHhpJ#YK@HG8rfzu$??8}Z|o~;Hkf`u
zof|wpe!%P#EqjjR5A4bZ*x$A>{R8JwtK|#yS-!w!$LI?@>8up=xtG4cqi8ht<kxTQ
znnox40<UNNO@B`xe1XmH{onWkKRY?mPIHD0EC18@m+=LL&3XN8`2v6Zwc`sLQ@VkT
zWMAOhoUJusBg4|=MdwUEae@y)dT^(o_<9F6zKq|j2VdarNpMlmI7LIQ=`CC^pT774
zPj=wq%gm_@9o{-`-aB95$W*Y<J73^Ya@?lboiw5+U*MHm-;$$!flv3=2iJ`+@W6yb
zU*LK6Ubg;sqAj*Nd%^d5JB}nff+b&Pgreuj7wEdDqr_7yIJfeFd&6#DpmbE-+q;U~
zOY#N2NbGk#a&m%feJXeNW*gBBoC!?u1;V#Nb2{TVQqk@kT>FxIPvA-T0!I>O)scsN
zkG6MmX4LHq^x+G9o%0%bdA_53fnDKoU5U}u8SgQ&)1LLNP2++2=T16yUtm9cfnD*J
zuKF%@`o<Ud=2yO)FK`EPkNUCf_txDm@~0fIeHe}}uoPcluI&r_J#|)5NA}B3U*O2_
zBJ9O)chO#};}gM_yo)?6jU(}i;0yc}<xM-N?F*b~*Z&@JU#DMvWEe+@Y4a*|`2t^}
zY$Nf}zOx3J@=x04%@?lnmUT!DlKiuM%i;?&e{R&?Ou1C!Euqb)tu{XM{oGS~h23}Z
zTC8)%Zu|eRC8u1ouwBma|JCFFtG4}r*#E4twlG%Dri(Z?)1a}oX{?+{h~NV}^(v$G
z>@M1V%ozhV%3UY0ekWKyz;9daekK`E_U-suCi(u<m*lrpvf1!1`uw)jC%%Qt(Q|TL
z{=e(u{ic~~@2tDzPp!QvgT~=QzA4K;H$-QFp$(;WpWjT{=j)w5Q~3TG(Q(v|19z71
zud{9OU-|w7&&lwky{^V)+FReBiIdpC)t9LQ6ALGr7jgOi)X&LD<Ii)(pThUoXxq5m
zzCXu)z8Kwx@u4eNzP~!=>DCpZ=g6i{uFxvW_a|F>SM(wHj^q2YZ0(EDuX^kIyYVFG
zHMG--FZ&Vap(Q(9_NzpG<F<QS_|j?jW{pgHx<fmv>Hm27{+jHzkGJpd75A8rv+wUI
zXUxah_xA&*-M@hE58r^fhl<_ko$umkpM&FXaO`Y#;4k)z^`bY@@#Xu|yC61J#}_A?
zhU{LZ&5+;q{7<~XZrMd<$p)snF5jHWN#B<}u{X97`2xT*@H(}v<Q}gvSz~g>Q*PT!
zWUq1eyB#}5Bjqf66Mj6K-eSK<@C$D4Nc0P;?YfTG`ggEj>UX(o?m^ewD_wKn$J}NA
z+lTK>b_(}6H2=-^{Lh0H_0|4YpTbU&%8&Th@EM-)yT4tZ;q#7f?>PGmf8?}#oPCB>
z$KW%}arq1t;~}}e(gm-;dK_2l_$|D0aFw$G>xq?_teF2)IJ*j%#h+o~>^tPdjNAXf
zH{pL*_EE=Xz0dpjiU@hPD(Ta~)lJluP1gsGREU@2e=17C7uhBosbk3y_>Gcm+#crP
zZnK#-9a<$@yxA^1I?rj>wmquOCfC|%JsdjL>{^?>;PN{zd$3c^^v5O9wb}L>oeN$+
zjvo>FH(55(dUO1V_J6Gl_n#hRb4-oPsqY`vxfX*l5G$UqSaJCp$(7ctJ@26Z<?K1}
z<dfz5?QYKtn9qCcdBkOtcJ@4C&Mnagt-1NUzG(-%%a7V~?axT|+}Rt)?^x&Tk8R6k
zT;{%exSz(_`;qw$%{GW*a9{%4X1?i9wBbU2FYT?{pJ=e3xi<gu*)U=D3tT+t^lQV#
z4fq#L*nscJpW)QgI|F~M1G^3!h@QLQCCc38H=LYitj}ZJHsbpuNOe|;(~rwmEqIBr
z_QEU0mFagOb<Fy#cU#!<hnBNuIjos{0LklJ&A2oM`5Cp|>MxrZ_&l$F+Uxil{h`h_
z3hg%hrft+0cFtnq<V#xXQSr4d=Wf`}wH_5;Yk~%@8o6k6+}CKXxy#pByg!kT>i?Ym
zvGxBAAFT%OoN)!&8_i8~(3+a_L4FY42|n?WPae&@lgF&`4owoi^%Xu-;hyEcPJK^o
zPrggw)jor$__}`BSTe#NW)fS)UBHfQ?j~aXv8^oi+xMlq&mSHn2FS6kXiePb53#E(
z#c#RR9s8bsv)vZ4@1+xqL+)H4X(!s}4+mO)%VnIw^|6K(?16LxhlXkml@qy;^JYcd
zF=_O-e1zk>IUBebSU!*P8`Fli2X(&*exg<AX>p&T4d29I4dzay{J=%_*+9++w&0Jy
zkh6g+>8lwSRo%rY`ud1^`#1}xGj8V`vhIJ@m=ycfj6cgyY=Cp8w8q{9Onu}XlYdBY
z1+@908E>k%CgzHqXWer*Jbwpeq#H)@>quV$p=w{F?#y(~iE+oY)5mP)m};$>Su4dH
zVB1J2Uk84=$E3KYRP~`Bv)p%C3*O!Jv^Q=YGSz*asoK>Z?q(k3PYr*{_q$(7^hpgh
z&u5eW?=|NvZDwd+iNRS0?(pRdL#tQ!FnYotj5Y46Cr{Q-?=cFWUdVk63yi{zi;P0i
zpQm~EQ{JWffT44Y+9wwnwTsF5+~7C!pAau(g!l2@j^jxQXUoV73f-s`e80&3OYXHO
zhZefmVjuHx)?;6Zom1V`rH=<L-piSdI4&l|5cCQcU3q}U-(<H%4&!88d=Q(G?hU?S
zkcEps=RC7;t(Y|^1x}P>$H`M(<lrNIQ4=4@n<^XuE*s+bl_dX|_(*x-V;!;AHa?~-
zpNx+l;PJu<Ha^<8yf{T)4n8V2$c2v$!bcD1Ig??s1^oRr`*%z@NiJA(ebB?4{qOF6
z+dX!EcCC>~AD}VrH8t_|NSub4Wsv(4%4pqPxS6ty<fBycR9(@9cbRWj|0`#_aP!S>
z$_R)5i~m0!mx#Nk054jHZJWW}l1%)_qeF+U9m5%)vG|kw)q=-y{H>qTuhs|>U(UPj
z?CXc#jQo$h{ql9j^rL$@(+^z~oM`^4CmGDWRu23rNB+vRVP=kK7oM8yvKTx~HBZqW
zYrk${d^d7F=?3mV$TZJKH3urqGqKKh;C>^-eb!N(o$BiM)VlBMF2j2%SEzE$&~|+X
z%eix~vhJ?r-%i`kcUSGY-}ki-!>Amrew}Z3TV4HDOzR$eCp!PNhqJ<^$SPVV-^E73
zs*K93PvZHrOwTgK`R_5~fUR>~Ests6yPvZ&4(Ge8F}UCNW;}1E7|(z7W<0^5xmU);
z*0-lzwsK#1VaXRGJe#cF-_h?Joe%Vdzop-m*6+LcZG0!#V6N|d_IIWI-9@{9?`ro}
zSG#4dc5mvg-4pHhhg#pxcxSlUU37Wpc<<A1d%XAZyUX!*(Qcuu-MOxI|H0MnoNn5U
zdHaF?Lqdmd8_M~TVVpA=4jmW)4^OX+d=YzVA9AP8_~~Bd{m7lN<2AhKY4TllVeKmN
zD>Y0g2-TOQH8t~pL#~VeIcIWh-|GhNwTXVdIh=VaNvq{P)My)WLtT<Q+Tu;CEx(~t
z9!>W1JxT1D{CwXb_r%66!wWv-oJ;;=p4$2eX-y$-TGMN3#^AaM<Sk-sPtQ!le`om~
zKE|&VdDh@Abj}=L52+krO!CQpG-zb44;`kh-@jg+msxjL+XDXvjZLzj#(7enQR^E|
ztQ)^u8Jl8eCHHOk;GU4r%lVo|JZ2tq!*A5i?&n!1KY;;%j^H~8ZMml4b?%^-45yf2
zQx50dT*Ejw1it!*83nPlk?pU+Yuji$pS~t?AI@o>MK7G55q#kc`1zTf4g1<CqxP(E
z_=h-Gm2-+{a+*nRHJ)1y|JK!2*LIv#acjW=<e^xaw>^z^PeLZ%jx62kol>~SNSjv&
zt!>S;ez$TTd{EEX&U63pCiqJ0K<9ZtnCy|WT8B8#Cxka~PN;Q+^E@yd)bkkU`NZ%h
z?uu&-IM0K^K|N1!o(G3F!P{F;wVu7kLo42f#-rCQ9bcVa+YC&|mx%qS@O|h-Ae}Qy
z$PoCq)=6I<$hxktD(m=`%XZ>H=BY;qQJkt`tF$N7JIf#*P-V|W4zIRt42m(Uj+Y(U
zSr(b)ar%G<#pAT<fY%qPe*<Ty>%7->Z1j%oKxSQ6Uv*uF`mp%YwcyJ&;LSI{pIPvy
znVieAa&5}ywGsR{mmCl4iTiD1o*83}WrlJEj{REg)!&IN{|UZn=?pp-qWQg-;aTPb
zMx>K}`_UuI6{oEK>%ceJ!pz@{>%4Bp^rwwSmfuEQ#gZSs(?gz}G{)y;oax|ohIwW<
zwk50S06A@l7r@3No1PKgF%W(p;M^WIpV*>-_?V1nEH)q%yNB;Z{X?;Ndd>>P%Jl3H
z#b$!H=cLs}SEtnm4P)^3l63AqO0WHJLVE2-TfDV9=6GvA_If#&<_quPcNBmBL7ut5
zZdv^W+<EX-|ID3}jfUIPf-gjhjA&@WrJ?EM=07|qz4j1vM|>@p=bg{=3q{UM3*~~F
zJAwBlCH-m@kG^o`h0qUj?}8^$>cmb(_qdGQfbhi%Y##?E8d1q2ZS=*yM)RmIS<bi*
zx`BQd7-H<Mt1xCME_((0>cn?Te;STWrqKm6jd7T<{D6Y5X3C95XFJzx#iv^EH#!be
zmB5<Xe%FqncVfb?;aN1`58s3~ux7rw-zf-i?{WorvXxx^^O~~A8*H3-``n6xJbzYA
zjwkSLV4$(vb2529>5Ev-e8n|7=cc~w_}`-~$@hI7|M{biK0h^@GXSLl!_4EN*i5&N
zLU(%TKPTpYs?KMV$EDHxwaJk!C53H^*xv~k7dmHCD~KB`^PE4g1v>w`VaB=j(D?{D
zTank-J{~&h^Nelxb64_1$U0Lgn`M0VsP4^xXRQ@)I{&Pde^^A>a_B%adcW>Qo(X;h
zi2)`SW@wvt3^|>K!_$TV|0BuiGz$C5knjTbEK(GVF5-@fVrb9dXENXwzHkIM%BGL8
z<AWjYxNOg-?`gwUt|;<kx3|$}9(`U*pMtSUWMQk%5#dSnS&rRqE`3Vh`a?STg6|+!
z-aB^d)B_JZI*J@AKEq$bdD-X~Vq_MUO^Fg88$S0kV}tg34C|<Ku5VJ$m}jgLJZDj^
zB5mx}A=J(B7}04rPl<B>XY?Ge5fz>se&&*p&oiRtz(maje1IS1@*n3I3elGb?J?)7
zIcx4(1FeNW;cSlQlSEtFKR~~@n{D@M;68FHIE5W8GUMVxy_1~~nms>~xpFl3UuLyU
z79I8HbN9vk@$6q@4*Po#`#V`UXxyd!+5r4yWg1ttg9Eouy}e*B{g+YR#~JaR3p&pz
z-%jjk)=*>JndDOX?U0ViyErd0(UVnkI`*0?$W^<OdY_V8>EG_Xv*Xjj#-u-AW~|%k
z9T0wg*rtNt@c)^y*rYJuOIgP@Z%JYMZLG=aDTSZh7>wpKmeYt+eb`g8BAeeQ@cY-E
zM^>!#40yKrPqA4KW9zB|9<tXKhki}otwo;x?FQ%WD}eJaXis=qd8si=WgHuB4!p$R
z|Iz%v(mSd>2;QE1vT?2hyQ?Pj9(J2^95@;sev19ylw+)aKP?fju!#++_=a_k#yOW5
znU&~&tb-QG4&ukx>S1hgKW3g4mo4488QK~o|Gs#SyR6=y&-*V+XI2yUdn|P3<+o!A
z=QPWii`F-OhNsguIHa`6I?v*)L*rYS34Yk(r1P1YcO!5u-m#GJX&;?)Ep_A>%b}ki
zvL1r5T_sZrr+fTcFUSA#FmNJR5X@Gy-+xBO`h;~_<LO_shIN*lw`&IH#rR+4;77Cm
zJTn;mHUB^B$=>=V-+C{b)hCqsC;EAw&j+4?W*q!H+E@u)QCn90eimUxqW%7`i5vG@
z=l6AXU-!)hJVV=OGmgk*!G_$|XG{{l?L74gGY^ySEdt)@UZA;@*Il|Rp>56o9h)^y
zutXp7!8>)J548>rPFW9m@5{o1>>9@c3!|gGgN173-GGPuXa`~mxVb9H55I+Rm^eMo
zm{rdDx3k7>o)rN;1QVhgq5;s0!Jo_vM*ln_7%dxT+$CDEhI$)4x${;5mujn$wklZD
z4{6JJR@<K>w+#(~<_vBtgD#SHcoFT1E+VHC7BTjgm#wio@R$SL$)jE2@FCg~FS*PM
zFFC(=yd?5(*s`FnH7{BF$DNd4O70=<q|b80`Cl{EN%qm2I`pzDe2$z0Z_yr}kw{-F
zS!V}k<21mgW6m7kpv;3uVk4aO5^wtT^IslruR4Y~ugLBFoJGrhrzX<!>aTun(%r0=
zWD?<RG4hOC9vNfGBV$s^BRAOc$R^gK86GbgXfQBShaa+(xd?`Sk;XG)bmWR^?z0~1
zk}D1ob0*p1Ze;3QWDB2Xbd6++x)ggD=PNc%*0`&oCz8jJi3+tp?A=w7e={0X-+}GT
zpC`&1=037#5A*&+_R)=#!bRa>1UziF@vy>E4PCQvUizRpw&!#vHrupcJMf}7fCzcI
z<wL~|Sop<ZyKNhO&P#!#JHgL(@RRa)Nfwz#KV`t>X5<w0lSMye^i#<iPXj-*z)$f|
zbIcB0g6q^Dtoy_!(zow^&&(q5oqNFwcOr-QXjguz<T@sOpiaJBM>K-D7q*#omY8>^
zMUchXR;Se}c3>y^{59|~cRTU*Lhi|<U(u~x)=T%2nRU_0au-*xh`<A1W<5G+Z=~N?
zHv}C?K2W!=;qwLy_j-rs*K?*x=l{ib_&rNGS$vt2?S{7JA)CL%x-3Vha(w%J(WyqD
zQ{6**5!$eH5-T^7bS|y2+IDm*=X|+zs%r=I9?$&DBZ90ymDmv<yxTYT?gG)8@x-@k
zPbDKe^l5w&&)5jhkX)C8AEkXuNnvCW>xwL|xT`w^Bdkj)>svI8d+nsBWI~^Z803K;
z+r9+YT!LR^C;G&6{L`m#r{6^G^t;@=(=V$%4?B<U^i#XEHMp$`-mt}6yOKQv?p~M%
ze?Z?YMD`uDhO^BZq3540m+Xx$Bsqk!%wvyLeiu5=JkJkSO!s8hC|+c)Cu?gFdp_-*
zhs-t}rmy67R(gExud&8!zQ~;P2;<x6$(twp&=Bgc!Bz#1nfQy2Gw(I#qB%#9i%N+}
zlT2N$Z}78G-*ZX|efZg>+m-VD6V96}|7Tl3u_b~0T(w24M6SnZP#Zq_Y(_?sUs-K6
z9^o0>TdHT;tkyF)|FE8EyHwBjKwtDsA3i;^Uf<*SK44G!SGiYqnqm3aJ8F~9kRQHN
zIcI)l<~uw5X-24!ddg9)-;?xxrV%}tZ^bDN<1_dNN0uvJiS$ePCH?4o5$p~T^h5cu
z<fD|m!N*7PpJ;$S;!$c--yS~VyJ}l)Xx`PxljeN&%{+bf+L>$0ytJmxXPR+EX56FJ
zXgcFE*IR4G8eOJm>Xz!6H7e2b9NN+|YgD9X+A`OaHM)RjwOKA4g}z(%tfAo<uN+za
z{v-0|rehNxfKBTJY)1pJ9i52nXb^cvy|M`}b!@^N-gNB3mQ6Ui2RTwUVehyOY(gQ~
zIAs$)m$NI?=&QshtaWnpIk~I%L)+Z(3GUq0mDIV_eJ6K`(eyvF?6y+n<{Mz==7SDw
ztQuF4o^9EKBURX$S7TR{J$Q@J)XKP?Uaj*Sjy-sI+#ZY{a(OU=bFRpb(6!0Llipij
zb#p-k+pYGv9^DgJqHtqBBdYhn?zxSkQ{#wNz>X^$p4QUTr_il;k^9{F-@0Sf`hWX`
zDWR$9q6z-?Tfw6&_=a*6<bA(-MV8H9Bu|QO>8{V&(1ZxGzwDc`r~N2kEL-orx%YNZ
z${wp7RCijwNd1v-05kC0*a*Xdn=uaDD8Aq-VB|_*Wd<;F1$gy!?1$;5pU$*{0uydK
z=$7HeG6zR41m1)jvTZg4LynzO{T|}HYgc_f_41MBrwdlSR<6Q>x24m6Vy?oMCkCSh
zhR(5N;=|~Ny|Xh1Y7{>PKFdjQ*xY<ttra`Nxg>0%Zn$({F*1R(NfV4FW7BE1Q%)RI
zy9$_8F7HVWTo%?eh*regT-=8?D-+us@3fg$(~#`@xRrD3@_iI=mjOH(yEpkePPg_W
z$7?h=@BHJD8yRyBFj)%EtAO7H;dd7(FFNbnT(#*!)h*37qCw7|sGc8KcIrgH1J!8;
z?$1c76Uj27&1qI0Cx(vogy!4h8Dx#8&h^eeth4QEyX{Ka9+A{`HEmbgZTra$=!~br
zu2W8(tfV^REhCQF9*-@5)}N^{D8E=|{<MR)T?~A7=1<E37LP1^1-SJ9KWV_R7h0EY
z+sXY+ZhGhTfko$dEqaHIKf1bqDAFpQ5V_&UyXaj~3`hsG+JUQb@Ln`h{vO%>+OB2J
z4$ZUUKw4I()vlarw?`aEG8{ZP-1dPDH`c|rr4^b!Fzn;l@N3&9cxxRWSSw@Ou`LZ-
zyhHOkePA2$fo-yUU`vnkf$hoK5Mf-}Q^}a759};_VElIbz&gq<w|roy^fT|e^&OeA
zO@6SIF~jtOHQRo$wrx`iUr+Lb>D}BUKiGE154H+F7;?&K_`6O&%cwo07(dum_`zo5
z2b+%{Y%#E1iyw^fi2pi%uqlV9Jk~lV7&U!i#2qC0!Wvquf(`P8Rm%7Euhwt*!gBOn
z<2?5d*U9&V&Z4rd*c5a0{Fw86Lby)8ujS73K;<-?)%s)S`NVLYd|xY_=Rx5dJ+F42
z2Z!tA3wy?TmM=^(XXAC(N0KjWn8)&k6|*jmFYI#GwhsSP5P8{=RpIAmym4GFw(-F9
zSMXmw<>6nub(Y|F=z!lqwiwE~$xkI&ZW-}Yj<3vVOY|6AwPo>6pPAxuQ=J=-JR-l@
z!<;j2M(2p#X7dZ=631^A+u}za>x_v!e4AvkUz)Pmg~LoA*;@I?mduYW--fSCyutC2
zoxr?(j7hT9ni?1H03YMLgE8FEP5;9hjx7Iw)a|p6YzRKG2}YlNWF5d~uophE4t!)$
zaJLvASqQo84DSOkWb;uBZ~H50p;z`?YWl%;A$Q7u_K#@~ywHX&-p2FJB62#Gq}8?~
zpM8SQY)P@@C!2>%X8Fk;u>52b6{Clr3?6sr`HWD7*RcF#McDMg^E{7a9DjTHw>$l0
zId@okQBE&mZIfUPm=Ub)0Zx7atSOI)&gYy1oV|;`)A6sl;jA$ZXPtgF{r?!USP=h-
zY)9K}LryN~^qWP%p=a@_&ig2}->e0D`&rc0J@BS3JIJzk*3s9o%ttZA?)gYZ?(2M(
zK?BjV%=ru*dGuK${AlLc2OqMFbYS6){AUrZ&j9YeFyq&i^J;Xy{xir4bT@mqGHq=8
zV)W7ox{vHdZG6`-KDW<GHVpZ(Y`@h~`K@lW?L>8PU)h*&^%ulO;453p+Qt2I*~JZx
zZP@hBd9&tuu#@i@gd8jyUt;;^<g?#<0X|;(_F)t7<10(>(E;1?&*3*S`#0eY{Z;3&
zWTTo(-|YALrKZnpOn3m#o91JqVovzJ)>h;Da@(k6pV|qp=WK*&qne9f?T|MsJQiDb
zHS}LFzJhb@3()IjCz0K&;|O%-PT5X}9_5E?z5t#_KR*0w5%jfl@Wly!1Tzk;-JIkf
zy93%C_m3fWR&?hdE0XSO`Nw9%!%f>edRqHr%g*#&_NW8@ST_E#UBG(H)OiJq(Dh5P
zIkhhcM*Cx9C_=}t!EZGk-Y>YA;-yVs!#ay**-VUKhUp7vpLj*+6WYE3+k@;_s=tOl
zRR3A>V3&Eb+gspmD_NVq_{fY8VzZt*vC~I302q+XTej*7U^qs5@{#3Cv*?Gjc9raP
z8vpC8vizz6&#3lt{A4p-ezMKrZC_!iE~gWQ-e-R+@t1jkAvYfB%$|cs?zL*ZB8ATk
zT4DRlI`PrA>6tnn^mgZ^w$IE}Rz9;2d4H@l<~Y&J^Oj-@G-+m2=43bQmP1pu{>k>*
zuGVJLZxj7!$$k{Ag?uS7c*}xhKN_*hIrJs}t6-xJdwx03-@*Ruz`bmvyMWJj>>+~d
zJ>cgG;Pdvh(Oah-nex~~Y$Nl4S=m{0k(>XF?y`$Dei+z&gmu4?w%TXlli~lldAfUY
zwCN{v?5wh{mU1^$z%!(MHn10&(F;Er_d6;EKz_2%Xy0e^4Rg%+))qil99o#*Cv)l{
z3m)tKA1@yBEA~YDzpUfv{WsWyWI3^d_@{v3o99XLo29aWx^XJP{%fvB`N^;ml(C<-
zpR6I^84&lA1;;}pSkpAtR&b$b!38$&1bmg9%d~?d)9oCQ;3s3O{-gY4%_rd}vvF}0
zZHd<3f7n>oT+}VCU+Sjyjvr|rzB0|Lyq9thx@Lmhvmd$VoYRcS+5_1R9r@?m$l1M>
ze<Ww`_dc-#Se&;B*w%O)I$91Mr`pHJz+!VBi*pmpS5n@A<M`g&^vs#Fd}sH|cV@4l
zd}pWQJNvThuxG;YTZc+uC3zisqGyiGBzdVaU`$$oytGL25;9M+yd<C660hY`bIVJw
ze?i_D<fT-8wF`l<I`;cE8|Io1!GBJR%PdPP@T<Awbq*n~NN!nxY?6!2tymz*E6MZH
z{wC9Djh+1ard$JTHfZls`PEu>r}nEo$NO~l*o;YlhCb)d+WK3*S9%7v2j7j&x}Er%
zH;6s^6u6z{8L+ix?wuRHKJU&Ai@@LU@5E+(3T%{7wivtQ(~iH%mQ&;YCiJ~_8~<(p
zoJCu}5p#~Ve~z<&ahSYF^1zTz|6FsDf9@RqPoO){2Gc(WU65R3`{(E<Yu;?mtEry^
z{~Y7));~wzefG~$r(6FVvY>1y$^O0gI-w&U<(E?(^gz=u2T%Qf^2_n=FtSns_U$3a
zadF=qb5i^UHky>aIpw`^d~;K6|JJe4Gv!_oJv%Tc5s#H`;aKQd40=|{Jr=3pJx-f!
znDQt4>+ZdKgZR{9Z2qe6_SY%q!-Nr=uDuKoY@1-MT`Ip*DR+N1&m=GQR&1ic6KiSu
zR6f@;K9$C7o`K~*>lvR)wVv;R7wH+F3bs?z@3e#GvDwD@8(8mN`v=k0eB8VJ|9AhO
zY;Vc_!6)G(j(^a%FLSbwGTMh!d*IufY5KrQ_05`B>zlQ1)HiFa`aiLKRr2ducBG#D
zdKa@NC43H}R~G9V{3+sFHhTFq$NlS(<+4jOLf7SwlmANb$I|(PuWp~7#xI+bXtCf^
zwgkmw$)~4w9e-Yh?a!;X{dp06GnZWX^_WWq->(u6I)ZwFyXzQ_;I7{G<;~KwmvXi*
z?@B$ZzU|AqT+g%<vHhK;JRiL_L&G<%JF@(vf02!=3){BW*Q9x;^yP8aR@|32!5fkf
zO}6b~;@9zQti_kN)X9+?_vJwc9ou$La?t9|duXvEti_l2mODps+t=;3uxlsh)_cwN
z<vro{<;kwS8hiN`moJZTb>++R<I8JS&RTp1jq>G@XAJqPFoi#_;V6F|zLZq{ygN&5
ze;)rQ`14ld&ol3O_qT5c?(yL@lzEJKi*0#J_Ki94O2>b9*(hWMd}_g7%9YKuQ&0Jn
zwp)B_$IW)j9?I7@ZVR?scz0}!ZMzM)Y`0!tm$utq5A5{oT?*_8PfWia@D#Vr(nm%&
z?f>jW?un-Eaq#O|a9VtNcYZw+F6CbeO~9`gJUzj$7j$6s`nX@uYSYt)HjTtKCpv9T
zJ^p^ZOYqV5)vs5ORHqBSUfich&N|Z`S%=)|Lk^Yyuq(gb_@uUb<JTLSROeXzdilU&
zxAy%KU(-QvTK;SMVs9Ph3`{*|Y^Frcuhm%_ok7Rf$JrQfxV~y+NAr-%i#j@tWxB_Y
z9EP)?fzZD*YoT|($M{`3(wH=R`z6ulA)78zduBVWo+h2oRqpK=x!BfmZfNgFW8J9x
zf{*EL;rD4z`5h{Gw}&;f@WU#<VS%?v<?2^^n-o*9cY+b!KH8+0OR<@L=EPA%u=B^T
z|F5sQD)DUHY7c%z_*j(@ZM(<xD=vlp#&bQitoGI}x!h_`_Z-$I-E;ULx!K3yU%qh&
zXQJ5SRgB#?9)FrKszz~y$_*(Vd^li4$pdMgiSjA_j=RqfBPWV49>!i8TXbS5R>OIr
z*a@N7BEA=Ko@fF7lXLJ-mUwG}USsf+%yIP=Z_`uTyiGrC^)~Hb+#fT(7Vp^nwh2aP
z1OCZ<zpaFJkD9j=zS34gZ1bJy7OP7NcP$J?bG^g1uIcBi$(2nM9bhisviB_Fcb@0r
z6)bG6;-4baYop#y>a|l(Hc;s4U0>(Bnz*VmeuuD!hO>;?Qjf33Ko{HV9g!bc=Gnak
z`g;fab%6Z}W*h4cavnqcU-4%LS?evFJ*?kyWkIOw%7P5<sG6P3t(`gGcPTXYVFG-I
zIkr@JYPZkP+0@bGLLAB6s$;^+bx)3ihW3eRA^Bt?UL%@G-nG`6OG3@iUD?C!`v>!X
za(ZmJ&T0`Kw@zn5rZXnZYcFz@Pq9|atyJIMi!Hx>4SCgwp{N5s>N)GZz^peUd=d5T
zHh&KdpU-dcrC5pR`X%_kFUAjE!nv_2oFD6qk!oHLjGj(g>cfn+T7=%BXZmV9oH_Yp
z<ZSr-Qr+MFVGj4Ve;hlv1zZ?^;mBIUSUZ?}I^m+Iv8<f?+nsV}kN;x%+0-jKLHD-@
z!tdj=6E3{V_d9$fqiMcQ`70@}axw5hXYhp=`d{*#zO@#m<X$_;ewM9Y?{yYQ-y`rT
zm}Ts>s!m#~ee|idx|y|l5nU(3x<>fc`uJXeClWLG=L4)c?<=t3H1oZaXZ>%O|Bndo
z(Ep6XTqD-3nKrd%tkI-q)=YW1wPw|<*+<O1Cq8!_KA=73S-pOo)yd$jju~^sStU>Y
zCM$l$q6yu{ubB8B=W|K%EB`XxrUjkxD^{D`$FC%|nH0Y=-)S>N{K{*7D{kS3#F>hR
zV5gg;_!Z|&ZL`f={Lmc53F*F`qy8Jm-oUr@J_lM<>WXiv(i#t>PKx-JFB_{Ozp}gS
z-te@tq&mmS)4nypSQabs5}TI^Zu-DcKe(C&&Sn#{(%;OxQoo=y6e3397e&Ency)2%
zi(85d*Pp|klU3um=ajnwvW;jpvAq#wyIg!quW;s2d4&!FS329>0WTC?3vU^_;SFN9
zBWGe?dT-_Eg@>|gpBZ>z-qXYiG-nboWEh-V;M`_OU_&HekjHjh$E#Ie>Ck??O72j#
zt2*Xc<iVV^9E%Kl`#siKM`Yn8I^#I6^NeG)?3&O%-A$(7if!<aH%9MFeV+Xm&(VK=
z=CK4{GWOQO2<1anH+SU1e|&ypa;W5%4Ra6Am_&|;`4h0gw`2#SW1#Urq23{%v3@G!
zs}`(KR%If{xvlt+r}4htd&`C&Q%-#0hRhW!%82ugK!2Z<KErtYeqfI0EY6~3aTnY)
z&Yk7odwWON_}V0`t$8+)xkcdbp^~x<#M{oFj(scO8Qs2wn61Oa?%mGXFNu{EJjD3J
zl$q-_3d<PBM0jq;nZX9)V;fd_N4HN!&d@V+;*6Uw{4nGC`o6M)cJIi1&acjIV^0=Q
zuZDhWXp1{Z3v1w0>MMfpvzl0zoA}S4X`H8=4;N^DtWEWv8Ivx^U`_VK){SRAT9+T2
zykIQ;<T2qV_CpK2V`{XA)wKHq?MEi}YwadBgtc5kc^_+y?Xp&L$fe(ZrHtmLaj(Mn
zYwle?_RgSe7yG7t)cMT1KgVXNFV>HE$T96xd7jG}p+gl;++9|XzdKNny)RIpI7pr6
zP<-@U`rE+Tsn4$Z3a~~FoXlhYScgFyyf<@p+aRVE-o-ft?N63HkIQLSa*N7@w%oJ<
zdt#yHQ^%RHMs&z}bVw6k&|jWpon;GXB$sbBYu89Tn$|@1edP0KW4(9sk^Mm5HSD+c
zZyIsiW!|yvkI?5MtX&O#Y{Fhu=JCyIVZR=-#x-a<|7%ZY^8Xw3orMjdC}Y~ZC-KoX
zrul1p8OT~kyz|HN?4yr27)Kd8W(asU$1-<rf%!kr>R)5}fHiaAYssgvb6?QDdWnPA
zyapKa!KYbm-~xBqAlDXe)BLpW0b<5Otltv$emvt^&KPy(Y^29yo_VnDU?u(#xQV2V
ztkL=jZiI)v;gwhGJZPZUm@geRu-KSCo9}Ac&{{=kU--Ru#^unk>Cm!i(6p)0wo>AO
zE+f~A*Nh>xa#RfF{Sf|7%2QF5URz(HJmg+@V+L`a>G^y4O?+p*?zkhqLN<#;x%t$L
zPz)Q-OWv|Xxw*ts8)`M0>Z`_fguG)qBzL&w=2a!0rdOtR%FU4^xp_OW5F?PAUm6Td
zxL~H0^=pKdN*@-?R4D!hm}z4j$Xi&L3yxU!2K%goH)o!5DQb<BQ*dMK!Vodd9UB*2
z5ZdS++p#fL$n)q9=`5kuo~9hh(X7GhIY!e{3yh|pRvArCGmmE&uW}i-AxG~x5?lU9
z#>9QTlV2^lenUm9c-u;^Z{BqFy}s)Df{^!yj<EN}f@iC4>=<Cn#t$zFK6VAa>uve?
zb>!oRi0hMFrg^9xwUGtvhH2wj+IWsOmQZgE?GWRz^^6Q(O(|_izFxw&k2Y5FJCCz-
zZvan@tnJ9zkM1*;kvlM4hh6j_bX0P-?g~4|-n{-~FjR%C{cOoC1<!eJDY$)+XXYZW
zaaa1VCsvd)#_w}(sh;%+G4C+*Z=YZkKFgZ4OhE4TT5|Ue<Ysb!<R3=n-c^EpJ|Qi%
z6S=z`ILza&oYw4%LzbOJa<>^Tng5^pF*643UXxCa3jZTx)S8vDmi5dRc%NKfbyGnF
zv9fhlH+Re-Pj(%!we>$OnQ`xo&O8wZ$rEw-&Y8gX)$v>rbyYWXTtgkTr5OD>?@b+7
z>zOvIxeN0XaP`~S#<CN6CwrxAD#`(@Z`l#`t?@J}?=WqZ*lktonYN1Two0KRl7&^i
zf%p{Fss19<oI|6&U2`~_I-0`@dk&?~Yc8Y0XV`O>eNyskw>oy!peErVI`P^=DRk_^
z-b5WcK--RvU6F2l=IGc9_+6i<W3NrtvA_DZrDM+`Ze|#|bKU+2w#D{JuOO}*9lHbB
z-K}GH%<<Q%T%^R03^_cEe=_PHLB4DHLdSl~v2R9BMaL!{=)lC{xP7x6e2!G1W3Tqr
zMn-s|ZP}h^IrX3w=s#aGZAdNXQ)^4D_EOygw;g`39Bwb8W0xWWn>zMc(y@o3V~>vO
z*oOi}^c~<%c}K)!q+=hlX@hbT#>Q|1A7h9G_zdL3SYku?!~&sMrY9QNmRZ}@nprCv
zv7NcLPVm=$IK*H3k=I|lgYkdNI9t49Od9bLy7qwsiyLBT!z^99^|Hd9-r{I`NonD(
zfyL4Kv=LiB>5Z;Uy*BFYq+UDqy3)0G+Pb#RB=12F4m|GJ-3os&_C2s|DSIb6kb}N`
z*hL2pv+mNjBbQBSXe*i0kdZyCW+(G&XCAsk-Q1IGWLD<cG6%db5#Eor_3hE%{+Rp&
zN&0q%^zCd%-&Wb--0?9a|5x0xA-&PT`#Tv^gt_fO?}Kj<hgfRq+p9}0eLGMb{pK&h
z6JX`d|LD}WXH(D7w{PLMsc%;e>R#W@ERJ49Tk6BqC5IG8zpiKca`bJ%ob+wqxG$FH
zSo-!_x4u0Ge3HKHl)Hv<<U<%SC(F{e5C7MZ<%jqj<m2etPT6l!R(iJVSJJhGA6kpJ
zuFX0?PbQ7$KfO=ZwPEn<wN|<II#rlDcjr2dw%6%F)=BzwHG1~%Y+d{GpRtC#8^T&C
zCRuTTC)(@wRs9D%^yk@ZUw#nQs-L}95$V~iRhqq4_2}6<nDdv_v*UE38+)=t1LAsi
zl0Esk%WQgJ+mqvMc4JRIs?8*O@^Yum6!zr5w4NOTZrr*szR>tN5|^Ic;PYDgdtYqF
zk0!O<8$J8`Np+4@&;GF=J=-fiyC1wd6PeS8Z0biw%|g%4CP$*DwjLe(IdpC5*)J}T
z{qHLq>gNR;q-+0-d{!NtH;PO&8mjTnyY*}FLFw1hpI=8NY+h}Is`2OlW<YlB$LQLt
zw~X7+w%QYFK|g=h`<0I8(6<#kRE?}CeOUGma0&VY4Z>#P=)})em363Jwd1ExTR(1a
z^lyW_1PS{0k=TiExN;1seYI=q-|(5zOmyijH*fHNVd>Ia&^4q>OE)Occ+ef{eVsbd
z7Ick^?QyoDx7K^P--US<A?uAEWa-j};cE}VJN2#cKS<1~6_<nlFu<BiB{I}cs3#wK
zD{^K1mRmNUgUp{u9%1QYdFYoK>npr}h;y}V=(?x<vTQ>;bbV2_F@GU3v;8kIHb@sP
zLl;)=4j;PRBHFl+b&+mzni=OD$Um9!)-%V*{uz_1(TVH#$JQ-ICzcH$m-`CGqT|%j
zj%?oB;UT~M+*qb{uJDenIfSnCs`nOi&DEyX{io0w=}Z-S6LjT<eEPL@<%XY7Mq}6f
zEgxd%*)8eT*azn4+T(mya~NmLm%gca3}w9PcP!u15%2ic{f|BbuQd9nU$M~Jf4Yyj
zoqRs0b57>Z-u~gb#YJm=Gv3&}hI2Bjv<Af4N&m|8_pkBO272}&>B0DG8>9=%&Y<`(
zVwsi8v`KwwZjp(^OHxMbpCesHx=p&h_t@DSxO<Xy{VMIInw$2_Dc7Gq9;RJ%@rIDM
ztV8Qq#Mm~`Huz$mi=4}Et+nFNumv<s++4OHe{*0%ws}?>TLAB63n*nhRqj&08_`Le
zKB~LW%iEEeH20mX&m+Gr+i*GUkZ)y>#v|SQ>x`+Kb2`%37onGLmR?R7?cZbkx0SiG
zW`l@HL?@p<Pqv{1ot$Us{aYE!BI)F;w_7JK=UHQDVZ8eGp_~7S-_^n=TNj^;PL`~L
zzfQZ-!I5#I(!qV~`^Z7Y?oG58!6xD8;U30%3UDf2Tze-R?u{O9;{J^3(70*Px~b5-
zQfS|0=qZ<?r&xM;x3YeTzo|Pt{OqBrWb5AP;SLXUWNYc+zrUnw**Xo`T6*|<sq}E-
z=DN_s8*-tiiF&wk-1YE3{SE8klEd9H`18Aa*2UMHb6?&Ytm!;k7r&U?2Ra+_edwoK
z7k{=JJ^T~o_Fc&AZe2X53thZrTcR%h5M%647q28gx%Aiw=Y{3JiJ=2^=jW3Cyns4x
zUHncxyL9o#GL2=Y^R73#c)8tHwXKWaWVcn?2VHyybu@>U>^c1Xvz81z-JW}=F22z`
zx0-7}qsXZ)J9f^n#Vd5q!MBHVbBFPHrW-#u2Ce+Vk%gPh^LDW+4{}aYj!5EaVlnF+
z^b*>tsSk#*sbNn`%RdeNFP{EG>^RCDdF`<8t-#j0TlpHdLZe!skIndHPCxsL<=Clr
zOa7P*okqqleEr~}Z6EYAex5`Bjqv$ac!z06wcl%8lAXQey5QcweD2-O{}Z%Ku~my6
zFhb-rj^4tYnZs`A?=0yZi`5_dI*9(r1HYSCz<7TZI=f6CG5mS%JwLLL`;d|0Hj#H(
zab6X)p*}=^HO>n5Mmk3}>#VcJpHkm^AIqF1+F{0eQ7)pGEZYB=|5ZK~=B~+(Mcaz(
zHGc7PW9X5EUGK?i=9YR-lz*Xr=<qxvdN4T$1GE^~Zf)M;3)mx1Nayj}*emVR!_Ngn
z4{^Vr_Ud$dpF;S+wQt(1>)A8-yt!BH@altGOnGSS<ZOS<b?mv1HXD%JB#UVeSIseM
zpDHn$KBC++6O5+q=v}SY&vqb#O70B!jQQorW%a<O&hY52hfq~nM-*5n^ZMJTut!nq
zj)%83(^maiUw}tt9oF3tzIO5N2I>}hN3`E6K8Ebn3@=pQdpM)nXv0O@oM52|8^rnU
zq@8KNhhVS-TI0aUEY=c!x7Jr&R4ce};3dM^G<{~l3^LQK1B^%IevxL>>`hCnRr&Rr
z^Pph#^|WDI!w({}E;e?TY<^-z>NOa~{OxnF%zqQ>Xw83^nQKz>-^cu8Y1aJr(cdc0
zRR~5uD75CUT<9A)TcY`|XZ{=0hR5gszxMoJWd0H6ZNf0~zQTmz&O8eT$+K{Hp6)QX
zJf3Tz9G{!9bbReAx5kz`zc=vP2h2)uH{n)oLW_p;Ec>$bcD>hJpP*0Sf{6!|tGDrB
zDsU}4I9+(4`rv`^)~Q!*kF{R-z*r~P_;5iIK76{{7<zxh5p0I;{N+aYJJi?uIJwG)
zY(6sLsb^(dOf0wZSz`KJ<@}VJo1(pMCbbvabYw(XigGt3mD@)-iypf2<+6Y1>2F~Z
zT<i1X9~DccJ1zuo=qNu&j-G|A^41jcmc(rUMt(v}*|R04-13%h$wMYg49D+v0pr+9
z3_<k?#T`qK8}mHAt@%ev9xL+<Z)dM&NlzT_$ueb0(U~f2!PUrsqD8_R{{VjtNob<R
zz2ELYzFc=Y?dks^_fF#eNGqnp%z0qbJnh>8)0RCXe3H2aL&I-{l=nrvpo_T|AH&>(
ziF3chnfs4A=YDuY-{yXC4|D%B?e%u<t(4Vz*7h{_crNqK+#o&fd%0x?UIqPBj*!!x
zxf5?C7}mc3M<3^&(Zk%I@59`mvgdwvPjipwu;|0wUH6!1?th+Q!#uIR&fFj9<J^CR
z&9Xa~|K~o;{qOC$59w*{tG?EEe6LH~_vf9tpVc|{qCU?3UwfGQS$&xMSM9m~uD%C+
zZ#jm!Hz&^hpPjiEch24D<J?PonEU51^&a0prmXP&@t)>B{;a<5d(K%2bp9-7?pJlr
zeKY;{h0gnXnEQ);n0viF_iK8Z`|M+wdwJsAKQFfNeRk*EAME4Y-@pdj9lqb)hq=$S
z=RTsRxvx5gxz{Dm{Y7W)^E>BW(#N@Doa=V(=k;Ok`S#r3f2JpVKZdzCC(iwDXYPwT
z=bqljxnJJH-1q;Y_xRpUS>gMSdYXHRIL99Ods4jPdCuI4cXW8%FX_K8_&%VAxxdth
zxj$#m{RZZKWZ{2=_Tih^J0s1s51>E3RZ9N3yy6pUjSr1GCBOP}j8NSV7GG#oKFFtv
z&-eIzpU=Nsm}}b;<V%-LVLUd4-7C5KX~q=Vl@7ASv?WwLSZwLh=nWMo6&FVI{TlHt
zijP3As6ZbtA5QF<9aHdKdyHo>#`5!n(P6w-J=rtL&j>~b=~?yld{QtvfM>N6AtvH8
z^rSB2)wRg#OMNNgVN>ksT4eRN;<9>DT<oTxNypauh>Lah^vXW&=?{I~<MNa~?CE5C
zy*_%nn?0R9_?Y+fcdL$lPoKt*t2N57$M`B^)SlMy-o2+k(X(q$f5>yM_cVo{w8uS7
z@|R9`_7s1qv!{Pt-#0v+(8Heon)a%DseipjS<$F}?ru*P4?X5Rz3a(i-_x_~JzZ*#
z@iKc)CnoLbsY!b}p)Y%y!k^ybo+kO#-z~E76u-K&r~lB$J^dLrUF}&{I`wsZ*we4u
z>via--Qek};m5qE*ZuU^_w?0QEj%4#kMV8BC_McI@7;L%f}UM?`ZJz;ji-wz_C|hA
zq`j3B6XfUF&Yre)+6s1arnN8p6gy+Ld)i8Sy~We_DJwkv7uKtLzH<z7-;_A_lbpFn
zJLmpFALo9sU-xr=st<Gjkv;dzdYZfE=zOO=;<AyL_q6rzY+Uwt;_`w%&i$1h=KlA6
znEMU(+<lt6*YcI@o#7=0#Eh|6YRXZI&#3hyKRI&JUTlJHS;;y76l*6Q3m*o4?{(G4
zV7_8+Z3RAB-Oq0NB)pbSV$(k22;a}Gm0Y5nou0{G5D#V4{yX^)<%f{{uHN=-G?KGf
zc3jgI3;#XE9`FA=)dQRsAH!Y+6Zh&n&R&h`+$&!n_v*?X_Ua(#fqRRipHfyh`tO?i
zm)xsm$$K?By;pnn#3XC4&Q7scHz)1Y%l3HZ_q12QS8{IR9`UO3j0Ac*z}c%%=U)9g
z{r82QenehM?L}8S^56QfSKqVees)iD-+T;n-;_A_-&|zVl!nf^-_pmqKi$LJuk6Fz
zFR|yoXSL*mP9KNisl58{ff3P;`S^NUyv9;;vMn87J|#Nkn^U5aZNAU{(&zSH>me4+
z(&tpZ+4Mtr!Vm5w_T%IGULZe8`>o_U6I}=lHFiIVpP>4?fteMT8U@RU{g&US8b6f(
z$OGHv6013U-vf_sB4+w~^xMdte0M)+ghZRHwuglAvk?O|H2e>=zv#Q?ZjkP`|5}|7
zwRAs??Uj>(ePX?h_ea$>+;e34CEpev%9oi%EJ-#oCH;vl89==g82dnIXj*NBk+!vM
zkLLv+{*Jldc>MFx_xpdWJl#>wqwO)zbfksLmV0)$RHcP>TwpXPK3MV5)osSI9T(tN
zBOZnrt@Tq)-#B+`?%~WD?><Ny(yn^~_i|Q^^MteZ5+hTJA6$2T>?FRoow@i}gBvo9
zCfx^!pQUgbd4(6HWwjFzR9lYU<#OWS9>yp9Fuqj2*X#c9%ZU@agZrW9QeLrgYFB5-
zn$fR)o?!G3{mJ=+56sMIi9b}ae)|U+(Xq7E4}CaSaeMNw;!D*TXZcYzkHcOgUt>Om
zuV)kIBb6sbXX!M)m1#!dySHj=!`tQGmd_D9EX3zDUpbiAFVknIGbWz7_Y^!0Z%_=9
z;*RvZgE_eSRiD6CzWS}^9=?EQ{JhONJ48E;lvV7J&SELHNVz2xtJH{JO79lapVkrn
zRp_jp%Dhh*><E)~vKD^t=$azGvAdM@@R?^kjOhMt#UZb9@3Ho6ti59Kedc;w=ely(
zqkPt=j5BST6ER<fVa76zv6Rto9dTHqJ6Wv1o^yC+-<t3P7yg;P)xP#Yd+;*8E$zVp
z?-=YA{`T>EW3!w+X~W07n0e(AQ|9vo&dw#Ks~H=H)*ilWtt(?FXFTpT*O;t2Uoq<h
z>7zZOSZ?LNp8-r?0c?LA7{44?pAKG3BW}vdfxm}2Gkz0(_CI-Kxrcd}ctyWz=l6Cy
zpYq>d3SVBO4>!KxhlN-E_3`Cp7rq1&@ueY-FPx9+4qxhez?ZtN@CEwkx%Zw83HZWu
z9AE5y-T1Q7>zUWm4X$kO1+M(QD_kLVuhjF`#g*c}5U%7L1FlT`|JZx;__(V2|NqXU
z%S>9fHf<>aY08#KK?S=-T03chE^G=#6qP2$Ws>Sg5D+3u)3T*4N>d8asx&Q#%|Nwi
zD~-#Cv=!~5AB$B`KcA0X5KLQ9%GL%*^LxI|Jtw)D%p{Xg{P_Jn{9_(>?!D)p<@H|9
z`@GNloRdaYj<)%n%DZ6SDS4`WxMO@kD9xPzr=IY~zb@9`(E85t2s2aC{3A`8TT{w<
zF-@B5Q_}oznl!~JW&JKqn)j!q*_I~F87XNtrb%;hN}7f=X)Z{q^O`hi2Bzfm-85-(
zQqnw>Ce52`I@02SG-(c`q`5aunx>RAcce+PGbPPeNb{#PooWC3lyuB158Iw5-L{l;
zpG{My$657X!3Uu}!tvYB(&VLd*V=UJQu6&U`Re^gYl-x#qVFeW&1>vyuSfgWs$=}?
zE_;n1>)+SeYutWUWxuPk-^FeEI(zkO`cnUzDqpI{_LTN4$k3i&*mUz!+H<09&)Bd3
z3$zDZ9{h%{Gp<ajC-cg~I<=ql3vK!fQ_{bfA^q((y`%rcba;{P4L04Flzg{m$TyLa
z?-?2Lz1pVBPs#VkY4RPKlIDptX^u)s!@P1Qocg4sS)L}%TV_3JyIee&k|t7BQmi;f
z>2=Lh5wqXCD$Tr7Vs`ty(p_e*vpvr}-)|Wv-{xGN2Ys8j=ze4SywXj&Cm%PjluGwM
zwRY@R=5$q8=3la@>s2XrebUx-W=dT@oKn||dRW(ZS9N7xA)C6sFQu;c+PcP4>UvsA
zT?=|x*CAci6@Pg)b=7=xP~Vo>x*ld;D#!zG>OQ~&npf@#5A6F<XTHB6g{OC?Ni#7e
z%^%XF8J&{mH)+z0N=fsJG-*brr1@EzG{aNUtWA^V*pxJnrAgC2CCy5c#*ckYu#ZAy
z-mS&ej7#<3`^MDfWx`v}3j)u-I<<MJd%oe8_Vn|nHh;}MFAF@sacXn5dmairFQ3{x
z-#uUPmG*o-HMRLx_q-(V{3BDFzwDmxu53?#{?z7c-Sc^Y=fzW-E8O#f!1J@FHh<bZ
z-*9t#J_S>ouXfMN0?&s`ZT^^h9tu2<PHn!-JzsH?=FP{sc>QTw^V@O(bM6~fO;5#m
zcS(Dh=f|5%TpsfR&x<+#%RMg$JZJ68825Zbygi?Sc=P+*^RmG6A;hV==Zw|cXd5N|
zm*=WyWW`+b+^_T0=9Ap>lECu=Q=5mm=euujPyfQy=HuM+d4cDDoZ39VJue76|Mk>n
z%{`lPH{8~q&xWbZt;}_q=VgKC>!vn0yXT?XI%8Zv)nNScI$zFTyEJ5CCvJde2T$Xy
zq}kz`9LDk2&-M=Nl5Z_Mcu{oT)#Dcs8|}@Tb!ZQHvj~6KYnRGLw$a2#s9))n&-?*h
z=CeI*J^{H3UD1wx{p9AKlRhE2S~0UjoAk{4_GHthpO`iU^4J~7<LSxGKXiG_yP|U*
z4SpU;lgCf+cXU2CEyCK9p<cZC3NN&+;qa9EH6IcU4c(@`e9|!s_Q&wEjP1+bg2dYI
zBo6+|oToT~F}n6)SW4OX;F`eSbdde1B7AoOzQO8nWYHwn9}bx}f7$wQ-u^n{2ONqI
zEf2pWYhwT6E!F!4<b4C*zCkQMYfTPpGwF1$jQp2Flb4ZhX?W<O8z?hIIh$E0m*D^D
z{GS`{Q>?R=+}eRy>uo!>a0X74GbnPs!%HTy#v%3r_6j_zdVj=wd&xMRn|t`S9jn+^
zuJuctr%PFh@OkpZjVZ(@_GQ|aAW!+NcD-`jj<aan8(^^c=wXYVqHbTl3Lh);L4F-w
zTZSZK)bZKykVV2Jcuv-vfpfCd$NliA!;FD{ir*=O|0xV_F)x+F+6l_=>a=D@xO>|s
z4Fq$1Z*TC;)_#)@MZMf@W5BdNoVRFH%WXUM_xIMZc68eS+fJ=pjGeuxLp#T@SFPGu
zh+j-?Yzp~pRQp6Xt)pT6{@VGpb2q-rJTJUx9PQA2OeyUs5C&i?nGqKIm?s)CaLA&i
z{2w-O7<*pmY|DJD`7!M;8yT;M&WpmK(6(8u_gNbbZ(HPO`MkHZjCqI~W_$HFfnN#p
zX_LI6`z42(OMBzW$zW2#J}#kT%Pl`&)w;H2m}nb(r{@|=3CA*nW4mk`{ElTEubHDe
z6&iZYr@r7ZcW0li7-^nW(O%gM(>T9wubFonoIHQEZ+|$s-$mJOZm#N!vLo}7bFcM%
z7fu(L@{k!*-tN;(-Vw@E-Of(Q?^l8R77>G`{N|8f>lDpRrpV$HuO{CM?SB<Hl6<|+
zx*+j{_OUz@+Dt=7AMfeR5B72`@b@zne>UOA-OYTXzov9Z(HPQhW(`X<=bg%bI*Bu#
zRv>5j3%u(#$Y%<#lgEK5=StCrh7lVU{3!yR|G<B(>Cw5+V1<0=CzV!df_&X_OG!QT
zH)Gbg-P7Xofy^bm)jE0u^9jK{Exu>#?d|T{?9$ee_IK!7;pm<{t?$8a*|&R+%?t2X
zw%GigwEt{u24=wKb7`>ocp7YOx7b_`HZANA-pt%Z>e-i$ZyMnnc%<0zj`$=0N$)!O
z(4S?#VW)I4y5;K@v*9WHBwnj#A8xHBlb+bax<2;UTG|9ZCE%xe*3XHb=D|nNw?Dk2
zp1COTmHh82$IGj_O1#8=A`PoZD_+t%8|`VAj+dHEJfeS=V17J);Cc2faOrlnF2783
zIF3htJm7F`JPnTxNrPj5F#AmkkDY083>`rnFX#b|S7yYq^oZgZdAoE+Qww_<SlRVh
zvmV4Tkpag|wk<(fT}Rqf9RI{K$?EsN)jdDfWx<bCn)lq}%Wyh=jHK{mUyI|k06&&l
z{Z;}W2HL$O123l4YaMve=jA^g3h>_vw7W44|J|4dx6hGwM+*PlYjG<(g19}}1Kge@
zt>pNhjoYts)8lqV8r+7b!R<p9x541nUB4;aran`8Z<fVoSc;BQ{Pf4@w-WT5;pfk9
z-fjBMp~)wy&nobV1p3Va$5&j%SDNE}65ST;C-r<+&KW0X(@!n{i_*6{_mh92uHN(Q
zedKeb)4Wr#k9?bFlDlWV*)tqY>LCu5?+Ay_J(LX&Q#0VOG6jbR(%|r8i^F|c;9zu%
z<%j>??dzCq`QcoPLzC=9Ye$7FKWOe5|5gWHsH2ZfXie|=n<hFP)P>!&U3-D`ZO378
z&~7Si$HAn#ydw_g+07P*i-m((3mUFJ$Ua1GT-k@QMPC#17Qq(KKEdK6?XP(yV?6kK
z+?AXIIh48ja%_SP;i}6fg@%}Mp4J)PbPRU#Rq^_A?C0F(xl1_TmU;Uj`<rNUEHreH
z{%hRUI@x<-&(U13@(x6Fjw$gfdyysL;EG4E=KCpZjWV8pj67rB&~1}K!^|4<CdP9b
zCy1Ay$HwsYZ_8($c7F2ylMkCU%?W%cs+(fvR1f7<NZFF_*7@E6?dvbwVk4MuW$d^x
z?C+&Bi@HU4w{PDqOSZ80>SL2xCm+gPw2t>N_SyLx`wx}gHFq_Kebn5`y73WrO<En}
ze;M%tt;CXuhV?_^<Clkr?2iud#;@QxYbc7#!}y!2_X5RRR1%j%JjL16O=Hpbac!cU
zp)cLKL^jiM=F&D3lXEa9RNq8Ai|VeJ7S($;`8P3kQasOI>X^%1!Yb<Nd4660#=b$S
zpX#PM#;M<ow)#a){W!mY`bG9f^KAV*?TZ;N-am?%3h<BE_4eBPA;jML^Vvs0Sl_`u
z?@gowTeA<sckG;>TXTGnc#Pm)3yNX<!F&8~#6Rx4TKnDim$mcVp;>`-$aheO6u$cy
ze770w4sqtF;XCH?=b<<Ify2jmmX6<swNAdj5Zq!>pXau~bBdMXEUNwUIWMf0eX5&u
zCez%K9pbyl@ccnO@7?b69&rYrCjV@CZ{O(w-lKjUc#k@iV$0;Rht;g>yaRW@hn#h}
z<FVY_MRSM)$mc9e@!~f4Y!qj+>DgR(aT@iXK}^k=d_VoA+m@WgK0rQC9tBSxwdmdw
zujVC7bJ2Tsfp?$^nnQoXld~Ax8=kx%zTWU8du3UkY)HqG<7lsVatzld7cYjtz{QIl
zVy<U%3U8LumI&?2r(KRewTGF`g^yDABI<n+^&Vh&bs)StaM9!N`%B1D6}+lCtG=bw
zTWydmO=A7K>K#2_^@dl^v-S40Z%mL^Z#R2Gr1I*V!j8P^=AIp|>db>wUhNOB5{tWC
z@oatn!`}lW$hUj#JXZ+54f^&X@eda(o%T>m?76hKTG#oP7H`&d<fX;vwsDD#mlRLa
zb@nAjeoCJ$Y1Z6x9==8SNS0c^VgesXG<1Hk@hjHHn}0<b`4to4^NXAM@%_s4iVKzR
zWX^mr<xMGGWy<4>C{rG1N15^_7bi@4oHeCucye)*t}9E53)u@jF`0E&y6z#COxOA7
zCtXL{`L(0t&8sQ96u-;vUF^vc@N1S1n%w*-@6^`KhghrCZ*ucW-P7i3-M?AV{E+Tx
z`!wDEy`*`W?!h3U`#mMi59%H)HXrOi?kU<=nv6Hs=$YErOqz${&0p0$?QGIFOW2EC
z_j_os?(dE_-=+KcoSminuMp>@`;oL?_x}-ZzD@TVY4<_yXUCf>bw3+CbpO$K^NqR(
zmxS(T#G9|vz3|cfhvLm&&^<Ucy}|uC@#b>f3oqTD9&i4P?!hgg`xD~LWx5By!Z-Sl
z(|+5b&mS2+(cE))d@`9d|5to+3T2B=u1v!xCkm4QpB%6I0H5UPKENl(>OR0H19hLm
zC;jy-z$ZDn5AaDVb5lV+(cE*8PY&unz$dTjKENmc(0zbU_Uk^tCx6v_fKQ&+eSlAP
z>OR0H|E>D~pFF4g0H546CxuT=)xP`QV(FCFZen&l&+H-2VRX+V9-UGjsl4IPNX|r*
zPh>a!vf|Z<6Mbemdo6{~ouwPSn&H>5C(Oz5=KuUNe$0{VU8pN-EPt#kbL38*fAnWB
z?@CjC$2Fr7>aYqwtLngbsAz~S8~>vzGg5gYb+~c8%4Q#?XYg;EvQyWHrt?=v3ggYA
z$zS%Q@h@SAY44yae8XR(ekwCgpI$|L@<Q(APpu*z_abo9{<Jz1X3JRWhfM060QH;R
zf!lV>C9V8VrKBw(tzvPvOeP(&987m3>2wy8(v2gX;)YkT$8aOKt>Cvg*K4Tj*Eq4U
zU)97d?5DH2DBfI;yeqbJHuY=-*93Vqg6ocxz2?vG|92yaS0If$18Q>-G0CU<&#*z(
zYM!B<?{cZ<Hm<SqibLh)MThFiBbUB$8&}27@_aqd*Kg)qSLPIAUpLd<dfKZx?4iAl
z&~hr}KKEYA;JMnmc`Rj~<KK&Rt4OnjA7=t2XHf0{${a<RTS+gQVk>DM<G;?)&Vg?>
zgH=6PwUq&%yq7Zm@ImtAxp3M%nKC})-&a$HX&32CySUmmn6_;uoy$*qd)|!yT>F_0
zC(oPA|6$3Y{C9gL59a@?=DA{Q+x`0T-4BFMQ=iG7|4a4<)_7dsX@9m5KixkGZD$hq
z&K{2IG}n;#b@}OsCExsC%43gV^|?xyXZIU^jpsXv^Ol`^fdBfYKi`BJ<;RR9OJ-|-
zB7Y7oG9um(UCj9-A@7{X2(O_$Fkh=apmVyDZMtK}xp`g1A9-(JYux&N;|CAMps=6V
zb=qHT7j&NV_N40`=h{TQTujlI4jmrmao)xQv^~lmu(20HHH;e<bH2xFuYA+QX_tKM
zvZjl__oc|oq4lANw_0nEO2btX^?m-mUU6`K@>P7nnnRkV`P+ii%o%6c*<+Q~_)Wdj
zYFv7AKZ5y+eurzl*4ELN^Ud|))4*qNa@3*2tlME8GDM6&^Cyit-Wo5#ItI>yoZL8+
zbxnhl*MqCe<NM^HGo*s;eja^L5{cJK{%1AY{7N*Z#<~RK=WU-?b@dK@b9WctY<=@^
zhq6@0({K9z5SRCL-_zW0$F&wip}+K$Kc^F6&WgR`q0P_AG#8^eydlX({#PUW3FJX~
zvfAiqUq6mujG{Tqbb2zlp2E!;J!bOFOD1Z~95!plPOI@+W>rV~c*jLsa;uZAtz*RZ
zY4z%8=JeU){zr^^)jrL&^4-ix^V}U#<};=L^Vwr+^EuVacCuetlsV1g&t9-B^y+Op
zstwP3Yi~jys4k`GmDcd_`?sR+_M(@o7-Lo+ef*-_5jqPxvVR(Lp*rtjZ_a4uY&oN(
zfbq_O+m>ifZwz_ej4lczV>kTy{Q6ebF>F4kc3IWYLlz~_IqBp$ar${N$rF0IA~BNl
zh2VL3WxH2;8gp9EA6~&Wf7y$?ujbe9)meWX=@g06r_lBXY}=nw+ZmT6=3h{+whM!N
z##5_k`%|{<Luva4+BTi~Hlm{w=(tjJoiN%*`O$&QLEq&aQh%8{P-Dp4{db@zzl;u4
z+e$}Ht#^5P1M?Oo(08fpWHPp^%5Rs}l(=@)rfFAn)p^K6n0Y+k|5AwF&Zi!t>vY<r
zdFm?q6ZLOV+M{=xs~&rHwQ1WRwGCZZ9l*C5d<(#)nm(tB{%ZsMtaM!e3~4vO0}J5q
zs*zsvgY;{v!$QiuqB3@9A$eS08CzdXf0f#H*RC?tuJ(0L;?1A4FRJv0lf5OYC3{xC
z=CP*aROTr|jL$jyAQB1{i7%vU%b<(Xp)UXF<Uj2Vc;l{36DKh*Io+FoSp>QD`czHS
zeizXQV@C1`<$2AidtF3t?Gy8=?wO$W|E$#4M{b_BFcNRjx;tSXA&(J#8Ye2xLgtDK
z$UkyxxZdOX<5Fy``9GgfHh<HEFy&RvzjMO8`FBhxo&O7-Jw0JI|7Y{8YX03kzl-O;
zoG=&pntejm#JTWW)%<&Sf6oMGlS#h)^^Ade{wZFK>J#NRgfdkx)hWi0=gmAfaywS_
ziV*9-uW%sG`RTmy7{5aGTl|D$j9(!b3+KqG-1C#aM*8e-+T+j94^1xM|8Aa3*O}-1
zpU<-d^k2ZQ8vZHgS30P1;yiv;gQ_N$@hct5J-@1<-1AGIR~GQAM*hqB37dKRgh?4c
z$=(8f)yPmezXZ0(0)ExVS~)+bGtAtvT{k<O7?;ADtBP|yZ%|Rq3B)BtiiF)+oOK`U
zSHy3HDg5@v<G!vB?vtW)ng@-uZ)5^~*F1pJ>9V_>y`9PS6+cVYPob>p3+N9n@R}Da
zVcwIx%9nTz!Mx(8Ul^Rslvnvs_68rx9Q^6=2G%?s5dTgOMU5PkkL(lMfE=j2RD0XW
z#GPk(OZRh*d@2qvzTHvo*1n54g#HC^m<$fs58EU2K2Q_6(>t_dR!2<SJJDY6x6SH^
z&*#(NBYm*o?)V{pO>QI^BL;2+;~-yV@{&I?c_;>{BYk*2EHuKmCs*@7;>DYDSQ}XC
z<v*+ceb|$<%Kaza&ixM!Cx1PEq=f#4F$lCD5sGXRuj{)I>z4FBNb6`_iLs;9FYF?H
z44qwmv}gK>D)jjXV)%}w4@-o#)(Sq1#m(6Q?6rHg=G)6xmelK8?T7BtNLPnWlaF`f
zDwXGSx2cD%TODP|=NCoac$CprNAeH0p_FtT-jlC+FHDF*EG7Tw2)_=hf3#)R_(`l=
zoX3CZv*5P{Cwhaz#52YN-`ILQW9q@Va&7fsF1tPL6w^lKUqqb?$tU-C4?H48%-glq
z-Q+*U&)?AOY`=a%yc3qk93K_I1L}K9!=crsj3a|s={wiQ=)1N)1|Id`j{<(xVPcTT
zqm*%I72lWUa?Ry>G}oi6CI<V8V16zy<)OTW+dLFE)LlO5`kW!;;qn~If7eH}T;1MB
zc$Bf*_7Ube|C@QA$VG?qt7iOB&M$E^_x!5iL-Ar_5cm98m)u;=FM-Zmz^{5J_xutk
zaL=#$1n&8z_BrYLgoygP4F!wDBcgdI5~|NR*8d+l-oAsz=G~p)`tXVVf8CpBUKMjN
z`N`D((*1ho-lem@6}R>ncA4hOoNq(^fa5t2SM$DwjpOjy4_maEw!cdJ=v?M?W?+YH
zkgTzOTW1Sk>ug&P9?V=<WPjlk)!1{#?;rNW*O!emV^hU64ojZ&CvWKnaQqv#<7Okj
zLp#WC9sFE3)EhsJK1OHZs1AN#(Q!<z_ISvHu0dWFj~hNlCcO~*KBE(qr|2iy7VRW|
zL7r~U=cn}t8B+%16CEy!OLKGUtanZdlZZEL(NZvZo%qMi(D*6V<yL@6<H#xXW=*@n
z#M@RL9%3*V2PQXxg&zkxEcvHDV&B3eS`#cR=7r<f0pNkWy1MV8?pjBUpNf5$2k#$6
zjF9Yi)j>Mj@zFsu#`NO^U3+}F9%K5B^R7<UcZ@M(E%hA}j7+rKwEvszY-4oScbsAJ
z=-hYkyshszng60uZ~Bh;U{Ofl;Su{Ox+|Y_{fGJ*V-L~a2tS=MW9i-?e$YJjfDHYI
z;gv`IzDob$m4+a%Wa>{`|E6zLp6x>#+Ul9U4{3kjT_5sm&S(vV+WHXUMU6}ggZ4hb
z?{jP&{QiTpNZRTU=szN-!lU5R=<17JQJ!GaR;O@Q{YE<ved|+M_ZzI0vSX8ZV><L3
z50XdeJM1?W**uPPzwt%#bz_S!@!$0u<~jYw9G?B3^&4Bd=r{E4UF<isKYzM@BZ7=I
z-Cnw*@aF18>vB8x9nzDo@7QSj4(43%PuG7OB%V*WtN*wTovHp~UswId1>Sn~A3F1~
ztNvr!XYgb8v=0gBlAvB_&nJB!B8*b|5Q7i?izsJ-E@jPt`jIWRA6XdaN9NmpMEC^z
z67{RDFBxU~64$TNmo%j9OPCjTeaV0<`jXa9r^l!ey)z4c1#M`K^}#loclDuYqVSOP
z5jwVcI{x7i_%!rfK8?Y&QMRP)O8G@J&of(g((Qd>*jEju#^-P+{ss9M?&f#Tgz8V~
zJb<b}a~X>!7=s4!4)*!3tb|>I8Cfx|#`#i0*hroiswu_(RN2^K4bc_&WjUim^^k2>
zihm<mZsPWSvC{d~6B4fcODKP3$MU69y|`CX!ikn@v)UP<jUGPV2|NqdPkoWnj&1HZ
zKI>DjKDOPr<nl3CO(ymrCH<jQetKtr7lM0K*n@YBpT3XTy2PlD@)=ERjT_r9d&?i&
zmtPR~$M@h`%^1I2<9zU4z%OW<r?aW?XBHRQG78B*S`crjCuT60G2bl4`njjY8}@^1
zEHt1f7CIT9Xl_Ncz-y@DY;nf-+vNkjH|EcidFT6n3Z3~8XAa~up11VIzTUWMY$4&P
zbu`h_IE$svh_Rs!zWshQG+B}3y<Bk7WOMGvT6C`F;bhwn;9c<BA=K&jtckfo^GUW(
zFC!*pm9aaABqISEaRo9K{FXQ)#+z!-c`>zT2JM;AH~*Yjp=d=e?ODND+rjh^aKPtx
zop>rie3Y}xf<7P3FRjA<eBiCtw)*U*|4mn)Qsm#&S^c?e*2sz8;7I7u*k7U7Qoqr=
z&4*gYZD!08Wh@x^c=@4e#1gnX3fKpv?HfB@e*LZ1bq(YtTk=VxD}5XrKH>A}murY|
z+T@wF8fO2dDfs80z4)2+W30`IE{cKE-W=B3<aoue_V=3gyc~af5qRtidt*jG<5Fmg
zjmtc=__OLV(ie-q3Fzzbz4DCUCvY||<5x3ocWI)r^I|dl>%v~VB>Qbw4r4^l%XWSw
zgYzcO%ttvsd!^8yf7O~M*{=HLRnE<oT~NS&`l?S`8PqqohO>w$M`ctnFE)`hP2loP
zu4;2JSC#jEaA~-vrFH~k_Eh;*I_2ph8zVgVRoZQ8>5QJIPnp{WE9qBPj`|K^U4aZ1
zf+ak7pwP;o;aOyG7XIfV+N8Z_J^~h^iN-R!pi8x-i|SksJ!0fl9`VMkWzE}-EB*7w
z<bRPpt2A{Li9^oTg|3D#6~|_17?3Bho>_gmZ)1voHTGIS-$v|cafI~MV2^Gdq_K|Z
z;b>oqeByJgSDEGge158{C_fZkCEGT4{|e5#Gi6yGb~I$&`>>_(mhzs)RbwRPcZ<sV
zG5=xokau8as2bU9r@3@i^sMt@(p#}mUeP|Iw{r1Q4lsPSfqFas3ho{4`0Fb8>pu2r
zPZY)L#rMi5N!c^|(yt%`qrh?w`Hlj6$7d0EjCqcVGV=Zo-~JEvW+j~AuNB;@yss~A
zsV#uNLbM@O{zP{}yHn)v9*j-Ind_VK*FSLB-*2(Hk2hLv6tBB7r8^t1vU>CL=uO^z
z7G0@yQLD?Zf%aw0T@>QedxUs6^5tA%pDs$jmhY9me$%Y=F5dy*mwWbkvAMKc{@r%`
z26n<PoqXn6`BeVjB7gD0xnQtLWgv&EXjeI97J+RAv4t0cXCf3Sng*VQJd^$qo(W|2
zGQQKkUTe4tqf0E7=Y!>c&9+#k?6c^wtmC|>AeNKClCz)2SNF46p3)J^F9fmV-QY}E
z;u95?FHG@jgr|61{Ztv>H!)t1dW)B640bQPpf+=Vnf4mXFNh!5Z=daLz3;LJ{3|RL
zguP1fbv4)C)1uS<ou*Iz?is$WRQ-xAEwm4RZ)oukz7s7jwzSyKz4&_1eJ!<f94%7%
z6-Nt|AEd?3mah3aH%N;duVxK>S6aTNe@VyJhd+Mg`Ff_qlKQ+z{^IMqdWq$?ES7I_
z6-HmTSl$Pg$2%;u<m-FEQhdEC17AN$U02Aql8%55pUQ+~2EKlb?|r^rlfu_)OssR%
zTXUKC-SIZ}g95zWV0pXY2=ewC*_$t)-p<?eEj<c)NssZC9uHc2jJEU`1wGc5^-O1L
zUayIG;7mIEa-SaC4L#tcW_Ud<Z!?FIj<=`seebcHOpGyWT{pGaR0hj$J1nWs`z)6K
z#a`>Z(GxH5o%F;Mi{)<ar6>OIwU*kl9%A|Xx4XvDOTqHdOjugpPVN6*``D4kaz+5l
z{~>?riCcP!<r0hK%Uq==zGkt!3oMWBA(r#I!E!ZqMNhQx<>i^MWG*ZnU#@r;usnF0
zm2voTfyJ`0msn1+Sbp1Ld9KCs9I*UJY0qT*ecfPrRSK3~CM>bF(qVbYyMW~*0W8N_
zEPv0Q;=Pgazww=9e1^rciF?WT&aYxO_Ylkf!GF<}zU-fZ<!Y<{I@!34Q_^Ai)|E$I
z#y=9k@_F)?jL+{Smfx^g9^@(+f52jSFIW!gA(jie!E!Bi4a)dcnXqIWmJZ8R?*f*G
zPi>d+#TLu=^%BbqES8U0EGJtmi@|c^te(mE*lw^aOTn^#CM<~qNQdPW?*f*O1+biG
zvD7~Ny^--(`A#za5sT$NxR;E-cyCMX7kh~1^KW)7<431pxz_5xPBKoMLpm(O?*f(|
z3t+kLqrQwU=p~kQ7R$q2CF9?+Sl$noC-xA_#ob`}6Y3h2@v=-<;-g82<@fpiNZXfv
z16bBtEXVc|%Zn|Rk6A3ITP)*Xx#enq-HMCFmQP83HTgE2Pi<iqKDAIk;vSfzC}dnN
zddasYzuFJLUf3u<=U3ZuxOGgM&ofQT5o=dD2FCi*tbePCz0axF*;V+(ij40xzo-Jg
zSOs~{uzrz?unjI8b6#vYewcFnFwXxzDRflDbbKZ9F>CHbu|X~#ehYd11DVB_W$b#+
z%wGCG?D4NU2Yt9R@WaS==zKo%x2(e7@&;-5;(Jotbq@4p7UP$BF4_O<qL$igEyixX
zLVhb@v=X1A+7zc=w5wR@yPJ0qee}IqFF`DZ>ZAD<H!l!zylm$MzK5I}KOtkI63!}+
z?}d4SB8_W9hOe}TllJ2ptaaE$!~?KS(2p?*`s`I-ee>EClIy|ACumoueP|pHxi#mi
zqhe_sKV{>iWxd19Pr?J@qc_+CNxYPwhL>VdZ%i%waxEg>Q$9|uFR$SL&G>A+IobJW
z8<~@2-e6FEXzZLu{I$)@v5pw#jW1_EE6r6T;IkNQ@aDApUmKyB^9Scs<^X*0TDxMf
zc0O6^qj$8|`0-!o`~YDgA8j>!cQoncn~m73d|tZOyrg^p(?}Ea+fKu8`xJa4U!dw^
ze5>$$k@Y=J!zU=;BWvA@@<RhF3gOo>%4SX3feWdxzV&(RJoej~!hTzm*+)pRfd1Y)
z$iQOx30@rOEma-lcO9OkEL0;4A0TZZb$*WasjU0B7vG#^W#LqKX7#7UH=TX??Qsz8
z{9Jd9S2GiSLpQI{JeTg@glALv8CfXOyNeBP`f)efvxt~tc)8<whpLa#PPTm9y3nsr
z@N5ppze+25^@MLb&MkzC#P{OeYnwak!RgE|d^yeBLSvS53-LC-9X+Q`^JFRW4E2F|
zhE?!P`#i&twt0qK;?0zKhQ`1=LrI2t2GLl&+Qz5&{s-Wn6<^B#pMY1zpJ$3cnOl%f
z?#Q1541aEbFMXcucs7aS#VPQj`0%EcEw$g|C;n1AL%KOx(XA`pxM5~HFG-huE)6d^
z-S}hDx>(?Bb>nLD&ERB(;i>d{bUEJ2q#GA9Z_(ZSRS9P<2>YO1m-iC?-OPn`r4xes
z_o+jjd3eiPtz&M2hriDHQRy+K6Q#GL@7(;A<Y-rxeC@UI_1HNhG!JI<=<)k=1G+h3
z`{!K&Ue(;L(G5=jlIG9wiqfk5RGWi2xS7)LiZfN+tKqH3NI#8hJ=b7fYL75??P31~
z*$hTsE-UbsYAvGEnZH_*o&8Xa&U}%y;_0uFUyz=0cwPGE&%76Xe!rll_Ucdmb9B}D
zY3M9nrM&{R?n*jq19S=MsXF913YIqBuefb4)Y8J(ZqU`x(#xCU`c>&IM<2!P2xrkE
zm%MUC7i>Xc&OR@5G!H6%n8X^eeYQ^(T}?fh7uC9{5@OwhbaQs2>ZiP4qKpoD3*N}K
zFYQiO9S<K!S6$Qt`hV8aUwpcW|Dt)BrTNF8`R-4M<{e{WdSjone~+=xPo;h;!`bIs
z52lgnH1>HZ_=y(g3?R*w+Bt56Z(r|ht!;_1Cr(f7@fGBmYL7dadU}Mn^v$~L<Y*Og
zlm})JZ15Pev=c0^wOAf)vFr<$Uo%*CwmpPrYG1!Fi!o0Dm{wDs_Dd3;F7{9T{S9ew
ztq<ZV4Dk!QGrG*Yzn8avGx=%n)utTvpS|PFlsS5%qpkzbN3+CJda04Lg%-<`ES5jv
znRL+)s#|K$?Fp7S-S=s`iHj1JJ!x|ZW6n}!I@QKYrNwdSXz_OEG3adgQEPG(Cu4L7
zV<sDq@kABx&>`!jJ7oJzqprW_D&3V2-Ii{wTITwg2sTeN1nr=&)+9O_k5C+b3XOkG
z9**ZD&}d>0Xmq8e(GSUEE&s*CmsuK3hep4>D!r{8MQ56rCE^I2E*VpK@*s^P74N0k
zwMp1(lIi-e)~orkYa5`EaOor~+0YkRSr<O}9O30~>KJ!2BoH^@$DNeWUpU(^$kRT3
zLuO34?2R<~D?nT9+qG^DQX@3<*C36aQ^tSw`-(eJo93NN3=V!rOYgHcyxB^9y>qlj
zt)ov}zPI%E%YB`scfwINuHuengoYHQ`Ueuo(cekGi99Z{^x4O~+O+$gmf8wKpZ0Y`
zsz*B7jLtxt1p(TWWS~t&7PKjYHcPvtO`4b>`fZ;!?R%xWK4nZAnnYXL<*hD26Uh~}
zz%!!7E=vp1A%re>w9pu2DR|4b>S!?$T71dULhm}#A}=j17Lop!<gu5lc=#Smi`$_^
ze@ly?A547e#(vlv-P+~z;8*E~)ILpRIc)y^dS`wu5A+L-tYJ60ClCiHn@9QfL^rZW
z>C8I2*8Y`~y`>TGl;7bri&;m!I{UWN2TUTZ`T(7e_AQIq2Q6l2gV~Qi-q|(@VwTJT
zvlT|h^GRB@gqYe6w#mb3u<F!@GEY5{I_BWpV&4KYuI(vS^WZ_z%=rWzZjXT5A0Nuj
z2H6Z=uaZ`4%Y>QQBRk|0i`(DKJA7<+x72>#;FhxYf$RbJO*%NJ7sn#|(!*PftowR#
zxAC=h*25K9;9UydXQZ)Lrlr9;n&Y+mX;nY^1|MhtTv5sAX7t9SKHd{~p$B^%QyAPs
z!(o3u*nh=h|GO;Z`+m|3^8;KZbN5-y?*{W@{&g^K^9k*Lt+OuZggN{jz`W?)#JuSw
zZ|O-r#C)v9e5u9!9E*7j%zyB)j{2bx9_nhXM2!6(-sxJ2i672xt%NIUnpwMxpRb_!
zh^&=3$(7&5T8TIQ)_JYO0iFfNdE#G>wG#XP=KI^7erotu*J~wqrlenO)4REcp01U+
z^dCK2E1@;DscT1jyH=v~C~R)qhn2va1`{*R()@?NR^s#cc&`}Hd96f!uD@17zTQoj
z8o%G-f@^&ra`{L6wGw*Q$h&H5lU5T)tF;pAu=9&F24Ia-6YCUS@6*0+qLjYE3&k5W
z4qnA~@)5eRFt+sB2Xh`+7RNSfvg<6AK1_P~Lz+zbVQuO6;J4n)vjX}Hvqp)SW65__
z$Q$dv-%UT>_MP>mtYf``{H|KBpgqHWk3Hqm*V+21F7vP(G>_)jv%Ors>*+d=4X<Xm
z&Lg<~R`e3ap95pril^T7uf2}q#5`}Q8*c<-{u~e1o#@A11lLg<W4_5t{)T<Y6PAzU
zXN)o?NL@#<pEO!WF`csqgw0>MS9yQFv!(WPSN{Kd9mQ+Gbrg18u<V_>6rXU&%9gQ#
zt&eFpa)OO<b`^5fVJ!vuXe|ZnU>d~d)xv*_Wb(+YqtF;%wAOkGBfql2@i!dlbrg=j
zn1ft8QGC?PbrhHLt;VxYa20=DYWeE|`0F<x?O80(*Sc9p@gJ91oqB`6jv|kKPyF90
z{sf(tE@omj-z)u*SV!UTTmK$kK6mAKH8aRxe6W{&(R&li<AI&Vn^#*b-zFc)>Z^CO
z)ZXf_%rf5m+-}xUyeEj|DfrgWmua!IF}bPhD30O#f0cC<juuxqTF{=qUhLE2?q1U3
z+k7Wlyv0>~{S8Zt#n587qeYhMDE`n*toeHC%6#+U0?XG|XQD-hbrg^D{SoBr?V67d
zJ1pVrr54K%^b*S%7Ryx@%L^=)6T$KqS6Cg9C12mw%{q$DP}g}{M<FcXg8`Ya%)r+l
z=lg%9brkTnp~pifSUp3V-f!vg8}<|Ljh=at@5I~ZS$gc@UV7$_^IK|XJ9=cv+Xdb5
zb|^>>c<H-V2Y1rh8P-v}e$kQV?F${2)aQT6Upo8NUSfH_#qt1G>52O+mUn~YF+Ifc
zzq*N6{~mR1<8A6bGZU7Uw^P?qtb7-+JT$z$|66FWjP(-BxW)1zi{%81<p;p>r!#wI
zOWe{8mY+z$GL#9+4C^Q^eHXC&P5{es7RzV9(K{J`iSH!i7g{X$axWR*HLs<%yoXp8
zc7tUk1<UUt^J#4f#<}V2vbQfh@-lu|0L#CSzhwN5UShe-VtI(GWc)#k<yXOSXb-Xc
zeK+yy>!@o`#y^n>OU5bbu&jR<uxw?mzgxp!W3haHFR`3zvHXt3a*D<BgJ8Mo@}9}~
z{BE$Eoq}Z~6PEZm(qZ}0cLB@C16Y2@V)?)97v7tG{58Ilj9+H4e3^U6_+P7t|Lq}`
z@9PH3V^XkOXZ2sFew=x<bXexR3s`<UfaU%fzKk#IC6+5JmaSYR<KMPeE(ObzdWhx!
zbQAmkQ|cO&@!6TMJUcy>Yxw?1+xz_jSbp7NIj)yjUShF)++sPyVp#%~TQBRGj4$X0
z%kmT~kI953KALoV`KfmS%OA4OiPM+oTP**=zU;k`@wfO+GX8Ok<w5Qx<A0yqQhO6v
z2L1Q)U*Tspb9!zLd0`gwa|L!C#VGtv;(a%7ob5V_IB{`q-#y~B8uE$FD&<*l%|wK}
zjepJhlU)qgZer)Q;Oly)F<fq(G!yI>fRV93I>btJo^M{o{OQA_b!#a!kJrk*k$;Qx
zQgA-W;_T)#+*%6aF@tL<8bp_Ox|U+ybgLVfH_-U?6X;EY8+tW$Eyedp+tYaA73Q14
z$*XDCySbJk&RU93Ky&euTT5|rnza;ByOv@O@gVYZYApq4jAU9%(a;trW&O08S5WM3
zzBhD^u4Wy@RBwHGck3vuKiI9K7@WeN3F@ME1POFlNAchANHzQ#Tt^|Fty@Q-m|VpI
ztYfdYpx@T6qtMxDS;u~+tfR2}m3|!s{J%zio25fpM?u+&3H{}R*~vjQa<H4Ug|x%2
zqiC3D<>0@0F24Tl?Jc#R_=tF>b1Y+~brfNrm$$n)uvO^7R9<%LDBhap_uu~hBVDhf
zc-f>KoLo(vI-TcWb)aN87#EUFoI(|G=^wT{OI&5!oO!x+6tUnsioo1LFg{uHaG@^d
z7R0ZUh)dQSLx*(~<fnBMZjND9+Z;poYbeSxtf5d}BK~~0)=)S;d}W9qmwY<>GsE&$
zZ`V*<3%#+I3?E4+4o$;HZVg4b;f<cHFZ-nBr{RX5-n}&xq0Vb48hX2iVnq+uP&B5A
ztq-oD&^*=*c+SMW6ZfvQXNB~gT1&AjWv<MFpVR5!Qs#Z7gLU<F=kaEb>Nb504{I-}
zT@@9Favv|L*V$2JDQhRBvlWjgeflKVg!rCsQrA#4B3GIxSNxvl$f`-NH55VnLb_Lc
z?$%B`%zMY17s8un?S$2nw>^-(o~$LU^yGcy7g#&daDeC1IrnjuzP$T3{C^)lvihkM
znqQhmKTS(R-)J^#C#>G;K-0k5i8%Vn&@!-gq7+@_=%Td~<~?g8lA^n%S5OBkHo)12
znac6h$Ev>#lvBq3s2%hadB?0hHwr&eSL+WqP^NE-bzI-&=)aBmbM=p{OS7l@a7%Zs
znfS7$b)Kd50BF7RQqlU|TQl*SH1Xu=)-<cnkq!QCubFUI-VBzjv&3-~cE&GB8wsqL
zIK^VQf#;&x`deFSOAMBs?F@}=Qv3C+#y8lL)yQnRH4~L-aP1WD`A=9g;qW{aJU^Z#
zp4H%aJ!uPRo5n8N`7eC_!(#avu>AWa>20>OSY{Eo&AD(rUNcda<(i41>1Yv%t9N@}
z&WFd{Ui58!QHFIB&w|S|@KH>?^wT?8H=&q%N2ebT_LlzR{_OQf)Y3`kyMETvsgI@8
zTeq~--kE_;>0<M<SvOIj^Qp0gJIPBHG}aoIp01nlW2!rzTcbT!HU49~Y}QRYlqN=h
zOMt#{;?Ui?3H1q4v+sW1oE6e(^!4<&XZv=o^(8PSW*-3)pNhXlYg5lIvuh}x3DD|N
zXmzKhRkmv=zD@c@@_37@F#HBr>8HieYPg}*ky%4g_72ui%<IJ(irw_ze&5)64aL|r
z^a-w^Xbh~Ou>E@5IR|b14KyJRy=@&ufn7(TaV4^2)`jgK<SiXx>5=U^iel3Lf;?(1
zJ;qpioC!VFUEI0v4UYZxW#I#xhpi)f<6meUg~6&0tkhp>9mS3%+3TB^NUMH9>nLVe
z%$j&6+VA`d`E-LBevfX~p7=8VFSm}u;C30f-IFC=o9Rba7;HMOqj;NVlKo{Cw;FIe
z!Ql4qbril1>11CU>|Z_3TUuzb&vqR}3F&3SEVr0Xw3v?u^PgRmejFtk|0l0qY4ZvF
z3$3Ftm_G>S+t?djHcqyf|Aq9ze6q!S7x$v;bCsOSZZK~j&lGmCj)HX!i?xQroSz9z
zdUM{y-=<`}hQgFp81`N^w#|wU)~MVNXRJ)(ObpHgYtR`J-Y&1EbpE^vI(H&*x_{n8
zX*j&PG@P?KaeLob>By>yzj0;G;Eai7Y0j7!!I=TOQr1lrcr_36EI8IvJv`EWdzXBe
z?R(D8S=`0CiIHASO-lM%Hoco?ko^|pCqCEMH}y=3zR&k`okTl5wLT)mcuI6t{)JkH
zTM%#9>v>~Ld$8N$tSR65*H+VyB-mTWtq19}mwq3+_LzKhrmxoXmUAwF@{6&ai?s^H
zP2s|^$~Oj|R)xKB3C8<Ttyi|+q&thC#QFt-=~B-ln1^i`te3MfetWF9v_Jejir*o4
z{P7F_IkE1ocZ4{zA<RBUIqY}Thx7XS*0<c@)wG_%K1c(Yn*(p*;Ou&><6YR_KdV7@
zGUNBP^TAwl9Hal<%Xgwr9s8uq52ii0&V+CAhps8OnYAT6|Lu9L<}7plkMU05>YFc<
zeiP@5JjdC1bD1Y8z(=!TqgSJJ?{Rr(k0b6kkca9PVH_3e<L}wUS@%VHmq*&1d~eVu
z&L~->ypM`E-x>A>`EyUh*vD(ASpym8%ygCg81+{9W=(=QKVm?UJ3m4+-GvYLTISCD
zKID9GIuE?;-spFP%sCQ{j-}91V?52LM!Cvwr~mGm>i4(F<fXYXlV@IX0sGE73^J{Y
z_zr30Ys`T^M2{7^M|Qt{GyDI;D?S}V_05C5<_@%+0xff(W&aGc#P8<DJfh_>L0a;i
zq2)C?n>?~;cr@N1dakGb^Bg^SceSG@|JU)(wIw4xN%vishuyR4;!N};Z5?SHJ?o*@
zv}o03g*lPj`~vT~+z9Irj+^n7LShIPd?>zT;fLb)pBh@YtT(jQ{MD`;&Os*@J(bqY
zgSGaRJ+4#e{g-39p*QuvmijB-ohIMB<WX7BJ4PDyb@y-;y-&0BJ`s9<XNIHqJCoa`
zFLo`rA96IZa{CwLN_*;whtK6*w{#}mSuPJNw>!uqliZ$8T1V$q(D_d2sk2^sLrW*O
z^V86><(A2v==i1X=tx@*m-uq~1xv?ovX8sNAd}oaNgB!R5KG4&>K?gG-qce2fi^n6
zbGa=D(lUeGZl(S~xxLoW6CV8~?_68DlG_HChn3q|ndnKLKOn86XIFB&7oW(&+uym|
z_D@6WRJpCPYbD<}x_h~uPyHpg2Z$M0JZ63t^gfp~lG|@^mE4ZA^nNe&escPek=sXK
z=vr<+?9*tm>u=vcuAJOn%)4&s46jded04r9fjlzF?Re5UI!kW<0zKcU+%7ek%RiUC
zzjbuHvpYJ{mSd@(`rEmdj;q<5-C>YPZnuy|a(jlQ<I}oFZh!jamfG{*IUSSgYe#oO
z$3Mr7ytdKt&Hx?%n|H1a8ReC>|JvnY>3Dq?bo>QrgLI70rv`N|bnUU-G%`y%4$6X#
z4^cnS@hD5jbF-l1m6nd{xJn)`w{)BV9d}H7$MR_CxbZJt%j4%A4QxL;C_u+@-ep6_
zPq;iR9YbBvaVBXy&@rVC?F}8*5L2IO69xNGCy#YUb)#3|$up^+==e>OXI^p(`=~n%
zGRfl$q>(&Mv2@(6d*tyCH*)^R5u)RVyP@NolRC;{9eTy-)q}iqZRkoK_qseR9q%KL
zOnP+>X*<x7aq2sj#}8#m$M<GI#~)Ka(J^M}cx4uJyx!9B8LpDYFIqZ&7CQc8>XDJh
zKR@5KJXSjzSb2PJfR1<ZE*m=D<npj|JgEyhUQ5~zbY#r>PU-k7;@`88$Da=DULL1W
zKhg0?lV@J?1@=657-W*ikfq}+OUD+zG4;8jrS>*U$ELwvOUql~`h)p8C%tFBg~*9@
zm#B}N(+w?$I67Eb{si5k@pc`0W)SaOJ8oqB`Y^tQ9|e31E39v!kITc-GD#k(GI`MY
z7Fs^kTKhcvpgoLlp&DDq+c5Ivh}pwVdnymbx8TRTW#d~g<4th?cnU2K<}=oOYjS<l
z;CPE0Z#w-tEem@7jyj5-Q!G8N%YvR?C5`OX{ahuN3oJdWpl9?5((~Y+u4Qutb)ToT
z#g?8^1N3}|ciGT$vCG5Kb8Hv%TtM0&Jv-6zq*a$_zmcBM^9ACDgR<EbJ%2Z#d-*J-
zj-uypOul)^7WN2tIAoH~;g+5^S$Yn!^c)C1AGn}h&mMeFifm57S9DAUUy=3u?aHZ|
zDA~L-NK3v8`ikTydat8{XnBoS^E>3s$R__s@y@j&qimAyB$tP1$^9nsNGqGX8%o*^
zv?S(wS5D(Zjoo@Go5p`I#jE*JDlOk5KTx~>z{%z8?&wJU{yq^plIN!^9T#Om$M2Fx
zc28eR$A@)~-LvfamfBMSbnM{syCZA=t+8JR1?hN7XaDU_sdrE&XF~&L_cZX%(XlJL
z=P{RumC28!p`-KPK0?|K{UtGe@3g=4Qs|iKzlDz5&G~=1-OJ;x)KBubpZ)5^Tf?)U
z;}}cF`?*TLo^9z^2pyj|A9*zU354)1hw;I4$}4=*mESfux6N;BXt-i`K(AW=k95Q6
ze%@N`*YpN^Aeq=B;$^GZujyI#BCodlFNN@XR@0Yhk0!N8`cCT<Udvg!Y&3h)xOB+8
zIm1`66RGKkX#b~P?5#fnAHU0Au@@#^LvOzx&%*nub13@8(d$m=^&{)YZ}Z{PUhU1=
z;XH10wy}R6cY*cu-eTw{A4BJ}JY4>tCx5NAklqqD53z5(<M&Lu_s68!N4<}?wEhwI
zlG)W?Vt?g~-=A#Hl0J4^k~E5YkMO<9eUy96Bb))B`1SB=E~4(*$0qg6->!J3s81Wu
z6iI*QrSOdAc(hmR2#qs{or#><@l56@bC!9W$$SiTkq(}x{b0wm?*}VfJ7AOHEbf!q
zaPN3-q{I9eFn8@7L|VoEJN!SC5x@4cxUV9O_K;f7RkHR`uEPIf@PGEac3FF!xspt>
zCSEdo{c28-*b?~x|3Tcc->*-pf8EUo<oNSH9`lcGZ|gYN{%n^&57~q)jy~MFHi%2x
z+~L`s_qJ{%#yprdmG`x0sl(~%Xgf}v=iULQ*VxOuLq4=4b+4^s!A0l8|A)nCpv5T%
zobCmumRp{xZ=v0yb<)m}8BFHIi?!cz9r{3fc@jUhq~(?kt2EE5wwb*~!~R~Qrmx12
zB%R{YI9-<xf344T=RW9MkV5D%fVtiZ>OUjojVT3Z@$P59w;Y|Nm?2@TbUHgp^ON;F
z)BN3T6XP8?H=erXn0mGE%{hsEIaj3eE$On+A9K3k2S=k%LZcA;D?SttU2VTfUe`4r
zS{#b>T~|1q(i<G0M*s&CkN8e-h-HDp2`M<7XunB-Loha>5c+4@|1$bU>-KjVw{iQq
zvLCAk&Aosa3dV53x%gl`Tv>%-Z;faWDVWgfxQ#MbW*2cAAN)h-xQ#J93)V^XP~67*
z{^08&SNE2Cx{lj8B_;g<n?BpPjoLrG`*9na_8-}}jh{r`-M9@W-=C(OZ?KR2&-f{B
z<3m&a--+A!ESRg0$P~BnpC4?kEz{mqxB4*`pPtZe_y2@<u78o;{|6hlk>B4tI~0i9
zSncw-*3aW|@-TgZ;%-yoHXbGIAG(Oycs}QNqpPwRi<ij8JEi-$4M)dU`gd>l-%kCM
zr;FQo4>WfeWU>Xvkw)XU2e?XpKcIVTk)mr`YJWJ{jl<vh{O_y#0<^UDzsAd|my6q&
z;b<Xx^6q8yk{QSGe=6@>TQbs<bj2<Y(Ubd~Mz=9`NTnz5&LOSnSr3o(G-jhGv@Wyu
zd^T|#j^1DHj^5NiO#Op#8_U_x-C>l8-ajFY{Aj~1y`SV>^#0x#TWZI((fggnZQLBB
z^(mdl>)VSv%I%jOoi!iGJJ*JcbSB+XE)OfWpUFgL(yk}1liNGf#BB70mQHTFi`#&X
zYcyW((;XeD-(u<~xpi?HXJtXh>7pBS{4Q6??fI6D6QJYMB}Yzf`vz&5L2f_k(_*{P
z!{SRvPyT<LciqyHbQiijtlS=ex6|rj(w;}!?&LO8%tlXW?c_GgxD7+^>VDnmY3iRx
z{ey8EPq5Fr!zh#7{+cwB+fkO@Tez3pHvUIT?esQ!zcaaAxHq7q)5z_f@kVZaI>Wcs
z(8&4OcJj`(p)0w4#^qt<_NGj9CjYIZb#j|7W}_#xbaI<T+=ij!(C+9+{Z>*x$*qgq
zn3M$_KOwq7#|EyF+bb;{FM*EF#hu*tnvTZTc6>K<yw=gc+D$_Pbo>JEvZ3QFmxrZe
z-!AC*G159Zrp9cDhP|2Z&mwNa(D9MJ-N++!d_VOQ9bMeUui4|=VUS54_mW0*oNDR#
zg6@&W|M@~o?Prb<9UpD#S{@IN>nM+ppjVtczQsG&hOXrCC6|Y#<Nf53R_}t-i==I%
zV@k|MZ|Rst+=ij!Ia$#0KdGPS=;Ag$kp&%ZvUL1CSIOh`mW~zB@zqI3Mjl6ZL&tj^
z4Xiw#6QJV)-ep6_TU;KNjs;!N@dnbi(Gg!#aPFeFbj%`d!_cv@Pxtb85%m)tUEIcA
z_C9wQWRl0emX6n0I)*GA4}HF+cHR-9<Hlg@d7A$51V;l)$42yulgDAab8YBK9-}S~
zOULh%M<#g;leUeHDKQ(prDGOx8-|XTWI@M2jrHm1;x=x|f{yo-Mtb!CSIOgjx<{|x
z4IPiMbUYGq8<%!N%kNV6GVPILX?ZbpkdMC(J@^Rk94$3B{G^TBXl1>$d<!ma<3X2)
zrR9V)v~+PB_mTF=C7EM3p3fPUwQs@Lt;kQ7aT|u7f6D1zE<Z~hC6_L4BPR=b=95Nt
z>ur{v@3Hh81U<j`Az!~933~o_FupvEY<|Ge!qW4P$d04u`+1iQJx97cEIl`qN2+W(
zdcKFWj-IJ88-|weUfhPE=V!B^=PP4;db+rc``AC;;gCtsK1LeRGivGiUG62H56x+*
zJ;Tyd>$ToV+(sfu%PF1XHX5mSn`~a=)qK{`lK(&Boohoz*(BZfT^^z(_g7@1CGS>|
zwvCo)Vm5jrn`Rs`C9AlN#quA#7Vbtasb3ZK3&w4nlm#7&MK|bJ%T;=IjHTn5&~e?w
zBV+fx(M|mLB|Z(-I34>MGUNKo3wh`0*j0Zy(dA)f@_F(|l}Q)3F_yG#{bfqbMsNGe
zEaEl{9p`sPNBWhcsh{+#i`#gNecBxcndI@8q!ArYvvk~~d*t!Q6)m+>M8_#wKN+e&
z$XxOpSLP7A(Wl$k4dyY;eDaoN>O)?yUFz?Vc+kx$Px0rJ?YcZO=Da0H>l|NZRcAI^
zF!3D+U3>?7WNjwC<6t1ZgZa|7^SG+h#Cg0yoQL+#+8j8KD-`n2<J#Po-d{7hn>ffJ
ztd;E$>p_`r|3B?-wo2cO@$FvC`|2C!7tbDnpVpP3vtv!(hEM#wcYyPi2V2dW%xq&h
z8ecc_;f4pW4VHGAFMqB5JsW*=h~*fS1^uUzrj~krhpXgxilzStq5pd_e%~I;F^)8M
z@%;l_)gS6?0L5~wozNc3F%>@OX)MRWlvs{egR$$DKQte%SdLPimuh1<cEJl~e=|Rp
zqd|Mn6kt<DsFRUv=$5)iO+o7Xc!s!+A#MEJDXzoN=NsVf$8oTCA8CVe9h=!tJt4kf
z9zT;T{)IG(>zE9NqJ_=|ko-JX&ia4w>?*E6ZPPc(KQ*r7uZNr*b|2UA4RCfb2k$~$
zhr#L608ZKqF^JRcS>UvcG>Ypu#8qv6(Bkw}a2g6u|H^S4CE)vi9oKP97yQ7ygQ3xj
zoT(U$>-ebsW;7Ug#fRC(b+i)q-eVk&a9l@07C1bTf<vDD=9PrM2g>UM6k`=OaYQ;-
zQ?VV=0osEXozonP_%a_&6e5@Ye&EDjm_0KjtJ*7L2=PC4{i-HvZ;U3+`K=>vf8|iG
zdDZQGV)eORL*4v4Ce+QpliywZ?&f#TggzgTol-UEDdId<G44wo9dBmNBB?Xd3y%sN
zsu<*#TU1_%zKJ(ihrQ+s)&{7|g%vzIfpj6&UAk<OiERqTVz@dMhP}l`uargF&qf{L
zHG3mM?B_Ax?B`KF(%<7Fal5~-M>+j->3sI~n6JG(`o~I7ubTLWb6RVo>=B|m$5u?N
zNhCe?US_|Gl2A=-1$#4(4AsxQjQs=yXE2+1t5UD#vEQ@~Q(Q<rS7GRMoLA=6Ji@bJ
zy;WC_Zyx%Muk&1fpP$<?hGcNudq#OKO-VO9C7mnJ?4dH7*wU2rAGPUStVvJLRz37g
zPh(Fy?!zcv^N2HedM<qju?&%d(`q6uJ0rqj75jQHPxP`k;<TEVo+WN0?2X1getBK^
zv>N&B)@(jpTL^t4p>Pdpn@idAz)MVS=1kHxlN*QD>?X~j)!tH<$LQx;YI*naWbd?^
z0%FkAH$4x}ov_u<hkkbP%GTD!krJ<_pfpr7IX;nc1}78bt@`<WBXOeqSFCA)k)ifI
zP*mr;wjDNoo}=60+eJ4&PH!4|o_$iT+x6V?6I`s_lzA<~Jb2>bs+M7e;tgbOS574P
z8291}M;F7xydS|YKjiI~ouGZ=S8xVGDe^IqYc*HZ)wfyO_hSq4SE2A)F`&lJ&ujj=
zzVFwOZ-ePyr7riGGCHP-pethJ6(g^xt@DYt&hGqqmEn=jm8rT7CNI^`;qxQ#NsW=s
z;~Rae*v0;&pUGLaZ?Kp0_3ZItzU}WdU!!~&D`3xBn`LnFZA+J*e6GC@6}GpL_C>Q7
zvrmVo;E7W9rExS^L7!3Z>CrVW!3U03-y@Bo75dDjd*27!^Zfzu-SZgFQ`=zbPyI^2
z&)#%lZ;a|Hp3^<CyJL29ueRtOzADoDGXB$Pjj7}3>oxYX*u?q1#BH)aNJB0*psq^$
zQPRqme~o*^jhpA>H&gldk2h>!9eu(2{F?QFHeJj+SLe5j+uL$W3La&`<GkTD^?`4{
z9BA)Lfp0&Z2B#NzufD)reCGtODzw_G@>Y9Z)kL??PmrfS$@h#q#t4f~sU9o6n%kIr
z)V(|VU~WGzZ=Tu%jqapQl0&7t-ln_BT=SB@q}*TdOQnVEL7$(z<|ce&lPISVnj~hI
z6jw9WyMerR=ZGG8$+6gW=6P%Dn5I+W#frTupB*Z$hF=s{ue=i6@5+fcpG`igbaM5)
zih4e5aOx<-$E%H=H~Ka921IW1R93>?YuquK{BJP%4^9pzEp;k#I0(P5k>^)!zCk(5
zC9QB2E_3<*5ON_5BRqGqrte+-&Y^y{kk426iB|dVr%&|4&<T2Z-s*I;I`DWqtzO~3
z${LhHtGocMh6iXBvFQd{T78moKfy1ZEhbt$`aNH+g}2(lGef)Wlv~Bvs_dM2^IBry
z=kYUf|D-R4mWlVGANzVwG_o&cM0=0FSKq~pBhdReL%+Oalj6Ne*F>E1jcv3al6(@(
z^t`&Yb)BK}Z~NBkThT}KUPswli;x;y?lAq|Er)AYh)=7=*OZ2;F8d?*`d;mEc|1ZM
zYR{6-GCrmKC-582FICrn*0x`17YS?2BieIVbzDWeg~4mIVFN#5@TmX>;-#3!*|F$O
z;Za9_Vep_$;xT{Bl3%3!=bAco<g?etGdAJ(3crs10c(OuFP)}(kmmtm+(`b)>+`$|
z^4r{V{Ql^(Y6DoicRClr;dUQ5{eg0x<M*s7uk-oqR(`j8b*I(1IR1;tGeMt6`wqzG
z&z}9;@jq{WcJk>p2Up5Q7|Ob`Vaa;}=}KE|{66@(btO9Q8ymso-Ezy%SDpK~m2=aV
z`p?Ibhis0j@T6y5+Ov2TA+|noc==}c>`ar6Z{nxde1ZSLGL*OE>UH+_cIi(f&D=ma
zx;O9m{!{$_BK?-yeiT>X+Xue+s=>(b%l?9VJDq+{;Q1wd>z>aGJTDv(FWw9<70@r1
zsH{LgSjHNwg0~0PjDSCid|qBt@bj@XXYl`8^7taZ);m1oPt*D*<uy(F{}z7xw~<{>
zzf%6-lHW$o+W*RyKRxnF^tKJJ%<>}px16@;m1%3Lmql-z{>^=pzOiIf%T@O$?_K{&
zdCT-gg$23a+<S^wuexBD)vTi};`99Vq3c4>)8Eg@GyPwQ>gIW-ZaLIvgZijrPp$Fz
zKb?9_Gi~g+kET0UrvkZ_Ulm)R;SY~_OFh;jdC2GI*v}fCNygCmb>Vn})*$|l_g9l%
zX@AZC`S90r=(BvJSFE!{r0?IjQnuBmRrD2h-N4Y~o#Z9@eCspq{c41EA@}PX9iApl
zsw`0sYcIUDyRmgDX+Lr_M*QI9MEugonh4taa=~Bv)chQqH(egkaqSnn_#XV$6#VqK
znziP8pLeQqt1h$s_W`f5-OhP^Tt_;q9g?xf@IzJ1SoGV9!E0aH*Y~+sqAk;RER5`W
zWj}O{-M00ck3rX1%Y{1%3kDdv!pEjxy_9-sz1j+N#N%K}ehvA@dDnT!Vvxqcb}<&%
z9w|7(j0ND=vBJa1g?C0x%Pkv?9GUwOXVkp7gFdXab+qn7p10T|O~Ll}*L;Su>cG>b
z8~r=>FURjvCf=FZx8^#qXwxg?^HJW5hNBD(Q+dftKJc}YLrVW3cIZ>#p~eQU<Nqx!
zt+jRiN)8pYw$|<p57}QvyKcNHUf-4m9y%7^XWiZLL!V}SuS-+K^HS(mI*4&B`wo|K
z->7@+@gSeQbW6*y;Jwiy)I&P|8@8YSwz&>T-VN<qZuu$u-v!nxLWjtylk45Ooi`Xa
z<cFgB=R=R7ADOo*LHR}K<I>q)%@Amv8yd3h%9iu)-`9`0#Fkrk4Cw2vi}CEtmMQlS
z@LHEF59RKkarV8-<{r0Tf7Cm?<YV&|EL%^#y?@-gV+rlJab-!p`WM;n(PM`#3iIu-
zV~<}n_9I^XSjJYf`gjLMhr-(ynLa~ne}^O&CcULM{3%p_6Mlo&$xFJ{>CQv5ByT@o
z^_aoIUkm7-35#Q(TiP~15~t0+FGKCEqP)R(d55aO_f+cl0C=mdAEjMeO<Ql<v8a!0
z>txz`xV^1MsjY7>xstYGC#>D|%56KYq^%Ed#)xa{@dJnYZ5=pl(a@amHnnr`J>DU|
zo$8B*BtJ|$ADr#g*XDZ7H`;dINIv4b)b{SUzGawb{2crplnwEq*RSfbaeQa&Z0t2J
z!kX_Cy%GFoFm!#@ls7mz9X?fgPRCpUuI|6^lur60a-wUJE3zovX?WG^>ord&z0##V
zpJJcyLZ7K@XXodsZ1PxZ%Fj#2O!;|9)!%QoKUV#K`(Clbf6Fy`KiGyz$9mUkJUR{A
z4*$-}P3&(OD|mm+LeD#PRC!|jjOc(x@lgJ=-oUEMUS^-)CUmA(wrS!tu90=aYjW-?
zVZYX@iBaY>yinuB(6Ln$Lkr@oOQA)y&})t`<_{0V{_W$fo&bM%_$B^KK3n)+dBqOA
zx5lg7G_hcJ<AjlXAGw+F9p5U?(5|WpVa7P`)pzLC?XLVAH%&~?p2+zlYNG5zp|oD#
zlGQm;TkZ(#?mnT_IT3Gl1fSH&`X1Ug^8IwaGvy8$RO6MX+zk^>vETV+&YNJqTkq8z
zYs>wCD|f-BiPU>dZ1+($Bafmi${j(uoBJ{brOpvARIGBt11Yyp$k=806^fm14dM=+
zw@1p-=;C;aE-pQz=8oU`x)^$Izkc!=W{i8m&kxsPf4>}=cQorAz>EDOte<AF@244@
z{93)Wd&pxedHfZ=^XKkz>R&y@Yi`+u?FbJseygdQ;ytrsz@++dPam$`&AoVNJThW!
z^|8B-i8t4QgDJCYpeeI1XXk`ce3Y-AqWuA;)RVX2uYi4SzFWd~$}f3MOYMOj9er*p
z|8JBNl%2c3(lQLavX(xrIn-DFnfzxZ8>#1-4aTSE{6~L&3!mA>lHzIjx1M4zhX-=0
z?=@b{?L1$HZBqRue~n~SI8?*_w?)-o@){P>$Ee(0q)}fWKdJM3#<ADVp?`7tKSvtr
zjY`_kRXu)c>rtIjk5BUabz6@}$U8^n4?o;miw<b0hEB{sC7ZcdeUwMK`Wzjo&kt>V
zuAn|{ycb+YAH+s$DIc`;T1CBD@%20iKJs~t<@wOCx2|fk?1~}D@k$3)K29f_da@&n
zsh9F_`qbDMb{(*=`fJ<#&EVv{q!U)}&9ZJ^RGH8&wQk4oJXp8mxc?P(5oYIF%pSLx
zDUVEbYYf!wGo(}9`Wre1^eMa~Uevn_Ns|DBQo}1JpOb)At#-dB=Qp_gEo8~;Utsqx
zxPuscn}<KX&P%?=JV4VmUhz1a-?Z?t<07Hs$K61_yQlcRk$;eHg0@$;4jY?`zKK+x
z$ez7<NtO9QzH8-sjmNZ~uXsaq%c9>6N0%HD{eJOgYwc+Gs_7a#riO>l<U3(u_Uy1U
z!d`>E@D}Oy|0vS<?PZL>GxfJd7X<P-fi#96XLsiL$hGl?X`y4s=^Kp+613|^+U3W6
z<|P{f?MmfkwNdS>9!Z_?FI3UKR_dVffZD1u-8UiHEt!-Kz+T^8@cH-EjDX*sLr<mp
zq&nem{Tt7bx9Hgce=rcv_XX;iivOSZPJ2S9;%{{#wsE}q8Pce(Mjkf#<EnuEGif%H
zMs2DvIQrv+Qrd6=d>QQ1KLGz=Yy0g7(|W!$IxQ3#r@B7Ex?#zt@`{A=jchu8{QjG*
z!-PxU0Iw%axp~QpC>NPAdxd}FI^WI+mMc33zpN?uLhOhiTARk@eJ|g*|I)+KiPzgS
zcTp$R?E|K59sTy+F;$m6f3xW`=<ANEF+Q<ty@trG9?R9SuZ$m4`@MG@o3(CId`Vwy
zoqoiXps%SPzOJ>=4JF3!Q{ERHHjI54qVUSYUQJ)x`8#aP8{nO4#ts@+U1-h<@z$u1
zjWYK^f4e49az@ScKHk^`;8cIgr1~blRloO@O`2aoKDfW-8T!13jVz7b#hz5EzxugI
zSpD_D8uDpwx<kCfuYc9VKQczxZSL78L%N9nyG=|0x|Ke+lsZiSqt`CI03JCX-?QIG
z^8Ff*e)-<*W{$?xE&i4nZ>{mL0WR5iSaW0BRqq&myy_kedChUn-7p`skt_aHGbd9(
z`uo3Y`g)V+ZvuHfO`mV%oO=Dl)+^uY%ny(D+p6~(530T2rM=>>>AW-F@&5w;2l+*|
zXCCnt_cOLp+C1uYn7qZS)s|PAS?igJSNp)L;{U6_PCWZDuCAYLF?GyKE-zD=zO0CM
zOW`+-`CD83Z!hGVpgkoXz8)J{ef}Nfv4X4WR!m#<>{gxy?Qxa=LGn-=_5KD^?%?FS
z4CUq=_RBr1i*i2`D0i|g_v$p|o){?iqqf{@DA&p8nrl1DXd&%$XSgPe>_w7wU@YAk
z=l)^-`?@nPSsm6`H#k?-X@0QC!w&x$v^H{K?NDK{%AX%JeDuO^+U5t>tTT4!kmRZj
z#_rrMyOXpX_|eS|zWiuAFP;f6Dz;{icojYsO=i)Dhv03_y?MEyabV5lm(MlNH&7qP
z2la*z^O7eSdUUG4ncvj7<zCXsc9Jhjd>^rLs=8J6Yn)hzecHLKA<0M8cKxW&aA=TQ
zDH-i(16F^aBi}1;VI*Cqdg9lwsqPm#bUO6ZIKPOibm8u{7y>&6gPuY8$&^o?&F6TV
z&u?r#r$Afb=4kq#H+8n5CompR8pq@7Od4N)Hm_>;TV8J3<UfBX@cd%){Kxfge=$`5
z=I2t@isi6Bd`{T(^J@PGk)5C5KYNgPyKm*PW-mN=TmBI5Kx_!-i&lCEzB-iaienDk
z)Nk6N{rDUsEt7YY5tsEmKh<#${^P&k7kmMGa{~QUc{pCYk01N1%-Kl#Cf*If9@)z?
zc)ED2c^8?pk@KqA<7CdB0r<?qUh!sr(jPCI@$`wwx#7ru=Imw;czxFRx#Tq;pV1uB
zL{IX@dwsm)ZpI&xpA*?X8=srXi}v@P8Ff<Jq~+YWnd6z;7}zpvJieGY8@ZnpitKN~
zztI|w?mv@p+yH*cXIQ9qnaVtr6HVsl4BL;dab}b9%ZV4`6PY6)kkUnRyyCr-@8Q>1
zyLaatZ}v*WufB9xf3K!lbCh5q{?#6epWu02t~U<<)7WXW>s8*JFPkuD@U{iv<G0D*
zvX3+4f_dFfe?6GImQx?$l%S2m@nQPE{Ls+-b?;$+qFk?Lz=2ugCxr&gdDzb3EC(z3
z)P7I?!qmsaE8aqV)fUl2ZP`QH5<F8oBBU)h@0CvUip<$VTlG$~h*RgUQV)DoMT@wO
z;C=zu+ynXJxA9)}88M9X(02~s=MM3)7uEy&vTr`v&kY?lN3>XOeQ93>^CEt)kx#Y3
zWMEQ$&ZazX=Co5bpO7DVPetf&tur5{ZXP%|EH4I^*TDNqzSFf~U;nYoNP~}Kdu+kk
zo%|csugn_n+8iF_w|T)U`QyLJH;H~e9u>JhCM#+4EZROFY{ZA!8%p<K_)1t-^uuP%
z^@>;8_vPH@nl#Zl!czCjL+P4wqDAGT4fDP!C%1?=8R(a{f7em)D89Z?p?LA!P@$p2
z-*R%3UkDFev^?rPvFa%Jiu_mgjThewc5^BJ6mU!MK5`W6rA>Z=lj7M?@bz5sj3YON
z<j2|VHG6XgB=>?%Ic-Zoi-ojb^qdcWs0|xAw@z)V27`;pi}N9CX2VC<P(SgXli%Q8
z<!^p&GWtV0?-#2s;G0z3e0<;;%23`TNu#pnbC#j75Z>;ad|L;H*C>+~jBWkeFqZ$^
zVmgR4;!k9Ny!`g8B)#xfJ5I3WxjZw`z<n!SB--fP1hf}cs#n<1)yP`0-sdB4v!SQ*
zRlPD{BHMYC2jBCX&QCgO58p{HC)19o=M~T3R|ubLPEyY|@;t^f>>Zw?WB92KN{>7;
zm+qOortyvDVh3<vWS>b7%%-k-r*z7DFFdBRq;-y-n|p^Bio!foxfSGZXhQx<UvBd%
z;<?Mu<rU+Z+M?%b2Yh#2l=LcJ@e|Br9;bXGQSZ0~q*LBXt2Qa$h5X8SHp4zwo2K)u
zg5PwWxia_AhID1l=Q(Fgx0OkZPmwTIxo!U`yX`;qbN`)fS?GDD?`k41bi<n1inD8y
z0pF)EiHGu^Eqr;__$YNUe0iM3{^k7fi`2e8K3#Gn{(JGa^uc8MqFmZCku*`#MARno
zk(~Kypd&J=G|Z2Yk5}^o{cJem)#MEHYEJFrJ+m7d=X!M6b!o~OY0DW&zo<NBl1Amu
zNB4_{xqZ;t5#)?}y^nG)U#Q-#RJq*8XoIW2+O~(h#8*n|@*7E?6U=X;ZI{xVYx8s8
ztb`Aguk;${Tes=8DD9aP3Yq>{dTl@acP6@MIl4`Be+k`ow0G2^r_gPit!~?lZd;9R
zTTYv#+akPg*KJ;M4s@Pd;9WNm9ao3GIupINoH80|Z@Zown0ygEC%yz<+S{%dRR2QS
z@AN`<ZE)Xi6tB=WeH(%1qOGtC^IY<va`Zl5@+Y~VY+)i^692im%R=g#Pkj~N`6hL2
zxuu8p*C6b#k=`>4u)hjhCf_d`EQ;+l>7~$tFVN58dp?l+o$6&Xn&<AA@%rscCf)d<
z12=_p7hMS6QThnIFMOhUS%i0)>@(~h*=G&=_!-%yjRE_tA;I&l=3OWItYLH5Ymg1l
z$v%5}*7~_%W9_qs=*8Z8PxcvSy$9^GhUj4Ivy0;<t+CHob1{(fW|vEczz@h#&^~LR
zuWL{~8SJwL?6U^ZX+AVjI_$HCz0@()KKqF5v%#J1vkQA+pJ4~p4kj<Hrw~re3wE^6
zhSP71#6H_FYkix2MmwE-_Oz9++0bksb=|_RiF`y8Bd^dS!85f3K2!h4d!-Y-+Uzq!
zi#W7MYoBe%Uypr8e%NQ&@YX(S$UWc3URV!24*Lx3)7WPX*k=u$>@#erHv4RU>&*M9
zn+FcgK0DvqXP1JDvCsDQAG?q=Mh7>fvClTnTJPE%KGtvZf{pp>Z&RB`#$(uK1`p{U
z>A=b0QbC&r@?Q5Vxt9*BSn0)P>)q*IENb3ilks2Q(RVjkd#oYMJK19u=P<X5?NmC@
zo4J7ah6`CEG?)A~lE+Kf|BoL>tWL#Q>t%~2!sw@Yv(~?qGcc(%&K~pgGPYR5h0s>E
z*sdt}kQZm|)$GF-)846x)8ny)v~v>Q&bD^WNZ$@?sHUxxsZ$yJGaG)nhI(aVhiT3&
zh>z+mJSLOB@WB@WKG^>%hxQ9or5A5)M2`v^&Fku$`S75_P&!)}9&7UVVhe1&)hCsc
zkLoKMM(Ml4*L^3NU`v_r%2(R*MH9))qaO9iokRO)CW^dRH}(}Vo$-e0{G?;{@J+zJ
zYM9}94bsCY_EiJ+70=@hQGRN>+J`(f#P}(%X?$bttA--`Y!dma-g>8W$~z1DszI0t
zOQkQjc@<HH%g^N%<C)r`=W2(wuT1%A?5l<fn|334E8m4CfA$cy&()^sJgZ14a}RAu
zSLS@4Tl>nC>1?N-+E<MKP2bdJV?C3>#%i3k-r>LT7>j>n{`y<sqv(iu4ExHLaclQX
zX55fVTSoIfa%wzQ#P^b&`A&9xyQo2SOypQ=TaCcBdOx<+vA%6}1A6G1)cnCo{2oR|
zmH!Oh>wcxpH@6NQ!vEY;z1VQ`4t`Ntec%`BtGbGZR`Pv>H1L-Bel~WKXs_=_%7)_I
zIQzZQt%SzP!`e=5Iw+U=&caR@!8dy~wnh(Kgzi{QokmjEzoS2XjUI|5-fQ$w#5>yP
zp}*%Gl~fvMJB2B$3I9zDyJ?bdH#HD@F!LhyH_9J*mrj~vbke}2=8K~vyjaZQD%r+n
zYAB?QPPV(MxBE^qf<0uui`KQvws<@8NV{xD3cZ+QGiW1Cqb~2rMml0Xsz!WNjm471
zt+c1z25Myd+=!1#?;>-y!Uv-9zHWU~JIBu@uZ8rjbHdn*X?;|U)<@N7(rzQI@1xpj
zd{kRI+d$p;sK_s;u~@vh5MHx3&_CHn1zy%i^%(rt(MPp&yma+r@EJO$%?5HlstS00
zA6RYS*96|>{M43x&?CXKz5LMG#s|=3()l#mM_cu7Grx>BP+A{VBR(o0dtvSSs6@A;
z=7<){-#s7I;@I9aHqa|O@lpA0&h6x*^6{w1_1`CHvvk%%umQI=A62f=ZS6j)q<v4H
z%~;;{*QD3I@{m8HdmmL}@!WZZh7Rd{RE=#us!`z9b03v2V+(1&WNe|;!&`mZ=pFi~
zI^yQz6PdG*GKAYmi^;+cKB{)!Qys*6!fTXC8<~@9>nH5w2TX#w@=}_PJ}SRGNz&_G
zIv-Ug8Z59_NEfyHsHj&z%O8fWM%LPVR29%ubydB(wxQsAuMr;%bVWz)<2%Xa4B8Q8
zEIWgr^t7{~w(=bN!TPAsF?=VvRC?sG3m=uQPb;YFG~b3Yd3SF^H5SjB7n`$?{8g87
zeyVE`Kj~-Xr~2q!jAv?#o~s>Q`=}c6J^5+XCgr=3Updca*yn1~be>i43zoSrLzxSC
zeuRBgi({d4YLaPvR6EB<si&~t+Q~=d(<L|JzZZW?Kg_Vc9N$OPi2ek}mwmqU(?G`_
z`KUUUQ)J62@@=s;pVC5f|19c>y<>b-Mcn6tDfUI1k1E;0N7c?(`^ZatrL@jRRg~hR
z+G^XSG^su+u<L=3s<C)Ex=nOX@1tsL^HE8+9T^{0yIxTJ)A^_}wIOC{w-vr?_fdge
zpLV?<d5Dm&^HEhuF2GZ?kX#4tuXpUDI%4+Mzvl@5JxBOYn<HEt8-C8e=Lr8jN0@P*
z_TO`aZ9Xh(f3?roX}sTVf5oxC;>P|8_^`0m{-2#ATpT+)ll}GYIYMX8{d<luXn)23
z@8$@J&-xbgg#H|1N&6h(>t5;{;gU%c^UeGq{-}=ggZOVF%pqo)BRtp45jIxt3pZA3
zoF&^c;2*0@@O-Oz*U3LtiBG0-1U6@<Il>oq-mI~w^^a9X&+=}Tzv^aUP}=7R8!Mv&
zm?J!^(WEv0u_$wdFYUZ}x$1#Ej=vx{M_9=mVWsj(KSxM@IgOPXKP|*2RyyVgEAbsw
zrp^(TYL0L~=Q+ZwdOJr*Uj7_mW2NG?groD1RVjvxd7lBhci!CQAETXaj_`NZM^ORY
z_EFa@{F=bKoS)jFu_@zz(+=w&<Gs>}Uidm_tJ)}9#GysnIl|rfH#0{_ena<rZ82Pp
zmAR++*c<;?6#ES9)A+|Ki@-f~j&O4@hKo5u{NH&VICM2fNNil*UacFOp2j}gv-9S*
zHZ%TJn-}cKzxiIiN%Zsaz&~a%Nz!JGe;0xcxK+9su3RwGxU{05CpuIn?fY`>b1lxw
zSNF<8>8yXO()X`3XLy1?XV^##*B0=+Fw|H%cSWI*3o~aJHFJhHx6K)D*m<*?Gj#qj
zKQA+9Sa~6|cJW*I=PQ}GY@0JIr(Ke-g|uC?Txfky);CsJP5Vv!7Cbc@9=e9QWixN+
z$8UAS%*Uq9H&!{);<3>8jTx*R&f+`k8#7p?@s0WTg17J&p4K;3iGP^9{PrY$-<WBK
zi__>1fA{THXoqjie4Bvo!b<hZH8ce`%F+9LWUT^PDqqpF8{Zgw&{#R0pY+o{z6<!q
zDrb0JrN+=HzOhQ?fOw96;io#xpxww~C3X^d#Ve=rjh$btEHcl0U0Ok1^-k%OcNV^}
z%2_Mgd}Ed6Hm@Sel}=H9F0UBR)D}HgJFIWal;3%Nv9Yqkrrk>2mG44+<vg2VpQ}yN
zc~+59=DrMNF66oOjhQlgKfmbrYnop)x}hwCeYR`o%?|&h?;op-?aIHIb`X2z(+2;T
zp^xwTYV(g(TK`xj{;|p;@-ceT%36`{AFKS7@*#H1#Bed+m~%Yyj1hmH@k`7zUYn*I
z=O4@U{bQAv8<|3m+x=se<XKtd`^PGyeY{E+!?n=&kC`^O`Ww0P{bMGr%P+UxKW6ev
z`u;JK=7Xlp=p6B*@=wAGxm@i$WSd^gr9GO5Y_#)`+u+NK&~3}nZAH-D%tNBvn1?jF
z&CElh+uS^)^N;zut;0NIrQ)|PQlF;$X{+?y9HZy#JS26CP^Xy1UV1@wErfnfFLYOb
z_w82r1mBnWHUhn)(BA0<$%D$#d#4wauka|Oy+PmDH0t+`<|hAXwpkq8EN<j{<NwFr
zyT?ae-TD8Y&kUEDgo{7|Ay9Ln*32NbR&H^z8G^P+5UGflw!2M&b(@RSqNt$K3}M~o
zg4R?t7P<{!-DXB<wL&FUmy2zeOSQUmZMFOT8c^GiXe|OdgM|4#U!O}dgmBTd-~M(V
z{_%Otd_JFZd7t<DectDF-sgSJhqm`(vk+rP2yCWzC&X`^0-Kduc&iqC1y(!>HVZk}
zEM%p%;<w<}khe-LY^InZ>ihuMjPkr8OHQ@u=idgK!7m4!x$*VA*sK(r;KbKUkDd5>
z7n?1he{{kt8=Hl|W_DZlArFl^!e8i_)-D}vX3JzBZPmLSTptXZg}`Pu@5SpO7B-XI
zPKdAn=&{+-{;*jo*vx733E0f$2QgfheAm<FQuMJF-c-?U7n^zDVQCUJTkpKD9CRW!
zQyEn}KRq@JEv?DP>y76+0h^WfV6%SWxlV)4?EclTPrA_?m*T|M|2MJO@jSD6(-T|Y
zgUy`SdIy{J>YZqi-idcEHuE^+nfNB`yB>av|4MT_HnZEKco@AC#&m74Tjt65U+?fj
zcBmJdLDwK#_8v>7@Qrd^Y_<Sds$9`^YHWti8zBo%37hRBpZa7W?eH5mev%D$vDtQ>
z2Y7B{Gwcg_H4Z4fY`)$V^Q?$G$73_wmM(x+y;HgpuG3?)&{FAdE#)hHrBi;8I)uSg
zo?BLcXKIU{s~xAtW+5<_omOp9xeZqNA?UK7t4+l`tLjtdzLV5h%k#eiHhUq^bTVvK
z3N~~4{|VU4mQ9M!e!tJs)1LTx2b+bkpCPcBt($fle|7E$!e+<Ulk3#u>4VLZ;_EFe
z<;2%p*vZ9awZ~zzUftT>4>lv--?D4M7{Yq%Pl3(Uug)Bsg_gEp+j5b8|Jbaw2b-ND
zM(hJ%vtGM!GHiA-`U8&Kwxf5w*bKf6=(P*#556R9wm|&?eg3Opv%f)Xy>Mv~HfsZ$
z^~BciLT_X{I?<~tkI}Y+D;wK$g5S)Et#|xpXB1m+`OS#4b7SlK@td7-Y&~|z#b#~$
zp|P*u?Egh<z3Vqy+b6c(iYrsBql3-d*n0TcZ*0Bht&BTXI~;7**1`Qw<f8GsleVgj
zlEq1}*=b_yEx%b(Y`tXB(i>Oyk;c|DH+~@y=?9w;yIo0}H1?&OBDOwCdxgtN;EQz7
zjjfMzFWppZeU;u37w&iFlok9}KF01g2aEN@wVo`teivn&F1EfOKiL__)>k<=Cuqly
zwS82v^`hJ259NzLZft#(>gf|(zl%Apc;m*_H=u(q4@>ypUu?a61>h}<UN`>sRQz>g
z>m?Jgl$Fnot=}b?AaggizJ&XV4;WkDNuDI%R~u!t<t5>(U9=;>Gw>D9dt>X>KKfIe
z-WBs)7^=V6deN<SN~f~V0AIC<hvKEuS32bfsY5tQ<+)`Ac$VTkS34Yh)fObriN3E;
zTa}Y`7iFv52CMwu*!mKl7xS!&OKl3eWuK(Z2A(_k%Bu6j`@VW(>#hF1?IidrDYkys
zDPrs8SFv>XB(e1kZr`yn(FcyLkHROFpVB9`-mce<jjy7P6yo9C*!mLH)hD(-+9$TY
z3d|(gE4Dr;{M0A5K8lQ0hU3%fu|cPbtq(%$>0;|o;nVs+vGqaP3}&)o<lVmQqYWpc
z+l{T4PJ@@Md~R(0F0~c?b7SjEq~Cvy*!sT#MiM?e8AcMemJaMYLyS~w`>)OjBU%2d
zB#b1VO2P5|t24$(waCNqU;WK6lIy?fi;=AJA^O2c3+M}-p8x&(4=o$|@~JV>$NLXI
z-hcS+HJ5N6@GQ>C={@tpIp4v;6~X}h_@GX}Nb=VRlk~+%^4FXRMp}S9{4f})mhu@F
zPQXYiuRn~mPh*IEzQbuTlG@ZCMpB#l!$|v1QfDpC{|XrCvA}`TW2BGw9~x(bk#dpg
z=`hkMd`lk)Bgr4vA4YO~N+)1D7b8ih`(mW+eK1ntM~#vGv|`@VIwOno8P*iK@mI5~
z_^V=_(eQt~2R0<1(Qx=%drA&0`)+}m*`+fYPKd!G{>sPulf__7vSP48@lMWzW3JP+
zi#8|Wq&U8$_%7?6ugmczbveGIIR1-xuP<p_?>Sm`mBz4PU5+m)?!ViJ3AZd^|9Ni=
zRw(Z0JEIft4q0g}Us4Xfq`OOFEu!N@oD?SpE3R_-kHMlm&ehDq2hz}slj8fKv9B*_
zo?@^joEU?38PB(#<{T}}Ka$VUqK(a?DC+_HoQ8M>Z4@6}U(#0jk_w5zT3#As&f8`A
zl4z&vOZt`V@93(cKY)|sJGnaGcO{qF(uq7Oc&2t>*R{^ad!>`Sd|jQiRqrH=5Odys
zW3ZNI#fZV8ywP2u-g6q_DR<etw|q%C#9+aD*7>^n_>$s5_}(`L%Qs5)K0GfkM`vk`
zuiDn>oYep?+&HXR&RGqdsb!tju+%xL0j%^`z<=S1aq_jLF}K~0KPg^cn-z1;YKXAT
zXYnLTo0$uCmB1VL7I*wfT~Y4A@m=_nB2{|#DI?-{_=~?IqI~#M;>_iu_%-4l-f>m~
z=d1Rf)!_G9XEnrYD1R4aSpK9OEAA@R6L)2n#+<mTu73PU@!7~X>8yr$fcvDg8X^s}
zQ?k>1RrEUkq<9@|#h#><qeBbOnd_kIOk%E_vl@E%Bf2gAP`>!%_>;OEf0D)1O3uoc
zemVZ6h~rP{YCsQN9+vQ5Jao=#h}1iDYtD&3$)eYpb9SAIzivLsM0{5}@h92!OD5<t
z{v_`CmI3$plQ_fmQoikRQmhnDF+%ZTF4>t*@~Cf#UgRC8jCdZp>8#gv?c#ZWXJ93s
zV<))OcBQ9J#q~~Q2@g5`q<GMIroJq?9js)PjX#Mnm=n&zib|hUZxv;UhYgf3S}L8g
zf;@N2Q=NJj;8}|Eypwh~SjnotAAeF@Wvh%`l&x|bxGH&8;yf?mc`?tbxYVYg^SqNb
z^jBvC&mF8})%oH5N%k1!#8N#L$holpy@uh^m>-%f-Lw5k@jy5$b_cxkXNMxJ)!BXA
z>KpWN+n*Gl%zNJ_Ly;i))pr`)zGM57;@Z#W<BSF?hAKo16=x!UGW&$H8hXozPwFF%
zKS{Dk(|yz_7k^Mh{S$vs#PKI}IsPPzUeT&HIR2yvx@F~e{7GHP@A#7<&RGpz_+=~`
zgg?o$L12p>8<YaQiji{9YDmQnaaKdT1)74;YGEbp5HV7g9kODiutQFalx2sshtRfZ
z$Hhp+t+N_5=JcM`5U;juQqNfpk$}Tj^=+_HJP(<;efv~&yZO{d)E?!-pVZU0Q;;?O
zq@KQwKPjR<a$GzVw0x*|sJ}5*+D@BKhLs$jQkUaXIxSXmd`f48l`NkUJae&9KR%^1
z#!9u=9APTr)&FK#$@MAq#Y&b>NqXz7ySZ3t0sW!Vb0SvKe6WJ&`?>nVO8aQ5-tFM}
zuvkgF9+HHWB#Rd8fcVInqkj#obZ;R4)L6;!EA@+&)<c)<S|PltqTMc5TF<@4C}E`q
zddE2Lw``c-8q1aMgJ7lYlyN$&r1_lAaPUx%&QBJepN)La1S>6Y?6PyN)klVvM7PBs
z$`^lJtmK?)bsSc5&b5lTSgF<;Lu?+(N6{Zv(%iE@taLK|x>!jv>5G-NOD3LPtW?PT
z2gOSJ$Rn&IdXcw<L1d3zthAly0iO58N=knwSV?pjQJ%_ROpTu@R;s0ZrLW{l#w{w(
zEh}L3VkNcXOtF&Mq;eaq@_Vt8+EmQ5sy=n@J4v0jJpU_TrF#QcoE|GVex-h~(t4|J
z(8o`Lm1^C-^C7X)dibP1;+$*MgO%)h{T9|)Kpn|gsnA|~I}R&3=UVk(CFfi#E5CED
z)p1y9Ju?2FSSc4;PluIchdv6dluMiY!%8Qk+r>)K>AqNLyV{C=yI84E`u)EMEA67q
zC&Nk~`<3WJAN!T8^V$EKex-W@m8Zr^AN!R)_A7ntSHf3v{2A;2Q~XNz29}>5D>-pW
z{bD8Czw@zQ>0`f=7yt4A{LBL*-F?4P^RZvaT7&!8uVnk8H6Q%n=2zOOvk<;_YOM6J
zU+KeRrS0g<$9|=c{YuHcEZLF%d|9<T|ET>+R{wtd^jPU*ztWkl!F}vkItf<7*K2*#
z@Bcwe_xZ%<lzBqW?Bz1DbI$%H{l@hv>6zYb=gQ8`KKqyWA48;hgP86G9^;v<T-ngt
zci)@mm!(fD-Cg(umCl%BJgxPx<ZsHfQ>MNtlQSpuw95VkX{QtG?0HUksf+sp{G%QC
z?DWmQT+?{Q<Wf2P#VV;h(`&ckF7hay;WcO%dHQ_w?@Glg_47@cIXwTM-~4M-tdjFh
znQhRZv!TStAF`)Nu|e(5zBkXd(x;8=+_Qg(e-pdZv;Ow)tlNlJ*W+W|2d&$<)RuBC
zmGcJjDC3#hq4l?N>%G$1GI@ix>YZc}LKgkSDw*4|p5D%T(NpHcDp}=U8nSpVUZ=3{
zEf?NrL!)G&b*x&-E`;aVT)nYMDV9$uk65MTZ_3;cZKwOD%u3Q&HgxBS7%9BH^l7)v
zm$L6oZC<`T>**S+&7nyPQfz)a3{BFHOW})jOKWesf0%pmaY3yy>3Y2zWK8l~?{dyA
z<G=Fp?3wKG>n<-(F`n`0-T3vFSMcqYEWQD=mT$`NJ%^}i+I$^|JUWSKswV#L27jon
zG{<=ShN0}ClspE8o+*J}lFtx$RYjVT3+(Uwb+QIG6Mn%@Vh`+Z%NUfYZ_6kys)M+#
zvO%FqwX`=Iy01qcME5!DOH+Hov>8A3hx)b*{OjS<FD-t+C(2j3T7y$P*Q*}*Al@py
z+VD$sRXoxfoOpQ`ZC6_H@>2ebmx@<H_a-fO=st&X`3|8)uhzMg{#1N+^GP=1zuH+|
z>(npVpwDIhY(P)$*_U!(mSRjgRlHKJL4W58>7wp8$YbS&Uc)e+naSm@!Rh%gd7jNP
zc#F-l^Q!G?pVH@WsVuFtDP9Tv=y|4eqFe7&hRT*6^^I4OK9SFgS1PA0$ydBo`Z6w+
zpTp&r*HaeH)D}HgJG2Jp($qIzDNH(*t+Z;B%3W@iAA&CXx!M%sS$Us2-=Gcs)p-}s
zg_YboKYYAW@BTOX`3r%){bQx<t))-9?Hx#8x9Z)R^|WFVc|OVGv)l2o)i=;#*5D+M
z$-FlPgeK*Z-{P&)cdln#()+7<f2wcGT;I2R@d+7S$~uAaU&edg+x6z0?FnN`sKYbB
zn51~65Inz2bqzo_pjWh7G9y3Z&7?VQe)ha6t(Bku%AfD#SGtFhvC5DRnZ90I<m1~i
zirFb6k8Ba&<_o&^=z3`F!X6DVQXB8a9@Suv?sn`^7<<HbVtVXRDru@6d(_1@W=il&
zV!sxZW0w@Sl!`5?apIPGZBuIW4Q!KX7?W}w{;H3gqLa3|ef(7PyZO{t)Gp;S!@Ygn
zBmMlR-ac;lj7jRF$#F{>8~-Q7Eq&U?P2GDvp>89)yf1F*F5~%juI%hG2RD_wxT$-q
z$LP+c-8OFOjq&!}ReCf;Sq^UMHtsf#!tdi^yxS>LG2S_MhmNXj3pWw(;kjFRsp~}C
z)NPtZx5_yQZt6C@b{p=J4YhF-?IKSf+%#Xfsh=3{%X$9aiSgb>n<|LU6(3#PWMtwW
zB3{?Cy!5D%y}-szNpVX%to~H);->Cx&@0}QbEzEJx-y=r9S&~dy+Jx#CbF}7Cs~A$
zMZdUddDhYGyccc?_u{5*<F1g!dkZ%ax0DO-v!SsMZt4a%b@#<hMg7EhTiEF|G2RY#
zdLa<+2Rqf49(CL8V5jcowOL1N;1SOkf}Jd$$nHo-E`>K>f^Hi-l{wg{T;u&h^<BpM
zg*J97*O<Og`FPgtV5e?urH!44rS5~BEPWq{txCd9@zR+Vc8WXLsk;Q8Nk%=`sr)$X
z)SZHyldw~_V!e~F)52QXE8UlER)2A@Q+Jp)7pl$Z(gJknI_NvoSnp&${SqEne4>2u
z$;M9TnvI<--YUJ?;9#ePHg+m=u#?S8jl<%lgPj&Gcj%T~1v^>v+IIESe0K9mHee?!
zUwN%lzhr|>gPovffs36Mo(4O0n??w|=Tcvx3@b16G8T8w<m$yv3ta5f4R5hqAuF%i
zuJ$Q?4wuSG!cINUlumRz*vTsU46u`>M|V-aXeo2b&!G;tylkH7T{1mthl8E0`uo97
z-Q`XhzocxHyPT_xXEUAWYEy`3<y>l$Tjv|Jp}#us;<<yJtU5nDcIu7wwy@KP$^FK9
zXNOCVnhvcFcIwUvXB~C0(?YP5#iNI<zCmBNu~WB$ofhVjUw!8;r|&q}soTO%r-=2w
zo_<BWz2%EfvL!Zl>b9{Hw!|qH?6dHC{)2NC+SrM4&Bjg^y(&wxe8a|03vKK~ehWL5
z3p*{m-o{P~ZR}KjHe-`zizw5wMPQ5`TjV3wyC3Y-ZP^KEO~Ov`8tf6+$+Aaar*7i5
zd+d>gog91A2Rn6J*a=&dgq<AQ)PtQC<~aO4hqi;Ay0eju+s98uznf2eMeR~PGu+$9
z!A{*^r=C6zc3OA>c7nEK?39@0d9nKrFW-S5z~0z_?2#SB`rKgF=X{awXN{)AeBb(r
z*Nh$nBj!K<?RkGc%XslCD~uP5z50gnCD#79%Cm`Wd}i>0h1p5pFg~zsPsv+%vOjLD
zwLgx1P{*H9&i*+c?@!zxH$M7?H$D11cp>IBf@Pkq7w_e2_l7TC=WUts4KFyt6Px<3
zcYJgL`qs|7a;{qM){FNI4qv>MG<!+=HPWpe7Mt2Wcq{o{ol(YpmSHT4GMCV^>5S)P
zo-pNZy*NzzKU#aGgtOAR!suXl(5o}rDNlK?aPkJhP0ITK<3`3{V?<B>LE(!R^Q^@)
zx=XQnqUn3=Arvjy!?(?_X@7M_0p)}fiD{E(8BJR~ug-XhG;ST!ojOXKItsj_yL_@I
z&?Xuap0Qo3^LL)+)mx!k-+Dac9c#&?#WSXBEooKnaxRMp&_2N_a~C#mE$vYLu-Z%;
z+WF1s!ER|$eXC}y$5_=&JH+>P@0jRbZ>IHp6wlj-8Pgs#jH$BG2YIKyUdMN=i@j;P
zwI3tM+1d8~JiDwad|vla)~(RF9QxIU+qmBgU3AD*p~10f3D5YhaKM;<TP@Gwhtf#K
zhj}kqJ;GS}9(hW=W4cWEGSfufjy&IV(h#R;$wci@8zoCuCtN=4b<%dCgGy7D#Dih9
zL(le7x1R6i3iDri_c-~2@K$M5hiFtC*TRP{(Y6@#uWR^~K3&DH&D)k4E-h+fS*|f(
z`da47X3#e4z4Y`crw;fv{}B4H4L&HZbVI!QDeueB8I^147qSdHbZq6fi#qEpnWWiq
zTv=M{u=fW>*w2b=s@CmG%zuY=hQ)tJrXJ*T#G4icUyaf4wR;Co-A@|EmB#{s$tUa)
z3_+9nnak6a4&4o$buW6wJJA?|Z@;6Q@|4hqvJ~V_8|3p?&vUi+Tja|&d;8_>PB~Fz
zqx>po9QpNMeeWjcz4phr&%iMoB(G}s9p~}wCB0-*?lCqf-^G+6x-7X4GBzl0sgqv)
z!K#aXtM}z8;fpUIy~_BsX!nFR6p}aDo_vwKW&U2eFLTOjz$a*x1>M!k3y;CbP1kLA
zaiwj~4$UpXu6_ag`g!c^rP$j`BHee)ieP`6^sVia@$0kHLtp8!W9K{dR$-&udcQ<|
zwfPq6+~UdXqOZ;$Jt#bHE%LJM3wFrO=kx*j@6%=)2g<5iXOyAe6&_!sY5w0C>VGOX
zjr8JQ2fDHKSYld*C#`4yfZiKs_~KUDn#KO-GJO5(s0*ECyzoW$IsHI1d7OH+hs&ZD
zo~vBxiTLd5(<QV)@0I5;wqN~UdnDawuFU`JybJQKugpI|8ObsaQI=J{n+Keu_hrx^
zT@elE^~t09{?o0$A3YIXRK1$th*s6%^7!AKe6llEThS}kXSKDqx2?}O>7wv`fz_wb
zQ_55urE@dsFB_dS#LmxGJt|MSeJVZDc@~LhO=~=ll@37P1~QHhvc_?bvGwAaT-jXj
zc?U!_u1nUc>mcL%A;$N2y<Y6SvEhE|4%0_PyXb0i>7@@^&)}WxT^OBT$JN6_(*CoP
zR(4rwUAwTBbh3Xv;}f>v4mYh+uF8{Klt=nBRJ`_vHt2adm-JckT<GL$aO|>cyG4ua
zvgY#QnQZgGKJpUXTPerZ^YF#`{)cqU9Y;i`=-%qomu&OqI%!LsJ|sFN7v(vwZOHHv
zC#^enWDM^edzDXmr14mKl#yzTXose4PWxo{Cp-D0jDapas;iy67X3+S18!P}kD^Cu
zxAMD|bjfWv+ezDS25lJSq^)xJoH6S7HVkswV6}xdSZ$%5?cR*wp}C(&|1QPeId<+@
zv*}d&nP(Wgec;JM4%W;{XYV&OTI12o<L5cq$S`DPy%c7wOm5qs499Nt8Izd5_1IU9
zL++TQ@#q!uWDn}KuP-@eRAJM^L&=JHo;4=aT4QsIH7+RcZqk+|<z=1D(xs9<d9^n-
zd0hA>;Xc-Y(iwxFI0bFITV)LFrR^u&OV=&i$ehTf?@G$hf9d?cIy7`*>)dCq?QC)0
zRgqWyI(fYOLQ)y{nyhv-aIUXahhwwDp5txyok@A>oIKh$+_zr%Z<QB>FMaF1iZWcA
zQs#`)w>ath8>eOCRfaG^az5#TY{Ne~d85>&_pYrM?bkYa+<Ly^rp3m}&M2+0z-OE~
z&gWM=y_IqGRptc-d^?Oy8N=9W^+89Mid}l0KGgv}&gf@swfWK_Y_dwUb$BzJu{Gnk
zv31iRW5kwRW0A&KgTA-J8fU2=TOb=DO#Ck6?5m8k?z{FeEtxqEz2b#y-*O$=T>Mn#
zj7gR(lg6YBCtYVhW0J-QjZ4Gbb|#HU>Wdne)c5uOWc_}xcgu$T6J|!<O1%9aN;f1P
zVs2<0=p5XV*}~ZuUCk|-C1ztLWB#<RiJ{2lyszQ?+q{33_iyq3E%WZo=e)+Wg{D9H
zYja5SQLdGyv5|PM&PSkI`|I93w<R-+efn?xs3mhH=^r(XsfH0AnOMP`i}A4?`MLkC
z^ptC*|DBWm*x+daGj*5GOxcxZ`l4CT&<+i5p5%6@-2ch#=s0&~r1R6;Ti-+`0r;)9
zR`A<Jdkf4VUHjoprCFa@>c}aJXB|8%GV3z4O<z#_G+sAuG}*_OmBBULXv@mxw}{_7
zey`>CGyGQY`%Tux!{Hf5c=?R1Z+bQ>Z}%O~Fh-bQ6ps}P?5ha1wR&RHMla2}5_}qz
z&%t=>&OQG&ue-V8rf}Qh&xYcMdFJ7n&N|t(+*ozXXN~w`!`Rr){p+N=waREaG`Em)
zXM(SvZMA45=F<56*rtQSyPFfw4g?>Kh#bAoh#&d-D8{EW(xyYh=t%dh0Zkd-<Qzum
zIE2ks{fE6~kh62D>7es>q{OC;wP+g~6kVA$q5GOuCv+9QednI{NWT|c{X^)w4Z0q%
z=o%dr{Y!2NwPkt7RxgFVPR8lOv@>fkb6m=;Aitlo0t1Z~gOr<6S+%*;Ot0RCPWwjq
z8~t;_n^TO(Msof{bvDmZW`<%VroWLjJIe=-eVtF<5q{HXJBNN~l?S${yvb<uy*Rxw
zeVGwR8)(GO=G}7UcR6o<8lSh(v~MW=mEYPYjx~pKjV2R5<y7P})iQ7V_Ro$r=deDT
zbM3e$j~Sk~g8OpX(EV(pxm@X1PHifrA1~wi-b0i*{_mQ$lWwWfRfXCPl1_E}J7pi5
zdo?`13SQ4=?sFx)55>FhxFUiqtUhTt@@Ygq;<@s*kxye}{of%o?;vD0k~z~T@~2Tw
zI^~T<W@94VD+V<A=5y`=`jy5R7Uw~eZ&HYTwCS@Ou%mJMyZ`0#CBAH)P4bVc>^4SV
zR~7{yZ_F%SHfWUp<;qxN&hFJUroS@;Z?nC|$U}3lq5P|<=PK%(PrX;7OY<VoVbNQ%
z?DO|kVuM7he`zpQ%{X2OZwdw)i&9yW`rYBgy{h+T%$XK1Fq+=`^5iDrPT?dg9rZtV
zls(zVJ+RD{yJVGutc%Q0+f@TY@w(BmX~lCwn^k5P@|`%)xMDW)t)iYy9)Dvo@>ZTo
zPbfYkKNMg6o4m$iFX!0$jgjcZ6{Ta1MIEe1H6Bfz^=4Jo^lJZ*#&OhDW@f#F-)@f|
z|6F}_<z}T<+7RPqsoz+%jo-TA;~ISfLv4rAWyPXw!LOw~qphA$zP>%A_v3l5KDQUY
zQSFvv%`M*SsvPEcMcz=pZ)nC;&4rZ@|M~oiXegg=?@Xz@DAZOz%9vac48_yY$BIn$
z6?4``C;g=QUqktgUSo19Z7(rX8@G5;y8QGLwSPB#q>?<rb3&1TnX)_O93xUeSy{Y$
z3z>DW4lbWZ6=|v|lfKYYV)_~{3(SmE^Xr?b`ysn;2$+$oi^6R>$K{b@iTR>0pL}J1
zK^D}XH^7*Je{PHqyWT(>XU_>uA2QIqqNUPUq;aKqU})*k<;DnXV^!;jI>wDu%Py1*
z4COP1RG$Z(dCSZzTMc7!x!0E}{gq$swPT59#`LC7!IMDu%sqjH%f2h#bLjTS0(c%i
zl$c*h{gFY&6!EX)&sozd=)d*Q5-~ESmGj>%>jldCKD5=%4Q(#MhE#qTKA8451I44g
z-f^>)Hg{=7?3bji^M>2>e9F?inDBbv@}4G51v(_%sU8_>yCH>hmgzszk!p18QO}Us
zB}*%oROW`_H(Zc1u7Up3g8t5ad}U@8{U`WxRcy$FU$1U4Q#y0@^L-)uMuV9W4KAG+
zlYdM)B>z|yb#!=rvrEv`qUZ9^uW*~>brp0KP~M||O3cq8o%&4{zu2jJEju*<e@Z$&
zM}DvU>9OWA?9@!XTkL6CfSvk>O~;zyS(^zjU)qk%AzhSoDrYF=NWQ83T6TqZ5Aja?
zx%r~*=I%S5j=Yy@#NWNfgDvq|V^FrS_2R?cK|yyOqA@GPvlP}2G<NxhgyP6|qj=^w
zL;3j3rli2vFt{uPUUQ#E(18+kyODII;F28KZS*8+8k4JkIx}+jMIm%^NaLgCu*Mq3
z)pq)cu*sphv#>pd&?OuB3v2vh{9RNPHS&d(#H;=MmY4&A0n;1YGRRm|Vj3d@T-Rr^
zr~Y4!{L1x4{w)_7ZK>$vmOGukf}T}FLmvF_!?!B>iO=dM{>IW}oVi242+&W^W9MwG
zP`n;p@LdpU)7TPN<{OuX?1OQ0L>4p@Jzket&~0Au7WQHcdhqT$%l5P*>pfp&tVUOm
zQ@qX^|9sJ7JS*ebUfQ>hG`E!)ZNtOHs@B`HuFQh2VrUw@tv>TVtuoT1+f@d-Q5Nhi
z<1Lk8>9@*AkKX!aqwQD?^P_Nh-p`aCTUy4LTjA8XmuEg-cwPnLZN>Uf{{6_I4&JL=
z$zS|U=Nt^ltCq{<yGh)P_<r3n{HlXE^Wk9P$&L8Nwt)X@;b$3XeP_`>JjO<USt!5O
zlfJtiS<4Roe%G;PKe~WjI<O9Tnt8I3>CtT3>gBo8T)6vKGxN6t_j|&tU0T#0mloB3
z34IcMm?nL=|Lw#^*$&me|NX@LCFrv7v;69en=c60JTp{dq?a+$A31y_XU5G<1<QDv
zUL9a8YGu7<|BqTS(;vTUb&HQNVN6Tr!=AfV%P;(^0WFy|q&egr0M;_2!gBk0&pdI_
zmYRY{`(PuU$l{u1v?b2v_ey?0&F^*mPUH7xe(x~a+E*AG5(hn-Cx8iGM>o|61B{7a
zm8mT$#-f?n@zzg;B30*yB0g|SG4`GMyTb7EAZ=`)7K*F95VE@&xwU_qd+O2sjk-UV
zd+OJHweG#6=qIyjtNKVW<FeNpmoJ1bZdqHq6Py0*_Isy%=-Jd$w*EWimgzq_@s0fM
z<|~uxHxh}BbCc?CKbF`y+pa%)9chJM4`V-E{A%MxFe`kNKP_veXLAjGvWC7`Lw~42
z@3#yaxVh$h{x9I!RDK!5Yd*(st<e^~r*1}BZ9P{5ehtoa@)5(8Yb>ofW=1N$Wd?H2
z3blP_ps`9iYmTsWtI@gl2Z{o|Iia@Vf&NtHEvfXY3nsx|#@P`a-gFDEzB!kE@;Ukm
z^|}3I4DGpvx@(T5Mrv}s`NGbJE!)$Boh=>vBsvDpPZR#uxc@lymQj{yZ-;+nQ~6JO
z3=jX$=Ra-C*8g1o)Ao@5V{^ohGXASyjD&~pL6e&|1b+|e-p$Yb+q!qkFu3p1y;Dwm
zcVgq8xK~+;>9#zQ=M$2LQ5LfFrk!*ZpDK<hUfe(*E2AZmiQSj(5st3@Kg+&*8UNGJ
z%SQgMR3ERbjy*6U(3n0VNZ$v?U^};B52S<7QC1yk<nP|$@$JqU7&@>QJn_Iiq1a(`
zt}NHnRGGvd<#|SQJ3P{To9>-<>VA{%U0!kjxbB^HuH`;?P7|HmJtp~HbDYEqVdONh
zYC4#8G}v_v<46YM+E~W5flY6WGUEHPjmcwYaK_~T^NNZvdU38d(D9Jb<j?jr{hl$^
z$J#JsU-W(a!$-W{;Jera&1o`jo7}X2f)UB}8f^vG1SWCwUK?Yy$)>e1hndLw@An5A
zR|Kw{(U=E*4GaX+A(K?zM?E3F1CbSFtQi3=9TD{yZMR@|8z`f6gt18J_I87Rn8(j1
z?_tGLgX@HK-^7M?eN}Tlf0X-p=U44LBZrBRE;^c+yn7gU&ueVll}qe3-zX4X+=YyO
zO`Rn#w=#zsQoWusScl$IWzDI4)!`$F`MY@kYtjt`4{u-{x}kE?=3Sm}+vTJajTM#W
zbI&&;DmQGd8j;di3RYEJoyhz$@XIRjO9N%h0dxEqto<tZxsI5v=P2_h)T?r<M+|TL
z^m~c3&Z_>#^tb(IHCDshcCh!#p+g(*0aw1A6>1|!Gd}^geEZy%%q`~ds<+04+BS?>
z&HrK5kAS!D0WawPW&Dp&pT^;c!@qj4Xb`NKawsv`;;)&K`UtwW3%n>^2lmWpL?$Eh
z;3F71UPrwdV6Ki~nuq$TwO-r7`f(oV7|+{;$B%f&Mc;?t%J=?2Fpd|@2G4~VDv<rb
zVd1tbkm;%F*gGl|A7#xA#zpUZ`dD*~C%bCzpA+-xFSZ^m8*t@v=#*X@rw_U}KXKD+
z+H~16@0C^N+4CArV_pTeY`?dD^)2M-Olq6kF3CakiU&oM%{uCs4*GfLk4qxw(bre*
zzhloz=GAX{SFWxyQyRgkUE3_I6^g$wz*yCV9Z-6`lWo|_yJBoX06XBTtc>~S|MG2V
zj*$gU+P}Ue(pkbBL-PvoQ^%L#59xiRFRHAFjl*Un^Q!_(lX&mSF2ihj<+01@)AXOR
z!J+s%bY%hWzPAi}&i#J)c3AvpefG#0zP++^dQ3c1zf{}QUwpJreetuj5q$hYJAJqC
z?C`uCUusj+Pr$X5!`%F_LgwK)Km26V17Ka1A#6N+YeMt%zj(lYId^`#={v%~<bRcX
z!zu63+%I7-uElO#gZ;P~J8~6s-uV&iiZ!-c_?h&3R1ah2L({+<r?EMuhW#BGVT;$X
zKd)th#l{<xZ=)~C?i}_GjK=V@XsnD3FkY1Xc^{j){~;ryxOt_kpkH>3^flIaeO-6V
zGMdVmUoTxz8p~&Ft}A5D2Bxdeoh2MTxqbn2M0gMYcME$LAnWT`pRK3g-tKMLta<VS
z!!sLq!V_!Wi=8RMW@z5Kmi4OAbYqc;|N5}c*jWF0=3^>zB>kQ;OTjB9^V?SDuXWVd
znqo}O;dz)k^NilJO(&3M8|%@&0mzj1(y3zZXVac4uvn=%rfVDhIe8xF&cU;(TePg>
z_cGGIhK+a~y~tg53D{b5?F=h6=8yE-e*z=sdBNwjA&<WK=(~ye=aC1!c+Ap^^K89H
zmAn|wbI=z{FD@C?bQZGT;pj#EmPGSR{4etH<UE?%<ahMqOXNGQ{DX=4X_Q}w4N#la
zb`L&;{dXFx>bM8<#_=KdJHN%JGT-MlrX-hl-T`a^wg%ec-^0cb&pgI0S9PfD|8U9{
zAN`cCepLrXNiOG2Y>RMSU%H+pZ-41m(!Z1ItwhJFq+{rv<)3lx<ueFi`-M|A_WK#r
zz_c5Kj8WLFML}%lqm20tw1NNedfIRRI%=@b^f{dq-R48zvgK>}%d$QGO2^lNe6uM}
zK9`y3oT~@en$14?spdn=;a44cYG6kd7uUCKD;>T_FXi`0fj9Mi_|mtX6|}38cFLca
zWsd900UK(5A$m{O_uahef6A}Em`&SdxANc#^I(lli~J5x>fs6h<8=;CT-))BAKSKL
z)l~UmwNCB9)_AcwNo&<Bn1f<x;Y0i&YaGnCEkDm}`b@_Jqv>k&yP4}+?4s-j{@EyV
z{pd@d_cy)w*&$7tX6UCG!#~mFgKx4^^2Y|Yg4Y=L@>4ax9b5etd~dydY0L-hkzr#S
zg;)H{=NjOVX{PMX<x*X&V@A)OYpm*+5X$ewSI#(jQ!4(OnT$sZ%!bt}Kj-Q0X2lTI
zTY3FXzA@3WPLppG`BZMv`-7*p563?<r@Q%gmL2Y0H$C$8S=iu0{G|5UsqmKS(z>|v
zs{O6Z6D#n`RhXJDrbRD?w<<4(@~r2H!BeHzN~`;hV}qxbrG(;Rd9U;rNEWBD<38pg
zI|dk&<p()v`9=o9cO$yi`-2%zdA}Na4;efKMvbBOS>DVp5Be<{+pRTfJB|D9HTqu%
zV_#&&S7YP6K75waCx6#|^ij4;V_7?TR-2E{hu=SJuzfz|diR;3P3t+IxBW5nh<Bf{
z^hrLGQ;%I>jd-ayqpJvi4On}A#j(T``Rt<D_X7HY@aHG#M?d_$fgg`KGIQ9Q@xNB$
zpJ*_Qk&$6WTeQ%~zZqYTd=<JMkMAW9oR@g7sB7x7W%q6Mw7jzUvhHTr$FX*S5r63p
zV^th{Tksvv=DZbV(?vHHL^>G%g}Vw?c=EIE_H54bj_cA|-gVIB#qTJr;l&5|!xdU1
z1{;%BK9e`l#ZO}Mi6LxjWlSm?ZcG8kb@})vL4@(Bo^fyoHm7d1F?sqZW8=?BLwrG#
z>WY)!t!E#8XZduWCYG<ml9#V*CVg3UM&<284zgX~%qeSm@5k3sOy5Ys*WocUcEb;R
z9U0Mo`IYVK09z*cIvAg5v-DJHVx%FKFbdB%ZHAtoV;9~>Pb$Ebtx34@DeQfKJgwlc
z=;?49HfI4bMUQ~nl>SU{TLjz|O~P%hr@(EZr|6(?+m|ieR)}1CaN7dbdU!XHcFO)`
zVCN){_4vxfzXg&b^0VZKJbUG6%kYn2y!(&hb9Kh<3gmg&JBj(N@P_~J$cW#gafI=~
z#7<>{`69?6$XIgCbJ>mik<CQLiJGCtBF#Bd?+o2nGBlO7pm5tG*f@NR)m1!y1Uf5N
zo6!ED<bJi_?^yGp?+m10g>7HzV>y5Cx7K`8=vRC3t^Ct7U<=V8JcK?(C@YBG=P}Mi
z8E3{JE454dYU}7|baX5_niajHJJI|qW6HbSvsutyZ*uzdzFFaUG3x%~qsN+!3C?;`
z(Wjeg2ZZN!fj7`c3#)#O`qjUuL*ovfRd~>C?5i;0PJT64JJazw>Wt43XDn)^uT=cs
z#N-<Mrd`;n{j}FwKVa@Bzgm>GuEgJ`^@G^~{8iupVK~+#b~gr$h~iLR$2X|7`}mcd
zO)hJUgXUCd*0}J8$r|GZFvbmw9R2!m#<;V<*CUvZk7Uit+ayf9m%gEP%HRAhSXh3z
z_n3DJ6IZ^UXx`$%7J0$L_~gc#53H6iP5!%cyboCZyMG<Tx-{*ue0HQw)EJQ-9~|W(
zOXQLft;24BIV@kC{Lp#lp6H7!LvQ7aQ+q5w8u=fE2HJvsod@k#(1tJ4mbr{cmop{}
z=$#jkcAcFz`Y&p?_tfik<M3nsd~9sm;`hF_$Mq-4*Ko;fcl|FdI+OqZg{<T7Nc!~m
z*q~PW*v?$m*_i9^q#ZjMM^doCCCuRqDubJMqZc=T8}T1pP*;5(_sl;kqnqo7`x?Qg
zZ4Z&B9liWAWlKia@_V|qKH-2T!N)%4ChvWBGWOK4^icY^lls2Td*4uhV~a2m<47I-
zx`z3+pSt|erggtO`gqOlfz3YJ+lnm|PE>4~?swqB%3~Z<EVmEdFS$K$bKW1OZ&qyB
zD$WVW+daKe=WvIy+YQtgxhNFBXlRPH)+akaTd$C<*a2o-c`R|(TUFK5SNexGhVeD*
zH#4SzRY%l#Q>qys=2yQG-CSd4RM#TwiFZ`<Kc#vr|BIn>3G}6a--@AMb?0Gs)DHQa
zE5F>jxqy7R{14nw$$ww<HvA~RcWg^LJSd!R&o|zFMEY;dL+^Fxp@$f!izrv~(1lMY
znz2Xs7HS@PD5vQyjp5|K7@NS}xG@oEE@oa0Ca5lk=BnEx_;GBSgLi0M++Q7rX3;A;
z;d5KvU~3*UqHZwX_C+p5?<O{?9r6nWz~9OfIgH;2ec6pYDOsvAQ*GZ6`eLuQQ!eXp
zyLi8wbmyT{Rh8%A2MV{%A&vOxxBNt`xmG^9Su&SSHAC~xcd|q?eD+sYV#}*uIg#eI
z%y)wDS@bTsJ-E4!d~Q2;vi{g#I}M(zoyv13>GAhJCV&67!QIX3H_{jV3g21%2tKl~
z3IE4N*Ok~h-eUcxN1wb<{?VUD;`pm$r5^gT7h5#ITJuV0O-uHRHLoD+5F3}Ok9pIo
zDR}-NBR18o_aW+S!Opyeu4#SkU2j@&>$~6Db2W9yPq_8Zcka28|L^jDEO>DVe9R}V
zAs0Qj_Y-79|6!@IDwkLZtrclK<V)P&#y3qK1Q!Tz-%S2nkm2HyM%%5!j5x7iJWr1<
z<oV)U{0GQ~{e;zX(1FGD??ZDhp)IqpO@*{g>jA&C*34A5%3Z=bz+3Rnvd`Wz(XUXB
z`u@!pKaTg`r@s)2C|#W=y{nyZkM&T_(H<48lAjp=PLwko^lgYqcNfN1j+ofE!Ax!Z
zG4Gz|-H)rj5!*dtlC_qn`Q04Stz_)D+Z?)k3;yAmj2oBn&7~N$us+x1>t-+4P~$)W
z_+b|5*D}UWhPI0T2u0GdHPApjBx(G{fm>(?bCvn%+kv&TThG?<>&p($lfCwxg@10O
z5!V_KzV-QQ|2Y)Pp{y3#v5tHyvkn`gzV2fmlivt`H*aXsuDW5q#tOa*Q%2p;Z26d7
z-~Wh`?lFq}R=#rZ#Cy=)cWt2ij;A8;qfbY^?t%ZupX;YJGV#)94mj{E`m%UmC?Xo0
zp{+vlrA@+1IU|kvw@`mQwC=|znMa%b^#2sU#$Dq;(Wbi9zV4a#rF+x5;$GkG2Zs4}
zs~xuf*n3TOEHPFsM&7^oq&L<vpR3qsMDBnucc@P4s-*lB@3`GxQrV_|cfs)bt_8%>
z8AdJpBQm<miR*i~xVw4na3j9%Iy-KkGfh^B=Dzf<!=L2R+lmeJndx1=?!x<g=`E}M
z-OKju9BXVEjlB?kW4jCYe1~#<L&i3yK)>G@-MAIJJ{vkR@HbYGE)`k73I4wuzLew`
z2ku56-t?wMt9f3I><Vc|9_5P{nbc8~ShlBiw6W<LFsS;}ZIrLMo!YXP|LS}9!-E3m
zVc+wNX)H&#TG0#nprlVH@K*b<_)gg-)-jII&oocC`rAfqCVnjG#p0`t$nF1VMzTj3
zn}X2tl|FoWn3%v%N(cM!p`P@~e3;XR4`IGR^FjC^o|oksktLrpBlkNtp@K4(Fqa*}
zm|Vdxy4@sw?z^w`eakNV%CZZ2$U*YTfR{e;a)`0XfS2cpzW42Kw#k;I8@|S|LoymQ
zN4}hQ(xpT2JDEqqQcuz^-i2?z@07-N+>;fnKo1r3Al+`qkEcE<%vkCj+r_+Pex5he
z>enZe!!=-mLT@^A!ZFdc==r-I&u-UN4nxn6@ca$xblWkOcI2rY1C34DwBuk=cXMDk
zzAJQ3?I@zG(L?;SWo+YC==GxmuYhm!(7m1D|4wM_g8m!$CK>!Yz_-{~yYWW@j{eEM
z93hQt@DTVQ9<Zm~it9+$kFrAv?8ounj&k{atf(8j<BPiToAOR#(|we|xN@(?v!R2!
zo8A8@N&g4)Uzp#v-J_##(l*8O>t1tA{kpM#Z}3ibz59Zbk8>H>GcEhB*bd2O8}hmJ
z>QE%Y`d+<c(_jC<_Kb#yvOQ1s*dFbTOSk6bk=uwtMCLKi=*CvZ_GCkwkMjVM?LsB;
z8DrUnF_vAZhhEz*q+=JxG;YO4_SYXaoWw5Nn$#a2u=)dWhm@)QP{%usg}xK|MekVY
zj+4o9d6%(L*wmH9j|PgDPh;Cn#@OB%8O7U)_u}Ig#)mTLDg2m9yO(?lKN<cUOV{xi
z^k;L%z*CR(ayacK?@LKKeii&w8+^RGm2afvP$uiy{qoX3RJM9dbSk<&g|?3#GP==E
zxjy*07Jdei=T2hf_)g=V-RSz8=<&(;Y1x-A8<EP~Ui<Pz%DffXil009cAEOO#?K1I
zE;n8zR;oBtJ5Fam<(D~Sq#sLcdMAmO^H0Ldtac;6!(;r#x4bZ}xB>N9@mBNBtn(Nn
z%ZxUkVZ?oZ`O!QhTx-S8DkiD@o^SKNZieqcqb+MKS12Wx^_VB$m=>P*&KK-4VI{u&
z2Iel63qoz7$7fml^}$fANf?W2a?SjjLNmYOa-*$ms?kl1LVO{zV67>bY3VQPO~n49
zA3<=(A|G+DtS_==m=R2~^f)d0d+NFMd^fHq&GHG3RexaZ|0PE!6QrrE3bo-o7@<C^
z^7EJzEm=S;BY72{6MBv{Gia^(hVYyn|CG#E;Sh~+?3<5vQJ%`toLkSzJ|Bv&rLJ_=
zU|#2)?9`@2VpBUZOL(mP+r9A!PMpWhL)p(tneTiCpDTIXb@*)j!F#MSz<f@c{iG3Y
zKJs;wesDZ)_GQn^m#lW+7hIe>C!kp22R&vgwxyaqN>;2@1$<7k{3L12qkH?`k*`Z{
zY^+*=e3WM>csmQ(_*sit{jJb_dBj;`cY=B+{yz%;^S!ZY`1FDXGFSqw;=gp}XYfFN
zDH~^xj;^?s^$%~_?Dk=qjUN1y@=N}dXSX36rPY}7Ao&*~n+HAVsY{W^5@hjGlFt5U
zfZG0V%o9v&o*+F<%cc*YtFDepH#b`4r9};`9l_UH@zjw^8gluT#nZItM&#ngjD*M|
z`d!}ZezBEqRP@kX@n(A~{X0$d9|U9StZ3EwU&Iy3&L6bK^zE%*|3dee#PF=m#3;oQ
z7aIBPgST1Ze8OwKxHr{|yf(^+Y-29Mx2`7p&SSmg&Sm%Yti>>I-V4tQE+$Tj-@wtb
zJ;5beS8BeP!+j^~uqF7ODsLEnWeWOM4bO*ER&T!B{KUux=EoaMe{dypTJ|9Xhg447
z+=*{g>({&Rv8Upbt784;I_8M1Nl$5K-%fj~_GRJE_d0u_E+l?xmN%9-hz&S*R;1%x
z4>4E0@BN{f`NhP<vd&}C5%_P=QSQ*uIcsLDh<4U<y*2^=i0Mm_@Aso@Yv-&`PaVX2
zrR=31AMuHuvplhmCnTfZHYT3c`2z!4ZyrP+8%!VbG1mCexfEj9%qFcZ>`nC`M>8_U
zZ%o!6#nG(2s_$ve+v+o>JVoCtrH_<=aa-w22Z>)%{C+Y10X=U-mizGyxP7aHIjQ>A
zQTo<6Gt=r@8|Yh|_~vJ%sDF*O`q$decQ<dQe|6yJl^^Q&=&05uHNTdBJ9-OiL%hqz
zzqFvn?qe_WY(Mg9qn~ZI`b9?c-zeuP`kCl?ntm3cpIt;hZnbRZm>~ZBpfTs7#_jlD
zC7+I2g|Xu9vORg|YzfyRq#M#*uKOofQvbrr8#ezK9lU(u_zQpRH!l1Jev0wPu$_HT
z(o@;jR_x9eZ`S55v$A4ap3R!xdTvdm_1w=zWINkawU6=#Gu96N7JM#&-^K8~2>yQo
zIeebJcPaiokLBOfnL5H;e&|u&>Y+o>YxHJW*%OtXv}j;?*`BAoXK!wub#^TB?Ag=1
zlI%ybS8Gd>?*PgjNcn@PXE62osMn88F`Lv!U0LQ0Hm0;8%K~J!3v4D?+WRm}?M)5p
zc>o?xlst#`%JU*ep6?^i@vQI3R!W{fw`4ialI0|1@FaZHdc>2+#kQ3h$Z<?`Ix;g@
zZ>@D?SRok>54CMZhDs}&I*0si$WZnF+>v42v}I__$#0zMHKy8YKcj+QM2>lPWL?>X
z{UGK!=z~|YS^u7R64|UBTtmMXzAA<{Meyhg@apsM>{4WL2{9P9EaaQthaI1;^5s{&
zBkRKCI;yc%5!x8M(Y9C8l}V1SJc7M?-b@K@z+OFP4h>F1XS%RgH(;-JW3SFbu8r8M
z?;+c2>{Wej*&br9+dAm8`<*^3e_uN>B*N_3lI^V1ogLy0x^dKdQ;kUBAmho3+?n~U
z$ax8J&QhOcUAF=`kA<(g?*g~E{dAlo*CUo(GkWCuRI2)DrX|-WFFk$?T#z&dZeOf(
zE5`N6^&Re$$G_i`cL_38-M1rC?aj%cUsk|FW6t!(s|L6-O$+{k^$8y`%|(WrJO=9?
zT3b$wzD8{27Z{WFp;xbAtL*0<<_2Et-4y1>n!`w5!UD;C(w4jSKb`z+0LAuEk0tk~
z6q7+Y&~afGHpbO0$-NSqQ~n!rf6$S8$1F3ZI%1=c{mrt~Gb71zU++1++>>R_$L=Oe
z=6Tp@SLVAMnIEQ4e-ODJvHG(u_xw}H{gOU%U))FTU+zclOOoVHES%Gq(}Mp1&;7{V
z8q=_Wfq};4H@*Jge(#WIJ^i{9`&<q0@9v(t=hy6AeDoyt*_y|kL<cOJj6R`TtJ(*j
zxjsyVwg6>9--SK&y`Pw(Z~w_=cR-_UvxizX+Yi02Z1*E)SH7<&_3NPIdy3c$*=pgi
zR`#mgN*{jJLm$Rgs}KK<{Z_h9?!zxTI9BtBOmlQkA6_y@eK^DF!@s%&910ILo(oIn
zT76h+-)YeoZ)UG7^Xfv!Hk-&&^9vVq{)xP|(uY;I<`lQlhexw7MtxZJ_@FhmPHj{i
z)DG73#jlFnOP|0`*0%pba2L3dxVZ>8wx^FK(ESAbA->(x|MtQ9F80aeGF+SZ2lMoO
zL;RDEj<t#@FFRvhkp8g48tc5!>j`Qe@j=JB_bq<fW8F>g<ae~czp-u^{7fF}HgK=8
z?)OP!-FM0VvNP8G0iN!Jr(c4nJ1BDnwh!M2_GlECCBN}?c+6UF@IlsbH0JGqw{h_g
z-pQ88ez?5d@geP>%ik5^uUBJ^C-VL{`JD$aRt{v$9E5xZv#yF?9sX)wScHBy!`}q@
z*om*V4*s&{8e|jH2t7;I(IZK7t#Rg<9vvNP@zkDceFC1`Px~diO+EO*Uc<<Phg+Fv
zxft+T?jL}kN~ihg=g8X(KUMel;OB$zvl;AAXX&W;IIZ!k@Q-;Mdgsn#dUdi6zV)w@
zU!d)uhX<E}7cPM(TK^EXw()|?w<#ZhZyiZ|YoK3$7{0Y7@$EOWPR_SiZaSWCDSi0%
z7xMPy+cfmh<(se&{z!{|KKR$+^zS-!P`vD~fB$!Rxz9L#AJ<y8@Xpo5<hc6SijUxX
z=;KA4lTixJ87hAxwn+4R7)&6!X#B)pM6L3`#4c`{k%Wi!&h;JqoliE`wh@)$ZIX?s
zwQR19hZiH43h&t2#_;hyzJrH&_F$5Ys3-sT&}p@24LZFVoqm~JJd({i<Y3Qf@*BTT
zJcOQ21!LvVUfx}3JU6vbvb&#mnk!X;UzBFoH%^>q*IV=Kl;h^v`@yXf!L2);d3GhZ
z^;YmpCAd{Kz7p)}+M)ePb_oAf4}Se7a!mGZ_=@cHsyyNhl6@C*X{US|@?BIEvVZ0C
z#Bb5B6_Z`{IpWHe24Y|W;tKs;%b9bq$0uI1p7s91l$h(su=Zy>YhbsWz3#J&rkwG{
z$U?5`h%dAEUm4Lw+V{m+Qvom1lIH#O@I~Xf>r+@vTN}_V`5LMcgQuO&FR_bwH?7@u
z-!YSUoqY~M7jyK=!jf1On5L4lh_#=59&^lk)1G4vb><D<aORl9m@f#&?q_XEv;>{`
zppSV&D)ba<K4`W1_<H1rk-fI|S7M*@#)rP^d-=9KCHxkBqUMQu;+HCn&=YxWH$Kt9
z{5vJY{(*M02~4puWPbez#<khQjOm{_e~9s^vs+mItiwlHOgumF_n0SQ)`;=m@5Imf
z{kv8N)}^ee#`jmfv@*s#abq>>u-N*IEv%U;F0q8X>Ez?Q{&)+1<q%_o(hw`M@dn~R
z^$b7YeC-oJHuLYM%ts$jS<`}ix3Ug8Bq?tha}}$6^dUL#N;9QF=~a&8i(WLZXYHPG
zDX4go!Uv}`;S*_kXoB(L>$B|j#?}>Cu}Z(ODlLQkbl`pYL2X-Z`-&Ei4YeIXe|_+0
z2ekUnV~&!<pTKiDjlmJ2{E6wI{7Gi0?fjvkrN!{M5*~|pQQ{zWnxQAe!{UWEK9L76
zI-dyrG=+7@iO?&*0cVLvOIc^sc^A@I;yk)^CZ_lh^zT?b`(fXjlo`a<FRhNDQyWX*
zTLZr?Z+-AKgK{pjc<b+4OFWFyR1xEHnZ;Y1C*rZq+a2)M2X9j?-uA8EEvJmQ6O|Ku
z|M+rNq65k+KKIRg%C%`QLJ{*3<|#pQt#E-6Wi4-V#pU>6@pYT<M)SCR$bt3ORp8Pf
z^EhHG(t;QAdkc1a3mBpb-KoG1Z)RNAJ$lw-gP%GMQ>6D`ilqZ(gKbRVD?EPgYWpO#
zwlq3AYLVuyy_jMa_sMhD0C{i0{;F=*cY6z%LbjuPeW*>e8*`>KP9m;G{X}Dp&aSCo
zywRGT{@;R~I@y|?<PUzZ_WqrdINF1|j^5}6Yn+I?I8ThR$YeY=qFdmZaMG>#>Hcu6
zjCIISLE=6w8^062j62Ji7GR#FnD;T*ciC6`Fu`K^c842N>zFTA3^S&zhR+(mQaH~}
z<DL9xy5G%M7nzl{*&Xka{dr@P{CQFO)QnN$x9!h+bY^$+gYc)7{Ub5@tbBR$<6(2-
zPkz%_rRUm16XRak*%;z$%ys4+ukl{*BC|?2Ya9%de+T8QMh2qm`;3A0jDfEVwegAn
zxoM3-`rt(RVh;T>mwqW9AF&=IzebyXO`OiphxYPh%}|>sDez=AzP;Huj=yj=zP;4S
zz~;Y0UgF7)fyR^v;K{3w?ujQaBY)i|>)sz6-Lw5By>qTtlIG8q(4IX0+kO*g{HLu3
zXAHRhupe@tJoYz`_W|0ix>wWg@6qnjU_OoEwvUSargNq?-a{KFI=c5R`X;P%F87L^
z8pD|F%6&KEUfEv;Ph)L6D4Oi&>A~3ZQyP85agByw+ex#PSobV1`wFOA>999f)KPa4
zGU}+R*sOfQ9VY4Lqf2G<Y0*>+9+JMjiypfCO}(L)zv>U7k2MkO?(vxV=#8!&wlVcV
z{7#C~R~s@J_kL?*3ag)d<(T@3&X?h=lDVUpj|^y%oz7#;VPa*)<_dgo#O_#ovdh7L
z6B+x0&*e4-SSy&wp1{kvI18Y<96K_R_;hS$zV7#uHo$(r60Ty?Ujkm5whrHJ)=VQd
z8`^99#!Uu!X0o21^8)enUe0#8Oy{%`kGj6+%!C(m9-V5PnQ+#_TBl(z74H&BbB+$;
zLR-%*h{!K>bgp~miG4<k=oEdE7-u#N47W{UKjDwLe--)^2k~QQoy+yAIlNl2NgJT`
zaxQ$0B^&UK4h_xB-@u;Dg~;X+WO06F_4HSvdmCvdvZk`vJ2YsugE8ZIcp8{9$>NFC
ze&TGB`BBb&GC%gmIkSm%o4}INC&U-w6V3B^cA@SAU=u&Qk{^60Wy{{H{n@l%cK$Dc
z?q*9)v@Jk8Q)rjup%}q(+Ll7QRKM=`La&c@seaZ@O0YpUwG)$T*-LatzrFz_5v^6~
zKX}W+eFxe9);){)>1FnKBR$xL%nFWr7hQ%uD=<9OL-;M_z9TC<ujsM5OkqUNCv1!;
zI*G-!@S%&{I%tRR+fMLv7uOBw`Xn$M_fKws$M;k&-25AC$&FyR-(X9=L;Rv*vQ^eW
z_LT__3ZDoQj^erd%*BX(v7Yv>HYQ=c<Z|}n-%-9?Vxki(Y|Qr_bM&5Xy{;ghi#Dzw
z><zpH58ZL+J$KH^{s{34e?Q}h5hbm@MKZsmd&|fc?3+6#_m}Sov=<yT7d=Y3Eyv77
zTE{*-oHNF(=UMi1Pxhi}Jx_$^X*?_lg%(xOuUZO2izf1WIMFiiR(PQ{aUMhPHEaQT
z*vwwM5%#k*>sf#GD{i&L<5|>6Ig(lJ*}XEm(~_AP>0(_+c-xg(J$}*IjE}C&0x2h#
z*=5k1_qEKC_y1$&$Slr<GVvGXU6wZT{>#&>d(MZMpEr5f$or=bv+lPM&(@Bvt-IN1
zS`#u>33s+%$o+LjQ#1D!g^VTC-$LwoH8FSlE)3=GofXPgJ6}VG<<l8S9Dg0}Ung&w
z_1&wqU?*jCQ7&gmy?7P-tZwC+#(!Z)H}9|5+n_u;v*IPL_XZgURt+*<3~65^`;XRh
zZ3Ht)7Zg`$^VWp7S;52PRs2aonsHM$eWPP=cwV|`23PY;x~O^z&NFT*)4RlS>z(3=
z+_^}9`q@`rmY$+(#D$LO@J<eL&g4yNi4DF$WnW_46qc_jv1O#{Rm`oGW)k+5G<l?X
z0G{lo{zLHMFubU(x^?<GF1P*S-Lno4eny{!2gF<U^5<K;+W}w1BfSG}9#E`+%1~J^
zIlQTLcq6|2ggghKMP;j=z1{)ABINUFm%dA(n^<A#@A^T;6*euSgJ%m*S?SY*UnH$;
zjckl~|7+UN*EXHZ_NYJZI?})Gi7>|Q=5qCz`;*!pAAC?B|1frC2=a32wa(js_ddoH
z(bfT<XJ)V;V;p<K93B3FL$Cbe74$p!9o3p@5&rrr$7ioK)w)xxsd7$Bnn`T!zA?S!
z*7Ye@cvt26pkdcAdo4iawhlY_TJ1L}SL>>pPitM(_SL6EtGG{IU+r6W1@r4aV^8*~
zKhw^CM=#9r(D#X6`pWvy=eD~J8AZ9YR$;Z<ndkSnmMpqXweH&=T|1ylI^Fl(_9S}O
zh+g)q*K)aXn*2AS_xmTI_kljo1CETmePq*D-(F|FCHeewQhQ6)-ah)HbjwI1o7`7+
zdUtD5{<$Z~ztE+z4==x-lsDPmbMaC7j)hC@a}N&*o6Z_wouj4x<6=h7b@q9H-)iYO
z5AcPYmENZ9?A2IdVI}te^G<U~%_EbsBXc8sJV|H!aps8ny2=;U`X%`!^ZU>3w%0JT
z$=_ex&MeLW$Y%b>d{On_@99&I6W=pS7{iRb2d?Vb%YaQ-#~A~{Sn8LW%Ny8MVJ-b8
z(|homP~<#hD%@}$?`BzJzvd5S@H=trE%~*#SpK+N(yhJD9#5a-_g9}YR;{}(q;(wn
zq1J$PCY2dn?&N!weOk&}4Ia=rmhXB(KOMt3xovcaaiTZ<Eu?>qdS18IjWq|hut)U8
zckTK$c24<z=n3u5Ja~-(rj+eZCqBxKBYV%maI95XyiUw=&bBNa$-2NO<dJ5{S^VsP
zpULe%#2%f)%x8Ddwmc(b*-_D~IaSsb>@x!w)Dt@xczkkG3HypBat2(9KeaJrX1&xp
zD7184rsi*>qWIKC{tM#_>v3tVJS$>-RD4ga>k;-YX^*7Ro6LumU-`a6zC7ZP@Rhf9
zTxjGgzbm)r;N4W@-;;0Yt()C^@~7>C_FmrEYw;`K+wtXv+k`<>CUfMjN0?jiKfax@
zP_+CimT3NG=>9G7tO?G>dW3I-ba)2`U*fDc$?Mtg5|?4|+}>wUP5CNIGLdX_{*U%x
z-j-BGBfg4LmGO&{l<|+^AAH&73t4q~#}2x(^}R&%SNnNBk>}U;^E{LG%;R|ua&!B1
z?(KG;uK$7Er>(O(pU!D2WFPfC>y9<A1CRNBl4x!t-$U?Uyts~ag5-Ap0zI9<`-&3g
zvVHvH-@f>R`^Wcz>Fx5fEZpb%%Qs=~7GGTwnLu6pm;)uJiPARhI~8`7-zN{<FbCFU
zruBW6UYE%^#c3usYp8zNTbk;m@e^06ymjQ&n5(kt`LAa_-kHR^s?I62S8}%czvY`!
zpPNsg!oHQx!!OI(rL%1Nws9Eo!GqWzpNjtw{@f2glX*0n_{Yy#JQ^MS*@sv|sN+n=
ziuV$eA0YO46Szft3xtDZb3|(eJkvX++eD1>&gb(uuL@r^coo^U6$~&J?PlH+fyRP`
z=Ath2wZLaC>g3sao|V4Nyor8M&|xmxz_U*JhMw#GP5Nyq`PF|5ZZH>3fLGOe7B&|R
z<+q)*+fugWi4M_oDYU?gc>Tz5oBSi{bK3jRNIKVE+>0D5eroq~@mIDPot$sNf0gqR
z@B5FX;e20gAMwmReeipfo2={mZnAa#`F}~;+kA9t(>`=z&sy8(F@b&{-O>2P*_Zm3
zrL(`lXd2Hu(eUOu-Oc4jp7pI8-(^Ny=>XOarW^4t_*44&paX@B7wj1h`flJ1tjCNt
zjdQ-=-a9YPSbJ0Qv!eDvFZ#P@?eTSgWe+-bz?Z#to^M2bW^x*PkMPjQ(VMlN-DjWh
zEbS9!{AA40_ZsA{zVQ(JOX0i+hrW)lbEX`&=<pYe_#@D_<&T37Z0A?>Nl#q5gy~xM
z^-s@g*7Q5R&D!&BqwUB;rZo@D`wVdx?1y5mwNYcAVks8be%+vZzl-~hZxidtc@qh2
zIQTrq8G-rxz7vYD{u<P}W5+eDXIS~iB0qe9oVg_5s@=E7Mla8$j1~5H&;H}+WavzY
z2B*#e=)-HIx5h~8S%&84Q6GBH!8w8KN4#nO$Okfajcg`Xo$r`3u1w_0^c(r9rjegA
z(8$m58*P5h4UcP_r3~2?wMRO;3R^0DbIX^G?}gX<yaS@_Bkj?}DJ`KVY?|EIt_({b
z|A;(PuV~5OTdQ`OQBg1Z$6VR{gf!Bt<bBjf*hhWzX8B;|uqJ2krIt<7UQS_64_A+F
zLh}!tGA>0o`#ZN(_Nriru}EjSoX44*_pt_cFvU8jG(W4D^NrA1cpl7}L>m4x?_DH6
zLB+7p(mH$r8nbW3ewfS;^=%l<eHJhtQ688hEBL}E4Yng=GfA(s6{Iaj&wQ-Q7+m=|
zw!X+;vKD&rkv6xY7a{hYms8FH3orPhHIx(faAqL<_ziiqkA4#6%3mg|y#u;c-Z_2B
zdzSJH;_+0!V&B_17h2^jX2@q4@p7IQFor)%+on-w-VEE<s<wdb=3C`1y)8Ce<=#Fm
zru2;AO$m?L^$<4EZfkn9Fp0h&kyh~=&r_G;;@48&dh1#L=d||7i#*%Nqc*<$$<xbg
zr6aE^QyqED>0e$s_)ygT4!^N6Szg+A(pO$zJB_@a%RV!CjY{Ijb+ldb()ST0FX88%
z$SZHCuhCdu8r$5b%<af5lq9pu;EDL|%FRE-Y(!=U@|I`CUPEs0p=&3T+d7q<B)2@y
z3rjG*G$zSz&xBsxn(oN1lsfk~vb*pMWjD`}U6m!f-u(y3c0+ypF2_Dd&f1S48<K24
zw1;8ZVdh@eT*VVPj6c-cbG^cjQ>p-ytABkCKBi~)?7@z<rht)&7ir}@57JDr#w*r2
zw6>>nHP><mKr8!ov}fX6Xsuu!sP%T<vo2DW%eu%}M%(Tm$?wlv7Hcs2{b}@=buO=u
zGY5T~?UG0skp%XA?*yZ1J$^#XOMZGTJmy>&rC)zDK0)4nopabbCTP4dtaFM|RUh?h
zJi8m2DXsska9axN9E|z91MwR6+ZzXTW*@QtyM22Hz3A(1ZIDe<TAzn8u!tCmT=C)(
zc;dt?Idd4*CEmLAz0Enz;_qN&!5qu7MHez|>%ZbjK4bZtopUxyhlA11V%{@?wHIgX
ze5iNqT>DO+vGX=(?40}I$Igys)=>X|-G|1noNugR+>3_5$Q{k0w!}D%iNq1!r!kQ@
zIE{yl*E*j~apxKjf5BNcvSErDQk;1MdfxFY;~~BpjfYB`b<iC@uAqIK!BOg*!NK~H
zutx{y+Xk|U12v7MhxAQ9@+9l(9~dip#yH+3>*#kFS9<W4MVC9ir9<E7==s#G@<n6%
zRc64ZeN=QdeOq!eSd-sDOt^3CxTbnAoW}o-bBzc-swT>9`s0;$eP2UX;*rjX`4iXM
z+t8~k(ZzUzJ}@eJ;D<K$(z)E&jWPX>gV6V1$WZB5Oz3W|C0*Y$cso4Cy}r8&<DyM_
z=zN9|7j9X6^~^{sdvUQx^Q%S^AM)LQ`j3glKYge1lRMv;{oU8!xeT19z5Xkg?Ot>D
z?Ki~EA37^G9RKsZk>P7b`or^f5hrmuX`bhO)9v4g?c#ar)RAjSE*-gsbs_8fiz|l>
zX_TJpKAXOAH{%$KV@(Tn27p;$odMA3o&m5O+Ss3%d<H<+6N+C*`zxR|js3UKYwe!|
zBOh4IzUF?<0Dwkeg*xVQ6{8LCP`X7+n0=$!l%@U0>%icZxicf|eec@JSQuarV+v;g
z6b~)lC7jM$d%O(XPTxQ741lvPvd@`y&jgUJ31_g6w~2WvV`EzMk;6xuvyJTE?j_#6
z9o(ced%XksKfwCmZuMFFd5?eMKKX2t{1X}4V`FSIIipZ=%lU-|dxTvYY2*1<R`=lf
z7jp70X!3yPUj^eU&8OF3*D}e^d8Lby>11TO3YpGFrs?ozG_n(aI*0|TMD9N3^;PUI
zg%^zzk>?G|e!FJ&(i>tcA5LF$_p;Gz7FI5dZD8Gg3-gi*$gpwJ=rv_Ip*Vco_#4hE
zu3TRjQGS)9GOC&XRb+DRI`Kj!$g^Zw`WnR;b$T0CvsSyiV4Hbh0&}G@#>c0X-%3w^
zMFy4d{S|b$XKs0)Y+>)*QoK+b-=+Q1`CsJ<OB{b@h0?HJbJgOPLXl+IucNLW*{=_s
zT=wWy8G6@O_D%UG%0787p6`eD9$@0ItUjf)GH!tX=fVG#@c%OSzYzX*LidJczg{zJ
z>B87t&doRrnLNJXtThI5=`vFrZzRpzydSyr##k56&%4N2Q(bJVVcpl#<DslMs!!=&
zed@>bsg?Apd(2_GUv>J_qfVcyTCaWYv+gV4Tn)w`>s$?k^k0P+eBUABqfbHaZYvFa
zs=_%}qrf>=qrg2^Be_p;W`(=gP`cgUe(2EyLh)(L^Cb&nGNV7^ERC(6-q<xC@mK1@
z_`K#<!0Vl?`%E{-G^8zE65Gh0RPDc0+*E>n=rP8C>*%BVQ(js<{r`+!Q%U;Cq+>#`
zQDqdeKE?Xci?WaP=wSipi5lR?RirzFj@HwU^-M8Qijm{o9xJxWzz^~!XJof39drt}
z^Ua<%aASPTT4D~-OUCDC(Ca4CobZFInfGn?O!$GvmwR?7JLhc1srjNM4_Zj0Gaos#
z!-#(YI&_AHi4UO;da|fHOx&>OS$s6Hu?~9lO!Q>2Ctg_F?|*4^-n!9iv_JaQVa5Tq
zXFq2k<1gs!AoeUfBl~RD)`L5a)I8xg0zXh}WzGe4)_IG>!mQGsY~@k<nb4I1FJ0P-
z-cM}mK<841&WtrcACo9(w$9Rxx6&ro?k)bm>hW87!6*%B4(}x&@!u`0BW9l+!~7?z
zxlac&$#7&MK6Jd7*rc-<)Go=)ZI_iFOsu-aSK$=#Rd!Z3v%fvgc3)46K7owX*LUZf
z*w^#$LnvK2b<L+t&FQt*roixZhIyv4J@?srzjY>o?7@EPx$Pg-nt*G|^T?aa8lWrp
zEyzJ~7w-*t{w#c5+gFF_Ctyd;w#7$3V(Tl4v0x9<?!25GtFyrI#%JnQGav6VKeK9e
zfsx)d3w|coss8iIcdavodeV5%3$-^noe6EpvAJq9cw(d4ns;>Bp1NVirZ8tGPls3P
zPn>xZuR!-TC%KMi_&%aKUq*5$;QJ!tJ!b}Wt)MR1qat*}H^kT&rhR_&!HqFZrJvT&
z#v<rmiGBslAq}a}BKufF9U<zNP5GQ17yly93n)`^KhOW$)%6djt+|184a5Vd&^I{0
zW@8Qgbvy4HDeGL)YfVk>f}Afrn|f=U{5O!laYGt5&)?Nf|4=z^k@g<qEH9_uzv&$s
z-9SG4a~m%ww(=)j#MyL(XwOh|Y$53t1H7TKI;M2s^0>-q<i3jkuc4!Le2+!-YwcCv
zjdN+)1z#1LxzbFvVpdhA%KI~Ef5Nypm-^rG4&!^=q4<xfe=c>uz?Cr1vg#j3`QISD
z_8LB4c|*)f=g{;h_YM5lx3ycBp6Ap*#QHw$A!m=bbb>fT>l~0&utefnogJ6X-pA3z
z8IECZLk5_4ESNr%wTyvHN4x{rZ{p=#dJktu+utp1yAJ!odUyt7d>!XcH2$<Ol7bBn
zgHt9kK5bx3h%QU9#^tvdmm3&&wlH2R?r$CPnPVEO8l!~~<#o@K4AVD~F=8>}lyG7I
z{O2RKIF<4Pk<>LQjAMB@DQgs0Bm81v7jWu=G~%!LedIwq{t7?ky*ZEhn{vU(kAYc)
zqmAz!Yo7KMBf>X1(T%LApK}6qp5&NqMr`y<GnVxU?DGgCp0&=%_v6FbKRdLva}D1b
zn#A+5Jl~6dYXk3^JWKXJQMkEtVyG=E$B5s?IPAZe?@2XzH`jrUrZFZrGbUdH{o|l}
zJT$9M)PY-$3^v+^KzlG}{F;)-ji!lLhGOS=vGd%|zQTy<JQzRUBnjyJGiXqGTUMOC
zxqy8t>@A*N52k7m9s&zdrseMpEc@M>tKiXv>&C6A_}2I}n>lahXH^w3-*-Zr@mpLF
z@^N+_et@0BIe!&j(hlTA-?Ds3gNgS`82;)M&Ij7hw@G&M{3+(1DPMx;OTW%hBw%a4
zYgPYQzFkNBT=muC*WCS7VPw?Os#qQUN0_>7+qN0LW#iU}o=$Jw>K*3L#!~daiXmd%
zsGV;azQ8!r0G4ZK&$PzTBGcEHf{aU`JwRDS(C#~D{2IxG@1Vj1zF)U3JR?~qXDW|m
zS-5=viTdQ{IOkpKZLB}kf6i!|qnM0`jQl$K(`~eC-}X@KwL)wa{q1%1MfP2>!G>Az
zQv37l)708o3TtPdWzO{w>kjN0=$IFZ?N@$uAX)BtR~oT^*8rzzy^nR(eRe&S)RVg{
z6q_)UdeXH<*IS3m&nC}0V(40twZ@FwNuNc`VCnDyu^q^;Z#_HkX&~c8%jK&gtq+|l
zqKqShIlGbc^?ylBk&JKV-9HYyL}%Rh)VW~$-^Z>i{D;`rw*N!y`ogcqd_(06EO@Ce
z9jX^Bv}gsoA=@mw+`&1<4eI;IG}wd1Z5?p&cq;u~=XjQa$))?Rkv|(;{t|iX8K<S&
z!sYdh(>~@S(rxLr^aDTgi$&;1D*BO!U9OCbTVwT^9PIfY6B{SeU#k7#wvrL4jf%@r
z`zmtj8&3OlZZ_Zci4={n+oX4XZ@4W8kM+(#$5JjZ@=f&22Y=9$5kB}Vnm$Q+V>q8w
z{(%-~)%iC2850Xkqpg6r#scyMnCmKDza0DBS0<rk{=c4>vX=6ueMRexcC7iKxnIV{
zehFK9EjITWZ12^qab1O9dQk5gKKl3DW_up;!z^KwGdTNguklwu`>ptT=00GZ4}A7p
zY&q+G_StWrf~Q*RSa+Sh7lZYkkL2vPvm~p(;@NMpDbCq%wB<1WiAVUWp8fV;)RD}m
zhq0lb#3r2X?6>F1m&}LoM{xGre#-o)&VKt>(RY%w-+sfpJN|!g_S<*9cKWm57DH>`
zuXOg?-IV=d&VH+z(*N0STb*+x?s?~Ev-`g>>3<#nHNUavMWdq&sbA}3y7xN2i?RC}
zul|vDnnQf+Y}uv$&p7>Soc$I=CYon`(6irCp!cIb`|TXc{3y<Tb7heS|NHZG{58*h
zd+E9lclO)QICJ`=KKt!O%9Ni$_~gT${pRxWKMx#j1_QldL<U*00?cpQ^eu$~W86)O
z_1{lCjLswS9yKF6+bt`5V8He@9q;QK#hI##U6;;BpwH6zOszAgN1wpwR6*>?Ent-z
ze0o`5Vjmk=U@?BV-x5<yJMxRzFB|6lYVy7f21uTBtG?-fk<5F~`_dWZCi6d)Yn4e{
z*mCB^Dsw*diH;ilWA~oJx8T4`%fV3LLgrlQwr@D>(3m{e>+8SNoZbXuYd^61b|GVm
zXjKf_OnhBo>N4;*m7mW(Ag%9lukTR^|FuJlu%?MmpJx`1O#cMm`G6<JK-Pw+e*rNt
z@^_Vkd0)#gR^6Y;cY@)e()&p3A81}ta6R#El$Fl6U3Ip>QeqOyShrUDKIN443Ce;G
zR$2IoKCAM6LwRq)M~mL8*w+J|RG#cSW0jA1!n#35eg*W(=c0AfI^@E+#;kj3kF5QD
zJ^4Cp8<+O~@pkU<QC4^Ue`W^cnFLVCl?0sxYRwF`)(eCvHbc;wfR~Ekt!e^p+eu>U
z#(E2gNubt*cpC*#v_BGUx0$iHT0u!$O9I>7AX=qVt+rbd*xgQuH{>=EFu(WbdFCNQ
z47%H2_xH!VX68KSIhXJGp6~5^&-WWWCjqaEPZk~fY}`ey|0Bqycd&+6@y&ROykm^Z
zEgcG*8*+aUdA%+#2PUQbuj1Ujj}JQS>{mt_g}PfI89{yk*hp*gnR5^4@{Np5vLI(C
zMFYTRfHCIea!-Kv7Vw-iikb#%ZduWE%BAZTqnpj)ed3r$HAlVgs=af=XuX$HuNdNC
zA2BwkfP)o0C+{CPZ>;;2xXZ$s{YJbnM8CIDj;*FPMBjpuXuR<HZR-5n1mV%(S$lF!
zz~XtV|J#Xss*GhhdbMO??!gelkZ<PbrL9Kf=#4IS^_WwmPlR0NoaWBP9DnEitLxCY
zu#?PF{G&#mjlnNb_3p#|^1!JnPyB9Vuzd&rQ~B@Q<tZ=%Pe{ftICBlQNYgss@Pdme
z#)k1R`sA!5P)tnqSAi94a%KnZYi+t2Q!ZmkG1}(pxxxPcbLIan`rja%8vUDwIS2b%
zAvW0>^C$H=oEMH)nU6NKR>lZpoc5_x7kn$M;Nz6@eYu|Jxr|hOce#x>%%&1@EZ4US
zCorVr2SM5WCH>97>*D;>C!GI+6}jxjp;J`Pc8#60CI6WxqMgfg%+99O<-qDS`o9EN
zJxlo(#;SUP)j!k5hrnup|AJKvTaliPp}xl8!*0I`9B51A3DUER`HxO(!OfR|7jrzb
zg?BX97T_V9xZtJd-IP1<(tp`}O~X6KJThunSV_-!V4`|mheizxCnEtT(WK<Ok@)Pj
zYfoyQyr^?;Xae!X$lIDxjU95{#(=#ZnXap+8PJ(ba9T7bpEcF}!!23HiZP5|cx=Z?
z$qbC<{R(pQsD29dlj+jS)E8Z{>!(Lw;;y4;gmT#D(WXNy^zNav?7lXg<s09?IoPwj
ztMdJnYi}R+5qpHaLp)Z?|4Z}|n*sjGnE^f19mhqCg}MRFr-HMo9n7bbwPU}xn*-&A
zx@+RdTKlj!NZv}OQyRa<I%(o(ZPdi!v}mNp^af)R9N#qZ3Om6!y`#HT4UAds&t&{g
z*<F;0cFG6(j>P;Oy6MbcV-TG6PA_e%zH68<s80(ftlvLV&w;hpVxiTK)+If9{c-wn
z=&{DHzGAtboo8|%k0$l89(<ASsm68@ed(MgKk<K7Qr}-cPT$FJelF2}SEB!998FK)
z=&i0i3#V?QuFmLtfV1v?7aZ*?BRZMBgpZH9)6NoHZg&$aBT;_=V-s#nOsbzn{adLs
z91aeSFC*HR7+=dU@Nw|KbT!OXpD(!0l#8j4-$#vL*9nbmNWzK3nYMq~Qwh8l+z(Qw
zcfXz(>xJO2?5Fa{l26)g;Q2+AiN7pGK3KrBSr(4lc=Vsxgf)kucqAN>%;ey;gH!XY
z`J_j08V24@Jo`p?n3p_K#mHATLT7Y-;<v`+3*diY$#q6U{R{_o4(?X5x9SYz7SWVB
zuAI5Ik6WHo>~d8%00-`u*6whpR0rYN{*&S7$Tl&`Ih&x|Yt`w64$yv)pLG;W`iXO`
zaXa+o=fKLc>y0&PZwDS-$Ow`*-a>xsf{$}2q2H3Jpq+2>JcDw<aR)HWL$2yTershe
zEy!;#kJnzzh@J#I8f9yPCO2ZEZDLIDo_;rD(0}20CU&d;K>jlm@{Z&i(X65KclOjF
z#;vtY1I7j1JHTfk;PXR&XuBX=eoyg2^*4wA#^^5VUM(?0thfxz;TwmcO&j6&-Ne3m
zMznY$u=0!ygs88WERs#UHA@~gMvu63d64^x#IJBoY`L`L{<^i*`Np2v4MsS4Q_H0b
zZfd<$wlafnqwV=i#n%nae+<@ixrr^?<=t9#VQ_=^Ro?UPV$Ovcs4t#o`|NU;M!9^r
zN7IQeo8Ojh`7BKOhJEjP?ZdX+pJ(J(`dWA)=dZt5Y5Od=ANh3EVRGu|tY7kt<Ns;H
z$OwPJyMoaxIZmvh5!mHMVxKz!o-m5D5YvjCxtDVg#a+O6D1eXhnZgI;0b<T)R;RMg
z*LaNQ3ZD5!JLi+t&CE-8M<ui2D{kdxXDy4QC(NQQ>x>NNBd2`*T+uA&e;NOU*A?V)
zv+?@aScO)6%31c^_(pJi4LC0R^n&Bl$2I0$#(K*qY9{TFizwhu;OYKr$vq6Nu4XKy
z$j348^IdSV)WbdN)InUmnmaDp7OrMT%em`w8?t#2Tb&DEOk<W29&h1lcJ$ly6HDM~
zYzVIEzvR;#aJ49bt2?;I8ACo_1-{-Sm~m(48Q?Im%P2x7dd>`&^iKkIipkx*Z0QUW
z`)Uk3s#)4NH|A=&rF&V!jP7OiGh)T!+m26FR<xDzv{-(9oUe?t{Uu+JjsScGOVv$=
zXB~9}_b7Fo^<QL_rA246{&rbb^ec&db0KBNvvH`dU=NLn?jdfq!}mI&@jpQ)3k7Vu
zaws6XveEt`y6vN!{~7oW{U`NbLf;h+87MKHccW7c++d$yDy~)>dO)tZ=~v;eAYKwH
zF~Sqxzw2Se!hMT(3p~MJ$PfCZr3QXh2DqeH63Ppf75ziGvBFnfIDI9s7G8_@>K?3f
zkIBj1V#_+eZPOkT{W;+Yd;X5ShxjY-{*35u`cpe@3l_=xsy+W-44M14nY(Gl;I{kL
z+;6b@cjT*0R-ZPk)1$vnw7+|TU_IErD@jj%jQ6GYG{O&#?j!b=;Qw$^|1+V57h3wT
z-FJ}pS}D``9~f!#F7$(S=n?%9z6-P`uSfR<7YjJ|DM0s4g-)hWUUw#PCp52|?-qTd
zBWu5xqn}AGO`(2@3H|j7&Sq44uEz8Ir1A8C3;9XonK%p_)cykIQkQ7IPVLiACF{44
z{kxB|TYIf+xS5GQ^?c|v7h`bXdRGFjD~7-|nYRvwWpUEj1<Q}qwO?#lzR!I}{Z^lX
zsr+q=Mh^B@k?8MEtG{Dqe2u9|GC6A~TYz%YOkr-FiM2V6wGkhEi!<dvz)KP2EE|gG
zWj=dDzAk#F5&b%Zti(Bu#iObf6Nr88r=3Q0TF#PcyOQ{C1M4LIJD+{$@ZTVQ$;tfp
z-%qmn@7EYVbmJ)h-NKpxpMIU!hM*^s2}C<Ada|@*#&B{+GN1kgK5r)Yv}nBe_XpsD
zWPAsvj{(!+_;<4Jmtc495ZL`Wfm8C85)8E#!0s474)Lecc~3ftVBQG)e#d(@%+sT<
zj4)O_!ZXX31$<5RgXrcK+LJG==2@SZr?c+rNAzM1Z4Flz0``vWO7R9{yE+GZnC31!
zL{HwawyV1>*b{g344cLXx12sq_Mz-f^{j*LPiT*rqwTXukAC9^ruDJpL)oV|d$wtr
z&$1N^wSB2Q!P2s2ffs61wgA@FI^UekZ=G$`L#Lg-r5iT@GyH7iTV&O1rEDejG=E|`
z^w;uS@~!Uw@P4hzZ>3DMpqhE9&zZnfdcrA*{p85Wj=YMzb2<J>wdVQ3ha2FZcHHyy
z==W{_U*J`a%zUo}r}XHW>?5lr7aGjp8Y^>=9xnJ4a5r8uotcNvgLHrD9H0&F2*y9o
zsPS`Or_3<gTLf2Vjoy<iYj6*<fO5eQ*w&iVE9E~pkIz%09GOvdjFa%ulx#Lj{v&Ce
zVWuN9Wgs(UA~R(nGi67PY#w3Vr&7M)wq?dPjrVNEQVEU}3-<I|e4-s=&X4^nt+puM
zkNj8(oQoNMrQ`~5$j>|ST`Oj+(C&G~%)!O_RYC&_km+SB@dH1}_pRKq5sgXz<AM!A
zc*WO&SBSX@_ilv`g`g4Fz*Cujy6UOURO;w?sp=)_6yY-zLw1NT?(N8%e?YGMK{P$Q
z;)Ab+Gw^FXmvifHQD1AWwd+c(UC+_A%Zh$_y|JQbl(Fp{c*>QFYpwJ9w|TC$q5pXY
z!L#lpTx(^n{{?;wfNNa|TyryD$uN_ubWe(V4-bC2s>G6Oq?4sb`;lEcsr!Q#(Pkrj
z(L<lELe}d46Z7l=X8FW&i(9yw86BWp@wcwPjw*R!D}5=}wBX=ga`z)4=I-jsZ+=7L
z#usnjWmmJ7SFxs7vbOVC<9Y1OE4Yi9bWTm50s0iqf0Bj#yiE9zPTdUN$>iNE+Q<eU
zCLlwP1Rvai7LPC9y7`n18|%)GZ1kKGZ`o{YYn^3md+G{f+k41!f;;g3Xe$0acg|lq
zcLi`?zk6)>>iO$$$prSYW#F$UU+wMYlI+~jGT(+@ExVq)$hpzOV{eF8lIwU4IdKfm
zJwwaZZ1B4#$_I73pSt)qRx1uoggnYA$YEwp$`dZyB$r^H8=3PdVy_e!$d2gyRhud2
zj$Ivh3hIchTX!1x<H663yLZuLC&%UI6<T(^d~9mw;1jAGeV_1={8X$sYVyhOTpzE;
z2PXBkB68IkeUs=rKzyt+VrVH(PBplFE%D62lX1izi#zrGj49QX(mb2*(R`yzh1c-@
zGH|4F^Yt47;9NO0ZxguR=s})mTn)s(SDfHO@KyO*2_I~_L(Wyo)VA@?xpBcydrAAg
ziFdt}HKy5d)jlEC_5|02RNJ10UlsS6g=h1@yPX!^*)e#(1>P-S9B;0%@h-yi5OA*q
z9#7uLSg}PbUvuX{?y{1naXH`4ysH_<HTXjTqdv|3Cj5VPBiG)<{H=LIvz`OChuIq%
ztMKDH;KjX^3BGqNJ0-qo*~uG1^zX%nDjHU~`Q#0<!B=w^yZYp5(w$GLstir{dsCY8
zT)wv|=yL&M+l735GiM&5)9xm}IR5$XlM9k|%4ws5-}r?E>cFR)v@eq0IUOGb+3B1z
z!C7tnk@EK`|K)d=MDCz{<s0*L64Md-ln0JgKwt70?}V=+vonu2@TOqdlN<b=Z&~=~
z#r6&T7+07<j)!FvH(W|vTDOuq8}0`mI2P_l!ZzIRNWguL;GUREXaB%F<b<qq;p56j
zCmp}rlM|IsWw|GfoLXtoZpt*Svl&YTHe!wK<F6c9r96o(%=ed!?*sm$zXiT1&$pL$
zO+LbRos(&;#OpNvQyG`&z5cJGUHMbDExSH0IY7RlL2%D--4M^{WE{ZAXgDSQ2K~y1
zHU=-v2M08sb&Tf~YdmSuotch)?t#7xqoZ#oW<+MZket5U-8Jx6^q~(C=ZKGZnD*x(
zboZ}d*C&2u-~&E~DL?d}5qTdSSGJ5cPkFqc(ukPo9%tvf{RIoqL!q1RqyI+Ft0RX(
zZr_BnAJ4JRTgLS5^rX=KSlXW$?I5?Jo-f7Uu5r<wan0Xke_QfNf<Jq?>)?k!i@%xd
z>16&ayOem_Z1`?B@X;QXUNVs}d=*|(&iP1?|EH^6>N?|3p}w9~@Xo0`8%ylciTFLK
ztV8QfnNwF~l8HAet`f9v2jj5MaK;99W3Qcp-_^x@<o_=pN&lJ4SErD(Ff~-QVR?1c
zhC0pzT4@uU4a<h3b<+CphOT#^haU#+9}t^N|COsx-@aKzeZd37b7HUSjH;Wv^0K2v
z&nxz4LYK~l9{Rvf;sui9-WPwL_Ujkj9#@?hHbuph@XeZL`C9dIw_^3!wB|J8C9D5s
z<bT}{o!GtC^^2<cD?jezyU>-fwfECmk4(b{72p5xocTQ;7vsm+1%1GG#=7HU@+`%=
zJLm1w9Cz<Eei4m!f6RGD-+5;?uRa7$)_GF<Leeir<u>aMZ2WXv<`OR9OE$O5?R{dg
z$NNMCoPoFQ$#i9H^@2NIa3}3lw?B<_dxp6<`2?k#zyB@ntRb@>xYURo!Ul62{YWnv
z2aX?tPkbi{W(~mXANc=8`6{|;ulk-N^6Pj`xk55_e{uZK*0gwGJh4wCpAnCdT#Gsr
zb_ELAAG^v8D-YCI)>d&k3u^2=ab99i;IG$z@bzG%m~}h%?A1BSM+Xmsrf2na5Z6QH
zik+|!TwA%QHr|HJC%L-?9F^Ri&v#ow#@P&v+K^F>?iK3oN0xt-+|8n0?BD1#&cC~8
z!+R!j-l;}S3B1*T>sP^{yu+gki)WqNSC70?3Z99#<ndc|KES?n1vsWLSva=L7uR{&
z+xWECSKSdmfKDzPD+b5vs|w>Y!D;W)!N`-~*?FEE3(t1Jzp~(!!mn!ZO!&r~lC9o>
zS&y8(B=w0(-k)vZSxR3QGN{Qj`No<&J070JXrq*Org7Ke0C=GI4F%ASt`jmXe7kN4
zzJ<WI?R+Avhi{bdEqkk%brHVhf^WIU;9C~7FFSfU_!ei}nKv7eH0*qLd@NloD|#Dk
zKLl>c7CaL?+cIgEU$RjTd()CVp$qJ1#$v6D<sZ<?f9b-BGOd?Y9;4hZS=hC7u0Ovk
zC&k^ObJi-?UhbewHEKH8qlz8zMX^4+8E5+s2l4pEUinA-5?b#<mi%naTgjR`&oJ6s
zv*U%m#F*PX*%f{UzSa+3+vn~+{MLO|zWMhObpNZ++%n?mEt*N5_g{G;yZWI0FSsJQ
zZz7t1P6EGYeA|eWjx@+al@e`5t`Q&IJ{n&C0)Eikq21^n-S^U2t8x@~Z=-t*v@#`H
zkq%v@d?7UYl|{G3OW}DI?N8WsM9*8nJNhruZ}{H4VxCD3+l~Dwxvfs__dLj$RKBsK
z(8@;+A5z@ozC6wlB@^xDe)FG^<@XVPR(H=1!&|=x{`_gtUC5EF4SnP>79V{`XZ-;@
z3>zBpfb3k+uGFAk?fjlLLacKoaYV8wb5D{xilWml_CbI#EXXCV+NfZy>MHKi{Ruxr
zZ0&D!1NTWQuyJ9JfAv1}fXTsr{PI6qD!bR0io)BF0~RorIX}h@hfF^SJjuT}H@uZ{
z$p$gjtlN_tz1NT2KY3=+?$a)eq#l{M-AA0ym@nAB(6xLuabm2yNWbA7)d}g0_>5rx
zzf3_+q5qWorGMl`SFz8Zga&OanbFt7e${w?JJDFtb4IY;jXv&YPm4cE)_iAddb9Y)
zI(OEbS;X@D7JNFHhn(%o-C79`ITt=rMw<=~DYbY=?icb9?d|FC5$*3ddt2~qli$p!
zY-?|So3TqiaCk{6d?cHX_HrG(WFq*N&Yn(ZPfv8EZMFHxM0CDf_BD5(uQgWm_XQ&}
zt}r6g+1H15YhUL^>u8r)yu<`OA?(CrjF-=1|CF$gWLvTG@)AF+|1Zl1_gZ7@@G993
zKY^Dho{#9h$w%;(ECnsFVE$d&cjP^l3;t2oU1fS-WzK#X#eR{zcWe4*&vO&G6awW1
zMvdM{g-;ao`&IC?(P)_4#`&de6_R&U9%ZlCXOZdAmH2F&3eMJXj=q-XI)|K^@E?*~
z?$}loZ$$Q$Rg7yYar-rv<mY;pmTkxOc>tVNdy38Dyzkg%K92@vVFwW&D^|=w*11=<
zjrm5+7RD?2NwTM6z3Tgt#P@FKuV5>hIn|Ys8iKcpPH3;|-5BqdVq0G0_E#(3RT(m)
z>cz-$ij(HLUTk&3UB&oBR<?5bYzuH6L*Jr%KH8A1L+<22KXuo*3#xl)GY-Fv$^MXP
z?0E{fZQ$;@WJ8mfx1tdP$RiEVqB!<|s~OV(HWAqg_TgjH&3UDB1{6-U?FauspXhIw
zzy0pH@srdJdq{fidDuoK@~K~ZXZ%F$d&tV$kQc%oRp-T3-^bbB;>pG~d^F~X7e%O3
zOMeB>iG%D-jlYbT!_q07`8`fwnww;m8{NV7F9AE&Ghm;2WCU(RKNKGQ_!Qgb`Z#lG
z<h)7eqmluRw-;Ur=-%zId6bj)iSSzcRJd*HHkr|XVl1+E{3Z>3WOE`0+|A?JV`<ns
z(y@1BVDHGZ&MNCpN4^H8qLt2><<2SgnPq+R(KE}3@(+&;PvXq-9`rrwPjB+<D*99&
zJ|{<!=J#Fv1~$6Wsz*!y@fy>*bpIZoqbz)mkU?waAbVJ4_#AP*_t3Qumh?Zy{y@GN
z*FP!y3E?8NwI=1KjXAUNcS>=k%!v?>s2qMT8`^GSE0?&;)O_$w`$chi{|y^*i2EeS
z{NsGCwCerH_oKnDL-532^hD`_bF60>)qYp%oY40+JW<x!l(Tqq<LcssFH-<tra6>{
z@MY4usC=0&{$BPI_u<R5hX3+qI>cQ$_*-=!{7t^db>#5g1fKp1J_<i;*Rxcfg?<)9
zR!OTipMNB$7(b?Z^j^Me$fF&|2X8jIjhe_mt<3Q=zlhsAXSb&ypy$15Yp#`U)n&;d
zSF%p?S+9Al8*#>NPQ)48JaX_32J7$x)<J7Mi?trkM{vQ2>C?;+HVw$+{^2g@*d6F2
z+Kav#SIq+cw<+K7%98$U&3zPl7js%i*^1RA{W=$5f9zSY30;u#mAtzWy<9rM4cBmv
z$30K+;f?OBz83ayn>$zwjj5HaHWQd}jvEe<16eq_kG-Ka8}7cVony?!Jl)LK!@Nf@
z|B>M73E-&_?i}&WX*tY8XUC<`hgtBdLyV=8Jz2~=I+@4qqk=_S7UhgDp6RMNFv@7p
zr))=wt42KQ&Qv2@G_vVhX!f2a_NM5e>rBOW%f|P^Iya9V#_u*xPWcA|*v7d#)kFK;
zX`CtZKL&pJTobF;vR7UtHniFo9}23iA-TW~-|XZ(vEwlM@K5L*XTPVj_XYfZ1X|n%
z-iJ6Vs{7Q4?D)V{laDUfN}OuZ9P9$oQN&;2-RE17nfg6Odwdf2_D2|D$q0|qZ;HqE
zOW+y0QFe4UW0#G?<R09$<c%-lE^c>vyl}!v*jv(!J^5!p%6xO8S23TKG-AylOZD)d
zi@Pggslj&n9c$h0V|><_;WZKFs<H+Aeu%c;113)**Z+Bp?9bUzZ$@x>ajmPSmwj23
z_4u_K=i?sl)@;{ft7SXSXCJm9SDE*mVEKR6Ll;a>u-2Q3Z)(^5bEhz06Mt0p<!pQ`
z0>1N!=M0UoaPr3`{f9lH@hQRg6525Zdq6Gop3FE_@~w3^$oTgmSHu~+GxrtTFFfcr
zw;E&Og)b392|lr>=d6{?Jw2Mu+&hTP$Naa+ZukUqZ`)kHfxAD|uQE2xyN9`Iom%<6
zg1$a87WVIJ#MpkEoHQ@7PYyn1?-OX)o`dX@Zt*tY^e$^Gc(1scbu=be@~VB#<|97S
zguVv$N4Y1vPcpFT$@aYy{*q4pmLmgGrCas}f{|3#^8hpr7+Lq#dILtJ{)2(3U*mb9
zhyFL^5L+e4If!iTS<uAvz!c;KWVgUI&=Rd#KhK~1cwoKO=QHyWT?Vh6xj-BG8_Cfk
z{fW5Jidk*VOL}LcCwHs%PbGM}n0)No18uBB44d=WoLgwjjXYnxn-~Jr5uMcYw#~i`
zLvdc`if2j|+^pEGL-zb;#p(25yK+U#SrhTL1?>5@#JQ??mTUrw5!HqaAsVQ8o36}e
zmy39!*q@rQ&9vcrthiopjaO_hVtxYiHvArZ(A#S407u(ErZ}bzZ_vM3?*|g^BbVs?
zt-Oy-Bz+$7<D9WHgRc?B;It)QG?O|3#xk36SaHQR74&HgGvPx#oENCP{mx<|rFtjr
zmB81WzHgvUwWYQ{0yf&C&FBVBUqk1eJYUrn3@-VCd2daI9rL!@V7|`#=O1U@l6xBy
za<6E;>dTKu=RK8-QUABY|9kk>eD?AELu?;C`0Uh|aF>{TMqdUlf{)hVfaneDAlW*?
zIJB0siQ2Hs66|ch@y!K&2Z6s}SH;)^m3M3q>~;@<-HC!7?Wk?RuADs#KV@&(xRFe!
zk1U=Q*-8K4Uf4w}@uAODuJc1jw$dD8%tv@=pqs}{?XR@xx5s@}cko;Mc0|;RTo9vv
z9_KZQc#WLF;?D%XlHJtv742F1CT3VVQ?gutruGf{Lwl%#yCK@k6-#YD!u{w#j_i*;
zc8~TO@i20FxMzS}_M8UxuV}$P@E?BM?wff*O|y8j_95*_ZWWzt1vU<SpJ~AfU4VU`
z%$JhKBzQD_IT%TS9`$+h0u@VqS3tX){jQX)jbBzy%)xjP*4e8^XKmy@xj7A<o(@mX
zfTw3tFU!h>BDqBQoTXpnSTG`Xy2H;IFY??Tmqi=dPvDqjUBRJ%`8G0-HSo=Smt94h
zSJL);`j|&wPM#9`4A9~Cy1NoY#uv|*%-RC4T$zAZtKbEn&*pzze16s-ykhWq2VO2<
zBp9MATQ=tONuuxIGGikTeO6lnHd(-=0GPZ)AKiKI-_6(rC%bA2m`f#RhW@Wi3oqyV
zXG&%5bSH*#Y^<%D`Ny3+zPJ;+2<LUTFy8{&zDu~k_ad#^fUD*{VlgAP1pXC1Q9Q+{
z@#z0(^63H-(bQitmPYD-pZYQW-=uH&paTnA?#YVI*ZhgM<;?#e`{8Y5j+iCuWL1xj
z!w12W2G+vClM2cr37&L_`i1bMGVV~n#QN7yz*qBqWJ>sGGG0oaIhVfb4-EG8GW}Sv
z_T*N-O1xL69|yj9*!hNoX9edcCh(M9u$LGylbL(U;+*lbN4hRA&p@t5M&QiE!jV$)
z@A?k9touNBC17(au+ce7jJ+vcH~_rMfp;(KtUVbRGa<DXevu09UDIh?9{H*fkxe)N
zFPuZ&I_mDGu5e+t>LTBoUSpe8m-QCCK<9`SdorsJ;wzxD0^vw0>(J}Y*($tU{ZB?@
zF5{?8jOj9dm$F`ZH^g@+QC>#5U-=)B_PAjAS74X-UILaLBV5J*1Mv49?%Zl@Ulxu+
zciOM!{bacAKtHM2Jv>}nQsafh|8C!~3D|;DPpchdX%o209v(x7>C!Xcu4j_7{XCPO
z1Tov@>78A`K5~Lx)&@`9@E7Cqh0JL;bW>}x3K(1?`zE~89A&o~qAhcWad`&y%zKl{
z%3YUBXGbr6PJCt4I%pg=yg%Lh>8c)d)lI-jzJ~cfKPTM1oHF*qwU2SuOWm(FVuz!@
zCh}iTba_+Puomx0cEE<%hTm2T`(1m%b>^y^6~L~eXAm#5lJIhL_h<34g0d)bxMVW$
z9>3t!tr6C}#dR!R?qZ*e1~2aeMr(jkCI2<1t9U2WH)`5q)<$^o2Js4CVmx>7Kk_3R
zc7n-<8(f!57uNhOy*vQ}@zmA8pdNlGIB5QY#Tp9+8G#827`#s%;RO6N;H=w?@Yycb
zN9(CRx>%n~`skwHqh<7~bH?HNy=$0$8?1ga1BX`Guz#I8nx_}oBhRN^!n_<FYS||k
z|G!d4yz|i$hu2vP68y6fpSWpByi>a07TK>7dh0HH{FC|TKX6Z>V>J2VSZB_1_Q(gT
z9@u)}xy9>kI_8~-zH*zZrU6|`ys_;Bn`U0aoZG-p?Y(4vEBXIex|wO|WyySY`IkSR
z&x*G?^s@)JzkrRb&B9;u@6n(1zasi^c&q#>#6OzBtB(GGX_5s@&OBLj&QgL!8;~Of
z1JSEN7)W<Wv+j1Z5Mvb`t34v#kM5Sj{%lOltx>#=^+D#_dizsGBzMUC-e4}qp@D=9
zfiDjK)mE|$VM1G8Pogc(+=v1+uPMPB99^XeU8UpD0C%Q_zqdEAS^1ks!naR=e~*HX
zoA7fld_4ud-xbb7_CXKe+;z<i;YAm|N(B~9kedLS>?4MGK5Hr5Fz{zPfIRUcF_B};
zUHIlc)4mrKO0oUj4rCeq&+=Tp$?LJn-HH9p;xn8Vp9{^8Rv8f^2ii{C<><9Nz!>@-
zJ{KC_#xu3sgd7ZRTlU`$*3*%JWlQ)OZT=Gc`y@-_te+b@&DMeRTQF#3y(PE&2DlIK
ztWEdtep(`5-#7f&V3<>TjI;g%zWuz@<~b$4fi+_diYk@w4&3d|L{9~ucM}^8*((qs
zpISM(w&H6E9^y@2Y$3(H$asto|M@-D`o;#Z9Nw(DyO@^`9BS44sB5}%&+>HwOaAvT
z$Ay+Ylp&oe`ZzwIE!acEOY&*^KE@t9Az0L9n1!5W?&(NN^vBp1@H@`?j~UaawE>4*
z#i*mrr*1U1Jw40VCjKRPm)s^%;s(X>FIa^i)HK0WeqODqOZ*<!DQ8V24~*c*9gYBb
z4AwLL^j`yqM&O`vH=vuh;U^;fVG6(7f!~Y#FM4877cbgugz>MQcP{64t1X*VPW1VC
zgEp&j&qT{+Rf;_VKck~It43@^ZQnN{8qXx`B0cb#UGSGHIfr$|v}o_Z`fo6%U5Rm*
zd9s@^G;Z_qu5^5CmG~c|^kMs$Hw9d(V=We-KTjcVTpe(d%`C=w7w?3>g*`>{*a{wh
z3;wj*V?=gk8STGjPES5l(tm(@YEydnlgz0eUiLV1ddIRaOo-m4IT^V_><hV;eW4ip
zf^by4(zY+)gLZ{&U)Y5|)@~0mXwd1S(3YjvTqj2VmA&ostuX?d{$At|Kl6xuI&coO
z$Qp<20f*4n8o^WH^<y8{_NTVQ{}#`V8TIHaqV<1d|JgKPHv7AbeO}6bzleSR4bFTn
zB({uwXGC^*&a<|)Ay39m3o736Ia-JF@db=!+4rW?Tt@!~j4_kCLuqph_c=tHi8+pa
zCo?*k|82`|AUEQmOy5SlDo3UlK0EZQ6F9B=#MXbDeY%Z)j8Dj8otRUb_zC_8etgFo
zk>j@TTz2oh?0xY${nmVcOMGJSrhgwJpTkkmxNPP+fjQ?e_gr8w5gK<gK8Gh*G)}at
z#q;EhOe5GnZDi@Rwq@55=ZSbZtaZe5U0m{Kc`Ik({0}Ji;1S!$U-#vOL!71ViB6so
zxe?owMZ2(py7=uM10C1{9RRmlJg#k>#QQ2?E+64z&VGJA2rX%&{Y=x?CfX=Fnio9I
zpv~U5U6ES+t+PgxH;#9HjqdXaFjee2<b#JSxdeRN#GSr<eBXM{QMu%~{1GF<n>a71
zMHcJk*%qGRpWH8+COq)Ebf55g;BX!A_!e-v7WiBPE?gY}UY71%irsP%d6IQTF8Ogk
zV|$GE+Zo5TR}_ZDyJYKJkG&6j=hk3OyztyKW1Z;S%(I`s-j@-b$ol7HVe4cJqC0Dd
zUmiPKd@;NFbkR|0nr-i!XxaOorA_tsmiy$hX3&?l4#Wm*0Y-}%zb!XDmU9B_c8oI4
zX{B6kHyv#^qxx0gu67rIPd?X#>U#c1rrc%8j1FInOqmhsz&7i<ocx5~pgA8Itd^Jo
z*oK<W4QE#m`Ub9ozQ+#UYvnBw-R}ek?ighh3MPfl7>RQ^jj<PgGHP1v(|hN>g`Gyv
z#HX`3dwk11@htt{%Ktm`pL>=1&)G><?8v>?Q8i~XWi$Wn-#KS>9Q|#a^)kPun~|3X
znadYA4?m4I=_<$qb;J(8pXa`x;!D9?e4=&GeDUM$#ARLxjoc4@>)z3iOr3w#kJld2
zdbHuwTlXP(LOg}?&zg2Sbfm@e=NZyt>)rL|OD-1PG$rIE;Y|~JFbdpfyS!Vy5hL<_
z>fBD9l{W+<!r#Yv_m_;-u?Gu3WDgE{<Apk(wC%x<Tlhi1q7{ZYh#y%;*D<?#G&bHr
z{K&EJV=6E{fbVswhjXpg(}>x;!z|^TYd`1LtLgVw^m`r8im(maHuu$5KZ|HL4}5X(
z@CbJ=j^ZKs(X0E{M{y>%x`X{185u9E-+Mv7XpQm|7GYOk@AfvgKno4-y33c&Src?g
zYds2Bk7CwCYgCYc-IgTS)hF)l<@3yW_tC^zL>I8%fo!68C-A&ynQg}l5o3Ede4r8g
zhSp`aD+|3RWh*jJ^K$sc*rc|!R>}SK@}BqK;S1CW0vDs@v~cm_BdcT!XxVIRJBXjw
z6`ZezT->qiObc6b5O#lK<jl41aUJK!*<0r#3w7V?Uh8rN*JeNu)-Ngwo5+U5G(R7^
zMt{#T*V>i%V#yaI174MZjHtc;;#^}zxyPuv1o-M~7QVSoazfG5I#<B25}UhlL_Qgd
zkz*t;bhEb#X=9beTeG4+r47+_V1ms)vrj(o1NeY;TRhd4Ww<XLJ&k%D*zB{lCiG#p
zmh^j1sGs}zWbYFN_@{`!FK16o=efqDb0lXh=u4ba=0pSZi{JD*(eGE_d+^z?A6~0*
zv0n1ujyi2A=e1*R_R^+csk`)}fMr4Mu{Q52^u7XYhK{W`Lw=n2EVQhiy=WHmDgKgj
zAi*DKV-mP>;6%=Fze?^5<SLadpiFIlM0qdkXsr?ROJRN!@DFyzv>bo7f+_Y~x6<cu
z<J&<S1yhc-saFA)0_>~S_~r-w8e7}DvlmrsZ2ZPnc64m7Yi#&Iygy`YTPRnqq8Rhc
zo(w<4pQZIfd;BjlhrTp&wBaWuI@EzJy3u2-u<)_|v~b1`jrhllxR;90iRi}|+L62^
zo~-i=7azUbMms8#{r67ieeih<_$+$1Gu64DnGyXhvAI?D?@k$OX#UXFd;dt;(7Qhc
z=ykGDN`7cV&L_TXZ6oq;47`?YB*d8j=i){9-sp~*br(v0hmFv}7V<SHR-IXS+w?Ya
z3`~NyxZ#Vflxqxkg}FDzJGTFp*>@vw{fw=4vj-W)3lC0#7pKCLN5h-PAft>$4|9h%
zE<1U{#(}R}_aS=D<9-c#S^Lw*wsOPRBbX^}(K()_#QDv=#q>1h?5i6I9r@vmfytx&
zs*8^Rz9z0fcWV9l3)}^Ty~uLYSf~A?%tFpm`^zqZereyJ1Kq_Q|HSvC^3zMlYZo4g
zra$?5VfdH7X}RTF;A4#Y1UCW~13%Yufwg2q%eUk%Bf^<<zt7;V5;PHB7L5tFD({%C
zGpO!az>2fKcepn!81?X9{ugHhBeh}YfU#lJ#{5`^Jzm!%s|&}_2EI;}3yp9N{$2;6
z4>4>JA^9D#Hf7d&XGJgK`%1>v#j{t4G0vLZV&X40CF9Z6UVO#+PIE^z@7v-hPD5{7
zw}N@Chi7y%#$s$z`Dd=k`B3qObpA}4#(N9@nS&*>+{9iP<P#ayIy>y0QgV!J(L2Q*
zsc^>&yLU<EF$1rDFtAGS?maxPUS&SzOd!UrMgP;_zsyl{t-_`h0k$UdeZ{?;@e<c_
z34XS~@J;I5?PW$Ed0+8DEZ?E1+N~^t-U`Oxuo=cixWHA@#o1aEIi?voMmFvk^9*v&
zL2X<Pzu&;xb*FZmUjTjUCjM#*^e|-vHdbt|b*GZgO>%^6I1|uUJCS*^k&#T==ecZ<
zCHz-g3phVs!Te&U5g#QnrUc#G76aDru$NWuhkLl&nPwEemiT`)V}Qn6b4ume3V!cD
zk2p5!lbn6~$CS!%qR5Aw-5~oqZHOO^;fyISKB`bQ_5xrvI?;xn?VM$uzeTsAFIOBG
zHLV9)r1vfYUhAlDQeSg^@2}k7<s5$sHXY4<_ZjZUP3Y3{2OC3sb2tx~Bb`w)KC~~z
zgbyH-D^JI6<|KaoDC?p6kDg_$*Ll#D_>Duit^PC)t@{<s(bzkxP=2%;$K$~1+QdB9
zj|vvPnOa(?`QAwUT+P+70rcP}D%tHHh&ir3<;38~I>EM~+(5bL=(opmwg=4Kln>J~
z<@d1d1^1IftL1}%bJ&M9LESk(u9?aAV#aLa_~SX#!0GO<4B~h@`iO($@11VH)4<#v
z-K?In;qW}KZ{R4NkJtQ|>znS1!ht$h#9A|8G5w=~RTG)Fv$mRR3igijChR--Vfyrq
z|AOi-ABs!pL4v((qJoJp0Taox;)%Z>Y0I-+$gx&`(2}k19UmV_w39VWdL8z03%}6Q
zUPadPjdax*g4Gy&S@26%Un3HIwSqV5>m~Yf`uGKXC<j$YI04@4O!aieITo3?*vP3q
z{jUS_)?k0={x4#J8!63e$@7zcdTy@bG0jG<ct-n-ee^qi>(183=Q)R^UOs$V@8$g`
zalgM3oUXGy&41&5#s!|Zk==LW2PK~5yU<nB!rt)pVmJE09`oCIHqI<az-M{VnD1fC
z5yl+z1ft57QAOYK*HzoCJp=Q!FG?xXzKF3WMxSIBDkl#55b{@M^xwe0gWy}%sOi&0
zt7Thy8rkj>Xb(0V%Py49{}^(VV^3L6?1p~+uTS_gaR*?}`c1Z+_aeOWQOhor8J+UY
zLA%fncaCKjf`-?YCE0~avF*h0Ptw}_n0bmvS-M7oCuy(jOvJ0<j>-zvdxUzjO|Bke
ztavIV*uIPLzis*a*|H<|&sI5WdOq-pavrejyU4rjC-Elk<VK$*=iSi0Dz-yk;0bzn
z9`xl&-cx^fB;Y?Y0e|Glqd0Ra?dwd*gr3B{<&NM}vnL3heQO*3TnYLu+gd04&ce+M
z?0NjYMDXYN4*Y03&w4!PBKE3r(%{~GC2w%=j^<9I_IvW)ZGoN+w|9fD4es5^;wh}D
z#?*iu`5%mP3Un|vK?gM^^ek&H%C}OqU2?hbBXf*R12dCo;4Wadp1s@wTz(F&uYspD
z{tkIk^qo0x6i=Z|FE}q7iJv;f?1vj)8<?j%S>^1Z(fkIFp6_^-y@1W7<ZHRP!ddYb
zt4-?n;aC4O`==NCgYbC4)`5AtBWKAjz<Emwb`|!g#ygF%XuXP|N0KA=o#Di9<ZcS<
zCVSCXa9sEA*D?1-WQa$RE!N;G>cnqci7o6+Y;kQoQ~bsjo(FhW@f+81&u1UJLGOi-
zOX_(xIni#u^{v<lmm=3)f_!%|a^4)|z1i4Y%CNtAESrlX3sgdLX6r5zvVi1(4D{?z
z@sn_5hCXCvr*5*`P=$>1G4-@x{{-&s;kW8VBwx^`?l<{qGeDbDTa8FB&+}QwJU(Oj
zi2sSF3O=$G?<KZ$4*w;G+hrNi4=5A;(faFNgk7E)jZrRtB&Us3ey8w}eq{1d8?yUJ
z=aYQz;iEQOe1@*ao3y3%h%$%&>3aMt?;dYGHYVDA+4@e4zG)s=b;F+yuezSkP@MpI
z_&Ia!vAL^m#;?oCU6lu|t|lhA@>EqFxnTS3o+S@2cc(O8jGyyY$XB(Nv&LsB{~hHI
zRDC~QJt6q;eHp3E&+xsKZzqS&CDgyK!3f{)A}`g*pp}>E;xEWcbwA_(ALXSY@3~-Y
zn%Inn<fU3fTSs#f{SA4ks(hc#O(Z?40(rK|@`Fo{j<n!An7dEw{S(d}q#r3pg<?8f
zO*@L&DBqPH_Fr<W7wKmCoI9!Ae%@PvJ|+A(kZ8k+3vm%`=>0r$U@4ZBek(SWzK6@X
zZj$S&06m4X+=n!#p}DSn^|nnlU-=>uxvsvnOnM~tR-T232OmR694^;-2;TPD99I`?
zuLd9HkPGB=@ZkR5#oLGGxT?+=-CTjb!@0q_OxEUeb6gRJem4C2Xnrf#h&{77b5VY)
z5qcMUkjCi8-(LBx{sf(}_p1@Ufbk3d>Fj}_xUV|w`_JUD`jD8;M{$L_mdFu(I^R(H
zDakp^pqUlYjhRETuDj!u&*DmQER*CsR@z@TL2s2KrkQ;txG87A_t-C&lDq16uF=h}
zQ~n|4Csy7ZzYln>1$M9U{T|<ITw|;pRo|!nTK3noE^<^Q_Sg5mAV<}D=J`L$QI)*E
zkS`pZw(;)s{jl(VCT5sBa4=zixDuSsLN`_ZljYBrL{_qoPIsAo_p#RZvDWW-?pv+A
zD3TM!LuG4wm$hmhk~5_R_>}=4KkzXtE8}Ir#mw+F%SI-Aw{U%OA~y=(|4?V&H{jVD
z`H9>pl}o`9o^ePHu4Hm|=JWl%WJ}9NM$K};Gncp`+1I!bU*Q9cL-f&KSrs=KM?r?!
ztU7wGdX3<y_<AFGAjBuCFE_%s!=wBeDV*yC+rja1oU^olHou8IziXLaF71Z;7H_`}
z-|MTYL-EE$eiH**T`zZA{Mdhsu>;0{XArny+vvZ?!@U9Wn^YmUMv$9Qk(Kt2aq^pd
z+sbdU02%wrtlZ`<_R?~2T6D)%Te-o>9ij3jPkp;l>)+5wd(2}T_AM({#2?siL-UG^
zLEjjdZ0Gy9hIS{Nh+GPcP44ulZTS!@&qf}$f!O3=QQHV(>KfWBe$W+<F^@KU#w1_o
zb5>Ex`zEj|@DQJuzBC`T`K1SECgt+TicWg)ZoiYiLv0`{2Yg<9hLFYbkk4D7w}*&x
zES`=0Vx1E;?KFzYG`=y+>1Zwzdu)3DnEW2#CiC9r(4wQcJ)lQg(_O$@xjlB!M-%YU
zdW&W#w@2yw16FR2<;Y9YOQe5PCh)e5b**Aur+^1HK@%_jaA2MCdNgCxxRd!B+&%vd
zZ9*&h75_nbXrkDal!ImtW6w(Dp}Bn=b4ZLaIS0+mKHV|0V)Iz}XPOv;a?j|FoJA*D
zmrw4t>EtUXh)(`D@@%-=|Lb`+ZoU}W3=jMt=h-lpa-YD?v!S@wE!Zq%yA&TNAy&n$
zJA;u`<f;s@M#O>cx9qt1mE8tTG+}pd<NnOh{1RIx80#~+|1Ozx!jY2g(`Yw2zeGot
zF>elcowK1?Rn$w(H^T36m+gM~nN1AH`=JBxq0?4Vz5qLW2{>4Aq~wuem$4@&W6kQ)
zfhF79GL7|D?NuLH(Nkz&a)7~Ha``R2Z{^qt&5CL9xI3$P0XW^peb+MfhwfN=p(`oq
zE^4oIedB5qoH6$-d6;vlt=xf&Dkj5~_Zsn;_-2S_-Fl@FS@a!OByXI3rr{m}r=LP=
zzr+}a!l8-!$#B?5EZk%`)c+mwY@Eng{$6=DUe)-HlV@W;&lZCV$}y1)Bc0bPZiDXg
zn-7-9yB_exL*SwA@(WkGp`(%yT&!a`_p=u2Y{8Rb-G@EiI$Q<4F7ae=_dY9%yfE*8
z+r3q|r1Q!3bG|sw#%jju|6j_p@d9oCEqOM6I&t_s8!d?#4C~%Gyvq6geA4e{`8}v>
zVe6%T=}V$T(wFpoD>9Y%#C<%|zWvEa(WU=?c{aYun%u^k|4;L5e2ww`z4L6$q0PTX
zo(*R$E(QL>-Q)Y;%(HQL_TQFg<IlwG{d?!xI7pkfv$m1}{?<Gj4lED-QLr2yFS9NV
zMq<QNX(OhJXnCbOYir=h1&{P{FTRra8CNgyK9Rz?a5-{sBXqeLzWg4~E}q~0vF>tI
z6F;Mx`jyn1LY$U5WZ~J|r!OWhjdFKiL(GhR_DL}`sS7?(Fls`x0snuH`AHAfdGagF
z@fmz0OwLig9`lJh?obx+jcueq&<VdF?_Y7JE6#n!I59=qxj)n10X^&E-S^ySTfgs4
zZSHXW`;4!klWaV~*_?}5Wv(C3=y3gIMs=sLZH-HLsQ=H5*IniDe|GueuQ!x$*s<j6
zksbX0=LX*f7j~;h@R^WL%78nqPrjPW)w*MSHae;H_RyHDM;8CK?Sb4Q*mTnS4nhMu
zXrtSGLww&RJ6==w(o^C;VvccW^l<Om`fz&muRnnICumWabt=H7r`WpKVv4XI77=f@
z7CU9FQBgm`sA!nsyV$5bt`1F1LD8iy{JuK5YnXr1ROAU_6arV)Hhk$_Njmh!lfqA7
z8@<BPCyemZJPTnj!>`AV<H$Yp4tNYX6>B<y^$*bh9sw4rW4euL72v_8%uhBZ`K3v2
zy@dagTPu)Rkn7i#@n7$4=l252DoT(y60u2(c{ZG`ZpnI#wT|%!?(e*Hc-0^IsJ*Gc
zTXUD5s`!a}@p(8x-8L((Ffnlw_6yZfJMc%VjW5xc{56uF4@X-vOzz!t2C4hYGx2#r
zmVYCy{{qX_p|P0I2ky>HRe9!-3%IA18I3;>jAsLvx6x%xY{QC~wM9A&vU~{L@gV+i
zabzrPC0RQu*Z&yrG%_ERD^{6u>+WX{O!XM+4c4lQ_`T^TA@da&?LN+NvrW#G+}2sD
z6^GbFUowGr7iB%XCtIG{RT~-HJ(SH&Ji7z>F%g{VVy&dpb%E3Cxf5o=wG7*}%b1GH
zjV?J0TWATkP{p127b|Y)7M^$U5lvA2*Z5swsD3(eIgYIA<o_+KOAViaWxBUGB<{;H
z-~l|h08g!j{I7SRZwYp$t3dujU9u@xSbC4~2DIR#*ksOKCmY)gqaa+8S7h1!+m`v_
zy{z-n9}f^q*?1$J_0Sl8O8<E$4z5LIN=L2ML$F1+JQH~7-qgB3vM!=CG47yviM3Vi
zO6!ZT4qjl09AvG5)@CVXS`Y7o!8pF1>kslfgEicLg0X%Q?@N~qr5LsI`3>Byb|nv}
zoico!^low=rN~{$ZTbfW+kA7BvEI+ST6gvFChIQU{OEuB%;&$xpmtS<^BW5{W`Y}O
zNw|>(ZW!oXU97#%B83~mE#ZcX_cV707ao86SX>aUw-NJN^U}HCaQ&V7|Ipu(A^qt-
zqTr}LwT9ERh87Nrz7EEAII_3|-$(o2;c3+QG9Tz+!oHmz4e;N_#kA-};NmI#fBntF
ztA5AlczjN{*vou{&%(ue@Q$%uu6x#v%)gbp-Wt<zwECav8{B(Nv_N~|1p4bpGp0_X
z?Cno4=-0YU0B<IM7jf{dAc+nXum%Mdo=qSo#vmPt<A+S%SBnm)Ty&tHJ*>6Pz&}f{
z^34p^WHH9&$nvWgV;6mKz7oyDX2#v^b^F2T-OOhWc&(htecS_Ef7bHVv#%k)G5EI8
z?d{V&bKM0k=6M0XqtJvD-tFbQ2LG!5SEz^Y3b;4H>U%!E5u!mqBQ|t04VsX^v)B+k
ziw(iEZrUG!Cd3jnCkD+)p37G5M!aRg3>`HAGwso#FbhFDHKzYA%pBTTdz^76?+=G|
zYJZ4!I&;q$LOWk$9?7)xB@1uUqRUG;OY|61hr<=|9^&&w%gCjTzdP$<`^e$Pfc-Sp
zDnFgyl1Zdvr|`R+Ix{VrWGJUFv0pQyerzvZuhD<*yNBUn8POjwuO4vZM*3dJNBhB{
z&EMg_Lz|bmiS@$&RQ5s&pD&7gV)0RMh&^yl3|>k+*Ee3|LyS3i)|$C1#!t24=)Sf4
zjBp)m8A`$Kg?u5oV&Ql@_T}_NpRQ6IDUDOU=3iezEGg=JW4ZXR5x$S-*fDC^Z<f96
z4%QofZpGD=-@Np!9B8~^H>e&yh{Sm{`*uRZ<BJx@u`jJNQ*|$4LUjl4Y2TWuMy>X4
z19F$vP<Kwybyr#SDDT8C&O9+#%e{SgR(5n9{wn&;2abOQj<UJoH^rXMiux$4BQCJ^
zw&Ey6th#B@Ov<t6uKNUB-b+2ry)-^BRlYO(F8lnrBx-9_qMgsHdnEhF(Q|+j;H3A)
zvxY;@0XQGA?(ryIN8<?Kn9n^4*;Dav$#Z@8|2VnYz2xe!Y^&IuP5fnVWAA&B%dxX;
zA2?LjXSmk9`v+oDSLnWvWNricuUG=W1Am)&l0OwkvXb|nsjAultiw|(0~;!d9{}C7
z@|J0xe@`2FPdw1TzkMVBb>B_x>fIFRd=<VR^2s^poq`QIdvNY*C!Z&Q!vTZydd`&s
z%V|ThZyGYMWZm>^`Nq#AZ$kZC`O8c8WxTcCggorTA0G;<f`ktt{4k*0Zup*Axne4b
z`3)Vke2U3eUDL|?V>1D-(yjbe1<b{q;2SU4E&zVcGZ()##)X<A<LF&xoTYJccxsPl
z1b%?zCp79CW(a@9hh-NIf#+qySN6EU=SA?L1zVoh_)6~RDHgfpWwkv=ZPRW>Lhe`F
zKJp%#w4HWXzGt=^mVAaITEm{jMlHV>R{&q9sQlAa*3CGbvJHu{yrg<BQ1(T!W{A%k
z;C@(OC-Sw<MVuHEo#4qj_`p+%u}@^|zFa##SSzq9pl`uv75VEL<-ZB<I+?nvBOkgR
z>ii47{I?U^GR9d(x@EIWkEYO$XrFvNG~dw|iO$MDUU|B*0$21V@^f)M(8?HYWejz+
zTS|Yz5A~;h)n^lZ)-SA|QNOTZ#+plw+B>MXpSE_C1Z$o_wzqH&f6MoYg{^nHpmoA4
zzwyvqukqY1U2ZegyTt#5|47AlVp#M0#5A>i_L9<6(Ou4NEd2}z*<*CG3Sw0rrp*|0
zsQkJyzKWQC#{EVde~X%Hq3OA2)~_xnwoqD+@6PM~ZB5SJ;*-znXU>N_M*mL60F7cD
zb<Zj*AfJv^(6kC{qWEU-De|N>_dxGTt+>?x_=sX_w~jTNH@VF@de3=hIq$?S3r39E
zbK`rFCFN_a`Tl}&Y3$DW;A2vgJP$LmuN*z|HE>t!qnN7y#=G_4uH;GS>|M;Q3H%n_
zC}2)%>rrUv9M*QnSniSYUWoVQlO-K7aNFGvKT|@C?3qUReZ^qBhrB}#MtCj0p7r+>
zuf31o;)mtXm^{{Y4t;W`xcM1$d-+~f-4l$%6ZfRtW5ipj_XFs%aAPgwvgNjKpu=2<
z4s!wi9JBD}I5zeWI`%_~xw_#GhshI;EXmpn7W)07fxj~UH8=6q7(N|(#`xED^Ls_2
zkDpUddutbap#_|A_LtV_D~Ua(XB|9~Z;tc)%R`<y<$BM@v!V1$^uxkW+7i9Lfc_nN
zkO3_q79MobjxiBpPm3Ngk6JIZVvxojo7Y3OdAm)IMHA(N{8idT*0ktMrrQ0c$FFvk
zU$6AI?GEOB0Y*n@cP?#de+;GFA>g3>b$r@={J5c_ImP6BydOD$Gg-z>Zg=@q!S`0c
zyELC8#F}>cQ2(MEnVQovyrKcyNxj8Sgo}FbL*8@fM)G?W9Ea=!;aReNGBie`+WQmj
zsc*$?vHZ~!^H$pj*~=3+lmG0vY@3e!e8fXPpbf3Pc&P6Gh2WpRymtBqpDU|RF?*#8
zw%`*s@!;LtS6AJ&;ZE)#`X&>H0GdDys(_Is2bjnK;z3=KgBJU)(D__0_X*#m4~O>)
zC+a2}dzf?kLiVcYg3hG7xK|xX$!-?E-${9wdtx(zSHt>WnW!fprK-K0BlCG?t`ROJ
zR_m*LJNw$tc~bJeuJho7$-7?05v{7U<O-cryi(=gpnWfy;$>_8nbA&bPaK113EXuB
z8mMy&o{eT7BO^3^fs8P)nb?LW5%bgtu8pNBzk;#0fdBZitTj(US2hgFC3^=cHz+sO
z@{Z*THZV(fvyUIk+_|sNf=%WTKB7m;0RjD7QNbOvMr>x@4E*XQKr8Vn9vE;%I5F)9
z?&)i=H}1vf_9=eD8=))EAI7J56z|ciymuM+d9w!^ku9{QjY)C^ekHZ($QF_{B=<S;
zMjB<#IG$k~_1u&CA#IzCLo~aD^L4dnj#VshUzGbx;YvQe&lnNO<MZJ;pJ*J^(Y>HG
ztd(*unCBCNlJ{fCb&{X;ZPJ&<ky(3JT(ncX&U(ggJ<FinIY(+_EJ0!ud@{KtQcj!o
zw4pOU_4Q@?J;*(&t36p;bBNc>{nv2d$dc{5M;q%Er#XeQNbv_N*17TN!{uWd`%L5T
z!{;?LT5-TboKKq6t>Ap}V8)SE{ouD~y6y{|dty%Wc_-#J6W4E#`U585obCeK@t5~p
zpg66r$RXBcmBm}KqM6{Dd}`%mtFbP?M_PA~vxphcPt4f@#^+^xe$!ar`>D=J%|7$Y
zrqy1?MlOXuFJsH$|0lGkv(rZGK0(Iz24mB`dyP%>BKO1z%@Y{k06w3$9Ua?Xp0HOK
zTl_;;q@S@px_1El%8Y(U8;`S3x}TmIL7(lbfbV)aV>L&6o72aX%LcY5ZDg>&ja&)c
zH*#+Z`ZHh}E3gY>oy|VCbSCB^oU71$f&aU-39Z8(cx*1a!#7`m>^_TpBKF;6y<d-w
zY`^-a?P=fVJ-*N3yB@o<`0QVPfB5L{Kk-{<W}2_~tLS7meLMaB+U_^{hffs`JrSq#
z5$)?V?%a$Bo5=HiKG2`)9^wI+=znU%hmE?FGleql$@mw{2y+lkEFt@zMIK`ex_obi
zPQc%U9688Jvwg0dTV%frfvbM($7=6#{YQ`SqhDF=)84V~7`K#Kb?T4S=|q04q}>4R
zmbtvM!P7$7!1JLeZs=Q%>L>MEdcxNVL#NP(@-@<DCw9=}J{7-?G4(Sh^rm1tcjMd3
zU8&XLb1CEM+o$j;K^`g}o!TeaIiGbk_*@KL_~4IuypO&Axuf>}vu%6-+}mw?e}jCC
zI?f2Y;W1a$qMJiow*AP~&3{TA-E%z2n&TiGTG<~V=HzEijJZ!VLG^?;$#WyV=PljP
zug|mP-)Hra7QK%3m8_GTuhlo*P#%Tnyern^%<eoRJpY=?_+I#&_(7xQ7c`!q#GJ+Z
zeb*5WmvJ?ccMspm>GQDHh@Ur>7~xDS=U!&CpBTnn?%*$OU1})q9{6qRO^#l1a2D}{
ztInD3$T^O@Bp&~@I>m_{J_euHv}Hn#Z3}ijhlWF^+shcgpRxOjhyk>6P0qAyLKeNd
zIx+sG*xf9hkny{j3wuA@#vHQ94TwBhv=aL->nMMp&$KnwYAYjpVWO>t;HLwNh2W6`
z3mkgapG_NWz#`j%MRxQ>U}4gS{O<QJBaVQFd+qdX$DU9Q!i?w(z+<3l>hu`*26q3<
zzNe+Q-uW4ityWBL?dxZWKdt8>-SL9nzd^g;+Z*|ziD5lob?=c?4a<WO{eD_?p_kpu
zI%kBi7gca~S+YX%8a?y{YxKa;H5!!ZE&8+Bwh7Co^xM1bGxyDW3kNhlt#uoB24goe
zR&q*fO*bCFe#V%ercbMUVAM3{PNV+E@Ez}Fyif34^<SWV0kH>6WTL!!a>t?9OV76P
zVq|3R*_=6X=T<UE0Wr)5Jgy>qW!H9lkTJK+I?|}Sd(W3hzKC|u8gbY}--)4HbWgT(
zValieFZ<E`=Wq@~*>Cr0AEpKNo-N;7#ecBpXyGl-U$&n|?`K@j80=WEuCV&H`diN(
zTk>zJPmQaWJe=wDOI#IX0DElv7(?$x*xi%H@oSCaG}ekT)m5F=M1P6{m^>cov-_y4
zacMq(fM+yd>y?c0$(^Dh>CxGOA#FXBXrtou#@zn5jrqZ0#(eAFFy@}bm`_fO`Nl*W
zXEWxZG)i%CrHd%WL<?u1o#^z!6|Loba9_Ib6zjf?FIq{=wB6{wvWqoW7EFg%S!d^Y
z?A7l<cbgZ5HoS-3{wv_&P1qF=!b7`mKjjJ+wmPTHAZ>=I8v~bbqdm318@gu_Pd&u{
z6KVT4-c@-uvhxA@vu&^G(Qk7ne*LDrX2nQZfy_RW=W0uLB(Puhx8iH%^z&u<(Qocd
zMa!4!Jl59z9GbZ3b;08Jes=7WBI3hit8qsK8|f1v#=Hjmi}qL}{b746T7%tyyAMSh
zp~qc}MSMhYwt9d`7reO9Iv?>x-$nlHM^2H9t9#%<=3Iu2-d}rX+|T`&;xhZLik;KP
z>?`7|P`Z!KuI^M^o+0lQ@?J0f`Ntqb^Q;sZ+N+!+F0)#;W%Qx27kO6ls`B}%&sm8+
z>yY;rLaXy?7stD}ccgL3F1=4O591%I4<3TXI5GRB4_-wa>Mmq}GUSi|AMH!&q+axN
z?lEFBvUO5(gk?ia-%Q<n*MzOTp6P)}*qdZukbNLaF^7Pg<`JWg@=-J}#-4@bnxl^7
zsvh|CPGlG(W8@WzQ}j*Qe^P=)l7UR(XorCP9~gJC-BoL+b=#Hjb=JCJOS9H31h3P&
z)s3*%O>&!bj7G+wb#q~#X#^f!*aZc1=_6Vz$@;3-M7?7C26`w{J*Q5ubWxta&sYjr
z6X_8<RVOhowcC)Gmm_aTw{z^g4a{?CVxC#d5&Sx4j>&c5by45_uDI_cqo4bi?WW1M
zVf2fZ4|n!oZn&ze7>m|+9QQM2H<pb=^sYGOs`)vx*qReuHPw7?<hy|T8*Q5!bJkS3
zYRXdU=QjPKDaQ|9$%c-dY8*cJ<EzEb^S9*mdi(*!4=f<(O2}nevCcOBh&Dzi+SpAS
z+}|CxjT4gExF@L%;<X)Q?{+^hGu~q5K+Ga`f)NemOLokt-u<&RIp*_CtNqth#Va}E
zlMSJp`FT&~Zm;6H^V_7ZY~NMH<ZBZxfrbS+%a;G&U|Xiu)?2?AY-<PpIfnKwGOdrc
zqQK<Mr)K#pQxr$3AP{w@q#_rmR;C#3Ti_AuBfWD)P6VEzGjjHF{}#q1y9ai{XaQ$s
z_BmLlHO2tXbv~)`RDR2+NHzl6?=N;`T4!aFEhL}nya^h+Ei~Tfzj?dP$}*#E<Jo)I
zQcd#PtihM#Cg#<RtvHXlH4<O{*!iVb@5T;0t@F{Nu+scGn9~+(e%@-WdDriq`JF?|
zxRg}I^kWRx{QkG+Rg{?5EzB#<nj83(dx721`Ja)f7owhgaKQIHF=X=~^!3;|+xRhb
zO`SQfaocm=!kSjGrZLu3HgL`R?>*-p&V#j<I#UbL7rxDNtiEi23oCB6@M<~b!YS=7
z;Z+xWSm*90{Go9Kz7f#ePl!RRJQR(0SG*v<8Tm$-9j>_HvCb_mTLiRlo%(a}p6)W6
zhVIPjtXX=388y+-gfnx%H#5)1@8#?jJ=b}?a(hUg-pP0+Zwbz`;FDSl@p|E*=<aYn
zHF{6&Y`19f%aQ$@dG5Q+P3$WpJQbRI4tZVWvnyR*bVoc?XZ$MbfM2yPpXC?7CRXOE
zHuhB;`-vP6md{5Q`-wYPS<1=hW#4EI>0H@>KYIDCeV0LblzmW+KBxV(oBHDUI-_%V
zzW2VF@d!37(NCL}xQ3x6hGn<0X^E@)65wOeTkH_sqt@hz#+qLW`YoON+lHkd+I08$
zvV`WVHEd!Hr7LZGV32laBxv^??El;057K`I+?jp#+#Q!~C%$`@{~Ffy5OXi^LH~$L
z{0d_#V2!ojhm!mV3MOk!v#V2}(<%?Krh=pV4E6vI`z$6S8sgoU=oN4VKi2E~%Brt6
zfwjhZ17p3q&c?L~j4>NrW9|CkOBSv*@_r+@wt#oULxnH(;LA(DJG`nffiI2Vi~7(Q
z<bPwbR$5EZ#u)fLxR&IVV9d^1X0evLlh#u3FnHchnc&fWaA3Xmlw$Ad*-TpwwB+>z
zS6#q4$t-N9*1l+$JzMe%W93}oLinwnd+77>={WSY*f6V4=f1wqZ?!JP|3O@4aJ3Hp
zR>gSgzT>Jv{%e0vzui2;_a6C>SSI*P!n^9x;gM(3my6HA1O2YFIjQv<$5)=ZC5Qc<
z(!{$?U2@y3TgCd{d3VM3TIhHVv_QI_1J?z>wF$Ta|90p^xCz+$J-HS=(cC(KO$RZ|
z<RdS9^}_$~2dnOd{%3TqTy0`|(AsVkZeeF?v*<rD1o-`{P3#NS>8^o_?ZeZ1aE~={
z{5iyHkH^QFzz=w^#m9sn!UfqU#K(jWFK@GbJ`S8jyc*`x>zP5$gWS|QPg=ETqvrB+
z=;oi9&voGUe(<CTyw_Y_qu(a*Z3{GQzh`3fFzYY>wkGht*p+MHy~-o_$!Q*XF1$Ys
zOazw*ZB`zz@%x|XKUBwEHCJ|2^mHOPE_y0?)WPwBeFGMbxANW^+OgW^ciFxH%MWq6
zWFX|D&#Y?_4pi(>4&y=puc7BF10LDm-JI!pINKWm?vBKUbOJGXMiD<9-IX|B1Kgi6
zPqOt>;$A)fH29`GE4l}_2zcKK-YCaJ1-MxTtgzvnqxjb<YrvkzUQKWNl>05G8tYp)
z!~HIE7e1S#Gn$D(5K%1B<aQJ*4?fYilzw6ZJAQAvyFad{joHAt47)dZbI18v1M>79
zm3Q)ZzS5n(^(Ab_z36eWZDV)Gww=B;729?ScH=tBzTLdqv27P&+rEbQe+9aGlW(lg
z!+soOY|^!s(4G}93%r{H-KcZr^wpm-h<E3z99(eZC(X43nyL9~?B`)e-DJ`334suF
ztno)id>=gNG}_(I93FLNZ2bdcWe-|o4NTNnGmdMApTSrUi{{A=pKGkIXRH~FReVqM
z&x%3hnGo1VPB-;;c<jVxbl5%W*S5zG#t|D+OpJ@|M&vMXzl}Df-=0NVWx%(Tu@wPd
z(acXiLo;)dXl71dH|yij%pBk`8+bVUPw)t8{jfzR!(<tD{tj?iYo|IcXlL=P3u<1$
z_NKamotyW1S@#(8@v`>FgHZ>5GmZnlsx%vZ$6M=jf#0>@jLr($#@lBFza=)b;D=vG
zx)ncxKHnZo+&TJuhr3oAfnV$>{B&1GxzjjH`#Q1EcNh_p#P#25!H;s<(jA)g#9Abe
zUu&W{d@?rYxNFizn_81klGfxk+LUkiZ6&fRW<+l#rbFGQuE?FxwHWIpShcd}D%`;%
zlH&sImbv&UeHGe1r~ZynXRseB=Z>Z|Mto?&zYQAaWf!r>zrkL=kUf6^dw&*u3BOQ}
zeFh=EFL>O+zRnqw*<1@9oPAo*e~9@_v1nncB?C-hy_@l;v}J%)ixy4+hu9NGWq@jA
z0PqhPAT=QaWaE#K9j)YDuY9uM^*1sm@tIP}ilK!?(82;};R5)58}v?mJ4738&_?ll
z$%QY!daPU++a8Qarqfu|b{RP)u+xN_u*vKg+tjy{{GJmi*L>Rh2iE_^!od^^2N&$b
zH-i7&*w^0uu654xhR#`jNFSWJSic+it>?ezxxU{>s<$Yq-W~jweM)2b%()C}R-v_E
z9j;`~k~hB}mmO%MC8wGnE!l1?Fv7EVW+JbmU$>)Y6qzH?uPy(BPRoBh+18MLlI^=D
z-OF6E<Pp7pcH({OJ=zFiGw_2O_=^Ng+6y5M!0YDl9R0%=I0ySqHT<`iHIi-Mbk0bs
zUOT7RpRfCbDSgYK2QBPLd@IRQmQro7XH!QI&jA{@o7~UKmsGq^^-e)tZQM$3O_Tca
zlkX*F+ZxVf0-_Vt?_+<dek%KGG<9aXQlkOhi+M(4^Wm(Gu{!n$FY}UJsTuq>c~@s6
z+`AoTUJ{Vc${g-FTJa5)Q!SOUYQ|jWa#i;slb3Ox<E^aRP|SaH-N4T&linaXSvCk;
zULK6o;P5v2@d<vr#&Xvp3I3@G_@l4&hs5hRi|jy;AZ~Q@;?9}zn`-^>IU}*9Ar}eP
z<%?Pk&JqXJk~I~-<tFIk{giD4o)y63CVuyMMn|hCzr-pZZRrha+u*t2+Y1bLQ%7YD
zz+7}*v8uhmsq(3yU+c%(w(mv0bo2q~q*`MKj>))U5SO=+xk(?8UGjBkP6s~XAnHde
zHk}q$oICEJ^w&{G{zzIA$#On?tg!RwOdVZjlZAtioj-Vg;c4p2M*XXU!e!gH0QvX1
z^gQ-1_H*?oJ<OcRhc=S!+a*7+?b{DqZO9kIwn@G9!Jtj;Xj|B|Kd-G>iMBL;?JcLR
z&55?0J1uJCH^l8x9l=g>x@GK<tOD$Ix|1Utpc%CB*bK^_-j1;`-1#YIHN@0#2b}Z4
zr!KJ12WQ`GpAYuvuFyC0!b>?HyzCaumGgd{(Kk3x&b>#}|K-r$V{`63YS)Q==UA9N
z^xuK$`&K{c(eo2<SeBTp1CK)HIxx$=S90Jg53=3}OV-o;H5Us8;J56~I(N;7Z)UKT
zl8fe}QwUEE5OaDcZgfoIUKjGVbj%gl5;fQRYvDJ<i|pa|PCnveoXM_;c?QqC((G{p
zj|<>S30}lGkoKwSX}v;;^D#3qr##>?+<I`v@=@}7ES+ty$A5kQ=y~l&`473RxY2zz
z_IjN6-&l{c66@i%`W5V4jMWY7Je;E&Va_m+4P4Ql$+iw1V2)`<uwTA(+G~m<Ew~ui
zHh%`}G$*58G4wK{7XYI!;MEI%sJol9)pOb3@c0+p=mH7;*GN0;1I`#6eK##y54}C~
z3i>W|2_J;H(A}_f9vk=Vdq+nW&jhz@SW4#BvzO>!`}Oq$+ONMt25=z@xS3A^7g#6N
zeGEMY-7|V8w!KntqpU3$NzWs14QH6xuy3g)M&<mBrK`m=bPswbw!D4t_D0>oLN2iH
z?U283Ov!Z4-utKU9(4PbMVx)A{*`AxzMA+K>r%)it#aXp;@n=9(YRW^BR`k{ebW6i
zBVL$7AG-U#iMTJ~tNQ(v_9;BQjW*P;;(6KUuXZ~(@_vv!6BUOB3dvj4FTQ*$-+EvF
z^^V}+;9b1D1Xzgv{Pq|=3*7B}_XYH4a$?_=TkuVb{*-uQ_FC99?V2%1I42nXu4wY!
z>p>Pihkd6zo-43FYwt-;<(?9DjEv|X!Iges{0{r_rAgfHK<4r#*=0(xNh*h|bH772
zndR_NmFW&w0qyA7$G}T_*)z;u?w$mlPVD96J|E`}OFwIK06e@>@*DWPcl41}*?Gt+
zcX=YdbYvA|IN5BvfpHu4L^mYEnXFSAWj&OMpKCm7Cli{YSo_)wE#UMw!09${TKL=s
zK6gB&eUcu%3?BlUZrXH0>(y`3Z+pG|JM_T)O`9I<{9Y10INcL|3i|xlf3)dAA+*Bo
z=lJybt9G5}r~B<a)Q?OzbPrj3yd_A?P#3WXjjhF_oBGg=E#K-4BYo=z^gpjBv)S^)
z!pGo?bX6SbEM2v0q^+y21n$BM?Txpf51Y`f6{9iTa5w+qJo$I0M=Rjt@|lr-7$2M6
z{1$a|S3~u**ZR?Owoq5PP9|d+)D>-AXDQF_Ah&8Q>wtq1y5h0>#ex4*qZRXL_;t}9
z81ZdOu6|B(^|M=`-HCgR2g%=l;HnYO(UBGp(z)4A&OMcnMR>Cpzw~<WT=UF>rizAY
zk6%xG*$nVF2E7&Cm`?785OQt^KB4=wcLN*glikZY$PIzbk?~jHFL4>~Nfva@z}5k`
z0{*kdv0-(buUrz2z2qQtDfzzKz%toNOvdU(UU!EFc3D0G51B8Q^rt0!1oq+|pz}z{
zI^D~DG^2ajJ$!yRgK_rnt&=R_3M<B{a<ATN#o;3-17nEonpxCl-L*}Rewi`KmtQ<%
zV3%U(7!R49CH-o*d)ZRjYnWlTUq1sL+`qS2?b<#NwvOtH{v&M*|FmA?X>YsLN3f{T
z>LV>WCeer9;|v2_afQEbeM@dCg9eszPteu}?RM}*<GEx|`@buER-*p-?1AC-o@vPw
z?0xhE`ICXS^Zfe<KJxdUKfFI#;yg11O)C>^w`c}>B5@J@ClITgb84%tQ;ixo`=|+d
zw&2vR9OUKkvI~TGzmj)3``oh$89K&XWhb1?`vLCt@a`TzI?V!PY2m;bdIuWU1+OA5
zQTvzq@29@=&hk$OrlwIQ885%$Wbll0Va^rdjp5(lWYZ6qVy69MQg|Ws<85Sw5IETO
z1EZ*wxY#;F{=FqP@Edv~-9xbiHBOz|4xOjTIN_@`vh$mEJ!qh8>dGCrCP(>2VtnVh
z%#_cQ9Y<MxrA6P~CtIg0`r$|1M;XTVPrUt@xlOd^_C)gB&Y5iG<ZemK<0GDFKfjAD
z;`7GvUx|7zGKS;wJp2SDW8#y$?or^j*E1rzBh$`5BHc<l^u|dAeZB185^!fK{6PN~
zvVNhl-e&ytBJhqCItTB-2cs+9I7f8uHgG_^UghigJ%F8LC-JSUxZAv6!uyKt((yof
zT=LXN+Gvrl67*2E;yd{-yRFu!6*;(xHWZ(23b=7GAKfp^7cPTK!l~JO=hNmy`m}Nj
z)0gG@!29xj=)^~DxHeqW8`{Qv+Gv6Y4(+cMe0KWMJL*rq@D+=0i{}tq+L|l&j*ZOq
zMxM>49Ru6SXyU*x#RouiQ+Itf60iAD;Ibpd*fW_nJKzVWQKtny@gjFjbic&Z-l1*b
zs>(9453~RSJu9Q_u4#8aTv<ZAp`a1&LypMfzKOrV2v>98B*=Y}+5FZXBfqhA-y}u)
zI5AMG+$qi6{n<L_o?u*anUc6~(#YET{6>v|tysFp0?s@dk#XAa(SL|BnCyLPEwHZ&
zFIeNib;p6z0@(`^Ycdp0Z-BEy;dDHHHi<nW`29Ks|2xL#!0=|^w*vSPFLlo@;8YL%
z-lh(87}>?>UkAL_0H-#dX{=d{Q{$b^H+}cF5ew{F{8qhl$PwKJTveZY@$;I1YZY)!
zovGMS-e?fG3YO%`-ctcwb*D#g<(^$%5Lg6&E9b@*T$|ip3$EB8_M|4@I+K39MRgC$
z?n69}z)ke^KJ7m6a$V#;`uH96^g}*7@D-Vzu{>vh@9K=^oVCzT-G#!Jr|%BVrSq6e
z75fbv=GHRS4jNfhOx=T-t8xTujY+Vo83L;>C2;L+ch;PN6r)D61?O(oou}p06})2H
zb$SU{XniHiitZm|PhQCxg8a92jv!gF``w~A_cX>?{z;Rk^%2KwUd5t2<EC_W#^PcO
zSF^stZKsZhGV%W7$tB`tE<QFt%ZO_HqHRrkMYE1QLsmcB8MvGrNHrn$t?u?pM-mOq
zKqu1pyBK>5WA{?G7=G8wf5~2nvVIG0l(&JS0eC~IYw6tC_^_nnOMy>vRX2001lRn!
zm!N*2J(`=&K|;(+eTZiWw_MPn=l2qO7+*}CwHHstSD7`tfZv9Johqrma7(;Y@BD;!
zkT;aSu(pzq>_#!y*QRM-sQs9=Mj26qy1Hla81=jHUrMFjHs<D(KdioKM|^bXId^hf
zqTS-D*4&vBZOxNh6QQl-@=jo)xf8qH%Il+ht{M+@+67njoiah^Y$?@hLo%<*G%u&T
zm2&vy(Rmdd5>1ys*|F#F1Iq^e;N#_K=)LL4bQ$RJBf{yxZYm$io08i#m&bs)1$)|8
zK6>GeiQXw#WP{`QYSzkMQL*xCk*gY+hj7Zlmr~XXx#tc4C0`FOPx7M=x_oazBLa1&
z80}g^*)AM8W7Ajb$xUH|H&lJPO0<_}&*iU3!-i5n_htCIXj0+gfmM=w{H#GGZJ78)
znf!O!lw2zw+QeC_o{OgH-cyu!XX7JQej)1(j!j`~)z^PLd>>=`US-wv`@CbC>lqug
zWE}H8Q|}t+r0n%^=hNPDU{cQ7lmU-y;P6aNeR~~vO6;I{Dg0l{+Fi_A3CEwUt=h1|
zHM)8M?_<BkcADBJzsh3TNuKY*X}0Wf7xS%WzCDt;epqPDw}JV#GUh{zq)!{+*Quj@
zdL6LeciDW_ZyxrGBwcNpZA&X)yk1~ZImzRf55DFipBSBMM}Y};<W$Wq0$hrD*1~*L
zN8j>6veudR1vAmNBCmb7WG3^{dcTK$A4i}4ztp{Ze3bQ>|9#&x9OjS!AtwmvB%tji
zfQoWRT5Tr5wjtmFq_uV1Ccw6xWbhDAHMW=p?6V0IETdQ}bT<KOpUh}1wqQwj`#`ka
z2BNKKYY*F961Clgh!{L23eE5Rxo7S$L{PU+`@Ht~V_q|J-{0f)y}sA?I(@H8XUOw>
z7c!nWy*cxkE;=>>@vFyP>+z}|^<8Q8h3^l2v@s5Jy`ffg9Iw+}8*tRvc7k8V(t>av
zdT+1Aw{uSt{^S(xBBwwCCf6N5Vd<76<6Xvh1*gyOOnl(==t0lM2cEVTh4HnRo>+_3
z@<;#942usu*WxXW$PJ19K8J4c{rJFtOq5%|82sc!XoDvgUTQo+!ze0aOzhE^bbTXB
zPVLLLu1#l8W>|Z2ktIi%v91XTIRZYx+D{LE;xswpP54LcDYYM*U=(TYZ(Ows{7Ax$
zCF3J==yNx;L;F<pH9*b*-LV1(YO26J;dO#GVPkU-5Ql!%Vf>avUxKU!{8_CJyGA{E
zD1{e4BDU}vp4mLsSHKI6VK?U+=Y4G(V|fEQC|*W%+4b(oZq~o1g#Dua6w@M^w-mpa
zpLaTM$(T;tFE4&7zDB#MlJpq6XGGROANIg|uV!u+CiaUnu?9yOm(HvkXzR53bDpi4
zuq1yia}X|n9XUIGCT7H>JGSBZ2Joy%%wZ4k(;UXiFycS=;}a;jT%Ul8`drPO*W3hL
z?guW7z@-Y@ZUi<>;J)T(?P+*#l~<oGVstIxIp-Ao@aZr*6F)4Ugw{K69r`R|7M!=j
z54R-vVdX;Bn97pIB!2i^@)g`dS>kUDu7ytPj`>>3)HBBW7^B-7SB6FNwYQ7aHf`zM
zHSoovRdw)h;IhRti?#&e<D#V>hCfa}jX%b>GaNhve=JxCPH|rKz4)xXbBY#Z#H8P}
zd74X^i{QFy(54HF7o5?vt9UlDL~)zbu>ohG`^<!nX0czg*?ZHXC!ZP@QQT%^w1SFp
z#(e2xayh4oO;=FHwev>ikN;6k9(rH&M>Xj9;kUBbbDyJ)YiaAVwD}p@UWGp48t%AF
zh%7%kl1(gunpWheHzpXw56OxtcMZG-=k(d@?Syt}{eCwwuJel1;Piqp>$j8nY8+wc
z0(U72vf+!RBYK9i@(GkZTm8(VA0q@GIa@N}bj#ir*M()E3rjDkgn!hzuV=4P7vI1T
zIW|^ZOU%>HS$L2YoB1KedNX7F^^~E-8jJ4tKSEog4dQ1t4lixA-dQ*#K6S)FoLY-d
z&5Dgrw7rINr1cMrx#y&qFY&PzjgBod_6yqkGUJh~t1+f>Z&~fW2`mIhor~a0n*4_~
ze-G=@=Uh-Q!_4%40bEkqBb0rIcY^6g+CwQG+rc}*VG-{P?)>iHc`o-+aw?5z{61%T
z!KIUp+RJGlfBhP@y#rsJx6uo#of^t(@7nF0muTl(JTIf|Y}!#gKkY5;{{_|@rp2yB
z_c?n0tTiGV(9yolcWn?nWq(;ZmT9SxS&Zqf&|j=If^R_|LyS1S@mJZ}hn+}wti0UG
zLSJ%o3buyT*e5pVo)x%o6ZNcfY&qu`V_C<4!S>I05NBWKTjKdwtml~pJv>*N>}%^@
zRyA|b9jsl9NpoGqf8k1A0%rXKI{UNV7x%SK@h8|K9q9ExJMn;Mi}tDRoakG$Bff7l
zEV)rUVf=q~OnNAdNB`|HeKIkou;9dg{)g9+<El=NNp6bQpLQBeSgd;5|CG1wwU&LB
zJCZ7I>739t<w6h39L7S;_Z{Lw>x|QT&AFZVN{6a<uP420fX;v4g2gHOtLCl#Z2RM~
zSK_>ja7EA4t?^{U=2+u7{SKqbs1Mx{lC1SR`qEyC<5*Tfn7)LoZ}D6>)|xnTGnNZy
zCHtLz?<Nk9%$Uln?@5V1ll_H*4&yb~&*Qdc+h%<uXQG`G!+_pZlM`d$7mgp!nf9II
z%8jvnefRd}lb?Ei^PTI4E+8+)4?OiNw?rpzpGv&1gUIO1cz*-$BX`~~bdcxXMN_wz
ze{$+}@x!gaxp`7bSae(ebNMe{0pe>$t~be-(OGQe%Lso!zKl-h^gqd$(Z(3X<CX#6
zvH3C{qb>PH?|?Q{{T2B#{$;{@b0BCfE7{K>V5zgL=*c+#CEMlynY$-im)8?^`DWU|
z{%-My!qw!m_l_ysK-pX?Cx+81FCJ64cQ(G#MP7_Ha<xKxp0)7$XAVopyOY>kj5YH4
zua3$h&)Ru0zGU%I+}q?`kofLx*xKFz4;Fw2dw^#a>n)h}p;LZOUX1m>-o6eTSXR4k
zsQKZ{?VHzUZ6BK#BRnr_du3)kFUHlZ!TaXLIJxA$^7Wb9k*f}k=EjIR24^R7V_c^C
z=$tgp{6ubyKft@3i6<7E;(No0e2uwj4L*JBy?PLpL8tMaoEfu{@nz@#JZHw#GvG_|
zdMD@1(EbY{8@&SD=K^=>O0Qr4^!9dOJE`{ip{vN7v5U2MynV`cgY_6Nz2SAd{}%73
z*4{WY!1K8uGq#788rzkhM*A-{HPzaGcD|a&*niFJzk5vbX(aaFqaTn@qn8-f|C4+g
zr|my{lWm-j<LvwMWy;+yp94Fe#;4f}zr{|bd>Y{&mPTXDU%cr&ba?IHNo>8x!jq%U
zP1`mB5BVYWaJEaPd6o4Xn^z+j821C;eBiru{Q+V%ed>8vZPm~tw3{FGZubCJf1YRi
zG;p2$v&+h}!TGo*gY$szO<#%U+2Gx4cAkxIiSOjyVczNNem{OsFpv&f^1E_qWVsFE
z_hIMa?lbq~hKCtj5o0qN8ZJezG5iz8HG?tfKD1~3@3)sT-hA>Rl<mmb?mB<QcC~}8
zz-l9tw(NH7`sg-B^KvYwd>DJsx6_Q_rTnf&k8sAk9P}f&d;z#Dq@T9CW^Dfsao!&w
zF9-Ko_DaSVuJ$8e5Xay>c{#>A<9RtYAumOVy%QpC$dPRHCX-Ij&9MXd>_<1x*dFA}
z*@WCB+DUGXAv-sRp1Ym(%FQt(orlYL_PiYP;AcnH#`AKh%{ACcUt&$h=H;kFPu;gR
zP}D_UjwdMRqs_zjIIP?pjfvbG(&@DE&ecHtTl5wG4sFq#_VDa`_mrNNn`7racSXnK
z=7>r5mJYp@Ik5+KXRv>yXGAU^&CL;|tyymLe9%PA+s+#zS>&|b92PBPt)YcBJsi!?
z0ZnX7%FprkxcBDgXdF00eh$`mF6+A#dcCPVXZtd6VIAX0AwP$HD@Vt-Yv&AoO|m6?
z{%>e^KXAC4|H(NzvcSVee9s>dtQhBQsmy16e5|MC={N!(j}H*K&C~L9ET=t-HnUDs
zti8kC#G|6kXTS3^>eKic^Y5Og<C~Xo9w4LtkMnf=rD3I=r(+GU`+MZ+SWdgi`6>R^
zc{&!*zQv<5m-+k_Uj9AvbW9rqr-#9n^Vl;Vl&8Zp1`dCVJRRrLrt%VGI}ODy9d@C!
zlAnd`KcRb2_WdXO-jm;%G2r4p#x!!Cxa5mZOd*523@;LE*magX9bWqR`u~DF9o-jy
zaGs7`%;WEsr{e%^|226!{?&QrJROys&5}hA?mzK>{reY5zkkMW$#`+Tko!yYFT1+_
z+d8IO@hcHs-pM=hj6Zorbm`1KZqss0tXP|}`QxuP(8;-X`)32uD0jk|&@1_&jc(52
z)AHDyEV(bsnK^*JTKA79xw`kmuSm|0$DGNEeT6moYw~n_it+xf^K`7HP3;GrU-FCM
z93HbTPWeaKK8Es<L?(*f@e%w<Pmb)7-+{dr{|Nlgbf5n3nWtka@YEb!le5FO?=+%$
ztT#47YtOpavx>=8h5wm!Z0=O)V6tP2$cJ>CxVnGqJRPaP^LEY^!Sk=p(_zCh&4OiI
ze)OD2UJh_jcao*|$Tywc#inE6n);?~C8jfs4lMSw`I1pj$)Vy$-MNb4V-9%cH*CZ1
z-tD7~Ie){pT;zMbca1|Q&a*Y(s6ng^tB!#`5zptEj_^Tb!a1gk+<qzD;=e=ihS$?h
zyZl;^L$GbFx`6Uicy^IFCA<P&=2w}4!h5l|S2!kzj&m2lfM4=CrViAzUjh>XMa$7~
z`;7Rz5@hvzX{*PX#{QUuEyUPeniVLVoe?O64?R?2I75|`;ogSTUkSQ9$*Q`CP-VKi
z3z&!Q8stV={-CjY7<UEpIY6H-#^vU{w`xscotYP^<XI{C#r0nL%Om&|l$ow>-TyMu
z;`MD9c$oXxcY@ViK5pi{7M^sue6Z-FnD&;k4sO%UJ&%-dfz@Wpz%pPphxeO+-#qj@
z;_*Vfe-v0=Pwwbfb)U?fG++S3W6b^8lNE(EgB687M_Nd5c@0^j#hfyraSsC9`7c%!
z{;=w%!YLDsL&c7%p<I<=?`i!4^^My!|AVxz`N&2WU>tg8&q?F&0=`Ru0k)t4_reX^
zmhxY7z;+n+&^NsJA;pxh0A6{tFMLaGBU!%ny8;$%RGi^+YfsmKsLt5<M2eN=TW>_+
zp@$W#D5yNH2ja1j<R|$0M~z|WuKJMiT)*D3(r>ilUmcHE)c0xRsM$v3N#H1(b>t=K
zI^+I_$ZK2jmX8OA(qlunLenXC%Zsw{ogTADJdfV3<6RJ2Q!wFonF}4zc~Cfz<P&)9
zRO|`ycyoUFQKVtVBStjvlO1nYKI4of*~N9f1Wexx*qUk{1@@J*0>hn>BVW#qJg+e^
zX3OSy?Mmzlr|wQ*qo_&229R9-7nBb$PsNt0AXhy5<+S(vcwfo;S44N|M`sg#?aKS(
zd6B)mL$>T-oC|vem(N{n>4#>e#%=S5*2Hb|4SIL!MUh$9-d^~!WLqQhk+pw`-$O?x
zSGzk@=JG|6htwvz3q5nQuf5SgbneNxUwjFE?;FhUw&+caiTAYoY~I%V$hWD}${3$w
zjG9ZQ#>)3TzV%#jspDrfavc3??S6Lz_&=4fr`|XfJ}e!3Oa^wDOx7aHva4z>6pKZ5
zk((?ZO_wjRCaX_h6UC?2nrK{|&<y!3t>Zqd^<QiAMsB2!=WXbS^=t=l;~wYKk6_Px
zNzeH&dtsP0*WE(dwpGroy?w9hsO${Nw&6>ldwbYh2XvQ9cAa^w*>kj^^6amovT4R*
z7ceu~UoOK8qpvRV4VpE%(}>-Zv`!nc<LmU*#5#3qU0*&g;y_=#j&)j1dvD#Yy=Fvy
zLK%FzYMz0v{y5RsYR#+Ft2;|p-#b+Q#I%TfDm0b`_4U1rA{Vee_^V^vzGzYMb3f0y
zk6*KnxTJdCtMV^9BHyF_PT(P%S|zsU9rz;L&ii7+LCPn5%IL>9Z)QX`j$YOWJ40l;
z^OTKafEax5wQ*#{W`H+OB*td<wK4I(M7VT$N~A9Ff3^N!Ju8B(_tf0_rbWJ%T>p*n
zky{e~8&v)cX9PXCRi66fK+2LX*ZNQUTk={z9{DQ&+a?8yG~com|KeUfKQTVCI{w^R
zbJ-VM`1DcdwY<B{$bXTi=?V0domPzQteA<9Lp`xwySS$)pVwS)M*5;B@pBB)?hfE1
zIV+Fxil+XO`d!>R4ASO*z%P7__ix`hHzMAZHii#Ot?&5yZ1zT~JFM7Kxtuq5t_|dK
z|2UKaU9Q#IICBbQ<9Z5tO3%x|y|~RQJN5+a$A3>N_*dQ!u-_Uqub(+1bLd03uJvnW
zKE|^?Yu)6#^Qhz0nmuxsHGAwv`3{29#B5hAy=RGoot=P{_JGbF&HaHt5v!a&=yzA%
z_ohc=E0RuBd%$0{x={F^*QfKm{@$l+z&mjH`d3C)30HwLF)BYExtn=t-|jd?Q=iSN
zcSr8x`PuR)h}J?!th-n?o`RpR5w*&ir*QM;q<NkVH*aO0vU3F(i&6ja(Yk9tMBOhZ
zVAS_A{#?N5pMcSMtbt?@@h>JH!O)^(;El@MMH$h-Z}*?Fdv~sm)5ZwT?E7zTa{s`-
z|0cV(Y~5-n5C6lKznC?Otzpe~ZbsxqY+JG!9=OoTt+QKpunojtP(M$w_w--CiLqax
zm?n+?m$}0CW&CO3UBHJ$dcP)7K1TTs8;lipo$vF%9~>>COdj!`-}tCe)HmBG8ku7h
z%}TU8TX2}2ut{>a;gif!^>-%Pyq`AY>-eU9Zy|AqPGi!z$G#I?Q+t|kP<Bq*yeI*;
zva`U*UvI1sjC{2w`35*QpqCcjPsz3T3H8$ed|HtUS8IRI%(8fiKizyfe5x6%@VxOO
zoICjZ`Qh6vUSJQp<0M`{XU-1Mp5>m1?4`Z>U6~q@ZL>jpp>SqIc);&x^X`~u^>vWG
z#?DndRLftSHFFtnk8sd6Ap(4Luc+WnzB@U41dAgdEs36aucpVIy5Zyl@*@Kuwiu6I
zbXxt#KScc>QD1#neu=>PHzOw=cmX`N@OR8Q{E~NCw?Fqu20Y#FHMvJ;)+yQKsgV=e
z+NYYM-`HQ|Cbo5(F|^nZZUD0mXk`4|ICw8}`byvUoSXMU1N1(s+zd%&iq|`9g5Z3y
z>8z3eY<^nKHN;*kfG@Av2u&1zCYLX8;Y&!H6|~uaJW>2pXH6OP^HVdf@lSV=A0)Tt
zDeO_m4h6w6b&LPgS<{E_!km;qQHVCyjnA37?%k1vt}o|Y<C^a-K*lO?73EyxD+$y*
zL{46}=`Cm+(*`_Dhwr3W)5v_l=b~KR3l6@Mz8XK{aIc?mjfcGD`Qvjg_GB8DF!mx3
zensM=RL;GA$~DC$_+JADe?w!A{x`wzx!0#y^}MR<o^i2v-h@l+`rHRE^0<s5@nG>b
zrjC|PQTf!F7kfXMa!JaVIw{ogq!>l@_81LEjbz2qF&nwoe|v1MKwyPyea1Dq{~_2J
znT=Nbr(*crW#F-kwGOh*cKu@bTk%);olf;NI8ST4I3@0Xt+EaD>FadXEaBV68^r;T
zZl|9-Liy^;z~38Nf`>kq(q8$<$Rgyy(Y3bx!@(7;wQyxExRKAg<)==cihrYpFHeCF
zOKD3n3BBM+i1n=lkIV#~^wGcYB!9Zf=hiF%PpT;2OL^f&7r5aSZhSdsYKSqYZXVC_
z-IK1#pYJKiXRV^|j4WuPj$$y{cn%+B#YdWP5&rLtIUn3A7S1!)Hr845Lyiv_@RgdU
zn>qSvA3y2Ejmo3MJMjoAryP?$<|$nAX-_au7kdI358P%?B<3jj!IQKXI+=^_r%vlG
zg^M}5rmK8zjg#lXYt8ep+Gd_Xd!C6s@X9+Q3k6I6eAj7vV78T)+FPLcK1*HU9_wex
zl<yZ$Y6i0EBI<Bf<FD?D-TwAnKN3$7C1!LTG211}=`P75*mH&)f#Exm$*yx2N1DU;
ztlZqadF2Dk?pgWZvb$H#aLx#Sci`@o<Snt{L^M|~ykn1tn8^4sDZg|VF>Q2D2bpwm
z3BHX^XP~I+Jbc+}<9_Abr<$@XR8?3`Uh{zIdto#6C3Dx^WLkIb8^ht1jXV>7RmC||
zyxy!?0-j^<8+?kjS_8eWcVvclFqhK1FOGa`p0QQq(>V7Kk5w@}zDxc8;QIl-f6w=W
zeE*j3He`y8#9~%VH{nVd`i6a_#^WtK<6iozeP1GewD2Pl|9TI1Qbp_G-;3&qhb?}q
z4WB+c7WN`w*9A{^+XiDyEbREb$pwt9j<zKWkJX2txKa0k|Gn*Ve-YhIk5vWHMIzU9
z;ma?Z*h7rRjeO$)H_Oof_)a=4pLjpKp1am}jmvO>vqljzbfNC>g5$$(?m~ip!^<cW
ztg5o=n9N6YT;mKY-#c`q=+Bg2$}{mz=zOd_4sI6-m!!8nafW-WBO5ah32*u))Dy=Q
zf7RKJi0ie(#~*>e$TuC4@?LTq%$^(_m@_GgO}V{i;-}k%Q@vqV^ridU(H{J<U)ne>
zV%E#QEF<=(?Vjj=SCEruvf2J}wxj*eK4-h`z2k#9+%s_k^*wyt?N41moE`F@_>3tv
zPeLoWuUgPcTY_27I&u>-hiSB_^IyI`<5&~r<2a1WHEqwgbF#_hGvY7?dv><`;Z<S}
z_c}k-{*rSXXTI_hWPtO!6Xj_~=hEJm=xhJUk;TNQ3~gdxt3UN6UGvZAPkjt1?()XW
zNb;SM6Y!h1K38XX5PgW|A57>({)0NggV+D8vpgQ_1v}x^lV7*vxx}CSE6?)25x95k
z^IT-V<mV$##qXiMb*&p&-ecWGRm`{w;>A?~C*2*L#W*y-)~5{CE*@X`34T8{5#EgN
zxc)qY7`5pIC)~O_%N^5aN{ImzkH7uaM~$fTN5to9@2eXZ?U`JEndIc(ApeN(Q(SLk
zlifY=&kt#Sz`*)X{Gt~AtB*`_A_#tOTvd+VA#tblsra2z#W7bqoB?}OH^6>V9ao}G
z8?cgW*GK!|MEeH0>UwDZpAzk#WG-s|pDC-hRDUS(>^nRQFuuBzCoDQ?&F@gDr4w@*
z@mRID@h<lpf&0FiD3gotkoJK;H_+imN8nnB4<)>TtDz~!m1?9Jx1BpRzEA!QT}o2?
z2jIf~9rn&vt~Fxc<p-h*)7X=;TcZ=&2j7`xhI8hi^IgZjZl;|F%q;JIXk`e$oa;|6
zdHyJRBI$u28?3umceP&Ob5))ZDNmggp2AoL(P<uUsEZzBO;*kdbQp|r<s!zkz(}ho
zHELFF*plN5aEGpbOAbyDX-0~Xw(|CKry94OJ9R$3&C48KZ;FxP?FFy*p(hQSUhisf
zMRZO5rO?L}-0f=53v{$I?|sa>y`ed$oq4x2UhdrtJVG6v`<2Mln$wW8F{h0&xS6})
z<PppoHd(OB*W9TWG+oOw%xtgt>|C?>g|cP!D>HhG{H#Bk`K&{2rr)Rya^|>J;1`b$
z$~D)hJyU$ov2nu%Z^3$zE6^d`l!3nvx)Sb<J7Q0>kD6u$q8@bG75MJdLr>crSz+l#
z4Rd0<VNT#Pp3gWwPCgDkCLg1{sUQ&5Tq~iSb2w*+g*1FU_K*w4mlQU07s-M{?cBZI
zstXE3@JA**@>m~3-J7fAx#9)cZAix{J+azYMt#*Sp^WT3BTJn4U{AzP+J&CZ4Q_eZ
zFJAU`3O?9oWZwvRx5?Feg84R1E*X;U!<B-6hHwpEC&l#=JlxZWy_z5B=(X;6&y0PY
zJK$Zw_P}GMQ4h~WC*yYk-NYwycPkcC2wQ9&^A&w9F}>Z|i`OUWNp~Q6lJE9}58yu`
zycUixNWyK&RGDLN`#bm<|Nj-Y_k-J-)9c`N<A=cQY;zj8ojr=%*-sn!nLTmb&H%Rs
zfB9Cs!S8(V+YNpTS9h#64$T5j-$dus_TP6!^RaIhgR8l@<dJoxTewP2PGaayY!861
z0q`{dz6QY80QedJU!j@pt>CHnR4;h?H29VZo`%3N)orSsvv+CLyh8f5@YL=n|K#P*
zM+=PF1B~q;byW5QbT*%Hy@|bm?~aPv{Js0?E{pDSo;wtPFI28M-Dk}Jj~CM44D#>X
zw}D(Z;7&a_atU`%qZ`i|IuD$A!uiFaYt5|g6U4V@R2+D0hHl~;j?LrKLLQ%-`P)Zx
z`1pxys2o0r-#u|!4xgEmXNGeUIehLrLk^$c7Z_Xj-f~&=1bUC3Fy7lOn{-y}B<(<3
zI-0nXR*c`l!dm}c_V}vkBkQAk@Q>dLKWERugtvZ<z1a5A^-;xVd}I=SSnT5`9Nw__
zDCtGzk0ux-zstpE>rr%%^2IMdx#T|fCaHwr6=~<KYXec`T#^mzRdOA@!rnT1VW30h
zx`8pYV0bfY)SVaTc*U7okP7__L3`_<rJ;t+IU#6o2pU>pW)G}0Q@jVb7euzjp&ymb
z4Re=0t&DYj`ntt?Iomq$_o;p5LgIl<CFZ@~(h)6ijYH2$8GL(d<qs6Rn79PsT~E3(
zyb*oHPoBRks&Q5T8;!9C7?g1qAqy1TvB-#|Q}=Do+aaGZEM4lN#2R0>MDac|1_Z<X
z#5XU4&#!i5dR@yF7Je4kH3DyNtHT2hMITxZJ#`J_ac=w=yeK5s)J*bEHGvn3dlK^~
z?#YMCKh@}t=byTkb=95{539Q!mx3R5{;6+|;>W4{Q!Bua4&lezCDDHcKeFF}kAMff
zjdm2r_XvE3Xmc*IMwqcbiYy^nxSaD>_<c{+yuIwTRf^MwUuegTwKwd23_q}E?!0mD
ztA82U%{}Ul8+axgQ=^4@u2>s;;fu82y75ax;)`0HzM;?aKkk#h9Nbt2oiB&pFNN-x
zArE|-`!P;S&#L{XeXYHz^TUmA(JPE`GkaY3wu_x91MT#=taje$IpU>nm2>kgKB(;)
zY)HsU^6yx=H_neel=SQho=LuuPS)a`7$@`Jot5;TG3=h2^goyX@~;%!#phb}SkqQ`
zIL)(1yd3;k(aW0mIYZ~z^M`NK{HI&<Pmj&#z3aS^e2<?q-;!nA;R<A&Bk-yFi3fa?
zHLWmH<7aU2`off|P~ju+Mn{ROhcDcMxu0LRH`Pc9vj(;IaMpd2v8WDl_6kz)^K|iF
z@X;CDZcg#e`~3BkPqoTlInh{%9wFp_raeACQ1q(PTX13UhQi`m#$XVbui#FTY{frZ
zNF2uMn+of&t+&E6VJD6hJEmB+Zr#f`&K{Z1eMFs+X?#~;XI@ABs~u_HDR-Ia4|QG?
zUb`Srr1~z-`3=bUQ`s*nca**G18g9_V(jy3Z#*?NVpR#=vSa^h{-$jsd{@%u9L6^V
z7<2;z#;Y6@yXV#3G+OT-{4q6-0q5ib!DJHu+rV9yxxcoGGpCc!I`}aE`pV}GGsV&u
z^wm}VP;trZ|8tQ)EnX!FwvW9zvOsZ}peMB+)=P4zi#QGe{88iZb`;dHPQ<fZRbZ`C
zbz#g}Cy%vGUgXy*+MC4p0mjwuH5O`pQu$P{2Fl%Zj5U`o*9{C`aZW8b>P#!pyPfC{
zo??AoV@>A=S%=*C`Yd66fPL&|tj{-tHy7@MM2f#7=^D1JsiW(o{2pt^#n)#EZMWe2
zp!K=eaC%p=K0oigIQ%f{qxxE(HN3l=^-(#k&mq?55V^Q-sI6iAlfut3{+q~4E}eq*
zJN^f0zci<MZ}|KTr`~f{<`D0Fj>!XQ8@{zo_@ebIVEj|LSM6bp%qO;z^}C_==Fxh)
z3}c~eyGNM2`k68`vfxnK{@ND&hgX_u%kTqPVGuWWwqxqD@0lsf>Wp!rX5yJXK^@)o
zwqe@iOett37H6;1ZRvZprn+zZFO++l_O75E@gU1-LolBG2KS747xyhNp+gSnkrTQ!
z4*E16{&NC$Vk4q^H+k@v7@Z@lCvYDOJ;R72XCRmLli%MLHU^6R0eOyi<yKq<?xYv>
zT@u*ak1ucmF+x6${=rYIN-kmVt){+gX1Bt7EVN=^U4Eb2It#w>JbquC1sTLZUUFXr
z^f;c2aOB>Kv_^6f{^ef9YaWJ{`bWO;d>{G#a*uuE`Ckv8uzW5>lVn%!nmR2!6MaTM
z{U4$K-%X9j@tqFcoG~6AcD&KyNi+670?#5H7;*`^fXrBz-`INlSMb9^2XU)K!!u$>
zX?rQ>S(N|p&8?A>6qB4-$h23$`EaJ(8Y9^8>UqB!-cm7@e+0~tp`seI?x?&t+lW9{
zx5~%j{qpRJwqCr_qU+WjvOhi{eZtvuykgHn9x~DS8L@Ad8i%%TFb*|2(!2d9FTYPZ
zwf>KwyZxy-c!giOP4fRf+_>!v_}dly@}E}f-22+pnc;5yDdgv+_x{Hlx8)!&lmYiU
z9Io&%AC0M(`;z34Mwc)>_A;>iKD<R2I*@$$0?yTt1G_x-ouVd(udorGF&~)v;WL{y
z_=fzH>8Gq!4!Y8ZzAc}!LHc%c-=cuB9{l$6DX(%K$}_gmi^RHjQ|<`mtET3J3n=Ra
z{&Og+@-E6%TkU#6Po4vwQqDtpKV_;}2kvyI1;NDv%2rYC2p_dOn>*dQYp1?~d=6UA
zU7?-G>fmH(C+9{rZ8aw5Qbk+RsjDr`C%LVsxHsPCoDr*I{d=GT-tiUqPI*Ebpf@4f
zaHpDuZq9UTJmbi{K^q=$^bYt^`A3#A$8RzgjUmW0jqf4oqT=f8XU&2eh!ta26c(G_
z&}_!#0>@kEYc=hEf;>AK?~9CEFcR!-m~LVX1S5@C^AwycnCd<{WmVptfRi;Q%8I8o
zG)BtWuzHH}UEs3nXx*w<Gp$1im{|LqdK$Z88axResa+dx+ADtEZ(<Aq;FsL4ld?ag
zUD+m*pF_u2J<4-pQJgl8jm+`;JolKs!Z7n}()=1KhTILlA+;}f1@LQ8KAaHa@gO5<
z9i9YEDJ90Cd8t~L)DSdyRSR@Sdf-&r0yl~ZSRXHKd1z}6Ya@MiBjbG?pE=nr`+@sQ
zz(zQbJXW5qYM|`c=NpbGpKw;pUgL-8%je7<$m0x~O*?bx)62(0zjOGEDE<I&FQ9KP
zpKSAiZGyjhiE(I7YJ46VcOh$^!aQ0M^AgV;g>M<cFHY^((@&r3u`jH>#(x+4p<ipq
zdbuaEC+NpDk$nap_HdS++S{42ud}DKISb&s(TU3cHcmHh<9T45vA7nydzl57Yzr=3
z>?6sg%F7f*uA$HByg!bt`VMn+In%qF9MigaHV|VR$^AS{{*`q4dEqatGdiqfm@eVW
zo2&Kbz1{zQ$}5g%7v=T+``=AmR7W366=&{G#qY5tH##Z`)uv#u6WL94L3<;EI`MJD
z=XExn{eM!fsx(d;HqjPv4$T4wDrm2i^RPMz$3+`#x^Nx!R<noKuxHiJOW=TL<=OiA
zOj7x^PsZ!0{8gM2)*POU&tU_72cJAeTdU5c&vWB@J4l)84Jzjem9nQoj9c&5abF19
z!E<k@nz~h4#xTBI!?W05q6O=8XRy>L3Rz`5p(^eIt)t8==_@rShf!3`d(j5&EDZ~9
zHUC-oIq11f=d08X??q>V>YKI&_ZN|~s(EL(RYe`q3$-Pg#C|8bqH);oniBASk-eol
zHZ8IH5e+ySJf*iSFz~nIvy>0_Y(p=Cd!l<g8MoUoik9&y8^>PY;~K}^FFt;7n7HT#
z)m9yM=t*GoamJ{6f=51e$`keSsplW9$6lk3=DUIRU6fH-e^UGTDoYvdo6+_YbihN|
zIcF&^djBLa)O^&Y#;h^e{i{8VT{64ux^~-wTMEzObMlNn7p<~wr+R0XUjtoHyH)zA
z4?b$QIx%kbFF0&qEH)gLQl@~9=2p%ppE4f19PoD2RzYH{9?D6t?xtJ;AA1Z2ytUTL
zaL2!0fjBHZ^>KKX(vHrQHNeW10ez+&!OLB5Sh4cG8CH&QaMESL-b<O36e~AH$P=Ip
z<xqwXr%-MuZKT-sdFN#uDZF#<*LiCWn7r3|YyGfAgBS63+=;T%!|IGxA8Okg1MRAP
zc*X*|olam3j93rP=(ASvLVC41CUT<b53K=?(l@_~jF5`V@dI=WhZ~H?+d7S+ADm+l
zZwftjNucPLoLP0u?Iq+C7v)@?Mnt@%^uani9_4=I9L|F}#xJ@L&r?*+f5rE=`;t$F
z@?$2CX9qHB+`jSuME!=*?SfBy<0><1^N`{h<uBjJxGnm6vN&=u$yeuP_|07KCt&(s
zcq0+VUF{{)+!x^mZJNuPy@!@c?h`H90Bx>zB<=AD(2@ypTB1IZ+Ygq;X-k~e#p$rt
zzEt!bT4(Viv{khMdO{l^XxSa~ZPVk8@W!IaL!2dJ+qTQtH24^0lIianVikTE`a3J_
zgXymWezDqdcKYjpAGB$vO@HJ10%)(`Rr(=lFL~x|`l@wEroCh5ZtXGXT?iQJOwhWh
z51k#N)jAV4fcxuM8?BYv3IX4BysP5OQk=qGaHSkr+kIA1E=aktG+k%tnP|H1Qfizb
z`VZ2N#$flOvt_5wHO8lLS?kM~G&b!$dko2Y&wkdL*n6^l&1HYIu>V90L^DtAmz0?O
zPV{yjd-E83^9ILc=>vvG*qdGK&1VyPvx~ineeO_8Vs8d1cWQ5@$E1&{%fm;VJ^BoL
zRQq`@`?3W%t!6)tg}<M7<aZqCv2uXNV~A@%Y0uj8P&_mF0G#d4m1IAoH7N$QYitba
z();2usPB6I$Y>1e67nUTxVO%d!Nc1s+>*bC;_^2-K>x^H&vz*X_1kwn{|2#t<yWG;
z`~q_FlW*NM8iV?h^JSmSI6VfnhZxk9IV}dYXL{IASz-vCF$Q(-c^@tYwfWWw&i_+)
ztaJy<w##dOuf3AH0P<Z$Cz|@BxL=*<n`oNs^@5e}8z!``er3x&#*oWzbWDfes&uec
zx%Dgmlet!MPhYghvLzbW5)EvL2DU^4TcUw2(ZH5yU`sTNb~{%_Bf1W?-)QL-TvjaV
z7idecdG)_Ej<d($H@MTjowAJu*rd^$X^hB-X`2cR@_}LpJkQAYO(A}!AAar|j%WpW
zSv@Z3Br!XRkpZN4kZq<3y~amaqxxA!BokfEA~Uo5cZxrr(8C`j&!h5Boh^UTDc#HZ
z=NpOpu3TBSCDvYNkL(}s5MO+Vc;bgy$7@FQ@TczT-N-sVaKwmyhy8h*1&hqsRtpaD
z5jeGO$uaofy5iKDwf<1BIz2v2#_!_yW?CFs115X4l6wWWGS^DlucvL@OMU~rww}d(
zaZbg9Vf@)!fyZIuoaC|>?`NIvM>n?vTGLvJ?H&7^^z|XyQT|7@Ww)QpT|GO;<6GBi
zZ$4$^4EP{jS{AT>=qcacH6CMua6-20c$`y5K`L<UVw??5;(suPyO}S3?Zen`B3+6P
z0d0%>T1_8#3w*AGX1;?Q@vqf)6fPxiX+L|jk37o-4dQQSgpPcaIMVY^<(Bo4!)!nJ
z;O4#Z)dl&T4jsFNxd=92B8CM0)e6UCH*$ejU81|d?~iM29>X28>qpfVa=iLIfnIAE
z7;WI0em9Z#34gjh(sw<;d=|emvIpKT;{@Z={~wcsNj4U}S9v|l=9%#QFfpTN)Pv9P
zQOYGiFzjJ;yu)4S8bxbd^w~uoJ^ArS2l_fN(4Gwz7)5PQRqW-A@Ax2HTHJ?bJUY(_
z=sYK)^K_wmOZd~^*EEfFvhD7Q`8k6;J(+72UwOuW?Cm|kUbes!d~%?bx1j%&J@XFM
zNcKX}!|29}p?8^E@;mKE*)abNdx+$w-PlbQq4WG>lC3m9*VuF5FQxZs|7!i*=swl<
z^!eKo`p@;xm-*s*a4WD9Ozb_Vyl;x>uRVCmR%*-ZS+RR&8(V+;`X{0t8+}8zp7Tev
zQHA`^dV)Wva_UJ|=tqBbD)-`y_tkUmlkN$7;5*RWzK!Tx^N4RY;)uSBy|IM##g~Y9
zo|&<`(HRh{uOJ(Es*f_(HjnoPw$fibj%^5Asc_y!z25;(;`pVtIL6iNhZp$~dldX+
zoSE2S(-XM9;0(B)nS|>LEL>L%i8gRu`744OBugv^9bi3zv>Bw$VcL_QoA6jVApQ3z
za+vD5bmgzpukx5KV!VsqjpOSjz%L^SU(><YT;^0p8Ov7#eC-<&zGlUKK^tn<st>+P
zpA>!QuIRhyU3{Fkz0ffEU<iIb^y$KvUf}T}>vJ5q^@3-D<7|E>+ZIb1gY9QER8a;_
ze;VAj@9f2WuHbcI;&0U70I(K6A|IK$)J+3x;6Dm#Lqn_Z+xdsp$PU<d@wZy_1z<LS
z4OsT2H^2?+IdVrM@VgJbtDk(A!o7Tz<NdnLB}3@wb}I+gX6Vd5c%h@vq4N37+nPUr
z{m?pcVj+7E)YHZ?-q-Qo&+l^TA0cO3HR~OnU3c2q6=koSPak`%y^`7ed-e+Y;CS9d
zi)T4|-bCg7dk4H$-al~4@-O%W@tu?RjLxj#L~g$HGn`wUv)D5)#rKSTZvB}y8aWTz
zX!{Lt!=g#dZ7=Id+`ptei5UX{^j4yi+FKdWkxk$me5|FXl|Hi-oBXBAPn~mr-i7^?
zXN!}b_3}(~*$W(GFB9$5n&_GS%N{G-(0}2_cKDWL{P+pu6%X{>A9aTQTl8&c*l7MD
zr))e%3|%B=lEXTaWJ`IQ*pEBzynSfHowx5z=&TCLkbiVPPkC?izz;od=b8497u<1y
zJLr|HJj;sVTmW5;+a^=7v3mzv!S8jfdqLIQ!gcV|j{-m4KW+v-PXj;6q^}5ffD^X%
z;ltF)1wS_P8y|^SnCCZG&r>b<$yeC+7kk^{_kL!b!{}bXM_)`fWyMk#&h@aT{lQRS
zD!vflex$uBSa=2Y<jvshV~puAxcDl#+B|>rw)W58FmyfRX$CKa-?A+?<_C%zu^-Q4
zjxKmH?WJ$=euTBGM0R+U_pdl7$L=AnrEJWSjbvXQWPY+SUrbKkd+`@|jr-Y4*gvuj
zzeImiF1~l$%Inq+-AsSnS01QDZ=1&ZV(xsq_&u3@_Nx;kyR~2coB1BbHq+g(X<MB+
z$?{oH+f$g+FPYPn>KhBO4=;Em0k4~w7xu`|Yu3EN+d`keX(&WL8ux&6Qo-}IcZ~7L
zZrP7b*u%WI&yIdKepgxV`mr7MVGmu0?XcQ(FKfb%oLr`t^IvyVY+l;77mB}umOdc6
zm-q{KC<_N|**)|1xNm0sF4mYFR7;Q_4aYz|@||+RC>FQc%Ouvi@aZkq^spm+pq?|~
zcN;iYW|OxMJXSyQZGD+D`x5qm3p{89$GRAUAHH=ab+z}!XZ)O)#D;VKWqr_A@fqYY
zy37Ub?r|8yjo`EPwCXnUznA~QgI?;^)7Clc$42-Ool}kQY-+!avTr5Pg5LpC>H1IQ
znZ^!b-D8Q<f-G?PU=l3=|4)-&tlVAjB9i%B%$s`&1Ff6~O$Pg?KB0R9r-kbUd<KA#
zbXEay@d#@oTcl`mKKtwdYcAa?bjPw~y+qkib6}{O_;tzo3KvpF?MPP?Vn43~1})%s
zJ$qgIR(<n7w3Bgobhnu^ewh*Xr}a>_ntWAG#wu9JucnMT@G(~TGQktS`<ED(&R8Gq
zY@i+e4>FcU_{ARb{*))$lWnwQ^taRcy*lw<V^r?M<<|Jjfgak?SkIPIQRk@6n_}rs
z`RzxK7i9cB^lkTNjUQh3eaFxK{qW;w{$s|kwLD`?50_}S?6q;3pfOGP(=uYhLpMCg
zcfi47w=vAU&S7G4DJRZwF*eyOVw}FfTK`tOF=OweyzE`l`;DNBDdSmk?(;tIv=LlL
zVSVCzB`bClzx5nn`Qa{b_)O*ZvDYf`^AHacg*Lqf50zgJzYT5j!>7C8b^7rC5wG0O
zNA1gog$)f}%@gxju=j+dQ?}sD7!(^pc;W_!l=s!o-peyj?Y&@P?{Ob;SbHw;gVXoi
z1L6ajcO!l1d@aULu9bOn&wRMan)fMQwx9Y<^f{USB&)XZzYCvp*?j~{?AyZ!Xh%8S
z^Jz=_#jc|<3MQ)KqKxj4h&EvROtcq&SH^$wrKk3LrnL_C*`Eo%##kTrpmlb=#ry<U
z!F2VT@w|3#(*NzWW3LS|)B}qJL(S7(8}_C8j+e=fwNggyv_dPtjXW#*sCM+s;F)OM
zCSpCediGx?`XxHo#W<M%Zq|@H9DyR$(RyuCU+=SC;yXmsWJ~>@tlgo<PG390vW@v9
z!&3Kh#=>tu`mM9U4;YM|{X-R!!Q*FtJWtm+_}}sH!4r_}CL-I}dAm%`2}gmIs}WfA
zaAthnlJkk}%RP(A3ylSzCm%wVX}q==T~RvU_j9*&8sDq<{sQmbL3SzPym`Tq7J2(l
zN92|#Gb4MBcp}p_E{tsb^Ldf)h79ZOc^NSTgBKVJRbKskNA1rw7W91_|6Jl<aCWS?
z&PiS;bb>DSML+kW3cen^L;ltuhi}R?eJ}Lk(@M^fLESs+e<Tpqy$kXH;Jck|t-%0u
zkZ)i!>vlbNg^2BPsGalwN`C*~o92pL4aSO*Dx)U#;>|gS&3U2ywBuwA%USd4$>hfZ
zC*iyISZ9^`;_lW)&ZvI+k-q;S&XNMkmYXv!uJ|c;%=Mpm3)cS*vt|eU+yFSQ7@Xp>
zjxv_bjO8Bs=RU)s#~90v{C<|P9AYfKYNO_Yi|@%9F)tV$ONjPEvyBDI@EsUnECbNJ
zBhZllH|;%=OMA>s?X`j@WfSR}{3C6zkE}w@ow6wuEEJsI<=(&G{LZn`=sz&-GVZu7
zbz)chrtYnoH4kxC5bJvII^+%c>q}petNXu~UWN@i2fvpYv2P%Y<@$_;+zZ}i^yQ5{
zzn$lm=Nb!J!5d@w$3~yuB-!m8>-jF@R{!YpYCV5-WWk?VpMKVYTquJ}Ud3O4wSZ<8
zRjf8^DuH)JuUV6;@9WJP$&2jU_<B5STKB{}?!^BGc@I5&j`sZQZC8%5+u#mH>%hpu
zXLvSRZx8FpJV)z2Zq~G7rzxIJ|HLG0V!rvq6UbBGigkmRk4!dpFK12RM-L&tESSgd
zdsyFZvA&1FwO8gh=j=1*TI-9B0i6$b;8@Qg@Z?SKb{N_r{nhJ-OQX_x3)g#*DSqKI
zw$_siOmWF&x0G+2aP=16;qQD1{q$fi`1jjXV|T~_{~R@Hbk5cNlw1lH9;V0Eof9Z*
z;dv*|E5PM^+J1<4ufxy04P6_c-)hQKQ0EAG^;^vQw)H!ka^7}$x<$`)Kf-Fe->5my
z9k{bUy(!0YV&dX{?j<kl_7}2e)BXrPshrweO#AZtwe~6fJ=F96{oYwd9;v_O-dXmC
z5o_;=ZgsPN4&hs&Gs5lSZZI@4|BDXne)TKyN!jgX?aRS~N5F%*{JtJMxB)!a2Of0K
z59hR)b1Xc7?qus8e-C>mukvG&!aV#&kjF=#U7a4eglDbjp+}!Je=KqV&kUZao)`R(
zuJ0}U%#@S#O$(=lTQg&#*~zq7H25L<^fPY%uSXWjXZJej@xSowV~qW~e80>5dYm%~
zl<)AZYs)w%KFxXYDb9^ga+X{^n*UIJzjCgzRd}kkPL_3)2S)Oa__j5i!v=mc@puiA
zL(*ek<XI*6$xEplKd;kcpX1qnd_LDCJ-dcy@b(L|A8h$ZyyAwWGQ=c#z-Pqs116VA
zjt`)7t&_ZnlIMNEYrmT~)a)Of?{3!Vb@4aIEbxv4Ps(?M7-GH$jhd&~|GoyJW<Pty
z*Tg+C_RpKl)%VZjYS6nHXg_C1759CW+g;ykV*~Q3&W8$ke01WgDkztqiOxCE$82ck
zOO*F#%Kq$%6+BZ>SV2Gf4=<1Zg)y*%GVV;{5dOm5b<msv&Yz{VIa7<TFl&hUduTQP
zJ)ISW<vc6ro_57jv!)Ziz;h_+St{cbuh5H6&YQ$IK@aIB23Ik2siYtE-N`uI2KQ{f
zOzt+G<$;fRZRrsQcl31E5aX}nRxFU;S#m69tx58K<Spa~?leO`N})wZeDy1rfq#li
z<{_6?sKJOVCss)DImXSeQbw@XyFTZnf;C=Zgn5m{dB{P2+94*@;B0J>S_619$t6YP
zTd(PbZ}W4Xd@|?m2=u;zGJfvD2Wx|Sedf5D9^~F{(Pl*kG@3QLD0pL`?^W))qI0+j
z-*6xLQqe}&RF~I>j|Q^)s$;B4g)w<x2kSVSF&%>sb|LSJ?p;V*TL0I6+me%KOb(|y
z<`tA0le@2YXW}A!y$k%@vsaG39$-9!^4K+3_|A{#GP_aZm=fnv662_8rSG&SIYU2U
z)Rci2u9B1)RvpHI{d06I4U7dJ@K`Tvqw(oZJg|wB60fd{oSLc7lSv7B(lx&^humn~
zMf8VO(}sIypipD8*J8sPBV0*|`{HTu^Z;*t>ns`dE#VGe-4yU!Ho9^3mzgdj3Lnay
zd}980ek|hp{n{by9>c14COw%8ds8;Dw)R&8`z(WdPH%FzP<A5SDK3Rh+=dR5^Le++
z$nJI<#;*J{cf^BCCS5_@$Bd3@?$QO3<EpUf>|h?!p^epHrQyHnqONPu6}gr2s>j`)
z;Wyx!<1`|k-#c07CA@tH__-bpMA55S`M5odRkFO`5=JkjeTm#X04+x+gG|g_@pb1L
zD_Sy*8tv7(^~AtpP3pjfR(*3$nv|QPvD2oPdb7Z{a?>4N4&Tu-%w9uxjJ&s{3_J+&
zX--=d$#)aSv(*vx78)HXz*GJCd1tRf@|x7C4d8%obBo#yQD0@3^U-*{en-^B-NqE!
zijUi6t?LE*|LHmI$;OsZNBipnWB>6B&6Ke4XoRuuWSm#&Kktt*){&FOU?Xe2EALm^
zrZ^^Tnu0!PgudaKBLVi;2y~;8eKNwFJHc5G@b9ACa`Tc%3jO<mA@kftY{G7xf6c6o
zi+Op!=ZJa|^Gu#&BkiVY{TYMGw?Dox;sqvt!G`jwz(w_w>x}kUvjDj)CG6eB+$rlh
z0}Ls<MdPx@xZ@L6d6o6kuV*gx#<YD#e75usaocnj^==0*MGvI^{Tg>@d)b4+Z{fL(
z<4xzpahx;4!g0M5ZVRU^oLw=|ipj(8EyCY^<}MtrvT^vTQ@AT!w&k|JW_%@Q7~ksu
zMdLHc7d#ezMSrL9ndpFX4Igwb9t&v1sW<@+_!%dB%{cg*@$fkl(9=$|a&7AlouB)}
zmtd!qkNN>((YagUwRs-JK6qk6>CiOR@H*mwh`-6|;V$QX;(esMBiC)55_#+YHlpIs
zRkt61-}{MuAA>JnYROK}efCrsS!+2lKSJ)5aHZ*c;a&LuY~h(BdqBMT1K^DEfA!-Z
zb-yz^+)n*{?8#1e6VcZ=&Sk}3nQ3foW1N}jX#&U}Zy^i2jG5hTbUwnpx1BT42a`vP
z_kJh-U3>!gv+3TZc!~V+<_hcV__9%hZfI4^Z7c{*HujwABR%$fQXl*2qaS+$eGI5w
zKkcd?wXOZCyng|Bj0)PH108B+?y?8Zfd+}5h#pmN{#QcRuH?)*eA1{9?TO_b+*WRS
zH<eE}_8exOl^-Fu9Q3B=qsU*-DR}8fg_%C^Bz{_(pv|IxYDf3>6^kZ1W-fl@v;z9~
zLQ~X#f%<oP!xzy1zC{1{4o-#kS^Yng_sq6-)3d34QJnTw7RKpaYms8ny2%TXJ}~Qi
z^3NptRvRYgfb_NMC!Cn4&Rz9|3>cZ4)YoH4bKRWi>nQoNG*<&3e9g5!SN`?xF#3Ur
z`db6dy*{Zwd#-)JA3e-)pY-!4cU%+nB*+@vo;U|ZtAy`wT=i*i`%~cfC&Bg0!TBZd
z@TF1qfTcf=fje!;ko_YguZiZAsa@L7=d6K_4Qq}2X-m)a9=(rfnMJ?!u8;MW?L{{I
zBa~5|HkDgQInMYk`OrDF3IE*jTiOvVz15M`-EyumxQOvS#NC#9XBKf=;2qP<n!pTr
z--uab=o>lS<h|SE{sgkS$=R>^TPc4VZR~)?Np_I!{2lg>+Vg{}$QtmF>>+1*c$zu0
z+hxU~&9?4fx!}ot!Y|g+<ut<etlJvKthT08m$QA3_LDt!%>^Uk@R5fCQSC7o{Ocw3
z!<;&n^4-SVhmgIJ$JJ@=&-l1BCTC**2*x^_kW~iNruM1eTn>y<I4hQ-vyM5Mx9L8#
zmwtj18n>x`bdT2F?FZIgr_m9nPpzBc>FWJwG(PHRkE@UT!NN!_u#S&I{8v`21zOTO
zLw28;-6|uVLgP^X9y7Z;#2D0H6=P7}2OXQXg*lfRMTb7?h;HJXQeW%n8(sV0Z1z`E
z==Q?mJ<ud#b83x<ZBeBECH&9gZq(>Hkw?j1C&6PM<7mw_c7KQU(K_W!HV(~Ton$uz
zhfl2u^>$O1J1V<<M$Uj@u)0~xVsqNS8t8||X>_Z;JBZE-SyFTeIVP<4YvI|Xua%6U
zGTIOJyZtlqIR+1kzZsW-tTDr@xlJP+m(QjRw1R(D8E|Da^iue(b#YM!|EAX#0P6#e
zndE++*<B6{1v58tnhSc<lvuALtk-7x-IT+9bJptq?>nLg$;Gbv8f%nssjk+>f-~^m
z1TQN%Pko;?wr~^POKoUh`GKi$V?1?)yQ(i-?FVN?C+z*23(f-H;dhboy{uO?>$My?
zss;Te@iJG1Qqec^zix9}u2PwGX@R0<l{tjY41PD1nJDuobZY#!%1lp`=|ukI3<;f+
zD09DQ>7O*FerT2OQL=#OiXV9S8PBDxZ*C^Kb-@H!xWP}+lm+YuKl9Vvz6T6N3nc4R
zAkUWYZP5hATLI1JWE}a7vv_=bOx8QbS+OFn2h3-Dde^|%EIeg=7H#2w7B-eqJhkFQ
zo=#6P7#~q%b~l2nI+wFkjYEa3`Bxd!{m>!J$>#sul(pu{T<m>r(Tp?f^G%6;u01E*
zN#5gqz)EX~&w9re)=F&(_pH4QjBMKB6@Ll7g%kLudLG&mT~d7y_3NqsL9{})U%^>;
zqIxcPY~hvG;U?+}cZIXUUmIuDukf}hfwRJ2)&0l!>CeX7BaBn^1B_4oR`L0)`k{aE
z#p+jcb~6{XsrmLXf5B37WS@4R^T~E4(+buungd<I_T@9O2ZG>)OFDzwzz@!87divc
z{nh-oajlGg)sObEhc$}Bm0a%7F40q+TlticZ7g|g8jC$Hd~`;~ZMQdeyeg}6`W(u-
z@i~^9St?vKIA={4vE0E`#?}i>dj&W{gASEb$CepgqHArZWJbv^YBMg&$9dYNCq}YU
zh<hu!b{X#^U)pkGoTjA=sBQ6IqV<wR``}%D)8evY)BNx@&u&Ll?YhbDq_#b@$32#T
zS<nVA?Uupsx=v29VvN2*{v)+3o1J7&gFU$pUS;$7#)^FjnR&DH6Se3<fcc}?a3)n<
zPY&%#;d=O8KXuW+3}`Nrn}gt(^zMQ~9`;m?H5mqyn_WpTct5$>mVeded*$Ewd~SRn
z`F9KY*Ad1cepUJ;$-msK9F>0sSIMoRg#3G%_77z>mr{NcL&!Quka4#VC*ZYq;QdSB
zEm-O-lKigmAHbhR@R#gs$?(XswjMxwgQdvRvMWfQ_E6r1JZ<X@)Q(+t6Md^M$;B!!
zd0MdY12dIBlRW*?cR2&>c_d_N7c#ZvZ|@moYL%5tZOuC&Q+spigT7Tqb59=AnPgVs
zzNLQ!XI^B@Z^zbJ4o;QVrde@Cgy+TRCxXzD9`-_ab?|f@%s<Ct<8v2s$`!<Yu=BC|
z@vV^T^fl@g1Al9O12gfz(hcd3VO>Mqmcuwl%YK6AbLsCO_qD6Q@p<s^b;twr;NQED
zNhB-$GOv5vugug<uc8P2mc!WdDzb$19MTI~u{XgJ`Ml0CCxz?A8;{R|?sPjQg+uJ?
z5cn+LBibC)9(awmrZ`eJU5&5AB+7&1&-T+!m+9*6rd%_8n{)xyI~~ywb6LmO3m9V;
z`UHD^;Kk_tRJZzvjwpPbWxM~4BRjkRUakaQmh<PdXT3a=jaoK-yPRZj`|P@Ida~{!
z3tE_+th?CaO6V?Z*h+7q{smu+S#)Epu1+)rKeX3W&c%E~;92!g98pW(!Tdth)g2A5
zMQ6MNPeMan&>6{l_^%YT05@pxDr*n3Htl&&Z<8*o-JG-uzG}C<=RDwY3+oU7_ASU!
zvi;2ko-O#crGS?X{=2Hy75XS+^1F=j2=+F8wRLjBUweOPf7<&iStobw9sKa9tFofA
zqJg5NwoXs=q}Q|SV&mLmd?VeGwa&CBGVr&_;LOS#!p|2Sto-1$NA>~V)(yn5a@1c&
zbnxNZ-hsv<*JPW<uD92G93R*WOP=Yft}K+EwC~Q~kZhQh=vdoU63-aBQ!uBrBa1cH
zKF~e&Ao1~hZr{y4$johqYjKw`Ww9&OnLcj(jH%+2Uj|3SCtuF@sTdGG?&N01{si7Y
z1GcJ7^}$|E)0zi!9Qc%<(p%X&s}J(`cNq@&DM$DAnFjd>$A>>=j_)3}{CvniGg0tU
z42l^AFJfaFa*oHQH4b}{Gq!7*u@yg`!9M5xIl<2ouXqByBRqj(z-5~mVaX8nUi{u1
zMz`vJkMeqFV3TW{XdIFckZc}K@XE5g=<Kb5H)OxFmWPUYFJByZo@MyhMY>K-Tr7TK
zC+{04;^&18obx->gS^n>%);NGer54`W6<TC9$r9fnmfKk9@j~N-!#UbW$C^{E4kaX
z(uls9O)PE3>I*F>yzM&f@DbY#ht-Jqi;6npPSDn8E@|5KHQG>n)mA(5QCB;ev1+yR
zStCl0%dI2CP_3g4$yFcZ(?9lZNZg;wjMZT?^K%E?ad|!Q+kFL!i<xC^%<%%V-B;pw
zq<p`>DIJbJX+)lwWpqTr!M3}&_c$hZaI&4P7#qTBU@IJcoS2jQv5g8pFC>0tCBF^$
zv}BtRdn@)5YY0#G?2#>ZugqUP!}1ZCg8juuyi(W0;cexQhqsAWC}n?pO;0#PtjKjo
zzw!Lss&zw0!HHMF8~I~C%UT}ilSX`bgBbF~_*A4_v?b?i$NbO^aK89l<K_V0(u1R8
z85C_6KiFKgmiPeJcqX>w$R?LZKOWjIsHz@XO5USo=q9e9-F4VpZh)t0!G`-ZHrz+B
z<x4-`f-b0@Z|SIrtuu&?#%fnOz$R>I`3uu5Un1FK2I%9FGuYBJf6d*W<_a5m#GZ%8
zwC_og#|C|6Qe4d?M#M1oUzT|_cbO7vm}NHP*y||R_c-e>dk{S7!H+Y@`rXd@1zEpJ
z=*ev>wTAIMYxz<-<Gz&kdebJjxPe?w4clDjnNiX4k&WXRLkjw%RP;!b&?iksuQY{r
z(zqw)j7*0vsbA5s40NHg|9{T-`Ex~UKOWgvcPa7m&e_|u(a}Eg`h>k1Lzb+O(ex$c
zF!Tl7bzXI3)`4vm=CmWN==b_kjK#`bwg-Br_QWS3YYf*z59=9!CBAjHT5}PvpK0j=
zY&z)w`YAftn4p7I&@9n#+2=&JZ+!=!H{KQRFlriD>z7$`n>N;eXxb>fifAKod-?tu
zHfXya(MM=WT2+ptBe^d;30D;(TO0aDp5Bk1lsGdrCGZ|i%(obvtR$Wh{)~h5jH?*`
zrq!H@f>QywHwWCS0QaiqH^uFJMR9qzY0X*QUl#X!Y5K}p-XkA#K3R8ithGQN(hHqa
zd(w^U$0tZQTs(|_4ZnlRg#a8^O^~mfFIK(Nj8x4UANl%9S46%8Gm(WC@SVqJ<SO)r
zj~LN+XB)$^u?3xh4(_WQ(z$_b#(GSPwPX>$8hdWl)RLm&j=1km@z3G^_3Sv$9)`DK
z{(?~@<0^g}-4gtG)pMoR+Vujrsvj;XQk@2VPokgEdhAEl>!iM2Ua+*v)0fpA^*Vub
z)xDQneYL_H<fsj`PhIg5R(auxeybdH^Y|_P$|}d0L<8({CHk#$v@KYIw}Z155kDMw
z2{xQF3y+RBGL+wL^-qbZo=*IrpK`V+?g#7Mk3TwonuGA}s|24ucuVbt#w%xTcXmQw
z!2938!`l0zZW?>K-e|8h;`>7HTj3W~K0D2XPskiljEghvk3MV);uEH7eG<Gu0DAc0
zc!N0p3-`x^`@(tQe~`Up<36!Hi-hljk2{UnyypJPqR@d>=XWo4FXaD<CoeTubY2>S
z5ABC8^no+I&<NoixDpW#jfD$1Xu)(X`$TxAJ0%B>PFyS;Q(2v3f}@^0kCON0s+rr%
zmS0}z>o;ofzgy)yiv1RN_*h@~sa3vb(0wUp66Nv-!8!i7;@kBa?aB9`hyHx5f3Nh=
zx?6L_%<biAB}JF>UjOItzncFQ?C0FCqMxGO)wDmC=gsGEpW+-d(!zSSf_p8Ds}($L
zVP6Z6<=>|><@&^#@(5>&B~ui|X@c4g<&~Vd%w^yqZCYi{KT8?*w+ViyI~l7zKh6K8
zkyU#czxuC({<bm4<+HoDT>-srF;kE9R^mH03>^4&+2y_oo>R^qQyu?XE8?(`?$DYy
z`J4owWz5@x6LUu<8m#C3ew}C<wyZklo`+4WoW7Sa_vOsJ4w|-U{-zwuhlRQ45j()D
z&)m;ghPj)xl}}&!%>9hCk-7J9_x~=&Pu!%4JJVcIy?o~OV&sF%*+<y8h!e8qxdNm0
z_|n-2wv~51dmQ=vNGo-!D3{Ng=09kxC}un^o-KcKWJ~k(saD*aFnSI<R{x!xtsdy!
z%#de$RnW8jE$G^J@JnBeU!fbj-9mVReRmmyRlx4u*@0o{3c9L2+g~KEY;UpAVSdqw
zv_51UdXaiBPvlM@{7fhlJtEHxb6VI%+rf})yBnU|onaKJykd&&<^8+dKg;2L1?7FA
zg@r*+V0b6bwJ*eTiEo!o;F}5G10HA`eejrjE^gc=zq}n*zbXSCi7(~-=(?8ER@ar}
zU^X+uzH`W*msQ%KarYJnIu1a;vH1*&hKrU5vmDUzrfoLuZ$`iMBJJAcU%Ia(S_bcA
zzn7il9Ol22wb!{XyekLx%fLJCAst!G{?u8M%eU@i2uCV}cl@{38hp^Xl*fOaC+xpN
zk_ApbSDLm}GY+k}*6}>n+P#Byyuz$$Tgtv9{!#Pi(<3qLui@INJG72VuQm<^&`AkD
zw6`nR?<L@umpy||q_u}}+~0j6eyqnnd2Zwtc+jKR78G;xeR)pwSmHU6N8ZD8Uc>x?
z^yj|f^1|W=Ij1g9;N3ak9s2g-huH`AGv;kQqg=xh&S!GE!!H);484%KdKhOp<J5RX
zZwm0Cx)FcGV<(F~^jP!24~^B}dn|t}`J^AYMQ7M5aLYd(U+acI`z+|WY{CBN+)rpQ
z_+Nin!-0{73&$B5>*&9k{+n4to41~VKjuN?uy%Oj_SBC=9tDovSu5Jb=U32zL(qZ|
zXu*Z}K~HjA7!q9>fwvY9Ae$)s^<XH$vn$8JT-KwR^+@jHrb2wT@s+&_x%*hjv=2Xj
zXpS|1zQ@l0pXlpR#@x)9Hwh<Aqvlok_<P22eqV3a%;T)~)R-$O)?-WNte*#twI9lk
zgu$^#Ypd_DZT!jjRE^9JK5aSn;P?+c#?_oxmJGx9*fF{j_~ZhAec*2wxfosK#X&9+
zoVGO6Pcob?A}3rm{Ph*Uu>HY{KX5Iy2elTo_nx)TdA(d~K|9ItnM6!d!RJwMN@L2M
z$M?hNY3A~cJtmL;x3LG>uH<~~fKTAL_JjcrbFZzS7g_P9EbjJ_Z^D?Tdq2KdBQkND
z!zlVk=B2Xsd`;?h!AF!CM$s2}C%;T%HvJrhp5RO1<9yzcA8%iEJRPi8o=t-e=FFK3
z9W}kxoz!tbFQhB-`#B>5_0N^f?%L)t`i>)m9_gG#+#}j&zFV5XuVk2RInP)S1Ev=4
zRegBe6KpLy!S~p8O~7_bGwmh!bx~ftuOA49(q?~X9QvTX!1FE5w3pl$aa^o<eTzMC
z>_PwEtgmM6DcVc!>!zG|UpI<=Ell~F^|em)i1w2Env$KgUYq~M>qUFXeeFsgo!72o
z{e^$adF^VZz2v^Go-#VGUB`Yp;cwO#IKQiz_LBR0EhXL;xUuEf$ytB1zQBzw&9s-?
z*A{$}HnG1h;N35$UmSTlaSq=IO+LiuHO`RZoFTePbM?jF%DK>Sk)@yU=?rFXN#7&A
zk9~${Z_QOdv=yd)9d!K|bp0x5qj$Wyq7IoM2%mld^!%5@nUR#Ak4$-{Hgtz=cM$#Y
zh+p_A{3tZp;vYDNE9j$v{#=~pKKM;PzbzVa_ivsP4QYk%$>;8wWay>Pt50CN+cb?F
zmi2-54d`|BydddJJugAqEnWdSxf*(E@u>8be-(c0@ItDy)ngn&mz{<^wIiQ4ZF(p^
z;e7s!1{;h;G`NKCQToaMPR2C$4AD48%e;v^%zyQx{={=xavpt6qHW2!n~=ZykY6j{
z@%!}+&tJyb=rT=@i?#dTF2`Q;&fi&%O~6I+sd)4t@D$vZAj?W#ZTi|6IhOKz{?zRw
zt1{v3p5UD9+6I1?m^Eb|M-~GwLx-kCn&304YvcFha^YiL@V*|&Vc_Oc_}_BLVc@9z
za#DCMxzv(Lk;5#R6uHfkNwbi1*aw^0NB6Lg_Q8ui&7GxYeAilvsE;3{RUdxzjAbt4
zOs6fY4072S%OIB-@K_Ik(=O)ZI#g=ivyiOzFz2eq?v`A~*o(EVz#mI?rJSu(S*N;V
z%5@@hkCtPPRH8>z`CPsac+3^j9R=sx{Qr!|k+()h`G4{L)>sDPyi?^x;H*71#$XV?
z^sY0Et%p67dxo)Se~ylYG01jY{Co6$j8XcddcNO=zi~0o)zDP&J9#sUBA=X!j+|KP
zqkY4(^g>sX_qTGY*n9jU>|UCecz3&w8@{GE!Pg+y<`kTVeZurq_fp2kSX%jR!mmnp
z#IAn_mon*tHoM?;EPU#m8S%V2GNlT9DtEiX{qT{3PZu!s(O2U~6EGY+H*)Y5!BFMm
zdFzTh(38Py*<%q;XY${sP2(7^@T(;u`&}{n>1|gc`;m9alKonSPsx5(xo^g0KO5&-
z_@4*NQ?T!B26pY>$UbNqIyI}0O+4dw#^E2Lw?TF|oE6ve9rhq!<-wzaGs`Fwq+S*K
z!YBMfud|$Ir|D`~FKb_bd)gPh$ZzkbtLX(l)b9J~YC37FoHFI?i!<spv@gI5>6NU#
zijSICZL(LTL#aexQ3u_qlrDuab+UJt0n4-Lk2=|7R(<yB8OyL&cSy!nAMc|-+7Em-
zGNx+!sz|Kcve^f>Eoa^8%oJ<gDiZ6KNjXcW#5$FLx7K{=Uow0r>*itIEI0xGbq|^=
zT1t>pSi5<-cduMN`{|r{M(fS!pQ=^1?&tA4jEA?eUua8fxq~_Tz_HbQtF1D|Zt?%%
zndU1zQ=iM`2Zl?`()QBS{g>&Snv-;vuEl<9;b&s6OOG^)uMg8F@U{K}cjS!SVfLr?
zatJ=PfPGqpU0=8<xmEN{cRNKVk3uJ(<{t45#xCFB0Q5|J2D*|#*@a|h62E~xXjeXM
z`Kj+Sxf2S%@k)xZQ1Y53*HA|5dM3TxYQZG|YstS>IbbV#W3P1`|3x#rz-Jw>Xa?4s
zp$YpEG~tTb&*WSHO<>Peuh#kV^SHgPdJNnI%VfB1on#!!0CrYC37j;L%Y~EJRxO;|
z0k2ff*w2XHMXVp?JoHlzPMom}IN3m(qKhtY(gS?Gz_$YU2D#&8<!@!5R5Cy5>B|Je
zQ9V-EX?i4I0#0M~NLJhQ?*mSG37j0oqX*F$qBGVy9sYM{$aC0%p&2g>bC2~Zd^kA=
zeVaMs=wG_|7pdRs{Ntrj=NI=%Pgjln*?6T3p3p3Emlz#JYW-#XuYYQ9@5a)0@G#>3
zGS60g6P@?nm#TgnJV5=$jX7^zwE|n()!5Xo!nSrLHnuD9(O%9y%W;<9fEzj3@DdLg
zosaGw{<ZeN`=^|;2TDIEo1pB0vJ1*4IB}SJl;p!5V190LglJCwE84bu&{0)%#BE6)
zo)ui-*<PN>zHVUO35NDF@S>d95&EA`nf&P`MF+5VQ~?)_U2yf0qZhwM_Nq}(HPwt%
zzc?{6=bKA(e|T_Nrct;9+xx9NYdM%(Xfkivw=?;^fwM7yT?60a+7^5h>;5t>T6cW>
zP~8QL{l$qzw@o#RZadd3syl8bY~t^=ZzkKRWvhhW-3pIu*{9L*Y{ieJricBQY<nGB
z$LN_D;hx;q9{f*S@bJC>>$uh^l7E2qjA&rlFyrOh^~yKyjjcrw$$WbLd)!qe|7~2w
z{`jHe<%w4fVE>stzVp&hi81((cjsRD<-2EHdESEaZg^<s_ik7+zTwh5;Gj5X;xW{Q
z?q_<<bo`AyVPF-h?wuG}#=YXPv>l#&&<h+@pEZ1(u|<4U`Gp$WY}R!X@=iJSXiEnR
z{W;2fuW*sq*)+D;_Gecf`)WFSk@F}Q98HD?KBZd*u+x_(?DT2a>5DBpee<@^<IULV
zy_TIm#q@@ovD0tHj($be^+S&_j$_=heT`UElGO}sPZwjS&%;h%fxLF{MUk8|<6_HB
zUy-oWE4L8(kWo8*J9_thjCqhT%TC|Ge7v;3tSU70DD79{H?*0yB@aFZ?brqFI1KHW
zM2v@{#8v3T-g+3?yq~oaZ5FKL<0snuZ?xw+DSX3c%;D%rp0jYkj^UKS`p50-8L^X-
z!5QwUE@6#a25a-5pXQD#dxG|Z9|=V96AS0hlTV3jz`?n~-Wt?;s!jtuMexs*{|r0`
zXNCM~d~SFd&Nhvq(b=$4<4C^G46pcXUNFUq<@6K!?m?z%U_JBhxYT+^(3PzLo|))6
z@*Y(_*o@dNo*Bfm$Wz_9=UdN+Q?RvilCi*Q&-F3u+4p(IS+8fW<()U%dbWdSxjfsU
zy2cdi*>`zXkIWy$KI?0TCUAZRKZZ{WF)?&sH~5#5A~&%20Q+KKUuM(o^P!uZQ$a`R
znco-1>1uGoS>8kUMX!UNv%Kf*FyK`z*k!yIcEaOiSO&97ijd0}2LDi6)CY|U=D-ua
zfGmP<kIu!mDGe(>#vZoTh4>gIXPesgr@gmr%~^MoS0~E!jeBpI>Ph!J=e?l$xg*}k
zj)!h|?0CVtUmhQL^_k<<ufBSG**&iuA18VNF3LB!i`W(^;Bd<`z?Xf@@8Q(>fuUy8
zbFkg?9&9#KWBAkV=`tEtrX`P&^VP!N^!N6!=dP*mecqSAv$628Z1O+H2LPB$W@(W8
zfG#7zw`F4o&&6k`-LeVqZC7Pfz86?pHekNT_Mzw2UJ>pC;{p2Wb2qG190{H4D!=+T
zeh0!YcwQ&J)n8xgd;1IGBcdD*9%zL4&4=*M62EHDW(DIY;oA@I=E5h_7me#X)X(TM
zmF1p?+HXsFZ~N9+X!y5tS36Ri!8x(9aoc|9neRep;?wsT?!U{IFAx7J(Tj9!<X^)+
zr?XA_^3_SkR^qb78knQbV%>}Aal~zP@_z=;JJ1g-3{EZW=pz1L9`-+#GZXEojsJX~
zHY7LqT6N;SV=q#+2b)6)<54@uPR7ThcDmoEolbCi>{v<?WBIS7Hh%IxZR~(9#OuVz
zvX8Rh)$WEwJ5MLI)Al~?tOnoWKCAI|+9`_-f46DfFG`R7gm!KN#+uW&&(Kb50=|_A
zT$Hb)*4y@lO1?8LUrpuwPL2gRve8AHh<NTO`N{#$h~x5l%XjWAeqTnPZ(d{h&Fzxk
zTt2Wqh<#Y)`s&PR|7>DYziSNNLcG5>;D1`-JvuFXNRO4mQ)oPO*ftn{0ez86JI=$L
zuzbPdF`Sgw0e<_e{-jyFcbyj?H-Qm*p7XPgJUQ~4`z>)PlrzV{TDZ-u_??46&Kur&
zs%|N)cr&g?@Kk-Ruwt0~0jwL}A@(S8iTq@rpM*|ng;A6>&xjUqZz$gk)cUH($Ma=!
zJJgtW5K}OtiSn+h+Y41^4s{ABzliewFB(O~s}1G1$Y^4HGU<Oc@0VD(AHQ#tYul;W
zr|Nep?_S5wZK%)ljcC+Ce~G@P(M}uugM2!)udVXpL8;?b`FyK<k&iyz^etUSBlMvO
zzp+iUJ;3;MH`4{JxCB@(qt4R#Mzn(RWt7+cuwkE!6Ar<4Tp;Qk3Jjl5{c%-m@V#}#
zKKZ6%pPV80^_0>McYUBpxZ=TP?wR7~Xfpka+ZaQXvDk20$375j-M}gZSSofLIYuM-
zjQhv@-g_l?deQ5aa37{^s-q(VzXI+FbMIWR%Zd%8;x9m(x$K23V_J7N@A|Rx6SH9O
z7UCpl;xi!GM84kf{6Oh3^_P8x5xtta`>HP~6s~ZGAmcDT0;>C)i<`D(jn+Gr56-Ih
z86!%3kFAICK~09$P;#uXr{X?~XUm<J4J<RDlcJ69(6{oYTIW0SIKcX7EyKV?>zU1Z
zdV!04R_<UOA7p+XC-zh(aM%z2QuaBIaqzf&`;OH09M9+bk?N{K`Q0~iCVKI^4{^75
z4z_1_KJtXR2Tab@x18LKCU#P%WX{l?*dW;h=yKw7I(yDJ?%HKo<s+Q=@IO1)TS3O%
z&v&y!`J?Mswg7wi0pE{Lu$MUqmhx$qAFmtu9Z!kFPxYFtd75|BGrvXnAZtwZoJB8i
z55;6$#arkHUc4AzG4=HbXPf`sx_jXl2Ltj$MmCo|q>ue#^AX}XD`{gHv0UpkPUgFe
z^G|mY^uHILw~D@9+<(pDo=BI&>>gm;KE|EFU7&@G_XvHhvwV=_F+AonkAf9O^eM)^
zuX;hDHTJvj=C0_pZj1*J_X_iltC)kH<10d3EOd{wcg^|V-j+dobC8#Wvx-CdB7015
z5f1)<_FBNfUpsQb_?~7|!h;%>QzAPlzW_WVcfIBN-tU+emK;;)H4ZJJKjng}Xa9F{
zPegT8UiD_O#vh?xAMuZR;FAOs#UmGeJ;9p)k#q0}{tS)ak6ZXaE{R<5Xesod7}$vR
zxoN)<n95JDk^8~;gIjm)1oM9UWDZh3-#N1zUF;#vSFqDuW85WM2>kk;#0Uj;CA5>m
zJnP{#EV!Hnx8K0eU9kBeUv7>2C(yp7+|69fdX|l!85S&Nq{VadDhBakVh9kME#hMR
zyF@3=oKOktANQ&MKka=9c$L+;?!WhD*n5XS2y+|~qF@pRMKlRMwFz-J5J1bI6+CSq
zh|R!YBHDzCfoOXo5f!Rc;XDnb=k}UdJk~m3dr!sm)QeKB)*fx`y)CA#mq9Jqs=*`X
zzTZEPFJGjKzdH#TzB~{7|GU@pt#`faTf;vQ_hTEEfb$)nwO)MioZN=Js2|Nc@4$Vj
z4X}Sa^0RG)CcHMJd)ui_<V&3U+Z|0%8={Xkd{JnEv~U2nuEjm>FVWfxbD;?Od=$Qu
z``;As@A+Tyz2t*wUd7|nSVF#<;?9PTwEZ;7rTE?)tfhe6AC2*r#=)`w>^yJuYv{NR
zoX|7Fd!ZqF4v6{Q+n5IgO4nwm;29+Ax|A(J_}7O}kNtRGC&k|bE@^xWmoCkw`6#Vl
zM&g-IytiT>`C`Zaj%ut$8sf{seK%v^e-9)4RQ&H~Xde$^+x~Yy%A$Lt=vjj%*yWYE
z4Ch7Fc)w97C5y_S{dn??k7CZ_jdkQ3>E2hmzl+NK5q$T_d_I-=x>qLrg*VP|-%ay9
zswdVX!;7N9Xa5uJcd~DBkROkvIP;C^fiblu(A%8nowd-rs8b!SeKCi`z53aBU*wUe
z-nn>7-8TdFd$sB!ShJx`>XtdjiKs)}+qmx#b*{S$*PGy%Z^3@)Q|pG{o4sT9jYZ$v
zfO##wgQXH}Iv&rT)0p=E(ASaXNz#6DX!K#yI^Bm?1HLkGuk4G6%XLiLIKGI+Luc-7
z`y%N0Zg6uTIJ%bn+bHyd?^2rt#vG>i^A*DfS53e=1?M%eo1QU>hrfOw82hP*b7AkM
z;??%|h_8Acdk^WjPYCyj(ffl6Ft(6iDM1=s13n!6X6-gge+&N6_W@{LR*PraN|CM#
z>FC{&l&%qDoqatS+N1is=(anJi8SxJ7506IGAIvvpI;_0?vu&D_rEjpac-x9X7ZsK
zZ!9f#=TaYn7s_LWokz6MD{BwN6w0p<Hf0pwl5M}!@&UR|guN(mT!1!hMjK7Sw|lG5
zFP7rGY8U2WIO2mhb~rr;N8xsTz}X|P4dd^YA>gYH^~c@?-fdBmeGPtVM4bx|=Md_g
zjylhPt=afTHrxT8C&50d57mo)YldBPzb|2m`yuYdqu*0KdxzuRp1V*c*?{m8yj$c^
z%n=^Nvtx9h;eOciW2y(n59(j^u2s4RI<t6PJ6}Ne9o-K-<YG^A@B6q`hWTa~_R#zS
z-*1FJ9P|XvabHm6P_CU%lC8N0v>A;Bq&f1N4`ZHRfwkO=Xa^dD=-R(GAMo@y2HK<c
zc{fV)f{ScjpX}Q&#0}N^S9ZT_|J|2S)F0Dw8y=y)0G`L=KF&SFJ<S6e&@XZR2-*m9
zfqhlzPjTRAF1~LwDU7)bo^7YG5_@9yJrbBt;@u~B?+m3wyR5?8;W@0O12~UEya;@G
z2JY|l{P`r<fAKV|58#(`;K!#T4!vuBbs(^BGM<T<hjMU_#nD&LukifszNZ8CY-=SO
zP|mJkr1t&L<i;Q1+3S6QxLUFUdvx~x9QlaNcxN4zO?J>8AK659kPb+XFM|Ix)RFe}
zsZGP!GbXO--g2^&=C#xwuV1)n+ePUAj_<~IEXZc~#CyQ|-r%TOnumDLH__bQ`+f}{
zj}Bw4;jJG|Hhz8HdVt11S_@cML(p86)*e;CfbH+2MK|NUtJHS_Wpv-(bi9A_N%Z#|
zYsBH2MEhMMi^7OQ?;u<XKSb{zOrhgOXJ38*>Pc%7npe>?DL)!*9ZUY8^}$DwM+4Se
zG|wK7@DT1x4%+n})kteD3V#vv6w=-~;42&D?SLjS;dkj-(NWmfeB+A~w(KnVdUh)2
zsWgZ9CAfmWeG2a$g}=o&TG0+4!{2_4HGQjlk1^%>5$-d-3(u^5dx_O>Kb~o8oBNG!
zybyW(H8=u%XJ*rLse2Ls+qYW{HHcsLRc8$r#qU&)0jM{x+rgtwy*#@=Zw#aH>KNAV
zEd@bbTM1$Rc7XjotFhESFkTTK_|^)Z8611~V%%q)3k_ys9`MHPDX8n(>}t2JxTnUh
zD_y^7#rKe?u788SF9L6M>#U=dO@r|s4;qu4?>W%#^xH>hgE8Ql`n>a9Seh@5ZXCPV
z>E|CrEIh-PnVp6?RRnD^8*399*GSLw8;xc3`ya4oCqGPU_VlmdzG<{K`P&>CPiPL0
zwx#x@wxx9oeLt1jHH>?{_uyG3x&}|rG*O=P%!s$XOU5-(3-|0=xM!EbUdNolo0rpE
zoz~sdUSrWW{x@u;elZNT)uDZB&>uUNJJK$f>QDEZQ@zsz8<I#@#Kj)WySP8&-yoys
z6F)>-{q5?Y-A1&>5yjdt4*j7DK8(J<8o~T=NFY*sH+)bXw7(JSy1DRSo8dpkV;)TJ
zyW0=DE`Xn(3SUOgXWwM)|KK&uJ90k5J?jWNI{vk7(}D?`eu%jOd>r1fG{jy9()TkS
zfX{g@7(Lts9i(H-%Rw3BE6I0kf={CPeF3dyFt;cFG1*<qP=BL!Q5tw!@A9+*ZAU)j
zLwn!G`TiBhi{ZCvFCl<B;yPI4Y}iZRC&+`17WR5)Tl5|pv^8wliM9?M%RTld=<y2F
zDdTAC81hTASRS*Gp1y%V^IP&$v+)ibFa7hB9(C~2Q`&LJgY@zi+7r*qH2wxhew~Z>
zC)=ox1j#2^fx|)ggr!(}gGXon{IJ7MxTr9jd{F>g6^^!!El2wgz;D!FTaV!TC%_Hp
z+tJ0jGqCQRQGmEJVN+zW)$SQb(yn*SWw<@Ao&5Xl_T1jJ@3$Dsazc0?5H#|2*tZwY
zz}xeCl=D0^62>#SXFwx=!<-K9?QPrvj_AGR|B7@p7u|^Ub+f%EI;!zuv>*K1lk`sO
zs!)>M*FOoJ(YP4T;!+v3k9MG>(ys5@s4vxR_OQ0O<#deo?dO)XKjW-(Y2N)Io`I#k
z7Wi%G;|lnt%W=*3GF<b`!!=)ePx}k@H(H$ihtCgx3HSSd-gD%{$ryJYz7u2LUr}G|
zvtf^j=C`973sJWk*b6_0HOiQMFQI?ZI)(OgXij?2)%QgcYVA5WdqtFXWaDVeO<sWQ
zv__$MF<)yuMf*h9&!G7X<>{<3oiZu!-AG6KL>ur7o9Czbo|?TToSfT0{eZ^OWDD;B
zKpV{|UYcEnYeLIN)6hT7*Xg|(DbS<6=EOWBzqq)9_5^Y7eTBVdL_GYKU5onD`0T}t
zVm^}Wt}FSqJkqy?{;~|V6=I*w)~-8_e#zA?`8nE4Z9jI7uzj7qe}d=NlOGP0QQgCV
zO-VGLAiv44HOc3%segHUU${52wia{Obm$55@?&@(MeQccZ|phu&z<^5?RmjS_xtPg
zemKm3pzn?7M|eiresAzzoIAQ{`;K1@v{FzUD0>%S1v@cs0G9<vkq*a~Fo&V>wP01i
ze#WifJ?C0X<1l9&%fLE==1+~_awGg-6|V1<Vt)82#v+<GF2`|mqV?KTgwcEU-Fc(!
zQ#YWW{1Se*74NjA`Pwh(T`RD;6*kkpQwel98NYoe5ZM=p^tAu*9`u(C|2h)yM7ai9
zS`DA!y_@1Ha5@JXoM87KXWuD(>OBj7JsRKjfsND-RqlNI7WBbPq{lPG?%tKN=Vtq8
z=yas3N9w!jD1-JXoc3zt&Dm3EKd;7kif>E?Gicu)V`mwCpOE<f8T<vt?TiTQSdRG*
zom2myYgYl(DHF#pqfENivm?0Y(xrG#Gc3ZdcEcYD=F&BvXK!9)%~<;-YsRe!^u0dE
zF8cn9Hy7o;8XC^9%YqL>#`lj%Y42BQ9z@qM<UFYLvV_-0Li^MQ?#F)EhwzObo#X5w
z;hQQ?(tM8QInUsH!&h?~9zs9ZgSv(ja39P-tb<_NT-5(vJmXLN9m4U;c&|wX{?Xdw
zH|s8Lp>-9#6Z-+A!wZOCdvo0_EqEUY#;*~LC?7ts?c0{lHIAP@@|(dl7M<Mplif7N
z)nHwpz6j6Bqa83$&4{A@aoCf27j>Yvc<lIPudgmyoxLk!CF0$Vc<=tW@>PLN+rqdP
z;Q-nxerN8Cp%`nQ!}Z=K)Z-r5{XV{@SF<>)<zu`bnZ7^w80<cX-wq+qS@!Rdj5qPj
z&w)YK{Db(7#*^%MX|>}}F3sC$4-a$V`D4$qUi$=`;5#fAjl|rF)_4z~Z~x@lT=<4j
z_>ReCuhU$x5}Yl?9$Zlzo^gT=4JEf`m*8JoC_D%6{>e|9us5mbc<aSAiMhuxRzHcc
z_sQA#<{j<T-Cw<J+n-@$&8Mw+OrFZd{0C(^yng=J;pqD0+(yCchq%5)nxJo6N3oyv
z5NxLVcA}VzW<U$G!5h6-5AWD3T@IV0;4mNWp)X0rd<Ffz3H>_*+;1u=$({u6^T+Q?
z%J?iNGa5m9?8Q>L^l1+zjYB%@qvL-5+!>QX^uD-geic1m1V2dM5Wu}SP9K8b{}=G|
zAnd?3w#G3#tQq$Y#`DdIxz9d=wxB&KS|4R0KEAJ$LHQPgGs*+=jFI#{&L1Gorb}T<
z*;xw<(B66QUA33yZrxl`nmwr$doF=^yX^NuLo#;2{@Orx7Cnc%FL*)Lz5!`jhX<r&
z#SI*rHECc%)|`RiEUaP652Ig~j;c*M4`pDDn{g-<jhle;hwxqjukSC0-N|QQ-w^(G
z1Ny$@_Wemni|^--Y=k}e<E`QJZk8JKefWiEX<ax5{eLX_KlL#hdwz{|(I4>MjsL>?
za&8S;$L>Y^If#e&BTI24?bYH)KKM}_Ne}yQED1#8a>i$rUV>+9?eA~JJKxHQpbc}z
zUt)iA==vNhu_`pyzHf1FJ?#~bEu9H__d>52lb_rR?KPn9g6G#rcR}2%LUyc18FoF<
zKFO#jy&HEd+J@f4O>J`kdmhv_q)BR@v51drt&O8`{8z?N0@BujBP!G5i2CoZas8a~
z!5;jHHZI2RHH@dR;OR`4C%X1=5dZdrpATVQa(tjAXS3Dv66#cdy3&~U5x%cmlnRV@
z@&}=TS<q<>t{u#VPQ&A0OezXxXW}~PG1@~TPH4ZEbe$Z6u1V|Yw;81+*|@jT)^)y>
zokia+938;Brtv-41IV9_d%*#H7qfWi%oci|OfJ%n7?1Z;!L~OMhwj~cbC7k6-n-{<
z_{t#b{v_~6>BB=DJCk8I?#o(KgmTHwVw7v!X=P`Q{y$a&wey(YSPi&${_mE%6y@$g
z9QrmD&CmYc-1FP4ZP4!bS0y>~46kj-7sxgk!L^FANFVROH(8ixTaPE&*Q!(KeD6g2
z9N(|~A;!%`;h^<uc-f^iR@Yki?jHH49k`##+I@i?FN}N3W}#0&8&5{9Ju`4^=x7ae
z9r@wLZL`onU$R=Vh(C%$X-Qvnj7CE93tq%~GEhdYwP7p$mb^YxRs$|`Fn1}%oFsyG
z17-|NN-PKj?Kw&MC@V2CJZU=OFPQD-m;4{0vM@A|gL_Z#y^nTjW&%g?PQf|I1K%_(
zdmekH$xnssy{DY@!LnJv;rNjYDc`hFNz-SIvZf~oQp)bYHJPQ%X8M*5eb<58V}I9y
z<xSr*kHa?(R-&vrl(h^v`L$3P#^XiF&xh=LXmVx-%c_BCuRiBel#hGe!jYkN`T4dD
zBVj|*^di`?ft4S=EpB1*Dtxm6_tYilUS4+ayt<^6Ksai*#lV)V<WB=-cO%~v%d-8N
z&E==bWs|{W__jd{BMCI`4a~>0={9$1h?hRVxh|8On_ITYjyJ@P7p1rxt@+W(gQin_
z;(_94Abxt-OLKYIAv;ati8OJPZYI)QK4f~Fo0jU}rN!RmjPxN+dQSuJT^W(v5*Fgx
z&XJs%xVLBjuq{Q%x8&p2`y%VZ3-dRgyJhy`;)=9DT5ZEec<18AAzRY$EJFlyHY*U>
zPW7bplr|lC960`5V*1-o9;L`5dRus5De@>;TvG8U(w8EAejuf`1kd}%A&=P;;<l%!
z=T_!e_>L>mhgsT;&rLi2MA}*7<F<#9HUoBs@vol7eJl6byRe6hZx?3dL!bGB@oX*b
znc9guLDTj+iSA|b`obp6J>b`z`?e5oCUi{UR4=S2<`>|%6mS^AvksWN+W32PjT!s!
zd*B;$&ceO$bi`bDCyvo^*8Dl>b65wI(LQ@A>R2-2rKA#k1Bk9$QC^fc`ih<J&#=EA
zLB52S<DB;QH()(pfP8c5h<umf7(u?1+<cqee2XW%nAGse;H-1pe7!nF&w`z()6byo
zjLNeU>G@syR#7sJhjGlg824qNj<n9f*cZ(RSXs$4@XQLz$$)+N<M$@T4cN4Rp7Y(0
zvM6ry6s$=Qo`d5~9BKUZ%8Q^p;`TCpr*<~VqvvW4vhoVN@-Syf55z^WhO^7ti~d5_
z2-4m1a!?-bzg$!>A9bcaI}gv{;C(s;DDxooI~=M1q2Jl<L*W!J2l1C4#ruE|e#nhS
z?~hs<h}w29h2O|Q+yI^*qk7u@0PV98_7-72?A4=&ozpvu^5G-G&~`Gk4Q;;aX*2)h
z)*}&U)9V}fFzKuL&~-X=Jsa;zh@#EY#z(h@&&sVl*jl%M<^!~!Qv5NVY1lY<OWHuZ
zy9)OOMXl`%A_=1sX+F3U^}v2iWq1O{u5(9Ew`S%JC!NGp{<zaz{`k{de&nn@mEm!F
zDsu)}(`-HB=<3Jz+p%y<c~ifjye+hC1Y93NTT@$Zq_(8{zT(l(pu?Ek5kAfuHDF<^
z`B;HHm9gd#4s585tk2z=c12ok1pYexiV0iLA8~&X-Q)Qa?9qwu@P@F*;P#<(@bq=e
zGiaZmuW3K|8tv)*+}_iZed`hQtuXr5p{fTGsei>$|FWWSD+ioaK5u<+A>Mb0?|Fr=
z-$3gze0LUp=eeDe$}p}i`UQM@9qti2jC;i!?y6ld>ryK*{r~=?JhHxFdt6HOg7o9X
zuTKiZWl)?_JS#!>D9ye!xUliuyB6ec{kQV;^^MzW(U;SYFMU02XWSX|9MUZKD{ElQ
zwpZaB;<48pw|G^>9|oOO{>HiyiB$IfP<%!S)=V_E&0Qb29nT8BT8c4kW%0_2Ypn}1
zhqSa_^t6?h8ISOJQ{uPp!n>b#4Nu6r*19Qk<#6kwrxTWD)_nzI1LjTd1@BCZx8mcT
zgKvEgWzoI5$w#7POX-*rSC)d~yu3RXBwO*NyRZ+n19PT2_*%N3X_x!^yWsr2K~9`0
z@Z~s99Ev>uFb#Pk4f*_GXve<{AHU`CW335Caa}$kI=t2jCchEC!c9kcSl_bC`2~FV
z6!-U~;CLR+M`8SV*)5O8te3BJ(qW%+(W<4+Ir-d?h?krYXJ3~|9*es%kk`xDH~V+u
zGT`J-@us-v0hIeP_TT;|!Z+jiKX81^E@x<IF2;%Ei{i@OL;C#~BkE8e8Y_|~$JyVG
z+Wb#Wxf_tjs>_}8WjNoAeY<Z{en__k$9c&2UL51GpSc;wml00i4R|k<nep7fapmK|
z+2$F^iO(&=J~`DFdl+{hyk<7;ErCwb8p3DHfmXuMO?dsI+r!XG`s8ZN^&)XagREys
zb5c{Jr%g0Q?2Mif#=8~jhGO0f+YVmjqzfZWQPg@CePzMLC@V8ilv#uEpMEEwQV)*k
zn&VW2QJl#*el*}qnPKEPYf5-~cvNoXyY{#<q%;NgV=nhN-Xpd(A7f8={m_M!$8`fE
zwKK_2otIldd5yywGzsI86~Y*VF^TSlvd5(Jb1V3mR1+L?cv*BzZSeWJZMcS(@h9xl
z1aY4(_R1f<0du4o_)ca{$SNC)d%}JI4b!{!@521zgl)r5j0vUG)^7w8vS=<jdrD+`
zdVFr>Z0vP>CvaU`UEuo~f>`roe%FBKDKH1K=R;J7@zB>J=(p5==O8bv->|=d_XS`-
zx2x;?bKGA}b^cG3E9<-$<-?AxFVMa+?4<9jd2`7>qMd2(2wUyBV+tKH$D4^`ays@4
zaXc{x`wgz8VNUcm=5e$KP4k}s+LPuvq(z#8rQmmOzV|)MZ@l>)&GTr!_b!e!-=lq=
zr6{`=^RG$ne6I+3oG8nk@9jbP_P&x^29>qZEo&mmqIuLZ)S1%JUWLd1KKvHOI+WU?
z2<?zd?E(FN8S(A}4>U)kbTnsMisuvLTn*o}vFB<V;M1s#w<#{>YBaXunHd|?T#c@Q
zQ<)`4S}$sbwrI{q_|RVlXZ{|T-m~`({sj=v^lshl1I|jUT5gqn8*PPWb#M*r&IL7A
zINA~#fOq5NmhH#$1s{b5Vc(SAs~f^zUl89O4d5FpRwLaf`B(gFjkBJu0H1ZCafchx
zHn}0(7l`{E>ql6xC4GwP?>{TpJuA|Zb*4q{&bLNVIE4jJW}+7!cEWE9wmee<{lAHQ
z5nO-Fp!eDC$G!NpM%(eT<lPOy5r;QMN7SaG@BIn;subss*vm_$_X-Ybd1eIeK`8p{
zw%2R^yY<QG$p3tl_q&1CMODF3hjATuQ5C*NG6%=mn7`7T74P_Z75jdT@Kdj)V~s|0
zSQ@wP#&|`0WPiZ@BJYKUHa4RD?_IZQ_hY#3bl<wwyN|99kC^t`vWmpp!y_*IZF$AC
z;Q6)lE6XYt1TUyvPziit-1d|~dn)JSI1R^SYk27{_=224R#_>I_pO_<``&d^cmF%~
z%J7`p(f6Of$KIn|2%BlIhW1sRYcwanx0vP|pRVaR-zW%=E8maxSsLCiyASVin0;<!
zA@q#r>F{1=jG>bU-nk$i|E_``KR;mEdxAqNF4&!qy5XLZ!$+`B6~#5u;T0vj>3*3_
z)L%25eYe?&6R9ZPor8XwKWfvq2=?!Tq3o=@P;OQn@}NEZoD8hnux~<XEIN)3mhHh_
zY5G+7MO+U!_+VX9dSF;a`e%bPo2*%xIn`EKEy_s$4DTb@h&43MDc|A9?{~;A^}qiq
zD<0?cedQrIzCmS7boQDk9+mqVemfXSX#Ayp3^W#6W9|L6DsYK1kJjRu__=8FU1;<3
z(dKtfesIA%Pj6mu-t4UlMq=zIem=mz1Ne6s<Hp_4!Y*iGD75ewXyHh5b>i^J)rmXN
z*Y3b?fBNLP@;_rfcH{4!F8`Nvcb30?QFY?|PfXlG_w2-@%+~rzrDMb4+QUt?Nv%P&
z`S7|WAB47Ui-vGr0UVB|_pZRMrxNje2JRz&8vgxFXz9V<e!b%3U}o*^%CA?9$r-x+
zV`!)Gc<Ymt-zw;4aUl2Ew}Qjt3Klx=in%0|5LYnAc{V=t`oI})B!<qQdR!a8dsD&1
zC82?F*H;A>R()?$8SQB-!5;3CszGNgiQ6`!AT+p?)}L<$N5mDZ!E@6%&kQBS(e;e2
z=zmKl?y0;a(31Hw@P$?35nG}21;H7$Pe9)bzBqI{g}>F(nl%=7jyn%)j5urBT=;3)
zCw^$jH!83Rm-vM&yblEXqj$hBFUiT>x@}NW?UKQ{m35({(gRp~t_z(Rw*=2CFA0s^
z_t3g^70+T0_%PzkK%8+o3Da9b<1(;kTvm&3y9Wc|%yCuWg%2;Tte6qXu6?!=N0dEd
zVeX8F|28a(>U|yR-3WWB9p(I*?q~RPjWfsQ*LLC4@V;=XaSFz8Ygo%Oly>Cc>#~*(
z#WfvVkD)zt(#I^!@h$YJblg9^0nZO+pe?XI&MG(_C@aNx0ch{5BtXxu;66jxP;lJY
z`<lCc(874^OWhp^%%6unwUvmoYM?bEAMxlKSHVnY?`!V*A$Gi>6c>A6^QH`%eie(q
zI)dx(NJBopVCLmzC79#RU7vU&%`i%by{~y!44Hlv(q4_Un-JeCkJ7J+w`RP8^c!$p
z<RHGeO5Yq0qkeT*!)<`?rhD*;+<NAtp1JS?b5T#K-@Bi+X4RptD^X9%ldenDxpmx(
zI+ESHP{(^v?ka?@Mjhv%e7pmHOdaZY2>RQMI#N8cbr<S*5A3{`#a{y(OOb}YVOoql
zCgGf(y{kigGf>~nsIQkkf$~6o??HX<MLze5d~QNrYmxpJNKb8FRg#AL^=O^dWUsUS
zgu2pLN#o?n)@?NIVJxJv4;l$J7FgCX=UvXpjhOdk{2A9i-@#hW8xzmPI7HWBQU<g<
zlY+80e02Md8u7e%3a*dPH7WWI^4s|KGF{W7d+&H2qujI>#z5!Z2>W@bjBA`{z#4M{
zEzfL(zoW4CoM+IF?hS6(hPlQuniGt~*g<>l6ut%F&b8{c>!y5-*?Na%zbE|oWq3y@
z#?j^QYjl5)$I1Ufnfq~1zWvVcJDg|8I;6q)!P8(3V@&f$QBM7-q!Hyja4KoO+1|FA
z&q;Iq8_(JIkRAWV^R^x&K7#Q3g4W~1t1mm25Il2B3f6<kDWU)J{@G#QLRhL3X5&r3
zc?{nJT*&ZN;A)1y16<GWHsB_PzYE;Va6NGFEZY{lyzc|2GTaE9$M9pog$zFdT+Q&)
z!1WCO7`Tbyp8_{C+yopvyRG~efKwTM2{@18SAYu{{uOXF!*2lBGyE2C6T`m;Zf3X{
zIGEg4{yV^_3?Bl{WB7gGLWVy8u4ecn;ChBX0d8XWGvH>1gO{WHl(zB*0jDw?1<qr5
zC~zUeiNMtij|Q%1I0?9k;j@988BPTbj&Cb}B5*3h8NhiAPX#Vy_(I@nhBJZd8NLL#
ziQz8-H#3|E987I1|4QIghVy~*7`_U)kl_Wu)eK(?T+i?l;3kH@3f#<aA#m`Vw(@TT
zPGz_RIFI4gz=aH#16MPAD{wu->wudWz8$!k;cDRExozct3pkbGO~82!-veC8@K)ez
zhQ9+`&+s<jCWgNY+{|!2a1i^A@I_Al2To<U5jc<G$AAkNege3f;irM?8U8VF6T?3R
zZf3X%I5@Gb{1<>z8GZ>kkKtE<3mN_ua5ckk0M|487H|{8zXxt+xEVNjUR(L^0H-p1
z2sn@7_kjx;{s6d|;g5jp8U6&giQ&(Hn;8yXf%4PZ${z%r%5W4okKv)fg$ySGS2H{s
zxSru8;3kI825x3J6*!pQR{libRE9Hv^BA5AT*&Z+z|{<A0@pKq32+m`Uj%MuI1f0O
z(N_MIz^M%91LrY(6>uTL3xKN`z81Ki;U&OL41X24nc+g<;H0+lZv;+dxCA(l;nl!}
z43`5}Gkhy>J;UpOn;5<wxS8Q<;Nax8^1lU~%J3%OJcjQ9E@XHsa5cl<0j_6w8*mfD
z-vw@FxE?q-rLFw$1E(_F2%N|8W59(BKLK3L@YBHc4F4FoiQ%6DH#6J>9Gu!#{tLjV
z48H`N$M7q_g$(}+xSHWNfa@843%H5l-vc)@+zcE%zpeatfKwf8>7O#73@8K2fHKfS
z7{K0={wV`p%0OppO!JGaxs*TU&kqBt7e8!ujH~>0<iyV}%AX&$I>zm6{yLVRzbFIB
zfHI&AC<DrXGN2471ImChpbRJj%78MU3@8K2fHI&AC<DrXGN2471ImChpbRJj%78MU
z3@8K2fHI&AC<DrXGN2471ImChpbRJj%78MU3@8K2fHI&AC<A?mftyaTD)+TIf8OyF
zlXZyJ-Q{&KKz~pMlmTTx8R&Kf@Xr1dfBc+&l=wu%ZaCp(^K-T9^U3EN@$=Ko*XLWS
zzxEXdxYqc&>aMS}u+~EvPzL%c1KelxbE>bzeU$^PmzjZ6eODCM3_mxQaC&3()%x|7
zdiADy;5%gY-|0{^zN2*FPxe2Ft%MU%yY!?x`RIxD|3}H~PTo#tBi9T+x8vg@qCNTV
zbnwSH;^$q>7cYyS+vRp*Kj(S#^Uf}(C+n&+Y~$SVbIM!d&M5C6&4b&*&(+R<j8V=Z
zKksRL{$sV%RK1-6u1S90UG?H+@^dY}yBKiF;oS3c3YEAsE#rCf^R6zpGwYyvDFe!Y
zGT<?As>?5Lz3Lsk^rmB1=a28KpVD88yYJ;4Pbm>1b#?xyx=rEPVdDRQTTkzJs`b=(
zJ(mH#zZ`NK_VcXmj(Df4S5JT5@$>AZ-#lHPEZqCu>$l#~``vV;Jy$+g<L8t%c&ZM{
zRFH-%1E-Mz-uKB2iKS^YOz_`K@ntx_mcjG!&Sn0l_%i<iUPdQ5%KT07W&S36Wd5f3
zGJol3WHn^|ruZ^{iB0*N;>&Q8J+a!~)%nZ%bT&Vle|ttHAEy2&^<#=J^Y88YG1WI#
zeoX#K=5LDMzO@x81AT)5=~rZ}WWVU__%c6<M+<|_5m?4I`4t&oWY=!3L}4<%$?wYe
zesNdZGgKBJu(VeMTasTHU+P7sm+@t|OfTb0EYr*ISli2#|8Nl@BCyFG87{HNu7e&;
z@n!vGd>L*kPwHo|NFehU!N&e2^(E8G{H0z@@lD|}e~BeuGW>c`z(Rp#e82X~^dkEX
z`jFw0UsHaAL<Xk#GF)QQewU0ditkWA8DG}VlwO8Q`(*wyz6_UG#vdqtFvU0NO=M@}
z$8Y=;kwEe*?T?E163X}z`{hTbmsplRO#C3@j~C&xf6DmMAByB1+Czq$`j=^YR@xIM
z3NVdFvD$Car?gL)XXMAkzpS4re`&8Nf0>_5FY7l#B#`|<#uw3z<D=jBvVJmstoFpq
z3<Z|?%lU#y|B`Q!y-`1Y{kbep+AsZ|UwcgX%lu67ZxaR%5m-P=`UhE_jGrnZ$ok9p
ze)T5(y(rGuzOp=NkIYZ%PsaC)i$w#ai2`MQGer0hfo1$u@x$we_|o5q=pFd{im*Rj
zBoM`m(2nb4Q+!ce2YdcQl(1T0Q~oksVv${k@@0If7gKs!KT~`eF4IeUWc<$7{~A$1
zp1{(cSo^QcPhwd=VNQqkli^*>r?gjMX^*UrjQ?wq;5LC}d=YG%Kgjly`AIDEH`y=a
zo63{<$@J2m%R~f;Wqc9c$d8OK?UVUW5DCT!EaS`ZQ$&wh&r<KE{H1?0wbxl9!wi9C
zeMPWu{v}^Be~D#zGF)O)d>L-igN!fR!*BVW9lxj9BkL!z<Wq)A+|}z@X^)A|Z;Axj
z0!#Zvux09xGQP}DV!!d_`plF*QACjCOFUP^mr%y{JHM6bP5H}kQ~UZ|PgRQovILg)
zUM<2Ul<{S_$zRF($@DURzwsXw8JhOP{pRmCzSO6QA7Orn@mcZ{YkXNBQ~oCVP3udU
z|JkAfGF;+|MSR&GWc+dwf0n>9z6kcszh6FO`4Y?gVzp1^FXua^{QcS^_0rk-%kiqS
z^OyO_`b$3L{<$f>-~45K*?!U<zx$;!y(~|L%let(%lW@4zF+;w{G@%-ei>heODyA?
z@;9Y7g?ILTvS0gUeAyn-e#wVSFXPMlnc|zmW&RTTO>c^C(z8sjSQ$_TlmTTx8Bhk4
z0cD_PFd*lxa$P0EC6@C{iDi5_kCx%xjbpW^XSAYPp$sSk%78MU3@8J=fdP5{SFCuV
zsC2CP$@Eu>{1vw+MEOuYI0OA%54UqNaNghf(E7I*gz}+$a0XNloDKDty-g1~-l={$
z1Ag_Z`r+)U|MROKjj#IQ45%JB8|qK|>Y=O0BbmR%e(lxxs&~$S>VdPN{!jIwdf*JG
z9ylB7A5;&j2hM=%fwQ6h!K4RWzo=d~117y_IA^Q(`4_+a-EVx=NAK2$wx6~iXF&D9
z+30=#UfWOGk29cp;B07rRz0X5I0LE&&W8F2)r0DRGoX6lY^Z-wJ*XZy1E*ULx?jm#
zL;cg~)}xlMdgKhK9ylB7pHvU32hM=%fwQ6hLG_?|;0*M2J($*SrtrSbkJgX(1|1(%
z4}Dt?>hJuuZ*S+Tx7)A&NcGAYP(5%qbiSf`P(5%4R1cgD^$)6to}~w!kM^wg=<oeQ
z^{9H}4D|Q@p!Mf!(D{?<LG{2H=xKV;@te1f`m3I%Pqjz&$r(^Ra5mImsUB1hoB`DX
zXG8si>Ou9u8BjfNHq<|;9#jvU0o4O%L;Zv5LG{2HP(5%q)IX>mR1cg1)dOck{X<{V
zgI+IGeRBr-n!dF@ymfoO|5kt1x7t(tr?w|&K=r`c=>7g$+f&<<GoX6lY;=A9*7;KR
z@~!$-zBvP`2hK*<`#a@Z`Q{9$9ylA?|4e#_b-om9dXs$`-nn}2>Fs5*&lIkD>0G@i
zpWVx+>braSR(&hqoB`DXXG7=Dst45rXF&D9*--zWdQd%Z22>B64fPMI2h{^-K=r`c
zQ2)^1^`QG*+8;Or{k=bE{ka-+eCTa@P=Bua<qY&T{i?mZ^?IKF?dkr-WS=R#yY<)8
z?CI|MYk57pziazw`)~$2TMz30IJ-S>yzlJx*8H@+IRmN(&PM<1|LXtycl&Gq*Y@WO
zs2(^Q{ck+b_V3y4FUM<%W&6o+iDi6={l=H+CGPC}Wd4eKmwvUqdUkth`)K=c226VB
zZ~om>UsJe=&(j?qtNk*)37_uzYWcjkcU=F-_Ur9@$@)kv>nFn{mhlz;eLX2Z$`5Ct
ztM#D$m9yQ^zjrnNn!obT8BjfNHncyg9#jvU0o4O%L;XX4(?egIulBY2^fx_rc6~cr
z52pM~;ePAa+4=b`U*qfe$Qe*Qa5i+lq<T<2a0XNloDKC4s)x?igU$y#mrvE_>E%=P
z+@62sqdgzmKa~&8fa-y>;eUP^tAB|#y|!O$?bp-zQ$6&p_Uvi;QhWUAtH1Zh{$79W
zFaG+Ai7(ZY^2r%cy>K@CuRl!uX}I#s8BjfNHnhKWwH|ugcyF>-hD$8@G=<Cf5_fm{
z&Mr^pC$X$=f5)B8kIYZv{?2z-*I)V8@s=~t)q2zXIomqF>u-AS>u>$W?`?ec_4@U;
z_E3A(KXV3D51ftOKVGZ9ZQq{V%}1=|$@CJ-{%Q)B@w*%Mbo*lEqr2<Z-R1e^r>EQJ
zw>}!by+2hxln>5;>VdP-`{$3^p4y(A0o4O%qx1W>oG(di;@@w4Q+|HKPj~r#?bY~Q
zt7qj``Q;3#9ylAFKYl2`?fLEQ@u<7Y>+kJt;@cG7*ZAvi_0{%k@9+8=A6g%6U(SH)
zfwQ6WN7aMsfis|b;B2UWP(7#~I0LE&&W8F2)r0DRGoX6lZ1g|>p!;Y2yZyEQYx{Es
zR1chu{x=?I`)m7i22>B64fO}A2h{^-K=r`cQ2)@|^`PtFuGO>h+qL}m_Wq~#t3Egb
zst3-7&M#CCst3-1>VdPN{-LkyLFdn^cg{dx*Spq_x3>CslOEJRs$Mt)CcS7lXG{Hy
z>Ou9u8R%*~^!M>f)?ebT=3n#YYFGcSdQd%Z22>B64fPMIhxU4q<F&*lzWl~F<>xp2
zbeHef-mZ?Xe6-hhSM#m;_btA)|Mac))c&dM$r(^Ra5i*3pn6a}a0XNloDKC4st45r
zXF&D9*--z`-}RvDW$h1~f!@|1RKL9S)Sve@{i?mHU(SH)fwQ6hO!c68;0&l9I2-C8
zR1c~L&VcHHv!VV$^`Ls-45%JB8|oia52^>wfa-y>q5eVjpnBj8s2(^Q>K{}Ost3-1
z>VdPN{z3Jidf*JG9ylB7A5;&j2hM=%fwQ6hLG_?|;0&l9I2-C8R1c~L&VcHHv!VV$
z^`Ls-45%JB8|oia52^>wfa-y>q5eVjpnBj8s2(^Q>K{}Ost3-1>VdPN{z3Jidf*JG
z9ylB7A5;&j2hM=%fwQ6hLG_?|;0&l9I2-C8R1c~L&VcHHv!VV$^`Ls-45%JB8|oia
z52^>wfa-y>q5eVjpnBj8s2(^Q>K{}Ost3-1>VdPN{z3Jidf*K7Ha+O~MR@C}KkIG!
zReM#xoB`DXXG8s&>Ou9u893c~(D@c`4fRi_TaQ}4>X9>`df;rRe^NcD9ykN42hN82
zhwj$Hn)dWtryG|Fdu|li6fWcY#ismac&vD$sGqcVtq3<^nZB=K6W_AFGQJEq;njkF
zzxkQs%kV{_yjZcUpX}d$^(5m@6ZZPW(!S2dl3!`RsXUop#+Uk#`7aXu$o#Gl;WGc;
zj%9sK^^yEZY)T(%xNOf@^NTh8OrQGj%Xh5y$@Hf3Ww^vLzwX8+dt`r=dXfEIhMV&5
zY`xzq^mDqgsXa~hnbON}nV%_K#y4S^pQ(Lie2JxAWO%Ik%ls6#?;w8pknQ0Y`z_CJ
zd})vLFVbK6&EIc)X^%`V!zDJ^E8|Nn%ab_P_%gkmZ_D!hV(A}bdrEBLOXer-H(_bN
zj4#7`8kX&2vj3X)?!uD%N-XCK5=%Zz<(tA~ekLr}Yn`3Hsr=I&F8hlKo9vCXKS};$
z#U^`Y{-*dcT&DMnWquON{ABp)#<IUlY_ebKB~SPlzx9*lo6?)gGubcmm+?(lrtfK3
z+Ar;s;j%qtxWqEQSg|R88SWR$@k?T<zgWZl=4aw>t>|A}jpcknV!!;$_;UUt^(Vt6
zHpMsb+0()$KN5Ggy?*oe8^62lHQ6V_O<3A5^(V(4zxm1d(qBj{?UC5;evj-wCM@kW
zVQHTUoAQ(4ru<}htm$Qb5}Wdu;SzUtelmZFWqA_E8sC&&_9v-7nO=@}(q0ob<uA)S
z-B{MgWWS6r`IT7KPlm^eW&YAW87{GmFR}D@GCWqj$ox7R%lew^mGLEx)jpY@2~QOB
zQCYs!s~j(7e2HaxiKTrqy~HxU$sSXDX^$*VaeIL%AO84|`jdK-;S$UFqYO8-hu`?7
z{5m^auFw7EZ>paR_lu=Jm+57=3Cr==Z+-p7H`(JiT-IOOBg0KN*7P!eQ+|H?pUl6z
z+fUX<VriemGQPy7__BYRu*^?lzj~ALrTr31`($`e!%~ln+7B<5v{&*e!zGsSW7V&0
z4~b>@63g->mhq+i5_ffcSzc#jX}`p#@?`v2u`Dmv{Q6sZ*`H&rf2{3cN^c4`)yI_H
zuYZty$^0dj@%`dh?UUt6`%KuBUWWH{Y|@LgU-BcvC6@P#$Z&}l8OBo?zpJrnyp!eo
z<wsuMixr#NQ|2%C^Gx>3@XnsU$^4}rWc?(T?O_U+<(aU|KUOTulljST>HlQ7OfRwD
z_%gi-o9vVAA@yUzrt(eUvi=fFy~+Hf{W86b-_!9#pZ?ZweNFLYxb(MDPm0?&nDWt{
z52+uCrQT(D``kLBq3%ytM4XesE`EH1a}suO%fx~9nH$X->;8VMwbd^2P^R<4829%_
z<~s3%F22q!DCFWJ*PdgajdZbB?jRSx>L!eHu~(jxt7XkP(+P;W;WxU5efXJUPt7PN
zV1OHb-)QG#oQsdlOSaF>aIu$vl8eJvIpJ<GmdC>oH$3I?v+c8Z7hmAwBQ78NM>qkW
zx_GW@&v6%fytv8rpbRJj%78K;81VeP__^C)0434C1Kz;pmQ26#zmwzER?4BZHGxO(
zaGvXqA9{4gRpmi>piZJX=v_LPTfDk-MfoKubLU>3GHu$_3#MYj^zs#j#miQwEMK{7
z_198vT~U5>@tW0c;FJq3YwFEKH?J*UyR6Wfx_Zsp6;r>q`j)AMw-m3uVM_50*3=s+
zSKnN@%CdiT)3yTzh(jrgmfc+B#9mu&O)X!sav3Fc&u&_|7O|EuFIZ8re8o*`3sBg~
z6$o2%!?Lx@tf?!C3T`Z4wrWK|(G5uJA#3W|6%|NVyt)|w--rW#DZKe+=a+(I<>kvN
zo!`B4%8iOf#<nTTRuwNtxoeQzDF~-iZCmVYmakd0YQ<`~;_WaroYD`pPNFrGx2|}^
zJ@Jm`id?*Pk@qvHjPmf(d+RUnm@wRlNoCMj=dFjlbrY>aTd}tB(tGP4@3_((AiZ#T
zoR0LgHu8S=)=S<o8{zcl)lu4?hp>-WdT;&b9mAr0&we{o{C6e((OknT-&-$w$KCEk
z#0&Sz_l|RsmZk_^xVJv_j^6qdQS3iCUs!}+DK9U*xBm8y-ul}M_w4uh|Eill&(7Vl
zy!E$t^w!^$p4PxJeGz^mo4ow3>)i^w$J?GjAp7&`?ftY4CzKxj+5X!Q@2up#<F*2C
zh3|yR*-$lp=H;Kc%2`>TI9}(Z^Zu9R-zU;%|J+IM9lvl_d&a%`d--j1(|h|5Yp-%F
zTzl0pJIW6}^j7*#3R(URkv_$p&!t>`mYqP>SEm2INbl_@TyTo%my7gm<EB&o<KD)N
zZH;9~dwzi5iIb3P*pYe8xN~Hllit&roBV`+JWTSSEgo;0?Cr0Z(tGXjQ=}!Pz4YGx
zOZY0Md@mlN*nb}OjxXU?YGE&Zg1di{;HJMR;DxkL?;y*16DQR6UaSpQr`kaqu1>L!
zJ6!pAD)!3tc-)Uzy!@2;PWqJjPWt;qgL~=i%<<o!Mf%6DImZrq{F)T|_=WcJ?ZE$G
zk>1;1J94d)e!rpozac%@<kkPx>z(pnz1~Tm?Z^Q!oIkJL9zKQ>GVucM2lwcu_xyqv
d>{W*!y|TSHbPWD;iVcHaL>oC}xu^Ew{{!LblYRgI

literal 0
HcmV?d00001

diff --git a/vendor/github.com/DataDog/go-libddwaf/lib_dl.go b/vendor/github.com/DataDog/go-libddwaf/lib_dl.go
new file mode 100644
index 000000000..64f63c4f0
--- /dev/null
+++ b/vendor/github.com/DataDog/go-libddwaf/lib_dl.go
@@ -0,0 +1,88 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016-present Datadog, Inc.
+
+// Purego only works on linux/macOS with amd64 and arm64 from now
+//go:build (linux || darwin) && (amd64 || arm64) && !go1.22
+
+package waf
+
+import (
+	"fmt"
+	"reflect"
+	"unsafe"
+
+	"github.com/ebitengine/purego"
+)
+
+// libDl is created to wraps all interactions with the purego library
+type libDl struct {
+	handle uintptr
+}
+
+// dlOpen open a handle for the shared library `name`.
+// the libLoader object is only a wrapped type for the linker handle
+// the `loader` parameter must have tags in the form of `dlsym:<symbol_name>`
+// dlOpen will fill the object with symbols loaded from the library
+// the struct of type `loader` must have a field of type `LibLoader`
+// to be able to close the handle later
+func dlOpen(name string, lib any) error {
+	handle, err := purego.Dlopen(name, purego.RTLD_GLOBAL|purego.RTLD_NOW)
+	if err != nil {
+		return fmt.Errorf("error opening shared library '%s'. Reason: %w", name, err)
+	}
+
+	return dlOpenFromHandle(handle, lib)
+}
+
+func dlOpenFromHandle(handle uintptr, lib any) error {
+	foundHandle := false
+
+	libValue := reflect.ValueOf(lib).Elem()
+	libType := reflect.TypeOf(lib).Elem()
+	dl := libDl{handle: handle}
+
+	for i := 0; i < libValue.NumField(); i++ {
+		fieldType := libType.Field(i)
+
+		symbolName, ok := fieldType.Tag.Lookup("dlsym")
+		if ok {
+			symbol, err := purego.Dlsym(handle, symbolName)
+			if err != nil {
+				return fmt.Errorf("cannot load symbol '%s'. Reason: %w", symbolName, err)
+			}
+
+			libValue.Field(i).Set(reflect.ValueOf(symbol))
+			continue
+		}
+
+		if fieldType.Type == reflect.TypeOf(dl) {
+			// Bypass the fact the reflect package doesn't allow writing to private struct fields by directly writing to the field's memory address ourselves
+			reflect.NewAt(reflect.TypeOf(dl), unsafe.Pointer(libValue.Field(i).UnsafeAddr())).Elem().Set(reflect.ValueOf(dl))
+			foundHandle = true
+		}
+	}
+
+	if !foundHandle {
+		return fmt.Errorf("could not find `libLoader` embedding to set the library handle, cowardly refusing the handle to be lost")
+	}
+
+	return nil
+}
+
+// syscall is the only way to make C calls with this interface.
+// purego implementation limits the number of arguments to 9, it will panic if more are provided
+// Note: `purego.SyscallN` has 3 return values: these are the following:
+//
+//	1st - The return value is a pointer or a int of any type
+//	2nd - The return value is a float
+//	3rd - The value of `errno` at the end of the call
+func (lib *libDl) syscall(fn uintptr, args ...uintptr) uintptr {
+	ret, _, _ := purego.SyscallN(fn, args...)
+	return ret
+}
+
+func (lib *libDl) Close() error {
+	return purego.Dlclose(lib.handle)
+}
diff --git a/vendor/github.com/DataDog/go-libddwaf/safe.go b/vendor/github.com/DataDog/go-libddwaf/safe.go
new file mode 100644
index 000000000..de24bb51f
--- /dev/null
+++ b/vendor/github.com/DataDog/go-libddwaf/safe.go
@@ -0,0 +1,68 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016-present Datadog, Inc.
+
+package waf
+
+import (
+	"fmt"
+	"reflect"
+	"runtime"
+
+	"github.com/pkg/errors"
+)
+
+// PanicError is an error type wrapping a recovered panic value that happened
+// during a function call. Such error must be considered unrecoverable and be
+// used to try to gracefully abort. Keeping using this package after such an
+// error is unreliable and the caller must rather stop using the library.
+// Examples include safety checks errors.
+type PanicError struct {
+	// The function symbol name that was given to `tryCall()`.
+	in string
+	// The recovered panic error while executing the function `in`.
+	Err error
+}
+
+func newPanicError(in func() error, err error) *PanicError {
+	return &PanicError{
+		in:  runtime.FuncForPC(reflect.ValueOf(in).Pointer()).Name(),
+		Err: err,
+	}
+}
+
+// Unwrap the error and return it.
+// Required by errors.Is and errors.As functions.
+func (e *PanicError) Unwrap() error {
+	return e.Err
+}
+
+// Error returns the error string representation.
+func (e *PanicError) Error() string {
+	return fmt.Sprintf("panic while executing %s: %#+v", e.in, e.Err)
+}
+
+// tryCall calls function `f` and recovers from any panic occurring while it
+// executes, returning it in a `PanicError` object type.
+func tryCall(f func() error) (err error) {
+	defer func() {
+		r := recover()
+		if r == nil {
+			// Note that panic(nil) matches this case and cannot be really tested for.
+			return
+		}
+
+		switch actual := r.(type) {
+		case error:
+			err = errors.WithStack(actual)
+		case string:
+			err = errors.New(actual)
+		default:
+			err = errors.Errorf("%v", r)
+		}
+
+		err = newPanicError(f, err)
+	}()
+	return f()
+}
diff --git a/vendor/github.com/DataDog/go-libddwaf/symbols_linux_cgo.go b/vendor/github.com/DataDog/go-libddwaf/symbols_linux_cgo.go
new file mode 100644
index 000000000..2675adb0e
--- /dev/null
+++ b/vendor/github.com/DataDog/go-libddwaf/symbols_linux_cgo.go
@@ -0,0 +1,21 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016-present Datadog, Inc.
+
+//go:build cgo && linux && !go1.22
+
+package waf
+
+/*
+// Needed otherwise cielf call is optimized away or the builtin version is used
+#cgo CFLAGS: -O0
+#cgo LDFLAGS: -lm
+float __attribute__((__noinline__)) ceilf(float arg);
+*/
+import "C"
+
+// Required because libddwaf uses ceilf located in libm
+// This forces CGO to link with libm, from there since
+// libm is loaded, we can dlopen the waf without issues
+var _ = C.ceilf(2.3)
diff --git a/vendor/github.com/DataDog/go-libddwaf/symbols_linux_purego.go b/vendor/github.com/DataDog/go-libddwaf/symbols_linux_purego.go
new file mode 100644
index 000000000..22e52dfef
--- /dev/null
+++ b/vendor/github.com/DataDog/go-libddwaf/symbols_linux_purego.go
@@ -0,0 +1,15 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016-present Datadog, Inc.
+
+//go:build !cgo && linux && !go1.22
+
+package waf
+
+// Adds a dynamic import for libm.so because libddwaf needs the ceilf symbol
+// This mechanic only works when CGO is not enabled
+//
+//go:cgo_import_dynamic purego_ceilf ceilf "libm.so.6"
+//go:cgo_import_dynamic _ _ "libm.so.6"
+var purego_ceilf uintptr
diff --git a/vendor/github.com/DataDog/go-libddwaf/waf.go b/vendor/github.com/DataDog/go-libddwaf/waf.go
new file mode 100644
index 000000000..d7dd53dcb
--- /dev/null
+++ b/vendor/github.com/DataDog/go-libddwaf/waf.go
@@ -0,0 +1,130 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016-present Datadog, Inc.
+
+package waf
+
+import (
+	"errors"
+	"fmt"
+	"sync"
+)
+
+// UnsupportedTargetError is a wrapper error type helping to handle the error
+// case of trying to execute this package on an unsupported target environment.
+type UnsupportedTargetError struct {
+	error
+}
+
+// Unwrap the error and return it.
+// Required by errors.Is and errors.As functions.
+func (e *UnsupportedTargetError) Unwrap() error {
+	return e.error
+}
+
+// RulesetInfo stores the information - provided by the WAF - about WAF rules initialization.
+type RulesetInfo struct {
+	// Number of rules successfully loaded
+	Loaded uint16
+	// Number of rules which failed to parse
+	Failed uint16
+	// Map from an error string to an array of all the rule ids for which
+	// that error was raised. {error: [rule_ids]}
+	Errors map[string][]string
+	// Ruleset version
+	Version string
+}
+
+// Encoder/Decoder errors
+var (
+	errMaxDepth          = errors.New("max depth reached")
+	errUnsupportedValue  = errors.New("unsupported Go value")
+	errInvalidMapKey     = errors.New("invalid WAF object map key")
+	errNilObjectPtr      = errors.New("nil WAF object pointer")
+	errInvalidObjectType = errors.New("invalid type encountered when decoding")
+)
+
+// RunError the WAF can return when running it.
+type RunError int
+
+// Errors the WAF can return when running it.
+const (
+	ErrInternal RunError = iota + 1
+	ErrInvalidObject
+	ErrInvalidArgument
+	ErrTimeout
+	ErrOutOfMemory
+	ErrEmptyRuleAddresses
+)
+
+// Error returns the string representation of the RunError.
+func (e RunError) Error() string {
+	switch e {
+	case ErrInternal:
+		return "internal waf error"
+	case ErrTimeout:
+		return "waf timeout"
+	case ErrInvalidObject:
+		return "invalid waf object"
+	case ErrInvalidArgument:
+		return "invalid waf argument"
+	case ErrOutOfMemory:
+		return "out of memory"
+	case ErrEmptyRuleAddresses:
+		return "empty rule addresses"
+	default:
+		return fmt.Sprintf("unknown waf error %d", e)
+	}
+}
+
+// Globally dlopen() libddwaf only once because several dlopens (eg. in tests)
+// aren't supported by macOS.
+var (
+	// libddwaf's dynamic library handle and entrypoints
+	wafLib *wafDl
+	// libddwaf's dlopen error if any
+	wafErr      error
+	openWafOnce sync.Once
+)
+
+// Load loads libddwaf's dynamic library. The dynamic library is opened only
+// once by the first call to this function and internally stored globally, and
+// no function is currently provided in this API to close the opened handle.
+// Calling this function is not mandatory and is automatically performed by
+// calls to NewHandle, the entrypoint of libddwaf, but Load is useful in order
+// to explicitly check libddwaf's general health where calling NewHandle doesn't
+// necessarily apply nor is doable.
+// The function returns ok when libddwaf was successfully loaded, along with a
+// non-nil error if any. Note that both ok and err can be set, meaning that
+// libddwaf is usable but some non-critical errors happened, such as failures
+// to remove temporary files. It is safe to continue using libddwaf in such
+// case.
+func Load() (ok bool, err error) {
+	openWafOnce.Do(func() {
+		wafLib, wafErr = newWafDl()
+		if wafErr != nil {
+			return
+		}
+		wafVersion = wafLib.wafGetVersion()
+	})
+
+	return wafLib != nil, wafErr
+}
+
+// SupportsTarget returns true and a nil error when the target host environment
+// is supported by this package and can be further used.
+// Otherwise, it returns false along with an error detailing why.
+func SupportsTarget() (bool, error) {
+	return supportsTarget()
+}
+
+var wafVersion string
+
+// Version returns the version returned by libddwaf.
+// It relies on the dynamic loading of the library, which can fail and return
+// an empty string or the previously loaded version, if any.
+func Version() string {
+	Load()
+	return wafVersion
+}
diff --git a/vendor/github.com/DataDog/go-libddwaf/waf_dl.go b/vendor/github.com/DataDog/go-libddwaf/waf_dl.go
new file mode 100644
index 000000000..700251d30
--- /dev/null
+++ b/vendor/github.com/DataDog/go-libddwaf/waf_dl.go
@@ -0,0 +1,176 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016-present Datadog, Inc.
+
+//go:build (linux || darwin) && (amd64 || arm64) && !go1.22
+
+package waf
+
+import (
+	"fmt"
+	"os"
+)
+
+// wafDl is the type wrapper for all C calls to the waf
+// It uses `libwaf` to make C calls
+// All calls must go through this one-liner to be type safe
+// since purego calls are not type safe
+type wafDl struct {
+	libDl
+
+	Ddwaf_ruleset_info_free  uintptr `dlsym:"ddwaf_ruleset_info_free"`
+	Ddwaf_init               uintptr `dlsym:"ddwaf_init"`
+	Ddwaf_update             uintptr `dlsym:"ddwaf_update"`
+	Ddwaf_destroy            uintptr `dlsym:"ddwaf_destroy"`
+	Ddwaf_required_addresses uintptr `dlsym:"ddwaf_required_addresses"`
+	Ddwaf_get_version        uintptr `dlsym:"ddwaf_get_version"`
+	Ddwaf_context_init       uintptr `dlsym:"ddwaf_context_init"`
+	Ddwaf_context_destroy    uintptr `dlsym:"ddwaf_context_destroy"`
+	Ddwaf_result_free        uintptr `dlsym:"ddwaf_result_free"`
+	Ddwaf_run                uintptr `dlsym:"ddwaf_run"`
+}
+
+func dumpWafLibrary() (*os.File, error) {
+	file, err := os.CreateTemp("", "libddwaf-*.so")
+	if err != nil {
+		return nil, fmt.Errorf("Error creating temp file: %w", err)
+	}
+
+	if err := os.WriteFile(file.Name(), libddwaf, 0400); err != nil {
+		return nil, fmt.Errorf("Error writing file: %w", err)
+	}
+
+	return file, nil
+}
+
+// newWafDl loads the libddwaf shared library along with all the needed symbols.
+// The returned dynamic library handle dl can be non-nil even with a returned
+// error, meaning that the dynamic library handle can be used but some errors
+// happened in the last internal steps following the successful call to
+// dlopen().
+func newWafDl() (dl *wafDl, err error) {
+	file, err := dumpWafLibrary()
+	if err != nil {
+		return nil, err
+	}
+	fName := file.Name()
+	defer func() {
+		rmErr := os.Remove(fName)
+		if rmErr != nil {
+			if err == nil {
+				err = rmErr
+			} else {
+				// TODO: rely on errors.Join() once go1.20 is our min supported Go version
+				err = fmt.Errorf("%w; along with an error while removing %s: %v", err, fName, rmErr)
+			}
+		}
+	}()
+
+	var waf wafDl
+	if err := dlOpen(fName, &waf); err != nil {
+		return nil, fmt.Errorf("error while opening libddwaf library at %s: %w", fName, err)
+	}
+	defer func() {
+		closeErr := file.Close()
+		if closeErr != nil {
+			if err == nil {
+				err = closeErr
+			} else {
+				// TODO: rely on errors.Join() once go1.20 is our min supported Go version
+				err = fmt.Errorf("%w; along with an error while closing the shared libddwaf library file: %v", err, closeErr)
+			}
+		}
+	}()
+
+	// Try calling the waf to make sure everything is fine
+	err = tryCall(func() error {
+		waf.wafGetVersion()
+		return nil
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	return &waf, nil
+}
+
+// wafGetVersion returned string is a static string so we do not need to free it
+func (waf *wafDl) wafGetVersion() string {
+	return gostring(cast[byte](waf.syscall(waf.Ddwaf_get_version)))
+}
+
+func (waf *wafDl) wafInit(ruleset *wafObject, config *wafConfig, info *wafRulesetInfo) wafHandle {
+	handle := wafHandle(waf.syscall(waf.Ddwaf_init, ptrToUintptr(ruleset), ptrToUintptr(config), ptrToUintptr(info)))
+	keepAlive(ruleset)
+	keepAlive(config)
+	keepAlive(info)
+	return handle
+}
+
+func (waf *wafDl) wafUpdate(handle wafHandle, ruleset *wafObject, info *wafRulesetInfo) wafHandle {
+	newHandle := wafHandle(waf.syscall(waf.Ddwaf_update, uintptr(handle), ptrToUintptr(ruleset), ptrToUintptr(info)))
+	keepAlive(ruleset)
+	keepAlive(info)
+	return newHandle
+}
+
+func (waf *wafDl) wafRulesetInfoFree(info *wafRulesetInfo) {
+	waf.syscall(waf.Ddwaf_ruleset_info_free, ptrToUintptr(info))
+	keepAlive(info)
+}
+
+func (waf *wafDl) wafDestroy(handle wafHandle) {
+	waf.syscall(waf.Ddwaf_destroy, uintptr(handle))
+	keepAlive(handle)
+}
+
+// wafRequiredAddresses returns static strings so we do not need to free them
+func (waf *wafDl) wafRequiredAddresses(handle wafHandle) []string {
+	var nbAddresses uint32
+
+	arrayVoidC := waf.syscall(waf.Ddwaf_required_addresses, uintptr(handle), ptrToUintptr(&nbAddresses))
+	if arrayVoidC == 0 {
+		return nil
+	}
+
+	addresses := make([]string, int(nbAddresses))
+	for i := 0; i < int(nbAddresses); i++ {
+		addresses[i] = gostring(*castWithOffset[*byte](arrayVoidC, uint64(i)))
+	}
+
+	keepAlive(&nbAddresses)
+	keepAlive(handle)
+
+	return addresses
+}
+
+func (waf *wafDl) wafContextInit(handle wafHandle) wafContext {
+	ctx := wafContext(waf.syscall(waf.Ddwaf_context_init, uintptr(handle)))
+	keepAlive(handle)
+	return ctx
+}
+
+func (waf *wafDl) wafContextDestroy(context wafContext) {
+	waf.syscall(waf.Ddwaf_context_destroy, uintptr(context))
+	keepAlive(context)
+}
+
+func (waf *wafDl) wafResultFree(result *wafResult) {
+	waf.syscall(waf.Ddwaf_result_free, ptrToUintptr(result))
+	keepAlive(result)
+}
+
+func (waf *wafDl) wafRun(context wafContext, obj *wafObject, result *wafResult, timeout uint64) wafReturnCode {
+	rc := wafReturnCode(waf.syscall(waf.Ddwaf_run, uintptr(context), ptrToUintptr(obj), ptrToUintptr(result), uintptr(timeout)))
+	keepAlive(context)
+	keepAlive(obj)
+	keepAlive(result)
+	keepAlive(timeout)
+	return rc
+}
+
+// Implement SupportsTarget()
+func supportsTarget() (bool, error) {
+	return true, nil
+}
diff --git a/vendor/github.com/DataDog/go-libddwaf/waf_dl_unsupported.go b/vendor/github.com/DataDog/go-libddwaf/waf_dl_unsupported.go
new file mode 100644
index 000000000..af6739732
--- /dev/null
+++ b/vendor/github.com/DataDog/go-libddwaf/waf_dl_unsupported.go
@@ -0,0 +1,58 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016-present Datadog, Inc.
+
+// Build when the target OS or architecture are not supported
+//go:build (!linux && !darwin) || (!amd64 && !arm64) || go1.22
+
+package waf
+
+type wafDl struct{}
+
+func newWafDl() (dl *wafDl, err error) {
+	return nil, unsupportedTargetErr
+}
+
+func (waf *wafDl) wafGetVersion() string {
+	return ""
+}
+
+func (waf *wafDl) wafInit(obj *wafObject, config *wafConfig, info *wafRulesetInfo) wafHandle {
+	return 0
+}
+
+func (waf *wafDl) wafUpdate(handle wafHandle, ruleset *wafObject, info *wafRulesetInfo) wafHandle {
+	return 0
+}
+
+func (waf *wafDl) wafRulesetInfoFree(info *wafRulesetInfo) {
+}
+
+func (waf *wafDl) wafDestroy(handle wafHandle) {
+}
+
+func (waf *wafDl) wafRequiredAddresses(handle wafHandle) []string {
+	return nil
+}
+
+func (waf *wafDl) wafContextInit(handle wafHandle) wafContext {
+	return 0
+}
+
+func (waf *wafDl) wafContextDestroy(context wafContext) {
+}
+
+func (waf *wafDl) wafResultFree(result *wafResult) {
+}
+
+func (waf *wafDl) wafRun(context wafContext, obj *wafObject, result *wafResult, timeout uint64) wafReturnCode {
+	return wafErrInternal
+}
+
+// Implement SupportsTarget()
+func supportsTarget() (bool, error) {
+	// TODO: provide finer-grained unsupported target error message giving the
+	//    exact reason why
+	return false, unsupportedTargetErr
+}
diff --git a/vendor/github.com/DataDog/go-libddwaf/waf_unsupported_go.go b/vendor/github.com/DataDog/go-libddwaf/waf_unsupported_go.go
new file mode 100644
index 000000000..122684708
--- /dev/null
+++ b/vendor/github.com/DataDog/go-libddwaf/waf_unsupported_go.go
@@ -0,0 +1,17 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016-present Datadog, Inc.
+
+// Supported OS/Arch but unsupported Go version
+//           Supported OS        Supported Arch     Bad Go Version
+//go:build (linux || darwin || windows) && (amd64 || arm64) && go1.22
+
+package waf
+
+import (
+	"fmt"
+	"runtime"
+)
+
+var unsupportedTargetErr = &UnsupportedTargetError{fmt.Errorf("the Go version %s is not supported", runtime.Version())}
diff --git a/vendor/github.com/DataDog/go-libddwaf/waf_unsupported_target.go b/vendor/github.com/DataDog/go-libddwaf/waf_unsupported_target.go
new file mode 100644
index 000000000..59648a7a3
--- /dev/null
+++ b/vendor/github.com/DataDog/go-libddwaf/waf_unsupported_target.go
@@ -0,0 +1,17 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016-present Datadog, Inc.
+
+// Unsupported target OS or architecture on a supported Go version
+//            Unsupported OS        Unsupported Arch      Good Go Version
+//go:build ((!linux && !darwin) || (!amd64 && !arm64)) && !go1.22
+
+package waf
+
+import (
+	"fmt"
+	"runtime"
+)
+
+var unsupportedTargetErr = &UnsupportedTargetError{fmt.Errorf("the target operating-system %s or architecture %s are not supported", runtime.GOOS, runtime.GOARCH)}
diff --git a/vendor/github.com/DataDog/go-tuf/LICENSE b/vendor/github.com/DataDog/go-tuf/LICENSE
new file mode 100644
index 000000000..38163dd4b
--- /dev/null
+++ b/vendor/github.com/DataDog/go-tuf/LICENSE
@@ -0,0 +1,27 @@
+Copyright (c) 2014-2020 Prime Directive, Inc. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+   * Redistributions of source code must retain the above copyright
+notice, this list of conditions and the following disclaimer.
+   * Redistributions in binary form must reproduce the above
+copyright notice, this list of conditions and the following disclaimer
+in the documentation and/or other materials provided with the
+distribution.
+   * Neither the name of Prime Directive, Inc. nor the names of its
+contributors may be used to endorse or promote products derived from
+this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/vendor/github.com/DataDog/go-tuf/client/client.go b/vendor/github.com/DataDog/go-tuf/client/client.go
new file mode 100644
index 000000000..b364648e7
--- /dev/null
+++ b/vendor/github.com/DataDog/go-tuf/client/client.go
@@ -0,0 +1,982 @@
+package client
+
+import (
+	"bytes"
+	"encoding/hex"
+	"encoding/json"
+	"errors"
+	"io"
+
+	"github.com/DataDog/go-tuf/data"
+	"github.com/DataDog/go-tuf/internal/roles"
+	"github.com/DataDog/go-tuf/util"
+	"github.com/DataDog/go-tuf/verify"
+)
+
+const (
+	// This is the upper limit in bytes we will use to limit the download
+	// size of the root/timestamp roles, since we might not don't know how
+	// big it is.
+	defaultRootDownloadLimit      = 512000
+	defaultTimestampDownloadLimit = 16384
+	defaultMaxDelegations         = 32
+	defaultMaxRootRotations       = 1e3
+)
+
+// LocalStore is local storage for downloaded top-level metadata.
+type LocalStore interface {
+	io.Closer
+
+	// GetMeta returns top-level metadata from local storage. The keys are
+	// in the form `ROLE.json`, with ROLE being a valid top-level role.
+	GetMeta() (map[string]json.RawMessage, error)
+
+	// SetMeta persists the given top-level metadata in local storage, the
+	// name taking the same format as the keys returned by GetMeta.
+	SetMeta(name string, meta json.RawMessage) error
+
+	// DeleteMeta deletes a given metadata.
+	DeleteMeta(name string) error
+}
+
+// RemoteStore downloads top-level metadata and target files from a remote
+// repository.
+type RemoteStore interface {
+	// GetMeta downloads the given metadata from remote storage.
+	//
+	// `name` is the filename of the metadata (e.g. "root.json")
+	//
+	// `err` is ErrNotFound if the given file does not exist.
+	//
+	// `size` is the size of the stream, -1 indicating an unknown length.
+	GetMeta(name string) (stream io.ReadCloser, size int64, err error)
+
+	// GetTarget downloads the given target file from remote storage.
+	//
+	// `path` is the path of the file relative to the root of the remote
+	//        targets directory (e.g. "/path/to/file.txt").
+	//
+	// `err` is ErrNotFound if the given file does not exist.
+	//
+	// `size` is the size of the stream, -1 indicating an unknown length.
+	GetTarget(path string) (stream io.ReadCloser, size int64, err error)
+}
+
+// Client provides methods for fetching updates from a remote repository and
+// downloading remote target files.
+type Client struct {
+	local  LocalStore
+	remote RemoteStore
+
+	// The following four fields represent the versions of metatdata either
+	// from local storage or from recently downloaded metadata
+	rootVer      int64
+	targetsVer   int64
+	snapshotVer  int64
+	timestampVer int64
+
+	// targets is the list of available targets, either from local storage
+	// or from recently downloaded targets metadata
+	targets data.TargetFiles
+
+	// localMeta is the raw metadata from local storage and is used to
+	// check whether remote metadata is present locally
+	localMeta map[string]json.RawMessage
+
+	// db is a key DB used for verifying metadata
+	db *verify.DB
+
+	// consistentSnapshot indicates whether the remote storage is using
+	// consistent snapshots (as specified in root.json)
+	consistentSnapshot bool
+
+	// MaxDelegations limits by default the number of delegations visited for any
+	// target
+	MaxDelegations int
+
+	// MaxRootRotations limits the number of downloaded roots in 1.0.19 root updater
+	MaxRootRotations int
+}
+
+func NewClient(local LocalStore, remote RemoteStore) *Client {
+	return &Client{
+		local:            local,
+		remote:           remote,
+		MaxDelegations:   defaultMaxDelegations,
+		MaxRootRotations: defaultMaxRootRotations,
+	}
+}
+
+// Init initializes a local repository from root metadata.
+//
+// The root's keys are extracted from the root and saved in local storage.
+// Root expiration is not checked.
+// It is expected that rootJSON was securely distributed with the software
+// being updated.
+func (c *Client) Init(rootJSON []byte) error {
+	err := c.loadAndVerifyRootMeta(rootJSON, true /*ignoreExpiredCheck*/)
+	if err != nil {
+		return err
+	}
+	return c.local.SetMeta("root.json", rootJSON)
+}
+
+// Update downloads and verifies remote metadata and returns updated targets.
+// It always performs root update (5.2 and 5.3) section of the v1.0.19 spec.
+//
+// https://theupdateframework.github.io/specification/v1.0.19/index.html#load-trusted-root
+func (c *Client) Update() (data.TargetFiles, error) {
+	if err := c.UpdateRoots(); err != nil {
+		if _, ok := err.(verify.ErrExpired); ok {
+			// For backward compatibility, we wrap the ErrExpired inside
+			// ErrDecodeFailed.
+			return nil, ErrDecodeFailed{"root.json", err}
+		}
+		return nil, err
+	}
+
+	// Load trusted metadata files, if any, and verify them against the latest root
+	c.getLocalMeta()
+
+	// 5.4.1 - Download the timestamp metadata
+	timestampJSON, err := c.downloadMetaUnsafe("timestamp.json", defaultTimestampDownloadLimit)
+	if err != nil {
+		return nil, err
+	}
+	// 5.4.(2,3 and 4) - Verify timestamp against various attacks
+	// Returns the extracted snapshot metadata
+	snapshotMeta, sameTimestampVersion, err := c.decodeTimestamp(timestampJSON)
+	if sameTimestampVersion {
+		// The new timestamp.json file had the same version; we don't need to
+		// update, so bail early.
+		return c.targets, nil
+	}
+
+	if err != nil {
+		return nil, err
+	}
+	// 5.4.5 - Persist the timestamp metadata
+	if err := c.local.SetMeta("timestamp.json", timestampJSON); err != nil {
+		return nil, err
+	}
+
+	// 5.5.1 - Download snapshot metadata
+	// 5.5.2 and 5.5.4 - Check against timestamp role's snapshot hash and version
+	snapshotJSON, err := c.downloadMetaFromTimestamp("snapshot.json", snapshotMeta)
+	if err != nil {
+		return nil, err
+	}
+	// 5.5.(3,5 and 6) - Verify snapshot against various attacks
+	// Returns the extracted metadata files
+	snapshotMetas, err := c.decodeSnapshot(snapshotJSON)
+	if err != nil {
+		return nil, err
+	}
+	// 5.5.7 - Persist snapshot metadata
+	if err := c.local.SetMeta("snapshot.json", snapshotJSON); err != nil {
+		return nil, err
+	}
+
+	// If we don't have the targets.json, download it, determine updated
+	// targets and save targets.json in local storage
+	var updatedTargets data.TargetFiles
+	targetsMeta := snapshotMetas["targets.json"]
+	if !c.hasMetaFromSnapshot("targets.json", targetsMeta) {
+		// 5.6.1 - Download the top-level targets metadata file
+		// 5.6.2 and 5.6.4 - Check against snapshot role's targets hash and version
+		targetsJSON, err := c.downloadMetaFromSnapshot("targets.json", targetsMeta)
+		if err != nil {
+			return nil, err
+		}
+		// 5.6.(3 and 5) - Verify signatures and check against freeze attack
+		updatedTargets, err = c.decodeTargets(targetsJSON)
+		if err != nil {
+			return nil, err
+		}
+		// 5.6.6 - Persist targets metadata
+		if err := c.local.SetMeta("targets.json", targetsJSON); err != nil {
+			return nil, err
+		}
+	}
+
+	return updatedTargets, nil
+}
+
+func (c *Client) UpdateRoots() error {
+	// https://theupdateframework.github.io/specification/v1.0.19/index.html#load-trusted-root
+	// 5.2 Load the trusted root metadata file. We assume that a good,
+	// trusted copy of this file was shipped with the package manager
+	// or software updater using an out-of-band process.
+	if err := c.loadAndVerifyLocalRootMeta( /*ignoreExpiredCheck=*/ true); err != nil {
+		return err
+	}
+	m, err := c.local.GetMeta()
+	if err != nil {
+		return err
+	}
+
+	type KeyInfo struct {
+		KeyIDs    map[string]bool
+		Threshold int
+	}
+
+	// Prepare for 5.3.11: If the timestamp and / or snapshot keys have been rotated,
+	// then delete the trusted timestamp and snapshot metadata files.
+	getKeyInfo := func(role string) KeyInfo {
+		keyIDs := make(map[string]bool)
+		for k := range c.db.GetRole(role).KeyIDs {
+			keyIDs[k] = true
+		}
+		return KeyInfo{keyIDs, c.db.GetRole(role).Threshold}
+	}
+
+	// The nonRootKeyInfo looks like this:
+	// {
+	//	"timestamp": {KeyIDs={"KEYID1": true, "KEYID2": true}, Threshold=2},
+	//	"snapshot": {KeyIDs={"KEYID3": true}, Threshold=1},
+	//	"targets": {KeyIDs={"KEYID4": true, "KEYID5": true, "KEYID6": true}, Threshold=1}
+	// }
+
+	nonRootKeyInfo := map[string]KeyInfo{"timestamp": {}, "snapshot": {}, "targets": {}}
+	for k := range nonRootKeyInfo {
+		nonRootKeyInfo[k] = getKeyInfo(k)
+	}
+
+	// 5.3.1 Temorarily turn on the consistent snapshots in order to download
+	// versioned root metadata files as described next.
+	consistentSnapshot := c.consistentSnapshot
+	c.consistentSnapshot = true
+
+	nRootMetadata := m["root.json"]
+
+	// https://theupdateframework.github.io/specification/v1.0.19/index.html#update-root
+
+	// 5.3.1 Since it may now be signed using entirely different keys,
+	// the client MUST somehow be able to establish a trusted line of
+	// continuity to the latest set of keys (see § 6.1 Key
+	// management and migration). To do so, the client MUST
+	// download intermediate root metadata files, until the
+	// latest available one is reached. Therefore, it MUST
+	// temporarily turn on consistent snapshots in order to
+	// download versioned root metadata files as described next.
+
+	// This loop returns on error or breaks after downloading the lastest root metadata.
+	// 5.3.2 Let N denote the version number of the trusted root metadata file.
+	for i := 0; i < c.MaxRootRotations; i++ {
+		// 5.3.3 Try downloading version nPlusOne of the root metadata file.
+		// NOTE: as a side effect, we do update c.rootVer to nPlusOne between iterations.
+		nPlusOne := c.rootVer + 1
+		nPlusOneRootPath := util.VersionedPath("root.json", nPlusOne)
+		nPlusOneRootMetadata, err := c.downloadMetaUnsafe(nPlusOneRootPath, defaultRootDownloadLimit)
+
+		if err != nil {
+			if _, ok := err.(ErrMissingRemoteMetadata); ok {
+				// stop when the next root can't be downloaded
+				break
+			}
+			return err
+		}
+
+		// 5.3.4 Check for an arbitrary software attack.
+		// 5.3.4.1 Check that N signed N+1
+		nPlusOneRootMetadataSigned, err := c.verifyRoot(nRootMetadata, nPlusOneRootMetadata)
+		if err != nil {
+			return err
+		}
+
+		// 5.3.4.2 check that N+1 signed itself.
+		if _, err := c.verifyRoot(nPlusOneRootMetadata, nPlusOneRootMetadata); err != nil {
+			// 5.3.6 Note that the expiration of the new (intermediate) root
+			// metadata file does not matter yet, because we will check for
+			// it in step 5.3.10.
+			return err
+		}
+
+		// 5.3.5 Check for a rollback attack. Here, we check that nPlusOneRootMetadataSigned.version == nPlusOne.
+		if nPlusOneRootMetadataSigned.Version != nPlusOne {
+			return verify.ErrWrongVersion{
+				Given:    nPlusOneRootMetadataSigned.Version,
+				Expected: nPlusOne,
+			}
+		}
+
+		// 5.3.7 Set the trusted root metadata file to the new root metadata file.
+		c.rootVer = nPlusOneRootMetadataSigned.Version
+		// NOTE: following up on 5.3.1, we want to always have consistent snapshots on for the duration
+		// of root rotation. AFTER the rotation is over, we will set it to the value of the last root.
+		consistentSnapshot = nPlusOneRootMetadataSigned.ConsistentSnapshot
+		// 5.3.8 Persist root metadata. The client MUST write the file to non-volatile storage as FILENAME.EXT (e.g. root.json).
+		// NOTE: Internally, setMeta stores metadata in LevelDB in a persistent manner.
+		if err := c.local.SetMeta("root.json", nPlusOneRootMetadata); err != nil {
+			return err
+		}
+		nRootMetadata = nPlusOneRootMetadata
+		// 5.3.9 Repeat steps 5.3.2 to 5.3.9
+
+	} // End of the for loop.
+
+	// 5.3.10 Check for a freeze attack.
+	// NOTE: This will check for any, including freeze, attack.
+	if err := c.loadAndVerifyLocalRootMeta( /*ignoreExpiredCheck=*/ false); err != nil {
+		return err
+	}
+
+	countDeleted := func(s1 map[string]bool, s2 map[string]bool) int {
+		c := 0
+		for k := range s1 {
+			if _, ok := s2[k]; !ok {
+				c++
+			}
+		}
+		return c
+	}
+
+	// 5.3.11 To recover from fast-forward attack, certain metadata files need
+	// to be deleted if a threshold of keys are revoked.
+	// List of metadata that should be deleted per role if a threshold of keys
+	// are revoked:
+	// (based on the ongoing PR: https://github.com/mnm678/specification/tree/e50151d9df632299ddea364c4f44fe8ca9c10184)
+	// timestamp -> delete timestamp.json
+	// snapshot ->  delete timestamp.json and snapshot.json
+	// targets ->   delete snapshot.json and targets.json
+	//
+	// nonRootKeyInfo contains the keys and thresholds from root.json
+	// that were on disk before the root update process begins.
+	for topLevelRolename := range nonRootKeyInfo {
+		// ki contains the keys and thresholds from the latest downloaded root.json.
+		ki := getKeyInfo(topLevelRolename)
+		if countDeleted(nonRootKeyInfo[topLevelRolename].KeyIDs, ki.KeyIDs) >= nonRootKeyInfo[topLevelRolename].Threshold {
+			deleteMeta := map[string][]string{
+				"timestamp": {"timestamp.json"},
+				"snapshot":  {"timestamp.json", "snapshot.json"},
+				"targets":   {"snapshot.json", "targets.json"},
+			}
+
+			for _, r := range deleteMeta[topLevelRolename] {
+				c.local.DeleteMeta(r)
+			}
+		}
+	}
+
+	// 5.3.12 Set whether consistent snapshots are used as per the trusted root metadata file.
+	c.consistentSnapshot = consistentSnapshot
+	return nil
+}
+
+// getLocalMeta decodes and verifies metadata from local storage.
+// The verification of local files is purely for consistency, if an attacker
+// has compromised the local storage, there is no guarantee it can be trusted.
+// Before trying to load the metadata files, it clears the in-memory copy of the local metadata.
+// This is to insure that all of the loaded metadata files at the end are indeed verified by the latest root.
+// If some of the metadata files fail to load it will proceed with trying to load the rest,
+// but still return an error at the end, if such occurred. Otherwise returns nil.
+func (c *Client) getLocalMeta() error {
+	var retErr error
+	loadFailed := false
+	// Clear the in-memory copy of the local metadata. The goal is to reload and take into account
+	// only the metadata files that are verified by the latest root. Otherwise, their content should
+	// be ignored.
+	c.localMeta = make(map[string]json.RawMessage)
+
+	// Load the latest root meta
+	if err := c.loadAndVerifyLocalRootMeta( /*ignoreExpiredCheck=*/ false); err != nil {
+		return err
+	}
+
+	// Load into memory the existing meta, if any, from the local storage
+	meta, err := c.local.GetMeta()
+	if err != nil {
+		return nil
+	}
+
+	// Verify the top-level metadata (timestamp, snapshot and targets) against the latest root and load it, if okay
+	if timestampJSON, ok := meta["timestamp.json"]; ok {
+		timestamp := &data.Timestamp{}
+		if err := c.db.UnmarshalTrusted(timestampJSON, timestamp, "timestamp"); err != nil {
+			loadFailed = true
+			retErr = err
+		} else {
+			c.localMeta["timestamp.json"] = meta["timestamp.json"]
+			c.timestampVer = timestamp.Version
+		}
+	}
+
+	snapshot := &data.Snapshot{}
+	if snapshotJSON, ok := meta["snapshot.json"]; ok {
+		if err := c.db.UnmarshalTrusted(snapshotJSON, snapshot, "snapshot"); err != nil {
+			loadFailed = true
+			retErr = err
+		} else {
+			c.localMeta["snapshot.json"] = meta["snapshot.json"]
+			c.snapshotVer = snapshot.Version
+		}
+	}
+
+	if targetsJSON, ok := meta["targets.json"]; ok {
+		targets := &data.Targets{}
+		if err := c.db.UnmarshalTrusted(targetsJSON, targets, "targets"); err != nil {
+			loadFailed = true
+			retErr = err
+		} else {
+			c.localMeta["targets.json"] = meta["targets.json"]
+			c.targetsVer = targets.Version
+			// FIXME(TUF-0.9) temporarily support files with leading path separators.
+			// c.targets = targets.Targets
+			c.loadTargets(targets.Targets)
+		}
+	}
+
+	if loadFailed {
+		// If any of the metadata failed to be verified, return the reason for that failure
+		// and fail fast before delegated targets
+		return retErr
+	}
+
+	// verifiedDelegatedTargets is a set of verified delegated targets
+	for fileName, fileContent := range meta {
+		if roles.IsDelegatedTargetsManifest(fileName) {
+			c.localMeta[fileName] = fileContent
+		}
+	}
+
+	if loadFailed {
+		// If any of the metadata failed to be verified, return the reason for that failure
+		return retErr
+	}
+	return nil
+}
+
+// getDelegationPathFromRaw verifies a delegated targets against
+// a given snapshot and returns an error if it's invalid
+//
+// Delegation must have targets to get a path, else an empty list
+// will be returned: this is because the delegation iterator is leveraged.
+//
+// Concrete example:
+// targets
+// └── a.json
+//   └── b.json
+//      └── c.json
+//        └── target_file.txt
+//
+// If you try to use that function on "a.json" or "b.json", it'll return an empty list
+// with no error, as neither of them declare a target file
+// On the other hand, if you use that function on "c.json", it'll return & verify
+// [c.json, b.json, a.json]. Running that function on every delegated targets
+// guarantees that if a delegated targets is in the path of a target file, then it will
+// appear at least once in the result
+func (c *Client) getDelegationPathFromRaw(snapshot *data.Snapshot, delegatedTargetsJSON json.RawMessage) ([]string, error) {
+	// unmarshal the delegated targets first without verifying as
+	// we need at least one targets file name to leverage the
+	// getTargetFileMetaDelegationPath method
+	s := &data.Signed{}
+	if err := json.Unmarshal(delegatedTargetsJSON, s); err != nil {
+		return nil, err
+	}
+	targets := &data.Targets{}
+	if err := json.Unmarshal(s.Signed, targets); err != nil {
+		return nil, err
+	}
+	for targetPath := range targets.Targets {
+		// Gets target file from remote store
+		_, resp, err := c.getTargetFileMetaDelegationPath(targetPath, snapshot)
+		// We only need to test one targets file:
+		// - If it is valid, it means the delegated targets has been validated
+		// - If it is not, the delegated targets isn't valid
+		if errors.As(err, &ErrMissingRemoteMetadata{}) {
+			// As this function is used to fill the local store cache, the targets
+			// will be downloaded from the remote store as the local store cache is
+			// empty, meaning that the delegated targets may not exist anymore. In
+			// that case, ignore it.
+			return nil, nil
+		}
+		return resp, err
+	}
+	return nil, nil
+}
+
+// loadAndVerifyLocalRootMeta decodes and verifies root metadata from
+// local storage and loads the top-level keys. This method first clears
+// the DB for top-level keys and then loads the new keys.
+func (c *Client) loadAndVerifyLocalRootMeta(ignoreExpiredCheck bool) error {
+	meta, err := c.local.GetMeta()
+	if err != nil {
+		return err
+	}
+	rootJSON, ok := meta["root.json"]
+	if !ok {
+		return ErrNoRootKeys
+	}
+	return c.loadAndVerifyRootMeta(rootJSON, ignoreExpiredCheck)
+}
+
+// loadAndVerifyRootMeta decodes and verifies root metadata and loads the top-level keys.
+// This method first clears the DB for top-level keys and then loads the new keys.
+func (c *Client) loadAndVerifyRootMeta(rootJSON []byte, ignoreExpiredCheck bool) error {
+	// unmarshal root.json without verifying as we need the root
+	// keys first
+	s := &data.Signed{}
+	if err := json.Unmarshal(rootJSON, s); err != nil {
+		return err
+	}
+	root := &data.Root{}
+	if err := json.Unmarshal(s.Signed, root); err != nil {
+		return err
+	}
+	ndb := verify.NewDB()
+	for id, k := range root.Keys {
+		if err := ndb.AddKey(id, k); err != nil {
+			return err
+		}
+	}
+	for name, role := range root.Roles {
+		if err := ndb.AddRole(name, role); err != nil {
+			return err
+		}
+	}
+	// Any trusted local root metadata version must be greater than 0.
+	if ignoreExpiredCheck {
+		if err := ndb.VerifyIgnoreExpiredCheck(s, "root", 0); err != nil {
+			return err
+		}
+	} else {
+		if err := ndb.Verify(s, "root", 0); err != nil {
+			return err
+		}
+	}
+	c.consistentSnapshot = root.ConsistentSnapshot
+	c.rootVer = root.Version
+	c.db = ndb
+	return nil
+}
+
+// verifyRoot verifies Signed section of the bJSON
+// using verification keys in aJSON.
+func (c *Client) verifyRoot(aJSON []byte, bJSON []byte) (*data.Root, error) {
+	aSigned := &data.Signed{}
+	if err := json.Unmarshal(aJSON, aSigned); err != nil {
+		return nil, err
+	}
+	aRoot := &data.Root{}
+	if err := json.Unmarshal(aSigned.Signed, aRoot); err != nil {
+		return nil, err
+	}
+
+	bSigned := &data.Signed{}
+	if err := json.Unmarshal(bJSON, bSigned); err != nil {
+		return nil, err
+	}
+	bRoot := &data.Root{}
+	if err := json.Unmarshal(bSigned.Signed, bRoot); err != nil {
+		return nil, err
+	}
+
+	ndb := verify.NewDB()
+	for id, k := range aRoot.Keys {
+		if err := ndb.AddKey(id, k); err != nil {
+			return nil, err
+		}
+	}
+	for name, role := range aRoot.Roles {
+		if err := ndb.AddRole(name, role); err != nil {
+			return nil, err
+		}
+	}
+
+	if err := ndb.VerifySignatures(bSigned, "root"); err != nil {
+		return nil, err
+	}
+	return bRoot, nil
+}
+
+// FIXME(TUF-0.9) TUF is considering removing support for target files starting
+// with a leading path separator. In order to be backwards compatible, we'll
+// just remove leading separators for now.
+func (c *Client) loadTargets(targets data.TargetFiles) {
+	c.targets = make(data.TargetFiles)
+	for name, meta := range targets {
+		c.targets[name] = meta
+		c.targets[util.NormalizeTarget(name)] = meta
+	}
+}
+
+// downloadMetaUnsafe downloads top-level metadata from remote storage without
+// verifying it's length and hashes (used for example to download timestamp.json
+// which has unknown size). It will download at most maxMetaSize bytes.
+func (c *Client) downloadMetaUnsafe(name string, maxMetaSize int64) ([]byte, error) {
+	r, size, err := c.remote.GetMeta(name)
+	if err != nil {
+		if IsNotFound(err) {
+			return nil, ErrMissingRemoteMetadata{name}
+		}
+		return nil, ErrDownloadFailed{name, err}
+	}
+	defer r.Close()
+
+	// return ErrMetaTooLarge if the reported size is greater than maxMetaSize
+	if size > maxMetaSize {
+		return nil, ErrMetaTooLarge{name, size, maxMetaSize}
+	}
+
+	// although the size has been checked above, use a LimitReader in case
+	// the reported size is inaccurate, or size is -1 which indicates an
+	// unknown length
+	return io.ReadAll(io.LimitReader(r, maxMetaSize))
+}
+
+// remoteGetFunc is the type of function the download method uses to download
+// remote files
+type remoteGetFunc func(string) (io.ReadCloser, int64, error)
+
+// downloadHashed tries to download the hashed prefixed version of the file.
+func (c *Client) downloadHashed(file string, get remoteGetFunc, hashes data.Hashes) (io.ReadCloser, int64, error) {
+	// try each hashed path in turn, and either return the contents,
+	// try the next one if a 404 is returned, or return an error
+	for _, path := range util.HashedPaths(file, hashes) {
+		r, size, err := get(path)
+		if err != nil {
+			if IsNotFound(err) {
+				continue
+			}
+			return nil, 0, err
+		}
+		return r, size, nil
+	}
+	return nil, 0, ErrNotFound{file}
+}
+
+// download downloads the given target file from remote storage using the get
+// function, adding hashes to the path if consistent snapshots are in use
+func (c *Client) downloadTarget(file string, get remoteGetFunc, hashes data.Hashes) (io.ReadCloser, int64, error) {
+	if c.consistentSnapshot {
+		return c.downloadHashed(file, get, hashes)
+	} else {
+		return get(file)
+	}
+}
+
+// downloadVersionedMeta downloads top-level metadata from remote storage and
+// verifies it using the given file metadata.
+func (c *Client) downloadMeta(name string, version int64, m data.FileMeta) ([]byte, error) {
+	r, size, err := func() (io.ReadCloser, int64, error) {
+		if c.consistentSnapshot {
+			path := util.VersionedPath(name, version)
+			r, size, err := c.remote.GetMeta(path)
+			if err == nil {
+				return r, size, nil
+			}
+
+			return nil, 0, err
+		} else {
+			return c.remote.GetMeta(name)
+		}
+	}()
+	if err != nil {
+		if IsNotFound(err) {
+			return nil, ErrMissingRemoteMetadata{name}
+		}
+		return nil, err
+	}
+	defer r.Close()
+
+	// return ErrWrongSize if the reported size is known and incorrect
+	var stream io.Reader
+	if m.Length != 0 {
+		if size >= 0 && size != m.Length {
+			return nil, ErrWrongSize{name, size, m.Length}
+		}
+
+		// wrap the data in a LimitReader so we download at most m.Length bytes
+		stream = io.LimitReader(r, m.Length)
+	} else {
+		stream = r
+	}
+
+	return io.ReadAll(stream)
+}
+
+func (c *Client) downloadMetaFromSnapshot(name string, m data.SnapshotFileMeta) ([]byte, error) {
+	b, err := c.downloadMeta(name, m.Version, data.FileMeta{Length: m.Length, Hashes: m.Hashes})
+	if err != nil {
+		return nil, err
+	}
+
+	// 5.6.2 – Check length and hashes of fetched bytes *before* parsing metadata
+	if err := util.BytesMatchLenAndHashes(b, m.Length, m.Hashes); err != nil {
+		return nil, ErrDownloadFailed{name, err}
+	}
+
+	meta, err := util.GenerateSnapshotFileMeta(bytes.NewReader(b), m.Hashes.HashAlgorithms()...)
+	if err != nil {
+		return nil, err
+	}
+
+	// 5.6.4 - Check against snapshot role's version
+	if err := util.VersionEqual(meta.Version, m.Version); err != nil {
+		return nil, ErrDownloadFailed{name, err}
+	}
+
+	return b, nil
+}
+
+func (c *Client) downloadMetaFromTimestamp(name string, m data.TimestampFileMeta) ([]byte, error) {
+	b, err := c.downloadMeta(name, m.Version, data.FileMeta{Length: m.Length, Hashes: m.Hashes})
+	if err != nil {
+		return nil, err
+	}
+
+	// 5.2.2. – Check length and hashes of fetched bytes *before* parsing metadata
+	if err := util.BytesMatchLenAndHashes(b, m.Length, m.Hashes); err != nil {
+		return nil, ErrDownloadFailed{name, err}
+	}
+
+	meta, err := util.GenerateTimestampFileMeta(bytes.NewReader(b), m.Hashes.HashAlgorithms()...)
+	if err != nil {
+		return nil, err
+	}
+
+	// 5.5.4 - Check against timestamp role's version
+	if err := util.VersionEqual(meta.Version, m.Version); err != nil {
+		return nil, ErrDownloadFailed{name, err}
+	}
+
+	return b, nil
+}
+
+// decodeSnapshot decodes and verifies snapshot metadata, and returns the new
+// root and targets file meta.
+func (c *Client) decodeSnapshot(b json.RawMessage) (data.SnapshotFiles, error) {
+	snapshot := &data.Snapshot{}
+	// 5.5.(3 and 6) - Verify it's signed correctly and it's not expired
+	if err := c.db.Unmarshal(b, snapshot, "snapshot", c.snapshotVer); err != nil {
+		return data.SnapshotFiles{}, ErrDecodeFailed{"snapshot.json", err}
+	}
+	// 5.5.5 - Check for top-level targets rollback attack
+	// Verify explicitly that current targets meta version is less than or equal to the new one
+	if snapshot.Meta["targets.json"].Version < c.targetsVer {
+		return data.SnapshotFiles{}, verify.ErrLowVersion{Actual: snapshot.Meta["targets.json"].Version, Current: c.targetsVer}
+	}
+
+	// 5.5.5 - Get the local/trusted snapshot metadata, if any, and check all target metafiles against rollback attack
+	// In case the local snapshot metadata was not verified by the keys in the latest root during getLocalMeta(),
+	// snapshot.json won't be present in c.localMeta and thus this check will not be processed.
+	if snapshotJSON, ok := c.localMeta["snapshot.json"]; ok {
+		currentSnapshot := &data.Snapshot{}
+		if err := c.db.UnmarshalTrusted(snapshotJSON, currentSnapshot, "snapshot"); err != nil {
+			return data.SnapshotFiles{}, err
+		}
+		// 5.5.5 - Check for rollback attacks in both top-level and delegated targets roles (note that the Meta object includes both)
+		for path, local := range currentSnapshot.Meta {
+			if newMeta, ok := snapshot.Meta[path]; ok {
+				// 5.5.5 - Check for rollback attack
+				if newMeta.Version < local.Version {
+					return data.SnapshotFiles{}, verify.ErrLowVersion{Actual: newMeta.Version, Current: local.Version}
+				}
+			} else {
+				// 5.5.5 - Abort the update if a target file has been removed from the new snapshot file
+				return data.SnapshotFiles{}, verify.ErrMissingTargetFile
+			}
+		}
+	}
+	// At this point we can trust the new snapshot, the top-level targets, and any delegated targets versions it refers to
+	// so we can update the client's trusted versions and proceed with persisting the new snapshot metadata
+	// c.snapshotVer was already set when we verified the timestamp metadata
+	c.targetsVer = snapshot.Meta["targets.json"].Version
+	return snapshot.Meta, nil
+}
+
+// decodeTargets decodes and verifies targets metadata, sets c.targets and
+// returns updated targets.
+func (c *Client) decodeTargets(b json.RawMessage) (data.TargetFiles, error) {
+	targets := &data.Targets{}
+	// 5.6.(3 and 5) - Verify signatures and check against freeze attack
+	if err := c.db.Unmarshal(b, targets, "targets", c.targetsVer); err != nil {
+		return nil, ErrDecodeFailed{"targets.json", err}
+	}
+	// Generate a list with the updated targets
+	updatedTargets := make(data.TargetFiles)
+	for path, meta := range targets.Targets {
+		if local, ok := c.targets[path]; ok {
+			if err := util.TargetFileMetaEqual(local, meta); err == nil {
+				continue
+			}
+		}
+		updatedTargets[path] = meta
+	}
+	// c.targetsVer was already updated when we verified the snapshot metadata
+	// FIXME(TUF-0.9) temporarily support files with leading path separators.
+	// c.targets = targets.Targets
+	c.loadTargets(targets.Targets)
+	return updatedTargets, nil
+}
+
+// decodeTimestamp decodes and verifies timestamp metadata, and returns the
+// new snapshot file meta and signals whether the update should be aborted early
+// (the new timestamp has the same version as the old one, so there's no need to
+// complete the update).
+func (c *Client) decodeTimestamp(b json.RawMessage) (data.TimestampFileMeta, bool, error) {
+	timestamp := &data.Timestamp{}
+
+	if err := c.db.Unmarshal(b, timestamp, "timestamp", c.timestampVer); err != nil {
+		return data.TimestampFileMeta{}, false, ErrDecodeFailed{"timestamp.json", err}
+	}
+	// 5.4.3.1  - Check for timestamp rollback attack
+	// We already checked for timestamp.Version < c.timestampVer in the Unmarshal call above.
+	// Here, we're checking for version equality, which indicates that we can abandon this update.
+	if timestamp.Version == c.timestampVer {
+		return data.TimestampFileMeta{}, true, nil
+	}
+	// 5.4.3.2 - Check for snapshot rollback attack
+	// Verify that the current snapshot meta version is less than or equal to the new one
+	if timestamp.Meta["snapshot.json"].Version < c.snapshotVer {
+		return data.TimestampFileMeta{}, false, verify.ErrLowVersion{Actual: timestamp.Meta["snapshot.json"].Version, Current: c.snapshotVer}
+	}
+	// At this point we can trust the new timestamp and the snapshot version it refers to
+	// so we can update the client's trusted versions and proceed with persisting the new timestamp
+	c.timestampVer = timestamp.Version
+	c.snapshotVer = timestamp.Meta["snapshot.json"].Version
+	return timestamp.Meta["snapshot.json"], false, nil
+}
+
+// hasMetaFromSnapshot checks whether local metadata has the given meta
+func (c *Client) hasMetaFromSnapshot(name string, m data.SnapshotFileMeta) bool {
+	_, ok := c.localMetaFromSnapshot(name, m)
+	return ok
+}
+
+// localMetaFromSnapshot returns localmetadata if it matches the snapshot
+func (c *Client) localMetaFromSnapshot(name string, m data.SnapshotFileMeta) (json.RawMessage, bool) {
+	b, ok := c.localMeta[name]
+	if !ok {
+		return nil, false
+	}
+	meta, err := util.GenerateSnapshotFileMeta(bytes.NewReader(b), m.Hashes.HashAlgorithms()...)
+	if err != nil {
+		return nil, false
+	}
+	err = util.SnapshotFileMetaEqual(meta, m)
+	return b, err == nil
+}
+
+type Destination interface {
+	io.Writer
+	Delete() error
+}
+
+// Download downloads the given target file from remote storage into dest.
+//
+// dest will be deleted and an error returned in the following situations:
+//
+//   - The target does not exist in the local targets.json
+//   - Failed to fetch the chain of delegations accessible from local snapshot.json
+//   - The target does not exist in any targets
+//   - Metadata cannot be generated for the downloaded data
+//   - Generated metadata does not match local metadata for the given file
+//   - Size of the download does not match if the reported size is known and
+//     incorrect
+func (c *Client) Download(name string, dest Destination) (err error) {
+	// delete dest if there is an error
+	defer func() {
+		if err != nil {
+			dest.Delete()
+		}
+	}()
+
+	// populate c.targets from local storage if not set
+	if c.targets == nil {
+		if err := c.getLocalMeta(); err != nil {
+			return err
+		}
+	}
+
+	normalizedName := util.NormalizeTarget(name)
+	localMeta, ok := c.targets[normalizedName]
+	if !ok {
+		// search in delegations
+		localMeta, err = c.getTargetFileMeta(normalizedName)
+		if err != nil {
+			return err
+		}
+	}
+
+	// get the data from remote storage
+	r, size, err := c.downloadTarget(normalizedName, c.remote.GetTarget, localMeta.Hashes)
+	if err != nil {
+		return err
+	}
+	defer r.Close()
+
+	// return ErrWrongSize if the reported size is known and incorrect
+	if size >= 0 && size != localMeta.Length {
+		return ErrWrongSize{name, size, localMeta.Length}
+	}
+
+	// wrap the data in a LimitReader so we download at most localMeta.Length bytes
+	stream := io.LimitReader(r, localMeta.Length)
+
+	// read the data, simultaneously writing it to dest and generating metadata
+	actual, err := util.GenerateTargetFileMeta(io.TeeReader(stream, dest), localMeta.HashAlgorithms()...)
+	if err != nil {
+		return ErrDownloadFailed{name, err}
+	}
+
+	// check the data has the correct length and hashes
+	if err := util.TargetFileMetaEqual(actual, localMeta); err != nil {
+		if e, ok := err.(util.ErrWrongLength); ok {
+			return ErrWrongSize{name, e.Actual, e.Expected}
+		}
+		return ErrDownloadFailed{name, err}
+	}
+
+	return nil
+}
+
+func (c *Client) VerifyDigest(digest string, digestAlg string, length int64, path string) error {
+	localMeta, ok := c.targets[path]
+	if !ok {
+		return ErrUnknownTarget{Name: path, SnapshotVersion: c.snapshotVer}
+	}
+
+	actual := data.FileMeta{Length: length, Hashes: make(data.Hashes, 1)}
+	var err error
+	actual.Hashes[digestAlg], err = hex.DecodeString(digest)
+	if err != nil {
+		return err
+	}
+
+	if err := util.TargetFileMetaEqual(data.TargetFileMeta{FileMeta: actual}, localMeta); err != nil {
+		if e, ok := err.(util.ErrWrongLength); ok {
+			return ErrWrongSize{path, e.Actual, e.Expected}
+		}
+		return ErrDownloadFailed{path, err}
+	}
+
+	return nil
+}
+
+// Target returns the target metadata for a specific target if it
+// exists, searching from top-level level targets then through
+// all delegations. If it does not, ErrNotFound will be returned.
+func (c *Client) Target(name string) (data.TargetFileMeta, error) {
+	target, err := c.getTargetFileMeta(util.NormalizeTarget(name))
+	if err == nil {
+		return target, nil
+	}
+
+	if _, ok := err.(ErrUnknownTarget); ok {
+		return data.TargetFileMeta{}, ErrNotFound{name}
+	}
+
+	return data.TargetFileMeta{}, err
+}
+
+// Targets returns the complete list of available top-level targets.
+func (c *Client) Targets() (data.TargetFiles, error) {
+	// populate c.targets from local storage if not set
+	if c.targets == nil {
+		if err := c.getLocalMeta(); err != nil {
+			return nil, err
+		}
+	}
+	return c.targets, nil
+}
diff --git a/vendor/github.com/DataDog/go-tuf/client/delegations.go b/vendor/github.com/DataDog/go-tuf/client/delegations.go
new file mode 100644
index 000000000..4cf540455
--- /dev/null
+++ b/vendor/github.com/DataDog/go-tuf/client/delegations.go
@@ -0,0 +1,152 @@
+package client
+
+import (
+	"github.com/DataDog/go-tuf/data"
+	"github.com/DataDog/go-tuf/pkg/targets"
+	"github.com/DataDog/go-tuf/verify"
+)
+
+// getTargetFileMeta searches for a verified TargetFileMeta matching a target
+// Requires a local snapshot to be loaded and is locked to the snapshot versions.
+func (c *Client) getTargetFileMeta(target string) (data.TargetFileMeta, error) {
+	snapshot, err := c.loadLocalSnapshot()
+	if err != nil {
+		return data.TargetFileMeta{}, err
+	}
+
+	targetFileMeta, _, err := c.getTargetFileMetaDelegationPath(target, snapshot)
+	if err != nil {
+		return data.TargetFileMeta{}, err
+	}
+	return targetFileMeta, nil
+}
+
+// getTargetFileMetaDelegationPath searches for a verified TargetFileMeta matching a target
+// Requires snapshot to be passed and is locked to that specific snapshot versions.
+// Searches through delegated targets following TUF spec 1.0.19 section 5.6.
+func (c *Client) getTargetFileMetaDelegationPath(target string, snapshot *data.Snapshot) (data.TargetFileMeta, []string, error) {
+	// delegationsIterator covers 5.6.7
+	// - pre-order depth-first search starting with the top targets
+	// - filter delegations with paths or path_hash_prefixes matching searched target
+	// - 5.6.7.1 cycles protection
+	// - 5.6.7.2 terminations
+	delegations, err := targets.NewDelegationsIterator(target, c.db)
+	if err != nil {
+		return data.TargetFileMeta{}, nil, err
+	}
+
+	targetFileMeta := data.TargetFileMeta{}
+	delegationRole := ""
+
+	for i := 0; i < c.MaxDelegations; i++ {
+		d, ok := delegations.Next()
+		if !ok {
+			return data.TargetFileMeta{}, nil, ErrUnknownTarget{target, snapshot.Version}
+		}
+
+		// covers 5.6.{1,2,3,4,5,6}
+		targets, err := c.loadDelegatedTargets(snapshot, d.Delegatee.Name, d.DB)
+		if err != nil {
+			return data.TargetFileMeta{}, nil, err
+		}
+
+		// stop when the searched TargetFileMeta is found
+		if m, ok := targets.Targets[target]; ok {
+			delegationRole = d.Delegatee.Name
+			targetFileMeta = m
+			break
+		}
+
+		if targets.Delegations != nil {
+			delegationsDB, err := verify.NewDBFromDelegations(targets.Delegations)
+			if err != nil {
+				return data.TargetFileMeta{}, nil, err
+			}
+			err = delegations.Add(targets.Delegations.Roles, d.Delegatee.Name, delegationsDB)
+			if err != nil {
+				return data.TargetFileMeta{}, nil, err
+			}
+		}
+	}
+
+	if len(delegationRole) > 0 {
+		return targetFileMeta, buildPath(delegations.Parent, delegationRole, ""), nil
+	}
+
+	return data.TargetFileMeta{}, nil, ErrMaxDelegations{
+		Target:          target,
+		MaxDelegations:  c.MaxDelegations,
+		SnapshotVersion: snapshot.Version,
+	}
+}
+
+func buildPath(parent func(string) string, start string, end string) []string {
+	if start == end {
+		return nil
+	}
+
+	path := []string{start}
+	current := start
+	for {
+		current = parent(current)
+		if current == end {
+			break
+		}
+		path = append(path, current)
+	}
+	return path
+}
+
+func (c *Client) loadLocalSnapshot() (*data.Snapshot, error) {
+	if err := c.getLocalMeta(); err != nil {
+		return nil, err
+	}
+	rawS, ok := c.localMeta["snapshot.json"]
+	if !ok {
+		return nil, ErrNoLocalSnapshot
+	}
+
+	snapshot := &data.Snapshot{}
+	if err := c.db.Unmarshal(rawS, snapshot, "snapshot", c.snapshotVer); err != nil {
+		return nil, ErrDecodeFailed{"snapshot.json", err}
+	}
+	return snapshot, nil
+}
+
+// loadDelegatedTargets downloads, decodes, verifies and stores targets
+func (c *Client) loadDelegatedTargets(snapshot *data.Snapshot, role string, db *verify.DB) (*data.Targets, error) {
+	var err error
+	fileName := role + ".json"
+	fileMeta, ok := snapshot.Meta[fileName]
+	if !ok {
+		return nil, ErrRoleNotInSnapshot{role, snapshot.Version}
+	}
+
+	// 5.6.1 download target if not in the local store
+	// 5.6.2 check against snapshot hash
+	// 5.6.4 check against snapshot version
+	raw, alreadyStored := c.localMetaFromSnapshot(fileName, fileMeta)
+	if !alreadyStored {
+		raw, err = c.downloadMetaFromSnapshot(fileName, fileMeta)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	targets := &data.Targets{}
+	// 5.6.3 verify signature with parent public keys
+	// 5.6.5 verify that the targets is not expired
+	// role "targets" is a top role verified by root keys loaded in the client db
+	err = db.Unmarshal(raw, targets, role, fileMeta.Version)
+	if err != nil {
+		return nil, ErrDecodeFailed{fileName, err}
+	}
+
+	// 5.6.6 persist
+	if !alreadyStored {
+		if err := c.local.SetMeta(fileName, raw); err != nil {
+			return nil, err
+		}
+	}
+	return targets, nil
+}
diff --git a/vendor/github.com/DataDog/go-tuf/client/errors.go b/vendor/github.com/DataDog/go-tuf/client/errors.go
new file mode 100644
index 000000000..3e7a5dcc4
--- /dev/null
+++ b/vendor/github.com/DataDog/go-tuf/client/errors.go
@@ -0,0 +1,107 @@
+package client
+
+import (
+	"errors"
+	"fmt"
+)
+
+var (
+	ErrNoRootKeys       = errors.New("tuf: no root keys found in local meta store")
+	ErrInsufficientKeys = errors.New("tuf: insufficient keys to meet threshold")
+	ErrNoLocalSnapshot  = errors.New("tuf: no snapshot stored locally")
+)
+
+type ErrMissingRemoteMetadata struct {
+	Name string
+}
+
+func (e ErrMissingRemoteMetadata) Error() string {
+	return fmt.Sprintf("tuf: missing remote metadata %s", e.Name)
+}
+
+type ErrDownloadFailed struct {
+	File string
+	Err  error
+}
+
+func (e ErrDownloadFailed) Error() string {
+	return fmt.Sprintf("tuf: failed to download %s: %s", e.File, e.Err)
+}
+
+type ErrDecodeFailed struct {
+	File string
+	Err  error
+}
+
+func (e ErrDecodeFailed) Error() string {
+	return fmt.Sprintf("tuf: failed to decode %s: %s", e.File, e.Err)
+}
+
+type ErrMaxDelegations struct {
+	Target          string
+	MaxDelegations  int
+	SnapshotVersion int64
+}
+
+func (e ErrMaxDelegations) Error() string {
+	return fmt.Sprintf("tuf: max delegation of %d reached searching for %s with snapshot version %d", e.MaxDelegations, e.Target, e.SnapshotVersion)
+}
+
+type ErrNotFound struct {
+	File string
+}
+
+func (e ErrNotFound) Error() string {
+	return fmt.Sprintf("tuf: file not found: %s", e.File)
+}
+
+func IsNotFound(err error) bool {
+	_, ok := err.(ErrNotFound)
+	return ok
+}
+
+type ErrWrongSize struct {
+	File     string
+	Actual   int64
+	Expected int64
+}
+
+func (e ErrWrongSize) Error() string {
+	return fmt.Sprintf("tuf: unexpected file size: %s (expected %d bytes, got %d bytes)", e.File, e.Expected, e.Actual)
+}
+
+type ErrUnknownTarget struct {
+	Name            string
+	SnapshotVersion int64
+}
+
+func (e ErrUnknownTarget) Error() string {
+	return fmt.Sprintf("tuf: unknown target file: %s with snapshot version %d", e.Name, e.SnapshotVersion)
+}
+
+type ErrMetaTooLarge struct {
+	Name    string
+	Size    int64
+	MaxSize int64
+}
+
+func (e ErrMetaTooLarge) Error() string {
+	return fmt.Sprintf("tuf: %s size %d bytes greater than maximum %d bytes", e.Name, e.Size, e.MaxSize)
+}
+
+type ErrInvalidURL struct {
+	URL string
+}
+
+func (e ErrInvalidURL) Error() string {
+	return fmt.Sprintf("tuf: invalid repository URL %s", e.URL)
+}
+
+type ErrRoleNotInSnapshot struct {
+	Role            string
+	SnapshotVersion int64
+}
+
+func (e ErrRoleNotInSnapshot) Error() string {
+	return fmt.Sprintf("tuf: role %s not in snapshot version %d", e.Role, e.SnapshotVersion)
+}
diff --git a/vendor/github.com/DataDog/go-tuf/client/file_store.go b/vendor/github.com/DataDog/go-tuf/client/file_store.go
new file mode 100644
index 000000000..520bbe73a
--- /dev/null
+++ b/vendor/github.com/DataDog/go-tuf/client/file_store.go
@@ -0,0 +1,90 @@
+package client
+
+import (
+	"bytes"
+	"errors"
+	"fmt"
+	"io"
+	"io/fs"
+)
+
+// FileRemoteStore provides a RemoteStore interface compatible
+// implementation that can be used where the RemoteStore is backed by a
+// fs.FS. This is useful for example in air-gapped environments where there's no
+// possibility to make outbound network connections.
+// By having this be a fs.FS instead of directories allows the repository to
+// be backed by something that's not persisted to disk.
+func NewFileRemoteStore(fsys fs.FS, targetDir string) (*FileRemoteStore, error) {
+	if fsys == nil {
+		return nil, errors.New("nil fs.FS")
+	}
+	t := targetDir
+	if t == "" {
+		t = "targets"
+	}
+	// Make sure directory exists
+	d, err := fsys.Open(t)
+	if err != nil {
+		return nil, fmt.Errorf("failed to open targets directory %s: %w", t, err)
+	}
+	fi, err := d.Stat()
+	if err != nil {
+		return nil, fmt.Errorf("failed to stat targets directory %s: %w", t, err)
+	}
+	if !fi.IsDir() {
+		return nil, fmt.Errorf("targets directory not a directory %s", t)
+	}
+
+	fsysT, err := fs.Sub(fsys, t)
+	if err != nil {
+		return nil, fmt.Errorf("failed to open targets directory %s: %w", t, err)
+	}
+	return &FileRemoteStore{fsys: fsys, targetDir: fsysT}, nil
+}
+
+type FileRemoteStore struct {
+	// Meta directory fs
+	fsys fs.FS
+	// Target directory fs.
+	targetDir fs.FS
+	// In order to be able to make write operations (create, delete) we can't
+	// use fs.FS for it (it's read only), so we have to know the underlying
+	// directory that add/delete test methods can use. This is only necessary
+	// for testing purposes.
+	testDir string
+}
+
+func (f *FileRemoteStore) GetMeta(name string) (io.ReadCloser, int64, error) {
+	rc, b, err := f.get(f.fsys, name)
+	return handleErrors(name, rc, b, err)
+}
+
+func (f *FileRemoteStore) GetTarget(name string) (io.ReadCloser, int64, error) {
+	rc, b, err := f.get(f.targetDir, name)
+	return handleErrors(name, rc, b, err)
+}
+
+func (f *FileRemoteStore) get(fsys fs.FS, s string) (io.ReadCloser, int64, error) {
+	if !fs.ValidPath(s) {
+		return nil, 0, fmt.Errorf("invalid path %s", s)
+	}
+
+	b, err := fs.ReadFile(fsys, s)
+	if err != nil {
+		return nil, -1, err
+	}
+	return io.NopCloser(bytes.NewReader(b)), int64(len(b)), nil
+}
+
+// handleErrors converts NotFound errors to something that TUF knows how to
+// handle properly. For example, when looking for n+1 root files, this is a
+// signal that it will stop looking.
+func handleErrors(name string, rc io.ReadCloser, b int64, err error) (io.ReadCloser, int64, error) {
+	if err == nil {
+		return rc, b, err
+	}
+	if errors.Is(err, fs.ErrNotExist) {
+		return rc, b, ErrNotFound{name}
+	}
+	return rc, b, err
+}
diff --git a/vendor/github.com/DataDog/go-tuf/client/local_store.go b/vendor/github.com/DataDog/go-tuf/client/local_store.go
new file mode 100644
index 000000000..bb9421f5d
--- /dev/null
+++ b/vendor/github.com/DataDog/go-tuf/client/local_store.go
@@ -0,0 +1,29 @@
+package client
+
+import (
+	"encoding/json"
+)
+
+func MemoryLocalStore() LocalStore {
+	return make(memoryLocalStore)
+}
+
+type memoryLocalStore map[string]json.RawMessage
+
+func (m memoryLocalStore) GetMeta() (map[string]json.RawMessage, error) {
+	return m, nil
+}
+
+func (m memoryLocalStore) SetMeta(name string, meta json.RawMessage) error {
+	m[name] = meta
+	return nil
+}
+
+func (m memoryLocalStore) DeleteMeta(name string) error {
+	delete(m, name)
+	return nil
+}
+
+func (m memoryLocalStore) Close() error {
+	return nil
+}
diff --git a/vendor/github.com/DataDog/go-tuf/client/remote_store.go b/vendor/github.com/DataDog/go-tuf/client/remote_store.go
new file mode 100644
index 000000000..17a63fc59
--- /dev/null
+++ b/vendor/github.com/DataDog/go-tuf/client/remote_store.go
@@ -0,0 +1,109 @@
+package client
+
+import (
+	"fmt"
+	"io"
+	"net/http"
+	"net/url"
+	"path"
+	"strconv"
+	"strings"
+	"time"
+)
+
+type HTTPRemoteOptions struct {
+	MetadataPath string
+	TargetsPath  string
+	UserAgent    string
+	Retries      *HTTPRemoteRetries
+}
+
+type HTTPRemoteRetries struct {
+	Delay time.Duration
+	Total time.Duration
+}
+
+var DefaultHTTPRetries = &HTTPRemoteRetries{
+	Delay: time.Second,
+	Total: 10 * time.Second,
+}
+
+func HTTPRemoteStore(baseURL string, opts *HTTPRemoteOptions, client *http.Client) (RemoteStore, error) {
+	if !strings.HasPrefix(baseURL, "http") {
+		return nil, ErrInvalidURL{baseURL}
+	}
+	if opts == nil {
+		opts = &HTTPRemoteOptions{}
+	}
+	if opts.TargetsPath == "" {
+		opts.TargetsPath = "targets"
+	}
+	if client == nil {
+		client = http.DefaultClient
+	}
+	return &httpRemoteStore{baseURL, opts, client}, nil
+}
+
+type httpRemoteStore struct {
+	baseURL string
+	opts    *HTTPRemoteOptions
+	cli     *http.Client
+}
+
+func (h *httpRemoteStore) GetMeta(name string) (io.ReadCloser, int64, error) {
+	return h.get(path.Join(h.opts.MetadataPath, name))
+}
+
+func (h *httpRemoteStore) GetTarget(name string) (io.ReadCloser, int64, error) {
+	return h.get(path.Join(h.opts.TargetsPath, name))
+}
+
+func (h *httpRemoteStore) get(s string) (io.ReadCloser, int64, error) {
+	u := h.url(s)
+	req, err := http.NewRequest("GET", u, nil)
+	if err != nil {
+		return nil, 0, err
+	}
+	if h.opts.UserAgent != "" {
+		req.Header.Set("User-Agent", h.opts.UserAgent)
+	}
+	var res *http.Response
+	if r := h.opts.Retries; r != nil {
+		for start := time.Now(); time.Since(start) < r.Total; time.Sleep(r.Delay) {
+			res, err = h.cli.Do(req)
+			if err == nil && (res.StatusCode < 500 || res.StatusCode > 599) {
+				break
+			}
+		}
+	} else {
+		res, err = h.cli.Do(req)
+	}
+	if err != nil {
+		return nil, 0, err
+	}
+
+	if res.StatusCode == http.StatusNotFound {
+		res.Body.Close()
+		return nil, 0, ErrNotFound{s}
+	} else if res.StatusCode != http.StatusOK {
+		res.Body.Close()
+		return nil, 0, &url.Error{
+			Op:  "GET",
+			URL: u,
+			Err: fmt.Errorf("unexpected HTTP status %d", res.StatusCode),
+		}
+	}
+
+	size, err := strconv.ParseInt(res.Header.Get("Content-Length"), 10, 0)
+	if err != nil {
+		return res.Body, -1, nil
+	}
+	return res.Body, size, nil
+}
+
+func (h *httpRemoteStore) url(path string) string {
+	if !strings.HasPrefix(path, "/") {
+		path = "/" + path
+	}
+	return h.baseURL + path
+}
diff --git a/vendor/github.com/DataDog/go-tuf/data/hex_bytes.go b/vendor/github.com/DataDog/go-tuf/data/hex_bytes.go
new file mode 100644
index 000000000..ec200412e
--- /dev/null
+++ b/vendor/github.com/DataDog/go-tuf/data/hex_bytes.go
@@ -0,0 +1,42 @@
+package data
+
+import (
+	"crypto/sha256"
+	"encoding/hex"
+	"errors"
+)
+
+type HexBytes []byte
+
+func (b *HexBytes) UnmarshalJSON(data []byte) error {
+	if len(data) < 2 || len(data)%2 != 0 || data[0] != '"' || data[len(data)-1] != '"' {
+		return errors.New("tuf: invalid JSON hex bytes")
+	}
+	res := make([]byte, hex.DecodedLen(len(data)-2))
+	_, err := hex.Decode(res, data[1:len(data)-1])
+	if err != nil {
+		return err
+	}
+	*b = res
+	return nil
+}
+
+func (b HexBytes) MarshalJSON() ([]byte, error) {
+	res := make([]byte, hex.EncodedLen(len(b))+2)
+	res[0] = '"'
+	res[len(res)-1] = '"'
+	hex.Encode(res[1:], b)
+	return res, nil
+}
+
+func (b HexBytes) String() string {
+	return hex.EncodeToString(b)
+}
+
+// 4.5. File formats: targets.json and delegated target roles:
+// ...each target path, when hashed with the SHA-256 hash function to produce
+// a 64-byte hexadecimal digest (HEX_DIGEST)...
+func PathHexDigest(s string) string {
+	b := sha256.Sum256([]byte(s))
+	return hex.EncodeToString(b[:])
+}
diff --git a/vendor/github.com/DataDog/go-tuf/data/types.go b/vendor/github.com/DataDog/go-tuf/data/types.go
new file mode 100644
index 000000000..eb00489b6
--- /dev/null
+++ b/vendor/github.com/DataDog/go-tuf/data/types.go
@@ -0,0 +1,348 @@
+package data
+
+import (
+	"bytes"
+	"crypto/sha256"
+	"encoding/hex"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"path"
+	"strings"
+	"sync"
+	"time"
+
+	"github.com/secure-systems-lab/go-securesystemslib/cjson"
+)
+
+type KeyType string
+
+type KeyScheme string
+
+type HashAlgorithm string
+
+const (
+	KeyIDLength = sha256.Size * 2
+
+	KeyTypeEd25519 KeyType = "ed25519"
+	// From version 1.0.32, the reference implementation defines 'ecdsa',
+	// not 'ecdsa-sha2-nistp256' for NIST P-256 curves.
+	KeyTypeECDSA_SHA2_P256         KeyType = "ecdsa"
+	KeyTypeECDSA_SHA2_P256_OLD_FMT KeyType = "ecdsa-sha2-nistp256"
+	KeyTypeRSASSA_PSS_SHA256       KeyType = "rsa"
+
+	KeySchemeEd25519           KeyScheme = "ed25519"
+	KeySchemeECDSA_SHA2_P256   KeyScheme = "ecdsa-sha2-nistp256"
+	KeySchemeRSASSA_PSS_SHA256 KeyScheme = "rsassa-pss-sha256"
+
+	HashAlgorithmSHA256 HashAlgorithm = "sha256"
+	HashAlgorithmSHA512 HashAlgorithm = "sha512"
+)
+
+var (
+	HashAlgorithms           = []HashAlgorithm{HashAlgorithmSHA256, HashAlgorithmSHA512}
+	ErrPathsAndPathHashesSet = errors.New("tuf: failed validation of delegated target: paths and path_hash_prefixes are both set")
+)
+
+type Signed struct {
+	Signed     json.RawMessage `json:"signed"`
+	Signatures []Signature     `json:"signatures"`
+}
+
+type Signature struct {
+	KeyID     string   `json:"keyid"`
+	Signature HexBytes `json:"sig"`
+}
+
+type PublicKey struct {
+	Type       KeyType         `json:"keytype"`
+	Scheme     KeyScheme       `json:"scheme"`
+	Algorithms []HashAlgorithm `json:"keyid_hash_algorithms,omitempty"`
+	Value      json.RawMessage `json:"keyval"`
+
+	ids    []string
+	idOnce sync.Once
+}
+
+type PrivateKey struct {
+	Type       KeyType         `json:"keytype"`
+	Scheme     KeyScheme       `json:"scheme,omitempty"`
+	Algorithms []HashAlgorithm `json:"keyid_hash_algorithms,omitempty"`
+	Value      json.RawMessage `json:"keyval"`
+}
+
+func (k *PublicKey) IDs() []string {
+	k.idOnce.Do(func() {
+		data, err := cjson.EncodeCanonical(k)
+		if err != nil {
+			panic(fmt.Errorf("tuf: error creating key ID: %w", err))
+		}
+		digest := sha256.Sum256(data)
+		k.ids = []string{hex.EncodeToString(digest[:])}
+	})
+	return k.ids
+}
+
+func (k *PublicKey) ContainsID(id string) bool {
+	for _, keyid := range k.IDs() {
+		if id == keyid {
+			return true
+		}
+	}
+	return false
+}
+
+func DefaultExpires(role string) time.Time {
+	var t time.Time
+	switch role {
+	case "root":
+		t = time.Now().AddDate(1, 0, 0)
+	case "snapshot":
+		t = time.Now().AddDate(0, 0, 7)
+	case "timestamp":
+		t = time.Now().AddDate(0, 0, 1)
+	default:
+		// targets and delegated targets
+		t = time.Now().AddDate(0, 3, 0)
+	}
+	return t.UTC().Round(time.Second)
+}
+
+type Root struct {
+	Type        string                `json:"_type"`
+	SpecVersion string                `json:"spec_version"`
+	Version     int64                 `json:"version"`
+	Expires     time.Time             `json:"expires"`
+	Keys        map[string]*PublicKey `json:"keys"`
+	Roles       map[string]*Role      `json:"roles"`
+	Custom      *json.RawMessage      `json:"custom,omitempty"`
+
+	ConsistentSnapshot bool `json:"consistent_snapshot"`
+}
+
+func NewRoot() *Root {
+	return &Root{
+		Type:               "root",
+		SpecVersion:        "1.0",
+		Expires:            DefaultExpires("root"),
+		Keys:               make(map[string]*PublicKey),
+		Roles:              make(map[string]*Role),
+		ConsistentSnapshot: true,
+	}
+}
+
+func (r *Root) AddKey(key *PublicKey) bool {
+	changed := false
+	for _, id := range key.IDs() {
+		if _, ok := r.Keys[id]; !ok {
+			changed = true
+			r.Keys[id] = key
+		}
+	}
+	return changed
+}
+
+type Role struct {
+	KeyIDs    []string `json:"keyids"`
+	Threshold int      `json:"threshold"`
+}
+
+func (r *Role) AddKeyIDs(ids []string) bool {
+	roleIDs := make(map[string]struct{})
+	for _, id := range r.KeyIDs {
+		roleIDs[id] = struct{}{}
+	}
+	changed := false
+	for _, id := range ids {
+		if _, ok := roleIDs[id]; !ok {
+			changed = true
+			r.KeyIDs = append(r.KeyIDs, id)
+		}
+	}
+	return changed
+}
+
+type Files map[string]TargetFileMeta
+
+type Hashes map[string]HexBytes
+
+func (f Hashes) HashAlgorithms() []string {
+	funcs := make([]string, 0, len(f))
+	for name := range f {
+		funcs = append(funcs, name)
+	}
+	return funcs
+}
+
+type metapathFileMeta struct {
+	Length  int64            `json:"length,omitempty"`
+	Hashes  Hashes           `json:"hashes,omitempty"`
+	Version int64            `json:"version"`
+	Custom  *json.RawMessage `json:"custom,omitempty"`
+}
+
+// SnapshotFileMeta is the meta field of a snapshot
+// Note: Contains a `custom` field
+type SnapshotFileMeta metapathFileMeta
+
+type SnapshotFiles map[string]SnapshotFileMeta
+
+type Snapshot struct {
+	Type        string           `json:"_type"`
+	SpecVersion string           `json:"spec_version"`
+	Version     int64            `json:"version"`
+	Expires     time.Time        `json:"expires"`
+	Meta        SnapshotFiles    `json:"meta"`
+	Custom      *json.RawMessage `json:"custom,omitempty"`
+}
+
+func NewSnapshot() *Snapshot {
+	return &Snapshot{
+		Type:        "snapshot",
+		SpecVersion: "1.0",
+		Expires:     DefaultExpires("snapshot"),
+		Meta:        make(SnapshotFiles),
+	}
+}
+
+type FileMeta struct {
+	Length int64  `json:"length"`
+	Hashes Hashes `json:"hashes"`
+}
+
+type TargetFiles map[string]TargetFileMeta
+
+type TargetFileMeta struct {
+	FileMeta
+	Custom *json.RawMessage `json:"custom,omitempty"`
+}
+
+func (f TargetFileMeta) HashAlgorithms() []string {
+	return f.FileMeta.Hashes.HashAlgorithms()
+}
+
+type Targets struct {
+	Type        string           `json:"_type"`
+	SpecVersion string           `json:"spec_version"`
+	Version     int64            `json:"version"`
+	Expires     time.Time        `json:"expires"`
+	Targets     TargetFiles      `json:"targets"`
+	Delegations *Delegations     `json:"delegations,omitempty"`
+	Custom      *json.RawMessage `json:"custom,omitempty"`
+}
+
+// Delegations represents the edges from a parent Targets role to one or more
+// delegated target roles. See spec v1.0.19 section 4.5.
+type Delegations struct {
+	Keys  map[string]*PublicKey `json:"keys"`
+	Roles []DelegatedRole       `json:"roles"`
+}
+
+// DelegatedRole describes a delegated role, including what paths it is
+// reponsible for. See spec v1.0.19 section 4.5.
+type DelegatedRole struct {
+	Name             string   `json:"name"`
+	KeyIDs           []string `json:"keyids"`
+	Threshold        int      `json:"threshold"`
+	Terminating      bool     `json:"terminating"`
+	PathHashPrefixes []string `json:"path_hash_prefixes,omitempty"`
+	Paths            []string `json:"paths"`
+}
+
+// MatchesPath evaluates whether the path patterns or path hash prefixes match
+// a given file. This determines whether a delegated role is responsible for
+// signing and verifying the file.
+func (d *DelegatedRole) MatchesPath(file string) (bool, error) {
+	if err := d.validatePaths(); err != nil {
+		return false, err
+	}
+
+	for _, pattern := range d.Paths {
+		if matched, _ := path.Match(pattern, file); matched {
+			return true, nil
+		}
+	}
+
+	pathHash := PathHexDigest(file)
+	for _, hashPrefix := range d.PathHashPrefixes {
+		if strings.HasPrefix(pathHash, hashPrefix) {
+			return true, nil
+		}
+	}
+
+	return false, nil
+}
+
+// validatePaths enforces the spec
+// https://theupdateframework.github.io/specification/v1.0.19/index.html#file-formats-targets
+// 'role MUST specify only one of the "path_hash_prefixes" or "paths"'
+// Marshalling and unmarshalling JSON will fail and return
+// ErrPathsAndPathHashesSet if both fields are set and not empty.
+func (d *DelegatedRole) validatePaths() error {
+	if len(d.PathHashPrefixes) > 0 && len(d.Paths) > 0 {
+		return ErrPathsAndPathHashesSet
+	}
+
+	return nil
+}
+
+// MarshalJSON is called when writing the struct to JSON. We validate prior to
+// marshalling to ensure that an invalid delegated role can not be serialized
+// to JSON.
+func (d *DelegatedRole) MarshalJSON() ([]byte, error) {
+	type delegatedRoleAlias DelegatedRole
+
+	if err := d.validatePaths(); err != nil {
+		return nil, err
+	}
+
+	return json.Marshal((*delegatedRoleAlias)(d))
+}
+
+// UnmarshalJSON is called when reading the struct from JSON. We validate once
+// unmarshalled to ensure that an error is thrown if an invalid delegated role
+// is read.
+func (d *DelegatedRole) UnmarshalJSON(b []byte) error {
+	type delegatedRoleAlias DelegatedRole
+
+	// Prepare decoder
+	dec := json.NewDecoder(bytes.NewReader(b))
+
+	// Unmarshal delegated role
+	if err := dec.Decode((*delegatedRoleAlias)(d)); err != nil {
+		return err
+	}
+
+	return d.validatePaths()
+}
+
+func NewTargets() *Targets {
+	return &Targets{
+		Type:        "targets",
+		SpecVersion: "1.0",
+		Expires:     DefaultExpires("targets"),
+		Targets:     make(TargetFiles),
+	}
+}
+
+type TimestampFileMeta metapathFileMeta
+
+type TimestampFiles map[string]TimestampFileMeta
+
+type Timestamp struct {
+	Type        string           `json:"_type"`
+	SpecVersion string           `json:"spec_version"`
+	Version     int64            `json:"version"`
+	Expires     time.Time        `json:"expires"`
+	Meta        TimestampFiles   `json:"meta"`
+	Custom      *json.RawMessage `json:"custom,omitempty"`
+}
+
+func NewTimestamp() *Timestamp {
+	return &Timestamp{
+		Type:        "timestamp",
+		SpecVersion: "1.0",
+		Expires:     DefaultExpires("timestamp"),
+		Meta:        make(TimestampFiles),
+	}
+}
diff --git a/vendor/github.com/DataDog/go-tuf/internal/roles/roles.go b/vendor/github.com/DataDog/go-tuf/internal/roles/roles.go
new file mode 100644
index 000000000..0b134b2a0
--- /dev/null
+++ b/vendor/github.com/DataDog/go-tuf/internal/roles/roles.go
@@ -0,0 +1,48 @@
+package roles
+
+import (
+	"strconv"
+	"strings"
+)
+
+var TopLevelRoles = map[string]struct{}{
+	"root":      {},
+	"targets":   {},
+	"snapshot":  {},
+	"timestamp": {},
+}
+
+func IsTopLevelRole(name string) bool {
+	_, ok := TopLevelRoles[name]
+	return ok
+}
+
+func IsDelegatedTargetsRole(name string) bool {
+	return !IsTopLevelRole(name)
+}
+
+func IsTopLevelManifest(name string) bool {
+	if IsVersionedManifest(name) {
+		var found bool
+		_, name, found = strings.Cut(name, ".")
+		if !found {
+			panic("expected a versioned manifest of the form x.role.json")
+		}
+	}
+	return IsTopLevelRole(strings.TrimSuffix(name, ".json"))
+}
+
+func IsDelegatedTargetsManifest(name string) bool {
+	return !IsTopLevelManifest(name)
+}
+
+func IsVersionedManifest(name string) bool {
+	parts := strings.Split(name, ".")
+	// Versioned manifests have the form "x.role.json"
+	if len(parts) < 3 {
+		return false
+	}
+
+	_, err := strconv.Atoi(parts[0])
+	return err == nil
+}
diff --git a/vendor/github.com/DataDog/go-tuf/internal/sets/strings.go b/vendor/github.com/DataDog/go-tuf/internal/sets/strings.go
new file mode 100644
index 000000000..7eee57d09
--- /dev/null
+++ b/vendor/github.com/DataDog/go-tuf/internal/sets/strings.go
@@ -0,0 +1,24 @@
+package sets
+
+func StringSliceToSet(items []string) map[string]struct{} {
+	s := map[string]struct{}{}
+	for _, item := range items {
+		s[item] = struct{}{}
+	}
+	return s
+}
+
+func StringSetToSlice(items map[string]struct{}) []string {
+	ret := []string{}
+
+	for k := range items {
+		ret = append(ret, k)
+	}
+
+	return ret
+}
+
+func DeduplicateStrings(items []string) []string {
+	s := StringSliceToSet(items)
+	return StringSetToSlice(s)
+}
diff --git a/vendor/github.com/DataDog/go-tuf/pkg/keys/deprecated_ecdsa.go b/vendor/github.com/DataDog/go-tuf/pkg/keys/deprecated_ecdsa.go
new file mode 100644
index 000000000..6c4c20682
--- /dev/null
+++ b/vendor/github.com/DataDog/go-tuf/pkg/keys/deprecated_ecdsa.go
@@ -0,0 +1,101 @@
+package keys
+
+import (
+	"bytes"
+	"crypto/ecdsa"
+	"crypto/elliptic"
+	"crypto/sha256"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"io"
+
+	"github.com/DataDog/go-tuf/data"
+)
+
+func NewDeprecatedEcdsaVerifier() Verifier {
+	return &ecdsaVerifierWithDeprecatedSupport{}
+}
+
+type ecdsaVerifierWithDeprecatedSupport struct {
+	key *data.PublicKey
+	// This will switch based on whether this is a PEM-encoded key
+	// or a deprecated hex-encoded key.
+	Verifier
+}
+
+func (p *ecdsaVerifierWithDeprecatedSupport) UnmarshalPublicKey(key *data.PublicKey) error {
+	p.key = key
+	pemVerifier := &EcdsaVerifier{}
+	if err := pemVerifier.UnmarshalPublicKey(key); err != nil {
+		// Try the deprecated hex-encoded verifier
+		hexVerifier := &deprecatedP256Verifier{}
+		if err := hexVerifier.UnmarshalPublicKey(key); err != nil {
+			return err
+		}
+		p.Verifier = hexVerifier
+		return nil
+	}
+	p.Verifier = pemVerifier
+	return nil
+}
+
+/*
+   Deprecated ecdsaVerifier that used hex-encoded public keys.
+   This MAY be used to verify existing metadata that used this
+   old format. This will be deprecated soon, ensure that repositories
+   are re-signed and clients receieve a fully compliant root.
+*/
+
+type deprecatedP256Verifier struct {
+	PublicKey data.HexBytes `json:"public"`
+	key       *data.PublicKey
+}
+
+func (p *deprecatedP256Verifier) Public() string {
+	return p.PublicKey.String()
+}
+
+func (p *deprecatedP256Verifier) Verify(msg, sigBytes []byte) error {
+	x, y := elliptic.Unmarshal(elliptic.P256(), p.PublicKey)
+	k := &ecdsa.PublicKey{
+		Curve: elliptic.P256(),
+		X:     x,
+		Y:     y,
+	}
+
+	hash := sha256.Sum256(msg)
+
+	if !ecdsa.VerifyASN1(k, hash[:], sigBytes) {
+		return errors.New("tuf: deprecated ecdsa signature verification failed")
+	}
+	return nil
+}
+
+func (p *deprecatedP256Verifier) MarshalPublicKey() *data.PublicKey {
+	return p.key
+}
+
+func (p *deprecatedP256Verifier) UnmarshalPublicKey(key *data.PublicKey) error {
+	// Prepare decoder limited to 512Kb
+	dec := json.NewDecoder(io.LimitReader(bytes.NewReader(key.Value), MaxJSONKeySize))
+
+	// Unmarshal key value
+	if err := dec.Decode(p); err != nil {
+		if errors.Is(err, io.EOF) || errors.Is(err, io.ErrUnexpectedEOF) {
+			return fmt.Errorf("tuf: the public key is truncated or too large: %w", err)
+		}
+		return err
+	}
+
+	curve := elliptic.P256()
+
+	// Parse as uncompressed marshalled point.
+	x, _ := elliptic.Unmarshal(curve, p.PublicKey)
+	if x == nil {
+		return errors.New("tuf: invalid ecdsa public key point")
+	}
+
+	p.key = key
+	return nil
+}
diff --git a/vendor/github.com/DataDog/go-tuf/pkg/keys/ecdsa.go b/vendor/github.com/DataDog/go-tuf/pkg/keys/ecdsa.go
new file mode 100644
index 000000000..ea75b97e8
--- /dev/null
+++ b/vendor/github.com/DataDog/go-tuf/pkg/keys/ecdsa.go
@@ -0,0 +1,173 @@
+package keys
+
+import (
+	"bytes"
+	"crypto/ecdsa"
+	"crypto/elliptic"
+	"crypto/rand"
+	"crypto/sha256"
+	"crypto/x509"
+	"encoding/json"
+	"encoding/pem"
+	"errors"
+	"fmt"
+	"io"
+
+	"github.com/DataDog/go-tuf/data"
+)
+
+func init() {
+	// Note: we use LoadOrStore here to prevent accidentally overriding the
+	// an explicit deprecated ECDSA verifier.
+	// TODO: When deprecated ECDSA is removed, this can switch back to Store.
+	VerifierMap.LoadOrStore(data.KeyTypeECDSA_SHA2_P256_OLD_FMT, NewEcdsaVerifier)
+	VerifierMap.LoadOrStore(data.KeyTypeECDSA_SHA2_P256, NewEcdsaVerifier)
+	SignerMap.Store(data.KeyTypeECDSA_SHA2_P256_OLD_FMT, newEcdsaSigner)
+	SignerMap.Store(data.KeyTypeECDSA_SHA2_P256, newEcdsaSigner)
+}
+
+func NewEcdsaVerifier() Verifier {
+	return &EcdsaVerifier{}
+}
+
+func newEcdsaSigner() Signer {
+	return &ecdsaSigner{}
+}
+
+type EcdsaVerifier struct {
+	PublicKey *PKIXPublicKey `json:"public"`
+	ecdsaKey  *ecdsa.PublicKey
+	key       *data.PublicKey
+}
+
+func (p *EcdsaVerifier) Public() string {
+	// This is already verified to succeed when unmarshalling a public key.
+	r, err := x509.MarshalPKIXPublicKey(p.ecdsaKey)
+	if err != nil {
+		// TODO: Gracefully handle these errors.
+		// See https://github.com/DataDog/go-tuf/issues/363
+		panic(err)
+	}
+	return string(r)
+}
+
+func (p *EcdsaVerifier) Verify(msg, sigBytes []byte) error {
+	hash := sha256.Sum256(msg)
+
+	if !ecdsa.VerifyASN1(p.ecdsaKey, hash[:], sigBytes) {
+		return errors.New("tuf: ecdsa signature verification failed")
+	}
+	return nil
+}
+
+func (p *EcdsaVerifier) MarshalPublicKey() *data.PublicKey {
+	return p.key
+}
+
+func (p *EcdsaVerifier) UnmarshalPublicKey(key *data.PublicKey) error {
+	// Prepare decoder limited to 512Kb
+	dec := json.NewDecoder(io.LimitReader(bytes.NewReader(key.Value), MaxJSONKeySize))
+
+	// Unmarshal key value
+	if err := dec.Decode(p); err != nil {
+		if errors.Is(err, io.EOF) || errors.Is(err, io.ErrUnexpectedEOF) {
+			return fmt.Errorf("tuf: the public key is truncated or too large: %w", err)
+		}
+		return err
+	}
+
+	ecdsaKey, ok := p.PublicKey.PublicKey.(*ecdsa.PublicKey)
+	if !ok {
+		return fmt.Errorf("invalid public key")
+	}
+
+	if _, err := x509.MarshalPKIXPublicKey(ecdsaKey); err != nil {
+		return fmt.Errorf("marshalling to PKIX key: invalid public key")
+	}
+
+	p.ecdsaKey = ecdsaKey
+	p.key = key
+	return nil
+}
+
+type ecdsaSigner struct {
+	*ecdsa.PrivateKey
+}
+
+type ecdsaPrivateKeyValue struct {
+	Private string         `json:"private"`
+	Public  *PKIXPublicKey `json:"public"`
+}
+
+func (s *ecdsaSigner) PublicData() *data.PublicKey {
+	// This uses a trusted public key JSON format with a trusted Public value.
+	keyValBytes, _ := json.Marshal(EcdsaVerifier{PublicKey: &PKIXPublicKey{PublicKey: s.Public()}})
+	return &data.PublicKey{
+		Type:       data.KeyTypeECDSA_SHA2_P256,
+		Scheme:     data.KeySchemeECDSA_SHA2_P256,
+		Algorithms: data.HashAlgorithms,
+		Value:      keyValBytes,
+	}
+}
+
+func (s *ecdsaSigner) SignMessage(message []byte) ([]byte, error) {
+	hash := sha256.Sum256(message)
+	return ecdsa.SignASN1(rand.Reader, s.PrivateKey, hash[:])
+}
+
+func (s *ecdsaSigner) MarshalPrivateKey() (*data.PrivateKey, error) {
+	priv, err := x509.MarshalECPrivateKey(s.PrivateKey)
+	if err != nil {
+		return nil, err
+	}
+	pemKey := pem.EncodeToMemory(&pem.Block{Type: "EC PRIVATE KEY", Bytes: priv})
+	val, err := json.Marshal(ecdsaPrivateKeyValue{
+		Private: string(pemKey),
+		Public:  &PKIXPublicKey{PublicKey: s.Public()},
+	})
+	if err != nil {
+		return nil, err
+	}
+	return &data.PrivateKey{
+		Type:       data.KeyTypeECDSA_SHA2_P256,
+		Scheme:     data.KeySchemeECDSA_SHA2_P256,
+		Algorithms: data.HashAlgorithms,
+		Value:      val,
+	}, nil
+}
+
+func (s *ecdsaSigner) UnmarshalPrivateKey(key *data.PrivateKey) error {
+	val := ecdsaPrivateKeyValue{}
+	if err := json.Unmarshal(key.Value, &val); err != nil {
+		return err
+	}
+	block, _ := pem.Decode([]byte(val.Private))
+	if block == nil {
+		return errors.New("invalid PEM value")
+	}
+	if block.Type != "EC PRIVATE KEY" {
+		return fmt.Errorf("invalid block type: %s", block.Type)
+	}
+	k, err := x509.ParseECPrivateKey(block.Bytes)
+	if err != nil {
+		return err
+	}
+	if k.Curve != elliptic.P256() {
+		return errors.New("unsupported ecdsa curve")
+	}
+	if _, err := json.Marshal(EcdsaVerifier{
+		PublicKey: &PKIXPublicKey{PublicKey: k.Public()}}); err != nil {
+		return fmt.Errorf("invalid public key: %s", err)
+	}
+
+	s.PrivateKey = k
+	return nil
+}
+
+func GenerateEcdsaKey() (*ecdsaSigner, error) {
+	privkey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
+	if err != nil {
+		return nil, err
+	}
+	return &ecdsaSigner{privkey}, nil
+}
diff --git a/vendor/github.com/DataDog/go-tuf/pkg/keys/ed25519.go b/vendor/github.com/DataDog/go-tuf/pkg/keys/ed25519.go
new file mode 100644
index 000000000..4667147fd
--- /dev/null
+++ b/vendor/github.com/DataDog/go-tuf/pkg/keys/ed25519.go
@@ -0,0 +1,161 @@
+package keys
+
+import (
+	"bytes"
+	"crypto"
+	"crypto/ed25519"
+	"crypto/rand"
+	"crypto/subtle"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"io"
+
+	"github.com/DataDog/go-tuf/data"
+)
+
+func init() {
+	SignerMap.Store(data.KeyTypeEd25519, NewEd25519Signer)
+	VerifierMap.Store(data.KeyTypeEd25519, NewEd25519Verifier)
+}
+
+func NewEd25519Signer() Signer {
+	return &ed25519Signer{}
+}
+
+func NewEd25519Verifier() Verifier {
+	return &ed25519Verifier{}
+}
+
+type ed25519Verifier struct {
+	PublicKey data.HexBytes `json:"public"`
+	key       *data.PublicKey
+}
+
+func (e *ed25519Verifier) Public() string {
+	return string(e.PublicKey)
+}
+
+func (e *ed25519Verifier) Verify(msg, sig []byte) error {
+	if !ed25519.Verify([]byte(e.PublicKey), msg, sig) {
+		return errors.New("tuf: ed25519 signature verification failed")
+	}
+	return nil
+}
+
+func (e *ed25519Verifier) MarshalPublicKey() *data.PublicKey {
+	return e.key
+}
+
+func (e *ed25519Verifier) UnmarshalPublicKey(key *data.PublicKey) error {
+	e.key = key
+
+	// Prepare decoder limited to 512Kb
+	dec := json.NewDecoder(io.LimitReader(bytes.NewReader(key.Value), MaxJSONKeySize))
+
+	// Unmarshal key value
+	if err := dec.Decode(e); err != nil {
+		if errors.Is(err, io.EOF) || errors.Is(err, io.ErrUnexpectedEOF) {
+			return fmt.Errorf("tuf: the public key is truncated or too large: %w", err)
+		}
+		return err
+	}
+	if n := len(e.PublicKey); n != ed25519.PublicKeySize {
+		return fmt.Errorf("tuf: unexpected public key length for ed25519 key, expected %d, got %d", ed25519.PublicKeySize, n)
+	}
+	return nil
+}
+
+type Ed25519PrivateKeyValue struct {
+	Public  data.HexBytes `json:"public"`
+	Private data.HexBytes `json:"private"`
+}
+
+type ed25519Signer struct {
+	ed25519.PrivateKey
+}
+
+func GenerateEd25519Key() (*ed25519Signer, error) {
+	_, private, err := ed25519.GenerateKey(rand.Reader)
+	if err != nil {
+		return nil, err
+	}
+	if err != nil {
+		return nil, err
+	}
+	return &ed25519Signer{
+		PrivateKey: ed25519.PrivateKey(data.HexBytes(private)),
+	}, nil
+}
+
+func NewEd25519SignerFromKey(keyValue Ed25519PrivateKeyValue) *ed25519Signer {
+	return &ed25519Signer{
+		PrivateKey: ed25519.PrivateKey(data.HexBytes(keyValue.Private)),
+	}
+}
+
+func (e *ed25519Signer) SignMessage(message []byte) ([]byte, error) {
+	return e.Sign(rand.Reader, message, crypto.Hash(0))
+}
+
+func (e *ed25519Signer) MarshalPrivateKey() (*data.PrivateKey, error) {
+	valueBytes, err := json.Marshal(Ed25519PrivateKeyValue{
+		Public:  data.HexBytes([]byte(e.PrivateKey.Public().(ed25519.PublicKey))),
+		Private: data.HexBytes(e.PrivateKey),
+	})
+	if err != nil {
+		return nil, err
+	}
+	return &data.PrivateKey{
+		Type:       data.KeyTypeEd25519,
+		Scheme:     data.KeySchemeEd25519,
+		Algorithms: data.HashAlgorithms,
+		Value:      valueBytes,
+	}, nil
+}
+
+func (e *ed25519Signer) UnmarshalPrivateKey(key *data.PrivateKey) error {
+	keyValue := &Ed25519PrivateKeyValue{}
+
+	// Prepare decoder limited to 512Kb
+	dec := json.NewDecoder(io.LimitReader(bytes.NewReader(key.Value), MaxJSONKeySize))
+
+	// Unmarshal key value
+	if err := dec.Decode(keyValue); err != nil {
+		if errors.Is(err, io.EOF) || errors.Is(err, io.ErrUnexpectedEOF) {
+			return fmt.Errorf("tuf: the private key is truncated or too large: %w", err)
+		}
+	}
+
+	// Check private key length
+	if n := len(keyValue.Private); n != ed25519.PrivateKeySize {
+		return fmt.Errorf("tuf: invalid ed25519 private key length, expected %d, got %d", ed25519.PrivateKeySize, n)
+	}
+
+	// Generate public key from private key
+	pub, _, err := ed25519.GenerateKey(bytes.NewReader(keyValue.Private))
+	if err != nil {
+		return fmt.Errorf("tuf: unable to derive public key from private key: %w", err)
+	}
+
+	// Compare keys
+	if subtle.ConstantTimeCompare(keyValue.Public, pub) != 1 {
+		return errors.New("tuf: public and private keys don't match")
+	}
+
+	// Prepare signer
+	*e = ed25519Signer{
+		PrivateKey: ed25519.PrivateKey(data.HexBytes(keyValue.Private)),
+	}
+	return nil
+}
+
+func (e *ed25519Signer) PublicData() *data.PublicKey {
+	keyValBytes, _ := json.Marshal(ed25519Verifier{PublicKey: []byte(e.PrivateKey.Public().(ed25519.PublicKey))})
+	return &data.PublicKey{
+		Type:       data.KeyTypeEd25519,
+		Scheme:     data.KeySchemeEd25519,
+		Algorithms: data.HashAlgorithms,
+		Value:      keyValBytes,
+	}
+}
diff --git a/vendor/github.com/DataDog/go-tuf/pkg/keys/keys.go b/vendor/github.com/DataDog/go-tuf/pkg/keys/keys.go
new file mode 100644
index 000000000..7fc25316e
--- /dev/null
+++ b/vendor/github.com/DataDog/go-tuf/pkg/keys/keys.go
@@ -0,0 +1,82 @@
+package keys
+
+import (
+	"errors"
+	"fmt"
+	"sync"
+
+	"github.com/DataDog/go-tuf/data"
+)
+
+// MaxJSONKeySize defines the maximum length of a JSON payload.
+const MaxJSONKeySize = 512 * 1024 // 512Kb
+
+// SignerMap stores mapping between key type strings and signer constructors.
+var SignerMap sync.Map
+
+// Verifier stores mapping between key type strings and verifier constructors.
+var VerifierMap sync.Map
+
+var (
+	ErrInvalid    = errors.New("tuf: signature verification failed")
+	ErrInvalidKey = errors.New("invalid key")
+)
+
+// A Verifier verifies public key signatures.
+type Verifier interface {
+	// UnmarshalPublicKey takes key data to a working verifier implementation for the key type.
+	// This performs any validation over the data.PublicKey to ensure that the verifier is usable
+	// to verify signatures.
+	UnmarshalPublicKey(key *data.PublicKey) error
+
+	// MarshalPublicKey returns the data.PublicKey object associated with the verifier.
+	MarshalPublicKey() *data.PublicKey
+
+	// This is the public string used as a unique identifier for the verifier instance.
+	Public() string
+
+	// Verify takes a message and signature, all as byte slices,
+	// and determines whether the signature is valid for the given
+	// key and message.
+	Verify(msg, sig []byte) error
+}
+
+type Signer interface {
+	// MarshalPrivateKey returns the private key data.
+	MarshalPrivateKey() (*data.PrivateKey, error)
+
+	// UnmarshalPrivateKey takes private key data to a working Signer implementation for the key type.
+	UnmarshalPrivateKey(key *data.PrivateKey) error
+
+	// Returns the public data.PublicKey from the private key
+	PublicData() *data.PublicKey
+
+	// Sign returns the signature of the message.
+	// The signer is expected to do its own hashing, so the full message will be
+	// provided as the message to Sign with a zero opts.HashFunc().
+	SignMessage(message []byte) ([]byte, error)
+}
+
+func GetVerifier(key *data.PublicKey) (Verifier, error) {
+	st, ok := VerifierMap.Load(key.Type)
+	if !ok {
+		return nil, ErrInvalidKey
+	}
+	s := st.(func() Verifier)()
+	if err := s.UnmarshalPublicKey(key); err != nil {
+		return nil, fmt.Errorf("tuf: error unmarshalling key: %w", err)
+	}
+	return s, nil
+}
+
+func GetSigner(key *data.PrivateKey) (Signer, error) {
+	st, ok := SignerMap.Load(key.Type)
+	if !ok {
+		return nil, ErrInvalidKey
+	}
+	s := st.(func() Signer)()
+	if err := s.UnmarshalPrivateKey(key); err != nil {
+		return nil, fmt.Errorf("tuf: error unmarshalling key: %w", err)
+	}
+	return s, nil
+}
diff --git a/vendor/github.com/DataDog/go-tuf/pkg/keys/pkix.go b/vendor/github.com/DataDog/go-tuf/pkg/keys/pkix.go
new file mode 100644
index 000000000..e58d4c9f8
--- /dev/null
+++ b/vendor/github.com/DataDog/go-tuf/pkg/keys/pkix.go
@@ -0,0 +1,56 @@
+package keys
+
+import (
+	"bytes"
+	"crypto"
+	"crypto/x509"
+	"encoding/json"
+	"encoding/pem"
+	"errors"
+	"fmt"
+	"io"
+)
+
+type PKIXPublicKey struct {
+	crypto.PublicKey
+}
+
+func (p *PKIXPublicKey) MarshalJSON() ([]byte, error) {
+	bytes, err := x509.MarshalPKIXPublicKey(p.PublicKey)
+	if err != nil {
+		return nil, err
+	}
+	pemBytes := pem.EncodeToMemory(&pem.Block{
+		Type:  "PUBLIC KEY",
+		Bytes: bytes,
+	})
+	return json.Marshal(string(pemBytes))
+}
+
+func (p *PKIXPublicKey) UnmarshalJSON(b []byte) error {
+	var pemValue string
+	// Prepare decoder limited to 512Kb
+	dec := json.NewDecoder(io.LimitReader(bytes.NewReader(b), MaxJSONKeySize))
+
+	// Unmarshal key value
+	if err := dec.Decode(&pemValue); err != nil {
+		if errors.Is(err, io.EOF) || errors.Is(err, io.ErrUnexpectedEOF) {
+			return fmt.Errorf("tuf: the public key is truncated or too large: %w", err)
+		}
+		return err
+	}
+
+	block, _ := pem.Decode([]byte(pemValue))
+	if block == nil {
+		return errors.New("invalid PEM value")
+	}
+	if block.Type != "PUBLIC KEY" {
+		return fmt.Errorf("invalid block type: %s", block.Type)
+	}
+	pub, err := x509.ParsePKIXPublicKey(block.Bytes)
+	if err != nil {
+		return err
+	}
+	p.PublicKey = pub
+	return nil
+}
diff --git a/vendor/github.com/DataDog/go-tuf/pkg/keys/rsa.go b/vendor/github.com/DataDog/go-tuf/pkg/keys/rsa.go
new file mode 100644
index 000000000..17d7690a7
--- /dev/null
+++ b/vendor/github.com/DataDog/go-tuf/pkg/keys/rsa.go
@@ -0,0 +1,162 @@
+package keys
+
+import (
+	"bytes"
+	"crypto"
+	"crypto/rand"
+	"crypto/rsa"
+	"crypto/sha256"
+	"crypto/x509"
+	"encoding/json"
+	"encoding/pem"
+	"errors"
+	"fmt"
+	"io"
+
+	"github.com/DataDog/go-tuf/data"
+)
+
+func init() {
+	VerifierMap.Store(data.KeyTypeRSASSA_PSS_SHA256, newRsaVerifier)
+	SignerMap.Store(data.KeyTypeRSASSA_PSS_SHA256, newRsaSigner)
+}
+
+func newRsaVerifier() Verifier {
+	return &rsaVerifier{}
+}
+
+func newRsaSigner() Signer {
+	return &rsaSigner{}
+}
+
+type rsaVerifier struct {
+	PublicKey *PKIXPublicKey `json:"public"`
+	rsaKey    *rsa.PublicKey
+	key       *data.PublicKey
+}
+
+func (p *rsaVerifier) Public() string {
+	// This is already verified to succeed when unmarshalling a public key.
+	r, err := x509.MarshalPKIXPublicKey(p.rsaKey)
+	if err != nil {
+		// TODO: Gracefully handle these errors.
+		// See https://github.com/DataDog/go-tuf/issues/363
+		panic(err)
+	}
+	return string(r)
+}
+
+func (p *rsaVerifier) Verify(msg, sigBytes []byte) error {
+	hash := sha256.Sum256(msg)
+
+	return rsa.VerifyPSS(p.rsaKey, crypto.SHA256, hash[:], sigBytes, &rsa.PSSOptions{})
+}
+
+func (p *rsaVerifier) MarshalPublicKey() *data.PublicKey {
+	return p.key
+}
+
+func (p *rsaVerifier) UnmarshalPublicKey(key *data.PublicKey) error {
+	// Prepare decoder limited to 512Kb
+	dec := json.NewDecoder(io.LimitReader(bytes.NewReader(key.Value), MaxJSONKeySize))
+
+	// Unmarshal key value
+	if err := dec.Decode(p); err != nil {
+		if errors.Is(err, io.EOF) || errors.Is(err, io.ErrUnexpectedEOF) {
+			return fmt.Errorf("tuf: the public key is truncated or too large: %w", err)
+		}
+		return err
+	}
+
+	rsaKey, ok := p.PublicKey.PublicKey.(*rsa.PublicKey)
+	if !ok {
+		return fmt.Errorf("invalid public key")
+	}
+
+	if _, err := x509.MarshalPKIXPublicKey(rsaKey); err != nil {
+		return fmt.Errorf("marshalling to PKIX key: invalid public key")
+	}
+
+	p.rsaKey = rsaKey
+	p.key = key
+	return nil
+}
+
+type rsaSigner struct {
+	*rsa.PrivateKey
+}
+
+type rsaPrivateKeyValue struct {
+	Private string         `json:"private"`
+	Public  *PKIXPublicKey `json:"public"`
+}
+
+func (s *rsaSigner) PublicData() *data.PublicKey {
+	keyValBytes, _ := json.Marshal(rsaVerifier{PublicKey: &PKIXPublicKey{PublicKey: s.Public()}})
+	return &data.PublicKey{
+		Type:       data.KeyTypeRSASSA_PSS_SHA256,
+		Scheme:     data.KeySchemeRSASSA_PSS_SHA256,
+		Algorithms: data.HashAlgorithms,
+		Value:      keyValBytes,
+	}
+}
+
+func (s *rsaSigner) SignMessage(message []byte) ([]byte, error) {
+	hash := sha256.Sum256(message)
+	return rsa.SignPSS(rand.Reader, s.PrivateKey, crypto.SHA256, hash[:], &rsa.PSSOptions{})
+}
+
+func (s *rsaSigner) ContainsID(id string) bool {
+	return s.PublicData().ContainsID(id)
+}
+
+func (s *rsaSigner) MarshalPrivateKey() (*data.PrivateKey, error) {
+	priv := x509.MarshalPKCS1PrivateKey(s.PrivateKey)
+	pemKey := pem.EncodeToMemory(&pem.Block{Type: "RSA PRIVATE KEY", Bytes: priv})
+	val, err := json.Marshal(rsaPrivateKeyValue{
+		Private: string(pemKey),
+		Public:  &PKIXPublicKey{PublicKey: s.Public()},
+	})
+	if err != nil {
+		return nil, err
+	}
+	return &data.PrivateKey{
+		Type:       data.KeyTypeRSASSA_PSS_SHA256,
+		Scheme:     data.KeySchemeRSASSA_PSS_SHA256,
+		Algorithms: data.HashAlgorithms,
+		Value:      val,
+	}, nil
+}
+
+func (s *rsaSigner) UnmarshalPrivateKey(key *data.PrivateKey) error {
+	val := rsaPrivateKeyValue{}
+	if err := json.Unmarshal(key.Value, &val); err != nil {
+		return err
+	}
+	block, _ := pem.Decode([]byte(val.Private))
+	if block == nil {
+		return errors.New("invalid PEM value")
+	}
+	if block.Type != "RSA PRIVATE KEY" {
+		return fmt.Errorf("invalid block type: %s", block.Type)
+	}
+	k, err := x509.ParsePKCS1PrivateKey(block.Bytes)
+	if err != nil {
+		return err
+	}
+	if _, err := json.Marshal(rsaVerifier{
+		PublicKey: &PKIXPublicKey{PublicKey: k.Public()}}); err != nil {
+		return fmt.Errorf("invalid public key: %s", err)
+	}
+
+	s.PrivateKey = k
+	return nil
+}
+
+func GenerateRsaKey() (*rsaSigner, error) {
+	privkey, err := rsa.GenerateKey(rand.Reader, 2048)
+	if err != nil {
+		return nil, err
+	}
+	return &rsaSigner{privkey}, nil
+}
diff --git a/vendor/github.com/DataDog/go-tuf/pkg/targets/delegation.go b/vendor/github.com/DataDog/go-tuf/pkg/targets/delegation.go
new file mode 100644
index 000000000..d155d070f
--- /dev/null
+++ b/vendor/github.com/DataDog/go-tuf/pkg/targets/delegation.go
@@ -0,0 +1,102 @@
+package targets
+
+import (
+	"errors"
+
+	"github.com/DataDog/go-tuf/data"
+	"github.com/DataDog/go-tuf/internal/sets"
+	"github.com/DataDog/go-tuf/verify"
+)
+
+type Delegation struct {
+	Delegator string
+	Delegatee data.DelegatedRole
+	DB        *verify.DB
+}
+
+type delegationsIterator struct {
+	stack        []Delegation
+	target       string
+	visitedRoles map[string]struct{}
+	parents      map[string]string
+}
+
+var ErrTopLevelTargetsRoleMissing = errors.New("tuf: top level targets role missing from top level keys DB")
+
+// NewDelegationsIterator initialises an iterator with a first step
+// on top level targets.
+func NewDelegationsIterator(target string, topLevelKeysDB *verify.DB) (*delegationsIterator, error) {
+	targetsRole := topLevelKeysDB.GetRole("targets")
+	if targetsRole == nil {
+		return nil, ErrTopLevelTargetsRoleMissing
+	}
+
+	i := &delegationsIterator{
+		target: target,
+		stack: []Delegation{
+			{
+				Delegatee: data.DelegatedRole{
+					Name:      "targets",
+					KeyIDs:    sets.StringSetToSlice(targetsRole.KeyIDs),
+					Threshold: targetsRole.Threshold,
+				},
+				DB: topLevelKeysDB,
+			},
+		},
+		visitedRoles: make(map[string]struct{}),
+		parents:      make(map[string]string),
+	}
+	return i, nil
+}
+
+func (d *delegationsIterator) Next() (value Delegation, ok bool) {
+	if len(d.stack) == 0 {
+		return Delegation{}, false
+	}
+	delegation := d.stack[len(d.stack)-1]
+	d.stack = d.stack[:len(d.stack)-1]
+
+	// 5.6.7.1: If this role has been visited before, then skip this role (so
+	// that cycles in the delegation graph are avoided).
+	roleName := delegation.Delegatee.Name
+	if _, ok := d.visitedRoles[roleName]; ok {
+		return d.Next()
+	}
+	d.visitedRoles[roleName] = struct{}{}
+
+	// 5.6.7.2 trim delegations to visit, only the current role and its delegations
+	// will be considered
+	// https://github.com/theupdateframework/specification/issues/168
+	if delegation.Delegatee.Terminating {
+		// Empty the stack.
+		d.stack = d.stack[0:0]
+	}
+	return delegation, true
+}
+
+func (d *delegationsIterator) Add(roles []data.DelegatedRole, delegator string, db *verify.DB) error {
+	for i := len(roles) - 1; i >= 0; i-- {
+		// Push the roles onto the stack in reverse so we get an preorder traversal
+		// of the delegations graph.
+		r := roles[i]
+		matchesPath, err := r.MatchesPath(d.target)
+		if err != nil {
+			return err
+		}
+		if matchesPath {
+			delegation := Delegation{
+				Delegator: delegator,
+				Delegatee: r,
+				DB:        db,
+			}
+			d.stack = append(d.stack, delegation)
+			d.parents[r.Name] = delegator
+		}
+	}
+
+	return nil
+}
+
+func (d *delegationsIterator) Parent(role string) string {
+	return d.parents[role]
+}
diff --git a/vendor/github.com/DataDog/go-tuf/pkg/targets/hash_bins.go b/vendor/github.com/DataDog/go-tuf/pkg/targets/hash_bins.go
new file mode 100644
index 000000000..95f4405d4
--- /dev/null
+++ b/vendor/github.com/DataDog/go-tuf/pkg/targets/hash_bins.go
@@ -0,0 +1,113 @@
+package targets
+
+import (
+	"fmt"
+	"strconv"
+	"strings"
+)
+
+const MinDelegationHashPrefixBitLen = 1
+const MaxDelegationHashPrefixBitLen = 32
+
+// hexEncode formats x as a hex string. The hex string is left padded with
+// zeros to padWidth, if necessary.
+func hexEncode(x uint64, padWidth int) string {
+	// Benchmarked to be more than 10x faster than padding with Sprintf.
+	s := strconv.FormatUint(x, 16)
+	if len(s) >= padWidth {
+		return s
+	}
+	return strings.Repeat("0", padWidth-len(s)) + s
+}
+
+const bitsPerHexDigit = 4
+
+// numHexDigits returns the number of hex digits required to encode the given
+// number of bits.
+func numHexDigits(numBits int) int {
+	// ceil(numBits / bitsPerHexDigit)
+	return ((numBits - 1) / bitsPerHexDigit) + 1
+}
+
+// HashBins represents an ordered list of hash bin target roles, which together
+// partition the space of target path hashes equal-sized buckets based on path
+// has prefix.
+type HashBins struct {
+	rolePrefix  string
+	bitLen      int
+	hexDigitLen int
+
+	numBins           uint64
+	numPrefixesPerBin uint64
+}
+
+// NewHashBins creates a HashBins partitioning with 2^bitLen buckets.
+func NewHashBins(rolePrefix string, bitLen int) (*HashBins, error) {
+	if bitLen < MinDelegationHashPrefixBitLen || bitLen > MaxDelegationHashPrefixBitLen {
+		return nil, fmt.Errorf("bitLen is out of bounds, should be between %v and %v inclusive", MinDelegationHashPrefixBitLen, MaxDelegationHashPrefixBitLen)
+	}
+
+	hexDigitLen := numHexDigits(bitLen)
+	numBins := uint64(1) << bitLen
+
+	numPrefixesTotal := uint64(1) << (bitsPerHexDigit * hexDigitLen)
+	numPrefixesPerBin := numPrefixesTotal / numBins
+
+	return &HashBins{
+		rolePrefix:        rolePrefix,
+		bitLen:            bitLen,
+		hexDigitLen:       hexDigitLen,
+		numBins:           numBins,
+		numPrefixesPerBin: numPrefixesPerBin,
+	}, nil
+}
+
+// NumBins returns the number of hash bin partitions.
+func (hb *HashBins) NumBins() uint64 {
+	return hb.numBins
+}
+
+// GetBin returns the HashBin at index i, or nil if i is out of bounds.
+func (hb *HashBins) GetBin(i uint64) *HashBin {
+	if i >= hb.numBins {
+		return nil
+	}
+
+	return &HashBin{
+		rolePrefix:  hb.rolePrefix,
+		hexDigitLen: hb.hexDigitLen,
+		first:       i * hb.numPrefixesPerBin,
+		last:        ((i + 1) * hb.numPrefixesPerBin) - 1,
+	}
+}
+
+// HashBin represents a hex prefix range. First should be less than Last.
+type HashBin struct {
+	rolePrefix  string
+	hexDigitLen int
+	first       uint64
+	last        uint64
+}
+
+// RoleName returns the name of the role that signs for the HashBin.
+func (b *HashBin) RoleName() string {
+	if b.first == b.last {
+		return b.rolePrefix + hexEncode(b.first, b.hexDigitLen)
+	}
+
+	return b.rolePrefix + hexEncode(b.first, b.hexDigitLen) + "-" + hexEncode(b.last, b.hexDigitLen)
+}
+
+// HashPrefixes returns a slice of all hash prefixes in the bin.
+func (b *HashBin) HashPrefixes() []string {
+	n := int(b.last - b.first + 1)
+	ret := make([]string, int(n))
+
+	x := b.first
+	for i := 0; i < n; i++ {
+		ret[i] = hexEncode(x, b.hexDigitLen)
+		x++
+	}
+
+	return ret
+}
diff --git a/vendor/github.com/DataDog/go-tuf/util/util.go b/vendor/github.com/DataDog/go-tuf/util/util.go
new file mode 100644
index 000000000..a9b23b007
--- /dev/null
+++ b/vendor/github.com/DataDog/go-tuf/util/util.go
@@ -0,0 +1,332 @@
+package util
+
+import (
+	"bytes"
+	"crypto/hmac"
+	"crypto/sha256"
+	"crypto/sha512"
+	"encoding/hex"
+	"encoding/json"
+	"fmt"
+	"hash"
+	"io"
+	"os"
+	"path"
+	"path/filepath"
+	"strconv"
+	"strings"
+
+	"github.com/DataDog/go-tuf/data"
+)
+
+type ErrWrongLength struct {
+	Expected int64
+	Actual   int64
+}
+
+func (e ErrWrongLength) Error() string {
+	return fmt.Sprintf("wrong length, expected %d got %d", e.Expected, e.Actual)
+}
+
+type ErrWrongVersion struct {
+	Expected int64
+	Actual   int64
+}
+
+func (e ErrWrongVersion) Error() string {
+	return fmt.Sprintf("wrong version, expected %d got %d", e.Expected, e.Actual)
+}
+
+type ErrWrongHash struct {
+	Type     string
+	Expected data.HexBytes
+	Actual   data.HexBytes
+}
+
+func (e ErrWrongHash) Error() string {
+	return fmt.Sprintf("wrong %s hash, expected %s got %s", e.Type, hex.EncodeToString(e.Expected), hex.EncodeToString(e.Actual))
+}
+
+type ErrNoCommonHash struct {
+	Expected data.Hashes
+	Actual   data.Hashes
+}
+
+func (e ErrNoCommonHash) Error() string {
+	types := func(a data.Hashes) []string {
+		t := make([]string, 0, len(a))
+		for typ := range a {
+			t = append(t, typ)
+		}
+		return t
+	}
+	return fmt.Sprintf("no common hash function, expected one of %s, got %s", types(e.Expected), types(e.Actual))
+}
+
+type ErrUnknownHashAlgorithm struct {
+	Name string
+}
+
+func (e ErrUnknownHashAlgorithm) Error() string {
+	return fmt.Sprintf("unknown hash algorithm: %s", e.Name)
+}
+
+type PassphraseFunc func(role string, confirm bool, change bool) ([]byte, error)
+
+func FileMetaEqual(actual data.FileMeta, expected data.FileMeta) error {
+	if actual.Length != expected.Length {
+		return ErrWrongLength{expected.Length, actual.Length}
+	}
+
+	if err := hashEqual(actual.Hashes, expected.Hashes); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func BytesMatchLenAndHashes(fetched []byte, length int64, hashes data.Hashes) error {
+	flen := int64(len(fetched))
+	if length != 0 && flen != length {
+		return ErrWrongLength{length, flen}
+	}
+
+	for alg, expected := range hashes {
+		var h hash.Hash
+		switch alg {
+		case "sha256":
+			h = sha256.New()
+		case "sha512":
+			h = sha512.New()
+		default:
+			return ErrUnknownHashAlgorithm{alg}
+		}
+		h.Write(fetched)
+		hash := h.Sum(nil)
+		if !hmac.Equal(hash, expected) {
+			return ErrWrongHash{alg, expected, hash}
+		}
+	}
+
+	return nil
+}
+
+func hashEqual(actual data.Hashes, expected data.Hashes) error {
+	hashChecked := false
+	for typ, hash := range expected {
+		if h, ok := actual[typ]; ok {
+			hashChecked = true
+			if !hmac.Equal(h, hash) {
+				return ErrWrongHash{typ, hash, h}
+			}
+		}
+	}
+	if !hashChecked {
+		return ErrNoCommonHash{expected, actual}
+	}
+	return nil
+}
+
+func VersionEqual(actual int64, expected int64) error {
+	if actual != expected {
+		return ErrWrongVersion{expected, actual}
+	}
+	return nil
+}
+
+func SnapshotFileMetaEqual(actual data.SnapshotFileMeta, expected data.SnapshotFileMeta) error {
+	// TUF-1.0 no longer considers the length and hashes to be a required
+	// member of snapshots. However they are considering requiring hashes
+	// for delegated roles to avoid an attack described in Section 5.6 of
+	// the Mercury paper:
+	// https://github.com/theupdateframework/specification/pull/40
+	if expected.Length != 0 && actual.Length != expected.Length {
+		return ErrWrongLength{expected.Length, actual.Length}
+	}
+	// 5.6.2 - Check against snapshot role's targets hash
+	if len(expected.Hashes) != 0 {
+		if err := hashEqual(actual.Hashes, expected.Hashes); err != nil {
+			return err
+		}
+	}
+	// 5.6.4 - Check against snapshot role's snapshot version
+	if err := VersionEqual(actual.Version, expected.Version); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func TargetFileMetaEqual(actual data.TargetFileMeta, expected data.TargetFileMeta) error {
+	return FileMetaEqual(actual.FileMeta, expected.FileMeta)
+}
+
+func TimestampFileMetaEqual(actual data.TimestampFileMeta, expected data.TimestampFileMeta) error {
+	// TUF no longer considers the length and hashes to be a required
+	// member of Timestamp.
+	if expected.Length != 0 && actual.Length != expected.Length {
+		return ErrWrongLength{expected.Length, actual.Length}
+	}
+	// 5.5.2 - Check against timestamp role's snapshot hash
+	if len(expected.Hashes) != 0 {
+		if err := hashEqual(actual.Hashes, expected.Hashes); err != nil {
+			return err
+		}
+	}
+	// 5.5.4 - Check against timestamp role's snapshot version
+	if err := VersionEqual(actual.Version, expected.Version); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+const defaultHashAlgorithm = "sha512"
+
+func GenerateFileMeta(r io.Reader, hashAlgorithms ...string) (data.FileMeta, error) {
+	if len(hashAlgorithms) == 0 {
+		hashAlgorithms = []string{defaultHashAlgorithm}
+	}
+	hashes := make(map[string]hash.Hash, len(hashAlgorithms))
+	for _, hashAlgorithm := range hashAlgorithms {
+		var h hash.Hash
+		switch hashAlgorithm {
+		case "sha256":
+			h = sha256.New()
+		case "sha512":
+			h = sha512.New()
+		default:
+			return data.FileMeta{}, ErrUnknownHashAlgorithm{hashAlgorithm}
+		}
+		hashes[hashAlgorithm] = h
+		r = io.TeeReader(r, h)
+	}
+	n, err := io.Copy(io.Discard, r)
+	if err != nil {
+		return data.FileMeta{}, err
+	}
+	m := data.FileMeta{Length: n, Hashes: make(data.Hashes, len(hashes))}
+	for hashAlgorithm, h := range hashes {
+		m.Hashes[hashAlgorithm] = h.Sum(nil)
+	}
+	return m, nil
+}
+
+type versionedMeta struct {
+	Version int64 `json:"version"`
+}
+
+func generateVersionedFileMeta(r io.Reader, hashAlgorithms ...string) (data.FileMeta, int64, error) {
+	b, err := io.ReadAll(r)
+	if err != nil {
+		return data.FileMeta{}, 0, err
+	}
+
+	m, err := GenerateFileMeta(bytes.NewReader(b), hashAlgorithms...)
+	if err != nil {
+		return data.FileMeta{}, 0, err
+	}
+
+	s := data.Signed{}
+	if err := json.Unmarshal(b, &s); err != nil {
+		return data.FileMeta{}, 0, err
+	}
+
+	vm := versionedMeta{}
+	if err := json.Unmarshal(s.Signed, &vm); err != nil {
+		return data.FileMeta{}, 0, err
+	}
+
+	return m, vm.Version, nil
+}
+
+func GenerateSnapshotFileMeta(r io.Reader, hashAlgorithms ...string) (data.SnapshotFileMeta, error) {
+	m, v, err := generateVersionedFileMeta(r, hashAlgorithms...)
+	if err != nil {
+		return data.SnapshotFileMeta{}, err
+	}
+	return data.SnapshotFileMeta{
+		Length:  m.Length,
+		Hashes:  m.Hashes,
+		Version: v,
+	}, nil
+}
+
+func GenerateTargetFileMeta(r io.Reader, hashAlgorithms ...string) (data.TargetFileMeta, error) {
+	m, err := GenerateFileMeta(r, hashAlgorithms...)
+	if err != nil {
+		return data.TargetFileMeta{}, err
+	}
+	return data.TargetFileMeta{
+		FileMeta: m,
+	}, nil
+}
+
+func GenerateTimestampFileMeta(r io.Reader, hashAlgorithms ...string) (data.TimestampFileMeta, error) {
+	m, v, err := generateVersionedFileMeta(r, hashAlgorithms...)
+	if err != nil {
+		return data.TimestampFileMeta{}, err
+	}
+	return data.TimestampFileMeta{
+		Length:  m.Length,
+		Hashes:  m.Hashes,
+		Version: v,
+	}, nil
+}
+
+func NormalizeTarget(p string) string {
+	// FIXME(TUF-0.9) TUF-1.0 is considering banning paths that begin with
+	// a leading path separator, to avoid surprising behavior when joining
+	// target and delgated paths. python-tuf raises an exception if any
+	// path starts with '/', but since we need to be cross compatible with
+	// TUF-0.9 we still need to support leading slashes. For now, we will
+	// just strip them out, but eventually we should also consider turning
+	// them into an error.
+	return strings.TrimPrefix(path.Join("/", p), "/")
+}
+
+func VersionedPath(p string, version int64) string {
+	return path.Join(path.Dir(p), strconv.FormatInt(version, 10)+"."+path.Base(p))
+}
+
+func HashedPaths(p string, hashes data.Hashes) []string {
+	paths := make([]string, 0, len(hashes))
+	for _, hash := range hashes {
+		hashedPath := path.Join(path.Dir(p), hash.String()+"."+path.Base(p))
+		paths = append(paths, hashedPath)
+	}
+	return paths
+}
+
+func AtomicallyWriteFile(filename string, data []byte, perm os.FileMode) error {
+	dir, name := filepath.Split(filename)
+	f, err := os.CreateTemp(dir, name)
+	if err != nil {
+		return err
+	}
+
+	_, err = f.Write(data)
+	if err != nil {
+		f.Close()
+		os.Remove(f.Name())
+		return err
+	}
+
+	if err = f.Chmod(perm); err != nil {
+		f.Close()
+		os.Remove(f.Name())
+		return err
+	}
+
+	if err := f.Close(); err != nil {
+		os.Remove(f.Name())
+		return err
+	}
+
+	if err := os.Rename(f.Name(), filename); err != nil {
+		os.Remove(f.Name())
+		return err
+	}
+
+	return nil
+}
diff --git a/vendor/github.com/DataDog/go-tuf/verify/db.go b/vendor/github.com/DataDog/go-tuf/verify/db.go
new file mode 100644
index 000000000..1961c98fb
--- /dev/null
+++ b/vendor/github.com/DataDog/go-tuf/verify/db.go
@@ -0,0 +1,104 @@
+package verify
+
+import (
+	"github.com/DataDog/go-tuf/data"
+	"github.com/DataDog/go-tuf/internal/roles"
+	"github.com/DataDog/go-tuf/pkg/keys"
+)
+
+type Role struct {
+	KeyIDs    map[string]struct{}
+	Threshold int
+}
+
+func (r *Role) ValidKey(id string) bool {
+	_, ok := r.KeyIDs[id]
+	return ok
+}
+
+type DB struct {
+	roles     map[string]*Role
+	verifiers map[string]keys.Verifier
+}
+
+func NewDB() *DB {
+	return &DB{
+		roles:     make(map[string]*Role),
+		verifiers: make(map[string]keys.Verifier),
+	}
+}
+
+// NewDBFromDelegations returns a DB that verifies delegations
+// of a given Targets.
+func NewDBFromDelegations(d *data.Delegations) (*DB, error) {
+	db := &DB{
+		roles:     make(map[string]*Role, len(d.Roles)),
+		verifiers: make(map[string]keys.Verifier, len(d.Keys)),
+	}
+	for _, r := range d.Roles {
+		if _, ok := roles.TopLevelRoles[r.Name]; ok {
+			return nil, ErrInvalidDelegatedRole
+		}
+		role := &data.Role{Threshold: r.Threshold, KeyIDs: r.KeyIDs}
+		if err := db.AddRole(r.Name, role); err != nil {
+			return nil, err
+		}
+	}
+	for id, k := range d.Keys {
+		if err := db.AddKey(id, k); err != nil {
+			return nil, err
+		}
+	}
+	return db, nil
+}
+
+func (db *DB) AddKey(id string, k *data.PublicKey) error {
+	verifier, err := keys.GetVerifier(k)
+	if err != nil {
+		return err // ErrInvalidKey
+	}
+
+	// TUF is considering in TAP-12 removing the
+	// requirement that the keyid hash algorithm be derived
+	// from the public key. So to be forwards compatible,
+	// we allow any key ID, rather than checking k.ContainsID(id)
+	//
+	// AddKey should be idempotent, so we allow re-adding the same PublicKey.
+	//
+	// TAP-12: https://github.com/theupdateframework/taps/blob/master/tap12.md
+	if oldVerifier, exists := db.verifiers[id]; exists && oldVerifier.Public() != verifier.Public() {
+		return ErrRepeatID{id}
+	}
+
+	db.verifiers[id] = verifier
+	return nil
+}
+
+func (db *DB) AddRole(name string, r *data.Role) error {
+	if r.Threshold < 1 {
+		return ErrInvalidThreshold
+	}
+
+	role := &Role{
+		KeyIDs:    make(map[string]struct{}),
+		Threshold: r.Threshold,
+	}
+	for _, id := range r.KeyIDs {
+		role.KeyIDs[id] = struct{}{}
+	}
+
+	db.roles[name] = role
+	return nil
+}
+
+func (db *DB) GetVerifier(id string) (keys.Verifier, error) {
+	k, ok := db.verifiers[id]
+	if !ok {
+		return nil, ErrMissingKey
+	}
+	return k, nil
+}
+
+func (db *DB) GetRole(name string) *Role {
+	return db.roles[name]
+}
diff --git a/vendor/github.com/DataDog/go-tuf/verify/errors.go b/vendor/github.com/DataDog/go-tuf/verify/errors.go
new file mode 100644
index 000000000..f71d4bda9
--- /dev/null
+++ b/vendor/github.com/DataDog/go-tuf/verify/errors.go
@@ -0,0 +1,73 @@
+package verify
+
+import (
+	"errors"
+	"fmt"
+	"time"
+)
+
+var (
+	ErrMissingKey           = errors.New("tuf: missing key")
+	ErrNoSignatures         = errors.New("tuf: data has no signatures")
+	ErrInvalid              = errors.New("tuf: signature verification failed")
+	ErrWrongMethod          = errors.New("tuf: invalid signature type")
+	ErrWrongMetaType        = errors.New("tuf: meta file has wrong type")
+	ErrExists               = errors.New("tuf: key already in db")
+	ErrInvalidKey           = errors.New("tuf: invalid key")
+	ErrInvalidRole          = errors.New("tuf: invalid role")
+	ErrInvalidDelegatedRole = errors.New("tuf: invalid delegated role")
+	ErrInvalidKeyID         = errors.New("tuf: invalid key id")
+	ErrInvalidThreshold     = errors.New("tuf: invalid role threshold")
+	ErrMissingTargetFile    = errors.New("tuf: missing previously listed targets metadata file")
+)
+
+type ErrRepeatID struct {
+	KeyID string
+}
+
+func (e ErrRepeatID) Error() string {
+	return fmt.Sprintf("tuf: duplicate key id (%s)", e.KeyID)
+}
+
+type ErrUnknownRole struct {
+	Role string
+}
+
+func (e ErrUnknownRole) Error() string {
+	return fmt.Sprintf("tuf: unknown role %q", e.Role)
+}
+
+type ErrExpired struct {
+	Expired time.Time
+}
+
+func (e ErrExpired) Error() string {
+	return fmt.Sprintf("expired at %s", e.Expired)
+}
+
+type ErrLowVersion struct {
+	Actual  int64
+	Current int64
+}
+
+func (e ErrLowVersion) Error() string {
+	return fmt.Sprintf("version %d is lower than current version %d", e.Actual, e.Current)
+}
+
+type ErrWrongVersion struct {
+	Given    int64
+	Expected int64
+}
+
+func (e ErrWrongVersion) Error() string {
+	return fmt.Sprintf("version %d does not match the expected version %d", e.Given, e.Expected)
+}
+
+type ErrRoleThreshold struct {
+	Expected int
+	Actual   int
+}
+
+func (e ErrRoleThreshold) Error() string {
+	return "tuf: valid signatures did not meet threshold"
+}
diff --git a/vendor/github.com/DataDog/go-tuf/verify/verify.go b/vendor/github.com/DataDog/go-tuf/verify/verify.go
new file mode 100644
index 000000000..b0cf333ca
--- /dev/null
+++ b/vendor/github.com/DataDog/go-tuf/verify/verify.go
@@ -0,0 +1,187 @@
+package verify
+
+import (
+	"encoding/json"
+	"strings"
+	"time"
+
+	"github.com/DataDog/go-tuf/data"
+	"github.com/DataDog/go-tuf/internal/roles"
+	"github.com/DataDog/go-tuf/pkg/keys"
+	"github.com/secure-systems-lab/go-securesystemslib/cjson"
+)
+
+type signedMeta struct {
+	Type    string    `json:"_type"`
+	Expires time.Time `json:"expires"`
+	Version int64     `json:"version"`
+}
+
+// VerifySignature takes a signed JSON message, a signature, and a
+// verifier and verifies the given signature on the JSON message
+// using the verifier. It returns an error if verification fails.
+func VerifySignature(signed json.RawMessage, sig data.HexBytes,
+	verifier keys.Verifier) error {
+	var decoded map[string]interface{}
+	if err := json.Unmarshal(signed, &decoded); err != nil {
+		return err
+	}
+	msg, err := cjson.EncodeCanonical(decoded)
+	if err != nil {
+		return err
+	}
+	return verifier.Verify(msg, sig)
+}
+
+func (db *DB) VerifyIgnoreExpiredCheck(s *data.Signed, role string, minVersion int64) error {
+	if err := db.VerifySignatures(s, role); err != nil {
+		return err
+	}
+
+	sm := &signedMeta{}
+	if err := json.Unmarshal(s.Signed, sm); err != nil {
+		return err
+	}
+
+	if roles.IsTopLevelRole(role) {
+		// Top-level roles can only sign metadata of the same type (e.g. snapshot
+		// metadata must be signed by the snapshot role).
+		if !strings.EqualFold(sm.Type, role) {
+			return ErrWrongMetaType
+		}
+	} else {
+		// Delegated (non-top-level) roles may only sign targets metadata.
+		if strings.ToLower(sm.Type) != "targets" {
+			return ErrWrongMetaType
+		}
+	}
+
+	if sm.Version < minVersion {
+		return ErrLowVersion{sm.Version, minVersion}
+	}
+
+	return nil
+}
+
+func (db *DB) Verify(s *data.Signed, role string, minVersion int64) error {
+	// Verify signatures and versions
+	err := db.VerifyIgnoreExpiredCheck(s, role, minVersion)
+
+	if err != nil {
+		return err
+	}
+
+	sm := &signedMeta{}
+	if err := json.Unmarshal(s.Signed, sm); err != nil {
+		return err
+	}
+	// Verify expiration
+	if IsExpired(sm.Expires) {
+		return ErrExpired{sm.Expires}
+	}
+
+	return nil
+}
+
+var IsExpired = func(t time.Time) bool {
+	return time.Until(t) <= 0
+}
+
+func (db *DB) VerifySignatures(s *data.Signed, role string) error {
+	if len(s.Signatures) == 0 {
+		return ErrNoSignatures
+	}
+
+	roleData := db.GetRole(role)
+	if roleData == nil {
+		return ErrUnknownRole{role}
+	}
+
+	// Verify that a threshold of keys signed the data. Since keys can have
+	// multiple key ids, we need to protect against multiple attached
+	// signatures that just differ on the key id.
+	verifiedKeyIDs := make(map[string]struct{})
+	numVerifiedKeys := 0
+	for _, sig := range s.Signatures {
+		if !roleData.ValidKey(sig.KeyID) {
+			continue
+		}
+		verifier, err := db.GetVerifier(sig.KeyID)
+		if err != nil {
+			continue
+		}
+
+		if err := VerifySignature(s.Signed, sig.Signature, verifier); err != nil {
+			// If a signature fails verification, don't count it towards the
+			// threshold but also return early and error out immediately.
+			// Note: Because of this, it is impossible to distinguish between
+			// an error of an invalid signature and a threshold not achieved.
+			// Invalid signatures lead to not achieving the threshold.
+			continue
+		}
+
+		// Only consider this key valid if we haven't seen any of it's
+		// key ids before.
+		// Careful: we must not rely on the key IDs _declared in the file_,
+		// instead we get to decide what key IDs this key correspond to.
+		// XXX dangerous; better stop supporting multiple key IDs altogether.
+		keyIDs := verifier.MarshalPublicKey().IDs()
+		wasKeySeen := false
+		for _, keyID := range keyIDs {
+			if _, present := verifiedKeyIDs[keyID]; present {
+				wasKeySeen = true
+			}
+		}
+		if !wasKeySeen {
+			for _, id := range keyIDs {
+				verifiedKeyIDs[id] = struct{}{}
+			}
+
+			numVerifiedKeys++
+		}
+	}
+	if numVerifiedKeys < roleData.Threshold {
+		return ErrRoleThreshold{roleData.Threshold, numVerifiedKeys}
+	}
+
+	return nil
+}
+
+func (db *DB) Unmarshal(b []byte, v interface{}, role string, minVersion int64) error {
+	s := &data.Signed{}
+	if err := json.Unmarshal(b, s); err != nil {
+		return err
+	}
+	if err := db.Verify(s, role, minVersion); err != nil {
+		return err
+	}
+	return json.Unmarshal(s.Signed, v)
+}
+
+// UnmarshalExpired is exactly like Unmarshal except ignores expired timestamp error.
+func (db *DB) UnmarshalIgnoreExpired(b []byte, v interface{}, role string, minVersion int64) error {
+	s := &data.Signed{}
+	if err := json.Unmarshal(b, s); err != nil {
+		return err
+	}
+	// Note: If verification fails, then we wont attempt to unmarshal
+	// unless when verification error is errExpired.
+	verifyErr := db.Verify(s, role, minVersion)
+	if verifyErr != nil {
+		if _, ok := verifyErr.(ErrExpired); !ok {
+			return verifyErr
+		}
+	}
+	return json.Unmarshal(s.Signed, v)
+}
+
+func (db *DB) UnmarshalTrusted(b []byte, v interface{}, role string) error {
+	s := &data.Signed{}
+	if err := json.Unmarshal(b, s); err != nil {
+		return err
+	}
+	if err := db.VerifySignatures(s, role); err != nil {
+		return err
+	}
+	return json.Unmarshal(s.Signed, v)
+}
diff --git a/vendor/github.com/DataDog/gostackparse/gostackparse.go b/vendor/github.com/DataDog/gostackparse/gostackparse.go
index 4b2adb7da..b5292cfd3 100644
--- a/vendor/github.com/DataDog/gostackparse/gostackparse.go
+++ b/vendor/github.com/DataDog/gostackparse/gostackparse.go
@@ -214,6 +214,17 @@ func parseGoroutineHeader(line []byte) *Goroutine {
 func parseFunc(line []byte, state parserState) *Frame {
 	// createdBy func calls don't have trailing parens, just return them as-is.
 	if state == stateCreatedByFunc {
+		// go 1.21 changes the "created by" line to include the
+		// goroutine which created the one whose stack is being printed,
+		// e.g.
+		//	created by main.main in goroutine 1
+		// We are at the beginning of the function name, so we should
+		// just show up to the first space which follows the end of the
+		// function name.
+		i := bytes.Index(line, []byte(" "))
+		if i > 0 {
+			return &Frame{Func: string(line[:i])}
+		}
 		return &Frame{Func: string(line)}
 	}
 
diff --git a/vendor/github.com/DataDog/sketches-go/LICENSE b/vendor/github.com/DataDog/sketches-go/LICENSE
new file mode 100644
index 000000000..7d3693bee
--- /dev/null
+++ b/vendor/github.com/DataDog/sketches-go/LICENSE
@@ -0,0 +1,13 @@
+Copyright 2021 DataDog, Inc. 
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
diff --git a/vendor/github.com/DataDog/sketches-go/LICENSE-3rdparty.csv b/vendor/github.com/DataDog/sketches-go/LICENSE-3rdparty.csv
new file mode 100644
index 000000000..db2f8cca0
--- /dev/null
+++ b/vendor/github.com/DataDog/sketches-go/LICENSE-3rdparty.csv
@@ -0,0 +1,3 @@
+Component,Origin,License
+import (test),github.com/google/gofuzz,Apache-2.0
+import (test),github.com/stretchr/testify,MIT
diff --git a/vendor/github.com/DataDog/sketches-go/NOTICE b/vendor/github.com/DataDog/sketches-go/NOTICE
new file mode 100644
index 000000000..7ae253a01
--- /dev/null
+++ b/vendor/github.com/DataDog/sketches-go/NOTICE
@@ -0,0 +1,4 @@
+Datadog sketches-go 
+Copyright 2021 Datadog, Inc.
+
+This product includes software developed at Datadog (https://www.datadoghq.com/).
diff --git a/vendor/github.com/DataDog/sketches-go/ddsketch/ddsketch.go b/vendor/github.com/DataDog/sketches-go/ddsketch/ddsketch.go
new file mode 100644
index 000000000..33a0ea5b2
--- /dev/null
+++ b/vendor/github.com/DataDog/sketches-go/ddsketch/ddsketch.go
@@ -0,0 +1,767 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2021 Datadog, Inc.
+
+package ddsketch
+
+import (
+	"errors"
+	"io"
+	"math"
+
+	enc "github.com/DataDog/sketches-go/ddsketch/encoding"
+	"github.com/DataDog/sketches-go/ddsketch/mapping"
+	"github.com/DataDog/sketches-go/ddsketch/pb/sketchpb"
+	"github.com/DataDog/sketches-go/ddsketch/stat"
+	"github.com/DataDog/sketches-go/ddsketch/store"
+)
+
+var (
+	ErrUntrackableNaN     = errors.New("input value is NaN and cannot be tracked by the sketch")
+	ErrUntrackableTooLow  = errors.New("input value is too low and cannot be tracked by the sketch")
+	ErrUntrackableTooHigh = errors.New("input value is too high and cannot be tracked by the sketch")
+	ErrNegativeCount      = errors.New("count cannot be negative")
+	errEmptySketch        = errors.New("no such element exists")
+	errUnknownFlag        = errors.New("unknown encoding flag")
+)
+
+// Unexported to prevent usage and avoid the cost of dynamic dispatch
+type quantileSketch interface {
+	RelativeAccuracy() float64
+	IsEmpty() bool
+	GetCount() float64
+	GetZeroCount() float64
+	GetSum() float64
+	GetPositiveValueStore() store.Store
+	GetNegativeValueStore() store.Store
+	GetMinValue() (float64, error)
+	GetMaxValue() (float64, error)
+	GetValueAtQuantile(quantile float64) (float64, error)
+	GetValuesAtQuantiles(quantiles []float64) ([]float64, error)
+	ForEach(f func(value, count float64) (stop bool))
+	Add(value float64) error
+	AddWithCount(value, count float64) error
+	// MergeWith
+	// ChangeMapping
+	Reweight(factor float64) error
+	Clear()
+	// Copy
+	Encode(b *[]byte, omitIndexMapping bool)
+	DecodeAndMergeWith(b []byte) error
+}
+
+var _ quantileSketch = (*DDSketch)(nil)
+var _ quantileSketch = (*DDSketchWithExactSummaryStatistics)(nil)
+
+type DDSketch struct {
+	mapping.IndexMapping
+	positiveValueStore store.Store
+	negativeValueStore store.Store
+	zeroCount          float64
+}
+
+func NewDDSketchFromStoreProvider(indexMapping mapping.IndexMapping, storeProvider store.Provider) *DDSketch {
+	return NewDDSketch(indexMapping, storeProvider(), storeProvider())
+}
+
+func NewDDSketch(indexMapping mapping.IndexMapping, positiveValueStore store.Store, negativeValueStore store.Store) *DDSketch {
+	return &DDSketch{
+		IndexMapping:       indexMapping,
+		positiveValueStore: positiveValueStore,
+		negativeValueStore: negativeValueStore,
+	}
+}
+
+func NewDefaultDDSketch(relativeAccuracy float64) (*DDSketch, error) {
+	m, err := mapping.NewDefaultMapping(relativeAccuracy)
+	if err != nil {
+		return nil, err
+	}
+	return NewDDSketchFromStoreProvider(m, store.DefaultProvider), nil
+}
+
+// Constructs an instance of DDSketch that offers constant-time insertion and whose size grows indefinitely
+// to accommodate for the range of input values.
+func LogUnboundedDenseDDSketch(relativeAccuracy float64) (*DDSketch, error) {
+	indexMapping, err := mapping.NewLogarithmicMapping(relativeAccuracy)
+	if err != nil {
+		return nil, err
+	}
+	return NewDDSketch(indexMapping, store.NewDenseStore(), store.NewDenseStore()), nil
+}
+
+// Constructs an instance of DDSketch that offers constant-time insertion and whose size grows until the
+// maximum number of bins is reached, at which point bins with lowest indices are collapsed, which causes the
+// relative accuracy guarantee to be lost on lowest quantiles if values are all positive, or the mid-range
+// quantiles for values closest to zero if values include negative numbers.
+func LogCollapsingLowestDenseDDSketch(relativeAccuracy float64, maxNumBins int) (*DDSketch, error) {
+	indexMapping, err := mapping.NewLogarithmicMapping(relativeAccuracy)
+	if err != nil {
+		return nil, err
+	}
+	return NewDDSketch(indexMapping, store.NewCollapsingLowestDenseStore(maxNumBins), store.NewCollapsingLowestDenseStore(maxNumBins)), nil
+}
+
+// Constructs an instance of DDSketch that offers constant-time insertion and whose size grows until the
+// maximum number of bins is reached, at which point bins with highest indices are collapsed, which causes the
+// relative accuracy guarantee to be lost on highest quantiles if values are all positive, or the lowest and
+// highest quantiles if values include negative numbers.
+func LogCollapsingHighestDenseDDSketch(relativeAccuracy float64, maxNumBins int) (*DDSketch, error) {
+	indexMapping, err := mapping.NewLogarithmicMapping(relativeAccuracy)
+	if err != nil {
+		return nil, err
+	}
+	return NewDDSketch(indexMapping, store.NewCollapsingHighestDenseStore(maxNumBins), store.NewCollapsingHighestDenseStore(maxNumBins)), nil
+}
+
+// Adds a value to the sketch.
+func (s *DDSketch) Add(value float64) error {
+	return s.AddWithCount(value, float64(1))
+}
+
+// Adds a value to the sketch with a float64 count.
+func (s *DDSketch) AddWithCount(value, count float64) error {
+	if count < 0 {
+		return ErrNegativeCount
+	}
+
+	if value > s.MinIndexableValue() {
+		if value > s.MaxIndexableValue() {
+			return ErrUntrackableTooHigh
+		}
+		s.positiveValueStore.AddWithCount(s.Index(value), count)
+	} else if value < -s.MinIndexableValue() {
+		if value < -s.MaxIndexableValue() {
+			return ErrUntrackableTooLow
+		}
+		s.negativeValueStore.AddWithCount(s.Index(-value), count)
+	} else if math.IsNaN(value) {
+		return ErrUntrackableNaN
+	} else {
+		s.zeroCount += count
+	}
+	return nil
+}
+
+// Return a (deep) copy of this sketch.
+func (s *DDSketch) Copy() *DDSketch {
+	return &DDSketch{
+		IndexMapping:       s.IndexMapping,
+		positiveValueStore: s.positiveValueStore.Copy(),
+		negativeValueStore: s.negativeValueStore.Copy(),
+		zeroCount:          s.zeroCount,
+	}
+}
+
+// Clear empties the sketch while allowing reusing already allocated memory.
+func (s *DDSketch) Clear() {
+	s.positiveValueStore.Clear()
+	s.negativeValueStore.Clear()
+	s.zeroCount = 0
+}
+
+// Return the value at the specified quantile. Return a non-nil error if the quantile is invalid
+// or if the sketch is empty.
+func (s *DDSketch) GetValueAtQuantile(quantile float64) (float64, error) {
+	if quantile < 0 || quantile > 1 {
+		return math.NaN(), errors.New("The quantile must be between 0 and 1.")
+	}
+
+	count := s.GetCount()
+	if count == 0 {
+		return math.NaN(), errEmptySketch
+	}
+
+	rank := quantile * (count - 1)
+	negativeValueCount := s.negativeValueStore.TotalCount()
+	if rank < negativeValueCount {
+		return -s.Value(s.negativeValueStore.KeyAtRank(negativeValueCount - 1 - rank)), nil
+	} else if rank < s.zeroCount+negativeValueCount {
+		return 0, nil
+	} else {
+		return s.Value(s.positiveValueStore.KeyAtRank(rank - s.zeroCount - negativeValueCount)), nil
+	}
+}
+
+// Return the values at the respective specified quantiles. Return a non-nil error if any of the quantiles
+// is invalid or if the sketch is empty.
+func (s *DDSketch) GetValuesAtQuantiles(quantiles []float64) ([]float64, error) {
+	values := make([]float64, len(quantiles))
+	for i, q := range quantiles {
+		val, err := s.GetValueAtQuantile(q)
+		if err != nil {
+			return nil, err
+		}
+		values[i] = val
+	}
+	return values, nil
+}
+
+// Return the total number of values that have been added to this sketch.
+func (s *DDSketch) GetCount() float64 {
+	return s.zeroCount + s.positiveValueStore.TotalCount() + s.negativeValueStore.TotalCount()
+}
+
+// GetZeroCount returns the number of zero values that have been added to this sketch.
+// Note: values that are very small (lower than MinIndexableValue if positive, or higher than -MinIndexableValue if negative)
+// are also mapped to the zero bucket.
+func (s *DDSketch) GetZeroCount() float64 {
+	return s.zeroCount
+}
+
+// Return true iff no value has been added to this sketch.
+func (s *DDSketch) IsEmpty() bool {
+	return s.zeroCount == 0 && s.positiveValueStore.IsEmpty() && s.negativeValueStore.IsEmpty()
+}
+
+// Return the maximum value that has been added to this sketch. Return a non-nil error if the sketch
+// is empty.
+func (s *DDSketch) GetMaxValue() (float64, error) {
+	if !s.positiveValueStore.IsEmpty() {
+		maxIndex, _ := s.positiveValueStore.MaxIndex()
+		return s.Value(maxIndex), nil
+	} else if s.zeroCount > 0 {
+		return 0, nil
+	} else {
+		minIndex, err := s.negativeValueStore.MinIndex()
+		if err != nil {
+			return math.NaN(), err
+		}
+		return -s.Value(minIndex), nil
+	}
+}
+
+// Return the minimum value that has been added to this sketch. Returns a non-nil error if the sketch
+// is empty.
+func (s *DDSketch) GetMinValue() (float64, error) {
+	if !s.negativeValueStore.IsEmpty() {
+		maxIndex, _ := s.negativeValueStore.MaxIndex()
+		return -s.Value(maxIndex), nil
+	} else if s.zeroCount > 0 {
+		return 0, nil
+	} else {
+		minIndex, err := s.positiveValueStore.MinIndex()
+		if err != nil {
+			return math.NaN(), err
+		}
+		return s.Value(minIndex), nil
+	}
+}
+
+// GetSum returns an approximation of the sum of the values that have been added to the sketch. If the
+// values that have been added to the sketch all have the same sign, the approximation error has
+// the relative accuracy guarantees of the mapping used for this sketch.
+func (s *DDSketch) GetSum() (sum float64) {
+	s.ForEach(func(value float64, count float64) (stop bool) {
+		sum += value * count
+		return false
+	})
+	return sum
+}
+
+// GetPositiveValueStore returns the store.Store object that contains the positive
+// values of the sketch.
+func (s *DDSketch) GetPositiveValueStore() store.Store {
+	return s.positiveValueStore
+}
+
+// GetNegativeValueStore returns the store.Store object that contains the negative
+// values of the sketch.
+func (s *DDSketch) GetNegativeValueStore() store.Store {
+	return s.negativeValueStore
+}
+
+// ForEach applies f on the bins of the sketches until f returns true.
+// There is no guarantee on the bin iteration order.
+func (s *DDSketch) ForEach(f func(value, count float64) (stop bool)) {
+	if s.zeroCount != 0 && f(0, s.zeroCount) {
+		return
+	}
+	stopped := false
+	s.positiveValueStore.ForEach(func(index int, count float64) bool {
+		stopped = f(s.IndexMapping.Value(index), count)
+		return stopped
+	})
+	if stopped {
+		return
+	}
+	s.negativeValueStore.ForEach(func(index int, count float64) bool {
+		return f(-s.IndexMapping.Value(index), count)
+	})
+}
+
+// Merges the other sketch into this one. After this operation, this sketch encodes the values that
+// were added to both this and the other sketches.
+func (s *DDSketch) MergeWith(other *DDSketch) error {
+	if !s.IndexMapping.Equals(other.IndexMapping) {
+		return errors.New("Cannot merge sketches with different index mappings.")
+	}
+	s.positiveValueStore.MergeWith(other.positiveValueStore)
+	s.negativeValueStore.MergeWith(other.negativeValueStore)
+	s.zeroCount += other.zeroCount
+	return nil
+}
+
+// Generates a protobuf representation of this DDSketch.
+func (s *DDSketch) ToProto() *sketchpb.DDSketch {
+	return &sketchpb.DDSketch{
+		Mapping:        s.IndexMapping.ToProto(),
+		PositiveValues: s.positiveValueStore.ToProto(),
+		NegativeValues: s.negativeValueStore.ToProto(),
+		ZeroCount:      s.zeroCount,
+	}
+}
+
+// FromProto builds a new instance of DDSketch based on the provided protobuf representation, using a Dense store.
+func FromProto(pb *sketchpb.DDSketch) (*DDSketch, error) {
+	return FromProtoWithStoreProvider(pb, store.DenseStoreConstructor)
+}
+
+func FromProtoWithStoreProvider(pb *sketchpb.DDSketch, storeProvider store.Provider) (*DDSketch, error) {
+	positiveValueStore := storeProvider()
+	if pb.PositiveValues != nil {
+		store.MergeWithProto(positiveValueStore, pb.PositiveValues)
+	}
+	negativeValueStore := storeProvider()
+	if pb.NegativeValues != nil {
+		store.MergeWithProto(negativeValueStore, pb.NegativeValues)
+	}
+	m, err := mapping.FromProto(pb.Mapping)
+	if err != nil {
+		return nil, err
+	}
+	return &DDSketch{
+		IndexMapping:       m,
+		positiveValueStore: positiveValueStore,
+		negativeValueStore: negativeValueStore,
+		zeroCount:          pb.ZeroCount,
+	}, nil
+}
+
+// Encode serializes the sketch and appends the serialized content to the provided []byte.
+// If the capacity of the provided []byte is large enough, Encode does not allocate memory space.
+// When the index mapping is known at the time of deserialization, omitIndexMapping can be set to true to avoid encoding it and to make the serialized content smaller.
+// The encoding format is described in the encoding/flag module.
+func (s *DDSketch) Encode(b *[]byte, omitIndexMapping bool) {
+	if s.zeroCount != 0 {
+		enc.EncodeFlag(b, enc.FlagZeroCountVarFloat)
+		enc.EncodeVarfloat64(b, s.zeroCount)
+	}
+
+	if !omitIndexMapping {
+		s.IndexMapping.Encode(b)
+	}
+
+	s.positiveValueStore.Encode(b, enc.FlagTypePositiveStore)
+	s.negativeValueStore.Encode(b, enc.FlagTypeNegativeStore)
+}
+
+// DecodeDDSketch deserializes a sketch.
+// Stores are built using storeProvider. The store type needs not match the
+// store that the serialized sketch initially used. However, using the same
+// store type may make decoding faster. In the absence of high performance
+// requirements, store.BufferedPaginatedStoreConstructor is a sound enough
+// choice of store provider.
+// To avoid memory allocations, it is possible to use a store provider that
+// reuses stores, by calling Clear() on previously used stores before providing
+// the store.
+// If the serialized data does not contain the index mapping, you need to
+// specify the index mapping that was used in the sketch that was encoded.
+// Otherwise, you can use nil and the index mapping will be decoded from the
+// serialized data.
+// It is possible to decode with this function an encoded
+// DDSketchWithExactSummaryStatistics, but the exact summary statistics will be
+// lost.
+func DecodeDDSketch(b []byte, storeProvider store.Provider, indexMapping mapping.IndexMapping) (*DDSketch, error) {
+	s := &DDSketch{
+		IndexMapping:       indexMapping,
+		positiveValueStore: storeProvider(),
+		negativeValueStore: storeProvider(),
+		zeroCount:          float64(0),
+	}
+	err := s.DecodeAndMergeWith(b)
+	return s, err
+}
+
+// DecodeAndMergeWith deserializes a sketch and merges its content in the
+// receiver sketch.
+// If the serialized content contains an index mapping that differs from the one
+// of the receiver, DecodeAndMergeWith returns an error.
+func (s *DDSketch) DecodeAndMergeWith(bb []byte) error {
+	return s.decodeAndMergeWith(bb, func(b *[]byte, flag enc.Flag) error {
+		switch flag {
+		case enc.FlagCount, enc.FlagSum, enc.FlagMin, enc.FlagMax:
+			// Exact summary stats are ignored.
+			if len(*b) < 8 {
+				return io.EOF
+			}
+			*b = (*b)[8:]
+			return nil
+		default:
+			return errUnknownFlag
+		}
+	})
+}
+
+func (s *DDSketch) decodeAndMergeWith(bb []byte, fallbackDecode func(b *[]byte, flag enc.Flag) error) error {
+	b := &bb
+	for len(*b) > 0 {
+		flag, err := enc.DecodeFlag(b)
+		if err != nil {
+			return err
+		}
+		switch flag.Type() {
+		case enc.FlagTypePositiveStore:
+			s.positiveValueStore.DecodeAndMergeWith(b, flag.SubFlag())
+		case enc.FlagTypeNegativeStore:
+			s.negativeValueStore.DecodeAndMergeWith(b, flag.SubFlag())
+		case enc.FlagTypeIndexMapping:
+			decodedIndexMapping, err := mapping.Decode(b, flag)
+			if err != nil {
+				return err
+			}
+			if s.IndexMapping != nil && !s.IndexMapping.Equals(decodedIndexMapping) {
+				return errors.New("index mapping mismatch")
+			}
+			s.IndexMapping = decodedIndexMapping
+		default:
+			switch flag {
+
+			case enc.FlagZeroCountVarFloat:
+				decodedZeroCount, err := enc.DecodeVarfloat64(b)
+				if err != nil {
+					return err
+				}
+				s.zeroCount += decodedZeroCount
+
+			default:
+				err := fallbackDecode(b, flag)
+				if err != nil {
+					return err
+				}
+			}
+		}
+	}
+
+	if s.IndexMapping == nil {
+		return errors.New("missing index mapping")
+	}
+	return nil
+}
+
+// ChangeMapping changes the store to a new mapping.
+// it doesn't change s but returns a newly created sketch.
+// positiveStore and negativeStore must be different stores, and be empty when the function is called.
+// It is not the conversion that minimizes the loss in relative
+// accuracy, but it avoids artefacts like empty bins that make the histograms look bad.
+// scaleFactor allows to scale out / in all values. (changing units for eg)
+func (s *DDSketch) ChangeMapping(newMapping mapping.IndexMapping, positiveStore store.Store, negativeStore store.Store, scaleFactor float64) *DDSketch {
+	if scaleFactor == 1 && s.IndexMapping.Equals(newMapping) {
+		return s.Copy()
+	}
+	changeStoreMapping(s.IndexMapping, newMapping, s.positiveValueStore, positiveStore, scaleFactor)
+	changeStoreMapping(s.IndexMapping, newMapping, s.negativeValueStore, negativeStore, scaleFactor)
+	newSketch := NewDDSketch(newMapping, positiveStore, negativeStore)
+	newSketch.zeroCount = s.zeroCount
+	return newSketch
+}
+
+func changeStoreMapping(oldMapping, newMapping mapping.IndexMapping, oldStore, newStore store.Store, scaleFactor float64) {
+	oldStore.ForEach(func(index int, count float64) (stop bool) {
+		inLowerBound := oldMapping.LowerBound(index) * scaleFactor
+		inHigherBound := oldMapping.LowerBound(index+1) * scaleFactor
+		inSize := inHigherBound - inLowerBound
+		for outIndex := newMapping.Index(inLowerBound); newMapping.LowerBound(outIndex) < inHigherBound; outIndex++ {
+			outLowerBound := newMapping.LowerBound(outIndex)
+			outHigherBound := newMapping.LowerBound(outIndex + 1)
+			lowerIntersectionBound := math.Max(outLowerBound, inLowerBound)
+			higherIntersectionBound := math.Min(outHigherBound, inHigherBound)
+			intersectionSize := higherIntersectionBound - lowerIntersectionBound
+			proportion := intersectionSize / inSize
+			newStore.AddWithCount(outIndex, proportion*count)
+		}
+		return false
+	})
+}
+
+// Reweight multiplies all values from the sketch by w, but keeps the same global distribution.
+// w has to be strictly greater than 0.
+func (s *DDSketch) Reweight(w float64) error {
+	if w <= 0 {
+		return errors.New("can't reweight by a negative factor")
+	}
+	if w == 1 {
+		return nil
+	}
+	s.zeroCount *= w
+	if err := s.positiveValueStore.Reweight(w); err != nil {
+		return err
+	}
+	if err := s.negativeValueStore.Reweight(w); err != nil {
+		return err
+	}
+	return nil
+}
+
+// DDSketchWithExactSummaryStatistics returns exact count, sum, min and max, as
+// opposed to DDSketch, which may return approximate values for those
+// statistics. Because of the need to track them exactly, adding and merging
+// operations are slightly more exepensive than those of DDSketch.
+type DDSketchWithExactSummaryStatistics struct {
+	*DDSketch
+	summaryStatistics *stat.SummaryStatistics
+}
+
+func NewDefaultDDSketchWithExactSummaryStatistics(relativeAccuracy float64) (*DDSketchWithExactSummaryStatistics, error) {
+	sketch, err := NewDefaultDDSketch(relativeAccuracy)
+	if err != nil {
+		return nil, err
+	}
+	return &DDSketchWithExactSummaryStatistics{
+		DDSketch:          sketch,
+		summaryStatistics: stat.NewSummaryStatistics(),
+	}, nil
+}
+
+func NewDDSketchWithExactSummaryStatistics(mapping mapping.IndexMapping, storeProvider store.Provider) *DDSketchWithExactSummaryStatistics {
+	return &DDSketchWithExactSummaryStatistics{
+		DDSketch:          NewDDSketchFromStoreProvider(mapping, storeProvider),
+		summaryStatistics: stat.NewSummaryStatistics(),
+	}
+}
+
+// NewDDSketchWithExactSummaryStatisticsFromData constructs DDSketchWithExactSummaryStatistics from the provided sketch and exact summary statistics.
+func NewDDSketchWithExactSummaryStatisticsFromData(sketch *DDSketch, summaryStatistics *stat.SummaryStatistics) (*DDSketchWithExactSummaryStatistics, error) {
+	if sketch.IsEmpty() != (summaryStatistics.Count() == 0) {
+		return nil, errors.New("sketch and summary statistics do not match")
+	}
+	return &DDSketchWithExactSummaryStatistics{
+		DDSketch:          sketch,
+		summaryStatistics: summaryStatistics,
+	}, nil
+}
+
+func (s *DDSketchWithExactSummaryStatistics) IsEmpty() bool {
+	return s.summaryStatistics.Count() == 0
+}
+
+func (s *DDSketchWithExactSummaryStatistics) GetCount() float64 {
+	return s.summaryStatistics.Count()
+}
+
+// GetZeroCount returns the number of zero values that have been added to this sketch.
+// Note: values that are very small (lower than MinIndexableValue if positive, or higher than -MinIndexableValue if negative)
+// are also mapped to the zero bucket.
+func (s *DDSketchWithExactSummaryStatistics) GetZeroCount() float64 {
+	return s.DDSketch.zeroCount
+}
+
+func (s *DDSketchWithExactSummaryStatistics) GetSum() float64 {
+	return s.summaryStatistics.Sum()
+}
+
+// GetPositiveValueStore returns the store.Store object that contains the positive
+// values of the sketch.
+func (s *DDSketchWithExactSummaryStatistics) GetPositiveValueStore() store.Store {
+	return s.DDSketch.positiveValueStore
+}
+
+// GetNegativeValueStore returns the store.Store object that contains the negative
+// values of the sketch.
+func (s *DDSketchWithExactSummaryStatistics) GetNegativeValueStore() store.Store {
+	return s.DDSketch.negativeValueStore
+}
+
+func (s *DDSketchWithExactSummaryStatistics) GetMinValue() (float64, error) {
+	if s.DDSketch.IsEmpty() {
+		return math.NaN(), errEmptySketch
+	}
+	return s.summaryStatistics.Min(), nil
+}
+
+func (s *DDSketchWithExactSummaryStatistics) GetMaxValue() (float64, error) {
+	if s.DDSketch.IsEmpty() {
+		return math.NaN(), errEmptySketch
+	}
+	return s.summaryStatistics.Max(), nil
+}
+
+func (s *DDSketchWithExactSummaryStatistics) GetValueAtQuantile(quantile float64) (float64, error) {
+	value, err := s.DDSketch.GetValueAtQuantile(quantile)
+	min := s.summaryStatistics.Min()
+	if value < min {
+		return min, err
+	}
+	max := s.summaryStatistics.Max()
+	if value > max {
+		return max, err
+	}
+	return value, err
+}
+
+func (s *DDSketchWithExactSummaryStatistics) GetValuesAtQuantiles(quantiles []float64) ([]float64, error) {
+	values, err := s.DDSketch.GetValuesAtQuantiles(quantiles)
+	min := s.summaryStatistics.Min()
+	max := s.summaryStatistics.Max()
+	for i := range values {
+		if values[i] < min {
+			values[i] = min
+		} else if values[i] > max {
+			values[i] = max
+		}
+	}
+	return values, err
+}
+
+func (s *DDSketchWithExactSummaryStatistics) ForEach(f func(value, count float64) (stop bool)) {
+	s.DDSketch.ForEach(f)
+}
+
+func (s *DDSketchWithExactSummaryStatistics) Clear() {
+	s.DDSketch.Clear()
+	s.summaryStatistics.Clear()
+}
+
+func (s *DDSketchWithExactSummaryStatistics) Add(value float64) error {
+	err := s.DDSketch.Add(value)
+	if err != nil {
+		return err
+	}
+	s.summaryStatistics.Add(value, 1)
+	return nil
+}
+
+func (s *DDSketchWithExactSummaryStatistics) AddWithCount(value, count float64) error {
+	if count == 0 {
+		return nil
+	}
+	err := s.DDSketch.AddWithCount(value, count)
+	if err != nil {
+		return err
+	}
+	s.summaryStatistics.Add(value, count)
+	return nil
+}
+
+func (s *DDSketchWithExactSummaryStatistics) MergeWith(o *DDSketchWithExactSummaryStatistics) error {
+	err := s.DDSketch.MergeWith(o.DDSketch)
+	if err != nil {
+		return err
+	}
+	s.summaryStatistics.MergeWith(o.summaryStatistics)
+	return nil
+}
+
+func (s *DDSketchWithExactSummaryStatistics) Copy() *DDSketchWithExactSummaryStatistics {
+	return &DDSketchWithExactSummaryStatistics{
+		DDSketch:          s.DDSketch.Copy(),
+		summaryStatistics: s.summaryStatistics.Copy(),
+	}
+}
+
+func (s *DDSketchWithExactSummaryStatistics) Reweight(factor float64) error {
+	err := s.DDSketch.Reweight(factor)
+	if err != nil {
+		return err
+	}
+	s.summaryStatistics.Reweight(factor)
+	return nil
+}
+
+func (s *DDSketchWithExactSummaryStatistics) ChangeMapping(newMapping mapping.IndexMapping, storeProvider store.Provider, scaleFactor float64) *DDSketchWithExactSummaryStatistics {
+	summaryStatisticsCopy := s.summaryStatistics.Copy()
+	summaryStatisticsCopy.Rescale(scaleFactor)
+	return &DDSketchWithExactSummaryStatistics{
+		DDSketch:          s.DDSketch.ChangeMapping(newMapping, storeProvider(), storeProvider(), scaleFactor),
+		summaryStatistics: summaryStatisticsCopy,
+	}
+}
+
+func (s *DDSketchWithExactSummaryStatistics) Encode(b *[]byte, omitIndexMapping bool) {
+	if s.summaryStatistics.Count() != 0 {
+		enc.EncodeFlag(b, enc.FlagCount)
+		enc.EncodeVarfloat64(b, s.summaryStatistics.Count())
+	}
+	if s.summaryStatistics.Sum() != 0 {
+		enc.EncodeFlag(b, enc.FlagSum)
+		enc.EncodeFloat64LE(b, s.summaryStatistics.Sum())
+	}
+	if s.summaryStatistics.Min() != math.Inf(1) {
+		enc.EncodeFlag(b, enc.FlagMin)
+		enc.EncodeFloat64LE(b, s.summaryStatistics.Min())
+	}
+	if s.summaryStatistics.Max() != math.Inf(-1) {
+		enc.EncodeFlag(b, enc.FlagMax)
+		enc.EncodeFloat64LE(b, s.summaryStatistics.Max())
+	}
+	s.DDSketch.Encode(b, omitIndexMapping)
+}
+
+// DecodeDDSketchWithExactSummaryStatistics deserializes a sketch.
+// Stores are built using storeProvider. The store type needs not match the
+// store that the serialized sketch initially used. However, using the same
+// store type may make decoding faster. In the absence of high performance
+// requirements, store.DefaultProvider is a sound enough choice of store
+// provider.
+// To avoid memory allocations, it is possible to use a store provider that
+// reuses stores, by calling Clear() on previously used stores before providing
+// the store.
+// If the serialized data does not contain the index mapping, you need to
+// specify the index mapping that was used in the sketch that was encoded.
+// Otherwise, you can use nil and the index mapping will be decoded from the
+// serialized data.
+// It is not possible to decode with this function an encoded DDSketch (unless
+// it is empty), because it does not track exact summary statistics
+func DecodeDDSketchWithExactSummaryStatistics(b []byte, storeProvider store.Provider, indexMapping mapping.IndexMapping) (*DDSketchWithExactSummaryStatistics, error) {
+	s := &DDSketchWithExactSummaryStatistics{
+		DDSketch: &DDSketch{
+			IndexMapping:       indexMapping,
+			positiveValueStore: storeProvider(),
+			negativeValueStore: storeProvider(),
+			zeroCount:          float64(0),
+		},
+		summaryStatistics: stat.NewSummaryStatistics(),
+	}
+	err := s.DecodeAndMergeWith(b)
+	return s, err
+}
+
+func (s *DDSketchWithExactSummaryStatistics) DecodeAndMergeWith(bb []byte) error {
+	err := s.DDSketch.decodeAndMergeWith(bb, func(b *[]byte, flag enc.Flag) error {
+		switch flag {
+		case enc.FlagCount:
+			count, err := enc.DecodeVarfloat64(b)
+			if err != nil {
+				return err
+			}
+			s.summaryStatistics.AddToCount(count)
+			return nil
+		case enc.FlagSum:
+			sum, err := enc.DecodeFloat64LE(b)
+			if err != nil {
+				return err
+			}
+			s.summaryStatistics.AddToSum(sum)
+			return nil
+		case enc.FlagMin, enc.FlagMax:
+			stat, err := enc.DecodeFloat64LE(b)
+			if err != nil {
+				return err
+			}
+			s.summaryStatistics.Add(stat, 0)
+			return nil
+		default:
+			return errUnknownFlag
+		}
+	})
+	if err != nil {
+		return err
+	}
+	// It is assumed that if the count is encoded, other exact summary
+	// statistics are encoded as well, which is the case if Encode is used.
+	if s.summaryStatistics.Count() == 0 && !s.DDSketch.IsEmpty() {
+		return errors.New("missing exact summary statistics")
+	}
+	return nil
+}
diff --git a/vendor/github.com/DataDog/sketches-go/ddsketch/encoding/encoding.go b/vendor/github.com/DataDog/sketches-go/ddsketch/encoding/encoding.go
new file mode 100644
index 000000000..c50dc1adb
--- /dev/null
+++ b/vendor/github.com/DataDog/sketches-go/ddsketch/encoding/encoding.go
@@ -0,0 +1,208 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2021 Datadog, Inc.
+
+package encoding
+
+import (
+	"encoding/binary"
+	"errors"
+	"io"
+	"math"
+	"math/bits"
+)
+
+// Encoding functions append bytes to the provided *[]byte, allowing avoiding
+// allocations if the slice initially has a large enough capacity.
+// Decoding functions also take *[]byte as input, and when they do not return an
+// error, advance the slice so that it starts at the immediate byte after the
+// decoded part (or so that it is empty if there is no such byte).
+
+const (
+	MaxVarLen64      = 9
+	varfloat64Rotate = 6
+)
+
+var uvarint64Sizes = initUvarint64Sizes()
+var varfloat64Sizes = initVarfloat64Sizes()
+
+// EncodeUvarint64 serializes 64-bit unsigned integers 7 bits at a time,
+// starting with the least significant bits. The most significant bit in each
+// output byte is the continuation bit and indicates whether there are
+// additional non-zero bits encoded in following bytes. There are at most 9
+// output bytes and the last one does not have a continuation bit, allowing for
+// it to encode 8 bits (8*7+8 = 64).
+func EncodeUvarint64(b *[]byte, v uint64) {
+	for i := 0; i < MaxVarLen64-1; i++ {
+		if v < 0x80 {
+			break
+		}
+		*b = append(*b, byte(v)|byte(0x80))
+		v >>= 7
+	}
+	*b = append(*b, byte(v))
+}
+
+// DecodeUvarint64 deserializes 64-bit unsigned integers that have been encoded
+// using EncodeUvarint64.
+func DecodeUvarint64(b *[]byte) (uint64, error) {
+	x := uint64(0)
+	s := uint(0)
+	for i := 0; ; i++ {
+		if len(*b) <= i {
+			return 0, io.EOF
+		}
+		n := (*b)[i]
+		if n < 0x80 || i == MaxVarLen64-1 {
+			*b = (*b)[i+1:]
+			return x | uint64(n)<<s, nil
+		}
+		x |= uint64(n&0x7F) << s
+		s += 7
+	}
+}
+
+// Uvarint64Size returns the number of bytes that EncodeUvarint64 encodes a
+// 64-bit unsigned integer into.
+func Uvarint64Size(v uint64) int {
+	return uvarint64Sizes[bits.LeadingZeros64(v)]
+}
+
+func initUvarint64Sizes() [65]int {
+	var sizes [65]int
+	b := []byte{}
+	for i := 0; i <= 64; i++ {
+		b = b[:0]
+		EncodeUvarint64(&b, ^uint64(0)>>i)
+		sizes[i] = len(b)
+	}
+	return sizes
+}
+
+// EncodeVarint64 serializes 64-bit signed integers using zig-zag encoding,
+// which ensures small-scale integers are turned into unsigned integers that
+// have leading zeros, whether they are positive or negative, hence allows for
+// space-efficient varuint encoding of those values.
+func EncodeVarint64(b *[]byte, v int64) {
+	EncodeUvarint64(b, uint64(v>>(64-1)^(v<<1)))
+}
+
+// DecodeVarint64 deserializes 64-bit signed integers that have been encoded
+// using EncodeVarint32.
+func DecodeVarint64(b *[]byte) (int64, error) {
+	v, err := DecodeUvarint64(b)
+	return int64((v >> 1) ^ -(v & 1)), err
+}
+
+// Varint64Size returns the number of bytes that EncodeVarint64 encodes a 64-bit
+// signed integer into.
+func Varint64Size(v int64) int {
+	return Uvarint64Size(uint64(v>>(64-1) ^ (v << 1)))
+}
+
+var errVarint32Overflow = errors.New("varint overflows a 32-bit integer")
+
+// DecodeVarint32 deserializes 32-bit signed integers that have been encoded
+// using EncodeVarint64.
+func DecodeVarint32(b *[]byte) (int32, error) {
+	v, err := DecodeVarint64(b)
+	if err != nil {
+		return 0, err
+	}
+	if v > math.MaxInt32 || v < math.MinInt32 {
+		return 0, errVarint32Overflow
+	}
+	return int32(v), nil
+}
+
+// EncodeFloat64LE serializes 64-bit floating-point values, starting with the
+// least significant bytes.
+func EncodeFloat64LE(b *[]byte, v float64) {
+	*b = append(*b, make([]byte, 8)...)
+	binary.LittleEndian.PutUint64((*b)[len(*b)-8:], math.Float64bits(v))
+}
+
+// DecodeFloat64LE deserializes 64-bit floating-point values that have been
+// encoded with EncodeFloat64LE.
+func DecodeFloat64LE(b *[]byte) (float64, error) {
+	if len(*b) < 8 {
+		return 0, io.EOF
+	}
+	v := math.Float64frombits(binary.LittleEndian.Uint64(*b))
+	*b = (*b)[8:]
+	return v, nil
+}
+
+// EncodeVarfloat64 serializes 64-bit floating-point values using a method that
+// is similar to the varuint encoding and that is space-efficient for
+// non-negative integer values. The output takes at most 9 bytes.
+// Input values are first shifted as floating-point values (+1), then transmuted
+// to integer values, then shifted again as integer values (-Float64bits(1)).
+// That is in order to minimize the number of non-zero bits when dealing with
+// non-negative integer values.
+// After that transformation, any input integer value no greater than 2^53 (the
+// largest integer value that can be encoded exactly as a 64-bit floating-point
+// value) will have at least 6 leading zero bits. By rotating bits to the left,
+// those bits end up at the right of the binary representation.
+// The resulting bits are then encoded similarly to the varuint method, but
+// starting with the most significant bits.
+func EncodeVarfloat64(b *[]byte, v float64) {
+	x := bits.RotateLeft64(math.Float64bits(v+1)-math.Float64bits(1), varfloat64Rotate)
+	for i := 0; i < MaxVarLen64-1; i++ {
+		n := byte(x >> (8*8 - 7))
+		x <<= 7
+		if x == 0 {
+			*b = append(*b, n)
+			return
+		}
+		*b = append(*b, n|byte(0x80))
+	}
+	n := byte(x >> (8 * 7))
+	*b = append(*b, n)
+}
+
+// DecodeVarfloat64 deserializes 64-bit floating-point values that have been
+// encoded with EncodeVarfloat64.
+func DecodeVarfloat64(b *[]byte) (float64, error) {
+	x := uint64(0)
+	i := int(0)
+	s := uint(8*8 - 7)
+	for {
+		if len(*b) <= i {
+			return 0, io.EOF
+		}
+		n := (*b)[i]
+		if i == MaxVarLen64-1 {
+			x |= uint64(n)
+			break
+		}
+		if n < 0x80 {
+			x |= uint64(n) << s
+			break
+		}
+		x |= uint64(n&0x7F) << s
+		i++
+		s -= 7
+	}
+	*b = (*b)[i+1:]
+	return math.Float64frombits(bits.RotateLeft64(x, -varfloat64Rotate)+math.Float64bits(1)) - 1, nil
+}
+
+// Varfloat64Size returns the number of bytes that EncodeVarfloat64 encodes a
+// 64-bit floating-point value into.
+func Varfloat64Size(v float64) int {
+	x := bits.RotateLeft64(math.Float64bits(v+1)-math.Float64bits(1), varfloat64Rotate)
+	return varfloat64Sizes[bits.TrailingZeros64(x)]
+}
+
+func initVarfloat64Sizes() [65]int {
+	var sizes [65]int
+	b := []byte{}
+	for i := 0; i <= 64; i++ {
+		b = b[:0]
+		EncodeVarfloat64(&b, math.Float64frombits(bits.RotateLeft64(^uint64(0)<<i, -varfloat64Rotate)+math.Float64bits(1))-1)
+		sizes[i] = len(b)
+	}
+	return sizes
+}
diff --git a/vendor/github.com/DataDog/sketches-go/ddsketch/encoding/flag.go b/vendor/github.com/DataDog/sketches-go/ddsketch/encoding/flag.go
new file mode 100644
index 000000000..0f4f50fdc
--- /dev/null
+++ b/vendor/github.com/DataDog/sketches-go/ddsketch/encoding/flag.go
@@ -0,0 +1,160 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2021 Datadog, Inc.
+
+package encoding
+
+import (
+	"io"
+)
+
+// An encoded DDSketch comprises multiple contiguous blocks (sequences of
+// bytes). Each block is prefixed with a flag that indicates what the block
+// contains and how the data is encoded in the block.
+//
+// A flag is a single byte, which itself contains two parts:
+// - the flag type (the 2 least significant bits),
+// - the subflag (the 6 most significant bits).
+//
+// There are four flag types, for:
+// - sketch features,
+// - index mapping,
+// - positive value store,
+// - negative value store.
+//
+// The meaning of the subflag depends on the flag type:
+// - for the sketch feature flag type, it indicates what feature is encoded,
+// - for the index mapping flag type, it indicates what mapping is encoded and
+// how,
+// - for the store flag types, it indicates how bins are encoded.
+
+const (
+	numBitsForType byte = 2
+	flagTypeMask   byte = (1 << numBitsForType) - 1
+	subFlagMask    byte = ^flagTypeMask
+)
+
+type Flag struct{ byte }
+type FlagType struct{ byte } // mask: 0b00000011
+type SubFlag struct{ byte }  // mask: 0b11111100
+
+var (
+	// FLAG TYPES
+
+	flagTypeSketchFeatures = FlagType{0b00}
+	FlagTypeIndexMapping   = FlagType{0b10}
+	FlagTypePositiveStore  = FlagType{0b01}
+	FlagTypeNegativeStore  = FlagType{0b11}
+
+	// SKETCH FEATURES
+
+	// Encodes the count of the zero bin.
+	// Encoding format:
+	// - [byte] flag
+	// - [varfloat64] count of the zero bin
+	FlagZeroCountVarFloat = NewFlag(flagTypeSketchFeatures, newSubFlag(1))
+
+	// Encode the total count.
+	// Encoding format:
+	// - [byte] flag
+	// - [varfloat64] total count
+	FlagCount = NewFlag(flagTypeSketchFeatures, newSubFlag(0x28))
+
+	// Encode the summary statistics.
+	// Encoding format:
+	// - [byte] flag
+	// - [float64LE] summary stat
+	FlagSum = NewFlag(flagTypeSketchFeatures, newSubFlag(0x21))
+	FlagMin = NewFlag(flagTypeSketchFeatures, newSubFlag(0x22))
+	FlagMax = NewFlag(flagTypeSketchFeatures, newSubFlag(0x23))
+
+	// INDEX MAPPING
+
+	// Encodes log-like index mappings, specifying the base (gamma) and the index offset
+	// The subflag specifies the interpolation method.
+	// Encoding format:
+	// - [byte] flag
+	// - [float64LE] gamma
+	// - [float64LE] index offset
+	FlagIndexMappingBaseLogarithmic = NewFlag(FlagTypeIndexMapping, newSubFlag(0))
+	FlagIndexMappingBaseLinear      = NewFlag(FlagTypeIndexMapping, newSubFlag(1))
+	FlagIndexMappingBaseQuadratic   = NewFlag(FlagTypeIndexMapping, newSubFlag(2))
+	FlagIndexMappingBaseCubic       = NewFlag(FlagTypeIndexMapping, newSubFlag(3))
+	FlagIndexMappingBaseQuartic     = NewFlag(FlagTypeIndexMapping, newSubFlag(4))
+
+	// BINS
+
+	// Encodes N bins, each one with its index and its count.
+	// Indexes are delta-encoded.
+	// Encoding format:
+	// - [byte] flag
+	// - [uvarint64] number of bins N
+	// - [varint64] index of first bin
+	// - [varfloat64] count of first bin
+	// - [varint64] difference between the index of the second bin and the index
+	// of the first bin
+	// - [varfloat64] count of second bin
+	// - ...
+	// - [varint64] difference between the index of the N-th bin and the index
+	// of the (N-1)-th bin
+	// - [varfloat64] count of N-th bin
+	BinEncodingIndexDeltasAndCounts = newSubFlag(1)
+
+	// Encodes N bins whose counts are each equal to 1.
+	// Indexes are delta-encoded.
+	// Encoding format:
+	// - [byte] flag
+	// - [uvarint64] number of bins N
+	// - [varint64] index of first bin
+	// - [varint64] difference between the index of the second bin and the index
+	// of the first bin
+	// - ...
+	// - [varint64] difference between the index of the N-th bin and the index
+	// of the (N-1)-th bin
+	BinEncodingIndexDeltas = newSubFlag(2)
+
+	// Encodes N contiguous bins, specifiying the count of each one
+	// Encoding format:
+	// - [byte] flag
+	// - [uvarint64] number of bins N
+	// - [varint64] index of first bin
+	// - [varint64] difference between two successive indexes
+	// - [varfloat64] count of first bin
+	// - [varfloat64] count of second bin
+	// - ...
+	// - [varfloat64] count of N-th bin
+	BinEncodingContiguousCounts = newSubFlag(3)
+)
+
+func NewFlag(t FlagType, s SubFlag) Flag {
+	return Flag{t.byte | s.byte}
+}
+
+func (f Flag) Type() FlagType {
+	return FlagType{f.byte & flagTypeMask}
+}
+
+func (f Flag) SubFlag() SubFlag {
+	return SubFlag{f.byte & subFlagMask}
+}
+
+func newSubFlag(b byte) SubFlag {
+	return SubFlag{b << numBitsForType}
+}
+
+// EncodeFlag encodes a flag and appends its content to the provided []byte.
+func EncodeFlag(b *[]byte, f Flag) {
+	*b = append(*b, f.byte)
+}
+
+// DecodeFlag decodes a flag and updates the provided []byte so that it starts
+// immediately after the encoded flag.
+func DecodeFlag(b *[]byte) (Flag, error) {
+	if len(*b) == 0 {
+		return Flag{}, io.EOF
+	}
+	flag := Flag{(*b)[0]}
+	*b = (*b)[1:]
+	return flag, nil
+}
diff --git a/vendor/github.com/DataDog/sketches-go/ddsketch/mapping/bit_operation_helper.go b/vendor/github.com/DataDog/sketches-go/ddsketch/mapping/bit_operation_helper.go
new file mode 100644
index 000000000..756ef85c0
--- /dev/null
+++ b/vendor/github.com/DataDog/sketches-go/ddsketch/mapping/bit_operation_helper.go
@@ -0,0 +1,35 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2021 Datadog, Inc.
+
+package mapping
+
+import (
+	"math"
+)
+
+const (
+	exponentBias     = 1023
+	exponentMask     = uint64(0x7FF0000000000000)
+	exponentShift    = 52
+	significandMask  = uint64(0x000fffffffffffff)
+	significandWidth = 53
+	oneMask          = uint64(0x3ff0000000000000)
+)
+
+func getExponent(float64Bits uint64) float64 {
+	return float64(int((float64Bits&exponentMask)>>exponentShift) - exponentBias)
+}
+
+func getSignificandPlusOne(float64Bits uint64) float64 {
+	return math.Float64frombits((float64Bits & significandMask) | oneMask)
+}
+
+// exponent should be >= -1022 and <= 1023
+// significandPlusOne should be >= 1 and < 2
+func buildFloat64(exponent int, significandPlusOne float64) float64 {
+	return math.Float64frombits(
+		(uint64((exponent+exponentBias)<<exponentShift) & exponentMask) | (math.Float64bits(significandPlusOne) & significandMask),
+	)
+}
diff --git a/vendor/github.com/DataDog/sketches-go/ddsketch/mapping/cubically_interpolated_mapping.go b/vendor/github.com/DataDog/sketches-go/ddsketch/mapping/cubically_interpolated_mapping.go
new file mode 100644
index 000000000..933cdab66
--- /dev/null
+++ b/vendor/github.com/DataDog/sketches-go/ddsketch/mapping/cubically_interpolated_mapping.go
@@ -0,0 +1,146 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2021 Datadog, Inc.
+
+package mapping
+
+import (
+	"bytes"
+	"errors"
+	"fmt"
+	"math"
+
+	enc "github.com/DataDog/sketches-go/ddsketch/encoding"
+	"github.com/DataDog/sketches-go/ddsketch/pb/sketchpb"
+)
+
+const (
+	A = 6.0 / 35.0
+	B = -3.0 / 5.0
+	C = 10.0 / 7.0
+)
+
+// CubicallyInterpolatedMapping is a fast IndexMapping that approximates the
+// memory-optimal LogarithmicMapping by extracting the floor value of the
+// logarithm to the base 2 from the binary representations of floating-point
+// values and cubically interpolating the logarithm in-between. More detailed
+// documentation of this method can be found in: <a
+// href="https://github.com/DataDog/sketches-java/">sketches-java</a>
+type CubicallyInterpolatedMapping struct {
+	gamma             float64 // base
+	indexOffset       float64
+	multiplier        float64 // precomputed for performance
+	minIndexableValue float64
+	maxIndexableValue float64
+}
+
+func NewCubicallyInterpolatedMapping(relativeAccuracy float64) (*CubicallyInterpolatedMapping, error) {
+	if relativeAccuracy <= 0 || relativeAccuracy >= 1 {
+		return nil, errors.New("The relative accuracy must be between 0 and 1.")
+	}
+	gamma := math.Pow((1+relativeAccuracy)/(1-relativeAccuracy), 10*math.Ln2/7) // > 1
+	m, _ := NewCubicallyInterpolatedMappingWithGamma(gamma, 0)
+	return m, nil
+}
+
+func NewCubicallyInterpolatedMappingWithGamma(gamma, indexOffset float64) (*CubicallyInterpolatedMapping, error) {
+	if gamma <= 1 {
+		return nil, errors.New("Gamma must be greater than 1.")
+	}
+	multiplier := 1 / math.Log2(gamma)
+	adjustedGamma := math.Pow(gamma, 7/(10*math.Ln2))
+	m := CubicallyInterpolatedMapping{
+		gamma:       gamma,
+		indexOffset: indexOffset,
+		multiplier:  multiplier,
+		minIndexableValue: math.Max(
+			math.Exp2((math.MinInt32-indexOffset)/multiplier+1), // so that index >= MinInt32
+			minNormalFloat64*adjustedGamma,
+		),
+		maxIndexableValue: math.Min(
+			math.Exp2((math.MaxInt32-indexOffset)/multiplier-1),       // so that index <= MaxInt32
+			math.Exp(expOverflow)/(2*adjustedGamma)*(adjustedGamma+1), // so that math.Exp does not overflow
+		),
+	}
+	return &m, nil
+}
+
+func (m *CubicallyInterpolatedMapping) Equals(other IndexMapping) bool {
+	o, ok := other.(*CubicallyInterpolatedMapping)
+	if !ok {
+		return false
+	}
+	tol := 1e-12
+	return withinTolerance(m.gamma, o.gamma, tol) && withinTolerance(m.indexOffset, o.indexOffset, tol)
+}
+
+func (m *CubicallyInterpolatedMapping) Index(value float64) int {
+	index := m.approximateLog(value)*m.multiplier + m.indexOffset
+	if index >= 0 {
+		return int(index)
+	} else {
+		return int(index) - 1
+	}
+}
+
+func (m *CubicallyInterpolatedMapping) Value(index int) float64 {
+	return m.LowerBound(index) * (1 + m.RelativeAccuracy())
+}
+
+func (m *CubicallyInterpolatedMapping) LowerBound(index int) float64 {
+	return m.approximateInverseLog((float64(index) - m.indexOffset) / m.multiplier)
+}
+
+// Return an approximation of Math.log(x) / Math.log(base(2)).
+func (m *CubicallyInterpolatedMapping) approximateLog(x float64) float64 {
+	bits := math.Float64bits(x)
+	e := getExponent(bits)
+	s := getSignificandPlusOne(bits) - 1
+	return ((A*s+B)*s+C)*s + e
+}
+
+// The exact inverse of approximateLog.
+func (m *CubicallyInterpolatedMapping) approximateInverseLog(x float64) float64 {
+	exponent := math.Floor(x)
+	// Derived from Cardano's formula
+	d0 := B*B - 3*A*C
+	d1 := 2*B*B*B - 9*A*B*C - 27*A*A*(x-exponent)
+	p := math.Cbrt((d1 - math.Sqrt(d1*d1-4*d0*d0*d0)) / 2)
+	significandPlusOne := -(B+p+d0/p)/(3*A) + 1
+	return buildFloat64(int(exponent), significandPlusOne)
+}
+
+func (m *CubicallyInterpolatedMapping) MinIndexableValue() float64 {
+	return m.minIndexableValue
+}
+
+func (m *CubicallyInterpolatedMapping) MaxIndexableValue() float64 {
+	return m.maxIndexableValue
+}
+
+func (m *CubicallyInterpolatedMapping) RelativeAccuracy() float64 {
+	return 1 - 2/(1+math.Exp(7.0/10*math.Log2(m.gamma)))
+}
+
+func (m *CubicallyInterpolatedMapping) ToProto() *sketchpb.IndexMapping {
+	return &sketchpb.IndexMapping{
+		Gamma:         m.gamma,
+		IndexOffset:   m.indexOffset,
+		Interpolation: sketchpb.IndexMapping_CUBIC,
+	}
+}
+
+func (m *CubicallyInterpolatedMapping) Encode(b *[]byte) {
+	enc.EncodeFlag(b, enc.FlagIndexMappingBaseCubic)
+	enc.EncodeFloat64LE(b, m.gamma)
+	enc.EncodeFloat64LE(b, m.indexOffset)
+}
+
+func (m *CubicallyInterpolatedMapping) string() string {
+	var buffer bytes.Buffer
+	buffer.WriteString(fmt.Sprintf("gamma: %v, indexOffset: %v\n", m.gamma, m.indexOffset))
+	return buffer.String()
+}
+
+var _ IndexMapping = (*CubicallyInterpolatedMapping)(nil)
diff --git a/vendor/github.com/DataDog/sketches-go/ddsketch/mapping/index_mapping.go b/vendor/github.com/DataDog/sketches-go/ddsketch/mapping/index_mapping.go
new file mode 100644
index 000000000..88b926592
--- /dev/null
+++ b/vendor/github.com/DataDog/sketches-go/ddsketch/mapping/index_mapping.go
@@ -0,0 +1,95 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2021 Datadog, Inc.
+
+package mapping
+
+import (
+	"errors"
+	"fmt"
+
+	enc "github.com/DataDog/sketches-go/ddsketch/encoding"
+	"github.com/DataDog/sketches-go/ddsketch/pb/sketchpb"
+)
+
+const (
+	expOverflow      = 7.094361393031e+02      // The value at which math.Exp overflows
+	minNormalFloat64 = 2.2250738585072014e-308 //2^(-1022)
+)
+
+type IndexMapping interface {
+	Equals(other IndexMapping) bool
+	Index(value float64) int
+	Value(index int) float64
+	LowerBound(index int) float64
+	RelativeAccuracy() float64
+	// MinIndexableValue returns the minimum positive value that can be mapped to an index.
+	MinIndexableValue() float64
+	// MaxIndexableValue returns the maximum positive value that can be mapped to an index.
+	MaxIndexableValue() float64
+	ToProto() *sketchpb.IndexMapping
+	// Encode encodes a mapping and appends its content to the provided []byte.
+	Encode(b *[]byte)
+}
+
+func NewDefaultMapping(relativeAccuracy float64) (IndexMapping, error) {
+	return NewLogarithmicMapping(relativeAccuracy)
+}
+
+// FromProto returns an Index mapping from the protobuf definition of it
+func FromProto(m *sketchpb.IndexMapping) (IndexMapping, error) {
+	if m == nil {
+		return nil, errors.New("cannot create IndexMapping from nil protobuf index mapping")
+	}
+	switch m.Interpolation {
+	case sketchpb.IndexMapping_NONE:
+		return NewLogarithmicMappingWithGamma(m.Gamma, m.IndexOffset)
+	case sketchpb.IndexMapping_LINEAR:
+		return NewLinearlyInterpolatedMappingWithGamma(m.Gamma, m.IndexOffset)
+	case sketchpb.IndexMapping_CUBIC:
+		return NewCubicallyInterpolatedMappingWithGamma(m.Gamma, m.IndexOffset)
+	default:
+		return nil, fmt.Errorf("interpolation not supported: %d", m.Interpolation)
+	}
+}
+
+// Decode decodes a mapping and updates the provided []byte so that it starts
+// immediately after the encoded mapping.
+func Decode(b *[]byte, flag enc.Flag) (IndexMapping, error) {
+	switch flag {
+
+	case enc.FlagIndexMappingBaseLogarithmic:
+		gamma, indexOffset, err := decodeLogLikeIndexMapping(b)
+		if err != nil {
+			return nil, err
+		}
+		return NewLogarithmicMappingWithGamma(gamma, indexOffset)
+
+	case enc.FlagIndexMappingBaseLinear:
+		gamma, indexOffset, err := decodeLogLikeIndexMapping(b)
+		if err != nil {
+			return nil, err
+		}
+		return NewLinearlyInterpolatedMappingWithGamma(gamma, indexOffset)
+
+	case enc.FlagIndexMappingBaseCubic:
+		gamma, indexOffset, err := decodeLogLikeIndexMapping(b)
+		if err != nil {
+			return nil, err
+		}
+		return NewCubicallyInterpolatedMappingWithGamma(gamma, indexOffset)
+
+	default:
+		return nil, errors.New("unknown mapping")
+	}
+}
+
+func decodeLogLikeIndexMapping(b *[]byte) (gamma, indexOffset float64, err error) {
+	gamma, err = enc.DecodeFloat64LE(b)
+	if err != nil {
+		return
+	}
+	indexOffset, err = enc.DecodeFloat64LE(b)
+	return
+}
diff --git a/vendor/github.com/DataDog/sketches-go/ddsketch/mapping/linearly_interpolated_mapping.go b/vendor/github.com/DataDog/sketches-go/ddsketch/mapping/linearly_interpolated_mapping.go
new file mode 100644
index 000000000..d9b0b7408
--- /dev/null
+++ b/vendor/github.com/DataDog/sketches-go/ddsketch/mapping/linearly_interpolated_mapping.go
@@ -0,0 +1,142 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2021 Datadog, Inc.
+
+package mapping
+
+import (
+	"bytes"
+	"errors"
+	"fmt"
+	"math"
+
+	enc "github.com/DataDog/sketches-go/ddsketch/encoding"
+	"github.com/DataDog/sketches-go/ddsketch/pb/sketchpb"
+)
+
+// LinearlyInterpolatedMapping is a fast IndexMapping that approximates the
+// memory-optimal LogarithmicMapping by extracting the floor value of the
+// logarithm to the base 2 from the binary representations of floating-point
+// values and linearly interpolating the logarithm in-between.
+type LinearlyInterpolatedMapping struct {
+	gamma             float64 // base
+	indexOffset       float64
+	multiplier        float64 // precomputed for performance
+	minIndexableValue float64
+	maxIndexableValue float64
+}
+
+func NewLinearlyInterpolatedMapping(relativeAccuracy float64) (*LinearlyInterpolatedMapping, error) {
+	if relativeAccuracy <= 0 || relativeAccuracy >= 1 {
+		return nil, errors.New("The relative accuracy must be between 0 and 1.")
+	}
+	gamma := math.Pow((1+relativeAccuracy)/(1-relativeAccuracy), math.Ln2) // > 1
+	indexOffset := 1 / math.Log2(gamma)                                    // for backward compatibility
+	m, _ := NewLinearlyInterpolatedMappingWithGamma(gamma, indexOffset)
+	return m, nil
+}
+
+func NewLinearlyInterpolatedMappingWithGamma(gamma, indexOffset float64) (*LinearlyInterpolatedMapping, error) {
+	if gamma <= 1 {
+		return nil, errors.New("Gamma must be greater than 1.")
+	}
+	multiplier := 1 / math.Log2(gamma)
+	adjustedGamma := math.Pow(gamma, 1/math.Ln2)
+	m := LinearlyInterpolatedMapping{
+		gamma:       gamma,
+		indexOffset: indexOffset,
+		multiplier:  multiplier,
+		minIndexableValue: math.Max(
+			math.Exp2((math.MinInt32-indexOffset)/multiplier+1), // so that index >= MinInt32
+			minNormalFloat64*adjustedGamma,
+		),
+		maxIndexableValue: math.Min(
+			math.Exp2((math.MaxInt32-indexOffset)/multiplier-1),       // so that index <= MaxInt32
+			math.Exp(expOverflow)/(2*adjustedGamma)*(adjustedGamma+1), // so that math.Exp does not overflow
+		),
+	}
+	return &m, nil
+}
+
+func (m *LinearlyInterpolatedMapping) Equals(other IndexMapping) bool {
+	o, ok := other.(*LinearlyInterpolatedMapping)
+	if !ok {
+		return false
+	}
+	tol := 1e-12
+	return withinTolerance(m.gamma, o.gamma, tol) && withinTolerance(m.indexOffset, o.indexOffset, tol)
+}
+
+func (m *LinearlyInterpolatedMapping) Index(value float64) int {
+	index := m.approximateLog(value)*m.multiplier + m.indexOffset
+	if index >= 0 {
+		return int(index)
+	} else {
+		return int(index) - 1
+	}
+}
+
+func (m *LinearlyInterpolatedMapping) Value(index int) float64 {
+	return m.LowerBound(index) * (1 + m.RelativeAccuracy())
+}
+
+func (m *LinearlyInterpolatedMapping) LowerBound(index int) float64 {
+	return m.approximateInverseLog((float64(index) - m.indexOffset) / m.multiplier)
+}
+
+// Return an approximation of Math.log(x) / Math.log(2)
+func (m *LinearlyInterpolatedMapping) approximateLog(x float64) float64 {
+	bits := math.Float64bits(x)
+	return getExponent(bits) + getSignificandPlusOne(bits) - 1
+}
+
+// The exact inverse of approximateLog.
+func (m *LinearlyInterpolatedMapping) approximateInverseLog(x float64) float64 {
+	exponent := math.Floor(x)
+	significandPlusOne := x - exponent + 1
+	return buildFloat64(int(exponent), significandPlusOne)
+}
+
+func (m *LinearlyInterpolatedMapping) MinIndexableValue() float64 {
+	return m.minIndexableValue
+}
+
+func (m *LinearlyInterpolatedMapping) MaxIndexableValue() float64 {
+	return m.maxIndexableValue
+}
+
+func (m *LinearlyInterpolatedMapping) RelativeAccuracy() float64 {
+	return 1 - 2/(1+math.Exp(math.Log2(m.gamma)))
+}
+
+// Generates a protobuf representation of this LinearlyInterpolatedMapping.
+func (m *LinearlyInterpolatedMapping) ToProto() *sketchpb.IndexMapping {
+	return &sketchpb.IndexMapping{
+		Gamma:         m.gamma,
+		IndexOffset:   m.indexOffset,
+		Interpolation: sketchpb.IndexMapping_LINEAR,
+	}
+}
+
+func (m *LinearlyInterpolatedMapping) Encode(b *[]byte) {
+	enc.EncodeFlag(b, enc.FlagIndexMappingBaseLinear)
+	enc.EncodeFloat64LE(b, m.gamma)
+	enc.EncodeFloat64LE(b, m.indexOffset)
+}
+
+func (m *LinearlyInterpolatedMapping) string() string {
+	var buffer bytes.Buffer
+	buffer.WriteString(fmt.Sprintf("gamma: %v, indexOffset: %v\n", m.gamma, m.indexOffset))
+	return buffer.String()
+}
+
+func withinTolerance(x, y, tolerance float64) bool {
+	if x == 0 || y == 0 {
+		return math.Abs(x) <= tolerance && math.Abs(y) <= tolerance
+	} else {
+		return math.Abs(x-y) <= tolerance*math.Max(math.Abs(x), math.Abs(y))
+	}
+}
+
+var _ IndexMapping = (*LinearlyInterpolatedMapping)(nil)
diff --git a/vendor/github.com/DataDog/sketches-go/ddsketch/mapping/logarithmic_mapping.go b/vendor/github.com/DataDog/sketches-go/ddsketch/mapping/logarithmic_mapping.go
new file mode 100644
index 000000000..474e74d93
--- /dev/null
+++ b/vendor/github.com/DataDog/sketches-go/ddsketch/mapping/logarithmic_mapping.go
@@ -0,0 +1,119 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2021 Datadog, Inc.
+
+package mapping
+
+import (
+	"bytes"
+	"errors"
+	"fmt"
+	"math"
+
+	enc "github.com/DataDog/sketches-go/ddsketch/encoding"
+	"github.com/DataDog/sketches-go/ddsketch/pb/sketchpb"
+)
+
+// LogarithmicMapping is an IndexMapping that is memory-optimal, that is to say
+// that given a targeted relative accuracy, it requires the least number of
+// indices to cover a given range of values. This is done by logarithmically
+// mapping floating-point values to integers.
+type LogarithmicMapping struct {
+	gamma             float64 // base
+	indexOffset       float64
+	multiplier        float64 // precomputed for performance
+	minIndexableValue float64
+	maxIndexableValue float64
+}
+
+func NewLogarithmicMapping(relativeAccuracy float64) (*LogarithmicMapping, error) {
+	if relativeAccuracy <= 0 || relativeAccuracy >= 1 {
+		return nil, errors.New("The relative accuracy must be between 0 and 1.")
+	}
+	gamma := (1 + relativeAccuracy) / (1 - relativeAccuracy) // > 1
+	m, _ := NewLogarithmicMappingWithGamma(gamma, 0)
+	return m, nil
+}
+
+func NewLogarithmicMappingWithGamma(gamma, indexOffset float64) (*LogarithmicMapping, error) {
+	if gamma <= 1 {
+		return nil, errors.New("Gamma must be greater than 1.")
+	}
+	multiplier := 1 / math.Log(gamma)
+	m := &LogarithmicMapping{
+		gamma:       gamma,
+		indexOffset: indexOffset,
+		multiplier:  multiplier,
+		minIndexableValue: math.Max(
+			math.Exp((math.MinInt32-indexOffset)/multiplier+1), // so that index >= MinInt32
+			minNormalFloat64*gamma,
+		),
+		maxIndexableValue: math.Min(
+			math.Exp((math.MaxInt32-indexOffset)/multiplier-1), // so that index <= MaxInt32
+			math.Exp(expOverflow)/(2*gamma)*(gamma+1),          // so that math.Exp does not overflow
+		),
+	}
+	return m, nil
+}
+
+func (m *LogarithmicMapping) Equals(other IndexMapping) bool {
+	o, ok := other.(*LogarithmicMapping)
+	if !ok {
+		return false
+	}
+	tol := 1e-12
+	return withinTolerance(m.gamma, o.gamma, tol) && withinTolerance(m.indexOffset, o.indexOffset, tol)
+}
+
+func (m *LogarithmicMapping) Index(value float64) int {
+	index := math.Log(value)*m.multiplier + m.indexOffset
+	if index >= 0 {
+		return int(index)
+	} else {
+		return int(index) - 1 // faster than Math.Floor
+	}
+}
+
+func (m *LogarithmicMapping) Value(index int) float64 {
+	return m.LowerBound(index) * (1 + m.RelativeAccuracy())
+}
+
+func (m *LogarithmicMapping) LowerBound(index int) float64 {
+	return math.Exp((float64(index) - m.indexOffset) / m.multiplier)
+}
+
+func (m *LogarithmicMapping) MinIndexableValue() float64 {
+	return m.minIndexableValue
+}
+
+func (m *LogarithmicMapping) MaxIndexableValue() float64 {
+	return m.maxIndexableValue
+}
+
+func (m *LogarithmicMapping) RelativeAccuracy() float64 {
+	return 1 - 2/(1+m.gamma)
+}
+
+// Generates a protobuf representation of this LogarithicMapping.
+func (m *LogarithmicMapping) ToProto() *sketchpb.IndexMapping {
+	return &sketchpb.IndexMapping{
+		Gamma:         m.gamma,
+		IndexOffset:   m.indexOffset,
+		Interpolation: sketchpb.IndexMapping_NONE,
+	}
+}
+
+func (m *LogarithmicMapping) Encode(b *[]byte) {
+	enc.EncodeFlag(b, enc.FlagIndexMappingBaseLogarithmic)
+	enc.EncodeFloat64LE(b, m.gamma)
+	enc.EncodeFloat64LE(b, m.indexOffset)
+}
+
+func (m *LogarithmicMapping) string() string {
+	var buffer bytes.Buffer
+	buffer.WriteString(fmt.Sprintf("gamma: %v, indexOffset: %v\n", m.gamma, m.indexOffset))
+	return buffer.String()
+}
+
+var _ IndexMapping = (*LogarithmicMapping)(nil)
diff --git a/vendor/github.com/DataDog/sketches-go/ddsketch/pb/sketchpb/ddsketch.pb.go b/vendor/github.com/DataDog/sketches-go/ddsketch/pb/sketchpb/ddsketch.pb.go
new file mode 100644
index 000000000..9dbd6f293
--- /dev/null
+++ b/vendor/github.com/DataDog/sketches-go/ddsketch/pb/sketchpb/ddsketch.pb.go
@@ -0,0 +1,448 @@
+// Unless explicitly stated otherwise all files in this repository are licensed under the Apache License 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2021 Datadog, Inc.
+
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// 	protoc-gen-go v1.28.0
+// 	protoc        v3.19.4
+// source: ddsketch.proto
+
+package sketchpb
+
+import (
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+	reflect "reflect"
+	sync "sync"
+)
+
+const (
+	// Verify that this generated code is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+	// Verify that runtime/protoimpl is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+type IndexMapping_Interpolation int32
+
+const (
+	IndexMapping_NONE      IndexMapping_Interpolation = 0
+	IndexMapping_LINEAR    IndexMapping_Interpolation = 1
+	IndexMapping_QUADRATIC IndexMapping_Interpolation = 2
+	IndexMapping_CUBIC     IndexMapping_Interpolation = 3
+)
+
+// Enum value maps for IndexMapping_Interpolation.
+var (
+	IndexMapping_Interpolation_name = map[int32]string{
+		0: "NONE",
+		1: "LINEAR",
+		2: "QUADRATIC",
+		3: "CUBIC",
+	}
+	IndexMapping_Interpolation_value = map[string]int32{
+		"NONE":      0,
+		"LINEAR":    1,
+		"QUADRATIC": 2,
+		"CUBIC":     3,
+	}
+)
+
+func (x IndexMapping_Interpolation) Enum() *IndexMapping_Interpolation {
+	p := new(IndexMapping_Interpolation)
+	*p = x
+	return p
+}
+
+func (x IndexMapping_Interpolation) String() string {
+	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
+}
+
+func (IndexMapping_Interpolation) Descriptor() protoreflect.EnumDescriptor {
+	return file_ddsketch_proto_enumTypes[0].Descriptor()
+}
+
+func (IndexMapping_Interpolation) Type() protoreflect.EnumType {
+	return &file_ddsketch_proto_enumTypes[0]
+}
+
+func (x IndexMapping_Interpolation) Number() protoreflect.EnumNumber {
+	return protoreflect.EnumNumber(x)
+}
+
+// Deprecated: Use IndexMapping_Interpolation.Descriptor instead.
+func (IndexMapping_Interpolation) EnumDescriptor() ([]byte, []int) {
+	return file_ddsketch_proto_rawDescGZIP(), []int{1, 0}
+}
+
+// A DDSketch is essentially a histogram that partitions the range of positive values into an infinite number of
+// indexed bins whose size grows exponentially. It keeps track of the number of values (or possibly floating-point
+// weights) added to each bin. Negative values are partitioned like positive values, symmetrically to zero.
+// The value zero as well as its close neighborhood that would be mapped to extreme bin indexes is mapped to a specific
+// counter.
+type DDSketch struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// The mapping between positive values and the bin indexes they belong to.
+	Mapping *IndexMapping `protobuf:"bytes,1,opt,name=mapping,proto3" json:"mapping,omitempty"`
+	// The store for keeping track of positive values.
+	PositiveValues *Store `protobuf:"bytes,2,opt,name=positiveValues,proto3" json:"positiveValues,omitempty"`
+	// The store for keeping track of negative values. A negative value v is mapped using its positive opposite -v.
+	NegativeValues *Store `protobuf:"bytes,3,opt,name=negativeValues,proto3" json:"negativeValues,omitempty"`
+	// The count for the value zero and its close neighborhood (whose width depends on the mapping).
+	ZeroCount float64 `protobuf:"fixed64,4,opt,name=zeroCount,proto3" json:"zeroCount,omitempty"`
+}
+
+func (x *DDSketch) Reset() {
+	*x = DDSketch{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_ddsketch_proto_msgTypes[0]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *DDSketch) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*DDSketch) ProtoMessage() {}
+
+func (x *DDSketch) ProtoReflect() protoreflect.Message {
+	mi := &file_ddsketch_proto_msgTypes[0]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use DDSketch.ProtoReflect.Descriptor instead.
+func (*DDSketch) Descriptor() ([]byte, []int) {
+	return file_ddsketch_proto_rawDescGZIP(), []int{0}
+}
+
+func (x *DDSketch) GetMapping() *IndexMapping {
+	if x != nil {
+		return x.Mapping
+	}
+	return nil
+}
+
+func (x *DDSketch) GetPositiveValues() *Store {
+	if x != nil {
+		return x.PositiveValues
+	}
+	return nil
+}
+
+func (x *DDSketch) GetNegativeValues() *Store {
+	if x != nil {
+		return x.NegativeValues
+	}
+	return nil
+}
+
+func (x *DDSketch) GetZeroCount() float64 {
+	if x != nil {
+		return x.ZeroCount
+	}
+	return 0
+}
+
+// How to map positive values to the bins they belong to.
+type IndexMapping struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// The gamma parameter of the mapping, such that bin index that a value v belongs to is roughly equal to
+	// log(v)/log(gamma).
+	Gamma float64 `protobuf:"fixed64,1,opt,name=gamma,proto3" json:"gamma,omitempty"`
+	// An offset that can be used to shift all bin indexes.
+	IndexOffset float64 `protobuf:"fixed64,2,opt,name=indexOffset,proto3" json:"indexOffset,omitempty"`
+	// To speed up the computation of the index a value belongs to, the computation of the log may be approximated using
+	// the fact that the log to the base 2 of powers of 2 can be computed at a low cost from the binary representation of
+	// the input value. Other values can be approximated by interpolating between successive powers of 2 (linearly,
+	// quadratically or cubically).
+	// NONE means that the log is to be computed exactly (no interpolation).
+	Interpolation IndexMapping_Interpolation `protobuf:"varint,3,opt,name=interpolation,proto3,enum=IndexMapping_Interpolation" json:"interpolation,omitempty"`
+}
+
+func (x *IndexMapping) Reset() {
+	*x = IndexMapping{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_ddsketch_proto_msgTypes[1]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *IndexMapping) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*IndexMapping) ProtoMessage() {}
+
+func (x *IndexMapping) ProtoReflect() protoreflect.Message {
+	mi := &file_ddsketch_proto_msgTypes[1]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use IndexMapping.ProtoReflect.Descriptor instead.
+func (*IndexMapping) Descriptor() ([]byte, []int) {
+	return file_ddsketch_proto_rawDescGZIP(), []int{1}
+}
+
+func (x *IndexMapping) GetGamma() float64 {
+	if x != nil {
+		return x.Gamma
+	}
+	return 0
+}
+
+func (x *IndexMapping) GetIndexOffset() float64 {
+	if x != nil {
+		return x.IndexOffset
+	}
+	return 0
+}
+
+func (x *IndexMapping) GetInterpolation() IndexMapping_Interpolation {
+	if x != nil {
+		return x.Interpolation
+	}
+	return IndexMapping_NONE
+}
+
+// A Store maps bin indexes to their respective counts.
+// Counts can be encoded sparsely using binCounts, but also in a contiguous way using contiguousBinCounts and
+// contiguousBinIndexOffset. Given that non-empty bins are in practice usually contiguous or close to one another, the
+// latter contiguous encoding method is usually more efficient than the sparse one.
+// Both encoding methods can be used conjointly. If a bin appears in both the sparse and the contiguous encodings, its
+// count value is the sum of the counts in each encodings.
+type Store struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// The bin counts, encoded sparsely.
+	BinCounts map[int32]float64 `protobuf:"bytes,1,rep,name=binCounts,proto3" json:"binCounts,omitempty" protobuf_key:"zigzag32,1,opt,name=key,proto3" protobuf_val:"fixed64,2,opt,name=value,proto3"`
+	// The bin counts, encoded contiguously. The values of contiguousBinCounts are the counts for the bins of indexes
+	// o, o+1, o+2, etc., where o is contiguousBinIndexOffset.
+	ContiguousBinCounts      []float64 `protobuf:"fixed64,2,rep,packed,name=contiguousBinCounts,proto3" json:"contiguousBinCounts,omitempty"`
+	ContiguousBinIndexOffset int32     `protobuf:"zigzag32,3,opt,name=contiguousBinIndexOffset,proto3" json:"contiguousBinIndexOffset,omitempty"`
+}
+
+func (x *Store) Reset() {
+	*x = Store{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_ddsketch_proto_msgTypes[2]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *Store) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*Store) ProtoMessage() {}
+
+func (x *Store) ProtoReflect() protoreflect.Message {
+	mi := &file_ddsketch_proto_msgTypes[2]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use Store.ProtoReflect.Descriptor instead.
+func (*Store) Descriptor() ([]byte, []int) {
+	return file_ddsketch_proto_rawDescGZIP(), []int{2}
+}
+
+func (x *Store) GetBinCounts() map[int32]float64 {
+	if x != nil {
+		return x.BinCounts
+	}
+	return nil
+}
+
+func (x *Store) GetContiguousBinCounts() []float64 {
+	if x != nil {
+		return x.ContiguousBinCounts
+	}
+	return nil
+}
+
+func (x *Store) GetContiguousBinIndexOffset() int32 {
+	if x != nil {
+		return x.ContiguousBinIndexOffset
+	}
+	return 0
+}
+
+var File_ddsketch_proto protoreflect.FileDescriptor
+
+var file_ddsketch_proto_rawDesc = []byte{
+	0x0a, 0x0e, 0x64, 0x64, 0x73, 0x6b, 0x65, 0x74, 0x63, 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
+	0x22, 0xb1, 0x01, 0x0a, 0x08, 0x44, 0x44, 0x53, 0x6b, 0x65, 0x74, 0x63, 0x68, 0x12, 0x27, 0x0a,
+	0x07, 0x6d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0d,
+	0x2e, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x52, 0x07, 0x6d,
+	0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x12, 0x2e, 0x0a, 0x0e, 0x70, 0x6f, 0x73, 0x69, 0x74, 0x69,
+	0x76, 0x65, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x06,
+	0x2e, 0x53, 0x74, 0x6f, 0x72, 0x65, 0x52, 0x0e, 0x70, 0x6f, 0x73, 0x69, 0x74, 0x69, 0x76, 0x65,
+	0x56, 0x61, 0x6c, 0x75, 0x65, 0x73, 0x12, 0x2e, 0x0a, 0x0e, 0x6e, 0x65, 0x67, 0x61, 0x74, 0x69,
+	0x76, 0x65, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x06,
+	0x2e, 0x53, 0x74, 0x6f, 0x72, 0x65, 0x52, 0x0e, 0x6e, 0x65, 0x67, 0x61, 0x74, 0x69, 0x76, 0x65,
+	0x56, 0x61, 0x6c, 0x75, 0x65, 0x73, 0x12, 0x1c, 0x0a, 0x09, 0x7a, 0x65, 0x72, 0x6f, 0x43, 0x6f,
+	0x75, 0x6e, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x01, 0x52, 0x09, 0x7a, 0x65, 0x72, 0x6f, 0x43,
+	0x6f, 0x75, 0x6e, 0x74, 0x22, 0xca, 0x01, 0x0a, 0x0c, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x4d, 0x61,
+	0x70, 0x70, 0x69, 0x6e, 0x67, 0x12, 0x14, 0x0a, 0x05, 0x67, 0x61, 0x6d, 0x6d, 0x61, 0x18, 0x01,
+	0x20, 0x01, 0x28, 0x01, 0x52, 0x05, 0x67, 0x61, 0x6d, 0x6d, 0x61, 0x12, 0x20, 0x0a, 0x0b, 0x69,
+	0x6e, 0x64, 0x65, 0x78, 0x4f, 0x66, 0x66, 0x73, 0x65, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x01,
+	0x52, 0x0b, 0x69, 0x6e, 0x64, 0x65, 0x78, 0x4f, 0x66, 0x66, 0x73, 0x65, 0x74, 0x12, 0x41, 0x0a,
+	0x0d, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x6f, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x03,
+	0x20, 0x01, 0x28, 0x0e, 0x32, 0x1b, 0x2e, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x4d, 0x61, 0x70, 0x70,
+	0x69, 0x6e, 0x67, 0x2e, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x6f, 0x6c, 0x61, 0x74, 0x69, 0x6f,
+	0x6e, 0x52, 0x0d, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x6f, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e,
+	0x22, 0x3f, 0x0a, 0x0d, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x6f, 0x6c, 0x61, 0x74, 0x69, 0x6f,
+	0x6e, 0x12, 0x08, 0x0a, 0x04, 0x4e, 0x4f, 0x4e, 0x45, 0x10, 0x00, 0x12, 0x0a, 0x0a, 0x06, 0x4c,
+	0x49, 0x4e, 0x45, 0x41, 0x52, 0x10, 0x01, 0x12, 0x0d, 0x0a, 0x09, 0x51, 0x55, 0x41, 0x44, 0x52,
+	0x41, 0x54, 0x49, 0x43, 0x10, 0x02, 0x12, 0x09, 0x0a, 0x05, 0x43, 0x55, 0x42, 0x49, 0x43, 0x10,
+	0x03, 0x22, 0xec, 0x01, 0x0a, 0x05, 0x53, 0x74, 0x6f, 0x72, 0x65, 0x12, 0x33, 0x0a, 0x09, 0x62,
+	0x69, 0x6e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x15,
+	0x2e, 0x53, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x42, 0x69, 0x6e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x73,
+	0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x09, 0x62, 0x69, 0x6e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x73,
+	0x12, 0x34, 0x0a, 0x13, 0x63, 0x6f, 0x6e, 0x74, 0x69, 0x67, 0x75, 0x6f, 0x75, 0x73, 0x42, 0x69,
+	0x6e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x01, 0x42, 0x02, 0x10,
+	0x01, 0x52, 0x13, 0x63, 0x6f, 0x6e, 0x74, 0x69, 0x67, 0x75, 0x6f, 0x75, 0x73, 0x42, 0x69, 0x6e,
+	0x43, 0x6f, 0x75, 0x6e, 0x74, 0x73, 0x12, 0x3a, 0x0a, 0x18, 0x63, 0x6f, 0x6e, 0x74, 0x69, 0x67,
+	0x75, 0x6f, 0x75, 0x73, 0x42, 0x69, 0x6e, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x4f, 0x66, 0x66, 0x73,
+	0x65, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x11, 0x52, 0x18, 0x63, 0x6f, 0x6e, 0x74, 0x69, 0x67,
+	0x75, 0x6f, 0x75, 0x73, 0x42, 0x69, 0x6e, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x4f, 0x66, 0x66, 0x73,
+	0x65, 0x74, 0x1a, 0x3c, 0x0a, 0x0e, 0x42, 0x69, 0x6e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x73, 0x45,
+	0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28,
+	0x11, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18,
+	0x02, 0x20, 0x01, 0x28, 0x01, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01,
+	0x42, 0x35, 0x5a, 0x33, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x44,
+	0x61, 0x74, 0x61, 0x44, 0x6f, 0x67, 0x2f, 0x73, 0x6b, 0x65, 0x74, 0x63, 0x68, 0x65, 0x73, 0x2d,
+	0x67, 0x6f, 0x2f, 0x64, 0x64, 0x73, 0x6b, 0x65, 0x74, 0x63, 0x68, 0x2f, 0x70, 0x62, 0x2f, 0x73,
+	0x6b, 0x65, 0x74, 0x63, 0x68, 0x70, 0x62, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+}
+
+var (
+	file_ddsketch_proto_rawDescOnce sync.Once
+	file_ddsketch_proto_rawDescData = file_ddsketch_proto_rawDesc
+)
+
+func file_ddsketch_proto_rawDescGZIP() []byte {
+	file_ddsketch_proto_rawDescOnce.Do(func() {
+		file_ddsketch_proto_rawDescData = protoimpl.X.CompressGZIP(file_ddsketch_proto_rawDescData)
+	})
+	return file_ddsketch_proto_rawDescData
+}
+
+var file_ddsketch_proto_enumTypes = make([]protoimpl.EnumInfo, 1)
+var file_ddsketch_proto_msgTypes = make([]protoimpl.MessageInfo, 4)
+var file_ddsketch_proto_goTypes = []interface{}{
+	(IndexMapping_Interpolation)(0), // 0: IndexMapping.Interpolation
+	(*DDSketch)(nil),                // 1: DDSketch
+	(*IndexMapping)(nil),            // 2: IndexMapping
+	(*Store)(nil),                   // 3: Store
+	nil,                             // 4: Store.BinCountsEntry
+}
+var file_ddsketch_proto_depIdxs = []int32{
+	2, // 0: DDSketch.mapping:type_name -> IndexMapping
+	3, // 1: DDSketch.positiveValues:type_name -> Store
+	3, // 2: DDSketch.negativeValues:type_name -> Store
+	0, // 3: IndexMapping.interpolation:type_name -> IndexMapping.Interpolation
+	4, // 4: Store.binCounts:type_name -> Store.BinCountsEntry
+	5, // [5:5] is the sub-list for method output_type
+	5, // [5:5] is the sub-list for method input_type
+	5, // [5:5] is the sub-list for extension type_name
+	5, // [5:5] is the sub-list for extension extendee
+	0, // [0:5] is the sub-list for field type_name
+}
+
+func init() { file_ddsketch_proto_init() }
+func file_ddsketch_proto_init() {
+	if File_ddsketch_proto != nil {
+		return
+	}
+	if !protoimpl.UnsafeEnabled {
+		file_ddsketch_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*DDSketch); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_ddsketch_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*IndexMapping); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_ddsketch_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*Store); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+	}
+	type x struct{}
+	out := protoimpl.TypeBuilder{
+		File: protoimpl.DescBuilder{
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+			RawDescriptor: file_ddsketch_proto_rawDesc,
+			NumEnums:      1,
+			NumMessages:   4,
+			NumExtensions: 0,
+			NumServices:   0,
+		},
+		GoTypes:           file_ddsketch_proto_goTypes,
+		DependencyIndexes: file_ddsketch_proto_depIdxs,
+		EnumInfos:         file_ddsketch_proto_enumTypes,
+		MessageInfos:      file_ddsketch_proto_msgTypes,
+	}.Build()
+	File_ddsketch_proto = out.File
+	file_ddsketch_proto_rawDesc = nil
+	file_ddsketch_proto_goTypes = nil
+	file_ddsketch_proto_depIdxs = nil
+}
diff --git a/vendor/github.com/DataDog/sketches-go/ddsketch/stat/summary.go b/vendor/github.com/DataDog/sketches-go/ddsketch/stat/summary.go
new file mode 100644
index 000000000..5d56f3944
--- /dev/null
+++ b/vendor/github.com/DataDog/sketches-go/ddsketch/stat/summary.go
@@ -0,0 +1,171 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2021 Datadog, Inc.
+
+package stat
+
+import (
+	"fmt"
+	"math"
+)
+
+// SummaryStatistics keeps track of the count, the sum, the min and the max of
+// recorded values. We use a compensated sum to avoid accumulating rounding
+// errors (see https://en.wikipedia.org/wiki/Kahan_summation_algorithm).
+type SummaryStatistics struct {
+	count           float64
+	sum             float64
+	sumCompensation float64
+	simpleSum       float64
+	min             float64
+	max             float64
+}
+
+func NewSummaryStatistics() *SummaryStatistics {
+	return &SummaryStatistics{
+		count:           0,
+		sum:             0,
+		sumCompensation: 0,
+		simpleSum:       0,
+		min:             math.Inf(1),
+		max:             math.Inf(-1),
+	}
+}
+
+// NewSummaryStatisticsFromData constructs SummaryStatistics from the provided data.
+func NewSummaryStatisticsFromData(count, sum, min, max float64) (*SummaryStatistics, error) {
+	if !(count >= 0) {
+		return nil, fmt.Errorf("count (%g) must be positive or zero", count)
+	}
+	if count > 0 && min > max {
+		return nil, fmt.Errorf("min (%g) cannot be greater than max (%g) if count (%g) is positive", min, max, count)
+	}
+	if count == 0 && (min != math.Inf(1) || max != math.Inf(-1)) {
+		return nil, fmt.Errorf("empty summary statistics must have min (%g) and max (%g) equal to positive and negative infinities respectively", min, max)
+	}
+	return &SummaryStatistics{
+		count:           count,
+		sum:             sum,
+		sumCompensation: 0,
+		simpleSum:       sum,
+		min:             min,
+		max:             max,
+	}, nil
+}
+
+func (s *SummaryStatistics) Count() float64 {
+	return s.count
+}
+
+func (s *SummaryStatistics) Sum() float64 {
+	// Better error bounds to add both terms as the final sum
+	tmp := s.sum + s.sumCompensation
+	if math.IsNaN(tmp) && math.IsInf(s.simpleSum, 0) {
+		// If the compensated sum is spuriously NaN from accumulating one or more same-signed infinite
+		// values, return the correctly-signed infinity stored in simpleSum.
+		return s.simpleSum
+	} else {
+		return tmp
+	}
+}
+
+func (s *SummaryStatistics) Min() float64 {
+	return s.min
+}
+
+func (s *SummaryStatistics) Max() float64 {
+	return s.max
+}
+
+func (s *SummaryStatistics) Add(value, count float64) {
+	s.AddToCount(count)
+	s.AddToSum(value * count)
+	if value < s.min {
+		s.min = value
+	}
+	if value > s.max {
+		s.max = value
+	}
+}
+
+func (s *SummaryStatistics) AddToCount(addend float64) {
+	s.count += addend
+}
+
+func (s *SummaryStatistics) AddToSum(addend float64) {
+	s.sumWithCompensation(addend)
+	s.simpleSum += addend
+}
+
+func (s *SummaryStatistics) MergeWith(o *SummaryStatistics) {
+	s.count += o.count
+	s.sumWithCompensation(o.sum)
+	s.sumWithCompensation(o.sumCompensation)
+	s.simpleSum += o.simpleSum
+	if o.min < s.min {
+		s.min = o.min
+	}
+	if o.max > s.max {
+		s.max = o.max
+	}
+}
+
+func (s *SummaryStatistics) sumWithCompensation(value float64) {
+	tmp := value - s.sumCompensation
+	velvel := s.sum + tmp // little wolf of rounding error
+	s.sumCompensation = velvel - s.sum - tmp
+	s.sum = velvel
+}
+
+// Reweight adjusts the statistics so that they are equal to what they would
+// have been if AddWithCount had been called with counts multiplied by factor.
+func (s *SummaryStatistics) Reweight(factor float64) {
+	s.count *= factor
+	s.sum *= factor
+	s.sumCompensation *= factor
+	s.simpleSum *= factor
+	if factor == 0 {
+		s.min = math.Inf(1)
+		s.max = math.Inf(-1)
+	}
+}
+
+// Rescale adjusts the statistics so that they are equal to what they would have
+// been if AddWithCount had been called with values multiplied by factor.
+func (s *SummaryStatistics) Rescale(factor float64) {
+	s.sum *= factor
+	s.sumCompensation *= factor
+	s.simpleSum *= factor
+	if factor > 0 {
+		s.min *= factor
+		s.max *= factor
+	} else if factor < 0 {
+		tmp := s.max * factor
+		s.max = s.min * factor
+		s.min = tmp
+	} else if s.count != 0 {
+		s.min = 0
+		s.max = 0
+	}
+}
+
+func (s *SummaryStatistics) Clear() {
+	s.count = 0
+	s.sum = 0
+	s.sumCompensation = 0
+	s.simpleSum = 0
+	s.min = math.Inf(1)
+	s.max = math.Inf(-1)
+}
+
+func (s *SummaryStatistics) Copy() *SummaryStatistics {
+	return &SummaryStatistics{
+		count:           s.count,
+		sum:             s.sum,
+		sumCompensation: s.sumCompensation,
+		simpleSum:       s.simpleSum,
+		min:             s.min,
+		max:             s.max,
+	}
+}
diff --git a/vendor/github.com/DataDog/sketches-go/ddsketch/store/bin.go b/vendor/github.com/DataDog/sketches-go/ddsketch/store/bin.go
new file mode 100644
index 000000000..19843ba9e
--- /dev/null
+++ b/vendor/github.com/DataDog/sketches-go/ddsketch/store/bin.go
@@ -0,0 +1,28 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2021 Datadog, Inc.
+
+package store
+
+import "errors"
+
+type Bin struct {
+	index int
+	count float64
+}
+
+func NewBin(index int, count float64) (*Bin, error) {
+	if count < 0 {
+		return nil, errors.New("The count cannot be negative")
+	}
+	return &Bin{index: index, count: count}, nil
+}
+
+func (b Bin) Index() int {
+	return b.index
+}
+
+func (b Bin) Count() float64 {
+	return b.count
+}
diff --git a/vendor/github.com/DataDog/sketches-go/ddsketch/store/buffered_paginated.go b/vendor/github.com/DataDog/sketches-go/ddsketch/store/buffered_paginated.go
new file mode 100644
index 000000000..11f43107d
--- /dev/null
+++ b/vendor/github.com/DataDog/sketches-go/ddsketch/store/buffered_paginated.go
@@ -0,0 +1,667 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2021 Datadog, Inc.
+
+package store
+
+import (
+	"errors"
+	"sort"
+
+	enc "github.com/DataDog/sketches-go/ddsketch/encoding"
+	"github.com/DataDog/sketches-go/ddsketch/pb/sketchpb"
+)
+
+const (
+	ptrSize         = 32 << (^uintptr(0) >> 63)
+	intSize         = 32 << (^uint(0) >> 63)
+	float64size     = 64
+	bufferEntrySize = intSize
+	countSize       = float64size
+
+	defaultPageLenLog2 = 5 // pageLen = 32
+)
+
+// BufferedPaginatedStore allocates storage for counts in aligned fixed-size
+// pages, themselves stored in a dynamically-sized slice. A page encodes the
+// counts for a contiguous range of indexes, and two pages that are contiguous
+// in the slice encode ranges that are contiguous. In addition, input indexes
+// that are added to the store with a count equal to 1 can be stored in a
+// buffer.
+// The store favors using the buffer and only creates pages when the memory size
+// of the page is no greater than the memory space that is needed to keep in the
+// buffer the indexes that could otherwise be encoded in that page. That means
+// that some indexes may stay indefinitely in the buffer if, to be removed from
+// the buffer, they would create a page that is almost empty. The process that
+// transfers indexes from the buffer to pages is called compaction.
+// This store never collapses or merges bins, therefore, it does not introduce
+// any error in itself. In particular, MinIndex(), MaxIndex(), Bins() and
+// KeyAtRank() return exact results.
+// There is no upper bound on the memory size that this store needs to encode
+// input indexes, and some input data distributions may make it reach large
+// sizes. However, thanks to the buffer and the fact that only required pages
+// are allocated, it can be much more space efficient than alternative stores,
+// especially dense stores, in various situations, including when only few
+// indexes are added (with their counts equal to 1), when the input data has a
+// few outliers or when the input data distribution is multimodal.
+type BufferedPaginatedStore struct {
+	buffer                     []int // FIXME: in practice, int32 (even int16, depending on the accuracy parameter) is enough
+	bufferCompactionTriggerLen int   // compaction happens only after this buffer length is reached
+
+	pages        [][]float64 // len == cap, the slice is always used to its maximum capacity
+	minPageIndex int         // minPageIndex == maxInt iff pages are unused (they may still be allocated)
+	pageLenLog2  int
+	pageLenMask  int
+}
+
+func NewBufferedPaginatedStore() *BufferedPaginatedStore {
+	initialBufferCapacity := 4
+	pageLenLog2 := defaultPageLenLog2
+	pageLen := 1 << pageLenLog2
+
+	return &BufferedPaginatedStore{
+		buffer:                     make([]int, 0, initialBufferCapacity),
+		bufferCompactionTriggerLen: 2 * pageLen,
+		pages:                      nil,
+		minPageIndex:               maxInt,
+		pageLenLog2:                pageLenLog2,
+		pageLenMask:                pageLen - 1,
+	}
+}
+
+// pageIndex returns the page number the given index falls on.
+func (s *BufferedPaginatedStore) pageIndex(index int) int {
+	return index >> s.pageLenLog2
+}
+
+// lineIndex returns the line number within a page that the given index falls on.
+func (s *BufferedPaginatedStore) lineIndex(index int) int {
+	return index & s.pageLenMask
+}
+
+// index returns the store-level index for a given page number and a line within that page.
+func (s *BufferedPaginatedStore) index(pageIndex, lineIndex int) int {
+	return pageIndex<<s.pageLenLog2 + lineIndex
+}
+
+// page returns the page for the provided pageIndex, or nil. When unexisting,
+// the page is created if and only if ensureExists is true.
+func (s *BufferedPaginatedStore) page(pageIndex int, ensureExists bool) []float64 {
+	pageLen := 1 << s.pageLenLog2
+
+	if pageIndex >= s.minPageIndex && pageIndex < s.minPageIndex+len(s.pages) {
+		// No need to extend s.pages.
+		page := &s.pages[pageIndex-s.minPageIndex]
+		if ensureExists && len(*page) == 0 {
+			*page = append(*page, make([]float64, pageLen)...)
+		}
+		return *page
+	}
+
+	if !ensureExists {
+		return nil
+	}
+
+	if pageIndex < s.minPageIndex {
+		if s.minPageIndex == maxInt {
+			if len(s.pages) == 0 {
+				s.pages = append(s.pages, make([][]float64, s.newPagesLen(1))...)
+			}
+			s.minPageIndex = pageIndex - len(s.pages)/2
+		} else {
+			// Extends s.pages left.
+			newLen := s.newPagesLen(s.minPageIndex - pageIndex + 1 + len(s.pages))
+			addedLen := newLen - len(s.pages)
+			s.pages = append(s.pages, make([][]float64, addedLen)...)
+			copy(s.pages[addedLen:], s.pages)
+			for i := 0; i < addedLen; i++ {
+				s.pages[i] = nil
+			}
+			s.minPageIndex -= addedLen
+		}
+	} else {
+		// Extends s.pages right.
+		s.pages = append(s.pages, make([][]float64, s.newPagesLen(pageIndex-s.minPageIndex+1)-len(s.pages))...)
+	}
+
+	page := &s.pages[pageIndex-s.minPageIndex]
+	if len(*page) == 0 {
+		*page = append(*page, make([]float64, pageLen)...)
+	}
+	return *page
+}
+
+func (s *BufferedPaginatedStore) newPagesLen(required int) int {
+	// Grow in size by multiples of 64 bytes
+	pageGrowthIncrement := 64 * 8 / ptrSize
+	return (required + pageGrowthIncrement - 1) & -pageGrowthIncrement
+}
+
+// compact transfers indexes from the buffer to the pages. It only creates new
+// pages if they can encode enough buffered indexes so that it frees more space
+// in the buffer than the new page takes.
+func (s *BufferedPaginatedStore) compact() {
+	pageLen := 1 << s.pageLenLog2
+
+	s.sortBuffer()
+
+	for bufferPos := 0; bufferPos < len(s.buffer); {
+		bufferPageStart := bufferPos
+		pageIndex := s.pageIndex(s.buffer[bufferPageStart])
+		bufferPos++
+		for bufferPos < len(s.buffer) && s.pageIndex(s.buffer[bufferPos]) == pageIndex {
+			bufferPos++
+		}
+		bufferPageEnd := bufferPos
+
+		// We avoid creating a new page if it would take more memory space than
+		// what we would free in the buffer. Note that even when the page itself
+		// takes less memory space than the buffered indexes that can be encoded
+		// in the page, because we may have to extend s.pages, the store may end
+		// up larger. However, for the sake of simplicity, we ignore the length
+		// of s.pages.
+		ensureExists := (bufferPageEnd-bufferPageStart)*bufferEntrySize >= pageLen*float64size
+		newPage := s.page(pageIndex, ensureExists)
+		if len(newPage) > 0 {
+			for _, index := range s.buffer[bufferPageStart:bufferPageEnd] {
+				newPage[s.lineIndex(index)]++
+			}
+			copy(s.buffer[bufferPageStart:], s.buffer[bufferPageEnd:])
+			s.buffer = s.buffer[:len(s.buffer)+bufferPageStart-bufferPageEnd]
+			bufferPos = bufferPageStart
+		}
+	}
+
+	s.bufferCompactionTriggerLen = len(s.buffer) + pageLen
+}
+
+func (s *BufferedPaginatedStore) sortBuffer() {
+	sort.Slice(s.buffer, func(i, j int) bool { return s.buffer[i] < s.buffer[j] })
+}
+
+func (s *BufferedPaginatedStore) Add(index int) {
+	pageIndex := s.pageIndex(index)
+	if pageIndex >= s.minPageIndex && pageIndex < s.minPageIndex+len(s.pages) {
+		page := s.pages[pageIndex-s.minPageIndex]
+		if len(page) > 0 {
+			page[s.lineIndex(index)]++
+			return
+		}
+	}
+
+	// The page does not exist, use the buffer.
+	if len(s.buffer) == cap(s.buffer) && len(s.buffer) >= s.bufferCompactionTriggerLen {
+		s.compact()
+	}
+
+	s.buffer = append(s.buffer, index)
+}
+
+func (s *BufferedPaginatedStore) AddBin(bin Bin) {
+	s.AddWithCount(bin.Index(), bin.Count())
+}
+
+func (s *BufferedPaginatedStore) AddWithCount(index int, count float64) {
+	if count == 0 {
+		return
+	} else if count == 1 {
+		s.Add(index)
+	} else {
+		s.page(s.pageIndex(index), true)[s.lineIndex(index)] += count
+	}
+}
+
+func (s *BufferedPaginatedStore) IsEmpty() bool {
+	if len(s.buffer) > 0 {
+		return false
+	}
+	for _, page := range s.pages {
+		for _, count := range page {
+			if count > 0 {
+				return false
+			}
+		}
+	}
+	return true
+}
+
+func (s *BufferedPaginatedStore) TotalCount() float64 {
+	totalCount := float64(len(s.buffer))
+	for _, page := range s.pages {
+		for _, count := range page {
+			totalCount += count
+		}
+	}
+	return totalCount
+}
+
+func (s *BufferedPaginatedStore) MinIndex() (int, error) {
+	isEmpty := true
+
+	// Iterate over the buffer.
+	var minIndex int
+	for _, index := range s.buffer {
+		if isEmpty || index < minIndex {
+			isEmpty = false
+			minIndex = index
+		}
+	}
+
+	// Iterate over the pages.
+	for pageIndex := s.minPageIndex; pageIndex < s.minPageIndex+len(s.pages) && (isEmpty || pageIndex <= s.pageIndex(minIndex)); pageIndex++ {
+		page := s.pages[pageIndex-s.minPageIndex]
+		if len(page) == 0 {
+			continue
+		}
+
+		var lineIndexRangeEnd int
+		if !isEmpty && pageIndex == s.pageIndex(minIndex) {
+			lineIndexRangeEnd = s.lineIndex(minIndex)
+		} else {
+			lineIndexRangeEnd = 1 << s.pageLenLog2
+		}
+
+		for lineIndex := 0; lineIndex < lineIndexRangeEnd; lineIndex++ {
+			if page[lineIndex] > 0 {
+				return s.index(pageIndex, lineIndex), nil
+			}
+		}
+	}
+
+	if isEmpty {
+		return 0, errUndefinedMinIndex
+	} else {
+		return minIndex, nil
+	}
+}
+
+func (s *BufferedPaginatedStore) MaxIndex() (int, error) {
+	isEmpty := true
+
+	// Iterate over the buffer.
+	var maxIndex int
+	for _, index := range s.buffer {
+		if isEmpty || index > maxIndex {
+			isEmpty = false
+			maxIndex = index
+		}
+	}
+
+	// Iterate over the pages.
+	for pageIndex := s.minPageIndex + len(s.pages) - 1; pageIndex >= s.minPageIndex && (isEmpty || pageIndex >= s.pageIndex(maxIndex)); pageIndex-- {
+		page := s.pages[pageIndex-s.minPageIndex]
+		if len(page) == 0 {
+			continue
+		}
+
+		var lineIndexRangeStart int
+		if !isEmpty && pageIndex == s.pageIndex(maxIndex) {
+			lineIndexRangeStart = s.lineIndex(maxIndex)
+		} else {
+			lineIndexRangeStart = 0
+		}
+
+		for lineIndex := len(page) - 1; lineIndex >= lineIndexRangeStart; lineIndex-- {
+			if page[lineIndex] > 0 {
+				return s.index(pageIndex, lineIndex), nil
+			}
+		}
+	}
+
+	if isEmpty {
+		return 0, errUndefinedMaxIndex
+	} else {
+		return maxIndex, nil
+	}
+}
+
+func (s *BufferedPaginatedStore) KeyAtRank(rank float64) int {
+	if rank < 0 {
+		rank = 0
+	}
+	key, err := s.minIndexWithCumulCount(func(cumulCount float64) bool {
+		return cumulCount > rank
+	})
+
+	if err != nil {
+		maxIndex, err := s.MaxIndex()
+		if err == nil {
+			return maxIndex
+		} else {
+			// FIXME: make Store's KeyAtRank consistent with MinIndex and MaxIndex
+			return 0
+		}
+	}
+	return key
+}
+
+// minIndexWithCumulCount returns the minimum index whose cumulative count (that
+// is, the sum of the counts associated with the indexes less than or equal to
+// the index) verifies the predicate.
+func (s *BufferedPaginatedStore) minIndexWithCumulCount(predicate func(float64) bool) (int, error) {
+	s.sortBuffer()
+	cumulCount := float64(0)
+
+	// Iterate over the pages and the buffer simultaneously.
+	bufferPos := 0
+	for pageOffset, page := range s.pages {
+		for lineIndex, count := range page {
+			index := s.index(s.minPageIndex+pageOffset, lineIndex)
+
+			// Iterate over the buffer until index is reached.
+			for ; bufferPos < len(s.buffer) && s.buffer[bufferPos] < index; bufferPos++ {
+				cumulCount++
+				if predicate(cumulCount) {
+					return s.buffer[bufferPos], nil
+				}
+			}
+			cumulCount += count
+			if predicate(cumulCount) {
+				return index, nil
+			}
+		}
+	}
+
+	// Iterate over the rest of the buffer
+	for ; bufferPos < len(s.buffer); bufferPos++ {
+		cumulCount++
+		if predicate(cumulCount) {
+			return s.buffer[bufferPos], nil
+		}
+	}
+
+	return 0, errors.New("the predicate on the cumulative count is never verified")
+}
+
+func (s *BufferedPaginatedStore) MergeWith(other Store) {
+	o, ok := other.(*BufferedPaginatedStore)
+	if ok && s.pageLenLog2 == o.pageLenLog2 {
+		// Merge pages.
+		for oPageOffset, oPage := range o.pages {
+			if len(oPage) == 0 {
+				continue
+			}
+			oPageIndex := o.minPageIndex + oPageOffset
+			page := s.page(oPageIndex, true)
+			for i, oCount := range oPage {
+				page[i] += oCount
+			}
+		}
+
+		// Merge buffers.
+		for _, index := range o.buffer {
+			s.Add(index)
+		}
+	} else {
+		// Fallback merging.
+		other.ForEach(func(index int, count float64) (stop bool) {
+			s.AddWithCount(index, count)
+			return false
+		})
+	}
+}
+
+func (s *BufferedPaginatedStore) MergeWithProto(pb *sketchpb.Store) {
+	for index, count := range pb.BinCounts {
+		s.AddWithCount(int(index), count)
+	}
+	for indexOffset, count := range pb.ContiguousBinCounts {
+		s.AddWithCount(int(pb.ContiguousBinIndexOffset)+indexOffset, count)
+	}
+}
+
+func (s *BufferedPaginatedStore) Bins() <-chan Bin {
+	s.sortBuffer()
+	ch := make(chan Bin)
+	go func() {
+		defer close(ch)
+		bufferPos := 0
+
+		// Iterate over the pages and the buffer simultaneously.
+		for pageOffset, page := range s.pages {
+			for lineIndex, count := range page {
+				if count == 0 {
+					continue
+				}
+
+				index := s.index(s.minPageIndex+pageOffset, lineIndex)
+
+				// Iterate over the buffer until index is reached.
+				var indexBufferStartPos int
+				for {
+					indexBufferStartPos = bufferPos
+					if indexBufferStartPos >= len(s.buffer) || s.buffer[indexBufferStartPos] > index {
+						break
+					}
+					bufferPos++
+					for bufferPos < len(s.buffer) && s.buffer[bufferPos] == s.buffer[indexBufferStartPos] {
+						bufferPos++
+					}
+					if s.buffer[indexBufferStartPos] == index {
+						break
+					}
+					ch <- Bin{index: s.buffer[indexBufferStartPos], count: float64(bufferPos - indexBufferStartPos)}
+				}
+				ch <- Bin{index: index, count: count + float64(bufferPos-indexBufferStartPos)}
+			}
+		}
+
+		// Iterate over the rest of the buffer.
+		for bufferPos < len(s.buffer) {
+			indexBufferStartPos := bufferPos
+			bufferPos++
+			for bufferPos < len(s.buffer) && s.buffer[bufferPos] == s.buffer[indexBufferStartPos] {
+				bufferPos++
+			}
+			bin := Bin{index: s.buffer[indexBufferStartPos], count: float64(bufferPos - indexBufferStartPos)}
+			ch <- bin
+		}
+	}()
+	return ch
+}
+
+func (s *BufferedPaginatedStore) ForEach(f func(index int, count float64) (stop bool)) {
+	s.sortBuffer()
+	bufferPos := 0
+
+	// Iterate over the pages and the buffer simultaneously.
+	for pageOffset, page := range s.pages {
+		for lineIndex, count := range page {
+			if count == 0 {
+				continue
+			}
+
+			index := s.index(s.minPageIndex+pageOffset, lineIndex)
+
+			// Iterate over the buffer until index is reached.
+			var indexBufferStartPos int
+			for {
+				indexBufferStartPos = bufferPos
+				if indexBufferStartPos >= len(s.buffer) || s.buffer[indexBufferStartPos] > index {
+					break
+				}
+				bufferPos++
+				for bufferPos < len(s.buffer) && s.buffer[bufferPos] == s.buffer[indexBufferStartPos] {
+					bufferPos++
+				}
+				if s.buffer[indexBufferStartPos] == index {
+					break
+				}
+				if f(s.buffer[indexBufferStartPos], float64(bufferPos-indexBufferStartPos)) {
+					return
+				}
+			}
+			if f(index, count+float64(bufferPos-indexBufferStartPos)) {
+				return
+			}
+		}
+	}
+
+	// Iterate over the rest of the buffer.
+	for bufferPos < len(s.buffer) {
+		indexBufferStartPos := bufferPos
+		bufferPos++
+		for bufferPos < len(s.buffer) && s.buffer[bufferPos] == s.buffer[indexBufferStartPos] {
+			bufferPos++
+		}
+		if f(s.buffer[indexBufferStartPos], float64(bufferPos-indexBufferStartPos)) {
+			return
+		}
+	}
+}
+
+func (s *BufferedPaginatedStore) Copy() Store {
+	bufferCopy := make([]int, len(s.buffer))
+	copy(bufferCopy, s.buffer)
+	pagesCopy := make([][]float64, len(s.pages))
+	for i, page := range s.pages {
+		if len(page) > 0 {
+			pageCopy := make([]float64, len(page))
+			copy(pageCopy, page)
+			pagesCopy[i] = pageCopy
+		}
+	}
+	return &BufferedPaginatedStore{
+		buffer:                     bufferCopy,
+		bufferCompactionTriggerLen: s.bufferCompactionTriggerLen,
+		pages:                      pagesCopy,
+		minPageIndex:               s.minPageIndex,
+		pageLenLog2:                s.pageLenLog2,
+		pageLenMask:                s.pageLenMask,
+	}
+}
+
+func (s *BufferedPaginatedStore) Clear() {
+	s.buffer = s.buffer[:0]
+	for i := range s.pages {
+		s.pages[i] = s.pages[i][:0]
+	}
+	s.minPageIndex = maxInt
+}
+
+func (s *BufferedPaginatedStore) ToProto() *sketchpb.Store {
+	if s.IsEmpty() {
+		return &sketchpb.Store{}
+	}
+	// FIXME: add heuristic to use contiguousBinCounts when cheaper.
+	binCounts := make(map[int32]float64)
+	s.ForEach(func(index int, count float64) (stop bool) {
+		binCounts[int32(index)] = count
+		return false
+	})
+	return &sketchpb.Store{
+		BinCounts: binCounts,
+	}
+}
+
+func (s *BufferedPaginatedStore) Reweight(w float64) error {
+	if w <= 0 {
+		return errors.New("can't reweight by a negative factor")
+	}
+	if w == 1 {
+		return nil
+	}
+	buffer := s.buffer
+	s.buffer = s.buffer[:0]
+	for _, p := range s.pages {
+		for i := range p {
+			p[i] *= w
+		}
+	}
+	for _, index := range buffer {
+		s.AddWithCount(index, w)
+	}
+	return nil
+}
+
+func (s *BufferedPaginatedStore) Encode(b *[]byte, t enc.FlagType) {
+	s.compact()
+	if len(s.buffer) > 0 {
+		enc.EncodeFlag(b, enc.NewFlag(t, enc.BinEncodingIndexDeltas))
+		enc.EncodeUvarint64(b, uint64(len(s.buffer)))
+		previousIndex := 0
+		for _, index := range s.buffer {
+			enc.EncodeVarint64(b, int64(index-previousIndex))
+			previousIndex = index
+		}
+	}
+
+	for pageOffset, page := range s.pages {
+		if len(page) > 0 {
+			enc.EncodeFlag(b, enc.NewFlag(t, enc.BinEncodingContiguousCounts))
+			enc.EncodeUvarint64(b, uint64(len(page)))
+			enc.EncodeVarint64(b, int64(s.index(s.minPageIndex+pageOffset, 0)))
+			enc.EncodeVarint64(b, 1)
+			for _, count := range page {
+				enc.EncodeVarfloat64(b, count)
+			}
+		}
+	}
+}
+
+func (s *BufferedPaginatedStore) DecodeAndMergeWith(b *[]byte, encodingMode enc.SubFlag) error {
+	switch encodingMode {
+
+	case enc.BinEncodingIndexDeltas:
+		numBins, err := enc.DecodeUvarint64(b)
+		if err != nil {
+			return err
+		}
+		remaining := int(numBins)
+		index := int64(0)
+		// Process indexes in batches to avoid checking after each insertion
+		// whether compaction should happen.
+		for {
+			batchSize := min(remaining, max(cap(s.buffer), s.bufferCompactionTriggerLen)-len(s.buffer))
+			for i := 0; i < batchSize; i++ {
+				indexDelta, err := enc.DecodeVarint64(b)
+				if err != nil {
+					return err
+				}
+				index += indexDelta
+				s.buffer = append(s.buffer, int(index))
+			}
+			remaining -= batchSize
+			if remaining == 0 {
+				return nil
+			}
+			s.compact()
+		}
+
+	case enc.BinEncodingContiguousCounts:
+		numBins, err := enc.DecodeUvarint64(b)
+		if err != nil {
+			return err
+		}
+		indexOffset, err := enc.DecodeVarint64(b)
+		if err != nil {
+			return err
+		}
+		indexDelta, err := enc.DecodeVarint64(b)
+		if err != nil {
+			return err
+		}
+		pageLen := 1 << s.pageLenLog2
+		for i := uint64(0); i < numBins; {
+			page := s.page(s.pageIndex(int(indexOffset)), true)
+			lineIndex := s.lineIndex(int(indexOffset))
+			for lineIndex >= 0 && lineIndex < pageLen && i < numBins {
+				count, err := enc.DecodeVarfloat64(b)
+				if err != nil {
+					return err
+				}
+				page[lineIndex] += count
+				lineIndex += int(indexDelta)
+				indexOffset += indexDelta
+				i++
+			}
+		}
+		return nil
+
+	default:
+		return DecodeAndMergeWith(s, b, encodingMode)
+	}
+}
+
+var _ Store = (*BufferedPaginatedStore)(nil)
diff --git a/vendor/github.com/DataDog/sketches-go/ddsketch/store/collapsing_highest_dense_store.go b/vendor/github.com/DataDog/sketches-go/ddsketch/store/collapsing_highest_dense_store.go
new file mode 100644
index 000000000..2a431a176
--- /dev/null
+++ b/vendor/github.com/DataDog/sketches-go/ddsketch/store/collapsing_highest_dense_store.go
@@ -0,0 +1,188 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2021 Datadog, Inc.
+
+package store
+
+import (
+	"math"
+
+	enc "github.com/DataDog/sketches-go/ddsketch/encoding"
+)
+
+type CollapsingHighestDenseStore struct {
+	DenseStore
+	maxNumBins  int
+	isCollapsed bool
+}
+
+func NewCollapsingHighestDenseStore(maxNumBins int) *CollapsingHighestDenseStore {
+	return &CollapsingHighestDenseStore{
+		DenseStore:  DenseStore{minIndex: math.MaxInt32, maxIndex: math.MinInt32},
+		maxNumBins:  maxNumBins,
+		isCollapsed: false,
+	}
+}
+
+func (s *CollapsingHighestDenseStore) Add(index int) {
+	s.AddWithCount(index, float64(1))
+}
+
+func (s *CollapsingHighestDenseStore) AddBin(bin Bin) {
+	index := bin.Index()
+	count := bin.Count()
+	if count == 0 {
+		return
+	}
+	s.AddWithCount(index, count)
+}
+
+func (s *CollapsingHighestDenseStore) AddWithCount(index int, count float64) {
+	if count == 0 {
+		return
+	}
+	arrayIndex := s.normalize(index)
+	s.bins[arrayIndex] += count
+	s.count += count
+}
+
+// Normalize the store, if necessary, so that the counter of the specified index can be updated.
+func (s *CollapsingHighestDenseStore) normalize(index int) int {
+	if index > s.maxIndex {
+		if s.isCollapsed {
+			return len(s.bins) - 1
+		} else {
+			s.extendRange(index, index)
+			if s.isCollapsed {
+				return len(s.bins) - 1
+			}
+		}
+	} else if index < s.minIndex {
+		s.extendRange(index, index)
+	}
+	return index - s.offset
+}
+
+func (s *CollapsingHighestDenseStore) getNewLength(newMinIndex, newMaxIndex int) int {
+	return min(s.DenseStore.getNewLength(newMinIndex, newMaxIndex), s.maxNumBins)
+}
+
+func (s *CollapsingHighestDenseStore) extendRange(newMinIndex, newMaxIndex int) {
+	newMinIndex = min(newMinIndex, s.minIndex)
+	newMaxIndex = max(newMaxIndex, s.maxIndex)
+	if s.IsEmpty() {
+		initialLength := s.getNewLength(newMinIndex, newMaxIndex)
+		s.bins = append(s.bins, make([]float64, initialLength)...)
+		s.offset = newMinIndex
+		s.minIndex = newMinIndex
+		s.maxIndex = newMaxIndex
+		s.adjust(newMinIndex, newMaxIndex)
+	} else if newMinIndex >= s.offset && newMaxIndex < s.offset+len(s.bins) {
+		s.minIndex = newMinIndex
+		s.maxIndex = newMaxIndex
+	} else {
+		// To avoid shifting too often when nearing the capacity of the array,
+		// we may grow it before we actually reach the capacity.
+		newLength := s.getNewLength(newMinIndex, newMaxIndex)
+		if newLength > len(s.bins) {
+			s.bins = append(s.bins, make([]float64, newLength-len(s.bins))...)
+		}
+		s.adjust(newMinIndex, newMaxIndex)
+	}
+}
+
+// Adjust bins, offset, minIndex and maxIndex, without resizing the bins slice in order to make it fit the
+// specified range.
+func (s *CollapsingHighestDenseStore) adjust(newMinIndex, newMaxIndex int) {
+	if newMaxIndex-newMinIndex+1 > len(s.bins) {
+		// The range of indices is too wide, buckets of lowest indices need to be collapsed.
+		newMaxIndex = newMinIndex + len(s.bins) - 1
+		if newMaxIndex <= s.minIndex {
+			// There will be only one non-empty bucket.
+			s.bins = make([]float64, len(s.bins))
+			s.offset = newMinIndex
+			s.maxIndex = newMaxIndex
+			s.bins[len(s.bins)-1] = s.count
+		} else {
+			shift := s.offset - newMinIndex
+			if shift > 0 {
+				// Collapse the buckets.
+				n := float64(0)
+				for i := newMaxIndex + 1; i <= s.maxIndex; i++ {
+					n += s.bins[i-s.offset]
+				}
+				s.resetBins(newMaxIndex+1, s.maxIndex)
+				s.bins[newMaxIndex-s.offset] += n
+				s.maxIndex = newMaxIndex
+				// Shift the buckets to make room for newMinIndex.
+				s.shiftCounts(shift)
+			} else {
+				// Shift the buckets to make room for newMaxIndex.
+				s.shiftCounts(shift)
+				s.maxIndex = newMaxIndex
+			}
+		}
+		s.minIndex = newMinIndex
+		s.isCollapsed = true
+	} else {
+		s.centerCounts(newMinIndex, newMaxIndex)
+	}
+}
+
+func (s *CollapsingHighestDenseStore) MergeWith(other Store) {
+	if other.IsEmpty() {
+		return
+	}
+	o, ok := other.(*CollapsingHighestDenseStore)
+	if !ok {
+		other.ForEach(func(index int, count float64) (stop bool) {
+			s.AddWithCount(index, count)
+			return false
+		})
+		return
+	}
+	if o.minIndex < s.minIndex || o.maxIndex > s.maxIndex {
+		s.extendRange(o.minIndex, o.maxIndex)
+	}
+	idx := o.maxIndex
+	for ; idx > s.maxIndex && idx >= o.minIndex; idx-- {
+		s.bins[len(s.bins)-1] += o.bins[idx-o.offset]
+	}
+	for ; idx > o.minIndex; idx-- {
+		s.bins[idx-s.offset] += o.bins[idx-o.offset]
+	}
+	// This is a separate test so that the comparison in the previous loop is strict (>) and handles
+	// o.minIndex = Integer.MIN_VALUE.
+	if idx == o.minIndex {
+		s.bins[idx-s.offset] += o.bins[idx-o.offset]
+	}
+	s.count += o.count
+}
+
+func (s *CollapsingHighestDenseStore) Copy() Store {
+	bins := make([]float64, len(s.bins))
+	copy(bins, s.bins)
+	return &CollapsingHighestDenseStore{
+		DenseStore: DenseStore{
+			bins:     bins,
+			count:    s.count,
+			offset:   s.offset,
+			minIndex: s.minIndex,
+			maxIndex: s.maxIndex,
+		},
+		maxNumBins:  s.maxNumBins,
+		isCollapsed: s.isCollapsed,
+	}
+}
+
+func (s *CollapsingHighestDenseStore) Clear() {
+	s.DenseStore.Clear()
+	s.isCollapsed = false
+}
+
+func (s *CollapsingHighestDenseStore) DecodeAndMergeWith(r *[]byte, encodingMode enc.SubFlag) error {
+	return DecodeAndMergeWith(s, r, encodingMode)
+}
+
+var _ Store = (*CollapsingHighestDenseStore)(nil)
diff --git a/vendor/github.com/DataDog/sketches-go/ddsketch/store/collapsing_lowest_dense_store.go b/vendor/github.com/DataDog/sketches-go/ddsketch/store/collapsing_lowest_dense_store.go
new file mode 100644
index 000000000..80ae2a507
--- /dev/null
+++ b/vendor/github.com/DataDog/sketches-go/ddsketch/store/collapsing_lowest_dense_store.go
@@ -0,0 +1,207 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2021 Datadog, Inc.
+
+package store
+
+import (
+	"math"
+
+	enc "github.com/DataDog/sketches-go/ddsketch/encoding"
+)
+
+// CollapsingLowestDenseStore is a dynamically growing contiguous (non-sparse) store.
+// The lower bins get combined so that the total number of bins do not exceed maxNumBins.
+type CollapsingLowestDenseStore struct {
+	DenseStore
+	maxNumBins  int
+	isCollapsed bool
+}
+
+func NewCollapsingLowestDenseStore(maxNumBins int) *CollapsingLowestDenseStore {
+	// Bins are not allocated until values are added.
+	// When the first value is added, a small number of bins are allocated. The number of bins will
+	// grow as needed up to maxNumBins.
+	return &CollapsingLowestDenseStore{
+		DenseStore:  DenseStore{minIndex: math.MaxInt32, maxIndex: math.MinInt32},
+		maxNumBins:  maxNumBins,
+		isCollapsed: false,
+	}
+}
+
+func (s *CollapsingLowestDenseStore) Add(index int) {
+	s.AddWithCount(index, float64(1))
+}
+
+func (s *CollapsingLowestDenseStore) AddBin(bin Bin) {
+	index := bin.Index()
+	count := bin.Count()
+	if count == 0 {
+		return
+	}
+	s.AddWithCount(index, count)
+}
+
+func (s *CollapsingLowestDenseStore) AddWithCount(index int, count float64) {
+	if count == 0 {
+		return
+	}
+	arrayIndex := s.normalize(index)
+	s.bins[arrayIndex] += count
+	s.count += count
+}
+
+// Normalize the store, if necessary, so that the counter of the specified index can be updated.
+func (s *CollapsingLowestDenseStore) normalize(index int) int {
+	if index < s.minIndex {
+		if s.isCollapsed {
+			return 0
+		} else {
+			s.extendRange(index, index)
+			if s.isCollapsed {
+				return 0
+			}
+		}
+	} else if index > s.maxIndex {
+		s.extendRange(index, index)
+	}
+	return index - s.offset
+}
+
+func (s *CollapsingLowestDenseStore) getNewLength(newMinIndex, newMaxIndex int) int {
+	return min(s.DenseStore.getNewLength(newMinIndex, newMaxIndex), s.maxNumBins)
+}
+
+func (s *CollapsingLowestDenseStore) extendRange(newMinIndex, newMaxIndex int) {
+	newMinIndex = min(newMinIndex, s.minIndex)
+	newMaxIndex = max(newMaxIndex, s.maxIndex)
+	if s.IsEmpty() {
+		initialLength := s.getNewLength(newMinIndex, newMaxIndex)
+		s.bins = append(s.bins, make([]float64, initialLength)...)
+		s.offset = newMinIndex
+		s.minIndex = newMinIndex
+		s.maxIndex = newMaxIndex
+		s.adjust(newMinIndex, newMaxIndex)
+	} else if newMinIndex >= s.offset && newMaxIndex < s.offset+len(s.bins) {
+		s.minIndex = newMinIndex
+		s.maxIndex = newMaxIndex
+	} else {
+		// To avoid shifting too often when nearing the capacity of the array,
+		// we may grow it before we actually reach the capacity.
+		newLength := s.getNewLength(newMinIndex, newMaxIndex)
+		if newLength > len(s.bins) {
+			s.bins = append(s.bins, make([]float64, newLength-len(s.bins))...)
+		}
+		s.adjust(newMinIndex, newMaxIndex)
+	}
+}
+
+// Adjust bins, offset, minIndex and maxIndex, without resizing the bins slice in order to make it fit the
+// specified range.
+func (s *CollapsingLowestDenseStore) adjust(newMinIndex, newMaxIndex int) {
+	if newMaxIndex-newMinIndex+1 > len(s.bins) {
+		// The range of indices is too wide, buckets of lowest indices need to be collapsed.
+		newMinIndex = newMaxIndex - len(s.bins) + 1
+		if newMinIndex >= s.maxIndex {
+			// There will be only one non-empty bucket.
+			s.bins = make([]float64, len(s.bins))
+			s.offset = newMinIndex
+			s.minIndex = newMinIndex
+			s.bins[0] = s.count
+		} else {
+			shift := s.offset - newMinIndex
+			if shift < 0 {
+				// Collapse the buckets.
+				n := float64(0)
+				for i := s.minIndex; i < newMinIndex; i++ {
+					n += s.bins[i-s.offset]
+				}
+				s.resetBins(s.minIndex, newMinIndex-1)
+				s.bins[newMinIndex-s.offset] += n
+				s.minIndex = newMinIndex
+				// Shift the buckets to make room for newMaxIndex.
+				s.shiftCounts(shift)
+			} else {
+				// Shift the buckets to make room for newMinIndex.
+				s.shiftCounts(shift)
+				s.minIndex = newMinIndex
+			}
+		}
+		s.maxIndex = newMaxIndex
+		s.isCollapsed = true
+	} else {
+		s.centerCounts(newMinIndex, newMaxIndex)
+	}
+}
+
+func (s *CollapsingLowestDenseStore) MergeWith(other Store) {
+	if other.IsEmpty() {
+		return
+	}
+	o, ok := other.(*CollapsingLowestDenseStore)
+	if !ok {
+		other.ForEach(func(index int, count float64) (stop bool) {
+			s.AddWithCount(index, count)
+			return false
+		})
+		return
+	}
+	if o.minIndex < s.minIndex || o.maxIndex > s.maxIndex {
+		s.extendRange(o.minIndex, o.maxIndex)
+	}
+	idx := o.minIndex
+	for ; idx < s.minIndex && idx <= o.maxIndex; idx++ {
+		s.bins[0] += o.bins[idx-o.offset]
+	}
+	for ; idx < o.maxIndex; idx++ {
+		s.bins[idx-s.offset] += o.bins[idx-o.offset]
+	}
+	// This is a separate test so that the comparison in the previous loop is strict (<) and handles
+	// store.maxIndex = Integer.MAX_VALUE.
+	if idx == o.maxIndex {
+		s.bins[idx-s.offset] += o.bins[idx-o.offset]
+	}
+	s.count += o.count
+}
+
+func (s *CollapsingLowestDenseStore) Copy() Store {
+	bins := make([]float64, len(s.bins))
+	copy(bins, s.bins)
+	return &CollapsingLowestDenseStore{
+		DenseStore: DenseStore{
+			bins:     bins,
+			count:    s.count,
+			offset:   s.offset,
+			minIndex: s.minIndex,
+			maxIndex: s.maxIndex,
+		},
+		maxNumBins:  s.maxNumBins,
+		isCollapsed: s.isCollapsed,
+	}
+}
+
+func (s *CollapsingLowestDenseStore) Clear() {
+	s.DenseStore.Clear()
+	s.isCollapsed = false
+}
+
+func (s *CollapsingLowestDenseStore) DecodeAndMergeWith(r *[]byte, encodingMode enc.SubFlag) error {
+	return DecodeAndMergeWith(s, r, encodingMode)
+}
+
+var _ Store = (*CollapsingLowestDenseStore)(nil)
+
+func max(x, y int) int {
+	if x > y {
+		return x
+	}
+	return y
+}
+
+func min(x, y int) int {
+	if x < y {
+		return x
+	}
+	return y
+}
diff --git a/vendor/github.com/DataDog/sketches-go/ddsketch/store/dense_store.go b/vendor/github.com/DataDog/sketches-go/ddsketch/store/dense_store.go
new file mode 100644
index 000000000..2c4a3d4a0
--- /dev/null
+++ b/vendor/github.com/DataDog/sketches-go/ddsketch/store/dense_store.go
@@ -0,0 +1,330 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2021 Datadog, Inc.
+
+package store
+
+import (
+	"bytes"
+	"errors"
+	"fmt"
+	"math"
+
+	enc "github.com/DataDog/sketches-go/ddsketch/encoding"
+	"github.com/DataDog/sketches-go/ddsketch/pb/sketchpb"
+)
+
+const (
+	arrayLengthOverhead        = 64
+	arrayLengthGrowthIncrement = 0.1
+
+	// Grow the bins with an extra growthBuffer bins to prevent growing too often
+	growthBuffer = 128
+)
+
+// DenseStore is a dynamically growing contiguous (non-sparse) store. The number of bins are
+// bound only by the size of the slice that can be allocated.
+type DenseStore struct {
+	bins     []float64
+	count    float64
+	offset   int
+	minIndex int
+	maxIndex int
+}
+
+func NewDenseStore() *DenseStore {
+	return &DenseStore{minIndex: math.MaxInt32, maxIndex: math.MinInt32}
+}
+
+func (s *DenseStore) Add(index int) {
+	s.AddWithCount(index, float64(1))
+}
+
+func (s *DenseStore) AddBin(bin Bin) {
+	if bin.count == 0 {
+		return
+	}
+	s.AddWithCount(bin.index, bin.count)
+}
+
+func (s *DenseStore) AddWithCount(index int, count float64) {
+	if count == 0 {
+		return
+	}
+	arrayIndex := s.normalize(index)
+	s.bins[arrayIndex] += count
+	s.count += count
+}
+
+// Normalize the store, if necessary, so that the counter of the specified index can be updated.
+func (s *DenseStore) normalize(index int) int {
+	if index < s.minIndex || index > s.maxIndex {
+		s.extendRange(index, index)
+	}
+	return index - s.offset
+}
+
+func (s *DenseStore) getNewLength(newMinIndex, newMaxIndex int) int {
+	desiredLength := newMaxIndex - newMinIndex + 1
+	return int((float64(desiredLength+arrayLengthOverhead-1)/arrayLengthGrowthIncrement + 1) * arrayLengthGrowthIncrement)
+}
+
+func (s *DenseStore) extendRange(newMinIndex, newMaxIndex int) {
+
+	newMinIndex = min(newMinIndex, s.minIndex)
+	newMaxIndex = max(newMaxIndex, s.maxIndex)
+
+	if s.IsEmpty() {
+		initialLength := s.getNewLength(newMinIndex, newMaxIndex)
+		s.bins = append(s.bins, make([]float64, initialLength)...)
+		s.offset = newMinIndex
+		s.minIndex = newMinIndex
+		s.maxIndex = newMaxIndex
+		s.adjust(newMinIndex, newMaxIndex)
+	} else if newMinIndex >= s.offset && newMaxIndex < s.offset+len(s.bins) {
+		s.minIndex = newMinIndex
+		s.maxIndex = newMaxIndex
+	} else {
+		// To avoid shifting too often when nearing the capacity of the array,
+		// we may grow it before we actually reach the capacity.
+		newLength := s.getNewLength(newMinIndex, newMaxIndex)
+		if newLength > len(s.bins) {
+			s.bins = append(s.bins, make([]float64, newLength-len(s.bins))...)
+		}
+		s.adjust(newMinIndex, newMaxIndex)
+	}
+}
+
+// Adjust bins, offset, minIndex and maxIndex, without resizing the bins slice in order to make it fit the
+// specified range.
+func (s *DenseStore) adjust(newMinIndex, newMaxIndex int) {
+	s.centerCounts(newMinIndex, newMaxIndex)
+}
+
+func (s *DenseStore) centerCounts(newMinIndex, newMaxIndex int) {
+	midIndex := newMinIndex + (newMaxIndex-newMinIndex+1)/2
+	s.shiftCounts(s.offset + len(s.bins)/2 - midIndex)
+	s.minIndex = newMinIndex
+	s.maxIndex = newMaxIndex
+}
+
+func (s *DenseStore) shiftCounts(shift int) {
+	minArrIndex := s.minIndex - s.offset
+	maxArrIndex := s.maxIndex - s.offset
+	copy(s.bins[minArrIndex+shift:], s.bins[minArrIndex:maxArrIndex+1])
+	if shift > 0 {
+		s.resetBins(s.minIndex, s.minIndex+shift-1)
+	} else {
+		s.resetBins(s.maxIndex+shift+1, s.maxIndex)
+	}
+	s.offset -= shift
+}
+
+func (s *DenseStore) resetBins(fromIndex, toIndex int) {
+	for i := fromIndex - s.offset; i <= toIndex-s.offset; i++ {
+		s.bins[i] = 0
+	}
+}
+
+func (s *DenseStore) IsEmpty() bool {
+	return s.count == 0
+}
+
+func (s *DenseStore) TotalCount() float64 {
+	return s.count
+}
+
+func (s *DenseStore) MinIndex() (int, error) {
+	if s.IsEmpty() {
+		return 0, errUndefinedMinIndex
+	}
+	return s.minIndex, nil
+}
+
+func (s *DenseStore) MaxIndex() (int, error) {
+	if s.IsEmpty() {
+		return 0, errUndefinedMaxIndex
+	}
+	return s.maxIndex, nil
+}
+
+// Return the key for the value at rank
+func (s *DenseStore) KeyAtRank(rank float64) int {
+	if rank < 0 {
+		rank = 0
+	}
+	var n float64
+	for i, b := range s.bins {
+		n += b
+		if n > rank {
+			return i + s.offset
+		}
+	}
+	return s.maxIndex
+}
+
+func (s *DenseStore) MergeWith(other Store) {
+	if other.IsEmpty() {
+		return
+	}
+	o, ok := other.(*DenseStore)
+	if !ok {
+		other.ForEach(func(index int, count float64) (stop bool) {
+			s.AddWithCount(index, count)
+			return false
+		})
+		return
+	}
+	if o.minIndex < s.minIndex || o.maxIndex > s.maxIndex {
+		s.extendRange(o.minIndex, o.maxIndex)
+	}
+	for idx := o.minIndex; idx <= o.maxIndex; idx++ {
+		s.bins[idx-s.offset] += o.bins[idx-o.offset]
+	}
+	s.count += o.count
+}
+
+func (s *DenseStore) Bins() <-chan Bin {
+	ch := make(chan Bin)
+	go func() {
+		defer close(ch)
+		for idx := s.minIndex; idx <= s.maxIndex; idx++ {
+			if s.bins[idx-s.offset] > 0 {
+				ch <- Bin{index: idx, count: s.bins[idx-s.offset]}
+			}
+		}
+	}()
+	return ch
+}
+
+func (s *DenseStore) ForEach(f func(index int, count float64) (stop bool)) {
+	for idx := s.minIndex; idx <= s.maxIndex; idx++ {
+		if s.bins[idx-s.offset] > 0 {
+			if f(idx, s.bins[idx-s.offset]) {
+				return
+			}
+		}
+	}
+}
+
+func (s *DenseStore) Copy() Store {
+	bins := make([]float64, len(s.bins))
+	copy(bins, s.bins)
+	return &DenseStore{
+		bins:     bins,
+		count:    s.count,
+		offset:   s.offset,
+		minIndex: s.minIndex,
+		maxIndex: s.maxIndex,
+	}
+}
+
+func (s *DenseStore) Clear() {
+	s.bins = s.bins[:0]
+	s.count = 0
+	s.minIndex = math.MaxInt32
+	s.maxIndex = math.MinInt32
+}
+
+func (s *DenseStore) string() string {
+	var buffer bytes.Buffer
+	buffer.WriteString("{")
+	for i := 0; i < len(s.bins); i++ {
+		index := i + s.offset
+		buffer.WriteString(fmt.Sprintf("%d: %f, ", index, s.bins[i]))
+	}
+	buffer.WriteString(fmt.Sprintf("count: %v, offset: %d, minIndex: %d, maxIndex: %d}", s.count, s.offset, s.minIndex, s.maxIndex))
+	return buffer.String()
+}
+
+func (s *DenseStore) ToProto() *sketchpb.Store {
+	if s.IsEmpty() {
+		return &sketchpb.Store{ContiguousBinCounts: nil}
+	}
+	bins := make([]float64, s.maxIndex-s.minIndex+1)
+	copy(bins, s.bins[s.minIndex-s.offset:s.maxIndex-s.offset+1])
+	return &sketchpb.Store{
+		ContiguousBinCounts:      bins,
+		ContiguousBinIndexOffset: int32(s.minIndex),
+	}
+}
+
+func (s *DenseStore) Reweight(w float64) error {
+	if w <= 0 {
+		return errors.New("can't reweight by a negative factor")
+	}
+	if w == 1 {
+		return nil
+	}
+	s.count *= w
+	for idx := s.minIndex; idx <= s.maxIndex; idx++ {
+		s.bins[idx-s.offset] *= w
+	}
+	return nil
+}
+
+func (s *DenseStore) Encode(b *[]byte, t enc.FlagType) {
+	if s.IsEmpty() {
+		return
+	}
+
+	denseEncodingSize := 0
+	numBins := uint64(s.maxIndex-s.minIndex) + 1
+	denseEncodingSize += enc.Uvarint64Size(numBins)
+	denseEncodingSize += enc.Varint64Size(int64(s.minIndex))
+	denseEncodingSize += enc.Varint64Size(1)
+
+	sparseEncodingSize := 0
+	numNonEmptyBins := uint64(0)
+
+	previousIndex := s.minIndex
+	for index := s.minIndex; index <= s.maxIndex; index++ {
+		count := s.bins[index-s.offset]
+		countVarFloat64Size := enc.Varfloat64Size(count)
+		denseEncodingSize += countVarFloat64Size
+		if count != 0 {
+			numNonEmptyBins++
+			sparseEncodingSize += enc.Varint64Size(int64(index - previousIndex))
+			sparseEncodingSize += countVarFloat64Size
+			previousIndex = index
+		}
+	}
+	sparseEncodingSize += enc.Uvarint64Size(numNonEmptyBins)
+
+	if denseEncodingSize <= sparseEncodingSize {
+		s.encodeDensely(b, t, numBins)
+	} else {
+		s.encodeSparsely(b, t, numNonEmptyBins)
+	}
+}
+
+func (s *DenseStore) encodeDensely(b *[]byte, t enc.FlagType, numBins uint64) {
+	enc.EncodeFlag(b, enc.NewFlag(t, enc.BinEncodingContiguousCounts))
+	enc.EncodeUvarint64(b, numBins)
+	enc.EncodeVarint64(b, int64(s.minIndex))
+	enc.EncodeVarint64(b, 1)
+	for index := s.minIndex; index <= s.maxIndex; index++ {
+		enc.EncodeVarfloat64(b, s.bins[index-s.offset])
+	}
+}
+
+func (s *DenseStore) encodeSparsely(b *[]byte, t enc.FlagType, numNonEmptyBins uint64) {
+	enc.EncodeFlag(b, enc.NewFlag(t, enc.BinEncodingIndexDeltasAndCounts))
+	enc.EncodeUvarint64(b, numNonEmptyBins)
+	previousIndex := 0
+	for index := s.minIndex; index <= s.maxIndex; index++ {
+		count := s.bins[index-s.offset]
+		if count != 0 {
+			enc.EncodeVarint64(b, int64(index-previousIndex))
+			enc.EncodeVarfloat64(b, count)
+			previousIndex = index
+		}
+	}
+}
+
+func (s *DenseStore) DecodeAndMergeWith(b *[]byte, encodingMode enc.SubFlag) error {
+	return DecodeAndMergeWith(s, b, encodingMode)
+}
+
+var _ Store = (*DenseStore)(nil)
diff --git a/vendor/github.com/DataDog/sketches-go/ddsketch/store/sparse.go b/vendor/github.com/DataDog/sketches-go/ddsketch/store/sparse.go
new file mode 100644
index 000000000..9a07836e9
--- /dev/null
+++ b/vendor/github.com/DataDog/sketches-go/ddsketch/store/sparse.go
@@ -0,0 +1,184 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2021 Datadog, Inc.
+
+package store
+
+import (
+	"errors"
+	"sort"
+
+	enc "github.com/DataDog/sketches-go/ddsketch/encoding"
+	"github.com/DataDog/sketches-go/ddsketch/pb/sketchpb"
+)
+
+type SparseStore struct {
+	counts map[int]float64
+}
+
+func NewSparseStore() *SparseStore {
+	return &SparseStore{counts: make(map[int]float64)}
+}
+
+func (s *SparseStore) Add(index int) {
+	s.counts[index]++
+}
+
+func (s *SparseStore) AddBin(bin Bin) {
+	s.AddWithCount(bin.index, bin.count)
+}
+
+func (s *SparseStore) AddWithCount(index int, count float64) {
+	if count == 0 {
+		return
+	}
+	s.counts[index] += count
+}
+
+func (s *SparseStore) Bins() <-chan Bin {
+	orderedBins := s.orderedBins()
+	ch := make(chan Bin)
+	go func() {
+		defer close(ch)
+		for _, bin := range orderedBins {
+			ch <- bin
+		}
+	}()
+	return ch
+}
+
+func (s *SparseStore) orderedBins() []Bin {
+	bins := make([]Bin, 0, len(s.counts))
+	for index, count := range s.counts {
+		bins = append(bins, Bin{index: index, count: count})
+	}
+	sort.Slice(bins, func(i, j int) bool { return bins[i].index < bins[j].index })
+	return bins
+}
+
+func (s *SparseStore) ForEach(f func(index int, count float64) (stop bool)) {
+	for index, count := range s.counts {
+		if f(index, count) {
+			return
+		}
+	}
+}
+
+func (s *SparseStore) Copy() Store {
+	countsCopy := make(map[int]float64)
+	for index, count := range s.counts {
+		countsCopy[index] = count
+	}
+	return &SparseStore{counts: countsCopy}
+}
+
+func (s *SparseStore) Clear() {
+	for index := range s.counts {
+		delete(s.counts, index)
+	}
+}
+
+func (s *SparseStore) IsEmpty() bool {
+	return len(s.counts) == 0
+}
+
+func (s *SparseStore) MaxIndex() (int, error) {
+	if s.IsEmpty() {
+		return 0, errUndefinedMaxIndex
+	}
+	maxIndex := minInt
+	for index := range s.counts {
+		if index > maxIndex {
+			maxIndex = index
+		}
+	}
+	return maxIndex, nil
+}
+
+func (s *SparseStore) MinIndex() (int, error) {
+	if s.IsEmpty() {
+		return 0, errUndefinedMinIndex
+	}
+	minIndex := maxInt
+	for index := range s.counts {
+		if index < minIndex {
+			minIndex = index
+		}
+	}
+	return minIndex, nil
+}
+
+func (s *SparseStore) TotalCount() float64 {
+	totalCount := float64(0)
+	for _, count := range s.counts {
+		totalCount += count
+	}
+	return totalCount
+}
+
+func (s *SparseStore) KeyAtRank(rank float64) int {
+	orderedBins := s.orderedBins()
+	cumulCount := float64(0)
+	for _, bin := range orderedBins {
+		cumulCount += bin.count
+		if cumulCount > rank {
+			return bin.index
+		}
+	}
+	maxIndex, err := s.MaxIndex()
+	if err == nil {
+		return maxIndex
+	} else {
+		// FIXME: make Store's KeyAtRank consistent with MinIndex and MaxIndex
+		return 0
+	}
+}
+
+func (s *SparseStore) MergeWith(store Store) {
+	store.ForEach(func(index int, count float64) (stop bool) {
+		s.AddWithCount(index, count)
+		return false
+	})
+}
+
+func (s *SparseStore) ToProto() *sketchpb.Store {
+	binCounts := make(map[int32]float64)
+	for index, count := range s.counts {
+		binCounts[int32(index)] = count
+	}
+	return &sketchpb.Store{BinCounts: binCounts}
+}
+
+func (s *SparseStore) Reweight(w float64) error {
+	if w <= 0 {
+		return errors.New("can't reweight by a negative factor")
+	}
+	if w == 1 {
+		return nil
+	}
+	for index := range s.counts {
+		s.counts[index] *= w
+	}
+	return nil
+}
+
+func (s *SparseStore) Encode(b *[]byte, t enc.FlagType) {
+	if s.IsEmpty() {
+		return
+	}
+	enc.EncodeFlag(b, enc.NewFlag(t, enc.BinEncodingIndexDeltasAndCounts))
+	enc.EncodeUvarint64(b, uint64(len(s.counts)))
+	previousIndex := 0
+	for index, count := range s.counts {
+		enc.EncodeVarint64(b, int64(index-previousIndex))
+		enc.EncodeVarfloat64(b, count)
+		previousIndex = index
+	}
+}
+
+func (s *SparseStore) DecodeAndMergeWith(b *[]byte, encodingMode enc.SubFlag) error {
+	return DecodeAndMergeWith(s, b, encodingMode)
+}
+
+var _ Store = (*SparseStore)(nil)
diff --git a/vendor/github.com/DataDog/sketches-go/ddsketch/store/store.go b/vendor/github.com/DataDog/sketches-go/ddsketch/store/store.go
new file mode 100644
index 000000000..64a5e3d50
--- /dev/null
+++ b/vendor/github.com/DataDog/sketches-go/ddsketch/store/store.go
@@ -0,0 +1,153 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2021 Datadog, Inc.
+
+package store
+
+import (
+	"errors"
+
+	enc "github.com/DataDog/sketches-go/ddsketch/encoding"
+	"github.com/DataDog/sketches-go/ddsketch/pb/sketchpb"
+)
+
+type Provider func() Store
+
+var (
+	DefaultProvider                   = Provider(BufferedPaginatedStoreConstructor)
+	DenseStoreConstructor             = Provider(func() Store { return NewDenseStore() })
+	BufferedPaginatedStoreConstructor = Provider(func() Store { return NewBufferedPaginatedStore() })
+	SparseStoreConstructor            = Provider(func() Store { return NewSparseStore() })
+)
+
+const (
+	maxInt = int(^uint(0) >> 1)
+	minInt = ^maxInt
+)
+
+var (
+	errUndefinedMinIndex = errors.New("MinIndex of empty store is undefined")
+	errUndefinedMaxIndex = errors.New("MaxIndex of empty store is undefined")
+)
+
+type Store interface {
+	Add(index int)
+	AddBin(bin Bin)
+	AddWithCount(index int, count float64)
+	// Bins returns a channel that emits the bins that are encoded in the store.
+	// Note that this leaks a channel and a goroutine if it is not iterated to completion.
+	Bins() <-chan Bin
+	// ForEach applies f to all elements of the store or until f returns true.
+	ForEach(f func(index int, count float64) (stop bool))
+	Copy() Store
+	// Clear empties the store while allowing reusing already allocated memory.
+	// In some situations, it may be advantageous to clear and reuse a store
+	// rather than instantiating a new one. Keeping reusing the same store again
+	// and again on varying input data distributions may however ultimately make
+	// the store overly large and may waste memory space.
+	Clear()
+	IsEmpty() bool
+	MaxIndex() (int, error)
+	MinIndex() (int, error)
+	TotalCount() float64
+	KeyAtRank(rank float64) int
+	MergeWith(store Store)
+	ToProto() *sketchpb.Store
+	// Reweight multiplies all values from the store by w, but keeps the same global distribution.
+	Reweight(w float64) error
+	// Encode encodes the bins of the store and appends its content to the
+	// provided []byte.
+	// The provided FlagType indicates whether the store encodes positive or
+	// negative values.
+	Encode(b *[]byte, t enc.FlagType)
+	// DecodeAndMergeWith decodes bins that have been encoded in the format of
+	// the provided binEncodingMode and merges them within the receiver store.
+	// It updates the provided []byte so that it starts immediately after the
+	// encoded bins.
+	DecodeAndMergeWith(b *[]byte, binEncodingMode enc.SubFlag) error
+}
+
+// FromProto returns an instance of DenseStore that contains the data in the provided protobuf representation.
+func FromProto(pb *sketchpb.Store) *DenseStore {
+	store := NewDenseStore()
+	MergeWithProto(store, pb)
+	return store
+}
+
+// MergeWithProto merges the distribution in a protobuf Store to an existing store.
+// - if called with an empty store, this simply populates the store with the distribution in the protobuf Store.
+// - if called with a non-empty store, this has the same outcome as deserializing the protobuf Store, then merging.
+func MergeWithProto(store Store, pb *sketchpb.Store) {
+	for idx, count := range pb.BinCounts {
+		store.AddWithCount(int(idx), count)
+	}
+	for idx, count := range pb.ContiguousBinCounts {
+		store.AddWithCount(idx+int(pb.ContiguousBinIndexOffset), count)
+	}
+}
+
+func DecodeAndMergeWith(s Store, b *[]byte, binEncodingMode enc.SubFlag) error {
+	switch binEncodingMode {
+
+	case enc.BinEncodingIndexDeltasAndCounts:
+		numBins, err := enc.DecodeUvarint64(b)
+		if err != nil {
+			return err
+		}
+		index := int64(0)
+		for i := uint64(0); i < numBins; i++ {
+			indexDelta, err := enc.DecodeVarint64(b)
+			if err != nil {
+				return err
+			}
+			count, err := enc.DecodeVarfloat64(b)
+			if err != nil {
+				return err
+			}
+			index += indexDelta
+			s.AddWithCount(int(index), count)
+		}
+
+	case enc.BinEncodingIndexDeltas:
+		numBins, err := enc.DecodeUvarint64(b)
+		if err != nil {
+			return err
+		}
+		index := int64(0)
+		for i := uint64(0); i < numBins; i++ {
+			indexDelta, err := enc.DecodeVarint64(b)
+			if err != nil {
+				return err
+			}
+			index += indexDelta
+			s.Add(int(index))
+		}
+
+	case enc.BinEncodingContiguousCounts:
+		numBins, err := enc.DecodeUvarint64(b)
+		if err != nil {
+			return err
+		}
+		index, err := enc.DecodeVarint64(b)
+		if err != nil {
+			return err
+		}
+		indexDelta, err := enc.DecodeVarint64(b)
+		if err != nil {
+			return err
+		}
+		for i := uint64(0); i < numBins; i++ {
+			count, err := enc.DecodeVarfloat64(b)
+			if err != nil {
+				return err
+			}
+			s.AddWithCount(int(index), count)
+			index += indexDelta
+		}
+
+	default:
+		return errors.New("unknown bin encoding")
+	}
+	return nil
+}
diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/armor/armor.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/armor/armor.go
index 0d6c5f3f9..d7af9141e 100644
--- a/vendor/github.com/ProtonMail/go-crypto/openpgp/armor/armor.go
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/armor/armor.go
@@ -10,8 +10,9 @@ import (
 	"bufio"
 	"bytes"
 	"encoding/base64"
-	"github.com/ProtonMail/go-crypto/openpgp/errors"
 	"io"
+
+	"github.com/ProtonMail/go-crypto/openpgp/errors"
 )
 
 // A Block represents an OpenPGP armored structure.
@@ -208,12 +209,16 @@ TryNextBlock:
 			break
 		}
 
-		i := bytes.Index(line, []byte(": "))
+		i := bytes.Index(line, []byte(":"))
 		if i == -1 {
 			goto TryNextBlock
 		}
 		lastKey = string(line[:i])
-		p.Header[lastKey] = string(line[i+2:])
+		var value string
+		if len(line) > i+2 {
+			value = string(line[i+2:])
+		}
+		p.Header[lastKey] = value
 	}
 
 	p.lReader.in = r
diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/ecc/x448.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/ecc/x448.go
index ffdd51513..df04262e9 100644
--- a/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/ecc/x448.go
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/ecc/x448.go
@@ -73,7 +73,9 @@ func (c *x448) GenerateECDH(rand io.Reader) (point []byte, secret []byte, err er
 func (c *x448) Encaps(rand io.Reader, point []byte) (ephemeral, sharedSecret []byte, err error) {
 	var pk, ss x448lib.Key
 	seed, e, err := c.generateKeyPairBytes(rand)
-
+	if err != nil {
+		return nil, nil, err
+	}
 	copy(pk[:], point)
 	x448lib.Shared(&ss, &seed, &pk)
 
diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/keys.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/keys.go
index 7283ca91c..2d7b0cf37 100644
--- a/vendor/github.com/ProtonMail/go-crypto/openpgp/keys.go
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/keys.go
@@ -504,7 +504,7 @@ EachPacket:
 			// Else, ignoring the signature as it does not follow anything
 			// we would know to attach it to.
 		case *packet.PrivateKey:
-			if pkt.IsSubkey == false {
+			if !pkt.IsSubkey {
 				packets.Unread(p)
 				break EachPacket
 			}
@@ -513,7 +513,7 @@ EachPacket:
 				return nil, err
 			}
 		case *packet.PublicKey:
-			if pkt.IsSubkey == false {
+			if !pkt.IsSubkey {
 				packets.Unread(p)
 				break EachPacket
 			}
diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/public_key.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/public_key.go
index ec903ee95..3402b8c14 100644
--- a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/public_key.go
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/public_key.go
@@ -415,6 +415,10 @@ func (pk *PublicKey) parseEdDSA(r io.Reader) (err error) {
 		return
 	}
 
+	if len(pk.p.Bytes()) == 0 {
+		return errors.StructuralError("empty EdDSA public key")
+	}
+
 	pub := eddsa.NewPublicKey(c)
 
 	switch flag := pk.p.Bytes()[0]; flag {
diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/signature.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/signature.go
index 6c58c86fa..80d0bb98e 100644
--- a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/signature.go
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/signature.go
@@ -904,7 +904,7 @@ func (sig *Signature) buildSubpackets(issuer PublicKey) (subpackets []outputSubp
 	if sig.IssuerKeyId != nil && sig.Version == 4 {
 		keyId := make([]byte, 8)
 		binary.BigEndian.PutUint64(keyId, *sig.IssuerKeyId)
-		subpackets = append(subpackets, outputSubpacket{true, issuerSubpacket, true, keyId})
+		subpackets = append(subpackets, outputSubpacket{true, issuerSubpacket, false, keyId})
 	}
 	if sig.IssuerFingerprint != nil {
 		contents := append([]uint8{uint8(issuer.Version)}, sig.IssuerFingerprint...)
diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/symmetric_key_encrypted.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/symmetric_key_encrypted.go
index a8abf2ff7..bac2b132e 100644
--- a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/symmetric_key_encrypted.go
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/symmetric_key_encrypted.go
@@ -7,13 +7,11 @@ package packet
 import (
 	"bytes"
 	"crypto/cipher"
-	"crypto/sha256"
 	"io"
 	"strconv"
 
 	"github.com/ProtonMail/go-crypto/openpgp/errors"
 	"github.com/ProtonMail/go-crypto/openpgp/s2k"
-	"golang.org/x/crypto/hkdf"
 )
 
 // This is the largest session key that we'll support. Since at most 256-bit cipher
@@ -45,13 +43,6 @@ func (ske *SymmetricKeyEncrypted) parse(r io.Reader) error {
 		return errors.UnsupportedError("unknown SymmetricKeyEncrypted version")
 	}
 
-	if ske.Version == 5 {
-		// Scalar octet count
-		if _, err := readFull(r, buf[:]); err != nil {
-			return err
-		}
-	}
-
 	// Cipher function
 	if _, err := readFull(r, buf[:]); err != nil {
 		return err
@@ -67,11 +58,6 @@ func (ske *SymmetricKeyEncrypted) parse(r io.Reader) error {
 			return errors.StructuralError("cannot read AEAD octet from packet")
 		}
 		ske.Mode = AEADMode(buf[0])
-
-		// Scalar octet count
-		if _, err := readFull(r, buf[:]); err != nil {
-			return err
-		}
 	}
 
 	var err error
@@ -220,7 +206,7 @@ func SerializeSymmetricKeyEncryptedReuseKey(w io.Writer, sessionKey []byte, pass
 	case 5:
 		ivLen := config.AEAD().Mode().IvLength()
 		tagLen := config.AEAD().Mode().TagLength()
-		packetLength = 5 + len(s2kBytes) + ivLen + keySize + tagLen
+		packetLength = 3 + len(s2kBytes) + ivLen + keySize + tagLen
 	}
 	err = serializeHeader(w, packetTypeSymmetricKeyEncrypted, packetLength)
 	if err != nil {
@@ -230,20 +216,12 @@ func SerializeSymmetricKeyEncryptedReuseKey(w io.Writer, sessionKey []byte, pass
 	// Symmetric Key Encrypted Version
 	buf := []byte{byte(version)}
 
-	if version == 5 {
-		// Scalar octet count
-		buf = append(buf, byte(3+len(s2kBytes)+config.AEAD().Mode().IvLength()))
-	}
-
 	// Cipher function
 	buf = append(buf, byte(cipherFunc))
 
 	if version == 5 {
 		// AEAD mode
 		buf = append(buf, byte(config.AEAD().Mode()))
-
-		// Scalar octet count
-		buf = append(buf, byte(len(s2kBytes)))
 	}
 	_, err = w.Write(buf)
 	if err != nil {
@@ -293,11 +271,6 @@ func SerializeSymmetricKeyEncryptedReuseKey(w io.Writer, sessionKey []byte, pass
 }
 
 func getEncryptedKeyAeadInstance(c CipherFunction, mode AEADMode, inputKey, associatedData []byte) (aead cipher.AEAD) {
-	hkdfReader := hkdf.New(sha256.New, inputKey, []byte{}, associatedData)
-
-	encryptionKey := make([]byte, c.KeySize())
-	_, _ = readFull(hkdfReader, encryptionKey)
-
-	blockCipher := c.new(encryptionKey)
+	blockCipher := c.new(inputKey)
 	return mode.new(blockCipher)
 }
diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/symmetrically_encrypted.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/symmetrically_encrypted.go
index 609e9fc1f..e9bbf0327 100644
--- a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/symmetrically_encrypted.go
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/symmetrically_encrypted.go
@@ -24,10 +24,10 @@ type SymmetricallyEncrypted struct {
 	prefix []byte
 
 	// Specific to version 2
-	cipher        CipherFunction
-	mode          AEADMode
-	chunkSizeByte byte
-	salt          [aeadSaltSize]byte
+	Cipher        CipherFunction
+	Mode          AEADMode
+	ChunkSizeByte byte
+	Salt          [aeadSaltSize]byte
 }
 
 const (
diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/symmetrically_encrypted_aead.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/symmetrically_encrypted_aead.go
index 969c42236..e96252c19 100644
--- a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/symmetrically_encrypted_aead.go
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/symmetrically_encrypted_aead.go
@@ -7,9 +7,10 @@ package packet
 import (
 	"crypto/cipher"
 	"crypto/sha256"
+	"io"
+
 	"github.com/ProtonMail/go-crypto/openpgp/errors"
 	"golang.org/x/crypto/hkdf"
-	"io"
 )
 
 // parseAead parses a V2 SEIPD packet (AEAD) as specified in
@@ -21,26 +22,26 @@ func (se *SymmetricallyEncrypted) parseAead(r io.Reader) error {
 	}
 
 	// Cipher
-	se.cipher = CipherFunction(headerData[0])
+	se.Cipher = CipherFunction(headerData[0])
 	// cipherFunc must have block size 16 to use AEAD
-	if se.cipher.blockSize() != 16 {
-		return errors.UnsupportedError("invalid aead cipher: " + string(se.cipher))
+	if se.Cipher.blockSize() != 16 {
+		return errors.UnsupportedError("invalid aead cipher: " + string(se.Cipher))
 	}
 
 	// Mode
-	se.mode = AEADMode(headerData[1])
-	if se.mode.TagLength() == 0 {
-		return errors.UnsupportedError("unknown aead mode: " + string(se.mode))
+	se.Mode = AEADMode(headerData[1])
+	if se.Mode.TagLength() == 0 {
+		return errors.UnsupportedError("unknown aead mode: " + string(se.Mode))
 	}
 
 	// Chunk size
-	se.chunkSizeByte = headerData[2]
-	if se.chunkSizeByte > 16 {
-		return errors.UnsupportedError("invalid aead chunk size byte: " + string(se.chunkSizeByte))
+	se.ChunkSizeByte = headerData[2]
+	if se.ChunkSizeByte > 16 {
+		return errors.UnsupportedError("invalid aead chunk size byte: " + string(se.ChunkSizeByte))
 	}
 
 	// Salt
-	if n, err := io.ReadFull(r, se.salt[:]); n < aeadSaltSize {
+	if n, err := io.ReadFull(r, se.Salt[:]); n < aeadSaltSize {
 		return errors.StructuralError("could not read aead salt: " + err.Error())
 	}
 
@@ -52,19 +53,19 @@ func (se *SymmetricallyEncrypted) associatedData() []byte {
 	return []byte{
 		0xD2,
 		symmetricallyEncryptedVersionAead,
-		byte(se.cipher),
-		byte(se.mode),
-		se.chunkSizeByte,
+		byte(se.Cipher),
+		byte(se.Mode),
+		se.ChunkSizeByte,
 	}
 }
 
 // decryptAead decrypts a V2 SEIPD packet (AEAD) as specified in
 // https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-07.html#section-5.13.2
 func (se *SymmetricallyEncrypted) decryptAead(inputKey []byte) (io.ReadCloser, error) {
-	aead, nonce := getSymmetricallyEncryptedAeadInstance(se.cipher, se.mode, inputKey, se.salt[:], se.associatedData())
+	aead, nonce := getSymmetricallyEncryptedAeadInstance(se.Cipher, se.Mode, inputKey, se.Salt[:], se.associatedData())
 
 	// Carry the first tagLen bytes
-	tagLen := se.mode.TagLength()
+	tagLen := se.Mode.TagLength()
 	peekedBytes := make([]byte, tagLen)
 	n, err := io.ReadFull(se.Contents, peekedBytes)
 	if n < tagLen || (err != nil && err != io.EOF) {
@@ -74,7 +75,7 @@ func (se *SymmetricallyEncrypted) decryptAead(inputKey []byte) (io.ReadCloser, e
 	return &aeadDecrypter{
 		aeadCrypter: aeadCrypter{
 			aead:           aead,
-			chunkSize:      decodeAEADChunkSize(se.chunkSizeByte),
+			chunkSize:      decodeAEADChunkSize(se.ChunkSizeByte),
 			initialNonce:   nonce,
 			associatedData: se.associatedData(),
 			chunkIndex:     make([]byte, 8),
diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/write.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/write.go
index 864d8ca6b..7fdd13a3d 100644
--- a/vendor/github.com/ProtonMail/go-crypto/openpgp/write.go
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/write.go
@@ -381,7 +381,7 @@ func encrypt(keyWriter io.Writer, dataWriter io.Writer, to []*Entity, signed *En
 		}
 
 		sig := to[i].PrimaryIdentity().SelfSignature
-		if sig.SEIPDv2 == false {
+		if !sig.SEIPDv2 {
 			aeadSupported = false
 		}
 
diff --git a/vendor/github.com/alibabacloud-go/darabonba-openapi/client/client.go b/vendor/github.com/alibabacloud-go/darabonba-openapi/client/client.go
index 6da3e1fdd..e014c11ff 100644
--- a/vendor/github.com/alibabacloud-go/darabonba-openapi/client/client.go
+++ b/vendor/github.com/alibabacloud-go/darabonba-openapi/client/client.go
@@ -15,6 +15,29 @@ import (
 	credential "github.com/aliyun/credentials-go/credentials"
 )
 
+type GlobalParameters struct {
+	Headers map[string]*string `json:"headers,omitempty" xml:"headers,omitempty"`
+	Queries map[string]*string `json:"queries,omitempty" xml:"queries,omitempty"`
+}
+
+func (s GlobalParameters) String() string {
+	return tea.Prettify(s)
+}
+
+func (s GlobalParameters) GoString() string {
+	return s.String()
+}
+
+func (s *GlobalParameters) SetHeaders(v map[string]*string) *GlobalParameters {
+	s.Headers = v
+	return s
+}
+
+func (s *GlobalParameters) SetQueries(v map[string]*string) *GlobalParameters {
+	s.Queries = v
+	return s
+}
+
 /**
  * Model for initing client
  */
@@ -68,6 +91,8 @@ type Config struct {
 	SignatureVersion *string `json:"signatureVersion,omitempty" xml:"signatureVersion,omitempty"`
 	// Signature Algorithm
 	SignatureAlgorithm *string `json:"signatureAlgorithm,omitempty" xml:"signatureAlgorithm,omitempty"`
+	// Global Parameters
+	GlobalParameters *GlobalParameters `json:"globalParameters,omitempty" xml:"globalParameters,omitempty"`
 }
 
 func (s Config) String() string {
@@ -198,6 +223,11 @@ func (s *Config) SetSignatureAlgorithm(v string) *Config {
 	return s
 }
 
+func (s *Config) SetGlobalParameters(v *GlobalParameters) *Config {
+	s.GlobalParameters = v
+	return s
+}
+
 type OpenApiRequest struct {
 	Headers          map[string]*string `json:"headers,omitempty" xml:"headers,omitempty"`
 	Query            map[string]*string `json:"query,omitempty" xml:"query,omitempty"`
@@ -336,6 +366,7 @@ type Client struct {
 	SignatureAlgorithm   *string
 	Headers              map[string]*string
 	Spi                  spi.ClientInterface
+	GlobalParameters     *GlobalParameters
 }
 
 /**
@@ -397,6 +428,7 @@ func (client *Client) Init(config *Config) (_err error) {
 	client.MaxIdleConns = config.MaxIdleConns
 	client.SignatureVersion = config.SignatureVersion
 	client.SignatureAlgorithm = config.SignatureAlgorithm
+	client.GlobalParameters = config.GlobalParameters
 	return nil
 }
 
@@ -1085,7 +1117,22 @@ func (client *Client) DoRequest(params *Params, request *OpenApiRequest, runtime
 			request_.Protocol = util.DefaultString(client.Protocol, params.Protocol)
 			request_.Method = params.Method
 			request_.Pathname = params.Pathname
-			request_.Query = request.Query
+			globalQueries := make(map[string]*string)
+			globalHeaders := make(map[string]*string)
+			if !tea.BoolValue(util.IsUnset(tea.ToMap(client.GlobalParameters))) {
+				globalParams := client.GlobalParameters
+				if !tea.BoolValue(util.IsUnset(globalParams.Queries)) {
+					globalQueries = globalParams.Queries
+				}
+
+				if !tea.BoolValue(util.IsUnset(globalParams.Headers)) {
+					globalHeaders = globalParams.Headers
+				}
+
+			}
+
+			request_.Query = tea.Merge(globalQueries,
+				request.Query)
 			// endpoint is setted in product client
 			request_.Headers = tea.Merge(map[string]*string{
 				"host":                  client.Endpoint,
@@ -1095,7 +1142,8 @@ func (client *Client) DoRequest(params *Params, request *OpenApiRequest, runtime
 				"x-acs-date":            openapiutil.GetTimestamp(),
 				"x-acs-signature-nonce": util.GetNonce(),
 				"accept":                tea.String("application/json"),
-			}, request.Headers)
+			}, globalHeaders,
+				request.Headers)
 			if tea.BoolValue(util.EqualString(params.Style, tea.String("RPC"))) {
 				headers, _err := client.GetRpcHeaders()
 				if _err != nil {
@@ -1213,8 +1261,9 @@ func (client *Client) DoRequest(params *Params, request *OpenApiRequest, runtime
 
 			if tea.BoolValue(util.EqualString(params.BodyType, tea.String("binary"))) {
 				resp := map[string]interface{}{
-					"body":    response_.Body,
-					"headers": response_.Headers,
+					"body":       response_.Body,
+					"headers":    response_.Headers,
+					"statusCode": tea.IntValue(response_.StatusCode),
 				}
 				_result = resp
 				return _result, _err
@@ -1226,8 +1275,9 @@ func (client *Client) DoRequest(params *Params, request *OpenApiRequest, runtime
 
 				_result = make(map[string]interface{})
 				_err = tea.Convert(map[string]interface{}{
-					"body":    byt,
-					"headers": response_.Headers,
+					"body":       byt,
+					"headers":    response_.Headers,
+					"statusCode": tea.IntValue(response_.StatusCode),
 				}, &_result)
 				return _result, _err
 			} else if tea.BoolValue(util.EqualString(params.BodyType, tea.String("string"))) {
@@ -1238,8 +1288,9 @@ func (client *Client) DoRequest(params *Params, request *OpenApiRequest, runtime
 
 				_result = make(map[string]interface{})
 				_err = tea.Convert(map[string]interface{}{
-					"body":    tea.StringValue(str),
-					"headers": response_.Headers,
+					"body":       tea.StringValue(str),
+					"headers":    response_.Headers,
+					"statusCode": tea.IntValue(response_.StatusCode),
 				}, &_result)
 				return _result, _err
 			} else if tea.BoolValue(util.EqualString(params.BodyType, tea.String("json"))) {
@@ -1251,8 +1302,9 @@ func (client *Client) DoRequest(params *Params, request *OpenApiRequest, runtime
 				res := util.AssertAsMap(obj)
 				_result = make(map[string]interface{})
 				_err = tea.Convert(map[string]interface{}{
-					"body":    res,
-					"headers": response_.Headers,
+					"body":       res,
+					"headers":    response_.Headers,
+					"statusCode": tea.IntValue(response_.StatusCode),
 				}, &_result)
 				return _result, _err
 			} else if tea.BoolValue(util.EqualString(params.BodyType, tea.String("array"))) {
@@ -1263,14 +1315,16 @@ func (client *Client) DoRequest(params *Params, request *OpenApiRequest, runtime
 
 				_result = make(map[string]interface{})
 				_err = tea.Convert(map[string]interface{}{
-					"body":    arr,
-					"headers": response_.Headers,
+					"body":       arr,
+					"headers":    response_.Headers,
+					"statusCode": tea.IntValue(response_.StatusCode),
 				}, &_result)
 				return _result, _err
 			} else {
 				_result = make(map[string]interface{})
-				_err = tea.Convert(map[string]map[string]*string{
-					"headers": response_.Headers,
+				_err = tea.Convert(map[string]interface{}{
+					"headers":    response_.Headers,
+					"statusCode": tea.IntValue(response_.StatusCode),
 				}, &_result)
 				return _result, _err
 			}
@@ -1347,10 +1401,26 @@ func (client *Client) Execute(params *Params, request *OpenApiRequest, runtime *
 				return _result, _err
 			}
 
+			globalQueries := make(map[string]*string)
+			globalHeaders := make(map[string]*string)
+			if !tea.BoolValue(util.IsUnset(tea.ToMap(client.GlobalParameters))) {
+				globalParams := client.GlobalParameters
+				if !tea.BoolValue(util.IsUnset(globalParams.Queries)) {
+					globalQueries = globalParams.Queries
+				}
+
+				if !tea.BoolValue(util.IsUnset(globalParams.Headers)) {
+					globalHeaders = globalParams.Headers
+				}
+
+			}
+
 			requestContext := &spi.InterceptorContextRequest{
-				Headers: tea.Merge(request.Headers,
+				Headers: tea.Merge(globalHeaders,
+					request.Headers,
 					headers),
-				Query:              request.Query,
+				Query: tea.Merge(globalQueries,
+					request.Query),
 				Body:               request.Body,
 				Stream:             request.Stream,
 				HostMap:            request.HostMap,
@@ -1416,8 +1486,9 @@ func (client *Client) Execute(params *Params, request *OpenApiRequest, runtime *
 			}
 			_result = make(map[string]interface{})
 			_err = tea.Convert(map[string]interface{}{
-				"headers": interceptorContext.Response.Headers,
-				"body":    interceptorContext.Response.DeserializedBody,
+				"headers":    interceptorContext.Response.Headers,
+				"statusCode": tea.IntValue(interceptorContext.Response.StatusCode),
+				"body":       interceptorContext.Response.DeserializedBody,
 			}, &_result)
 			return _result, _err
 		}()
diff --git a/vendor/github.com/alibabacloud-go/tea-utils/service/service.go b/vendor/github.com/alibabacloud-go/tea-utils/service/service.go
index 2b6935723..51ce5acc1 100644
--- a/vendor/github.com/alibabacloud-go/tea-utils/service/service.go
+++ b/vendor/github.com/alibabacloud-go/tea-utils/service/service.go
@@ -34,6 +34,7 @@ type RuntimeOptions struct {
 	MaxIdleConns   *int    `json:"maxIdleConns" xml:"maxIdleConns"`
 	Socks5Proxy    *string `json:"socks5Proxy" xml:"socks5Proxy"`
 	Socks5NetWork  *string `json:"socks5NetWork" xml:"socks5NetWork"`
+	KeepAlive      *bool   `json:"keepAlive" xml:"keepAlive"`
 }
 
 func (s RuntimeOptions) String() string {
@@ -114,6 +115,11 @@ func (s *RuntimeOptions) SetSocks5NetWork(v string) *RuntimeOptions {
 	return s
 }
 
+func (s *RuntimeOptions) SetKeepAlive(v bool) *RuntimeOptions {
+	s.KeepAlive = &v
+	return s
+}
+
 func ReadAsString(body io.Reader) (*string, error) {
 	byt, err := ioutil.ReadAll(body)
 	if err != nil {
diff --git a/vendor/github.com/alibabacloud-go/tea-xml/LICENSE b/vendor/github.com/alibabacloud-go/tea-xml/LICENSE
new file mode 100644
index 000000000..0c44dcefe
--- /dev/null
+++ b/vendor/github.com/alibabacloud-go/tea-xml/LICENSE
@@ -0,0 +1,201 @@
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright (c) 2009-present, Alibaba Cloud All rights reserved.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
diff --git a/vendor/github.com/alibabacloud-go/tea/tea/tea.go b/vendor/github.com/alibabacloud-go/tea/tea/tea.go
index 4fbddd3cb..c984caf82 100644
--- a/vendor/github.com/alibabacloud-go/tea/tea/tea.go
+++ b/vendor/github.com/alibabacloud-go/tea/tea/tea.go
@@ -69,12 +69,14 @@ type Response struct {
 
 // SDKError struct is used save error code and message
 type SDKError struct {
-	Code       *string
-	StatusCode *int
-	Message    *string
-	Data       *string
-	Stack      *string
-	errMsg     *string
+	Code               *string
+	StatusCode         *int
+	Message            *string
+	Data               *string
+	Stack              *string
+	errMsg             *string
+	Description        *string
+	AccessDeniedDetail map[string]interface{}
 }
 
 // RuntimeObject is used for converting http configuration
@@ -181,6 +183,20 @@ func NewSDKError(obj map[string]interface{}) *SDKError {
 	if obj["message"] != nil {
 		err.Message = String(obj["message"].(string))
 	}
+	if obj["description"] != nil {
+		err.Description = String(obj["description"].(string))
+	}
+	if detail := obj["accessDeniedDetail"]; detail != nil {
+		r := reflect.ValueOf(detail)
+		if r.Kind().String() == "map" {
+			res := make(map[string]interface{})
+			tmp := r.MapKeys()
+			for _, key := range tmp {
+				res[key.String()] = r.MapIndex(key).Interface()
+			}
+			err.AccessDeniedDetail = res
+		}
+	}
 	if data := obj["data"]; data != nil {
 		r := reflect.ValueOf(data)
 		if r.Kind().String() == "map" {
@@ -197,6 +213,8 @@ func NewSDKError(obj map[string]interface{}) *SDKError {
 					if err_ == nil {
 						err.StatusCode = Int(code)
 					}
+				} else if code, ok := statusCode.(*int); ok {
+					err.StatusCode = code
 				}
 			}
 		}
@@ -244,7 +262,7 @@ func Convert(in interface{}, out interface{}) error {
 	return err
 }
 
-// Convert is use convert map[string]interface object to struct
+// Recover is used to format error
 func Recover(in interface{}) error {
 	if in == nil {
 		return nil
@@ -304,6 +322,9 @@ func DoRequest(request *Request, requestRuntime map[string]interface{}) (respons
 
 	requestURL := ""
 	request.Domain = request.Headers["host"]
+	if request.Port != nil {
+		request.Domain = String(fmt.Sprintf("%s:%d", StringValue(request.Domain), IntValue(request.Port)))
+	}
 	requestURL = fmt.Sprintf("%s://%s%s", StringValue(request.Protocol), StringValue(request.Domain), StringValue(request.Pathname))
 	queryParams := request.Query
 	// sort QueryParams by key
@@ -394,28 +415,30 @@ func getHttpTransport(req *Request, runtime *RuntimeObject) (*http.Transport, er
 	if err != nil {
 		return nil, err
 	}
-	if strings.ToLower(*req.Protocol) == "https" &&
-		runtime.Key != nil && runtime.Cert != nil {
-		cert, err := tls.X509KeyPair([]byte(StringValue(runtime.Cert)), []byte(StringValue(runtime.Key)))
-		if err != nil {
-			return nil, err
-		}
-
-		trans.TLSClientConfig = &tls.Config{
-			Certificates:       []tls.Certificate{cert},
-			InsecureSkipVerify: BoolValue(runtime.IgnoreSSL),
-		}
-		if runtime.CA != nil {
-			clientCertPool := x509.NewCertPool()
-			ok := clientCertPool.AppendCertsFromPEM([]byte(StringValue(runtime.CA)))
-			if !ok {
-				return nil, errors.New("Failed to parse root certificate")
+	if strings.ToLower(*req.Protocol) == "https" {
+		if BoolValue(runtime.IgnoreSSL) != true {
+			trans.TLSClientConfig = &tls.Config{
+				InsecureSkipVerify: false,
+			}
+			if runtime.Key != nil && runtime.Cert != nil && StringValue(runtime.Key) != "" && StringValue(runtime.Cert) != "" {
+				cert, err := tls.X509KeyPair([]byte(StringValue(runtime.Cert)), []byte(StringValue(runtime.Key)))
+				if err != nil {
+					return nil, err
+				}
+				trans.TLSClientConfig.Certificates = []tls.Certificate{cert}
+			}
+			if runtime.CA != nil && StringValue(runtime.CA) != "" {
+				clientCertPool := x509.NewCertPool()
+				ok := clientCertPool.AppendCertsFromPEM([]byte(StringValue(runtime.CA)))
+				if !ok {
+					return nil, errors.New("Failed to parse root certificate")
+				}
+				trans.TLSClientConfig.RootCAs = clientCertPool
+			}
+		} else {
+			trans.TLSClientConfig = &tls.Config{
+				InsecureSkipVerify: true,
 			}
-			trans.TLSClientConfig.RootCAs = clientCertPool
-		}
-	} else {
-		trans.TLSClientConfig = &tls.Config{
-			InsecureSkipVerify: BoolValue(runtime.IgnoreSSL),
 		}
 	}
 	if httpProxy != nil {
@@ -455,6 +478,10 @@ func getHttpTransport(req *Request, runtime *RuntimeObject) (*http.Transport, er
 	} else {
 		trans.DialContext = setDialContext(runtime)
 	}
+	if runtime.MaxIdleConns != nil && *runtime.MaxIdleConns > 0 {
+		trans.MaxIdleConns = IntValue(runtime.MaxIdleConns)
+		trans.MaxIdleConnsPerHost = IntValue(runtime.MaxIdleConns)
+	}
 	return trans, nil
 }
 
diff --git a/vendor/github.com/aliyun/credentials-go/credentials/access_key_credential.go b/vendor/github.com/aliyun/credentials-go/credentials/access_key_credential.go
index 7bcaa9740..78530e689 100644
--- a/vendor/github.com/aliyun/credentials-go/credentials/access_key_credential.go
+++ b/vendor/github.com/aliyun/credentials-go/credentials/access_key_credential.go
@@ -15,6 +15,15 @@ func newAccessKeyCredential(accessKeyId, accessKeySecret string) *AccessKeyCrede
 	}
 }
 
+func (s *AccessKeyCredential) GetCredential() (*CredentialModel, error) {
+	credential := &CredentialModel{
+		AccessKeyId:     tea.String(s.AccessKeyId),
+		AccessKeySecret: tea.String(s.AccessKeySecret),
+		Type:            tea.String("access_key"),
+	}
+	return credential, nil
+}
+
 // GetAccessKeyId reutrns  AccessKeyCreential's AccessKeyId
 func (a *AccessKeyCredential) GetAccessKeyId() (*string, error) {
 	return tea.String(a.AccessKeyId), nil
diff --git a/vendor/github.com/aliyun/credentials-go/credentials/bearer_token_credential.go b/vendor/github.com/aliyun/credentials-go/credentials/bearer_token_credential.go
index cca291621..9df4d3202 100644
--- a/vendor/github.com/aliyun/credentials-go/credentials/bearer_token_credential.go
+++ b/vendor/github.com/aliyun/credentials-go/credentials/bearer_token_credential.go
@@ -14,6 +14,14 @@ func newBearerTokenCredential(token string) *BearerTokenCredential {
 	}
 }
 
+func (s *BearerTokenCredential) GetCredential() (*CredentialModel, error) {
+	credential := &CredentialModel{
+		BearerToken: tea.String(s.BearerToken),
+		Type:        tea.String("bearer"),
+	}
+	return credential, nil
+}
+
 // GetAccessKeyId is useless for BearerTokenCredential
 func (b *BearerTokenCredential) GetAccessKeyId() (*string, error) {
 	return tea.String(""), nil
diff --git a/vendor/github.com/aliyun/credentials-go/credentials/credential.go b/vendor/github.com/aliyun/credentials-go/credentials/credential.go
index 62e647541..2603dc0c7 100644
--- a/vendor/github.com/aliyun/credentials-go/credentials/credential.go
+++ b/vendor/github.com/aliyun/credentials-go/credentials/credential.go
@@ -30,6 +30,7 @@ type Credential interface {
 	GetSecurityToken() (*string, error)
 	GetBearerToken() *string
 	GetType() *string
+	GetCredential() (*CredentialModel, error)
 }
 
 // Config is important when call NewCredential
@@ -55,6 +56,8 @@ type Config struct {
 	Proxy                 *string  `json:"proxy"`
 	InAdvanceScale        *float64 `json:"inAdvanceScale"`
 	Url                   *string  `json:"url"`
+	STSEndpoint           *string  `json:"sts_endpoint"`
+	ExternalId            *string  `json:"external_id"`
 }
 
 func (s Config) String() string {
@@ -168,6 +171,11 @@ func (s *Config) SetURLCredential(v string) *Config {
 	return s
 }
 
+func (s *Config) SetSTSEndpoint(v string) *Config {
+	s.STSEndpoint = &v
+	return s
+}
+
 // NewCredential return a credential according to the type in config.
 // if config is nil, the function will use default provider chain to get credential.
 // please see README.md for detail.
@@ -192,6 +200,7 @@ func NewCredential(config *Config) (credential Credential, err error) {
 			Proxy:          tea.StringValue(config.Proxy),
 			ReadTimeout:    tea.IntValue(config.Timeout),
 			ConnectTimeout: tea.IntValue(config.ConnectTimeout),
+			STSEndpoint:    tea.StringValue(config.STSEndpoint),
 		}
 		credential = newOIDCRoleArnCredential(tea.StringValue(config.AccessKeyId), tea.StringValue(config.AccessKeySecret), tea.StringValue(config.RoleArn), tea.StringValue(config.OIDCProviderArn), tea.StringValue(config.OIDCTokenFilePath), tea.StringValue(config.RoleSessionName), tea.StringValue(config.Policy), tea.IntValue(config.RoleSessionExpiration), runtime)
 	case "access_key":
@@ -225,8 +234,17 @@ func NewCredential(config *Config) (credential Credential, err error) {
 			Proxy:          tea.StringValue(config.Proxy),
 			ReadTimeout:    tea.IntValue(config.Timeout),
 			ConnectTimeout: tea.IntValue(config.ConnectTimeout),
+			STSEndpoint:    tea.StringValue(config.STSEndpoint),
 		}
-		credential = newRAMRoleArnCredential(tea.StringValue(config.AccessKeyId), tea.StringValue(config.AccessKeySecret), tea.StringValue(config.RoleArn), tea.StringValue(config.RoleSessionName), tea.StringValue(config.Policy), tea.IntValue(config.RoleSessionExpiration), runtime)
+		credential = newRAMRoleArnWithExternalIdCredential(
+			tea.StringValue(config.AccessKeyId),
+			tea.StringValue(config.AccessKeySecret),
+			tea.StringValue(config.RoleArn),
+			tea.StringValue(config.RoleSessionName),
+			tea.StringValue(config.Policy),
+			tea.IntValue(config.RoleSessionExpiration),
+			tea.StringValue(config.ExternalId),
+			runtime)
 	case "rsa_key_pair":
 		err = checkRSAKeyPair(config)
 		if err != nil {
@@ -251,6 +269,7 @@ func NewCredential(config *Config) (credential Credential, err error) {
 			Proxy:          tea.StringValue(config.Proxy),
 			ReadTimeout:    tea.IntValue(config.Timeout),
 			ConnectTimeout: tea.IntValue(config.ConnectTimeout),
+			STSEndpoint:    tea.StringValue(config.STSEndpoint),
 		}
 		credential = newRsaKeyPairCredential(privateKey, tea.StringValue(config.PublicKeyId), tea.IntValue(config.SessionExpiration), runtime)
 	case "bearer":
diff --git a/vendor/github.com/aliyun/credentials-go/credentials/credential_model.go b/vendor/github.com/aliyun/credentials-go/credentials/credential_model.go
new file mode 100644
index 000000000..7b46c3088
--- /dev/null
+++ b/vendor/github.com/aliyun/credentials-go/credentials/credential_model.go
@@ -0,0 +1,50 @@
+package credentials
+
+import "github.com/alibabacloud-go/tea/tea"
+
+// CredentialModel is a model
+type CredentialModel struct {
+	// accesskey id
+	AccessKeyId *string `json:"accessKeyId,omitempty" xml:"accessKeyId,omitempty"`
+	// accesskey secret
+	AccessKeySecret *string `json:"accessKeySecret,omitempty" xml:"accessKeySecret,omitempty"`
+	// security token
+	SecurityToken *string `json:"securityToken,omitempty" xml:"securityToken,omitempty"`
+	// bearer token
+	BearerToken *string `json:"bearerToken,omitempty" xml:"bearerToken,omitempty"`
+	// type
+	Type *string `json:"type,omitempty" xml:"type,omitempty"`
+}
+
+func (s CredentialModel) String() string {
+	return tea.Prettify(s)
+}
+
+func (s CredentialModel) GoString() string {
+	return s.String()
+}
+
+func (s *CredentialModel) SetAccessKeyId(v string) *CredentialModel {
+	s.AccessKeyId = &v
+	return s
+}
+
+func (s *CredentialModel) SetAccessKeySecret(v string) *CredentialModel {
+	s.AccessKeySecret = &v
+	return s
+}
+
+func (s *CredentialModel) SetSecurityToken(v string) *CredentialModel {
+	s.SecurityToken = &v
+	return s
+}
+
+func (s *CredentialModel) SetBearerToken(v string) *CredentialModel {
+	s.BearerToken = &v
+	return s
+}
+
+func (s *CredentialModel) SetType(v string) *CredentialModel {
+	s.Type = &v
+	return s
+}
diff --git a/vendor/github.com/aliyun/credentials-go/credentials/ecs_ram_role.go b/vendor/github.com/aliyun/credentials-go/credentials/ecs_ram_role.go
index 5e7ddf4de..d86360fc5 100644
--- a/vendor/github.com/aliyun/credentials-go/credentials/ecs_ram_role.go
+++ b/vendor/github.com/aliyun/credentials-go/credentials/ecs_ram_role.go
@@ -40,6 +40,22 @@ func newEcsRAMRoleCredential(roleName string, inAdvanceScale float64, runtime *u
 	}
 }
 
+func (e *EcsRAMRoleCredential) GetCredential() (*CredentialModel, error) {
+	if e.sessionCredential == nil || e.needUpdateCredential() {
+		err := e.updateCredential()
+		if err != nil {
+			return nil, err
+		}
+	}
+	credential := &CredentialModel{
+		AccessKeyId:     tea.String(e.sessionCredential.AccessKeyId),
+		AccessKeySecret: tea.String(e.sessionCredential.AccessKeySecret),
+		SecurityToken:   tea.String(e.sessionCredential.SecurityToken),
+		Type:            tea.String("ecs_ram_role"),
+	}
+	return credential, nil
+}
+
 // GetAccessKeyId reutrns  EcsRAMRoleCredential's AccessKeyId
 // if AccessKeyId is not exist or out of date, the function will update it.
 func (e *EcsRAMRoleCredential) GetAccessKeyId() (*string, error) {
diff --git a/vendor/github.com/aliyun/credentials-go/credentials/oidc_credential.go b/vendor/github.com/aliyun/credentials-go/credentials/oidc_credential.go
index 76192cbee..7d960abaf 100644
--- a/vendor/github.com/aliyun/credentials-go/credentials/oidc_credential.go
+++ b/vendor/github.com/aliyun/credentials-go/credentials/oidc_credential.go
@@ -55,6 +55,22 @@ func newOIDCRoleArnCredential(accessKeyId, accessKeySecret, roleArn, OIDCProvide
 	}
 }
 
+func (e *OIDCCredential) GetCredential() (*CredentialModel, error) {
+	if e.sessionCredential == nil || e.needUpdateCredential() {
+		err := e.updateCredential()
+		if err != nil {
+			return nil, err
+		}
+	}
+	credential := &CredentialModel{
+		AccessKeyId:     tea.String(e.sessionCredential.AccessKeyId),
+		AccessKeySecret: tea.String(e.sessionCredential.AccessKeySecret),
+		SecurityToken:   tea.String(e.sessionCredential.SecurityToken),
+		Type:            tea.String("oidc_role_arn"),
+	}
+	return credential, nil
+}
+
 // GetAccessKeyId reutrns OIDCCredential's AccessKeyId
 // if AccessKeyId is not exist or out of date, the function will update it.
 func (r *OIDCCredential) GetAccessKeyId() (*string, error) {
@@ -123,6 +139,9 @@ func (r *OIDCCredential) updateCredential() (err error) {
 	}
 	request := request.NewCommonRequest()
 	request.Domain = "sts.aliyuncs.com"
+	if r.runtime.STSEndpoint != "" {
+		request.Domain = r.runtime.STSEndpoint
+	}
 	request.Scheme = "HTTPS"
 	request.Method = "POST"
 	request.QueryParams["Timestamp"] = utils.GetTimeInFormatISO8601()
@@ -138,12 +157,6 @@ func (r *OIDCCredential) updateCredential() (err error) {
 	request.QueryParams["RoleSessionName"] = r.RoleSessionName
 	request.QueryParams["Version"] = "2015-04-01"
 	request.QueryParams["SignatureNonce"] = utils.GetUUID()
-	if r.AccessKeyId != "" && r.AccessKeySecret != "" {
-		signature := utils.ShaHmac1(request.BuildStringToSign(), r.AccessKeySecret+"&")
-		request.QueryParams["Signature"] = signature
-		request.QueryParams["AccessKeyId"] = r.AccessKeyId
-		request.QueryParams["AccessKeySecret"] = r.AccessKeySecret
-	}
 	request.Headers["Host"] = request.Domain
 	request.Headers["Accept-Encoding"] = "identity"
 	request.Headers["content-type"] = "application/x-www-form-urlencoded"
diff --git a/vendor/github.com/aliyun/credentials-go/credentials/oidc_credential_provider.go b/vendor/github.com/aliyun/credentials-go/credentials/oidc_credential_provider.go
new file mode 100644
index 000000000..928eb9315
--- /dev/null
+++ b/vendor/github.com/aliyun/credentials-go/credentials/oidc_credential_provider.go
@@ -0,0 +1,37 @@
+package credentials
+
+import (
+	"os"
+
+	"github.com/alibabacloud-go/tea/tea"
+)
+
+type oidcCredentialsProvider struct{}
+
+var providerOIDC = new(oidcCredentialsProvider)
+
+func newOidcCredentialsProvider() Provider {
+	return &oidcCredentialsProvider{}
+}
+
+func (p *oidcCredentialsProvider) resolve() (*Config, error) {
+	roleArn, ok1 := os.LookupEnv(ENVRoleArn)
+	oidcProviderArn, ok2 := os.LookupEnv(ENVOIDCProviderArn)
+	oidcTokenFilePath, ok3 := os.LookupEnv(ENVOIDCTokenFile)
+	if !ok1 || !ok2 || !ok3 {
+		return nil, nil
+	}
+
+	config := &Config{
+		Type:              tea.String("oidc_role_arn"),
+		RoleArn:           tea.String(roleArn),
+		OIDCProviderArn:   tea.String(oidcProviderArn),
+		OIDCTokenFilePath: tea.String(oidcTokenFilePath),
+		RoleSessionName:   tea.String("defaultSessionName"),
+	}
+	roleSessionName, ok := os.LookupEnv(ENVRoleSessionName)
+	if ok {
+		config.RoleSessionName = tea.String(roleSessionName)
+	}
+	return config, nil
+}
diff --git a/vendor/github.com/aliyun/credentials-go/credentials/profile_provider.go b/vendor/github.com/aliyun/credentials-go/credentials/profile_provider.go
index d6292b035..de02c3dc4 100644
--- a/vendor/github.com/aliyun/credentials-go/credentials/profile_provider.go
+++ b/vendor/github.com/aliyun/credentials-go/credentials/profile_provider.go
@@ -46,10 +46,11 @@ func newProfileProvider(name ...string) Provider {
 func (p *profileProvider) resolve() (*Config, error) {
 	path, ok := os.LookupEnv(ENVCredentialFile)
 	if !ok {
-		path, err := checkDefaultPath()
+		defaultPath, err := checkDefaultPath()
 		if err != nil {
 			return nil, err
 		}
+		path = defaultPath
 		if path == "" {
 			return nil, nil
 		}
diff --git a/vendor/github.com/aliyun/credentials-go/credentials/provider.go b/vendor/github.com/aliyun/credentials-go/credentials/provider.go
index f9d4ae574..fe813db33 100644
--- a/vendor/github.com/aliyun/credentials-go/credentials/provider.go
+++ b/vendor/github.com/aliyun/credentials-go/credentials/provider.go
@@ -5,6 +5,10 @@ const (
 	ENVCredentialFile  = "ALIBABA_CLOUD_CREDENTIALS_FILE"
 	ENVEcsMetadata     = "ALIBABA_CLOUD_ECS_METADATA"
 	PATHCredentialFile = "~/.alibabacloud/credentials"
+	ENVRoleArn         = "ALIBABA_CLOUD_ROLE_ARN"
+	ENVOIDCProviderArn = "ALIBABA_CLOUD_OIDC_PROVIDER_ARN"
+	ENVOIDCTokenFile   = "ALIBABA_CLOUD_OIDC_TOKEN_FILE"
+	ENVRoleSessionName = "ALIBABA_CLOUD_ROLE_SESSION_NAME"
 )
 
 // Provider will be implemented When you want to customize the provider.
diff --git a/vendor/github.com/aliyun/credentials-go/credentials/provider_chain.go b/vendor/github.com/aliyun/credentials-go/credentials/provider_chain.go
index 2764a701c..a694d5cb5 100644
--- a/vendor/github.com/aliyun/credentials-go/credentials/provider_chain.go
+++ b/vendor/github.com/aliyun/credentials-go/credentials/provider_chain.go
@@ -8,7 +8,7 @@ type providerChain struct {
 	Providers []Provider
 }
 
-var defaultproviders = []Provider{providerEnv, providerProfile, providerInstance}
+var defaultproviders = []Provider{providerEnv, providerOIDC, providerProfile, providerInstance}
 var defaultChain = newProviderChain(defaultproviders)
 
 func newProviderChain(providers []Provider) Provider {
diff --git a/vendor/github.com/aliyun/credentials-go/credentials/rsa_key_pair_credential.go b/vendor/github.com/aliyun/credentials-go/credentials/rsa_key_pair_credential.go
index 3e4310eca..82988eca0 100644
--- a/vendor/github.com/aliyun/credentials-go/credentials/rsa_key_pair_credential.go
+++ b/vendor/github.com/aliyun/credentials-go/credentials/rsa_key_pair_credential.go
@@ -42,6 +42,22 @@ func newRsaKeyPairCredential(privateKey, publicKeyId string, sessionExpiration i
 	}
 }
 
+func (e *RsaKeyPairCredential) GetCredential() (*CredentialModel, error) {
+	if e.sessionCredential == nil || e.needUpdateCredential() {
+		err := e.updateCredential()
+		if err != nil {
+			return nil, err
+		}
+	}
+	credential := &CredentialModel{
+		AccessKeyId:     tea.String(e.sessionCredential.AccessKeyId),
+		AccessKeySecret: tea.String(e.sessionCredential.AccessKeySecret),
+		SecurityToken:   tea.String(e.sessionCredential.SecurityToken),
+		Type:            tea.String("rsa_key_pair"),
+	}
+	return credential, nil
+}
+
 // GetAccessKeyId reutrns RsaKeyPairCredential's AccessKeyId
 // if AccessKeyId is not exist or out of date, the function will update it.
 func (r *RsaKeyPairCredential) GetAccessKeyId() (*string, error) {
@@ -89,6 +105,8 @@ func (r *RsaKeyPairCredential) updateCredential() (err error) {
 	request.Domain = "sts.aliyuncs.com"
 	if r.runtime.Host != "" {
 		request.Domain = r.runtime.Host
+	} else if r.runtime.STSEndpoint != "" {
+		request.Domain = r.runtime.STSEndpoint
 	}
 	request.Scheme = "HTTPS"
 	request.Method = "GET"
diff --git a/vendor/github.com/aliyun/credentials-go/credentials/sts_credential.go b/vendor/github.com/aliyun/credentials-go/credentials/sts_credential.go
index ba07dab49..5a9973f21 100644
--- a/vendor/github.com/aliyun/credentials-go/credentials/sts_credential.go
+++ b/vendor/github.com/aliyun/credentials-go/credentials/sts_credential.go
@@ -17,6 +17,16 @@ func newStsTokenCredential(accessKeyId, accessKeySecret, securityToken string) *
 	}
 }
 
+func (s *StsTokenCredential) GetCredential() (*CredentialModel, error) {
+	credential := &CredentialModel{
+		AccessKeyId:     tea.String(s.AccessKeyId),
+		AccessKeySecret: tea.String(s.AccessKeySecret),
+		SecurityToken:   tea.String(s.SecurityToken),
+		Type:            tea.String("sts"),
+	}
+	return credential, nil
+}
+
 // GetAccessKeyId reutrns  StsTokenCredential's AccessKeyId
 func (s *StsTokenCredential) GetAccessKeyId() (*string, error) {
 	return tea.String(s.AccessKeyId), nil
diff --git a/vendor/github.com/aliyun/credentials-go/credentials/sts_role_arn_credential.go b/vendor/github.com/aliyun/credentials-go/credentials/sts_role_arn_credential.go
index f31ba1e32..3ddf32fa2 100644
--- a/vendor/github.com/aliyun/credentials-go/credentials/sts_role_arn_credential.go
+++ b/vendor/github.com/aliyun/credentials-go/credentials/sts_role_arn_credential.go
@@ -23,6 +23,7 @@ type RAMRoleArnCredential struct {
 	RoleSessionName       string
 	RoleSessionExpiration int
 	Policy                string
+	ExternalId            string
 	sessionCredential     *sessionCredential
 	runtime               *utils.Runtime
 }
@@ -51,6 +52,36 @@ func newRAMRoleArnCredential(accessKeyId, accessKeySecret, roleArn, roleSessionN
 	}
 }
 
+func newRAMRoleArnWithExternalIdCredential(accessKeyId, accessKeySecret, roleArn, roleSessionName, policy string, roleSessionExpiration int, externalId string, runtime *utils.Runtime) *RAMRoleArnCredential {
+	return &RAMRoleArnCredential{
+		AccessKeyId:           accessKeyId,
+		AccessKeySecret:       accessKeySecret,
+		RoleArn:               roleArn,
+		RoleSessionName:       roleSessionName,
+		RoleSessionExpiration: roleSessionExpiration,
+		Policy:                policy,
+		ExternalId:            externalId,
+		credentialUpdater:     new(credentialUpdater),
+		runtime:               runtime,
+	}
+}
+
+func (e *RAMRoleArnCredential) GetCredential() (*CredentialModel, error) {
+	if e.sessionCredential == nil || e.needUpdateCredential() {
+		err := e.updateCredential()
+		if err != nil {
+			return nil, err
+		}
+	}
+	credential := &CredentialModel{
+		AccessKeyId:     tea.String(e.sessionCredential.AccessKeyId),
+		AccessKeySecret: tea.String(e.sessionCredential.AccessKeySecret),
+		SecurityToken:   tea.String(e.sessionCredential.SecurityToken),
+		Type:            tea.String("ram_role_arn"),
+	}
+	return credential, nil
+}
+
 // GetAccessKeyId reutrns RamRoleArnCredential's AccessKeyId
 // if AccessKeyId is not exist or out of date, the function will update it.
 func (r *RAMRoleArnCredential) GetAccessKeyId() (*string, error) {
@@ -103,6 +134,9 @@ func (r *RAMRoleArnCredential) updateCredential() (err error) {
 	}
 	request := request.NewCommonRequest()
 	request.Domain = "sts.aliyuncs.com"
+	if r.runtime.STSEndpoint != "" {
+		request.Domain = r.runtime.STSEndpoint
+	}
 	request.Scheme = "HTTPS"
 	request.Method = "GET"
 	request.QueryParams["AccessKeyId"] = r.AccessKeyId
@@ -122,6 +156,9 @@ func (r *RAMRoleArnCredential) updateCredential() (err error) {
 	if r.Policy != "" {
 		request.QueryParams["Policy"] = r.Policy
 	}
+	if r.ExternalId != "" {
+		request.QueryParams["ExternalId"] = r.ExternalId
+	}
 	request.QueryParams["RoleSessionName"] = r.RoleSessionName
 	request.QueryParams["SignatureMethod"] = "HMAC-SHA1"
 	request.QueryParams["SignatureVersion"] = "1.0"
diff --git a/vendor/github.com/aliyun/credentials-go/credentials/uri_credential.go b/vendor/github.com/aliyun/credentials-go/credentials/uri_credential.go
index e8f303fc7..d03006c9c 100644
--- a/vendor/github.com/aliyun/credentials-go/credentials/uri_credential.go
+++ b/vendor/github.com/aliyun/credentials-go/credentials/uri_credential.go
@@ -37,6 +37,22 @@ func newURLCredential(URL string) *URLCredential {
 	}
 }
 
+func (e *URLCredential) GetCredential() (*CredentialModel, error) {
+	if e.sessionCredential == nil || e.needUpdateCredential() {
+		err := e.updateCredential()
+		if err != nil {
+			return nil, err
+		}
+	}
+	credential := &CredentialModel{
+		AccessKeyId:     tea.String(e.sessionCredential.AccessKeyId),
+		AccessKeySecret: tea.String(e.sessionCredential.AccessKeySecret),
+		SecurityToken:   tea.String(e.sessionCredential.SecurityToken),
+		Type:            tea.String("credential_uri"),
+	}
+	return credential, nil
+}
+
 // GetAccessKeyId reutrns  URLCredential's AccessKeyId
 // if AccessKeyId is not exist or out of date, the function will update it.
 func (e *URLCredential) GetAccessKeyId() (*string, error) {
diff --git a/vendor/github.com/aliyun/credentials-go/credentials/utils/runtime.go b/vendor/github.com/aliyun/credentials-go/credentials/utils/runtime.go
index d4a27c9cd..432395cf4 100644
--- a/vendor/github.com/aliyun/credentials-go/credentials/utils/runtime.go
+++ b/vendor/github.com/aliyun/credentials-go/credentials/utils/runtime.go
@@ -12,6 +12,7 @@ type Runtime struct {
 	ConnectTimeout int
 	Proxy          string
 	Host           string
+	STSEndpoint    string
 }
 
 // NewRuntime returns a Runtime
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/CHANGELOG.md
index c3512dd7a..1f4384c96 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/CHANGELOG.md
+++ b/vendor/github.com/aws/aws-sdk-go-v2/CHANGELOG.md
@@ -1,3 +1,1617 @@
+# Release (2023-10-12)
+
+## General Highlights
+* **Dependency Update**: Updated to the latest SDK module versions
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2`: v1.21.2
+  * **Bug Fix**: Improve recognition of retryable DNS errors.
+* `github.com/aws/aws-sdk-go-v2/config`: [v1.18.45](config/CHANGELOG.md#v11845-2023-10-12)
+  * **Bug Fix**: Fail to load config if an explicitly provided profile doesn't exist.
+* `github.com/aws/aws-sdk-go-v2/service/auditmanager`: [v1.27.0](service/auditmanager/CHANGELOG.md#v1270-2023-10-12)
+  * **Feature**: This release introduces a new limit to the awsAccounts parameter. When you create or update an assessment, there is now a limit of 200 AWS accounts that can be specified in the assessment scope.
+* `github.com/aws/aws-sdk-go-v2/service/autoscaling`: [v1.31.0](service/autoscaling/CHANGELOG.md#v1310-2023-10-12)
+  * **Feature**: Update the NotificationMetadata field to only allow visible ascii characters. Add paginators to DescribeInstanceRefreshes, DescribeLoadBalancers, and DescribeLoadBalancerTargetGroups
+* `github.com/aws/aws-sdk-go-v2/service/configservice`: [v1.37.0](service/configservice/CHANGELOG.md#v1370-2023-10-12)
+  * **Feature**: Add enums for resource types supported by Config
+* `github.com/aws/aws-sdk-go-v2/service/controltower`: [v1.4.0](service/controltower/CHANGELOG.md#v140-2023-10-12)
+  * **Feature**: Added new EnabledControl resource details to ListEnabledControls API and added new GetEnabledControl API.
+* `github.com/aws/aws-sdk-go-v2/service/customerprofiles`: [v1.29.0](service/customerprofiles/CHANGELOG.md#v1290-2023-10-12)
+  * **Feature**: Adds sensitive trait to various shapes in Customer Profiles Calculated Attribute API model.
+* `github.com/aws/aws-sdk-go-v2/service/ec2`: [v1.125.0](service/ec2/CHANGELOG.md#v11250-2023-10-12)
+  * **Feature**: This release adds Ubuntu Pro as a supported platform for On-Demand Capacity Reservations and adds support for setting an Amazon Machine Image (AMI) to disabled state. Disabling the AMI makes it private if it was previously shared, and prevents new EC2 instance launches from it.
+* `github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2`: [v1.21.6](service/elasticloadbalancingv2/CHANGELOG.md#v1216-2023-10-12)
+  * **Documentation**: This release enables routing policies with Availability Zone affinity for Network Load Balancers.
+* `github.com/aws/aws-sdk-go-v2/service/glue`: [v1.63.0](service/glue/CHANGELOG.md#v1630-2023-10-12)
+  * **Feature**: Extending version control support to GitLab and Bitbucket from AWSGlue
+* `github.com/aws/aws-sdk-go-v2/service/inspector2`: [v1.17.0](service/inspector2/CHANGELOG.md#v1170-2023-10-12)
+  * **Feature**: Add MacOs ec2 platform support
+* `github.com/aws/aws-sdk-go-v2/service/ivsrealtime`: [v1.5.0](service/ivsrealtime/CHANGELOG.md#v150-2023-10-12)
+  * **Feature**: Update GetParticipant to return additional metadata.
+* `github.com/aws/aws-sdk-go-v2/service/lambda`: [v1.40.0](service/lambda/CHANGELOG.md#v1400-2023-10-12)
+  * **Feature**: Adds support for Lambda functions to access Dual-Stack subnets over IPv6, via an opt-in flag in CreateFunction and UpdateFunctionConfiguration APIs
+* `github.com/aws/aws-sdk-go-v2/service/location`: [v1.28.0](service/location/CHANGELOG.md#v1280-2023-10-12)
+  * **Feature**: This release adds endpoint updates for all AWS Location resource operations.
+* `github.com/aws/aws-sdk-go-v2/service/machinelearning`: [v1.18.0](service/machinelearning/CHANGELOG.md#v1180-2023-10-12)
+  * **Feature**: This release marks Password field as sensitive
+* `github.com/aws/aws-sdk-go-v2/service/pricing`: [v1.21.9](service/pricing/CHANGELOG.md#v1219-2023-10-12)
+  * **Documentation**: Documentation updates for Price List
+* `github.com/aws/aws-sdk-go-v2/service/rds`: [v1.56.0](service/rds/CHANGELOG.md#v1560-2023-10-12)
+  * **Feature**: This release adds support for adding a dedicated log volume to open-source RDS instances.
+* `github.com/aws/aws-sdk-go-v2/service/rekognition`: [v1.31.0](service/rekognition/CHANGELOG.md#v1310-2023-10-12)
+  * **Feature**: Amazon Rekognition introduces support for Custom Moderation. This allows the enhancement of accuracy for detect moderation labels operations by creating custom adapters tuned on customer data.
+* `github.com/aws/aws-sdk-go-v2/service/sagemaker`: [v1.111.0](service/sagemaker/CHANGELOG.md#v11110-2023-10-12)
+  * **Feature**: Amazon SageMaker Canvas adds KendraSettings and DirectDeploySettings support for CanvasAppSettings
+* `github.com/aws/aws-sdk-go-v2/service/textract`: [v1.25.0](service/textract/CHANGELOG.md#v1250-2023-10-12)
+  * **Feature**: This release adds 9 new APIs for adapter and adapter version management, 3 new APIs for tagging, and updates AnalyzeDocument and StartDocumentAnalysis API parameters for using adapters.
+* `github.com/aws/aws-sdk-go-v2/service/transcribe`: [v1.29.0](service/transcribe/CHANGELOG.md#v1290-2023-10-12)
+  * **Feature**: This release is to enable m4a format to customers
+* `github.com/aws/aws-sdk-go-v2/service/workspaces`: [v1.31.2](service/workspaces/CHANGELOG.md#v1312-2023-10-12)
+  * **Documentation**: Updated the CreateWorkspaces action documentation to clarify that the PCoIP protocol is only available for Windows bundles.
+
+# Release (2023-10-06)
+
+## General Highlights
+* **Dependency Update**: Updated to the latest SDK module versions
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/ec2`: [v1.124.0](service/ec2/CHANGELOG.md#v11240-2023-10-06)
+  * **Feature**: Documentation updates for Elastic Compute Cloud (EC2).
+* `github.com/aws/aws-sdk-go-v2/service/fsx`: [v1.33.0](service/fsx/CHANGELOG.md#v1330-2023-10-06)
+  * **Feature**: After performing steps to repair the Active Directory configuration of a file system, use this action to initiate the process of attempting to recover to the file system.
+* `github.com/aws/aws-sdk-go-v2/service/marketplacecatalog`: [v1.18.0](service/marketplacecatalog/CHANGELOG.md#v1180-2023-10-06)
+  * **Feature**: This release adds support for Document type as an alternative for stringified JSON for StartChangeSet, DescribeChangeSet and DescribeEntity APIs
+* `github.com/aws/aws-sdk-go-v2/service/quicksight`: [v1.45.0](service/quicksight/CHANGELOG.md#v1450-2023-10-06)
+  * **Feature**: NullOption in FilterListConfiguration; Dataset schema/table max length increased; Support total placement for pivot table visual; Lenient mode relaxes the validation to create resources with definition; Data sources can be added to folders; Redshift data sources support IAM Role-based authentication
+* `github.com/aws/aws-sdk-go-v2/service/transfer`: [v1.34.0](service/transfer/CHANGELOG.md#v1340-2023-10-06)
+  * **Feature**: This release updates the max character limit of PreAuthenticationLoginBanner and PostAuthenticationLoginBanner to 4096 characters
+
+# Release (2023-10-05)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/omics`: [v1.10.0](service/omics/CHANGELOG.md#v1100-2023-10-05)
+  * **Feature**: Add Etag Support for Omics Storage in ListReadSets and GetReadSetMetadata API
+* `github.com/aws/aws-sdk-go-v2/service/rds`: [v1.55.1](service/rds/CHANGELOG.md#v1551-2023-10-05)
+  * **Documentation**: Updates Amazon RDS documentation for corrections and minor improvements.
+* `github.com/aws/aws-sdk-go-v2/service/route53`: [v1.30.0](service/route53/CHANGELOG.md#v1300-2023-10-05)
+  * **Feature**: Add hostedzonetype filter to ListHostedZones API.
+* `github.com/aws/aws-sdk-go-v2/service/securityhub`: [v1.37.0](service/securityhub/CHANGELOG.md#v1370-2023-10-05)
+  * **Feature**: Added new resource detail objects to ASFF, including resources for AwsEventsEventbus, AwsEventsEndpoint, AwsDmsEndpoint, AwsDmsReplicationTask, AwsDmsReplicationInstance, AwsRoute53HostedZone, and AwsMskCluster
+* `github.com/aws/aws-sdk-go-v2/service/storagegateway`: [v1.21.0](service/storagegateway/CHANGELOG.md#v1210-2023-10-05)
+  * **Feature**: Add SoftwareVersion to response of DescribeGatewayInformation.
+* `github.com/aws/aws-sdk-go-v2/service/workspaces`: [v1.31.0](service/workspaces/CHANGELOG.md#v1310-2023-10-05)
+  * **Feature**: This release introduces Manage applications. This feature allows users to manage their WorkSpaces applications by associating or disassociating their WorkSpaces with applications. The DescribeWorkspaces API will now additionally return OperatingSystemName in its responses.
+
+# Release (2023-10-04)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/appconfig`: [v1.21.0](service/appconfig/CHANGELOG.md#v1210-2023-10-04)
+  * **Feature**: AWS AppConfig introduces KMS customer-managed key (CMK) encryption support for data saved to AppConfig's hosted configuration store.
+* `github.com/aws/aws-sdk-go-v2/service/datazone`: [v1.0.0](service/datazone/CHANGELOG.md#v100-2023-10-04)
+  * **Release**: New AWS service client module
+  * **Feature**: Initial release of Amazon DataZone
+* `github.com/aws/aws-sdk-go-v2/service/mediatailor`: [v1.28.0](service/mediatailor/CHANGELOG.md#v1280-2023-10-04)
+  * **Feature**: Updates DescribeVodSource to include a list of ad break opportunities in the response
+* `github.com/aws/aws-sdk-go-v2/service/mgn`: [v1.21.0](service/mgn/CHANGELOG.md#v1210-2023-10-04)
+  * **Feature**: This release includes the following new APIs: ListConnectors, CreateConnector,  UpdateConnector, DeleteConnector and UpdateSourceServer to support the source action framework feature.
+* `github.com/aws/aws-sdk-go-v2/service/sagemaker`: [v1.110.0](service/sagemaker/CHANGELOG.md#v11100-2023-10-04)
+  * **Feature**: Adding support for AdditionalS3DataSource, a data source used for training or inference that is in addition to the input dataset or model data.
+
+# Release (2023-10-03)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/connect`: [v1.69.0](service/connect/CHANGELOG.md#v1690-2023-10-03)
+  * **Feature**: GetMetricDataV2 API: Update to include new metrics CONTACTS_RESOLVED_IN_X , AVG_HOLD_TIME_ALL_CONTACTS , AVG_RESOLUTION_TIME , ABANDONMENT_RATE , AGENT_NON_RESPONSE_WITHOUT_CUSTOMER_ABANDONS with added features: Interval Period, TimeZone, Negate MetricFilters, Extended date time range.
+* `github.com/aws/aws-sdk-go-v2/service/location`: [v1.27.0](service/location/CHANGELOG.md#v1270-2023-10-03)
+  * **Feature**: Amazon Location Service adds support for bounding polygon queries. Additionally, the GeofenceCount field has been added to the DescribeGeofenceCollection API response.
+* `github.com/aws/aws-sdk-go-v2/service/mediaconvert`: [v1.43.0](service/mediaconvert/CHANGELOG.md#v1430-2023-10-03)
+  * **Feature**: This release adds the ability to replace video frames without modifying the audio essence.
+* `github.com/aws/aws-sdk-go-v2/service/oam`: [v1.4.0](service/oam/CHANGELOG.md#v140-2023-10-03)
+  * **Feature**: This release adds support for sharing AWS::ApplicationInsights::Application resources.
+* `github.com/aws/aws-sdk-go-v2/service/sagemaker`: [v1.109.0](service/sagemaker/CHANGELOG.md#v11090-2023-10-03)
+  * **Feature**: This release allows users to run Selective Execution in SageMaker Pipelines without SourcePipelineExecutionArn if selected steps do not have any dependent steps.
+* `github.com/aws/aws-sdk-go-v2/service/wellarchitected`: [v1.23.0](service/wellarchitected/CHANGELOG.md#v1230-2023-10-03)
+  * **Feature**: AWS Well-Architected now supports Review Templates that allows you to create templates with pre-filled answers for Well-Architected and Custom Lens best practices.
+
+# Release (2023-10-02)
+
+## General Highlights
+* **Dependency Update**: Updated to the latest SDK module versions
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/bedrock`: [v1.1.0](service/bedrock/CHANGELOG.md#v110-2023-10-02)
+  * **Feature**: Provisioned throughput feature with Amazon and third-party base models, and update validators for model identifier and taggable resource ARNs.
+* `github.com/aws/aws-sdk-go-v2/service/bedrockruntime`: [v1.1.0](service/bedrockruntime/CHANGELOG.md#v110-2023-10-02)
+  * **Feature**: Add model timeout exception for InvokeModelWithResponseStream API and update validator for invoke model identifier.
+* `github.com/aws/aws-sdk-go-v2/service/ec2`: [v1.123.0](service/ec2/CHANGELOG.md#v11230-2023-10-02)
+  * **Feature**: Introducing Amazon EC2 R7iz instances with 3.9 GHz sustained all-core turbo frequency and deliver up to 20% better performance than previous generation z1d instances.
+* `github.com/aws/aws-sdk-go-v2/service/managedblockchain`: [v1.16.6](service/managedblockchain/CHANGELOG.md#v1166-2023-10-02)
+  * **Documentation**: Remove Rinkeby as option from Ethereum APIs
+* `github.com/aws/aws-sdk-go-v2/service/rds`: [v1.55.0](service/rds/CHANGELOG.md#v1550-2023-10-02)
+  * **Feature**: Adds DefaultCertificateForNewLaunches field in the DescribeCertificates API response.
+* `github.com/aws/aws-sdk-go-v2/service/sso`: [v1.15.0](service/sso/CHANGELOG.md#v1150-2023-10-02)
+  * **Feature**: Fix FIPS Endpoints in aws-us-gov.
+* `github.com/aws/aws-sdk-go-v2/service/sts`: [v1.23.0](service/sts/CHANGELOG.md#v1230-2023-10-02)
+  * **Feature**: STS API updates for assumeRole
+* `github.com/aws/aws-sdk-go-v2/service/transfer`: [v1.33.9](service/transfer/CHANGELOG.md#v1339-2023-10-02)
+  * **Documentation**: Documentation updates for AWS Transfer Family
+
+# Release (2023-09-28)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/bedrock`: [v1.0.0](service/bedrock/CHANGELOG.md#v100-2023-09-28)
+  * **Release**: New AWS service client module
+  * **Feature**: Model Invocation logging added to enable or disable logs in customer account. Model listing and description support added. Provisioned Throughput feature added. Custom model support added for creating custom models. Also includes list, and delete functions for custom model.
+* `github.com/aws/aws-sdk-go-v2/service/bedrockruntime`: [v1.0.0](service/bedrockruntime/CHANGELOG.md#v100-2023-09-28)
+  * **Release**: New AWS service client module
+  * **Feature**: Run Inference: Added support to run the inference on models.  Includes set of APIs for running inference in streaming and non-streaming mode.
+* `github.com/aws/aws-sdk-go-v2/service/budgets`: [v1.17.0](service/budgets/CHANGELOG.md#v1170-2023-09-28)
+  * **Feature**: Update DescribeBudgets and DescribeBudgetNotificationsForAccount MaxResults limit to 1000.
+* `github.com/aws/aws-sdk-go-v2/service/ec2`: [v1.122.0](service/ec2/CHANGELOG.md#v11220-2023-09-28)
+  * **Feature**: Adds support for Customer Managed Key encryption for Amazon Verified Access resources
+* `github.com/aws/aws-sdk-go-v2/service/iotfleetwise`: [v1.6.0](service/iotfleetwise/CHANGELOG.md#v160-2023-09-28)
+  * **Feature**: AWS IoT FleetWise now supports encryption through a customer managed AWS KMS key. The PutEncryptionConfiguration and GetEncryptionConfiguration APIs were added.
+* `github.com/aws/aws-sdk-go-v2/service/sagemaker`: [v1.108.0](service/sagemaker/CHANGELOG.md#v11080-2023-09-28)
+  * **Feature**: Online store feature groups supports Standard and InMemory tier storage types for low latency storage for real-time data retrieval. The InMemory tier supports collection types List, Set, and Vector.
+* `github.com/aws/aws-sdk-go-v2/service/sagemakerfeaturestoreruntime`: [v1.18.0](service/sagemakerfeaturestoreruntime/CHANGELOG.md#v1180-2023-09-28)
+  * **Feature**: Feature Store supports read/write of records with collection type features.
+* `github.com/aws/aws-sdk-go-v2/service/wafv2`: [v1.39.1](service/wafv2/CHANGELOG.md#v1391-2023-09-28)
+  * **Documentation**: Correct and improve the documentation for the FieldToMatch option JA3 fingerprint.
+
+# Release (2023-09-27)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider`: [v1.27.0](service/cognitoidentityprovider/CHANGELOG.md#v1270-2023-09-27)
+  * **Feature**: The UserPoolType Status field is no longer used.
+* `github.com/aws/aws-sdk-go-v2/service/firehose`: [v1.19.0](service/firehose/CHANGELOG.md#v1190-2023-09-27)
+  * **Feature**: Features : Adding support for new data ingestion source to Kinesis Firehose - AWS Managed Services Kafka.
+* `github.com/aws/aws-sdk-go-v2/service/iot`: [v1.40.0](service/iot/CHANGELOG.md#v1400-2023-09-27)
+  * **Feature**: Added support for IoT Rules Engine Kafka Action Headers
+* `github.com/aws/aws-sdk-go-v2/service/textract`: [v1.24.0](service/textract/CHANGELOG.md#v1240-2023-09-27)
+  * **Feature**: This release adds new feature - Layout to Analyze Document API which can automatically extract layout elements such as titles, paragraphs, headers, section headers, lists, page numbers, footers, table areas, key-value areas and figure areas and order the elements as a human would read.
+
+# Release (2023-09-26)
+
+## General Highlights
+* **Dependency Update**: Updated to the latest SDK module versions
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/appintegrations`: [v1.18.0](service/appintegrations/CHANGELOG.md#v1180-2023-09-26)
+  * **Feature**: The Amazon AppIntegrations service adds a set of APIs (in preview) to manage third party applications to be used in Amazon Connect agent workspace.
+* `github.com/aws/aws-sdk-go-v2/service/apprunner`: [v1.21.0](service/apprunner/CHANGELOG.md#v1210-2023-09-26)
+  * **Feature**: This release allows an App Runner customer to specify a custom source directory to run the build & start command. This change allows App Runner to support monorepo based repositories
+* `github.com/aws/aws-sdk-go-v2/service/codedeploy`: [v1.18.1](service/codedeploy/CHANGELOG.md#v1181-2023-09-26)
+  * **Documentation**: CodeDeploy now supports In-place and Blue/Green EC2 deployments with multiple Classic Load Balancers and multiple Target Groups.
+* `github.com/aws/aws-sdk-go-v2/service/connect`: [v1.68.0](service/connect/CHANGELOG.md#v1680-2023-09-26)
+  * **Feature**: This release updates a set of Amazon Connect APIs that provides the ability to integrate third party applications in the Amazon Connect agent workspace.
+* `github.com/aws/aws-sdk-go-v2/service/dynamodb`: [v1.22.0](service/dynamodb/CHANGELOG.md#v1220-2023-09-26)
+  * **Feature**: Amazon DynamoDB now supports Incremental Export as an enhancement to the existing Export Table
+* `github.com/aws/aws-sdk-go-v2/service/ec2`: [v1.121.0](service/ec2/CHANGELOG.md#v11210-2023-09-26)
+  * **Feature**: The release includes AWS verified access to support FIPs compliance in North America regions
+* `github.com/aws/aws-sdk-go-v2/service/lakeformation`: [v1.24.0](service/lakeformation/CHANGELOG.md#v1240-2023-09-26)
+  * **Feature**: This release adds three new API support "CreateLakeFormationOptIn", "DeleteLakeFormationOptIn" and "ListLakeFormationOptIns", and also updates the corresponding documentation.
+* `github.com/aws/aws-sdk-go-v2/service/pinpoint`: [v1.22.6](service/pinpoint/CHANGELOG.md#v1226-2023-09-26)
+  * **Documentation**: Update documentation for RemoveAttributes to more accurately reflect its behavior when attributes are deleted.
+* `github.com/aws/aws-sdk-go-v2/service/s3`: [v1.40.0](service/s3/CHANGELOG.md#v1400-2023-09-26)
+  * **Feature**: This release adds a new field COMPLETED to the ReplicationStatus Enum. You can now use this field to validate the replication status of S3 objects using the AWS SDK.
+
+# Release (2023-09-25)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/amplifyuibuilder`: [v1.13.0](service/amplifyuibuilder/CHANGELOG.md#v1130-2023-09-25)
+  * **Feature**: Support for generating code that is compatible with future versions of amplify project dependencies.
+* `github.com/aws/aws-sdk-go-v2/service/chimesdkmediapipelines`: [v1.9.0](service/chimesdkmediapipelines/CHANGELOG.md#v190-2023-09-25)
+  * **Feature**: Adds support for sending WebRTC audio to Amazon Kineses Video Streams.
+* `github.com/aws/aws-sdk-go-v2/service/emrserverless`: [v1.11.0](service/emrserverless/CHANGELOG.md#v1110-2023-09-25)
+  * **Feature**: This release adds support for application-wide default job configurations.
+* `github.com/aws/aws-sdk-go-v2/service/finspacedata`: [v1.17.0](service/finspacedata/CHANGELOG.md#v1170-2023-09-25)
+  * **Feature**: Adding sensitive trait to attributes. Change max SessionDuration from 720 to 60. Correct "ApiAccess" attribute to "apiAccess" to maintain consistency between APIs.
+* `github.com/aws/aws-sdk-go-v2/service/quicksight`: [v1.44.0](service/quicksight/CHANGELOG.md#v1440-2023-09-25)
+  * **Feature**: Added ability to tag users upon creation.
+* `github.com/aws/aws-sdk-go-v2/service/ssm`: [v1.38.0](service/ssm/CHANGELOG.md#v1380-2023-09-25)
+  * **Feature**: This release updates the enum values for ResourceType in SSM DescribeInstanceInformation input and ConnectionStatus in GetConnectionStatus output.
+* `github.com/aws/aws-sdk-go-v2/service/wafv2`: [v1.39.0](service/wafv2/CHANGELOG.md#v1390-2023-09-25)
+  * **Feature**: You can now perform an exact match against the web request's JA3 fingerprint.
+
+# Release (2023-09-22)
+
+## General Highlights
+* **Dependency Update**: Updated to the latest SDK module versions
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/config`: [v1.18.42](config/CHANGELOG.md#v11842-2023-09-22)
+  * **Bug Fix**: Fixed a bug where merging `max_attempts` or `duration_seconds` fields across shared config files with invalid values would silently default them to 0.
+  * **Bug Fix**: Move type assertion of config values out of the parsing stage, which resolves an issue where the contents of a profile would silently be dropped with certain numeric formats.
+* `github.com/aws/aws-sdk-go-v2/internal/ini`: [v1.3.43](internal/ini/CHANGELOG.md#v1343-2023-09-22)
+  * **Bug Fix**: Fixed a bug where merging `max_attempts` or `duration_seconds` fields across shared config files with invalid values would silently default them to 0.
+  * **Bug Fix**: Move type assertion of config values out of the parsing stage, which resolves an issue where the contents of a profile would silently be dropped with certain numeric formats.
+* `github.com/aws/aws-sdk-go-v2/service/braket`: [v1.20.0](service/braket/CHANGELOG.md#v1200-2023-09-22)
+  * **Feature**: This release adds support to view the device queue depth (the number of queued quantum tasks and hybrid jobs on a device) and queue position for a quantum task and hybrid job.
+* `github.com/aws/aws-sdk-go-v2/service/cloudwatchevents`: [v1.18.0](service/cloudwatchevents/CHANGELOG.md#v1180-2023-09-22)
+  * **Feature**: Adds sensitive trait to various shapes in Jetstream Connections API model.
+* `github.com/aws/aws-sdk-go-v2/service/databasemigrationservice`: [v1.31.0](service/databasemigrationservice/CHANGELOG.md#v1310-2023-09-22)
+  * **Feature**: new vendors for DMS CSF: MongoDB, MariaDB, DocumentDb and Redshift
+* `github.com/aws/aws-sdk-go-v2/service/ec2`: [v1.120.0](service/ec2/CHANGELOG.md#v11200-2023-09-22)
+  * **Feature**: EC2 M2 Pro Mac instances are powered by Apple M2 Pro Mac Mini computers featuring 12 core CPU, 19 core GPU, 32 GiB of memory, and 16 core Apple Neural Engine and uniquely enabled by the AWS Nitro System through high-speed Thunderbolt connections.
+* `github.com/aws/aws-sdk-go-v2/service/efs`: [v1.21.7](service/efs/CHANGELOG.md#v1217-2023-09-22)
+  * **Documentation**: Documentation updates for Elastic File System
+* `github.com/aws/aws-sdk-go-v2/service/guardduty`: [v1.28.0](service/guardduty/CHANGELOG.md#v1280-2023-09-22)
+  * **Feature**: Add `EKS_CLUSTER_NAME` to filter and sort key.
+* `github.com/aws/aws-sdk-go-v2/service/mediaconvert`: [v1.42.0](service/mediaconvert/CHANGELOG.md#v1420-2023-09-22)
+  * **Feature**: This release supports the creation of of audio-only tracks in CMAF output groups.
+
+# Release (2023-09-20)
+
+## General Highlights
+* **Dependency Update**: Updated to the latest SDK module versions
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/appconfig`: [v1.20.0](service/appconfig/CHANGELOG.md#v1200-2023-09-20)
+  * **Feature**: Enabling boto3 paginators for list APIs and adding documentation around ServiceQuotaExceededException errors
+* `github.com/aws/aws-sdk-go-v2/service/apprunner`: [v1.20.0](service/apprunner/CHANGELOG.md#v1200-2023-09-20)
+  * **Feature**: This release adds improvements for managing App Runner auto scaling configuration resources. New APIs: UpdateDefaultAutoScalingConfiguration and ListServicesForAutoScalingConfiguration. Updated API: DeleteAutoScalingConfiguration.
+* `github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs`: [v1.24.0](service/cloudwatchlogs/CHANGELOG.md#v1240-2023-09-20)
+  * **Feature**: Add ClientToken to QueryDefinition CFN Handler in CWL
+* `github.com/aws/aws-sdk-go-v2/service/codeartifact`: [v1.20.0](service/codeartifact/CHANGELOG.md#v1200-2023-09-20)
+  * **Feature**: Add support for the Swift package format.
+* `github.com/aws/aws-sdk-go-v2/service/kinesisvideo`: [v1.18.4](service/kinesisvideo/CHANGELOG.md#v1184-2023-09-20)
+  * **Documentation**: Updated DescribeMediaStorageConfiguration, StartEdgeConfigurationUpdate, ImageGenerationConfiguration$SamplingInterval, and UpdateMediaStorageConfiguration to match AWS Docs.
+* `github.com/aws/aws-sdk-go-v2/service/s3`: [v1.39.0](service/s3/CHANGELOG.md#v1390-2023-09-20)
+  * **Feature**: Fix an issue where the SDK can fail to unmarshall response due to NumberFormatException
+* `github.com/aws/aws-sdk-go-v2/service/servicediscovery`: [v1.24.0](service/servicediscovery/CHANGELOG.md#v1240-2023-09-20)
+  * **Feature**: Adds a new DiscoverInstancesRevision API and also adds InstanceRevision field to the DiscoverInstances API response.
+* `github.com/aws/aws-sdk-go-v2/service/ssooidc`: [v1.17.0](service/ssooidc/CHANGELOG.md#v1170-2023-09-20)
+  * **Feature**: Update FIPS endpoints in aws-us-gov.
+
+# Release (2023-09-19)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/ec2`: [v1.119.0](service/ec2/CHANGELOG.md#v11190-2023-09-19)
+  * **Feature**: This release adds support for C7i, and R7a instance types.
+* `github.com/aws/aws-sdk-go-v2/service/outposts`: [v1.30.0](service/outposts/CHANGELOG.md#v1300-2023-09-19)
+  * **Feature**: This release adds the InstanceFamilies field to the ListAssets response.
+* `github.com/aws/aws-sdk-go-v2/service/sagemaker`: [v1.107.0](service/sagemaker/CHANGELOG.md#v11070-2023-09-19)
+  * **Feature**: This release adds support for one-time model monitoring schedules that are executed immediately without delay, explicit data analysis windows for model monitoring schedules and exclude features attributes to remove features from model monitor analysis.
+
+# Release (2023-09-18)
+
+## General Highlights
+* **Feature**: Adds several endpoint ruleset changes across all models: smaller rulesets, removed non-unique regional endpoints, fixes FIPS and DualStack endpoints, and make region not required in SDK::Endpoint. Additional breakfix to cognito-sync field.
+* **Dependency Update**: Updated to the latest SDK module versions
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/accessanalyzer`: [v1.21.0](service/accessanalyzer/CHANGELOG.md#v1210-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/acm`: [v1.19.0](service/acm/CHANGELOG.md#v1190-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/amplify`: [v1.15.0](service/amplify/CHANGELOG.md#v1150-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/apigatewaymanagementapi`: [v1.13.0](service/apigatewaymanagementapi/CHANGELOG.md#v1130-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/appconfig`: [v1.19.0](service/appconfig/CHANGELOG.md#v1190-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/appconfigdata`: [v1.8.0](service/appconfigdata/CHANGELOG.md#v180-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/appfabric`: [v1.2.0](service/appfabric/CHANGELOG.md#v120-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/appintegrations`: [v1.17.0](service/appintegrations/CHANGELOG.md#v1170-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/applicationcostprofiler`: [v1.12.0](service/applicationcostprofiler/CHANGELOG.md#v1120-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/appmesh`: [v1.19.0](service/appmesh/CHANGELOG.md#v1190-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/arczonalshift`: [v1.3.0](service/arczonalshift/CHANGELOG.md#v130-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/autoscalingplans`: [v1.15.0](service/autoscalingplans/CHANGELOG.md#v1150-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/backupgateway`: [v1.11.0](service/backupgateway/CHANGELOG.md#v1110-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/backupstorage`: [v1.3.0](service/backupstorage/CHANGELOG.md#v130-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/braket`: [v1.19.0](service/braket/CHANGELOG.md#v1190-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/chimesdkvoice`: [v1.9.0](service/chimesdkvoice/CHANGELOG.md#v190-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/clouddirectory`: [v1.15.0](service/clouddirectory/CHANGELOG.md#v1150-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/cloudhsmv2`: [v1.16.0](service/cloudhsmv2/CHANGELOG.md#v1160-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/cloudsearch`: [v1.16.0](service/cloudsearch/CHANGELOG.md#v1160-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/cloudsearchdomain`: [v1.14.0](service/cloudsearchdomain/CHANGELOG.md#v1140-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/cloudtraildata`: [v1.2.0](service/cloudtraildata/CHANGELOG.md#v120-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/codebuild`: [v1.22.0](service/codebuild/CHANGELOG.md#v1220-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/codedeploy`: [v1.18.0](service/codedeploy/CHANGELOG.md#v1180-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/codeguruprofiler`: [v1.15.0](service/codeguruprofiler/CHANGELOG.md#v1150-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/codegurureviewer`: [v1.19.0](service/codegurureviewer/CHANGELOG.md#v1190-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/codegurusecurity`: [v1.2.0](service/codegurusecurity/CHANGELOG.md#v120-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/codestar`: [v1.15.0](service/codestar/CHANGELOG.md#v1150-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/codestarnotifications`: [v1.16.0](service/codestarnotifications/CHANGELOG.md#v1160-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/cognitoidentity`: [v1.17.0](service/cognitoidentity/CHANGELOG.md#v1170-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/cognitosync`: [v1.14.0](service/cognitosync/CHANGELOG.md#v1140-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/connectcases`: [v1.7.0](service/connectcases/CHANGELOG.md#v170-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/connectcontactlens`: [v1.15.0](service/connectcontactlens/CHANGELOG.md#v1150-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/controltower`: [v1.3.0](service/controltower/CHANGELOG.md#v130-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/databrew`: [v1.23.0](service/databrew/CHANGELOG.md#v1230-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/dataexchange`: [v1.21.0](service/dataexchange/CHANGELOG.md#v1210-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/datapipeline`: [v1.16.0](service/datapipeline/CHANGELOG.md#v1160-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/dax`: [v1.14.0](service/dax/CHANGELOG.md#v1140-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/devicefarm`: [v1.17.0](service/devicefarm/CHANGELOG.md#v1170-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/docdbelastic`: [v1.3.0](service/docdbelastic/CHANGELOG.md#v130-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/ec2instanceconnect`: [v1.17.0](service/ec2instanceconnect/CHANGELOG.md#v1170-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/ecrpublic`: [v1.18.0](service/ecrpublic/CHANGELOG.md#v1180-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/elasticbeanstalk`: [v1.17.0](service/elasticbeanstalk/CHANGELOG.md#v1170-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/elasticloadbalancing`: [v1.17.0](service/elasticloadbalancing/CHANGELOG.md#v1170-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/elastictranscoder`: [v1.16.0](service/elastictranscoder/CHANGELOG.md#v1160-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/evidently`: [v1.13.0](service/evidently/CHANGELOG.md#v1130-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/finspacedata`: [v1.16.0](service/finspacedata/CHANGELOG.md#v1160-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/fis`: [v1.16.0](service/fis/CHANGELOG.md#v1160-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/forecast`: [v1.27.0](service/forecast/CHANGELOG.md#v1270-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/forecastquery`: [v1.15.0](service/forecastquery/CHANGELOG.md#v1150-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/gamesparks`: [v1.4.0](service/gamesparks/CHANGELOG.md#v140-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/glacier`: [v1.16.0](service/glacier/CHANGELOG.md#v1160-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/greengrass`: [v1.17.0](service/greengrass/CHANGELOG.md#v1170-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/greengrassv2`: [v1.24.0](service/greengrassv2/CHANGELOG.md#v1240-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/honeycode`: [v1.15.0](service/honeycode/CHANGELOG.md#v1150-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/inspector`: [v1.15.0](service/inspector/CHANGELOG.md#v1150-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/iot1clickdevicesservice`: [v1.13.0](service/iot1clickdevicesservice/CHANGELOG.md#v1130-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/iot1clickprojects`: [v1.14.0](service/iot1clickprojects/CHANGELOG.md#v1140-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/iotanalytics`: [v1.16.0](service/iotanalytics/CHANGELOG.md#v1160-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/iotevents`: [v1.17.0](service/iotevents/CHANGELOG.md#v1170-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/ioteventsdata`: [v1.15.0](service/ioteventsdata/CHANGELOG.md#v1150-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/iotfleethub`: [v1.15.0](service/iotfleethub/CHANGELOG.md#v1150-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/iotjobsdataplane`: [v1.14.0](service/iotjobsdataplane/CHANGELOG.md#v1140-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/iotroborunner`: [v1.3.0](service/iotroborunner/CHANGELOG.md#v130-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/iotsecuretunneling`: [v1.17.0](service/iotsecuretunneling/CHANGELOG.md#v1170-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/iotthingsgraph`: [v1.16.0](service/iotthingsgraph/CHANGELOG.md#v1160-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/ivschat`: [v1.6.0](service/ivschat/CHANGELOG.md#v160-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/kendraranking`: [v1.2.0](service/kendraranking/CHANGELOG.md#v120-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/kinesis`: [v1.19.0](service/kinesis/CHANGELOG.md#v1190-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/kinesisanalytics`: [v1.16.0](service/kinesisanalytics/CHANGELOG.md#v1160-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/kinesisvideoarchivedmedia`: [v1.17.0](service/kinesisvideoarchivedmedia/CHANGELOG.md#v1170-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/kinesisvideomedia`: [v1.13.0](service/kinesisvideomedia/CHANGELOG.md#v1130-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/kinesisvideosignaling`: [v1.13.0](service/kinesisvideosignaling/CHANGELOG.md#v1130-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/kinesisvideowebrtcstorage`: [v1.4.0](service/kinesisvideowebrtcstorage/CHANGELOG.md#v140-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/lexmodelbuildingservice`: [v1.19.0](service/lexmodelbuildingservice/CHANGELOG.md#v1190-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/lexruntimeservice`: [v1.15.0](service/lexruntimeservice/CHANGELOG.md#v1150-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/lexruntimev2`: [v1.19.0](service/lexruntimev2/CHANGELOG.md#v1190-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/licensemanager`: [v1.20.0](service/licensemanager/CHANGELOG.md#v1200-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/licensemanagerlinuxsubscriptions`: [v1.3.0](service/licensemanagerlinuxsubscriptions/CHANGELOG.md#v130-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/licensemanagerusersubscriptions`: [v1.4.0](service/licensemanagerusersubscriptions/CHANGELOG.md#v140-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/lookoutmetrics`: [v1.21.0](service/lookoutmetrics/CHANGELOG.md#v1210-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/lookoutvision`: [v1.17.0](service/lookoutvision/CHANGELOG.md#v1170-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/machinelearning`: [v1.17.0](service/machinelearning/CHANGELOG.md#v1170-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/macie`: [v1.17.0](service/macie/CHANGELOG.md#v1170-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/macie2`: [v1.29.7](service/macie2/CHANGELOG.md#v1297-2023-09-18)
+  * **Documentation**: This release changes the default managedDataIdentifierSelector setting for new classification jobs to RECOMMENDED. By default, new classification jobs now use the recommended set of managed data identifiers.
+* `github.com/aws/aws-sdk-go-v2/service/marketplacecommerceanalytics`: [v1.14.0](service/marketplacecommerceanalytics/CHANGELOG.md#v1140-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/marketplaceentitlementservice`: [v1.14.0](service/marketplaceentitlementservice/CHANGELOG.md#v1140-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/marketplacemetering`: [v1.16.0](service/marketplacemetering/CHANGELOG.md#v1160-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/mediapackagev2`: [v1.2.0](service/mediapackagev2/CHANGELOG.md#v120-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/mediapackagevod`: [v1.24.0](service/mediapackagevod/CHANGELOG.md#v1240-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/mediastore`: [v1.15.0](service/mediastore/CHANGELOG.md#v1150-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/mediastoredata`: [v1.15.0](service/mediastoredata/CHANGELOG.md#v1150-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/medicalimaging`: [v1.2.0](service/medicalimaging/CHANGELOG.md#v120-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/migrationhub`: [v1.15.0](service/migrationhub/CHANGELOG.md#v1150-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/migrationhubconfig`: [v1.15.0](service/migrationhubconfig/CHANGELOG.md#v1150-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/migrationhuborchestrator`: [v1.3.0](service/migrationhuborchestrator/CHANGELOG.md#v130-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/migrationhubstrategy`: [v1.11.0](service/migrationhubstrategy/CHANGELOG.md#v1110-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/mobile`: [v1.14.0](service/mobile/CHANGELOG.md#v1140-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/mturk`: [v1.16.0](service/mturk/CHANGELOG.md#v1160-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/neptune`: [v1.22.0](service/neptune/CHANGELOG.md#v1220-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/networkmanager`: [v1.19.0](service/networkmanager/CHANGELOG.md#v1190-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/nimble`: [v1.18.0](service/nimble/CHANGELOG.md#v1180-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/oam`: [v1.3.0](service/oam/CHANGELOG.md#v130-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/opensearchserverless`: [v1.5.0](service/opensearchserverless/CHANGELOG.md#v150-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/opsworks`: [v1.16.0](service/opsworks/CHANGELOG.md#v1160-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/opsworkscm`: [v1.17.0](service/opsworkscm/CHANGELOG.md#v1170-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/osis`: [v1.2.0](service/osis/CHANGELOG.md#v120-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/panorama`: [v1.13.0](service/panorama/CHANGELOG.md#v1130-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/paymentcryptography`: [v1.2.0](service/paymentcryptography/CHANGELOG.md#v120-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/personalizeevents`: [v1.15.0](service/personalizeevents/CHANGELOG.md#v1150-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/personalizeruntime`: [v1.15.0](service/personalizeruntime/CHANGELOG.md#v1150-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/pinpointemail`: [v1.14.0](service/pinpointemail/CHANGELOG.md#v1140-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/pinpointsmsvoice`: [v1.13.0](service/pinpointsmsvoice/CHANGELOG.md#v1130-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/pinpointsmsvoicev2`: [v1.3.0](service/pinpointsmsvoicev2/CHANGELOG.md#v130-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/pipes`: [v1.4.0](service/pipes/CHANGELOG.md#v140-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/qldbsession`: [v1.16.0](service/qldbsession/CHANGELOG.md#v1160-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/rbin`: [v1.10.0](service/rbin/CHANGELOG.md#v1100-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/rdsdata`: [v1.15.0](service/rdsdata/CHANGELOG.md#v1150-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/redshiftserverless`: [v1.6.0](service/redshiftserverless/CHANGELOG.md#v160-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/resourceexplorer2`: [v1.4.0](service/resourceexplorer2/CHANGELOG.md#v140-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/resourcegroups`: [v1.16.0](service/resourcegroups/CHANGELOG.md#v1160-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/resourcegroupstaggingapi`: [v1.16.0](service/resourcegroupstaggingapi/CHANGELOG.md#v1160-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/robomaker`: [v1.20.0](service/robomaker/CHANGELOG.md#v1200-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/route53recoverycluster`: [v1.13.0](service/route53recoverycluster/CHANGELOG.md#v1130-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/route53recoverycontrolconfig`: [v1.13.0](service/route53recoverycontrolconfig/CHANGELOG.md#v1130-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/route53recoveryreadiness`: [v1.11.0](service/route53recoveryreadiness/CHANGELOG.md#v1110-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/route53resolver`: [v1.20.0](service/route53resolver/CHANGELOG.md#v1200-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/rum`: [v1.12.0](service/rum/CHANGELOG.md#v1120-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/s3outposts`: [v1.18.0](service/s3outposts/CHANGELOG.md#v1180-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/sagemakera2iruntime`: [v1.17.0](service/sagemakera2iruntime/CHANGELOG.md#v1170-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/sagemakeredge`: [v1.15.0](service/sagemakeredge/CHANGELOG.md#v1150-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/sagemakergeospatial`: [v1.5.0](service/sagemakergeospatial/CHANGELOG.md#v150-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/sagemakermetrics`: [v1.2.0](service/sagemakermetrics/CHANGELOG.md#v120-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/scheduler`: [v1.3.0](service/scheduler/CHANGELOG.md#v130-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/schemas`: [v1.17.0](service/schemas/CHANGELOG.md#v1170-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/serverlessapplicationrepository`: [v1.14.0](service/serverlessapplicationrepository/CHANGELOG.md#v1140-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/servicecatalogappregistry`: [v1.19.0](service/servicecatalogappregistry/CHANGELOG.md#v1190-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/servicediscovery`: [v1.23.0](service/servicediscovery/CHANGELOG.md#v1230-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/shield`: [v1.20.0](service/shield/CHANGELOG.md#v1200-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/sms`: [v1.15.0](service/sms/CHANGELOG.md#v1150-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/snowdevicemanagement`: [v1.11.0](service/snowdevicemanagement/CHANGELOG.md#v1110-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/sns`: [v1.22.0](service/sns/CHANGELOG.md#v1220-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/ssmcontacts`: [v1.17.0](service/ssmcontacts/CHANGELOG.md#v1170-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/ssmincidents`: [v1.23.0](service/ssmincidents/CHANGELOG.md#v1230-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/ssmsap`: [v1.5.0](service/ssmsap/CHANGELOG.md#v150-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/sso`: [v1.14.0](service/sso/CHANGELOG.md#v1140-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/ssooidc`: [v1.16.0](service/ssooidc/CHANGELOG.md#v1160-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/storagegateway`: [v1.20.0](service/storagegateway/CHANGELOG.md#v1200-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/sts`: [v1.22.0](service/sts/CHANGELOG.md#v1220-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/supportapp`: [v1.4.0](service/supportapp/CHANGELOG.md#v140-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/synthetics`: [v1.19.0](service/synthetics/CHANGELOG.md#v1190-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/textract`: [v1.23.0](service/textract/CHANGELOG.md#v1230-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/timestreamquery`: [v1.17.0](service/timestreamquery/CHANGELOG.md#v1170-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/timestreamwrite`: [v1.19.0](service/timestreamwrite/CHANGELOG.md#v1190-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/tnb`: [v1.3.0](service/tnb/CHANGELOG.md#v130-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/transcribestreaming`: [v1.11.0](service/transcribestreaming/CHANGELOG.md#v1110-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/voiceid`: [v1.15.0](service/voiceid/CHANGELOG.md#v1150-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/waf`: [v1.14.0](service/waf/CHANGELOG.md#v1140-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/wafregional`: [v1.15.0](service/wafregional/CHANGELOG.md#v1150-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/workdocs`: [v1.16.0](service/workdocs/CHANGELOG.md#v1160-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/worklink`: [v1.15.0](service/worklink/CHANGELOG.md#v1150-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/workmail`: [v1.20.0](service/workmail/CHANGELOG.md#v1200-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+  * **Feature**: This release includes four new APIs UpdateUser, UpdateGroup, ListGroupsForEntity and DescribeEntity, along with RemoteUsers and some enhancements to existing APIs.
+* `github.com/aws/aws-sdk-go-v2/service/workmailmessageflow`: [v1.14.0](service/workmailmessageflow/CHANGELOG.md#v1140-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+
+# Release (2023-09-15)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/appstream`: [v1.24.0](service/appstream/CHANGELOG.md#v1240-2023-09-15)
+  * **Feature**: This release introduces app block builder, allowing customers to provision a resource to package applications into an app block
+* `github.com/aws/aws-sdk-go-v2/service/connect`: [v1.67.0](service/connect/CHANGELOG.md#v1670-2023-09-15)
+  * **Feature**: New rule type (OnMetricDataUpdate) has been added
+* `github.com/aws/aws-sdk-go-v2/service/datasync`: [v1.29.1](service/datasync/CHANGELOG.md#v1291-2023-09-15)
+  * **Documentation**: Documentation-only updates for AWS DataSync.
+* `github.com/aws/aws-sdk-go-v2/service/sagemaker`: [v1.106.0](service/sagemaker/CHANGELOG.md#v11060-2023-09-15)
+  * **Feature**: This release introduces Skip Model Validation for Model Packages
+
+# Release (2023-09-14)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/appstream`: [v1.23.0](service/appstream/CHANGELOG.md#v1230-2023-09-14)
+  * **Feature**: This release introduces multi-session fleets, allowing customers to provision more than one user session on a single fleet instance.
+* `github.com/aws/aws-sdk-go-v2/service/cloudformation`: [v1.34.6](service/cloudformation/CHANGELOG.md#v1346-2023-09-14)
+  * **Documentation**: Documentation updates for AWS CloudFormation
+* `github.com/aws/aws-sdk-go-v2/service/entityresolution`: [v1.2.0](service/entityresolution/CHANGELOG.md#v120-2023-09-14)
+  * **Feature**: Changed "ResolutionTechniques" and "MappedInputFields" in workflow and schema mapping operations to be required fields.
+* `github.com/aws/aws-sdk-go-v2/service/lookoutequipment`: [v1.19.0](service/lookoutequipment/CHANGELOG.md#v1190-2023-09-14)
+  * **Feature**: This release adds APIs for the new scheduled retraining feature.
+
+# Release (2023-09-13)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/cloud9`: [v1.18.8](service/cloud9/CHANGELOG.md#v1188-2023-09-13)
+  * **Documentation**: Update to include information on Ubuntu 18 deprecation.
+* `github.com/aws/aws-sdk-go-v2/service/drs`: [v1.16.0](service/drs/CHANGELOG.md#v1160-2023-09-13)
+  * **Feature**: Updated existing APIs and added new ones to support using AWS Elastic Disaster Recovery post-launch actions. Added support for new regions.
+* `github.com/aws/aws-sdk-go-v2/service/firehose`: [v1.18.0](service/firehose/CHANGELOG.md#v1180-2023-09-13)
+  * **Feature**: DocumentIdOptions has been added for the Amazon OpenSearch destination.
+* `github.com/aws/aws-sdk-go-v2/service/guardduty`: [v1.27.0](service/guardduty/CHANGELOG.md#v1270-2023-09-13)
+  * **Feature**: Add `managementType` field to ListCoverage API response.
+* `github.com/aws/aws-sdk-go-v2/service/internetmonitor`: [v1.6.0](service/internetmonitor/CHANGELOG.md#v160-2023-09-13)
+  * **Feature**: This release updates the Amazon CloudWatch Internet Monitor API domain name.
+* `github.com/aws/aws-sdk-go-v2/service/ivsrealtime`: [v1.4.4](service/ivsrealtime/CHANGELOG.md#v144-2023-09-13)
+  * **Documentation**: Doc only update that changes description for ParticipantToken.
+* `github.com/aws/aws-sdk-go-v2/service/simspaceweaver`: [v1.5.1](service/simspaceweaver/CHANGELOG.md#v151-2023-09-13)
+  * **Documentation**: Edited the introductory text for the API reference.
+* `github.com/aws/aws-sdk-go-v2/service/xray`: [v1.18.0](service/xray/CHANGELOG.md#v1180-2023-09-13)
+  * **Feature**: Add StartTime field in GetTraceSummaries API response for each TraceSummary.
+
+# Release (2023-09-12)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/ec2`: [v1.118.0](service/ec2/CHANGELOG.md#v11180-2023-09-12)
+  * **Feature**: This release adds support for restricting public sharing of AMIs through AMI Block Public Access
+* `github.com/aws/aws-sdk-go-v2/service/eventbridge`: [v1.22.0](service/eventbridge/CHANGELOG.md#v1220-2023-09-12)
+  * **Feature**: Adds sensitive trait to various shapes in Jetstream Connections API model.
+* `github.com/aws/aws-sdk-go-v2/service/kendra`: [v1.43.0](service/kendra/CHANGELOG.md#v1430-2023-09-12)
+  * **Feature**: Amazon Kendra now supports confidence score buckets for retrieved passage results using the Retrieve API.
+
+# Release (2023-09-11)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/ecr`: [v1.20.0](service/ecr/CHANGELOG.md#v1200-2023-09-11)
+  * **Feature**: This release will have ValidationException be thrown from ECR LifecyclePolicy APIs in regions LifecyclePolicy is not supported, this includes existing Amazon Dedicated Cloud (ADC) regions. This release will also change Tag: TagValue and Tag: TagKey to required.
+* `github.com/aws/aws-sdk-go-v2/service/medialive`: [v1.37.0](service/medialive/CHANGELOG.md#v1370-2023-09-11)
+  * **Feature**: AWS Elemental Link now supports attaching a Link UHD device to a MediaConnect flow.
+* `github.com/aws/aws-sdk-go-v2/service/quicksight`: [v1.43.0](service/quicksight/CHANGELOG.md#v1430-2023-09-11)
+  * **Feature**: This release launches new updates to QuickSight KPI visuals - support for sparklines, new templated layout and new targets for conditional formatting rules.
+
+# Release (2023-09-08)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/fsx`: [v1.32.6](service/fsx/CHANGELOG.md#v1326-2023-09-08)
+  * **Documentation**: Amazon FSx documentation fixes
+* `github.com/aws/aws-sdk-go-v2/service/sagemaker`: [v1.105.0](service/sagemaker/CHANGELOG.md#v11050-2023-09-08)
+  * **Feature**: Autopilot APIs will now support holiday featurization for Timeseries models. The models will now hold holiday metadata and should be able to accommodate holiday effect during inference.
+* `github.com/aws/aws-sdk-go-v2/service/ssoadmin`: [v1.18.0](service/ssoadmin/CHANGELOG.md#v1180-2023-09-08)
+  * **Feature**: Content updates to IAM Identity Center API for China Regions.
+* `github.com/aws/aws-sdk-go-v2/service/workspaces`: [v1.30.0](service/workspaces/CHANGELOG.md#v1300-2023-09-08)
+  * **Feature**: A new field "ErrorDetails" will be added to the output of "DescribeWorkspaceImages" API call. This field provides in-depth details about the error occurred during image import process. These details include the possible causes of the errors and troubleshooting information.
+
+# Release (2023-09-07)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/securityhub`: [v1.36.2](service/securityhub/CHANGELOG.md#v1362-2023-09-07)
+  * **Documentation**: Documentation updates for AWS Security Hub
+* `github.com/aws/aws-sdk-go-v2/service/simspaceweaver`: [v1.5.0](service/simspaceweaver/CHANGELOG.md#v150-2023-09-07)
+  * **Feature**: BucketName and ObjectKey are now required for the S3Location data type. BucketName is now required for the S3Destination data type.
+
+# Release (2023-09-06)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/appflow`: [v1.35.0](service/appflow/CHANGELOG.md#v1350-2023-09-06)
+  * **Feature**: Adding OAuth2.0 support for servicenow connector.
+* `github.com/aws/aws-sdk-go-v2/service/ec2`: [v1.117.0](service/ec2/CHANGELOG.md#v11170-2023-09-06)
+  * **Feature**: This release adds 'outpost' location type to the DescribeInstanceTypeOfferings API, allowing customers that have been allowlisted for outpost to query their offerings in the API.
+* `github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2`: [v1.21.4](service/elasticloadbalancingv2/CHANGELOG.md#v1214-2023-09-06)
+  * **Documentation**: This release enables default UDP connection termination and disabling unhealthy target connection termination for Network Load Balancers.
+* `github.com/aws/aws-sdk-go-v2/service/medialive`: [v1.36.0](service/medialive/CHANGELOG.md#v1360-2023-09-06)
+  * **Feature**: Adds advanced Output Locking options for Epoch Locking: Custom Epoch and Jam Sync Time
+* `github.com/aws/aws-sdk-go-v2/service/wafv2`: [v1.38.0](service/wafv2/CHANGELOG.md#v1380-2023-09-06)
+  * **Feature**: The targeted protection level of the Bot Control managed rule group now provides optional, machine-learning analysis of traffic statistics to detect some bot-related activity. You can enable or disable the machine learning functionality through the API.
+
+# Release (2023-09-05)
+
+## General Highlights
+* **Dependency Update**: Updated to the latest SDK module versions
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/billingconductor`: [v1.9.0](service/billingconductor/CHANGELOG.md#v190-2023-09-05)
+  * **Feature**: This release adds support for line item filtering in for the custom line item resource.
+* `github.com/aws/aws-sdk-go-v2/service/cloud9`: [v1.18.7](service/cloud9/CHANGELOG.md#v1187-2023-09-05)
+  * **Documentation**: Added support for Ubuntu 22.04 that was not picked up in a previous Trebuchet request. Doc-only update.
+* `github.com/aws/aws-sdk-go-v2/service/computeoptimizer`: [v1.27.0](service/computeoptimizer/CHANGELOG.md#v1270-2023-09-05)
+  * **Feature**: This release adds support to provide recommendations for G4dn and P3 instances that use NVIDIA GPUs.
+* `github.com/aws/aws-sdk-go-v2/service/ec2`: [v1.116.0](service/ec2/CHANGELOG.md#v11160-2023-09-05)
+  * **Feature**: Introducing Amazon EC2 C7gd, M7gd, and R7gd Instances with up to 3.8 TB of local NVMe-based SSD block-level storage. These instances are powered by AWS Graviton3 processors, delivering up to 25% better performance over Graviton2-based instances.
+* `github.com/aws/aws-sdk-go-v2/service/ecs`: [v1.30.1](service/ecs/CHANGELOG.md#v1301-2023-09-05)
+  * **Documentation**: Documentation only update for Amazon ECS.
+* `github.com/aws/aws-sdk-go-v2/service/eventbridge`: [v1.21.0](service/eventbridge/CHANGELOG.md#v1210-2023-09-05)
+  * **Feature**: Improve Endpoint Ruleset test coverage.
+* `github.com/aws/aws-sdk-go-v2/service/rds`: [v1.54.0](service/rds/CHANGELOG.md#v1540-2023-09-05)
+  * **Feature**: Add support for feature integration with AWS Backup.
+* `github.com/aws/aws-sdk-go-v2/service/sagemaker`: [v1.104.0](service/sagemaker/CHANGELOG.md#v11040-2023-09-05)
+  * **Feature**: SageMaker Neo now supports data input shape derivation for Pytorch 2.0  and XGBoost compilation job for cloud instance targets. You can skip DataInputConfig field during compilation job creation. You can also access derived information from model in DescribeCompilationJob response.
+* `github.com/aws/aws-sdk-go-v2/service/vpclattice`: [v1.2.0](service/vpclattice/CHANGELOG.md#v120-2023-09-05)
+  * **Feature**: This release adds Lambda event structure version config support for LAMBDA target groups. It also adds newline support for auth policies.
+
+# Release (2023-09-01)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/chimesdkmediapipelines`: [v1.8.0](service/chimesdkmediapipelines/CHANGELOG.md#v180-2023-09-01)
+  * **Feature**: This release adds support for the Voice Analytics feature for customer-owned KVS streams as part of the Amazon Chime SDK call analytics.
+* `github.com/aws/aws-sdk-go-v2/service/connect`: [v1.66.0](service/connect/CHANGELOG.md#v1660-2023-09-01)
+  * **Feature**: Amazon Connect adds the ability to read, create, update, delete, and list view resources, and adds the ability to read, create, delete, and list view versions.
+* `github.com/aws/aws-sdk-go-v2/service/identitystore`: [v1.18.0](service/identitystore/CHANGELOG.md#v1180-2023-09-01)
+  * **Feature**: New Identity Store content for China Region launch
+* `github.com/aws/aws-sdk-go-v2/service/neptunedata`: [v1.0.1](service/neptunedata/CHANGELOG.md#v101-2023-09-01)
+  * **Documentation**: Removed the descriptive text in the introduction.
+
+# Release (2023-08-31)
+
+## General Highlights
+* **Dependency Update**: Updated to the latest SDK module versions
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/chimesdkmediapipelines`: [v1.7.0](service/chimesdkmediapipelines/CHANGELOG.md#v170-2023-08-31)
+  * **Feature**: This release adds support for feature Voice Enhancement for Call Recording as part of Amazon Chime SDK call analytics.
+* `github.com/aws/aws-sdk-go-v2/service/cloudhsm`: [v1.15.0](service/cloudhsm/CHANGELOG.md#v1150-2023-08-31)
+  * **Feature**: Deprecating CloudHSM Classic API Service.
+* `github.com/aws/aws-sdk-go-v2/service/cloudwatchevents`: [v1.17.0](service/cloudwatchevents/CHANGELOG.md#v1170-2023-08-31)
+  * **Feature**: Documentation updates for CloudWatch Events.
+* `github.com/aws/aws-sdk-go-v2/service/connectcampaigns`: [v1.4.0](service/connectcampaigns/CHANGELOG.md#v140-2023-08-31)
+  * **Feature**: Amazon Connect outbound campaigns has launched agentless dialing mode which enables customers to make automated outbound calls without agent engagement. This release updates three of the campaign management API's to support the new agentless dialing mode and the new dialing capacity field.
+* `github.com/aws/aws-sdk-go-v2/service/connectparticipant`: [v1.17.0](service/connectparticipant/CHANGELOG.md#v1170-2023-08-31)
+  * **Feature**: Amazon Connect Participant Service adds the ability to get a view resource using a view token, which is provided in a participant message, with the release of the DescribeView API.
+* `github.com/aws/aws-sdk-go-v2/service/customerprofiles`: [v1.28.0](service/customerprofiles/CHANGELOG.md#v1280-2023-08-31)
+  * **Feature**: Adds sensitive trait to various shapes in Customer Profiles API model.
+* `github.com/aws/aws-sdk-go-v2/service/ecs`: [v1.30.0](service/ecs/CHANGELOG.md#v1300-2023-08-31)
+  * **Feature**: This release adds support for an account-level setting that you can use to configure the number of days for AWS Fargate task retirement.
+* `github.com/aws/aws-sdk-go-v2/service/health`: [v1.19.0](service/health/CHANGELOG.md#v1190-2023-08-31)
+  * **Feature**: Adds new API DescribeEntityAggregatesForOrganization that retrieves entity aggregates across your organization. Also adds support for resource status filtering in DescribeAffectedEntitiesForOrganization, resource status aggregates in the DescribeEntityAggregates response, and new resource statuses.
+* `github.com/aws/aws-sdk-go-v2/service/ivs`: [v1.26.0](service/ivs/CHANGELOG.md#v1260-2023-08-31)
+  * **Feature**: Updated "type" description for CreateChannel, UpdateChannel, Channel, and ChannelSummary.
+* `github.com/aws/aws-sdk-go-v2/service/kafkaconnect`: [v1.11.0](service/kafkaconnect/CHANGELOG.md#v1110-2023-08-31)
+  * **Feature**: Minor model changes for Kafka Connect as well as endpoint updates.
+* `github.com/aws/aws-sdk-go-v2/service/paymentcryptographydata`: [v1.2.0](service/paymentcryptographydata/CHANGELOG.md#v120-2023-08-31)
+  * **Feature**: Make KeyCheckValue field optional when using asymmetric keys as Key Check Values typically only apply to symmetric keys
+* `github.com/aws/aws-sdk-go-v2/service/sagemakerruntime`: [v1.21.0](service/sagemakerruntime/CHANGELOG.md#v1210-2023-08-31)
+  * **Feature**: This release adds a new InvokeEndpointWithResponseStream API to support streaming of model responses.
+
+# Release (2023-08-30)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/appflow`: [v1.34.0](service/appflow/CHANGELOG.md#v1340-2023-08-30)
+  * **Feature**: Add SAP source connector parallel and pagination feature
+* `github.com/aws/aws-sdk-go-v2/service/apprunner`: [v1.19.0](service/apprunner/CHANGELOG.md#v1190-2023-08-30)
+  * **Feature**: App Runner adds support for Bitbucket. You can now create App Runner connection that connects to your Bitbucket repositories and deploy App Runner service with the source code stored in a Bitbucket repository.
+* `github.com/aws/aws-sdk-go-v2/service/cleanrooms`: [v1.4.0](service/cleanrooms/CHANGELOG.md#v140-2023-08-30)
+  * **Feature**: This release decouples member abilities in a collaboration. With this change, the member who can run queries no longer needs to be the same as the member who can receive results.
+* `github.com/aws/aws-sdk-go-v2/service/datasync`: [v1.29.0](service/datasync/CHANGELOG.md#v1290-2023-08-30)
+  * **Feature**: AWS DataSync introduces Task Reports, a new feature that provides detailed reports of data transfer operations for each task execution.
+* `github.com/aws/aws-sdk-go-v2/service/neptunedata`: [v1.0.0](service/neptunedata/CHANGELOG.md#v100-2023-08-30)
+  * **Release**: New AWS service client module
+  * **Feature**: Allows customers to execute data plane actions like bulk loading graphs, issuing graph queries using Gremlin and openCypher directly from the SDK.
+* `github.com/aws/aws-sdk-go-v2/service/networkfirewall`: [v1.30.0](service/networkfirewall/CHANGELOG.md#v1300-2023-08-30)
+  * **Feature**: Network Firewall increasing pagination token string length
+* `github.com/aws/aws-sdk-go-v2/service/pcaconnectorad`: [v1.0.0](service/pcaconnectorad/CHANGELOG.md#v100-2023-08-30)
+  * **Release**: New AWS service client module
+  * **Feature**: The Connector for AD allows you to use a fully-managed AWS Private CA as a drop-in replacement for your self-managed enterprise CAs without local agents or proxy servers. Enterprises that use AD to manage Windows environments can reduce their private certificate authority (CA) costs and complexity.
+* `github.com/aws/aws-sdk-go-v2/service/sagemaker`: [v1.103.0](service/sagemaker/CHANGELOG.md#v11030-2023-08-30)
+  * **Feature**: Amazon SageMaker Canvas adds IdentityProviderOAuthSettings support for CanvasAppSettings
+
+# Release (2023-08-29)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider`: [v1.26.0](service/cognitoidentityprovider/CHANGELOG.md#v1260-2023-08-29)
+  * **Feature**: Added API example requests and responses for several operations. Fixed the validation regex for user pools Identity Provider name.
+* `github.com/aws/aws-sdk-go-v2/service/fsx`: [v1.32.5](service/fsx/CHANGELOG.md#v1325-2023-08-29)
+  * **Documentation**: Documentation updates for project quotas.
+* `github.com/aws/aws-sdk-go-v2/service/omics`: [v1.9.0](service/omics/CHANGELOG.md#v190-2023-08-29)
+  * **Feature**: Add RetentionMode support for Runs.
+* `github.com/aws/aws-sdk-go-v2/service/sesv2`: [v1.20.0](service/sesv2/CHANGELOG.md#v1200-2023-08-29)
+  * **Feature**: Adds support for the new Export and Message Insights features: create, get, list and cancel export jobs; get message insights.
+
+# Release (2023-08-28)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/backup`: [v1.25.0](service/backup/CHANGELOG.md#v1250-2023-08-28)
+  * **Feature**: Add support for customizing time zone for backup window in backup plan rules.
+* `github.com/aws/aws-sdk-go-v2/service/computeoptimizer`: [v1.26.0](service/computeoptimizer/CHANGELOG.md#v1260-2023-08-28)
+  * **Feature**: This release enables AWS Compute Optimizer to analyze and generate licensing optimization recommendations for sql server running on EC2 instances.
+* `github.com/aws/aws-sdk-go-v2/service/organizations`: [v1.20.6](service/organizations/CHANGELOG.md#v1206-2023-08-28)
+  * **Documentation**: Documentation updates for permissions and links.
+* `github.com/aws/aws-sdk-go-v2/service/securitylake`: [v1.7.0](service/securitylake/CHANGELOG.md#v170-2023-08-28)
+  * **Feature**: Remove incorrect regex enforcement on pagination tokens.
+* `github.com/aws/aws-sdk-go-v2/service/servicequotas`: [v1.16.0](service/servicequotas/CHANGELOG.md#v1160-2023-08-28)
+  * **Feature**: Service Quotas now supports viewing the applied quota value and requesting a quota increase for a specific resource in an AWS account.
+* `github.com/aws/aws-sdk-go-v2/service/workspacesweb`: [v1.12.0](service/workspacesweb/CHANGELOG.md#v1120-2023-08-28)
+  * **Feature**: WorkSpaces Web now enables Admins to configure which cookies are synchronized from an end-user's local browser to the in-session browser. In conjunction with a browser extension, this feature enables enhanced Single-Sign On capability by reducing the number of times an end-user has to authenticate.
+
+# Release (2023-08-25)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/cloudtrail`: [v1.29.0](service/cloudtrail/CHANGELOG.md#v1290-2023-08-25)
+  * **Feature**: Add ThrottlingException with error code 429 to handle CloudTrail Delegated Admin request rate exceeded on organization resources.
+* `github.com/aws/aws-sdk-go-v2/service/cloudwatch`: [v1.27.7](service/cloudwatch/CHANGELOG.md#v1277-2023-08-25)
+  * **Documentation**: Doc-only update to get doc bug fixes into the SDK docs
+
+# Release (2023-08-24)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/ec2`: [v1.115.0](service/ec2/CHANGELOG.md#v11150-2023-08-24)
+  * **Feature**: Amazon EC2 M7a instances, powered by 4th generation AMD EPYC processors, deliver up to 50% higher performance compared to M6a instances. Amazon EC2 Hpc7a instances, powered by 4th Gen AMD EPYC processors, deliver up to 2.5x better performance compared to Amazon EC2 Hpc6a instances.
+* `github.com/aws/aws-sdk-go-v2/service/glue`: [v1.62.0](service/glue/CHANGELOG.md#v1620-2023-08-24)
+  * **Feature**: Added API attributes that help in the monitoring of sessions.
+* `github.com/aws/aws-sdk-go-v2/service/mediaconvert`: [v1.41.0](service/mediaconvert/CHANGELOG.md#v1410-2023-08-24)
+  * **Feature**: This release includes additional audio channel tags in Quicktime outputs, support for film grain synthesis for AV1 outputs, ability to create audio-only FLAC outputs, and ability to specify Amazon S3 destination storage class.
+* `github.com/aws/aws-sdk-go-v2/service/medialive`: [v1.35.0](service/medialive/CHANGELOG.md#v1350-2023-08-24)
+  * **Feature**: MediaLive now supports passthrough of KLV data to a HLS output group with a TS container. MediaLive now supports setting an attenuation mode for AC3 audio when the coding mode is 3/2 LFE. MediaLive now supports specifying whether to include filler NAL units in RTMP output group settings.
+* `github.com/aws/aws-sdk-go-v2/service/mediatailor`: [v1.27.0](service/mediatailor/CHANGELOG.md#v1270-2023-08-24)
+  * **Feature**: Adds new source location AUTODETECT_SIGV4 access type.
+* `github.com/aws/aws-sdk-go-v2/service/quicksight`: [v1.42.0](service/quicksight/CHANGELOG.md#v1420-2023-08-24)
+  * **Feature**: Excel support in Snapshot Export APIs. Removed Required trait for some insight Computations. Namespace-shared Folders support. Global Filters support. Table pin Column support.
+* `github.com/aws/aws-sdk-go-v2/service/rds`: [v1.53.0](service/rds/CHANGELOG.md#v1530-2023-08-24)
+  * **Feature**: This release updates the supported versions for Percona XtraBackup in Aurora MySQL.
+* `github.com/aws/aws-sdk-go-v2/service/s3control`: [v1.33.0](service/s3control/CHANGELOG.md#v1330-2023-08-24)
+  * **Feature**: Updates to endpoint ruleset tests to address Smithy validation issues and standardize the capitalization of DualStack.
+* `github.com/aws/aws-sdk-go-v2/service/verifiedpermissions`: [v1.2.1](service/verifiedpermissions/CHANGELOG.md#v121-2023-08-24)
+  * **Documentation**: Documentation updates for Amazon Verified Permissions.
+
+# Release (2023-08-23)
+
+## General Highlights
+* **Dependency Update**: Updated to the latest SDK module versions
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/apigateway`: [v1.18.0](service/apigateway/CHANGELOG.md#v1180-2023-08-23)
+  * **Feature**: This release adds RootResourceId to GetRestApi response.
+* `github.com/aws/aws-sdk-go-v2/service/polly`: [v1.31.0](service/polly/CHANGELOG.md#v1310-2023-08-23)
+  * **Feature**: Amazon Polly adds 1 new voice - Zayd (ar-AE)
+
+# Release (2023-08-22)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/costexplorer`: [v1.28.0](service/costexplorer/CHANGELOG.md#v1280-2023-08-22)
+  * **Feature**: This release adds the LastUpdatedDate and LastUsedDate timestamps to help you manage your cost allocation tags.
+* `github.com/aws/aws-sdk-go-v2/service/globalaccelerator`: [v1.17.7](service/globalaccelerator/CHANGELOG.md#v1177-2023-08-22)
+  * **Documentation**: Global Accelerator now supports Client Ip Preservation for Network Load Balancer endpoints.
+* `github.com/aws/aws-sdk-go-v2/service/rds`: [v1.52.0](service/rds/CHANGELOG.md#v1520-2023-08-22)
+  * **Feature**: Adding parameters to CreateCustomDbEngineVersion reserved for future use.
+* `github.com/aws/aws-sdk-go-v2/service/verifiedpermissions`: [v1.2.0](service/verifiedpermissions/CHANGELOG.md#v120-2023-08-22)
+  * **Feature**: Documentation updates for Amazon Verified Permissions. Increases max results per page for ListPolicyStores, ListPolicies, and ListPolicyTemplates APIs from 20 to 50.
+
+# Release (2023-08-21)
+
+## General Highlights
+* **Dependency Update**: Updated to the latest SDK module versions
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2`: v1.21.0
+  * **Feature**: Add support for polly SynthesizeSpeech GET request presigner
+* `github.com/aws/aws-sdk-go-v2/service/cloud9`: [v1.18.6](service/cloud9/CHANGELOG.md#v1186-2023-08-21)
+  * **Documentation**: Doc only update to add Ubuntu 22.04 as an Image ID option for Cloud9
+* `github.com/aws/aws-sdk-go-v2/service/ec2`: [v1.114.0](service/ec2/CHANGELOG.md#v11140-2023-08-21)
+  * **Feature**: The DeleteKeyPair API has been updated to return the keyPairId when an existing key pair is deleted.
+* `github.com/aws/aws-sdk-go-v2/service/finspace`: [v1.12.0](service/finspace/CHANGELOG.md#v1120-2023-08-21)
+  * **Feature**: Allow customers to manage outbound traffic from their Kx Environment when attaching a transit gateway by providing network acl entries. Allow the customer to choose how they want to update the databases on a cluster allowing updates to possibly be faster than usual.
+* `github.com/aws/aws-sdk-go-v2/service/polly`: [v1.30.0](service/polly/CHANGELOG.md#v1300-2023-08-21)
+  * **Feature**: Add support for polly SynthesizeSpeech GET request presigner
+* `github.com/aws/aws-sdk-go-v2/service/rds`: [v1.51.0](service/rds/CHANGELOG.md#v1510-2023-08-21)
+  * **Feature**: Adding support for RDS Aurora Global Database Unplanned Failover
+* `github.com/aws/aws-sdk-go-v2/service/route53domains`: [v1.17.3](service/route53domains/CHANGELOG.md#v1173-2023-08-21)
+  * **Documentation**: Fixed typos in description fields
+
+# Release (2023-08-18)
+
+## General Highlights
+* **Dependency Update**: Updated to the latest SDK module versions
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/codecommit`: [v1.16.0](service/codecommit/CHANGELOG.md#v1160-2023-08-18)
+  * **Feature**: Add new ListFileCommitHistory operation to retrieve commits which introduced changes to a specific file.
+* `github.com/aws/aws-sdk-go-v2/service/securityhub`: [v1.36.0](service/securityhub/CHANGELOG.md#v1360-2023-08-18)
+  * **Feature**: Added Inspector Lambda code Vulnerability section to ASFF, including GeneratorDetails, EpssScore, ExploitAvailable, and CodeVulnerabilities.
+
+# Release (2023-08-17)
+
+## General Highlights
+* **Dependency Update**: Updated to the latest SDK module versions
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2`: v1.20.2
+  * **Bug Fix**: Sign `X-Amz-Server-Side-Encryption-Context` header to fix signing for PutObject requests that set `SSEKMSEncryptionContext`.
+* `github.com/aws/aws-sdk-go-v2/service/ec2`: [v1.113.0](service/ec2/CHANGELOG.md#v11130-2023-08-17)
+  * **Feature**: Adds support for SubnetConfigurations to allow users to select their own IPv4 and IPv6 addresses for Interface VPC endpoints
+* `github.com/aws/aws-sdk-go-v2/service/gamelift`: [v1.22.0](service/gamelift/CHANGELOG.md#v1220-2023-08-17)
+  * **Feature**: Amazon GameLift updates its instance types support.
+* `github.com/aws/aws-sdk-go-v2/service/s3control`: [v1.32.3](service/s3control/CHANGELOG.md#v1323-2023-08-17)
+  * **Announcement**: BREAKFIX: corrected function spelling in environment config from GetS3DisableMultRegionAccessPoints to GetS3DisableMultiRegionAccessPoints
+  * **Bug Fix**: Adds DisableMRAP option to config loader, and DisableMRAP client resolver to achieve parity with other S3 options in the config loader. Additionally, added breakfix to correct spelling.
+
+# Release (2023-08-16)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/cloudwatch`: [v1.27.3](service/cloudwatch/CHANGELOG.md#v1273-2023-08-16)
+  * **Documentation**: Doc-only update to incorporate several doc bug fixes
+
+# Release (2023-08-15)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/chimesdkmeetings`: [v1.17.0](service/chimesdkmeetings/CHANGELOG.md#v1170-2023-08-15)
+  * **Feature**: Updated API documentation to include additional exceptions.
+* `github.com/aws/aws-sdk-go-v2/service/ec2`: [v1.112.0](service/ec2/CHANGELOG.md#v11120-2023-08-15)
+  * **Feature**: Documentation updates for Elastic Compute Cloud (EC2).
+* `github.com/aws/aws-sdk-go-v2/service/glue`: [v1.61.0](service/glue/CHANGELOG.md#v1610-2023-08-15)
+  * **Feature**: AWS Glue Crawlers can now accept SerDe overrides from a custom csv classifier. The two SerDe options are LazySimpleSerDe and OpenCSVSerDe. In case, the user wants crawler to do the selection, "None" can be selected for this purpose.
+* `github.com/aws/aws-sdk-go-v2/service/pi`: [v1.19.0](service/pi/CHANGELOG.md#v1190-2023-08-15)
+  * **Feature**: AWS Performance Insights for Amazon RDS is launching Performance Analysis On Demand, a new feature that allows you to analyze database performance metrics and find out the performance issues. You can now use SDK to create, list, get, delete, and manage tags of performance analysis reports.
+* `github.com/aws/aws-sdk-go-v2/service/route53domains`: [v1.17.0](service/route53domains/CHANGELOG.md#v1170-2023-08-15)
+  * **Feature**: Provide explanation if CheckDomainTransferability return false. Provide requestId if a request is already submitted.  Add sensitive protection for customer information
+* `github.com/aws/aws-sdk-go-v2/service/sagemaker`: [v1.102.0](service/sagemaker/CHANGELOG.md#v11020-2023-08-15)
+  * **Feature**: SageMaker Inference Recommender now provides SupportedResponseMIMETypes from DescribeInferenceRecommendationsJob response
+
+# Release (2023-08-14)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/mediapackage`: [v1.23.0](service/mediapackage/CHANGELOG.md#v1230-2023-08-14)
+  * **Feature**: Fix SDK logging of certain fields.
+* `github.com/aws/aws-sdk-go-v2/service/omics`: [v1.8.0](service/omics/CHANGELOG.md#v180-2023-08-14)
+  * **Feature**: This release provides support for annotation store versioning and cross account sharing for Omics Analytics
+* `github.com/aws/aws-sdk-go-v2/service/transfer`: [v1.33.4](service/transfer/CHANGELOG.md#v1334-2023-08-14)
+  * **Documentation**: Documentation updates for AWS Transfer Family
+
+# Release (2023-08-11)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/amplifybackend`: [v1.16.0](service/amplifybackend/CHANGELOG.md#v1160-2023-08-11)
+  * **Feature**: Adds sensitive trait to required input shapes.
+* `github.com/aws/aws-sdk-go-v2/service/configservice`: [v1.36.0](service/configservice/CHANGELOG.md#v1360-2023-08-11)
+  * **Feature**: Updated ResourceType enum with new resource types onboarded by AWS Config in July 2023.
+* `github.com/aws/aws-sdk-go-v2/service/ec2`: [v1.111.0](service/ec2/CHANGELOG.md#v11110-2023-08-11)
+  * **Feature**: Amazon EC2 P5 instances, powered by the latest NVIDIA H100 Tensor Core GPUs, deliver the highest performance in EC2 for deep learning (DL) and HPC applications. M7i-flex and M7i instances are next-generation general purpose instances powered by custom 4th Generation Intel Xeon Scalable processors.
+* `github.com/aws/aws-sdk-go-v2/service/quicksight`: [v1.41.0](service/quicksight/CHANGELOG.md#v1410-2023-08-11)
+  * **Feature**: New Authentication method for Account subscription - IAM Identity Center. Hierarchy layout support, default column width support and related style properties for pivot table visuals. Non-additive topic field aggregations for Topic API
+* `github.com/aws/aws-sdk-go-v2/service/ses`: [v1.16.3](service/ses/CHANGELOG.md#v1163-2023-08-11)
+  * **Documentation**: Doc only updates to include: 1) Clarified which part of an email address where it's okay to have Punycode when it contains non-ASCII characters for the SendRawEmail action and other actions where this is applicable. 2) Updated S3Action description with new MB max bucket size from 30 to 40.
+* `github.com/aws/aws-sdk-go-v2/service/swf`: [v1.17.0](service/swf/CHANGELOG.md#v1170-2023-08-11)
+  * **Feature**: This release adds new API parameters to override workflow task list for workflow executions.
+
+# Release (2023-08-10)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/cloudtrail`: [v1.28.3](service/cloudtrail/CHANGELOG.md#v1283-2023-08-10)
+  * **Documentation**: Documentation updates for CloudTrail.
+* `github.com/aws/aws-sdk-go-v2/service/connect`: [v1.65.0](service/connect/CHANGELOG.md#v1650-2023-08-10)
+  * **Feature**: This release adds APIs to provision agents that are global / available in multiple AWS regions and distribute them across these regions by percentage.
+* `github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2`: [v1.21.0](service/elasticloadbalancingv2/CHANGELOG.md#v1210-2023-08-10)
+  * **Feature**: This release enables configuring security groups for Network Load Balancers
+* `github.com/aws/aws-sdk-go-v2/service/omics`: [v1.7.0](service/omics/CHANGELOG.md#v170-2023-08-10)
+  * **Feature**: This release adds instanceType to GetRunTask & ListRunTasks responses.
+* `github.com/aws/aws-sdk-go-v2/service/secretsmanager`: [v1.21.0](service/secretsmanager/CHANGELOG.md#v1210-2023-08-10)
+  * **Feature**: Add additional InvalidRequestException to list of possible exceptions for ListSecret.
+* `github.com/aws/aws-sdk-go-v2/service/transfer`: [v1.33.3](service/transfer/CHANGELOG.md#v1333-2023-08-10)
+  * **Documentation**: Documentation updates for AW Transfer Family
+
+# Release (2023-08-09)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/chimesdkvoice`: [v1.8.0](service/chimesdkvoice/CHANGELOG.md#v180-2023-08-09)
+  * **Feature**: Updating CreatePhoneNumberOrder, UpdatePhoneNumber and BatchUpdatePhoneNumbers APIs, adding phone number name
+* `github.com/aws/aws-sdk-go-v2/service/fsx`: [v1.32.0](service/fsx/CHANGELOG.md#v1320-2023-08-09)
+  * **Feature**: For FSx for Lustre, add new data repository task type, RELEASE_DATA_FROM_FILESYSTEM, to release files that have been archived to S3. For FSx for Windows, enable support for configuring and updating SSD IOPS, and for updating storage type. For FSx for OpenZFS, add new deployment type, MULTI_AZ_1.
+* `github.com/aws/aws-sdk-go-v2/service/globalaccelerator`: [v1.17.3](service/globalaccelerator/CHANGELOG.md#v1173-2023-08-09)
+  * **Documentation**: Documentation update for dualstack EC2 endpoint support
+* `github.com/aws/aws-sdk-go-v2/service/guardduty`: [v1.26.0](service/guardduty/CHANGELOG.md#v1260-2023-08-09)
+  * **Feature**: Added autoEnable ALL to UpdateOrganizationConfiguration and DescribeOrganizationConfiguration APIs.
+* `github.com/aws/aws-sdk-go-v2/service/sagemaker`: [v1.101.0](service/sagemaker/CHANGELOG.md#v11010-2023-08-09)
+  * **Feature**: This release adds support for cross account access for SageMaker Model Cards through AWS RAM.
+
+# Release (2023-08-08)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/backup`: [v1.24.0](service/backup/CHANGELOG.md#v1240-2023-08-08)
+  * **Feature**: This release introduces a new logically air-gapped vault (Preview) in AWS Backup that stores immutable backup copies, which are locked by default and isolated with encryption using AWS owned keys. Logically air-gapped vault (Preview) allows secure recovery of application data across accounts.
+* `github.com/aws/aws-sdk-go-v2/service/elasticache`: [v1.29.0](service/elasticache/CHANGELOG.md#v1290-2023-08-08)
+  * **Feature**: Added support for cluster mode in online migration and test migration API
+* `github.com/aws/aws-sdk-go-v2/service/servicecatalog`: [v1.21.0](service/servicecatalog/CHANGELOG.md#v1210-2023-08-08)
+  * **Feature**: Introduce support for HashiCorp Terraform Cloud in Service Catalog by addying TERRAFORM_CLOUD product type in CreateProduct and CreateProvisioningArtifact API.
+
+# Release (2023-08-07)
+
+## General Highlights
+* **Dependency Update**: Updated to the latest SDK module versions
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/detective`: [v1.21.0](service/detective/CHANGELOG.md#v1210-2023-08-07)
+  * **Feature**: Updated the email validation regex to be in line with the TLD name specifications.
+* `github.com/aws/aws-sdk-go-v2/service/ivsrealtime`: [v1.4.0](service/ivsrealtime/CHANGELOG.md#v140-2023-08-07)
+  * **Feature**: Add QUOTA_EXCEEDED and PUBLISHER_NOT_FOUND to EventErrorCode for stage health events.
+* `github.com/aws/aws-sdk-go-v2/service/kinesisvideo`: [v1.18.0](service/kinesisvideo/CHANGELOG.md#v1180-2023-08-07)
+  * **Feature**: This release enables minimum of Images SamplingInterval to be as low as 200 milliseconds in Kinesis Video Stream Image feature.
+* `github.com/aws/aws-sdk-go-v2/service/kinesisvideoarchivedmedia`: [v1.16.0](service/kinesisvideoarchivedmedia/CHANGELOG.md#v1160-2023-08-07)
+  * **Feature**: This release enables minimum of Images SamplingInterval to be as low as 200 milliseconds in Kinesis Video Stream Image feature.
+* `github.com/aws/aws-sdk-go-v2/service/rekognition`: [v1.30.2](service/rekognition/CHANGELOG.md#v1302-2023-08-07)
+  * **Documentation**: This release adds code snippets for Amazon Rekognition Custom Labels.
+
+# Release (2023-08-04)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/acmpca`: [v1.22.2](service/acmpca/CHANGELOG.md#v1222-2023-08-04)
+  * **Documentation**: Documentation correction for AWS Private CA
+* `github.com/aws/aws-sdk-go-v2/service/connect`: [v1.64.0](service/connect/CHANGELOG.md#v1640-2023-08-04)
+  * **Feature**: Added a new API UpdateRoutingProfileAgentAvailabilityTimer to update agent availability timer of a routing profile.
+* `github.com/aws/aws-sdk-go-v2/service/datasync`: [v1.28.0](service/datasync/CHANGELOG.md#v1280-2023-08-04)
+  * **Feature**: Display cloud storage used capacity at a cluster level.
+* `github.com/aws/aws-sdk-go-v2/service/ecs`: [v1.29.2](service/ecs/CHANGELOG.md#v1292-2023-08-04)
+  * **Documentation**: This is a documentation update to address various tickets.
+* `github.com/aws/aws-sdk-go-v2/service/sagemaker`: [v1.100.0](service/sagemaker/CHANGELOG.md#v11000-2023-08-04)
+  * **Feature**: Including DataCaptureConfig key in the Amazon Sagemaker Search's transform job object
+
+# Release (2023-08-03)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/autoscaling`: [v1.30.2](service/autoscaling/CHANGELOG.md#v1302-2023-08-03)
+  * **Documentation**: Documentation changes related to Amazon EC2 Auto Scaling APIs.
+* `github.com/aws/aws-sdk-go-v2/service/cloud9`: [v1.18.2](service/cloud9/CHANGELOG.md#v1182-2023-08-03)
+  * **Documentation**: Updated the deprecation date for Amazon Linux. Doc only update.
+* `github.com/aws/aws-sdk-go-v2/service/databasemigrationservice`: [v1.30.0](service/databasemigrationservice/CHANGELOG.md#v1300-2023-08-03)
+  * **Feature**: The release makes public API for DMS Schema Conversion feature.
+* `github.com/aws/aws-sdk-go-v2/service/ec2`: [v1.110.0](service/ec2/CHANGELOG.md#v11100-2023-08-03)
+  * **Feature**: This release adds new parameter isPrimaryIPv6 to  allow assigning an IPv6 address as a primary IPv6 address to a network interface which cannot be changed to give equivalent functionality available for network interfaces with primary IPv4 address.
+* `github.com/aws/aws-sdk-go-v2/service/sagemaker`: [v1.99.0](service/sagemaker/CHANGELOG.md#v1990-2023-08-03)
+  * **Feature**: Amazon SageMaker now supports running training jobs on p5.48xlarge instance types.
+
+# Release (2023-08-02)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/budgets`: [v1.16.0](service/budgets/CHANGELOG.md#v1160-2023-08-02)
+  * **Feature**: As part of CAE tagging integration we need to update our budget names regex filter to prevent customers from using "/action/" in their budget names.
+* `github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider`: [v1.25.0](service/cognitoidentityprovider/CHANGELOG.md#v1250-2023-08-02)
+  * **Feature**: New feature that logs Cognito user pool error messages to CloudWatch logs.
+* `github.com/aws/aws-sdk-go-v2/service/glue`: [v1.60.0](service/glue/CHANGELOG.md#v1600-2023-08-02)
+  * **Feature**: This release includes additional Glue Streaming KAKFA SASL property types.
+* `github.com/aws/aws-sdk-go-v2/service/resiliencehub`: [v1.13.0](service/resiliencehub/CHANGELOG.md#v1130-2023-08-02)
+  * **Feature**: Drift Detection capability added when applications policy has moved from a meet to breach state. Customers will be able to exclude operational recommendations and receive credit in their resilience score. Customers can now add ARH permissions to an existing or new role.
+* `github.com/aws/aws-sdk-go-v2/service/sagemaker`: [v1.98.0](service/sagemaker/CHANGELOG.md#v1980-2023-08-02)
+  * **Feature**: SageMaker Inference Recommender introduces a new API GetScalingConfigurationRecommendation to recommend auto scaling policies based on completed Inference Recommender jobs.
+
+# Release (2023-08-01)
+
+## General Highlights
+* **Dependency Update**: Updated to the latest SDK module versions
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/batch`: [v1.26.0](service/batch/CHANGELOG.md#v1260-2023-08-01)
+  * **Feature**: This release adds support for price capacity optimized allocation strategy for Spot Instances.
+* `github.com/aws/aws-sdk-go-v2/service/databasemigrationservice`: [v1.29.0](service/databasemigrationservice/CHANGELOG.md#v1290-2023-08-01)
+  * **Feature**: Adding new API describe-engine-versions which provides information about the lifecycle of a replication instance's version.
+* `github.com/aws/aws-sdk-go-v2/service/internetmonitor`: [v1.5.0](service/internetmonitor/CHANGELOG.md#v150-2023-08-01)
+  * **Feature**: This release adds a new feature for Amazon CloudWatch Internet Monitor that enables customers to set custom thresholds, for performance and availability drops, for impact limited to a single city-network to trigger creation of a health event.
+* `github.com/aws/aws-sdk-go-v2/service/medialive`: [v1.34.0](service/medialive/CHANGELOG.md#v1340-2023-08-01)
+  * **Feature**: AWS Elemental Link devices now report their Availability Zone. Link devices now support the ability to change their Availability Zone.
+* `github.com/aws/aws-sdk-go-v2/service/polly`: [v1.29.0](service/polly/CHANGELOG.md#v1290-2023-08-01)
+  * **Feature**: Amazon Polly adds new French Belgian voice - Isabelle. Isabelle is available as Neural voice only.
+* `github.com/aws/aws-sdk-go-v2/service/rds`: [v1.50.0](service/rds/CHANGELOG.md#v1500-2023-08-01)
+  * **Feature**: Added support for deleted clusters PiTR.
+* `github.com/aws/aws-sdk-go-v2/service/sagemaker`: [v1.97.0](service/sagemaker/CHANGELOG.md#v1970-2023-08-01)
+  * **Feature**: Add Stairs TrafficPattern and FlatInvocations to RecommendationJobStoppingConditions
+
+# Release (2023-07-31)
+
+## General Highlights
+* **Feature**: Adds support for smithy-modeled endpoint resolution. A new rules-based endpoint resolution will be added to the SDK which will supercede and deprecate existing endpoint resolution. Specifically, EndpointResolver will be deprecated while BaseEndpoint and EndpointResolverV2 will take its place. For more information, please see the Endpoints section in our Developer Guide.
+* **Dependency Update**: Updated to the latest SDK module versions
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/amplifyuibuilder`: [v1.12.0](service/amplifyuibuilder/CHANGELOG.md#v1120-2023-07-31)
+  * **Feature**: Amplify Studio releases GraphQL support for codegen job action.
+* `github.com/aws/aws-sdk-go-v2/service/autoscaling`: [v1.30.0](service/autoscaling/CHANGELOG.md#v1300-2023-07-31)
+  * **Feature**: You can now configure an instance refresh to set its status to 'failed' when it detects that a specified CloudWatch alarm has gone into the ALARM state. You can also choose to roll back the instance refresh automatically when the alarm threshold is met.
+* `github.com/aws/aws-sdk-go-v2/service/cleanrooms`: [v1.3.0](service/cleanrooms/CHANGELOG.md#v130-2023-07-31)
+  * **Feature**: This release introduces custom SQL queries - an expanded set of SQL you can run. This release adds analysis templates, a new resource for storing pre-defined custom SQL queries ahead of time. This release also adds the Custom analysis rule, which lets you approve analysis templates for querying.
+* `github.com/aws/aws-sdk-go-v2/service/codestarconnections`: [v1.15.0](service/codestarconnections/CHANGELOG.md#v1150-2023-07-31)
+  * **Feature**: New integration with the Gitlab provider type.
+* `github.com/aws/aws-sdk-go-v2/service/drs`: [v1.15.0](service/drs/CHANGELOG.md#v1150-2023-07-31)
+  * **Feature**: Add support for in-aws right sizing
+* `github.com/aws/aws-sdk-go-v2/service/inspector2`: [v1.16.0](service/inspector2/CHANGELOG.md#v1160-2023-07-31)
+  * **Feature**: This release adds 1 new API: BatchGetFindingDetails to retrieve enhanced vulnerability intelligence details for findings.
+* `github.com/aws/aws-sdk-go-v2/service/lookoutequipment`: [v1.18.0](service/lookoutequipment/CHANGELOG.md#v1180-2023-07-31)
+  * **Feature**: This release includes new import resource, model versioning and resource policy features.
+* `github.com/aws/aws-sdk-go-v2/service/omics`: [v1.6.0](service/omics/CHANGELOG.md#v160-2023-07-31)
+  * **Feature**: Add CreationType filter for ListReadSets
+* `github.com/aws/aws-sdk-go-v2/service/rds`: [v1.49.0](service/rds/CHANGELOG.md#v1490-2023-07-31)
+  * **Feature**: This release adds support for Aurora MySQL local write forwarding, which allows for forwarding of write operations from reader DB instances to the writer DB instance.
+* `github.com/aws/aws-sdk-go-v2/service/route53`: [v1.29.0](service/route53/CHANGELOG.md#v1290-2023-07-31)
+  * **Feature**: Amazon Route 53 now supports the Israel (Tel Aviv) Region (il-central-1) for latency records, geoproximity records, and private DNS for Amazon VPCs in that region.
+* `github.com/aws/aws-sdk-go-v2/service/scheduler`: [v1.2.0](service/scheduler/CHANGELOG.md#v120-2023-07-31)
+  * **Feature**: This release introduces automatic deletion of schedules in EventBridge Scheduler. If configured, EventBridge Scheduler automatically deletes a schedule after the schedule has completed its last invocation.
+
+# Release (2023-07-28.2)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/applicationinsights`: [v1.18.0](service/applicationinsights/CHANGELOG.md#v1180-2023-07-282)
+  * **Feature**: This release enable customer to add/remove/update more than one workload for a component
+* `github.com/aws/aws-sdk-go-v2/service/cloudformation`: [v1.33.0](service/cloudformation/CHANGELOG.md#v1330-2023-07-282)
+  * **Feature**: This SDK release is for the feature launch of AWS CloudFormation RetainExceptOnCreate. It adds a new parameter retainExceptOnCreate in the following APIs: CreateStack, UpdateStack, RollbackStack, ExecuteChangeSet.
+* `github.com/aws/aws-sdk-go-v2/service/cloudfront`: [v1.27.0](service/cloudfront/CHANGELOG.md#v1270-2023-07-282)
+  * **Feature**: Add a new JavaScript runtime version for CloudFront Functions.
+* `github.com/aws/aws-sdk-go-v2/service/connect`: [v1.62.0](service/connect/CHANGELOG.md#v1620-2023-07-282)
+  * **Feature**: This release adds support for new number types.
+* `github.com/aws/aws-sdk-go-v2/service/kafka`: [v1.21.0](service/kafka/CHANGELOG.md#v1210-2023-07-282)
+  * **Feature**: Amazon MSK has introduced new versions of ListClusterOperations and DescribeClusterOperation APIs. These v2 APIs provide information and insights into the ongoing operations of both MSK Provisioned and MSK Serverless clusters.
+* `github.com/aws/aws-sdk-go-v2/service/pinpoint`: [v1.21.0](service/pinpoint/CHANGELOG.md#v1210-2023-07-282)
+  * **Feature**: Added support for sending push notifications using the FCM v1 API with json credentials. Amazon Pinpoint customers can now deliver messages to Android devices using both FCM v1 API and the legacy FCM/GCM API
+
+# Release (2023-07-28)
+
+## General Highlights
+* **Dependency Update**: Updated to the latest SDK module versions
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/sqs`: [v1.23.4](service/sqs/CHANGELOG.md#v1234-2023-07-28)
+  * **Documentation**: Documentation changes related to SQS APIs.
+
+# Release (2023-07-27)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/autoscaling`: [v1.29.0](service/autoscaling/CHANGELOG.md#v1290-2023-07-27)
+  * **Feature**: This release updates validation for instance types used in the AllowedInstanceTypes and ExcludedInstanceTypes parameters of the InstanceRequirements property of a MixedInstancesPolicy.
+* `github.com/aws/aws-sdk-go-v2/service/ebs`: [v1.17.0](service/ebs/CHANGELOG.md#v1170-2023-07-27)
+  * **Feature**: SDK and documentation updates for Amazon Elastic Block Store API
+* `github.com/aws/aws-sdk-go-v2/service/ec2`: [v1.108.0](service/ec2/CHANGELOG.md#v11080-2023-07-27)
+  * **Feature**: SDK and documentation updates for Amazon Elastic Block Store APIs
+* `github.com/aws/aws-sdk-go-v2/service/eks`: [v1.28.0](service/eks/CHANGELOG.md#v1280-2023-07-27)
+  * **Feature**: Add multiple customer error code to handle customer caused failure when managing EKS node groups
+* `github.com/aws/aws-sdk-go-v2/service/sagemaker`: [v1.95.0](service/sagemaker/CHANGELOG.md#v1950-2023-07-27)
+  * **Feature**: Expose ProfilerConfig attribute in SageMaker Search API response.
+
+# Release (2023-07-26)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/entityresolution`: [v1.0.0](service/entityresolution/CHANGELOG.md#v100-2023-07-26)
+  * **Release**: New AWS service client module
+  * **Feature**: AWS Entity Resolution can effectively match a source record from a customer relationship management (CRM) system with a source record from a marketing system containing campaign information.
+* `github.com/aws/aws-sdk-go-v2/service/glue`: [v1.58.0](service/glue/CHANGELOG.md#v1580-2023-07-26)
+  * **Feature**: Release Glue Studio Snowflake Connector Node for SDK/CLI
+* `github.com/aws/aws-sdk-go-v2/service/healthlake`: [v1.16.4](service/healthlake/CHANGELOG.md#v1164-2023-07-26)
+  * **Documentation**: Updating the HealthLake service documentation.
+* `github.com/aws/aws-sdk-go-v2/service/managedblockchainquery`: [v1.0.0](service/managedblockchainquery/CHANGELOG.md#v100-2023-07-26)
+  * **Release**: New AWS service client module
+  * **Feature**: Amazon Managed Blockchain (AMB) Query provides serverless access to standardized, multi-blockchain datasets with developer-friendly APIs.
+* `github.com/aws/aws-sdk-go-v2/service/mediaconvert`: [v1.39.1](service/mediaconvert/CHANGELOG.md#v1391-2023-07-26)
+  * **Documentation**: This release includes general updates to user documentation.
+* `github.com/aws/aws-sdk-go-v2/service/omics`: [v1.5.2](service/omics/CHANGELOG.md#v152-2023-07-26)
+  * **Documentation**: The service is renaming as a part of AWS Health.
+* `github.com/aws/aws-sdk-go-v2/service/opensearchserverless`: [v1.3.0](service/opensearchserverless/CHANGELOG.md#v130-2023-07-26)
+  * **Feature**: This release adds new collection type VectorSearch.
+* `github.com/aws/aws-sdk-go-v2/service/polly`: [v1.27.0](service/polly/CHANGELOG.md#v1270-2023-07-26)
+  * **Feature**: Amazon Polly adds 1 new voice - Lisa (nl-BE)
+* `github.com/aws/aws-sdk-go-v2/service/route53`: [v1.28.5](service/route53/CHANGELOG.md#v1285-2023-07-26)
+  * **Documentation**: Update that corrects the documents for received feedback.
+
+# Release (2023-07-25)
+
+## General Highlights
+* **Dependency Update**: Updated to the latest SDK module versions
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/billingconductor`: [v1.7.0](service/billingconductor/CHANGELOG.md#v170-2023-07-25)
+  * **Feature**: Added support for Auto-Assocate Billing Groups for CreateBillingGroup, UpdateBillingGroup, and ListBillingGroups.
+* `github.com/aws/aws-sdk-go-v2/service/customerprofiles`: [v1.26.0](service/customerprofiles/CHANGELOG.md#v1260-2023-07-25)
+  * **Feature**: Amazon Connect Customer Profiles now supports rule-based resolution to match and merge similar profiles into unified profiles, helping companies deliver faster and more personalized customer service by providing access to relevant customer information for agents and automated experiences.
+* `github.com/aws/aws-sdk-go-v2/service/datasync`: [v1.26.0](service/datasync/CHANGELOG.md#v1260-2023-07-25)
+  * **Feature**: AWS DataSync now supports Microsoft Azure Blob Storage locations.
+* `github.com/aws/aws-sdk-go-v2/service/dynamodb`: [v1.20.2](service/dynamodb/CHANGELOG.md#v1202-2023-07-25)
+  * **Documentation**: Documentation updates for DynamoDB
+* `github.com/aws/aws-sdk-go-v2/service/ec2`: [v1.107.0](service/ec2/CHANGELOG.md#v11070-2023-07-25)
+  * **Feature**: This release adds an instance's peak and baseline network bandwidth as well as the memory sizes of an instance's inference accelerators to DescribeInstanceTypes.
+* `github.com/aws/aws-sdk-go-v2/service/emrserverless`: [v1.9.0](service/emrserverless/CHANGELOG.md#v190-2023-07-25)
+  * **Feature**: This release adds support for publishing application logs to CloudWatch.
+* `github.com/aws/aws-sdk-go-v2/service/lambda`: [v1.38.0](service/lambda/CHANGELOG.md#v1380-2023-07-25)
+  * **Feature**: Add Python 3.11 (python3.11) support to AWS Lambda
+* `github.com/aws/aws-sdk-go-v2/service/rds`: [v1.48.0](service/rds/CHANGELOG.md#v1480-2023-07-25)
+  * **Feature**: This release adds support for monitoring storage optimization progress on the DescribeDBInstances API.
+* `github.com/aws/aws-sdk-go-v2/service/sagemaker`: [v1.94.0](service/sagemaker/CHANGELOG.md#v1940-2023-07-25)
+  * **Feature**: Mark ContentColumn and TargetLabelColumn as required Targets in TextClassificationJobConfig in CreateAutoMLJobV2API
+* `github.com/aws/aws-sdk-go-v2/service/securityhub`: [v1.34.0](service/securityhub/CHANGELOG.md#v1340-2023-07-25)
+  * **Feature**: Add support for CONTAINS and NOT_CONTAINS comparison operators for Automation Rules string filters and map filters
+* `github.com/aws/aws-sdk-go-v2/service/sts`: [v1.20.0](service/sts/CHANGELOG.md#v1200-2023-07-25)
+  * **Feature**: API updates for the AWS Security Token Service
+* `github.com/aws/aws-sdk-go-v2/service/transfer`: [v1.32.0](service/transfer/CHANGELOG.md#v1320-2023-07-25)
+  * **Feature**: This release adds support for SFTP Connectors.
+* `github.com/aws/aws-sdk-go-v2/service/wisdom`: [v1.14.0](service/wisdom/CHANGELOG.md#v1140-2023-07-25)
+  * **Feature**: This release added two new data types: AssistantIntegrationConfiguration, and SessionIntegrationConfiguration to support Wisdom integration with Amazon Connect Chat
+
+# Release (2023-07-24)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/apigatewayv2`: [v1.13.15](service/apigatewayv2/CHANGELOG.md#v11315-2023-07-24)
+  * **Documentation**: Documentation updates for Amazon API Gateway.
+* `github.com/aws/aws-sdk-go-v2/service/chimesdkmediapipelines`: [v1.5.0](service/chimesdkmediapipelines/CHANGELOG.md#v150-2023-07-24)
+  * **Feature**: AWS Media Pipeline compositing enhancement and Media Insights Pipeline auto language identification.
+* `github.com/aws/aws-sdk-go-v2/service/cloudformation`: [v1.32.0](service/cloudformation/CHANGELOG.md#v1320-2023-07-24)
+  * **Feature**: This release supports filtering by DRIFT_STATUS for existing API ListStackInstances and adds support for a new API ListStackInstanceResourceDrifts. Customers can now view resource drift information from their StackSet management accounts.
+* `github.com/aws/aws-sdk-go-v2/service/costexplorer`: [v1.26.0](service/costexplorer/CHANGELOG.md#v1260-2023-07-24)
+  * **Feature**: This release introduces the new API 'GetSavingsPlanPurchaseRecommendationDetails', which retrieves the details for a Savings Plan recommendation. It also updates the existing API 'GetSavingsPlansPurchaseRecommendation' to include the recommendation detail ID.
+* `github.com/aws/aws-sdk-go-v2/service/ec2`: [v1.106.0](service/ec2/CHANGELOG.md#v11060-2023-07-24)
+  * **Feature**: Add "disabled" enum value to SpotInstanceState.
+* `github.com/aws/aws-sdk-go-v2/service/glue`: [v1.57.0](service/glue/CHANGELOG.md#v1570-2023-07-24)
+  * **Feature**: Added support for Data Preparation Recipe node in Glue Studio jobs
+* `github.com/aws/aws-sdk-go-v2/service/quicksight`: [v1.39.0](service/quicksight/CHANGELOG.md#v1390-2023-07-24)
+  * **Feature**: This release launches new Snapshot APIs for CSV and PDF exports, adds support for info icon for filters and parameters in Exploration APIs, adds modeled exception to the DeleteAccountCustomization API, and introduces AttributeAggregationFunction's ability to add UNIQUE_VALUE aggregation in tooltips.
+
+# Release (2023-07-21)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/glue`: [v1.56.0](service/glue/CHANGELOG.md#v1560-2023-07-21)
+  * **Feature**: This release adds support for AWS Glue Crawler with Apache Hudi Tables, allowing Crawlers to discover Hudi Tables in S3 and register them in Glue Data Catalog for query engines to query against.
+* `github.com/aws/aws-sdk-go-v2/service/mediaconvert`: [v1.39.0](service/mediaconvert/CHANGELOG.md#v1390-2023-07-21)
+  * **Feature**: This release includes improvements to Preserve 444 handling, compatibility of HEVC sources without frame rates, and general improvements to MP4 outputs.
+* `github.com/aws/aws-sdk-go-v2/service/rds`: [v1.47.0](service/rds/CHANGELOG.md#v1470-2023-07-21)
+  * **Feature**: Adds support for the DBSystemID parameter of CreateDBInstance to RDS Custom for Oracle.
+* `github.com/aws/aws-sdk-go-v2/service/workspaces`: [v1.28.17](service/workspaces/CHANGELOG.md#v12817-2023-07-21)
+  * **Documentation**: Fixed VolumeEncryptionKey descriptions
+
+# Release (2023-07-20.2)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/codecatalyst`: [v1.4.0](service/codecatalyst/CHANGELOG.md#v140-2023-07-202)
+  * **Feature**: This release adds support for updating and deleting spaces and projects in Amazon CodeCatalyst. It also adds support for creating, getting, and deleting source repositories in CodeCatalyst projects.
+* `github.com/aws/aws-sdk-go-v2/service/connectcases`: [v1.5.0](service/connectcases/CHANGELOG.md#v150-2023-07-202)
+  * **Feature**: This release adds the ability to assign a case to a queue or user.
+* `github.com/aws/aws-sdk-go-v2/service/lexmodelsv2`: [v1.31.0](service/lexmodelsv2/CHANGELOG.md#v1310-2023-07-202)
+  * **Feature**: This release updates type for Channel field in SessionSpecification and UtteranceSpecification
+* `github.com/aws/aws-sdk-go-v2/service/route53resolver`: [v1.18.0](service/route53resolver/CHANGELOG.md#v1180-2023-07-202)
+  * **Feature**: This release adds support for Route 53 On Outposts, a new feature that allows customers to run Route 53 Resolver and Resolver endpoints locally on their Outposts.
+* `github.com/aws/aws-sdk-go-v2/service/sagemaker`: [v1.93.0](service/sagemaker/CHANGELOG.md#v1930-2023-07-202)
+  * **Feature**: Cross account support for SageMaker Feature Store
+* `github.com/aws/aws-sdk-go-v2/service/sagemakerfeaturestoreruntime`: [v1.16.0](service/sagemakerfeaturestoreruntime/CHANGELOG.md#v1160-2023-07-202)
+  * **Feature**: Cross account support for SageMaker Feature Store
+* `github.com/aws/aws-sdk-go-v2/service/securitylake`: [v1.5.0](service/securitylake/CHANGELOG.md#v150-2023-07-202)
+  * **Feature**: Adding support for Tags on Create and Resource Tagging API.
+* `github.com/aws/aws-sdk-go-v2/service/transcribe`: [v1.27.0](service/transcribe/CHANGELOG.md#v1270-2023-07-202)
+  * **Feature**: Added API argument --toxicity-detection to startTranscriptionJob API, which allows users to view toxicity scores of submitted audio.
+
+# Release (2023-07-20)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/savingsplans`: [v1.12.14](service/savingsplans/CHANGELOG.md#v11214-2023-07-20)
+  * **Documentation**: Savings Plans endpoints update
+
+# Release (2023-07-19)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/cloudformation`: [v1.31.0](service/cloudformation/CHANGELOG.md#v1310-2023-07-19)
+  * **Feature**: SDK and documentation updates for GetTemplateSummary API (unrecognized resources)
+* `github.com/aws/aws-sdk-go-v2/service/ec2`: [v1.105.1](service/ec2/CHANGELOG.md#v11051-2023-07-19)
+  * **Documentation**: Amazon EC2 documentation updates.
+* `github.com/aws/aws-sdk-go-v2/service/grafana`: [v1.14.0](service/grafana/CHANGELOG.md#v1140-2023-07-19)
+  * **Feature**: Amazon Managed Grafana now supports grafanaVersion update for existing workspaces with UpdateWorkspaceConfiguration API. DescribeWorkspaceConfiguration API additionally returns grafanaVersion. A new ListVersions API lists available versions or, if given a workspaceId, the versions it can upgrade to.
+* `github.com/aws/aws-sdk-go-v2/service/medicalimaging`: [v1.0.0](service/medicalimaging/CHANGELOG.md#v100-2023-07-19)
+  * **Release**: New AWS service client module
+  * **Feature**: General Availability (GA) release of AWS Health Imaging, enabling customers to store, transform, and analyze medical imaging data at petabyte-scale.
+* `github.com/aws/aws-sdk-go-v2/service/ram`: [v1.19.0](service/ram/CHANGELOG.md#v1190-2023-07-19)
+  * **Feature**: This release adds support for securely sharing with AWS service principals.
+* `github.com/aws/aws-sdk-go-v2/service/ssmsap`: [v1.3.0](service/ssmsap/CHANGELOG.md#v130-2023-07-19)
+  * **Feature**: Added support for SAP Hana High Availability discovery (primary and secondary nodes) and Backint agent installation with SSM for SAP.
+* `github.com/aws/aws-sdk-go-v2/service/wafv2`: [v1.36.0](service/wafv2/CHANGELOG.md#v1360-2023-07-19)
+  * **Feature**: Added the URI path to the custom aggregation keys that you can specify for a rate-based rule.
+
+# Release (2023-07-18)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/codegurusecurity`: [v1.0.3](service/codegurusecurity/CHANGELOG.md#v103-2023-07-18)
+  * **Documentation**: Documentation updates for CodeGuru Security.
+* `github.com/aws/aws-sdk-go-v2/service/connect`: [v1.61.1](service/connect/CHANGELOG.md#v1611-2023-07-18)
+  * **Documentation**: GetMetricDataV2 API: Update to include Contact Lens Conversational Analytics Metrics
+* `github.com/aws/aws-sdk-go-v2/service/lexmodelsv2`: [v1.30.0](service/lexmodelsv2/CHANGELOG.md#v1300-2023-07-18)
+  * **Feature**: This release adds support for Lex Developers to view analytics for their bots.
+* `github.com/aws/aws-sdk-go-v2/service/m2`: [v1.6.0](service/m2/CHANGELOG.md#v160-2023-07-18)
+  * **Feature**: Allows UpdateEnvironment to update the environment to 0 host capacity. New GetSignedBluinsightsUrl API
+* `github.com/aws/aws-sdk-go-v2/service/snowball`: [v1.20.0](service/snowball/CHANGELOG.md#v1200-2023-07-18)
+  * **Feature**: Adds support for RACK_5U_C. This is the first AWS Snow Family device designed to meet U.S. Military Ruggedization Standards (MIL-STD-810H) with 208 vCPU device in a portable, compact 5U, half-rack width form-factor.
+* `github.com/aws/aws-sdk-go-v2/service/translate`: [v1.18.4](service/translate/CHANGELOG.md#v1184-2023-07-18)
+  * **Documentation**: Added DOCX word document support to TranslateDocument API
+
+# Release (2023-07-17)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/codeartifact`: [v1.18.8](service/codeartifact/CHANGELOG.md#v1188-2023-07-17)
+  * **Documentation**: Doc only update for AWS CodeArtifact
+* `github.com/aws/aws-sdk-go-v2/service/docdb`: [v1.22.0](service/docdb/CHANGELOG.md#v1220-2023-07-17)
+  * **Feature**: Added major version upgrade option in ModifyDBCluster API
+* `github.com/aws/aws-sdk-go-v2/service/ec2`: [v1.105.0](service/ec2/CHANGELOG.md#v11050-2023-07-17)
+  * **Feature**: Add Nitro TPM support on DescribeInstanceTypes
+* `github.com/aws/aws-sdk-go-v2/service/glue`: [v1.55.0](service/glue/CHANGELOG.md#v1550-2023-07-17)
+  * **Feature**: Adding new supported permission type flags to get-unfiltered endpoints that callers may pass to indicate support for enforcing Lake Formation fine-grained access control on nested column attributes.
+* `github.com/aws/aws-sdk-go-v2/service/ivs`: [v1.24.0](service/ivs/CHANGELOG.md#v1240-2023-07-17)
+  * **Feature**: This release provides the flexibility to configure what renditions or thumbnail qualities to record when creating recording configuration.
+* `github.com/aws/aws-sdk-go-v2/service/lakeformation`: [v1.22.0](service/lakeformation/CHANGELOG.md#v1220-2023-07-17)
+  * **Feature**: Adds supports for ReadOnlyAdmins and AllowFullTableExternalDataAccess. Adds NESTED_PERMISSION and NESTED_CELL_PERMISSION to SUPPORTED_PERMISSION_TYPES enum. Adds CREATE_LF_TAG on catalog resource and ALTER, DROP, and GRANT_WITH_LF_TAG_EXPRESSION on LF Tag resource.
+
+# Release (2023-07-13)
+
+## General Highlights
+* **Feature**: Modify user agent syntax and introduce support for optional app identifier in UA header
+* **Dependency Update**: Updated to the latest SDK module versions
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider`: [v1.23.0](service/cognitoidentityprovider/CHANGELOG.md#v1230-2023-07-13)
+  * **Feature**: API model updated in Amazon Cognito
+* `github.com/aws/aws-sdk-go-v2/service/connect`: [v1.61.0](service/connect/CHANGELOG.md#v1610-2023-07-13)
+  * **Feature**: Add support for deleting Queues and Routing Profiles.
+* `github.com/aws/aws-sdk-go-v2/service/databasemigrationservice`: [v1.27.0](service/databasemigrationservice/CHANGELOG.md#v1270-2023-07-13)
+  * **Feature**: Enhanced PostgreSQL target endpoint settings for providing Babelfish support.
+* `github.com/aws/aws-sdk-go-v2/service/datasync`: [v1.25.0](service/datasync/CHANGELOG.md#v1250-2023-07-13)
+  * **Feature**: Added LunCount to the response object of DescribeStorageSystemResourcesResponse, LunCount represents the number of LUNs on a storage system resource.
+* `github.com/aws/aws-sdk-go-v2/service/ec2`: [v1.104.0](service/ec2/CHANGELOG.md#v11040-2023-07-13)
+  * **Feature**: This release adds support for the C7gn and Hpc7g instances. C7gn instances are powered by AWS Graviton3 processors and the fifth-generation AWS Nitro Cards. Hpc7g instances are powered by AWS Graviton 3E processors and provide up to 200 Gbps network bandwidth.
+* `github.com/aws/aws-sdk-go-v2/service/fsx`: [v1.30.0](service/fsx/CHANGELOG.md#v1300-2023-07-13)
+  * **Feature**: Amazon FSx for NetApp ONTAP now supports SnapLock, an ONTAP feature that enables you to protect your files in a volume by transitioning them to a write once, read many (WORM) state.
+* `github.com/aws/aws-sdk-go-v2/service/iam`: [v1.21.1](service/iam/CHANGELOG.md#v1211-2023-07-13)
+  * **Documentation**: Documentation updates for AWS Identity and Access Management (IAM).
+* `github.com/aws/aws-sdk-go-v2/service/mediatailor`: [v1.25.0](service/mediatailor/CHANGELOG.md#v1250-2023-07-13)
+  * **Feature**: Adds categories to MediaTailor channel assembly alerts
+* `github.com/aws/aws-sdk-go-v2/service/personalize`: [v1.25.0](service/personalize/CHANGELOG.md#v1250-2023-07-13)
+  * **Feature**: This release provides ability to customers to change schema associated with their datasets in Amazon Personalize
+* `github.com/aws/aws-sdk-go-v2/service/proton`: [v1.22.0](service/proton/CHANGELOG.md#v1220-2023-07-13)
+  * **Feature**: This release adds support for deployment history for Proton provisioned resources
+* `github.com/aws/aws-sdk-go-v2/service/s3`: [v1.37.0](service/s3/CHANGELOG.md#v1370-2023-07-13)
+  * **Feature**: S3 Inventory now supports Object Access Control List and Object Owner as available object metadata fields in inventory reports.
+* `github.com/aws/aws-sdk-go-v2/service/sagemaker`: [v1.92.0](service/sagemaker/CHANGELOG.md#v1920-2023-07-13)
+  * **Feature**: Amazon SageMaker Canvas adds WorkspeceSettings support for CanvasAppSettings
+* `github.com/aws/aws-sdk-go-v2/service/secretsmanager`: [v1.19.11](service/secretsmanager/CHANGELOG.md#v11911-2023-07-13)
+  * **Documentation**: Documentation updates for Secrets Manager
+
+# Release (2023-07-07)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs`: [v1.22.0](service/cloudwatchlogs/CHANGELOG.md#v1220-2023-07-07)
+  * **Feature**: Add CMK encryption support for CloudWatch Logs Insights query result data
+* `github.com/aws/aws-sdk-go-v2/service/databasemigrationservice`: [v1.26.0](service/databasemigrationservice/CHANGELOG.md#v1260-2023-07-07)
+  * **Feature**: Releasing DMS Serverless. Adding support for PostgreSQL 15.x as source and target endpoint. Adding support for DocDB Elastic Clusters with sharded collections, PostgreSQL datatype mapping customization and disabling hostname validation of the certificate authority in Kafka endpoint settings
+* `github.com/aws/aws-sdk-go-v2/service/glue`: [v1.54.0](service/glue/CHANGELOG.md#v1540-2023-07-07)
+  * **Feature**: This release enables customers to create new Apache Iceberg tables and associated metadata in Amazon S3 by using native AWS Glue CreateTable operation.
+* `github.com/aws/aws-sdk-go-v2/service/medialive`: [v1.32.0](service/medialive/CHANGELOG.md#v1320-2023-07-07)
+  * **Feature**: This release enables the use of Thumbnails in AWS Elemental MediaLive.
+* `github.com/aws/aws-sdk-go-v2/service/mediatailor`: [v1.24.0](service/mediatailor/CHANGELOG.md#v1240-2023-07-07)
+  * **Feature**: The AWS Elemental MediaTailor SDK for Channel Assembly has added support for EXT-X-CUE-OUT and EXT-X-CUE-IN tags to specify ad breaks in HLS outputs, including support for EXT-OATCLS, EXT-X-ASSET, and EXT-X-CUE-OUT-CONT accessory tags.
+
+# Release (2023-07-06)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/ec2`: [v1.103.0](service/ec2/CHANGELOG.md#v11030-2023-07-06)
+  * **Feature**: Add Nitro Enclaves support on DescribeInstanceTypes
+* `github.com/aws/aws-sdk-go-v2/service/location`: [v1.25.0](service/location/CHANGELOG.md#v1250-2023-07-06)
+  * **Feature**: This release adds support for authenticating with Amazon Location Service's Places & Routes APIs with an API Key. Also, with this release developers can publish tracked device position updates to Amazon EventBridge.
+* `github.com/aws/aws-sdk-go-v2/service/outposts`: [v1.28.0](service/outposts/CHANGELOG.md#v1280-2023-07-06)
+  * **Feature**: Added paginator support to several APIs. Added the ISOLATED enum value to AssetState.
+* `github.com/aws/aws-sdk-go-v2/service/quicksight`: [v1.38.0](service/quicksight/CHANGELOG.md#v1380-2023-07-06)
+  * **Feature**: This release includes below three changes: small multiples axes improvement, field based coloring, removed required trait from Aggregation function for TopBottomFilter.
+* `github.com/aws/aws-sdk-go-v2/service/rds`: [v1.46.1](service/rds/CHANGELOG.md#v1461-2023-07-06)
+  * **Documentation**: Updates Amazon RDS documentation for creating DB instances and creating Aurora global clusters.
+
+# Release (2023-07-05)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/comprehendmedical`: [v1.16.3](service/comprehendmedical/CHANGELOG.md#v1163-2023-07-05)
+  * **Documentation**: Update to Amazon Comprehend Medical documentation.
+* `github.com/aws/aws-sdk-go-v2/service/connect`: [v1.60.1](service/connect/CHANGELOG.md#v1601-2023-07-05)
+  * **Documentation**: GetMetricDataV2 API: Channels filters do not count towards overall limitation of 100 filter values.
+* `github.com/aws/aws-sdk-go-v2/service/kms`: [v1.23.0](service/kms/CHANGELOG.md#v1230-2023-07-05)
+  * **Feature**: Added Dry Run Feature to cryptographic and cross-account mutating KMS APIs (14 in all). This feature allows users to test their permissions and parameters before making the actual API call.
+* `github.com/aws/aws-sdk-go-v2/service/mgn`: [v1.19.0](service/mgn/CHANGELOG.md#v1190-2023-07-05)
+  * **Feature**: This release introduces the Global view feature and new Replication state APIs.
+* `github.com/aws/aws-sdk-go-v2/service/securityhub`: [v1.33.2](service/securityhub/CHANGELOG.md#v1332-2023-07-05)
+  * **Documentation**: Documentation updates for AWS Security Hub
+
+# Release (2023-07-03)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/batch`: [v1.24.0](service/batch/CHANGELOG.md#v1240-2023-07-03)
+  * **Feature**: This feature allows customers to use AWS Batch with Linux with ARM64 CPU Architecture and X86_64 CPU Architecture with Windows OS on Fargate Platform.
+* `github.com/aws/aws-sdk-go-v2/service/sagemaker`: [v1.91.0](service/sagemaker/CHANGELOG.md#v1910-2023-07-03)
+  * **Feature**: SageMaker Inference Recommender now accepts new fields SupportedEndpointType and ServerlessConfiguration to support serverless endpoints.
+
+# Release (2023-06-30)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/ecs`: [v1.28.0](service/ecs/CHANGELOG.md#v1280-2023-06-30)
+  * **Feature**: Added new field  "credentialspecs" to the ecs task definition to support gMSA of windows/linux in both domainless and domain-joined mode
+* `github.com/aws/aws-sdk-go-v2/service/mediaconvert`: [v1.38.1](service/mediaconvert/CHANGELOG.md#v1381-2023-06-30)
+  * **Documentation**: This release includes improved color handling of overlays and general updates to user documentation.
+* `github.com/aws/aws-sdk-go-v2/service/sagemaker`: [v1.90.0](service/sagemaker/CHANGELOG.md#v1900-2023-06-30)
+  * **Feature**: This release adds support for rolling deployment in SageMaker Inference.
+* `github.com/aws/aws-sdk-go-v2/service/transfer`: [v1.31.0](service/transfer/CHANGELOG.md#v1310-2023-06-30)
+  * **Feature**: Add outbound Basic authentication support to AS2 connectors
+* `github.com/aws/aws-sdk-go-v2/service/verifiedpermissions`: [v1.0.4](service/verifiedpermissions/CHANGELOG.md#v104-2023-06-30)
+  * **Documentation**: This release corrects several broken links in the documentation.
+
+# Release (2023-06-29)
+
+## General Highlights
+* **Dependency Update**: Updated to the latest SDK module versions
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/appstream`: [v1.21.0](service/appstream/CHANGELOG.md#v1210-2023-06-29)
+  * **Feature**: This release introduces app block builder, allowing customers to provision a resource to package applications into an app block
+* `github.com/aws/aws-sdk-go-v2/service/chime`: [v1.24.0](service/chime/CHANGELOG.md#v1240-2023-06-29)
+  * **Feature**: The Amazon Chime SDK APIs in the Chime namespace are no longer supported.  Customers should use APIs in the dedicated Amazon Chime SDK namespaces: ChimeSDKIdentity, ChimeSDKMediaPipelines, ChimeSDKMeetings, ChimeSDKMessaging, and ChimeSDKVoice.
+* `github.com/aws/aws-sdk-go-v2/service/cleanrooms`: [v1.2.0](service/cleanrooms/CHANGELOG.md#v120-2023-06-29)
+  * **Feature**: This release adds support for the OR operator in RSQL join match conditions and the ability to control which operators (AND, OR) are allowed in a join match condition.
+* `github.com/aws/aws-sdk-go-v2/service/dynamodb`: [v1.20.0](service/dynamodb/CHANGELOG.md#v1200-2023-06-29)
+  * **Feature**: This release adds ReturnValuesOnConditionCheckFailure parameter to PutItem, UpdateItem, DeleteItem, ExecuteStatement, BatchExecuteStatement and ExecuteTransaction APIs. When set to ALL_OLD,  API returns a copy of the item as it was when a conditional write failed
+* `github.com/aws/aws-sdk-go-v2/service/gamelift`: [v1.20.0](service/gamelift/CHANGELOG.md#v1200-2023-06-29)
+  * **Feature**: Amazon GameLift now supports game builds that use the Amazon Linux 2023 (AL2023) operating system.
+* `github.com/aws/aws-sdk-go-v2/service/glue`: [v1.53.0](service/glue/CHANGELOG.md#v1530-2023-06-29)
+  * **Feature**: This release adds support for AWS Glue Crawler with Iceberg Tables, allowing Crawlers to discover Iceberg Tables in S3 and register them in Glue Data Catalog for query engines to query against.
+* `github.com/aws/aws-sdk-go-v2/service/sagemaker`: [v1.89.0](service/sagemaker/CHANGELOG.md#v1890-2023-06-29)
+  * **Feature**: Adding support for timeseries forecasting in the CreateAutoMLJobV2 API.
+
+# Release (2023-06-28)
+
+## General Highlights
+* **Dependency Update**: Updated to the latest SDK module versions
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/internetmonitor`: [v1.3.0](service/internetmonitor/CHANGELOG.md#v130-2023-06-28)
+  * **Feature**: This release adds a new feature for Amazon CloudWatch Internet Monitor that enables customers to set custom thresholds, for performance and availability drops, for triggering when to create a health event.
+* `github.com/aws/aws-sdk-go-v2/service/kinesisanalyticsv2`: [v1.17.0](service/kinesisanalyticsv2/CHANGELOG.md#v1170-2023-06-28)
+  * **Feature**: Support for new runtime environment in Kinesis Data Analytics Studio: Zeppelin-0.10, Apache Flink-1.15
+* `github.com/aws/aws-sdk-go-v2/service/lambda`: [v1.37.0](service/lambda/CHANGELOG.md#v1370-2023-06-28)
+  * **Feature**: Surface ResourceConflictException in DeleteEventSourceMapping
+* `github.com/aws/aws-sdk-go-v2/service/omics`: [v1.5.0](service/omics/CHANGELOG.md#v150-2023-06-28)
+  * **Feature**: Add Common Workflow Language (CWL) as a supported language for Omics workflows
+* `github.com/aws/aws-sdk-go-v2/service/rds`: [v1.46.0](service/rds/CHANGELOG.md#v1460-2023-06-28)
+  * **Feature**: Amazon Relational Database Service (RDS) now supports joining a RDS for SQL Server instance to a self-managed Active Directory.
+* `github.com/aws/aws-sdk-go-v2/service/s3`: [v1.36.0](service/s3/CHANGELOG.md#v1360-2023-06-28)
+  * **Feature**: The S3 LISTObjects, ListObjectsV2 and ListObjectVersions API now supports a new optional header x-amz-optional-object-attributes. If header contains RestoreStatus as the value, then S3 will include Glacier restore status i.e. isRestoreInProgress and RestoreExpiryDate in List response.
+* `github.com/aws/aws-sdk-go-v2/service/sagemaker`: [v1.88.0](service/sagemaker/CHANGELOG.md#v1880-2023-06-28)
+  * **Feature**: This release adds support for Model Cards Model Registry integration.
+
+# Release (2023-06-27)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/appfabric`: [v1.0.0](service/appfabric/CHANGELOG.md#v100-2023-06-27)
+  * **Release**: New AWS service client module
+  * **Feature**: Initial release of AWS AppFabric for connecting SaaS applications for better productivity and security.
+* `github.com/aws/aws-sdk-go-v2/service/appflow`: [v1.32.0](service/appflow/CHANGELOG.md#v1320-2023-06-27)
+  * **Feature**: This release adds support to bypass SSO with the SAPOData connector when connecting to an SAP instance.
+* `github.com/aws/aws-sdk-go-v2/service/emrserverless`: [v1.8.0](service/emrserverless/CHANGELOG.md#v180-2023-06-27)
+  * **Feature**: This release adds support to update the release label of an EMR Serverless application to upgrade it to a different version of Amazon EMR via UpdateApplication API.
+* `github.com/aws/aws-sdk-go-v2/service/ivs`: [v1.23.0](service/ivs/CHANGELOG.md#v1230-2023-06-27)
+  * **Feature**: IVS customers can now revoke the viewer session associated with an auth token, to prevent and stop playback using that token.
+* `github.com/aws/aws-sdk-go-v2/service/kinesisvideo`: [v1.16.0](service/kinesisvideo/CHANGELOG.md#v1160-2023-06-27)
+  * **Feature**: General Availability (GA) release of Kinesis Video Streams at Edge, enabling customers to provide a configuration for the Kinesis Video Streams EdgeAgent running on an on-premise IoT device. Customers can now locally record from cameras and stream videos to the cloud on a configured schedule.
+* `github.com/aws/aws-sdk-go-v2/service/macie2`: [v1.28.0](service/macie2/CHANGELOG.md#v1280-2023-06-27)
+  * **Feature**: This release adds support for configuring new classification jobs to use the set of managed data identifiers that we recommend for jobs. For the managed data identifier selection type (managedDataIdentifierSelector), specify RECOMMENDED.
+* `github.com/aws/aws-sdk-go-v2/service/privatenetworks`: [v1.3.0](service/privatenetworks/CHANGELOG.md#v130-2023-06-27)
+  * **Feature**: This release allows Private5G customers to choose different commitment plans (60-days, 1-year, 3-years) when placing new orders, enables automatic renewal option for 1-year and 3-years commitments. It also allows customers to update the commitment plan of an existing radio unit.
+* `github.com/aws/aws-sdk-go-v2/service/sagemaker`: [v1.87.0](service/sagemaker/CHANGELOG.md#v1870-2023-06-27)
+  * **Feature**: Introducing TTL for online store records in feature groups.
+* `github.com/aws/aws-sdk-go-v2/service/sagemakerfeaturestoreruntime`: [v1.15.0](service/sagemakerfeaturestoreruntime/CHANGELOG.md#v1150-2023-06-27)
+  * **Feature**: Introducing TTL for online store records for feature groups.
+* `github.com/aws/aws-sdk-go-v2/service/ssm`: [v1.36.7](service/ssm/CHANGELOG.md#v1367-2023-06-27)
+  * **Documentation**: Systems Manager doc-only update for June 2023.
+* `github.com/aws/aws-sdk-go-v2/service/verifiedpermissions`: [v1.0.3](service/verifiedpermissions/CHANGELOG.md#v103-2023-06-27)
+  * **Documentation**: This update fixes several broken links to the Cedar documentation.
+
+# Release (2023-06-26)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/connect`: [v1.60.0](service/connect/CHANGELOG.md#v1600-2023-06-26)
+  * **Feature**: This release provides a way to search for existing tags within an instance. Before tagging a resource, ensure consistency by searching for pre-existing key:value pairs.
+* `github.com/aws/aws-sdk-go-v2/service/glue`: [v1.52.0](service/glue/CHANGELOG.md#v1520-2023-06-26)
+  * **Feature**: Timestamp Starting Position For Kinesis and Kafka Data Sources in a Glue Streaming Job
+* `github.com/aws/aws-sdk-go-v2/service/guardduty`: [v1.24.0](service/guardduty/CHANGELOG.md#v1240-2023-06-26)
+  * **Feature**: Add support for user.extra.sessionName in Kubernetes Audit Logs Findings.
+* `github.com/aws/aws-sdk-go-v2/service/iam`: [v1.21.0](service/iam/CHANGELOG.md#v1210-2023-06-26)
+  * **Feature**: Support for a new API "GetMFADevice" to present MFA device metadata such as device certifications
+* `github.com/aws/aws-sdk-go-v2/service/pinpoint`: [v1.20.0](service/pinpoint/CHANGELOG.md#v1200-2023-06-26)
+  * **Feature**: Added time zone estimation support for journeys
+
+# Release (2023-06-23)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/devopsguru`: [v1.24.0](service/devopsguru/CHANGELOG.md#v1240-2023-06-23)
+  * **Feature**: This release adds support for encryption via customer managed keys.
+* `github.com/aws/aws-sdk-go-v2/service/fsx`: [v1.29.3](service/fsx/CHANGELOG.md#v1293-2023-06-23)
+  * **Documentation**: Update to Amazon FSx documentation.
+* `github.com/aws/aws-sdk-go-v2/service/rds`: [v1.45.3](service/rds/CHANGELOG.md#v1453-2023-06-23)
+  * **Documentation**: Documentation improvements for create, describe, and modify DB clusters and DB instances.
+* `github.com/aws/aws-sdk-go-v2/service/verifiedpermissions`: [v1.0.2](service/verifiedpermissions/CHANGELOG.md#v102-2023-06-23)
+  * **Documentation**: Added improved descriptions and new code samples to SDK documentation.
+
+# Release (2023-06-22)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/chimesdkidentity`: [v1.12.0](service/chimesdkidentity/CHANGELOG.md#v1120-2023-06-22)
+  * **Feature**: AppInstanceBots can be configured to be invoked or not using the Target or the CHIME.mentions attribute for ChannelMessages
+* `github.com/aws/aws-sdk-go-v2/service/chimesdkmessaging`: [v1.16.0](service/chimesdkmessaging/CHANGELOG.md#v1160-2023-06-22)
+  * **Feature**: ChannelMessages can be made visible to sender and intended recipient rather than all channel members with the target attribute. For example, a user can send messages to a bot and receive messages back in a group channel without other members seeing them.
+* `github.com/aws/aws-sdk-go-v2/service/kendra`: [v1.41.0](service/kendra/CHANGELOG.md#v1410-2023-06-22)
+  * **Feature**: Introducing Amazon Kendra Retrieve API that can be used to retrieve relevant passages or text excerpts given an input query.
+* `github.com/aws/aws-sdk-go-v2/service/sfn`: [v1.18.0](service/sfn/CHANGELOG.md#v1180-2023-06-22)
+  * **Feature**: Adds support for Versions and Aliases. Adds 8 operations: PublishStateMachineVersion, DeleteStateMachineVersion, ListStateMachineVersions, CreateStateMachineAlias, DescribeStateMachineAlias, UpdateStateMachineAlias, DeleteStateMachineAlias, ListStateMachineAliases
+
+# Release (2023-06-21)
+
+## General Highlights
+* **Dependency Update**: Updated to the latest SDK module versions
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/dynamodb`: [v1.19.11](service/dynamodb/CHANGELOG.md#v11911-2023-06-21)
+  * **Documentation**: Documentation updates for DynamoDB
+* `github.com/aws/aws-sdk-go-v2/service/emr`: [v1.27.0](service/emr/CHANGELOG.md#v1270-2023-06-21)
+  * **Feature**: This release introduces a new Amazon EMR EPI called ListSupportedInstanceTypes that returns a list of all instance types supported by a given EMR release.
+* `github.com/aws/aws-sdk-go-v2/service/inspector2`: [v1.15.0](service/inspector2/CHANGELOG.md#v1150-2023-06-21)
+  * **Feature**: This release adds support for Software Bill of Materials (SBOM) export and the general availability of code scanning for AWS Lambda functions.
+* `github.com/aws/aws-sdk-go-v2/service/mediaconvert`: [v1.38.0](service/mediaconvert/CHANGELOG.md#v1380-2023-06-21)
+  * **Feature**: This release introduces the bandwidth reduction filter for the HEVC encoder, increases the limits of outputs per job, and updates support for the Nagra SDK to version 1.14.7.
+* `github.com/aws/aws-sdk-go-v2/service/mq`: [v1.15.0](service/mq/CHANGELOG.md#v1150-2023-06-21)
+  * **Feature**: The Cross Region Disaster Recovery feature allows to replicate a brokers state from one region to another in order to provide customers with multi-region resiliency in the event of a regional outage.
+* `github.com/aws/aws-sdk-go-v2/service/sagemaker`: [v1.86.0](service/sagemaker/CHANGELOG.md#v1860-2023-06-21)
+  * **Feature**: This release provides support in SageMaker for output files in training jobs to be uploaded without compression and enable customer to deploy uncompressed model from S3 to real-time inference Endpoints. In addition, ml.trn1n.32xlarge is added to supported instance type list in training job.
+* `github.com/aws/aws-sdk-go-v2/service/transfer`: [v1.30.0](service/transfer/CHANGELOG.md#v1300-2023-06-21)
+  * **Feature**: This release adds a new parameter StructuredLogDestinations to CreateServer, UpdateServer APIs.
+
+# Release (2023-06-20)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/appflow`: [v1.31.0](service/appflow/CHANGELOG.md#v1310-2023-06-20)
+  * **Feature**: This release adds new API to reset connector metadata cache
+* `github.com/aws/aws-sdk-go-v2/service/configservice`: [v1.34.0](service/configservice/CHANGELOG.md#v1340-2023-06-20)
+  * **Feature**: Updated ResourceType enum with new resource types onboarded by AWS Config in May 2023.
+* `github.com/aws/aws-sdk-go-v2/service/ec2`: [v1.102.0](service/ec2/CHANGELOG.md#v11020-2023-06-20)
+  * **Feature**: Adds support for targeting Dedicated Host allocations by assetIds in AWS Outposts
+* `github.com/aws/aws-sdk-go-v2/service/lambda`: [v1.36.0](service/lambda/CHANGELOG.md#v1360-2023-06-20)
+  * **Feature**: This release adds RecursiveInvocationException to the Invoke API and InvokeWithResponseStream API.
+* `github.com/aws/aws-sdk-go-v2/service/redshift`: [v1.28.0](service/redshift/CHANGELOG.md#v1280-2023-06-20)
+  * **Feature**: Added support for custom domain names for Redshift Provisioned clusters. This feature enables customers to create a custom domain name and use ACM to generate fully secure connections to it.
+
+# Release (2023-06-19)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/cloudformation`: [v1.30.0](service/cloudformation/CHANGELOG.md#v1300-2023-06-19)
+  * **Feature**: Specify desired CloudFormation behavior in the event of ChangeSet execution failure using the CreateChangeSet OnStackFailure parameter
+* `github.com/aws/aws-sdk-go-v2/service/ec2`: [v1.101.0](service/ec2/CHANGELOG.md#v11010-2023-06-19)
+  * **Feature**: API changes to AWS Verified Access to include data from trust providers in logs
+* `github.com/aws/aws-sdk-go-v2/service/ecs`: [v1.27.4](service/ecs/CHANGELOG.md#v1274-2023-06-19)
+  * **Documentation**: Documentation only update to address various tickets.
+* `github.com/aws/aws-sdk-go-v2/service/glue`: [v1.51.0](service/glue/CHANGELOG.md#v1510-2023-06-19)
+  * **Feature**: This release adds support for creating cross region table/database resource links
+* `github.com/aws/aws-sdk-go-v2/service/pricing`: [v1.20.0](service/pricing/CHANGELOG.md#v1200-2023-06-19)
+  * **Feature**: This release updates the PriceListArn regex pattern.
+* `github.com/aws/aws-sdk-go-v2/service/route53domains`: [v1.15.0](service/route53domains/CHANGELOG.md#v1150-2023-06-19)
+  * **Feature**: Update MaxItems upper bound to 1000 for ListPricesRequest
+* `github.com/aws/aws-sdk-go-v2/service/sagemaker`: [v1.85.0](service/sagemaker/CHANGELOG.md#v1850-2023-06-19)
+  * **Feature**: Amazon Sagemaker Autopilot releases CreateAutoMLJobV2 and DescribeAutoMLJobV2 for Autopilot customers with ImageClassification, TextClassification and Tabular problem type config support.
+
+# Release (2023-06-16)
+
+## General Highlights
+* **Dependency Update**: Updated to the latest SDK module versions
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/applicationdiscoveryservice`: [v1.16.0](service/applicationdiscoveryservice/CHANGELOG.md#v1160-2023-06-16)
+  * **Feature**: Add Amazon EC2 instance recommendations export
+* `github.com/aws/aws-sdk-go-v2/service/connect`: [v1.59.0](service/connect/CHANGELOG.md#v1590-2023-06-16)
+  * **Feature**: Updates the *InstanceStorageConfig APIs to support a new ResourceType: SCREEN_RECORDINGS to enable screen recording and specify the storage configurations for publishing the recordings. Also updates DescribeInstance and ListInstances APIs to include InstanceAccessUrl attribute in the API response.
+* `github.com/aws/aws-sdk-go-v2/service/iam`: [v1.20.3](service/iam/CHANGELOG.md#v1203-2023-06-16)
+  * **Documentation**: Documentation updates for AWS Identity and Access Management (IAM).
+* `github.com/aws/aws-sdk-go-v2/service/s3`: [v1.35.0](service/s3/CHANGELOG.md#v1350-2023-06-16)
+  * **Feature**: This release adds SDK support for request-payer request header and request-charged response header in the "GetBucketAccelerateConfiguration", "ListMultipartUploads", "ListObjects", "ListObjectsV2" and "ListObjectVersions" S3 APIs.
+
+# Release (2023-06-15)
+
+## General Highlights
+* **Dependency Update**: Updated to the latest SDK module versions
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/auditmanager`: [v1.25.0](service/auditmanager/CHANGELOG.md#v1250-2023-06-15)
+  * **Feature**: This release introduces 2 Audit Manager features: CSV exports and new manual evidence options. You can now export your evidence finder results in CSV format. In addition, you can now add manual evidence to a control by entering free-form text or uploading a file from your browser.
+* `github.com/aws/aws-sdk-go-v2/service/efs`: [v1.20.3](service/efs/CHANGELOG.md#v1203-2023-06-15)
+  * **Documentation**: Documentation updates for EFS.
+* `github.com/aws/aws-sdk-go-v2/service/guardduty`: [v1.23.2](service/guardduty/CHANGELOG.md#v1232-2023-06-15)
+  * **Documentation**: Updated descriptions for some APIs.
+* `github.com/aws/aws-sdk-go-v2/service/location`: [v1.24.0](service/location/CHANGELOG.md#v1240-2023-06-15)
+  * **Feature**: Amazon Location Service adds categories to places, including filtering on those categories in searches. Also, you can now add metadata properties to your geofences.
+
 # Release (2023-06-13)
 
 ## General Highlights
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/Makefile b/vendor/github.com/aws/aws-sdk-go-v2/Makefile
index 4f74a2654..9dc36fe4e 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/Makefile
+++ b/vendor/github.com/aws/aws-sdk-go-v2/Makefile
@@ -1,6 +1,9 @@
 # Lint rules to ignore
 LINTIGNORESINGLEFIGHT='internal/sync/singleflight/singleflight.go:.+error should be the last type'
 LINT_IGNORE_S3MANAGER_INPUT='feature/s3/manager/upload.go:.+struct field SSEKMSKeyId should be SSEKMSKeyID'
+# Names of these are tied to endpoint rules and they're internal so ignore them
+LINT_IGNORE_AWSRULESFN_ARN='internal/endpoints/awsrulesfn/arn.go'
+LINT_IGNORE_AWSRULESFN_PARTITION='internal/endpoints/awsrulesfn/partition.go'
 
 UNIT_TEST_TAGS=
 BUILD_TAGS=-tags "example,codegen,integration,ec2env,perftest"
@@ -81,6 +84,13 @@ generate: smithy-generate update-requires gen-repo-mod-replace update-module-met
 gen-config-asserts gen-internal-codegen copy-attributevalue-feature gen-mod-dropreplace-smithy-. min-go-version-. \
 tidy-modules-. add-module-license-files gen-aws-ptrs format
 
+generate-tmpreplace-smithy: smithy-generate update-requires gen-repo-mod-replace update-module-metadata smithy-annotate-stable \
+gen-config-asserts gen-internal-codegen copy-attributevalue-feature gen-mod-replace-smithy-. min-go-version-. \
+tidy-modules-. add-module-license-files gen-aws-ptrs format gen-mod-dropreplace-smithy-. reset-sum
+
+reset-sum:
+	find . -name go.sum -exec git checkout -- {} \;
+
 smithy-generate:
 	cd codegen && ./gradlew clean build -Plog-tests && ./gradlew clean
 
@@ -460,7 +470,9 @@ lint:
 	@lint=`golint ./...`; \
 	dolint=`echo "$$lint" | grep -E -v \
 	-e ${LINT_IGNORE_S3MANAGER_INPUT} \
-	-e ${LINTIGNORESINGLEFIGHT}`; \
+	-e ${LINTIGNORESINGLEFIGHT} \
+	-e ${LINT_IGNORE_AWSRULESFN_ARN} \
+	-e ${LINT_IGNORE_AWSRULESFN_PARTITION}`; \
 	echo "$$dolint"; \
 	if [ "$$dolint" != "" ]; then exit 1; fi
 
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/aws/config.go b/vendor/github.com/aws/aws-sdk-go-v2/aws/config.go
index 20153586b..fe7aacbfa 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/aws/config.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/aws/config.go
@@ -68,6 +68,12 @@ type Config struct {
 	//
 	// See the `aws.EndpointResolverWithOptions` documentation for additional
 	// usage information.
+	//
+	// Deprecated: with the release of endpoint resolution v2 in API clients,
+	// EndpointResolver and EndpointResolverWithOptions are deprecated.
+	// Providing a value for this field will likely prevent you from using
+	// newer endpoint-related service features. See API client options
+	// EndpointResolverV2 and BaseEndpoint.
 	EndpointResolverWithOptions EndpointResolverWithOptions
 
 	// RetryMaxAttempts specifies the maximum number attempts an API client
@@ -132,6 +138,14 @@ type Config struct {
 	// `config.LoadDefaultConfig`. You should not populate this structure
 	// programmatically, or rely on the values here within your applications.
 	RuntimeEnvironment RuntimeEnvironment
+
+	// AppId is an optional application specific identifier that can be set.
+	// When set it will be appended to the User-Agent header of every request
+	// in the form of App/{AppId}. This variable is sourced from environment
+	// variable AWS_SDK_UA_APP_ID or the shared config profile attribute sdk_ua_app_id.
+	// See https://docs.aws.amazon.com/sdkref/latest/guide/settings-reference.html for
+	// more information on environment variables and shared config settings.
+	AppID string
 }
 
 // NewConfig returns a new Config pointer that can be chained with builder
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/aws/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/aws/go_module_metadata.go
index abee83b73..cd38b9280 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/aws/go_module_metadata.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/aws/go_module_metadata.go
@@ -3,4 +3,4 @@
 package aws
 
 // goModuleVersion is the tagged release for this module
-const goModuleVersion = "1.18.1"
+const goModuleVersion = "1.21.2"
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/aws/middleware/metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/aws/middleware/metadata.go
index e6e87ac77..2de15528c 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/aws/middleware/metadata.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/aws/middleware/metadata.go
@@ -2,6 +2,7 @@ package middleware
 
 import (
 	"context"
+
 	"github.com/aws/aws-sdk-go-v2/aws"
 
 	"github.com/aws/smithy-go/middleware"
@@ -42,12 +43,13 @@ func (s RegisterServiceMetadata) HandleInitialize(
 
 // service metadata keys for storing and lookup of runtime stack information.
 type (
-	serviceIDKey     struct{}
-	signingNameKey   struct{}
-	signingRegionKey struct{}
-	regionKey        struct{}
-	operationNameKey struct{}
-	partitionIDKey   struct{}
+	serviceIDKey               struct{}
+	signingNameKey             struct{}
+	signingRegionKey           struct{}
+	regionKey                  struct{}
+	operationNameKey           struct{}
+	partitionIDKey             struct{}
+	requiresLegacyEndpointsKey struct{}
 )
 
 // GetServiceID retrieves the service id from the context.
@@ -104,6 +106,25 @@ func GetPartitionID(ctx context.Context) string {
 	return v
 }
 
+// GetRequiresLegacyEndpoints the flag used to indicate if legacy endpoint
+// customizations need to be executed.
+//
+// Scoped to stack values. Use github.com/aws/smithy-go/middleware#ClearStackValues
+// to clear all stack values.
+func GetRequiresLegacyEndpoints(ctx context.Context) bool {
+	v, _ := middleware.GetStackValue(ctx, requiresLegacyEndpointsKey{}).(bool)
+	return v
+}
+
+// SetRequiresLegacyEndpoints set or modifies the flag indicated that
+// legacy endpoint customizations are needed.
+//
+// Scoped to stack values. Use github.com/aws/smithy-go/middleware#ClearStackValues
+// to clear all stack values.
+func SetRequiresLegacyEndpoints(ctx context.Context, value bool) context.Context {
+	return middleware.WithStackValue(ctx, requiresLegacyEndpointsKey{}, value)
+}
+
 // SetSigningName set or modifies the signing name on the context.
 //
 // Scoped to stack values. Use github.com/aws/smithy-go/middleware#ClearStackValues
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/aws/middleware/user_agent.go b/vendor/github.com/aws/aws-sdk-go-v2/aws/middleware/user_agent.go
index 285b2bba8..af3447ddc 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/aws/middleware/user_agent.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/aws/middleware/user_agent.go
@@ -59,6 +59,11 @@ func (k SDKAgentKeyType) string() string {
 
 const execEnvVar = `AWS_EXECUTION_ENV`
 
+var validChars = map[rune]bool{
+	'!': true, '#': true, '$': true, '%': true, '&': true, '\'': true, '*': true, '+': true,
+	'-': true, '.': true, '^': true, '_': true, '`': true, '|': true, '~': true,
+}
+
 // requestUserAgent is a build middleware that set the User-Agent for the request.
 type requestUserAgent struct {
 	sdkAgent, userAgent *smithyhttp.UserAgentBuilder
@@ -178,24 +183,24 @@ func getOrAddRequestUserAgent(stack *middleware.Stack) (*requestUserAgent, error
 
 // AddUserAgentKey adds the component identified by name to the User-Agent string.
 func (u *requestUserAgent) AddUserAgentKey(key string) {
-	u.userAgent.AddKey(key)
+	u.userAgent.AddKey(strings.Map(rules, key))
 }
 
 // AddUserAgentKeyValue adds the key identified by the given name and value to the User-Agent string.
 func (u *requestUserAgent) AddUserAgentKeyValue(key, value string) {
-	u.userAgent.AddKeyValue(key, value)
+	u.userAgent.AddKeyValue(strings.Map(rules, key), strings.Map(rules, value))
 }
 
 // AddUserAgentKey adds the component identified by name to the User-Agent string.
 func (u *requestUserAgent) AddSDKAgentKey(keyType SDKAgentKeyType, key string) {
 	// TODO: should target sdkAgent
-	u.userAgent.AddKey(keyType.string() + "/" + key)
+	u.userAgent.AddKey(keyType.string() + "/" + strings.Map(rules, key))
 }
 
 // AddUserAgentKeyValue adds the key identified by the given name and value to the User-Agent string.
 func (u *requestUserAgent) AddSDKAgentKeyValue(keyType SDKAgentKeyType, key, value string) {
 	// TODO: should target sdkAgent
-	u.userAgent.AddKeyValue(keyType.string()+"/"+key, value)
+	u.userAgent.AddKeyValue(keyType.string(), strings.Map(rules, key)+"#"+strings.Map(rules, value))
 }
 
 // ID the name of the middleware.
@@ -241,3 +246,16 @@ func updateHTTPHeader(request *smithyhttp.Request, header string, value string)
 	}
 	request.Header[header] = append(request.Header[header][:0], current)
 }
+
+func rules(r rune) rune {
+	switch {
+	case r >= '0' && r <= '9':
+		return r
+	case r >= 'A' && r <= 'Z' || r >= 'a' && r <= 'z':
+		return r
+	case validChars[r]:
+		return r
+	default:
+		return '-'
+	}
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream/CHANGELOG.md
index 402849cda..44d08cee7 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream/CHANGELOG.md
+++ b/vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream/CHANGELOG.md
@@ -1,3 +1,23 @@
+# v1.4.13 (2023-08-18)
+
+* No change notes available for this release.
+
+# v1.4.12 (2023-08-07)
+
+* No change notes available for this release.
+
+# v1.4.11 (2023-07-31)
+
+* No change notes available for this release.
+
+# v1.4.10 (2022-12-02)
+
+* No change notes available for this release.
+
+# v1.4.9 (2022-10-24)
+
+* No change notes available for this release.
+
 # v1.4.8 (2022-09-14)
 
 * No change notes available for this release.
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream/go_module_metadata.go
index 048add0bb..19f7e20cb 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream/go_module_metadata.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream/go_module_metadata.go
@@ -3,4 +3,4 @@
 package eventstream
 
 // goModuleVersion is the tagged release for this module
-const goModuleVersion = "1.4.8"
+const goModuleVersion = "1.4.13"
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/query/object.go b/vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/query/object.go
index 6a99d4ea8..455b92515 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/query/object.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/query/object.go
@@ -41,6 +41,12 @@ func (o *Object) Key(name string) Value {
 	return o.key(name, false)
 }
 
+// KeyWithValues adds the given named key to the Query object.
+// Returns a Value encoder that should be used to encode a Query list of values.
+func (o *Object) KeyWithValues(name string) Value {
+	return o.keyWithValues(name, false)
+}
+
 // FlatKey adds the given named key to the Query object.
 // Returns a Value encoder that should be used to encode a Query value type. The
 // value will be flattened if it is a map or array.
@@ -54,3 +60,10 @@ func (o *Object) key(name string, flatValue bool) Value {
 	}
 	return newValue(o.values, name, flatValue)
 }
+
+func (o *Object) keyWithValues(name string, flatValue bool) Value {
+	if o.prefix != "" {
+		return newAppendValue(o.values, fmt.Sprintf("%s.%s", o.prefix, name), flatValue)
+	}
+	return newAppendValue(o.values, name, flatValue)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/query/value.go b/vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/query/value.go
index 302525ab1..a9251521f 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/query/value.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/query/value.go
@@ -27,6 +27,15 @@ func newValue(values url.Values, key string, flat bool) Value {
 	}
 }
 
+func newAppendValue(values url.Values, key string, flat bool) Value {
+	return Value{
+		values:     values,
+		key:        key,
+		flat:       flat,
+		queryValue: httpbinding.NewQueryValue(values, key, true),
+	}
+}
+
 func newBaseValue(values url.Values) Value {
 	return Value{
 		values:     values,
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/aws/retry/retryable_error.go b/vendor/github.com/aws/aws-sdk-go-v2/aws/retry/retryable_error.go
index 00d7d3eee..987affdde 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/aws/retry/retryable_error.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/aws/retry/retryable_error.go
@@ -97,11 +97,21 @@ func (r RetryableConnectionError) IsErrorRetryable(err error) aws.Ternary {
 	var netOpErr *net.OpError
 	var dnsError *net.DNSError
 
-	switch {
-	case errors.As(err, &dnsError):
+	if errors.As(err, &dnsError) {
 		// NXDOMAIN errors should not be retried
-		retryable = !dnsError.IsNotFound && dnsError.IsTemporary
+		if dnsError.IsNotFound {
+			return aws.BoolTernary(false)
+		}
+
+		// if !dnsError.Temporary(), error may or may not be temporary,
+		// (i.e. !Temporary() =/=> !retryable) so we should fall through to
+		// remaining checks
+		if dnsError.Temporary() {
+			return aws.BoolTernary(true)
+		}
+	}
 
+	switch {
 	case errors.As(err, &conErr) && conErr.ConnectionError():
 		retryable = true
 
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/aws/signer/internal/v4/headers.go b/vendor/github.com/aws/aws-sdk-go-v2/aws/signer/internal/v4/headers.go
index 64c4c4845..71b1a3521 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/aws/signer/internal/v4/headers.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/aws/signer/internal/v4/headers.go
@@ -48,6 +48,7 @@ var RequiredSignedHeaders = Rules{
 			"X-Amz-Request-Payer":                                         struct{}{},
 			"X-Amz-Server-Side-Encryption":                                struct{}{},
 			"X-Amz-Server-Side-Encryption-Aws-Kms-Key-Id":                 struct{}{},
+			"X-Amz-Server-Side-Encryption-Context":                        struct{}{},
 			"X-Amz-Server-Side-Encryption-Customer-Algorithm":             struct{}{},
 			"X-Amz-Server-Side-Encryption-Customer-Key":                   struct{}{},
 			"X-Amz-Server-Side-Encryption-Customer-Key-Md5":               struct{}{},
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/aws/signer/v4/middleware.go b/vendor/github.com/aws/aws-sdk-go-v2/aws/signer/v4/middleware.go
index 749bda69e..0fb9b24e4 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/aws/signer/v4/middleware.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/aws/signer/v4/middleware.go
@@ -12,6 +12,7 @@ import (
 	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	v4Internal "github.com/aws/aws-sdk-go-v2/aws/signer/internal/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
 	"github.com/aws/aws-sdk-go-v2/internal/sdk"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
@@ -301,11 +302,23 @@ func (s *SignHTTPRequestMiddleware) HandleFinalize(ctx context.Context, in middl
 		return out, metadata, &SigningError{Err: fmt.Errorf("failed to retrieve credentials: %w", err)}
 	}
 
-	err = s.signer.SignHTTP(ctx, credentials, req.Request, payloadHash, signingName, signingRegion, sdk.NowTime(),
+	signerOptions := []func(o *SignerOptions){
 		func(o *SignerOptions) {
 			o.Logger = middleware.GetLogger(ctx)
 			o.LogSigning = s.logSigning
+		},
+	}
+
+	// existing DisableURIPathEscaping is equivalent in purpose
+	// to authentication scheme property DisableDoubleEncoding
+	disableDoubleEncoding, overridden := internalauth.GetDisableDoubleEncoding(ctx)
+	if overridden {
+		signerOptions = append(signerOptions, func(o *SignerOptions) {
+			o.DisableURIPathEscaping = disableDoubleEncoding
 		})
+	}
+
+	err = s.signer.SignHTTP(ctx, credentials, req.Request, payloadHash, signingName, signingRegion, sdk.NowTime(), signerOptions...)
 	if err != nil {
 		return out, metadata, &SigningError{Err: fmt.Errorf("failed to sign http request, %w", err)}
 	}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/aws/signer/v4/v4.go b/vendor/github.com/aws/aws-sdk-go-v2/aws/signer/v4/v4.go
index afd069c1f..4d162556b 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/aws/signer/v4/v4.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/aws/signer/v4/v4.go
@@ -335,7 +335,7 @@ func (s Signer) SignHTTP(ctx context.Context, credentials aws.Credentials, r *ht
 //
 //	expires := 20 * time.Minute
 //	query := req.URL.Query()
-//	query.Set("X-Amz-Expires", strconv.FormatInt(int64(expires/time.Second), 10)
+//	query.Set("X-Amz-Expires", strconv.FormatInt(int64(expires/time.Second), 10))
 //	req.URL.RawQuery = query.Encode()
 //
 // This method does not modify the provided request.
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/ci-find-smithy-go.sh b/vendor/github.com/aws/aws-sdk-go-v2/ci-find-smithy-go.sh
new file mode 100644
index 000000000..4da5d09cb
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go-v2/ci-find-smithy-go.sh
@@ -0,0 +1,58 @@
+#!/bin/bash
+
+# looks for (and modreplaces if existing) a smithy-go branch matching the
+# current branch name
+#
+# the loop will unfurl -*s off of the branch, e.g. sdk branch
+# 'feat-foo-bar-baz' will match any of the following (in order):
+#  - feat-foo-bar-baz
+#  - feat-foo-bar
+#  - feat-foo
+
+if [ -z "$SMITHY_GO_REPOSITORY" ]; then
+    SMITHY_GO_REPOSITORY=aws/smithy-go
+fi
+
+if [ -z "$RUNNER_TMPDIR" ]; then
+    echo env RUNNER_TMPDIR is required
+    exit 1
+fi
+
+branch=$(git branch --show-current)
+if [ "$branch" == main ]; then
+    echo aws-sdk-go-v2 is on branch main, stop
+    exit 0
+fi
+
+# For PR workflows, only the triggering ref is checked out, which in isolation
+# is not recognized as a branch by git. Use the specific workflow env instead.
+if [ -z "$branch" ]; then
+    branch=$GITHUB_HEAD_REF
+fi
+
+if [ -n "$GIT_PAT" ]; then
+    repository=https://$GIT_PAT@github.com/$SMITHY_GO_REPOSITORY
+else
+    repository=https://github.com/$SMITHY_GO_REPOSITORY
+fi
+
+echo on branch \"$branch\"
+while [ -n "$branch" ] && [[ "$branch" == *-* ]]; do
+    echo looking for "$branch"...
+    git ls-remote --exit-code --heads "$repository" refs/heads/"$branch"
+    if [ "$?" == 0 ]; then
+        echo found "$branch"
+        matched_branch=$branch
+        break
+    fi
+
+    branch=${branch%-*}
+done
+
+if [ -z "$matched_branch" ]; then
+    echo found no matching smithy-go branch, stop
+    exit 0
+fi
+
+git clone -b "$matched_branch" "$repository" "$RUNNER_TMPDIR"/smithy-go
+SMITHY_GO_SRC=$RUNNER_TMPDIR/smithy-go make gen-mod-replace-smithy-.
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/config/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/config/CHANGELOG.md
index 325779c09..a1ecda86f 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/config/CHANGELOG.md
+++ b/vendor/github.com/aws/aws-sdk-go-v2/config/CHANGELOG.md
@@ -1,3 +1,86 @@
+# v1.19.1 (2023-10-24)
+
+* No change notes available for this release.
+
+# v1.19.0 (2023-10-16)
+
+* **Feature**: Modify logic of retrieving user agent appID from env config
+
+# v1.18.45 (2023-10-12)
+
+* **Bug Fix**: Fail to load config if an explicitly provided profile doesn't exist.
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.18.44 (2023-10-06)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.18.43 (2023-10-02)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.18.42 (2023-09-22)
+
+* **Bug Fix**: Fixed a bug where merging `max_attempts` or `duration_seconds` fields across shared config files with invalid values would silently default them to 0.
+* **Bug Fix**: Move type assertion of config values out of the parsing stage, which resolves an issue where the contents of a profile would silently be dropped with certain numeric formats.
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.18.41 (2023-09-20)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.18.40 (2023-09-18)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.18.39 (2023-09-05)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.18.38 (2023-08-31)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.18.37 (2023-08-23)
+
+* No change notes available for this release.
+
+# v1.18.36 (2023-08-21)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.18.35 (2023-08-18)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.18.34 (2023-08-17)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.18.33 (2023-08-07)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.18.32 (2023-08-01)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.18.31 (2023-07-31)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.18.30 (2023-07-28)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.18.29 (2023-07-25)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.18.28 (2023-07-13)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
 # v1.18.27 (2023-06-15)
 
 * **Dependency Update**: Updated to the latest SDK module versions
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/config/config.go b/vendor/github.com/aws/aws-sdk-go-v2/config/config.go
index 5940f8e7e..bf26eab9a 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/config/config.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/config/config.go
@@ -2,18 +2,11 @@ package config
 
 import (
 	"context"
+	"os"
 
 	"github.com/aws/aws-sdk-go-v2/aws"
 )
 
-// defaultLoaders are a slice of functions that will read external configuration
-// sources for configuration values. These values are read by the AWSConfigResolvers
-// using interfaces to extract specific information from the external configuration.
-var defaultLoaders = []loader{
-	loadEnvConfig,
-	loadSharedConfigIgnoreNotExist,
-}
-
 // defaultAWSConfigResolvers are a slice of functions that will resolve external
 // configuration values into AWS configuration values.
 //
@@ -76,6 +69,9 @@ var defaultAWSConfigResolvers = []awsConfigResolver{
 	// Sets the resolved bearer authentication token API clients will use for
 	// httpBearerAuth authentication scheme.
 	resolveBearerAuthToken,
+
+	// Sets the sdk app ID if present in shared config profile
+	resolveAppID,
 }
 
 // A Config represents a generic configuration value or set of values. This type
@@ -187,7 +183,7 @@ func LoadDefaultConfig(ctx context.Context, optFns ...func(*LoadOptions) error)
 	// assign Load Options to configs
 	var cfgCpy = configs{options}
 
-	cfgCpy, err = cfgCpy.AppendFromLoaders(ctx, defaultLoaders)
+	cfgCpy, err = cfgCpy.AppendFromLoaders(ctx, resolveConfigLoaders(&options))
 	if err != nil {
 		return aws.Config{}, err
 	}
@@ -199,3 +195,17 @@ func LoadDefaultConfig(ctx context.Context, optFns ...func(*LoadOptions) error)
 
 	return cfg, nil
 }
+
+func resolveConfigLoaders(options *LoadOptions) []loader {
+	loaders := make([]loader, 2)
+	loaders[0] = loadEnvConfig
+
+	// specification of a profile should cause a load failure if it doesn't exist
+	if os.Getenv(awsProfileEnvVar) != "" || options.SharedConfigProfile != "" {
+		loaders[1] = loadSharedConfig
+	} else {
+		loaders[1] = loadSharedConfigIgnoreNotExist
+	}
+
+	return loaders
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/config/env_config.go b/vendor/github.com/aws/aws-sdk-go-v2/config/env_config.go
index 18c8e0121..a142a45c5 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/config/env_config.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/config/env_config.go
@@ -69,6 +69,7 @@ const (
 
 	awsRetryMaxAttempts = "AWS_MAX_ATTEMPTS"
 	awsRetryMode        = "AWS_RETRY_MODE"
+	awsSdkAppID         = "AWS_SDK_UA_APP_ID"
 )
 
 var (
@@ -248,6 +249,9 @@ type EnvConfig struct {
 	//
 	// aws_retry_mode=standard
 	RetryMode aws.RetryMode
+
+	// aws sdk app ID that can be added to user agent header string
+	AppID string
 }
 
 // loadEnvConfig reads configuration values from the OS's environment variables.
@@ -288,6 +292,8 @@ func NewEnvConfig() (EnvConfig, error) {
 	cfg.RoleARN = os.Getenv(awsRoleARNEnvVar)
 	cfg.RoleSessionName = os.Getenv(awsRoleSessionNameEnvVar)
 
+	cfg.AppID = os.Getenv(awsSdkAppID)
+
 	if err := setEndpointDiscoveryTypeFromEnvVal(&cfg.EnableEndpointDiscovery, []string{awsEnableEndpointDiscoveryEnvVar}); err != nil {
 		return cfg, err
 	}
@@ -335,6 +341,10 @@ func (c EnvConfig) getDefaultsMode(ctx context.Context) (aws.DefaultsMode, bool,
 	return c.DefaultsMode, true, nil
 }
 
+func (c EnvConfig) getAppID(context.Context) (string, bool, error) {
+	return c.AppID, len(c.AppID) > 0, nil
+}
+
 // GetRetryMaxAttempts returns the value of AWS_MAX_ATTEMPTS if was specified,
 // and not 0.
 func (c EnvConfig) GetRetryMaxAttempts(ctx context.Context) (int, bool, error) {
@@ -482,9 +492,9 @@ func (c EnvConfig) GetS3UseARNRegion(ctx context.Context) (value, ok bool, err e
 	return *c.S3UseARNRegion, true, nil
 }
 
-// GetS3DisableMultRegionAccessPoints returns whether to disable multi-region access point
+// GetS3DisableMultiRegionAccessPoints returns whether to disable multi-region access point
 // support for the S3 client.
-func (c EnvConfig) GetS3DisableMultRegionAccessPoints(ctx context.Context) (value, ok bool, err error) {
+func (c EnvConfig) GetS3DisableMultiRegionAccessPoints(ctx context.Context) (value, ok bool, err error) {
 	if c.S3DisableMultiRegionAccessPoints == nil {
 		return false, false, nil
 	}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/config/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/config/go_module_metadata.go
index 9c6d17216..887131d08 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/config/go_module_metadata.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/config/go_module_metadata.go
@@ -3,4 +3,4 @@
 package config
 
 // goModuleVersion is the tagged release for this module
-const goModuleVersion = "1.18.27"
+const goModuleVersion = "1.19.1"
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/config/load_options.go b/vendor/github.com/aws/aws-sdk-go-v2/config/load_options.go
index 625147e97..7480bb45e 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/config/load_options.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/config/load_options.go
@@ -172,6 +172,10 @@ type LoadOptions struct {
 	// the region, the client's requests are sent to.
 	S3UseARNRegion *bool
 
+	// S3DisableMultiRegionAccessPoints specifies if the S3 service should disable
+	// the S3 Multi-Region access points feature.
+	S3DisableMultiRegionAccessPoints *bool
+
 	// EnableEndpointDiscovery specifies if endpoint discovery is enable for
 	// the client.
 	EnableEndpointDiscovery aws.EndpointDiscoveryEnableState
@@ -199,6 +203,9 @@ type LoadOptions struct {
 
 	// Specifies the SDK configuration mode for defaults.
 	DefaultsModeOptions DefaultsModeOptions
+
+	// The sdk app ID retrieved from env var or shared config to be added to request user agent header
+	AppID string
 }
 
 func (o LoadOptions) getDefaultsMode(ctx context.Context) (aws.DefaultsMode, bool, error) {
@@ -241,6 +248,11 @@ func (o LoadOptions) getRegion(ctx context.Context) (string, bool, error) {
 	return o.Region, true, nil
 }
 
+// getAppID returns AppID from config's LoadOptions
+func (o LoadOptions) getAppID(ctx context.Context) (string, bool, error) {
+	return o.AppID, len(o.AppID) > 0, nil
+}
+
 // WithRegion is a helper function to construct functional options
 // that sets Region on config's LoadOptions. Setting the region to
 // an empty string, will result in the region value being ignored.
@@ -253,6 +265,15 @@ func WithRegion(v string) LoadOptionsFunc {
 	}
 }
 
+// WithAppID is a helper function to construct functional options
+// that sets AppID on config's LoadOptions.
+func WithAppID(ID string) LoadOptionsFunc {
+	return func(o *LoadOptions) error {
+		o.AppID = ID
+		return nil
+	}
+}
+
 // getDefaultRegion returns DefaultRegion from config's LoadOptions
 func (o LoadOptions) getDefaultRegion(ctx context.Context) (string, bool, error) {
 	if len(o.DefaultRegion) == 0 {
@@ -859,6 +880,26 @@ func WithS3UseARNRegion(v bool) LoadOptionsFunc {
 	}
 }
 
+// GetS3DisableMultiRegionAccessPoints returns whether to disable
+// the S3 multi-region access points feature.
+func (o LoadOptions) GetS3DisableMultiRegionAccessPoints(ctx context.Context) (v bool, found bool, err error) {
+	if o.S3DisableMultiRegionAccessPoints == nil {
+		return false, false, nil
+	}
+	return *o.S3DisableMultiRegionAccessPoints, true, nil
+}
+
+// WithS3DisableMultiRegionAccessPoints is a helper function to construct functional options
+// that can be used to set S3DisableMultiRegionAccessPoints on LoadOptions.
+// If multiple WithS3DisableMultiRegionAccessPoints calls are made, the last call overrides
+// the previous call values.
+func WithS3DisableMultiRegionAccessPoints(v bool) LoadOptionsFunc {
+	return func(o *LoadOptions) error {
+		o.S3DisableMultiRegionAccessPoints = &v
+		return nil
+	}
+}
+
 // GetEnableEndpointDiscovery returns if the EnableEndpointDiscovery flag is set.
 func (o LoadOptions) GetEnableEndpointDiscovery(ctx context.Context) (value aws.EndpointDiscoveryEnableState, ok bool, err error) {
 	if o.EnableEndpointDiscovery == aws.EndpointDiscoveryUnset {
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/config/provider.go b/vendor/github.com/aws/aws-sdk-go-v2/config/provider.go
index 6f1ab8cd1..b05623515 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/config/provider.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/config/provider.go
@@ -122,6 +122,43 @@ func getRegion(ctx context.Context, configs configs) (value string, found bool,
 	return
 }
 
+// IgnoreConfiguredEndpointsProvider is needed to search for all providers
+// that provide a flag to disable configured endpoints.
+type IgnoreConfiguredEndpointsProvider interface {
+	GetIgnoreConfiguredEndpoints(ctx context.Context) (bool, bool, error)
+}
+
+// GetIgnoreConfiguredEndpoints is used in knowing when to disable configured
+// endpoints feature.
+func GetIgnoreConfiguredEndpoints(ctx context.Context, configs []Config) (value bool, found bool, err error) {
+	for _, cfg := range configs {
+		if p, ok := cfg.(IgnoreConfiguredEndpointsProvider); ok {
+			value, found, err = p.GetIgnoreConfiguredEndpoints(ctx)
+			if err != nil || found {
+				break
+			}
+		}
+	}
+	return
+}
+
+// appIDProvider provides access to the sdk app ID value
+type appIDProvider interface {
+	getAppID(ctx context.Context) (string, bool, error)
+}
+
+func getAppID(ctx context.Context, configs configs) (value string, found bool, err error) {
+	for _, cfg := range configs {
+		if p, ok := cfg.(appIDProvider); ok {
+			value, found, err = p.getAppID(ctx)
+			if err != nil || found {
+				break
+			}
+		}
+	}
+	return
+}
+
 // ec2IMDSRegionProvider provides access to the ec2 imds region
 // configuration value
 type ec2IMDSRegionProvider interface {
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/config/resolve.go b/vendor/github.com/aws/aws-sdk-go-v2/config/resolve.go
index 4428ba49c..1187e8c48 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/config/resolve.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/config/resolve.go
@@ -106,6 +106,17 @@ func resolveRegion(ctx context.Context, cfg *aws.Config, configs configs) error
 	return nil
 }
 
+// resolveAppID extracts the sdk app ID from the configs slice's SharedConfig or env var
+func resolveAppID(ctx context.Context, cfg *aws.Config, configs configs) error {
+	ID, _, err := getAppID(ctx, configs)
+	if err != nil {
+		return err
+	}
+
+	cfg.AppID = ID
+	return nil
+}
+
 // resolveDefaultRegion extracts the first instance of a default region and sets `aws.Config.Region` to the default
 // region if region had not been resolved from other sources.
 func resolveDefaultRegion(ctx context.Context, cfg *aws.Config, configs configs) error {
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/config/shared_config.go b/vendor/github.com/aws/aws-sdk-go-v2/config/shared_config.go
index aac8f8369..ae5ba7658 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/config/shared_config.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/config/shared_config.go
@@ -95,6 +95,8 @@ const (
 	retryModeKey        = "retry_mode"
 
 	caBundleKey = "ca_bundle"
+
+	sdkAppID = "sdk_ua_app_id"
 )
 
 // defaultSharedConfigProfile allows for swapping the default profile for testing
@@ -267,6 +269,9 @@ type SharedConfig struct {
 	//
 	//  ca_bundle=$HOME/my_custom_ca_bundle
 	CustomCABundle string
+
+	// aws sdk app ID that can be added to user agent header string
+	AppID string
 }
 
 func (c SharedConfig) getDefaultsMode(ctx context.Context) (value aws.DefaultsMode, ok bool, err error) {
@@ -389,6 +394,11 @@ func (c SharedConfig) getCustomCABundle(context.Context) (io.Reader, bool, error
 	return bytes.NewReader(b), true, nil
 }
 
+// getAppID returns the sdk app ID if set in shared config profile
+func (c SharedConfig) getAppID(context.Context) (string, bool, error) {
+	return c.AppID, len(c.AppID) > 0, nil
+}
+
 // loadSharedConfigIgnoreNotExist is an alias for loadSharedConfig with the
 // addition of ignoring when none of the files exist or when the profile
 // is not found in any of the files.
@@ -730,6 +740,8 @@ func mergeSections(dst *ini.Sections, src ini.Sections) error {
 			defaultsModeKey,
 			retryModeKey,
 			caBundleKey,
+			roleDurationSecondsKey,
+			retryMaxAttemptsKey,
 
 			ssoSessionNameKey,
 			ssoAccountIDKey,
@@ -743,16 +755,6 @@ func mergeSections(dst *ini.Sections, src ini.Sections) error {
 			}
 		}
 
-		intKeys := []string{
-			roleDurationSecondsKey,
-			retryMaxAttemptsKey,
-		}
-		for i := range intKeys {
-			if err := mergeIntKey(&srcSection, &dstSection, sectionName, intKeys[i]); err != nil {
-				return err
-			}
-		}
-
 		// set srcSection on dst srcSection
 		*dst = dst.SetSection(sectionName, dstSection)
 	}
@@ -779,26 +781,6 @@ func mergeStringKey(srcSection *ini.Section, dstSection *ini.Section, sectionNam
 	return nil
 }
 
-func mergeIntKey(srcSection *ini.Section, dstSection *ini.Section, sectionName, key string) error {
-	if srcSection.Has(key) {
-		srcValue := srcSection.Int(key)
-		v, err := ini.NewIntValue(srcValue)
-		if err != nil {
-			return fmt.Errorf("error merging %s, %w", key, err)
-		}
-
-		if dstSection.Has(key) {
-			dstSection.Logs = append(dstSection.Logs, newMergeKeyLogMessage(sectionName, key,
-				dstSection.SourceFile[key], srcSection.SourceFile[key]))
-
-		}
-
-		dstSection.UpdateValue(key, v)
-		dstSection.UpdateSourceFile(key, srcSection.SourceFile[key])
-	}
-	return nil
-}
-
 func newMergeKeyLogMessage(sectionName, key, dstSourceFile, srcSourceFile string) string {
 	return fmt.Sprintf("For profile: %v, overriding %v value, defined in %v "+
 		"with a %v value found in a duplicate profile defined at file %v. \n",
@@ -952,9 +934,16 @@ func (c *SharedConfig) setFromIniSection(profile string, section ini.Section) er
 	updateString(&c.SSOAccountID, section, ssoAccountIDKey)
 	updateString(&c.SSORoleName, section, ssoRoleNameKey)
 
+	// we're retaining a behavioral quirk with this field that existed before
+	// the removal of literal parsing for #2276:
+	//   - if the key is missing, the config field will not be set
+	//   - if the key is set to a non-numeric, the config field will be set to 0
 	if section.Has(roleDurationSecondsKey) {
-		d := time.Duration(section.Int(roleDurationSecondsKey)) * time.Second
-		c.RoleDurationSeconds = &d
+		if v, ok := section.Int(roleDurationSecondsKey); ok {
+			c.RoleDurationSeconds = aws.Duration(time.Duration(v) * time.Second)
+		} else {
+			c.RoleDurationSeconds = aws.Duration(time.Duration(0))
+		}
 	}
 
 	updateString(&c.CredentialProcess, section, credentialProcessKey)
@@ -985,6 +974,9 @@ func (c *SharedConfig) setFromIniSection(profile string, section ini.Section) er
 
 	updateString(&c.CustomCABundle, section, caBundleKey)
 
+	// user agent app ID added to request User-Agent header
+	updateString(&c.AppID, section, sdkAppID)
+
 	// Shared Credentials
 	creds := aws.Credentials{
 		AccessKeyID:     section.String(accessKeyIDKey),
@@ -1301,12 +1293,13 @@ func updateInt(dst *int, section ini.Section, key string) error {
 	if !section.Has(key) {
 		return nil
 	}
-	if vt, _ := section.ValueType(key); vt != ini.IntegerType {
-		return fmt.Errorf("invalid value %s=%s, expect integer",
-			key, section.String(key))
 
+	v, ok := section.Int(key)
+	if !ok {
+		return fmt.Errorf("invalid value %s=%s, expect integer", key, section.String(key))
 	}
-	*dst = int(section.Int(key))
+
+	*dst = int(v)
 	return nil
 }
 
@@ -1316,7 +1309,10 @@ func updateBool(dst *bool, section ini.Section, key string) {
 	if !section.Has(key) {
 		return
 	}
-	*dst = section.Bool(key)
+
+	// retains pre-#2276 behavior where non-bool value would resolve to false
+	v, _ := section.Bool(key)
+	*dst = v
 }
 
 // updateBoolPtr will only update the dst with the value in the section key,
@@ -1325,8 +1321,11 @@ func updateBoolPtr(dst **bool, section ini.Section, key string) {
 	if !section.Has(key) {
 		return
 	}
+
+	// retains pre-#2276 behavior where non-bool value would resolve to false
+	v, _ := section.Bool(key)
 	*dst = new(bool)
-	**dst = section.Bool(key)
+	**dst = v
 }
 
 // updateEndpointDiscoveryType will only update the dst with the value in the section, if
@@ -1358,7 +1357,8 @@ func updateUseDualStackEndpoint(dst *aws.DualStackEndpointState, section ini.Sec
 		return
 	}
 
-	if section.Bool(key) {
+	// retains pre-#2276 behavior where non-bool value would resolve to false
+	if v, _ := section.Bool(key); v {
 		*dst = aws.DualStackEndpointStateEnabled
 	} else {
 		*dst = aws.DualStackEndpointStateDisabled
@@ -1374,7 +1374,8 @@ func updateUseFIPSEndpoint(dst *aws.FIPSEndpointState, section ini.Section, key
 		return
 	}
 
-	if section.Bool(key) {
+	// retains pre-#2276 behavior where non-bool value would resolve to false
+	if v, _ := section.Bool(key); v {
 		*dst = aws.FIPSEndpointStateEnabled
 	} else {
 		*dst = aws.FIPSEndpointStateDisabled
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/credentials/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/credentials/CHANGELOG.md
index 0b0958bdf..ed558d3b9 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/credentials/CHANGELOG.md
+++ b/vendor/github.com/aws/aws-sdk-go-v2/credentials/CHANGELOG.md
@@ -1,3 +1,71 @@
+# v1.13.43 (2023-10-12)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.13.42 (2023-10-06)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.13.41 (2023-10-02)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.13.40 (2023-09-22)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.13.39 (2023-09-20)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.13.38 (2023-09-18)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.13.37 (2023-09-05)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.13.36 (2023-08-31)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.13.35 (2023-08-21)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.13.34 (2023-08-18)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.13.33 (2023-08-17)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.13.32 (2023-08-07)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.13.31 (2023-08-01)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.13.30 (2023-07-31)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.13.29 (2023-07-28)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.13.28 (2023-07-25)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.13.27 (2023-07-13)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
 # v1.13.26 (2023-06-15)
 
 * **Dependency Update**: Updated to the latest SDK module versions
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/credentials/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/credentials/go_module_metadata.go
index 878dfaf6e..5cf1064a6 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/credentials/go_module_metadata.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/credentials/go_module_metadata.go
@@ -3,4 +3,4 @@
 package credentials
 
 // goModuleVersion is the tagged release for this module
-const goModuleVersion = "1.13.26"
+const goModuleVersion = "1.13.43"
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/CHANGELOG.md
index b4d50c424..5605f42d6 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/CHANGELOG.md
+++ b/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/CHANGELOG.md
@@ -1,3 +1,39 @@
+# v1.13.13 (2023-10-12)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.13.12 (2023-10-06)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.13.11 (2023-08-21)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.13.10 (2023-08-18)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.13.9 (2023-08-17)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.13.8 (2023-08-07)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.13.7 (2023-07-31)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.13.6 (2023-07-28)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.13.5 (2023-07-13)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
 # v1.13.4 (2023-06-13)
 
 * **Dependency Update**: Updated to the latest SDK module versions
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/go_module_metadata.go
index 6fab6e917..ab96ef614 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/go_module_metadata.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/go_module_metadata.go
@@ -3,4 +3,4 @@
 package imds
 
 // goModuleVersion is the tagged release for this module
-const goModuleVersion = "1.13.4"
+const goModuleVersion = "1.13.13"
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/auth/scheme.go b/vendor/github.com/aws/aws-sdk-go-v2/internal/auth/scheme.go
new file mode 100644
index 000000000..ff229c048
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/auth/scheme.go
@@ -0,0 +1,186 @@
+package auth
+
+import (
+	"context"
+	"fmt"
+
+	smithy "github.com/aws/smithy-go"
+	"github.com/aws/smithy-go/middleware"
+)
+
+// SigV4 is a constant representing
+// Authentication Scheme Signature Version 4
+const SigV4 = "sigv4"
+
+// SigV4A is a constant representing
+// Authentication Scheme Signature Version 4A
+const SigV4A = "sigv4a"
+
+// None is a constant representing the
+// None Authentication Scheme
+const None = "none"
+
+// SupportedSchemes is a data structure
+// that indicates the list of supported AWS
+// authentication schemes
+var SupportedSchemes = map[string]bool{
+	SigV4:  true,
+	SigV4A: true,
+	None:   true,
+}
+
+// AuthenticationScheme is a representation of
+// AWS authentication schemes
+type AuthenticationScheme interface {
+	isAuthenticationScheme()
+}
+
+// AuthenticationSchemeV4 is a AWS SigV4 representation
+type AuthenticationSchemeV4 struct {
+	Name                  string
+	SigningName           *string
+	SigningRegion         *string
+	DisableDoubleEncoding *bool
+}
+
+func (a *AuthenticationSchemeV4) isAuthenticationScheme() {}
+
+// AuthenticationSchemeV4A is a AWS SigV4A representation
+type AuthenticationSchemeV4A struct {
+	Name                  string
+	SigningName           *string
+	SigningRegionSet      []string
+	DisableDoubleEncoding *bool
+}
+
+func (a *AuthenticationSchemeV4A) isAuthenticationScheme() {}
+
+// AuthenticationSchemeNone is a representation for the none auth scheme
+type AuthenticationSchemeNone struct{}
+
+func (a *AuthenticationSchemeNone) isAuthenticationScheme() {}
+
+// NoAuthenticationSchemesFoundError is used in signaling
+// that no authentication schemes have been specified.
+type NoAuthenticationSchemesFoundError struct{}
+
+func (e *NoAuthenticationSchemesFoundError) Error() string {
+	return fmt.Sprint("No authentication schemes specified.")
+}
+
+// UnSupportedAuthenticationSchemeSpecifiedError is used in
+// signaling that only unsupported authentication schemes
+// were specified.
+type UnSupportedAuthenticationSchemeSpecifiedError struct {
+	UnsupportedSchemes []string
+}
+
+func (e *UnSupportedAuthenticationSchemeSpecifiedError) Error() string {
+	return fmt.Sprint("Unsupported authentication scheme specified.")
+}
+
+// GetAuthenticationSchemes extracts the relevant authentication scheme data
+// into a custom strongly typed Go data structure.
+func GetAuthenticationSchemes(p *smithy.Properties) ([]AuthenticationScheme, error) {
+	var result []AuthenticationScheme
+	if !p.Has("authSchemes") {
+		return nil, &NoAuthenticationSchemesFoundError{}
+	}
+
+	authSchemes, _ := p.Get("authSchemes").([]interface{})
+
+	var unsupportedSchemes []string
+	for _, scheme := range authSchemes {
+		authScheme, _ := scheme.(map[string]interface{})
+
+		switch authScheme["name"] {
+		case SigV4:
+			v4Scheme := AuthenticationSchemeV4{
+				Name:                  SigV4,
+				SigningName:           getSigningName(authScheme),
+				SigningRegion:         getSigningRegion(authScheme),
+				DisableDoubleEncoding: getDisableDoubleEncoding(authScheme),
+			}
+			result = append(result, AuthenticationScheme(&v4Scheme))
+		case SigV4A:
+			v4aScheme := AuthenticationSchemeV4A{
+				Name:                  SigV4A,
+				SigningName:           getSigningName(authScheme),
+				SigningRegionSet:      getSigningRegionSet(authScheme),
+				DisableDoubleEncoding: getDisableDoubleEncoding(authScheme),
+			}
+			result = append(result, AuthenticationScheme(&v4aScheme))
+		case None:
+			noneScheme := AuthenticationSchemeNone{}
+			result = append(result, AuthenticationScheme(&noneScheme))
+		default:
+			unsupportedSchemes = append(unsupportedSchemes, authScheme["name"].(string))
+			continue
+		}
+	}
+
+	if len(result) == 0 {
+		return nil, &UnSupportedAuthenticationSchemeSpecifiedError{
+			UnsupportedSchemes: unsupportedSchemes,
+		}
+	}
+
+	return result, nil
+}
+
+type disableDoubleEncoding struct{}
+
+// SetDisableDoubleEncoding sets or modifies the disable double encoding option
+// on the context.
+//
+// Scoped to stack values. Use github.com/aws/smithy-go/middleware#ClearStackValues
+// to clear all stack values.
+func SetDisableDoubleEncoding(ctx context.Context, value bool) context.Context {
+	return middleware.WithStackValue(ctx, disableDoubleEncoding{}, value)
+}
+
+// GetDisableDoubleEncoding retrieves the disable double encoding option
+// from the context.
+//
+// Scoped to stack values. Use github.com/aws/smithy-go/middleware#ClearStackValues
+// to clear all stack values.
+func GetDisableDoubleEncoding(ctx context.Context) (value bool, ok bool) {
+	value, ok = middleware.GetStackValue(ctx, disableDoubleEncoding{}).(bool)
+	return value, ok
+}
+
+func getSigningName(authScheme map[string]interface{}) *string {
+	signingName, ok := authScheme["signingName"].(string)
+	if !ok || signingName == "" {
+		return nil
+	}
+	return &signingName
+}
+
+func getSigningRegionSet(authScheme map[string]interface{}) []string {
+	untypedSigningRegionSet, ok := authScheme["signingRegionSet"].([]interface{})
+	if !ok {
+		return nil
+	}
+	signingRegionSet := []string{}
+	for _, item := range untypedSigningRegionSet {
+		signingRegionSet = append(signingRegionSet, item.(string))
+	}
+	return signingRegionSet
+}
+
+func getSigningRegion(authScheme map[string]interface{}) *string {
+	signingRegion, ok := authScheme["signingRegion"].(string)
+	if !ok || signingRegion == "" {
+		return nil
+	}
+	return &signingRegion
+}
+
+func getDisableDoubleEncoding(authScheme map[string]interface{}) *bool {
+	disableDoubleEncoding, ok := authScheme["disableDoubleEncoding"].(bool)
+	if !ok {
+		return nil
+	}
+	return &disableDoubleEncoding
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/CHANGELOG.md
index 297f1e42c..efcbed2e7 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/CHANGELOG.md
+++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/CHANGELOG.md
@@ -1,3 +1,39 @@
+# v1.1.43 (2023-10-12)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.1.42 (2023-10-06)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.1.41 (2023-08-21)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.1.40 (2023-08-18)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.1.39 (2023-08-17)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.1.38 (2023-08-07)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.1.37 (2023-07-31)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.1.36 (2023-07-28)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.1.35 (2023-07-13)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
 # v1.1.34 (2023-06-13)
 
 * **Dependency Update**: Updated to the latest SDK module versions
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/go_module_metadata.go
index 2948b3154..2eab5803b 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/go_module_metadata.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/go_module_metadata.go
@@ -3,4 +3,4 @@
 package configsources
 
 // goModuleVersion is the tagged release for this module
-const goModuleVersion = "1.1.34"
+const goModuleVersion = "1.1.43"
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn/arn.go b/vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn/arn.go
new file mode 100644
index 000000000..e6223dd3b
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn/arn.go
@@ -0,0 +1,94 @@
+package awsrulesfn
+
+import (
+	"strings"
+)
+
+// ARN provides AWS ARN components broken out into a data structure.
+type ARN struct {
+	Partition  string
+	Service    string
+	Region     string
+	AccountId  string
+	ResourceId OptionalStringSlice
+}
+
+const (
+	arnDelimiters      = ":"
+	resourceDelimiters = "/:"
+	arnSections        = 6
+	arnPrefix          = "arn:"
+
+	// zero-indexed
+	sectionPartition = 1
+	sectionService   = 2
+	sectionRegion    = 3
+	sectionAccountID = 4
+	sectionResource  = 5
+)
+
+// ParseARN returns an [ARN] value parsed from the input string provided. If
+// the ARN cannot be parsed nil will be returned, and error added to
+// [ErrorCollector].
+func ParseARN(input string) *ARN {
+	if !strings.HasPrefix(input, arnPrefix) {
+		return nil
+	}
+
+	sections := strings.SplitN(input, arnDelimiters, arnSections)
+	if numSections := len(sections); numSections != arnSections {
+		return nil
+	}
+
+	if sections[sectionPartition] == "" {
+		return nil
+	}
+	if sections[sectionService] == "" {
+		return nil
+	}
+	if sections[sectionResource] == "" {
+		return nil
+	}
+
+	return &ARN{
+		Partition:  sections[sectionPartition],
+		Service:    sections[sectionService],
+		Region:     sections[sectionRegion],
+		AccountId:  sections[sectionAccountID],
+		ResourceId: splitResource(sections[sectionResource]),
+	}
+}
+
+// splitResource splits the resource components by the ARN resource delimiters.
+func splitResource(v string) []string {
+	var parts []string
+	var offset int
+
+	for offset <= len(v) {
+		idx := strings.IndexAny(v[offset:], "/:")
+		if idx < 0 {
+			parts = append(parts, v[offset:])
+			break
+		}
+		parts = append(parts, v[offset:idx+offset])
+		offset += idx + 1
+	}
+
+	return parts
+}
+
+// OptionalStringSlice provides a helper to safely get the index of a string
+// slice that may be out of bounds. Returns pointer to string if index is
+// valid. Otherwise returns nil.
+type OptionalStringSlice []string
+
+// Get returns a string pointer of the string at index i if the index is valid.
+// Otherwise returns nil.
+func (s OptionalStringSlice) Get(i int) *string {
+	if i < 0 || i >= len(s) {
+		return nil
+	}
+
+	v := s[i]
+	return &v
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn/doc.go b/vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn/doc.go
new file mode 100644
index 000000000..d5a365853
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn/doc.go
@@ -0,0 +1,3 @@
+// Package awsrulesfn provides AWS focused endpoint rule functions for
+// evaluating endpoint resolution rules.
+package awsrulesfn
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn/generate.go b/vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn/generate.go
new file mode 100644
index 000000000..df72da97c
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn/generate.go
@@ -0,0 +1,7 @@
+//go:build codegen
+// +build codegen
+
+package awsrulesfn
+
+//go:generate go run -tags codegen ./internal/partition/codegen.go -model partitions.json -output partitions.go
+//go:generate gofmt -w -s .
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn/host.go b/vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn/host.go
new file mode 100644
index 000000000..637e5fc18
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn/host.go
@@ -0,0 +1,51 @@
+package awsrulesfn
+
+import (
+	"net"
+	"strings"
+
+	smithyhttp "github.com/aws/smithy-go/transport/http"
+)
+
+// IsVirtualHostableS3Bucket returns if the input is a DNS compatible bucket
+// name and can be used with Amazon S3 virtual hosted style addressing. Similar
+// to [rulesfn.IsValidHostLabel] with the added restriction that the length of label
+// must be [3:63] characters long, all lowercase, and not formatted as an IP
+// address.
+func IsVirtualHostableS3Bucket(input string, allowSubDomains bool) bool {
+	// input should not be formatted as an IP address
+	// NOTE: this will technically trip up on IPv6 hosts with zone IDs, but
+	// validation further down will catch that anyway (it's guaranteed to have
+	// unfriendly characters % and : if that's the case)
+	if net.ParseIP(input) != nil {
+		return false
+	}
+
+	var labels []string
+	if allowSubDomains {
+		labels = strings.Split(input, ".")
+	} else {
+		labels = []string{input}
+	}
+
+	for _, label := range labels {
+		// validate special length constraints
+		if l := len(label); l < 3 || l > 63 {
+			return false
+		}
+
+		// Validate no capital letters
+		for _, r := range label {
+			if r >= 'A' && r <= 'Z' {
+				return false
+			}
+		}
+
+		// Validate valid host label
+		if !smithyhttp.ValidHostLabel(label) {
+			return false
+		}
+	}
+
+	return true
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn/partition.go b/vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn/partition.go
new file mode 100644
index 000000000..ba6032758
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn/partition.go
@@ -0,0 +1,75 @@
+package awsrulesfn
+
+import "regexp"
+
+// Partition provides the metadata describing an AWS partition.
+type Partition struct {
+	ID            string                     `json:"id"`
+	Regions       map[string]RegionOverrides `json:"regions"`
+	RegionRegex   string                     `json:"regionRegex"`
+	DefaultConfig PartitionConfig            `json:"outputs"`
+}
+
+// PartitionConfig provides the endpoint metadata for an AWS region or partition.
+type PartitionConfig struct {
+	Name               string `json:"name"`
+	DnsSuffix          string `json:"dnsSuffix"`
+	DualStackDnsSuffix string `json:"dualStackDnsSuffix"`
+	SupportsFIPS       bool   `json:"supportsFIPS"`
+	SupportsDualStack  bool   `json:"supportsDualStack"`
+}
+
+type RegionOverrides struct {
+	Name               *string `json:"name"`
+	DnsSuffix          *string `json:"dnsSuffix"`
+	DualStackDnsSuffix *string `json:"dualStackDnsSuffix"`
+	SupportsFIPS       *bool   `json:"supportsFIPS"`
+	SupportsDualStack  *bool   `json:"supportsDualStack"`
+}
+
+const defaultPartition = "aws"
+
+func getPartition(partitions []Partition, region string) *PartitionConfig {
+	for _, partition := range partitions {
+		if v, ok := partition.Regions[region]; ok {
+			p := mergeOverrides(partition.DefaultConfig, v)
+			return &p
+		}
+	}
+
+	for _, partition := range partitions {
+		regionRegex := regexp.MustCompile(partition.RegionRegex)
+		if regionRegex.MatchString(region) {
+			v := partition.DefaultConfig
+			return &v
+		}
+	}
+
+	for _, partition := range partitions {
+		if partition.ID == defaultPartition {
+			v := partition.DefaultConfig
+			return &v
+		}
+	}
+
+	return nil
+}
+
+func mergeOverrides(into PartitionConfig, from RegionOverrides) PartitionConfig {
+	if from.Name != nil {
+		into.Name = *from.Name
+	}
+	if from.DnsSuffix != nil {
+		into.DnsSuffix = *from.DnsSuffix
+	}
+	if from.DualStackDnsSuffix != nil {
+		into.DualStackDnsSuffix = *from.DualStackDnsSuffix
+	}
+	if from.SupportsFIPS != nil {
+		into.SupportsFIPS = *from.SupportsFIPS
+	}
+	if from.SupportsDualStack != nil {
+		into.SupportsDualStack = *from.SupportsDualStack
+	}
+	return into
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn/partitions.go b/vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn/partitions.go
new file mode 100644
index 000000000..7ea49d4ea
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn/partitions.go
@@ -0,0 +1,343 @@
+// Code generated by endpoint/awsrulesfn/internal/partition. DO NOT EDIT.
+
+package awsrulesfn
+
+// GetPartition returns an AWS [Partition] for the region provided. If the
+// partition cannot be determined nil will be returned.
+func GetPartition(region string) *PartitionConfig {
+	return getPartition(partitions, region)
+}
+
+var partitions = []Partition{
+	{
+		ID:          "aws",
+		RegionRegex: "^(us|eu|ap|sa|ca|me|af)\\-\\w+\\-\\d+$",
+		DefaultConfig: PartitionConfig{
+			Name:               "aws",
+			DnsSuffix:          "amazonaws.com",
+			DualStackDnsSuffix: "api.aws",
+			SupportsFIPS:       true,
+			SupportsDualStack:  true,
+		},
+		Regions: map[string]RegionOverrides{
+			"af-south-1": {
+				Name:               nil,
+				DnsSuffix:          nil,
+				DualStackDnsSuffix: nil,
+				SupportsFIPS:       nil,
+				SupportsDualStack:  nil,
+			},
+			"ap-east-1": {
+				Name:               nil,
+				DnsSuffix:          nil,
+				DualStackDnsSuffix: nil,
+				SupportsFIPS:       nil,
+				SupportsDualStack:  nil,
+			},
+			"ap-northeast-1": {
+				Name:               nil,
+				DnsSuffix:          nil,
+				DualStackDnsSuffix: nil,
+				SupportsFIPS:       nil,
+				SupportsDualStack:  nil,
+			},
+			"ap-northeast-2": {
+				Name:               nil,
+				DnsSuffix:          nil,
+				DualStackDnsSuffix: nil,
+				SupportsFIPS:       nil,
+				SupportsDualStack:  nil,
+			},
+			"ap-northeast-3": {
+				Name:               nil,
+				DnsSuffix:          nil,
+				DualStackDnsSuffix: nil,
+				SupportsFIPS:       nil,
+				SupportsDualStack:  nil,
+			},
+			"ap-south-1": {
+				Name:               nil,
+				DnsSuffix:          nil,
+				DualStackDnsSuffix: nil,
+				SupportsFIPS:       nil,
+				SupportsDualStack:  nil,
+			},
+			"ap-south-2": {
+				Name:               nil,
+				DnsSuffix:          nil,
+				DualStackDnsSuffix: nil,
+				SupportsFIPS:       nil,
+				SupportsDualStack:  nil,
+			},
+			"ap-southeast-1": {
+				Name:               nil,
+				DnsSuffix:          nil,
+				DualStackDnsSuffix: nil,
+				SupportsFIPS:       nil,
+				SupportsDualStack:  nil,
+			},
+			"ap-southeast-2": {
+				Name:               nil,
+				DnsSuffix:          nil,
+				DualStackDnsSuffix: nil,
+				SupportsFIPS:       nil,
+				SupportsDualStack:  nil,
+			},
+			"ap-southeast-3": {
+				Name:               nil,
+				DnsSuffix:          nil,
+				DualStackDnsSuffix: nil,
+				SupportsFIPS:       nil,
+				SupportsDualStack:  nil,
+			},
+			"aws-global": {
+				Name:               nil,
+				DnsSuffix:          nil,
+				DualStackDnsSuffix: nil,
+				SupportsFIPS:       nil,
+				SupportsDualStack:  nil,
+			},
+			"ca-central-1": {
+				Name:               nil,
+				DnsSuffix:          nil,
+				DualStackDnsSuffix: nil,
+				SupportsFIPS:       nil,
+				SupportsDualStack:  nil,
+			},
+			"eu-central-1": {
+				Name:               nil,
+				DnsSuffix:          nil,
+				DualStackDnsSuffix: nil,
+				SupportsFIPS:       nil,
+				SupportsDualStack:  nil,
+			},
+			"eu-central-2": {
+				Name:               nil,
+				DnsSuffix:          nil,
+				DualStackDnsSuffix: nil,
+				SupportsFIPS:       nil,
+				SupportsDualStack:  nil,
+			},
+			"eu-north-1": {
+				Name:               nil,
+				DnsSuffix:          nil,
+				DualStackDnsSuffix: nil,
+				SupportsFIPS:       nil,
+				SupportsDualStack:  nil,
+			},
+			"eu-south-1": {
+				Name:               nil,
+				DnsSuffix:          nil,
+				DualStackDnsSuffix: nil,
+				SupportsFIPS:       nil,
+				SupportsDualStack:  nil,
+			},
+			"eu-south-2": {
+				Name:               nil,
+				DnsSuffix:          nil,
+				DualStackDnsSuffix: nil,
+				SupportsFIPS:       nil,
+				SupportsDualStack:  nil,
+			},
+			"eu-west-1": {
+				Name:               nil,
+				DnsSuffix:          nil,
+				DualStackDnsSuffix: nil,
+				SupportsFIPS:       nil,
+				SupportsDualStack:  nil,
+			},
+			"eu-west-2": {
+				Name:               nil,
+				DnsSuffix:          nil,
+				DualStackDnsSuffix: nil,
+				SupportsFIPS:       nil,
+				SupportsDualStack:  nil,
+			},
+			"eu-west-3": {
+				Name:               nil,
+				DnsSuffix:          nil,
+				DualStackDnsSuffix: nil,
+				SupportsFIPS:       nil,
+				SupportsDualStack:  nil,
+			},
+			"me-central-1": {
+				Name:               nil,
+				DnsSuffix:          nil,
+				DualStackDnsSuffix: nil,
+				SupportsFIPS:       nil,
+				SupportsDualStack:  nil,
+			},
+			"me-south-1": {
+				Name:               nil,
+				DnsSuffix:          nil,
+				DualStackDnsSuffix: nil,
+				SupportsFIPS:       nil,
+				SupportsDualStack:  nil,
+			},
+			"sa-east-1": {
+				Name:               nil,
+				DnsSuffix:          nil,
+				DualStackDnsSuffix: nil,
+				SupportsFIPS:       nil,
+				SupportsDualStack:  nil,
+			},
+			"us-east-1": {
+				Name:               nil,
+				DnsSuffix:          nil,
+				DualStackDnsSuffix: nil,
+				SupportsFIPS:       nil,
+				SupportsDualStack:  nil,
+			},
+			"us-east-2": {
+				Name:               nil,
+				DnsSuffix:          nil,
+				DualStackDnsSuffix: nil,
+				SupportsFIPS:       nil,
+				SupportsDualStack:  nil,
+			},
+			"us-west-1": {
+				Name:               nil,
+				DnsSuffix:          nil,
+				DualStackDnsSuffix: nil,
+				SupportsFIPS:       nil,
+				SupportsDualStack:  nil,
+			},
+			"us-west-2": {
+				Name:               nil,
+				DnsSuffix:          nil,
+				DualStackDnsSuffix: nil,
+				SupportsFIPS:       nil,
+				SupportsDualStack:  nil,
+			},
+		},
+	},
+	{
+		ID:          "aws-cn",
+		RegionRegex: "^cn\\-\\w+\\-\\d+$",
+		DefaultConfig: PartitionConfig{
+			Name:               "aws-cn",
+			DnsSuffix:          "amazonaws.com.cn",
+			DualStackDnsSuffix: "api.amazonwebservices.com.cn",
+			SupportsFIPS:       true,
+			SupportsDualStack:  true,
+		},
+		Regions: map[string]RegionOverrides{
+			"aws-cn-global": {
+				Name:               nil,
+				DnsSuffix:          nil,
+				DualStackDnsSuffix: nil,
+				SupportsFIPS:       nil,
+				SupportsDualStack:  nil,
+			},
+			"cn-north-1": {
+				Name:               nil,
+				DnsSuffix:          nil,
+				DualStackDnsSuffix: nil,
+				SupportsFIPS:       nil,
+				SupportsDualStack:  nil,
+			},
+			"cn-northwest-1": {
+				Name:               nil,
+				DnsSuffix:          nil,
+				DualStackDnsSuffix: nil,
+				SupportsFIPS:       nil,
+				SupportsDualStack:  nil,
+			},
+		},
+	},
+	{
+		ID:          "aws-us-gov",
+		RegionRegex: "^us\\-gov\\-\\w+\\-\\d+$",
+		DefaultConfig: PartitionConfig{
+			Name:               "aws-us-gov",
+			DnsSuffix:          "amazonaws.com",
+			DualStackDnsSuffix: "api.aws",
+			SupportsFIPS:       true,
+			SupportsDualStack:  true,
+		},
+		Regions: map[string]RegionOverrides{
+			"aws-us-gov-global": {
+				Name:               nil,
+				DnsSuffix:          nil,
+				DualStackDnsSuffix: nil,
+				SupportsFIPS:       nil,
+				SupportsDualStack:  nil,
+			},
+			"us-gov-east-1": {
+				Name:               nil,
+				DnsSuffix:          nil,
+				DualStackDnsSuffix: nil,
+				SupportsFIPS:       nil,
+				SupportsDualStack:  nil,
+			},
+			"us-gov-west-1": {
+				Name:               nil,
+				DnsSuffix:          nil,
+				DualStackDnsSuffix: nil,
+				SupportsFIPS:       nil,
+				SupportsDualStack:  nil,
+			},
+		},
+	},
+	{
+		ID:          "aws-iso",
+		RegionRegex: "^us\\-iso\\-\\w+\\-\\d+$",
+		DefaultConfig: PartitionConfig{
+			Name:               "aws-iso",
+			DnsSuffix:          "c2s.ic.gov",
+			DualStackDnsSuffix: "c2s.ic.gov",
+			SupportsFIPS:       true,
+			SupportsDualStack:  false,
+		},
+		Regions: map[string]RegionOverrides{
+			"aws-iso-global": {
+				Name:               nil,
+				DnsSuffix:          nil,
+				DualStackDnsSuffix: nil,
+				SupportsFIPS:       nil,
+				SupportsDualStack:  nil,
+			},
+			"us-iso-east-1": {
+				Name:               nil,
+				DnsSuffix:          nil,
+				DualStackDnsSuffix: nil,
+				SupportsFIPS:       nil,
+				SupportsDualStack:  nil,
+			},
+			"us-iso-west-1": {
+				Name:               nil,
+				DnsSuffix:          nil,
+				DualStackDnsSuffix: nil,
+				SupportsFIPS:       nil,
+				SupportsDualStack:  nil,
+			},
+		},
+	},
+	{
+		ID:          "aws-iso-b",
+		RegionRegex: "^us\\-isob\\-\\w+\\-\\d+$",
+		DefaultConfig: PartitionConfig{
+			Name:               "aws-iso-b",
+			DnsSuffix:          "sc2s.sgov.gov",
+			DualStackDnsSuffix: "sc2s.sgov.gov",
+			SupportsFIPS:       true,
+			SupportsDualStack:  false,
+		},
+		Regions: map[string]RegionOverrides{
+			"aws-iso-b-global": {
+				Name:               nil,
+				DnsSuffix:          nil,
+				DualStackDnsSuffix: nil,
+				SupportsFIPS:       nil,
+				SupportsDualStack:  nil,
+			},
+			"us-isob-east-1": {
+				Name:               nil,
+				DnsSuffix:          nil,
+				DualStackDnsSuffix: nil,
+				SupportsFIPS:       nil,
+				SupportsDualStack:  nil,
+			},
+		},
+	},
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn/partitions.json b/vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn/partitions.json
new file mode 100644
index 000000000..ab107ca55
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn/partitions.json
@@ -0,0 +1,213 @@
+{
+  "partitions" : [ {
+    "id" : "aws",
+    "outputs" : {
+      "dnsSuffix" : "amazonaws.com",
+      "dualStackDnsSuffix" : "api.aws",
+      "implicitGlobalRegion" : "us-east-1",
+      "name" : "aws",
+      "supportsDualStack" : true,
+      "supportsFIPS" : true
+    },
+    "regionRegex" : "^(us|eu|ap|sa|ca|me|af|il)\\-\\w+\\-\\d+$",
+    "regions" : {
+      "af-south-1" : {
+        "description" : "Africa (Cape Town)"
+      },
+      "ap-east-1" : {
+        "description" : "Asia Pacific (Hong Kong)"
+      },
+      "ap-northeast-1" : {
+        "description" : "Asia Pacific (Tokyo)"
+      },
+      "ap-northeast-2" : {
+        "description" : "Asia Pacific (Seoul)"
+      },
+      "ap-northeast-3" : {
+        "description" : "Asia Pacific (Osaka)"
+      },
+      "ap-south-1" : {
+        "description" : "Asia Pacific (Mumbai)"
+      },
+      "ap-south-2" : {
+        "description" : "Asia Pacific (Hyderabad)"
+      },
+      "ap-southeast-1" : {
+        "description" : "Asia Pacific (Singapore)"
+      },
+      "ap-southeast-2" : {
+        "description" : "Asia Pacific (Sydney)"
+      },
+      "ap-southeast-3" : {
+        "description" : "Asia Pacific (Jakarta)"
+      },
+      "ap-southeast-4" : {
+        "description" : "Asia Pacific (Melbourne)"
+      },
+      "aws-global" : {
+        "description" : "AWS Standard global region"
+      },
+      "ca-central-1" : {
+        "description" : "Canada (Central)"
+      },
+      "eu-central-1" : {
+        "description" : "Europe (Frankfurt)"
+      },
+      "eu-central-2" : {
+        "description" : "Europe (Zurich)"
+      },
+      "eu-north-1" : {
+        "description" : "Europe (Stockholm)"
+      },
+      "eu-south-1" : {
+        "description" : "Europe (Milan)"
+      },
+      "eu-south-2" : {
+        "description" : "Europe (Spain)"
+      },
+      "eu-west-1" : {
+        "description" : "Europe (Ireland)"
+      },
+      "eu-west-2" : {
+        "description" : "Europe (London)"
+      },
+      "eu-west-3" : {
+        "description" : "Europe (Paris)"
+      },
+      "il-central-1" : {
+        "description" : "Israel (Tel Aviv)"
+      },
+      "me-central-1" : {
+        "description" : "Middle East (UAE)"
+      },
+      "me-south-1" : {
+        "description" : "Middle East (Bahrain)"
+      },
+      "sa-east-1" : {
+        "description" : "South America (Sao Paulo)"
+      },
+      "us-east-1" : {
+        "description" : "US East (N. Virginia)"
+      },
+      "us-east-2" : {
+        "description" : "US East (Ohio)"
+      },
+      "us-west-1" : {
+        "description" : "US West (N. California)"
+      },
+      "us-west-2" : {
+        "description" : "US West (Oregon)"
+      }
+    }
+  }, {
+    "id" : "aws-cn",
+    "outputs" : {
+      "dnsSuffix" : "amazonaws.com.cn",
+      "dualStackDnsSuffix" : "api.amazonwebservices.com.cn",
+      "implicitGlobalRegion" : "cn-northwest-1",
+      "name" : "aws-cn",
+      "supportsDualStack" : true,
+      "supportsFIPS" : true
+    },
+    "regionRegex" : "^cn\\-\\w+\\-\\d+$",
+    "regions" : {
+      "aws-cn-global" : {
+        "description" : "AWS China global region"
+      },
+      "cn-north-1" : {
+        "description" : "China (Beijing)"
+      },
+      "cn-northwest-1" : {
+        "description" : "China (Ningxia)"
+      }
+    }
+  }, {
+    "id" : "aws-us-gov",
+    "outputs" : {
+      "dnsSuffix" : "amazonaws.com",
+      "dualStackDnsSuffix" : "api.aws",
+      "implicitGlobalRegion" : "us-gov-west-1",
+      "name" : "aws-us-gov",
+      "supportsDualStack" : true,
+      "supportsFIPS" : true
+    },
+    "regionRegex" : "^us\\-gov\\-\\w+\\-\\d+$",
+    "regions" : {
+      "aws-us-gov-global" : {
+        "description" : "AWS GovCloud (US) global region"
+      },
+      "us-gov-east-1" : {
+        "description" : "AWS GovCloud (US-East)"
+      },
+      "us-gov-west-1" : {
+        "description" : "AWS GovCloud (US-West)"
+      }
+    }
+  }, {
+    "id" : "aws-iso",
+    "outputs" : {
+      "dnsSuffix" : "c2s.ic.gov",
+      "dualStackDnsSuffix" : "c2s.ic.gov",
+      "implicitGlobalRegion" : "us-iso-east-1",
+      "name" : "aws-iso",
+      "supportsDualStack" : false,
+      "supportsFIPS" : true
+    },
+    "regionRegex" : "^us\\-iso\\-\\w+\\-\\d+$",
+    "regions" : {
+      "aws-iso-global" : {
+        "description" : "AWS ISO (US) global region"
+      },
+      "us-iso-east-1" : {
+        "description" : "US ISO East"
+      },
+      "us-iso-west-1" : {
+        "description" : "US ISO WEST"
+      }
+    }
+  }, {
+    "id" : "aws-iso-b",
+    "outputs" : {
+      "dnsSuffix" : "sc2s.sgov.gov",
+      "dualStackDnsSuffix" : "sc2s.sgov.gov",
+      "implicitGlobalRegion" : "us-isob-east-1",
+      "name" : "aws-iso-b",
+      "supportsDualStack" : false,
+      "supportsFIPS" : true
+    },
+    "regionRegex" : "^us\\-isob\\-\\w+\\-\\d+$",
+    "regions" : {
+      "aws-iso-b-global" : {
+        "description" : "AWS ISOB (US) global region"
+      },
+      "us-isob-east-1" : {
+        "description" : "US ISOB East (Ohio)"
+      }
+    }
+  }, {
+    "id" : "aws-iso-e",
+    "outputs" : {
+      "dnsSuffix" : "cloud.adc-e.uk",
+      "dualStackDnsSuffix" : "cloud.adc-e.uk",
+      "implicitGlobalRegion" : "eu-isoe-west-1",
+      "name" : "aws-iso-e",
+      "supportsDualStack" : false,
+      "supportsFIPS" : true
+    },
+    "regionRegex" : "^eu\\-isoe\\-\\w+\\-\\d+$",
+    "regions" : { }
+  }, {
+    "id" : "aws-iso-f",
+    "outputs" : {
+      "dnsSuffix" : "csp.hci.ic.gov",
+      "dualStackDnsSuffix" : "csp.hci.ic.gov",
+      "implicitGlobalRegion" : "us-isof-south-1",
+      "name" : "aws-iso-f",
+      "supportsDualStack" : false,
+      "supportsFIPS" : true
+    },
+    "regionRegex" : "^us\\-isof\\-\\w+\\-\\d+$",
+    "regions" : { }
+  } ],
+  "version" : "1.1"
+}
\ No newline at end of file
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/CHANGELOG.md
index 0ffc56c39..bd830abea 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/CHANGELOG.md
+++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/CHANGELOG.md
@@ -1,3 +1,39 @@
+# v2.4.37 (2023-10-12)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v2.4.36 (2023-10-06)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v2.4.35 (2023-08-21)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v2.4.34 (2023-08-18)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v2.4.33 (2023-08-17)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v2.4.32 (2023-08-07)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v2.4.31 (2023-07-31)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v2.4.30 (2023-07-28)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v2.4.29 (2023-07-13)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
 # v2.4.28 (2023-06-13)
 
 * **Dependency Update**: Updated to the latest SDK module versions
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/go_module_metadata.go
index 0a8b6901f..085819076 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/go_module_metadata.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/go_module_metadata.go
@@ -3,4 +3,4 @@
 package endpoints
 
 // goModuleVersion is the tagged release for this module
-const goModuleVersion = "2.4.28"
+const goModuleVersion = "2.4.37"
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/CHANGELOG.md
index 494c4dbaf..8aab66186 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/CHANGELOG.md
+++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/CHANGELOG.md
@@ -1,3 +1,44 @@
+# v1.3.45 (2023-10-12)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.3.44 (2023-10-06)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.3.43 (2023-09-22)
+
+* **Bug Fix**: Fixed a bug where merging `max_attempts` or `duration_seconds` fields across shared config files with invalid values would silently default them to 0.
+* **Bug Fix**: Move type assertion of config values out of the parsing stage, which resolves an issue where the contents of a profile would silently be dropped with certain numeric formats.
+
+# v1.3.42 (2023-08-21)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.3.41 (2023-08-18)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.3.40 (2023-08-17)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.3.39 (2023-08-07)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.3.38 (2023-07-31)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.3.37 (2023-07-28)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.3.36 (2023-07-13)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
 # v1.3.35 (2023-06-13)
 
 * **Dependency Update**: Updated to the latest SDK module versions
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/go_module_metadata.go
index 479343626..f92dc23cc 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/go_module_metadata.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/go_module_metadata.go
@@ -3,4 +3,4 @@
 package ini
 
 // goModuleVersion is the tagged release for this module
-const goModuleVersion = "1.3.35"
+const goModuleVersion = "1.3.45"
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/literal_tokens.go b/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/literal_tokens.go
index eca42d1b2..efcd2e6c7 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/literal_tokens.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/literal_tokens.go
@@ -12,34 +12,6 @@ var (
 	runesFalse = []rune("false")
 )
 
-var literalValues = [][]rune{
-	runesTrue,
-	runesFalse,
-}
-
-func isBoolValue(b []rune) bool {
-	for _, lv := range literalValues {
-		if isCaselessLitValue(lv, b) {
-			return true
-		}
-	}
-	return false
-}
-
-func isLitValue(want, have []rune) bool {
-	if len(have) < len(want) {
-		return false
-	}
-
-	for i := 0; i < len(want); i++ {
-		if want[i] != have[i] {
-			return false
-		}
-	}
-
-	return true
-}
-
 // isCaselessLitValue is a caseless value comparison, assumes want is already lower-cased for efficiency.
 func isCaselessLitValue(want, have []rune) bool {
 	if len(have) < len(want) {
@@ -55,68 +27,6 @@ func isCaselessLitValue(want, have []rune) bool {
 	return true
 }
 
-// isNumberValue will return whether not the leading characters in
-// a byte slice is a number. A number is delimited by whitespace or
-// the newline token.
-//
-// A number is defined to be in a binary, octal, decimal (int | float), hex format,
-// or in scientific notation.
-func isNumberValue(b []rune) bool {
-	negativeIndex := 0
-	helper := numberHelper{}
-	needDigit := false
-
-	for i := 0; i < len(b); i++ {
-		negativeIndex++
-
-		switch b[i] {
-		case '-':
-			if helper.IsNegative() || negativeIndex != 1 {
-				return false
-			}
-			helper.Determine(b[i])
-			needDigit = true
-			continue
-		case 'e', 'E':
-			if err := helper.Determine(b[i]); err != nil {
-				return false
-			}
-			negativeIndex = 0
-			needDigit = true
-			continue
-		case 'b':
-			if helper.numberFormat == hex {
-				break
-			}
-			fallthrough
-		case 'o', 'x':
-			needDigit = true
-			if i == 0 {
-				return false
-			}
-
-			fallthrough
-		case '.':
-			if err := helper.Determine(b[i]); err != nil {
-				return false
-			}
-			needDigit = true
-			continue
-		}
-
-		if i > 0 && (isNewline(b[i:]) || isWhitespace(b[i])) {
-			return !needDigit
-		}
-
-		if !helper.CorrectByte(b[i]) {
-			return false
-		}
-		needDigit = false
-	}
-
-	return !needDigit
-}
-
 func isValid(b []rune) (bool, int, error) {
 	if len(b) == 0 {
 		// TODO: should probably return an error
@@ -138,14 +48,8 @@ func (v ValueType) String() string {
 	switch v {
 	case NoneType:
 		return "NONE"
-	case DecimalType:
-		return "FLOAT"
-	case IntegerType:
-		return "INT"
 	case StringType:
 		return "STRING"
-	case BoolType:
-		return "BOOL"
 	}
 
 	return ""
@@ -154,11 +58,9 @@ func (v ValueType) String() string {
 // ValueType enums
 const (
 	NoneType = ValueType(iota)
-	DecimalType
-	IntegerType
 	StringType
 	QuotedStringType
-	BoolType
+	// FUTURE(2226) MapType
 )
 
 // Value is a union container
@@ -166,10 +68,8 @@ type Value struct {
 	Type ValueType
 	raw  []rune
 
-	integer int64
-	decimal float64
-	boolean bool
-	str     string
+	str string
+	// FUTURE(2226) mp map[string]string
 }
 
 func newValue(t ValueType, base int, raw []rune) (Value, error) {
@@ -177,36 +77,15 @@ func newValue(t ValueType, base int, raw []rune) (Value, error) {
 		Type: t,
 		raw:  raw,
 	}
-	var err error
 
 	switch t {
-	case DecimalType:
-		v.decimal, err = strconv.ParseFloat(string(raw), 64)
-	case IntegerType:
-		if base != 10 {
-			raw = raw[2:]
-		}
-
-		v.integer, err = strconv.ParseInt(string(raw), base, 64)
 	case StringType:
 		v.str = string(raw)
 	case QuotedStringType:
 		v.str = string(raw[1 : len(raw)-1])
-	case BoolType:
-		v.boolean = isCaselessLitValue(runesTrue, v.raw)
-	}
-
-	// issue 2253
-	//
-	// if the value trying to be parsed is too large, then we will use
-	// the 'StringType' and raw value instead.
-	if nerr, ok := err.(*strconv.NumError); ok && nerr.Err == strconv.ErrRange {
-		v.Type = StringType
-		v.str = string(raw)
-		err = nil
 	}
 
-	return v, err
+	return v, nil
 }
 
 // NewStringValue returns a Value type generated using a string input.
@@ -214,24 +93,12 @@ func NewStringValue(str string) (Value, error) {
 	return newValue(StringType, 10, []rune(str))
 }
 
-// NewIntValue returns a Value type generated using an int64 input.
-func NewIntValue(i int64) (Value, error) {
-	v := strconv.FormatInt(i, 10)
-	return newValue(IntegerType, 10, []rune(v))
-}
-
 func (v Value) String() string {
 	switch v.Type {
-	case DecimalType:
-		return fmt.Sprintf("decimal: %f", v.decimal)
-	case IntegerType:
-		return fmt.Sprintf("integer: %d", v.integer)
 	case StringType:
 		return fmt.Sprintf("string: %s", string(v.raw))
 	case QuotedStringType:
 		return fmt.Sprintf("quoted string: %s", string(v.raw))
-	case BoolType:
-		return fmt.Sprintf("bool: %t", v.boolean)
 	default:
 		return "union not set"
 	}
@@ -249,24 +116,6 @@ func newLitToken(b []rune) (Token, int, error) {
 		}
 
 		token = newToken(TokenLit, b[:n], QuotedStringType)
-	} else if isNumberValue(b) {
-		var base int
-		base, n, err = getNumericalValue(b)
-		if err != nil {
-			return token, 0, err
-		}
-
-		value := b[:n]
-		vType := IntegerType
-		if contains(value, '.') || hasExponent(value) {
-			vType = DecimalType
-		}
-		token = newToken(TokenLit, value, vType)
-		token.base = base
-	} else if isBoolValue(b) {
-		n, err = getBoolValue(b)
-
-		token = newToken(TokenLit, b[:n], BoolType)
 	} else {
 		n, err = getValue(b)
 		token = newToken(TokenLit, b[:n], StringType)
@@ -276,18 +125,33 @@ func newLitToken(b []rune) (Token, int, error) {
 }
 
 // IntValue returns an integer value
-func (v Value) IntValue() int64 {
-	return v.integer
+func (v Value) IntValue() (int64, bool) {
+	i, err := strconv.ParseInt(string(v.raw), 0, 64)
+	if err != nil {
+		return 0, false
+	}
+	return i, true
 }
 
 // FloatValue returns a float value
-func (v Value) FloatValue() float64 {
-	return v.decimal
+func (v Value) FloatValue() (float64, bool) {
+	f, err := strconv.ParseFloat(string(v.raw), 64)
+	if err != nil {
+		return 0, false
+	}
+	return f, true
 }
 
 // BoolValue returns a bool value
-func (v Value) BoolValue() bool {
-	return v.boolean
+func (v Value) BoolValue() (bool, bool) {
+	// we don't use ParseBool as it recognizes more than what we've
+	// historically supported
+	if isCaselessLitValue(runesTrue, v.raw) {
+		return true, true
+	} else if isCaselessLitValue(runesFalse, v.raw) {
+		return false, true
+	}
+	return false, false
 }
 
 func isTrimmable(r rune) bool {
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/number_helper.go b/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/number_helper.go
deleted file mode 100644
index a45c0bc56..000000000
--- a/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/number_helper.go
+++ /dev/null
@@ -1,152 +0,0 @@
-package ini
-
-import (
-	"bytes"
-	"fmt"
-	"strconv"
-)
-
-const (
-	none = numberFormat(iota)
-	binary
-	octal
-	decimal
-	hex
-	exponent
-)
-
-type numberFormat int
-
-// numberHelper is used to dictate what format a number is in
-// and what to do for negative values. Since -1e-4 is a valid
-// number, we cannot just simply check for duplicate negatives.
-type numberHelper struct {
-	numberFormat numberFormat
-
-	negative         bool
-	negativeExponent bool
-}
-
-func (b numberHelper) Exists() bool {
-	return b.numberFormat != none
-}
-
-func (b numberHelper) IsNegative() bool {
-	return b.negative || b.negativeExponent
-}
-
-func (b *numberHelper) Determine(c rune) error {
-	if b.Exists() {
-		return NewParseError(fmt.Sprintf("multiple number formats: 0%v", string(c)))
-	}
-
-	switch c {
-	case 'b':
-		b.numberFormat = binary
-	case 'o':
-		b.numberFormat = octal
-	case 'x':
-		b.numberFormat = hex
-	case 'e', 'E':
-		b.numberFormat = exponent
-	case '-':
-		if b.numberFormat != exponent {
-			b.negative = true
-		} else {
-			b.negativeExponent = true
-		}
-	case '.':
-		b.numberFormat = decimal
-	default:
-		return NewParseError(fmt.Sprintf("invalid number character: %v", string(c)))
-	}
-
-	return nil
-}
-
-func (b numberHelper) CorrectByte(c rune) bool {
-	switch {
-	case b.numberFormat == binary:
-		if !isBinaryByte(c) {
-			return false
-		}
-	case b.numberFormat == octal:
-		if !isOctalByte(c) {
-			return false
-		}
-	case b.numberFormat == hex:
-		if !isHexByte(c) {
-			return false
-		}
-	case b.numberFormat == decimal:
-		if !isDigit(c) {
-			return false
-		}
-	case b.numberFormat == exponent:
-		if !isDigit(c) {
-			return false
-		}
-	case b.negativeExponent:
-		if !isDigit(c) {
-			return false
-		}
-	case b.negative:
-		if !isDigit(c) {
-			return false
-		}
-	default:
-		if !isDigit(c) {
-			return false
-		}
-	}
-
-	return true
-}
-
-func (b numberHelper) Base() int {
-	switch b.numberFormat {
-	case binary:
-		return 2
-	case octal:
-		return 8
-	case hex:
-		return 16
-	default:
-		return 10
-	}
-}
-
-func (b numberHelper) String() string {
-	buf := bytes.Buffer{}
-	i := 0
-
-	switch b.numberFormat {
-	case binary:
-		i++
-		buf.WriteString(strconv.Itoa(i) + ": binary format\n")
-	case octal:
-		i++
-		buf.WriteString(strconv.Itoa(i) + ": octal format\n")
-	case hex:
-		i++
-		buf.WriteString(strconv.Itoa(i) + ": hex format\n")
-	case exponent:
-		i++
-		buf.WriteString(strconv.Itoa(i) + ": exponent format\n")
-	default:
-		i++
-		buf.WriteString(strconv.Itoa(i) + ": integer format\n")
-	}
-
-	if b.negative {
-		i++
-		buf.WriteString(strconv.Itoa(i) + ": negative format\n")
-	}
-
-	if b.negativeExponent {
-		i++
-		buf.WriteString(strconv.Itoa(i) + ": negative exponent format\n")
-	}
-
-	return buf.String()
-}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/value_util.go b/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/value_util.go
index b5480fdeb..d38a9cd48 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/value_util.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/value_util.go
@@ -41,149 +41,6 @@ func getStringValue(b []rune) (int, error) {
 	return i + 1, nil
 }
 
-// getBoolValue will return a boolean and the amount
-// of bytes read
-//
-// an error will be returned if the boolean is not of a correct
-// value
-func getBoolValue(b []rune) (int, error) {
-	if len(b) < 4 {
-		return 0, NewParseError("invalid boolean value")
-	}
-
-	n := 0
-	for _, lv := range literalValues {
-		if len(lv) > len(b) {
-			continue
-		}
-
-		if isCaselessLitValue(lv, b) {
-			n = len(lv)
-		}
-	}
-
-	if n == 0 {
-		return 0, NewParseError("invalid boolean value")
-	}
-
-	return n, nil
-}
-
-// getNumericalValue will return a numerical string, the amount
-// of bytes read, and the base of the number
-//
-// an error will be returned if the number is not of a correct
-// value
-func getNumericalValue(b []rune) (int, int, error) {
-	if !isDigit(b[0]) {
-		return 0, 0, NewParseError("invalid digit value")
-	}
-
-	i := 0
-	helper := numberHelper{}
-
-loop:
-	for negativeIndex := 0; i < len(b); i++ {
-		negativeIndex++
-
-		if !isDigit(b[i]) {
-			switch b[i] {
-			case '-':
-				if helper.IsNegative() || negativeIndex != 1 {
-					return 0, 0, NewParseError("parse error '-'")
-				}
-
-				n := getNegativeNumber(b[i:])
-				i += (n - 1)
-				helper.Determine(b[i])
-				continue
-			case '.':
-				if err := helper.Determine(b[i]); err != nil {
-					return 0, 0, err
-				}
-			case 'e', 'E':
-				if err := helper.Determine(b[i]); err != nil {
-					return 0, 0, err
-				}
-
-				negativeIndex = 0
-			case 'b':
-				if helper.numberFormat == hex {
-					break
-				}
-				fallthrough
-			case 'o', 'x':
-				if i == 0 && b[i] != '0' {
-					return 0, 0, NewParseError("incorrect base format, expected leading '0'")
-				}
-
-				if i != 1 {
-					return 0, 0, NewParseError(fmt.Sprintf("incorrect base format found %s at %d index", string(b[i]), i))
-				}
-
-				if err := helper.Determine(b[i]); err != nil {
-					return 0, 0, err
-				}
-			default:
-				if isWhitespace(b[i]) {
-					break loop
-				}
-
-				if isNewline(b[i:]) {
-					break loop
-				}
-
-				if !(helper.numberFormat == hex && isHexByte(b[i])) {
-					if i+2 < len(b) && !isNewline(b[i:i+2]) {
-						return 0, 0, NewParseError("invalid numerical character")
-					} else if !isNewline([]rune{b[i]}) {
-						return 0, 0, NewParseError("invalid numerical character")
-					}
-
-					break loop
-				}
-			}
-		}
-	}
-
-	return helper.Base(), i, nil
-}
-
-// isDigit will return whether or not something is an integer
-func isDigit(b rune) bool {
-	return b >= '0' && b <= '9'
-}
-
-func hasExponent(v []rune) bool {
-	return contains(v, 'e') || contains(v, 'E')
-}
-
-func isBinaryByte(b rune) bool {
-	switch b {
-	case '0', '1':
-		return true
-	default:
-		return false
-	}
-}
-
-func isOctalByte(b rune) bool {
-	switch b {
-	case '0', '1', '2', '3', '4', '5', '6', '7':
-		return true
-	default:
-		return false
-	}
-}
-
-func isHexByte(b rune) bool {
-	if isDigit(b) {
-		return true
-	}
-	return (b >= 'A' && b <= 'F') ||
-		(b >= 'a' && b <= 'f')
-}
-
 func getValue(b []rune) (int, error) {
 	i := 0
 
@@ -211,24 +68,6 @@ func getValue(b []rune) (int, error) {
 	return i, nil
 }
 
-// getNegativeNumber will return a negative number from a
-// byte slice. This will iterate through all characters until
-// a non-digit has been found.
-func getNegativeNumber(b []rune) int {
-	if b[0] != '-' {
-		return 0
-	}
-
-	i := 1
-	for ; i < len(b); i++ {
-		if !isDigit(b[i]) {
-			return i
-		}
-	}
-
-	return i
-}
-
 // isEscaped will return whether or not the character is an escaped
 // character.
 func isEscaped(value []rune, b rune) bool {
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/visitor.go b/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/visitor.go
index a07a63738..97fb3d7f3 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/visitor.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/visitor.go
@@ -245,17 +245,17 @@ func (t Section) ValueType(k string) (ValueType, bool) {
 }
 
 // Bool returns a bool value at k
-func (t Section) Bool(k string) bool {
+func (t Section) Bool(k string) (bool, bool) {
 	return t.values[k].BoolValue()
 }
 
 // Int returns an integer value at k
-func (t Section) Int(k string) int64 {
+func (t Section) Int(k string) (int64, bool) {
 	return t.values[k].IntValue()
 }
 
 // Float64 returns a float value at k
-func (t Section) Float64(k string) float64 {
+func (t Section) Float64(k string) (float64, bool) {
 	return t.values[k].FloatValue()
 }
 
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/CHANGELOG.md
index 2979f8b93..80510904e 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/CHANGELOG.md
+++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/CHANGELOG.md
@@ -1,3 +1,80 @@
+# v1.1.4 (2023-08-21)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.1.3 (2023-08-18)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.1.2 (2023-08-17)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.1.1 (2023-08-07)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.1.0 (2023-07-31)
+
+* **Feature**: Adds support for smithy-modeled endpoint resolution. A new rules-based endpoint resolution will be added to the SDK which will supercede and deprecate existing endpoint resolution. Specifically, EndpointResolver will be deprecated while BaseEndpoint and EndpointResolverV2 will take its place. For more information, please see the Endpoints section in our Developer Guide.
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.0.28 (2023-07-28)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.0.27 (2023-07-13)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.0.26 (2023-06-13)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.0.25 (2023-04-24)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.0.24 (2023-04-07)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.0.23 (2023-03-21)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.0.22 (2023-03-10)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.0.21 (2023-02-20)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.0.20 (2023-02-14)
+
+* No change notes available for this release.
+
+# v1.0.19 (2023-02-03)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.0.18 (2022-12-15)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.0.17 (2022-12-02)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.0.16 (2022-10-24)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.0.15 (2022-10-21)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
 # v1.0.14 (2022-09-20)
 
 * **Dependency Update**: Updated to the latest SDK module versions
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/go_module_metadata.go
index d4c420fbd..5a0e19ae6 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/go_module_metadata.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/go_module_metadata.go
@@ -3,4 +3,4 @@
 package v4a
 
 // goModuleVersion is the tagged release for this module
-const goModuleVersion = "1.0.14"
+const goModuleVersion = "1.1.4"
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/middleware.go b/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/middleware.go
index 55d5e8abd..64b8b4e33 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/middleware.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/middleware.go
@@ -3,13 +3,13 @@ package v4a
 import (
 	"context"
 	"fmt"
-	"net/http"
-	"time"
-
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	v4 "github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
+	"net/http"
+	"time"
 )
 
 // HTTPSigner is SigV4a HTTP signer implementation
@@ -71,10 +71,23 @@ func (s *SignHTTPRequestMiddleware) HandleFinalize(
 		return out, metadata, &SigningError{Err: fmt.Errorf("failed to retrieve credentials: %w", err)}
 	}
 
-	err = s.signer.SignHTTP(ctx, credentials, req.Request, payloadHash, signingName, []string{signingRegion}, time.Now().UTC(), func(o *SignerOptions) {
-		o.Logger = middleware.GetLogger(ctx)
-		o.LogSigning = s.logSigning
-	})
+	signerOptions := []func(o *SignerOptions){
+		func(o *SignerOptions) {
+			o.Logger = middleware.GetLogger(ctx)
+			o.LogSigning = s.logSigning
+		},
+	}
+
+	// existing DisableURIPathEscaping is equivalent in purpose
+	// to authentication scheme property DisableDoubleEncoding
+	disableDoubleEncoding, overridden := internalauth.GetDisableDoubleEncoding(ctx)
+	if overridden {
+		signerOptions = append(signerOptions, func(o *SignerOptions) {
+			o.DisableURIPathEscaping = disableDoubleEncoding
+		})
+	}
+
+	err = s.signer.SignHTTP(ctx, credentials, req.Request, payloadHash, signingName, []string{signingRegion}, time.Now().UTC(), signerOptions...)
 	if err != nil {
 		return out, metadata, &SigningError{Err: fmt.Errorf("failed to sign http request, %w", err)}
 	}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/modman.toml b/vendor/github.com/aws/aws-sdk-go-v2/modman.toml
index b6d07cdd6..e505f5314 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/modman.toml
+++ b/vendor/github.com/aws/aws-sdk-go-v2/modman.toml
@@ -1,7 +1,7 @@
 
 [dependencies]
   "github.com/aws/aws-sdk-go" = "v1.44.28"
-  "github.com/aws/smithy-go" = "v1.13.5"
+  "github.com/aws/smithy-go" = "v1.15.0"
   "github.com/google/go-cmp" = "v0.5.8"
   "github.com/jmespath/go-jmespath" = "v0.4.0"
   "golang.org/x/net" = "v0.1.0"
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/CHANGELOG.md
index c5699ec02..ac06c3635 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/CHANGELOG.md
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/CHANGELOG.md
@@ -1,3 +1,72 @@
+# v1.20.2 (2023-10-12)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.20.1 (2023-10-06)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.20.0 (2023-09-11)
+
+* **Feature**: This release will have ValidationException be thrown from ECR LifecyclePolicy APIs in regions LifecyclePolicy is not supported, this includes existing Amazon Dedicated Cloud (ADC) regions. This release will also change Tag: TagValue and Tag: TagKey to required.
+
+# v1.19.5 (2023-08-21)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.19.4 (2023-08-18)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.19.3 (2023-08-17)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.19.2 (2023-08-07)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.19.1 (2023-08-01)
+
+* No change notes available for this release.
+
+# v1.19.0 (2023-07-31)
+
+* **Feature**: Adds support for smithy-modeled endpoint resolution. A new rules-based endpoint resolution will be added to the SDK which will supercede and deprecate existing endpoint resolution. Specifically, EndpointResolver will be deprecated while BaseEndpoint and EndpointResolverV2 will take its place. For more information, please see the Endpoints section in our Developer Guide.
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.18.15 (2023-07-28)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.18.14 (2023-07-13)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.18.13 (2023-06-15)
+
+* No change notes available for this release.
+
+# v1.18.12 (2023-06-13)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.18.11 (2023-05-04)
+
+* No change notes available for this release.
+
+# v1.18.10 (2023-04-24)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.18.9 (2023-04-10)
+
+* No change notes available for this release.
+
+# v1.18.8 (2023-04-07)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
 # v1.18.7 (2023-03-21)
 
 * **Dependency Update**: Updated to the latest SDK module versions
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_client.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_client.go
index c51da7830..f1984dd44 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_client.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_client.go
@@ -4,6 +4,7 @@ package ecr
 
 import (
 	"context"
+	"fmt"
 	"github.com/aws/aws-sdk-go-v2/aws"
 	"github.com/aws/aws-sdk-go-v2/aws/defaults"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
@@ -46,8 +47,6 @@ func New(options Options, optFns ...func(*Options)) *Client {
 
 	resolveHTTPSignerV4(&options)
 
-	resolveDefaultEndpointConfiguration(&options)
-
 	for _, fn := range optFns {
 		fn(&options)
 	}
@@ -65,6 +64,14 @@ type Options struct {
 	// modify this list for per operation behavior.
 	APIOptions []func(*middleware.Stack) error
 
+	// The optional application specific identifier appended to the User-Agent header.
+	AppID string
+
+	// This endpoint will be given as input to an EndpointResolverV2. It is used for
+	// providing a custom base endpoint that is subject to modifications by the
+	// processing EndpointResolverV2.
+	BaseEndpoint *string
+
 	// Configures the events that will be sent to the configured logger.
 	ClientLogMode aws.ClientLogMode
 
@@ -79,8 +86,18 @@ type Options struct {
 	EndpointOptions EndpointResolverOptions
 
 	// The service endpoint resolver.
+	//
+	// Deprecated: Deprecated: EndpointResolver and WithEndpointResolver. Providing a
+	// value for this field will likely prevent you from using any endpoint-related
+	// service features released after the introduction of EndpointResolverV2 and
+	// BaseEndpoint. To migrate an EndpointResolver implementation that uses a custom
+	// endpoint, set the client option BaseEndpoint instead.
 	EndpointResolver EndpointResolver
 
+	// Resolves the endpoint used for a particular service. This should be used over
+	// the deprecated EndpointResolver
+	EndpointResolverV2 EndpointResolverV2
+
 	// Signature Version 4 (SigV4) Signer
 	HTTPSignerV4 HTTPSignerV4
 
@@ -115,7 +132,7 @@ type Options struct {
 	Retryer aws.Retryer
 
 	// The RuntimeEnvironment configuration, only populated if the DefaultsMode is set
-	// to DefaultsModeAuto and is initialized using config.LoadDefaultConfig. You
+	// to DefaultsModeAuto and is initialized using config.LoadDefaultConfig . You
 	// should not populate this structure programmatically, or rely on the values here
 	// within your applications.
 	RuntimeEnvironment aws.RuntimeEnvironment
@@ -139,14 +156,25 @@ func WithAPIOptions(optFns ...func(*middleware.Stack) error) func(*Options) {
 	}
 }
 
-// WithEndpointResolver returns a functional option for setting the Client's
-// EndpointResolver option.
+// Deprecated: EndpointResolver and WithEndpointResolver. Providing a value for
+// this field will likely prevent you from using any endpoint-related service
+// features released after the introduction of EndpointResolverV2 and BaseEndpoint.
+// To migrate an EndpointResolver implementation that uses a custom endpoint, set
+// the client option BaseEndpoint instead.
 func WithEndpointResolver(v EndpointResolver) func(*Options) {
 	return func(o *Options) {
 		o.EndpointResolver = v
 	}
 }
 
+// WithEndpointResolverV2 returns a functional option for setting the Client's
+// EndpointResolverV2 option.
+func WithEndpointResolverV2(v EndpointResolverV2) func(*Options) {
+	return func(o *Options) {
+		o.EndpointResolverV2 = v
+	}
+}
+
 type HTTPClient interface {
 	Do(*http.Request) (*http.Response, error)
 }
@@ -163,6 +191,8 @@ func (c *Client) invokeOperation(ctx context.Context, opID string, params interf
 	ctx = middleware.ClearStackValues(ctx)
 	stack := middleware.NewStack(opID, smithyhttp.NewStackRequest)
 	options := c.options.Copy()
+	resolveEndpointResolverV2(&options)
+
 	for _, fn := range optFns {
 		fn(&options)
 	}
@@ -197,6 +227,30 @@ func (c *Client) invokeOperation(ctx context.Context, opID string, params interf
 
 type noSmithyDocumentSerde = smithydocument.NoSerde
 
+type legacyEndpointContextSetter struct {
+	LegacyResolver EndpointResolver
+}
+
+func (*legacyEndpointContextSetter) ID() string {
+	return "legacyEndpointContextSetter"
+}
+
+func (m *legacyEndpointContextSetter) HandleInitialize(ctx context.Context, in middleware.InitializeInput, next middleware.InitializeHandler) (
+	out middleware.InitializeOutput, metadata middleware.Metadata, err error,
+) {
+	if m.LegacyResolver != nil {
+		ctx = awsmiddleware.SetRequiresLegacyEndpoints(ctx, true)
+	}
+
+	return next.HandleInitialize(ctx, in)
+
+}
+func addlegacyEndpointContextSetter(stack *middleware.Stack, o Options) error {
+	return stack.Initialize.Add(&legacyEndpointContextSetter{
+		LegacyResolver: o.EndpointResolver,
+	}, middleware.Before)
+}
+
 func resolveDefaultLogger(o *Options) {
 	if o.Logger != nil {
 		return
@@ -234,6 +288,7 @@ func NewFromConfig(cfg aws.Config, optFns ...func(*Options)) *Client {
 		APIOptions:         cfg.APIOptions,
 		Logger:             cfg.Logger,
 		ClientLogMode:      cfg.ClientLogMode,
+		AppID:              cfg.AppID,
 	}
 	resolveAWSRetryerProvider(cfg, &opts)
 	resolveAWSRetryMaxAttempts(cfg, &opts)
@@ -344,11 +399,19 @@ func resolveAWSEndpointResolver(cfg aws.Config, o *Options) {
 	if cfg.EndpointResolver == nil && cfg.EndpointResolverWithOptions == nil {
 		return
 	}
-	o.EndpointResolver = withEndpointResolver(cfg.EndpointResolver, cfg.EndpointResolverWithOptions, NewDefaultEndpointResolver())
+	o.EndpointResolver = withEndpointResolver(cfg.EndpointResolver, cfg.EndpointResolverWithOptions)
 }
 
-func addClientUserAgent(stack *middleware.Stack) error {
-	return awsmiddleware.AddSDKAgentKeyValue(awsmiddleware.APIMetadata, "ecr", goModuleVersion)(stack)
+func addClientUserAgent(stack *middleware.Stack, options Options) error {
+	if err := awsmiddleware.AddSDKAgentKeyValue(awsmiddleware.APIMetadata, "ecr", goModuleVersion)(stack); err != nil {
+		return err
+	}
+
+	if len(options.AppID) > 0 {
+		return awsmiddleware.AddSDKAgentKey(awsmiddleware.ApplicationIdentifier, options.AppID)(stack)
+	}
+
+	return nil
 }
 
 func addHTTPSignerV4Middleware(stack *middleware.Stack, o Options) error {
@@ -432,3 +495,32 @@ func addRequestResponseLogging(stack *middleware.Stack, o Options) error {
 		LogResponseWithBody: o.ClientLogMode.IsResponseWithBody(),
 	}, middleware.After)
 }
+
+type endpointDisableHTTPSMiddleware struct {
+	EndpointDisableHTTPS bool
+}
+
+func (*endpointDisableHTTPSMiddleware) ID() string {
+	return "endpointDisableHTTPSMiddleware"
+}
+
+func (m *endpointDisableHTTPSMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointDisableHTTPS && !smithyhttp.GetHostnameImmutable(ctx) {
+		req.URL.Scheme = "http"
+	}
+
+	return next.HandleSerialize(ctx, in)
+
+}
+func addendpointDisableHTTPSMiddleware(stack *middleware.Stack, o Options) error {
+	return stack.Serialize.Insert(&endpointDisableHTTPSMiddleware{
+		EndpointDisableHTTPS: o.EndpointOptions.DisableHTTPS,
+	}, "OperationSerializer", middleware.Before)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_BatchCheckLayerAvailability.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_BatchCheckLayerAvailability.go
index cea7521f6..8cc701c6f 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_BatchCheckLayerAvailability.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_BatchCheckLayerAvailability.go
@@ -4,9 +4,14 @@ package ecr
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
 	"github.com/aws/aws-sdk-go-v2/service/ecr/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -57,8 +62,8 @@ type BatchCheckLayerAvailabilityOutput struct {
 	// Any failures associated with the call.
 	Failures []types.LayerFailure
 
-	// A list of image layer objects corresponding to the image layer references in the
-	// request.
+	// A list of image layer objects corresponding to the image layer references in
+	// the request.
 	Layers []types.Layer
 
 	// Metadata pertaining to the operation's result.
@@ -76,6 +81,9 @@ func (c *Client) addOperationBatchCheckLayerAvailabilityMiddlewares(stack *middl
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -103,7 +111,7 @@ func (c *Client) addOperationBatchCheckLayerAvailabilityMiddlewares(stack *middl
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -112,12 +120,18 @@ func (c *Client) addOperationBatchCheckLayerAvailabilityMiddlewares(stack *middl
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addBatchCheckLayerAvailabilityResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpBatchCheckLayerAvailabilityValidationMiddleware(stack); err != nil {
 		return err
 	}
 	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opBatchCheckLayerAvailability(options.Region), middleware.Before); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addRequestIDRetrieverMiddleware(stack); err != nil {
 		return err
 	}
@@ -127,6 +141,9 @@ func (c *Client) addOperationBatchCheckLayerAvailabilityMiddlewares(stack *middl
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -138,3 +155,126 @@ func newServiceMetadataMiddleware_opBatchCheckLayerAvailability(region string) *
 		OperationName: "BatchCheckLayerAvailability",
 	}
 }
+
+type opBatchCheckLayerAvailabilityResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opBatchCheckLayerAvailabilityResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opBatchCheckLayerAvailabilityResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addBatchCheckLayerAvailabilityResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opBatchCheckLayerAvailabilityResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_BatchDeleteImage.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_BatchDeleteImage.go
index 80c9d5b5c..53816800d 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_BatchDeleteImage.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_BatchDeleteImage.go
@@ -4,15 +4,20 @@ package ecr
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
 	"github.com/aws/aws-sdk-go-v2/service/ecr/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
 
 // Deletes a list of specified images within a repository. Images are specified
-// with either an imageTag or imageDigest. You can remove a tag from an image by
+// with either an imageTag or imageDigest . You can remove a tag from an image by
 // specifying the image's tag in your request. When you remove the last tag from an
 // image, the image is deleted from your repository. You can completely delete an
 // image (and all of its tags) by specifying the image's digest in your request.
@@ -32,11 +37,11 @@ func (c *Client) BatchDeleteImage(ctx context.Context, params *BatchDeleteImageI
 }
 
 // Deletes specified images within a specified repository. Images are specified
-// with either the imageTag or imageDigest.
+// with either the imageTag or imageDigest .
 type BatchDeleteImageInput struct {
 
-	// A list of image ID references that correspond to images to delete. The format of
-	// the imageIds reference is imageTag=tag or imageDigest=digest.
+	// A list of image ID references that correspond to images to delete. The format
+	// of the imageIds reference is imageTag=tag or imageDigest=digest .
 	//
 	// This member is required.
 	ImageIds []types.ImageIdentifier
@@ -77,6 +82,9 @@ func (c *Client) addOperationBatchDeleteImageMiddlewares(stack *middleware.Stack
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -104,7 +112,7 @@ func (c *Client) addOperationBatchDeleteImageMiddlewares(stack *middleware.Stack
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -113,12 +121,18 @@ func (c *Client) addOperationBatchDeleteImageMiddlewares(stack *middleware.Stack
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addBatchDeleteImageResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpBatchDeleteImageValidationMiddleware(stack); err != nil {
 		return err
 	}
 	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opBatchDeleteImage(options.Region), middleware.Before); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addRequestIDRetrieverMiddleware(stack); err != nil {
 		return err
 	}
@@ -128,6 +142,9 @@ func (c *Client) addOperationBatchDeleteImageMiddlewares(stack *middleware.Stack
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -139,3 +156,126 @@ func newServiceMetadataMiddleware_opBatchDeleteImage(region string) *awsmiddlewa
 		OperationName: "BatchDeleteImage",
 	}
 }
+
+type opBatchDeleteImageResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opBatchDeleteImageResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opBatchDeleteImageResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addBatchDeleteImageResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opBatchDeleteImageResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_BatchGetImage.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_BatchGetImage.go
index b2724f89a..d2f2d85f8 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_BatchGetImage.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_BatchGetImage.go
@@ -4,15 +4,20 @@ package ecr
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
 	"github.com/aws/aws-sdk-go-v2/service/ecr/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
 
 // Gets detailed information for an image. Images are specified with either an
-// imageTag or imageDigest. When an image is pulled, the BatchGetImage API is
+// imageTag or imageDigest . When an image is pulled, the BatchGetImage API is
 // called once to retrieve the image manifest.
 func (c *Client) BatchGetImage(ctx context.Context, params *BatchGetImageInput, optFns ...func(*Options)) (*BatchGetImageOutput, error) {
 	if params == nil {
@@ -32,7 +37,7 @@ func (c *Client) BatchGetImage(ctx context.Context, params *BatchGetImageInput,
 type BatchGetImageInput struct {
 
 	// A list of image ID references that correspond to images to describe. The format
-	// of the imageIds reference is imageTag=tag or imageDigest=digest.
+	// of the imageIds reference is imageTag=tag or imageDigest=digest .
 	//
 	// This member is required.
 	ImageIds []types.ImageIdentifier
@@ -79,6 +84,9 @@ func (c *Client) addOperationBatchGetImageMiddlewares(stack *middleware.Stack, o
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -106,7 +114,7 @@ func (c *Client) addOperationBatchGetImageMiddlewares(stack *middleware.Stack, o
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -115,12 +123,18 @@ func (c *Client) addOperationBatchGetImageMiddlewares(stack *middleware.Stack, o
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addBatchGetImageResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpBatchGetImageValidationMiddleware(stack); err != nil {
 		return err
 	}
 	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opBatchGetImage(options.Region), middleware.Before); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addRequestIDRetrieverMiddleware(stack); err != nil {
 		return err
 	}
@@ -130,6 +144,9 @@ func (c *Client) addOperationBatchGetImageMiddlewares(stack *middleware.Stack, o
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -141,3 +158,126 @@ func newServiceMetadataMiddleware_opBatchGetImage(region string) *awsmiddleware.
 		OperationName: "BatchGetImage",
 	}
 }
+
+type opBatchGetImageResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opBatchGetImageResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opBatchGetImageResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addBatchGetImageResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opBatchGetImageResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_BatchGetRepositoryScanningConfiguration.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_BatchGetRepositoryScanningConfiguration.go
index 42adcbbc4..30591dcdf 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_BatchGetRepositoryScanningConfiguration.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_BatchGetRepositoryScanningConfiguration.go
@@ -4,9 +4,14 @@ package ecr
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
 	"github.com/aws/aws-sdk-go-v2/service/ecr/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -60,6 +65,9 @@ func (c *Client) addOperationBatchGetRepositoryScanningConfigurationMiddlewares(
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -87,7 +95,7 @@ func (c *Client) addOperationBatchGetRepositoryScanningConfigurationMiddlewares(
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -96,12 +104,18 @@ func (c *Client) addOperationBatchGetRepositoryScanningConfigurationMiddlewares(
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addBatchGetRepositoryScanningConfigurationResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpBatchGetRepositoryScanningConfigurationValidationMiddleware(stack); err != nil {
 		return err
 	}
 	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opBatchGetRepositoryScanningConfiguration(options.Region), middleware.Before); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addRequestIDRetrieverMiddleware(stack); err != nil {
 		return err
 	}
@@ -111,6 +125,9 @@ func (c *Client) addOperationBatchGetRepositoryScanningConfigurationMiddlewares(
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -122,3 +139,126 @@ func newServiceMetadataMiddleware_opBatchGetRepositoryScanningConfiguration(regi
 		OperationName: "BatchGetRepositoryScanningConfiguration",
 	}
 }
+
+type opBatchGetRepositoryScanningConfigurationResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opBatchGetRepositoryScanningConfigurationResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opBatchGetRepositoryScanningConfigurationResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addBatchGetRepositoryScanningConfigurationResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opBatchGetRepositoryScanningConfigurationResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_CompleteLayerUpload.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_CompleteLayerUpload.go
index ac1fe8a37..ee896d53e 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_CompleteLayerUpload.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_CompleteLayerUpload.go
@@ -4,8 +4,13 @@ package ecr
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -87,6 +92,9 @@ func (c *Client) addOperationCompleteLayerUploadMiddlewares(stack *middleware.St
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -114,7 +122,7 @@ func (c *Client) addOperationCompleteLayerUploadMiddlewares(stack *middleware.St
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -123,12 +131,18 @@ func (c *Client) addOperationCompleteLayerUploadMiddlewares(stack *middleware.St
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addCompleteLayerUploadResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpCompleteLayerUploadValidationMiddleware(stack); err != nil {
 		return err
 	}
 	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opCompleteLayerUpload(options.Region), middleware.Before); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addRequestIDRetrieverMiddleware(stack); err != nil {
 		return err
 	}
@@ -138,6 +152,9 @@ func (c *Client) addOperationCompleteLayerUploadMiddlewares(stack *middleware.St
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -149,3 +166,126 @@ func newServiceMetadataMiddleware_opCompleteLayerUpload(region string) *awsmiddl
 		OperationName: "CompleteLayerUpload",
 	}
 }
+
+type opCompleteLayerUploadResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opCompleteLayerUploadResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opCompleteLayerUploadResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addCompleteLayerUploadResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opCompleteLayerUploadResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_CreatePullThroughCacheRule.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_CreatePullThroughCacheRule.go
index 6a67466e9..a31b8bb46 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_CreatePullThroughCacheRule.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_CreatePullThroughCacheRule.go
@@ -4,8 +4,13 @@ package ecr
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 	"time"
@@ -80,6 +85,9 @@ func (c *Client) addOperationCreatePullThroughCacheRuleMiddlewares(stack *middle
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -107,7 +115,7 @@ func (c *Client) addOperationCreatePullThroughCacheRuleMiddlewares(stack *middle
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -116,12 +124,18 @@ func (c *Client) addOperationCreatePullThroughCacheRuleMiddlewares(stack *middle
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addCreatePullThroughCacheRuleResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpCreatePullThroughCacheRuleValidationMiddleware(stack); err != nil {
 		return err
 	}
 	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opCreatePullThroughCacheRule(options.Region), middleware.Before); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addRequestIDRetrieverMiddleware(stack); err != nil {
 		return err
 	}
@@ -131,6 +145,9 @@ func (c *Client) addOperationCreatePullThroughCacheRuleMiddlewares(stack *middle
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -142,3 +159,126 @@ func newServiceMetadataMiddleware_opCreatePullThroughCacheRule(region string) *a
 		OperationName: "CreatePullThroughCacheRule",
 	}
 }
+
+type opCreatePullThroughCacheRuleResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opCreatePullThroughCacheRuleResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opCreatePullThroughCacheRuleResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addCreatePullThroughCacheRuleResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opCreatePullThroughCacheRuleResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_CreateRepository.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_CreateRepository.go
index 1f22e5c82..1fdf9b212 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_CreateRepository.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_CreateRepository.go
@@ -4,16 +4,20 @@ package ecr
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
 	"github.com/aws/aws-sdk-go-v2/service/ecr/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
 
-// Creates a repository. For more information, see Amazon ECR repositories
-// (https://docs.aws.amazon.com/AmazonECR/latest/userguide/Repositories.html) in
-// the Amazon Elastic Container Registry User Guide.
+// Creates a repository. For more information, see Amazon ECR repositories (https://docs.aws.amazon.com/AmazonECR/latest/userguide/Repositories.html)
+// in the Amazon Elastic Container Registry User Guide.
 func (c *Client) CreateRepository(ctx context.Context, params *CreateRepositoryInput, optFns ...func(*Options)) (*CreateRepositoryOutput, error) {
 	if params == nil {
 		params = &CreateRepositoryInput{}
@@ -32,8 +36,10 @@ func (c *Client) CreateRepository(ctx context.Context, params *CreateRepositoryI
 type CreateRepositoryInput struct {
 
 	// The name to use for the repository. The repository name may be specified on its
-	// own (such as nginx-web-app) or it can be prepended with a namespace to group the
-	// repository into a category (such as project-a/nginx-web-app).
+	// own (such as nginx-web-app ) or it can be prepended with a namespace to group
+	// the repository into a category (such as project-a/nginx-web-app ). The
+	// repository name must start with a letter and can only contain lowercase letters,
+	// numbers, hyphens, underscores, and forward slashes.
 	//
 	// This member is required.
 	RepositoryName *string
@@ -47,8 +53,8 @@ type CreateRepositoryInput struct {
 	// repository.
 	ImageScanningConfiguration *types.ImageScanningConfiguration
 
-	// The tag mutability setting for the repository. If this parameter is omitted, the
-	// default setting of MUTABLE will be used which will allow image tags to be
+	// The tag mutability setting for the repository. If this parameter is omitted,
+	// the default setting of MUTABLE will be used which will allow image tags to be
 	// overwritten. If IMMUTABLE is specified, all image tags within the repository
 	// will be immutable which will prevent them from being overwritten.
 	ImageTagMutability types.ImageTagMutability
@@ -86,6 +92,9 @@ func (c *Client) addOperationCreateRepositoryMiddlewares(stack *middleware.Stack
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -113,7 +122,7 @@ func (c *Client) addOperationCreateRepositoryMiddlewares(stack *middleware.Stack
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -122,12 +131,18 @@ func (c *Client) addOperationCreateRepositoryMiddlewares(stack *middleware.Stack
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addCreateRepositoryResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpCreateRepositoryValidationMiddleware(stack); err != nil {
 		return err
 	}
 	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opCreateRepository(options.Region), middleware.Before); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addRequestIDRetrieverMiddleware(stack); err != nil {
 		return err
 	}
@@ -137,6 +152,9 @@ func (c *Client) addOperationCreateRepositoryMiddlewares(stack *middleware.Stack
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -148,3 +166,126 @@ func newServiceMetadataMiddleware_opCreateRepository(region string) *awsmiddlewa
 		OperationName: "CreateRepository",
 	}
 }
+
+type opCreateRepositoryResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opCreateRepositoryResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opCreateRepositoryResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addCreateRepositoryResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opCreateRepositoryResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_DeleteLifecyclePolicy.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_DeleteLifecyclePolicy.go
index 1f215085f..53c4d5327 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_DeleteLifecyclePolicy.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_DeleteLifecyclePolicy.go
@@ -4,8 +4,13 @@ package ecr
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 	"time"
@@ -71,6 +76,9 @@ func (c *Client) addOperationDeleteLifecyclePolicyMiddlewares(stack *middleware.
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -98,7 +106,7 @@ func (c *Client) addOperationDeleteLifecyclePolicyMiddlewares(stack *middleware.
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -107,12 +115,18 @@ func (c *Client) addOperationDeleteLifecyclePolicyMiddlewares(stack *middleware.
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addDeleteLifecyclePolicyResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpDeleteLifecyclePolicyValidationMiddleware(stack); err != nil {
 		return err
 	}
 	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opDeleteLifecyclePolicy(options.Region), middleware.Before); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addRequestIDRetrieverMiddleware(stack); err != nil {
 		return err
 	}
@@ -122,6 +136,9 @@ func (c *Client) addOperationDeleteLifecyclePolicyMiddlewares(stack *middleware.
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -133,3 +150,126 @@ func newServiceMetadataMiddleware_opDeleteLifecyclePolicy(region string) *awsmid
 		OperationName: "DeleteLifecyclePolicy",
 	}
 }
+
+type opDeleteLifecyclePolicyResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opDeleteLifecyclePolicyResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opDeleteLifecyclePolicyResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addDeleteLifecyclePolicyResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opDeleteLifecyclePolicyResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_DeletePullThroughCacheRule.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_DeletePullThroughCacheRule.go
index 1f4bd9701..658c314c6 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_DeletePullThroughCacheRule.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_DeletePullThroughCacheRule.go
@@ -4,8 +4,13 @@ package ecr
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 	"time"
@@ -72,6 +77,9 @@ func (c *Client) addOperationDeletePullThroughCacheRuleMiddlewares(stack *middle
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -99,7 +107,7 @@ func (c *Client) addOperationDeletePullThroughCacheRuleMiddlewares(stack *middle
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -108,12 +116,18 @@ func (c *Client) addOperationDeletePullThroughCacheRuleMiddlewares(stack *middle
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addDeletePullThroughCacheRuleResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpDeletePullThroughCacheRuleValidationMiddleware(stack); err != nil {
 		return err
 	}
 	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opDeletePullThroughCacheRule(options.Region), middleware.Before); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addRequestIDRetrieverMiddleware(stack); err != nil {
 		return err
 	}
@@ -123,6 +137,9 @@ func (c *Client) addOperationDeletePullThroughCacheRuleMiddlewares(stack *middle
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -134,3 +151,126 @@ func newServiceMetadataMiddleware_opDeletePullThroughCacheRule(region string) *a
 		OperationName: "DeletePullThroughCacheRule",
 	}
 }
+
+type opDeletePullThroughCacheRuleResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opDeletePullThroughCacheRuleResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opDeletePullThroughCacheRuleResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addDeletePullThroughCacheRuleResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opDeletePullThroughCacheRuleResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_DeleteRegistryPolicy.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_DeleteRegistryPolicy.go
index a9230f956..2c1f88628 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_DeleteRegistryPolicy.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_DeleteRegistryPolicy.go
@@ -4,8 +4,13 @@ package ecr
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -53,6 +58,9 @@ func (c *Client) addOperationDeleteRegistryPolicyMiddlewares(stack *middleware.S
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -80,7 +88,7 @@ func (c *Client) addOperationDeleteRegistryPolicyMiddlewares(stack *middleware.S
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -89,9 +97,15 @@ func (c *Client) addOperationDeleteRegistryPolicyMiddlewares(stack *middleware.S
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addDeleteRegistryPolicyResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opDeleteRegistryPolicy(options.Region), middleware.Before); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addRequestIDRetrieverMiddleware(stack); err != nil {
 		return err
 	}
@@ -101,6 +115,9 @@ func (c *Client) addOperationDeleteRegistryPolicyMiddlewares(stack *middleware.S
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -112,3 +129,126 @@ func newServiceMetadataMiddleware_opDeleteRegistryPolicy(region string) *awsmidd
 		OperationName: "DeleteRegistryPolicy",
 	}
 }
+
+type opDeleteRegistryPolicyResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opDeleteRegistryPolicyResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opDeleteRegistryPolicyResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addDeleteRegistryPolicyResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opDeleteRegistryPolicyResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_DeleteRepository.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_DeleteRepository.go
index 525834b91..622a861e1 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_DeleteRepository.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_DeleteRepository.go
@@ -4,9 +4,14 @@ package ecr
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
 	"github.com/aws/aws-sdk-go-v2/service/ecr/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -66,6 +71,9 @@ func (c *Client) addOperationDeleteRepositoryMiddlewares(stack *middleware.Stack
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -93,7 +101,7 @@ func (c *Client) addOperationDeleteRepositoryMiddlewares(stack *middleware.Stack
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -102,12 +110,18 @@ func (c *Client) addOperationDeleteRepositoryMiddlewares(stack *middleware.Stack
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addDeleteRepositoryResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpDeleteRepositoryValidationMiddleware(stack); err != nil {
 		return err
 	}
 	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opDeleteRepository(options.Region), middleware.Before); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addRequestIDRetrieverMiddleware(stack); err != nil {
 		return err
 	}
@@ -117,6 +131,9 @@ func (c *Client) addOperationDeleteRepositoryMiddlewares(stack *middleware.Stack
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -128,3 +145,126 @@ func newServiceMetadataMiddleware_opDeleteRepository(region string) *awsmiddlewa
 		OperationName: "DeleteRepository",
 	}
 }
+
+type opDeleteRepositoryResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opDeleteRepositoryResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opDeleteRepositoryResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addDeleteRepositoryResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opDeleteRepositoryResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_DeleteRepositoryPolicy.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_DeleteRepositoryPolicy.go
index dd23305f8..6b7fb0bcf 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_DeleteRepositoryPolicy.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_DeleteRepositoryPolicy.go
@@ -4,8 +4,13 @@ package ecr
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -68,6 +73,9 @@ func (c *Client) addOperationDeleteRepositoryPolicyMiddlewares(stack *middleware
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -95,7 +103,7 @@ func (c *Client) addOperationDeleteRepositoryPolicyMiddlewares(stack *middleware
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -104,12 +112,18 @@ func (c *Client) addOperationDeleteRepositoryPolicyMiddlewares(stack *middleware
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addDeleteRepositoryPolicyResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpDeleteRepositoryPolicyValidationMiddleware(stack); err != nil {
 		return err
 	}
 	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opDeleteRepositoryPolicy(options.Region), middleware.Before); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addRequestIDRetrieverMiddleware(stack); err != nil {
 		return err
 	}
@@ -119,6 +133,9 @@ func (c *Client) addOperationDeleteRepositoryPolicyMiddlewares(stack *middleware
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -130,3 +147,126 @@ func newServiceMetadataMiddleware_opDeleteRepositoryPolicy(region string) *awsmi
 		OperationName: "DeleteRepositoryPolicy",
 	}
 }
+
+type opDeleteRepositoryPolicyResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opDeleteRepositoryPolicyResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opDeleteRepositoryPolicyResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addDeleteRepositoryPolicyResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opDeleteRepositoryPolicyResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_DescribeImageReplicationStatus.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_DescribeImageReplicationStatus.go
index 0edd166a7..ba73c5f8c 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_DescribeImageReplicationStatus.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_DescribeImageReplicationStatus.go
@@ -4,9 +4,14 @@ package ecr
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
 	"github.com/aws/aws-sdk-go-v2/service/ecr/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -72,6 +77,9 @@ func (c *Client) addOperationDescribeImageReplicationStatusMiddlewares(stack *mi
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -99,7 +107,7 @@ func (c *Client) addOperationDescribeImageReplicationStatusMiddlewares(stack *mi
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -108,12 +116,18 @@ func (c *Client) addOperationDescribeImageReplicationStatusMiddlewares(stack *mi
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addDescribeImageReplicationStatusResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpDescribeImageReplicationStatusValidationMiddleware(stack); err != nil {
 		return err
 	}
 	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opDescribeImageReplicationStatus(options.Region), middleware.Before); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addRequestIDRetrieverMiddleware(stack); err != nil {
 		return err
 	}
@@ -123,6 +137,9 @@ func (c *Client) addOperationDescribeImageReplicationStatusMiddlewares(stack *mi
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -134,3 +151,126 @@ func newServiceMetadataMiddleware_opDescribeImageReplicationStatus(region string
 		OperationName: "DescribeImageReplicationStatus",
 	}
 }
+
+type opDescribeImageReplicationStatusResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opDescribeImageReplicationStatusResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opDescribeImageReplicationStatusResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addDescribeImageReplicationStatusResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opDescribeImageReplicationStatusResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_DescribeImageScanFindings.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_DescribeImageScanFindings.go
index 5908d7ed0..63464be1c 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_DescribeImageScanFindings.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_DescribeImageScanFindings.go
@@ -4,10 +4,14 @@ package ecr
 
 import (
 	"context"
+	"errors"
 	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
 	"github.com/aws/aws-sdk-go-v2/service/ecr/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithytime "github.com/aws/smithy-go/time"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
@@ -45,11 +49,11 @@ type DescribeImageScanFindingsInput struct {
 	RepositoryName *string
 
 	// The maximum number of image scan results returned by DescribeImageScanFindings
-	// in paginated output. When this parameter is used, DescribeImageScanFindings only
-	// returns maxResults results in a single page along with a nextToken response
-	// element. The remaining results of the initial request can be seen by sending
-	// another DescribeImageScanFindings request with the returned nextToken value.
-	// This value can be between 1 and 1000. If this parameter is not used, then
+	// in paginated output. When this parameter is used, DescribeImageScanFindings
+	// only returns maxResults results in a single page along with a nextToken
+	// response element. The remaining results of the initial request can be seen by
+	// sending another DescribeImageScanFindings request with the returned nextToken
+	// value. This value can be between 1 and 1000. If this parameter is not used, then
 	// DescribeImageScanFindings returns up to 100 results and a nextToken value, if
 	// applicable.
 	MaxResults *int32
@@ -81,7 +85,7 @@ type DescribeImageScanFindingsOutput struct {
 	ImageScanStatus *types.ImageScanStatus
 
 	// The nextToken value to include in a future DescribeImageScanFindings request.
-	// When the results of a DescribeImageScanFindings request exceed maxResults, this
+	// When the results of a DescribeImageScanFindings request exceed maxResults , this
 	// value can be used to retrieve the next page of results. This value is null when
 	// there are no more results to return.
 	NextToken *string
@@ -107,6 +111,9 @@ func (c *Client) addOperationDescribeImageScanFindingsMiddlewares(stack *middlew
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -134,7 +141,7 @@ func (c *Client) addOperationDescribeImageScanFindingsMiddlewares(stack *middlew
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -143,12 +150,18 @@ func (c *Client) addOperationDescribeImageScanFindingsMiddlewares(stack *middlew
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addDescribeImageScanFindingsResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpDescribeImageScanFindingsValidationMiddleware(stack); err != nil {
 		return err
 	}
 	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opDescribeImageScanFindings(options.Region), middleware.Before); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addRequestIDRetrieverMiddleware(stack); err != nil {
 		return err
 	}
@@ -158,6 +171,9 @@ func (c *Client) addOperationDescribeImageScanFindingsMiddlewares(stack *middlew
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -173,11 +189,11 @@ var _ DescribeImageScanFindingsAPIClient = (*Client)(nil)
 // DescribeImageScanFindings
 type DescribeImageScanFindingsPaginatorOptions struct {
 	// The maximum number of image scan results returned by DescribeImageScanFindings
-	// in paginated output. When this parameter is used, DescribeImageScanFindings only
-	// returns maxResults results in a single page along with a nextToken response
-	// element. The remaining results of the initial request can be seen by sending
-	// another DescribeImageScanFindings request with the returned nextToken value.
-	// This value can be between 1 and 1000. If this parameter is not used, then
+	// in paginated output. When this parameter is used, DescribeImageScanFindings
+	// only returns maxResults results in a single page along with a nextToken
+	// response element. The remaining results of the initial request can be seen by
+	// sending another DescribeImageScanFindings request with the returned nextToken
+	// value. This value can be between 1 and 1000. If this parameter is not used, then
 	// DescribeImageScanFindings returns up to 100 results and a nextToken value, if
 	// applicable.
 	Limit int32
@@ -273,9 +289,9 @@ type ImageScanCompleteWaiterOptions struct {
 	// MinDelay must resolve to a value lesser than or equal to the MaxDelay.
 	MinDelay time.Duration
 
-	// MaxDelay is the maximum amount of time to delay between retries. If unset or set
-	// to zero, ImageScanCompleteWaiter will use default max delay of 120 seconds. Note
-	// that MaxDelay must resolve to value greater than or equal to the MinDelay.
+	// MaxDelay is the maximum amount of time to delay between retries. If unset or
+	// set to zero, ImageScanCompleteWaiter will use default max delay of 120 seconds.
+	// Note that MaxDelay must resolve to value greater than or equal to the MinDelay.
 	MaxDelay time.Duration
 
 	// LogWaitAttempts is used to enable logging for waiter retry attempts
@@ -323,10 +339,10 @@ func (w *ImageScanCompleteWaiter) Wait(ctx context.Context, params *DescribeImag
 	return err
 }
 
-// WaitForOutput calls the waiter function for ImageScanComplete waiter and returns
-// the output of the successful operation. The maxWaitDur is the maximum wait
-// duration the waiter will wait. The maxWaitDur is required and must be greater
-// than zero.
+// WaitForOutput calls the waiter function for ImageScanComplete waiter and
+// returns the output of the successful operation. The maxWaitDur is the maximum
+// wait duration the waiter will wait. The maxWaitDur is required and must be
+// greater than zero.
 func (w *ImageScanCompleteWaiter) WaitForOutput(ctx context.Context, params *DescribeImageScanFindingsInput, maxWaitDur time.Duration, optFns ...func(*ImageScanCompleteWaiterOptions)) (*DescribeImageScanFindingsOutput, error) {
 	if maxWaitDur <= 0 {
 		return nil, fmt.Errorf("maximum wait time for waiter must be greater than zero")
@@ -445,3 +461,126 @@ func newServiceMetadataMiddleware_opDescribeImageScanFindings(region string) *aw
 		OperationName: "DescribeImageScanFindings",
 	}
 }
+
+type opDescribeImageScanFindingsResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opDescribeImageScanFindingsResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opDescribeImageScanFindingsResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addDescribeImageScanFindingsResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opDescribeImageScanFindingsResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_DescribeImages.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_DescribeImages.go
index f4b654290..788c7665e 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_DescribeImages.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_DescribeImages.go
@@ -4,19 +4,23 @@ package ecr
 
 import (
 	"context"
+	"errors"
 	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
 	"github.com/aws/aws-sdk-go-v2/service/ecr/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
 
-// Returns metadata about the images in a repository. Beginning with Docker version
-// 1.9, the Docker client compresses image layers before pushing them to a V2
-// Docker registry. The output of the docker images command shows the uncompressed
-// image size, so it may return a larger image size than the image sizes returned
-// by DescribeImages.
+// Returns metadata about the images in a repository. Beginning with Docker
+// version 1.9, the Docker client compresses image layers before pushing them to a
+// V2 Docker registry. The output of the docker images command shows the
+// uncompressed image size, so it may return a larger image size than the image
+// sizes returned by DescribeImages .
 func (c *Client) DescribeImages(ctx context.Context, params *DescribeImagesInput, optFns ...func(*Options)) (*DescribeImagesOutput, error) {
 	if params == nil {
 		params = &DescribeImagesInput{}
@@ -45,21 +49,21 @@ type DescribeImagesInput struct {
 	// The list of image IDs for the requested repository.
 	ImageIds []types.ImageIdentifier
 
-	// The maximum number of repository results returned by DescribeImages in paginated
-	// output. When this parameter is used, DescribeImages only returns maxResults
-	// results in a single page along with a nextToken response element. The remaining
-	// results of the initial request can be seen by sending another DescribeImages
-	// request with the returned nextToken value. This value can be between 1 and 1000.
-	// If this parameter is not used, then DescribeImages returns up to 100 results and
-	// a nextToken value, if applicable. This option cannot be used when you specify
-	// images with imageIds.
+	// The maximum number of repository results returned by DescribeImages in
+	// paginated output. When this parameter is used, DescribeImages only returns
+	// maxResults results in a single page along with a nextToken response element.
+	// The remaining results of the initial request can be seen by sending another
+	// DescribeImages request with the returned nextToken value. This value can be
+	// between 1 and 1000. If this parameter is not used, then DescribeImages returns
+	// up to 100 results and a nextToken value, if applicable. This option cannot be
+	// used when you specify images with imageIds .
 	MaxResults *int32
 
 	// The nextToken value returned from a previous paginated DescribeImages request
 	// where maxResults was used and the results exceeded the value of that parameter.
 	// Pagination continues from the end of the previous results that returned the
 	// nextToken value. This value is null when there are no more results to return.
-	// This option cannot be used when you specify images with imageIds.
+	// This option cannot be used when you specify images with imageIds .
 	NextToken *string
 
 	// The Amazon Web Services account ID associated with the registry that contains
@@ -76,8 +80,8 @@ type DescribeImagesOutput struct {
 	ImageDetails []types.ImageDetail
 
 	// The nextToken value to include in a future DescribeImages request. When the
-	// results of a DescribeImages request exceed maxResults, this value can be used to
-	// retrieve the next page of results. This value is null when there are no more
+	// results of a DescribeImages request exceed maxResults , this value can be used
+	// to retrieve the next page of results. This value is null when there are no more
 	// results to return.
 	NextToken *string
 
@@ -96,6 +100,9 @@ func (c *Client) addOperationDescribeImagesMiddlewares(stack *middleware.Stack,
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -123,7 +130,7 @@ func (c *Client) addOperationDescribeImagesMiddlewares(stack *middleware.Stack,
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -132,12 +139,18 @@ func (c *Client) addOperationDescribeImagesMiddlewares(stack *middleware.Stack,
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addDescribeImagesResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpDescribeImagesValidationMiddleware(stack); err != nil {
 		return err
 	}
 	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opDescribeImages(options.Region), middleware.Before); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addRequestIDRetrieverMiddleware(stack); err != nil {
 		return err
 	}
@@ -147,6 +160,9 @@ func (c *Client) addOperationDescribeImagesMiddlewares(stack *middleware.Stack,
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -160,14 +176,14 @@ var _ DescribeImagesAPIClient = (*Client)(nil)
 
 // DescribeImagesPaginatorOptions is the paginator options for DescribeImages
 type DescribeImagesPaginatorOptions struct {
-	// The maximum number of repository results returned by DescribeImages in paginated
-	// output. When this parameter is used, DescribeImages only returns maxResults
-	// results in a single page along with a nextToken response element. The remaining
-	// results of the initial request can be seen by sending another DescribeImages
-	// request with the returned nextToken value. This value can be between 1 and 1000.
-	// If this parameter is not used, then DescribeImages returns up to 100 results and
-	// a nextToken value, if applicable. This option cannot be used when you specify
-	// images with imageIds.
+	// The maximum number of repository results returned by DescribeImages in
+	// paginated output. When this parameter is used, DescribeImages only returns
+	// maxResults results in a single page along with a nextToken response element.
+	// The remaining results of the initial request can be seen by sending another
+	// DescribeImages request with the returned nextToken value. This value can be
+	// between 1 and 1000. If this parameter is not used, then DescribeImages returns
+	// up to 100 results and a nextToken value, if applicable. This option cannot be
+	// used when you specify images with imageIds .
 	Limit int32
 
 	// Set to true if pagination should stop if the service returns a pagination token
@@ -255,3 +271,126 @@ func newServiceMetadataMiddleware_opDescribeImages(region string) *awsmiddleware
 		OperationName: "DescribeImages",
 	}
 }
+
+type opDescribeImagesResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opDescribeImagesResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opDescribeImagesResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addDescribeImagesResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opDescribeImagesResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_DescribePullThroughCacheRules.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_DescribePullThroughCacheRules.go
index 2bfefbd7a..85d4842bd 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_DescribePullThroughCacheRules.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_DescribePullThroughCacheRules.go
@@ -4,10 +4,14 @@ package ecr
 
 import (
 	"context"
+	"errors"
 	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
 	"github.com/aws/aws-sdk-go-v2/service/ecr/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -65,7 +69,7 @@ type DescribePullThroughCacheRulesOutput struct {
 
 	// The nextToken value to include in a future DescribePullThroughCacheRulesRequest
 	// request. When the results of a DescribePullThroughCacheRulesRequest request
-	// exceed maxResults, this value can be used to retrieve the next page of results.
+	// exceed maxResults , this value can be used to retrieve the next page of results.
 	// This value is null when there are no more results to return.
 	NextToken *string
 
@@ -87,6 +91,9 @@ func (c *Client) addOperationDescribePullThroughCacheRulesMiddlewares(stack *mid
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -114,7 +121,7 @@ func (c *Client) addOperationDescribePullThroughCacheRulesMiddlewares(stack *mid
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -123,9 +130,15 @@ func (c *Client) addOperationDescribePullThroughCacheRulesMiddlewares(stack *mid
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addDescribePullThroughCacheRulesResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opDescribePullThroughCacheRules(options.Region), middleware.Before); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addRequestIDRetrieverMiddleware(stack); err != nil {
 		return err
 	}
@@ -135,6 +148,9 @@ func (c *Client) addOperationDescribePullThroughCacheRulesMiddlewares(stack *mid
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -247,3 +263,126 @@ func newServiceMetadataMiddleware_opDescribePullThroughCacheRules(region string)
 		OperationName: "DescribePullThroughCacheRules",
 	}
 }
+
+type opDescribePullThroughCacheRulesResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opDescribePullThroughCacheRulesResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opDescribePullThroughCacheRulesResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addDescribePullThroughCacheRulesResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opDescribePullThroughCacheRulesResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_DescribeRegistry.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_DescribeRegistry.go
index 8d5f44222..e231a8f77 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_DescribeRegistry.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_DescribeRegistry.go
@@ -4,9 +4,14 @@ package ecr
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
 	"github.com/aws/aws-sdk-go-v2/service/ecr/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -56,6 +61,9 @@ func (c *Client) addOperationDescribeRegistryMiddlewares(stack *middleware.Stack
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -83,7 +91,7 @@ func (c *Client) addOperationDescribeRegistryMiddlewares(stack *middleware.Stack
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -92,9 +100,15 @@ func (c *Client) addOperationDescribeRegistryMiddlewares(stack *middleware.Stack
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addDescribeRegistryResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opDescribeRegistry(options.Region), middleware.Before); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addRequestIDRetrieverMiddleware(stack); err != nil {
 		return err
 	}
@@ -104,6 +118,9 @@ func (c *Client) addOperationDescribeRegistryMiddlewares(stack *middleware.Stack
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -115,3 +132,126 @@ func newServiceMetadataMiddleware_opDescribeRegistry(region string) *awsmiddlewa
 		OperationName: "DescribeRegistry",
 	}
 }
+
+type opDescribeRegistryResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opDescribeRegistryResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opDescribeRegistryResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addDescribeRegistryResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opDescribeRegistryResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_DescribeRepositories.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_DescribeRepositories.go
index cef08268c..71fcebce6 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_DescribeRepositories.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_DescribeRepositories.go
@@ -4,10 +4,14 @@ package ecr
 
 import (
 	"context"
+	"errors"
 	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
 	"github.com/aws/aws-sdk-go-v2/service/ecr/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -31,13 +35,14 @@ func (c *Client) DescribeRepositories(ctx context.Context, params *DescribeRepos
 type DescribeRepositoriesInput struct {
 
 	// The maximum number of repository results returned by DescribeRepositories in
-	// paginated output. When this parameter is used, DescribeRepositories only returns
-	// maxResults results in a single page along with a nextToken response element. The
-	// remaining results of the initial request can be seen by sending another
-	// DescribeRepositories request with the returned nextToken value. This value can
-	// be between 1 and 1000. If this parameter is not used, then DescribeRepositories
-	// returns up to 100 results and a nextToken value, if applicable. This option
-	// cannot be used when you specify repositories with repositoryNames.
+	// paginated output. When this parameter is used, DescribeRepositories only
+	// returns maxResults results in a single page along with a nextToken response
+	// element. The remaining results of the initial request can be seen by sending
+	// another DescribeRepositories request with the returned nextToken value. This
+	// value can be between 1 and 1000. If this parameter is not used, then
+	// DescribeRepositories returns up to 100 results and a nextToken value, if
+	// applicable. This option cannot be used when you specify repositories with
+	// repositoryNames .
 	MaxResults *int32
 
 	// The nextToken value returned from a previous paginated DescribeRepositories
@@ -45,7 +50,7 @@ type DescribeRepositoriesInput struct {
 	// parameter. Pagination continues from the end of the previous results that
 	// returned the nextToken value. This value is null when there are no more results
 	// to return. This option cannot be used when you specify repositories with
-	// repositoryNames. This token should be treated as an opaque identifier that is
+	// repositoryNames . This token should be treated as an opaque identifier that is
 	// only used to retrieve the next items in a list and not for other programmatic
 	// purposes.
 	NextToken *string
@@ -65,7 +70,7 @@ type DescribeRepositoriesInput struct {
 type DescribeRepositoriesOutput struct {
 
 	// The nextToken value to include in a future DescribeRepositories request. When
-	// the results of a DescribeRepositories request exceed maxResults, this value can
+	// the results of a DescribeRepositories request exceed maxResults , this value can
 	// be used to retrieve the next page of results. This value is null when there are
 	// no more results to return.
 	NextToken *string
@@ -88,6 +93,9 @@ func (c *Client) addOperationDescribeRepositoriesMiddlewares(stack *middleware.S
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -115,7 +123,7 @@ func (c *Client) addOperationDescribeRepositoriesMiddlewares(stack *middleware.S
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -124,9 +132,15 @@ func (c *Client) addOperationDescribeRepositoriesMiddlewares(stack *middleware.S
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addDescribeRepositoriesResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opDescribeRepositories(options.Region), middleware.Before); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addRequestIDRetrieverMiddleware(stack); err != nil {
 		return err
 	}
@@ -136,6 +150,9 @@ func (c *Client) addOperationDescribeRepositoriesMiddlewares(stack *middleware.S
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -151,13 +168,14 @@ var _ DescribeRepositoriesAPIClient = (*Client)(nil)
 // DescribeRepositories
 type DescribeRepositoriesPaginatorOptions struct {
 	// The maximum number of repository results returned by DescribeRepositories in
-	// paginated output. When this parameter is used, DescribeRepositories only returns
-	// maxResults results in a single page along with a nextToken response element. The
-	// remaining results of the initial request can be seen by sending another
-	// DescribeRepositories request with the returned nextToken value. This value can
-	// be between 1 and 1000. If this parameter is not used, then DescribeRepositories
-	// returns up to 100 results and a nextToken value, if applicable. This option
-	// cannot be used when you specify repositories with repositoryNames.
+	// paginated output. When this parameter is used, DescribeRepositories only
+	// returns maxResults results in a single page along with a nextToken response
+	// element. The remaining results of the initial request can be seen by sending
+	// another DescribeRepositories request with the returned nextToken value. This
+	// value can be between 1 and 1000. If this parameter is not used, then
+	// DescribeRepositories returns up to 100 results and a nextToken value, if
+	// applicable. This option cannot be used when you specify repositories with
+	// repositoryNames .
 	Limit int32
 
 	// Set to true if pagination should stop if the service returns a pagination token
@@ -245,3 +263,126 @@ func newServiceMetadataMiddleware_opDescribeRepositories(region string) *awsmidd
 		OperationName: "DescribeRepositories",
 	}
 }
+
+type opDescribeRepositoriesResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opDescribeRepositoriesResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opDescribeRepositoriesResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addDescribeRepositoriesResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opDescribeRepositoriesResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_GetAuthorizationToken.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_GetAuthorizationToken.go
index 4d6dfbbd6..f630eef05 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_GetAuthorizationToken.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_GetAuthorizationToken.go
@@ -4,9 +4,14 @@ package ecr
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
 	"github.com/aws/aws-sdk-go-v2/service/ecr/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -17,8 +22,7 @@ import (
 // hours. The authorizationToken returned is a base64 encoded string that can be
 // decoded and used in a docker login command to authenticate to a registry. The
 // CLI offers an get-login-password command that simplifies the login process. For
-// more information, see Registry authentication
-// (https://docs.aws.amazon.com/AmazonECR/latest/userguide/Registries.html#registry_auth)
+// more information, see Registry authentication (https://docs.aws.amazon.com/AmazonECR/latest/userguide/Registries.html#registry_auth)
 // in the Amazon Elastic Container Registry User Guide.
 func (c *Client) GetAuthorizationToken(ctx context.Context, params *GetAuthorizationTokenInput, optFns ...func(*Options)) (*GetAuthorizationTokenOutput, error) {
 	if params == nil {
@@ -71,6 +75,9 @@ func (c *Client) addOperationGetAuthorizationTokenMiddlewares(stack *middleware.
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -98,7 +105,7 @@ func (c *Client) addOperationGetAuthorizationTokenMiddlewares(stack *middleware.
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -107,9 +114,15 @@ func (c *Client) addOperationGetAuthorizationTokenMiddlewares(stack *middleware.
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addGetAuthorizationTokenResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opGetAuthorizationToken(options.Region), middleware.Before); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addRequestIDRetrieverMiddleware(stack); err != nil {
 		return err
 	}
@@ -119,6 +132,9 @@ func (c *Client) addOperationGetAuthorizationTokenMiddlewares(stack *middleware.
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -130,3 +146,126 @@ func newServiceMetadataMiddleware_opGetAuthorizationToken(region string) *awsmid
 		OperationName: "GetAuthorizationToken",
 	}
 }
+
+type opGetAuthorizationTokenResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opGetAuthorizationTokenResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opGetAuthorizationTokenResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addGetAuthorizationTokenResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opGetAuthorizationTokenResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_GetDownloadUrlForLayer.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_GetDownloadUrlForLayer.go
index 82b584fe3..26bb7b9f5 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_GetDownloadUrlForLayer.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_GetDownloadUrlForLayer.go
@@ -4,17 +4,22 @@ package ecr
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
 
-// Retrieves the pre-signed Amazon S3 download URL corresponding to an image layer.
-// You can only get URLs for image layers that are referenced in an image. When an
-// image is pulled, the GetDownloadUrlForLayer API is called once per image layer
-// that is not already cached. This operation is used by the Amazon ECR proxy and
-// is not generally used by customers for pulling and pushing images. In most
+// Retrieves the pre-signed Amazon S3 download URL corresponding to an image
+// layer. You can only get URLs for image layers that are referenced in an image.
+// When an image is pulled, the GetDownloadUrlForLayer API is called once per image
+// layer that is not already cached. This operation is used by the Amazon ECR proxy
+// and is not generally used by customers for pulling and pushing images. In most
 // cases, you should use the docker CLI to pull, tag, and push images.
 func (c *Client) GetDownloadUrlForLayer(ctx context.Context, params *GetDownloadUrlForLayerInput, optFns ...func(*Options)) (*GetDownloadUrlForLayerOutput, error) {
 	if params == nil {
@@ -74,6 +79,9 @@ func (c *Client) addOperationGetDownloadUrlForLayerMiddlewares(stack *middleware
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -101,7 +109,7 @@ func (c *Client) addOperationGetDownloadUrlForLayerMiddlewares(stack *middleware
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -110,12 +118,18 @@ func (c *Client) addOperationGetDownloadUrlForLayerMiddlewares(stack *middleware
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addGetDownloadUrlForLayerResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpGetDownloadUrlForLayerValidationMiddleware(stack); err != nil {
 		return err
 	}
 	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opGetDownloadUrlForLayer(options.Region), middleware.Before); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addRequestIDRetrieverMiddleware(stack); err != nil {
 		return err
 	}
@@ -125,6 +139,9 @@ func (c *Client) addOperationGetDownloadUrlForLayerMiddlewares(stack *middleware
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -136,3 +153,126 @@ func newServiceMetadataMiddleware_opGetDownloadUrlForLayer(region string) *awsmi
 		OperationName: "GetDownloadUrlForLayer",
 	}
 }
+
+type opGetDownloadUrlForLayerResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opGetDownloadUrlForLayerResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opGetDownloadUrlForLayerResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addGetDownloadUrlForLayerResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opGetDownloadUrlForLayerResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_GetLifecyclePolicy.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_GetLifecyclePolicy.go
index 76e8a061c..ee6b4b6f6 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_GetLifecyclePolicy.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_GetLifecyclePolicy.go
@@ -4,8 +4,13 @@ package ecr
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 	"time"
@@ -71,6 +76,9 @@ func (c *Client) addOperationGetLifecyclePolicyMiddlewares(stack *middleware.Sta
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -98,7 +106,7 @@ func (c *Client) addOperationGetLifecyclePolicyMiddlewares(stack *middleware.Sta
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -107,12 +115,18 @@ func (c *Client) addOperationGetLifecyclePolicyMiddlewares(stack *middleware.Sta
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addGetLifecyclePolicyResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpGetLifecyclePolicyValidationMiddleware(stack); err != nil {
 		return err
 	}
 	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opGetLifecyclePolicy(options.Region), middleware.Before); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addRequestIDRetrieverMiddleware(stack); err != nil {
 		return err
 	}
@@ -122,6 +136,9 @@ func (c *Client) addOperationGetLifecyclePolicyMiddlewares(stack *middleware.Sta
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -133,3 +150,126 @@ func newServiceMetadataMiddleware_opGetLifecyclePolicy(region string) *awsmiddle
 		OperationName: "GetLifecyclePolicy",
 	}
 }
+
+type opGetLifecyclePolicyResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opGetLifecyclePolicyResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opGetLifecyclePolicyResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addGetLifecyclePolicyResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opGetLifecyclePolicyResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_GetLifecyclePolicyPreview.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_GetLifecyclePolicyPreview.go
index 5114fd1b0..5de6abc4f 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_GetLifecyclePolicyPreview.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_GetLifecyclePolicyPreview.go
@@ -4,10 +4,14 @@ package ecr
 
 import (
 	"context"
+	"errors"
 	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
 	"github.com/aws/aws-sdk-go-v2/service/ecr/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithytime "github.com/aws/smithy-go/time"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
@@ -50,13 +54,13 @@ type GetLifecyclePolicyPreviewInput struct {
 	// The maximum number of repository results returned by
 	// GetLifecyclePolicyPreviewRequest in
 paginated output. When this parameter is
 	// used, GetLifecyclePolicyPreviewRequest only returns
 maxResults results in a
-	// single page along with a nextToken
 response element. The remaining results of
+	// single page along with a nextToken 
 response element. The remaining results of
 	// the initial request can be seen by sending
 another
-	// GetLifecyclePolicyPreviewRequest request with the returned nextToken
 value.
+	// GetLifecyclePolicyPreviewRequest request with the returned nextToken 
 value.
 	// This value can be between 1 and 1000. If this
 parameter is not used, then
 	// GetLifecyclePolicyPreviewRequest returns up to
 100 results and a nextToken
 	// value, if
 applicable. This option cannot be used when you specify images with
-	// imageIds.
+	// imageIds .
 	MaxResults *int32
 
 	// The nextToken value returned from a previous paginated
@@ -64,7 +68,7 @@ type GetLifecyclePolicyPreviewInput struct {
 	// results exceeded the value of that parameter. Pagination continues from the end
 	// of the
 previous results that returned the nextToken value. This value is
 null
 	// when there are no more results to return. This option cannot be used when you
-	// specify images with imageIds.
+	// specify images with imageIds .
 	NextToken *string
 
 	// The Amazon Web Services account ID associated with the registry that contains
@@ -81,7 +85,7 @@ type GetLifecyclePolicyPreviewOutput struct {
 	LifecyclePolicyText *string
 
 	// The nextToken value to include in a future GetLifecyclePolicyPreview request.
-	// When the results of a GetLifecyclePolicyPreview request exceed maxResults, this
+	// When the results of a GetLifecyclePolicyPreview request exceed maxResults , this
 	// value can be used to retrieve the next page of results. This value is null when
 	// there are no more results to return.
 	NextToken *string
@@ -116,6 +120,9 @@ func (c *Client) addOperationGetLifecyclePolicyPreviewMiddlewares(stack *middlew
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -143,7 +150,7 @@ func (c *Client) addOperationGetLifecyclePolicyPreviewMiddlewares(stack *middlew
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -152,12 +159,18 @@ func (c *Client) addOperationGetLifecyclePolicyPreviewMiddlewares(stack *middlew
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addGetLifecyclePolicyPreviewResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpGetLifecyclePolicyPreviewValidationMiddleware(stack); err != nil {
 		return err
 	}
 	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opGetLifecyclePolicyPreview(options.Region), middleware.Before); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addRequestIDRetrieverMiddleware(stack); err != nil {
 		return err
 	}
@@ -167,6 +180,9 @@ func (c *Client) addOperationGetLifecyclePolicyPreviewMiddlewares(stack *middlew
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -184,13 +200,13 @@ type GetLifecyclePolicyPreviewPaginatorOptions struct {
 	// The maximum number of repository results returned by
 	// GetLifecyclePolicyPreviewRequest in
 paginated output. When this parameter is
 	// used, GetLifecyclePolicyPreviewRequest only returns
 maxResults results in a
-	// single page along with a nextToken
 response element. The remaining results of
+	// single page along with a nextToken 
 response element. The remaining results of
 	// the initial request can be seen by sending
 another
-	// GetLifecyclePolicyPreviewRequest request with the returned nextToken
 value.
+	// GetLifecyclePolicyPreviewRequest request with the returned nextToken 
 value.
 	// This value can be between 1 and 1000. If this
 parameter is not used, then
 	// GetLifecyclePolicyPreviewRequest returns up to
 100 results and a nextToken
 	// value, if
 applicable. This option cannot be used when you specify images with
-	// imageIds.
+	// imageIds .
 	Limit int32
 
 	// Set to true if pagination should stop if the service returns a pagination token
@@ -286,10 +302,10 @@ type LifecyclePolicyPreviewCompleteWaiterOptions struct {
 	// MaxDelay.
 	MinDelay time.Duration
 
-	// MaxDelay is the maximum amount of time to delay between retries. If unset or set
-	// to zero, LifecyclePolicyPreviewCompleteWaiter will use default max delay of 120
-	// seconds. Note that MaxDelay must resolve to value greater than or equal to the
-	// MinDelay.
+	// MaxDelay is the maximum amount of time to delay between retries. If unset or
+	// set to zero, LifecyclePolicyPreviewCompleteWaiter will use default max delay of
+	// 120 seconds. Note that MaxDelay must resolve to value greater than or equal to
+	// the MinDelay.
 	MaxDelay time.Duration
 
 	// LogWaitAttempts is used to enable logging for waiter retry attempts
@@ -461,3 +477,126 @@ func newServiceMetadataMiddleware_opGetLifecyclePolicyPreview(region string) *aw
 		OperationName: "GetLifecyclePolicyPreview",
 	}
 }
+
+type opGetLifecyclePolicyPreviewResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opGetLifecyclePolicyPreviewResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opGetLifecyclePolicyPreviewResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addGetLifecyclePolicyPreviewResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opGetLifecyclePolicyPreviewResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_GetRegistryPolicy.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_GetRegistryPolicy.go
index b9086f937..23c0a5788 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_GetRegistryPolicy.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_GetRegistryPolicy.go
@@ -4,8 +4,13 @@ package ecr
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -53,6 +58,9 @@ func (c *Client) addOperationGetRegistryPolicyMiddlewares(stack *middleware.Stac
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -80,7 +88,7 @@ func (c *Client) addOperationGetRegistryPolicyMiddlewares(stack *middleware.Stac
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -89,9 +97,15 @@ func (c *Client) addOperationGetRegistryPolicyMiddlewares(stack *middleware.Stac
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addGetRegistryPolicyResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opGetRegistryPolicy(options.Region), middleware.Before); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addRequestIDRetrieverMiddleware(stack); err != nil {
 		return err
 	}
@@ -101,6 +115,9 @@ func (c *Client) addOperationGetRegistryPolicyMiddlewares(stack *middleware.Stac
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -112,3 +129,126 @@ func newServiceMetadataMiddleware_opGetRegistryPolicy(region string) *awsmiddlew
 		OperationName: "GetRegistryPolicy",
 	}
 }
+
+type opGetRegistryPolicyResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opGetRegistryPolicyResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opGetRegistryPolicyResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addGetRegistryPolicyResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opGetRegistryPolicyResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_GetRegistryScanningConfiguration.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_GetRegistryScanningConfiguration.go
index 07f5e4dc3..822c88c09 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_GetRegistryScanningConfiguration.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_GetRegistryScanningConfiguration.go
@@ -4,9 +4,14 @@ package ecr
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
 	"github.com/aws/aws-sdk-go-v2/service/ecr/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -54,6 +59,9 @@ func (c *Client) addOperationGetRegistryScanningConfigurationMiddlewares(stack *
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -81,7 +89,7 @@ func (c *Client) addOperationGetRegistryScanningConfigurationMiddlewares(stack *
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -90,9 +98,15 @@ func (c *Client) addOperationGetRegistryScanningConfigurationMiddlewares(stack *
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addGetRegistryScanningConfigurationResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opGetRegistryScanningConfiguration(options.Region), middleware.Before); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addRequestIDRetrieverMiddleware(stack); err != nil {
 		return err
 	}
@@ -102,6 +116,9 @@ func (c *Client) addOperationGetRegistryScanningConfigurationMiddlewares(stack *
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -113,3 +130,126 @@ func newServiceMetadataMiddleware_opGetRegistryScanningConfiguration(region stri
 		OperationName: "GetRegistryScanningConfiguration",
 	}
 }
+
+type opGetRegistryScanningConfigurationResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opGetRegistryScanningConfigurationResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opGetRegistryScanningConfigurationResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addGetRegistryScanningConfigurationResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opGetRegistryScanningConfigurationResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_GetRepositoryPolicy.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_GetRepositoryPolicy.go
index 15a292ad6..f5c6bb624 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_GetRepositoryPolicy.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_GetRepositoryPolicy.go
@@ -4,8 +4,13 @@ package ecr
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -67,6 +72,9 @@ func (c *Client) addOperationGetRepositoryPolicyMiddlewares(stack *middleware.St
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -94,7 +102,7 @@ func (c *Client) addOperationGetRepositoryPolicyMiddlewares(stack *middleware.St
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -103,12 +111,18 @@ func (c *Client) addOperationGetRepositoryPolicyMiddlewares(stack *middleware.St
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addGetRepositoryPolicyResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpGetRepositoryPolicyValidationMiddleware(stack); err != nil {
 		return err
 	}
 	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opGetRepositoryPolicy(options.Region), middleware.Before); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addRequestIDRetrieverMiddleware(stack); err != nil {
 		return err
 	}
@@ -118,6 +132,9 @@ func (c *Client) addOperationGetRepositoryPolicyMiddlewares(stack *middleware.St
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -129,3 +146,126 @@ func newServiceMetadataMiddleware_opGetRepositoryPolicy(region string) *awsmiddl
 		OperationName: "GetRepositoryPolicy",
 	}
 }
+
+type opGetRepositoryPolicyResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opGetRepositoryPolicyResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opGetRepositoryPolicyResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addGetRepositoryPolicyResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opGetRepositoryPolicyResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_InitiateLayerUpload.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_InitiateLayerUpload.go
index d700d833f..dba5e3cce 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_InitiateLayerUpload.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_InitiateLayerUpload.go
@@ -4,8 +4,13 @@ package ecr
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -71,6 +76,9 @@ func (c *Client) addOperationInitiateLayerUploadMiddlewares(stack *middleware.St
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -98,7 +106,7 @@ func (c *Client) addOperationInitiateLayerUploadMiddlewares(stack *middleware.St
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -107,12 +115,18 @@ func (c *Client) addOperationInitiateLayerUploadMiddlewares(stack *middleware.St
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addInitiateLayerUploadResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpInitiateLayerUploadValidationMiddleware(stack); err != nil {
 		return err
 	}
 	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opInitiateLayerUpload(options.Region), middleware.Before); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addRequestIDRetrieverMiddleware(stack); err != nil {
 		return err
 	}
@@ -122,6 +136,9 @@ func (c *Client) addOperationInitiateLayerUploadMiddlewares(stack *middleware.St
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -133,3 +150,126 @@ func newServiceMetadataMiddleware_opInitiateLayerUpload(region string) *awsmiddl
 		OperationName: "InitiateLayerUpload",
 	}
 }
+
+type opInitiateLayerUploadResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opInitiateLayerUploadResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opInitiateLayerUploadResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addInitiateLayerUploadResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opInitiateLayerUploadResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_ListImages.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_ListImages.go
index b3d096d5b..785e83adc 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_ListImages.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_ListImages.go
@@ -4,17 +4,21 @@ package ecr
 
 import (
 	"context"
+	"errors"
 	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
 	"github.com/aws/aws-sdk-go-v2/service/ecr/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
 
 // Lists all the image IDs for the specified repository. You can filter images
 // based on whether or not they are tagged by using the tagStatus filter and
-// specifying either TAGGED, UNTAGGED or ANY. For example, you can filter your
+// specifying either TAGGED , UNTAGGED or ANY . For example, you can filter your
 // results to return only UNTAGGED images and then pipe that result to a
 // BatchDeleteImage operation to delete them. Or, you can filter your results to
 // return only TAGGED images to list all of the tags in your repository.
@@ -74,7 +78,7 @@ type ListImagesOutput struct {
 	ImageIds []types.ImageIdentifier
 
 	// The nextToken value to include in a future ListImages request. When the results
-	// of a ListImages request exceed maxResults, this value can be used to retrieve
+	// of a ListImages request exceed maxResults , this value can be used to retrieve
 	// the next page of results. This value is null when there are no more results to
 	// return.
 	NextToken *string
@@ -94,6 +98,9 @@ func (c *Client) addOperationListImagesMiddlewares(stack *middleware.Stack, opti
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -121,7 +128,7 @@ func (c *Client) addOperationListImagesMiddlewares(stack *middleware.Stack, opti
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -130,12 +137,18 @@ func (c *Client) addOperationListImagesMiddlewares(stack *middleware.Stack, opti
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addListImagesResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpListImagesValidationMiddleware(stack); err != nil {
 		return err
 	}
 	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opListImages(options.Region), middleware.Before); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addRequestIDRetrieverMiddleware(stack); err != nil {
 		return err
 	}
@@ -145,6 +158,9 @@ func (c *Client) addOperationListImagesMiddlewares(stack *middleware.Stack, opti
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -251,3 +267,126 @@ func newServiceMetadataMiddleware_opListImages(region string) *awsmiddleware.Reg
 		OperationName: "ListImages",
 	}
 }
+
+type opListImagesResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opListImagesResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opListImagesResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addListImagesResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opListImagesResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_ListTagsForResource.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_ListTagsForResource.go
index 91a372fe5..80147049f 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_ListTagsForResource.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_ListTagsForResource.go
@@ -4,9 +4,14 @@ package ecr
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
 	"github.com/aws/aws-sdk-go-v2/service/ecr/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -58,6 +63,9 @@ func (c *Client) addOperationListTagsForResourceMiddlewares(stack *middleware.St
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -85,7 +93,7 @@ func (c *Client) addOperationListTagsForResourceMiddlewares(stack *middleware.St
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -94,12 +102,18 @@ func (c *Client) addOperationListTagsForResourceMiddlewares(stack *middleware.St
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addListTagsForResourceResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpListTagsForResourceValidationMiddleware(stack); err != nil {
 		return err
 	}
 	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opListTagsForResource(options.Region), middleware.Before); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addRequestIDRetrieverMiddleware(stack); err != nil {
 		return err
 	}
@@ -109,6 +123,9 @@ func (c *Client) addOperationListTagsForResourceMiddlewares(stack *middleware.St
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -120,3 +137,126 @@ func newServiceMetadataMiddleware_opListTagsForResource(region string) *awsmiddl
 		OperationName: "ListTagsForResource",
 	}
 }
+
+type opListTagsForResourceResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opListTagsForResourceResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opListTagsForResourceResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addListTagsForResourceResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opListTagsForResourceResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_PutImage.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_PutImage.go
index 631a9b408..104ac9d2e 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_PutImage.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_PutImage.go
@@ -4,19 +4,24 @@ package ecr
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
 	"github.com/aws/aws-sdk-go-v2/service/ecr/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
 
-// Creates or updates the image manifest and tags associated with an image. When an
-// image is pushed and all new image layers have been uploaded, the PutImage API is
-// called once to create or update the image manifest and the tags associated with
-// the image. This operation is used by the Amazon ECR proxy and is not generally
-// used by customers for pulling and pushing images. In most cases, you should use
-// the docker CLI to pull, tag, and push images.
+// Creates or updates the image manifest and tags associated with an image. When
+// an image is pushed and all new image layers have been uploaded, the PutImage API
+// is called once to create or update the image manifest and the tags associated
+// with the image. This operation is used by the Amazon ECR proxy and is not
+// generally used by customers for pulling and pushing images. In most cases, you
+// should use the docker CLI to pull, tag, and push images.
 func (c *Client) PutImage(ctx context.Context, params *PutImageInput, optFns ...func(*Options)) (*PutImageOutput, error) {
 	if params == nil {
 		params = &PutImageInput{}
@@ -85,6 +90,9 @@ func (c *Client) addOperationPutImageMiddlewares(stack *middleware.Stack, option
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -112,7 +120,7 @@ func (c *Client) addOperationPutImageMiddlewares(stack *middleware.Stack, option
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -121,12 +129,18 @@ func (c *Client) addOperationPutImageMiddlewares(stack *middleware.Stack, option
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addPutImageResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpPutImageValidationMiddleware(stack); err != nil {
 		return err
 	}
 	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opPutImage(options.Region), middleware.Before); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addRequestIDRetrieverMiddleware(stack); err != nil {
 		return err
 	}
@@ -136,6 +150,9 @@ func (c *Client) addOperationPutImageMiddlewares(stack *middleware.Stack, option
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -147,3 +164,126 @@ func newServiceMetadataMiddleware_opPutImage(region string) *awsmiddleware.Regis
 		OperationName: "PutImage",
 	}
 }
+
+type opPutImageResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opPutImageResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opPutImageResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addPutImageResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opPutImageResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_PutImageScanningConfiguration.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_PutImageScanningConfiguration.go
index 74d8fe456..cd0dd68d7 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_PutImageScanningConfiguration.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_PutImageScanningConfiguration.go
@@ -4,16 +4,21 @@ package ecr
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
 	"github.com/aws/aws-sdk-go-v2/service/ecr/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
 
 // The PutImageScanningConfiguration API is being deprecated, in favor of
 // specifying the image scanning configuration at the registry level. For more
-// information, see PutRegistryScanningConfiguration. Updates the image scanning
+// information, see PutRegistryScanningConfiguration . Updates the image scanning
 // configuration for the specified repository.
 func (c *Client) PutImageScanningConfiguration(ctx context.Context, params *PutImageScanningConfigurationInput, optFns ...func(*Options)) (*PutImageScanningConfigurationOutput, error) {
 	if params == nil {
@@ -79,6 +84,9 @@ func (c *Client) addOperationPutImageScanningConfigurationMiddlewares(stack *mid
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -106,7 +114,7 @@ func (c *Client) addOperationPutImageScanningConfigurationMiddlewares(stack *mid
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -115,12 +123,18 @@ func (c *Client) addOperationPutImageScanningConfigurationMiddlewares(stack *mid
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addPutImageScanningConfigurationResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpPutImageScanningConfigurationValidationMiddleware(stack); err != nil {
 		return err
 	}
 	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opPutImageScanningConfiguration(options.Region), middleware.Before); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addRequestIDRetrieverMiddleware(stack); err != nil {
 		return err
 	}
@@ -130,6 +144,9 @@ func (c *Client) addOperationPutImageScanningConfigurationMiddlewares(stack *mid
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -141,3 +158,126 @@ func newServiceMetadataMiddleware_opPutImageScanningConfiguration(region string)
 		OperationName: "PutImageScanningConfiguration",
 	}
 }
+
+type opPutImageScanningConfigurationResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opPutImageScanningConfigurationResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opPutImageScanningConfigurationResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addPutImageScanningConfigurationResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opPutImageScanningConfigurationResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_PutImageTagMutability.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_PutImageTagMutability.go
index 5e42488a1..4e0ed7e17 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_PutImageTagMutability.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_PutImageTagMutability.go
@@ -4,16 +4,20 @@ package ecr
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
 	"github.com/aws/aws-sdk-go-v2/service/ecr/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
 
-// Updates the image tag mutability settings for the specified repository. For more
-// information, see Image tag mutability
-// (https://docs.aws.amazon.com/AmazonECR/latest/userguide/image-tag-mutability.html)
+// Updates the image tag mutability settings for the specified repository. For
+// more information, see Image tag mutability (https://docs.aws.amazon.com/AmazonECR/latest/userguide/image-tag-mutability.html)
 // in the Amazon Elastic Container Registry User Guide.
 func (c *Client) PutImageTagMutability(ctx context.Context, params *PutImageTagMutabilityInput, optFns ...func(*Options)) (*PutImageTagMutabilityOutput, error) {
 	if params == nil {
@@ -78,6 +82,9 @@ func (c *Client) addOperationPutImageTagMutabilityMiddlewares(stack *middleware.
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -105,7 +112,7 @@ func (c *Client) addOperationPutImageTagMutabilityMiddlewares(stack *middleware.
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -114,12 +121,18 @@ func (c *Client) addOperationPutImageTagMutabilityMiddlewares(stack *middleware.
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addPutImageTagMutabilityResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpPutImageTagMutabilityValidationMiddleware(stack); err != nil {
 		return err
 	}
 	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opPutImageTagMutability(options.Region), middleware.Before); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addRequestIDRetrieverMiddleware(stack); err != nil {
 		return err
 	}
@@ -129,6 +142,9 @@ func (c *Client) addOperationPutImageTagMutabilityMiddlewares(stack *middleware.
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -140,3 +156,126 @@ func newServiceMetadataMiddleware_opPutImageTagMutability(region string) *awsmid
 		OperationName: "PutImageTagMutability",
 	}
 }
+
+type opPutImageTagMutabilityResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opPutImageTagMutabilityResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opPutImageTagMutabilityResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addPutImageTagMutabilityResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opPutImageTagMutabilityResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_PutLifecyclePolicy.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_PutLifecyclePolicy.go
index 782382eef..e1d71358d 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_PutLifecyclePolicy.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_PutLifecyclePolicy.go
@@ -4,15 +4,20 @@ package ecr
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
 
 // Creates or updates the lifecycle policy for the specified repository. For more
-// information, see Lifecycle policy template
-// (https://docs.aws.amazon.com/AmazonECR/latest/userguide/LifecyclePolicies.html).
+// information, see Lifecycle policy template (https://docs.aws.amazon.com/AmazonECR/latest/userguide/LifecyclePolicies.html)
+// .
 func (c *Client) PutLifecyclePolicy(ctx context.Context, params *PutLifecyclePolicyInput, optFns ...func(*Options)) (*PutLifecyclePolicyOutput, error) {
 	if params == nil {
 		params = &PutLifecyclePolicyInput{}
@@ -74,6 +79,9 @@ func (c *Client) addOperationPutLifecyclePolicyMiddlewares(stack *middleware.Sta
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -101,7 +109,7 @@ func (c *Client) addOperationPutLifecyclePolicyMiddlewares(stack *middleware.Sta
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -110,12 +118,18 @@ func (c *Client) addOperationPutLifecyclePolicyMiddlewares(stack *middleware.Sta
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addPutLifecyclePolicyResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpPutLifecyclePolicyValidationMiddleware(stack); err != nil {
 		return err
 	}
 	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opPutLifecyclePolicy(options.Region), middleware.Before); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addRequestIDRetrieverMiddleware(stack); err != nil {
 		return err
 	}
@@ -125,6 +139,9 @@ func (c *Client) addOperationPutLifecyclePolicyMiddlewares(stack *middleware.Sta
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -136,3 +153,126 @@ func newServiceMetadataMiddleware_opPutLifecyclePolicy(region string) *awsmiddle
 		OperationName: "PutLifecyclePolicy",
 	}
 }
+
+type opPutLifecyclePolicyResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opPutLifecyclePolicyResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opPutLifecyclePolicyResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addPutLifecyclePolicyResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opPutLifecyclePolicyResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_PutRegistryPolicy.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_PutRegistryPolicy.go
index b253e0e0f..bbbba9764 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_PutRegistryPolicy.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_PutRegistryPolicy.go
@@ -4,8 +4,13 @@ package ecr
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -13,8 +18,7 @@ import (
 // Creates or updates the permissions policy for your registry. A registry policy
 // is used to specify permissions for another Amazon Web Services account and is
 // used when configuring cross-account replication. For more information, see
-// Registry permissions
-// (https://docs.aws.amazon.com/AmazonECR/latest/userguide/registry-permissions.html)
+// Registry permissions (https://docs.aws.amazon.com/AmazonECR/latest/userguide/registry-permissions.html)
 // in the Amazon Elastic Container Registry User Guide.
 func (c *Client) PutRegistryPolicy(ctx context.Context, params *PutRegistryPolicyInput, optFns ...func(*Options)) (*PutRegistryPolicyOutput, error) {
 	if params == nil {
@@ -33,9 +37,8 @@ func (c *Client) PutRegistryPolicy(ctx context.Context, params *PutRegistryPolic
 
 type PutRegistryPolicyInput struct {
 
-	// The JSON policy text to apply to your registry. The policy text follows the same
-	// format as IAM policy text. For more information, see Registry permissions
-	// (https://docs.aws.amazon.com/AmazonECR/latest/userguide/registry-permissions.html)
+	// The JSON policy text to apply to your registry. The policy text follows the
+	// same format as IAM policy text. For more information, see Registry permissions (https://docs.aws.amazon.com/AmazonECR/latest/userguide/registry-permissions.html)
 	// in the Amazon Elastic Container Registry User Guide.
 	//
 	// This member is required.
@@ -67,6 +70,9 @@ func (c *Client) addOperationPutRegistryPolicyMiddlewares(stack *middleware.Stac
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -94,7 +100,7 @@ func (c *Client) addOperationPutRegistryPolicyMiddlewares(stack *middleware.Stac
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -103,12 +109,18 @@ func (c *Client) addOperationPutRegistryPolicyMiddlewares(stack *middleware.Stac
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addPutRegistryPolicyResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpPutRegistryPolicyValidationMiddleware(stack); err != nil {
 		return err
 	}
 	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opPutRegistryPolicy(options.Region), middleware.Before); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addRequestIDRetrieverMiddleware(stack); err != nil {
 		return err
 	}
@@ -118,6 +130,9 @@ func (c *Client) addOperationPutRegistryPolicyMiddlewares(stack *middleware.Stac
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -129,3 +144,126 @@ func newServiceMetadataMiddleware_opPutRegistryPolicy(region string) *awsmiddlew
 		OperationName: "PutRegistryPolicy",
 	}
 }
+
+type opPutRegistryPolicyResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opPutRegistryPolicyResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opPutRegistryPolicyResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addPutRegistryPolicyResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opPutRegistryPolicyResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_PutRegistryScanningConfiguration.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_PutRegistryScanningConfiguration.go
index fe20cf376..7261c89af 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_PutRegistryScanningConfiguration.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_PutRegistryScanningConfiguration.go
@@ -4,9 +4,14 @@ package ecr
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
 	"github.com/aws/aws-sdk-go-v2/service/ecr/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -29,13 +34,14 @@ func (c *Client) PutRegistryScanningConfiguration(ctx context.Context, params *P
 
 type PutRegistryScanningConfigurationInput struct {
 
-	// The scanning rules to use for the registry. A scanning rule is used to determine
-	// which repository filters are used and at what frequency scanning will occur.
+	// The scanning rules to use for the registry. A scanning rule is used to
+	// determine which repository filters are used and at what frequency scanning will
+	// occur.
 	Rules []types.RegistryScanningRule
 
 	// The scanning type to set for the registry. When a registry scanning
-	// configuration is not defined, by default the BASIC scan type is used. When basic
-	// scanning is used, you may specify filters to determine which individual
+	// configuration is not defined, by default the BASIC scan type is used. When
+	// basic scanning is used, you may specify filters to determine which individual
 	// repositories, or all repositories, are scanned when new images are pushed to
 	// those repositories. Alternatively, you can do manual scans of images with basic
 	// scanning. When the ENHANCED scan type is set, Amazon Inspector provides
@@ -67,6 +73,9 @@ func (c *Client) addOperationPutRegistryScanningConfigurationMiddlewares(stack *
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -94,7 +103,7 @@ func (c *Client) addOperationPutRegistryScanningConfigurationMiddlewares(stack *
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -103,12 +112,18 @@ func (c *Client) addOperationPutRegistryScanningConfigurationMiddlewares(stack *
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addPutRegistryScanningConfigurationResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpPutRegistryScanningConfigurationValidationMiddleware(stack); err != nil {
 		return err
 	}
 	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opPutRegistryScanningConfiguration(options.Region), middleware.Before); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addRequestIDRetrieverMiddleware(stack); err != nil {
 		return err
 	}
@@ -118,6 +133,9 @@ func (c *Client) addOperationPutRegistryScanningConfigurationMiddlewares(stack *
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -129,3 +147,126 @@ func newServiceMetadataMiddleware_opPutRegistryScanningConfiguration(region stri
 		OperationName: "PutRegistryScanningConfiguration",
 	}
 }
+
+type opPutRegistryScanningConfigurationResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opPutRegistryScanningConfigurationResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opPutRegistryScanningConfigurationResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addPutRegistryScanningConfigurationResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opPutRegistryScanningConfigurationResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_PutReplicationConfiguration.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_PutReplicationConfiguration.go
index e8e84df6e..dc230e812 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_PutReplicationConfiguration.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_PutReplicationConfiguration.go
@@ -4,9 +4,14 @@ package ecr
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
 	"github.com/aws/aws-sdk-go-v2/service/ecr/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -16,12 +21,11 @@ import (
 // DescribeRegistry API action. The first time the PutReplicationConfiguration API
 // is called, a service-linked IAM role is created in your account for the
 // replication process. For more information, see Using service-linked roles for
-// Amazon ECR
-// (https://docs.aws.amazon.com/AmazonECR/latest/userguide/using-service-linked-roles.html)
+// Amazon ECR (https://docs.aws.amazon.com/AmazonECR/latest/userguide/using-service-linked-roles.html)
 // in the Amazon Elastic Container Registry User Guide. When configuring
 // cross-account replication, the destination account must grant the source account
 // permission to replicate. This permission is controlled using a registry
-// permissions policy. For more information, see PutRegistryPolicy.
+// permissions policy. For more information, see PutRegistryPolicy .
 func (c *Client) PutReplicationConfiguration(ctx context.Context, params *PutReplicationConfigurationInput, optFns ...func(*Options)) (*PutReplicationConfigurationOutput, error) {
 	if params == nil {
 		params = &PutReplicationConfigurationInput{}
@@ -67,6 +71,9 @@ func (c *Client) addOperationPutReplicationConfigurationMiddlewares(stack *middl
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -94,7 +101,7 @@ func (c *Client) addOperationPutReplicationConfigurationMiddlewares(stack *middl
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -103,12 +110,18 @@ func (c *Client) addOperationPutReplicationConfigurationMiddlewares(stack *middl
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addPutReplicationConfigurationResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpPutReplicationConfigurationValidationMiddleware(stack); err != nil {
 		return err
 	}
 	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opPutReplicationConfiguration(options.Region), middleware.Before); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addRequestIDRetrieverMiddleware(stack); err != nil {
 		return err
 	}
@@ -118,6 +131,9 @@ func (c *Client) addOperationPutReplicationConfigurationMiddlewares(stack *middl
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -129,3 +145,126 @@ func newServiceMetadataMiddleware_opPutReplicationConfiguration(region string) *
 		OperationName: "PutReplicationConfiguration",
 	}
 }
+
+type opPutReplicationConfigurationResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opPutReplicationConfigurationResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opPutReplicationConfigurationResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addPutReplicationConfigurationResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opPutReplicationConfigurationResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_SetRepositoryPolicy.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_SetRepositoryPolicy.go
index 1078970c7..209df6c2d 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_SetRepositoryPolicy.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_SetRepositoryPolicy.go
@@ -4,15 +4,19 @@ package ecr
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
 
 // Applies a repository policy to the specified repository to control access
-// permissions. For more information, see Amazon ECR Repository policies
-// (https://docs.aws.amazon.com/AmazonECR/latest/userguide/repository-policies.html)
+// permissions. For more information, see Amazon ECR Repository policies (https://docs.aws.amazon.com/AmazonECR/latest/userguide/repository-policies.html)
 // in the Amazon Elastic Container Registry User Guide.
 func (c *Client) SetRepositoryPolicy(ctx context.Context, params *SetRepositoryPolicyInput, optFns ...func(*Options)) (*SetRepositoryPolicyOutput, error) {
 	if params == nil {
@@ -32,8 +36,7 @@ func (c *Client) SetRepositoryPolicy(ctx context.Context, params *SetRepositoryP
 type SetRepositoryPolicyInput struct {
 
 	// The JSON repository policy text to apply to the repository. For more
-	// information, see Amazon ECR repository policies
-	// (https://docs.aws.amazon.com/AmazonECR/latest/userguide/repository-policy-examples.html)
+	// information, see Amazon ECR repository policies (https://docs.aws.amazon.com/AmazonECR/latest/userguide/repository-policy-examples.html)
 	// in the Amazon Elastic Container Registry User Guide.
 	//
 	// This member is required.
@@ -44,8 +47,8 @@ type SetRepositoryPolicyInput struct {
 	// This member is required.
 	RepositoryName *string
 
-	// If the policy you are attempting to set on a repository policy would prevent you
-	// from setting another policy in the future, you must force the
+	// If the policy you are attempting to set on a repository policy would prevent
+	// you from setting another policy in the future, you must force the
 	// SetRepositoryPolicy operation. This is intended to prevent accidental repository
 	// lock outs.
 	Force bool
@@ -84,6 +87,9 @@ func (c *Client) addOperationSetRepositoryPolicyMiddlewares(stack *middleware.St
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -111,7 +117,7 @@ func (c *Client) addOperationSetRepositoryPolicyMiddlewares(stack *middleware.St
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -120,12 +126,18 @@ func (c *Client) addOperationSetRepositoryPolicyMiddlewares(stack *middleware.St
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addSetRepositoryPolicyResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpSetRepositoryPolicyValidationMiddleware(stack); err != nil {
 		return err
 	}
 	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opSetRepositoryPolicy(options.Region), middleware.Before); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addRequestIDRetrieverMiddleware(stack); err != nil {
 		return err
 	}
@@ -135,6 +147,9 @@ func (c *Client) addOperationSetRepositoryPolicyMiddlewares(stack *middleware.St
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -146,3 +161,126 @@ func newServiceMetadataMiddleware_opSetRepositoryPolicy(region string) *awsmiddl
 		OperationName: "SetRepositoryPolicy",
 	}
 }
+
+type opSetRepositoryPolicyResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opSetRepositoryPolicyResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opSetRepositoryPolicyResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addSetRepositoryPolicyResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opSetRepositoryPolicyResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_StartImageScan.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_StartImageScan.go
index 8a9785f49..b1dc74c73 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_StartImageScan.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_StartImageScan.go
@@ -4,18 +4,22 @@ package ecr
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
 	"github.com/aws/aws-sdk-go-v2/service/ecr/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
 
 // Starts an image vulnerability scan. An image scan can only be started once per
 // 24 hours on an individual image. This limit includes if an image was scanned on
-// initial push. For more information, see Image scanning
-// (https://docs.aws.amazon.com/AmazonECR/latest/userguide/image-scanning.html) in
-// the Amazon Elastic Container Registry User Guide.
+// initial push. For more information, see Image scanning (https://docs.aws.amazon.com/AmazonECR/latest/userguide/image-scanning.html)
+// in the Amazon Elastic Container Registry User Guide.
 func (c *Client) StartImageScan(ctx context.Context, params *StartImageScanInput, optFns ...func(*Options)) (*StartImageScanOutput, error) {
 	if params == nil {
 		params = &StartImageScanInput{}
@@ -80,6 +84,9 @@ func (c *Client) addOperationStartImageScanMiddlewares(stack *middleware.Stack,
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -107,7 +114,7 @@ func (c *Client) addOperationStartImageScanMiddlewares(stack *middleware.Stack,
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -116,12 +123,18 @@ func (c *Client) addOperationStartImageScanMiddlewares(stack *middleware.Stack,
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addStartImageScanResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpStartImageScanValidationMiddleware(stack); err != nil {
 		return err
 	}
 	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opStartImageScan(options.Region), middleware.Before); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addRequestIDRetrieverMiddleware(stack); err != nil {
 		return err
 	}
@@ -131,6 +144,9 @@ func (c *Client) addOperationStartImageScanMiddlewares(stack *middleware.Stack,
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -142,3 +158,126 @@ func newServiceMetadataMiddleware_opStartImageScan(region string) *awsmiddleware
 		OperationName: "StartImageScan",
 	}
 }
+
+type opStartImageScanResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opStartImageScanResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opStartImageScanResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addStartImageScanResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opStartImageScanResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_StartLifecyclePolicyPreview.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_StartLifecyclePolicyPreview.go
index 1169ac443..753970eae 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_StartLifecyclePolicyPreview.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_StartLifecyclePolicyPreview.go
@@ -4,15 +4,20 @@ package ecr
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
 	"github.com/aws/aws-sdk-go-v2/service/ecr/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
 
-// Starts a preview of a lifecycle policy for the specified repository. This allows
-// you to see the results before associating the lifecycle policy with the
+// Starts a preview of a lifecycle policy for the specified repository. This
+// allows you to see the results before associating the lifecycle policy with the
 // repository.
 func (c *Client) StartLifecyclePolicyPreview(ctx context.Context, params *StartLifecyclePolicyPreviewInput, optFns ...func(*Options)) (*StartLifecyclePolicyPreviewOutput, error) {
 	if params == nil {
@@ -77,6 +82,9 @@ func (c *Client) addOperationStartLifecyclePolicyPreviewMiddlewares(stack *middl
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -104,7 +112,7 @@ func (c *Client) addOperationStartLifecyclePolicyPreviewMiddlewares(stack *middl
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -113,12 +121,18 @@ func (c *Client) addOperationStartLifecyclePolicyPreviewMiddlewares(stack *middl
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addStartLifecyclePolicyPreviewResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpStartLifecyclePolicyPreviewValidationMiddleware(stack); err != nil {
 		return err
 	}
 	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opStartLifecyclePolicyPreview(options.Region), middleware.Before); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addRequestIDRetrieverMiddleware(stack); err != nil {
 		return err
 	}
@@ -128,6 +142,9 @@ func (c *Client) addOperationStartLifecyclePolicyPreviewMiddlewares(stack *middl
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -139,3 +156,126 @@ func newServiceMetadataMiddleware_opStartLifecyclePolicyPreview(region string) *
 		OperationName: "StartLifecyclePolicyPreview",
 	}
 }
+
+type opStartLifecyclePolicyPreviewResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opStartLifecyclePolicyPreviewResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opStartLifecyclePolicyPreviewResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addStartLifecyclePolicyPreviewResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opStartLifecyclePolicyPreviewResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_TagResource.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_TagResource.go
index d283acf67..cee213268 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_TagResource.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_TagResource.go
@@ -4,9 +4,14 @@ package ecr
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
 	"github.com/aws/aws-sdk-go-v2/service/ecr/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -62,6 +67,9 @@ func (c *Client) addOperationTagResourceMiddlewares(stack *middleware.Stack, opt
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -89,7 +97,7 @@ func (c *Client) addOperationTagResourceMiddlewares(stack *middleware.Stack, opt
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -98,12 +106,18 @@ func (c *Client) addOperationTagResourceMiddlewares(stack *middleware.Stack, opt
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addTagResourceResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpTagResourceValidationMiddleware(stack); err != nil {
 		return err
 	}
 	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opTagResource(options.Region), middleware.Before); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addRequestIDRetrieverMiddleware(stack); err != nil {
 		return err
 	}
@@ -113,6 +127,9 @@ func (c *Client) addOperationTagResourceMiddlewares(stack *middleware.Stack, opt
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -124,3 +141,126 @@ func newServiceMetadataMiddleware_opTagResource(region string) *awsmiddleware.Re
 		OperationName: "TagResource",
 	}
 }
+
+type opTagResourceResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opTagResourceResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opTagResourceResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addTagResourceResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opTagResourceResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_UntagResource.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_UntagResource.go
index e42275bde..74f12ad40 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_UntagResource.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_UntagResource.go
@@ -4,8 +4,13 @@ package ecr
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -58,6 +63,9 @@ func (c *Client) addOperationUntagResourceMiddlewares(stack *middleware.Stack, o
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -85,7 +93,7 @@ func (c *Client) addOperationUntagResourceMiddlewares(stack *middleware.Stack, o
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -94,12 +102,18 @@ func (c *Client) addOperationUntagResourceMiddlewares(stack *middleware.Stack, o
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addUntagResourceResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpUntagResourceValidationMiddleware(stack); err != nil {
 		return err
 	}
 	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opUntagResource(options.Region), middleware.Before); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addRequestIDRetrieverMiddleware(stack); err != nil {
 		return err
 	}
@@ -109,6 +123,9 @@ func (c *Client) addOperationUntagResourceMiddlewares(stack *middleware.Stack, o
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -120,3 +137,126 @@ func newServiceMetadataMiddleware_opUntagResource(region string) *awsmiddleware.
 		OperationName: "UntagResource",
 	}
 }
+
+type opUntagResourceResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opUntagResourceResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opUntagResourceResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addUntagResourceResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opUntagResourceResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_UploadLayerPart.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_UploadLayerPart.go
index 4acf7e5b0..feb56bf09 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_UploadLayerPart.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_UploadLayerPart.go
@@ -4,8 +4,13 @@ package ecr
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -59,9 +64,9 @@ type UploadLayerPartInput struct {
 	// This member is required.
 	UploadId *string
 
-	// The Amazon Web Services account ID associated with the registry to which you are
-	// uploading layer parts. If you do not specify a registry, the default registry is
-	// assumed.
+	// The Amazon Web Services account ID associated with the registry to which you
+	// are uploading layer parts. If you do not specify a registry, the default
+	// registry is assumed.
 	RegistryId *string
 
 	noSmithyDocumentSerde
@@ -96,6 +101,9 @@ func (c *Client) addOperationUploadLayerPartMiddlewares(stack *middleware.Stack,
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -123,7 +131,7 @@ func (c *Client) addOperationUploadLayerPartMiddlewares(stack *middleware.Stack,
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -132,12 +140,18 @@ func (c *Client) addOperationUploadLayerPartMiddlewares(stack *middleware.Stack,
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addUploadLayerPartResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpUploadLayerPartValidationMiddleware(stack); err != nil {
 		return err
 	}
 	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opUploadLayerPart(options.Region), middleware.Before); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addRequestIDRetrieverMiddleware(stack); err != nil {
 		return err
 	}
@@ -147,6 +161,9 @@ func (c *Client) addOperationUploadLayerPartMiddlewares(stack *middleware.Stack,
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -158,3 +175,126 @@ func newServiceMetadataMiddleware_opUploadLayerPart(region string) *awsmiddlewar
 		OperationName: "UploadLayerPart",
 	}
 }
+
+type opUploadLayerPartResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opUploadLayerPartResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opUploadLayerPartResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addUploadLayerPartResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opUploadLayerPartResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/deserializers.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/deserializers.go
index 79c79b7ab..7d849ef54 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/deserializers.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/deserializers.go
@@ -991,6 +991,9 @@ func awsAwsjson11_deserializeOpErrorDeleteLifecyclePolicy(response *smithyhttp.R
 	case strings.EqualFold("ServerException", errorCode):
 		return awsAwsjson11_deserializeErrorServerException(response, errorBody)
 
+	case strings.EqualFold("ValidationException", errorCode):
+		return awsAwsjson11_deserializeErrorValidationException(response, errorBody)
+
 	default:
 		genericError := &smithy.GenericAPIError{
 			Code:    errorCode,
@@ -2554,6 +2557,9 @@ func awsAwsjson11_deserializeOpErrorGetLifecyclePolicy(response *smithyhttp.Resp
 	case strings.EqualFold("ServerException", errorCode):
 		return awsAwsjson11_deserializeErrorServerException(response, errorBody)
 
+	case strings.EqualFold("ValidationException", errorCode):
+		return awsAwsjson11_deserializeErrorValidationException(response, errorBody)
+
 	default:
 		genericError := &smithy.GenericAPIError{
 			Code:    errorCode,
@@ -2674,6 +2680,9 @@ func awsAwsjson11_deserializeOpErrorGetLifecyclePolicyPreview(response *smithyht
 	case strings.EqualFold("ServerException", errorCode):
 		return awsAwsjson11_deserializeErrorServerException(response, errorBody)
 
+	case strings.EqualFold("ValidationException", errorCode):
+		return awsAwsjson11_deserializeErrorValidationException(response, errorBody)
+
 	default:
 		genericError := &smithy.GenericAPIError{
 			Code:    errorCode,
@@ -3877,6 +3886,9 @@ func awsAwsjson11_deserializeOpErrorPutLifecyclePolicy(response *smithyhttp.Resp
 	case strings.EqualFold("ServerException", errorCode):
 		return awsAwsjson11_deserializeErrorServerException(response, errorBody)
 
+	case strings.EqualFold("ValidationException", errorCode):
+		return awsAwsjson11_deserializeErrorValidationException(response, errorBody)
+
 	default:
 		genericError := &smithy.GenericAPIError{
 			Code:    errorCode,
@@ -4597,6 +4609,9 @@ func awsAwsjson11_deserializeOpErrorStartLifecyclePolicyPreview(response *smithy
 	case strings.EqualFold("ServerException", errorCode):
 		return awsAwsjson11_deserializeErrorServerException(response, errorBody)
 
+	case strings.EqualFold("ValidationException", errorCode):
+		return awsAwsjson11_deserializeErrorValidationException(response, errorBody)
+
 	default:
 		genericError := &smithy.GenericAPIError{
 			Code:    errorCode,
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/doc.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/doc.go
index 602df615b..cd150610d 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/doc.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/doc.go
@@ -3,14 +3,14 @@
 // Package ecr provides the API client, operations, and parameter types for Amazon
 // EC2 Container Registry.
 //
-// Amazon Elastic Container Registry Amazon Elastic Container Registry (Amazon ECR)
-// is a managed container image registry service. Customers can use the familiar
-// Docker CLI, or their preferred client, to push, pull, and manage images. Amazon
-// ECR provides a secure, scalable, and reliable registry for your Docker or Open
-// Container Initiative (OCI) images. Amazon ECR supports private repositories with
-// resource-based permissions using IAM so that specific users or Amazon EC2
-// instances can access repositories and images. Amazon ECR has service endpoints
-// in each supported Region. For more information, see Amazon ECR endpoints
-// (https://docs.aws.amazon.com/general/latest/gr/ecr.html) in the Amazon Web
-// Services General Reference.
+// Amazon Elastic Container Registry Amazon Elastic Container Registry (Amazon
+// ECR) is a managed container image registry service. Customers can use the
+// familiar Docker CLI, or their preferred client, to push, pull, and manage
+// images. Amazon ECR provides a secure, scalable, and reliable registry for your
+// Docker or Open Container Initiative (OCI) images. Amazon ECR supports private
+// repositories with resource-based permissions using IAM so that specific users or
+// Amazon EC2 instances can access repositories and images. Amazon ECR has service
+// endpoints in each supported Region. For more information, see Amazon ECR
+// endpoints (https://docs.aws.amazon.com/general/latest/gr/ecr.html) in the Amazon
+// Web Services General Reference.
 package ecr
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/endpoints.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/endpoints.go
index e255bc9d5..8d169bdb2 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/endpoints.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/endpoints.go
@@ -8,9 +8,13 @@ import (
 	"fmt"
 	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
+	"github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn"
 	internalendpoints "github.com/aws/aws-sdk-go-v2/service/ecr/internal/endpoints"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
+	"github.com/aws/smithy-go/ptr"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
+	"net/http"
 	"net/url"
 	"strings"
 )
@@ -39,13 +43,6 @@ func (fn EndpointResolverFunc) ResolveEndpoint(region string, options EndpointRe
 	return fn(region, options)
 }
 
-func resolveDefaultEndpointConfiguration(o *Options) {
-	if o.EndpointResolver != nil {
-		return
-	}
-	o.EndpointResolver = NewDefaultEndpointResolver()
-}
-
 // EndpointResolverFromURL returns an EndpointResolver configured using the
 // provided endpoint url. By default, the resolved endpoint resolver uses the
 // client region as signing region, and the endpoint source is set to
@@ -79,6 +76,10 @@ func (*ResolveEndpoint) ID() string {
 func (m *ResolveEndpoint) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
 	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
 ) {
+	if !awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
 	req, ok := in.Request.(*smithyhttp.Request)
 	if !ok {
 		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
@@ -94,6 +95,11 @@ func (m *ResolveEndpoint) HandleSerialize(ctx context.Context, in middleware.Ser
 	var endpoint aws.Endpoint
 	endpoint, err = m.Resolver.ResolveEndpoint(awsmiddleware.GetRegion(ctx), eo)
 	if err != nil {
+		nf := (&aws.EndpointNotFoundError{})
+		if errors.As(err, &nf) {
+			ctx = awsmiddleware.SetRequiresLegacyEndpoints(ctx, false)
+			return next.HandleSerialize(ctx, in)
+		}
 		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
 	}
 
@@ -129,27 +135,10 @@ func removeResolveEndpointMiddleware(stack *middleware.Stack) error {
 
 type wrappedEndpointResolver struct {
 	awsResolver aws.EndpointResolverWithOptions
-	resolver    EndpointResolver
 }
 
 func (w *wrappedEndpointResolver) ResolveEndpoint(region string, options EndpointResolverOptions) (endpoint aws.Endpoint, err error) {
-	if w.awsResolver == nil {
-		goto fallback
-	}
-	endpoint, err = w.awsResolver.ResolveEndpoint(ServiceID, region, options)
-	if err == nil {
-		return endpoint, nil
-	}
-
-	if nf := (&aws.EndpointNotFoundError{}); !errors.As(err, &nf) {
-		return endpoint, err
-	}
-
-fallback:
-	if w.resolver == nil {
-		return endpoint, fmt.Errorf("default endpoint resolver provided was nil")
-	}
-	return w.resolver.ResolveEndpoint(region, options)
+	return w.awsResolver.ResolveEndpoint(ServiceID, region, options)
 }
 
 type awsEndpointResolverAdaptor func(service, region string) (aws.Endpoint, error)
@@ -160,12 +149,13 @@ func (a awsEndpointResolverAdaptor) ResolveEndpoint(service, region string, opti
 
 var _ aws.EndpointResolverWithOptions = awsEndpointResolverAdaptor(nil)
 
-// withEndpointResolver returns an EndpointResolver that first delegates endpoint resolution to the awsResolver.
-// If awsResolver returns aws.EndpointNotFoundError error, the resolver will use the the provided
-// fallbackResolver for resolution.
+// withEndpointResolver returns an aws.EndpointResolverWithOptions that first delegates endpoint resolution to the awsResolver.
+// If awsResolver returns aws.EndpointNotFoundError error, the v1 resolver middleware will swallow the error,
+// and set an appropriate context flag such that fallback will occur when EndpointResolverV2 is invoked
+// via its middleware.
 //
-// fallbackResolver must not be nil
-func withEndpointResolver(awsResolver aws.EndpointResolver, awsResolverWithOptions aws.EndpointResolverWithOptions, fallbackResolver EndpointResolver) EndpointResolver {
+// If another error (besides aws.EndpointNotFoundError) is returned, then that error will be propagated.
+func withEndpointResolver(awsResolver aws.EndpointResolver, awsResolverWithOptions aws.EndpointResolverWithOptions) EndpointResolver {
 	var resolver aws.EndpointResolverWithOptions
 
 	if awsResolverWithOptions != nil {
@@ -176,7 +166,6 @@ func withEndpointResolver(awsResolver aws.EndpointResolver, awsResolverWithOptio
 
 	return &wrappedEndpointResolver{
 		awsResolver: resolver,
-		resolver:    fallbackResolver,
 	}
 }
 
@@ -198,3 +187,332 @@ func finalizeClientEndpointResolverOptions(options *Options) {
 	}
 
 }
+
+func resolveEndpointResolverV2(options *Options) {
+	if options.EndpointResolverV2 == nil {
+		options.EndpointResolverV2 = NewDefaultEndpointResolverV2()
+	}
+}
+
+// Utility function to aid with translating pseudo-regions to classical regions
+// with the appropriate setting indicated by the pseudo-region
+func mapPseudoRegion(pr string) (region string, fips aws.FIPSEndpointState) {
+	const fipsInfix = "-fips-"
+	const fipsPrefix = "fips-"
+	const fipsSuffix = "-fips"
+
+	if strings.Contains(pr, fipsInfix) ||
+		strings.Contains(pr, fipsPrefix) ||
+		strings.Contains(pr, fipsSuffix) {
+		region = strings.ReplaceAll(strings.ReplaceAll(strings.ReplaceAll(
+			pr, fipsInfix, "-"), fipsPrefix, ""), fipsSuffix, "")
+		fips = aws.FIPSEndpointStateEnabled
+	} else {
+		region = pr
+	}
+
+	return region, fips
+}
+
+// builtInParameterResolver is the interface responsible for resolving BuiltIn
+// values during the sourcing of EndpointParameters
+type builtInParameterResolver interface {
+	ResolveBuiltIns(*EndpointParameters) error
+}
+
+// builtInResolver resolves modeled BuiltIn values using only the members defined
+// below.
+type builtInResolver struct {
+	// The AWS region used to dispatch the request.
+	Region string
+
+	// Sourced BuiltIn value in a historical enabled or disabled state.
+	UseDualStack aws.DualStackEndpointState
+
+	// Sourced BuiltIn value in a historical enabled or disabled state.
+	UseFIPS aws.FIPSEndpointState
+
+	// Base endpoint that can potentially be modified during Endpoint resolution.
+	Endpoint *string
+}
+
+// Invoked at runtime to resolve BuiltIn Values. Only resolution code specific to
+// each BuiltIn value is generated.
+func (b *builtInResolver) ResolveBuiltIns(params *EndpointParameters) error {
+
+	region, _ := mapPseudoRegion(b.Region)
+	if len(region) == 0 {
+		return fmt.Errorf("Could not resolve AWS::Region")
+	} else {
+		params.Region = aws.String(region)
+	}
+	if b.UseDualStack == aws.DualStackEndpointStateEnabled {
+		params.UseDualStack = aws.Bool(true)
+	} else {
+		params.UseDualStack = aws.Bool(false)
+	}
+	if b.UseFIPS == aws.FIPSEndpointStateEnabled {
+		params.UseFIPS = aws.Bool(true)
+	} else {
+		params.UseFIPS = aws.Bool(false)
+	}
+	params.Endpoint = b.Endpoint
+	return nil
+}
+
+// EndpointParameters provides the parameters that influence how endpoints are
+// resolved.
+type EndpointParameters struct {
+	// The AWS region used to dispatch the request.
+	//
+	// Parameter is
+	// required.
+	//
+	// AWS::Region
+	Region *string
+
+	// When true, use the dual-stack endpoint. If the configured endpoint does not
+	// support dual-stack, dispatching the request MAY return an error.
+	//
+	// Defaults to
+	// false if no value is provided.
+	//
+	// AWS::UseDualStack
+	UseDualStack *bool
+
+	// When true, send this request to the FIPS-compliant regional endpoint. If the
+	// configured endpoint does not have a FIPS compliant endpoint, dispatching the
+	// request will return an error.
+	//
+	// Defaults to false if no value is
+	// provided.
+	//
+	// AWS::UseFIPS
+	UseFIPS *bool
+
+	// Override the endpoint used to send this request
+	//
+	// Parameter is
+	// required.
+	//
+	// SDK::Endpoint
+	Endpoint *string
+}
+
+// ValidateRequired validates required parameters are set.
+func (p EndpointParameters) ValidateRequired() error {
+	if p.UseDualStack == nil {
+		return fmt.Errorf("parameter UseDualStack is required")
+	}
+
+	if p.UseFIPS == nil {
+		return fmt.Errorf("parameter UseFIPS is required")
+	}
+
+	return nil
+}
+
+// WithDefaults returns a shallow copy of EndpointParameterswith default values
+// applied to members where applicable.
+func (p EndpointParameters) WithDefaults() EndpointParameters {
+	if p.UseDualStack == nil {
+		p.UseDualStack = ptr.Bool(false)
+	}
+
+	if p.UseFIPS == nil {
+		p.UseFIPS = ptr.Bool(false)
+	}
+	return p
+}
+
+// EndpointResolverV2 provides the interface for resolving service endpoints.
+type EndpointResolverV2 interface {
+	// ResolveEndpoint attempts to resolve the endpoint with the provided options,
+	// returning the endpoint if found. Otherwise an error is returned.
+	ResolveEndpoint(ctx context.Context, params EndpointParameters) (
+		smithyendpoints.Endpoint, error,
+	)
+}
+
+// resolver provides the implementation for resolving endpoints.
+type resolver struct{}
+
+func NewDefaultEndpointResolverV2() EndpointResolverV2 {
+	return &resolver{}
+}
+
+// ResolveEndpoint attempts to resolve the endpoint with the provided options,
+// returning the endpoint if found. Otherwise an error is returned.
+func (r *resolver) ResolveEndpoint(
+	ctx context.Context, params EndpointParameters,
+) (
+	endpoint smithyendpoints.Endpoint, err error,
+) {
+	params = params.WithDefaults()
+	if err = params.ValidateRequired(); err != nil {
+		return endpoint, fmt.Errorf("endpoint parameters are not valid, %w", err)
+	}
+	_UseDualStack := *params.UseDualStack
+	_UseFIPS := *params.UseFIPS
+
+	if exprVal := params.Endpoint; exprVal != nil {
+		_Endpoint := *exprVal
+		_ = _Endpoint
+		if _UseFIPS == true {
+			return endpoint, fmt.Errorf("endpoint rule error, %s", "Invalid Configuration: FIPS and custom endpoint are not supported")
+		}
+		if _UseDualStack == true {
+			return endpoint, fmt.Errorf("endpoint rule error, %s", "Invalid Configuration: Dualstack and custom endpoint are not supported")
+		}
+		uriString := _Endpoint
+
+		uri, err := url.Parse(uriString)
+		if err != nil {
+			return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+		}
+
+		return smithyendpoints.Endpoint{
+			URI:     *uri,
+			Headers: http.Header{},
+		}, nil
+	}
+	if exprVal := params.Region; exprVal != nil {
+		_Region := *exprVal
+		_ = _Region
+		if exprVal := awsrulesfn.GetPartition(_Region); exprVal != nil {
+			_PartitionResult := *exprVal
+			_ = _PartitionResult
+			if _UseFIPS == true {
+				if _UseDualStack == true {
+					if true == _PartitionResult.SupportsFIPS {
+						if true == _PartitionResult.SupportsDualStack {
+							uriString := func() string {
+								var out strings.Builder
+								out.WriteString("https://api.ecr-fips.")
+								out.WriteString(_Region)
+								out.WriteString(".")
+								out.WriteString(_PartitionResult.DualStackDnsSuffix)
+								return out.String()
+							}()
+
+							uri, err := url.Parse(uriString)
+							if err != nil {
+								return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+							}
+
+							return smithyendpoints.Endpoint{
+								URI:     *uri,
+								Headers: http.Header{},
+							}, nil
+						}
+					}
+					return endpoint, fmt.Errorf("endpoint rule error, %s", "FIPS and DualStack are enabled, but this partition does not support one or both")
+				}
+			}
+			if _UseFIPS == true {
+				if true == _PartitionResult.SupportsFIPS {
+					if "aws" == _PartitionResult.Name {
+						uriString := func() string {
+							var out strings.Builder
+							out.WriteString("https://ecr-fips.")
+							out.WriteString(_Region)
+							out.WriteString(".amazonaws.com")
+							return out.String()
+						}()
+
+						uri, err := url.Parse(uriString)
+						if err != nil {
+							return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+						}
+
+						return smithyendpoints.Endpoint{
+							URI:     *uri,
+							Headers: http.Header{},
+						}, nil
+					}
+					if "aws-us-gov" == _PartitionResult.Name {
+						uriString := func() string {
+							var out strings.Builder
+							out.WriteString("https://ecr-fips.")
+							out.WriteString(_Region)
+							out.WriteString(".amazonaws.com")
+							return out.String()
+						}()
+
+						uri, err := url.Parse(uriString)
+						if err != nil {
+							return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+						}
+
+						return smithyendpoints.Endpoint{
+							URI:     *uri,
+							Headers: http.Header{},
+						}, nil
+					}
+					uriString := func() string {
+						var out strings.Builder
+						out.WriteString("https://api.ecr-fips.")
+						out.WriteString(_Region)
+						out.WriteString(".")
+						out.WriteString(_PartitionResult.DnsSuffix)
+						return out.String()
+					}()
+
+					uri, err := url.Parse(uriString)
+					if err != nil {
+						return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+					}
+
+					return smithyendpoints.Endpoint{
+						URI:     *uri,
+						Headers: http.Header{},
+					}, nil
+				}
+				return endpoint, fmt.Errorf("endpoint rule error, %s", "FIPS is enabled but this partition does not support FIPS")
+			}
+			if _UseDualStack == true {
+				if true == _PartitionResult.SupportsDualStack {
+					uriString := func() string {
+						var out strings.Builder
+						out.WriteString("https://api.ecr.")
+						out.WriteString(_Region)
+						out.WriteString(".")
+						out.WriteString(_PartitionResult.DualStackDnsSuffix)
+						return out.String()
+					}()
+
+					uri, err := url.Parse(uriString)
+					if err != nil {
+						return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+					}
+
+					return smithyendpoints.Endpoint{
+						URI:     *uri,
+						Headers: http.Header{},
+					}, nil
+				}
+				return endpoint, fmt.Errorf("endpoint rule error, %s", "DualStack is enabled but this partition does not support DualStack")
+			}
+			uriString := func() string {
+				var out strings.Builder
+				out.WriteString("https://api.ecr.")
+				out.WriteString(_Region)
+				out.WriteString(".")
+				out.WriteString(_PartitionResult.DnsSuffix)
+				return out.String()
+			}()
+
+			uri, err := url.Parse(uriString)
+			if err != nil {
+				return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+			}
+
+			return smithyendpoints.Endpoint{
+				URI:     *uri,
+				Headers: http.Header{},
+			}, nil
+		}
+		return endpoint, fmt.Errorf("Endpoint resolution failed. Invalid operation or environment input.")
+	}
+	return endpoint, fmt.Errorf("endpoint rule error, %s", "Invalid Configuration: Missing Region")
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/generated.json b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/generated.json
index 631a65bba..0b78f9a89 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/generated.json
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/generated.json
@@ -4,6 +4,7 @@
         "github.com/aws/aws-sdk-go-v2/internal/configsources": "v0.0.0-00010101000000-000000000000",
         "github.com/aws/aws-sdk-go-v2/internal/endpoints/v2": "v2.0.0-00010101000000-000000000000",
         "github.com/aws/smithy-go": "v1.4.0",
+        "github.com/google/go-cmp": "v0.5.4",
         "github.com/jmespath/go-jmespath": "v0.4.0"
     },
     "files": [
@@ -53,6 +54,7 @@
         "deserializers.go",
         "doc.go",
         "endpoints.go",
+        "endpoints_test.go",
         "generated.json",
         "internal/endpoints/endpoints.go",
         "internal/endpoints/endpoints_test.go",
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/go_module_metadata.go
index 15f5d82d5..f6cad4479 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/go_module_metadata.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/go_module_metadata.go
@@ -3,4 +3,4 @@
 package ecr
 
 // goModuleVersion is the tagged release for this module
-const goModuleVersion = "1.18.7"
+const goModuleVersion = "1.20.2"
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/internal/endpoints/endpoints.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/internal/endpoints/endpoints.go
index 53aaf4cf2..ca046cf69 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/internal/endpoints/endpoints.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/internal/endpoints/endpoints.go
@@ -89,13 +89,17 @@ var partitionRegexp = struct {
 	AwsCn    *regexp.Regexp
 	AwsIso   *regexp.Regexp
 	AwsIsoB  *regexp.Regexp
+	AwsIsoE  *regexp.Regexp
+	AwsIsoF  *regexp.Regexp
 	AwsUsGov *regexp.Regexp
 }{
 
-	Aws:      regexp.MustCompile("^(us|eu|ap|sa|ca|me|af)\\-\\w+\\-\\d+$"),
+	Aws:      regexp.MustCompile("^(us|eu|ap|sa|ca|me|af|il)\\-\\w+\\-\\d+$"),
 	AwsCn:    regexp.MustCompile("^cn\\-\\w+\\-\\d+$"),
 	AwsIso:   regexp.MustCompile("^us\\-iso\\-\\w+\\-\\d+$"),
 	AwsIsoB:  regexp.MustCompile("^us\\-isob\\-\\w+\\-\\d+$"),
+	AwsIsoE:  regexp.MustCompile("^eu\\-isoe\\-\\w+\\-\\d+$"),
+	AwsIsoF:  regexp.MustCompile("^us\\-isof\\-\\w+\\-\\d+$"),
 	AwsUsGov: regexp.MustCompile("^us\\-gov\\-\\w+\\-\\d+$"),
 }
 
@@ -439,6 +443,14 @@ var defaultPartitions = endpoints.Partitions{
 				},
 				Deprecated: aws.TrueTernary,
 			},
+			endpoints.EndpointKey{
+				Region: "il-central-1",
+			}: endpoints.Endpoint{
+				Hostname: "api.ecr.il-central-1.amazonaws.com",
+				CredentialScope: endpoints.CredentialScope{
+					Region: "il-central-1",
+				},
+			},
 			endpoints.EndpointKey{
 				Region: "me-central-1",
 			}: endpoints.Endpoint{
@@ -656,6 +668,48 @@ var defaultPartitions = endpoints.Partitions{
 			},
 		},
 	},
+	{
+		ID: "aws-iso-e",
+		Defaults: map[endpoints.DefaultKey]endpoints.Endpoint{
+			{
+				Variant: endpoints.FIPSVariant,
+			}: {
+				Hostname:          "api.ecr-fips.{region}.cloud.adc-e.uk",
+				Protocols:         []string{"https"},
+				SignatureVersions: []string{"v4"},
+			},
+			{
+				Variant: 0,
+			}: {
+				Hostname:          "api.ecr.{region}.cloud.adc-e.uk",
+				Protocols:         []string{"https"},
+				SignatureVersions: []string{"v4"},
+			},
+		},
+		RegionRegex:    partitionRegexp.AwsIsoE,
+		IsRegionalized: true,
+	},
+	{
+		ID: "aws-iso-f",
+		Defaults: map[endpoints.DefaultKey]endpoints.Endpoint{
+			{
+				Variant: endpoints.FIPSVariant,
+			}: {
+				Hostname:          "api.ecr-fips.{region}.csp.hci.ic.gov",
+				Protocols:         []string{"https"},
+				SignatureVersions: []string{"v4"},
+			},
+			{
+				Variant: 0,
+			}: {
+				Hostname:          "api.ecr.{region}.csp.hci.ic.gov",
+				Protocols:         []string{"https"},
+				SignatureVersions: []string{"v4"},
+			},
+		},
+		RegionRegex:    partitionRegexp.AwsIsoF,
+		IsRegionalized: true,
+	},
 	{
 		ID: "aws-us-gov",
 		Defaults: map[endpoints.DefaultKey]endpoints.Endpoint{
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/types/enums.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/types/enums.go
index 9356aabf1..d782c4ec9 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/types/enums.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/types/enums.go
@@ -154,9 +154,10 @@ const (
 	LifecyclePolicyPreviewStatusFailed     LifecyclePolicyPreviewStatus = "FAILED"
 )
 
-// Values returns all known values for LifecyclePolicyPreviewStatus. Note that this
-// can be expanded in the future, and so it is only as up to date as the client.
-// The ordering of this slice is not guaranteed to be stable across updates.
+// Values returns all known values for LifecyclePolicyPreviewStatus. Note that
+// this can be expanded in the future, and so it is only as up to date as the
+// client. The ordering of this slice is not guaranteed to be stable across
+// updates.
 func (LifecyclePolicyPreviewStatus) Values() []LifecyclePolicyPreviewStatus {
 	return []LifecyclePolicyPreviewStatus{
 		"IN_PROGRESS",
@@ -246,9 +247,10 @@ const (
 	ScanningRepositoryFilterTypeWildcard ScanningRepositoryFilterType = "WILDCARD"
 )
 
-// Values returns all known values for ScanningRepositoryFilterType. Note that this
-// can be expanded in the future, and so it is only as up to date as the client.
-// The ordering of this slice is not guaranteed to be stable across updates.
+// Values returns all known values for ScanningRepositoryFilterType. Note that
+// this can be expanded in the future, and so it is only as up to date as the
+// client. The ordering of this slice is not guaranteed to be stable across
+// updates.
 func (ScanningRepositoryFilterType) Values() []ScanningRepositoryFilterType {
 	return []ScanningRepositoryFilterType{
 		"WILDCARD",
@@ -312,9 +314,9 @@ const (
 	TagStatusAny      TagStatus = "ANY"
 )
 
-// Values returns all known values for TagStatus. Note that this can be expanded in
-// the future, and so it is only as up to date as the client. The ordering of this
-// slice is not guaranteed to be stable across updates.
+// Values returns all known values for TagStatus. Note that this can be expanded
+// in the future, and so it is only as up to date as the client. The ordering of
+// this slice is not guaranteed to be stable across updates.
 func (TagStatus) Values() []TagStatus {
 	return []TagStatus{
 		"TAGGED",
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/types/errors.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/types/errors.go
index 3f72008bd..4b4782c5a 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/types/errors.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/types/errors.go
@@ -167,8 +167,8 @@ func (e *InvalidLayerException) ErrorCode() string {
 }
 func (e *InvalidLayerException) ErrorFault() smithy.ErrorFault { return smithy.FaultClient }
 
-// The layer part size is not valid, or the first byte specified is not consecutive
-// to the last byte of a previous layer part upload.
+// The layer part size is not valid, or the first byte specified is not
+// consecutive to the last byte of a previous layer part upload.
 type InvalidLayerPartException struct {
 	Message *string
 
@@ -308,8 +308,8 @@ func (e *LayerAlreadyExistsException) ErrorCode() string {
 }
 func (e *LayerAlreadyExistsException) ErrorFault() smithy.ErrorFault { return smithy.FaultClient }
 
-// The specified layer is not available because it is not associated with an image.
-// Unassociated image layers may be cleaned up at any time.
+// The specified layer is not available because it is not associated with an
+// image. Unassociated image layers may be cleaned up at any time.
 type LayerInaccessibleException struct {
 	Message *string
 
@@ -361,8 +361,8 @@ func (e *LayerPartTooSmallException) ErrorCode() string {
 }
 func (e *LayerPartTooSmallException) ErrorFault() smithy.ErrorFault { return smithy.FaultClient }
 
-// The specified layers could not be found, or the specified layer is not valid for
-// this repository.
+// The specified layers could not be found, or the specified layer is not valid
+// for this repository.
 type LayersNotFoundException struct {
 	Message *string
 
@@ -471,10 +471,9 @@ func (e *LifecyclePolicyPreviewNotFoundException) ErrorFault() smithy.ErrorFault
 	return smithy.FaultClient
 }
 
-// The operation did not succeed because it would have exceeded a service limit for
-// your account. For more information, see Amazon ECR service quotas
-// (https://docs.aws.amazon.com/AmazonECR/latest/userguide/service-quotas.html) in
-// the Amazon Elastic Container Registry User Guide.
+// The operation did not succeed because it would have exceeded a service limit
+// for your account. For more information, see Amazon ECR service quotas (https://docs.aws.amazon.com/AmazonECR/latest/userguide/service-quotas.html)
+// in the Amazon Elastic Container Registry User Guide.
 type LimitExceededException struct {
 	Message *string
 
@@ -663,9 +662,9 @@ func (e *RepositoryNotEmptyException) ErrorCode() string {
 }
 func (e *RepositoryNotEmptyException) ErrorFault() smithy.ErrorFault { return smithy.FaultClient }
 
-// The specified repository could not be found. Check the spelling of the specified
-// repository and ensure that you are performing operations on the correct
-// registry.
+// The specified repository could not be found. Check the spelling of the
+// specified repository and ensure that you are performing operations on the
+// correct registry.
 type RepositoryNotFoundException struct {
 	Message *string
 
@@ -771,8 +770,8 @@ func (e *ServerException) ErrorCode() string {
 }
 func (e *ServerException) ErrorFault() smithy.ErrorFault { return smithy.FaultServer }
 
-// The list of tags on the repository is over the limit. The maximum number of tags
-// that can be applied to a repository is 50.
+// The list of tags on the repository is over the limit. The maximum number of
+// tags that can be applied to a repository is 50.
 type TooManyTagsException struct {
 	Message *string
 
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/types/types.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/types/types.go
index 22afaab80..1dbaf7725 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/types/types.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/types/types.go
@@ -26,7 +26,7 @@ type AuthorizationData struct {
 
 	// A base64-encoded string that contains authorization data for the specified
 	// Amazon ECR registry. When the string is decoded, it is presented in the format
-	// user:password for private registry authentication using docker login.
+	// user:password for private registry authentication using docker login .
 	AuthorizationToken *string
 
 	// The Unix time in seconds and milliseconds when the authorization token expires.
@@ -35,8 +35,8 @@ type AuthorizationData struct {
 
 	// The registry URL to use for this authorization token in a docker login command.
 	// The Amazon ECR registry URL format is
-	// https://aws_account_id.dkr.ecr.region.amazonaws.com. For example,
-	// https://012345678910.dkr.ecr.us-east-1.amazonaws.com..
+	// https://aws_account_id.dkr.ecr.region.amazonaws.com . For example,
+	// https://012345678910.dkr.ecr.us-east-1.amazonaws.com ..
 	ProxyEndpoint *string
 
 	noSmithyDocumentSerde
@@ -128,7 +128,7 @@ type CvssScoreDetails struct {
 type DescribeImagesFilter struct {
 
 	// The tag status with which to filter your DescribeImages results. You can filter
-	// results based on whether they are TAGGED or UNTAGGED.
+	// results based on whether they are TAGGED or UNTAGGED .
 	TagStatus TagStatus
 
 	noSmithyDocumentSerde
@@ -142,8 +142,7 @@ type DescribeImagesFilter struct {
 // require any action on your part. For more control over the encryption of the
 // contents of your repository, you can use server-side encryption with Key
 // Management Service key stored in Key Management Service (KMS) to encrypt your
-// images. For more information, see Amazon ECR encryption at rest
-// (https://docs.aws.amazon.com/AmazonECR/latest/userguide/encryption-at-rest.html)
+// images. For more information, see Amazon ECR encryption at rest (https://docs.aws.amazon.com/AmazonECR/latest/userguide/encryption-at-rest.html)
 // in the Amazon Elastic Container Registry User Guide.
 type EncryptionConfiguration struct {
 
@@ -153,14 +152,12 @@ type EncryptionConfiguration struct {
 	// can either use the default Amazon Web Services managed KMS key for Amazon ECR,
 	// or specify your own KMS key, which you already created. For more information,
 	// see Protecting data using server-side encryption with an KMS key stored in Key
-	// Management Service (SSE-KMS)
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingKMSEncryption.html) in the
-	// Amazon Simple Storage Service Console Developer Guide. If you use the AES256
-	// encryption type, Amazon ECR uses server-side encryption with Amazon S3-managed
-	// encryption keys which encrypts the images in the repository using an AES-256
-	// encryption algorithm. For more information, see Protecting data using
-	// server-side encryption with Amazon S3-managed encryption keys (SSE-S3)
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html)
+	// Management Service (SSE-KMS) (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingKMSEncryption.html)
+	// in the Amazon Simple Storage Service Console Developer Guide. If you use the
+	// AES256 encryption type, Amazon ECR uses server-side encryption with Amazon
+	// S3-managed encryption keys which encrypts the images in the repository using an
+	// AES-256 encryption algorithm. For more information, see Protecting data using
+	// server-side encryption with Amazon S3-managed encryption keys (SSE-S3) (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html)
 	// in the Amazon Simple Storage Service Console Developer Guide.
 	//
 	// This member is required.
@@ -276,19 +273,19 @@ type ImageDetail struct {
 	// Docker version 1.9, the Docker client compresses image layers before pushing
 	// them to a V2 Docker registry. The output of the docker images command shows the
 	// uncompressed image size, so it may return a larger image size than the image
-	// sizes returned by DescribeImages.
+	// sizes returned by DescribeImages .
 	ImageSizeInBytes *int64
 
 	// The list of tags associated with this image.
 	ImageTags []string
 
-	// The date and time, expressed in standard JavaScript date format, when Amazon ECR
-	// recorded the last image pull. Amazon ECR refreshes the last image pull timestamp
-	// at least once every 24 hours. For example, if you pull an image once a day then
-	// the lastRecordedPullTime timestamp will indicate the exact time that the image
-	// was last pulled. However, if you pull an image once an hour, because Amazon ECR
-	// refreshes the lastRecordedPullTime timestamp at least once every 24 hours, the
-	// result may not be the exact time that the image was last pulled.
+	// The date and time, expressed in standard JavaScript date format, when Amazon
+	// ECR recorded the last image pull. Amazon ECR refreshes the last image pull
+	// timestamp at least once every 24 hours. For example, if you pull an image once a
+	// day then the lastRecordedPullTime timestamp will indicate the exact time that
+	// the image was last pulled. However, if you pull an image once an hour, because
+	// Amazon ECR refreshes the lastRecordedPullTime timestamp at least once every 24
+	// hours, the result may not be the exact time that the image was last pulled.
 	LastRecordedPullTime *time.Time
 
 	// The Amazon Web Services account ID associated with the registry to which this
@@ -408,10 +405,9 @@ type ImageScanFindingsSummary struct {
 type ImageScanningConfiguration struct {
 
 	// The setting that determines whether images are scanned after being pushed to a
-	// repository. If set to true, images will be scanned after being pushed. If this
+	// repository. If set to true , images will be scanned after being pushed. If this
 	// parameter is not specified, it will default to false and images will not be
-	// scanned unless a scan is manually started with the API_StartImageScan
-	// (https://docs.aws.amazon.com/AmazonECR/latest/APIReference/API_StartImageScan.html)
+	// scanned unless a scan is manually started with the API_StartImageScan (https://docs.aws.amazon.com/AmazonECR/latest/APIReference/API_StartImageScan.html)
 	// API.
 	ScanOnPush bool
 
@@ -444,7 +440,7 @@ type Layer struct {
 
 	// The media type of the layer, such as
 	// application/vnd.docker.image.rootfs.diff.tar.gzip or
-	// application/vnd.oci.image.layer.v1.tar+gzip.
+	// application/vnd.oci.image.layer.v1.tar+gzip .
 	MediaType *string
 
 	noSmithyDocumentSerde
@@ -518,7 +514,7 @@ type LifecyclePolicyRuleAction struct {
 type ListImagesFilter struct {
 
 	// The tag status with which to filter your ListImages results. You can filter
-	// results based on whether they are TAGGED or UNTAGGED.
+	// results based on whether they are TAGGED or UNTAGGED .
 	TagStatus TagStatus
 
 	noSmithyDocumentSerde
@@ -570,8 +566,8 @@ type PullThroughCacheRule struct {
 	// The Amazon ECR repository prefix associated with the pull through cache rule.
 	EcrRepositoryPrefix *string
 
-	// The Amazon Web Services account ID associated with the registry the pull through
-	// cache rule is associated with.
+	// The Amazon Web Services account ID associated with the registry the pull
+	// through cache rule is associated with.
 	RegistryId *string
 
 	// The upstream registry URL associated with the pull through cache rule.
@@ -615,8 +611,9 @@ type RegistryScanningRule struct {
 
 	// The frequency that scans are performed at for a private registry. When the
 	// ENHANCED scan type is specified, the supported scan frequencies are
-	// CONTINUOUS_SCAN and SCAN_ON_PUSH. When the BASIC scan type is specified, the
-	// SCAN_ON_PUSH and MANUAL scan frequencies are supported.
+	// CONTINUOUS_SCAN and SCAN_ON_PUSH . When the BASIC scan type is specified, the
+	// SCAN_ON_PUSH scan frequency is supported. If scan on push is not specified, then
+	// the MANUAL scan frequency is set by default.
 	//
 	// This member is required.
 	ScanFrequency ScanFrequency
@@ -704,7 +701,8 @@ type Repository struct {
 	// The Amazon Resource Name (ARN) that identifies the repository. The ARN contains
 	// the arn:aws:ecr namespace, followed by the region of the repository, Amazon Web
 	// Services account ID of the repository owner, repository namespace, and
-	// repository name. For example, arn:aws:ecr:region:012345678910:repository/test.
+	// repository name. For example,
+	// arn:aws:ecr:region:012345678910:repository-namespace/repository-name .
 	RepositoryArn *string
 
 	// The name of the repository.
@@ -719,8 +717,8 @@ type Repository struct {
 
 // The filter settings used with image replication. Specifying a repository filter
 // to a replication rule provides a method for controlling which repositories in a
-// private registry are replicated. If no repository filter is specified, all
-// images in the repository are replicated.
+// private registry are replicated. If no filters are added, the contents of all
+// repositories are replicated.
 type RepositoryFilter struct {
 
 	// The repository filter details. When the PREFIX_MATCH filter type is specified,
@@ -730,8 +728,8 @@ type RepositoryFilter struct {
 	// This member is required.
 	Filter *string
 
-	// The repository filter type. The only supported value is PREFIX_MATCH, which is a
-	// repository name prefix specified with the filter parameter.
+	// The repository filter type. The only supported value is PREFIX_MATCH , which is
+	// a repository name prefix specified with the filter parameter.
 	//
 	// This member is required.
 	FilterType RepositoryFilterType
@@ -797,16 +795,15 @@ type Resource struct {
 // Contains details about the resource involved in the finding.
 type ResourceDetails struct {
 
-	// An object that contains details about the Amazon ECR container image involved in
-	// the finding.
+	// An object that contains details about the Amazon ECR container image involved
+	// in the finding.
 	AwsEcrContainerImage *AwsEcrContainerImageDetails
 
 	noSmithyDocumentSerde
 }
 
 // The details of a scanning repository filter. For more information on how to use
-// filters, see Using filters
-// (https://docs.aws.amazon.com/AmazonECR/latest/userguide/image-scanning.html#image-scanning-filters)
+// filters, see Using filters (https://docs.aws.amazon.com/AmazonECR/latest/userguide/image-scanning.html#image-scanning-filters)
 // in the Amazon Elastic Container Registry User Guide.
 type ScanningRepositoryFilter struct {
 
@@ -840,9 +837,13 @@ type Tag struct {
 
 	// One part of a key-value pair that make up a tag. A key is a general label that
 	// acts like a category for more specific tag values.
+	//
+	// This member is required.
 	Key *string
 
 	// A value acts as a descriptor within a tag category (key).
+	//
+	// This member is required.
 	Value *string
 
 	noSmithyDocumentSerde
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/validators.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/validators.go
index 9baf8c8cf..754611f1c 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/validators.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/validators.go
@@ -1045,6 +1045,41 @@ func validateScanningRepositoryFilterList(v []types.ScanningRepositoryFilter) er
 	}
 }
 
+func validateTag(v *types.Tag) error {
+	if v == nil {
+		return nil
+	}
+	invalidParams := smithy.InvalidParamsError{Context: "Tag"}
+	if v.Key == nil {
+		invalidParams.Add(smithy.NewErrParamRequired("Key"))
+	}
+	if v.Value == nil {
+		invalidParams.Add(smithy.NewErrParamRequired("Value"))
+	}
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	} else {
+		return nil
+	}
+}
+
+func validateTagList(v []types.Tag) error {
+	if v == nil {
+		return nil
+	}
+	invalidParams := smithy.InvalidParamsError{Context: "TagList"}
+	for i := range v {
+		if err := validateTag(&v[i]); err != nil {
+			invalidParams.AddNested(fmt.Sprintf("[%d]", i), err.(smithy.InvalidParamsError))
+		}
+	}
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	} else {
+		return nil
+	}
+}
+
 func validateOpBatchCheckLayerAvailabilityInput(v *BatchCheckLayerAvailabilityInput) error {
 	if v == nil {
 		return nil
@@ -1161,6 +1196,11 @@ func validateOpCreateRepositoryInput(v *CreateRepositoryInput) error {
 	if v.RepositoryName == nil {
 		invalidParams.Add(smithy.NewErrParamRequired("RepositoryName"))
 	}
+	if v.Tags != nil {
+		if err := validateTagList(v.Tags); err != nil {
+			invalidParams.AddNested("Tags", err.(smithy.InvalidParamsError))
+		}
+	}
 	if v.EncryptionConfiguration != nil {
 		if err := validateEncryptionConfiguration(v.EncryptionConfiguration); err != nil {
 			invalidParams.AddNested("EncryptionConfiguration", err.(smithy.InvalidParamsError))
@@ -1576,6 +1616,10 @@ func validateOpTagResourceInput(v *TagResourceInput) error {
 	}
 	if v.Tags == nil {
 		invalidParams.Add(smithy.NewErrParamRequired("Tags"))
+	} else if v.Tags != nil {
+		if err := validateTagList(v.Tags); err != nil {
+			invalidParams.AddNested("Tags", err.(smithy.InvalidParamsError))
+		}
 	}
 	if invalidParams.Len() > 0 {
 		return invalidParams
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/CHANGELOG.md
index b6ad151e8..b3b5a57e6 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/CHANGELOG.md
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/CHANGELOG.md
@@ -1,3 +1,203 @@
+# v1.18.2 (2023-10-12)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.18.1 (2023-10-06)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.18.0 (2023-09-18)
+
+* **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* **Feature**: Adds several endpoint ruleset changes across all models: smaller rulesets, removed non-unique regional endpoints, fixes FIPS and DualStack endpoints, and make region not required in SDK::Endpoint. Additional breakfix to cognito-sync field.
+
+# v1.17.5 (2023-08-21)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.17.4 (2023-08-18)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.17.3 (2023-08-17)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.17.2 (2023-08-07)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.17.1 (2023-08-01)
+
+* No change notes available for this release.
+
+# v1.17.0 (2023-07-31)
+
+* **Feature**: Adds support for smithy-modeled endpoint resolution. A new rules-based endpoint resolution will be added to the SDK which will supercede and deprecate existing endpoint resolution. Specifically, EndpointResolver will be deprecated while BaseEndpoint and EndpointResolverV2 will take its place. For more information, please see the Endpoints section in our Developer Guide.
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.16.6 (2023-07-28)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.16.5 (2023-07-13)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.16.4 (2023-06-15)
+
+* No change notes available for this release.
+
+# v1.16.3 (2023-06-13)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.16.2 (2023-05-04)
+
+* No change notes available for this release.
+
+# v1.16.1 (2023-04-24)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.16.0 (2023-04-11)
+
+* **Feature**: This release will allow using registry alias as registryId in BatchDeleteImage request.
+
+# v1.15.8 (2023-04-10)
+
+* No change notes available for this release.
+
+# v1.15.7 (2023-04-07)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.15.6 (2023-03-21)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.15.5 (2023-03-10)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.15.4 (2023-02-22)
+
+* **Bug Fix**: Prevent nil pointer dereference when retrieving error codes.
+
+# v1.15.3 (2023-02-20)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.15.2 (2023-02-15)
+
+* **Announcement**: When receiving an error response in restJson-based services, an incorrect error type may have been returned based on the content of the response. This has been fixed via PR #2012 tracked in issue #1910.
+* **Bug Fix**: Correct error type parsing for restJson services.
+
+# v1.15.1 (2023-02-03)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.15.0 (2023-01-09)
+
+* **Feature**: This release for Amazon ECR Public makes several change to bring the SDK into sync with the API.
+
+# v1.14.0 (2023-01-05)
+
+* **Feature**: Add `ErrorCodeOverride` field to all error structs (aws/smithy-go#401).
+
+# v1.13.22 (2022-12-15)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.13.21 (2022-12-02)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.13.20 (2022-11-30)
+
+* No change notes available for this release.
+
+# v1.13.19 (2022-10-24)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.13.18 (2022-10-21)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.13.17 (2022-09-20)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.13.16 (2022-09-14)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.13.15 (2022-09-02)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.13.14 (2022-08-31)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.13.13 (2022-08-29)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.13.12 (2022-08-11)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.13.11 (2022-08-09)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.13.10 (2022-08-08)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.13.9 (2022-08-01)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.13.8 (2022-07-05)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.13.7 (2022-06-29)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.13.6 (2022-06-07)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.13.5 (2022-05-17)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.13.4 (2022-04-25)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.13.3 (2022-03-30)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.13.2 (2022-03-24)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.13.1 (2022-03-23)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.13.0 (2022-03-08)
+
+* **Feature**: Updated `github.com/aws/smithy-go` to latest version
+* **Dependency Update**: Updated to the latest SDK module versions
+
 # v1.12.0 (2022-02-24)
 
 * **Feature**: API client updated
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_client.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_client.go
index dfd012e2f..a8264f47a 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_client.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_client.go
@@ -4,6 +4,7 @@ package ecrpublic
 
 import (
 	"context"
+	"fmt"
 	"github.com/aws/aws-sdk-go-v2/aws"
 	"github.com/aws/aws-sdk-go-v2/aws/defaults"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
@@ -46,8 +47,6 @@ func New(options Options, optFns ...func(*Options)) *Client {
 
 	resolveHTTPSignerV4(&options)
 
-	resolveDefaultEndpointConfiguration(&options)
-
 	for _, fn := range optFns {
 		fn(&options)
 	}
@@ -65,6 +64,14 @@ type Options struct {
 	// modify this list for per operation behavior.
 	APIOptions []func(*middleware.Stack) error
 
+	// The optional application specific identifier appended to the User-Agent header.
+	AppID string
+
+	// This endpoint will be given as input to an EndpointResolverV2. It is used for
+	// providing a custom base endpoint that is subject to modifications by the
+	// processing EndpointResolverV2.
+	BaseEndpoint *string
+
 	// Configures the events that will be sent to the configured logger.
 	ClientLogMode aws.ClientLogMode
 
@@ -79,8 +86,18 @@ type Options struct {
 	EndpointOptions EndpointResolverOptions
 
 	// The service endpoint resolver.
+	//
+	// Deprecated: Deprecated: EndpointResolver and WithEndpointResolver. Providing a
+	// value for this field will likely prevent you from using any endpoint-related
+	// service features released after the introduction of EndpointResolverV2 and
+	// BaseEndpoint. To migrate an EndpointResolver implementation that uses a custom
+	// endpoint, set the client option BaseEndpoint instead.
 	EndpointResolver EndpointResolver
 
+	// Resolves the endpoint used for a particular service. This should be used over
+	// the deprecated EndpointResolver
+	EndpointResolverV2 EndpointResolverV2
+
 	// Signature Version 4 (SigV4) Signer
 	HTTPSignerV4 HTTPSignerV4
 
@@ -115,7 +132,7 @@ type Options struct {
 	Retryer aws.Retryer
 
 	// The RuntimeEnvironment configuration, only populated if the DefaultsMode is set
-	// to DefaultsModeAuto and is initialized using config.LoadDefaultConfig. You
+	// to DefaultsModeAuto and is initialized using config.LoadDefaultConfig . You
 	// should not populate this structure programmatically, or rely on the values here
 	// within your applications.
 	RuntimeEnvironment aws.RuntimeEnvironment
@@ -139,14 +156,25 @@ func WithAPIOptions(optFns ...func(*middleware.Stack) error) func(*Options) {
 	}
 }
 
-// WithEndpointResolver returns a functional option for setting the Client's
-// EndpointResolver option.
+// Deprecated: EndpointResolver and WithEndpointResolver. Providing a value for
+// this field will likely prevent you from using any endpoint-related service
+// features released after the introduction of EndpointResolverV2 and BaseEndpoint.
+// To migrate an EndpointResolver implementation that uses a custom endpoint, set
+// the client option BaseEndpoint instead.
 func WithEndpointResolver(v EndpointResolver) func(*Options) {
 	return func(o *Options) {
 		o.EndpointResolver = v
 	}
 }
 
+// WithEndpointResolverV2 returns a functional option for setting the Client's
+// EndpointResolverV2 option.
+func WithEndpointResolverV2(v EndpointResolverV2) func(*Options) {
+	return func(o *Options) {
+		o.EndpointResolverV2 = v
+	}
+}
+
 type HTTPClient interface {
 	Do(*http.Request) (*http.Response, error)
 }
@@ -163,6 +191,8 @@ func (c *Client) invokeOperation(ctx context.Context, opID string, params interf
 	ctx = middleware.ClearStackValues(ctx)
 	stack := middleware.NewStack(opID, smithyhttp.NewStackRequest)
 	options := c.options.Copy()
+	resolveEndpointResolverV2(&options)
+
 	for _, fn := range optFns {
 		fn(&options)
 	}
@@ -197,6 +227,30 @@ func (c *Client) invokeOperation(ctx context.Context, opID string, params interf
 
 type noSmithyDocumentSerde = smithydocument.NoSerde
 
+type legacyEndpointContextSetter struct {
+	LegacyResolver EndpointResolver
+}
+
+func (*legacyEndpointContextSetter) ID() string {
+	return "legacyEndpointContextSetter"
+}
+
+func (m *legacyEndpointContextSetter) HandleInitialize(ctx context.Context, in middleware.InitializeInput, next middleware.InitializeHandler) (
+	out middleware.InitializeOutput, metadata middleware.Metadata, err error,
+) {
+	if m.LegacyResolver != nil {
+		ctx = awsmiddleware.SetRequiresLegacyEndpoints(ctx, true)
+	}
+
+	return next.HandleInitialize(ctx, in)
+
+}
+func addlegacyEndpointContextSetter(stack *middleware.Stack, o Options) error {
+	return stack.Initialize.Add(&legacyEndpointContextSetter{
+		LegacyResolver: o.EndpointResolver,
+	}, middleware.Before)
+}
+
 func resolveDefaultLogger(o *Options) {
 	if o.Logger != nil {
 		return
@@ -234,6 +288,7 @@ func NewFromConfig(cfg aws.Config, optFns ...func(*Options)) *Client {
 		APIOptions:         cfg.APIOptions,
 		Logger:             cfg.Logger,
 		ClientLogMode:      cfg.ClientLogMode,
+		AppID:              cfg.AppID,
 	}
 	resolveAWSRetryerProvider(cfg, &opts)
 	resolveAWSRetryMaxAttempts(cfg, &opts)
@@ -344,11 +399,19 @@ func resolveAWSEndpointResolver(cfg aws.Config, o *Options) {
 	if cfg.EndpointResolver == nil && cfg.EndpointResolverWithOptions == nil {
 		return
 	}
-	o.EndpointResolver = withEndpointResolver(cfg.EndpointResolver, cfg.EndpointResolverWithOptions, NewDefaultEndpointResolver())
+	o.EndpointResolver = withEndpointResolver(cfg.EndpointResolver, cfg.EndpointResolverWithOptions)
 }
 
-func addClientUserAgent(stack *middleware.Stack) error {
-	return awsmiddleware.AddSDKAgentKeyValue(awsmiddleware.APIMetadata, "ecrpublic", goModuleVersion)(stack)
+func addClientUserAgent(stack *middleware.Stack, options Options) error {
+	if err := awsmiddleware.AddSDKAgentKeyValue(awsmiddleware.APIMetadata, "ecrpublic", goModuleVersion)(stack); err != nil {
+		return err
+	}
+
+	if len(options.AppID) > 0 {
+		return awsmiddleware.AddSDKAgentKey(awsmiddleware.ApplicationIdentifier, options.AppID)(stack)
+	}
+
+	return nil
 }
 
 func addHTTPSignerV4Middleware(stack *middleware.Stack, o Options) error {
@@ -432,3 +495,32 @@ func addRequestResponseLogging(stack *middleware.Stack, o Options) error {
 		LogResponseWithBody: o.ClientLogMode.IsResponseWithBody(),
 	}, middleware.After)
 }
+
+type endpointDisableHTTPSMiddleware struct {
+	EndpointDisableHTTPS bool
+}
+
+func (*endpointDisableHTTPSMiddleware) ID() string {
+	return "endpointDisableHTTPSMiddleware"
+}
+
+func (m *endpointDisableHTTPSMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointDisableHTTPS && !smithyhttp.GetHostnameImmutable(ctx) {
+		req.URL.Scheme = "http"
+	}
+
+	return next.HandleSerialize(ctx, in)
+
+}
+func addendpointDisableHTTPSMiddleware(stack *middleware.Stack, o Options) error {
+	return stack.Serialize.Insert(&endpointDisableHTTPSMiddleware{
+		EndpointDisableHTTPS: o.EndpointOptions.DisableHTTPS,
+	}, "OperationSerializer", middleware.Before)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_BatchCheckLayerAvailability.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_BatchCheckLayerAvailability.go
index 682599a03..d0d042e49 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_BatchCheckLayerAvailability.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_BatchCheckLayerAvailability.go
@@ -4,19 +4,24 @@ package ecrpublic
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
 	"github.com/aws/aws-sdk-go-v2/service/ecrpublic/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
 
-// Checks the availability of one or more image layers within a repository in a
-// public registry. When an image is pushed to a repository, each image layer is
-// checked to verify if it has been uploaded before. If it has been uploaded, then
-// the image layer is skipped. This operation is used by the Amazon ECR proxy and
-// is not generally used by customers for pulling and pushing images. In most
-// cases, you should use the docker CLI to pull, tag, and push images.
+// Checks the availability of one or more image layers that are within a
+// repository in a public registry. When an image is pushed to a repository, each
+// image layer is checked to verify if it has been uploaded before. If it has been
+// uploaded, then the image layer is skipped. This operation is used by the Amazon
+// ECR proxy and is not generally used by customers for pulling and pushing images.
+// In most cases, you should use the docker CLI to pull, tag, and push images.
 func (c *Client) BatchCheckLayerAvailability(ctx context.Context, params *BatchCheckLayerAvailabilityInput, optFns ...func(*Options)) (*BatchCheckLayerAvailabilityOutput, error) {
 	if params == nil {
 		params = &BatchCheckLayerAvailabilityInput{}
@@ -39,14 +44,14 @@ type BatchCheckLayerAvailabilityInput struct {
 	// This member is required.
 	LayerDigests []string
 
-	// The name of the repository that is associated with the image layers to check.
+	// The name of the repository that's associated with the image layers to check.
 	//
 	// This member is required.
 	RepositoryName *string
 
-	// The AWS account ID associated with the public registry that contains the image
-	// layers to check. If you do not specify a registry, the default public registry
-	// is assumed.
+	// The Amazon Web Services account ID, or registry alias, associated with the
+	// public registry that contains the image layers to check. If you do not specify a
+	// registry, the default public registry is assumed.
 	RegistryId *string
 
 	noSmithyDocumentSerde
@@ -57,8 +62,8 @@ type BatchCheckLayerAvailabilityOutput struct {
 	// Any failures associated with the call.
 	Failures []types.LayerFailure
 
-	// A list of image layer objects corresponding to the image layer references in the
-	// request.
+	// A list of image layer objects that correspond to the image layer references in
+	// the request.
 	Layers []types.Layer
 
 	// Metadata pertaining to the operation's result.
@@ -76,6 +81,9 @@ func (c *Client) addOperationBatchCheckLayerAvailabilityMiddlewares(stack *middl
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -103,7 +111,7 @@ func (c *Client) addOperationBatchCheckLayerAvailabilityMiddlewares(stack *middl
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -112,12 +120,18 @@ func (c *Client) addOperationBatchCheckLayerAvailabilityMiddlewares(stack *middl
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addBatchCheckLayerAvailabilityResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpBatchCheckLayerAvailabilityValidationMiddleware(stack); err != nil {
 		return err
 	}
 	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opBatchCheckLayerAvailability(options.Region), middleware.Before); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addRequestIDRetrieverMiddleware(stack); err != nil {
 		return err
 	}
@@ -127,6 +141,9 @@ func (c *Client) addOperationBatchCheckLayerAvailabilityMiddlewares(stack *middl
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -138,3 +155,126 @@ func newServiceMetadataMiddleware_opBatchCheckLayerAvailability(region string) *
 		OperationName: "BatchCheckLayerAvailability",
 	}
 }
+
+type opBatchCheckLayerAvailabilityResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opBatchCheckLayerAvailabilityResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opBatchCheckLayerAvailabilityResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr-public"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr-public"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr-public")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addBatchCheckLayerAvailabilityResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opBatchCheckLayerAvailabilityResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_BatchDeleteImage.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_BatchDeleteImage.go
index b208c9520..1ec61e3f9 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_BatchDeleteImage.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_BatchDeleteImage.go
@@ -4,19 +4,24 @@ package ecrpublic
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
 	"github.com/aws/aws-sdk-go-v2/service/ecrpublic/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
 
-// Deletes a list of specified images within a repository in a public registry.
-// Images are specified with either an imageTag or imageDigest. You can remove a
-// tag from an image by specifying the image's tag in your request. When you remove
-// the last tag from an image, the image is deleted from your repository. You can
-// completely delete an image (and all of its tags) by specifying the image's
-// digest in your request.
+// Deletes a list of specified images that are within a repository in a public
+// registry. Images are specified with either an imageTag or imageDigest . You can
+// remove a tag from an image by specifying the image's tag in your request. When
+// you remove the last tag from an image, the image is deleted from your
+// repository. You can completely delete an image (and all of its tags) by
+// specifying the digest of the image in your request.
 func (c *Client) BatchDeleteImage(ctx context.Context, params *BatchDeleteImageInput, optFns ...func(*Options)) (*BatchDeleteImageOutput, error) {
 	if params == nil {
 		params = &BatchDeleteImageInput{}
@@ -34,8 +39,8 @@ func (c *Client) BatchDeleteImage(ctx context.Context, params *BatchDeleteImageI
 
 type BatchDeleteImageInput struct {
 
-	// A list of image ID references that correspond to images to delete. The format of
-	// the imageIds reference is imageTag=tag or imageDigest=digest.
+	// A list of image ID references that correspond to images to delete. The format
+	// of the imageIds reference is imageTag=tag or imageDigest=digest .
 	//
 	// This member is required.
 	ImageIds []types.ImageIdentifier
@@ -45,9 +50,9 @@ type BatchDeleteImageInput struct {
 	// This member is required.
 	RepositoryName *string
 
-	// The AWS account ID associated with the registry that contains the image to
-	// delete. If you do not specify a registry, the default public registry is
-	// assumed.
+	// The Amazon Web Services account ID, or registry alias, that's associated with
+	// the registry that contains the image to delete. If you do not specify a
+	// registry, the default public registry is assumed.
 	RegistryId *string
 
 	noSmithyDocumentSerde
@@ -76,6 +81,9 @@ func (c *Client) addOperationBatchDeleteImageMiddlewares(stack *middleware.Stack
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -103,7 +111,7 @@ func (c *Client) addOperationBatchDeleteImageMiddlewares(stack *middleware.Stack
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -112,12 +120,18 @@ func (c *Client) addOperationBatchDeleteImageMiddlewares(stack *middleware.Stack
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addBatchDeleteImageResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpBatchDeleteImageValidationMiddleware(stack); err != nil {
 		return err
 	}
 	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opBatchDeleteImage(options.Region), middleware.Before); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addRequestIDRetrieverMiddleware(stack); err != nil {
 		return err
 	}
@@ -127,6 +141,9 @@ func (c *Client) addOperationBatchDeleteImageMiddlewares(stack *middleware.Stack
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -138,3 +155,126 @@ func newServiceMetadataMiddleware_opBatchDeleteImage(region string) *awsmiddlewa
 		OperationName: "BatchDeleteImage",
 	}
 }
+
+type opBatchDeleteImageResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opBatchDeleteImageResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opBatchDeleteImageResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr-public"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr-public"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr-public")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addBatchDeleteImageResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opBatchDeleteImageResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_CompleteLayerUpload.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_CompleteLayerUpload.go
index 206e55f52..3e93650ab 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_CompleteLayerUpload.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_CompleteLayerUpload.go
@@ -4,17 +4,22 @@ package ecrpublic
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
 
-// Informs Amazon ECR that the image layer upload has completed for a specified
+// Informs Amazon ECR that the image layer upload is complete for a specified
 // public registry, repository name, and upload ID. You can optionally provide a
 // sha256 digest of the image layer for data validation purposes. When an image is
-// pushed, the CompleteLayerUpload API is called once per each new image layer to
-// verify that the upload has completed. This operation is used by the Amazon ECR
+// pushed, the CompleteLayerUpload API is called once for each new image layer to
+// verify that the upload is complete. This operation is used by the Amazon ECR
 // proxy and is not generally used by customers for pulling and pushing images. In
 // most cases, you should use the docker CLI to pull, tag, and push images.
 func (c *Client) CompleteLayerUpload(ctx context.Context, params *CompleteLayerUploadInput, optFns ...func(*Options)) (*CompleteLayerUploadOutput, error) {
@@ -51,8 +56,9 @@ type CompleteLayerUploadInput struct {
 	// This member is required.
 	UploadId *string
 
-	// The AWS account ID associated with the registry to which to upload layers. If
-	// you do not specify a registry, the default public registry is assumed.
+	// The Amazon Web Services account ID, or registry alias, associated with the
+	// registry where layers are uploaded. If you do not specify a registry, the
+	// default public registry is assumed.
 	RegistryId *string
 
 	noSmithyDocumentSerde
@@ -63,13 +69,13 @@ type CompleteLayerUploadOutput struct {
 	// The sha256 digest of the image layer.
 	LayerDigest *string
 
-	// The public registry ID associated with the request.
+	// The public registry ID that's associated with the request.
 	RegistryId *string
 
-	// The repository name associated with the request.
+	// The repository name that's associated with the request.
 	RepositoryName *string
 
-	// The upload ID associated with the layer.
+	// The upload ID that's associated with the layer.
 	UploadId *string
 
 	// Metadata pertaining to the operation's result.
@@ -87,6 +93,9 @@ func (c *Client) addOperationCompleteLayerUploadMiddlewares(stack *middleware.St
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -114,7 +123,7 @@ func (c *Client) addOperationCompleteLayerUploadMiddlewares(stack *middleware.St
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -123,12 +132,18 @@ func (c *Client) addOperationCompleteLayerUploadMiddlewares(stack *middleware.St
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addCompleteLayerUploadResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpCompleteLayerUploadValidationMiddleware(stack); err != nil {
 		return err
 	}
 	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opCompleteLayerUpload(options.Region), middleware.Before); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addRequestIDRetrieverMiddleware(stack); err != nil {
 		return err
 	}
@@ -138,6 +153,9 @@ func (c *Client) addOperationCompleteLayerUploadMiddlewares(stack *middleware.St
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -149,3 +167,126 @@ func newServiceMetadataMiddleware_opCompleteLayerUpload(region string) *awsmiddl
 		OperationName: "CompleteLayerUpload",
 	}
 }
+
+type opCompleteLayerUploadResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opCompleteLayerUploadResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opCompleteLayerUploadResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr-public"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr-public"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr-public")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addCompleteLayerUploadResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opCompleteLayerUploadResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_CreateRepository.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_CreateRepository.go
index 82a2a7e5f..082ffca47 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_CreateRepository.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_CreateRepository.go
@@ -4,17 +4,21 @@ package ecrpublic
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
 	"github.com/aws/aws-sdk-go-v2/service/ecrpublic/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
 
 // Creates a repository in a public registry. For more information, see Amazon ECR
-// repositories
-// (https://docs.aws.amazon.com/AmazonECR/latest/userguide/Repositories.html) in
-// the Amazon Elastic Container Registry User Guide.
+// repositories (https://docs.aws.amazon.com/AmazonECR/latest/userguide/Repositories.html)
+// in the Amazon Elastic Container Registry User Guide.
 func (c *Client) CreateRepository(ctx context.Context, params *CreateRepositoryInput, optFns ...func(*Options)) (*CreateRepositoryOutput, error) {
 	if params == nil {
 		params = &CreateRepositoryInput{}
@@ -33,9 +37,9 @@ func (c *Client) CreateRepository(ctx context.Context, params *CreateRepositoryI
 type CreateRepositoryInput struct {
 
 	// The name to use for the repository. This appears publicly in the Amazon ECR
-	// Public Gallery. The repository name may be specified on its own (such as
-	// nginx-web-app) or it can be prepended with a namespace to group the repository
-	// into a category (such as project-a/nginx-web-app).
+	// Public Gallery. The repository name can be specified on its own (for example
+	// nginx-web-app ) or prepended with a namespace to group the repository into a
+	// category (for example project-a/nginx-web-app ).
 	//
 	// This member is required.
 	RepositoryName *string
@@ -44,10 +48,10 @@ type CreateRepositoryInput struct {
 	// Public Gallery.
 	CatalogData *types.RepositoryCatalogDataInput
 
-	// The metadata that you apply to the repository to help you categorize and
-	// organize them. Each tag consists of a key and an optional value, both of which
-	// you define. Tag keys can have a maximum character length of 128 characters, and
-	// tag values can have a maximum length of 256 characters.
+	// The metadata that you apply to each repository to help categorize and organize
+	// your repositories. Each tag consists of a key and an optional value. You define
+	// both of them. Tag keys can have a maximum character length of 128 characters,
+	// and tag values can have a maximum length of 256 characters.
 	Tags []types.Tag
 
 	noSmithyDocumentSerde
@@ -77,6 +81,9 @@ func (c *Client) addOperationCreateRepositoryMiddlewares(stack *middleware.Stack
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -104,7 +111,7 @@ func (c *Client) addOperationCreateRepositoryMiddlewares(stack *middleware.Stack
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -113,12 +120,18 @@ func (c *Client) addOperationCreateRepositoryMiddlewares(stack *middleware.Stack
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addCreateRepositoryResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpCreateRepositoryValidationMiddleware(stack); err != nil {
 		return err
 	}
 	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opCreateRepository(options.Region), middleware.Before); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addRequestIDRetrieverMiddleware(stack); err != nil {
 		return err
 	}
@@ -128,6 +141,9 @@ func (c *Client) addOperationCreateRepositoryMiddlewares(stack *middleware.Stack
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -139,3 +155,126 @@ func newServiceMetadataMiddleware_opCreateRepository(region string) *awsmiddlewa
 		OperationName: "CreateRepository",
 	}
 }
+
+type opCreateRepositoryResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opCreateRepositoryResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opCreateRepositoryResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr-public"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr-public"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr-public")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addCreateRepositoryResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opCreateRepositoryResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_DeleteRepository.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_DeleteRepository.go
index 30503d3b7..6f25f9010 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_DeleteRepository.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_DeleteRepository.go
@@ -4,16 +4,22 @@ package ecrpublic
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
 	"github.com/aws/aws-sdk-go-v2/service/ecrpublic/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
 
 // Deletes a repository in a public registry. If the repository contains images,
-// you must either delete all images in the repository or use the force option
-// which deletes all images on your behalf before deleting the repository.
+// you must either manually delete all images in the repository or use the force
+// option. This option deletes all images on your behalf before deleting the
+// repository.
 func (c *Client) DeleteRepository(ctx context.Context, params *DeleteRepositoryInput, optFns ...func(*Options)) (*DeleteRepositoryOutput, error) {
 	if params == nil {
 		params = &DeleteRepositoryInput{}
@@ -36,12 +42,13 @@ type DeleteRepositoryInput struct {
 	// This member is required.
 	RepositoryName *string
 
-	// If a repository contains images, forces the deletion.
+	// The force option can be used to delete a repository that contains images. If
+	// the force option is not used, the repository must be empty prior to deletion.
 	Force bool
 
-	// The AWS account ID associated with the public registry that contains the
-	// repository to delete. If you do not specify a registry, the default public
-	// registry is assumed.
+	// The Amazon Web Services account ID that's associated with the public registry
+	// that contains the repository to delete. If you do not specify a registry, the
+	// default public registry is assumed.
 	RegistryId *string
 
 	noSmithyDocumentSerde
@@ -67,6 +74,9 @@ func (c *Client) addOperationDeleteRepositoryMiddlewares(stack *middleware.Stack
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -94,7 +104,7 @@ func (c *Client) addOperationDeleteRepositoryMiddlewares(stack *middleware.Stack
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -103,12 +113,18 @@ func (c *Client) addOperationDeleteRepositoryMiddlewares(stack *middleware.Stack
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addDeleteRepositoryResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpDeleteRepositoryValidationMiddleware(stack); err != nil {
 		return err
 	}
 	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opDeleteRepository(options.Region), middleware.Before); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addRequestIDRetrieverMiddleware(stack); err != nil {
 		return err
 	}
@@ -118,6 +134,9 @@ func (c *Client) addOperationDeleteRepositoryMiddlewares(stack *middleware.Stack
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -129,3 +148,126 @@ func newServiceMetadataMiddleware_opDeleteRepository(region string) *awsmiddlewa
 		OperationName: "DeleteRepository",
 	}
 }
+
+type opDeleteRepositoryResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opDeleteRepositoryResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opDeleteRepositoryResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr-public"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr-public"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr-public")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addDeleteRepositoryResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opDeleteRepositoryResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_DeleteRepositoryPolicy.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_DeleteRepositoryPolicy.go
index b6ce507b7..a8f26b837 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_DeleteRepositoryPolicy.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_DeleteRepositoryPolicy.go
@@ -4,13 +4,18 @@ package ecrpublic
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
 
-// Deletes the repository policy associated with the specified repository.
+// Deletes the repository policy that's associated with the specified repository.
 func (c *Client) DeleteRepositoryPolicy(ctx context.Context, params *DeleteRepositoryPolicyInput, optFns ...func(*Options)) (*DeleteRepositoryPolicyOutput, error) {
 	if params == nil {
 		params = &DeleteRepositoryPolicyInput{}
@@ -28,15 +33,15 @@ func (c *Client) DeleteRepositoryPolicy(ctx context.Context, params *DeleteRepos
 
 type DeleteRepositoryPolicyInput struct {
 
-	// The name of the repository that is associated with the repository policy to
+	// The name of the repository that's associated with the repository policy to
 	// delete.
 	//
 	// This member is required.
 	RepositoryName *string
 
-	// The AWS account ID associated with the public registry that contains the
-	// repository policy to delete. If you do not specify a registry, the default
-	// public registry is assumed.
+	// The Amazon Web Services account ID that's associated with the public registry
+	// that contains the repository policy to delete. If you do not specify a registry,
+	// the default public registry is assumed.
 	RegistryId *string
 
 	noSmithyDocumentSerde
@@ -47,10 +52,10 @@ type DeleteRepositoryPolicyOutput struct {
 	// The JSON repository policy that was deleted from the repository.
 	PolicyText *string
 
-	// The registry ID associated with the request.
+	// The registry ID that's associated with the request.
 	RegistryId *string
 
-	// The repository name associated with the request.
+	// The repository name that's associated with the request.
 	RepositoryName *string
 
 	// Metadata pertaining to the operation's result.
@@ -68,6 +73,9 @@ func (c *Client) addOperationDeleteRepositoryPolicyMiddlewares(stack *middleware
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -95,7 +103,7 @@ func (c *Client) addOperationDeleteRepositoryPolicyMiddlewares(stack *middleware
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -104,12 +112,18 @@ func (c *Client) addOperationDeleteRepositoryPolicyMiddlewares(stack *middleware
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addDeleteRepositoryPolicyResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpDeleteRepositoryPolicyValidationMiddleware(stack); err != nil {
 		return err
 	}
 	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opDeleteRepositoryPolicy(options.Region), middleware.Before); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addRequestIDRetrieverMiddleware(stack); err != nil {
 		return err
 	}
@@ -119,6 +133,9 @@ func (c *Client) addOperationDeleteRepositoryPolicyMiddlewares(stack *middleware
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -130,3 +147,126 @@ func newServiceMetadataMiddleware_opDeleteRepositoryPolicy(region string) *awsmi
 		OperationName: "DeleteRepositoryPolicy",
 	}
 }
+
+type opDeleteRepositoryPolicyResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opDeleteRepositoryPolicyResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opDeleteRepositoryPolicyResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr-public"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr-public"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr-public")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addDeleteRepositoryPolicyResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opDeleteRepositoryPolicyResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_DescribeImageTags.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_DescribeImageTags.go
index e59efd5ac..49847d27c 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_DescribeImageTags.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_DescribeImageTags.go
@@ -4,10 +4,14 @@ package ecrpublic
 
 import (
 	"context"
+	"errors"
 	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
 	"github.com/aws/aws-sdk-go-v2/service/ecrpublic/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -35,26 +39,26 @@ type DescribeImageTagsInput struct {
 	// This member is required.
 	RepositoryName *string
 
-	// The maximum number of repository results returned by DescribeImageTags in
-	// paginated output. When this parameter is used, DescribeImageTags only returns
-	// maxResults results in a single page along with a nextToken response element. The
-	// remaining results of the initial request can be seen by sending another
-	// DescribeImageTags request with the returned nextToken value. This value can be
-	// between 1 and 1000. If this parameter is not used, then DescribeImageTags
-	// returns up to 100 results and a nextToken value, if applicable. This option
-	// cannot be used when you specify images with imageIds.
+	// The maximum number of repository results that's returned by DescribeImageTags
+	// in paginated output. When this parameter is used, DescribeImageTags only
+	// returns maxResults results in a single page along with a nextToken response
+	// element. You can see the remaining results of the initial request by sending
+	// another DescribeImageTags request with the returned nextToken value. This value
+	// can be between 1 and 1000. If this parameter isn't used, then DescribeImageTags
+	// returns up to 100 results and a nextToken value, if applicable. If you specify
+	// images with imageIds , you can't use this option.
 	MaxResults *int32
 
-	// The nextToken value returned from a previous paginated DescribeImageTags request
-	// where maxResults was used and the results exceeded the value of that parameter.
-	// Pagination continues from the end of the previous results that returned the
-	// nextToken value. This value is null when there are no more results to return.
-	// This option cannot be used when you specify images with imageIds.
+	// The nextToken value that's returned from a previous paginated DescribeImageTags
+	// request where maxResults was used and the results exceeded the value of that
+	// parameter. Pagination continues from the end of the previous results that
+	// returned the nextToken value. If there are no more results to return, this
+	// value is null . If you specify images with imageIds , you can't use this option.
 	NextToken *string
 
-	// The AWS account ID associated with the public registry that contains the
-	// repository in which to describe images. If you do not specify a registry, the
-	// default public registry is assumed.
+	// The Amazon Web Services account ID that's associated with the public registry
+	// that contains the repository where images are described. If you do not specify a
+	// registry, the default public registry is assumed.
 	RegistryId *string
 
 	noSmithyDocumentSerde
@@ -66,9 +70,9 @@ type DescribeImageTagsOutput struct {
 	ImageTagDetails []types.ImageTagDetail
 
 	// The nextToken value to include in a future DescribeImageTags request. When the
-	// results of a DescribeImageTags request exceed maxResults, this value can be used
-	// to retrieve the next page of results. This value is null when there are no more
-	// results to return.
+	// results of a DescribeImageTags request exceed maxResults , you can use this
+	// value to retrieve the next page of results. If there are no more results to
+	// return, this value is null .
 	NextToken *string
 
 	// Metadata pertaining to the operation's result.
@@ -86,6 +90,9 @@ func (c *Client) addOperationDescribeImageTagsMiddlewares(stack *middleware.Stac
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -113,7 +120,7 @@ func (c *Client) addOperationDescribeImageTagsMiddlewares(stack *middleware.Stac
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -122,12 +129,18 @@ func (c *Client) addOperationDescribeImageTagsMiddlewares(stack *middleware.Stac
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addDescribeImageTagsResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpDescribeImageTagsValidationMiddleware(stack); err != nil {
 		return err
 	}
 	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opDescribeImageTags(options.Region), middleware.Before); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addRequestIDRetrieverMiddleware(stack); err != nil {
 		return err
 	}
@@ -137,6 +150,9 @@ func (c *Client) addOperationDescribeImageTagsMiddlewares(stack *middleware.Stac
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -150,14 +166,14 @@ var _ DescribeImageTagsAPIClient = (*Client)(nil)
 
 // DescribeImageTagsPaginatorOptions is the paginator options for DescribeImageTags
 type DescribeImageTagsPaginatorOptions struct {
-	// The maximum number of repository results returned by DescribeImageTags in
-	// paginated output. When this parameter is used, DescribeImageTags only returns
-	// maxResults results in a single page along with a nextToken response element. The
-	// remaining results of the initial request can be seen by sending another
-	// DescribeImageTags request with the returned nextToken value. This value can be
-	// between 1 and 1000. If this parameter is not used, then DescribeImageTags
-	// returns up to 100 results and a nextToken value, if applicable. This option
-	// cannot be used when you specify images with imageIds.
+	// The maximum number of repository results that's returned by DescribeImageTags
+	// in paginated output. When this parameter is used, DescribeImageTags only
+	// returns maxResults results in a single page along with a nextToken response
+	// element. You can see the remaining results of the initial request by sending
+	// another DescribeImageTags request with the returned nextToken value. This value
+	// can be between 1 and 1000. If this parameter isn't used, then DescribeImageTags
+	// returns up to 100 results and a nextToken value, if applicable. If you specify
+	// images with imageIds , you can't use this option.
 	Limit int32
 
 	// Set to true if pagination should stop if the service returns a pagination token
@@ -245,3 +261,126 @@ func newServiceMetadataMiddleware_opDescribeImageTags(region string) *awsmiddlew
 		OperationName: "DescribeImageTags",
 	}
 }
+
+type opDescribeImageTagsResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opDescribeImageTagsResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opDescribeImageTagsResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr-public"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr-public"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr-public")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addDescribeImageTagsResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opDescribeImageTagsResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_DescribeImages.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_DescribeImages.go
index 6d6df97a2..2060f6ed0 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_DescribeImages.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_DescribeImages.go
@@ -4,19 +4,23 @@ package ecrpublic
 
 import (
 	"context"
+	"errors"
 	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
 	"github.com/aws/aws-sdk-go-v2/service/ecrpublic/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
 
-// Returns metadata about the images in a repository in a public registry.
-// Beginning with Docker version 1.9, the Docker client compresses image layers
-// before pushing them to a V2 Docker registry. The output of the docker images
-// command shows the uncompressed image size, so it may return a larger image size
-// than the image sizes returned by DescribeImages.
+// Returns metadata that's related to the images in a repository in a public
+// registry. Beginning with Docker version 1.9, the Docker client compresses image
+// layers before pushing them to a V2 Docker registry. The output of the docker
+// images command shows the uncompressed image size. Therefore, it might return a
+// larger image size than the image sizes that are returned by DescribeImages .
 func (c *Client) DescribeImages(ctx context.Context, params *DescribeImagesInput, optFns ...func(*Options)) (*DescribeImagesOutput, error) {
 	if params == nil {
 		params = &DescribeImagesInput{}
@@ -42,26 +46,26 @@ type DescribeImagesInput struct {
 	// The list of image IDs for the requested repository.
 	ImageIds []types.ImageIdentifier
 
-	// The maximum number of repository results returned by DescribeImages in paginated
-	// output. When this parameter is used, DescribeImages only returns maxResults
-	// results in a single page along with a nextToken response element. The remaining
-	// results of the initial request can be seen by sending another DescribeImages
-	// request with the returned nextToken value. This value can be between 1 and 1000.
-	// If this parameter is not used, then DescribeImages returns up to 100 results and
-	// a nextToken value, if applicable. This option cannot be used when you specify
-	// images with imageIds.
+	// The maximum number of repository results that's returned by DescribeImages in
+	// paginated output. When this parameter is used, DescribeImages only returns
+	// maxResults results in a single page along with a nextToken response element.
+	// You can see the remaining results of the initial request by sending another
+	// DescribeImages request with the returned nextToken value. This value can be
+	// between 1 and 1000. If this parameter isn't used, then DescribeImages returns
+	// up to 100 results and a nextToken value, if applicable. If you specify images
+	// with imageIds , you can't use this option.
 	MaxResults *int32
 
-	// The nextToken value returned from a previous paginated DescribeImages request
-	// where maxResults was used and the results exceeded the value of that parameter.
-	// Pagination continues from the end of the previous results that returned the
-	// nextToken value. This value is null when there are no more results to return.
-	// This option cannot be used when you specify images with imageIds.
+	// The nextToken value that's returned from a previous paginated DescribeImages
+	// request where maxResults was used and the results exceeded the value of that
+	// parameter. Pagination continues from the end of the previous results that
+	// returned the nextToken value. If there are no more results to return, this
+	// value is null . If you specify images with imageIds , you can't use this option.
 	NextToken *string
 
-	// The AWS account ID associated with the public registry that contains the
-	// repository in which to describe images. If you do not specify a registry, the
-	// default public registry is assumed.
+	// The Amazon Web Services account ID that's associated with the public registry
+	// that contains the repository where images are described. If you do not specify a
+	// registry, the default public registry is assumed.
 	RegistryId *string
 
 	noSmithyDocumentSerde
@@ -73,9 +77,9 @@ type DescribeImagesOutput struct {
 	ImageDetails []types.ImageDetail
 
 	// The nextToken value to include in a future DescribeImages request. When the
-	// results of a DescribeImages request exceed maxResults, this value can be used to
-	// retrieve the next page of results. This value is null when there are no more
-	// results to return.
+	// results of a DescribeImages request exceed maxResults , you can use this value
+	// to retrieve the next page of results. If there are no more results to return,
+	// this value is null .
 	NextToken *string
 
 	// Metadata pertaining to the operation's result.
@@ -93,6 +97,9 @@ func (c *Client) addOperationDescribeImagesMiddlewares(stack *middleware.Stack,
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -120,7 +127,7 @@ func (c *Client) addOperationDescribeImagesMiddlewares(stack *middleware.Stack,
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -129,12 +136,18 @@ func (c *Client) addOperationDescribeImagesMiddlewares(stack *middleware.Stack,
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addDescribeImagesResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpDescribeImagesValidationMiddleware(stack); err != nil {
 		return err
 	}
 	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opDescribeImages(options.Region), middleware.Before); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addRequestIDRetrieverMiddleware(stack); err != nil {
 		return err
 	}
@@ -144,6 +157,9 @@ func (c *Client) addOperationDescribeImagesMiddlewares(stack *middleware.Stack,
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -157,14 +173,14 @@ var _ DescribeImagesAPIClient = (*Client)(nil)
 
 // DescribeImagesPaginatorOptions is the paginator options for DescribeImages
 type DescribeImagesPaginatorOptions struct {
-	// The maximum number of repository results returned by DescribeImages in paginated
-	// output. When this parameter is used, DescribeImages only returns maxResults
-	// results in a single page along with a nextToken response element. The remaining
-	// results of the initial request can be seen by sending another DescribeImages
-	// request with the returned nextToken value. This value can be between 1 and 1000.
-	// If this parameter is not used, then DescribeImages returns up to 100 results and
-	// a nextToken value, if applicable. This option cannot be used when you specify
-	// images with imageIds.
+	// The maximum number of repository results that's returned by DescribeImages in
+	// paginated output. When this parameter is used, DescribeImages only returns
+	// maxResults results in a single page along with a nextToken response element.
+	// You can see the remaining results of the initial request by sending another
+	// DescribeImages request with the returned nextToken value. This value can be
+	// between 1 and 1000. If this parameter isn't used, then DescribeImages returns
+	// up to 100 results and a nextToken value, if applicable. If you specify images
+	// with imageIds , you can't use this option.
 	Limit int32
 
 	// Set to true if pagination should stop if the service returns a pagination token
@@ -252,3 +268,126 @@ func newServiceMetadataMiddleware_opDescribeImages(region string) *awsmiddleware
 		OperationName: "DescribeImages",
 	}
 }
+
+type opDescribeImagesResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opDescribeImagesResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opDescribeImagesResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr-public"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr-public"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr-public")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addDescribeImagesResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opDescribeImagesResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_DescribeRegistries.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_DescribeRegistries.go
index e9297dfe9..6923ea084 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_DescribeRegistries.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_DescribeRegistries.go
@@ -4,10 +4,14 @@ package ecrpublic
 
 import (
 	"context"
+	"errors"
 	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
 	"github.com/aws/aws-sdk-go-v2/service/ecrpublic/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -30,21 +34,22 @@ func (c *Client) DescribeRegistries(ctx context.Context, params *DescribeRegistr
 
 type DescribeRegistriesInput struct {
 
-	// The maximum number of repository results returned by DescribeRegistries in
-	// paginated output. When this parameter is used, DescribeRegistries only returns
-	// maxResults results in a single page along with a nextToken response element. The
-	// remaining results of the initial request can be seen by sending another
-	// DescribeRegistries request with the returned nextToken value. This value can be
-	// between 1 and 1000. If this parameter is not used, then DescribeRegistries
-	// returns up to 100 results and a nextToken value, if applicable.
+	// The maximum number of repository results that's returned by DescribeRegistries
+	// in paginated output. When this parameter is used, DescribeRegistries only
+	// returns maxResults results in a single page along with a nextToken response
+	// element. The remaining results of the initial request can be seen by sending
+	// another DescribeRegistries request with the returned nextToken value. This
+	// value can be between 1 and 1000. If this parameter isn't used, then
+	// DescribeRegistries returns up to 100 results and a nextToken value, if
+	// applicable.
 	MaxResults *int32
 
-	// The nextToken value returned from a previous paginated DescribeRegistries
+	// The nextToken value that's returned from a previous paginated DescribeRegistries
 	// request where maxResults was used and the results exceeded the value of that
 	// parameter. Pagination continues from the end of the previous results that
-	// returned the nextToken value. This value is null when there are no more results
-	// to return. This token should be treated as an opaque identifier that is only
-	// used to retrieve the next items in a list and not for other programmatic
+	// returned the nextToken value. If there are no more results to return, this
+	// value is null . This token should be treated as an opaque identifier that is
+	// only used to retrieve the next items in a list and not for other programmatic
 	// purposes.
 	NextToken *string
 
@@ -53,15 +58,15 @@ type DescribeRegistriesInput struct {
 
 type DescribeRegistriesOutput struct {
 
-	// An object containing the details for a public registry.
+	// An object that contains the details for a public registry.
 	//
 	// This member is required.
 	Registries []types.Registry
 
-	// The nextToken value to include in a future DescribeRepositories request. When
-	// the results of a DescribeRepositories request exceed maxResults, this value can
-	// be used to retrieve the next page of results. This value is null when there are
-	// no more results to return.
+	// The nextToken value to include in a future DescribeRepositories request. If the
+	// results of a DescribeRepositories request exceed maxResults , you can use this
+	// value to retrieve the next page of results. If there are no more results, this
+	// value is null .
 	NextToken *string
 
 	// Metadata pertaining to the operation's result.
@@ -79,6 +84,9 @@ func (c *Client) addOperationDescribeRegistriesMiddlewares(stack *middleware.Sta
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -106,7 +114,7 @@ func (c *Client) addOperationDescribeRegistriesMiddlewares(stack *middleware.Sta
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -115,9 +123,15 @@ func (c *Client) addOperationDescribeRegistriesMiddlewares(stack *middleware.Sta
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addDescribeRegistriesResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opDescribeRegistries(options.Region), middleware.Before); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addRequestIDRetrieverMiddleware(stack); err != nil {
 		return err
 	}
@@ -127,6 +141,9 @@ func (c *Client) addOperationDescribeRegistriesMiddlewares(stack *middleware.Sta
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -141,13 +158,14 @@ var _ DescribeRegistriesAPIClient = (*Client)(nil)
 // DescribeRegistriesPaginatorOptions is the paginator options for
 // DescribeRegistries
 type DescribeRegistriesPaginatorOptions struct {
-	// The maximum number of repository results returned by DescribeRegistries in
-	// paginated output. When this parameter is used, DescribeRegistries only returns
-	// maxResults results in a single page along with a nextToken response element. The
-	// remaining results of the initial request can be seen by sending another
-	// DescribeRegistries request with the returned nextToken value. This value can be
-	// between 1 and 1000. If this parameter is not used, then DescribeRegistries
-	// returns up to 100 results and a nextToken value, if applicable.
+	// The maximum number of repository results that's returned by DescribeRegistries
+	// in paginated output. When this parameter is used, DescribeRegistries only
+	// returns maxResults results in a single page along with a nextToken response
+	// element. The remaining results of the initial request can be seen by sending
+	// another DescribeRegistries request with the returned nextToken value. This
+	// value can be between 1 and 1000. If this parameter isn't used, then
+	// DescribeRegistries returns up to 100 results and a nextToken value, if
+	// applicable.
 	Limit int32
 
 	// Set to true if pagination should stop if the service returns a pagination token
@@ -235,3 +253,126 @@ func newServiceMetadataMiddleware_opDescribeRegistries(region string) *awsmiddle
 		OperationName: "DescribeRegistries",
 	}
 }
+
+type opDescribeRegistriesResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opDescribeRegistriesResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opDescribeRegistriesResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr-public"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr-public"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr-public")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addDescribeRegistriesResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opDescribeRegistriesResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_DescribeRepositories.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_DescribeRepositories.go
index 6f446f513..4185abcc8 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_DescribeRepositories.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_DescribeRepositories.go
@@ -4,15 +4,19 @@ package ecrpublic
 
 import (
 	"context"
+	"errors"
 	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
 	"github.com/aws/aws-sdk-go-v2/service/ecrpublic/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
 
-// Describes repositories in a public registry.
+// Describes repositories that are in a public registry.
 func (c *Client) DescribeRepositories(ctx context.Context, params *DescribeRepositoriesInput, optFns ...func(*Options)) (*DescribeRepositoriesOutput, error) {
 	if params == nil {
 		params = &DescribeRepositoriesInput{}
@@ -30,29 +34,30 @@ func (c *Client) DescribeRepositories(ctx context.Context, params *DescribeRepos
 
 type DescribeRepositoriesInput struct {
 
-	// The maximum number of repository results returned by DescribeRepositories in
-	// paginated output. When this parameter is used, DescribeRepositories only returns
-	// maxResults results in a single page along with a nextToken response element. The
-	// remaining results of the initial request can be seen by sending another
-	// DescribeRepositories request with the returned nextToken value. This value can
-	// be between 1 and 1000. If this parameter is not used, then DescribeRepositories
-	// returns up to 100 results and a nextToken value, if applicable. This option
-	// cannot be used when you specify repositories with repositoryNames.
+	// The maximum number of repository results that's returned by DescribeRepositories
+	// in paginated output. When this parameter is used, DescribeRepositories only
+	// returns maxResults results in a single page along with a nextToken response
+	// element. You can see the remaining results of the initial request by sending
+	// another DescribeRepositories request with the returned nextToken value. This
+	// value can be between 1 and 1000. If this parameter isn't used, then
+	// DescribeRepositories returns up to 100 results and a nextToken value, if
+	// applicable. If you specify repositories with repositoryNames , you can't use
+	// this option.
 	MaxResults *int32
 
-	// The nextToken value returned from a previous paginated DescribeRepositories
-	// request where maxResults was used and the results exceeded the value of that
-	// parameter. Pagination continues from the end of the previous results that
-	// returned the nextToken value. This value is null when there are no more results
-	// to return. This option cannot be used when you specify repositories with
-	// repositoryNames. This token should be treated as an opaque identifier that is
-	// only used to retrieve the next items in a list and not for other programmatic
-	// purposes.
+	// The nextToken value that's returned from a previous paginated
+	// DescribeRepositories request where maxResults was used and the results exceeded
+	// the value of that parameter. Pagination continues from the end of the previous
+	// results that returned the nextToken value. If there are no more results to
+	// return, this value is null . If you specify repositories with repositoryNames ,
+	// you can't use this option. This token should be treated as an opaque identifier
+	// that is only used to retrieve the next items in a list and not for other
+	// programmatic purposes.
 	NextToken *string
 
-	// The AWS account ID associated with the registry that contains the repositories
-	// to be described. If you do not specify a registry, the default public registry
-	// is assumed.
+	// The Amazon Web Services account ID that's associated with the registry that
+	// contains the repositories to be described. If you do not specify a registry, the
+	// default public registry is assumed.
 	RegistryId *string
 
 	// A list of repositories to describe. If this parameter is omitted, then all
@@ -65,9 +70,9 @@ type DescribeRepositoriesInput struct {
 type DescribeRepositoriesOutput struct {
 
 	// The nextToken value to include in a future DescribeRepositories request. When
-	// the results of a DescribeRepositories request exceed maxResults, this value can
-	// be used to retrieve the next page of results. This value is null when there are
-	// no more results to return.
+	// the results of a DescribeRepositories request exceed maxResults , this value can
+	// be used to retrieve the next page of results. If there are no more results to
+	// return, this value is null .
 	NextToken *string
 
 	// A list of repository objects corresponding to valid repositories.
@@ -88,6 +93,9 @@ func (c *Client) addOperationDescribeRepositoriesMiddlewares(stack *middleware.S
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -115,7 +123,7 @@ func (c *Client) addOperationDescribeRepositoriesMiddlewares(stack *middleware.S
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -124,9 +132,15 @@ func (c *Client) addOperationDescribeRepositoriesMiddlewares(stack *middleware.S
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addDescribeRepositoriesResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opDescribeRepositories(options.Region), middleware.Before); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addRequestIDRetrieverMiddleware(stack); err != nil {
 		return err
 	}
@@ -136,6 +150,9 @@ func (c *Client) addOperationDescribeRepositoriesMiddlewares(stack *middleware.S
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -150,14 +167,15 @@ var _ DescribeRepositoriesAPIClient = (*Client)(nil)
 // DescribeRepositoriesPaginatorOptions is the paginator options for
 // DescribeRepositories
 type DescribeRepositoriesPaginatorOptions struct {
-	// The maximum number of repository results returned by DescribeRepositories in
-	// paginated output. When this parameter is used, DescribeRepositories only returns
-	// maxResults results in a single page along with a nextToken response element. The
-	// remaining results of the initial request can be seen by sending another
-	// DescribeRepositories request with the returned nextToken value. This value can
-	// be between 1 and 1000. If this parameter is not used, then DescribeRepositories
-	// returns up to 100 results and a nextToken value, if applicable. This option
-	// cannot be used when you specify repositories with repositoryNames.
+	// The maximum number of repository results that's returned by DescribeRepositories
+	// in paginated output. When this parameter is used, DescribeRepositories only
+	// returns maxResults results in a single page along with a nextToken response
+	// element. You can see the remaining results of the initial request by sending
+	// another DescribeRepositories request with the returned nextToken value. This
+	// value can be between 1 and 1000. If this parameter isn't used, then
+	// DescribeRepositories returns up to 100 results and a nextToken value, if
+	// applicable. If you specify repositories with repositoryNames , you can't use
+	// this option.
 	Limit int32
 
 	// Set to true if pagination should stop if the service returns a pagination token
@@ -245,3 +263,126 @@ func newServiceMetadataMiddleware_opDescribeRepositories(region string) *awsmidd
 		OperationName: "DescribeRepositories",
 	}
 }
+
+type opDescribeRepositoriesResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opDescribeRepositoriesResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opDescribeRepositoriesResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr-public"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr-public"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr-public")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addDescribeRepositoriesResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opDescribeRepositoriesResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_GetAuthorizationToken.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_GetAuthorizationToken.go
index adbe13a0c..c7b8801b5 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_GetAuthorizationToken.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_GetAuthorizationToken.go
@@ -4,15 +4,20 @@ package ecrpublic
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
 	"github.com/aws/aws-sdk-go-v2/service/ecrpublic/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
 
 // Retrieves an authorization token. An authorization token represents your IAM
-// authentication credentials and can be used to access any Amazon ECR registry
+// authentication credentials. You can use it to access any Amazon ECR registry
 // that your IAM principal has access to. The authorization token is valid for 12
 // hours. This API requires the ecr-public:GetAuthorizationToken and
 // sts:GetServiceBearerToken permissions.
@@ -55,6 +60,9 @@ func (c *Client) addOperationGetAuthorizationTokenMiddlewares(stack *middleware.
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -82,7 +90,7 @@ func (c *Client) addOperationGetAuthorizationTokenMiddlewares(stack *middleware.
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -91,9 +99,15 @@ func (c *Client) addOperationGetAuthorizationTokenMiddlewares(stack *middleware.
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addGetAuthorizationTokenResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opGetAuthorizationToken(options.Region), middleware.Before); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addRequestIDRetrieverMiddleware(stack); err != nil {
 		return err
 	}
@@ -103,6 +117,9 @@ func (c *Client) addOperationGetAuthorizationTokenMiddlewares(stack *middleware.
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -114,3 +131,126 @@ func newServiceMetadataMiddleware_opGetAuthorizationToken(region string) *awsmid
 		OperationName: "GetAuthorizationToken",
 	}
 }
+
+type opGetAuthorizationTokenResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opGetAuthorizationTokenResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opGetAuthorizationTokenResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr-public"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr-public"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr-public")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addGetAuthorizationTokenResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opGetAuthorizationTokenResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_GetRegistryCatalogData.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_GetRegistryCatalogData.go
index 88cd5b4bc..42758d295 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_GetRegistryCatalogData.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_GetRegistryCatalogData.go
@@ -4,9 +4,14 @@ package ecrpublic
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
 	"github.com/aws/aws-sdk-go-v2/service/ecrpublic/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -53,6 +58,9 @@ func (c *Client) addOperationGetRegistryCatalogDataMiddlewares(stack *middleware
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -80,7 +88,7 @@ func (c *Client) addOperationGetRegistryCatalogDataMiddlewares(stack *middleware
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -89,9 +97,15 @@ func (c *Client) addOperationGetRegistryCatalogDataMiddlewares(stack *middleware
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addGetRegistryCatalogDataResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opGetRegistryCatalogData(options.Region), middleware.Before); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addRequestIDRetrieverMiddleware(stack); err != nil {
 		return err
 	}
@@ -101,6 +115,9 @@ func (c *Client) addOperationGetRegistryCatalogDataMiddlewares(stack *middleware
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -112,3 +129,126 @@ func newServiceMetadataMiddleware_opGetRegistryCatalogData(region string) *awsmi
 		OperationName: "GetRegistryCatalogData",
 	}
 }
+
+type opGetRegistryCatalogDataResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opGetRegistryCatalogDataResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opGetRegistryCatalogDataResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr-public"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr-public"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr-public")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addGetRegistryCatalogDataResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opGetRegistryCatalogDataResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_GetRepositoryCatalogData.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_GetRepositoryCatalogData.go
index 5c7173fe3..7e2a74fb5 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_GetRepositoryCatalogData.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_GetRepositoryCatalogData.go
@@ -4,9 +4,14 @@ package ecrpublic
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
 	"github.com/aws/aws-sdk-go-v2/service/ecrpublic/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -35,9 +40,9 @@ type GetRepositoryCatalogDataInput struct {
 	// This member is required.
 	RepositoryName *string
 
-	// The AWS account ID associated with the registry that contains the repositories
-	// to be described. If you do not specify a registry, the default public registry
-	// is assumed.
+	// The Amazon Web Services account ID that's associated with the registry that
+	// contains the repositories to be described. If you do not specify a registry, the
+	// default public registry is assumed.
 	RegistryId *string
 
 	noSmithyDocumentSerde
@@ -63,6 +68,9 @@ func (c *Client) addOperationGetRepositoryCatalogDataMiddlewares(stack *middlewa
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -90,7 +98,7 @@ func (c *Client) addOperationGetRepositoryCatalogDataMiddlewares(stack *middlewa
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -99,12 +107,18 @@ func (c *Client) addOperationGetRepositoryCatalogDataMiddlewares(stack *middlewa
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addGetRepositoryCatalogDataResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpGetRepositoryCatalogDataValidationMiddleware(stack); err != nil {
 		return err
 	}
 	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opGetRepositoryCatalogData(options.Region), middleware.Before); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addRequestIDRetrieverMiddleware(stack); err != nil {
 		return err
 	}
@@ -114,6 +128,9 @@ func (c *Client) addOperationGetRepositoryCatalogDataMiddlewares(stack *middlewa
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -125,3 +142,126 @@ func newServiceMetadataMiddleware_opGetRepositoryCatalogData(region string) *aws
 		OperationName: "GetRepositoryCatalogData",
 	}
 }
+
+type opGetRepositoryCatalogDataResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opGetRepositoryCatalogDataResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opGetRepositoryCatalogDataResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr-public"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr-public"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr-public")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addGetRepositoryCatalogDataResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opGetRepositoryCatalogDataResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_GetRepositoryPolicy.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_GetRepositoryPolicy.go
index 80584f924..f104aada5 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_GetRepositoryPolicy.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_GetRepositoryPolicy.go
@@ -4,8 +4,13 @@ package ecrpublic
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -33,9 +38,9 @@ type GetRepositoryPolicyInput struct {
 	// This member is required.
 	RepositoryName *string
 
-	// The AWS account ID associated with the public registry that contains the
-	// repository. If you do not specify a registry, the default public registry is
-	// assumed.
+	// The Amazon Web Services account ID that's associated with the public registry
+	// that contains the repository. If you do not specify a registry, the default
+	// public registry is assumed.
 	RegistryId *string
 
 	noSmithyDocumentSerde
@@ -43,14 +48,14 @@ type GetRepositoryPolicyInput struct {
 
 type GetRepositoryPolicyOutput struct {
 
-	// The repository policy text associated with the repository. The policy text will
-	// be in JSON format.
+	// The repository policy text that's associated with the repository. The policy
+	// text will be in JSON format.
 	PolicyText *string
 
-	// The registry ID associated with the request.
+	// The registry ID that's associated with the request.
 	RegistryId *string
 
-	// The repository name associated with the request.
+	// The repository name that's associated with the request.
 	RepositoryName *string
 
 	// Metadata pertaining to the operation's result.
@@ -68,6 +73,9 @@ func (c *Client) addOperationGetRepositoryPolicyMiddlewares(stack *middleware.St
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -95,7 +103,7 @@ func (c *Client) addOperationGetRepositoryPolicyMiddlewares(stack *middleware.St
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -104,12 +112,18 @@ func (c *Client) addOperationGetRepositoryPolicyMiddlewares(stack *middleware.St
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addGetRepositoryPolicyResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpGetRepositoryPolicyValidationMiddleware(stack); err != nil {
 		return err
 	}
 	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opGetRepositoryPolicy(options.Region), middleware.Before); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addRequestIDRetrieverMiddleware(stack); err != nil {
 		return err
 	}
@@ -119,6 +133,9 @@ func (c *Client) addOperationGetRepositoryPolicyMiddlewares(stack *middleware.St
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -130,3 +147,126 @@ func newServiceMetadataMiddleware_opGetRepositoryPolicy(region string) *awsmiddl
 		OperationName: "GetRepositoryPolicy",
 	}
 }
+
+type opGetRepositoryPolicyResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opGetRepositoryPolicyResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opGetRepositoryPolicyResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr-public"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr-public"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr-public")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addGetRepositoryPolicyResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opGetRepositoryPolicyResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_InitiateLayerUpload.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_InitiateLayerUpload.go
index 1b4576d78..ee562fbad 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_InitiateLayerUpload.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_InitiateLayerUpload.go
@@ -4,19 +4,23 @@ package ecrpublic
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
 
 // Notifies Amazon ECR that you intend to upload an image layer. When an image is
-// pushed, the InitiateLayerUpload API is called once per image layer that has not
-// already been uploaded. Whether or not an image layer has been uploaded is
-// determined by the BatchCheckLayerAvailability API action. This operation is used
-// by the Amazon ECR proxy and is not generally used by customers for pulling and
-// pushing images. In most cases, you should use the docker CLI to pull, tag, and
-// push images.
+// pushed, the InitiateLayerUpload API is called once for each image layer that
+// hasn't already been uploaded. Whether an image layer uploads is determined by
+// the BatchCheckLayerAvailability API action. This operation is used by the Amazon
+// ECR proxy and is not generally used by customers for pulling and pushing images.
+// In most cases, you should use the docker CLI to pull, tag, and push images.
 func (c *Client) InitiateLayerUpload(ctx context.Context, params *InitiateLayerUploadInput, optFns ...func(*Options)) (*InitiateLayerUploadOutput, error) {
 	if params == nil {
 		params = &InitiateLayerUploadInput{}
@@ -34,14 +38,14 @@ func (c *Client) InitiateLayerUpload(ctx context.Context, params *InitiateLayerU
 
 type InitiateLayerUploadInput struct {
 
-	// The name of the repository to which you intend to upload layers.
+	// The name of the repository that you want to upload layers to.
 	//
 	// This member is required.
 	RepositoryName *string
 
-	// The AWS account ID associated with the registry to which you intend to upload
-	// layers. If you do not specify a registry, the default public registry is
-	// assumed.
+	// The Amazon Web Services account ID, or registry alias, that's associated with
+	// the registry to which you intend to upload layers. If you do not specify a
+	// registry, the default public registry is assumed.
 	RegistryId *string
 
 	noSmithyDocumentSerde
@@ -71,6 +75,9 @@ func (c *Client) addOperationInitiateLayerUploadMiddlewares(stack *middleware.St
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -98,7 +105,7 @@ func (c *Client) addOperationInitiateLayerUploadMiddlewares(stack *middleware.St
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -107,12 +114,18 @@ func (c *Client) addOperationInitiateLayerUploadMiddlewares(stack *middleware.St
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addInitiateLayerUploadResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpInitiateLayerUploadValidationMiddleware(stack); err != nil {
 		return err
 	}
 	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opInitiateLayerUpload(options.Region), middleware.Before); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addRequestIDRetrieverMiddleware(stack); err != nil {
 		return err
 	}
@@ -122,6 +135,9 @@ func (c *Client) addOperationInitiateLayerUploadMiddlewares(stack *middleware.St
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -133,3 +149,126 @@ func newServiceMetadataMiddleware_opInitiateLayerUpload(region string) *awsmiddl
 		OperationName: "InitiateLayerUpload",
 	}
 }
+
+type opInitiateLayerUploadResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opInitiateLayerUploadResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opInitiateLayerUploadResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr-public"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr-public"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr-public")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addInitiateLayerUploadResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opInitiateLayerUploadResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_ListTagsForResource.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_ListTagsForResource.go
index 6db006279..34e23ec8c 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_ListTagsForResource.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_ListTagsForResource.go
@@ -4,9 +4,14 @@ package ecrpublic
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
 	"github.com/aws/aws-sdk-go-v2/service/ecrpublic/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -29,8 +34,8 @@ func (c *Client) ListTagsForResource(ctx context.Context, params *ListTagsForRes
 
 type ListTagsForResourceInput struct {
 
-	// The Amazon Resource Name (ARN) that identifies the resource for which to list
-	// the tags. Currently, the supported resource is an Amazon ECR Public repository.
+	// The Amazon Resource Name (ARN) that identifies the resource to list the tags
+	// for. Currently, the supported resource is an Amazon ECR Public repository.
 	//
 	// This member is required.
 	ResourceArn *string
@@ -58,6 +63,9 @@ func (c *Client) addOperationListTagsForResourceMiddlewares(stack *middleware.St
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -85,7 +93,7 @@ func (c *Client) addOperationListTagsForResourceMiddlewares(stack *middleware.St
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -94,12 +102,18 @@ func (c *Client) addOperationListTagsForResourceMiddlewares(stack *middleware.St
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addListTagsForResourceResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpListTagsForResourceValidationMiddleware(stack); err != nil {
 		return err
 	}
 	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opListTagsForResource(options.Region), middleware.Before); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addRequestIDRetrieverMiddleware(stack); err != nil {
 		return err
 	}
@@ -109,6 +123,9 @@ func (c *Client) addOperationListTagsForResourceMiddlewares(stack *middleware.St
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -120,3 +137,126 @@ func newServiceMetadataMiddleware_opListTagsForResource(region string) *awsmiddl
 		OperationName: "ListTagsForResource",
 	}
 }
+
+type opListTagsForResourceResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opListTagsForResourceResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opListTagsForResourceResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr-public"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr-public"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr-public")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addListTagsForResourceResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opListTagsForResourceResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_PutImage.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_PutImage.go
index 3a2cbdbd8..5aa1d530a 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_PutImage.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_PutImage.go
@@ -4,19 +4,24 @@ package ecrpublic
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
 	"github.com/aws/aws-sdk-go-v2/service/ecrpublic/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
 
-// Creates or updates the image manifest and tags associated with an image. When an
-// image is pushed and all new image layers have been uploaded, the PutImage API is
-// called once to create or update the image manifest and the tags associated with
-// the image. This operation is used by the Amazon ECR proxy and is not generally
-// used by customers for pulling and pushing images. In most cases, you should use
-// the docker CLI to pull, tag, and push images.
+// Creates or updates the image manifest and tags that are associated with an
+// image. When an image is pushed and all new image layers have been uploaded, the
+// PutImage API is called once to create or update the image manifest and the tags
+// that are associated with the image. This operation is used by the Amazon ECR
+// proxy and is not generally used by customers for pulling and pushing images. In
+// most cases, you should use the docker CLI to pull, tag, and push images.
 func (c *Client) PutImage(ctx context.Context, params *PutImageInput, optFns ...func(*Options)) (*PutImageOutput, error) {
 	if params == nil {
 		params = &PutImageInput{}
@@ -34,22 +39,22 @@ func (c *Client) PutImage(ctx context.Context, params *PutImageInput, optFns ...
 
 type PutImageInput struct {
 
-	// The image manifest corresponding to the image to be uploaded.
+	// The image manifest that corresponds to the image to be uploaded.
 	//
 	// This member is required.
 	ImageManifest *string
 
-	// The name of the repository in which to put the image.
+	// The name of the repository where the image is put.
 	//
 	// This member is required.
 	RepositoryName *string
 
-	// The image digest of the image manifest corresponding to the image.
+	// The image digest of the image manifest that corresponds to the image.
 	ImageDigest *string
 
-	// The media type of the image manifest. If you push an image manifest that does
-	// not contain the mediaType field, you must specify the imageManifestMediaType in
-	// the request.
+	// The media type of the image manifest. If you push an image manifest that
+	// doesn't contain the mediaType field, you must specify the imageManifestMediaType
+	// in the request.
 	ImageManifestMediaType *string
 
 	// The tag to associate with the image. This parameter is required for images that
@@ -57,9 +62,9 @@ type PutImageInput struct {
 	// formats.
 	ImageTag *string
 
-	// The AWS account ID associated with the public registry that contains the
-	// repository in which to put the image. If you do not specify a registry, the
-	// default public registry is assumed.
+	// The Amazon Web Services account ID, or registry alias, that's associated with
+	// the public registry that contains the repository where the image is put. If you
+	// do not specify a registry, the default public registry is assumed.
 	RegistryId *string
 
 	noSmithyDocumentSerde
@@ -85,6 +90,9 @@ func (c *Client) addOperationPutImageMiddlewares(stack *middleware.Stack, option
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -112,7 +120,7 @@ func (c *Client) addOperationPutImageMiddlewares(stack *middleware.Stack, option
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -121,12 +129,18 @@ func (c *Client) addOperationPutImageMiddlewares(stack *middleware.Stack, option
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addPutImageResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpPutImageValidationMiddleware(stack); err != nil {
 		return err
 	}
 	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opPutImage(options.Region), middleware.Before); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addRequestIDRetrieverMiddleware(stack); err != nil {
 		return err
 	}
@@ -136,6 +150,9 @@ func (c *Client) addOperationPutImageMiddlewares(stack *middleware.Stack, option
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -147,3 +164,126 @@ func newServiceMetadataMiddleware_opPutImage(region string) *awsmiddleware.Regis
 		OperationName: "PutImage",
 	}
 }
+
+type opPutImageResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opPutImageResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opPutImageResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr-public"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr-public"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr-public")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addPutImageResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opPutImageResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_PutRegistryCatalogData.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_PutRegistryCatalogData.go
index 994364a53..bc2e24c79 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_PutRegistryCatalogData.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_PutRegistryCatalogData.go
@@ -4,14 +4,19 @@ package ecrpublic
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
 	"github.com/aws/aws-sdk-go-v2/service/ecrpublic/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
 
-// Create or updates the catalog data for a public registry.
+// Create or update the catalog data for a public registry.
 func (c *Client) PutRegistryCatalogData(ctx context.Context, params *PutRegistryCatalogDataInput, optFns ...func(*Options)) (*PutRegistryCatalogDataOutput, error) {
 	if params == nil {
 		params = &PutRegistryCatalogDataInput{}
@@ -59,6 +64,9 @@ func (c *Client) addOperationPutRegistryCatalogDataMiddlewares(stack *middleware
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -86,7 +94,7 @@ func (c *Client) addOperationPutRegistryCatalogDataMiddlewares(stack *middleware
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -95,9 +103,15 @@ func (c *Client) addOperationPutRegistryCatalogDataMiddlewares(stack *middleware
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addPutRegistryCatalogDataResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opPutRegistryCatalogData(options.Region), middleware.Before); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addRequestIDRetrieverMiddleware(stack); err != nil {
 		return err
 	}
@@ -107,6 +121,9 @@ func (c *Client) addOperationPutRegistryCatalogDataMiddlewares(stack *middleware
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -118,3 +135,126 @@ func newServiceMetadataMiddleware_opPutRegistryCatalogData(region string) *awsmi
 		OperationName: "PutRegistryCatalogData",
 	}
 }
+
+type opPutRegistryCatalogDataResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opPutRegistryCatalogDataResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opPutRegistryCatalogDataResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr-public"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr-public"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr-public")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addPutRegistryCatalogDataResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opPutRegistryCatalogDataResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_PutRepositoryCatalogData.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_PutRepositoryCatalogData.go
index 4510287f3..c76c4cf1c 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_PutRepositoryCatalogData.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_PutRepositoryCatalogData.go
@@ -4,9 +4,14 @@ package ecrpublic
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
 	"github.com/aws/aws-sdk-go-v2/service/ecrpublic/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -40,8 +45,9 @@ type PutRepositoryCatalogDataInput struct {
 	// This member is required.
 	RepositoryName *string
 
-	// The AWS account ID associated with the public registry the repository is in. If
-	// you do not specify a registry, the default public registry is assumed.
+	// The Amazon Web Services account ID that's associated with the public registry
+	// the repository is in. If you do not specify a registry, the default public
+	// registry is assumed.
 	RegistryId *string
 
 	noSmithyDocumentSerde
@@ -67,6 +73,9 @@ func (c *Client) addOperationPutRepositoryCatalogDataMiddlewares(stack *middlewa
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -94,7 +103,7 @@ func (c *Client) addOperationPutRepositoryCatalogDataMiddlewares(stack *middlewa
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -103,12 +112,18 @@ func (c *Client) addOperationPutRepositoryCatalogDataMiddlewares(stack *middlewa
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addPutRepositoryCatalogDataResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpPutRepositoryCatalogDataValidationMiddleware(stack); err != nil {
 		return err
 	}
 	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opPutRepositoryCatalogData(options.Region), middleware.Before); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addRequestIDRetrieverMiddleware(stack); err != nil {
 		return err
 	}
@@ -118,6 +133,9 @@ func (c *Client) addOperationPutRepositoryCatalogDataMiddlewares(stack *middlewa
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -129,3 +147,126 @@ func newServiceMetadataMiddleware_opPutRepositoryCatalogData(region string) *aws
 		OperationName: "PutRepositoryCatalogData",
 	}
 }
+
+type opPutRepositoryCatalogDataResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opPutRepositoryCatalogDataResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opPutRepositoryCatalogDataResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr-public"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr-public"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr-public")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addPutRepositoryCatalogDataResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opPutRepositoryCatalogDataResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_SetRepositoryPolicy.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_SetRepositoryPolicy.go
index 46fdd68ad..72a968686 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_SetRepositoryPolicy.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_SetRepositoryPolicy.go
@@ -4,15 +4,19 @@ package ecrpublic
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
 
-// Applies a repository policy to the specified public repository to control access
-// permissions. For more information, see Amazon ECR Repository Policies
-// (https://docs.aws.amazon.com/AmazonECR/latest/userguide/repository-policies.html)
+// Applies a repository policy to the specified public repository to control
+// access permissions. For more information, see Amazon ECR Repository Policies (https://docs.aws.amazon.com/AmazonECR/latest/userguide/repository-policies.html)
 // in the Amazon Elastic Container Registry User Guide.
 func (c *Client) SetRepositoryPolicy(ctx context.Context, params *SetRepositoryPolicyInput, optFns ...func(*Options)) (*SetRepositoryPolicyOutput, error) {
 	if params == nil {
@@ -32,8 +36,7 @@ func (c *Client) SetRepositoryPolicy(ctx context.Context, params *SetRepositoryP
 type SetRepositoryPolicyInput struct {
 
 	// The JSON repository policy text to apply to the repository. For more
-	// information, see Amazon ECR Repository Policies
-	// (https://docs.aws.amazon.com/AmazonECR/latest/userguide/repository-policy-examples.html)
+	// information, see Amazon ECR Repository Policies (https://docs.aws.amazon.com/AmazonECR/latest/userguide/repository-policy-examples.html)
 	// in the Amazon Elastic Container Registry User Guide.
 	//
 	// This member is required.
@@ -44,14 +47,14 @@ type SetRepositoryPolicyInput struct {
 	// This member is required.
 	RepositoryName *string
 
-	// If the policy you are attempting to set on a repository policy would prevent you
+	// If the policy that you want to set on a repository policy would prevent you
 	// from setting another policy in the future, you must force the
-	// SetRepositoryPolicy operation. This is intended to prevent accidental repository
-	// lock outs.
+	// SetRepositoryPolicy operation. This prevents accidental repository lockouts.
 	Force bool
 
-	// The AWS account ID associated with the registry that contains the repository. If
-	// you do not specify a registry, the default public registry is assumed.
+	// The Amazon Web Services account ID that's associated with the registry that
+	// contains the repository. If you do not specify a registry, the default public
+	// registry is assumed.
 	RegistryId *string
 
 	noSmithyDocumentSerde
@@ -59,13 +62,13 @@ type SetRepositoryPolicyInput struct {
 
 type SetRepositoryPolicyOutput struct {
 
-	// The JSON repository policy text applied to the repository.
+	// The JSON repository policy text that's applied to the repository.
 	PolicyText *string
 
-	// The registry ID associated with the request.
+	// The registry ID that's associated with the request.
 	RegistryId *string
 
-	// The repository name associated with the request.
+	// The repository name that's associated with the request.
 	RepositoryName *string
 
 	// Metadata pertaining to the operation's result.
@@ -83,6 +86,9 @@ func (c *Client) addOperationSetRepositoryPolicyMiddlewares(stack *middleware.St
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -110,7 +116,7 @@ func (c *Client) addOperationSetRepositoryPolicyMiddlewares(stack *middleware.St
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -119,12 +125,18 @@ func (c *Client) addOperationSetRepositoryPolicyMiddlewares(stack *middleware.St
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addSetRepositoryPolicyResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpSetRepositoryPolicyValidationMiddleware(stack); err != nil {
 		return err
 	}
 	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opSetRepositoryPolicy(options.Region), middleware.Before); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addRequestIDRetrieverMiddleware(stack); err != nil {
 		return err
 	}
@@ -134,6 +146,9 @@ func (c *Client) addOperationSetRepositoryPolicyMiddlewares(stack *middleware.St
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -145,3 +160,126 @@ func newServiceMetadataMiddleware_opSetRepositoryPolicy(region string) *awsmiddl
 		OperationName: "SetRepositoryPolicy",
 	}
 }
+
+type opSetRepositoryPolicyResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opSetRepositoryPolicyResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opSetRepositoryPolicyResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr-public"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr-public"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr-public")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addSetRepositoryPolicyResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opSetRepositoryPolicyResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_TagResource.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_TagResource.go
index 0e7044006..94fe4edf1 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_TagResource.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_TagResource.go
@@ -4,17 +4,22 @@ package ecrpublic
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
 	"github.com/aws/aws-sdk-go-v2/service/ecrpublic/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
 
-// Associates the specified tags to a resource with the specified resourceArn. If
-// existing tags on a resource are not specified in the request parameters, they
-// are not changed. When a resource is deleted, the tags associated with that
-// resource are deleted as well.
+// Associates the specified tags to a resource with the specified resourceArn . If
+// existing tags on a resource aren't specified in the request parameters, they
+// aren't changed. When a resource is deleted, the tags associated with that
+// resource are also deleted.
 func (c *Client) TagResource(ctx context.Context, params *TagResourceInput, optFns ...func(*Options)) (*TagResourceOutput, error) {
 	if params == nil {
 		params = &TagResourceInput{}
@@ -32,8 +37,8 @@ func (c *Client) TagResource(ctx context.Context, params *TagResourceInput, optF
 
 type TagResourceInput struct {
 
-	// The Amazon Resource Name (ARN) of the resource to which to add tags. Currently,
-	// the supported resource is an Amazon ECR Public repository.
+	// The Amazon Resource Name (ARN) of the resource to add tags to. Currently, the
+	// supported resource is an Amazon ECR Public repository.
 	//
 	// This member is required.
 	ResourceArn *string
@@ -64,6 +69,9 @@ func (c *Client) addOperationTagResourceMiddlewares(stack *middleware.Stack, opt
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -91,7 +99,7 @@ func (c *Client) addOperationTagResourceMiddlewares(stack *middleware.Stack, opt
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -100,12 +108,18 @@ func (c *Client) addOperationTagResourceMiddlewares(stack *middleware.Stack, opt
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addTagResourceResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpTagResourceValidationMiddleware(stack); err != nil {
 		return err
 	}
 	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opTagResource(options.Region), middleware.Before); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addRequestIDRetrieverMiddleware(stack); err != nil {
 		return err
 	}
@@ -115,6 +129,9 @@ func (c *Client) addOperationTagResourceMiddlewares(stack *middleware.Stack, opt
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -126,3 +143,126 @@ func newServiceMetadataMiddleware_opTagResource(region string) *awsmiddleware.Re
 		OperationName: "TagResource",
 	}
 }
+
+type opTagResourceResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opTagResourceResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opTagResourceResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr-public"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr-public"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr-public")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addTagResourceResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opTagResourceResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_UntagResource.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_UntagResource.go
index 8f042d4c8..bff2b1c3a 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_UntagResource.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_UntagResource.go
@@ -4,8 +4,13 @@ package ecrpublic
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -28,8 +33,8 @@ func (c *Client) UntagResource(ctx context.Context, params *UntagResourceInput,
 
 type UntagResourceInput struct {
 
-	// The Amazon Resource Name (ARN) of the resource from which to delete tags.
-	// Currently, the supported resource is an Amazon ECR Public repository.
+	// The Amazon Resource Name (ARN) of the resource to delete tags from. Currently,
+	// the supported resource is an Amazon ECR Public repository.
 	//
 	// This member is required.
 	ResourceArn *string
@@ -58,6 +63,9 @@ func (c *Client) addOperationUntagResourceMiddlewares(stack *middleware.Stack, o
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -85,7 +93,7 @@ func (c *Client) addOperationUntagResourceMiddlewares(stack *middleware.Stack, o
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -94,12 +102,18 @@ func (c *Client) addOperationUntagResourceMiddlewares(stack *middleware.Stack, o
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addUntagResourceResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpUntagResourceValidationMiddleware(stack); err != nil {
 		return err
 	}
 	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opUntagResource(options.Region), middleware.Before); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addRequestIDRetrieverMiddleware(stack); err != nil {
 		return err
 	}
@@ -109,6 +123,9 @@ func (c *Client) addOperationUntagResourceMiddlewares(stack *middleware.Stack, o
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -120,3 +137,126 @@ func newServiceMetadataMiddleware_opUntagResource(region string) *awsmiddleware.
 		OperationName: "UntagResource",
 	}
 }
+
+type opUntagResourceResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opUntagResourceResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opUntagResourceResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr-public"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr-public"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr-public")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addUntagResourceResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opUntagResourceResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_UploadLayerPart.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_UploadLayerPart.go
index ce3fa0a4a..dadc5f39c 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_UploadLayerPart.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_UploadLayerPart.go
@@ -4,18 +4,23 @@ package ecrpublic
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
 
 // Uploads an image layer part to Amazon ECR. When an image is pushed, each new
 // image layer is uploaded in parts. The maximum size of each image layer part can
-// be 20971520 bytes (or about 20MB). The UploadLayerPart API is called once per
-// each new image layer part. This operation is used by the Amazon ECR proxy and is
-// not generally used by customers for pulling and pushing images. In most cases,
-// you should use the docker CLI to pull, tag, and push images.
+// be 20971520 bytes (about 20MB). The UploadLayerPart API is called once for each
+// new image layer part. This operation is used by the Amazon ECR proxy and is not
+// generally used by customers for pulling and pushing images. In most cases, you
+// should use the docker CLI to pull, tag, and push images.
 func (c *Client) UploadLayerPart(ctx context.Context, params *UploadLayerPartInput, optFns ...func(*Options)) (*UploadLayerPartOutput, error) {
 	if params == nil {
 		params = &UploadLayerPartInput{}
@@ -48,7 +53,7 @@ type UploadLayerPartInput struct {
 	// This member is required.
 	PartLastByte *int64
 
-	// The name of the repository to which you are uploading layer parts.
+	// The name of the repository that you're uploading layer parts to.
 	//
 	// This member is required.
 	RepositoryName *string
@@ -59,8 +64,9 @@ type UploadLayerPartInput struct {
 	// This member is required.
 	UploadId *string
 
-	// The AWS account ID associated with the registry to which you are uploading layer
-	// parts. If you do not specify a registry, the default public registry is assumed.
+	// The Amazon Web Services account ID, or registry alias, that's associated with
+	// the registry that you're uploading layer parts to. If you do not specify a
+	// registry, the default public registry is assumed.
 	RegistryId *string
 
 	noSmithyDocumentSerde
@@ -68,16 +74,16 @@ type UploadLayerPartInput struct {
 
 type UploadLayerPartOutput struct {
 
-	// The integer value of the last byte received in the request.
+	// The integer value of the last byte that's received in the request.
 	LastByteReceived *int64
 
-	// The registry ID associated with the request.
+	// The registry ID that's associated with the request.
 	RegistryId *string
 
-	// The repository name associated with the request.
+	// The repository name that's associated with the request.
 	RepositoryName *string
 
-	// The upload ID associated with the request.
+	// The upload ID that's associated with the request.
 	UploadId *string
 
 	// Metadata pertaining to the operation's result.
@@ -95,6 +101,9 @@ func (c *Client) addOperationUploadLayerPartMiddlewares(stack *middleware.Stack,
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -122,7 +131,7 @@ func (c *Client) addOperationUploadLayerPartMiddlewares(stack *middleware.Stack,
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -131,12 +140,18 @@ func (c *Client) addOperationUploadLayerPartMiddlewares(stack *middleware.Stack,
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addUploadLayerPartResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpUploadLayerPartValidationMiddleware(stack); err != nil {
 		return err
 	}
 	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opUploadLayerPart(options.Region), middleware.Before); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addRequestIDRetrieverMiddleware(stack); err != nil {
 		return err
 	}
@@ -146,6 +161,9 @@ func (c *Client) addOperationUploadLayerPartMiddlewares(stack *middleware.Stack,
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -157,3 +175,126 @@ func newServiceMetadataMiddleware_opUploadLayerPart(region string) *awsmiddlewar
 		OperationName: "UploadLayerPart",
 	}
 }
+
+type opUploadLayerPartResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opUploadLayerPartResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opUploadLayerPartResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr-public"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr-public"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr-public")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addUploadLayerPartResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opUploadLayerPartResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/deserializers.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/deserializers.go
index 2a9ac6204..0ef759a1c 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/deserializers.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/deserializers.go
@@ -86,9 +86,9 @@ func awsAwsjson11_deserializeOpErrorBatchCheckLayerAvailability(response *smithy
 	errorCode := "UnknownError"
 	errorMessage := errorCode
 
-	code := response.Header.Get("X-Amzn-ErrorType")
-	if len(code) != 0 {
-		errorCode = restjson.SanitizeErrorCode(code)
+	headerCode := response.Header.Get("X-Amzn-ErrorType")
+	if len(headerCode) != 0 {
+		errorCode = restjson.SanitizeErrorCode(headerCode)
 	}
 
 	var buff [1024]byte
@@ -97,7 +97,7 @@ func awsAwsjson11_deserializeOpErrorBatchCheckLayerAvailability(response *smithy
 	body := io.TeeReader(errorBody, ringBuffer)
 	decoder := json.NewDecoder(body)
 	decoder.UseNumber()
-	code, message, err := restjson.GetErrorInfo(decoder)
+	jsonCode, message, err := restjson.GetErrorInfo(decoder)
 	if err != nil {
 		var snapshot bytes.Buffer
 		io.Copy(&snapshot, ringBuffer)
@@ -109,8 +109,8 @@ func awsAwsjson11_deserializeOpErrorBatchCheckLayerAvailability(response *smithy
 	}
 
 	errorBody.Seek(0, io.SeekStart)
-	if len(code) != 0 {
-		errorCode = restjson.SanitizeErrorCode(code)
+	if len(headerCode) == 0 && len(jsonCode) != 0 {
+		errorCode = restjson.SanitizeErrorCode(jsonCode)
 	}
 	if len(message) != 0 {
 		errorMessage = message
@@ -129,6 +129,9 @@ func awsAwsjson11_deserializeOpErrorBatchCheckLayerAvailability(response *smithy
 	case strings.EqualFold("ServerException", errorCode):
 		return awsAwsjson11_deserializeErrorServerException(response, errorBody)
 
+	case strings.EqualFold("UnsupportedCommandException", errorCode):
+		return awsAwsjson11_deserializeErrorUnsupportedCommandException(response, errorBody)
+
 	default:
 		genericError := &smithy.GenericAPIError{
 			Code:    errorCode,
@@ -206,9 +209,9 @@ func awsAwsjson11_deserializeOpErrorBatchDeleteImage(response *smithyhttp.Respon
 	errorCode := "UnknownError"
 	errorMessage := errorCode
 
-	code := response.Header.Get("X-Amzn-ErrorType")
-	if len(code) != 0 {
-		errorCode = restjson.SanitizeErrorCode(code)
+	headerCode := response.Header.Get("X-Amzn-ErrorType")
+	if len(headerCode) != 0 {
+		errorCode = restjson.SanitizeErrorCode(headerCode)
 	}
 
 	var buff [1024]byte
@@ -217,7 +220,7 @@ func awsAwsjson11_deserializeOpErrorBatchDeleteImage(response *smithyhttp.Respon
 	body := io.TeeReader(errorBody, ringBuffer)
 	decoder := json.NewDecoder(body)
 	decoder.UseNumber()
-	code, message, err := restjson.GetErrorInfo(decoder)
+	jsonCode, message, err := restjson.GetErrorInfo(decoder)
 	if err != nil {
 		var snapshot bytes.Buffer
 		io.Copy(&snapshot, ringBuffer)
@@ -229,8 +232,8 @@ func awsAwsjson11_deserializeOpErrorBatchDeleteImage(response *smithyhttp.Respon
 	}
 
 	errorBody.Seek(0, io.SeekStart)
-	if len(code) != 0 {
-		errorCode = restjson.SanitizeErrorCode(code)
+	if len(headerCode) == 0 && len(jsonCode) != 0 {
+		errorCode = restjson.SanitizeErrorCode(jsonCode)
 	}
 	if len(message) != 0 {
 		errorMessage = message
@@ -246,6 +249,9 @@ func awsAwsjson11_deserializeOpErrorBatchDeleteImage(response *smithyhttp.Respon
 	case strings.EqualFold("ServerException", errorCode):
 		return awsAwsjson11_deserializeErrorServerException(response, errorBody)
 
+	case strings.EqualFold("UnsupportedCommandException", errorCode):
+		return awsAwsjson11_deserializeErrorUnsupportedCommandException(response, errorBody)
+
 	default:
 		genericError := &smithy.GenericAPIError{
 			Code:    errorCode,
@@ -323,9 +329,9 @@ func awsAwsjson11_deserializeOpErrorCompleteLayerUpload(response *smithyhttp.Res
 	errorCode := "UnknownError"
 	errorMessage := errorCode
 
-	code := response.Header.Get("X-Amzn-ErrorType")
-	if len(code) != 0 {
-		errorCode = restjson.SanitizeErrorCode(code)
+	headerCode := response.Header.Get("X-Amzn-ErrorType")
+	if len(headerCode) != 0 {
+		errorCode = restjson.SanitizeErrorCode(headerCode)
 	}
 
 	var buff [1024]byte
@@ -334,7 +340,7 @@ func awsAwsjson11_deserializeOpErrorCompleteLayerUpload(response *smithyhttp.Res
 	body := io.TeeReader(errorBody, ringBuffer)
 	decoder := json.NewDecoder(body)
 	decoder.UseNumber()
-	code, message, err := restjson.GetErrorInfo(decoder)
+	jsonCode, message, err := restjson.GetErrorInfo(decoder)
 	if err != nil {
 		var snapshot bytes.Buffer
 		io.Copy(&snapshot, ringBuffer)
@@ -346,8 +352,8 @@ func awsAwsjson11_deserializeOpErrorCompleteLayerUpload(response *smithyhttp.Res
 	}
 
 	errorBody.Seek(0, io.SeekStart)
-	if len(code) != 0 {
-		errorCode = restjson.SanitizeErrorCode(code)
+	if len(headerCode) == 0 && len(jsonCode) != 0 {
+		errorCode = restjson.SanitizeErrorCode(jsonCode)
 	}
 	if len(message) != 0 {
 		errorMessage = message
@@ -461,9 +467,9 @@ func awsAwsjson11_deserializeOpErrorCreateRepository(response *smithyhttp.Respon
 	errorCode := "UnknownError"
 	errorMessage := errorCode
 
-	code := response.Header.Get("X-Amzn-ErrorType")
-	if len(code) != 0 {
-		errorCode = restjson.SanitizeErrorCode(code)
+	headerCode := response.Header.Get("X-Amzn-ErrorType")
+	if len(headerCode) != 0 {
+		errorCode = restjson.SanitizeErrorCode(headerCode)
 	}
 
 	var buff [1024]byte
@@ -472,7 +478,7 @@ func awsAwsjson11_deserializeOpErrorCreateRepository(response *smithyhttp.Respon
 	body := io.TeeReader(errorBody, ringBuffer)
 	decoder := json.NewDecoder(body)
 	decoder.UseNumber()
-	code, message, err := restjson.GetErrorInfo(decoder)
+	jsonCode, message, err := restjson.GetErrorInfo(decoder)
 	if err != nil {
 		var snapshot bytes.Buffer
 		io.Copy(&snapshot, ringBuffer)
@@ -484,8 +490,8 @@ func awsAwsjson11_deserializeOpErrorCreateRepository(response *smithyhttp.Respon
 	}
 
 	errorBody.Seek(0, io.SeekStart)
-	if len(code) != 0 {
-		errorCode = restjson.SanitizeErrorCode(code)
+	if len(headerCode) == 0 && len(jsonCode) != 0 {
+		errorCode = restjson.SanitizeErrorCode(jsonCode)
 	}
 	if len(message) != 0 {
 		errorMessage = message
@@ -510,6 +516,9 @@ func awsAwsjson11_deserializeOpErrorCreateRepository(response *smithyhttp.Respon
 	case strings.EqualFold("TooManyTagsException", errorCode):
 		return awsAwsjson11_deserializeErrorTooManyTagsException(response, errorBody)
 
+	case strings.EqualFold("UnsupportedCommandException", errorCode):
+		return awsAwsjson11_deserializeErrorUnsupportedCommandException(response, errorBody)
+
 	default:
 		genericError := &smithy.GenericAPIError{
 			Code:    errorCode,
@@ -587,9 +596,9 @@ func awsAwsjson11_deserializeOpErrorDeleteRepository(response *smithyhttp.Respon
 	errorCode := "UnknownError"
 	errorMessage := errorCode
 
-	code := response.Header.Get("X-Amzn-ErrorType")
-	if len(code) != 0 {
-		errorCode = restjson.SanitizeErrorCode(code)
+	headerCode := response.Header.Get("X-Amzn-ErrorType")
+	if len(headerCode) != 0 {
+		errorCode = restjson.SanitizeErrorCode(headerCode)
 	}
 
 	var buff [1024]byte
@@ -598,7 +607,7 @@ func awsAwsjson11_deserializeOpErrorDeleteRepository(response *smithyhttp.Respon
 	body := io.TeeReader(errorBody, ringBuffer)
 	decoder := json.NewDecoder(body)
 	decoder.UseNumber()
-	code, message, err := restjson.GetErrorInfo(decoder)
+	jsonCode, message, err := restjson.GetErrorInfo(decoder)
 	if err != nil {
 		var snapshot bytes.Buffer
 		io.Copy(&snapshot, ringBuffer)
@@ -610,8 +619,8 @@ func awsAwsjson11_deserializeOpErrorDeleteRepository(response *smithyhttp.Respon
 	}
 
 	errorBody.Seek(0, io.SeekStart)
-	if len(code) != 0 {
-		errorCode = restjson.SanitizeErrorCode(code)
+	if len(headerCode) == 0 && len(jsonCode) != 0 {
+		errorCode = restjson.SanitizeErrorCode(jsonCode)
 	}
 	if len(message) != 0 {
 		errorMessage = message
@@ -630,6 +639,9 @@ func awsAwsjson11_deserializeOpErrorDeleteRepository(response *smithyhttp.Respon
 	case strings.EqualFold("ServerException", errorCode):
 		return awsAwsjson11_deserializeErrorServerException(response, errorBody)
 
+	case strings.EqualFold("UnsupportedCommandException", errorCode):
+		return awsAwsjson11_deserializeErrorUnsupportedCommandException(response, errorBody)
+
 	default:
 		genericError := &smithy.GenericAPIError{
 			Code:    errorCode,
@@ -707,9 +719,9 @@ func awsAwsjson11_deserializeOpErrorDeleteRepositoryPolicy(response *smithyhttp.
 	errorCode := "UnknownError"
 	errorMessage := errorCode
 
-	code := response.Header.Get("X-Amzn-ErrorType")
-	if len(code) != 0 {
-		errorCode = restjson.SanitizeErrorCode(code)
+	headerCode := response.Header.Get("X-Amzn-ErrorType")
+	if len(headerCode) != 0 {
+		errorCode = restjson.SanitizeErrorCode(headerCode)
 	}
 
 	var buff [1024]byte
@@ -718,7 +730,7 @@ func awsAwsjson11_deserializeOpErrorDeleteRepositoryPolicy(response *smithyhttp.
 	body := io.TeeReader(errorBody, ringBuffer)
 	decoder := json.NewDecoder(body)
 	decoder.UseNumber()
-	code, message, err := restjson.GetErrorInfo(decoder)
+	jsonCode, message, err := restjson.GetErrorInfo(decoder)
 	if err != nil {
 		var snapshot bytes.Buffer
 		io.Copy(&snapshot, ringBuffer)
@@ -730,8 +742,8 @@ func awsAwsjson11_deserializeOpErrorDeleteRepositoryPolicy(response *smithyhttp.
 	}
 
 	errorBody.Seek(0, io.SeekStart)
-	if len(code) != 0 {
-		errorCode = restjson.SanitizeErrorCode(code)
+	if len(headerCode) == 0 && len(jsonCode) != 0 {
+		errorCode = restjson.SanitizeErrorCode(jsonCode)
 	}
 	if len(message) != 0 {
 		errorMessage = message
@@ -750,6 +762,9 @@ func awsAwsjson11_deserializeOpErrorDeleteRepositoryPolicy(response *smithyhttp.
 	case strings.EqualFold("ServerException", errorCode):
 		return awsAwsjson11_deserializeErrorServerException(response, errorBody)
 
+	case strings.EqualFold("UnsupportedCommandException", errorCode):
+		return awsAwsjson11_deserializeErrorUnsupportedCommandException(response, errorBody)
+
 	default:
 		genericError := &smithy.GenericAPIError{
 			Code:    errorCode,
@@ -827,9 +842,9 @@ func awsAwsjson11_deserializeOpErrorDescribeImages(response *smithyhttp.Response
 	errorCode := "UnknownError"
 	errorMessage := errorCode
 
-	code := response.Header.Get("X-Amzn-ErrorType")
-	if len(code) != 0 {
-		errorCode = restjson.SanitizeErrorCode(code)
+	headerCode := response.Header.Get("X-Amzn-ErrorType")
+	if len(headerCode) != 0 {
+		errorCode = restjson.SanitizeErrorCode(headerCode)
 	}
 
 	var buff [1024]byte
@@ -838,7 +853,7 @@ func awsAwsjson11_deserializeOpErrorDescribeImages(response *smithyhttp.Response
 	body := io.TeeReader(errorBody, ringBuffer)
 	decoder := json.NewDecoder(body)
 	decoder.UseNumber()
-	code, message, err := restjson.GetErrorInfo(decoder)
+	jsonCode, message, err := restjson.GetErrorInfo(decoder)
 	if err != nil {
 		var snapshot bytes.Buffer
 		io.Copy(&snapshot, ringBuffer)
@@ -850,8 +865,8 @@ func awsAwsjson11_deserializeOpErrorDescribeImages(response *smithyhttp.Response
 	}
 
 	errorBody.Seek(0, io.SeekStart)
-	if len(code) != 0 {
-		errorCode = restjson.SanitizeErrorCode(code)
+	if len(headerCode) == 0 && len(jsonCode) != 0 {
+		errorCode = restjson.SanitizeErrorCode(jsonCode)
 	}
 	if len(message) != 0 {
 		errorMessage = message
@@ -870,6 +885,9 @@ func awsAwsjson11_deserializeOpErrorDescribeImages(response *smithyhttp.Response
 	case strings.EqualFold("ServerException", errorCode):
 		return awsAwsjson11_deserializeErrorServerException(response, errorBody)
 
+	case strings.EqualFold("UnsupportedCommandException", errorCode):
+		return awsAwsjson11_deserializeErrorUnsupportedCommandException(response, errorBody)
+
 	default:
 		genericError := &smithy.GenericAPIError{
 			Code:    errorCode,
@@ -947,9 +965,9 @@ func awsAwsjson11_deserializeOpErrorDescribeImageTags(response *smithyhttp.Respo
 	errorCode := "UnknownError"
 	errorMessage := errorCode
 
-	code := response.Header.Get("X-Amzn-ErrorType")
-	if len(code) != 0 {
-		errorCode = restjson.SanitizeErrorCode(code)
+	headerCode := response.Header.Get("X-Amzn-ErrorType")
+	if len(headerCode) != 0 {
+		errorCode = restjson.SanitizeErrorCode(headerCode)
 	}
 
 	var buff [1024]byte
@@ -958,7 +976,7 @@ func awsAwsjson11_deserializeOpErrorDescribeImageTags(response *smithyhttp.Respo
 	body := io.TeeReader(errorBody, ringBuffer)
 	decoder := json.NewDecoder(body)
 	decoder.UseNumber()
-	code, message, err := restjson.GetErrorInfo(decoder)
+	jsonCode, message, err := restjson.GetErrorInfo(decoder)
 	if err != nil {
 		var snapshot bytes.Buffer
 		io.Copy(&snapshot, ringBuffer)
@@ -970,8 +988,8 @@ func awsAwsjson11_deserializeOpErrorDescribeImageTags(response *smithyhttp.Respo
 	}
 
 	errorBody.Seek(0, io.SeekStart)
-	if len(code) != 0 {
-		errorCode = restjson.SanitizeErrorCode(code)
+	if len(headerCode) == 0 && len(jsonCode) != 0 {
+		errorCode = restjson.SanitizeErrorCode(jsonCode)
 	}
 	if len(message) != 0 {
 		errorMessage = message
@@ -987,6 +1005,9 @@ func awsAwsjson11_deserializeOpErrorDescribeImageTags(response *smithyhttp.Respo
 	case strings.EqualFold("ServerException", errorCode):
 		return awsAwsjson11_deserializeErrorServerException(response, errorBody)
 
+	case strings.EqualFold("UnsupportedCommandException", errorCode):
+		return awsAwsjson11_deserializeErrorUnsupportedCommandException(response, errorBody)
+
 	default:
 		genericError := &smithy.GenericAPIError{
 			Code:    errorCode,
@@ -1064,9 +1085,9 @@ func awsAwsjson11_deserializeOpErrorDescribeRegistries(response *smithyhttp.Resp
 	errorCode := "UnknownError"
 	errorMessage := errorCode
 
-	code := response.Header.Get("X-Amzn-ErrorType")
-	if len(code) != 0 {
-		errorCode = restjson.SanitizeErrorCode(code)
+	headerCode := response.Header.Get("X-Amzn-ErrorType")
+	if len(headerCode) != 0 {
+		errorCode = restjson.SanitizeErrorCode(headerCode)
 	}
 
 	var buff [1024]byte
@@ -1075,7 +1096,7 @@ func awsAwsjson11_deserializeOpErrorDescribeRegistries(response *smithyhttp.Resp
 	body := io.TeeReader(errorBody, ringBuffer)
 	decoder := json.NewDecoder(body)
 	decoder.UseNumber()
-	code, message, err := restjson.GetErrorInfo(decoder)
+	jsonCode, message, err := restjson.GetErrorInfo(decoder)
 	if err != nil {
 		var snapshot bytes.Buffer
 		io.Copy(&snapshot, ringBuffer)
@@ -1087,8 +1108,8 @@ func awsAwsjson11_deserializeOpErrorDescribeRegistries(response *smithyhttp.Resp
 	}
 
 	errorBody.Seek(0, io.SeekStart)
-	if len(code) != 0 {
-		errorCode = restjson.SanitizeErrorCode(code)
+	if len(headerCode) == 0 && len(jsonCode) != 0 {
+		errorCode = restjson.SanitizeErrorCode(jsonCode)
 	}
 	if len(message) != 0 {
 		errorMessage = message
@@ -1181,9 +1202,9 @@ func awsAwsjson11_deserializeOpErrorDescribeRepositories(response *smithyhttp.Re
 	errorCode := "UnknownError"
 	errorMessage := errorCode
 
-	code := response.Header.Get("X-Amzn-ErrorType")
-	if len(code) != 0 {
-		errorCode = restjson.SanitizeErrorCode(code)
+	headerCode := response.Header.Get("X-Amzn-ErrorType")
+	if len(headerCode) != 0 {
+		errorCode = restjson.SanitizeErrorCode(headerCode)
 	}
 
 	var buff [1024]byte
@@ -1192,7 +1213,7 @@ func awsAwsjson11_deserializeOpErrorDescribeRepositories(response *smithyhttp.Re
 	body := io.TeeReader(errorBody, ringBuffer)
 	decoder := json.NewDecoder(body)
 	decoder.UseNumber()
-	code, message, err := restjson.GetErrorInfo(decoder)
+	jsonCode, message, err := restjson.GetErrorInfo(decoder)
 	if err != nil {
 		var snapshot bytes.Buffer
 		io.Copy(&snapshot, ringBuffer)
@@ -1204,8 +1225,8 @@ func awsAwsjson11_deserializeOpErrorDescribeRepositories(response *smithyhttp.Re
 	}
 
 	errorBody.Seek(0, io.SeekStart)
-	if len(code) != 0 {
-		errorCode = restjson.SanitizeErrorCode(code)
+	if len(headerCode) == 0 && len(jsonCode) != 0 {
+		errorCode = restjson.SanitizeErrorCode(jsonCode)
 	}
 	if len(message) != 0 {
 		errorMessage = message
@@ -1221,6 +1242,9 @@ func awsAwsjson11_deserializeOpErrorDescribeRepositories(response *smithyhttp.Re
 	case strings.EqualFold("ServerException", errorCode):
 		return awsAwsjson11_deserializeErrorServerException(response, errorBody)
 
+	case strings.EqualFold("UnsupportedCommandException", errorCode):
+		return awsAwsjson11_deserializeErrorUnsupportedCommandException(response, errorBody)
+
 	default:
 		genericError := &smithy.GenericAPIError{
 			Code:    errorCode,
@@ -1298,9 +1322,9 @@ func awsAwsjson11_deserializeOpErrorGetAuthorizationToken(response *smithyhttp.R
 	errorCode := "UnknownError"
 	errorMessage := errorCode
 
-	code := response.Header.Get("X-Amzn-ErrorType")
-	if len(code) != 0 {
-		errorCode = restjson.SanitizeErrorCode(code)
+	headerCode := response.Header.Get("X-Amzn-ErrorType")
+	if len(headerCode) != 0 {
+		errorCode = restjson.SanitizeErrorCode(headerCode)
 	}
 
 	var buff [1024]byte
@@ -1309,7 +1333,7 @@ func awsAwsjson11_deserializeOpErrorGetAuthorizationToken(response *smithyhttp.R
 	body := io.TeeReader(errorBody, ringBuffer)
 	decoder := json.NewDecoder(body)
 	decoder.UseNumber()
-	code, message, err := restjson.GetErrorInfo(decoder)
+	jsonCode, message, err := restjson.GetErrorInfo(decoder)
 	if err != nil {
 		var snapshot bytes.Buffer
 		io.Copy(&snapshot, ringBuffer)
@@ -1321,8 +1345,8 @@ func awsAwsjson11_deserializeOpErrorGetAuthorizationToken(response *smithyhttp.R
 	}
 
 	errorBody.Seek(0, io.SeekStart)
-	if len(code) != 0 {
-		errorCode = restjson.SanitizeErrorCode(code)
+	if len(headerCode) == 0 && len(jsonCode) != 0 {
+		errorCode = restjson.SanitizeErrorCode(jsonCode)
 	}
 	if len(message) != 0 {
 		errorMessage = message
@@ -1335,6 +1359,9 @@ func awsAwsjson11_deserializeOpErrorGetAuthorizationToken(response *smithyhttp.R
 	case strings.EqualFold("ServerException", errorCode):
 		return awsAwsjson11_deserializeErrorServerException(response, errorBody)
 
+	case strings.EqualFold("UnsupportedCommandException", errorCode):
+		return awsAwsjson11_deserializeErrorUnsupportedCommandException(response, errorBody)
+
 	default:
 		genericError := &smithy.GenericAPIError{
 			Code:    errorCode,
@@ -1412,9 +1439,9 @@ func awsAwsjson11_deserializeOpErrorGetRegistryCatalogData(response *smithyhttp.
 	errorCode := "UnknownError"
 	errorMessage := errorCode
 
-	code := response.Header.Get("X-Amzn-ErrorType")
-	if len(code) != 0 {
-		errorCode = restjson.SanitizeErrorCode(code)
+	headerCode := response.Header.Get("X-Amzn-ErrorType")
+	if len(headerCode) != 0 {
+		errorCode = restjson.SanitizeErrorCode(headerCode)
 	}
 
 	var buff [1024]byte
@@ -1423,7 +1450,7 @@ func awsAwsjson11_deserializeOpErrorGetRegistryCatalogData(response *smithyhttp.
 	body := io.TeeReader(errorBody, ringBuffer)
 	decoder := json.NewDecoder(body)
 	decoder.UseNumber()
-	code, message, err := restjson.GetErrorInfo(decoder)
+	jsonCode, message, err := restjson.GetErrorInfo(decoder)
 	if err != nil {
 		var snapshot bytes.Buffer
 		io.Copy(&snapshot, ringBuffer)
@@ -1435,8 +1462,8 @@ func awsAwsjson11_deserializeOpErrorGetRegistryCatalogData(response *smithyhttp.
 	}
 
 	errorBody.Seek(0, io.SeekStart)
-	if len(code) != 0 {
-		errorCode = restjson.SanitizeErrorCode(code)
+	if len(headerCode) == 0 && len(jsonCode) != 0 {
+		errorCode = restjson.SanitizeErrorCode(jsonCode)
 	}
 	if len(message) != 0 {
 		errorMessage = message
@@ -1526,9 +1553,9 @@ func awsAwsjson11_deserializeOpErrorGetRepositoryCatalogData(response *smithyhtt
 	errorCode := "UnknownError"
 	errorMessage := errorCode
 
-	code := response.Header.Get("X-Amzn-ErrorType")
-	if len(code) != 0 {
-		errorCode = restjson.SanitizeErrorCode(code)
+	headerCode := response.Header.Get("X-Amzn-ErrorType")
+	if len(headerCode) != 0 {
+		errorCode = restjson.SanitizeErrorCode(headerCode)
 	}
 
 	var buff [1024]byte
@@ -1537,7 +1564,7 @@ func awsAwsjson11_deserializeOpErrorGetRepositoryCatalogData(response *smithyhtt
 	body := io.TeeReader(errorBody, ringBuffer)
 	decoder := json.NewDecoder(body)
 	decoder.UseNumber()
-	code, message, err := restjson.GetErrorInfo(decoder)
+	jsonCode, message, err := restjson.GetErrorInfo(decoder)
 	if err != nil {
 		var snapshot bytes.Buffer
 		io.Copy(&snapshot, ringBuffer)
@@ -1549,8 +1576,8 @@ func awsAwsjson11_deserializeOpErrorGetRepositoryCatalogData(response *smithyhtt
 	}
 
 	errorBody.Seek(0, io.SeekStart)
-	if len(code) != 0 {
-		errorCode = restjson.SanitizeErrorCode(code)
+	if len(headerCode) == 0 && len(jsonCode) != 0 {
+		errorCode = restjson.SanitizeErrorCode(jsonCode)
 	}
 	if len(message) != 0 {
 		errorMessage = message
@@ -1560,12 +1587,18 @@ func awsAwsjson11_deserializeOpErrorGetRepositoryCatalogData(response *smithyhtt
 	case strings.EqualFold("InvalidParameterException", errorCode):
 		return awsAwsjson11_deserializeErrorInvalidParameterException(response, errorBody)
 
+	case strings.EqualFold("RepositoryCatalogDataNotFoundException", errorCode):
+		return awsAwsjson11_deserializeErrorRepositoryCatalogDataNotFoundException(response, errorBody)
+
 	case strings.EqualFold("RepositoryNotFoundException", errorCode):
 		return awsAwsjson11_deserializeErrorRepositoryNotFoundException(response, errorBody)
 
 	case strings.EqualFold("ServerException", errorCode):
 		return awsAwsjson11_deserializeErrorServerException(response, errorBody)
 
+	case strings.EqualFold("UnsupportedCommandException", errorCode):
+		return awsAwsjson11_deserializeErrorUnsupportedCommandException(response, errorBody)
+
 	default:
 		genericError := &smithy.GenericAPIError{
 			Code:    errorCode,
@@ -1643,9 +1676,9 @@ func awsAwsjson11_deserializeOpErrorGetRepositoryPolicy(response *smithyhttp.Res
 	errorCode := "UnknownError"
 	errorMessage := errorCode
 
-	code := response.Header.Get("X-Amzn-ErrorType")
-	if len(code) != 0 {
-		errorCode = restjson.SanitizeErrorCode(code)
+	headerCode := response.Header.Get("X-Amzn-ErrorType")
+	if len(headerCode) != 0 {
+		errorCode = restjson.SanitizeErrorCode(headerCode)
 	}
 
 	var buff [1024]byte
@@ -1654,7 +1687,7 @@ func awsAwsjson11_deserializeOpErrorGetRepositoryPolicy(response *smithyhttp.Res
 	body := io.TeeReader(errorBody, ringBuffer)
 	decoder := json.NewDecoder(body)
 	decoder.UseNumber()
-	code, message, err := restjson.GetErrorInfo(decoder)
+	jsonCode, message, err := restjson.GetErrorInfo(decoder)
 	if err != nil {
 		var snapshot bytes.Buffer
 		io.Copy(&snapshot, ringBuffer)
@@ -1666,8 +1699,8 @@ func awsAwsjson11_deserializeOpErrorGetRepositoryPolicy(response *smithyhttp.Res
 	}
 
 	errorBody.Seek(0, io.SeekStart)
-	if len(code) != 0 {
-		errorCode = restjson.SanitizeErrorCode(code)
+	if len(headerCode) == 0 && len(jsonCode) != 0 {
+		errorCode = restjson.SanitizeErrorCode(jsonCode)
 	}
 	if len(message) != 0 {
 		errorMessage = message
@@ -1686,6 +1719,9 @@ func awsAwsjson11_deserializeOpErrorGetRepositoryPolicy(response *smithyhttp.Res
 	case strings.EqualFold("ServerException", errorCode):
 		return awsAwsjson11_deserializeErrorServerException(response, errorBody)
 
+	case strings.EqualFold("UnsupportedCommandException", errorCode):
+		return awsAwsjson11_deserializeErrorUnsupportedCommandException(response, errorBody)
+
 	default:
 		genericError := &smithy.GenericAPIError{
 			Code:    errorCode,
@@ -1763,9 +1799,9 @@ func awsAwsjson11_deserializeOpErrorInitiateLayerUpload(response *smithyhttp.Res
 	errorCode := "UnknownError"
 	errorMessage := errorCode
 
-	code := response.Header.Get("X-Amzn-ErrorType")
-	if len(code) != 0 {
-		errorCode = restjson.SanitizeErrorCode(code)
+	headerCode := response.Header.Get("X-Amzn-ErrorType")
+	if len(headerCode) != 0 {
+		errorCode = restjson.SanitizeErrorCode(headerCode)
 	}
 
 	var buff [1024]byte
@@ -1774,7 +1810,7 @@ func awsAwsjson11_deserializeOpErrorInitiateLayerUpload(response *smithyhttp.Res
 	body := io.TeeReader(errorBody, ringBuffer)
 	decoder := json.NewDecoder(body)
 	decoder.UseNumber()
-	code, message, err := restjson.GetErrorInfo(decoder)
+	jsonCode, message, err := restjson.GetErrorInfo(decoder)
 	if err != nil {
 		var snapshot bytes.Buffer
 		io.Copy(&snapshot, ringBuffer)
@@ -1786,8 +1822,8 @@ func awsAwsjson11_deserializeOpErrorInitiateLayerUpload(response *smithyhttp.Res
 	}
 
 	errorBody.Seek(0, io.SeekStart)
-	if len(code) != 0 {
-		errorCode = restjson.SanitizeErrorCode(code)
+	if len(headerCode) == 0 && len(jsonCode) != 0 {
+		errorCode = restjson.SanitizeErrorCode(jsonCode)
 	}
 	if len(message) != 0 {
 		errorMessage = message
@@ -1886,9 +1922,9 @@ func awsAwsjson11_deserializeOpErrorListTagsForResource(response *smithyhttp.Res
 	errorCode := "UnknownError"
 	errorMessage := errorCode
 
-	code := response.Header.Get("X-Amzn-ErrorType")
-	if len(code) != 0 {
-		errorCode = restjson.SanitizeErrorCode(code)
+	headerCode := response.Header.Get("X-Amzn-ErrorType")
+	if len(headerCode) != 0 {
+		errorCode = restjson.SanitizeErrorCode(headerCode)
 	}
 
 	var buff [1024]byte
@@ -1897,7 +1933,7 @@ func awsAwsjson11_deserializeOpErrorListTagsForResource(response *smithyhttp.Res
 	body := io.TeeReader(errorBody, ringBuffer)
 	decoder := json.NewDecoder(body)
 	decoder.UseNumber()
-	code, message, err := restjson.GetErrorInfo(decoder)
+	jsonCode, message, err := restjson.GetErrorInfo(decoder)
 	if err != nil {
 		var snapshot bytes.Buffer
 		io.Copy(&snapshot, ringBuffer)
@@ -1909,8 +1945,8 @@ func awsAwsjson11_deserializeOpErrorListTagsForResource(response *smithyhttp.Res
 	}
 
 	errorBody.Seek(0, io.SeekStart)
-	if len(code) != 0 {
-		errorCode = restjson.SanitizeErrorCode(code)
+	if len(headerCode) == 0 && len(jsonCode) != 0 {
+		errorCode = restjson.SanitizeErrorCode(jsonCode)
 	}
 	if len(message) != 0 {
 		errorMessage = message
@@ -1926,6 +1962,9 @@ func awsAwsjson11_deserializeOpErrorListTagsForResource(response *smithyhttp.Res
 	case strings.EqualFold("ServerException", errorCode):
 		return awsAwsjson11_deserializeErrorServerException(response, errorBody)
 
+	case strings.EqualFold("UnsupportedCommandException", errorCode):
+		return awsAwsjson11_deserializeErrorUnsupportedCommandException(response, errorBody)
+
 	default:
 		genericError := &smithy.GenericAPIError{
 			Code:    errorCode,
@@ -2003,9 +2042,9 @@ func awsAwsjson11_deserializeOpErrorPutImage(response *smithyhttp.Response, meta
 	errorCode := "UnknownError"
 	errorMessage := errorCode
 
-	code := response.Header.Get("X-Amzn-ErrorType")
-	if len(code) != 0 {
-		errorCode = restjson.SanitizeErrorCode(code)
+	headerCode := response.Header.Get("X-Amzn-ErrorType")
+	if len(headerCode) != 0 {
+		errorCode = restjson.SanitizeErrorCode(headerCode)
 	}
 
 	var buff [1024]byte
@@ -2014,7 +2053,7 @@ func awsAwsjson11_deserializeOpErrorPutImage(response *smithyhttp.Response, meta
 	body := io.TeeReader(errorBody, ringBuffer)
 	decoder := json.NewDecoder(body)
 	decoder.UseNumber()
-	code, message, err := restjson.GetErrorInfo(decoder)
+	jsonCode, message, err := restjson.GetErrorInfo(decoder)
 	if err != nil {
 		var snapshot bytes.Buffer
 		io.Copy(&snapshot, ringBuffer)
@@ -2026,8 +2065,8 @@ func awsAwsjson11_deserializeOpErrorPutImage(response *smithyhttp.Response, meta
 	}
 
 	errorBody.Seek(0, io.SeekStart)
-	if len(code) != 0 {
-		errorCode = restjson.SanitizeErrorCode(code)
+	if len(headerCode) == 0 && len(jsonCode) != 0 {
+		errorCode = restjson.SanitizeErrorCode(jsonCode)
 	}
 	if len(message) != 0 {
 		errorMessage = message
@@ -2144,9 +2183,9 @@ func awsAwsjson11_deserializeOpErrorPutRegistryCatalogData(response *smithyhttp.
 	errorCode := "UnknownError"
 	errorMessage := errorCode
 
-	code := response.Header.Get("X-Amzn-ErrorType")
-	if len(code) != 0 {
-		errorCode = restjson.SanitizeErrorCode(code)
+	headerCode := response.Header.Get("X-Amzn-ErrorType")
+	if len(headerCode) != 0 {
+		errorCode = restjson.SanitizeErrorCode(headerCode)
 	}
 
 	var buff [1024]byte
@@ -2155,7 +2194,7 @@ func awsAwsjson11_deserializeOpErrorPutRegistryCatalogData(response *smithyhttp.
 	body := io.TeeReader(errorBody, ringBuffer)
 	decoder := json.NewDecoder(body)
 	decoder.UseNumber()
-	code, message, err := restjson.GetErrorInfo(decoder)
+	jsonCode, message, err := restjson.GetErrorInfo(decoder)
 	if err != nil {
 		var snapshot bytes.Buffer
 		io.Copy(&snapshot, ringBuffer)
@@ -2167,8 +2206,8 @@ func awsAwsjson11_deserializeOpErrorPutRegistryCatalogData(response *smithyhttp.
 	}
 
 	errorBody.Seek(0, io.SeekStart)
-	if len(code) != 0 {
-		errorCode = restjson.SanitizeErrorCode(code)
+	if len(headerCode) == 0 && len(jsonCode) != 0 {
+		errorCode = restjson.SanitizeErrorCode(jsonCode)
 	}
 	if len(message) != 0 {
 		errorMessage = message
@@ -2261,9 +2300,9 @@ func awsAwsjson11_deserializeOpErrorPutRepositoryCatalogData(response *smithyhtt
 	errorCode := "UnknownError"
 	errorMessage := errorCode
 
-	code := response.Header.Get("X-Amzn-ErrorType")
-	if len(code) != 0 {
-		errorCode = restjson.SanitizeErrorCode(code)
+	headerCode := response.Header.Get("X-Amzn-ErrorType")
+	if len(headerCode) != 0 {
+		errorCode = restjson.SanitizeErrorCode(headerCode)
 	}
 
 	var buff [1024]byte
@@ -2272,7 +2311,7 @@ func awsAwsjson11_deserializeOpErrorPutRepositoryCatalogData(response *smithyhtt
 	body := io.TeeReader(errorBody, ringBuffer)
 	decoder := json.NewDecoder(body)
 	decoder.UseNumber()
-	code, message, err := restjson.GetErrorInfo(decoder)
+	jsonCode, message, err := restjson.GetErrorInfo(decoder)
 	if err != nil {
 		var snapshot bytes.Buffer
 		io.Copy(&snapshot, ringBuffer)
@@ -2284,8 +2323,8 @@ func awsAwsjson11_deserializeOpErrorPutRepositoryCatalogData(response *smithyhtt
 	}
 
 	errorBody.Seek(0, io.SeekStart)
-	if len(code) != 0 {
-		errorCode = restjson.SanitizeErrorCode(code)
+	if len(headerCode) == 0 && len(jsonCode) != 0 {
+		errorCode = restjson.SanitizeErrorCode(jsonCode)
 	}
 	if len(message) != 0 {
 		errorMessage = message
@@ -2301,6 +2340,9 @@ func awsAwsjson11_deserializeOpErrorPutRepositoryCatalogData(response *smithyhtt
 	case strings.EqualFold("ServerException", errorCode):
 		return awsAwsjson11_deserializeErrorServerException(response, errorBody)
 
+	case strings.EqualFold("UnsupportedCommandException", errorCode):
+		return awsAwsjson11_deserializeErrorUnsupportedCommandException(response, errorBody)
+
 	default:
 		genericError := &smithy.GenericAPIError{
 			Code:    errorCode,
@@ -2378,9 +2420,9 @@ func awsAwsjson11_deserializeOpErrorSetRepositoryPolicy(response *smithyhttp.Res
 	errorCode := "UnknownError"
 	errorMessage := errorCode
 
-	code := response.Header.Get("X-Amzn-ErrorType")
-	if len(code) != 0 {
-		errorCode = restjson.SanitizeErrorCode(code)
+	headerCode := response.Header.Get("X-Amzn-ErrorType")
+	if len(headerCode) != 0 {
+		errorCode = restjson.SanitizeErrorCode(headerCode)
 	}
 
 	var buff [1024]byte
@@ -2389,7 +2431,7 @@ func awsAwsjson11_deserializeOpErrorSetRepositoryPolicy(response *smithyhttp.Res
 	body := io.TeeReader(errorBody, ringBuffer)
 	decoder := json.NewDecoder(body)
 	decoder.UseNumber()
-	code, message, err := restjson.GetErrorInfo(decoder)
+	jsonCode, message, err := restjson.GetErrorInfo(decoder)
 	if err != nil {
 		var snapshot bytes.Buffer
 		io.Copy(&snapshot, ringBuffer)
@@ -2401,8 +2443,8 @@ func awsAwsjson11_deserializeOpErrorSetRepositoryPolicy(response *smithyhttp.Res
 	}
 
 	errorBody.Seek(0, io.SeekStart)
-	if len(code) != 0 {
-		errorCode = restjson.SanitizeErrorCode(code)
+	if len(headerCode) == 0 && len(jsonCode) != 0 {
+		errorCode = restjson.SanitizeErrorCode(jsonCode)
 	}
 	if len(message) != 0 {
 		errorMessage = message
@@ -2418,6 +2460,9 @@ func awsAwsjson11_deserializeOpErrorSetRepositoryPolicy(response *smithyhttp.Res
 	case strings.EqualFold("ServerException", errorCode):
 		return awsAwsjson11_deserializeErrorServerException(response, errorBody)
 
+	case strings.EqualFold("UnsupportedCommandException", errorCode):
+		return awsAwsjson11_deserializeErrorUnsupportedCommandException(response, errorBody)
+
 	default:
 		genericError := &smithy.GenericAPIError{
 			Code:    errorCode,
@@ -2495,9 +2540,9 @@ func awsAwsjson11_deserializeOpErrorTagResource(response *smithyhttp.Response, m
 	errorCode := "UnknownError"
 	errorMessage := errorCode
 
-	code := response.Header.Get("X-Amzn-ErrorType")
-	if len(code) != 0 {
-		errorCode = restjson.SanitizeErrorCode(code)
+	headerCode := response.Header.Get("X-Amzn-ErrorType")
+	if len(headerCode) != 0 {
+		errorCode = restjson.SanitizeErrorCode(headerCode)
 	}
 
 	var buff [1024]byte
@@ -2506,7 +2551,7 @@ func awsAwsjson11_deserializeOpErrorTagResource(response *smithyhttp.Response, m
 	body := io.TeeReader(errorBody, ringBuffer)
 	decoder := json.NewDecoder(body)
 	decoder.UseNumber()
-	code, message, err := restjson.GetErrorInfo(decoder)
+	jsonCode, message, err := restjson.GetErrorInfo(decoder)
 	if err != nil {
 		var snapshot bytes.Buffer
 		io.Copy(&snapshot, ringBuffer)
@@ -2518,8 +2563,8 @@ func awsAwsjson11_deserializeOpErrorTagResource(response *smithyhttp.Response, m
 	}
 
 	errorBody.Seek(0, io.SeekStart)
-	if len(code) != 0 {
-		errorCode = restjson.SanitizeErrorCode(code)
+	if len(headerCode) == 0 && len(jsonCode) != 0 {
+		errorCode = restjson.SanitizeErrorCode(jsonCode)
 	}
 	if len(message) != 0 {
 		errorMessage = message
@@ -2541,6 +2586,9 @@ func awsAwsjson11_deserializeOpErrorTagResource(response *smithyhttp.Response, m
 	case strings.EqualFold("TooManyTagsException", errorCode):
 		return awsAwsjson11_deserializeErrorTooManyTagsException(response, errorBody)
 
+	case strings.EqualFold("UnsupportedCommandException", errorCode):
+		return awsAwsjson11_deserializeErrorUnsupportedCommandException(response, errorBody)
+
 	default:
 		genericError := &smithy.GenericAPIError{
 			Code:    errorCode,
@@ -2618,9 +2666,9 @@ func awsAwsjson11_deserializeOpErrorUntagResource(response *smithyhttp.Response,
 	errorCode := "UnknownError"
 	errorMessage := errorCode
 
-	code := response.Header.Get("X-Amzn-ErrorType")
-	if len(code) != 0 {
-		errorCode = restjson.SanitizeErrorCode(code)
+	headerCode := response.Header.Get("X-Amzn-ErrorType")
+	if len(headerCode) != 0 {
+		errorCode = restjson.SanitizeErrorCode(headerCode)
 	}
 
 	var buff [1024]byte
@@ -2629,7 +2677,7 @@ func awsAwsjson11_deserializeOpErrorUntagResource(response *smithyhttp.Response,
 	body := io.TeeReader(errorBody, ringBuffer)
 	decoder := json.NewDecoder(body)
 	decoder.UseNumber()
-	code, message, err := restjson.GetErrorInfo(decoder)
+	jsonCode, message, err := restjson.GetErrorInfo(decoder)
 	if err != nil {
 		var snapshot bytes.Buffer
 		io.Copy(&snapshot, ringBuffer)
@@ -2641,8 +2689,8 @@ func awsAwsjson11_deserializeOpErrorUntagResource(response *smithyhttp.Response,
 	}
 
 	errorBody.Seek(0, io.SeekStart)
-	if len(code) != 0 {
-		errorCode = restjson.SanitizeErrorCode(code)
+	if len(headerCode) == 0 && len(jsonCode) != 0 {
+		errorCode = restjson.SanitizeErrorCode(jsonCode)
 	}
 	if len(message) != 0 {
 		errorMessage = message
@@ -2664,6 +2712,9 @@ func awsAwsjson11_deserializeOpErrorUntagResource(response *smithyhttp.Response,
 	case strings.EqualFold("TooManyTagsException", errorCode):
 		return awsAwsjson11_deserializeErrorTooManyTagsException(response, errorBody)
 
+	case strings.EqualFold("UnsupportedCommandException", errorCode):
+		return awsAwsjson11_deserializeErrorUnsupportedCommandException(response, errorBody)
+
 	default:
 		genericError := &smithy.GenericAPIError{
 			Code:    errorCode,
@@ -2741,9 +2792,9 @@ func awsAwsjson11_deserializeOpErrorUploadLayerPart(response *smithyhttp.Respons
 	errorCode := "UnknownError"
 	errorMessage := errorCode
 
-	code := response.Header.Get("X-Amzn-ErrorType")
-	if len(code) != 0 {
-		errorCode = restjson.SanitizeErrorCode(code)
+	headerCode := response.Header.Get("X-Amzn-ErrorType")
+	if len(headerCode) != 0 {
+		errorCode = restjson.SanitizeErrorCode(headerCode)
 	}
 
 	var buff [1024]byte
@@ -2752,7 +2803,7 @@ func awsAwsjson11_deserializeOpErrorUploadLayerPart(response *smithyhttp.Respons
 	body := io.TeeReader(errorBody, ringBuffer)
 	decoder := json.NewDecoder(body)
 	decoder.UseNumber()
-	code, message, err := restjson.GetErrorInfo(decoder)
+	jsonCode, message, err := restjson.GetErrorInfo(decoder)
 	if err != nil {
 		var snapshot bytes.Buffer
 		io.Copy(&snapshot, ringBuffer)
@@ -2764,8 +2815,8 @@ func awsAwsjson11_deserializeOpErrorUploadLayerPart(response *smithyhttp.Respons
 	}
 
 	errorBody.Seek(0, io.SeekStart)
-	if len(code) != 0 {
-		errorCode = restjson.SanitizeErrorCode(code)
+	if len(headerCode) == 0 && len(jsonCode) != 0 {
+		errorCode = restjson.SanitizeErrorCode(jsonCode)
 	}
 	if len(message) != 0 {
 		errorMessage = message
@@ -3366,6 +3417,41 @@ func awsAwsjson11_deserializeErrorRepositoryAlreadyExistsException(response *smi
 	return output
 }
 
+func awsAwsjson11_deserializeErrorRepositoryCatalogDataNotFoundException(response *smithyhttp.Response, errorBody *bytes.Reader) error {
+	var buff [1024]byte
+	ringBuffer := smithyio.NewRingBuffer(buff[:])
+
+	body := io.TeeReader(errorBody, ringBuffer)
+	decoder := json.NewDecoder(body)
+	decoder.UseNumber()
+	var shape interface{}
+	if err := decoder.Decode(&shape); err != nil && err != io.EOF {
+		var snapshot bytes.Buffer
+		io.Copy(&snapshot, ringBuffer)
+		err = &smithy.DeserializationError{
+			Err:      fmt.Errorf("failed to decode response body, %w", err),
+			Snapshot: snapshot.Bytes(),
+		}
+		return err
+	}
+
+	output := &types.RepositoryCatalogDataNotFoundException{}
+	err := awsAwsjson11_deserializeDocumentRepositoryCatalogDataNotFoundException(&output, shape)
+
+	if err != nil {
+		var snapshot bytes.Buffer
+		io.Copy(&snapshot, ringBuffer)
+		err = &smithy.DeserializationError{
+			Err:      fmt.Errorf("failed to decode response body, %w", err),
+			Snapshot: snapshot.Bytes(),
+		}
+		return err
+	}
+
+	errorBody.Seek(0, io.SeekStart)
+	return output
+}
+
 func awsAwsjson11_deserializeErrorRepositoryNotEmptyException(response *smithyhttp.Response, errorBody *bytes.Reader) error {
 	var buff [1024]byte
 	ringBuffer := smithyio.NewRingBuffer(buff[:])
@@ -5637,6 +5723,46 @@ func awsAwsjson11_deserializeDocumentRepositoryCatalogData(v **types.RepositoryC
 	return nil
 }
 
+func awsAwsjson11_deserializeDocumentRepositoryCatalogDataNotFoundException(v **types.RepositoryCatalogDataNotFoundException, value interface{}) error {
+	if v == nil {
+		return fmt.Errorf("unexpected nil of type %T", v)
+	}
+	if value == nil {
+		return nil
+	}
+
+	shape, ok := value.(map[string]interface{})
+	if !ok {
+		return fmt.Errorf("unexpected JSON type %v", value)
+	}
+
+	var sv *types.RepositoryCatalogDataNotFoundException
+	if *v == nil {
+		sv = &types.RepositoryCatalogDataNotFoundException{}
+	} else {
+		sv = *v
+	}
+
+	for key, value := range shape {
+		switch key {
+		case "message":
+			if value != nil {
+				jtv, ok := value.(string)
+				if !ok {
+					return fmt.Errorf("expected ExceptionMessage to be of type string, got %T instead", value)
+				}
+				sv.Message = ptr.String(jtv)
+			}
+
+		default:
+			_, _ = key, value
+
+		}
+	}
+	*v = sv
+	return nil
+}
+
 func awsAwsjson11_deserializeDocumentRepositoryList(v *[]types.Repository, value interface{}) error {
 	if v == nil {
 		return fmt.Errorf("unexpected nil of type %T", v)
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/doc.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/doc.go
index a17297a09..8706038fd 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/doc.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/doc.go
@@ -4,12 +4,12 @@
 // Amazon Elastic Container Registry Public.
 //
 // Amazon Elastic Container Registry Public Amazon Elastic Container Registry
-// (Amazon ECR) is a managed container image registry service. Amazon ECR provides
-// both public and private registries to host your container images. You can use
-// the familiar Docker CLI, or their preferred client, to push, pull, and manage
+// Public (Amazon ECR Public) is a managed container image registry service. Amazon
+// ECR provides both public and private registries to host your container images.
+// You can use the Docker CLI or your preferred client to push, pull, and manage
 // images. Amazon ECR provides a secure, scalable, and reliable registry for your
 // Docker or Open Container Initiative (OCI) images. Amazon ECR supports public
 // repositories with this API. For information about the Amazon ECR API for private
-// repositories, see Amazon Elastic Container Registry API Reference
-// (https://docs.aws.amazon.com/AmazonECR/latest/APIReference/Welcome.html).
+// repositories, see Amazon Elastic Container Registry API Reference (https://docs.aws.amazon.com/AmazonECR/latest/APIReference/Welcome.html)
+// .
 package ecrpublic
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/endpoints.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/endpoints.go
index 071eca69c..b2ed73070 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/endpoints.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/endpoints.go
@@ -8,9 +8,13 @@ import (
 	"fmt"
 	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
+	"github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn"
 	internalendpoints "github.com/aws/aws-sdk-go-v2/service/ecrpublic/internal/endpoints"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
+	"github.com/aws/smithy-go/ptr"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
+	"net/http"
 	"net/url"
 	"strings"
 )
@@ -39,13 +43,6 @@ func (fn EndpointResolverFunc) ResolveEndpoint(region string, options EndpointRe
 	return fn(region, options)
 }
 
-func resolveDefaultEndpointConfiguration(o *Options) {
-	if o.EndpointResolver != nil {
-		return
-	}
-	o.EndpointResolver = NewDefaultEndpointResolver()
-}
-
 // EndpointResolverFromURL returns an EndpointResolver configured using the
 // provided endpoint url. By default, the resolved endpoint resolver uses the
 // client region as signing region, and the endpoint source is set to
@@ -79,6 +76,10 @@ func (*ResolveEndpoint) ID() string {
 func (m *ResolveEndpoint) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
 	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
 ) {
+	if !awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
 	req, ok := in.Request.(*smithyhttp.Request)
 	if !ok {
 		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
@@ -94,6 +95,11 @@ func (m *ResolveEndpoint) HandleSerialize(ctx context.Context, in middleware.Ser
 	var endpoint aws.Endpoint
 	endpoint, err = m.Resolver.ResolveEndpoint(awsmiddleware.GetRegion(ctx), eo)
 	if err != nil {
+		nf := (&aws.EndpointNotFoundError{})
+		if errors.As(err, &nf) {
+			ctx = awsmiddleware.SetRequiresLegacyEndpoints(ctx, false)
+			return next.HandleSerialize(ctx, in)
+		}
 		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
 	}
 
@@ -129,27 +135,10 @@ func removeResolveEndpointMiddleware(stack *middleware.Stack) error {
 
 type wrappedEndpointResolver struct {
 	awsResolver aws.EndpointResolverWithOptions
-	resolver    EndpointResolver
 }
 
 func (w *wrappedEndpointResolver) ResolveEndpoint(region string, options EndpointResolverOptions) (endpoint aws.Endpoint, err error) {
-	if w.awsResolver == nil {
-		goto fallback
-	}
-	endpoint, err = w.awsResolver.ResolveEndpoint(ServiceID, region, options)
-	if err == nil {
-		return endpoint, nil
-	}
-
-	if nf := (&aws.EndpointNotFoundError{}); !errors.As(err, &nf) {
-		return endpoint, err
-	}
-
-fallback:
-	if w.resolver == nil {
-		return endpoint, fmt.Errorf("default endpoint resolver provided was nil")
-	}
-	return w.resolver.ResolveEndpoint(region, options)
+	return w.awsResolver.ResolveEndpoint(ServiceID, region, options)
 }
 
 type awsEndpointResolverAdaptor func(service, region string) (aws.Endpoint, error)
@@ -160,12 +149,13 @@ func (a awsEndpointResolverAdaptor) ResolveEndpoint(service, region string, opti
 
 var _ aws.EndpointResolverWithOptions = awsEndpointResolverAdaptor(nil)
 
-// withEndpointResolver returns an EndpointResolver that first delegates endpoint resolution to the awsResolver.
-// If awsResolver returns aws.EndpointNotFoundError error, the resolver will use the the provided
-// fallbackResolver for resolution.
+// withEndpointResolver returns an aws.EndpointResolverWithOptions that first delegates endpoint resolution to the awsResolver.
+// If awsResolver returns aws.EndpointNotFoundError error, the v1 resolver middleware will swallow the error,
+// and set an appropriate context flag such that fallback will occur when EndpointResolverV2 is invoked
+// via its middleware.
 //
-// fallbackResolver must not be nil
-func withEndpointResolver(awsResolver aws.EndpointResolver, awsResolverWithOptions aws.EndpointResolverWithOptions, fallbackResolver EndpointResolver) EndpointResolver {
+// If another error (besides aws.EndpointNotFoundError) is returned, then that error will be propagated.
+func withEndpointResolver(awsResolver aws.EndpointResolver, awsResolverWithOptions aws.EndpointResolverWithOptions) EndpointResolver {
 	var resolver aws.EndpointResolverWithOptions
 
 	if awsResolverWithOptions != nil {
@@ -176,7 +166,6 @@ func withEndpointResolver(awsResolver aws.EndpointResolver, awsResolverWithOptio
 
 	return &wrappedEndpointResolver{
 		awsResolver: resolver,
-		resolver:    fallbackResolver,
 	}
 }
 
@@ -198,3 +187,294 @@ func finalizeClientEndpointResolverOptions(options *Options) {
 	}
 
 }
+
+func resolveEndpointResolverV2(options *Options) {
+	if options.EndpointResolverV2 == nil {
+		options.EndpointResolverV2 = NewDefaultEndpointResolverV2()
+	}
+}
+
+// Utility function to aid with translating pseudo-regions to classical regions
+// with the appropriate setting indicated by the pseudo-region
+func mapPseudoRegion(pr string) (region string, fips aws.FIPSEndpointState) {
+	const fipsInfix = "-fips-"
+	const fipsPrefix = "fips-"
+	const fipsSuffix = "-fips"
+
+	if strings.Contains(pr, fipsInfix) ||
+		strings.Contains(pr, fipsPrefix) ||
+		strings.Contains(pr, fipsSuffix) {
+		region = strings.ReplaceAll(strings.ReplaceAll(strings.ReplaceAll(
+			pr, fipsInfix, "-"), fipsPrefix, ""), fipsSuffix, "")
+		fips = aws.FIPSEndpointStateEnabled
+	} else {
+		region = pr
+	}
+
+	return region, fips
+}
+
+// builtInParameterResolver is the interface responsible for resolving BuiltIn
+// values during the sourcing of EndpointParameters
+type builtInParameterResolver interface {
+	ResolveBuiltIns(*EndpointParameters) error
+}
+
+// builtInResolver resolves modeled BuiltIn values using only the members defined
+// below.
+type builtInResolver struct {
+	// The AWS region used to dispatch the request.
+	Region string
+
+	// Sourced BuiltIn value in a historical enabled or disabled state.
+	UseDualStack aws.DualStackEndpointState
+
+	// Sourced BuiltIn value in a historical enabled or disabled state.
+	UseFIPS aws.FIPSEndpointState
+
+	// Base endpoint that can potentially be modified during Endpoint resolution.
+	Endpoint *string
+}
+
+// Invoked at runtime to resolve BuiltIn Values. Only resolution code specific to
+// each BuiltIn value is generated.
+func (b *builtInResolver) ResolveBuiltIns(params *EndpointParameters) error {
+
+	region, _ := mapPseudoRegion(b.Region)
+	if len(region) == 0 {
+		return fmt.Errorf("Could not resolve AWS::Region")
+	} else {
+		params.Region = aws.String(region)
+	}
+	if b.UseDualStack == aws.DualStackEndpointStateEnabled {
+		params.UseDualStack = aws.Bool(true)
+	} else {
+		params.UseDualStack = aws.Bool(false)
+	}
+	if b.UseFIPS == aws.FIPSEndpointStateEnabled {
+		params.UseFIPS = aws.Bool(true)
+	} else {
+		params.UseFIPS = aws.Bool(false)
+	}
+	params.Endpoint = b.Endpoint
+	return nil
+}
+
+// EndpointParameters provides the parameters that influence how endpoints are
+// resolved.
+type EndpointParameters struct {
+	// The AWS region used to dispatch the request.
+	//
+	// Parameter is
+	// required.
+	//
+	// AWS::Region
+	Region *string
+
+	// When true, use the dual-stack endpoint. If the configured endpoint does not
+	// support dual-stack, dispatching the request MAY return an error.
+	//
+	// Defaults to
+	// false if no value is provided.
+	//
+	// AWS::UseDualStack
+	UseDualStack *bool
+
+	// When true, send this request to the FIPS-compliant regional endpoint. If the
+	// configured endpoint does not have a FIPS compliant endpoint, dispatching the
+	// request will return an error.
+	//
+	// Defaults to false if no value is
+	// provided.
+	//
+	// AWS::UseFIPS
+	UseFIPS *bool
+
+	// Override the endpoint used to send this request
+	//
+	// Parameter is
+	// required.
+	//
+	// SDK::Endpoint
+	Endpoint *string
+}
+
+// ValidateRequired validates required parameters are set.
+func (p EndpointParameters) ValidateRequired() error {
+	if p.UseDualStack == nil {
+		return fmt.Errorf("parameter UseDualStack is required")
+	}
+
+	if p.UseFIPS == nil {
+		return fmt.Errorf("parameter UseFIPS is required")
+	}
+
+	return nil
+}
+
+// WithDefaults returns a shallow copy of EndpointParameterswith default values
+// applied to members where applicable.
+func (p EndpointParameters) WithDefaults() EndpointParameters {
+	if p.UseDualStack == nil {
+		p.UseDualStack = ptr.Bool(false)
+	}
+
+	if p.UseFIPS == nil {
+		p.UseFIPS = ptr.Bool(false)
+	}
+	return p
+}
+
+// EndpointResolverV2 provides the interface for resolving service endpoints.
+type EndpointResolverV2 interface {
+	// ResolveEndpoint attempts to resolve the endpoint with the provided options,
+	// returning the endpoint if found. Otherwise an error is returned.
+	ResolveEndpoint(ctx context.Context, params EndpointParameters) (
+		smithyendpoints.Endpoint, error,
+	)
+}
+
+// resolver provides the implementation for resolving endpoints.
+type resolver struct{}
+
+func NewDefaultEndpointResolverV2() EndpointResolverV2 {
+	return &resolver{}
+}
+
+// ResolveEndpoint attempts to resolve the endpoint with the provided options,
+// returning the endpoint if found. Otherwise an error is returned.
+func (r *resolver) ResolveEndpoint(
+	ctx context.Context, params EndpointParameters,
+) (
+	endpoint smithyendpoints.Endpoint, err error,
+) {
+	params = params.WithDefaults()
+	if err = params.ValidateRequired(); err != nil {
+		return endpoint, fmt.Errorf("endpoint parameters are not valid, %w", err)
+	}
+	_UseDualStack := *params.UseDualStack
+	_UseFIPS := *params.UseFIPS
+
+	if exprVal := params.Endpoint; exprVal != nil {
+		_Endpoint := *exprVal
+		_ = _Endpoint
+		if _UseFIPS == true {
+			return endpoint, fmt.Errorf("endpoint rule error, %s", "Invalid Configuration: FIPS and custom endpoint are not supported")
+		}
+		if _UseDualStack == true {
+			return endpoint, fmt.Errorf("endpoint rule error, %s", "Invalid Configuration: Dualstack and custom endpoint are not supported")
+		}
+		uriString := _Endpoint
+
+		uri, err := url.Parse(uriString)
+		if err != nil {
+			return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+		}
+
+		return smithyendpoints.Endpoint{
+			URI:     *uri,
+			Headers: http.Header{},
+		}, nil
+	}
+	if exprVal := params.Region; exprVal != nil {
+		_Region := *exprVal
+		_ = _Region
+		if exprVal := awsrulesfn.GetPartition(_Region); exprVal != nil {
+			_PartitionResult := *exprVal
+			_ = _PartitionResult
+			if _UseFIPS == true {
+				if _UseDualStack == true {
+					if true == _PartitionResult.SupportsFIPS {
+						if true == _PartitionResult.SupportsDualStack {
+							uriString := func() string {
+								var out strings.Builder
+								out.WriteString("https://api.ecr-public-fips.")
+								out.WriteString(_Region)
+								out.WriteString(".")
+								out.WriteString(_PartitionResult.DualStackDnsSuffix)
+								return out.String()
+							}()
+
+							uri, err := url.Parse(uriString)
+							if err != nil {
+								return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+							}
+
+							return smithyendpoints.Endpoint{
+								URI:     *uri,
+								Headers: http.Header{},
+							}, nil
+						}
+					}
+					return endpoint, fmt.Errorf("endpoint rule error, %s", "FIPS and DualStack are enabled, but this partition does not support one or both")
+				}
+			}
+			if _UseFIPS == true {
+				if true == _PartitionResult.SupportsFIPS {
+					uriString := func() string {
+						var out strings.Builder
+						out.WriteString("https://api.ecr-public-fips.")
+						out.WriteString(_Region)
+						out.WriteString(".")
+						out.WriteString(_PartitionResult.DnsSuffix)
+						return out.String()
+					}()
+
+					uri, err := url.Parse(uriString)
+					if err != nil {
+						return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+					}
+
+					return smithyendpoints.Endpoint{
+						URI:     *uri,
+						Headers: http.Header{},
+					}, nil
+				}
+				return endpoint, fmt.Errorf("endpoint rule error, %s", "FIPS is enabled but this partition does not support FIPS")
+			}
+			if _UseDualStack == true {
+				if true == _PartitionResult.SupportsDualStack {
+					uriString := func() string {
+						var out strings.Builder
+						out.WriteString("https://api.ecr-public.")
+						out.WriteString(_Region)
+						out.WriteString(".")
+						out.WriteString(_PartitionResult.DualStackDnsSuffix)
+						return out.String()
+					}()
+
+					uri, err := url.Parse(uriString)
+					if err != nil {
+						return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+					}
+
+					return smithyendpoints.Endpoint{
+						URI:     *uri,
+						Headers: http.Header{},
+					}, nil
+				}
+				return endpoint, fmt.Errorf("endpoint rule error, %s", "DualStack is enabled but this partition does not support DualStack")
+			}
+			uriString := func() string {
+				var out strings.Builder
+				out.WriteString("https://api.ecr-public.")
+				out.WriteString(_Region)
+				out.WriteString(".")
+				out.WriteString(_PartitionResult.DnsSuffix)
+				return out.String()
+			}()
+
+			uri, err := url.Parse(uriString)
+			if err != nil {
+				return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+			}
+
+			return smithyendpoints.Endpoint{
+				URI:     *uri,
+				Headers: http.Header{},
+			}, nil
+		}
+		return endpoint, fmt.Errorf("Endpoint resolution failed. Invalid operation or environment input.")
+	}
+	return endpoint, fmt.Errorf("endpoint rule error, %s", "Invalid Configuration: Missing Region")
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/generated.json b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/generated.json
index a60655a86..067ae4319 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/generated.json
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/generated.json
@@ -3,7 +3,8 @@
         "github.com/aws/aws-sdk-go-v2": "v1.4.0",
         "github.com/aws/aws-sdk-go-v2/internal/configsources": "v0.0.0-00010101000000-000000000000",
         "github.com/aws/aws-sdk-go-v2/internal/endpoints/v2": "v2.0.0-00010101000000-000000000000",
-        "github.com/aws/smithy-go": "v1.4.0"
+        "github.com/aws/smithy-go": "v1.4.0",
+        "github.com/google/go-cmp": "v0.5.4"
     },
     "files": [
         "api_client.go",
@@ -34,6 +35,7 @@
         "deserializers.go",
         "doc.go",
         "endpoints.go",
+        "endpoints_test.go",
         "generated.json",
         "internal/endpoints/endpoints.go",
         "internal/endpoints/endpoints_test.go",
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/go_module_metadata.go
index 45b1d3dac..10b100d2f 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/go_module_metadata.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/go_module_metadata.go
@@ -3,4 +3,4 @@
 package ecrpublic
 
 // goModuleVersion is the tagged release for this module
-const goModuleVersion = "1.12.0"
+const goModuleVersion = "1.18.2"
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/internal/endpoints/endpoints.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/internal/endpoints/endpoints.go
index 356bda290..7f1222959 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/internal/endpoints/endpoints.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/internal/endpoints/endpoints.go
@@ -89,13 +89,17 @@ var partitionRegexp = struct {
 	AwsCn    *regexp.Regexp
 	AwsIso   *regexp.Regexp
 	AwsIsoB  *regexp.Regexp
+	AwsIsoE  *regexp.Regexp
+	AwsIsoF  *regexp.Regexp
 	AwsUsGov *regexp.Regexp
 }{
 
-	Aws:      regexp.MustCompile("^(us|eu|ap|sa|ca|me|af)\\-\\w+\\-\\d+$"),
+	Aws:      regexp.MustCompile("^(us|eu|ap|sa|ca|me|af|il)\\-\\w+\\-\\d+$"),
 	AwsCn:    regexp.MustCompile("^cn\\-\\w+\\-\\d+$"),
 	AwsIso:   regexp.MustCompile("^us\\-iso\\-\\w+\\-\\d+$"),
 	AwsIsoB:  regexp.MustCompile("^us\\-isob\\-\\w+\\-\\d+$"),
+	AwsIsoE:  regexp.MustCompile("^eu\\-isoe\\-\\w+\\-\\d+$"),
+	AwsIsoF:  regexp.MustCompile("^us\\-isof\\-\\w+\\-\\d+$"),
 	AwsUsGov: regexp.MustCompile("^us\\-gov\\-\\w+\\-\\d+$"),
 }
 
@@ -134,6 +138,24 @@ var defaultPartitions = endpoints.Partitions{
 		},
 		RegionRegex:    partitionRegexp.Aws,
 		IsRegionalized: true,
+		Endpoints: endpoints.Endpoints{
+			endpoints.EndpointKey{
+				Region: "us-east-1",
+			}: endpoints.Endpoint{
+				Hostname: "api.ecr-public.us-east-1.amazonaws.com",
+				CredentialScope: endpoints.CredentialScope{
+					Region: "us-east-1",
+				},
+			},
+			endpoints.EndpointKey{
+				Region: "us-west-2",
+			}: endpoints.Endpoint{
+				Hostname: "api.ecr-public.us-west-2.amazonaws.com",
+				CredentialScope: endpoints.CredentialScope{
+					Region: "us-west-2",
+				},
+			},
+		},
 	},
 	{
 		ID: "aws-cn",
@@ -212,6 +234,48 @@ var defaultPartitions = endpoints.Partitions{
 		RegionRegex:    partitionRegexp.AwsIsoB,
 		IsRegionalized: true,
 	},
+	{
+		ID: "aws-iso-e",
+		Defaults: map[endpoints.DefaultKey]endpoints.Endpoint{
+			{
+				Variant: endpoints.FIPSVariant,
+			}: {
+				Hostname:          "api.ecr-public-fips.{region}.cloud.adc-e.uk",
+				Protocols:         []string{"https"},
+				SignatureVersions: []string{"v4"},
+			},
+			{
+				Variant: 0,
+			}: {
+				Hostname:          "api.ecr-public.{region}.cloud.adc-e.uk",
+				Protocols:         []string{"https"},
+				SignatureVersions: []string{"v4"},
+			},
+		},
+		RegionRegex:    partitionRegexp.AwsIsoE,
+		IsRegionalized: true,
+	},
+	{
+		ID: "aws-iso-f",
+		Defaults: map[endpoints.DefaultKey]endpoints.Endpoint{
+			{
+				Variant: endpoints.FIPSVariant,
+			}: {
+				Hostname:          "api.ecr-public-fips.{region}.csp.hci.ic.gov",
+				Protocols:         []string{"https"},
+				SignatureVersions: []string{"v4"},
+			},
+			{
+				Variant: 0,
+			}: {
+				Hostname:          "api.ecr-public.{region}.csp.hci.ic.gov",
+				Protocols:         []string{"https"},
+				SignatureVersions: []string{"v4"},
+			},
+		},
+		RegionRegex:    partitionRegexp.AwsIsoF,
+		IsRegionalized: true,
+	},
 	{
 		ID: "aws-us-gov",
 		Defaults: map[endpoints.DefaultKey]endpoints.Endpoint{
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/types/errors.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/types/errors.go
index 485ac0c1d..24f4d43c7 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/types/errors.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/types/errors.go
@@ -7,10 +7,12 @@ import (
 	smithy "github.com/aws/smithy-go"
 )
 
-// The specified layer upload does not contain any layer parts.
+// The specified layer upload doesn't contain any layer parts.
 type EmptyUploadException struct {
 	Message *string
 
+	ErrorCodeOverride *string
+
 	noSmithyDocumentSerde
 }
 
@@ -23,7 +25,12 @@ func (e *EmptyUploadException) ErrorMessage() string {
 	}
 	return *e.Message
 }
-func (e *EmptyUploadException) ErrorCode() string             { return "EmptyUploadException" }
+func (e *EmptyUploadException) ErrorCode() string {
+	if e == nil || e.ErrorCodeOverride == nil {
+		return "EmptyUploadException"
+	}
+	return *e.ErrorCodeOverride
+}
 func (e *EmptyUploadException) ErrorFault() smithy.ErrorFault { return smithy.FaultClient }
 
 // The specified image has already been pushed, and there were no changes to the
@@ -31,6 +38,8 @@ func (e *EmptyUploadException) ErrorFault() smithy.ErrorFault { return smithy.Fa
 type ImageAlreadyExistsException struct {
 	Message *string
 
+	ErrorCodeOverride *string
+
 	noSmithyDocumentSerde
 }
 
@@ -43,14 +52,21 @@ func (e *ImageAlreadyExistsException) ErrorMessage() string {
 	}
 	return *e.Message
 }
-func (e *ImageAlreadyExistsException) ErrorCode() string             { return "ImageAlreadyExistsException" }
+func (e *ImageAlreadyExistsException) ErrorCode() string {
+	if e == nil || e.ErrorCodeOverride == nil {
+		return "ImageAlreadyExistsException"
+	}
+	return *e.ErrorCodeOverride
+}
 func (e *ImageAlreadyExistsException) ErrorFault() smithy.ErrorFault { return smithy.FaultClient }
 
-// The specified image digest does not match the digest that Amazon ECR calculated
+// The specified image digest doesn't match the digest that Amazon ECR calculated
 // for the image.
 type ImageDigestDoesNotMatchException struct {
 	Message *string
 
+	ErrorCodeOverride *string
+
 	noSmithyDocumentSerde
 }
 
@@ -64,14 +80,19 @@ func (e *ImageDigestDoesNotMatchException) ErrorMessage() string {
 	return *e.Message
 }
 func (e *ImageDigestDoesNotMatchException) ErrorCode() string {
-	return "ImageDigestDoesNotMatchException"
+	if e == nil || e.ErrorCodeOverride == nil {
+		return "ImageDigestDoesNotMatchException"
+	}
+	return *e.ErrorCodeOverride
 }
 func (e *ImageDigestDoesNotMatchException) ErrorFault() smithy.ErrorFault { return smithy.FaultClient }
 
-// The image requested does not exist in the specified repository.
+// The image requested doesn't exist in the specified repository.
 type ImageNotFoundException struct {
 	Message *string
 
+	ErrorCodeOverride *string
+
 	noSmithyDocumentSerde
 }
 
@@ -84,7 +105,12 @@ func (e *ImageNotFoundException) ErrorMessage() string {
 	}
 	return *e.Message
 }
-func (e *ImageNotFoundException) ErrorCode() string             { return "ImageNotFoundException" }
+func (e *ImageNotFoundException) ErrorCode() string {
+	if e == nil || e.ErrorCodeOverride == nil {
+		return "ImageNotFoundException"
+	}
+	return *e.ErrorCodeOverride
+}
 func (e *ImageNotFoundException) ErrorFault() smithy.ErrorFault { return smithy.FaultClient }
 
 // The specified image is tagged with a tag that already exists. The repository is
@@ -92,6 +118,8 @@ func (e *ImageNotFoundException) ErrorFault() smithy.ErrorFault { return smithy.
 type ImageTagAlreadyExistsException struct {
 	Message *string
 
+	ErrorCodeOverride *string
+
 	noSmithyDocumentSerde
 }
 
@@ -104,14 +132,21 @@ func (e *ImageTagAlreadyExistsException) ErrorMessage() string {
 	}
 	return *e.Message
 }
-func (e *ImageTagAlreadyExistsException) ErrorCode() string             { return "ImageTagAlreadyExistsException" }
+func (e *ImageTagAlreadyExistsException) ErrorCode() string {
+	if e == nil || e.ErrorCodeOverride == nil {
+		return "ImageTagAlreadyExistsException"
+	}
+	return *e.ErrorCodeOverride
+}
 func (e *ImageTagAlreadyExistsException) ErrorFault() smithy.ErrorFault { return smithy.FaultClient }
 
-// The layer digest calculation performed by Amazon ECR upon receipt of the image
-// layer does not match the digest specified.
+// The layer digest calculation performed by Amazon ECR when the image layer
+// doesn't match the digest specified.
 type InvalidLayerException struct {
 	Message *string
 
+	ErrorCodeOverride *string
+
 	noSmithyDocumentSerde
 }
 
@@ -124,14 +159,21 @@ func (e *InvalidLayerException) ErrorMessage() string {
 	}
 	return *e.Message
 }
-func (e *InvalidLayerException) ErrorCode() string             { return "InvalidLayerException" }
+func (e *InvalidLayerException) ErrorCode() string {
+	if e == nil || e.ErrorCodeOverride == nil {
+		return "InvalidLayerException"
+	}
+	return *e.ErrorCodeOverride
+}
 func (e *InvalidLayerException) ErrorFault() smithy.ErrorFault { return smithy.FaultClient }
 
-// The layer part size is not valid, or the first byte specified is not consecutive
+// The layer part size isn't valid, or the first byte specified isn't consecutive
 // to the last byte of a previous layer part upload.
 type InvalidLayerPartException struct {
 	Message *string
 
+	ErrorCodeOverride *string
+
 	RegistryId            *string
 	RepositoryName        *string
 	UploadId              *string
@@ -149,7 +191,12 @@ func (e *InvalidLayerPartException) ErrorMessage() string {
 	}
 	return *e.Message
 }
-func (e *InvalidLayerPartException) ErrorCode() string             { return "InvalidLayerPartException" }
+func (e *InvalidLayerPartException) ErrorCode() string {
+	if e == nil || e.ErrorCodeOverride == nil {
+		return "InvalidLayerPartException"
+	}
+	return *e.ErrorCodeOverride
+}
 func (e *InvalidLayerPartException) ErrorFault() smithy.ErrorFault { return smithy.FaultClient }
 
 // The specified parameter is invalid. Review the available parameters for the API
@@ -157,6 +204,8 @@ func (e *InvalidLayerPartException) ErrorFault() smithy.ErrorFault { return smit
 type InvalidParameterException struct {
 	Message *string
 
+	ErrorCodeOverride *string
+
 	noSmithyDocumentSerde
 }
 
@@ -169,7 +218,12 @@ func (e *InvalidParameterException) ErrorMessage() string {
 	}
 	return *e.Message
 }
-func (e *InvalidParameterException) ErrorCode() string             { return "InvalidParameterException" }
+func (e *InvalidParameterException) ErrorCode() string {
+	if e == nil || e.ErrorCodeOverride == nil {
+		return "InvalidParameterException"
+	}
+	return *e.ErrorCodeOverride
+}
 func (e *InvalidParameterException) ErrorFault() smithy.ErrorFault { return smithy.FaultClient }
 
 // An invalid parameter has been specified. Tag keys can have a maximum character
@@ -178,6 +232,8 @@ func (e *InvalidParameterException) ErrorFault() smithy.ErrorFault { return smit
 type InvalidTagParameterException struct {
 	Message *string
 
+	ErrorCodeOverride *string
+
 	noSmithyDocumentSerde
 }
 
@@ -190,13 +246,20 @@ func (e *InvalidTagParameterException) ErrorMessage() string {
 	}
 	return *e.Message
 }
-func (e *InvalidTagParameterException) ErrorCode() string             { return "InvalidTagParameterException" }
+func (e *InvalidTagParameterException) ErrorCode() string {
+	if e == nil || e.ErrorCodeOverride == nil {
+		return "InvalidTagParameterException"
+	}
+	return *e.ErrorCodeOverride
+}
 func (e *InvalidTagParameterException) ErrorFault() smithy.ErrorFault { return smithy.FaultClient }
 
 // The image layer already exists in the associated repository.
 type LayerAlreadyExistsException struct {
 	Message *string
 
+	ErrorCodeOverride *string
+
 	noSmithyDocumentSerde
 }
 
@@ -209,13 +272,20 @@ func (e *LayerAlreadyExistsException) ErrorMessage() string {
 	}
 	return *e.Message
 }
-func (e *LayerAlreadyExistsException) ErrorCode() string             { return "LayerAlreadyExistsException" }
+func (e *LayerAlreadyExistsException) ErrorCode() string {
+	if e == nil || e.ErrorCodeOverride == nil {
+		return "LayerAlreadyExistsException"
+	}
+	return *e.ErrorCodeOverride
+}
 func (e *LayerAlreadyExistsException) ErrorFault() smithy.ErrorFault { return smithy.FaultClient }
 
 // Layer parts must be at least 5 MiB in size.
 type LayerPartTooSmallException struct {
 	Message *string
 
+	ErrorCodeOverride *string
+
 	noSmithyDocumentSerde
 }
 
@@ -228,14 +298,21 @@ func (e *LayerPartTooSmallException) ErrorMessage() string {
 	}
 	return *e.Message
 }
-func (e *LayerPartTooSmallException) ErrorCode() string             { return "LayerPartTooSmallException" }
+func (e *LayerPartTooSmallException) ErrorCode() string {
+	if e == nil || e.ErrorCodeOverride == nil {
+		return "LayerPartTooSmallException"
+	}
+	return *e.ErrorCodeOverride
+}
 func (e *LayerPartTooSmallException) ErrorFault() smithy.ErrorFault { return smithy.FaultClient }
 
-// The specified layers could not be found, or the specified layer is not valid for
+// The specified layers can't be found, or the specified layer isn't valid for
 // this repository.
 type LayersNotFoundException struct {
 	Message *string
 
+	ErrorCodeOverride *string
+
 	noSmithyDocumentSerde
 }
 
@@ -248,16 +325,22 @@ func (e *LayersNotFoundException) ErrorMessage() string {
 	}
 	return *e.Message
 }
-func (e *LayersNotFoundException) ErrorCode() string             { return "LayersNotFoundException" }
+func (e *LayersNotFoundException) ErrorCode() string {
+	if e == nil || e.ErrorCodeOverride == nil {
+		return "LayersNotFoundException"
+	}
+	return *e.ErrorCodeOverride
+}
 func (e *LayersNotFoundException) ErrorFault() smithy.ErrorFault { return smithy.FaultClient }
 
-// The operation did not succeed because it would have exceeded a service limit for
-// your account. For more information, see Amazon ECR Service Quotas
-// (https://docs.aws.amazon.com/AmazonECR/latest/userguide/service-quotas.html) in
-// the Amazon Elastic Container Registry User Guide.
+// The operation didn't succeed because it would have exceeded a service limit for
+// your account. For more information, see Amazon ECR Service Quotas (https://docs.aws.amazon.com/AmazonECR/latest/userguide/service-quotas.html)
+// in the Amazon Elastic Container Registry User Guide.
 type LimitExceededException struct {
 	Message *string
 
+	ErrorCodeOverride *string
+
 	noSmithyDocumentSerde
 }
 
@@ -270,13 +353,20 @@ func (e *LimitExceededException) ErrorMessage() string {
 	}
 	return *e.Message
 }
-func (e *LimitExceededException) ErrorCode() string             { return "LimitExceededException" }
+func (e *LimitExceededException) ErrorCode() string {
+	if e == nil || e.ErrorCodeOverride == nil {
+		return "LimitExceededException"
+	}
+	return *e.ErrorCodeOverride
+}
 func (e *LimitExceededException) ErrorFault() smithy.ErrorFault { return smithy.FaultClient }
 
-// The manifest list is referencing an image that does not exist.
+// The manifest list is referencing an image that doesn't exist.
 type ReferencedImagesNotFoundException struct {
 	Message *string
 
+	ErrorCodeOverride *string
+
 	noSmithyDocumentSerde
 }
 
@@ -290,14 +380,19 @@ func (e *ReferencedImagesNotFoundException) ErrorMessage() string {
 	return *e.Message
 }
 func (e *ReferencedImagesNotFoundException) ErrorCode() string {
-	return "ReferencedImagesNotFoundException"
+	if e == nil || e.ErrorCodeOverride == nil {
+		return "ReferencedImagesNotFoundException"
+	}
+	return *e.ErrorCodeOverride
 }
 func (e *ReferencedImagesNotFoundException) ErrorFault() smithy.ErrorFault { return smithy.FaultClient }
 
-// The registry does not exist.
+// The registry doesn't exist.
 type RegistryNotFoundException struct {
 	Message *string
 
+	ErrorCodeOverride *string
+
 	noSmithyDocumentSerde
 }
 
@@ -310,13 +405,20 @@ func (e *RegistryNotFoundException) ErrorMessage() string {
 	}
 	return *e.Message
 }
-func (e *RegistryNotFoundException) ErrorCode() string             { return "RegistryNotFoundException" }
+func (e *RegistryNotFoundException) ErrorCode() string {
+	if e == nil || e.ErrorCodeOverride == nil {
+		return "RegistryNotFoundException"
+	}
+	return *e.ErrorCodeOverride
+}
 func (e *RegistryNotFoundException) ErrorFault() smithy.ErrorFault { return smithy.FaultClient }
 
 // The specified repository already exists in the specified registry.
 type RepositoryAlreadyExistsException struct {
 	Message *string
 
+	ErrorCodeOverride *string
+
 	noSmithyDocumentSerde
 }
 
@@ -330,15 +432,48 @@ func (e *RepositoryAlreadyExistsException) ErrorMessage() string {
 	return *e.Message
 }
 func (e *RepositoryAlreadyExistsException) ErrorCode() string {
-	return "RepositoryAlreadyExistsException"
+	if e == nil || e.ErrorCodeOverride == nil {
+		return "RepositoryAlreadyExistsException"
+	}
+	return *e.ErrorCodeOverride
 }
 func (e *RepositoryAlreadyExistsException) ErrorFault() smithy.ErrorFault { return smithy.FaultClient }
 
+// The repository catalog data doesn't exist.
+type RepositoryCatalogDataNotFoundException struct {
+	Message *string
+
+	ErrorCodeOverride *string
+
+	noSmithyDocumentSerde
+}
+
+func (e *RepositoryCatalogDataNotFoundException) Error() string {
+	return fmt.Sprintf("%s: %s", e.ErrorCode(), e.ErrorMessage())
+}
+func (e *RepositoryCatalogDataNotFoundException) ErrorMessage() string {
+	if e.Message == nil {
+		return ""
+	}
+	return *e.Message
+}
+func (e *RepositoryCatalogDataNotFoundException) ErrorCode() string {
+	if e == nil || e.ErrorCodeOverride == nil {
+		return "RepositoryCatalogDataNotFoundException"
+	}
+	return *e.ErrorCodeOverride
+}
+func (e *RepositoryCatalogDataNotFoundException) ErrorFault() smithy.ErrorFault {
+	return smithy.FaultClient
+}
+
 // The specified repository contains images. To delete a repository that contains
 // images, you must force the deletion with the force parameter.
 type RepositoryNotEmptyException struct {
 	Message *string
 
+	ErrorCodeOverride *string
+
 	noSmithyDocumentSerde
 }
 
@@ -351,15 +486,21 @@ func (e *RepositoryNotEmptyException) ErrorMessage() string {
 	}
 	return *e.Message
 }
-func (e *RepositoryNotEmptyException) ErrorCode() string             { return "RepositoryNotEmptyException" }
+func (e *RepositoryNotEmptyException) ErrorCode() string {
+	if e == nil || e.ErrorCodeOverride == nil {
+		return "RepositoryNotEmptyException"
+	}
+	return *e.ErrorCodeOverride
+}
 func (e *RepositoryNotEmptyException) ErrorFault() smithy.ErrorFault { return smithy.FaultClient }
 
-// The specified repository could not be found. Check the spelling of the specified
-// repository and ensure that you are performing operations on the correct
-// registry.
+// The specified repository can't be found. Check the spelling of the specified
+// repository and ensure that you're performing operations on the correct registry.
 type RepositoryNotFoundException struct {
 	Message *string
 
+	ErrorCodeOverride *string
+
 	noSmithyDocumentSerde
 }
 
@@ -372,14 +513,21 @@ func (e *RepositoryNotFoundException) ErrorMessage() string {
 	}
 	return *e.Message
 }
-func (e *RepositoryNotFoundException) ErrorCode() string             { return "RepositoryNotFoundException" }
+func (e *RepositoryNotFoundException) ErrorCode() string {
+	if e == nil || e.ErrorCodeOverride == nil {
+		return "RepositoryNotFoundException"
+	}
+	return *e.ErrorCodeOverride
+}
 func (e *RepositoryNotFoundException) ErrorFault() smithy.ErrorFault { return smithy.FaultClient }
 
-// The specified repository and registry combination does not have an associated
+// The specified repository and registry combination doesn't have an associated
 // repository policy.
 type RepositoryPolicyNotFoundException struct {
 	Message *string
 
+	ErrorCodeOverride *string
+
 	noSmithyDocumentSerde
 }
 
@@ -393,7 +541,10 @@ func (e *RepositoryPolicyNotFoundException) ErrorMessage() string {
 	return *e.Message
 }
 func (e *RepositoryPolicyNotFoundException) ErrorCode() string {
-	return "RepositoryPolicyNotFoundException"
+	if e == nil || e.ErrorCodeOverride == nil {
+		return "RepositoryPolicyNotFoundException"
+	}
+	return *e.ErrorCodeOverride
 }
 func (e *RepositoryPolicyNotFoundException) ErrorFault() smithy.ErrorFault { return smithy.FaultClient }
 
@@ -401,6 +552,8 @@ func (e *RepositoryPolicyNotFoundException) ErrorFault() smithy.ErrorFault { ret
 type ServerException struct {
 	Message *string
 
+	ErrorCodeOverride *string
+
 	noSmithyDocumentSerde
 }
 
@@ -413,14 +566,21 @@ func (e *ServerException) ErrorMessage() string {
 	}
 	return *e.Message
 }
-func (e *ServerException) ErrorCode() string             { return "ServerException" }
+func (e *ServerException) ErrorCode() string {
+	if e == nil || e.ErrorCodeOverride == nil {
+		return "ServerException"
+	}
+	return *e.ErrorCodeOverride
+}
 func (e *ServerException) ErrorFault() smithy.ErrorFault { return smithy.FaultServer }
 
-// The list of tags on the repository is over the limit. The maximum number of tags
-// that can be applied to a repository is 50.
+// The list of tags on the repository is over the limit. The maximum number of
+// tags that can be applied to a repository is 50.
 type TooManyTagsException struct {
 	Message *string
 
+	ErrorCodeOverride *string
+
 	noSmithyDocumentSerde
 }
 
@@ -433,13 +593,20 @@ func (e *TooManyTagsException) ErrorMessage() string {
 	}
 	return *e.Message
 }
-func (e *TooManyTagsException) ErrorCode() string             { return "TooManyTagsException" }
+func (e *TooManyTagsException) ErrorCode() string {
+	if e == nil || e.ErrorCodeOverride == nil {
+		return "TooManyTagsException"
+	}
+	return *e.ErrorCodeOverride
+}
 func (e *TooManyTagsException) ErrorFault() smithy.ErrorFault { return smithy.FaultClient }
 
-// The action is not supported in this Region.
+// The action isn't supported in this Region.
 type UnsupportedCommandException struct {
 	Message *string
 
+	ErrorCodeOverride *string
+
 	noSmithyDocumentSerde
 }
 
@@ -452,14 +619,21 @@ func (e *UnsupportedCommandException) ErrorMessage() string {
 	}
 	return *e.Message
 }
-func (e *UnsupportedCommandException) ErrorCode() string             { return "UnsupportedCommandException" }
+func (e *UnsupportedCommandException) ErrorCode() string {
+	if e == nil || e.ErrorCodeOverride == nil {
+		return "UnsupportedCommandException"
+	}
+	return *e.ErrorCodeOverride
+}
 func (e *UnsupportedCommandException) ErrorFault() smithy.ErrorFault { return smithy.FaultClient }
 
-// The upload could not be found, or the specified upload ID is not valid for this
+// The upload can't be found, or the specified upload ID isn't valid for this
 // repository.
 type UploadNotFoundException struct {
 	Message *string
 
+	ErrorCodeOverride *string
+
 	noSmithyDocumentSerde
 }
 
@@ -472,5 +646,10 @@ func (e *UploadNotFoundException) ErrorMessage() string {
 	}
 	return *e.Message
 }
-func (e *UploadNotFoundException) ErrorCode() string             { return "UploadNotFoundException" }
+func (e *UploadNotFoundException) ErrorCode() string {
+	if e == nil || e.ErrorCodeOverride == nil {
+		return "UploadNotFoundException"
+	}
+	return *e.ErrorCodeOverride
+}
 func (e *UploadNotFoundException) ErrorFault() smithy.ErrorFault { return smithy.FaultClient }
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/types/types.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/types/types.go
index 731ea603d..b24a2f4e4 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/types/types.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/types/types.go
@@ -10,9 +10,9 @@ import (
 // An authorization token data object that corresponds to a public registry.
 type AuthorizationData struct {
 
-	// A base64-encoded string that contains authorization data for a public Amazon ECR
-	// registry. When the string is decoded, it is presented in the format
-	// user:password for public registry authentication using docker login.
+	// A base64-encoded string that contains authorization data for a public Amazon
+	// ECR registry. When the string is decoded, it's presented in the format
+	// user:password for public registry authentication using docker login .
 	AuthorizationToken *string
 
 	// The Unix time in seconds and milliseconds when the authorization token expires.
@@ -22,28 +22,29 @@ type AuthorizationData struct {
 	noSmithyDocumentSerde
 }
 
-// An object representing an Amazon ECR image.
+// An object that represents an Amazon ECR image.
 type Image struct {
 
-	// An object containing the image tag and image digest associated with an image.
+	// An object that contains the image tag and image digest associated with an image.
 	ImageId *ImageIdentifier
 
-	// The image manifest associated with the image.
+	// The image manifest that's associated with the image.
 	ImageManifest *string
 
 	// The manifest media type of the image.
 	ImageManifestMediaType *string
 
-	// The AWS account ID associated with the registry containing the image.
+	// The Amazon Web Services account ID that's associated with the registry
+	// containing the image.
 	RegistryId *string
 
-	// The name of the repository associated with the image.
+	// The name of the repository that's associated with the image.
 	RepositoryName *string
 
 	noSmithyDocumentSerde
 }
 
-// An object that describes an image returned by a DescribeImages operation.
+// An object that describes an image that's returned by a DescribeImages operation.
 type ImageDetail struct {
 
 	// The artifact media type of the image.
@@ -55,41 +56,41 @@ type ImageDetail struct {
 	// The media type of the image manifest.
 	ImageManifestMediaType *string
 
-	// The date and time, expressed in standard JavaScript date format, at which the
-	// current image was pushed to the repository.
+	// The date and time, expressed in standard JavaScript date format, that the
+	// current image was pushed to the repository at.
 	ImagePushedAt *time.Time
 
 	// The size, in bytes, of the image in the repository. If the image is a manifest
-	// list, this will be the max size of all manifests in the list. Beginning with
-	// Docker version 1.9, the Docker client compresses image layers before pushing
-	// them to a V2 Docker registry. The output of the docker images command shows the
-	// uncompressed image size, so it may return a larger image size than the image
-	// sizes returned by DescribeImages.
+	// list, this is the max size of all manifests in the list. Beginning with Docker
+	// version 1.9, the Docker client compresses image layers before pushing them to a
+	// V2 Docker registry. The output of the docker images command shows the
+	// uncompressed image size, so it might return a larger image size than the image
+	// sizes that are returned by DescribeImages .
 	ImageSizeInBytes *int64
 
-	// The list of tags associated with this image.
+	// The list of tags that's associated with this image.
 	ImageTags []string
 
-	// The AWS account ID associated with the public registry to which this image
-	// belongs.
+	// The Amazon Web Services account ID that's associated with the public registry
+	// where this image belongs.
 	RegistryId *string
 
-	// The name of the repository to which this image belongs.
+	// The name of the repository where this image belongs.
 	RepositoryName *string
 
 	noSmithyDocumentSerde
 }
 
-// An object representing an Amazon ECR image failure.
+// An object that represents an Amazon ECR image failure.
 type ImageFailure struct {
 
-	// The code associated with the failure.
+	// The code that's associated with the failure.
 	FailureCode ImageFailureCode
 
 	// The reason for the failure.
 	FailureReason *string
 
-	// The image ID associated with the failure.
+	// The image ID that's associated with the failure.
 	ImageId *ImageIdentifier
 
 	noSmithyDocumentSerde
@@ -101,28 +102,28 @@ type ImageIdentifier struct {
 	// The sha256 digest of the image manifest.
 	ImageDigest *string
 
-	// The tag used for the image.
+	// The tag that's used for the image.
 	ImageTag *string
 
 	noSmithyDocumentSerde
 }
 
-// An object representing the image tag details for an image.
+// An object that represents the image tag details for an image.
 type ImageTagDetail struct {
 
-	// The time stamp indicating when the image tag was created.
+	// The time stamp that indicates when the image tag was created.
 	CreatedAt *time.Time
 
 	// An object that describes the details of an image.
 	ImageDetail *ReferencedImageDetail
 
-	// The tag associated with the image.
+	// The tag that's associated with the image.
 	ImageTag *string
 
 	noSmithyDocumentSerde
 }
 
-// An object representing an Amazon ECR image layer.
+// An object that represents an Amazon ECR image layer.
 type Layer struct {
 
 	// The availability status of the image layer.
@@ -136,29 +137,29 @@ type Layer struct {
 
 	// The media type of the layer, such as
 	// application/vnd.docker.image.rootfs.diff.tar.gzip or
-	// application/vnd.oci.image.layer.v1.tar+gzip.
+	// application/vnd.oci.image.layer.v1.tar+gzip .
 	MediaType *string
 
 	noSmithyDocumentSerde
 }
 
-// An object representing an Amazon ECR image layer failure.
+// An object that represents an Amazon ECR image layer failure.
 type LayerFailure struct {
 
-	// The failure code associated with the failure.
+	// The failure code that's associated with the failure.
 	FailureCode LayerFailureCode
 
 	// The reason for the failure.
 	FailureReason *string
 
-	// The layer digest associated with the failure.
+	// The layer digest that's associated with the failure.
 	LayerDigest *string
 
 	noSmithyDocumentSerde
 }
 
-// An object that describes the image tag details returned by a DescribeImageTags
-// action.
+// An object that describes the image tag details that are returned by a
+// DescribeImageTags action.
 type ReferencedImageDetail struct {
 
 	// The artifact media type of the image.
@@ -170,16 +171,16 @@ type ReferencedImageDetail struct {
 	// The media type of the image manifest.
 	ImageManifestMediaType *string
 
-	// The date and time, expressed in standard JavaScript date format, at which the
-	// current image tag was pushed to the repository.
+	// The date and time, expressed in standard JavaScript date format, which the
+	// current image tag was pushed to the repository at.
 	ImagePushedAt *time.Time
 
 	// The size, in bytes, of the image in the repository. If the image is a manifest
-	// list, this will be the max size of all manifests in the list. Beginning with
-	// Docker version 1.9, the Docker client compresses image layers before pushing
-	// them to a V2 Docker registry. The output of the docker images command shows the
-	// uncompressed image size, so it may return a larger image size than the image
-	// sizes returned by DescribeImages.
+	// list, this is the max size of all manifests in the list. Beginning with Docker
+	// version 1.9, the Docker client compresses image layers before pushing them to a
+	// V2 Docker registry. The output of the docker images command shows the
+	// uncompressed image size, so it might return a larger image size than the image
+	// sizes that are returned by DescribeImages .
 	ImageSizeInBytes *int64
 
 	noSmithyDocumentSerde
@@ -188,7 +189,7 @@ type ReferencedImageDetail struct {
 // The details of a public registry.
 type Registry struct {
 
-	// An array of objects representing the aliases for a public registry.
+	// An array of objects that represents the aliases for a public registry.
 	//
 	// This member is required.
 	Aliases []RegistryAlias
@@ -198,8 +199,8 @@ type Registry struct {
 	// This member is required.
 	RegistryArn *string
 
-	// The AWS account ID associated with the registry. If you do not specify a
-	// registry, the default public registry is assumed.
+	// The Amazon Web Services account ID that's associated with the registry. If you
+	// do not specify a registry, the default public registry is assumed.
 	//
 	// This member is required.
 	RegistryId *string
@@ -210,9 +211,9 @@ type Registry struct {
 	// This member is required.
 	RegistryUri *string
 
-	// Whether the account is verified. This indicates whether the account is an AWS
-	// Marketplace vendor. If an account is verified, each public repository will
-	// received a verified account badge on the Amazon ECR Public Gallery.
+	// Indicates whether the account is a verified Amazon Web Services Marketplace
+	// vendor. If an account is verified, each public repository receives a verified
+	// account badge on the Amazon ECR Public Gallery.
 	//
 	// This member is required.
 	Verified *bool
@@ -221,14 +222,13 @@ type Registry struct {
 }
 
 // An object representing the aliases for a public registry. A public registry is
-// given an alias upon creation but a custom alias can be set using the Amazon ECR
-// console. For more information, see Registries
-// (https://docs.aws.amazon.com/AmazonECR/latest/userguide/Registries.html) in the
-// Amazon Elastic Container Registry User Guide.
+// given an alias when it's created. However, a custom alias can be set using the
+// Amazon ECR console. For more information, see Registries (https://docs.aws.amazon.com/AmazonECR/latest/userguide/Registries.html)
+// in the Amazon Elastic Container Registry User Guide.
 type RegistryAlias struct {
 
-	// Whether or not the registry alias is the default alias for the registry. When
-	// the first public repository is created, your public registry is assigned a
+	// Indicates whether the registry alias is the default alias for the registry.
+	// When the first public repository is created, your public registry is assigned a
 	// default registry alias.
 	//
 	// This member is required.
@@ -239,10 +239,10 @@ type RegistryAlias struct {
 	// This member is required.
 	Name *string
 
-	// Whether or not the registry alias is the primary alias for the registry. If
+	// Indicates whether the registry alias is the primary alias for the registry. If
 	// true, the alias is the primary registry alias and is displayed in both the
 	// repository URL and the image URI used in the docker pull commands on the Amazon
-	// ECR Public Gallery. A registry alias that is not the primary registry alias can
+	// ECR Public Gallery. A registry alias that isn't the primary registry alias can
 	// be used in the repository URI in a docker pull command.
 	//
 	// This member is required.
@@ -273,14 +273,14 @@ type Repository struct {
 	// The date and time, in JavaScript date format, when the repository was created.
 	CreatedAt *time.Time
 
-	// The AWS account ID associated with the public registry that contains the
-	// repository.
+	// The Amazon Web Services account ID that's associated with the public registry
+	// that contains the repository.
 	RegistryId *string
 
 	// The Amazon Resource Name (ARN) that identifies the repository. The ARN contains
-	// the arn:aws:ecr namespace, followed by the region of the repository, AWS account
-	// ID of the repository owner, repository namespace, and repository name. For
-	// example, arn:aws:ecr:region:012345678910:repository/test.
+	// the arn:aws:ecr namespace, followed by the region of the repository, Amazon Web
+	// Services account ID of the repository owner, repository namespace, and
+	// repository name. For example, arn:aws:ecr:region:012345678910:repository/test .
 	RepositoryArn *string
 
 	// The name of the repository.
@@ -297,27 +297,28 @@ type Repository struct {
 // ECR Public Gallery.
 type RepositoryCatalogData struct {
 
-	// The longform description of the contents of the repository. This text appears in
-	// the repository details on the Amazon ECR Public Gallery.
+	// The longform description of the contents of the repository. This text appears
+	// in the repository details on the Amazon ECR Public Gallery.
 	AboutText *string
 
 	// The architecture tags that are associated with the repository. Only supported
 	// operating system tags appear publicly in the Amazon ECR Public Gallery. For more
-	// information, see RepositoryCatalogDataInput.
+	// information, see RepositoryCatalogDataInput .
 	Architectures []string
 
 	// The short description of the repository.
 	Description *string
 
-	// The URL containing the logo associated with the repository.
+	// The URL that contains the logo that's associated with the repository.
 	LogoUrl *string
 
-	// Whether or not the repository is certified by AWS Marketplace.
+	// Indicates whether the repository is certified by Amazon Web Services
+	// Marketplace.
 	MarketplaceCertified *bool
 
 	// The operating system tags that are associated with the repository. Only
 	// supported operating system tags appear publicly in the Amazon ECR Public
-	// Gallery. For more information, see RepositoryCatalogDataInput.
+	// Gallery. For more information, see RepositoryCatalogDataInput .
 	OperatingSystems []string
 
 	// The longform usage details of the contents of the repository. The usage text
@@ -327,56 +328,46 @@ type RepositoryCatalogData struct {
 	noSmithyDocumentSerde
 }
 
-// An object containing the catalog data for a repository. This data is publicly
-// visible in the Amazon ECR Public Gallery.
+// An object that contains the catalog data for a repository. This data is
+// publicly visible in the Amazon ECR Public Gallery.
 type RepositoryCatalogDataInput struct {
 
-	// A detailed description of the contents of the repository. It is publicly visible
+	// A detailed description of the contents of the repository. It's publicly visible
 	// in the Amazon ECR Public Gallery. The text must be in markdown format.
 	AboutText *string
 
 	// The system architecture that the images in the repository are compatible with.
-	// On the Amazon ECR Public Gallery, the following supported architectures will
-	// appear as badges on the repository and are used as search filters.
-	//
-	// * Linux
-	//
-	// *
-	// Windows
-	//
-	// If an unsupported tag is added to your repository catalog data, it will
-	// be associated with the repository and can be retrieved using the API but will
-	// not be discoverable in the Amazon ECR Public Gallery.
+	// On the Amazon ECR Public Gallery, the following supported architectures appear
+	// as badges on the repository and are used as search filters. If an unsupported
+	// tag is added to your repository catalog data, it's associated with the
+	// repository and can be retrieved using the API but isn't discoverable in the
+	// Amazon ECR Public Gallery.
+	//   - ARM
+	//   - ARM 64
+	//   - x86
+	//   - x86-64
 	Architectures []string
 
-	// A short description of the contents of the repository. This text appears in both
-	// the image details and also when searching for repositories on the Amazon ECR
-	// Public Gallery.
+	// A short description of the contents of the repository. This text appears in
+	// both the image details and also when searching for repositories on the Amazon
+	// ECR Public Gallery.
 	Description *string
 
-	// The base64-encoded repository logo payload. The repository logo is only publicly
-	// visible in the Amazon ECR Public Gallery for verified accounts.
+	// The base64-encoded repository logo payload. The repository logo is only
+	// publicly visible in the Amazon ECR Public Gallery for verified accounts.
 	LogoImageBlob []byte
 
 	// The operating systems that the images in the repository are compatible with. On
-	// the Amazon ECR Public Gallery, the following supported operating systems will
-	// appear as badges on the repository and are used as search filters.
-	//
-	// * ARM
-	//
-	// * ARM
-	// 64
-	//
-	// * x86
-	//
-	// * x86-64
-	//
-	// If an unsupported tag is added to your repository catalog
-	// data, it will be associated with the repository and can be retrieved using the
-	// API but will not be discoverable in the Amazon ECR Public Gallery.
+	// the Amazon ECR Public Gallery, the following supported operating systems appear
+	// as badges on the repository and are used as search filters. If an unsupported
+	// tag is added to your repository catalog data, it's associated with the
+	// repository and can be retrieved using the API but isn't discoverable in the
+	// Amazon ECR Public Gallery.
+	//   - Linux
+	//   - Windows
 	OperatingSystems []string
 
-	// Detailed information on how to use the contents of the repository. It is
+	// Detailed information about how to use the contents of the repository. It's
 	// publicly visible in the Amazon ECR Public Gallery. The usage text provides
 	// context, support information, and additional usage details for users of the
 	// repository. The text must be in markdown format.
@@ -386,9 +377,9 @@ type RepositoryCatalogDataInput struct {
 }
 
 // The metadata that you apply to a resource to help you categorize and organize
-// them. Each tag consists of a key and an optional value, both of which you
-// define. Tag keys can have a maximum character length of 128 characters, and tag
-// values can have a maximum length of 256 characters.
+// them. Each tag consists of a key and an optional value. You define both. Tag
+// keys can have a maximum character length of 128 characters, and tag values can
+// have a maximum length of 256 characters.
 type Tag struct {
 
 	// One part of a key-value pair that make up a tag. A key is a general label that
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding/CHANGELOG.md
index dec755d42..289c55c23 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding/CHANGELOG.md
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding/CHANGELOG.md
@@ -1,3 +1,23 @@
+# v1.9.14 (2023-08-18)
+
+* No change notes available for this release.
+
+# v1.9.13 (2023-08-07)
+
+* No change notes available for this release.
+
+# v1.9.12 (2023-07-31)
+
+* No change notes available for this release.
+
+# v1.9.11 (2022-12-02)
+
+* No change notes available for this release.
+
+# v1.9.10 (2022-10-24)
+
+* No change notes available for this release.
+
 # v1.9.9 (2022-09-14)
 
 * No change notes available for this release.
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding/go_module_metadata.go
index 04ff9fb79..187ef12b3 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding/go_module_metadata.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding/go_module_metadata.go
@@ -3,4 +3,4 @@
 package acceptencoding
 
 // goModuleVersion is the tagged release for this module
-const goModuleVersion = "1.9.9"
+const goModuleVersion = "1.9.14"
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/checksum/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/checksum/CHANGELOG.md
index 90efb0987..cf2e59dd4 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/checksum/CHANGELOG.md
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/checksum/CHANGELOG.md
@@ -1,3 +1,75 @@
+# v1.1.36 (2023-08-21)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.1.35 (2023-08-18)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.1.34 (2023-08-17)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.1.33 (2023-08-07)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.1.32 (2023-07-31)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.1.31 (2023-07-28)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.1.30 (2023-07-13)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.1.29 (2023-06-13)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.1.28 (2023-04-24)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.1.27 (2023-04-07)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.1.26 (2023-03-21)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.1.25 (2023-03-10)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.1.24 (2023-02-20)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.1.23 (2023-02-03)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.1.22 (2022-12-15)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.1.21 (2022-12-02)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.1.20 (2022-10-24)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.1.19 (2022-10-21)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
 # v1.1.18 (2022-09-20)
 
 * **Dependency Update**: Updated to the latest SDK module versions
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/checksum/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/checksum/go_module_metadata.go
index c95af9a11..479bff9cb 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/checksum/go_module_metadata.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/checksum/go_module_metadata.go
@@ -3,4 +3,4 @@
 package checksum
 
 // goModuleVersion is the tagged release for this module
-const goModuleVersion = "1.1.18"
+const goModuleVersion = "1.1.36"
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url/CHANGELOG.md
index c60858a10..318955895 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url/CHANGELOG.md
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url/CHANGELOG.md
@@ -1,3 +1,39 @@
+# v1.9.37 (2023-10-12)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.9.36 (2023-10-06)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.9.35 (2023-08-21)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.9.34 (2023-08-18)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.9.33 (2023-08-17)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.9.32 (2023-08-07)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.9.31 (2023-07-31)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.9.30 (2023-07-28)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.9.29 (2023-07-13)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
 # v1.9.28 (2023-06-13)
 
 * **Dependency Update**: Updated to the latest SDK module versions
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url/go_module_metadata.go
index ea2621e47..1d73a0cde 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url/go_module_metadata.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url/go_module_metadata.go
@@ -3,4 +3,4 @@
 package presignedurl
 
 // goModuleVersion is the tagged release for this module
-const goModuleVersion = "1.9.28"
+const goModuleVersion = "1.9.37"
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/s3shared/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/s3shared/CHANGELOG.md
index ccc3c7479..a7676224d 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/s3shared/CHANGELOG.md
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/s3shared/CHANGELOG.md
@@ -1,3 +1,77 @@
+# v1.15.4 (2023-08-21)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.15.3 (2023-08-18)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.15.2 (2023-08-17)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.15.1 (2023-08-07)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.15.0 (2023-07-31)
+
+* **Feature**: Adds support for smithy-modeled endpoint resolution. A new rules-based endpoint resolution will be added to the SDK which will supercede and deprecate existing endpoint resolution. Specifically, EndpointResolver will be deprecated while BaseEndpoint and EndpointResolverV2 will take its place. For more information, please see the Endpoints section in our Developer Guide.
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.14.5 (2023-07-28)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.14.4 (2023-07-13)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.14.3 (2023-06-13)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.14.2 (2023-04-24)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.14.1 (2023-04-07)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.14.0 (2023-03-21)
+
+* **Feature**: port v1 sdk 100-continue http header customization for s3 PutObject/UploadPart request and enable user config
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.13.24 (2023-03-10)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.13.23 (2023-02-20)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.13.22 (2023-02-03)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.13.21 (2022-12-15)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.13.20 (2022-12-02)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.13.19 (2022-10-24)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.13.18 (2022-10-21)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
 # v1.13.17 (2022-09-20)
 
 * **Dependency Update**: Updated to the latest SDK module versions
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/s3shared/arn/arn_member.go b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/s3shared/arn/arn_member.go
new file mode 100644
index 000000000..9a3258e15
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/s3shared/arn/arn_member.go
@@ -0,0 +1,32 @@
+package arn
+
+import "fmt"
+
+// arnable is implemented by the relevant S3/S3Control
+// operations which have members that may need ARN
+// processing.
+type arnable interface {
+	SetARNMember(string) error
+	GetARNMember() (*string, bool)
+}
+
+// GetARNField would be called during middleware execution
+// to retrieve a member value that is an ARN in need of
+// processing.
+func GetARNField(input interface{}) (*string, bool) {
+	v, ok := input.(arnable)
+	if !ok {
+		return nil, false
+	}
+	return v.GetARNMember()
+}
+
+// SetARNField would called during middleware exeuction
+// to set a member value that required ARN processing.
+func SetARNField(input interface{}, v string) error {
+	params, ok := input.(arnable)
+	if !ok {
+		return fmt.Errorf("Params does not contain arn field member")
+	}
+	return params.SetARNMember(v)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/s3shared/config/config.go b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/s3shared/config/config.go
index 8926e5970..b5d31f5c5 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/s3shared/config/config.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/s3shared/config/config.go
@@ -7,6 +7,11 @@ type UseARNRegionProvider interface {
 	GetS3UseARNRegion(ctx context.Context) (value bool, found bool, err error)
 }
 
+// DisableMultiRegionAccessPointsProvider is an interface for retrieving external configuration value for DisableMultiRegionAccessPoints
+type DisableMultiRegionAccessPointsProvider interface {
+	GetS3DisableMultiRegionAccessPoints(ctx context.Context) (value bool, found bool, err error)
+}
+
 // ResolveUseARNRegion extracts the first instance of a UseARNRegion from the config slice.
 // Additionally returns a boolean to indicate if the value was found in provided configs, and error if one is encountered.
 func ResolveUseARNRegion(ctx context.Context, configs []interface{}) (value bool, found bool, err error) {
@@ -20,3 +25,17 @@ func ResolveUseARNRegion(ctx context.Context, configs []interface{}) (value bool
 	}
 	return
 }
+
+// ResolveDisableMultiRegionAccessPoints extracts the first instance of a DisableMultiRegionAccessPoints from the config slice.
+// Additionally returns a boolean to indicate if the value was found in provided configs, and error if one is encountered.
+func ResolveDisableMultiRegionAccessPoints(ctx context.Context, configs []interface{}) (value bool, found bool, err error) {
+	for _, cfg := range configs {
+		if p, ok := cfg.(DisableMultiRegionAccessPointsProvider); ok {
+			value, found, err = p.GetS3DisableMultiRegionAccessPoints(ctx)
+			if err != nil || found {
+				break
+			}
+		}
+	}
+	return
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/s3shared/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/s3shared/go_module_metadata.go
index 3ebafc356..283fe42a0 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/s3shared/go_module_metadata.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/s3shared/go_module_metadata.go
@@ -3,4 +3,4 @@
 package s3shared
 
 // goModuleVersion is the tagged release for this module
-const goModuleVersion = "1.13.17"
+const goModuleVersion = "1.15.4"
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/s3shared/s3100continue.go b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/s3shared/s3100continue.go
new file mode 100644
index 000000000..0f43ec0d4
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/s3shared/s3100continue.go
@@ -0,0 +1,54 @@
+package s3shared
+
+import (
+	"context"
+	"fmt"
+	"github.com/aws/smithy-go/middleware"
+	smithyhttp "github.com/aws/smithy-go/transport/http"
+)
+
+const s3100ContinueID = "S3100Continue"
+const default100ContinueThresholdBytes int64 = 1024 * 1024 * 2
+
+// Add100Continue add middleware, which adds {Expect: 100-continue} header for s3 client HTTP PUT request larger than 2MB
+// or with unknown size streaming bodies, during operation builder step
+func Add100Continue(stack *middleware.Stack, continueHeaderThresholdBytes int64) error {
+	return stack.Build.Add(&s3100Continue{
+		continueHeaderThresholdBytes: continueHeaderThresholdBytes,
+	}, middleware.After)
+}
+
+type s3100Continue struct {
+	continueHeaderThresholdBytes int64
+}
+
+// ID returns the middleware identifier
+func (m *s3100Continue) ID() string {
+	return s3100ContinueID
+}
+
+func (m *s3100Continue) HandleBuild(
+	ctx context.Context, in middleware.BuildInput, next middleware.BuildHandler,
+) (
+	out middleware.BuildOutput, metadata middleware.Metadata, err error,
+) {
+	sizeLimit := default100ContinueThresholdBytes
+	switch {
+	case m.continueHeaderThresholdBytes == -1:
+		return next.HandleBuild(ctx, in)
+	case m.continueHeaderThresholdBytes > 0:
+		sizeLimit = m.continueHeaderThresholdBytes
+	default:
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown request type %T", req)
+	}
+
+	if req.ContentLength == -1 || (req.ContentLength == 0 && req.Body != nil) || req.ContentLength >= sizeLimit {
+		req.Header.Set("Expect", "100-continue")
+	}
+
+	return next.HandleBuild(ctx, in)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/CHANGELOG.md
index d81bbdb88..608814d4c 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/CHANGELOG.md
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/CHANGELOG.md
@@ -1,3 +1,155 @@
+# v1.40.0 (2023-09-26)
+
+* **Feature**: This release adds a new field COMPLETED to the ReplicationStatus Enum. You can now use this field to validate the replication status of S3 objects using the AWS SDK.
+
+# v1.39.0 (2023-09-20)
+
+* **Feature**: Fix an issue where the SDK can fail to unmarshall response due to NumberFormatException
+
+# v1.38.5 (2023-08-21)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.38.4 (2023-08-18)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.38.3 (2023-08-17)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.38.2 (2023-08-07)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.38.1 (2023-08-01)
+
+* No change notes available for this release.
+
+# v1.38.0 (2023-07-31)
+
+* **Feature**: Adds support for smithy-modeled endpoint resolution. A new rules-based endpoint resolution will be added to the SDK which will supercede and deprecate existing endpoint resolution. Specifically, EndpointResolver will be deprecated while BaseEndpoint and EndpointResolverV2 will take its place. For more information, please see the Endpoints section in our Developer Guide.
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.37.1 (2023-07-28)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.37.0 (2023-07-13)
+
+* **Feature**: S3 Inventory now supports Object Access Control List and Object Owner as available object metadata fields in inventory reports.
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.36.0 (2023-06-28)
+
+* **Feature**: The S3 LISTObjects, ListObjectsV2 and ListObjectVersions API now supports a new optional header x-amz-optional-object-attributes. If header contains RestoreStatus as the value, then S3 will include Glacier restore status i.e. isRestoreInProgress and RestoreExpiryDate in List response.
+
+# v1.35.0 (2023-06-16)
+
+* **Feature**: This release adds SDK support for request-payer request header and request-charged response header in the "GetBucketAccelerateConfiguration", "ListMultipartUploads", "ListObjects", "ListObjectsV2" and "ListObjectVersions" S3 APIs.
+
+# v1.34.1 (2023-06-15)
+
+* No change notes available for this release.
+
+# v1.34.0 (2023-06-13)
+
+* **Feature**: Integrate double encryption feature to SDKs.
+* **Bug Fix**: Fix HeadObject to return types.Nound when an object does not exist. Fixes [2084](https://github.com/aws/aws-sdk-go-v2/issues/2084)
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.33.1 (2023-05-04)
+
+* **Documentation**: Documentation updates for Amazon S3
+
+# v1.33.0 (2023-04-24)
+
+* **Feature**: added custom paginators for listMultipartUploads and ListObjectVersions
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.32.0 (2023-04-19)
+
+* **Feature**: Provides support for "Snow" Storage class.
+
+# v1.31.3 (2023-04-10)
+
+* No change notes available for this release.
+
+# v1.31.2 (2023-04-07)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.31.1 (2023-03-31)
+
+* **Documentation**: Documentation updates for Amazon S3
+
+# v1.31.0 (2023-03-21)
+
+* **Feature**: port v1 sdk 100-continue http header customization for s3 PutObject/UploadPart request and enable user config
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.30.6 (2023-03-10)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.30.5 (2023-02-22)
+
+* **Bug Fix**: Prevent nil pointer dereference when retrieving error codes.
+
+# v1.30.4 (2023-02-20)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.30.3 (2023-02-14)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.30.2 (2023-02-03)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.30.1 (2023-01-23)
+
+* No change notes available for this release.
+
+# v1.30.0 (2023-01-05)
+
+* **Feature**: Add `ErrorCodeOverride` field to all error structs (aws/smithy-go#401).
+
+# v1.29.6 (2022-12-15)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.29.5 (2022-12-02)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.29.4 (2022-11-22)
+
+* No change notes available for this release.
+
+# v1.29.3 (2022-11-16)
+
+* No change notes available for this release.
+
+# v1.29.2 (2022-11-10)
+
+* No change notes available for this release.
+
+# v1.29.1 (2022-10-24)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.29.0 (2022-10-21)
+
+* **Feature**: S3 on Outposts launches support for automatic bucket-style alias. You can use the automatic access point alias instead of an access point ARN for any object-level operation in an Outposts bucket.
+* **Bug Fix**: The SDK client has been updated to utilize the `aws.IsCredentialsProvider` function for determining if `aws.AnonymousCredentials` has been configured for the `CredentialProvider`.
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.28.0 (2022-10-19)
+
+* **Feature**: Updates internal logic for constructing API endpoints. We have added rule-based endpoints and internal model parameters.
+
 # v1.27.11 (2022-09-20)
 
 * **Dependency Update**: Updated to the latest SDK module versions
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_client.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_client.go
index 790cc4380..1ddcba2b2 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_client.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_client.go
@@ -32,8 +32,8 @@ import (
 const ServiceID = "S3"
 const ServiceAPIVersion = "2006-03-01"
 
-// Client provides the API client to make operations call for Amazon Simple Storage
-// Service.
+// Client provides the API client to make operations call for Amazon Simple
+// Storage Service.
 type Client struct {
 	options Options
 }
@@ -54,20 +54,18 @@ func New(options Options, optFns ...func(*Options)) *Client {
 
 	resolveHTTPSignerV4(&options)
 
-	resolveDefaultEndpointConfiguration(&options)
-
 	resolveHTTPSignerV4a(&options)
 
 	for _, fn := range optFns {
 		fn(&options)
 	}
 
-	resolveCredentialProvider(&options)
-
 	client := &Client{
 		options: options,
 	}
 
+	resolveCredentialProvider(&options)
+
 	return client
 }
 
@@ -77,9 +75,22 @@ type Options struct {
 	// modify this list for per operation behavior.
 	APIOptions []func(*middleware.Stack) error
 
+	// The optional application specific identifier appended to the User-Agent header.
+	AppID string
+
+	// This endpoint will be given as input to an EndpointResolverV2. It is used for
+	// providing a custom base endpoint that is subject to modifications by the
+	// processing EndpointResolverV2.
+	BaseEndpoint *string
+
 	// Configures the events that will be sent to the configured logger.
 	ClientLogMode aws.ClientLogMode
 
+	// The threshold ContentLength in bytes for HTTP PUT request to receive {Expect:
+	// 100-continue} header. Setting to -1 will disable adding the Expect header to
+	// requests; setting to 0 will set the threshold to default 2MB
+	ContinueHeaderThresholdBytes int64
+
 	// The credentials object to use when signing requests.
 	Credentials aws.CredentialsProvider
 
@@ -94,8 +105,18 @@ type Options struct {
 	EndpointOptions EndpointResolverOptions
 
 	// The service endpoint resolver.
+	//
+	// Deprecated: Deprecated: EndpointResolver and WithEndpointResolver. Providing a
+	// value for this field will likely prevent you from using any endpoint-related
+	// service features released after the introduction of EndpointResolverV2 and
+	// BaseEndpoint. To migrate an EndpointResolver implementation that uses a custom
+	// endpoint, set the client option BaseEndpoint instead.
 	EndpointResolver EndpointResolver
 
+	// Resolves the endpoint used for a particular service. This should be used over
+	// the deprecated EndpointResolver
+	EndpointResolverV2 EndpointResolverV2
+
 	// Signature Version 4 (SigV4) Signer
 	HTTPSignerV4 HTTPSignerV4
 
@@ -130,7 +151,7 @@ type Options struct {
 	Retryer aws.Retryer
 
 	// The RuntimeEnvironment configuration, only populated if the DefaultsMode is set
-	// to DefaultsModeAuto and is initialized using config.LoadDefaultConfig. You
+	// to DefaultsModeAuto and is initialized using config.LoadDefaultConfig . You
 	// should not populate this structure programmatically, or rely on the values here
 	// within your applications.
 	RuntimeEnvironment aws.RuntimeEnvironment
@@ -154,8 +175,8 @@ type Options struct {
 	UseDualstack bool
 
 	// Allows you to enable the client to use path-style addressing, i.e.,
-	// https://s3.amazonaws.com/BUCKET/KEY. By default, the S3 client will use virtual
-	// hosted bucket addressing when possible(https://BUCKET.s3.amazonaws.com/KEY).
+	// https://s3.amazonaws.com/BUCKET/KEY . By default, the S3 client will use virtual
+	// hosted bucket addressing when possible( https://BUCKET.s3.amazonaws.com/KEY ).
 	UsePathStyle bool
 
 	// Signature Version 4a (SigV4a) Signer
@@ -180,14 +201,25 @@ func WithAPIOptions(optFns ...func(*middleware.Stack) error) func(*Options) {
 	}
 }
 
-// WithEndpointResolver returns a functional option for setting the Client's
-// EndpointResolver option.
+// Deprecated: EndpointResolver and WithEndpointResolver. Providing a value for
+// this field will likely prevent you from using any endpoint-related service
+// features released after the introduction of EndpointResolverV2 and BaseEndpoint.
+// To migrate an EndpointResolver implementation that uses a custom endpoint, set
+// the client option BaseEndpoint instead.
 func WithEndpointResolver(v EndpointResolver) func(*Options) {
 	return func(o *Options) {
 		o.EndpointResolver = v
 	}
 }
 
+// WithEndpointResolverV2 returns a functional option for setting the Client's
+// EndpointResolverV2 option.
+func WithEndpointResolverV2(v EndpointResolverV2) func(*Options) {
+	return func(o *Options) {
+		o.EndpointResolverV2 = v
+	}
+}
+
 type HTTPClient interface {
 	Do(*http.Request) (*http.Response, error)
 }
@@ -204,6 +236,8 @@ func (c *Client) invokeOperation(ctx context.Context, opID string, params interf
 	ctx = middleware.ClearStackValues(ctx)
 	stack := middleware.NewStack(opID, smithyhttp.NewStackRequest)
 	options := c.options.Copy()
+	resolveEndpointResolverV2(&options)
+
 	for _, fn := range optFns {
 		fn(&options)
 	}
@@ -242,6 +276,30 @@ func (c *Client) invokeOperation(ctx context.Context, opID string, params interf
 
 type noSmithyDocumentSerde = smithydocument.NoSerde
 
+type legacyEndpointContextSetter struct {
+	LegacyResolver EndpointResolver
+}
+
+func (*legacyEndpointContextSetter) ID() string {
+	return "legacyEndpointContextSetter"
+}
+
+func (m *legacyEndpointContextSetter) HandleInitialize(ctx context.Context, in middleware.InitializeInput, next middleware.InitializeHandler) (
+	out middleware.InitializeOutput, metadata middleware.Metadata, err error,
+) {
+	if m.LegacyResolver != nil {
+		ctx = awsmiddleware.SetRequiresLegacyEndpoints(ctx, true)
+	}
+
+	return next.HandleInitialize(ctx, in)
+
+}
+func addlegacyEndpointContextSetter(stack *middleware.Stack, o Options) error {
+	return stack.Initialize.Add(&legacyEndpointContextSetter{
+		LegacyResolver: o.EndpointResolver,
+	}, middleware.Before)
+}
+
 func resolveDefaultLogger(o *Options) {
 	if o.Logger != nil {
 		return
@@ -279,12 +337,14 @@ func NewFromConfig(cfg aws.Config, optFns ...func(*Options)) *Client {
 		APIOptions:         cfg.APIOptions,
 		Logger:             cfg.Logger,
 		ClientLogMode:      cfg.ClientLogMode,
+		AppID:              cfg.AppID,
 	}
 	resolveAWSRetryerProvider(cfg, &opts)
 	resolveAWSRetryMaxAttempts(cfg, &opts)
 	resolveAWSRetryMode(cfg, &opts)
 	resolveAWSEndpointResolver(cfg, &opts)
 	resolveUseARNRegion(cfg, &opts)
+	resolveDisableMultiRegionAccessPoints(cfg, &opts)
 	resolveUseDualStackEndpoint(cfg, &opts)
 	resolveUseFIPSEndpoint(cfg, &opts)
 	return New(opts, optFns...)
@@ -390,11 +450,19 @@ func resolveAWSEndpointResolver(cfg aws.Config, o *Options) {
 	if cfg.EndpointResolver == nil && cfg.EndpointResolverWithOptions == nil {
 		return
 	}
-	o.EndpointResolver = withEndpointResolver(cfg.EndpointResolver, cfg.EndpointResolverWithOptions, NewDefaultEndpointResolver())
+	o.EndpointResolver = withEndpointResolver(cfg.EndpointResolver, cfg.EndpointResolverWithOptions)
 }
 
-func addClientUserAgent(stack *middleware.Stack) error {
-	return awsmiddleware.AddSDKAgentKeyValue(awsmiddleware.APIMetadata, "s3", goModuleVersion)(stack)
+func addClientUserAgent(stack *middleware.Stack, options Options) error {
+	if err := awsmiddleware.AddSDKAgentKeyValue(awsmiddleware.APIMetadata, "s3", goModuleVersion)(stack); err != nil {
+		return err
+	}
+
+	if len(options.AppID) > 0 {
+		return awsmiddleware.AddSDKAgentKey(awsmiddleware.ApplicationIdentifier, options.AppID)(stack)
+	}
+
+	return nil
 }
 
 func addHTTPSignerV4Middleware(stack *middleware.Stack, o Options) error {
@@ -448,6 +516,21 @@ func resolveUseARNRegion(cfg aws.Config, o *Options) error {
 	return nil
 }
 
+// resolves DisableMultiRegionAccessPoints S3 configuration
+func resolveDisableMultiRegionAccessPoints(cfg aws.Config, o *Options) error {
+	if len(cfg.ConfigSources) == 0 {
+		return nil
+	}
+	value, found, err := s3sharedconfig.ResolveDisableMultiRegionAccessPoints(context.Background(), cfg.ConfigSources)
+	if err != nil {
+		return err
+	}
+	if found {
+		o.DisableMultiRegionAccessPoints = value
+	}
+	return nil
+}
+
 // resolves dual-stack endpoint configuration
 func resolveUseDualStackEndpoint(cfg aws.Config, o *Options) error {
 	if len(cfg.ConfigSources) == 0 {
@@ -487,8 +570,7 @@ func resolveCredentialProvider(o *Options) {
 		return
 	}
 
-	switch o.Credentials.(type) {
-	case aws.AnonymousCredentials, *aws.AnonymousCredentials:
+	if aws.IsCredentialsProvider(o.Credentials, (*aws.AnonymousCredentials)(nil)) {
 		return
 	}
 
@@ -531,8 +613,12 @@ func addMetadataRetrieverMiddleware(stack *middleware.Stack) error {
 	return s3shared.AddMetadataRetrieverMiddleware(stack)
 }
 
-// ComputedInputChecksumsMetadata provides information about the algorithms used to
-// compute the checksum(s) of the input payload.
+func add100Continue(stack *middleware.Stack, options Options) error {
+	return s3shared.Add100Continue(stack, options.ContinueHeaderThresholdBytes)
+}
+
+// ComputedInputChecksumsMetadata provides information about the algorithms used
+// to compute the checksum(s) of the input payload.
 type ComputedInputChecksumsMetadata struct {
 	// ComputedChecksums is a map of algorithm name to checksum value of the computed
 	// input payload's checksums.
@@ -552,8 +638,8 @@ func GetComputedInputChecksumsMetadata(m middleware.Metadata) (ComputedInputChec
 
 }
 
-// ChecksumValidationMetadata contains metadata such as the checksum algorithm used
-// for data integrity validation.
+// ChecksumValidationMetadata contains metadata such as the checksum algorithm
+// used for data integrity validation.
 type ChecksumValidationMetadata struct {
 	// AlgorithmsUsed is the set of the checksum algorithms used to validate the
 	// response payload. The response payload must be completely read in order for the
@@ -562,10 +648,10 @@ type ChecksumValidationMetadata struct {
 	AlgorithmsUsed []string
 }
 
-// GetChecksumValidationMetadata returns the set of algorithms that will be used to
-// validate the response payload with. The response payload must be completely read
-// in order for the checksum validation to be performed. An error is returned by
-// the operation output's response io.ReadCloser if the computed checksums are
+// GetChecksumValidationMetadata returns the set of algorithms that will be used
+// to validate the response payload with. The response payload must be completely
+// read in order for the checksum validation to be performed. An error is returned
+// by the operation output's response io.ReadCloser if the computed checksums are
 // invalid. Returns false if no checksum algorithm used metadata was found.
 func GetChecksumValidationMetadata(m middleware.Metadata) (ChecksumValidationMetadata, bool) {
 	values, ok := internalChecksum.GetOutputValidationAlgorithmsUsed(m)
@@ -592,8 +678,8 @@ func disableAcceptEncodingGzip(stack *middleware.Stack) error {
 	return acceptencodingcust.AddAcceptEncodingGzip(stack, acceptencodingcust.AddAcceptEncodingGzipOptions{})
 }
 
-// ResponseError provides the HTTP centric error type wrapping the underlying error
-// with the HTTP response value and the deserialized RequestID.
+// ResponseError provides the HTTP centric error type wrapping the underlying
+// error with the HTTP response value and the deserialized RequestID.
 type ResponseError interface {
 	error
 
@@ -603,8 +689,8 @@ type ResponseError interface {
 
 var _ ResponseError = (*s3shared.ResponseError)(nil)
 
-// GetHostIDMetadata retrieves the host id from middleware metadata returns host id
-// as string along with a boolean indicating presence of hostId on middleware
+// GetHostIDMetadata retrieves the host id from middleware metadata returns host
+// id as string along with a boolean indicating presence of hostId on middleware
 // metadata.
 func GetHostIDMetadata(metadata middleware.Metadata) (string, bool) {
 	return s3shared.GetHostIDMetadata(metadata)
@@ -770,3 +856,32 @@ func addRequestResponseLogging(stack *middleware.Stack, o Options) error {
 		LogResponseWithBody: o.ClientLogMode.IsResponseWithBody(),
 	}, middleware.After)
 }
+
+type endpointDisableHTTPSMiddleware struct {
+	EndpointDisableHTTPS bool
+}
+
+func (*endpointDisableHTTPSMiddleware) ID() string {
+	return "endpointDisableHTTPSMiddleware"
+}
+
+func (m *endpointDisableHTTPSMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointDisableHTTPS && !smithyhttp.GetHostnameImmutable(ctx) {
+		req.URL.Scheme = "http"
+	}
+
+	return next.HandleSerialize(ctx, in)
+
+}
+func addendpointDisableHTTPSMiddleware(stack *middleware.Stack, o Options) error {
+	return stack.Serialize.Insert(&endpointDisableHTTPSMiddleware{
+		EndpointDisableHTTPS: o.EndpointOptions.DisableHTTPS,
+	}, "OperationSerializer", middleware.Before)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_AbortMultipartUpload.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_AbortMultipartUpload.go
index 042e848a3..5932f1f2e 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_AbortMultipartUpload.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_AbortMultipartUpload.go
@@ -4,10 +4,16 @@ package s3
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	"github.com/aws/aws-sdk-go-v2/internal/v4a"
 	s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations"
 	"github.com/aws/aws-sdk-go-v2/service/s3/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -19,32 +25,16 @@ import (
 // result, it might be necessary to abort a given multipart upload multiple times
 // in order to completely free all storage consumed by all parts. To verify that
 // all parts have been removed, so you don't get charged for the part storage, you
-// should call the ListParts
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListParts.html) action and
-// ensure that the parts list is empty. For information about permissions required
-// to use the multipart upload, see Multipart Upload and Permissions
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html). The
-// following operations are related to AbortMultipartUpload:
-//
-// *
-// CreateMultipartUpload
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html)
-//
-// *
-// UploadPart
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html)
-//
-// *
-// CompleteMultipartUpload
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CompleteMultipartUpload.html)
-//
-// *
-// ListParts
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListParts.html)
-//
-// *
-// ListMultipartUploads
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListMultipartUploads.html)
+// should call the ListParts (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListParts.html)
+// action and ensure that the parts list is empty. For information about
+// permissions required to use the multipart upload, see Multipart Upload and
+// Permissions (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html)
+// . The following operations are related to AbortMultipartUpload :
+//   - CreateMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html)
+//   - UploadPart (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html)
+//   - CompleteMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CompleteMultipartUpload.html)
+//   - ListParts (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListParts.html)
+//   - ListMultipartUploads (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListMultipartUploads.html)
 func (c *Client) AbortMultipartUpload(ctx context.Context, params *AbortMultipartUploadInput, optFns ...func(*Options)) (*AbortMultipartUploadOutput, error) {
 	if params == nil {
 		params = &AbortMultipartUploadInput{}
@@ -68,17 +58,15 @@ type AbortMultipartUploadInput struct {
 	// AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this
 	// action with an access point through the Amazon Web Services SDKs, you provide
 	// the access point ARN in place of the bucket name. For more information about
-	// access point ARNs, see Using access points
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
-	// in the Amazon S3 User Guide. When using this action with Amazon S3 on Outposts,
-	// you must direct requests to the S3 on Outposts hostname. The S3 on Outposts
-	// hostname takes the form
-	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When using
-	// this action with S3 on Outposts through the Amazon Web Services SDKs, you
-	// provide the Outposts bucket ARN in place of the bucket name. For more
-	// information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) in the
-	// Amazon S3 User Guide.
+	// access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
+	// in the Amazon S3 User Guide. When you use this action with Amazon S3 on
+	// Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on
+	// Outposts hostname takes the form
+	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com . When you
+	// use this action with S3 on Outposts through the Amazon Web Services SDKs, you
+	// provide the Outposts access point ARN in place of the bucket name. For more
+	// information about S3 on Outposts ARNs, see What is S3 on Outposts? (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
+	// in the Amazon S3 User Guide.
 	//
 	// This member is required.
 	Bucket *string
@@ -99,10 +87,11 @@ type AbortMultipartUploadInput struct {
 	ExpectedBucketOwner *string
 
 	// Confirms that the requester knows that they will be charged for the request.
-	// Bucket owners need not specify this parameter in their requests. For information
-	// about downloading objects from Requester Pays buckets, see Downloading Objects
-	// in Requester Pays Buckets
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
+	// Bucket owners need not specify this parameter in their requests. If either the
+	// source or destination Amazon S3 bucket has Requester Pays enabled, the requester
+	// will pay for corresponding charges to copy the object. For information about
+	// downloading objects from Requester Pays buckets, see Downloading Objects in
+	// Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
 	// in the Amazon S3 User Guide.
 	RequestPayer types.RequestPayer
 
@@ -130,6 +119,9 @@ func (c *Client) addOperationAbortMultipartUploadMiddlewares(stack *middleware.S
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -157,7 +149,7 @@ func (c *Client) addOperationAbortMultipartUploadMiddlewares(stack *middleware.S
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -169,6 +161,9 @@ func (c *Client) addOperationAbortMultipartUploadMiddlewares(stack *middleware.S
 	if err = swapWithCustomHTTPSignerMiddleware(stack, options); err != nil {
 		return err
 	}
+	if err = addAbortMultipartUploadResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpAbortMultipartUploadValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -178,6 +173,9 @@ func (c *Client) addOperationAbortMultipartUploadMiddlewares(stack *middleware.S
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addAbortMultipartUploadUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
@@ -193,9 +191,22 @@ func (c *Client) addOperationAbortMultipartUploadMiddlewares(stack *middleware.S
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
+	if err = addSerializeImmutableHostnameBucketMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
+func (v *AbortMultipartUploadInput) bucket() (string, bool) {
+	if v.Bucket == nil {
+		return "", false
+	}
+	return *v.Bucket, true
+}
+
 func newServiceMetadataMiddleware_opAbortMultipartUpload(region string) *awsmiddleware.RegisterServiceMetadata {
 	return &awsmiddleware.RegisterServiceMetadata{
 		Region:        region,
@@ -230,3 +241,139 @@ func addAbortMultipartUploadUpdateEndpoint(stack *middleware.Stack, options Opti
 		DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
 	})
 }
+
+type opAbortMultipartUploadResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opAbortMultipartUploadResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opAbortMultipartUploadResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	input, ok := in.Parameters.(*AbortMultipartUploadInput)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	params.Bucket = input.Bucket
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "s3"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, internalauth.SigV4)
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "s3"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, v4Scheme.Name)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("s3")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			ctx = s3cust.SetSignerVersion(ctx, v4a.Version)
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addAbortMultipartUploadResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opAbortMultipartUploadResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:                         options.Region,
+			UseFIPS:                        options.EndpointOptions.UseFIPSEndpoint,
+			UseDualStack:                   options.EndpointOptions.UseDualStackEndpoint,
+			Endpoint:                       options.BaseEndpoint,
+			ForcePathStyle:                 options.UsePathStyle,
+			Accelerate:                     options.UseAccelerate,
+			DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
+			UseArnRegion:                   options.UseARNRegion,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_CompleteMultipartUpload.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_CompleteMultipartUpload.go
index 95ff64968..babfebcc6 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_CompleteMultipartUpload.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_CompleteMultipartUpload.go
@@ -4,19 +4,24 @@ package s3
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	"github.com/aws/aws-sdk-go-v2/internal/v4a"
 	s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations"
 	"github.com/aws/aws-sdk-go-v2/service/s3/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
 
 // Completes a multipart upload by assembling previously uploaded parts. You first
-// initiate the multipart upload and then upload all parts using the UploadPart
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html) operation.
-// After successfully uploading all relevant parts of an upload, you call this
-// action to complete the upload. Upon receiving this request, Amazon S3
+// initiate the multipart upload and then upload all parts using the UploadPart (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html)
+// operation. After successfully uploading all relevant parts of an upload, you
+// call this action to complete the upload. Upon receiving this request, Amazon S3
 // concatenates all the parts in ascending order by part number to create a new
 // object. In the Complete Multipart Upload request, you must provide the parts
 // list. You must ensure that the parts list is complete. This action concatenates
@@ -26,78 +31,48 @@ import (
 // minutes to complete. After Amazon S3 begins processing the request, it sends an
 // HTTP response header that specifies a 200 OK response. While processing is in
 // progress, Amazon S3 periodically sends white space characters to keep the
-// connection from timing out. Because a request could fail after the initial 200
-// OK response has been sent, it is important that you check the response body to
-// determine whether the request succeeded. Note that if CompleteMultipartUpload
-// fails, applications should be prepared to retry the failed requests. For more
-// information, see Amazon S3 Error Best Practices
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/ErrorBestPractices.html). You
-// cannot use Content-Type: application/x-www-form-urlencoded with Complete
+// connection from timing out. A request could fail after the initial 200 OK
+// response has been sent. This means that a 200 OK response can contain either a
+// success or an error. If you call the S3 API directly, make sure to design your
+// application to parse the contents of the response and handle it appropriately.
+// If you use Amazon Web Services SDKs, SDKs handle this condition. The SDKs detect
+// the embedded error and apply error handling per your configuration settings
+// (including automatically retrying the request as appropriate). If the condition
+// persists, the SDKs throws an exception (or, for the SDKs that don't use
+// exceptions, they return the error). Note that if CompleteMultipartUpload fails,
+// applications should be prepared to retry the failed requests. For more
+// information, see Amazon S3 Error Best Practices (https://docs.aws.amazon.com/AmazonS3/latest/dev/ErrorBestPractices.html)
+// . You cannot use Content-Type: application/x-www-form-urlencoded with Complete
 // Multipart Upload requests. Also, if you do not provide a Content-Type header,
 // CompleteMultipartUpload returns a 200 OK response. For more information about
-// multipart uploads, see Uploading Objects Using Multipart Upload
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/uploadobjusingmpu.html). For
-// information about permissions required to use the multipart upload API, see
-// Multipart Upload and Permissions
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html).
-// CompleteMultipartUpload has the following special errors:
+// multipart uploads, see Uploading Objects Using Multipart Upload (https://docs.aws.amazon.com/AmazonS3/latest/dev/uploadobjusingmpu.html)
+// . For information about permissions required to use the multipart upload API,
+// see Multipart Upload and Permissions (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html)
+// . CompleteMultipartUpload has the following special errors:
+//   - Error code: EntityTooSmall
+//   - Description: Your proposed upload is smaller than the minimum allowed
+//     object size. Each part must be at least 5 MB in size, except the last part.
+//   - 400 Bad Request
+//   - Error code: InvalidPart
+//   - Description: One or more of the specified parts could not be found. The
+//     part might not have been uploaded, or the specified entity tag might not have
+//     matched the part's entity tag.
+//   - 400 Bad Request
+//   - Error code: InvalidPartOrder
+//   - Description: The list of parts was not in ascending order. The parts list
+//     must be specified in order by part number.
+//   - 400 Bad Request
+//   - Error code: NoSuchUpload
+//   - Description: The specified multipart upload does not exist. The upload ID
+//     might be invalid, or the multipart upload might have been aborted or completed.
+//   - 404 Not Found
 //
-// * Error code:
-// EntityTooSmall
-//
-// * Description: Your proposed upload is smaller than the minimum
-// allowed object size. Each part must be at least 5 MB in size, except the last
-// part.
-//
-// * 400 Bad Request
-//
-// * Error code: InvalidPart
-//
-// * Description: One or more
-// of the specified parts could not be found. The part might not have been
-// uploaded, or the specified entity tag might not have matched the part's entity
-// tag.
-//
-// * 400 Bad Request
-//
-// * Error code: InvalidPartOrder
-//
-// * Description: The list
-// of parts was not in ascending order. The parts list must be specified in order
-// by part number.
-//
-// * 400 Bad Request
-//
-// * Error code: NoSuchUpload
-//
-// * Description:
-// The specified multipart upload does not exist. The upload ID might be invalid,
-// or the multipart upload might have been aborted or completed.
-//
-// * 404 Not
-// Found
-//
-// The following operations are related to CompleteMultipartUpload:
-//
-// *
-// CreateMultipartUpload
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html)
-//
-// *
-// UploadPart
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html)
-//
-// *
-// AbortMultipartUpload
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_AbortMultipartUpload.html)
-//
-// *
-// ListParts
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListParts.html)
-//
-// *
-// ListMultipartUploads
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListMultipartUploads.html)
+// The following operations are related to CompleteMultipartUpload :
+//   - CreateMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html)
+//   - UploadPart (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html)
+//   - AbortMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_AbortMultipartUpload.html)
+//   - ListParts (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListParts.html)
+//   - ListMultipartUploads (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListMultipartUploads.html)
 func (c *Client) CompleteMultipartUpload(ctx context.Context, params *CompleteMultipartUploadInput, optFns ...func(*Options)) (*CompleteMultipartUploadOutput, error) {
 	if params == nil {
 		params = &CompleteMultipartUploadInput{}
@@ -121,17 +96,15 @@ type CompleteMultipartUploadInput struct {
 	// AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this
 	// action with an access point through the Amazon Web Services SDKs, you provide
 	// the access point ARN in place of the bucket name. For more information about
-	// access point ARNs, see Using access points
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
-	// in the Amazon S3 User Guide. When using this action with Amazon S3 on Outposts,
-	// you must direct requests to the S3 on Outposts hostname. The S3 on Outposts
-	// hostname takes the form
-	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When using
-	// this action with S3 on Outposts through the Amazon Web Services SDKs, you
-	// provide the Outposts bucket ARN in place of the bucket name. For more
-	// information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) in the
-	// Amazon S3 User Guide.
+	// access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
+	// in the Amazon S3 User Guide. When you use this action with Amazon S3 on
+	// Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on
+	// Outposts hostname takes the form
+	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com . When you
+	// use this action with S3 on Outposts through the Amazon Web Services SDKs, you
+	// provide the Outposts access point ARN in place of the bucket name. For more
+	// information about S3 on Outposts ARNs, see What is S3 on Outposts? (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
+	// in the Amazon S3 User Guide.
 	//
 	// This member is required.
 	Bucket *string
@@ -149,32 +122,28 @@ type CompleteMultipartUploadInput struct {
 	// This header can be used as a data integrity check to verify that the data
 	// received is the same data that was originally sent. This header specifies the
 	// base64-encoded, 32-bit CRC32 checksum of the object. For more information, see
-	// Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
 	// in the Amazon S3 User Guide.
 	ChecksumCRC32 *string
 
 	// This header can be used as a data integrity check to verify that the data
 	// received is the same data that was originally sent. This header specifies the
 	// base64-encoded, 32-bit CRC32C checksum of the object. For more information, see
-	// Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
 	// in the Amazon S3 User Guide.
 	ChecksumCRC32C *string
 
 	// This header can be used as a data integrity check to verify that the data
 	// received is the same data that was originally sent. This header specifies the
 	// base64-encoded, 160-bit SHA-1 digest of the object. For more information, see
-	// Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
 	// in the Amazon S3 User Guide.
 	ChecksumSHA1 *string
 
 	// This header can be used as a data integrity check to verify that the data
 	// received is the same data that was originally sent. This header specifies the
 	// base64-encoded, 256-bit SHA-256 digest of the object. For more information, see
-	// Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
 	// in the Amazon S3 User Guide.
 	ChecksumSHA256 *string
 
@@ -187,31 +156,29 @@ type CompleteMultipartUploadInput struct {
 	MultipartUpload *types.CompletedMultipartUpload
 
 	// Confirms that the requester knows that they will be charged for the request.
-	// Bucket owners need not specify this parameter in their requests. For information
-	// about downloading objects from Requester Pays buckets, see Downloading Objects
-	// in Requester Pays Buckets
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
+	// Bucket owners need not specify this parameter in their requests. If either the
+	// source or destination Amazon S3 bucket has Requester Pays enabled, the requester
+	// will pay for corresponding charges to copy the object. For information about
+	// downloading objects from Requester Pays buckets, see Downloading Objects in
+	// Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
 	// in the Amazon S3 User Guide.
 	RequestPayer types.RequestPayer
 
 	// The server-side encryption (SSE) algorithm used to encrypt the object. This
 	// parameter is needed only when the object was created using a checksum algorithm.
-	// For more information, see Protecting data using SSE-C keys
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html)
+	// For more information, see Protecting data using SSE-C keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html)
 	// in the Amazon S3 User Guide.
 	SSECustomerAlgorithm *string
 
 	// The server-side encryption (SSE) customer managed key. This parameter is needed
 	// only when the object was created using a checksum algorithm. For more
-	// information, see Protecting data using SSE-C keys
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html)
+	// information, see Protecting data using SSE-C keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html)
 	// in the Amazon S3 User Guide.
 	SSECustomerKey *string
 
 	// The MD5 server-side encryption (SSE) customer managed key. This parameter is
 	// needed only when the object was created using a checksum algorithm. For more
-	// information, see Protecting data using SSE-C keys
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html)
+	// information, see Protecting data using SSE-C keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html)
 	// in the Amazon S3 User Guide.
 	SSECustomerKeyMD5 *string
 
@@ -227,52 +194,46 @@ type CompleteMultipartUploadOutput struct {
 	// AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this
 	// action with an access point through the Amazon Web Services SDKs, you provide
 	// the access point ARN in place of the bucket name. For more information about
-	// access point ARNs, see Using access points
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
-	// in the Amazon S3 User Guide. When using this action with Amazon S3 on Outposts,
-	// you must direct requests to the S3 on Outposts hostname. The S3 on Outposts
-	// hostname takes the form
-	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When using
-	// this action with S3 on Outposts through the Amazon Web Services SDKs, you
-	// provide the Outposts bucket ARN in place of the bucket name. For more
-	// information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) in the
-	// Amazon S3 User Guide.
+	// access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
+	// in the Amazon S3 User Guide. When you use this action with Amazon S3 on
+	// Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on
+	// Outposts hostname takes the form
+	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com . When you
+	// use this action with S3 on Outposts through the Amazon Web Services SDKs, you
+	// provide the Outposts access point ARN in place of the bucket name. For more
+	// information about S3 on Outposts ARNs, see What is S3 on Outposts? (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
+	// in the Amazon S3 User Guide.
 	Bucket *string
 
 	// Indicates whether the multipart upload uses an S3 Bucket Key for server-side
-	// encryption with Amazon Web Services KMS (SSE-KMS).
+	// encryption with Key Management Service (KMS) keys (SSE-KMS).
 	BucketKeyEnabled bool
 
 	// The base64-encoded, 32-bit CRC32 checksum of the object. This will only be
 	// present if it was uploaded with the object. With multipart uploads, this may not
 	// be a checksum value of the object. For more information about how checksums are
-	// calculated with multipart uploads, see  Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
 	// in the Amazon S3 User Guide.
 	ChecksumCRC32 *string
 
 	// The base64-encoded, 32-bit CRC32C checksum of the object. This will only be
 	// present if it was uploaded with the object. With multipart uploads, this may not
 	// be a checksum value of the object. For more information about how checksums are
-	// calculated with multipart uploads, see  Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
 	// in the Amazon S3 User Guide.
 	ChecksumCRC32C *string
 
 	// The base64-encoded, 160-bit SHA-1 digest of the object. This will only be
 	// present if it was uploaded with the object. With multipart uploads, this may not
 	// be a checksum value of the object. For more information about how checksums are
-	// calculated with multipart uploads, see  Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
 	// in the Amazon S3 User Guide.
 	ChecksumSHA1 *string
 
 	// The base64-encoded, 256-bit SHA-256 digest of the object. This will only be
 	// present if it was uploaded with the object. With multipart uploads, this may not
 	// be a checksum value of the object. For more information about how checksums are
-	// calculated with multipart uploads, see  Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
 	// in the Amazon S3 User Guide.
 	ChecksumSHA256 *string
 
@@ -282,13 +243,12 @@ type CompleteMultipartUploadOutput struct {
 	// data. If the entity tag is not an MD5 digest of the object data, it will contain
 	// one or more nonhexadecimal characters and/or will consist of less than 32 or
 	// more than 32 hexadecimal digits. For more information about how the entity tag
-	// is calculated, see Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// is calculated, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
 	// in the Amazon S3 User Guide.
 	ETag *string
 
-	// If the object expiration is configured, this will contain the expiration date
-	// (expiry-date) and rule ID (rule-id). The value of rule-id is URL-encoded.
+	// If the object expiration is configured, this will contain the expiration date (
+	// expiry-date ) and rule ID ( rule-id ). The value of rule-id is URL-encoded.
 	Expiration *string
 
 	// The object key of the newly created object.
@@ -301,19 +261,16 @@ type CompleteMultipartUploadOutput struct {
 	// request.
 	RequestCharged types.RequestCharged
 
-	// If present, specifies the ID of the Amazon Web Services Key Management Service
-	// (Amazon Web Services KMS) symmetric customer managed key that was used for the
-	// object.
+	// If present, specifies the ID of the Key Management Service (KMS) symmetric
+	// encryption customer managed key that was used for the object.
 	SSEKMSKeyId *string
 
-	// If you specified server-side encryption either with an Amazon S3-managed
-	// encryption key or an Amazon Web Services KMS key in your initiate multipart
-	// upload request, the response includes this header. It confirms the encryption
-	// algorithm that Amazon S3 used to encrypt the object.
+	// The server-side encryption algorithm used when storing this object in Amazon S3
+	// (for example, AES256 , aws:kms ).
 	ServerSideEncryption types.ServerSideEncryption
 
-	// Version ID of the newly created object, in case the bucket has versioning turned
-	// on.
+	// Version ID of the newly created object, in case the bucket has versioning
+	// turned on.
 	VersionId *string
 
 	// Metadata pertaining to the operation's result.
@@ -331,6 +288,9 @@ func (c *Client) addOperationCompleteMultipartUploadMiddlewares(stack *middlewar
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -358,7 +318,7 @@ func (c *Client) addOperationCompleteMultipartUploadMiddlewares(stack *middlewar
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -370,6 +330,9 @@ func (c *Client) addOperationCompleteMultipartUploadMiddlewares(stack *middlewar
 	if err = swapWithCustomHTTPSignerMiddleware(stack, options); err != nil {
 		return err
 	}
+	if err = addCompleteMultipartUploadResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpCompleteMultipartUploadValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -379,6 +342,9 @@ func (c *Client) addOperationCompleteMultipartUploadMiddlewares(stack *middlewar
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addCompleteMultipartUploadUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
@@ -397,9 +363,22 @@ func (c *Client) addOperationCompleteMultipartUploadMiddlewares(stack *middlewar
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
+	if err = addSerializeImmutableHostnameBucketMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
+func (v *CompleteMultipartUploadInput) bucket() (string, bool) {
+	if v.Bucket == nil {
+		return "", false
+	}
+	return *v.Bucket, true
+}
+
 func newServiceMetadataMiddleware_opCompleteMultipartUpload(region string) *awsmiddleware.RegisterServiceMetadata {
 	return &awsmiddleware.RegisterServiceMetadata{
 		Region:        region,
@@ -434,3 +413,139 @@ func addCompleteMultipartUploadUpdateEndpoint(stack *middleware.Stack, options O
 		DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
 	})
 }
+
+type opCompleteMultipartUploadResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opCompleteMultipartUploadResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opCompleteMultipartUploadResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	input, ok := in.Parameters.(*CompleteMultipartUploadInput)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	params.Bucket = input.Bucket
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "s3"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, internalauth.SigV4)
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "s3"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, v4Scheme.Name)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("s3")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			ctx = s3cust.SetSignerVersion(ctx, v4a.Version)
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addCompleteMultipartUploadResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opCompleteMultipartUploadResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:                         options.Region,
+			UseFIPS:                        options.EndpointOptions.UseFIPSEndpoint,
+			UseDualStack:                   options.EndpointOptions.UseDualStackEndpoint,
+			Endpoint:                       options.BaseEndpoint,
+			ForcePathStyle:                 options.UsePathStyle,
+			Accelerate:                     options.UseAccelerate,
+			DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
+			UseArnRegion:                   options.UseARNRegion,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_CopyObject.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_CopyObject.go
index 477900778..97516a258 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_CopyObject.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_CopyObject.go
@@ -4,10 +4,16 @@ package s3
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	"github.com/aws/aws-sdk-go-v2/internal/v4a"
 	s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations"
 	"github.com/aws/aws-sdk-go-v2/service/s3/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 	"time"
@@ -18,146 +24,138 @@ import (
 // up to 5 GB in size in a single atomic action using this API. However, to copy an
 // object greater than 5 GB, you must use the multipart upload Upload Part - Copy
 // (UploadPartCopy) API. For more information, see Copy Object Using the REST
-// Multipart Upload API
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/CopyingObjctsUsingRESTMPUapi.html).
-// All copy requests must be authenticated. Additionally, you must have read access
-// to the source object and write access to the destination bucket. For more
-// information, see REST Authentication
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html). Both
-// the Region that you want to copy the object from and the Region that you want to
-// copy the object to must be enabled for your account. A copy request might return
-// an error when Amazon S3 receives the copy request or while Amazon S3 is copying
-// the files. If the error occurs before the copy action starts, you receive a
-// standard Amazon S3 error. If the error occurs during the copy operation, the
-// error response is embedded in the 200 OK response. This means that a 200 OK
-// response can contain either a success or an error. Design your application to
-// parse the contents of the response and handle it appropriately. If the copy is
-// successful, you receive a response with information about the copied object. If
-// the request is an HTTP 1.1 request, the response is chunk encoded. If it were
-// not, it would not contain the content-length, and you would need to read the
-// entire body. The copy request charge is based on the storage class and Region
-// that you specify for the destination object. For pricing information, see Amazon
-// S3 pricing (http://aws.amazon.com/s3/pricing/). Amazon S3 transfer acceleration
-// does not support cross-Region copies. If you request a cross-Region copy using a
-// transfer acceleration endpoint, you get a 400 Bad Request error. For more
-// information, see Transfer Acceleration
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/transfer-acceleration.html).
-// Metadata When copying an object, you can preserve all metadata (default) or
-// specify new metadata. However, the ACL is not preserved and is set to private
-// for the user making the request. To override the default ACL setting, specify a
-// new ACL when generating a copy request. For more information, see Using ACLs
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/S3_ACLs_UsingACLs.html). To
-// specify whether you want the object metadata copied from the source object or
-// replaced with metadata provided in the request, you can optionally add the
+// Multipart Upload API (https://docs.aws.amazon.com/AmazonS3/latest/dev/CopyingObjctsUsingRESTMPUapi.html)
+// . All copy requests must be authenticated. Additionally, you must have read
+// access to the source object and write access to the destination bucket. For more
+// information, see REST Authentication (https://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html)
+// . Both the Region that you want to copy the object from and the Region that you
+// want to copy the object to must be enabled for your account. A copy request
+// might return an error when Amazon S3 receives the copy request or while Amazon
+// S3 is copying the files. If the error occurs before the copy action starts, you
+// receive a standard Amazon S3 error. If the error occurs during the copy
+// operation, the error response is embedded in the 200 OK response. This means
+// that a 200 OK response can contain either a success or an error. If you call
+// the S3 API directly, make sure to design your application to parse the contents
+// of the response and handle it appropriately. If you use Amazon Web Services
+// SDKs, SDKs handle this condition. The SDKs detect the embedded error and apply
+// error handling per your configuration settings (including automatically retrying
+// the request as appropriate). If the condition persists, the SDKs throws an
+// exception (or, for the SDKs that don't use exceptions, they return the error).
+// If the copy is successful, you receive a response with information about the
+// copied object. If the request is an HTTP 1.1 request, the response is chunk
+// encoded. If it were not, it would not contain the content-length, and you would
+// need to read the entire body. The copy request charge is based on the storage
+// class and Region that you specify for the destination object. The request can
+// also result in a data retrieval charge for the source if the source storage
+// class bills for data retrieval. For pricing information, see Amazon S3 pricing (http://aws.amazon.com/s3/pricing/)
+// . Amazon S3 transfer acceleration does not support cross-Region copies. If you
+// request a cross-Region copy using a transfer acceleration endpoint, you get a
+// 400 Bad Request error. For more information, see Transfer Acceleration (https://docs.aws.amazon.com/AmazonS3/latest/dev/transfer-acceleration.html)
+// . Metadata When copying an object, you can preserve all metadata (the default)
+// or specify new metadata. However, the access control list (ACL) is not preserved
+// and is set to private for the user making the request. To override the default
+// ACL setting, specify a new ACL when generating a copy request. For more
+// information, see Using ACLs (https://docs.aws.amazon.com/AmazonS3/latest/dev/S3_ACLs_UsingACLs.html)
+// . To specify whether you want the object metadata copied from the source object
+// or replaced with metadata provided in the request, you can optionally add the
 // x-amz-metadata-directive header. When you grant permissions, you can use the
 // s3:x-amz-metadata-directive condition key to enforce certain metadata behavior
 // when objects are uploaded. For more information, see Specifying Conditions in a
-// Policy
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/amazon-s3-policy-keys.html) in
-// the Amazon S3 User Guide. For a complete list of Amazon S3-specific condition
-// keys, see Actions, Resources, and Condition Keys for Amazon S3
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/list_amazons3.html).
-// x-amz-copy-source-if Headers To only copy an object under certain conditions,
-// such as whether the Etag matches or whether the object was modified before or
-// after a specified date, use the following request parameters:
+// Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/amazon-s3-policy-keys.html)
+// in the Amazon S3 User Guide. For a complete list of Amazon S3-specific condition
+// keys, see Actions, Resources, and Condition Keys for Amazon S3 (https://docs.aws.amazon.com/AmazonS3/latest/dev/list_amazons3.html)
+// . x-amz-website-redirect-location is unique to each object and must be
+// specified in the request headers to copy the value. x-amz-copy-source-if Headers
+// To only copy an object under certain conditions, such as whether the Etag
+// matches or whether the object was modified before or after a specified date, use
+// the following request parameters:
+//   - x-amz-copy-source-if-match
+//   - x-amz-copy-source-if-none-match
+//   - x-amz-copy-source-if-unmodified-since
+//   - x-amz-copy-source-if-modified-since
 //
-// *
-// x-amz-copy-source-if-match
-//
-// * x-amz-copy-source-if-none-match
-//
-// *
-// x-amz-copy-source-if-unmodified-since
-//
-// * x-amz-copy-source-if-modified-since
-//
-// If
-// both the x-amz-copy-source-if-match and x-amz-copy-source-if-unmodified-since
+// If both the x-amz-copy-source-if-match and x-amz-copy-source-if-unmodified-since
 // headers are present in the request and evaluate as follows, Amazon S3 returns
 // 200 OK and copies the data:
+//   - x-amz-copy-source-if-match condition evaluates to true
+//   - x-amz-copy-source-if-unmodified-since condition evaluates to false
 //
-// * x-amz-copy-source-if-match condition evaluates to
-// true
-//
-// * x-amz-copy-source-if-unmodified-since condition evaluates to false
-//
-// If
-// both the x-amz-copy-source-if-none-match and x-amz-copy-source-if-modified-since
-// headers are present in the request and evaluate as follows, Amazon S3 returns
-// the 412 Precondition Failed response code:
-//
-// * x-amz-copy-source-if-none-match
-// condition evaluates to false
+// If both the x-amz-copy-source-if-none-match and
+// x-amz-copy-source-if-modified-since headers are present in the request and
+// evaluate as follows, Amazon S3 returns the 412 Precondition Failed response
+// code:
+//   - x-amz-copy-source-if-none-match condition evaluates to false
+//   - x-amz-copy-source-if-modified-since condition evaluates to true
 //
-// * x-amz-copy-source-if-modified-since condition
-// evaluates to true
-//
-// All headers with the x-amz- prefix, including
-// x-amz-copy-source, must be signed. Server-side encryption When you perform a
-// CopyObject operation, you can optionally use the appropriate encryption-related
-// headers to encrypt the object using server-side encryption with Amazon Web
-// Services managed encryption keys (SSE-S3 or SSE-KMS) or a customer-provided
-// encryption key. With server-side encryption, Amazon S3 encrypts your data as it
-// writes it to disks in its data centers and decrypts the data when you access it.
-// For more information about server-side encryption, see Using Server-Side
-// Encryption
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html). If
-// a target object uses SSE-KMS, you can enable an S3 Bucket Key for the object.
-// For more information, see Amazon S3 Bucket Keys
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-key.html) in the Amazon
-// S3 User Guide. Access Control List (ACL)-Specific Request Headers When copying
-// an object, you can optionally use headers to grant ACL-based permissions. By
-// default, all objects are private. Only the owner has full access control. When
-// adding a new object, you can grant permissions to individual Amazon Web Services
-// accounts or to predefined groups defined by Amazon S3. These permissions are
-// then added to the ACL on the object. For more information, see Access Control
-// List (ACL) Overview
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html) and Managing
-// ACLs Using the REST API
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-using-rest-api.html). If
-// the bucket that you're copying objects to uses the bucket owner enforced setting
-// for S3 Object Ownership, ACLs are disabled and no longer affect permissions.
-// Buckets that use this setting only accept PUT requests that don't specify an ACL
-// or PUT requests that specify bucket owner full control ACLs, such as the
-// bucket-owner-full-control canned ACL or an equivalent form of this ACL expressed
-// in the XML format. For more information, see  Controlling ownership of objects
-// and disabling ACLs
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html)
+// All headers with the x-amz- prefix, including x-amz-copy-source , must be
+// signed. Server-side encryption Amazon S3 automatically encrypts all new objects
+// that are copied to an S3 bucket. When copying an object, if you don't specify
+// encryption information in your copy request, the encryption setting of the
+// target object is set to the default encryption configuration of the destination
+// bucket. By default, all buckets have a base level of encryption configuration
+// that uses server-side encryption with Amazon S3 managed keys (SSE-S3). If the
+// destination bucket has a default encryption configuration that uses server-side
+// encryption with Key Management Service (KMS) keys (SSE-KMS), dual-layer
+// server-side encryption with Amazon Web Services KMS keys (DSSE-KMS), or
+// server-side encryption with customer-provided encryption keys (SSE-C), Amazon S3
+// uses the corresponding KMS key, or a customer-provided key to encrypt the target
+// object copy. When you perform a CopyObject operation, if you want to use a
+// different type of encryption setting for the target object, you can use other
+// appropriate encryption-related headers to encrypt the target object with a KMS
+// key, an Amazon S3 managed key, or a customer-provided key. With server-side
+// encryption, Amazon S3 encrypts your data as it writes your data to disks in its
+// data centers and decrypts the data when you access it. If the encryption setting
+// in your request is different from the default encryption configuration of the
+// destination bucket, the encryption setting in your request takes precedence. If
+// the source object for the copy is stored in Amazon S3 using SSE-C, you must
+// provide the necessary encryption information in your request so that Amazon S3
+// can decrypt the object for copying. For more information about server-side
+// encryption, see Using Server-Side Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html)
+// . If a target object uses SSE-KMS, you can enable an S3 Bucket Key for the
+// object. For more information, see Amazon S3 Bucket Keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-key.html)
+// in the Amazon S3 User Guide. Access Control List (ACL)-Specific Request Headers
+// When copying an object, you can optionally use headers to grant ACL-based
+// permissions. By default, all objects are private. Only the owner has full access
+// control. When adding a new object, you can grant permissions to individual
+// Amazon Web Services accounts or to predefined groups that are defined by Amazon
+// S3. These permissions are then added to the ACL on the object. For more
+// information, see Access Control List (ACL) Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html)
+// and Managing ACLs Using the REST API (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-using-rest-api.html)
+// . If the bucket that you're copying objects to uses the bucket owner enforced
+// setting for S3 Object Ownership, ACLs are disabled and no longer affect
+// permissions. Buckets that use this setting only accept PUT requests that don't
+// specify an ACL or PUT requests that specify bucket owner full control ACLs,
+// such as the bucket-owner-full-control canned ACL or an equivalent form of this
+// ACL expressed in the XML format. For more information, see Controlling
+// ownership of objects and disabling ACLs (https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html)
 // in the Amazon S3 User Guide. If your bucket uses the bucket owner enforced
 // setting for Object Ownership, all objects written to the bucket by any account
 // will be owned by the bucket owner. Checksums When copying an object, if it has a
 // checksum, that checksum will be copied to the new object by default. When you
-// copy the object over, you may optionally specify a different checksum algorithm
+// copy the object over, you can optionally specify a different checksum algorithm
 // to use with the x-amz-checksum-algorithm header. Storage Class Options You can
 // use the CopyObject action to change the storage class of an object that is
-// already stored in Amazon S3 using the StorageClass parameter. For more
-// information, see Storage Classes
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html) in
-// the Amazon S3 User Guide. Versioning By default, x-amz-copy-source identifies
-// the current version of an object to copy. If the current version is a delete
-// marker, Amazon S3 behaves as if the object was deleted. To copy a different
-// version, use the versionId subresource. If you enable versioning on the target
-// bucket, Amazon S3 generates a unique version ID for the object being copied.
-// This version ID is different from the version ID of the source object. Amazon S3
-// returns the version ID of the copied object in the x-amz-version-id response
-// header in the response. If you do not enable versioning or suspend it on the
-// target bucket, the version ID that Amazon S3 generates is always null. If the
-// source object's storage class is GLACIER, you must restore a copy of this object
+// already stored in Amazon S3 by using the StorageClass parameter. For more
+// information, see Storage Classes (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html)
+// in the Amazon S3 User Guide. If the source object's storage class is GLACIER or
+// DEEP_ARCHIVE, or the object's storage class is INTELLIGENT_TIERING and it's S3
+// Intelligent-Tiering access tier (https://docs.aws.amazon.com/AmazonS3/latest/userguide/intelligent-tiering-overview.html#intel-tiering-tier-definition)
+// is Archive Access or Deep Archive Access, you must restore a copy of this object
 // before you can use it as a source object for the copy operation. For more
-// information, see RestoreObject
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_RestoreObject.html). The
-// following operations are related to CopyObject:
-//
-// * PutObject
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html)
-//
-// *
-// GetObject
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html)
-//
-// For more
-// information, see Copying Objects
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/CopyingObjectsExamples.html).
+// information, see RestoreObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_RestoreObject.html)
+// . For more information, see Copying Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/CopyingObjectsExamples.html)
+// . Versioning By default, x-amz-copy-source header identifies the current
+// version of an object to copy. If the current version is a delete marker, Amazon
+// S3 behaves as if the object was deleted. To copy a different version, use the
+// versionId subresource. If you enable versioning on the target bucket, Amazon S3
+// generates a unique version ID for the object being copied. This version ID is
+// different from the version ID of the source object. Amazon S3 returns the
+// version ID of the copied object in the x-amz-version-id response header in the
+// response. If you do not enable versioning or suspend it on the target bucket,
+// the version ID that Amazon S3 generates is always null. The following operations
+// are related to CopyObject :
+//   - PutObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html)
+//   - GetObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html)
 func (c *Client) CopyObject(ctx context.Context, params *CopyObjectInput, optFns ...func(*Options)) (*CopyObjectOutput, error) {
 	if params == nil {
 		params = &CopyObjectInput{}
@@ -175,58 +173,53 @@ func (c *Client) CopyObject(ctx context.Context, params *CopyObjectInput, optFns
 
 type CopyObjectInput struct {
 
-	// The name of the destination bucket. When using this action with an access point,
-	// you must direct requests to the access point hostname. The access point hostname
-	// takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com.
-	// When using this action with an access point through the Amazon Web Services
-	// SDKs, you provide the access point ARN in place of the bucket name. For more
-	// information about access point ARNs, see Using access points
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
-	// in the Amazon S3 User Guide. When using this action with Amazon S3 on Outposts,
-	// you must direct requests to the S3 on Outposts hostname. The S3 on Outposts
+	// The name of the destination bucket. When using this action with an access
+	// point, you must direct requests to the access point hostname. The access point
 	// hostname takes the form
-	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When using
-	// this action with S3 on Outposts through the Amazon Web Services SDKs, you
-	// provide the Outposts bucket ARN in place of the bucket name. For more
-	// information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) in the
-	// Amazon S3 User Guide.
+	// AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this
+	// action with an access point through the Amazon Web Services SDKs, you provide
+	// the access point ARN in place of the bucket name. For more information about
+	// access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
+	// in the Amazon S3 User Guide. When you use this action with Amazon S3 on
+	// Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on
+	// Outposts hostname takes the form
+	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com . When you
+	// use this action with S3 on Outposts through the Amazon Web Services SDKs, you
+	// provide the Outposts access point ARN in place of the bucket name. For more
+	// information about S3 on Outposts ARNs, see What is S3 on Outposts? (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
+	// in the Amazon S3 User Guide.
 	//
 	// This member is required.
 	Bucket *string
 
-	// Specifies the source object for the copy operation. You specify the value in one
-	// of two formats, depending on whether you want to access the source object
-	// through an access point
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-points.html):
-	//
-	// *
-	// For objects not accessed through an access point, specify the name of the source
-	// bucket and the key of the source object, separated by a slash (/). For example,
-	// to copy the object reports/january.pdf from the bucket awsexamplebucket, use
-	// awsexamplebucket/reports/january.pdf. The value must be URL-encoded.
-	//
-	// * For
-	// objects accessed through access points, specify the Amazon Resource Name (ARN)
-	// of the object as accessed through the access point, in the format
-	// arn:aws:s3:::accesspoint//object/. For example, to copy the object
-	// reports/january.pdf through access point my-access-point owned by account
-	// 123456789012 in Region us-west-2, use the URL encoding of
-	// arn:aws:s3:us-west-2:123456789012:accesspoint/my-access-point/object/reports/january.pdf.
-	// The value must be URL encoded. Amazon S3 supports copy operations using access
-	// points only when the source and destination buckets are in the same Amazon Web
-	// Services Region. Alternatively, for objects accessed through Amazon S3 on
-	// Outposts, specify the ARN of the object as accessed in the format
-	// arn:aws:s3-outposts:::outpost//object/. For example, to copy the object
-	// reports/january.pdf through outpost my-outpost owned by account 123456789012 in
-	// Region us-west-2, use the URL encoding of
-	// arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/object/reports/january.pdf.
-	// The value must be URL-encoded.
-	//
-	// To copy a specific version of an object, append
-	// ?versionId= to the value (for example,
-	// awsexamplebucket/reports/january.pdf?versionId=QUpfdndhfd8438MNFDN93jdnJFkdmqnh893).
-	// If you don't specify a version ID, Amazon S3 copies the latest version of the
+	// Specifies the source object for the copy operation. You specify the value in
+	// one of two formats, depending on whether you want to access the source object
+	// through an access point (https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-points.html)
+	// :
+	//   - For objects not accessed through an access point, specify the name of the
+	//   source bucket and the key of the source object, separated by a slash (/). For
+	//   example, to copy the object reports/january.pdf from the bucket
+	//   awsexamplebucket , use awsexamplebucket/reports/january.pdf . The value must
+	//   be URL-encoded.
+	//   - For objects accessed through access points, specify the Amazon Resource
+	//   Name (ARN) of the object as accessed through the access point, in the format
+	//   arn:aws:s3:::accesspoint//object/ . For example, to copy the object
+	//   reports/january.pdf through access point my-access-point owned by account
+	//   123456789012 in Region us-west-2 , use the URL encoding of
+	//   arn:aws:s3:us-west-2:123456789012:accesspoint/my-access-point/object/reports/january.pdf
+	//   . The value must be URL encoded. Amazon S3 supports copy operations using access
+	//   points only when the source and destination buckets are in the same Amazon Web
+	//   Services Region. Alternatively, for objects accessed through Amazon S3 on
+	//   Outposts, specify the ARN of the object as accessed in the format
+	//   arn:aws:s3-outposts:::outpost//object/ . For example, to copy the object
+	//   reports/january.pdf through outpost my-outpost owned by account 123456789012
+	//   in Region us-west-2 , use the URL encoding of
+	//   arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/object/reports/january.pdf
+	//   . The value must be URL-encoded.
+	// To copy a specific version of an object, append ?versionId= to the value (for
+	// example,
+	// awsexamplebucket/reports/january.pdf?versionId=QUpfdndhfd8438MNFDN93jdnJFkdmqnh893
+	// ). If you don't specify a version ID, Amazon S3 copies the latest version of the
 	// source object.
 	//
 	// This member is required.
@@ -237,23 +230,22 @@ type CopyObjectInput struct {
 	// This member is required.
 	Key *string
 
-	// The canned ACL to apply to the object. This action is not supported by Amazon S3
-	// on Outposts.
+	// The canned ACL to apply to the object. This action is not supported by Amazon
+	// S3 on Outposts.
 	ACL types.ObjectCannedACL
 
 	// Specifies whether Amazon S3 should use an S3 Bucket Key for object encryption
-	// with server-side encryption using AWS KMS (SSE-KMS). Setting this header to true
-	// causes Amazon S3 to use an S3 Bucket Key for object encryption with SSE-KMS.
-	// Specifying this header with a COPY action doesn’t affect bucket-level settings
-	// for S3 Bucket Key.
+	// with server-side encryption using Key Management Service (KMS) keys (SSE-KMS).
+	// Setting this header to true causes Amazon S3 to use an S3 Bucket Key for object
+	// encryption with SSE-KMS. Specifying this header with a COPY action doesn’t
+	// affect bucket-level settings for S3 Bucket Key.
 	BucketKeyEnabled bool
 
 	// Specifies caching behavior along the request/reply chain.
 	CacheControl *string
 
-	// Indicates the algorithm you want Amazon S3 to use to create the checksum for the
-	// object. For more information, see Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// Indicates the algorithm you want Amazon S3 to use to create the checksum for
+	// the object. For more information, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
 	// in the Amazon S3 User Guide.
 	ChecksumAlgorithm types.ChecksumAlgorithm
 
@@ -318,8 +310,8 @@ type CopyObjectInput struct {
 	// supported by Amazon S3 on Outposts.
 	GrantRead *string
 
-	// Allows grantee to read the object ACL. This action is not supported by Amazon S3
-	// on Outposts.
+	// Allows grantee to read the object ACL. This action is not supported by Amazon
+	// S3 on Outposts.
 	GrantReadACP *string
 
 	// Allows grantee to write the ACL for the applicable object. This action is not
@@ -329,8 +321,8 @@ type CopyObjectInput struct {
 	// A map of metadata to store with the object in S3.
 	Metadata map[string]string
 
-	// Specifies whether the metadata is copied from the source object or replaced with
-	// metadata provided in the request.
+	// Specifies whether the metadata is copied from the source object or replaced
+	// with metadata provided in the request.
 	MetadataDirective types.MetadataDirective
 
 	// Specifies whether you want to apply a legal hold to the copied object.
@@ -343,10 +335,11 @@ type CopyObjectInput struct {
 	ObjectLockRetainUntilDate *time.Time
 
 	// Confirms that the requester knows that they will be charged for the request.
-	// Bucket owners need not specify this parameter in their requests. For information
-	// about downloading objects from Requester Pays buckets, see Downloading Objects
-	// in Requester Pays Buckets
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
+	// Bucket owners need not specify this parameter in their requests. If either the
+	// source or destination Amazon S3 bucket has Requester Pays enabled, the requester
+	// will pay for corresponding charges to copy the object. For information about
+	// downloading objects from Requester Pays buckets, see Downloading Objects in
+	// Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
 	// in the Amazon S3 User Guide.
 	RequestPayer types.RequestPayer
 
@@ -371,30 +364,28 @@ type CopyObjectInput struct {
 	// JSON with the encryption context key-value pairs.
 	SSEKMSEncryptionContext *string
 
-	// Specifies the Amazon Web Services KMS key ID to use for object encryption. All
-	// GET and PUT requests for an object protected by Amazon Web Services KMS will
-	// fail if not made via SSL or using SigV4. For information about configuring using
-	// any of the officially supported Amazon Web Services SDKs and Amazon Web Services
-	// CLI, see Specifying the Signature Version in Request Authentication
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingAWSSDK.html#specify-signature-version)
+	// Specifies the KMS ID (Key ID, Key ARN, or Key Alias) to use for object
+	// encryption. All GET and PUT requests for an object protected by KMS will fail if
+	// they're not made via SSL or using SigV4. For information about configuring any
+	// of the officially supported Amazon Web Services SDKs and Amazon Web Services
+	// CLI, see Specifying the Signature Version in Request Authentication (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingAWSSDK.html#specify-signature-version)
 	// in the Amazon S3 User Guide.
 	SSEKMSKeyId *string
 
 	// The server-side encryption algorithm used when storing this object in Amazon S3
-	// (for example, AES256, aws:kms).
+	// (for example, AES256 , aws:kms , aws:kms:dsse ).
 	ServerSideEncryption types.ServerSideEncryption
 
-	// By default, Amazon S3 uses the STANDARD Storage Class to store newly created
-	// objects. The STANDARD storage class provides high durability and high
-	// availability. Depending on performance needs, you can specify a different
-	// Storage Class. Amazon S3 on Outposts only uses the OUTPOSTS Storage Class. For
-	// more information, see Storage Classes
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html) in
-	// the Amazon S3 User Guide.
+	// If the x-amz-storage-class header is not used, the copied object will be stored
+	// in the STANDARD Storage Class by default. The STANDARD storage class provides
+	// high durability and high availability. Depending on performance needs, you can
+	// specify a different Storage Class. Amazon S3 on Outposts only uses the OUTPOSTS
+	// Storage Class. For more information, see Storage Classes (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html)
+	// in the Amazon S3 User Guide.
 	StorageClass types.StorageClass
 
 	// The tag-set for the object destination object this value must be used in
-	// conjunction with the TaggingDirective. The tag-set must be encoded as URL Query
+	// conjunction with the TaggingDirective . The tag-set must be encoded as URL Query
 	// parameters.
 	Tagging *string
 
@@ -404,7 +395,9 @@ type CopyObjectInput struct {
 
 	// If the bucket is configured as a website, redirects requests for this object to
 	// another object in the same bucket or to an external URL. Amazon S3 stores the
-	// value of this header in the object metadata.
+	// value of this header in the object metadata. This value is unique to each object
+	// and is not copied when using the x-amz-metadata-directive header. Instead, you
+	// may opt to provide this header in combination with the directive.
 	WebsiteRedirectLocation *string
 
 	noSmithyDocumentSerde
@@ -413,7 +406,7 @@ type CopyObjectInput struct {
 type CopyObjectOutput struct {
 
 	// Indicates whether the copied object uses an S3 Bucket Key for server-side
-	// encryption with Amazon Web Services KMS (SSE-KMS).
+	// encryption with Key Management Service (KMS) keys (SSE-KMS).
 	BucketKeyEnabled bool
 
 	// Container for all response elements.
@@ -429,13 +422,14 @@ type CopyObjectOutput struct {
 	// request.
 	RequestCharged types.RequestCharged
 
-	// If server-side encryption with a customer-provided encryption key was requested,
-	// the response will include this header confirming the encryption algorithm used.
+	// If server-side encryption with a customer-provided encryption key was
+	// requested, the response will include this header confirming the encryption
+	// algorithm used.
 	SSECustomerAlgorithm *string
 
-	// If server-side encryption with a customer-provided encryption key was requested,
-	// the response will include this header to provide round-trip message integrity
-	// verification of the customer-provided encryption key.
+	// If server-side encryption with a customer-provided encryption key was
+	// requested, the response will include this header to provide round-trip message
+	// integrity verification of the customer-provided encryption key.
 	SSECustomerKeyMD5 *string
 
 	// If present, specifies the Amazon Web Services KMS Encryption Context to use for
@@ -443,13 +437,12 @@ type CopyObjectOutput struct {
 	// holding JSON with the encryption context key-value pairs.
 	SSEKMSEncryptionContext *string
 
-	// If present, specifies the ID of the Amazon Web Services Key Management Service
-	// (Amazon Web Services KMS) symmetric customer managed key that was used for the
-	// object.
+	// If present, specifies the ID of the Key Management Service (KMS) symmetric
+	// encryption customer managed key that was used for the object.
 	SSEKMSKeyId *string
 
 	// The server-side encryption algorithm used when storing this object in Amazon S3
-	// (for example, AES256, aws:kms).
+	// (for example, AES256 , aws:kms , aws:kms:dsse ).
 	ServerSideEncryption types.ServerSideEncryption
 
 	// Version ID of the newly created copy.
@@ -470,6 +463,9 @@ func (c *Client) addOperationCopyObjectMiddlewares(stack *middleware.Stack, opti
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -497,7 +493,7 @@ func (c *Client) addOperationCopyObjectMiddlewares(stack *middleware.Stack, opti
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -509,6 +505,9 @@ func (c *Client) addOperationCopyObjectMiddlewares(stack *middleware.Stack, opti
 	if err = swapWithCustomHTTPSignerMiddleware(stack, options); err != nil {
 		return err
 	}
+	if err = addCopyObjectResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpCopyObjectValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -518,6 +517,9 @@ func (c *Client) addOperationCopyObjectMiddlewares(stack *middleware.Stack, opti
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addCopyObjectUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
@@ -536,9 +538,22 @@ func (c *Client) addOperationCopyObjectMiddlewares(stack *middleware.Stack, opti
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
+	if err = addSerializeImmutableHostnameBucketMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
+func (v *CopyObjectInput) bucket() (string, bool) {
+	if v.Bucket == nil {
+		return "", false
+	}
+	return *v.Bucket, true
+}
+
 func newServiceMetadataMiddleware_opCopyObject(region string) *awsmiddleware.RegisterServiceMetadata {
 	return &awsmiddleware.RegisterServiceMetadata{
 		Region:        region,
@@ -548,8 +563,9 @@ func newServiceMetadataMiddleware_opCopyObject(region string) *awsmiddleware.Reg
 	}
 }
 
-// getCopyObjectBucketMember returns a pointer to string denoting a provided bucket
-// member valueand a boolean indicating if the input has a modeled bucket name,
+// getCopyObjectBucketMember returns a pointer to string denoting a provided
+// bucket member valueand a boolean indicating if the input has a modeled bucket
+// name,
 func getCopyObjectBucketMember(input interface{}) (*string, bool) {
 	in := input.(*CopyObjectInput)
 	if in.Bucket == nil {
@@ -572,3 +588,139 @@ func addCopyObjectUpdateEndpoint(stack *middleware.Stack, options Options) error
 		DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
 	})
 }
+
+type opCopyObjectResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opCopyObjectResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opCopyObjectResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	input, ok := in.Parameters.(*CopyObjectInput)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	params.Bucket = input.Bucket
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "s3"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, internalauth.SigV4)
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "s3"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, v4Scheme.Name)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("s3")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			ctx = s3cust.SetSignerVersion(ctx, v4a.Version)
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addCopyObjectResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opCopyObjectResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:                         options.Region,
+			UseFIPS:                        options.EndpointOptions.UseFIPSEndpoint,
+			UseDualStack:                   options.EndpointOptions.UseDualStackEndpoint,
+			Endpoint:                       options.BaseEndpoint,
+			ForcePathStyle:                 options.UsePathStyle,
+			Accelerate:                     options.UseAccelerate,
+			DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
+			UseArnRegion:                   options.UseARNRegion,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_CreateBucket.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_CreateBucket.go
index 27322a2c6..9da6f8b9c 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_CreateBucket.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_CreateBucket.go
@@ -4,11 +4,18 @@ package s3
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	"github.com/aws/aws-sdk-go-v2/internal/v4a"
 	s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations"
 	"github.com/aws/aws-sdk-go-v2/service/s3/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
+	"github.com/aws/smithy-go/ptr"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
 
@@ -16,121 +23,63 @@ import (
 // and have a valid Amazon Web Services Access Key ID to authenticate requests.
 // Anonymous requests are never allowed to create buckets. By creating the bucket,
 // you become the bucket owner. Not every string is an acceptable bucket name. For
-// information about bucket naming restrictions, see Bucket naming rules
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html).
-// If you want to create an Amazon S3 on Outposts bucket, see Create Bucket
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_CreateBucket.html).
-// By default, the bucket is created in the US East (N. Virginia) Region. You can
-// optionally specify a Region in the request body. You might choose a Region to
-// optimize latency, minimize costs, or address regulatory requirements. For
-// example, if you reside in Europe, you will probably find it advantageous to
-// create buckets in the Europe (Ireland) Region. For more information, see
-// Accessing a bucket
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingBucket.html#access-bucket-intro).
-// If you send your create bucket request to the s3.amazonaws.com endpoint, the
-// request goes to the us-east-1 Region. Accordingly, the signature calculations in
-// Signature Version 4 must use us-east-1 as the Region, even if the location
+// information about bucket naming restrictions, see Bucket naming rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html)
+// . If you want to create an Amazon S3 on Outposts bucket, see Create Bucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_CreateBucket.html)
+// . By default, the bucket is created in the US East (N. Virginia) Region. You can
+// optionally specify a Region in the request body. To constrain the bucket
+// creation to a specific Region, you can use LocationConstraint (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucketConfiguration.html)
+// condition key. You might choose a Region to optimize latency, minimize costs, or
+// address regulatory requirements. For example, if you reside in Europe, you will
+// probably find it advantageous to create buckets in the Europe (Ireland) Region.
+// For more information, see Accessing a bucket (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingBucket.html#access-bucket-intro)
+// . If you send your create bucket request to the s3.amazonaws.com endpoint, the
+// request goes to the us-east-1 Region. Accordingly, the signature calculations
+// in Signature Version 4 must use us-east-1 as the Region, even if the location
 // constraint in the request specifies another Region where the bucket is to be
 // created. If you create a bucket in a Region other than US East (N. Virginia),
 // your application must be able to handle 307 redirect. For more information, see
-// Virtual hosting of buckets
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/VirtualHosting.html). Access
-// control lists (ACLs) When creating a bucket using this operation, you can
-// optionally configure the bucket ACL to specify the accounts or groups that
-// should be granted specific permissions on the bucket. If your CreateBucket
-// request sets bucket owner enforced for S3 Object Ownership and specifies a
-// bucket ACL that provides access to an external Amazon Web Services account, your
-// request fails with a 400 error and returns the
-// InvalidBucketAclWithObjectOwnership error code. For more information, see
-// Controlling object ownership
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html)
-// in the Amazon S3 User Guide. There are two ways to grant the appropriate
-// permissions using the request headers.
+// Virtual hosting of buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/VirtualHosting.html)
+// . Permissions In addition to s3:CreateBucket , the following permissions are
+// required when your CreateBucket request includes specific headers:
+//   - Access control lists (ACLs) - If your CreateBucket request specifies access
+//     control list (ACL) permissions and the ACL is public-read, public-read-write,
+//     authenticated-read, or if you specify access permissions explicitly through any
+//     other ACL, both s3:CreateBucket and s3:PutBucketAcl permissions are needed. If
+//     the ACL for the CreateBucket request is private or if the request doesn't
+//     specify any ACLs, only s3:CreateBucket permission is needed.
+//   - Object Lock - If ObjectLockEnabledForBucket is set to true in your
+//     CreateBucket request, s3:PutBucketObjectLockConfiguration and
+//     s3:PutBucketVersioning permissions are required.
+//   - S3 Object Ownership - If your CreateBucket request includes the
+//     x-amz-object-ownership header, then the s3:PutBucketOwnershipControls
+//     permission is required. By default, ObjectOwnership is set to
+//     BucketOWnerEnforced and ACLs are disabled. We recommend keeping ACLs disabled,
+//     except in uncommon use cases where you must control access for each object
+//     individually. If you want to change the ObjectOwnership setting, you can use
+//     the x-amz-object-ownership header in your CreateBucket request to set the
+//     ObjectOwnership setting of your choice. For more information about S3 Object
+//     Ownership, see Controlling object ownership  (https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html)
+//     in the Amazon S3 User Guide.
+//   - S3 Block Public Access - If your specific use case requires granting public
+//     access to your S3 resources, you can disable Block Public Access. You can create
+//     a new bucket with Block Public Access enabled, then separately call the
+//     DeletePublicAccessBlock (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeletePublicAccessBlock.html)
+//     API. To use this operation, you must have the s3:PutBucketPublicAccessBlock
+//     permission. By default, all Block Public Access settings are enabled for new
+//     buckets. To avoid inadvertent exposure of your resources, we recommend keeping
+//     the S3 Block Public Access settings enabled. For more information about S3 Block
+//     Public Access, see Blocking public access to your Amazon S3 storage  (https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html)
+//     in the Amazon S3 User Guide.
 //
-// * Specify a canned ACL using the
-// x-amz-acl request header. Amazon S3 supports a set of predefined ACLs, known as
-// canned ACLs. Each canned ACL has a predefined set of grantees and permissions.
-// For more information, see Canned ACL
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL).
-//
-// *
-// Specify access permissions explicitly using the x-amz-grant-read,
-// x-amz-grant-write, x-amz-grant-read-acp, x-amz-grant-write-acp, and
-// x-amz-grant-full-control headers. These headers map to the set of permissions
-// Amazon S3 supports in an ACL. For more information, see Access control list
-// (ACL) overview
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/acl-overview.html). You
-// specify each grantee as a type=value pair, where the type is one of the
-// following:
-//
-// * id – if the value specified is the canonical user ID of an Amazon
-// Web Services account
-//
-// * uri – if you are granting permissions to a predefined
-// group
-//
-// * emailAddress – if the value specified is the email address of an Amazon
-// Web Services account Using email addresses to specify a grantee is only
-// supported in the following Amazon Web Services Regions:
-//
-// * US East (N.
-// Virginia)
-//
-// * US West (N. California)
-//
-// * US West (Oregon)
-//
-// * Asia Pacific
-// (Singapore)
-//
-// * Asia Pacific (Sydney)
-//
-// * Asia Pacific (Tokyo)
-//
-// * Europe
-// (Ireland)
-//
-// * South America (São Paulo)
-//
-// For a list of all the Amazon S3
-// supported Regions and endpoints, see Regions and Endpoints
-// (https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region) in the
-// Amazon Web Services General Reference.
-//
-// For example, the following
-// x-amz-grant-read header grants the Amazon Web Services accounts identified by
-// account IDs permissions to read object data and its metadata: x-amz-grant-read:
-// id="11112222333", id="444455556666"
-//
-// You can use either a canned ACL or specify
-// access permissions explicitly. You cannot do both. Permissions In addition to
-// s3:CreateBucket, the following permissions are required when your CreateBucket
-// includes specific headers:
-//
-// * ACLs - If your CreateBucket request specifies ACL
-// permissions and the ACL is public-read, public-read-write, authenticated-read,
-// or if you specify access permissions explicitly through any other ACL, both
-// s3:CreateBucket and s3:PutBucketAcl permissions are needed. If the ACL the
-// CreateBucket request is private or doesn't specify any ACLs, only
-// s3:CreateBucket permission is needed.
-//
-// * Object Lock - If
-// ObjectLockEnabledForBucket is set to true in your CreateBucket request,
-// s3:PutBucketObjectLockConfiguration and s3:PutBucketVersioning permissions are
-// required.
-//
-// * S3 Object Ownership - If your CreateBucket request includes the the
-// x-amz-object-ownership header, s3:PutBucketOwnershipControls permission is
-// required.
-//
-// The following operations are related to CreateBucket:
-//
-// * PutObject
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html)
-//
-// *
-// DeleteBucket
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucket.html)
+// If your CreateBucket request sets BucketOwnerEnforced for Amazon S3 Object
+// Ownership and specifies a bucket ACL that provides access to an external Amazon
+// Web Services account, your request fails with a 400 error and returns the
+// InvalidBucketAcLWithObjectOwnership error code. For more information, see
+// Setting Object Ownership on an existing bucket  (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-ownership-existing-bucket.html)
+// in the Amazon S3 User Guide. The following operations are related to
+// CreateBucket :
+//   - PutObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html)
+//   - DeleteBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucket.html)
 func (c *Client) CreateBucket(ctx context.Context, params *CreateBucketInput, optFns ...func(*Options)) (*CreateBucketOutput, error) {
 	if params == nil {
 		params = &CreateBucketInput{}
@@ -216,6 +165,9 @@ func (c *Client) addOperationCreateBucketMiddlewares(stack *middleware.Stack, op
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -243,7 +195,7 @@ func (c *Client) addOperationCreateBucketMiddlewares(stack *middleware.Stack, op
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -255,6 +207,9 @@ func (c *Client) addOperationCreateBucketMiddlewares(stack *middleware.Stack, op
 	if err = swapWithCustomHTTPSignerMiddleware(stack, options); err != nil {
 		return err
 	}
+	if err = addCreateBucketResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpCreateBucketValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -264,6 +219,9 @@ func (c *Client) addOperationCreateBucketMiddlewares(stack *middleware.Stack, op
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addCreateBucketUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
@@ -279,9 +237,22 @@ func (c *Client) addOperationCreateBucketMiddlewares(stack *middleware.Stack, op
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
+	if err = addSerializeImmutableHostnameBucketMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
+func (v *CreateBucketInput) bucket() (string, bool) {
+	if v.Bucket == nil {
+		return "", false
+	}
+	return *v.Bucket, true
+}
+
 func newServiceMetadataMiddleware_opCreateBucket(region string) *awsmiddleware.RegisterServiceMetadata {
 	return &awsmiddleware.RegisterServiceMetadata{
 		Region:        region,
@@ -316,3 +287,141 @@ func addCreateBucketUpdateEndpoint(stack *middleware.Stack, options Options) err
 		DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
 	})
 }
+
+type opCreateBucketResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opCreateBucketResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opCreateBucketResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	input, ok := in.Parameters.(*CreateBucketInput)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	params.Bucket = input.Bucket
+
+	params.DisableAccessPoints = ptr.Bool(true)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "s3"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, internalauth.SigV4)
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "s3"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, v4Scheme.Name)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("s3")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			ctx = s3cust.SetSignerVersion(ctx, v4a.Version)
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addCreateBucketResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opCreateBucketResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:                         options.Region,
+			UseFIPS:                        options.EndpointOptions.UseFIPSEndpoint,
+			UseDualStack:                   options.EndpointOptions.UseDualStackEndpoint,
+			Endpoint:                       options.BaseEndpoint,
+			ForcePathStyle:                 options.UsePathStyle,
+			Accelerate:                     options.UseAccelerate,
+			DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
+			UseArnRegion:                   options.UseARNRegion,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_CreateMultipartUpload.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_CreateMultipartUpload.go
index 825feebd2..2831c54c7 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_CreateMultipartUpload.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_CreateMultipartUpload.go
@@ -4,10 +4,16 @@ package s3
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	"github.com/aws/aws-sdk-go-v2/internal/v4a"
 	s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations"
 	"github.com/aws/aws-sdk-go-v2/service/s3/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 	"time"
@@ -16,223 +22,163 @@ import (
 // This action initiates a multipart upload and returns an upload ID. This upload
 // ID is used to associate all of the parts in the specific multipart upload. You
 // specify this upload ID in each of your subsequent upload part requests (see
-// UploadPart
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html)). You also
-// include this upload ID in the final request to either complete or abort the
-// multipart upload request. For more information about multipart uploads, see
-// Multipart Upload Overview
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html). If you have
-// configured a lifecycle rule to abort incomplete multipart uploads, the upload
-// must complete within the number of days specified in the bucket lifecycle
-// configuration. Otherwise, the incomplete multipart upload becomes eligible for
-// an abort action and Amazon S3 aborts the multipart upload. For more information,
-// see Aborting Incomplete Multipart Uploads Using a Bucket Lifecycle Policy
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html#mpu-abort-incomplete-mpu-lifecycle-config).
-// For information about the permissions required to use the multipart upload API,
-// see Multipart Upload and Permissions
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html). For
-// request signing, multipart upload is just a series of regular requests. You
-// initiate a multipart upload, send one or more requests to upload parts, and then
-// complete the multipart upload process. You sign each request individually. There
-// is nothing special about signing multipart upload requests. For more information
-// about signing, see Authenticating Requests (Amazon Web Services Signature
-// Version 4)
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-authenticating-requests.html).
-// After you initiate a multipart upload and upload one or more parts, to stop
+// UploadPart (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html)
+// ). You also include this upload ID in the final request to either complete or
+// abort the multipart upload request. For more information about multipart
+// uploads, see Multipart Upload Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html)
+// . If you have configured a lifecycle rule to abort incomplete multipart uploads,
+// the upload must complete within the number of days specified in the bucket
+// lifecycle configuration. Otherwise, the incomplete multipart upload becomes
+// eligible for an abort action and Amazon S3 aborts the multipart upload. For more
+// information, see Aborting Incomplete Multipart Uploads Using a Bucket Lifecycle
+// Configuration (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html#mpu-abort-incomplete-mpu-lifecycle-config)
+// . For information about the permissions required to use the multipart upload
+// API, see Multipart Upload and Permissions (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html)
+// . For request signing, multipart upload is just a series of regular requests.
+// You initiate a multipart upload, send one or more requests to upload parts, and
+// then complete the multipart upload process. You sign each request individually.
+// There is nothing special about signing multipart upload requests. For more
+// information about signing, see Authenticating Requests (Amazon Web Services
+// Signature Version 4) (https://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-authenticating-requests.html)
+// . After you initiate a multipart upload and upload one or more parts, to stop
 // being charged for storing the uploaded parts, you must either complete or abort
 // the multipart upload. Amazon S3 frees up the space used to store the parts and
 // stop charging you for storing them only after you either complete or abort a
-// multipart upload. You can optionally request server-side encryption. For
-// server-side encryption, Amazon S3 encrypts your data as it writes it to disks in
-// its data centers and decrypts it when you access it. You can provide your own
-// encryption key, or use Amazon Web Services KMS keys or Amazon S3-managed
-// encryption keys. If you choose to provide your own encryption key, the request
-// headers you provide in UploadPart
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html) and
-// UploadPartCopy
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html)
+// multipart upload. Server-side encryption is for data encryption at rest. Amazon
+// S3 encrypts your data as it writes it to disks in its data centers and decrypts
+// it when you access it. Amazon S3 automatically encrypts all new objects that are
+// uploaded to an S3 bucket. When doing a multipart upload, if you don't specify
+// encryption information in your request, the encryption setting of the uploaded
+// parts is set to the default encryption configuration of the destination bucket.
+// By default, all buckets have a base level of encryption configuration that uses
+// server-side encryption with Amazon S3 managed keys (SSE-S3). If the destination
+// bucket has a default encryption configuration that uses server-side encryption
+// with an Key Management Service (KMS) key (SSE-KMS), or a customer-provided
+// encryption key (SSE-C), Amazon S3 uses the corresponding KMS key, or a
+// customer-provided key to encrypt the uploaded parts. When you perform a
+// CreateMultipartUpload operation, if you want to use a different type of
+// encryption setting for the uploaded parts, you can request that Amazon S3
+// encrypts the object with a KMS key, an Amazon S3 managed key, or a
+// customer-provided key. If the encryption setting in your request is different
+// from the default encryption configuration of the destination bucket, the
+// encryption setting in your request takes precedence. If you choose to provide
+// your own encryption key, the request headers you provide in UploadPart (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html)
+// and UploadPartCopy (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html)
 // requests must match the headers you used in the request to initiate the upload
-// by using CreateMultipartUpload. To perform a multipart upload with encryption
-// using an Amazon Web Services KMS key, the requester must have permission to the
-// kms:Decrypt and kms:GenerateDataKey* actions on the key. These permissions are
-// required because Amazon S3 must decrypt and read data from the encrypted file
-// parts before it completes the multipart upload. For more information, see
-// Multipart upload API and permissions
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/mpuoverview.html#mpuAndPermissions)
+// by using CreateMultipartUpload . You can request that Amazon S3 save the
+// uploaded parts encrypted with server-side encryption with an Amazon S3 managed
+// key (SSE-S3), an Key Management Service (KMS) key (SSE-KMS), or a
+// customer-provided encryption key (SSE-C). To perform a multipart upload with
+// encryption by using an Amazon Web Services KMS key, the requester must have
+// permission to the kms:Decrypt and kms:GenerateDataKey* actions on the key.
+// These permissions are required because Amazon S3 must decrypt and read data from
+// the encrypted file parts before it completes the multipart upload. For more
+// information, see Multipart upload API and permissions (https://docs.aws.amazon.com/AmazonS3/latest/userguide/mpuoverview.html#mpuAndPermissions)
+// and Protecting data using server-side encryption with Amazon Web Services KMS (https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html)
 // in the Amazon S3 User Guide. If your Identity and Access Management (IAM) user
 // or role is in the same Amazon Web Services account as the KMS key, then you must
 // have these permissions on the key policy. If your IAM user or role belongs to a
 // different account than the key, then you must have the permissions on both the
 // key policy and your IAM user or role. For more information, see Protecting Data
-// Using Server-Side Encryption
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html).
-// Access Permissions When copying an object, you can optionally specify the
+// Using Server-Side Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html)
+// . Access Permissions When copying an object, you can optionally specify the
 // accounts or groups that should be granted specific permissions on the new
-// object. There are two ways to grant the permissions using the request
-// headers:
-//
-// * Specify a canned ACL with the x-amz-acl request header. For more
-// information, see Canned ACL
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL).
-//
-// *
-// Specify access permissions explicitly with the x-amz-grant-read,
-// x-amz-grant-read-acp, x-amz-grant-write-acp, and x-amz-grant-full-control
-// headers. These parameters map to the set of permissions that Amazon S3 supports
-// in an ACL. For more information, see Access Control List (ACL) Overview
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html).
-//
-// You can
-// use either a canned ACL or specify access permissions explicitly. You cannot do
-// both. Server-Side- Encryption-Specific Request Headers You can optionally tell
-// Amazon S3 to encrypt data at rest using server-side encryption. Server-side
-// encryption is for data encryption at rest. Amazon S3 encrypts your data as it
-// writes it to disks in its data centers and decrypts it when you access it. The
-// option you use depends on whether you want to use Amazon Web Services managed
-// encryption keys or provide your own encryption key.
-//
-// * Use encryption keys
-// managed by Amazon S3 or customer managed key stored in Amazon Web Services Key
-// Management Service (Amazon Web Services KMS) – If you want Amazon Web Services
-// to manage the keys used to encrypt data, specify the following headers in the
-// request.
-//
-// * x-amz-server-side-encryption
-//
-// *
-// x-amz-server-side-encryption-aws-kms-key-id
-//
-// *
-// x-amz-server-side-encryption-context
-//
-// If you specify
-// x-amz-server-side-encryption:aws:kms, but don't provide
-// x-amz-server-side-encryption-aws-kms-key-id, Amazon S3 uses the Amazon Web
-// Services managed key in Amazon Web Services KMS to protect the data. All GET and
-// PUT requests for an object protected by Amazon Web Services KMS fail if you
-// don't make them with SSL or by using SigV4. For more information about
-// server-side encryption with KMS key (SSE-KMS), see Protecting Data Using
-// Server-Side Encryption with KMS keys
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingKMSEncryption.html).
-//
-// *
-// Use customer-provided encryption keys – If you want to manage your own
-// encryption keys, provide all the following headers in the request.
-//
-// *
-// x-amz-server-side-encryption-customer-algorithm
-//
-// *
-// x-amz-server-side-encryption-customer-key
-//
-// *
-// x-amz-server-side-encryption-customer-key-MD5
-//
-// For more information about
-// server-side encryption with KMS keys (SSE-KMS), see Protecting Data Using
-// Server-Side Encryption with KMS keys
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingKMSEncryption.html).
-//
-// Access-Control-List
-// (ACL)-Specific Request Headers You also can use the following access
-// control–related headers with this operation. By default, all objects are
-// private. Only the owner has full access control. When adding a new object, you
-// can grant permissions to individual Amazon Web Services accounts or to
-// predefined groups defined by Amazon S3. These permissions are then added to the
-// access control list (ACL) on the object. For more information, see Using ACLs
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/S3_ACLs_UsingACLs.html). With
-// this operation, you can grant access permissions using one of the following two
-// methods:
-//
-// * Specify a canned ACL (x-amz-acl) — Amazon S3 supports a set of
-// predefined ACLs, known as canned ACLs. Each canned ACL has a predefined set of
-// grantees and permissions. For more information, see Canned ACL
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL).
-//
-// *
-// Specify access permissions explicitly — To explicitly grant access permissions
-// to specific Amazon Web Services accounts or groups, use the following headers.
-// Each header maps to specific permissions that Amazon S3 supports in an ACL. For
-// more information, see Access Control List (ACL) Overview
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html). In the
-// header, you specify a list of grantees who get the specific permission. To grant
-// permissions explicitly, use:
-//
-// * x-amz-grant-read
-//
-// * x-amz-grant-write
-//
-// *
-// x-amz-grant-read-acp
-//
-// * x-amz-grant-write-acp
-//
-// * x-amz-grant-full-control
-//
-// You
-// specify each grantee as a type=value pair, where the type is one of the
-// following:
-//
-// * id – if the value specified is the canonical user ID of an Amazon
-// Web Services account
-//
-// * uri – if you are granting permissions to a predefined
-// group
-//
-// * emailAddress – if the value specified is the email address of an Amazon
-// Web Services account Using email addresses to specify a grantee is only
-// supported in the following Amazon Web Services Regions:
-//
-// * US East (N.
-// Virginia)
-//
-// * US West (N. California)
-//
-// * US West (Oregon)
-//
-// * Asia Pacific
-// (Singapore)
-//
-// * Asia Pacific (Sydney)
-//
-// * Asia Pacific (Tokyo)
-//
-// * Europe
-// (Ireland)
-//
-// * South America (São Paulo)
-//
-// For a list of all the Amazon S3
-// supported Regions and endpoints, see Regions and Endpoints
-// (https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region) in the
-// Amazon Web Services General Reference.
-//
-// For example, the following
-// x-amz-grant-read header grants the Amazon Web Services accounts identified by
-// account IDs permissions to read object data and its metadata: x-amz-grant-read:
-// id="11112222333", id="444455556666"
-//
-// The following operations are related to
-// CreateMultipartUpload:
-//
-// * UploadPart
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html)
-//
-// *
-// CompleteMultipartUpload
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CompleteMultipartUpload.html)
-//
-// *
-// AbortMultipartUpload
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_AbortMultipartUpload.html)
-//
-// *
-// ListParts
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListParts.html)
-//
-// *
-// ListMultipartUploads
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListMultipartUploads.html)
+// object. There are two ways to grant the permissions using the request headers:
+//   - Specify a canned ACL with the x-amz-acl request header. For more
+//     information, see Canned ACL (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL)
+//     .
+//   - Specify access permissions explicitly with the x-amz-grant-read ,
+//     x-amz-grant-read-acp , x-amz-grant-write-acp , and x-amz-grant-full-control
+//     headers. These parameters map to the set of permissions that Amazon S3 supports
+//     in an ACL. For more information, see Access Control List (ACL) Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html)
+//     .
+//
+// You can use either a canned ACL or specify access permissions explicitly. You
+// cannot do both. Server-Side- Encryption-Specific Request Headers Amazon S3
+// encrypts data by using server-side encryption with an Amazon S3 managed key
+// (SSE-S3) by default. Server-side encryption is for data encryption at rest.
+// Amazon S3 encrypts your data as it writes it to disks in its data centers and
+// decrypts it when you access it. You can request that Amazon S3 encrypts data at
+// rest by using server-side encryption with other key options. The option you use
+// depends on whether you want to use KMS keys (SSE-KMS) or provide your own
+// encryption keys (SSE-C).
+//   - Use KMS keys (SSE-KMS) that include the Amazon Web Services managed key (
+//     aws/s3 ) and KMS customer managed keys stored in Key Management Service (KMS)
+//     – If you want Amazon Web Services to manage the keys used to encrypt data,
+//     specify the following headers in the request.
+//   - x-amz-server-side-encryption
+//   - x-amz-server-side-encryption-aws-kms-key-id
+//   - x-amz-server-side-encryption-context If you specify
+//     x-amz-server-side-encryption:aws:kms , but don't provide
+//     x-amz-server-side-encryption-aws-kms-key-id , Amazon S3 uses the Amazon Web
+//     Services managed key ( aws/s3 key) in KMS to protect the data. All GET and PUT
+//     requests for an object protected by KMS fail if you don't make them by using
+//     Secure Sockets Layer (SSL), Transport Layer Security (TLS), or Signature Version
+//     4. For more information about server-side encryption with KMS keys (SSE-KMS),
+//     see Protecting Data Using Server-Side Encryption with KMS keys (https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html)
+//     .
+//   - Use customer-provided encryption keys (SSE-C) – If you want to manage your
+//     own encryption keys, provide all the following headers in the request.
+//   - x-amz-server-side-encryption-customer-algorithm
+//   - x-amz-server-side-encryption-customer-key
+//   - x-amz-server-side-encryption-customer-key-MD5 For more information about
+//     server-side encryption with customer-provided encryption keys (SSE-C), see
+//     Protecting data using server-side encryption with customer-provided encryption
+//     keys (SSE-C) (https://docs.aws.amazon.com/AmazonS3/latest/userguide/ServerSideEncryptionCustomerKeys.html)
+//     .
+//
+// Access-Control-List (ACL)-Specific Request Headers You also can use the
+// following access control–related headers with this operation. By default, all
+// objects are private. Only the owner has full access control. When adding a new
+// object, you can grant permissions to individual Amazon Web Services accounts or
+// to predefined groups defined by Amazon S3. These permissions are then added to
+// the access control list (ACL) on the object. For more information, see Using
+// ACLs (https://docs.aws.amazon.com/AmazonS3/latest/dev/S3_ACLs_UsingACLs.html) .
+// With this operation, you can grant access permissions using one of the following
+// two methods:
+//   - Specify a canned ACL ( x-amz-acl ) — Amazon S3 supports a set of predefined
+//     ACLs, known as canned ACLs. Each canned ACL has a predefined set of grantees and
+//     permissions. For more information, see Canned ACL (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL)
+//     .
+//   - Specify access permissions explicitly — To explicitly grant access
+//     permissions to specific Amazon Web Services accounts or groups, use the
+//     following headers. Each header maps to specific permissions that Amazon S3
+//     supports in an ACL. For more information, see Access Control List (ACL)
+//     Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html) .
+//     In the header, you specify a list of grantees who get the specific permission.
+//     To grant permissions explicitly, use:
+//   - x-amz-grant-read
+//   - x-amz-grant-write
+//   - x-amz-grant-read-acp
+//   - x-amz-grant-write-acp
+//   - x-amz-grant-full-control You specify each grantee as a type=value pair,
+//     where the type is one of the following:
+//   - id – if the value specified is the canonical user ID of an Amazon Web
+//     Services account
+//   - uri – if you are granting permissions to a predefined group
+//   - emailAddress – if the value specified is the email address of an Amazon Web
+//     Services account Using email addresses to specify a grantee is only supported in
+//     the following Amazon Web Services Regions:
+//   - US East (N. Virginia)
+//   - US West (N. California)
+//   - US West (Oregon)
+//   - Asia Pacific (Singapore)
+//   - Asia Pacific (Sydney)
+//   - Asia Pacific (Tokyo)
+//   - Europe (Ireland)
+//   - South America (São Paulo) For a list of all the Amazon S3 supported Regions
+//     and endpoints, see Regions and Endpoints (https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region)
+//     in the Amazon Web Services General Reference. For example, the following
+//     x-amz-grant-read header grants the Amazon Web Services accounts identified by
+//     account IDs permissions to read object data and its metadata:
+//     x-amz-grant-read: id="11112222333", id="444455556666"
+//
+// The following operations are related to CreateMultipartUpload :
+//   - UploadPart (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html)
+//   - CompleteMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CompleteMultipartUpload.html)
+//   - AbortMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_AbortMultipartUpload.html)
+//   - ListParts (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListParts.html)
+//   - ListMultipartUploads (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListMultipartUploads.html)
 func (c *Client) CreateMultipartUpload(ctx context.Context, params *CreateMultipartUploadInput, optFns ...func(*Options)) (*CreateMultipartUploadOutput, error) {
 	if params == nil {
 		params = &CreateMultipartUploadInput{}
@@ -256,17 +202,15 @@ type CreateMultipartUploadInput struct {
 	// AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this
 	// action with an access point through the Amazon Web Services SDKs, you provide
 	// the access point ARN in place of the bucket name. For more information about
-	// access point ARNs, see Using access points
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
-	// in the Amazon S3 User Guide. When using this action with Amazon S3 on Outposts,
-	// you must direct requests to the S3 on Outposts hostname. The S3 on Outposts
-	// hostname takes the form
-	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When using
-	// this action with S3 on Outposts through the Amazon Web Services SDKs, you
-	// provide the Outposts bucket ARN in place of the bucket name. For more
-	// information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) in the
-	// Amazon S3 User Guide.
+	// access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
+	// in the Amazon S3 User Guide. When you use this action with Amazon S3 on
+	// Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on
+	// Outposts hostname takes the form
+	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com . When you
+	// use this action with S3 on Outposts through the Amazon Web Services SDKs, you
+	// provide the Outposts access point ARN in place of the bucket name. For more
+	// information about S3 on Outposts ARNs, see What is S3 on Outposts? (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
+	// in the Amazon S3 User Guide.
 	//
 	// This member is required.
 	Bucket *string
@@ -276,23 +220,22 @@ type CreateMultipartUploadInput struct {
 	// This member is required.
 	Key *string
 
-	// The canned ACL to apply to the object. This action is not supported by Amazon S3
-	// on Outposts.
+	// The canned ACL to apply to the object. This action is not supported by Amazon
+	// S3 on Outposts.
 	ACL types.ObjectCannedACL
 
 	// Specifies whether Amazon S3 should use an S3 Bucket Key for object encryption
-	// with server-side encryption using AWS KMS (SSE-KMS). Setting this header to true
-	// causes Amazon S3 to use an S3 Bucket Key for object encryption with SSE-KMS.
-	// Specifying this header with an object action doesn’t affect bucket-level
-	// settings for S3 Bucket Key.
+	// with server-side encryption using Key Management Service (KMS) keys (SSE-KMS).
+	// Setting this header to true causes Amazon S3 to use an S3 Bucket Key for object
+	// encryption with SSE-KMS. Specifying this header with an object action doesn’t
+	// affect bucket-level settings for S3 Bucket Key.
 	BucketKeyEnabled bool
 
 	// Specifies caching behavior along the request/reply chain.
 	CacheControl *string
 
-	// Indicates the algorithm you want Amazon S3 to use to create the checksum for the
-	// object. For more information, see Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// Indicates the algorithm you want Amazon S3 to use to create the checksum for
+	// the object. For more information, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
 	// in the Amazon S3 User Guide.
 	ChecksumAlgorithm types.ChecksumAlgorithm
 
@@ -326,8 +269,8 @@ type CreateMultipartUploadInput struct {
 	// supported by Amazon S3 on Outposts.
 	GrantRead *string
 
-	// Allows grantee to read the object ACL. This action is not supported by Amazon S3
-	// on Outposts.
+	// Allows grantee to read the object ACL. This action is not supported by Amazon
+	// S3 on Outposts.
 	GrantReadACP *string
 
 	// Allows grantee to write the ACL for the applicable object. This action is not
@@ -347,10 +290,11 @@ type CreateMultipartUploadInput struct {
 	ObjectLockRetainUntilDate *time.Time
 
 	// Confirms that the requester knows that they will be charged for the request.
-	// Bucket owners need not specify this parameter in their requests. For information
-	// about downloading objects from Requester Pays buckets, see Downloading Objects
-	// in Requester Pays Buckets
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
+	// Bucket owners need not specify this parameter in their requests. If either the
+	// source or destination Amazon S3 bucket has Requester Pays enabled, the requester
+	// will pay for corresponding charges to copy the object. For information about
+	// downloading objects from Requester Pays buckets, see Downloading Objects in
+	// Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
 	// in the Amazon S3 User Guide.
 	RequestPayer types.RequestPayer
 
@@ -375,27 +319,25 @@ type CreateMultipartUploadInput struct {
 	// JSON with the encryption context key-value pairs.
 	SSEKMSEncryptionContext *string
 
-	// Specifies the ID of the symmetric customer managed key to use for object
-	// encryption. All GET and PUT requests for an object protected by Amazon Web
-	// Services KMS will fail if not made via SSL or using SigV4. For information about
-	// configuring using any of the officially supported Amazon Web Services SDKs and
-	// Amazon Web Services CLI, see Specifying the Signature Version in Request
-	// Authentication
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingAWSSDK.html#specify-signature-version)
+	// Specifies the ID (Key ID, Key ARN, or Key Alias) of the symmetric encryption
+	// customer managed key to use for object encryption. All GET and PUT requests for
+	// an object protected by KMS will fail if they're not made via SSL or using SigV4.
+	// For information about configuring any of the officially supported Amazon Web
+	// Services SDKs and Amazon Web Services CLI, see Specifying the Signature Version
+	// in Request Authentication (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingAWSSDK.html#specify-signature-version)
 	// in the Amazon S3 User Guide.
 	SSEKMSKeyId *string
 
 	// The server-side encryption algorithm used when storing this object in Amazon S3
-	// (for example, AES256, aws:kms).
+	// (for example, AES256 , aws:kms ).
 	ServerSideEncryption types.ServerSideEncryption
 
 	// By default, Amazon S3 uses the STANDARD Storage Class to store newly created
 	// objects. The STANDARD storage class provides high durability and high
 	// availability. Depending on performance needs, you can specify a different
 	// Storage Class. Amazon S3 on Outposts only uses the OUTPOSTS Storage Class. For
-	// more information, see Storage Classes
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html) in
-	// the Amazon S3 User Guide.
+	// more information, see Storage Classes (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html)
+	// in the Amazon S3 User Guide.
 	StorageClass types.StorageClass
 
 	// The tag-set for the object. The tag-set must be encoded as URL Query parameters.
@@ -411,15 +353,14 @@ type CreateMultipartUploadInput struct {
 
 type CreateMultipartUploadOutput struct {
 
-	// If the bucket has a lifecycle rule configured with an action to abort incomplete
-	// multipart uploads and the prefix in the lifecycle rule matches the object name
-	// in the request, the response includes this header. The header indicates when the
-	// initiated multipart upload becomes eligible for an abort operation. For more
-	// information, see  Aborting Incomplete Multipart Uploads Using a Bucket Lifecycle
-	// Policy
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html#mpu-abort-incomplete-mpu-lifecycle-config).
-	// The response also includes the x-amz-abort-rule-id header that provides the ID
-	// of the lifecycle configuration rule that defines this action.
+	// If the bucket has a lifecycle rule configured with an action to abort
+	// incomplete multipart uploads and the prefix in the lifecycle rule matches the
+	// object name in the request, the response includes this header. The header
+	// indicates when the initiated multipart upload becomes eligible for an abort
+	// operation. For more information, see Aborting Incomplete Multipart Uploads
+	// Using a Bucket Lifecycle Configuration (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html#mpu-abort-incomplete-mpu-lifecycle-config)
+	// . The response also includes the x-amz-abort-rule-id header that provides the
+	// ID of the lifecycle configuration rule that defines this action.
 	AbortDate *time.Time
 
 	// This header is returned along with the x-amz-abort-date header. It identifies
@@ -434,21 +375,19 @@ type CreateMultipartUploadOutput struct {
 	// AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this
 	// action with an access point through the Amazon Web Services SDKs, you provide
 	// the access point ARN in place of the bucket name. For more information about
-	// access point ARNs, see Using access points
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
-	// in the Amazon S3 User Guide. When using this action with Amazon S3 on Outposts,
-	// you must direct requests to the S3 on Outposts hostname. The S3 on Outposts
-	// hostname takes the form
-	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When using
-	// this action with S3 on Outposts through the Amazon Web Services SDKs, you
-	// provide the Outposts bucket ARN in place of the bucket name. For more
-	// information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) in the
-	// Amazon S3 User Guide.
+	// access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
+	// in the Amazon S3 User Guide. When you use this action with Amazon S3 on
+	// Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on
+	// Outposts hostname takes the form
+	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com . When you
+	// use this action with S3 on Outposts through the Amazon Web Services SDKs, you
+	// provide the Outposts access point ARN in place of the bucket name. For more
+	// information about S3 on Outposts ARNs, see What is S3 on Outposts? (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
+	// in the Amazon S3 User Guide.
 	Bucket *string
 
 	// Indicates whether the multipart upload uses an S3 Bucket Key for server-side
-	// encryption with Amazon Web Services KMS (SSE-KMS).
+	// encryption with Key Management Service (KMS) keys (SSE-KMS).
 	BucketKeyEnabled bool
 
 	// The algorithm that was used to create a checksum of the object.
@@ -461,13 +400,14 @@ type CreateMultipartUploadOutput struct {
 	// request.
 	RequestCharged types.RequestCharged
 
-	// If server-side encryption with a customer-provided encryption key was requested,
-	// the response will include this header confirming the encryption algorithm used.
+	// If server-side encryption with a customer-provided encryption key was
+	// requested, the response will include this header confirming the encryption
+	// algorithm used.
 	SSECustomerAlgorithm *string
 
-	// If server-side encryption with a customer-provided encryption key was requested,
-	// the response will include this header to provide round-trip message integrity
-	// verification of the customer-provided encryption key.
+	// If server-side encryption with a customer-provided encryption key was
+	// requested, the response will include this header to provide round-trip message
+	// integrity verification of the customer-provided encryption key.
 	SSECustomerKeyMD5 *string
 
 	// If present, specifies the Amazon Web Services KMS Encryption Context to use for
@@ -475,13 +415,12 @@ type CreateMultipartUploadOutput struct {
 	// holding JSON with the encryption context key-value pairs.
 	SSEKMSEncryptionContext *string
 
-	// If present, specifies the ID of the Amazon Web Services Key Management Service
-	// (Amazon Web Services KMS) symmetric customer managed key that was used for the
-	// object.
+	// If present, specifies the ID of the Key Management Service (KMS) symmetric
+	// encryption customer managed key that was used for the object.
 	SSEKMSKeyId *string
 
 	// The server-side encryption algorithm used when storing this object in Amazon S3
-	// (for example, AES256, aws:kms).
+	// (for example, AES256 , aws:kms ).
 	ServerSideEncryption types.ServerSideEncryption
 
 	// ID for the initiated multipart upload.
@@ -502,6 +441,9 @@ func (c *Client) addOperationCreateMultipartUploadMiddlewares(stack *middleware.
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -529,7 +471,7 @@ func (c *Client) addOperationCreateMultipartUploadMiddlewares(stack *middleware.
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -541,6 +483,9 @@ func (c *Client) addOperationCreateMultipartUploadMiddlewares(stack *middleware.
 	if err = swapWithCustomHTTPSignerMiddleware(stack, options); err != nil {
 		return err
 	}
+	if err = addCreateMultipartUploadResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpCreateMultipartUploadValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -550,6 +495,9 @@ func (c *Client) addOperationCreateMultipartUploadMiddlewares(stack *middleware.
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addCreateMultipartUploadUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
@@ -565,9 +513,22 @@ func (c *Client) addOperationCreateMultipartUploadMiddlewares(stack *middleware.
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
+	if err = addSerializeImmutableHostnameBucketMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
+func (v *CreateMultipartUploadInput) bucket() (string, bool) {
+	if v.Bucket == nil {
+		return "", false
+	}
+	return *v.Bucket, true
+}
+
 func newServiceMetadataMiddleware_opCreateMultipartUpload(region string) *awsmiddleware.RegisterServiceMetadata {
 	return &awsmiddleware.RegisterServiceMetadata{
 		Region:        region,
@@ -602,3 +563,139 @@ func addCreateMultipartUploadUpdateEndpoint(stack *middleware.Stack, options Opt
 		DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
 	})
 }
+
+type opCreateMultipartUploadResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opCreateMultipartUploadResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opCreateMultipartUploadResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	input, ok := in.Parameters.(*CreateMultipartUploadInput)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	params.Bucket = input.Bucket
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "s3"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, internalauth.SigV4)
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "s3"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, v4Scheme.Name)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("s3")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			ctx = s3cust.SetSignerVersion(ctx, v4a.Version)
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addCreateMultipartUploadResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opCreateMultipartUploadResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:                         options.Region,
+			UseFIPS:                        options.EndpointOptions.UseFIPSEndpoint,
+			UseDualStack:                   options.EndpointOptions.UseDualStackEndpoint,
+			Endpoint:                       options.BaseEndpoint,
+			ForcePathStyle:                 options.UsePathStyle,
+			Accelerate:                     options.UseAccelerate,
+			DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
+			UseArnRegion:                   options.UseARNRegion,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucket.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucket.go
index 6bfb43c22..ba163363b 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucket.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucket.go
@@ -4,23 +4,24 @@ package s3
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	"github.com/aws/aws-sdk-go-v2/internal/v4a"
 	s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
 
 // Deletes the S3 bucket. All objects (including all object versions and delete
 // markers) in the bucket must be deleted before the bucket itself can be deleted.
-// Related Resources
-//
-// * CreateBucket
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html)
-//
-// *
-// DeleteObject
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObject.html)
+// The following operations are related to DeleteBucket :
+//   - CreateBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html)
+//   - DeleteObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObject.html)
 func (c *Client) DeleteBucket(ctx context.Context, params *DeleteBucketInput, optFns ...func(*Options)) (*DeleteBucketOutput, error) {
 	if params == nil {
 		params = &DeleteBucketInput{}
@@ -67,6 +68,9 @@ func (c *Client) addOperationDeleteBucketMiddlewares(stack *middleware.Stack, op
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -94,7 +98,7 @@ func (c *Client) addOperationDeleteBucketMiddlewares(stack *middleware.Stack, op
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -106,6 +110,9 @@ func (c *Client) addOperationDeleteBucketMiddlewares(stack *middleware.Stack, op
 	if err = swapWithCustomHTTPSignerMiddleware(stack, options); err != nil {
 		return err
 	}
+	if err = addDeleteBucketResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpDeleteBucketValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -115,6 +122,9 @@ func (c *Client) addOperationDeleteBucketMiddlewares(stack *middleware.Stack, op
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addDeleteBucketUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
@@ -130,9 +140,22 @@ func (c *Client) addOperationDeleteBucketMiddlewares(stack *middleware.Stack, op
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
+	if err = addSerializeImmutableHostnameBucketMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
+func (v *DeleteBucketInput) bucket() (string, bool) {
+	if v.Bucket == nil {
+		return "", false
+	}
+	return *v.Bucket, true
+}
+
 func newServiceMetadataMiddleware_opDeleteBucket(region string) *awsmiddleware.RegisterServiceMetadata {
 	return &awsmiddleware.RegisterServiceMetadata{
 		Region:        region,
@@ -198,3 +221,139 @@ func addDeleteBucketPayloadAsUnsigned(stack *middleware.Stack, options Options)
 	v4.RemoveComputePayloadSHA256Middleware(stack)
 	return v4.AddUnsignedPayloadMiddleware(stack)
 }
+
+type opDeleteBucketResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opDeleteBucketResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opDeleteBucketResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	input, ok := in.Parameters.(*DeleteBucketInput)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	params.Bucket = input.Bucket
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "s3"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, internalauth.SigV4)
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "s3"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, v4Scheme.Name)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("s3")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			ctx = s3cust.SetSignerVersion(ctx, v4a.Version)
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addDeleteBucketResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opDeleteBucketResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:                         options.Region,
+			UseFIPS:                        options.EndpointOptions.UseFIPSEndpoint,
+			UseDualStack:                   options.EndpointOptions.UseDualStackEndpoint,
+			Endpoint:                       options.BaseEndpoint,
+			ForcePathStyle:                 options.UsePathStyle,
+			Accelerate:                     options.UseAccelerate,
+			DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
+			UseArnRegion:                   options.UseARNRegion,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketAnalyticsConfiguration.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketAnalyticsConfiguration.go
index e016d9763..12d12e6cd 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketAnalyticsConfiguration.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketAnalyticsConfiguration.go
@@ -4,38 +4,32 @@ package s3
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	"github.com/aws/aws-sdk-go-v2/internal/v4a"
 	s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
 
 // Deletes an analytics configuration for the bucket (specified by the analytics
 // configuration ID). To use this operation, you must have permissions to perform
-// the s3:PutAnalyticsConfiguration action. The bucket owner has this permission by
-// default. The bucket owner can grant this permission to others. For more
+// the s3:PutAnalyticsConfiguration action. The bucket owner has this permission
+// by default. The bucket owner can grant this permission to others. For more
 // information about permissions, see Permissions Related to Bucket Subresource
-// Operations
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
-// and Managing Access Permissions to Your Amazon S3 Resources
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html).
-// For information about the Amazon S3 analytics feature, see Amazon S3 Analytics –
-// Storage Class Analysis
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/analytics-storage-class.html).
-// The following operations are related to DeleteBucketAnalyticsConfiguration:
-//
-// *
-// GetBucketAnalyticsConfiguration
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketAnalyticsConfiguration.html)
-//
-// *
-// ListBucketAnalyticsConfigurations
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketAnalyticsConfigurations.html)
-//
-// *
-// PutBucketAnalyticsConfiguration
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketAnalyticsConfiguration.html)
+// Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
+// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html)
+// . For information about the Amazon S3 analytics feature, see Amazon S3
+// Analytics – Storage Class Analysis (https://docs.aws.amazon.com/AmazonS3/latest/dev/analytics-storage-class.html)
+// . The following operations are related to DeleteBucketAnalyticsConfiguration :
+//   - GetBucketAnalyticsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketAnalyticsConfiguration.html)
+//   - ListBucketAnalyticsConfigurations (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketAnalyticsConfigurations.html)
+//   - PutBucketAnalyticsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketAnalyticsConfiguration.html)
 func (c *Client) DeleteBucketAnalyticsConfiguration(ctx context.Context, params *DeleteBucketAnalyticsConfigurationInput, optFns ...func(*Options)) (*DeleteBucketAnalyticsConfigurationOutput, error) {
 	if params == nil {
 		params = &DeleteBucketAnalyticsConfigurationInput{}
@@ -87,6 +81,9 @@ func (c *Client) addOperationDeleteBucketAnalyticsConfigurationMiddlewares(stack
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -114,7 +111,7 @@ func (c *Client) addOperationDeleteBucketAnalyticsConfigurationMiddlewares(stack
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -126,6 +123,9 @@ func (c *Client) addOperationDeleteBucketAnalyticsConfigurationMiddlewares(stack
 	if err = swapWithCustomHTTPSignerMiddleware(stack, options); err != nil {
 		return err
 	}
+	if err = addDeleteBucketAnalyticsConfigurationResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpDeleteBucketAnalyticsConfigurationValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -135,6 +135,9 @@ func (c *Client) addOperationDeleteBucketAnalyticsConfigurationMiddlewares(stack
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addDeleteBucketAnalyticsConfigurationUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
@@ -150,9 +153,22 @@ func (c *Client) addOperationDeleteBucketAnalyticsConfigurationMiddlewares(stack
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
+	if err = addSerializeImmutableHostnameBucketMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
+func (v *DeleteBucketAnalyticsConfigurationInput) bucket() (string, bool) {
+	if v.Bucket == nil {
+		return "", false
+	}
+	return *v.Bucket, true
+}
+
 func newServiceMetadataMiddleware_opDeleteBucketAnalyticsConfiguration(region string) *awsmiddleware.RegisterServiceMetadata {
 	return &awsmiddleware.RegisterServiceMetadata{
 		Region:        region,
@@ -187,3 +203,139 @@ func addDeleteBucketAnalyticsConfigurationUpdateEndpoint(stack *middleware.Stack
 		DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
 	})
 }
+
+type opDeleteBucketAnalyticsConfigurationResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opDeleteBucketAnalyticsConfigurationResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opDeleteBucketAnalyticsConfigurationResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	input, ok := in.Parameters.(*DeleteBucketAnalyticsConfigurationInput)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	params.Bucket = input.Bucket
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "s3"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, internalauth.SigV4)
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "s3"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, v4Scheme.Name)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("s3")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			ctx = s3cust.SetSignerVersion(ctx, v4a.Version)
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addDeleteBucketAnalyticsConfigurationResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opDeleteBucketAnalyticsConfigurationResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:                         options.Region,
+			UseFIPS:                        options.EndpointOptions.UseFIPSEndpoint,
+			UseDualStack:                   options.EndpointOptions.UseDualStackEndpoint,
+			Endpoint:                       options.BaseEndpoint,
+			ForcePathStyle:                 options.UsePathStyle,
+			Accelerate:                     options.UseAccelerate,
+			DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
+			UseArnRegion:                   options.UseARNRegion,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketCors.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketCors.go
index 79045abe2..ae90a9067 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketCors.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketCors.go
@@ -4,9 +4,15 @@ package s3
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	"github.com/aws/aws-sdk-go-v2/internal/v4a"
 	s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -14,16 +20,10 @@ import (
 // Deletes the cors configuration information set for the bucket. To use this
 // operation, you must have permission to perform the s3:PutBucketCORS action. The
 // bucket owner has this permission by default and can grant this permission to
-// others. For information about cors, see Enabling Cross-Origin Resource Sharing
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/cors.html) in the Amazon S3
-// User Guide. Related Resources:
-//
-// * PutBucketCors
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketCors.html)
-//
-// *
-// RESTOPTIONSobject
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTOPTIONSobject.html)
+// others. For information about cors , see Enabling Cross-Origin Resource Sharing (https://docs.aws.amazon.com/AmazonS3/latest/dev/cors.html)
+// in the Amazon S3 User Guide. Related Resources
+//   - PutBucketCors (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketCors.html)
+//   - RESTOPTIONSobject (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTOPTIONSobject.html)
 func (c *Client) DeleteBucketCors(ctx context.Context, params *DeleteBucketCorsInput, optFns ...func(*Options)) (*DeleteBucketCorsOutput, error) {
 	if params == nil {
 		params = &DeleteBucketCorsInput{}
@@ -70,6 +70,9 @@ func (c *Client) addOperationDeleteBucketCorsMiddlewares(stack *middleware.Stack
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -97,7 +100,7 @@ func (c *Client) addOperationDeleteBucketCorsMiddlewares(stack *middleware.Stack
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -109,6 +112,9 @@ func (c *Client) addOperationDeleteBucketCorsMiddlewares(stack *middleware.Stack
 	if err = swapWithCustomHTTPSignerMiddleware(stack, options); err != nil {
 		return err
 	}
+	if err = addDeleteBucketCorsResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpDeleteBucketCorsValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -118,6 +124,9 @@ func (c *Client) addOperationDeleteBucketCorsMiddlewares(stack *middleware.Stack
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addDeleteBucketCorsUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
@@ -133,9 +142,22 @@ func (c *Client) addOperationDeleteBucketCorsMiddlewares(stack *middleware.Stack
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
+	if err = addSerializeImmutableHostnameBucketMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
+func (v *DeleteBucketCorsInput) bucket() (string, bool) {
+	if v.Bucket == nil {
+		return "", false
+	}
+	return *v.Bucket, true
+}
+
 func newServiceMetadataMiddleware_opDeleteBucketCors(region string) *awsmiddleware.RegisterServiceMetadata {
 	return &awsmiddleware.RegisterServiceMetadata{
 		Region:        region,
@@ -170,3 +192,139 @@ func addDeleteBucketCorsUpdateEndpoint(stack *middleware.Stack, options Options)
 		DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
 	})
 }
+
+type opDeleteBucketCorsResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opDeleteBucketCorsResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opDeleteBucketCorsResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	input, ok := in.Parameters.(*DeleteBucketCorsInput)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	params.Bucket = input.Bucket
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "s3"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, internalauth.SigV4)
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "s3"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, v4Scheme.Name)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("s3")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			ctx = s3cust.SetSignerVersion(ctx, v4a.Version)
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addDeleteBucketCorsResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opDeleteBucketCorsResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:                         options.Region,
+			UseFIPS:                        options.EndpointOptions.UseFIPSEndpoint,
+			UseDualStack:                   options.EndpointOptions.UseDualStackEndpoint,
+			Endpoint:                       options.BaseEndpoint,
+			ForcePathStyle:                 options.UsePathStyle,
+			Accelerate:                     options.UseAccelerate,
+			DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
+			UseArnRegion:                   options.UseARNRegion,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketEncryption.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketEncryption.go
index 9c3201f6d..754ae6a59 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketEncryption.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketEncryption.go
@@ -4,33 +4,33 @@ package s3
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	"github.com/aws/aws-sdk-go-v2/internal/v4a"
 	s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
 
-// This implementation of the DELETE action removes default encryption from the
-// bucket. For information about the Amazon S3 default encryption feature, see
-// Amazon S3 Default Bucket Encryption
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html) in the
-// Amazon S3 User Guide. To use this operation, you must have permissions to
+// This implementation of the DELETE action resets the default encryption for the
+// bucket as server-side encryption with Amazon S3 managed keys (SSE-S3). For
+// information about the bucket default encryption feature, see Amazon S3 Bucket
+// Default Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html)
+// in the Amazon S3 User Guide. To use this operation, you must have permissions to
 // perform the s3:PutEncryptionConfiguration action. The bucket owner has this
 // permission by default. The bucket owner can grant this permission to others. For
 // more information about permissions, see Permissions Related to Bucket
-// Subresource Operations
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
-// and Managing Access Permissions to your Amazon S3 Resources
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html)
-// in the Amazon S3 User Guide. Related Resources
-//
-// * PutBucketEncryption
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketEncryption.html)
-//
-// *
-// GetBucketEncryption
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketEncryption.html)
+// Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
+// and Managing Access Permissions to your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html)
+// in the Amazon S3 User Guide. The following operations are related to
+// DeleteBucketEncryption :
+//   - PutBucketEncryption (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketEncryption.html)
+//   - GetBucketEncryption (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketEncryption.html)
 func (c *Client) DeleteBucketEncryption(ctx context.Context, params *DeleteBucketEncryptionInput, optFns ...func(*Options)) (*DeleteBucketEncryptionOutput, error) {
 	if params == nil {
 		params = &DeleteBucketEncryptionInput{}
@@ -78,6 +78,9 @@ func (c *Client) addOperationDeleteBucketEncryptionMiddlewares(stack *middleware
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -105,7 +108,7 @@ func (c *Client) addOperationDeleteBucketEncryptionMiddlewares(stack *middleware
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -117,6 +120,9 @@ func (c *Client) addOperationDeleteBucketEncryptionMiddlewares(stack *middleware
 	if err = swapWithCustomHTTPSignerMiddleware(stack, options); err != nil {
 		return err
 	}
+	if err = addDeleteBucketEncryptionResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpDeleteBucketEncryptionValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -126,6 +132,9 @@ func (c *Client) addOperationDeleteBucketEncryptionMiddlewares(stack *middleware
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addDeleteBucketEncryptionUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
@@ -141,9 +150,22 @@ func (c *Client) addOperationDeleteBucketEncryptionMiddlewares(stack *middleware
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
+	if err = addSerializeImmutableHostnameBucketMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
+func (v *DeleteBucketEncryptionInput) bucket() (string, bool) {
+	if v.Bucket == nil {
+		return "", false
+	}
+	return *v.Bucket, true
+}
+
 func newServiceMetadataMiddleware_opDeleteBucketEncryption(region string) *awsmiddleware.RegisterServiceMetadata {
 	return &awsmiddleware.RegisterServiceMetadata{
 		Region:        region,
@@ -178,3 +200,139 @@ func addDeleteBucketEncryptionUpdateEndpoint(stack *middleware.Stack, options Op
 		DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
 	})
 }
+
+type opDeleteBucketEncryptionResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opDeleteBucketEncryptionResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opDeleteBucketEncryptionResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	input, ok := in.Parameters.(*DeleteBucketEncryptionInput)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	params.Bucket = input.Bucket
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "s3"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, internalauth.SigV4)
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "s3"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, v4Scheme.Name)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("s3")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			ctx = s3cust.SetSignerVersion(ctx, v4a.Version)
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addDeleteBucketEncryptionResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opDeleteBucketEncryptionResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:                         options.Region,
+			UseFIPS:                        options.EndpointOptions.UseFIPSEndpoint,
+			UseDualStack:                   options.EndpointOptions.UseDualStackEndpoint,
+			Endpoint:                       options.BaseEndpoint,
+			ForcePathStyle:                 options.UsePathStyle,
+			Accelerate:                     options.UseAccelerate,
+			DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
+			UseArnRegion:                   options.UseARNRegion,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketIntelligentTieringConfiguration.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketIntelligentTieringConfiguration.go
index 139dd78a0..e71e5fb8c 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketIntelligentTieringConfiguration.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketIntelligentTieringConfiguration.go
@@ -4,9 +4,15 @@ package s3
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	"github.com/aws/aws-sdk-go-v2/internal/v4a"
 	s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -24,21 +30,11 @@ import (
 // monitored and not eligible for auto-tiering. Smaller objects can be stored, but
 // they are always charged at the Frequent Access tier rates in the S3
 // Intelligent-Tiering storage class. For more information, see Storage class for
-// automatically optimizing frequently and infrequently accessed objects
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html#sc-dynamic-data-access).
-// Operations related to DeleteBucketIntelligentTieringConfiguration include:
-//
-// *
-// GetBucketIntelligentTieringConfiguration
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketIntelligentTieringConfiguration.html)
-//
-// *
-// PutBucketIntelligentTieringConfiguration
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketIntelligentTieringConfiguration.html)
-//
-// *
-// ListBucketIntelligentTieringConfigurations
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketIntelligentTieringConfigurations.html)
+// automatically optimizing frequently and infrequently accessed objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html#sc-dynamic-data-access)
+// . Operations related to DeleteBucketIntelligentTieringConfiguration include:
+//   - GetBucketIntelligentTieringConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketIntelligentTieringConfiguration.html)
+//   - PutBucketIntelligentTieringConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketIntelligentTieringConfiguration.html)
+//   - ListBucketIntelligentTieringConfigurations (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketIntelligentTieringConfigurations.html)
 func (c *Client) DeleteBucketIntelligentTieringConfiguration(ctx context.Context, params *DeleteBucketIntelligentTieringConfigurationInput, optFns ...func(*Options)) (*DeleteBucketIntelligentTieringConfigurationOutput, error) {
 	if params == nil {
 		params = &DeleteBucketIntelligentTieringConfigurationInput{}
@@ -86,6 +82,9 @@ func (c *Client) addOperationDeleteBucketIntelligentTieringConfigurationMiddlewa
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -113,7 +112,7 @@ func (c *Client) addOperationDeleteBucketIntelligentTieringConfigurationMiddlewa
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -125,6 +124,9 @@ func (c *Client) addOperationDeleteBucketIntelligentTieringConfigurationMiddlewa
 	if err = swapWithCustomHTTPSignerMiddleware(stack, options); err != nil {
 		return err
 	}
+	if err = addDeleteBucketIntelligentTieringConfigurationResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpDeleteBucketIntelligentTieringConfigurationValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -134,6 +136,9 @@ func (c *Client) addOperationDeleteBucketIntelligentTieringConfigurationMiddlewa
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addDeleteBucketIntelligentTieringConfigurationUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
@@ -149,9 +154,22 @@ func (c *Client) addOperationDeleteBucketIntelligentTieringConfigurationMiddlewa
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
+	if err = addSerializeImmutableHostnameBucketMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
+func (v *DeleteBucketIntelligentTieringConfigurationInput) bucket() (string, bool) {
+	if v.Bucket == nil {
+		return "", false
+	}
+	return *v.Bucket, true
+}
+
 func newServiceMetadataMiddleware_opDeleteBucketIntelligentTieringConfiguration(region string) *awsmiddleware.RegisterServiceMetadata {
 	return &awsmiddleware.RegisterServiceMetadata{
 		Region:        region,
@@ -186,3 +204,139 @@ func addDeleteBucketIntelligentTieringConfigurationUpdateEndpoint(stack *middlew
 		DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
 	})
 }
+
+type opDeleteBucketIntelligentTieringConfigurationResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opDeleteBucketIntelligentTieringConfigurationResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opDeleteBucketIntelligentTieringConfigurationResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	input, ok := in.Parameters.(*DeleteBucketIntelligentTieringConfigurationInput)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	params.Bucket = input.Bucket
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "s3"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, internalauth.SigV4)
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "s3"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, v4Scheme.Name)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("s3")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			ctx = s3cust.SetSignerVersion(ctx, v4a.Version)
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addDeleteBucketIntelligentTieringConfigurationResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opDeleteBucketIntelligentTieringConfigurationResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:                         options.Region,
+			UseFIPS:                        options.EndpointOptions.UseFIPSEndpoint,
+			UseDualStack:                   options.EndpointOptions.UseDualStackEndpoint,
+			Endpoint:                       options.BaseEndpoint,
+			ForcePathStyle:                 options.UsePathStyle,
+			Accelerate:                     options.UseAccelerate,
+			DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
+			UseArnRegion:                   options.UseARNRegion,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketInventoryConfiguration.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketInventoryConfiguration.go
index 32fe81f12..4788ce85c 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketInventoryConfiguration.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketInventoryConfiguration.go
@@ -4,9 +4,15 @@ package s3
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	"github.com/aws/aws-sdk-go-v2/internal/v4a"
 	s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -16,25 +22,13 @@ import (
 // s3:PutInventoryConfiguration action. The bucket owner has this permission by
 // default. The bucket owner can grant this permission to others. For more
 // information about permissions, see Permissions Related to Bucket Subresource
-// Operations
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
-// and Managing Access Permissions to Your Amazon S3 Resources
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html).
-// For information about the Amazon S3 inventory feature, see Amazon S3 Inventory
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-inventory.html).
-// Operations related to DeleteBucketInventoryConfiguration include:
-//
-// *
-// GetBucketInventoryConfiguration
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketInventoryConfiguration.html)
-//
-// *
-// PutBucketInventoryConfiguration
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketInventoryConfiguration.html)
-//
-// *
-// ListBucketInventoryConfigurations
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketInventoryConfigurations.html)
+// Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
+// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html)
+// . For information about the Amazon S3 inventory feature, see Amazon S3 Inventory (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-inventory.html)
+// . Operations related to DeleteBucketInventoryConfiguration include:
+//   - GetBucketInventoryConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketInventoryConfiguration.html)
+//   - PutBucketInventoryConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketInventoryConfiguration.html)
+//   - ListBucketInventoryConfigurations (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketInventoryConfigurations.html)
 func (c *Client) DeleteBucketInventoryConfiguration(ctx context.Context, params *DeleteBucketInventoryConfigurationInput, optFns ...func(*Options)) (*DeleteBucketInventoryConfigurationOutput, error) {
 	if params == nil {
 		params = &DeleteBucketInventoryConfigurationInput{}
@@ -86,6 +80,9 @@ func (c *Client) addOperationDeleteBucketInventoryConfigurationMiddlewares(stack
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -113,7 +110,7 @@ func (c *Client) addOperationDeleteBucketInventoryConfigurationMiddlewares(stack
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -125,6 +122,9 @@ func (c *Client) addOperationDeleteBucketInventoryConfigurationMiddlewares(stack
 	if err = swapWithCustomHTTPSignerMiddleware(stack, options); err != nil {
 		return err
 	}
+	if err = addDeleteBucketInventoryConfigurationResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpDeleteBucketInventoryConfigurationValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -134,6 +134,9 @@ func (c *Client) addOperationDeleteBucketInventoryConfigurationMiddlewares(stack
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addDeleteBucketInventoryConfigurationUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
@@ -149,9 +152,22 @@ func (c *Client) addOperationDeleteBucketInventoryConfigurationMiddlewares(stack
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
+	if err = addSerializeImmutableHostnameBucketMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
+func (v *DeleteBucketInventoryConfigurationInput) bucket() (string, bool) {
+	if v.Bucket == nil {
+		return "", false
+	}
+	return *v.Bucket, true
+}
+
 func newServiceMetadataMiddleware_opDeleteBucketInventoryConfiguration(region string) *awsmiddleware.RegisterServiceMetadata {
 	return &awsmiddleware.RegisterServiceMetadata{
 		Region:        region,
@@ -186,3 +202,139 @@ func addDeleteBucketInventoryConfigurationUpdateEndpoint(stack *middleware.Stack
 		DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
 	})
 }
+
+type opDeleteBucketInventoryConfigurationResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opDeleteBucketInventoryConfigurationResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opDeleteBucketInventoryConfigurationResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	input, ok := in.Parameters.(*DeleteBucketInventoryConfigurationInput)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	params.Bucket = input.Bucket
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "s3"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, internalauth.SigV4)
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "s3"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, v4Scheme.Name)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("s3")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			ctx = s3cust.SetSignerVersion(ctx, v4a.Version)
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addDeleteBucketInventoryConfigurationResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opDeleteBucketInventoryConfigurationResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:                         options.Region,
+			UseFIPS:                        options.EndpointOptions.UseFIPSEndpoint,
+			UseDualStack:                   options.EndpointOptions.UseDualStackEndpoint,
+			Endpoint:                       options.BaseEndpoint,
+			ForcePathStyle:                 options.UsePathStyle,
+			Accelerate:                     options.UseAccelerate,
+			DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
+			UseArnRegion:                   options.UseARNRegion,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketLifecycle.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketLifecycle.go
index c110bfb44..f265ec365 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketLifecycle.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketLifecycle.go
@@ -4,32 +4,32 @@ package s3
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	"github.com/aws/aws-sdk-go-v2/internal/v4a"
 	s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
 
-// Deletes the lifecycle configuration from the specified bucket. Amazon S3 removes
-// all the lifecycle configuration rules in the lifecycle subresource associated
-// with the bucket. Your objects never expire, and Amazon S3 no longer
+// Deletes the lifecycle configuration from the specified bucket. Amazon S3
+// removes all the lifecycle configuration rules in the lifecycle subresource
+// associated with the bucket. Your objects never expire, and Amazon S3 no longer
 // automatically deletes any objects on the basis of rules contained in the deleted
 // lifecycle configuration. To use this operation, you must have permission to
 // perform the s3:PutLifecycleConfiguration action. By default, the bucket owner
 // has this permission and the bucket owner can grant this permission to others.
 // There is usually some time lag before lifecycle configuration deletion is fully
 // propagated to all the Amazon S3 systems. For more information about the object
-// expiration, see Elements to Describe Lifecycle Actions
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/intro-lifecycle-rules.html#intro-lifecycle-rules-actions).
-// Related actions include:
-//
-// * PutBucketLifecycleConfiguration
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycleConfiguration.html)
-//
-// *
-// GetBucketLifecycleConfiguration
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketLifecycleConfiguration.html)
+// expiration, see Elements to Describe Lifecycle Actions (https://docs.aws.amazon.com/AmazonS3/latest/dev/intro-lifecycle-rules.html#intro-lifecycle-rules-actions)
+// . Related actions include:
+//   - PutBucketLifecycleConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycleConfiguration.html)
+//   - GetBucketLifecycleConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketLifecycleConfiguration.html)
 func (c *Client) DeleteBucketLifecycle(ctx context.Context, params *DeleteBucketLifecycleInput, optFns ...func(*Options)) (*DeleteBucketLifecycleOutput, error) {
 	if params == nil {
 		params = &DeleteBucketLifecycleInput{}
@@ -76,6 +76,9 @@ func (c *Client) addOperationDeleteBucketLifecycleMiddlewares(stack *middleware.
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -103,7 +106,7 @@ func (c *Client) addOperationDeleteBucketLifecycleMiddlewares(stack *middleware.
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -115,6 +118,9 @@ func (c *Client) addOperationDeleteBucketLifecycleMiddlewares(stack *middleware.
 	if err = swapWithCustomHTTPSignerMiddleware(stack, options); err != nil {
 		return err
 	}
+	if err = addDeleteBucketLifecycleResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpDeleteBucketLifecycleValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -124,6 +130,9 @@ func (c *Client) addOperationDeleteBucketLifecycleMiddlewares(stack *middleware.
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addDeleteBucketLifecycleUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
@@ -139,9 +148,22 @@ func (c *Client) addOperationDeleteBucketLifecycleMiddlewares(stack *middleware.
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
+	if err = addSerializeImmutableHostnameBucketMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
+func (v *DeleteBucketLifecycleInput) bucket() (string, bool) {
+	if v.Bucket == nil {
+		return "", false
+	}
+	return *v.Bucket, true
+}
+
 func newServiceMetadataMiddleware_opDeleteBucketLifecycle(region string) *awsmiddleware.RegisterServiceMetadata {
 	return &awsmiddleware.RegisterServiceMetadata{
 		Region:        region,
@@ -176,3 +198,139 @@ func addDeleteBucketLifecycleUpdateEndpoint(stack *middleware.Stack, options Opt
 		DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
 	})
 }
+
+type opDeleteBucketLifecycleResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opDeleteBucketLifecycleResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opDeleteBucketLifecycleResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	input, ok := in.Parameters.(*DeleteBucketLifecycleInput)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	params.Bucket = input.Bucket
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "s3"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, internalauth.SigV4)
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "s3"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, v4Scheme.Name)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("s3")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			ctx = s3cust.SetSignerVersion(ctx, v4a.Version)
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addDeleteBucketLifecycleResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opDeleteBucketLifecycleResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:                         options.Region,
+			UseFIPS:                        options.EndpointOptions.UseFIPSEndpoint,
+			UseDualStack:                   options.EndpointOptions.UseDualStackEndpoint,
+			Endpoint:                       options.BaseEndpoint,
+			ForcePathStyle:                 options.UsePathStyle,
+			Accelerate:                     options.UseAccelerate,
+			DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
+			UseArnRegion:                   options.UseARNRegion,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketMetricsConfiguration.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketMetricsConfiguration.go
index cc08f04b7..51e57ca70 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketMetricsConfiguration.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketMetricsConfiguration.go
@@ -4,9 +4,15 @@ package s3
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	"github.com/aws/aws-sdk-go-v2/internal/v4a"
 	s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -17,30 +23,15 @@ import (
 // permissions to perform the s3:PutMetricsConfiguration action. The bucket owner
 // has this permission by default. The bucket owner can grant this permission to
 // others. For more information about permissions, see Permissions Related to
-// Bucket Subresource Operations
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
-// and Managing Access Permissions to Your Amazon S3 Resources
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html).
-// For information about CloudWatch request metrics for Amazon S3, see Monitoring
-// Metrics with Amazon CloudWatch
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/cloudwatch-monitoring.html).
-// The following operations are related to DeleteBucketMetricsConfiguration:
-//
-// *
-// GetBucketMetricsConfiguration
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketMetricsConfiguration.html)
-//
-// *
-// PutBucketMetricsConfiguration
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketMetricsConfiguration.html)
-//
-// *
-// ListBucketMetricsConfigurations
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketMetricsConfigurations.html)
-//
-// *
-// Monitoring Metrics with Amazon CloudWatch
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/cloudwatch-monitoring.html)
+// Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
+// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html)
+// . For information about CloudWatch request metrics for Amazon S3, see
+// Monitoring Metrics with Amazon CloudWatch (https://docs.aws.amazon.com/AmazonS3/latest/dev/cloudwatch-monitoring.html)
+// . The following operations are related to DeleteBucketMetricsConfiguration :
+//   - GetBucketMetricsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketMetricsConfiguration.html)
+//   - PutBucketMetricsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketMetricsConfiguration.html)
+//   - ListBucketMetricsConfigurations (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketMetricsConfigurations.html)
+//   - Monitoring Metrics with Amazon CloudWatch (https://docs.aws.amazon.com/AmazonS3/latest/dev/cloudwatch-monitoring.html)
 func (c *Client) DeleteBucketMetricsConfiguration(ctx context.Context, params *DeleteBucketMetricsConfigurationInput, optFns ...func(*Options)) (*DeleteBucketMetricsConfigurationOutput, error) {
 	if params == nil {
 		params = &DeleteBucketMetricsConfigurationInput{}
@@ -63,7 +54,8 @@ type DeleteBucketMetricsConfigurationInput struct {
 	// This member is required.
 	Bucket *string
 
-	// The ID used to identify the metrics configuration.
+	// The ID used to identify the metrics configuration. The ID has a 64 character
+	// limit and can only contain letters, numbers, periods, dashes, and underscores.
 	//
 	// This member is required.
 	Id *string
@@ -92,6 +84,9 @@ func (c *Client) addOperationDeleteBucketMetricsConfigurationMiddlewares(stack *
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -119,7 +114,7 @@ func (c *Client) addOperationDeleteBucketMetricsConfigurationMiddlewares(stack *
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -131,6 +126,9 @@ func (c *Client) addOperationDeleteBucketMetricsConfigurationMiddlewares(stack *
 	if err = swapWithCustomHTTPSignerMiddleware(stack, options); err != nil {
 		return err
 	}
+	if err = addDeleteBucketMetricsConfigurationResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpDeleteBucketMetricsConfigurationValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -140,6 +138,9 @@ func (c *Client) addOperationDeleteBucketMetricsConfigurationMiddlewares(stack *
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addDeleteBucketMetricsConfigurationUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
@@ -155,9 +156,22 @@ func (c *Client) addOperationDeleteBucketMetricsConfigurationMiddlewares(stack *
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
+	if err = addSerializeImmutableHostnameBucketMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
+func (v *DeleteBucketMetricsConfigurationInput) bucket() (string, bool) {
+	if v.Bucket == nil {
+		return "", false
+	}
+	return *v.Bucket, true
+}
+
 func newServiceMetadataMiddleware_opDeleteBucketMetricsConfiguration(region string) *awsmiddleware.RegisterServiceMetadata {
 	return &awsmiddleware.RegisterServiceMetadata{
 		Region:        region,
@@ -192,3 +206,139 @@ func addDeleteBucketMetricsConfigurationUpdateEndpoint(stack *middleware.Stack,
 		DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
 	})
 }
+
+type opDeleteBucketMetricsConfigurationResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opDeleteBucketMetricsConfigurationResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opDeleteBucketMetricsConfigurationResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	input, ok := in.Parameters.(*DeleteBucketMetricsConfigurationInput)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	params.Bucket = input.Bucket
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "s3"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, internalauth.SigV4)
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "s3"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, v4Scheme.Name)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("s3")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			ctx = s3cust.SetSignerVersion(ctx, v4a.Version)
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addDeleteBucketMetricsConfigurationResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opDeleteBucketMetricsConfigurationResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:                         options.Region,
+			UseFIPS:                        options.EndpointOptions.UseFIPSEndpoint,
+			UseDualStack:                   options.EndpointOptions.UseDualStackEndpoint,
+			Endpoint:                       options.BaseEndpoint,
+			ForcePathStyle:                 options.UsePathStyle,
+			Accelerate:                     options.UseAccelerate,
+			DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
+			UseArnRegion:                   options.UseARNRegion,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketOwnershipControls.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketOwnershipControls.go
index 6186db5e1..ad99b6610 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketOwnershipControls.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketOwnershipControls.go
@@ -4,25 +4,26 @@ package s3
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	"github.com/aws/aws-sdk-go-v2/internal/v4a"
 	s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
 
 // Removes OwnershipControls for an Amazon S3 bucket. To use this operation, you
 // must have the s3:PutBucketOwnershipControls permission. For more information
-// about Amazon S3 permissions, see Specifying Permissions in a Policy
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html).
-// For information about Amazon S3 Object Ownership, see Using Object Ownership
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/about-object-ownership.html).
-// The following operations are related to DeleteBucketOwnershipControls:
-//
-// *
-// GetBucketOwnershipControls
-//
-// * PutBucketOwnershipControls
+// about Amazon S3 permissions, see Specifying Permissions in a Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html)
+// . For information about Amazon S3 Object Ownership, see Using Object Ownership (https://docs.aws.amazon.com/AmazonS3/latest/dev/about-object-ownership.html)
+// . The following operations are related to DeleteBucketOwnershipControls :
+//   - GetBucketOwnershipControls
+//   - PutBucketOwnershipControls
 func (c *Client) DeleteBucketOwnershipControls(ctx context.Context, params *DeleteBucketOwnershipControlsInput, optFns ...func(*Options)) (*DeleteBucketOwnershipControlsOutput, error) {
 	if params == nil {
 		params = &DeleteBucketOwnershipControlsInput{}
@@ -69,6 +70,9 @@ func (c *Client) addOperationDeleteBucketOwnershipControlsMiddlewares(stack *mid
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -96,7 +100,7 @@ func (c *Client) addOperationDeleteBucketOwnershipControlsMiddlewares(stack *mid
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -108,6 +112,9 @@ func (c *Client) addOperationDeleteBucketOwnershipControlsMiddlewares(stack *mid
 	if err = swapWithCustomHTTPSignerMiddleware(stack, options); err != nil {
 		return err
 	}
+	if err = addDeleteBucketOwnershipControlsResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpDeleteBucketOwnershipControlsValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -117,6 +124,9 @@ func (c *Client) addOperationDeleteBucketOwnershipControlsMiddlewares(stack *mid
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addDeleteBucketOwnershipControlsUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
@@ -132,9 +142,22 @@ func (c *Client) addOperationDeleteBucketOwnershipControlsMiddlewares(stack *mid
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
+	if err = addSerializeImmutableHostnameBucketMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
+func (v *DeleteBucketOwnershipControlsInput) bucket() (string, bool) {
+	if v.Bucket == nil {
+		return "", false
+	}
+	return *v.Bucket, true
+}
+
 func newServiceMetadataMiddleware_opDeleteBucketOwnershipControls(region string) *awsmiddleware.RegisterServiceMetadata {
 	return &awsmiddleware.RegisterServiceMetadata{
 		Region:        region,
@@ -169,3 +192,139 @@ func addDeleteBucketOwnershipControlsUpdateEndpoint(stack *middleware.Stack, opt
 		DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
 	})
 }
+
+type opDeleteBucketOwnershipControlsResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opDeleteBucketOwnershipControlsResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opDeleteBucketOwnershipControlsResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	input, ok := in.Parameters.(*DeleteBucketOwnershipControlsInput)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	params.Bucket = input.Bucket
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "s3"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, internalauth.SigV4)
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "s3"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, v4Scheme.Name)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("s3")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			ctx = s3cust.SetSignerVersion(ctx, v4a.Version)
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addDeleteBucketOwnershipControlsResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opDeleteBucketOwnershipControlsResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:                         options.Region,
+			UseFIPS:                        options.EndpointOptions.UseFIPSEndpoint,
+			UseDualStack:                   options.EndpointOptions.UseDualStackEndpoint,
+			Endpoint:                       options.BaseEndpoint,
+			ForcePathStyle:                 options.UsePathStyle,
+			Accelerate:                     options.UseAccelerate,
+			DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
+			UseArnRegion:                   options.UseARNRegion,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketPolicy.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketPolicy.go
index 618d9bede..1718b471a 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketPolicy.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketPolicy.go
@@ -4,9 +4,15 @@ package s3
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	"github.com/aws/aws-sdk-go-v2/internal/v4a"
 	s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -19,20 +25,17 @@ import (
 // have DeleteBucketPolicy permissions, Amazon S3 returns a 403 Access Denied
 // error. If you have the correct permissions, but you're not using an identity
 // that belongs to the bucket owner's account, Amazon S3 returns a 405 Method Not
-// Allowed error. As a security precaution, the root user of the Amazon Web
-// Services account that owns a bucket can always use this operation, even if the
-// policy explicitly denies the root user the ability to perform this action. For
-// more information about bucket policies, see Using Bucket Policies and
-// UserPolicies
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-iam-policies.html). The
-// following operations are related to DeleteBucketPolicy
-//
-// * CreateBucket
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html)
-//
-// *
-// DeleteObject
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObject.html)
+// Allowed error. To ensure that bucket owners don't inadvertently lock themselves
+// out of their own buckets, the root principal in a bucket owner's Amazon Web
+// Services account can perform the GetBucketPolicy , PutBucketPolicy , and
+// DeleteBucketPolicy API actions, even if their bucket policy explicitly denies
+// the root principal's access. Bucket owner root principals can only be blocked
+// from performing these API actions by VPC endpoint policies and Amazon Web
+// Services Organizations policies. For more information about bucket policies, see
+// Using Bucket Policies and UserPolicies (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-iam-policies.html)
+// . The following operations are related to DeleteBucketPolicy
+//   - CreateBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html)
+//   - DeleteObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObject.html)
 func (c *Client) DeleteBucketPolicy(ctx context.Context, params *DeleteBucketPolicyInput, optFns ...func(*Options)) (*DeleteBucketPolicyOutput, error) {
 	if params == nil {
 		params = &DeleteBucketPolicyInput{}
@@ -79,6 +82,9 @@ func (c *Client) addOperationDeleteBucketPolicyMiddlewares(stack *middleware.Sta
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -106,7 +112,7 @@ func (c *Client) addOperationDeleteBucketPolicyMiddlewares(stack *middleware.Sta
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -118,6 +124,9 @@ func (c *Client) addOperationDeleteBucketPolicyMiddlewares(stack *middleware.Sta
 	if err = swapWithCustomHTTPSignerMiddleware(stack, options); err != nil {
 		return err
 	}
+	if err = addDeleteBucketPolicyResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpDeleteBucketPolicyValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -127,6 +136,9 @@ func (c *Client) addOperationDeleteBucketPolicyMiddlewares(stack *middleware.Sta
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addDeleteBucketPolicyUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
@@ -142,9 +154,22 @@ func (c *Client) addOperationDeleteBucketPolicyMiddlewares(stack *middleware.Sta
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
+	if err = addSerializeImmutableHostnameBucketMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
+func (v *DeleteBucketPolicyInput) bucket() (string, bool) {
+	if v.Bucket == nil {
+		return "", false
+	}
+	return *v.Bucket, true
+}
+
 func newServiceMetadataMiddleware_opDeleteBucketPolicy(region string) *awsmiddleware.RegisterServiceMetadata {
 	return &awsmiddleware.RegisterServiceMetadata{
 		Region:        region,
@@ -179,3 +204,139 @@ func addDeleteBucketPolicyUpdateEndpoint(stack *middleware.Stack, options Option
 		DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
 	})
 }
+
+type opDeleteBucketPolicyResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opDeleteBucketPolicyResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opDeleteBucketPolicyResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	input, ok := in.Parameters.(*DeleteBucketPolicyInput)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	params.Bucket = input.Bucket
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "s3"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, internalauth.SigV4)
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "s3"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, v4Scheme.Name)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("s3")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			ctx = s3cust.SetSignerVersion(ctx, v4a.Version)
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addDeleteBucketPolicyResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opDeleteBucketPolicyResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:                         options.Region,
+			UseFIPS:                        options.EndpointOptions.UseFIPSEndpoint,
+			UseDualStack:                   options.EndpointOptions.UseDualStackEndpoint,
+			Endpoint:                       options.BaseEndpoint,
+			ForcePathStyle:                 options.UsePathStyle,
+			Accelerate:                     options.UseAccelerate,
+			DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
+			UseArnRegion:                   options.UseARNRegion,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketReplication.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketReplication.go
index ad2d772d4..441adceac 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketReplication.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketReplication.go
@@ -4,9 +4,15 @@ package s3
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	"github.com/aws/aws-sdk-go-v2/internal/v4a"
 	s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -15,22 +21,14 @@ import (
 // you must have permissions to perform the s3:PutReplicationConfiguration action.
 // The bucket owner has these permissions by default and can grant it to others.
 // For more information about permissions, see Permissions Related to Bucket
-// Subresource Operations
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
-// and Managing Access Permissions to Your Amazon S3 Resources
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html).
-// It can take a while for the deletion of a replication configuration to fully
-// propagate. For information about replication configuration, see Replication
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication.html) in the Amazon
-// S3 User Guide. The following operations are related to
-// DeleteBucketReplication:
-//
-// * PutBucketReplication
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketReplication.html)
-//
-// *
-// GetBucketReplication
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketReplication.html)
+// Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
+// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html)
+// . It can take a while for the deletion of a replication configuration to fully
+// propagate. For information about replication configuration, see Replication (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication.html)
+// in the Amazon S3 User Guide. The following operations are related to
+// DeleteBucketReplication :
+//   - PutBucketReplication (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketReplication.html)
+//   - GetBucketReplication (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketReplication.html)
 func (c *Client) DeleteBucketReplication(ctx context.Context, params *DeleteBucketReplicationInput, optFns ...func(*Options)) (*DeleteBucketReplicationOutput, error) {
 	if params == nil {
 		params = &DeleteBucketReplicationInput{}
@@ -77,6 +75,9 @@ func (c *Client) addOperationDeleteBucketReplicationMiddlewares(stack *middlewar
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -104,7 +105,7 @@ func (c *Client) addOperationDeleteBucketReplicationMiddlewares(stack *middlewar
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -116,6 +117,9 @@ func (c *Client) addOperationDeleteBucketReplicationMiddlewares(stack *middlewar
 	if err = swapWithCustomHTTPSignerMiddleware(stack, options); err != nil {
 		return err
 	}
+	if err = addDeleteBucketReplicationResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpDeleteBucketReplicationValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -125,6 +129,9 @@ func (c *Client) addOperationDeleteBucketReplicationMiddlewares(stack *middlewar
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addDeleteBucketReplicationUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
@@ -140,9 +147,22 @@ func (c *Client) addOperationDeleteBucketReplicationMiddlewares(stack *middlewar
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
+	if err = addSerializeImmutableHostnameBucketMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
+func (v *DeleteBucketReplicationInput) bucket() (string, bool) {
+	if v.Bucket == nil {
+		return "", false
+	}
+	return *v.Bucket, true
+}
+
 func newServiceMetadataMiddleware_opDeleteBucketReplication(region string) *awsmiddleware.RegisterServiceMetadata {
 	return &awsmiddleware.RegisterServiceMetadata{
 		Region:        region,
@@ -177,3 +197,139 @@ func addDeleteBucketReplicationUpdateEndpoint(stack *middleware.Stack, options O
 		DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
 	})
 }
+
+type opDeleteBucketReplicationResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opDeleteBucketReplicationResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opDeleteBucketReplicationResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	input, ok := in.Parameters.(*DeleteBucketReplicationInput)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	params.Bucket = input.Bucket
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "s3"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, internalauth.SigV4)
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "s3"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, v4Scheme.Name)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("s3")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			ctx = s3cust.SetSignerVersion(ctx, v4a.Version)
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addDeleteBucketReplicationResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opDeleteBucketReplicationResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:                         options.Region,
+			UseFIPS:                        options.EndpointOptions.UseFIPSEndpoint,
+			UseDualStack:                   options.EndpointOptions.UseDualStackEndpoint,
+			Endpoint:                       options.BaseEndpoint,
+			ForcePathStyle:                 options.UsePathStyle,
+			Accelerate:                     options.UseAccelerate,
+			DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
+			UseArnRegion:                   options.UseARNRegion,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketTagging.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketTagging.go
index 063f0bc59..1aeef1dee 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketTagging.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketTagging.go
@@ -4,9 +4,15 @@ package s3
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	"github.com/aws/aws-sdk-go-v2/internal/v4a"
 	s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -14,14 +20,9 @@ import (
 // Deletes the tags from the bucket. To use this operation, you must have
 // permission to perform the s3:PutBucketTagging action. By default, the bucket
 // owner has this permission and can grant this permission to others. The following
-// operations are related to DeleteBucketTagging:
-//
-// * GetBucketTagging
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketTagging.html)
-//
-// *
-// PutBucketTagging
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketTagging.html)
+// operations are related to DeleteBucketTagging :
+//   - GetBucketTagging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketTagging.html)
+//   - PutBucketTagging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketTagging.html)
 func (c *Client) DeleteBucketTagging(ctx context.Context, params *DeleteBucketTaggingInput, optFns ...func(*Options)) (*DeleteBucketTaggingOutput, error) {
 	if params == nil {
 		params = &DeleteBucketTaggingInput{}
@@ -68,6 +69,9 @@ func (c *Client) addOperationDeleteBucketTaggingMiddlewares(stack *middleware.St
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -95,7 +99,7 @@ func (c *Client) addOperationDeleteBucketTaggingMiddlewares(stack *middleware.St
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -107,6 +111,9 @@ func (c *Client) addOperationDeleteBucketTaggingMiddlewares(stack *middleware.St
 	if err = swapWithCustomHTTPSignerMiddleware(stack, options); err != nil {
 		return err
 	}
+	if err = addDeleteBucketTaggingResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpDeleteBucketTaggingValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -116,6 +123,9 @@ func (c *Client) addOperationDeleteBucketTaggingMiddlewares(stack *middleware.St
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addDeleteBucketTaggingUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
@@ -131,9 +141,22 @@ func (c *Client) addOperationDeleteBucketTaggingMiddlewares(stack *middleware.St
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
+	if err = addSerializeImmutableHostnameBucketMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
+func (v *DeleteBucketTaggingInput) bucket() (string, bool) {
+	if v.Bucket == nil {
+		return "", false
+	}
+	return *v.Bucket, true
+}
+
 func newServiceMetadataMiddleware_opDeleteBucketTagging(region string) *awsmiddleware.RegisterServiceMetadata {
 	return &awsmiddleware.RegisterServiceMetadata{
 		Region:        region,
@@ -168,3 +191,139 @@ func addDeleteBucketTaggingUpdateEndpoint(stack *middleware.Stack, options Optio
 		DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
 	})
 }
+
+type opDeleteBucketTaggingResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opDeleteBucketTaggingResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opDeleteBucketTaggingResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	input, ok := in.Parameters.(*DeleteBucketTaggingInput)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	params.Bucket = input.Bucket
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "s3"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, internalauth.SigV4)
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "s3"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, v4Scheme.Name)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("s3")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			ctx = s3cust.SetSignerVersion(ctx, v4a.Version)
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addDeleteBucketTaggingResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opDeleteBucketTaggingResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:                         options.Region,
+			UseFIPS:                        options.EndpointOptions.UseFIPSEndpoint,
+			UseDualStack:                   options.EndpointOptions.UseDualStackEndpoint,
+			Endpoint:                       options.BaseEndpoint,
+			ForcePathStyle:                 options.UsePathStyle,
+			Accelerate:                     options.UseAccelerate,
+			DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
+			UseArnRegion:                   options.UseARNRegion,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketWebsite.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketWebsite.go
index 7eb72b86a..e7fc64b5b 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketWebsite.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketWebsite.go
@@ -4,9 +4,15 @@ package s3
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	"github.com/aws/aws-sdk-go-v2/internal/v4a"
 	s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -21,16 +27,10 @@ import (
 // bucket owners can grant other users permission to delete the website
 // configuration by writing a bucket policy granting them the
 // S3:DeleteBucketWebsite permission. For more information about hosting websites,
-// see Hosting Websites on Amazon S3
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteHosting.html). The
-// following operations are related to DeleteBucketWebsite:
-//
-// * GetBucketWebsite
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketWebsite.html)
-//
-// *
-// PutBucketWebsite
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketWebsite.html)
+// see Hosting Websites on Amazon S3 (https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteHosting.html)
+// . The following operations are related to DeleteBucketWebsite :
+//   - GetBucketWebsite (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketWebsite.html)
+//   - PutBucketWebsite (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketWebsite.html)
 func (c *Client) DeleteBucketWebsite(ctx context.Context, params *DeleteBucketWebsiteInput, optFns ...func(*Options)) (*DeleteBucketWebsiteOutput, error) {
 	if params == nil {
 		params = &DeleteBucketWebsiteInput{}
@@ -77,6 +77,9 @@ func (c *Client) addOperationDeleteBucketWebsiteMiddlewares(stack *middleware.St
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -104,7 +107,7 @@ func (c *Client) addOperationDeleteBucketWebsiteMiddlewares(stack *middleware.St
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -116,6 +119,9 @@ func (c *Client) addOperationDeleteBucketWebsiteMiddlewares(stack *middleware.St
 	if err = swapWithCustomHTTPSignerMiddleware(stack, options); err != nil {
 		return err
 	}
+	if err = addDeleteBucketWebsiteResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpDeleteBucketWebsiteValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -125,6 +131,9 @@ func (c *Client) addOperationDeleteBucketWebsiteMiddlewares(stack *middleware.St
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addDeleteBucketWebsiteUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
@@ -140,9 +149,22 @@ func (c *Client) addOperationDeleteBucketWebsiteMiddlewares(stack *middleware.St
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
+	if err = addSerializeImmutableHostnameBucketMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
+func (v *DeleteBucketWebsiteInput) bucket() (string, bool) {
+	if v.Bucket == nil {
+		return "", false
+	}
+	return *v.Bucket, true
+}
+
 func newServiceMetadataMiddleware_opDeleteBucketWebsite(region string) *awsmiddleware.RegisterServiceMetadata {
 	return &awsmiddleware.RegisterServiceMetadata{
 		Region:        region,
@@ -177,3 +199,139 @@ func addDeleteBucketWebsiteUpdateEndpoint(stack *middleware.Stack, options Optio
 		DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
 	})
 }
+
+type opDeleteBucketWebsiteResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opDeleteBucketWebsiteResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opDeleteBucketWebsiteResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	input, ok := in.Parameters.(*DeleteBucketWebsiteInput)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	params.Bucket = input.Bucket
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "s3"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, internalauth.SigV4)
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "s3"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, v4Scheme.Name)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("s3")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			ctx = s3cust.SetSignerVersion(ctx, v4a.Version)
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addDeleteBucketWebsiteResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opDeleteBucketWebsiteResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:                         options.Region,
+			UseFIPS:                        options.EndpointOptions.UseFIPSEndpoint,
+			UseDualStack:                   options.EndpointOptions.UseDualStackEndpoint,
+			Endpoint:                       options.BaseEndpoint,
+			ForcePathStyle:                 options.UsePathStyle,
+			Accelerate:                     options.UseAccelerate,
+			DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
+			UseArnRegion:                   options.UseARNRegion,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteObject.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteObject.go
index 4b4f12127..5b5cbf187 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteObject.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteObject.go
@@ -4,10 +4,16 @@ package s3
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	"github.com/aws/aws-sdk-go-v2/internal/v4a"
 	s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations"
 	"github.com/aws/aws-sdk-go-v2/service/s3/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -15,27 +21,22 @@ import (
 // Removes the null version (if there is one) of an object and inserts a delete
 // marker, which becomes the latest version of the object. If there isn't a null
 // version, Amazon S3 does not remove any objects but will still respond that the
-// command was successful. To remove a specific version, you must be the bucket
-// owner and you must use the version Id subresource. Using this subresource
-// permanently deletes the version. If the object deleted is a delete marker,
-// Amazon S3 sets the response header, x-amz-delete-marker, to true. If the object
-// you want to delete is in a bucket where the bucket versioning configuration is
-// MFA Delete enabled, you must include the x-amz-mfa request header in the DELETE
-// versionId request. Requests that include x-amz-mfa must use HTTPS. For more
-// information about MFA Delete, see Using MFA Delete
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMFADelete.html). To see
-// sample requests that use versioning, see Sample Request
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTObjectDELETE.html#ExampleVersionObjectDelete).
-// You can delete objects by explicitly calling DELETE Object or configure its
-// lifecycle (PutBucketLifecycle
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycle.html))
-// to enable Amazon S3 to remove them for you. If you want to block users or
+// command was successful. To remove a specific version, you must use the version
+// Id subresource. Using this subresource permanently deletes the version. If the
+// object deleted is a delete marker, Amazon S3 sets the response header,
+// x-amz-delete-marker , to true. If the object you want to delete is in a bucket
+// where the bucket versioning configuration is MFA Delete enabled, you must
+// include the x-amz-mfa request header in the DELETE versionId request. Requests
+// that include x-amz-mfa must use HTTPS. For more information about MFA Delete,
+// see Using MFA Delete (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMFADelete.html)
+// . To see sample requests that use versioning, see Sample Request (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTObjectDELETE.html#ExampleVersionObjectDelete)
+// . You can delete objects by explicitly calling DELETE Object or configure its
+// lifecycle ( PutBucketLifecycle (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycle.html)
+// ) to enable Amazon S3 to remove them for you. If you want to block users or
 // accounts from removing or deleting objects from your bucket, you must deny them
-// the s3:DeleteObject, s3:DeleteObjectVersion, and s3:PutLifeCycleConfiguration
-// actions. The following action is related to DeleteObject:
-//
-// * PutObject
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html)
+// the s3:DeleteObject , s3:DeleteObjectVersion , and s3:PutLifeCycleConfiguration
+// actions. The following action is related to DeleteObject :
+//   - PutObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html)
 func (c *Client) DeleteObject(ctx context.Context, params *DeleteObjectInput, optFns ...func(*Options)) (*DeleteObjectOutput, error) {
 	if params == nil {
 		params = &DeleteObjectInput{}
@@ -53,23 +54,21 @@ func (c *Client) DeleteObject(ctx context.Context, params *DeleteObjectInput, op
 
 type DeleteObjectInput struct {
 
-	// The bucket name of the bucket containing the object. When using this action with
-	// an access point, you must direct requests to the access point hostname. The
+	// The bucket name of the bucket containing the object. When using this action
+	// with an access point, you must direct requests to the access point hostname. The
 	// access point hostname takes the form
 	// AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this
 	// action with an access point through the Amazon Web Services SDKs, you provide
 	// the access point ARN in place of the bucket name. For more information about
-	// access point ARNs, see Using access points
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
-	// in the Amazon S3 User Guide. When using this action with Amazon S3 on Outposts,
-	// you must direct requests to the S3 on Outposts hostname. The S3 on Outposts
-	// hostname takes the form
-	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When using
-	// this action with S3 on Outposts through the Amazon Web Services SDKs, you
-	// provide the Outposts bucket ARN in place of the bucket name. For more
-	// information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) in the
-	// Amazon S3 User Guide.
+	// access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
+	// in the Amazon S3 User Guide. When you use this action with Amazon S3 on
+	// Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on
+	// Outposts hostname takes the form
+	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com . When you
+	// use this action with S3 on Outposts through the Amazon Web Services SDKs, you
+	// provide the Outposts access point ARN in place of the bucket name. For more
+	// information about S3 on Outposts ARNs, see What is S3 on Outposts? (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
+	// in the Amazon S3 User Guide.
 	//
 	// This member is required.
 	Bucket *string
@@ -89,16 +88,18 @@ type DeleteObjectInput struct {
 	// (access denied).
 	ExpectedBucketOwner *string
 
-	// The concatenation of the authentication device's serial number, a space, and the
-	// value that is displayed on your authentication device. Required to permanently
-	// delete a versioned object if versioning is configured with MFA delete enabled.
+	// The concatenation of the authentication device's serial number, a space, and
+	// the value that is displayed on your authentication device. Required to
+	// permanently delete a versioned object if versioning is configured with MFA
+	// delete enabled.
 	MFA *string
 
 	// Confirms that the requester knows that they will be charged for the request.
-	// Bucket owners need not specify this parameter in their requests. For information
-	// about downloading objects from Requester Pays buckets, see Downloading Objects
-	// in Requester Pays Buckets
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
+	// Bucket owners need not specify this parameter in their requests. If either the
+	// source or destination Amazon S3 bucket has Requester Pays enabled, the requester
+	// will pay for corresponding charges to copy the object. For information about
+	// downloading objects from Requester Pays buckets, see Downloading Objects in
+	// Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
 	// in the Amazon S3 User Guide.
 	RequestPayer types.RequestPayer
 
@@ -110,8 +111,10 @@ type DeleteObjectInput struct {
 
 type DeleteObjectOutput struct {
 
-	// Specifies whether the versioned object that was permanently deleted was (true)
-	// or was not (false) a delete marker.
+	// Indicates whether the specified object version that was permanently deleted was
+	// (true) or was not (false) a delete marker before deletion. In a simple DELETE,
+	// this header indicates whether (true) or not (false) the current version of the
+	// object is a delete marker.
 	DeleteMarker bool
 
 	// If present, indicates that the requester was successfully charged for the
@@ -137,6 +140,9 @@ func (c *Client) addOperationDeleteObjectMiddlewares(stack *middleware.Stack, op
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -164,7 +170,7 @@ func (c *Client) addOperationDeleteObjectMiddlewares(stack *middleware.Stack, op
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -176,6 +182,9 @@ func (c *Client) addOperationDeleteObjectMiddlewares(stack *middleware.Stack, op
 	if err = swapWithCustomHTTPSignerMiddleware(stack, options); err != nil {
 		return err
 	}
+	if err = addDeleteObjectResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpDeleteObjectValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -185,6 +194,9 @@ func (c *Client) addOperationDeleteObjectMiddlewares(stack *middleware.Stack, op
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addDeleteObjectUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
@@ -200,9 +212,22 @@ func (c *Client) addOperationDeleteObjectMiddlewares(stack *middleware.Stack, op
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
+	if err = addSerializeImmutableHostnameBucketMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
+func (v *DeleteObjectInput) bucket() (string, bool) {
+	if v.Bucket == nil {
+		return "", false
+	}
+	return *v.Bucket, true
+}
+
 func newServiceMetadataMiddleware_opDeleteObject(region string) *awsmiddleware.RegisterServiceMetadata {
 	return &awsmiddleware.RegisterServiceMetadata{
 		Region:        region,
@@ -268,3 +293,139 @@ func addDeleteObjectPayloadAsUnsigned(stack *middleware.Stack, options Options)
 	v4.RemoveComputePayloadSHA256Middleware(stack)
 	return v4.AddUnsignedPayloadMiddleware(stack)
 }
+
+type opDeleteObjectResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opDeleteObjectResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opDeleteObjectResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	input, ok := in.Parameters.(*DeleteObjectInput)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	params.Bucket = input.Bucket
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "s3"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, internalauth.SigV4)
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "s3"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, v4Scheme.Name)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("s3")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			ctx = s3cust.SetSignerVersion(ctx, v4a.Version)
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addDeleteObjectResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opDeleteObjectResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:                         options.Region,
+			UseFIPS:                        options.EndpointOptions.UseFIPSEndpoint,
+			UseDualStack:                   options.EndpointOptions.UseDualStackEndpoint,
+			Endpoint:                       options.BaseEndpoint,
+			ForcePathStyle:                 options.UsePathStyle,
+			Accelerate:                     options.UseAccelerate,
+			DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
+			UseArnRegion:                   options.UseARNRegion,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteObjectTagging.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteObjectTagging.go
index 0d1bb7399..41d46e48f 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteObjectTagging.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteObjectTagging.go
@@ -4,28 +4,28 @@ package s3
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	"github.com/aws/aws-sdk-go-v2/internal/v4a"
 	s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
 
-// Removes the entire tag set from the specified object. For more information about
-// managing object tags, see  Object Tagging
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-tagging.html). To use
-// this operation, you must have permission to perform the s3:DeleteObjectTagging
-// action. To delete tags of a specific object version, add the versionId query
-// parameter in the request. You will need permission for the
+// Removes the entire tag set from the specified object. For more information
+// about managing object tags, see Object Tagging (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-tagging.html)
+// . To use this operation, you must have permission to perform the
+// s3:DeleteObjectTagging action. To delete tags of a specific object version, add
+// the versionId query parameter in the request. You will need permission for the
 // s3:DeleteObjectVersionTagging action. The following operations are related to
-// DeleteBucketMetricsConfiguration:
-//
-// * PutObjectTagging
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObjectTagging.html)
-//
-// *
-// GetObjectTagging
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectTagging.html)
+// DeleteObjectTagging :
+//   - PutObjectTagging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObjectTagging.html)
+//   - GetObjectTagging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectTagging.html)
 func (c *Client) DeleteObjectTagging(ctx context.Context, params *DeleteObjectTaggingInput, optFns ...func(*Options)) (*DeleteObjectTaggingOutput, error) {
 	if params == nil {
 		params = &DeleteObjectTaggingInput{}
@@ -43,23 +43,21 @@ func (c *Client) DeleteObjectTagging(ctx context.Context, params *DeleteObjectTa
 
 type DeleteObjectTaggingInput struct {
 
-	// The bucket name containing the objects from which to remove the tags. When using
-	// this action with an access point, you must direct requests to the access point
-	// hostname. The access point hostname takes the form
+	// The bucket name containing the objects from which to remove the tags. When
+	// using this action with an access point, you must direct requests to the access
+	// point hostname. The access point hostname takes the form
 	// AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this
 	// action with an access point through the Amazon Web Services SDKs, you provide
 	// the access point ARN in place of the bucket name. For more information about
-	// access point ARNs, see Using access points
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
-	// in the Amazon S3 User Guide. When using this action with Amazon S3 on Outposts,
-	// you must direct requests to the S3 on Outposts hostname. The S3 on Outposts
-	// hostname takes the form
-	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When using
-	// this action with S3 on Outposts through the Amazon Web Services SDKs, you
-	// provide the Outposts bucket ARN in place of the bucket name. For more
-	// information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) in the
-	// Amazon S3 User Guide.
+	// access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
+	// in the Amazon S3 User Guide. When you use this action with Amazon S3 on
+	// Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on
+	// Outposts hostname takes the form
+	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com . When you
+	// use this action with S3 on Outposts through the Amazon Web Services SDKs, you
+	// provide the Outposts access point ARN in place of the bucket name. For more
+	// information about S3 on Outposts ARNs, see What is S3 on Outposts? (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
+	// in the Amazon S3 User Guide.
 	//
 	// This member is required.
 	Bucket *string
@@ -100,6 +98,9 @@ func (c *Client) addOperationDeleteObjectTaggingMiddlewares(stack *middleware.St
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -127,7 +128,7 @@ func (c *Client) addOperationDeleteObjectTaggingMiddlewares(stack *middleware.St
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -139,6 +140,9 @@ func (c *Client) addOperationDeleteObjectTaggingMiddlewares(stack *middleware.St
 	if err = swapWithCustomHTTPSignerMiddleware(stack, options); err != nil {
 		return err
 	}
+	if err = addDeleteObjectTaggingResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpDeleteObjectTaggingValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -148,6 +152,9 @@ func (c *Client) addOperationDeleteObjectTaggingMiddlewares(stack *middleware.St
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addDeleteObjectTaggingUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
@@ -163,9 +170,22 @@ func (c *Client) addOperationDeleteObjectTaggingMiddlewares(stack *middleware.St
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
+	if err = addSerializeImmutableHostnameBucketMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
+func (v *DeleteObjectTaggingInput) bucket() (string, bool) {
+	if v.Bucket == nil {
+		return "", false
+	}
+	return *v.Bucket, true
+}
+
 func newServiceMetadataMiddleware_opDeleteObjectTagging(region string) *awsmiddleware.RegisterServiceMetadata {
 	return &awsmiddleware.RegisterServiceMetadata{
 		Region:        region,
@@ -200,3 +220,139 @@ func addDeleteObjectTaggingUpdateEndpoint(stack *middleware.Stack, options Optio
 		DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
 	})
 }
+
+type opDeleteObjectTaggingResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opDeleteObjectTaggingResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opDeleteObjectTaggingResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	input, ok := in.Parameters.(*DeleteObjectTaggingInput)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	params.Bucket = input.Bucket
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "s3"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, internalauth.SigV4)
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "s3"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, v4Scheme.Name)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("s3")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			ctx = s3cust.SetSignerVersion(ctx, v4a.Version)
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addDeleteObjectTaggingResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opDeleteObjectTaggingResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:                         options.Region,
+			UseFIPS:                        options.EndpointOptions.UseFIPSEndpoint,
+			UseDualStack:                   options.EndpointOptions.UseDualStackEndpoint,
+			Endpoint:                       options.BaseEndpoint,
+			ForcePathStyle:                 options.UsePathStyle,
+			Accelerate:                     options.UseAccelerate,
+			DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
+			UseArnRegion:                   options.UseARNRegion,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteObjects.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteObjects.go
index 50078da53..b494c18ae 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteObjects.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteObjects.go
@@ -4,11 +4,17 @@ package s3
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	"github.com/aws/aws-sdk-go-v2/internal/v4a"
 	internalChecksum "github.com/aws/aws-sdk-go-v2/service/internal/checksum"
 	s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations"
 	"github.com/aws/aws-sdk-go-v2/service/s3/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -33,31 +39,16 @@ import (
 // even if there are non-versioned objects you are trying to delete. If you provide
 // an invalid token, whether there are versioned keys in the request or not, the
 // entire Multi-Object Delete request will fail. For information about MFA Delete,
-// see  MFA Delete
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/Versioning.html#MultiFactorAuthenticationDelete).
-// Finally, the Content-MD5 header is required for all Multi-Object Delete
+// see MFA Delete (https://docs.aws.amazon.com/AmazonS3/latest/dev/Versioning.html#MultiFactorAuthenticationDelete)
+// . Finally, the Content-MD5 header is required for all Multi-Object Delete
 // requests. Amazon S3 uses the header value to ensure that your request body has
 // not been altered in transit. The following operations are related to
-// DeleteObjects:
-//
-// * CreateMultipartUpload
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html)
-//
-// *
-// UploadPart
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html)
-//
-// *
-// CompleteMultipartUpload
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CompleteMultipartUpload.html)
-//
-// *
-// ListParts
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListParts.html)
-//
-// *
-// AbortMultipartUpload
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_AbortMultipartUpload.html)
+// DeleteObjects :
+//   - CreateMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html)
+//   - UploadPart (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html)
+//   - CompleteMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CompleteMultipartUpload.html)
+//   - ListParts (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListParts.html)
+//   - AbortMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_AbortMultipartUpload.html)
 func (c *Client) DeleteObjects(ctx context.Context, params *DeleteObjectsInput, optFns ...func(*Options)) (*DeleteObjectsOutput, error) {
 	if params == nil {
 		params = &DeleteObjectsInput{}
@@ -75,23 +66,21 @@ func (c *Client) DeleteObjects(ctx context.Context, params *DeleteObjectsInput,
 
 type DeleteObjectsInput struct {
 
-	// The bucket name containing the objects to delete. When using this action with an
-	// access point, you must direct requests to the access point hostname. The access
-	// point hostname takes the form
+	// The bucket name containing the objects to delete. When using this action with
+	// an access point, you must direct requests to the access point hostname. The
+	// access point hostname takes the form
 	// AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this
 	// action with an access point through the Amazon Web Services SDKs, you provide
 	// the access point ARN in place of the bucket name. For more information about
-	// access point ARNs, see Using access points
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
-	// in the Amazon S3 User Guide. When using this action with Amazon S3 on Outposts,
-	// you must direct requests to the S3 on Outposts hostname. The S3 on Outposts
-	// hostname takes the form
-	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When using
-	// this action with S3 on Outposts through the Amazon Web Services SDKs, you
-	// provide the Outposts bucket ARN in place of the bucket name. For more
-	// information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) in the
-	// Amazon S3 User Guide.
+	// access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
+	// in the Amazon S3 User Guide. When you use this action with Amazon S3 on
+	// Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on
+	// Outposts hostname takes the form
+	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com . When you
+	// use this action with S3 on Outposts through the Amazon Web Services SDKs, you
+	// provide the Outposts access point ARN in place of the bucket name. For more
+	// information about S3 on Outposts ARNs, see What is S3 on Outposts? (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
+	// in the Amazon S3 User Guide.
 	//
 	// This member is required.
 	Bucket *string
@@ -110,9 +99,8 @@ type DeleteObjectsInput struct {
 	// the SDK. This header will not provide any additional functionality if not using
 	// the SDK. When sending this header, there must be a corresponding x-amz-checksum
 	// or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with the
-	// HTTP status code 400 Bad Request. For more information, see Checking object
-	// integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// HTTP status code 400 Bad Request . For more information, see Checking object
+	// integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
 	// in the Amazon S3 User Guide. If you provide an individual checksum, Amazon S3
 	// ignores any provided ChecksumAlgorithm parameter. This checksum algorithm must
 	// be the same for all parts and it match the checksum value supplied in the
@@ -124,16 +112,18 @@ type DeleteObjectsInput struct {
 	// (access denied).
 	ExpectedBucketOwner *string
 
-	// The concatenation of the authentication device's serial number, a space, and the
-	// value that is displayed on your authentication device. Required to permanently
-	// delete a versioned object if versioning is configured with MFA delete enabled.
+	// The concatenation of the authentication device's serial number, a space, and
+	// the value that is displayed on your authentication device. Required to
+	// permanently delete a versioned object if versioning is configured with MFA
+	// delete enabled.
 	MFA *string
 
 	// Confirms that the requester knows that they will be charged for the request.
-	// Bucket owners need not specify this parameter in their requests. For information
-	// about downloading objects from Requester Pays buckets, see Downloading Objects
-	// in Requester Pays Buckets
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
+	// Bucket owners need not specify this parameter in their requests. If either the
+	// source or destination Amazon S3 bucket has Requester Pays enabled, the requester
+	// will pay for corresponding charges to copy the object. For information about
+	// downloading objects from Requester Pays buckets, see Downloading Objects in
+	// Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
 	// in the Amazon S3 User Guide.
 	RequestPayer types.RequestPayer
 
@@ -169,6 +159,9 @@ func (c *Client) addOperationDeleteObjectsMiddlewares(stack *middleware.Stack, o
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -196,7 +189,7 @@ func (c *Client) addOperationDeleteObjectsMiddlewares(stack *middleware.Stack, o
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -208,6 +201,9 @@ func (c *Client) addOperationDeleteObjectsMiddlewares(stack *middleware.Stack, o
 	if err = swapWithCustomHTTPSignerMiddleware(stack, options); err != nil {
 		return err
 	}
+	if err = addDeleteObjectsResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpDeleteObjectsValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -217,6 +213,9 @@ func (c *Client) addOperationDeleteObjectsMiddlewares(stack *middleware.Stack, o
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addDeleteObjectsInputChecksumMiddlewares(stack, options); err != nil {
 		return err
 	}
@@ -235,9 +234,22 @@ func (c *Client) addOperationDeleteObjectsMiddlewares(stack *middleware.Stack, o
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
+	if err = addSerializeImmutableHostnameBucketMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
+func (v *DeleteObjectsInput) bucket() (string, bool) {
+	if v.Bucket == nil {
+		return "", false
+	}
+	return *v.Bucket, true
+}
+
 func newServiceMetadataMiddleware_opDeleteObjects(region string) *awsmiddleware.RegisterServiceMetadata {
 	return &awsmiddleware.RegisterServiceMetadata{
 		Region:        region,
@@ -247,8 +259,8 @@ func newServiceMetadataMiddleware_opDeleteObjects(region string) *awsmiddleware.
 	}
 }
 
-// getDeleteObjectsRequestAlgorithmMember gets the request checksum algorithm value
-// provided as input.
+// getDeleteObjectsRequestAlgorithmMember gets the request checksum algorithm
+// value provided as input.
 func getDeleteObjectsRequestAlgorithmMember(input interface{}) (string, bool) {
 	in := input.(*DeleteObjectsInput)
 	if len(in.ChecksumAlgorithm) == 0 {
@@ -292,3 +304,139 @@ func addDeleteObjectsUpdateEndpoint(stack *middleware.Stack, options Options) er
 		DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
 	})
 }
+
+type opDeleteObjectsResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opDeleteObjectsResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opDeleteObjectsResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	input, ok := in.Parameters.(*DeleteObjectsInput)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	params.Bucket = input.Bucket
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "s3"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, internalauth.SigV4)
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "s3"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, v4Scheme.Name)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("s3")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			ctx = s3cust.SetSignerVersion(ctx, v4a.Version)
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addDeleteObjectsResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opDeleteObjectsResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:                         options.Region,
+			UseFIPS:                        options.EndpointOptions.UseFIPSEndpoint,
+			UseDualStack:                   options.EndpointOptions.UseDualStackEndpoint,
+			Endpoint:                       options.BaseEndpoint,
+			ForcePathStyle:                 options.UsePathStyle,
+			Accelerate:                     options.UseAccelerate,
+			DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
+			UseArnRegion:                   options.UseARNRegion,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeletePublicAccessBlock.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeletePublicAccessBlock.go
index 3defd538c..2bdbe4217 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeletePublicAccessBlock.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeletePublicAccessBlock.go
@@ -4,37 +4,29 @@ package s3
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	"github.com/aws/aws-sdk-go-v2/internal/v4a"
 	s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
 
-// Removes the PublicAccessBlock configuration for an Amazon S3 bucket. To use this
-// operation, you must have the s3:PutBucketPublicAccessBlock permission. For more
-// information about permissions, see Permissions Related to Bucket Subresource
-// Operations
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
-// and Managing Access Permissions to Your Amazon S3 Resources
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html).
-// The following operations are related to DeletePublicAccessBlock:
-//
-// * Using Amazon
-// S3 Block Public Access
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html)
-//
-// *
-// GetPublicAccessBlock
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetPublicAccessBlock.html)
-//
-// *
-// PutPublicAccessBlock
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutPublicAccessBlock.html)
-//
-// *
-// GetBucketPolicyStatus
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketPolicyStatus.html)
+// Removes the PublicAccessBlock configuration for an Amazon S3 bucket. To use
+// this operation, you must have the s3:PutBucketPublicAccessBlock permission. For
+// more information about permissions, see Permissions Related to Bucket
+// Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
+// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html)
+// . The following operations are related to DeletePublicAccessBlock :
+//   - Using Amazon S3 Block Public Access (https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html)
+//   - GetPublicAccessBlock (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetPublicAccessBlock.html)
+//   - PutPublicAccessBlock (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutPublicAccessBlock.html)
+//   - GetBucketPolicyStatus (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketPolicyStatus.html)
 func (c *Client) DeletePublicAccessBlock(ctx context.Context, params *DeletePublicAccessBlockInput, optFns ...func(*Options)) (*DeletePublicAccessBlockOutput, error) {
 	if params == nil {
 		params = &DeletePublicAccessBlockInput{}
@@ -81,6 +73,9 @@ func (c *Client) addOperationDeletePublicAccessBlockMiddlewares(stack *middlewar
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -108,7 +103,7 @@ func (c *Client) addOperationDeletePublicAccessBlockMiddlewares(stack *middlewar
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -120,6 +115,9 @@ func (c *Client) addOperationDeletePublicAccessBlockMiddlewares(stack *middlewar
 	if err = swapWithCustomHTTPSignerMiddleware(stack, options); err != nil {
 		return err
 	}
+	if err = addDeletePublicAccessBlockResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpDeletePublicAccessBlockValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -129,6 +127,9 @@ func (c *Client) addOperationDeletePublicAccessBlockMiddlewares(stack *middlewar
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addDeletePublicAccessBlockUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
@@ -144,9 +145,22 @@ func (c *Client) addOperationDeletePublicAccessBlockMiddlewares(stack *middlewar
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
+	if err = addSerializeImmutableHostnameBucketMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
+func (v *DeletePublicAccessBlockInput) bucket() (string, bool) {
+	if v.Bucket == nil {
+		return "", false
+	}
+	return *v.Bucket, true
+}
+
 func newServiceMetadataMiddleware_opDeletePublicAccessBlock(region string) *awsmiddleware.RegisterServiceMetadata {
 	return &awsmiddleware.RegisterServiceMetadata{
 		Region:        region,
@@ -181,3 +195,139 @@ func addDeletePublicAccessBlockUpdateEndpoint(stack *middleware.Stack, options O
 		DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
 	})
 }
+
+type opDeletePublicAccessBlockResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opDeletePublicAccessBlockResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opDeletePublicAccessBlockResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	input, ok := in.Parameters.(*DeletePublicAccessBlockInput)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	params.Bucket = input.Bucket
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "s3"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, internalauth.SigV4)
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "s3"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, v4Scheme.Name)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("s3")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			ctx = s3cust.SetSignerVersion(ctx, v4a.Version)
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addDeletePublicAccessBlockResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opDeletePublicAccessBlockResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:                         options.Region,
+			UseFIPS:                        options.EndpointOptions.UseFIPSEndpoint,
+			UseDualStack:                   options.EndpointOptions.UseDualStackEndpoint,
+			Endpoint:                       options.BaseEndpoint,
+			ForcePathStyle:                 options.UsePathStyle,
+			Accelerate:                     options.UseAccelerate,
+			DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
+			UseArnRegion:                   options.UseARNRegion,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketAccelerateConfiguration.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketAccelerateConfiguration.go
index d1690f3ea..f11b25aa3 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketAccelerateConfiguration.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketAccelerateConfiguration.go
@@ -4,38 +4,39 @@ package s3
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	"github.com/aws/aws-sdk-go-v2/internal/v4a"
 	s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations"
 	"github.com/aws/aws-sdk-go-v2/service/s3/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
 
 // This implementation of the GET action uses the accelerate subresource to return
 // the Transfer Acceleration state of a bucket, which is either Enabled or
-// Suspended. Amazon S3 Transfer Acceleration is a bucket-level feature that
+// Suspended . Amazon S3 Transfer Acceleration is a bucket-level feature that
 // enables you to perform faster data transfers to and from Amazon S3. To use this
 // operation, you must have permission to perform the s3:GetAccelerateConfiguration
 // action. The bucket owner has this permission by default. The bucket owner can
 // grant this permission to others. For more information about permissions, see
-// Permissions Related to Bucket Subresource Operations
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
-// and Managing Access Permissions to your Amazon S3 Resources
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html)
+// Permissions Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
+// and Managing Access Permissions to your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html)
 // in the Amazon S3 User Guide. You set the Transfer Acceleration state of an
 // existing bucket to Enabled or Suspended by using the
-// PutBucketAccelerateConfiguration
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketAccelerateConfiguration.html)
+// PutBucketAccelerateConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketAccelerateConfiguration.html)
 // operation. A GET accelerate request does not return a state value for a bucket
 // that has no transfer acceleration state. A bucket has no Transfer Acceleration
 // state if a state has never been set on the bucket. For more information about
-// transfer acceleration, see Transfer Acceleration
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/transfer-acceleration.html) in
-// the Amazon S3 User Guide. Related Resources
-//
-// * PutBucketAccelerateConfiguration
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketAccelerateConfiguration.html)
+// transfer acceleration, see Transfer Acceleration (https://docs.aws.amazon.com/AmazonS3/latest/dev/transfer-acceleration.html)
+// in the Amazon S3 User Guide. The following operations are related to
+// GetBucketAccelerateConfiguration :
+//   - PutBucketAccelerateConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketAccelerateConfiguration.html)
 func (c *Client) GetBucketAccelerateConfiguration(ctx context.Context, params *GetBucketAccelerateConfigurationInput, optFns ...func(*Options)) (*GetBucketAccelerateConfigurationOutput, error) {
 	if params == nil {
 		params = &GetBucketAccelerateConfigurationInput{}
@@ -63,11 +64,24 @@ type GetBucketAccelerateConfigurationInput struct {
 	// (access denied).
 	ExpectedBucketOwner *string
 
+	// Confirms that the requester knows that they will be charged for the request.
+	// Bucket owners need not specify this parameter in their requests. If either the
+	// source or destination Amazon S3 bucket has Requester Pays enabled, the requester
+	// will pay for corresponding charges to copy the object. For information about
+	// downloading objects from Requester Pays buckets, see Downloading Objects in
+	// Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
+	// in the Amazon S3 User Guide.
+	RequestPayer types.RequestPayer
+
 	noSmithyDocumentSerde
 }
 
 type GetBucketAccelerateConfigurationOutput struct {
 
+	// If present, indicates that the requester was successfully charged for the
+	// request.
+	RequestCharged types.RequestCharged
+
 	// The accelerate configuration of the bucket.
 	Status types.BucketAccelerateStatus
 
@@ -86,6 +100,9 @@ func (c *Client) addOperationGetBucketAccelerateConfigurationMiddlewares(stack *
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -113,7 +130,7 @@ func (c *Client) addOperationGetBucketAccelerateConfigurationMiddlewares(stack *
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -125,6 +142,9 @@ func (c *Client) addOperationGetBucketAccelerateConfigurationMiddlewares(stack *
 	if err = swapWithCustomHTTPSignerMiddleware(stack, options); err != nil {
 		return err
 	}
+	if err = addGetBucketAccelerateConfigurationResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpGetBucketAccelerateConfigurationValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -134,6 +154,9 @@ func (c *Client) addOperationGetBucketAccelerateConfigurationMiddlewares(stack *
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addGetBucketAccelerateConfigurationUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
@@ -149,9 +172,22 @@ func (c *Client) addOperationGetBucketAccelerateConfigurationMiddlewares(stack *
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
+	if err = addSerializeImmutableHostnameBucketMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
+func (v *GetBucketAccelerateConfigurationInput) bucket() (string, bool) {
+	if v.Bucket == nil {
+		return "", false
+	}
+	return *v.Bucket, true
+}
+
 func newServiceMetadataMiddleware_opGetBucketAccelerateConfiguration(region string) *awsmiddleware.RegisterServiceMetadata {
 	return &awsmiddleware.RegisterServiceMetadata{
 		Region:        region,
@@ -186,3 +222,139 @@ func addGetBucketAccelerateConfigurationUpdateEndpoint(stack *middleware.Stack,
 		DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
 	})
 }
+
+type opGetBucketAccelerateConfigurationResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opGetBucketAccelerateConfigurationResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opGetBucketAccelerateConfigurationResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	input, ok := in.Parameters.(*GetBucketAccelerateConfigurationInput)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	params.Bucket = input.Bucket
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "s3"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, internalauth.SigV4)
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "s3"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, v4Scheme.Name)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("s3")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			ctx = s3cust.SetSignerVersion(ctx, v4a.Version)
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addGetBucketAccelerateConfigurationResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opGetBucketAccelerateConfigurationResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:                         options.Region,
+			UseFIPS:                        options.EndpointOptions.UseFIPSEndpoint,
+			UseDualStack:                   options.EndpointOptions.UseDualStackEndpoint,
+			Endpoint:                       options.BaseEndpoint,
+			ForcePathStyle:                 options.UsePathStyle,
+			Accelerate:                     options.UseAccelerate,
+			DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
+			UseArnRegion:                   options.UseARNRegion,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketAcl.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketAcl.go
index 610762883..623349519 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketAcl.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketAcl.go
@@ -4,10 +4,16 @@ package s3
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	"github.com/aws/aws-sdk-go-v2/internal/v4a"
 	s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations"
 	"github.com/aws/aws-sdk-go-v2/service/s3/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -16,16 +22,21 @@ import (
 // access control list (ACL) of a bucket. To use GET to return the ACL of the
 // bucket, you must have READ_ACP access to the bucket. If READ_ACP permission is
 // granted to the anonymous user, you can return the ACL of the bucket without
-// using an authorization header. If your bucket uses the bucket owner enforced
-// setting for S3 Object Ownership, requests to read ACLs are still supported and
-// return the bucket-owner-full-control ACL with the owner being the account that
-// created the bucket. For more information, see  Controlling object ownership and
-// disabling ACLs
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html)
-// in the Amazon S3 User Guide. Related Resources
-//
-// * ListObjects
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListObjects.html)
+// using an authorization header. To use this API operation against an access
+// point, provide the alias of the access point in place of the bucket name. To use
+// this API operation against an Object Lambda access point, provide the alias of
+// the Object Lambda access point in place of the bucket name. If the Object Lambda
+// access point alias in a request is not valid, the error code
+// InvalidAccessPointAliasError is returned. For more information about
+// InvalidAccessPointAliasError , see List of Error Codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList)
+// . If your bucket uses the bucket owner enforced setting for S3 Object Ownership,
+// requests to read ACLs are still supported and return the
+// bucket-owner-full-control ACL with the owner being the account that created the
+// bucket. For more information, see Controlling object ownership and disabling
+// ACLs (https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html)
+// in the Amazon S3 User Guide. The following operations are related to
+// GetBucketAcl :
+//   - ListObjects (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListObjects.html)
 func (c *Client) GetBucketAcl(ctx context.Context, params *GetBucketAclInput, optFns ...func(*Options)) (*GetBucketAclOutput, error) {
 	if params == nil {
 		params = &GetBucketAclInput{}
@@ -43,7 +54,14 @@ func (c *Client) GetBucketAcl(ctx context.Context, params *GetBucketAclInput, op
 
 type GetBucketAclInput struct {
 
-	// Specifies the S3 bucket whose ACL is being requested.
+	// Specifies the S3 bucket whose ACL is being requested. To use this API operation
+	// against an access point, provide the alias of the access point in place of the
+	// bucket name. To use this API operation against an Object Lambda access point,
+	// provide the alias of the Object Lambda access point in place of the bucket name.
+	// If the Object Lambda access point alias in a request is not valid, the error
+	// code InvalidAccessPointAliasError is returned. For more information about
+	// InvalidAccessPointAliasError , see List of Error Codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList)
+	// .
 	//
 	// This member is required.
 	Bucket *string
@@ -79,6 +97,9 @@ func (c *Client) addOperationGetBucketAclMiddlewares(stack *middleware.Stack, op
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -106,7 +127,7 @@ func (c *Client) addOperationGetBucketAclMiddlewares(stack *middleware.Stack, op
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -118,6 +139,9 @@ func (c *Client) addOperationGetBucketAclMiddlewares(stack *middleware.Stack, op
 	if err = swapWithCustomHTTPSignerMiddleware(stack, options); err != nil {
 		return err
 	}
+	if err = addGetBucketAclResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpGetBucketAclValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -127,6 +151,9 @@ func (c *Client) addOperationGetBucketAclMiddlewares(stack *middleware.Stack, op
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addGetBucketAclUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
@@ -142,9 +169,22 @@ func (c *Client) addOperationGetBucketAclMiddlewares(stack *middleware.Stack, op
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
+	if err = addSerializeImmutableHostnameBucketMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
+func (v *GetBucketAclInput) bucket() (string, bool) {
+	if v.Bucket == nil {
+		return "", false
+	}
+	return *v.Bucket, true
+}
+
 func newServiceMetadataMiddleware_opGetBucketAcl(region string) *awsmiddleware.RegisterServiceMetadata {
 	return &awsmiddleware.RegisterServiceMetadata{
 		Region:        region,
@@ -179,3 +219,139 @@ func addGetBucketAclUpdateEndpoint(stack *middleware.Stack, options Options) err
 		DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
 	})
 }
+
+type opGetBucketAclResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opGetBucketAclResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opGetBucketAclResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	input, ok := in.Parameters.(*GetBucketAclInput)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	params.Bucket = input.Bucket
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "s3"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, internalauth.SigV4)
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "s3"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, v4Scheme.Name)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("s3")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			ctx = s3cust.SetSignerVersion(ctx, v4a.Version)
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addGetBucketAclResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opGetBucketAclResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:                         options.Region,
+			UseFIPS:                        options.EndpointOptions.UseFIPSEndpoint,
+			UseDualStack:                   options.EndpointOptions.UseDualStackEndpoint,
+			Endpoint:                       options.BaseEndpoint,
+			ForcePathStyle:                 options.UsePathStyle,
+			Accelerate:                     options.UseAccelerate,
+			DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
+			UseArnRegion:                   options.UseARNRegion,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketAnalyticsConfiguration.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketAnalyticsConfiguration.go
index bf2c3be67..bc8b5c31d 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketAnalyticsConfiguration.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketAnalyticsConfiguration.go
@@ -4,10 +4,16 @@ package s3
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	"github.com/aws/aws-sdk-go-v2/internal/v4a"
 	s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations"
 	"github.com/aws/aws-sdk-go-v2/service/s3/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -17,26 +23,15 @@ import (
 // operation, you must have permissions to perform the s3:GetAnalyticsConfiguration
 // action. The bucket owner has this permission by default. The bucket owner can
 // grant this permission to others. For more information about permissions, see
-// Permissions Related to Bucket Subresource Operations
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
-// and Managing Access Permissions to Your Amazon S3 Resources
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html)
+// Permissions Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
+// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html)
 // in the Amazon S3 User Guide. For information about Amazon S3 analytics feature,
-// see Amazon S3 Analytics – Storage Class Analysis
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/analytics-storage-class.html)
-// in the Amazon S3 User Guide. Related Resources
-//
-// *
-// DeleteBucketAnalyticsConfiguration
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketAnalyticsConfiguration.html)
-//
-// *
-// ListBucketAnalyticsConfigurations
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketAnalyticsConfigurations.html)
-//
-// *
-// PutBucketAnalyticsConfiguration
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketAnalyticsConfiguration.html)
+// see Amazon S3 Analytics – Storage Class Analysis (https://docs.aws.amazon.com/AmazonS3/latest/dev/analytics-storage-class.html)
+// in the Amazon S3 User Guide. The following operations are related to
+// GetBucketAnalyticsConfiguration :
+//   - DeleteBucketAnalyticsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketAnalyticsConfiguration.html)
+//   - ListBucketAnalyticsConfigurations (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketAnalyticsConfigurations.html)
+//   - PutBucketAnalyticsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketAnalyticsConfiguration.html)
 func (c *Client) GetBucketAnalyticsConfiguration(ctx context.Context, params *GetBucketAnalyticsConfigurationInput, optFns ...func(*Options)) (*GetBucketAnalyticsConfigurationOutput, error) {
 	if params == nil {
 		params = &GetBucketAnalyticsConfigurationInput{}
@@ -92,6 +87,9 @@ func (c *Client) addOperationGetBucketAnalyticsConfigurationMiddlewares(stack *m
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -119,7 +117,7 @@ func (c *Client) addOperationGetBucketAnalyticsConfigurationMiddlewares(stack *m
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -131,6 +129,9 @@ func (c *Client) addOperationGetBucketAnalyticsConfigurationMiddlewares(stack *m
 	if err = swapWithCustomHTTPSignerMiddleware(stack, options); err != nil {
 		return err
 	}
+	if err = addGetBucketAnalyticsConfigurationResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpGetBucketAnalyticsConfigurationValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -140,6 +141,9 @@ func (c *Client) addOperationGetBucketAnalyticsConfigurationMiddlewares(stack *m
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addGetBucketAnalyticsConfigurationUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
@@ -155,9 +159,22 @@ func (c *Client) addOperationGetBucketAnalyticsConfigurationMiddlewares(stack *m
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
+	if err = addSerializeImmutableHostnameBucketMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
+func (v *GetBucketAnalyticsConfigurationInput) bucket() (string, bool) {
+	if v.Bucket == nil {
+		return "", false
+	}
+	return *v.Bucket, true
+}
+
 func newServiceMetadataMiddleware_opGetBucketAnalyticsConfiguration(region string) *awsmiddleware.RegisterServiceMetadata {
 	return &awsmiddleware.RegisterServiceMetadata{
 		Region:        region,
@@ -192,3 +209,139 @@ func addGetBucketAnalyticsConfigurationUpdateEndpoint(stack *middleware.Stack, o
 		DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
 	})
 }
+
+type opGetBucketAnalyticsConfigurationResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opGetBucketAnalyticsConfigurationResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opGetBucketAnalyticsConfigurationResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	input, ok := in.Parameters.(*GetBucketAnalyticsConfigurationInput)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	params.Bucket = input.Bucket
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "s3"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, internalauth.SigV4)
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "s3"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, v4Scheme.Name)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("s3")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			ctx = s3cust.SetSignerVersion(ctx, v4a.Version)
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addGetBucketAnalyticsConfigurationResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opGetBucketAnalyticsConfigurationResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:                         options.Region,
+			UseFIPS:                        options.EndpointOptions.UseFIPSEndpoint,
+			UseDualStack:                   options.EndpointOptions.UseDualStackEndpoint,
+			Endpoint:                       options.BaseEndpoint,
+			ForcePathStyle:                 options.UsePathStyle,
+			Accelerate:                     options.UseAccelerate,
+			DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
+			UseArnRegion:                   options.UseARNRegion,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketCors.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketCors.go
index 0ed61273a..09437e26a 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketCors.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketCors.go
@@ -4,10 +4,16 @@ package s3
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	"github.com/aws/aws-sdk-go-v2/internal/v4a"
 	s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations"
 	"github.com/aws/aws-sdk-go-v2/service/s3/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -15,17 +21,17 @@ import (
 // Returns the Cross-Origin Resource Sharing (CORS) configuration information set
 // for the bucket. To use this operation, you must have permission to perform the
 // s3:GetBucketCORS action. By default, the bucket owner has this permission and
-// can grant it to others. For more information about CORS, see  Enabling
-// Cross-Origin Resource Sharing
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/cors.html). The following
-// operations are related to GetBucketCors:
-//
-// * PutBucketCors
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketCors.html)
-//
-// *
-// DeleteBucketCors
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketCors.html)
+// can grant it to others. To use this API operation against an access point,
+// provide the alias of the access point in place of the bucket name. To use this
+// API operation against an Object Lambda access point, provide the alias of the
+// Object Lambda access point in place of the bucket name. If the Object Lambda
+// access point alias in a request is not valid, the error code
+// InvalidAccessPointAliasError is returned. For more information about
+// InvalidAccessPointAliasError , see List of Error Codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList)
+// . For more information about CORS, see Enabling Cross-Origin Resource Sharing (https://docs.aws.amazon.com/AmazonS3/latest/dev/cors.html)
+// . The following operations are related to GetBucketCors :
+//   - PutBucketCors (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketCors.html)
+//   - DeleteBucketCors (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketCors.html)
 func (c *Client) GetBucketCors(ctx context.Context, params *GetBucketCorsInput, optFns ...func(*Options)) (*GetBucketCorsOutput, error) {
 	if params == nil {
 		params = &GetBucketCorsInput{}
@@ -43,7 +49,14 @@ func (c *Client) GetBucketCors(ctx context.Context, params *GetBucketCorsInput,
 
 type GetBucketCorsInput struct {
 
-	// The bucket name for which to get the cors configuration.
+	// The bucket name for which to get the cors configuration. To use this API
+	// operation against an access point, provide the alias of the access point in
+	// place of the bucket name. To use this API operation against an Object Lambda
+	// access point, provide the alias of the Object Lambda access point in place of
+	// the bucket name. If the Object Lambda access point alias in a request is not
+	// valid, the error code InvalidAccessPointAliasError is returned. For more
+	// information about InvalidAccessPointAliasError , see List of Error Codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList)
+	// .
 	//
 	// This member is required.
 	Bucket *string
@@ -77,6 +90,9 @@ func (c *Client) addOperationGetBucketCorsMiddlewares(stack *middleware.Stack, o
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -104,7 +120,7 @@ func (c *Client) addOperationGetBucketCorsMiddlewares(stack *middleware.Stack, o
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -116,6 +132,9 @@ func (c *Client) addOperationGetBucketCorsMiddlewares(stack *middleware.Stack, o
 	if err = swapWithCustomHTTPSignerMiddleware(stack, options); err != nil {
 		return err
 	}
+	if err = addGetBucketCorsResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpGetBucketCorsValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -125,6 +144,9 @@ func (c *Client) addOperationGetBucketCorsMiddlewares(stack *middleware.Stack, o
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addGetBucketCorsUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
@@ -140,9 +162,22 @@ func (c *Client) addOperationGetBucketCorsMiddlewares(stack *middleware.Stack, o
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
+	if err = addSerializeImmutableHostnameBucketMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
+func (v *GetBucketCorsInput) bucket() (string, bool) {
+	if v.Bucket == nil {
+		return "", false
+	}
+	return *v.Bucket, true
+}
+
 func newServiceMetadataMiddleware_opGetBucketCors(region string) *awsmiddleware.RegisterServiceMetadata {
 	return &awsmiddleware.RegisterServiceMetadata{
 		Region:        region,
@@ -177,3 +212,139 @@ func addGetBucketCorsUpdateEndpoint(stack *middleware.Stack, options Options) er
 		DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
 	})
 }
+
+type opGetBucketCorsResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opGetBucketCorsResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opGetBucketCorsResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	input, ok := in.Parameters.(*GetBucketCorsInput)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	params.Bucket = input.Bucket
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "s3"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, internalauth.SigV4)
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "s3"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, v4Scheme.Name)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("s3")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			ctx = s3cust.SetSignerVersion(ctx, v4a.Version)
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addGetBucketCorsResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opGetBucketCorsResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:                         options.Region,
+			UseFIPS:                        options.EndpointOptions.UseFIPSEndpoint,
+			UseDualStack:                   options.EndpointOptions.UseDualStackEndpoint,
+			Endpoint:                       options.BaseEndpoint,
+			ForcePathStyle:                 options.UsePathStyle,
+			Accelerate:                     options.UseAccelerate,
+			DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
+			UseArnRegion:                   options.UseARNRegion,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketEncryption.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketEncryption.go
index 7fa92fc5f..b60c5f46a 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketEncryption.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketEncryption.go
@@ -4,37 +4,34 @@ package s3
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	"github.com/aws/aws-sdk-go-v2/internal/v4a"
 	s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations"
 	"github.com/aws/aws-sdk-go-v2/service/s3/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
 
-// Returns the default encryption configuration for an Amazon S3 bucket. If the
-// bucket does not have a default encryption configuration, GetBucketEncryption
-// returns ServerSideEncryptionConfigurationNotFoundError. For information about
-// the Amazon S3 default encryption feature, see Amazon S3 Default Bucket
-// Encryption
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html). To use
-// this operation, you must have permission to perform the
-// s3:GetEncryptionConfiguration action. The bucket owner has this permission by
-// default. The bucket owner can grant this permission to others. For more
-// information about permissions, see Permissions Related to Bucket Subresource
-// Operations
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
-// and Managing Access Permissions to Your Amazon S3 Resources
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html).
-// The following operations are related to GetBucketEncryption:
-//
-// *
-// PutBucketEncryption
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketEncryption.html)
-//
-// *
-// DeleteBucketEncryption
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketEncryption.html)
+// Returns the default encryption configuration for an Amazon S3 bucket. By
+// default, all buckets have a default encryption configuration that uses
+// server-side encryption with Amazon S3 managed keys (SSE-S3). For information
+// about the bucket default encryption feature, see Amazon S3 Bucket Default
+// Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html)
+// in the Amazon S3 User Guide. To use this operation, you must have permission to
+// perform the s3:GetEncryptionConfiguration action. The bucket owner has this
+// permission by default. The bucket owner can grant this permission to others. For
+// more information about permissions, see Permissions Related to Bucket
+// Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
+// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html)
+// . The following operations are related to GetBucketEncryption :
+//   - PutBucketEncryption (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketEncryption.html)
+//   - DeleteBucketEncryption (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketEncryption.html)
 func (c *Client) GetBucketEncryption(ctx context.Context, params *GetBucketEncryptionInput, optFns ...func(*Options)) (*GetBucketEncryptionOutput, error) {
 	if params == nil {
 		params = &GetBucketEncryptionInput{}
@@ -86,6 +83,9 @@ func (c *Client) addOperationGetBucketEncryptionMiddlewares(stack *middleware.St
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -113,7 +113,7 @@ func (c *Client) addOperationGetBucketEncryptionMiddlewares(stack *middleware.St
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -125,6 +125,9 @@ func (c *Client) addOperationGetBucketEncryptionMiddlewares(stack *middleware.St
 	if err = swapWithCustomHTTPSignerMiddleware(stack, options); err != nil {
 		return err
 	}
+	if err = addGetBucketEncryptionResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpGetBucketEncryptionValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -134,6 +137,9 @@ func (c *Client) addOperationGetBucketEncryptionMiddlewares(stack *middleware.St
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addGetBucketEncryptionUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
@@ -149,9 +155,22 @@ func (c *Client) addOperationGetBucketEncryptionMiddlewares(stack *middleware.St
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
+	if err = addSerializeImmutableHostnameBucketMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
+func (v *GetBucketEncryptionInput) bucket() (string, bool) {
+	if v.Bucket == nil {
+		return "", false
+	}
+	return *v.Bucket, true
+}
+
 func newServiceMetadataMiddleware_opGetBucketEncryption(region string) *awsmiddleware.RegisterServiceMetadata {
 	return &awsmiddleware.RegisterServiceMetadata{
 		Region:        region,
@@ -186,3 +205,139 @@ func addGetBucketEncryptionUpdateEndpoint(stack *middleware.Stack, options Optio
 		DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
 	})
 }
+
+type opGetBucketEncryptionResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opGetBucketEncryptionResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opGetBucketEncryptionResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	input, ok := in.Parameters.(*GetBucketEncryptionInput)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	params.Bucket = input.Bucket
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "s3"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, internalauth.SigV4)
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "s3"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, v4Scheme.Name)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("s3")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			ctx = s3cust.SetSignerVersion(ctx, v4a.Version)
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addGetBucketEncryptionResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opGetBucketEncryptionResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:                         options.Region,
+			UseFIPS:                        options.EndpointOptions.UseFIPSEndpoint,
+			UseDualStack:                   options.EndpointOptions.UseDualStackEndpoint,
+			Endpoint:                       options.BaseEndpoint,
+			ForcePathStyle:                 options.UsePathStyle,
+			Accelerate:                     options.UseAccelerate,
+			DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
+			UseArnRegion:                   options.UseARNRegion,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketIntelligentTieringConfiguration.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketIntelligentTieringConfiguration.go
index 70bbb9dfb..259b265bd 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketIntelligentTieringConfiguration.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketIntelligentTieringConfiguration.go
@@ -4,10 +4,16 @@ package s3
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	"github.com/aws/aws-sdk-go-v2/internal/v4a"
 	s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations"
 	"github.com/aws/aws-sdk-go-v2/service/s3/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -25,21 +31,11 @@ import (
 // monitored and not eligible for auto-tiering. Smaller objects can be stored, but
 // they are always charged at the Frequent Access tier rates in the S3
 // Intelligent-Tiering storage class. For more information, see Storage class for
-// automatically optimizing frequently and infrequently accessed objects
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html#sc-dynamic-data-access).
-// Operations related to GetBucketIntelligentTieringConfiguration include:
-//
-// *
-// DeleteBucketIntelligentTieringConfiguration
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketIntelligentTieringConfiguration.html)
-//
-// *
-// PutBucketIntelligentTieringConfiguration
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketIntelligentTieringConfiguration.html)
-//
-// *
-// ListBucketIntelligentTieringConfigurations
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketIntelligentTieringConfigurations.html)
+// automatically optimizing frequently and infrequently accessed objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html#sc-dynamic-data-access)
+// . Operations related to GetBucketIntelligentTieringConfiguration include:
+//   - DeleteBucketIntelligentTieringConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketIntelligentTieringConfiguration.html)
+//   - PutBucketIntelligentTieringConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketIntelligentTieringConfiguration.html)
+//   - ListBucketIntelligentTieringConfigurations (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketIntelligentTieringConfigurations.html)
 func (c *Client) GetBucketIntelligentTieringConfiguration(ctx context.Context, params *GetBucketIntelligentTieringConfigurationInput, optFns ...func(*Options)) (*GetBucketIntelligentTieringConfigurationOutput, error) {
 	if params == nil {
 		params = &GetBucketIntelligentTieringConfigurationInput{}
@@ -91,6 +87,9 @@ func (c *Client) addOperationGetBucketIntelligentTieringConfigurationMiddlewares
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -118,7 +117,7 @@ func (c *Client) addOperationGetBucketIntelligentTieringConfigurationMiddlewares
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -130,6 +129,9 @@ func (c *Client) addOperationGetBucketIntelligentTieringConfigurationMiddlewares
 	if err = swapWithCustomHTTPSignerMiddleware(stack, options); err != nil {
 		return err
 	}
+	if err = addGetBucketIntelligentTieringConfigurationResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpGetBucketIntelligentTieringConfigurationValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -139,6 +141,9 @@ func (c *Client) addOperationGetBucketIntelligentTieringConfigurationMiddlewares
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addGetBucketIntelligentTieringConfigurationUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
@@ -154,9 +159,22 @@ func (c *Client) addOperationGetBucketIntelligentTieringConfigurationMiddlewares
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
+	if err = addSerializeImmutableHostnameBucketMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
+func (v *GetBucketIntelligentTieringConfigurationInput) bucket() (string, bool) {
+	if v.Bucket == nil {
+		return "", false
+	}
+	return *v.Bucket, true
+}
+
 func newServiceMetadataMiddleware_opGetBucketIntelligentTieringConfiguration(region string) *awsmiddleware.RegisterServiceMetadata {
 	return &awsmiddleware.RegisterServiceMetadata{
 		Region:        region,
@@ -191,3 +209,139 @@ func addGetBucketIntelligentTieringConfigurationUpdateEndpoint(stack *middleware
 		DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
 	})
 }
+
+type opGetBucketIntelligentTieringConfigurationResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opGetBucketIntelligentTieringConfigurationResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opGetBucketIntelligentTieringConfigurationResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	input, ok := in.Parameters.(*GetBucketIntelligentTieringConfigurationInput)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	params.Bucket = input.Bucket
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "s3"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, internalauth.SigV4)
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "s3"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, v4Scheme.Name)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("s3")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			ctx = s3cust.SetSignerVersion(ctx, v4a.Version)
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addGetBucketIntelligentTieringConfigurationResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opGetBucketIntelligentTieringConfigurationResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:                         options.Region,
+			UseFIPS:                        options.EndpointOptions.UseFIPSEndpoint,
+			UseDualStack:                   options.EndpointOptions.UseDualStackEndpoint,
+			Endpoint:                       options.BaseEndpoint,
+			ForcePathStyle:                 options.UsePathStyle,
+			Accelerate:                     options.UseAccelerate,
+			DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
+			UseArnRegion:                   options.UseARNRegion,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketInventoryConfiguration.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketInventoryConfiguration.go
index f35a4606c..4863f979c 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketInventoryConfiguration.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketInventoryConfiguration.go
@@ -4,37 +4,31 @@ package s3
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	"github.com/aws/aws-sdk-go-v2/internal/v4a"
 	s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations"
 	"github.com/aws/aws-sdk-go-v2/service/s3/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
 
 // Returns an inventory configuration (identified by the inventory configuration
 // ID) from the bucket. To use this operation, you must have permissions to perform
-// the s3:GetInventoryConfiguration action. The bucket owner has this permission by
-// default and can grant this permission to others. For more information about
-// permissions, see Permissions Related to Bucket Subresource Operations
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
-// and Managing Access Permissions to Your Amazon S3 Resources
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html).
-// For information about the Amazon S3 inventory feature, see Amazon S3 Inventory
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-inventory.html). The
-// following operations are related to GetBucketInventoryConfiguration:
-//
-// *
-// DeleteBucketInventoryConfiguration
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketInventoryConfiguration.html)
-//
-// *
-// ListBucketInventoryConfigurations
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketInventoryConfigurations.html)
-//
-// *
-// PutBucketInventoryConfiguration
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketInventoryConfiguration.html)
+// the s3:GetInventoryConfiguration action. The bucket owner has this permission
+// by default and can grant this permission to others. For more information about
+// permissions, see Permissions Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
+// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html)
+// . For information about the Amazon S3 inventory feature, see Amazon S3 Inventory (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-inventory.html)
+// . The following operations are related to GetBucketInventoryConfiguration :
+//   - DeleteBucketInventoryConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketInventoryConfiguration.html)
+//   - ListBucketInventoryConfigurations (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketInventoryConfigurations.html)
+//   - PutBucketInventoryConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketInventoryConfiguration.html)
 func (c *Client) GetBucketInventoryConfiguration(ctx context.Context, params *GetBucketInventoryConfigurationInput, optFns ...func(*Options)) (*GetBucketInventoryConfigurationOutput, error) {
 	if params == nil {
 		params = &GetBucketInventoryConfigurationInput{}
@@ -90,6 +84,9 @@ func (c *Client) addOperationGetBucketInventoryConfigurationMiddlewares(stack *m
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -117,7 +114,7 @@ func (c *Client) addOperationGetBucketInventoryConfigurationMiddlewares(stack *m
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -129,6 +126,9 @@ func (c *Client) addOperationGetBucketInventoryConfigurationMiddlewares(stack *m
 	if err = swapWithCustomHTTPSignerMiddleware(stack, options); err != nil {
 		return err
 	}
+	if err = addGetBucketInventoryConfigurationResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpGetBucketInventoryConfigurationValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -138,6 +138,9 @@ func (c *Client) addOperationGetBucketInventoryConfigurationMiddlewares(stack *m
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addGetBucketInventoryConfigurationUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
@@ -153,9 +156,22 @@ func (c *Client) addOperationGetBucketInventoryConfigurationMiddlewares(stack *m
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
+	if err = addSerializeImmutableHostnameBucketMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
+func (v *GetBucketInventoryConfigurationInput) bucket() (string, bool) {
+	if v.Bucket == nil {
+		return "", false
+	}
+	return *v.Bucket, true
+}
+
 func newServiceMetadataMiddleware_opGetBucketInventoryConfiguration(region string) *awsmiddleware.RegisterServiceMetadata {
 	return &awsmiddleware.RegisterServiceMetadata{
 		Region:        region,
@@ -190,3 +206,139 @@ func addGetBucketInventoryConfigurationUpdateEndpoint(stack *middleware.Stack, o
 		DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
 	})
 }
+
+type opGetBucketInventoryConfigurationResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opGetBucketInventoryConfigurationResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opGetBucketInventoryConfigurationResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	input, ok := in.Parameters.(*GetBucketInventoryConfigurationInput)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	params.Bucket = input.Bucket
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "s3"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, internalauth.SigV4)
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "s3"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, v4Scheme.Name)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("s3")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			ctx = s3cust.SetSignerVersion(ctx, v4a.Version)
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addGetBucketInventoryConfigurationResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opGetBucketInventoryConfigurationResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:                         options.Region,
+			UseFIPS:                        options.EndpointOptions.UseFIPSEndpoint,
+			UseDualStack:                   options.EndpointOptions.UseDualStackEndpoint,
+			Endpoint:                       options.BaseEndpoint,
+			ForcePathStyle:                 options.UsePathStyle,
+			Accelerate:                     options.UseAccelerate,
+			DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
+			UseArnRegion:                   options.UseARNRegion,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketLifecycleConfiguration.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketLifecycleConfiguration.go
index 5d72d2ebc..da3e47d4b 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketLifecycleConfiguration.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketLifecycleConfiguration.go
@@ -4,59 +4,45 @@ package s3
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	"github.com/aws/aws-sdk-go-v2/internal/v4a"
 	s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations"
 	"github.com/aws/aws-sdk-go-v2/service/s3/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
 
-// Bucket lifecycle configuration now supports specifying a lifecycle rule using an
-// object key name prefix, one or more object tags, or a combination of both.
+// Bucket lifecycle configuration now supports specifying a lifecycle rule using
+// an object key name prefix, one or more object tags, or a combination of both.
 // Accordingly, this section describes the latest API. The response describes the
 // new filter element that you can use to specify a filter to select a subset of
 // objects to which the rule applies. If you are using a previous version of the
 // lifecycle configuration, it still works. For the earlier action, see
-// GetBucketLifecycle
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketLifecycle.html).
-// Returns the lifecycle configuration information set on the bucket. For
-// information about lifecycle configuration, see Object Lifecycle Management
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html). To
-// use this operation, you must have permission to perform the
+// GetBucketLifecycle (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketLifecycle.html)
+// . Returns the lifecycle configuration information set on the bucket. For
+// information about lifecycle configuration, see Object Lifecycle Management (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html)
+// . To use this operation, you must have permission to perform the
 // s3:GetLifecycleConfiguration action. The bucket owner has this permission, by
 // default. The bucket owner can grant this permission to others. For more
 // information about permissions, see Permissions Related to Bucket Subresource
-// Operations
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
-// and Managing Access Permissions to Your Amazon S3 Resources
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html).
-// GetBucketLifecycleConfiguration has the following special error:
+// Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
+// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html)
+// . GetBucketLifecycleConfiguration has the following special error:
+//   - Error code: NoSuchLifecycleConfiguration
+//   - Description: The lifecycle configuration does not exist.
+//   - HTTP Status Code: 404 Not Found
+//   - SOAP Fault Code Prefix: Client
 //
-// * Error code:
-// NoSuchLifecycleConfiguration
-//
-// * Description: The lifecycle configuration does
-// not exist.
-//
-// * HTTP Status Code: 404 Not Found
-//
-// * SOAP Fault Code Prefix:
-// Client
-//
-// The following operations are related to
-// GetBucketLifecycleConfiguration:
-//
-// * GetBucketLifecycle
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketLifecycle.html)
-//
-// *
-// PutBucketLifecycle
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycle.html)
-//
-// *
-// DeleteBucketLifecycle
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketLifecycle.html)
+// The following operations are related to GetBucketLifecycleConfiguration :
+//   - GetBucketLifecycle (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketLifecycle.html)
+//   - PutBucketLifecycle (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycle.html)
+//   - DeleteBucketLifecycle (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketLifecycle.html)
 func (c *Client) GetBucketLifecycleConfiguration(ctx context.Context, params *GetBucketLifecycleConfigurationInput, optFns ...func(*Options)) (*GetBucketLifecycleConfigurationOutput, error) {
 	if params == nil {
 		params = &GetBucketLifecycleConfigurationInput{}
@@ -107,6 +93,9 @@ func (c *Client) addOperationGetBucketLifecycleConfigurationMiddlewares(stack *m
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -134,7 +123,7 @@ func (c *Client) addOperationGetBucketLifecycleConfigurationMiddlewares(stack *m
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -146,6 +135,9 @@ func (c *Client) addOperationGetBucketLifecycleConfigurationMiddlewares(stack *m
 	if err = swapWithCustomHTTPSignerMiddleware(stack, options); err != nil {
 		return err
 	}
+	if err = addGetBucketLifecycleConfigurationResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpGetBucketLifecycleConfigurationValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -155,6 +147,9 @@ func (c *Client) addOperationGetBucketLifecycleConfigurationMiddlewares(stack *m
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addGetBucketLifecycleConfigurationUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
@@ -170,9 +165,22 @@ func (c *Client) addOperationGetBucketLifecycleConfigurationMiddlewares(stack *m
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
+	if err = addSerializeImmutableHostnameBucketMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
+func (v *GetBucketLifecycleConfigurationInput) bucket() (string, bool) {
+	if v.Bucket == nil {
+		return "", false
+	}
+	return *v.Bucket, true
+}
+
 func newServiceMetadataMiddleware_opGetBucketLifecycleConfiguration(region string) *awsmiddleware.RegisterServiceMetadata {
 	return &awsmiddleware.RegisterServiceMetadata{
 		Region:        region,
@@ -207,3 +215,139 @@ func addGetBucketLifecycleConfigurationUpdateEndpoint(stack *middleware.Stack, o
 		DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
 	})
 }
+
+type opGetBucketLifecycleConfigurationResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opGetBucketLifecycleConfigurationResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opGetBucketLifecycleConfigurationResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	input, ok := in.Parameters.(*GetBucketLifecycleConfigurationInput)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	params.Bucket = input.Bucket
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "s3"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, internalauth.SigV4)
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "s3"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, v4Scheme.Name)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("s3")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			ctx = s3cust.SetSignerVersion(ctx, v4a.Version)
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addGetBucketLifecycleConfigurationResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opGetBucketLifecycleConfigurationResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:                         options.Region,
+			UseFIPS:                        options.EndpointOptions.UseFIPSEndpoint,
+			UseDualStack:                   options.EndpointOptions.UseDualStackEndpoint,
+			Endpoint:                       options.BaseEndpoint,
+			ForcePathStyle:                 options.UsePathStyle,
+			Accelerate:                     options.UseAccelerate,
+			DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
+			UseArnRegion:                   options.UseARNRegion,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketLocation.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketLocation.go
index fb8ff30fd..9404b4576 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketLocation.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketLocation.go
@@ -6,13 +6,18 @@ import (
 	"bytes"
 	"context"
 	"encoding/xml"
+	"errors"
 	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	"github.com/aws/aws-sdk-go-v2/internal/v4a"
 	s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations"
 	"github.com/aws/aws-sdk-go-v2/service/s3/types"
 	smithy "github.com/aws/smithy-go"
 	smithyxml "github.com/aws/smithy-go/encoding/xml"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	smithyio "github.com/aws/smithy-go/io"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
@@ -21,19 +26,20 @@ import (
 
 // Returns the Region the bucket resides in. You set the bucket's Region using the
 // LocationConstraint request parameter in a CreateBucket request. For more
-// information, see CreateBucket
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html). To use
-// this implementation of the operation, you must be the bucket owner. To use this
-// API against an access point, provide the alias of the access point in place of
-// the bucket name. The following operations are related to GetBucketLocation:
-//
-// *
-// GetObject
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html)
-//
-// *
-// CreateBucket
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html)
+// information, see CreateBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html)
+// . To use this API operation against an access point, provide the alias of the
+// access point in place of the bucket name. To use this API operation against an
+// Object Lambda access point, provide the alias of the Object Lambda access point
+// in place of the bucket name. If the Object Lambda access point alias in a
+// request is not valid, the error code InvalidAccessPointAliasError is returned.
+// For more information about InvalidAccessPointAliasError , see List of Error
+// Codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList)
+// . We recommend that you use HeadBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_HeadBucket.html)
+// to return the Region that a bucket resides in. For backward compatibility,
+// Amazon S3 continues to support GetBucketLocation. The following operations are
+// related to GetBucketLocation :
+//   - GetObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html)
+//   - CreateBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html)
 func (c *Client) GetBucketLocation(ctx context.Context, params *GetBucketLocationInput, optFns ...func(*Options)) (*GetBucketLocationOutput, error) {
 	if params == nil {
 		params = &GetBucketLocationInput{}
@@ -51,7 +57,14 @@ func (c *Client) GetBucketLocation(ctx context.Context, params *GetBucketLocatio
 
 type GetBucketLocationInput struct {
 
-	// The name of the bucket for which to get the location.
+	// The name of the bucket for which to get the location. To use this API operation
+	// against an access point, provide the alias of the access point in place of the
+	// bucket name. To use this API operation against an Object Lambda access point,
+	// provide the alias of the Object Lambda access point in place of the bucket name.
+	// If the Object Lambda access point alias in a request is not valid, the error
+	// code InvalidAccessPointAliasError is returned. For more information about
+	// InvalidAccessPointAliasError , see List of Error Codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList)
+	// .
 	//
 	// This member is required.
 	Bucket *string
@@ -67,9 +80,8 @@ type GetBucketLocationInput struct {
 type GetBucketLocationOutput struct {
 
 	// Specifies the Region where the bucket resides. For a list of all the Amazon S3
-	// supported location constraints by Region, see Regions and Endpoints
-	// (https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region). Buckets in
-	// Region us-east-1 have a LocationConstraint of null.
+	// supported location constraints by Region, see Regions and Endpoints (https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region)
+	// . Buckets in Region us-east-1 have a LocationConstraint of null .
 	LocationConstraint types.BucketLocationConstraint
 
 	// Metadata pertaining to the operation's result.
@@ -87,6 +99,9 @@ func (c *Client) addOperationGetBucketLocationMiddlewares(stack *middleware.Stac
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -114,7 +129,7 @@ func (c *Client) addOperationGetBucketLocationMiddlewares(stack *middleware.Stac
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -129,6 +144,9 @@ func (c *Client) addOperationGetBucketLocationMiddlewares(stack *middleware.Stac
 	if err = swapWithCustomHTTPSignerMiddleware(stack, options); err != nil {
 		return err
 	}
+	if err = addGetBucketLocationResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpGetBucketLocationValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -138,6 +156,9 @@ func (c *Client) addOperationGetBucketLocationMiddlewares(stack *middleware.Stac
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addGetBucketLocationUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
@@ -153,6 +174,12 @@ func (c *Client) addOperationGetBucketLocationMiddlewares(stack *middleware.Stac
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
+	if err = addSerializeImmutableHostnameBucketMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -212,6 +239,13 @@ func swapDeserializerHelper(stack *middleware.Stack) error {
 	return nil
 }
 
+func (v *GetBucketLocationInput) bucket() (string, bool) {
+	if v.Bucket == nil {
+		return "", false
+	}
+	return *v.Bucket, true
+}
+
 func newServiceMetadataMiddleware_opGetBucketLocation(region string) *awsmiddleware.RegisterServiceMetadata {
 	return &awsmiddleware.RegisterServiceMetadata{
 		Region:        region,
@@ -221,9 +255,9 @@ func newServiceMetadataMiddleware_opGetBucketLocation(region string) *awsmiddlew
 	}
 }
 
-// getGetBucketLocationBucketMember returns a pointer to string denoting a provided
-// bucket member valueand a boolean indicating if the input has a modeled bucket
-// name,
+// getGetBucketLocationBucketMember returns a pointer to string denoting a
+// provided bucket member valueand a boolean indicating if the input has a modeled
+// bucket name,
 func getGetBucketLocationBucketMember(input interface{}) (*string, bool) {
 	in := input.(*GetBucketLocationInput)
 	if in.Bucket == nil {
@@ -246,3 +280,139 @@ func addGetBucketLocationUpdateEndpoint(stack *middleware.Stack, options Options
 		DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
 	})
 }
+
+type opGetBucketLocationResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opGetBucketLocationResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opGetBucketLocationResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	input, ok := in.Parameters.(*GetBucketLocationInput)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	params.Bucket = input.Bucket
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "s3"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, internalauth.SigV4)
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "s3"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, v4Scheme.Name)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("s3")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			ctx = s3cust.SetSignerVersion(ctx, v4a.Version)
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addGetBucketLocationResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opGetBucketLocationResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:                         options.Region,
+			UseFIPS:                        options.EndpointOptions.UseFIPSEndpoint,
+			UseDualStack:                   options.EndpointOptions.UseDualStackEndpoint,
+			Endpoint:                       options.BaseEndpoint,
+			ForcePathStyle:                 options.UsePathStyle,
+			Accelerate:                     options.UseAccelerate,
+			DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
+			UseArnRegion:                   options.UseARNRegion,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketLogging.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketLogging.go
index ca115886d..13c01889c 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketLogging.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketLogging.go
@@ -4,24 +4,25 @@ package s3
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	"github.com/aws/aws-sdk-go-v2/internal/v4a"
 	s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations"
 	"github.com/aws/aws-sdk-go-v2/service/s3/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
 
 // Returns the logging status of a bucket and the permissions users have to view
-// and modify that status. To use GET, you must be the bucket owner. The following
-// operations are related to GetBucketLogging:
-//
-// * CreateBucket
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html)
-//
-// *
-// PutBucketLogging
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLogging.html)
+// and modify that status. The following operations are related to GetBucketLogging
+// :
+//   - CreateBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html)
+//   - PutBucketLogging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLogging.html)
 func (c *Client) GetBucketLogging(ctx context.Context, params *GetBucketLoggingInput, optFns ...func(*Options)) (*GetBucketLoggingOutput, error) {
 	if params == nil {
 		params = &GetBucketLoggingInput{}
@@ -54,10 +55,9 @@ type GetBucketLoggingInput struct {
 
 type GetBucketLoggingOutput struct {
 
-	// Describes where logs are stored and the prefix that Amazon S3 assigns to all log
-	// object keys for a bucket. For more information, see PUT Bucket logging
-	// (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTlogging.html) in
-	// the Amazon S3 API Reference.
+	// Describes where logs are stored and the prefix that Amazon S3 assigns to all
+	// log object keys for a bucket. For more information, see PUT Bucket logging (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTlogging.html)
+	// in the Amazon S3 API Reference.
 	LoggingEnabled *types.LoggingEnabled
 
 	// Metadata pertaining to the operation's result.
@@ -75,6 +75,9 @@ func (c *Client) addOperationGetBucketLoggingMiddlewares(stack *middleware.Stack
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -102,7 +105,7 @@ func (c *Client) addOperationGetBucketLoggingMiddlewares(stack *middleware.Stack
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -114,6 +117,9 @@ func (c *Client) addOperationGetBucketLoggingMiddlewares(stack *middleware.Stack
 	if err = swapWithCustomHTTPSignerMiddleware(stack, options); err != nil {
 		return err
 	}
+	if err = addGetBucketLoggingResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpGetBucketLoggingValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -123,6 +129,9 @@ func (c *Client) addOperationGetBucketLoggingMiddlewares(stack *middleware.Stack
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addGetBucketLoggingUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
@@ -138,9 +147,22 @@ func (c *Client) addOperationGetBucketLoggingMiddlewares(stack *middleware.Stack
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
+	if err = addSerializeImmutableHostnameBucketMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
+func (v *GetBucketLoggingInput) bucket() (string, bool) {
+	if v.Bucket == nil {
+		return "", false
+	}
+	return *v.Bucket, true
+}
+
 func newServiceMetadataMiddleware_opGetBucketLogging(region string) *awsmiddleware.RegisterServiceMetadata {
 	return &awsmiddleware.RegisterServiceMetadata{
 		Region:        region,
@@ -175,3 +197,139 @@ func addGetBucketLoggingUpdateEndpoint(stack *middleware.Stack, options Options)
 		DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
 	})
 }
+
+type opGetBucketLoggingResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opGetBucketLoggingResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opGetBucketLoggingResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	input, ok := in.Parameters.(*GetBucketLoggingInput)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	params.Bucket = input.Bucket
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "s3"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, internalauth.SigV4)
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "s3"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, v4Scheme.Name)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("s3")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			ctx = s3cust.SetSignerVersion(ctx, v4a.Version)
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addGetBucketLoggingResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opGetBucketLoggingResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:                         options.Region,
+			UseFIPS:                        options.EndpointOptions.UseFIPSEndpoint,
+			UseDualStack:                   options.EndpointOptions.UseDualStackEndpoint,
+			Endpoint:                       options.BaseEndpoint,
+			ForcePathStyle:                 options.UsePathStyle,
+			Accelerate:                     options.UseAccelerate,
+			DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
+			UseArnRegion:                   options.UseARNRegion,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketMetricsConfiguration.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketMetricsConfiguration.go
index 22cf389cd..7755975da 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketMetricsConfiguration.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketMetricsConfiguration.go
@@ -4,10 +4,16 @@ package s3
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	"github.com/aws/aws-sdk-go-v2/internal/v4a"
 	s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations"
 	"github.com/aws/aws-sdk-go-v2/service/s3/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -18,30 +24,15 @@ import (
 // s3:GetMetricsConfiguration action. The bucket owner has this permission by
 // default. The bucket owner can grant this permission to others. For more
 // information about permissions, see Permissions Related to Bucket Subresource
-// Operations
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
-// and Managing Access Permissions to Your Amazon S3 Resources
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html).
-// For information about CloudWatch request metrics for Amazon S3, see Monitoring
-// Metrics with Amazon CloudWatch
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/cloudwatch-monitoring.html).
-// The following operations are related to GetBucketMetricsConfiguration:
-//
-// *
-// PutBucketMetricsConfiguration
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketMetricsConfiguration.html)
-//
-// *
-// DeleteBucketMetricsConfiguration
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketMetricsConfiguration.html)
-//
-// *
-// ListBucketMetricsConfigurations
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketMetricsConfigurations.html)
-//
-// *
-// Monitoring Metrics with Amazon CloudWatch
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/cloudwatch-monitoring.html)
+// Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
+// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html)
+// . For information about CloudWatch request metrics for Amazon S3, see
+// Monitoring Metrics with Amazon CloudWatch (https://docs.aws.amazon.com/AmazonS3/latest/dev/cloudwatch-monitoring.html)
+// . The following operations are related to GetBucketMetricsConfiguration :
+//   - PutBucketMetricsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketMetricsConfiguration.html)
+//   - DeleteBucketMetricsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketMetricsConfiguration.html)
+//   - ListBucketMetricsConfigurations (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketMetricsConfigurations.html)
+//   - Monitoring Metrics with Amazon CloudWatch (https://docs.aws.amazon.com/AmazonS3/latest/dev/cloudwatch-monitoring.html)
 func (c *Client) GetBucketMetricsConfiguration(ctx context.Context, params *GetBucketMetricsConfigurationInput, optFns ...func(*Options)) (*GetBucketMetricsConfigurationOutput, error) {
 	if params == nil {
 		params = &GetBucketMetricsConfigurationInput{}
@@ -64,7 +55,8 @@ type GetBucketMetricsConfigurationInput struct {
 	// This member is required.
 	Bucket *string
 
-	// The ID used to identify the metrics configuration.
+	// The ID used to identify the metrics configuration. The ID has a 64 character
+	// limit and can only contain letters, numbers, periods, dashes, and underscores.
 	//
 	// This member is required.
 	Id *string
@@ -97,6 +89,9 @@ func (c *Client) addOperationGetBucketMetricsConfigurationMiddlewares(stack *mid
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -124,7 +119,7 @@ func (c *Client) addOperationGetBucketMetricsConfigurationMiddlewares(stack *mid
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -136,6 +131,9 @@ func (c *Client) addOperationGetBucketMetricsConfigurationMiddlewares(stack *mid
 	if err = swapWithCustomHTTPSignerMiddleware(stack, options); err != nil {
 		return err
 	}
+	if err = addGetBucketMetricsConfigurationResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpGetBucketMetricsConfigurationValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -145,6 +143,9 @@ func (c *Client) addOperationGetBucketMetricsConfigurationMiddlewares(stack *mid
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addGetBucketMetricsConfigurationUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
@@ -160,9 +161,22 @@ func (c *Client) addOperationGetBucketMetricsConfigurationMiddlewares(stack *mid
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
+	if err = addSerializeImmutableHostnameBucketMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
+func (v *GetBucketMetricsConfigurationInput) bucket() (string, bool) {
+	if v.Bucket == nil {
+		return "", false
+	}
+	return *v.Bucket, true
+}
+
 func newServiceMetadataMiddleware_opGetBucketMetricsConfiguration(region string) *awsmiddleware.RegisterServiceMetadata {
 	return &awsmiddleware.RegisterServiceMetadata{
 		Region:        region,
@@ -197,3 +211,139 @@ func addGetBucketMetricsConfigurationUpdateEndpoint(stack *middleware.Stack, opt
 		DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
 	})
 }
+
+type opGetBucketMetricsConfigurationResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opGetBucketMetricsConfigurationResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opGetBucketMetricsConfigurationResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	input, ok := in.Parameters.(*GetBucketMetricsConfigurationInput)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	params.Bucket = input.Bucket
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "s3"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, internalauth.SigV4)
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "s3"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, v4Scheme.Name)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("s3")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			ctx = s3cust.SetSignerVersion(ctx, v4a.Version)
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addGetBucketMetricsConfigurationResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opGetBucketMetricsConfigurationResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:                         options.Region,
+			UseFIPS:                        options.EndpointOptions.UseFIPSEndpoint,
+			UseDualStack:                   options.EndpointOptions.UseDualStackEndpoint,
+			Endpoint:                       options.BaseEndpoint,
+			ForcePathStyle:                 options.UsePathStyle,
+			Accelerate:                     options.UseAccelerate,
+			DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
+			UseArnRegion:                   options.UseARNRegion,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketNotificationConfiguration.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketNotificationConfiguration.go
index cbf103a7f..8d5eeb008 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketNotificationConfiguration.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketNotificationConfiguration.go
@@ -4,10 +4,16 @@ package s3
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	"github.com/aws/aws-sdk-go-v2/internal/v4a"
 	s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations"
 	"github.com/aws/aws-sdk-go-v2/service/s3/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -17,16 +23,18 @@ import (
 // element. By default, you must be the bucket owner to read the notification
 // configuration of a bucket. However, the bucket owner can use a bucket policy to
 // grant permission to other users to read this configuration with the
-// s3:GetBucketNotification permission. For more information about setting and
-// reading the notification configuration on a bucket, see Setting Up Notification
-// of Bucket Events
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html). For
-// more information about bucket policies, see Using Bucket Policies
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-iam-policies.html). The
-// following action is related to GetBucketNotification:
-//
-// * PutBucketNotification
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketNotification.html)
+// s3:GetBucketNotification permission. To use this API operation against an access
+// point, provide the alias of the access point in place of the bucket name. To use
+// this API operation against an Object Lambda access point, provide the alias of
+// the Object Lambda access point in place of the bucket name. If the Object Lambda
+// access point alias in a request is not valid, the error code
+// InvalidAccessPointAliasError is returned. For more information about
+// InvalidAccessPointAliasError , see List of Error Codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList)
+// . For more information about setting and reading the notification configuration
+// on a bucket, see Setting Up Notification of Bucket Events (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html)
+// . For more information about bucket policies, see Using Bucket Policies (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-iam-policies.html)
+// . The following action is related to GetBucketNotification :
+//   - PutBucketNotification (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketNotification.html)
 func (c *Client) GetBucketNotificationConfiguration(ctx context.Context, params *GetBucketNotificationConfigurationInput, optFns ...func(*Options)) (*GetBucketNotificationConfigurationOutput, error) {
 	if params == nil {
 		params = &GetBucketNotificationConfigurationInput{}
@@ -44,7 +52,14 @@ func (c *Client) GetBucketNotificationConfiguration(ctx context.Context, params
 
 type GetBucketNotificationConfigurationInput struct {
 
-	// The name of the bucket for which to get the notification configuration.
+	// The name of the bucket for which to get the notification configuration. To use
+	// this API operation against an access point, provide the alias of the access
+	// point in place of the bucket name. To use this API operation against an Object
+	// Lambda access point, provide the alias of the Object Lambda access point in
+	// place of the bucket name. If the Object Lambda access point alias in a request
+	// is not valid, the error code InvalidAccessPointAliasError is returned. For more
+	// information about InvalidAccessPointAliasError , see List of Error Codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList)
+	// .
 	//
 	// This member is required.
 	Bucket *string
@@ -57,8 +72,8 @@ type GetBucketNotificationConfigurationInput struct {
 	noSmithyDocumentSerde
 }
 
-// A container for specifying the notification configuration of the bucket. If this
-// element is empty, notifications are turned off for the bucket.
+// A container for specifying the notification configuration of the bucket. If
+// this element is empty, notifications are turned off for the bucket.
 type GetBucketNotificationConfigurationOutput struct {
 
 	// Enables delivery of events to Amazon EventBridge.
@@ -68,12 +83,12 @@ type GetBucketNotificationConfigurationOutput struct {
 	// them.
 	LambdaFunctionConfigurations []types.LambdaFunctionConfiguration
 
-	// The Amazon Simple Queue Service queues to publish messages to and the events for
-	// which to publish messages.
+	// The Amazon Simple Queue Service queues to publish messages to and the events
+	// for which to publish messages.
 	QueueConfigurations []types.QueueConfiguration
 
-	// The topic to which notifications are sent and the events for which notifications
-	// are generated.
+	// The topic to which notifications are sent and the events for which
+	// notifications are generated.
 	TopicConfigurations []types.TopicConfiguration
 
 	// Metadata pertaining to the operation's result.
@@ -91,6 +106,9 @@ func (c *Client) addOperationGetBucketNotificationConfigurationMiddlewares(stack
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -118,7 +136,7 @@ func (c *Client) addOperationGetBucketNotificationConfigurationMiddlewares(stack
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -130,6 +148,9 @@ func (c *Client) addOperationGetBucketNotificationConfigurationMiddlewares(stack
 	if err = swapWithCustomHTTPSignerMiddleware(stack, options); err != nil {
 		return err
 	}
+	if err = addGetBucketNotificationConfigurationResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpGetBucketNotificationConfigurationValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -139,6 +160,9 @@ func (c *Client) addOperationGetBucketNotificationConfigurationMiddlewares(stack
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addGetBucketNotificationConfigurationUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
@@ -154,9 +178,22 @@ func (c *Client) addOperationGetBucketNotificationConfigurationMiddlewares(stack
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
+	if err = addSerializeImmutableHostnameBucketMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
+func (v *GetBucketNotificationConfigurationInput) bucket() (string, bool) {
+	if v.Bucket == nil {
+		return "", false
+	}
+	return *v.Bucket, true
+}
+
 func newServiceMetadataMiddleware_opGetBucketNotificationConfiguration(region string) *awsmiddleware.RegisterServiceMetadata {
 	return &awsmiddleware.RegisterServiceMetadata{
 		Region:        region,
@@ -191,3 +228,139 @@ func addGetBucketNotificationConfigurationUpdateEndpoint(stack *middleware.Stack
 		DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
 	})
 }
+
+type opGetBucketNotificationConfigurationResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opGetBucketNotificationConfigurationResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opGetBucketNotificationConfigurationResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	input, ok := in.Parameters.(*GetBucketNotificationConfigurationInput)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	params.Bucket = input.Bucket
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "s3"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, internalauth.SigV4)
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "s3"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, v4Scheme.Name)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("s3")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			ctx = s3cust.SetSignerVersion(ctx, v4a.Version)
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addGetBucketNotificationConfigurationResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opGetBucketNotificationConfigurationResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:                         options.Region,
+			UseFIPS:                        options.EndpointOptions.UseFIPSEndpoint,
+			UseDualStack:                   options.EndpointOptions.UseDualStackEndpoint,
+			Endpoint:                       options.BaseEndpoint,
+			ForcePathStyle:                 options.UsePathStyle,
+			Accelerate:                     options.UseAccelerate,
+			DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
+			UseArnRegion:                   options.UseARNRegion,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketOwnershipControls.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketOwnershipControls.go
index 571c9566c..125c3e14f 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketOwnershipControls.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketOwnershipControls.go
@@ -4,26 +4,27 @@ package s3
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	"github.com/aws/aws-sdk-go-v2/internal/v4a"
 	s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations"
 	"github.com/aws/aws-sdk-go-v2/service/s3/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
 
 // Retrieves OwnershipControls for an Amazon S3 bucket. To use this operation, you
 // must have the s3:GetBucketOwnershipControls permission. For more information
-// about Amazon S3 permissions, see Specifying permissions in a policy
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html).
-// For information about Amazon S3 Object Ownership, see Using Object Ownership
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html).
-// The following operations are related to GetBucketOwnershipControls:
-//
-// *
-// PutBucketOwnershipControls
-//
-// * DeleteBucketOwnershipControls
+// about Amazon S3 permissions, see Specifying permissions in a policy (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html)
+// . For information about Amazon S3 Object Ownership, see Using Object Ownership (https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html)
+// . The following operations are related to GetBucketOwnershipControls :
+//   - PutBucketOwnershipControls
+//   - DeleteBucketOwnershipControls
 func (c *Client) GetBucketOwnershipControls(ctx context.Context, params *GetBucketOwnershipControlsInput, optFns ...func(*Options)) (*GetBucketOwnershipControlsOutput, error) {
 	if params == nil {
 		params = &GetBucketOwnershipControlsInput{}
@@ -75,6 +76,9 @@ func (c *Client) addOperationGetBucketOwnershipControlsMiddlewares(stack *middle
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -102,7 +106,7 @@ func (c *Client) addOperationGetBucketOwnershipControlsMiddlewares(stack *middle
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -114,6 +118,9 @@ func (c *Client) addOperationGetBucketOwnershipControlsMiddlewares(stack *middle
 	if err = swapWithCustomHTTPSignerMiddleware(stack, options); err != nil {
 		return err
 	}
+	if err = addGetBucketOwnershipControlsResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpGetBucketOwnershipControlsValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -123,6 +130,9 @@ func (c *Client) addOperationGetBucketOwnershipControlsMiddlewares(stack *middle
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addGetBucketOwnershipControlsUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
@@ -138,9 +148,22 @@ func (c *Client) addOperationGetBucketOwnershipControlsMiddlewares(stack *middle
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
+	if err = addSerializeImmutableHostnameBucketMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
+func (v *GetBucketOwnershipControlsInput) bucket() (string, bool) {
+	if v.Bucket == nil {
+		return "", false
+	}
+	return *v.Bucket, true
+}
+
 func newServiceMetadataMiddleware_opGetBucketOwnershipControls(region string) *awsmiddleware.RegisterServiceMetadata {
 	return &awsmiddleware.RegisterServiceMetadata{
 		Region:        region,
@@ -150,9 +173,9 @@ func newServiceMetadataMiddleware_opGetBucketOwnershipControls(region string) *a
 	}
 }
 
-// getGetBucketOwnershipControlsBucketMember returns a pointer to string denoting a
-// provided bucket member valueand a boolean indicating if the input has a modeled
-// bucket name,
+// getGetBucketOwnershipControlsBucketMember returns a pointer to string denoting
+// a provided bucket member valueand a boolean indicating if the input has a
+// modeled bucket name,
 func getGetBucketOwnershipControlsBucketMember(input interface{}) (*string, bool) {
 	in := input.(*GetBucketOwnershipControlsInput)
 	if in.Bucket == nil {
@@ -175,3 +198,139 @@ func addGetBucketOwnershipControlsUpdateEndpoint(stack *middleware.Stack, option
 		DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
 	})
 }
+
+type opGetBucketOwnershipControlsResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opGetBucketOwnershipControlsResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opGetBucketOwnershipControlsResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	input, ok := in.Parameters.(*GetBucketOwnershipControlsInput)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	params.Bucket = input.Bucket
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "s3"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, internalauth.SigV4)
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "s3"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, v4Scheme.Name)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("s3")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			ctx = s3cust.SetSignerVersion(ctx, v4a.Version)
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addGetBucketOwnershipControlsResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opGetBucketOwnershipControlsResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:                         options.Region,
+			UseFIPS:                        options.EndpointOptions.UseFIPSEndpoint,
+			UseDualStack:                   options.EndpointOptions.UseDualStackEndpoint,
+			Endpoint:                       options.BaseEndpoint,
+			ForcePathStyle:                 options.UsePathStyle,
+			Accelerate:                     options.UseAccelerate,
+			DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
+			UseArnRegion:                   options.UseARNRegion,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketPolicy.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketPolicy.go
index f16c84cdd..d167fc45b 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketPolicy.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketPolicy.go
@@ -4,9 +4,15 @@ package s3
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	"github.com/aws/aws-sdk-go-v2/internal/v4a"
 	s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -18,16 +24,23 @@ import (
 // If you don't have GetBucketPolicy permissions, Amazon S3 returns a 403 Access
 // Denied error. If you have the correct permissions, but you're not using an
 // identity that belongs to the bucket owner's account, Amazon S3 returns a 405
-// Method Not Allowed error. As a security precaution, the root user of the Amazon
-// Web Services account that owns a bucket can always use this operation, even if
-// the policy explicitly denies the root user the ability to perform this action.
-// For more information about bucket policies, see Using Bucket Policies and User
-// Policies
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-iam-policies.html). The
-// following action is related to GetBucketPolicy:
-//
-// * GetObject
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html)
+// Method Not Allowed error. To ensure that bucket owners don't inadvertently lock
+// themselves out of their own buckets, the root principal in a bucket owner's
+// Amazon Web Services account can perform the GetBucketPolicy , PutBucketPolicy ,
+// and DeleteBucketPolicy API actions, even if their bucket policy explicitly
+// denies the root principal's access. Bucket owner root principals can only be
+// blocked from performing these API actions by VPC endpoint policies and Amazon
+// Web Services Organizations policies. To use this API operation against an access
+// point, provide the alias of the access point in place of the bucket name. To use
+// this API operation against an Object Lambda access point, provide the alias of
+// the Object Lambda access point in place of the bucket name. If the Object Lambda
+// access point alias in a request is not valid, the error code
+// InvalidAccessPointAliasError is returned. For more information about
+// InvalidAccessPointAliasError , see List of Error Codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList)
+// . For more information about bucket policies, see Using Bucket Policies and
+// User Policies (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-iam-policies.html)
+// . The following action is related to GetBucketPolicy :
+//   - GetObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html)
 func (c *Client) GetBucketPolicy(ctx context.Context, params *GetBucketPolicyInput, optFns ...func(*Options)) (*GetBucketPolicyOutput, error) {
 	if params == nil {
 		params = &GetBucketPolicyInput{}
@@ -45,7 +58,14 @@ func (c *Client) GetBucketPolicy(ctx context.Context, params *GetBucketPolicyInp
 
 type GetBucketPolicyInput struct {
 
-	// The bucket name for which to get the bucket policy.
+	// The bucket name for which to get the bucket policy. To use this API operation
+	// against an access point, provide the alias of the access point in place of the
+	// bucket name. To use this API operation against an Object Lambda access point,
+	// provide the alias of the Object Lambda access point in place of the bucket name.
+	// If the Object Lambda access point alias in a request is not valid, the error
+	// code InvalidAccessPointAliasError is returned. For more information about
+	// InvalidAccessPointAliasError , see List of Error Codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList)
+	// .
 	//
 	// This member is required.
 	Bucket *string
@@ -78,6 +98,9 @@ func (c *Client) addOperationGetBucketPolicyMiddlewares(stack *middleware.Stack,
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -105,7 +128,7 @@ func (c *Client) addOperationGetBucketPolicyMiddlewares(stack *middleware.Stack,
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -117,6 +140,9 @@ func (c *Client) addOperationGetBucketPolicyMiddlewares(stack *middleware.Stack,
 	if err = swapWithCustomHTTPSignerMiddleware(stack, options); err != nil {
 		return err
 	}
+	if err = addGetBucketPolicyResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpGetBucketPolicyValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -126,6 +152,9 @@ func (c *Client) addOperationGetBucketPolicyMiddlewares(stack *middleware.Stack,
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addGetBucketPolicyUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
@@ -141,9 +170,22 @@ func (c *Client) addOperationGetBucketPolicyMiddlewares(stack *middleware.Stack,
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
+	if err = addSerializeImmutableHostnameBucketMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
+func (v *GetBucketPolicyInput) bucket() (string, bool) {
+	if v.Bucket == nil {
+		return "", false
+	}
+	return *v.Bucket, true
+}
+
 func newServiceMetadataMiddleware_opGetBucketPolicy(region string) *awsmiddleware.RegisterServiceMetadata {
 	return &awsmiddleware.RegisterServiceMetadata{
 		Region:        region,
@@ -178,3 +220,139 @@ func addGetBucketPolicyUpdateEndpoint(stack *middleware.Stack, options Options)
 		DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
 	})
 }
+
+type opGetBucketPolicyResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opGetBucketPolicyResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opGetBucketPolicyResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	input, ok := in.Parameters.(*GetBucketPolicyInput)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	params.Bucket = input.Bucket
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "s3"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, internalauth.SigV4)
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "s3"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, v4Scheme.Name)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("s3")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			ctx = s3cust.SetSignerVersion(ctx, v4a.Version)
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addGetBucketPolicyResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opGetBucketPolicyResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:                         options.Region,
+			UseFIPS:                        options.EndpointOptions.UseFIPSEndpoint,
+			UseDualStack:                   options.EndpointOptions.UseDualStackEndpoint,
+			Endpoint:                       options.BaseEndpoint,
+			ForcePathStyle:                 options.UsePathStyle,
+			Accelerate:                     options.UseAccelerate,
+			DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
+			UseArnRegion:                   options.UseARNRegion,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketPolicyStatus.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketPolicyStatus.go
index 570f60faa..8229d4f48 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketPolicyStatus.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketPolicyStatus.go
@@ -4,10 +4,16 @@ package s3
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	"github.com/aws/aws-sdk-go-v2/internal/v4a"
 	s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations"
 	"github.com/aws/aws-sdk-go-v2/service/s3/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -15,28 +21,14 @@ import (
 // Retrieves the policy status for an Amazon S3 bucket, indicating whether the
 // bucket is public. In order to use this operation, you must have the
 // s3:GetBucketPolicyStatus permission. For more information about Amazon S3
-// permissions, see Specifying Permissions in a Policy
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html).
-// For more information about when Amazon S3 considers a bucket public, see The
-// Meaning of "Public"
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html#access-control-block-public-access-policy-status).
-// The following operations are related to GetBucketPolicyStatus:
-//
-// * Using Amazon
-// S3 Block Public Access
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html)
-//
-// *
-// GetPublicAccessBlock
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetPublicAccessBlock.html)
-//
-// *
-// PutPublicAccessBlock
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutPublicAccessBlock.html)
-//
-// *
-// DeletePublicAccessBlock
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeletePublicAccessBlock.html)
+// permissions, see Specifying Permissions in a Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html)
+// . For more information about when Amazon S3 considers a bucket public, see The
+// Meaning of "Public" (https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html#access-control-block-public-access-policy-status)
+// . The following operations are related to GetBucketPolicyStatus :
+//   - Using Amazon S3 Block Public Access (https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html)
+//   - GetPublicAccessBlock (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetPublicAccessBlock.html)
+//   - PutPublicAccessBlock (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutPublicAccessBlock.html)
+//   - DeletePublicAccessBlock (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeletePublicAccessBlock.html)
 func (c *Client) GetBucketPolicyStatus(ctx context.Context, params *GetBucketPolicyStatusInput, optFns ...func(*Options)) (*GetBucketPolicyStatusOutput, error) {
 	if params == nil {
 		params = &GetBucketPolicyStatusInput{}
@@ -87,6 +79,9 @@ func (c *Client) addOperationGetBucketPolicyStatusMiddlewares(stack *middleware.
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -114,7 +109,7 @@ func (c *Client) addOperationGetBucketPolicyStatusMiddlewares(stack *middleware.
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -126,6 +121,9 @@ func (c *Client) addOperationGetBucketPolicyStatusMiddlewares(stack *middleware.
 	if err = swapWithCustomHTTPSignerMiddleware(stack, options); err != nil {
 		return err
 	}
+	if err = addGetBucketPolicyStatusResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpGetBucketPolicyStatusValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -135,6 +133,9 @@ func (c *Client) addOperationGetBucketPolicyStatusMiddlewares(stack *middleware.
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addGetBucketPolicyStatusUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
@@ -150,9 +151,22 @@ func (c *Client) addOperationGetBucketPolicyStatusMiddlewares(stack *middleware.
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
+	if err = addSerializeImmutableHostnameBucketMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
+func (v *GetBucketPolicyStatusInput) bucket() (string, bool) {
+	if v.Bucket == nil {
+		return "", false
+	}
+	return *v.Bucket, true
+}
+
 func newServiceMetadataMiddleware_opGetBucketPolicyStatus(region string) *awsmiddleware.RegisterServiceMetadata {
 	return &awsmiddleware.RegisterServiceMetadata{
 		Region:        region,
@@ -187,3 +201,139 @@ func addGetBucketPolicyStatusUpdateEndpoint(stack *middleware.Stack, options Opt
 		DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
 	})
 }
+
+type opGetBucketPolicyStatusResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opGetBucketPolicyStatusResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opGetBucketPolicyStatusResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	input, ok := in.Parameters.(*GetBucketPolicyStatusInput)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	params.Bucket = input.Bucket
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "s3"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, internalauth.SigV4)
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "s3"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, v4Scheme.Name)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("s3")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			ctx = s3cust.SetSignerVersion(ctx, v4a.Version)
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addGetBucketPolicyStatusResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opGetBucketPolicyStatusResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:                         options.Region,
+			UseFIPS:                        options.EndpointOptions.UseFIPSEndpoint,
+			UseDualStack:                   options.EndpointOptions.UseDualStackEndpoint,
+			Endpoint:                       options.BaseEndpoint,
+			ForcePathStyle:                 options.UsePathStyle,
+			Accelerate:                     options.UseAccelerate,
+			DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
+			UseArnRegion:                   options.UseARNRegion,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketReplication.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketReplication.go
index 5d7f3115b..5cf7567ac 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketReplication.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketReplication.go
@@ -4,10 +4,16 @@ package s3
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	"github.com/aws/aws-sdk-go-v2/internal/v4a"
 	s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations"
 	"github.com/aws/aws-sdk-go-v2/service/s3/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -15,26 +21,17 @@ import (
 // Returns the replication configuration of a bucket. It can take a while to
 // propagate the put or delete a replication configuration to all Amazon S3
 // systems. Therefore, a get request soon after put or delete can return a wrong
-// result. For information about replication configuration, see Replication
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication.html) in the Amazon
-// S3 User Guide. This action requires permissions for the
+// result. For information about replication configuration, see Replication (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication.html)
+// in the Amazon S3 User Guide. This action requires permissions for the
 // s3:GetReplicationConfiguration action. For more information about permissions,
-// see Using Bucket Policies and User Policies
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-iam-policies.html). If
-// you include the Filter element in a replication configuration, you must also
-// include the DeleteMarkerReplication and Priority elements. The response also
-// returns those elements. For information about GetBucketReplication errors, see
-// List of replication-related error codes
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ReplicationErrorCodeList)
-// The following operations are related to GetBucketReplication:
-//
-// *
-// PutBucketReplication
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketReplication.html)
-//
-// *
-// DeleteBucketReplication
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketReplication.html)
+// see Using Bucket Policies and User Policies (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-iam-policies.html)
+// . If you include the Filter element in a replication configuration, you must
+// also include the DeleteMarkerReplication and Priority elements. The response
+// also returns those elements. For information about GetBucketReplication errors,
+// see List of replication-related error codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ReplicationErrorCodeList)
+// The following operations are related to GetBucketReplication :
+//   - PutBucketReplication (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketReplication.html)
+//   - DeleteBucketReplication (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketReplication.html)
 func (c *Client) GetBucketReplication(ctx context.Context, params *GetBucketReplicationInput, optFns ...func(*Options)) (*GetBucketReplicationOutput, error) {
 	if params == nil {
 		params = &GetBucketReplicationInput{}
@@ -86,6 +83,9 @@ func (c *Client) addOperationGetBucketReplicationMiddlewares(stack *middleware.S
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -113,7 +113,7 @@ func (c *Client) addOperationGetBucketReplicationMiddlewares(stack *middleware.S
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -125,6 +125,9 @@ func (c *Client) addOperationGetBucketReplicationMiddlewares(stack *middleware.S
 	if err = swapWithCustomHTTPSignerMiddleware(stack, options); err != nil {
 		return err
 	}
+	if err = addGetBucketReplicationResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpGetBucketReplicationValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -134,6 +137,9 @@ func (c *Client) addOperationGetBucketReplicationMiddlewares(stack *middleware.S
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addGetBucketReplicationUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
@@ -149,9 +155,22 @@ func (c *Client) addOperationGetBucketReplicationMiddlewares(stack *middleware.S
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
+	if err = addSerializeImmutableHostnameBucketMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
+func (v *GetBucketReplicationInput) bucket() (string, bool) {
+	if v.Bucket == nil {
+		return "", false
+	}
+	return *v.Bucket, true
+}
+
 func newServiceMetadataMiddleware_opGetBucketReplication(region string) *awsmiddleware.RegisterServiceMetadata {
 	return &awsmiddleware.RegisterServiceMetadata{
 		Region:        region,
@@ -186,3 +205,139 @@ func addGetBucketReplicationUpdateEndpoint(stack *middleware.Stack, options Opti
 		DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
 	})
 }
+
+type opGetBucketReplicationResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opGetBucketReplicationResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opGetBucketReplicationResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	input, ok := in.Parameters.(*GetBucketReplicationInput)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	params.Bucket = input.Bucket
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "s3"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, internalauth.SigV4)
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "s3"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, v4Scheme.Name)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("s3")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			ctx = s3cust.SetSignerVersion(ctx, v4a.Version)
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addGetBucketReplicationResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opGetBucketReplicationResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:                         options.Region,
+			UseFIPS:                        options.EndpointOptions.UseFIPSEndpoint,
+			UseDualStack:                   options.EndpointOptions.UseDualStackEndpoint,
+			Endpoint:                       options.BaseEndpoint,
+			ForcePathStyle:                 options.UsePathStyle,
+			Accelerate:                     options.UseAccelerate,
+			DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
+			UseArnRegion:                   options.UseARNRegion,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketRequestPayment.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketRequestPayment.go
index 45f985b95..14a9883cc 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketRequestPayment.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketRequestPayment.go
@@ -4,22 +4,25 @@ package s3
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	"github.com/aws/aws-sdk-go-v2/internal/v4a"
 	s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations"
 	"github.com/aws/aws-sdk-go-v2/service/s3/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
 
 // Returns the request payment configuration of a bucket. To use this version of
-// the operation, you must be the bucket owner. For more information, see Requester
-// Pays Buckets
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/RequesterPaysBuckets.html). The
-// following operations are related to GetBucketRequestPayment:
-//
-// * ListObjects
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListObjects.html)
+// the operation, you must be the bucket owner. For more information, see
+// Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/RequesterPaysBuckets.html)
+// . The following operations are related to GetBucketRequestPayment :
+//   - ListObjects (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListObjects.html)
 func (c *Client) GetBucketRequestPayment(ctx context.Context, params *GetBucketRequestPaymentInput, optFns ...func(*Options)) (*GetBucketRequestPaymentOutput, error) {
 	if params == nil {
 		params = &GetBucketRequestPaymentInput{}
@@ -70,6 +73,9 @@ func (c *Client) addOperationGetBucketRequestPaymentMiddlewares(stack *middlewar
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -97,7 +103,7 @@ func (c *Client) addOperationGetBucketRequestPaymentMiddlewares(stack *middlewar
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -109,6 +115,9 @@ func (c *Client) addOperationGetBucketRequestPaymentMiddlewares(stack *middlewar
 	if err = swapWithCustomHTTPSignerMiddleware(stack, options); err != nil {
 		return err
 	}
+	if err = addGetBucketRequestPaymentResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpGetBucketRequestPaymentValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -118,6 +127,9 @@ func (c *Client) addOperationGetBucketRequestPaymentMiddlewares(stack *middlewar
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addGetBucketRequestPaymentUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
@@ -133,9 +145,22 @@ func (c *Client) addOperationGetBucketRequestPaymentMiddlewares(stack *middlewar
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
+	if err = addSerializeImmutableHostnameBucketMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
+func (v *GetBucketRequestPaymentInput) bucket() (string, bool) {
+	if v.Bucket == nil {
+		return "", false
+	}
+	return *v.Bucket, true
+}
+
 func newServiceMetadataMiddleware_opGetBucketRequestPayment(region string) *awsmiddleware.RegisterServiceMetadata {
 	return &awsmiddleware.RegisterServiceMetadata{
 		Region:        region,
@@ -170,3 +195,139 @@ func addGetBucketRequestPaymentUpdateEndpoint(stack *middleware.Stack, options O
 		DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
 	})
 }
+
+type opGetBucketRequestPaymentResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opGetBucketRequestPaymentResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opGetBucketRequestPaymentResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	input, ok := in.Parameters.(*GetBucketRequestPaymentInput)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	params.Bucket = input.Bucket
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "s3"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, internalauth.SigV4)
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "s3"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, v4Scheme.Name)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("s3")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			ctx = s3cust.SetSignerVersion(ctx, v4a.Version)
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addGetBucketRequestPaymentResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opGetBucketRequestPaymentResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:                         options.Region,
+			UseFIPS:                        options.EndpointOptions.UseFIPSEndpoint,
+			UseDualStack:                   options.EndpointOptions.UseDualStackEndpoint,
+			Endpoint:                       options.BaseEndpoint,
+			ForcePathStyle:                 options.UsePathStyle,
+			Accelerate:                     options.UseAccelerate,
+			DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
+			UseArnRegion:                   options.UseARNRegion,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketTagging.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketTagging.go
index 816d1b3e7..a2cd2bb66 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketTagging.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketTagging.go
@@ -4,10 +4,16 @@ package s3
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	"github.com/aws/aws-sdk-go-v2/internal/v4a"
 	s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations"
 	"github.com/aws/aws-sdk-go-v2/service/s3/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -16,21 +22,12 @@ import (
 // have permission to perform the s3:GetBucketTagging action. By default, the
 // bucket owner has this permission and can grant this permission to others.
 // GetBucketTagging has the following special error:
+//   - Error code: NoSuchTagSet
+//   - Description: There is no tag set associated with the bucket.
 //
-// * Error code: NoSuchTagSet
-//
-// *
-// Description: There is no tag set associated with the bucket.
-//
-// The following
-// operations are related to GetBucketTagging:
-//
-// * PutBucketTagging
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketTagging.html)
-//
-// *
-// DeleteBucketTagging
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketTagging.html)
+// The following operations are related to GetBucketTagging :
+//   - PutBucketTagging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketTagging.html)
+//   - DeleteBucketTagging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketTagging.html)
 func (c *Client) GetBucketTagging(ctx context.Context, params *GetBucketTaggingInput, optFns ...func(*Options)) (*GetBucketTaggingOutput, error) {
 	if params == nil {
 		params = &GetBucketTaggingInput{}
@@ -83,6 +80,9 @@ func (c *Client) addOperationGetBucketTaggingMiddlewares(stack *middleware.Stack
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -110,7 +110,7 @@ func (c *Client) addOperationGetBucketTaggingMiddlewares(stack *middleware.Stack
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -122,6 +122,9 @@ func (c *Client) addOperationGetBucketTaggingMiddlewares(stack *middleware.Stack
 	if err = swapWithCustomHTTPSignerMiddleware(stack, options); err != nil {
 		return err
 	}
+	if err = addGetBucketTaggingResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpGetBucketTaggingValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -131,6 +134,9 @@ func (c *Client) addOperationGetBucketTaggingMiddlewares(stack *middleware.Stack
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addGetBucketTaggingUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
@@ -146,9 +152,22 @@ func (c *Client) addOperationGetBucketTaggingMiddlewares(stack *middleware.Stack
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
+	if err = addSerializeImmutableHostnameBucketMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
+func (v *GetBucketTaggingInput) bucket() (string, bool) {
+	if v.Bucket == nil {
+		return "", false
+	}
+	return *v.Bucket, true
+}
+
 func newServiceMetadataMiddleware_opGetBucketTagging(region string) *awsmiddleware.RegisterServiceMetadata {
 	return &awsmiddleware.RegisterServiceMetadata{
 		Region:        region,
@@ -183,3 +202,139 @@ func addGetBucketTaggingUpdateEndpoint(stack *middleware.Stack, options Options)
 		DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
 	})
 }
+
+type opGetBucketTaggingResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opGetBucketTaggingResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opGetBucketTaggingResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	input, ok := in.Parameters.(*GetBucketTaggingInput)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	params.Bucket = input.Bucket
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "s3"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, internalauth.SigV4)
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "s3"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, v4Scheme.Name)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("s3")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			ctx = s3cust.SetSignerVersion(ctx, v4a.Version)
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addGetBucketTaggingResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opGetBucketTaggingResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:                         options.Region,
+			UseFIPS:                        options.EndpointOptions.UseFIPSEndpoint,
+			UseDualStack:                   options.EndpointOptions.UseDualStackEndpoint,
+			Endpoint:                       options.BaseEndpoint,
+			ForcePathStyle:                 options.UsePathStyle,
+			Accelerate:                     options.UseAccelerate,
+			DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
+			UseArnRegion:                   options.UseARNRegion,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketVersioning.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketVersioning.go
index 3657bd1ca..3153eaa76 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketVersioning.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketVersioning.go
@@ -4,31 +4,28 @@ package s3
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	"github.com/aws/aws-sdk-go-v2/internal/v4a"
 	s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations"
 	"github.com/aws/aws-sdk-go-v2/service/s3/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
 
 // Returns the versioning state of a bucket. To retrieve the versioning state of a
 // bucket, you must be the bucket owner. This implementation also returns the MFA
-// Delete status of the versioning state. If the MFA Delete status is enabled, the
+// Delete status of the versioning state. If the MFA Delete status is enabled , the
 // bucket owner must use an authentication device to change the versioning state of
-// the bucket. The following operations are related to GetBucketVersioning:
-//
-// *
-// GetObject
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html)
-//
-// *
-// PutObject
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html)
-//
-// *
-// DeleteObject
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObject.html)
+// the bucket. The following operations are related to GetBucketVersioning :
+//   - GetObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html)
+//   - PutObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html)
+//   - DeleteObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObject.html)
 func (c *Client) GetBucketVersioning(ctx context.Context, params *GetBucketVersioningInput, optFns ...func(*Options)) (*GetBucketVersioningOutput, error) {
 	if params == nil {
 		params = &GetBucketVersioningInput{}
@@ -84,6 +81,9 @@ func (c *Client) addOperationGetBucketVersioningMiddlewares(stack *middleware.St
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -111,7 +111,7 @@ func (c *Client) addOperationGetBucketVersioningMiddlewares(stack *middleware.St
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -123,6 +123,9 @@ func (c *Client) addOperationGetBucketVersioningMiddlewares(stack *middleware.St
 	if err = swapWithCustomHTTPSignerMiddleware(stack, options); err != nil {
 		return err
 	}
+	if err = addGetBucketVersioningResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpGetBucketVersioningValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -132,6 +135,9 @@ func (c *Client) addOperationGetBucketVersioningMiddlewares(stack *middleware.St
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addGetBucketVersioningUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
@@ -147,9 +153,22 @@ func (c *Client) addOperationGetBucketVersioningMiddlewares(stack *middleware.St
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
+	if err = addSerializeImmutableHostnameBucketMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
+func (v *GetBucketVersioningInput) bucket() (string, bool) {
+	if v.Bucket == nil {
+		return "", false
+	}
+	return *v.Bucket, true
+}
+
 func newServiceMetadataMiddleware_opGetBucketVersioning(region string) *awsmiddleware.RegisterServiceMetadata {
 	return &awsmiddleware.RegisterServiceMetadata{
 		Region:        region,
@@ -184,3 +203,139 @@ func addGetBucketVersioningUpdateEndpoint(stack *middleware.Stack, options Optio
 		DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
 	})
 }
+
+type opGetBucketVersioningResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opGetBucketVersioningResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opGetBucketVersioningResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	input, ok := in.Parameters.(*GetBucketVersioningInput)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	params.Bucket = input.Bucket
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "s3"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, internalauth.SigV4)
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "s3"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, v4Scheme.Name)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("s3")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			ctx = s3cust.SetSignerVersion(ctx, v4a.Version)
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addGetBucketVersioningResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opGetBucketVersioningResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:                         options.Region,
+			UseFIPS:                        options.EndpointOptions.UseFIPSEndpoint,
+			UseDualStack:                   options.EndpointOptions.UseDualStackEndpoint,
+			Endpoint:                       options.BaseEndpoint,
+			ForcePathStyle:                 options.UsePathStyle,
+			Accelerate:                     options.UseAccelerate,
+			DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
+			UseArnRegion:                   options.UseARNRegion,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketWebsite.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketWebsite.go
index aa866b301..c28296a6c 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketWebsite.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketWebsite.go
@@ -4,30 +4,30 @@ package s3
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	"github.com/aws/aws-sdk-go-v2/internal/v4a"
 	s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations"
 	"github.com/aws/aws-sdk-go-v2/service/s3/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
 
 // Returns the website configuration for a bucket. To host website on Amazon S3,
 // you can configure a bucket as website by adding a website configuration. For
-// more information about hosting websites, see Hosting Websites on Amazon S3
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteHosting.html). This GET
-// action requires the S3:GetBucketWebsite permission. By default, only the bucket
-// owner can read the bucket website configuration. However, bucket owners can
-// allow other users to read the website configuration by writing a bucket policy
-// granting them the S3:GetBucketWebsite permission. The following operations are
-// related to DeleteBucketWebsite:
-//
-// * DeleteBucketWebsite
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketWebsite.html)
-//
-// *
-// PutBucketWebsite
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketWebsite.html)
+// more information about hosting websites, see Hosting Websites on Amazon S3 (https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteHosting.html)
+// . This GET action requires the S3:GetBucketWebsite permission. By default, only
+// the bucket owner can read the bucket website configuration. However, bucket
+// owners can allow other users to read the website configuration by writing a
+// bucket policy granting them the S3:GetBucketWebsite permission. The following
+// operations are related to GetBucketWebsite :
+//   - DeleteBucketWebsite (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketWebsite.html)
+//   - PutBucketWebsite (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketWebsite.html)
 func (c *Client) GetBucketWebsite(ctx context.Context, params *GetBucketWebsiteInput, optFns ...func(*Options)) (*GetBucketWebsiteOutput, error) {
 	if params == nil {
 		params = &GetBucketWebsiteInput{}
@@ -63,7 +63,7 @@ type GetBucketWebsiteOutput struct {
 	// The object key name of the website error document to use for 4XX class errors.
 	ErrorDocument *types.ErrorDocument
 
-	// The name of the index document for the website (for example index.html).
+	// The name of the index document for the website (for example index.html ).
 	IndexDocument *types.IndexDocument
 
 	// Specifies the redirect behavior of all requests to a website endpoint of an
@@ -88,6 +88,9 @@ func (c *Client) addOperationGetBucketWebsiteMiddlewares(stack *middleware.Stack
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -115,7 +118,7 @@ func (c *Client) addOperationGetBucketWebsiteMiddlewares(stack *middleware.Stack
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -127,6 +130,9 @@ func (c *Client) addOperationGetBucketWebsiteMiddlewares(stack *middleware.Stack
 	if err = swapWithCustomHTTPSignerMiddleware(stack, options); err != nil {
 		return err
 	}
+	if err = addGetBucketWebsiteResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpGetBucketWebsiteValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -136,6 +142,9 @@ func (c *Client) addOperationGetBucketWebsiteMiddlewares(stack *middleware.Stack
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addGetBucketWebsiteUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
@@ -151,9 +160,22 @@ func (c *Client) addOperationGetBucketWebsiteMiddlewares(stack *middleware.Stack
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
+	if err = addSerializeImmutableHostnameBucketMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
+func (v *GetBucketWebsiteInput) bucket() (string, bool) {
+	if v.Bucket == nil {
+		return "", false
+	}
+	return *v.Bucket, true
+}
+
 func newServiceMetadataMiddleware_opGetBucketWebsite(region string) *awsmiddleware.RegisterServiceMetadata {
 	return &awsmiddleware.RegisterServiceMetadata{
 		Region:        region,
@@ -188,3 +210,139 @@ func addGetBucketWebsiteUpdateEndpoint(stack *middleware.Stack, options Options)
 		DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
 	})
 }
+
+type opGetBucketWebsiteResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opGetBucketWebsiteResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opGetBucketWebsiteResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	input, ok := in.Parameters.(*GetBucketWebsiteInput)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	params.Bucket = input.Bucket
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "s3"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, internalauth.SigV4)
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "s3"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, v4Scheme.Name)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("s3")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			ctx = s3cust.SetSignerVersion(ctx, v4a.Version)
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addGetBucketWebsiteResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opGetBucketWebsiteResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:                         options.Region,
+			UseFIPS:                        options.EndpointOptions.UseFIPSEndpoint,
+			UseDualStack:                   options.EndpointOptions.UseDualStackEndpoint,
+			Endpoint:                       options.BaseEndpoint,
+			ForcePathStyle:                 options.UsePathStyle,
+			Accelerate:                     options.UseAccelerate,
+			DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
+			UseArnRegion:                   options.UseARNRegion,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObject.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObject.go
index 92c38bed8..e84be49a9 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObject.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObject.go
@@ -4,97 +4,83 @@ package s3
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	"github.com/aws/aws-sdk-go-v2/internal/v4a"
 	internalChecksum "github.com/aws/aws-sdk-go-v2/service/internal/checksum"
 	s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations"
 	"github.com/aws/aws-sdk-go-v2/service/s3/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 	"io"
 	"time"
 )
 
-// Retrieves objects from Amazon S3. To use GET, you must have READ access to the
+// Retrieves objects from Amazon S3. To use GET , you must have READ access to the
 // object. If you grant READ access to the anonymous user, you can return the
 // object without using an authorization header. An Amazon S3 bucket has no
 // directory hierarchy such as you would find in a typical computer file system.
 // You can, however, create a logical hierarchy by using object key names that
-// imply a folder structure. For example, instead of naming an object sample.jpg,
-// you can name it photos/2006/February/sample.jpg. To get an object from such a
+// imply a folder structure. For example, instead of naming an object sample.jpg ,
+// you can name it photos/2006/February/sample.jpg . To get an object from such a
 // logical hierarchy, specify the full key name for the object in the GET
 // operation. For a virtual hosted-style request example, if you have the object
-// photos/2006/February/sample.jpg, specify the resource as
-// /photos/2006/February/sample.jpg. For a path-style request example, if you have
-// the object photos/2006/February/sample.jpg in the bucket named examplebucket,
-// specify the resource as /examplebucket/photos/2006/February/sample.jpg. For more
-// information about request types, see HTTP Host Header Bucket Specification
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/VirtualHosting.html#VirtualHostingSpecifyBucket).
-// For more information about returning the ACL of an object, see GetObjectAcl
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectAcl.html). If the
-// object you are retrieving is stored in the S3 Glacier or S3 Glacier Deep Archive
-// storage class, or S3 Intelligent-Tiering Archive or S3 Intelligent-Tiering Deep
-// Archive tiers, before you can retrieve the object you must first restore a copy
-// using RestoreObject
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_RestoreObject.html).
-// Otherwise, this action returns an InvalidObjectStateError error. For information
-// about restoring archived objects, see Restoring Archived Objects
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/restoring-objects.html).
-// Encryption request headers, like x-amz-server-side-encryption, should not be
-// sent for GET requests if your object uses server-side encryption with KMS keys
-// (SSE-KMS) or server-side encryption with Amazon S3–managed encryption keys
-// (SSE-S3). If your object does use these types of keys, you’ll get an HTTP 400
-// BadRequest error. If you encrypt an object by using server-side encryption with
-// customer-provided encryption keys (SSE-C) when you store the object in Amazon
-// S3, then when you GET the object, you must use the following headers:
+// photos/2006/February/sample.jpg , specify the resource as
+// /photos/2006/February/sample.jpg . For a path-style request example, if you have
+// the object photos/2006/February/sample.jpg in the bucket named examplebucket ,
+// specify the resource as /examplebucket/photos/2006/February/sample.jpg . For
+// more information about request types, see HTTP Host Header Bucket Specification (https://docs.aws.amazon.com/AmazonS3/latest/dev/VirtualHosting.html#VirtualHostingSpecifyBucket)
+// . For more information about returning the ACL of an object, see GetObjectAcl (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectAcl.html)
+// . If the object you are retrieving is stored in the S3 Glacier Flexible
+// Retrieval or S3 Glacier Deep Archive storage class, or S3 Intelligent-Tiering
+// Archive or S3 Intelligent-Tiering Deep Archive tiers, before you can retrieve
+// the object you must first restore a copy using RestoreObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_RestoreObject.html)
+// . Otherwise, this action returns an InvalidObjectState error. For information
+// about restoring archived objects, see Restoring Archived Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/restoring-objects.html)
+// . Encryption request headers, like x-amz-server-side-encryption , should not be
+// sent for GET requests if your object uses server-side encryption with Key
+// Management Service (KMS) keys (SSE-KMS), dual-layer server-side encryption with
+// Amazon Web Services KMS keys (DSSE-KMS), or server-side encryption with Amazon
+// S3 managed encryption keys (SSE-S3). If your object does use these types of
+// keys, you’ll get an HTTP 400 Bad Request error. If you encrypt an object by
+// using server-side encryption with customer-provided encryption keys (SSE-C) when
+// you store the object in Amazon S3, then when you GET the object, you must use
+// the following headers:
+//   - x-amz-server-side-encryption-customer-algorithm
+//   - x-amz-server-side-encryption-customer-key
+//   - x-amz-server-side-encryption-customer-key-MD5
 //
-// *
-// x-amz-server-side-encryption-customer-algorithm
-//
-// *
-// x-amz-server-side-encryption-customer-key
-//
-// *
-// x-amz-server-side-encryption-customer-key-MD5
-//
-// For more information about SSE-C,
-// see Server-Side Encryption (Using Customer-Provided Encryption Keys)
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html).
-// Assuming you have the relevant permission to read object tags, the response also
-// returns the x-amz-tagging-count header that provides the count of number of tags
-// associated with the object. You can use GetObjectTagging
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectTagging.html) to
-// retrieve the tag set associated with an object. Permissions You need the
+// For more information about SSE-C, see Server-Side Encryption (Using
+// Customer-Provided Encryption Keys) (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html)
+// . Assuming you have the relevant permission to read object tags, the response
+// also returns the x-amz-tagging-count header that provides the count of number
+// of tags associated with the object. You can use GetObjectTagging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectTagging.html)
+// to retrieve the tag set associated with an object. Permissions You need the
 // relevant read object (or version) permission for this operation. For more
-// information, see Specifying Permissions in a Policy
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html). If
-// the object you request does not exist, the error Amazon S3 returns depends on
-// whether you also have the s3:ListBucket permission.
-//
-// * If you have the
-// s3:ListBucket permission on the bucket, Amazon S3 will return an HTTP status
-// code 404 ("no such key") error.
-//
-// * If you don’t have the s3:ListBucket
-// permission, Amazon S3 will return an HTTP status code 403 ("access denied")
-// error.
-//
-// Versioning By default, the GET action returns the current version of an
-// object. To return a different version, use the versionId subresource.
-//
-// * If you
-// supply a versionId, you need the s3:GetObjectVersion permission to access a
-// specific version of an object. If you request a specific version, you do not
-// need to have the s3:GetObject permission.
-//
-// * If the current version of the
-// object is a delete marker, Amazon S3 behaves as if the object was deleted and
-// includes x-amz-delete-marker: true in the response.
+// information, see Specifying Permissions in a Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html)
+// . If the object that you request doesn’t exist, the error that Amazon S3 returns
+// depends on whether you also have the s3:ListBucket permission. If you have the
+// s3:ListBucket permission on the bucket, Amazon S3 returns an HTTP status code
+// 404 (Not Found) error. If you don’t have the s3:ListBucket permission, Amazon
+// S3 returns an HTTP status code 403 ("access denied") error. Versioning By
+// default, the GET action returns the current version of an object. To return a
+// different version, use the versionId subresource.
+//   - If you supply a versionId , you need the s3:GetObjectVersion permission to
+//     access a specific version of an object. If you request a specific version, you
+//     do not need to have the s3:GetObject permission. If you request the current
+//     version without a specific version ID, only s3:GetObject permission is
+//     required. s3:GetObjectVersion permission won't be required.
+//   - If the current version of the object is a delete marker, Amazon S3 behaves
+//     as if the object was deleted and includes x-amz-delete-marker: true in the
+//     response.
 //
-// For more information about
-// versioning, see PutBucketVersioning
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketVersioning.html).
-// Overriding Response Header Values There are times when you want to override
+// For more information about versioning, see PutBucketVersioning (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketVersioning.html)
+// . Overriding Response Header Values There are times when you want to override
 // certain response header values in a GET response. For example, you might
 // override the Content-Disposition response header value in your GET request. You
 // can override values for a set of response headers using the following query
@@ -102,44 +88,30 @@ import (
 // that is, when status code 200 OK is returned. The set of headers you can
 // override using these parameters is a subset of the headers that Amazon S3
 // accepts when you create an object. The response headers that you can override
-// for the GET response are Content-Type, Content-Language, Expires, Cache-Control,
-// Content-Disposition, and Content-Encoding. To override these header values in
-// the GET response, you use the following request parameters. You must sign the
-// request, either using an Authorization header or a presigned URL, when using
-// these parameters. They cannot be used with an unsigned (anonymous) request.
-//
-// *
-// response-content-type
-//
-// * response-content-language
-//
-// * response-expires
-//
-// *
-// response-cache-control
-//
-// * response-content-disposition
-//
-// *
-// response-content-encoding
-//
-// Additional Considerations about Request Headers If
-// both of the If-Match and If-Unmodified-Since headers are present in the request
-// as follows: If-Match condition evaluates to true, and; If-Unmodified-Since
-// condition evaluates to false; then, S3 returns 200 OK and the data requested. If
-// both of the If-None-Match and If-Modified-Since headers are present in the
-// request as follows: If-None-Match condition evaluates to false, and;
-// If-Modified-Since condition evaluates to true; then, S3 returns 304 Not Modified
-// response code. For more information about conditional requests, see RFC 7232
-// (https://tools.ietf.org/html/rfc7232). The following operations are related to
-// GetObject:
-//
-// * ListBuckets
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBuckets.html)
+// for the GET response are Content-Type , Content-Language , Expires ,
+// Cache-Control , Content-Disposition , and Content-Encoding . To override these
+// header values in the GET response, you use the following request parameters.
+// You must sign the request, either using an Authorization header or a presigned
+// URL, when using these parameters. They cannot be used with an unsigned
+// (anonymous) request.
+//   - response-content-type
+//   - response-content-language
+//   - response-expires
+//   - response-cache-control
+//   - response-content-disposition
+//   - response-content-encoding
 //
-// *
-// GetObjectAcl
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectAcl.html)
+// Overriding Response Header Values If both of the If-Match and
+// If-Unmodified-Since headers are present in the request as follows: If-Match
+// condition evaluates to true , and; If-Unmodified-Since condition evaluates to
+// false ; then, S3 returns 200 OK and the data requested. If both of the
+// If-None-Match and If-Modified-Since headers are present in the request as
+// follows: If-None-Match condition evaluates to false , and; If-Modified-Since
+// condition evaluates to true ; then, S3 returns 304 Not Modified response code.
+// For more information about conditional requests, see RFC 7232 (https://tools.ietf.org/html/rfc7232)
+// . The following operations are related to GetObject :
+//   - ListBuckets (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBuckets.html)
+//   - GetObjectAcl (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectAcl.html)
 func (c *Client) GetObject(ctx context.Context, params *GetObjectInput, optFns ...func(*Options)) (*GetObjectOutput, error) {
 	if params == nil {
 		params = &GetObjectInput{}
@@ -163,19 +135,17 @@ type GetObjectInput struct {
 	// AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this
 	// action with an access point through the Amazon Web Services SDKs, you provide
 	// the access point ARN in place of the bucket name. For more information about
-	// access point ARNs, see Using access points
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
+	// access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
 	// in the Amazon S3 User Guide. When using an Object Lambda access point the
 	// hostname takes the form
-	// AccessPointName-AccountId.s3-object-lambda.Region.amazonaws.com. When using this
-	// action with Amazon S3 on Outposts, you must direct requests to the S3 on
+	// AccessPointName-AccountId.s3-object-lambda.Region.amazonaws.com. When you use
+	// this action with Amazon S3 on Outposts, you must direct requests to the S3 on
 	// Outposts hostname. The S3 on Outposts hostname takes the form
-	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When using
-	// this action with S3 on Outposts through the Amazon Web Services SDKs, you
-	// provide the Outposts bucket ARN in place of the bucket name. For more
-	// information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) in the
-	// Amazon S3 User Guide.
+	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com . When you
+	// use this action with S3 on Outposts through the Amazon Web Services SDKs, you
+	// provide the Outposts access point ARN in place of the bucket name. For more
+	// information about S3 on Outposts ARNs, see What is S3 on Outposts? (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
+	// in the Amazon S3 User Guide.
 	//
 	// This member is required.
 	Bucket *string
@@ -214,18 +184,18 @@ type GetObjectInput struct {
 	// Useful for downloading just a part of an object.
 	PartNumber int32
 
-	// Downloads the specified range bytes of an object. For more information about the
-	// HTTP Range header, see
-	// https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.35
-	// (https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.35). Amazon S3
-	// doesn't support retrieving multiple ranges of data per GET request.
+	// Downloads the specified range bytes of an object. For more information about
+	// the HTTP Range header, see
+	// https://www.rfc-editor.org/rfc/rfc9110.html#name-range (https://www.rfc-editor.org/rfc/rfc9110.html#name-range)
+	// . Amazon S3 doesn't support retrieving multiple ranges of data per GET request.
 	Range *string
 
 	// Confirms that the requester knows that they will be charged for the request.
-	// Bucket owners need not specify this parameter in their requests. For information
-	// about downloading objects from Requester Pays buckets, see Downloading Objects
-	// in Requester Pays Buckets
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
+	// Bucket owners need not specify this parameter in their requests. If either the
+	// source or destination Amazon S3 bucket has Requester Pays enabled, the requester
+	// will pay for corresponding charges to copy the object. For information about
+	// downloading objects from Requester Pays buckets, see Downloading Objects in
+	// Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
 	// in the Amazon S3 User Guide.
 	RequestPayer types.RequestPayer
 
@@ -251,11 +221,11 @@ type GetObjectInput struct {
 	// AES256).
 	SSECustomerAlgorithm *string
 
-	// Specifies the customer-provided encryption key for Amazon S3 used to encrypt the
-	// data. This value is used to decrypt the object when recovering it and must match
-	// the one used when storing the data. The key must be appropriate for use with the
-	// algorithm specified in the x-amz-server-side-encryption-customer-algorithm
-	// header.
+	// Specifies the customer-provided encryption key for Amazon S3 used to encrypt
+	// the data. This value is used to decrypt the object when recovering it and must
+	// match the one used when storing the data. The key must be appropriate for use
+	// with the algorithm specified in the
+	// x-amz-server-side-encryption-customer-algorithm header.
 	SSECustomerKey *string
 
 	// Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321.
@@ -278,7 +248,7 @@ type GetObjectOutput struct {
 	Body io.ReadCloser
 
 	// Indicates whether the object uses an S3 Bucket Key for server-side encryption
-	// with Amazon Web Services KMS (SSE-KMS).
+	// with Key Management Service (KMS) keys (SSE-KMS).
 	BucketKeyEnabled bool
 
 	// Specifies caching behavior along the request/reply chain.
@@ -287,32 +257,28 @@ type GetObjectOutput struct {
 	// The base64-encoded, 32-bit CRC32 checksum of the object. This will only be
 	// present if it was uploaded with the object. With multipart uploads, this may not
 	// be a checksum value of the object. For more information about how checksums are
-	// calculated with multipart uploads, see  Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
 	// in the Amazon S3 User Guide.
 	ChecksumCRC32 *string
 
 	// The base64-encoded, 32-bit CRC32C checksum of the object. This will only be
 	// present if it was uploaded with the object. With multipart uploads, this may not
 	// be a checksum value of the object. For more information about how checksums are
-	// calculated with multipart uploads, see  Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
 	// in the Amazon S3 User Guide.
 	ChecksumCRC32C *string
 
 	// The base64-encoded, 160-bit SHA-1 digest of the object. This will only be
 	// present if it was uploaded with the object. With multipart uploads, this may not
 	// be a checksum value of the object. For more information about how checksums are
-	// calculated with multipart uploads, see  Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
 	// in the Amazon S3 User Guide.
 	ChecksumSHA1 *string
 
 	// The base64-encoded, 256-bit SHA-256 digest of the object. This will only be
 	// present if it was uploaded with the object. With multipart uploads, this may not
 	// be a checksum value of the object. For more information about how checksums are
-	// calculated with multipart uploads, see  Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
 	// in the Amazon S3 User Guide.
 	ChecksumSHA256 *string
 
@@ -393,22 +359,22 @@ type GetObjectOutput struct {
 	// restored object copy.
 	Restore *string
 
-	// If server-side encryption with a customer-provided encryption key was requested,
-	// the response will include this header confirming the encryption algorithm used.
+	// If server-side encryption with a customer-provided encryption key was
+	// requested, the response will include this header confirming the encryption
+	// algorithm used.
 	SSECustomerAlgorithm *string
 
-	// If server-side encryption with a customer-provided encryption key was requested,
-	// the response will include this header to provide round-trip message integrity
-	// verification of the customer-provided encryption key.
+	// If server-side encryption with a customer-provided encryption key was
+	// requested, the response will include this header to provide round-trip message
+	// integrity verification of the customer-provided encryption key.
 	SSECustomerKeyMD5 *string
 
-	// If present, specifies the ID of the Amazon Web Services Key Management Service
-	// (Amazon Web Services KMS) symmetric customer managed key that was used for the
-	// object.
+	// If present, specifies the ID of the Key Management Service (KMS) symmetric
+	// encryption customer managed key that was used for the object.
 	SSEKMSKeyId *string
 
 	// The server-side encryption algorithm used when storing this object in Amazon S3
-	// (for example, AES256, aws:kms).
+	// (for example, AES256 , aws:kms , aws:kms:dsse ).
 	ServerSideEncryption types.ServerSideEncryption
 
 	// Provides storage class information of the object. Amazon S3 returns this header
@@ -441,6 +407,9 @@ func (c *Client) addOperationGetObjectMiddlewares(stack *middleware.Stack, optio
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -468,7 +437,7 @@ func (c *Client) addOperationGetObjectMiddlewares(stack *middleware.Stack, optio
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -477,6 +446,9 @@ func (c *Client) addOperationGetObjectMiddlewares(stack *middleware.Stack, optio
 	if err = swapWithCustomHTTPSignerMiddleware(stack, options); err != nil {
 		return err
 	}
+	if err = addGetObjectResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpGetObjectValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -486,6 +458,9 @@ func (c *Client) addOperationGetObjectMiddlewares(stack *middleware.Stack, optio
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addGetObjectOutputChecksumMiddlewares(stack, options); err != nil {
 		return err
 	}
@@ -504,9 +479,22 @@ func (c *Client) addOperationGetObjectMiddlewares(stack *middleware.Stack, optio
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
+	if err = addSerializeImmutableHostnameBucketMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
+func (v *GetObjectInput) bucket() (string, bool) {
+	if v.Bucket == nil {
+		return "", false
+	}
+	return *v.Bucket, true
+}
+
 func newServiceMetadataMiddleware_opGetObject(region string) *awsmiddleware.RegisterServiceMetadata {
 	return &awsmiddleware.RegisterServiceMetadata{
 		Region:        region,
@@ -591,3 +579,139 @@ func addGetObjectPayloadAsUnsigned(stack *middleware.Stack, options Options) err
 	v4.RemoveComputePayloadSHA256Middleware(stack)
 	return v4.AddUnsignedPayloadMiddleware(stack)
 }
+
+type opGetObjectResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opGetObjectResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opGetObjectResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	input, ok := in.Parameters.(*GetObjectInput)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	params.Bucket = input.Bucket
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "s3"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, internalauth.SigV4)
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "s3"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, v4Scheme.Name)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("s3")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			ctx = s3cust.SetSignerVersion(ctx, v4a.Version)
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addGetObjectResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opGetObjectResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:                         options.Region,
+			UseFIPS:                        options.EndpointOptions.UseFIPSEndpoint,
+			UseDualStack:                   options.EndpointOptions.UseDualStackEndpoint,
+			Endpoint:                       options.BaseEndpoint,
+			ForcePathStyle:                 options.UsePathStyle,
+			Accelerate:                     options.UseAccelerate,
+			DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
+			UseArnRegion:                   options.UseARNRegion,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObjectAcl.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObjectAcl.go
index 709e62ff7..b6ea63ea0 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObjectAcl.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObjectAcl.go
@@ -4,43 +4,37 @@ package s3
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	"github.com/aws/aws-sdk-go-v2/internal/v4a"
 	s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations"
 	"github.com/aws/aws-sdk-go-v2/service/s3/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
 
 // Returns the access control list (ACL) of an object. To use this operation, you
-// must have s3:GetObjectAcl permissions or READ_ACP access to the object. For more
-// information, see Mapping of ACL permissions and access policy permissions
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/acl-overview.html#acl-access-policy-permission-mapping)
+// must have s3:GetObjectAcl permissions or READ_ACP access to the object. For
+// more information, see Mapping of ACL permissions and access policy permissions (https://docs.aws.amazon.com/AmazonS3/latest/userguide/acl-overview.html#acl-access-policy-permission-mapping)
 // in the Amazon S3 User Guide This action is not supported by Amazon S3 on
-// Outposts. Versioning By default, GET returns ACL information about the current
-// version of an object. To return ACL information about a different version, use
-// the versionId subresource. If your bucket uses the bucket owner enforced setting
-// for S3 Object Ownership, requests to read ACLs are still supported and return
-// the bucket-owner-full-control ACL with the owner being the account that created
-// the bucket. For more information, see  Controlling object ownership and
-// disabling ACLs
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html)
+// Outposts. By default, GET returns ACL information about the current version of
+// an object. To return ACL information about a different version, use the
+// versionId subresource. If your bucket uses the bucket owner enforced setting for
+// S3 Object Ownership, requests to read ACLs are still supported and return the
+// bucket-owner-full-control ACL with the owner being the account that created the
+// bucket. For more information, see Controlling object ownership and disabling
+// ACLs (https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html)
 // in the Amazon S3 User Guide. The following operations are related to
-// GetObjectAcl:
-//
-// * GetObject
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html)
-//
-// *
-// GetObjectAttributes
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectAttributes.html)
-//
-// *
-// DeleteObject
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObject.html)
-//
-// *
-// PutObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html)
+// GetObjectAcl :
+//   - GetObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html)
+//   - GetObjectAttributes (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectAttributes.html)
+//   - DeleteObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObject.html)
+//   - PutObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html)
 func (c *Client) GetObjectAcl(ctx context.Context, params *GetObjectAclInput, optFns ...func(*Options)) (*GetObjectAclOutput, error) {
 	if params == nil {
 		params = &GetObjectAclInput{}
@@ -64,8 +58,7 @@ type GetObjectAclInput struct {
 	// AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this
 	// action with an access point through the Amazon Web Services SDKs, you provide
 	// the access point ARN in place of the bucket name. For more information about
-	// access point ARNs, see Using access points
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
+	// access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
 	// in the Amazon S3 User Guide.
 	//
 	// This member is required.
@@ -82,10 +75,11 @@ type GetObjectAclInput struct {
 	ExpectedBucketOwner *string
 
 	// Confirms that the requester knows that they will be charged for the request.
-	// Bucket owners need not specify this parameter in their requests. For information
-	// about downloading objects from Requester Pays buckets, see Downloading Objects
-	// in Requester Pays Buckets
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
+	// Bucket owners need not specify this parameter in their requests. If either the
+	// source or destination Amazon S3 bucket has Requester Pays enabled, the requester
+	// will pay for corresponding charges to copy the object. For information about
+	// downloading objects from Requester Pays buckets, see Downloading Objects in
+	// Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
 	// in the Amazon S3 User Guide.
 	RequestPayer types.RequestPayer
 
@@ -122,6 +116,9 @@ func (c *Client) addOperationGetObjectAclMiddlewares(stack *middleware.Stack, op
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -149,7 +146,7 @@ func (c *Client) addOperationGetObjectAclMiddlewares(stack *middleware.Stack, op
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -161,6 +158,9 @@ func (c *Client) addOperationGetObjectAclMiddlewares(stack *middleware.Stack, op
 	if err = swapWithCustomHTTPSignerMiddleware(stack, options); err != nil {
 		return err
 	}
+	if err = addGetObjectAclResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpGetObjectAclValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -170,6 +170,9 @@ func (c *Client) addOperationGetObjectAclMiddlewares(stack *middleware.Stack, op
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addGetObjectAclUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
@@ -185,9 +188,22 @@ func (c *Client) addOperationGetObjectAclMiddlewares(stack *middleware.Stack, op
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
+	if err = addSerializeImmutableHostnameBucketMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
+func (v *GetObjectAclInput) bucket() (string, bool) {
+	if v.Bucket == nil {
+		return "", false
+	}
+	return *v.Bucket, true
+}
+
 func newServiceMetadataMiddleware_opGetObjectAcl(region string) *awsmiddleware.RegisterServiceMetadata {
 	return &awsmiddleware.RegisterServiceMetadata{
 		Region:        region,
@@ -222,3 +238,139 @@ func addGetObjectAclUpdateEndpoint(stack *middleware.Stack, options Options) err
 		DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
 	})
 }
+
+type opGetObjectAclResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opGetObjectAclResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opGetObjectAclResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	input, ok := in.Parameters.(*GetObjectAclInput)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	params.Bucket = input.Bucket
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "s3"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, internalauth.SigV4)
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "s3"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, v4Scheme.Name)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("s3")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			ctx = s3cust.SetSignerVersion(ctx, v4a.Version)
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addGetObjectAclResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opGetObjectAclResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:                         options.Region,
+			UseFIPS:                        options.EndpointOptions.UseFIPSEndpoint,
+			UseDualStack:                   options.EndpointOptions.UseDualStackEndpoint,
+			Endpoint:                       options.BaseEndpoint,
+			ForcePathStyle:                 options.UsePathStyle,
+			Accelerate:                     options.UseAccelerate,
+			DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
+			UseArnRegion:                   options.UseARNRegion,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObjectAttributes.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObjectAttributes.go
index fb1683e7d..06b1ac2df 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObjectAttributes.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObjectAttributes.go
@@ -4,10 +4,16 @@ package s3
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	"github.com/aws/aws-sdk-go-v2/internal/v4a"
 	s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations"
 	"github.com/aws/aws-sdk-go-v2/service/s3/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 	"time"
@@ -15,112 +21,64 @@ import (
 
 // Retrieves all the metadata from an object without returning the object itself.
 // This action is useful if you're interested only in an object's metadata. To use
-// GetObjectAttributes, you must have READ access to the object.
-// GetObjectAttributes combines the functionality of GetObjectAcl,
-// GetObjectLegalHold, GetObjectLockConfiguration, GetObjectRetention,
-// GetObjectTagging, HeadObject, and ListParts. All of the data returned with each
-// of those individual calls can be returned with a single call to
-// GetObjectAttributes. If you encrypt an object by using server-side encryption
-// with customer-provided encryption keys (SSE-C) when you store the object in
-// Amazon S3, then when you retrieve the metadata from the object, you must use the
-// following headers:
+// GetObjectAttributes , you must have READ access to the object.
+// GetObjectAttributes combines the functionality of HeadObject and ListParts . All
+// of the data returned with each of those individual calls can be returned with a
+// single call to GetObjectAttributes . If you encrypt an object by using
+// server-side encryption with customer-provided encryption keys (SSE-C) when you
+// store the object in Amazon S3, then when you retrieve the metadata from the
+// object, you must use the following headers:
+//   - x-amz-server-side-encryption-customer-algorithm
+//   - x-amz-server-side-encryption-customer-key
+//   - x-amz-server-side-encryption-customer-key-MD5
 //
-// * x-amz-server-side-encryption-customer-algorithm
-//
-// *
-// x-amz-server-side-encryption-customer-key
-//
-// *
-// x-amz-server-side-encryption-customer-key-MD5
-//
-// For more information about SSE-C,
-// see Server-Side Encryption (Using Customer-Provided Encryption Keys)
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html)
+// For more information about SSE-C, see Server-Side Encryption (Using
+// Customer-Provided Encryption Keys) (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html)
 // in the Amazon S3 User Guide.
+//   - Encryption request headers, such as x-amz-server-side-encryption , should
+//     not be sent for GET requests if your object uses server-side encryption with
+//     Amazon Web Services KMS keys stored in Amazon Web Services Key Management
+//     Service (SSE-KMS) or server-side encryption with Amazon S3 managed keys
+//     (SSE-S3). If your object does use these types of keys, you'll get an HTTP 400
+//     Bad Request error.
+//   - The last modified property in this case is the creation date of the object.
 //
-// * Encryption request headers, such as
-// x-amz-server-side-encryption, should not be sent for GET requests if your object
-// uses server-side encryption with Amazon Web Services KMS keys stored in Amazon
-// Web Services Key Management Service (SSE-KMS) or server-side encryption with
-// Amazon S3 managed encryption keys (SSE-S3). If your object does use these types
-// of keys, you'll get an HTTP 400 Bad Request error.
-//
-// * The last modified property
-// in this case is the creation date of the object.
-//
-// Consider the following when
-// using request headers:
-//
-// * If both of the If-Match and If-Unmodified-Since
-// headers are present in the request as follows, then Amazon S3 returns the HTTP
-// status code 200 OK and the data requested:
-//
-// * If-Match condition evaluates to
-// true.
-//
-// * If-Unmodified-Since condition evaluates to false.
-//
-// * If both of the
-// If-None-Match and If-Modified-Since headers are present in the request as
-// follows, then Amazon S3 returns the HTTP status code 304 Not Modified:
+// Consider the following when using request headers:
+//   - If both of the If-Match and If-Unmodified-Since headers are present in the
+//     request as follows, then Amazon S3 returns the HTTP status code 200 OK and the
+//     data requested:
+//   - If-Match condition evaluates to true .
+//   - If-Unmodified-Since condition evaluates to false .
+//   - If both of the If-None-Match and If-Modified-Since headers are present in
+//     the request as follows, then Amazon S3 returns the HTTP status code 304 Not
+//     Modified :
+//   - If-None-Match condition evaluates to false .
+//   - If-Modified-Since condition evaluates to true .
 //
-// *
-// If-None-Match condition evaluates to false.
-//
-// * If-Modified-Since condition
-// evaluates to true.
-//
-// For more information about conditional requests, see RFC
-// 7232 (https://tools.ietf.org/html/rfc7232). Permissions The permissions that you
-// need to use this operation depend on whether the bucket is versioned. If the
-// bucket is versioned, you need both the s3:GetObjectVersion and
-// s3:GetObjectVersionAttributes permissions for this operation. If the bucket is
-// not versioned, you need the s3:GetObject and s3:GetObjectAttributes permissions.
-// For more information, see Specifying Permissions in a Policy
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html) in
-// the Amazon S3 User Guide. If the object that you request does not exist, the
+// For more information about conditional requests, see RFC 7232 (https://tools.ietf.org/html/rfc7232)
+// . Permissions The permissions that you need to use this operation depend on
+// whether the bucket is versioned. If the bucket is versioned, you need both the
+// s3:GetObjectVersion and s3:GetObjectVersionAttributes permissions for this
+// operation. If the bucket is not versioned, you need the s3:GetObject and
+// s3:GetObjectAttributes permissions. For more information, see Specifying
+// Permissions in a Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html)
+// in the Amazon S3 User Guide. If the object that you request does not exist, the
 // error Amazon S3 returns depends on whether you also have the s3:ListBucket
 // permission.
+//   - If you have the s3:ListBucket permission on the bucket, Amazon S3 returns an
+//     HTTP status code 404 Not Found ("no such key") error.
+//   - If you don't have the s3:ListBucket permission, Amazon S3 returns an HTTP
+//     status code 403 Forbidden ("access denied") error.
 //
-// * If you have the s3:ListBucket permission on the bucket, Amazon S3
-// returns an HTTP status code 404 Not Found ("no such key") error.
-//
-// * If you don't
-// have the s3:ListBucket permission, Amazon S3 returns an HTTP status code 403
-// Forbidden ("access denied") error.
-//
-// The following actions are related to
-// GetObjectAttributes:
-//
-// * GetObject
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html)
-//
-// *
-// GetObjectAcl
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectAcl.html)
-//
-// *
-// GetObjectLegalHold
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectLegalHold.html)
-//
-// *
-// GetObjectLockConfiguration
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectLockConfiguration.html)
-//
-// *
-// GetObjectRetention
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectRetention.html)
-//
-// *
-// GetObjectTagging
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectTagging.html)
-//
-// *
-// HeadObject
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_HeadObject.html)
-//
-// *
-// ListParts (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListParts.html)
+// The following actions are related to GetObjectAttributes :
+//   - GetObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html)
+//   - GetObjectAcl (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectAcl.html)
+//   - GetObjectLegalHold (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectLegalHold.html)
+//   - GetObjectLockConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectLockConfiguration.html)
+//   - GetObjectRetention (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectRetention.html)
+//   - GetObjectTagging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectTagging.html)
+//   - HeadObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_HeadObject.html)
+//   - ListParts (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListParts.html)
 func (c *Client) GetObjectAttributes(ctx context.Context, params *GetObjectAttributesInput, optFns ...func(*Options)) (*GetObjectAttributesOutput, error) {
 	if params == nil {
 		params = &GetObjectAttributesInput{}
@@ -144,17 +102,15 @@ type GetObjectAttributesInput struct {
 	// AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this
 	// action with an access point through the Amazon Web Services SDKs, you provide
 	// the access point ARN in place of the bucket name. For more information about
-	// access point ARNs, see Using access points
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
-	// in the Amazon S3 User Guide. When using this action with Amazon S3 on Outposts,
-	// you must direct requests to the S3 on Outposts hostname. The S3 on Outposts
-	// hostname takes the form
-	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When using
-	// this action with S3 on Outposts through the Amazon Web Services SDKs, you
-	// provide the Outposts bucket ARN in place of the bucket name. For more
-	// information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) in the
-	// Amazon S3 User Guide.
+	// access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
+	// in the Amazon S3 User Guide. When you use this action with Amazon S3 on
+	// Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on
+	// Outposts hostname takes the form
+	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com . When you
+	// use this action with S3 on Outposts through the Amazon Web Services SDKs, you
+	// provide the Outposts access point ARN in place of the bucket name. For more
+	// information about S3 on Outposts ARNs, see What is S3 on Outposts? (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
+	// in the Amazon S3 User Guide.
 	//
 	// This member is required.
 	Bucket *string
@@ -164,8 +120,8 @@ type GetObjectAttributesInput struct {
 	// This member is required.
 	Key *string
 
-	// An XML header that specifies the fields at the root level that you want returned
-	// in the response. Fields that you do not specify are not returned.
+	// Specifies the fields at the root level that you want returned in the response.
+	// Fields that you do not specify are not returned.
 	//
 	// This member is required.
 	ObjectAttributes []types.ObjectAttributes
@@ -178,15 +134,16 @@ type GetObjectAttributesInput struct {
 	// Sets the maximum number of parts to return.
 	MaxParts int32
 
-	// Specifies the part after which listing should begin. Only parts with higher part
-	// numbers will be listed.
+	// Specifies the part after which listing should begin. Only parts with higher
+	// part numbers will be listed.
 	PartNumberMarker *string
 
 	// Confirms that the requester knows that they will be charged for the request.
-	// Bucket owners need not specify this parameter in their requests. For information
-	// about downloading objects from Requester Pays buckets, see Downloading Objects
-	// in Requester Pays Buckets
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
+	// Bucket owners need not specify this parameter in their requests. If either the
+	// source or destination Amazon S3 bucket has Requester Pays enabled, the requester
+	// will pay for corresponding charges to copy the object. For information about
+	// downloading objects from Requester Pays buckets, see Downloading Objects in
+	// Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
 	// in the Amazon S3 User Guide.
 	RequestPayer types.RequestPayer
 
@@ -216,8 +173,8 @@ type GetObjectAttributesOutput struct {
 	// The checksum or digest of the object.
 	Checksum *types.Checksum
 
-	// Specifies whether the object retrieved was (true) or was not (false) a delete
-	// marker. If false, this response header does not appear in the response.
+	// Specifies whether the object retrieved was ( true ) or was not ( false ) a
+	// delete marker. If false , this response header does not appear in the response.
 	DeleteMarker bool
 
 	// An ETag is an opaque identifier assigned by a web server to a specific version
@@ -239,8 +196,8 @@ type GetObjectAttributesOutput struct {
 
 	// Provides the storage class information of the object. Amazon S3 returns this
 	// header for all objects except for S3 Standard storage class objects. For more
-	// information, see Storage Classes
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html).
+	// information, see Storage Classes (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html)
+	// .
 	StorageClass types.StorageClass
 
 	// The version ID of the object.
@@ -261,6 +218,9 @@ func (c *Client) addOperationGetObjectAttributesMiddlewares(stack *middleware.St
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -288,7 +248,7 @@ func (c *Client) addOperationGetObjectAttributesMiddlewares(stack *middleware.St
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -300,6 +260,9 @@ func (c *Client) addOperationGetObjectAttributesMiddlewares(stack *middleware.St
 	if err = swapWithCustomHTTPSignerMiddleware(stack, options); err != nil {
 		return err
 	}
+	if err = addGetObjectAttributesResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpGetObjectAttributesValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -309,6 +272,9 @@ func (c *Client) addOperationGetObjectAttributesMiddlewares(stack *middleware.St
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addGetObjectAttributesUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
@@ -324,9 +290,22 @@ func (c *Client) addOperationGetObjectAttributesMiddlewares(stack *middleware.St
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
+	if err = addSerializeImmutableHostnameBucketMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
+func (v *GetObjectAttributesInput) bucket() (string, bool) {
+	if v.Bucket == nil {
+		return "", false
+	}
+	return *v.Bucket, true
+}
+
 func newServiceMetadataMiddleware_opGetObjectAttributes(region string) *awsmiddleware.RegisterServiceMetadata {
 	return &awsmiddleware.RegisterServiceMetadata{
 		Region:        region,
@@ -361,3 +340,139 @@ func addGetObjectAttributesUpdateEndpoint(stack *middleware.Stack, options Optio
 		DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
 	})
 }
+
+type opGetObjectAttributesResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opGetObjectAttributesResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opGetObjectAttributesResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	input, ok := in.Parameters.(*GetObjectAttributesInput)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	params.Bucket = input.Bucket
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "s3"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, internalauth.SigV4)
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "s3"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, v4Scheme.Name)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("s3")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			ctx = s3cust.SetSignerVersion(ctx, v4a.Version)
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addGetObjectAttributesResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opGetObjectAttributesResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:                         options.Region,
+			UseFIPS:                        options.EndpointOptions.UseFIPSEndpoint,
+			UseDualStack:                   options.EndpointOptions.UseDualStackEndpoint,
+			Endpoint:                       options.BaseEndpoint,
+			ForcePathStyle:                 options.UsePathStyle,
+			Accelerate:                     options.UseAccelerate,
+			DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
+			UseArnRegion:                   options.UseARNRegion,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObjectLegalHold.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObjectLegalHold.go
index a2446ac32..c43441697 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObjectLegalHold.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObjectLegalHold.go
@@ -4,21 +4,25 @@ package s3
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	"github.com/aws/aws-sdk-go-v2/internal/v4a"
 	s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations"
 	"github.com/aws/aws-sdk-go-v2/service/s3/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
 
 // Gets an object's current legal hold status. For more information, see Locking
-// Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html). This
-// action is not supported by Amazon S3 on Outposts. The following action is
-// related to GetObjectLegalHold:
-//
-// * GetObjectAttributes
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectAttributes.html)
+// Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html) .
+// This action is not supported by Amazon S3 on Outposts. The following action is
+// related to GetObjectLegalHold :
+//   - GetObjectAttributes (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectAttributes.html)
 func (c *Client) GetObjectLegalHold(ctx context.Context, params *GetObjectLegalHoldInput, optFns ...func(*Options)) (*GetObjectLegalHoldOutput, error) {
 	if params == nil {
 		params = &GetObjectLegalHoldInput{}
@@ -42,8 +46,7 @@ type GetObjectLegalHoldInput struct {
 	// AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this
 	// action with an access point through the Amazon Web Services SDKs, you provide
 	// the access point ARN in place of the bucket name. For more information about
-	// access point ARNs, see Using access points
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
+	// access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
 	// in the Amazon S3 User Guide.
 	//
 	// This member is required.
@@ -60,10 +63,11 @@ type GetObjectLegalHoldInput struct {
 	ExpectedBucketOwner *string
 
 	// Confirms that the requester knows that they will be charged for the request.
-	// Bucket owners need not specify this parameter in their requests. For information
-	// about downloading objects from Requester Pays buckets, see Downloading Objects
-	// in Requester Pays Buckets
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
+	// Bucket owners need not specify this parameter in their requests. If either the
+	// source or destination Amazon S3 bucket has Requester Pays enabled, the requester
+	// will pay for corresponding charges to copy the object. For information about
+	// downloading objects from Requester Pays buckets, see Downloading Objects in
+	// Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
 	// in the Amazon S3 User Guide.
 	RequestPayer types.RequestPayer
 
@@ -93,6 +97,9 @@ func (c *Client) addOperationGetObjectLegalHoldMiddlewares(stack *middleware.Sta
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -120,7 +127,7 @@ func (c *Client) addOperationGetObjectLegalHoldMiddlewares(stack *middleware.Sta
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -132,6 +139,9 @@ func (c *Client) addOperationGetObjectLegalHoldMiddlewares(stack *middleware.Sta
 	if err = swapWithCustomHTTPSignerMiddleware(stack, options); err != nil {
 		return err
 	}
+	if err = addGetObjectLegalHoldResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpGetObjectLegalHoldValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -141,6 +151,9 @@ func (c *Client) addOperationGetObjectLegalHoldMiddlewares(stack *middleware.Sta
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addGetObjectLegalHoldUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
@@ -156,9 +169,22 @@ func (c *Client) addOperationGetObjectLegalHoldMiddlewares(stack *middleware.Sta
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
+	if err = addSerializeImmutableHostnameBucketMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
+func (v *GetObjectLegalHoldInput) bucket() (string, bool) {
+	if v.Bucket == nil {
+		return "", false
+	}
+	return *v.Bucket, true
+}
+
 func newServiceMetadataMiddleware_opGetObjectLegalHold(region string) *awsmiddleware.RegisterServiceMetadata {
 	return &awsmiddleware.RegisterServiceMetadata{
 		Region:        region,
@@ -193,3 +219,139 @@ func addGetObjectLegalHoldUpdateEndpoint(stack *middleware.Stack, options Option
 		DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
 	})
 }
+
+type opGetObjectLegalHoldResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opGetObjectLegalHoldResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opGetObjectLegalHoldResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	input, ok := in.Parameters.(*GetObjectLegalHoldInput)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	params.Bucket = input.Bucket
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "s3"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, internalauth.SigV4)
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "s3"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, v4Scheme.Name)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("s3")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			ctx = s3cust.SetSignerVersion(ctx, v4a.Version)
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addGetObjectLegalHoldResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opGetObjectLegalHoldResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:                         options.Region,
+			UseFIPS:                        options.EndpointOptions.UseFIPSEndpoint,
+			UseDualStack:                   options.EndpointOptions.UseDualStackEndpoint,
+			Endpoint:                       options.BaseEndpoint,
+			ForcePathStyle:                 options.UsePathStyle,
+			Accelerate:                     options.UseAccelerate,
+			DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
+			UseArnRegion:                   options.UseARNRegion,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObjectLockConfiguration.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObjectLockConfiguration.go
index 91793c133..eb142dada 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObjectLockConfiguration.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObjectLockConfiguration.go
@@ -4,23 +4,25 @@ package s3
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	"github.com/aws/aws-sdk-go-v2/internal/v4a"
 	s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations"
 	"github.com/aws/aws-sdk-go-v2/service/s3/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
 
 // Gets the Object Lock configuration for a bucket. The rule specified in the
 // Object Lock configuration will be applied by default to every new object placed
-// in the specified bucket. For more information, see Locking Objects
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html). The
-// following action is related to GetObjectLockConfiguration:
-//
-// *
-// GetObjectAttributes
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectAttributes.html)
+// in the specified bucket. For more information, see Locking Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html)
+// . The following action is related to GetObjectLockConfiguration :
+//   - GetObjectAttributes (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectAttributes.html)
 func (c *Client) GetObjectLockConfiguration(ctx context.Context, params *GetObjectLockConfigurationInput, optFns ...func(*Options)) (*GetObjectLockConfigurationOutput, error) {
 	if params == nil {
 		params = &GetObjectLockConfigurationInput{}
@@ -38,14 +40,13 @@ func (c *Client) GetObjectLockConfiguration(ctx context.Context, params *GetObje
 
 type GetObjectLockConfigurationInput struct {
 
-	// The bucket whose Object Lock configuration you want to retrieve. When using this
-	// action with an access point, you must direct requests to the access point
+	// The bucket whose Object Lock configuration you want to retrieve. When using
+	// this action with an access point, you must direct requests to the access point
 	// hostname. The access point hostname takes the form
 	// AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this
 	// action with an access point through the Amazon Web Services SDKs, you provide
 	// the access point ARN in place of the bucket name. For more information about
-	// access point ARNs, see Using access points
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
+	// access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
 	// in the Amazon S3 User Guide.
 	//
 	// This member is required.
@@ -79,6 +80,9 @@ func (c *Client) addOperationGetObjectLockConfigurationMiddlewares(stack *middle
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -106,7 +110,7 @@ func (c *Client) addOperationGetObjectLockConfigurationMiddlewares(stack *middle
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -118,6 +122,9 @@ func (c *Client) addOperationGetObjectLockConfigurationMiddlewares(stack *middle
 	if err = swapWithCustomHTTPSignerMiddleware(stack, options); err != nil {
 		return err
 	}
+	if err = addGetObjectLockConfigurationResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpGetObjectLockConfigurationValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -127,6 +134,9 @@ func (c *Client) addOperationGetObjectLockConfigurationMiddlewares(stack *middle
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addGetObjectLockConfigurationUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
@@ -142,9 +152,22 @@ func (c *Client) addOperationGetObjectLockConfigurationMiddlewares(stack *middle
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
+	if err = addSerializeImmutableHostnameBucketMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
+func (v *GetObjectLockConfigurationInput) bucket() (string, bool) {
+	if v.Bucket == nil {
+		return "", false
+	}
+	return *v.Bucket, true
+}
+
 func newServiceMetadataMiddleware_opGetObjectLockConfiguration(region string) *awsmiddleware.RegisterServiceMetadata {
 	return &awsmiddleware.RegisterServiceMetadata{
 		Region:        region,
@@ -154,9 +177,9 @@ func newServiceMetadataMiddleware_opGetObjectLockConfiguration(region string) *a
 	}
 }
 
-// getGetObjectLockConfigurationBucketMember returns a pointer to string denoting a
-// provided bucket member valueand a boolean indicating if the input has a modeled
-// bucket name,
+// getGetObjectLockConfigurationBucketMember returns a pointer to string denoting
+// a provided bucket member valueand a boolean indicating if the input has a
+// modeled bucket name,
 func getGetObjectLockConfigurationBucketMember(input interface{}) (*string, bool) {
 	in := input.(*GetObjectLockConfigurationInput)
 	if in.Bucket == nil {
@@ -179,3 +202,139 @@ func addGetObjectLockConfigurationUpdateEndpoint(stack *middleware.Stack, option
 		DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
 	})
 }
+
+type opGetObjectLockConfigurationResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opGetObjectLockConfigurationResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opGetObjectLockConfigurationResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	input, ok := in.Parameters.(*GetObjectLockConfigurationInput)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	params.Bucket = input.Bucket
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "s3"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, internalauth.SigV4)
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "s3"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, v4Scheme.Name)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("s3")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			ctx = s3cust.SetSignerVersion(ctx, v4a.Version)
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addGetObjectLockConfigurationResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opGetObjectLockConfigurationResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:                         options.Region,
+			UseFIPS:                        options.EndpointOptions.UseFIPSEndpoint,
+			UseDualStack:                   options.EndpointOptions.UseDualStackEndpoint,
+			Endpoint:                       options.BaseEndpoint,
+			ForcePathStyle:                 options.UsePathStyle,
+			Accelerate:                     options.UseAccelerate,
+			DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
+			UseArnRegion:                   options.UseARNRegion,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObjectRetention.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObjectRetention.go
index 33fc04897..278d13522 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObjectRetention.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObjectRetention.go
@@ -4,21 +4,25 @@ package s3
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	"github.com/aws/aws-sdk-go-v2/internal/v4a"
 	s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations"
 	"github.com/aws/aws-sdk-go-v2/service/s3/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
 
 // Retrieves an object's retention settings. For more information, see Locking
-// Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html). This
-// action is not supported by Amazon S3 on Outposts. The following action is
-// related to GetObjectRetention:
-//
-// * GetObjectAttributes
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectAttributes.html)
+// Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html) .
+// This action is not supported by Amazon S3 on Outposts. The following action is
+// related to GetObjectRetention :
+//   - GetObjectAttributes (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectAttributes.html)
 func (c *Client) GetObjectRetention(ctx context.Context, params *GetObjectRetentionInput, optFns ...func(*Options)) (*GetObjectRetentionOutput, error) {
 	if params == nil {
 		params = &GetObjectRetentionInput{}
@@ -42,8 +46,7 @@ type GetObjectRetentionInput struct {
 	// AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this
 	// action with an access point through the Amazon Web Services SDKs, you provide
 	// the access point ARN in place of the bucket name. For more information about
-	// access point ARNs, see Using access points
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
+	// access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
 	// in the Amazon S3 User Guide.
 	//
 	// This member is required.
@@ -60,10 +63,11 @@ type GetObjectRetentionInput struct {
 	ExpectedBucketOwner *string
 
 	// Confirms that the requester knows that they will be charged for the request.
-	// Bucket owners need not specify this parameter in their requests. For information
-	// about downloading objects from Requester Pays buckets, see Downloading Objects
-	// in Requester Pays Buckets
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
+	// Bucket owners need not specify this parameter in their requests. If either the
+	// source or destination Amazon S3 bucket has Requester Pays enabled, the requester
+	// will pay for corresponding charges to copy the object. For information about
+	// downloading objects from Requester Pays buckets, see Downloading Objects in
+	// Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
 	// in the Amazon S3 User Guide.
 	RequestPayer types.RequestPayer
 
@@ -93,6 +97,9 @@ func (c *Client) addOperationGetObjectRetentionMiddlewares(stack *middleware.Sta
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -120,7 +127,7 @@ func (c *Client) addOperationGetObjectRetentionMiddlewares(stack *middleware.Sta
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -132,6 +139,9 @@ func (c *Client) addOperationGetObjectRetentionMiddlewares(stack *middleware.Sta
 	if err = swapWithCustomHTTPSignerMiddleware(stack, options); err != nil {
 		return err
 	}
+	if err = addGetObjectRetentionResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpGetObjectRetentionValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -141,6 +151,9 @@ func (c *Client) addOperationGetObjectRetentionMiddlewares(stack *middleware.Sta
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addGetObjectRetentionUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
@@ -156,9 +169,22 @@ func (c *Client) addOperationGetObjectRetentionMiddlewares(stack *middleware.Sta
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
+	if err = addSerializeImmutableHostnameBucketMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
+func (v *GetObjectRetentionInput) bucket() (string, bool) {
+	if v.Bucket == nil {
+		return "", false
+	}
+	return *v.Bucket, true
+}
+
 func newServiceMetadataMiddleware_opGetObjectRetention(region string) *awsmiddleware.RegisterServiceMetadata {
 	return &awsmiddleware.RegisterServiceMetadata{
 		Region:        region,
@@ -193,3 +219,139 @@ func addGetObjectRetentionUpdateEndpoint(stack *middleware.Stack, options Option
 		DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
 	})
 }
+
+type opGetObjectRetentionResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opGetObjectRetentionResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opGetObjectRetentionResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	input, ok := in.Parameters.(*GetObjectRetentionInput)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	params.Bucket = input.Bucket
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "s3"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, internalauth.SigV4)
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "s3"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, v4Scheme.Name)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("s3")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			ctx = s3cust.SetSignerVersion(ctx, v4a.Version)
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addGetObjectRetentionResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opGetObjectRetentionResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:                         options.Region,
+			UseFIPS:                        options.EndpointOptions.UseFIPSEndpoint,
+			UseDualStack:                   options.EndpointOptions.UseDualStackEndpoint,
+			Endpoint:                       options.BaseEndpoint,
+			ForcePathStyle:                 options.UsePathStyle,
+			Accelerate:                     options.UseAccelerate,
+			DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
+			UseArnRegion:                   options.UseARNRegion,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObjectTagging.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObjectTagging.go
index cec5210c2..14ebf1c4e 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObjectTagging.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObjectTagging.go
@@ -4,36 +4,33 @@ package s3
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	"github.com/aws/aws-sdk-go-v2/internal/v4a"
 	s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations"
 	"github.com/aws/aws-sdk-go-v2/service/s3/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
 
 // Returns the tag-set of an object. You send the GET request against the tagging
 // subresource associated with the object. To use this operation, you must have
-// permission to perform the s3:GetObjectTagging action. By default, the GET action
-// returns information about current version of an object. For a versioned bucket,
-// you can have multiple versions of an object in your bucket. To retrieve tags of
-// any other version, use the versionId query parameter. You also need permission
-// for the s3:GetObjectVersionTagging action. By default, the bucket owner has this
-// permission and can grant this permission to others. For information about the
-// Amazon S3 object tagging feature, see Object Tagging
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-tagging.html). The
-// following actions are related to GetObjectTagging:
-//
-// * DeleteObjectTagging
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObjectTagging.html)
-//
-// *
-// GetObjectAttributes
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectAttributes.html)
-//
-// *
-// PutObjectTagging
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObjectTagging.html)
+// permission to perform the s3:GetObjectTagging action. By default, the GET
+// action returns information about current version of an object. For a versioned
+// bucket, you can have multiple versions of an object in your bucket. To retrieve
+// tags of any other version, use the versionId query parameter. You also need
+// permission for the s3:GetObjectVersionTagging action. By default, the bucket
+// owner has this permission and can grant this permission to others. For
+// information about the Amazon S3 object tagging feature, see Object Tagging (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-tagging.html)
+// . The following actions are related to GetObjectTagging :
+//   - DeleteObjectTagging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObjectTagging.html)
+//   - GetObjectAttributes (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectAttributes.html)
+//   - PutObjectTagging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObjectTagging.html)
 func (c *Client) GetObjectTagging(ctx context.Context, params *GetObjectTaggingInput, optFns ...func(*Options)) (*GetObjectTaggingOutput, error) {
 	if params == nil {
 		params = &GetObjectTaggingInput{}
@@ -57,17 +54,15 @@ type GetObjectTaggingInput struct {
 	// AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this
 	// action with an access point through the Amazon Web Services SDKs, you provide
 	// the access point ARN in place of the bucket name. For more information about
-	// access point ARNs, see Using access points
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
-	// in the Amazon S3 User Guide. When using this action with Amazon S3 on Outposts,
-	// you must direct requests to the S3 on Outposts hostname. The S3 on Outposts
-	// hostname takes the form
-	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When using
-	// this action with S3 on Outposts through the Amazon Web Services SDKs, you
-	// provide the Outposts bucket ARN in place of the bucket name. For more
-	// information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) in the
-	// Amazon S3 User Guide.
+	// access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
+	// in the Amazon S3 User Guide. When you use this action with Amazon S3 on
+	// Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on
+	// Outposts hostname takes the form
+	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com . When you
+	// use this action with S3 on Outposts through the Amazon Web Services SDKs, you
+	// provide the Outposts access point ARN in place of the bucket name. For more
+	// information about S3 on Outposts ARNs, see What is S3 on Outposts? (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
+	// in the Amazon S3 User Guide.
 	//
 	// This member is required.
 	Bucket *string
@@ -83,10 +78,11 @@ type GetObjectTaggingInput struct {
 	ExpectedBucketOwner *string
 
 	// Confirms that the requester knows that they will be charged for the request.
-	// Bucket owners need not specify this parameter in their requests. For information
-	// about downloading objects from Requester Pays buckets, see Downloading Objects
-	// in Requester Pays Buckets
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
+	// Bucket owners need not specify this parameter in their requests. If either the
+	// source or destination Amazon S3 bucket has Requester Pays enabled, the requester
+	// will pay for corresponding charges to copy the object. For information about
+	// downloading objects from Requester Pays buckets, see Downloading Objects in
+	// Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
 	// in the Amazon S3 User Guide.
 	RequestPayer types.RequestPayer
 
@@ -121,6 +117,9 @@ func (c *Client) addOperationGetObjectTaggingMiddlewares(stack *middleware.Stack
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -148,7 +147,7 @@ func (c *Client) addOperationGetObjectTaggingMiddlewares(stack *middleware.Stack
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -160,6 +159,9 @@ func (c *Client) addOperationGetObjectTaggingMiddlewares(stack *middleware.Stack
 	if err = swapWithCustomHTTPSignerMiddleware(stack, options); err != nil {
 		return err
 	}
+	if err = addGetObjectTaggingResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpGetObjectTaggingValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -169,6 +171,9 @@ func (c *Client) addOperationGetObjectTaggingMiddlewares(stack *middleware.Stack
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addGetObjectTaggingUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
@@ -184,9 +189,22 @@ func (c *Client) addOperationGetObjectTaggingMiddlewares(stack *middleware.Stack
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
+	if err = addSerializeImmutableHostnameBucketMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
+func (v *GetObjectTaggingInput) bucket() (string, bool) {
+	if v.Bucket == nil {
+		return "", false
+	}
+	return *v.Bucket, true
+}
+
 func newServiceMetadataMiddleware_opGetObjectTagging(region string) *awsmiddleware.RegisterServiceMetadata {
 	return &awsmiddleware.RegisterServiceMetadata{
 		Region:        region,
@@ -221,3 +239,139 @@ func addGetObjectTaggingUpdateEndpoint(stack *middleware.Stack, options Options)
 		DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
 	})
 }
+
+type opGetObjectTaggingResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opGetObjectTaggingResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opGetObjectTaggingResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	input, ok := in.Parameters.(*GetObjectTaggingInput)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	params.Bucket = input.Bucket
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "s3"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, internalauth.SigV4)
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "s3"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, v4Scheme.Name)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("s3")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			ctx = s3cust.SetSignerVersion(ctx, v4a.Version)
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addGetObjectTaggingResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opGetObjectTaggingResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:                         options.Region,
+			UseFIPS:                        options.EndpointOptions.UseFIPSEndpoint,
+			UseDualStack:                   options.EndpointOptions.UseDualStackEndpoint,
+			Endpoint:                       options.BaseEndpoint,
+			ForcePathStyle:                 options.UsePathStyle,
+			Accelerate:                     options.UseAccelerate,
+			DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
+			UseArnRegion:                   options.UseARNRegion,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObjectTorrent.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObjectTorrent.go
index fa71442c2..dd06c1bde 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObjectTorrent.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObjectTorrent.go
@@ -4,27 +4,28 @@ package s3
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	"github.com/aws/aws-sdk-go-v2/internal/v4a"
 	s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations"
 	"github.com/aws/aws-sdk-go-v2/service/s3/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 	"io"
 )
 
 // Returns torrent files from a bucket. BitTorrent can save you bandwidth when
-// you're distributing large files. For more information about BitTorrent, see
-// Using BitTorrent with Amazon S3
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/S3Torrent.html). You can get
-// torrent only for objects that are less than 5 GB in size, and that are not
-// encrypted using server-side encryption with a customer-provided encryption key.
-// To use GET, you must have READ access to the object. This action is not
-// supported by Amazon S3 on Outposts. The following action is related to
-// GetObjectTorrent:
-//
-// * GetObject
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html)
+// you're distributing large files. You can get torrent only for objects that are
+// less than 5 GB in size, and that are not encrypted using server-side encryption
+// with a customer-provided encryption key. To use GET, you must have READ access
+// to the object. This action is not supported by Amazon S3 on Outposts. The
+// following action is related to GetObjectTorrent :
+//   - GetObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html)
 func (c *Client) GetObjectTorrent(ctx context.Context, params *GetObjectTorrentInput, optFns ...func(*Options)) (*GetObjectTorrentOutput, error) {
 	if params == nil {
 		params = &GetObjectTorrentInput{}
@@ -58,10 +59,11 @@ type GetObjectTorrentInput struct {
 	ExpectedBucketOwner *string
 
 	// Confirms that the requester knows that they will be charged for the request.
-	// Bucket owners need not specify this parameter in their requests. For information
-	// about downloading objects from Requester Pays buckets, see Downloading Objects
-	// in Requester Pays Buckets
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
+	// Bucket owners need not specify this parameter in their requests. If either the
+	// source or destination Amazon S3 bucket has Requester Pays enabled, the requester
+	// will pay for corresponding charges to copy the object. For information about
+	// downloading objects from Requester Pays buckets, see Downloading Objects in
+	// Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
 	// in the Amazon S3 User Guide.
 	RequestPayer types.RequestPayer
 
@@ -92,6 +94,9 @@ func (c *Client) addOperationGetObjectTorrentMiddlewares(stack *middleware.Stack
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -119,7 +124,7 @@ func (c *Client) addOperationGetObjectTorrentMiddlewares(stack *middleware.Stack
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -128,6 +133,9 @@ func (c *Client) addOperationGetObjectTorrentMiddlewares(stack *middleware.Stack
 	if err = swapWithCustomHTTPSignerMiddleware(stack, options); err != nil {
 		return err
 	}
+	if err = addGetObjectTorrentResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpGetObjectTorrentValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -137,6 +145,9 @@ func (c *Client) addOperationGetObjectTorrentMiddlewares(stack *middleware.Stack
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addGetObjectTorrentUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
@@ -152,9 +163,22 @@ func (c *Client) addOperationGetObjectTorrentMiddlewares(stack *middleware.Stack
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
+	if err = addSerializeImmutableHostnameBucketMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
+func (v *GetObjectTorrentInput) bucket() (string, bool) {
+	if v.Bucket == nil {
+		return "", false
+	}
+	return *v.Bucket, true
+}
+
 func newServiceMetadataMiddleware_opGetObjectTorrent(region string) *awsmiddleware.RegisterServiceMetadata {
 	return &awsmiddleware.RegisterServiceMetadata{
 		Region:        region,
@@ -189,3 +213,139 @@ func addGetObjectTorrentUpdateEndpoint(stack *middleware.Stack, options Options)
 		DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
 	})
 }
+
+type opGetObjectTorrentResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opGetObjectTorrentResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opGetObjectTorrentResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	input, ok := in.Parameters.(*GetObjectTorrentInput)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	params.Bucket = input.Bucket
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "s3"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, internalauth.SigV4)
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "s3"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, v4Scheme.Name)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("s3")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			ctx = s3cust.SetSignerVersion(ctx, v4a.Version)
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addGetObjectTorrentResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opGetObjectTorrentResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:                         options.Region,
+			UseFIPS:                        options.EndpointOptions.UseFIPSEndpoint,
+			UseDualStack:                   options.EndpointOptions.UseDualStackEndpoint,
+			Endpoint:                       options.BaseEndpoint,
+			ForcePathStyle:                 options.UsePathStyle,
+			Accelerate:                     options.UseAccelerate,
+			DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
+			UseArnRegion:                   options.UseARNRegion,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetPublicAccessBlock.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetPublicAccessBlock.go
index eb42c7d27..cd09834c0 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetPublicAccessBlock.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetPublicAccessBlock.go
@@ -4,10 +4,16 @@ package s3
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	"github.com/aws/aws-sdk-go-v2/internal/v4a"
 	s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations"
 	"github.com/aws/aws-sdk-go-v2/service/s3/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -15,33 +21,19 @@ import (
 // Retrieves the PublicAccessBlock configuration for an Amazon S3 bucket. To use
 // this operation, you must have the s3:GetBucketPublicAccessBlock permission. For
 // more information about Amazon S3 permissions, see Specifying Permissions in a
-// Policy
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html).
-// When Amazon S3 evaluates the PublicAccessBlock configuration for a bucket or an
-// object, it checks the PublicAccessBlock configuration for both the bucket (or
-// the bucket that contains the object) and the bucket owner's account. If the
+// Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html)
+// . When Amazon S3 evaluates the PublicAccessBlock configuration for a bucket or
+// an object, it checks the PublicAccessBlock configuration for both the bucket
+// (or the bucket that contains the object) and the bucket owner's account. If the
 // PublicAccessBlock settings are different between the bucket and the account,
 // Amazon S3 uses the most restrictive combination of the bucket-level and
 // account-level settings. For more information about when Amazon S3 considers a
-// bucket or an object public, see The Meaning of "Public"
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html#access-control-block-public-access-policy-status).
-// The following operations are related to GetPublicAccessBlock:
-//
-// * Using Amazon S3
-// Block Public Access
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html)
-//
-// *
-// PutPublicAccessBlock
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutPublicAccessBlock.html)
-//
-// *
-// GetPublicAccessBlock
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetPublicAccessBlock.html)
-//
-// *
-// DeletePublicAccessBlock
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeletePublicAccessBlock.html)
+// bucket or an object public, see The Meaning of "Public" (https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html#access-control-block-public-access-policy-status)
+// . The following operations are related to GetPublicAccessBlock :
+//   - Using Amazon S3 Block Public Access (https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html)
+//   - PutPublicAccessBlock (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutPublicAccessBlock.html)
+//   - GetPublicAccessBlock (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetPublicAccessBlock.html)
+//   - DeletePublicAccessBlock (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeletePublicAccessBlock.html)
 func (c *Client) GetPublicAccessBlock(ctx context.Context, params *GetPublicAccessBlockInput, optFns ...func(*Options)) (*GetPublicAccessBlockOutput, error) {
 	if params == nil {
 		params = &GetPublicAccessBlockInput{}
@@ -94,6 +86,9 @@ func (c *Client) addOperationGetPublicAccessBlockMiddlewares(stack *middleware.S
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -121,7 +116,7 @@ func (c *Client) addOperationGetPublicAccessBlockMiddlewares(stack *middleware.S
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -133,6 +128,9 @@ func (c *Client) addOperationGetPublicAccessBlockMiddlewares(stack *middleware.S
 	if err = swapWithCustomHTTPSignerMiddleware(stack, options); err != nil {
 		return err
 	}
+	if err = addGetPublicAccessBlockResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpGetPublicAccessBlockValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -142,6 +140,9 @@ func (c *Client) addOperationGetPublicAccessBlockMiddlewares(stack *middleware.S
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addGetPublicAccessBlockUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
@@ -157,9 +158,22 @@ func (c *Client) addOperationGetPublicAccessBlockMiddlewares(stack *middleware.S
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
+	if err = addSerializeImmutableHostnameBucketMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
+func (v *GetPublicAccessBlockInput) bucket() (string, bool) {
+	if v.Bucket == nil {
+		return "", false
+	}
+	return *v.Bucket, true
+}
+
 func newServiceMetadataMiddleware_opGetPublicAccessBlock(region string) *awsmiddleware.RegisterServiceMetadata {
 	return &awsmiddleware.RegisterServiceMetadata{
 		Region:        region,
@@ -194,3 +208,139 @@ func addGetPublicAccessBlockUpdateEndpoint(stack *middleware.Stack, options Opti
 		DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
 	})
 }
+
+type opGetPublicAccessBlockResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opGetPublicAccessBlockResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opGetPublicAccessBlockResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	input, ok := in.Parameters.(*GetPublicAccessBlockInput)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	params.Bucket = input.Bucket
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "s3"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, internalauth.SigV4)
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "s3"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, v4Scheme.Name)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("s3")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			ctx = s3cust.SetSignerVersion(ctx, v4a.Version)
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addGetPublicAccessBlockResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opGetPublicAccessBlockResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:                         options.Region,
+			UseFIPS:                        options.EndpointOptions.UseFIPSEndpoint,
+			UseDualStack:                   options.EndpointOptions.UseDualStackEndpoint,
+			Endpoint:                       options.BaseEndpoint,
+			ForcePathStyle:                 options.UsePathStyle,
+			Accelerate:                     options.UseAccelerate,
+			DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
+			UseArnRegion:                   options.UseARNRegion,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_HeadBucket.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_HeadBucket.go
index c3d9a16f2..a65218224 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_HeadBucket.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_HeadBucket.go
@@ -6,10 +6,14 @@ import (
 	"context"
 	"errors"
 	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	"github.com/aws/aws-sdk-go-v2/internal/v4a"
 	s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations"
 	"github.com/aws/aws-sdk-go-v2/service/s3/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithytime "github.com/aws/smithy-go/time"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
@@ -17,27 +21,30 @@ import (
 	"time"
 )
 
-// This action is useful to determine if a bucket exists and you have permission to
-// access it. The action returns a 200 OK if the bucket exists and you have
+// This action is useful to determine if a bucket exists and you have permission
+// to access it. The action returns a 200 OK if the bucket exists and you have
 // permission to access it. If the bucket does not exist or you do not have
-// permission to access it, the HEAD request returns a generic 404 Not Found or 403
-// Forbidden code. A message body is not included, so you cannot determine the
-// exception beyond these error codes. To use this operation, you must have
-// permissions to perform the s3:ListBucket action. The bucket owner has this
-// permission by default and can grant this permission to others. For more
+// permission to access it, the HEAD request returns a generic 400 Bad Request ,
+// 403 Forbidden or 404 Not Found code. A message body is not included, so you
+// cannot determine the exception beyond these error codes. To use this operation,
+// you must have permissions to perform the s3:ListBucket action. The bucket owner
+// has this permission by default and can grant this permission to others. For more
 // information about permissions, see Permissions Related to Bucket Subresource
-// Operations
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
-// and Managing Access Permissions to Your Amazon S3 Resources
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html).
-// To use this API against an access point, you must provide the alias of the
-// access point in place of the bucket name or specify the access point ARN. When
-// using the access point ARN, you must direct requests to the access point
+// Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
+// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html)
+// . To use this API operation against an access point, you must provide the alias
+// of the access point in place of the bucket name or specify the access point ARN.
+// When using the access point ARN, you must direct requests to the access point
 // hostname. The access point hostname takes the form
 // AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using the
 // Amazon Web Services SDKs, you provide the ARN in place of the bucket name. For
-// more information see, Using access points
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html).
+// more information, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
+// . To use this API operation against an Object Lambda access point, provide the
+// alias of the Object Lambda access point in place of the bucket name. If the
+// Object Lambda access point alias in a request is not valid, the error code
+// InvalidAccessPointAliasError is returned. For more information about
+// InvalidAccessPointAliasError , see List of Error Codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList)
+// .
 func (c *Client) HeadBucket(ctx context.Context, params *HeadBucketInput, optFns ...func(*Options)) (*HeadBucketOutput, error) {
 	if params == nil {
 		params = &HeadBucketInput{}
@@ -60,17 +67,19 @@ type HeadBucketInput struct {
 	// AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this
 	// action with an access point through the Amazon Web Services SDKs, you provide
 	// the access point ARN in place of the bucket name. For more information about
-	// access point ARNs, see Using access points
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
-	// in the Amazon S3 User Guide. When using this action with Amazon S3 on Outposts,
-	// you must direct requests to the S3 on Outposts hostname. The S3 on Outposts
-	// hostname takes the form
-	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When using
-	// this action with S3 on Outposts through the Amazon Web Services SDKs, you
-	// provide the Outposts bucket ARN in place of the bucket name. For more
-	// information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) in the
-	// Amazon S3 User Guide.
+	// access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
+	// in the Amazon S3 User Guide. When you use this action with an Object Lambda
+	// access point, provide the alias of the Object Lambda access point in place of
+	// the bucket name. If the Object Lambda access point alias in a request is not
+	// valid, the error code InvalidAccessPointAliasError is returned. For more
+	// information about InvalidAccessPointAliasError , see List of Error Codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList)
+	// . When you use this action with Amazon S3 on Outposts, you must direct requests
+	// to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form
+	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com . When you
+	// use this action with S3 on Outposts through the Amazon Web Services SDKs, you
+	// provide the Outposts access point ARN in place of the bucket name. For more
+	// information about S3 on Outposts ARNs, see What is S3 on Outposts? (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
+	// in the Amazon S3 User Guide.
 	//
 	// This member is required.
 	Bucket *string
@@ -99,6 +108,9 @@ func (c *Client) addOperationHeadBucketMiddlewares(stack *middleware.Stack, opti
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -126,7 +138,7 @@ func (c *Client) addOperationHeadBucketMiddlewares(stack *middleware.Stack, opti
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -138,6 +150,9 @@ func (c *Client) addOperationHeadBucketMiddlewares(stack *middleware.Stack, opti
 	if err = swapWithCustomHTTPSignerMiddleware(stack, options); err != nil {
 		return err
 	}
+	if err = addHeadBucketResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpHeadBucketValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -147,6 +162,9 @@ func (c *Client) addOperationHeadBucketMiddlewares(stack *middleware.Stack, opti
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addHeadBucketUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
@@ -162,9 +180,22 @@ func (c *Client) addOperationHeadBucketMiddlewares(stack *middleware.Stack, opti
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
+	if err = addSerializeImmutableHostnameBucketMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
+func (v *HeadBucketInput) bucket() (string, bool) {
+	if v.Bucket == nil {
+		return "", false
+	}
+	return *v.Bucket, true
+}
+
 // HeadBucketAPIClient is a client that implements the HeadBucket operation.
 type HeadBucketAPIClient interface {
 	HeadBucket(context.Context, *HeadBucketInput, ...func(*Options)) (*HeadBucketOutput, error)
@@ -185,9 +216,9 @@ type BucketExistsWaiterOptions struct {
 	// MinDelay must resolve to a value lesser than or equal to the MaxDelay.
 	MinDelay time.Duration
 
-	// MaxDelay is the maximum amount of time to delay between retries. If unset or set
-	// to zero, BucketExistsWaiter will use default max delay of 120 seconds. Note that
-	// MaxDelay must resolve to value greater than or equal to the MinDelay.
+	// MaxDelay is the maximum amount of time to delay between retries. If unset or
+	// set to zero, BucketExistsWaiter will use default max delay of 120 seconds. Note
+	// that MaxDelay must resolve to value greater than or equal to the MinDelay.
 	MaxDelay time.Duration
 
 	// LogWaitAttempts is used to enable logging for waiter retry attempts
@@ -338,9 +369,9 @@ type BucketNotExistsWaiterOptions struct {
 	// MinDelay must resolve to a value lesser than or equal to the MaxDelay.
 	MinDelay time.Duration
 
-	// MaxDelay is the maximum amount of time to delay between retries. If unset or set
-	// to zero, BucketNotExistsWaiter will use default max delay of 120 seconds. Note
-	// that MaxDelay must resolve to value greater than or equal to the MinDelay.
+	// MaxDelay is the maximum amount of time to delay between retries. If unset or
+	// set to zero, BucketNotExistsWaiter will use default max delay of 120 seconds.
+	// Note that MaxDelay must resolve to value greater than or equal to the MinDelay.
 	MaxDelay time.Duration
 
 	// LogWaitAttempts is used to enable logging for waiter retry attempts
@@ -380,9 +411,9 @@ func NewBucketNotExistsWaiter(client HeadBucketAPIClient, optFns ...func(*Bucket
 	}
 }
 
-// Wait calls the waiter function for BucketNotExists waiter. The maxWaitDur is the
-// maximum wait duration the waiter will wait. The maxWaitDur is required and must
-// be greater than zero.
+// Wait calls the waiter function for BucketNotExists waiter. The maxWaitDur is
+// the maximum wait duration the waiter will wait. The maxWaitDur is required and
+// must be greater than zero.
 func (w *BucketNotExistsWaiter) Wait(ctx context.Context, params *HeadBucketInput, maxWaitDur time.Duration, optFns ...func(*BucketNotExistsWaiterOptions)) error {
 	_, err := w.WaitForOutput(ctx, params, maxWaitDur, optFns...)
 	return err
@@ -484,8 +515,9 @@ func newServiceMetadataMiddleware_opHeadBucket(region string) *awsmiddleware.Reg
 	}
 }
 
-// getHeadBucketBucketMember returns a pointer to string denoting a provided bucket
-// member valueand a boolean indicating if the input has a modeled bucket name,
+// getHeadBucketBucketMember returns a pointer to string denoting a provided
+// bucket member valueand a boolean indicating if the input has a modeled bucket
+// name,
 func getHeadBucketBucketMember(input interface{}) (*string, bool) {
 	in := input.(*HeadBucketInput)
 	if in.Bucket == nil {
@@ -539,3 +571,139 @@ func addHeadBucketPayloadAsUnsigned(stack *middleware.Stack, options Options) er
 	v4.RemoveComputePayloadSHA256Middleware(stack)
 	return v4.AddUnsignedPayloadMiddleware(stack)
 }
+
+type opHeadBucketResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opHeadBucketResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opHeadBucketResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	input, ok := in.Parameters.(*HeadBucketInput)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	params.Bucket = input.Bucket
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "s3"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, internalauth.SigV4)
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "s3"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, v4Scheme.Name)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("s3")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			ctx = s3cust.SetSignerVersion(ctx, v4a.Version)
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addHeadBucketResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opHeadBucketResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:                         options.Region,
+			UseFIPS:                        options.EndpointOptions.UseFIPSEndpoint,
+			UseDualStack:                   options.EndpointOptions.UseDualStackEndpoint,
+			Endpoint:                       options.BaseEndpoint,
+			ForcePathStyle:                 options.UsePathStyle,
+			Accelerate:                     options.UseAccelerate,
+			DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
+			UseArnRegion:                   options.UseARNRegion,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_HeadObject.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_HeadObject.go
index 1e745a7e5..a121acb16 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_HeadObject.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_HeadObject.go
@@ -6,11 +6,14 @@ import (
 	"context"
 	"errors"
 	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	"github.com/aws/aws-sdk-go-v2/internal/v4a"
 	s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations"
 	"github.com/aws/aws-sdk-go-v2/service/s3/types"
-	smithy "github.com/aws/smithy-go"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithytime "github.com/aws/smithy-go/time"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
@@ -20,91 +23,58 @@ import (
 
 // The HEAD action retrieves metadata from an object without returning the object
 // itself. This action is useful if you're only interested in an object's metadata.
-// To use HEAD, you must have READ access to the object. A HEAD request has the
+// To use HEAD , you must have READ access to the object. A HEAD request has the
 // same options as a GET action on an object. The response is identical to the GET
 // response except that there is no response body. Because of this, if the HEAD
-// request generates an error, it returns a generic 404 Not Found or 403 Forbidden
-// code. It is not possible to retrieve the exact exception beyond these error
-// codes. If you encrypt an object by using server-side encryption with
-// customer-provided encryption keys (SSE-C) when you store the object in Amazon
-// S3, then when you retrieve the metadata from the object, you must use the
-// following headers:
+// request generates an error, it returns a generic 400 Bad Request , 403 Forbidden
+// or 404 Not Found code. It is not possible to retrieve the exact exception
+// beyond these error codes. If you encrypt an object by using server-side
+// encryption with customer-provided encryption keys (SSE-C) when you store the
+// object in Amazon S3, then when you retrieve the metadata from the object, you
+// must use the following headers:
+//   - x-amz-server-side-encryption-customer-algorithm
+//   - x-amz-server-side-encryption-customer-key
+//   - x-amz-server-side-encryption-customer-key-MD5
 //
-// * x-amz-server-side-encryption-customer-algorithm
+// For more information about SSE-C, see Server-Side Encryption (Using
+// Customer-Provided Encryption Keys) (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html)
+// .
+//   - Encryption request headers, like x-amz-server-side-encryption , should not
+//     be sent for GET requests if your object uses server-side encryption with Key
+//     Management Service (KMS) keys (SSE-KMS), dual-layer server-side encryption with
+//     Amazon Web Services KMS keys (DSSE-KMS), or server-side encryption with Amazon
+//     S3 managed encryption keys (SSE-S3). If your object does use these types of
+//     keys, you’ll get an HTTP 400 Bad Request error.
+//   - The last modified property in this case is the creation date of the object.
 //
-// *
-// x-amz-server-side-encryption-customer-key
+// Request headers are limited to 8 KB in size. For more information, see Common
+// Request Headers (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTCommonRequestHeaders.html)
+// . Consider the following when using request headers:
+//   - Consideration 1 – If both of the If-Match and If-Unmodified-Since headers
+//     are present in the request as follows:
+//   - If-Match condition evaluates to true , and;
+//   - If-Unmodified-Since condition evaluates to false ; Then Amazon S3 returns
+//     200 OK and the data requested.
+//   - Consideration 2 – If both of the If-None-Match and If-Modified-Since headers
+//     are present in the request as follows:
+//   - If-None-Match condition evaluates to false , and;
+//   - If-Modified-Since condition evaluates to true ; Then Amazon S3 returns the
+//     304 Not Modified response code.
 //
-// *
-// x-amz-server-side-encryption-customer-key-MD5
+// For more information about conditional requests, see RFC 7232 (https://tools.ietf.org/html/rfc7232)
+// . Permissions You need the relevant read object (or version) permission for this
+// operation. For more information, see Actions, resources, and condition keys for
+// Amazon S3 (https://docs.aws.amazon.com/AmazonS3/latest/dev/list_amazons3.html) .
+// If the object you request doesn't exist, the error that Amazon S3 returns
+// depends on whether you also have the s3:ListBucket permission.
+//   - If you have the s3:ListBucket permission on the bucket, Amazon S3 returns an
+//     HTTP status code 404 error.
+//   - If you don’t have the s3:ListBucket permission, Amazon S3 returns an HTTP
+//     status code 403 error.
 //
-// For more information about SSE-C,
-// see Server-Side Encryption (Using Customer-Provided Encryption Keys)
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html).
-//
-// *
-// Encryption request headers, like x-amz-server-side-encryption, should not be
-// sent for GET requests if your object uses server-side encryption with KMS keys
-// (SSE-KMS) or server-side encryption with Amazon S3–managed encryption keys
-// (SSE-S3). If your object does use these types of keys, you’ll get an HTTP 400
-// BadRequest error.
-//
-// * The last modified property in this case is the creation
-// date of the object.
-//
-// Request headers are limited to 8 KB in size. For more
-// information, see Common Request Headers
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTCommonRequestHeaders.html).
-// Consider the following when using request headers:
-//
-// * Consideration 1 – If both
-// of the If-Match and If-Unmodified-Since headers are present in the request as
-// follows:
-//
-// * If-Match condition evaluates to true, and;
-//
-// * If-Unmodified-Since
-// condition evaluates to false;
-//
-// Then Amazon S3 returns 200 OK and the data
-// requested.
-//
-// * Consideration 2 – If both of the If-None-Match and
-// If-Modified-Since headers are present in the request as follows:
-//
-// *
-// If-None-Match condition evaluates to false, and;
-//
-// * If-Modified-Since condition
-// evaluates to true;
-//
-// Then Amazon S3 returns the 304 Not Modified response
-// code.
-//
-// For more information about conditional requests, see RFC 7232
-// (https://tools.ietf.org/html/rfc7232). Permissions You need the relevant read
-// object (or version) permission for this operation. For more information, see
-// Specifying Permissions in a Policy
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html). If
-// the object you request does not exist, the error Amazon S3 returns depends on
-// whether you also have the s3:ListBucket permission.
-//
-// * If you have the
-// s3:ListBucket permission on the bucket, Amazon S3 returns an HTTP status code
-// 404 ("no such key") error.
-//
-// * If you don’t have the s3:ListBucket permission,
-// Amazon S3 returns an HTTP status code 403 ("access denied") error.
-//
-// The
-// following actions are related to HeadObject:
-//
-// * GetObject
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html)
-//
-// *
-// GetObjectAttributes
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectAttributes.html)
+// The following actions are related to HeadObject :
+//   - GetObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html)
+//   - GetObjectAttributes (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectAttributes.html)
 func (c *Client) HeadObject(ctx context.Context, params *HeadObjectInput, optFns ...func(*Options)) (*HeadObjectOutput, error) {
 	if params == nil {
 		params = &HeadObjectInput{}
@@ -128,17 +98,15 @@ type HeadObjectInput struct {
 	// AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this
 	// action with an access point through the Amazon Web Services SDKs, you provide
 	// the access point ARN in place of the bucket name. For more information about
-	// access point ARNs, see Using access points
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
-	// in the Amazon S3 User Guide. When using this action with Amazon S3 on Outposts,
-	// you must direct requests to the S3 on Outposts hostname. The S3 on Outposts
-	// hostname takes the form
-	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When using
-	// this action with S3 on Outposts through the Amazon Web Services SDKs, you
-	// provide the Outposts bucket ARN in place of the bucket name. For more
-	// information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) in the
-	// Amazon S3 User Guide.
+	// access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
+	// in the Amazon S3 User Guide. When you use this action with Amazon S3 on
+	// Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on
+	// Outposts hostname takes the form
+	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com . When you
+	// use this action with S3 on Outposts through the Amazon Web Services SDKs, you
+	// provide the Outposts access point ARN in place of the bucket name. For more
+	// information about S3 on Outposts ARNs, see What is S3 on Outposts? (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
+	// in the Amazon S3 User Guide.
 	//
 	// This member is required.
 	Bucket *string
@@ -181,15 +149,17 @@ type HeadObjectInput struct {
 	// object.
 	PartNumber int32
 
-	// Because HeadObject returns only the metadata for an object, this parameter has
-	// no effect.
+	// HeadObject returns only the metadata for an object. If the Range is
+	// satisfiable, only the ContentLength is affected in the response. If the Range
+	// is not satisfiable, S3 returns a 416 - Requested Range Not Satisfiable error.
 	Range *string
 
 	// Confirms that the requester knows that they will be charged for the request.
-	// Bucket owners need not specify this parameter in their requests. For information
-	// about downloading objects from Requester Pays buckets, see Downloading Objects
-	// in Requester Pays Buckets
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
+	// Bucket owners need not specify this parameter in their requests. If either the
+	// source or destination Amazon S3 bucket has Requester Pays enabled, the requester
+	// will pay for corresponding charges to copy the object. For information about
+	// downloading objects from Requester Pays buckets, see Downloading Objects in
+	// Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
 	// in the Amazon S3 User Guide.
 	RequestPayer types.RequestPayer
 
@@ -224,7 +194,7 @@ type HeadObjectOutput struct {
 	ArchiveStatus types.ArchiveStatus
 
 	// Indicates whether the object uses an S3 Bucket Key for server-side encryption
-	// with Amazon Web Services KMS (SSE-KMS).
+	// with Key Management Service (KMS) keys (SSE-KMS).
 	BucketKeyEnabled bool
 
 	// Specifies caching behavior along the request/reply chain.
@@ -233,32 +203,28 @@ type HeadObjectOutput struct {
 	// The base64-encoded, 32-bit CRC32 checksum of the object. This will only be
 	// present if it was uploaded with the object. With multipart uploads, this may not
 	// be a checksum value of the object. For more information about how checksums are
-	// calculated with multipart uploads, see  Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
 	// in the Amazon S3 User Guide.
 	ChecksumCRC32 *string
 
 	// The base64-encoded, 32-bit CRC32C checksum of the object. This will only be
 	// present if it was uploaded with the object. With multipart uploads, this may not
 	// be a checksum value of the object. For more information about how checksums are
-	// calculated with multipart uploads, see  Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
 	// in the Amazon S3 User Guide.
 	ChecksumCRC32C *string
 
 	// The base64-encoded, 160-bit SHA-1 digest of the object. This will only be
 	// present if it was uploaded with the object. With multipart uploads, this may not
 	// be a checksum value of the object. For more information about how checksums are
-	// calculated with multipart uploads, see  Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
 	// in the Amazon S3 User Guide.
 	ChecksumSHA1 *string
 
 	// The base64-encoded, 256-bit SHA-256 digest of the object. This will only be
 	// present if it was uploaded with the object. With multipart uploads, this may not
 	// be a checksum value of the object. For more information about how checksums are
-	// calculated with multipart uploads, see  Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
 	// in the Amazon S3 User Guide.
 	ChecksumSHA256 *string
 
@@ -310,17 +276,17 @@ type HeadObjectOutput struct {
 	// can create metadata whose values are not legal HTTP headers.
 	MissingMeta int32
 
-	// Specifies whether a legal hold is in effect for this object. This header is only
-	// returned if the requester has the s3:GetObjectLegalHold permission. This header
-	// is not returned if the specified version of this object has never had a legal
-	// hold applied. For more information about S3 Object Lock, see Object Lock
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html).
+	// Specifies whether a legal hold is in effect for this object. This header is
+	// only returned if the requester has the s3:GetObjectLegalHold permission. This
+	// header is not returned if the specified version of this object has never had a
+	// legal hold applied. For more information about S3 Object Lock, see Object Lock (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html)
+	// .
 	ObjectLockLegalHoldStatus types.ObjectLockLegalHoldStatus
 
 	// The Object Lock mode, if any, that's in effect for this object. This header is
 	// only returned if the requester has the s3:GetObjectRetention permission. For
-	// more information about S3 Object Lock, see Object Lock
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html).
+	// more information about S3 Object Lock, see Object Lock (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html)
+	// .
 	ObjectLockMode types.ObjectLockMode
 
 	// The date and time when the Object Lock retention period expires. This header is
@@ -334,36 +300,30 @@ type HeadObjectOutput struct {
 	// Amazon S3 can return this header if your request involves a bucket that is
 	// either a source or a destination in a replication rule. In replication, you have
 	// a source bucket on which you configure replication and destination bucket or
-	// buckets where Amazon S3 stores object replicas. When you request an object
-	// (GetObject) or object metadata (HeadObject) from these buckets, Amazon S3 will
+	// buckets where Amazon S3 stores object replicas. When you request an object (
+	// GetObject ) or object metadata ( HeadObject ) from these buckets, Amazon S3 will
 	// return the x-amz-replication-status header in the response as follows:
-	//
-	// * If
-	// requesting an object from the source bucket, Amazon S3 will return the
-	// x-amz-replication-status header if the object in your request is eligible for
-	// replication. For example, suppose that in your replication configuration, you
-	// specify object prefix TaxDocs requesting Amazon S3 to replicate objects with key
-	// prefix TaxDocs. Any objects you upload with this key name prefix, for example
-	// TaxDocs/document1.pdf, are eligible for replication. For any object request with
-	// this key name prefix, Amazon S3 will return the x-amz-replication-status header
-	// with value PENDING, COMPLETED or FAILED indicating object replication status.
-	//
-	// *
-	// If requesting an object from a destination bucket, Amazon S3 will return the
-	// x-amz-replication-status header with value REPLICA if the object in your request
-	// is a replica that Amazon S3 created and there is no replica modification
-	// replication in progress.
-	//
-	// * When replicating objects to multiple destination
-	// buckets, the x-amz-replication-status header acts differently. The header of the
-	// source object will only return a value of COMPLETED when replication is
-	// successful to all destinations. The header will remain at value PENDING until
-	// replication has completed for all destinations. If one or more destinations
-	// fails replication the header will return FAILED.
-	//
-	// For more information, see
-	// Replication
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html).
+	//   - If requesting an object from the source bucket, Amazon S3 will return the
+	//   x-amz-replication-status header if the object in your request is eligible for
+	//   replication. For example, suppose that in your replication configuration, you
+	//   specify object prefix TaxDocs requesting Amazon S3 to replicate objects with
+	//   key prefix TaxDocs . Any objects you upload with this key name prefix, for
+	//   example TaxDocs/document1.pdf , are eligible for replication. For any object
+	//   request with this key name prefix, Amazon S3 will return the
+	//   x-amz-replication-status header with value PENDING, COMPLETED or FAILED
+	//   indicating object replication status.
+	//   - If requesting an object from a destination bucket, Amazon S3 will return
+	//   the x-amz-replication-status header with value REPLICA if the object in your
+	//   request is a replica that Amazon S3 created and there is no replica modification
+	//   replication in progress.
+	//   - When replicating objects to multiple destination buckets, the
+	//   x-amz-replication-status header acts differently. The header of the source
+	//   object will only return a value of COMPLETED when replication is successful to
+	//   all destinations. The header will remain at value PENDING until replication has
+	//   completed for all destinations. If one or more destinations fails replication
+	//   the header will return FAILED.
+	// For more information, see Replication (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html)
+	// .
 	ReplicationStatus types.ReplicationStatus
 
 	// If present, indicates that the requester was successfully charged for the
@@ -372,41 +332,38 @@ type HeadObjectOutput struct {
 
 	// If the object is an archived object (an object whose storage class is GLACIER),
 	// the response includes this header if either the archive restoration is in
-	// progress (see RestoreObject
-	// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_RestoreObject.html) or an
-	// archive copy is already restored. If an archive copy is already restored, the
-	// header value indicates when Amazon S3 is scheduled to delete the object copy.
-	// For example: x-amz-restore: ongoing-request="false", expiry-date="Fri, 21 Dec
-	// 2012 00:00:00 GMT" If the object restoration is in progress, the header returns
-	// the value ongoing-request="true". For more information about archiving objects,
-	// see Transitioning Objects: General Considerations
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html#lifecycle-transition-general-considerations).
+	// progress (see RestoreObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_RestoreObject.html)
+	// or an archive copy is already restored. If an archive copy is already restored,
+	// the header value indicates when Amazon S3 is scheduled to delete the object
+	// copy. For example: x-amz-restore: ongoing-request="false", expiry-date="Fri, 21
+	// Dec 2012 00:00:00 GMT" If the object restoration is in progress, the header
+	// returns the value ongoing-request="true" . For more information about archiving
+	// objects, see Transitioning Objects: General Considerations (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html#lifecycle-transition-general-considerations)
+	// .
 	Restore *string
 
-	// If server-side encryption with a customer-provided encryption key was requested,
-	// the response will include this header confirming the encryption algorithm used.
+	// If server-side encryption with a customer-provided encryption key was
+	// requested, the response will include this header confirming the encryption
+	// algorithm used.
 	SSECustomerAlgorithm *string
 
-	// If server-side encryption with a customer-provided encryption key was requested,
-	// the response will include this header to provide round-trip message integrity
-	// verification of the customer-provided encryption key.
+	// If server-side encryption with a customer-provided encryption key was
+	// requested, the response will include this header to provide round-trip message
+	// integrity verification of the customer-provided encryption key.
 	SSECustomerKeyMD5 *string
 
-	// If present, specifies the ID of the Amazon Web Services Key Management Service
-	// (Amazon Web Services KMS) symmetric customer managed key that was used for the
-	// object.
+	// If present, specifies the ID of the Key Management Service (KMS) symmetric
+	// encryption customer managed key that was used for the object.
 	SSEKMSKeyId *string
 
-	// If the object is stored using server-side encryption either with an Amazon Web
-	// Services KMS key or an Amazon S3-managed encryption key, the response includes
-	// this header with the value of the server-side encryption algorithm used when
-	// storing this object in Amazon S3 (for example, AES256, aws:kms).
+	// The server-side encryption algorithm used when storing this object in Amazon S3
+	// (for example, AES256 , aws:kms , aws:kms:dsse ).
 	ServerSideEncryption types.ServerSideEncryption
 
 	// Provides storage class information of the object. Amazon S3 returns this header
 	// for all objects except for S3 Standard storage class objects. For more
-	// information, see Storage Classes
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html).
+	// information, see Storage Classes (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html)
+	// .
 	StorageClass types.StorageClass
 
 	// Version of the object.
@@ -432,6 +389,9 @@ func (c *Client) addOperationHeadObjectMiddlewares(stack *middleware.Stack, opti
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -459,7 +419,7 @@ func (c *Client) addOperationHeadObjectMiddlewares(stack *middleware.Stack, opti
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -471,6 +431,9 @@ func (c *Client) addOperationHeadObjectMiddlewares(stack *middleware.Stack, opti
 	if err = swapWithCustomHTTPSignerMiddleware(stack, options); err != nil {
 		return err
 	}
+	if err = addHeadObjectResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpHeadObjectValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -480,6 +443,9 @@ func (c *Client) addOperationHeadObjectMiddlewares(stack *middleware.Stack, opti
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addHeadObjectUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
@@ -495,9 +461,22 @@ func (c *Client) addOperationHeadObjectMiddlewares(stack *middleware.Stack, opti
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
+	if err = addSerializeImmutableHostnameBucketMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
+func (v *HeadObjectInput) bucket() (string, bool) {
+	if v.Bucket == nil {
+		return "", false
+	}
+	return *v.Bucket, true
+}
+
 // HeadObjectAPIClient is a client that implements the HeadObject operation.
 type HeadObjectAPIClient interface {
 	HeadObject(context.Context, *HeadObjectInput, ...func(*Options)) (*HeadObjectOutput, error)
@@ -518,9 +497,9 @@ type ObjectExistsWaiterOptions struct {
 	// MinDelay must resolve to a value lesser than or equal to the MaxDelay.
 	MinDelay time.Duration
 
-	// MaxDelay is the maximum amount of time to delay between retries. If unset or set
-	// to zero, ObjectExistsWaiter will use default max delay of 120 seconds. Note that
-	// MaxDelay must resolve to value greater than or equal to the MinDelay.
+	// MaxDelay is the maximum amount of time to delay between retries. If unset or
+	// set to zero, ObjectExistsWaiter will use default max delay of 120 seconds. Note
+	// that MaxDelay must resolve to value greater than or equal to the MinDelay.
 	MaxDelay time.Duration
 
 	// LogWaitAttempts is used to enable logging for waiter retry attempts
@@ -649,13 +628,8 @@ func objectExistsStateRetryable(ctx context.Context, input *HeadObjectInput, out
 	}
 
 	if err != nil {
-		var apiErr smithy.APIError
-		ok := errors.As(err, &apiErr)
-		if !ok {
-			return false, fmt.Errorf("expected err to be of type smithy.APIError, got %w", err)
-		}
-
-		if "NotFound" == apiErr.ErrorCode() {
+		var errorType *types.NotFound
+		if errors.As(err, &errorType) {
 			return true, nil
 		}
 	}
@@ -676,9 +650,9 @@ type ObjectNotExistsWaiterOptions struct {
 	// MinDelay must resolve to a value lesser than or equal to the MaxDelay.
 	MinDelay time.Duration
 
-	// MaxDelay is the maximum amount of time to delay between retries. If unset or set
-	// to zero, ObjectNotExistsWaiter will use default max delay of 120 seconds. Note
-	// that MaxDelay must resolve to value greater than or equal to the MinDelay.
+	// MaxDelay is the maximum amount of time to delay between retries. If unset or
+	// set to zero, ObjectNotExistsWaiter will use default max delay of 120 seconds.
+	// Note that MaxDelay must resolve to value greater than or equal to the MinDelay.
 	MaxDelay time.Duration
 
 	// LogWaitAttempts is used to enable logging for waiter retry attempts
@@ -718,9 +692,9 @@ func NewObjectNotExistsWaiter(client HeadObjectAPIClient, optFns ...func(*Object
 	}
 }
 
-// Wait calls the waiter function for ObjectNotExists waiter. The maxWaitDur is the
-// maximum wait duration the waiter will wait. The maxWaitDur is required and must
-// be greater than zero.
+// Wait calls the waiter function for ObjectNotExists waiter. The maxWaitDur is
+// the maximum wait duration the waiter will wait. The maxWaitDur is required and
+// must be greater than zero.
 func (w *ObjectNotExistsWaiter) Wait(ctx context.Context, params *HeadObjectInput, maxWaitDur time.Duration, optFns ...func(*ObjectNotExistsWaiterOptions)) error {
 	_, err := w.WaitForOutput(ctx, params, maxWaitDur, optFns...)
 	return err
@@ -804,13 +778,8 @@ func (w *ObjectNotExistsWaiter) WaitForOutput(ctx context.Context, params *HeadO
 func objectNotExistsStateRetryable(ctx context.Context, input *HeadObjectInput, output *HeadObjectOutput, err error) (bool, error) {
 
 	if err != nil {
-		var apiErr smithy.APIError
-		ok := errors.As(err, &apiErr)
-		if !ok {
-			return false, fmt.Errorf("expected err to be of type smithy.APIError, got %w", err)
-		}
-
-		if "NotFound" == apiErr.ErrorCode() {
+		var errorType *types.NotFound
+		if errors.As(err, &errorType) {
 			return false, nil
 		}
 	}
@@ -827,8 +796,9 @@ func newServiceMetadataMiddleware_opHeadObject(region string) *awsmiddleware.Reg
 	}
 }
 
-// getHeadObjectBucketMember returns a pointer to string denoting a provided bucket
-// member valueand a boolean indicating if the input has a modeled bucket name,
+// getHeadObjectBucketMember returns a pointer to string denoting a provided
+// bucket member valueand a boolean indicating if the input has a modeled bucket
+// name,
 func getHeadObjectBucketMember(input interface{}) (*string, bool) {
 	in := input.(*HeadObjectInput)
 	if in.Bucket == nil {
@@ -882,3 +852,139 @@ func addHeadObjectPayloadAsUnsigned(stack *middleware.Stack, options Options) er
 	v4.RemoveComputePayloadSHA256Middleware(stack)
 	return v4.AddUnsignedPayloadMiddleware(stack)
 }
+
+type opHeadObjectResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opHeadObjectResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opHeadObjectResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	input, ok := in.Parameters.(*HeadObjectInput)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	params.Bucket = input.Bucket
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "s3"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, internalauth.SigV4)
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "s3"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, v4Scheme.Name)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("s3")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			ctx = s3cust.SetSignerVersion(ctx, v4a.Version)
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addHeadObjectResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opHeadObjectResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:                         options.Region,
+			UseFIPS:                        options.EndpointOptions.UseFIPSEndpoint,
+			UseDualStack:                   options.EndpointOptions.UseDualStackEndpoint,
+			Endpoint:                       options.BaseEndpoint,
+			ForcePathStyle:                 options.UsePathStyle,
+			Accelerate:                     options.UseAccelerate,
+			DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
+			UseArnRegion:                   options.UseARNRegion,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListBucketAnalyticsConfigurations.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListBucketAnalyticsConfigurations.go
index 0a0373f29..99ad3827c 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListBucketAnalyticsConfigurations.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListBucketAnalyticsConfigurations.go
@@ -4,10 +4,16 @@ package s3
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	"github.com/aws/aws-sdk-go-v2/internal/v4a"
 	s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations"
 	"github.com/aws/aws-sdk-go-v2/service/s3/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -17,33 +23,21 @@ import (
 // does not return more than 100 configurations at a time. You should always check
 // the IsTruncated element in the response. If there are no more configurations to
 // list, IsTruncated is set to false. If there are more configurations to list,
-// IsTruncated is set to true, and there will be a value in NextContinuationToken.
+// IsTruncated is set to true, and there will be a value in NextContinuationToken .
 // You use the NextContinuationToken value to continue the pagination of the list
 // by passing the value in continuation-token in the request to GET the next page.
 // To use this operation, you must have permissions to perform the
 // s3:GetAnalyticsConfiguration action. The bucket owner has this permission by
 // default. The bucket owner can grant this permission to others. For more
 // information about permissions, see Permissions Related to Bucket Subresource
-// Operations
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
-// and Managing Access Permissions to Your Amazon S3 Resources
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html).
-// For information about Amazon S3 analytics feature, see Amazon S3 Analytics –
-// Storage Class Analysis
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/analytics-storage-class.html).
-// The following operations are related to ListBucketAnalyticsConfigurations:
-//
-// *
-// GetBucketAnalyticsConfiguration
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketAnalyticsConfiguration.html)
-//
-// *
-// DeleteBucketAnalyticsConfiguration
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketAnalyticsConfiguration.html)
-//
-// *
-// PutBucketAnalyticsConfiguration
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketAnalyticsConfiguration.html)
+// Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
+// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html)
+// . For information about Amazon S3 analytics feature, see Amazon S3 Analytics –
+// Storage Class Analysis (https://docs.aws.amazon.com/AmazonS3/latest/dev/analytics-storage-class.html)
+// . The following operations are related to ListBucketAnalyticsConfigurations :
+//   - GetBucketAnalyticsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketAnalyticsConfiguration.html)
+//   - DeleteBucketAnalyticsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketAnalyticsConfiguration.html)
+//   - PutBucketAnalyticsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketAnalyticsConfiguration.html)
 func (c *Client) ListBucketAnalyticsConfigurations(ctx context.Context, params *ListBucketAnalyticsConfigurationsInput, optFns ...func(*Options)) (*ListBucketAnalyticsConfigurationsOutput, error) {
 	if params == nil {
 		params = &ListBucketAnalyticsConfigurationsInput{}
@@ -94,7 +88,7 @@ type ListBucketAnalyticsConfigurationsOutput struct {
 
 	// NextContinuationToken is sent when isTruncated is true, which indicates that
 	// there are more analytics configurations to list. The next request must include
-	// this NextContinuationToken. The token is obfuscated and is not a usable value.
+	// this NextContinuationToken . The token is obfuscated and is not a usable value.
 	NextContinuationToken *string
 
 	// Metadata pertaining to the operation's result.
@@ -112,6 +106,9 @@ func (c *Client) addOperationListBucketAnalyticsConfigurationsMiddlewares(stack
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -139,7 +136,7 @@ func (c *Client) addOperationListBucketAnalyticsConfigurationsMiddlewares(stack
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -151,6 +148,9 @@ func (c *Client) addOperationListBucketAnalyticsConfigurationsMiddlewares(stack
 	if err = swapWithCustomHTTPSignerMiddleware(stack, options); err != nil {
 		return err
 	}
+	if err = addListBucketAnalyticsConfigurationsResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpListBucketAnalyticsConfigurationsValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -160,6 +160,9 @@ func (c *Client) addOperationListBucketAnalyticsConfigurationsMiddlewares(stack
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addListBucketAnalyticsConfigurationsUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
@@ -175,9 +178,22 @@ func (c *Client) addOperationListBucketAnalyticsConfigurationsMiddlewares(stack
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
+	if err = addSerializeImmutableHostnameBucketMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
+func (v *ListBucketAnalyticsConfigurationsInput) bucket() (string, bool) {
+	if v.Bucket == nil {
+		return "", false
+	}
+	return *v.Bucket, true
+}
+
 func newServiceMetadataMiddleware_opListBucketAnalyticsConfigurations(region string) *awsmiddleware.RegisterServiceMetadata {
 	return &awsmiddleware.RegisterServiceMetadata{
 		Region:        region,
@@ -212,3 +228,139 @@ func addListBucketAnalyticsConfigurationsUpdateEndpoint(stack *middleware.Stack,
 		DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
 	})
 }
+
+type opListBucketAnalyticsConfigurationsResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opListBucketAnalyticsConfigurationsResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opListBucketAnalyticsConfigurationsResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	input, ok := in.Parameters.(*ListBucketAnalyticsConfigurationsInput)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	params.Bucket = input.Bucket
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "s3"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, internalauth.SigV4)
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "s3"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, v4Scheme.Name)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("s3")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			ctx = s3cust.SetSignerVersion(ctx, v4a.Version)
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addListBucketAnalyticsConfigurationsResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opListBucketAnalyticsConfigurationsResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:                         options.Region,
+			UseFIPS:                        options.EndpointOptions.UseFIPSEndpoint,
+			UseDualStack:                   options.EndpointOptions.UseDualStackEndpoint,
+			Endpoint:                       options.BaseEndpoint,
+			ForcePathStyle:                 options.UsePathStyle,
+			Accelerate:                     options.UseAccelerate,
+			DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
+			UseArnRegion:                   options.UseARNRegion,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListBucketIntelligentTieringConfigurations.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListBucketIntelligentTieringConfigurations.go
index 972a69c99..74eff1968 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListBucketIntelligentTieringConfigurations.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListBucketIntelligentTieringConfigurations.go
@@ -4,16 +4,22 @@ package s3
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	"github.com/aws/aws-sdk-go-v2/internal/v4a"
 	s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations"
 	"github.com/aws/aws-sdk-go-v2/service/s3/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
 
-// Lists the S3 Intelligent-Tiering configuration from the specified bucket. The S3
-// Intelligent-Tiering storage class is designed to optimize storage costs by
+// Lists the S3 Intelligent-Tiering configuration from the specified bucket. The
+// S3 Intelligent-Tiering storage class is designed to optimize storage costs by
 // automatically moving data to the most cost-effective storage access tier,
 // without performance impact or operational overhead. S3 Intelligent-Tiering
 // delivers automatic cost savings in three low latency and high throughput access
@@ -25,21 +31,11 @@ import (
 // monitored and not eligible for auto-tiering. Smaller objects can be stored, but
 // they are always charged at the Frequent Access tier rates in the S3
 // Intelligent-Tiering storage class. For more information, see Storage class for
-// automatically optimizing frequently and infrequently accessed objects
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html#sc-dynamic-data-access).
-// Operations related to ListBucketIntelligentTieringConfigurations include:
-//
-// *
-// DeleteBucketIntelligentTieringConfiguration
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketIntelligentTieringConfiguration.html)
-//
-// *
-// PutBucketIntelligentTieringConfiguration
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketIntelligentTieringConfiguration.html)
-//
-// *
-// GetBucketIntelligentTieringConfiguration
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketIntelligentTieringConfiguration.html)
+// automatically optimizing frequently and infrequently accessed objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html#sc-dynamic-data-access)
+// . Operations related to ListBucketIntelligentTieringConfigurations include:
+//   - DeleteBucketIntelligentTieringConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketIntelligentTieringConfiguration.html)
+//   - PutBucketIntelligentTieringConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketIntelligentTieringConfiguration.html)
+//   - GetBucketIntelligentTieringConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketIntelligentTieringConfiguration.html)
 func (c *Client) ListBucketIntelligentTieringConfigurations(ctx context.Context, params *ListBucketIntelligentTieringConfigurationsInput, optFns ...func(*Options)) (*ListBucketIntelligentTieringConfigurationsOutput, error) {
 	if params == nil {
 		params = &ListBucketIntelligentTieringConfigurationsInput{}
@@ -104,6 +100,9 @@ func (c *Client) addOperationListBucketIntelligentTieringConfigurationsMiddlewar
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -131,7 +130,7 @@ func (c *Client) addOperationListBucketIntelligentTieringConfigurationsMiddlewar
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -143,6 +142,9 @@ func (c *Client) addOperationListBucketIntelligentTieringConfigurationsMiddlewar
 	if err = swapWithCustomHTTPSignerMiddleware(stack, options); err != nil {
 		return err
 	}
+	if err = addListBucketIntelligentTieringConfigurationsResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpListBucketIntelligentTieringConfigurationsValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -152,6 +154,9 @@ func (c *Client) addOperationListBucketIntelligentTieringConfigurationsMiddlewar
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addListBucketIntelligentTieringConfigurationsUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
@@ -167,9 +172,22 @@ func (c *Client) addOperationListBucketIntelligentTieringConfigurationsMiddlewar
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
+	if err = addSerializeImmutableHostnameBucketMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
+func (v *ListBucketIntelligentTieringConfigurationsInput) bucket() (string, bool) {
+	if v.Bucket == nil {
+		return "", false
+	}
+	return *v.Bucket, true
+}
+
 func newServiceMetadataMiddleware_opListBucketIntelligentTieringConfigurations(region string) *awsmiddleware.RegisterServiceMetadata {
 	return &awsmiddleware.RegisterServiceMetadata{
 		Region:        region,
@@ -204,3 +222,139 @@ func addListBucketIntelligentTieringConfigurationsUpdateEndpoint(stack *middlewa
 		DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
 	})
 }
+
+type opListBucketIntelligentTieringConfigurationsResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opListBucketIntelligentTieringConfigurationsResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opListBucketIntelligentTieringConfigurationsResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	input, ok := in.Parameters.(*ListBucketIntelligentTieringConfigurationsInput)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	params.Bucket = input.Bucket
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "s3"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, internalauth.SigV4)
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "s3"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, v4Scheme.Name)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("s3")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			ctx = s3cust.SetSignerVersion(ctx, v4a.Version)
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addListBucketIntelligentTieringConfigurationsResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opListBucketIntelligentTieringConfigurationsResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:                         options.Region,
+			UseFIPS:                        options.EndpointOptions.UseFIPSEndpoint,
+			UseDualStack:                   options.EndpointOptions.UseDualStackEndpoint,
+			Endpoint:                       options.BaseEndpoint,
+			ForcePathStyle:                 options.UsePathStyle,
+			Accelerate:                     options.UseAccelerate,
+			DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
+			UseArnRegion:                   options.UseARNRegion,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListBucketInventoryConfigurations.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListBucketInventoryConfigurations.go
index e6c8c79a8..fd2cf048a 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListBucketInventoryConfigurations.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListBucketInventoryConfigurations.go
@@ -4,10 +4,16 @@ package s3
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	"github.com/aws/aws-sdk-go-v2/internal/v4a"
 	s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations"
 	"github.com/aws/aws-sdk-go-v2/service/s3/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -17,32 +23,20 @@ import (
 // and does not return more than 100 configurations at a time. Always check the
 // IsTruncated element in the response. If there are no more configurations to
 // list, IsTruncated is set to false. If there are more configurations to list,
-// IsTruncated is set to true, and there is a value in NextContinuationToken. You
+// IsTruncated is set to true, and there is a value in NextContinuationToken . You
 // use the NextContinuationToken value to continue the pagination of the list by
 // passing the value in continuation-token in the request to GET the next page. To
 // use this operation, you must have permissions to perform the
 // s3:GetInventoryConfiguration action. The bucket owner has this permission by
 // default. The bucket owner can grant this permission to others. For more
 // information about permissions, see Permissions Related to Bucket Subresource
-// Operations
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
-// and Managing Access Permissions to Your Amazon S3 Resources
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html).
-// For information about the Amazon S3 inventory feature, see Amazon S3 Inventory
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-inventory.html) The
-// following operations are related to ListBucketInventoryConfigurations:
-//
-// *
-// GetBucketInventoryConfiguration
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketInventoryConfiguration.html)
-//
-// *
-// DeleteBucketInventoryConfiguration
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketInventoryConfiguration.html)
-//
-// *
-// PutBucketInventoryConfiguration
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketInventoryConfiguration.html)
+// Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
+// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html)
+// . For information about the Amazon S3 inventory feature, see Amazon S3 Inventory (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-inventory.html)
+// The following operations are related to ListBucketInventoryConfigurations :
+//   - GetBucketInventoryConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketInventoryConfiguration.html)
+//   - DeleteBucketInventoryConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketInventoryConfiguration.html)
+//   - PutBucketInventoryConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketInventoryConfiguration.html)
 func (c *Client) ListBucketInventoryConfigurations(ctx context.Context, params *ListBucketInventoryConfigurationsInput, optFns ...func(*Options)) (*ListBucketInventoryConfigurationsOutput, error) {
 	if params == nil {
 		params = &ListBucketInventoryConfigurationsInput{}
@@ -88,9 +82,9 @@ type ListBucketInventoryConfigurationsOutput struct {
 	// The list of inventory configurations for a bucket.
 	InventoryConfigurationList []types.InventoryConfiguration
 
-	// Tells whether the returned list of inventory configurations is complete. A value
-	// of true indicates that the list is not complete and the NextContinuationToken is
-	// provided for a subsequent request.
+	// Tells whether the returned list of inventory configurations is complete. A
+	// value of true indicates that the list is not complete and the
+	// NextContinuationToken is provided for a subsequent request.
 	IsTruncated bool
 
 	// The marker used to continue this inventory configuration listing. Use the
@@ -113,6 +107,9 @@ func (c *Client) addOperationListBucketInventoryConfigurationsMiddlewares(stack
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -140,7 +137,7 @@ func (c *Client) addOperationListBucketInventoryConfigurationsMiddlewares(stack
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -152,6 +149,9 @@ func (c *Client) addOperationListBucketInventoryConfigurationsMiddlewares(stack
 	if err = swapWithCustomHTTPSignerMiddleware(stack, options); err != nil {
 		return err
 	}
+	if err = addListBucketInventoryConfigurationsResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpListBucketInventoryConfigurationsValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -161,6 +161,9 @@ func (c *Client) addOperationListBucketInventoryConfigurationsMiddlewares(stack
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addListBucketInventoryConfigurationsUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
@@ -176,9 +179,22 @@ func (c *Client) addOperationListBucketInventoryConfigurationsMiddlewares(stack
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
+	if err = addSerializeImmutableHostnameBucketMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
+func (v *ListBucketInventoryConfigurationsInput) bucket() (string, bool) {
+	if v.Bucket == nil {
+		return "", false
+	}
+	return *v.Bucket, true
+}
+
 func newServiceMetadataMiddleware_opListBucketInventoryConfigurations(region string) *awsmiddleware.RegisterServiceMetadata {
 	return &awsmiddleware.RegisterServiceMetadata{
 		Region:        region,
@@ -213,3 +229,139 @@ func addListBucketInventoryConfigurationsUpdateEndpoint(stack *middleware.Stack,
 		DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
 	})
 }
+
+type opListBucketInventoryConfigurationsResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opListBucketInventoryConfigurationsResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opListBucketInventoryConfigurationsResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	input, ok := in.Parameters.(*ListBucketInventoryConfigurationsInput)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	params.Bucket = input.Bucket
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "s3"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, internalauth.SigV4)
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "s3"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, v4Scheme.Name)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("s3")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			ctx = s3cust.SetSignerVersion(ctx, v4a.Version)
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addListBucketInventoryConfigurationsResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opListBucketInventoryConfigurationsResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:                         options.Region,
+			UseFIPS:                        options.EndpointOptions.UseFIPSEndpoint,
+			UseDualStack:                   options.EndpointOptions.UseDualStackEndpoint,
+			Endpoint:                       options.BaseEndpoint,
+			ForcePathStyle:                 options.UsePathStyle,
+			Accelerate:                     options.UseAccelerate,
+			DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
+			UseArnRegion:                   options.UseARNRegion,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListBucketMetricsConfigurations.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListBucketMetricsConfigurations.go
index 50b207af6..45e145e84 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListBucketMetricsConfigurations.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListBucketMetricsConfigurations.go
@@ -4,10 +4,16 @@ package s3
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	"github.com/aws/aws-sdk-go-v2/internal/v4a"
 	s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations"
 	"github.com/aws/aws-sdk-go-v2/service/s3/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -16,35 +22,23 @@ import (
 // only for the request metrics of the bucket and do not provide information on
 // daily storage metrics. You can have up to 1,000 configurations per bucket. This
 // action supports list pagination and does not return more than 100 configurations
-// at a time. Always check the IsTruncated element in the response. If there are no
-// more configurations to list, IsTruncated is set to false. If there are more
+// at a time. Always check the IsTruncated element in the response. If there are
+// no more configurations to list, IsTruncated is set to false. If there are more
 // configurations to list, IsTruncated is set to true, and there is a value in
-// NextContinuationToken. You use the NextContinuationToken value to continue the
-// pagination of the list by passing the value in continuation-token in the request
-// to GET the next page. To use this operation, you must have permissions to
-// perform the s3:GetMetricsConfiguration action. The bucket owner has this
+// NextContinuationToken . You use the NextContinuationToken value to continue the
+// pagination of the list by passing the value in continuation-token in the
+// request to GET the next page. To use this operation, you must have permissions
+// to perform the s3:GetMetricsConfiguration action. The bucket owner has this
 // permission by default. The bucket owner can grant this permission to others. For
 // more information about permissions, see Permissions Related to Bucket
-// Subresource Operations
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
-// and Managing Access Permissions to Your Amazon S3 Resources
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html).
-// For more information about metrics configurations and CloudWatch request
-// metrics, see Monitoring Metrics with Amazon CloudWatch
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/cloudwatch-monitoring.html).
-// The following operations are related to ListBucketMetricsConfigurations:
-//
-// *
-// PutBucketMetricsConfiguration
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketMetricsConfiguration.html)
-//
-// *
-// GetBucketMetricsConfiguration
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketMetricsConfiguration.html)
-//
-// *
-// DeleteBucketMetricsConfiguration
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketMetricsConfiguration.html)
+// Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
+// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html)
+// . For more information about metrics configurations and CloudWatch request
+// metrics, see Monitoring Metrics with Amazon CloudWatch (https://docs.aws.amazon.com/AmazonS3/latest/dev/cloudwatch-monitoring.html)
+// . The following operations are related to ListBucketMetricsConfigurations :
+//   - PutBucketMetricsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketMetricsConfiguration.html)
+//   - GetBucketMetricsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketMetricsConfiguration.html)
+//   - DeleteBucketMetricsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketMetricsConfiguration.html)
 func (c *Client) ListBucketMetricsConfigurations(ctx context.Context, params *ListBucketMetricsConfigurationsInput, optFns ...func(*Options)) (*ListBucketMetricsConfigurationsOutput, error) {
 	if params == nil {
 		params = &ListBucketMetricsConfigurationsInput{}
@@ -116,6 +110,9 @@ func (c *Client) addOperationListBucketMetricsConfigurationsMiddlewares(stack *m
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -143,7 +140,7 @@ func (c *Client) addOperationListBucketMetricsConfigurationsMiddlewares(stack *m
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -155,6 +152,9 @@ func (c *Client) addOperationListBucketMetricsConfigurationsMiddlewares(stack *m
 	if err = swapWithCustomHTTPSignerMiddleware(stack, options); err != nil {
 		return err
 	}
+	if err = addListBucketMetricsConfigurationsResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpListBucketMetricsConfigurationsValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -164,6 +164,9 @@ func (c *Client) addOperationListBucketMetricsConfigurationsMiddlewares(stack *m
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addListBucketMetricsConfigurationsUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
@@ -179,9 +182,22 @@ func (c *Client) addOperationListBucketMetricsConfigurationsMiddlewares(stack *m
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
+	if err = addSerializeImmutableHostnameBucketMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
+func (v *ListBucketMetricsConfigurationsInput) bucket() (string, bool) {
+	if v.Bucket == nil {
+		return "", false
+	}
+	return *v.Bucket, true
+}
+
 func newServiceMetadataMiddleware_opListBucketMetricsConfigurations(region string) *awsmiddleware.RegisterServiceMetadata {
 	return &awsmiddleware.RegisterServiceMetadata{
 		Region:        region,
@@ -216,3 +232,139 @@ func addListBucketMetricsConfigurationsUpdateEndpoint(stack *middleware.Stack, o
 		DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
 	})
 }
+
+type opListBucketMetricsConfigurationsResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opListBucketMetricsConfigurationsResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opListBucketMetricsConfigurationsResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	input, ok := in.Parameters.(*ListBucketMetricsConfigurationsInput)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	params.Bucket = input.Bucket
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "s3"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, internalauth.SigV4)
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "s3"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, v4Scheme.Name)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("s3")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			ctx = s3cust.SetSignerVersion(ctx, v4a.Version)
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addListBucketMetricsConfigurationsResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opListBucketMetricsConfigurationsResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:                         options.Region,
+			UseFIPS:                        options.EndpointOptions.UseFIPSEndpoint,
+			UseDualStack:                   options.EndpointOptions.UseDualStackEndpoint,
+			Endpoint:                       options.BaseEndpoint,
+			ForcePathStyle:                 options.UsePathStyle,
+			Accelerate:                     options.UseAccelerate,
+			DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
+			UseArnRegion:                   options.UseARNRegion,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListBuckets.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListBuckets.go
index 7a3de38f4..372402269 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListBuckets.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListBuckets.go
@@ -4,16 +4,25 @@ package s3
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	"github.com/aws/aws-sdk-go-v2/internal/v4a"
 	s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations"
 	"github.com/aws/aws-sdk-go-v2/service/s3/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
 
 // Returns a list of all buckets owned by the authenticated sender of the request.
-// To use this operation, you must have the s3:ListAllMyBuckets permission.
+// To use this operation, you must have the s3:ListAllMyBuckets permission. For
+// information about Amazon S3 buckets, see Creating, configuring, and working
+// with Amazon S3 buckets (https://docs.aws.amazon.com/AmazonS3/latest/userguide/creating-buckets-s3.html)
+// .
 func (c *Client) ListBuckets(ctx context.Context, params *ListBucketsInput, optFns ...func(*Options)) (*ListBucketsOutput, error) {
 	if params == nil {
 		params = &ListBucketsInput{}
@@ -56,6 +65,9 @@ func (c *Client) addOperationListBucketsMiddlewares(stack *middleware.Stack, opt
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -83,7 +95,7 @@ func (c *Client) addOperationListBucketsMiddlewares(stack *middleware.Stack, opt
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -95,12 +107,18 @@ func (c *Client) addOperationListBucketsMiddlewares(stack *middleware.Stack, opt
 	if err = swapWithCustomHTTPSignerMiddleware(stack, options); err != nil {
 		return err
 	}
+	if err = addListBucketsResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opListBuckets(options.Region), middleware.Before); err != nil {
 		return err
 	}
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addListBucketsUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
@@ -116,6 +134,12 @@ func (c *Client) addOperationListBucketsMiddlewares(stack *middleware.Stack, opt
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
+	if err = addSerializeImmutableHostnameBucketMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -143,3 +167,132 @@ func addListBucketsUpdateEndpoint(stack *middleware.Stack, options Options) erro
 		DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
 	})
 }
+
+type opListBucketsResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opListBucketsResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opListBucketsResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "s3"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, internalauth.SigV4)
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "s3"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, v4Scheme.Name)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("s3")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			ctx = s3cust.SetSignerVersion(ctx, v4a.Version)
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addListBucketsResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opListBucketsResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:                         options.Region,
+			UseFIPS:                        options.EndpointOptions.UseFIPSEndpoint,
+			UseDualStack:                   options.EndpointOptions.UseDualStackEndpoint,
+			Endpoint:                       options.BaseEndpoint,
+			ForcePathStyle:                 options.UsePathStyle,
+			Accelerate:                     options.UseAccelerate,
+			DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
+			UseArnRegion:                   options.UseARNRegion,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListMultipartUploads.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListMultipartUploads.go
index af281a252..4749ad10b 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListMultipartUploads.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListMultipartUploads.go
@@ -4,54 +4,43 @@ package s3
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	"github.com/aws/aws-sdk-go-v2/internal/v4a"
 	s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations"
 	"github.com/aws/aws-sdk-go-v2/service/s3/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
 
-// This action lists in-progress multipart uploads. An in-progress multipart upload
-// is a multipart upload that has been initiated using the Initiate Multipart
-// Upload request, but has not yet been completed or aborted. This action returns
-// at most 1,000 multipart uploads in the response. 1,000 multipart uploads is the
-// maximum number of uploads a response can include, which is also the default
-// value. You can further limit the number of uploads in a response by specifying
-// the max-uploads parameter in the response. If additional multipart uploads
-// satisfy the list criteria, the response will contain an IsTruncated element with
-// the value true. To list the additional multipart uploads, use the key-marker and
-// upload-id-marker request parameters. In the response, the uploads are sorted by
-// key. If your application has initiated more than one multipart upload using the
-// same object key, then uploads in the response are first sorted by key.
-// Additionally, uploads are sorted in ascending order within each key by the
-// upload initiation time. For more information on multipart uploads, see Uploading
-// Objects Using Multipart Upload
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/uploadobjusingmpu.html). For
-// information on permissions required to use the multipart upload API, see
-// Multipart Upload and Permissions
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html). The
-// following operations are related to ListMultipartUploads:
-//
-// *
-// CreateMultipartUpload
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html)
-//
-// *
-// UploadPart
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html)
-//
-// *
-// CompleteMultipartUpload
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CompleteMultipartUpload.html)
-//
-// *
-// ListParts
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListParts.html)
-//
-// *
-// AbortMultipartUpload
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_AbortMultipartUpload.html)
+// This action lists in-progress multipart uploads. An in-progress multipart
+// upload is a multipart upload that has been initiated using the Initiate
+// Multipart Upload request, but has not yet been completed or aborted. This action
+// returns at most 1,000 multipart uploads in the response. 1,000 multipart uploads
+// is the maximum number of uploads a response can include, which is also the
+// default value. You can further limit the number of uploads in a response by
+// specifying the max-uploads parameter in the response. If additional multipart
+// uploads satisfy the list criteria, the response will contain an IsTruncated
+// element with the value true. To list the additional multipart uploads, use the
+// key-marker and upload-id-marker request parameters. In the response, the
+// uploads are sorted by key. If your application has initiated more than one
+// multipart upload using the same object key, then uploads in the response are
+// first sorted by key. Additionally, uploads are sorted in ascending order within
+// each key by the upload initiation time. For more information on multipart
+// uploads, see Uploading Objects Using Multipart Upload (https://docs.aws.amazon.com/AmazonS3/latest/dev/uploadobjusingmpu.html)
+// . For information on permissions required to use the multipart upload API, see
+// Multipart Upload and Permissions (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html)
+// . The following operations are related to ListMultipartUploads :
+//   - CreateMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html)
+//   - UploadPart (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html)
+//   - CompleteMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CompleteMultipartUpload.html)
+//   - ListParts (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListParts.html)
+//   - AbortMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_AbortMultipartUpload.html)
 func (c *Client) ListMultipartUploads(ctx context.Context, params *ListMultipartUploadsInput, optFns ...func(*Options)) (*ListMultipartUploadsOutput, error) {
 	if params == nil {
 		params = &ListMultipartUploadsInput{}
@@ -75,34 +64,32 @@ type ListMultipartUploadsInput struct {
 	// AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this
 	// action with an access point through the Amazon Web Services SDKs, you provide
 	// the access point ARN in place of the bucket name. For more information about
-	// access point ARNs, see Using access points
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
-	// in the Amazon S3 User Guide. When using this action with Amazon S3 on Outposts,
-	// you must direct requests to the S3 on Outposts hostname. The S3 on Outposts
-	// hostname takes the form
-	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When using
-	// this action with S3 on Outposts through the Amazon Web Services SDKs, you
-	// provide the Outposts bucket ARN in place of the bucket name. For more
-	// information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) in the
-	// Amazon S3 User Guide.
+	// access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
+	// in the Amazon S3 User Guide. When you use this action with Amazon S3 on
+	// Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on
+	// Outposts hostname takes the form
+	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com . When you
+	// use this action with S3 on Outposts through the Amazon Web Services SDKs, you
+	// provide the Outposts access point ARN in place of the bucket name. For more
+	// information about S3 on Outposts ARNs, see What is S3 on Outposts? (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
+	// in the Amazon S3 User Guide.
 	//
 	// This member is required.
 	Bucket *string
 
 	// Character you use to group keys. All keys that contain the same string between
 	// the prefix, if specified, and the first occurrence of the delimiter after the
-	// prefix are grouped under a single result element, CommonPrefixes. If you don't
+	// prefix are grouped under a single result element, CommonPrefixes . If you don't
 	// specify the prefix parameter, then the substring starts at the beginning of the
 	// key. The keys that are grouped under CommonPrefixes result element are not
 	// returned elsewhere in the response.
 	Delimiter *string
 
 	// Requests Amazon S3 to encode the object keys in the response and specifies the
-	// encoding method to use. An object key may contain any Unicode character;
-	// however, XML 1.0 parser cannot parse some characters, such as characters with an
-	// ASCII value from 0 to 10. For characters that are not supported in XML 1.0, you
-	// can add this parameter to request that Amazon S3 encode the keys in the
+	// encoding method to use. An object key can contain any Unicode character;
+	// however, the XML 1.0 parser cannot parse some characters, such as characters
+	// with an ASCII value from 0 to 10. For characters that are not supported in XML
+	// 1.0, you can add this parameter to request that Amazon S3 encode the keys in the
 	// response.
 	EncodingType types.EncodingType
 
@@ -111,12 +98,13 @@ type ListMultipartUploadsInput struct {
 	// (access denied).
 	ExpectedBucketOwner *string
 
-	// Together with upload-id-marker, this parameter specifies the multipart upload
-	// after which listing should begin. If upload-id-marker is not specified, only the
-	// keys lexicographically greater than the specified key-marker will be included in
-	// the list. If upload-id-marker is specified, any multipart uploads for a key
-	// equal to the key-marker might also be included, provided those multipart uploads
-	// have upload IDs lexicographically greater than the specified upload-id-marker.
+	// Together with upload-id-marker , this parameter specifies the multipart upload
+	// after which listing should begin. If upload-id-marker is not specified, only
+	// the keys lexicographically greater than the specified key-marker will be
+	// included in the list. If upload-id-marker is specified, any multipart uploads
+	// for a key equal to the key-marker might also be included, provided those
+	// multipart uploads have upload IDs lexicographically greater than the specified
+	// upload-id-marker .
 	KeyMarker *string
 
 	// Sets the maximum number of multipart uploads, from 1 to 1,000, to return in the
@@ -126,15 +114,24 @@ type ListMultipartUploadsInput struct {
 
 	// Lists in-progress uploads only for those keys that begin with the specified
 	// prefix. You can use prefixes to separate a bucket into different grouping of
-	// keys. (You can think of using prefix to make groups in the same way you'd use a
-	// folder in a file system.)
+	// keys. (You can think of using prefix to make groups in the same way that you'd
+	// use a folder in a file system.)
 	Prefix *string
 
+	// Confirms that the requester knows that they will be charged for the request.
+	// Bucket owners need not specify this parameter in their requests. If either the
+	// source or destination Amazon S3 bucket has Requester Pays enabled, the requester
+	// will pay for corresponding charges to copy the object. For information about
+	// downloading objects from Requester Pays buckets, see Downloading Objects in
+	// Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
+	// in the Amazon S3 User Guide.
+	RequestPayer types.RequestPayer
+
 	// Together with key-marker, specifies the multipart upload after which listing
 	// should begin. If key-marker is not specified, the upload-id-marker parameter is
 	// ignored. Otherwise, any multipart uploads for a key equal to the key-marker
 	// might be included in the list only if they have an upload ID lexicographically
-	// greater than the specified upload-id-marker.
+	// greater than the specified upload-id-marker .
 	UploadIdMarker *string
 
 	noSmithyDocumentSerde
@@ -146,9 +143,9 @@ type ListMultipartUploadsOutput struct {
 	// return the access point ARN or access point alias if used.
 	Bucket *string
 
-	// If you specify a delimiter in the request, then the result returns each distinct
-	// key prefix containing the delimiter in a CommonPrefixes element. The distinct
-	// key prefixes are returned in the Prefix child element.
+	// If you specify a delimiter in the request, then the result returns each
+	// distinct key prefix containing the delimiter in a CommonPrefixes element. The
+	// distinct key prefixes are returned in the Prefix child element.
 	CommonPrefixes []types.CommonPrefix
 
 	// Contains the delimiter you specified in the request. If you don't specify a
@@ -156,9 +153,9 @@ type ListMultipartUploadsOutput struct {
 	Delimiter *string
 
 	// Encoding type used by Amazon S3 to encode object keys in the response. If you
-	// specify encoding-type request parameter, Amazon S3 includes this element in the
-	// response, and returns encoded key name values in the following response
-	// elements: Delimiter, KeyMarker, Prefix, NextKeyMarker, Key.
+	// specify the encoding-type request parameter, Amazon S3 includes this element in
+	// the response, and returns encoded key name values in the following response
+	// elements: Delimiter , KeyMarker , Prefix , NextKeyMarker , Key .
 	EncodingType types.EncodingType
 
 	// Indicates whether the returned list of multipart uploads is truncated. A value
@@ -186,6 +183,10 @@ type ListMultipartUploadsOutput struct {
 	// prefix. The result contains only keys starting with the specified prefix.
 	Prefix *string
 
+	// If present, indicates that the requester was successfully charged for the
+	// request.
+	RequestCharged types.RequestCharged
+
 	// Upload ID after which listing began.
 	UploadIdMarker *string
 
@@ -208,6 +209,9 @@ func (c *Client) addOperationListMultipartUploadsMiddlewares(stack *middleware.S
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -235,7 +239,7 @@ func (c *Client) addOperationListMultipartUploadsMiddlewares(stack *middleware.S
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -247,6 +251,9 @@ func (c *Client) addOperationListMultipartUploadsMiddlewares(stack *middleware.S
 	if err = swapWithCustomHTTPSignerMiddleware(stack, options); err != nil {
 		return err
 	}
+	if err = addListMultipartUploadsResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpListMultipartUploadsValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -256,6 +263,9 @@ func (c *Client) addOperationListMultipartUploadsMiddlewares(stack *middleware.S
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addListMultipartUploadsUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
@@ -271,9 +281,22 @@ func (c *Client) addOperationListMultipartUploadsMiddlewares(stack *middleware.S
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
+	if err = addSerializeImmutableHostnameBucketMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
+func (v *ListMultipartUploadsInput) bucket() (string, bool) {
+	if v.Bucket == nil {
+		return "", false
+	}
+	return *v.Bucket, true
+}
+
 func newServiceMetadataMiddleware_opListMultipartUploads(region string) *awsmiddleware.RegisterServiceMetadata {
 	return &awsmiddleware.RegisterServiceMetadata{
 		Region:        region,
@@ -308,3 +331,139 @@ func addListMultipartUploadsUpdateEndpoint(stack *middleware.Stack, options Opti
 		DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
 	})
 }
+
+type opListMultipartUploadsResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opListMultipartUploadsResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opListMultipartUploadsResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	input, ok := in.Parameters.(*ListMultipartUploadsInput)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	params.Bucket = input.Bucket
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "s3"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, internalauth.SigV4)
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "s3"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, v4Scheme.Name)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("s3")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			ctx = s3cust.SetSignerVersion(ctx, v4a.Version)
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addListMultipartUploadsResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opListMultipartUploadsResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:                         options.Region,
+			UseFIPS:                        options.EndpointOptions.UseFIPSEndpoint,
+			UseDualStack:                   options.EndpointOptions.UseDualStackEndpoint,
+			Endpoint:                       options.BaseEndpoint,
+			ForcePathStyle:                 options.UsePathStyle,
+			Accelerate:                     options.UseAccelerate,
+			DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
+			UseArnRegion:                   options.UseARNRegion,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListObjectVersions.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListObjectVersions.go
index f2d2b9fa9..00ef2e9ee 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListObjectVersions.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListObjectVersions.go
@@ -4,38 +4,33 @@ package s3
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	"github.com/aws/aws-sdk-go-v2/internal/v4a"
 	s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations"
 	"github.com/aws/aws-sdk-go-v2/service/s3/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
 
-// Returns metadata about all versions of the objects in a bucket. You can also use
-// request parameters as selection criteria to return metadata about a subset of
-// all the object versions. To use this operation, you must have permissions to
-// perform the s3:ListBucketVersions action. Be aware of the name difference. A 200
-// OK response can contain valid or invalid XML. Make sure to design your
+// Returns metadata about all versions of the objects in a bucket. You can also
+// use request parameters as selection criteria to return metadata about a subset
+// of all the object versions. To use this operation, you must have permission to
+// perform the s3:ListBucketVersions action. Be aware of the name difference. A
+// 200 OK response can contain valid or invalid XML. Make sure to design your
 // application to parse the contents of the response and handle it appropriately.
 // To use this operation, you must have READ access to the bucket. This action is
 // not supported by Amazon S3 on Outposts. The following operations are related to
-// ListObjectVersions:
-//
-// * ListObjectsV2
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListObjectsV2.html)
-//
-// *
-// GetObject
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html)
-//
-// *
-// PutObject
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html)
-//
-// *
-// DeleteObject
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObject.html)
+// ListObjectVersions :
+//   - ListObjectsV2 (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListObjectsV2.html)
+//   - GetObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html)
+//   - PutObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html)
+//   - DeleteObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObject.html)
 func (c *Client) ListObjectVersions(ctx context.Context, params *ListObjectVersionsInput, optFns ...func(*Options)) (*ListObjectVersionsOutput, error) {
 	if params == nil {
 		params = &ListObjectVersionsInput{}
@@ -58,18 +53,18 @@ type ListObjectVersionsInput struct {
 	// This member is required.
 	Bucket *string
 
-	// A delimiter is a character that you specify to group keys. All keys that contain
-	// the same string between the prefix and the first occurrence of the delimiter are
-	// grouped under a single result element in CommonPrefixes. These groups are
-	// counted as one result against the max-keys limitation. These keys are not
-	// returned elsewhere in the response.
+	// A delimiter is a character that you specify to group keys. All keys that
+	// contain the same string between the prefix and the first occurrence of the
+	// delimiter are grouped under a single result element in CommonPrefixes . These
+	// groups are counted as one result against the max-keys limitation. These keys
+	// are not returned elsewhere in the response.
 	Delimiter *string
 
 	// Requests Amazon S3 to encode the object keys in the response and specifies the
-	// encoding method to use. An object key may contain any Unicode character;
-	// however, XML 1.0 parser cannot parse some characters, such as characters with an
-	// ASCII value from 0 to 10. For characters that are not supported in XML 1.0, you
-	// can add this parameter to request that Amazon S3 encode the keys in the
+	// encoding method to use. An object key can contain any Unicode character;
+	// however, the XML 1.0 parser cannot parse some characters, such as characters
+	// with an ASCII value from 0 to 10. For characters that are not supported in XML
+	// 1.0, you can add this parameter to request that Amazon S3 encode the keys in the
 	// response.
 	EncodingType types.EncodingType
 
@@ -81,20 +76,33 @@ type ListObjectVersionsInput struct {
 	// Specifies the key to start with when listing objects in a bucket.
 	KeyMarker *string
 
-	// Sets the maximum number of keys returned in the response. By default the action
-	// returns up to 1,000 key names. The response might contain fewer keys but will
-	// never contain more. If additional keys satisfy the search criteria, but were not
-	// returned because max-keys was exceeded, the response contains true. To return
-	// the additional keys, see key-marker and version-id-marker.
+	// Sets the maximum number of keys returned in the response. By default, the
+	// action returns up to 1,000 key names. The response might contain fewer keys but
+	// will never contain more. If additional keys satisfy the search criteria, but
+	// were not returned because max-keys was exceeded, the response contains true . To
+	// return the additional keys, see key-marker and version-id-marker .
 	MaxKeys int32
 
+	// Specifies the optional fields that you want returned in the response. Fields
+	// that you do not specify are not returned.
+	OptionalObjectAttributes []types.OptionalObjectAttributes
+
 	// Use this parameter to select only those keys that begin with the specified
 	// prefix. You can use prefixes to separate a bucket into different groupings of
-	// keys. (You can think of using prefix to make groups in the same way you'd use a
-	// folder in a file system.) You can use prefix with delimiter to roll up numerous
-	// objects into a single result under CommonPrefixes.
+	// keys. (You can think of using prefix to make groups in the same way that you'd
+	// use a folder in a file system.) You can use prefix with delimiter to roll up
+	// numerous objects into a single result under CommonPrefixes .
 	Prefix *string
 
+	// Confirms that the requester knows that they will be charged for the request.
+	// Bucket owners need not specify this parameter in their requests. If either the
+	// source or destination Amazon S3 bucket has Requester Pays enabled, the requester
+	// will pay for corresponding charges to copy the object. For information about
+	// downloading objects from Requester Pays buckets, see Downloading Objects in
+	// Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
+	// in the Amazon S3 User Guide.
+	RequestPayer types.RequestPayer
+
 	// Specifies the object version you want to start listing from.
 	VersionIdMarker *string
 
@@ -113,19 +121,19 @@ type ListObjectVersionsOutput struct {
 	// The delimiter grouping the included keys. A delimiter is a character that you
 	// specify to group keys. All keys that contain the same string between the prefix
 	// and the first occurrence of the delimiter are grouped under a single result
-	// element in CommonPrefixes. These groups are counted as one result against the
+	// element in CommonPrefixes . These groups are counted as one result against the
 	// max-keys limitation. These keys are not returned elsewhere in the response.
 	Delimiter *string
 
 	// Encoding type used by Amazon S3 to encode object key names in the XML response.
-	// If you specify encoding-type request parameter, Amazon S3 includes this element
-	// in the response, and returns encoded key name values in the following response
-	// elements: KeyMarker, NextKeyMarker, Prefix, Key, and Delimiter.
+	// If you specify the encoding-type request parameter, Amazon S3 includes this
+	// element in the response, and returns encoded key name values in the following
+	// response elements: KeyMarker, NextKeyMarker, Prefix, Key , and Delimiter .
 	EncodingType types.EncodingType
 
 	// A flag that indicates whether Amazon S3 returned all of the results that
 	// satisfied the search criteria. If your results were truncated, you can make a
-	// follow-up paginated request using the NextKeyMarker and NextVersionIdMarker
+	// follow-up paginated request by using the NextKeyMarker and NextVersionIdMarker
 	// response parameters as a starting place in another request to return the rest of
 	// the results.
 	IsTruncated bool
@@ -139,12 +147,12 @@ type ListObjectVersionsOutput struct {
 	// The bucket name.
 	Name *string
 
-	// When the number of responses exceeds the value of MaxKeys, NextKeyMarker
+	// When the number of responses exceeds the value of MaxKeys , NextKeyMarker
 	// specifies the first key not returned that satisfies the search criteria. Use
 	// this value for the key-marker request parameter in a subsequent request.
 	NextKeyMarker *string
 
-	// When the number of responses exceeds the value of MaxKeys, NextVersionIdMarker
+	// When the number of responses exceeds the value of MaxKeys , NextVersionIdMarker
 	// specifies the first object version not returned that satisfies the search
 	// criteria. Use this value for the version-id-marker request parameter in a
 	// subsequent request.
@@ -153,6 +161,10 @@ type ListObjectVersionsOutput struct {
 	// Selects objects that start with the value supplied by this parameter.
 	Prefix *string
 
+	// If present, indicates that the requester was successfully charged for the
+	// request.
+	RequestCharged types.RequestCharged
+
 	// Marks the last version of the key returned in a truncated response.
 	VersionIdMarker *string
 
@@ -174,6 +186,9 @@ func (c *Client) addOperationListObjectVersionsMiddlewares(stack *middleware.Sta
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -201,7 +216,7 @@ func (c *Client) addOperationListObjectVersionsMiddlewares(stack *middleware.Sta
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -213,6 +228,9 @@ func (c *Client) addOperationListObjectVersionsMiddlewares(stack *middleware.Sta
 	if err = swapWithCustomHTTPSignerMiddleware(stack, options); err != nil {
 		return err
 	}
+	if err = addListObjectVersionsResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpListObjectVersionsValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -222,6 +240,9 @@ func (c *Client) addOperationListObjectVersionsMiddlewares(stack *middleware.Sta
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addListObjectVersionsUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
@@ -237,9 +258,22 @@ func (c *Client) addOperationListObjectVersionsMiddlewares(stack *middleware.Sta
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
+	if err = addSerializeImmutableHostnameBucketMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
+func (v *ListObjectVersionsInput) bucket() (string, bool) {
+	if v.Bucket == nil {
+		return "", false
+	}
+	return *v.Bucket, true
+}
+
 func newServiceMetadataMiddleware_opListObjectVersions(region string) *awsmiddleware.RegisterServiceMetadata {
 	return &awsmiddleware.RegisterServiceMetadata{
 		Region:        region,
@@ -274,3 +308,139 @@ func addListObjectVersionsUpdateEndpoint(stack *middleware.Stack, options Option
 		DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
 	})
 }
+
+type opListObjectVersionsResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opListObjectVersionsResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opListObjectVersionsResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	input, ok := in.Parameters.(*ListObjectVersionsInput)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	params.Bucket = input.Bucket
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "s3"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, internalauth.SigV4)
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "s3"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, v4Scheme.Name)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("s3")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			ctx = s3cust.SetSignerVersion(ctx, v4a.Version)
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addListObjectVersionsResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opListObjectVersionsResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:                         options.Region,
+			UseFIPS:                        options.EndpointOptions.UseFIPSEndpoint,
+			UseDualStack:                   options.EndpointOptions.UseDualStackEndpoint,
+			Endpoint:                       options.BaseEndpoint,
+			ForcePathStyle:                 options.UsePathStyle,
+			Accelerate:                     options.UseAccelerate,
+			DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
+			UseArnRegion:                   options.UseARNRegion,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListObjects.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListObjects.go
index b2d83ff74..19821bba2 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListObjects.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListObjects.go
@@ -4,10 +4,16 @@ package s3
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	"github.com/aws/aws-sdk-go-v2/internal/v4a"
 	s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations"
 	"github.com/aws/aws-sdk-go-v2/service/s3/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -17,30 +23,14 @@ import (
 // bucket. A 200 OK response can contain valid or invalid XML. Be sure to design
 // your application to parse the contents of the response and handle it
 // appropriately. This action has been revised. We recommend that you use the newer
-// version, ListObjectsV2
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListObjectsV2.html), when
-// developing applications. For backward compatibility, Amazon S3 continues to
-// support ListObjects. The following operations are related to ListObjects:
-//
-// *
-// ListObjectsV2
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListObjectsV2.html)
-//
-// *
-// GetObject
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html)
-//
-// *
-// PutObject
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html)
-//
-// *
-// CreateBucket
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html)
-//
-// *
-// ListBuckets
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBuckets.html)
+// version, ListObjectsV2 (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListObjectsV2.html)
+// , when developing applications. For backward compatibility, Amazon S3 continues
+// to support ListObjects . The following operations are related to ListObjects :
+//   - ListObjectsV2 (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListObjectsV2.html)
+//   - GetObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html)
+//   - PutObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html)
+//   - CreateBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html)
+//   - ListBuckets (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBuckets.html)
 func (c *Client) ListObjects(ctx context.Context, params *ListObjectsInput, optFns ...func(*Options)) (*ListObjectsOutput, error) {
 	if params == nil {
 		params = &ListObjectsInput{}
@@ -64,29 +54,27 @@ type ListObjectsInput struct {
 	// AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this
 	// action with an access point through the Amazon Web Services SDKs, you provide
 	// the access point ARN in place of the bucket name. For more information about
-	// access point ARNs, see Using access points
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
-	// in the Amazon S3 User Guide. When using this action with Amazon S3 on Outposts,
-	// you must direct requests to the S3 on Outposts hostname. The S3 on Outposts
-	// hostname takes the form
-	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When using
-	// this action with S3 on Outposts through the Amazon Web Services SDKs, you
-	// provide the Outposts bucket ARN in place of the bucket name. For more
-	// information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) in the
-	// Amazon S3 User Guide.
+	// access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
+	// in the Amazon S3 User Guide. When you use this action with Amazon S3 on
+	// Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on
+	// Outposts hostname takes the form
+	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com . When you
+	// use this action with S3 on Outposts through the Amazon Web Services SDKs, you
+	// provide the Outposts access point ARN in place of the bucket name. For more
+	// information about S3 on Outposts ARNs, see What is S3 on Outposts? (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
+	// in the Amazon S3 User Guide.
 	//
 	// This member is required.
 	Bucket *string
 
-	// A delimiter is a character you use to group keys.
+	// A delimiter is a character that you use to group keys.
 	Delimiter *string
 
 	// Requests Amazon S3 to encode the object keys in the response and specifies the
-	// encoding method to use. An object key may contain any Unicode character;
-	// however, XML 1.0 parser cannot parse some characters, such as characters with an
-	// ASCII value from 0 to 10. For characters that are not supported in XML 1.0, you
-	// can add this parameter to request that Amazon S3 encode the keys in the
+	// encoding method to use. An object key can contain any Unicode character;
+	// however, the XML 1.0 parser cannot parse some characters, such as characters
+	// with an ASCII value from 0 to 10. For characters that are not supported in XML
+	// 1.0, you can add this parameter to request that Amazon S3 encode the keys in the
 	// response.
 	EncodingType types.EncodingType
 
@@ -99,11 +87,15 @@ type ListObjectsInput struct {
 	// listing after this specified key. Marker can be any key in the bucket.
 	Marker *string
 
-	// Sets the maximum number of keys returned in the response. By default the action
-	// returns up to 1,000 key names. The response might contain fewer keys but will
-	// never contain more.
+	// Sets the maximum number of keys returned in the response. By default, the
+	// action returns up to 1,000 key names. The response might contain fewer keys but
+	// will never contain more.
 	MaxKeys int32
 
+	// Specifies the optional fields that you want returned in the response. Fields
+	// that you do not specify are not returned.
+	OptionalObjectAttributes []types.OptionalObjectAttributes
+
 	// Limits the response to keys that begin with the specified prefix.
 	Prefix *string
 
@@ -122,10 +114,10 @@ type ListObjectsOutput struct {
 	// CommonPrefixes only if you specify a delimiter. CommonPrefixes contains all (if
 	// there are any) keys between Prefix and the next occurrence of the string
 	// specified by the delimiter. CommonPrefixes lists keys that act like
-	// subdirectories in the directory specified by Prefix. For example, if the prefix
-	// is notes/ and the delimiter is a slash (/) as in notes/summer/july, the common
-	// prefix is notes/summer/. All of the keys that roll up into a common prefix count
-	// as a single return when calculating the number of returns.
+	// subdirectories in the directory specified by Prefix . For example, if the prefix
+	// is notes/ and the delimiter is a slash ( / ), as in notes/summer/july , the
+	// common prefix is notes/summer/ . All of the keys that roll up into a common
+	// prefix count as a single return when calculating the number of returns.
 	CommonPrefixes []types.CommonPrefix
 
 	// Metadata about each object returned.
@@ -145,8 +137,8 @@ type ListObjectsOutput struct {
 	// satisfied the search criteria.
 	IsTruncated bool
 
-	// Indicates where in the bucket listing begins. Marker is included in the response
-	// if it was sent with the request.
+	// Indicates where in the bucket listing begins. Marker is included in the
+	// response if it was sent with the request.
 	Marker *string
 
 	// The maximum number of keys returned in the response body.
@@ -155,18 +147,23 @@ type ListObjectsOutput struct {
 	// The bucket name.
 	Name *string
 
-	// When response is truncated (the IsTruncated element value in the response is
-	// true), you can use the key name in this field as marker in the subsequent
-	// request to get next set of objects. Amazon S3 lists objects in alphabetical
-	// order Note: This element is returned only if you have delimiter request
-	// parameter specified. If response does not include the NextMarker and it is
-	// truncated, you can use the value of the last Key in the response as the marker
-	// in the subsequent request to get the next set of object keys.
+	// When the response is truncated (the IsTruncated element value in the response
+	// is true ), you can use the key name in this field as the marker parameter in
+	// the subsequent request to get the next set of objects. Amazon S3 lists objects
+	// in alphabetical order. This element is returned only if you have the delimiter
+	// request parameter specified. If the response does not include the NextMarker
+	// element and it is truncated, you can use the value of the last Key element in
+	// the response as the marker parameter in the subsequent request to get the next
+	// set of object keys.
 	NextMarker *string
 
 	// Keys that begin with the indicated prefix.
 	Prefix *string
 
+	// If present, indicates that the requester was successfully charged for the
+	// request.
+	RequestCharged types.RequestCharged
+
 	// Metadata pertaining to the operation's result.
 	ResultMetadata middleware.Metadata
 
@@ -182,6 +179,9 @@ func (c *Client) addOperationListObjectsMiddlewares(stack *middleware.Stack, opt
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -209,7 +209,7 @@ func (c *Client) addOperationListObjectsMiddlewares(stack *middleware.Stack, opt
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -221,6 +221,9 @@ func (c *Client) addOperationListObjectsMiddlewares(stack *middleware.Stack, opt
 	if err = swapWithCustomHTTPSignerMiddleware(stack, options); err != nil {
 		return err
 	}
+	if err = addListObjectsResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpListObjectsValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -230,6 +233,9 @@ func (c *Client) addOperationListObjectsMiddlewares(stack *middleware.Stack, opt
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addListObjectsUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
@@ -245,9 +251,22 @@ func (c *Client) addOperationListObjectsMiddlewares(stack *middleware.Stack, opt
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
+	if err = addSerializeImmutableHostnameBucketMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
+func (v *ListObjectsInput) bucket() (string, bool) {
+	if v.Bucket == nil {
+		return "", false
+	}
+	return *v.Bucket, true
+}
+
 func newServiceMetadataMiddleware_opListObjects(region string) *awsmiddleware.RegisterServiceMetadata {
 	return &awsmiddleware.RegisterServiceMetadata{
 		Region:        region,
@@ -282,3 +301,139 @@ func addListObjectsUpdateEndpoint(stack *middleware.Stack, options Options) erro
 		DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
 	})
 }
+
+type opListObjectsResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opListObjectsResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opListObjectsResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	input, ok := in.Parameters.(*ListObjectsInput)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	params.Bucket = input.Bucket
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "s3"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, internalauth.SigV4)
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "s3"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, v4Scheme.Name)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("s3")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			ctx = s3cust.SetSignerVersion(ctx, v4a.Version)
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addListObjectsResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opListObjectsResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:                         options.Region,
+			UseFIPS:                        options.EndpointOptions.UseFIPSEndpoint,
+			UseDualStack:                   options.EndpointOptions.UseDualStackEndpoint,
+			Endpoint:                       options.BaseEndpoint,
+			ForcePathStyle:                 options.UsePathStyle,
+			Accelerate:                     options.UseAccelerate,
+			DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
+			UseArnRegion:                   options.UseARNRegion,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListObjectsV2.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListObjectsV2.go
index 6214d2471..db25aadf5 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListObjectsV2.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListObjectsV2.go
@@ -4,11 +4,16 @@ package s3
 
 import (
 	"context"
+	"errors"
 	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	"github.com/aws/aws-sdk-go-v2/internal/v4a"
 	s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations"
 	"github.com/aws/aws-sdk-go-v2/service/s3/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -19,35 +24,23 @@ import (
 // Make sure to design your application to parse the contents of the response and
 // handle it appropriately. Objects are returned sorted in an ascending order of
 // the respective key names in the list. For more information about listing
-// objects, see Listing object keys programmatically
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/ListingKeysUsingAPIs.html)
-// To use this operation, you must have READ access to the bucket. To use this
-// action in an Identity and Access Management (IAM) policy, you must have
-// permissions to perform the s3:ListBucket action. The bucket owner has this
-// permission by default and can grant this permission to others. For more
-// information about permissions, see Permissions Related to Bucket Subresource
-// Operations
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
-// and Managing Access Permissions to Your Amazon S3 Resources
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html).
-// This section describes the latest revision of this action. We recommend that you
-// use this revised API for application development. For backward compatibility,
-// Amazon S3 continues to support the prior version of this API, ListObjects
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListObjects.html). To get a
-// list of your buckets, see ListBuckets
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBuckets.html). The
-// following operations are related to ListObjectsV2:
-//
-// * GetObject
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html)
-//
-// *
-// PutObject
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html)
-//
-// *
-// CreateBucket
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html)
+// objects, see Listing object keys programmatically (https://docs.aws.amazon.com/AmazonS3/latest/userguide/ListingKeysUsingAPIs.html)
+// in the Amazon S3 User Guide. To use this operation, you must have READ access to
+// the bucket. To use this action in an Identity and Access Management (IAM)
+// policy, you must have permission to perform the s3:ListBucket action. The
+// bucket owner has this permission by default and can grant this permission to
+// others. For more information about permissions, see Permissions Related to
+// Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
+// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html)
+// in the Amazon S3 User Guide. This section describes the latest revision of this
+// action. We recommend that you use this revised API operation for application
+// development. For backward compatibility, Amazon S3 continues to support the
+// prior version of this API operation, ListObjects (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListObjects.html)
+// . To get a list of your buckets, see ListBuckets (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBuckets.html)
+// . The following operations are related to ListObjectsV2 :
+//   - GetObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html)
+//   - PutObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html)
+//   - CreateBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html)
 func (c *Client) ListObjectsV2(ctx context.Context, params *ListObjectsV2Input, optFns ...func(*Options)) (*ListObjectsV2Output, error) {
 	if params == nil {
 		params = &ListObjectsV2Input{}
@@ -70,26 +63,24 @@ type ListObjectsV2Input struct {
 	// the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When
 	// using this action with an access point through the Amazon Web Services SDKs, you
 	// provide the access point ARN in place of the bucket name. For more information
-	// about access point ARNs, see Using access points
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
-	// in the Amazon S3 User Guide. When using this action with Amazon S3 on Outposts,
-	// you must direct requests to the S3 on Outposts hostname. The S3 on Outposts
-	// hostname takes the form
-	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When using
-	// this action with S3 on Outposts through the Amazon Web Services SDKs, you
-	// provide the Outposts bucket ARN in place of the bucket name. For more
-	// information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) in the
-	// Amazon S3 User Guide.
+	// about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
+	// in the Amazon S3 User Guide. When you use this action with Amazon S3 on
+	// Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on
+	// Outposts hostname takes the form
+	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com . When you
+	// use this action with S3 on Outposts through the Amazon Web Services SDKs, you
+	// provide the Outposts access point ARN in place of the bucket name. For more
+	// information about S3 on Outposts ARNs, see What is S3 on Outposts? (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
+	// in the Amazon S3 User Guide.
 	//
 	// This member is required.
 	Bucket *string
 
-	// ContinuationToken indicates Amazon S3 that the list is being continued on this
-	// bucket with a token. ContinuationToken is obfuscated and is not a real key.
+	// ContinuationToken indicates to Amazon S3 that the list is being continued on
+	// this bucket with a token. ContinuationToken is obfuscated and is not a real key.
 	ContinuationToken *string
 
-	// A delimiter is a character you use to group keys.
+	// A delimiter is a character that you use to group keys.
 	Delimiter *string
 
 	// Encoding type used by Amazon S3 to encode object keys in the response.
@@ -100,15 +91,20 @@ type ListObjectsV2Input struct {
 	// (access denied).
 	ExpectedBucketOwner *string
 
-	// The owner field is not present in listV2 by default, if you want to return owner
-	// field with each key in the result then set the fetch owner field to true.
+	// The owner field is not present in ListObjectsV2 by default. If you want to
+	// return the owner field with each key in the result, then set the FetchOwner
+	// field to true .
 	FetchOwner bool
 
-	// Sets the maximum number of keys returned in the response. By default the action
-	// returns up to 1,000 key names. The response might contain fewer keys but will
-	// never contain more.
+	// Sets the maximum number of keys returned in the response. By default, the
+	// action returns up to 1,000 key names. The response might contain fewer keys but
+	// will never contain more.
 	MaxKeys int32
 
+	// Specifies the optional fields that you want returned in the response. Fields
+	// that you do not specify are not returned.
+	OptionalObjectAttributes []types.OptionalObjectAttributes
+
 	// Limits the response to keys that begin with the specified prefix.
 	Prefix *string
 
@@ -130,11 +126,11 @@ type ListObjectsV2Output struct {
 	// return when calculating the number of returns. A response can contain
 	// CommonPrefixes only if you specify a delimiter. CommonPrefixes contains all (if
 	// there are any) keys between Prefix and the next occurrence of the string
-	// specified by a delimiter. CommonPrefixes lists keys that act like subdirectories
-	// in the directory specified by Prefix. For example, if the prefix is notes/ and
-	// the delimiter is a slash (/) as in notes/summer/july, the common prefix is
-	// notes/summer/. All of the keys that roll up into a common prefix count as a
-	// single return when calculating the number of returns.
+	// specified by a delimiter. CommonPrefixes lists keys that act like
+	// subdirectories in the directory specified by Prefix . For example, if the prefix
+	// is notes/ and the delimiter is a slash ( / ) as in notes/summer/july , the
+	// common prefix is notes/summer/ . All of the keys that roll up into a common
+	// prefix count as a single return when calculating the number of returns.
 	CommonPrefixes []types.CommonPrefix
 
 	// Metadata about each object returned.
@@ -153,22 +149,22 @@ type ListObjectsV2Output struct {
 	// Encoding type used by Amazon S3 to encode object key names in the XML response.
 	// If you specify the encoding-type request parameter, Amazon S3 includes this
 	// element in the response, and returns encoded key name values in the following
-	// response elements: Delimiter, Prefix, Key, and StartAfter.
+	// response elements: Delimiter, Prefix, Key, and StartAfter .
 	EncodingType types.EncodingType
 
 	// Set to false if all of the results were returned. Set to true if more keys are
-	// available to return. If the number of results exceeds that specified by MaxKeys,
-	// all of the results might not be returned.
+	// available to return. If the number of results exceeds that specified by MaxKeys
+	// , all of the results might not be returned.
 	IsTruncated bool
 
 	// KeyCount is the number of keys returned with this request. KeyCount will always
-	// be less than or equals to MaxKeys field. Say you ask for 50 keys, your result
-	// will include less than equals 50 keys
+	// be less than or equal to the MaxKeys field. For example, if you ask for 50
+	// keys, your result will include 50 keys or fewer.
 	KeyCount int32
 
-	// Sets the maximum number of keys returned in the response. By default the action
-	// returns up to 1,000 key names. The response might contain fewer keys but will
-	// never contain more.
+	// Sets the maximum number of keys returned in the response. By default, the
+	// action returns up to 1,000 key names. The response might contain fewer keys but
+	// will never contain more.
 	MaxKeys int32
 
 	// The bucket name. When using this action with an access point, you must direct
@@ -176,28 +172,30 @@ type ListObjectsV2Output struct {
 	// AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this
 	// action with an access point through the Amazon Web Services SDKs, you provide
 	// the access point ARN in place of the bucket name. For more information about
-	// access point ARNs, see Using access points
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
-	// in the Amazon S3 User Guide. When using this action with Amazon S3 on Outposts,
-	// you must direct requests to the S3 on Outposts hostname. The S3 on Outposts
-	// hostname takes the form
-	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When using
-	// this action with S3 on Outposts through the Amazon Web Services SDKs, you
-	// provide the Outposts bucket ARN in place of the bucket name. For more
-	// information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) in the
-	// Amazon S3 User Guide.
+	// access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
+	// in the Amazon S3 User Guide. When you use this action with Amazon S3 on
+	// Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on
+	// Outposts hostname takes the form
+	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com . When you
+	// use this action with S3 on Outposts through the Amazon Web Services SDKs, you
+	// provide the Outposts access point ARN in place of the bucket name. For more
+	// information about S3 on Outposts ARNs, see What is S3 on Outposts? (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
+	// in the Amazon S3 User Guide.
 	Name *string
 
 	// NextContinuationToken is sent when isTruncated is true, which means there are
 	// more keys in the bucket that can be listed. The next list requests to Amazon S3
-	// can be continued with this NextContinuationToken. NextContinuationToken is
+	// can be continued with this NextContinuationToken . NextContinuationToken is
 	// obfuscated and is not a real key
 	NextContinuationToken *string
 
 	// Keys that begin with the indicated prefix.
 	Prefix *string
 
+	// If present, indicates that the requester was successfully charged for the
+	// request.
+	RequestCharged types.RequestCharged
+
 	// If StartAfter was sent with the request, it is included in the response.
 	StartAfter *string
 
@@ -216,6 +214,9 @@ func (c *Client) addOperationListObjectsV2Middlewares(stack *middleware.Stack, o
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -243,7 +244,7 @@ func (c *Client) addOperationListObjectsV2Middlewares(stack *middleware.Stack, o
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -255,6 +256,9 @@ func (c *Client) addOperationListObjectsV2Middlewares(stack *middleware.Stack, o
 	if err = swapWithCustomHTTPSignerMiddleware(stack, options); err != nil {
 		return err
 	}
+	if err = addListObjectsV2ResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpListObjectsV2ValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -264,6 +268,9 @@ func (c *Client) addOperationListObjectsV2Middlewares(stack *middleware.Stack, o
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addListObjectsV2UpdateEndpoint(stack, options); err != nil {
 		return err
 	}
@@ -279,9 +286,22 @@ func (c *Client) addOperationListObjectsV2Middlewares(stack *middleware.Stack, o
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
+	if err = addSerializeImmutableHostnameBucketMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
+func (v *ListObjectsV2Input) bucket() (string, bool) {
+	if v.Bucket == nil {
+		return "", false
+	}
+	return *v.Bucket, true
+}
+
 // ListObjectsV2APIClient is a client that implements the ListObjectsV2 operation.
 type ListObjectsV2APIClient interface {
 	ListObjectsV2(context.Context, *ListObjectsV2Input, ...func(*Options)) (*ListObjectsV2Output, error)
@@ -291,9 +311,9 @@ var _ ListObjectsV2APIClient = (*Client)(nil)
 
 // ListObjectsV2PaginatorOptions is the paginator options for ListObjectsV2
 type ListObjectsV2PaginatorOptions struct {
-	// Sets the maximum number of keys returned in the response. By default the action
-	// returns up to 1,000 key names. The response might contain fewer keys but will
-	// never contain more.
+	// Sets the maximum number of keys returned in the response. By default, the
+	// action returns up to 1,000 key names. The response might contain fewer keys but
+	// will never contain more.
 	Limit int32
 
 	// Set to true if pagination should stop if the service returns a pagination token
@@ -406,3 +426,139 @@ func addListObjectsV2UpdateEndpoint(stack *middleware.Stack, options Options) er
 		DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
 	})
 }
+
+type opListObjectsV2ResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opListObjectsV2ResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opListObjectsV2ResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	input, ok := in.Parameters.(*ListObjectsV2Input)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	params.Bucket = input.Bucket
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "s3"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, internalauth.SigV4)
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "s3"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, v4Scheme.Name)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("s3")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			ctx = s3cust.SetSignerVersion(ctx, v4a.Version)
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addListObjectsV2ResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opListObjectsV2ResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:                         options.Region,
+			UseFIPS:                        options.EndpointOptions.UseFIPSEndpoint,
+			UseDualStack:                   options.EndpointOptions.UseDualStackEndpoint,
+			Endpoint:                       options.BaseEndpoint,
+			ForcePathStyle:                 options.UsePathStyle,
+			Accelerate:                     options.UseAccelerate,
+			DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
+			UseArnRegion:                   options.UseARNRegion,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListParts.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListParts.go
index 36675dcd7..14ef6f91f 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListParts.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListParts.go
@@ -4,11 +4,16 @@ package s3
 
 import (
 	"context"
+	"errors"
 	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	"github.com/aws/aws-sdk-go-v2/internal/v4a"
 	s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations"
 	"github.com/aws/aws-sdk-go-v2/service/s3/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 	"time"
@@ -16,46 +21,26 @@ import (
 
 // Lists the parts that have been uploaded for a specific multipart upload. This
 // operation must include the upload ID, which you obtain by sending the initiate
-// multipart upload request (see CreateMultipartUpload
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html)).
-// This request returns a maximum of 1,000 uploaded parts. The default number of
+// multipart upload request (see CreateMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html)
+// ). This request returns a maximum of 1,000 uploaded parts. The default number of
 // parts returned is 1,000 parts. You can restrict the number of parts returned by
-// specifying the max-parts request parameter. If your multipart upload consists of
-// more than 1,000 parts, the response returns an IsTruncated field with the value
-// of true, and a NextPartNumberMarker element. In subsequent ListParts requests
-// you can include the part-number-marker query string parameter and set its value
-// to the NextPartNumberMarker field value from the previous response. If the
-// upload was created using a checksum algorithm, you will need to have permission
-// to the kms:Decrypt action for the request to succeed. For more information on
-// multipart uploads, see Uploading Objects Using Multipart Upload
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/uploadobjusingmpu.html). For
-// information on permissions required to use the multipart upload API, see
-// Multipart Upload and Permissions
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html). The
-// following operations are related to ListParts:
-//
-// * CreateMultipartUpload
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html)
-//
-// *
-// UploadPart
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html)
-//
-// *
-// CompleteMultipartUpload
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CompleteMultipartUpload.html)
-//
-// *
-// AbortMultipartUpload
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_AbortMultipartUpload.html)
-//
-// *
-// GetObjectAttributes
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectAttributes.html)
-//
-// *
-// ListMultipartUploads
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListMultipartUploads.html)
+// specifying the max-parts request parameter. If your multipart upload consists
+// of more than 1,000 parts, the response returns an IsTruncated field with the
+// value of true, and a NextPartNumberMarker element. In subsequent ListParts
+// requests you can include the part-number-marker query string parameter and set
+// its value to the NextPartNumberMarker field value from the previous response.
+// If the upload was created using a checksum algorithm, you will need to have
+// permission to the kms:Decrypt action for the request to succeed. For more
+// information on multipart uploads, see Uploading Objects Using Multipart Upload (https://docs.aws.amazon.com/AmazonS3/latest/dev/uploadobjusingmpu.html)
+// . For information on permissions required to use the multipart upload API, see
+// Multipart Upload and Permissions (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html)
+// . The following operations are related to ListParts :
+//   - CreateMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html)
+//   - UploadPart (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html)
+//   - CompleteMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CompleteMultipartUpload.html)
+//   - AbortMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_AbortMultipartUpload.html)
+//   - GetObjectAttributes (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectAttributes.html)
+//   - ListMultipartUploads (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListMultipartUploads.html)
 func (c *Client) ListParts(ctx context.Context, params *ListPartsInput, optFns ...func(*Options)) (*ListPartsOutput, error) {
 	if params == nil {
 		params = &ListPartsInput{}
@@ -79,17 +64,15 @@ type ListPartsInput struct {
 	// AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this
 	// action with an access point through the Amazon Web Services SDKs, you provide
 	// the access point ARN in place of the bucket name. For more information about
-	// access point ARNs, see Using access points
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
-	// in the Amazon S3 User Guide. When using this action with Amazon S3 on Outposts,
-	// you must direct requests to the S3 on Outposts hostname. The S3 on Outposts
-	// hostname takes the form
-	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When using
-	// this action with S3 on Outposts through the Amazon Web Services SDKs, you
-	// provide the Outposts bucket ARN in place of the bucket name. For more
-	// information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) in the
-	// Amazon S3 User Guide.
+	// access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
+	// in the Amazon S3 User Guide. When you use this action with Amazon S3 on
+	// Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on
+	// Outposts hostname takes the form
+	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com . When you
+	// use this action with S3 on Outposts through the Amazon Web Services SDKs, you
+	// provide the Outposts access point ARN in place of the bucket name. For more
+	// information about S3 on Outposts ARNs, see What is S3 on Outposts? (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
+	// in the Amazon S3 User Guide.
 	//
 	// This member is required.
 	Bucket *string
@@ -112,36 +95,34 @@ type ListPartsInput struct {
 	// Sets the maximum number of parts to return.
 	MaxParts int32
 
-	// Specifies the part after which listing should begin. Only parts with higher part
-	// numbers will be listed.
+	// Specifies the part after which listing should begin. Only parts with higher
+	// part numbers will be listed.
 	PartNumberMarker *string
 
 	// Confirms that the requester knows that they will be charged for the request.
-	// Bucket owners need not specify this parameter in their requests. For information
-	// about downloading objects from Requester Pays buckets, see Downloading Objects
-	// in Requester Pays Buckets
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
+	// Bucket owners need not specify this parameter in their requests. If either the
+	// source or destination Amazon S3 bucket has Requester Pays enabled, the requester
+	// will pay for corresponding charges to copy the object. For information about
+	// downloading objects from Requester Pays buckets, see Downloading Objects in
+	// Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
 	// in the Amazon S3 User Guide.
 	RequestPayer types.RequestPayer
 
 	// The server-side encryption (SSE) algorithm used to encrypt the object. This
 	// parameter is needed only when the object was created using a checksum algorithm.
-	// For more information, see Protecting data using SSE-C keys
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html)
+	// For more information, see Protecting data using SSE-C keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html)
 	// in the Amazon S3 User Guide.
 	SSECustomerAlgorithm *string
 
 	// The server-side encryption (SSE) customer managed key. This parameter is needed
 	// only when the object was created using a checksum algorithm. For more
-	// information, see Protecting data using SSE-C keys
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html)
+	// information, see Protecting data using SSE-C keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html)
 	// in the Amazon S3 User Guide.
 	SSECustomerKey *string
 
 	// The MD5 server-side encryption (SSE) customer managed key. This parameter is
 	// needed only when the object was created using a checksum algorithm. For more
-	// information, see Protecting data using SSE-C keys
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html)
+	// information, see Protecting data using SSE-C keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html)
 	// in the Amazon S3 User Guide.
 	SSECustomerKeyMD5 *string
 
@@ -150,15 +131,14 @@ type ListPartsInput struct {
 
 type ListPartsOutput struct {
 
-	// If the bucket has a lifecycle rule configured with an action to abort incomplete
-	// multipart uploads and the prefix in the lifecycle rule matches the object name
-	// in the request, then the response includes this header indicating when the
-	// initiated multipart upload will become eligible for abort operation. For more
-	// information, see Aborting Incomplete Multipart Uploads Using a Bucket Lifecycle
-	// Policy
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html#mpu-abort-incomplete-mpu-lifecycle-config).
-	// The response will also include the x-amz-abort-rule-id header that will provide
-	// the ID of the lifecycle configuration rule that defines this action.
+	// If the bucket has a lifecycle rule configured with an action to abort
+	// incomplete multipart uploads and the prefix in the lifecycle rule matches the
+	// object name in the request, then the response includes this header indicating
+	// when the initiated multipart upload will become eligible for abort operation.
+	// For more information, see Aborting Incomplete Multipart Uploads Using a Bucket
+	// Lifecycle Configuration (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html#mpu-abort-incomplete-mpu-lifecycle-config)
+	// . The response will also include the x-amz-abort-rule-id header that will
+	// provide the ID of the lifecycle configuration rule that defines this action.
 	AbortDate *time.Time
 
 	// This header is returned along with the x-amz-abort-date header. It identifies
@@ -195,9 +175,9 @@ type ListPartsOutput struct {
 	// subsequent request.
 	NextPartNumberMarker *string
 
-	// Container element that identifies the object owner, after the object is created.
-	// If multipart upload is initiated by an IAM user, this element provides the
-	// parent account ID and display name.
+	// Container element that identifies the object owner, after the object is
+	// created. If multipart upload is initiated by an IAM user, this element provides
+	// the parent account ID and display name.
 	Owner *types.Owner
 
 	// When a list is truncated, this element specifies the last part in the list, as
@@ -205,8 +185,8 @@ type ListPartsOutput struct {
 	// subsequent request.
 	PartNumberMarker *string
 
-	// Container for elements related to a particular part. A response can contain zero
-	// or more Part elements.
+	// Container for elements related to a particular part. A response can contain
+	// zero or more Part elements.
 	Parts []types.Part
 
 	// If present, indicates that the requester was successfully charged for the
@@ -235,6 +215,9 @@ func (c *Client) addOperationListPartsMiddlewares(stack *middleware.Stack, optio
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -262,7 +245,7 @@ func (c *Client) addOperationListPartsMiddlewares(stack *middleware.Stack, optio
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -274,6 +257,9 @@ func (c *Client) addOperationListPartsMiddlewares(stack *middleware.Stack, optio
 	if err = swapWithCustomHTTPSignerMiddleware(stack, options); err != nil {
 		return err
 	}
+	if err = addListPartsResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpListPartsValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -283,6 +269,9 @@ func (c *Client) addOperationListPartsMiddlewares(stack *middleware.Stack, optio
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addListPartsUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
@@ -298,9 +287,22 @@ func (c *Client) addOperationListPartsMiddlewares(stack *middleware.Stack, optio
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
+	if err = addSerializeImmutableHostnameBucketMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
+func (v *ListPartsInput) bucket() (string, bool) {
+	if v.Bucket == nil {
+		return "", false
+	}
+	return *v.Bucket, true
+}
+
 // ListPartsAPIClient is a client that implements the ListParts operation.
 type ListPartsAPIClient interface {
 	ListParts(context.Context, *ListPartsInput, ...func(*Options)) (*ListPartsOutput, error)
@@ -422,3 +424,139 @@ func addListPartsUpdateEndpoint(stack *middleware.Stack, options Options) error
 		DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
 	})
 }
+
+type opListPartsResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opListPartsResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opListPartsResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	input, ok := in.Parameters.(*ListPartsInput)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	params.Bucket = input.Bucket
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "s3"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, internalauth.SigV4)
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "s3"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, v4Scheme.Name)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("s3")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			ctx = s3cust.SetSignerVersion(ctx, v4a.Version)
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addListPartsResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opListPartsResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:                         options.Region,
+			UseFIPS:                        options.EndpointOptions.UseFIPSEndpoint,
+			UseDualStack:                   options.EndpointOptions.UseDualStackEndpoint,
+			Endpoint:                       options.BaseEndpoint,
+			ForcePathStyle:                 options.UsePathStyle,
+			Accelerate:                     options.UseAccelerate,
+			DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
+			UseArnRegion:                   options.UseARNRegion,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketAccelerateConfiguration.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketAccelerateConfiguration.go
index 7875798f2..723273d98 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketAccelerateConfiguration.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketAccelerateConfiguration.go
@@ -4,11 +4,17 @@ package s3
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	"github.com/aws/aws-sdk-go-v2/internal/v4a"
 	internalChecksum "github.com/aws/aws-sdk-go-v2/service/internal/checksum"
 	s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations"
 	"github.com/aws/aws-sdk-go-v2/service/s3/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -19,37 +25,23 @@ import (
 // perform the s3:PutAccelerateConfiguration action. The bucket owner has this
 // permission by default. The bucket owner can grant this permission to others. For
 // more information about permissions, see Permissions Related to Bucket
-// Subresource Operations
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
-// and Managing Access Permissions to Your Amazon S3 Resources
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html).
-// The Transfer Acceleration state of a bucket can be set to one of the following
+// Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
+// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html)
+// . The Transfer Acceleration state of a bucket can be set to one of the following
 // two values:
+//   - Enabled – Enables accelerated data transfers to the bucket.
+//   - Suspended – Disables accelerated data transfers to the bucket.
 //
-// * Enabled – Enables accelerated data transfers to the bucket.
-//
-// *
-// Suspended – Disables accelerated data transfers to the bucket.
-//
-// The
-// GetBucketAccelerateConfiguration
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketAccelerateConfiguration.html)
+// The GetBucketAccelerateConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketAccelerateConfiguration.html)
 // action returns the transfer acceleration state of a bucket. After setting the
 // Transfer Acceleration state of a bucket to Enabled, it might take up to thirty
 // minutes before the data transfer rates to the bucket increase. The name of the
 // bucket used for Transfer Acceleration must be DNS-compliant and must not contain
 // periods ("."). For more information about transfer acceleration, see Transfer
-// Acceleration
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/transfer-acceleration.html).
-// The following operations are related to PutBucketAccelerateConfiguration:
-//
-// *
-// GetBucketAccelerateConfiguration
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketAccelerateConfiguration.html)
-//
-// *
-// CreateBucket
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html)
+// Acceleration (https://docs.aws.amazon.com/AmazonS3/latest/dev/transfer-acceleration.html)
+// . The following operations are related to PutBucketAccelerateConfiguration :
+//   - GetBucketAccelerateConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketAccelerateConfiguration.html)
+//   - CreateBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html)
 func (c *Client) PutBucketAccelerateConfiguration(ctx context.Context, params *PutBucketAccelerateConfigurationInput, optFns ...func(*Options)) (*PutBucketAccelerateConfigurationOutput, error) {
 	if params == nil {
 		params = &PutBucketAccelerateConfigurationInput{}
@@ -81,9 +73,8 @@ type PutBucketAccelerateConfigurationInput struct {
 	// the SDK. This header will not provide any additional functionality if not using
 	// the SDK. When sending this header, there must be a corresponding x-amz-checksum
 	// or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with the
-	// HTTP status code 400 Bad Request. For more information, see Checking object
-	// integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// HTTP status code 400 Bad Request . For more information, see Checking object
+	// integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
 	// in the Amazon S3 User Guide. If you provide an individual checksum, Amazon S3
 	// ignores any provided ChecksumAlgorithm parameter.
 	ChecksumAlgorithm types.ChecksumAlgorithm
@@ -112,6 +103,9 @@ func (c *Client) addOperationPutBucketAccelerateConfigurationMiddlewares(stack *
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -139,7 +133,7 @@ func (c *Client) addOperationPutBucketAccelerateConfigurationMiddlewares(stack *
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -151,6 +145,9 @@ func (c *Client) addOperationPutBucketAccelerateConfigurationMiddlewares(stack *
 	if err = swapWithCustomHTTPSignerMiddleware(stack, options); err != nil {
 		return err
 	}
+	if err = addPutBucketAccelerateConfigurationResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpPutBucketAccelerateConfigurationValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -160,6 +157,9 @@ func (c *Client) addOperationPutBucketAccelerateConfigurationMiddlewares(stack *
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addPutBucketAccelerateConfigurationInputChecksumMiddlewares(stack, options); err != nil {
 		return err
 	}
@@ -178,9 +178,22 @@ func (c *Client) addOperationPutBucketAccelerateConfigurationMiddlewares(stack *
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
+	if err = addSerializeImmutableHostnameBucketMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
+func (v *PutBucketAccelerateConfigurationInput) bucket() (string, bool) {
+	if v.Bucket == nil {
+		return "", false
+	}
+	return *v.Bucket, true
+}
+
 func newServiceMetadataMiddleware_opPutBucketAccelerateConfiguration(region string) *awsmiddleware.RegisterServiceMetadata {
 	return &awsmiddleware.RegisterServiceMetadata{
 		Region:        region,
@@ -235,3 +248,139 @@ func addPutBucketAccelerateConfigurationUpdateEndpoint(stack *middleware.Stack,
 		DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
 	})
 }
+
+type opPutBucketAccelerateConfigurationResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opPutBucketAccelerateConfigurationResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opPutBucketAccelerateConfigurationResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	input, ok := in.Parameters.(*PutBucketAccelerateConfigurationInput)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	params.Bucket = input.Bucket
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "s3"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, internalauth.SigV4)
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "s3"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, v4Scheme.Name)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("s3")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			ctx = s3cust.SetSignerVersion(ctx, v4a.Version)
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addPutBucketAccelerateConfigurationResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opPutBucketAccelerateConfigurationResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:                         options.Region,
+			UseFIPS:                        options.EndpointOptions.UseFIPSEndpoint,
+			UseDualStack:                   options.EndpointOptions.UseDualStackEndpoint,
+			Endpoint:                       options.BaseEndpoint,
+			ForcePathStyle:                 options.UsePathStyle,
+			Accelerate:                     options.UseAccelerate,
+			DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
+			UseArnRegion:                   options.UseARNRegion,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketAcl.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketAcl.go
index bc28a9960..bb706bbee 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketAcl.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketAcl.go
@@ -4,156 +4,103 @@ package s3
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	"github.com/aws/aws-sdk-go-v2/internal/v4a"
 	internalChecksum "github.com/aws/aws-sdk-go-v2/service/internal/checksum"
 	s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations"
 	"github.com/aws/aws-sdk-go-v2/service/s3/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
 
-// Sets the permissions on an existing bucket using access control lists (ACL). For
-// more information, see Using ACLs
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/S3_ACLs_UsingACLs.html). To set
-// the ACL of a bucket, you must have WRITE_ACP permission. You can use one of the
-// following two ways to set a bucket's permissions:
-//
-// * Specify the ACL in the
-// request body
-//
-// * Specify permissions using request headers
-//
-// You cannot specify
-// access permission using both the body and the request headers. Depending on your
-// application needs, you may choose to set the ACL on a bucket using either the
-// request body or the headers. For example, if you have an existing application
-// that updates a bucket ACL using the request body, then you can continue to use
-// that approach. If your bucket uses the bucket owner enforced setting for S3
-// Object Ownership, ACLs are disabled and no longer affect permissions. You must
-// use policies to grant access to your bucket and the objects in it. Requests to
-// set ACLs or update ACLs fail and return the AccessControlListNotSupported error
-// code. Requests to read ACLs are still supported. For more information, see
-// Controlling object ownership
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html)
-// in the Amazon S3 User Guide. Access Permissions You can set access permissions
-// using one of the following methods:
-//
-// * Specify a canned ACL with the x-amz-acl
-// request header. Amazon S3 supports a set of predefined ACLs, known as canned
-// ACLs. Each canned ACL has a predefined set of grantees and permissions. Specify
-// the canned ACL name as the value of x-amz-acl. If you use this header, you
-// cannot use other access control-specific headers in your request. For more
-// information, see Canned ACL
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL).
-//
-// *
-// Specify access permissions explicitly with the x-amz-grant-read,
-// x-amz-grant-read-acp, x-amz-grant-write-acp, and x-amz-grant-full-control
-// headers. When using these headers, you specify explicit access permissions and
-// grantees (Amazon Web Services accounts or Amazon S3 groups) who will receive the
-// permission. If you use these ACL-specific headers, you cannot use the x-amz-acl
-// header to set a canned ACL. These parameters map to the set of permissions that
-// Amazon S3 supports in an ACL. For more information, see Access Control List
-// (ACL) Overview
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html). You specify
-// each grantee as a type=value pair, where the type is one of the following:
-//
-// * id
-// – if the value specified is the canonical user ID of an Amazon Web Services
-// account
-//
-// * uri – if you are granting permissions to a predefined group
-//
-// *
-// emailAddress – if the value specified is the email address of an Amazon Web
-// Services account Using email addresses to specify a grantee is only supported in
-// the following Amazon Web Services Regions:
-//
-// * US East (N. Virginia)
-//
-// * US West
-// (N. California)
-//
-// * US West (Oregon)
-//
-// * Asia Pacific (Singapore)
-//
-// * Asia Pacific
-// (Sydney)
-//
-// * Asia Pacific (Tokyo)
-//
-// * Europe (Ireland)
-//
-// * South America (São
-// Paulo)
-//
-// For a list of all the Amazon S3 supported Regions and endpoints, see
-// Regions and Endpoints
-// (https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region) in the
-// Amazon Web Services General Reference.
-//
-// For example, the following
-// x-amz-grant-write header grants create, overwrite, and delete objects permission
-// to LogDelivery group predefined by Amazon S3 and two Amazon Web Services
-// accounts identified by their email addresses. x-amz-grant-write:
-// uri="http://acs.amazonaws.com/groups/s3/LogDelivery", id="111122223333",
-// id="555566667777"
-//
-// You can use either a canned ACL or specify access permissions
-// explicitly. You cannot do both. Grantee Values You can specify the person
-// (grantee) to whom you're assigning access rights (using request elements) in the
-// following ways:
-//
-// * By the person's ID: <>ID<><>GranteesEmail<>  DisplayName is
-// optional and ignored in the request
-//
-// * By URI:
-// <>http://acs.amazonaws.com/groups/global/AuthenticatedUsers<>
-//
-// * By Email
-// address: <>Grantees@email.com<>lt;/Grantee> The grantee is resolved to the
-// CanonicalUser and, in a response to a GET Object acl request, appears as the
-// CanonicalUser. Using email addresses to specify a grantee is only supported in
-// the following Amazon Web Services Regions:
-//
-// * US East (N. Virginia)
-//
-// * US West
-// (N. California)
-//
-// * US West (Oregon)
-//
-// * Asia Pacific (Singapore)
-//
-// * Asia Pacific
-// (Sydney)
-//
-// * Asia Pacific (Tokyo)
-//
-// * Europe (Ireland)
-//
-// * South America (São
-// Paulo)
-//
-// For a list of all the Amazon S3 supported Regions and endpoints, see
-// Regions and Endpoints
-// (https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region) in the
-// Amazon Web Services General Reference.
-//
-// # Related Resources
-//
-// * CreateBucket
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html)
-//
-// *
-// DeleteBucket
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucket.html)
-//
-// *
-// GetObjectAcl
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectAcl.html)
+// Sets the permissions on an existing bucket using access control lists (ACL).
+// For more information, see Using ACLs (https://docs.aws.amazon.com/AmazonS3/latest/dev/S3_ACLs_UsingACLs.html)
+// . To set the ACL of a bucket, you must have WRITE_ACP permission. You can use
+// one of the following two ways to set a bucket's permissions:
+//   - Specify the ACL in the request body
+//   - Specify permissions using request headers
+//
+// You cannot specify access permission using both the body and the request
+// headers. Depending on your application needs, you may choose to set the ACL on a
+// bucket using either the request body or the headers. For example, if you have an
+// existing application that updates a bucket ACL using the request body, then you
+// can continue to use that approach. If your bucket uses the bucket owner enforced
+// setting for S3 Object Ownership, ACLs are disabled and no longer affect
+// permissions. You must use policies to grant access to your bucket and the
+// objects in it. Requests to set ACLs or update ACLs fail and return the
+// AccessControlListNotSupported error code. Requests to read ACLs are still
+// supported. For more information, see Controlling object ownership (https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html)
+// in the Amazon S3 User Guide. Permissions You can set access permissions by using
+// one of the following methods:
+//   - Specify a canned ACL with the x-amz-acl request header. Amazon S3 supports a
+//     set of predefined ACLs, known as canned ACLs. Each canned ACL has a predefined
+//     set of grantees and permissions. Specify the canned ACL name as the value of
+//     x-amz-acl . If you use this header, you cannot use other access
+//     control-specific headers in your request. For more information, see Canned ACL (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL)
+//     .
+//   - Specify access permissions explicitly with the x-amz-grant-read ,
+//     x-amz-grant-read-acp , x-amz-grant-write-acp , and x-amz-grant-full-control
+//     headers. When using these headers, you specify explicit access permissions and
+//     grantees (Amazon Web Services accounts or Amazon S3 groups) who will receive the
+//     permission. If you use these ACL-specific headers, you cannot use the
+//     x-amz-acl header to set a canned ACL. These parameters map to the set of
+//     permissions that Amazon S3 supports in an ACL. For more information, see
+//     Access Control List (ACL) Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html)
+//     . You specify each grantee as a type=value pair, where the type is one of the
+//     following:
+//   - id – if the value specified is the canonical user ID of an Amazon Web
+//     Services account
+//   - uri – if you are granting permissions to a predefined group
+//   - emailAddress – if the value specified is the email address of an Amazon Web
+//     Services account Using email addresses to specify a grantee is only supported in
+//     the following Amazon Web Services Regions:
+//   - US East (N. Virginia)
+//   - US West (N. California)
+//   - US West (Oregon)
+//   - Asia Pacific (Singapore)
+//   - Asia Pacific (Sydney)
+//   - Asia Pacific (Tokyo)
+//   - Europe (Ireland)
+//   - South America (São Paulo) For a list of all the Amazon S3 supported Regions
+//     and endpoints, see Regions and Endpoints (https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region)
+//     in the Amazon Web Services General Reference. For example, the following
+//     x-amz-grant-write header grants create, overwrite, and delete objects
+//     permission to LogDelivery group predefined by Amazon S3 and two Amazon Web
+//     Services accounts identified by their email addresses. x-amz-grant-write:
+//     uri="http://acs.amazonaws.com/groups/s3/LogDelivery", id="111122223333",
+//     id="555566667777"
+//
+// You can use either a canned ACL or specify access permissions explicitly. You
+// cannot do both. Grantee Values You can specify the person (grantee) to whom
+// you're assigning access rights (using request elements) in the following ways:
+//   - By the person's ID: <>ID<><>GranteesEmail<> DisplayName is optional and
+//     ignored in the request
+//   - By URI: <>http://acs.amazonaws.com/groups/global/AuthenticatedUsers<>
+//   - By Email address: <>Grantees@email.com<>& The grantee is resolved to the
+//     CanonicalUser and, in a response to a GET Object acl request, appears as the
+//     CanonicalUser. Using email addresses to specify a grantee is only supported in
+//     the following Amazon Web Services Regions:
+//   - US East (N. Virginia)
+//   - US West (N. California)
+//   - US West (Oregon)
+//   - Asia Pacific (Singapore)
+//   - Asia Pacific (Sydney)
+//   - Asia Pacific (Tokyo)
+//   - Europe (Ireland)
+//   - South America (São Paulo) For a list of all the Amazon S3 supported Regions
+//     and endpoints, see Regions and Endpoints (https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region)
+//     in the Amazon Web Services General Reference.
+//
+// The following operations are related to PutBucketAcl :
+//   - CreateBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html)
+//   - DeleteBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucket.html)
+//   - GetObjectAcl (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectAcl.html)
 func (c *Client) PutBucketAcl(ctx context.Context, params *PutBucketAclInput, optFns ...func(*Options)) (*PutBucketAclOutput, error) {
 	if params == nil {
 		params = &PutBucketAclInput{}
@@ -186,19 +133,17 @@ type PutBucketAclInput struct {
 	// the SDK. This header will not provide any additional functionality if not using
 	// the SDK. When sending this header, there must be a corresponding x-amz-checksum
 	// or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with the
-	// HTTP status code 400 Bad Request. For more information, see Checking object
-	// integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// HTTP status code 400 Bad Request . For more information, see Checking object
+	// integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
 	// in the Amazon S3 User Guide. If you provide an individual checksum, Amazon S3
 	// ignores any provided ChecksumAlgorithm parameter.
 	ChecksumAlgorithm types.ChecksumAlgorithm
 
-	// The base64-encoded 128-bit MD5 digest of the data. This header must be used as a
-	// message integrity check to verify that the request body was not corrupted in
-	// transit. For more information, go to RFC 1864.
-	// (http://www.ietf.org/rfc/rfc1864.txt) For requests made using the Amazon Web
-	// Services Command Line Interface (CLI) or Amazon Web Services SDKs, this field is
-	// calculated automatically.
+	// The base64-encoded 128-bit MD5 digest of the data. This header must be used as
+	// a message integrity check to verify that the request body was not corrupted in
+	// transit. For more information, go to RFC 1864. (http://www.ietf.org/rfc/rfc1864.txt)
+	// For requests made using the Amazon Web Services Command Line Interface (CLI) or
+	// Amazon Web Services SDKs, this field is calculated automatically.
 	ContentMD5 *string
 
 	// The account ID of the expected bucket owner. If the bucket is owned by a
@@ -243,6 +188,9 @@ func (c *Client) addOperationPutBucketAclMiddlewares(stack *middleware.Stack, op
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -270,7 +218,7 @@ func (c *Client) addOperationPutBucketAclMiddlewares(stack *middleware.Stack, op
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -282,6 +230,9 @@ func (c *Client) addOperationPutBucketAclMiddlewares(stack *middleware.Stack, op
 	if err = swapWithCustomHTTPSignerMiddleware(stack, options); err != nil {
 		return err
 	}
+	if err = addPutBucketAclResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpPutBucketAclValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -291,6 +242,9 @@ func (c *Client) addOperationPutBucketAclMiddlewares(stack *middleware.Stack, op
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addPutBucketAclInputChecksumMiddlewares(stack, options); err != nil {
 		return err
 	}
@@ -309,9 +263,22 @@ func (c *Client) addOperationPutBucketAclMiddlewares(stack *middleware.Stack, op
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
+	if err = addSerializeImmutableHostnameBucketMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
+func (v *PutBucketAclInput) bucket() (string, bool) {
+	if v.Bucket == nil {
+		return "", false
+	}
+	return *v.Bucket, true
+}
+
 func newServiceMetadataMiddleware_opPutBucketAcl(region string) *awsmiddleware.RegisterServiceMetadata {
 	return &awsmiddleware.RegisterServiceMetadata{
 		Region:        region,
@@ -366,3 +333,139 @@ func addPutBucketAclUpdateEndpoint(stack *middleware.Stack, options Options) err
 		DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
 	})
 }
+
+type opPutBucketAclResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opPutBucketAclResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opPutBucketAclResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	input, ok := in.Parameters.(*PutBucketAclInput)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	params.Bucket = input.Bucket
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "s3"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, internalauth.SigV4)
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "s3"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, v4Scheme.Name)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("s3")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			ctx = s3cust.SetSignerVersion(ctx, v4a.Version)
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addPutBucketAclResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opPutBucketAclResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:                         options.Region,
+			UseFIPS:                        options.EndpointOptions.UseFIPSEndpoint,
+			UseDualStack:                   options.EndpointOptions.UseDualStackEndpoint,
+			Endpoint:                       options.BaseEndpoint,
+			ForcePathStyle:                 options.UsePathStyle,
+			Accelerate:                     options.UseAccelerate,
+			DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
+			UseArnRegion:                   options.UseARNRegion,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketAnalyticsConfiguration.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketAnalyticsConfiguration.go
index da70d547e..581c5ca46 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketAnalyticsConfiguration.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketAnalyticsConfiguration.go
@@ -4,10 +4,16 @@ package s3
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	"github.com/aws/aws-sdk-go-v2/internal/v4a"
 	s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations"
 	"github.com/aws/aws-sdk-go-v2/service/s3/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -22,60 +28,35 @@ import (
 // to a destination bucket in a different account. However, the destination bucket
 // must be in the same Region as the bucket that you are making the PUT analytics
 // configuration to. For more information, see Amazon S3 Analytics – Storage Class
-// Analysis
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/analytics-storage-class.html).
-// You must create a bucket policy on the destination bucket where the exported
+// Analysis (https://docs.aws.amazon.com/AmazonS3/latest/dev/analytics-storage-class.html)
+// . You must create a bucket policy on the destination bucket where the exported
 // file is written to grant permissions to Amazon S3 to write objects to the
 // bucket. For an example policy, see Granting Permissions for Amazon S3 Inventory
-// and Storage Class Analysis
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/example-bucket-policies.html#example-bucket-policies-use-case-9).
-// To use this operation, you must have permissions to perform the
+// and Storage Class Analysis (https://docs.aws.amazon.com/AmazonS3/latest/dev/example-bucket-policies.html#example-bucket-policies-use-case-9)
+// . To use this operation, you must have permissions to perform the
 // s3:PutAnalyticsConfiguration action. The bucket owner has this permission by
 // default. The bucket owner can grant this permission to others. For more
 // information about permissions, see Permissions Related to Bucket Subresource
-// Operations
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
-// and Managing Access Permissions to Your Amazon S3 Resources
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html).
-// Special Errors
+// Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
+// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html)
+// . PutBucketAnalyticsConfiguration has the following special errors:
+//   - HTTP Error: HTTP 400 Bad Request
+//   - Code: InvalidArgument
+//   - Cause: Invalid argument.
+//   - HTTP Error: HTTP 400 Bad Request
+//   - Code: TooManyConfigurations
+//   - Cause: You are attempting to create a new configuration but have already
+//     reached the 1,000-configuration limit.
+//   - HTTP Error: HTTP 403 Forbidden
+//   - Code: AccessDenied
+//   - Cause: You are not the owner of the specified bucket, or you do not have
+//     the s3:PutAnalyticsConfiguration bucket permission to set the configuration on
+//     the bucket.
 //
-// * HTTP Error: HTTP 400 Bad Request
-//
-// * Code: InvalidArgument
-//
-// *
-// Cause: Invalid argument.
-//
-// * HTTP Error: HTTP 400 Bad Request
-//
-// * Code:
-// TooManyConfigurations
-//
-// * Cause: You are attempting to create a new configuration
-// but have already reached the 1,000-configuration limit.
-//
-// * HTTP Error: HTTP 403
-// Forbidden
-//
-// * Code: AccessDenied
-//
-// * Cause: You are not the owner of the specified
-// bucket, or you do not have the s3:PutAnalyticsConfiguration bucket permission to
-// set the configuration on the bucket.
-//
-// # Related Resources
-//
-// *
-// GetBucketAnalyticsConfiguration
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketAnalyticsConfiguration.html)
-//
-// *
-// DeleteBucketAnalyticsConfiguration
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketAnalyticsConfiguration.html)
-//
-// *
-// ListBucketAnalyticsConfigurations
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketAnalyticsConfigurations.html)
+// The following operations are related to PutBucketAnalyticsConfiguration :
+//   - GetBucketAnalyticsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketAnalyticsConfiguration.html)
+//   - DeleteBucketAnalyticsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketAnalyticsConfiguration.html)
+//   - ListBucketAnalyticsConfigurations (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketAnalyticsConfigurations.html)
 func (c *Client) PutBucketAnalyticsConfiguration(ctx context.Context, params *PutBucketAnalyticsConfigurationInput, optFns ...func(*Options)) (*PutBucketAnalyticsConfigurationOutput, error) {
 	if params == nil {
 		params = &PutBucketAnalyticsConfigurationInput{}
@@ -132,6 +113,9 @@ func (c *Client) addOperationPutBucketAnalyticsConfigurationMiddlewares(stack *m
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -159,7 +143,7 @@ func (c *Client) addOperationPutBucketAnalyticsConfigurationMiddlewares(stack *m
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -171,6 +155,9 @@ func (c *Client) addOperationPutBucketAnalyticsConfigurationMiddlewares(stack *m
 	if err = swapWithCustomHTTPSignerMiddleware(stack, options); err != nil {
 		return err
 	}
+	if err = addPutBucketAnalyticsConfigurationResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpPutBucketAnalyticsConfigurationValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -180,6 +167,9 @@ func (c *Client) addOperationPutBucketAnalyticsConfigurationMiddlewares(stack *m
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addPutBucketAnalyticsConfigurationUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
@@ -195,9 +185,22 @@ func (c *Client) addOperationPutBucketAnalyticsConfigurationMiddlewares(stack *m
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
+	if err = addSerializeImmutableHostnameBucketMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
+func (v *PutBucketAnalyticsConfigurationInput) bucket() (string, bool) {
+	if v.Bucket == nil {
+		return "", false
+	}
+	return *v.Bucket, true
+}
+
 func newServiceMetadataMiddleware_opPutBucketAnalyticsConfiguration(region string) *awsmiddleware.RegisterServiceMetadata {
 	return &awsmiddleware.RegisterServiceMetadata{
 		Region:        region,
@@ -232,3 +235,139 @@ func addPutBucketAnalyticsConfigurationUpdateEndpoint(stack *middleware.Stack, o
 		DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
 	})
 }
+
+type opPutBucketAnalyticsConfigurationResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opPutBucketAnalyticsConfigurationResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opPutBucketAnalyticsConfigurationResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	input, ok := in.Parameters.(*PutBucketAnalyticsConfigurationInput)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	params.Bucket = input.Bucket
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "s3"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, internalauth.SigV4)
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "s3"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, v4Scheme.Name)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("s3")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			ctx = s3cust.SetSignerVersion(ctx, v4a.Version)
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addPutBucketAnalyticsConfigurationResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opPutBucketAnalyticsConfigurationResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:                         options.Region,
+			UseFIPS:                        options.EndpointOptions.UseFIPSEndpoint,
+			UseDualStack:                   options.EndpointOptions.UseDualStackEndpoint,
+			Endpoint:                       options.BaseEndpoint,
+			ForcePathStyle:                 options.UsePathStyle,
+			Accelerate:                     options.UseAccelerate,
+			DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
+			UseArnRegion:                   options.UseARNRegion,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketCors.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketCors.go
index 55a67f188..7a1f49c33 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketCors.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketCors.go
@@ -4,57 +4,49 @@ package s3
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	"github.com/aws/aws-sdk-go-v2/internal/v4a"
 	internalChecksum "github.com/aws/aws-sdk-go-v2/service/internal/checksum"
 	s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations"
 	"github.com/aws/aws-sdk-go-v2/service/s3/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
 
-// Sets the cors configuration for your bucket. If the configuration exists, Amazon
-// S3 replaces it. To use this operation, you must be allowed to perform the
+// Sets the cors configuration for your bucket. If the configuration exists,
+// Amazon S3 replaces it. To use this operation, you must be allowed to perform the
 // s3:PutBucketCORS action. By default, the bucket owner has this permission and
 // can grant it to others. You set this configuration on a bucket so that the
 // bucket can service cross-origin requests. For example, you might want to enable
-// a request whose origin is http://www.example.com to access your Amazon S3 bucket
-// at my.example.bucket.com by using the browser's XMLHttpRequest capability. To
-// enable cross-origin resource sharing (CORS) on a bucket, you add the cors
-// subresource to the bucket. The cors subresource is an XML document in which you
-// configure rules that identify origins and the HTTP methods that can be executed
-// on your bucket. The document is limited to 64 KB in size. When Amazon S3
-// receives a cross-origin request (or a pre-flight OPTIONS request) against a
+// a request whose origin is http://www.example.com to access your Amazon S3
+// bucket at my.example.bucket.com by using the browser's XMLHttpRequest
+// capability. To enable cross-origin resource sharing (CORS) on a bucket, you add
+// the cors subresource to the bucket. The cors subresource is an XML document in
+// which you configure rules that identify origins and the HTTP methods that can be
+// executed on your bucket. The document is limited to 64 KB in size. When Amazon
+// S3 receives a cross-origin request (or a pre-flight OPTIONS request) against a
 // bucket, it evaluates the cors configuration on the bucket and uses the first
 // CORSRule rule that matches the incoming browser request to enable a cross-origin
 // request. For a rule to match, the following conditions must be met:
+//   - The request's Origin header must match AllowedOrigin elements.
+//   - The request method (for example, GET, PUT, HEAD, and so on) or the
+//     Access-Control-Request-Method header in case of a pre-flight OPTIONS request
+//     must be one of the AllowedMethod elements.
+//   - Every header specified in the Access-Control-Request-Headers request header
+//     of a pre-flight request must match an AllowedHeader element.
 //
-// * The
-// request's Origin header must match AllowedOrigin elements.
-//
-// * The request method
-// (for example, GET, PUT, HEAD, and so on) or the Access-Control-Request-Method
-// header in case of a pre-flight OPTIONS request must be one of the AllowedMethod
-// elements.
-//
-// * Every header specified in the Access-Control-Request-Headers
-// request header of a pre-flight request must match an AllowedHeader element.
-//
-// For
-// more information about CORS, go to Enabling Cross-Origin Resource Sharing
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/cors.html) in the Amazon S3
-// User Guide. Related Resources
-//
-// * GetBucketCors
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketCors.html)
-//
-// *
-// DeleteBucketCors
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketCors.html)
-//
-// *
-// RESTOPTIONSobject
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTOPTIONSobject.html)
+// For more information about CORS, go to Enabling Cross-Origin Resource Sharing (https://docs.aws.amazon.com/AmazonS3/latest/dev/cors.html)
+// in the Amazon S3 User Guide. The following operations are related to
+// PutBucketCors :
+//   - GetBucketCors (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketCors.html)
+//   - DeleteBucketCors (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketCors.html)
+//   - RESTOPTIONSobject (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTOPTIONSobject.html)
 func (c *Client) PutBucketCors(ctx context.Context, params *PutBucketCorsInput, optFns ...func(*Options)) (*PutBucketCorsOutput, error) {
 	if params == nil {
 		params = &PutBucketCorsInput{}
@@ -72,15 +64,14 @@ func (c *Client) PutBucketCors(ctx context.Context, params *PutBucketCorsInput,
 
 type PutBucketCorsInput struct {
 
-	// Specifies the bucket impacted by the corsconfiguration.
+	// Specifies the bucket impacted by the cors configuration.
 	//
 	// This member is required.
 	Bucket *string
 
 	// Describes the cross-origin access configuration for objects in an Amazon S3
-	// bucket. For more information, see Enabling Cross-Origin Resource Sharing
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/cors.html) in the Amazon S3
-	// User Guide.
+	// bucket. For more information, see Enabling Cross-Origin Resource Sharing (https://docs.aws.amazon.com/AmazonS3/latest/dev/cors.html)
+	// in the Amazon S3 User Guide.
 	//
 	// This member is required.
 	CORSConfiguration *types.CORSConfiguration
@@ -89,19 +80,17 @@ type PutBucketCorsInput struct {
 	// the SDK. This header will not provide any additional functionality if not using
 	// the SDK. When sending this header, there must be a corresponding x-amz-checksum
 	// or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with the
-	// HTTP status code 400 Bad Request. For more information, see Checking object
-	// integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// HTTP status code 400 Bad Request . For more information, see Checking object
+	// integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
 	// in the Amazon S3 User Guide. If you provide an individual checksum, Amazon S3
 	// ignores any provided ChecksumAlgorithm parameter.
 	ChecksumAlgorithm types.ChecksumAlgorithm
 
-	// The base64-encoded 128-bit MD5 digest of the data. This header must be used as a
-	// message integrity check to verify that the request body was not corrupted in
-	// transit. For more information, go to RFC 1864.
-	// (http://www.ietf.org/rfc/rfc1864.txt) For requests made using the Amazon Web
-	// Services Command Line Interface (CLI) or Amazon Web Services SDKs, this field is
-	// calculated automatically.
+	// The base64-encoded 128-bit MD5 digest of the data. This header must be used as
+	// a message integrity check to verify that the request body was not corrupted in
+	// transit. For more information, go to RFC 1864. (http://www.ietf.org/rfc/rfc1864.txt)
+	// For requests made using the Amazon Web Services Command Line Interface (CLI) or
+	// Amazon Web Services SDKs, this field is calculated automatically.
 	ContentMD5 *string
 
 	// The account ID of the expected bucket owner. If the bucket is owned by a
@@ -128,6 +117,9 @@ func (c *Client) addOperationPutBucketCorsMiddlewares(stack *middleware.Stack, o
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -155,7 +147,7 @@ func (c *Client) addOperationPutBucketCorsMiddlewares(stack *middleware.Stack, o
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -167,6 +159,9 @@ func (c *Client) addOperationPutBucketCorsMiddlewares(stack *middleware.Stack, o
 	if err = swapWithCustomHTTPSignerMiddleware(stack, options); err != nil {
 		return err
 	}
+	if err = addPutBucketCorsResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpPutBucketCorsValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -176,6 +171,9 @@ func (c *Client) addOperationPutBucketCorsMiddlewares(stack *middleware.Stack, o
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addPutBucketCorsInputChecksumMiddlewares(stack, options); err != nil {
 		return err
 	}
@@ -194,9 +192,22 @@ func (c *Client) addOperationPutBucketCorsMiddlewares(stack *middleware.Stack, o
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
+	if err = addSerializeImmutableHostnameBucketMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
+func (v *PutBucketCorsInput) bucket() (string, bool) {
+	if v.Bucket == nil {
+		return "", false
+	}
+	return *v.Bucket, true
+}
+
 func newServiceMetadataMiddleware_opPutBucketCors(region string) *awsmiddleware.RegisterServiceMetadata {
 	return &awsmiddleware.RegisterServiceMetadata{
 		Region:        region,
@@ -206,8 +217,8 @@ func newServiceMetadataMiddleware_opPutBucketCors(region string) *awsmiddleware.
 	}
 }
 
-// getPutBucketCorsRequestAlgorithmMember gets the request checksum algorithm value
-// provided as input.
+// getPutBucketCorsRequestAlgorithmMember gets the request checksum algorithm
+// value provided as input.
 func getPutBucketCorsRequestAlgorithmMember(input interface{}) (string, bool) {
 	in := input.(*PutBucketCorsInput)
 	if len(in.ChecksumAlgorithm) == 0 {
@@ -251,3 +262,139 @@ func addPutBucketCorsUpdateEndpoint(stack *middleware.Stack, options Options) er
 		DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
 	})
 }
+
+type opPutBucketCorsResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opPutBucketCorsResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opPutBucketCorsResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	input, ok := in.Parameters.(*PutBucketCorsInput)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	params.Bucket = input.Bucket
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "s3"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, internalauth.SigV4)
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "s3"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, v4Scheme.Name)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("s3")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			ctx = s3cust.SetSignerVersion(ctx, v4a.Version)
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addPutBucketCorsResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opPutBucketCorsResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:                         options.Region,
+			UseFIPS:                        options.EndpointOptions.UseFIPSEndpoint,
+			UseDualStack:                   options.EndpointOptions.UseDualStackEndpoint,
+			Endpoint:                       options.BaseEndpoint,
+			ForcePathStyle:                 options.UsePathStyle,
+			Accelerate:                     options.UseAccelerate,
+			DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
+			UseArnRegion:                   options.UseARNRegion,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketEncryption.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketEncryption.go
index 184f0cd31..ef1091961 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketEncryption.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketEncryption.go
@@ -4,47 +4,44 @@ package s3
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	"github.com/aws/aws-sdk-go-v2/internal/v4a"
 	internalChecksum "github.com/aws/aws-sdk-go-v2/service/internal/checksum"
 	s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations"
 	"github.com/aws/aws-sdk-go-v2/service/s3/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
 
 // This action uses the encryption subresource to configure default encryption and
-// Amazon S3 Bucket Key for an existing bucket. Default encryption for a bucket can
-// use server-side encryption with Amazon S3-managed keys (SSE-S3) or customer
-// managed keys (SSE-KMS). If you specify default encryption using SSE-KMS, you can
-// also configure Amazon S3 Bucket Key. When the default encryption is SSE-KMS, if
-// you upload an object to the bucket and do not specify the KMS key to use for
-// encryption, Amazon S3 uses the default Amazon Web Services managed KMS key for
-// your account. For information about default encryption, see Amazon S3 default
-// bucket encryption
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html) in the
-// Amazon S3 User Guide. For more information about S3 Bucket Keys, see Amazon S3
-// Bucket Keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-key.html) in
-// the Amazon S3 User Guide. This action requires Amazon Web Services Signature
-// Version 4. For more information, see  Authenticating Requests (Amazon Web
-// Services Signature Version 4)
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-authenticating-requests.html).
-// To use this operation, you must have permissions to perform the
+// Amazon S3 Bucket Keys for an existing bucket. By default, all buckets have a
+// default encryption configuration that uses server-side encryption with Amazon S3
+// managed keys (SSE-S3). You can optionally configure default encryption for a
+// bucket by using server-side encryption with Key Management Service (KMS) keys
+// (SSE-KMS) or dual-layer server-side encryption with Amazon Web Services KMS keys
+// (DSSE-KMS). If you specify default encryption by using SSE-KMS, you can also
+// configure Amazon S3 Bucket Keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-key.html)
+// . If you use PutBucketEncryption to set your default bucket encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html)
+// to SSE-KMS, you should verify that your KMS key ID is correct. Amazon S3 does
+// not validate the KMS key ID provided in PutBucketEncryption requests. This
+// action requires Amazon Web Services Signature Version 4. For more information,
+// see Authenticating Requests (Amazon Web Services Signature Version 4) (https://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-authenticating-requests.html)
+// . To use this operation, you must have permission to perform the
 // s3:PutEncryptionConfiguration action. The bucket owner has this permission by
 // default. The bucket owner can grant this permission to others. For more
 // information about permissions, see Permissions Related to Bucket Subresource
-// Operations
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
-// and Managing Access Permissions to Your Amazon S3 Resources
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html)
-// in the Amazon S3 User Guide. Related Resources
-//
-// * GetBucketEncryption
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketEncryption.html)
-//
-// *
-// DeleteBucketEncryption
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketEncryption.html)
+// Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
+// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html)
+// in the Amazon S3 User Guide. The following operations are related to
+// PutBucketEncryption :
+//   - GetBucketEncryption (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketEncryption.html)
+//   - DeleteBucketEncryption (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketEncryption.html)
 func (c *Client) PutBucketEncryption(ctx context.Context, params *PutBucketEncryptionInput, optFns ...func(*Options)) (*PutBucketEncryptionOutput, error) {
 	if params == nil {
 		params = &PutBucketEncryptionInput{}
@@ -63,11 +60,13 @@ func (c *Client) PutBucketEncryption(ctx context.Context, params *PutBucketEncry
 type PutBucketEncryptionInput struct {
 
 	// Specifies default encryption for a bucket using server-side encryption with
-	// Amazon S3-managed keys (SSE-S3) or customer managed keys (SSE-KMS). For
-	// information about the Amazon S3 default encryption feature, see Amazon S3
-	// Default Bucket Encryption
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html) in the
-	// Amazon S3 User Guide.
+	// different key options. By default, all buckets have a default encryption
+	// configuration that uses server-side encryption with Amazon S3 managed keys
+	// (SSE-S3). You can optionally configure default encryption for a bucket by using
+	// server-side encryption with an Amazon Web Services KMS key (SSE-KMS) or a
+	// customer-provided key (SSE-C). For information about the bucket default
+	// encryption feature, see Amazon S3 Bucket Default Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html)
+	// in the Amazon S3 User Guide.
 	//
 	// This member is required.
 	Bucket *string
@@ -81,9 +80,8 @@ type PutBucketEncryptionInput struct {
 	// the SDK. This header will not provide any additional functionality if not using
 	// the SDK. When sending this header, there must be a corresponding x-amz-checksum
 	// or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with the
-	// HTTP status code 400 Bad Request. For more information, see Checking object
-	// integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// HTTP status code 400 Bad Request . For more information, see Checking object
+	// integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
 	// in the Amazon S3 User Guide. If you provide an individual checksum, Amazon S3
 	// ignores any provided ChecksumAlgorithm parameter.
 	ChecksumAlgorithm types.ChecksumAlgorithm
@@ -118,6 +116,9 @@ func (c *Client) addOperationPutBucketEncryptionMiddlewares(stack *middleware.St
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -145,7 +146,7 @@ func (c *Client) addOperationPutBucketEncryptionMiddlewares(stack *middleware.St
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -157,6 +158,9 @@ func (c *Client) addOperationPutBucketEncryptionMiddlewares(stack *middleware.St
 	if err = swapWithCustomHTTPSignerMiddleware(stack, options); err != nil {
 		return err
 	}
+	if err = addPutBucketEncryptionResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpPutBucketEncryptionValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -166,6 +170,9 @@ func (c *Client) addOperationPutBucketEncryptionMiddlewares(stack *middleware.St
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addPutBucketEncryptionInputChecksumMiddlewares(stack, options); err != nil {
 		return err
 	}
@@ -184,9 +191,22 @@ func (c *Client) addOperationPutBucketEncryptionMiddlewares(stack *middleware.St
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
+	if err = addSerializeImmutableHostnameBucketMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
+func (v *PutBucketEncryptionInput) bucket() (string, bool) {
+	if v.Bucket == nil {
+		return "", false
+	}
+	return *v.Bucket, true
+}
+
 func newServiceMetadataMiddleware_opPutBucketEncryption(region string) *awsmiddleware.RegisterServiceMetadata {
 	return &awsmiddleware.RegisterServiceMetadata{
 		Region:        region,
@@ -196,8 +216,8 @@ func newServiceMetadataMiddleware_opPutBucketEncryption(region string) *awsmiddl
 	}
 }
 
-// getPutBucketEncryptionRequestAlgorithmMember gets the request checksum algorithm
-// value provided as input.
+// getPutBucketEncryptionRequestAlgorithmMember gets the request checksum
+// algorithm value provided as input.
 func getPutBucketEncryptionRequestAlgorithmMember(input interface{}) (string, bool) {
 	in := input.(*PutBucketEncryptionInput)
 	if len(in.ChecksumAlgorithm) == 0 {
@@ -241,3 +261,139 @@ func addPutBucketEncryptionUpdateEndpoint(stack *middleware.Stack, options Optio
 		DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
 	})
 }
+
+type opPutBucketEncryptionResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opPutBucketEncryptionResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opPutBucketEncryptionResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	input, ok := in.Parameters.(*PutBucketEncryptionInput)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	params.Bucket = input.Bucket
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "s3"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, internalauth.SigV4)
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "s3"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, v4Scheme.Name)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("s3")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			ctx = s3cust.SetSignerVersion(ctx, v4a.Version)
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addPutBucketEncryptionResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opPutBucketEncryptionResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:                         options.Region,
+			UseFIPS:                        options.EndpointOptions.UseFIPSEndpoint,
+			UseDualStack:                   options.EndpointOptions.UseDualStackEndpoint,
+			Endpoint:                       options.BaseEndpoint,
+			ForcePathStyle:                 options.UsePathStyle,
+			Accelerate:                     options.UseAccelerate,
+			DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
+			UseArnRegion:                   options.UseARNRegion,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketIntelligentTieringConfiguration.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketIntelligentTieringConfiguration.go
index edf5d178b..d6725e64b 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketIntelligentTieringConfiguration.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketIntelligentTieringConfiguration.go
@@ -4,10 +4,16 @@ package s3
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	"github.com/aws/aws-sdk-go-v2/internal/v4a"
 	s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations"
 	"github.com/aws/aws-sdk-go-v2/service/s3/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -26,51 +32,22 @@ import (
 // monitored and not eligible for auto-tiering. Smaller objects can be stored, but
 // they are always charged at the Frequent Access tier rates in the S3
 // Intelligent-Tiering storage class. For more information, see Storage class for
-// automatically optimizing frequently and infrequently accessed objects
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html#sc-dynamic-data-access).
-// Operations related to PutBucketIntelligentTieringConfiguration include:
+// automatically optimizing frequently and infrequently accessed objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html#sc-dynamic-data-access)
+// . Operations related to PutBucketIntelligentTieringConfiguration include:
+//   - DeleteBucketIntelligentTieringConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketIntelligentTieringConfiguration.html)
+//   - GetBucketIntelligentTieringConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketIntelligentTieringConfiguration.html)
+//   - ListBucketIntelligentTieringConfigurations (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketIntelligentTieringConfigurations.html)
 //
-// *
-// DeleteBucketIntelligentTieringConfiguration
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketIntelligentTieringConfiguration.html)
-//
-// *
-// GetBucketIntelligentTieringConfiguration
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketIntelligentTieringConfiguration.html)
-//
-// *
-// ListBucketIntelligentTieringConfigurations
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketIntelligentTieringConfigurations.html)
-//
-// You
-// only need S3 Intelligent-Tiering enabled on a bucket if you want to
+// You only need S3 Intelligent-Tiering enabled on a bucket if you want to
 // automatically move objects stored in the S3 Intelligent-Tiering storage class to
-// the Archive Access or Deep Archive Access tier. Special Errors
-//
-// * HTTP 400 Bad
-// Request Error
-//
-// * Code: InvalidArgument
-//
-// * Cause: Invalid Argument
-//
-// * HTTP 400
-// Bad Request Error
-//
-// * Code: TooManyConfigurations
-//
-// * Cause: You are attempting to
-// create a new configuration but have already reached the 1,000-configuration
-// limit.
-//
-// * HTTP 403 Forbidden Error
-//
-// * Code: AccessDenied
-//
-// * Cause: You are not
-// the owner of the specified bucket, or you do not have the
-// s3:PutIntelligentTieringConfiguration bucket permission to set the configuration
-// on the bucket.
+// the Archive Access or Deep Archive Access tier.
+// PutBucketIntelligentTieringConfiguration has the following special errors: HTTP
+// 400 Bad Request Error Code: InvalidArgument Cause: Invalid Argument HTTP 400 Bad
+// Request Error Code: TooManyConfigurations Cause: You are attempting to create a
+// new configuration but have already reached the 1,000-configuration limit. HTTP
+// 403 Forbidden Error Cause: You are not the owner of the specified bucket, or you
+// do not have the s3:PutIntelligentTieringConfiguration bucket permission to set
+// the configuration on the bucket.
 func (c *Client) PutBucketIntelligentTieringConfiguration(ctx context.Context, params *PutBucketIntelligentTieringConfigurationInput, optFns ...func(*Options)) (*PutBucketIntelligentTieringConfigurationOutput, error) {
 	if params == nil {
 		params = &PutBucketIntelligentTieringConfigurationInput{}
@@ -123,6 +100,9 @@ func (c *Client) addOperationPutBucketIntelligentTieringConfigurationMiddlewares
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -150,7 +130,7 @@ func (c *Client) addOperationPutBucketIntelligentTieringConfigurationMiddlewares
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -162,6 +142,9 @@ func (c *Client) addOperationPutBucketIntelligentTieringConfigurationMiddlewares
 	if err = swapWithCustomHTTPSignerMiddleware(stack, options); err != nil {
 		return err
 	}
+	if err = addPutBucketIntelligentTieringConfigurationResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpPutBucketIntelligentTieringConfigurationValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -171,6 +154,9 @@ func (c *Client) addOperationPutBucketIntelligentTieringConfigurationMiddlewares
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addPutBucketIntelligentTieringConfigurationUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
@@ -186,9 +172,22 @@ func (c *Client) addOperationPutBucketIntelligentTieringConfigurationMiddlewares
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
+	if err = addSerializeImmutableHostnameBucketMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
+func (v *PutBucketIntelligentTieringConfigurationInput) bucket() (string, bool) {
+	if v.Bucket == nil {
+		return "", false
+	}
+	return *v.Bucket, true
+}
+
 func newServiceMetadataMiddleware_opPutBucketIntelligentTieringConfiguration(region string) *awsmiddleware.RegisterServiceMetadata {
 	return &awsmiddleware.RegisterServiceMetadata{
 		Region:        region,
@@ -223,3 +222,139 @@ func addPutBucketIntelligentTieringConfigurationUpdateEndpoint(stack *middleware
 		DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
 	})
 }
+
+type opPutBucketIntelligentTieringConfigurationResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opPutBucketIntelligentTieringConfigurationResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opPutBucketIntelligentTieringConfigurationResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	input, ok := in.Parameters.(*PutBucketIntelligentTieringConfigurationInput)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	params.Bucket = input.Bucket
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "s3"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, internalauth.SigV4)
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "s3"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, v4Scheme.Name)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("s3")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			ctx = s3cust.SetSignerVersion(ctx, v4a.Version)
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addPutBucketIntelligentTieringConfigurationResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opPutBucketIntelligentTieringConfigurationResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:                         options.Region,
+			UseFIPS:                        options.EndpointOptions.UseFIPSEndpoint,
+			UseDualStack:                   options.EndpointOptions.UseDualStackEndpoint,
+			Endpoint:                       options.BaseEndpoint,
+			ForcePathStyle:                 options.UsePathStyle,
+			Accelerate:                     options.UseAccelerate,
+			DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
+			UseArnRegion:                   options.UseARNRegion,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketInventoryConfiguration.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketInventoryConfiguration.go
index bb1a903b5..8c7f195d5 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketInventoryConfiguration.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketInventoryConfiguration.go
@@ -4,10 +4,16 @@ package s3
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	"github.com/aws/aws-sdk-go-v2/internal/v4a"
 	s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations"
 	"github.com/aws/aws-sdk-go-v2/service/s3/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -24,59 +30,36 @@ import (
 // to be stored, and whether to generate the inventory daily or weekly. You can
 // also configure what object metadata to include and whether to inventory all
 // object versions or only current versions. For more information, see Amazon S3
-// Inventory
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-inventory.html) in the
-// Amazon S3 User Guide. You must create a bucket policy on the destination bucket
-// to grant permissions to Amazon S3 to write objects to the bucket in the defined
-// location. For an example policy, see  Granting Permissions for Amazon S3
-// Inventory and Storage Class Analysis
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/example-bucket-policies.html#example-bucket-policies-use-case-9).
-// To use this operation, you must have permissions to perform the
+// Inventory (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-inventory.html)
+// in the Amazon S3 User Guide. You must create a bucket policy on the destination
+// bucket to grant permissions to Amazon S3 to write objects to the bucket in the
+// defined location. For an example policy, see Granting Permissions for Amazon S3
+// Inventory and Storage Class Analysis (https://docs.aws.amazon.com/AmazonS3/latest/dev/example-bucket-policies.html#example-bucket-policies-use-case-9)
+// . Permissions To use this operation, you must have permission to perform the
 // s3:PutInventoryConfiguration action. The bucket owner has this permission by
-// default and can grant this permission to others. For more information about
-// permissions, see Permissions Related to Bucket Subresource Operations
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
-// and Managing Access Permissions to Your Amazon S3 Resources
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html)
-// in the Amazon S3 User Guide. Special Errors
-//
-// * HTTP 400 Bad Request Error
-//
-// *
-// Code: InvalidArgument
-//
-// * Cause: Invalid Argument
-//
-// * HTTP 400 Bad Request
-// Error
-//
-// * Code: TooManyConfigurations
-//
-// * Cause: You are attempting to create a
-// new configuration but have already reached the 1,000-configuration limit.
-//
-// *
-// HTTP 403 Forbidden Error
-//
-// * Code: AccessDenied
-//
-// * Cause: You are not the owner
+// default and can grant this permission to others. The
+// s3:PutInventoryConfiguration permission allows a user to create an S3 Inventory (https://docs.aws.amazon.com/AmazonS3/latest/userguide/storage-inventory.html)
+// report that includes all object metadata fields available and to specify the
+// destination bucket to store the inventory. A user with read access to objects in
+// the destination bucket can also access all object metadata fields that are
+// available in the inventory report. To restrict access to an inventory report,
+// see Restricting access to an Amazon S3 Inventory report (https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-bucket-policies.html#example-bucket-policies-use-case-10)
+// in the Amazon S3 User Guide. For more information about the metadata fields
+// available in S3 Inventory, see Amazon S3 Inventory lists (https://docs.aws.amazon.com/AmazonS3/latest/userguide/storage-inventory.html#storage-inventory-contents)
+// in the Amazon S3 User Guide. For more information about permissions, see
+// Permissions related to bucket subresource operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
+// and Identity and access management in Amazon S3 (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html)
+// in the Amazon S3 User Guide. PutBucketInventoryConfiguration has the following
+// special errors: HTTP 400 Bad Request Error Code: InvalidArgument Cause: Invalid
+// Argument HTTP 400 Bad Request Error Code: TooManyConfigurations Cause: You are
+// attempting to create a new configuration but have already reached the
+// 1,000-configuration limit. HTTP 403 Forbidden Error Cause: You are not the owner
 // of the specified bucket, or you do not have the s3:PutInventoryConfiguration
-// bucket permission to set the configuration on the bucket.
-//
-// # Related Resources
-//
-// *
-// GetBucketInventoryConfiguration
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketInventoryConfiguration.html)
-//
-// *
-// DeleteBucketInventoryConfiguration
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketInventoryConfiguration.html)
-//
-// *
-// ListBucketInventoryConfigurations
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketInventoryConfigurations.html)
+// bucket permission to set the configuration on the bucket. The following
+// operations are related to PutBucketInventoryConfiguration :
+//   - GetBucketInventoryConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketInventoryConfiguration.html)
+//   - DeleteBucketInventoryConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketInventoryConfiguration.html)
+//   - ListBucketInventoryConfigurations (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketInventoryConfigurations.html)
 func (c *Client) PutBucketInventoryConfiguration(ctx context.Context, params *PutBucketInventoryConfigurationInput, optFns ...func(*Options)) (*PutBucketInventoryConfigurationOutput, error) {
 	if params == nil {
 		params = &PutBucketInventoryConfigurationInput{}
@@ -133,6 +116,9 @@ func (c *Client) addOperationPutBucketInventoryConfigurationMiddlewares(stack *m
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -160,7 +146,7 @@ func (c *Client) addOperationPutBucketInventoryConfigurationMiddlewares(stack *m
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -172,6 +158,9 @@ func (c *Client) addOperationPutBucketInventoryConfigurationMiddlewares(stack *m
 	if err = swapWithCustomHTTPSignerMiddleware(stack, options); err != nil {
 		return err
 	}
+	if err = addPutBucketInventoryConfigurationResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpPutBucketInventoryConfigurationValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -181,6 +170,9 @@ func (c *Client) addOperationPutBucketInventoryConfigurationMiddlewares(stack *m
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addPutBucketInventoryConfigurationUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
@@ -196,9 +188,22 @@ func (c *Client) addOperationPutBucketInventoryConfigurationMiddlewares(stack *m
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
+	if err = addSerializeImmutableHostnameBucketMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
+func (v *PutBucketInventoryConfigurationInput) bucket() (string, bool) {
+	if v.Bucket == nil {
+		return "", false
+	}
+	return *v.Bucket, true
+}
+
 func newServiceMetadataMiddleware_opPutBucketInventoryConfiguration(region string) *awsmiddleware.RegisterServiceMetadata {
 	return &awsmiddleware.RegisterServiceMetadata{
 		Region:        region,
@@ -233,3 +238,139 @@ func addPutBucketInventoryConfigurationUpdateEndpoint(stack *middleware.Stack, o
 		DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
 	})
 }
+
+type opPutBucketInventoryConfigurationResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opPutBucketInventoryConfigurationResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opPutBucketInventoryConfigurationResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	input, ok := in.Parameters.(*PutBucketInventoryConfigurationInput)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	params.Bucket = input.Bucket
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "s3"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, internalauth.SigV4)
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "s3"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, v4Scheme.Name)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("s3")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			ctx = s3cust.SetSignerVersion(ctx, v4a.Version)
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addPutBucketInventoryConfigurationResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opPutBucketInventoryConfigurationResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:                         options.Region,
+			UseFIPS:                        options.EndpointOptions.UseFIPSEndpoint,
+			UseDualStack:                   options.EndpointOptions.UseDualStackEndpoint,
+			Endpoint:                       options.BaseEndpoint,
+			ForcePathStyle:                 options.UsePathStyle,
+			Accelerate:                     options.UseAccelerate,
+			DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
+			UseArnRegion:                   options.UseARNRegion,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketLifecycleConfiguration.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketLifecycleConfiguration.go
index ca79b24e9..1cebaee58 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketLifecycleConfiguration.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketLifecycleConfiguration.go
@@ -4,11 +4,17 @@ package s3
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	"github.com/aws/aws-sdk-go-v2/internal/v4a"
 	internalChecksum "github.com/aws/aws-sdk-go-v2/service/internal/checksum"
 	s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations"
 	"github.com/aws/aws-sdk-go-v2/service/s3/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -17,73 +23,52 @@ import (
 // lifecycle configuration. Keep in mind that this will overwrite an existing
 // lifecycle configuration, so if you want to retain any configuration details,
 // they must be included in the new lifecycle configuration. For information about
-// lifecycle configuration, see Managing your storage lifecycle
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lifecycle-mgmt.html).
-// Bucket lifecycle configuration now supports specifying a lifecycle rule using an
-// object key name prefix, one or more object tags, or a combination of both.
+// lifecycle configuration, see Managing your storage lifecycle (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lifecycle-mgmt.html)
+// . Bucket lifecycle configuration now supports specifying a lifecycle rule using
+// an object key name prefix, one or more object tags, or a combination of both.
 // Accordingly, this section describes the latest API. The previous version of the
 // API supported filtering based only on an object key name prefix, which is
 // supported for backward compatibility. For the related API description, see
-// PutBucketLifecycle
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycle.html).
-// Rules You specify the lifecycle configuration in your request body. The
+// PutBucketLifecycle (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycle.html)
+// . Rules You specify the lifecycle configuration in your request body. The
 // lifecycle configuration is specified as XML consisting of one or more rules. An
 // Amazon S3 Lifecycle configuration can have up to 1,000 rules. This limit is not
 // adjustable. Each rule consists of the following:
 //
-// * Filter identifying a subset
-// of objects to which the rule applies. The filter can be based on a key name
-// prefix, object tags, or a combination of both.
+//   - A filter identifying a subset of objects to which the rule applies. The
+//     filter can be based on a key name prefix, object tags, or a combination of both.
 //
-// * Status whether the rule is in
-// effect.
+//   - A status indicating whether the rule is in effect.
 //
-// * One or more lifecycle transition and expiration actions that you want
-// Amazon S3 to perform on the objects identified by the filter. If the state of
-// your bucket is versioning-enabled or versioning-suspended, you can have many
-// versions of the same object (one current version and zero or more noncurrent
-// versions). Amazon S3 provides predefined actions that you can specify for
-// current and noncurrent object versions.
+//   - One or more lifecycle transition and expiration actions that you want
+//     Amazon S3 to perform on the objects identified by the filter. If the state of
+//     your bucket is versioning-enabled or versioning-suspended, you can have many
+//     versions of the same object (one current version and zero or more noncurrent
+//     versions). Amazon S3 provides predefined actions that you can specify for
+//     current and noncurrent object versions.
 //
-// For more information, see Object
-// Lifecycle Management
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html) and
-// Lifecycle Configuration Elements
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/intro-lifecycle-rules.html).
-// Permissions By default, all Amazon S3 resources are private, including buckets,
-// objects, and related subresources (for example, lifecycle configuration and
-// website configuration). Only the resource owner (that is, the Amazon Web
+// For more information, see Object Lifecycle Management (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html)
+// and Lifecycle Configuration Elements (https://docs.aws.amazon.com/AmazonS3/latest/dev/intro-lifecycle-rules.html)
+// . Permissions By default, all Amazon S3 resources are private, including
+// buckets, objects, and related subresources (for example, lifecycle configuration
+// and website configuration). Only the resource owner (that is, the Amazon Web
 // Services account that created it) can access the resource. The resource owner
 // can optionally grant access permissions to others by writing an access policy.
-// For this operation, a user must get the s3:PutLifecycleConfiguration permission.
-// You can also explicitly deny permissions. Explicit deny also supersedes any
-// other permissions. If you want to block users or accounts from removing or
-// deleting objects from your bucket, you must deny them permissions for the
-// following actions:
+// For this operation, a user must get the s3:PutLifecycleConfiguration
+// permission. You can also explicitly deny permissions. An explicit deny also
+// supersedes any other permissions. If you want to block users or accounts from
+// removing or deleting objects from your bucket, you must deny them permissions
+// for the following actions:
+//   - s3:DeleteObject
+//   - s3:DeleteObjectVersion
+//   - s3:PutLifecycleConfiguration
 //
-// * s3:DeleteObject
-//
-// * s3:DeleteObjectVersion
-//
-// *
-// s3:PutLifecycleConfiguration
-//
-// For more information about permissions, see
-// Managing Access Permissions to Your Amazon S3 Resources
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html).
-// The following are related to PutBucketLifecycleConfiguration:
-//
-// * Examples of
-// Lifecycle Configuration
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/lifecycle-configuration-examples.html)
-//
-// *
-// GetBucketLifecycleConfiguration
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketLifecycleConfiguration.html)
-//
-// *
-// DeleteBucketLifecycle
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketLifecycle.html)
+// For more information about permissions, see Managing Access Permissions to Your
+// Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html)
+// . The following operations are related to PutBucketLifecycleConfiguration :
+//   - Examples of Lifecycle Configuration (https://docs.aws.amazon.com/AmazonS3/latest/dev/lifecycle-configuration-examples.html)
+//   - GetBucketLifecycleConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketLifecycleConfiguration.html)
+//   - DeleteBucketLifecycle (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketLifecycle.html)
 func (c *Client) PutBucketLifecycleConfiguration(ctx context.Context, params *PutBucketLifecycleConfigurationInput, optFns ...func(*Options)) (*PutBucketLifecycleConfigurationOutput, error) {
 	if params == nil {
 		params = &PutBucketLifecycleConfigurationInput{}
@@ -110,9 +95,8 @@ type PutBucketLifecycleConfigurationInput struct {
 	// the SDK. This header will not provide any additional functionality if not using
 	// the SDK. When sending this header, there must be a corresponding x-amz-checksum
 	// or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with the
-	// HTTP status code 400 Bad Request. For more information, see Checking object
-	// integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// HTTP status code 400 Bad Request . For more information, see Checking object
+	// integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
 	// in the Amazon S3 User Guide. If you provide an individual checksum, Amazon S3
 	// ignores any provided ChecksumAlgorithm parameter.
 	ChecksumAlgorithm types.ChecksumAlgorithm
@@ -144,6 +128,9 @@ func (c *Client) addOperationPutBucketLifecycleConfigurationMiddlewares(stack *m
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -171,7 +158,7 @@ func (c *Client) addOperationPutBucketLifecycleConfigurationMiddlewares(stack *m
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -183,6 +170,9 @@ func (c *Client) addOperationPutBucketLifecycleConfigurationMiddlewares(stack *m
 	if err = swapWithCustomHTTPSignerMiddleware(stack, options); err != nil {
 		return err
 	}
+	if err = addPutBucketLifecycleConfigurationResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpPutBucketLifecycleConfigurationValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -192,6 +182,9 @@ func (c *Client) addOperationPutBucketLifecycleConfigurationMiddlewares(stack *m
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addPutBucketLifecycleConfigurationInputChecksumMiddlewares(stack, options); err != nil {
 		return err
 	}
@@ -210,9 +203,22 @@ func (c *Client) addOperationPutBucketLifecycleConfigurationMiddlewares(stack *m
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
+	if err = addSerializeImmutableHostnameBucketMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
+func (v *PutBucketLifecycleConfigurationInput) bucket() (string, bool) {
+	if v.Bucket == nil {
+		return "", false
+	}
+	return *v.Bucket, true
+}
+
 func newServiceMetadataMiddleware_opPutBucketLifecycleConfiguration(region string) *awsmiddleware.RegisterServiceMetadata {
 	return &awsmiddleware.RegisterServiceMetadata{
 		Region:        region,
@@ -267,3 +273,139 @@ func addPutBucketLifecycleConfigurationUpdateEndpoint(stack *middleware.Stack, o
 		DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
 	})
 }
+
+type opPutBucketLifecycleConfigurationResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opPutBucketLifecycleConfigurationResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opPutBucketLifecycleConfigurationResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	input, ok := in.Parameters.(*PutBucketLifecycleConfigurationInput)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	params.Bucket = input.Bucket
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "s3"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, internalauth.SigV4)
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "s3"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, v4Scheme.Name)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("s3")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			ctx = s3cust.SetSignerVersion(ctx, v4a.Version)
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addPutBucketLifecycleConfigurationResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opPutBucketLifecycleConfigurationResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:                         options.Region,
+			UseFIPS:                        options.EndpointOptions.UseFIPSEndpoint,
+			UseDualStack:                   options.EndpointOptions.UseDualStackEndpoint,
+			Endpoint:                       options.BaseEndpoint,
+			ForcePathStyle:                 options.UsePathStyle,
+			Accelerate:                     options.UseAccelerate,
+			DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
+			UseArnRegion:                   options.UseARNRegion,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketLogging.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketLogging.go
index 0f3ea6d33..456288247 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketLogging.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketLogging.go
@@ -4,11 +4,17 @@ package s3
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	"github.com/aws/aws-sdk-go-v2/internal/v4a"
 	internalChecksum "github.com/aws/aws-sdk-go-v2/service/internal/checksum"
 	s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations"
 	"github.com/aws/aws-sdk-go-v2/service/s3/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -23,49 +29,29 @@ import (
 // the bucket owner enforced setting for S3 Object Ownership, you can't use the
 // Grantee request element to grant access to others. Permissions can only be
 // granted using policies. For more information, see Permissions for server access
-// log delivery
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/enable-server-access-logging.html#grant-log-delivery-permissions-general)
+// log delivery (https://docs.aws.amazon.com/AmazonS3/latest/userguide/enable-server-access-logging.html#grant-log-delivery-permissions-general)
 // in the Amazon S3 User Guide. Grantee Values You can specify the person (grantee)
-// to whom you're assigning access rights (using request elements) in the following
-// ways:
+// to whom you're assigning access rights (by using request elements) in the
+// following ways:
+//   - By the person's ID: <>ID<><>GranteesEmail<> DisplayName is optional and
+//     ignored in the request.
+//   - By Email address: <>Grantees@email.com<> The grantee is resolved to the
+//     CanonicalUser and, in a response to a GETObjectAcl request, appears as the
+//     CanonicalUser.
+//   - By URI: <>http://acs.amazonaws.com/groups/global/AuthenticatedUsers<>
 //
-// * By the person's ID: <>ID<><>GranteesEmail<>  DisplayName is optional
-// and ignored in the request.
-//
-// * By Email address:  <>Grantees@email.com<> The
-// grantee is resolved to the CanonicalUser and, in a response to a GET Object acl
-// request, appears as the CanonicalUser.
-//
-// * By URI:
-// <>http://acs.amazonaws.com/groups/global/AuthenticatedUsers<>
-//
-// To enable
-// logging, you use LoggingEnabled and its children request elements. To disable
-// logging, you use an empty BucketLoggingStatus request element:  For more
-// information about server access logging, see Server Access Logging
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/ServerLogs.html) in the
-// Amazon S3 User Guide. For more information about creating a bucket, see
-// CreateBucket
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html). For
-// more information about returning the logging status of a bucket, see
-// GetBucketLogging
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketLogging.html). The
-// following operations are related to PutBucketLogging:
-//
-// * PutObject
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html)
-//
-// *
-// DeleteBucket
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucket.html)
-//
-// *
-// CreateBucket
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html)
-//
-// *
-// GetBucketLogging
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketLogging.html)
+// To enable logging, you use LoggingEnabled and its children request elements. To
+// disable logging, you use an empty BucketLoggingStatus request element:  For
+// more information about server access logging, see Server Access Logging (https://docs.aws.amazon.com/AmazonS3/latest/userguide/ServerLogs.html)
+// in the Amazon S3 User Guide. For more information about creating a bucket, see
+// CreateBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html)
+// . For more information about returning the logging status of a bucket, see
+// GetBucketLogging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketLogging.html)
+// . The following operations are related to PutBucketLogging :
+//   - PutObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html)
+//   - DeleteBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucket.html)
+//   - CreateBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html)
+//   - GetBucketLogging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketLogging.html)
 func (c *Client) PutBucketLogging(ctx context.Context, params *PutBucketLoggingInput, optFns ...func(*Options)) (*PutBucketLoggingOutput, error) {
 	if params == nil {
 		params = &PutBucketLoggingInput{}
@@ -97,9 +83,8 @@ type PutBucketLoggingInput struct {
 	// the SDK. This header will not provide any additional functionality if not using
 	// the SDK. When sending this header, there must be a corresponding x-amz-checksum
 	// or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with the
-	// HTTP status code 400 Bad Request. For more information, see Checking object
-	// integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// HTTP status code 400 Bad Request . For more information, see Checking object
+	// integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
 	// in the Amazon S3 User Guide. If you provide an individual checksum, Amazon S3
 	// ignores any provided ChecksumAlgorithm parameter.
 	ChecksumAlgorithm types.ChecksumAlgorithm
@@ -133,6 +118,9 @@ func (c *Client) addOperationPutBucketLoggingMiddlewares(stack *middleware.Stack
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -160,7 +148,7 @@ func (c *Client) addOperationPutBucketLoggingMiddlewares(stack *middleware.Stack
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -172,6 +160,9 @@ func (c *Client) addOperationPutBucketLoggingMiddlewares(stack *middleware.Stack
 	if err = swapWithCustomHTTPSignerMiddleware(stack, options); err != nil {
 		return err
 	}
+	if err = addPutBucketLoggingResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpPutBucketLoggingValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -181,6 +172,9 @@ func (c *Client) addOperationPutBucketLoggingMiddlewares(stack *middleware.Stack
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addPutBucketLoggingInputChecksumMiddlewares(stack, options); err != nil {
 		return err
 	}
@@ -199,9 +193,22 @@ func (c *Client) addOperationPutBucketLoggingMiddlewares(stack *middleware.Stack
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
+	if err = addSerializeImmutableHostnameBucketMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
+func (v *PutBucketLoggingInput) bucket() (string, bool) {
+	if v.Bucket == nil {
+		return "", false
+	}
+	return *v.Bucket, true
+}
+
 func newServiceMetadataMiddleware_opPutBucketLogging(region string) *awsmiddleware.RegisterServiceMetadata {
 	return &awsmiddleware.RegisterServiceMetadata{
 		Region:        region,
@@ -256,3 +263,139 @@ func addPutBucketLoggingUpdateEndpoint(stack *middleware.Stack, options Options)
 		DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
 	})
 }
+
+type opPutBucketLoggingResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opPutBucketLoggingResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opPutBucketLoggingResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	input, ok := in.Parameters.(*PutBucketLoggingInput)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	params.Bucket = input.Bucket
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "s3"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, internalauth.SigV4)
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "s3"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, v4Scheme.Name)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("s3")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			ctx = s3cust.SetSignerVersion(ctx, v4a.Version)
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addPutBucketLoggingResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opPutBucketLoggingResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:                         options.Region,
+			UseFIPS:                        options.EndpointOptions.UseFIPSEndpoint,
+			UseDualStack:                   options.EndpointOptions.UseDualStackEndpoint,
+			Endpoint:                       options.BaseEndpoint,
+			ForcePathStyle:                 options.UsePathStyle,
+			Accelerate:                     options.UseAccelerate,
+			DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
+			UseArnRegion:                   options.UseARNRegion,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketMetricsConfiguration.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketMetricsConfiguration.go
index 6f0c6facd..785a1f831 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketMetricsConfiguration.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketMetricsConfiguration.go
@@ -4,53 +4,42 @@ package s3
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	"github.com/aws/aws-sdk-go-v2/internal/v4a"
 	s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations"
 	"github.com/aws/aws-sdk-go-v2/service/s3/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
 
-// Sets a metrics configuration (specified by the metrics configuration ID) for the
-// bucket. You can have up to 1,000 metrics configurations per bucket. If you're
-// updating an existing metrics configuration, note that this is a full replacement
-// of the existing metrics configuration. If you don't include the elements you
-// want to keep, they are erased. To use this operation, you must have permissions
-// to perform the s3:PutMetricsConfiguration action. The bucket owner has this
-// permission by default. The bucket owner can grant this permission to others. For
-// more information about permissions, see Permissions Related to Bucket
-// Subresource Operations
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
-// and Managing Access Permissions to Your Amazon S3 Resources
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html).
-// For information about CloudWatch request metrics for Amazon S3, see Monitoring
-// Metrics with Amazon CloudWatch
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/cloudwatch-monitoring.html).
-// The following operations are related to PutBucketMetricsConfiguration:
+// Sets a metrics configuration (specified by the metrics configuration ID) for
+// the bucket. You can have up to 1,000 metrics configurations per bucket. If
+// you're updating an existing metrics configuration, note that this is a full
+// replacement of the existing metrics configuration. If you don't include the
+// elements you want to keep, they are erased. To use this operation, you must have
+// permissions to perform the s3:PutMetricsConfiguration action. The bucket owner
+// has this permission by default. The bucket owner can grant this permission to
+// others. For more information about permissions, see Permissions Related to
+// Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
+// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html)
+// . For information about CloudWatch request metrics for Amazon S3, see
+// Monitoring Metrics with Amazon CloudWatch (https://docs.aws.amazon.com/AmazonS3/latest/dev/cloudwatch-monitoring.html)
+// . The following operations are related to PutBucketMetricsConfiguration :
+//   - DeleteBucketMetricsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketMetricsConfiguration.html)
+//   - GetBucketMetricsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketMetricsConfiguration.html)
+//   - ListBucketMetricsConfigurations (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketMetricsConfigurations.html)
 //
-// *
-// DeleteBucketMetricsConfiguration
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketMetricsConfiguration.html)
-//
-// *
-// GetBucketMetricsConfiguration
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketMetricsConfiguration.html)
-//
-// *
-// ListBucketMetricsConfigurations
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketMetricsConfigurations.html)
-//
-// GetBucketLifecycle
-// has the following special error:
-//
-// * Error code: TooManyConfigurations
-//
-// *
-// Description: You are attempting to create a new configuration but have already
-// reached the 1,000-configuration limit.
-//
-// * HTTP Status Code: HTTP 400 Bad Request
+// PutBucketMetricsConfiguration has the following special error:
+//   - Error code: TooManyConfigurations
+//   - Description: You are attempting to create a new configuration but have
+//     already reached the 1,000-configuration limit.
+//   - HTTP Status Code: HTTP 400 Bad Request
 func (c *Client) PutBucketMetricsConfiguration(ctx context.Context, params *PutBucketMetricsConfigurationInput, optFns ...func(*Options)) (*PutBucketMetricsConfigurationOutput, error) {
 	if params == nil {
 		params = &PutBucketMetricsConfigurationInput{}
@@ -73,7 +62,8 @@ type PutBucketMetricsConfigurationInput struct {
 	// This member is required.
 	Bucket *string
 
-	// The ID used to identify the metrics configuration.
+	// The ID used to identify the metrics configuration. The ID has a 64 character
+	// limit and can only contain letters, numbers, periods, dashes, and underscores.
 	//
 	// This member is required.
 	Id *string
@@ -107,6 +97,9 @@ func (c *Client) addOperationPutBucketMetricsConfigurationMiddlewares(stack *mid
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -134,7 +127,7 @@ func (c *Client) addOperationPutBucketMetricsConfigurationMiddlewares(stack *mid
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -146,6 +139,9 @@ func (c *Client) addOperationPutBucketMetricsConfigurationMiddlewares(stack *mid
 	if err = swapWithCustomHTTPSignerMiddleware(stack, options); err != nil {
 		return err
 	}
+	if err = addPutBucketMetricsConfigurationResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpPutBucketMetricsConfigurationValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -155,6 +151,9 @@ func (c *Client) addOperationPutBucketMetricsConfigurationMiddlewares(stack *mid
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addPutBucketMetricsConfigurationUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
@@ -170,9 +169,22 @@ func (c *Client) addOperationPutBucketMetricsConfigurationMiddlewares(stack *mid
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
+	if err = addSerializeImmutableHostnameBucketMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
+func (v *PutBucketMetricsConfigurationInput) bucket() (string, bool) {
+	if v.Bucket == nil {
+		return "", false
+	}
+	return *v.Bucket, true
+}
+
 func newServiceMetadataMiddleware_opPutBucketMetricsConfiguration(region string) *awsmiddleware.RegisterServiceMetadata {
 	return &awsmiddleware.RegisterServiceMetadata{
 		Region:        region,
@@ -207,3 +219,139 @@ func addPutBucketMetricsConfigurationUpdateEndpoint(stack *middleware.Stack, opt
 		DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
 	})
 }
+
+type opPutBucketMetricsConfigurationResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opPutBucketMetricsConfigurationResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opPutBucketMetricsConfigurationResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	input, ok := in.Parameters.(*PutBucketMetricsConfigurationInput)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	params.Bucket = input.Bucket
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "s3"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, internalauth.SigV4)
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "s3"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, v4Scheme.Name)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("s3")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			ctx = s3cust.SetSignerVersion(ctx, v4a.Version)
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addPutBucketMetricsConfigurationResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opPutBucketMetricsConfigurationResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:                         options.Region,
+			UseFIPS:                        options.EndpointOptions.UseFIPSEndpoint,
+			UseDualStack:                   options.EndpointOptions.UseDualStackEndpoint,
+			Endpoint:                       options.BaseEndpoint,
+			ForcePathStyle:                 options.UsePathStyle,
+			Accelerate:                     options.UseAccelerate,
+			DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
+			UseArnRegion:                   options.UseARNRegion,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketNotificationConfiguration.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketNotificationConfiguration.go
index 8e771d6bc..098445cf4 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketNotificationConfiguration.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketNotificationConfiguration.go
@@ -4,53 +4,54 @@ package s3
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	"github.com/aws/aws-sdk-go-v2/internal/v4a"
 	s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations"
 	"github.com/aws/aws-sdk-go-v2/service/s3/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
 
 // Enables notifications of specified events for a bucket. For more information
-// about event notifications, see Configuring Event Notifications
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html). Using
-// this API, you can replace an existing notification configuration. The
+// about event notifications, see Configuring Event Notifications (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html)
+// . Using this API, you can replace an existing notification configuration. The
 // configuration is an XML file that defines the event types that you want Amazon
 // S3 to publish and the destination where you want Amazon S3 to publish an event
 // notification when it detects an event of the specified type. By default, your
 // bucket has no event notifications configured. That is, the notification
-// configuration will be an empty NotificationConfiguration.  This action replaces
-// the existing notification configuration with the configuration you include in
-// the request body. After Amazon S3 receives this request, it first verifies that
-// any Amazon Simple Notification Service (Amazon SNS) or Amazon Simple Queue
-// Service (Amazon SQS) destination exists, and that the bucket owner has
-// permission to publish to it by sending a test notification. In the case of
+// configuration will be an empty NotificationConfiguration .  This action
+// replaces the existing notification configuration with the configuration you
+// include in the request body. After Amazon S3 receives this request, it first
+// verifies that any Amazon Simple Notification Service (Amazon SNS) or Amazon
+// Simple Queue Service (Amazon SQS) destination exists, and that the bucket owner
+// has permission to publish to it by sending a test notification. In the case of
 // Lambda destinations, Amazon S3 verifies that the Lambda function permissions
 // grant Amazon S3 permission to invoke the function from the Amazon S3 bucket. For
-// more information, see Configuring Notifications for Amazon S3 Events
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html). You
-// can disable notifications by adding the empty NotificationConfiguration element.
-// For more information about the number of event notification configurations that
-// you can create per bucket, see Amazon S3 service quotas
-// (https://docs.aws.amazon.com/general/latest/gr/s3.html#limits_s3) in Amazon Web
-// Services General Reference. By default, only the bucket owner can configure
-// notifications on a bucket. However, bucket owners can use a bucket policy to
-// grant permission to other users to set this configuration with
-// s3:PutBucketNotification permission. The PUT notification is an atomic
+// more information, see Configuring Notifications for Amazon S3 Events (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html)
+// . You can disable notifications by adding the empty NotificationConfiguration
+// element. For more information about the number of event notification
+// configurations that you can create per bucket, see Amazon S3 service quotas (https://docs.aws.amazon.com/general/latest/gr/s3.html#limits_s3)
+// in Amazon Web Services General Reference. By default, only the bucket owner can
+// configure notifications on a bucket. However, bucket owners can use a bucket
+// policy to grant permission to other users to set this configuration with the
+// required s3:PutBucketNotification permission. The PUT notification is an atomic
 // operation. For example, suppose your notification configuration includes SNS
 // topic, SQS queue, and Lambda function configurations. When you send a PUT
 // request with this configuration, Amazon S3 sends test messages to your SNS
 // topic. If the message fails, the entire PUT action will fail, and Amazon S3 will
-// not add the configuration to your bucket. Responses If the configuration in the
-// request body includes only one TopicConfiguration specifying only the
+// not add the configuration to your bucket. If the configuration in the request
+// body includes only one TopicConfiguration specifying only the
 // s3:ReducedRedundancyLostObject event type, the response will also include the
 // x-amz-sns-test-message-id header containing the message ID of the test
 // notification sent to the topic. The following action is related to
-// PutBucketNotificationConfiguration:
-//
-// * GetBucketNotificationConfiguration
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketNotificationConfiguration.html)
+// PutBucketNotificationConfiguration :
+//   - GetBucketNotificationConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketNotificationConfiguration.html)
 func (c *Client) PutBucketNotificationConfiguration(ctx context.Context, params *PutBucketNotificationConfigurationInput, optFns ...func(*Options)) (*PutBucketNotificationConfigurationOutput, error) {
 	if params == nil {
 		params = &PutBucketNotificationConfigurationInput{}
@@ -73,8 +74,8 @@ type PutBucketNotificationConfigurationInput struct {
 	// This member is required.
 	Bucket *string
 
-	// A container for specifying the notification configuration of the bucket. If this
-	// element is empty, notifications are turned off for the bucket.
+	// A container for specifying the notification configuration of the bucket. If
+	// this element is empty, notifications are turned off for the bucket.
 	//
 	// This member is required.
 	NotificationConfiguration *types.NotificationConfiguration
@@ -107,6 +108,9 @@ func (c *Client) addOperationPutBucketNotificationConfigurationMiddlewares(stack
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -134,7 +138,7 @@ func (c *Client) addOperationPutBucketNotificationConfigurationMiddlewares(stack
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -146,6 +150,9 @@ func (c *Client) addOperationPutBucketNotificationConfigurationMiddlewares(stack
 	if err = swapWithCustomHTTPSignerMiddleware(stack, options); err != nil {
 		return err
 	}
+	if err = addPutBucketNotificationConfigurationResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpPutBucketNotificationConfigurationValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -155,6 +162,9 @@ func (c *Client) addOperationPutBucketNotificationConfigurationMiddlewares(stack
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addPutBucketNotificationConfigurationUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
@@ -170,9 +180,22 @@ func (c *Client) addOperationPutBucketNotificationConfigurationMiddlewares(stack
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
+	if err = addSerializeImmutableHostnameBucketMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
+func (v *PutBucketNotificationConfigurationInput) bucket() (string, bool) {
+	if v.Bucket == nil {
+		return "", false
+	}
+	return *v.Bucket, true
+}
+
 func newServiceMetadataMiddleware_opPutBucketNotificationConfiguration(region string) *awsmiddleware.RegisterServiceMetadata {
 	return &awsmiddleware.RegisterServiceMetadata{
 		Region:        region,
@@ -207,3 +230,139 @@ func addPutBucketNotificationConfigurationUpdateEndpoint(stack *middleware.Stack
 		DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
 	})
 }
+
+type opPutBucketNotificationConfigurationResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opPutBucketNotificationConfigurationResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opPutBucketNotificationConfigurationResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	input, ok := in.Parameters.(*PutBucketNotificationConfigurationInput)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	params.Bucket = input.Bucket
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "s3"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, internalauth.SigV4)
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "s3"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, v4Scheme.Name)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("s3")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			ctx = s3cust.SetSignerVersion(ctx, v4a.Version)
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addPutBucketNotificationConfigurationResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opPutBucketNotificationConfigurationResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:                         options.Region,
+			UseFIPS:                        options.EndpointOptions.UseFIPSEndpoint,
+			UseDualStack:                   options.EndpointOptions.UseDualStackEndpoint,
+			Endpoint:                       options.BaseEndpoint,
+			ForcePathStyle:                 options.UsePathStyle,
+			Accelerate:                     options.UseAccelerate,
+			DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
+			UseArnRegion:                   options.UseARNRegion,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketOwnershipControls.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketOwnershipControls.go
index 83210cac4..6944f1b8b 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketOwnershipControls.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketOwnershipControls.go
@@ -4,27 +4,28 @@ package s3
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	"github.com/aws/aws-sdk-go-v2/internal/v4a"
 	internalChecksum "github.com/aws/aws-sdk-go-v2/service/internal/checksum"
 	s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations"
 	"github.com/aws/aws-sdk-go-v2/service/s3/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
 
 // Creates or modifies OwnershipControls for an Amazon S3 bucket. To use this
 // operation, you must have the s3:PutBucketOwnershipControls permission. For more
-// information about Amazon S3 permissions, see Specifying permissions in a policy
-// (https://docs.aws.amazon.com/AmazonS3/latest/user-guide/using-with-s3-actions.html).
-// For information about Amazon S3 Object Ownership, see Using object ownership
-// (https://docs.aws.amazon.com/AmazonS3/latest/user-guide/about-object-ownership.html).
-// The following operations are related to PutBucketOwnershipControls:
-//
-// *
-// GetBucketOwnershipControls
-//
-// * DeleteBucketOwnershipControls
+// information about Amazon S3 permissions, see Specifying permissions in a policy (https://docs.aws.amazon.com/AmazonS3/latest/user-guide/using-with-s3-actions.html)
+// . For information about Amazon S3 Object Ownership, see Using object ownership (https://docs.aws.amazon.com/AmazonS3/latest/user-guide/about-object-ownership.html)
+// . The following operations are related to PutBucketOwnershipControls :
+//   - GetBucketOwnershipControls
+//   - DeleteBucketOwnershipControls
 func (c *Client) PutBucketOwnershipControls(ctx context.Context, params *PutBucketOwnershipControlsInput, optFns ...func(*Options)) (*PutBucketOwnershipControlsOutput, error) {
 	if params == nil {
 		params = &PutBucketOwnershipControlsInput{}
@@ -82,6 +83,9 @@ func (c *Client) addOperationPutBucketOwnershipControlsMiddlewares(stack *middle
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -109,7 +113,7 @@ func (c *Client) addOperationPutBucketOwnershipControlsMiddlewares(stack *middle
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -121,6 +125,9 @@ func (c *Client) addOperationPutBucketOwnershipControlsMiddlewares(stack *middle
 	if err = swapWithCustomHTTPSignerMiddleware(stack, options); err != nil {
 		return err
 	}
+	if err = addPutBucketOwnershipControlsResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpPutBucketOwnershipControlsValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -130,6 +137,9 @@ func (c *Client) addOperationPutBucketOwnershipControlsMiddlewares(stack *middle
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addPutBucketOwnershipControlsInputChecksumMiddlewares(stack, options); err != nil {
 		return err
 	}
@@ -148,9 +158,22 @@ func (c *Client) addOperationPutBucketOwnershipControlsMiddlewares(stack *middle
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
+	if err = addSerializeImmutableHostnameBucketMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
+func (v *PutBucketOwnershipControlsInput) bucket() (string, bool) {
+	if v.Bucket == nil {
+		return "", false
+	}
+	return *v.Bucket, true
+}
+
 func newServiceMetadataMiddleware_opPutBucketOwnershipControls(region string) *awsmiddleware.RegisterServiceMetadata {
 	return &awsmiddleware.RegisterServiceMetadata{
 		Region:        region,
@@ -170,9 +193,9 @@ func addPutBucketOwnershipControlsInputChecksumMiddlewares(stack *middleware.Sta
 	})
 }
 
-// getPutBucketOwnershipControlsBucketMember returns a pointer to string denoting a
-// provided bucket member valueand a boolean indicating if the input has a modeled
-// bucket name,
+// getPutBucketOwnershipControlsBucketMember returns a pointer to string denoting
+// a provided bucket member valueand a boolean indicating if the input has a
+// modeled bucket name,
 func getPutBucketOwnershipControlsBucketMember(input interface{}) (*string, bool) {
 	in := input.(*PutBucketOwnershipControlsInput)
 	if in.Bucket == nil {
@@ -195,3 +218,139 @@ func addPutBucketOwnershipControlsUpdateEndpoint(stack *middleware.Stack, option
 		DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
 	})
 }
+
+type opPutBucketOwnershipControlsResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opPutBucketOwnershipControlsResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opPutBucketOwnershipControlsResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	input, ok := in.Parameters.(*PutBucketOwnershipControlsInput)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	params.Bucket = input.Bucket
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "s3"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, internalauth.SigV4)
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "s3"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, v4Scheme.Name)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("s3")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			ctx = s3cust.SetSignerVersion(ctx, v4a.Version)
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addPutBucketOwnershipControlsResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opPutBucketOwnershipControlsResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:                         options.Region,
+			UseFIPS:                        options.EndpointOptions.UseFIPSEndpoint,
+			UseDualStack:                   options.EndpointOptions.UseDualStackEndpoint,
+			Endpoint:                       options.BaseEndpoint,
+			ForcePathStyle:                 options.UsePathStyle,
+			Accelerate:                     options.UseAccelerate,
+			DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
+			UseArnRegion:                   options.UseARNRegion,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketPolicy.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketPolicy.go
index 8860d3b56..999c38a7b 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketPolicy.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketPolicy.go
@@ -4,11 +4,17 @@ package s3
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	"github.com/aws/aws-sdk-go-v2/internal/v4a"
 	internalChecksum "github.com/aws/aws-sdk-go-v2/service/internal/checksum"
 	s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations"
 	"github.com/aws/aws-sdk-go-v2/service/s3/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -17,22 +23,20 @@ import (
 // identity other than the root user of the Amazon Web Services account that owns
 // the bucket, the calling identity must have the PutBucketPolicy permissions on
 // the specified bucket and belong to the bucket owner's account in order to use
-// this operation. If you don't have PutBucketPolicy permissions, Amazon S3 returns
-// a 403 Access Denied error. If you have the correct permissions, but you're not
-// using an identity that belongs to the bucket owner's account, Amazon S3 returns
-// a 405 Method Not Allowed error. As a security precaution, the root user of the
-// Amazon Web Services account that owns a bucket can always use this operation,
-// even if the policy explicitly denies the root user the ability to perform this
-// action. For more information, see Bucket policy examples
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-bucket-policies.html).
-// The following operations are related to PutBucketPolicy:
-//
-// * CreateBucket
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html)
-//
-// *
-// DeleteBucket
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucket.html)
+// this operation. If you don't have PutBucketPolicy permissions, Amazon S3
+// returns a 403 Access Denied error. If you have the correct permissions, but
+// you're not using an identity that belongs to the bucket owner's account, Amazon
+// S3 returns a 405 Method Not Allowed error. To ensure that bucket owners don't
+// inadvertently lock themselves out of their own buckets, the root principal in a
+// bucket owner's Amazon Web Services account can perform the GetBucketPolicy ,
+// PutBucketPolicy , and DeleteBucketPolicy API actions, even if their bucket
+// policy explicitly denies the root principal's access. Bucket owner root
+// principals can only be blocked from performing these API actions by VPC endpoint
+// policies and Amazon Web Services Organizations policies. For more information,
+// see Bucket policy examples (https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-bucket-policies.html)
+// . The following operations are related to PutBucketPolicy :
+//   - CreateBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html)
+//   - DeleteBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucket.html)
 func (c *Client) PutBucketPolicy(ctx context.Context, params *PutBucketPolicyInput, optFns ...func(*Options)) (*PutBucketPolicyOutput, error) {
 	if params == nil {
 		params = &PutBucketPolicyInput{}
@@ -64,9 +68,8 @@ type PutBucketPolicyInput struct {
 	// the SDK. This header will not provide any additional functionality if not using
 	// the SDK. When sending this header, there must be a corresponding x-amz-checksum
 	// or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with the
-	// HTTP status code 400 Bad Request. For more information, see Checking object
-	// integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// HTTP status code 400 Bad Request . For more information, see Checking object
+	// integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
 	// in the Amazon S3 User Guide. If you provide an individual checksum, Amazon S3
 	// ignores any provided ChecksumAlgorithm parameter.
 	ChecksumAlgorithm types.ChecksumAlgorithm
@@ -104,6 +107,9 @@ func (c *Client) addOperationPutBucketPolicyMiddlewares(stack *middleware.Stack,
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -131,7 +137,7 @@ func (c *Client) addOperationPutBucketPolicyMiddlewares(stack *middleware.Stack,
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -143,6 +149,9 @@ func (c *Client) addOperationPutBucketPolicyMiddlewares(stack *middleware.Stack,
 	if err = swapWithCustomHTTPSignerMiddleware(stack, options); err != nil {
 		return err
 	}
+	if err = addPutBucketPolicyResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpPutBucketPolicyValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -152,6 +161,9 @@ func (c *Client) addOperationPutBucketPolicyMiddlewares(stack *middleware.Stack,
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addPutBucketPolicyInputChecksumMiddlewares(stack, options); err != nil {
 		return err
 	}
@@ -170,9 +182,22 @@ func (c *Client) addOperationPutBucketPolicyMiddlewares(stack *middleware.Stack,
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
+	if err = addSerializeImmutableHostnameBucketMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
+func (v *PutBucketPolicyInput) bucket() (string, bool) {
+	if v.Bucket == nil {
+		return "", false
+	}
+	return *v.Bucket, true
+}
+
 func newServiceMetadataMiddleware_opPutBucketPolicy(region string) *awsmiddleware.RegisterServiceMetadata {
 	return &awsmiddleware.RegisterServiceMetadata{
 		Region:        region,
@@ -227,3 +252,139 @@ func addPutBucketPolicyUpdateEndpoint(stack *middleware.Stack, options Options)
 		DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
 	})
 }
+
+type opPutBucketPolicyResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opPutBucketPolicyResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opPutBucketPolicyResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	input, ok := in.Parameters.(*PutBucketPolicyInput)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	params.Bucket = input.Bucket
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "s3"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, internalauth.SigV4)
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "s3"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, v4Scheme.Name)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("s3")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			ctx = s3cust.SetSignerVersion(ctx, v4a.Version)
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addPutBucketPolicyResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opPutBucketPolicyResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:                         options.Region,
+			UseFIPS:                        options.EndpointOptions.UseFIPSEndpoint,
+			UseDualStack:                   options.EndpointOptions.UseDualStackEndpoint,
+			Endpoint:                       options.BaseEndpoint,
+			ForcePathStyle:                 options.UsePathStyle,
+			Accelerate:                     options.UseAccelerate,
+			DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
+			UseArnRegion:                   options.UseARNRegion,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketReplication.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketReplication.go
index 2213373f3..d44e96bc8 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketReplication.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketReplication.go
@@ -4,67 +4,62 @@ package s3
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	"github.com/aws/aws-sdk-go-v2/internal/v4a"
 	internalChecksum "github.com/aws/aws-sdk-go-v2/service/internal/checksum"
 	s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations"
 	"github.com/aws/aws-sdk-go-v2/service/s3/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
 
 // Creates a replication configuration or replaces an existing one. For more
-// information, see Replication
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication.html) in the Amazon
-// S3 User Guide. Specify the replication configuration in the request body. In the
-// replication configuration, you provide the name of the destination bucket or
-// buckets where you want Amazon S3 to replicate objects, the IAM role that Amazon
-// S3 can assume to replicate objects on your behalf, and other relevant
-// information. A replication configuration must include at least one rule, and can
-// contain a maximum of 1,000. Each rule identifies a subset of objects to
+// information, see Replication (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication.html)
+// in the Amazon S3 User Guide. Specify the replication configuration in the
+// request body. In the replication configuration, you provide the name of the
+// destination bucket or buckets where you want Amazon S3 to replicate objects, the
+// IAM role that Amazon S3 can assume to replicate objects on your behalf, and
+// other relevant information. You can invoke this request for a specific Amazon
+// Web Services Region by using the aws:RequestedRegion (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-requestedregion)
+// condition key. A replication configuration must include at least one rule, and
+// can contain a maximum of 1,000. Each rule identifies a subset of objects to
 // replicate by filtering the objects in the source bucket. To choose additional
 // subsets of objects to replicate, add a rule for each subset. To specify a subset
 // of the objects in the source bucket to apply a replication rule to, add the
 // Filter element as a child of the Rule element. You can filter objects based on
 // an object key prefix, one or more object tags, or both. When you add the Filter
 // element in the configuration, you must also add the following elements:
-// DeleteMarkerReplication, Status, and Priority. If you are using an earlier
+// DeleteMarkerReplication , Status , and Priority . If you are using an earlier
 // version of the replication configuration, Amazon S3 handles replication of
-// delete markers differently. For more information, see Backward Compatibility
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-add-config.html#replication-backward-compat-considerations).
-// For information about enabling versioning on a bucket, see Using Versioning
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/Versioning.html). Handling
-// Replication of Encrypted Objects By default, Amazon S3 doesn't replicate objects
-// that are stored at rest using server-side encryption with KMS keys. To replicate
-// Amazon Web Services KMS-encrypted objects, add the following:
-// SourceSelectionCriteria, SseKmsEncryptedObjects, Status,
-// EncryptionConfiguration, and ReplicaKmsKeyID. For information about replication
-// configuration, see Replicating Objects Created with SSE Using KMS keys
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-config-for-kms-objects.html).
-// For information on PutBucketReplication errors, see List of replication-related
-// error codes
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ReplicationErrorCodeList)
+// delete markers differently. For more information, see Backward Compatibility (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-add-config.html#replication-backward-compat-considerations)
+// . For information about enabling versioning on a bucket, see Using Versioning (https://docs.aws.amazon.com/AmazonS3/latest/dev/Versioning.html)
+// . Handling Replication of Encrypted Objects By default, Amazon S3 doesn't
+// replicate objects that are stored at rest using server-side encryption with KMS
+// keys. To replicate Amazon Web Services KMS-encrypted objects, add the following:
+// SourceSelectionCriteria , SseKmsEncryptedObjects , Status ,
+// EncryptionConfiguration , and ReplicaKmsKeyID . For information about
+// replication configuration, see Replicating Objects Created with SSE Using KMS
+// keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-config-for-kms-objects.html)
+// . For information on PutBucketReplication errors, see List of
+// replication-related error codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ReplicationErrorCodeList)
 // Permissions To create a PutBucketReplication request, you must have
 // s3:PutReplicationConfiguration permissions for the bucket. By default, a
 // resource owner, in this case the Amazon Web Services account that created the
 // bucket, can perform this operation. The resource owner can also grant others
 // permissions to perform the operation. For more information about permissions,
-// see Specifying Permissions in a Policy
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html) and
-// Managing Access Permissions to Your Amazon S3 Resources
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html).
-// To perform this operation, the user or role performing the action must have the
-// iam:PassRole
-// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_passrole.html)
-// permission. The following operations are related to PutBucketReplication:
-//
-// *
-// GetBucketReplication
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketReplication.html)
-//
-// *
-// DeleteBucketReplication
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketReplication.html)
+// see Specifying Permissions in a Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html)
+// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html)
+// . To perform this operation, the user or role performing the action must have
+// the iam:PassRole (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_passrole.html)
+// permission. The following operations are related to PutBucketReplication :
+//   - GetBucketReplication (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketReplication.html)
+//   - DeleteBucketReplication (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketReplication.html)
 func (c *Client) PutBucketReplication(ctx context.Context, params *PutBucketReplicationInput, optFns ...func(*Options)) (*PutBucketReplicationOutput, error) {
 	if params == nil {
 		params = &PutBucketReplicationInput{}
@@ -97,19 +92,17 @@ type PutBucketReplicationInput struct {
 	// the SDK. This header will not provide any additional functionality if not using
 	// the SDK. When sending this header, there must be a corresponding x-amz-checksum
 	// or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with the
-	// HTTP status code 400 Bad Request. For more information, see Checking object
-	// integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// HTTP status code 400 Bad Request . For more information, see Checking object
+	// integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
 	// in the Amazon S3 User Guide. If you provide an individual checksum, Amazon S3
 	// ignores any provided ChecksumAlgorithm parameter.
 	ChecksumAlgorithm types.ChecksumAlgorithm
 
-	// The base64-encoded 128-bit MD5 digest of the data. You must use this header as a
-	// message integrity check to verify that the request body was not corrupted in
-	// transit. For more information, see RFC 1864
-	// (http://www.ietf.org/rfc/rfc1864.txt). For requests made using the Amazon Web
-	// Services Command Line Interface (CLI) or Amazon Web Services SDKs, this field is
-	// calculated automatically.
+	// The base64-encoded 128-bit MD5 digest of the data. You must use this header as
+	// a message integrity check to verify that the request body was not corrupted in
+	// transit. For more information, see RFC 1864 (http://www.ietf.org/rfc/rfc1864.txt)
+	// . For requests made using the Amazon Web Services Command Line Interface (CLI)
+	// or Amazon Web Services SDKs, this field is calculated automatically.
 	ContentMD5 *string
 
 	// The account ID of the expected bucket owner. If the bucket is owned by a
@@ -139,6 +132,9 @@ func (c *Client) addOperationPutBucketReplicationMiddlewares(stack *middleware.S
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -166,7 +162,7 @@ func (c *Client) addOperationPutBucketReplicationMiddlewares(stack *middleware.S
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -178,6 +174,9 @@ func (c *Client) addOperationPutBucketReplicationMiddlewares(stack *middleware.S
 	if err = swapWithCustomHTTPSignerMiddleware(stack, options); err != nil {
 		return err
 	}
+	if err = addPutBucketReplicationResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpPutBucketReplicationValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -187,6 +186,9 @@ func (c *Client) addOperationPutBucketReplicationMiddlewares(stack *middleware.S
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addPutBucketReplicationInputChecksumMiddlewares(stack, options); err != nil {
 		return err
 	}
@@ -205,9 +207,22 @@ func (c *Client) addOperationPutBucketReplicationMiddlewares(stack *middleware.S
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
+	if err = addSerializeImmutableHostnameBucketMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
+func (v *PutBucketReplicationInput) bucket() (string, bool) {
+	if v.Bucket == nil {
+		return "", false
+	}
+	return *v.Bucket, true
+}
+
 func newServiceMetadataMiddleware_opPutBucketReplication(region string) *awsmiddleware.RegisterServiceMetadata {
 	return &awsmiddleware.RegisterServiceMetadata{
 		Region:        region,
@@ -262,3 +277,139 @@ func addPutBucketReplicationUpdateEndpoint(stack *middleware.Stack, options Opti
 		DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
 	})
 }
+
+type opPutBucketReplicationResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opPutBucketReplicationResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opPutBucketReplicationResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	input, ok := in.Parameters.(*PutBucketReplicationInput)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	params.Bucket = input.Bucket
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "s3"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, internalauth.SigV4)
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "s3"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, v4Scheme.Name)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("s3")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			ctx = s3cust.SetSignerVersion(ctx, v4a.Version)
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addPutBucketReplicationResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opPutBucketReplicationResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:                         options.Region,
+			UseFIPS:                        options.EndpointOptions.UseFIPSEndpoint,
+			UseDualStack:                   options.EndpointOptions.UseDualStackEndpoint,
+			Endpoint:                       options.BaseEndpoint,
+			ForcePathStyle:                 options.UsePathStyle,
+			Accelerate:                     options.UseAccelerate,
+			DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
+			UseArnRegion:                   options.UseARNRegion,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketRequestPayment.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketRequestPayment.go
index c89d97bec..427b7b103 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketRequestPayment.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketRequestPayment.go
@@ -4,11 +4,17 @@ package s3
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	"github.com/aws/aws-sdk-go-v2/internal/v4a"
 	internalChecksum "github.com/aws/aws-sdk-go-v2/service/internal/checksum"
 	s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations"
 	"github.com/aws/aws-sdk-go-v2/service/s3/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -16,16 +22,10 @@ import (
 // Sets the request payment configuration for a bucket. By default, the bucket
 // owner pays for downloads from the bucket. This configuration parameter enables
 // the bucket owner (only) to specify that the person requesting the download will
-// be charged for the download. For more information, see Requester Pays Buckets
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/RequesterPaysBuckets.html). The
-// following operations are related to PutBucketRequestPayment:
-//
-// * CreateBucket
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html)
-//
-// *
-// GetBucketRequestPayment
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketRequestPayment.html)
+// be charged for the download. For more information, see Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/RequesterPaysBuckets.html)
+// . The following operations are related to PutBucketRequestPayment :
+//   - CreateBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html)
+//   - GetBucketRequestPayment (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketRequestPayment.html)
 func (c *Client) PutBucketRequestPayment(ctx context.Context, params *PutBucketRequestPaymentInput, optFns ...func(*Options)) (*PutBucketRequestPaymentOutput, error) {
 	if params == nil {
 		params = &PutBucketRequestPaymentInput{}
@@ -57,19 +57,17 @@ type PutBucketRequestPaymentInput struct {
 	// the SDK. This header will not provide any additional functionality if not using
 	// the SDK. When sending this header, there must be a corresponding x-amz-checksum
 	// or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with the
-	// HTTP status code 400 Bad Request. For more information, see Checking object
-	// integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// HTTP status code 400 Bad Request . For more information, see Checking object
+	// integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
 	// in the Amazon S3 User Guide. If you provide an individual checksum, Amazon S3
 	// ignores any provided ChecksumAlgorithm parameter.
 	ChecksumAlgorithm types.ChecksumAlgorithm
 
-	// The base64-encoded 128-bit MD5 digest of the data. You must use this header as a
-	// message integrity check to verify that the request body was not corrupted in
-	// transit. For more information, see RFC 1864
-	// (http://www.ietf.org/rfc/rfc1864.txt). For requests made using the Amazon Web
-	// Services Command Line Interface (CLI) or Amazon Web Services SDKs, this field is
-	// calculated automatically.
+	// The base64-encoded 128-bit MD5 digest of the data. You must use this header as
+	// a message integrity check to verify that the request body was not corrupted in
+	// transit. For more information, see RFC 1864 (http://www.ietf.org/rfc/rfc1864.txt)
+	// . For requests made using the Amazon Web Services Command Line Interface (CLI)
+	// or Amazon Web Services SDKs, this field is calculated automatically.
 	ContentMD5 *string
 
 	// The account ID of the expected bucket owner. If the bucket is owned by a
@@ -96,6 +94,9 @@ func (c *Client) addOperationPutBucketRequestPaymentMiddlewares(stack *middlewar
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -123,7 +124,7 @@ func (c *Client) addOperationPutBucketRequestPaymentMiddlewares(stack *middlewar
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -135,6 +136,9 @@ func (c *Client) addOperationPutBucketRequestPaymentMiddlewares(stack *middlewar
 	if err = swapWithCustomHTTPSignerMiddleware(stack, options); err != nil {
 		return err
 	}
+	if err = addPutBucketRequestPaymentResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpPutBucketRequestPaymentValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -144,6 +148,9 @@ func (c *Client) addOperationPutBucketRequestPaymentMiddlewares(stack *middlewar
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addPutBucketRequestPaymentInputChecksumMiddlewares(stack, options); err != nil {
 		return err
 	}
@@ -162,9 +169,22 @@ func (c *Client) addOperationPutBucketRequestPaymentMiddlewares(stack *middlewar
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
+	if err = addSerializeImmutableHostnameBucketMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
+func (v *PutBucketRequestPaymentInput) bucket() (string, bool) {
+	if v.Bucket == nil {
+		return "", false
+	}
+	return *v.Bucket, true
+}
+
 func newServiceMetadataMiddleware_opPutBucketRequestPayment(region string) *awsmiddleware.RegisterServiceMetadata {
 	return &awsmiddleware.RegisterServiceMetadata{
 		Region:        region,
@@ -219,3 +239,139 @@ func addPutBucketRequestPaymentUpdateEndpoint(stack *middleware.Stack, options O
 		DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
 	})
 }
+
+type opPutBucketRequestPaymentResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opPutBucketRequestPaymentResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opPutBucketRequestPaymentResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	input, ok := in.Parameters.(*PutBucketRequestPaymentInput)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	params.Bucket = input.Bucket
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "s3"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, internalauth.SigV4)
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "s3"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, v4Scheme.Name)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("s3")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			ctx = s3cust.SetSignerVersion(ctx, v4a.Version)
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addPutBucketRequestPaymentResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opPutBucketRequestPaymentResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:                         options.Region,
+			UseFIPS:                        options.EndpointOptions.UseFIPSEndpoint,
+			UseDualStack:                   options.EndpointOptions.UseDualStackEndpoint,
+			Endpoint:                       options.BaseEndpoint,
+			ForcePathStyle:                 options.UsePathStyle,
+			Accelerate:                     options.UseAccelerate,
+			DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
+			UseArnRegion:                   options.UseARNRegion,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketTagging.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketTagging.go
index f41010773..9792ad38e 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketTagging.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketTagging.go
@@ -4,11 +4,17 @@ package s3
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	"github.com/aws/aws-sdk-go-v2/internal/v4a"
 	internalChecksum "github.com/aws/aws-sdk-go-v2/service/internal/checksum"
 	s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations"
 	"github.com/aws/aws-sdk-go-v2/service/s3/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -20,57 +26,31 @@ import (
 // with the same tag key values. For example, you can tag several resources with a
 // specific application name, and then organize your billing information to see the
 // total cost of that application across several services. For more information,
-// see Cost Allocation and Tagging
-// (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/cost-alloc-tags.html)
-// and Using Cost Allocation in Amazon S3 Bucket Tags
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/CostAllocTagging.html). When
-// this operation sets the tags for a bucket, it will overwrite any current tags
-// the bucket already has. You cannot use this operation to add tags to an existing
-// list of tags. To use this operation, you must have permissions to perform the
-// s3:PutBucketTagging action. The bucket owner has this permission by default and
-// can grant this permission to others. For more information about permissions, see
-// Permissions Related to Bucket Subresource Operations
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
-// and Managing Access Permissions to Your Amazon S3 Resources
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html).
-// PutBucketTagging has the following special errors:
+// see Cost Allocation and Tagging (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/cost-alloc-tags.html)
+// and Using Cost Allocation in Amazon S3 Bucket Tags (https://docs.aws.amazon.com/AmazonS3/latest/userguide/CostAllocTagging.html)
+// . When this operation sets the tags for a bucket, it will overwrite any current
+// tags the bucket already has. You cannot use this operation to add tags to an
+// existing list of tags. To use this operation, you must have permissions to
+// perform the s3:PutBucketTagging action. The bucket owner has this permission by
+// default and can grant this permission to others. For more information about
+// permissions, see Permissions Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
+// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html)
+// . PutBucketTagging has the following special errors. For more Amazon S3 errors
+// see, Error Responses (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html)
+// .
+//   - InvalidTag - The tag provided was not a valid tag. This error can occur if
+//     the tag did not pass input validation. For more information, see Using Cost
+//     Allocation in Amazon S3 Bucket Tags (https://docs.aws.amazon.com/AmazonS3/latest/userguide/CostAllocTagging.html)
+//     .
+//   - MalformedXML - The XML provided does not match the schema.
+//   - OperationAborted - A conflicting conditional action is currently in progress
+//     against this resource. Please try again.
+//   - InternalError - The service was unable to apply the provided tag to the
+//     bucket.
 //
-// * Error code:
-// InvalidTagError
-//
-// * Description: The tag provided was not a valid tag. This error
-// can occur if the tag did not pass input validation. For information about tag
-// restrictions, see User-Defined Tag Restrictions
-// (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/allocation-tag-restrictions.html)
-// and Amazon Web Services-Generated Cost Allocation Tag Restrictions
-// (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/aws-tag-restrictions.html).
-//
-// *
-// Error code: MalformedXMLError
-//
-// * Description: The XML provided does not match
-// the schema.
-//
-// * Error code: OperationAbortedError
-//
-// * Description: A conflicting
-// conditional action is currently in progress against this resource. Please try
-// again.
-//
-// * Error code: InternalError
-//
-// * Description: The service was unable to
-// apply the provided tag to the bucket.
-//
-// The following operations are related to
-// PutBucketTagging:
-//
-// * GetBucketTagging
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketTagging.html)
-//
-// *
-// DeleteBucketTagging
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketTagging.html)
+// The following operations are related to PutBucketTagging :
+//   - GetBucketTagging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketTagging.html)
+//   - DeleteBucketTagging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketTagging.html)
 func (c *Client) PutBucketTagging(ctx context.Context, params *PutBucketTaggingInput, optFns ...func(*Options)) (*PutBucketTaggingOutput, error) {
 	if params == nil {
 		params = &PutBucketTaggingInput{}
@@ -102,19 +82,17 @@ type PutBucketTaggingInput struct {
 	// the SDK. This header will not provide any additional functionality if not using
 	// the SDK. When sending this header, there must be a corresponding x-amz-checksum
 	// or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with the
-	// HTTP status code 400 Bad Request. For more information, see Checking object
-	// integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// HTTP status code 400 Bad Request . For more information, see Checking object
+	// integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
 	// in the Amazon S3 User Guide. If you provide an individual checksum, Amazon S3
 	// ignores any provided ChecksumAlgorithm parameter.
 	ChecksumAlgorithm types.ChecksumAlgorithm
 
-	// The base64-encoded 128-bit MD5 digest of the data. You must use this header as a
-	// message integrity check to verify that the request body was not corrupted in
-	// transit. For more information, see RFC 1864
-	// (http://www.ietf.org/rfc/rfc1864.txt). For requests made using the Amazon Web
-	// Services Command Line Interface (CLI) or Amazon Web Services SDKs, this field is
-	// calculated automatically.
+	// The base64-encoded 128-bit MD5 digest of the data. You must use this header as
+	// a message integrity check to verify that the request body was not corrupted in
+	// transit. For more information, see RFC 1864 (http://www.ietf.org/rfc/rfc1864.txt)
+	// . For requests made using the Amazon Web Services Command Line Interface (CLI)
+	// or Amazon Web Services SDKs, this field is calculated automatically.
 	ContentMD5 *string
 
 	// The account ID of the expected bucket owner. If the bucket is owned by a
@@ -141,6 +119,9 @@ func (c *Client) addOperationPutBucketTaggingMiddlewares(stack *middleware.Stack
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -168,7 +149,7 @@ func (c *Client) addOperationPutBucketTaggingMiddlewares(stack *middleware.Stack
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -180,6 +161,9 @@ func (c *Client) addOperationPutBucketTaggingMiddlewares(stack *middleware.Stack
 	if err = swapWithCustomHTTPSignerMiddleware(stack, options); err != nil {
 		return err
 	}
+	if err = addPutBucketTaggingResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpPutBucketTaggingValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -189,6 +173,9 @@ func (c *Client) addOperationPutBucketTaggingMiddlewares(stack *middleware.Stack
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addPutBucketTaggingInputChecksumMiddlewares(stack, options); err != nil {
 		return err
 	}
@@ -207,9 +194,22 @@ func (c *Client) addOperationPutBucketTaggingMiddlewares(stack *middleware.Stack
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
+	if err = addSerializeImmutableHostnameBucketMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
+func (v *PutBucketTaggingInput) bucket() (string, bool) {
+	if v.Bucket == nil {
+		return "", false
+	}
+	return *v.Bucket, true
+}
+
 func newServiceMetadataMiddleware_opPutBucketTagging(region string) *awsmiddleware.RegisterServiceMetadata {
 	return &awsmiddleware.RegisterServiceMetadata{
 		Region:        region,
@@ -264,3 +264,139 @@ func addPutBucketTaggingUpdateEndpoint(stack *middleware.Stack, options Options)
 		DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
 	})
 }
+
+type opPutBucketTaggingResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opPutBucketTaggingResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opPutBucketTaggingResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	input, ok := in.Parameters.(*PutBucketTaggingInput)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	params.Bucket = input.Bucket
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "s3"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, internalauth.SigV4)
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "s3"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, v4Scheme.Name)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("s3")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			ctx = s3cust.SetSignerVersion(ctx, v4a.Version)
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addPutBucketTaggingResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opPutBucketTaggingResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:                         options.Region,
+			UseFIPS:                        options.EndpointOptions.UseFIPSEndpoint,
+			UseDualStack:                   options.EndpointOptions.UseDualStackEndpoint,
+			Endpoint:                       options.BaseEndpoint,
+			ForcePathStyle:                 options.UsePathStyle,
+			Accelerate:                     options.UseAccelerate,
+			DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
+			UseArnRegion:                   options.UseARNRegion,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketVersioning.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketVersioning.go
index 6d7943e6f..9e3ddf76b 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketVersioning.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketVersioning.go
@@ -4,11 +4,17 @@ package s3
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	"github.com/aws/aws-sdk-go-v2/internal/v4a"
 	internalChecksum "github.com/aws/aws-sdk-go-v2/service/internal/checksum"
 	s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations"
 	"github.com/aws/aws-sdk-go-v2/service/s3/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -18,32 +24,22 @@ import (
 // objects in the bucket. All objects added to the bucket receive a unique version
 // ID. Suspended—Disables versioning for the objects in the bucket. All objects
 // added to the bucket receive the version ID null. If the versioning state has
-// never been set on a bucket, it has no versioning state; a GetBucketVersioning
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketVersioning.html)
+// never been set on a bucket, it has no versioning state; a GetBucketVersioning (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketVersioning.html)
 // request does not return a versioning state value. In order to enable MFA Delete,
 // you must be the bucket owner. If you are the bucket owner and want to enable MFA
 // Delete in the bucket versioning configuration, you must include the x-amz-mfa
-// request header and the Status and the MfaDelete request elements in a request to
-// set the versioning state of the bucket. If you have an object expiration
-// lifecycle policy in your non-versioned bucket and you want to maintain the same
-// permanent delete behavior when you enable versioning, you must add a noncurrent
-// expiration policy. The noncurrent expiration lifecycle policy will manage the
-// deletes of the noncurrent object versions in the version-enabled bucket. (A
-// version-enabled bucket maintains one current and zero or more noncurrent object
-// versions.) For more information, see Lifecycle and Versioning
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html#lifecycle-and-other-bucket-config).
-// Related Resources
-//
-// * CreateBucket
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html)
-//
-// *
-// DeleteBucket
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucket.html)
-//
-// *
-// GetBucketVersioning
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketVersioning.html)
+// request header and the Status and the MfaDelete request elements in a request
+// to set the versioning state of the bucket. If you have an object expiration
+// lifecycle configuration in your non-versioned bucket and you want to maintain
+// the same permanent delete behavior when you enable versioning, you must add a
+// noncurrent expiration policy. The noncurrent expiration lifecycle configuration
+// will manage the deletes of the noncurrent object versions in the version-enabled
+// bucket. (A version-enabled bucket maintains one current and zero or more
+// noncurrent object versions.) For more information, see Lifecycle and Versioning (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html#lifecycle-and-other-bucket-config)
+// . The following operations are related to PutBucketVersioning :
+//   - CreateBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html)
+//   - DeleteBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucket.html)
+//   - GetBucketVersioning (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketVersioning.html)
 func (c *Client) PutBucketVersioning(ctx context.Context, params *PutBucketVersioningInput, optFns ...func(*Options)) (*PutBucketVersioningOutput, error) {
 	if params == nil {
 		params = &PutBucketVersioningInput{}
@@ -75,19 +71,17 @@ type PutBucketVersioningInput struct {
 	// the SDK. This header will not provide any additional functionality if not using
 	// the SDK. When sending this header, there must be a corresponding x-amz-checksum
 	// or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with the
-	// HTTP status code 400 Bad Request. For more information, see Checking object
-	// integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// HTTP status code 400 Bad Request . For more information, see Checking object
+	// integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
 	// in the Amazon S3 User Guide. If you provide an individual checksum, Amazon S3
 	// ignores any provided ChecksumAlgorithm parameter.
 	ChecksumAlgorithm types.ChecksumAlgorithm
 
 	// >The base64-encoded 128-bit MD5 digest of the data. You must use this header as
 	// a message integrity check to verify that the request body was not corrupted in
-	// transit. For more information, see RFC 1864
-	// (http://www.ietf.org/rfc/rfc1864.txt). For requests made using the Amazon Web
-	// Services Command Line Interface (CLI) or Amazon Web Services SDKs, this field is
-	// calculated automatically.
+	// transit. For more information, see RFC 1864 (http://www.ietf.org/rfc/rfc1864.txt)
+	// . For requests made using the Amazon Web Services Command Line Interface (CLI)
+	// or Amazon Web Services SDKs, this field is calculated automatically.
 	ContentMD5 *string
 
 	// The account ID of the expected bucket owner. If the bucket is owned by a
@@ -95,8 +89,8 @@ type PutBucketVersioningInput struct {
 	// (access denied).
 	ExpectedBucketOwner *string
 
-	// The concatenation of the authentication device's serial number, a space, and the
-	// value that is displayed on your authentication device.
+	// The concatenation of the authentication device's serial number, a space, and
+	// the value that is displayed on your authentication device.
 	MFA *string
 
 	noSmithyDocumentSerde
@@ -118,6 +112,9 @@ func (c *Client) addOperationPutBucketVersioningMiddlewares(stack *middleware.St
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -145,7 +142,7 @@ func (c *Client) addOperationPutBucketVersioningMiddlewares(stack *middleware.St
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -157,6 +154,9 @@ func (c *Client) addOperationPutBucketVersioningMiddlewares(stack *middleware.St
 	if err = swapWithCustomHTTPSignerMiddleware(stack, options); err != nil {
 		return err
 	}
+	if err = addPutBucketVersioningResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpPutBucketVersioningValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -166,6 +166,9 @@ func (c *Client) addOperationPutBucketVersioningMiddlewares(stack *middleware.St
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addPutBucketVersioningInputChecksumMiddlewares(stack, options); err != nil {
 		return err
 	}
@@ -184,9 +187,22 @@ func (c *Client) addOperationPutBucketVersioningMiddlewares(stack *middleware.St
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
+	if err = addSerializeImmutableHostnameBucketMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
+func (v *PutBucketVersioningInput) bucket() (string, bool) {
+	if v.Bucket == nil {
+		return "", false
+	}
+	return *v.Bucket, true
+}
+
 func newServiceMetadataMiddleware_opPutBucketVersioning(region string) *awsmiddleware.RegisterServiceMetadata {
 	return &awsmiddleware.RegisterServiceMetadata{
 		Region:        region,
@@ -196,8 +212,8 @@ func newServiceMetadataMiddleware_opPutBucketVersioning(region string) *awsmiddl
 	}
 }
 
-// getPutBucketVersioningRequestAlgorithmMember gets the request checksum algorithm
-// value provided as input.
+// getPutBucketVersioningRequestAlgorithmMember gets the request checksum
+// algorithm value provided as input.
 func getPutBucketVersioningRequestAlgorithmMember(input interface{}) (string, bool) {
 	in := input.(*PutBucketVersioningInput)
 	if len(in.ChecksumAlgorithm) == 0 {
@@ -241,3 +257,139 @@ func addPutBucketVersioningUpdateEndpoint(stack *middleware.Stack, options Optio
 		DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
 	})
 }
+
+type opPutBucketVersioningResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opPutBucketVersioningResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opPutBucketVersioningResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	input, ok := in.Parameters.(*PutBucketVersioningInput)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	params.Bucket = input.Bucket
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "s3"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, internalauth.SigV4)
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "s3"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, v4Scheme.Name)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("s3")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			ctx = s3cust.SetSignerVersion(ctx, v4a.Version)
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addPutBucketVersioningResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opPutBucketVersioningResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:                         options.Region,
+			UseFIPS:                        options.EndpointOptions.UseFIPSEndpoint,
+			UseDualStack:                   options.EndpointOptions.UseDualStackEndpoint,
+			Endpoint:                       options.BaseEndpoint,
+			ForcePathStyle:                 options.UsePathStyle,
+			Accelerate:                     options.UseAccelerate,
+			DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
+			UseArnRegion:                   options.UseARNRegion,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketWebsite.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketWebsite.go
index 11cb4a355..e21b4c171 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketWebsite.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketWebsite.go
@@ -4,11 +4,17 @@ package s3
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	"github.com/aws/aws-sdk-go-v2/internal/v4a"
 	internalChecksum "github.com/aws/aws-sdk-go-v2/service/internal/checksum"
 	s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations"
 	"github.com/aws/aws-sdk-go-v2/service/s3/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -17,73 +23,45 @@ import (
 // subresource. To configure a bucket as a website, you can add this subresource on
 // the bucket with website configuration information such as the file name of the
 // index document and any redirect rules. For more information, see Hosting
-// Websites on Amazon S3
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteHosting.html). This PUT
-// action requires the S3:PutBucketWebsite permission. By default, only the bucket
-// owner can configure the website attached to a bucket; however, bucket owners can
-// allow other users to set the website configuration by writing a bucket policy
-// that grants them the S3:PutBucketWebsite permission. To redirect all website
-// requests sent to the bucket's website endpoint, you add a website configuration
-// with the following elements. Because all requests are sent to another website,
-// you don't need to provide index document name for the bucket.
+// Websites on Amazon S3 (https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteHosting.html)
+// . This PUT action requires the S3:PutBucketWebsite permission. By default, only
+// the bucket owner can configure the website attached to a bucket; however, bucket
+// owners can allow other users to set the website configuration by writing a
+// bucket policy that grants them the S3:PutBucketWebsite permission. To redirect
+// all website requests sent to the bucket's website endpoint, you add a website
+// configuration with the following elements. Because all requests are sent to
+// another website, you don't need to provide index document name for the bucket.
+//   - WebsiteConfiguration
+//   - RedirectAllRequestsTo
+//   - HostName
+//   - Protocol
 //
-// *
-// WebsiteConfiguration
+// If you want granular control over redirects, you can use the following elements
+// to add routing rules that describe conditions for redirecting requests and
+// information about the redirect destination. In this case, the website
+// configuration must provide an index document for the bucket, because some
+// requests might not be redirected.
+//   - WebsiteConfiguration
+//   - IndexDocument
+//   - Suffix
+//   - ErrorDocument
+//   - Key
+//   - RoutingRules
+//   - RoutingRule
+//   - Condition
+//   - HttpErrorCodeReturnedEquals
+//   - KeyPrefixEquals
+//   - Redirect
+//   - Protocol
+//   - HostName
+//   - ReplaceKeyPrefixWith
+//   - ReplaceKeyWith
+//   - HttpRedirectCode
 //
-// * RedirectAllRequestsTo
-//
-// * HostName
-//
-// * Protocol
-//
-// If you
-// want granular control over redirects, you can use the following elements to add
-// routing rules that describe conditions for redirecting requests and information
-// about the redirect destination. In this case, the website configuration must
-// provide an index document for the bucket, because some requests might not be
-// redirected.
-//
-// * WebsiteConfiguration
-//
-// * IndexDocument
-//
-// * Suffix
-//
-// *
-// ErrorDocument
-//
-// * Key
-//
-// * RoutingRules
-//
-// * RoutingRule
-//
-// * Condition
-//
-// *
-// HttpErrorCodeReturnedEquals
-//
-// * KeyPrefixEquals
-//
-// * Redirect
-//
-// * Protocol
-//
-// *
-// HostName
-//
-// * ReplaceKeyPrefixWith
-//
-// * ReplaceKeyWith
-//
-// * HttpRedirectCode
-//
-// Amazon
-// S3 has a limitation of 50 routing rules per website configuration. If you
-// require more than 50 routing rules, you can use object redirect. For more
-// information, see Configuring an Object Redirect
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/how-to-page-redirect.html) in
-// the Amazon S3 User Guide.
+// Amazon S3 has a limitation of 50 routing rules per website configuration. If
+// you require more than 50 routing rules, you can use object redirect. For more
+// information, see Configuring an Object Redirect (https://docs.aws.amazon.com/AmazonS3/latest/dev/how-to-page-redirect.html)
+// in the Amazon S3 User Guide. The maximum request length is limited to 128 KB.
 func (c *Client) PutBucketWebsite(ctx context.Context, params *PutBucketWebsiteInput, optFns ...func(*Options)) (*PutBucketWebsiteOutput, error) {
 	if params == nil {
 		params = &PutBucketWebsiteInput{}
@@ -115,19 +93,17 @@ type PutBucketWebsiteInput struct {
 	// the SDK. This header will not provide any additional functionality if not using
 	// the SDK. When sending this header, there must be a corresponding x-amz-checksum
 	// or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with the
-	// HTTP status code 400 Bad Request. For more information, see Checking object
-	// integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// HTTP status code 400 Bad Request . For more information, see Checking object
+	// integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
 	// in the Amazon S3 User Guide. If you provide an individual checksum, Amazon S3
 	// ignores any provided ChecksumAlgorithm parameter.
 	ChecksumAlgorithm types.ChecksumAlgorithm
 
-	// The base64-encoded 128-bit MD5 digest of the data. You must use this header as a
-	// message integrity check to verify that the request body was not corrupted in
-	// transit. For more information, see RFC 1864
-	// (http://www.ietf.org/rfc/rfc1864.txt). For requests made using the Amazon Web
-	// Services Command Line Interface (CLI) or Amazon Web Services SDKs, this field is
-	// calculated automatically.
+	// The base64-encoded 128-bit MD5 digest of the data. You must use this header as
+	// a message integrity check to verify that the request body was not corrupted in
+	// transit. For more information, see RFC 1864 (http://www.ietf.org/rfc/rfc1864.txt)
+	// . For requests made using the Amazon Web Services Command Line Interface (CLI)
+	// or Amazon Web Services SDKs, this field is calculated automatically.
 	ContentMD5 *string
 
 	// The account ID of the expected bucket owner. If the bucket is owned by a
@@ -154,6 +130,9 @@ func (c *Client) addOperationPutBucketWebsiteMiddlewares(stack *middleware.Stack
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -181,7 +160,7 @@ func (c *Client) addOperationPutBucketWebsiteMiddlewares(stack *middleware.Stack
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -193,6 +172,9 @@ func (c *Client) addOperationPutBucketWebsiteMiddlewares(stack *middleware.Stack
 	if err = swapWithCustomHTTPSignerMiddleware(stack, options); err != nil {
 		return err
 	}
+	if err = addPutBucketWebsiteResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpPutBucketWebsiteValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -202,6 +184,9 @@ func (c *Client) addOperationPutBucketWebsiteMiddlewares(stack *middleware.Stack
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addPutBucketWebsiteInputChecksumMiddlewares(stack, options); err != nil {
 		return err
 	}
@@ -220,9 +205,22 @@ func (c *Client) addOperationPutBucketWebsiteMiddlewares(stack *middleware.Stack
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
+	if err = addSerializeImmutableHostnameBucketMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
+func (v *PutBucketWebsiteInput) bucket() (string, bool) {
+	if v.Bucket == nil {
+		return "", false
+	}
+	return *v.Bucket, true
+}
+
 func newServiceMetadataMiddleware_opPutBucketWebsite(region string) *awsmiddleware.RegisterServiceMetadata {
 	return &awsmiddleware.RegisterServiceMetadata{
 		Region:        region,
@@ -277,3 +275,139 @@ func addPutBucketWebsiteUpdateEndpoint(stack *middleware.Stack, options Options)
 		DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
 	})
 }
+
+type opPutBucketWebsiteResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opPutBucketWebsiteResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opPutBucketWebsiteResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	input, ok := in.Parameters.(*PutBucketWebsiteInput)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	params.Bucket = input.Bucket
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "s3"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, internalauth.SigV4)
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "s3"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, v4Scheme.Name)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("s3")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			ctx = s3cust.SetSignerVersion(ctx, v4a.Version)
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addPutBucketWebsiteResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opPutBucketWebsiteResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:                         options.Region,
+			UseFIPS:                        options.EndpointOptions.UseFIPSEndpoint,
+			UseDualStack:                   options.EndpointOptions.UseDualStackEndpoint,
+			Endpoint:                       options.BaseEndpoint,
+			ForcePathStyle:                 options.UsePathStyle,
+			Accelerate:                     options.UseAccelerate,
+			DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
+			UseArnRegion:                   options.UseARNRegion,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutObject.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutObject.go
index 643364061..51c2f1fd4 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutObject.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutObject.go
@@ -4,12 +4,18 @@ package s3
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
 	awshttp "github.com/aws/aws-sdk-go-v2/aws/transport/http"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	"github.com/aws/aws-sdk-go-v2/internal/v4a"
 	internalChecksum "github.com/aws/aws-sdk-go-v2/service/internal/checksum"
 	s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations"
 	"github.com/aws/aws-sdk-go-v2/service/s3/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 	"io"
@@ -18,87 +24,71 @@ import (
 
 // Adds an object to a bucket. You must have WRITE permissions on a bucket to add
 // an object to it. Amazon S3 never adds partial objects; if you receive a success
-// response, Amazon S3 added the entire object to the bucket. Amazon S3 is a
-// distributed system. If it receives multiple write requests for the same object
-// simultaneously, it overwrites all but the last object written. Amazon S3 does
-// not provide object locking; if you need this, make sure to build it into your
-// application layer or use versioning instead. To ensure that data is not
-// corrupted traversing the network, use the Content-MD5 header. When you use this
-// header, Amazon S3 checks the object against the provided MD5 value and, if they
-// do not match, returns an error. Additionally, you can calculate the MD5 while
-// putting an object to Amazon S3 and compare the returned ETag to the calculated
-// MD5 value.
+// response, Amazon S3 added the entire object to the bucket. You cannot use
+// PutObject to only update a single piece of metadata for an existing object. You
+// must put the entire object with updated metadata if you want to update some
+// values. Amazon S3 is a distributed system. If it receives multiple write
+// requests for the same object simultaneously, it overwrites all but the last
+// object written. To prevent objects from being deleted or overwritten, you can
+// use Amazon S3 Object Lock (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock.html)
+// . To ensure that data is not corrupted traversing the network, use the
+// Content-MD5 header. When you use this header, Amazon S3 checks the object
+// against the provided MD5 value and, if they do not match, returns an error.
+// Additionally, you can calculate the MD5 while putting an object to Amazon S3 and
+// compare the returned ETag to the calculated MD5 value.
+//   - To successfully complete the PutObject request, you must have the
+//     s3:PutObject in your IAM permissions.
+//   - To successfully change the objects acl of your PutObject request, you must
+//     have the s3:PutObjectAcl in your IAM permissions.
+//   - To successfully set the tag-set with your PutObject request, you must have
+//     the s3:PutObjectTagging in your IAM permissions.
+//   - The Content-MD5 header is required for any request to upload an object with
+//     a retention period configured using Amazon S3 Object Lock. For more information
+//     about Amazon S3 Object Lock, see Amazon S3 Object Lock Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock-overview.html)
+//     in the Amazon S3 User Guide.
 //
-// * To successfully complete the PutObject request, you must have the
-// s3:PutObject in your IAM permissions.
-//
-// * To successfully change the objects acl
-// of your PutObject request, you must have the s3:PutObjectAcl in your IAM
-// permissions.
-//
-// * The Content-MD5 header is required for any request to upload an
-// object with a retention period configured using Amazon S3 Object Lock. For more
-// information about Amazon S3 Object Lock, see Amazon S3 Object Lock Overview
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock-overview.html) in
-// the Amazon S3 User Guide.
-//
-// Server-side Encryption You can optionally request
-// server-side encryption. With server-side encryption, Amazon S3 encrypts your
-// data as it writes it to disks in its data centers and decrypts the data when you
-// access it. You have the option to provide your own encryption key or use Amazon
-// Web Services managed encryption keys (SSE-S3 or SSE-KMS). For more information,
-// see Using Server-Side Encryption
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html).
-// If you request server-side encryption using Amazon Web Services Key Management
-// Service (SSE-KMS), you can enable an S3 Bucket Key at the object-level. For more
-// information, see Amazon S3 Bucket Keys
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-key.html) in the Amazon
-// S3 User Guide. Access Control List (ACL)-Specific Request Headers You can use
-// headers to grant ACL- based permissions. By default, all objects are private.
-// Only the owner has full access control. When adding a new object, you can grant
-// permissions to individual Amazon Web Services accounts or to predefined groups
-// defined by Amazon S3. These permissions are then added to the ACL on the object.
-// For more information, see Access Control List (ACL) Overview
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html) and Managing
-// ACLs Using the REST API
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-using-rest-api.html). If
-// the bucket that you're uploading objects to uses the bucket owner enforced
+// You have four mutually exclusive options to protect data using server-side
+// encryption in Amazon S3, depending on how you choose to manage the encryption
+// keys. Specifically, the encryption key options are Amazon S3 managed keys
+// (SSE-S3), Amazon Web Services KMS keys (SSE-KMS or DSSE-KMS), and
+// customer-provided keys (SSE-C). Amazon S3 encrypts data with server-side
+// encryption by using Amazon S3 managed keys (SSE-S3) by default. You can
+// optionally tell Amazon S3 to encrypt data at rest by using server-side
+// encryption with other key options. For more information, see Using Server-Side
+// Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html)
+// . When adding a new object, you can use headers to grant ACL-based permissions
+// to individual Amazon Web Services accounts or to predefined groups defined by
+// Amazon S3. These permissions are then added to the ACL on the object. By
+// default, all objects are private. Only the owner has full access control. For
+// more information, see Access Control List (ACL) Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html)
+// and Managing ACLs Using the REST API (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-using-rest-api.html)
+// . If the bucket that you're uploading objects to uses the bucket owner enforced
 // setting for S3 Object Ownership, ACLs are disabled and no longer affect
 // permissions. Buckets that use this setting only accept PUT requests that don't
 // specify an ACL or PUT requests that specify bucket owner full control ACLs, such
 // as the bucket-owner-full-control canned ACL or an equivalent form of this ACL
 // expressed in the XML format. PUT requests that contain other ACLs (for example,
 // custom grants to certain Amazon Web Services accounts) fail and return a 400
-// error with the error code AccessControlListNotSupported. For more information,
-// see  Controlling ownership of objects and disabling ACLs
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html)
+// error with the error code AccessControlListNotSupported . For more information,
+// see Controlling ownership of objects and disabling ACLs (https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html)
 // in the Amazon S3 User Guide. If your bucket uses the bucket owner enforced
 // setting for Object Ownership, all objects written to the bucket by any account
-// will be owned by the bucket owner. Storage Class Options By default, Amazon S3
-// uses the STANDARD Storage Class to store newly created objects. The STANDARD
-// storage class provides high durability and high availability. Depending on
-// performance needs, you can specify a different Storage Class. Amazon S3 on
-// Outposts only uses the OUTPOSTS Storage Class. For more information, see Storage
-// Classes
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html) in
-// the Amazon S3 User Guide. Versioning If you enable versioning for a bucket,
-// Amazon S3 automatically generates a unique version ID for the object being
-// stored. Amazon S3 returns this ID in the response. When you enable versioning
-// for a bucket, if Amazon S3 receives multiple write requests for the same object
-// simultaneously, it stores all of the objects. For more information about
-// versioning, see Adding Objects to Versioning Enabled Buckets
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/AddingObjectstoVersioningEnabledBuckets.html).
-// For information about returning the versioning state of a bucket, see
-// GetBucketVersioning
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketVersioning.html).
-// Related Resources
-//
-// * CopyObject
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html)
-//
-// *
-// DeleteObject
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObject.html)
+// will be owned by the bucket owner. By default, Amazon S3 uses the STANDARD
+// Storage Class to store newly created objects. The STANDARD storage class
+// provides high durability and high availability. Depending on performance needs,
+// you can specify a different Storage Class. Amazon S3 on Outposts only uses the
+// OUTPOSTS Storage Class. For more information, see Storage Classes (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html)
+// in the Amazon S3 User Guide. If you enable versioning for a bucket, Amazon S3
+// automatically generates a unique version ID for the object being stored. Amazon
+// S3 returns this ID in the response. When you enable versioning for a bucket, if
+// Amazon S3 receives multiple write requests for the same object simultaneously,
+// it stores all of the objects. For more information about versioning, see Adding
+// Objects to Versioning-Enabled Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/AddingObjectstoVersioningEnabledBuckets.html)
+// . For information about returning the versioning state of a bucket, see
+// GetBucketVersioning (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketVersioning.html)
+// . For more information about related Amazon S3 APIs, see the following:
+//   - CopyObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html)
+//   - DeleteObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObject.html)
 func (c *Client) PutObject(ctx context.Context, params *PutObjectInput, optFns ...func(*Options)) (*PutObjectOutput, error) {
 	if params == nil {
 		params = &PutObjectInput{}
@@ -122,17 +112,15 @@ type PutObjectInput struct {
 	// AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this
 	// action with an access point through the Amazon Web Services SDKs, you provide
 	// the access point ARN in place of the bucket name. For more information about
-	// access point ARNs, see Using access points
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
-	// in the Amazon S3 User Guide. When using this action with Amazon S3 on Outposts,
-	// you must direct requests to the S3 on Outposts hostname. The S3 on Outposts
-	// hostname takes the form
-	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When using
-	// this action with S3 on Outposts through the Amazon Web Services SDKs, you
-	// provide the Outposts bucket ARN in place of the bucket name. For more
-	// information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) in the
-	// Amazon S3 User Guide.
+	// access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
+	// in the Amazon S3 User Guide. When you use this action with Amazon S3 on
+	// Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on
+	// Outposts hostname takes the form
+	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com . When you
+	// use this action with S3 on Outposts through the Amazon Web Services SDKs, you
+	// provide the Outposts access point ARN in place of the bucket name. For more
+	// information about S3 on Outposts ARNs, see What is S3 on Outposts? (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
+	// in the Amazon S3 User Guide.
 	//
 	// This member is required.
 	Bucket *string
@@ -142,33 +130,31 @@ type PutObjectInput struct {
 	// This member is required.
 	Key *string
 
-	// The canned ACL to apply to the object. For more information, see Canned ACL
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL).
-	// This action is not supported by Amazon S3 on Outposts.
+	// The canned ACL to apply to the object. For more information, see Canned ACL (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL)
+	// . This action is not supported by Amazon S3 on Outposts.
 	ACL types.ObjectCannedACL
 
 	// Object data.
 	Body io.Reader
 
 	// Specifies whether Amazon S3 should use an S3 Bucket Key for object encryption
-	// with server-side encryption using AWS KMS (SSE-KMS). Setting this header to true
-	// causes Amazon S3 to use an S3 Bucket Key for object encryption with SSE-KMS.
-	// Specifying this header with a PUT action doesn’t affect bucket-level settings
-	// for S3 Bucket Key.
+	// with server-side encryption using Key Management Service (KMS) keys (SSE-KMS).
+	// Setting this header to true causes Amazon S3 to use an S3 Bucket Key for object
+	// encryption with SSE-KMS. Specifying this header with a PUT action doesn’t affect
+	// bucket-level settings for S3 Bucket Key.
 	BucketKeyEnabled bool
 
 	// Can be used to specify caching behavior along the request/reply chain. For more
-	// information, see http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9
-	// (http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9).
+	// information, see http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9 (http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9)
+	// .
 	CacheControl *string
 
 	// Indicates the algorithm used to create the checksum for the object when using
 	// the SDK. This header will not provide any additional functionality if not using
 	// the SDK. When sending this header, there must be a corresponding x-amz-checksum
 	// or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with the
-	// HTTP status code 400 Bad Request. For more information, see Checking object
-	// integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// HTTP status code 400 Bad Request . For more information, see Checking object
+	// integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
 	// in the Amazon S3 User Guide. If you provide an individual checksum, Amazon S3
 	// ignores any provided ChecksumAlgorithm parameter.
 	ChecksumAlgorithm types.ChecksumAlgorithm
@@ -176,45 +162,41 @@ type PutObjectInput struct {
 	// This header can be used as a data integrity check to verify that the data
 	// received is the same data that was originally sent. This header specifies the
 	// base64-encoded, 32-bit CRC32 checksum of the object. For more information, see
-	// Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
 	// in the Amazon S3 User Guide.
 	ChecksumCRC32 *string
 
 	// This header can be used as a data integrity check to verify that the data
 	// received is the same data that was originally sent. This header specifies the
 	// base64-encoded, 32-bit CRC32C checksum of the object. For more information, see
-	// Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
 	// in the Amazon S3 User Guide.
 	ChecksumCRC32C *string
 
 	// This header can be used as a data integrity check to verify that the data
 	// received is the same data that was originally sent. This header specifies the
 	// base64-encoded, 160-bit SHA-1 digest of the object. For more information, see
-	// Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
 	// in the Amazon S3 User Guide.
 	ChecksumSHA1 *string
 
 	// This header can be used as a data integrity check to verify that the data
 	// received is the same data that was originally sent. This header specifies the
 	// base64-encoded, 256-bit SHA-256 digest of the object. For more information, see
-	// Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
 	// in the Amazon S3 User Guide.
 	ChecksumSHA256 *string
 
 	// Specifies presentational information for the object. For more information, see
-	// http://www.w3.org/Protocols/rfc2616/rfc2616-sec19.html#sec19.5.1
-	// (http://www.w3.org/Protocols/rfc2616/rfc2616-sec19.html#sec19.5.1).
+	// https://www.rfc-editor.org/rfc/rfc6266#section-4 (https://www.rfc-editor.org/rfc/rfc6266#section-4)
+	// .
 	ContentDisposition *string
 
 	// Specifies what content encodings have been applied to the object and thus what
 	// decoding mechanisms must be applied to obtain the media-type referenced by the
 	// Content-Type header field. For more information, see
-	// http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.11
-	// (http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.11).
+	// https://www.rfc-editor.org/rfc/rfc9110.html#field.content-encoding (https://www.rfc-editor.org/rfc/rfc9110.html#field.content-encoding)
+	// .
 	ContentEncoding *string
 
 	// The language the content is in.
@@ -222,8 +204,8 @@ type PutObjectInput struct {
 
 	// Size of the body in bytes. This parameter is useful when the size of the body
 	// cannot be determined automatically. For more information, see
-	// http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.13
-	// (http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.13).
+	// https://www.rfc-editor.org/rfc/rfc9110.html#name-content-length (https://www.rfc-editor.org/rfc/rfc9110.html#name-content-length)
+	// .
 	ContentLength int64
 
 	// The base64-encoded 128-bit MD5 digest of the message (without the headers)
@@ -231,13 +213,13 @@ type PutObjectInput struct {
 	// verify that the data is the same data that was originally sent. Although it is
 	// optional, we recommend using the Content-MD5 mechanism as an end-to-end
 	// integrity check. For more information about REST request authentication, see
-	// REST Authentication
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html).
+	// REST Authentication (https://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html)
+	// .
 	ContentMD5 *string
 
 	// A standard MIME type describing the format of the contents. For more
-	// information, see http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.17
-	// (http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.17).
+	// information, see https://www.rfc-editor.org/rfc/rfc9110.html#name-content-type (https://www.rfc-editor.org/rfc/rfc9110.html#name-content-type)
+	// .
 	ContentType *string
 
 	// The account ID of the expected bucket owner. If the bucket is owned by a
@@ -246,8 +228,8 @@ type PutObjectInput struct {
 	ExpectedBucketOwner *string
 
 	// The date and time at which the object is no longer cacheable. For more
-	// information, see http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.21
-	// (http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.21).
+	// information, see https://www.rfc-editor.org/rfc/rfc7234#section-5.3 (https://www.rfc-editor.org/rfc/rfc7234#section-5.3)
+	// .
 	Expires *time.Time
 
 	// Gives the grantee READ, READ_ACP, and WRITE_ACP permissions on the object. This
@@ -258,8 +240,8 @@ type PutObjectInput struct {
 	// supported by Amazon S3 on Outposts.
 	GrantRead *string
 
-	// Allows grantee to read the object ACL. This action is not supported by Amazon S3
-	// on Outposts.
+	// Allows grantee to read the object ACL. This action is not supported by Amazon
+	// S3 on Outposts.
 	GrantReadACP *string
 
 	// Allows grantee to write the ACL for the applicable object. This action is not
@@ -270,8 +252,8 @@ type PutObjectInput struct {
 	Metadata map[string]string
 
 	// Specifies whether a legal hold will be applied to this object. For more
-	// information about S3 Object Lock, see Object Lock
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html).
+	// information about S3 Object Lock, see Object Lock (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html)
+	// .
 	ObjectLockLegalHoldStatus types.ObjectLockLegalHoldStatus
 
 	// The Object Lock mode that you want to apply to this object.
@@ -282,10 +264,11 @@ type PutObjectInput struct {
 	ObjectLockRetainUntilDate *time.Time
 
 	// Confirms that the requester knows that they will be charged for the request.
-	// Bucket owners need not specify this parameter in their requests. For information
-	// about downloading objects from Requester Pays buckets, see Downloading Objects
-	// in Requester Pays Buckets
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
+	// Bucket owners need not specify this parameter in their requests. If either the
+	// source or destination Amazon S3 bucket has Requester Pays enabled, the requester
+	// will pay for corresponding charges to copy the object. For information about
+	// downloading objects from Requester Pays buckets, see Downloading Objects in
+	// Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
 	// in the Amazon S3 User Guide.
 	RequestPayer types.RequestPayer
 
@@ -307,49 +290,50 @@ type PutObjectInput struct {
 
 	// Specifies the Amazon Web Services KMS Encryption Context to use for object
 	// encryption. The value of this header is a base64-encoded UTF-8 string holding
-	// JSON with the encryption context key-value pairs.
+	// JSON with the encryption context key-value pairs. This value is stored as object
+	// metadata and automatically gets passed on to Amazon Web Services KMS for future
+	// GetObject or CopyObject operations on this object.
 	SSEKMSEncryptionContext *string
 
-	// If x-amz-server-side-encryption is present and has the value of aws:kms, this
-	// header specifies the ID of the Amazon Web Services Key Management Service
-	// (Amazon Web Services KMS) symmetrical customer managed key that was used for the
-	// object. If you specify x-amz-server-side-encryption:aws:kms, but do not provide
-	// x-amz-server-side-encryption-aws-kms-key-id, Amazon S3 uses the Amazon Web
-	// Services managed key to protect the data. If the KMS key does not exist in the
-	// same account issuing the command, you must use the full ARN and not just the ID.
+	// If x-amz-server-side-encryption has a valid value of aws:kms or aws:kms:dsse ,
+	// this header specifies the ID (Key ID, Key ARN, or Key Alias) of the Key
+	// Management Service (KMS) symmetric encryption customer managed key that was used
+	// for the object. If you specify x-amz-server-side-encryption:aws:kms or
+	// x-amz-server-side-encryption:aws:kms:dsse , but do not provide
+	// x-amz-server-side-encryption-aws-kms-key-id , Amazon S3 uses the Amazon Web
+	// Services managed key ( aws/s3 ) to protect the data. If the KMS key does not
+	// exist in the same account that's issuing the command, you must use the full ARN
+	// and not just the ID.
 	SSEKMSKeyId *string
 
 	// The server-side encryption algorithm used when storing this object in Amazon S3
-	// (for example, AES256, aws:kms).
+	// (for example, AES256 , aws:kms , aws:kms:dsse ).
 	ServerSideEncryption types.ServerSideEncryption
 
 	// By default, Amazon S3 uses the STANDARD Storage Class to store newly created
 	// objects. The STANDARD storage class provides high durability and high
 	// availability. Depending on performance needs, you can specify a different
 	// Storage Class. Amazon S3 on Outposts only uses the OUTPOSTS Storage Class. For
-	// more information, see Storage Classes
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html) in
-	// the Amazon S3 User Guide.
+	// more information, see Storage Classes (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html)
+	// in the Amazon S3 User Guide.
 	StorageClass types.StorageClass
 
-	// The tag-set for the object. The tag-set must be encoded as URL Query parameters.
-	// (For example, "Key1=Value1")
+	// The tag-set for the object. The tag-set must be encoded as URL Query
+	// parameters. (For example, "Key1=Value1")
 	Tagging *string
 
 	// If the bucket is configured as a website, redirects requests for this object to
 	// another object in the same bucket or to an external URL. Amazon S3 stores the
 	// value of this header in the object metadata. For information about object
-	// metadata, see Object Key and Metadata
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMetadata.html). In the
-	// following example, the request header sets the redirect to an object
+	// metadata, see Object Key and Metadata (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMetadata.html)
+	// . In the following example, the request header sets the redirect to an object
 	// (anotherPage.html) in the same bucket: x-amz-website-redirect-location:
 	// /anotherPage.html In the following example, the request header sets the object
 	// redirect to another website: x-amz-website-redirect-location:
 	// http://www.example.com/ For more information about website hosting in Amazon S3,
-	// see Hosting Websites on Amazon S3
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteHosting.html) and How to
-	// Configure Website Page Redirects
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/how-to-page-redirect.html).
+	// see Hosting Websites on Amazon S3 (https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteHosting.html)
+	// and How to Configure Website Page Redirects (https://docs.aws.amazon.com/AmazonS3/latest/dev/how-to-page-redirect.html)
+	// .
 	WebsiteRedirectLocation *string
 
 	noSmithyDocumentSerde
@@ -358,38 +342,34 @@ type PutObjectInput struct {
 type PutObjectOutput struct {
 
 	// Indicates whether the uploaded object uses an S3 Bucket Key for server-side
-	// encryption with Amazon Web Services KMS (SSE-KMS).
+	// encryption with Key Management Service (KMS) keys (SSE-KMS).
 	BucketKeyEnabled bool
 
 	// The base64-encoded, 32-bit CRC32 checksum of the object. This will only be
 	// present if it was uploaded with the object. With multipart uploads, this may not
 	// be a checksum value of the object. For more information about how checksums are
-	// calculated with multipart uploads, see  Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
 	// in the Amazon S3 User Guide.
 	ChecksumCRC32 *string
 
 	// The base64-encoded, 32-bit CRC32C checksum of the object. This will only be
 	// present if it was uploaded with the object. With multipart uploads, this may not
 	// be a checksum value of the object. For more information about how checksums are
-	// calculated with multipart uploads, see  Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
 	// in the Amazon S3 User Guide.
 	ChecksumCRC32C *string
 
 	// The base64-encoded, 160-bit SHA-1 digest of the object. This will only be
 	// present if it was uploaded with the object. With multipart uploads, this may not
 	// be a checksum value of the object. For more information about how checksums are
-	// calculated with multipart uploads, see  Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
 	// in the Amazon S3 User Guide.
 	ChecksumSHA1 *string
 
 	// The base64-encoded, 256-bit SHA-256 digest of the object. This will only be
 	// present if it was uploaded with the object. With multipart uploads, this may not
 	// be a checksum value of the object. For more information about how checksums are
-	// calculated with multipart uploads, see  Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
 	// in the Amazon S3 User Guide.
 	ChecksumSHA256 *string
 
@@ -397,9 +377,8 @@ type PutObjectOutput struct {
 	ETag *string
 
 	// If the expiration is configured for the object (see
-	// PutBucketLifecycleConfiguration
-	// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycleConfiguration.html)),
-	// the response includes this header. It includes the expiry-date and rule-id
+	// PutBucketLifecycleConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycleConfiguration.html)
+	// ), the response includes this header. It includes the expiry-date and rule-id
 	// key-value pairs that provide information about object expiration. The value of
 	// the rule-id is URL-encoded.
 	Expiration *string
@@ -408,30 +387,30 @@ type PutObjectOutput struct {
 	// request.
 	RequestCharged types.RequestCharged
 
-	// If server-side encryption with a customer-provided encryption key was requested,
-	// the response will include this header confirming the encryption algorithm used.
+	// If server-side encryption with a customer-provided encryption key was
+	// requested, the response will include this header confirming the encryption
+	// algorithm used.
 	SSECustomerAlgorithm *string
 
-	// If server-side encryption with a customer-provided encryption key was requested,
-	// the response will include this header to provide round-trip message integrity
-	// verification of the customer-provided encryption key.
+	// If server-side encryption with a customer-provided encryption key was
+	// requested, the response will include this header to provide round-trip message
+	// integrity verification of the customer-provided encryption key.
 	SSECustomerKeyMD5 *string
 
 	// If present, specifies the Amazon Web Services KMS Encryption Context to use for
 	// object encryption. The value of this header is a base64-encoded UTF-8 string
-	// holding JSON with the encryption context key-value pairs.
+	// holding JSON with the encryption context key-value pairs. This value is stored
+	// as object metadata and automatically gets passed on to Amazon Web Services KMS
+	// for future GetObject or CopyObject operations on this object.
 	SSEKMSEncryptionContext *string
 
-	// If x-amz-server-side-encryption is present and has the value of aws:kms, this
-	// header specifies the ID of the Amazon Web Services Key Management Service
-	// (Amazon Web Services KMS) symmetric customer managed key that was used for the
-	// object.
+	// If x-amz-server-side-encryption has a valid value of aws:kms or aws:kms:dsse ,
+	// this header specifies the ID of the Key Management Service (KMS) symmetric
+	// encryption customer managed key that was used for the object.
 	SSEKMSKeyId *string
 
-	// If you specified server-side encryption either with an Amazon Web Services KMS
-	// key or Amazon S3-managed encryption key in your PUT request, the response
-	// includes this header. It confirms the encryption algorithm that Amazon S3 used
-	// to encrypt the object.
+	// The server-side encryption algorithm used when storing this object in Amazon S3
+	// (for example, AES256 , aws:kms , aws:kms:dsse ).
 	ServerSideEncryption types.ServerSideEncryption
 
 	// Version of the object.
@@ -452,6 +431,9 @@ func (c *Client) addOperationPutObjectMiddlewares(stack *middleware.Stack, optio
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -479,7 +461,7 @@ func (c *Client) addOperationPutObjectMiddlewares(stack *middleware.Stack, optio
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -491,6 +473,9 @@ func (c *Client) addOperationPutObjectMiddlewares(stack *middleware.Stack, optio
 	if err = swapWithCustomHTTPSignerMiddleware(stack, options); err != nil {
 		return err
 	}
+	if err = addPutObjectResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpPutObjectValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -500,6 +485,12 @@ func (c *Client) addOperationPutObjectMiddlewares(stack *middleware.Stack, optio
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = add100Continue(stack, options); err != nil {
+		return err
+	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addPutObjectInputChecksumMiddlewares(stack, options); err != nil {
 		return err
 	}
@@ -521,9 +512,22 @@ func (c *Client) addOperationPutObjectMiddlewares(stack *middleware.Stack, optio
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
+	if err = addSerializeImmutableHostnameBucketMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
+func (v *PutObjectInput) bucket() (string, bool) {
+	if v.Bucket == nil {
+		return "", false
+	}
+	return *v.Bucket, true
+}
+
 func newServiceMetadataMiddleware_opPutObject(region string) *awsmiddleware.RegisterServiceMetadata {
 	return &awsmiddleware.RegisterServiceMetadata{
 		Region:        region,
@@ -611,3 +615,139 @@ func addPutObjectPayloadAsUnsigned(stack *middleware.Stack, options Options) err
 	v4.RemoveComputePayloadSHA256Middleware(stack)
 	return v4.AddUnsignedPayloadMiddleware(stack)
 }
+
+type opPutObjectResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opPutObjectResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opPutObjectResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	input, ok := in.Parameters.(*PutObjectInput)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	params.Bucket = input.Bucket
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "s3"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, internalauth.SigV4)
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "s3"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, v4Scheme.Name)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("s3")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			ctx = s3cust.SetSignerVersion(ctx, v4a.Version)
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addPutObjectResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opPutObjectResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:                         options.Region,
+			UseFIPS:                        options.EndpointOptions.UseFIPSEndpoint,
+			UseDualStack:                   options.EndpointOptions.UseDualStackEndpoint,
+			Endpoint:                       options.BaseEndpoint,
+			ForcePathStyle:                 options.UsePathStyle,
+			Accelerate:                     options.UseAccelerate,
+			DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
+			UseArnRegion:                   options.UseARNRegion,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutObjectAcl.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutObjectAcl.go
index 05a377b5b..22a0dcc22 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutObjectAcl.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutObjectAcl.go
@@ -4,11 +4,17 @@ package s3
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	"github.com/aws/aws-sdk-go-v2/internal/v4a"
 	internalChecksum "github.com/aws/aws-sdk-go-v2/service/internal/checksum"
 	s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations"
 	"github.com/aws/aws-sdk-go-v2/service/s3/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -16,137 +22,84 @@ import (
 // Uses the acl subresource to set the access control list (ACL) permissions for a
 // new or existing object in an S3 bucket. You must have WRITE_ACP permission to
 // set the ACL of an object. For more information, see What permissions can I
-// grant?
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#permissions)
+// grant? (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#permissions)
 // in the Amazon S3 User Guide. This action is not supported by Amazon S3 on
 // Outposts. Depending on your application needs, you can choose to set the ACL on
 // an object using either the request body or the headers. For example, if you have
 // an existing application that updates a bucket ACL using the request body, you
-// can continue to use that approach. For more information, see Access Control List
-// (ACL) Overview
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html) in the
-// Amazon S3 User Guide. If your bucket uses the bucket owner enforced setting for
-// S3 Object Ownership, ACLs are disabled and no longer affect permissions. You
-// must use policies to grant access to your bucket and the objects in it. Requests
-// to set ACLs or update ACLs fail and return the AccessControlListNotSupported
-// error code. Requests to read ACLs are still supported. For more information, see
-// Controlling object ownership
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html)
-// in the Amazon S3 User Guide. Access Permissions You can set access permissions
-// using one of the following methods:
+// can continue to use that approach. For more information, see Access Control
+// List (ACL) Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html)
+// in the Amazon S3 User Guide. If your bucket uses the bucket owner enforced
+// setting for S3 Object Ownership, ACLs are disabled and no longer affect
+// permissions. You must use policies to grant access to your bucket and the
+// objects in it. Requests to set ACLs or update ACLs fail and return the
+// AccessControlListNotSupported error code. Requests to read ACLs are still
+// supported. For more information, see Controlling object ownership (https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html)
+// in the Amazon S3 User Guide. Permissions You can set access permissions using
+// one of the following methods:
+//   - Specify a canned ACL with the x-amz-acl request header. Amazon S3 supports a
+//     set of predefined ACLs, known as canned ACLs. Each canned ACL has a predefined
+//     set of grantees and permissions. Specify the canned ACL name as the value of
+//     x-amz-ac l. If you use this header, you cannot use other access
+//     control-specific headers in your request. For more information, see Canned ACL (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL)
+//     .
+//   - Specify access permissions explicitly with the x-amz-grant-read ,
+//     x-amz-grant-read-acp , x-amz-grant-write-acp , and x-amz-grant-full-control
+//     headers. When using these headers, you specify explicit access permissions and
+//     grantees (Amazon Web Services accounts or Amazon S3 groups) who will receive the
+//     permission. If you use these ACL-specific headers, you cannot use x-amz-acl
+//     header to set a canned ACL. These parameters map to the set of permissions that
+//     Amazon S3 supports in an ACL. For more information, see Access Control List
+//     (ACL) Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html)
+//     . You specify each grantee as a type=value pair, where the type is one of the
+//     following:
+//   - id – if the value specified is the canonical user ID of an Amazon Web
+//     Services account
+//   - uri – if you are granting permissions to a predefined group
+//   - emailAddress – if the value specified is the email address of an Amazon Web
+//     Services account Using email addresses to specify a grantee is only supported in
+//     the following Amazon Web Services Regions:
+//   - US East (N. Virginia)
+//   - US West (N. California)
+//   - US West (Oregon)
+//   - Asia Pacific (Singapore)
+//   - Asia Pacific (Sydney)
+//   - Asia Pacific (Tokyo)
+//   - Europe (Ireland)
+//   - South America (São Paulo) For a list of all the Amazon S3 supported Regions
+//     and endpoints, see Regions and Endpoints (https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region)
+//     in the Amazon Web Services General Reference. For example, the following
+//     x-amz-grant-read header grants list objects permission to the two Amazon Web
+//     Services accounts identified by their email addresses. x-amz-grant-read:
+//     emailAddress="xyz@amazon.com", emailAddress="abc@amazon.com"
 //
-// * Specify a canned ACL with the x-amz-acl
-// request header. Amazon S3 supports a set of predefined ACLs, known as canned
-// ACLs. Each canned ACL has a predefined set of grantees and permissions. Specify
-// the canned ACL name as the value of x-amz-acl. If you use this header, you
-// cannot use other access control-specific headers in your request. For more
-// information, see Canned ACL
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL).
+// You can use either a canned ACL or specify access permissions explicitly. You
+// cannot do both. Grantee Values You can specify the person (grantee) to whom
+// you're assigning access rights (using request elements) in the following ways:
+//   - By the person's ID: <>ID<><>GranteesEmail<> DisplayName is optional and
+//     ignored in the request.
+//   - By URI: <>http://acs.amazonaws.com/groups/global/AuthenticatedUsers<>
+//   - By Email address: <>Grantees@email.com<>lt;/Grantee> The grantee is resolved
+//     to the CanonicalUser and, in a response to a GET Object acl request, appears as
+//     the CanonicalUser. Using email addresses to specify a grantee is only supported
+//     in the following Amazon Web Services Regions:
+//   - US East (N. Virginia)
+//   - US West (N. California)
+//   - US West (Oregon)
+//   - Asia Pacific (Singapore)
+//   - Asia Pacific (Sydney)
+//   - Asia Pacific (Tokyo)
+//   - Europe (Ireland)
+//   - South America (São Paulo) For a list of all the Amazon S3 supported Regions
+//     and endpoints, see Regions and Endpoints (https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region)
+//     in the Amazon Web Services General Reference.
 //
-// *
-// Specify access permissions explicitly with the x-amz-grant-read,
-// x-amz-grant-read-acp, x-amz-grant-write-acp, and x-amz-grant-full-control
-// headers. When using these headers, you specify explicit access permissions and
-// grantees (Amazon Web Services accounts or Amazon S3 groups) who will receive the
-// permission. If you use these ACL-specific headers, you cannot use x-amz-acl
-// header to set a canned ACL. These parameters map to the set of permissions that
-// Amazon S3 supports in an ACL. For more information, see Access Control List
-// (ACL) Overview
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html). You specify
-// each grantee as a type=value pair, where the type is one of the following:
-//
-// * id
-// – if the value specified is the canonical user ID of an Amazon Web Services
-// account
-//
-// * uri – if you are granting permissions to a predefined group
-//
-// *
-// emailAddress – if the value specified is the email address of an Amazon Web
-// Services account Using email addresses to specify a grantee is only supported in
-// the following Amazon Web Services Regions:
-//
-// * US East (N. Virginia)
-//
-// * US West
-// (N. California)
-//
-// * US West (Oregon)
-//
-// * Asia Pacific (Singapore)
-//
-// * Asia Pacific
-// (Sydney)
-//
-// * Asia Pacific (Tokyo)
-//
-// * Europe (Ireland)
-//
-// * South America (São
-// Paulo)
-//
-// For a list of all the Amazon S3 supported Regions and endpoints, see
-// Regions and Endpoints
-// (https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region) in the
-// Amazon Web Services General Reference.
-//
-// For example, the following
-// x-amz-grant-read header grants list objects permission to the two Amazon Web
-// Services accounts identified by their email addresses. x-amz-grant-read:
-// emailAddress="xyz@amazon.com", emailAddress="abc@amazon.com"
-//
-// You can use either
-// a canned ACL or specify access permissions explicitly. You cannot do both.
-// Grantee Values You can specify the person (grantee) to whom you're assigning
-// access rights (using request elements) in the following ways:
-//
-// * By the person's
-// ID: <>ID<><>GranteesEmail<>  DisplayName is optional and ignored in the
-// request.
-//
-// * By URI:
-// <>http://acs.amazonaws.com/groups/global/AuthenticatedUsers<>
-//
-// * By Email
-// address: <>Grantees@email.com<>lt;/Grantee> The grantee is resolved to the
-// CanonicalUser and, in a response to a GET Object acl request, appears as the
-// CanonicalUser. Using email addresses to specify a grantee is only supported in
-// the following Amazon Web Services Regions:
-//
-// * US East (N. Virginia)
-//
-// * US West
-// (N. California)
-//
-// * US West (Oregon)
-//
-// * Asia Pacific (Singapore)
-//
-// * Asia Pacific
-// (Sydney)
-//
-// * Asia Pacific (Tokyo)
-//
-// * Europe (Ireland)
-//
-// * South America (São
-// Paulo)
-//
-// For a list of all the Amazon S3 supported Regions and endpoints, see
-// Regions and Endpoints
-// (https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region) in the
-// Amazon Web Services General Reference.
-//
-// Versioning The ACL of an object is set
-// at the object version level. By default, PUT sets the ACL of the current version
-// of an object. To set the ACL of a different version, use the versionId
-// subresource. Related Resources
-//
-// * CopyObject
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html)
-//
-// *
-// GetObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html)
+// Versioning The ACL of an object is set at the object version level. By default,
+// PUT sets the ACL of the current version of an object. To set the ACL of a
+// different version, use the versionId subresource. The following operations are
+// related to PutObjectAcl :
+//   - CopyObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html)
+//   - GetObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html)
 func (c *Client) PutObjectAcl(ctx context.Context, params *PutObjectAclInput, optFns ...func(*Options)) (*PutObjectAclOutput, error) {
 	if params == nil {
 		params = &PutObjectAclInput{}
@@ -170,8 +123,7 @@ type PutObjectAclInput struct {
 	// AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this
 	// action with an access point through the Amazon Web Services SDKs, you provide
 	// the access point ARN in place of the bucket name. For more information about
-	// access point ARNs, see Using access points
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
+	// access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
 	// in the Amazon S3 User Guide.
 	//
 	// This member is required.
@@ -183,23 +135,21 @@ type PutObjectAclInput struct {
 	// AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this
 	// action with an access point through the Amazon Web Services SDKs, you provide
 	// the access point ARN in place of the bucket name. For more information about
-	// access point ARNs, see Using access points
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
-	// in the Amazon S3 User Guide. When using this action with Amazon S3 on Outposts,
-	// you must direct requests to the S3 on Outposts hostname. The S3 on Outposts
-	// hostname takes the form
-	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When using
-	// this action with S3 on Outposts through the Amazon Web Services SDKs, you
-	// provide the Outposts bucket ARN in place of the bucket name. For more
-	// information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) in the
-	// Amazon S3 User Guide.
+	// access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
+	// in the Amazon S3 User Guide. When you use this action with Amazon S3 on
+	// Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on
+	// Outposts hostname takes the form
+	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com . When you
+	// use this action with S3 on Outposts through the Amazon Web Services SDKs, you
+	// provide the Outposts access point ARN in place of the bucket name. For more
+	// information about S3 on Outposts ARNs, see What is S3 on Outposts? (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
+	// in the Amazon S3 User Guide.
 	//
 	// This member is required.
 	Key *string
 
-	// The canned ACL to apply to the object. For more information, see Canned ACL
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL).
+	// The canned ACL to apply to the object. For more information, see Canned ACL (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL)
+	// .
 	ACL types.ObjectCannedACL
 
 	// Contains the elements that set the ACL permissions for an object per grantee.
@@ -209,19 +159,17 @@ type PutObjectAclInput struct {
 	// the SDK. This header will not provide any additional functionality if not using
 	// the SDK. When sending this header, there must be a corresponding x-amz-checksum
 	// or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with the
-	// HTTP status code 400 Bad Request. For more information, see Checking object
-	// integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// HTTP status code 400 Bad Request . For more information, see Checking object
+	// integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
 	// in the Amazon S3 User Guide. If you provide an individual checksum, Amazon S3
 	// ignores any provided ChecksumAlgorithm parameter.
 	ChecksumAlgorithm types.ChecksumAlgorithm
 
-	// The base64-encoded 128-bit MD5 digest of the data. This header must be used as a
-	// message integrity check to verify that the request body was not corrupted in
-	// transit. For more information, go to RFC 1864.>
-	// (http://www.ietf.org/rfc/rfc1864.txt) For requests made using the Amazon Web
-	// Services Command Line Interface (CLI) or Amazon Web Services SDKs, this field is
-	// calculated automatically.
+	// The base64-encoded 128-bit MD5 digest of the data. This header must be used as
+	// a message integrity check to verify that the request body was not corrupted in
+	// transit. For more information, go to RFC 1864.> (http://www.ietf.org/rfc/rfc1864.txt)
+	// For requests made using the Amazon Web Services Command Line Interface (CLI) or
+	// Amazon Web Services SDKs, this field is calculated automatically.
 	ContentMD5 *string
 
 	// The account ID of the expected bucket owner. If the bucket is owned by a
@@ -237,8 +185,8 @@ type PutObjectAclInput struct {
 	// by Amazon S3 on Outposts.
 	GrantRead *string
 
-	// Allows grantee to read the bucket ACL. This action is not supported by Amazon S3
-	// on Outposts.
+	// Allows grantee to read the bucket ACL. This action is not supported by Amazon
+	// S3 on Outposts.
 	GrantReadACP *string
 
 	// Allows grantee to create new objects in the bucket. For the bucket and object
@@ -251,10 +199,11 @@ type PutObjectAclInput struct {
 	GrantWriteACP *string
 
 	// Confirms that the requester knows that they will be charged for the request.
-	// Bucket owners need not specify this parameter in their requests. For information
-	// about downloading objects from Requester Pays buckets, see Downloading Objects
-	// in Requester Pays Buckets
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
+	// Bucket owners need not specify this parameter in their requests. If either the
+	// source or destination Amazon S3 bucket has Requester Pays enabled, the requester
+	// will pay for corresponding charges to copy the object. For information about
+	// downloading objects from Requester Pays buckets, see Downloading Objects in
+	// Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
 	// in the Amazon S3 User Guide.
 	RequestPayer types.RequestPayer
 
@@ -285,6 +234,9 @@ func (c *Client) addOperationPutObjectAclMiddlewares(stack *middleware.Stack, op
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -312,7 +264,7 @@ func (c *Client) addOperationPutObjectAclMiddlewares(stack *middleware.Stack, op
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -324,6 +276,9 @@ func (c *Client) addOperationPutObjectAclMiddlewares(stack *middleware.Stack, op
 	if err = swapWithCustomHTTPSignerMiddleware(stack, options); err != nil {
 		return err
 	}
+	if err = addPutObjectAclResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpPutObjectAclValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -333,6 +288,9 @@ func (c *Client) addOperationPutObjectAclMiddlewares(stack *middleware.Stack, op
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addPutObjectAclInputChecksumMiddlewares(stack, options); err != nil {
 		return err
 	}
@@ -351,9 +309,22 @@ func (c *Client) addOperationPutObjectAclMiddlewares(stack *middleware.Stack, op
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
+	if err = addSerializeImmutableHostnameBucketMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
+func (v *PutObjectAclInput) bucket() (string, bool) {
+	if v.Bucket == nil {
+		return "", false
+	}
+	return *v.Bucket, true
+}
+
 func newServiceMetadataMiddleware_opPutObjectAcl(region string) *awsmiddleware.RegisterServiceMetadata {
 	return &awsmiddleware.RegisterServiceMetadata{
 		Region:        region,
@@ -408,3 +379,139 @@ func addPutObjectAclUpdateEndpoint(stack *middleware.Stack, options Options) err
 		DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
 	})
 }
+
+type opPutObjectAclResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opPutObjectAclResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opPutObjectAclResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	input, ok := in.Parameters.(*PutObjectAclInput)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	params.Bucket = input.Bucket
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "s3"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, internalauth.SigV4)
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "s3"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, v4Scheme.Name)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("s3")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			ctx = s3cust.SetSignerVersion(ctx, v4a.Version)
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addPutObjectAclResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opPutObjectAclResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:                         options.Region,
+			UseFIPS:                        options.EndpointOptions.UseFIPSEndpoint,
+			UseDualStack:                   options.EndpointOptions.UseDualStackEndpoint,
+			Endpoint:                       options.BaseEndpoint,
+			ForcePathStyle:                 options.UsePathStyle,
+			Accelerate:                     options.UseAccelerate,
+			DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
+			UseArnRegion:                   options.UseARNRegion,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutObjectLegalHold.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutObjectLegalHold.go
index b8004b598..d4d371df7 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutObjectLegalHold.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutObjectLegalHold.go
@@ -4,19 +4,24 @@ package s3
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	"github.com/aws/aws-sdk-go-v2/internal/v4a"
 	internalChecksum "github.com/aws/aws-sdk-go-v2/service/internal/checksum"
 	s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations"
 	"github.com/aws/aws-sdk-go-v2/service/s3/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
 
 // Applies a legal hold configuration to the specified object. For more
-// information, see Locking Objects
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html). This action
-// is not supported by Amazon S3 on Outposts.
+// information, see Locking Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html)
+// . This action is not supported by Amazon S3 on Outposts.
 func (c *Client) PutObjectLegalHold(ctx context.Context, params *PutObjectLegalHoldInput, optFns ...func(*Options)) (*PutObjectLegalHoldOutput, error) {
 	if params == nil {
 		params = &PutObjectLegalHoldInput{}
@@ -40,8 +45,7 @@ type PutObjectLegalHoldInput struct {
 	// AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this
 	// action with an access point through the Amazon Web Services SDKs, you provide
 	// the access point ARN in place of the bucket name. For more information about
-	// access point ARNs, see Using access points
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
+	// access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
 	// in the Amazon S3 User Guide.
 	//
 	// This member is required.
@@ -56,9 +60,8 @@ type PutObjectLegalHoldInput struct {
 	// the SDK. This header will not provide any additional functionality if not using
 	// the SDK. When sending this header, there must be a corresponding x-amz-checksum
 	// or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with the
-	// HTTP status code 400 Bad Request. For more information, see Checking object
-	// integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// HTTP status code 400 Bad Request . For more information, see Checking object
+	// integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
 	// in the Amazon S3 User Guide. If you provide an individual checksum, Amazon S3
 	// ignores any provided ChecksumAlgorithm parameter.
 	ChecksumAlgorithm types.ChecksumAlgorithm
@@ -78,10 +81,11 @@ type PutObjectLegalHoldInput struct {
 	LegalHold *types.ObjectLockLegalHold
 
 	// Confirms that the requester knows that they will be charged for the request.
-	// Bucket owners need not specify this parameter in their requests. For information
-	// about downloading objects from Requester Pays buckets, see Downloading Objects
-	// in Requester Pays Buckets
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
+	// Bucket owners need not specify this parameter in their requests. If either the
+	// source or destination Amazon S3 bucket has Requester Pays enabled, the requester
+	// will pay for corresponding charges to copy the object. For information about
+	// downloading objects from Requester Pays buckets, see Downloading Objects in
+	// Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
 	// in the Amazon S3 User Guide.
 	RequestPayer types.RequestPayer
 
@@ -112,6 +116,9 @@ func (c *Client) addOperationPutObjectLegalHoldMiddlewares(stack *middleware.Sta
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -139,7 +146,7 @@ func (c *Client) addOperationPutObjectLegalHoldMiddlewares(stack *middleware.Sta
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -151,6 +158,9 @@ func (c *Client) addOperationPutObjectLegalHoldMiddlewares(stack *middleware.Sta
 	if err = swapWithCustomHTTPSignerMiddleware(stack, options); err != nil {
 		return err
 	}
+	if err = addPutObjectLegalHoldResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpPutObjectLegalHoldValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -160,6 +170,9 @@ func (c *Client) addOperationPutObjectLegalHoldMiddlewares(stack *middleware.Sta
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addPutObjectLegalHoldInputChecksumMiddlewares(stack, options); err != nil {
 		return err
 	}
@@ -178,9 +191,22 @@ func (c *Client) addOperationPutObjectLegalHoldMiddlewares(stack *middleware.Sta
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
+	if err = addSerializeImmutableHostnameBucketMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
+func (v *PutObjectLegalHoldInput) bucket() (string, bool) {
+	if v.Bucket == nil {
+		return "", false
+	}
+	return *v.Bucket, true
+}
+
 func newServiceMetadataMiddleware_opPutObjectLegalHold(region string) *awsmiddleware.RegisterServiceMetadata {
 	return &awsmiddleware.RegisterServiceMetadata{
 		Region:        region,
@@ -235,3 +261,139 @@ func addPutObjectLegalHoldUpdateEndpoint(stack *middleware.Stack, options Option
 		DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
 	})
 }
+
+type opPutObjectLegalHoldResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opPutObjectLegalHoldResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opPutObjectLegalHoldResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	input, ok := in.Parameters.(*PutObjectLegalHoldInput)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	params.Bucket = input.Bucket
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "s3"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, internalauth.SigV4)
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "s3"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, v4Scheme.Name)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("s3")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			ctx = s3cust.SetSignerVersion(ctx, v4a.Version)
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addPutObjectLegalHoldResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opPutObjectLegalHoldResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:                         options.Region,
+			UseFIPS:                        options.EndpointOptions.UseFIPSEndpoint,
+			UseDualStack:                   options.EndpointOptions.UseDualStackEndpoint,
+			Endpoint:                       options.BaseEndpoint,
+			ForcePathStyle:                 options.UsePathStyle,
+			Accelerate:                     options.UseAccelerate,
+			DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
+			UseArnRegion:                   options.UseARNRegion,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutObjectLockConfiguration.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutObjectLockConfiguration.go
index 9740967a7..5b4a897e5 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutObjectLockConfiguration.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutObjectLockConfiguration.go
@@ -4,30 +4,30 @@ package s3
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	"github.com/aws/aws-sdk-go-v2/internal/v4a"
 	internalChecksum "github.com/aws/aws-sdk-go-v2/service/internal/checksum"
 	s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations"
 	"github.com/aws/aws-sdk-go-v2/service/s3/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
 
 // Places an Object Lock configuration on the specified bucket. The rule specified
 // in the Object Lock configuration will be applied by default to every new object
-// placed in the specified bucket. For more information, see Locking Objects
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html).
-//
-// * The
-// DefaultRetention settings require both a mode and a period.
-//
-// * The
-// DefaultRetention period can be either Days or Years but you must select one. You
-// cannot specify Days and Years at the same time.
-//
-// * You can only enable Object
-// Lock for new buckets. If you want to turn on Object Lock for an existing bucket,
-// contact Amazon Web Services Support.
+// placed in the specified bucket. For more information, see Locking Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html)
+// .
+//   - The DefaultRetention settings require both a mode and a period.
+//   - The DefaultRetention period can be either Days or Years but you must select
+//     one. You cannot specify Days and Years at the same time.
+//   - You can only enable Object Lock for new buckets. If you want to turn on
+//     Object Lock for an existing bucket, contact Amazon Web Services Support.
 func (c *Client) PutObjectLockConfiguration(ctx context.Context, params *PutObjectLockConfigurationInput, optFns ...func(*Options)) (*PutObjectLockConfigurationOutput, error) {
 	if params == nil {
 		params = &PutObjectLockConfigurationInput{}
@@ -54,9 +54,8 @@ type PutObjectLockConfigurationInput struct {
 	// the SDK. This header will not provide any additional functionality if not using
 	// the SDK. When sending this header, there must be a corresponding x-amz-checksum
 	// or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with the
-	// HTTP status code 400 Bad Request. For more information, see Checking object
-	// integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// HTTP status code 400 Bad Request . For more information, see Checking object
+	// integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
 	// in the Amazon S3 User Guide. If you provide an individual checksum, Amazon S3
 	// ignores any provided ChecksumAlgorithm parameter.
 	ChecksumAlgorithm types.ChecksumAlgorithm
@@ -75,10 +74,11 @@ type PutObjectLockConfigurationInput struct {
 	ObjectLockConfiguration *types.ObjectLockConfiguration
 
 	// Confirms that the requester knows that they will be charged for the request.
-	// Bucket owners need not specify this parameter in their requests. For information
-	// about downloading objects from Requester Pays buckets, see Downloading Objects
-	// in Requester Pays Buckets
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
+	// Bucket owners need not specify this parameter in their requests. If either the
+	// source or destination Amazon S3 bucket has Requester Pays enabled, the requester
+	// will pay for corresponding charges to copy the object. For information about
+	// downloading objects from Requester Pays buckets, see Downloading Objects in
+	// Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
 	// in the Amazon S3 User Guide.
 	RequestPayer types.RequestPayer
 
@@ -109,6 +109,9 @@ func (c *Client) addOperationPutObjectLockConfigurationMiddlewares(stack *middle
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -136,7 +139,7 @@ func (c *Client) addOperationPutObjectLockConfigurationMiddlewares(stack *middle
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -148,6 +151,9 @@ func (c *Client) addOperationPutObjectLockConfigurationMiddlewares(stack *middle
 	if err = swapWithCustomHTTPSignerMiddleware(stack, options); err != nil {
 		return err
 	}
+	if err = addPutObjectLockConfigurationResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpPutObjectLockConfigurationValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -157,6 +163,9 @@ func (c *Client) addOperationPutObjectLockConfigurationMiddlewares(stack *middle
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addPutObjectLockConfigurationInputChecksumMiddlewares(stack, options); err != nil {
 		return err
 	}
@@ -175,9 +184,22 @@ func (c *Client) addOperationPutObjectLockConfigurationMiddlewares(stack *middle
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
+	if err = addSerializeImmutableHostnameBucketMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
+func (v *PutObjectLockConfigurationInput) bucket() (string, bool) {
+	if v.Bucket == nil {
+		return "", false
+	}
+	return *v.Bucket, true
+}
+
 func newServiceMetadataMiddleware_opPutObjectLockConfiguration(region string) *awsmiddleware.RegisterServiceMetadata {
 	return &awsmiddleware.RegisterServiceMetadata{
 		Region:        region,
@@ -207,9 +229,9 @@ func addPutObjectLockConfigurationInputChecksumMiddlewares(stack *middleware.Sta
 	})
 }
 
-// getPutObjectLockConfigurationBucketMember returns a pointer to string denoting a
-// provided bucket member valueand a boolean indicating if the input has a modeled
-// bucket name,
+// getPutObjectLockConfigurationBucketMember returns a pointer to string denoting
+// a provided bucket member valueand a boolean indicating if the input has a
+// modeled bucket name,
 func getPutObjectLockConfigurationBucketMember(input interface{}) (*string, bool) {
 	in := input.(*PutObjectLockConfigurationInput)
 	if in.Bucket == nil {
@@ -232,3 +254,139 @@ func addPutObjectLockConfigurationUpdateEndpoint(stack *middleware.Stack, option
 		DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
 	})
 }
+
+type opPutObjectLockConfigurationResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opPutObjectLockConfigurationResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opPutObjectLockConfigurationResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	input, ok := in.Parameters.(*PutObjectLockConfigurationInput)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	params.Bucket = input.Bucket
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "s3"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, internalauth.SigV4)
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "s3"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, v4Scheme.Name)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("s3")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			ctx = s3cust.SetSignerVersion(ctx, v4a.Version)
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addPutObjectLockConfigurationResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opPutObjectLockConfigurationResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:                         options.Region,
+			UseFIPS:                        options.EndpointOptions.UseFIPSEndpoint,
+			UseDualStack:                   options.EndpointOptions.UseDualStackEndpoint,
+			Endpoint:                       options.BaseEndpoint,
+			ForcePathStyle:                 options.UsePathStyle,
+			Accelerate:                     options.UseAccelerate,
+			DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
+			UseArnRegion:                   options.UseARNRegion,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutObjectRetention.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutObjectRetention.go
index c4918f3cb..95176ea69 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutObjectRetention.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutObjectRetention.go
@@ -4,22 +4,27 @@ package s3
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	"github.com/aws/aws-sdk-go-v2/internal/v4a"
 	internalChecksum "github.com/aws/aws-sdk-go-v2/service/internal/checksum"
 	s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations"
 	"github.com/aws/aws-sdk-go-v2/service/s3/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
 
-// Places an Object Retention configuration on an object. For more information, see
-// Locking Objects
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html). Users or
-// accounts require the s3:PutObjectRetention permission in order to place an
-// Object Retention configuration on objects. Bypassing a Governance Retention
-// configuration requires the s3:BypassGovernanceRetention permission. This action
-// is not supported by Amazon S3 on Outposts.
+// Places an Object Retention configuration on an object. For more information,
+// see Locking Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html)
+// . Users or accounts require the s3:PutObjectRetention permission in order to
+// place an Object Retention configuration on objects. Bypassing a Governance
+// Retention configuration requires the s3:BypassGovernanceRetention permission.
+// This action is not supported by Amazon S3 on Outposts.
 func (c *Client) PutObjectRetention(ctx context.Context, params *PutObjectRetentionInput, optFns ...func(*Options)) (*PutObjectRetentionOutput, error) {
 	if params == nil {
 		params = &PutObjectRetentionInput{}
@@ -37,14 +42,13 @@ func (c *Client) PutObjectRetention(ctx context.Context, params *PutObjectRetent
 
 type PutObjectRetentionInput struct {
 
-	// The bucket name that contains the object you want to apply this Object Retention
-	// configuration to. When using this action with an access point, you must direct
-	// requests to the access point hostname. The access point hostname takes the form
-	// AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this
-	// action with an access point through the Amazon Web Services SDKs, you provide
-	// the access point ARN in place of the bucket name. For more information about
-	// access point ARNs, see Using access points
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
+	// The bucket name that contains the object you want to apply this Object
+	// Retention configuration to. When using this action with an access point, you
+	// must direct requests to the access point hostname. The access point hostname
+	// takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com.
+	// When using this action with an access point through the Amazon Web Services
+	// SDKs, you provide the access point ARN in place of the bucket name. For more
+	// information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
 	// in the Amazon S3 User Guide.
 	//
 	// This member is required.
@@ -63,9 +67,8 @@ type PutObjectRetentionInput struct {
 	// the SDK. This header will not provide any additional functionality if not using
 	// the SDK. When sending this header, there must be a corresponding x-amz-checksum
 	// or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with the
-	// HTTP status code 400 Bad Request. For more information, see Checking object
-	// integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// HTTP status code 400 Bad Request . For more information, see Checking object
+	// integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
 	// in the Amazon S3 User Guide. If you provide an individual checksum, Amazon S3
 	// ignores any provided ChecksumAlgorithm parameter.
 	ChecksumAlgorithm types.ChecksumAlgorithm
@@ -81,10 +84,11 @@ type PutObjectRetentionInput struct {
 	ExpectedBucketOwner *string
 
 	// Confirms that the requester knows that they will be charged for the request.
-	// Bucket owners need not specify this parameter in their requests. For information
-	// about downloading objects from Requester Pays buckets, see Downloading Objects
-	// in Requester Pays Buckets
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
+	// Bucket owners need not specify this parameter in their requests. If either the
+	// source or destination Amazon S3 bucket has Requester Pays enabled, the requester
+	// will pay for corresponding charges to copy the object. For information about
+	// downloading objects from Requester Pays buckets, see Downloading Objects in
+	// Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
 	// in the Amazon S3 User Guide.
 	RequestPayer types.RequestPayer
 
@@ -119,6 +123,9 @@ func (c *Client) addOperationPutObjectRetentionMiddlewares(stack *middleware.Sta
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -146,7 +153,7 @@ func (c *Client) addOperationPutObjectRetentionMiddlewares(stack *middleware.Sta
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -158,6 +165,9 @@ func (c *Client) addOperationPutObjectRetentionMiddlewares(stack *middleware.Sta
 	if err = swapWithCustomHTTPSignerMiddleware(stack, options); err != nil {
 		return err
 	}
+	if err = addPutObjectRetentionResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpPutObjectRetentionValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -167,6 +177,9 @@ func (c *Client) addOperationPutObjectRetentionMiddlewares(stack *middleware.Sta
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addPutObjectRetentionInputChecksumMiddlewares(stack, options); err != nil {
 		return err
 	}
@@ -185,9 +198,22 @@ func (c *Client) addOperationPutObjectRetentionMiddlewares(stack *middleware.Sta
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
+	if err = addSerializeImmutableHostnameBucketMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
+func (v *PutObjectRetentionInput) bucket() (string, bool) {
+	if v.Bucket == nil {
+		return "", false
+	}
+	return *v.Bucket, true
+}
+
 func newServiceMetadataMiddleware_opPutObjectRetention(region string) *awsmiddleware.RegisterServiceMetadata {
 	return &awsmiddleware.RegisterServiceMetadata{
 		Region:        region,
@@ -242,3 +268,139 @@ func addPutObjectRetentionUpdateEndpoint(stack *middleware.Stack, options Option
 		DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
 	})
 }
+
+type opPutObjectRetentionResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opPutObjectRetentionResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opPutObjectRetentionResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	input, ok := in.Parameters.(*PutObjectRetentionInput)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	params.Bucket = input.Bucket
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "s3"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, internalauth.SigV4)
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "s3"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, v4Scheme.Name)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("s3")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			ctx = s3cust.SetSignerVersion(ctx, v4a.Version)
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addPutObjectRetentionResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opPutObjectRetentionResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:                         options.Region,
+			UseFIPS:                        options.EndpointOptions.UseFIPSEndpoint,
+			UseDualStack:                   options.EndpointOptions.UseDualStackEndpoint,
+			Endpoint:                       options.BaseEndpoint,
+			ForcePathStyle:                 options.UsePathStyle,
+			Accelerate:                     options.UseAccelerate,
+			DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
+			UseArnRegion:                   options.UseARNRegion,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutObjectTagging.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutObjectTagging.go
index 43effb9eb..e9785b934 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutObjectTagging.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutObjectTagging.go
@@ -4,65 +4,49 @@ package s3
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	"github.com/aws/aws-sdk-go-v2/internal/v4a"
 	internalChecksum "github.com/aws/aws-sdk-go-v2/service/internal/checksum"
 	s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations"
 	"github.com/aws/aws-sdk-go-v2/service/s3/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
 
-// Sets the supplied tag-set to an object that already exists in a bucket. A tag is
-// a key-value pair. You can associate tags with an object by sending a PUT request
-// against the tagging subresource that is associated with the object. You can
-// retrieve tags by sending a GET request. For more information, see
-// GetObjectTagging
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectTagging.html). For
-// tagging-related restrictions related to characters and encodings, see Tag
-// Restrictions
-// (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/allocation-tag-restrictions.html).
-// Note that Amazon S3 limits the maximum number of tags to 10 tags per object. To
-// use this operation, you must have permission to perform the s3:PutObjectTagging
-// action. By default, the bucket owner has this permission and can grant this
-// permission to others. To put tags of any other version, use the versionId query
-// parameter. You also need permission for the s3:PutObjectVersionTagging action.
-// For information about the Amazon S3 object tagging feature, see Object Tagging
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-tagging.html). Special
-// Errors
+// Sets the supplied tag-set to an object that already exists in a bucket. A tag
+// is a key-value pair. For more information, see Object Tagging (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-tagging.html)
+// . You can associate tags with an object by sending a PUT request against the
+// tagging subresource that is associated with the object. You can retrieve tags by
+// sending a GET request. For more information, see GetObjectTagging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectTagging.html)
+// . For tagging-related restrictions related to characters and encodings, see Tag
+// Restrictions (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/allocation-tag-restrictions.html)
+// . Note that Amazon S3 limits the maximum number of tags to 10 tags per object.
+// To use this operation, you must have permission to perform the
+// s3:PutObjectTagging action. By default, the bucket owner has this permission and
+// can grant this permission to others. To put tags of any other version, use the
+// versionId query parameter. You also need permission for the
+// s3:PutObjectVersionTagging action. PutObjectTagging has the following special
+// errors. For more Amazon S3 errors see, Error Responses (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html)
+// .
+//   - InvalidTag - The tag provided was not a valid tag. This error can occur if
+//     the tag did not pass input validation. For more information, see Object
+//     Tagging (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-tagging.html)
+//     .
+//   - MalformedXML - The XML provided does not match the schema.
+//   - OperationAborted - A conflicting conditional action is currently in progress
+//     against this resource. Please try again.
+//   - InternalError - The service was unable to apply the provided tag to the
+//     object.
 //
-// * Code: InvalidTagError
-//
-// * Cause: The tag provided was not a valid tag.
-// This error can occur if the tag did not pass input validation. For more
-// information, see Object Tagging
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-tagging.html).
-//
-// * Code:
-// MalformedXMLError
-//
-// * Cause: The XML provided does not match the schema.
-//
-// * Code:
-// OperationAbortedError
-//
-// * Cause: A conflicting conditional action is currently in
-// progress against this resource. Please try again.
-//
-// * Code: InternalError
-//
-// *
-// Cause: The service was unable to apply the provided tag to the object.
-//
-// Related
-// Resources
-//
-// * GetObjectTagging
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectTagging.html)
-//
-// *
-// DeleteObjectTagging
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObjectTagging.html)
+// The following operations are related to PutObjectTagging :
+//   - GetObjectTagging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectTagging.html)
+//   - DeleteObjectTagging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObjectTagging.html)
 func (c *Client) PutObjectTagging(ctx context.Context, params *PutObjectTaggingInput, optFns ...func(*Options)) (*PutObjectTaggingOutput, error) {
 	if params == nil {
 		params = &PutObjectTaggingInput{}
@@ -86,17 +70,15 @@ type PutObjectTaggingInput struct {
 	// AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this
 	// action with an access point through the Amazon Web Services SDKs, you provide
 	// the access point ARN in place of the bucket name. For more information about
-	// access point ARNs, see Using access points
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
-	// in the Amazon S3 User Guide. When using this action with Amazon S3 on Outposts,
-	// you must direct requests to the S3 on Outposts hostname. The S3 on Outposts
-	// hostname takes the form
-	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When using
-	// this action with S3 on Outposts through the Amazon Web Services SDKs, you
-	// provide the Outposts bucket ARN in place of the bucket name. For more
-	// information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) in the
-	// Amazon S3 User Guide.
+	// access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
+	// in the Amazon S3 User Guide. When you use this action with Amazon S3 on
+	// Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on
+	// Outposts hostname takes the form
+	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com . When you
+	// use this action with S3 on Outposts through the Amazon Web Services SDKs, you
+	// provide the Outposts access point ARN in place of the bucket name. For more
+	// information about S3 on Outposts ARNs, see What is S3 on Outposts? (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
+	// in the Amazon S3 User Guide.
 	//
 	// This member is required.
 	Bucket *string
@@ -115,9 +97,8 @@ type PutObjectTaggingInput struct {
 	// the SDK. This header will not provide any additional functionality if not using
 	// the SDK. When sending this header, there must be a corresponding x-amz-checksum
 	// or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with the
-	// HTTP status code 400 Bad Request. For more information, see Checking object
-	// integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// HTTP status code 400 Bad Request . For more information, see Checking object
+	// integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
 	// in the Amazon S3 User Guide. If you provide an individual checksum, Amazon S3
 	// ignores any provided ChecksumAlgorithm parameter.
 	ChecksumAlgorithm types.ChecksumAlgorithm
@@ -133,10 +114,11 @@ type PutObjectTaggingInput struct {
 	ExpectedBucketOwner *string
 
 	// Confirms that the requester knows that they will be charged for the request.
-	// Bucket owners need not specify this parameter in their requests. For information
-	// about downloading objects from Requester Pays buckets, see Downloading Objects
-	// in Requester Pays Buckets
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
+	// Bucket owners need not specify this parameter in their requests. If either the
+	// source or destination Amazon S3 bucket has Requester Pays enabled, the requester
+	// will pay for corresponding charges to copy the object. For information about
+	// downloading objects from Requester Pays buckets, see Downloading Objects in
+	// Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
 	// in the Amazon S3 User Guide.
 	RequestPayer types.RequestPayer
 
@@ -166,6 +148,9 @@ func (c *Client) addOperationPutObjectTaggingMiddlewares(stack *middleware.Stack
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -193,7 +178,7 @@ func (c *Client) addOperationPutObjectTaggingMiddlewares(stack *middleware.Stack
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -205,6 +190,9 @@ func (c *Client) addOperationPutObjectTaggingMiddlewares(stack *middleware.Stack
 	if err = swapWithCustomHTTPSignerMiddleware(stack, options); err != nil {
 		return err
 	}
+	if err = addPutObjectTaggingResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpPutObjectTaggingValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -214,6 +202,9 @@ func (c *Client) addOperationPutObjectTaggingMiddlewares(stack *middleware.Stack
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addPutObjectTaggingInputChecksumMiddlewares(stack, options); err != nil {
 		return err
 	}
@@ -232,9 +223,22 @@ func (c *Client) addOperationPutObjectTaggingMiddlewares(stack *middleware.Stack
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
+	if err = addSerializeImmutableHostnameBucketMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
+func (v *PutObjectTaggingInput) bucket() (string, bool) {
+	if v.Bucket == nil {
+		return "", false
+	}
+	return *v.Bucket, true
+}
+
 func newServiceMetadataMiddleware_opPutObjectTagging(region string) *awsmiddleware.RegisterServiceMetadata {
 	return &awsmiddleware.RegisterServiceMetadata{
 		Region:        region,
@@ -289,3 +293,139 @@ func addPutObjectTaggingUpdateEndpoint(stack *middleware.Stack, options Options)
 		DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
 	})
 }
+
+type opPutObjectTaggingResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opPutObjectTaggingResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opPutObjectTaggingResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	input, ok := in.Parameters.(*PutObjectTaggingInput)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	params.Bucket = input.Bucket
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "s3"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, internalauth.SigV4)
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "s3"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, v4Scheme.Name)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("s3")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			ctx = s3cust.SetSignerVersion(ctx, v4a.Version)
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addPutObjectTaggingResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opPutObjectTaggingResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:                         options.Region,
+			UseFIPS:                        options.EndpointOptions.UseFIPSEndpoint,
+			UseDualStack:                   options.EndpointOptions.UseDualStackEndpoint,
+			Endpoint:                       options.BaseEndpoint,
+			ForcePathStyle:                 options.UsePathStyle,
+			Accelerate:                     options.UseAccelerate,
+			DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
+			UseArnRegion:                   options.UseARNRegion,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutPublicAccessBlock.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutPublicAccessBlock.go
index 922102b58..8aa349c74 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutPublicAccessBlock.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutPublicAccessBlock.go
@@ -4,44 +4,37 @@ package s3
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	"github.com/aws/aws-sdk-go-v2/internal/v4a"
 	internalChecksum "github.com/aws/aws-sdk-go-v2/service/internal/checksum"
 	s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations"
 	"github.com/aws/aws-sdk-go-v2/service/s3/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
 
-// Creates or modifies the PublicAccessBlock configuration for an Amazon S3 bucket.
-// To use this operation, you must have the s3:PutBucketPublicAccessBlock
+// Creates or modifies the PublicAccessBlock configuration for an Amazon S3
+// bucket. To use this operation, you must have the s3:PutBucketPublicAccessBlock
 // permission. For more information about Amazon S3 permissions, see Specifying
-// Permissions in a Policy
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html).
-// When Amazon S3 evaluates the PublicAccessBlock configuration for a bucket or an
-// object, it checks the PublicAccessBlock configuration for both the bucket (or
-// the bucket that contains the object) and the bucket owner's account. If the
+// Permissions in a Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html)
+// . When Amazon S3 evaluates the PublicAccessBlock configuration for a bucket or
+// an object, it checks the PublicAccessBlock configuration for both the bucket
+// (or the bucket that contains the object) and the bucket owner's account. If the
 // PublicAccessBlock configurations are different between the bucket and the
-// account, Amazon S3 uses the most restrictive combination of the bucket-level and
+// account, S3 uses the most restrictive combination of the bucket-level and
 // account-level settings. For more information about when Amazon S3 considers a
-// bucket or an object public, see The Meaning of "Public"
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html#access-control-block-public-access-policy-status).
-// Related Resources
-//
-// * GetPublicAccessBlock
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetPublicAccessBlock.html)
-//
-// *
-// DeletePublicAccessBlock
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeletePublicAccessBlock.html)
-//
-// *
-// GetBucketPolicyStatus
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketPolicyStatus.html)
-//
-// *
-// Using Amazon S3 Block Public Access
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html)
+// bucket or an object public, see The Meaning of "Public" (https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html#access-control-block-public-access-policy-status)
+// . The following operations are related to PutPublicAccessBlock :
+//   - GetPublicAccessBlock (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetPublicAccessBlock.html)
+//   - DeletePublicAccessBlock (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeletePublicAccessBlock.html)
+//   - GetBucketPolicyStatus (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketPolicyStatus.html)
+//   - Using Amazon S3 Block Public Access (https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html)
 func (c *Client) PutPublicAccessBlock(ctx context.Context, params *PutPublicAccessBlockInput, optFns ...func(*Options)) (*PutPublicAccessBlockOutput, error) {
 	if params == nil {
 		params = &PutPublicAccessBlockInput{}
@@ -68,8 +61,7 @@ type PutPublicAccessBlockInput struct {
 	// The PublicAccessBlock configuration that you want to apply to this Amazon S3
 	// bucket. You can enable the configuration options in any combination. For more
 	// information about when Amazon S3 considers a bucket or object public, see The
-	// Meaning of "Public"
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html#access-control-block-public-access-policy-status)
+	// Meaning of "Public" (https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html#access-control-block-public-access-policy-status)
 	// in the Amazon S3 User Guide.
 	//
 	// This member is required.
@@ -79,9 +71,8 @@ type PutPublicAccessBlockInput struct {
 	// the SDK. This header will not provide any additional functionality if not using
 	// the SDK. When sending this header, there must be a corresponding x-amz-checksum
 	// or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with the
-	// HTTP status code 400 Bad Request. For more information, see Checking object
-	// integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// HTTP status code 400 Bad Request . For more information, see Checking object
+	// integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
 	// in the Amazon S3 User Guide. If you provide an individual checksum, Amazon S3
 	// ignores any provided ChecksumAlgorithm parameter.
 	ChecksumAlgorithm types.ChecksumAlgorithm
@@ -115,6 +106,9 @@ func (c *Client) addOperationPutPublicAccessBlockMiddlewares(stack *middleware.S
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -142,7 +136,7 @@ func (c *Client) addOperationPutPublicAccessBlockMiddlewares(stack *middleware.S
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -154,6 +148,9 @@ func (c *Client) addOperationPutPublicAccessBlockMiddlewares(stack *middleware.S
 	if err = swapWithCustomHTTPSignerMiddleware(stack, options); err != nil {
 		return err
 	}
+	if err = addPutPublicAccessBlockResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpPutPublicAccessBlockValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -163,6 +160,9 @@ func (c *Client) addOperationPutPublicAccessBlockMiddlewares(stack *middleware.S
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addPutPublicAccessBlockInputChecksumMiddlewares(stack, options); err != nil {
 		return err
 	}
@@ -181,9 +181,22 @@ func (c *Client) addOperationPutPublicAccessBlockMiddlewares(stack *middleware.S
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
+	if err = addSerializeImmutableHostnameBucketMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
+func (v *PutPublicAccessBlockInput) bucket() (string, bool) {
+	if v.Bucket == nil {
+		return "", false
+	}
+	return *v.Bucket, true
+}
+
 func newServiceMetadataMiddleware_opPutPublicAccessBlock(region string) *awsmiddleware.RegisterServiceMetadata {
 	return &awsmiddleware.RegisterServiceMetadata{
 		Region:        region,
@@ -238,3 +251,139 @@ func addPutPublicAccessBlockUpdateEndpoint(stack *middleware.Stack, options Opti
 		DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
 	})
 }
+
+type opPutPublicAccessBlockResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opPutPublicAccessBlockResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opPutPublicAccessBlockResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	input, ok := in.Parameters.(*PutPublicAccessBlockInput)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	params.Bucket = input.Bucket
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "s3"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, internalauth.SigV4)
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "s3"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, v4Scheme.Name)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("s3")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			ctx = s3cust.SetSignerVersion(ctx, v4a.Version)
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addPutPublicAccessBlockResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opPutPublicAccessBlockResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:                         options.Region,
+			UseFIPS:                        options.EndpointOptions.UseFIPSEndpoint,
+			UseDualStack:                   options.EndpointOptions.UseDualStackEndpoint,
+			Endpoint:                       options.BaseEndpoint,
+			ForcePathStyle:                 options.UsePathStyle,
+			Accelerate:                     options.UseAccelerate,
+			DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
+			UseArnRegion:                   options.UseARNRegion,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_RestoreObject.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_RestoreObject.go
index 45a2aee6a..0ccf96b3f 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_RestoreObject.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_RestoreObject.go
@@ -4,11 +4,17 @@ package s3
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	"github.com/aws/aws-sdk-go-v2/internal/v4a"
 	internalChecksum "github.com/aws/aws-sdk-go-v2/service/internal/checksum"
 	s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations"
 	"github.com/aws/aws-sdk-go-v2/service/s3/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -16,221 +22,151 @@ import (
 // Restores an archived copy of an object back into Amazon S3 This action is not
 // supported by Amazon S3 on Outposts. This action performs the following types of
 // requests:
+//   - select - Perform a select query on an archived object
+//   - restore an archive - Restore an archived object
 //
-// * select - Perform a select query on an archived object
-//
-// * restore an
-// archive - Restore an archived object
-//
-// To use this operation, you must have
-// permissions to perform the s3:RestoreObject action. The bucket owner has this
-// permission by default and can grant this permission to others. For more
-// information about permissions, see Permissions Related to Bucket Subresource
-// Operations
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
-// and Managing Access Permissions to Your Amazon S3 Resources
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html)
-// in the Amazon S3 User Guide. Querying Archives with Select Requests You use a
-// select type of request to perform SQL queries on archived objects. The archived
-// objects that are being queried by the select request must be formatted as
-// uncompressed comma-separated values (CSV) files. You can run queries and custom
-// analytics on your archived data without having to restore your data to a hotter
-// Amazon S3 tier. For an overview about select requests, see Querying Archived
-// Objects
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/querying-glacier-archives.html)
-// in the Amazon S3 User Guide. When making a select request, do the following:
-//
-// *
-// Define an output location for the select query's output. This must be an Amazon
-// S3 bucket in the same Amazon Web Services Region as the bucket that contains the
-// archive object that is being queried. The Amazon Web Services account that
-// initiates the job must have permissions to write to the S3 bucket. You can
-// specify the storage class and encryption for the output objects stored in the
-// bucket. For more information about output, see Querying Archived Objects
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/querying-glacier-archives.html)
-// in the Amazon S3 User Guide. For more information about the S3 structure in the
-// request body, see the following:
-//
-// * PutObject
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html)
-//
-// * Managing
-// Access with ACLs
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/S3_ACLs_UsingACLs.html) in the
-// Amazon S3 User Guide
-//
-// * Protecting Data Using Server-Side Encryption
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html) in
-// the Amazon S3 User Guide
-//
-// * Define the SQL expression for the SELECT type of
-// restoration for your query in the request body's SelectParameters structure. You
-// can use expressions like the following examples.
-//
-// * The following expression
-// returns all records from the specified object. SELECT * FROM Object
-//
-// * Assuming
-// that you are not using any headers for data stored in the object, you can
-// specify columns with positional headers. SELECT s._1, s._2 FROM Object s WHERE
-// s._3 > 100
-//
-// * If you have headers and you set the fileHeaderInfo in the CSV
-// structure in the request body to USE, you can specify headers in the query. (If
-// you set the fileHeaderInfo field to IGNORE, the first row is skipped for the
-// query.) You cannot mix ordinal positions with header column names. SELECT s.Id,
-// s.FirstName, s.SSN FROM S3Object s
-//
-// For more information about using SQL with S3
-// Glacier Select restore, see SQL Reference for Amazon S3 Select and S3 Glacier
-// Select
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-glacier-select-sql-reference.html)
-// in the Amazon S3 User Guide. When making a select request, you can also do the
+// For more information about the S3 structure in the request body, see the
 // following:
-//
-// * To expedite your queries, specify the Expedited tier. For more
-// information about tiers, see "Restoring Archives," later in this topic.
-//
-// *
-// Specify details about the data serialization format of both the input object
-// that is being queried and the serialization of the CSV-encoded query
-// results.
-//
-// The following are additional important facts about the select
-// feature:
-//
-// * The output results are new Amazon S3 objects. Unlike archive
-// retrievals, they are stored until explicitly deleted-manually or through a
-// lifecycle policy.
-//
-// * You can issue more than one select request on the same
-// Amazon S3 object. Amazon S3 doesn't deduplicate requests, so avoid issuing
-// duplicate requests.
-//
-// * Amazon S3 accepts a select request even if the object has
-// already been restored. A select request doesn’t return error response
-// 409.
-//
-// Restoring objects Objects that you archive to the S3 Glacier or S3 Glacier
-// Deep Archive storage class, and S3 Intelligent-Tiering Archive or S3
-// Intelligent-Tiering Deep Archive tiers are not accessible in real time. For
-// objects in Archive Access or Deep Archive Access tiers you must first initiate a
+//   - PutObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html)
+//   - Managing Access with ACLs (https://docs.aws.amazon.com/AmazonS3/latest/dev/S3_ACLs_UsingACLs.html)
+//     in the Amazon S3 User Guide
+//   - Protecting Data Using Server-Side Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html)
+//     in the Amazon S3 User Guide
+//
+// Define the SQL expression for the SELECT type of restoration for your query in
+// the request body's SelectParameters structure. You can use expressions like the
+// following examples.
+//   - The following expression returns all records from the specified object.
+//     SELECT * FROM Object
+//   - Assuming that you are not using any headers for data stored in the object,
+//     you can specify columns with positional headers. SELECT s._1, s._2 FROM
+//     Object s WHERE s._3 > 100
+//   - If you have headers and you set the fileHeaderInfo in the CSV structure in
+//     the request body to USE , you can specify headers in the query. (If you set
+//     the fileHeaderInfo field to IGNORE , the first row is skipped for the query.)
+//     You cannot mix ordinal positions with header column names. SELECT s.Id,
+//     s.FirstName, s.SSN FROM S3Object s
+//
+// When making a select request, you can also do the following:
+//   - To expedite your queries, specify the Expedited tier. For more information
+//     about tiers, see "Restoring Archives," later in this topic.
+//   - Specify details about the data serialization format of both the input
+//     object that is being queried and the serialization of the CSV-encoded query
+//     results.
+//
+// The following are additional important facts about the select feature:
+//   - The output results are new Amazon S3 objects. Unlike archive retrievals,
+//     they are stored until explicitly deleted-manually or through a lifecycle
+//     configuration.
+//   - You can issue more than one select request on the same Amazon S3 object.
+//     Amazon S3 doesn't duplicate requests, so avoid issuing duplicate requests.
+//   - Amazon S3 accepts a select request even if the object has already been
+//     restored. A select request doesn’t return error response 409 .
+//
+// Permissions To use this operation, you must have permissions to perform the
+// s3:RestoreObject action. The bucket owner has this permission by default and can
+// grant this permission to others. For more information about permissions, see
+// Permissions Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
+// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html)
+// in the Amazon S3 User Guide. Restoring objects Objects that you archive to the
+// S3 Glacier Flexible Retrieval Flexible Retrieval or S3 Glacier Deep Archive
+// storage class, and S3 Intelligent-Tiering Archive or S3 Intelligent-Tiering Deep
+// Archive tiers, are not accessible in real time. For objects in the S3 Glacier
+// Flexible Retrieval Flexible Retrieval or S3 Glacier Deep Archive storage
+// classes, you must first initiate a restore request, and then wait until a
+// temporary copy of the object is available. If you want a permanent copy of the
+// object, create a copy of it in the Amazon S3 Standard storage class in your S3
+// bucket. To access an archived object, you must restore the object for the
+// duration (number of days) that you specify. For objects in the Archive Access or
+// Deep Archive Access tiers of S3 Intelligent-Tiering, you must first initiate a
 // restore request, and then wait until the object is moved into the Frequent
-// Access tier. For objects in S3 Glacier or S3 Glacier Deep Archive storage
-// classes you must first initiate a restore request, and then wait until a
-// temporary copy of the object is available. To access an archived object, you
-// must restore the object for the duration (number of days) that you specify. To
-// restore a specific object version, you can provide a version ID. If you don't
-// provide a version ID, Amazon S3 restores the current version. When restoring an
-// archived object (or using a select request), you can specify one of the
-// following data access tier options in the Tier element of the request body:
-//
-// *
-// Expedited - Expedited retrievals allow you to quickly access your data stored in
-// the S3 Glacier storage class or S3 Intelligent-Tiering Archive tier when
-// occasional urgent requests for a subset of archives are required. For all but
-// the largest archived objects (250 MB+), data accessed using Expedited retrievals
-// is typically made available within 1–5 minutes. Provisioned capacity ensures
-// that retrieval capacity for Expedited retrievals is available when you need it.
-// Expedited retrievals and provisioned capacity are not available for objects
-// stored in the S3 Glacier Deep Archive storage class or S3 Intelligent-Tiering
-// Deep Archive tier.
-//
-// * Standard - Standard retrievals allow you to access any of
-// your archived objects within several hours. This is the default option for
-// retrieval requests that do not specify the retrieval option. Standard retrievals
-// typically finish within 3–5 hours for objects stored in the S3 Glacier storage
-// class or S3 Intelligent-Tiering Archive tier. They typically finish within 12
-// hours for objects stored in the S3 Glacier Deep Archive storage class or S3
-// Intelligent-Tiering Deep Archive tier. Standard retrievals are free for objects
-// stored in S3 Intelligent-Tiering.
-//
-// * Bulk - Bulk retrievals are the lowest-cost
-// retrieval option in S3 Glacier, enabling you to retrieve large amounts, even
-// petabytes, of data inexpensively. Bulk retrievals typically finish within 5–12
-// hours for objects stored in the S3 Glacier storage class or S3
-// Intelligent-Tiering Archive tier. They typically finish within 48 hours for
-// objects stored in the S3 Glacier Deep Archive storage class or S3
-// Intelligent-Tiering Deep Archive tier. Bulk retrievals are free for objects
-// stored in S3 Intelligent-Tiering.
-//
-// For more information about archive retrieval
-// options and provisioned capacity for Expedited data access, see Restoring
-// Archived Objects
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/restoring-objects.html) in the
-// Amazon S3 User Guide. You can use Amazon S3 restore speed upgrade to change the
-// restore speed to a faster speed while it is in progress. For more information,
-// see  Upgrading the speed of an in-progress restore
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/restoring-objects.html#restoring-objects-upgrade-tier.title.html)
+// Access tier. To restore a specific object version, you can provide a version ID.
+// If you don't provide a version ID, Amazon S3 restores the current version. When
+// restoring an archived object, you can specify one of the following data access
+// tier options in the Tier element of the request body:
+//   - Expedited - Expedited retrievals allow you to quickly access your data
+//     stored in the S3 Glacier Flexible Retrieval Flexible Retrieval storage class or
+//     S3 Intelligent-Tiering Archive tier when occasional urgent requests for
+//     restoring archives are required. For all but the largest archived objects (250
+//     MB+), data accessed using Expedited retrievals is typically made available
+//     within 1–5 minutes. Provisioned capacity ensures that retrieval capacity for
+//     Expedited retrievals is available when you need it. Expedited retrievals and
+//     provisioned capacity are not available for objects stored in the S3 Glacier Deep
+//     Archive storage class or S3 Intelligent-Tiering Deep Archive tier.
+//   - Standard - Standard retrievals allow you to access any of your archived
+//     objects within several hours. This is the default option for retrieval requests
+//     that do not specify the retrieval option. Standard retrievals typically finish
+//     within 3–5 hours for objects stored in the S3 Glacier Flexible Retrieval
+//     Flexible Retrieval storage class or S3 Intelligent-Tiering Archive tier. They
+//     typically finish within 12 hours for objects stored in the S3 Glacier Deep
+//     Archive storage class or S3 Intelligent-Tiering Deep Archive tier. Standard
+//     retrievals are free for objects stored in S3 Intelligent-Tiering.
+//   - Bulk - Bulk retrievals free for objects stored in the S3 Glacier Flexible
+//     Retrieval and S3 Intelligent-Tiering storage classes, enabling you to retrieve
+//     large amounts, even petabytes, of data at no cost. Bulk retrievals typically
+//     finish within 5–12 hours for objects stored in the S3 Glacier Flexible Retrieval
+//     Flexible Retrieval storage class or S3 Intelligent-Tiering Archive tier. Bulk
+//     retrievals are also the lowest-cost retrieval option when restoring objects from
+//     S3 Glacier Deep Archive. They typically finish within 48 hours for objects
+//     stored in the S3 Glacier Deep Archive storage class or S3 Intelligent-Tiering
+//     Deep Archive tier.
+//
+// For more information about archive retrieval options and provisioned capacity
+// for Expedited data access, see Restoring Archived Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/restoring-objects.html)
+// in the Amazon S3 User Guide. You can use Amazon S3 restore speed upgrade to
+// change the restore speed to a faster speed while it is in progress. For more
+// information, see Upgrading the speed of an in-progress restore (https://docs.aws.amazon.com/AmazonS3/latest/dev/restoring-objects.html#restoring-objects-upgrade-tier.title.html)
 // in the Amazon S3 User Guide. To get the status of object restoration, you can
 // send a HEAD request. Operations return the x-amz-restore header, which provides
 // information about the restoration status, in the response. You can use Amazon S3
 // event notifications to notify you when a restore is initiated or completed. For
-// more information, see Configuring Amazon S3 Event Notifications
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html) in the
-// Amazon S3 User Guide. After restoring an archived object, you can update the
-// restoration period by reissuing the request with a new period. Amazon S3 updates
-// the restoration period relative to the current time and charges only for the
-// request-there are no data transfer charges. You cannot update the restoration
-// period when Amazon S3 is actively processing your current restore request for
-// the object. If your bucket has a lifecycle configuration with a rule that
-// includes an expiration action, the object expiration overrides the life span
-// that you specify in a restore request. For example, if you restore an object
-// copy for 10 days, but the object is scheduled to expire in 3 days, Amazon S3
-// deletes the object in 3 days. For more information about lifecycle
-// configuration, see PutBucketLifecycleConfiguration
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycleConfiguration.html)
-// and Object Lifecycle Management
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html) in
-// Amazon S3 User Guide. Responses A successful action returns either the 200 OK or
-// 202 Accepted status code.
-//
-// * If the object is not previously restored, then
-// Amazon S3 returns 202 Accepted in the response.
+// more information, see Configuring Amazon S3 Event Notifications (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html)
+// in the Amazon S3 User Guide. After restoring an archived object, you can update
+// the restoration period by reissuing the request with a new period. Amazon S3
+// updates the restoration period relative to the current time and charges only for
+// the request-there are no data transfer charges. You cannot update the
+// restoration period when Amazon S3 is actively processing your current restore
+// request for the object. If your bucket has a lifecycle configuration with a rule
+// that includes an expiration action, the object expiration overrides the life
+// span that you specify in a restore request. For example, if you restore an
+// object copy for 10 days, but the object is scheduled to expire in 3 days, Amazon
+// S3 deletes the object in 3 days. For more information about lifecycle
+// configuration, see PutBucketLifecycleConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycleConfiguration.html)
+// and Object Lifecycle Management (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html)
+// in Amazon S3 User Guide. Responses A successful action returns either the 200 OK
+// or 202 Accepted status code.
 //
-// * If the object is previously
-// restored, Amazon S3 returns 200 OK in the response.
+//   - If the object is not previously restored, then Amazon S3 returns 202
+//     Accepted in the response.
 //
-// # Special Errors
+//   - If the object is previously restored, Amazon S3 returns 200 OK in the
+//     response.
 //
-// * Code:
-// RestoreAlreadyInProgress
+//   - Special errors:
 //
-// * Cause: Object restore is already in progress. (This
-// error does not apply to SELECT type requests.)
+//   - Code: RestoreAlreadyInProgress
 //
-// * HTTP Status Code: 409
-// Conflict
+//   - Cause: Object restore is already in progress. (This error does not apply to
+//     SELECT type requests.)
 //
-// * SOAP Fault Code Prefix: Client
+//   - HTTP Status Code: 409 Conflict
 //
-// * Code:
-// GlacierExpeditedRetrievalNotAvailable
+//   - SOAP Fault Code Prefix: Client
 //
-// * Cause: expedited retrievals are
-// currently not available. Try again later. (Returned if there is insufficient
-// capacity to process the Expedited request. This error applies only to Expedited
-// retrievals and not to S3 Standard or Bulk retrievals.)
+//   - Code: GlacierExpeditedRetrievalNotAvailable
 //
-// * HTTP Status Code:
-// 503
+//   - Cause: expedited retrievals are currently not available. Try again later.
+//     (Returned if there is insufficient capacity to process the Expedited request.
+//     This error applies only to Expedited retrievals and not to S3 Standard or Bulk
+//     retrievals.)
 //
-// * SOAP Fault Code Prefix: N/A
+//   - HTTP Status Code: 503
 //
-// # Related Resources
+//   - SOAP Fault Code Prefix: N/A
 //
-// *
-// PutBucketLifecycleConfiguration
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycleConfiguration.html)
-//
-// *
-// GetBucketNotificationConfiguration
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketNotificationConfiguration.html)
-//
-// *
-// SQL Reference for Amazon S3 Select and S3 Glacier Select
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-glacier-select-sql-reference.html)
-// in the Amazon S3 User Guide
+// The following operations are related to RestoreObject :
+//   - PutBucketLifecycleConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycleConfiguration.html)
+//   - GetBucketNotificationConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketNotificationConfiguration.html)
 func (c *Client) RestoreObject(ctx context.Context, params *RestoreObjectInput, optFns ...func(*Options)) (*RestoreObjectOutput, error) {
 	if params == nil {
 		params = &RestoreObjectInput{}
@@ -248,23 +184,21 @@ func (c *Client) RestoreObject(ctx context.Context, params *RestoreObjectInput,
 
 type RestoreObjectInput struct {
 
-	// The bucket name containing the object to restore. When using this action with an
-	// access point, you must direct requests to the access point hostname. The access
-	// point hostname takes the form
+	// The bucket name containing the object to restore. When using this action with
+	// an access point, you must direct requests to the access point hostname. The
+	// access point hostname takes the form
 	// AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this
 	// action with an access point through the Amazon Web Services SDKs, you provide
 	// the access point ARN in place of the bucket name. For more information about
-	// access point ARNs, see Using access points
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
-	// in the Amazon S3 User Guide. When using this action with Amazon S3 on Outposts,
-	// you must direct requests to the S3 on Outposts hostname. The S3 on Outposts
-	// hostname takes the form
-	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When using
-	// this action with S3 on Outposts through the Amazon Web Services SDKs, you
-	// provide the Outposts bucket ARN in place of the bucket name. For more
-	// information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) in the
-	// Amazon S3 User Guide.
+	// access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
+	// in the Amazon S3 User Guide. When you use this action with Amazon S3 on
+	// Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on
+	// Outposts hostname takes the form
+	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com . When you
+	// use this action with S3 on Outposts through the Amazon Web Services SDKs, you
+	// provide the Outposts access point ARN in place of the bucket name. For more
+	// information about S3 on Outposts ARNs, see What is S3 on Outposts? (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
+	// in the Amazon S3 User Guide.
 	//
 	// This member is required.
 	Bucket *string
@@ -278,9 +212,8 @@ type RestoreObjectInput struct {
 	// the SDK. This header will not provide any additional functionality if not using
 	// the SDK. When sending this header, there must be a corresponding x-amz-checksum
 	// or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with the
-	// HTTP status code 400 Bad Request. For more information, see Checking object
-	// integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// HTTP status code 400 Bad Request . For more information, see Checking object
+	// integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
 	// in the Amazon S3 User Guide. If you provide an individual checksum, Amazon S3
 	// ignores any provided ChecksumAlgorithm parameter.
 	ChecksumAlgorithm types.ChecksumAlgorithm
@@ -291,10 +224,11 @@ type RestoreObjectInput struct {
 	ExpectedBucketOwner *string
 
 	// Confirms that the requester knows that they will be charged for the request.
-	// Bucket owners need not specify this parameter in their requests. For information
-	// about downloading objects from Requester Pays buckets, see Downloading Objects
-	// in Requester Pays Buckets
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
+	// Bucket owners need not specify this parameter in their requests. If either the
+	// source or destination Amazon S3 bucket has Requester Pays enabled, the requester
+	// will pay for corresponding charges to copy the object. For information about
+	// downloading objects from Requester Pays buckets, see Downloading Objects in
+	// Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
 	// in the Amazon S3 User Guide.
 	RequestPayer types.RequestPayer
 
@@ -332,6 +266,9 @@ func (c *Client) addOperationRestoreObjectMiddlewares(stack *middleware.Stack, o
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -359,7 +296,7 @@ func (c *Client) addOperationRestoreObjectMiddlewares(stack *middleware.Stack, o
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -371,6 +308,9 @@ func (c *Client) addOperationRestoreObjectMiddlewares(stack *middleware.Stack, o
 	if err = swapWithCustomHTTPSignerMiddleware(stack, options); err != nil {
 		return err
 	}
+	if err = addRestoreObjectResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpRestoreObjectValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -380,6 +320,9 @@ func (c *Client) addOperationRestoreObjectMiddlewares(stack *middleware.Stack, o
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addRestoreObjectInputChecksumMiddlewares(stack, options); err != nil {
 		return err
 	}
@@ -398,9 +341,22 @@ func (c *Client) addOperationRestoreObjectMiddlewares(stack *middleware.Stack, o
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
+	if err = addSerializeImmutableHostnameBucketMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
+func (v *RestoreObjectInput) bucket() (string, bool) {
+	if v.Bucket == nil {
+		return "", false
+	}
+	return *v.Bucket, true
+}
+
 func newServiceMetadataMiddleware_opRestoreObject(region string) *awsmiddleware.RegisterServiceMetadata {
 	return &awsmiddleware.RegisterServiceMetadata{
 		Region:        region,
@@ -410,8 +366,8 @@ func newServiceMetadataMiddleware_opRestoreObject(region string) *awsmiddleware.
 	}
 }
 
-// getRestoreObjectRequestAlgorithmMember gets the request checksum algorithm value
-// provided as input.
+// getRestoreObjectRequestAlgorithmMember gets the request checksum algorithm
+// value provided as input.
 func getRestoreObjectRequestAlgorithmMember(input interface{}) (string, bool) {
 	in := input.(*RestoreObjectInput)
 	if len(in.ChecksumAlgorithm) == 0 {
@@ -455,3 +411,139 @@ func addRestoreObjectUpdateEndpoint(stack *middleware.Stack, options Options) er
 		DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
 	})
 }
+
+type opRestoreObjectResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opRestoreObjectResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opRestoreObjectResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	input, ok := in.Parameters.(*RestoreObjectInput)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	params.Bucket = input.Bucket
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "s3"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, internalauth.SigV4)
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "s3"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, v4Scheme.Name)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("s3")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			ctx = s3cust.SetSignerVersion(ctx, v4a.Version)
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addRestoreObjectResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opRestoreObjectResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:                         options.Region,
+			UseFIPS:                        options.EndpointOptions.UseFIPSEndpoint,
+			UseDualStack:                   options.EndpointOptions.UseDualStackEndpoint,
+			Endpoint:                       options.BaseEndpoint,
+			ForcePathStyle:                 options.UsePathStyle,
+			Accelerate:                     options.UseAccelerate,
+			DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
+			UseArnRegion:                   options.UseARNRegion,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_SelectObjectContent.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_SelectObjectContent.go
index 1b9dbc7bc..d6c2ff637 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_SelectObjectContent.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_SelectObjectContent.go
@@ -4,10 +4,16 @@ package s3
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	"github.com/aws/aws-sdk-go-v2/internal/v4a"
 	s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations"
 	"github.com/aws/aws-sdk-go-v2/service/s3/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithysync "github.com/aws/smithy-go/sync"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
@@ -21,86 +27,58 @@ import (
 // into records, and returns only records that match the specified SQL expression.
 // You must also specify the data serialization format for the response. This
 // action is not supported by Amazon S3 on Outposts. For more information about
-// Amazon S3 Select, see Selecting Content from Objects
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/selecting-content-from-objects.html)
-// and SELECT Command
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-glacier-select-sql-reference-select.html)
-// in the Amazon S3 User Guide. For more information about using SQL with Amazon S3
-// Select, see  SQL Reference for Amazon S3 Select and S3 Glacier Select
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-glacier-select-sql-reference.html)
+// Amazon S3 Select, see Selecting Content from Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/selecting-content-from-objects.html)
+// and SELECT Command (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-glacier-select-sql-reference-select.html)
 // in the Amazon S3 User Guide. Permissions You must have s3:GetObject permission
 // for this operation. Amazon S3 Select does not support anonymous access. For more
-// information about permissions, see Specifying Permissions in a Policy
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html) in
-// the Amazon S3 User Guide. Object Data Formats You can use Amazon S3 Select to
+// information about permissions, see Specifying Permissions in a Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html)
+// in the Amazon S3 User Guide. Object Data Formats You can use Amazon S3 Select to
 // query objects that have the following format properties:
+//   - CSV, JSON, and Parquet - Objects must be in CSV, JSON, or Parquet format.
+//   - UTF-8 - UTF-8 is the only encoding type Amazon S3 Select supports.
+//   - GZIP or BZIP2 - CSV and JSON files can be compressed using GZIP or BZIP2.
+//     GZIP and BZIP2 are the only compression formats that Amazon S3 Select supports
+//     for CSV and JSON files. Amazon S3 Select supports columnar compression for
+//     Parquet using GZIP or Snappy. Amazon S3 Select does not support whole-object
+//     compression for Parquet objects.
+//   - Server-side encryption - Amazon S3 Select supports querying objects that
+//     are protected with server-side encryption. For objects that are encrypted with
+//     customer-provided encryption keys (SSE-C), you must use HTTPS, and you must use
+//     the headers that are documented in the GetObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html)
+//     . For more information about SSE-C, see Server-Side Encryption (Using
+//     Customer-Provided Encryption Keys) (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html)
+//     in the Amazon S3 User Guide. For objects that are encrypted with Amazon S3
+//     managed keys (SSE-S3) and Amazon Web Services KMS keys (SSE-KMS), server-side
+//     encryption is handled transparently, so you don't need to specify anything. For
+//     more information about server-side encryption, including SSE-S3 and SSE-KMS, see
+//     Protecting Data Using Server-Side Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html)
+//     in the Amazon S3 User Guide.
 //
-// * CSV, JSON, and
-// Parquet - Objects must be in CSV, JSON, or Parquet format.
+// Working with the Response Body Given the response size is unknown, Amazon S3
+// Select streams the response as a series of messages and includes a
+// Transfer-Encoding header with chunked as its value in the response. For more
+// information, see Appendix: SelectObjectContent Response (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTSelectObjectAppendix.html)
+// . GetObject Support The SelectObjectContent action does not support the
+// following GetObject functionality. For more information, see GetObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html)
+// .
+//   - Range : Although you can specify a scan range for an Amazon S3 Select
+//     request (see SelectObjectContentRequest - ScanRange (https://docs.aws.amazon.com/AmazonS3/latest/API/API_SelectObjectContent.html#AmazonS3-SelectObjectContent-request-ScanRange)
+//     in the request parameters), you cannot specify the range of bytes of an object
+//     to return.
+//   - The GLACIER , DEEP_ARCHIVE , and REDUCED_REDUNDANCY storage classes, or the
+//     ARCHIVE_ACCESS and DEEP_ARCHIVE_ACCESS access tiers of the INTELLIGENT_TIERING
+//     storage class: You cannot query objects in the GLACIER , DEEP_ARCHIVE , or
+//     REDUCED_REDUNDANCY storage classes, nor objects in the ARCHIVE_ACCESS or
+//     DEEP_ARCHIVE_ACCESS access tiers of the INTELLIGENT_TIERING storage class. For
+//     more information about storage classes, see Using Amazon S3 storage classes (https://docs.aws.amazon.com/AmazonS3/latest/userguide/storage-class-intro.html)
+//     in the Amazon S3 User Guide.
 //
-// * UTF-8 - UTF-8 is
-// the only encoding type Amazon S3 Select supports.
-//
-// * GZIP or BZIP2 - CSV and
-// JSON files can be compressed using GZIP or BZIP2. GZIP and BZIP2 are the only
-// compression formats that Amazon S3 Select supports for CSV and JSON files.
-// Amazon S3 Select supports columnar compression for Parquet using GZIP or Snappy.
-// Amazon S3 Select does not support whole-object compression for Parquet
-// objects.
-//
-// * Server-side encryption - Amazon S3 Select supports querying objects
-// that are protected with server-side encryption. For objects that are encrypted
-// with customer-provided encryption keys (SSE-C), you must use HTTPS, and you must
-// use the headers that are documented in the GetObject
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html). For more
-// information about SSE-C, see Server-Side Encryption (Using Customer-Provided
-// Encryption Keys)
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html)
-// in the Amazon S3 User Guide. For objects that are encrypted with Amazon S3
-// managed encryption keys (SSE-S3) and Amazon Web Services KMS keys (SSE-KMS),
-// server-side encryption is handled transparently, so you don't need to specify
-// anything. For more information about server-side encryption, including SSE-S3
-// and SSE-KMS, see Protecting Data Using Server-Side Encryption
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html) in
-// the Amazon S3 User Guide.
-//
-// Working with the Response Body Given the response
-// size is unknown, Amazon S3 Select streams the response as a series of messages
-// and includes a Transfer-Encoding header with chunked as its value in the
-// response. For more information, see Appendix: SelectObjectContent Response
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTSelectObjectAppendix.html).
-// GetObject Support The SelectObjectContent action does not support the following
-// GetObject functionality. For more information, see GetObject
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html).
-//
-// * Range:
-// Although you can specify a scan range for an Amazon S3 Select request (see
-// SelectObjectContentRequest - ScanRange
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_SelectObjectContent.html#AmazonS3-SelectObjectContent-request-ScanRange)
-// in the request parameters), you cannot specify the range of bytes of an object
-// to return.
-//
-// * GLACIER, DEEP_ARCHIVE and REDUCED_REDUNDANCY storage classes: You
-// cannot specify the GLACIER, DEEP_ARCHIVE, or REDUCED_REDUNDANCY storage classes.
-// For more information, about storage classes see Storage Classes
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMetadata.html#storage-class-intro)
-// in the Amazon S3 User Guide.
-//
-// Special Errors For a list of special errors for
-// this operation, see List of SELECT Object Content Error Codes
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#SelectObjectContentErrorCodeList)
-// Related Resources
-//
-// * GetObject
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html)
-//
-// *
-// GetBucketLifecycleConfiguration
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketLifecycleConfiguration.html)
-//
-// *
-// PutBucketLifecycleConfiguration
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycleConfiguration.html)
+// Special Errors For a list of special errors for this operation, see List of
+// SELECT Object Content Error Codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#SelectObjectContentErrorCodeList)
+// The following operations are related to SelectObjectContent :
+//   - GetObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html)
+//   - GetBucketLifecycleConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketLifecycleConfiguration.html)
+//   - PutBucketLifecycleConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycleConfiguration.html)
 func (c *Client) SelectObjectContent(ctx context.Context, params *SelectObjectContentInput, optFns ...func(*Options)) (*SelectObjectContentOutput, error) {
 	if params == nil {
 		params = &SelectObjectContentInput{}
@@ -122,8 +100,8 @@ func (c *Client) SelectObjectContent(ctx context.Context, params *SelectObjectCo
 // object. Amazon S3 uses this to parse object data into records. It returns only
 // records that match the specified SQL expression. You must also specify the data
 // serialization format for the response. For more information, see S3Select API
-// Documentation
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTObjectSELECTContent.html).
+// Documentation (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTObjectSELECTContent.html)
+// .
 type SelectObjectContentInput struct {
 
 	// The S3 bucket.
@@ -166,39 +144,31 @@ type SelectObjectContentInput struct {
 
 	// The server-side encryption (SSE) algorithm used to encrypt the object. This
 	// parameter is needed only when the object was created using a checksum algorithm.
-	// For more information, see Protecting data using SSE-C keys
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html)
+	// For more information, see Protecting data using SSE-C keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html)
 	// in the Amazon S3 User Guide.
 	SSECustomerAlgorithm *string
 
 	// The server-side encryption (SSE) customer managed key. This parameter is needed
 	// only when the object was created using a checksum algorithm. For more
-	// information, see Protecting data using SSE-C keys
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html)
+	// information, see Protecting data using SSE-C keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html)
 	// in the Amazon S3 User Guide.
 	SSECustomerKey *string
 
 	// The MD5 server-side encryption (SSE) customer managed key. This parameter is
 	// needed only when the object was created using a checksum algorithm. For more
-	// information, see Protecting data using SSE-C keys
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html)
+	// information, see Protecting data using SSE-C keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html)
 	// in the Amazon S3 User Guide.
 	SSECustomerKeyMD5 *string
 
 	// Specifies the byte range of the object to get the records from. A record is
 	// processed when its first byte is contained by the range. This parameter is
 	// optional, but when specified, it must not be empty. See RFC 2616, Section
-	// 14.35.1 about how to specify the start and end of the range. ScanRangemay be
+	// 14.35.1 about how to specify the start and end of the range. ScanRange may be
 	// used in the following ways:
-	//
-	// * 50100 - process only the records starting between
-	// the bytes 50 and 100 (inclusive, counting from zero)
-	//
-	// * 50 - process only the
-	// records starting after the byte 50
-	//
-	// * 50 - process only the records within the
-	// last 50 bytes of the file.
+	//   - 50100 - process only the records starting between the bytes 50 and 100
+	//   (inclusive, counting from zero)
+	//   - 50 - process only the records starting after the byte 50
+	//   - 50 - process only the records within the last 50 bytes of the file.
 	ScanRange *types.ScanRange
 
 	noSmithyDocumentSerde
@@ -227,6 +197,9 @@ func (c *Client) addOperationSelectObjectContentMiddlewares(stack *middleware.St
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addEventStreamSelectObjectContentMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -257,12 +230,15 @@ func (c *Client) addOperationSelectObjectContentMiddlewares(stack *middleware.St
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = swapWithCustomHTTPSignerMiddleware(stack, options); err != nil {
 		return err
 	}
+	if err = addSelectObjectContentResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpSelectObjectContentValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -272,6 +248,9 @@ func (c *Client) addOperationSelectObjectContentMiddlewares(stack *middleware.St
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addSelectObjectContentUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
@@ -287,9 +266,22 @@ func (c *Client) addOperationSelectObjectContentMiddlewares(stack *middleware.St
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
+	if err = addSerializeImmutableHostnameBucketMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
+func (v *SelectObjectContentInput) bucket() (string, bool) {
+	if v.Bucket == nil {
+		return "", false
+	}
+	return *v.Bucket, true
+}
+
 func newServiceMetadataMiddleware_opSelectObjectContent(region string) *awsmiddleware.RegisterServiceMetadata {
 	return &awsmiddleware.RegisterServiceMetadata{
 		Region:        region,
@@ -424,3 +416,139 @@ func (es *SelectObjectContentEventStream) waitStreamClose() {
 
 	}
 }
+
+type opSelectObjectContentResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opSelectObjectContentResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opSelectObjectContentResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	input, ok := in.Parameters.(*SelectObjectContentInput)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	params.Bucket = input.Bucket
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "s3"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, internalauth.SigV4)
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "s3"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, v4Scheme.Name)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("s3")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			ctx = s3cust.SetSignerVersion(ctx, v4a.Version)
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addSelectObjectContentResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opSelectObjectContentResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:                         options.Region,
+			UseFIPS:                        options.EndpointOptions.UseFIPSEndpoint,
+			UseDualStack:                   options.EndpointOptions.UseDualStackEndpoint,
+			Endpoint:                       options.BaseEndpoint,
+			ForcePathStyle:                 options.UsePathStyle,
+			Accelerate:                     options.UseAccelerate,
+			DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
+			UseArnRegion:                   options.UseARNRegion,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_UploadPart.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_UploadPart.go
index 2617bed60..a3e1a7db4 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_UploadPart.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_UploadPart.go
@@ -4,12 +4,18 @@ package s3
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
 	awshttp "github.com/aws/aws-sdk-go-v2/aws/transport/http"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	"github.com/aws/aws-sdk-go-v2/internal/v4a"
 	internalChecksum "github.com/aws/aws-sdk-go-v2/service/internal/checksum"
 	s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations"
 	"github.com/aws/aws-sdk-go-v2/service/s3/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 	"io"
@@ -18,101 +24,74 @@ import (
 // Uploads a part in a multipart upload. In this operation, you provide part data
 // in your request. However, you have an option to specify your existing Amazon S3
 // object as a data source for the part you are uploading. To upload a part from an
-// existing object, you use the UploadPartCopy
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html)
-// operation. You must initiate a multipart upload (see CreateMultipartUpload
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html))
-// before you can upload any part. In response to your initiate request, Amazon S3
-// returns an upload ID, a unique identifier, that you must include in your upload
-// part request. Part numbers can be any number from 1 to 10,000, inclusive. A part
-// number uniquely identifies a part and also defines its position within the
-// object being created. If you upload a new part using the same part number that
-// was used with a previous part, the previously uploaded part is overwritten. For
-// information about maximum and minimum part sizes and other multipart upload
-// specifications, see Multipart upload limits
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/qfacts.html) in the
-// Amazon S3 User Guide. To ensure that data is not corrupted when traversing the
-// network, specify the Content-MD5 header in the upload part request. Amazon S3
-// checks the part data against the provided MD5 value. If they do not match,
-// Amazon S3 returns an error. If the upload request is signed with Signature
-// Version 4, then Amazon Web Services S3 uses the x-amz-content-sha256 header as a
-// checksum instead of Content-MD5. For more information see Authenticating
-// Requests: Using the Authorization Header (Amazon Web Services Signature Version
-// 4)
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-auth-using-authorization-header.html).
-// Note: After you initiate multipart upload and upload one or more parts, you must
-// either complete or abort multipart upload in order to stop getting charged for
-// storage of the uploaded parts. Only after you either complete or abort multipart
-// upload, Amazon S3 frees up the parts storage and stops charging you for the
-// parts storage. For more information on multipart uploads, go to Multipart Upload
-// Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html) in
-// the Amazon S3 User Guide . For information on the permissions required to use
-// the multipart upload API, go to Multipart Upload and Permissions
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html) in the
-// Amazon S3 User Guide. You can optionally request server-side encryption where
-// Amazon S3 encrypts your data as it writes it to disks in its data centers and
-// decrypts it for you when you access it. You have the option of providing your
-// own encryption key, or you can use the Amazon Web Services managed encryption
-// keys. If you choose to provide your own encryption key, the request headers you
-// provide in the request must match the headers you used in the request to
-// initiate the upload by using CreateMultipartUpload
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html).
-// For more information, go to Using Server-Side Encryption
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html)
+// existing object, you use the UploadPartCopy (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html)
+// operation. You must initiate a multipart upload (see CreateMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html)
+// ) before you can upload any part. In response to your initiate request, Amazon
+// S3 returns an upload ID, a unique identifier, that you must include in your
+// upload part request. Part numbers can be any number from 1 to 10,000, inclusive.
+// A part number uniquely identifies a part and also defines its position within
+// the object being created. If you upload a new part using the same part number
+// that was used with a previous part, the previously uploaded part is overwritten.
+// For information about maximum and minimum part sizes and other multipart upload
+// specifications, see Multipart upload limits (https://docs.aws.amazon.com/AmazonS3/latest/userguide/qfacts.html)
+// in the Amazon S3 User Guide. To ensure that data is not corrupted when
+// traversing the network, specify the Content-MD5 header in the upload part
+// request. Amazon S3 checks the part data against the provided MD5 value. If they
+// do not match, Amazon S3 returns an error. If the upload request is signed with
+// Signature Version 4, then Amazon Web Services S3 uses the x-amz-content-sha256
+// header as a checksum instead of Content-MD5 . For more information see
+// Authenticating Requests: Using the Authorization Header (Amazon Web Services
+// Signature Version 4) (https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-auth-using-authorization-header.html)
+// . Note: After you initiate multipart upload and upload one or more parts, you
+// must either complete or abort multipart upload in order to stop getting charged
+// for storage of the uploaded parts. Only after you either complete or abort
+// multipart upload, Amazon S3 frees up the parts storage and stops charging you
+// for the parts storage. For more information on multipart uploads, go to
+// Multipart Upload Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html)
+// in the Amazon S3 User Guide . For information on the permissions required to use
+// the multipart upload API, go to Multipart Upload and Permissions (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html)
+// in the Amazon S3 User Guide. Server-side encryption is for data encryption at
+// rest. Amazon S3 encrypts your data as it writes it to disks in its data centers
+// and decrypts it when you access it. You have three mutually exclusive options to
+// protect data using server-side encryption in Amazon S3, depending on how you
+// choose to manage the encryption keys. Specifically, the encryption key options
+// are Amazon S3 managed keys (SSE-S3), Amazon Web Services KMS keys (SSE-KMS), and
+// Customer-Provided Keys (SSE-C). Amazon S3 encrypts data with server-side
+// encryption using Amazon S3 managed keys (SSE-S3) by default. You can optionally
+// tell Amazon S3 to encrypt data at rest using server-side encryption with other
+// key options. The option you use depends on whether you want to use KMS keys
+// (SSE-KMS) or provide your own encryption key (SSE-C). If you choose to provide
+// your own encryption key, the request headers you provide in the request must
+// match the headers you used in the request to initiate the upload by using
+// CreateMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html)
+// . For more information, go to Using Server-Side Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html)
 // in the Amazon S3 User Guide. Server-side encryption is supported by the S3
 // Multipart Upload actions. Unless you are using a customer-provided encryption
-// key, you don't need to specify the encryption parameters in each UploadPart
-// request. Instead, you only need to specify the server-side encryption parameters
-// in the initial Initiate Multipart request. For more information, see
-// CreateMultipartUpload
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html).
-// If you requested server-side encryption using a customer-provided encryption key
-// in your initiate multipart upload request, you must provide identical encryption
-// information in each part upload using the following headers.
+// key (SSE-C), you don't need to specify the encryption parameters in each
+// UploadPart request. Instead, you only need to specify the server-side encryption
+// parameters in the initial Initiate Multipart request. For more information, see
+// CreateMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html)
+// . If you requested server-side encryption using a customer-provided encryption
+// key (SSE-C) in your initiate multipart upload request, you must provide
+// identical encryption information in each part upload using the following
+// headers.
+//   - x-amz-server-side-encryption-customer-algorithm
+//   - x-amz-server-side-encryption-customer-key
+//   - x-amz-server-side-encryption-customer-key-MD5
 //
-// *
-// x-amz-server-side-encryption-customer-algorithm
+// UploadPart has the following special errors:
+//   - Code: NoSuchUpload
+//   - Cause: The specified multipart upload does not exist. The upload ID might
+//     be invalid, or the multipart upload might have been aborted or completed.
+//   - HTTP Status Code: 404 Not Found
+//   - SOAP Fault Code Prefix: Client
 //
-// *
-// x-amz-server-side-encryption-customer-key
-//
-// *
-// x-amz-server-side-encryption-customer-key-MD5
-//
-// # Special Errors
-//
-// * Code:
-// NoSuchUpload
-//
-// * Cause: The specified multipart upload does not exist. The upload
-// ID might be invalid, or the multipart upload might have been aborted or
-// completed.
-//
-// * HTTP Status Code: 404 Not Found
-//
-// * SOAP Fault Code Prefix:
-// Client
-//
-// # Related Resources
-//
-// * CreateMultipartUpload
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html)
-//
-// *
-// CompleteMultipartUpload
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CompleteMultipartUpload.html)
-//
-// *
-// AbortMultipartUpload
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_AbortMultipartUpload.html)
-//
-// *
-// ListParts
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListParts.html)
-//
-// *
-// ListMultipartUploads
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListMultipartUploads.html)
+// The following operations are related to UploadPart :
+//   - CreateMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html)
+//   - CompleteMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CompleteMultipartUpload.html)
+//   - AbortMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_AbortMultipartUpload.html)
+//   - ListParts (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListParts.html)
+//   - ListMultipartUploads (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListMultipartUploads.html)
 func (c *Client) UploadPart(ctx context.Context, params *UploadPartInput, optFns ...func(*Options)) (*UploadPartOutput, error) {
 	if params == nil {
 		params = &UploadPartInput{}
@@ -136,17 +115,15 @@ type UploadPartInput struct {
 	// AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this
 	// action with an access point through the Amazon Web Services SDKs, you provide
 	// the access point ARN in place of the bucket name. For more information about
-	// access point ARNs, see Using access points
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
-	// in the Amazon S3 User Guide. When using this action with Amazon S3 on Outposts,
-	// you must direct requests to the S3 on Outposts hostname. The S3 on Outposts
-	// hostname takes the form
-	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When using
-	// this action with S3 on Outposts through the Amazon Web Services SDKs, you
-	// provide the Outposts bucket ARN in place of the bucket name. For more
-	// information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) in the
-	// Amazon S3 User Guide.
+	// access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
+	// in the Amazon S3 User Guide. When you use this action with Amazon S3 on
+	// Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on
+	// Outposts hostname takes the form
+	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com . When you
+	// use this action with S3 on Outposts through the Amazon Web Services SDKs, you
+	// provide the Outposts access point ARN in place of the bucket name. For more
+	// information about S3 on Outposts ARNs, see What is S3 on Outposts? (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
+	// in the Amazon S3 User Guide.
 	//
 	// This member is required.
 	Bucket *string
@@ -174,9 +151,8 @@ type UploadPartInput struct {
 	// the SDK. This header will not provide any additional functionality if not using
 	// the SDK. When sending this header, there must be a corresponding x-amz-checksum
 	// or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with the
-	// HTTP status code 400 Bad Request. For more information, see Checking object
-	// integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// HTTP status code 400 Bad Request . For more information, see Checking object
+	// integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
 	// in the Amazon S3 User Guide. If you provide an individual checksum, Amazon S3
 	// ignores any provided ChecksumAlgorithm parameter. This checksum algorithm must
 	// be the same for all parts and it match the checksum value supplied in the
@@ -186,32 +162,28 @@ type UploadPartInput struct {
 	// This header can be used as a data integrity check to verify that the data
 	// received is the same data that was originally sent. This header specifies the
 	// base64-encoded, 32-bit CRC32 checksum of the object. For more information, see
-	// Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
 	// in the Amazon S3 User Guide.
 	ChecksumCRC32 *string
 
 	// This header can be used as a data integrity check to verify that the data
 	// received is the same data that was originally sent. This header specifies the
 	// base64-encoded, 32-bit CRC32C checksum of the object. For more information, see
-	// Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
 	// in the Amazon S3 User Guide.
 	ChecksumCRC32C *string
 
 	// This header can be used as a data integrity check to verify that the data
 	// received is the same data that was originally sent. This header specifies the
 	// base64-encoded, 160-bit SHA-1 digest of the object. For more information, see
-	// Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
 	// in the Amazon S3 User Guide.
 	ChecksumSHA1 *string
 
 	// This header can be used as a data integrity check to verify that the data
 	// received is the same data that was originally sent. This header specifies the
 	// base64-encoded, 256-bit SHA-256 digest of the object. For more information, see
-	// Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
 	// in the Amazon S3 User Guide.
 	ChecksumSHA256 *string
 
@@ -230,10 +202,11 @@ type UploadPartInput struct {
 	ExpectedBucketOwner *string
 
 	// Confirms that the requester knows that they will be charged for the request.
-	// Bucket owners need not specify this parameter in their requests. For information
-	// about downloading objects from Requester Pays buckets, see Downloading Objects
-	// in Requester Pays Buckets
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
+	// Bucket owners need not specify this parameter in their requests. If either the
+	// source or destination Amazon S3 bucket has Requester Pays enabled, the requester
+	// will pay for corresponding charges to copy the object. For information about
+	// downloading objects from Requester Pays buckets, see Downloading Objects in
+	// Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
 	// in the Amazon S3 User Guide.
 	RequestPayer types.RequestPayer
 
@@ -245,7 +218,7 @@ type UploadPartInput struct {
 	// encrypting data. This value is used to store the object and then it is
 	// discarded; Amazon S3 does not store the encryption key. The key must be
 	// appropriate for use with the algorithm specified in the
-	// x-amz-server-side-encryption-customer-algorithm header. This must be the same
+	// x-amz-server-side-encryption-customer-algorithm header . This must be the same
 	// encryption key specified in the initiate multipart upload request.
 	SSECustomerKey *string
 
@@ -260,38 +233,34 @@ type UploadPartInput struct {
 type UploadPartOutput struct {
 
 	// Indicates whether the multipart upload uses an S3 Bucket Key for server-side
-	// encryption with Amazon Web Services KMS (SSE-KMS).
+	// encryption with Key Management Service (KMS) keys (SSE-KMS).
 	BucketKeyEnabled bool
 
 	// The base64-encoded, 32-bit CRC32 checksum of the object. This will only be
 	// present if it was uploaded with the object. With multipart uploads, this may not
 	// be a checksum value of the object. For more information about how checksums are
-	// calculated with multipart uploads, see  Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
 	// in the Amazon S3 User Guide.
 	ChecksumCRC32 *string
 
 	// The base64-encoded, 32-bit CRC32C checksum of the object. This will only be
 	// present if it was uploaded with the object. With multipart uploads, this may not
 	// be a checksum value of the object. For more information about how checksums are
-	// calculated with multipart uploads, see  Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
 	// in the Amazon S3 User Guide.
 	ChecksumCRC32C *string
 
 	// The base64-encoded, 160-bit SHA-1 digest of the object. This will only be
 	// present if it was uploaded with the object. With multipart uploads, this may not
 	// be a checksum value of the object. For more information about how checksums are
-	// calculated with multipart uploads, see  Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
 	// in the Amazon S3 User Guide.
 	ChecksumSHA1 *string
 
 	// The base64-encoded, 256-bit SHA-256 digest of the object. This will only be
 	// present if it was uploaded with the object. With multipart uploads, this may not
 	// be a checksum value of the object. For more information about how checksums are
-	// calculated with multipart uploads, see  Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
 	// in the Amazon S3 User Guide.
 	ChecksumSHA256 *string
 
@@ -302,22 +271,22 @@ type UploadPartOutput struct {
 	// request.
 	RequestCharged types.RequestCharged
 
-	// If server-side encryption with a customer-provided encryption key was requested,
-	// the response will include this header confirming the encryption algorithm used.
+	// If server-side encryption with a customer-provided encryption key was
+	// requested, the response will include this header confirming the encryption
+	// algorithm used.
 	SSECustomerAlgorithm *string
 
-	// If server-side encryption with a customer-provided encryption key was requested,
-	// the response will include this header to provide round-trip message integrity
-	// verification of the customer-provided encryption key.
+	// If server-side encryption with a customer-provided encryption key was
+	// requested, the response will include this header to provide round-trip message
+	// integrity verification of the customer-provided encryption key.
 	SSECustomerKeyMD5 *string
 
-	// If present, specifies the ID of the Amazon Web Services Key Management Service
-	// (Amazon Web Services KMS) symmetric customer managed key was used for the
-	// object.
+	// If present, specifies the ID of the Key Management Service (KMS) symmetric
+	// encryption customer managed key was used for the object.
 	SSEKMSKeyId *string
 
 	// The server-side encryption algorithm used when storing this object in Amazon S3
-	// (for example, AES256, aws:kms).
+	// (for example, AES256 , aws:kms ).
 	ServerSideEncryption types.ServerSideEncryption
 
 	// Metadata pertaining to the operation's result.
@@ -335,6 +304,9 @@ func (c *Client) addOperationUploadPartMiddlewares(stack *middleware.Stack, opti
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -362,7 +334,7 @@ func (c *Client) addOperationUploadPartMiddlewares(stack *middleware.Stack, opti
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -374,6 +346,9 @@ func (c *Client) addOperationUploadPartMiddlewares(stack *middleware.Stack, opti
 	if err = swapWithCustomHTTPSignerMiddleware(stack, options); err != nil {
 		return err
 	}
+	if err = addUploadPartResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpUploadPartValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -383,6 +358,12 @@ func (c *Client) addOperationUploadPartMiddlewares(stack *middleware.Stack, opti
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = add100Continue(stack, options); err != nil {
+		return err
+	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addUploadPartInputChecksumMiddlewares(stack, options); err != nil {
 		return err
 	}
@@ -404,9 +385,22 @@ func (c *Client) addOperationUploadPartMiddlewares(stack *middleware.Stack, opti
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
+	if err = addSerializeImmutableHostnameBucketMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
+func (v *UploadPartInput) bucket() (string, bool) {
+	if v.Bucket == nil {
+		return "", false
+	}
+	return *v.Bucket, true
+}
+
 func newServiceMetadataMiddleware_opUploadPart(region string) *awsmiddleware.RegisterServiceMetadata {
 	return &awsmiddleware.RegisterServiceMetadata{
 		Region:        region,
@@ -436,8 +430,9 @@ func addUploadPartInputChecksumMiddlewares(stack *middleware.Stack, options Opti
 	})
 }
 
-// getUploadPartBucketMember returns a pointer to string denoting a provided bucket
-// member valueand a boolean indicating if the input has a modeled bucket name,
+// getUploadPartBucketMember returns a pointer to string denoting a provided
+// bucket member valueand a boolean indicating if the input has a modeled bucket
+// name,
 func getUploadPartBucketMember(input interface{}) (*string, bool) {
 	in := input.(*UploadPartInput)
 	if in.Bucket == nil {
@@ -494,3 +489,139 @@ func addUploadPartPayloadAsUnsigned(stack *middleware.Stack, options Options) er
 	v4.RemoveComputePayloadSHA256Middleware(stack)
 	return v4.AddUnsignedPayloadMiddleware(stack)
 }
+
+type opUploadPartResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opUploadPartResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opUploadPartResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	input, ok := in.Parameters.(*UploadPartInput)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	params.Bucket = input.Bucket
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "s3"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, internalauth.SigV4)
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "s3"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, v4Scheme.Name)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("s3")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			ctx = s3cust.SetSignerVersion(ctx, v4a.Version)
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addUploadPartResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opUploadPartResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:                         options.Region,
+			UseFIPS:                        options.EndpointOptions.UseFIPSEndpoint,
+			UseDualStack:                   options.EndpointOptions.UseDualStackEndpoint,
+			Endpoint:                       options.BaseEndpoint,
+			ForcePathStyle:                 options.UsePathStyle,
+			Accelerate:                     options.UseAccelerate,
+			DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
+			UseArnRegion:                   options.UseARNRegion,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_UploadPartCopy.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_UploadPartCopy.go
index f1fa13954..ce9a179a7 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_UploadPartCopy.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_UploadPartCopy.go
@@ -4,10 +4,16 @@ package s3
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	"github.com/aws/aws-sdk-go-v2/internal/v4a"
 	s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations"
 	"github.com/aws/aws-sdk-go-v2/service/s3/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 	"time"
@@ -15,112 +21,72 @@ import (
 
 // Uploads a part by copying data from an existing object as data source. You
 // specify the data source by adding the request header x-amz-copy-source in your
-// request and a byte range by adding the request header x-amz-copy-source-range in
-// your request. For information about maximum and minimum part sizes and other
-// multipart upload specifications, see Multipart upload limits
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/qfacts.html) in the
-// Amazon S3 User Guide. Instead of using an existing object as part data, you
-// might use the UploadPart
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html) action and
-// provide data in your request. You must initiate a multipart upload before you
-// can upload any part. In response to your initiate request. Amazon S3 returns a
-// unique identifier, the upload ID, that you must include in your upload part
-// request. For more information about using the UploadPartCopy operation, see the
-// following:
+// request and a byte range by adding the request header x-amz-copy-source-range
+// in your request. For information about maximum and minimum part sizes and other
+// multipart upload specifications, see Multipart upload limits (https://docs.aws.amazon.com/AmazonS3/latest/userguide/qfacts.html)
+// in the Amazon S3 User Guide. Instead of using an existing object as part data,
+// you might use the UploadPart (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html)
+// action and provide data in your request. You must initiate a multipart upload
+// before you can upload any part. In response to your initiate request. Amazon S3
+// returns a unique identifier, the upload ID, that you must include in your upload
+// part request. For more information about using the UploadPartCopy operation,
+// see the following:
+//   - For conceptual information about multipart uploads, see Uploading Objects
+//     Using Multipart Upload (https://docs.aws.amazon.com/AmazonS3/latest/dev/uploadobjusingmpu.html)
+//     in the Amazon S3 User Guide.
+//   - For information about permissions required to use the multipart upload API,
+//     see Multipart Upload and Permissions (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html)
+//     in the Amazon S3 User Guide.
+//   - For information about copying objects using a single atomic action vs. a
+//     multipart upload, see Operations on Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectOperations.html)
+//     in the Amazon S3 User Guide.
+//   - For information about using server-side encryption with customer-provided
+//     encryption keys with the UploadPartCopy operation, see CopyObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html)
+//     and UploadPart (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html)
+//     .
 //
-// * For conceptual information about multipart uploads, see Uploading
-// Objects Using Multipart Upload
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/uploadobjusingmpu.html) in the
-// Amazon S3 User Guide.
+// Note the following additional considerations about the request headers
+// x-amz-copy-source-if-match , x-amz-copy-source-if-none-match ,
+// x-amz-copy-source-if-unmodified-since , and x-amz-copy-source-if-modified-since
+// :
+//   - Consideration 1 - If both of the x-amz-copy-source-if-match and
+//     x-amz-copy-source-if-unmodified-since headers are present in the request as
+//     follows: x-amz-copy-source-if-match condition evaluates to true , and;
+//     x-amz-copy-source-if-unmodified-since condition evaluates to false ; Amazon S3
+//     returns 200 OK and copies the data.
+//   - Consideration 2 - If both of the x-amz-copy-source-if-none-match and
+//     x-amz-copy-source-if-modified-since headers are present in the request as
+//     follows: x-amz-copy-source-if-none-match condition evaluates to false , and;
+//     x-amz-copy-source-if-modified-since condition evaluates to true ; Amazon S3
+//     returns 412 Precondition Failed response code.
 //
-// * For information about permissions required to use the
-// multipart upload API, see Multipart Upload and Permissions
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html) in the
-// Amazon S3 User Guide.
+// Versioning If your bucket has versioning enabled, you could have multiple
+// versions of the same object. By default, x-amz-copy-source identifies the
+// current version of the object to copy. If the current version is a delete marker
+// and you don't specify a versionId in the x-amz-copy-source , Amazon S3 returns a
+// 404 error, because the object does not exist. If you specify versionId in the
+// x-amz-copy-source and the versionId is a delete marker, Amazon S3 returns an
+// HTTP 400 error, because you are not allowed to specify a delete marker as a
+// version for the x-amz-copy-source . You can optionally specify a specific
+// version of the source object to copy by adding the versionId subresource as
+// shown in the following example: x-amz-copy-source:
+// /bucket/object?versionId=version id Special errors
+//   - Code: NoSuchUpload
+//   - Cause: The specified multipart upload does not exist. The upload ID might
+//     be invalid, or the multipart upload might have been aborted or completed.
+//   - HTTP Status Code: 404 Not Found
+//   - Code: InvalidRequest
+//   - Cause: The specified copy source is not supported as a byte-range copy
+//     source.
+//   - HTTP Status Code: 400 Bad Request
 //
-// * For information about copying objects using a single
-// atomic action vs. a multipart upload, see Operations on Objects
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectOperations.html) in the
-// Amazon S3 User Guide.
-//
-// * For information about using server-side encryption with
-// customer-provided encryption keys with the UploadPartCopy operation, see
-// CopyObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html)
-// and UploadPart
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html).
-//
-// Note the
-// following additional considerations about the request headers
-// x-amz-copy-source-if-match, x-amz-copy-source-if-none-match,
-// x-amz-copy-source-if-unmodified-since, and
-// x-amz-copy-source-if-modified-since:
-//
-// * Consideration 1 - If both of the
-// x-amz-copy-source-if-match and x-amz-copy-source-if-unmodified-since headers are
-// present in the request as follows: x-amz-copy-source-if-match condition
-// evaluates to true, and; x-amz-copy-source-if-unmodified-since condition
-// evaluates to false; Amazon S3 returns 200 OK and copies the data.
-//
-// *
-// Consideration 2 - If both of the x-amz-copy-source-if-none-match and
-// x-amz-copy-source-if-modified-since headers are present in the request as
-// follows: x-amz-copy-source-if-none-match condition evaluates to false, and;
-// x-amz-copy-source-if-modified-since condition evaluates to true; Amazon S3
-// returns 412 Precondition Failed response code.
-//
-// Versioning If your bucket has
-// versioning enabled, you could have multiple versions of the same object. By
-// default, x-amz-copy-source identifies the current version of the object to copy.
-// If the current version is a delete marker and you don't specify a versionId in
-// the x-amz-copy-source, Amazon S3 returns a 404 error, because the object does
-// not exist. If you specify versionId in the x-amz-copy-source and the versionId
-// is a delete marker, Amazon S3 returns an HTTP 400 error, because you are not
-// allowed to specify a delete marker as a version for the x-amz-copy-source. You
-// can optionally specify a specific version of the source object to copy by adding
-// the versionId subresource as shown in the following example: x-amz-copy-source:
-// /bucket/object?versionId=version id Special Errors
-//
-// * Code: NoSuchUpload
-//
-// *
-// Cause: The specified multipart upload does not exist. The upload ID might be
-// invalid, or the multipart upload might have been aborted or completed.
-//
-// * HTTP
-// Status Code: 404 Not Found
-//
-// * Code: InvalidRequest
-//
-// * Cause: The specified copy
-// source is not supported as a byte-range copy source.
-//
-// * HTTP Status Code: 400
-// Bad Request
-//
-// # Related Resources
-//
-// * CreateMultipartUpload
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html)
-//
-// *
-// UploadPart
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html)
-//
-// *
-// CompleteMultipartUpload
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CompleteMultipartUpload.html)
-//
-// *
-// AbortMultipartUpload
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_AbortMultipartUpload.html)
-//
-// *
-// ListParts
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListParts.html)
-//
-// *
-// ListMultipartUploads
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListMultipartUploads.html)
+// The following operations are related to UploadPartCopy :
+//   - CreateMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html)
+//   - UploadPart (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html)
+//   - CompleteMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CompleteMultipartUpload.html)
+//   - AbortMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_AbortMultipartUpload.html)
+//   - ListParts (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListParts.html)
+//   - ListMultipartUploads (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListMultipartUploads.html)
 func (c *Client) UploadPartCopy(ctx context.Context, params *UploadPartCopyInput, optFns ...func(*Options)) (*UploadPartCopyOutput, error) {
 	if params == nil {
 		params = &UploadPartCopyInput{}
@@ -143,53 +109,47 @@ type UploadPartCopyInput struct {
 	// AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this
 	// action with an access point through the Amazon Web Services SDKs, you provide
 	// the access point ARN in place of the bucket name. For more information about
-	// access point ARNs, see Using access points
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
-	// in the Amazon S3 User Guide. When using this action with Amazon S3 on Outposts,
-	// you must direct requests to the S3 on Outposts hostname. The S3 on Outposts
-	// hostname takes the form
-	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When using
-	// this action with S3 on Outposts through the Amazon Web Services SDKs, you
-	// provide the Outposts bucket ARN in place of the bucket name. For more
-	// information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) in the
-	// Amazon S3 User Guide.
+	// access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
+	// in the Amazon S3 User Guide. When you use this action with Amazon S3 on
+	// Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on
+	// Outposts hostname takes the form
+	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com . When you
+	// use this action with S3 on Outposts through the Amazon Web Services SDKs, you
+	// provide the Outposts access point ARN in place of the bucket name. For more
+	// information about S3 on Outposts ARNs, see What is S3 on Outposts? (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
+	// in the Amazon S3 User Guide.
 	//
 	// This member is required.
 	Bucket *string
 
-	// Specifies the source object for the copy operation. You specify the value in one
-	// of two formats, depending on whether you want to access the source object
-	// through an access point
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-points.html):
-	//
-	// *
-	// For objects not accessed through an access point, specify the name of the source
-	// bucket and key of the source object, separated by a slash (/). For example, to
-	// copy the object reports/january.pdf from the bucket awsexamplebucket, use
-	// awsexamplebucket/reports/january.pdf. The value must be URL-encoded.
-	//
-	// * For
-	// objects accessed through access points, specify the Amazon Resource Name (ARN)
-	// of the object as accessed through the access point, in the format
-	// arn:aws:s3:::accesspoint//object/. For example, to copy the object
-	// reports/january.pdf through access point my-access-point owned by account
-	// 123456789012 in Region us-west-2, use the URL encoding of
-	// arn:aws:s3:us-west-2:123456789012:accesspoint/my-access-point/object/reports/january.pdf.
-	// The value must be URL encoded. Amazon S3 supports copy operations using access
-	// points only when the source and destination buckets are in the same Amazon Web
-	// Services Region. Alternatively, for objects accessed through Amazon S3 on
-	// Outposts, specify the ARN of the object as accessed in the format
-	// arn:aws:s3-outposts:::outpost//object/. For example, to copy the object
-	// reports/january.pdf through outpost my-outpost owned by account 123456789012 in
-	// Region us-west-2, use the URL encoding of
-	// arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/object/reports/january.pdf.
-	// The value must be URL-encoded.
-	//
-	// To copy a specific version of an object, append
-	// ?versionId= to the value (for example,
-	// awsexamplebucket/reports/january.pdf?versionId=QUpfdndhfd8438MNFDN93jdnJFkdmqnh893).
-	// If you don't specify a version ID, Amazon S3 copies the latest version of the
+	// Specifies the source object for the copy operation. You specify the value in
+	// one of two formats, depending on whether you want to access the source object
+	// through an access point (https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-points.html)
+	// :
+	//   - For objects not accessed through an access point, specify the name of the
+	//   source bucket and key of the source object, separated by a slash (/). For
+	//   example, to copy the object reports/january.pdf from the bucket
+	//   awsexamplebucket , use awsexamplebucket/reports/january.pdf . The value must
+	//   be URL-encoded.
+	//   - For objects accessed through access points, specify the Amazon Resource
+	//   Name (ARN) of the object as accessed through the access point, in the format
+	//   arn:aws:s3:::accesspoint//object/ . For example, to copy the object
+	//   reports/january.pdf through access point my-access-point owned by account
+	//   123456789012 in Region us-west-2 , use the URL encoding of
+	//   arn:aws:s3:us-west-2:123456789012:accesspoint/my-access-point/object/reports/january.pdf
+	//   . The value must be URL encoded. Amazon S3 supports copy operations using access
+	//   points only when the source and destination buckets are in the same Amazon Web
+	//   Services Region. Alternatively, for objects accessed through Amazon S3 on
+	//   Outposts, specify the ARN of the object as accessed in the format
+	//   arn:aws:s3-outposts:::outpost//object/ . For example, to copy the object
+	//   reports/january.pdf through outpost my-outpost owned by account 123456789012
+	//   in Region us-west-2 , use the URL encoding of
+	//   arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/object/reports/january.pdf
+	//   . The value must be URL-encoded.
+	// To copy a specific version of an object, append ?versionId= to the value (for
+	// example,
+	// awsexamplebucket/reports/january.pdf?versionId=QUpfdndhfd8438MNFDN93jdnJFkdmqnh893
+	// ). If you don't specify a version ID, Amazon S3 copies the latest version of the
 	// source object.
 	//
 	// This member is required.
@@ -255,10 +215,11 @@ type UploadPartCopyInput struct {
 	ExpectedSourceBucketOwner *string
 
 	// Confirms that the requester knows that they will be charged for the request.
-	// Bucket owners need not specify this parameter in their requests. For information
-	// about downloading objects from Requester Pays buckets, see Downloading Objects
-	// in Requester Pays Buckets
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
+	// Bucket owners need not specify this parameter in their requests. If either the
+	// source or destination Amazon S3 bucket has Requester Pays enabled, the requester
+	// will pay for corresponding charges to copy the object. For information about
+	// downloading objects from Requester Pays buckets, see Downloading Objects in
+	// Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
 	// in the Amazon S3 User Guide.
 	RequestPayer types.RequestPayer
 
@@ -285,36 +246,36 @@ type UploadPartCopyInput struct {
 type UploadPartCopyOutput struct {
 
 	// Indicates whether the multipart upload uses an S3 Bucket Key for server-side
-	// encryption with Amazon Web Services KMS (SSE-KMS).
+	// encryption with Key Management Service (KMS) keys (SSE-KMS).
 	BucketKeyEnabled bool
 
 	// Container for all response elements.
 	CopyPartResult *types.CopyPartResult
 
-	// The version of the source object that was copied, if you have enabled versioning
-	// on the source bucket.
+	// The version of the source object that was copied, if you have enabled
+	// versioning on the source bucket.
 	CopySourceVersionId *string
 
 	// If present, indicates that the requester was successfully charged for the
 	// request.
 	RequestCharged types.RequestCharged
 
-	// If server-side encryption with a customer-provided encryption key was requested,
-	// the response will include this header confirming the encryption algorithm used.
+	// If server-side encryption with a customer-provided encryption key was
+	// requested, the response will include this header confirming the encryption
+	// algorithm used.
 	SSECustomerAlgorithm *string
 
-	// If server-side encryption with a customer-provided encryption key was requested,
-	// the response will include this header to provide round-trip message integrity
-	// verification of the customer-provided encryption key.
+	// If server-side encryption with a customer-provided encryption key was
+	// requested, the response will include this header to provide round-trip message
+	// integrity verification of the customer-provided encryption key.
 	SSECustomerKeyMD5 *string
 
-	// If present, specifies the ID of the Amazon Web Services Key Management Service
-	// (Amazon Web Services KMS) symmetric customer managed key that was used for the
-	// object.
+	// If present, specifies the ID of the Key Management Service (KMS) symmetric
+	// encryption customer managed key that was used for the object.
 	SSEKMSKeyId *string
 
 	// The server-side encryption algorithm used when storing this object in Amazon S3
-	// (for example, AES256, aws:kms).
+	// (for example, AES256 , aws:kms ).
 	ServerSideEncryption types.ServerSideEncryption
 
 	// Metadata pertaining to the operation's result.
@@ -332,6 +293,9 @@ func (c *Client) addOperationUploadPartCopyMiddlewares(stack *middleware.Stack,
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -359,7 +323,7 @@ func (c *Client) addOperationUploadPartCopyMiddlewares(stack *middleware.Stack,
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -371,6 +335,9 @@ func (c *Client) addOperationUploadPartCopyMiddlewares(stack *middleware.Stack,
 	if err = swapWithCustomHTTPSignerMiddleware(stack, options); err != nil {
 		return err
 	}
+	if err = addUploadPartCopyResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpUploadPartCopyValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -380,6 +347,9 @@ func (c *Client) addOperationUploadPartCopyMiddlewares(stack *middleware.Stack,
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addUploadPartCopyUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
@@ -398,9 +368,22 @@ func (c *Client) addOperationUploadPartCopyMiddlewares(stack *middleware.Stack,
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
+	if err = addSerializeImmutableHostnameBucketMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
+func (v *UploadPartCopyInput) bucket() (string, bool) {
+	if v.Bucket == nil {
+		return "", false
+	}
+	return *v.Bucket, true
+}
+
 func newServiceMetadataMiddleware_opUploadPartCopy(region string) *awsmiddleware.RegisterServiceMetadata {
 	return &awsmiddleware.RegisterServiceMetadata{
 		Region:        region,
@@ -435,3 +418,139 @@ func addUploadPartCopyUpdateEndpoint(stack *middleware.Stack, options Options) e
 		DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
 	})
 }
+
+type opUploadPartCopyResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opUploadPartCopyResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opUploadPartCopyResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	input, ok := in.Parameters.(*UploadPartCopyInput)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	params.Bucket = input.Bucket
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "s3"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, internalauth.SigV4)
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "s3"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, v4Scheme.Name)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("s3")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			ctx = s3cust.SetSignerVersion(ctx, v4a.Version)
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addUploadPartCopyResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opUploadPartCopyResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:                         options.Region,
+			UseFIPS:                        options.EndpointOptions.UseFIPSEndpoint,
+			UseDualStack:                   options.EndpointOptions.UseDualStackEndpoint,
+			Endpoint:                       options.BaseEndpoint,
+			ForcePathStyle:                 options.UsePathStyle,
+			Accelerate:                     options.UseAccelerate,
+			DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
+			UseArnRegion:                   options.UseARNRegion,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_WriteGetObjectResponse.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_WriteGetObjectResponse.go
index 78eeadd45..751f646dc 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_WriteGetObjectResponse.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_WriteGetObjectResponse.go
@@ -4,13 +4,19 @@ package s3
 
 import (
 	"context"
+	"errors"
 	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	"github.com/aws/aws-sdk-go-v2/internal/v4a"
 	s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations"
 	"github.com/aws/aws-sdk-go-v2/service/s3/types"
 	smithy "github.com/aws/smithy-go"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
+	"github.com/aws/smithy-go/ptr"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 	"io"
 	"strings"
@@ -19,20 +25,18 @@ import (
 
 // Passes transformed objects to a GetObject operation when using Object Lambda
 // access points. For information about Object Lambda access points, see
-// Transforming objects with Object Lambda access points
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/transforming-objects.html)
+// Transforming objects with Object Lambda access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/transforming-objects.html)
 // in the Amazon S3 User Guide. This operation supports metadata that can be
-// returned by GetObject
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html), in
-// addition to RequestRoute, RequestToken, StatusCode, ErrorCode, and ErrorMessage.
-// The GetObject response metadata is supported so that the WriteGetObjectResponse
-// caller, typically an Lambda function, can provide the same metadata when it
-// internally invokes GetObject. When WriteGetObjectResponse is called by a
-// customer-owned Lambda function, the metadata returned to the end user GetObject
-// call might differ from what Amazon S3 would normally return. You can include any
-// number of metadata headers. When including a metadata header, it should be
-// prefaced with x-amz-meta. For example, x-amz-meta-my-custom-header:
-// MyCustomValue. The primary use case for this is to forward GetObject metadata.
+// returned by GetObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html)
+// , in addition to RequestRoute , RequestToken , StatusCode , ErrorCode , and
+// ErrorMessage . The GetObject response metadata is supported so that the
+// WriteGetObjectResponse caller, typically an Lambda function, can provide the
+// same metadata when it internally invokes GetObject . When WriteGetObjectResponse
+// is called by a customer-owned Lambda function, the metadata returned to the end
+// user GetObject call might differ from what Amazon S3 would normally return. You
+// can include any number of metadata headers. When including a metadata header, it
+// should be prefaced with x-amz-meta . For example, x-amz-meta-my-custom-header:
+// MyCustomValue . The primary use case for this is to forward GetObject metadata.
 // Amazon Web Services provides some prebuilt Lambda functions that you can use
 // with S3 Object Lambda to detect and redact personally identifiable information
 // (PII) and decompress S3 objects. These Lambda functions are available in the
@@ -52,9 +56,8 @@ import (
 // equipped to decompress objects stored in S3 in one of six compressed file
 // formats including bzip2, gzip, snappy, zlib, zstandard and ZIP. For information
 // on how to view and use these functions, see Using Amazon Web Services built
-// Lambda functions
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/olap-examples.html) in
-// the Amazon S3 User Guide.
+// Lambda functions (https://docs.aws.amazon.com/AmazonS3/latest/userguide/olap-examples.html)
+// in the Amazon S3 User Guide.
 func (c *Client) WriteGetObjectResponse(ctx context.Context, params *WriteGetObjectResponseInput, optFns ...func(*Options)) (*WriteGetObjectResponseOutput, error) {
 	if params == nil {
 		params = &WriteGetObjectResponseInput{}
@@ -102,8 +105,7 @@ type WriteGetObjectResponseInput struct {
 	// Lambda function. This may not match the checksum for the object stored in Amazon
 	// S3. Amazon S3 will perform validation of the checksum values only when the
 	// original GetObject request required checksum validation. For more information
-	// about checksums, see Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// about checksums, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
 	// in the Amazon S3 User Guide. Only one checksum header can be specified at a
 	// time. If you supply multiple checksum headers, this request will fail.
 	ChecksumCRC32 *string
@@ -114,8 +116,7 @@ type WriteGetObjectResponseInput struct {
 	// Lambda function. This may not match the checksum for the object stored in Amazon
 	// S3. Amazon S3 will perform validation of the checksum values only when the
 	// original GetObject request required checksum validation. For more information
-	// about checksums, see Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// about checksums, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
 	// in the Amazon S3 User Guide. Only one checksum header can be specified at a
 	// time. If you supply multiple checksum headers, this request will fail.
 	ChecksumCRC32C *string
@@ -126,8 +127,7 @@ type WriteGetObjectResponseInput struct {
 	// function. This may not match the checksum for the object stored in Amazon S3.
 	// Amazon S3 will perform validation of the checksum values only when the original
 	// GetObject request required checksum validation. For more information about
-	// checksums, see Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// checksums, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
 	// in the Amazon S3 User Guide. Only one checksum header can be specified at a
 	// time. If you supply multiple checksum headers, this request will fail.
 	ChecksumSHA1 *string
@@ -138,8 +138,7 @@ type WriteGetObjectResponseInput struct {
 	// Lambda function. This may not match the checksum for the object stored in Amazon
 	// S3. Amazon S3 will perform validation of the checksum values only when the
 	// original GetObject request required checksum validation. For more information
-	// about checksums, see Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// about checksums, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
 	// in the Amazon S3 User Guide. Only one checksum header can be specified at a
 	// time. If you supply multiple checksum headers, this request will fail.
 	ChecksumSHA256 *string
@@ -164,8 +163,8 @@ type WriteGetObjectResponseInput struct {
 	// A standard MIME type describing the format of the object data.
 	ContentType *string
 
-	// Specifies whether an object stored in Amazon S3 is (true) or is not (false) a
-	// delete marker.
+	// Specifies whether an object stored in Amazon S3 is ( true ) or is not ( false )
+	// a delete marker.
 	DeleteMarker bool
 
 	// An opaque identifier assigned by a web server to a specific version of a
@@ -173,15 +172,16 @@ type WriteGetObjectResponseInput struct {
 	ETag *string
 
 	// A string that uniquely identifies an error condition. Returned in the  tag of
-	// the error XML response for a corresponding GetObject call. Cannot be used with a
-	// successful StatusCode header or when the transformed object is provided in the
-	// body. All error codes from S3 are sentence-cased. The regular expression (regex)
-	// value is "^[A-Z][a-zA-Z]+$".
+	// the error XML response for a corresponding GetObject call. Cannot be used with
+	// a successful StatusCode header or when the transformed object is provided in
+	// the body. All error codes from S3 are sentence-cased. The regular expression
+	// (regex) value is "^[A-Z][a-zA-Z]+$" .
 	ErrorCode *string
 
 	// Contains a generic description of the error condition. Returned in the tag of
-	// the error XML response for a corresponding GetObject call. Cannot be used with a
-	// successful StatusCode header or when the transformed object is provided in body.
+	// the error XML response for a corresponding GetObject call. Cannot be used with
+	// a successful StatusCode header or when the transformed object is provided in
+	// body.
 	ErrorMessage *string
 
 	// If the object expiration is configured (see PUT Bucket lifecycle), the response
@@ -209,8 +209,8 @@ type WriteGetObjectResponseInput struct {
 	ObjectLockLegalHoldStatus types.ObjectLockLegalHoldStatus
 
 	// Indicates whether an object stored in Amazon S3 has Object Lock enabled. For
-	// more information about S3 Object Lock, see Object Lock
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock.html).
+	// more information about S3 Object Lock, see Object Lock (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock.html)
+	// .
 	ObjectLockMode types.ObjectLockMode
 
 	// The date and time when Object Lock is configured to expire.
@@ -219,9 +219,9 @@ type WriteGetObjectResponseInput struct {
 	// The count of parts this object has.
 	PartsCount int32
 
-	// Indicates if request involves bucket that is either a source or destination in a
-	// Replication rule. For more information about S3 Replication, see Replication
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/replication.html).
+	// Indicates if request involves bucket that is either a source or destination in
+	// a Replication rule. For more information about S3 Replication, see Replication (https://docs.aws.amazon.com/AmazonS3/latest/userguide/replication.html)
+	// .
 	ReplicationStatus types.ReplicationStatus
 
 	// If present, indicates that the requester was successfully charged for the
@@ -238,59 +238,41 @@ type WriteGetObjectResponseInput struct {
 
 	// 128-bit MD5 digest of customer-provided encryption key used in Amazon S3 to
 	// encrypt data stored in S3. For more information, see Protecting data using
-	// server-side encryption with customer-provided encryption keys (SSE-C)
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/ServerSideEncryptionCustomerKeys.html).
+	// server-side encryption with customer-provided encryption keys (SSE-C) (https://docs.aws.amazon.com/AmazonS3/latest/userguide/ServerSideEncryptionCustomerKeys.html)
+	// .
 	SSECustomerKeyMD5 *string
 
-	// If present, specifies the ID of the Amazon Web Services Key Management Service
-	// (Amazon Web Services KMS) symmetric customer managed key that was used for
-	// stored in Amazon S3 object.
+	// If present, specifies the ID (Key ID, Key ARN, or Key Alias) of the Amazon Web
+	// Services Key Management Service (Amazon Web Services KMS) symmetric encryption
+	// customer managed key that was used for stored in Amazon S3 object.
 	SSEKMSKeyId *string
 
 	// The server-side encryption algorithm used when storing requested object in
-	// Amazon S3 (for example, AES256, aws:kms).
+	// Amazon S3 (for example, AES256, aws:kms ).
 	ServerSideEncryption types.ServerSideEncryption
 
 	// The integer status code for an HTTP response of a corresponding GetObject
-	// request. Status Codes
-	//
-	// * 200 - OK
-	//
-	// * 206 - Partial Content
-	//
-	// * 304 - Not
-	// Modified
-	//
-	// * 400 - Bad Request
-	//
-	// * 401 - Unauthorized
-	//
-	// * 403 - Forbidden
-	//
-	// * 404 -
-	// Not Found
-	//
-	// * 405 - Method Not Allowed
-	//
-	// * 409 - Conflict
-	//
-	// * 411 - Length
-	// Required
-	//
-	// * 412 - Precondition Failed
-	//
-	// * 416 - Range Not Satisfiable
-	//
-	// * 500 -
-	// Internal Server Error
-	//
-	// * 503 - Service Unavailable
+	// request. The following is a list of status codes.
+	//   - 200 - OK
+	//   - 206 - Partial Content
+	//   - 304 - Not Modified
+	//   - 400 - Bad Request
+	//   - 401 - Unauthorized
+	//   - 403 - Forbidden
+	//   - 404 - Not Found
+	//   - 405 - Method Not Allowed
+	//   - 409 - Conflict
+	//   - 411 - Length Required
+	//   - 412 - Precondition Failed
+	//   - 416 - Range Not Satisfiable
+	//   - 500 - Internal Server Error
+	//   - 503 - Service Unavailable
 	StatusCode int32
 
 	// Provides storage class information of the object. Amazon S3 returns this header
 	// for all objects except for S3 Standard storage class objects. For more
-	// information, see Storage Classes
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html).
+	// information, see Storage Classes (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html)
+	// .
 	StorageClass types.StorageClass
 
 	// The number of tags, if any, on the object.
@@ -318,6 +300,9 @@ func (c *Client) addOperationWriteGetObjectResponseMiddlewares(stack *middleware
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -348,7 +333,7 @@ func (c *Client) addOperationWriteGetObjectResponseMiddlewares(stack *middleware
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -363,6 +348,9 @@ func (c *Client) addOperationWriteGetObjectResponseMiddlewares(stack *middleware
 	if err = addEndpointPrefix_opWriteGetObjectResponseMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addWriteGetObjectResponseResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpWriteGetObjectResponseValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -372,6 +360,9 @@ func (c *Client) addOperationWriteGetObjectResponseMiddlewares(stack *middleware
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addWriteGetObjectResponseUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
@@ -387,6 +378,12 @@ func (c *Client) addOperationWriteGetObjectResponseMiddlewares(stack *middleware
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
+	if err = addSerializeImmutableHostnameBucketMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -455,3 +452,134 @@ func addWriteGetObjectResponseUpdateEndpoint(stack *middleware.Stack, options Op
 		DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
 	})
 }
+
+type opWriteGetObjectResponseResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opWriteGetObjectResponseResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opWriteGetObjectResponseResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	params.UseObjectLambdaEndpoint = ptr.Bool(true)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "s3"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, internalauth.SigV4)
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "s3"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			ctx = s3cust.SetSignerVersion(ctx, v4Scheme.Name)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("s3")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			ctx = s3cust.SetSignerVersion(ctx, v4a.Version)
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addWriteGetObjectResponseResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opWriteGetObjectResponseResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:                         options.Region,
+			UseFIPS:                        options.EndpointOptions.UseFIPSEndpoint,
+			UseDualStack:                   options.EndpointOptions.UseDualStackEndpoint,
+			Endpoint:                       options.BaseEndpoint,
+			ForcePathStyle:                 options.UsePathStyle,
+			Accelerate:                     options.UseAccelerate,
+			DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
+			UseArnRegion:                   options.UseARNRegion,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/bucketer.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/bucketer.go
new file mode 100644
index 000000000..4e7f7e24e
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/bucketer.go
@@ -0,0 +1,15 @@
+package s3
+
+// implemented by all S3 input structures
+type bucketer interface {
+	bucket() (string, bool)
+}
+
+func bucketFromInput(params interface{}) (string, bool) {
+	v, ok := params.(bucketer)
+	if !ok {
+		return "", false
+	}
+
+	return v.bucket()
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/deserializers.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/deserializers.go
index 995d909cf..fc192a326 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/deserializers.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/deserializers.go
@@ -2369,6 +2369,11 @@ func (m *awsRestxml_deserializeOpGetBucketAccelerateConfiguration) HandleDeseria
 	output := &GetBucketAccelerateConfigurationOutput{}
 	out.Result = output
 
+	err = awsRestxml_deserializeOpHttpBindingsGetBucketAccelerateConfigurationOutput(output, response)
+	if err != nil {
+		return out, metadata, &smithy.DeserializationError{Err: fmt.Errorf("failed to decode response with invalid Http bindings, %w", err)}
+	}
+
 	var buff [1024]byte
 	ringBuffer := smithyio.NewRingBuffer(buff[:])
 	body := io.TeeReader(response.Body, ringBuffer)
@@ -2440,6 +2445,18 @@ func awsRestxml_deserializeOpErrorGetBucketAccelerateConfiguration(response *smi
 	}
 }
 
+func awsRestxml_deserializeOpHttpBindingsGetBucketAccelerateConfigurationOutput(v *GetBucketAccelerateConfigurationOutput, response *smithyhttp.Response) error {
+	if v == nil {
+		return fmt.Errorf("unsupported deserialization for nil %T", v)
+	}
+
+	if headerValues := response.Header.Values("x-amz-request-charged"); len(headerValues) != 0 {
+		headerValues[0] = strings.TrimSpace(headerValues[0])
+		v.RequestCharged = types.RequestCharged(headerValues[0])
+	}
+
+	return nil
+}
 func awsRestxml_deserializeOpDocumentGetBucketAccelerateConfigurationOutput(v **GetBucketAccelerateConfigurationOutput, decoder smithyxml.NodeDecoder) error {
 	if v == nil {
 		return fmt.Errorf("unexpected nil of type %T", v)
@@ -6827,6 +6844,9 @@ func awsRestxml_deserializeOpErrorHeadObject(response *smithyhttp.Response, meta
 	}
 	errorBody.Seek(0, io.SeekStart)
 	switch {
+	case strings.EqualFold("NotFound", errorCode):
+		return awsRestxml_deserializeErrorNotFound(response, errorBody)
+
 	default:
 		genericError := &smithy.GenericAPIError{
 			Code:    errorCode,
@@ -7947,6 +7967,11 @@ func (m *awsRestxml_deserializeOpListMultipartUploads) HandleDeserialize(ctx con
 	output := &ListMultipartUploadsOutput{}
 	out.Result = output
 
+	err = awsRestxml_deserializeOpHttpBindingsListMultipartUploadsOutput(output, response)
+	if err != nil {
+		return out, metadata, &smithy.DeserializationError{Err: fmt.Errorf("failed to decode response with invalid Http bindings, %w", err)}
+	}
+
 	var buff [1024]byte
 	ringBuffer := smithyio.NewRingBuffer(buff[:])
 	body := io.TeeReader(response.Body, ringBuffer)
@@ -8018,6 +8043,18 @@ func awsRestxml_deserializeOpErrorListMultipartUploads(response *smithyhttp.Resp
 	}
 }
 
+func awsRestxml_deserializeOpHttpBindingsListMultipartUploadsOutput(v *ListMultipartUploadsOutput, response *smithyhttp.Response) error {
+	if v == nil {
+		return fmt.Errorf("unsupported deserialization for nil %T", v)
+	}
+
+	if headerValues := response.Header.Values("x-amz-request-charged"); len(headerValues) != 0 {
+		headerValues[0] = strings.TrimSpace(headerValues[0])
+		v.RequestCharged = types.RequestCharged(headerValues[0])
+	}
+
+	return nil
+}
 func awsRestxml_deserializeOpDocumentListMultipartUploadsOutput(v **ListMultipartUploadsOutput, decoder smithyxml.NodeDecoder) error {
 	if v == nil {
 		return fmt.Errorf("unexpected nil of type %T", v)
@@ -8229,6 +8266,11 @@ func (m *awsRestxml_deserializeOpListObjects) HandleDeserialize(ctx context.Cont
 	output := &ListObjectsOutput{}
 	out.Result = output
 
+	err = awsRestxml_deserializeOpHttpBindingsListObjectsOutput(output, response)
+	if err != nil {
+		return out, metadata, &smithy.DeserializationError{Err: fmt.Errorf("failed to decode response with invalid Http bindings, %w", err)}
+	}
+
 	var buff [1024]byte
 	ringBuffer := smithyio.NewRingBuffer(buff[:])
 	body := io.TeeReader(response.Body, ringBuffer)
@@ -8303,6 +8345,18 @@ func awsRestxml_deserializeOpErrorListObjects(response *smithyhttp.Response, met
 	}
 }
 
+func awsRestxml_deserializeOpHttpBindingsListObjectsOutput(v *ListObjectsOutput, response *smithyhttp.Response) error {
+	if v == nil {
+		return fmt.Errorf("unsupported deserialization for nil %T", v)
+	}
+
+	if headerValues := response.Header.Values("x-amz-request-charged"); len(headerValues) != 0 {
+		headerValues[0] = strings.TrimSpace(headerValues[0])
+		v.RequestCharged = types.RequestCharged(headerValues[0])
+	}
+
+	return nil
+}
 func awsRestxml_deserializeOpDocumentListObjectsOutput(v **ListObjectsOutput, decoder smithyxml.NodeDecoder) error {
 	if v == nil {
 		return fmt.Errorf("unexpected nil of type %T", v)
@@ -8488,6 +8542,11 @@ func (m *awsRestxml_deserializeOpListObjectsV2) HandleDeserialize(ctx context.Co
 	output := &ListObjectsV2Output{}
 	out.Result = output
 
+	err = awsRestxml_deserializeOpHttpBindingsListObjectsV2Output(output, response)
+	if err != nil {
+		return out, metadata, &smithy.DeserializationError{Err: fmt.Errorf("failed to decode response with invalid Http bindings, %w", err)}
+	}
+
 	var buff [1024]byte
 	ringBuffer := smithyio.NewRingBuffer(buff[:])
 	body := io.TeeReader(response.Body, ringBuffer)
@@ -8562,6 +8621,18 @@ func awsRestxml_deserializeOpErrorListObjectsV2(response *smithyhttp.Response, m
 	}
 }
 
+func awsRestxml_deserializeOpHttpBindingsListObjectsV2Output(v *ListObjectsV2Output, response *smithyhttp.Response) error {
+	if v == nil {
+		return fmt.Errorf("unsupported deserialization for nil %T", v)
+	}
+
+	if headerValues := response.Header.Values("x-amz-request-charged"); len(headerValues) != 0 {
+		headerValues[0] = strings.TrimSpace(headerValues[0])
+		v.RequestCharged = types.RequestCharged(headerValues[0])
+	}
+
+	return nil
+}
 func awsRestxml_deserializeOpDocumentListObjectsV2Output(v **ListObjectsV2Output, decoder smithyxml.NodeDecoder) error {
 	if v == nil {
 		return fmt.Errorf("unexpected nil of type %T", v)
@@ -8777,6 +8848,11 @@ func (m *awsRestxml_deserializeOpListObjectVersions) HandleDeserialize(ctx conte
 	output := &ListObjectVersionsOutput{}
 	out.Result = output
 
+	err = awsRestxml_deserializeOpHttpBindingsListObjectVersionsOutput(output, response)
+	if err != nil {
+		return out, metadata, &smithy.DeserializationError{Err: fmt.Errorf("failed to decode response with invalid Http bindings, %w", err)}
+	}
+
 	var buff [1024]byte
 	ringBuffer := smithyio.NewRingBuffer(buff[:])
 	body := io.TeeReader(response.Body, ringBuffer)
@@ -8848,6 +8924,18 @@ func awsRestxml_deserializeOpErrorListObjectVersions(response *smithyhttp.Respon
 	}
 }
 
+func awsRestxml_deserializeOpHttpBindingsListObjectVersionsOutput(v *ListObjectVersionsOutput, response *smithyhttp.Response) error {
+	if v == nil {
+		return fmt.Errorf("unsupported deserialization for nil %T", v)
+	}
+
+	if headerValues := response.Header.Values("x-amz-request-charged"); len(headerValues) != 0 {
+		headerValues[0] = strings.TrimSpace(headerValues[0])
+		v.RequestCharged = types.RequestCharged(headerValues[0])
+	}
+
+	return nil
+}
 func awsRestxml_deserializeOpDocumentListObjectVersionsOutput(v **ListObjectVersionsOutput, decoder smithyxml.NodeDecoder) error {
 	if v == nil {
 		return fmt.Errorf("unexpected nil of type %T", v)
@@ -18361,6 +18449,12 @@ func awsRestxml_deserializeDocumentObject(v **types.Object, decoder smithyxml.No
 				return err
 			}
 
+		case strings.EqualFold("RestoreStatus", t.Name.Local):
+			nodeDecoder := smithyxml.WrapNodeDecoder(decoder.Decoder, t)
+			if err := awsRestxml_deserializeDocumentRestoreStatus(&sv.RestoreStatus, nodeDecoder); err != nil {
+				return err
+			}
+
 		case strings.EqualFold("Size", t.Name.Local):
 			val, err := decoder.Value()
 			if err != nil {
@@ -18972,6 +19066,12 @@ func awsRestxml_deserializeDocumentObjectVersion(v **types.ObjectVersion, decode
 				return err
 			}
 
+		case strings.EqualFold("RestoreStatus", t.Name.Local):
+			nodeDecoder := smithyxml.WrapNodeDecoder(decoder.Decoder, t)
+			if err := awsRestxml_deserializeDocumentRestoreStatus(&sv.RestoreStatus, nodeDecoder); err != nil {
+				return err
+			}
+
 		case strings.EqualFold("Size", t.Name.Local):
 			val, err := decoder.Value()
 			if err != nil {
@@ -20591,6 +20691,75 @@ func awsRestxml_deserializeDocumentReplicationTimeValue(v **types.ReplicationTim
 	return nil
 }
 
+func awsRestxml_deserializeDocumentRestoreStatus(v **types.RestoreStatus, decoder smithyxml.NodeDecoder) error {
+	if v == nil {
+		return fmt.Errorf("unexpected nil of type %T", v)
+	}
+	var sv *types.RestoreStatus
+	if *v == nil {
+		sv = &types.RestoreStatus{}
+	} else {
+		sv = *v
+	}
+
+	for {
+		t, done, err := decoder.Token()
+		if err != nil {
+			return err
+		}
+		if done {
+			break
+		}
+		originalDecoder := decoder
+		decoder = smithyxml.WrapNodeDecoder(originalDecoder.Decoder, t)
+		switch {
+		case strings.EqualFold("IsRestoreInProgress", t.Name.Local):
+			val, err := decoder.Value()
+			if err != nil {
+				return err
+			}
+			if val == nil {
+				break
+			}
+			{
+				xtv, err := strconv.ParseBool(string(val))
+				if err != nil {
+					return fmt.Errorf("expected IsRestoreInProgress to be of type *bool, got %T instead", val)
+				}
+				sv.IsRestoreInProgress = xtv
+			}
+
+		case strings.EqualFold("RestoreExpiryDate", t.Name.Local):
+			val, err := decoder.Value()
+			if err != nil {
+				return err
+			}
+			if val == nil {
+				break
+			}
+			{
+				xtv := string(val)
+				t, err := smithytime.ParseDateTime(xtv)
+				if err != nil {
+					return err
+				}
+				sv.RestoreExpiryDate = ptr.Time(t)
+			}
+
+		default:
+			// Do nothing and ignore the unexpected tag element
+			err = decoder.Decoder.Skip()
+			if err != nil {
+				return err
+			}
+
+		}
+		decoder = originalDecoder
+	}
+	*v = sv
+	return nil
+}
+
 func awsRestxml_deserializeDocumentRoutingRule(v **types.RoutingRule, decoder smithyxml.NodeDecoder) error {
 	if v == nil {
 		return fmt.Errorf("unexpected nil of type %T", v)
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/endpoints.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/endpoints.go
index 8df6368cd..c6012bdb2 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/endpoints.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/endpoints.go
@@ -8,9 +8,15 @@ import (
 	"fmt"
 	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
+	"github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn"
 	internalendpoints "github.com/aws/aws-sdk-go-v2/service/s3/internal/endpoints"
+	smithy "github.com/aws/smithy-go"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
+	"github.com/aws/smithy-go/endpoints/private/rulesfn"
 	"github.com/aws/smithy-go/middleware"
+	"github.com/aws/smithy-go/ptr"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
+	"net/http"
 	"net/url"
 	"strings"
 )
@@ -39,13 +45,6 @@ func (fn EndpointResolverFunc) ResolveEndpoint(region string, options EndpointRe
 	return fn(region, options)
 }
 
-func resolveDefaultEndpointConfiguration(o *Options) {
-	if o.EndpointResolver != nil {
-		return
-	}
-	o.EndpointResolver = NewDefaultEndpointResolver()
-}
-
 // EndpointResolverFromURL returns an EndpointResolver configured using the
 // provided endpoint url. By default, the resolved endpoint resolver uses the
 // client region as signing region, and the endpoint source is set to
@@ -79,6 +78,10 @@ func (*ResolveEndpoint) ID() string {
 func (m *ResolveEndpoint) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
 	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
 ) {
+	if !awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
 	req, ok := in.Request.(*smithyhttp.Request)
 	if !ok {
 		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
@@ -94,6 +97,11 @@ func (m *ResolveEndpoint) HandleSerialize(ctx context.Context, in middleware.Ser
 	var endpoint aws.Endpoint
 	endpoint, err = m.Resolver.ResolveEndpoint(awsmiddleware.GetRegion(ctx), eo)
 	if err != nil {
+		nf := (&aws.EndpointNotFoundError{})
+		if errors.As(err, &nf) {
+			ctx = awsmiddleware.SetRequiresLegacyEndpoints(ctx, false)
+			return next.HandleSerialize(ctx, in)
+		}
 		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
 	}
 
@@ -129,27 +137,10 @@ func removeResolveEndpointMiddleware(stack *middleware.Stack) error {
 
 type wrappedEndpointResolver struct {
 	awsResolver aws.EndpointResolverWithOptions
-	resolver    EndpointResolver
 }
 
 func (w *wrappedEndpointResolver) ResolveEndpoint(region string, options EndpointResolverOptions) (endpoint aws.Endpoint, err error) {
-	if w.awsResolver == nil {
-		goto fallback
-	}
-	endpoint, err = w.awsResolver.ResolveEndpoint(ServiceID, region, options)
-	if err == nil {
-		return endpoint, nil
-	}
-
-	if nf := (&aws.EndpointNotFoundError{}); !errors.As(err, &nf) {
-		return endpoint, err
-	}
-
-fallback:
-	if w.resolver == nil {
-		return endpoint, fmt.Errorf("default endpoint resolver provided was nil")
-	}
-	return w.resolver.ResolveEndpoint(region, options)
+	return w.awsResolver.ResolveEndpoint(ServiceID, region, options)
 }
 
 type awsEndpointResolverAdaptor func(service, region string) (aws.Endpoint, error)
@@ -160,12 +151,13 @@ func (a awsEndpointResolverAdaptor) ResolveEndpoint(service, region string, opti
 
 var _ aws.EndpointResolverWithOptions = awsEndpointResolverAdaptor(nil)
 
-// withEndpointResolver returns an EndpointResolver that first delegates endpoint resolution to the awsResolver.
-// If awsResolver returns aws.EndpointNotFoundError error, the resolver will use the the provided
-// fallbackResolver for resolution.
+// withEndpointResolver returns an aws.EndpointResolverWithOptions that first delegates endpoint resolution to the awsResolver.
+// If awsResolver returns aws.EndpointNotFoundError error, the v1 resolver middleware will swallow the error,
+// and set an appropriate context flag such that fallback will occur when EndpointResolverV2 is invoked
+// via its middleware.
 //
-// fallbackResolver must not be nil
-func withEndpointResolver(awsResolver aws.EndpointResolver, awsResolverWithOptions aws.EndpointResolverWithOptions, fallbackResolver EndpointResolver) EndpointResolver {
+// If another error (besides aws.EndpointNotFoundError) is returned, then that error will be propagated.
+func withEndpointResolver(awsResolver aws.EndpointResolver, awsResolverWithOptions aws.EndpointResolverWithOptions) EndpointResolver {
 	var resolver aws.EndpointResolverWithOptions
 
 	if awsResolverWithOptions != nil {
@@ -176,7 +168,6 @@ func withEndpointResolver(awsResolver aws.EndpointResolver, awsResolverWithOptio
 
 	return &wrappedEndpointResolver{
 		awsResolver: resolver,
-		resolver:    fallbackResolver,
 	}
 }
 
@@ -206,3 +197,4131 @@ func finalizeClientEndpointResolverOptions(options *Options) {
 	}
 
 }
+
+func resolveEndpointResolverV2(options *Options) {
+	if options.EndpointResolverV2 == nil {
+		options.EndpointResolverV2 = NewDefaultEndpointResolverV2()
+	}
+}
+
+// Utility function to aid with translating pseudo-regions to classical regions
+// with the appropriate setting indicated by the pseudo-region
+func mapPseudoRegion(pr string) (region string, fips aws.FIPSEndpointState) {
+	const fipsInfix = "-fips-"
+	const fipsPrefix = "fips-"
+	const fipsSuffix = "-fips"
+
+	if strings.Contains(pr, fipsInfix) ||
+		strings.Contains(pr, fipsPrefix) ||
+		strings.Contains(pr, fipsSuffix) {
+		region = strings.ReplaceAll(strings.ReplaceAll(strings.ReplaceAll(
+			pr, fipsInfix, "-"), fipsPrefix, ""), fipsSuffix, "")
+		fips = aws.FIPSEndpointStateEnabled
+	} else {
+		region = pr
+	}
+
+	return region, fips
+}
+
+// builtInParameterResolver is the interface responsible for resolving BuiltIn
+// values during the sourcing of EndpointParameters
+type builtInParameterResolver interface {
+	ResolveBuiltIns(*EndpointParameters) error
+}
+
+// builtInResolver resolves modeled BuiltIn values using only the members defined
+// below.
+type builtInResolver struct {
+	// The AWS region used to dispatch the request.
+	Region string
+
+	// Sourced BuiltIn value in a historical enabled or disabled state.
+	UseFIPS aws.FIPSEndpointState
+
+	// Sourced BuiltIn value in a historical enabled or disabled state.
+	UseDualStack aws.DualStackEndpointState
+
+	// Base endpoint that can potentially be modified during Endpoint resolution.
+	Endpoint *string
+
+	// When true, force a path-style endpoint to be used where the bucket name is part
+	// of the path.
+	ForcePathStyle bool
+
+	// When true, use S3 Accelerate. NOTE: Not all regions support S3 accelerate.
+	Accelerate bool
+
+	// Whether the global endpoint should be used, rather then the regional endpoint
+	// for us-east-1.
+	UseGlobalEndpoint bool
+
+	// Whether multi-region access points (MRAP) should be disabled.
+	DisableMultiRegionAccessPoints bool
+
+	// When an Access Point ARN is provided and this flag is enabled, the SDK MUST use
+	// the ARN's region when constructing the endpoint instead of the client's
+	// configured region.
+	UseArnRegion bool
+}
+
+// Invoked at runtime to resolve BuiltIn Values. Only resolution code specific to
+// each BuiltIn value is generated.
+func (b *builtInResolver) ResolveBuiltIns(params *EndpointParameters) error {
+
+	region, _ := mapPseudoRegion(b.Region)
+	if len(region) == 0 {
+		return fmt.Errorf("Could not resolve AWS::Region")
+	} else {
+		params.Region = aws.String(region)
+	}
+	if b.UseFIPS == aws.FIPSEndpointStateEnabled {
+		params.UseFIPS = aws.Bool(true)
+	} else {
+		params.UseFIPS = aws.Bool(false)
+	}
+	if b.UseDualStack == aws.DualStackEndpointStateEnabled {
+		params.UseDualStack = aws.Bool(true)
+	} else {
+		params.UseDualStack = aws.Bool(false)
+	}
+	params.Endpoint = b.Endpoint
+	params.ForcePathStyle = aws.Bool(b.ForcePathStyle)
+	params.Accelerate = aws.Bool(b.Accelerate)
+	params.UseGlobalEndpoint = aws.Bool(b.UseGlobalEndpoint)
+	params.DisableMultiRegionAccessPoints = aws.Bool(b.DisableMultiRegionAccessPoints)
+	params.UseArnRegion = aws.Bool(b.UseArnRegion)
+	return nil
+}
+
+// EndpointParameters provides the parameters that influence how endpoints are
+// resolved.
+type EndpointParameters struct {
+	// The S3 bucket used to send the request. This is an optional parameter that will
+	// be set automatically for operations that are scoped to an S3 bucket.
+	//
+	// Parameter
+	// is required.
+	Bucket *string
+
+	// The AWS region used to dispatch the request.
+	//
+	// Parameter is
+	// required.
+	//
+	// AWS::Region
+	Region *string
+
+	// When true, send this request to the FIPS-compliant regional endpoint. If the
+	// configured endpoint does not have a FIPS compliant endpoint, dispatching the
+	// request will return an error.
+	//
+	// Defaults to false if no value is
+	// provided.
+	//
+	// AWS::UseFIPS
+	UseFIPS *bool
+
+	// When true, use the dual-stack endpoint. If the configured endpoint does not
+	// support dual-stack, dispatching the request MAY return an error.
+	//
+	// Defaults to
+	// false if no value is provided.
+	//
+	// AWS::UseDualStack
+	UseDualStack *bool
+
+	// Override the endpoint used to send this request
+	//
+	// Parameter is
+	// required.
+	//
+	// SDK::Endpoint
+	Endpoint *string
+
+	// When true, force a path-style endpoint to be used where the bucket name is part
+	// of the path.
+	//
+	// Defaults to false if no value is
+	// provided.
+	//
+	// AWS::S3::ForcePathStyle
+	ForcePathStyle *bool
+
+	// When true, use S3 Accelerate. NOTE: Not all regions support S3
+	// accelerate.
+	//
+	// Defaults to false if no value is provided.
+	//
+	// AWS::S3::Accelerate
+	Accelerate *bool
+
+	// Whether the global endpoint should be used, rather then the regional endpoint
+	// for us-east-1.
+	//
+	// Defaults to false if no value is
+	// provided.
+	//
+	// AWS::S3::UseGlobalEndpoint
+	UseGlobalEndpoint *bool
+
+	// Internal parameter to use object lambda endpoint for an operation (eg:
+	// WriteGetObjectResponse)
+	//
+	// Parameter is required.
+	UseObjectLambdaEndpoint *bool
+
+	// Internal parameter to disable Access Point Buckets
+	//
+	// Parameter is required.
+	DisableAccessPoints *bool
+
+	// Whether multi-region access points (MRAP) should be disabled.
+	//
+	// Defaults to false
+	// if no value is provided.
+	//
+	// AWS::S3::DisableMultiRegionAccessPoints
+	DisableMultiRegionAccessPoints *bool
+
+	// When an Access Point ARN is provided and this flag is enabled, the SDK MUST use
+	// the ARN's region when constructing the endpoint instead of the client's
+	// configured region.
+	//
+	// Parameter is required.
+	//
+	// AWS::S3::UseArnRegion
+	UseArnRegion *bool
+}
+
+// ValidateRequired validates required parameters are set.
+func (p EndpointParameters) ValidateRequired() error {
+	if p.Accelerate == nil {
+		return fmt.Errorf("parameter Accelerate is required")
+	}
+
+	if p.DisableMultiRegionAccessPoints == nil {
+		return fmt.Errorf("parameter DisableMultiRegionAccessPoints is required")
+	}
+
+	if p.ForcePathStyle == nil {
+		return fmt.Errorf("parameter ForcePathStyle is required")
+	}
+
+	if p.UseDualStack == nil {
+		return fmt.Errorf("parameter UseDualStack is required")
+	}
+
+	if p.UseFIPS == nil {
+		return fmt.Errorf("parameter UseFIPS is required")
+	}
+
+	if p.UseGlobalEndpoint == nil {
+		return fmt.Errorf("parameter UseGlobalEndpoint is required")
+	}
+
+	return nil
+}
+
+// WithDefaults returns a shallow copy of EndpointParameterswith default values
+// applied to members where applicable.
+func (p EndpointParameters) WithDefaults() EndpointParameters {
+	if p.Accelerate == nil {
+		p.Accelerate = ptr.Bool(false)
+	}
+
+	if p.DisableMultiRegionAccessPoints == nil {
+		p.DisableMultiRegionAccessPoints = ptr.Bool(false)
+	}
+
+	if p.ForcePathStyle == nil {
+		p.ForcePathStyle = ptr.Bool(false)
+	}
+
+	if p.UseDualStack == nil {
+		p.UseDualStack = ptr.Bool(false)
+	}
+
+	if p.UseFIPS == nil {
+		p.UseFIPS = ptr.Bool(false)
+	}
+
+	if p.UseGlobalEndpoint == nil {
+		p.UseGlobalEndpoint = ptr.Bool(false)
+	}
+	return p
+}
+
+// EndpointResolverV2 provides the interface for resolving service endpoints.
+type EndpointResolverV2 interface {
+	// ResolveEndpoint attempts to resolve the endpoint with the provided options,
+	// returning the endpoint if found. Otherwise an error is returned.
+	ResolveEndpoint(ctx context.Context, params EndpointParameters) (
+		smithyendpoints.Endpoint, error,
+	)
+}
+
+// resolver provides the implementation for resolving endpoints.
+type resolver struct{}
+
+func NewDefaultEndpointResolverV2() EndpointResolverV2 {
+	return &resolver{}
+}
+
+// ResolveEndpoint attempts to resolve the endpoint with the provided options,
+// returning the endpoint if found. Otherwise an error is returned.
+func (r *resolver) ResolveEndpoint(
+	ctx context.Context, params EndpointParameters,
+) (
+	endpoint smithyendpoints.Endpoint, err error,
+) {
+	params = params.WithDefaults()
+	if err = params.ValidateRequired(); err != nil {
+		return endpoint, fmt.Errorf("endpoint parameters are not valid, %w", err)
+	}
+	_UseFIPS := *params.UseFIPS
+	_UseDualStack := *params.UseDualStack
+	_ForcePathStyle := *params.ForcePathStyle
+	_Accelerate := *params.Accelerate
+	_UseGlobalEndpoint := *params.UseGlobalEndpoint
+	_DisableMultiRegionAccessPoints := *params.DisableMultiRegionAccessPoints
+
+	if exprVal := params.Region; exprVal != nil {
+		_Region := *exprVal
+		_ = _Region
+		if _Accelerate == true {
+			if _UseFIPS == true {
+				return endpoint, fmt.Errorf("endpoint rule error, %s", "Accelerate cannot be used with FIPS")
+			}
+		}
+		if _UseDualStack == true {
+			if exprVal := params.Endpoint; exprVal != nil {
+				_Endpoint := *exprVal
+				_ = _Endpoint
+				return endpoint, fmt.Errorf("endpoint rule error, %s", "Cannot set dual-stack in combination with a custom endpoint.")
+			}
+		}
+		if exprVal := params.Endpoint; exprVal != nil {
+			_Endpoint := *exprVal
+			_ = _Endpoint
+			if _UseFIPS == true {
+				return endpoint, fmt.Errorf("endpoint rule error, %s", "A custom endpoint cannot be combined with FIPS")
+			}
+		}
+		if exprVal := params.Endpoint; exprVal != nil {
+			_Endpoint := *exprVal
+			_ = _Endpoint
+			if _Accelerate == true {
+				return endpoint, fmt.Errorf("endpoint rule error, %s", "A custom endpoint cannot be combined with S3 Accelerate")
+			}
+		}
+		if _UseFIPS == true {
+			if exprVal := awsrulesfn.GetPartition(_Region); exprVal != nil {
+				_partitionResult := *exprVal
+				_ = _partitionResult
+				if _partitionResult.Name == "aws-cn" {
+					return endpoint, fmt.Errorf("endpoint rule error, %s", "Partition does not support FIPS")
+				}
+			}
+		}
+		if exprVal := params.Bucket; exprVal != nil {
+			_Bucket := *exprVal
+			_ = _Bucket
+			if exprVal := rulesfn.SubString(_Bucket, 49, 50, true); exprVal != nil {
+				_hardwareType := *exprVal
+				_ = _hardwareType
+				if exprVal := rulesfn.SubString(_Bucket, 8, 12, true); exprVal != nil {
+					_regionPrefix := *exprVal
+					_ = _regionPrefix
+					if exprVal := rulesfn.SubString(_Bucket, 0, 7, true); exprVal != nil {
+						_bucketAliasSuffix := *exprVal
+						_ = _bucketAliasSuffix
+						if exprVal := rulesfn.SubString(_Bucket, 32, 49, true); exprVal != nil {
+							_outpostId := *exprVal
+							_ = _outpostId
+							if exprVal := awsrulesfn.GetPartition(_Region); exprVal != nil {
+								_regionPartition := *exprVal
+								_ = _regionPartition
+								if _bucketAliasSuffix == "--op-s3" {
+									if rulesfn.IsValidHostLabel(_outpostId, false) {
+										if _hardwareType == "e" {
+											if _regionPrefix == "beta" {
+												if !(params.Endpoint != nil) {
+													return endpoint, fmt.Errorf("endpoint rule error, %s", "Expected a endpoint to be specified but no endpoint was found")
+												}
+												if exprVal := params.Endpoint; exprVal != nil {
+													_Endpoint := *exprVal
+													_ = _Endpoint
+													if exprVal := rulesfn.ParseURL(_Endpoint); exprVal != nil {
+														_url := *exprVal
+														_ = _url
+														uriString := func() string {
+															var out strings.Builder
+															out.WriteString("https://")
+															out.WriteString(_Bucket)
+															out.WriteString(".ec2.")
+															out.WriteString(_url.Authority)
+															return out.String()
+														}()
+
+														uri, err := url.Parse(uriString)
+														if err != nil {
+															return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+														}
+
+														return smithyendpoints.Endpoint{
+															URI:     *uri,
+															Headers: http.Header{},
+															Properties: func() smithy.Properties {
+																var out smithy.Properties
+																out.Set("authSchemes", []interface{}{
+																	map[string]interface{}{
+																		"disableDoubleEncoding": true,
+																		"name":                  "sigv4",
+																		"signingName":           "s3-outposts",
+																		"signingRegion":         _Region,
+																	},
+																})
+																return out
+															}(),
+														}, nil
+													}
+												}
+												return endpoint, fmt.Errorf("Endpoint resolution failed. Invalid operation or environment input.")
+											}
+											uriString := func() string {
+												var out strings.Builder
+												out.WriteString("https://")
+												out.WriteString(_Bucket)
+												out.WriteString(".ec2.s3-outposts.")
+												out.WriteString(_Region)
+												out.WriteString(".")
+												out.WriteString(_regionPartition.DnsSuffix)
+												return out.String()
+											}()
+
+											uri, err := url.Parse(uriString)
+											if err != nil {
+												return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+											}
+
+											return smithyendpoints.Endpoint{
+												URI:     *uri,
+												Headers: http.Header{},
+												Properties: func() smithy.Properties {
+													var out smithy.Properties
+													out.Set("authSchemes", []interface{}{
+														map[string]interface{}{
+															"disableDoubleEncoding": true,
+															"name":                  "sigv4",
+															"signingName":           "s3-outposts",
+															"signingRegion":         _Region,
+														},
+													})
+													return out
+												}(),
+											}, nil
+										}
+										if _hardwareType == "o" {
+											if _regionPrefix == "beta" {
+												if !(params.Endpoint != nil) {
+													return endpoint, fmt.Errorf("endpoint rule error, %s", "Expected a endpoint to be specified but no endpoint was found")
+												}
+												if exprVal := params.Endpoint; exprVal != nil {
+													_Endpoint := *exprVal
+													_ = _Endpoint
+													if exprVal := rulesfn.ParseURL(_Endpoint); exprVal != nil {
+														_url := *exprVal
+														_ = _url
+														uriString := func() string {
+															var out strings.Builder
+															out.WriteString("https://")
+															out.WriteString(_Bucket)
+															out.WriteString(".op-")
+															out.WriteString(_outpostId)
+															out.WriteString(".")
+															out.WriteString(_url.Authority)
+															return out.String()
+														}()
+
+														uri, err := url.Parse(uriString)
+														if err != nil {
+															return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+														}
+
+														return smithyendpoints.Endpoint{
+															URI:     *uri,
+															Headers: http.Header{},
+															Properties: func() smithy.Properties {
+																var out smithy.Properties
+																out.Set("authSchemes", []interface{}{
+																	map[string]interface{}{
+																		"disableDoubleEncoding": true,
+																		"name":                  "sigv4",
+																		"signingName":           "s3-outposts",
+																		"signingRegion":         _Region,
+																	},
+																})
+																return out
+															}(),
+														}, nil
+													}
+												}
+												return endpoint, fmt.Errorf("Endpoint resolution failed. Invalid operation or environment input.")
+											}
+											uriString := func() string {
+												var out strings.Builder
+												out.WriteString("https://")
+												out.WriteString(_Bucket)
+												out.WriteString(".op-")
+												out.WriteString(_outpostId)
+												out.WriteString(".s3-outposts.")
+												out.WriteString(_Region)
+												out.WriteString(".")
+												out.WriteString(_regionPartition.DnsSuffix)
+												return out.String()
+											}()
+
+											uri, err := url.Parse(uriString)
+											if err != nil {
+												return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+											}
+
+											return smithyendpoints.Endpoint{
+												URI:     *uri,
+												Headers: http.Header{},
+												Properties: func() smithy.Properties {
+													var out smithy.Properties
+													out.Set("authSchemes", []interface{}{
+														map[string]interface{}{
+															"disableDoubleEncoding": true,
+															"name":                  "sigv4",
+															"signingName":           "s3-outposts",
+															"signingRegion":         _Region,
+														},
+													})
+													return out
+												}(),
+											}, nil
+										}
+										return endpoint, fmt.Errorf("endpoint rule error, %s", func() string {
+											var out strings.Builder
+											out.WriteString("Unrecognized hardware type: \"Expected hardware type o or e but got ")
+											out.WriteString(_hardwareType)
+											out.WriteString("\"")
+											return out.String()
+										}())
+									}
+									return endpoint, fmt.Errorf("endpoint rule error, %s", "Invalid ARN: The outpost Id must only contain a-z, A-Z, 0-9 and `-`.")
+								}
+							}
+						}
+					}
+				}
+			}
+		}
+		if exprVal := params.Bucket; exprVal != nil {
+			_Bucket := *exprVal
+			_ = _Bucket
+			if exprVal := params.Endpoint; exprVal != nil {
+				_Endpoint := *exprVal
+				_ = _Endpoint
+				if !(rulesfn.ParseURL(_Endpoint) != nil) {
+					return endpoint, fmt.Errorf("endpoint rule error, %s", func() string {
+						var out strings.Builder
+						out.WriteString("Custom endpoint `")
+						out.WriteString(_Endpoint)
+						out.WriteString("` was not a valid URI")
+						return out.String()
+					}())
+				}
+			}
+			if _ForcePathStyle == false {
+				if awsrulesfn.IsVirtualHostableS3Bucket(_Bucket, false) {
+					if exprVal := awsrulesfn.GetPartition(_Region); exprVal != nil {
+						_partitionResult := *exprVal
+						_ = _partitionResult
+						if rulesfn.IsValidHostLabel(_Region, false) {
+							if _Accelerate == true {
+								if _partitionResult.Name == "aws-cn" {
+									return endpoint, fmt.Errorf("endpoint rule error, %s", "S3 Accelerate cannot be used in this region")
+								}
+							}
+							if _UseDualStack == true {
+								if _UseFIPS == true {
+									if _Accelerate == false {
+										if !(params.Endpoint != nil) {
+											if _Region == "aws-global" {
+												uriString := func() string {
+													var out strings.Builder
+													out.WriteString("https://")
+													out.WriteString(_Bucket)
+													out.WriteString(".s3-fips.dualstack.us-east-1.")
+													out.WriteString(_partitionResult.DnsSuffix)
+													return out.String()
+												}()
+
+												uri, err := url.Parse(uriString)
+												if err != nil {
+													return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+												}
+
+												return smithyendpoints.Endpoint{
+													URI:     *uri,
+													Headers: http.Header{},
+													Properties: func() smithy.Properties {
+														var out smithy.Properties
+														out.Set("authSchemes", []interface{}{
+															map[string]interface{}{
+																"disableDoubleEncoding": true,
+																"name":                  "sigv4",
+																"signingName":           "s3",
+																"signingRegion":         "us-east-1",
+															},
+														})
+														return out
+													}(),
+												}, nil
+											}
+										}
+									}
+								}
+							}
+							if _UseDualStack == true {
+								if _UseFIPS == true {
+									if _Accelerate == false {
+										if !(params.Endpoint != nil) {
+											if !(_Region == "aws-global") {
+												if _UseGlobalEndpoint == true {
+													uriString := func() string {
+														var out strings.Builder
+														out.WriteString("https://")
+														out.WriteString(_Bucket)
+														out.WriteString(".s3-fips.dualstack.")
+														out.WriteString(_Region)
+														out.WriteString(".")
+														out.WriteString(_partitionResult.DnsSuffix)
+														return out.String()
+													}()
+
+													uri, err := url.Parse(uriString)
+													if err != nil {
+														return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+													}
+
+													return smithyendpoints.Endpoint{
+														URI:     *uri,
+														Headers: http.Header{},
+														Properties: func() smithy.Properties {
+															var out smithy.Properties
+															out.Set("authSchemes", []interface{}{
+																map[string]interface{}{
+																	"disableDoubleEncoding": true,
+																	"name":                  "sigv4",
+																	"signingName":           "s3",
+																	"signingRegion":         _Region,
+																},
+															})
+															return out
+														}(),
+													}, nil
+												}
+											}
+										}
+									}
+								}
+							}
+							if _UseDualStack == true {
+								if _UseFIPS == true {
+									if _Accelerate == false {
+										if !(params.Endpoint != nil) {
+											if !(_Region == "aws-global") {
+												if _UseGlobalEndpoint == false {
+													uriString := func() string {
+														var out strings.Builder
+														out.WriteString("https://")
+														out.WriteString(_Bucket)
+														out.WriteString(".s3-fips.dualstack.")
+														out.WriteString(_Region)
+														out.WriteString(".")
+														out.WriteString(_partitionResult.DnsSuffix)
+														return out.String()
+													}()
+
+													uri, err := url.Parse(uriString)
+													if err != nil {
+														return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+													}
+
+													return smithyendpoints.Endpoint{
+														URI:     *uri,
+														Headers: http.Header{},
+														Properties: func() smithy.Properties {
+															var out smithy.Properties
+															out.Set("authSchemes", []interface{}{
+																map[string]interface{}{
+																	"disableDoubleEncoding": true,
+																	"name":                  "sigv4",
+																	"signingName":           "s3",
+																	"signingRegion":         _Region,
+																},
+															})
+															return out
+														}(),
+													}, nil
+												}
+											}
+										}
+									}
+								}
+							}
+							if _UseDualStack == false {
+								if _UseFIPS == true {
+									if _Accelerate == false {
+										if !(params.Endpoint != nil) {
+											if _Region == "aws-global" {
+												uriString := func() string {
+													var out strings.Builder
+													out.WriteString("https://")
+													out.WriteString(_Bucket)
+													out.WriteString(".s3-fips.us-east-1.")
+													out.WriteString(_partitionResult.DnsSuffix)
+													return out.String()
+												}()
+
+												uri, err := url.Parse(uriString)
+												if err != nil {
+													return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+												}
+
+												return smithyendpoints.Endpoint{
+													URI:     *uri,
+													Headers: http.Header{},
+													Properties: func() smithy.Properties {
+														var out smithy.Properties
+														out.Set("authSchemes", []interface{}{
+															map[string]interface{}{
+																"disableDoubleEncoding": true,
+																"name":                  "sigv4",
+																"signingName":           "s3",
+																"signingRegion":         "us-east-1",
+															},
+														})
+														return out
+													}(),
+												}, nil
+											}
+										}
+									}
+								}
+							}
+							if _UseDualStack == false {
+								if _UseFIPS == true {
+									if _Accelerate == false {
+										if !(params.Endpoint != nil) {
+											if !(_Region == "aws-global") {
+												if _UseGlobalEndpoint == true {
+													uriString := func() string {
+														var out strings.Builder
+														out.WriteString("https://")
+														out.WriteString(_Bucket)
+														out.WriteString(".s3-fips.")
+														out.WriteString(_Region)
+														out.WriteString(".")
+														out.WriteString(_partitionResult.DnsSuffix)
+														return out.String()
+													}()
+
+													uri, err := url.Parse(uriString)
+													if err != nil {
+														return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+													}
+
+													return smithyendpoints.Endpoint{
+														URI:     *uri,
+														Headers: http.Header{},
+														Properties: func() smithy.Properties {
+															var out smithy.Properties
+															out.Set("authSchemes", []interface{}{
+																map[string]interface{}{
+																	"disableDoubleEncoding": true,
+																	"name":                  "sigv4",
+																	"signingName":           "s3",
+																	"signingRegion":         _Region,
+																},
+															})
+															return out
+														}(),
+													}, nil
+												}
+											}
+										}
+									}
+								}
+							}
+							if _UseDualStack == false {
+								if _UseFIPS == true {
+									if _Accelerate == false {
+										if !(params.Endpoint != nil) {
+											if !(_Region == "aws-global") {
+												if _UseGlobalEndpoint == false {
+													uriString := func() string {
+														var out strings.Builder
+														out.WriteString("https://")
+														out.WriteString(_Bucket)
+														out.WriteString(".s3-fips.")
+														out.WriteString(_Region)
+														out.WriteString(".")
+														out.WriteString(_partitionResult.DnsSuffix)
+														return out.String()
+													}()
+
+													uri, err := url.Parse(uriString)
+													if err != nil {
+														return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+													}
+
+													return smithyendpoints.Endpoint{
+														URI:     *uri,
+														Headers: http.Header{},
+														Properties: func() smithy.Properties {
+															var out smithy.Properties
+															out.Set("authSchemes", []interface{}{
+																map[string]interface{}{
+																	"disableDoubleEncoding": true,
+																	"name":                  "sigv4",
+																	"signingName":           "s3",
+																	"signingRegion":         _Region,
+																},
+															})
+															return out
+														}(),
+													}, nil
+												}
+											}
+										}
+									}
+								}
+							}
+							if _UseDualStack == true {
+								if _UseFIPS == false {
+									if _Accelerate == true {
+										if !(params.Endpoint != nil) {
+											if _Region == "aws-global" {
+												uriString := func() string {
+													var out strings.Builder
+													out.WriteString("https://")
+													out.WriteString(_Bucket)
+													out.WriteString(".s3-accelerate.dualstack.us-east-1.")
+													out.WriteString(_partitionResult.DnsSuffix)
+													return out.String()
+												}()
+
+												uri, err := url.Parse(uriString)
+												if err != nil {
+													return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+												}
+
+												return smithyendpoints.Endpoint{
+													URI:     *uri,
+													Headers: http.Header{},
+													Properties: func() smithy.Properties {
+														var out smithy.Properties
+														out.Set("authSchemes", []interface{}{
+															map[string]interface{}{
+																"disableDoubleEncoding": true,
+																"name":                  "sigv4",
+																"signingName":           "s3",
+																"signingRegion":         "us-east-1",
+															},
+														})
+														return out
+													}(),
+												}, nil
+											}
+										}
+									}
+								}
+							}
+							if _UseDualStack == true {
+								if _UseFIPS == false {
+									if _Accelerate == true {
+										if !(params.Endpoint != nil) {
+											if !(_Region == "aws-global") {
+												if _UseGlobalEndpoint == true {
+													uriString := func() string {
+														var out strings.Builder
+														out.WriteString("https://")
+														out.WriteString(_Bucket)
+														out.WriteString(".s3-accelerate.dualstack.")
+														out.WriteString(_partitionResult.DnsSuffix)
+														return out.String()
+													}()
+
+													uri, err := url.Parse(uriString)
+													if err != nil {
+														return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+													}
+
+													return smithyendpoints.Endpoint{
+														URI:     *uri,
+														Headers: http.Header{},
+														Properties: func() smithy.Properties {
+															var out smithy.Properties
+															out.Set("authSchemes", []interface{}{
+																map[string]interface{}{
+																	"disableDoubleEncoding": true,
+																	"name":                  "sigv4",
+																	"signingName":           "s3",
+																	"signingRegion":         _Region,
+																},
+															})
+															return out
+														}(),
+													}, nil
+												}
+											}
+										}
+									}
+								}
+							}
+							if _UseDualStack == true {
+								if _UseFIPS == false {
+									if _Accelerate == true {
+										if !(params.Endpoint != nil) {
+											if !(_Region == "aws-global") {
+												if _UseGlobalEndpoint == false {
+													uriString := func() string {
+														var out strings.Builder
+														out.WriteString("https://")
+														out.WriteString(_Bucket)
+														out.WriteString(".s3-accelerate.dualstack.")
+														out.WriteString(_partitionResult.DnsSuffix)
+														return out.String()
+													}()
+
+													uri, err := url.Parse(uriString)
+													if err != nil {
+														return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+													}
+
+													return smithyendpoints.Endpoint{
+														URI:     *uri,
+														Headers: http.Header{},
+														Properties: func() smithy.Properties {
+															var out smithy.Properties
+															out.Set("authSchemes", []interface{}{
+																map[string]interface{}{
+																	"disableDoubleEncoding": true,
+																	"name":                  "sigv4",
+																	"signingName":           "s3",
+																	"signingRegion":         _Region,
+																},
+															})
+															return out
+														}(),
+													}, nil
+												}
+											}
+										}
+									}
+								}
+							}
+							if _UseDualStack == true {
+								if _UseFIPS == false {
+									if _Accelerate == false {
+										if !(params.Endpoint != nil) {
+											if _Region == "aws-global" {
+												uriString := func() string {
+													var out strings.Builder
+													out.WriteString("https://")
+													out.WriteString(_Bucket)
+													out.WriteString(".s3.dualstack.us-east-1.")
+													out.WriteString(_partitionResult.DnsSuffix)
+													return out.String()
+												}()
+
+												uri, err := url.Parse(uriString)
+												if err != nil {
+													return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+												}
+
+												return smithyendpoints.Endpoint{
+													URI:     *uri,
+													Headers: http.Header{},
+													Properties: func() smithy.Properties {
+														var out smithy.Properties
+														out.Set("authSchemes", []interface{}{
+															map[string]interface{}{
+																"disableDoubleEncoding": true,
+																"name":                  "sigv4",
+																"signingName":           "s3",
+																"signingRegion":         "us-east-1",
+															},
+														})
+														return out
+													}(),
+												}, nil
+											}
+										}
+									}
+								}
+							}
+							if _UseDualStack == true {
+								if _UseFIPS == false {
+									if _Accelerate == false {
+										if !(params.Endpoint != nil) {
+											if !(_Region == "aws-global") {
+												if _UseGlobalEndpoint == true {
+													uriString := func() string {
+														var out strings.Builder
+														out.WriteString("https://")
+														out.WriteString(_Bucket)
+														out.WriteString(".s3.dualstack.")
+														out.WriteString(_Region)
+														out.WriteString(".")
+														out.WriteString(_partitionResult.DnsSuffix)
+														return out.String()
+													}()
+
+													uri, err := url.Parse(uriString)
+													if err != nil {
+														return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+													}
+
+													return smithyendpoints.Endpoint{
+														URI:     *uri,
+														Headers: http.Header{},
+														Properties: func() smithy.Properties {
+															var out smithy.Properties
+															out.Set("authSchemes", []interface{}{
+																map[string]interface{}{
+																	"disableDoubleEncoding": true,
+																	"name":                  "sigv4",
+																	"signingName":           "s3",
+																	"signingRegion":         _Region,
+																},
+															})
+															return out
+														}(),
+													}, nil
+												}
+											}
+										}
+									}
+								}
+							}
+							if _UseDualStack == true {
+								if _UseFIPS == false {
+									if _Accelerate == false {
+										if !(params.Endpoint != nil) {
+											if !(_Region == "aws-global") {
+												if _UseGlobalEndpoint == false {
+													uriString := func() string {
+														var out strings.Builder
+														out.WriteString("https://")
+														out.WriteString(_Bucket)
+														out.WriteString(".s3.dualstack.")
+														out.WriteString(_Region)
+														out.WriteString(".")
+														out.WriteString(_partitionResult.DnsSuffix)
+														return out.String()
+													}()
+
+													uri, err := url.Parse(uriString)
+													if err != nil {
+														return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+													}
+
+													return smithyendpoints.Endpoint{
+														URI:     *uri,
+														Headers: http.Header{},
+														Properties: func() smithy.Properties {
+															var out smithy.Properties
+															out.Set("authSchemes", []interface{}{
+																map[string]interface{}{
+																	"disableDoubleEncoding": true,
+																	"name":                  "sigv4",
+																	"signingName":           "s3",
+																	"signingRegion":         _Region,
+																},
+															})
+															return out
+														}(),
+													}, nil
+												}
+											}
+										}
+									}
+								}
+							}
+							if _UseDualStack == false {
+								if _UseFIPS == false {
+									if _Accelerate == false {
+										if exprVal := params.Endpoint; exprVal != nil {
+											_Endpoint := *exprVal
+											_ = _Endpoint
+											if exprVal := rulesfn.ParseURL(_Endpoint); exprVal != nil {
+												_url := *exprVal
+												_ = _url
+												if _url.IsIp == true {
+													if _Region == "aws-global" {
+														uriString := func() string {
+															var out strings.Builder
+															out.WriteString(_url.Scheme)
+															out.WriteString("://")
+															out.WriteString(_url.Authority)
+															out.WriteString(_url.NormalizedPath)
+															out.WriteString(_Bucket)
+															return out.String()
+														}()
+
+														uri, err := url.Parse(uriString)
+														if err != nil {
+															return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+														}
+
+														return smithyendpoints.Endpoint{
+															URI:     *uri,
+															Headers: http.Header{},
+															Properties: func() smithy.Properties {
+																var out smithy.Properties
+																out.Set("authSchemes", []interface{}{
+																	map[string]interface{}{
+																		"disableDoubleEncoding": true,
+																		"name":                  "sigv4",
+																		"signingName":           "s3",
+																		"signingRegion":         "us-east-1",
+																	},
+																})
+																return out
+															}(),
+														}, nil
+													}
+												}
+											}
+										}
+									}
+								}
+							}
+							if _UseDualStack == false {
+								if _UseFIPS == false {
+									if _Accelerate == false {
+										if exprVal := params.Endpoint; exprVal != nil {
+											_Endpoint := *exprVal
+											_ = _Endpoint
+											if exprVal := rulesfn.ParseURL(_Endpoint); exprVal != nil {
+												_url := *exprVal
+												_ = _url
+												if _url.IsIp == false {
+													if _Region == "aws-global" {
+														uriString := func() string {
+															var out strings.Builder
+															out.WriteString(_url.Scheme)
+															out.WriteString("://")
+															out.WriteString(_Bucket)
+															out.WriteString(".")
+															out.WriteString(_url.Authority)
+															out.WriteString(_url.Path)
+															return out.String()
+														}()
+
+														uri, err := url.Parse(uriString)
+														if err != nil {
+															return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+														}
+
+														return smithyendpoints.Endpoint{
+															URI:     *uri,
+															Headers: http.Header{},
+															Properties: func() smithy.Properties {
+																var out smithy.Properties
+																out.Set("authSchemes", []interface{}{
+																	map[string]interface{}{
+																		"disableDoubleEncoding": true,
+																		"name":                  "sigv4",
+																		"signingName":           "s3",
+																		"signingRegion":         "us-east-1",
+																	},
+																})
+																return out
+															}(),
+														}, nil
+													}
+												}
+											}
+										}
+									}
+								}
+							}
+							if _UseDualStack == false {
+								if _UseFIPS == false {
+									if _Accelerate == false {
+										if exprVal := params.Endpoint; exprVal != nil {
+											_Endpoint := *exprVal
+											_ = _Endpoint
+											if exprVal := rulesfn.ParseURL(_Endpoint); exprVal != nil {
+												_url := *exprVal
+												_ = _url
+												if _url.IsIp == true {
+													if !(_Region == "aws-global") {
+														if _UseGlobalEndpoint == true {
+															if _Region == "us-east-1" {
+																uriString := func() string {
+																	var out strings.Builder
+																	out.WriteString(_url.Scheme)
+																	out.WriteString("://")
+																	out.WriteString(_url.Authority)
+																	out.WriteString(_url.NormalizedPath)
+																	out.WriteString(_Bucket)
+																	return out.String()
+																}()
+
+																uri, err := url.Parse(uriString)
+																if err != nil {
+																	return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+																}
+
+																return smithyendpoints.Endpoint{
+																	URI:     *uri,
+																	Headers: http.Header{},
+																	Properties: func() smithy.Properties {
+																		var out smithy.Properties
+																		out.Set("authSchemes", []interface{}{
+																			map[string]interface{}{
+																				"disableDoubleEncoding": true,
+																				"name":                  "sigv4",
+																				"signingName":           "s3",
+																				"signingRegion":         _Region,
+																			},
+																		})
+																		return out
+																	}(),
+																}, nil
+															}
+															uriString := func() string {
+																var out strings.Builder
+																out.WriteString(_url.Scheme)
+																out.WriteString("://")
+																out.WriteString(_url.Authority)
+																out.WriteString(_url.NormalizedPath)
+																out.WriteString(_Bucket)
+																return out.String()
+															}()
+
+															uri, err := url.Parse(uriString)
+															if err != nil {
+																return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+															}
+
+															return smithyendpoints.Endpoint{
+																URI:     *uri,
+																Headers: http.Header{},
+																Properties: func() smithy.Properties {
+																	var out smithy.Properties
+																	out.Set("authSchemes", []interface{}{
+																		map[string]interface{}{
+																			"disableDoubleEncoding": true,
+																			"name":                  "sigv4",
+																			"signingName":           "s3",
+																			"signingRegion":         _Region,
+																		},
+																	})
+																	return out
+																}(),
+															}, nil
+														}
+													}
+												}
+											}
+										}
+									}
+								}
+							}
+							if _UseDualStack == false {
+								if _UseFIPS == false {
+									if _Accelerate == false {
+										if exprVal := params.Endpoint; exprVal != nil {
+											_Endpoint := *exprVal
+											_ = _Endpoint
+											if exprVal := rulesfn.ParseURL(_Endpoint); exprVal != nil {
+												_url := *exprVal
+												_ = _url
+												if _url.IsIp == false {
+													if !(_Region == "aws-global") {
+														if _UseGlobalEndpoint == true {
+															if _Region == "us-east-1" {
+																uriString := func() string {
+																	var out strings.Builder
+																	out.WriteString(_url.Scheme)
+																	out.WriteString("://")
+																	out.WriteString(_Bucket)
+																	out.WriteString(".")
+																	out.WriteString(_url.Authority)
+																	out.WriteString(_url.Path)
+																	return out.String()
+																}()
+
+																uri, err := url.Parse(uriString)
+																if err != nil {
+																	return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+																}
+
+																return smithyendpoints.Endpoint{
+																	URI:     *uri,
+																	Headers: http.Header{},
+																	Properties: func() smithy.Properties {
+																		var out smithy.Properties
+																		out.Set("authSchemes", []interface{}{
+																			map[string]interface{}{
+																				"disableDoubleEncoding": true,
+																				"name":                  "sigv4",
+																				"signingName":           "s3",
+																				"signingRegion":         _Region,
+																			},
+																		})
+																		return out
+																	}(),
+																}, nil
+															}
+															uriString := func() string {
+																var out strings.Builder
+																out.WriteString(_url.Scheme)
+																out.WriteString("://")
+																out.WriteString(_Bucket)
+																out.WriteString(".")
+																out.WriteString(_url.Authority)
+																out.WriteString(_url.Path)
+																return out.String()
+															}()
+
+															uri, err := url.Parse(uriString)
+															if err != nil {
+																return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+															}
+
+															return smithyendpoints.Endpoint{
+																URI:     *uri,
+																Headers: http.Header{},
+																Properties: func() smithy.Properties {
+																	var out smithy.Properties
+																	out.Set("authSchemes", []interface{}{
+																		map[string]interface{}{
+																			"disableDoubleEncoding": true,
+																			"name":                  "sigv4",
+																			"signingName":           "s3",
+																			"signingRegion":         _Region,
+																		},
+																	})
+																	return out
+																}(),
+															}, nil
+														}
+													}
+												}
+											}
+										}
+									}
+								}
+							}
+							if _UseDualStack == false {
+								if _UseFIPS == false {
+									if _Accelerate == false {
+										if exprVal := params.Endpoint; exprVal != nil {
+											_Endpoint := *exprVal
+											_ = _Endpoint
+											if exprVal := rulesfn.ParseURL(_Endpoint); exprVal != nil {
+												_url := *exprVal
+												_ = _url
+												if _url.IsIp == true {
+													if !(_Region == "aws-global") {
+														if _UseGlobalEndpoint == false {
+															uriString := func() string {
+																var out strings.Builder
+																out.WriteString(_url.Scheme)
+																out.WriteString("://")
+																out.WriteString(_url.Authority)
+																out.WriteString(_url.NormalizedPath)
+																out.WriteString(_Bucket)
+																return out.String()
+															}()
+
+															uri, err := url.Parse(uriString)
+															if err != nil {
+																return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+															}
+
+															return smithyendpoints.Endpoint{
+																URI:     *uri,
+																Headers: http.Header{},
+																Properties: func() smithy.Properties {
+																	var out smithy.Properties
+																	out.Set("authSchemes", []interface{}{
+																		map[string]interface{}{
+																			"disableDoubleEncoding": true,
+																			"name":                  "sigv4",
+																			"signingName":           "s3",
+																			"signingRegion":         _Region,
+																		},
+																	})
+																	return out
+																}(),
+															}, nil
+														}
+													}
+												}
+											}
+										}
+									}
+								}
+							}
+							if _UseDualStack == false {
+								if _UseFIPS == false {
+									if _Accelerate == false {
+										if exprVal := params.Endpoint; exprVal != nil {
+											_Endpoint := *exprVal
+											_ = _Endpoint
+											if exprVal := rulesfn.ParseURL(_Endpoint); exprVal != nil {
+												_url := *exprVal
+												_ = _url
+												if _url.IsIp == false {
+													if !(_Region == "aws-global") {
+														if _UseGlobalEndpoint == false {
+															uriString := func() string {
+																var out strings.Builder
+																out.WriteString(_url.Scheme)
+																out.WriteString("://")
+																out.WriteString(_Bucket)
+																out.WriteString(".")
+																out.WriteString(_url.Authority)
+																out.WriteString(_url.Path)
+																return out.String()
+															}()
+
+															uri, err := url.Parse(uriString)
+															if err != nil {
+																return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+															}
+
+															return smithyendpoints.Endpoint{
+																URI:     *uri,
+																Headers: http.Header{},
+																Properties: func() smithy.Properties {
+																	var out smithy.Properties
+																	out.Set("authSchemes", []interface{}{
+																		map[string]interface{}{
+																			"disableDoubleEncoding": true,
+																			"name":                  "sigv4",
+																			"signingName":           "s3",
+																			"signingRegion":         _Region,
+																		},
+																	})
+																	return out
+																}(),
+															}, nil
+														}
+													}
+												}
+											}
+										}
+									}
+								}
+							}
+							if _UseDualStack == false {
+								if _UseFIPS == false {
+									if _Accelerate == true {
+										if !(params.Endpoint != nil) {
+											if _Region == "aws-global" {
+												uriString := func() string {
+													var out strings.Builder
+													out.WriteString("https://")
+													out.WriteString(_Bucket)
+													out.WriteString(".s3-accelerate.")
+													out.WriteString(_partitionResult.DnsSuffix)
+													return out.String()
+												}()
+
+												uri, err := url.Parse(uriString)
+												if err != nil {
+													return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+												}
+
+												return smithyendpoints.Endpoint{
+													URI:     *uri,
+													Headers: http.Header{},
+													Properties: func() smithy.Properties {
+														var out smithy.Properties
+														out.Set("authSchemes", []interface{}{
+															map[string]interface{}{
+																"disableDoubleEncoding": true,
+																"name":                  "sigv4",
+																"signingName":           "s3",
+																"signingRegion":         "us-east-1",
+															},
+														})
+														return out
+													}(),
+												}, nil
+											}
+										}
+									}
+								}
+							}
+							if _UseDualStack == false {
+								if _UseFIPS == false {
+									if _Accelerate == true {
+										if !(params.Endpoint != nil) {
+											if !(_Region == "aws-global") {
+												if _UseGlobalEndpoint == true {
+													if _Region == "us-east-1" {
+														uriString := func() string {
+															var out strings.Builder
+															out.WriteString("https://")
+															out.WriteString(_Bucket)
+															out.WriteString(".s3-accelerate.")
+															out.WriteString(_partitionResult.DnsSuffix)
+															return out.String()
+														}()
+
+														uri, err := url.Parse(uriString)
+														if err != nil {
+															return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+														}
+
+														return smithyendpoints.Endpoint{
+															URI:     *uri,
+															Headers: http.Header{},
+															Properties: func() smithy.Properties {
+																var out smithy.Properties
+																out.Set("authSchemes", []interface{}{
+																	map[string]interface{}{
+																		"disableDoubleEncoding": true,
+																		"name":                  "sigv4",
+																		"signingName":           "s3",
+																		"signingRegion":         _Region,
+																	},
+																})
+																return out
+															}(),
+														}, nil
+													}
+													uriString := func() string {
+														var out strings.Builder
+														out.WriteString("https://")
+														out.WriteString(_Bucket)
+														out.WriteString(".s3-accelerate.")
+														out.WriteString(_partitionResult.DnsSuffix)
+														return out.String()
+													}()
+
+													uri, err := url.Parse(uriString)
+													if err != nil {
+														return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+													}
+
+													return smithyendpoints.Endpoint{
+														URI:     *uri,
+														Headers: http.Header{},
+														Properties: func() smithy.Properties {
+															var out smithy.Properties
+															out.Set("authSchemes", []interface{}{
+																map[string]interface{}{
+																	"disableDoubleEncoding": true,
+																	"name":                  "sigv4",
+																	"signingName":           "s3",
+																	"signingRegion":         _Region,
+																},
+															})
+															return out
+														}(),
+													}, nil
+												}
+											}
+										}
+									}
+								}
+							}
+							if _UseDualStack == false {
+								if _UseFIPS == false {
+									if _Accelerate == true {
+										if !(params.Endpoint != nil) {
+											if !(_Region == "aws-global") {
+												if _UseGlobalEndpoint == false {
+													uriString := func() string {
+														var out strings.Builder
+														out.WriteString("https://")
+														out.WriteString(_Bucket)
+														out.WriteString(".s3-accelerate.")
+														out.WriteString(_partitionResult.DnsSuffix)
+														return out.String()
+													}()
+
+													uri, err := url.Parse(uriString)
+													if err != nil {
+														return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+													}
+
+													return smithyendpoints.Endpoint{
+														URI:     *uri,
+														Headers: http.Header{},
+														Properties: func() smithy.Properties {
+															var out smithy.Properties
+															out.Set("authSchemes", []interface{}{
+																map[string]interface{}{
+																	"disableDoubleEncoding": true,
+																	"name":                  "sigv4",
+																	"signingName":           "s3",
+																	"signingRegion":         _Region,
+																},
+															})
+															return out
+														}(),
+													}, nil
+												}
+											}
+										}
+									}
+								}
+							}
+							if _UseDualStack == false {
+								if _UseFIPS == false {
+									if _Accelerate == false {
+										if !(params.Endpoint != nil) {
+											if _Region == "aws-global" {
+												uriString := func() string {
+													var out strings.Builder
+													out.WriteString("https://")
+													out.WriteString(_Bucket)
+													out.WriteString(".s3.")
+													out.WriteString(_partitionResult.DnsSuffix)
+													return out.String()
+												}()
+
+												uri, err := url.Parse(uriString)
+												if err != nil {
+													return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+												}
+
+												return smithyendpoints.Endpoint{
+													URI:     *uri,
+													Headers: http.Header{},
+													Properties: func() smithy.Properties {
+														var out smithy.Properties
+														out.Set("authSchemes", []interface{}{
+															map[string]interface{}{
+																"disableDoubleEncoding": true,
+																"name":                  "sigv4",
+																"signingName":           "s3",
+																"signingRegion":         "us-east-1",
+															},
+														})
+														return out
+													}(),
+												}, nil
+											}
+										}
+									}
+								}
+							}
+							if _UseDualStack == false {
+								if _UseFIPS == false {
+									if _Accelerate == false {
+										if !(params.Endpoint != nil) {
+											if !(_Region == "aws-global") {
+												if _UseGlobalEndpoint == true {
+													if _Region == "us-east-1" {
+														uriString := func() string {
+															var out strings.Builder
+															out.WriteString("https://")
+															out.WriteString(_Bucket)
+															out.WriteString(".s3.")
+															out.WriteString(_partitionResult.DnsSuffix)
+															return out.String()
+														}()
+
+														uri, err := url.Parse(uriString)
+														if err != nil {
+															return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+														}
+
+														return smithyendpoints.Endpoint{
+															URI:     *uri,
+															Headers: http.Header{},
+															Properties: func() smithy.Properties {
+																var out smithy.Properties
+																out.Set("authSchemes", []interface{}{
+																	map[string]interface{}{
+																		"disableDoubleEncoding": true,
+																		"name":                  "sigv4",
+																		"signingName":           "s3",
+																		"signingRegion":         _Region,
+																	},
+																})
+																return out
+															}(),
+														}, nil
+													}
+													uriString := func() string {
+														var out strings.Builder
+														out.WriteString("https://")
+														out.WriteString(_Bucket)
+														out.WriteString(".s3.")
+														out.WriteString(_Region)
+														out.WriteString(".")
+														out.WriteString(_partitionResult.DnsSuffix)
+														return out.String()
+													}()
+
+													uri, err := url.Parse(uriString)
+													if err != nil {
+														return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+													}
+
+													return smithyendpoints.Endpoint{
+														URI:     *uri,
+														Headers: http.Header{},
+														Properties: func() smithy.Properties {
+															var out smithy.Properties
+															out.Set("authSchemes", []interface{}{
+																map[string]interface{}{
+																	"disableDoubleEncoding": true,
+																	"name":                  "sigv4",
+																	"signingName":           "s3",
+																	"signingRegion":         _Region,
+																},
+															})
+															return out
+														}(),
+													}, nil
+												}
+											}
+										}
+									}
+								}
+							}
+							if _UseDualStack == false {
+								if _UseFIPS == false {
+									if _Accelerate == false {
+										if !(params.Endpoint != nil) {
+											if !(_Region == "aws-global") {
+												if _UseGlobalEndpoint == false {
+													uriString := func() string {
+														var out strings.Builder
+														out.WriteString("https://")
+														out.WriteString(_Bucket)
+														out.WriteString(".s3.")
+														out.WriteString(_Region)
+														out.WriteString(".")
+														out.WriteString(_partitionResult.DnsSuffix)
+														return out.String()
+													}()
+
+													uri, err := url.Parse(uriString)
+													if err != nil {
+														return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+													}
+
+													return smithyendpoints.Endpoint{
+														URI:     *uri,
+														Headers: http.Header{},
+														Properties: func() smithy.Properties {
+															var out smithy.Properties
+															out.Set("authSchemes", []interface{}{
+																map[string]interface{}{
+																	"disableDoubleEncoding": true,
+																	"name":                  "sigv4",
+																	"signingName":           "s3",
+																	"signingRegion":         _Region,
+																},
+															})
+															return out
+														}(),
+													}, nil
+												}
+											}
+										}
+									}
+								}
+							}
+							return endpoint, fmt.Errorf("Endpoint resolution failed. Invalid operation or environment input.")
+						}
+						return endpoint, fmt.Errorf("endpoint rule error, %s", "Invalid region: region was not a valid DNS name.")
+					}
+					return endpoint, fmt.Errorf("Endpoint resolution failed. Invalid operation or environment input.")
+				}
+			}
+			if exprVal := params.Endpoint; exprVal != nil {
+				_Endpoint := *exprVal
+				_ = _Endpoint
+				if exprVal := rulesfn.ParseURL(_Endpoint); exprVal != nil {
+					_url := *exprVal
+					_ = _url
+					if _url.Scheme == "http" {
+						if awsrulesfn.IsVirtualHostableS3Bucket(_Bucket, true) {
+							if _ForcePathStyle == false {
+								if _UseFIPS == false {
+									if _UseDualStack == false {
+										if _Accelerate == false {
+											if exprVal := awsrulesfn.GetPartition(_Region); exprVal != nil {
+												_partitionResult := *exprVal
+												_ = _partitionResult
+												if rulesfn.IsValidHostLabel(_Region, false) {
+													uriString := func() string {
+														var out strings.Builder
+														out.WriteString(_url.Scheme)
+														out.WriteString("://")
+														out.WriteString(_Bucket)
+														out.WriteString(".")
+														out.WriteString(_url.Authority)
+														out.WriteString(_url.Path)
+														return out.String()
+													}()
+
+													uri, err := url.Parse(uriString)
+													if err != nil {
+														return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+													}
+
+													return smithyendpoints.Endpoint{
+														URI:     *uri,
+														Headers: http.Header{},
+														Properties: func() smithy.Properties {
+															var out smithy.Properties
+															out.Set("authSchemes", []interface{}{
+																map[string]interface{}{
+																	"disableDoubleEncoding": true,
+																	"name":                  "sigv4",
+																	"signingName":           "s3",
+																	"signingRegion":         _Region,
+																},
+															})
+															return out
+														}(),
+													}, nil
+												}
+												return endpoint, fmt.Errorf("endpoint rule error, %s", "Invalid region: region was not a valid DNS name.")
+											}
+											return endpoint, fmt.Errorf("Endpoint resolution failed. Invalid operation or environment input.")
+										}
+									}
+								}
+							}
+						}
+					}
+				}
+			}
+			if _ForcePathStyle == false {
+				if exprVal := awsrulesfn.ParseARN(_Bucket); exprVal != nil {
+					_bucketArn := *exprVal
+					_ = _bucketArn
+					if exprVal := _bucketArn.ResourceId.Get(0); exprVal != nil {
+						_arnType := *exprVal
+						_ = _arnType
+						if !(_arnType == "") {
+							if _bucketArn.Service == "s3-object-lambda" {
+								if _arnType == "accesspoint" {
+									if exprVal := _bucketArn.ResourceId.Get(1); exprVal != nil {
+										_accessPointName := *exprVal
+										_ = _accessPointName
+										if !(_accessPointName == "") {
+											if _UseDualStack == true {
+												return endpoint, fmt.Errorf("endpoint rule error, %s", "S3 Object Lambda does not support Dual-stack")
+											}
+											if _Accelerate == true {
+												return endpoint, fmt.Errorf("endpoint rule error, %s", "S3 Object Lambda does not support S3 Accelerate")
+											}
+											if !(_bucketArn.Region == "") {
+												if exprVal := params.DisableAccessPoints; exprVal != nil {
+													_DisableAccessPoints := *exprVal
+													_ = _DisableAccessPoints
+													if _DisableAccessPoints == true {
+														return endpoint, fmt.Errorf("endpoint rule error, %s", "Access points are not supported for this operation")
+													}
+												}
+												if !(_bucketArn.ResourceId.Get(2) != nil) {
+													if exprVal := params.UseArnRegion; exprVal != nil {
+														_UseArnRegion := *exprVal
+														_ = _UseArnRegion
+														if _UseArnRegion == false {
+															if !(_bucketArn.Region == _Region) {
+																return endpoint, fmt.Errorf("endpoint rule error, %s", func() string {
+																	var out strings.Builder
+																	out.WriteString("Invalid configuration: region from ARN `")
+																	out.WriteString(_bucketArn.Region)
+																	out.WriteString("` does not match client region `")
+																	out.WriteString(_Region)
+																	out.WriteString("` and UseArnRegion is `false`")
+																	return out.String()
+																}())
+															}
+														}
+													}
+													if exprVal := awsrulesfn.GetPartition(_bucketArn.Region); exprVal != nil {
+														_bucketPartition := *exprVal
+														_ = _bucketPartition
+														if exprVal := awsrulesfn.GetPartition(_Region); exprVal != nil {
+															_partitionResult := *exprVal
+															_ = _partitionResult
+															if _bucketPartition.Name == _partitionResult.Name {
+																if rulesfn.IsValidHostLabel(_bucketArn.Region, true) {
+																	if _bucketArn.AccountId == "" {
+																		return endpoint, fmt.Errorf("endpoint rule error, %s", "Invalid ARN: Missing account id")
+																	}
+																	if rulesfn.IsValidHostLabel(_bucketArn.AccountId, false) {
+																		if rulesfn.IsValidHostLabel(_accessPointName, false) {
+																			if exprVal := params.Endpoint; exprVal != nil {
+																				_Endpoint := *exprVal
+																				_ = _Endpoint
+																				if exprVal := rulesfn.ParseURL(_Endpoint); exprVal != nil {
+																					_url := *exprVal
+																					_ = _url
+																					uriString := func() string {
+																						var out strings.Builder
+																						out.WriteString(_url.Scheme)
+																						out.WriteString("://")
+																						out.WriteString(_accessPointName)
+																						out.WriteString("-")
+																						out.WriteString(_bucketArn.AccountId)
+																						out.WriteString(".")
+																						out.WriteString(_url.Authority)
+																						out.WriteString(_url.Path)
+																						return out.String()
+																					}()
+
+																					uri, err := url.Parse(uriString)
+																					if err != nil {
+																						return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+																					}
+
+																					return smithyendpoints.Endpoint{
+																						URI:     *uri,
+																						Headers: http.Header{},
+																						Properties: func() smithy.Properties {
+																							var out smithy.Properties
+																							out.Set("authSchemes", []interface{}{
+																								map[string]interface{}{
+																									"disableDoubleEncoding": true,
+																									"name":                  "sigv4",
+																									"signingName":           "s3-object-lambda",
+																									"signingRegion":         _bucketArn.Region,
+																								},
+																							})
+																							return out
+																						}(),
+																					}, nil
+																				}
+																			}
+																			if _UseFIPS == true {
+																				uriString := func() string {
+																					var out strings.Builder
+																					out.WriteString("https://")
+																					out.WriteString(_accessPointName)
+																					out.WriteString("-")
+																					out.WriteString(_bucketArn.AccountId)
+																					out.WriteString(".s3-object-lambda-fips.")
+																					out.WriteString(_bucketArn.Region)
+																					out.WriteString(".")
+																					out.WriteString(_bucketPartition.DnsSuffix)
+																					return out.String()
+																				}()
+
+																				uri, err := url.Parse(uriString)
+																				if err != nil {
+																					return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+																				}
+
+																				return smithyendpoints.Endpoint{
+																					URI:     *uri,
+																					Headers: http.Header{},
+																					Properties: func() smithy.Properties {
+																						var out smithy.Properties
+																						out.Set("authSchemes", []interface{}{
+																							map[string]interface{}{
+																								"disableDoubleEncoding": true,
+																								"name":                  "sigv4",
+																								"signingName":           "s3-object-lambda",
+																								"signingRegion":         _bucketArn.Region,
+																							},
+																						})
+																						return out
+																					}(),
+																				}, nil
+																			}
+																			uriString := func() string {
+																				var out strings.Builder
+																				out.WriteString("https://")
+																				out.WriteString(_accessPointName)
+																				out.WriteString("-")
+																				out.WriteString(_bucketArn.AccountId)
+																				out.WriteString(".s3-object-lambda.")
+																				out.WriteString(_bucketArn.Region)
+																				out.WriteString(".")
+																				out.WriteString(_bucketPartition.DnsSuffix)
+																				return out.String()
+																			}()
+
+																			uri, err := url.Parse(uriString)
+																			if err != nil {
+																				return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+																			}
+
+																			return smithyendpoints.Endpoint{
+																				URI:     *uri,
+																				Headers: http.Header{},
+																				Properties: func() smithy.Properties {
+																					var out smithy.Properties
+																					out.Set("authSchemes", []interface{}{
+																						map[string]interface{}{
+																							"disableDoubleEncoding": true,
+																							"name":                  "sigv4",
+																							"signingName":           "s3-object-lambda",
+																							"signingRegion":         _bucketArn.Region,
+																						},
+																					})
+																					return out
+																				}(),
+																			}, nil
+																		}
+																		return endpoint, fmt.Errorf("endpoint rule error, %s", func() string {
+																			var out strings.Builder
+																			out.WriteString("Invalid ARN: The access point name may only contain a-z, A-Z, 0-9 and `-`. Found: `")
+																			out.WriteString(_accessPointName)
+																			out.WriteString("`")
+																			return out.String()
+																		}())
+																	}
+																	return endpoint, fmt.Errorf("endpoint rule error, %s", func() string {
+																		var out strings.Builder
+																		out.WriteString("Invalid ARN: The account id may only contain a-z, A-Z, 0-9 and `-`. Found: `")
+																		out.WriteString(_bucketArn.AccountId)
+																		out.WriteString("`")
+																		return out.String()
+																	}())
+																}
+																return endpoint, fmt.Errorf("endpoint rule error, %s", func() string {
+																	var out strings.Builder
+																	out.WriteString("Invalid region in ARN: `")
+																	out.WriteString(_bucketArn.Region)
+																	out.WriteString("` (invalid DNS name)")
+																	return out.String()
+																}())
+															}
+															return endpoint, fmt.Errorf("endpoint rule error, %s", func() string {
+																var out strings.Builder
+																out.WriteString("Client was configured for partition `")
+																out.WriteString(_partitionResult.Name)
+																out.WriteString("` but ARN (`")
+																out.WriteString(_Bucket)
+																out.WriteString("`) has `")
+																out.WriteString(_bucketPartition.Name)
+																out.WriteString("`")
+																return out.String()
+															}())
+														}
+														return endpoint, fmt.Errorf("Endpoint resolution failed. Invalid operation or environment input.")
+													}
+													return endpoint, fmt.Errorf("Endpoint resolution failed. Invalid operation or environment input.")
+												}
+												return endpoint, fmt.Errorf("endpoint rule error, %s", "Invalid ARN: The ARN may only contain a single resource component after `accesspoint`.")
+											}
+											return endpoint, fmt.Errorf("endpoint rule error, %s", "Invalid ARN: bucket ARN is missing a region")
+										}
+									}
+									return endpoint, fmt.Errorf("endpoint rule error, %s", "Invalid ARN: Expected a resource of the format `accesspoint:<accesspoint name>` but no name was provided")
+								}
+								return endpoint, fmt.Errorf("endpoint rule error, %s", func() string {
+									var out strings.Builder
+									out.WriteString("Invalid ARN: Object Lambda ARNs only support `accesspoint` arn types, but found: `")
+									out.WriteString(_arnType)
+									out.WriteString("`")
+									return out.String()
+								}())
+							}
+							if _arnType == "accesspoint" {
+								if exprVal := _bucketArn.ResourceId.Get(1); exprVal != nil {
+									_accessPointName := *exprVal
+									_ = _accessPointName
+									if !(_accessPointName == "") {
+										if !(_bucketArn.Region == "") {
+											if _arnType == "accesspoint" {
+												if !(_bucketArn.Region == "") {
+													if exprVal := params.DisableAccessPoints; exprVal != nil {
+														_DisableAccessPoints := *exprVal
+														_ = _DisableAccessPoints
+														if _DisableAccessPoints == true {
+															return endpoint, fmt.Errorf("endpoint rule error, %s", "Access points are not supported for this operation")
+														}
+													}
+													if !(_bucketArn.ResourceId.Get(2) != nil) {
+														if exprVal := params.UseArnRegion; exprVal != nil {
+															_UseArnRegion := *exprVal
+															_ = _UseArnRegion
+															if _UseArnRegion == false {
+																if !(_bucketArn.Region == _Region) {
+																	return endpoint, fmt.Errorf("endpoint rule error, %s", func() string {
+																		var out strings.Builder
+																		out.WriteString("Invalid configuration: region from ARN `")
+																		out.WriteString(_bucketArn.Region)
+																		out.WriteString("` does not match client region `")
+																		out.WriteString(_Region)
+																		out.WriteString("` and UseArnRegion is `false`")
+																		return out.String()
+																	}())
+																}
+															}
+														}
+														if exprVal := awsrulesfn.GetPartition(_bucketArn.Region); exprVal != nil {
+															_bucketPartition := *exprVal
+															_ = _bucketPartition
+															if exprVal := awsrulesfn.GetPartition(_Region); exprVal != nil {
+																_partitionResult := *exprVal
+																_ = _partitionResult
+																if _bucketPartition.Name == _partitionResult.Name {
+																	if rulesfn.IsValidHostLabel(_bucketArn.Region, true) {
+																		if _bucketArn.Service == "s3" {
+																			if rulesfn.IsValidHostLabel(_bucketArn.AccountId, false) {
+																				if rulesfn.IsValidHostLabel(_accessPointName, false) {
+																					if _Accelerate == true {
+																						return endpoint, fmt.Errorf("endpoint rule error, %s", "Access Points do not support S3 Accelerate")
+																					}
+																					if _UseFIPS == true {
+																						if _UseDualStack == true {
+																							uriString := func() string {
+																								var out strings.Builder
+																								out.WriteString("https://")
+																								out.WriteString(_accessPointName)
+																								out.WriteString("-")
+																								out.WriteString(_bucketArn.AccountId)
+																								out.WriteString(".s3-accesspoint-fips.dualstack.")
+																								out.WriteString(_bucketArn.Region)
+																								out.WriteString(".")
+																								out.WriteString(_bucketPartition.DnsSuffix)
+																								return out.String()
+																							}()
+
+																							uri, err := url.Parse(uriString)
+																							if err != nil {
+																								return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+																							}
+
+																							return smithyendpoints.Endpoint{
+																								URI:     *uri,
+																								Headers: http.Header{},
+																								Properties: func() smithy.Properties {
+																									var out smithy.Properties
+																									out.Set("authSchemes", []interface{}{
+																										map[string]interface{}{
+																											"disableDoubleEncoding": true,
+																											"name":                  "sigv4",
+																											"signingName":           "s3",
+																											"signingRegion":         _bucketArn.Region,
+																										},
+																									})
+																									return out
+																								}(),
+																							}, nil
+																						}
+																					}
+																					if _UseFIPS == true {
+																						if _UseDualStack == false {
+																							uriString := func() string {
+																								var out strings.Builder
+																								out.WriteString("https://")
+																								out.WriteString(_accessPointName)
+																								out.WriteString("-")
+																								out.WriteString(_bucketArn.AccountId)
+																								out.WriteString(".s3-accesspoint-fips.")
+																								out.WriteString(_bucketArn.Region)
+																								out.WriteString(".")
+																								out.WriteString(_bucketPartition.DnsSuffix)
+																								return out.String()
+																							}()
+
+																							uri, err := url.Parse(uriString)
+																							if err != nil {
+																								return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+																							}
+
+																							return smithyendpoints.Endpoint{
+																								URI:     *uri,
+																								Headers: http.Header{},
+																								Properties: func() smithy.Properties {
+																									var out smithy.Properties
+																									out.Set("authSchemes", []interface{}{
+																										map[string]interface{}{
+																											"disableDoubleEncoding": true,
+																											"name":                  "sigv4",
+																											"signingName":           "s3",
+																											"signingRegion":         _bucketArn.Region,
+																										},
+																									})
+																									return out
+																								}(),
+																							}, nil
+																						}
+																					}
+																					if _UseFIPS == false {
+																						if _UseDualStack == true {
+																							uriString := func() string {
+																								var out strings.Builder
+																								out.WriteString("https://")
+																								out.WriteString(_accessPointName)
+																								out.WriteString("-")
+																								out.WriteString(_bucketArn.AccountId)
+																								out.WriteString(".s3-accesspoint.dualstack.")
+																								out.WriteString(_bucketArn.Region)
+																								out.WriteString(".")
+																								out.WriteString(_bucketPartition.DnsSuffix)
+																								return out.String()
+																							}()
+
+																							uri, err := url.Parse(uriString)
+																							if err != nil {
+																								return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+																							}
+
+																							return smithyendpoints.Endpoint{
+																								URI:     *uri,
+																								Headers: http.Header{},
+																								Properties: func() smithy.Properties {
+																									var out smithy.Properties
+																									out.Set("authSchemes", []interface{}{
+																										map[string]interface{}{
+																											"disableDoubleEncoding": true,
+																											"name":                  "sigv4",
+																											"signingName":           "s3",
+																											"signingRegion":         _bucketArn.Region,
+																										},
+																									})
+																									return out
+																								}(),
+																							}, nil
+																						}
+																					}
+																					if _UseFIPS == false {
+																						if _UseDualStack == false {
+																							if exprVal := params.Endpoint; exprVal != nil {
+																								_Endpoint := *exprVal
+																								_ = _Endpoint
+																								if exprVal := rulesfn.ParseURL(_Endpoint); exprVal != nil {
+																									_url := *exprVal
+																									_ = _url
+																									uriString := func() string {
+																										var out strings.Builder
+																										out.WriteString(_url.Scheme)
+																										out.WriteString("://")
+																										out.WriteString(_accessPointName)
+																										out.WriteString("-")
+																										out.WriteString(_bucketArn.AccountId)
+																										out.WriteString(".")
+																										out.WriteString(_url.Authority)
+																										out.WriteString(_url.Path)
+																										return out.String()
+																									}()
+
+																									uri, err := url.Parse(uriString)
+																									if err != nil {
+																										return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+																									}
+
+																									return smithyendpoints.Endpoint{
+																										URI:     *uri,
+																										Headers: http.Header{},
+																										Properties: func() smithy.Properties {
+																											var out smithy.Properties
+																											out.Set("authSchemes", []interface{}{
+																												map[string]interface{}{
+																													"disableDoubleEncoding": true,
+																													"name":                  "sigv4",
+																													"signingName":           "s3",
+																													"signingRegion":         _bucketArn.Region,
+																												},
+																											})
+																											return out
+																										}(),
+																									}, nil
+																								}
+																							}
+																						}
+																					}
+																					if _UseFIPS == false {
+																						if _UseDualStack == false {
+																							uriString := func() string {
+																								var out strings.Builder
+																								out.WriteString("https://")
+																								out.WriteString(_accessPointName)
+																								out.WriteString("-")
+																								out.WriteString(_bucketArn.AccountId)
+																								out.WriteString(".s3-accesspoint.")
+																								out.WriteString(_bucketArn.Region)
+																								out.WriteString(".")
+																								out.WriteString(_bucketPartition.DnsSuffix)
+																								return out.String()
+																							}()
+
+																							uri, err := url.Parse(uriString)
+																							if err != nil {
+																								return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+																							}
+
+																							return smithyendpoints.Endpoint{
+																								URI:     *uri,
+																								Headers: http.Header{},
+																								Properties: func() smithy.Properties {
+																									var out smithy.Properties
+																									out.Set("authSchemes", []interface{}{
+																										map[string]interface{}{
+																											"disableDoubleEncoding": true,
+																											"name":                  "sigv4",
+																											"signingName":           "s3",
+																											"signingRegion":         _bucketArn.Region,
+																										},
+																									})
+																									return out
+																								}(),
+																							}, nil
+																						}
+																					}
+																					return endpoint, fmt.Errorf("Endpoint resolution failed. Invalid operation or environment input.")
+																				}
+																				return endpoint, fmt.Errorf("endpoint rule error, %s", func() string {
+																					var out strings.Builder
+																					out.WriteString("Invalid ARN: The access point name may only contain a-z, A-Z, 0-9 and `-`. Found: `")
+																					out.WriteString(_accessPointName)
+																					out.WriteString("`")
+																					return out.String()
+																				}())
+																			}
+																			return endpoint, fmt.Errorf("endpoint rule error, %s", func() string {
+																				var out strings.Builder
+																				out.WriteString("Invalid ARN: The account id may only contain a-z, A-Z, 0-9 and `-`. Found: `")
+																				out.WriteString(_bucketArn.AccountId)
+																				out.WriteString("`")
+																				return out.String()
+																			}())
+																		}
+																		return endpoint, fmt.Errorf("endpoint rule error, %s", func() string {
+																			var out strings.Builder
+																			out.WriteString("Invalid ARN: The ARN was not for the S3 service, found: ")
+																			out.WriteString(_bucketArn.Service)
+																			return out.String()
+																		}())
+																	}
+																	return endpoint, fmt.Errorf("endpoint rule error, %s", func() string {
+																		var out strings.Builder
+																		out.WriteString("Invalid region in ARN: `")
+																		out.WriteString(_bucketArn.Region)
+																		out.WriteString("` (invalid DNS name)")
+																		return out.String()
+																	}())
+																}
+																return endpoint, fmt.Errorf("endpoint rule error, %s", func() string {
+																	var out strings.Builder
+																	out.WriteString("Client was configured for partition `")
+																	out.WriteString(_partitionResult.Name)
+																	out.WriteString("` but ARN (`")
+																	out.WriteString(_Bucket)
+																	out.WriteString("`) has `")
+																	out.WriteString(_bucketPartition.Name)
+																	out.WriteString("`")
+																	return out.String()
+																}())
+															}
+															return endpoint, fmt.Errorf("Endpoint resolution failed. Invalid operation or environment input.")
+														}
+														return endpoint, fmt.Errorf("Endpoint resolution failed. Invalid operation or environment input.")
+													}
+													return endpoint, fmt.Errorf("endpoint rule error, %s", "Invalid ARN: The ARN may only contain a single resource component after `accesspoint`.")
+												}
+												return endpoint, fmt.Errorf("Endpoint resolution failed. Invalid operation or environment input.")
+											}
+											return endpoint, fmt.Errorf("Endpoint resolution failed. Invalid operation or environment input.")
+										}
+										if rulesfn.IsValidHostLabel(_accessPointName, true) {
+											if _UseDualStack == true {
+												return endpoint, fmt.Errorf("endpoint rule error, %s", "S3 MRAP does not support dual-stack")
+											}
+											if _UseFIPS == true {
+												return endpoint, fmt.Errorf("endpoint rule error, %s", "S3 MRAP does not support FIPS")
+											}
+											if _Accelerate == true {
+												return endpoint, fmt.Errorf("endpoint rule error, %s", "S3 MRAP does not support S3 Accelerate")
+											}
+											if _DisableMultiRegionAccessPoints == true {
+												return endpoint, fmt.Errorf("endpoint rule error, %s", "Invalid configuration: Multi-Region Access Point ARNs are disabled.")
+											}
+											if exprVal := awsrulesfn.GetPartition(_Region); exprVal != nil {
+												_mrapPartition := *exprVal
+												_ = _mrapPartition
+												if _mrapPartition.Name == _bucketArn.Partition {
+													uriString := func() string {
+														var out strings.Builder
+														out.WriteString("https://")
+														out.WriteString(_accessPointName)
+														out.WriteString(".accesspoint.s3-global.")
+														out.WriteString(_mrapPartition.DnsSuffix)
+														return out.String()
+													}()
+
+													uri, err := url.Parse(uriString)
+													if err != nil {
+														return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+													}
+
+													return smithyendpoints.Endpoint{
+														URI:     *uri,
+														Headers: http.Header{},
+														Properties: func() smithy.Properties {
+															var out smithy.Properties
+															out.Set("authSchemes", []interface{}{
+																map[string]interface{}{
+																	"disableDoubleEncoding": true,
+																	"name":                  "sigv4a",
+																	"signingName":           "s3",
+																	"signingRegionSet": []interface{}{
+																		"*",
+																	},
+																},
+															})
+															return out
+														}(),
+													}, nil
+												}
+												return endpoint, fmt.Errorf("endpoint rule error, %s", func() string {
+													var out strings.Builder
+													out.WriteString("Client was configured for partition `")
+													out.WriteString(_mrapPartition.Name)
+													out.WriteString("` but bucket referred to partition `")
+													out.WriteString(_bucketArn.Partition)
+													out.WriteString("`")
+													return out.String()
+												}())
+											}
+											return endpoint, fmt.Errorf("Endpoint resolution failed. Invalid operation or environment input.")
+										}
+										return endpoint, fmt.Errorf("endpoint rule error, %s", "Invalid Access Point Name")
+									}
+								}
+								return endpoint, fmt.Errorf("endpoint rule error, %s", "Invalid ARN: Expected a resource of the format `accesspoint:<accesspoint name>` but no name was provided")
+							}
+							if _bucketArn.Service == "s3-outposts" {
+								if _UseDualStack == true {
+									return endpoint, fmt.Errorf("endpoint rule error, %s", "S3 Outposts does not support Dual-stack")
+								}
+								if _UseFIPS == true {
+									return endpoint, fmt.Errorf("endpoint rule error, %s", "S3 Outposts does not support FIPS")
+								}
+								if _Accelerate == true {
+									return endpoint, fmt.Errorf("endpoint rule error, %s", "S3 Outposts does not support S3 Accelerate")
+								}
+								if exprVal := _bucketArn.ResourceId.Get(4); exprVal != nil {
+									_var_244 := *exprVal
+									_ = _var_244
+									return endpoint, fmt.Errorf("endpoint rule error, %s", "Invalid Arn: Outpost Access Point ARN contains sub resources")
+								}
+								if exprVal := _bucketArn.ResourceId.Get(1); exprVal != nil {
+									_outpostId := *exprVal
+									_ = _outpostId
+									if rulesfn.IsValidHostLabel(_outpostId, false) {
+										if exprVal := params.UseArnRegion; exprVal != nil {
+											_UseArnRegion := *exprVal
+											_ = _UseArnRegion
+											if _UseArnRegion == false {
+												if !(_bucketArn.Region == _Region) {
+													return endpoint, fmt.Errorf("endpoint rule error, %s", func() string {
+														var out strings.Builder
+														out.WriteString("Invalid configuration: region from ARN `")
+														out.WriteString(_bucketArn.Region)
+														out.WriteString("` does not match client region `")
+														out.WriteString(_Region)
+														out.WriteString("` and UseArnRegion is `false`")
+														return out.String()
+													}())
+												}
+											}
+										}
+										if exprVal := awsrulesfn.GetPartition(_bucketArn.Region); exprVal != nil {
+											_bucketPartition := *exprVal
+											_ = _bucketPartition
+											if exprVal := awsrulesfn.GetPartition(_Region); exprVal != nil {
+												_partitionResult := *exprVal
+												_ = _partitionResult
+												if _bucketPartition.Name == _partitionResult.Name {
+													if rulesfn.IsValidHostLabel(_bucketArn.Region, true) {
+														if rulesfn.IsValidHostLabel(_bucketArn.AccountId, false) {
+															if exprVal := _bucketArn.ResourceId.Get(2); exprVal != nil {
+																_outpostType := *exprVal
+																_ = _outpostType
+																if exprVal := _bucketArn.ResourceId.Get(3); exprVal != nil {
+																	_accessPointName := *exprVal
+																	_ = _accessPointName
+																	if _outpostType == "accesspoint" {
+																		if exprVal := params.Endpoint; exprVal != nil {
+																			_Endpoint := *exprVal
+																			_ = _Endpoint
+																			if exprVal := rulesfn.ParseURL(_Endpoint); exprVal != nil {
+																				_url := *exprVal
+																				_ = _url
+																				uriString := func() string {
+																					var out strings.Builder
+																					out.WriteString("https://")
+																					out.WriteString(_accessPointName)
+																					out.WriteString("-")
+																					out.WriteString(_bucketArn.AccountId)
+																					out.WriteString(".")
+																					out.WriteString(_outpostId)
+																					out.WriteString(".")
+																					out.WriteString(_url.Authority)
+																					return out.String()
+																				}()
+
+																				uri, err := url.Parse(uriString)
+																				if err != nil {
+																					return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+																				}
+
+																				return smithyendpoints.Endpoint{
+																					URI:     *uri,
+																					Headers: http.Header{},
+																					Properties: func() smithy.Properties {
+																						var out smithy.Properties
+																						out.Set("authSchemes", []interface{}{
+																							map[string]interface{}{
+																								"disableDoubleEncoding": true,
+																								"name":                  "sigv4",
+																								"signingName":           "s3-outposts",
+																								"signingRegion":         _bucketArn.Region,
+																							},
+																						})
+																						return out
+																					}(),
+																				}, nil
+																			}
+																		}
+																		uriString := func() string {
+																			var out strings.Builder
+																			out.WriteString("https://")
+																			out.WriteString(_accessPointName)
+																			out.WriteString("-")
+																			out.WriteString(_bucketArn.AccountId)
+																			out.WriteString(".")
+																			out.WriteString(_outpostId)
+																			out.WriteString(".s3-outposts.")
+																			out.WriteString(_bucketArn.Region)
+																			out.WriteString(".")
+																			out.WriteString(_bucketPartition.DnsSuffix)
+																			return out.String()
+																		}()
+
+																		uri, err := url.Parse(uriString)
+																		if err != nil {
+																			return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+																		}
+
+																		return smithyendpoints.Endpoint{
+																			URI:     *uri,
+																			Headers: http.Header{},
+																			Properties: func() smithy.Properties {
+																				var out smithy.Properties
+																				out.Set("authSchemes", []interface{}{
+																					map[string]interface{}{
+																						"disableDoubleEncoding": true,
+																						"name":                  "sigv4",
+																						"signingName":           "s3-outposts",
+																						"signingRegion":         _bucketArn.Region,
+																					},
+																				})
+																				return out
+																			}(),
+																		}, nil
+																	}
+																	return endpoint, fmt.Errorf("endpoint rule error, %s", func() string {
+																		var out strings.Builder
+																		out.WriteString("Expected an outpost type `accesspoint`, found ")
+																		out.WriteString(_outpostType)
+																		return out.String()
+																	}())
+																}
+																return endpoint, fmt.Errorf("endpoint rule error, %s", "Invalid ARN: expected an access point name")
+															}
+															return endpoint, fmt.Errorf("endpoint rule error, %s", "Invalid ARN: Expected a 4-component resource")
+														}
+														return endpoint, fmt.Errorf("endpoint rule error, %s", func() string {
+															var out strings.Builder
+															out.WriteString("Invalid ARN: The account id may only contain a-z, A-Z, 0-9 and `-`. Found: `")
+															out.WriteString(_bucketArn.AccountId)
+															out.WriteString("`")
+															return out.String()
+														}())
+													}
+													return endpoint, fmt.Errorf("endpoint rule error, %s", func() string {
+														var out strings.Builder
+														out.WriteString("Invalid region in ARN: `")
+														out.WriteString(_bucketArn.Region)
+														out.WriteString("` (invalid DNS name)")
+														return out.String()
+													}())
+												}
+												return endpoint, fmt.Errorf("endpoint rule error, %s", func() string {
+													var out strings.Builder
+													out.WriteString("Client was configured for partition `")
+													out.WriteString(_partitionResult.Name)
+													out.WriteString("` but ARN (`")
+													out.WriteString(_Bucket)
+													out.WriteString("`) has `")
+													out.WriteString(_bucketPartition.Name)
+													out.WriteString("`")
+													return out.String()
+												}())
+											}
+											return endpoint, fmt.Errorf("Endpoint resolution failed. Invalid operation or environment input.")
+										}
+										return endpoint, fmt.Errorf("Endpoint resolution failed. Invalid operation or environment input.")
+									}
+									return endpoint, fmt.Errorf("endpoint rule error, %s", func() string {
+										var out strings.Builder
+										out.WriteString("Invalid ARN: The outpost Id may only contain a-z, A-Z, 0-9 and `-`. Found: `")
+										out.WriteString(_outpostId)
+										out.WriteString("`")
+										return out.String()
+									}())
+								}
+								return endpoint, fmt.Errorf("endpoint rule error, %s", "Invalid ARN: The Outpost Id was not set")
+							}
+							return endpoint, fmt.Errorf("endpoint rule error, %s", func() string {
+								var out strings.Builder
+								out.WriteString("Invalid ARN: Unrecognized format: ")
+								out.WriteString(_Bucket)
+								out.WriteString(" (type: ")
+								out.WriteString(_arnType)
+								out.WriteString(")")
+								return out.String()
+							}())
+						}
+					}
+					return endpoint, fmt.Errorf("endpoint rule error, %s", "Invalid ARN: No ARN type specified")
+				}
+			}
+			if exprVal := rulesfn.SubString(_Bucket, 0, 4, false); exprVal != nil {
+				_arnPrefix := *exprVal
+				_ = _arnPrefix
+				if _arnPrefix == "arn:" {
+					if !(awsrulesfn.ParseARN(_Bucket) != nil) {
+						return endpoint, fmt.Errorf("endpoint rule error, %s", func() string {
+							var out strings.Builder
+							out.WriteString("Invalid ARN: `")
+							out.WriteString(_Bucket)
+							out.WriteString("` was not a valid ARN")
+							return out.String()
+						}())
+					}
+				}
+			}
+			if _ForcePathStyle == true {
+				if exprVal := awsrulesfn.ParseARN(_Bucket); exprVal != nil {
+					_var_257 := *exprVal
+					_ = _var_257
+					return endpoint, fmt.Errorf("endpoint rule error, %s", "Path-style addressing cannot be used with ARN buckets")
+				}
+			}
+			_uri_encoded_bucket := rulesfn.URIEncode(_Bucket)
+			_ = _uri_encoded_bucket
+			if exprVal := awsrulesfn.GetPartition(_Region); exprVal != nil {
+				_partitionResult := *exprVal
+				_ = _partitionResult
+				if _Accelerate == false {
+					if _UseDualStack == true {
+						if !(params.Endpoint != nil) {
+							if _UseFIPS == true {
+								if _Region == "aws-global" {
+									uriString := func() string {
+										var out strings.Builder
+										out.WriteString("https://s3-fips.dualstack.us-east-1.")
+										out.WriteString(_partitionResult.DnsSuffix)
+										out.WriteString("/")
+										out.WriteString(_uri_encoded_bucket)
+										return out.String()
+									}()
+
+									uri, err := url.Parse(uriString)
+									if err != nil {
+										return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+									}
+
+									return smithyendpoints.Endpoint{
+										URI:     *uri,
+										Headers: http.Header{},
+										Properties: func() smithy.Properties {
+											var out smithy.Properties
+											out.Set("authSchemes", []interface{}{
+												map[string]interface{}{
+													"disableDoubleEncoding": true,
+													"name":                  "sigv4",
+													"signingName":           "s3",
+													"signingRegion":         "us-east-1",
+												},
+											})
+											return out
+										}(),
+									}, nil
+								}
+							}
+						}
+					}
+					if _UseDualStack == true {
+						if !(params.Endpoint != nil) {
+							if _UseFIPS == true {
+								if !(_Region == "aws-global") {
+									if _UseGlobalEndpoint == true {
+										uriString := func() string {
+											var out strings.Builder
+											out.WriteString("https://s3-fips.dualstack.")
+											out.WriteString(_Region)
+											out.WriteString(".")
+											out.WriteString(_partitionResult.DnsSuffix)
+											out.WriteString("/")
+											out.WriteString(_uri_encoded_bucket)
+											return out.String()
+										}()
+
+										uri, err := url.Parse(uriString)
+										if err != nil {
+											return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+										}
+
+										return smithyendpoints.Endpoint{
+											URI:     *uri,
+											Headers: http.Header{},
+											Properties: func() smithy.Properties {
+												var out smithy.Properties
+												out.Set("authSchemes", []interface{}{
+													map[string]interface{}{
+														"disableDoubleEncoding": true,
+														"name":                  "sigv4",
+														"signingName":           "s3",
+														"signingRegion":         _Region,
+													},
+												})
+												return out
+											}(),
+										}, nil
+									}
+								}
+							}
+						}
+					}
+					if _UseDualStack == true {
+						if !(params.Endpoint != nil) {
+							if _UseFIPS == true {
+								if !(_Region == "aws-global") {
+									if _UseGlobalEndpoint == false {
+										uriString := func() string {
+											var out strings.Builder
+											out.WriteString("https://s3-fips.dualstack.")
+											out.WriteString(_Region)
+											out.WriteString(".")
+											out.WriteString(_partitionResult.DnsSuffix)
+											out.WriteString("/")
+											out.WriteString(_uri_encoded_bucket)
+											return out.String()
+										}()
+
+										uri, err := url.Parse(uriString)
+										if err != nil {
+											return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+										}
+
+										return smithyendpoints.Endpoint{
+											URI:     *uri,
+											Headers: http.Header{},
+											Properties: func() smithy.Properties {
+												var out smithy.Properties
+												out.Set("authSchemes", []interface{}{
+													map[string]interface{}{
+														"disableDoubleEncoding": true,
+														"name":                  "sigv4",
+														"signingName":           "s3",
+														"signingRegion":         _Region,
+													},
+												})
+												return out
+											}(),
+										}, nil
+									}
+								}
+							}
+						}
+					}
+					if _UseDualStack == false {
+						if !(params.Endpoint != nil) {
+							if _UseFIPS == true {
+								if _Region == "aws-global" {
+									uriString := func() string {
+										var out strings.Builder
+										out.WriteString("https://s3-fips.us-east-1.")
+										out.WriteString(_partitionResult.DnsSuffix)
+										out.WriteString("/")
+										out.WriteString(_uri_encoded_bucket)
+										return out.String()
+									}()
+
+									uri, err := url.Parse(uriString)
+									if err != nil {
+										return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+									}
+
+									return smithyendpoints.Endpoint{
+										URI:     *uri,
+										Headers: http.Header{},
+										Properties: func() smithy.Properties {
+											var out smithy.Properties
+											out.Set("authSchemes", []interface{}{
+												map[string]interface{}{
+													"disableDoubleEncoding": true,
+													"name":                  "sigv4",
+													"signingName":           "s3",
+													"signingRegion":         "us-east-1",
+												},
+											})
+											return out
+										}(),
+									}, nil
+								}
+							}
+						}
+					}
+					if _UseDualStack == false {
+						if !(params.Endpoint != nil) {
+							if _UseFIPS == true {
+								if !(_Region == "aws-global") {
+									if _UseGlobalEndpoint == true {
+										uriString := func() string {
+											var out strings.Builder
+											out.WriteString("https://s3-fips.")
+											out.WriteString(_Region)
+											out.WriteString(".")
+											out.WriteString(_partitionResult.DnsSuffix)
+											out.WriteString("/")
+											out.WriteString(_uri_encoded_bucket)
+											return out.String()
+										}()
+
+										uri, err := url.Parse(uriString)
+										if err != nil {
+											return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+										}
+
+										return smithyendpoints.Endpoint{
+											URI:     *uri,
+											Headers: http.Header{},
+											Properties: func() smithy.Properties {
+												var out smithy.Properties
+												out.Set("authSchemes", []interface{}{
+													map[string]interface{}{
+														"disableDoubleEncoding": true,
+														"name":                  "sigv4",
+														"signingName":           "s3",
+														"signingRegion":         _Region,
+													},
+												})
+												return out
+											}(),
+										}, nil
+									}
+								}
+							}
+						}
+					}
+					if _UseDualStack == false {
+						if !(params.Endpoint != nil) {
+							if _UseFIPS == true {
+								if !(_Region == "aws-global") {
+									if _UseGlobalEndpoint == false {
+										uriString := func() string {
+											var out strings.Builder
+											out.WriteString("https://s3-fips.")
+											out.WriteString(_Region)
+											out.WriteString(".")
+											out.WriteString(_partitionResult.DnsSuffix)
+											out.WriteString("/")
+											out.WriteString(_uri_encoded_bucket)
+											return out.String()
+										}()
+
+										uri, err := url.Parse(uriString)
+										if err != nil {
+											return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+										}
+
+										return smithyendpoints.Endpoint{
+											URI:     *uri,
+											Headers: http.Header{},
+											Properties: func() smithy.Properties {
+												var out smithy.Properties
+												out.Set("authSchemes", []interface{}{
+													map[string]interface{}{
+														"disableDoubleEncoding": true,
+														"name":                  "sigv4",
+														"signingName":           "s3",
+														"signingRegion":         _Region,
+													},
+												})
+												return out
+											}(),
+										}, nil
+									}
+								}
+							}
+						}
+					}
+					if _UseDualStack == true {
+						if !(params.Endpoint != nil) {
+							if _UseFIPS == false {
+								if _Region == "aws-global" {
+									uriString := func() string {
+										var out strings.Builder
+										out.WriteString("https://s3.dualstack.us-east-1.")
+										out.WriteString(_partitionResult.DnsSuffix)
+										out.WriteString("/")
+										out.WriteString(_uri_encoded_bucket)
+										return out.String()
+									}()
+
+									uri, err := url.Parse(uriString)
+									if err != nil {
+										return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+									}
+
+									return smithyendpoints.Endpoint{
+										URI:     *uri,
+										Headers: http.Header{},
+										Properties: func() smithy.Properties {
+											var out smithy.Properties
+											out.Set("authSchemes", []interface{}{
+												map[string]interface{}{
+													"disableDoubleEncoding": true,
+													"name":                  "sigv4",
+													"signingName":           "s3",
+													"signingRegion":         "us-east-1",
+												},
+											})
+											return out
+										}(),
+									}, nil
+								}
+							}
+						}
+					}
+					if _UseDualStack == true {
+						if !(params.Endpoint != nil) {
+							if _UseFIPS == false {
+								if !(_Region == "aws-global") {
+									if _UseGlobalEndpoint == true {
+										uriString := func() string {
+											var out strings.Builder
+											out.WriteString("https://s3.dualstack.")
+											out.WriteString(_Region)
+											out.WriteString(".")
+											out.WriteString(_partitionResult.DnsSuffix)
+											out.WriteString("/")
+											out.WriteString(_uri_encoded_bucket)
+											return out.String()
+										}()
+
+										uri, err := url.Parse(uriString)
+										if err != nil {
+											return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+										}
+
+										return smithyendpoints.Endpoint{
+											URI:     *uri,
+											Headers: http.Header{},
+											Properties: func() smithy.Properties {
+												var out smithy.Properties
+												out.Set("authSchemes", []interface{}{
+													map[string]interface{}{
+														"disableDoubleEncoding": true,
+														"name":                  "sigv4",
+														"signingName":           "s3",
+														"signingRegion":         _Region,
+													},
+												})
+												return out
+											}(),
+										}, nil
+									}
+								}
+							}
+						}
+					}
+					if _UseDualStack == true {
+						if !(params.Endpoint != nil) {
+							if _UseFIPS == false {
+								if !(_Region == "aws-global") {
+									if _UseGlobalEndpoint == false {
+										uriString := func() string {
+											var out strings.Builder
+											out.WriteString("https://s3.dualstack.")
+											out.WriteString(_Region)
+											out.WriteString(".")
+											out.WriteString(_partitionResult.DnsSuffix)
+											out.WriteString("/")
+											out.WriteString(_uri_encoded_bucket)
+											return out.String()
+										}()
+
+										uri, err := url.Parse(uriString)
+										if err != nil {
+											return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+										}
+
+										return smithyendpoints.Endpoint{
+											URI:     *uri,
+											Headers: http.Header{},
+											Properties: func() smithy.Properties {
+												var out smithy.Properties
+												out.Set("authSchemes", []interface{}{
+													map[string]interface{}{
+														"disableDoubleEncoding": true,
+														"name":                  "sigv4",
+														"signingName":           "s3",
+														"signingRegion":         _Region,
+													},
+												})
+												return out
+											}(),
+										}, nil
+									}
+								}
+							}
+						}
+					}
+					if _UseDualStack == false {
+						if exprVal := params.Endpoint; exprVal != nil {
+							_Endpoint := *exprVal
+							_ = _Endpoint
+							if exprVal := rulesfn.ParseURL(_Endpoint); exprVal != nil {
+								_url := *exprVal
+								_ = _url
+								if _UseFIPS == false {
+									if _Region == "aws-global" {
+										uriString := func() string {
+											var out strings.Builder
+											out.WriteString(_url.Scheme)
+											out.WriteString("://")
+											out.WriteString(_url.Authority)
+											out.WriteString(_url.NormalizedPath)
+											out.WriteString(_uri_encoded_bucket)
+											return out.String()
+										}()
+
+										uri, err := url.Parse(uriString)
+										if err != nil {
+											return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+										}
+
+										return smithyendpoints.Endpoint{
+											URI:     *uri,
+											Headers: http.Header{},
+											Properties: func() smithy.Properties {
+												var out smithy.Properties
+												out.Set("authSchemes", []interface{}{
+													map[string]interface{}{
+														"disableDoubleEncoding": true,
+														"name":                  "sigv4",
+														"signingName":           "s3",
+														"signingRegion":         "us-east-1",
+													},
+												})
+												return out
+											}(),
+										}, nil
+									}
+								}
+							}
+						}
+					}
+					if _UseDualStack == false {
+						if exprVal := params.Endpoint; exprVal != nil {
+							_Endpoint := *exprVal
+							_ = _Endpoint
+							if exprVal := rulesfn.ParseURL(_Endpoint); exprVal != nil {
+								_url := *exprVal
+								_ = _url
+								if _UseFIPS == false {
+									if !(_Region == "aws-global") {
+										if _UseGlobalEndpoint == true {
+											if _Region == "us-east-1" {
+												uriString := func() string {
+													var out strings.Builder
+													out.WriteString(_url.Scheme)
+													out.WriteString("://")
+													out.WriteString(_url.Authority)
+													out.WriteString(_url.NormalizedPath)
+													out.WriteString(_uri_encoded_bucket)
+													return out.String()
+												}()
+
+												uri, err := url.Parse(uriString)
+												if err != nil {
+													return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+												}
+
+												return smithyendpoints.Endpoint{
+													URI:     *uri,
+													Headers: http.Header{},
+													Properties: func() smithy.Properties {
+														var out smithy.Properties
+														out.Set("authSchemes", []interface{}{
+															map[string]interface{}{
+																"disableDoubleEncoding": true,
+																"name":                  "sigv4",
+																"signingName":           "s3",
+																"signingRegion":         _Region,
+															},
+														})
+														return out
+													}(),
+												}, nil
+											}
+											uriString := func() string {
+												var out strings.Builder
+												out.WriteString(_url.Scheme)
+												out.WriteString("://")
+												out.WriteString(_url.Authority)
+												out.WriteString(_url.NormalizedPath)
+												out.WriteString(_uri_encoded_bucket)
+												return out.String()
+											}()
+
+											uri, err := url.Parse(uriString)
+											if err != nil {
+												return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+											}
+
+											return smithyendpoints.Endpoint{
+												URI:     *uri,
+												Headers: http.Header{},
+												Properties: func() smithy.Properties {
+													var out smithy.Properties
+													out.Set("authSchemes", []interface{}{
+														map[string]interface{}{
+															"disableDoubleEncoding": true,
+															"name":                  "sigv4",
+															"signingName":           "s3",
+															"signingRegion":         _Region,
+														},
+													})
+													return out
+												}(),
+											}, nil
+										}
+									}
+								}
+							}
+						}
+					}
+					if _UseDualStack == false {
+						if exprVal := params.Endpoint; exprVal != nil {
+							_Endpoint := *exprVal
+							_ = _Endpoint
+							if exprVal := rulesfn.ParseURL(_Endpoint); exprVal != nil {
+								_url := *exprVal
+								_ = _url
+								if _UseFIPS == false {
+									if !(_Region == "aws-global") {
+										if _UseGlobalEndpoint == false {
+											uriString := func() string {
+												var out strings.Builder
+												out.WriteString(_url.Scheme)
+												out.WriteString("://")
+												out.WriteString(_url.Authority)
+												out.WriteString(_url.NormalizedPath)
+												out.WriteString(_uri_encoded_bucket)
+												return out.String()
+											}()
+
+											uri, err := url.Parse(uriString)
+											if err != nil {
+												return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+											}
+
+											return smithyendpoints.Endpoint{
+												URI:     *uri,
+												Headers: http.Header{},
+												Properties: func() smithy.Properties {
+													var out smithy.Properties
+													out.Set("authSchemes", []interface{}{
+														map[string]interface{}{
+															"disableDoubleEncoding": true,
+															"name":                  "sigv4",
+															"signingName":           "s3",
+															"signingRegion":         _Region,
+														},
+													})
+													return out
+												}(),
+											}, nil
+										}
+									}
+								}
+							}
+						}
+					}
+					if _UseDualStack == false {
+						if !(params.Endpoint != nil) {
+							if _UseFIPS == false {
+								if _Region == "aws-global" {
+									uriString := func() string {
+										var out strings.Builder
+										out.WriteString("https://s3.")
+										out.WriteString(_partitionResult.DnsSuffix)
+										out.WriteString("/")
+										out.WriteString(_uri_encoded_bucket)
+										return out.String()
+									}()
+
+									uri, err := url.Parse(uriString)
+									if err != nil {
+										return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+									}
+
+									return smithyendpoints.Endpoint{
+										URI:     *uri,
+										Headers: http.Header{},
+										Properties: func() smithy.Properties {
+											var out smithy.Properties
+											out.Set("authSchemes", []interface{}{
+												map[string]interface{}{
+													"disableDoubleEncoding": true,
+													"name":                  "sigv4",
+													"signingName":           "s3",
+													"signingRegion":         "us-east-1",
+												},
+											})
+											return out
+										}(),
+									}, nil
+								}
+							}
+						}
+					}
+					if _UseDualStack == false {
+						if !(params.Endpoint != nil) {
+							if _UseFIPS == false {
+								if !(_Region == "aws-global") {
+									if _UseGlobalEndpoint == true {
+										if _Region == "us-east-1" {
+											uriString := func() string {
+												var out strings.Builder
+												out.WriteString("https://s3.")
+												out.WriteString(_partitionResult.DnsSuffix)
+												out.WriteString("/")
+												out.WriteString(_uri_encoded_bucket)
+												return out.String()
+											}()
+
+											uri, err := url.Parse(uriString)
+											if err != nil {
+												return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+											}
+
+											return smithyendpoints.Endpoint{
+												URI:     *uri,
+												Headers: http.Header{},
+												Properties: func() smithy.Properties {
+													var out smithy.Properties
+													out.Set("authSchemes", []interface{}{
+														map[string]interface{}{
+															"disableDoubleEncoding": true,
+															"name":                  "sigv4",
+															"signingName":           "s3",
+															"signingRegion":         _Region,
+														},
+													})
+													return out
+												}(),
+											}, nil
+										}
+										uriString := func() string {
+											var out strings.Builder
+											out.WriteString("https://s3.")
+											out.WriteString(_Region)
+											out.WriteString(".")
+											out.WriteString(_partitionResult.DnsSuffix)
+											out.WriteString("/")
+											out.WriteString(_uri_encoded_bucket)
+											return out.String()
+										}()
+
+										uri, err := url.Parse(uriString)
+										if err != nil {
+											return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+										}
+
+										return smithyendpoints.Endpoint{
+											URI:     *uri,
+											Headers: http.Header{},
+											Properties: func() smithy.Properties {
+												var out smithy.Properties
+												out.Set("authSchemes", []interface{}{
+													map[string]interface{}{
+														"disableDoubleEncoding": true,
+														"name":                  "sigv4",
+														"signingName":           "s3",
+														"signingRegion":         _Region,
+													},
+												})
+												return out
+											}(),
+										}, nil
+									}
+								}
+							}
+						}
+					}
+					if _UseDualStack == false {
+						if !(params.Endpoint != nil) {
+							if _UseFIPS == false {
+								if !(_Region == "aws-global") {
+									if _UseGlobalEndpoint == false {
+										uriString := func() string {
+											var out strings.Builder
+											out.WriteString("https://s3.")
+											out.WriteString(_Region)
+											out.WriteString(".")
+											out.WriteString(_partitionResult.DnsSuffix)
+											out.WriteString("/")
+											out.WriteString(_uri_encoded_bucket)
+											return out.String()
+										}()
+
+										uri, err := url.Parse(uriString)
+										if err != nil {
+											return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+										}
+
+										return smithyendpoints.Endpoint{
+											URI:     *uri,
+											Headers: http.Header{},
+											Properties: func() smithy.Properties {
+												var out smithy.Properties
+												out.Set("authSchemes", []interface{}{
+													map[string]interface{}{
+														"disableDoubleEncoding": true,
+														"name":                  "sigv4",
+														"signingName":           "s3",
+														"signingRegion":         _Region,
+													},
+												})
+												return out
+											}(),
+										}, nil
+									}
+								}
+							}
+						}
+					}
+					return endpoint, fmt.Errorf("Endpoint resolution failed. Invalid operation or environment input.")
+				}
+				return endpoint, fmt.Errorf("endpoint rule error, %s", "Path-style addressing cannot be used with S3 Accelerate")
+			}
+			return endpoint, fmt.Errorf("Endpoint resolution failed. Invalid operation or environment input.")
+		}
+		if exprVal := params.UseObjectLambdaEndpoint; exprVal != nil {
+			_UseObjectLambdaEndpoint := *exprVal
+			_ = _UseObjectLambdaEndpoint
+			if _UseObjectLambdaEndpoint == true {
+				if exprVal := awsrulesfn.GetPartition(_Region); exprVal != nil {
+					_partitionResult := *exprVal
+					_ = _partitionResult
+					if rulesfn.IsValidHostLabel(_Region, true) {
+						if _UseDualStack == true {
+							return endpoint, fmt.Errorf("endpoint rule error, %s", "S3 Object Lambda does not support Dual-stack")
+						}
+						if _Accelerate == true {
+							return endpoint, fmt.Errorf("endpoint rule error, %s", "S3 Object Lambda does not support S3 Accelerate")
+						}
+						if exprVal := params.Endpoint; exprVal != nil {
+							_Endpoint := *exprVal
+							_ = _Endpoint
+							if exprVal := rulesfn.ParseURL(_Endpoint); exprVal != nil {
+								_url := *exprVal
+								_ = _url
+								uriString := func() string {
+									var out strings.Builder
+									out.WriteString(_url.Scheme)
+									out.WriteString("://")
+									out.WriteString(_url.Authority)
+									out.WriteString(_url.Path)
+									return out.String()
+								}()
+
+								uri, err := url.Parse(uriString)
+								if err != nil {
+									return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+								}
+
+								return smithyendpoints.Endpoint{
+									URI:     *uri,
+									Headers: http.Header{},
+									Properties: func() smithy.Properties {
+										var out smithy.Properties
+										out.Set("authSchemes", []interface{}{
+											map[string]interface{}{
+												"disableDoubleEncoding": true,
+												"name":                  "sigv4",
+												"signingName":           "s3-object-lambda",
+												"signingRegion":         _Region,
+											},
+										})
+										return out
+									}(),
+								}, nil
+							}
+						}
+						if _UseFIPS == true {
+							uriString := func() string {
+								var out strings.Builder
+								out.WriteString("https://s3-object-lambda-fips.")
+								out.WriteString(_Region)
+								out.WriteString(".")
+								out.WriteString(_partitionResult.DnsSuffix)
+								return out.String()
+							}()
+
+							uri, err := url.Parse(uriString)
+							if err != nil {
+								return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+							}
+
+							return smithyendpoints.Endpoint{
+								URI:     *uri,
+								Headers: http.Header{},
+								Properties: func() smithy.Properties {
+									var out smithy.Properties
+									out.Set("authSchemes", []interface{}{
+										map[string]interface{}{
+											"disableDoubleEncoding": true,
+											"name":                  "sigv4",
+											"signingName":           "s3-object-lambda",
+											"signingRegion":         _Region,
+										},
+									})
+									return out
+								}(),
+							}, nil
+						}
+						uriString := func() string {
+							var out strings.Builder
+							out.WriteString("https://s3-object-lambda.")
+							out.WriteString(_Region)
+							out.WriteString(".")
+							out.WriteString(_partitionResult.DnsSuffix)
+							return out.String()
+						}()
+
+						uri, err := url.Parse(uriString)
+						if err != nil {
+							return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+						}
+
+						return smithyendpoints.Endpoint{
+							URI:     *uri,
+							Headers: http.Header{},
+							Properties: func() smithy.Properties {
+								var out smithy.Properties
+								out.Set("authSchemes", []interface{}{
+									map[string]interface{}{
+										"disableDoubleEncoding": true,
+										"name":                  "sigv4",
+										"signingName":           "s3-object-lambda",
+										"signingRegion":         _Region,
+									},
+								})
+								return out
+							}(),
+						}, nil
+					}
+					return endpoint, fmt.Errorf("endpoint rule error, %s", "Invalid region: region was not a valid DNS name.")
+				}
+				return endpoint, fmt.Errorf("Endpoint resolution failed. Invalid operation or environment input.")
+			}
+		}
+		if !(params.Bucket != nil) {
+			if exprVal := awsrulesfn.GetPartition(_Region); exprVal != nil {
+				_partitionResult := *exprVal
+				_ = _partitionResult
+				if rulesfn.IsValidHostLabel(_Region, true) {
+					if _UseFIPS == true {
+						if _UseDualStack == true {
+							if !(params.Endpoint != nil) {
+								if _Region == "aws-global" {
+									uriString := func() string {
+										var out strings.Builder
+										out.WriteString("https://s3-fips.dualstack.us-east-1.")
+										out.WriteString(_partitionResult.DnsSuffix)
+										return out.String()
+									}()
+
+									uri, err := url.Parse(uriString)
+									if err != nil {
+										return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+									}
+
+									return smithyendpoints.Endpoint{
+										URI:     *uri,
+										Headers: http.Header{},
+										Properties: func() smithy.Properties {
+											var out smithy.Properties
+											out.Set("authSchemes", []interface{}{
+												map[string]interface{}{
+													"disableDoubleEncoding": true,
+													"name":                  "sigv4",
+													"signingName":           "s3",
+													"signingRegion":         "us-east-1",
+												},
+											})
+											return out
+										}(),
+									}, nil
+								}
+							}
+						}
+					}
+					if _UseFIPS == true {
+						if _UseDualStack == true {
+							if !(params.Endpoint != nil) {
+								if !(_Region == "aws-global") {
+									if _UseGlobalEndpoint == true {
+										uriString := func() string {
+											var out strings.Builder
+											out.WriteString("https://s3-fips.dualstack.")
+											out.WriteString(_Region)
+											out.WriteString(".")
+											out.WriteString(_partitionResult.DnsSuffix)
+											return out.String()
+										}()
+
+										uri, err := url.Parse(uriString)
+										if err != nil {
+											return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+										}
+
+										return smithyendpoints.Endpoint{
+											URI:     *uri,
+											Headers: http.Header{},
+											Properties: func() smithy.Properties {
+												var out smithy.Properties
+												out.Set("authSchemes", []interface{}{
+													map[string]interface{}{
+														"disableDoubleEncoding": true,
+														"name":                  "sigv4",
+														"signingName":           "s3",
+														"signingRegion":         _Region,
+													},
+												})
+												return out
+											}(),
+										}, nil
+									}
+								}
+							}
+						}
+					}
+					if _UseFIPS == true {
+						if _UseDualStack == true {
+							if !(params.Endpoint != nil) {
+								if !(_Region == "aws-global") {
+									if _UseGlobalEndpoint == false {
+										uriString := func() string {
+											var out strings.Builder
+											out.WriteString("https://s3-fips.dualstack.")
+											out.WriteString(_Region)
+											out.WriteString(".")
+											out.WriteString(_partitionResult.DnsSuffix)
+											return out.String()
+										}()
+
+										uri, err := url.Parse(uriString)
+										if err != nil {
+											return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+										}
+
+										return smithyendpoints.Endpoint{
+											URI:     *uri,
+											Headers: http.Header{},
+											Properties: func() smithy.Properties {
+												var out smithy.Properties
+												out.Set("authSchemes", []interface{}{
+													map[string]interface{}{
+														"disableDoubleEncoding": true,
+														"name":                  "sigv4",
+														"signingName":           "s3",
+														"signingRegion":         _Region,
+													},
+												})
+												return out
+											}(),
+										}, nil
+									}
+								}
+							}
+						}
+					}
+					if _UseFIPS == true {
+						if _UseDualStack == false {
+							if !(params.Endpoint != nil) {
+								if _Region == "aws-global" {
+									uriString := func() string {
+										var out strings.Builder
+										out.WriteString("https://s3-fips.us-east-1.")
+										out.WriteString(_partitionResult.DnsSuffix)
+										return out.String()
+									}()
+
+									uri, err := url.Parse(uriString)
+									if err != nil {
+										return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+									}
+
+									return smithyendpoints.Endpoint{
+										URI:     *uri,
+										Headers: http.Header{},
+										Properties: func() smithy.Properties {
+											var out smithy.Properties
+											out.Set("authSchemes", []interface{}{
+												map[string]interface{}{
+													"disableDoubleEncoding": true,
+													"name":                  "sigv4",
+													"signingName":           "s3",
+													"signingRegion":         "us-east-1",
+												},
+											})
+											return out
+										}(),
+									}, nil
+								}
+							}
+						}
+					}
+					if _UseFIPS == true {
+						if _UseDualStack == false {
+							if !(params.Endpoint != nil) {
+								if !(_Region == "aws-global") {
+									if _UseGlobalEndpoint == true {
+										uriString := func() string {
+											var out strings.Builder
+											out.WriteString("https://s3-fips.")
+											out.WriteString(_Region)
+											out.WriteString(".")
+											out.WriteString(_partitionResult.DnsSuffix)
+											return out.String()
+										}()
+
+										uri, err := url.Parse(uriString)
+										if err != nil {
+											return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+										}
+
+										return smithyendpoints.Endpoint{
+											URI:     *uri,
+											Headers: http.Header{},
+											Properties: func() smithy.Properties {
+												var out smithy.Properties
+												out.Set("authSchemes", []interface{}{
+													map[string]interface{}{
+														"disableDoubleEncoding": true,
+														"name":                  "sigv4",
+														"signingName":           "s3",
+														"signingRegion":         _Region,
+													},
+												})
+												return out
+											}(),
+										}, nil
+									}
+								}
+							}
+						}
+					}
+					if _UseFIPS == true {
+						if _UseDualStack == false {
+							if !(params.Endpoint != nil) {
+								if !(_Region == "aws-global") {
+									if _UseGlobalEndpoint == false {
+										uriString := func() string {
+											var out strings.Builder
+											out.WriteString("https://s3-fips.")
+											out.WriteString(_Region)
+											out.WriteString(".")
+											out.WriteString(_partitionResult.DnsSuffix)
+											return out.String()
+										}()
+
+										uri, err := url.Parse(uriString)
+										if err != nil {
+											return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+										}
+
+										return smithyendpoints.Endpoint{
+											URI:     *uri,
+											Headers: http.Header{},
+											Properties: func() smithy.Properties {
+												var out smithy.Properties
+												out.Set("authSchemes", []interface{}{
+													map[string]interface{}{
+														"disableDoubleEncoding": true,
+														"name":                  "sigv4",
+														"signingName":           "s3",
+														"signingRegion":         _Region,
+													},
+												})
+												return out
+											}(),
+										}, nil
+									}
+								}
+							}
+						}
+					}
+					if _UseFIPS == false {
+						if _UseDualStack == true {
+							if !(params.Endpoint != nil) {
+								if _Region == "aws-global" {
+									uriString := func() string {
+										var out strings.Builder
+										out.WriteString("https://s3.dualstack.us-east-1.")
+										out.WriteString(_partitionResult.DnsSuffix)
+										return out.String()
+									}()
+
+									uri, err := url.Parse(uriString)
+									if err != nil {
+										return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+									}
+
+									return smithyendpoints.Endpoint{
+										URI:     *uri,
+										Headers: http.Header{},
+										Properties: func() smithy.Properties {
+											var out smithy.Properties
+											out.Set("authSchemes", []interface{}{
+												map[string]interface{}{
+													"disableDoubleEncoding": true,
+													"name":                  "sigv4",
+													"signingName":           "s3",
+													"signingRegion":         "us-east-1",
+												},
+											})
+											return out
+										}(),
+									}, nil
+								}
+							}
+						}
+					}
+					if _UseFIPS == false {
+						if _UseDualStack == true {
+							if !(params.Endpoint != nil) {
+								if !(_Region == "aws-global") {
+									if _UseGlobalEndpoint == true {
+										uriString := func() string {
+											var out strings.Builder
+											out.WriteString("https://s3.dualstack.")
+											out.WriteString(_Region)
+											out.WriteString(".")
+											out.WriteString(_partitionResult.DnsSuffix)
+											return out.String()
+										}()
+
+										uri, err := url.Parse(uriString)
+										if err != nil {
+											return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+										}
+
+										return smithyendpoints.Endpoint{
+											URI:     *uri,
+											Headers: http.Header{},
+											Properties: func() smithy.Properties {
+												var out smithy.Properties
+												out.Set("authSchemes", []interface{}{
+													map[string]interface{}{
+														"disableDoubleEncoding": true,
+														"name":                  "sigv4",
+														"signingName":           "s3",
+														"signingRegion":         _Region,
+													},
+												})
+												return out
+											}(),
+										}, nil
+									}
+								}
+							}
+						}
+					}
+					if _UseFIPS == false {
+						if _UseDualStack == true {
+							if !(params.Endpoint != nil) {
+								if !(_Region == "aws-global") {
+									if _UseGlobalEndpoint == false {
+										uriString := func() string {
+											var out strings.Builder
+											out.WriteString("https://s3.dualstack.")
+											out.WriteString(_Region)
+											out.WriteString(".")
+											out.WriteString(_partitionResult.DnsSuffix)
+											return out.String()
+										}()
+
+										uri, err := url.Parse(uriString)
+										if err != nil {
+											return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+										}
+
+										return smithyendpoints.Endpoint{
+											URI:     *uri,
+											Headers: http.Header{},
+											Properties: func() smithy.Properties {
+												var out smithy.Properties
+												out.Set("authSchemes", []interface{}{
+													map[string]interface{}{
+														"disableDoubleEncoding": true,
+														"name":                  "sigv4",
+														"signingName":           "s3",
+														"signingRegion":         _Region,
+													},
+												})
+												return out
+											}(),
+										}, nil
+									}
+								}
+							}
+						}
+					}
+					if _UseFIPS == false {
+						if _UseDualStack == false {
+							if exprVal := params.Endpoint; exprVal != nil {
+								_Endpoint := *exprVal
+								_ = _Endpoint
+								if exprVal := rulesfn.ParseURL(_Endpoint); exprVal != nil {
+									_url := *exprVal
+									_ = _url
+									if _Region == "aws-global" {
+										uriString := func() string {
+											var out strings.Builder
+											out.WriteString(_url.Scheme)
+											out.WriteString("://")
+											out.WriteString(_url.Authority)
+											out.WriteString(_url.Path)
+											return out.String()
+										}()
+
+										uri, err := url.Parse(uriString)
+										if err != nil {
+											return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+										}
+
+										return smithyendpoints.Endpoint{
+											URI:     *uri,
+											Headers: http.Header{},
+											Properties: func() smithy.Properties {
+												var out smithy.Properties
+												out.Set("authSchemes", []interface{}{
+													map[string]interface{}{
+														"disableDoubleEncoding": true,
+														"name":                  "sigv4",
+														"signingName":           "s3",
+														"signingRegion":         "us-east-1",
+													},
+												})
+												return out
+											}(),
+										}, nil
+									}
+								}
+							}
+						}
+					}
+					if _UseFIPS == false {
+						if _UseDualStack == false {
+							if exprVal := params.Endpoint; exprVal != nil {
+								_Endpoint := *exprVal
+								_ = _Endpoint
+								if exprVal := rulesfn.ParseURL(_Endpoint); exprVal != nil {
+									_url := *exprVal
+									_ = _url
+									if !(_Region == "aws-global") {
+										if _UseGlobalEndpoint == true {
+											if _Region == "us-east-1" {
+												uriString := func() string {
+													var out strings.Builder
+													out.WriteString(_url.Scheme)
+													out.WriteString("://")
+													out.WriteString(_url.Authority)
+													out.WriteString(_url.Path)
+													return out.String()
+												}()
+
+												uri, err := url.Parse(uriString)
+												if err != nil {
+													return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+												}
+
+												return smithyendpoints.Endpoint{
+													URI:     *uri,
+													Headers: http.Header{},
+													Properties: func() smithy.Properties {
+														var out smithy.Properties
+														out.Set("authSchemes", []interface{}{
+															map[string]interface{}{
+																"disableDoubleEncoding": true,
+																"name":                  "sigv4",
+																"signingName":           "s3",
+																"signingRegion":         _Region,
+															},
+														})
+														return out
+													}(),
+												}, nil
+											}
+											uriString := func() string {
+												var out strings.Builder
+												out.WriteString(_url.Scheme)
+												out.WriteString("://")
+												out.WriteString(_url.Authority)
+												out.WriteString(_url.Path)
+												return out.String()
+											}()
+
+											uri, err := url.Parse(uriString)
+											if err != nil {
+												return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+											}
+
+											return smithyendpoints.Endpoint{
+												URI:     *uri,
+												Headers: http.Header{},
+												Properties: func() smithy.Properties {
+													var out smithy.Properties
+													out.Set("authSchemes", []interface{}{
+														map[string]interface{}{
+															"disableDoubleEncoding": true,
+															"name":                  "sigv4",
+															"signingName":           "s3",
+															"signingRegion":         _Region,
+														},
+													})
+													return out
+												}(),
+											}, nil
+										}
+									}
+								}
+							}
+						}
+					}
+					if _UseFIPS == false {
+						if _UseDualStack == false {
+							if exprVal := params.Endpoint; exprVal != nil {
+								_Endpoint := *exprVal
+								_ = _Endpoint
+								if exprVal := rulesfn.ParseURL(_Endpoint); exprVal != nil {
+									_url := *exprVal
+									_ = _url
+									if !(_Region == "aws-global") {
+										if _UseGlobalEndpoint == false {
+											uriString := func() string {
+												var out strings.Builder
+												out.WriteString(_url.Scheme)
+												out.WriteString("://")
+												out.WriteString(_url.Authority)
+												out.WriteString(_url.Path)
+												return out.String()
+											}()
+
+											uri, err := url.Parse(uriString)
+											if err != nil {
+												return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+											}
+
+											return smithyendpoints.Endpoint{
+												URI:     *uri,
+												Headers: http.Header{},
+												Properties: func() smithy.Properties {
+													var out smithy.Properties
+													out.Set("authSchemes", []interface{}{
+														map[string]interface{}{
+															"disableDoubleEncoding": true,
+															"name":                  "sigv4",
+															"signingName":           "s3",
+															"signingRegion":         _Region,
+														},
+													})
+													return out
+												}(),
+											}, nil
+										}
+									}
+								}
+							}
+						}
+					}
+					if _UseFIPS == false {
+						if _UseDualStack == false {
+							if !(params.Endpoint != nil) {
+								if _Region == "aws-global" {
+									uriString := func() string {
+										var out strings.Builder
+										out.WriteString("https://s3.")
+										out.WriteString(_partitionResult.DnsSuffix)
+										return out.String()
+									}()
+
+									uri, err := url.Parse(uriString)
+									if err != nil {
+										return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+									}
+
+									return smithyendpoints.Endpoint{
+										URI:     *uri,
+										Headers: http.Header{},
+										Properties: func() smithy.Properties {
+											var out smithy.Properties
+											out.Set("authSchemes", []interface{}{
+												map[string]interface{}{
+													"disableDoubleEncoding": true,
+													"name":                  "sigv4",
+													"signingName":           "s3",
+													"signingRegion":         "us-east-1",
+												},
+											})
+											return out
+										}(),
+									}, nil
+								}
+							}
+						}
+					}
+					if _UseFIPS == false {
+						if _UseDualStack == false {
+							if !(params.Endpoint != nil) {
+								if !(_Region == "aws-global") {
+									if _UseGlobalEndpoint == true {
+										if _Region == "us-east-1" {
+											uriString := func() string {
+												var out strings.Builder
+												out.WriteString("https://s3.")
+												out.WriteString(_partitionResult.DnsSuffix)
+												return out.String()
+											}()
+
+											uri, err := url.Parse(uriString)
+											if err != nil {
+												return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+											}
+
+											return smithyendpoints.Endpoint{
+												URI:     *uri,
+												Headers: http.Header{},
+												Properties: func() smithy.Properties {
+													var out smithy.Properties
+													out.Set("authSchemes", []interface{}{
+														map[string]interface{}{
+															"disableDoubleEncoding": true,
+															"name":                  "sigv4",
+															"signingName":           "s3",
+															"signingRegion":         _Region,
+														},
+													})
+													return out
+												}(),
+											}, nil
+										}
+										uriString := func() string {
+											var out strings.Builder
+											out.WriteString("https://s3.")
+											out.WriteString(_Region)
+											out.WriteString(".")
+											out.WriteString(_partitionResult.DnsSuffix)
+											return out.String()
+										}()
+
+										uri, err := url.Parse(uriString)
+										if err != nil {
+											return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+										}
+
+										return smithyendpoints.Endpoint{
+											URI:     *uri,
+											Headers: http.Header{},
+											Properties: func() smithy.Properties {
+												var out smithy.Properties
+												out.Set("authSchemes", []interface{}{
+													map[string]interface{}{
+														"disableDoubleEncoding": true,
+														"name":                  "sigv4",
+														"signingName":           "s3",
+														"signingRegion":         _Region,
+													},
+												})
+												return out
+											}(),
+										}, nil
+									}
+								}
+							}
+						}
+					}
+					if _UseFIPS == false {
+						if _UseDualStack == false {
+							if !(params.Endpoint != nil) {
+								if !(_Region == "aws-global") {
+									if _UseGlobalEndpoint == false {
+										uriString := func() string {
+											var out strings.Builder
+											out.WriteString("https://s3.")
+											out.WriteString(_Region)
+											out.WriteString(".")
+											out.WriteString(_partitionResult.DnsSuffix)
+											return out.String()
+										}()
+
+										uri, err := url.Parse(uriString)
+										if err != nil {
+											return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+										}
+
+										return smithyendpoints.Endpoint{
+											URI:     *uri,
+											Headers: http.Header{},
+											Properties: func() smithy.Properties {
+												var out smithy.Properties
+												out.Set("authSchemes", []interface{}{
+													map[string]interface{}{
+														"disableDoubleEncoding": true,
+														"name":                  "sigv4",
+														"signingName":           "s3",
+														"signingRegion":         _Region,
+													},
+												})
+												return out
+											}(),
+										}, nil
+									}
+								}
+							}
+						}
+					}
+					return endpoint, fmt.Errorf("Endpoint resolution failed. Invalid operation or environment input.")
+				}
+				return endpoint, fmt.Errorf("endpoint rule error, %s", "Invalid region: region was not a valid DNS name.")
+			}
+			return endpoint, fmt.Errorf("Endpoint resolution failed. Invalid operation or environment input.")
+		}
+		return endpoint, fmt.Errorf("Endpoint resolution failed. Invalid operation or environment input.")
+	}
+	return endpoint, fmt.Errorf("endpoint rule error, %s", "A region must be set when sending requests to S3.")
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/generated.json b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/generated.json
index 8643d42ff..414c8124f 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/generated.json
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/generated.json
@@ -9,7 +9,8 @@
         "github.com/aws/aws-sdk-go-v2/service/internal/checksum": "v0.0.0-00010101000000-000000000000",
         "github.com/aws/aws-sdk-go-v2/service/internal/presigned-url": "v1.0.7",
         "github.com/aws/aws-sdk-go-v2/service/internal/s3shared": "v1.2.3",
-        "github.com/aws/smithy-go": "v1.4.0"
+        "github.com/aws/smithy-go": "v1.4.0",
+        "github.com/google/go-cmp": "v0.5.4"
     },
     "files": [
         "api_client.go",
@@ -110,6 +111,7 @@
         "deserializers.go",
         "doc.go",
         "endpoints.go",
+        "endpoints_test.go",
         "eventstream.go",
         "generated.json",
         "internal/endpoints/endpoints.go",
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/go_module_metadata.go
index a79184177..667ff71e4 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/go_module_metadata.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/go_module_metadata.go
@@ -3,4 +3,4 @@
 package s3
 
 // goModuleVersion is the tagged release for this module
-const goModuleVersion = "1.27.11"
+const goModuleVersion = "1.40.0"
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/handwritten_paginators.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/handwritten_paginators.go
new file mode 100644
index 000000000..3d0b25100
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/handwritten_paginators.go
@@ -0,0 +1,204 @@
+package s3
+
+import (
+	"context"
+	"fmt"
+)
+
+// ListObjectVersionsAPIClient is a client that implements the ListObjectVersions
+// operation
+type ListObjectVersionsAPIClient interface {
+	ListObjectVersions(context.Context, *ListObjectVersionsInput, ...func(*Options)) (*ListObjectVersionsOutput, error)
+}
+
+var _ ListObjectVersionsAPIClient = (*Client)(nil)
+
+// ListObjectVersionsPaginatorOptions is the paginator options for ListObjectVersions
+type ListObjectVersionsPaginatorOptions struct {
+	// (Optional) The maximum number of Object Versions that you want Amazon S3 to
+	// return.
+	Limit int32
+
+	// Set to true if pagination should stop if the service returns a pagination token
+	// that matches the most recent token provided to the service.
+	StopOnDuplicateToken bool
+}
+
+// ListObjectVersionsPaginator is a paginator for ListObjectVersions
+type ListObjectVersionsPaginator struct {
+	options         ListObjectVersionsPaginatorOptions
+	client          ListObjectVersionsAPIClient
+	params          *ListObjectVersionsInput
+	firstPage       bool
+	keyMarker       *string
+	versionIDMarker *string
+	isTruncated     bool
+}
+
+// NewListObjectVersionsPaginator returns a new ListObjectVersionsPaginator
+func NewListObjectVersionsPaginator(client ListObjectVersionsAPIClient, params *ListObjectVersionsInput, optFns ...func(*ListObjectVersionsPaginatorOptions)) *ListObjectVersionsPaginator {
+	if params == nil {
+		params = &ListObjectVersionsInput{}
+	}
+
+	options := ListObjectVersionsPaginatorOptions{}
+	options.Limit = params.MaxKeys
+
+	for _, fn := range optFns {
+		fn(&options)
+	}
+
+	return &ListObjectVersionsPaginator{
+		options:         options,
+		client:          client,
+		params:          params,
+		firstPage:       true,
+		keyMarker:       params.KeyMarker,
+		versionIDMarker: params.VersionIdMarker,
+	}
+}
+
+// HasMorePages returns a boolean indicating whether more pages are available
+func (p *ListObjectVersionsPaginator) HasMorePages() bool {
+	return p.firstPage || p.isTruncated
+}
+
+// NextPage retrieves the next ListObjectVersions page.
+func (p *ListObjectVersionsPaginator) NextPage(ctx context.Context, optFns ...func(*Options)) (*ListObjectVersionsOutput, error) {
+	if !p.HasMorePages() {
+		return nil, fmt.Errorf("no more pages available")
+	}
+
+	params := *p.params
+	params.KeyMarker = p.keyMarker
+	params.VersionIdMarker = p.versionIDMarker
+
+	var limit int32
+	if p.options.Limit > 0 {
+		limit = p.options.Limit
+	}
+	params.MaxKeys = limit
+
+	result, err := p.client.ListObjectVersions(ctx, &params, optFns...)
+	if err != nil {
+		return nil, err
+	}
+	p.firstPage = false
+
+	prevToken := p.keyMarker
+	p.isTruncated = result.IsTruncated
+	p.keyMarker = nil
+	p.versionIDMarker = nil
+	if result.IsTruncated {
+		p.keyMarker = result.NextKeyMarker
+		p.versionIDMarker = result.NextVersionIdMarker
+	}
+
+	if p.options.StopOnDuplicateToken &&
+		prevToken != nil &&
+		p.keyMarker != nil &&
+		*prevToken == *p.keyMarker {
+		p.isTruncated = false
+	}
+
+	return result, nil
+}
+
+// ListMultipartUploadsAPIClient is a client that implements the ListMultipartUploads
+// operation
+type ListMultipartUploadsAPIClient interface {
+	ListMultipartUploads(context.Context, *ListMultipartUploadsInput, ...func(*Options)) (*ListMultipartUploadsOutput, error)
+}
+
+var _ ListMultipartUploadsAPIClient = (*Client)(nil)
+
+// ListMultipartUploadsPaginatorOptions is the paginator options for ListMultipartUploads
+type ListMultipartUploadsPaginatorOptions struct {
+	// (Optional) The maximum number of Multipart Uploads that you want Amazon S3 to
+	// return.
+	Limit int32
+
+	// Set to true if pagination should stop if the service returns a pagination token
+	// that matches the most recent token provided to the service.
+	StopOnDuplicateToken bool
+}
+
+// ListMultipartUploadsPaginator is a paginator for ListMultipartUploads
+type ListMultipartUploadsPaginator struct {
+	options        ListMultipartUploadsPaginatorOptions
+	client         ListMultipartUploadsAPIClient
+	params         *ListMultipartUploadsInput
+	firstPage      bool
+	keyMarker      *string
+	uploadIDMarker *string
+	isTruncated    bool
+}
+
+// NewListMultipartUploadsPaginator returns a new ListMultipartUploadsPaginator
+func NewListMultipartUploadsPaginator(client ListMultipartUploadsAPIClient, params *ListMultipartUploadsInput, optFns ...func(*ListMultipartUploadsPaginatorOptions)) *ListMultipartUploadsPaginator {
+	if params == nil {
+		params = &ListMultipartUploadsInput{}
+	}
+
+	options := ListMultipartUploadsPaginatorOptions{}
+	options.Limit = params.MaxUploads
+
+	for _, fn := range optFns {
+		fn(&options)
+	}
+
+	return &ListMultipartUploadsPaginator{
+		options:        options,
+		client:         client,
+		params:         params,
+		firstPage:      true,
+		keyMarker:      params.KeyMarker,
+		uploadIDMarker: params.UploadIdMarker,
+	}
+}
+
+// HasMorePages returns a boolean indicating whether more pages are available
+func (p *ListMultipartUploadsPaginator) HasMorePages() bool {
+	return p.firstPage || p.isTruncated
+}
+
+// NextPage retrieves the next ListMultipartUploads page.
+func (p *ListMultipartUploadsPaginator) NextPage(ctx context.Context, optFns ...func(*Options)) (*ListMultipartUploadsOutput, error) {
+	if !p.HasMorePages() {
+		return nil, fmt.Errorf("no more pages available")
+	}
+
+	params := *p.params
+	params.KeyMarker = p.keyMarker
+	params.UploadIdMarker = p.uploadIDMarker
+
+	var limit int32
+	if p.options.Limit > 0 {
+		limit = p.options.Limit
+	}
+	params.MaxUploads = limit
+
+	result, err := p.client.ListMultipartUploads(ctx, &params, optFns...)
+	if err != nil {
+		return nil, err
+	}
+	p.firstPage = false
+
+	prevToken := p.keyMarker
+	p.isTruncated = result.IsTruncated
+	p.keyMarker = nil
+	p.uploadIDMarker = nil
+	if result.IsTruncated {
+		p.keyMarker = result.NextKeyMarker
+		p.uploadIDMarker = result.NextUploadIdMarker
+	}
+
+	if p.options.StopOnDuplicateToken &&
+		prevToken != nil &&
+		p.keyMarker != nil &&
+		*prevToken == *p.keyMarker {
+		p.isTruncated = false
+	}
+
+	return result, nil
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations/doc.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations/doc.go
index 9a392d120..e1d1cbefa 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations/doc.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations/doc.go
@@ -46,7 +46,6 @@ an request is serialized, and removes the serialized bucket name from request pa
 
 	Middleware layering:
 
-
 	Initialize : HTTP Request -> ARN Lookup -> Input-Validation -> Serialize step
 
 	Serialize : HTTP Request -> Process ARN -> operation serializer -> Update-Endpoint customization -> Remove-Bucket -> next middleware
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations/process_arn_resource.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations/process_arn_resource.go
index a232e622b..bbc971f2a 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations/process_arn_resource.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations/process_arn_resource.go
@@ -50,6 +50,10 @@ func (m *processARNResource) HandleSerialize(
 ) (
 	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
 ) {
+	if !awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
 	// check if arn was provided, if not skip this middleware
 	arnValue, ok := s3shared.GetARNResourceFromContext(ctx)
 	if !ok {
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations/remove_bucket_middleware.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations/remove_bucket_middleware.go
index 2e030f29c..cf3f4dc8b 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations/remove_bucket_middleware.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations/remove_bucket_middleware.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"fmt"
 
+	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/smithy-go/middleware"
 	"github.com/aws/smithy-go/transport/http"
 )
@@ -21,6 +22,10 @@ func (m *removeBucketFromPathMiddleware) HandleSerialize(
 ) (
 	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
 ) {
+	if !awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
 	// check if a bucket removal from HTTP path is required
 	bucket, ok := getRemoveBucketFromPath(ctx)
 	if !ok {
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations/s3_object_lambda.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations/s3_object_lambda.go
index 325b2d369..6e1d44724 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations/s3_object_lambda.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations/s3_object_lambda.go
@@ -30,6 +30,10 @@ func (t *s3ObjectLambdaEndpoint) HandleSerialize(
 ) (
 	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
 ) {
+	if !awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
 	if !t.UseEndpoint {
 		return next.HandleSerialize(ctx, in)
 	}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations/signer_wrapper.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations/signer_wrapper.go
index 6689acb8e..4408f3e8a 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations/signer_wrapper.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations/signer_wrapper.go
@@ -3,6 +3,7 @@ package customizations
 import (
 	"context"
 	"fmt"
+	"strings"
 
 	"github.com/aws/aws-sdk-go-v2/aws"
 	v4 "github.com/aws/aws-sdk-go-v2/aws/signer/v4"
@@ -83,8 +84,8 @@ func (s *SignHTTPRequestMiddleware) HandleFinalize(ctx context.Context, in middl
 	// fetch signer type from context
 	signerVersion := GetSignerVersion(ctx)
 
-	switch signerVersion {
-	case v4a.Version:
+	// SigV4a
+	if strings.EqualFold(signerVersion, v4a.Version) {
 		v4aCredentialProvider, ok := s.credentialsProvider.(v4a.CredentialsProvider)
 		if !ok {
 			return out, metadata, fmt.Errorf("invalid credential-provider provided for sigV4a Signer")
@@ -96,15 +97,14 @@ func (s *SignHTTPRequestMiddleware) HandleFinalize(ctx context.Context, in middl
 			LogSigning:  s.logSigning,
 		})
 		return mw.HandleFinalize(ctx, in, next)
-
-	default:
-		mw := v4.NewSignHTTPRequestMiddleware(v4.SignHTTPRequestMiddlewareOptions{
-			CredentialsProvider: s.credentialsProvider,
-			Signer:              s.v4Signer,
-			LogSigning:          s.logSigning,
-		})
-		return mw.HandleFinalize(ctx, in, next)
 	}
+	// SigV4
+	mw := v4.NewSignHTTPRequestMiddleware(v4.SignHTTPRequestMiddlewareOptions{
+		CredentialsProvider: s.credentialsProvider,
+		Signer:              s.v4Signer,
+		LogSigning:          s.logSigning,
+	})
+	return mw.HandleFinalize(ctx, in, next)
 }
 
 // RegisterSigningMiddleware registers the wrapper signing middleware to the stack. If a signing middleware is already
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations/update_endpoint.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations/update_endpoint.go
index e5f95254a..eedfc7eef 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations/update_endpoint.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations/update_endpoint.go
@@ -69,9 +69,9 @@ func UpdateEndpoint(stack *middleware.Stack, options UpdateEndpointOptions) (err
 	const serializerID = "OperationSerializer"
 
 	// initial arn look up middleware
-	err = stack.Initialize.Add(&s3shared.ARNLookup{
+	err = stack.Initialize.Insert(&s3shared.ARNLookup{
 		GetARNValue: options.Accessor.GetBucketFromInput,
-	}, middleware.Before)
+	}, "legacyEndpointContextSetter", middleware.After)
 	if err != nil {
 		return err
 	}
@@ -141,6 +141,10 @@ func (u *updateEndpoint) HandleSerialize(
 ) (
 	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
 ) {
+	if !awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
 	// if arn was processed, skip this middleware
 	if _, ok := s3shared.GetARNResourceFromContext(ctx); ok {
 		return next.HandleSerialize(ctx, in)
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/internal/endpoints/endpoints.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/internal/endpoints/endpoints.go
index 4b8457ebf..c7e5f6d2b 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/internal/endpoints/endpoints.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/internal/endpoints/endpoints.go
@@ -91,13 +91,17 @@ var partitionRegexp = struct {
 	AwsCn    *regexp.Regexp
 	AwsIso   *regexp.Regexp
 	AwsIsoB  *regexp.Regexp
+	AwsIsoE  *regexp.Regexp
+	AwsIsoF  *regexp.Regexp
 	AwsUsGov *regexp.Regexp
 }{
 
-	Aws:      regexp.MustCompile("^(us|eu|ap|sa|ca|me|af)\\-\\w+\\-\\d+$"),
+	Aws:      regexp.MustCompile("^(us|eu|ap|sa|ca|me|af|il)\\-\\w+\\-\\d+$"),
 	AwsCn:    regexp.MustCompile("^cn\\-\\w+\\-\\d+$"),
 	AwsIso:   regexp.MustCompile("^us\\-iso\\-\\w+\\-\\d+$"),
 	AwsIsoB:  regexp.MustCompile("^us\\-isob\\-\\w+\\-\\d+$"),
+	AwsIsoE:  regexp.MustCompile("^eu\\-isoe\\-\\w+\\-\\d+$"),
+	AwsIsoF:  regexp.MustCompile("^us\\-isof\\-\\w+\\-\\d+$"),
 	AwsUsGov: regexp.MustCompile("^us\\-gov\\-\\w+\\-\\d+$"),
 }
 
@@ -195,6 +199,15 @@ var defaultPartitions = endpoints.Partitions{
 			}: {
 				Hostname: "s3.dualstack.ap-south-1.amazonaws.com",
 			},
+			endpoints.EndpointKey{
+				Region: "ap-south-2",
+			}: endpoints.Endpoint{},
+			endpoints.EndpointKey{
+				Region:  "ap-south-2",
+				Variant: endpoints.DualStackVariant,
+			}: {
+				Hostname: "s3.dualstack.ap-south-2.amazonaws.com",
+			},
 			endpoints.EndpointKey{
 				Region: "ap-southeast-1",
 			}: endpoints.Endpoint{
@@ -230,6 +243,15 @@ var defaultPartitions = endpoints.Partitions{
 			}: {
 				Hostname: "s3.dualstack.ap-southeast-3.amazonaws.com",
 			},
+			endpoints.EndpointKey{
+				Region: "ap-southeast-4",
+			}: endpoints.Endpoint{},
+			endpoints.EndpointKey{
+				Region:  "ap-southeast-4",
+				Variant: endpoints.DualStackVariant,
+			}: {
+				Hostname: "s3.dualstack.ap-southeast-4.amazonaws.com",
+			},
 			endpoints.EndpointKey{
 				Region: "aws-global",
 			}: endpoints.Endpoint{
@@ -269,6 +291,15 @@ var defaultPartitions = endpoints.Partitions{
 			}: {
 				Hostname: "s3.dualstack.eu-central-1.amazonaws.com",
 			},
+			endpoints.EndpointKey{
+				Region: "eu-central-2",
+			}: endpoints.Endpoint{},
+			endpoints.EndpointKey{
+				Region:  "eu-central-2",
+				Variant: endpoints.DualStackVariant,
+			}: {
+				Hostname: "s3.dualstack.eu-central-2.amazonaws.com",
+			},
 			endpoints.EndpointKey{
 				Region: "eu-north-1",
 			}: endpoints.Endpoint{},
@@ -287,6 +318,15 @@ var defaultPartitions = endpoints.Partitions{
 			}: {
 				Hostname: "s3.dualstack.eu-south-1.amazonaws.com",
 			},
+			endpoints.EndpointKey{
+				Region: "eu-south-2",
+			}: endpoints.Endpoint{},
+			endpoints.EndpointKey{
+				Region:  "eu-south-2",
+				Variant: endpoints.DualStackVariant,
+			}: {
+				Hostname: "s3.dualstack.eu-south-2.amazonaws.com",
+			},
 			endpoints.EndpointKey{
 				Region: "eu-west-1",
 			}: endpoints.Endpoint{
@@ -363,6 +403,15 @@ var defaultPartitions = endpoints.Partitions{
 				},
 				Deprecated: aws.TrueTernary,
 			},
+			endpoints.EndpointKey{
+				Region: "il-central-1",
+			}: endpoints.Endpoint{},
+			endpoints.EndpointKey{
+				Region:  "il-central-1",
+				Variant: endpoints.DualStackVariant,
+			}: {
+				Hostname: "s3.dualstack.il-central-1.amazonaws.com",
+			},
 			endpoints.EndpointKey{
 				Region: "me-central-1",
 			}: endpoints.Endpoint{},
@@ -620,6 +669,48 @@ var defaultPartitions = endpoints.Partitions{
 			}: endpoints.Endpoint{},
 		},
 	},
+	{
+		ID: "aws-iso-e",
+		Defaults: map[endpoints.DefaultKey]endpoints.Endpoint{
+			{
+				Variant: endpoints.FIPSVariant,
+			}: {
+				Hostname:          "s3-fips.{region}.cloud.adc-e.uk",
+				Protocols:         []string{"https"},
+				SignatureVersions: []string{"v4"},
+			},
+			{
+				Variant: 0,
+			}: {
+				Hostname:          "s3.{region}.cloud.adc-e.uk",
+				Protocols:         []string{"https"},
+				SignatureVersions: []string{"v4"},
+			},
+		},
+		RegionRegex:    partitionRegexp.AwsIsoE,
+		IsRegionalized: true,
+	},
+	{
+		ID: "aws-iso-f",
+		Defaults: map[endpoints.DefaultKey]endpoints.Endpoint{
+			{
+				Variant: endpoints.FIPSVariant,
+			}: {
+				Hostname:          "s3-fips.{region}.csp.hci.ic.gov",
+				Protocols:         []string{"https"},
+				SignatureVersions: []string{"v4"},
+			},
+			{
+				Variant: 0,
+			}: {
+				Hostname:          "s3.{region}.csp.hci.ic.gov",
+				Protocols:         []string{"https"},
+				SignatureVersions: []string{"v4"},
+			},
+		},
+		RegionRegex:    partitionRegexp.AwsIsoF,
+		IsRegionalized: true,
+	},
 	{
 		ID: "aws-us-gov",
 		Defaults: map[endpoints.DefaultKey]endpoints.Endpoint{
@@ -785,6 +876,32 @@ func GetDNSSuffix(id string, options Options) (string, error) {
 
 		}
 
+	case strings.EqualFold(id, "aws-iso-e"):
+		switch variant {
+		case endpoints.FIPSVariant:
+			return "cloud.adc-e.uk", nil
+
+		case 0:
+			return "cloud.adc-e.uk", nil
+
+		default:
+			return "", fmt.Errorf("unsupported endpoint variant %v, in partition %s", variant, id)
+
+		}
+
+	case strings.EqualFold(id, "aws-iso-f"):
+		switch variant {
+		case endpoints.FIPSVariant:
+			return "csp.hci.ic.gov", nil
+
+		case 0:
+			return "csp.hci.ic.gov", nil
+
+		default:
+			return "", fmt.Errorf("unsupported endpoint variant %v, in partition %s", variant, id)
+
+		}
+
 	case strings.EqualFold(id, "aws-us-gov"):
 		switch variant {
 		case endpoints.DualStackVariant:
@@ -826,6 +943,12 @@ func GetDNSSuffixFromRegion(region string, options Options) (string, error) {
 	case partitionRegexp.AwsIsoB.MatchString(region):
 		return GetDNSSuffix("aws-iso-b", options)
 
+	case partitionRegexp.AwsIsoE.MatchString(region):
+		return GetDNSSuffix("aws-iso-e", options)
+
+	case partitionRegexp.AwsIsoF.MatchString(region):
+		return GetDNSSuffix("aws-iso-f", options)
+
 	case partitionRegexp.AwsUsGov.MatchString(region):
 		return GetDNSSuffix("aws-us-gov", options)
 
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/serialize_immutable_hostname_bucket.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/serialize_immutable_hostname_bucket.go
new file mode 100644
index 000000000..cb22779fb
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/serialize_immutable_hostname_bucket.go
@@ -0,0 +1,72 @@
+package s3
+
+import (
+	"context"
+	"fmt"
+	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
+	"path"
+
+	"github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn"
+	smithy "github.com/aws/smithy-go"
+	"github.com/aws/smithy-go/encoding/httpbinding"
+	"github.com/aws/smithy-go/middleware"
+	smithyhttp "github.com/aws/smithy-go/transport/http"
+)
+
+// serializeImmutableHostnameBucketMiddleware handles injecting the bucket name into
+// "immutable" hostnames resolved via v1 EndpointResolvers. This CANNOT be done in
+// serialization, since v2 endpoint resolution requires removing the {Bucket} path
+// segment from all S3 requests.
+//
+// This will only be done for non-ARN buckets, as the features that use those require
+// virtualhost manipulation to function and we previously (pre-ep2) expected the caller
+// to handle that in their resolver.
+type serializeImmutableHostnameBucketMiddleware struct {
+	UsePathStyle bool
+}
+
+func (*serializeImmutableHostnameBucketMiddleware) ID() string {
+	return "serializeImmutableHostnameBucket"
+}
+
+func (m *serializeImmutableHostnameBucketMiddleware) HandleSerialize(
+	ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler,
+) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	request, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown transport type %T", in.Request)}
+	}
+	if !smithyhttp.GetHostnameImmutable(ctx) &&
+		!(awsmiddleware.GetRequiresLegacyEndpoints(ctx) && m.UsePathStyle) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	bucket, ok := bucketFromInput(in.Parameters)
+	if !ok {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	parsedBucket := awsrulesfn.ParseARN(bucket)
+
+	// disallow ARN buckets except for MRAP arns
+	if parsedBucket != nil && len(parsedBucket.Region) > 0 {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	request.URL.Path = path.Join(request.URL.Path, bucket)
+	request.URL.RawPath = path.Join(request.URL.RawPath, httpbinding.EscapePath(bucket, true))
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addSerializeImmutableHostnameBucketMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(
+		&serializeImmutableHostnameBucketMiddleware{
+			UsePathStyle: options.UsePathStyle,
+		},
+		"OperationSerializer",
+		middleware.Before,
+	)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/serializers.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/serializers.go
index 126dedcf3..463f6b706 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/serializers.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/serializers.go
@@ -39,11 +39,18 @@ func (m *awsRestxml_serializeOpAbortMultipartUpload) HandleSerialize(ctx context
 		return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown input parameters type %T", in.Parameters)}
 	}
 
-	opPath, opQuery := httpbinding.SplitURI("/{Bucket}/{Key+}?x-id=AbortMultipartUpload")
+	opPath, opQuery := httpbinding.SplitURI("/{Key+}?x-id=AbortMultipartUpload")
 	request.URL.Path = smithyhttp.JoinPath(request.URL.Path, opPath)
 	request.URL.RawQuery = smithyhttp.JoinRawQuery(request.URL.RawQuery, opQuery)
 	request.Method = "DELETE"
-	restEncoder, err := httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	var restEncoder *httpbinding.Encoder
+	if request.URL.RawPath == "" {
+		restEncoder, err = httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	} else {
+		request.URL.RawPath = smithyhttp.JoinPath(request.URL.RawPath, opPath)
+		restEncoder, err = httpbinding.NewEncoderWithRawPath(request.URL.Path, request.URL.RawPath, request.URL.RawQuery, request.Header)
+	}
+
 	if err != nil {
 		return out, metadata, &smithy.SerializationError{Err: err}
 	}
@@ -64,15 +71,6 @@ func awsRestxml_serializeOpHttpBindingsAbortMultipartUploadInput(v *AbortMultipa
 		return fmt.Errorf("unsupported serialization of nil %T", v)
 	}
 
-	if v.Bucket == nil || len(*v.Bucket) == 0 {
-		return &smithy.SerializationError{Err: fmt.Errorf("input member Bucket must not be empty")}
-	}
-	if v.Bucket != nil {
-		if err := encoder.SetURI("Bucket").String(*v.Bucket); err != nil {
-			return err
-		}
-	}
-
 	if v.ExpectedBucketOwner != nil && len(*v.ExpectedBucketOwner) > 0 {
 		locationName := "X-Amz-Expected-Bucket-Owner"
 		encoder.SetHeader(locationName).String(*v.ExpectedBucketOwner)
@@ -120,11 +118,18 @@ func (m *awsRestxml_serializeOpCompleteMultipartUpload) HandleSerialize(ctx cont
 		return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown input parameters type %T", in.Parameters)}
 	}
 
-	opPath, opQuery := httpbinding.SplitURI("/{Bucket}/{Key+}?x-id=CompleteMultipartUpload")
+	opPath, opQuery := httpbinding.SplitURI("/{Key+}?x-id=CompleteMultipartUpload")
 	request.URL.Path = smithyhttp.JoinPath(request.URL.Path, opPath)
 	request.URL.RawQuery = smithyhttp.JoinRawQuery(request.URL.RawQuery, opQuery)
 	request.Method = "POST"
-	restEncoder, err := httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	var restEncoder *httpbinding.Encoder
+	if request.URL.RawPath == "" {
+		restEncoder, err = httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	} else {
+		request.URL.RawPath = smithyhttp.JoinPath(request.URL.RawPath, opPath)
+		restEncoder, err = httpbinding.NewEncoderWithRawPath(request.URL.Path, request.URL.RawPath, request.URL.RawQuery, request.Header)
+	}
+
 	if err != nil {
 		return out, metadata, &smithy.SerializationError{Err: err}
 	}
@@ -169,15 +174,6 @@ func awsRestxml_serializeOpHttpBindingsCompleteMultipartUploadInput(v *CompleteM
 		return fmt.Errorf("unsupported serialization of nil %T", v)
 	}
 
-	if v.Bucket == nil || len(*v.Bucket) == 0 {
-		return &smithy.SerializationError{Err: fmt.Errorf("input member Bucket must not be empty")}
-	}
-	if v.Bucket != nil {
-		if err := encoder.SetURI("Bucket").String(*v.Bucket); err != nil {
-			return err
-		}
-	}
-
 	if v.ChecksumCRC32 != nil && len(*v.ChecksumCRC32) > 0 {
 		locationName := "X-Amz-Checksum-Crc32"
 		encoder.SetHeader(locationName).String(*v.ChecksumCRC32)
@@ -260,11 +256,18 @@ func (m *awsRestxml_serializeOpCopyObject) HandleSerialize(ctx context.Context,
 		return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown input parameters type %T", in.Parameters)}
 	}
 
-	opPath, opQuery := httpbinding.SplitURI("/{Bucket}/{Key+}?x-id=CopyObject")
+	opPath, opQuery := httpbinding.SplitURI("/{Key+}?x-id=CopyObject")
 	request.URL.Path = smithyhttp.JoinPath(request.URL.Path, opPath)
 	request.URL.RawQuery = smithyhttp.JoinRawQuery(request.URL.RawQuery, opQuery)
 	request.Method = "PUT"
-	restEncoder, err := httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	var restEncoder *httpbinding.Encoder
+	if request.URL.RawPath == "" {
+		restEncoder, err = httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	} else {
+		request.URL.RawPath = smithyhttp.JoinPath(request.URL.RawPath, opPath)
+		restEncoder, err = httpbinding.NewEncoderWithRawPath(request.URL.Path, request.URL.RawPath, request.URL.RawQuery, request.Header)
+	}
+
 	if err != nil {
 		return out, metadata, &smithy.SerializationError{Err: err}
 	}
@@ -290,15 +293,6 @@ func awsRestxml_serializeOpHttpBindingsCopyObjectInput(v *CopyObjectInput, encod
 		encoder.SetHeader(locationName).String(string(v.ACL))
 	}
 
-	if v.Bucket == nil || len(*v.Bucket) == 0 {
-		return &smithy.SerializationError{Err: fmt.Errorf("input member Bucket must not be empty")}
-	}
-	if v.Bucket != nil {
-		if err := encoder.SetURI("Bucket").String(*v.Bucket); err != nil {
-			return err
-		}
-	}
-
 	if v.BucketKeyEnabled {
 		locationName := "X-Amz-Server-Side-Encryption-Bucket-Key-Enabled"
 		encoder.SetHeader(locationName).Boolean(v.BucketKeyEnabled)
@@ -526,11 +520,18 @@ func (m *awsRestxml_serializeOpCreateBucket) HandleSerialize(ctx context.Context
 		return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown input parameters type %T", in.Parameters)}
 	}
 
-	opPath, opQuery := httpbinding.SplitURI("/{Bucket}")
+	opPath, opQuery := httpbinding.SplitURI("/")
 	request.URL.Path = smithyhttp.JoinPath(request.URL.Path, opPath)
 	request.URL.RawQuery = smithyhttp.JoinRawQuery(request.URL.RawQuery, opQuery)
 	request.Method = "PUT"
-	restEncoder, err := httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	var restEncoder *httpbinding.Encoder
+	if request.URL.RawPath == "" {
+		restEncoder, err = httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	} else {
+		request.URL.RawPath = smithyhttp.JoinPath(request.URL.RawPath, opPath)
+		restEncoder, err = httpbinding.NewEncoderWithRawPath(request.URL.Path, request.URL.RawPath, request.URL.RawQuery, request.Header)
+	}
+
 	if err != nil {
 		return out, metadata, &smithy.SerializationError{Err: err}
 	}
@@ -580,15 +581,6 @@ func awsRestxml_serializeOpHttpBindingsCreateBucketInput(v *CreateBucketInput, e
 		encoder.SetHeader(locationName).String(string(v.ACL))
 	}
 
-	if v.Bucket == nil || len(*v.Bucket) == 0 {
-		return &smithy.SerializationError{Err: fmt.Errorf("input member Bucket must not be empty")}
-	}
-	if v.Bucket != nil {
-		if err := encoder.SetURI("Bucket").String(*v.Bucket); err != nil {
-			return err
-		}
-	}
-
 	if v.GrantFullControl != nil && len(*v.GrantFullControl) > 0 {
 		locationName := "X-Amz-Grant-Full-Control"
 		encoder.SetHeader(locationName).String(*v.GrantFullControl)
@@ -648,11 +640,18 @@ func (m *awsRestxml_serializeOpCreateMultipartUpload) HandleSerialize(ctx contex
 		return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown input parameters type %T", in.Parameters)}
 	}
 
-	opPath, opQuery := httpbinding.SplitURI("/{Bucket}/{Key+}?uploads&x-id=CreateMultipartUpload")
+	opPath, opQuery := httpbinding.SplitURI("/{Key+}?uploads&x-id=CreateMultipartUpload")
 	request.URL.Path = smithyhttp.JoinPath(request.URL.Path, opPath)
 	request.URL.RawQuery = smithyhttp.JoinRawQuery(request.URL.RawQuery, opQuery)
 	request.Method = "POST"
-	restEncoder, err := httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	var restEncoder *httpbinding.Encoder
+	if request.URL.RawPath == "" {
+		restEncoder, err = httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	} else {
+		request.URL.RawPath = smithyhttp.JoinPath(request.URL.RawPath, opPath)
+		restEncoder, err = httpbinding.NewEncoderWithRawPath(request.URL.Path, request.URL.RawPath, request.URL.RawQuery, request.Header)
+	}
+
 	if err != nil {
 		return out, metadata, &smithy.SerializationError{Err: err}
 	}
@@ -678,15 +677,6 @@ func awsRestxml_serializeOpHttpBindingsCreateMultipartUploadInput(v *CreateMulti
 		encoder.SetHeader(locationName).String(string(v.ACL))
 	}
 
-	if v.Bucket == nil || len(*v.Bucket) == 0 {
-		return &smithy.SerializationError{Err: fmt.Errorf("input member Bucket must not be empty")}
-	}
-	if v.Bucket != nil {
-		if err := encoder.SetURI("Bucket").String(*v.Bucket); err != nil {
-			return err
-		}
-	}
-
 	if v.BucketKeyEnabled {
 		locationName := "X-Amz-Server-Side-Encryption-Bucket-Key-Enabled"
 		encoder.SetHeader(locationName).Boolean(v.BucketKeyEnabled)
@@ -859,11 +849,18 @@ func (m *awsRestxml_serializeOpDeleteBucket) HandleSerialize(ctx context.Context
 		return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown input parameters type %T", in.Parameters)}
 	}
 
-	opPath, opQuery := httpbinding.SplitURI("/{Bucket}")
+	opPath, opQuery := httpbinding.SplitURI("/")
 	request.URL.Path = smithyhttp.JoinPath(request.URL.Path, opPath)
 	request.URL.RawQuery = smithyhttp.JoinRawQuery(request.URL.RawQuery, opQuery)
 	request.Method = "DELETE"
-	restEncoder, err := httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	var restEncoder *httpbinding.Encoder
+	if request.URL.RawPath == "" {
+		restEncoder, err = httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	} else {
+		request.URL.RawPath = smithyhttp.JoinPath(request.URL.RawPath, opPath)
+		restEncoder, err = httpbinding.NewEncoderWithRawPath(request.URL.Path, request.URL.RawPath, request.URL.RawQuery, request.Header)
+	}
+
 	if err != nil {
 		return out, metadata, &smithy.SerializationError{Err: err}
 	}
@@ -884,15 +881,6 @@ func awsRestxml_serializeOpHttpBindingsDeleteBucketInput(v *DeleteBucketInput, e
 		return fmt.Errorf("unsupported serialization of nil %T", v)
 	}
 
-	if v.Bucket == nil || len(*v.Bucket) == 0 {
-		return &smithy.SerializationError{Err: fmt.Errorf("input member Bucket must not be empty")}
-	}
-	if v.Bucket != nil {
-		if err := encoder.SetURI("Bucket").String(*v.Bucket); err != nil {
-			return err
-		}
-	}
-
 	if v.ExpectedBucketOwner != nil && len(*v.ExpectedBucketOwner) > 0 {
 		locationName := "X-Amz-Expected-Bucket-Owner"
 		encoder.SetHeader(locationName).String(*v.ExpectedBucketOwner)
@@ -922,11 +910,18 @@ func (m *awsRestxml_serializeOpDeleteBucketAnalyticsConfiguration) HandleSeriali
 		return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown input parameters type %T", in.Parameters)}
 	}
 
-	opPath, opQuery := httpbinding.SplitURI("/{Bucket}?analytics")
+	opPath, opQuery := httpbinding.SplitURI("/?analytics")
 	request.URL.Path = smithyhttp.JoinPath(request.URL.Path, opPath)
 	request.URL.RawQuery = smithyhttp.JoinRawQuery(request.URL.RawQuery, opQuery)
 	request.Method = "DELETE"
-	restEncoder, err := httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	var restEncoder *httpbinding.Encoder
+	if request.URL.RawPath == "" {
+		restEncoder, err = httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	} else {
+		request.URL.RawPath = smithyhttp.JoinPath(request.URL.RawPath, opPath)
+		restEncoder, err = httpbinding.NewEncoderWithRawPath(request.URL.Path, request.URL.RawPath, request.URL.RawQuery, request.Header)
+	}
+
 	if err != nil {
 		return out, metadata, &smithy.SerializationError{Err: err}
 	}
@@ -947,15 +942,6 @@ func awsRestxml_serializeOpHttpBindingsDeleteBucketAnalyticsConfigurationInput(v
 		return fmt.Errorf("unsupported serialization of nil %T", v)
 	}
 
-	if v.Bucket == nil || len(*v.Bucket) == 0 {
-		return &smithy.SerializationError{Err: fmt.Errorf("input member Bucket must not be empty")}
-	}
-	if v.Bucket != nil {
-		if err := encoder.SetURI("Bucket").String(*v.Bucket); err != nil {
-			return err
-		}
-	}
-
 	if v.ExpectedBucketOwner != nil && len(*v.ExpectedBucketOwner) > 0 {
 		locationName := "X-Amz-Expected-Bucket-Owner"
 		encoder.SetHeader(locationName).String(*v.ExpectedBucketOwner)
@@ -989,11 +975,18 @@ func (m *awsRestxml_serializeOpDeleteBucketCors) HandleSerialize(ctx context.Con
 		return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown input parameters type %T", in.Parameters)}
 	}
 
-	opPath, opQuery := httpbinding.SplitURI("/{Bucket}?cors")
+	opPath, opQuery := httpbinding.SplitURI("/?cors")
 	request.URL.Path = smithyhttp.JoinPath(request.URL.Path, opPath)
 	request.URL.RawQuery = smithyhttp.JoinRawQuery(request.URL.RawQuery, opQuery)
 	request.Method = "DELETE"
-	restEncoder, err := httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	var restEncoder *httpbinding.Encoder
+	if request.URL.RawPath == "" {
+		restEncoder, err = httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	} else {
+		request.URL.RawPath = smithyhttp.JoinPath(request.URL.RawPath, opPath)
+		restEncoder, err = httpbinding.NewEncoderWithRawPath(request.URL.Path, request.URL.RawPath, request.URL.RawQuery, request.Header)
+	}
+
 	if err != nil {
 		return out, metadata, &smithy.SerializationError{Err: err}
 	}
@@ -1014,15 +1007,6 @@ func awsRestxml_serializeOpHttpBindingsDeleteBucketCorsInput(v *DeleteBucketCors
 		return fmt.Errorf("unsupported serialization of nil %T", v)
 	}
 
-	if v.Bucket == nil || len(*v.Bucket) == 0 {
-		return &smithy.SerializationError{Err: fmt.Errorf("input member Bucket must not be empty")}
-	}
-	if v.Bucket != nil {
-		if err := encoder.SetURI("Bucket").String(*v.Bucket); err != nil {
-			return err
-		}
-	}
-
 	if v.ExpectedBucketOwner != nil && len(*v.ExpectedBucketOwner) > 0 {
 		locationName := "X-Amz-Expected-Bucket-Owner"
 		encoder.SetHeader(locationName).String(*v.ExpectedBucketOwner)
@@ -1052,11 +1036,18 @@ func (m *awsRestxml_serializeOpDeleteBucketEncryption) HandleSerialize(ctx conte
 		return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown input parameters type %T", in.Parameters)}
 	}
 
-	opPath, opQuery := httpbinding.SplitURI("/{Bucket}?encryption")
+	opPath, opQuery := httpbinding.SplitURI("/?encryption")
 	request.URL.Path = smithyhttp.JoinPath(request.URL.Path, opPath)
 	request.URL.RawQuery = smithyhttp.JoinRawQuery(request.URL.RawQuery, opQuery)
 	request.Method = "DELETE"
-	restEncoder, err := httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	var restEncoder *httpbinding.Encoder
+	if request.URL.RawPath == "" {
+		restEncoder, err = httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	} else {
+		request.URL.RawPath = smithyhttp.JoinPath(request.URL.RawPath, opPath)
+		restEncoder, err = httpbinding.NewEncoderWithRawPath(request.URL.Path, request.URL.RawPath, request.URL.RawQuery, request.Header)
+	}
+
 	if err != nil {
 		return out, metadata, &smithy.SerializationError{Err: err}
 	}
@@ -1077,15 +1068,6 @@ func awsRestxml_serializeOpHttpBindingsDeleteBucketEncryptionInput(v *DeleteBuck
 		return fmt.Errorf("unsupported serialization of nil %T", v)
 	}
 
-	if v.Bucket == nil || len(*v.Bucket) == 0 {
-		return &smithy.SerializationError{Err: fmt.Errorf("input member Bucket must not be empty")}
-	}
-	if v.Bucket != nil {
-		if err := encoder.SetURI("Bucket").String(*v.Bucket); err != nil {
-			return err
-		}
-	}
-
 	if v.ExpectedBucketOwner != nil && len(*v.ExpectedBucketOwner) > 0 {
 		locationName := "X-Amz-Expected-Bucket-Owner"
 		encoder.SetHeader(locationName).String(*v.ExpectedBucketOwner)
@@ -1115,11 +1097,18 @@ func (m *awsRestxml_serializeOpDeleteBucketIntelligentTieringConfiguration) Hand
 		return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown input parameters type %T", in.Parameters)}
 	}
 
-	opPath, opQuery := httpbinding.SplitURI("/{Bucket}?intelligent-tiering")
+	opPath, opQuery := httpbinding.SplitURI("/?intelligent-tiering")
 	request.URL.Path = smithyhttp.JoinPath(request.URL.Path, opPath)
 	request.URL.RawQuery = smithyhttp.JoinRawQuery(request.URL.RawQuery, opQuery)
 	request.Method = "DELETE"
-	restEncoder, err := httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	var restEncoder *httpbinding.Encoder
+	if request.URL.RawPath == "" {
+		restEncoder, err = httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	} else {
+		request.URL.RawPath = smithyhttp.JoinPath(request.URL.RawPath, opPath)
+		restEncoder, err = httpbinding.NewEncoderWithRawPath(request.URL.Path, request.URL.RawPath, request.URL.RawQuery, request.Header)
+	}
+
 	if err != nil {
 		return out, metadata, &smithy.SerializationError{Err: err}
 	}
@@ -1140,15 +1129,6 @@ func awsRestxml_serializeOpHttpBindingsDeleteBucketIntelligentTieringConfigurati
 		return fmt.Errorf("unsupported serialization of nil %T", v)
 	}
 
-	if v.Bucket == nil || len(*v.Bucket) == 0 {
-		return &smithy.SerializationError{Err: fmt.Errorf("input member Bucket must not be empty")}
-	}
-	if v.Bucket != nil {
-		if err := encoder.SetURI("Bucket").String(*v.Bucket); err != nil {
-			return err
-		}
-	}
-
 	if v.Id != nil {
 		encoder.SetQuery("id").String(*v.Id)
 	}
@@ -1177,11 +1157,18 @@ func (m *awsRestxml_serializeOpDeleteBucketInventoryConfiguration) HandleSeriali
 		return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown input parameters type %T", in.Parameters)}
 	}
 
-	opPath, opQuery := httpbinding.SplitURI("/{Bucket}?inventory")
+	opPath, opQuery := httpbinding.SplitURI("/?inventory")
 	request.URL.Path = smithyhttp.JoinPath(request.URL.Path, opPath)
 	request.URL.RawQuery = smithyhttp.JoinRawQuery(request.URL.RawQuery, opQuery)
 	request.Method = "DELETE"
-	restEncoder, err := httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	var restEncoder *httpbinding.Encoder
+	if request.URL.RawPath == "" {
+		restEncoder, err = httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	} else {
+		request.URL.RawPath = smithyhttp.JoinPath(request.URL.RawPath, opPath)
+		restEncoder, err = httpbinding.NewEncoderWithRawPath(request.URL.Path, request.URL.RawPath, request.URL.RawQuery, request.Header)
+	}
+
 	if err != nil {
 		return out, metadata, &smithy.SerializationError{Err: err}
 	}
@@ -1202,15 +1189,6 @@ func awsRestxml_serializeOpHttpBindingsDeleteBucketInventoryConfigurationInput(v
 		return fmt.Errorf("unsupported serialization of nil %T", v)
 	}
 
-	if v.Bucket == nil || len(*v.Bucket) == 0 {
-		return &smithy.SerializationError{Err: fmt.Errorf("input member Bucket must not be empty")}
-	}
-	if v.Bucket != nil {
-		if err := encoder.SetURI("Bucket").String(*v.Bucket); err != nil {
-			return err
-		}
-	}
-
 	if v.ExpectedBucketOwner != nil && len(*v.ExpectedBucketOwner) > 0 {
 		locationName := "X-Amz-Expected-Bucket-Owner"
 		encoder.SetHeader(locationName).String(*v.ExpectedBucketOwner)
@@ -1244,11 +1222,18 @@ func (m *awsRestxml_serializeOpDeleteBucketLifecycle) HandleSerialize(ctx contex
 		return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown input parameters type %T", in.Parameters)}
 	}
 
-	opPath, opQuery := httpbinding.SplitURI("/{Bucket}?lifecycle")
+	opPath, opQuery := httpbinding.SplitURI("/?lifecycle")
 	request.URL.Path = smithyhttp.JoinPath(request.URL.Path, opPath)
 	request.URL.RawQuery = smithyhttp.JoinRawQuery(request.URL.RawQuery, opQuery)
 	request.Method = "DELETE"
-	restEncoder, err := httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	var restEncoder *httpbinding.Encoder
+	if request.URL.RawPath == "" {
+		restEncoder, err = httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	} else {
+		request.URL.RawPath = smithyhttp.JoinPath(request.URL.RawPath, opPath)
+		restEncoder, err = httpbinding.NewEncoderWithRawPath(request.URL.Path, request.URL.RawPath, request.URL.RawQuery, request.Header)
+	}
+
 	if err != nil {
 		return out, metadata, &smithy.SerializationError{Err: err}
 	}
@@ -1269,15 +1254,6 @@ func awsRestxml_serializeOpHttpBindingsDeleteBucketLifecycleInput(v *DeleteBucke
 		return fmt.Errorf("unsupported serialization of nil %T", v)
 	}
 
-	if v.Bucket == nil || len(*v.Bucket) == 0 {
-		return &smithy.SerializationError{Err: fmt.Errorf("input member Bucket must not be empty")}
-	}
-	if v.Bucket != nil {
-		if err := encoder.SetURI("Bucket").String(*v.Bucket); err != nil {
-			return err
-		}
-	}
-
 	if v.ExpectedBucketOwner != nil && len(*v.ExpectedBucketOwner) > 0 {
 		locationName := "X-Amz-Expected-Bucket-Owner"
 		encoder.SetHeader(locationName).String(*v.ExpectedBucketOwner)
@@ -1307,11 +1283,18 @@ func (m *awsRestxml_serializeOpDeleteBucketMetricsConfiguration) HandleSerialize
 		return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown input parameters type %T", in.Parameters)}
 	}
 
-	opPath, opQuery := httpbinding.SplitURI("/{Bucket}?metrics")
+	opPath, opQuery := httpbinding.SplitURI("/?metrics")
 	request.URL.Path = smithyhttp.JoinPath(request.URL.Path, opPath)
 	request.URL.RawQuery = smithyhttp.JoinRawQuery(request.URL.RawQuery, opQuery)
 	request.Method = "DELETE"
-	restEncoder, err := httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	var restEncoder *httpbinding.Encoder
+	if request.URL.RawPath == "" {
+		restEncoder, err = httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	} else {
+		request.URL.RawPath = smithyhttp.JoinPath(request.URL.RawPath, opPath)
+		restEncoder, err = httpbinding.NewEncoderWithRawPath(request.URL.Path, request.URL.RawPath, request.URL.RawQuery, request.Header)
+	}
+
 	if err != nil {
 		return out, metadata, &smithy.SerializationError{Err: err}
 	}
@@ -1332,15 +1315,6 @@ func awsRestxml_serializeOpHttpBindingsDeleteBucketMetricsConfigurationInput(v *
 		return fmt.Errorf("unsupported serialization of nil %T", v)
 	}
 
-	if v.Bucket == nil || len(*v.Bucket) == 0 {
-		return &smithy.SerializationError{Err: fmt.Errorf("input member Bucket must not be empty")}
-	}
-	if v.Bucket != nil {
-		if err := encoder.SetURI("Bucket").String(*v.Bucket); err != nil {
-			return err
-		}
-	}
-
 	if v.ExpectedBucketOwner != nil && len(*v.ExpectedBucketOwner) > 0 {
 		locationName := "X-Amz-Expected-Bucket-Owner"
 		encoder.SetHeader(locationName).String(*v.ExpectedBucketOwner)
@@ -1374,11 +1348,18 @@ func (m *awsRestxml_serializeOpDeleteBucketOwnershipControls) HandleSerialize(ct
 		return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown input parameters type %T", in.Parameters)}
 	}
 
-	opPath, opQuery := httpbinding.SplitURI("/{Bucket}?ownershipControls")
+	opPath, opQuery := httpbinding.SplitURI("/?ownershipControls")
 	request.URL.Path = smithyhttp.JoinPath(request.URL.Path, opPath)
 	request.URL.RawQuery = smithyhttp.JoinRawQuery(request.URL.RawQuery, opQuery)
 	request.Method = "DELETE"
-	restEncoder, err := httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	var restEncoder *httpbinding.Encoder
+	if request.URL.RawPath == "" {
+		restEncoder, err = httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	} else {
+		request.URL.RawPath = smithyhttp.JoinPath(request.URL.RawPath, opPath)
+		restEncoder, err = httpbinding.NewEncoderWithRawPath(request.URL.Path, request.URL.RawPath, request.URL.RawQuery, request.Header)
+	}
+
 	if err != nil {
 		return out, metadata, &smithy.SerializationError{Err: err}
 	}
@@ -1399,15 +1380,6 @@ func awsRestxml_serializeOpHttpBindingsDeleteBucketOwnershipControlsInput(v *Del
 		return fmt.Errorf("unsupported serialization of nil %T", v)
 	}
 
-	if v.Bucket == nil || len(*v.Bucket) == 0 {
-		return &smithy.SerializationError{Err: fmt.Errorf("input member Bucket must not be empty")}
-	}
-	if v.Bucket != nil {
-		if err := encoder.SetURI("Bucket").String(*v.Bucket); err != nil {
-			return err
-		}
-	}
-
 	if v.ExpectedBucketOwner != nil && len(*v.ExpectedBucketOwner) > 0 {
 		locationName := "X-Amz-Expected-Bucket-Owner"
 		encoder.SetHeader(locationName).String(*v.ExpectedBucketOwner)
@@ -1437,11 +1409,18 @@ func (m *awsRestxml_serializeOpDeleteBucketPolicy) HandleSerialize(ctx context.C
 		return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown input parameters type %T", in.Parameters)}
 	}
 
-	opPath, opQuery := httpbinding.SplitURI("/{Bucket}?policy")
+	opPath, opQuery := httpbinding.SplitURI("/?policy")
 	request.URL.Path = smithyhttp.JoinPath(request.URL.Path, opPath)
 	request.URL.RawQuery = smithyhttp.JoinRawQuery(request.URL.RawQuery, opQuery)
 	request.Method = "DELETE"
-	restEncoder, err := httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	var restEncoder *httpbinding.Encoder
+	if request.URL.RawPath == "" {
+		restEncoder, err = httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	} else {
+		request.URL.RawPath = smithyhttp.JoinPath(request.URL.RawPath, opPath)
+		restEncoder, err = httpbinding.NewEncoderWithRawPath(request.URL.Path, request.URL.RawPath, request.URL.RawQuery, request.Header)
+	}
+
 	if err != nil {
 		return out, metadata, &smithy.SerializationError{Err: err}
 	}
@@ -1462,15 +1441,6 @@ func awsRestxml_serializeOpHttpBindingsDeleteBucketPolicyInput(v *DeleteBucketPo
 		return fmt.Errorf("unsupported serialization of nil %T", v)
 	}
 
-	if v.Bucket == nil || len(*v.Bucket) == 0 {
-		return &smithy.SerializationError{Err: fmt.Errorf("input member Bucket must not be empty")}
-	}
-	if v.Bucket != nil {
-		if err := encoder.SetURI("Bucket").String(*v.Bucket); err != nil {
-			return err
-		}
-	}
-
 	if v.ExpectedBucketOwner != nil && len(*v.ExpectedBucketOwner) > 0 {
 		locationName := "X-Amz-Expected-Bucket-Owner"
 		encoder.SetHeader(locationName).String(*v.ExpectedBucketOwner)
@@ -1500,11 +1470,18 @@ func (m *awsRestxml_serializeOpDeleteBucketReplication) HandleSerialize(ctx cont
 		return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown input parameters type %T", in.Parameters)}
 	}
 
-	opPath, opQuery := httpbinding.SplitURI("/{Bucket}?replication")
+	opPath, opQuery := httpbinding.SplitURI("/?replication")
 	request.URL.Path = smithyhttp.JoinPath(request.URL.Path, opPath)
 	request.URL.RawQuery = smithyhttp.JoinRawQuery(request.URL.RawQuery, opQuery)
 	request.Method = "DELETE"
-	restEncoder, err := httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	var restEncoder *httpbinding.Encoder
+	if request.URL.RawPath == "" {
+		restEncoder, err = httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	} else {
+		request.URL.RawPath = smithyhttp.JoinPath(request.URL.RawPath, opPath)
+		restEncoder, err = httpbinding.NewEncoderWithRawPath(request.URL.Path, request.URL.RawPath, request.URL.RawQuery, request.Header)
+	}
+
 	if err != nil {
 		return out, metadata, &smithy.SerializationError{Err: err}
 	}
@@ -1525,15 +1502,6 @@ func awsRestxml_serializeOpHttpBindingsDeleteBucketReplicationInput(v *DeleteBuc
 		return fmt.Errorf("unsupported serialization of nil %T", v)
 	}
 
-	if v.Bucket == nil || len(*v.Bucket) == 0 {
-		return &smithy.SerializationError{Err: fmt.Errorf("input member Bucket must not be empty")}
-	}
-	if v.Bucket != nil {
-		if err := encoder.SetURI("Bucket").String(*v.Bucket); err != nil {
-			return err
-		}
-	}
-
 	if v.ExpectedBucketOwner != nil && len(*v.ExpectedBucketOwner) > 0 {
 		locationName := "X-Amz-Expected-Bucket-Owner"
 		encoder.SetHeader(locationName).String(*v.ExpectedBucketOwner)
@@ -1563,11 +1531,18 @@ func (m *awsRestxml_serializeOpDeleteBucketTagging) HandleSerialize(ctx context.
 		return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown input parameters type %T", in.Parameters)}
 	}
 
-	opPath, opQuery := httpbinding.SplitURI("/{Bucket}?tagging")
+	opPath, opQuery := httpbinding.SplitURI("/?tagging")
 	request.URL.Path = smithyhttp.JoinPath(request.URL.Path, opPath)
 	request.URL.RawQuery = smithyhttp.JoinRawQuery(request.URL.RawQuery, opQuery)
 	request.Method = "DELETE"
-	restEncoder, err := httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	var restEncoder *httpbinding.Encoder
+	if request.URL.RawPath == "" {
+		restEncoder, err = httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	} else {
+		request.URL.RawPath = smithyhttp.JoinPath(request.URL.RawPath, opPath)
+		restEncoder, err = httpbinding.NewEncoderWithRawPath(request.URL.Path, request.URL.RawPath, request.URL.RawQuery, request.Header)
+	}
+
 	if err != nil {
 		return out, metadata, &smithy.SerializationError{Err: err}
 	}
@@ -1588,15 +1563,6 @@ func awsRestxml_serializeOpHttpBindingsDeleteBucketTaggingInput(v *DeleteBucketT
 		return fmt.Errorf("unsupported serialization of nil %T", v)
 	}
 
-	if v.Bucket == nil || len(*v.Bucket) == 0 {
-		return &smithy.SerializationError{Err: fmt.Errorf("input member Bucket must not be empty")}
-	}
-	if v.Bucket != nil {
-		if err := encoder.SetURI("Bucket").String(*v.Bucket); err != nil {
-			return err
-		}
-	}
-
 	if v.ExpectedBucketOwner != nil && len(*v.ExpectedBucketOwner) > 0 {
 		locationName := "X-Amz-Expected-Bucket-Owner"
 		encoder.SetHeader(locationName).String(*v.ExpectedBucketOwner)
@@ -1626,11 +1592,18 @@ func (m *awsRestxml_serializeOpDeleteBucketWebsite) HandleSerialize(ctx context.
 		return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown input parameters type %T", in.Parameters)}
 	}
 
-	opPath, opQuery := httpbinding.SplitURI("/{Bucket}?website")
+	opPath, opQuery := httpbinding.SplitURI("/?website")
 	request.URL.Path = smithyhttp.JoinPath(request.URL.Path, opPath)
 	request.URL.RawQuery = smithyhttp.JoinRawQuery(request.URL.RawQuery, opQuery)
 	request.Method = "DELETE"
-	restEncoder, err := httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	var restEncoder *httpbinding.Encoder
+	if request.URL.RawPath == "" {
+		restEncoder, err = httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	} else {
+		request.URL.RawPath = smithyhttp.JoinPath(request.URL.RawPath, opPath)
+		restEncoder, err = httpbinding.NewEncoderWithRawPath(request.URL.Path, request.URL.RawPath, request.URL.RawQuery, request.Header)
+	}
+
 	if err != nil {
 		return out, metadata, &smithy.SerializationError{Err: err}
 	}
@@ -1651,15 +1624,6 @@ func awsRestxml_serializeOpHttpBindingsDeleteBucketWebsiteInput(v *DeleteBucketW
 		return fmt.Errorf("unsupported serialization of nil %T", v)
 	}
 
-	if v.Bucket == nil || len(*v.Bucket) == 0 {
-		return &smithy.SerializationError{Err: fmt.Errorf("input member Bucket must not be empty")}
-	}
-	if v.Bucket != nil {
-		if err := encoder.SetURI("Bucket").String(*v.Bucket); err != nil {
-			return err
-		}
-	}
-
 	if v.ExpectedBucketOwner != nil && len(*v.ExpectedBucketOwner) > 0 {
 		locationName := "X-Amz-Expected-Bucket-Owner"
 		encoder.SetHeader(locationName).String(*v.ExpectedBucketOwner)
@@ -1689,11 +1653,18 @@ func (m *awsRestxml_serializeOpDeleteObject) HandleSerialize(ctx context.Context
 		return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown input parameters type %T", in.Parameters)}
 	}
 
-	opPath, opQuery := httpbinding.SplitURI("/{Bucket}/{Key+}?x-id=DeleteObject")
+	opPath, opQuery := httpbinding.SplitURI("/{Key+}?x-id=DeleteObject")
 	request.URL.Path = smithyhttp.JoinPath(request.URL.Path, opPath)
 	request.URL.RawQuery = smithyhttp.JoinRawQuery(request.URL.RawQuery, opQuery)
 	request.Method = "DELETE"
-	restEncoder, err := httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	var restEncoder *httpbinding.Encoder
+	if request.URL.RawPath == "" {
+		restEncoder, err = httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	} else {
+		request.URL.RawPath = smithyhttp.JoinPath(request.URL.RawPath, opPath)
+		restEncoder, err = httpbinding.NewEncoderWithRawPath(request.URL.Path, request.URL.RawPath, request.URL.RawQuery, request.Header)
+	}
+
 	if err != nil {
 		return out, metadata, &smithy.SerializationError{Err: err}
 	}
@@ -1714,15 +1685,6 @@ func awsRestxml_serializeOpHttpBindingsDeleteObjectInput(v *DeleteObjectInput, e
 		return fmt.Errorf("unsupported serialization of nil %T", v)
 	}
 
-	if v.Bucket == nil || len(*v.Bucket) == 0 {
-		return &smithy.SerializationError{Err: fmt.Errorf("input member Bucket must not be empty")}
-	}
-	if v.Bucket != nil {
-		if err := encoder.SetURI("Bucket").String(*v.Bucket); err != nil {
-			return err
-		}
-	}
-
 	if v.BypassGovernanceRetention {
 		locationName := "X-Amz-Bypass-Governance-Retention"
 		encoder.SetHeader(locationName).Boolean(v.BypassGovernanceRetention)
@@ -1780,11 +1742,18 @@ func (m *awsRestxml_serializeOpDeleteObjects) HandleSerialize(ctx context.Contex
 		return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown input parameters type %T", in.Parameters)}
 	}
 
-	opPath, opQuery := httpbinding.SplitURI("/{Bucket}?delete&x-id=DeleteObjects")
+	opPath, opQuery := httpbinding.SplitURI("/?delete&x-id=DeleteObjects")
 	request.URL.Path = smithyhttp.JoinPath(request.URL.Path, opPath)
 	request.URL.RawQuery = smithyhttp.JoinRawQuery(request.URL.RawQuery, opQuery)
 	request.Method = "POST"
-	restEncoder, err := httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	var restEncoder *httpbinding.Encoder
+	if request.URL.RawPath == "" {
+		restEncoder, err = httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	} else {
+		request.URL.RawPath = smithyhttp.JoinPath(request.URL.RawPath, opPath)
+		restEncoder, err = httpbinding.NewEncoderWithRawPath(request.URL.Path, request.URL.RawPath, request.URL.RawQuery, request.Header)
+	}
+
 	if err != nil {
 		return out, metadata, &smithy.SerializationError{Err: err}
 	}
@@ -1829,15 +1798,6 @@ func awsRestxml_serializeOpHttpBindingsDeleteObjectsInput(v *DeleteObjectsInput,
 		return fmt.Errorf("unsupported serialization of nil %T", v)
 	}
 
-	if v.Bucket == nil || len(*v.Bucket) == 0 {
-		return &smithy.SerializationError{Err: fmt.Errorf("input member Bucket must not be empty")}
-	}
-	if v.Bucket != nil {
-		if err := encoder.SetURI("Bucket").String(*v.Bucket); err != nil {
-			return err
-		}
-	}
-
 	if v.BypassGovernanceRetention {
 		locationName := "X-Amz-Bypass-Governance-Retention"
 		encoder.SetHeader(locationName).Boolean(v.BypassGovernanceRetention)
@@ -1887,11 +1847,18 @@ func (m *awsRestxml_serializeOpDeleteObjectTagging) HandleSerialize(ctx context.
 		return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown input parameters type %T", in.Parameters)}
 	}
 
-	opPath, opQuery := httpbinding.SplitURI("/{Bucket}/{Key+}?tagging")
+	opPath, opQuery := httpbinding.SplitURI("/{Key+}?tagging")
 	request.URL.Path = smithyhttp.JoinPath(request.URL.Path, opPath)
 	request.URL.RawQuery = smithyhttp.JoinRawQuery(request.URL.RawQuery, opQuery)
 	request.Method = "DELETE"
-	restEncoder, err := httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	var restEncoder *httpbinding.Encoder
+	if request.URL.RawPath == "" {
+		restEncoder, err = httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	} else {
+		request.URL.RawPath = smithyhttp.JoinPath(request.URL.RawPath, opPath)
+		restEncoder, err = httpbinding.NewEncoderWithRawPath(request.URL.Path, request.URL.RawPath, request.URL.RawQuery, request.Header)
+	}
+
 	if err != nil {
 		return out, metadata, &smithy.SerializationError{Err: err}
 	}
@@ -1912,15 +1879,6 @@ func awsRestxml_serializeOpHttpBindingsDeleteObjectTaggingInput(v *DeleteObjectT
 		return fmt.Errorf("unsupported serialization of nil %T", v)
 	}
 
-	if v.Bucket == nil || len(*v.Bucket) == 0 {
-		return &smithy.SerializationError{Err: fmt.Errorf("input member Bucket must not be empty")}
-	}
-	if v.Bucket != nil {
-		if err := encoder.SetURI("Bucket").String(*v.Bucket); err != nil {
-			return err
-		}
-	}
-
 	if v.ExpectedBucketOwner != nil && len(*v.ExpectedBucketOwner) > 0 {
 		locationName := "X-Amz-Expected-Bucket-Owner"
 		encoder.SetHeader(locationName).String(*v.ExpectedBucketOwner)
@@ -1963,11 +1921,18 @@ func (m *awsRestxml_serializeOpDeletePublicAccessBlock) HandleSerialize(ctx cont
 		return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown input parameters type %T", in.Parameters)}
 	}
 
-	opPath, opQuery := httpbinding.SplitURI("/{Bucket}?publicAccessBlock")
+	opPath, opQuery := httpbinding.SplitURI("/?publicAccessBlock")
 	request.URL.Path = smithyhttp.JoinPath(request.URL.Path, opPath)
 	request.URL.RawQuery = smithyhttp.JoinRawQuery(request.URL.RawQuery, opQuery)
 	request.Method = "DELETE"
-	restEncoder, err := httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	var restEncoder *httpbinding.Encoder
+	if request.URL.RawPath == "" {
+		restEncoder, err = httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	} else {
+		request.URL.RawPath = smithyhttp.JoinPath(request.URL.RawPath, opPath)
+		restEncoder, err = httpbinding.NewEncoderWithRawPath(request.URL.Path, request.URL.RawPath, request.URL.RawQuery, request.Header)
+	}
+
 	if err != nil {
 		return out, metadata, &smithy.SerializationError{Err: err}
 	}
@@ -1988,15 +1953,6 @@ func awsRestxml_serializeOpHttpBindingsDeletePublicAccessBlockInput(v *DeletePub
 		return fmt.Errorf("unsupported serialization of nil %T", v)
 	}
 
-	if v.Bucket == nil || len(*v.Bucket) == 0 {
-		return &smithy.SerializationError{Err: fmt.Errorf("input member Bucket must not be empty")}
-	}
-	if v.Bucket != nil {
-		if err := encoder.SetURI("Bucket").String(*v.Bucket); err != nil {
-			return err
-		}
-	}
-
 	if v.ExpectedBucketOwner != nil && len(*v.ExpectedBucketOwner) > 0 {
 		locationName := "X-Amz-Expected-Bucket-Owner"
 		encoder.SetHeader(locationName).String(*v.ExpectedBucketOwner)
@@ -2026,11 +1982,18 @@ func (m *awsRestxml_serializeOpGetBucketAccelerateConfiguration) HandleSerialize
 		return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown input parameters type %T", in.Parameters)}
 	}
 
-	opPath, opQuery := httpbinding.SplitURI("/{Bucket}?accelerate")
+	opPath, opQuery := httpbinding.SplitURI("/?accelerate")
 	request.URL.Path = smithyhttp.JoinPath(request.URL.Path, opPath)
 	request.URL.RawQuery = smithyhttp.JoinRawQuery(request.URL.RawQuery, opQuery)
 	request.Method = "GET"
-	restEncoder, err := httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	var restEncoder *httpbinding.Encoder
+	if request.URL.RawPath == "" {
+		restEncoder, err = httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	} else {
+		request.URL.RawPath = smithyhttp.JoinPath(request.URL.RawPath, opPath)
+		restEncoder, err = httpbinding.NewEncoderWithRawPath(request.URL.Path, request.URL.RawPath, request.URL.RawQuery, request.Header)
+	}
+
 	if err != nil {
 		return out, metadata, &smithy.SerializationError{Err: err}
 	}
@@ -2051,20 +2014,16 @@ func awsRestxml_serializeOpHttpBindingsGetBucketAccelerateConfigurationInput(v *
 		return fmt.Errorf("unsupported serialization of nil %T", v)
 	}
 
-	if v.Bucket == nil || len(*v.Bucket) == 0 {
-		return &smithy.SerializationError{Err: fmt.Errorf("input member Bucket must not be empty")}
-	}
-	if v.Bucket != nil {
-		if err := encoder.SetURI("Bucket").String(*v.Bucket); err != nil {
-			return err
-		}
-	}
-
 	if v.ExpectedBucketOwner != nil && len(*v.ExpectedBucketOwner) > 0 {
 		locationName := "X-Amz-Expected-Bucket-Owner"
 		encoder.SetHeader(locationName).String(*v.ExpectedBucketOwner)
 	}
 
+	if len(v.RequestPayer) > 0 {
+		locationName := "X-Amz-Request-Payer"
+		encoder.SetHeader(locationName).String(string(v.RequestPayer))
+	}
+
 	return nil
 }
 
@@ -2089,11 +2048,18 @@ func (m *awsRestxml_serializeOpGetBucketAcl) HandleSerialize(ctx context.Context
 		return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown input parameters type %T", in.Parameters)}
 	}
 
-	opPath, opQuery := httpbinding.SplitURI("/{Bucket}?acl")
+	opPath, opQuery := httpbinding.SplitURI("/?acl")
 	request.URL.Path = smithyhttp.JoinPath(request.URL.Path, opPath)
 	request.URL.RawQuery = smithyhttp.JoinRawQuery(request.URL.RawQuery, opQuery)
 	request.Method = "GET"
-	restEncoder, err := httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	var restEncoder *httpbinding.Encoder
+	if request.URL.RawPath == "" {
+		restEncoder, err = httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	} else {
+		request.URL.RawPath = smithyhttp.JoinPath(request.URL.RawPath, opPath)
+		restEncoder, err = httpbinding.NewEncoderWithRawPath(request.URL.Path, request.URL.RawPath, request.URL.RawQuery, request.Header)
+	}
+
 	if err != nil {
 		return out, metadata, &smithy.SerializationError{Err: err}
 	}
@@ -2114,15 +2080,6 @@ func awsRestxml_serializeOpHttpBindingsGetBucketAclInput(v *GetBucketAclInput, e
 		return fmt.Errorf("unsupported serialization of nil %T", v)
 	}
 
-	if v.Bucket == nil || len(*v.Bucket) == 0 {
-		return &smithy.SerializationError{Err: fmt.Errorf("input member Bucket must not be empty")}
-	}
-	if v.Bucket != nil {
-		if err := encoder.SetURI("Bucket").String(*v.Bucket); err != nil {
-			return err
-		}
-	}
-
 	if v.ExpectedBucketOwner != nil && len(*v.ExpectedBucketOwner) > 0 {
 		locationName := "X-Amz-Expected-Bucket-Owner"
 		encoder.SetHeader(locationName).String(*v.ExpectedBucketOwner)
@@ -2152,11 +2109,18 @@ func (m *awsRestxml_serializeOpGetBucketAnalyticsConfiguration) HandleSerialize(
 		return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown input parameters type %T", in.Parameters)}
 	}
 
-	opPath, opQuery := httpbinding.SplitURI("/{Bucket}?analytics&x-id=GetBucketAnalyticsConfiguration")
+	opPath, opQuery := httpbinding.SplitURI("/?analytics&x-id=GetBucketAnalyticsConfiguration")
 	request.URL.Path = smithyhttp.JoinPath(request.URL.Path, opPath)
 	request.URL.RawQuery = smithyhttp.JoinRawQuery(request.URL.RawQuery, opQuery)
 	request.Method = "GET"
-	restEncoder, err := httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	var restEncoder *httpbinding.Encoder
+	if request.URL.RawPath == "" {
+		restEncoder, err = httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	} else {
+		request.URL.RawPath = smithyhttp.JoinPath(request.URL.RawPath, opPath)
+		restEncoder, err = httpbinding.NewEncoderWithRawPath(request.URL.Path, request.URL.RawPath, request.URL.RawQuery, request.Header)
+	}
+
 	if err != nil {
 		return out, metadata, &smithy.SerializationError{Err: err}
 	}
@@ -2177,15 +2141,6 @@ func awsRestxml_serializeOpHttpBindingsGetBucketAnalyticsConfigurationInput(v *G
 		return fmt.Errorf("unsupported serialization of nil %T", v)
 	}
 
-	if v.Bucket == nil || len(*v.Bucket) == 0 {
-		return &smithy.SerializationError{Err: fmt.Errorf("input member Bucket must not be empty")}
-	}
-	if v.Bucket != nil {
-		if err := encoder.SetURI("Bucket").String(*v.Bucket); err != nil {
-			return err
-		}
-	}
-
 	if v.ExpectedBucketOwner != nil && len(*v.ExpectedBucketOwner) > 0 {
 		locationName := "X-Amz-Expected-Bucket-Owner"
 		encoder.SetHeader(locationName).String(*v.ExpectedBucketOwner)
@@ -2219,11 +2174,18 @@ func (m *awsRestxml_serializeOpGetBucketCors) HandleSerialize(ctx context.Contex
 		return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown input parameters type %T", in.Parameters)}
 	}
 
-	opPath, opQuery := httpbinding.SplitURI("/{Bucket}?cors")
+	opPath, opQuery := httpbinding.SplitURI("/?cors")
 	request.URL.Path = smithyhttp.JoinPath(request.URL.Path, opPath)
 	request.URL.RawQuery = smithyhttp.JoinRawQuery(request.URL.RawQuery, opQuery)
 	request.Method = "GET"
-	restEncoder, err := httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	var restEncoder *httpbinding.Encoder
+	if request.URL.RawPath == "" {
+		restEncoder, err = httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	} else {
+		request.URL.RawPath = smithyhttp.JoinPath(request.URL.RawPath, opPath)
+		restEncoder, err = httpbinding.NewEncoderWithRawPath(request.URL.Path, request.URL.RawPath, request.URL.RawQuery, request.Header)
+	}
+
 	if err != nil {
 		return out, metadata, &smithy.SerializationError{Err: err}
 	}
@@ -2244,15 +2206,6 @@ func awsRestxml_serializeOpHttpBindingsGetBucketCorsInput(v *GetBucketCorsInput,
 		return fmt.Errorf("unsupported serialization of nil %T", v)
 	}
 
-	if v.Bucket == nil || len(*v.Bucket) == 0 {
-		return &smithy.SerializationError{Err: fmt.Errorf("input member Bucket must not be empty")}
-	}
-	if v.Bucket != nil {
-		if err := encoder.SetURI("Bucket").String(*v.Bucket); err != nil {
-			return err
-		}
-	}
-
 	if v.ExpectedBucketOwner != nil && len(*v.ExpectedBucketOwner) > 0 {
 		locationName := "X-Amz-Expected-Bucket-Owner"
 		encoder.SetHeader(locationName).String(*v.ExpectedBucketOwner)
@@ -2282,11 +2235,18 @@ func (m *awsRestxml_serializeOpGetBucketEncryption) HandleSerialize(ctx context.
 		return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown input parameters type %T", in.Parameters)}
 	}
 
-	opPath, opQuery := httpbinding.SplitURI("/{Bucket}?encryption")
+	opPath, opQuery := httpbinding.SplitURI("/?encryption")
 	request.URL.Path = smithyhttp.JoinPath(request.URL.Path, opPath)
 	request.URL.RawQuery = smithyhttp.JoinRawQuery(request.URL.RawQuery, opQuery)
 	request.Method = "GET"
-	restEncoder, err := httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	var restEncoder *httpbinding.Encoder
+	if request.URL.RawPath == "" {
+		restEncoder, err = httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	} else {
+		request.URL.RawPath = smithyhttp.JoinPath(request.URL.RawPath, opPath)
+		restEncoder, err = httpbinding.NewEncoderWithRawPath(request.URL.Path, request.URL.RawPath, request.URL.RawQuery, request.Header)
+	}
+
 	if err != nil {
 		return out, metadata, &smithy.SerializationError{Err: err}
 	}
@@ -2307,15 +2267,6 @@ func awsRestxml_serializeOpHttpBindingsGetBucketEncryptionInput(v *GetBucketEncr
 		return fmt.Errorf("unsupported serialization of nil %T", v)
 	}
 
-	if v.Bucket == nil || len(*v.Bucket) == 0 {
-		return &smithy.SerializationError{Err: fmt.Errorf("input member Bucket must not be empty")}
-	}
-	if v.Bucket != nil {
-		if err := encoder.SetURI("Bucket").String(*v.Bucket); err != nil {
-			return err
-		}
-	}
-
 	if v.ExpectedBucketOwner != nil && len(*v.ExpectedBucketOwner) > 0 {
 		locationName := "X-Amz-Expected-Bucket-Owner"
 		encoder.SetHeader(locationName).String(*v.ExpectedBucketOwner)
@@ -2345,11 +2296,18 @@ func (m *awsRestxml_serializeOpGetBucketIntelligentTieringConfiguration) HandleS
 		return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown input parameters type %T", in.Parameters)}
 	}
 
-	opPath, opQuery := httpbinding.SplitURI("/{Bucket}?intelligent-tiering&x-id=GetBucketIntelligentTieringConfiguration")
+	opPath, opQuery := httpbinding.SplitURI("/?intelligent-tiering&x-id=GetBucketIntelligentTieringConfiguration")
 	request.URL.Path = smithyhttp.JoinPath(request.URL.Path, opPath)
 	request.URL.RawQuery = smithyhttp.JoinRawQuery(request.URL.RawQuery, opQuery)
 	request.Method = "GET"
-	restEncoder, err := httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	var restEncoder *httpbinding.Encoder
+	if request.URL.RawPath == "" {
+		restEncoder, err = httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	} else {
+		request.URL.RawPath = smithyhttp.JoinPath(request.URL.RawPath, opPath)
+		restEncoder, err = httpbinding.NewEncoderWithRawPath(request.URL.Path, request.URL.RawPath, request.URL.RawQuery, request.Header)
+	}
+
 	if err != nil {
 		return out, metadata, &smithy.SerializationError{Err: err}
 	}
@@ -2370,15 +2328,6 @@ func awsRestxml_serializeOpHttpBindingsGetBucketIntelligentTieringConfigurationI
 		return fmt.Errorf("unsupported serialization of nil %T", v)
 	}
 
-	if v.Bucket == nil || len(*v.Bucket) == 0 {
-		return &smithy.SerializationError{Err: fmt.Errorf("input member Bucket must not be empty")}
-	}
-	if v.Bucket != nil {
-		if err := encoder.SetURI("Bucket").String(*v.Bucket); err != nil {
-			return err
-		}
-	}
-
 	if v.Id != nil {
 		encoder.SetQuery("id").String(*v.Id)
 	}
@@ -2407,11 +2356,18 @@ func (m *awsRestxml_serializeOpGetBucketInventoryConfiguration) HandleSerialize(
 		return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown input parameters type %T", in.Parameters)}
 	}
 
-	opPath, opQuery := httpbinding.SplitURI("/{Bucket}?inventory&x-id=GetBucketInventoryConfiguration")
+	opPath, opQuery := httpbinding.SplitURI("/?inventory&x-id=GetBucketInventoryConfiguration")
 	request.URL.Path = smithyhttp.JoinPath(request.URL.Path, opPath)
 	request.URL.RawQuery = smithyhttp.JoinRawQuery(request.URL.RawQuery, opQuery)
 	request.Method = "GET"
-	restEncoder, err := httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	var restEncoder *httpbinding.Encoder
+	if request.URL.RawPath == "" {
+		restEncoder, err = httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	} else {
+		request.URL.RawPath = smithyhttp.JoinPath(request.URL.RawPath, opPath)
+		restEncoder, err = httpbinding.NewEncoderWithRawPath(request.URL.Path, request.URL.RawPath, request.URL.RawQuery, request.Header)
+	}
+
 	if err != nil {
 		return out, metadata, &smithy.SerializationError{Err: err}
 	}
@@ -2432,15 +2388,6 @@ func awsRestxml_serializeOpHttpBindingsGetBucketInventoryConfigurationInput(v *G
 		return fmt.Errorf("unsupported serialization of nil %T", v)
 	}
 
-	if v.Bucket == nil || len(*v.Bucket) == 0 {
-		return &smithy.SerializationError{Err: fmt.Errorf("input member Bucket must not be empty")}
-	}
-	if v.Bucket != nil {
-		if err := encoder.SetURI("Bucket").String(*v.Bucket); err != nil {
-			return err
-		}
-	}
-
 	if v.ExpectedBucketOwner != nil && len(*v.ExpectedBucketOwner) > 0 {
 		locationName := "X-Amz-Expected-Bucket-Owner"
 		encoder.SetHeader(locationName).String(*v.ExpectedBucketOwner)
@@ -2474,11 +2421,18 @@ func (m *awsRestxml_serializeOpGetBucketLifecycleConfiguration) HandleSerialize(
 		return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown input parameters type %T", in.Parameters)}
 	}
 
-	opPath, opQuery := httpbinding.SplitURI("/{Bucket}?lifecycle")
+	opPath, opQuery := httpbinding.SplitURI("/?lifecycle")
 	request.URL.Path = smithyhttp.JoinPath(request.URL.Path, opPath)
 	request.URL.RawQuery = smithyhttp.JoinRawQuery(request.URL.RawQuery, opQuery)
 	request.Method = "GET"
-	restEncoder, err := httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	var restEncoder *httpbinding.Encoder
+	if request.URL.RawPath == "" {
+		restEncoder, err = httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	} else {
+		request.URL.RawPath = smithyhttp.JoinPath(request.URL.RawPath, opPath)
+		restEncoder, err = httpbinding.NewEncoderWithRawPath(request.URL.Path, request.URL.RawPath, request.URL.RawQuery, request.Header)
+	}
+
 	if err != nil {
 		return out, metadata, &smithy.SerializationError{Err: err}
 	}
@@ -2499,15 +2453,6 @@ func awsRestxml_serializeOpHttpBindingsGetBucketLifecycleConfigurationInput(v *G
 		return fmt.Errorf("unsupported serialization of nil %T", v)
 	}
 
-	if v.Bucket == nil || len(*v.Bucket) == 0 {
-		return &smithy.SerializationError{Err: fmt.Errorf("input member Bucket must not be empty")}
-	}
-	if v.Bucket != nil {
-		if err := encoder.SetURI("Bucket").String(*v.Bucket); err != nil {
-			return err
-		}
-	}
-
 	if v.ExpectedBucketOwner != nil && len(*v.ExpectedBucketOwner) > 0 {
 		locationName := "X-Amz-Expected-Bucket-Owner"
 		encoder.SetHeader(locationName).String(*v.ExpectedBucketOwner)
@@ -2537,11 +2482,18 @@ func (m *awsRestxml_serializeOpGetBucketLocation) HandleSerialize(ctx context.Co
 		return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown input parameters type %T", in.Parameters)}
 	}
 
-	opPath, opQuery := httpbinding.SplitURI("/{Bucket}?location")
+	opPath, opQuery := httpbinding.SplitURI("/?location")
 	request.URL.Path = smithyhttp.JoinPath(request.URL.Path, opPath)
 	request.URL.RawQuery = smithyhttp.JoinRawQuery(request.URL.RawQuery, opQuery)
 	request.Method = "GET"
-	restEncoder, err := httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	var restEncoder *httpbinding.Encoder
+	if request.URL.RawPath == "" {
+		restEncoder, err = httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	} else {
+		request.URL.RawPath = smithyhttp.JoinPath(request.URL.RawPath, opPath)
+		restEncoder, err = httpbinding.NewEncoderWithRawPath(request.URL.Path, request.URL.RawPath, request.URL.RawQuery, request.Header)
+	}
+
 	if err != nil {
 		return out, metadata, &smithy.SerializationError{Err: err}
 	}
@@ -2562,15 +2514,6 @@ func awsRestxml_serializeOpHttpBindingsGetBucketLocationInput(v *GetBucketLocati
 		return fmt.Errorf("unsupported serialization of nil %T", v)
 	}
 
-	if v.Bucket == nil || len(*v.Bucket) == 0 {
-		return &smithy.SerializationError{Err: fmt.Errorf("input member Bucket must not be empty")}
-	}
-	if v.Bucket != nil {
-		if err := encoder.SetURI("Bucket").String(*v.Bucket); err != nil {
-			return err
-		}
-	}
-
 	if v.ExpectedBucketOwner != nil && len(*v.ExpectedBucketOwner) > 0 {
 		locationName := "X-Amz-Expected-Bucket-Owner"
 		encoder.SetHeader(locationName).String(*v.ExpectedBucketOwner)
@@ -2600,12 +2543,19 @@ func (m *awsRestxml_serializeOpGetBucketLogging) HandleSerialize(ctx context.Con
 		return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown input parameters type %T", in.Parameters)}
 	}
 
-	opPath, opQuery := httpbinding.SplitURI("/{Bucket}?logging")
+	opPath, opQuery := httpbinding.SplitURI("/?logging")
 	request.URL.Path = smithyhttp.JoinPath(request.URL.Path, opPath)
 	request.URL.RawQuery = smithyhttp.JoinRawQuery(request.URL.RawQuery, opQuery)
 	request.Method = "GET"
-	restEncoder, err := httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
-	if err != nil {
+	var restEncoder *httpbinding.Encoder
+	if request.URL.RawPath == "" {
+		restEncoder, err = httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	} else {
+		request.URL.RawPath = smithyhttp.JoinPath(request.URL.RawPath, opPath)
+		restEncoder, err = httpbinding.NewEncoderWithRawPath(request.URL.Path, request.URL.RawPath, request.URL.RawQuery, request.Header)
+	}
+
+	if err != nil {
 		return out, metadata, &smithy.SerializationError{Err: err}
 	}
 
@@ -2625,15 +2575,6 @@ func awsRestxml_serializeOpHttpBindingsGetBucketLoggingInput(v *GetBucketLogging
 		return fmt.Errorf("unsupported serialization of nil %T", v)
 	}
 
-	if v.Bucket == nil || len(*v.Bucket) == 0 {
-		return &smithy.SerializationError{Err: fmt.Errorf("input member Bucket must not be empty")}
-	}
-	if v.Bucket != nil {
-		if err := encoder.SetURI("Bucket").String(*v.Bucket); err != nil {
-			return err
-		}
-	}
-
 	if v.ExpectedBucketOwner != nil && len(*v.ExpectedBucketOwner) > 0 {
 		locationName := "X-Amz-Expected-Bucket-Owner"
 		encoder.SetHeader(locationName).String(*v.ExpectedBucketOwner)
@@ -2663,11 +2604,18 @@ func (m *awsRestxml_serializeOpGetBucketMetricsConfiguration) HandleSerialize(ct
 		return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown input parameters type %T", in.Parameters)}
 	}
 
-	opPath, opQuery := httpbinding.SplitURI("/{Bucket}?metrics&x-id=GetBucketMetricsConfiguration")
+	opPath, opQuery := httpbinding.SplitURI("/?metrics&x-id=GetBucketMetricsConfiguration")
 	request.URL.Path = smithyhttp.JoinPath(request.URL.Path, opPath)
 	request.URL.RawQuery = smithyhttp.JoinRawQuery(request.URL.RawQuery, opQuery)
 	request.Method = "GET"
-	restEncoder, err := httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	var restEncoder *httpbinding.Encoder
+	if request.URL.RawPath == "" {
+		restEncoder, err = httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	} else {
+		request.URL.RawPath = smithyhttp.JoinPath(request.URL.RawPath, opPath)
+		restEncoder, err = httpbinding.NewEncoderWithRawPath(request.URL.Path, request.URL.RawPath, request.URL.RawQuery, request.Header)
+	}
+
 	if err != nil {
 		return out, metadata, &smithy.SerializationError{Err: err}
 	}
@@ -2688,15 +2636,6 @@ func awsRestxml_serializeOpHttpBindingsGetBucketMetricsConfigurationInput(v *Get
 		return fmt.Errorf("unsupported serialization of nil %T", v)
 	}
 
-	if v.Bucket == nil || len(*v.Bucket) == 0 {
-		return &smithy.SerializationError{Err: fmt.Errorf("input member Bucket must not be empty")}
-	}
-	if v.Bucket != nil {
-		if err := encoder.SetURI("Bucket").String(*v.Bucket); err != nil {
-			return err
-		}
-	}
-
 	if v.ExpectedBucketOwner != nil && len(*v.ExpectedBucketOwner) > 0 {
 		locationName := "X-Amz-Expected-Bucket-Owner"
 		encoder.SetHeader(locationName).String(*v.ExpectedBucketOwner)
@@ -2730,11 +2669,18 @@ func (m *awsRestxml_serializeOpGetBucketNotificationConfiguration) HandleSeriali
 		return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown input parameters type %T", in.Parameters)}
 	}
 
-	opPath, opQuery := httpbinding.SplitURI("/{Bucket}?notification")
+	opPath, opQuery := httpbinding.SplitURI("/?notification")
 	request.URL.Path = smithyhttp.JoinPath(request.URL.Path, opPath)
 	request.URL.RawQuery = smithyhttp.JoinRawQuery(request.URL.RawQuery, opQuery)
 	request.Method = "GET"
-	restEncoder, err := httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	var restEncoder *httpbinding.Encoder
+	if request.URL.RawPath == "" {
+		restEncoder, err = httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	} else {
+		request.URL.RawPath = smithyhttp.JoinPath(request.URL.RawPath, opPath)
+		restEncoder, err = httpbinding.NewEncoderWithRawPath(request.URL.Path, request.URL.RawPath, request.URL.RawQuery, request.Header)
+	}
+
 	if err != nil {
 		return out, metadata, &smithy.SerializationError{Err: err}
 	}
@@ -2755,15 +2701,6 @@ func awsRestxml_serializeOpHttpBindingsGetBucketNotificationConfigurationInput(v
 		return fmt.Errorf("unsupported serialization of nil %T", v)
 	}
 
-	if v.Bucket == nil || len(*v.Bucket) == 0 {
-		return &smithy.SerializationError{Err: fmt.Errorf("input member Bucket must not be empty")}
-	}
-	if v.Bucket != nil {
-		if err := encoder.SetURI("Bucket").String(*v.Bucket); err != nil {
-			return err
-		}
-	}
-
 	if v.ExpectedBucketOwner != nil && len(*v.ExpectedBucketOwner) > 0 {
 		locationName := "X-Amz-Expected-Bucket-Owner"
 		encoder.SetHeader(locationName).String(*v.ExpectedBucketOwner)
@@ -2793,11 +2730,18 @@ func (m *awsRestxml_serializeOpGetBucketOwnershipControls) HandleSerialize(ctx c
 		return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown input parameters type %T", in.Parameters)}
 	}
 
-	opPath, opQuery := httpbinding.SplitURI("/{Bucket}?ownershipControls")
+	opPath, opQuery := httpbinding.SplitURI("/?ownershipControls")
 	request.URL.Path = smithyhttp.JoinPath(request.URL.Path, opPath)
 	request.URL.RawQuery = smithyhttp.JoinRawQuery(request.URL.RawQuery, opQuery)
 	request.Method = "GET"
-	restEncoder, err := httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	var restEncoder *httpbinding.Encoder
+	if request.URL.RawPath == "" {
+		restEncoder, err = httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	} else {
+		request.URL.RawPath = smithyhttp.JoinPath(request.URL.RawPath, opPath)
+		restEncoder, err = httpbinding.NewEncoderWithRawPath(request.URL.Path, request.URL.RawPath, request.URL.RawQuery, request.Header)
+	}
+
 	if err != nil {
 		return out, metadata, &smithy.SerializationError{Err: err}
 	}
@@ -2818,15 +2762,6 @@ func awsRestxml_serializeOpHttpBindingsGetBucketOwnershipControlsInput(v *GetBuc
 		return fmt.Errorf("unsupported serialization of nil %T", v)
 	}
 
-	if v.Bucket == nil || len(*v.Bucket) == 0 {
-		return &smithy.SerializationError{Err: fmt.Errorf("input member Bucket must not be empty")}
-	}
-	if v.Bucket != nil {
-		if err := encoder.SetURI("Bucket").String(*v.Bucket); err != nil {
-			return err
-		}
-	}
-
 	if v.ExpectedBucketOwner != nil && len(*v.ExpectedBucketOwner) > 0 {
 		locationName := "X-Amz-Expected-Bucket-Owner"
 		encoder.SetHeader(locationName).String(*v.ExpectedBucketOwner)
@@ -2856,11 +2791,18 @@ func (m *awsRestxml_serializeOpGetBucketPolicy) HandleSerialize(ctx context.Cont
 		return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown input parameters type %T", in.Parameters)}
 	}
 
-	opPath, opQuery := httpbinding.SplitURI("/{Bucket}?policy")
+	opPath, opQuery := httpbinding.SplitURI("/?policy")
 	request.URL.Path = smithyhttp.JoinPath(request.URL.Path, opPath)
 	request.URL.RawQuery = smithyhttp.JoinRawQuery(request.URL.RawQuery, opQuery)
 	request.Method = "GET"
-	restEncoder, err := httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	var restEncoder *httpbinding.Encoder
+	if request.URL.RawPath == "" {
+		restEncoder, err = httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	} else {
+		request.URL.RawPath = smithyhttp.JoinPath(request.URL.RawPath, opPath)
+		restEncoder, err = httpbinding.NewEncoderWithRawPath(request.URL.Path, request.URL.RawPath, request.URL.RawQuery, request.Header)
+	}
+
 	if err != nil {
 		return out, metadata, &smithy.SerializationError{Err: err}
 	}
@@ -2881,15 +2823,6 @@ func awsRestxml_serializeOpHttpBindingsGetBucketPolicyInput(v *GetBucketPolicyIn
 		return fmt.Errorf("unsupported serialization of nil %T", v)
 	}
 
-	if v.Bucket == nil || len(*v.Bucket) == 0 {
-		return &smithy.SerializationError{Err: fmt.Errorf("input member Bucket must not be empty")}
-	}
-	if v.Bucket != nil {
-		if err := encoder.SetURI("Bucket").String(*v.Bucket); err != nil {
-			return err
-		}
-	}
-
 	if v.ExpectedBucketOwner != nil && len(*v.ExpectedBucketOwner) > 0 {
 		locationName := "X-Amz-Expected-Bucket-Owner"
 		encoder.SetHeader(locationName).String(*v.ExpectedBucketOwner)
@@ -2919,11 +2852,18 @@ func (m *awsRestxml_serializeOpGetBucketPolicyStatus) HandleSerialize(ctx contex
 		return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown input parameters type %T", in.Parameters)}
 	}
 
-	opPath, opQuery := httpbinding.SplitURI("/{Bucket}?policyStatus")
+	opPath, opQuery := httpbinding.SplitURI("/?policyStatus")
 	request.URL.Path = smithyhttp.JoinPath(request.URL.Path, opPath)
 	request.URL.RawQuery = smithyhttp.JoinRawQuery(request.URL.RawQuery, opQuery)
 	request.Method = "GET"
-	restEncoder, err := httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	var restEncoder *httpbinding.Encoder
+	if request.URL.RawPath == "" {
+		restEncoder, err = httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	} else {
+		request.URL.RawPath = smithyhttp.JoinPath(request.URL.RawPath, opPath)
+		restEncoder, err = httpbinding.NewEncoderWithRawPath(request.URL.Path, request.URL.RawPath, request.URL.RawQuery, request.Header)
+	}
+
 	if err != nil {
 		return out, metadata, &smithy.SerializationError{Err: err}
 	}
@@ -2944,15 +2884,6 @@ func awsRestxml_serializeOpHttpBindingsGetBucketPolicyStatusInput(v *GetBucketPo
 		return fmt.Errorf("unsupported serialization of nil %T", v)
 	}
 
-	if v.Bucket == nil || len(*v.Bucket) == 0 {
-		return &smithy.SerializationError{Err: fmt.Errorf("input member Bucket must not be empty")}
-	}
-	if v.Bucket != nil {
-		if err := encoder.SetURI("Bucket").String(*v.Bucket); err != nil {
-			return err
-		}
-	}
-
 	if v.ExpectedBucketOwner != nil && len(*v.ExpectedBucketOwner) > 0 {
 		locationName := "X-Amz-Expected-Bucket-Owner"
 		encoder.SetHeader(locationName).String(*v.ExpectedBucketOwner)
@@ -2982,11 +2913,18 @@ func (m *awsRestxml_serializeOpGetBucketReplication) HandleSerialize(ctx context
 		return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown input parameters type %T", in.Parameters)}
 	}
 
-	opPath, opQuery := httpbinding.SplitURI("/{Bucket}?replication")
+	opPath, opQuery := httpbinding.SplitURI("/?replication")
 	request.URL.Path = smithyhttp.JoinPath(request.URL.Path, opPath)
 	request.URL.RawQuery = smithyhttp.JoinRawQuery(request.URL.RawQuery, opQuery)
 	request.Method = "GET"
-	restEncoder, err := httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	var restEncoder *httpbinding.Encoder
+	if request.URL.RawPath == "" {
+		restEncoder, err = httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	} else {
+		request.URL.RawPath = smithyhttp.JoinPath(request.URL.RawPath, opPath)
+		restEncoder, err = httpbinding.NewEncoderWithRawPath(request.URL.Path, request.URL.RawPath, request.URL.RawQuery, request.Header)
+	}
+
 	if err != nil {
 		return out, metadata, &smithy.SerializationError{Err: err}
 	}
@@ -3007,15 +2945,6 @@ func awsRestxml_serializeOpHttpBindingsGetBucketReplicationInput(v *GetBucketRep
 		return fmt.Errorf("unsupported serialization of nil %T", v)
 	}
 
-	if v.Bucket == nil || len(*v.Bucket) == 0 {
-		return &smithy.SerializationError{Err: fmt.Errorf("input member Bucket must not be empty")}
-	}
-	if v.Bucket != nil {
-		if err := encoder.SetURI("Bucket").String(*v.Bucket); err != nil {
-			return err
-		}
-	}
-
 	if v.ExpectedBucketOwner != nil && len(*v.ExpectedBucketOwner) > 0 {
 		locationName := "X-Amz-Expected-Bucket-Owner"
 		encoder.SetHeader(locationName).String(*v.ExpectedBucketOwner)
@@ -3045,11 +2974,18 @@ func (m *awsRestxml_serializeOpGetBucketRequestPayment) HandleSerialize(ctx cont
 		return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown input parameters type %T", in.Parameters)}
 	}
 
-	opPath, opQuery := httpbinding.SplitURI("/{Bucket}?requestPayment")
+	opPath, opQuery := httpbinding.SplitURI("/?requestPayment")
 	request.URL.Path = smithyhttp.JoinPath(request.URL.Path, opPath)
 	request.URL.RawQuery = smithyhttp.JoinRawQuery(request.URL.RawQuery, opQuery)
 	request.Method = "GET"
-	restEncoder, err := httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	var restEncoder *httpbinding.Encoder
+	if request.URL.RawPath == "" {
+		restEncoder, err = httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	} else {
+		request.URL.RawPath = smithyhttp.JoinPath(request.URL.RawPath, opPath)
+		restEncoder, err = httpbinding.NewEncoderWithRawPath(request.URL.Path, request.URL.RawPath, request.URL.RawQuery, request.Header)
+	}
+
 	if err != nil {
 		return out, metadata, &smithy.SerializationError{Err: err}
 	}
@@ -3070,15 +3006,6 @@ func awsRestxml_serializeOpHttpBindingsGetBucketRequestPaymentInput(v *GetBucket
 		return fmt.Errorf("unsupported serialization of nil %T", v)
 	}
 
-	if v.Bucket == nil || len(*v.Bucket) == 0 {
-		return &smithy.SerializationError{Err: fmt.Errorf("input member Bucket must not be empty")}
-	}
-	if v.Bucket != nil {
-		if err := encoder.SetURI("Bucket").String(*v.Bucket); err != nil {
-			return err
-		}
-	}
-
 	if v.ExpectedBucketOwner != nil && len(*v.ExpectedBucketOwner) > 0 {
 		locationName := "X-Amz-Expected-Bucket-Owner"
 		encoder.SetHeader(locationName).String(*v.ExpectedBucketOwner)
@@ -3108,11 +3035,18 @@ func (m *awsRestxml_serializeOpGetBucketTagging) HandleSerialize(ctx context.Con
 		return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown input parameters type %T", in.Parameters)}
 	}
 
-	opPath, opQuery := httpbinding.SplitURI("/{Bucket}?tagging")
+	opPath, opQuery := httpbinding.SplitURI("/?tagging")
 	request.URL.Path = smithyhttp.JoinPath(request.URL.Path, opPath)
 	request.URL.RawQuery = smithyhttp.JoinRawQuery(request.URL.RawQuery, opQuery)
 	request.Method = "GET"
-	restEncoder, err := httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	var restEncoder *httpbinding.Encoder
+	if request.URL.RawPath == "" {
+		restEncoder, err = httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	} else {
+		request.URL.RawPath = smithyhttp.JoinPath(request.URL.RawPath, opPath)
+		restEncoder, err = httpbinding.NewEncoderWithRawPath(request.URL.Path, request.URL.RawPath, request.URL.RawQuery, request.Header)
+	}
+
 	if err != nil {
 		return out, metadata, &smithy.SerializationError{Err: err}
 	}
@@ -3133,15 +3067,6 @@ func awsRestxml_serializeOpHttpBindingsGetBucketTaggingInput(v *GetBucketTagging
 		return fmt.Errorf("unsupported serialization of nil %T", v)
 	}
 
-	if v.Bucket == nil || len(*v.Bucket) == 0 {
-		return &smithy.SerializationError{Err: fmt.Errorf("input member Bucket must not be empty")}
-	}
-	if v.Bucket != nil {
-		if err := encoder.SetURI("Bucket").String(*v.Bucket); err != nil {
-			return err
-		}
-	}
-
 	if v.ExpectedBucketOwner != nil && len(*v.ExpectedBucketOwner) > 0 {
 		locationName := "X-Amz-Expected-Bucket-Owner"
 		encoder.SetHeader(locationName).String(*v.ExpectedBucketOwner)
@@ -3171,11 +3096,18 @@ func (m *awsRestxml_serializeOpGetBucketVersioning) HandleSerialize(ctx context.
 		return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown input parameters type %T", in.Parameters)}
 	}
 
-	opPath, opQuery := httpbinding.SplitURI("/{Bucket}?versioning")
+	opPath, opQuery := httpbinding.SplitURI("/?versioning")
 	request.URL.Path = smithyhttp.JoinPath(request.URL.Path, opPath)
 	request.URL.RawQuery = smithyhttp.JoinRawQuery(request.URL.RawQuery, opQuery)
 	request.Method = "GET"
-	restEncoder, err := httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	var restEncoder *httpbinding.Encoder
+	if request.URL.RawPath == "" {
+		restEncoder, err = httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	} else {
+		request.URL.RawPath = smithyhttp.JoinPath(request.URL.RawPath, opPath)
+		restEncoder, err = httpbinding.NewEncoderWithRawPath(request.URL.Path, request.URL.RawPath, request.URL.RawQuery, request.Header)
+	}
+
 	if err != nil {
 		return out, metadata, &smithy.SerializationError{Err: err}
 	}
@@ -3196,15 +3128,6 @@ func awsRestxml_serializeOpHttpBindingsGetBucketVersioningInput(v *GetBucketVers
 		return fmt.Errorf("unsupported serialization of nil %T", v)
 	}
 
-	if v.Bucket == nil || len(*v.Bucket) == 0 {
-		return &smithy.SerializationError{Err: fmt.Errorf("input member Bucket must not be empty")}
-	}
-	if v.Bucket != nil {
-		if err := encoder.SetURI("Bucket").String(*v.Bucket); err != nil {
-			return err
-		}
-	}
-
 	if v.ExpectedBucketOwner != nil && len(*v.ExpectedBucketOwner) > 0 {
 		locationName := "X-Amz-Expected-Bucket-Owner"
 		encoder.SetHeader(locationName).String(*v.ExpectedBucketOwner)
@@ -3234,11 +3157,18 @@ func (m *awsRestxml_serializeOpGetBucketWebsite) HandleSerialize(ctx context.Con
 		return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown input parameters type %T", in.Parameters)}
 	}
 
-	opPath, opQuery := httpbinding.SplitURI("/{Bucket}?website")
+	opPath, opQuery := httpbinding.SplitURI("/?website")
 	request.URL.Path = smithyhttp.JoinPath(request.URL.Path, opPath)
 	request.URL.RawQuery = smithyhttp.JoinRawQuery(request.URL.RawQuery, opQuery)
 	request.Method = "GET"
-	restEncoder, err := httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	var restEncoder *httpbinding.Encoder
+	if request.URL.RawPath == "" {
+		restEncoder, err = httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	} else {
+		request.URL.RawPath = smithyhttp.JoinPath(request.URL.RawPath, opPath)
+		restEncoder, err = httpbinding.NewEncoderWithRawPath(request.URL.Path, request.URL.RawPath, request.URL.RawQuery, request.Header)
+	}
+
 	if err != nil {
 		return out, metadata, &smithy.SerializationError{Err: err}
 	}
@@ -3259,15 +3189,6 @@ func awsRestxml_serializeOpHttpBindingsGetBucketWebsiteInput(v *GetBucketWebsite
 		return fmt.Errorf("unsupported serialization of nil %T", v)
 	}
 
-	if v.Bucket == nil || len(*v.Bucket) == 0 {
-		return &smithy.SerializationError{Err: fmt.Errorf("input member Bucket must not be empty")}
-	}
-	if v.Bucket != nil {
-		if err := encoder.SetURI("Bucket").String(*v.Bucket); err != nil {
-			return err
-		}
-	}
-
 	if v.ExpectedBucketOwner != nil && len(*v.ExpectedBucketOwner) > 0 {
 		locationName := "X-Amz-Expected-Bucket-Owner"
 		encoder.SetHeader(locationName).String(*v.ExpectedBucketOwner)
@@ -3297,11 +3218,18 @@ func (m *awsRestxml_serializeOpGetObject) HandleSerialize(ctx context.Context, i
 		return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown input parameters type %T", in.Parameters)}
 	}
 
-	opPath, opQuery := httpbinding.SplitURI("/{Bucket}/{Key+}?x-id=GetObject")
+	opPath, opQuery := httpbinding.SplitURI("/{Key+}?x-id=GetObject")
 	request.URL.Path = smithyhttp.JoinPath(request.URL.Path, opPath)
 	request.URL.RawQuery = smithyhttp.JoinRawQuery(request.URL.RawQuery, opQuery)
 	request.Method = "GET"
-	restEncoder, err := httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	var restEncoder *httpbinding.Encoder
+	if request.URL.RawPath == "" {
+		restEncoder, err = httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	} else {
+		request.URL.RawPath = smithyhttp.JoinPath(request.URL.RawPath, opPath)
+		restEncoder, err = httpbinding.NewEncoderWithRawPath(request.URL.Path, request.URL.RawPath, request.URL.RawQuery, request.Header)
+	}
+
 	if err != nil {
 		return out, metadata, &smithy.SerializationError{Err: err}
 	}
@@ -3322,15 +3250,6 @@ func awsRestxml_serializeOpHttpBindingsGetObjectInput(v *GetObjectInput, encoder
 		return fmt.Errorf("unsupported serialization of nil %T", v)
 	}
 
-	if v.Bucket == nil || len(*v.Bucket) == 0 {
-		return &smithy.SerializationError{Err: fmt.Errorf("input member Bucket must not be empty")}
-	}
-	if v.Bucket != nil {
-		if err := encoder.SetURI("Bucket").String(*v.Bucket); err != nil {
-			return err
-		}
-	}
-
 	if len(v.ChecksumMode) > 0 {
 		locationName := "X-Amz-Checksum-Mode"
 		encoder.SetHeader(locationName).String(string(v.ChecksumMode))
@@ -3451,11 +3370,18 @@ func (m *awsRestxml_serializeOpGetObjectAcl) HandleSerialize(ctx context.Context
 		return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown input parameters type %T", in.Parameters)}
 	}
 
-	opPath, opQuery := httpbinding.SplitURI("/{Bucket}/{Key+}?acl")
+	opPath, opQuery := httpbinding.SplitURI("/{Key+}?acl")
 	request.URL.Path = smithyhttp.JoinPath(request.URL.Path, opPath)
 	request.URL.RawQuery = smithyhttp.JoinRawQuery(request.URL.RawQuery, opQuery)
 	request.Method = "GET"
-	restEncoder, err := httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	var restEncoder *httpbinding.Encoder
+	if request.URL.RawPath == "" {
+		restEncoder, err = httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	} else {
+		request.URL.RawPath = smithyhttp.JoinPath(request.URL.RawPath, opPath)
+		restEncoder, err = httpbinding.NewEncoderWithRawPath(request.URL.Path, request.URL.RawPath, request.URL.RawQuery, request.Header)
+	}
+
 	if err != nil {
 		return out, metadata, &smithy.SerializationError{Err: err}
 	}
@@ -3476,15 +3402,6 @@ func awsRestxml_serializeOpHttpBindingsGetObjectAclInput(v *GetObjectAclInput, e
 		return fmt.Errorf("unsupported serialization of nil %T", v)
 	}
 
-	if v.Bucket == nil || len(*v.Bucket) == 0 {
-		return &smithy.SerializationError{Err: fmt.Errorf("input member Bucket must not be empty")}
-	}
-	if v.Bucket != nil {
-		if err := encoder.SetURI("Bucket").String(*v.Bucket); err != nil {
-			return err
-		}
-	}
-
 	if v.ExpectedBucketOwner != nil && len(*v.ExpectedBucketOwner) > 0 {
 		locationName := "X-Amz-Expected-Bucket-Owner"
 		encoder.SetHeader(locationName).String(*v.ExpectedBucketOwner)
@@ -3532,11 +3449,18 @@ func (m *awsRestxml_serializeOpGetObjectAttributes) HandleSerialize(ctx context.
 		return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown input parameters type %T", in.Parameters)}
 	}
 
-	opPath, opQuery := httpbinding.SplitURI("/{Bucket}/{Key+}?attributes")
+	opPath, opQuery := httpbinding.SplitURI("/{Key+}?attributes")
 	request.URL.Path = smithyhttp.JoinPath(request.URL.Path, opPath)
 	request.URL.RawQuery = smithyhttp.JoinRawQuery(request.URL.RawQuery, opQuery)
 	request.Method = "GET"
-	restEncoder, err := httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	var restEncoder *httpbinding.Encoder
+	if request.URL.RawPath == "" {
+		restEncoder, err = httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	} else {
+		request.URL.RawPath = smithyhttp.JoinPath(request.URL.RawPath, opPath)
+		restEncoder, err = httpbinding.NewEncoderWithRawPath(request.URL.Path, request.URL.RawPath, request.URL.RawQuery, request.Header)
+	}
+
 	if err != nil {
 		return out, metadata, &smithy.SerializationError{Err: err}
 	}
@@ -3557,15 +3481,6 @@ func awsRestxml_serializeOpHttpBindingsGetObjectAttributesInput(v *GetObjectAttr
 		return fmt.Errorf("unsupported serialization of nil %T", v)
 	}
 
-	if v.Bucket == nil || len(*v.Bucket) == 0 {
-		return &smithy.SerializationError{Err: fmt.Errorf("input member Bucket must not be empty")}
-	}
-	if v.Bucket != nil {
-		if err := encoder.SetURI("Bucket").String(*v.Bucket); err != nil {
-			return err
-		}
-	}
-
 	if v.ExpectedBucketOwner != nil && len(*v.ExpectedBucketOwner) > 0 {
 		locationName := "X-Amz-Expected-Bucket-Owner"
 		encoder.SetHeader(locationName).String(*v.ExpectedBucketOwner)
@@ -3652,11 +3567,18 @@ func (m *awsRestxml_serializeOpGetObjectLegalHold) HandleSerialize(ctx context.C
 		return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown input parameters type %T", in.Parameters)}
 	}
 
-	opPath, opQuery := httpbinding.SplitURI("/{Bucket}/{Key+}?legal-hold")
+	opPath, opQuery := httpbinding.SplitURI("/{Key+}?legal-hold")
 	request.URL.Path = smithyhttp.JoinPath(request.URL.Path, opPath)
 	request.URL.RawQuery = smithyhttp.JoinRawQuery(request.URL.RawQuery, opQuery)
 	request.Method = "GET"
-	restEncoder, err := httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	var restEncoder *httpbinding.Encoder
+	if request.URL.RawPath == "" {
+		restEncoder, err = httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	} else {
+		request.URL.RawPath = smithyhttp.JoinPath(request.URL.RawPath, opPath)
+		restEncoder, err = httpbinding.NewEncoderWithRawPath(request.URL.Path, request.URL.RawPath, request.URL.RawQuery, request.Header)
+	}
+
 	if err != nil {
 		return out, metadata, &smithy.SerializationError{Err: err}
 	}
@@ -3677,15 +3599,6 @@ func awsRestxml_serializeOpHttpBindingsGetObjectLegalHoldInput(v *GetObjectLegal
 		return fmt.Errorf("unsupported serialization of nil %T", v)
 	}
 
-	if v.Bucket == nil || len(*v.Bucket) == 0 {
-		return &smithy.SerializationError{Err: fmt.Errorf("input member Bucket must not be empty")}
-	}
-	if v.Bucket != nil {
-		if err := encoder.SetURI("Bucket").String(*v.Bucket); err != nil {
-			return err
-		}
-	}
-
 	if v.ExpectedBucketOwner != nil && len(*v.ExpectedBucketOwner) > 0 {
 		locationName := "X-Amz-Expected-Bucket-Owner"
 		encoder.SetHeader(locationName).String(*v.ExpectedBucketOwner)
@@ -3733,11 +3646,18 @@ func (m *awsRestxml_serializeOpGetObjectLockConfiguration) HandleSerialize(ctx c
 		return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown input parameters type %T", in.Parameters)}
 	}
 
-	opPath, opQuery := httpbinding.SplitURI("/{Bucket}?object-lock")
+	opPath, opQuery := httpbinding.SplitURI("/?object-lock")
 	request.URL.Path = smithyhttp.JoinPath(request.URL.Path, opPath)
 	request.URL.RawQuery = smithyhttp.JoinRawQuery(request.URL.RawQuery, opQuery)
 	request.Method = "GET"
-	restEncoder, err := httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	var restEncoder *httpbinding.Encoder
+	if request.URL.RawPath == "" {
+		restEncoder, err = httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	} else {
+		request.URL.RawPath = smithyhttp.JoinPath(request.URL.RawPath, opPath)
+		restEncoder, err = httpbinding.NewEncoderWithRawPath(request.URL.Path, request.URL.RawPath, request.URL.RawQuery, request.Header)
+	}
+
 	if err != nil {
 		return out, metadata, &smithy.SerializationError{Err: err}
 	}
@@ -3758,15 +3678,6 @@ func awsRestxml_serializeOpHttpBindingsGetObjectLockConfigurationInput(v *GetObj
 		return fmt.Errorf("unsupported serialization of nil %T", v)
 	}
 
-	if v.Bucket == nil || len(*v.Bucket) == 0 {
-		return &smithy.SerializationError{Err: fmt.Errorf("input member Bucket must not be empty")}
-	}
-	if v.Bucket != nil {
-		if err := encoder.SetURI("Bucket").String(*v.Bucket); err != nil {
-			return err
-		}
-	}
-
 	if v.ExpectedBucketOwner != nil && len(*v.ExpectedBucketOwner) > 0 {
 		locationName := "X-Amz-Expected-Bucket-Owner"
 		encoder.SetHeader(locationName).String(*v.ExpectedBucketOwner)
@@ -3796,11 +3707,18 @@ func (m *awsRestxml_serializeOpGetObjectRetention) HandleSerialize(ctx context.C
 		return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown input parameters type %T", in.Parameters)}
 	}
 
-	opPath, opQuery := httpbinding.SplitURI("/{Bucket}/{Key+}?retention")
+	opPath, opQuery := httpbinding.SplitURI("/{Key+}?retention")
 	request.URL.Path = smithyhttp.JoinPath(request.URL.Path, opPath)
 	request.URL.RawQuery = smithyhttp.JoinRawQuery(request.URL.RawQuery, opQuery)
 	request.Method = "GET"
-	restEncoder, err := httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	var restEncoder *httpbinding.Encoder
+	if request.URL.RawPath == "" {
+		restEncoder, err = httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	} else {
+		request.URL.RawPath = smithyhttp.JoinPath(request.URL.RawPath, opPath)
+		restEncoder, err = httpbinding.NewEncoderWithRawPath(request.URL.Path, request.URL.RawPath, request.URL.RawQuery, request.Header)
+	}
+
 	if err != nil {
 		return out, metadata, &smithy.SerializationError{Err: err}
 	}
@@ -3821,15 +3739,6 @@ func awsRestxml_serializeOpHttpBindingsGetObjectRetentionInput(v *GetObjectReten
 		return fmt.Errorf("unsupported serialization of nil %T", v)
 	}
 
-	if v.Bucket == nil || len(*v.Bucket) == 0 {
-		return &smithy.SerializationError{Err: fmt.Errorf("input member Bucket must not be empty")}
-	}
-	if v.Bucket != nil {
-		if err := encoder.SetURI("Bucket").String(*v.Bucket); err != nil {
-			return err
-		}
-	}
-
 	if v.ExpectedBucketOwner != nil && len(*v.ExpectedBucketOwner) > 0 {
 		locationName := "X-Amz-Expected-Bucket-Owner"
 		encoder.SetHeader(locationName).String(*v.ExpectedBucketOwner)
@@ -3877,11 +3786,18 @@ func (m *awsRestxml_serializeOpGetObjectTagging) HandleSerialize(ctx context.Con
 		return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown input parameters type %T", in.Parameters)}
 	}
 
-	opPath, opQuery := httpbinding.SplitURI("/{Bucket}/{Key+}?tagging")
+	opPath, opQuery := httpbinding.SplitURI("/{Key+}?tagging")
 	request.URL.Path = smithyhttp.JoinPath(request.URL.Path, opPath)
 	request.URL.RawQuery = smithyhttp.JoinRawQuery(request.URL.RawQuery, opQuery)
 	request.Method = "GET"
-	restEncoder, err := httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	var restEncoder *httpbinding.Encoder
+	if request.URL.RawPath == "" {
+		restEncoder, err = httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	} else {
+		request.URL.RawPath = smithyhttp.JoinPath(request.URL.RawPath, opPath)
+		restEncoder, err = httpbinding.NewEncoderWithRawPath(request.URL.Path, request.URL.RawPath, request.URL.RawQuery, request.Header)
+	}
+
 	if err != nil {
 		return out, metadata, &smithy.SerializationError{Err: err}
 	}
@@ -3902,15 +3818,6 @@ func awsRestxml_serializeOpHttpBindingsGetObjectTaggingInput(v *GetObjectTagging
 		return fmt.Errorf("unsupported serialization of nil %T", v)
 	}
 
-	if v.Bucket == nil || len(*v.Bucket) == 0 {
-		return &smithy.SerializationError{Err: fmt.Errorf("input member Bucket must not be empty")}
-	}
-	if v.Bucket != nil {
-		if err := encoder.SetURI("Bucket").String(*v.Bucket); err != nil {
-			return err
-		}
-	}
-
 	if v.ExpectedBucketOwner != nil && len(*v.ExpectedBucketOwner) > 0 {
 		locationName := "X-Amz-Expected-Bucket-Owner"
 		encoder.SetHeader(locationName).String(*v.ExpectedBucketOwner)
@@ -3958,11 +3865,18 @@ func (m *awsRestxml_serializeOpGetObjectTorrent) HandleSerialize(ctx context.Con
 		return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown input parameters type %T", in.Parameters)}
 	}
 
-	opPath, opQuery := httpbinding.SplitURI("/{Bucket}/{Key+}?torrent")
+	opPath, opQuery := httpbinding.SplitURI("/{Key+}?torrent")
 	request.URL.Path = smithyhttp.JoinPath(request.URL.Path, opPath)
 	request.URL.RawQuery = smithyhttp.JoinRawQuery(request.URL.RawQuery, opQuery)
 	request.Method = "GET"
-	restEncoder, err := httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	var restEncoder *httpbinding.Encoder
+	if request.URL.RawPath == "" {
+		restEncoder, err = httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	} else {
+		request.URL.RawPath = smithyhttp.JoinPath(request.URL.RawPath, opPath)
+		restEncoder, err = httpbinding.NewEncoderWithRawPath(request.URL.Path, request.URL.RawPath, request.URL.RawQuery, request.Header)
+	}
+
 	if err != nil {
 		return out, metadata, &smithy.SerializationError{Err: err}
 	}
@@ -3983,15 +3897,6 @@ func awsRestxml_serializeOpHttpBindingsGetObjectTorrentInput(v *GetObjectTorrent
 		return fmt.Errorf("unsupported serialization of nil %T", v)
 	}
 
-	if v.Bucket == nil || len(*v.Bucket) == 0 {
-		return &smithy.SerializationError{Err: fmt.Errorf("input member Bucket must not be empty")}
-	}
-	if v.Bucket != nil {
-		if err := encoder.SetURI("Bucket").String(*v.Bucket); err != nil {
-			return err
-		}
-	}
-
 	if v.ExpectedBucketOwner != nil && len(*v.ExpectedBucketOwner) > 0 {
 		locationName := "X-Amz-Expected-Bucket-Owner"
 		encoder.SetHeader(locationName).String(*v.ExpectedBucketOwner)
@@ -4035,11 +3940,18 @@ func (m *awsRestxml_serializeOpGetPublicAccessBlock) HandleSerialize(ctx context
 		return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown input parameters type %T", in.Parameters)}
 	}
 
-	opPath, opQuery := httpbinding.SplitURI("/{Bucket}?publicAccessBlock")
+	opPath, opQuery := httpbinding.SplitURI("/?publicAccessBlock")
 	request.URL.Path = smithyhttp.JoinPath(request.URL.Path, opPath)
 	request.URL.RawQuery = smithyhttp.JoinRawQuery(request.URL.RawQuery, opQuery)
 	request.Method = "GET"
-	restEncoder, err := httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	var restEncoder *httpbinding.Encoder
+	if request.URL.RawPath == "" {
+		restEncoder, err = httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	} else {
+		request.URL.RawPath = smithyhttp.JoinPath(request.URL.RawPath, opPath)
+		restEncoder, err = httpbinding.NewEncoderWithRawPath(request.URL.Path, request.URL.RawPath, request.URL.RawQuery, request.Header)
+	}
+
 	if err != nil {
 		return out, metadata, &smithy.SerializationError{Err: err}
 	}
@@ -4060,15 +3972,6 @@ func awsRestxml_serializeOpHttpBindingsGetPublicAccessBlockInput(v *GetPublicAcc
 		return fmt.Errorf("unsupported serialization of nil %T", v)
 	}
 
-	if v.Bucket == nil || len(*v.Bucket) == 0 {
-		return &smithy.SerializationError{Err: fmt.Errorf("input member Bucket must not be empty")}
-	}
-	if v.Bucket != nil {
-		if err := encoder.SetURI("Bucket").String(*v.Bucket); err != nil {
-			return err
-		}
-	}
-
 	if v.ExpectedBucketOwner != nil && len(*v.ExpectedBucketOwner) > 0 {
 		locationName := "X-Amz-Expected-Bucket-Owner"
 		encoder.SetHeader(locationName).String(*v.ExpectedBucketOwner)
@@ -4098,11 +4001,18 @@ func (m *awsRestxml_serializeOpHeadBucket) HandleSerialize(ctx context.Context,
 		return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown input parameters type %T", in.Parameters)}
 	}
 
-	opPath, opQuery := httpbinding.SplitURI("/{Bucket}")
+	opPath, opQuery := httpbinding.SplitURI("/")
 	request.URL.Path = smithyhttp.JoinPath(request.URL.Path, opPath)
 	request.URL.RawQuery = smithyhttp.JoinRawQuery(request.URL.RawQuery, opQuery)
 	request.Method = "HEAD"
-	restEncoder, err := httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	var restEncoder *httpbinding.Encoder
+	if request.URL.RawPath == "" {
+		restEncoder, err = httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	} else {
+		request.URL.RawPath = smithyhttp.JoinPath(request.URL.RawPath, opPath)
+		restEncoder, err = httpbinding.NewEncoderWithRawPath(request.URL.Path, request.URL.RawPath, request.URL.RawQuery, request.Header)
+	}
+
 	if err != nil {
 		return out, metadata, &smithy.SerializationError{Err: err}
 	}
@@ -4123,15 +4033,6 @@ func awsRestxml_serializeOpHttpBindingsHeadBucketInput(v *HeadBucketInput, encod
 		return fmt.Errorf("unsupported serialization of nil %T", v)
 	}
 
-	if v.Bucket == nil || len(*v.Bucket) == 0 {
-		return &smithy.SerializationError{Err: fmt.Errorf("input member Bucket must not be empty")}
-	}
-	if v.Bucket != nil {
-		if err := encoder.SetURI("Bucket").String(*v.Bucket); err != nil {
-			return err
-		}
-	}
-
 	if v.ExpectedBucketOwner != nil && len(*v.ExpectedBucketOwner) > 0 {
 		locationName := "X-Amz-Expected-Bucket-Owner"
 		encoder.SetHeader(locationName).String(*v.ExpectedBucketOwner)
@@ -4161,11 +4062,18 @@ func (m *awsRestxml_serializeOpHeadObject) HandleSerialize(ctx context.Context,
 		return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown input parameters type %T", in.Parameters)}
 	}
 
-	opPath, opQuery := httpbinding.SplitURI("/{Bucket}/{Key+}")
+	opPath, opQuery := httpbinding.SplitURI("/{Key+}")
 	request.URL.Path = smithyhttp.JoinPath(request.URL.Path, opPath)
 	request.URL.RawQuery = smithyhttp.JoinRawQuery(request.URL.RawQuery, opQuery)
 	request.Method = "HEAD"
-	restEncoder, err := httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	var restEncoder *httpbinding.Encoder
+	if request.URL.RawPath == "" {
+		restEncoder, err = httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	} else {
+		request.URL.RawPath = smithyhttp.JoinPath(request.URL.RawPath, opPath)
+		restEncoder, err = httpbinding.NewEncoderWithRawPath(request.URL.Path, request.URL.RawPath, request.URL.RawQuery, request.Header)
+	}
+
 	if err != nil {
 		return out, metadata, &smithy.SerializationError{Err: err}
 	}
@@ -4186,15 +4094,6 @@ func awsRestxml_serializeOpHttpBindingsHeadObjectInput(v *HeadObjectInput, encod
 		return fmt.Errorf("unsupported serialization of nil %T", v)
 	}
 
-	if v.Bucket == nil || len(*v.Bucket) == 0 {
-		return &smithy.SerializationError{Err: fmt.Errorf("input member Bucket must not be empty")}
-	}
-	if v.Bucket != nil {
-		if err := encoder.SetURI("Bucket").String(*v.Bucket); err != nil {
-			return err
-		}
-	}
-
 	if len(v.ChecksumMode) > 0 {
 		locationName := "X-Amz-Checksum-Mode"
 		encoder.SetHeader(locationName).String(string(v.ChecksumMode))
@@ -4291,11 +4190,18 @@ func (m *awsRestxml_serializeOpListBucketAnalyticsConfigurations) HandleSerializ
 		return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown input parameters type %T", in.Parameters)}
 	}
 
-	opPath, opQuery := httpbinding.SplitURI("/{Bucket}?analytics&x-id=ListBucketAnalyticsConfigurations")
+	opPath, opQuery := httpbinding.SplitURI("/?analytics&x-id=ListBucketAnalyticsConfigurations")
 	request.URL.Path = smithyhttp.JoinPath(request.URL.Path, opPath)
 	request.URL.RawQuery = smithyhttp.JoinRawQuery(request.URL.RawQuery, opQuery)
 	request.Method = "GET"
-	restEncoder, err := httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	var restEncoder *httpbinding.Encoder
+	if request.URL.RawPath == "" {
+		restEncoder, err = httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	} else {
+		request.URL.RawPath = smithyhttp.JoinPath(request.URL.RawPath, opPath)
+		restEncoder, err = httpbinding.NewEncoderWithRawPath(request.URL.Path, request.URL.RawPath, request.URL.RawQuery, request.Header)
+	}
+
 	if err != nil {
 		return out, metadata, &smithy.SerializationError{Err: err}
 	}
@@ -4316,15 +4222,6 @@ func awsRestxml_serializeOpHttpBindingsListBucketAnalyticsConfigurationsInput(v
 		return fmt.Errorf("unsupported serialization of nil %T", v)
 	}
 
-	if v.Bucket == nil || len(*v.Bucket) == 0 {
-		return &smithy.SerializationError{Err: fmt.Errorf("input member Bucket must not be empty")}
-	}
-	if v.Bucket != nil {
-		if err := encoder.SetURI("Bucket").String(*v.Bucket); err != nil {
-			return err
-		}
-	}
-
 	if v.ContinuationToken != nil {
 		encoder.SetQuery("continuation-token").String(*v.ContinuationToken)
 	}
@@ -4358,11 +4255,18 @@ func (m *awsRestxml_serializeOpListBucketIntelligentTieringConfigurations) Handl
 		return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown input parameters type %T", in.Parameters)}
 	}
 
-	opPath, opQuery := httpbinding.SplitURI("/{Bucket}?intelligent-tiering&x-id=ListBucketIntelligentTieringConfigurations")
+	opPath, opQuery := httpbinding.SplitURI("/?intelligent-tiering&x-id=ListBucketIntelligentTieringConfigurations")
 	request.URL.Path = smithyhttp.JoinPath(request.URL.Path, opPath)
 	request.URL.RawQuery = smithyhttp.JoinRawQuery(request.URL.RawQuery, opQuery)
 	request.Method = "GET"
-	restEncoder, err := httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	var restEncoder *httpbinding.Encoder
+	if request.URL.RawPath == "" {
+		restEncoder, err = httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	} else {
+		request.URL.RawPath = smithyhttp.JoinPath(request.URL.RawPath, opPath)
+		restEncoder, err = httpbinding.NewEncoderWithRawPath(request.URL.Path, request.URL.RawPath, request.URL.RawQuery, request.Header)
+	}
+
 	if err != nil {
 		return out, metadata, &smithy.SerializationError{Err: err}
 	}
@@ -4383,15 +4287,6 @@ func awsRestxml_serializeOpHttpBindingsListBucketIntelligentTieringConfiguration
 		return fmt.Errorf("unsupported serialization of nil %T", v)
 	}
 
-	if v.Bucket == nil || len(*v.Bucket) == 0 {
-		return &smithy.SerializationError{Err: fmt.Errorf("input member Bucket must not be empty")}
-	}
-	if v.Bucket != nil {
-		if err := encoder.SetURI("Bucket").String(*v.Bucket); err != nil {
-			return err
-		}
-	}
-
 	if v.ContinuationToken != nil {
 		encoder.SetQuery("continuation-token").String(*v.ContinuationToken)
 	}
@@ -4420,11 +4315,18 @@ func (m *awsRestxml_serializeOpListBucketInventoryConfigurations) HandleSerializ
 		return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown input parameters type %T", in.Parameters)}
 	}
 
-	opPath, opQuery := httpbinding.SplitURI("/{Bucket}?inventory&x-id=ListBucketInventoryConfigurations")
+	opPath, opQuery := httpbinding.SplitURI("/?inventory&x-id=ListBucketInventoryConfigurations")
 	request.URL.Path = smithyhttp.JoinPath(request.URL.Path, opPath)
 	request.URL.RawQuery = smithyhttp.JoinRawQuery(request.URL.RawQuery, opQuery)
 	request.Method = "GET"
-	restEncoder, err := httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	var restEncoder *httpbinding.Encoder
+	if request.URL.RawPath == "" {
+		restEncoder, err = httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	} else {
+		request.URL.RawPath = smithyhttp.JoinPath(request.URL.RawPath, opPath)
+		restEncoder, err = httpbinding.NewEncoderWithRawPath(request.URL.Path, request.URL.RawPath, request.URL.RawQuery, request.Header)
+	}
+
 	if err != nil {
 		return out, metadata, &smithy.SerializationError{Err: err}
 	}
@@ -4445,15 +4347,6 @@ func awsRestxml_serializeOpHttpBindingsListBucketInventoryConfigurationsInput(v
 		return fmt.Errorf("unsupported serialization of nil %T", v)
 	}
 
-	if v.Bucket == nil || len(*v.Bucket) == 0 {
-		return &smithy.SerializationError{Err: fmt.Errorf("input member Bucket must not be empty")}
-	}
-	if v.Bucket != nil {
-		if err := encoder.SetURI("Bucket").String(*v.Bucket); err != nil {
-			return err
-		}
-	}
-
 	if v.ContinuationToken != nil {
 		encoder.SetQuery("continuation-token").String(*v.ContinuationToken)
 	}
@@ -4487,11 +4380,18 @@ func (m *awsRestxml_serializeOpListBucketMetricsConfigurations) HandleSerialize(
 		return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown input parameters type %T", in.Parameters)}
 	}
 
-	opPath, opQuery := httpbinding.SplitURI("/{Bucket}?metrics&x-id=ListBucketMetricsConfigurations")
+	opPath, opQuery := httpbinding.SplitURI("/?metrics&x-id=ListBucketMetricsConfigurations")
 	request.URL.Path = smithyhttp.JoinPath(request.URL.Path, opPath)
 	request.URL.RawQuery = smithyhttp.JoinRawQuery(request.URL.RawQuery, opQuery)
 	request.Method = "GET"
-	restEncoder, err := httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	var restEncoder *httpbinding.Encoder
+	if request.URL.RawPath == "" {
+		restEncoder, err = httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	} else {
+		request.URL.RawPath = smithyhttp.JoinPath(request.URL.RawPath, opPath)
+		restEncoder, err = httpbinding.NewEncoderWithRawPath(request.URL.Path, request.URL.RawPath, request.URL.RawQuery, request.Header)
+	}
+
 	if err != nil {
 		return out, metadata, &smithy.SerializationError{Err: err}
 	}
@@ -4512,15 +4412,6 @@ func awsRestxml_serializeOpHttpBindingsListBucketMetricsConfigurationsInput(v *L
 		return fmt.Errorf("unsupported serialization of nil %T", v)
 	}
 
-	if v.Bucket == nil || len(*v.Bucket) == 0 {
-		return &smithy.SerializationError{Err: fmt.Errorf("input member Bucket must not be empty")}
-	}
-	if v.Bucket != nil {
-		if err := encoder.SetURI("Bucket").String(*v.Bucket); err != nil {
-			return err
-		}
-	}
-
 	if v.ContinuationToken != nil {
 		encoder.SetQuery("continuation-token").String(*v.ContinuationToken)
 	}
@@ -4558,7 +4449,14 @@ func (m *awsRestxml_serializeOpListBuckets) HandleSerialize(ctx context.Context,
 	request.URL.Path = smithyhttp.JoinPath(request.URL.Path, opPath)
 	request.URL.RawQuery = smithyhttp.JoinRawQuery(request.URL.RawQuery, opQuery)
 	request.Method = "GET"
-	restEncoder, err := httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	var restEncoder *httpbinding.Encoder
+	if request.URL.RawPath == "" {
+		restEncoder, err = httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	} else {
+		request.URL.RawPath = smithyhttp.JoinPath(request.URL.RawPath, opPath)
+		restEncoder, err = httpbinding.NewEncoderWithRawPath(request.URL.Path, request.URL.RawPath, request.URL.RawQuery, request.Header)
+	}
+
 	if err != nil {
 		return out, metadata, &smithy.SerializationError{Err: err}
 	}
@@ -4599,11 +4497,18 @@ func (m *awsRestxml_serializeOpListMultipartUploads) HandleSerialize(ctx context
 		return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown input parameters type %T", in.Parameters)}
 	}
 
-	opPath, opQuery := httpbinding.SplitURI("/{Bucket}?uploads")
+	opPath, opQuery := httpbinding.SplitURI("/?uploads")
 	request.URL.Path = smithyhttp.JoinPath(request.URL.Path, opPath)
 	request.URL.RawQuery = smithyhttp.JoinRawQuery(request.URL.RawQuery, opQuery)
 	request.Method = "GET"
-	restEncoder, err := httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	var restEncoder *httpbinding.Encoder
+	if request.URL.RawPath == "" {
+		restEncoder, err = httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	} else {
+		request.URL.RawPath = smithyhttp.JoinPath(request.URL.RawPath, opPath)
+		restEncoder, err = httpbinding.NewEncoderWithRawPath(request.URL.Path, request.URL.RawPath, request.URL.RawQuery, request.Header)
+	}
+
 	if err != nil {
 		return out, metadata, &smithy.SerializationError{Err: err}
 	}
@@ -4624,15 +4529,6 @@ func awsRestxml_serializeOpHttpBindingsListMultipartUploadsInput(v *ListMultipar
 		return fmt.Errorf("unsupported serialization of nil %T", v)
 	}
 
-	if v.Bucket == nil || len(*v.Bucket) == 0 {
-		return &smithy.SerializationError{Err: fmt.Errorf("input member Bucket must not be empty")}
-	}
-	if v.Bucket != nil {
-		if err := encoder.SetURI("Bucket").String(*v.Bucket); err != nil {
-			return err
-		}
-	}
-
 	if v.Delimiter != nil {
 		encoder.SetQuery("delimiter").String(*v.Delimiter)
 	}
@@ -4658,6 +4554,11 @@ func awsRestxml_serializeOpHttpBindingsListMultipartUploadsInput(v *ListMultipar
 		encoder.SetQuery("prefix").String(*v.Prefix)
 	}
 
+	if len(v.RequestPayer) > 0 {
+		locationName := "X-Amz-Request-Payer"
+		encoder.SetHeader(locationName).String(string(v.RequestPayer))
+	}
+
 	if v.UploadIdMarker != nil {
 		encoder.SetQuery("upload-id-marker").String(*v.UploadIdMarker)
 	}
@@ -4686,11 +4587,18 @@ func (m *awsRestxml_serializeOpListObjects) HandleSerialize(ctx context.Context,
 		return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown input parameters type %T", in.Parameters)}
 	}
 
-	opPath, opQuery := httpbinding.SplitURI("/{Bucket}")
+	opPath, opQuery := httpbinding.SplitURI("/")
 	request.URL.Path = smithyhttp.JoinPath(request.URL.Path, opPath)
 	request.URL.RawQuery = smithyhttp.JoinRawQuery(request.URL.RawQuery, opQuery)
 	request.Method = "GET"
-	restEncoder, err := httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	var restEncoder *httpbinding.Encoder
+	if request.URL.RawPath == "" {
+		restEncoder, err = httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	} else {
+		request.URL.RawPath = smithyhttp.JoinPath(request.URL.RawPath, opPath)
+		restEncoder, err = httpbinding.NewEncoderWithRawPath(request.URL.Path, request.URL.RawPath, request.URL.RawQuery, request.Header)
+	}
+
 	if err != nil {
 		return out, metadata, &smithy.SerializationError{Err: err}
 	}
@@ -4711,15 +4619,6 @@ func awsRestxml_serializeOpHttpBindingsListObjectsInput(v *ListObjectsInput, enc
 		return fmt.Errorf("unsupported serialization of nil %T", v)
 	}
 
-	if v.Bucket == nil || len(*v.Bucket) == 0 {
-		return &smithy.SerializationError{Err: fmt.Errorf("input member Bucket must not be empty")}
-	}
-	if v.Bucket != nil {
-		if err := encoder.SetURI("Bucket").String(*v.Bucket); err != nil {
-			return err
-		}
-	}
-
 	if v.Delimiter != nil {
 		encoder.SetQuery("delimiter").String(*v.Delimiter)
 	}
@@ -4741,6 +4640,20 @@ func awsRestxml_serializeOpHttpBindingsListObjectsInput(v *ListObjectsInput, enc
 		encoder.SetQuery("max-keys").Integer(v.MaxKeys)
 	}
 
+	if v.OptionalObjectAttributes != nil {
+		locationName := "X-Amz-Optional-Object-Attributes"
+		for i := range v.OptionalObjectAttributes {
+			if len(v.OptionalObjectAttributes[i]) > 0 {
+				escaped := string(v.OptionalObjectAttributes[i])
+				if strings.Index(string(v.OptionalObjectAttributes[i]), `,`) != -1 || strings.Index(string(v.OptionalObjectAttributes[i]), `"`) != -1 {
+					escaped = strconv.Quote(string(v.OptionalObjectAttributes[i]))
+				}
+
+				encoder.AddHeader(locationName).String(string(escaped))
+			}
+		}
+	}
+
 	if v.Prefix != nil {
 		encoder.SetQuery("prefix").String(*v.Prefix)
 	}
@@ -4774,11 +4687,18 @@ func (m *awsRestxml_serializeOpListObjectsV2) HandleSerialize(ctx context.Contex
 		return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown input parameters type %T", in.Parameters)}
 	}
 
-	opPath, opQuery := httpbinding.SplitURI("/{Bucket}?list-type=2")
+	opPath, opQuery := httpbinding.SplitURI("/?list-type=2")
 	request.URL.Path = smithyhttp.JoinPath(request.URL.Path, opPath)
 	request.URL.RawQuery = smithyhttp.JoinRawQuery(request.URL.RawQuery, opQuery)
 	request.Method = "GET"
-	restEncoder, err := httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	var restEncoder *httpbinding.Encoder
+	if request.URL.RawPath == "" {
+		restEncoder, err = httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	} else {
+		request.URL.RawPath = smithyhttp.JoinPath(request.URL.RawPath, opPath)
+		restEncoder, err = httpbinding.NewEncoderWithRawPath(request.URL.Path, request.URL.RawPath, request.URL.RawQuery, request.Header)
+	}
+
 	if err != nil {
 		return out, metadata, &smithy.SerializationError{Err: err}
 	}
@@ -4799,15 +4719,6 @@ func awsRestxml_serializeOpHttpBindingsListObjectsV2Input(v *ListObjectsV2Input,
 		return fmt.Errorf("unsupported serialization of nil %T", v)
 	}
 
-	if v.Bucket == nil || len(*v.Bucket) == 0 {
-		return &smithy.SerializationError{Err: fmt.Errorf("input member Bucket must not be empty")}
-	}
-	if v.Bucket != nil {
-		if err := encoder.SetURI("Bucket").String(*v.Bucket); err != nil {
-			return err
-		}
-	}
-
 	if v.ContinuationToken != nil {
 		encoder.SetQuery("continuation-token").String(*v.ContinuationToken)
 	}
@@ -4833,6 +4744,20 @@ func awsRestxml_serializeOpHttpBindingsListObjectsV2Input(v *ListObjectsV2Input,
 		encoder.SetQuery("max-keys").Integer(v.MaxKeys)
 	}
 
+	if v.OptionalObjectAttributes != nil {
+		locationName := "X-Amz-Optional-Object-Attributes"
+		for i := range v.OptionalObjectAttributes {
+			if len(v.OptionalObjectAttributes[i]) > 0 {
+				escaped := string(v.OptionalObjectAttributes[i])
+				if strings.Index(string(v.OptionalObjectAttributes[i]), `,`) != -1 || strings.Index(string(v.OptionalObjectAttributes[i]), `"`) != -1 {
+					escaped = strconv.Quote(string(v.OptionalObjectAttributes[i]))
+				}
+
+				encoder.AddHeader(locationName).String(string(escaped))
+			}
+		}
+	}
+
 	if v.Prefix != nil {
 		encoder.SetQuery("prefix").String(*v.Prefix)
 	}
@@ -4870,11 +4795,18 @@ func (m *awsRestxml_serializeOpListObjectVersions) HandleSerialize(ctx context.C
 		return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown input parameters type %T", in.Parameters)}
 	}
 
-	opPath, opQuery := httpbinding.SplitURI("/{Bucket}?versions")
+	opPath, opQuery := httpbinding.SplitURI("/?versions")
 	request.URL.Path = smithyhttp.JoinPath(request.URL.Path, opPath)
 	request.URL.RawQuery = smithyhttp.JoinRawQuery(request.URL.RawQuery, opQuery)
 	request.Method = "GET"
-	restEncoder, err := httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	var restEncoder *httpbinding.Encoder
+	if request.URL.RawPath == "" {
+		restEncoder, err = httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	} else {
+		request.URL.RawPath = smithyhttp.JoinPath(request.URL.RawPath, opPath)
+		restEncoder, err = httpbinding.NewEncoderWithRawPath(request.URL.Path, request.URL.RawPath, request.URL.RawQuery, request.Header)
+	}
+
 	if err != nil {
 		return out, metadata, &smithy.SerializationError{Err: err}
 	}
@@ -4891,17 +4823,8 @@ func (m *awsRestxml_serializeOpListObjectVersions) HandleSerialize(ctx context.C
 	return next.HandleSerialize(ctx, in)
 }
 func awsRestxml_serializeOpHttpBindingsListObjectVersionsInput(v *ListObjectVersionsInput, encoder *httpbinding.Encoder) error {
-	if v == nil {
-		return fmt.Errorf("unsupported serialization of nil %T", v)
-	}
-
-	if v.Bucket == nil || len(*v.Bucket) == 0 {
-		return &smithy.SerializationError{Err: fmt.Errorf("input member Bucket must not be empty")}
-	}
-	if v.Bucket != nil {
-		if err := encoder.SetURI("Bucket").String(*v.Bucket); err != nil {
-			return err
-		}
+	if v == nil {
+		return fmt.Errorf("unsupported serialization of nil %T", v)
 	}
 
 	if v.Delimiter != nil {
@@ -4925,10 +4848,29 @@ func awsRestxml_serializeOpHttpBindingsListObjectVersionsInput(v *ListObjectVers
 		encoder.SetQuery("max-keys").Integer(v.MaxKeys)
 	}
 
+	if v.OptionalObjectAttributes != nil {
+		locationName := "X-Amz-Optional-Object-Attributes"
+		for i := range v.OptionalObjectAttributes {
+			if len(v.OptionalObjectAttributes[i]) > 0 {
+				escaped := string(v.OptionalObjectAttributes[i])
+				if strings.Index(string(v.OptionalObjectAttributes[i]), `,`) != -1 || strings.Index(string(v.OptionalObjectAttributes[i]), `"`) != -1 {
+					escaped = strconv.Quote(string(v.OptionalObjectAttributes[i]))
+				}
+
+				encoder.AddHeader(locationName).String(string(escaped))
+			}
+		}
+	}
+
 	if v.Prefix != nil {
 		encoder.SetQuery("prefix").String(*v.Prefix)
 	}
 
+	if len(v.RequestPayer) > 0 {
+		locationName := "X-Amz-Request-Payer"
+		encoder.SetHeader(locationName).String(string(v.RequestPayer))
+	}
+
 	if v.VersionIdMarker != nil {
 		encoder.SetQuery("version-id-marker").String(*v.VersionIdMarker)
 	}
@@ -4957,11 +4899,18 @@ func (m *awsRestxml_serializeOpListParts) HandleSerialize(ctx context.Context, i
 		return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown input parameters type %T", in.Parameters)}
 	}
 
-	opPath, opQuery := httpbinding.SplitURI("/{Bucket}/{Key+}?x-id=ListParts")
+	opPath, opQuery := httpbinding.SplitURI("/{Key+}?x-id=ListParts")
 	request.URL.Path = smithyhttp.JoinPath(request.URL.Path, opPath)
 	request.URL.RawQuery = smithyhttp.JoinRawQuery(request.URL.RawQuery, opQuery)
 	request.Method = "GET"
-	restEncoder, err := httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	var restEncoder *httpbinding.Encoder
+	if request.URL.RawPath == "" {
+		restEncoder, err = httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	} else {
+		request.URL.RawPath = smithyhttp.JoinPath(request.URL.RawPath, opPath)
+		restEncoder, err = httpbinding.NewEncoderWithRawPath(request.URL.Path, request.URL.RawPath, request.URL.RawQuery, request.Header)
+	}
+
 	if err != nil {
 		return out, metadata, &smithy.SerializationError{Err: err}
 	}
@@ -4982,15 +4931,6 @@ func awsRestxml_serializeOpHttpBindingsListPartsInput(v *ListPartsInput, encoder
 		return fmt.Errorf("unsupported serialization of nil %T", v)
 	}
 
-	if v.Bucket == nil || len(*v.Bucket) == 0 {
-		return &smithy.SerializationError{Err: fmt.Errorf("input member Bucket must not be empty")}
-	}
-	if v.Bucket != nil {
-		if err := encoder.SetURI("Bucket").String(*v.Bucket); err != nil {
-			return err
-		}
-	}
-
 	if v.ExpectedBucketOwner != nil && len(*v.ExpectedBucketOwner) > 0 {
 		locationName := "X-Amz-Expected-Bucket-Owner"
 		encoder.SetHeader(locationName).String(*v.ExpectedBucketOwner)
@@ -5061,11 +5001,18 @@ func (m *awsRestxml_serializeOpPutBucketAccelerateConfiguration) HandleSerialize
 		return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown input parameters type %T", in.Parameters)}
 	}
 
-	opPath, opQuery := httpbinding.SplitURI("/{Bucket}?accelerate")
+	opPath, opQuery := httpbinding.SplitURI("/?accelerate")
 	request.URL.Path = smithyhttp.JoinPath(request.URL.Path, opPath)
 	request.URL.RawQuery = smithyhttp.JoinRawQuery(request.URL.RawQuery, opQuery)
 	request.Method = "PUT"
-	restEncoder, err := httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	var restEncoder *httpbinding.Encoder
+	if request.URL.RawPath == "" {
+		restEncoder, err = httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	} else {
+		request.URL.RawPath = smithyhttp.JoinPath(request.URL.RawPath, opPath)
+		restEncoder, err = httpbinding.NewEncoderWithRawPath(request.URL.Path, request.URL.RawPath, request.URL.RawQuery, request.Header)
+	}
+
 	if err != nil {
 		return out, metadata, &smithy.SerializationError{Err: err}
 	}
@@ -5110,15 +5057,6 @@ func awsRestxml_serializeOpHttpBindingsPutBucketAccelerateConfigurationInput(v *
 		return fmt.Errorf("unsupported serialization of nil %T", v)
 	}
 
-	if v.Bucket == nil || len(*v.Bucket) == 0 {
-		return &smithy.SerializationError{Err: fmt.Errorf("input member Bucket must not be empty")}
-	}
-	if v.Bucket != nil {
-		if err := encoder.SetURI("Bucket").String(*v.Bucket); err != nil {
-			return err
-		}
-	}
-
 	if len(v.ChecksumAlgorithm) > 0 {
 		locationName := "X-Amz-Sdk-Checksum-Algorithm"
 		encoder.SetHeader(locationName).String(string(v.ChecksumAlgorithm))
@@ -5153,11 +5091,18 @@ func (m *awsRestxml_serializeOpPutBucketAcl) HandleSerialize(ctx context.Context
 		return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown input parameters type %T", in.Parameters)}
 	}
 
-	opPath, opQuery := httpbinding.SplitURI("/{Bucket}?acl")
+	opPath, opQuery := httpbinding.SplitURI("/?acl")
 	request.URL.Path = smithyhttp.JoinPath(request.URL.Path, opPath)
 	request.URL.RawQuery = smithyhttp.JoinRawQuery(request.URL.RawQuery, opQuery)
 	request.Method = "PUT"
-	restEncoder, err := httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	var restEncoder *httpbinding.Encoder
+	if request.URL.RawPath == "" {
+		restEncoder, err = httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	} else {
+		request.URL.RawPath = smithyhttp.JoinPath(request.URL.RawPath, opPath)
+		restEncoder, err = httpbinding.NewEncoderWithRawPath(request.URL.Path, request.URL.RawPath, request.URL.RawQuery, request.Header)
+	}
+
 	if err != nil {
 		return out, metadata, &smithy.SerializationError{Err: err}
 	}
@@ -5207,15 +5152,6 @@ func awsRestxml_serializeOpHttpBindingsPutBucketAclInput(v *PutBucketAclInput, e
 		encoder.SetHeader(locationName).String(string(v.ACL))
 	}
 
-	if v.Bucket == nil || len(*v.Bucket) == 0 {
-		return &smithy.SerializationError{Err: fmt.Errorf("input member Bucket must not be empty")}
-	}
-	if v.Bucket != nil {
-		if err := encoder.SetURI("Bucket").String(*v.Bucket); err != nil {
-			return err
-		}
-	}
-
 	if len(v.ChecksumAlgorithm) > 0 {
 		locationName := "X-Amz-Sdk-Checksum-Algorithm"
 		encoder.SetHeader(locationName).String(string(v.ChecksumAlgorithm))
@@ -5280,11 +5216,18 @@ func (m *awsRestxml_serializeOpPutBucketAnalyticsConfiguration) HandleSerialize(
 		return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown input parameters type %T", in.Parameters)}
 	}
 
-	opPath, opQuery := httpbinding.SplitURI("/{Bucket}?analytics")
+	opPath, opQuery := httpbinding.SplitURI("/?analytics")
 	request.URL.Path = smithyhttp.JoinPath(request.URL.Path, opPath)
 	request.URL.RawQuery = smithyhttp.JoinRawQuery(request.URL.RawQuery, opQuery)
 	request.Method = "PUT"
-	restEncoder, err := httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	var restEncoder *httpbinding.Encoder
+	if request.URL.RawPath == "" {
+		restEncoder, err = httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	} else {
+		request.URL.RawPath = smithyhttp.JoinPath(request.URL.RawPath, opPath)
+		restEncoder, err = httpbinding.NewEncoderWithRawPath(request.URL.Path, request.URL.RawPath, request.URL.RawQuery, request.Header)
+	}
+
 	if err != nil {
 		return out, metadata, &smithy.SerializationError{Err: err}
 	}
@@ -5329,15 +5272,6 @@ func awsRestxml_serializeOpHttpBindingsPutBucketAnalyticsConfigurationInput(v *P
 		return fmt.Errorf("unsupported serialization of nil %T", v)
 	}
 
-	if v.Bucket == nil || len(*v.Bucket) == 0 {
-		return &smithy.SerializationError{Err: fmt.Errorf("input member Bucket must not be empty")}
-	}
-	if v.Bucket != nil {
-		if err := encoder.SetURI("Bucket").String(*v.Bucket); err != nil {
-			return err
-		}
-	}
-
 	if v.ExpectedBucketOwner != nil && len(*v.ExpectedBucketOwner) > 0 {
 		locationName := "X-Amz-Expected-Bucket-Owner"
 		encoder.SetHeader(locationName).String(*v.ExpectedBucketOwner)
@@ -5371,11 +5305,18 @@ func (m *awsRestxml_serializeOpPutBucketCors) HandleSerialize(ctx context.Contex
 		return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown input parameters type %T", in.Parameters)}
 	}
 
-	opPath, opQuery := httpbinding.SplitURI("/{Bucket}?cors")
+	opPath, opQuery := httpbinding.SplitURI("/?cors")
 	request.URL.Path = smithyhttp.JoinPath(request.URL.Path, opPath)
 	request.URL.RawQuery = smithyhttp.JoinRawQuery(request.URL.RawQuery, opQuery)
 	request.Method = "PUT"
-	restEncoder, err := httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	var restEncoder *httpbinding.Encoder
+	if request.URL.RawPath == "" {
+		restEncoder, err = httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	} else {
+		request.URL.RawPath = smithyhttp.JoinPath(request.URL.RawPath, opPath)
+		restEncoder, err = httpbinding.NewEncoderWithRawPath(request.URL.Path, request.URL.RawPath, request.URL.RawQuery, request.Header)
+	}
+
 	if err != nil {
 		return out, metadata, &smithy.SerializationError{Err: err}
 	}
@@ -5420,15 +5361,6 @@ func awsRestxml_serializeOpHttpBindingsPutBucketCorsInput(v *PutBucketCorsInput,
 		return fmt.Errorf("unsupported serialization of nil %T", v)
 	}
 
-	if v.Bucket == nil || len(*v.Bucket) == 0 {
-		return &smithy.SerializationError{Err: fmt.Errorf("input member Bucket must not be empty")}
-	}
-	if v.Bucket != nil {
-		if err := encoder.SetURI("Bucket").String(*v.Bucket); err != nil {
-			return err
-		}
-	}
-
 	if len(v.ChecksumAlgorithm) > 0 {
 		locationName := "X-Amz-Sdk-Checksum-Algorithm"
 		encoder.SetHeader(locationName).String(string(v.ChecksumAlgorithm))
@@ -5468,11 +5400,18 @@ func (m *awsRestxml_serializeOpPutBucketEncryption) HandleSerialize(ctx context.
 		return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown input parameters type %T", in.Parameters)}
 	}
 
-	opPath, opQuery := httpbinding.SplitURI("/{Bucket}?encryption")
+	opPath, opQuery := httpbinding.SplitURI("/?encryption")
 	request.URL.Path = smithyhttp.JoinPath(request.URL.Path, opPath)
 	request.URL.RawQuery = smithyhttp.JoinRawQuery(request.URL.RawQuery, opQuery)
 	request.Method = "PUT"
-	restEncoder, err := httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	var restEncoder *httpbinding.Encoder
+	if request.URL.RawPath == "" {
+		restEncoder, err = httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	} else {
+		request.URL.RawPath = smithyhttp.JoinPath(request.URL.RawPath, opPath)
+		restEncoder, err = httpbinding.NewEncoderWithRawPath(request.URL.Path, request.URL.RawPath, request.URL.RawQuery, request.Header)
+	}
+
 	if err != nil {
 		return out, metadata, &smithy.SerializationError{Err: err}
 	}
@@ -5517,15 +5456,6 @@ func awsRestxml_serializeOpHttpBindingsPutBucketEncryptionInput(v *PutBucketEncr
 		return fmt.Errorf("unsupported serialization of nil %T", v)
 	}
 
-	if v.Bucket == nil || len(*v.Bucket) == 0 {
-		return &smithy.SerializationError{Err: fmt.Errorf("input member Bucket must not be empty")}
-	}
-	if v.Bucket != nil {
-		if err := encoder.SetURI("Bucket").String(*v.Bucket); err != nil {
-			return err
-		}
-	}
-
 	if len(v.ChecksumAlgorithm) > 0 {
 		locationName := "X-Amz-Sdk-Checksum-Algorithm"
 		encoder.SetHeader(locationName).String(string(v.ChecksumAlgorithm))
@@ -5565,11 +5495,18 @@ func (m *awsRestxml_serializeOpPutBucketIntelligentTieringConfiguration) HandleS
 		return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown input parameters type %T", in.Parameters)}
 	}
 
-	opPath, opQuery := httpbinding.SplitURI("/{Bucket}?intelligent-tiering")
+	opPath, opQuery := httpbinding.SplitURI("/?intelligent-tiering")
 	request.URL.Path = smithyhttp.JoinPath(request.URL.Path, opPath)
 	request.URL.RawQuery = smithyhttp.JoinRawQuery(request.URL.RawQuery, opQuery)
 	request.Method = "PUT"
-	restEncoder, err := httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	var restEncoder *httpbinding.Encoder
+	if request.URL.RawPath == "" {
+		restEncoder, err = httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	} else {
+		request.URL.RawPath = smithyhttp.JoinPath(request.URL.RawPath, opPath)
+		restEncoder, err = httpbinding.NewEncoderWithRawPath(request.URL.Path, request.URL.RawPath, request.URL.RawQuery, request.Header)
+	}
+
 	if err != nil {
 		return out, metadata, &smithy.SerializationError{Err: err}
 	}
@@ -5614,15 +5551,6 @@ func awsRestxml_serializeOpHttpBindingsPutBucketIntelligentTieringConfigurationI
 		return fmt.Errorf("unsupported serialization of nil %T", v)
 	}
 
-	if v.Bucket == nil || len(*v.Bucket) == 0 {
-		return &smithy.SerializationError{Err: fmt.Errorf("input member Bucket must not be empty")}
-	}
-	if v.Bucket != nil {
-		if err := encoder.SetURI("Bucket").String(*v.Bucket); err != nil {
-			return err
-		}
-	}
-
 	if v.Id != nil {
 		encoder.SetQuery("id").String(*v.Id)
 	}
@@ -5651,11 +5579,18 @@ func (m *awsRestxml_serializeOpPutBucketInventoryConfiguration) HandleSerialize(
 		return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown input parameters type %T", in.Parameters)}
 	}
 
-	opPath, opQuery := httpbinding.SplitURI("/{Bucket}?inventory")
+	opPath, opQuery := httpbinding.SplitURI("/?inventory")
 	request.URL.Path = smithyhttp.JoinPath(request.URL.Path, opPath)
 	request.URL.RawQuery = smithyhttp.JoinRawQuery(request.URL.RawQuery, opQuery)
 	request.Method = "PUT"
-	restEncoder, err := httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	var restEncoder *httpbinding.Encoder
+	if request.URL.RawPath == "" {
+		restEncoder, err = httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	} else {
+		request.URL.RawPath = smithyhttp.JoinPath(request.URL.RawPath, opPath)
+		restEncoder, err = httpbinding.NewEncoderWithRawPath(request.URL.Path, request.URL.RawPath, request.URL.RawQuery, request.Header)
+	}
+
 	if err != nil {
 		return out, metadata, &smithy.SerializationError{Err: err}
 	}
@@ -5700,15 +5635,6 @@ func awsRestxml_serializeOpHttpBindingsPutBucketInventoryConfigurationInput(v *P
 		return fmt.Errorf("unsupported serialization of nil %T", v)
 	}
 
-	if v.Bucket == nil || len(*v.Bucket) == 0 {
-		return &smithy.SerializationError{Err: fmt.Errorf("input member Bucket must not be empty")}
-	}
-	if v.Bucket != nil {
-		if err := encoder.SetURI("Bucket").String(*v.Bucket); err != nil {
-			return err
-		}
-	}
-
 	if v.ExpectedBucketOwner != nil && len(*v.ExpectedBucketOwner) > 0 {
 		locationName := "X-Amz-Expected-Bucket-Owner"
 		encoder.SetHeader(locationName).String(*v.ExpectedBucketOwner)
@@ -5742,11 +5668,18 @@ func (m *awsRestxml_serializeOpPutBucketLifecycleConfiguration) HandleSerialize(
 		return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown input parameters type %T", in.Parameters)}
 	}
 
-	opPath, opQuery := httpbinding.SplitURI("/{Bucket}?lifecycle")
+	opPath, opQuery := httpbinding.SplitURI("/?lifecycle")
 	request.URL.Path = smithyhttp.JoinPath(request.URL.Path, opPath)
 	request.URL.RawQuery = smithyhttp.JoinRawQuery(request.URL.RawQuery, opQuery)
 	request.Method = "PUT"
-	restEncoder, err := httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	var restEncoder *httpbinding.Encoder
+	if request.URL.RawPath == "" {
+		restEncoder, err = httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	} else {
+		request.URL.RawPath = smithyhttp.JoinPath(request.URL.RawPath, opPath)
+		restEncoder, err = httpbinding.NewEncoderWithRawPath(request.URL.Path, request.URL.RawPath, request.URL.RawQuery, request.Header)
+	}
+
 	if err != nil {
 		return out, metadata, &smithy.SerializationError{Err: err}
 	}
@@ -5791,15 +5724,6 @@ func awsRestxml_serializeOpHttpBindingsPutBucketLifecycleConfigurationInput(v *P
 		return fmt.Errorf("unsupported serialization of nil %T", v)
 	}
 
-	if v.Bucket == nil || len(*v.Bucket) == 0 {
-		return &smithy.SerializationError{Err: fmt.Errorf("input member Bucket must not be empty")}
-	}
-	if v.Bucket != nil {
-		if err := encoder.SetURI("Bucket").String(*v.Bucket); err != nil {
-			return err
-		}
-	}
-
 	if len(v.ChecksumAlgorithm) > 0 {
 		locationName := "X-Amz-Sdk-Checksum-Algorithm"
 		encoder.SetHeader(locationName).String(string(v.ChecksumAlgorithm))
@@ -5834,11 +5758,18 @@ func (m *awsRestxml_serializeOpPutBucketLogging) HandleSerialize(ctx context.Con
 		return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown input parameters type %T", in.Parameters)}
 	}
 
-	opPath, opQuery := httpbinding.SplitURI("/{Bucket}?logging")
+	opPath, opQuery := httpbinding.SplitURI("/?logging")
 	request.URL.Path = smithyhttp.JoinPath(request.URL.Path, opPath)
 	request.URL.RawQuery = smithyhttp.JoinRawQuery(request.URL.RawQuery, opQuery)
 	request.Method = "PUT"
-	restEncoder, err := httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	var restEncoder *httpbinding.Encoder
+	if request.URL.RawPath == "" {
+		restEncoder, err = httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	} else {
+		request.URL.RawPath = smithyhttp.JoinPath(request.URL.RawPath, opPath)
+		restEncoder, err = httpbinding.NewEncoderWithRawPath(request.URL.Path, request.URL.RawPath, request.URL.RawQuery, request.Header)
+	}
+
 	if err != nil {
 		return out, metadata, &smithy.SerializationError{Err: err}
 	}
@@ -5883,15 +5814,6 @@ func awsRestxml_serializeOpHttpBindingsPutBucketLoggingInput(v *PutBucketLogging
 		return fmt.Errorf("unsupported serialization of nil %T", v)
 	}
 
-	if v.Bucket == nil || len(*v.Bucket) == 0 {
-		return &smithy.SerializationError{Err: fmt.Errorf("input member Bucket must not be empty")}
-	}
-	if v.Bucket != nil {
-		if err := encoder.SetURI("Bucket").String(*v.Bucket); err != nil {
-			return err
-		}
-	}
-
 	if len(v.ChecksumAlgorithm) > 0 {
 		locationName := "X-Amz-Sdk-Checksum-Algorithm"
 		encoder.SetHeader(locationName).String(string(v.ChecksumAlgorithm))
@@ -5931,11 +5853,18 @@ func (m *awsRestxml_serializeOpPutBucketMetricsConfiguration) HandleSerialize(ct
 		return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown input parameters type %T", in.Parameters)}
 	}
 
-	opPath, opQuery := httpbinding.SplitURI("/{Bucket}?metrics")
+	opPath, opQuery := httpbinding.SplitURI("/?metrics")
 	request.URL.Path = smithyhttp.JoinPath(request.URL.Path, opPath)
 	request.URL.RawQuery = smithyhttp.JoinRawQuery(request.URL.RawQuery, opQuery)
 	request.Method = "PUT"
-	restEncoder, err := httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	var restEncoder *httpbinding.Encoder
+	if request.URL.RawPath == "" {
+		restEncoder, err = httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	} else {
+		request.URL.RawPath = smithyhttp.JoinPath(request.URL.RawPath, opPath)
+		restEncoder, err = httpbinding.NewEncoderWithRawPath(request.URL.Path, request.URL.RawPath, request.URL.RawQuery, request.Header)
+	}
+
 	if err != nil {
 		return out, metadata, &smithy.SerializationError{Err: err}
 	}
@@ -5980,15 +5909,6 @@ func awsRestxml_serializeOpHttpBindingsPutBucketMetricsConfigurationInput(v *Put
 		return fmt.Errorf("unsupported serialization of nil %T", v)
 	}
 
-	if v.Bucket == nil || len(*v.Bucket) == 0 {
-		return &smithy.SerializationError{Err: fmt.Errorf("input member Bucket must not be empty")}
-	}
-	if v.Bucket != nil {
-		if err := encoder.SetURI("Bucket").String(*v.Bucket); err != nil {
-			return err
-		}
-	}
-
 	if v.ExpectedBucketOwner != nil && len(*v.ExpectedBucketOwner) > 0 {
 		locationName := "X-Amz-Expected-Bucket-Owner"
 		encoder.SetHeader(locationName).String(*v.ExpectedBucketOwner)
@@ -6022,11 +5942,18 @@ func (m *awsRestxml_serializeOpPutBucketNotificationConfiguration) HandleSeriali
 		return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown input parameters type %T", in.Parameters)}
 	}
 
-	opPath, opQuery := httpbinding.SplitURI("/{Bucket}?notification")
+	opPath, opQuery := httpbinding.SplitURI("/?notification")
 	request.URL.Path = smithyhttp.JoinPath(request.URL.Path, opPath)
 	request.URL.RawQuery = smithyhttp.JoinRawQuery(request.URL.RawQuery, opQuery)
 	request.Method = "PUT"
-	restEncoder, err := httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	var restEncoder *httpbinding.Encoder
+	if request.URL.RawPath == "" {
+		restEncoder, err = httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	} else {
+		request.URL.RawPath = smithyhttp.JoinPath(request.URL.RawPath, opPath)
+		restEncoder, err = httpbinding.NewEncoderWithRawPath(request.URL.Path, request.URL.RawPath, request.URL.RawQuery, request.Header)
+	}
+
 	if err != nil {
 		return out, metadata, &smithy.SerializationError{Err: err}
 	}
@@ -6071,15 +5998,6 @@ func awsRestxml_serializeOpHttpBindingsPutBucketNotificationConfigurationInput(v
 		return fmt.Errorf("unsupported serialization of nil %T", v)
 	}
 
-	if v.Bucket == nil || len(*v.Bucket) == 0 {
-		return &smithy.SerializationError{Err: fmt.Errorf("input member Bucket must not be empty")}
-	}
-	if v.Bucket != nil {
-		if err := encoder.SetURI("Bucket").String(*v.Bucket); err != nil {
-			return err
-		}
-	}
-
 	if v.ExpectedBucketOwner != nil && len(*v.ExpectedBucketOwner) > 0 {
 		locationName := "X-Amz-Expected-Bucket-Owner"
 		encoder.SetHeader(locationName).String(*v.ExpectedBucketOwner)
@@ -6114,11 +6032,18 @@ func (m *awsRestxml_serializeOpPutBucketOwnershipControls) HandleSerialize(ctx c
 		return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown input parameters type %T", in.Parameters)}
 	}
 
-	opPath, opQuery := httpbinding.SplitURI("/{Bucket}?ownershipControls")
+	opPath, opQuery := httpbinding.SplitURI("/?ownershipControls")
 	request.URL.Path = smithyhttp.JoinPath(request.URL.Path, opPath)
 	request.URL.RawQuery = smithyhttp.JoinRawQuery(request.URL.RawQuery, opQuery)
 	request.Method = "PUT"
-	restEncoder, err := httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	var restEncoder *httpbinding.Encoder
+	if request.URL.RawPath == "" {
+		restEncoder, err = httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	} else {
+		request.URL.RawPath = smithyhttp.JoinPath(request.URL.RawPath, opPath)
+		restEncoder, err = httpbinding.NewEncoderWithRawPath(request.URL.Path, request.URL.RawPath, request.URL.RawQuery, request.Header)
+	}
+
 	if err != nil {
 		return out, metadata, &smithy.SerializationError{Err: err}
 	}
@@ -6163,15 +6088,6 @@ func awsRestxml_serializeOpHttpBindingsPutBucketOwnershipControlsInput(v *PutBuc
 		return fmt.Errorf("unsupported serialization of nil %T", v)
 	}
 
-	if v.Bucket == nil || len(*v.Bucket) == 0 {
-		return &smithy.SerializationError{Err: fmt.Errorf("input member Bucket must not be empty")}
-	}
-	if v.Bucket != nil {
-		if err := encoder.SetURI("Bucket").String(*v.Bucket); err != nil {
-			return err
-		}
-	}
-
 	if v.ContentMD5 != nil && len(*v.ContentMD5) > 0 {
 		locationName := "Content-Md5"
 		encoder.SetHeader(locationName).String(*v.ContentMD5)
@@ -6206,11 +6122,18 @@ func (m *awsRestxml_serializeOpPutBucketPolicy) HandleSerialize(ctx context.Cont
 		return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown input parameters type %T", in.Parameters)}
 	}
 
-	opPath, opQuery := httpbinding.SplitURI("/{Bucket}?policy")
+	opPath, opQuery := httpbinding.SplitURI("/?policy")
 	request.URL.Path = smithyhttp.JoinPath(request.URL.Path, opPath)
 	request.URL.RawQuery = smithyhttp.JoinRawQuery(request.URL.RawQuery, opQuery)
 	request.Method = "PUT"
-	restEncoder, err := httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	var restEncoder *httpbinding.Encoder
+	if request.URL.RawPath == "" {
+		restEncoder, err = httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	} else {
+		request.URL.RawPath = smithyhttp.JoinPath(request.URL.RawPath, opPath)
+		restEncoder, err = httpbinding.NewEncoderWithRawPath(request.URL.Path, request.URL.RawPath, request.URL.RawQuery, request.Header)
+	}
+
 	if err != nil {
 		return out, metadata, &smithy.SerializationError{Err: err}
 	}
@@ -6243,15 +6166,6 @@ func awsRestxml_serializeOpHttpBindingsPutBucketPolicyInput(v *PutBucketPolicyIn
 		return fmt.Errorf("unsupported serialization of nil %T", v)
 	}
 
-	if v.Bucket == nil || len(*v.Bucket) == 0 {
-		return &smithy.SerializationError{Err: fmt.Errorf("input member Bucket must not be empty")}
-	}
-	if v.Bucket != nil {
-		if err := encoder.SetURI("Bucket").String(*v.Bucket); err != nil {
-			return err
-		}
-	}
-
 	if len(v.ChecksumAlgorithm) > 0 {
 		locationName := "X-Amz-Sdk-Checksum-Algorithm"
 		encoder.SetHeader(locationName).String(string(v.ChecksumAlgorithm))
@@ -6296,11 +6210,18 @@ func (m *awsRestxml_serializeOpPutBucketReplication) HandleSerialize(ctx context
 		return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown input parameters type %T", in.Parameters)}
 	}
 
-	opPath, opQuery := httpbinding.SplitURI("/{Bucket}?replication")
+	opPath, opQuery := httpbinding.SplitURI("/?replication")
 	request.URL.Path = smithyhttp.JoinPath(request.URL.Path, opPath)
 	request.URL.RawQuery = smithyhttp.JoinRawQuery(request.URL.RawQuery, opQuery)
 	request.Method = "PUT"
-	restEncoder, err := httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	var restEncoder *httpbinding.Encoder
+	if request.URL.RawPath == "" {
+		restEncoder, err = httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	} else {
+		request.URL.RawPath = smithyhttp.JoinPath(request.URL.RawPath, opPath)
+		restEncoder, err = httpbinding.NewEncoderWithRawPath(request.URL.Path, request.URL.RawPath, request.URL.RawQuery, request.Header)
+	}
+
 	if err != nil {
 		return out, metadata, &smithy.SerializationError{Err: err}
 	}
@@ -6345,15 +6266,6 @@ func awsRestxml_serializeOpHttpBindingsPutBucketReplicationInput(v *PutBucketRep
 		return fmt.Errorf("unsupported serialization of nil %T", v)
 	}
 
-	if v.Bucket == nil || len(*v.Bucket) == 0 {
-		return &smithy.SerializationError{Err: fmt.Errorf("input member Bucket must not be empty")}
-	}
-	if v.Bucket != nil {
-		if err := encoder.SetURI("Bucket").String(*v.Bucket); err != nil {
-			return err
-		}
-	}
-
 	if len(v.ChecksumAlgorithm) > 0 {
 		locationName := "X-Amz-Sdk-Checksum-Algorithm"
 		encoder.SetHeader(locationName).String(string(v.ChecksumAlgorithm))
@@ -6398,11 +6310,18 @@ func (m *awsRestxml_serializeOpPutBucketRequestPayment) HandleSerialize(ctx cont
 		return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown input parameters type %T", in.Parameters)}
 	}
 
-	opPath, opQuery := httpbinding.SplitURI("/{Bucket}?requestPayment")
+	opPath, opQuery := httpbinding.SplitURI("/?requestPayment")
 	request.URL.Path = smithyhttp.JoinPath(request.URL.Path, opPath)
 	request.URL.RawQuery = smithyhttp.JoinRawQuery(request.URL.RawQuery, opQuery)
 	request.Method = "PUT"
-	restEncoder, err := httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	var restEncoder *httpbinding.Encoder
+	if request.URL.RawPath == "" {
+		restEncoder, err = httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	} else {
+		request.URL.RawPath = smithyhttp.JoinPath(request.URL.RawPath, opPath)
+		restEncoder, err = httpbinding.NewEncoderWithRawPath(request.URL.Path, request.URL.RawPath, request.URL.RawQuery, request.Header)
+	}
+
 	if err != nil {
 		return out, metadata, &smithy.SerializationError{Err: err}
 	}
@@ -6447,15 +6366,6 @@ func awsRestxml_serializeOpHttpBindingsPutBucketRequestPaymentInput(v *PutBucket
 		return fmt.Errorf("unsupported serialization of nil %T", v)
 	}
 
-	if v.Bucket == nil || len(*v.Bucket) == 0 {
-		return &smithy.SerializationError{Err: fmt.Errorf("input member Bucket must not be empty")}
-	}
-	if v.Bucket != nil {
-		if err := encoder.SetURI("Bucket").String(*v.Bucket); err != nil {
-			return err
-		}
-	}
-
 	if len(v.ChecksumAlgorithm) > 0 {
 		locationName := "X-Amz-Sdk-Checksum-Algorithm"
 		encoder.SetHeader(locationName).String(string(v.ChecksumAlgorithm))
@@ -6495,11 +6405,18 @@ func (m *awsRestxml_serializeOpPutBucketTagging) HandleSerialize(ctx context.Con
 		return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown input parameters type %T", in.Parameters)}
 	}
 
-	opPath, opQuery := httpbinding.SplitURI("/{Bucket}?tagging")
+	opPath, opQuery := httpbinding.SplitURI("/?tagging")
 	request.URL.Path = smithyhttp.JoinPath(request.URL.Path, opPath)
 	request.URL.RawQuery = smithyhttp.JoinRawQuery(request.URL.RawQuery, opQuery)
 	request.Method = "PUT"
-	restEncoder, err := httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	var restEncoder *httpbinding.Encoder
+	if request.URL.RawPath == "" {
+		restEncoder, err = httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	} else {
+		request.URL.RawPath = smithyhttp.JoinPath(request.URL.RawPath, opPath)
+		restEncoder, err = httpbinding.NewEncoderWithRawPath(request.URL.Path, request.URL.RawPath, request.URL.RawQuery, request.Header)
+	}
+
 	if err != nil {
 		return out, metadata, &smithy.SerializationError{Err: err}
 	}
@@ -6544,15 +6461,6 @@ func awsRestxml_serializeOpHttpBindingsPutBucketTaggingInput(v *PutBucketTagging
 		return fmt.Errorf("unsupported serialization of nil %T", v)
 	}
 
-	if v.Bucket == nil || len(*v.Bucket) == 0 {
-		return &smithy.SerializationError{Err: fmt.Errorf("input member Bucket must not be empty")}
-	}
-	if v.Bucket != nil {
-		if err := encoder.SetURI("Bucket").String(*v.Bucket); err != nil {
-			return err
-		}
-	}
-
 	if len(v.ChecksumAlgorithm) > 0 {
 		locationName := "X-Amz-Sdk-Checksum-Algorithm"
 		encoder.SetHeader(locationName).String(string(v.ChecksumAlgorithm))
@@ -6592,11 +6500,18 @@ func (m *awsRestxml_serializeOpPutBucketVersioning) HandleSerialize(ctx context.
 		return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown input parameters type %T", in.Parameters)}
 	}
 
-	opPath, opQuery := httpbinding.SplitURI("/{Bucket}?versioning")
+	opPath, opQuery := httpbinding.SplitURI("/?versioning")
 	request.URL.Path = smithyhttp.JoinPath(request.URL.Path, opPath)
 	request.URL.RawQuery = smithyhttp.JoinRawQuery(request.URL.RawQuery, opQuery)
 	request.Method = "PUT"
-	restEncoder, err := httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	var restEncoder *httpbinding.Encoder
+	if request.URL.RawPath == "" {
+		restEncoder, err = httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	} else {
+		request.URL.RawPath = smithyhttp.JoinPath(request.URL.RawPath, opPath)
+		restEncoder, err = httpbinding.NewEncoderWithRawPath(request.URL.Path, request.URL.RawPath, request.URL.RawQuery, request.Header)
+	}
+
 	if err != nil {
 		return out, metadata, &smithy.SerializationError{Err: err}
 	}
@@ -6641,15 +6556,6 @@ func awsRestxml_serializeOpHttpBindingsPutBucketVersioningInput(v *PutBucketVers
 		return fmt.Errorf("unsupported serialization of nil %T", v)
 	}
 
-	if v.Bucket == nil || len(*v.Bucket) == 0 {
-		return &smithy.SerializationError{Err: fmt.Errorf("input member Bucket must not be empty")}
-	}
-	if v.Bucket != nil {
-		if err := encoder.SetURI("Bucket").String(*v.Bucket); err != nil {
-			return err
-		}
-	}
-
 	if len(v.ChecksumAlgorithm) > 0 {
 		locationName := "X-Amz-Sdk-Checksum-Algorithm"
 		encoder.SetHeader(locationName).String(string(v.ChecksumAlgorithm))
@@ -6694,11 +6600,18 @@ func (m *awsRestxml_serializeOpPutBucketWebsite) HandleSerialize(ctx context.Con
 		return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown input parameters type %T", in.Parameters)}
 	}
 
-	opPath, opQuery := httpbinding.SplitURI("/{Bucket}?website")
+	opPath, opQuery := httpbinding.SplitURI("/?website")
 	request.URL.Path = smithyhttp.JoinPath(request.URL.Path, opPath)
 	request.URL.RawQuery = smithyhttp.JoinRawQuery(request.URL.RawQuery, opQuery)
 	request.Method = "PUT"
-	restEncoder, err := httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	var restEncoder *httpbinding.Encoder
+	if request.URL.RawPath == "" {
+		restEncoder, err = httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	} else {
+		request.URL.RawPath = smithyhttp.JoinPath(request.URL.RawPath, opPath)
+		restEncoder, err = httpbinding.NewEncoderWithRawPath(request.URL.Path, request.URL.RawPath, request.URL.RawQuery, request.Header)
+	}
+
 	if err != nil {
 		return out, metadata, &smithy.SerializationError{Err: err}
 	}
@@ -6743,15 +6656,6 @@ func awsRestxml_serializeOpHttpBindingsPutBucketWebsiteInput(v *PutBucketWebsite
 		return fmt.Errorf("unsupported serialization of nil %T", v)
 	}
 
-	if v.Bucket == nil || len(*v.Bucket) == 0 {
-		return &smithy.SerializationError{Err: fmt.Errorf("input member Bucket must not be empty")}
-	}
-	if v.Bucket != nil {
-		if err := encoder.SetURI("Bucket").String(*v.Bucket); err != nil {
-			return err
-		}
-	}
-
 	if len(v.ChecksumAlgorithm) > 0 {
 		locationName := "X-Amz-Sdk-Checksum-Algorithm"
 		encoder.SetHeader(locationName).String(string(v.ChecksumAlgorithm))
@@ -6791,11 +6695,18 @@ func (m *awsRestxml_serializeOpPutObject) HandleSerialize(ctx context.Context, i
 		return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown input parameters type %T", in.Parameters)}
 	}
 
-	opPath, opQuery := httpbinding.SplitURI("/{Bucket}/{Key+}?x-id=PutObject")
+	opPath, opQuery := httpbinding.SplitURI("/{Key+}?x-id=PutObject")
 	request.URL.Path = smithyhttp.JoinPath(request.URL.Path, opPath)
 	request.URL.RawQuery = smithyhttp.JoinRawQuery(request.URL.RawQuery, opQuery)
 	request.Method = "PUT"
-	restEncoder, err := httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	var restEncoder *httpbinding.Encoder
+	if request.URL.RawPath == "" {
+		restEncoder, err = httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	} else {
+		request.URL.RawPath = smithyhttp.JoinPath(request.URL.RawPath, opPath)
+		restEncoder, err = httpbinding.NewEncoderWithRawPath(request.URL.Path, request.URL.RawPath, request.URL.RawQuery, request.Header)
+	}
+
 	if err != nil {
 		return out, metadata, &smithy.SerializationError{Err: err}
 	}
@@ -6833,15 +6744,6 @@ func awsRestxml_serializeOpHttpBindingsPutObjectInput(v *PutObjectInput, encoder
 		encoder.SetHeader(locationName).String(string(v.ACL))
 	}
 
-	if v.Bucket == nil || len(*v.Bucket) == 0 {
-		return &smithy.SerializationError{Err: fmt.Errorf("input member Bucket must not be empty")}
-	}
-	if v.Bucket != nil {
-		if err := encoder.SetURI("Bucket").String(*v.Bucket); err != nil {
-			return err
-		}
-	}
-
 	if v.BucketKeyEnabled {
 		locationName := "X-Amz-Server-Side-Encryption-Bucket-Key-Enabled"
 		encoder.SetHeader(locationName).Boolean(v.BucketKeyEnabled)
@@ -7044,11 +6946,18 @@ func (m *awsRestxml_serializeOpPutObjectAcl) HandleSerialize(ctx context.Context
 		return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown input parameters type %T", in.Parameters)}
 	}
 
-	opPath, opQuery := httpbinding.SplitURI("/{Bucket}/{Key+}?acl")
+	opPath, opQuery := httpbinding.SplitURI("/{Key+}?acl")
 	request.URL.Path = smithyhttp.JoinPath(request.URL.Path, opPath)
 	request.URL.RawQuery = smithyhttp.JoinRawQuery(request.URL.RawQuery, opQuery)
 	request.Method = "PUT"
-	restEncoder, err := httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	var restEncoder *httpbinding.Encoder
+	if request.URL.RawPath == "" {
+		restEncoder, err = httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	} else {
+		request.URL.RawPath = smithyhttp.JoinPath(request.URL.RawPath, opPath)
+		restEncoder, err = httpbinding.NewEncoderWithRawPath(request.URL.Path, request.URL.RawPath, request.URL.RawQuery, request.Header)
+	}
+
 	if err != nil {
 		return out, metadata, &smithy.SerializationError{Err: err}
 	}
@@ -7098,15 +7007,6 @@ func awsRestxml_serializeOpHttpBindingsPutObjectAclInput(v *PutObjectAclInput, e
 		encoder.SetHeader(locationName).String(string(v.ACL))
 	}
 
-	if v.Bucket == nil || len(*v.Bucket) == 0 {
-		return &smithy.SerializationError{Err: fmt.Errorf("input member Bucket must not be empty")}
-	}
-	if v.Bucket != nil {
-		if err := encoder.SetURI("Bucket").String(*v.Bucket); err != nil {
-			return err
-		}
-	}
-
 	if len(v.ChecksumAlgorithm) > 0 {
 		locationName := "X-Amz-Sdk-Checksum-Algorithm"
 		encoder.SetHeader(locationName).String(string(v.ChecksumAlgorithm))
@@ -7189,11 +7089,18 @@ func (m *awsRestxml_serializeOpPutObjectLegalHold) HandleSerialize(ctx context.C
 		return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown input parameters type %T", in.Parameters)}
 	}
 
-	opPath, opQuery := httpbinding.SplitURI("/{Bucket}/{Key+}?legal-hold")
+	opPath, opQuery := httpbinding.SplitURI("/{Key+}?legal-hold")
 	request.URL.Path = smithyhttp.JoinPath(request.URL.Path, opPath)
 	request.URL.RawQuery = smithyhttp.JoinRawQuery(request.URL.RawQuery, opQuery)
 	request.Method = "PUT"
-	restEncoder, err := httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	var restEncoder *httpbinding.Encoder
+	if request.URL.RawPath == "" {
+		restEncoder, err = httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	} else {
+		request.URL.RawPath = smithyhttp.JoinPath(request.URL.RawPath, opPath)
+		restEncoder, err = httpbinding.NewEncoderWithRawPath(request.URL.Path, request.URL.RawPath, request.URL.RawQuery, request.Header)
+	}
+
 	if err != nil {
 		return out, metadata, &smithy.SerializationError{Err: err}
 	}
@@ -7238,15 +7145,6 @@ func awsRestxml_serializeOpHttpBindingsPutObjectLegalHoldInput(v *PutObjectLegal
 		return fmt.Errorf("unsupported serialization of nil %T", v)
 	}
 
-	if v.Bucket == nil || len(*v.Bucket) == 0 {
-		return &smithy.SerializationError{Err: fmt.Errorf("input member Bucket must not be empty")}
-	}
-	if v.Bucket != nil {
-		if err := encoder.SetURI("Bucket").String(*v.Bucket); err != nil {
-			return err
-		}
-	}
-
 	if len(v.ChecksumAlgorithm) > 0 {
 		locationName := "X-Amz-Sdk-Checksum-Algorithm"
 		encoder.SetHeader(locationName).String(string(v.ChecksumAlgorithm))
@@ -7304,11 +7202,18 @@ func (m *awsRestxml_serializeOpPutObjectLockConfiguration) HandleSerialize(ctx c
 		return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown input parameters type %T", in.Parameters)}
 	}
 
-	opPath, opQuery := httpbinding.SplitURI("/{Bucket}?object-lock")
+	opPath, opQuery := httpbinding.SplitURI("/?object-lock")
 	request.URL.Path = smithyhttp.JoinPath(request.URL.Path, opPath)
 	request.URL.RawQuery = smithyhttp.JoinRawQuery(request.URL.RawQuery, opQuery)
 	request.Method = "PUT"
-	restEncoder, err := httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	var restEncoder *httpbinding.Encoder
+	if request.URL.RawPath == "" {
+		restEncoder, err = httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	} else {
+		request.URL.RawPath = smithyhttp.JoinPath(request.URL.RawPath, opPath)
+		restEncoder, err = httpbinding.NewEncoderWithRawPath(request.URL.Path, request.URL.RawPath, request.URL.RawQuery, request.Header)
+	}
+
 	if err != nil {
 		return out, metadata, &smithy.SerializationError{Err: err}
 	}
@@ -7353,15 +7258,6 @@ func awsRestxml_serializeOpHttpBindingsPutObjectLockConfigurationInput(v *PutObj
 		return fmt.Errorf("unsupported serialization of nil %T", v)
 	}
 
-	if v.Bucket == nil || len(*v.Bucket) == 0 {
-		return &smithy.SerializationError{Err: fmt.Errorf("input member Bucket must not be empty")}
-	}
-	if v.Bucket != nil {
-		if err := encoder.SetURI("Bucket").String(*v.Bucket); err != nil {
-			return err
-		}
-	}
-
 	if len(v.ChecksumAlgorithm) > 0 {
 		locationName := "X-Amz-Sdk-Checksum-Algorithm"
 		encoder.SetHeader(locationName).String(string(v.ChecksumAlgorithm))
@@ -7411,11 +7307,18 @@ func (m *awsRestxml_serializeOpPutObjectRetention) HandleSerialize(ctx context.C
 		return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown input parameters type %T", in.Parameters)}
 	}
 
-	opPath, opQuery := httpbinding.SplitURI("/{Bucket}/{Key+}?retention")
+	opPath, opQuery := httpbinding.SplitURI("/{Key+}?retention")
 	request.URL.Path = smithyhttp.JoinPath(request.URL.Path, opPath)
 	request.URL.RawQuery = smithyhttp.JoinRawQuery(request.URL.RawQuery, opQuery)
 	request.Method = "PUT"
-	restEncoder, err := httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	var restEncoder *httpbinding.Encoder
+	if request.URL.RawPath == "" {
+		restEncoder, err = httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	} else {
+		request.URL.RawPath = smithyhttp.JoinPath(request.URL.RawPath, opPath)
+		restEncoder, err = httpbinding.NewEncoderWithRawPath(request.URL.Path, request.URL.RawPath, request.URL.RawQuery, request.Header)
+	}
+
 	if err != nil {
 		return out, metadata, &smithy.SerializationError{Err: err}
 	}
@@ -7460,15 +7363,6 @@ func awsRestxml_serializeOpHttpBindingsPutObjectRetentionInput(v *PutObjectReten
 		return fmt.Errorf("unsupported serialization of nil %T", v)
 	}
 
-	if v.Bucket == nil || len(*v.Bucket) == 0 {
-		return &smithy.SerializationError{Err: fmt.Errorf("input member Bucket must not be empty")}
-	}
-	if v.Bucket != nil {
-		if err := encoder.SetURI("Bucket").String(*v.Bucket); err != nil {
-			return err
-		}
-	}
-
 	if v.BypassGovernanceRetention {
 		locationName := "X-Amz-Bypass-Governance-Retention"
 		encoder.SetHeader(locationName).Boolean(v.BypassGovernanceRetention)
@@ -7531,11 +7425,18 @@ func (m *awsRestxml_serializeOpPutObjectTagging) HandleSerialize(ctx context.Con
 		return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown input parameters type %T", in.Parameters)}
 	}
 
-	opPath, opQuery := httpbinding.SplitURI("/{Bucket}/{Key+}?tagging")
+	opPath, opQuery := httpbinding.SplitURI("/{Key+}?tagging")
 	request.URL.Path = smithyhttp.JoinPath(request.URL.Path, opPath)
 	request.URL.RawQuery = smithyhttp.JoinRawQuery(request.URL.RawQuery, opQuery)
 	request.Method = "PUT"
-	restEncoder, err := httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	var restEncoder *httpbinding.Encoder
+	if request.URL.RawPath == "" {
+		restEncoder, err = httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	} else {
+		request.URL.RawPath = smithyhttp.JoinPath(request.URL.RawPath, opPath)
+		restEncoder, err = httpbinding.NewEncoderWithRawPath(request.URL.Path, request.URL.RawPath, request.URL.RawQuery, request.Header)
+	}
+
 	if err != nil {
 		return out, metadata, &smithy.SerializationError{Err: err}
 	}
@@ -7580,15 +7481,6 @@ func awsRestxml_serializeOpHttpBindingsPutObjectTaggingInput(v *PutObjectTagging
 		return fmt.Errorf("unsupported serialization of nil %T", v)
 	}
 
-	if v.Bucket == nil || len(*v.Bucket) == 0 {
-		return &smithy.SerializationError{Err: fmt.Errorf("input member Bucket must not be empty")}
-	}
-	if v.Bucket != nil {
-		if err := encoder.SetURI("Bucket").String(*v.Bucket); err != nil {
-			return err
-		}
-	}
-
 	if len(v.ChecksumAlgorithm) > 0 {
 		locationName := "X-Amz-Sdk-Checksum-Algorithm"
 		encoder.SetHeader(locationName).String(string(v.ChecksumAlgorithm))
@@ -7646,11 +7538,18 @@ func (m *awsRestxml_serializeOpPutPublicAccessBlock) HandleSerialize(ctx context
 		return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown input parameters type %T", in.Parameters)}
 	}
 
-	opPath, opQuery := httpbinding.SplitURI("/{Bucket}?publicAccessBlock")
+	opPath, opQuery := httpbinding.SplitURI("/?publicAccessBlock")
 	request.URL.Path = smithyhttp.JoinPath(request.URL.Path, opPath)
 	request.URL.RawQuery = smithyhttp.JoinRawQuery(request.URL.RawQuery, opQuery)
 	request.Method = "PUT"
-	restEncoder, err := httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	var restEncoder *httpbinding.Encoder
+	if request.URL.RawPath == "" {
+		restEncoder, err = httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	} else {
+		request.URL.RawPath = smithyhttp.JoinPath(request.URL.RawPath, opPath)
+		restEncoder, err = httpbinding.NewEncoderWithRawPath(request.URL.Path, request.URL.RawPath, request.URL.RawQuery, request.Header)
+	}
+
 	if err != nil {
 		return out, metadata, &smithy.SerializationError{Err: err}
 	}
@@ -7695,15 +7594,6 @@ func awsRestxml_serializeOpHttpBindingsPutPublicAccessBlockInput(v *PutPublicAcc
 		return fmt.Errorf("unsupported serialization of nil %T", v)
 	}
 
-	if v.Bucket == nil || len(*v.Bucket) == 0 {
-		return &smithy.SerializationError{Err: fmt.Errorf("input member Bucket must not be empty")}
-	}
-	if v.Bucket != nil {
-		if err := encoder.SetURI("Bucket").String(*v.Bucket); err != nil {
-			return err
-		}
-	}
-
 	if len(v.ChecksumAlgorithm) > 0 {
 		locationName := "X-Amz-Sdk-Checksum-Algorithm"
 		encoder.SetHeader(locationName).String(string(v.ChecksumAlgorithm))
@@ -7743,11 +7633,18 @@ func (m *awsRestxml_serializeOpRestoreObject) HandleSerialize(ctx context.Contex
 		return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown input parameters type %T", in.Parameters)}
 	}
 
-	opPath, opQuery := httpbinding.SplitURI("/{Bucket}/{Key+}?restore&x-id=RestoreObject")
+	opPath, opQuery := httpbinding.SplitURI("/{Key+}?restore&x-id=RestoreObject")
 	request.URL.Path = smithyhttp.JoinPath(request.URL.Path, opPath)
 	request.URL.RawQuery = smithyhttp.JoinRawQuery(request.URL.RawQuery, opQuery)
 	request.Method = "POST"
-	restEncoder, err := httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	var restEncoder *httpbinding.Encoder
+	if request.URL.RawPath == "" {
+		restEncoder, err = httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	} else {
+		request.URL.RawPath = smithyhttp.JoinPath(request.URL.RawPath, opPath)
+		restEncoder, err = httpbinding.NewEncoderWithRawPath(request.URL.Path, request.URL.RawPath, request.URL.RawQuery, request.Header)
+	}
+
 	if err != nil {
 		return out, metadata, &smithy.SerializationError{Err: err}
 	}
@@ -7792,15 +7689,6 @@ func awsRestxml_serializeOpHttpBindingsRestoreObjectInput(v *RestoreObjectInput,
 		return fmt.Errorf("unsupported serialization of nil %T", v)
 	}
 
-	if v.Bucket == nil || len(*v.Bucket) == 0 {
-		return &smithy.SerializationError{Err: fmt.Errorf("input member Bucket must not be empty")}
-	}
-	if v.Bucket != nil {
-		if err := encoder.SetURI("Bucket").String(*v.Bucket); err != nil {
-			return err
-		}
-	}
-
 	if len(v.ChecksumAlgorithm) > 0 {
 		locationName := "X-Amz-Sdk-Checksum-Algorithm"
 		encoder.SetHeader(locationName).String(string(v.ChecksumAlgorithm))
@@ -7853,11 +7741,18 @@ func (m *awsRestxml_serializeOpSelectObjectContent) HandleSerialize(ctx context.
 		return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown input parameters type %T", in.Parameters)}
 	}
 
-	opPath, opQuery := httpbinding.SplitURI("/{Bucket}/{Key+}?select&select-type=2&x-id=SelectObjectContent")
+	opPath, opQuery := httpbinding.SplitURI("/{Key+}?select&select-type=2&x-id=SelectObjectContent")
 	request.URL.Path = smithyhttp.JoinPath(request.URL.Path, opPath)
 	request.URL.RawQuery = smithyhttp.JoinRawQuery(request.URL.RawQuery, opQuery)
 	request.Method = "POST"
-	restEncoder, err := httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	var restEncoder *httpbinding.Encoder
+	if request.URL.RawPath == "" {
+		restEncoder, err = httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	} else {
+		request.URL.RawPath = smithyhttp.JoinPath(request.URL.RawPath, opPath)
+		restEncoder, err = httpbinding.NewEncoderWithRawPath(request.URL.Path, request.URL.RawPath, request.URL.RawQuery, request.Header)
+	}
+
 	if err != nil {
 		return out, metadata, &smithy.SerializationError{Err: err}
 	}
@@ -7896,15 +7791,6 @@ func awsRestxml_serializeOpHttpBindingsSelectObjectContentInput(v *SelectObjectC
 		return fmt.Errorf("unsupported serialization of nil %T", v)
 	}
 
-	if v.Bucket == nil || len(*v.Bucket) == 0 {
-		return &smithy.SerializationError{Err: fmt.Errorf("input member Bucket must not be empty")}
-	}
-	if v.Bucket != nil {
-		if err := encoder.SetURI("Bucket").String(*v.Bucket); err != nil {
-			return err
-		}
-	}
-
 	if v.ExpectedBucketOwner != nil && len(*v.ExpectedBucketOwner) > 0 {
 		locationName := "X-Amz-Expected-Bucket-Owner"
 		encoder.SetHeader(locationName).String(*v.ExpectedBucketOwner)
@@ -8037,11 +7923,18 @@ func (m *awsRestxml_serializeOpUploadPart) HandleSerialize(ctx context.Context,
 		return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown input parameters type %T", in.Parameters)}
 	}
 
-	opPath, opQuery := httpbinding.SplitURI("/{Bucket}/{Key+}?x-id=UploadPart")
+	opPath, opQuery := httpbinding.SplitURI("/{Key+}?x-id=UploadPart")
 	request.URL.Path = smithyhttp.JoinPath(request.URL.Path, opPath)
 	request.URL.RawQuery = smithyhttp.JoinRawQuery(request.URL.RawQuery, opQuery)
 	request.Method = "PUT"
-	restEncoder, err := httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	var restEncoder *httpbinding.Encoder
+	if request.URL.RawPath == "" {
+		restEncoder, err = httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	} else {
+		request.URL.RawPath = smithyhttp.JoinPath(request.URL.RawPath, opPath)
+		restEncoder, err = httpbinding.NewEncoderWithRawPath(request.URL.Path, request.URL.RawPath, request.URL.RawQuery, request.Header)
+	}
+
 	if err != nil {
 		return out, metadata, &smithy.SerializationError{Err: err}
 	}
@@ -8074,15 +7967,6 @@ func awsRestxml_serializeOpHttpBindingsUploadPartInput(v *UploadPartInput, encod
 		return fmt.Errorf("unsupported serialization of nil %T", v)
 	}
 
-	if v.Bucket == nil || len(*v.Bucket) == 0 {
-		return &smithy.SerializationError{Err: fmt.Errorf("input member Bucket must not be empty")}
-	}
-	if v.Bucket != nil {
-		if err := encoder.SetURI("Bucket").String(*v.Bucket); err != nil {
-			return err
-		}
-	}
-
 	if len(v.ChecksumAlgorithm) > 0 {
 		locationName := "X-Amz-Sdk-Checksum-Algorithm"
 		encoder.SetHeader(locationName).String(string(v.ChecksumAlgorithm))
@@ -8184,11 +8068,18 @@ func (m *awsRestxml_serializeOpUploadPartCopy) HandleSerialize(ctx context.Conte
 		return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown input parameters type %T", in.Parameters)}
 	}
 
-	opPath, opQuery := httpbinding.SplitURI("/{Bucket}/{Key+}?x-id=UploadPartCopy")
+	opPath, opQuery := httpbinding.SplitURI("/{Key+}?x-id=UploadPartCopy")
 	request.URL.Path = smithyhttp.JoinPath(request.URL.Path, opPath)
 	request.URL.RawQuery = smithyhttp.JoinRawQuery(request.URL.RawQuery, opQuery)
 	request.Method = "PUT"
-	restEncoder, err := httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	var restEncoder *httpbinding.Encoder
+	if request.URL.RawPath == "" {
+		restEncoder, err = httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	} else {
+		request.URL.RawPath = smithyhttp.JoinPath(request.URL.RawPath, opPath)
+		restEncoder, err = httpbinding.NewEncoderWithRawPath(request.URL.Path, request.URL.RawPath, request.URL.RawQuery, request.Header)
+	}
+
 	if err != nil {
 		return out, metadata, &smithy.SerializationError{Err: err}
 	}
@@ -8209,15 +8100,6 @@ func awsRestxml_serializeOpHttpBindingsUploadPartCopyInput(v *UploadPartCopyInpu
 		return fmt.Errorf("unsupported serialization of nil %T", v)
 	}
 
-	if v.Bucket == nil || len(*v.Bucket) == 0 {
-		return &smithy.SerializationError{Err: fmt.Errorf("input member Bucket must not be empty")}
-	}
-	if v.Bucket != nil {
-		if err := encoder.SetURI("Bucket").String(*v.Bucket); err != nil {
-			return err
-		}
-	}
-
 	if v.CopySource != nil && len(*v.CopySource) > 0 {
 		locationName := "X-Amz-Copy-Source"
 		encoder.SetHeader(locationName).String(*v.CopySource)
@@ -8338,7 +8220,14 @@ func (m *awsRestxml_serializeOpWriteGetObjectResponse) HandleSerialize(ctx conte
 	request.URL.Path = smithyhttp.JoinPath(request.URL.Path, opPath)
 	request.URL.RawQuery = smithyhttp.JoinRawQuery(request.URL.RawQuery, opQuery)
 	request.Method = "POST"
-	restEncoder, err := httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	var restEncoder *httpbinding.Encoder
+	if request.URL.RawPath == "" {
+		restEncoder, err = httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	} else {
+		request.URL.RawPath = smithyhttp.JoinPath(request.URL.RawPath, opPath)
+		restEncoder, err = httpbinding.NewEncoderWithRawPath(request.URL.Path, request.URL.RawPath, request.URL.RawQuery, request.Header)
+	}
+
 	if err != nil {
 		return out, metadata, &smithy.SerializationError{Err: err}
 	}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/types/enums.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/types/enums.go
index 5b5254083..613da169d 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/types/enums.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/types/enums.go
@@ -88,6 +88,7 @@ const (
 	BucketLocationConstraintApSouth1     BucketLocationConstraint = "ap-south-1"
 	BucketLocationConstraintApSoutheast1 BucketLocationConstraint = "ap-southeast-1"
 	BucketLocationConstraintApSoutheast2 BucketLocationConstraint = "ap-southeast-2"
+	BucketLocationConstraintApSoutheast3 BucketLocationConstraint = "ap-southeast-3"
 	BucketLocationConstraintCaCentral1   BucketLocationConstraint = "ca-central-1"
 	BucketLocationConstraintCnNorth1     BucketLocationConstraint = "cn-north-1"
 	BucketLocationConstraintCnNorthwest1 BucketLocationConstraint = "cn-northwest-1"
@@ -105,11 +106,13 @@ const (
 	BucketLocationConstraintUsGovWest1   BucketLocationConstraint = "us-gov-west-1"
 	BucketLocationConstraintUsWest1      BucketLocationConstraint = "us-west-1"
 	BucketLocationConstraintUsWest2      BucketLocationConstraint = "us-west-2"
+	BucketLocationConstraintApSouth2     BucketLocationConstraint = "ap-south-2"
+	BucketLocationConstraintEuSouth2     BucketLocationConstraint = "eu-south-2"
 )
 
-// Values returns all known values for BucketLocationConstraint. Note that this can
-// be expanded in the future, and so it is only as up to date as the client. The
-// ordering of this slice is not guaranteed to be stable across updates.
+// Values returns all known values for BucketLocationConstraint. Note that this
+// can be expanded in the future, and so it is only as up to date as the client.
+// The ordering of this slice is not guaranteed to be stable across updates.
 func (BucketLocationConstraint) Values() []BucketLocationConstraint {
 	return []BucketLocationConstraint{
 		"af-south-1",
@@ -120,6 +123,7 @@ func (BucketLocationConstraint) Values() []BucketLocationConstraint {
 		"ap-south-1",
 		"ap-southeast-1",
 		"ap-southeast-2",
+		"ap-southeast-3",
 		"ca-central-1",
 		"cn-north-1",
 		"cn-northwest-1",
@@ -137,6 +141,8 @@ func (BucketLocationConstraint) Values() []BucketLocationConstraint {
 		"us-gov-west-1",
 		"us-west-1",
 		"us-west-2",
+		"ap-south-2",
+		"eu-south-2",
 	}
 }
 
@@ -207,9 +213,9 @@ const (
 	ChecksumModeEnabled ChecksumMode = "ENABLED"
 )
 
-// Values returns all known values for ChecksumMode. Note that this can be expanded
-// in the future, and so it is only as up to date as the client. The ordering of
-// this slice is not guaranteed to be stable across updates.
+// Values returns all known values for ChecksumMode. Note that this can be
+// expanded in the future, and so it is only as up to date as the client. The
+// ordering of this slice is not guaranteed to be stable across updates.
 func (ChecksumMode) Values() []ChecksumMode {
 	return []ChecksumMode{
 		"ENABLED",
@@ -262,9 +268,9 @@ const (
 	EncodingTypeUrl EncodingType = "url"
 )
 
-// Values returns all known values for EncodingType. Note that this can be expanded
-// in the future, and so it is only as up to date as the client. The ordering of
-// this slice is not guaranteed to be stable across updates.
+// Values returns all known values for EncodingType. Note that this can be
+// expanded in the future, and so it is only as up to date as the client. The
+// ordering of this slice is not guaranteed to be stable across updates.
 func (EncodingType) Values() []EncodingType {
 	return []EncodingType{
 		"url",
@@ -273,8 +279,39 @@ func (EncodingType) Values() []EncodingType {
 
 type Event string
 
-// Values returns all known values for Event. Note that this can be expanded in the
-// future, and so it is only as up to date as the client. The ordering of this
+// Enum values for Event
+const (
+	EventS3ReducedRedundancyLostObject                  Event = "s3:ReducedRedundancyLostObject"
+	EventS3ObjectCreated                                Event = "s3:ObjectCreated:*"
+	EventS3ObjectCreatedPut                             Event = "s3:ObjectCreated:Put"
+	EventS3ObjectCreatedPost                            Event = "s3:ObjectCreated:Post"
+	EventS3ObjectCreatedCopy                            Event = "s3:ObjectCreated:Copy"
+	EventS3ObjectCreatedCompleteMultipartUpload         Event = "s3:ObjectCreated:CompleteMultipartUpload"
+	EventS3ObjectRemoved                                Event = "s3:ObjectRemoved:*"
+	EventS3ObjectRemovedDelete                          Event = "s3:ObjectRemoved:Delete"
+	EventS3ObjectRemovedDeleteMarkerCreated             Event = "s3:ObjectRemoved:DeleteMarkerCreated"
+	EventS3ObjectRestore                                Event = "s3:ObjectRestore:*"
+	EventS3ObjectRestorePost                            Event = "s3:ObjectRestore:Post"
+	EventS3ObjectRestoreCompleted                       Event = "s3:ObjectRestore:Completed"
+	EventS3Replication                                  Event = "s3:Replication:*"
+	EventS3ReplicationOperationFailedReplication        Event = "s3:Replication:OperationFailedReplication"
+	EventS3ReplicationOperationNotTracked               Event = "s3:Replication:OperationNotTracked"
+	EventS3ReplicationOperationMissedThreshold          Event = "s3:Replication:OperationMissedThreshold"
+	EventS3ReplicationOperationReplicatedAfterThreshold Event = "s3:Replication:OperationReplicatedAfterThreshold"
+	EventS3ObjectRestoreDelete                          Event = "s3:ObjectRestore:Delete"
+	EventS3LifecycleTransition                          Event = "s3:LifecycleTransition"
+	EventS3IntelligentTiering                           Event = "s3:IntelligentTiering"
+	EventS3ObjectAclPut                                 Event = "s3:ObjectAcl:Put"
+	EventS3LifecycleExpiration                          Event = "s3:LifecycleExpiration:*"
+	EventS3LifecycleExpirationDelete                    Event = "s3:LifecycleExpiration:Delete"
+	EventS3LifecycleExpirationDeleteMarkerCreated       Event = "s3:LifecycleExpiration:DeleteMarkerCreated"
+	EventS3ObjectTagging                                Event = "s3:ObjectTagging:*"
+	EventS3ObjectTaggingPut                             Event = "s3:ObjectTagging:Put"
+	EventS3ObjectTaggingDelete                          Event = "s3:ObjectTagging:Delete"
+)
+
+// Values returns all known values for Event. Note that this can be expanded in
+// the future, and so it is only as up to date as the client. The ordering of this
 // slice is not guaranteed to be stable across updates.
 func (Event) Values() []Event {
 	return []Event{
@@ -407,9 +444,10 @@ const (
 	IntelligentTieringAccessTierDeepArchiveAccess IntelligentTieringAccessTier = "DEEP_ARCHIVE_ACCESS"
 )
 
-// Values returns all known values for IntelligentTieringAccessTier. Note that this
-// can be expanded in the future, and so it is only as up to date as the client.
-// The ordering of this slice is not guaranteed to be stable across updates.
+// Values returns all known values for IntelligentTieringAccessTier. Note that
+// this can be expanded in the future, and so it is only as up to date as the
+// client. The ordering of this slice is not guaranteed to be stable across
+// updates.
 func (IntelligentTieringAccessTier) Values() []IntelligentTieringAccessTier {
 	return []IntelligentTieringAccessTier{
 		"ARCHIVE_ACCESS",
@@ -425,9 +463,9 @@ const (
 	IntelligentTieringStatusDisabled IntelligentTieringStatus = "Disabled"
 )
 
-// Values returns all known values for IntelligentTieringStatus. Note that this can
-// be expanded in the future, and so it is only as up to date as the client. The
-// ordering of this slice is not guaranteed to be stable across updates.
+// Values returns all known values for IntelligentTieringStatus. Note that this
+// can be expanded in the future, and so it is only as up to date as the client.
+// The ordering of this slice is not guaranteed to be stable across updates.
 func (IntelligentTieringStatus) Values() []IntelligentTieringStatus {
 	return []IntelligentTieringStatus{
 		"Enabled",
@@ -509,6 +547,8 @@ const (
 	InventoryOptionalFieldIntelligentTieringAccessTier InventoryOptionalField = "IntelligentTieringAccessTier"
 	InventoryOptionalFieldBucketKeyStatus              InventoryOptionalField = "BucketKeyStatus"
 	InventoryOptionalFieldChecksumAlgorithm            InventoryOptionalField = "ChecksumAlgorithm"
+	InventoryOptionalFieldObjectAccessControlList      InventoryOptionalField = "ObjectAccessControlList"
+	InventoryOptionalFieldObjectOwner                  InventoryOptionalField = "ObjectOwner"
 )
 
 // Values returns all known values for InventoryOptionalField. Note that this can
@@ -529,6 +569,8 @@ func (InventoryOptionalField) Values() []InventoryOptionalField {
 		"IntelligentTieringAccessTier",
 		"BucketKeyStatus",
 		"ChecksumAlgorithm",
+		"ObjectAccessControlList",
+		"ObjectOwner",
 	}
 }
 
@@ -594,9 +636,9 @@ const (
 	MFADeleteDisabled MFADelete = "Disabled"
 )
 
-// Values returns all known values for MFADelete. Note that this can be expanded in
-// the future, and so it is only as up to date as the client. The ordering of this
-// slice is not guaranteed to be stable across updates.
+// Values returns all known values for MFADelete. Note that this can be expanded
+// in the future, and so it is only as up to date as the client. The ordering of
+// this slice is not guaranteed to be stable across updates.
 func (MFADelete) Values() []MFADelete {
 	return []MFADelete{
 		"Enabled",
@@ -777,6 +819,7 @@ const (
 	ObjectStorageClassDeepArchive        ObjectStorageClass = "DEEP_ARCHIVE"
 	ObjectStorageClassOutposts           ObjectStorageClass = "OUTPOSTS"
 	ObjectStorageClassGlacierIr          ObjectStorageClass = "GLACIER_IR"
+	ObjectStorageClassSnow               ObjectStorageClass = "SNOW"
 )
 
 // Values returns all known values for ObjectStorageClass. Note that this can be
@@ -793,6 +836,7 @@ func (ObjectStorageClass) Values() []ObjectStorageClass {
 		"DEEP_ARCHIVE",
 		"OUTPOSTS",
 		"GLACIER_IR",
+		"SNOW",
 	}
 }
 
@@ -812,6 +856,22 @@ func (ObjectVersionStorageClass) Values() []ObjectVersionStorageClass {
 	}
 }
 
+type OptionalObjectAttributes string
+
+// Enum values for OptionalObjectAttributes
+const (
+	OptionalObjectAttributesRestoreStatus OptionalObjectAttributes = "RestoreStatus"
+)
+
+// Values returns all known values for OptionalObjectAttributes. Note that this
+// can be expanded in the future, and so it is only as up to date as the client.
+// The ordering of this slice is not guaranteed to be stable across updates.
+func (OptionalObjectAttributes) Values() []OptionalObjectAttributes {
+	return []OptionalObjectAttributes{
+		"RestoreStatus",
+	}
+}
+
 type OwnerOverride string
 
 // Enum values for OwnerOverride
@@ -836,8 +896,8 @@ const (
 	PayerBucketOwner Payer = "BucketOwner"
 )
 
-// Values returns all known values for Payer. Note that this can be expanded in the
-// future, and so it is only as up to date as the client. The ordering of this
+// Values returns all known values for Payer. Note that this can be expanded in
+// the future, and so it is only as up to date as the client. The ordering of this
 // slice is not guaranteed to be stable across updates.
 func (Payer) Values() []Payer {
 	return []Payer{
@@ -932,8 +992,8 @@ const (
 	ReplicationRuleStatusDisabled ReplicationRuleStatus = "Disabled"
 )
 
-// Values returns all known values for ReplicationRuleStatus. Note that this can be
-// expanded in the future, and so it is only as up to date as the client. The
+// Values returns all known values for ReplicationRuleStatus. Note that this can
+// be expanded in the future, and so it is only as up to date as the client. The
 // ordering of this slice is not guaranteed to be stable across updates.
 func (ReplicationRuleStatus) Values() []ReplicationRuleStatus {
 	return []ReplicationRuleStatus{
@@ -946,10 +1006,11 @@ type ReplicationStatus string
 
 // Enum values for ReplicationStatus
 const (
-	ReplicationStatusComplete ReplicationStatus = "COMPLETE"
-	ReplicationStatusPending  ReplicationStatus = "PENDING"
-	ReplicationStatusFailed   ReplicationStatus = "FAILED"
-	ReplicationStatusReplica  ReplicationStatus = "REPLICA"
+	ReplicationStatusComplete  ReplicationStatus = "COMPLETE"
+	ReplicationStatusPending   ReplicationStatus = "PENDING"
+	ReplicationStatusFailed    ReplicationStatus = "FAILED"
+	ReplicationStatusReplica   ReplicationStatus = "REPLICA"
+	ReplicationStatusCompleted ReplicationStatus = "COMPLETED"
 )
 
 // Values returns all known values for ReplicationStatus. Note that this can be
@@ -961,6 +1022,7 @@ func (ReplicationStatus) Values() []ReplicationStatus {
 		"PENDING",
 		"FAILED",
 		"REPLICA",
+		"COMPLETED",
 	}
 }
 
@@ -972,8 +1034,8 @@ const (
 	ReplicationTimeStatusDisabled ReplicationTimeStatus = "Disabled"
 )
 
-// Values returns all known values for ReplicationTimeStatus. Note that this can be
-// expanded in the future, and so it is only as up to date as the client. The
+// Values returns all known values for ReplicationTimeStatus. Note that this can
+// be expanded in the future, and so it is only as up to date as the client. The
 // ordering of this slice is not guaranteed to be stable across updates.
 func (ReplicationTimeStatus) Values() []ReplicationTimeStatus {
 	return []ReplicationTimeStatus{
@@ -1005,9 +1067,9 @@ const (
 	RequestPayerRequester RequestPayer = "requester"
 )
 
-// Values returns all known values for RequestPayer. Note that this can be expanded
-// in the future, and so it is only as up to date as the client. The ordering of
-// this slice is not guaranteed to be stable across updates.
+// Values returns all known values for RequestPayer. Note that this can be
+// expanded in the future, and so it is only as up to date as the client. The
+// ordering of this slice is not guaranteed to be stable across updates.
 func (RequestPayer) Values() []RequestPayer {
 	return []RequestPayer{
 		"requester",
@@ -1034,8 +1096,9 @@ type ServerSideEncryption string
 
 // Enum values for ServerSideEncryption
 const (
-	ServerSideEncryptionAes256 ServerSideEncryption = "AES256"
-	ServerSideEncryptionAwsKms ServerSideEncryption = "aws:kms"
+	ServerSideEncryptionAes256     ServerSideEncryption = "AES256"
+	ServerSideEncryptionAwsKms     ServerSideEncryption = "aws:kms"
+	ServerSideEncryptionAwsKmsDsse ServerSideEncryption = "aws:kms:dsse"
 )
 
 // Values returns all known values for ServerSideEncryption. Note that this can be
@@ -1045,6 +1108,7 @@ func (ServerSideEncryption) Values() []ServerSideEncryption {
 	return []ServerSideEncryption{
 		"AES256",
 		"aws:kms",
+		"aws:kms:dsse",
 	}
 }
 
@@ -1056,9 +1120,10 @@ const (
 	SseKmsEncryptedObjectsStatusDisabled SseKmsEncryptedObjectsStatus = "Disabled"
 )
 
-// Values returns all known values for SseKmsEncryptedObjectsStatus. Note that this
-// can be expanded in the future, and so it is only as up to date as the client.
-// The ordering of this slice is not guaranteed to be stable across updates.
+// Values returns all known values for SseKmsEncryptedObjectsStatus. Note that
+// this can be expanded in the future, and so it is only as up to date as the
+// client. The ordering of this slice is not guaranteed to be stable across
+// updates.
 func (SseKmsEncryptedObjectsStatus) Values() []SseKmsEncryptedObjectsStatus {
 	return []SseKmsEncryptedObjectsStatus{
 		"Enabled",
@@ -1079,11 +1144,12 @@ const (
 	StorageClassDeepArchive        StorageClass = "DEEP_ARCHIVE"
 	StorageClassOutposts           StorageClass = "OUTPOSTS"
 	StorageClassGlacierIr          StorageClass = "GLACIER_IR"
+	StorageClassSnow               StorageClass = "SNOW"
 )
 
-// Values returns all known values for StorageClass. Note that this can be expanded
-// in the future, and so it is only as up to date as the client. The ordering of
-// this slice is not guaranteed to be stable across updates.
+// Values returns all known values for StorageClass. Note that this can be
+// expanded in the future, and so it is only as up to date as the client. The
+// ordering of this slice is not guaranteed to be stable across updates.
 func (StorageClass) Values() []StorageClass {
 	return []StorageClass{
 		"STANDARD",
@@ -1095,6 +1161,7 @@ func (StorageClass) Values() []StorageClass {
 		"DEEP_ARCHIVE",
 		"OUTPOSTS",
 		"GLACIER_IR",
+		"SNOW",
 	}
 }
 
@@ -1105,8 +1172,8 @@ const (
 	StorageClassAnalysisSchemaVersionV1 StorageClassAnalysisSchemaVersion = "V_1"
 )
 
-// Values returns all known values for StorageClassAnalysisSchemaVersion. Note that
-// this can be expanded in the future, and so it is only as up to date as the
+// Values returns all known values for StorageClassAnalysisSchemaVersion. Note
+// that this can be expanded in the future, and so it is only as up to date as the
 // client. The ordering of this slice is not guaranteed to be stable across
 // updates.
 func (StorageClassAnalysisSchemaVersion) Values() []StorageClassAnalysisSchemaVersion {
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/types/errors.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/types/errors.go
index 8c3a386f7..f3837866d 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/types/errors.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/types/errors.go
@@ -12,6 +12,8 @@ import (
 type BucketAlreadyExists struct {
 	Message *string
 
+	ErrorCodeOverride *string
+
 	noSmithyDocumentSerde
 }
 
@@ -24,17 +26,24 @@ func (e *BucketAlreadyExists) ErrorMessage() string {
 	}
 	return *e.Message
 }
-func (e *BucketAlreadyExists) ErrorCode() string             { return "BucketAlreadyExists" }
+func (e *BucketAlreadyExists) ErrorCode() string {
+	if e == nil || e.ErrorCodeOverride == nil {
+		return "BucketAlreadyExists"
+	}
+	return *e.ErrorCodeOverride
+}
 func (e *BucketAlreadyExists) ErrorFault() smithy.ErrorFault { return smithy.FaultClient }
 
-// The bucket you tried to create already exists, and you own it. Amazon S3 returns
-// this error in all Amazon Web Services Regions except in the North Virginia
-// Region. For legacy compatibility, if you re-create an existing bucket that you
-// already own in the North Virginia Region, Amazon S3 returns 200 OK and resets
-// the bucket access control lists (ACLs).
+// The bucket you tried to create already exists, and you own it. Amazon S3
+// returns this error in all Amazon Web Services Regions except in the North
+// Virginia Region. For legacy compatibility, if you re-create an existing bucket
+// that you already own in the North Virginia Region, Amazon S3 returns 200 OK and
+// resets the bucket access control lists (ACLs).
 type BucketAlreadyOwnedByYou struct {
 	Message *string
 
+	ErrorCodeOverride *string
+
 	noSmithyDocumentSerde
 }
 
@@ -47,13 +56,20 @@ func (e *BucketAlreadyOwnedByYou) ErrorMessage() string {
 	}
 	return *e.Message
 }
-func (e *BucketAlreadyOwnedByYou) ErrorCode() string             { return "BucketAlreadyOwnedByYou" }
+func (e *BucketAlreadyOwnedByYou) ErrorCode() string {
+	if e == nil || e.ErrorCodeOverride == nil {
+		return "BucketAlreadyOwnedByYou"
+	}
+	return *e.ErrorCodeOverride
+}
 func (e *BucketAlreadyOwnedByYou) ErrorFault() smithy.ErrorFault { return smithy.FaultClient }
 
 // Object is archived and inaccessible until restored.
 type InvalidObjectState struct {
 	Message *string
 
+	ErrorCodeOverride *string
+
 	StorageClass StorageClass
 	AccessTier   IntelligentTieringAccessTier
 
@@ -69,13 +85,20 @@ func (e *InvalidObjectState) ErrorMessage() string {
 	}
 	return *e.Message
 }
-func (e *InvalidObjectState) ErrorCode() string             { return "InvalidObjectState" }
+func (e *InvalidObjectState) ErrorCode() string {
+	if e == nil || e.ErrorCodeOverride == nil {
+		return "InvalidObjectState"
+	}
+	return *e.ErrorCodeOverride
+}
 func (e *InvalidObjectState) ErrorFault() smithy.ErrorFault { return smithy.FaultClient }
 
 // The specified bucket does not exist.
 type NoSuchBucket struct {
 	Message *string
 
+	ErrorCodeOverride *string
+
 	noSmithyDocumentSerde
 }
 
@@ -88,13 +111,20 @@ func (e *NoSuchBucket) ErrorMessage() string {
 	}
 	return *e.Message
 }
-func (e *NoSuchBucket) ErrorCode() string             { return "NoSuchBucket" }
+func (e *NoSuchBucket) ErrorCode() string {
+	if e == nil || e.ErrorCodeOverride == nil {
+		return "NoSuchBucket"
+	}
+	return *e.ErrorCodeOverride
+}
 func (e *NoSuchBucket) ErrorFault() smithy.ErrorFault { return smithy.FaultClient }
 
 // The specified key does not exist.
 type NoSuchKey struct {
 	Message *string
 
+	ErrorCodeOverride *string
+
 	noSmithyDocumentSerde
 }
 
@@ -107,13 +137,20 @@ func (e *NoSuchKey) ErrorMessage() string {
 	}
 	return *e.Message
 }
-func (e *NoSuchKey) ErrorCode() string             { return "NoSuchKey" }
+func (e *NoSuchKey) ErrorCode() string {
+	if e == nil || e.ErrorCodeOverride == nil {
+		return "NoSuchKey"
+	}
+	return *e.ErrorCodeOverride
+}
 func (e *NoSuchKey) ErrorFault() smithy.ErrorFault { return smithy.FaultClient }
 
 // The specified multipart upload does not exist.
 type NoSuchUpload struct {
 	Message *string
 
+	ErrorCodeOverride *string
+
 	noSmithyDocumentSerde
 }
 
@@ -126,13 +163,20 @@ func (e *NoSuchUpload) ErrorMessage() string {
 	}
 	return *e.Message
 }
-func (e *NoSuchUpload) ErrorCode() string             { return "NoSuchUpload" }
+func (e *NoSuchUpload) ErrorCode() string {
+	if e == nil || e.ErrorCodeOverride == nil {
+		return "NoSuchUpload"
+	}
+	return *e.ErrorCodeOverride
+}
 func (e *NoSuchUpload) ErrorFault() smithy.ErrorFault { return smithy.FaultClient }
 
 // The specified content does not exist.
 type NotFound struct {
 	Message *string
 
+	ErrorCodeOverride *string
+
 	noSmithyDocumentSerde
 }
 
@@ -145,13 +189,20 @@ func (e *NotFound) ErrorMessage() string {
 	}
 	return *e.Message
 }
-func (e *NotFound) ErrorCode() string             { return "NotFound" }
+func (e *NotFound) ErrorCode() string {
+	if e == nil || e.ErrorCodeOverride == nil {
+		return "NotFound"
+	}
+	return *e.ErrorCodeOverride
+}
 func (e *NotFound) ErrorFault() smithy.ErrorFault { return smithy.FaultClient }
 
 // This action is not allowed against this storage tier.
 type ObjectAlreadyInActiveTierError struct {
 	Message *string
 
+	ErrorCodeOverride *string
+
 	noSmithyDocumentSerde
 }
 
@@ -164,7 +215,12 @@ func (e *ObjectAlreadyInActiveTierError) ErrorMessage() string {
 	}
 	return *e.Message
 }
-func (e *ObjectAlreadyInActiveTierError) ErrorCode() string             { return "ObjectAlreadyInActiveTierError" }
+func (e *ObjectAlreadyInActiveTierError) ErrorCode() string {
+	if e == nil || e.ErrorCodeOverride == nil {
+		return "ObjectAlreadyInActiveTierError"
+	}
+	return *e.ErrorCodeOverride
+}
 func (e *ObjectAlreadyInActiveTierError) ErrorFault() smithy.ErrorFault { return smithy.FaultClient }
 
 // The source object of the COPY action is not in the active tier and is only
@@ -172,6 +228,8 @@ func (e *ObjectAlreadyInActiveTierError) ErrorFault() smithy.ErrorFault { return
 type ObjectNotInActiveTierError struct {
 	Message *string
 
+	ErrorCodeOverride *string
+
 	noSmithyDocumentSerde
 }
 
@@ -184,5 +242,10 @@ func (e *ObjectNotInActiveTierError) ErrorMessage() string {
 	}
 	return *e.Message
 }
-func (e *ObjectNotInActiveTierError) ErrorCode() string             { return "ObjectNotInActiveTierError" }
+func (e *ObjectNotInActiveTierError) ErrorCode() string {
+	if e == nil || e.ErrorCodeOverride == nil {
+		return "ObjectNotInActiveTierError"
+	}
+	return *e.ErrorCodeOverride
+}
 func (e *ObjectNotInActiveTierError) ErrorFault() smithy.ErrorFault { return smithy.FaultClient }
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/types/types.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/types/types.go
index bcef62cec..3ddea0a24 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/types/types.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/types/types.go
@@ -9,9 +9,8 @@ import (
 
 // Specifies the days since the initiation of an incomplete multipart upload that
 // Amazon S3 will wait before permanently removing all parts of the upload. For
-// more information, see  Aborting Incomplete Multipart Uploads Using a Bucket
-// Lifecycle Policy
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html#mpu-abort-incomplete-mpu-lifecycle-config)
+// more information, see Aborting Incomplete Multipart Uploads Using a Bucket
+// Lifecycle Configuration (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html#mpu-abort-incomplete-mpu-lifecycle-config)
 // in the Amazon S3 User Guide.
 type AbortIncompleteMultipartUpload struct {
 
@@ -23,9 +22,8 @@ type AbortIncompleteMultipartUpload struct {
 }
 
 // Configures the transfer acceleration state for an Amazon S3 bucket. For more
-// information, see Amazon S3 Transfer Acceleration
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/transfer-acceleration.html) in
-// the Amazon S3 User Guide.
+// information, see Amazon S3 Transfer Acceleration (https://docs.aws.amazon.com/AmazonS3/latest/dev/transfer-acceleration.html)
+// in the Amazon S3 User Guide.
 type AccelerateConfiguration struct {
 
 	// Specifies the transfer acceleration status of the bucket.
@@ -50,8 +48,7 @@ type AccessControlPolicy struct {
 type AccessControlTranslation struct {
 
 	// Specifies the replica ownership. For default and valid values, see PUT bucket
-	// replication
-	// (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTreplication.html)
+	// replication (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTreplication.html)
 	// in the Amazon S3 API Reference.
 	//
 	// This member is required.
@@ -60,9 +57,10 @@ type AccessControlTranslation struct {
 	noSmithyDocumentSerde
 }
 
-// A conjunction (logical AND) of predicates, which is used in evaluating a metrics
-// filter. The operator must have at least two predicates in any combination, and
-// an object must match all of the predicates for the filter to apply.
+// A conjunction (logical AND) of predicates, which is used in evaluating a
+// metrics filter. The operator must have at least two predicates in any
+// combination, and an object must match all of the predicates for the filter to
+// apply.
 type AnalyticsAndOperator struct {
 
 	// The prefix to use when evaluating an AND predicate: The prefix that an object
@@ -191,9 +189,8 @@ type Bucket struct {
 }
 
 // Specifies the lifecycle configuration for objects in an Amazon S3 bucket. For
-// more information, see Object Lifecycle Management
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html) in
-// the Amazon S3 User Guide.
+// more information, see Object Lifecycle Management (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html)
+// in the Amazon S3 User Guide.
 type BucketLifecycleConfiguration struct {
 
 	// A lifecycle rule for individual objects in an Amazon S3 bucket.
@@ -207,10 +204,9 @@ type BucketLifecycleConfiguration struct {
 // Container for logging status information.
 type BucketLoggingStatus struct {
 
-	// Describes where logs are stored and the prefix that Amazon S3 assigns to all log
-	// object keys for a bucket. For more information, see PUT Bucket logging
-	// (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTlogging.html) in
-	// the Amazon S3 API Reference.
+	// Describes where logs are stored and the prefix that Amazon S3 assigns to all
+	// log object keys for a bucket. For more information, see PUT Bucket logging (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTlogging.html)
+	// in the Amazon S3 API Reference.
 	LoggingEnabled *LoggingEnabled
 
 	noSmithyDocumentSerde
@@ -222,43 +218,39 @@ type Checksum struct {
 	// The base64-encoded, 32-bit CRC32 checksum of the object. This will only be
 	// present if it was uploaded with the object. With multipart uploads, this may not
 	// be a checksum value of the object. For more information about how checksums are
-	// calculated with multipart uploads, see  Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
 	// in the Amazon S3 User Guide.
 	ChecksumCRC32 *string
 
 	// The base64-encoded, 32-bit CRC32C checksum of the object. This will only be
 	// present if it was uploaded with the object. With multipart uploads, this may not
 	// be a checksum value of the object. For more information about how checksums are
-	// calculated with multipart uploads, see  Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
 	// in the Amazon S3 User Guide.
 	ChecksumCRC32C *string
 
 	// The base64-encoded, 160-bit SHA-1 digest of the object. This will only be
 	// present if it was uploaded with the object. With multipart uploads, this may not
 	// be a checksum value of the object. For more information about how checksums are
-	// calculated with multipart uploads, see  Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
 	// in the Amazon S3 User Guide.
 	ChecksumSHA1 *string
 
 	// The base64-encoded, 256-bit SHA-256 digest of the object. This will only be
 	// present if it was uploaded with the object. With multipart uploads, this may not
 	// be a checksum value of the object. For more information about how checksums are
-	// calculated with multipart uploads, see  Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
 	// in the Amazon S3 User Guide.
 	ChecksumSHA256 *string
 
 	noSmithyDocumentSerde
 }
 
-// Container for all (if there are any) keys between Prefix and the next occurrence
-// of the string specified by a delimiter. CommonPrefixes lists keys that act like
-// subdirectories in the directory specified by Prefix. For example, if the prefix
-// is notes/ and the delimiter is a slash (/) as in notes/summer/july, the common
-// prefix is notes/summer/.
+// Container for all (if there are any) keys between Prefix and the next
+// occurrence of the string specified by a delimiter. CommonPrefixes lists keys
+// that act like subdirectories in the directory specified by Prefix. For example,
+// if the prefix is notes/ and the delimiter is a slash (/) as in
+// notes/summer/july, the common prefix is notes/summer/.
 type CommonPrefix struct {
 
 	// Container for the specified common prefix.
@@ -283,32 +275,28 @@ type CompletedPart struct {
 	// The base64-encoded, 32-bit CRC32 checksum of the object. This will only be
 	// present if it was uploaded with the object. With multipart uploads, this may not
 	// be a checksum value of the object. For more information about how checksums are
-	// calculated with multipart uploads, see  Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
 	// in the Amazon S3 User Guide.
 	ChecksumCRC32 *string
 
 	// The base64-encoded, 32-bit CRC32C checksum of the object. This will only be
 	// present if it was uploaded with the object. With multipart uploads, this may not
 	// be a checksum value of the object. For more information about how checksums are
-	// calculated with multipart uploads, see  Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
 	// in the Amazon S3 User Guide.
 	ChecksumCRC32C *string
 
 	// The base64-encoded, 160-bit SHA-1 digest of the object. This will only be
 	// present if it was uploaded with the object. With multipart uploads, this may not
 	// be a checksum value of the object. For more information about how checksums are
-	// calculated with multipart uploads, see  Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
 	// in the Amazon S3 User Guide.
 	ChecksumSHA1 *string
 
 	// The base64-encoded, 256-bit SHA-256 digest of the object. This will only be
 	// present if it was uploaded with the object. With multipart uploads, this may not
 	// be a checksum value of the object. For more information about how checksums are
-	// calculated with multipart uploads, see  Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
 	// in the Amazon S3 User Guide.
 	ChecksumSHA256 *string
 
@@ -336,15 +324,15 @@ type Condition struct {
 	HttpErrorCodeReturnedEquals *string
 
 	// The object key name prefix when the redirect is applied. For example, to
-	// redirect requests for ExamplePage.html, the key prefix will be ExamplePage.html.
-	// To redirect request for all pages with the prefix docs/, the key prefix will be
-	// /docs, which identifies all objects in the docs/ folder. Required when the
-	// parent element Condition is specified and sibling HttpErrorCodeReturnedEquals is
-	// not specified. If both conditions are specified, both must be true for the
+	// redirect requests for ExamplePage.html , the key prefix will be ExamplePage.html
+	// . To redirect request for all pages with the prefix docs/ , the key prefix will
+	// be /docs , which identifies all objects in the docs/ folder. Required when the
+	// parent element Condition is specified and sibling HttpErrorCodeReturnedEquals
+	// is not specified. If both conditions are specified, both must be true for the
 	// redirect to be applied. Replacement must be made for object keys containing
 	// special characters (such as carriage returns) when using XML requests. For more
-	// information, see  XML related object key constraints
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints).
+	// information, see XML related object key constraints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints)
+	// .
 	KeyPrefixEquals *string
 
 	noSmithyDocumentSerde
@@ -360,32 +348,28 @@ type CopyObjectResult struct {
 	// The base64-encoded, 32-bit CRC32 checksum of the object. This will only be
 	// present if it was uploaded with the object. With multipart uploads, this may not
 	// be a checksum value of the object. For more information about how checksums are
-	// calculated with multipart uploads, see  Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
 	// in the Amazon S3 User Guide.
 	ChecksumCRC32 *string
 
 	// The base64-encoded, 32-bit CRC32C checksum of the object. This will only be
 	// present if it was uploaded with the object. With multipart uploads, this may not
 	// be a checksum value of the object. For more information about how checksums are
-	// calculated with multipart uploads, see  Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
 	// in the Amazon S3 User Guide.
 	ChecksumCRC32C *string
 
 	// The base64-encoded, 160-bit SHA-1 digest of the object. This will only be
 	// present if it was uploaded with the object. With multipart uploads, this may not
 	// be a checksum value of the object. For more information about how checksums are
-	// calculated with multipart uploads, see  Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
 	// in the Amazon S3 User Guide.
 	ChecksumSHA1 *string
 
 	// The base64-encoded, 256-bit SHA-256 digest of the object. This will only be
 	// present if it was uploaded with the object. With multipart uploads, this may not
 	// be a checksum value of the object. For more information about how checksums are
-	// calculated with multipart uploads, see  Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
 	// in the Amazon S3 User Guide.
 	ChecksumSHA256 *string
 
@@ -405,32 +389,28 @@ type CopyPartResult struct {
 	// The base64-encoded, 32-bit CRC32 checksum of the object. This will only be
 	// present if it was uploaded with the object. With multipart uploads, this may not
 	// be a checksum value of the object. For more information about how checksums are
-	// calculated with multipart uploads, see  Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
 	// in the Amazon S3 User Guide.
 	ChecksumCRC32 *string
 
 	// The base64-encoded, 32-bit CRC32C checksum of the object. This will only be
 	// present if it was uploaded with the object. With multipart uploads, this may not
 	// be a checksum value of the object. For more information about how checksums are
-	// calculated with multipart uploads, see  Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
 	// in the Amazon S3 User Guide.
 	ChecksumCRC32C *string
 
 	// The base64-encoded, 160-bit SHA-1 digest of the object. This will only be
 	// present if it was uploaded with the object. With multipart uploads, this may not
 	// be a checksum value of the object. For more information about how checksums are
-	// calculated with multipart uploads, see  Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
 	// in the Amazon S3 User Guide.
 	ChecksumSHA1 *string
 
 	// The base64-encoded, 256-bit SHA-256 digest of the object. This will only be
 	// present if it was uploaded with the object. With multipart uploads, this may not
 	// be a checksum value of the object. For more information about how checksums are
-	// calculated with multipart uploads, see  Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
 	// in the Amazon S3 User Guide.
 	ChecksumSHA256 *string
 
@@ -444,9 +424,8 @@ type CopyPartResult struct {
 }
 
 // Describes the cross-origin access configuration for objects in an Amazon S3
-// bucket. For more information, see Enabling Cross-Origin Resource Sharing
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/cors.html) in the Amazon S3
-// User Guide.
+// bucket. For more information, see Enabling Cross-Origin Resource Sharing (https://docs.aws.amazon.com/AmazonS3/latest/dev/cors.html)
+// in the Amazon S3 User Guide.
 type CORSConfiguration struct {
 
 	// A set of origins and methods (cross-origin access that you want to allow). You
@@ -461,8 +440,8 @@ type CORSConfiguration struct {
 // Specifies a cross-origin access rule for an Amazon S3 bucket.
 type CORSRule struct {
 
-	// An HTTP method that you allow the origin to execute. Valid values are GET, PUT,
-	// HEAD, POST, and DELETE.
+	// An HTTP method that you allow the origin to execute. Valid values are GET , PUT
+	// , HEAD , POST , and DELETE .
 	//
 	// This member is required.
 	AllowedMethods []string
@@ -477,15 +456,16 @@ type CORSRule struct {
 	// OPTIONS request, Amazon S3 returns any requested headers that are allowed.
 	AllowedHeaders []string
 
-	// One or more headers in the response that you want customers to be able to access
-	// from their applications (for example, from a JavaScript XMLHttpRequest object).
+	// One or more headers in the response that you want customers to be able to
+	// access from their applications (for example, from a JavaScript XMLHttpRequest
+	// object).
 	ExposeHeaders []string
 
 	// Unique identifier for the rule. The value cannot be longer than 255 characters.
 	ID *string
 
-	// The time in seconds that your browser is to cache the preflight response for the
-	// specified resource.
+	// The time in seconds that your browser is to cache the preflight response for
+	// the specified resource.
 	MaxAgeSeconds int32
 
 	noSmithyDocumentSerde
@@ -512,7 +492,7 @@ type CSVInput struct {
 
 	// A single character used to indicate that a row should be ignored when the
 	// character is present at the start of that row. You can specify any character to
-	// indicate a comment line.
+	// indicate a comment line. The default character is # . Default: #
 	Comments *string
 
 	// A single character used to separate individual fields in a record. You can
@@ -520,27 +500,22 @@ type CSVInput struct {
 	FieldDelimiter *string
 
 	// Describes the first line of input. Valid values are:
-	//
-	// * NONE: First line is not
-	// a header.
-	//
-	// * IGNORE: First line is a header, but you can't use the header values
-	// to indicate the column in an expression. You can use column position (such as
-	// _1, _2, …) to indicate the column (SELECT s._1 FROM OBJECT s).
-	//
-	// * Use: First
-	// line is a header, and you can use the header value to identify a column in an
-	// expression (SELECT "name" FROM OBJECT).
+	//   - NONE : First line is not a header.
+	//   - IGNORE : First line is a header, but you can't use the header values to
+	//   indicate the column in an expression. You can use column position (such as _1,
+	//   _2, …) to indicate the column ( SELECT s._1 FROM OBJECT s ).
+	//   - Use : First line is a header, and you can use the header value to identify a
+	//   column in an expression ( SELECT "name" FROM OBJECT ).
 	FileHeaderInfo FileHeaderInfo
 
 	// A single character used for escaping when the field delimiter is part of the
-	// value. For example, if the value is a, b, Amazon S3 wraps this field value in
-	// quotation marks, as follows: " a , b ". Type: String Default: " Ancestors: CSV
+	// value. For example, if the value is a, b , Amazon S3 wraps this field value in
+	// quotation marks, as follows: " a , b " . Type: String Default: " Ancestors: CSV
 	QuoteCharacter *string
 
 	// A single character used for escaping the quotation mark character inside an
-	// already escaped value. For example, the value """ a , b """ is parsed as " a , b
-	// ".
+	// already escaped value. For example, the value """ a , b """ is parsed as " a ,
+	// b " .
 	QuoteEscapeCharacter *string
 
 	// A single character used to separate individual records in the input. Instead of
@@ -559,8 +534,8 @@ type CSVOutput struct {
 	FieldDelimiter *string
 
 	// A single character used for escaping when the field delimiter is part of the
-	// value. For example, if the value is a, b, Amazon S3 wraps this field value in
-	// quotation marks, as follows: " a , b ".
+	// value. For example, if the value is a, b , Amazon S3 wraps this field value in
+	// quotation marks, as follows: " a , b " .
 	QuoteCharacter *string
 
 	// The single character used for escaping the quote character inside an already
@@ -568,16 +543,12 @@ type CSVOutput struct {
 	QuoteEscapeCharacter *string
 
 	// Indicates whether to use quotation marks around output fields.
-	//
-	// * ALWAYS: Always
-	// use quotation marks for output fields.
-	//
-	// * ASNEEDED: Use quotation marks for
-	// output fields when needed.
+	//   - ALWAYS : Always use quotation marks for output fields.
+	//   - ASNEEDED : Use quotation marks for output fields when needed.
 	QuoteFields QuoteFields
 
-	// A single character used to separate individual records in the output. Instead of
-	// the default value, you can specify an arbitrary delimiter.
+	// A single character used to separate individual records in the output. Instead
+	// of the default value, you can specify an arbitrary delimiter.
 	RecordDelimiter *string
 
 	noSmithyDocumentSerde
@@ -585,25 +556,21 @@ type CSVOutput struct {
 
 // The container element for specifying the default Object Lock retention settings
 // for new objects placed in the specified bucket.
-//
-// * The DefaultRetention settings
-// require both a mode and a period.
-//
-// * The DefaultRetention period can be either
-// Days or Years but you must select one. You cannot specify Days and Years at the
-// same time.
+//   - The DefaultRetention settings require both a mode and a period.
+//   - The DefaultRetention period can be either Days or Years but you must select
+//     one. You cannot specify Days and Years at the same time.
 type DefaultRetention struct {
 
 	// The number of days that you want to specify for the default retention period.
-	// Must be used with Mode.
+	// Must be used with Mode .
 	Days int32
 
 	// The default Object Lock retention mode you want to apply to new objects placed
-	// in the specified bucket. Must be used with either Days or Years.
+	// in the specified bucket. Must be used with either Days or Years .
 	Mode ObjectLockRetentionMode
 
 	// The number of years that you want to specify for the default retention period.
-	// Must be used with Mode.
+	// Must be used with Mode .
 	Years int32
 
 	noSmithyDocumentSerde
@@ -612,7 +579,7 @@ type DefaultRetention struct {
 // Container for the objects to delete.
 type Delete struct {
 
-	// The objects to delete.
+	// The object to delete.
 	//
 	// This member is required.
 	Objects []ObjectIdentifier
@@ -627,14 +594,15 @@ type Delete struct {
 // Information about the deleted object.
 type DeletedObject struct {
 
-	// Specifies whether the versioned object that was permanently deleted was (true)
-	// or was not (false) a delete marker. In a simple DELETE, this header indicates
-	// whether (true) or not (false) a delete marker was created.
+	// Indicates whether the specified object version that was permanently deleted was
+	// (true) or was not (false) a delete marker before deletion. In a simple DELETE,
+	// this header indicates whether (true) or not (false) the current version of the
+	// object is a delete marker.
 	DeleteMarker bool
 
-	// The version ID of the delete marker created as a result of the DELETE operation.
-	// If you delete a specific object version, the value returned by this header is
-	// the version ID of the object version deleted.
+	// The version ID of the delete marker created as a result of the DELETE
+	// operation. If you delete a specific object version, the value returned by this
+	// header is the version ID of the object version deleted.
 	DeleteMarkerVersionId *string
 
 	// The name of the deleted object.
@@ -671,17 +639,15 @@ type DeleteMarkerEntry struct {
 // Specifies whether Amazon S3 replicates delete markers. If you specify a Filter
 // in your replication configuration, you must also include a
 // DeleteMarkerReplication element. If your Filter includes a Tag element, the
-// DeleteMarkerReplicationStatus must be set to Disabled, because Amazon S3 does
+// DeleteMarkerReplication Status must be set to Disabled, because Amazon S3 does
 // not support replicating delete markers for tag-based rules. For an example
-// configuration, see Basic Rule Configuration
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-add-config.html#replication-config-min-rule-config).
-// For more information about delete marker replication, see Basic Rule
-// Configuration
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/delete-marker-replication.html).
-// If you are using an earlier version of the replication configuration, Amazon S3
-// handles replication of delete markers differently. For more information, see
-// Backward Compatibility
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-add-config.html#replication-backward-compat-considerations).
+// configuration, see Basic Rule Configuration (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-add-config.html#replication-config-min-rule-config)
+// . For more information about delete marker replication, see Basic Rule
+// Configuration (https://docs.aws.amazon.com/AmazonS3/latest/dev/delete-marker-replication.html)
+// . If you are using an earlier version of the replication configuration, Amazon
+// S3 handles replication of delete markers differently. For more information, see
+// Backward Compatibility (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-add-config.html#replication-backward-compat-considerations)
+// .
 type DeleteMarkerReplication struct {
 
 	// Indicates whether to replicate delete markers. Indicates whether to replicate
@@ -710,10 +676,10 @@ type Destination struct {
 
 	// Destination bucket owner account ID. In a cross-account scenario, if you direct
 	// Amazon S3 to change replica ownership to the Amazon Web Services account that
-	// owns the destination bucket by specifying the AccessControlTranslation property,
-	// this is the account ID of the destination bucket owner. For more information,
-	// see Replication Additional Configuration: Changing the Replica Owner
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-change-owner.html)
+	// owns the destination bucket by specifying the AccessControlTranslation
+	// property, this is the account ID of the destination bucket owner. For more
+	// information, see Replication Additional Configuration: Changing the Replica
+	// Owner (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-change-owner.html)
 	// in the Amazon S3 User Guide.
 	Account *string
 
@@ -721,8 +687,8 @@ type Destination struct {
 	// SourceSelectionCriteria is specified, you must specify this element.
 	EncryptionConfiguration *EncryptionConfiguration
 
-	// A container specifying replication metrics-related settings enabling replication
-	// metrics and events.
+	// A container specifying replication metrics-related settings enabling
+	// replication metrics and events.
 	Metrics *Metrics
 
 	// A container specifying S3 Replication Time Control (S3 RTC), including whether
@@ -733,8 +699,7 @@ type Destination struct {
 	// The storage class to use when replicating objects, such as S3 Standard or
 	// reduced redundancy. By default, Amazon S3 uses the storage class of the source
 	// object to create the object replica. For valid values, see the StorageClass
-	// element of the PUT Bucket replication
-	// (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTreplication.html)
+	// element of the PUT Bucket replication (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTreplication.html)
 	// action in the Amazon S3 API Reference.
 	StorageClass StorageClass
 
@@ -745,20 +710,19 @@ type Destination struct {
 type Encryption struct {
 
 	// The server-side encryption algorithm used when storing job results in Amazon S3
-	// (for example, AES256, aws:kms).
+	// (for example, AES256, aws:kms ).
 	//
 	// This member is required.
 	EncryptionType ServerSideEncryption
 
-	// If the encryption type is aws:kms, this optional value can be used to specify
+	// If the encryption type is aws:kms , this optional value can be used to specify
 	// the encryption context for the restore results.
 	KMSContext *string
 
-	// If the encryption type is aws:kms, this optional value specifies the ID of the
-	// symmetric customer managed key to use for encryption of job results. Amazon S3
-	// only supports symmetric keys. For more information, see Using symmetric and
-	// asymmetric keys
-	// (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html)
+	// If the encryption type is aws:kms , this optional value specifies the ID of the
+	// symmetric encryption customer managed key to use for encryption of job results.
+	// Amazon S3 only supports symmetric encryption KMS keys. For more information, see
+	// Asymmetric keys in KMS (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html)
 	// in the Amazon Web Services Key Management Service Developer Guide.
 	KMSKeyId *string
 
@@ -772,9 +736,8 @@ type EncryptionConfiguration struct {
 	// Specifies the ID (Key ARN or Alias ARN) of the customer managed Amazon Web
 	// Services KMS key stored in Amazon Web Services Key Management Service (KMS) for
 	// the destination bucket. Amazon S3 uses this key to encrypt replica objects.
-	// Amazon S3 only supports symmetric, customer managed KMS keys. For more
-	// information, see Using symmetric and asymmetric keys
-	// (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html)
+	// Amazon S3 only supports symmetric encryption KMS keys. For more information, see
+	// Asymmetric keys in Amazon Web Services KMS (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html)
 	// in the Amazon Web Services Key Management Service Developer Guide.
 	ReplicaKmsKeyID *string
 
@@ -783,7 +746,7 @@ type EncryptionConfiguration struct {
 
 // A message that indicates the request is complete and no more messages will be
 // sent. You should not assume that the request is complete until the client
-// receives an EndEvent.
+// receives an EndEvent .
 type EndEvent struct {
 	noSmithyDocumentSerde
 }
@@ -793,934 +756,415 @@ type Error struct {
 
 	// The error code is a string that uniquely identifies an error condition. It is
 	// meant to be read and understood by programs that detect and handle errors by
-	// type. Amazon S3 error codes
-	//
-	// * Code: AccessDenied
-	//
-	// * Description: Access
-	// Denied
-	//
-	// * HTTP Status Code: 403 Forbidden
-	//
-	// * SOAP Fault Code Prefix: Client
-	//
-	// *
-	// Code: AccountProblem
-	//
-	// * Description: There is a problem with your Amazon Web
-	// Services account that prevents the action from completing successfully. Contact
-	// Amazon Web Services Support for further assistance.
-	//
-	// * HTTP Status Code: 403
-	// Forbidden
-	//
-	// * SOAP Fault Code Prefix: Client
-	//
-	// * Code: AllAccessDisabled
-	//
-	// *
-	// Description: All access to this Amazon S3 resource has been disabled. Contact
-	// Amazon Web Services Support for further assistance.
-	//
-	// * HTTP Status Code: 403
-	// Forbidden
-	//
-	// * SOAP Fault Code Prefix: Client
-	//
-	// * Code:
-	// AmbiguousGrantByEmailAddress
-	//
-	// * Description: The email address you provided is
-	// associated with more than one account.
-	//
-	// * HTTP Status Code: 400 Bad Request
-	//
-	// *
-	// SOAP Fault Code Prefix: Client
-	//
-	// * Code: AuthorizationHeaderMalformed
-	//
-	// *
-	// Description: The authorization header you provided is invalid.
-	//
-	// * HTTP Status
-	// Code: 400 Bad Request
-	//
-	// * HTTP Status Code: N/A
-	//
-	// * Code: BadDigest
-	//
-	// *
-	// Description: The Content-MD5 you specified did not match what we received.
-	//
-	// *
-	// HTTP Status Code: 400 Bad Request
-	//
-	// * SOAP Fault Code Prefix: Client
-	//
-	// * Code:
-	// BucketAlreadyExists
-	//
-	// * Description: The requested bucket name is not available.
-	// The bucket namespace is shared by all users of the system. Please select a
-	// different name and try again.
-	//
-	// * HTTP Status Code: 409 Conflict
-	//
-	// * SOAP Fault
-	// Code Prefix: Client
-	//
-	// * Code: BucketAlreadyOwnedByYou
-	//
-	// * Description: The bucket
-	// you tried to create already exists, and you own it. Amazon S3 returns this error
-	// in all Amazon Web Services Regions except in the North Virginia Region. For
-	// legacy compatibility, if you re-create an existing bucket that you already own
-	// in the North Virginia Region, Amazon S3 returns 200 OK and resets the bucket
-	// access control lists (ACLs).
-	//
-	// * Code: 409 Conflict (in all Regions except the
-	// North Virginia Region)
-	//
-	// * SOAP Fault Code Prefix: Client
-	//
-	// * Code:
-	// BucketNotEmpty
-	//
-	// * Description: The bucket you tried to delete is not empty.
-	//
-	// *
-	// HTTP Status Code: 409 Conflict
-	//
-	// * SOAP Fault Code Prefix: Client
-	//
-	// * Code:
-	// CredentialsNotSupported
-	//
-	// * Description: This request does not support
-	// credentials.
-	//
-	// * HTTP Status Code: 400 Bad Request
-	//
-	// * SOAP Fault Code Prefix:
-	// Client
-	//
-	// * Code: CrossLocationLoggingProhibited
-	//
-	// * Description: Cross-location
-	// logging not allowed. Buckets in one geographic location cannot log information
-	// to a bucket in another location.
-	//
-	// * HTTP Status Code: 403 Forbidden
-	//
-	// * SOAP
-	// Fault Code Prefix: Client
-	//
-	// * Code: EntityTooSmall
-	//
-	// * Description: Your proposed
-	// upload is smaller than the minimum allowed object size.
-	//
-	// * HTTP Status Code: 400
-	// Bad Request
-	//
-	// * SOAP Fault Code Prefix: Client
-	//
-	// * Code: EntityTooLarge
-	//
-	// *
-	// Description: Your proposed upload exceeds the maximum allowed object size.
-	//
-	// *
-	// HTTP Status Code: 400 Bad Request
-	//
-	// * SOAP Fault Code Prefix: Client
-	//
-	// * Code:
-	// ExpiredToken
-	//
-	// * Description: The provided token has expired.
-	//
-	// * HTTP Status
-	// Code: 400 Bad Request
-	//
-	// * SOAP Fault Code Prefix: Client
-	//
-	// * Code:
-	// IllegalVersioningConfigurationException
-	//
-	// * Description: Indicates that the
-	// versioning configuration specified in the request is invalid.
-	//
-	// * HTTP Status
-	// Code: 400 Bad Request
-	//
-	// * SOAP Fault Code Prefix: Client
-	//
-	// * Code:
-	// IncompleteBody
-	//
-	// * Description: You did not provide the number of bytes specified
-	// by the Content-Length HTTP header
-	//
-	// * HTTP Status Code: 400 Bad Request
-	//
-	// * SOAP
-	// Fault Code Prefix: Client
-	//
-	// * Code: IncorrectNumberOfFilesInPostRequest
-	//
-	// *
-	// Description: POST requires exactly one file upload per request.
-	//
-	// * HTTP Status
-	// Code: 400 Bad Request
-	//
-	// * SOAP Fault Code Prefix: Client
-	//
-	// * Code:
-	// InlineDataTooLarge
-	//
-	// * Description: Inline data exceeds the maximum allowed
-	// size.
-	//
-	// * HTTP Status Code: 400 Bad Request
-	//
-	// * SOAP Fault Code Prefix: Client
-	//
-	// *
-	// Code: InternalError
-	//
-	// * Description: We encountered an internal error. Please try
-	// again.
-	//
-	// * HTTP Status Code: 500 Internal Server Error
-	//
-	// * SOAP Fault Code Prefix:
-	// Server
-	//
-	// * Code: InvalidAccessKeyId
-	//
-	// * Description: The Amazon Web Services
-	// access key ID you provided does not exist in our records.
-	//
-	// * HTTP Status Code:
-	// 403 Forbidden
-	//
-	// * SOAP Fault Code Prefix: Client
-	//
-	// * Code:
-	// InvalidAddressingHeader
-	//
-	// * Description: You must specify the Anonymous role.
-	//
-	// *
-	// HTTP Status Code: N/A
-	//
-	// * SOAP Fault Code Prefix: Client
-	//
-	// * Code:
-	// InvalidArgument
-	//
-	// * Description: Invalid Argument
-	//
-	// * HTTP Status Code: 400 Bad
-	// Request
-	//
-	// * SOAP Fault Code Prefix: Client
-	//
-	// * Code: InvalidBucketName
-	//
-	// *
-	// Description: The specified bucket is not valid.
-	//
-	// * HTTP Status Code: 400 Bad
-	// Request
-	//
-	// * SOAP Fault Code Prefix: Client
-	//
-	// * Code: InvalidBucketState
-	//
-	// *
-	// Description: The request is not valid with the current state of the bucket.
-	//
-	// *
-	// HTTP Status Code: 409 Conflict
-	//
-	// * SOAP Fault Code Prefix: Client
-	//
-	// * Code:
-	// InvalidDigest
-	//
-	// * Description: The Content-MD5 you specified is not valid.
-	//
-	// *
-	// HTTP Status Code: 400 Bad Request
-	//
-	// * SOAP Fault Code Prefix: Client
-	//
-	// * Code:
-	// InvalidEncryptionAlgorithmError
-	//
-	// * Description: The encryption request you
-	// specified is not valid. The valid value is AES256.
-	//
-	// * HTTP Status Code: 400 Bad
-	// Request
-	//
-	// * SOAP Fault Code Prefix: Client
-	//
-	// * Code: InvalidLocationConstraint
-	//
-	// *
-	// Description: The specified location constraint is not valid. For more
-	// information about Regions, see How to Select a Region for Your Buckets
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingBucket.html#access-bucket-intro).
-	//
-	// *
-	// HTTP Status Code: 400 Bad Request
-	//
-	// * SOAP Fault Code Prefix: Client
-	//
-	// * Code:
-	// InvalidObjectState
-	//
-	// * Description: The action is not valid for the current state
-	// of the object.
-	//
-	// * HTTP Status Code: 403 Forbidden
-	//
-	// * SOAP Fault Code Prefix:
-	// Client
-	//
-	// * Code: InvalidPart
-	//
-	// * Description: One or more of the specified parts
-	// could not be found. The part might not have been uploaded, or the specified
-	// entity tag might not have matched the part's entity tag.
-	//
-	// * HTTP Status Code:
-	// 400 Bad Request
-	//
-	// * SOAP Fault Code Prefix: Client
-	//
-	// * Code: InvalidPartOrder
-	//
-	// *
-	// Description: The list of parts was not in ascending order. Parts list must be
-	// specified in order by part number.
-	//
-	// * HTTP Status Code: 400 Bad Request
-	//
-	// * SOAP
-	// Fault Code Prefix: Client
-	//
-	// * Code: InvalidPayer
-	//
-	// * Description: All access to
-	// this object has been disabled. Please contact Amazon Web Services Support for
-	// further assistance.
-	//
-	// * HTTP Status Code: 403 Forbidden
-	//
-	// * SOAP Fault Code
-	// Prefix: Client
-	//
-	// * Code: InvalidPolicyDocument
-	//
-	// * Description: The content of the
-	// form does not meet the conditions specified in the policy document.
-	//
-	// * HTTP
-	// Status Code: 400 Bad Request
-	//
-	// * SOAP Fault Code Prefix: Client
-	//
-	// * Code:
-	// InvalidRange
-	//
-	// * Description: The requested range cannot be satisfied.
-	//
-	// * HTTP
-	// Status Code: 416 Requested Range Not Satisfiable
-	//
-	// * SOAP Fault Code Prefix:
-	// Client
-	//
-	// * Code: InvalidRequest
-	//
-	// * Description: Please use AWS4-HMAC-SHA256.
-	//
-	// *
-	// HTTP Status Code: 400 Bad Request
-	//
-	// * Code: N/A
-	//
-	// * Code: InvalidRequest
-	//
-	// *
-	// Description: SOAP requests must be made over an HTTPS connection.
-	//
-	// * HTTP Status
-	// Code: 400 Bad Request
-	//
-	// * SOAP Fault Code Prefix: Client
-	//
-	// * Code:
-	// InvalidRequest
-	//
-	// * Description: Amazon S3 Transfer Acceleration is not supported
-	// for buckets with non-DNS compliant names.
-	//
-	// * HTTP Status Code: 400 Bad
-	// Request
-	//
-	// * Code: N/A
-	//
-	// * Code: InvalidRequest
-	//
-	// * Description: Amazon S3 Transfer
-	// Acceleration is not supported for buckets with periods (.) in their names.
-	//
-	// *
-	// HTTP Status Code: 400 Bad Request
-	//
-	// * Code: N/A
-	//
-	// * Code: InvalidRequest
-	//
-	// *
-	// Description: Amazon S3 Transfer Accelerate endpoint only supports virtual style
-	// requests.
-	//
-	// * HTTP Status Code: 400 Bad Request
-	//
-	// * Code: N/A
-	//
-	// * Code:
-	// InvalidRequest
-	//
-	// * Description: Amazon S3 Transfer Accelerate is not configured
-	// on this bucket.
-	//
-	// * HTTP Status Code: 400 Bad Request
-	//
-	// * Code: N/A
-	//
-	// * Code:
-	// InvalidRequest
-	//
-	// * Description: Amazon S3 Transfer Accelerate is disabled on this
-	// bucket.
-	//
-	// * HTTP Status Code: 400 Bad Request
-	//
-	// * Code: N/A
-	//
-	// * Code:
-	// InvalidRequest
-	//
-	// * Description: Amazon S3 Transfer Acceleration is not supported
-	// on this bucket. Contact Amazon Web Services Support for more information.
-	//
-	// *
-	// HTTP Status Code: 400 Bad Request
-	//
-	// * Code: N/A
-	//
-	// * Code: InvalidRequest
-	//
-	// *
-	// Description: Amazon S3 Transfer Acceleration cannot be enabled on this bucket.
-	// Contact Amazon Web Services Support for more information.
-	//
-	// * HTTP Status Code:
-	// 400 Bad Request
-	//
-	// * Code: N/A
-	//
-	// * Code: InvalidSecurity
-	//
-	// * Description: The
-	// provided security credentials are not valid.
-	//
-	// * HTTP Status Code: 403
-	// Forbidden
-	//
-	// * SOAP Fault Code Prefix: Client
-	//
-	// * Code: InvalidSOAPRequest
-	//
-	// *
-	// Description: The SOAP request body is invalid.
-	//
-	// * HTTP Status Code: 400 Bad
-	// Request
-	//
-	// * SOAP Fault Code Prefix: Client
-	//
-	// * Code: InvalidStorageClass
-	//
-	// *
-	// Description: The storage class you specified is not valid.
-	//
-	// * HTTP Status Code:
-	// 400 Bad Request
-	//
-	// * SOAP Fault Code Prefix: Client
-	//
-	// * Code:
-	// InvalidTargetBucketForLogging
-	//
-	// * Description: The target bucket for logging does
-	// not exist, is not owned by you, or does not have the appropriate grants for the
-	// log-delivery group.
-	//
-	// * HTTP Status Code: 400 Bad Request
-	//
-	// * SOAP Fault Code
-	// Prefix: Client
-	//
-	// * Code: InvalidToken
-	//
-	// * Description: The provided token is
-	// malformed or otherwise invalid.
-	//
-	// * HTTP Status Code: 400 Bad Request
-	//
-	// * SOAP
-	// Fault Code Prefix: Client
-	//
-	// * Code: InvalidURI
-	//
-	// * Description: Couldn't parse the
-	// specified URI.
-	//
-	// * HTTP Status Code: 400 Bad Request
-	//
-	// * SOAP Fault Code Prefix:
-	// Client
-	//
-	// * Code: KeyTooLongError
-	//
-	// * Description: Your key is too long.
-	//
-	// * HTTP
-	// Status Code: 400 Bad Request
-	//
-	// * SOAP Fault Code Prefix: Client
-	//
-	// * Code:
-	// MalformedACLError
-	//
-	// * Description: The XML you provided was not well-formed or
-	// did not validate against our published schema.
-	//
-	// * HTTP Status Code: 400 Bad
-	// Request
-	//
-	// * SOAP Fault Code Prefix: Client
-	//
-	// * Code: MalformedPOSTRequest
-	//
-	// *
-	// Description: The body of your POST request is not well-formed
-	// multipart/form-data.
-	//
-	// * HTTP Status Code: 400 Bad Request
-	//
-	// * SOAP Fault Code
-	// Prefix: Client
-	//
-	// * Code: MalformedXML
-	//
-	// * Description: This happens when the user
-	// sends malformed XML (XML that doesn't conform to the published XSD) for the
-	// configuration. The error message is, "The XML you provided was not well-formed
-	// or did not validate against our published schema."
-	//
-	// * HTTP Status Code: 400 Bad
-	// Request
-	//
-	// * SOAP Fault Code Prefix: Client
-	//
-	// * Code: MaxMessageLengthExceeded
-	//
-	// *
-	// Description: Your request was too big.
-	//
-	// * HTTP Status Code: 400 Bad Request
-	//
-	// *
-	// SOAP Fault Code Prefix: Client
-	//
-	// * Code: MaxPostPreDataLengthExceededError
-	//
-	// *
-	// Description: Your POST request fields preceding the upload file were too
-	// large.
-	//
-	// * HTTP Status Code: 400 Bad Request
-	//
-	// * SOAP Fault Code Prefix: Client
-	//
-	// *
-	// Code: MetadataTooLarge
-	//
-	// * Description: Your metadata headers exceed the maximum
-	// allowed metadata size.
-	//
-	// * HTTP Status Code: 400 Bad Request
-	//
-	// * SOAP Fault Code
-	// Prefix: Client
-	//
-	// * Code: MethodNotAllowed
-	//
-	// * Description: The specified method is
-	// not allowed against this resource.
-	//
-	// * HTTP Status Code: 405 Method Not
-	// Allowed
-	//
-	// * SOAP Fault Code Prefix: Client
-	//
-	// * Code: MissingAttachment
-	//
-	// *
-	// Description: A SOAP attachment was expected, but none were found.
-	//
-	// * HTTP Status
-	// Code: N/A
-	//
-	// * SOAP Fault Code Prefix: Client
-	//
-	// * Code: MissingContentLength
-	//
-	// *
-	// Description: You must provide the Content-Length HTTP header.
-	//
-	// * HTTP Status
-	// Code: 411 Length Required
-	//
-	// * SOAP Fault Code Prefix: Client
-	//
-	// * Code:
-	// MissingRequestBodyError
-	//
-	// * Description: This happens when the user sends an
-	// empty XML document as a request. The error message is, "Request body is
-	// empty."
-	//
-	// * HTTP Status Code: 400 Bad Request
-	//
-	// * SOAP Fault Code Prefix:
-	// Client
-	//
-	// * Code: MissingSecurityElement
-	//
-	// * Description: The SOAP 1.1 request is
-	// missing a security element.
-	//
-	// * HTTP Status Code: 400 Bad Request
-	//
-	// * SOAP Fault
-	// Code Prefix: Client
-	//
-	// * Code: MissingSecurityHeader
-	//
-	// * Description: Your request
-	// is missing a required header.
-	//
-	// * HTTP Status Code: 400 Bad Request
-	//
-	// * SOAP Fault
-	// Code Prefix: Client
-	//
-	// * Code: NoLoggingStatusForKey
-	//
-	// * Description: There is no
-	// such thing as a logging status subresource for a key.
-	//
-	// * HTTP Status Code: 400
-	// Bad Request
-	//
-	// * SOAP Fault Code Prefix: Client
-	//
-	// * Code: NoSuchBucket
-	//
-	// *
-	// Description: The specified bucket does not exist.
-	//
-	// * HTTP Status Code: 404 Not
-	// Found
-	//
-	// * SOAP Fault Code Prefix: Client
-	//
-	// * Code: NoSuchBucketPolicy
-	//
-	// *
-	// Description: The specified bucket does not have a bucket policy.
-	//
-	// * HTTP Status
-	// Code: 404 Not Found
-	//
-	// * SOAP Fault Code Prefix: Client
-	//
-	// * Code: NoSuchKey
-	//
-	// *
-	// Description: The specified key does not exist.
-	//
-	// * HTTP Status Code: 404 Not
-	// Found
-	//
-	// * SOAP Fault Code Prefix: Client
-	//
-	// * Code: NoSuchLifecycleConfiguration
-	//
-	// *
-	// Description: The lifecycle configuration does not exist.
-	//
-	// * HTTP Status Code:
-	// 404 Not Found
-	//
-	// * SOAP Fault Code Prefix: Client
-	//
-	// * Code: NoSuchUpload
-	//
-	// *
-	// Description: The specified multipart upload does not exist. The upload ID might
-	// be invalid, or the multipart upload might have been aborted or completed.
-	//
-	// *
-	// HTTP Status Code: 404 Not Found
-	//
-	// * SOAP Fault Code Prefix: Client
-	//
-	// * Code:
-	// NoSuchVersion
-	//
-	// * Description: Indicates that the version ID specified in the
-	// request does not match an existing version.
-	//
-	// * HTTP Status Code: 404 Not
-	// Found
-	//
-	// * SOAP Fault Code Prefix: Client
-	//
-	// * Code: NotImplemented
-	//
-	// * Description:
-	// A header you provided implies functionality that is not implemented.
-	//
-	// * HTTP
-	// Status Code: 501 Not Implemented
-	//
-	// * SOAP Fault Code Prefix: Server
-	//
-	// * Code:
-	// NotSignedUp
-	//
-	// * Description: Your account is not signed up for the Amazon S3
-	// service. You must sign up before you can use Amazon S3. You can sign up at the
-	// following URL: Amazon S3 (http://aws.amazon.com/s3)
-	//
-	// * HTTP Status Code: 403
-	// Forbidden
-	//
-	// * SOAP Fault Code Prefix: Client
-	//
-	// * Code: OperationAborted
-	//
-	// *
-	// Description: A conflicting conditional action is currently in progress against
-	// this resource. Try again.
-	//
-	// * HTTP Status Code: 409 Conflict
-	//
-	// * SOAP Fault Code
-	// Prefix: Client
-	//
-	// * Code: PermanentRedirect
-	//
-	// * Description: The bucket you are
-	// attempting to access must be addressed using the specified endpoint. Send all
-	// future requests to this endpoint.
-	//
-	// * HTTP Status Code: 301 Moved Permanently
-	//
-	// *
-	// SOAP Fault Code Prefix: Client
-	//
-	// * Code: PreconditionFailed
-	//
-	// * Description: At
-	// least one of the preconditions you specified did not hold.
-	//
-	// * HTTP Status Code:
-	// 412 Precondition Failed
-	//
-	// * SOAP Fault Code Prefix: Client
-	//
-	// * Code: Redirect
-	//
-	// *
-	// Description: Temporary redirect.
-	//
-	// * HTTP Status Code: 307 Moved Temporarily
-	//
-	// *
-	// SOAP Fault Code Prefix: Client
-	//
-	// * Code: RestoreAlreadyInProgress
-	//
-	// * Description:
-	// Object restore is already in progress.
-	//
-	// * HTTP Status Code: 409 Conflict
-	//
-	// * SOAP
-	// Fault Code Prefix: Client
-	//
-	// * Code: RequestIsNotMultiPartContent
-	//
-	// * Description:
-	// Bucket POST must be of the enclosure-type multipart/form-data.
-	//
-	// * HTTP Status
-	// Code: 400 Bad Request
-	//
-	// * SOAP Fault Code Prefix: Client
-	//
-	// * Code:
-	// RequestTimeout
-	//
-	// * Description: Your socket connection to the server was not read
-	// from or written to within the timeout period.
-	//
-	// * HTTP Status Code: 400 Bad
-	// Request
-	//
-	// * SOAP Fault Code Prefix: Client
-	//
-	// * Code: RequestTimeTooSkewed
-	//
-	// *
-	// Description: The difference between the request time and the server's time is
-	// too large.
-	//
-	// * HTTP Status Code: 403 Forbidden
-	//
-	// * SOAP Fault Code Prefix:
-	// Client
-	//
-	// * Code: RequestTorrentOfBucketError
-	//
-	// * Description: Requesting the
-	// torrent file of a bucket is not permitted.
-	//
-	// * HTTP Status Code: 400 Bad
-	// Request
-	//
-	// * SOAP Fault Code Prefix: Client
-	//
-	// * Code: SignatureDoesNotMatch
-	//
-	// *
-	// Description: The request signature we calculated does not match the signature
-	// you provided. Check your Amazon Web Services secret access key and signing
-	// method. For more information, see REST Authentication
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html) and
-	// SOAP Authentication
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/SOAPAuthentication.html) for
-	// details.
-	//
-	// * HTTP Status Code: 403 Forbidden
-	//
-	// * SOAP Fault Code Prefix: Client
-	//
-	// *
-	// Code: ServiceUnavailable
-	//
-	// * Description: Reduce your request rate.
-	//
-	// * HTTP
-	// Status Code: 503 Service Unavailable
-	//
-	// * SOAP Fault Code Prefix: Server
-	//
-	// * Code:
-	// SlowDown
-	//
-	// * Description: Reduce your request rate.
-	//
-	// * HTTP Status Code: 503 Slow
-	// Down
-	//
-	// * SOAP Fault Code Prefix: Server
-	//
-	// * Code: TemporaryRedirect
-	//
-	// *
-	// Description: You are being redirected to the bucket while DNS updates.
-	//
-	// * HTTP
-	// Status Code: 307 Moved Temporarily
-	//
-	// * SOAP Fault Code Prefix: Client
-	//
-	// * Code:
-	// TokenRefreshRequired
-	//
-	// * Description: The provided token must be refreshed.
-	//
-	// *
-	// HTTP Status Code: 400 Bad Request
-	//
-	// * SOAP Fault Code Prefix: Client
-	//
-	// * Code:
-	// TooManyBuckets
-	//
-	// * Description: You have attempted to create more buckets than
-	// allowed.
-	//
-	// * HTTP Status Code: 400 Bad Request
-	//
-	// * SOAP Fault Code Prefix:
-	// Client
-	//
-	// * Code: UnexpectedContent
-	//
-	// * Description: This request does not support
-	// content.
-	//
-	// * HTTP Status Code: 400 Bad Request
-	//
-	// * SOAP Fault Code Prefix:
-	// Client
-	//
-	// * Code: UnresolvableGrantByEmailAddress
-	//
-	// * Description: The email
-	// address you provided does not match any account on record.
-	//
-	// * HTTP Status Code:
-	// 400 Bad Request
-	//
-	// * SOAP Fault Code Prefix: Client
-	//
-	// * Code:
-	// UserKeyMustBeSpecified
-	//
-	// * Description: The bucket POST must contain the
-	// specified field name. If it is specified, check the order of the fields.
-	//
-	// * HTTP
-	// Status Code: 400 Bad Request
-	//
-	// * SOAP Fault Code Prefix: Client
+	// type. The following is a list of Amazon S3 error codes. For more information,
+	// see Error responses (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html)
+	// .
+	//   - Code: AccessDenied
+	//   - Description: Access Denied
+	//   - HTTP Status Code: 403 Forbidden
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: AccountProblem
+	//   - Description: There is a problem with your Amazon Web Services account that
+	//   prevents the action from completing successfully. Contact Amazon Web Services
+	//   Support for further assistance.
+	//   - HTTP Status Code: 403 Forbidden
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: AllAccessDisabled
+	//   - Description: All access to this Amazon S3 resource has been disabled.
+	//   Contact Amazon Web Services Support for further assistance.
+	//   - HTTP Status Code: 403 Forbidden
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: AmbiguousGrantByEmailAddress
+	//   - Description: The email address you provided is associated with more than
+	//   one account.
+	//   - HTTP Status Code: 400 Bad Request
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: AuthorizationHeaderMalformed
+	//   - Description: The authorization header you provided is invalid.
+	//   - HTTP Status Code: 400 Bad Request
+	//   - HTTP Status Code: N/A
+	//   - Code: BadDigest
+	//   - Description: The Content-MD5 you specified did not match what we received.
+	//   - HTTP Status Code: 400 Bad Request
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: BucketAlreadyExists
+	//   - Description: The requested bucket name is not available. The bucket
+	//   namespace is shared by all users of the system. Please select a different name
+	//   and try again.
+	//   - HTTP Status Code: 409 Conflict
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: BucketAlreadyOwnedByYou
+	//   - Description: The bucket you tried to create already exists, and you own it.
+	//   Amazon S3 returns this error in all Amazon Web Services Regions except in the
+	//   North Virginia Region. For legacy compatibility, if you re-create an existing
+	//   bucket that you already own in the North Virginia Region, Amazon S3 returns 200
+	//   OK and resets the bucket access control lists (ACLs).
+	//   - Code: 409 Conflict (in all Regions except the North Virginia Region)
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: BucketNotEmpty
+	//   - Description: The bucket you tried to delete is not empty.
+	//   - HTTP Status Code: 409 Conflict
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: CredentialsNotSupported
+	//   - Description: This request does not support credentials.
+	//   - HTTP Status Code: 400 Bad Request
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: CrossLocationLoggingProhibited
+	//   - Description: Cross-location logging not allowed. Buckets in one geographic
+	//   location cannot log information to a bucket in another location.
+	//   - HTTP Status Code: 403 Forbidden
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: EntityTooSmall
+	//   - Description: Your proposed upload is smaller than the minimum allowed
+	//   object size.
+	//   - HTTP Status Code: 400 Bad Request
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: EntityTooLarge
+	//   - Description: Your proposed upload exceeds the maximum allowed object size.
+	//   - HTTP Status Code: 400 Bad Request
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: ExpiredToken
+	//   - Description: The provided token has expired.
+	//   - HTTP Status Code: 400 Bad Request
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: IllegalVersioningConfigurationException
+	//   - Description: Indicates that the versioning configuration specified in the
+	//   request is invalid.
+	//   - HTTP Status Code: 400 Bad Request
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: IncompleteBody
+	//   - Description: You did not provide the number of bytes specified by the
+	//   Content-Length HTTP header
+	//   - HTTP Status Code: 400 Bad Request
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: IncorrectNumberOfFilesInPostRequest
+	//   - Description: POST requires exactly one file upload per request.
+	//   - HTTP Status Code: 400 Bad Request
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: InlineDataTooLarge
+	//   - Description: Inline data exceeds the maximum allowed size.
+	//   - HTTP Status Code: 400 Bad Request
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: InternalError
+	//   - Description: We encountered an internal error. Please try again.
+	//   - HTTP Status Code: 500 Internal Server Error
+	//   - SOAP Fault Code Prefix: Server
+	//   - Code: InvalidAccessKeyId
+	//   - Description: The Amazon Web Services access key ID you provided does not
+	//   exist in our records.
+	//   - HTTP Status Code: 403 Forbidden
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: InvalidAddressingHeader
+	//   - Description: You must specify the Anonymous role.
+	//   - HTTP Status Code: N/A
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: InvalidArgument
+	//   - Description: Invalid Argument
+	//   - HTTP Status Code: 400 Bad Request
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: InvalidBucketName
+	//   - Description: The specified bucket is not valid.
+	//   - HTTP Status Code: 400 Bad Request
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: InvalidBucketState
+	//   - Description: The request is not valid with the current state of the bucket.
+	//   - HTTP Status Code: 409 Conflict
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: InvalidDigest
+	//   - Description: The Content-MD5 you specified is not valid.
+	//   - HTTP Status Code: 400 Bad Request
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: InvalidEncryptionAlgorithmError
+	//   - Description: The encryption request you specified is not valid. The valid
+	//   value is AES256.
+	//   - HTTP Status Code: 400 Bad Request
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: InvalidLocationConstraint
+	//   - Description: The specified location constraint is not valid. For more
+	//   information about Regions, see How to Select a Region for Your Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingBucket.html#access-bucket-intro)
+	//   .
+	//   - HTTP Status Code: 400 Bad Request
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: InvalidObjectState
+	//   - Description: The action is not valid for the current state of the object.
+	//   - HTTP Status Code: 403 Forbidden
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: InvalidPart
+	//   - Description: One or more of the specified parts could not be found. The
+	//   part might not have been uploaded, or the specified entity tag might not have
+	//   matched the part's entity tag.
+	//   - HTTP Status Code: 400 Bad Request
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: InvalidPartOrder
+	//   - Description: The list of parts was not in ascending order. Parts list must
+	//   be specified in order by part number.
+	//   - HTTP Status Code: 400 Bad Request
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: InvalidPayer
+	//   - Description: All access to this object has been disabled. Please contact
+	//   Amazon Web Services Support for further assistance.
+	//   - HTTP Status Code: 403 Forbidden
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: InvalidPolicyDocument
+	//   - Description: The content of the form does not meet the conditions specified
+	//   in the policy document.
+	//   - HTTP Status Code: 400 Bad Request
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: InvalidRange
+	//   - Description: The requested range cannot be satisfied.
+	//   - HTTP Status Code: 416 Requested Range Not Satisfiable
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: InvalidRequest
+	//   - Description: Please use AWS4-HMAC-SHA256 .
+	//   - HTTP Status Code: 400 Bad Request
+	//   - Code: N/A
+	//   - Code: InvalidRequest
+	//   - Description: SOAP requests must be made over an HTTPS connection.
+	//   - HTTP Status Code: 400 Bad Request
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: InvalidRequest
+	//   - Description: Amazon S3 Transfer Acceleration is not supported for buckets
+	//   with non-DNS compliant names.
+	//   - HTTP Status Code: 400 Bad Request
+	//   - Code: N/A
+	//   - Code: InvalidRequest
+	//   - Description: Amazon S3 Transfer Acceleration is not supported for buckets
+	//   with periods (.) in their names.
+	//   - HTTP Status Code: 400 Bad Request
+	//   - Code: N/A
+	//   - Code: InvalidRequest
+	//   - Description: Amazon S3 Transfer Accelerate endpoint only supports virtual
+	//   style requests.
+	//   - HTTP Status Code: 400 Bad Request
+	//   - Code: N/A
+	//   - Code: InvalidRequest
+	//   - Description: Amazon S3 Transfer Accelerate is not configured on this
+	//   bucket.
+	//   - HTTP Status Code: 400 Bad Request
+	//   - Code: N/A
+	//   - Code: InvalidRequest
+	//   - Description: Amazon S3 Transfer Accelerate is disabled on this bucket.
+	//   - HTTP Status Code: 400 Bad Request
+	//   - Code: N/A
+	//   - Code: InvalidRequest
+	//   - Description: Amazon S3 Transfer Acceleration is not supported on this
+	//   bucket. Contact Amazon Web Services Support for more information.
+	//   - HTTP Status Code: 400 Bad Request
+	//   - Code: N/A
+	//   - Code: InvalidRequest
+	//   - Description: Amazon S3 Transfer Acceleration cannot be enabled on this
+	//   bucket. Contact Amazon Web Services Support for more information.
+	//   - HTTP Status Code: 400 Bad Request
+	//   - Code: N/A
+	//   - Code: InvalidSecurity
+	//   - Description: The provided security credentials are not valid.
+	//   - HTTP Status Code: 403 Forbidden
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: InvalidSOAPRequest
+	//   - Description: The SOAP request body is invalid.
+	//   - HTTP Status Code: 400 Bad Request
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: InvalidStorageClass
+	//   - Description: The storage class you specified is not valid.
+	//   - HTTP Status Code: 400 Bad Request
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: InvalidTargetBucketForLogging
+	//   - Description: The target bucket for logging does not exist, is not owned by
+	//   you, or does not have the appropriate grants for the log-delivery group.
+	//   - HTTP Status Code: 400 Bad Request
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: InvalidToken
+	//   - Description: The provided token is malformed or otherwise invalid.
+	//   - HTTP Status Code: 400 Bad Request
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: InvalidURI
+	//   - Description: Couldn't parse the specified URI.
+	//   - HTTP Status Code: 400 Bad Request
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: KeyTooLongError
+	//   - Description: Your key is too long.
+	//   - HTTP Status Code: 400 Bad Request
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: MalformedACLError
+	//   - Description: The XML you provided was not well-formed or did not validate
+	//   against our published schema.
+	//   - HTTP Status Code: 400 Bad Request
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: MalformedPOSTRequest
+	//   - Description: The body of your POST request is not well-formed
+	//   multipart/form-data.
+	//   - HTTP Status Code: 400 Bad Request
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: MalformedXML
+	//   - Description: This happens when the user sends malformed XML (XML that
+	//   doesn't conform to the published XSD) for the configuration. The error message
+	//   is, "The XML you provided was not well-formed or did not validate against our
+	//   published schema."
+	//   - HTTP Status Code: 400 Bad Request
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: MaxMessageLengthExceeded
+	//   - Description: Your request was too big.
+	//   - HTTP Status Code: 400 Bad Request
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: MaxPostPreDataLengthExceededError
+	//   - Description: Your POST request fields preceding the upload file were too
+	//   large.
+	//   - HTTP Status Code: 400 Bad Request
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: MetadataTooLarge
+	//   - Description: Your metadata headers exceed the maximum allowed metadata
+	//   size.
+	//   - HTTP Status Code: 400 Bad Request
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: MethodNotAllowed
+	//   - Description: The specified method is not allowed against this resource.
+	//   - HTTP Status Code: 405 Method Not Allowed
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: MissingAttachment
+	//   - Description: A SOAP attachment was expected, but none were found.
+	//   - HTTP Status Code: N/A
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: MissingContentLength
+	//   - Description: You must provide the Content-Length HTTP header.
+	//   - HTTP Status Code: 411 Length Required
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: MissingRequestBodyError
+	//   - Description: This happens when the user sends an empty XML document as a
+	//   request. The error message is, "Request body is empty."
+	//   - HTTP Status Code: 400 Bad Request
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: MissingSecurityElement
+	//   - Description: The SOAP 1.1 request is missing a security element.
+	//   - HTTP Status Code: 400 Bad Request
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: MissingSecurityHeader
+	//   - Description: Your request is missing a required header.
+	//   - HTTP Status Code: 400 Bad Request
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: NoLoggingStatusForKey
+	//   - Description: There is no such thing as a logging status subresource for a
+	//   key.
+	//   - HTTP Status Code: 400 Bad Request
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: NoSuchBucket
+	//   - Description: The specified bucket does not exist.
+	//   - HTTP Status Code: 404 Not Found
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: NoSuchBucketPolicy
+	//   - Description: The specified bucket does not have a bucket policy.
+	//   - HTTP Status Code: 404 Not Found
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: NoSuchKey
+	//   - Description: The specified key does not exist.
+	//   - HTTP Status Code: 404 Not Found
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: NoSuchLifecycleConfiguration
+	//   - Description: The lifecycle configuration does not exist.
+	//   - HTTP Status Code: 404 Not Found
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: NoSuchUpload
+	//   - Description: The specified multipart upload does not exist. The upload ID
+	//   might be invalid, or the multipart upload might have been aborted or completed.
+	//   - HTTP Status Code: 404 Not Found
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: NoSuchVersion
+	//   - Description: Indicates that the version ID specified in the request does
+	//   not match an existing version.
+	//   - HTTP Status Code: 404 Not Found
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: NotImplemented
+	//   - Description: A header you provided implies functionality that is not
+	//   implemented.
+	//   - HTTP Status Code: 501 Not Implemented
+	//   - SOAP Fault Code Prefix: Server
+	//   - Code: NotSignedUp
+	//   - Description: Your account is not signed up for the Amazon S3 service. You
+	//   must sign up before you can use Amazon S3. You can sign up at the following URL:
+	//   Amazon S3 (http://aws.amazon.com/s3)
+	//   - HTTP Status Code: 403 Forbidden
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: OperationAborted
+	//   - Description: A conflicting conditional action is currently in progress
+	//   against this resource. Try again.
+	//   - HTTP Status Code: 409 Conflict
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: PermanentRedirect
+	//   - Description: The bucket you are attempting to access must be addressed
+	//   using the specified endpoint. Send all future requests to this endpoint.
+	//   - HTTP Status Code: 301 Moved Permanently
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: PreconditionFailed
+	//   - Description: At least one of the preconditions you specified did not hold.
+	//   - HTTP Status Code: 412 Precondition Failed
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: Redirect
+	//   - Description: Temporary redirect.
+	//   - HTTP Status Code: 307 Moved Temporarily
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: RestoreAlreadyInProgress
+	//   - Description: Object restore is already in progress.
+	//   - HTTP Status Code: 409 Conflict
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: RequestIsNotMultiPartContent
+	//   - Description: Bucket POST must be of the enclosure-type multipart/form-data.
+	//   - HTTP Status Code: 400 Bad Request
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: RequestTimeout
+	//   - Description: Your socket connection to the server was not read from or
+	//   written to within the timeout period.
+	//   - HTTP Status Code: 400 Bad Request
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: RequestTimeTooSkewed
+	//   - Description: The difference between the request time and the server's time
+	//   is too large.
+	//   - HTTP Status Code: 403 Forbidden
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: RequestTorrentOfBucketError
+	//   - Description: Requesting the torrent file of a bucket is not permitted.
+	//   - HTTP Status Code: 400 Bad Request
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: SignatureDoesNotMatch
+	//   - Description: The request signature we calculated does not match the
+	//   signature you provided. Check your Amazon Web Services secret access key and
+	//   signing method. For more information, see REST Authentication (https://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html)
+	//   and SOAP Authentication (https://docs.aws.amazon.com/AmazonS3/latest/dev/SOAPAuthentication.html)
+	//   for details.
+	//   - HTTP Status Code: 403 Forbidden
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: ServiceUnavailable
+	//   - Description: Service is unable to handle request.
+	//   - HTTP Status Code: 503 Service Unavailable
+	//   - SOAP Fault Code Prefix: Server
+	//   - Code: SlowDown
+	//   - Description: Reduce your request rate.
+	//   - HTTP Status Code: 503 Slow Down
+	//   - SOAP Fault Code Prefix: Server
+	//   - Code: TemporaryRedirect
+	//   - Description: You are being redirected to the bucket while DNS updates.
+	//   - HTTP Status Code: 307 Moved Temporarily
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: TokenRefreshRequired
+	//   - Description: The provided token must be refreshed.
+	//   - HTTP Status Code: 400 Bad Request
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: TooManyBuckets
+	//   - Description: You have attempted to create more buckets than allowed.
+	//   - HTTP Status Code: 400 Bad Request
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: UnexpectedContent
+	//   - Description: This request does not support content.
+	//   - HTTP Status Code: 400 Bad Request
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: UnresolvableGrantByEmailAddress
+	//   - Description: The email address you provided does not match any account on
+	//   record.
+	//   - HTTP Status Code: 400 Bad Request
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: UserKeyMustBeSpecified
+	//   - Description: The bucket POST must contain the specified field name. If it
+	//   is specified, check the order of the fields.
+	//   - HTTP Status Code: 400 Bad Request
+	//   - SOAP Fault Code Prefix: Client
 	Code *string
 
 	// The error key.
@@ -1745,9 +1189,9 @@ type ErrorDocument struct {
 
 	// The object key name to use when a 4XX class error occurs. Replacement must be
 	// made for object keys containing special characters (such as carriage returns)
-	// when using XML requests. For more information, see  XML related object key
-	// constraints
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints).
+	// when using XML requests. For more information, see XML related object key
+	// constraints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints)
+	// .
 	//
 	// This member is required.
 	Key *string
@@ -1761,12 +1205,11 @@ type EventBridgeConfiguration struct {
 }
 
 // Optional configuration to replicate existing source bucket objects. For more
-// information, see Replicating Existing Objects
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-what-is-isnot-replicated.html#existing-object-replication)
+// information, see Replicating Existing Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-what-is-isnot-replicated.html#existing-object-replication)
 // in the Amazon S3 User Guide.
 type ExistingObjectReplication struct {
 
-	//
+	// Specifies whether Amazon S3 replicates existing source bucket objects.
 	//
 	// This member is required.
 	Status ExistingObjectReplicationStatus
@@ -1781,9 +1224,8 @@ type FilterRule struct {
 	// The object key name prefix or suffix identifying one or more objects to which
 	// the filtering rule applies. The maximum length is 1,024 characters. Overlapping
 	// prefixes and suffixes are not supported. For more information, see Configuring
-	// Event Notifications
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html) in the
-	// Amazon S3 User Guide.
+	// Event Notifications (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html)
+	// in the Amazon S3 User Guide.
 	Name FilterRuleName
 
 	// The value that the filter searches for in object key names.
@@ -1855,32 +1297,19 @@ type Grantee struct {
 	// Screen name of the grantee.
 	DisplayName *string
 
-	// Email address of the grantee. Using email addresses to specify a grantee is only
-	// supported in the following Amazon Web Services Regions:
-	//
-	// * US East (N.
-	// Virginia)
-	//
-	// * US West (N. California)
-	//
-	// * US West (Oregon)
-	//
-	// * Asia Pacific
-	// (Singapore)
-	//
-	// * Asia Pacific (Sydney)
-	//
-	// * Asia Pacific (Tokyo)
-	//
-	// * Europe
-	// (Ireland)
-	//
-	// * South America (São Paulo)
-	//
-	// For a list of all the Amazon S3
-	// supported Regions and endpoints, see Regions and Endpoints
-	// (https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region) in the
-	// Amazon Web Services General Reference.
+	// Email address of the grantee. Using email addresses to specify a grantee is
+	// only supported in the following Amazon Web Services Regions:
+	//   - US East (N. Virginia)
+	//   - US West (N. California)
+	//   - US West (Oregon)
+	//   - Asia Pacific (Singapore)
+	//   - Asia Pacific (Sydney)
+	//   - Asia Pacific (Tokyo)
+	//   - Europe (Ireland)
+	//   - South America (São Paulo)
+	// For a list of all the Amazon S3 supported Regions and endpoints, see Regions
+	// and Endpoints (https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region)
+	// in the Amazon Web Services General Reference.
 	EmailAddress *string
 
 	// The canonical user ID of the grantee.
@@ -1901,8 +1330,8 @@ type IndexDocument struct {
 	// key name images/index.html) The suffix must not be empty and must not include a
 	// slash character. Replacement must be made for object keys containing special
 	// characters (such as carriage returns) when using XML requests. For more
-	// information, see  XML related object key constraints
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints).
+	// information, see XML related object key constraints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints)
+	// .
 	//
 	// This member is required.
 	Suffix *string
@@ -1942,8 +1371,8 @@ type InputSerialization struct {
 	noSmithyDocumentSerde
 }
 
-// A container for specifying S3 Intelligent-Tiering filters. The filters determine
-// the subset of objects to which the rule applies.
+// A container for specifying S3 Intelligent-Tiering filters. The filters
+// determine the subset of objects to which the rule applies.
 type IntelligentTieringAndOperator struct {
 
 	// An object key name prefix that identifies the subset of objects to which the
@@ -1959,8 +1388,8 @@ type IntelligentTieringAndOperator struct {
 
 // Specifies the S3 Intelligent-Tiering configuration for an Amazon S3 bucket. For
 // information about the S3 Intelligent-Tiering storage class, see Storage class
-// for automatically optimizing frequently and infrequently accessed objects
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html#sc-dynamic-data-access).
+// for automatically optimizing frequently and infrequently accessed objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html#sc-dynamic-data-access)
+// .
 type IntelligentTieringConfiguration struct {
 
 	// The ID used to identify the S3 Intelligent-Tiering configuration.
@@ -1978,8 +1407,8 @@ type IntelligentTieringConfiguration struct {
 	// This member is required.
 	Tierings []Tiering
 
-	// Specifies a bucket filter. The configuration only includes objects that meet the
-	// filter's criteria.
+	// Specifies a bucket filter. The configuration only includes objects that meet
+	// the filter's criteria.
 	Filter *IntelligentTieringFilter
 
 	noSmithyDocumentSerde
@@ -1989,16 +1418,16 @@ type IntelligentTieringConfiguration struct {
 // configuration applies to.
 type IntelligentTieringFilter struct {
 
-	// A conjunction (logical AND) of predicates, which is used in evaluating a metrics
-	// filter. The operator must have at least two predicates, and an object must match
-	// all of the predicates in order for the filter to apply.
+	// A conjunction (logical AND) of predicates, which is used in evaluating a
+	// metrics filter. The operator must have at least two predicates, and an object
+	// must match all of the predicates in order for the filter to apply.
 	And *IntelligentTieringAndOperator
 
 	// An object key name prefix that identifies the subset of objects to which the
 	// rule applies. Replacement must be made for object keys containing special
 	// characters (such as carriage returns) when using XML requests. For more
-	// information, see  XML related object key constraints
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints).
+	// information, see XML related object key constraints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints)
+	// .
 	Prefix *string
 
 	// A container of a key value name pair.
@@ -2008,8 +1437,7 @@ type IntelligentTieringFilter struct {
 }
 
 // Specifies the inventory configuration for an Amazon S3 bucket. For more
-// information, see GET Bucket inventory
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketGETInventoryConfig.html)
+// information, see GET Bucket inventory (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketGETInventoryConfig.html)
 // in the Amazon S3 API Reference.
 type InventoryConfiguration struct {
 
@@ -2023,16 +1451,16 @@ type InventoryConfiguration struct {
 	// This member is required.
 	Id *string
 
-	// Object versions to include in the inventory list. If set to All, the list
+	// Object versions to include in the inventory list. If set to All , the list
 	// includes all the object versions, which adds the version-related fields
-	// VersionId, IsLatest, and DeleteMarker to the list. If set to Current, the list
-	// does not contain these version-related fields.
+	// VersionId , IsLatest , and DeleteMarker to the list. If set to Current , the
+	// list does not contain these version-related fields.
 	//
 	// This member is required.
 	IncludedObjectVersions InventoryIncludedObjectVersions
 
-	// Specifies whether the inventory is enabled or disabled. If set to True, an
-	// inventory list is generated. If set to False, no inventory list is generated.
+	// Specifies whether the inventory is enabled or disabled. If set to True , an
+	// inventory list is generated. If set to False , no inventory list is generated.
 	//
 	// This member is required.
 	IsEnabled bool
@@ -2042,8 +1470,8 @@ type InventoryConfiguration struct {
 	// This member is required.
 	Schedule *InventorySchedule
 
-	// Specifies an inventory filter. The inventory only includes objects that meet the
-	// filter's criteria.
+	// Specifies an inventory filter. The inventory only includes objects that meet
+	// the filter's criteria.
 	Filter *InventoryFilter
 
 	// Contains the optional fields that are included in the inventory results.
@@ -2077,8 +1505,8 @@ type InventoryEncryption struct {
 	noSmithyDocumentSerde
 }
 
-// Specifies an inventory filter. The inventory only includes objects that meet the
-// filter's criteria.
+// Specifies an inventory filter. The inventory only includes objects that meet
+// the filter's criteria.
 type InventoryFilter struct {
 
 	// The prefix that an object must have to be included in the inventory results.
@@ -2154,9 +1582,8 @@ type JSONOutput struct {
 type LambdaFunctionConfiguration struct {
 
 	// The Amazon S3 bucket event for which to invoke the Lambda function. For more
-	// information, see Supported Event Types
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html) in the
-	// Amazon S3 User Guide.
+	// information, see Supported Event Types (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html)
+	// in the Amazon S3 User Guide.
 	//
 	// This member is required.
 	Events []Event
@@ -2168,9 +1595,8 @@ type LambdaFunctionConfiguration struct {
 	LambdaFunctionArn *string
 
 	// Specifies object key name filtering rules. For information about key name
-	// filtering, see Configuring Event Notifications
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html) in the
-	// Amazon S3 User Guide.
+	// filtering, see Configuring event notifications using object key name filtering (https://docs.aws.amazon.com/AmazonS3/latest/userguide/notification-how-to-filtering.html)
+	// in the Amazon S3 User Guide.
 	Filter *NotificationConfigurationFilter
 
 	// An optional unique identifier for configurations in a notification
@@ -2180,11 +1606,13 @@ type LambdaFunctionConfiguration struct {
 	noSmithyDocumentSerde
 }
 
-// Container for the expiration for the lifecycle of the object.
+// Container for the expiration for the lifecycle of the object. For more
+// information see, Managing your storage lifecycle (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lifecycle-mgmt.html)
+// in the Amazon S3 User Guide.
 type LifecycleExpiration struct {
 
-	// Indicates at what date the object is to be moved or deleted. Should be in GMT
-	// ISO 8601 Format.
+	// Indicates at what date the object is to be moved or deleted. The date value
+	// must conform to the ISO 8601 format. The time is always midnight UTC.
 	Date *time.Time
 
 	// Indicates the lifetime, in days, of the objects that are subject to the rule.
@@ -2200,7 +1628,9 @@ type LifecycleExpiration struct {
 	noSmithyDocumentSerde
 }
 
-// A lifecycle rule for individual objects in an Amazon S3 bucket.
+// A lifecycle rule for individual objects in an Amazon S3 bucket. For more
+// information see, Managing your storage lifecycle (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lifecycle-mgmt.html)
+// in the Amazon S3 User Guide.
 type LifecycleRule struct {
 
 	// If 'Enabled', the rule is currently being applied. If 'Disabled', the rule is
@@ -2211,9 +1641,8 @@ type LifecycleRule struct {
 
 	// Specifies the days since the initiation of an incomplete multipart upload that
 	// Amazon S3 will wait before permanently removing all parts of the upload. For
-	// more information, see  Aborting Incomplete Multipart Uploads Using a Bucket
-	// Lifecycle Policy
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html#mpu-abort-incomplete-mpu-lifecycle-config)
+	// more information, see Aborting Incomplete Multipart Uploads Using a Bucket
+	// Lifecycle Configuration (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html#mpu-abort-incomplete-mpu-lifecycle-config)
 	// in the Amazon S3 User Guide.
 	AbortIncompleteMultipartUpload *AbortIncompleteMultipartUpload
 
@@ -2222,7 +1651,7 @@ type LifecycleRule struct {
 	Expiration *LifecycleExpiration
 
 	// The Filter is used to identify objects that a Lifecycle Rule applies to. A
-	// Filter must have exactly one of Prefix, Tag, or And specified. Filter is
+	// Filter must have exactly one of Prefix , Tag , or And specified. Filter is
 	// required if the LifecycleRule does not contain a Prefix element.
 	Filter LifecycleRuleFilter
 
@@ -2246,8 +1675,8 @@ type LifecycleRule struct {
 	// Prefix identifying one or more objects to which the rule applies. This is no
 	// longer used; use Filter instead. Replacement must be made for object keys
 	// containing special characters (such as carriage returns) when using XML
-	// requests. For more information, see  XML related object key constraints
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints).
+	// requests. For more information, see XML related object key constraints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints)
+	// .
 	//
 	// Deprecated: This member has been deprecated.
 	Prefix *string
@@ -2280,7 +1709,7 @@ type LifecycleRuleAndOperator struct {
 }
 
 // The Filter is used to identify objects that a Lifecycle Rule applies to. A
-// Filter must have exactly one of Prefix, Tag, or And specified.
+// Filter must have exactly one of Prefix , Tag , or And specified.
 //
 // The following types satisfy this interface:
 //
@@ -2324,9 +1753,9 @@ func (*LifecycleRuleFilterMemberObjectSizeLessThan) isLifecycleRuleFilter() {}
 
 // Prefix identifying one or more objects to which the rule applies. Replacement
 // must be made for object keys containing special characters (such as carriage
-// returns) when using XML requests. For more information, see  XML related object
-// key constraints
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints).
+// returns) when using XML requests. For more information, see XML related object
+// key constraints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints)
+// .
 type LifecycleRuleFilterMemberPrefix struct {
 	Value string
 
@@ -2344,10 +1773,9 @@ type LifecycleRuleFilterMemberTag struct {
 
 func (*LifecycleRuleFilterMemberTag) isLifecycleRuleFilter() {}
 
-// Describes where logs are stored and the prefix that Amazon S3 assigns to all log
-// object keys for a bucket. For more information, see PUT Bucket logging
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTlogging.html) in
-// the Amazon S3 API Reference.
+// Describes where logs are stored and the prefix that Amazon S3 assigns to all
+// log object keys for a bucket. For more information, see PUT Bucket logging (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTlogging.html)
+// in the Amazon S3 API Reference.
 type LoggingEnabled struct {
 
 	// Specifies the bucket where you want Amazon S3 to store server access logs. You
@@ -2360,17 +1788,16 @@ type LoggingEnabled struct {
 	// This member is required.
 	TargetBucket *string
 
-	// A prefix for all log object keys. If you store log files from multiple Amazon S3
-	// buckets in a single bucket, you can use a prefix to distinguish which log files
-	// came from which bucket.
+	// A prefix for all log object keys. If you store log files from multiple Amazon
+	// S3 buckets in a single bucket, you can use a prefix to distinguish which log
+	// files came from which bucket.
 	//
 	// This member is required.
 	TargetPrefix *string
 
 	// Container for granting information. Buckets that use the bucket owner enforced
 	// setting for Object Ownership don't support target grants. For more information,
-	// see Permissions for server access log delivery
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/enable-server-access-logging.html#grant-log-delivery-permissions-general)
+	// see Permissions for server access log delivery (https://docs.aws.amazon.com/AmazonS3/latest/userguide/enable-server-access-logging.html#grant-log-delivery-permissions-general)
 	// in the Amazon S3 User Guide.
 	TargetGrants []TargetGrant
 
@@ -2380,17 +1807,17 @@ type LoggingEnabled struct {
 // A metadata key-value pair to store with an object.
 type MetadataEntry struct {
 
-	// Name of the Object.
+	// Name of the object.
 	Name *string
 
-	// Value of the Object.
+	// Value of the object.
 	Value *string
 
 	noSmithyDocumentSerde
 }
 
-// A container specifying replication metrics-related settings enabling replication
-// metrics and events.
+// A container specifying replication metrics-related settings enabling
+// replication metrics and events.
 type Metrics struct {
 
 	// Specifies whether the replication metrics are enabled.
@@ -2405,9 +1832,9 @@ type Metrics struct {
 	noSmithyDocumentSerde
 }
 
-// A conjunction (logical AND) of predicates, which is used in evaluating a metrics
-// filter. The operator must have at least two predicates, and an object must match
-// all of the predicates in order for the filter to apply.
+// A conjunction (logical AND) of predicates, which is used in evaluating a
+// metrics filter. The operator must have at least two predicates, and an object
+// must match all of the predicates in order for the filter to apply.
 type MetricsAndOperator struct {
 
 	// The access point ARN used when evaluating an AND predicate.
@@ -2426,11 +1853,12 @@ type MetricsAndOperator struct {
 // by the metrics configuration ID) from an Amazon S3 bucket. If you're updating an
 // existing metrics configuration, note that this is a full replacement of the
 // existing metrics configuration. If you don't include the elements you want to
-// keep, they are erased. For more information, see PutBucketMetricsConfiguration
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTMetricConfiguration.html).
+// keep, they are erased. For more information, see PutBucketMetricsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTMetricConfiguration.html)
+// .
 type MetricsConfiguration struct {
 
-	// The ID used to identify the metrics configuration.
+	// The ID used to identify the metrics configuration. The ID has a 64 character
+	// limit and can only contain letters, numbers, periods, dashes, and underscores.
 	//
 	// This member is required.
 	Id *string
@@ -2446,8 +1874,8 @@ type MetricsConfiguration struct {
 // Specifies a metrics configuration filter. The metrics configuration only
 // includes objects that meet the filter's criteria. A filter must be a prefix, an
 // object tag, an access point ARN, or a conjunction (MetricsAndOperator). For more
-// information, see PutBucketMetricsConfiguration
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketMetricsConfiguration.html).
+// information, see PutBucketMetricsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketMetricsConfiguration.html)
+// .
 //
 // The following types satisfy this interface:
 //
@@ -2468,9 +1896,9 @@ type MetricsFilterMemberAccessPointArn struct {
 
 func (*MetricsFilterMemberAccessPointArn) isMetricsFilter() {}
 
-// A conjunction (logical AND) of predicates, which is used in evaluating a metrics
-// filter. The operator must have at least two predicates, and an object must match
-// all of the predicates in order for the filter to apply.
+// A conjunction (logical AND) of predicates, which is used in evaluating a
+// metrics filter. The operator must have at least two predicates, and an object
+// must match all of the predicates in order for the filter to apply.
 type MetricsFilterMemberAnd struct {
 	Value MetricsAndOperator
 
@@ -2534,16 +1962,14 @@ type NoncurrentVersionExpiration struct {
 	// Specifies how many noncurrent versions Amazon S3 will retain. If there are this
 	// many more recent noncurrent versions, Amazon S3 will take the associated action.
 	// For more information about noncurrent versions, see Lifecycle configuration
-	// elements
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/intro-lifecycle-rules.html)
+	// elements (https://docs.aws.amazon.com/AmazonS3/latest/userguide/intro-lifecycle-rules.html)
 	// in the Amazon S3 User Guide.
 	NewerNoncurrentVersions int32
 
 	// Specifies the number of days an object is noncurrent before Amazon S3 can
 	// perform the associated action. The value must be a non-zero positive integer.
 	// For information about the noncurrent days calculations, see How Amazon S3
-	// Calculates When an Object Became Noncurrent
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/intro-lifecycle-rules.html#non-current-days-calculations)
+	// Calculates When an Object Became Noncurrent (https://docs.aws.amazon.com/AmazonS3/latest/dev/intro-lifecycle-rules.html#non-current-days-calculations)
 	// in the Amazon S3 User Guide.
 	NoncurrentDays int32
 
@@ -2551,27 +1977,25 @@ type NoncurrentVersionExpiration struct {
 }
 
 // Container for the transition rule that describes when noncurrent objects
-// transition to the STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER_IR,
-// GLACIER, or DEEP_ARCHIVE storage class. If your bucket is versioning-enabled (or
-// versioning is suspended), you can set this action to request that Amazon S3
-// transition noncurrent object versions to the STANDARD_IA, ONEZONE_IA,
-// INTELLIGENT_TIERING, GLACIER_IR, GLACIER, or DEEP_ARCHIVE storage class at a
+// transition to the STANDARD_IA , ONEZONE_IA , INTELLIGENT_TIERING , GLACIER_IR ,
+// GLACIER , or DEEP_ARCHIVE storage class. If your bucket is versioning-enabled
+// (or versioning is suspended), you can set this action to request that Amazon S3
+// transition noncurrent object versions to the STANDARD_IA , ONEZONE_IA ,
+// INTELLIGENT_TIERING , GLACIER_IR , GLACIER , or DEEP_ARCHIVE storage class at a
 // specific period in the object's lifetime.
 type NoncurrentVersionTransition struct {
 
 	// Specifies how many noncurrent versions Amazon S3 will retain. If there are this
 	// many more recent noncurrent versions, Amazon S3 will take the associated action.
 	// For more information about noncurrent versions, see Lifecycle configuration
-	// elements
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/intro-lifecycle-rules.html)
+	// elements (https://docs.aws.amazon.com/AmazonS3/latest/userguide/intro-lifecycle-rules.html)
 	// in the Amazon S3 User Guide.
 	NewerNoncurrentVersions int32
 
 	// Specifies the number of days an object is noncurrent before Amazon S3 can
 	// perform the associated action. For information about the noncurrent days
 	// calculations, see How Amazon S3 Calculates How Long an Object Has Been
-	// Noncurrent
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/intro-lifecycle-rules.html#non-current-days-calculations)
+	// Noncurrent (https://docs.aws.amazon.com/AmazonS3/latest/dev/intro-lifecycle-rules.html#non-current-days-calculations)
 	// in the Amazon S3 User Guide.
 	NoncurrentDays int32
 
@@ -2581,8 +2005,8 @@ type NoncurrentVersionTransition struct {
 	noSmithyDocumentSerde
 }
 
-// A container for specifying the notification configuration of the bucket. If this
-// element is empty, notifications are turned off for the bucket.
+// A container for specifying the notification configuration of the bucket. If
+// this element is empty, notifications are turned off for the bucket.
 type NotificationConfiguration struct {
 
 	// Enables delivery of events to Amazon EventBridge.
@@ -2592,21 +2016,20 @@ type NotificationConfiguration struct {
 	// them.
 	LambdaFunctionConfigurations []LambdaFunctionConfiguration
 
-	// The Amazon Simple Queue Service queues to publish messages to and the events for
-	// which to publish messages.
+	// The Amazon Simple Queue Service queues to publish messages to and the events
+	// for which to publish messages.
 	QueueConfigurations []QueueConfiguration
 
-	// The topic to which notifications are sent and the events for which notifications
-	// are generated.
+	// The topic to which notifications are sent and the events for which
+	// notifications are generated.
 	TopicConfigurations []TopicConfiguration
 
 	noSmithyDocumentSerde
 }
 
 // Specifies object key name filtering rules. For information about key name
-// filtering, see Configuring Event Notifications
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html) in the
-// Amazon S3 User Guide.
+// filtering, see Configuring event notifications using object key name filtering (https://docs.aws.amazon.com/AmazonS3/latest/userguide/notification-how-to-filtering.html)
+// in the Amazon S3 User Guide.
 type NotificationConfigurationFilter struct {
 
 	// A container for object key name prefix and suffix filtering rules.
@@ -2625,22 +2048,17 @@ type Object struct {
 	// contents of an object, not its metadata. The ETag may or may not be an MD5
 	// digest of the object data. Whether or not it is depends on how the object was
 	// created and how it is encrypted as described below:
-	//
-	// * Objects created by the
-	// PUT Object, POST Object, or Copy operation, or through the Amazon Web Services
-	// Management Console, and are encrypted by SSE-S3 or plaintext, have ETags that
-	// are an MD5 digest of their object data.
-	//
-	// * Objects created by the PUT Object,
-	// POST Object, or Copy operation, or through the Amazon Web Services Management
-	// Console, and are encrypted by SSE-C or SSE-KMS, have ETags that are not an MD5
-	// digest of their object data.
-	//
-	// * If an object is created by either the Multipart
-	// Upload or Part Copy operation, the ETag is not an MD5 digest, regardless of the
-	// method of encryption. If an object is larger than 16 MB, the Amazon Web Services
-	// Management Console will upload or copy that object as a Multipart Upload, and
-	// therefore the ETag will not be an MD5 digest.
+	//   - Objects created by the PUT Object, POST Object, or Copy operation, or
+	//   through the Amazon Web Services Management Console, and are encrypted by SSE-S3
+	//   or plaintext, have ETags that are an MD5 digest of their object data.
+	//   - Objects created by the PUT Object, POST Object, or Copy operation, or
+	//   through the Amazon Web Services Management Console, and are encrypted by SSE-C
+	//   or SSE-KMS, have ETags that are not an MD5 digest of their object data.
+	//   - If an object is created by either the Multipart Upload or Part Copy
+	//   operation, the ETag is not an MD5 digest, regardless of the method of
+	//   encryption. If an object is larger than 16 MB, the Amazon Web Services
+	//   Management Console will upload or copy that object as a Multipart Upload, and
+	//   therefore the ETag will not be an MD5 digest.
 	ETag *string
 
 	// The name that you assign to an object. You use the object key to retrieve the
@@ -2653,6 +2071,13 @@ type Object struct {
 	// The owner of the object
 	Owner *Owner
 
+	// Specifies the restoration status of an object. Objects in certain storage
+	// classes must be restored before they can be retrieved. For more information
+	// about these storage classes and how to work with archived objects, see Working
+	// with archived objects (https://docs.aws.amazon.com/AmazonS3/latest/userguide/archived-objects.html)
+	// in the Amazon S3 User Guide.
+	RestoreStatus *RestoreStatus
+
 	// Size in bytes of the object
 	Size int64
 
@@ -2667,8 +2092,8 @@ type ObjectIdentifier struct {
 
 	// Key name of the object. Replacement must be made for object keys containing
 	// special characters (such as carriage returns) when using XML requests. For more
-	// information, see  XML related object key constraints
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints).
+	// information, see XML related object key constraints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints)
+	// .
 	//
 	// This member is required.
 	Key *string
@@ -2687,9 +2112,9 @@ type ObjectLockConfiguration struct {
 	ObjectLockEnabled ObjectLockEnabled
 
 	// Specifies the Object Lock rule for the specified object. Enable the this rule
-	// when you apply ObjectLockConfiguration to a bucket. Bucket settings require both
-	// a mode and a period. The period can be either Days or Years but you must select
-	// one. You cannot specify Days and Years at the same time.
+	// when you apply ObjectLockConfiguration to a bucket. Bucket settings require
+	// both a mode and a period. The period can be either Days or Years but you must
+	// select one. You cannot specify Days and Years at the same time.
 	Rule *ObjectLockRule
 
 	noSmithyDocumentSerde
@@ -2734,37 +2159,33 @@ type ObjectPart struct {
 	// This header can be used as a data integrity check to verify that the data
 	// received is the same data that was originally sent. This header specifies the
 	// base64-encoded, 32-bit CRC32 checksum of the object. For more information, see
-	// Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
 	// in the Amazon S3 User Guide.
 	ChecksumCRC32 *string
 
 	// The base64-encoded, 32-bit CRC32C checksum of the object. This will only be
 	// present if it was uploaded with the object. With multipart uploads, this may not
 	// be a checksum value of the object. For more information about how checksums are
-	// calculated with multipart uploads, see  Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
 	// in the Amazon S3 User Guide.
 	ChecksumCRC32C *string
 
 	// The base64-encoded, 160-bit SHA-1 digest of the object. This will only be
 	// present if it was uploaded with the object. With multipart uploads, this may not
 	// be a checksum value of the object. For more information about how checksums are
-	// calculated with multipart uploads, see  Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
 	// in the Amazon S3 User Guide.
 	ChecksumSHA1 *string
 
 	// The base64-encoded, 256-bit SHA-256 digest of the object. This will only be
 	// present if it was uploaded with the object. With multipart uploads, this may not
 	// be a checksum value of the object. For more information about how checksums are
-	// calculated with multipart uploads, see  Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
 	// in the Amazon S3 User Guide.
 	ChecksumSHA256 *string
 
-	// The part number identifying the part. This value is a positive integer between 1
-	// and 10,000.
+	// The part number identifying the part. This value is a positive integer between
+	// 1 and 10,000.
 	PartNumber int32
 
 	// The size of the uploaded part in bytes.
@@ -2795,6 +2216,13 @@ type ObjectVersion struct {
 	// Specifies the owner of the object.
 	Owner *Owner
 
+	// Specifies the restoration status of an object. Objects in certain storage
+	// classes must be restored before they can be retrieved. For more information
+	// about these storage classes and how to work with archived objects, see Working
+	// with archived objects (https://docs.aws.amazon.com/AmazonS3/latest/userguide/archived-objects.html)
+	// in the Amazon S3 User Guide.
+	RestoreStatus *RestoreStatus
+
 	// Size in bytes of the object.
 	Size int64
 
@@ -2831,7 +2259,16 @@ type OutputSerialization struct {
 // Container for the owner's display name and ID.
 type Owner struct {
 
-	// Container for the display name of the owner.
+	// Container for the display name of the owner. This value is only supported in
+	// the following Amazon Web Services Regions:
+	//   - US East (N. Virginia)
+	//   - US West (N. California)
+	//   - US West (Oregon)
+	//   - Asia Pacific (Singapore)
+	//   - Asia Pacific (Sydney)
+	//   - Asia Pacific (Tokyo)
+	//   - Europe (Ireland)
+	//   - South America (São Paulo)
 	DisplayName *string
 
 	// Container for the ID of the owner.
@@ -2883,32 +2320,28 @@ type Part struct {
 	// This header can be used as a data integrity check to verify that the data
 	// received is the same data that was originally sent. This header specifies the
 	// base64-encoded, 32-bit CRC32 checksum of the object. For more information, see
-	// Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
 	// in the Amazon S3 User Guide.
 	ChecksumCRC32 *string
 
 	// The base64-encoded, 32-bit CRC32C checksum of the object. This will only be
 	// present if it was uploaded with the object. With multipart uploads, this may not
 	// be a checksum value of the object. For more information about how checksums are
-	// calculated with multipart uploads, see  Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
 	// in the Amazon S3 User Guide.
 	ChecksumCRC32C *string
 
 	// The base64-encoded, 160-bit SHA-1 digest of the object. This will only be
 	// present if it was uploaded with the object. With multipart uploads, this may not
 	// be a checksum value of the object. For more information about how checksums are
-	// calculated with multipart uploads, see  Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
 	// in the Amazon S3 User Guide.
 	ChecksumSHA1 *string
 
 	// This header can be used as a data integrity check to verify that the data
 	// received is the same data that was originally sent. This header specifies the
 	// base64-encoded, 256-bit SHA-256 digest of the object. For more information, see
-	// Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
 	// in the Amazon S3 User Guide.
 	ChecksumSHA256 *string
 
@@ -2965,30 +2398,23 @@ type ProgressEvent struct {
 // The PublicAccessBlock configuration that you want to apply to this Amazon S3
 // bucket. You can enable the configuration options in any combination. For more
 // information about when Amazon S3 considers a bucket or object public, see The
-// Meaning of "Public"
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html#access-control-block-public-access-policy-status)
+// Meaning of "Public" (https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html#access-control-block-public-access-policy-status)
 // in the Amazon S3 User Guide.
 type PublicAccessBlockConfiguration struct {
 
 	// Specifies whether Amazon S3 should block public access control lists (ACLs) for
 	// this bucket and objects in this bucket. Setting this element to TRUE causes the
 	// following behavior:
-	//
-	// * PUT Bucket ACL and PUT Object ACL calls fail if the
-	// specified ACL is public.
-	//
-	// * PUT Object calls fail if the request includes a
-	// public ACL.
-	//
-	// * PUT Bucket calls fail if the request includes a public
-	// ACL.
-	//
+	//   - PUT Bucket ACL and PUT Object ACL calls fail if the specified ACL is
+	//   public.
+	//   - PUT Object calls fail if the request includes a public ACL.
+	//   - PUT Bucket calls fail if the request includes a public ACL.
 	// Enabling this setting doesn't affect existing policies or ACLs.
 	BlockPublicAcls bool
 
-	// Specifies whether Amazon S3 should block public bucket policies for this bucket.
-	// Setting this element to TRUE causes Amazon S3 to reject calls to PUT Bucket
-	// policy if the specified bucket policy allows public access. Enabling this
+	// Specifies whether Amazon S3 should block public bucket policies for this
+	// bucket. Setting this element to TRUE causes Amazon S3 to reject calls to PUT
+	// Bucket policy if the specified bucket policy allows public access. Enabling this
 	// setting doesn't affect existing bucket policies.
 	BlockPublicPolicy bool
 
@@ -3027,9 +2453,8 @@ type QueueConfiguration struct {
 	QueueArn *string
 
 	// Specifies object key name filtering rules. For information about key name
-	// filtering, see Configuring Event Notifications
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html) in the
-	// Amazon S3 User Guide.
+	// filtering, see Configuring event notifications using object key name filtering (https://docs.aws.amazon.com/AmazonS3/latest/userguide/notification-how-to-filtering.html)
+	// in the Amazon S3 User Guide.
 	Filter *NotificationConfigurationFilter
 
 	// An optional unique identifier for configurations in a notification
@@ -3048,8 +2473,8 @@ type RecordsEvent struct {
 	noSmithyDocumentSerde
 }
 
-// Specifies how requests are redirected. In the event of an error, you can specify
-// a different error code to return.
+// Specifies how requests are redirected. In the event of an error, you can
+// specify a different error code to return.
 type Redirect struct {
 
 	// The host name to use in the redirect request.
@@ -3065,22 +2490,21 @@ type Redirect struct {
 
 	// The object key prefix to use in the redirect request. For example, to redirect
 	// requests for all pages with prefix docs/ (objects in the docs/ folder) to
-	// documents/, you can set a condition block with KeyPrefixEquals set to docs/ and
-	// in the Redirect set ReplaceKeyPrefixWith to /documents. Not required if one of
-	// the siblings is present. Can be present only if ReplaceKeyWith is not provided.
-	// Replacement must be made for object keys containing special characters (such as
-	// carriage returns) when using XML requests. For more information, see  XML
-	// related object key constraints
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints).
+	// documents/ , you can set a condition block with KeyPrefixEquals set to docs/
+	// and in the Redirect set ReplaceKeyPrefixWith to /documents . Not required if one
+	// of the siblings is present. Can be present only if ReplaceKeyWith is not
+	// provided. Replacement must be made for object keys containing special characters
+	// (such as carriage returns) when using XML requests. For more information, see
+	// XML related object key constraints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints)
+	// .
 	ReplaceKeyPrefixWith *string
 
 	// The specific object key to use in the redirect request. For example, redirect
-	// request to error.html. Not required if one of the siblings is present. Can be
+	// request to error.html . Not required if one of the siblings is present. Can be
 	// present only if ReplaceKeyPrefixWith is not provided. Replacement must be made
 	// for object keys containing special characters (such as carriage returns) when
-	// using XML requests. For more information, see  XML related object key
-	// constraints
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints).
+	// using XML requests. For more information, see XML related object key constraints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints)
+	// .
 	ReplaceKeyWith *string
 
 	noSmithyDocumentSerde
@@ -3104,11 +2528,11 @@ type RedirectAllRequestsTo struct {
 
 // A filter that you can specify for selection for modifications on replicas.
 // Amazon S3 doesn't replicate replica modifications by default. In the latest
-// version of replication configuration (when Filter is specified), you can specify
-// this element and set the status to Enabled to replicate modifications on
-// replicas. If you don't specify the Filter element, Amazon S3 assumes that the
-// replication configuration is the earlier version, V1. In the earlier version,
-// this element is not allowed.
+// version of replication configuration (when Filter is specified), you can
+// specify this element and set the status to Enabled to replicate modifications
+// on replicas. If you don't specify the Filter element, Amazon S3 assumes that
+// the replication configuration is the earlier version, V1. In the earlier
+// version, this element is not allowed.
 type ReplicaModifications struct {
 
 	// Specifies whether Amazon S3 replicates modifications on replicas.
@@ -3125,9 +2549,8 @@ type ReplicationConfiguration struct {
 
 	// The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) role
 	// that Amazon S3 assumes when replicating objects. For more information, see How
-	// to Set Up Replication
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-how-setup.html) in
-	// the Amazon S3 User Guide.
+	// to Set Up Replication (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-how-setup.html)
+	// in the Amazon S3 User Guide.
 	//
 	// This member is required.
 	Role *string
@@ -3158,24 +2581,25 @@ type ReplicationRule struct {
 	// Specifies whether Amazon S3 replicates delete markers. If you specify a Filter
 	// in your replication configuration, you must also include a
 	// DeleteMarkerReplication element. If your Filter includes a Tag element, the
-	// DeleteMarkerReplicationStatus must be set to Disabled, because Amazon S3 does
+	// DeleteMarkerReplication Status must be set to Disabled, because Amazon S3 does
 	// not support replicating delete markers for tag-based rules. For an example
-	// configuration, see Basic Rule Configuration
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-add-config.html#replication-config-min-rule-config).
-	// For more information about delete marker replication, see Basic Rule
-	// Configuration
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/delete-marker-replication.html).
-	// If you are using an earlier version of the replication configuration, Amazon S3
-	// handles replication of delete markers differently. For more information, see
-	// Backward Compatibility
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-add-config.html#replication-backward-compat-considerations).
+	// configuration, see Basic Rule Configuration (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-add-config.html#replication-config-min-rule-config)
+	// . For more information about delete marker replication, see Basic Rule
+	// Configuration (https://docs.aws.amazon.com/AmazonS3/latest/dev/delete-marker-replication.html)
+	// . If you are using an earlier version of the replication configuration, Amazon
+	// S3 handles replication of delete markers differently. For more information, see
+	// Backward Compatibility (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-add-config.html#replication-backward-compat-considerations)
+	// .
 	DeleteMarkerReplication *DeleteMarkerReplication
 
-	//
+	// Optional configuration to replicate existing source bucket objects. For more
+	// information, see Replicating Existing Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-what-is-isnot-replicated.html#existing-object-replication)
+	// in the Amazon S3 User Guide.
 	ExistingObjectReplication *ExistingObjectReplication
 
 	// A filter that identifies the subset of objects to which the replication rule
-	// applies. A Filter must specify exactly one Prefix, Tag, or an And child element.
+	// applies. A Filter must specify exactly one Prefix , Tag , or an And child
+	// element.
 	Filter ReplicationRuleFilter
 
 	// A unique identifier for the rule. The maximum value is 255 characters.
@@ -3185,8 +2609,8 @@ type ReplicationRule struct {
 	// rule applies. The maximum prefix length is 1,024 characters. To include all
 	// objects in a bucket, specify an empty string. Replacement must be made for
 	// object keys containing special characters (such as carriage returns) when using
-	// XML requests. For more information, see  XML related object key constraints
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints).
+	// XML requests. For more information, see XML related object key constraints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints)
+	// .
 	//
 	// Deprecated: This member has been deprecated.
 	Prefix *string
@@ -3196,16 +2620,15 @@ type ReplicationRule struct {
 	// according to all replication rules. However, if there are two or more rules with
 	// the same destination bucket, then objects will be replicated according to the
 	// rule with the highest priority. The higher the number, the higher the priority.
-	// For more information, see Replication
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication.html) in the Amazon
-	// S3 User Guide.
+	// For more information, see Replication (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication.html)
+	// in the Amazon S3 User Guide.
 	Priority int32
 
-	// A container that describes additional filters for identifying the source objects
-	// that you want to replicate. You can choose to enable or disable the replication
-	// of these objects. Currently, Amazon S3 supports only the filter that you can
-	// specify for objects created with server-side encryption using a customer managed
-	// key stored in Amazon Web Services Key Management Service (SSE-KMS).
+	// A container that describes additional filters for identifying the source
+	// objects that you want to replicate. You can choose to enable or disable the
+	// replication of these objects. Currently, Amazon S3 supports only the filter that
+	// you can specify for objects created with server-side encryption using a customer
+	// managed key stored in Amazon Web Services Key Management Service (SSE-KMS).
 	SourceSelectionCriteria *SourceSelectionCriteria
 
 	noSmithyDocumentSerde
@@ -3214,12 +2637,10 @@ type ReplicationRule struct {
 // A container for specifying rule filters. The filters determine the subset of
 // objects to which the rule applies. This element is required only if you specify
 // more than one filter. For example:
-//
-// * If you specify both a Prefix and a Tag
-// filter, wrap these filters in an And tag.
-//
-// * If you specify a filter based on
-// multiple tags, wrap the Tag elements in an And tag.
+//   - If you specify both a Prefix and a Tag filter, wrap these filters in an And
+//     tag.
+//   - If you specify a filter based on multiple tags, wrap the Tag elements in an
+//     And tag.
 type ReplicationRuleAndOperator struct {
 
 	// An object key name prefix that identifies the subset of objects to which the
@@ -3233,7 +2654,8 @@ type ReplicationRuleAndOperator struct {
 }
 
 // A filter that identifies the subset of objects to which the replication rule
-// applies. A Filter must specify exactly one Prefix, Tag, or an And child element.
+// applies. A Filter must specify exactly one Prefix , Tag , or an And child
+// element.
 //
 // The following types satisfy this interface:
 //
@@ -3247,12 +2669,10 @@ type ReplicationRuleFilter interface {
 // A container for specifying rule filters. The filters determine the subset of
 // objects to which the rule applies. This element is required only if you specify
 // more than one filter. For example:
-//
-// * If you specify both a Prefix and a Tag
-// filter, wrap these filters in an And tag.
-//
-// * If you specify a filter based on
-// multiple tags, wrap the Tag elements in an And tag.
+//   - If you specify both a Prefix and a Tag filter, wrap these filters in an And
+//     tag.
+//   - If you specify a filter based on multiple tags, wrap the Tag elements in an
+//     And tag.
 type ReplicationRuleFilterMemberAnd struct {
 	Value ReplicationRuleAndOperator
 
@@ -3264,8 +2684,8 @@ func (*ReplicationRuleFilterMemberAnd) isReplicationRuleFilter() {}
 // An object key name prefix that identifies the subset of objects to which the
 // rule applies. Replacement must be made for object keys containing special
 // characters (such as carriage returns) when using XML requests. For more
-// information, see  XML related object key constraints
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints).
+// information, see XML related object key constraints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints)
+// .
 type ReplicationRuleFilterMemberPrefix struct {
 	Value string
 
@@ -3274,8 +2694,8 @@ type ReplicationRuleFilterMemberPrefix struct {
 
 func (*ReplicationRuleFilterMemberPrefix) isReplicationRuleFilter() {}
 
-// A container for specifying a tag key and value. The rule applies only to objects
-// that have the tag in their tag set.
+// A container for specifying a tag key and value. The rule applies only to
+// objects that have the tag in their tag set.
 type ReplicationRuleFilterMemberTag struct {
 	Value Tag
 
@@ -3284,9 +2704,10 @@ type ReplicationRuleFilterMemberTag struct {
 
 func (*ReplicationRuleFilterMemberTag) isReplicationRuleFilter() {}
 
-// A container specifying S3 Replication Time Control (S3 RTC) related information,
-// including whether S3 RTC is enabled and the time when all objects and operations
-// on objects must be replicated. Must be specified together with a Metrics block.
+// A container specifying S3 Replication Time Control (S3 RTC) related
+// information, including whether S3 RTC is enabled and the time when all objects
+// and operations on objects must be replicated. Must be specified together with a
+// Metrics block.
 type ReplicationTime struct {
 
 	// Specifies whether the replication time is enabled.
@@ -3304,7 +2725,7 @@ type ReplicationTime struct {
 }
 
 // A container specifying the time value for S3 Replication Time Control (S3 RTC)
-// and replication metrics EventThreshold.
+// and replication metrics EventThreshold .
 type ReplicationTimeValue struct {
 
 	// Contains an integer specifying time in minutes. Valid value: 15
@@ -3338,7 +2759,7 @@ type RequestProgress struct {
 type RestoreRequest struct {
 
 	// Lifetime of the active copy in days. Do not use with restores that specify
-	// OutputLocation. The Days element is required for regular restores, and must not
+	// OutputLocation . The Days element is required for regular restores, and must not
 	// be provided for select requests.
 	Days int32
 
@@ -3346,7 +2767,7 @@ type RestoreRequest struct {
 	Description *string
 
 	// S3 Glacier related parameters pertaining to this job. Do not use with restores
-	// that specify OutputLocation.
+	// that specify OutputLocation .
 	GlacierJobParameters *GlacierJobParameters
 
 	// Describes the location where the restore job's output is stored.
@@ -3364,9 +2785,33 @@ type RestoreRequest struct {
 	noSmithyDocumentSerde
 }
 
+// Specifies the restoration status of an object. Objects in certain storage
+// classes must be restored before they can be retrieved. For more information
+// about these storage classes and how to work with archived objects, see Working
+// with archived objects (https://docs.aws.amazon.com/AmazonS3/latest/userguide/archived-objects.html)
+// in the Amazon S3 User Guide.
+type RestoreStatus struct {
+
+	// Specifies whether the object is currently being restored. If the object
+	// restoration is in progress, the header returns the value TRUE . For example:
+	// x-amz-optional-object-attributes: IsRestoreInProgress="true" If the object
+	// restoration has completed, the header returns the value FALSE . For example:
+	// x-amz-optional-object-attributes: IsRestoreInProgress="false",
+	// RestoreExpiryDate="2012-12-21T00:00:00.000Z" If the object hasn't been restored,
+	// there is no header response.
+	IsRestoreInProgress bool
+
+	// Indicates when the restored copy will expire. This value is populated only if
+	// the object has already been restored. For example:
+	// x-amz-optional-object-attributes: IsRestoreInProgress="false",
+	// RestoreExpiryDate="2012-12-21T00:00:00.000Z"
+	RestoreExpiryDate *time.Time
+
+	noSmithyDocumentSerde
+}
+
 // Specifies the redirect behavior and when a redirect is applied. For more
-// information about routing rules, see Configuring advanced conditional redirects
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/how-to-page-redirect.html#advanced-conditional-redirects)
+// information about routing rules, see Configuring advanced conditional redirects (https://docs.aws.amazon.com/AmazonS3/latest/dev/how-to-page-redirect.html#advanced-conditional-redirects)
 // in the Amazon S3 User Guide.
 type RoutingRule struct {
 
@@ -3443,10 +2888,10 @@ type ScanRange struct {
 	// scan the last N bytes of the file. For example, 50 means scan the last 50 bytes.
 	End int64
 
-	// Specifies the start of the byte range. This parameter is optional. Valid values:
-	// non-negative integers. The default value is 0. If only start is supplied, it
-	// means scan from that point to the end of the file. For example, 50 means scan
-	// from byte 50 until the end of the file.
+	// Specifies the start of the byte range. This parameter is optional. Valid
+	// values: non-negative integers. The default value is 0. If only start is
+	// supplied, it means scan from that point to the end of the file. For example, 50
+	// means scan from byte 50 until the end of the file.
 	Start int64
 
 	noSmithyDocumentSerde
@@ -3542,8 +2987,7 @@ type SelectParameters struct {
 // at configuration, Amazon S3 automatically creates an Amazon Web Services KMS key
 // in your Amazon Web Services account the first time that you add an object
 // encrypted with SSE-KMS to a bucket. By default, Amazon S3 uses this KMS key for
-// SSE-KMS. For more information, see PUT Bucket encryption
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTencryption.html)
+// SSE-KMS. For more information, see PUT Bucket encryption (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTencryption.html)
 // in the Amazon S3 API Reference.
 type ServerSideEncryptionByDefault struct {
 
@@ -3554,23 +2998,18 @@ type ServerSideEncryptionByDefault struct {
 
 	// Amazon Web Services Key Management Service (KMS) customer Amazon Web Services
 	// KMS key ID to use for the default encryption. This parameter is allowed if and
-	// only if SSEAlgorithm is set to aws:kms. You can specify the key ID or the Amazon
-	// Resource Name (ARN) of the KMS key. However, if you are using encryption with
-	// cross-account or Amazon Web Services service operations you must use a fully
-	// qualified KMS key ARN. For more information, see Using encryption for
-	// cross-account operations
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html#bucket-encryption-update-bucket-policy).
-	// For example:
-	//
-	// * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
-	//
-	// * Key ARN:
-	// arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
-	//
-	// Amazon
-	// S3 only supports symmetric KMS keys and not asymmetric KMS keys. For more
-	// information, see Using symmetric and asymmetric keys
-	// (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html)
+	// only if SSEAlgorithm is set to aws:kms . You can specify the key ID, key alias,
+	// or the Amazon Resource Name (ARN) of the KMS key.
+	//   - Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
+	//   - Key ARN:
+	//   arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
+	//   - Key Alias: alias/alias-name
+	// If you use a key ID, you can run into a LogDestination undeliverable error when
+	// creating a VPC flow log. If you are using encryption with cross-account or
+	// Amazon Web Services service operations you must use a fully qualified KMS key
+	// ARN. For more information, see Using encryption for cross-account operations (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html#bucket-encryption-update-bucket-policy)
+	// . Amazon S3 only supports symmetric encryption KMS keys. For more information,
+	// see Asymmetric keys in Amazon Web Services KMS (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html)
 	// in the Amazon Web Services Key Management Service Developer Guide.
 	KMSMasterKeyID *string
 
@@ -3601,28 +3040,27 @@ type ServerSideEncryptionRule struct {
 	// encryption using KMS (SSE-KMS) for new objects in the bucket. Existing objects
 	// are not affected. Setting the BucketKeyEnabled element to true causes Amazon S3
 	// to use an S3 Bucket Key. By default, S3 Bucket Key is not enabled. For more
-	// information, see Amazon S3 Bucket Keys
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-key.html) in the Amazon
-	// S3 User Guide.
+	// information, see Amazon S3 Bucket Keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-key.html)
+	// in the Amazon S3 User Guide.
 	BucketKeyEnabled bool
 
 	noSmithyDocumentSerde
 }
 
-// A container that describes additional filters for identifying the source objects
-// that you want to replicate. You can choose to enable or disable the replication
-// of these objects. Currently, Amazon S3 supports only the filter that you can
-// specify for objects created with server-side encryption using a customer managed
-// key stored in Amazon Web Services Key Management Service (SSE-KMS).
+// A container that describes additional filters for identifying the source
+// objects that you want to replicate. You can choose to enable or disable the
+// replication of these objects. Currently, Amazon S3 supports only the filter that
+// you can specify for objects created with server-side encryption using a customer
+// managed key stored in Amazon Web Services Key Management Service (SSE-KMS).
 type SourceSelectionCriteria struct {
 
 	// A filter that you can specify for selections for modifications on replicas.
 	// Amazon S3 doesn't replicate replica modifications by default. In the latest
-	// version of replication configuration (when Filter is specified), you can specify
-	// this element and set the status to Enabled to replicate modifications on
-	// replicas. If you don't specify the Filter element, Amazon S3 assumes that the
-	// replication configuration is the earlier version, V1. In the earlier version,
-	// this element is not allowed
+	// version of replication configuration (when Filter is specified), you can
+	// specify this element and set the status to Enabled to replicate modifications
+	// on replicas. If you don't specify the Filter element, Amazon S3 assumes that
+	// the replication configuration is the earlier version, V1. In the earlier
+	// version, this element is not allowed
 	ReplicaModifications *ReplicaModifications
 
 	// A container for filter information for the selection of Amazon S3 objects
@@ -3636,9 +3074,8 @@ type SourceSelectionCriteria struct {
 // Specifies the use of SSE-KMS to encrypt delivered inventory reports.
 type SSEKMS struct {
 
-	// Specifies the ID of the Amazon Web Services Key Management Service (Amazon Web
-	// Services KMS) symmetric customer managed key to use for encrypting inventory
-	// reports.
+	// Specifies the ID of the Key Management Service (KMS) symmetric encryption
+	// customer managed key to use for encrypting inventory reports.
 	//
 	// This member is required.
 	KeyId *string
@@ -3693,15 +3130,15 @@ type StatsEvent struct {
 // analyze the tradeoffs between different storage classes for an Amazon S3 bucket.
 type StorageClassAnalysis struct {
 
-	// Specifies how data related to the storage class analysis for an Amazon S3 bucket
-	// should be exported.
+	// Specifies how data related to the storage class analysis for an Amazon S3
+	// bucket should be exported.
 	DataExport *StorageClassAnalysisDataExport
 
 	noSmithyDocumentSerde
 }
 
-// Container for data related to the storage class analysis for an Amazon S3 bucket
-// for export.
+// Container for data related to the storage class analysis for an Amazon S3
+// bucket for export.
 type StorageClassAnalysisDataExport struct {
 
 	// The place to store the data for an analysis.
@@ -3709,7 +3146,7 @@ type StorageClassAnalysisDataExport struct {
 	// This member is required.
 	Destination *AnalyticsExportDestination
 
-	// The version of the output schema to use when exporting data. Must be V_1.
+	// The version of the output schema to use when exporting data. Must be V_1 .
 	//
 	// This member is required.
 	OutputSchemaVersion StorageClassAnalysisSchemaVersion
@@ -3746,8 +3183,7 @@ type Tagging struct {
 
 // Container for granting information. Buckets that use the bucket owner enforced
 // setting for Object Ownership don't support target grants. For more information,
-// see Permissions server access log delivery
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/enable-server-access-logging.html#grant-log-delivery-permissions-general)
+// see Permissions server access log delivery (https://docs.aws.amazon.com/AmazonS3/latest/userguide/enable-server-access-logging.html#grant-log-delivery-permissions-general)
 // in the Amazon S3 User Guide.
 type TargetGrant struct {
 
@@ -3766,8 +3202,7 @@ type TargetGrant struct {
 type Tiering struct {
 
 	// S3 Intelligent-Tiering access tier. See Storage class for automatically
-	// optimizing frequently and infrequently accessed objects
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html#sc-dynamic-data-access)
+	// optimizing frequently and infrequently accessed objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html#sc-dynamic-data-access)
 	// for a list of access tiers in the S3 Intelligent-Tiering storage class.
 	//
 	// This member is required.
@@ -3791,9 +3226,8 @@ type Tiering struct {
 type TopicConfiguration struct {
 
 	// The Amazon S3 bucket event about which to send notifications. For more
-	// information, see Supported Event Types
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html) in the
-	// Amazon S3 User Guide.
+	// information, see Supported Event Types (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html)
+	// in the Amazon S3 User Guide.
 	//
 	// This member is required.
 	Events []Event
@@ -3805,9 +3239,8 @@ type TopicConfiguration struct {
 	TopicArn *string
 
 	// Specifies object key name filtering rules. For information about key name
-	// filtering, see Configuring Event Notifications
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html) in the
-	// Amazon S3 User Guide.
+	// filtering, see Configuring event notifications using object key name filtering (https://docs.aws.amazon.com/AmazonS3/latest/userguide/notification-how-to-filtering.html)
+	// in the Amazon S3 User Guide.
 	Filter *NotificationConfigurationFilter
 
 	// An optional unique identifier for configurations in a notification
@@ -3819,17 +3252,16 @@ type TopicConfiguration struct {
 
 // Specifies when an object transitions to a specified storage class. For more
 // information about Amazon S3 lifecycle configuration rules, see Transitioning
-// Objects Using Amazon S3 Lifecycle
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/lifecycle-transition-general-considerations.html)
+// Objects Using Amazon S3 Lifecycle (https://docs.aws.amazon.com/AmazonS3/latest/dev/lifecycle-transition-general-considerations.html)
 // in the Amazon S3 User Guide.
 type Transition struct {
 
-	// Indicates when objects are transitioned to the specified storage class. The date
-	// value must be in ISO 8601 format. The time is always midnight UTC.
+	// Indicates when objects are transitioned to the specified storage class. The
+	// date value must be in ISO 8601 format. The time is always midnight UTC.
 	Date *time.Time
 
-	// Indicates the number of days after creation when objects are transitioned to the
-	// specified storage class. The value must be a positive integer.
+	// Indicates the number of days after creation when objects are transitioned to
+	// the specified storage class. The value must be a positive integer.
 	Days int32
 
 	// The storage class to which you want the object to transition.
@@ -3838,9 +3270,8 @@ type Transition struct {
 	noSmithyDocumentSerde
 }
 
-// Describes the versioning state of an Amazon S3 bucket. For more information, see
-// PUT Bucket versioning
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTVersioningStatus.html)
+// Describes the versioning state of an Amazon S3 bucket. For more information,
+// see PUT Bucket versioning (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTVersioningStatus.html)
 // in the Amazon S3 API Reference.
 type VersioningConfiguration struct {
 
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/CHANGELOG.md
index 42fae8efb..0b2700161 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/CHANGELOG.md
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/CHANGELOG.md
@@ -1,3 +1,61 @@
+# v1.15.2 (2023-10-12)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.15.1 (2023-10-06)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.15.0 (2023-10-02)
+
+* **Feature**: Fix FIPS Endpoints in aws-us-gov.
+
+# v1.14.1 (2023-09-22)
+
+* No change notes available for this release.
+
+# v1.14.0 (2023-09-18)
+
+* **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* **Feature**: Adds several endpoint ruleset changes across all models: smaller rulesets, removed non-unique regional endpoints, fixes FIPS and DualStack endpoints, and make region not required in SDK::Endpoint. Additional breakfix to cognito-sync field.
+
+# v1.13.6 (2023-08-31)
+
+* No change notes available for this release.
+
+# v1.13.5 (2023-08-21)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.13.4 (2023-08-18)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.13.3 (2023-08-17)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.13.2 (2023-08-07)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.13.1 (2023-08-01)
+
+* No change notes available for this release.
+
+# v1.13.0 (2023-07-31)
+
+* **Feature**: Adds support for smithy-modeled endpoint resolution. A new rules-based endpoint resolution will be added to the SDK which will supercede and deprecate existing endpoint resolution. Specifically, EndpointResolver will be deprecated while BaseEndpoint and EndpointResolverV2 will take its place. For more information, please see the Endpoints section in our Developer Guide.
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.12.14 (2023-07-28)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.12.13 (2023-07-13)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
 # v1.12.12 (2023-06-15)
 
 * No change notes available for this release.
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_client.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_client.go
index 6f30ddc99..da4e470a6 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_client.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_client.go
@@ -4,6 +4,7 @@ package sso
 
 import (
 	"context"
+	"fmt"
 	"github.com/aws/aws-sdk-go-v2/aws"
 	"github.com/aws/aws-sdk-go-v2/aws/defaults"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
@@ -45,8 +46,6 @@ func New(options Options, optFns ...func(*Options)) *Client {
 
 	resolveHTTPSignerV4(&options)
 
-	resolveDefaultEndpointConfiguration(&options)
-
 	for _, fn := range optFns {
 		fn(&options)
 	}
@@ -64,6 +63,14 @@ type Options struct {
 	// modify this list for per operation behavior.
 	APIOptions []func(*middleware.Stack) error
 
+	// The optional application specific identifier appended to the User-Agent header.
+	AppID string
+
+	// This endpoint will be given as input to an EndpointResolverV2. It is used for
+	// providing a custom base endpoint that is subject to modifications by the
+	// processing EndpointResolverV2.
+	BaseEndpoint *string
+
 	// Configures the events that will be sent to the configured logger.
 	ClientLogMode aws.ClientLogMode
 
@@ -78,8 +85,18 @@ type Options struct {
 	EndpointOptions EndpointResolverOptions
 
 	// The service endpoint resolver.
+	//
+	// Deprecated: Deprecated: EndpointResolver and WithEndpointResolver. Providing a
+	// value for this field will likely prevent you from using any endpoint-related
+	// service features released after the introduction of EndpointResolverV2 and
+	// BaseEndpoint. To migrate an EndpointResolver implementation that uses a custom
+	// endpoint, set the client option BaseEndpoint instead.
 	EndpointResolver EndpointResolver
 
+	// Resolves the endpoint used for a particular service. This should be used over
+	// the deprecated EndpointResolver
+	EndpointResolverV2 EndpointResolverV2
+
 	// Signature Version 4 (SigV4) Signer
 	HTTPSignerV4 HTTPSignerV4
 
@@ -138,14 +155,25 @@ func WithAPIOptions(optFns ...func(*middleware.Stack) error) func(*Options) {
 	}
 }
 
-// WithEndpointResolver returns a functional option for setting the Client's
-// EndpointResolver option.
+// Deprecated: EndpointResolver and WithEndpointResolver. Providing a value for
+// this field will likely prevent you from using any endpoint-related service
+// features released after the introduction of EndpointResolverV2 and BaseEndpoint.
+// To migrate an EndpointResolver implementation that uses a custom endpoint, set
+// the client option BaseEndpoint instead.
 func WithEndpointResolver(v EndpointResolver) func(*Options) {
 	return func(o *Options) {
 		o.EndpointResolver = v
 	}
 }
 
+// WithEndpointResolverV2 returns a functional option for setting the Client's
+// EndpointResolverV2 option.
+func WithEndpointResolverV2(v EndpointResolverV2) func(*Options) {
+	return func(o *Options) {
+		o.EndpointResolverV2 = v
+	}
+}
+
 type HTTPClient interface {
 	Do(*http.Request) (*http.Response, error)
 }
@@ -162,6 +190,8 @@ func (c *Client) invokeOperation(ctx context.Context, opID string, params interf
 	ctx = middleware.ClearStackValues(ctx)
 	stack := middleware.NewStack(opID, smithyhttp.NewStackRequest)
 	options := c.options.Copy()
+	resolveEndpointResolverV2(&options)
+
 	for _, fn := range optFns {
 		fn(&options)
 	}
@@ -196,6 +226,30 @@ func (c *Client) invokeOperation(ctx context.Context, opID string, params interf
 
 type noSmithyDocumentSerde = smithydocument.NoSerde
 
+type legacyEndpointContextSetter struct {
+	LegacyResolver EndpointResolver
+}
+
+func (*legacyEndpointContextSetter) ID() string {
+	return "legacyEndpointContextSetter"
+}
+
+func (m *legacyEndpointContextSetter) HandleInitialize(ctx context.Context, in middleware.InitializeInput, next middleware.InitializeHandler) (
+	out middleware.InitializeOutput, metadata middleware.Metadata, err error,
+) {
+	if m.LegacyResolver != nil {
+		ctx = awsmiddleware.SetRequiresLegacyEndpoints(ctx, true)
+	}
+
+	return next.HandleInitialize(ctx, in)
+
+}
+func addlegacyEndpointContextSetter(stack *middleware.Stack, o Options) error {
+	return stack.Initialize.Add(&legacyEndpointContextSetter{
+		LegacyResolver: o.EndpointResolver,
+	}, middleware.Before)
+}
+
 func resolveDefaultLogger(o *Options) {
 	if o.Logger != nil {
 		return
@@ -233,6 +287,7 @@ func NewFromConfig(cfg aws.Config, optFns ...func(*Options)) *Client {
 		APIOptions:         cfg.APIOptions,
 		Logger:             cfg.Logger,
 		ClientLogMode:      cfg.ClientLogMode,
+		AppID:              cfg.AppID,
 	}
 	resolveAWSRetryerProvider(cfg, &opts)
 	resolveAWSRetryMaxAttempts(cfg, &opts)
@@ -343,11 +398,19 @@ func resolveAWSEndpointResolver(cfg aws.Config, o *Options) {
 	if cfg.EndpointResolver == nil && cfg.EndpointResolverWithOptions == nil {
 		return
 	}
-	o.EndpointResolver = withEndpointResolver(cfg.EndpointResolver, cfg.EndpointResolverWithOptions, NewDefaultEndpointResolver())
+	o.EndpointResolver = withEndpointResolver(cfg.EndpointResolver, cfg.EndpointResolverWithOptions)
 }
 
-func addClientUserAgent(stack *middleware.Stack) error {
-	return awsmiddleware.AddSDKAgentKeyValue(awsmiddleware.APIMetadata, "sso", goModuleVersion)(stack)
+func addClientUserAgent(stack *middleware.Stack, options Options) error {
+	if err := awsmiddleware.AddSDKAgentKeyValue(awsmiddleware.APIMetadata, "sso", goModuleVersion)(stack); err != nil {
+		return err
+	}
+
+	if len(options.AppID) > 0 {
+		return awsmiddleware.AddSDKAgentKey(awsmiddleware.ApplicationIdentifier, options.AppID)(stack)
+	}
+
+	return nil
 }
 
 func addHTTPSignerV4Middleware(stack *middleware.Stack, o Options) error {
@@ -431,3 +494,32 @@ func addRequestResponseLogging(stack *middleware.Stack, o Options) error {
 		LogResponseWithBody: o.ClientLogMode.IsResponseWithBody(),
 	}, middleware.After)
 }
+
+type endpointDisableHTTPSMiddleware struct {
+	EndpointDisableHTTPS bool
+}
+
+func (*endpointDisableHTTPSMiddleware) ID() string {
+	return "endpointDisableHTTPSMiddleware"
+}
+
+func (m *endpointDisableHTTPSMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointDisableHTTPS && !smithyhttp.GetHostnameImmutable(ctx) {
+		req.URL.Scheme = "http"
+	}
+
+	return next.HandleSerialize(ctx, in)
+
+}
+func addendpointDisableHTTPSMiddleware(stack *middleware.Stack, o Options) error {
+	return stack.Serialize.Insert(&endpointDisableHTTPSMiddleware{
+		EndpointDisableHTTPS: o.EndpointOptions.DisableHTTPS,
+	}, "OperationSerializer", middleware.Before)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_op_GetRoleCredentials.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_op_GetRoleCredentials.go
index 3825b9e44..0383bb0bd 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_op_GetRoleCredentials.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_op_GetRoleCredentials.go
@@ -4,8 +4,13 @@ package sso
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
 	"github.com/aws/aws-sdk-go-v2/service/sso/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -69,6 +74,9 @@ func (c *Client) addOperationGetRoleCredentialsMiddlewares(stack *middleware.Sta
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -90,7 +98,7 @@ func (c *Client) addOperationGetRoleCredentialsMiddlewares(stack *middleware.Sta
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -99,6 +107,9 @@ func (c *Client) addOperationGetRoleCredentialsMiddlewares(stack *middleware.Sta
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addGetRoleCredentialsResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpGetRoleCredentialsValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -117,6 +128,9 @@ func (c *Client) addOperationGetRoleCredentialsMiddlewares(stack *middleware.Sta
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -127,3 +141,126 @@ func newServiceMetadataMiddleware_opGetRoleCredentials(region string) *awsmiddle
 		OperationName: "GetRoleCredentials",
 	}
 }
+
+type opGetRoleCredentialsResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opGetRoleCredentialsResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opGetRoleCredentialsResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "awsssoportal"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "awsssoportal"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("awsssoportal")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addGetRoleCredentialsResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opGetRoleCredentialsResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_op_ListAccountRoles.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_op_ListAccountRoles.go
index ef3592afc..cc28543f8 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_op_ListAccountRoles.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_op_ListAccountRoles.go
@@ -4,9 +4,13 @@ package sso
 
 import (
 	"context"
+	"errors"
 	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
 	"github.com/aws/aws-sdk-go-v2/service/sso/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -75,6 +79,9 @@ func (c *Client) addOperationListAccountRolesMiddlewares(stack *middleware.Stack
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -96,7 +103,7 @@ func (c *Client) addOperationListAccountRolesMiddlewares(stack *middleware.Stack
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -105,6 +112,9 @@ func (c *Client) addOperationListAccountRolesMiddlewares(stack *middleware.Stack
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addListAccountRolesResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpListAccountRolesValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -123,6 +133,9 @@ func (c *Client) addOperationListAccountRolesMiddlewares(stack *middleware.Stack
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -223,3 +236,126 @@ func newServiceMetadataMiddleware_opListAccountRoles(region string) *awsmiddlewa
 		OperationName: "ListAccountRoles",
 	}
 }
+
+type opListAccountRolesResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opListAccountRolesResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opListAccountRolesResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "awsssoportal"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "awsssoportal"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("awsssoportal")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addListAccountRolesResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opListAccountRolesResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_op_ListAccounts.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_op_ListAccounts.go
index cfa8cdc97..567f6c669 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_op_ListAccounts.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_op_ListAccounts.go
@@ -4,9 +4,13 @@ package sso
 
 import (
 	"context"
+	"errors"
 	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
 	"github.com/aws/aws-sdk-go-v2/service/sso/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -73,6 +77,9 @@ func (c *Client) addOperationListAccountsMiddlewares(stack *middleware.Stack, op
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -94,7 +101,7 @@ func (c *Client) addOperationListAccountsMiddlewares(stack *middleware.Stack, op
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -103,6 +110,9 @@ func (c *Client) addOperationListAccountsMiddlewares(stack *middleware.Stack, op
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addListAccountsResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpListAccountsValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -121,6 +131,9 @@ func (c *Client) addOperationListAccountsMiddlewares(stack *middleware.Stack, op
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -220,3 +233,126 @@ func newServiceMetadataMiddleware_opListAccounts(region string) *awsmiddleware.R
 		OperationName: "ListAccounts",
 	}
 }
+
+type opListAccountsResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opListAccountsResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opListAccountsResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "awsssoportal"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "awsssoportal"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("awsssoportal")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addListAccountsResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opListAccountsResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_op_Logout.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_op_Logout.go
index c13d73f5a..c30da0296 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_op_Logout.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_op_Logout.go
@@ -4,7 +4,12 @@ package sso
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -64,6 +69,9 @@ func (c *Client) addOperationLogoutMiddlewares(stack *middleware.Stack, options
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -85,7 +93,7 @@ func (c *Client) addOperationLogoutMiddlewares(stack *middleware.Stack, options
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -94,6 +102,9 @@ func (c *Client) addOperationLogoutMiddlewares(stack *middleware.Stack, options
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addLogoutResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpLogoutValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -112,6 +123,9 @@ func (c *Client) addOperationLogoutMiddlewares(stack *middleware.Stack, options
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -122,3 +136,126 @@ func newServiceMetadataMiddleware_opLogout(region string) *awsmiddleware.Registe
 		OperationName: "Logout",
 	}
 }
+
+type opLogoutResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opLogoutResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opLogoutResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "awsssoportal"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "awsssoportal"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("awsssoportal")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addLogoutResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opLogoutResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/endpoints.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/endpoints.go
index 43c06f11a..6a2c7eb3e 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/endpoints.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/endpoints.go
@@ -8,9 +8,13 @@ import (
 	"fmt"
 	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
+	"github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn"
 	internalendpoints "github.com/aws/aws-sdk-go-v2/service/sso/internal/endpoints"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
+	"github.com/aws/smithy-go/ptr"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
+	"net/http"
 	"net/url"
 	"strings"
 )
@@ -39,13 +43,6 @@ func (fn EndpointResolverFunc) ResolveEndpoint(region string, options EndpointRe
 	return fn(region, options)
 }
 
-func resolveDefaultEndpointConfiguration(o *Options) {
-	if o.EndpointResolver != nil {
-		return
-	}
-	o.EndpointResolver = NewDefaultEndpointResolver()
-}
-
 // EndpointResolverFromURL returns an EndpointResolver configured using the
 // provided endpoint url. By default, the resolved endpoint resolver uses the
 // client region as signing region, and the endpoint source is set to
@@ -79,6 +76,10 @@ func (*ResolveEndpoint) ID() string {
 func (m *ResolveEndpoint) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
 	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
 ) {
+	if !awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
 	req, ok := in.Request.(*smithyhttp.Request)
 	if !ok {
 		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
@@ -94,6 +95,11 @@ func (m *ResolveEndpoint) HandleSerialize(ctx context.Context, in middleware.Ser
 	var endpoint aws.Endpoint
 	endpoint, err = m.Resolver.ResolveEndpoint(awsmiddleware.GetRegion(ctx), eo)
 	if err != nil {
+		nf := (&aws.EndpointNotFoundError{})
+		if errors.As(err, &nf) {
+			ctx = awsmiddleware.SetRequiresLegacyEndpoints(ctx, false)
+			return next.HandleSerialize(ctx, in)
+		}
 		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
 	}
 
@@ -129,27 +135,10 @@ func removeResolveEndpointMiddleware(stack *middleware.Stack) error {
 
 type wrappedEndpointResolver struct {
 	awsResolver aws.EndpointResolverWithOptions
-	resolver    EndpointResolver
 }
 
 func (w *wrappedEndpointResolver) ResolveEndpoint(region string, options EndpointResolverOptions) (endpoint aws.Endpoint, err error) {
-	if w.awsResolver == nil {
-		goto fallback
-	}
-	endpoint, err = w.awsResolver.ResolveEndpoint(ServiceID, region, options)
-	if err == nil {
-		return endpoint, nil
-	}
-
-	if nf := (&aws.EndpointNotFoundError{}); !errors.As(err, &nf) {
-		return endpoint, err
-	}
-
-fallback:
-	if w.resolver == nil {
-		return endpoint, fmt.Errorf("default endpoint resolver provided was nil")
-	}
-	return w.resolver.ResolveEndpoint(region, options)
+	return w.awsResolver.ResolveEndpoint(ServiceID, region, options)
 }
 
 type awsEndpointResolverAdaptor func(service, region string) (aws.Endpoint, error)
@@ -160,12 +149,13 @@ func (a awsEndpointResolverAdaptor) ResolveEndpoint(service, region string, opti
 
 var _ aws.EndpointResolverWithOptions = awsEndpointResolverAdaptor(nil)
 
-// withEndpointResolver returns an EndpointResolver that first delegates endpoint resolution to the awsResolver.
-// If awsResolver returns aws.EndpointNotFoundError error, the resolver will use the the provided
-// fallbackResolver for resolution.
+// withEndpointResolver returns an aws.EndpointResolverWithOptions that first delegates endpoint resolution to the awsResolver.
+// If awsResolver returns aws.EndpointNotFoundError error, the v1 resolver middleware will swallow the error,
+// and set an appropriate context flag such that fallback will occur when EndpointResolverV2 is invoked
+// via its middleware.
 //
-// fallbackResolver must not be nil
-func withEndpointResolver(awsResolver aws.EndpointResolver, awsResolverWithOptions aws.EndpointResolverWithOptions, fallbackResolver EndpointResolver) EndpointResolver {
+// If another error (besides aws.EndpointNotFoundError) is returned, then that error will be propagated.
+func withEndpointResolver(awsResolver aws.EndpointResolver, awsResolverWithOptions aws.EndpointResolverWithOptions) EndpointResolver {
 	var resolver aws.EndpointResolverWithOptions
 
 	if awsResolverWithOptions != nil {
@@ -176,7 +166,6 @@ func withEndpointResolver(awsResolver aws.EndpointResolver, awsResolverWithOptio
 
 	return &wrappedEndpointResolver{
 		awsResolver: resolver,
-		resolver:    fallbackResolver,
 	}
 }
 
@@ -198,3 +187,313 @@ func finalizeClientEndpointResolverOptions(options *Options) {
 	}
 
 }
+
+func resolveEndpointResolverV2(options *Options) {
+	if options.EndpointResolverV2 == nil {
+		options.EndpointResolverV2 = NewDefaultEndpointResolverV2()
+	}
+}
+
+// Utility function to aid with translating pseudo-regions to classical regions
+// with the appropriate setting indicated by the pseudo-region
+func mapPseudoRegion(pr string) (region string, fips aws.FIPSEndpointState) {
+	const fipsInfix = "-fips-"
+	const fipsPrefix = "fips-"
+	const fipsSuffix = "-fips"
+
+	if strings.Contains(pr, fipsInfix) ||
+		strings.Contains(pr, fipsPrefix) ||
+		strings.Contains(pr, fipsSuffix) {
+		region = strings.ReplaceAll(strings.ReplaceAll(strings.ReplaceAll(
+			pr, fipsInfix, "-"), fipsPrefix, ""), fipsSuffix, "")
+		fips = aws.FIPSEndpointStateEnabled
+	} else {
+		region = pr
+	}
+
+	return region, fips
+}
+
+// builtInParameterResolver is the interface responsible for resolving BuiltIn
+// values during the sourcing of EndpointParameters
+type builtInParameterResolver interface {
+	ResolveBuiltIns(*EndpointParameters) error
+}
+
+// builtInResolver resolves modeled BuiltIn values using only the members defined
+// below.
+type builtInResolver struct {
+	// The AWS region used to dispatch the request.
+	Region string
+
+	// Sourced BuiltIn value in a historical enabled or disabled state.
+	UseDualStack aws.DualStackEndpointState
+
+	// Sourced BuiltIn value in a historical enabled or disabled state.
+	UseFIPS aws.FIPSEndpointState
+
+	// Base endpoint that can potentially be modified during Endpoint resolution.
+	Endpoint *string
+}
+
+// Invoked at runtime to resolve BuiltIn Values. Only resolution code specific to
+// each BuiltIn value is generated.
+func (b *builtInResolver) ResolveBuiltIns(params *EndpointParameters) error {
+
+	region, _ := mapPseudoRegion(b.Region)
+	if len(region) == 0 {
+		return fmt.Errorf("Could not resolve AWS::Region")
+	} else {
+		params.Region = aws.String(region)
+	}
+	if b.UseDualStack == aws.DualStackEndpointStateEnabled {
+		params.UseDualStack = aws.Bool(true)
+	} else {
+		params.UseDualStack = aws.Bool(false)
+	}
+	if b.UseFIPS == aws.FIPSEndpointStateEnabled {
+		params.UseFIPS = aws.Bool(true)
+	} else {
+		params.UseFIPS = aws.Bool(false)
+	}
+	params.Endpoint = b.Endpoint
+	return nil
+}
+
+// EndpointParameters provides the parameters that influence how endpoints are
+// resolved.
+type EndpointParameters struct {
+	// The AWS region used to dispatch the request.
+	//
+	// Parameter is
+	// required.
+	//
+	// AWS::Region
+	Region *string
+
+	// When true, use the dual-stack endpoint. If the configured endpoint does not
+	// support dual-stack, dispatching the request MAY return an error.
+	//
+	// Defaults to
+	// false if no value is provided.
+	//
+	// AWS::UseDualStack
+	UseDualStack *bool
+
+	// When true, send this request to the FIPS-compliant regional endpoint. If the
+	// configured endpoint does not have a FIPS compliant endpoint, dispatching the
+	// request will return an error.
+	//
+	// Defaults to false if no value is
+	// provided.
+	//
+	// AWS::UseFIPS
+	UseFIPS *bool
+
+	// Override the endpoint used to send this request
+	//
+	// Parameter is
+	// required.
+	//
+	// SDK::Endpoint
+	Endpoint *string
+}
+
+// ValidateRequired validates required parameters are set.
+func (p EndpointParameters) ValidateRequired() error {
+	if p.UseDualStack == nil {
+		return fmt.Errorf("parameter UseDualStack is required")
+	}
+
+	if p.UseFIPS == nil {
+		return fmt.Errorf("parameter UseFIPS is required")
+	}
+
+	return nil
+}
+
+// WithDefaults returns a shallow copy of EndpointParameterswith default values
+// applied to members where applicable.
+func (p EndpointParameters) WithDefaults() EndpointParameters {
+	if p.UseDualStack == nil {
+		p.UseDualStack = ptr.Bool(false)
+	}
+
+	if p.UseFIPS == nil {
+		p.UseFIPS = ptr.Bool(false)
+	}
+	return p
+}
+
+// EndpointResolverV2 provides the interface for resolving service endpoints.
+type EndpointResolverV2 interface {
+	// ResolveEndpoint attempts to resolve the endpoint with the provided options,
+	// returning the endpoint if found. Otherwise an error is returned.
+	ResolveEndpoint(ctx context.Context, params EndpointParameters) (
+		smithyendpoints.Endpoint, error,
+	)
+}
+
+// resolver provides the implementation for resolving endpoints.
+type resolver struct{}
+
+func NewDefaultEndpointResolverV2() EndpointResolverV2 {
+	return &resolver{}
+}
+
+// ResolveEndpoint attempts to resolve the endpoint with the provided options,
+// returning the endpoint if found. Otherwise an error is returned.
+func (r *resolver) ResolveEndpoint(
+	ctx context.Context, params EndpointParameters,
+) (
+	endpoint smithyendpoints.Endpoint, err error,
+) {
+	params = params.WithDefaults()
+	if err = params.ValidateRequired(); err != nil {
+		return endpoint, fmt.Errorf("endpoint parameters are not valid, %w", err)
+	}
+	_UseDualStack := *params.UseDualStack
+	_UseFIPS := *params.UseFIPS
+
+	if exprVal := params.Endpoint; exprVal != nil {
+		_Endpoint := *exprVal
+		_ = _Endpoint
+		if _UseFIPS == true {
+			return endpoint, fmt.Errorf("endpoint rule error, %s", "Invalid Configuration: FIPS and custom endpoint are not supported")
+		}
+		if _UseDualStack == true {
+			return endpoint, fmt.Errorf("endpoint rule error, %s", "Invalid Configuration: Dualstack and custom endpoint are not supported")
+		}
+		uriString := _Endpoint
+
+		uri, err := url.Parse(uriString)
+		if err != nil {
+			return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+		}
+
+		return smithyendpoints.Endpoint{
+			URI:     *uri,
+			Headers: http.Header{},
+		}, nil
+	}
+	if exprVal := params.Region; exprVal != nil {
+		_Region := *exprVal
+		_ = _Region
+		if exprVal := awsrulesfn.GetPartition(_Region); exprVal != nil {
+			_PartitionResult := *exprVal
+			_ = _PartitionResult
+			if _UseFIPS == true {
+				if _UseDualStack == true {
+					if true == _PartitionResult.SupportsFIPS {
+						if true == _PartitionResult.SupportsDualStack {
+							uriString := func() string {
+								var out strings.Builder
+								out.WriteString("https://portal.sso-fips.")
+								out.WriteString(_Region)
+								out.WriteString(".")
+								out.WriteString(_PartitionResult.DualStackDnsSuffix)
+								return out.String()
+							}()
+
+							uri, err := url.Parse(uriString)
+							if err != nil {
+								return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+							}
+
+							return smithyendpoints.Endpoint{
+								URI:     *uri,
+								Headers: http.Header{},
+							}, nil
+						}
+					}
+					return endpoint, fmt.Errorf("endpoint rule error, %s", "FIPS and DualStack are enabled, but this partition does not support one or both")
+				}
+			}
+			if _UseFIPS == true {
+				if true == _PartitionResult.SupportsFIPS {
+					if "aws-us-gov" == _PartitionResult.Name {
+						uriString := func() string {
+							var out strings.Builder
+							out.WriteString("https://portal.sso.")
+							out.WriteString(_Region)
+							out.WriteString(".amazonaws.com")
+							return out.String()
+						}()
+
+						uri, err := url.Parse(uriString)
+						if err != nil {
+							return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+						}
+
+						return smithyendpoints.Endpoint{
+							URI:     *uri,
+							Headers: http.Header{},
+						}, nil
+					}
+					uriString := func() string {
+						var out strings.Builder
+						out.WriteString("https://portal.sso-fips.")
+						out.WriteString(_Region)
+						out.WriteString(".")
+						out.WriteString(_PartitionResult.DnsSuffix)
+						return out.String()
+					}()
+
+					uri, err := url.Parse(uriString)
+					if err != nil {
+						return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+					}
+
+					return smithyendpoints.Endpoint{
+						URI:     *uri,
+						Headers: http.Header{},
+					}, nil
+				}
+				return endpoint, fmt.Errorf("endpoint rule error, %s", "FIPS is enabled but this partition does not support FIPS")
+			}
+			if _UseDualStack == true {
+				if true == _PartitionResult.SupportsDualStack {
+					uriString := func() string {
+						var out strings.Builder
+						out.WriteString("https://portal.sso.")
+						out.WriteString(_Region)
+						out.WriteString(".")
+						out.WriteString(_PartitionResult.DualStackDnsSuffix)
+						return out.String()
+					}()
+
+					uri, err := url.Parse(uriString)
+					if err != nil {
+						return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+					}
+
+					return smithyendpoints.Endpoint{
+						URI:     *uri,
+						Headers: http.Header{},
+					}, nil
+				}
+				return endpoint, fmt.Errorf("endpoint rule error, %s", "DualStack is enabled but this partition does not support DualStack")
+			}
+			uriString := func() string {
+				var out strings.Builder
+				out.WriteString("https://portal.sso.")
+				out.WriteString(_Region)
+				out.WriteString(".")
+				out.WriteString(_PartitionResult.DnsSuffix)
+				return out.String()
+			}()
+
+			uri, err := url.Parse(uriString)
+			if err != nil {
+				return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+			}
+
+			return smithyendpoints.Endpoint{
+				URI:     *uri,
+				Headers: http.Header{},
+			}, nil
+		}
+		return endpoint, fmt.Errorf("Endpoint resolution failed. Invalid operation or environment input.")
+	}
+	return endpoint, fmt.Errorf("endpoint rule error, %s", "Invalid Configuration: Missing Region")
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/generated.json b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/generated.json
index 5be0e34cd..ab6af36e8 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/generated.json
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/generated.json
@@ -3,7 +3,8 @@
         "github.com/aws/aws-sdk-go-v2": "v1.4.0",
         "github.com/aws/aws-sdk-go-v2/internal/configsources": "v0.0.0-00010101000000-000000000000",
         "github.com/aws/aws-sdk-go-v2/internal/endpoints/v2": "v2.0.0-00010101000000-000000000000",
-        "github.com/aws/smithy-go": "v1.4.0"
+        "github.com/aws/smithy-go": "v1.4.0",
+        "github.com/google/go-cmp": "v0.5.4"
     },
     "files": [
         "api_client.go",
@@ -15,6 +16,7 @@
         "deserializers.go",
         "doc.go",
         "endpoints.go",
+        "endpoints_test.go",
         "generated.json",
         "internal/endpoints/endpoints.go",
         "internal/endpoints/endpoints_test.go",
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/go_module_metadata.go
index b67186c86..0f216f4ef 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/go_module_metadata.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/go_module_metadata.go
@@ -3,4 +3,4 @@
 package sso
 
 // goModuleVersion is the tagged release for this module
-const goModuleVersion = "1.12.12"
+const goModuleVersion = "1.15.2"
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/internal/endpoints/endpoints.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/internal/endpoints/endpoints.go
index b1ce03a5d..f044afde4 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/internal/endpoints/endpoints.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/internal/endpoints/endpoints.go
@@ -94,7 +94,7 @@ var partitionRegexp = struct {
 	AwsUsGov *regexp.Regexp
 }{
 
-	Aws:      regexp.MustCompile("^(us|eu|ap|sa|ca|me|af)\\-\\w+\\-\\d+$"),
+	Aws:      regexp.MustCompile("^(us|eu|ap|sa|ca|me|af|il)\\-\\w+\\-\\d+$"),
 	AwsCn:    regexp.MustCompile("^cn\\-\\w+\\-\\d+$"),
 	AwsIso:   regexp.MustCompile("^us\\-iso\\-\\w+\\-\\d+$"),
 	AwsIsoB:  regexp.MustCompile("^us\\-isob\\-\\w+\\-\\d+$"),
@@ -227,6 +227,14 @@ var defaultPartitions = endpoints.Partitions{
 					Region: "eu-central-1",
 				},
 			},
+			endpoints.EndpointKey{
+				Region: "eu-central-2",
+			}: endpoints.Endpoint{
+				Hostname: "portal.sso.eu-central-2.amazonaws.com",
+				CredentialScope: endpoints.CredentialScope{
+					Region: "eu-central-2",
+				},
+			},
 			endpoints.EndpointKey{
 				Region: "eu-north-1",
 			}: endpoints.Endpoint{
@@ -267,6 +275,14 @@ var defaultPartitions = endpoints.Partitions{
 					Region: "eu-west-3",
 				},
 			},
+			endpoints.EndpointKey{
+				Region: "il-central-1",
+			}: endpoints.Endpoint{
+				Hostname: "portal.sso.il-central-1.amazonaws.com",
+				CredentialScope: endpoints.CredentialScope{
+					Region: "il-central-1",
+				},
+			},
 			endpoints.EndpointKey{
 				Region: "me-south-1",
 			}: endpoints.Endpoint{
@@ -351,6 +367,24 @@ var defaultPartitions = endpoints.Partitions{
 		},
 		RegionRegex:    partitionRegexp.AwsCn,
 		IsRegionalized: true,
+		Endpoints: endpoints.Endpoints{
+			endpoints.EndpointKey{
+				Region: "cn-north-1",
+			}: endpoints.Endpoint{
+				Hostname: "portal.sso.cn-north-1.amazonaws.com.cn",
+				CredentialScope: endpoints.CredentialScope{
+					Region: "cn-north-1",
+				},
+			},
+			endpoints.EndpointKey{
+				Region: "cn-northwest-1",
+			}: endpoints.Endpoint{
+				Hostname: "portal.sso.cn-northwest-1.amazonaws.com.cn",
+				CredentialScope: endpoints.CredentialScope{
+					Region: "cn-northwest-1",
+				},
+			},
+		},
 	},
 	{
 		ID: "aws-iso",
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/serializers.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/serializers.go
index 29e320811..02e314115 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/serializers.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/serializers.go
@@ -36,7 +36,14 @@ func (m *awsRestjson1_serializeOpGetRoleCredentials) HandleSerialize(ctx context
 	request.URL.Path = smithyhttp.JoinPath(request.URL.Path, opPath)
 	request.URL.RawQuery = smithyhttp.JoinRawQuery(request.URL.RawQuery, opQuery)
 	request.Method = "GET"
-	restEncoder, err := httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	var restEncoder *httpbinding.Encoder
+	if request.URL.RawPath == "" {
+		restEncoder, err = httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	} else {
+		request.URL.RawPath = smithyhttp.JoinPath(request.URL.RawPath, opPath)
+		restEncoder, err = httpbinding.NewEncoderWithRawPath(request.URL.Path, request.URL.RawPath, request.URL.RawQuery, request.Header)
+	}
+
 	if err != nil {
 		return out, metadata, &smithy.SerializationError{Err: err}
 	}
@@ -98,7 +105,14 @@ func (m *awsRestjson1_serializeOpListAccountRoles) HandleSerialize(ctx context.C
 	request.URL.Path = smithyhttp.JoinPath(request.URL.Path, opPath)
 	request.URL.RawQuery = smithyhttp.JoinRawQuery(request.URL.RawQuery, opQuery)
 	request.Method = "GET"
-	restEncoder, err := httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	var restEncoder *httpbinding.Encoder
+	if request.URL.RawPath == "" {
+		restEncoder, err = httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	} else {
+		request.URL.RawPath = smithyhttp.JoinPath(request.URL.RawPath, opPath)
+		restEncoder, err = httpbinding.NewEncoderWithRawPath(request.URL.Path, request.URL.RawPath, request.URL.RawQuery, request.Header)
+	}
+
 	if err != nil {
 		return out, metadata, &smithy.SerializationError{Err: err}
 	}
@@ -164,7 +178,14 @@ func (m *awsRestjson1_serializeOpListAccounts) HandleSerialize(ctx context.Conte
 	request.URL.Path = smithyhttp.JoinPath(request.URL.Path, opPath)
 	request.URL.RawQuery = smithyhttp.JoinRawQuery(request.URL.RawQuery, opQuery)
 	request.Method = "GET"
-	restEncoder, err := httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	var restEncoder *httpbinding.Encoder
+	if request.URL.RawPath == "" {
+		restEncoder, err = httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	} else {
+		request.URL.RawPath = smithyhttp.JoinPath(request.URL.RawPath, opPath)
+		restEncoder, err = httpbinding.NewEncoderWithRawPath(request.URL.Path, request.URL.RawPath, request.URL.RawQuery, request.Header)
+	}
+
 	if err != nil {
 		return out, metadata, &smithy.SerializationError{Err: err}
 	}
@@ -226,7 +247,14 @@ func (m *awsRestjson1_serializeOpLogout) HandleSerialize(ctx context.Context, in
 	request.URL.Path = smithyhttp.JoinPath(request.URL.Path, opPath)
 	request.URL.RawQuery = smithyhttp.JoinRawQuery(request.URL.RawQuery, opQuery)
 	request.Method = "POST"
-	restEncoder, err := httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	var restEncoder *httpbinding.Encoder
+	if request.URL.RawPath == "" {
+		restEncoder, err = httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	} else {
+		request.URL.RawPath = smithyhttp.JoinPath(request.URL.RawPath, opPath)
+		restEncoder, err = httpbinding.NewEncoderWithRawPath(request.URL.Path, request.URL.RawPath, request.URL.RawQuery, request.Header)
+	}
+
 	if err != nil {
 		return out, metadata, &smithy.SerializationError{Err: err}
 	}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/CHANGELOG.md
index c6c01750b..536619724 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/CHANGELOG.md
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/CHANGELOG.md
@@ -1,3 +1,61 @@
+# v1.17.3 (2023-10-12)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.17.2 (2023-10-06)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.17.1 (2023-09-22)
+
+* No change notes available for this release.
+
+# v1.17.0 (2023-09-20)
+
+* **Feature**: Update FIPS endpoints in aws-us-gov.
+
+# v1.16.0 (2023-09-18)
+
+* **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* **Feature**: Adds several endpoint ruleset changes across all models: smaller rulesets, removed non-unique regional endpoints, fixes FIPS and DualStack endpoints, and make region not required in SDK::Endpoint. Additional breakfix to cognito-sync field.
+
+# v1.15.6 (2023-09-05)
+
+* No change notes available for this release.
+
+# v1.15.5 (2023-08-21)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.15.4 (2023-08-18)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.15.3 (2023-08-17)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.15.2 (2023-08-07)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.15.1 (2023-08-01)
+
+* No change notes available for this release.
+
+# v1.15.0 (2023-07-31)
+
+* **Feature**: Adds support for smithy-modeled endpoint resolution. A new rules-based endpoint resolution will be added to the SDK which will supercede and deprecate existing endpoint resolution. Specifically, EndpointResolver will be deprecated while BaseEndpoint and EndpointResolverV2 will take its place. For more information, please see the Endpoints section in our Developer Guide.
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.14.14 (2023-07-28)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.14.13 (2023-07-13)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
 # v1.14.12 (2023-06-15)
 
 * No change notes available for this release.
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_client.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_client.go
index 111f66d3b..24a692276 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_client.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_client.go
@@ -4,6 +4,7 @@ package ssooidc
 
 import (
 	"context"
+	"fmt"
 	"github.com/aws/aws-sdk-go-v2/aws"
 	"github.com/aws/aws-sdk-go-v2/aws/defaults"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
@@ -45,8 +46,6 @@ func New(options Options, optFns ...func(*Options)) *Client {
 
 	resolveHTTPSignerV4(&options)
 
-	resolveDefaultEndpointConfiguration(&options)
-
 	for _, fn := range optFns {
 		fn(&options)
 	}
@@ -64,6 +63,14 @@ type Options struct {
 	// modify this list for per operation behavior.
 	APIOptions []func(*middleware.Stack) error
 
+	// The optional application specific identifier appended to the User-Agent header.
+	AppID string
+
+	// This endpoint will be given as input to an EndpointResolverV2. It is used for
+	// providing a custom base endpoint that is subject to modifications by the
+	// processing EndpointResolverV2.
+	BaseEndpoint *string
+
 	// Configures the events that will be sent to the configured logger.
 	ClientLogMode aws.ClientLogMode
 
@@ -78,8 +85,18 @@ type Options struct {
 	EndpointOptions EndpointResolverOptions
 
 	// The service endpoint resolver.
+	//
+	// Deprecated: Deprecated: EndpointResolver and WithEndpointResolver. Providing a
+	// value for this field will likely prevent you from using any endpoint-related
+	// service features released after the introduction of EndpointResolverV2 and
+	// BaseEndpoint. To migrate an EndpointResolver implementation that uses a custom
+	// endpoint, set the client option BaseEndpoint instead.
 	EndpointResolver EndpointResolver
 
+	// Resolves the endpoint used for a particular service. This should be used over
+	// the deprecated EndpointResolver
+	EndpointResolverV2 EndpointResolverV2
+
 	// Signature Version 4 (SigV4) Signer
 	HTTPSignerV4 HTTPSignerV4
 
@@ -138,14 +155,25 @@ func WithAPIOptions(optFns ...func(*middleware.Stack) error) func(*Options) {
 	}
 }
 
-// WithEndpointResolver returns a functional option for setting the Client's
-// EndpointResolver option.
+// Deprecated: EndpointResolver and WithEndpointResolver. Providing a value for
+// this field will likely prevent you from using any endpoint-related service
+// features released after the introduction of EndpointResolverV2 and BaseEndpoint.
+// To migrate an EndpointResolver implementation that uses a custom endpoint, set
+// the client option BaseEndpoint instead.
 func WithEndpointResolver(v EndpointResolver) func(*Options) {
 	return func(o *Options) {
 		o.EndpointResolver = v
 	}
 }
 
+// WithEndpointResolverV2 returns a functional option for setting the Client's
+// EndpointResolverV2 option.
+func WithEndpointResolverV2(v EndpointResolverV2) func(*Options) {
+	return func(o *Options) {
+		o.EndpointResolverV2 = v
+	}
+}
+
 type HTTPClient interface {
 	Do(*http.Request) (*http.Response, error)
 }
@@ -162,6 +190,8 @@ func (c *Client) invokeOperation(ctx context.Context, opID string, params interf
 	ctx = middleware.ClearStackValues(ctx)
 	stack := middleware.NewStack(opID, smithyhttp.NewStackRequest)
 	options := c.options.Copy()
+	resolveEndpointResolverV2(&options)
+
 	for _, fn := range optFns {
 		fn(&options)
 	}
@@ -196,6 +226,30 @@ func (c *Client) invokeOperation(ctx context.Context, opID string, params interf
 
 type noSmithyDocumentSerde = smithydocument.NoSerde
 
+type legacyEndpointContextSetter struct {
+	LegacyResolver EndpointResolver
+}
+
+func (*legacyEndpointContextSetter) ID() string {
+	return "legacyEndpointContextSetter"
+}
+
+func (m *legacyEndpointContextSetter) HandleInitialize(ctx context.Context, in middleware.InitializeInput, next middleware.InitializeHandler) (
+	out middleware.InitializeOutput, metadata middleware.Metadata, err error,
+) {
+	if m.LegacyResolver != nil {
+		ctx = awsmiddleware.SetRequiresLegacyEndpoints(ctx, true)
+	}
+
+	return next.HandleInitialize(ctx, in)
+
+}
+func addlegacyEndpointContextSetter(stack *middleware.Stack, o Options) error {
+	return stack.Initialize.Add(&legacyEndpointContextSetter{
+		LegacyResolver: o.EndpointResolver,
+	}, middleware.Before)
+}
+
 func resolveDefaultLogger(o *Options) {
 	if o.Logger != nil {
 		return
@@ -233,6 +287,7 @@ func NewFromConfig(cfg aws.Config, optFns ...func(*Options)) *Client {
 		APIOptions:         cfg.APIOptions,
 		Logger:             cfg.Logger,
 		ClientLogMode:      cfg.ClientLogMode,
+		AppID:              cfg.AppID,
 	}
 	resolveAWSRetryerProvider(cfg, &opts)
 	resolveAWSRetryMaxAttempts(cfg, &opts)
@@ -343,11 +398,19 @@ func resolveAWSEndpointResolver(cfg aws.Config, o *Options) {
 	if cfg.EndpointResolver == nil && cfg.EndpointResolverWithOptions == nil {
 		return
 	}
-	o.EndpointResolver = withEndpointResolver(cfg.EndpointResolver, cfg.EndpointResolverWithOptions, NewDefaultEndpointResolver())
+	o.EndpointResolver = withEndpointResolver(cfg.EndpointResolver, cfg.EndpointResolverWithOptions)
 }
 
-func addClientUserAgent(stack *middleware.Stack) error {
-	return awsmiddleware.AddSDKAgentKeyValue(awsmiddleware.APIMetadata, "ssooidc", goModuleVersion)(stack)
+func addClientUserAgent(stack *middleware.Stack, options Options) error {
+	if err := awsmiddleware.AddSDKAgentKeyValue(awsmiddleware.APIMetadata, "ssooidc", goModuleVersion)(stack); err != nil {
+		return err
+	}
+
+	if len(options.AppID) > 0 {
+		return awsmiddleware.AddSDKAgentKey(awsmiddleware.ApplicationIdentifier, options.AppID)(stack)
+	}
+
+	return nil
 }
 
 func addHTTPSignerV4Middleware(stack *middleware.Stack, o Options) error {
@@ -431,3 +494,32 @@ func addRequestResponseLogging(stack *middleware.Stack, o Options) error {
 		LogResponseWithBody: o.ClientLogMode.IsResponseWithBody(),
 	}, middleware.After)
 }
+
+type endpointDisableHTTPSMiddleware struct {
+	EndpointDisableHTTPS bool
+}
+
+func (*endpointDisableHTTPSMiddleware) ID() string {
+	return "endpointDisableHTTPSMiddleware"
+}
+
+func (m *endpointDisableHTTPSMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointDisableHTTPS && !smithyhttp.GetHostnameImmutable(ctx) {
+		req.URL.Scheme = "http"
+	}
+
+	return next.HandleSerialize(ctx, in)
+
+}
+func addendpointDisableHTTPSMiddleware(stack *middleware.Stack, o Options) error {
+	return stack.Serialize.Insert(&endpointDisableHTTPSMiddleware{
+		EndpointDisableHTTPS: o.EndpointOptions.DisableHTTPS,
+	}, "OperationSerializer", middleware.Before)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_op_CreateToken.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_op_CreateToken.go
index 5d7bd3c1f..43df6256c 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_op_CreateToken.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_op_CreateToken.go
@@ -4,7 +4,12 @@ package ssooidc
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -119,6 +124,9 @@ func (c *Client) addOperationCreateTokenMiddlewares(stack *middleware.Stack, opt
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -140,7 +148,7 @@ func (c *Client) addOperationCreateTokenMiddlewares(stack *middleware.Stack, opt
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -149,6 +157,9 @@ func (c *Client) addOperationCreateTokenMiddlewares(stack *middleware.Stack, opt
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addCreateTokenResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpCreateTokenValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -167,6 +178,9 @@ func (c *Client) addOperationCreateTokenMiddlewares(stack *middleware.Stack, opt
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -177,3 +191,126 @@ func newServiceMetadataMiddleware_opCreateToken(region string) *awsmiddleware.Re
 		OperationName: "CreateToken",
 	}
 }
+
+type opCreateTokenResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opCreateTokenResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opCreateTokenResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "awsssooidc"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "awsssooidc"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("awsssooidc")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addCreateTokenResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opCreateTokenResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_op_RegisterClient.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_op_RegisterClient.go
index 1d83b226d..b88ebb706 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_op_RegisterClient.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_op_RegisterClient.go
@@ -4,7 +4,12 @@ package ssooidc
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -84,6 +89,9 @@ func (c *Client) addOperationRegisterClientMiddlewares(stack *middleware.Stack,
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -105,7 +113,7 @@ func (c *Client) addOperationRegisterClientMiddlewares(stack *middleware.Stack,
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -114,6 +122,9 @@ func (c *Client) addOperationRegisterClientMiddlewares(stack *middleware.Stack,
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addRegisterClientResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpRegisterClientValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -132,6 +143,9 @@ func (c *Client) addOperationRegisterClientMiddlewares(stack *middleware.Stack,
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -142,3 +156,126 @@ func newServiceMetadataMiddleware_opRegisterClient(region string) *awsmiddleware
 		OperationName: "RegisterClient",
 	}
 }
+
+type opRegisterClientResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opRegisterClientResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opRegisterClientResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "awsssooidc"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "awsssooidc"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("awsssooidc")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addRegisterClientResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opRegisterClientResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_op_StartDeviceAuthorization.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_op_StartDeviceAuthorization.go
index 70e60db14..327da5f73 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_op_StartDeviceAuthorization.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_op_StartDeviceAuthorization.go
@@ -4,7 +4,12 @@ package ssooidc
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -92,6 +97,9 @@ func (c *Client) addOperationStartDeviceAuthorizationMiddlewares(stack *middlewa
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -113,7 +121,7 @@ func (c *Client) addOperationStartDeviceAuthorizationMiddlewares(stack *middlewa
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -122,6 +130,9 @@ func (c *Client) addOperationStartDeviceAuthorizationMiddlewares(stack *middlewa
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addStartDeviceAuthorizationResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpStartDeviceAuthorizationValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -140,6 +151,9 @@ func (c *Client) addOperationStartDeviceAuthorizationMiddlewares(stack *middlewa
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -150,3 +164,126 @@ func newServiceMetadataMiddleware_opStartDeviceAuthorization(region string) *aws
 		OperationName: "StartDeviceAuthorization",
 	}
 }
+
+type opStartDeviceAuthorizationResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opStartDeviceAuthorizationResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opStartDeviceAuthorizationResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "awsssooidc"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "awsssooidc"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("awsssooidc")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addStartDeviceAuthorizationResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opStartDeviceAuthorizationResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/endpoints.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/endpoints.go
index 35cd21f18..e8d190e48 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/endpoints.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/endpoints.go
@@ -8,9 +8,13 @@ import (
 	"fmt"
 	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
+	"github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn"
 	internalendpoints "github.com/aws/aws-sdk-go-v2/service/ssooidc/internal/endpoints"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
+	"github.com/aws/smithy-go/ptr"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
+	"net/http"
 	"net/url"
 	"strings"
 )
@@ -39,13 +43,6 @@ func (fn EndpointResolverFunc) ResolveEndpoint(region string, options EndpointRe
 	return fn(region, options)
 }
 
-func resolveDefaultEndpointConfiguration(o *Options) {
-	if o.EndpointResolver != nil {
-		return
-	}
-	o.EndpointResolver = NewDefaultEndpointResolver()
-}
-
 // EndpointResolverFromURL returns an EndpointResolver configured using the
 // provided endpoint url. By default, the resolved endpoint resolver uses the
 // client region as signing region, and the endpoint source is set to
@@ -79,6 +76,10 @@ func (*ResolveEndpoint) ID() string {
 func (m *ResolveEndpoint) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
 	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
 ) {
+	if !awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
 	req, ok := in.Request.(*smithyhttp.Request)
 	if !ok {
 		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
@@ -94,6 +95,11 @@ func (m *ResolveEndpoint) HandleSerialize(ctx context.Context, in middleware.Ser
 	var endpoint aws.Endpoint
 	endpoint, err = m.Resolver.ResolveEndpoint(awsmiddleware.GetRegion(ctx), eo)
 	if err != nil {
+		nf := (&aws.EndpointNotFoundError{})
+		if errors.As(err, &nf) {
+			ctx = awsmiddleware.SetRequiresLegacyEndpoints(ctx, false)
+			return next.HandleSerialize(ctx, in)
+		}
 		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
 	}
 
@@ -129,27 +135,10 @@ func removeResolveEndpointMiddleware(stack *middleware.Stack) error {
 
 type wrappedEndpointResolver struct {
 	awsResolver aws.EndpointResolverWithOptions
-	resolver    EndpointResolver
 }
 
 func (w *wrappedEndpointResolver) ResolveEndpoint(region string, options EndpointResolverOptions) (endpoint aws.Endpoint, err error) {
-	if w.awsResolver == nil {
-		goto fallback
-	}
-	endpoint, err = w.awsResolver.ResolveEndpoint(ServiceID, region, options)
-	if err == nil {
-		return endpoint, nil
-	}
-
-	if nf := (&aws.EndpointNotFoundError{}); !errors.As(err, &nf) {
-		return endpoint, err
-	}
-
-fallback:
-	if w.resolver == nil {
-		return endpoint, fmt.Errorf("default endpoint resolver provided was nil")
-	}
-	return w.resolver.ResolveEndpoint(region, options)
+	return w.awsResolver.ResolveEndpoint(ServiceID, region, options)
 }
 
 type awsEndpointResolverAdaptor func(service, region string) (aws.Endpoint, error)
@@ -160,12 +149,13 @@ func (a awsEndpointResolverAdaptor) ResolveEndpoint(service, region string, opti
 
 var _ aws.EndpointResolverWithOptions = awsEndpointResolverAdaptor(nil)
 
-// withEndpointResolver returns an EndpointResolver that first delegates endpoint resolution to the awsResolver.
-// If awsResolver returns aws.EndpointNotFoundError error, the resolver will use the the provided
-// fallbackResolver for resolution.
+// withEndpointResolver returns an aws.EndpointResolverWithOptions that first delegates endpoint resolution to the awsResolver.
+// If awsResolver returns aws.EndpointNotFoundError error, the v1 resolver middleware will swallow the error,
+// and set an appropriate context flag such that fallback will occur when EndpointResolverV2 is invoked
+// via its middleware.
 //
-// fallbackResolver must not be nil
-func withEndpointResolver(awsResolver aws.EndpointResolver, awsResolverWithOptions aws.EndpointResolverWithOptions, fallbackResolver EndpointResolver) EndpointResolver {
+// If another error (besides aws.EndpointNotFoundError) is returned, then that error will be propagated.
+func withEndpointResolver(awsResolver aws.EndpointResolver, awsResolverWithOptions aws.EndpointResolverWithOptions) EndpointResolver {
 	var resolver aws.EndpointResolverWithOptions
 
 	if awsResolverWithOptions != nil {
@@ -176,7 +166,6 @@ func withEndpointResolver(awsResolver aws.EndpointResolver, awsResolverWithOptio
 
 	return &wrappedEndpointResolver{
 		awsResolver: resolver,
-		resolver:    fallbackResolver,
 	}
 }
 
@@ -198,3 +187,313 @@ func finalizeClientEndpointResolverOptions(options *Options) {
 	}
 
 }
+
+func resolveEndpointResolverV2(options *Options) {
+	if options.EndpointResolverV2 == nil {
+		options.EndpointResolverV2 = NewDefaultEndpointResolverV2()
+	}
+}
+
+// Utility function to aid with translating pseudo-regions to classical regions
+// with the appropriate setting indicated by the pseudo-region
+func mapPseudoRegion(pr string) (region string, fips aws.FIPSEndpointState) {
+	const fipsInfix = "-fips-"
+	const fipsPrefix = "fips-"
+	const fipsSuffix = "-fips"
+
+	if strings.Contains(pr, fipsInfix) ||
+		strings.Contains(pr, fipsPrefix) ||
+		strings.Contains(pr, fipsSuffix) {
+		region = strings.ReplaceAll(strings.ReplaceAll(strings.ReplaceAll(
+			pr, fipsInfix, "-"), fipsPrefix, ""), fipsSuffix, "")
+		fips = aws.FIPSEndpointStateEnabled
+	} else {
+		region = pr
+	}
+
+	return region, fips
+}
+
+// builtInParameterResolver is the interface responsible for resolving BuiltIn
+// values during the sourcing of EndpointParameters
+type builtInParameterResolver interface {
+	ResolveBuiltIns(*EndpointParameters) error
+}
+
+// builtInResolver resolves modeled BuiltIn values using only the members defined
+// below.
+type builtInResolver struct {
+	// The AWS region used to dispatch the request.
+	Region string
+
+	// Sourced BuiltIn value in a historical enabled or disabled state.
+	UseDualStack aws.DualStackEndpointState
+
+	// Sourced BuiltIn value in a historical enabled or disabled state.
+	UseFIPS aws.FIPSEndpointState
+
+	// Base endpoint that can potentially be modified during Endpoint resolution.
+	Endpoint *string
+}
+
+// Invoked at runtime to resolve BuiltIn Values. Only resolution code specific to
+// each BuiltIn value is generated.
+func (b *builtInResolver) ResolveBuiltIns(params *EndpointParameters) error {
+
+	region, _ := mapPseudoRegion(b.Region)
+	if len(region) == 0 {
+		return fmt.Errorf("Could not resolve AWS::Region")
+	} else {
+		params.Region = aws.String(region)
+	}
+	if b.UseDualStack == aws.DualStackEndpointStateEnabled {
+		params.UseDualStack = aws.Bool(true)
+	} else {
+		params.UseDualStack = aws.Bool(false)
+	}
+	if b.UseFIPS == aws.FIPSEndpointStateEnabled {
+		params.UseFIPS = aws.Bool(true)
+	} else {
+		params.UseFIPS = aws.Bool(false)
+	}
+	params.Endpoint = b.Endpoint
+	return nil
+}
+
+// EndpointParameters provides the parameters that influence how endpoints are
+// resolved.
+type EndpointParameters struct {
+	// The AWS region used to dispatch the request.
+	//
+	// Parameter is
+	// required.
+	//
+	// AWS::Region
+	Region *string
+
+	// When true, use the dual-stack endpoint. If the configured endpoint does not
+	// support dual-stack, dispatching the request MAY return an error.
+	//
+	// Defaults to
+	// false if no value is provided.
+	//
+	// AWS::UseDualStack
+	UseDualStack *bool
+
+	// When true, send this request to the FIPS-compliant regional endpoint. If the
+	// configured endpoint does not have a FIPS compliant endpoint, dispatching the
+	// request will return an error.
+	//
+	// Defaults to false if no value is
+	// provided.
+	//
+	// AWS::UseFIPS
+	UseFIPS *bool
+
+	// Override the endpoint used to send this request
+	//
+	// Parameter is
+	// required.
+	//
+	// SDK::Endpoint
+	Endpoint *string
+}
+
+// ValidateRequired validates required parameters are set.
+func (p EndpointParameters) ValidateRequired() error {
+	if p.UseDualStack == nil {
+		return fmt.Errorf("parameter UseDualStack is required")
+	}
+
+	if p.UseFIPS == nil {
+		return fmt.Errorf("parameter UseFIPS is required")
+	}
+
+	return nil
+}
+
+// WithDefaults returns a shallow copy of EndpointParameterswith default values
+// applied to members where applicable.
+func (p EndpointParameters) WithDefaults() EndpointParameters {
+	if p.UseDualStack == nil {
+		p.UseDualStack = ptr.Bool(false)
+	}
+
+	if p.UseFIPS == nil {
+		p.UseFIPS = ptr.Bool(false)
+	}
+	return p
+}
+
+// EndpointResolverV2 provides the interface for resolving service endpoints.
+type EndpointResolverV2 interface {
+	// ResolveEndpoint attempts to resolve the endpoint with the provided options,
+	// returning the endpoint if found. Otherwise an error is returned.
+	ResolveEndpoint(ctx context.Context, params EndpointParameters) (
+		smithyendpoints.Endpoint, error,
+	)
+}
+
+// resolver provides the implementation for resolving endpoints.
+type resolver struct{}
+
+func NewDefaultEndpointResolverV2() EndpointResolverV2 {
+	return &resolver{}
+}
+
+// ResolveEndpoint attempts to resolve the endpoint with the provided options,
+// returning the endpoint if found. Otherwise an error is returned.
+func (r *resolver) ResolveEndpoint(
+	ctx context.Context, params EndpointParameters,
+) (
+	endpoint smithyendpoints.Endpoint, err error,
+) {
+	params = params.WithDefaults()
+	if err = params.ValidateRequired(); err != nil {
+		return endpoint, fmt.Errorf("endpoint parameters are not valid, %w", err)
+	}
+	_UseDualStack := *params.UseDualStack
+	_UseFIPS := *params.UseFIPS
+
+	if exprVal := params.Endpoint; exprVal != nil {
+		_Endpoint := *exprVal
+		_ = _Endpoint
+		if _UseFIPS == true {
+			return endpoint, fmt.Errorf("endpoint rule error, %s", "Invalid Configuration: FIPS and custom endpoint are not supported")
+		}
+		if _UseDualStack == true {
+			return endpoint, fmt.Errorf("endpoint rule error, %s", "Invalid Configuration: Dualstack and custom endpoint are not supported")
+		}
+		uriString := _Endpoint
+
+		uri, err := url.Parse(uriString)
+		if err != nil {
+			return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+		}
+
+		return smithyendpoints.Endpoint{
+			URI:     *uri,
+			Headers: http.Header{},
+		}, nil
+	}
+	if exprVal := params.Region; exprVal != nil {
+		_Region := *exprVal
+		_ = _Region
+		if exprVal := awsrulesfn.GetPartition(_Region); exprVal != nil {
+			_PartitionResult := *exprVal
+			_ = _PartitionResult
+			if _UseFIPS == true {
+				if _UseDualStack == true {
+					if true == _PartitionResult.SupportsFIPS {
+						if true == _PartitionResult.SupportsDualStack {
+							uriString := func() string {
+								var out strings.Builder
+								out.WriteString("https://oidc-fips.")
+								out.WriteString(_Region)
+								out.WriteString(".")
+								out.WriteString(_PartitionResult.DualStackDnsSuffix)
+								return out.String()
+							}()
+
+							uri, err := url.Parse(uriString)
+							if err != nil {
+								return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+							}
+
+							return smithyendpoints.Endpoint{
+								URI:     *uri,
+								Headers: http.Header{},
+							}, nil
+						}
+					}
+					return endpoint, fmt.Errorf("endpoint rule error, %s", "FIPS and DualStack are enabled, but this partition does not support one or both")
+				}
+			}
+			if _UseFIPS == true {
+				if true == _PartitionResult.SupportsFIPS {
+					if "aws-us-gov" == _PartitionResult.Name {
+						uriString := func() string {
+							var out strings.Builder
+							out.WriteString("https://oidc.")
+							out.WriteString(_Region)
+							out.WriteString(".amazonaws.com")
+							return out.String()
+						}()
+
+						uri, err := url.Parse(uriString)
+						if err != nil {
+							return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+						}
+
+						return smithyendpoints.Endpoint{
+							URI:     *uri,
+							Headers: http.Header{},
+						}, nil
+					}
+					uriString := func() string {
+						var out strings.Builder
+						out.WriteString("https://oidc-fips.")
+						out.WriteString(_Region)
+						out.WriteString(".")
+						out.WriteString(_PartitionResult.DnsSuffix)
+						return out.String()
+					}()
+
+					uri, err := url.Parse(uriString)
+					if err != nil {
+						return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+					}
+
+					return smithyendpoints.Endpoint{
+						URI:     *uri,
+						Headers: http.Header{},
+					}, nil
+				}
+				return endpoint, fmt.Errorf("endpoint rule error, %s", "FIPS is enabled but this partition does not support FIPS")
+			}
+			if _UseDualStack == true {
+				if true == _PartitionResult.SupportsDualStack {
+					uriString := func() string {
+						var out strings.Builder
+						out.WriteString("https://oidc.")
+						out.WriteString(_Region)
+						out.WriteString(".")
+						out.WriteString(_PartitionResult.DualStackDnsSuffix)
+						return out.String()
+					}()
+
+					uri, err := url.Parse(uriString)
+					if err != nil {
+						return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+					}
+
+					return smithyendpoints.Endpoint{
+						URI:     *uri,
+						Headers: http.Header{},
+					}, nil
+				}
+				return endpoint, fmt.Errorf("endpoint rule error, %s", "DualStack is enabled but this partition does not support DualStack")
+			}
+			uriString := func() string {
+				var out strings.Builder
+				out.WriteString("https://oidc.")
+				out.WriteString(_Region)
+				out.WriteString(".")
+				out.WriteString(_PartitionResult.DnsSuffix)
+				return out.String()
+			}()
+
+			uri, err := url.Parse(uriString)
+			if err != nil {
+				return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+			}
+
+			return smithyendpoints.Endpoint{
+				URI:     *uri,
+				Headers: http.Header{},
+			}, nil
+		}
+		return endpoint, fmt.Errorf("Endpoint resolution failed. Invalid operation or environment input.")
+	}
+	return endpoint, fmt.Errorf("endpoint rule error, %s", "Invalid Configuration: Missing Region")
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/generated.json b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/generated.json
index 4afe3223e..fe2d075ad 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/generated.json
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/generated.json
@@ -3,7 +3,8 @@
         "github.com/aws/aws-sdk-go-v2": "v1.4.0",
         "github.com/aws/aws-sdk-go-v2/internal/configsources": "v0.0.0-00010101000000-000000000000",
         "github.com/aws/aws-sdk-go-v2/internal/endpoints/v2": "v2.0.0-00010101000000-000000000000",
-        "github.com/aws/smithy-go": "v1.4.0"
+        "github.com/aws/smithy-go": "v1.4.0",
+        "github.com/google/go-cmp": "v0.5.4"
     },
     "files": [
         "api_client.go",
@@ -14,6 +15,7 @@
         "deserializers.go",
         "doc.go",
         "endpoints.go",
+        "endpoints_test.go",
         "generated.json",
         "internal/endpoints/endpoints.go",
         "internal/endpoints/endpoints_test.go",
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/go_module_metadata.go
index 82156c20f..fab953b91 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/go_module_metadata.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/go_module_metadata.go
@@ -3,4 +3,4 @@
 package ssooidc
 
 // goModuleVersion is the tagged release for this module
-const goModuleVersion = "1.14.12"
+const goModuleVersion = "1.17.3"
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/internal/endpoints/endpoints.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/internal/endpoints/endpoints.go
index b04fb46fe..c48da8b88 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/internal/endpoints/endpoints.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/internal/endpoints/endpoints.go
@@ -94,7 +94,7 @@ var partitionRegexp = struct {
 	AwsUsGov *regexp.Regexp
 }{
 
-	Aws:      regexp.MustCompile("^(us|eu|ap|sa|ca|me|af)\\-\\w+\\-\\d+$"),
+	Aws:      regexp.MustCompile("^(us|eu|ap|sa|ca|me|af|il)\\-\\w+\\-\\d+$"),
 	AwsCn:    regexp.MustCompile("^cn\\-\\w+\\-\\d+$"),
 	AwsIso:   regexp.MustCompile("^us\\-iso\\-\\w+\\-\\d+$"),
 	AwsIsoB:  regexp.MustCompile("^us\\-isob\\-\\w+\\-\\d+$"),
@@ -227,6 +227,14 @@ var defaultPartitions = endpoints.Partitions{
 					Region: "eu-central-1",
 				},
 			},
+			endpoints.EndpointKey{
+				Region: "eu-central-2",
+			}: endpoints.Endpoint{
+				Hostname: "oidc.eu-central-2.amazonaws.com",
+				CredentialScope: endpoints.CredentialScope{
+					Region: "eu-central-2",
+				},
+			},
 			endpoints.EndpointKey{
 				Region: "eu-north-1",
 			}: endpoints.Endpoint{
@@ -267,6 +275,14 @@ var defaultPartitions = endpoints.Partitions{
 					Region: "eu-west-3",
 				},
 			},
+			endpoints.EndpointKey{
+				Region: "il-central-1",
+			}: endpoints.Endpoint{
+				Hostname: "oidc.il-central-1.amazonaws.com",
+				CredentialScope: endpoints.CredentialScope{
+					Region: "il-central-1",
+				},
+			},
 			endpoints.EndpointKey{
 				Region: "me-south-1",
 			}: endpoints.Endpoint{
@@ -351,6 +367,24 @@ var defaultPartitions = endpoints.Partitions{
 		},
 		RegionRegex:    partitionRegexp.AwsCn,
 		IsRegionalized: true,
+		Endpoints: endpoints.Endpoints{
+			endpoints.EndpointKey{
+				Region: "cn-north-1",
+			}: endpoints.Endpoint{
+				Hostname: "oidc.cn-north-1.amazonaws.com.cn",
+				CredentialScope: endpoints.CredentialScope{
+					Region: "cn-north-1",
+				},
+			},
+			endpoints.EndpointKey{
+				Region: "cn-northwest-1",
+			}: endpoints.Endpoint{
+				Hostname: "oidc.cn-northwest-1.amazonaws.com.cn",
+				CredentialScope: endpoints.CredentialScope{
+					Region: "cn-northwest-1",
+				},
+			},
+		},
 	},
 	{
 		ID: "aws-iso",
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/serializers.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/serializers.go
index a8cfd7b46..efca8b250 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/serializers.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/serializers.go
@@ -38,7 +38,14 @@ func (m *awsRestjson1_serializeOpCreateToken) HandleSerialize(ctx context.Contex
 	request.URL.Path = smithyhttp.JoinPath(request.URL.Path, opPath)
 	request.URL.RawQuery = smithyhttp.JoinRawQuery(request.URL.RawQuery, opQuery)
 	request.Method = "POST"
-	restEncoder, err := httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	var restEncoder *httpbinding.Encoder
+	if request.URL.RawPath == "" {
+		restEncoder, err = httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	} else {
+		request.URL.RawPath = smithyhttp.JoinPath(request.URL.RawPath, opPath)
+		restEncoder, err = httpbinding.NewEncoderWithRawPath(request.URL.Path, request.URL.RawPath, request.URL.RawQuery, request.Header)
+	}
+
 	if err != nil {
 		return out, metadata, &smithy.SerializationError{Err: err}
 	}
@@ -143,7 +150,14 @@ func (m *awsRestjson1_serializeOpRegisterClient) HandleSerialize(ctx context.Con
 	request.URL.Path = smithyhttp.JoinPath(request.URL.Path, opPath)
 	request.URL.RawQuery = smithyhttp.JoinRawQuery(request.URL.RawQuery, opQuery)
 	request.Method = "POST"
-	restEncoder, err := httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	var restEncoder *httpbinding.Encoder
+	if request.URL.RawPath == "" {
+		restEncoder, err = httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	} else {
+		request.URL.RawPath = smithyhttp.JoinPath(request.URL.RawPath, opPath)
+		restEncoder, err = httpbinding.NewEncoderWithRawPath(request.URL.Path, request.URL.RawPath, request.URL.RawQuery, request.Header)
+	}
+
 	if err != nil {
 		return out, metadata, &smithy.SerializationError{Err: err}
 	}
@@ -223,7 +237,14 @@ func (m *awsRestjson1_serializeOpStartDeviceAuthorization) HandleSerialize(ctx c
 	request.URL.Path = smithyhttp.JoinPath(request.URL.Path, opPath)
 	request.URL.RawQuery = smithyhttp.JoinRawQuery(request.URL.RawQuery, opQuery)
 	request.Method = "POST"
-	restEncoder, err := httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	var restEncoder *httpbinding.Encoder
+	if request.URL.RawPath == "" {
+		restEncoder, err = httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
+	} else {
+		request.URL.RawPath = smithyhttp.JoinPath(request.URL.RawPath, opPath)
+		restEncoder, err = httpbinding.NewEncoderWithRawPath(request.URL.Path, request.URL.RawPath, request.URL.RawQuery, request.Header)
+	}
+
 	if err != nil {
 		return out, metadata, &smithy.SerializationError{Err: err}
 	}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/CHANGELOG.md
index 46a30e5b7..d94dc1ab3 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/CHANGELOG.md
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/CHANGELOG.md
@@ -1,3 +1,57 @@
+# v1.23.2 (2023-10-12)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.23.1 (2023-10-06)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.23.0 (2023-10-02)
+
+* **Feature**: STS API updates for assumeRole
+
+# v1.22.0 (2023-09-18)
+
+* **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* **Feature**: Adds several endpoint ruleset changes across all models: smaller rulesets, removed non-unique regional endpoints, fixes FIPS and DualStack endpoints, and make region not required in SDK::Endpoint. Additional breakfix to cognito-sync field.
+
+# v1.21.5 (2023-08-21)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.21.4 (2023-08-18)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.21.3 (2023-08-17)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.21.2 (2023-08-07)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.21.1 (2023-08-01)
+
+* No change notes available for this release.
+
+# v1.21.0 (2023-07-31)
+
+* **Feature**: Adds support for smithy-modeled endpoint resolution. A new rules-based endpoint resolution will be added to the SDK which will supercede and deprecate existing endpoint resolution. Specifically, EndpointResolver will be deprecated while BaseEndpoint and EndpointResolverV2 will take its place. For more information, please see the Endpoints section in our Developer Guide.
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.20.1 (2023-07-28)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.20.0 (2023-07-25)
+
+* **Feature**: API updates for the AWS Security Token Service
+
+# v1.19.3 (2023-07-13)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
 # v1.19.2 (2023-06-15)
 
 * No change notes available for this release.
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_client.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_client.go
index 78eb26702..22ac69043 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_client.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_client.go
@@ -4,6 +4,7 @@ package sts
 
 import (
 	"context"
+	"fmt"
 	"github.com/aws/aws-sdk-go-v2/aws"
 	"github.com/aws/aws-sdk-go-v2/aws/defaults"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
@@ -48,8 +49,6 @@ func New(options Options, optFns ...func(*Options)) *Client {
 
 	resolveHTTPSignerV4(&options)
 
-	resolveDefaultEndpointConfiguration(&options)
-
 	for _, fn := range optFns {
 		fn(&options)
 	}
@@ -67,6 +66,14 @@ type Options struct {
 	// modify this list for per operation behavior.
 	APIOptions []func(*middleware.Stack) error
 
+	// The optional application specific identifier appended to the User-Agent header.
+	AppID string
+
+	// This endpoint will be given as input to an EndpointResolverV2. It is used for
+	// providing a custom base endpoint that is subject to modifications by the
+	// processing EndpointResolverV2.
+	BaseEndpoint *string
+
 	// Configures the events that will be sent to the configured logger.
 	ClientLogMode aws.ClientLogMode
 
@@ -81,8 +88,18 @@ type Options struct {
 	EndpointOptions EndpointResolverOptions
 
 	// The service endpoint resolver.
+	//
+	// Deprecated: Deprecated: EndpointResolver and WithEndpointResolver. Providing a
+	// value for this field will likely prevent you from using any endpoint-related
+	// service features released after the introduction of EndpointResolverV2 and
+	// BaseEndpoint. To migrate an EndpointResolver implementation that uses a custom
+	// endpoint, set the client option BaseEndpoint instead.
 	EndpointResolver EndpointResolver
 
+	// Resolves the endpoint used for a particular service. This should be used over
+	// the deprecated EndpointResolver
+	EndpointResolverV2 EndpointResolverV2
+
 	// Signature Version 4 (SigV4) Signer
 	HTTPSignerV4 HTTPSignerV4
 
@@ -141,14 +158,25 @@ func WithAPIOptions(optFns ...func(*middleware.Stack) error) func(*Options) {
 	}
 }
 
-// WithEndpointResolver returns a functional option for setting the Client's
-// EndpointResolver option.
+// Deprecated: EndpointResolver and WithEndpointResolver. Providing a value for
+// this field will likely prevent you from using any endpoint-related service
+// features released after the introduction of EndpointResolverV2 and BaseEndpoint.
+// To migrate an EndpointResolver implementation that uses a custom endpoint, set
+// the client option BaseEndpoint instead.
 func WithEndpointResolver(v EndpointResolver) func(*Options) {
 	return func(o *Options) {
 		o.EndpointResolver = v
 	}
 }
 
+// WithEndpointResolverV2 returns a functional option for setting the Client's
+// EndpointResolverV2 option.
+func WithEndpointResolverV2(v EndpointResolverV2) func(*Options) {
+	return func(o *Options) {
+		o.EndpointResolverV2 = v
+	}
+}
+
 type HTTPClient interface {
 	Do(*http.Request) (*http.Response, error)
 }
@@ -165,6 +193,8 @@ func (c *Client) invokeOperation(ctx context.Context, opID string, params interf
 	ctx = middleware.ClearStackValues(ctx)
 	stack := middleware.NewStack(opID, smithyhttp.NewStackRequest)
 	options := c.options.Copy()
+	resolveEndpointResolverV2(&options)
+
 	for _, fn := range optFns {
 		fn(&options)
 	}
@@ -199,6 +229,30 @@ func (c *Client) invokeOperation(ctx context.Context, opID string, params interf
 
 type noSmithyDocumentSerde = smithydocument.NoSerde
 
+type legacyEndpointContextSetter struct {
+	LegacyResolver EndpointResolver
+}
+
+func (*legacyEndpointContextSetter) ID() string {
+	return "legacyEndpointContextSetter"
+}
+
+func (m *legacyEndpointContextSetter) HandleInitialize(ctx context.Context, in middleware.InitializeInput, next middleware.InitializeHandler) (
+	out middleware.InitializeOutput, metadata middleware.Metadata, err error,
+) {
+	if m.LegacyResolver != nil {
+		ctx = awsmiddleware.SetRequiresLegacyEndpoints(ctx, true)
+	}
+
+	return next.HandleInitialize(ctx, in)
+
+}
+func addlegacyEndpointContextSetter(stack *middleware.Stack, o Options) error {
+	return stack.Initialize.Add(&legacyEndpointContextSetter{
+		LegacyResolver: o.EndpointResolver,
+	}, middleware.Before)
+}
+
 func resolveDefaultLogger(o *Options) {
 	if o.Logger != nil {
 		return
@@ -236,6 +290,7 @@ func NewFromConfig(cfg aws.Config, optFns ...func(*Options)) *Client {
 		APIOptions:         cfg.APIOptions,
 		Logger:             cfg.Logger,
 		ClientLogMode:      cfg.ClientLogMode,
+		AppID:              cfg.AppID,
 	}
 	resolveAWSRetryerProvider(cfg, &opts)
 	resolveAWSRetryMaxAttempts(cfg, &opts)
@@ -346,11 +401,19 @@ func resolveAWSEndpointResolver(cfg aws.Config, o *Options) {
 	if cfg.EndpointResolver == nil && cfg.EndpointResolverWithOptions == nil {
 		return
 	}
-	o.EndpointResolver = withEndpointResolver(cfg.EndpointResolver, cfg.EndpointResolverWithOptions, NewDefaultEndpointResolver())
+	o.EndpointResolver = withEndpointResolver(cfg.EndpointResolver, cfg.EndpointResolverWithOptions)
 }
 
-func addClientUserAgent(stack *middleware.Stack) error {
-	return awsmiddleware.AddSDKAgentKeyValue(awsmiddleware.APIMetadata, "sts", goModuleVersion)(stack)
+func addClientUserAgent(stack *middleware.Stack, options Options) error {
+	if err := awsmiddleware.AddSDKAgentKeyValue(awsmiddleware.APIMetadata, "sts", goModuleVersion)(stack); err != nil {
+		return err
+	}
+
+	if len(options.AppID) > 0 {
+		return awsmiddleware.AddSDKAgentKey(awsmiddleware.ApplicationIdentifier, options.AppID)(stack)
+	}
+
+	return nil
 }
 
 func addHTTPSignerV4Middleware(stack *middleware.Stack, o Options) error {
@@ -535,3 +598,32 @@ func addRequestResponseLogging(stack *middleware.Stack, o Options) error {
 		LogResponseWithBody: o.ClientLogMode.IsResponseWithBody(),
 	}, middleware.After)
 }
+
+type endpointDisableHTTPSMiddleware struct {
+	EndpointDisableHTTPS bool
+}
+
+func (*endpointDisableHTTPSMiddleware) ID() string {
+	return "endpointDisableHTTPSMiddleware"
+}
+
+func (m *endpointDisableHTTPSMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointDisableHTTPS && !smithyhttp.GetHostnameImmutable(ctx) {
+		req.URL.Scheme = "http"
+	}
+
+	return next.HandleSerialize(ctx, in)
+
+}
+func addendpointDisableHTTPSMiddleware(stack *middleware.Stack, o Options) error {
+	return stack.Serialize.Insert(&endpointDisableHTTPSMiddleware{
+		EndpointDisableHTTPS: o.EndpointOptions.DisableHTTPS,
+	}, "OperationSerializer", middleware.Before)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_AssumeRole.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_AssumeRole.go
index db22efc0e..0ef7affc5 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_AssumeRole.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_AssumeRole.go
@@ -4,9 +4,14 @@ package sts
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
 	"github.com/aws/aws-sdk-go-v2/service/sts/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -199,6 +204,9 @@ type AssumeRoleInput struct {
 	// in the IAM User Guide.
 	PolicyArns []types.PolicyDescriptorType
 
+	// Reserved for future use.
+	ProvidedContexts []types.ProvidedContext
+
 	// The identification number of the MFA device that is associated with the user
 	// who is making the AssumeRole call. Specify this value if the trust policy of
 	// the role being assumed includes a condition that requires MFA authentication.
@@ -327,6 +335,9 @@ func (c *Client) addOperationAssumeRoleMiddlewares(stack *middleware.Stack, opti
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -354,7 +365,7 @@ func (c *Client) addOperationAssumeRoleMiddlewares(stack *middleware.Stack, opti
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -363,6 +374,9 @@ func (c *Client) addOperationAssumeRoleMiddlewares(stack *middleware.Stack, opti
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addAssumeRoleResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpAssumeRoleValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -381,6 +395,9 @@ func (c *Client) addOperationAssumeRoleMiddlewares(stack *middleware.Stack, opti
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -416,3 +433,126 @@ func (c *PresignClient) PresignAssumeRole(ctx context.Context, params *AssumeRol
 	out := result.(*v4.PresignedHTTPRequest)
 	return out, nil
 }
+
+type opAssumeRoleResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opAssumeRoleResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opAssumeRoleResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "sts"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "sts"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("sts")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addAssumeRoleResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opAssumeRoleResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_AssumeRoleWithSAML.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_AssumeRoleWithSAML.go
index 65dccc9ea..9c33720d4 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_AssumeRoleWithSAML.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_AssumeRoleWithSAML.go
@@ -4,8 +4,13 @@ package sts
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
 	"github.com/aws/aws-sdk-go-v2/service/sts/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -284,6 +289,9 @@ func (c *Client) addOperationAssumeRoleWithSAMLMiddlewares(stack *middleware.Sta
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -305,7 +313,7 @@ func (c *Client) addOperationAssumeRoleWithSAMLMiddlewares(stack *middleware.Sta
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -314,6 +322,9 @@ func (c *Client) addOperationAssumeRoleWithSAMLMiddlewares(stack *middleware.Sta
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addAssumeRoleWithSAMLResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpAssumeRoleWithSAMLValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -332,6 +343,9 @@ func (c *Client) addOperationAssumeRoleWithSAMLMiddlewares(stack *middleware.Sta
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -343,3 +357,126 @@ func newServiceMetadataMiddleware_opAssumeRoleWithSAML(region string) *awsmiddle
 		OperationName: "AssumeRoleWithSAML",
 	}
 }
+
+type opAssumeRoleWithSAMLResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opAssumeRoleWithSAMLResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opAssumeRoleWithSAMLResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "sts"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "sts"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("sts")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addAssumeRoleWithSAMLResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opAssumeRoleWithSAMLResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_AssumeRoleWithWebIdentity.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_AssumeRoleWithWebIdentity.go
index f00f30763..fa4a60845 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_AssumeRoleWithWebIdentity.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_AssumeRoleWithWebIdentity.go
@@ -4,8 +4,13 @@ package sts
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
 	"github.com/aws/aws-sdk-go-v2/service/sts/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -149,7 +154,8 @@ type AssumeRoleWithWebIdentityInput struct {
 	// The OAuth 2.0 access token or OpenID Connect ID token that is provided by the
 	// identity provider. Your application must get this token by authenticating the
 	// user who is using your application with a web identity provider before the
-	// application makes an AssumeRoleWithWebIdentity call.
+	// application makes an AssumeRoleWithWebIdentity call. Only tokens with RSA
+	// algorithms (RS256) are supported.
 	//
 	// This member is required.
 	WebIdentityToken *string
@@ -302,6 +308,9 @@ func (c *Client) addOperationAssumeRoleWithWebIdentityMiddlewares(stack *middlew
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -323,7 +332,7 @@ func (c *Client) addOperationAssumeRoleWithWebIdentityMiddlewares(stack *middlew
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -332,6 +341,9 @@ func (c *Client) addOperationAssumeRoleWithWebIdentityMiddlewares(stack *middlew
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addAssumeRoleWithWebIdentityResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpAssumeRoleWithWebIdentityValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -350,6 +362,9 @@ func (c *Client) addOperationAssumeRoleWithWebIdentityMiddlewares(stack *middlew
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -361,3 +376,126 @@ func newServiceMetadataMiddleware_opAssumeRoleWithWebIdentity(region string) *aw
 		OperationName: "AssumeRoleWithWebIdentity",
 	}
 }
+
+type opAssumeRoleWithWebIdentityResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opAssumeRoleWithWebIdentityResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opAssumeRoleWithWebIdentityResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "sts"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "sts"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("sts")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addAssumeRoleWithWebIdentityResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opAssumeRoleWithWebIdentityResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_DecodeAuthorizationMessage.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_DecodeAuthorizationMessage.go
index 587d1d3c0..baf2f9686 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_DecodeAuthorizationMessage.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_DecodeAuthorizationMessage.go
@@ -4,8 +4,13 @@ package sts
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -81,6 +86,9 @@ func (c *Client) addOperationDecodeAuthorizationMessageMiddlewares(stack *middle
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -108,7 +116,7 @@ func (c *Client) addOperationDecodeAuthorizationMessageMiddlewares(stack *middle
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -117,6 +125,9 @@ func (c *Client) addOperationDecodeAuthorizationMessageMiddlewares(stack *middle
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addDecodeAuthorizationMessageResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpDecodeAuthorizationMessageValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -135,6 +146,9 @@ func (c *Client) addOperationDecodeAuthorizationMessageMiddlewares(stack *middle
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -146,3 +160,126 @@ func newServiceMetadataMiddleware_opDecodeAuthorizationMessage(region string) *a
 		OperationName: "DecodeAuthorizationMessage",
 	}
 }
+
+type opDecodeAuthorizationMessageResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opDecodeAuthorizationMessageResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opDecodeAuthorizationMessageResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "sts"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "sts"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("sts")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addDecodeAuthorizationMessageResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opDecodeAuthorizationMessageResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetAccessKeyInfo.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetAccessKeyInfo.go
index f090ecf47..f1dd167da 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetAccessKeyInfo.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetAccessKeyInfo.go
@@ -4,8 +4,13 @@ package sts
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -74,6 +79,9 @@ func (c *Client) addOperationGetAccessKeyInfoMiddlewares(stack *middleware.Stack
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -101,7 +109,7 @@ func (c *Client) addOperationGetAccessKeyInfoMiddlewares(stack *middleware.Stack
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -110,6 +118,9 @@ func (c *Client) addOperationGetAccessKeyInfoMiddlewares(stack *middleware.Stack
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addGetAccessKeyInfoResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpGetAccessKeyInfoValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -128,6 +139,9 @@ func (c *Client) addOperationGetAccessKeyInfoMiddlewares(stack *middleware.Stack
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -139,3 +153,126 @@ func newServiceMetadataMiddleware_opGetAccessKeyInfo(region string) *awsmiddlewa
 		OperationName: "GetAccessKeyInfo",
 	}
 }
+
+type opGetAccessKeyInfoResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opGetAccessKeyInfoResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opGetAccessKeyInfoResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "sts"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "sts"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("sts")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addGetAccessKeyInfoResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opGetAccessKeyInfoResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetCallerIdentity.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetCallerIdentity.go
index 93823927b..66e5d99d4 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetCallerIdentity.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetCallerIdentity.go
@@ -4,8 +4,13 @@ package sts
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -69,6 +74,9 @@ func (c *Client) addOperationGetCallerIdentityMiddlewares(stack *middleware.Stac
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -96,7 +104,7 @@ func (c *Client) addOperationGetCallerIdentityMiddlewares(stack *middleware.Stac
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -105,6 +113,9 @@ func (c *Client) addOperationGetCallerIdentityMiddlewares(stack *middleware.Stac
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addGetCallerIdentityResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opGetCallerIdentity(options.Region), middleware.Before); err != nil {
 		return err
 	}
@@ -120,6 +131,9 @@ func (c *Client) addOperationGetCallerIdentityMiddlewares(stack *middleware.Stac
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -155,3 +169,126 @@ func (c *PresignClient) PresignGetCallerIdentity(ctx context.Context, params *Ge
 	out := result.(*v4.PresignedHTTPRequest)
 	return out, nil
 }
+
+type opGetCallerIdentityResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opGetCallerIdentityResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opGetCallerIdentityResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "sts"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "sts"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("sts")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addGetCallerIdentityResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opGetCallerIdentityResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetFederationToken.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetFederationToken.go
index ccb7366e2..d577ef686 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetFederationToken.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetFederationToken.go
@@ -4,9 +4,14 @@ package sts
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
 	"github.com/aws/aws-sdk-go-v2/service/sts/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -241,6 +246,9 @@ func (c *Client) addOperationGetFederationTokenMiddlewares(stack *middleware.Sta
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -268,7 +276,7 @@ func (c *Client) addOperationGetFederationTokenMiddlewares(stack *middleware.Sta
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -277,6 +285,9 @@ func (c *Client) addOperationGetFederationTokenMiddlewares(stack *middleware.Sta
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addGetFederationTokenResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpGetFederationTokenValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -295,6 +306,9 @@ func (c *Client) addOperationGetFederationTokenMiddlewares(stack *middleware.Sta
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -306,3 +320,126 @@ func newServiceMetadataMiddleware_opGetFederationToken(region string) *awsmiddle
 		OperationName: "GetFederationToken",
 	}
 }
+
+type opGetFederationTokenResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opGetFederationTokenResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opGetFederationTokenResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "sts"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "sts"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("sts")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addGetFederationTokenResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opGetFederationTokenResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetSessionToken.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetSessionToken.go
index 4dfac4c98..7a2345e80 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetSessionToken.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetSessionToken.go
@@ -4,9 +4,14 @@ package sts
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
 	"github.com/aws/aws-sdk-go-v2/service/sts/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -127,6 +132,9 @@ func (c *Client) addOperationGetSessionTokenMiddlewares(stack *middleware.Stack,
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -154,7 +162,7 @@ func (c *Client) addOperationGetSessionTokenMiddlewares(stack *middleware.Stack,
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -163,6 +171,9 @@ func (c *Client) addOperationGetSessionTokenMiddlewares(stack *middleware.Stack,
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addGetSessionTokenResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opGetSessionToken(options.Region), middleware.Before); err != nil {
 		return err
 	}
@@ -178,6 +189,9 @@ func (c *Client) addOperationGetSessionTokenMiddlewares(stack *middleware.Stack,
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -189,3 +203,126 @@ func newServiceMetadataMiddleware_opGetSessionToken(region string) *awsmiddlewar
 		OperationName: "GetSessionToken",
 	}
 }
+
+type opGetSessionTokenResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opGetSessionTokenResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opGetSessionTokenResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "sts"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "sts"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("sts")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addGetSessionTokenResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opGetSessionTokenResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/endpoints.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/endpoints.go
index cababea22..ef1caae8d 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/endpoints.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/endpoints.go
@@ -8,9 +8,14 @@ import (
 	"fmt"
 	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
+	"github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn"
 	internalendpoints "github.com/aws/aws-sdk-go-v2/service/sts/internal/endpoints"
+	smithy "github.com/aws/smithy-go"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
+	"github.com/aws/smithy-go/ptr"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
+	"net/http"
 	"net/url"
 	"strings"
 )
@@ -39,13 +44,6 @@ func (fn EndpointResolverFunc) ResolveEndpoint(region string, options EndpointRe
 	return fn(region, options)
 }
 
-func resolveDefaultEndpointConfiguration(o *Options) {
-	if o.EndpointResolver != nil {
-		return
-	}
-	o.EndpointResolver = NewDefaultEndpointResolver()
-}
-
 // EndpointResolverFromURL returns an EndpointResolver configured using the
 // provided endpoint url. By default, the resolved endpoint resolver uses the
 // client region as signing region, and the endpoint source is set to
@@ -79,6 +77,10 @@ func (*ResolveEndpoint) ID() string {
 func (m *ResolveEndpoint) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
 	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
 ) {
+	if !awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
 	req, ok := in.Request.(*smithyhttp.Request)
 	if !ok {
 		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
@@ -94,6 +96,11 @@ func (m *ResolveEndpoint) HandleSerialize(ctx context.Context, in middleware.Ser
 	var endpoint aws.Endpoint
 	endpoint, err = m.Resolver.ResolveEndpoint(awsmiddleware.GetRegion(ctx), eo)
 	if err != nil {
+		nf := (&aws.EndpointNotFoundError{})
+		if errors.As(err, &nf) {
+			ctx = awsmiddleware.SetRequiresLegacyEndpoints(ctx, false)
+			return next.HandleSerialize(ctx, in)
+		}
 		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
 	}
 
@@ -129,27 +136,10 @@ func removeResolveEndpointMiddleware(stack *middleware.Stack) error {
 
 type wrappedEndpointResolver struct {
 	awsResolver aws.EndpointResolverWithOptions
-	resolver    EndpointResolver
 }
 
 func (w *wrappedEndpointResolver) ResolveEndpoint(region string, options EndpointResolverOptions) (endpoint aws.Endpoint, err error) {
-	if w.awsResolver == nil {
-		goto fallback
-	}
-	endpoint, err = w.awsResolver.ResolveEndpoint(ServiceID, region, options)
-	if err == nil {
-		return endpoint, nil
-	}
-
-	if nf := (&aws.EndpointNotFoundError{}); !errors.As(err, &nf) {
-		return endpoint, err
-	}
-
-fallback:
-	if w.resolver == nil {
-		return endpoint, fmt.Errorf("default endpoint resolver provided was nil")
-	}
-	return w.resolver.ResolveEndpoint(region, options)
+	return w.awsResolver.ResolveEndpoint(ServiceID, region, options)
 }
 
 type awsEndpointResolverAdaptor func(service, region string) (aws.Endpoint, error)
@@ -160,12 +150,13 @@ func (a awsEndpointResolverAdaptor) ResolveEndpoint(service, region string, opti
 
 var _ aws.EndpointResolverWithOptions = awsEndpointResolverAdaptor(nil)
 
-// withEndpointResolver returns an EndpointResolver that first delegates endpoint resolution to the awsResolver.
-// If awsResolver returns aws.EndpointNotFoundError error, the resolver will use the the provided
-// fallbackResolver for resolution.
+// withEndpointResolver returns an aws.EndpointResolverWithOptions that first delegates endpoint resolution to the awsResolver.
+// If awsResolver returns aws.EndpointNotFoundError error, the v1 resolver middleware will swallow the error,
+// and set an appropriate context flag such that fallback will occur when EndpointResolverV2 is invoked
+// via its middleware.
 //
-// fallbackResolver must not be nil
-func withEndpointResolver(awsResolver aws.EndpointResolver, awsResolverWithOptions aws.EndpointResolverWithOptions, fallbackResolver EndpointResolver) EndpointResolver {
+// If another error (besides aws.EndpointNotFoundError) is returned, then that error will be propagated.
+func withEndpointResolver(awsResolver aws.EndpointResolver, awsResolverWithOptions aws.EndpointResolverWithOptions) EndpointResolver {
 	var resolver aws.EndpointResolverWithOptions
 
 	if awsResolverWithOptions != nil {
@@ -176,7 +167,6 @@ func withEndpointResolver(awsResolver aws.EndpointResolver, awsResolverWithOptio
 
 	return &wrappedEndpointResolver{
 		awsResolver: resolver,
-		resolver:    fallbackResolver,
 	}
 }
 
@@ -198,3 +188,789 @@ func finalizeClientEndpointResolverOptions(options *Options) {
 	}
 
 }
+
+func resolveEndpointResolverV2(options *Options) {
+	if options.EndpointResolverV2 == nil {
+		options.EndpointResolverV2 = NewDefaultEndpointResolverV2()
+	}
+}
+
+// Utility function to aid with translating pseudo-regions to classical regions
+// with the appropriate setting indicated by the pseudo-region
+func mapPseudoRegion(pr string) (region string, fips aws.FIPSEndpointState) {
+	const fipsInfix = "-fips-"
+	const fipsPrefix = "fips-"
+	const fipsSuffix = "-fips"
+
+	if strings.Contains(pr, fipsInfix) ||
+		strings.Contains(pr, fipsPrefix) ||
+		strings.Contains(pr, fipsSuffix) {
+		region = strings.ReplaceAll(strings.ReplaceAll(strings.ReplaceAll(
+			pr, fipsInfix, "-"), fipsPrefix, ""), fipsSuffix, "")
+		fips = aws.FIPSEndpointStateEnabled
+	} else {
+		region = pr
+	}
+
+	return region, fips
+}
+
+// builtInParameterResolver is the interface responsible for resolving BuiltIn
+// values during the sourcing of EndpointParameters
+type builtInParameterResolver interface {
+	ResolveBuiltIns(*EndpointParameters) error
+}
+
+// builtInResolver resolves modeled BuiltIn values using only the members defined
+// below.
+type builtInResolver struct {
+	// The AWS region used to dispatch the request.
+	Region string
+
+	// Sourced BuiltIn value in a historical enabled or disabled state.
+	UseDualStack aws.DualStackEndpointState
+
+	// Sourced BuiltIn value in a historical enabled or disabled state.
+	UseFIPS aws.FIPSEndpointState
+
+	// Base endpoint that can potentially be modified during Endpoint resolution.
+	Endpoint *string
+
+	// Whether the global endpoint should be used, rather then the regional endpoint
+	// for us-east-1.
+	UseGlobalEndpoint bool
+}
+
+// Invoked at runtime to resolve BuiltIn Values. Only resolution code specific to
+// each BuiltIn value is generated.
+func (b *builtInResolver) ResolveBuiltIns(params *EndpointParameters) error {
+
+	region, _ := mapPseudoRegion(b.Region)
+	if len(region) == 0 {
+		return fmt.Errorf("Could not resolve AWS::Region")
+	} else {
+		params.Region = aws.String(region)
+	}
+	if b.UseDualStack == aws.DualStackEndpointStateEnabled {
+		params.UseDualStack = aws.Bool(true)
+	} else {
+		params.UseDualStack = aws.Bool(false)
+	}
+	if b.UseFIPS == aws.FIPSEndpointStateEnabled {
+		params.UseFIPS = aws.Bool(true)
+	} else {
+		params.UseFIPS = aws.Bool(false)
+	}
+	params.Endpoint = b.Endpoint
+	params.UseGlobalEndpoint = aws.Bool(b.UseGlobalEndpoint)
+	return nil
+}
+
+// EndpointParameters provides the parameters that influence how endpoints are
+// resolved.
+type EndpointParameters struct {
+	// The AWS region used to dispatch the request.
+	//
+	// Parameter is
+	// required.
+	//
+	// AWS::Region
+	Region *string
+
+	// When true, use the dual-stack endpoint. If the configured endpoint does not
+	// support dual-stack, dispatching the request MAY return an error.
+	//
+	// Defaults to
+	// false if no value is provided.
+	//
+	// AWS::UseDualStack
+	UseDualStack *bool
+
+	// When true, send this request to the FIPS-compliant regional endpoint. If the
+	// configured endpoint does not have a FIPS compliant endpoint, dispatching the
+	// request will return an error.
+	//
+	// Defaults to false if no value is
+	// provided.
+	//
+	// AWS::UseFIPS
+	UseFIPS *bool
+
+	// Override the endpoint used to send this request
+	//
+	// Parameter is
+	// required.
+	//
+	// SDK::Endpoint
+	Endpoint *string
+
+	// Whether the global endpoint should be used, rather then the regional endpoint
+	// for us-east-1.
+	//
+	// Defaults to false if no value is
+	// provided.
+	//
+	// AWS::STS::UseGlobalEndpoint
+	UseGlobalEndpoint *bool
+}
+
+// ValidateRequired validates required parameters are set.
+func (p EndpointParameters) ValidateRequired() error {
+	if p.UseDualStack == nil {
+		return fmt.Errorf("parameter UseDualStack is required")
+	}
+
+	if p.UseFIPS == nil {
+		return fmt.Errorf("parameter UseFIPS is required")
+	}
+
+	if p.UseGlobalEndpoint == nil {
+		return fmt.Errorf("parameter UseGlobalEndpoint is required")
+	}
+
+	return nil
+}
+
+// WithDefaults returns a shallow copy of EndpointParameterswith default values
+// applied to members where applicable.
+func (p EndpointParameters) WithDefaults() EndpointParameters {
+	if p.UseDualStack == nil {
+		p.UseDualStack = ptr.Bool(false)
+	}
+
+	if p.UseFIPS == nil {
+		p.UseFIPS = ptr.Bool(false)
+	}
+
+	if p.UseGlobalEndpoint == nil {
+		p.UseGlobalEndpoint = ptr.Bool(false)
+	}
+	return p
+}
+
+// EndpointResolverV2 provides the interface for resolving service endpoints.
+type EndpointResolverV2 interface {
+	// ResolveEndpoint attempts to resolve the endpoint with the provided options,
+	// returning the endpoint if found. Otherwise an error is returned.
+	ResolveEndpoint(ctx context.Context, params EndpointParameters) (
+		smithyendpoints.Endpoint, error,
+	)
+}
+
+// resolver provides the implementation for resolving endpoints.
+type resolver struct{}
+
+func NewDefaultEndpointResolverV2() EndpointResolverV2 {
+	return &resolver{}
+}
+
+// ResolveEndpoint attempts to resolve the endpoint with the provided options,
+// returning the endpoint if found. Otherwise an error is returned.
+func (r *resolver) ResolveEndpoint(
+	ctx context.Context, params EndpointParameters,
+) (
+	endpoint smithyendpoints.Endpoint, err error,
+) {
+	params = params.WithDefaults()
+	if err = params.ValidateRequired(); err != nil {
+		return endpoint, fmt.Errorf("endpoint parameters are not valid, %w", err)
+	}
+	_UseDualStack := *params.UseDualStack
+	_UseFIPS := *params.UseFIPS
+	_UseGlobalEndpoint := *params.UseGlobalEndpoint
+
+	if _UseGlobalEndpoint == true {
+		if !(params.Endpoint != nil) {
+			if exprVal := params.Region; exprVal != nil {
+				_Region := *exprVal
+				_ = _Region
+				if exprVal := awsrulesfn.GetPartition(_Region); exprVal != nil {
+					_PartitionResult := *exprVal
+					_ = _PartitionResult
+					if _UseFIPS == false {
+						if _UseDualStack == false {
+							if _Region == "ap-northeast-1" {
+								uriString := "https://sts.amazonaws.com"
+
+								uri, err := url.Parse(uriString)
+								if err != nil {
+									return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+								}
+
+								return smithyendpoints.Endpoint{
+									URI:     *uri,
+									Headers: http.Header{},
+									Properties: func() smithy.Properties {
+										var out smithy.Properties
+										out.Set("authSchemes", []interface{}{
+											map[string]interface{}{
+												"name":          "sigv4",
+												"signingName":   "sts",
+												"signingRegion": "us-east-1",
+											},
+										})
+										return out
+									}(),
+								}, nil
+							}
+							if _Region == "ap-south-1" {
+								uriString := "https://sts.amazonaws.com"
+
+								uri, err := url.Parse(uriString)
+								if err != nil {
+									return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+								}
+
+								return smithyendpoints.Endpoint{
+									URI:     *uri,
+									Headers: http.Header{},
+									Properties: func() smithy.Properties {
+										var out smithy.Properties
+										out.Set("authSchemes", []interface{}{
+											map[string]interface{}{
+												"name":          "sigv4",
+												"signingName":   "sts",
+												"signingRegion": "us-east-1",
+											},
+										})
+										return out
+									}(),
+								}, nil
+							}
+							if _Region == "ap-southeast-1" {
+								uriString := "https://sts.amazonaws.com"
+
+								uri, err := url.Parse(uriString)
+								if err != nil {
+									return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+								}
+
+								return smithyendpoints.Endpoint{
+									URI:     *uri,
+									Headers: http.Header{},
+									Properties: func() smithy.Properties {
+										var out smithy.Properties
+										out.Set("authSchemes", []interface{}{
+											map[string]interface{}{
+												"name":          "sigv4",
+												"signingName":   "sts",
+												"signingRegion": "us-east-1",
+											},
+										})
+										return out
+									}(),
+								}, nil
+							}
+							if _Region == "ap-southeast-2" {
+								uriString := "https://sts.amazonaws.com"
+
+								uri, err := url.Parse(uriString)
+								if err != nil {
+									return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+								}
+
+								return smithyendpoints.Endpoint{
+									URI:     *uri,
+									Headers: http.Header{},
+									Properties: func() smithy.Properties {
+										var out smithy.Properties
+										out.Set("authSchemes", []interface{}{
+											map[string]interface{}{
+												"name":          "sigv4",
+												"signingName":   "sts",
+												"signingRegion": "us-east-1",
+											},
+										})
+										return out
+									}(),
+								}, nil
+							}
+							if _Region == "aws-global" {
+								uriString := "https://sts.amazonaws.com"
+
+								uri, err := url.Parse(uriString)
+								if err != nil {
+									return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+								}
+
+								return smithyendpoints.Endpoint{
+									URI:     *uri,
+									Headers: http.Header{},
+									Properties: func() smithy.Properties {
+										var out smithy.Properties
+										out.Set("authSchemes", []interface{}{
+											map[string]interface{}{
+												"name":          "sigv4",
+												"signingName":   "sts",
+												"signingRegion": "us-east-1",
+											},
+										})
+										return out
+									}(),
+								}, nil
+							}
+							if _Region == "ca-central-1" {
+								uriString := "https://sts.amazonaws.com"
+
+								uri, err := url.Parse(uriString)
+								if err != nil {
+									return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+								}
+
+								return smithyendpoints.Endpoint{
+									URI:     *uri,
+									Headers: http.Header{},
+									Properties: func() smithy.Properties {
+										var out smithy.Properties
+										out.Set("authSchemes", []interface{}{
+											map[string]interface{}{
+												"name":          "sigv4",
+												"signingName":   "sts",
+												"signingRegion": "us-east-1",
+											},
+										})
+										return out
+									}(),
+								}, nil
+							}
+							if _Region == "eu-central-1" {
+								uriString := "https://sts.amazonaws.com"
+
+								uri, err := url.Parse(uriString)
+								if err != nil {
+									return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+								}
+
+								return smithyendpoints.Endpoint{
+									URI:     *uri,
+									Headers: http.Header{},
+									Properties: func() smithy.Properties {
+										var out smithy.Properties
+										out.Set("authSchemes", []interface{}{
+											map[string]interface{}{
+												"name":          "sigv4",
+												"signingName":   "sts",
+												"signingRegion": "us-east-1",
+											},
+										})
+										return out
+									}(),
+								}, nil
+							}
+							if _Region == "eu-north-1" {
+								uriString := "https://sts.amazonaws.com"
+
+								uri, err := url.Parse(uriString)
+								if err != nil {
+									return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+								}
+
+								return smithyendpoints.Endpoint{
+									URI:     *uri,
+									Headers: http.Header{},
+									Properties: func() smithy.Properties {
+										var out smithy.Properties
+										out.Set("authSchemes", []interface{}{
+											map[string]interface{}{
+												"name":          "sigv4",
+												"signingName":   "sts",
+												"signingRegion": "us-east-1",
+											},
+										})
+										return out
+									}(),
+								}, nil
+							}
+							if _Region == "eu-west-1" {
+								uriString := "https://sts.amazonaws.com"
+
+								uri, err := url.Parse(uriString)
+								if err != nil {
+									return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+								}
+
+								return smithyendpoints.Endpoint{
+									URI:     *uri,
+									Headers: http.Header{},
+									Properties: func() smithy.Properties {
+										var out smithy.Properties
+										out.Set("authSchemes", []interface{}{
+											map[string]interface{}{
+												"name":          "sigv4",
+												"signingName":   "sts",
+												"signingRegion": "us-east-1",
+											},
+										})
+										return out
+									}(),
+								}, nil
+							}
+							if _Region == "eu-west-2" {
+								uriString := "https://sts.amazonaws.com"
+
+								uri, err := url.Parse(uriString)
+								if err != nil {
+									return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+								}
+
+								return smithyendpoints.Endpoint{
+									URI:     *uri,
+									Headers: http.Header{},
+									Properties: func() smithy.Properties {
+										var out smithy.Properties
+										out.Set("authSchemes", []interface{}{
+											map[string]interface{}{
+												"name":          "sigv4",
+												"signingName":   "sts",
+												"signingRegion": "us-east-1",
+											},
+										})
+										return out
+									}(),
+								}, nil
+							}
+							if _Region == "eu-west-3" {
+								uriString := "https://sts.amazonaws.com"
+
+								uri, err := url.Parse(uriString)
+								if err != nil {
+									return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+								}
+
+								return smithyendpoints.Endpoint{
+									URI:     *uri,
+									Headers: http.Header{},
+									Properties: func() smithy.Properties {
+										var out smithy.Properties
+										out.Set("authSchemes", []interface{}{
+											map[string]interface{}{
+												"name":          "sigv4",
+												"signingName":   "sts",
+												"signingRegion": "us-east-1",
+											},
+										})
+										return out
+									}(),
+								}, nil
+							}
+							if _Region == "sa-east-1" {
+								uriString := "https://sts.amazonaws.com"
+
+								uri, err := url.Parse(uriString)
+								if err != nil {
+									return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+								}
+
+								return smithyendpoints.Endpoint{
+									URI:     *uri,
+									Headers: http.Header{},
+									Properties: func() smithy.Properties {
+										var out smithy.Properties
+										out.Set("authSchemes", []interface{}{
+											map[string]interface{}{
+												"name":          "sigv4",
+												"signingName":   "sts",
+												"signingRegion": "us-east-1",
+											},
+										})
+										return out
+									}(),
+								}, nil
+							}
+							if _Region == "us-east-1" {
+								uriString := "https://sts.amazonaws.com"
+
+								uri, err := url.Parse(uriString)
+								if err != nil {
+									return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+								}
+
+								return smithyendpoints.Endpoint{
+									URI:     *uri,
+									Headers: http.Header{},
+									Properties: func() smithy.Properties {
+										var out smithy.Properties
+										out.Set("authSchemes", []interface{}{
+											map[string]interface{}{
+												"name":          "sigv4",
+												"signingName":   "sts",
+												"signingRegion": "us-east-1",
+											},
+										})
+										return out
+									}(),
+								}, nil
+							}
+							if _Region == "us-east-2" {
+								uriString := "https://sts.amazonaws.com"
+
+								uri, err := url.Parse(uriString)
+								if err != nil {
+									return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+								}
+
+								return smithyendpoints.Endpoint{
+									URI:     *uri,
+									Headers: http.Header{},
+									Properties: func() smithy.Properties {
+										var out smithy.Properties
+										out.Set("authSchemes", []interface{}{
+											map[string]interface{}{
+												"name":          "sigv4",
+												"signingName":   "sts",
+												"signingRegion": "us-east-1",
+											},
+										})
+										return out
+									}(),
+								}, nil
+							}
+							if _Region == "us-west-1" {
+								uriString := "https://sts.amazonaws.com"
+
+								uri, err := url.Parse(uriString)
+								if err != nil {
+									return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+								}
+
+								return smithyendpoints.Endpoint{
+									URI:     *uri,
+									Headers: http.Header{},
+									Properties: func() smithy.Properties {
+										var out smithy.Properties
+										out.Set("authSchemes", []interface{}{
+											map[string]interface{}{
+												"name":          "sigv4",
+												"signingName":   "sts",
+												"signingRegion": "us-east-1",
+											},
+										})
+										return out
+									}(),
+								}, nil
+							}
+							if _Region == "us-west-2" {
+								uriString := "https://sts.amazonaws.com"
+
+								uri, err := url.Parse(uriString)
+								if err != nil {
+									return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+								}
+
+								return smithyendpoints.Endpoint{
+									URI:     *uri,
+									Headers: http.Header{},
+									Properties: func() smithy.Properties {
+										var out smithy.Properties
+										out.Set("authSchemes", []interface{}{
+											map[string]interface{}{
+												"name":          "sigv4",
+												"signingName":   "sts",
+												"signingRegion": "us-east-1",
+											},
+										})
+										return out
+									}(),
+								}, nil
+							}
+							uriString := func() string {
+								var out strings.Builder
+								out.WriteString("https://sts.")
+								out.WriteString(_Region)
+								out.WriteString(".")
+								out.WriteString(_PartitionResult.DnsSuffix)
+								return out.String()
+							}()
+
+							uri, err := url.Parse(uriString)
+							if err != nil {
+								return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+							}
+
+							return smithyendpoints.Endpoint{
+								URI:     *uri,
+								Headers: http.Header{},
+								Properties: func() smithy.Properties {
+									var out smithy.Properties
+									out.Set("authSchemes", []interface{}{
+										map[string]interface{}{
+											"name":          "sigv4",
+											"signingName":   "sts",
+											"signingRegion": _Region,
+										},
+									})
+									return out
+								}(),
+							}, nil
+						}
+					}
+				}
+			}
+		}
+	}
+	if exprVal := params.Endpoint; exprVal != nil {
+		_Endpoint := *exprVal
+		_ = _Endpoint
+		if _UseFIPS == true {
+			return endpoint, fmt.Errorf("endpoint rule error, %s", "Invalid Configuration: FIPS and custom endpoint are not supported")
+		}
+		if _UseDualStack == true {
+			return endpoint, fmt.Errorf("endpoint rule error, %s", "Invalid Configuration: Dualstack and custom endpoint are not supported")
+		}
+		uriString := _Endpoint
+
+		uri, err := url.Parse(uriString)
+		if err != nil {
+			return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+		}
+
+		return smithyendpoints.Endpoint{
+			URI:     *uri,
+			Headers: http.Header{},
+		}, nil
+	}
+	if exprVal := params.Region; exprVal != nil {
+		_Region := *exprVal
+		_ = _Region
+		if exprVal := awsrulesfn.GetPartition(_Region); exprVal != nil {
+			_PartitionResult := *exprVal
+			_ = _PartitionResult
+			if _UseFIPS == true {
+				if _UseDualStack == true {
+					if true == _PartitionResult.SupportsFIPS {
+						if true == _PartitionResult.SupportsDualStack {
+							uriString := func() string {
+								var out strings.Builder
+								out.WriteString("https://sts-fips.")
+								out.WriteString(_Region)
+								out.WriteString(".")
+								out.WriteString(_PartitionResult.DualStackDnsSuffix)
+								return out.String()
+							}()
+
+							uri, err := url.Parse(uriString)
+							if err != nil {
+								return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+							}
+
+							return smithyendpoints.Endpoint{
+								URI:     *uri,
+								Headers: http.Header{},
+							}, nil
+						}
+					}
+					return endpoint, fmt.Errorf("endpoint rule error, %s", "FIPS and DualStack are enabled, but this partition does not support one or both")
+				}
+			}
+			if _UseFIPS == true {
+				if true == _PartitionResult.SupportsFIPS {
+					if "aws-us-gov" == _PartitionResult.Name {
+						uriString := func() string {
+							var out strings.Builder
+							out.WriteString("https://sts.")
+							out.WriteString(_Region)
+							out.WriteString(".amazonaws.com")
+							return out.String()
+						}()
+
+						uri, err := url.Parse(uriString)
+						if err != nil {
+							return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+						}
+
+						return smithyendpoints.Endpoint{
+							URI:     *uri,
+							Headers: http.Header{},
+						}, nil
+					}
+					uriString := func() string {
+						var out strings.Builder
+						out.WriteString("https://sts-fips.")
+						out.WriteString(_Region)
+						out.WriteString(".")
+						out.WriteString(_PartitionResult.DnsSuffix)
+						return out.String()
+					}()
+
+					uri, err := url.Parse(uriString)
+					if err != nil {
+						return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+					}
+
+					return smithyendpoints.Endpoint{
+						URI:     *uri,
+						Headers: http.Header{},
+					}, nil
+				}
+				return endpoint, fmt.Errorf("endpoint rule error, %s", "FIPS is enabled but this partition does not support FIPS")
+			}
+			if _UseDualStack == true {
+				if true == _PartitionResult.SupportsDualStack {
+					uriString := func() string {
+						var out strings.Builder
+						out.WriteString("https://sts.")
+						out.WriteString(_Region)
+						out.WriteString(".")
+						out.WriteString(_PartitionResult.DualStackDnsSuffix)
+						return out.String()
+					}()
+
+					uri, err := url.Parse(uriString)
+					if err != nil {
+						return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+					}
+
+					return smithyendpoints.Endpoint{
+						URI:     *uri,
+						Headers: http.Header{},
+					}, nil
+				}
+				return endpoint, fmt.Errorf("endpoint rule error, %s", "DualStack is enabled but this partition does not support DualStack")
+			}
+			if _Region == "aws-global" {
+				uriString := "https://sts.amazonaws.com"
+
+				uri, err := url.Parse(uriString)
+				if err != nil {
+					return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+				}
+
+				return smithyendpoints.Endpoint{
+					URI:     *uri,
+					Headers: http.Header{},
+					Properties: func() smithy.Properties {
+						var out smithy.Properties
+						out.Set("authSchemes", []interface{}{
+							map[string]interface{}{
+								"name":          "sigv4",
+								"signingName":   "sts",
+								"signingRegion": "us-east-1",
+							},
+						})
+						return out
+					}(),
+				}, nil
+			}
+			uriString := func() string {
+				var out strings.Builder
+				out.WriteString("https://sts.")
+				out.WriteString(_Region)
+				out.WriteString(".")
+				out.WriteString(_PartitionResult.DnsSuffix)
+				return out.String()
+			}()
+
+			uri, err := url.Parse(uriString)
+			if err != nil {
+				return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+			}
+
+			return smithyendpoints.Endpoint{
+				URI:     *uri,
+				Headers: http.Header{},
+			}, nil
+		}
+		return endpoint, fmt.Errorf("Endpoint resolution failed. Invalid operation or environment input.")
+	}
+	return endpoint, fmt.Errorf("endpoint rule error, %s", "Invalid Configuration: Missing Region")
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/generated.json b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/generated.json
index 86341bb7d..2ae7a9b23 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/generated.json
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/generated.json
@@ -4,7 +4,8 @@
         "github.com/aws/aws-sdk-go-v2/internal/configsources": "v0.0.0-00010101000000-000000000000",
         "github.com/aws/aws-sdk-go-v2/internal/endpoints/v2": "v2.0.0-00010101000000-000000000000",
         "github.com/aws/aws-sdk-go-v2/service/internal/presigned-url": "v1.0.7",
-        "github.com/aws/smithy-go": "v1.4.0"
+        "github.com/aws/smithy-go": "v1.4.0",
+        "github.com/google/go-cmp": "v0.5.4"
     },
     "files": [
         "api_client.go",
@@ -20,6 +21,7 @@
         "deserializers.go",
         "doc.go",
         "endpoints.go",
+        "endpoints_test.go",
         "generated.json",
         "internal/endpoints/endpoints.go",
         "internal/endpoints/endpoints_test.go",
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/go_module_metadata.go
index f88dca99c..90dc95f1e 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/go_module_metadata.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/go_module_metadata.go
@@ -3,4 +3,4 @@
 package sts
 
 // goModuleVersion is the tagged release for this module
-const goModuleVersion = "1.19.2"
+const goModuleVersion = "1.23.2"
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/internal/endpoints/endpoints.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/internal/endpoints/endpoints.go
index 0413fd89a..ca4c88190 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/internal/endpoints/endpoints.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/internal/endpoints/endpoints.go
@@ -94,7 +94,7 @@ var partitionRegexp = struct {
 	AwsUsGov *regexp.Regexp
 }{
 
-	Aws:      regexp.MustCompile("^(us|eu|ap|sa|ca|me|af)\\-\\w+\\-\\d+$"),
+	Aws:      regexp.MustCompile("^(us|eu|ap|sa|ca|me|af|il)\\-\\w+\\-\\d+$"),
 	AwsCn:    regexp.MustCompile("^cn\\-\\w+\\-\\d+$"),
 	AwsIso:   regexp.MustCompile("^us\\-iso\\-\\w+\\-\\d+$"),
 	AwsIsoB:  regexp.MustCompile("^us\\-isob\\-\\w+\\-\\d+$"),
@@ -207,6 +207,9 @@ var defaultPartitions = endpoints.Partitions{
 			endpoints.EndpointKey{
 				Region: "eu-west-3",
 			}: endpoints.Endpoint{},
+			endpoints.EndpointKey{
+				Region: "il-central-1",
+			}: endpoints.Endpoint{},
 			endpoints.EndpointKey{
 				Region: "me-central-1",
 			}: endpoints.Endpoint{},
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/serializers.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/serializers.go
index eb60f61b1..4c08061c0 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/serializers.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/serializers.go
@@ -546,6 +546,35 @@ func awsAwsquery_serializeDocumentPolicyDescriptorType(v *types.PolicyDescriptor
 	return nil
 }
 
+func awsAwsquery_serializeDocumentProvidedContext(v *types.ProvidedContext, value query.Value) error {
+	object := value.Object()
+	_ = object
+
+	if v.ContextAssertion != nil {
+		objectKey := object.Key("ContextAssertion")
+		objectKey.String(*v.ContextAssertion)
+	}
+
+	if v.ProviderArn != nil {
+		objectKey := object.Key("ProviderArn")
+		objectKey.String(*v.ProviderArn)
+	}
+
+	return nil
+}
+
+func awsAwsquery_serializeDocumentProvidedContextsListType(v []types.ProvidedContext, value query.Value) error {
+	array := value.Array("member")
+
+	for i := range v {
+		av := array.Value()
+		if err := awsAwsquery_serializeDocumentProvidedContext(&v[i], av); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
 func awsAwsquery_serializeDocumentTag(v *types.Tag, value query.Value) error {
 	object := value.Object()
 	_ = object
@@ -611,6 +640,13 @@ func awsAwsquery_serializeOpDocumentAssumeRoleInput(v *AssumeRoleInput, value qu
 		}
 	}
 
+	if v.ProvidedContexts != nil {
+		objectKey := object.Key("ProvidedContexts")
+		if err := awsAwsquery_serializeDocumentProvidedContextsListType(v.ProvidedContexts, objectKey); err != nil {
+			return err
+		}
+	}
+
 	if v.RoleArn != nil {
 		objectKey := object.Key("RoleArn")
 		objectKey.String(*v.RoleArn)
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/types/types.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/types/types.go
index 90d4f62ae..572a70512 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/types/types.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/types/types.go
@@ -89,6 +89,18 @@ type PolicyDescriptorType struct {
 	noSmithyDocumentSerde
 }
 
+// Reserved for future use.
+type ProvidedContext struct {
+
+	// Reserved for future use.
+	ContextAssertion *string
+
+	// Reserved for future use.
+	ProviderArn *string
+
+	noSmithyDocumentSerde
+}
+
 // You can pass custom key-value pair attributes when you assume a role or
 // federate a user. These are called session tags. You can then use the session
 // tags to control access to resources. For more information, see Tagging Amazon
diff --git a/vendor/github.com/aws/smithy-go/.gitignore b/vendor/github.com/aws/smithy-go/.gitignore
index c01141aa4..c92d6105e 100644
--- a/vendor/github.com/aws/smithy-go/.gitignore
+++ b/vendor/github.com/aws/smithy-go/.gitignore
@@ -20,3 +20,7 @@ target/
 build/
 */out/
 */*/out/
+
+# VS Code
+bin/
+.vscode/
diff --git a/vendor/github.com/aws/smithy-go/CHANGELOG.md b/vendor/github.com/aws/smithy-go/CHANGELOG.md
index 1e23bf95b..8a3540e04 100644
--- a/vendor/github.com/aws/smithy-go/CHANGELOG.md
+++ b/vendor/github.com/aws/smithy-go/CHANGELOG.md
@@ -1,3 +1,24 @@
+# Release (2023-10-06)
+
+## Module Highlights
+* `github.com/aws/smithy-go`: v1.15.0
+  * **Feature**: Add `http.WithHeaderComment` middleware.
+
+# Release (2023-08-18)
+
+* No change notes available for this release.
+
+# Release (2023-08-07)
+
+## Module Highlights
+* `github.com/aws/smithy-go`: v1.14.1
+  * **Bug Fix**: Prevent duplicated error returns in EndpointResolverV2 default implementation.
+
+# Release (2023-07-31)
+
+## General Highlights
+* **Feature**: Adds support for smithy-modeled endpoint resolution.
+
 # Release (2022-12-02)
 
 * No change notes available for this release.
diff --git a/vendor/github.com/aws/smithy-go/README.md b/vendor/github.com/aws/smithy-go/README.md
index a4bb43fbe..c374f6928 100644
--- a/vendor/github.com/aws/smithy-go/README.md
+++ b/vendor/github.com/aws/smithy-go/README.md
@@ -6,6 +6,21 @@
 
 **WARNING: All interfaces are subject to change.**
 
+## Can I use this?
+
+In order to generate a usable smithy client you must provide a [protocol definition](https://github.com/aws/smithy-go/blob/main/codegen/smithy-go-codegen/src/main/java/software/amazon/smithy/go/codegen/integration/ProtocolGenerator.java),
+such as [AWS restJson1](https://smithy.io/2.0/aws/protocols/aws-restjson1-protocol.html),
+in order to generate transport mechanisms and serialization/deserialization
+code ("serde") accordingly.
+
+The code generator does not currently support any protocols out of the box,
+therefore the useability of this project on its own is currently limited.
+Support for all [AWS protocols](https://smithy.io/2.0/aws/protocols/index.html)
+exists in [aws-sdk-go-v2](https://github.com/aws/aws-sdk-go-v2). We are
+tracking the movement of those out of the SDK into smithy-go in
+[#458](https://github.com/aws/smithy-go/issues/458), but there's currently no
+timeline for doing so.
+
 ## License
 
 This project is licensed under the Apache-2.0 License.
diff --git a/vendor/github.com/aws/smithy-go/encoding/httpbinding/encode.go b/vendor/github.com/aws/smithy-go/encoding/httpbinding/encode.go
index 96abd073a..543e7cf03 100644
--- a/vendor/github.com/aws/smithy-go/encoding/httpbinding/encode.go
+++ b/vendor/github.com/aws/smithy-go/encoding/httpbinding/encode.go
@@ -26,10 +26,17 @@ type Encoder struct {
 	header http.Header
 }
 
-// NewEncoder creates a new encoder from the passed in request. All query and
+// NewEncoder creates a new encoder from the passed in request. It assumes that
+// raw path contains no valuable information at this point, so it passes in path
+// as path and raw path for subsequent trans
+func NewEncoder(path, query string, headers http.Header) (*Encoder, error) {
+	return NewEncoderWithRawPath(path, path, query, headers)
+}
+
+// NewHTTPBindingEncoder creates a new encoder from the passed in request. All query and
 // header values will be added on top of the request's existing values. Overwriting
 // duplicate values.
-func NewEncoder(path, query string, headers http.Header) (*Encoder, error) {
+func NewEncoderWithRawPath(path, rawPath, query string, headers http.Header) (*Encoder, error) {
 	parseQuery, err := url.ParseQuery(query)
 	if err != nil {
 		return nil, fmt.Errorf("failed to parse query string: %w", err)
@@ -37,7 +44,7 @@ func NewEncoder(path, query string, headers http.Header) (*Encoder, error) {
 
 	e := &Encoder{
 		path:    []byte(path),
-		rawPath: []byte(path),
+		rawPath: []byte(rawPath),
 		query:   parseQuery,
 		header:  headers.Clone(),
 	}
diff --git a/vendor/github.com/aws/smithy-go/endpoints/endpoint.go b/vendor/github.com/aws/smithy-go/endpoints/endpoint.go
new file mode 100644
index 000000000..a93528397
--- /dev/null
+++ b/vendor/github.com/aws/smithy-go/endpoints/endpoint.go
@@ -0,0 +1,23 @@
+package transport
+
+import (
+	"net/http"
+	"net/url"
+
+	"github.com/aws/smithy-go"
+)
+
+// Endpoint is the endpoint object returned by Endpoint resolution V2
+type Endpoint struct {
+	// The complete URL minimally specfiying the scheme and host.
+	// May optionally specify the port and base path component.
+	URI url.URL
+
+	// An optional set of headers to be sent using transport layer headers.
+	Headers http.Header
+
+	// A grab-bag property map of endpoint attributes. The
+	// values present here are subject to change, or being add/removed at any
+	// time.
+	Properties smithy.Properties
+}
diff --git a/vendor/github.com/aws/smithy-go/endpoints/private/rulesfn/doc.go b/vendor/github.com/aws/smithy-go/endpoints/private/rulesfn/doc.go
new file mode 100644
index 000000000..e24e190dc
--- /dev/null
+++ b/vendor/github.com/aws/smithy-go/endpoints/private/rulesfn/doc.go
@@ -0,0 +1,4 @@
+// Package rulesfn provides endpoint rule functions for evaluating endpoint
+// resolution rules.
+
+package rulesfn
diff --git a/vendor/github.com/aws/smithy-go/endpoints/private/rulesfn/strings.go b/vendor/github.com/aws/smithy-go/endpoints/private/rulesfn/strings.go
new file mode 100644
index 000000000..8e230783e
--- /dev/null
+++ b/vendor/github.com/aws/smithy-go/endpoints/private/rulesfn/strings.go
@@ -0,0 +1,26 @@
+package rulesfn
+
+
+// Substring returns the substring of the input provided. If the start or stop
+// indexes are not valid for the input nil will be returned. If errors occur
+// they will be added to the provided [ErrorCollector].
+func SubString(input string, start, stop int, reverse bool) *string {
+	if start < 0 || stop < 1 || start >= stop || len(input) < stop {
+		return nil
+	}
+
+	for _, r := range input {
+		if r > 127 {
+			return nil
+		}
+	}
+
+	if !reverse {
+		v := input[start:stop]
+		return &v
+	}
+
+	rStart := len(input) - stop
+	rStop := len(input) - start
+	return SubString(input, rStart, rStop, false)
+}
diff --git a/vendor/github.com/aws/smithy-go/endpoints/private/rulesfn/uri.go b/vendor/github.com/aws/smithy-go/endpoints/private/rulesfn/uri.go
new file mode 100644
index 000000000..0c1154127
--- /dev/null
+++ b/vendor/github.com/aws/smithy-go/endpoints/private/rulesfn/uri.go
@@ -0,0 +1,130 @@
+package rulesfn
+
+import (
+	"fmt"
+	"net"
+	"net/url"
+	"strings"
+
+	smithyhttp "github.com/aws/smithy-go/transport/http"
+)
+
+// IsValidHostLabel returns if the input is a single valid [RFC 1123] host
+// label. If allowSubDomains is true, will allow validation to include nested
+// host labels. Returns false if the input is not a valid host label. If errors
+// occur they will be added to the provided [ErrorCollector].
+//
+// [RFC 1123]: https://www.ietf.org/rfc/rfc1123.txt
+func IsValidHostLabel(input string, allowSubDomains bool) bool {
+	var labels []string
+	if allowSubDomains {
+		labels = strings.Split(input, ".")
+	} else {
+		labels = []string{input}
+	}
+
+	for _, label := range labels {
+		if !smithyhttp.ValidHostLabel(label) {
+			return false
+		}
+	}
+
+	return true
+}
+
+// ParseURL returns a [URL] if the provided string could be parsed. Returns nil
+// if the string could not be parsed. Any parsing error will be added to the
+// [ErrorCollector].
+//
+// If the input URL string contains an IP6 address with a zone index. The
+// returned [builtin.URL.Authority] value will contain the percent escaped (%)
+// zone index separator.
+func ParseURL(input string) *URL {
+	u, err := url.Parse(input)
+	if err != nil {
+		return nil
+	}
+
+	if u.RawQuery != "" {
+		return nil
+	}
+
+	if u.Scheme != "http" && u.Scheme != "https" {
+		return nil
+	}
+
+	normalizedPath := u.Path
+	if !strings.HasPrefix(normalizedPath, "/") {
+		normalizedPath = "/" + normalizedPath
+	}
+	if !strings.HasSuffix(normalizedPath, "/") {
+		normalizedPath = normalizedPath + "/"
+	}
+
+	// IP6 hosts may have zone indexes that need to be escaped to be valid in a
+	// URI. The Go URL parser will unescape the `%25` into `%`. This needs to
+	// be reverted since the returned URL will be used in string builders.
+	authority := strings.ReplaceAll(u.Host, "%", "%25")
+
+	return &URL{
+		Scheme:         u.Scheme,
+		Authority:      authority,
+		Path:           u.Path,
+		NormalizedPath: normalizedPath,
+		IsIp:           net.ParseIP(hostnameWithoutZone(u)) != nil,
+	}
+}
+
+// URL provides the structure describing the parts of a parsed URL returned by
+// [ParseURL].
+type URL struct {
+	Scheme         string // https://www.rfc-editor.org/rfc/rfc3986#section-3.1
+	Authority      string // https://www.rfc-editor.org/rfc/rfc3986#section-3.2
+	Path           string // https://www.rfc-editor.org/rfc/rfc3986#section-3.3
+	NormalizedPath string // https://www.rfc-editor.org/rfc/rfc3986#section-6.2.3
+	IsIp           bool
+}
+
+// URIEncode returns an percent-encoded [RFC3986 section 2.1] version of the
+// input string.
+//
+// [RFC3986 section 2.1]: https://www.rfc-editor.org/rfc/rfc3986#section-2.1
+func URIEncode(input string) string {
+	var output strings.Builder
+	for _, c := range []byte(input) {
+		if validPercentEncodedChar(c) {
+			output.WriteByte(c)
+			continue
+		}
+
+		fmt.Fprintf(&output, "%%%X", c)
+	}
+
+	return output.String()
+}
+
+func validPercentEncodedChar(c byte) bool {
+	return (c >= 'a' && c <= 'z') ||
+		(c >= 'A' && c <= 'Z') ||
+		(c >= '0' && c <= '9') ||
+		c == '-' || c == '_' || c == '.' || c == '~'
+}
+
+// hostname implements u.Hostname() but strips the ipv6 zone ID (if present)
+// such that net.ParseIP can still recognize IPv6 addresses with zone IDs.
+//
+// FUTURE(10/2023): netip.ParseAddr handles this natively but we can't take
+// that package as a dependency yet due to our min go version (1.15, netip
+// starts in 1.18).  When we align with go runtime deprecation policy in
+// 10/2023, we can remove this.
+func hostnameWithoutZone(u *url.URL) string {
+	full := u.Hostname()
+
+	// this more or less mimics the internals of net/ (see unexported
+	// splitHostZone in that source) but throws the zone away because we don't
+	// need it
+	if i := strings.LastIndex(full, "%"); i > -1 {
+		return full[:i]
+	}
+	return full
+}
diff --git a/vendor/github.com/aws/smithy-go/go_module_metadata.go b/vendor/github.com/aws/smithy-go/go_module_metadata.go
index 8eaac41e7..6b795a2c8 100644
--- a/vendor/github.com/aws/smithy-go/go_module_metadata.go
+++ b/vendor/github.com/aws/smithy-go/go_module_metadata.go
@@ -3,4 +3,4 @@
 package smithy
 
 // goModuleVersion is the tagged release for this module
-const goModuleVersion = "1.13.5"
+const goModuleVersion = "1.15.0"
diff --git a/vendor/github.com/aws/smithy-go/properties.go b/vendor/github.com/aws/smithy-go/properties.go
new file mode 100644
index 000000000..17d659c53
--- /dev/null
+++ b/vendor/github.com/aws/smithy-go/properties.go
@@ -0,0 +1,52 @@
+package smithy
+
+// PropertiesReader provides an interface for reading metadata from the
+// underlying metadata container.
+type PropertiesReader interface {
+	Get(key interface{}) interface{}
+}
+
+// Properties provides storing and reading metadata values. Keys may be any
+// comparable value type. Get and set will panic if key is not a comparable
+// value type.
+//
+// Properties uses lazy initialization, and Set method must be called as an
+// addressable value, or pointer. Not doing so may cause key/value pair to not
+// be set.
+type Properties struct {
+	values map[interface{}]interface{}
+}
+
+// Get attempts to retrieve the value the key points to. Returns nil if the
+// key was not found.
+//
+// Panics if key type is not comparable.
+func (m *Properties) Get(key interface{}) interface{} {
+	return m.values[key]
+}
+
+// Set stores the value pointed to by the key. If a value already exists at
+// that key it will be replaced with the new value.
+//
+// Set method must be called as an addressable value, or pointer. If Set is not
+// called as an addressable value or pointer, the key value pair being set may
+// be lost.
+//
+// Panics if the key type is not comparable.
+func (m *Properties) Set(key, value interface{}) {
+	if m.values == nil {
+		m.values = map[interface{}]interface{}{}
+	}
+	m.values[key] = value
+}
+
+// Has returns whether the key exists in the metadata.
+//
+// Panics if the key type is not comparable.
+func (m *Properties) Has(key interface{}) bool {
+	if m.values == nil {
+		return false
+	}
+	_, ok := m.values[key]
+	return ok
+}
diff --git a/vendor/github.com/aws/smithy-go/transport/http/middleware_header_comment.go b/vendor/github.com/aws/smithy-go/transport/http/middleware_header_comment.go
new file mode 100644
index 000000000..855c22720
--- /dev/null
+++ b/vendor/github.com/aws/smithy-go/transport/http/middleware_header_comment.go
@@ -0,0 +1,81 @@
+package http
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+
+	"github.com/aws/smithy-go/middleware"
+)
+
+// WithHeaderComment instruments a middleware stack to append an HTTP field
+// comment to the given header as specified in RFC 9110
+// (https://www.rfc-editor.org/rfc/rfc9110#name-comments).
+//
+// The header is case-insensitive. If the provided header exists when the
+// middleware runs, the content will be inserted as-is enclosed in parentheses.
+//
+// Note that per the HTTP specification, comments are only allowed in fields
+// containing "comment" as part of their field value definition, but this API
+// will NOT verify whether the provided header is one of them.
+//
+// WithHeaderComment MAY be applied more than once to a middleware stack and/or
+// more than once per header.
+func WithHeaderComment(header, content string) func(*middleware.Stack) error {
+	return func(s *middleware.Stack) error {
+		m, err := getOrAddHeaderComment(s)
+		if err != nil {
+			return fmt.Errorf("get or add header comment: %v", err)
+		}
+
+		m.values.Add(header, content)
+		return nil
+	}
+}
+
+type headerCommentMiddleware struct {
+	values http.Header // hijack case-insensitive access APIs
+}
+
+func (*headerCommentMiddleware) ID() string {
+	return "headerComment"
+}
+
+func (m *headerCommentMiddleware) HandleBuild(ctx context.Context, in middleware.BuildInput, next middleware.BuildHandler) (
+	out middleware.BuildOutput, metadata middleware.Metadata, err error,
+) {
+	r, ok := in.Request.(*Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	for h, contents := range m.values {
+		for _, c := range contents {
+			if existing := r.Header.Get(h); existing != "" {
+				r.Header.Set(h, fmt.Sprintf("%s (%s)", existing, c))
+			}
+		}
+	}
+
+	return next.HandleBuild(ctx, in)
+}
+
+func getOrAddHeaderComment(s *middleware.Stack) (*headerCommentMiddleware, error) {
+	id := (*headerCommentMiddleware)(nil).ID()
+	m, ok := s.Build.Get(id)
+	if !ok {
+		m := &headerCommentMiddleware{values: http.Header{}}
+		if err := s.Build.Add(m, middleware.After); err != nil {
+			return nil, fmt.Errorf("add build: %v", err)
+		}
+
+		return m, nil
+	}
+
+	hc, ok := m.(*headerCommentMiddleware)
+	if !ok {
+		return nil, fmt.Errorf("existing middleware w/ id %s is not *headerCommentMiddleware", id)
+	}
+
+	return hc, nil
+}
diff --git a/vendor/github.com/awslabs/amazon-ecr-credential-helper/ecr-login/api/client.go b/vendor/github.com/awslabs/amazon-ecr-credential-helper/ecr-login/api/client.go
index 2289ef6d9..02ed9762d 100644
--- a/vendor/github.com/awslabs/amazon-ecr-credential-helper/ecr-login/api/client.go
+++ b/vendor/github.com/awslabs/amazon-ecr-credential-helper/ecr-login/api/client.go
@@ -25,7 +25,6 @@ import (
 	"github.com/aws/aws-sdk-go-v2/aws"
 	"github.com/aws/aws-sdk-go-v2/service/ecr"
 	"github.com/aws/aws-sdk-go-v2/service/ecrpublic"
-	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 
 	"github.com/awslabs/amazon-ecr-credential-helper/ecr-login/cache"
@@ -227,7 +226,7 @@ func (c *defaultClient) getAuthorizationToken(registryID string) (*Auth, error)
 				err = fmt.Errorf("missing AuthorizationData in ECR response for %s", registryID)
 			}
 		}
-		return nil, errors.Wrap(err, "ecr: Failed to get authorization token")
+		return nil, fmt.Errorf("ecr: Failed to get authorization token: %w", err)
 	}
 
 	for _, authData := range output.AuthorizationData {
@@ -262,7 +261,7 @@ func (c *defaultClient) getPublicAuthorizationToken() (*Auth, error) {
 
 	output, err := c.ecrPublicClient.GetAuthorizationToken(context.TODO(), input)
 	if err != nil {
-		return nil, errors.Wrap(err, "ecr: failed to get authorization token")
+		return nil, fmt.Errorf("ecr: failed to get authorization token: %w", err)
 	}
 	if output == nil || output.AuthorizationData == nil {
 		return nil, fmt.Errorf("ecr: missing AuthorizationData in ECR Public response")
@@ -286,7 +285,7 @@ func (c *defaultClient) getPublicAuthorizationToken() (*Auth, error) {
 func extractToken(token string, proxyEndpoint string) (*Auth, error) {
 	decodedToken, err := base64.StdEncoding.DecodeString(token)
 	if err != nil {
-		return nil, errors.Wrap(err, "invalid token")
+		return nil, fmt.Errorf("invalid token: %w", err)
 	}
 
 	parts := strings.SplitN(string(decodedToken), ":", 2)
diff --git a/vendor/github.com/awslabs/amazon-ecr-credential-helper/ecr-login/cache/file.go b/vendor/github.com/awslabs/amazon-ecr-credential-helper/ecr-login/cache/file.go
index bc70693b8..19dc33bb5 100644
--- a/vendor/github.com/awslabs/amazon-ecr-credential-helper/ecr-login/cache/file.go
+++ b/vendor/github.com/awslabs/amazon-ecr-credential-helper/ecr-login/cache/file.go
@@ -16,7 +16,6 @@ package cache
 import (
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
 	"os"
 	"path/filepath"
 
@@ -123,7 +122,7 @@ func (f *fileCredentialCache) fullFilePath() string {
 // This eliminates from reading partially written credential files, and reduces (but does not eliminate) concurrent
 // file access. There is not guarantee here for handling multiple writes at once since there is no out of process locking.
 func (f *fileCredentialCache) save(registryCache *RegistryCache) error {
-	file, err := ioutil.TempFile(f.path, ".config.json.tmp")
+	file, err := os.CreateTemp(f.path, ".config.json.tmp")
 	if err != nil {
 		return err
 	}
diff --git a/vendor/github.com/buildkite/agent/v3/api/annotations.go b/vendor/github.com/buildkite/agent/v3/api/annotations.go
index 31c7e9bea..8bb086882 100644
--- a/vendor/github.com/buildkite/agent/v3/api/annotations.go
+++ b/vendor/github.com/buildkite/agent/v3/api/annotations.go
@@ -15,7 +15,7 @@ type Annotation struct {
 
 // Annotate a build in the Buildkite UI
 func (c *Client) Annotate(ctx context.Context, jobId string, annotation *Annotation) (*Response, error) {
-	u := fmt.Sprintf("jobs/%s/annotations", jobId)
+	u := fmt.Sprintf("jobs/%s/annotations", railsPathEscape(jobId))
 
 	req, err := c.newRequest(ctx, "POST", u, annotation)
 	if err != nil {
@@ -27,7 +27,7 @@ func (c *Client) Annotate(ctx context.Context, jobId string, annotation *Annotat
 
 // Remove an annotation from a build
 func (c *Client) AnnotationRemove(ctx context.Context, jobId string, context string) (*Response, error) {
-	u := fmt.Sprintf("jobs/%s/annotations/%s", jobId, context)
+	u := fmt.Sprintf("jobs/%s/annotations/%s", railsPathEscape(jobId), railsPathEscape(context))
 
 	req, err := c.newRequest(ctx, "DELETE", u, nil)
 	if err != nil {
diff --git a/vendor/github.com/buildkite/agent/v3/api/artifacts.go b/vendor/github.com/buildkite/agent/v3/api/artifacts.go
index df2a84f86..ffd9749ed 100644
--- a/vendor/github.com/buildkite/agent/v3/api/artifacts.go
+++ b/vendor/github.com/buildkite/agent/v3/api/artifacts.go
@@ -93,7 +93,7 @@ type ArtifactBatchUpdateRequest struct {
 
 // CreateArtifacts takes a slice of artifacts, and creates them on Buildkite as a batch.
 func (c *Client) CreateArtifacts(ctx context.Context, jobId string, batch *ArtifactBatch) (*ArtifactBatchCreateResponse, *Response, error) {
-	u := fmt.Sprintf("jobs/%s/artifacts", jobId)
+	u := fmt.Sprintf("jobs/%s/artifacts", railsPathEscape(jobId))
 
 	req, err := c.newRequest(ctx, "POST", u, batch)
 	if err != nil {
@@ -111,7 +111,7 @@ func (c *Client) CreateArtifacts(ctx context.Context, jobId string, batch *Artif
 
 // Updates a particular artifact
 func (c *Client) UpdateArtifacts(ctx context.Context, jobId string, artifactStates map[string]string) (*Response, error) {
-	u := fmt.Sprintf("jobs/%s/artifacts", jobId)
+	u := fmt.Sprintf("jobs/%s/artifacts", railsPathEscape(jobId))
 	payload := ArtifactBatchUpdateRequest{}
 
 	for id, state := range artifactStates {
@@ -133,7 +133,7 @@ func (c *Client) UpdateArtifacts(ctx context.Context, jobId string, artifactStat
 
 // SearchArtifacts searches Buildkite for a set of artifacts
 func (c *Client) SearchArtifacts(ctx context.Context, buildId string, opt *ArtifactSearchOptions) ([]*Artifact, *Response, error) {
-	u := fmt.Sprintf("builds/%s/artifacts/search", buildId)
+	u := fmt.Sprintf("builds/%s/artifacts/search", railsPathEscape(buildId))
 	u, err := addOptions(u, opt)
 	if err != nil {
 		return nil, nil, err
diff --git a/vendor/github.com/buildkite/agent/v3/api/chunks.go b/vendor/github.com/buildkite/agent/v3/api/chunks.go
index 71a1a1b33..d238584b3 100644
--- a/vendor/github.com/buildkite/agent/v3/api/chunks.go
+++ b/vendor/github.com/buildkite/agent/v3/api/chunks.go
@@ -10,9 +10,9 @@ import (
 // Chunk represents a Buildkite Agent API Chunk
 type Chunk struct {
 	Data     []byte
-	Sequence int
-	Offset   int
-	Size     int
+	Sequence uint64
+	Offset   uint64
+	Size     uint64
 }
 
 // Uploads the chunk to the Buildkite Agent API. This request sends the
@@ -27,7 +27,7 @@ func (c *Client) UploadChunk(ctx context.Context, jobId string, chunk *Chunk) (*
 	}
 
 	// Pass most params as query
-	u := fmt.Sprintf("jobs/%s/chunks?sequence=%d&offset=%d&size=%d", jobId, chunk.Sequence, chunk.Offset, chunk.Size)
+	u := fmt.Sprintf("jobs/%s/chunks?sequence=%d&offset=%d&size=%d", railsPathEscape(jobId), chunk.Sequence, chunk.Offset, chunk.Size)
 	req, err := c.newFormRequest(ctx, "POST", u, body)
 	if err != nil {
 		return nil, err
diff --git a/vendor/github.com/buildkite/agent/v3/api/client.go b/vendor/github.com/buildkite/agent/v3/api/client.go
index b3c6d89a7..42aa57bec 100644
--- a/vendor/github.com/buildkite/agent/v3/api/client.go
+++ b/vendor/github.com/buildkite/agent/v3/api/client.go
@@ -364,3 +364,8 @@ func addOptions(s string, opt any) (string, error) {
 func joinURLPath(endpoint string, path string) string {
 	return strings.TrimRight(endpoint, "/") + "/" + strings.TrimLeft(path, "/")
 }
+
+// Rails doesn't accept dots in some path segments.
+func railsPathEscape(s string) string {
+	return strings.ReplaceAll(url.PathEscape(s), ".", "%2E")
+}
diff --git a/vendor/github.com/buildkite/agent/v3/api/header_times.go b/vendor/github.com/buildkite/agent/v3/api/header_times.go
index 5302d7b66..4a5283404 100644
--- a/vendor/github.com/buildkite/agent/v3/api/header_times.go
+++ b/vendor/github.com/buildkite/agent/v3/api/header_times.go
@@ -13,7 +13,7 @@ type HeaderTimes struct {
 
 // SaveHeaderTimes saves the header times to the job
 func (c *Client) SaveHeaderTimes(ctx context.Context, jobId string, headerTimes *HeaderTimes) (*Response, error) {
-	u := fmt.Sprintf("jobs/%s/header_times", jobId)
+	u := fmt.Sprintf("jobs/%s/header_times", railsPathEscape(jobId))
 
 	req, err := c.newRequest(ctx, "POST", u, headerTimes)
 	if err != nil {
diff --git a/vendor/github.com/buildkite/agent/v3/api/jobs.go b/vendor/github.com/buildkite/agent/v3/api/jobs.go
index 4dee5af4c..1b9805519 100644
--- a/vendor/github.com/buildkite/agent/v3/api/jobs.go
+++ b/vendor/github.com/buildkite/agent/v3/api/jobs.go
@@ -3,23 +3,28 @@ package api
 import (
 	"context"
 	"fmt"
+
+	"github.com/buildkite/agent/v3/internal/pipeline"
 )
 
 // Job represents a Buildkite Agent API Job
 type Job struct {
-	ID                 string            `json:"id,omitempty"`
-	Endpoint           string            `json:"endpoint"`
-	State              string            `json:"state,omitempty"`
-	Env                map[string]string `json:"env,omitempty"`
-	ChunksMaxSizeBytes int               `json:"chunks_max_size_bytes,omitempty"`
-	Token              string            `json:"token,omitempty"`
-	ExitStatus         string            `json:"exit_status,omitempty"`
-	Signal             string            `json:"signal,omitempty"`
-	SignalReason       string            `json:"signal_reason,omitempty"`
-	StartedAt          string            `json:"started_at,omitempty"`
-	FinishedAt         string            `json:"finished_at,omitempty"`
-	RunnableAt         string            `json:"runnable_at,omitempty"`
-	ChunksFailedCount  int               `json:"chunks_failed_count,omitempty"`
+	ID                 string                     `json:"id,omitempty"`
+	Endpoint           string                     `json:"endpoint"`
+	State              string                     `json:"state,omitempty"`
+	Env                map[string]string          `json:"env,omitempty"`
+	Step               pipeline.CommandStep       `json:"step,omitempty"`
+	MatrixPermutation  pipeline.MatrixPermutation `json:"matrix_permutation,omitempty"`
+	ChunksMaxSizeBytes uint64                     `json:"chunks_max_size_bytes,omitempty"`
+	LogMaxSizeBytes    uint64                     `json:"log_max_size_bytes,omitempty"`
+	Token              string                     `json:"token,omitempty"`
+	ExitStatus         string                     `json:"exit_status,omitempty"`
+	Signal             string                     `json:"signal,omitempty"`
+	SignalReason       string                     `json:"signal_reason,omitempty"`
+	StartedAt          string                     `json:"started_at,omitempty"`
+	FinishedAt         string                     `json:"finished_at,omitempty"`
+	RunnableAt         string                     `json:"runnable_at,omitempty"`
+	ChunksFailedCount  int                        `json:"chunks_failed_count,omitempty"`
 }
 
 type JobState struct {
@@ -40,7 +45,7 @@ type jobFinishRequest struct {
 
 // GetJobState returns the state of a given job
 func (c *Client) GetJobState(ctx context.Context, id string) (*JobState, *Response, error) {
-	u := fmt.Sprintf("jobs/%s", id)
+	u := fmt.Sprintf("jobs/%s", railsPathEscape(id))
 
 	req, err := c.newRequest(ctx, "GET", u, nil)
 	if err != nil {
@@ -58,7 +63,7 @@ func (c *Client) GetJobState(ctx context.Context, id string) (*JobState, *Respon
 
 // Acquires a job using its ID
 func (c *Client) AcquireJob(ctx context.Context, id string, headers ...Header) (*Job, *Response, error) {
-	u := fmt.Sprintf("jobs/%s/acquire", id)
+	u := fmt.Sprintf("jobs/%s/acquire", railsPathEscape(id))
 
 	req, err := c.newRequest(ctx, "PUT", u, nil, headers...)
 	if err != nil {
@@ -78,7 +83,7 @@ func (c *Client) AcquireJob(ctx context.Context, id string, headers ...Header) (
 // environment variables (when a job is accepted, the agents environment is
 // applied to the job)
 func (c *Client) AcceptJob(ctx context.Context, job *Job) (*Job, *Response, error) {
-	u := fmt.Sprintf("jobs/%s/accept", job.ID)
+	u := fmt.Sprintf("jobs/%s/accept", railsPathEscape(job.ID))
 
 	req, err := c.newRequest(ctx, "PUT", u, nil)
 	if err != nil {
@@ -96,7 +101,7 @@ func (c *Client) AcceptJob(ctx context.Context, job *Job) (*Job, *Response, erro
 
 // StartJob starts the passed in job
 func (c *Client) StartJob(ctx context.Context, job *Job) (*Response, error) {
-	u := fmt.Sprintf("jobs/%s/start", job.ID)
+	u := fmt.Sprintf("jobs/%s/start", railsPathEscape(job.ID))
 
 	req, err := c.newRequest(ctx, "PUT", u, &jobStartRequest{
 		StartedAt: job.StartedAt,
@@ -110,7 +115,7 @@ func (c *Client) StartJob(ctx context.Context, job *Job) (*Response, error) {
 
 // FinishJob finishes the passed in job
 func (c *Client) FinishJob(ctx context.Context, job *Job) (*Response, error) {
-	u := fmt.Sprintf("jobs/%s/finish", job.ID)
+	u := fmt.Sprintf("jobs/%s/finish", railsPathEscape(job.ID))
 
 	req, err := c.newRequest(ctx, "PUT", u, &jobFinishRequest{
 		FinishedAt:        job.FinishedAt,
diff --git a/vendor/github.com/buildkite/agent/v3/api/meta_data.go b/vendor/github.com/buildkite/agent/v3/api/meta_data.go
index 384c2e748..a9a591320 100644
--- a/vendor/github.com/buildkite/agent/v3/api/meta_data.go
+++ b/vendor/github.com/buildkite/agent/v3/api/meta_data.go
@@ -20,7 +20,7 @@ type MetaDataExists struct {
 
 // Sets the meta data value
 func (c *Client) SetMetaData(ctx context.Context, jobId string, metaData *MetaData) (*Response, error) {
-	u := fmt.Sprintf("jobs/%s/data/set", jobId)
+	u := fmt.Sprintf("jobs/%s/data/set", railsPathEscape(jobId))
 
 	req, err := c.newRequest(ctx, "POST", u, metaData)
 	if err != nil {
@@ -36,7 +36,7 @@ func (c *Client) GetMetaData(ctx context.Context, scope, id, key string) (*MetaD
 		return nil, nil, errors.New("scope must either be job or build")
 	}
 
-	u := fmt.Sprintf("%ss/%s/data/get", scope, id)
+	u := fmt.Sprintf("%ss/%s/data/get", scope, railsPathEscape(id))
 	m := &MetaData{Key: key}
 
 	req, err := c.newRequest(ctx, "POST", u, m)
@@ -58,7 +58,7 @@ func (c *Client) ExistsMetaData(ctx context.Context, scope, id, key string) (*Me
 		return nil, nil, errors.New("scope must either be job or build")
 	}
 
-	u := fmt.Sprintf("%ss/%s/data/exists", scope, id)
+	u := fmt.Sprintf("%ss/%s/data/exists", scope, railsPathEscape(id))
 	m := &MetaData{Key: key}
 
 	req, err := c.newRequest(ctx, "POST", u, m)
@@ -80,7 +80,7 @@ func (c *Client) MetaDataKeys(ctx context.Context, scope, id string) ([]string,
 		return nil, nil, errors.New("scope must either be job or build")
 	}
 
-	u := fmt.Sprintf("%ss/%s/data/keys", scope, id)
+	u := fmt.Sprintf("%ss/%s/data/keys", scope, railsPathEscape(id))
 
 	req, err := c.newRequest(ctx, "POST", u, nil)
 	if err != nil {
diff --git a/vendor/github.com/buildkite/agent/v3/api/oidc.go b/vendor/github.com/buildkite/agent/v3/api/oidc.go
index a25f0302b..d11e35726 100644
--- a/vendor/github.com/buildkite/agent/v3/api/oidc.go
+++ b/vendor/github.com/buildkite/agent/v3/api/oidc.go
@@ -27,7 +27,7 @@ func (c *Client) OIDCToken(ctx context.Context, methodReq *OIDCTokenRequest) (*O
 		Claims:   methodReq.Claims,
 	}
 
-	u := fmt.Sprintf("jobs/%s/oidc/tokens", methodReq.Job)
+	u := fmt.Sprintf("jobs/%s/oidc/tokens", railsPathEscape(methodReq.Job))
 	httpReq, err := c.newRequest(ctx, "POST", u, m)
 	if err != nil {
 		return nil, nil, err
diff --git a/vendor/github.com/buildkite/agent/v3/api/pipelines.go b/vendor/github.com/buildkite/agent/v3/api/pipelines.go
index e585fb1cd..323c8479f 100644
--- a/vendor/github.com/buildkite/agent/v3/api/pipelines.go
+++ b/vendor/github.com/buildkite/agent/v3/api/pipelines.go
@@ -28,7 +28,7 @@ func (c *Client) UploadPipeline(
 	pipeline *PipelineChange,
 	headers ...Header,
 ) (*Response, error) {
-	u := fmt.Sprintf("jobs/%s/pipelines?async=true", jobId)
+	u := fmt.Sprintf("jobs/%s/pipelines?async=true", railsPathEscape(jobId))
 
 	req, err := c.newRequest(ctx, "POST", u, pipeline, headers...)
 	if err != nil {
@@ -44,7 +44,7 @@ func (c *Client) PipelineUploadStatus(
 	uuid string,
 	headers ...Header,
 ) (*PipelineUploadStatus, *Response, error) {
-	u := fmt.Sprintf("jobs/%s/pipelines/%s", jobId, uuid)
+	u := fmt.Sprintf("jobs/%s/pipelines/%s", railsPathEscape(jobId), railsPathEscape(uuid))
 
 	req, err := c.newRequest(ctx, "GET", u, nil, headers...)
 	if err != nil {
diff --git a/vendor/github.com/buildkite/agent/v3/api/steps.go b/vendor/github.com/buildkite/agent/v3/api/steps.go
index a428b2e1a..b8ab745e7 100644
--- a/vendor/github.com/buildkite/agent/v3/api/steps.go
+++ b/vendor/github.com/buildkite/agent/v3/api/steps.go
@@ -18,7 +18,7 @@ type StepExportResponse struct {
 
 // StepExport gets an attribute from step
 func (c *Client) StepExport(ctx context.Context, stepIdOrKey string, stepGetRequest *StepExportRequest) (*StepExportResponse, *Response, error) {
-	u := fmt.Sprintf("steps/%s/export", stepIdOrKey)
+	u := fmt.Sprintf("steps/%s/export", railsPathEscape(stepIdOrKey))
 
 	req, err := c.newRequest(ctx, "POST", u, stepGetRequest)
 	if err != nil {
@@ -45,7 +45,7 @@ type StepUpdate struct {
 
 // StepUpdate updates a step
 func (c *Client) StepUpdate(ctx context.Context, stepIdOrKey string, stepUpdate *StepUpdate) (*Response, error) {
-	u := fmt.Sprintf("steps/%s", stepIdOrKey)
+	u := fmt.Sprintf("steps/%s", railsPathEscape(stepIdOrKey))
 
 	req, err := c.newRequest(ctx, "PUT", u, stepUpdate)
 	if err != nil {
diff --git a/vendor/github.com/buildkite/agent/v3/env/environment.go b/vendor/github.com/buildkite/agent/v3/env/environment.go
new file mode 100644
index 000000000..a62c5dc7e
--- /dev/null
+++ b/vendor/github.com/buildkite/agent/v3/env/environment.go
@@ -0,0 +1,298 @@
+// Package env provides utilities for dealing with environment variables.
+//
+// It is intended for internal use by buildkite-agent only.
+package env
+
+import (
+	"encoding/json"
+	"runtime"
+	"sort"
+	"strings"
+
+	"github.com/puzpuzpuz/xsync/v2"
+)
+
+// Environment is a map of environment variables, with the keys normalized
+// for case-insensitive operating systems
+type Environment struct {
+	underlying *xsync.MapOf[string, string]
+}
+
+func New() *Environment {
+	return &Environment{underlying: xsync.NewMapOf[string]()}
+}
+
+func NewWithLength(length int) *Environment {
+	return &Environment{underlying: xsync.NewMapOfPresized[string](length)}
+}
+
+func FromMap(m map[string]string) *Environment {
+	env := &Environment{underlying: xsync.NewMapOfPresized[string](len(m))}
+
+	for k, v := range m {
+		env.Set(k, v)
+	}
+
+	return env
+}
+
+// Split splits an environment variable (in the form "name=value") into the name
+// and value substrings. If there is no '=', or the first '=' is at the start,
+// it returns `"", "", false`.
+func Split(l string) (name, value string, ok bool) {
+	// Variable names should not contain '=' on any platform...and yet Windows
+	// creates environment variables beginning with '=' in some circumstances.
+	// See https://github.com/golang/go/issues/49886.
+	// Dropping them matches the previous behaviour on Windows, which used SET
+	// to obtain the state of environment variables.
+	i := strings.IndexRune(l, '=')
+	// Either there is no '=', or it is at the start of the string.
+	// Both are disallowed.
+	if i <= 0 {
+		return "", "", false
+	}
+	return l[:i], l[i+1:], true
+}
+
+// FromSlice creates a new environment from a string slice of KEY=VALUE
+func FromSlice(s []string) *Environment {
+	env := NewWithLength(len(s))
+
+	for _, l := range s {
+		if k, v, ok := Split(l); ok {
+			env.Set(k, v)
+		}
+	}
+
+	return env
+}
+
+// Dump returns a copy of the environment with all keys normalized
+func (e *Environment) Dump() map[string]string {
+	d := make(map[string]string, e.underlying.Size())
+	e.underlying.Range(func(k, v string) bool {
+		d[normalizeKeyName(k)] = v
+		return true
+	})
+
+	return d
+}
+
+// Get returns a key from the environment
+func (e *Environment) Get(key string) (string, bool) {
+	v, ok := e.underlying.Load(normalizeKeyName(key))
+	return v, ok
+}
+
+// Get a boolean value from environment, with a default for empty. Supports true|false, on|off, 1|0
+func (e *Environment) GetBool(key string, defaultValue bool) bool {
+	v, _ := e.Get(key)
+
+	switch strings.ToLower(v) {
+	case "on", "1", "enabled", "true":
+		return true
+	case "off", "0", "disabled", "false":
+		return false
+	default:
+		return defaultValue
+	}
+}
+
+// Exists returns true/false depending on whether or not the key exists in the env
+func (e *Environment) Exists(key string) bool {
+	_, ok := e.underlying.Load(normalizeKeyName(key))
+	return ok
+}
+
+// Set sets a key in the environment
+func (e *Environment) Set(key string, value string) string {
+	e.underlying.Store(normalizeKeyName(key), value)
+	return value
+}
+
+// Remove a key from the Environment and return its value
+func (e *Environment) Remove(key string) string {
+	value, ok := e.Get(key)
+	if ok {
+		e.underlying.Delete(normalizeKeyName(key))
+	}
+	return value
+}
+
+// Length returns the length of the environment
+func (e *Environment) Length() int {
+	return e.underlying.Size()
+}
+
+// Diff returns a new environment with the keys and values from this
+// environment which are different in the other one.
+func (e *Environment) Diff(other *Environment) Diff {
+	diff := Diff{
+		Added:   make(map[string]string),
+		Changed: make(map[string]DiffPair),
+		Removed: make(map[string]struct{}, 0),
+	}
+
+	if other == nil {
+		e.underlying.Range(func(k, _ string) bool {
+			diff.Removed[k] = struct{}{}
+			return true
+		})
+
+		return diff
+	}
+
+	e.underlying.Range(func(k, v string) bool {
+		other, ok := other.Get(k)
+		if !ok {
+			// This environment has added this key to other
+			diff.Added[k] = v
+			return true
+		}
+
+		if other != v {
+			diff.Changed[k] = DiffPair{
+				Old: other,
+				New: v,
+			}
+		}
+
+		return true
+	})
+
+	other.underlying.Range(func(k, _ string) bool {
+		if _, ok := e.Get(k); !ok {
+			diff.Removed[k] = struct{}{}
+		}
+
+		return true
+	})
+
+	return diff
+}
+
+// Merge merges another env into this one and returns the result
+func (e *Environment) Merge(other *Environment) {
+	if other == nil {
+		return
+	}
+
+	other.underlying.Range(func(k, v string) bool {
+		e.Set(k, v)
+		return true
+	})
+}
+
+func (e *Environment) Apply(diff Diff) {
+	for k, v := range diff.Added {
+		e.Set(k, v)
+	}
+	for k, v := range diff.Changed {
+		e.Set(k, v.New)
+	}
+	for k := range diff.Removed {
+		e.Remove(k)
+	}
+}
+
+// Copy returns a copy of the env
+func (e *Environment) Copy() *Environment {
+	if e == nil {
+		return New()
+	}
+
+	c := New()
+
+	e.underlying.Range(func(k, v string) bool {
+		c.Set(k, v)
+		return true
+	})
+
+	return c
+}
+
+// ToSlice returns a sorted slice representation of the environment
+func (e *Environment) ToSlice() []string {
+	s := []string{}
+	e.underlying.Range(func(k, v string) bool {
+		s = append(s, k+"="+v)
+		return true
+	})
+
+	// Ensure they are in a consistent order (helpful for tests)
+	sort.Strings(s)
+
+	return s
+}
+
+func (e *Environment) MarshalJSON() ([]byte, error) {
+	return json.Marshal(e.Dump())
+}
+
+func (e *Environment) UnmarshalJSON(data []byte) error {
+	var raw map[string]string
+	if err := json.Unmarshal(data, &raw); err != nil {
+		return err
+	}
+
+	e.underlying = xsync.NewMapOfPresized[string](len(raw))
+	for k, v := range raw {
+		e.Set(k, v)
+	}
+
+	return nil
+}
+
+// Environment variables on Windows are case-insensitive. When you run `SET`
+// within a Windows command prompt, you'll see variables like this:
+//
+//	...
+//	Path=C:\Program Files (x86)\Parallels\Parallels Tools\Applications;...
+//	PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 94 Stepping 3, GenuineIntel
+//	SystemDrive=C:
+//	SystemRoot=C:\Windows
+//	...
+//
+// There's a mix of both CamelCase and UPPERCASE, but the can all be accessed
+// regardless of the case you use. So PATH is the same as Path, PAth, pATH,
+// and so on.
+//
+// os.Environ() in Golang returns key/values in the original casing, so it
+// returns a slice like this:
+//
+//	{ "Path=...", "PROCESSOR_IDENTIFIER=...", "SystemRoot=..." }
+//
+// Users of env.Environment shouldn't need to care about this.
+// env.Get("PATH") should "just work" on Windows. This means on Windows
+// machines, we'll normalise all the keys that go in/out of this API.
+//
+// Unix systems _are_ case sensitive when it comes to ENV, so we'll just leave
+// that alone.
+func normalizeKeyName(key string) string {
+	if runtime.GOOS == "windows" {
+		return strings.ToUpper(key)
+	} else {
+		return key
+	}
+}
+
+type Diff struct {
+	Added   map[string]string
+	Changed map[string]DiffPair
+	Removed map[string]struct{}
+}
+
+type DiffPair struct {
+	Old string
+	New string
+}
+
+func (diff *Diff) Remove(key string) {
+	delete(diff.Added, key)
+	delete(diff.Changed, key)
+	delete(diff.Removed, key)
+}
+
+func (diff *Diff) Empty() bool {
+	return len(diff.Added) == 0 && len(diff.Changed) == 0 && len(diff.Removed) == 0
+}
diff --git a/vendor/github.com/buildkite/agent/v3/internal/ordered/map.go b/vendor/github.com/buildkite/agent/v3/internal/ordered/map.go
new file mode 100644
index 000000000..eb521d746
--- /dev/null
+++ b/vendor/github.com/buildkite/agent/v3/internal/ordered/map.go
@@ -0,0 +1,417 @@
+// Package ordered implements an ordered map type.
+package ordered
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+
+	"github.com/google/go-cmp/cmp"
+	"gopkg.in/yaml.v3"
+)
+
+var _ interface {
+	json.Marshaler
+	json.Unmarshaler
+	yaml.IsZeroer
+	yaml.Marshaler
+	yaml.Unmarshaler
+} = (*Map[string, any])(nil)
+
+// Map is an order-preserving map with string keys. It is intended for working
+// with YAML in an order-preserving way (off-spec, strictly speaking) and JSON
+// (more of the same).
+type Map[K comparable, V any] struct {
+	items []Tuple[K, V]
+	index map[K]int
+}
+
+// MapSS is a convenience alias to reduce keyboard wear.
+type MapSS = Map[string, string]
+
+// MapSA is a convenience alias to reduce keyboard wear.
+type MapSA = Map[string, any]
+
+// NewMap returns a new empty map with a given initial capacity.
+func NewMap[K comparable, V any](cap int) *Map[K, V] {
+	return &Map[K, V]{
+		items: make([]Tuple[K, V], 0, cap),
+		index: make(map[K]int, cap),
+	}
+}
+
+// MapFromItems creates an Map with some items.
+func MapFromItems[K comparable, V any](ps ...Tuple[K, V]) *Map[K, V] {
+	m := NewMap[K, V](len(ps))
+	for _, p := range ps {
+		m.Set(p.Key, p.Value)
+	}
+	return m
+}
+
+// Len returns the number of items in the map.
+func (m *Map[K, V]) Len() int {
+	if m == nil {
+		return 0
+	}
+	return len(m.index)
+}
+
+// IsZero reports if m is nil or empty. It is used by yaml.v3 to check
+// emptiness.
+func (m *Map[K, V]) IsZero() bool {
+	return m == nil || len(m.index) == 0
+}
+
+// Get retrieves the value associated with a key, and reports if it was found.
+func (m *Map[K, V]) Get(k K) (V, bool) {
+	var zv V
+	if m == nil {
+		return zv, false
+	}
+	idx, ok := m.index[k]
+	if !ok {
+		return zv, false
+	}
+	return m.items[idx].Value, true
+}
+
+// Contains reports if the map contains the key.
+func (m *Map[K, V]) Contains(k K) bool {
+	if m == nil {
+		return false
+	}
+	_, has := m.index[k]
+	return has
+}
+
+// Set sets the value for the given key. If the key exists, it remains in its
+// existing spot, otherwise it is added to the end of the map.
+func (m *Map[K, V]) Set(k K, v V) {
+	// Suppose someone makes Map with new(Map). The one thing we need to not be
+	// nil will be nil.
+	if m.index == nil {
+		m.index = make(map[K]int, 1)
+	}
+
+	// Replace existing value?
+	if idx, exists := m.index[k]; exists {
+		m.items[idx].Value = v
+		return
+	}
+
+	// Append new item.
+	m.index[k] = len(m.items)
+	m.items = append(m.items, Tuple[K, V]{
+		Key:   k,
+		Value: v,
+	})
+}
+
+// Replace replaces an old key in the same spot with a new key and value.
+// If the old key doesn't exist in the map, the item is inserted at the end.
+// If the new key already exists in the map (and isn't equal to the old key),
+// then it is deleted.
+// This provides a way to change a single key in-place (easier than deleting the
+// old key and all later keys, adding the new key, then restoring the rest).
+func (m *Map[K, V]) Replace(old, new K, v V) {
+	// Suppose someone makes Map with new(Map). The one thing we need to not be
+	// nil will be nil.
+	if m.index == nil {
+		m.index = make(map[K]int, 1)
+	}
+
+	// idx is where the item will go
+	idx, exists := m.index[old]
+	if !exists {
+		// Point idx at the end of m.items and ensure there is an item there.
+		idx = len(m.items)
+		m.items = append(m.items, Tuple[K, V]{})
+	}
+
+	// If the key changed, there's some tidyup...
+	if old != new {
+		// If "new" already exists in the map, then delete it first. The intent
+		// of Replace is to put the item where "old" is but under "new", so if
+		// "new" already exists somewhere else, adding it where "old" is would
+		// be getting out of hand (now there are two of them).
+		if newidx, exists := m.index[new]; exists {
+			m.items[newidx].deleted = true
+		}
+
+		// Delete "old" from the index and update "new" to point to idx
+		delete(m.index, old)
+		m.index[new] = idx
+	}
+
+	// Put the item into m.items at idx.
+	m.items[idx] = Tuple[K, V]{
+		Key:   new,
+		Value: v,
+	}
+}
+
+// Delete deletes a key from the map. It does nothing if the key is not in the
+// map.
+func (m *Map[K, V]) Delete(k K) {
+	if m == nil {
+		return
+	}
+	idx, ok := m.index[k]
+	if !ok {
+		return
+	}
+	m.items[idx].deleted = true
+	delete(m.index, k)
+
+	// If half the pairs have been deleted, perform a compaction.
+	if len(m.items) >= 2*len(m.index) {
+		m.compact()
+	}
+}
+
+// ToMap creates a regular (un-ordered) map containing the same data. If m is
+// nil, ToMap returns nil.
+func (m *Map[K, V]) ToMap() map[K]V {
+	if m == nil {
+		return nil
+	}
+	um := make(map[K]V, len(m.index))
+	m.Range(func(k K, v V) error {
+		um[k] = v
+		return nil
+	})
+	return um
+}
+
+// ToMapRecursive converts a weakly typed nested structure consisting of
+// *Map[string, any], []any, and any (i.e. output from DecodeYAML),
+// into one containing the same data but where each *Map[string, any] is
+// map[string]any.
+func ToMapRecursive(src any) any {
+	switch tsrc := src.(type) {
+	case *Map[string, any]:
+		um := make(map[string]any, len(tsrc.index))
+		tsrc.Range(func(k string, v any) error {
+			um[k] = ToMapRecursive(v)
+			return nil
+		})
+		return um
+
+	case []any:
+		s := make([]any, len(tsrc))
+		for i, e := range tsrc {
+			s[i] = ToMapRecursive(e)
+		}
+		return s
+
+	default:
+		return src
+	}
+}
+
+// Equal reports if the two maps are equal (they contain the same items in the
+// same order). Keys are compared directly; values are compared using go-cmp
+// (provided with Equal[string, any] and Equal[string, string] as a comparers).
+func Equal[K comparable, V any](a, b *Map[K, V]) bool {
+	if a == nil || b == nil {
+		return a == b
+	}
+	if a.Len() != b.Len() {
+		return false
+	}
+	i, j := 0, 0
+	for i < len(a.items) && j < len(b.items) {
+		for a.items[i].deleted {
+			i++
+		}
+		for b.items[j].deleted {
+			j++
+		}
+		if a.items[i].Key != b.items[j].Key {
+			return false
+		}
+		if !cmp.Equal(a.items[i].Value, b.items[j].Value, cmp.Comparer(Equal[string, string]), cmp.Comparer(Equal[string, any])) {
+			return false
+		}
+		i++
+		j++
+	}
+	return true
+}
+
+// EqualSS is a convenience alias to reduce keyboard wear.
+var EqualSS = Equal[string, string]
+
+// EqualSA is a convenience alias to reduce keyboard wear.
+var EqualSA = Equal[string, any]
+
+// compact re-organises the internal storage of the Map.
+func (m *Map[K, V]) compact() {
+	pairs := make([]Tuple[K, V], 0, len(m.index))
+	for _, p := range m.items {
+		if p.deleted {
+			continue
+		}
+		m.index[p.Key] = len(pairs)
+		pairs = append(pairs, Tuple[K, V]{
+			Key:   p.Key,
+			Value: p.Value,
+		})
+	}
+	m.items = pairs
+}
+
+// Range ranges over the map (in order). If f returns an error, it stops ranging
+// and returns that error.
+func (m *Map[K, V]) Range(f func(k K, v V) error) error {
+	if m.IsZero() {
+		return nil
+	}
+	for _, p := range m.items {
+		if p.deleted {
+			continue
+		}
+		if err := f(p.Key, p.Value); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+// MarshalJSON marshals the ordered map to JSON. It preserves the map order in
+// the output.
+func (m *Map[K, V]) MarshalJSON() ([]byte, error) {
+	// NB: writes to b don't error, but JSON encoding could error.
+	var b bytes.Buffer
+	enc := json.NewEncoder(&b)
+	b.WriteRune('{')
+	first := true
+	err := m.Range(func(k K, v V) error {
+		if !first {
+			// Separating comma.
+			b.WriteRune(',')
+		}
+		first = false
+		if err := enc.Encode(k); err != nil {
+			return err
+		}
+		b.WriteRune(':')
+		return enc.Encode(v)
+	})
+	if err != nil {
+		return nil, err
+	}
+	b.WriteRune('}')
+	return b.Bytes(), nil
+}
+
+// MarshalYAML returns a *yaml.Node encoding this map (in order), or an error
+// if any of the items could not be encoded into a *yaml.Node.
+func (m *Map[K, V]) MarshalYAML() (any, error) {
+	n := &yaml.Node{
+		Kind: yaml.MappingNode,
+		Tag:  "!!map",
+	}
+	err := m.Range(func(k K, v V) error {
+		nk, nv := new(yaml.Node), new(yaml.Node)
+		if err := nk.Encode(k); err != nil {
+			return err
+		}
+		if err := nv.Encode(v); err != nil {
+			return err
+		}
+		n.Content = append(n.Content, nk, nv)
+		return nil
+	})
+
+	if err != nil {
+		return nil, err
+	}
+	return n, nil
+}
+
+// UnmarshalJSON unmarshals to JSON. It only supports K = string.
+// This is yaml.Unmarshal in a trenchcoat (YAML is a superset of JSON).
+func (m *Map[K, V]) UnmarshalJSON(b []byte) error {
+	return yaml.Unmarshal(b, m)
+}
+
+// UnmarshalYAML unmarshals a YAML mapping node into this map. It only supports
+// K = string. Where yaml.v3 typically infers map[string]any for unmarshaling
+// mappings into any, this method chooses *Map[string, any] instead.
+// If V = *yaml.Node, then the value nodes are not decoded. This is useful for
+// a shallow unmarshaling step.
+func (m *Map[K, V]) UnmarshalYAML(n *yaml.Node) error {
+	om, ok := any(m).(*Map[string, V])
+	if !ok {
+		var zk K
+		return fmt.Errorf("cannot unmarshal into ordered.Map with key type %T (want string)", zk)
+	}
+
+	if n.Kind != yaml.MappingNode {
+		return fmt.Errorf("line %d, col %d: wrong kind (got %x, want %x)", n.Line, n.Column, n.Kind, yaml.MappingNode)
+	}
+
+	switch tm := any(m).(type) {
+	case *Map[string, any]:
+		// Use DecodeYAML, then steal the contents.
+		sm, err := DecodeYAML(n)
+		if err != nil {
+			return err
+		}
+		*tm = *sm.(*Map[string, any])
+		return nil
+
+	case *Map[string, *yaml.Node]:
+		// Load into the map without any value decoding.
+		return rangeYAMLMap(n, func(key string, val *yaml.Node) error {
+			tm.Set(key, val)
+			return nil
+		})
+
+	default:
+		return rangeYAMLMap(n, func(key string, val *yaml.Node) error {
+			// Try DecodeYAML? (maybe V is a type like []any).
+			nv, err := DecodeYAML(val)
+			if err != nil {
+				return err
+			}
+			v, ok := nv.(V)
+			if !ok {
+				// Let yaml.v3 choose what to do with the specific type.
+				if err := val.Decode(&v); err != nil {
+					return err
+				}
+			}
+			om.Set(key, v)
+			return nil
+		})
+	}
+}
+
+// AssertValues converts a map with "any" values into a map with V values by
+// type-asserting each value. It returns an error if any value is not
+// assertable to V.
+func AssertValues[V any](m *MapSA) (*Map[string, V], error) {
+	msv := NewMap[string, V](m.Len())
+	return msv, m.Range(func(k string, v any) error {
+		t, ok := v.(V)
+		if !ok {
+			return fmt.Errorf("value for key %q (type %T) is not assertable to %T", k, v, t)
+		}
+		msv.Set(k, t)
+		return nil
+	})
+}
+
+// TransformValues converts a map with V1 values into a map with V2 values by
+// running each value through a function.
+func TransformValues[K comparable, V1, V2 any](m *Map[K, V1], f func(V1) V2) *Map[K, V2] {
+	m2 := NewMap[K, V2](m.Len())
+	m.Range(func(k K, v V1) error {
+		m2.Set(k, f(v))
+		return nil
+	})
+	return m2
+}
diff --git a/vendor/github.com/buildkite/agent/v3/internal/ordered/slice.go b/vendor/github.com/buildkite/agent/v3/internal/ordered/slice.go
new file mode 100644
index 000000000..b60ad39c3
--- /dev/null
+++ b/vendor/github.com/buildkite/agent/v3/internal/ordered/slice.go
@@ -0,0 +1,30 @@
+package ordered
+
+import (
+	"fmt"
+
+	"gopkg.in/yaml.v3"
+)
+
+var _ yaml.Unmarshaler = (*Slice)(nil)
+
+// Slice is []any, but unmarshaling into it prefers *Map[string,any] over
+// map[string]any.
+type Slice []any
+
+// UnmarshalYAML unmarshals sequence nodes. Any mapping nodes are unmarshaled
+// as *Map[string,any].
+func (s *Slice) UnmarshalYAML(n *yaml.Node) error {
+	if n.Kind != yaml.SequenceNode {
+		return fmt.Errorf("line %d, col %d: unsupported kind %x for unmarshaling Slice (want %x)", n.Line, n.Column, n.Kind, yaml.SequenceNode)
+	}
+	seen := make(map[*yaml.Node]bool)
+	for _, c := range n.Content {
+		cv, err := decodeYAML(seen, c)
+		if err != nil {
+			return err
+		}
+		*s = append(*s, cv)
+	}
+	return nil
+}
diff --git a/vendor/github.com/buildkite/agent/v3/internal/ordered/strings.go b/vendor/github.com/buildkite/agent/v3/internal/ordered/strings.go
new file mode 100644
index 000000000..198af399d
--- /dev/null
+++ b/vendor/github.com/buildkite/agent/v3/internal/ordered/strings.go
@@ -0,0 +1,39 @@
+package ordered
+
+import (
+	"fmt"
+
+	"gopkg.in/yaml.v3"
+)
+
+// Strings is []string, but unmarshaling handles both sequences and single
+// scalars.
+type Strings []string
+
+// UnmarshalYAML unmarshals n depending on its Kind as either
+// - a sequence of strings (into a slice), or
+// - a single string (into a one-element slice).
+// For example, unmarshaling either `["foo"]` or `"foo"` should result in a
+// one-element slice (`Strings{"foo"}`).
+func (s *Strings) UnmarshalYAML(n *yaml.Node) error {
+	switch n.Kind {
+	case yaml.ScalarNode:
+		var x string
+		if err := n.Decode(&x); err != nil {
+			return err
+		}
+		*s = append(*s, x)
+
+	case yaml.SequenceNode:
+		var xs []string
+		if err := n.Decode(&xs); err != nil {
+			return err
+		}
+		*s = append(*s, xs...)
+
+	default:
+		return fmt.Errorf("line %d, col %d: unsupported kind %x for unmarshaling Strings (want %x or %x)", n.Line, n.Column, n.Kind, yaml.ScalarNode, yaml.SequenceNode)
+	}
+
+	return nil
+}
diff --git a/vendor/github.com/buildkite/agent/v3/internal/ordered/tuple.go b/vendor/github.com/buildkite/agent/v3/internal/ordered/tuple.go
new file mode 100644
index 000000000..4c9006f8e
--- /dev/null
+++ b/vendor/github.com/buildkite/agent/v3/internal/ordered/tuple.go
@@ -0,0 +1,15 @@
+package ordered
+
+// Tuple is used for storing values in Map.
+type Tuple[K comparable, V any] struct {
+	Key   K
+	Value V
+
+	deleted bool
+}
+
+// TupleSS is a convenience alias to reduce keyboard wear.
+type TupleSS = Tuple[string, string]
+
+// TupleSA is a convenience alias to reduce keyboard wear.
+type TupleSA = Tuple[string, any]
diff --git a/vendor/github.com/buildkite/agent/v3/internal/ordered/unmarshal.go b/vendor/github.com/buildkite/agent/v3/internal/ordered/unmarshal.go
new file mode 100644
index 000000000..fb254093e
--- /dev/null
+++ b/vendor/github.com/buildkite/agent/v3/internal/ordered/unmarshal.go
@@ -0,0 +1,384 @@
+package ordered
+
+import (
+	"errors"
+	"fmt"
+	"reflect"
+	"strings"
+
+	"gopkg.in/yaml.v3"
+)
+
+// Errors that can be returned by Unmarshal
+// (typically wrapped - use errors.Is).
+var (
+	ErrIntoNonPointer       = errors.New("cannot unmarshal into non-pointer")
+	ErrIntoNil              = errors.New("cannot unmarshal into nil")
+	ErrIncompatibleTypes    = errors.New("incompatible types")
+	ErrUnsupportedSrc       = errors.New("cannot unmarshal from src")
+	ErrMultipleInlineFields = errors.New(`multiple fields tagged with yaml:",inline"`)
+)
+
+// Unmarshaler is an interface that types can use to override the default
+// unmarshaling behaviour.
+type Unmarshaler interface {
+	// UnmarshalOrdered should unmarshal src into the implementing value. src
+	// will generally be one of *Map[string, any], []any, or a "scalar" built-in
+	// type.
+	UnmarshalOrdered(src any) error
+}
+
+// Unmarshal recursively unmarshals src into dst. src and dst can be a variety
+// of types under the hood, but some combinations don't work. Good luck!
+//
+//   - If dst is nil, then src must be nil.
+//   - If src is yaml.Node or *yaml.Node, then DecodeYAML is called to translate
+//     the node into another type.
+//   - If dst is a pointer and src is nil, then the value dst points to is set
+//     to zero.
+//   - If dst is a pointer to a pointer, Unmarshal recursively calls Unmarshal
+//     on the inner pointer, creating a new value of the type being pointed to
+//     as needed.
+//   - If dst implements Unmarshaler, Unmarshal returns
+//     dst.UnmarshalOrdered(src).
+//   - If dst is *any, Unmarshal copies src directly into *dst.
+//
+// Otherwise, it acts a lot like yaml.Unmarshal, except that the type S of src
+// and type D of dst can be one of the following:
+//
+//   - S = *Map[string, any] (recursively containing values with types from this
+//     list); D must be one of: a pointer to a struct with yaml tags,
+//     or a map or a pointer to a map (either *Map or map) with string keys.
+//     yaml tags includes ",inline". Inline fields must themselves be a type
+//     that Unmarshal can unmarshal *Map[string, any] into - another struct or
+//     Map or map with string keys.
+//   - S = []any (also recursively containing values with types from this list),
+//     which is recursively unmarshaled elementwise; D is *[]any or
+//     *[]somethingElse.
+//   - S ∊ {string, float64, int, bool}; D must be *S (value copied directly),
+//     *[]S or *[]any (value appended), *string (value formatted through
+//     fmt.Sprint) or *[]string (formatted value appended).
+func Unmarshal(src, dst any) error {
+	if dst == nil {
+		// This is interface nil (not typed nil, which has to be tested after
+		// figuring out the types).
+		if src == nil {
+			// Unmarshal nil into nil? Seems legit
+			return nil
+		}
+		return ErrIntoNil
+	}
+
+	// Apply DecodeYAML to yaml.Node or *yaml.Node first.
+	switch n := src.(type) {
+	case yaml.Node:
+		o, err := DecodeYAML(&n)
+		if err != nil {
+			return err
+		}
+		src = o
+
+	case *yaml.Node:
+		o, err := DecodeYAML(n)
+		if err != nil {
+			return err
+		}
+		src = o
+	}
+
+	if um, ok := dst.(Unmarshaler); ok {
+		return um.UnmarshalOrdered(src)
+	}
+
+	// Handle typed nil pointers, pointers to nil, and pointers to pointers.
+	// Note that vdst could still be a map.
+	vdst := reflect.ValueOf(dst)
+
+	// First, handle src == nil. dst must be a pointer to something or nil.
+	if src == nil {
+		if vdst.Kind() != reflect.Pointer {
+			return fmt.Errorf("%w (%T)", ErrIntoNonPointer, dst)
+		}
+		if vdst.IsNil() {
+			// Unmarshaling nil into nil... seems legit.
+			return nil
+		}
+		// Zero out the value pointed to by dst.
+		vdst.Elem().SetZero()
+		return nil
+	}
+
+	// src is not nil. dst is usually a pointer - is it nil? pointer to pointer?
+	if vdst.Kind() == reflect.Pointer {
+		// Unmarshaling into typed nil value?
+		if vdst.IsNil() {
+			return ErrIntoNil
+		}
+
+		// Non-nil pointer to something. Another pointer?
+		if edst := vdst.Elem(); edst.Kind() == reflect.Pointer {
+			// The type of the value being double-pointed to.
+			innerType := edst.Type().Elem()
+			if edst.IsNil() {
+				// Create a new value of the inner type.
+				edst.Set(reflect.New(innerType))
+			}
+
+			// Handle double pointers by recursing on the inner layer.
+			return Unmarshal(src, edst.Interface())
+		}
+	}
+
+	if tdst, ok := dst.(*any); ok {
+		*tdst = src
+		return nil
+	}
+
+	switch tsrc := src.(type) {
+	case *Map[string, any]:
+		return tsrc.decodeInto(dst)
+
+	case []any:
+		switch tdst := dst.(type) {
+		case *[]any:
+			*tdst = append(*tdst, tsrc...)
+
+		default:
+			if vdst.Kind() != reflect.Pointer {
+				return fmt.Errorf("%w (%T)", ErrIntoNonPointer, dst)
+			}
+			sdst := vdst.Elem() // The slice we append to, reflectively
+			if sdst.Kind() != reflect.Slice {
+				return fmt.Errorf("%w: cannot unmarshal []any into %T", ErrIncompatibleTypes, dst)
+			}
+			etype := sdst.Type().Elem() // E = Type of the slice's elements
+			for _, a := range tsrc {
+				x := reflect.New(etype) // *E
+				if err := Unmarshal(a, x.Interface()); err != nil {
+					return err
+				}
+				sdst = reflect.Append(sdst, x.Elem())
+			}
+			vdst.Elem().Set(sdst)
+		}
+
+	case string:
+		return unmarshalScalar(tsrc, dst)
+
+	case float64:
+		return unmarshalScalar(tsrc, dst)
+
+	case int:
+		return unmarshalScalar(tsrc, dst)
+
+	case bool:
+		return unmarshalScalar(tsrc, dst)
+
+	default:
+		return fmt.Errorf("%w %T", ErrUnsupportedSrc, src)
+	}
+
+	return nil
+}
+
+func unmarshalScalar[S any](src S, dst any) error {
+	switch tdst := dst.(type) {
+	case *S:
+		*tdst = src
+
+	case *[]S:
+		*tdst = append(*tdst, src)
+
+	case *[]any:
+		*tdst = append(*tdst, src)
+
+	case *string:
+		*tdst = fmt.Sprint(src)
+
+	case *[]string:
+		*tdst = append(*tdst, fmt.Sprint(src))
+
+	default:
+		return fmt.Errorf("%w: cannot unmarshal %T into %T", ErrIncompatibleTypes, src, dst)
+	}
+	return nil
+}
+
+// decodeInto loads the contents of the map into the target (pointer to struct).
+// It behaves sort of like `yaml.Node.Decode`:
+//
+//   - If target is a map type with string keys, it unmarshals its contents
+//     elementwise, with values passed through Unmarshal.
+//   - If target is *struct{...}, it matches keys to exported fields either
+//     by looking at `yaml` tags, or using lowercased field names.
+//   - If a field has a yaml:",inline" tag, it copies any leftover values into
+//     that field, which must have type map[string]any or any. (Structs are not
+//     supported for inline.)
+func (m *Map[K, V]) decodeInto(target any) error {
+	tm, ok := any(m).(*Map[string, any])
+	if !ok {
+		return fmt.Errorf("%w: cannot unmarshal from %T, want K=string, V=any", ErrIncompatibleTypes, m)
+	}
+
+	// Work out the kind of target being used.
+	// Dereference the target to find the inner value, if needed.
+	targetValue := reflect.ValueOf(target)
+	var innerValue reflect.Value
+	switch targetValue.Kind() {
+	case reflect.Pointer:
+		// Passed a pointer to something.
+		if targetValue.IsNil() {
+			return ErrIntoNil
+		}
+		innerValue = targetValue.Elem()
+
+	case reflect.Map:
+		// Passed a map directly.
+		innerValue = targetValue
+		if innerValue.IsNil() {
+			return ErrIntoNil
+		}
+
+	default:
+		return fmt.Errorf("%w: cannot unmarshal %T into %T, want map or *struct{...}", ErrIncompatibleTypes, m, target)
+	}
+
+	switch innerValue.Kind() {
+	case reflect.Map:
+		// Process the map directly.
+		mapType := innerValue.Type()
+		// For simplicity, require the key type to be string.
+		if keyType := mapType.Key(); keyType.Kind() != reflect.String {
+			return fmt.Errorf("%w for map key: cannot unmarshal %T into %T", ErrIncompatibleTypes, m, target)
+		}
+
+		// If target is a pointer to a nil map (with type), create a new map.
+		if innerValue.IsNil() {
+			innerValue.Set(reflect.MakeMapWithSize(mapType, tm.Len()))
+		}
+
+		valueType := mapType.Elem()
+		return tm.Range(func(k string, v any) error {
+			nv := reflect.New(valueType)
+			if err := Unmarshal(v, nv.Interface()); err != nil {
+				return err
+			}
+			innerValue.SetMapIndex(reflect.ValueOf(k), nv.Elem())
+			return nil
+		})
+
+	case reflect.Struct:
+		// The rest of the method is concerned with this.
+	default:
+		return fmt.Errorf("%w: cannot unmarshal %T into %T", ErrIncompatibleTypes, m, target)
+	}
+
+	// These are the (accessible by reflection) fields it has.
+	// This includes non-exported fields.
+	fields := reflect.VisibleFields(innerValue.Type())
+
+	var inlineField reflect.StructField
+	outlineKeys := make(map[string]struct{})
+
+	for _, field := range fields {
+		// Skip non-exported fields. This is conventional *and* correct.
+		if !field.IsExported() {
+			continue
+		}
+
+		// No worries if the tag is not there - apply defaults.
+		tag, _ := field.Tag.Lookup("yaml")
+
+		switch tag {
+		case "-":
+			// Note: if a field is skipped with "-", yaml.v3 still puts it into
+			// inline.
+			continue
+
+		case ",inline":
+			if inlineField.Index != nil {
+				return fmt.Errorf("%w %T", ErrMultipleInlineFields, target)
+			}
+			inlineField = field
+			continue
+		}
+
+		// default:
+		key, _, _ := strings.Cut(tag, ",")
+		if key == "" {
+			// yaml.v3 convention:
+			// "Struct fields ... are unmarshalled using the field name
+			// lowercased as the default key."
+			key = strings.ToLower(field.Name)
+		}
+
+		// Is there a value for this key?
+		v, has := tm.Get(key)
+		if !has {
+			continue
+		}
+
+		// Now load v into this field.
+		outlineKeys[key] = struct{}{}
+
+		// Get a pointer to the field. This works because target is a pointer.
+		ptrToField := innerValue.FieldByIndex(field.Index).Addr()
+		if err := Unmarshal(v, ptrToField.Interface()); err != nil {
+			return err
+		}
+	}
+
+	if inlineField.Index == nil {
+		return nil
+	}
+	// The rest is handling the ",inline" field.
+	// We support any field that Unmarshal can unmarshal tm into.
+
+	inlinePtr := innerValue.FieldByIndex(inlineField.Index).Addr()
+
+	// Copy all values that weren't non-inline fields into a temporary map.
+	// This is just to avoid mutating tm.
+	temp := NewMap[string, any](tm.Len())
+	tm.Range(func(k string, v any) error {
+		if _, outline := outlineKeys[k]; outline {
+			return nil
+		}
+		temp.Set(k, v)
+		return nil
+	})
+
+	// If the inline map contains nothing, then don't bother setting it.
+	if temp.Len() == 0 {
+		return nil
+	}
+
+	return Unmarshal(temp, inlinePtr.Interface())
+}
+
+// UnmarshalOrdered unmarshals a value into this map.
+// K must be string, src must be *Map[string, any], and each value in src must
+// be unmarshallable into *V.
+func (m *Map[K, V]) UnmarshalOrdered(src any) error {
+	if m == nil {
+		return ErrIntoNil
+	}
+
+	tm, ok := any(m).(*Map[string, V])
+	if !ok {
+		return fmt.Errorf("%w: receiver type %T, want K = string", ErrIncompatibleTypes, m)
+	}
+
+	tsrc, ok := src.(*Map[string, any])
+	if !ok {
+		return fmt.Errorf("%w: src type %T, want *Map[string, any]", ErrIncompatibleTypes, src)
+	}
+
+	return tsrc.Range(func(k string, v any) error {
+		var dv V
+		if err := Unmarshal(v, &dv); err != nil {
+			return err
+		}
+		tm.Set(k, dv)
+		return nil
+	})
+}
diff --git a/vendor/github.com/buildkite/agent/v3/internal/ordered/yaml.go b/vendor/github.com/buildkite/agent/v3/internal/ordered/yaml.go
new file mode 100644
index 000000000..fd5b4b156
--- /dev/null
+++ b/vendor/github.com/buildkite/agent/v3/internal/ordered/yaml.go
@@ -0,0 +1,260 @@
+package ordered
+
+import (
+	"fmt"
+
+	"gopkg.in/yaml.v3"
+)
+
+// DecodeYAML recursively unmarshals n into a generic type (any, []any, or
+// *Map[string, any]) depending on the kind of n. Where yaml.v3 typically infer
+// map[string]any for unmarshaling mappings into any, DecodeYAML chooses
+// *Map[string, any] instead.
+func DecodeYAML(n *yaml.Node) (any, error) {
+	return decodeYAML(make(map[*yaml.Node]bool), n)
+}
+
+// decode recursively unmarshals n into a generic type (any, []any, or
+// *Map[string, any]) depending on the kind of n.
+func decodeYAML(seen map[*yaml.Node]bool, n *yaml.Node) (any, error) {
+	// nil decodes to nil.
+	if n == nil {
+		return nil, nil
+	}
+
+	// If n has been seen already while processing the parents of n, it's an
+	// infinite recursion.
+	// Simple example:
+	// ---
+	// a: &a  // seen is empty on encoding a
+	//   b: *a   // seen contains a while encoding b
+	if seen[n] {
+		return nil, fmt.Errorf("line %d, col %d: infinite recursion", n.Line, n.Column)
+	}
+	seen[n] = true
+
+	// n needs to be "un-seen" when this layer of recursion is done:
+	defer delete(seen, n)
+	// Why? seen is a map, which is used by reference, so it will be shared
+	// between calls to decode, which is recursive. And unlike a merge, the
+	// same alias can be validly used for different subtrees:
+	// ---
+	// a: &a
+	//   b: c
+	// d:
+	//   da: *a
+	//   db: *a
+	// ...
+	// (d contains two copies of a).
+	// So *a needs to be "unseen" between encoding "da" and "db".
+
+	switch n.Kind {
+	case yaml.ScalarNode:
+		// If we need to parse more kinds of scalar, e.g. !!bool NO, or base-60
+		// integers, this is where we would swap out n.Decode.
+		var v any
+		if err := n.Decode(&v); err != nil {
+			return nil, err
+		}
+		return v, nil
+
+	case yaml.SequenceNode:
+		v := make([]any, 0, len(n.Content))
+		for _, c := range n.Content {
+			cv, err := decodeYAML(seen, c)
+			if err != nil {
+				return nil, err
+			}
+			v = append(v, cv)
+		}
+		return v, nil
+
+	case yaml.MappingNode:
+		m := NewMap[string, any](len(n.Content) / 2)
+		// Why not call m.UnmarshalYAML(n) ?
+		// Because we can't pass `seen` through that.
+		err := rangeYAMLMap(n, func(key string, val *yaml.Node) error {
+			v, err := decodeYAML(seen, val)
+			if err != nil {
+				return err
+			}
+			m.Set(key, v)
+			return nil
+		})
+		if err != nil {
+			return nil, err
+		}
+		return m, nil
+
+	case yaml.AliasNode:
+		// This is one of the two ways this can blow up recursively.
+		// The other (map merges) is handled by rangeMap.
+		return decodeYAML(seen, n.Alias)
+
+	case yaml.DocumentNode:
+		switch len(n.Content) {
+		case 0:
+			return nil, nil
+		case 1:
+			return decodeYAML(seen, n.Content[0])
+		default:
+			return nil, fmt.Errorf("line %d, col %d: document contains more than 1 content item (%d)", n.Line, n.Column, len(n.Content))
+		}
+
+	default:
+		return nil, fmt.Errorf("line %d, col %d: unsupported kind %x", n.Line, n.Column, n.Kind)
+	}
+}
+
+// rangeYAMLMap calls f with each key/value pair in a mapping node.
+// It only supports scalar keys, and converts them to canonical string values.
+// Non-scalar and non-stringable keys result in an error.
+// Because mapping nodes can contain merges from other mapping nodes,
+// potentially via sequence nodes and aliases, this function also accepts
+// sequences and aliases (that must themselves recursively only contain
+// mappings, sequences, and aliases...).
+func rangeYAMLMap(n *yaml.Node, f func(key string, val *yaml.Node) error) error {
+	return rangeYAMLMapImpl(make(map[*yaml.Node]bool), n, f)
+}
+
+// rangeYAMLMapImpl implements rangeYAMLMap. It tracks mapping nodes already
+// merged, to prevent infinite merge loops and avoid unnecessarily merging the
+// same mapping repeatedly.
+func rangeYAMLMapImpl(merged map[*yaml.Node]bool, n *yaml.Node, f func(key string, val *yaml.Node) error) error {
+	// Go-like semantics: no entries in "nil".
+	if n == nil {
+		return nil
+	}
+
+	// If this node has already been merged into the top-level map being ranged,
+	// we don't need to merge it again.
+	if merged[n] {
+		return nil
+	}
+	merged[n] = true
+
+	switch n.Kind {
+	case yaml.MappingNode:
+		// gopkg.in/yaml.v3 parses mapping node contents as a flat list:
+		// key, value, key, value...
+		if len(n.Content)%2 != 0 {
+			return fmt.Errorf("line %d, col %d: mapping node has odd content length %d", n.Line, n.Column, len(n.Content))
+		}
+
+		// Keys at an outer level take precedence over keys being merged:
+		// "its key/value pairs is inserted into the current mapping, unless the
+		// key already exists in it." https://yaml.org/type/merge.html
+		// But we care about key ordering!
+		// This necessitates two passes:
+		// 1. Obtain the keys in this map
+		// 2. Range over the map again, recursing into merges.
+		// While merging, ignore keys in the outer level.
+		// Merges may produce new keys to ignore in subsequent merges:
+		// "Keys in mapping nodes earlier in the sequence override keys
+		// specified in later mapping nodes."
+
+		// 1. A pass to get the keys at this level.
+		keys := make(map[string]bool)
+		for i := 0; i < len(n.Content); i += 2 {
+			k := n.Content[i]
+
+			// Ignore merges in this pass.
+			if k.Tag == "!!merge" {
+				continue
+			}
+
+			// Canonicalise the key into a string and store it.
+			ck, err := canonicalMapKey(k)
+			if err != nil {
+				return err
+			}
+			keys[ck] = true
+		}
+
+		// Ignore existing keys when merging. Record new keys to ignore in
+		// subsequent merges.
+		skipKeys := func(k string, v *yaml.Node) error {
+			if keys[k] {
+				return nil
+			}
+			keys[k] = true
+			return f(k, v)
+		}
+
+		// 2. Range over each pair, recursing into merges.
+		for i := 0; i < len(n.Content); i += 2 {
+			k, v := n.Content[i], n.Content[i+1]
+
+			// Is this pair a merge? (`<<: *foo`)
+			if k.Tag == "!!merge" {
+				// Recursively range over the contents of the value, which
+				// could be an alias to a mapping node, or a sequence of aliases
+				// to mapping nodes, which could themselves contain merges...
+				if err := rangeYAMLMapImpl(merged, v, skipKeys); err != nil {
+					return err
+				}
+				continue
+			}
+
+			// Canonicalise the key into a string (again).
+			ck, err := canonicalMapKey(k)
+			if err != nil {
+				return err
+			}
+
+			// Yield the canonical key and the value.
+			if err := f(ck, v); err != nil {
+				return err
+			}
+		}
+
+	case yaml.SequenceNode:
+		// Range over each element e in the sequence.
+		for _, e := range n.Content {
+			if err := rangeYAMLMapImpl(merged, e, f); err != nil {
+				return err
+			}
+		}
+
+	case yaml.AliasNode:
+		// Follow the alias and range over that.
+		if err := rangeYAMLMapImpl(merged, n.Alias, f); err != nil {
+			return err
+		}
+
+	default:
+		// TODO: Use %v once yaml.Kind has a String method
+		return fmt.Errorf("line %d, col %d: cannot range over node kind %x", n.Line, n.Column, n.Kind)
+	}
+	return nil
+}
+
+// canonicalMapKey converts a scalar value into a string suitable for use as
+// a map key. YAML expects different representations of the same value, e.g.
+// 0xb and 11, to be equivalent, and therefore a duplicate key. JSON requires
+// all keys to be strings.
+func canonicalMapKey(n *yaml.Node) (string, error) {
+	var x any
+	if err := n.Decode(&x); err != nil {
+		return "", err
+	}
+	if x == nil || n.Tag == "!!null" {
+		// Nulls are not valid JSON keys.
+		return "", fmt.Errorf("line %d, col %d: null not supported as a map key", n.Line, n.Column)
+	}
+	switch n.Tag {
+	case "!!bool":
+		// Canonicalise to true or false.
+		return fmt.Sprintf("%t", x), nil
+	case "!!int":
+		// Canonicalise to decimal.
+		return fmt.Sprintf("%d", x), nil
+	case "!!float":
+		// Canonicalise to scientific notation.
+		// Don't handle Inf or NaN specially, as they will be quoted.
+		return fmt.Sprintf("%e", x), nil
+	default:
+		// Assume the value is already a suitable key.
+		return n.Value, nil
+	}
+}
diff --git a/vendor/github.com/buildkite/agent/v3/internal/pipeline/doc.go b/vendor/github.com/buildkite/agent/v3/internal/pipeline/doc.go
new file mode 100644
index 000000000..28f933594
--- /dev/null
+++ b/vendor/github.com/buildkite/agent/v3/internal/pipeline/doc.go
@@ -0,0 +1,13 @@
+// Package pipeline implements the pieces necessary for the agent to work with
+// pipelines (typically in YAML or JSON form).
+//
+// The pipeline object model (Pipeline, Steps, Plugin, etc) have these caveats:
+//   - It is incomplete: there may be fields accepted by the API that are not
+//     listed. Do not treat Pipeline, CommandStep, etc, as comprehensive
+//     reference guides for how to write a pipeline.
+//   - It normalises: unmarshaling accepts a variety of step forms, but
+//     marshaling back out produces more normalised output. An unmarshal/marshal
+//     round-trip may produce different output.
+//   - It is non-canonical: using the object model does not guarantee that a
+//     pipeline will be accepted by the pipeline upload API.
+package pipeline
diff --git a/vendor/github.com/buildkite/agent/v3/internal/pipeline/interpolate.go b/vendor/github.com/buildkite/agent/v3/internal/pipeline/interpolate.go
new file mode 100644
index 000000000..199e16433
--- /dev/null
+++ b/vendor/github.com/buildkite/agent/v3/internal/pipeline/interpolate.go
@@ -0,0 +1,161 @@
+package pipeline
+
+import (
+	"github.com/buildkite/agent/v3/internal/ordered"
+	"github.com/buildkite/interpolate"
+)
+
+// This file contains helpers for recursively interpolating all the strings in
+// pipeline objects.
+
+// stringTransformer implementations mutate strings.
+type stringTransformer interface {
+	Transform(string) (string, error)
+}
+
+// envInterpolator returns a reusable string transform that replaces
+// variables (${FOO}) with their values from a map.
+type envInterpolator struct {
+	envMap interpolate.Env
+}
+
+// Transform calls interpolate.Interpolate to transform the string.
+func (e envInterpolator) Transform(s string) (string, error) {
+	return interpolate.Interpolate(e.envMap, s)
+}
+
+// selfInterpolater describes types that can interpolate themselves in-place.
+// They can use the string transformer on string fields, or use
+// interpolate{Slice,Map,OrderedMap,Any} on their other contents, to do this.
+type selfInterpolater interface {
+	interpolate(stringTransformer) error
+}
+
+// interpolateAny interpolates (almost) anything in-place. When passed a string,
+// it returns a new string. Anything it doesn't know how to interpolate is
+// returned unaltered.
+func interpolateAny[T any](tf stringTransformer, o T) (T, error) {
+	// The box-typeswitch-unbox dance is required because the Go compiler
+	// has no type switch for type parameters.
+	var err error
+	a := any(o)
+
+	switch t := a.(type) {
+	case selfInterpolater:
+		err = t.interpolate(tf)
+
+	case *string:
+		if t == nil {
+			return o, nil
+		}
+		*t, err = tf.Transform(*t)
+		a = t
+
+	case string:
+		a, err = tf.Transform(t)
+
+	case []any:
+		err = interpolateSlice(tf, t)
+
+	case []string:
+		err = interpolateSlice(tf, t)
+
+	case ordered.Slice:
+		err = interpolateSlice(tf, t)
+
+	case map[string]any:
+		err = interpolateMap(tf, t)
+
+	case map[string]string:
+		err = interpolateMap(tf, t)
+
+	case *ordered.Map[string, any]:
+		err = interpolateOrderedMap(tf, t)
+
+	case *ordered.Map[string, string]:
+		err = interpolateOrderedMap(tf, t)
+
+	default:
+		return o, nil
+	}
+
+	// This happens if T is an interface type and o was interface-nil to begin
+	// with. (You can't type assert interface-nil.)
+	if a == nil {
+		var zt T
+		return zt, err
+	}
+	return a.(T), err
+}
+
+// interpolateSlice applies interpolateAny over any type of slice. Values in the
+// slice are updated in-place.
+func interpolateSlice[E any, S ~[]E](tf stringTransformer, s S) error {
+	for i, e := range s {
+		// It could be a string, so replace the old value with the new.
+		inte, err := interpolateAny(tf, e)
+		if err != nil {
+			return err
+		}
+		s[i] = inte
+	}
+	return nil
+}
+
+// interpolateMapValues applies interpolateAny over the values of any type of
+// map. The map is altered in-place.
+func interpolateMapValues[K comparable, V any, M ~map[K]V](tf stringTransformer, m M) error {
+	for k, v := range m {
+		// V could be string, so be sure to replace the old value with the new.
+		intv, err := interpolateAny(tf, v)
+		if err != nil {
+			return err
+		}
+		m[k] = intv
+	}
+	return nil
+}
+
+// interpolateMap applies interpolateAny over both keys and values of any type
+// of map. The map is altered in-place.
+func interpolateMap[K comparable, V any, M ~map[K]V](tf stringTransformer, m M) error {
+	for k, v := range m {
+		// We interpolate both keys and values.
+		intk, err := interpolateAny(tf, k)
+		if err != nil {
+			return err
+		}
+
+		// V could be string, so be sure to replace the old value with the new.
+		intv, err := interpolateAny(tf, v)
+		if err != nil {
+			return err
+		}
+
+		// If the key changed due to interpolation, delete the old key.
+		if k != intk {
+			delete(m, k)
+		}
+		m[intk] = intv
+	}
+	return nil
+}
+
+// interpolateOrderedMap applies interpolateAny over any type of ordered.Map.
+// The map is altered in-place.
+func interpolateOrderedMap[K comparable, V any](tf stringTransformer, m *ordered.Map[K, V]) error {
+	return m.Range(func(k K, v V) error {
+		// We interpolate both keys and values.
+		intk, err := interpolateAny(tf, k)
+		if err != nil {
+			return err
+		}
+		intv, err := interpolateAny(tf, v)
+		if err != nil {
+			return err
+		}
+
+		m.Replace(k, intk, intv)
+		return nil
+	})
+}
diff --git a/vendor/github.com/buildkite/agent/v3/internal/pipeline/interpolate_matrix.go b/vendor/github.com/buildkite/agent/v3/internal/pipeline/interpolate_matrix.go
new file mode 100644
index 000000000..f420db6a5
--- /dev/null
+++ b/vendor/github.com/buildkite/agent/v3/internal/pipeline/interpolate_matrix.go
@@ -0,0 +1,55 @@
+package pipeline
+
+import (
+	"fmt"
+	"regexp"
+	"strings"
+)
+
+// Match double curly bois containing any whitespace, "matrix", then maybe
+// a dot and a dimension name, ending with any whitespace and closing curlies.
+var matrixTokenRE = regexp.MustCompile(`\{\{\s*matrix(\.[\w-\.]+)?\s*\}\}`)
+
+// matrixInterpolator is a string transform that interpolates matrix tokens.
+type matrixInterpolator struct {
+	replacements map[string]string
+}
+
+// Transform interpolates matrix tokens.
+func (m matrixInterpolator) Transform(src string) (string, error) {
+	var unknown []string
+
+	out := matrixTokenRE.ReplaceAllStringFunc(src, func(s string) string {
+		sub := matrixTokenRE.FindStringSubmatch(s)
+		repl, ok := m.replacements[sub[1]]
+		if !ok {
+			unknown = append(unknown, sub[1])
+		}
+		return repl
+	})
+
+	if len(unknown) > 0 {
+		for i, f := range unknown {
+			unknown[i] = "matrix" + f
+		}
+		return out, fmt.Errorf("unknown matrix tokens in input: %s", strings.Join(unknown, ", "))
+	}
+	return out, nil
+}
+
+// newMatrixInterpolator creates a reusable string transformer that applies
+// matrix interpolation.
+func newMatrixInterpolator(mp MatrixPermutation) matrixInterpolator {
+	replacements := make(map[string]string)
+	for dim, val := range mp {
+		if dim == "" {
+			replacements[""] = val
+		} else {
+			replacements["."+dim] = val
+		}
+	}
+
+	return matrixInterpolator{
+		replacements: replacements,
+	}
+}
diff --git a/vendor/github.com/buildkite/agent/v3/internal/pipeline/json.go b/vendor/github.com/buildkite/agent/v3/internal/pipeline/json.go
new file mode 100644
index 000000000..a28a02e3e
--- /dev/null
+++ b/vendor/github.com/buildkite/agent/v3/internal/pipeline/json.go
@@ -0,0 +1,98 @@
+package pipeline
+
+import (
+	"encoding/json"
+	"fmt"
+	"reflect"
+	"strings"
+
+	"github.com/oleiade/reflections"
+)
+
+// inlineFriendlyMarshalJSON marshals the given object to JSON, but with special handling given to fields tagged with ",inline".
+// This is needed because yaml.v3 has "inline" but encoding/json has no concept of it.
+func inlineFriendlyMarshalJSON(q any) ([]byte, error) {
+	fieldNames, err := reflections.Fields(q)
+	if err != nil {
+		return nil, fmt.Errorf("could not get fields of %T: %w", q, err)
+	}
+
+	var inlineFields map[string]any // no need to pre-allocate, we directly set it if we find inline fields
+	outlineFields := make(map[string]any, len(fieldNames))
+
+	for _, fieldName := range fieldNames {
+		tag, err := reflections.GetFieldTag(q, fieldName, "yaml")
+		if err != nil {
+			return nil, fmt.Errorf("could not get yaml tag of %T.%s: %w", q, fieldName, err)
+		}
+
+		switch tag {
+		case "-":
+			continue
+
+		case ",inline":
+			inlineFieldsValue, err := reflections.GetField(q, fieldName)
+			if err != nil {
+				return nil, fmt.Errorf("could not get inline fields value of %T.%s: %w", q, fieldName, err)
+			}
+
+			if inf, ok := inlineFieldsValue.(map[string]any); ok {
+				inlineFields = inf
+			} else {
+				return nil, fmt.Errorf("inline fields value of %T.%s must be a map[string]any, was %T instead", q, fieldName, inlineFieldsValue)
+			}
+
+		default:
+			fieldValue, err := reflections.GetField(q, fieldName)
+			if err != nil {
+				return nil, fmt.Errorf("could not get value of %T.%s: %w", q, fieldName, err)
+			}
+
+			tags := strings.Split(tag, ",")
+			keyName := tags[0] // e.g. "foo,omitempty" -> "foo"
+			if len(tags) > 1 && tags[1] == "omitempty" && isEmptyValue(fieldValue) {
+				continue
+			}
+
+			outlineFields[keyName] = fieldValue
+		}
+	}
+
+	allFields := make(map[string]any, len(outlineFields)+len(inlineFields))
+
+	for k, v := range inlineFields {
+		allFields[k] = v
+	}
+
+	// "outline" (non-inline) fields should take precedence over inline fields
+	for k, v := range outlineFields {
+		allFields[k] = v
+	}
+
+	return json.Marshal(allFields)
+}
+
+// stolen from encoding/json
+func isEmptyValue(q any) bool {
+	if q == nil { // not stolen from encoding/json, but oddly missing from it?
+		return true
+	}
+
+	v := reflect.ValueOf(q)
+
+	switch v.Kind() {
+	case reflect.Array, reflect.Map, reflect.Slice, reflect.String:
+		return v.Len() == 0
+	case reflect.Bool:
+		return !v.Bool()
+	case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64:
+		return v.Int() == 0
+	case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr:
+		return v.Uint() == 0
+	case reflect.Float32, reflect.Float64:
+		return v.Float() == 0
+	case reflect.Interface, reflect.Pointer:
+		return v.IsNil()
+	}
+	return false
+}
diff --git a/vendor/github.com/buildkite/agent/v3/internal/pipeline/parser.go b/vendor/github.com/buildkite/agent/v3/internal/pipeline/parser.go
new file mode 100644
index 000000000..b8b3334e6
--- /dev/null
+++ b/vendor/github.com/buildkite/agent/v3/internal/pipeline/parser.go
@@ -0,0 +1,32 @@
+package pipeline
+
+import (
+	"errors"
+	"io"
+	"strings"
+
+	"github.com/buildkite/agent/v3/internal/ordered"
+	"gopkg.in/yaml.v3"
+)
+
+// Parse parses a pipeline. It does not apply interpolation.
+func Parse(src io.Reader) (*Pipeline, error) {
+	// First get yaml.v3 to give us a raw document (*yaml.Node).
+	n := new(yaml.Node)
+	if err := yaml.NewDecoder(src).Decode(n); err != nil {
+		return nil, formatYAMLError(err)
+	}
+
+	// Instead of unmarshalling into structs, which is easy-ish to use but
+	// doesn't work with some non YAML 1.2 features (merges), decode the
+	// *yaml.Node into *ordered.Map, []any, or any (recursively).
+	// This resolves aliases and merges and gives a more convenient form to work
+	// with when handling different structural representations of the same
+	// configuration. Then decode _that_ into a pipeline.
+	p := new(Pipeline)
+	return p, ordered.Unmarshal(n, p)
+}
+
+func formatYAMLError(err error) error {
+	return errors.New(strings.TrimPrefix(err.Error(), "yaml: "))
+}
diff --git a/vendor/github.com/buildkite/agent/v3/internal/pipeline/pipeline.go b/vendor/github.com/buildkite/agent/v3/internal/pipeline/pipeline.go
new file mode 100644
index 000000000..ae4e15599
--- /dev/null
+++ b/vendor/github.com/buildkite/agent/v3/internal/pipeline/pipeline.go
@@ -0,0 +1,131 @@
+package pipeline
+
+import (
+	"fmt"
+
+	"github.com/buildkite/agent/v3/env"
+	"github.com/buildkite/agent/v3/internal/ordered"
+	"github.com/buildkite/agent/v3/tracetools"
+	"github.com/buildkite/interpolate"
+	"github.com/lestrrat-go/jwx/v2/jwk"
+)
+
+// Pipeline models a pipeline.
+//
+// Standard caveats apply - see the package comment.
+type Pipeline struct {
+	Steps Steps          `yaml:"steps"`
+	Env   *ordered.MapSS `yaml:"env,omitempty"`
+
+	// RemainingFields stores any other top-level mapping items so they at least
+	// survive an unmarshal-marshal round-trip.
+	RemainingFields map[string]any `yaml:",inline"`
+}
+
+// MarshalJSON marshals a pipeline to JSON. Special handling is needed because
+// yaml.v3 has "inline" but encoding/json has no concept of it.
+func (p *Pipeline) MarshalJSON() ([]byte, error) {
+	return inlineFriendlyMarshalJSON(p)
+}
+
+// UnmarshalOrdered unmarshals the pipeline from either []any (a legacy
+// sequence of steps) or *ordered.MapSA (a modern pipeline configuration).
+func (p *Pipeline) UnmarshalOrdered(o any) error {
+	switch o := o.(type) {
+	case *ordered.MapSA:
+		// A pipeline can be a mapping.
+		// Wrap in a secret type to avoid infinite recursion between this method
+		// and ordered.Unmarshal.
+		type wrappedPipeline Pipeline
+		if err := ordered.Unmarshal(o, (*wrappedPipeline)(p)); err != nil {
+			return fmt.Errorf("unmarshaling Pipeline: %w", err)
+		}
+
+	case []any:
+		// A pipeline can be a sequence of steps.
+		if err := ordered.Unmarshal(o, &p.Steps); err != nil {
+			return fmt.Errorf("unmarshaling steps: %w", err)
+		}
+
+	default:
+		return fmt.Errorf("unmarshaling Pipeline: unsupported type %T, want either *ordered.Map[string, any] or []any", o)
+	}
+
+	// Ensure Steps is never nil. Server side expects a sequence.
+	if p.Steps == nil {
+		p.Steps = Steps{}
+	}
+	return nil
+}
+
+// Interpolate interpolates variables defined in both envMap and p.Env into the
+// pipeline.
+// More specifically, it does these things:
+//   - Copy tracing context keys from envMap into pipeline.Env.
+//   - Interpolate pipeline.Env and copy the results into envMap to apply later.
+//   - Interpolate any string value in the rest of the pipeline.
+func (p *Pipeline) Interpolate(envMap *env.Environment) error {
+	if envMap == nil {
+		envMap = env.New()
+	}
+
+	// Propagate distributed tracing context to the new pipelines if available
+	if tracing, has := envMap.Get(tracetools.EnvVarTraceContextKey); has {
+		if p.Env == nil {
+			p.Env = ordered.NewMap[string, string](1)
+		}
+		p.Env.Set(tracetools.EnvVarTraceContextKey, tracing)
+	}
+
+	// Preprocess any env that are defined in the top level block and place them
+	// into env for later interpolation into the rest of the pipeline.
+	if err := p.interpolateEnvBlock(envMap); err != nil {
+		return err
+	}
+
+	tf := envInterpolator{envMap: envMap}
+
+	// Recursively go through the rest of the pipeline and perform environment
+	// variable interpolation on strings. Interpolation is performed in-place.
+	if err := interpolateSlice(tf, p.Steps); err != nil {
+		return err
+	}
+	return interpolateMap(tf, p.RemainingFields)
+}
+
+// interpolateEnvBlock runs interpolate.Interpolate on each pair in p.Env,
+// interpolating with the variables defined in envMap, and then adding the
+// results back into both p.Env and envMap. Each environment variable can
+// be interpolated into later environment variables, making the input ordering
+// of p.Env potentially important.
+func (p *Pipeline) interpolateEnvBlock(envMap *env.Environment) error {
+	return p.Env.Range(func(k, v string) error {
+		// We interpolate both keys and values.
+		intk, err := interpolate.Interpolate(envMap, k)
+		if err != nil {
+			return err
+		}
+
+		// v is always a string in this case.
+		intv, err := interpolate.Interpolate(envMap, v)
+		if err != nil {
+			return err
+		}
+
+		p.Env.Replace(k, intk, intv)
+
+		// Bonus part for the env block!
+		// Add the results back into envMap.
+		envMap.Set(intk, intv)
+		return nil
+	})
+}
+
+// Sign signs each signable part of the pipeline. Currently this is limited to
+// command steps (including command steps within group steps), including all
+// plugin configurations and the pipeline "env". Parts of the pipeline are
+// mutated directly, so an error part-way through may leave some steps
+// un-signed.
+func (p *Pipeline) Sign(key jwk.Key, inv *PipelineInvariants) error {
+	return p.Steps.sign(key, p.Env.ToMap(), inv)
+}
diff --git a/vendor/github.com/buildkite/agent/v3/internal/pipeline/pipeline_invariants.go b/vendor/github.com/buildkite/agent/v3/internal/pipeline/pipeline_invariants.go
new file mode 100644
index 000000000..2ccf2a4b2
--- /dev/null
+++ b/vendor/github.com/buildkite/agent/v3/internal/pipeline/pipeline_invariants.go
@@ -0,0 +1,82 @@
+package pipeline
+
+import (
+	"fmt"
+	"strings"
+)
+
+type PipelineInvariants struct {
+	OrganizationSlug string
+	PipelineSlug     string
+	Repository       string
+}
+
+var _ SignedFielder = (*CommandStepWithPipelineInvariants)(nil)
+
+type CommandStepWithPipelineInvariants struct {
+	CommandStep
+	PipelineInvariants
+}
+
+// SignedFields returns the default fields for signing.
+func (c *CommandStepWithPipelineInvariants) SignedFields() (map[string]any, error) {
+	return map[string]any{
+		"command":             c.Command,
+		"env":                 c.Env,
+		"plugins":             c.Plugins,
+		"matrix":              c.Matrix,
+		"pipeline_invariants": c.PipelineInvariants,
+	}, nil
+}
+
+// ValuesForFields returns the contents of fields to sign.
+func (c *CommandStepWithPipelineInvariants) ValuesForFields(fields []string) (map[string]any, error) {
+	// Make a set of required fields. As fields is processed, mark them off by
+	// deleting them.
+	required := map[string]struct{}{
+		"command":             {},
+		"env":                 {},
+		"plugins":             {},
+		"matrix":              {},
+		"pipeline_invariants": {},
+	}
+
+	out := make(map[string]any, len(fields))
+	for _, f := range fields {
+		delete(required, f)
+
+		switch f {
+		case "command":
+			out["command"] = c.Command
+
+		case "env":
+			out["env"] = c.Env
+
+		case "plugins":
+			out["plugins"] = c.Plugins
+
+		case "matrix":
+			out["matrix"] = c.Matrix
+
+		case "pipeline_invariants":
+			out["pipeline_invariants"] = c.PipelineInvariants
+
+		default:
+			// All env:: values come from outside the step.
+			if strings.HasPrefix(f, EnvNamespacePrefix) {
+				break
+			}
+
+			return nil, fmt.Errorf("unknown or unsupported field for signing %q", f)
+		}
+	}
+
+	if len(required) > 0 {
+		missing := make([]string, 0, len(required))
+		for k := range required {
+			missing = append(missing, k)
+		}
+		return nil, fmt.Errorf("one or more required fields are not present: %v", missing)
+	}
+	return out, nil
+}
diff --git a/vendor/github.com/buildkite/agent/v3/internal/pipeline/plugin.go b/vendor/github.com/buildkite/agent/v3/internal/pipeline/plugin.go
new file mode 100644
index 000000000..670c52902
--- /dev/null
+++ b/vendor/github.com/buildkite/agent/v3/internal/pipeline/plugin.go
@@ -0,0 +1,112 @@
+package pipeline
+
+import (
+	"encoding/json"
+	"net/url"
+	"path"
+	"strings"
+
+	"gopkg.in/yaml.v3"
+)
+
+var (
+	_ interface {
+		json.Marshaler
+		yaml.Marshaler
+		selfInterpolater
+	} = (*Plugin)(nil)
+)
+
+// Plugin models plugin configuration.
+//
+// Standard caveats apply - see the package comment.
+type Plugin struct {
+	Source string
+	Config any
+}
+
+// MarshalJSON returns the plugin in "one-key object" form, or "single string"
+// form (no config, only plugin source). Plugin sources are marshalled into "full"
+// form.
+func (p *Plugin) MarshalJSON() ([]byte, error) {
+	// NB: MarshalYAML (as seen below) never returns an error.
+	o, _ := p.MarshalYAML()
+	return json.Marshal(o)
+}
+
+// MarshalYAML returns the plugin in either "one-item map" form, or "scalar"
+// form (no config, only plugin source). Plugin sources are marshalled into "full"
+// form.
+func (p *Plugin) MarshalYAML() (any, error) {
+	if p.Config == nil {
+		return p.FullSource(), nil
+	}
+
+	return map[string]any{
+		p.FullSource(): p.Config,
+	}, nil
+}
+
+// FullSource attempts to canonicalise Source. If it fails, it returns Source
+// unaltered. Otherwise, it resolves sources in a manner described at
+// https://buildkite.com/docs/plugins/using#plugin-sources.
+func (p *Plugin) FullSource() string {
+	if p.Source == "" {
+		return ""
+	}
+
+	// Looks like an absolute or relative file path.
+	if strings.HasPrefix(p.Source, "/") || strings.HasPrefix(p.Source, ".") || strings.HasPrefix(p.Source, `\`) {
+		return p.Source
+	}
+
+	u, err := url.Parse(p.Source)
+	if err != nil {
+		return p.Source
+	}
+
+	// They wrote something like ssh://..., https://..., or C:\...
+	// in which case they _mean it_.
+	if u.Scheme != "" || u.Opaque != "" {
+		return p.Source
+	}
+
+	// thing      => thing-buildkite-plugin
+	// thing#main => thing-buildkite-plugin#main
+	lastSegment := func(n, f string) string {
+		n += "-buildkite-plugin"
+		if f == "" {
+			return n
+		}
+		return n + "#" + f
+	}
+
+	paths := strings.Split(strings.TrimPrefix(u.Path, "/"), "/")
+	switch len(paths) {
+	case 1:
+		// trimmed path contained no slash
+		return path.Join("github.com", "buildkite-plugins", lastSegment(paths[0], u.Fragment))
+
+	case 2:
+		// trimmed path contained one slash
+		return path.Join("github.com", paths[0], lastSegment(paths[1], u.Fragment))
+
+	default:
+		// trimmed path contained more than one slash - apply no smarts
+		return p.Source
+	}
+}
+
+func (p *Plugin) interpolate(tf stringTransformer) error {
+	name, err := tf.Transform(p.Source)
+	if err != nil {
+		return err
+	}
+	cfg, err := interpolateAny(tf, p.Config)
+	if err != nil {
+		return err
+	}
+	p.Source = name
+	p.Config = cfg
+	return nil
+}
diff --git a/vendor/github.com/buildkite/agent/v3/internal/pipeline/plugins.go b/vendor/github.com/buildkite/agent/v3/internal/pipeline/plugins.go
new file mode 100644
index 000000000..790cd595f
--- /dev/null
+++ b/vendor/github.com/buildkite/agent/v3/internal/pipeline/plugins.go
@@ -0,0 +1,106 @@
+package pipeline
+
+import (
+	"encoding/json"
+	"fmt"
+
+	"github.com/buildkite/agent/v3/internal/ordered"
+	"gopkg.in/yaml.v3"
+)
+
+var _ interface {
+	json.Unmarshaler
+	ordered.Unmarshaler
+} = (*Plugins)(nil)
+
+// Plugins is a sequence of plugins. It is useful for unmarshaling.
+type Plugins []*Plugin
+
+// UnmarshalOrdered unmarshals Plugins from either
+//   - []any - originally a sequence of "one-item mappings" (normal form), or
+//   - *ordered.MapSA - a mapping (where order is important...non-normal form).
+//
+// "plugins" is supposed to be a sequence of one-item maps, since order matters.
+// But some people (even us) write plugins into one big mapping and rely on
+// order preservation.
+func (p *Plugins) UnmarshalOrdered(o any) error {
+	// Whether processing one big map, or a sequence of small maps, the central
+	// part remains the same.
+	// Parse each "key: value" as "name: config", then append in order.
+	unmarshalMap := func(m *ordered.MapSA) error {
+		return m.Range(func(k string, v any) error {
+			// ToMapRecursive demolishes any ordering within the plugin config.
+			// This is needed because the backend likes to reorder the keys,
+			// and for signing we need the JSON form to be stable.
+			plugin := &Plugin{
+				Source: k,
+				Config: ordered.ToMapRecursive(v),
+			}
+			*p = append(*p, plugin)
+			return nil
+		})
+	}
+
+	switch o := o.(type) {
+	case nil:
+		// Someone wrote `plugins: null` (possibly us).
+		*p = nil
+		return nil
+
+	case []any:
+		for _, c := range o {
+			switch ct := c.(type) {
+			case *ordered.MapSA:
+				// Typical case:
+				//
+				// plugins:
+				//   - plugin#1.0.0:
+				//       config: config, etc
+				if err := unmarshalMap(ct); err != nil {
+					return err
+				}
+
+			case string:
+				// Less typical, but supported:
+				//
+				// plugins:
+				//   - plugin#1.0.0
+				// (no config, only plugin)
+				*p = append(*p, &Plugin{
+					Source: ct,
+					Config: nil,
+				})
+
+			default:
+				return fmt.Errorf("unmarshaling plugins: plugin type %T, want *ordered.Map[string, any] or string", c)
+			}
+		}
+
+	case *ordered.MapSA:
+		// Legacy form:
+		//
+		// plugins:
+		//   plugin#1.0.0:
+		//     config: config, etc
+		//   otherplugin#2.0.0:
+		//     etc
+		if err := unmarshalMap(o); err != nil {
+			return err
+		}
+
+	default:
+		return fmt.Errorf("unmarshaling plugins: got %T, want []any or *ordered.Map[string, any]", o)
+
+	}
+	return nil
+}
+
+// UnmarshalJSON is used mainly to normalise the BUILDKITE_PLUGINS env var.
+func (p *Plugins) UnmarshalJSON(b []byte) error {
+	// JSON is just a specific kind of YAML.
+	var n yaml.Node
+	if err := yaml.Unmarshal(b, &n); err != nil {
+		return err
+	}
+	return ordered.Unmarshal(&n, &p)
+}
diff --git a/vendor/github.com/buildkite/agent/v3/internal/pipeline/sign.go b/vendor/github.com/buildkite/agent/v3/internal/pipeline/sign.go
new file mode 100644
index 000000000..6f26356f8
--- /dev/null
+++ b/vendor/github.com/buildkite/agent/v3/internal/pipeline/sign.go
@@ -0,0 +1,185 @@
+package pipeline
+
+import (
+	"encoding/json"
+	"errors"
+	"fmt"
+	"sort"
+
+	"github.com/gowebpki/jcs"
+	"github.com/lestrrat-go/jwx/v2/jwk"
+	"github.com/lestrrat-go/jwx/v2/jws"
+)
+
+// EnvNamespacePrefix is the string that prefixes all fields in the "env"
+// namespace. This is used to separate signed data that came from the
+// environment from data that came from an object.
+const EnvNamespacePrefix = "env::"
+
+// Signature models a signature (on a step, etc).
+type Signature struct {
+	Algorithm    string   `json:"algorithm" yaml:"algorithm"`
+	SignedFields []string `json:"signed_fields" yaml:"signed_fields"`
+	Value        string   `json:"value" yaml:"value"`
+}
+
+// SignedFielder describes types that can be signed and have signatures
+// verified.
+// Converting non-string fields into strings (in a stable, canonical way) is an
+// exercise left to the implementer.
+type SignedFielder interface {
+	// SignedFields returns the default set of fields to sign, and their values.
+	// This is called by Sign.
+	SignedFields() (map[string]any, error)
+
+	// ValuesForFields looks up each field and produces a map of values. This is
+	// called by Verify. The set of fields might differ from the default, e.g.
+	// when verifying older signatures computed with fewer fields or deprecated
+	// field names. signedFielder implementations should reject requests for
+	// values if "mandatory" fields are missing (e.g. signing a command step
+	// should always sign the command).
+	ValuesForFields([]string) (map[string]any, error)
+}
+
+// Sign computes a new signature for an environment (env) combined with an
+// object containing values (sf) using a given key.
+func Sign(
+	key jwk.Key,
+	env map[string]string,
+	sf SignedFielder,
+) (*Signature, error) {
+	values, err := sf.SignedFields()
+	if err != nil {
+		return nil, err
+	}
+	if len(values) == 0 {
+		return nil, errors.New("no fields to sign")
+	}
+
+	// Step env overrides pipeline and build env:
+	// https://buildkite.com/docs/tutorials/pipeline-upgrade#what-is-the-yaml-steps-editor-compatibility-issues
+	// (Beware of inconsistent docs written in the time of legacy steps.)
+	// So if the thing we're signing has an env map, use it to exclude pipeline
+	// vars from signing.
+	objEnv, _ := values["env"].(map[string]string)
+
+	// Namespace the env values and include them in the values to sign.
+	for k, v := range env {
+		if _, has := objEnv[k]; has {
+			continue
+		}
+		values[EnvNamespacePrefix+k] = v
+	}
+
+	// Extract the names of the fields.
+	fields := make([]string, 0, len(values))
+	for field := range values {
+		fields = append(fields, field)
+	}
+	sort.Strings(fields)
+
+	payload, err := canonicalPayload(key.Algorithm().String(), values)
+	if err != nil {
+		return nil, err
+	}
+
+	sig, err := jws.Sign(nil,
+		jws.WithKey(key.Algorithm(), key),
+		jws.WithDetachedPayload(payload),
+		jws.WithCompact(),
+	)
+	if err != nil {
+		return nil, err
+	}
+
+	return &Signature{
+		Algorithm:    key.Algorithm().String(),
+		SignedFields: fields,
+		Value:        string(sig),
+	}, nil
+}
+
+// Verify verifies an existing signature against environment (env) combined with
+// an object containing values (sf) using keys from a keySet.
+func (s *Signature) Verify(
+	keySet jwk.Set,
+	env map[string]string,
+	sf SignedFielder,
+) error {
+	if len(s.SignedFields) == 0 {
+		return errors.New("signature covers no fields")
+	}
+
+	// Ask the object for values for all fields.
+	values, err := sf.ValuesForFields(s.SignedFields)
+	if err != nil {
+		return fmt.Errorf("obtaining values for fields: %w", err)
+	}
+
+	// See Sign above for why we need special handling for step env.
+	objEnv, _ := values["env"].(map[string]string)
+
+	// Namespace the env values and include them in the values to sign.
+	for k, v := range env {
+		if _, has := objEnv[k]; has {
+			continue
+		}
+		values[EnvNamespacePrefix+k] = v
+	}
+
+	// env:: fields that were signed are all required from the env map.
+	// We can't verify other env vars though - they can vary for lots of reasons
+	// (e.g. Buildkite-provided vars added by the backend.)
+	// This is still strong enough for a user to enforce any particular env var
+	// exists and has a particular value - make it a part of the pipeline or
+	// step env.
+	required, err := requireKeys(values, s.SignedFields)
+	if err != nil {
+		return fmt.Errorf("obtaining required keys: %w", err)
+	}
+
+	payload, err := canonicalPayload(s.Algorithm, required)
+	if err != nil {
+		return err
+	}
+
+	_, err = jws.Verify([]byte(s.Value),
+		jws.WithKeySet(keySet),
+		jws.WithDetachedPayload(payload),
+	)
+	return err
+}
+
+// canonicalPayload returns a unique sequence of bytes representing the given
+// algorithm and values using JCS (RFC 8785).
+func canonicalPayload(alg string, values map[string]any) ([]byte, error) {
+	rawPayload, err := json.Marshal(struct {
+		Algorithm string         `json:"alg"`
+		Values    map[string]any `json:"values"`
+	}{
+		Algorithm: alg,
+		Values:    values,
+	})
+	if err != nil {
+		return nil, fmt.Errorf("marshaling JSON: %w", err)
+	}
+	payload, err := jcs.Transform(rawPayload)
+	if err != nil {
+		return nil, fmt.Errorf("canonicalising JSON: %w", err)
+	}
+	return payload, nil
+}
+
+// requireKeys returns a copy of a map containing only keys from a []string.
+// An error is returned if any keys are missing from the map.
+func requireKeys[K comparable, V any, M ~map[K]V](in M, keys []K) (M, error) {
+	out := make(M, len(keys))
+	for _, k := range keys {
+		v, ok := in[k]
+		if !ok {
+			return nil, fmt.Errorf("missing key %v", k)
+		}
+		out[k] = v
+	}
+	return out, nil
+}
diff --git a/vendor/github.com/buildkite/agent/v3/internal/pipeline/step.go b/vendor/github.com/buildkite/agent/v3/internal/pipeline/step.go
new file mode 100644
index 000000000..0c1e44d73
--- /dev/null
+++ b/vendor/github.com/buildkite/agent/v3/internal/pipeline/step.go
@@ -0,0 +1,13 @@
+package pipeline
+
+// Step models a step in the pipeline. It will be a pointer to one of:
+// - CommandStep
+// - WaitStep
+// - InputStep
+// - TriggerStep
+// - GroupStep
+type Step interface {
+	stepTag() // allow only the step types below
+
+	selfInterpolater
+}
diff --git a/vendor/github.com/buildkite/agent/v3/internal/pipeline/step_command.go b/vendor/github.com/buildkite/agent/v3/internal/pipeline/step_command.go
new file mode 100644
index 000000000..40b5c42c6
--- /dev/null
+++ b/vendor/github.com/buildkite/agent/v3/internal/pipeline/step_command.go
@@ -0,0 +1,125 @@
+package pipeline
+
+import (
+	"encoding/json"
+	"fmt"
+	"strings"
+
+	"github.com/buildkite/agent/v3/internal/ordered"
+	"gopkg.in/yaml.v3"
+)
+
+var _ interface {
+	json.Marshaler
+	json.Unmarshaler
+	ordered.Unmarshaler
+} = (*CommandStep)(nil)
+
+// CommandStep models a command step.
+//
+// Standard caveats apply - see the package comment.
+type CommandStep struct {
+	Command   string            `yaml:"command"`
+	Plugins   Plugins           `yaml:"plugins,omitempty"`
+	Env       map[string]string `yaml:"env,omitempty"`
+	Signature *Signature        `yaml:"signature,omitempty"`
+	Matrix    *Matrix           `yaml:"matrix,omitempty"`
+
+	// RemainingFields stores any other top-level mapping items so they at least
+	// survive an unmarshal-marshal round-trip.
+	RemainingFields map[string]any `yaml:",inline"`
+}
+
+// MarshalJSON marshals the step to JSON. Special handling is needed because
+// yaml.v3 has "inline" but encoding/json has no concept of it.
+func (c *CommandStep) MarshalJSON() ([]byte, error) {
+	return inlineFriendlyMarshalJSON(c)
+}
+
+// UnmarshalJSON is used when unmarshalling an individual step directly, e.g.
+// from the Agent API Accept Job.
+func (c *CommandStep) UnmarshalJSON(b []byte) error {
+	// JSON is just a specific kind of YAML.
+	var n yaml.Node
+	if err := yaml.Unmarshal(b, &n); err != nil {
+		return err
+	}
+	return ordered.Unmarshal(&n, &c)
+}
+
+// UnmarshalOrdered unmarshals a command step from an ordered map.
+func (c *CommandStep) UnmarshalOrdered(src any) error {
+	type wrappedCommand CommandStep
+	// Unmarshal into this secret type, then process special fields specially.
+	fullCommand := new(struct {
+		Command  []string `yaml:"command"`
+		Commands []string `yaml:"commands"`
+
+		// Use inline trickery to capture the rest of the struct.
+		Rem *wrappedCommand `yaml:",inline"`
+	})
+	fullCommand.Rem = (*wrappedCommand)(c)
+	if err := ordered.Unmarshal(src, fullCommand); err != nil {
+		return fmt.Errorf("unmarshalling CommandStep: %w", err)
+	}
+
+	// Normalise cmds into one single command string.
+	// This makes signing easier later on - it's easier to hash one
+	// string consistently than it is to pick apart multiple strings
+	// in a consistent way in order to hash all of them
+	// consistently.
+	cmds := append(fullCommand.Command, fullCommand.Commands...)
+	c.Command = strings.Join(cmds, "\n")
+	return nil
+}
+
+// InterpolateMatrixPermutation validates and then interpolates the choice of
+// matrix values into the step. This should only be used in order to validate
+// a job that's about to be run, and not used before pipeline upload.
+func (c *CommandStep) InterpolateMatrixPermutation(mp MatrixPermutation) error {
+	if err := c.Matrix.validatePermutation(mp); err != nil {
+		return err
+	}
+	if len(mp) == 0 {
+		return nil
+	}
+	return c.interpolate(newMatrixInterpolator(mp))
+}
+
+func (c *CommandStep) interpolate(tf stringTransformer) error {
+	cmd, err := tf.Transform(c.Command)
+	if err != nil {
+		return err
+	}
+	c.Command = cmd
+
+	if err := interpolateSlice(tf, c.Plugins); err != nil {
+		return err
+	}
+
+	switch tf.(type) {
+	case envInterpolator:
+		if err := interpolateMap(tf, c.Env); err != nil {
+			return err
+		}
+		if c.Matrix, err = interpolateAny(tf, c.Matrix); err != nil {
+			return err
+		}
+
+	case matrixInterpolator:
+		// Matrix interpolation doesn't apply to env keys.
+		if err := interpolateMapValues(tf, c.Env); err != nil {
+			return err
+		}
+	}
+
+	// NB: Do not interpolate Signature.
+
+	if err := interpolateMap(tf, c.RemainingFields); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (CommandStep) stepTag() {}
diff --git a/vendor/github.com/buildkite/agent/v3/internal/pipeline/step_command_matrix.go b/vendor/github.com/buildkite/agent/v3/internal/pipeline/step_command_matrix.go
new file mode 100644
index 000000000..a37c12ce7
--- /dev/null
+++ b/vendor/github.com/buildkite/agent/v3/internal/pipeline/step_command_matrix.go
@@ -0,0 +1,365 @@
+package pipeline
+
+import (
+	"encoding/json"
+	"errors"
+	"fmt"
+
+	"github.com/buildkite/agent/v3/internal/ordered"
+	"gopkg.in/yaml.v3"
+)
+
+var (
+	_ interface {
+		json.Marshaler
+		ordered.Unmarshaler
+		yaml.Marshaler
+		selfInterpolater
+	} = (*Matrix)(nil)
+
+	_ interface {
+		json.Marshaler
+		selfInterpolater
+	} = (*MatrixAdjustment)(nil)
+
+	_ = []interface {
+		json.Marshaler
+		ordered.Unmarshaler
+		yaml.Marshaler
+	}{
+		(*MatrixSetup)(nil),
+		(*MatrixAdjustmentWith)(nil),
+	}
+)
+
+var (
+	errNilMatrix                   = errors.New("non-empty permutation but matrix is nil")
+	errPermutationLengthMismatch   = errors.New("permutation has wrong length")
+	errPermutationUnknownDimension = errors.New("permutation has unknown dimension")
+	errAdjustmentLengthMismatch    = errors.New("adjustment has wrong length")
+	errAdjustmentUnknownDimension  = errors.New("adjustment has unknown dimension")
+	errPermutationSkipped          = errors.New("permutation is skipped by adjustment")
+	errPermutationNoMatch          = errors.New("permutation is neither a valid matrix combination nor an adjustment")
+)
+
+// Matrix models the matrix specification for command steps.
+type Matrix struct {
+	Setup       MatrixSetup       `yaml:"setup"`
+	Adjustments MatrixAdjustments `yaml:"adjustments,omitempty"`
+
+	RemainingFields map[string]any `yaml:",inline"`
+}
+
+// UnmarshalOrdererd unmarshals from either []any or *ordered.MapSA.
+func (m *Matrix) UnmarshalOrdered(o any) error {
+	switch src := o.(type) {
+	case []any:
+		// Single anonymous dimension matrix, no adjustments.
+		//
+		// matrix:
+		//   - apple
+		//   - 47
+		s := make([]string, 0, len(src))
+		if err := ordered.Unmarshal(src, &s); err != nil {
+			return err
+		}
+		m.Setup = MatrixSetup{"": s}
+
+	case *ordered.MapSA:
+		// Single anonymous dimension, or multiple named dimensions, with or
+		// without adjustments.
+		// Unmarshal into this secret wrapper type to avoid infinite recursion.
+		type wrappedMatrix Matrix
+		if err := ordered.Unmarshal(o, (*wrappedMatrix)(m)); err != nil {
+			return err
+		}
+
+	default:
+		return fmt.Errorf("unsupported src type for Matrix: %T", o)
+	}
+	return nil
+}
+
+// Reports if the matrix is a single anonymous dimension matrix with no
+// adjustments or any other fields. (It's a list of items.)
+func (m *Matrix) isSimple() bool {
+	return len(m.Setup) == 1 && len(m.Setup[""]) != 0 && len(m.Adjustments) == 0 && len(m.RemainingFields) == 0
+}
+
+// MarshalJSON is needed to use inlineFriendlyMarshalJSON, and reduces the
+// representation to a single list if the matrix is simple.
+func (m *Matrix) MarshalJSON() ([]byte, error) {
+	if m.isSimple() {
+		return json.Marshal(m.Setup[""])
+	}
+	return inlineFriendlyMarshalJSON(m)
+}
+
+// MarshalYAML is needed to reduce the representation to a single slice if
+// the matrix is simple.
+func (m *Matrix) MarshalYAML() (any, error) {
+	if m.isSimple() {
+		return m.Setup[""], nil
+	}
+	// Just in case the YAML marshaler tries to call MarshalYAML on the output,
+	// wrap m in a type without a MarshalYAML method.
+	type wrappedMatrix Matrix
+	return (*wrappedMatrix)(m), nil
+}
+
+func (m *Matrix) interpolate(tf stringTransformer) error {
+	if m == nil {
+		return nil
+	}
+	if _, is := tf.(matrixInterpolator); is {
+		// Don't interpolate matrixes into matrixes.
+		return nil
+	}
+	if err := interpolateMap(tf, m.Setup); err != nil {
+		return err
+	}
+	if err := interpolateSlice(tf, m.Adjustments); err != nil {
+		return err
+	}
+	return interpolateMap(tf, m.RemainingFields)
+}
+
+// validatePermutation checks that the permutation is a valid selection of
+// dimension values, including any non-skipped adjustments.
+func (m *Matrix) validatePermutation(p MatrixPermutation) error {
+	if m == nil {
+		if len(p) > 0 {
+			return errNilMatrix
+		}
+		// An empty permutation from a nil matrix...seems fine to me?
+		return nil
+	}
+	if len(p) != len(m.Setup) {
+		return fmt.Errorf("%w: %d != %d", errPermutationLengthMismatch, len(p), len(m.Setup))
+	}
+
+	// Check that the dimensions in the permutation are unique and defined in
+	// the matrix setup.
+	for dim := range p {
+		if len(m.Setup[dim]) == 0 {
+			return fmt.Errorf("%w: %q", errPermutationUnknownDimension, dim)
+		}
+	}
+
+	// Check that the permutation values are in the matrix setup (a basic
+	// permutation). Whether they are or are not, we still check adjustments.
+	valid := true
+	for dim, val := range p {
+		match := false
+		for _, v := range m.Setup[dim] {
+			if val == v {
+				match = true
+				break
+			}
+		}
+		if !match {
+			// Not a basic permutation. It could still be an adjustment though.
+			valid = false
+			break
+		}
+	}
+
+	// Check if the permutation matches any adjustment.
+	for _, adj := range m.Adjustments {
+		// Ensure adj.With has the same size and dimension names as m.Setup.
+		// adj.With is a map so no need to check for repetition.
+		// Because adjustments can introduce new dimension values, only the
+		// names of dimensions are checked.
+		if len(adj.With) != len(m.Setup) {
+			return fmt.Errorf("%w: %d != %d", errAdjustmentLengthMismatch, len(adj.With), len(m.Setup))
+		}
+		for dim := range adj.With {
+			if len(m.Setup[dim]) == 0 {
+				return fmt.Errorf("%w: %q", errAdjustmentUnknownDimension, dim)
+			}
+		}
+
+		// Now we can test whether p == adj.With.
+		match := true
+		for dim, val := range p {
+			if val != adj.With[dim] {
+				match = false
+				break
+			}
+		}
+		if !match {
+			continue
+		}
+
+		if adj.ShouldSkip() {
+			return errPermutationSkipped
+		}
+		// Not skipped, but is an adjustment, so it's valid.
+		// If multiple adjustments have the same permutation, and any of them
+		// have "skip: true", then that applies, so we can't bail early.
+		valid = true
+	}
+
+	if !valid {
+		return errPermutationNoMatch
+	}
+	return nil
+}
+
+// MatrixPermutation represents a possible permutation of a matrix.
+type MatrixPermutation map[string]string
+
+// MatrixSetup is the main setup of a matrix - one or more dimensions. The cross
+// product of the dimensions in the setup produces the base combinations of
+// matrix values.
+type MatrixSetup map[string][]string
+
+// MarshalJSON returns either a list (if the setup is a single anonymous
+// dimension) or an object (if it contains one or more (named) dimensions).
+func (ms MatrixSetup) MarshalJSON() ([]byte, error) {
+	// Note that MarshalYAML (below) always returns nil error.
+	o, _ := ms.MarshalYAML()
+	return json.Marshal(o)
+}
+
+// MarshalYAML returns either a Scalars (if the setup is a single anonymous
+// dimension) or a map (if it contains one or more (named) dimensions).
+func (ms MatrixSetup) MarshalYAML() (any, error) {
+	if len(ms) == 1 && len(ms[""]) > 0 {
+		return ms[""], nil
+	}
+	return map[string][]string(ms), nil
+}
+
+// UnmarshalOrdered unmarshals from either []any or *ordered.MapSA.
+func (ms *MatrixSetup) UnmarshalOrdered(o any) error {
+	if *ms == nil {
+		*ms = make(MatrixSetup)
+	}
+	switch src := o.(type) {
+	case []any:
+		// Single anonymous dimension, but we only get here if its under a setup
+		// key. (Maybe the user wants adjustments for their single dimension.)
+		//
+		// matrix:
+		//   setup:
+		//     - apple
+		//     - 47
+		s := make([]string, 0, len(src))
+		if err := ordered.Unmarshal(src, &s); err != nil {
+			return err
+		}
+		(*ms)[""] = s
+
+	case *ordered.MapSA:
+		// One or more (named) dimensions.
+		// Unmarshal into the underlying type to avoid infinite recursion.
+		if err := ordered.Unmarshal(src, (*map[string][]string)(ms)); err != nil {
+			return err
+		}
+
+	default:
+		return fmt.Errorf("unsupported src type for MatrixSetup: %T", o)
+	}
+	return nil
+}
+
+// MatrixAdjustments is a set of adjustments.
+type MatrixAdjustments []*MatrixAdjustment
+
+// MatrixAdjustment models an adjustment - a combination of (possibly new)
+// matrix values, and skip/soft fail configuration.
+type MatrixAdjustment struct {
+	With MatrixAdjustmentWith `yaml:"with"`
+	Skip any                  `yaml:"skip,omitempty"`
+
+	RemainingFields map[string]any `yaml:",inline"` // NB: soft_fail is in the remaining fields
+}
+
+func (ma *MatrixAdjustment) ShouldSkip() bool {
+	switch s := ma.Skip.(type) {
+	case bool:
+		return s
+
+	case nil:
+		return false
+
+	default:
+		return true
+	}
+}
+
+// MarshalJSON is needed to use inlineFriendlyMarshalJSON.
+func (ma *MatrixAdjustment) MarshalJSON() ([]byte, error) {
+	return inlineFriendlyMarshalJSON(ma)
+}
+
+func (ma *MatrixAdjustment) interpolate(tf stringTransformer) error {
+	if ma == nil {
+		return nil
+	}
+	if err := interpolateMap(tf, ma.With); err != nil {
+		return err
+	}
+	return interpolateMap(tf, ma.RemainingFields)
+}
+
+// MatrixAdjustmentWith is either a map of dimension key -> dimension value,
+// or a single value (for single anonymous dimension matrices).
+type MatrixAdjustmentWith map[string]string
+
+// MarshalJSON returns either a single scalar or an object.
+func (maw MatrixAdjustmentWith) MarshalJSON() ([]byte, error) {
+	// Note that MarshalYAML (below) always returns nil error.
+	o, _ := maw.MarshalYAML()
+	return json.Marshal(o)
+}
+
+// MarshalYAML returns either a single scalar or a map.
+func (maw MatrixAdjustmentWith) MarshalYAML() (any, error) {
+	if _, has := maw[""]; has && len(maw) == 1 {
+		return maw[""], nil
+	}
+	return map[string]string(maw), nil
+}
+
+// UnmarshalOrdered unmarshals from either a scalar value (string, bool, or int)
+// or *ordered.MapSA.
+func (maw *MatrixAdjustmentWith) UnmarshalOrdered(o any) error {
+	if *maw == nil {
+		*maw = make(MatrixAdjustmentWith)
+	}
+
+	switch src := o.(type) {
+	case bool, int, string:
+		// A single scalar.
+		// (This is how you can do adjustments on a single anonymous dimension.)
+		//
+		// matrix:
+		//   setup:
+		//     - apple
+		//     - 47
+		//   adjustments:
+		//     - with: banana
+		//       soft_fail: true
+		(*maw)[""] = fmt.Sprint(src)
+
+	case *ordered.MapSA:
+		// A map of dimension key -> dimension value. (Tuple of dimension value
+		// selections.)
+		return src.Range(func(k string, v any) error {
+			switch vt := v.(type) {
+			case bool, int, string:
+				(*maw)[k] = fmt.Sprint(vt)
+
+			default:
+				return fmt.Errorf("unsupported value type %T in key %q for MatrixAdjustmentsWith", v, k)
+			}
+			return nil
+		})
+
+	default:
+		return fmt.Errorf("unsupported src type for MatrixAdjustmentsWith: %T", o)
+	}
+	return nil
+}
diff --git a/vendor/github.com/buildkite/agent/v3/internal/pipeline/step_group.go b/vendor/github.com/buildkite/agent/v3/internal/pipeline/step_group.go
new file mode 100644
index 000000000..ee136c0a4
--- /dev/null
+++ b/vendor/github.com/buildkite/agent/v3/internal/pipeline/step_group.go
@@ -0,0 +1,57 @@
+package pipeline
+
+import (
+	"fmt"
+
+	"github.com/buildkite/agent/v3/internal/ordered"
+)
+
+// GroupStep models a group step.
+//
+// Standard caveats apply - see the package comment.
+type GroupStep struct {
+	// Group is typically a key with no value. Since it must always exist in
+	// a group step, here it is.
+	Group *string `yaml:"group"`
+
+	Steps Steps `yaml:"steps"`
+
+	// RemainingFields stores any other top-level mapping items so they at least
+	// survive an unmarshal-marshal round-trip.
+	RemainingFields map[string]any `yaml:",inline"`
+}
+
+// UnmarshalOrdered unmarshals a group step from an ordered map.
+func (g *GroupStep) UnmarshalOrdered(src any) error {
+	type wrappedGroup GroupStep
+	if err := ordered.Unmarshal(src, (*wrappedGroup)(g)); err != nil {
+		return fmt.Errorf("unmarshalling GroupStep: %w", err)
+	}
+
+	// Ensure Steps is never nil. Server side expects a sequence.
+	if g.Steps == nil {
+		g.Steps = Steps{}
+	}
+	return nil
+}
+
+func (g *GroupStep) interpolate(tf stringTransformer) error {
+	grp, err := interpolateAny(tf, g.Group)
+	if err != nil {
+		return err
+	}
+	g.Group = grp
+
+	if err := g.Steps.interpolate(tf); err != nil {
+		return err
+	}
+	return interpolateMap(tf, g.RemainingFields)
+}
+
+func (GroupStep) stepTag() {}
+
+// MarshalJSON marshals the step to JSON. Special handling is needed because
+// yaml.v3 has "inline" but encoding/json has no concept of it.
+func (g *GroupStep) MarshalJSON() ([]byte, error) {
+	return inlineFriendlyMarshalJSON(g)
+}
diff --git a/vendor/github.com/buildkite/agent/v3/internal/pipeline/step_input.go b/vendor/github.com/buildkite/agent/v3/internal/pipeline/step_input.go
new file mode 100644
index 000000000..cfe769be1
--- /dev/null
+++ b/vendor/github.com/buildkite/agent/v3/internal/pipeline/step_input.go
@@ -0,0 +1,34 @@
+package pipeline
+
+import (
+	"encoding/json"
+	"errors"
+)
+
+// See the comment in step_scalar.go.
+
+// InputStep models a block or input step.
+//
+// Standard caveats apply - see the package comment.
+type InputStep struct {
+	Scalar   string         `yaml:"-"`
+	Contents map[string]any `yaml:",inline"`
+}
+
+func (s *InputStep) MarshalJSON() ([]byte, error) {
+	if s.Scalar != "" {
+		return json.Marshal(s.Scalar)
+	}
+
+	if len(s.Contents) == 0 {
+		return []byte{}, errors.New("empty input step")
+	}
+
+	return json.Marshal(s.Contents)
+}
+
+func (s InputStep) interpolate(tf stringTransformer) error {
+	return interpolateMap(tf, s.Contents)
+}
+
+func (*InputStep) stepTag() {}
diff --git a/vendor/github.com/buildkite/agent/v3/internal/pipeline/step_scalar.go b/vendor/github.com/buildkite/agent/v3/internal/pipeline/step_scalar.go
new file mode 100644
index 000000000..721ac0254
--- /dev/null
+++ b/vendor/github.com/buildkite/agent/v3/internal/pipeline/step_scalar.go
@@ -0,0 +1,41 @@
+package pipeline
+
+import "fmt"
+
+// In the buildkite pipeline yaml, some step types (broadly, wait steps, input steps and block steps) can be represented
+// either by a scalar string (ie "wait") or by a mapping with keys and values and such
+//
+// This behaviour is difficult to cleanly model in go, which leads to the somewhat odd structure of the structs defined
+// in this file - each type (WaitStep, InputStep) has a Scalar field which is set to the scalar value if the step was
+// if, during pipeline parsing, the step was represented as a scalar, and is left empty if the step was represented as
+// a mapping. In essence, if one of the fields of these structs is filled, the other should be empty.
+//
+// On the unmarshalling side, the differing types is handled by the steps parser - see the unmarshalStep() function in
+// ./steps.go - it infers the underlying type of the thing it's unmarshalling, and if it's a string, calls NewScalarStep()
+// (below) to create the appropriate struct. If it's a mapping, it creates the appropriate struct directly.
+//
+// On the marshalling side, the MarshalJSON() function on each struct handles the different cases. In general, if the
+// Scalar field is set, it marshals that, otherwise it marshals the other fields.
+//
+// In reading this file, you may have noticed that I mentioned that there are three types of step that can be represented
+// as a scalar, but there are only two structs defined here. This is because the third type, block steps, are represented
+// in exactly the same way as input steps, so they can share the same struct. This is liable to change in the future,
+// as conceptually they're different types, and it makes sense to have them as different types in go as well.
+//
+// Also also! The implementations for WaitStep and InputStep **almost**, but not quite identical. This is due to the behaviour
+// of marshalling an empty struct into into JSON. For WaitStep, it makes sense that the empty &WaitStep{} struct marshals
+// to "wait", but with InputStep, there's no way to tell whether it should be marshalled to "input" or "block", which
+// have very different behaviour on the backend.
+
+var validStepScalars = []string{"wait", "waiter", "block", "input", "manual"}
+
+func NewScalarStep(s string) (Step, error) {
+	switch s {
+	case "wait", "waiter":
+		return &WaitStep{Scalar: s}, nil
+	case "block", "input", "manual":
+		return &InputStep{Scalar: s}, nil
+	default:
+		return nil, fmt.Errorf("unmarshaling step: unsupported scalar step type %q, want one of %v", s, validStepScalars)
+	}
+}
diff --git a/vendor/github.com/buildkite/agent/v3/internal/pipeline/step_trigger.go b/vendor/github.com/buildkite/agent/v3/internal/pipeline/step_trigger.go
new file mode 100644
index 000000000..7513b4171
--- /dev/null
+++ b/vendor/github.com/buildkite/agent/v3/internal/pipeline/step_trigger.go
@@ -0,0 +1,23 @@
+package pipeline
+
+import (
+	"encoding/json"
+)
+
+// TriggerStep models a trigger step.
+//
+// Standard caveats apply - see the package comment.
+type TriggerStep struct {
+	Contents map[string]any `yaml:",inline"`
+}
+
+// MarshalJSON marshals the contents of the step.
+func (t TriggerStep) MarshalJSON() ([]byte, error) {
+	return json.Marshal(t.Contents)
+}
+
+func (s TriggerStep) interpolate(tf stringTransformer) error {
+	return interpolateMap(tf, s.Contents)
+}
+
+func (TriggerStep) stepTag() {}
diff --git a/vendor/github.com/buildkite/agent/v3/internal/pipeline/step_unknown.go b/vendor/github.com/buildkite/agent/v3/internal/pipeline/step_unknown.go
new file mode 100644
index 000000000..0b0161515
--- /dev/null
+++ b/vendor/github.com/buildkite/agent/v3/internal/pipeline/step_unknown.go
@@ -0,0 +1,40 @@
+package pipeline
+
+import (
+	"encoding/json"
+)
+
+// UnknownStep models any step we don't know how to represent in this version.
+// When future step types are added, they should be parsed with more specific
+// types. UnknownStep is present to allow older parsers to preserve newer
+// pipelines.
+type UnknownStep struct {
+	Contents any
+}
+
+// MarshalJSON marshals the contents of the step.
+func (u UnknownStep) MarshalJSON() ([]byte, error) {
+	return json.Marshal(u.Contents)
+}
+
+// MarshalYAML returns the contents of the step.
+func (u UnknownStep) MarshalYAML() (any, error) {
+	return u.Contents, nil
+}
+
+// UnmarshalOrdered unmarshals an unknown step.
+func (u *UnknownStep) UnmarshalOrdered(src any) error {
+	u.Contents = src
+	return nil
+}
+
+func (u *UnknownStep) interpolate(tf stringTransformer) error {
+	c, err := interpolateAny(tf, u.Contents)
+	if err != nil {
+		return err
+	}
+	u.Contents = c
+	return nil
+}
+
+func (UnknownStep) stepTag() {}
diff --git a/vendor/github.com/buildkite/agent/v3/internal/pipeline/step_wait.go b/vendor/github.com/buildkite/agent/v3/internal/pipeline/step_wait.go
new file mode 100644
index 000000000..5c7ad2321
--- /dev/null
+++ b/vendor/github.com/buildkite/agent/v3/internal/pipeline/step_wait.go
@@ -0,0 +1,35 @@
+package pipeline
+
+import (
+	"encoding/json"
+)
+
+// See the comment in step_scalar.go.
+
+// WaitStep models a wait step.
+//
+// Standard caveats apply - see the package comment.
+type WaitStep struct {
+	Scalar   string         `yaml:"-"`
+	Contents map[string]any `yaml:",inline"`
+}
+
+// MarshalJSON marshals a wait step as "wait" if w is empty, or as the step's scalar if it's set.
+// If scalar is empty, it marshals as the remaining fields
+func (s *WaitStep) MarshalJSON() ([]byte, error) {
+	if s.Scalar != "" {
+		return json.Marshal(s.Scalar)
+	}
+
+	if len(s.Contents) == 0 {
+		return json.Marshal("wait")
+	}
+
+	return json.Marshal(s.Contents)
+}
+
+func (s *WaitStep) interpolate(tf stringTransformer) error {
+	return interpolateMap(tf, s.Contents)
+}
+
+func (*WaitStep) stepTag() {}
diff --git a/vendor/github.com/buildkite/agent/v3/internal/pipeline/steps.go b/vendor/github.com/buildkite/agent/v3/internal/pipeline/steps.go
new file mode 100644
index 000000000..f0b896ed6
--- /dev/null
+++ b/vendor/github.com/buildkite/agent/v3/internal/pipeline/steps.go
@@ -0,0 +1,170 @@
+package pipeline
+
+import (
+	"errors"
+	"fmt"
+
+	"github.com/buildkite/agent/v3/internal/ordered"
+	"github.com/lestrrat-go/jwx/v2/jwk"
+)
+
+var errSigningRefusedUnknownStepType = errors.New("refusing to sign pipeline containing a step of unknown type, because the pipeline could be incorrectly parsed - please contact support")
+
+// Steps contains multiple steps. It is useful for unmarshaling step sequences,
+// since it has custom logic for determining the correct step type.
+type Steps []Step
+
+// UnmarshalOrdered unmarshals a slice ([]any) into a slice of steps.
+func (s *Steps) UnmarshalOrdered(o any) error {
+	if o == nil {
+		if *s == nil {
+			// `steps: null` is normalised to an empty slice.
+			*s = Steps{}
+		}
+		return nil
+	}
+	sl, ok := o.([]any)
+	if !ok {
+		return fmt.Errorf("unmarshaling steps: got %T, want a slice ([]any)", sl)
+	}
+	// Preallocate slice if not already allocated
+	if *s == nil {
+		*s = make(Steps, 0, len(sl))
+	}
+	for _, st := range sl {
+		step, err := unmarshalStep(st)
+		if err != nil {
+			return err
+		}
+		*s = append(*s, step)
+	}
+	return nil
+}
+
+func (s Steps) interpolate(tf stringTransformer) error {
+	return interpolateSlice(tf, s)
+}
+
+// unmarshalStep unmarshals into the right kind of Step.
+func unmarshalStep(o any) (Step, error) {
+	switch o := o.(type) {
+	case string:
+		step, err := NewScalarStep(o)
+		if err != nil {
+			return &UnknownStep{Contents: o}, nil
+		}
+		return step, nil
+
+	case *ordered.MapSA:
+		return stepFromMap(o)
+
+	default:
+		return nil, fmt.Errorf("unmarshaling step: unsupported type %T", o)
+	}
+}
+
+func stepFromMap(o *ordered.MapSA) (Step, error) {
+	sType, hasType := o.Get("type")
+
+	var step Step
+	var err error
+	if hasType {
+		sTypeStr, ok := sType.(string)
+		if !ok {
+			return nil, fmt.Errorf("unmarshaling step: step's `type` key was %T (value %v), want string", sType, sType)
+		}
+
+		step, err = stepByType(sTypeStr)
+		if err != nil {
+			return nil, fmt.Errorf("unmarshaling step: %w", err)
+		}
+	} else {
+		step, err = stepByKeyInference(o)
+		if err != nil {
+			return nil, fmt.Errorf("unmarshaling step: %w", err)
+		}
+	}
+
+	// Decode the step (into the right step type).
+	if err := ordered.Unmarshal(o, step); err != nil {
+		// Hmm, maybe we picked the wrong kind of step?
+		return &UnknownStep{Contents: o}, nil
+	}
+	return step, nil
+}
+
+func stepByType(sType string) (Step, error) {
+	switch sType {
+	case "command", "script":
+		return new(CommandStep), nil
+	case "wait", "waiter":
+		return &WaitStep{Contents: map[string]any{}}, nil
+	case "block", "input", "manual":
+		return &InputStep{Contents: map[string]any{}}, nil
+	case "trigger":
+		return new(TriggerStep), nil
+	case "group": // as far as i know this doesn't happen, but it's here for completeness
+		return new(GroupStep), nil
+	default:
+		return nil, fmt.Errorf("unknown step type %q", sType)
+	}
+}
+
+func stepByKeyInference(o *ordered.MapSA) (Step, error) {
+	switch {
+	case o.Contains("command") || o.Contains("commands") || o.Contains("plugins"):
+		// NB: Some "command" step are commandless containers that exist
+		// just to run plugins!
+		return new(CommandStep), nil
+
+	case o.Contains("wait") || o.Contains("waiter"):
+		return new(WaitStep), nil
+
+	case o.Contains("block") || o.Contains("input") || o.Contains("manual"):
+		return new(InputStep), nil
+
+	case o.Contains("trigger"):
+		return new(TriggerStep), nil
+
+	case o.Contains("group"):
+		return new(GroupStep), nil
+
+	default:
+		return new(UnknownStep), nil
+	}
+}
+
+// sign adds signatures to each command step (and recursively to any command
+// steps that are within group steps. The steps are mutated directly, so an
+// error part-way through may leave some steps un-signed.
+func (s Steps) sign(key jwk.Key, env map[string]string, pInv *PipelineInvariants) error {
+	for _, step := range s {
+		switch step := step.(type) {
+		case *CommandStep:
+			stepWithInvariants := &CommandStepWithPipelineInvariants{
+				CommandStep:        *step,
+				PipelineInvariants: *pInv,
+			}
+
+			sig, err := Sign(key, env, stepWithInvariants)
+			if err != nil {
+				return fmt.Errorf("signing step with command %q: %w", step.Command, err)
+			}
+			step.Signature = sig
+
+		case *GroupStep:
+			if err := step.Steps.sign(key, env, pInv); err != nil {
+				return fmt.Errorf("signing group step: %w", err)
+			}
+
+		case *UnknownStep:
+			// Presence of an unknown step means we're missing some semantic
+			// information about the pipeline. We could be not signing something
+			// that needs signing. Rather than deferring the problem (so that
+			// signature verification fails when an agent runs jobs) we return
+			// an error now.
+			return errSigningRefusedUnknownStepType
+		}
+	}
+	return nil
+}
diff --git a/vendor/github.com/buildkite/agent/v3/logger/buffer.go b/vendor/github.com/buildkite/agent/v3/logger/buffer.go
index 9aa3b4f8f..84480b751 100644
--- a/vendor/github.com/buildkite/agent/v3/logger/buffer.go
+++ b/vendor/github.com/buildkite/agent/v3/logger/buffer.go
@@ -2,11 +2,13 @@ package logger
 
 import (
 	"fmt"
+	"sync"
 )
 
 // Buffer is a Logger implementation intended for testing;
 // messages are stored internally.
 type Buffer struct {
+	mu       sync.Mutex
 	Messages []string
 }
 
@@ -20,21 +22,33 @@ func NewBuffer() *Buffer {
 }
 
 func (b *Buffer) Debug(format string, v ...any) {
+	b.mu.Lock()
+	defer b.mu.Unlock()
 	b.Messages = append(b.Messages, "[debug] "+fmt.Sprintf(format, v...))
 }
 func (b *Buffer) Error(format string, v ...any) {
+	b.mu.Lock()
+	defer b.mu.Unlock()
 	b.Messages = append(b.Messages, "[error] "+fmt.Sprintf(format, v...))
 }
 func (b *Buffer) Fatal(format string, v ...any) {
+	b.mu.Lock()
+	defer b.mu.Unlock()
 	b.Messages = append(b.Messages, "[fatal] "+fmt.Sprintf(format, v...))
 }
 func (b *Buffer) Notice(format string, v ...any) {
+	b.mu.Lock()
+	defer b.mu.Unlock()
 	b.Messages = append(b.Messages, "[notice] "+fmt.Sprintf(format, v...))
 }
 func (b *Buffer) Warn(format string, v ...any) {
+	b.mu.Lock()
+	defer b.mu.Unlock()
 	b.Messages = append(b.Messages, "[warn] "+fmt.Sprintf(format, v...))
 }
 func (b *Buffer) Info(format string, v ...any) {
+	b.mu.Lock()
+	defer b.mu.Unlock()
 	b.Messages = append(b.Messages, "[info] "+fmt.Sprintf(format, v...))
 }
 func (b *Buffer) WithFields(fields ...Field) Logger {
diff --git a/vendor/github.com/buildkite/agent/v3/logger/log.go b/vendor/github.com/buildkite/agent/v3/logger/log.go
index 0147ad232..6807b5b8a 100644
--- a/vendor/github.com/buildkite/agent/v3/logger/log.go
+++ b/vendor/github.com/buildkite/agent/v3/logger/log.go
@@ -14,6 +14,7 @@ import (
 	"sync"
 	"time"
 
+	"github.com/buildkite/agent/v3/version"
 	"golang.org/x/crypto/ssh/terminal"
 )
 
@@ -80,7 +81,10 @@ func (l *ConsoleLogger) SetLevel(level Level) {
 
 func (l *ConsoleLogger) Debug(format string, v ...any) {
 	if l.level == DEBUG {
-		l.printer.Print(DEBUG, fmt.Sprintf(format, v...), l.fields)
+		debugFields := make(Fields, len(l.fields))
+		copy(debugFields, l.fields)
+		debugFields.Add(StringField("agent_version", version.FullVersion()))
+		l.printer.Print(DEBUG, fmt.Sprintf(format, v...), debugFields)
 	}
 }
 
diff --git a/vendor/github.com/buildkite/agent/v3/tracetools/doc.go b/vendor/github.com/buildkite/agent/v3/tracetools/doc.go
new file mode 100644
index 000000000..6900422e3
--- /dev/null
+++ b/vendor/github.com/buildkite/agent/v3/tracetools/doc.go
@@ -0,0 +1,5 @@
+// Package tracetools provides an abstraction across tracing systems
+// (OpenTelemetry, DataDog).
+//
+// It is intended for internal use by buildkite-agent only.
+package tracetools
diff --git a/vendor/github.com/buildkite/agent/v3/tracetools/propagate.go b/vendor/github.com/buildkite/agent/v3/tracetools/propagate.go
new file mode 100644
index 000000000..1f8bc27d9
--- /dev/null
+++ b/vendor/github.com/buildkite/agent/v3/tracetools/propagate.go
@@ -0,0 +1,55 @@
+package tracetools
+
+import (
+	"bytes"
+	"encoding/base64"
+	"encoding/gob"
+
+	"github.com/opentracing/opentracing-go"
+	"gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer"
+)
+
+// EnvVarTraceContextKey is the env var key that will be used to store/retrieve the
+// encoded trace context information into env var maps.
+const EnvVarTraceContextKey = "BUILDKITE_TRACE_CONTEXT"
+
+// EncodeTraceContext will serialize and encode tracing data into a string and place
+// it into the given env vars map.
+func EncodeTraceContext(span opentracing.Span, env map[string]string) error {
+	textmap := tracer.TextMapCarrier{}
+	if err := span.Tracer().Inject(span.Context(), opentracing.TextMap, &textmap); err != nil {
+		return err
+	}
+
+	buf := bytes.NewBuffer([]byte{})
+	enc := gob.NewEncoder(buf)
+	if err := enc.Encode(textmap); err != nil {
+		return err
+	}
+
+	env[EnvVarTraceContextKey] = base64.URLEncoding.EncodeToString(buf.Bytes())
+	return nil
+}
+
+// DecodeTraceContext will decode, deserialize, and extract the tracing data from the
+// given env var map.
+func DecodeTraceContext(env map[string]string) (opentracing.SpanContext, error) {
+	s, has := env[EnvVarTraceContextKey]
+	if !has {
+		return nil, opentracing.ErrSpanContextNotFound
+	}
+
+	contextBytes, err := base64.URLEncoding.DecodeString(s)
+	if err != nil {
+		return nil, err
+	}
+
+	buf := bytes.NewBuffer(contextBytes)
+	dec := gob.NewDecoder(buf)
+	textmap := opentracing.TextMapCarrier{}
+	if err := dec.Decode(&textmap); err != nil {
+		return nil, err
+	}
+
+	return opentracing.GlobalTracer().Extract(opentracing.TextMap, textmap)
+}
diff --git a/vendor/github.com/buildkite/agent/v3/tracetools/span.go b/vendor/github.com/buildkite/agent/v3/tracetools/span.go
new file mode 100644
index 000000000..f966a5595
--- /dev/null
+++ b/vendor/github.com/buildkite/agent/v3/tracetools/span.go
@@ -0,0 +1,129 @@
+package tracetools
+
+import (
+	"context"
+
+	"github.com/opentracing/opentracing-go"
+	"github.com/opentracing/opentracing-go/ext"
+	"go.opentelemetry.io/otel"
+	"go.opentelemetry.io/otel/attribute"
+	"go.opentelemetry.io/otel/codes"
+	"go.opentelemetry.io/otel/trace"
+	ddext "gopkg.in/DataDog/dd-trace-go.v1/ddtrace/ext"
+)
+
+const (
+	BackendDatadog       = "datadog"
+	BackendOpenTelemetry = "opentelemetry"
+	BackendNone          = ""
+)
+
+var ValidTracingBackends = map[string]struct{}{
+	BackendDatadog:       {},
+	BackendOpenTelemetry: {},
+	BackendNone:          {},
+}
+
+// StartSpanFromContext will start a span appropriate to the given tracing backend from the given context with the given
+// operation name. It will also do some common/repeated setup on the span to keep code a little more DRY.
+// If an unknown tracing backend is specified, it will return a span that noops on every operation
+func StartSpanFromContext(ctx context.Context, operation string, tracingBackend string) (Span, context.Context) {
+	switch tracingBackend {
+	case BackendDatadog:
+		span, ctx := opentracing.StartSpanFromContext(ctx, operation)
+		span.SetTag(ddext.AnalyticsEvent, true) // Make the span available for analytics in Datadog
+		return NewOpenTracingSpan(span), ctx
+
+	case BackendOpenTelemetry:
+		ctx, span := otel.Tracer("buildkite-agent").Start(ctx, operation)
+		span.SetAttributes(attribute.String("analytics.event", "true"))
+		return &OpenTelemetrySpan{Span: span}, ctx
+
+	case BackendNone:
+		fallthrough
+
+	default:
+		return &NoopSpan{}, ctx
+	}
+}
+
+type Span interface {
+	AddAttributes(map[string]string)
+	FinishWithError(error)
+	RecordError(error)
+}
+
+type OpenTracingSpan struct {
+	Span opentracing.Span
+}
+
+func NewOpenTracingSpan(base opentracing.Span) *OpenTracingSpan {
+	return &OpenTracingSpan{Span: base}
+}
+
+// AddAttributes adds the given map of attributes to the span as OpenTracing tags
+func (s *OpenTracingSpan) AddAttributes(attributes map[string]string) {
+	for k, v := range attributes {
+		s.Span.SetTag(k, v)
+	}
+}
+
+// FinishWithError adds error information to the OpenTracingSpan if error isn't nil, and records the span as having finished
+func (s *OpenTracingSpan) FinishWithError(err error) {
+	s.RecordError(err)
+	s.Span.Finish()
+}
+
+// RecordError records an error on the given span
+func (s *OpenTracingSpan) RecordError(err error) {
+	if err == nil {
+		return
+	}
+
+	ext.LogError(s.Span, err)
+}
+
+type OpenTelemetrySpan struct {
+	Span trace.Span
+}
+
+func NewOpenTelemetrySpan(base trace.Span) *OpenTelemetrySpan {
+	return &OpenTelemetrySpan{Span: base}
+}
+
+// AddAttributes adds the given attributes to the OpenTelemetry span. Only string attributes are accepted.
+func (s *OpenTelemetrySpan) AddAttributes(attributes map[string]string) {
+	for k, v := range attributes {
+		s.Span.SetAttributes(attribute.String(k, v))
+	}
+}
+
+// FinishWithError adds error information to the OpenTelemetry span if error isn't nil, and records the span as having finished
+func (s *OpenTelemetrySpan) FinishWithError(err error) {
+	s.RecordError(err)
+	s.Span.End()
+}
+
+// RecordError records an error on the given OpenTelemetry span. No-op when error is nil
+func (s *OpenTelemetrySpan) RecordError(err error) {
+	if err == nil {
+		return
+	}
+
+	s.Span.RecordError(err)
+	s.Span.SetStatus(codes.Error, "failed")
+}
+
+// NoopSpan is an implementation of the Span interface that does nothing for every method implemented
+// The intended use case is for instances where the user doesn't have tracing enabled - using NoopSpan, we can still act
+// as though tracing is enabled, but every time we do something tracing related, nothing happens.
+type NoopSpan struct{}
+
+// AddAttributes is a noop
+func (s *NoopSpan) AddAttributes(attributes map[string]string) {}
+
+// FinishWithError is a noop
+func (s *NoopSpan) FinishWithError(err error) {}
+
+// RecordError is a noop
+func (s *NoopSpan) RecordError(err error) {}
diff --git a/vendor/github.com/buildkite/agent/v3/version/VERSION b/vendor/github.com/buildkite/agent/v3/version/VERSION
new file mode 100644
index 000000000..69ef73e1d
--- /dev/null
+++ b/vendor/github.com/buildkite/agent/v3/version/VERSION
@@ -0,0 +1 @@
+3.58.0
diff --git a/vendor/github.com/buildkite/agent/v3/version/version.go b/vendor/github.com/buildkite/agent/v3/version/version.go
new file mode 100644
index 000000000..09eefeda0
--- /dev/null
+++ b/vendor/github.com/buildkite/agent/v3/version/version.go
@@ -0,0 +1,81 @@
+// Package version provides the agent version strings.
+package version
+
+import (
+	_ "embed"
+	"fmt"
+	"runtime"
+	"runtime/debug"
+	"strings"
+)
+
+// Pre-release builds' versions must be in the format `x.y-beta`, `x.y-beta.z` or `x.y-beta.z.a`
+
+var (
+	//go:embed VERSION
+	baseVersion string
+	buildNumber = "x"
+)
+
+func Version() string {
+	return strings.TrimSpace(baseVersion)
+}
+
+// BuildNumber returns the build number of the CI pipeline that built the agent.
+// You can override buildVersion at compile time by using the ldflag:
+//
+// "-X github.com/buildkite/agent/v3/version.buildNumber=abc"
+//
+// An easy way to test this is:
+//
+// $ go run -buildvcs=true -ldflags "-X github.com/buildkite/agent/v3/version.buildNumber=abc" . --version
+//
+// On CI, the binaries are always built with the buildVersion variable set.
+func BuildNumber() string {
+	return buildNumber
+}
+
+// commitInfo returns a string consisting of the commit hash and whether the the build was made in a
+// `dirty` working directory or not. A dirty working directory is one that has uncommitted changes
+// to files that git would track.
+func commitInfo() string {
+	info, ok := debug.ReadBuildInfo()
+	if !ok {
+		return "x"
+	}
+
+	dirty := ".dirty"
+	var commit string
+	for _, setting := range info.Settings {
+		switch setting.Key {
+		case "vcs.revision":
+			commit = setting.Value
+		case "vcs.modified":
+			if setting.Value == "false" {
+				dirty = ""
+			}
+		}
+	}
+
+	return commit + dirty
+}
+
+// FullVersion is a SemVer 2.0 compliant version string that includes
+// [build metadata](https://semver.org/#spec-item-10) consisting of the build
+// number (if any), the commit hash, and whether the build was made in a `dirty`
+// working directory or not.
+func FullVersion() string {
+	return fmt.Sprintf("%s+%s.%s", Version(), BuildNumber(), commitInfo())
+}
+
+// UserAgent returns a string suitable for use as a User-Agent header.
+// TODO-vNext: Include some prefix of the commit hash in the User-Agent header.
+func UserAgent() string {
+	return fmt.Sprintf(
+		"buildkite-agent/%s.%s (%s; %s)",
+		Version(),
+		BuildNumber(),
+		runtime.GOOS,
+		runtime.GOARCH,
+	)
+}
diff --git a/vendor/github.com/buildkite/interpolate/LICENSE.txt b/vendor/github.com/buildkite/interpolate/LICENSE.txt
new file mode 100644
index 000000000..951b6ced4
--- /dev/null
+++ b/vendor/github.com/buildkite/interpolate/LICENSE.txt
@@ -0,0 +1,24 @@
+# Buildkite Licence
+
+Copyright (c) 2014-2017 Buildkite Pty Ltd
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/vendor/github.com/buildkite/interpolate/README.md b/vendor/github.com/buildkite/interpolate/README.md
new file mode 100644
index 000000000..ec2790efd
--- /dev/null
+++ b/vendor/github.com/buildkite/interpolate/README.md
@@ -0,0 +1,61 @@
+Interpolate
+===========
+
+[![GoDoc](https://godoc.org/github.com/buildkite/interpolate?status.svg)](https://godoc.org/github.com/buildkite/interpolate)
+
+A golang library for parameter expansion (like `${BLAH}` or `$BLAH`) in strings from environment variables. An implementation of [POSIX Parameter Expansion](http://pubs.opengroup.org/onlinepubs/9699919799/utilities/V3_chap02.html#tag_18_06_02), plus some other basic operations that you'd expect in a shell scripting environment [like bash](https://www.gnu.org/software/bash/manual/html_node/Shell-Parameter-Expansion.html).
+
+## Installation
+
+```
+go get -u github.com/buildkite/interpolate
+```
+
+## Usage
+
+```go
+package main
+
+import (
+  "github.com/buildkite/interpolate"
+  "fmt"
+)
+
+func main() {
+	env := interpolate.NewSliceEnv([]string{
+		"HELLO_WORLD=🦀",
+	})
+
+	output, _ := interpolate.Interpolate(env, "Buildkite... ${HELLO_WORLD} ${ANOTHER_VAR:-🏖}")
+	fmt.Println(output)
+}
+
+// Output: Buildkite... 🦀 🏖
+
+```
+
+## Supported Expansions
+
+<dl>
+  <dt><code>${parameter}</code> or <code>$parameter</code></dt>
+  <dd><strong>Use value.</strong> If parameter is set, then it shall be substituted; otherwise it will be blank</dd>
+
+  <dt><code>${parameter:-<em>[word]</em>}</code></dt>
+  <dd><strong>Use default values.</strong> If parameter is unset or null, the expansion of word (or an empty string if word is omitted) shall be substituted; otherwise, the value of parameter shall be substituted.</dd>
+
+  <dt><code>${parameter-<em>[word]</em>}</code></dt>
+  <dd><strong>Use default values when not set.</strong> If parameter is unset, the expansion of word (or an empty string if word is omitted) shall be substituted; otherwise, the value of parameter shall be substituted.</dd>
+
+  <dt><code>${parameter:<em>[offset]</em>}</code></dt>
+  <dd><strong>Use the substring of parameter after offset.</strong> A negative offset must be separated from the colon with a space, and will select from the end of the string. If the value is out of bounds, an empty string will be substituted.</dd>
+
+  <dt><code>${parameter:<em>[offset]</em>:<em>[length]</em>}</code></dt>
+  <dd><strong>Use the substring of parameter after offset of given length.</strong> A negative offset must be separated from the colon with a space, and will select from the end of the string. If the offset is out of bounds, an empty string will be substituted. If the length is greater than the length then the entire string will be returned.</dd>
+
+  <dt><code>${parameter:?<em>[word]</em>}</code></dt>
+  <dd>Indicate Error if Null or Unset. If parameter is unset or null, the expansion of word (or a message indicating it is unset if word is omitted) shall be returned as an error.</dd>
+</dl>
+
+## License
+
+Licensed under MIT license, in `LICENSE`.
diff --git a/vendor/github.com/buildkite/interpolate/env.go b/vendor/github.com/buildkite/interpolate/env.go
new file mode 100644
index 000000000..8966a264f
--- /dev/null
+++ b/vendor/github.com/buildkite/interpolate/env.go
@@ -0,0 +1,49 @@
+package interpolate
+
+import (
+	"runtime"
+	"strings"
+)
+
+type Env interface {
+	Get(key string) (string, bool)
+}
+
+// Creates an Env from a slice of environment variables
+func NewSliceEnv(env []string) Env {
+	envMap := mapEnv{}
+	for _, l := range env {
+		parts := strings.SplitN(l, "=", 2)
+		if len(parts) == 2 {
+			envMap[normalizeKeyName(parts[0])] = parts[1]
+		}
+	}
+	return envMap
+}
+
+// Creates an Env from a map of environment variables
+func NewMapEnv(env map[string]string) Env {
+	envMap := mapEnv{}
+	for k, v := range env {
+		envMap[normalizeKeyName(k)] = v
+	}
+	return envMap
+}
+
+type mapEnv map[string]string
+
+func (m mapEnv) Get(key string) (string, bool) {
+	if m == nil {
+		return "", false
+	}
+	val, ok := m[normalizeKeyName(key)]
+	return val, ok
+}
+
+// Windows isn't case sensitive for env
+func normalizeKeyName(key string) string {
+	if runtime.GOOS == "windows" {
+		return strings.ToUpper(key)
+	}
+	return key
+}
diff --git a/vendor/github.com/buildkite/interpolate/interpolate.go b/vendor/github.com/buildkite/interpolate/interpolate.go
new file mode 100644
index 000000000..90d5ee3cc
--- /dev/null
+++ b/vendor/github.com/buildkite/interpolate/interpolate.go
@@ -0,0 +1,212 @@
+package interpolate
+
+import (
+	"bytes"
+	"fmt"
+)
+
+// Interpolate takes a set of environment and interpolates it into the provided string using shell script expansions
+func Interpolate(env Env, str string) (string, error) {
+	if env == nil {
+		env = NewSliceEnv(nil)
+	}
+	expr, err := NewParser(str).Parse()
+	if err != nil {
+		return "", err
+	}
+	return expr.Expand(env)
+}
+
+// Indentifiers parses the identifiers from any expansions in the provided string
+func Identifiers(str string) ([]string, error) {
+	expr, err := NewParser(str).Parse()
+	if err != nil {
+		return nil, err
+	}
+	return expr.Identifiers(), nil
+}
+
+// An expansion is something that takes in ENV and returns a string or an error
+type Expansion interface {
+	Expand(env Env) (string, error)
+	Identifiers() []string
+}
+
+// VariableExpansion represents either $VAR or ${VAR}, our simplest expansion
+type VariableExpansion struct {
+	Identifier string
+}
+
+func (e VariableExpansion) Identifiers() []string {
+	return []string{e.Identifier}
+}
+
+func (e VariableExpansion) Expand(env Env) (string, error) {
+	val, _ := env.Get(e.Identifier)
+	return val, nil
+}
+
+// EmptyValueExpansion returns either the value of an env, or a default value if it's unset or null
+type EmptyValueExpansion struct {
+	Identifier string
+	Content    Expression
+}
+
+func (e EmptyValueExpansion) Identifiers() []string {
+	return append([]string{e.Identifier}, e.Content.Identifiers()...)
+}
+
+func (e EmptyValueExpansion) Expand(env Env) (string, error) {
+	val, _ := env.Get(e.Identifier)
+	if val == "" {
+		return e.Content.Expand(env)
+	}
+	return val, nil
+}
+
+// UnsetValueExpansion returns either the value of an env, or a default value if it's unset
+type UnsetValueExpansion struct {
+	Identifier string
+	Content    Expression
+}
+
+func (e UnsetValueExpansion) Identifiers() []string {
+	return []string{e.Identifier}
+}
+
+func (e UnsetValueExpansion) Expand(env Env) (string, error) {
+	val, ok := env.Get(e.Identifier)
+	if !ok {
+		return e.Content.Expand(env)
+	}
+	return val, nil
+}
+
+// SubstringExpansion returns a substring (or slice) of the env
+type SubstringExpansion struct {
+	Identifier string
+	Offset     int
+	Length     int
+	HasLength  bool
+}
+
+func (e SubstringExpansion) Identifiers() []string {
+	return []string{e.Identifier}
+}
+
+func (e SubstringExpansion) Expand(env Env) (string, error) {
+	val, _ := env.Get(e.Identifier)
+
+	from := e.Offset
+
+	// Negative offsets = from end
+	if from < 0 {
+		from += len(val)
+	}
+
+	// Still negative = too far from end? Truncate to start.
+	if from < 0 {
+		from = 0
+	}
+
+	// Beyond end? Truncate to end.
+	if from > len(val) {
+		from = len(val)
+	}
+
+	if !e.HasLength {
+		return val[from:], nil
+	}
+
+	to := e.Length
+
+	if to >= 0 {
+		// Positive length = from offset
+		to += from
+	} else {
+		// Negative length = from end
+		to += len(val)
+
+		// Too far? Truncate to offset.
+		if to < from {
+			to = from
+		}
+	}
+
+	// Beyond end? Truncate to end.
+	if to > len(val) {
+		to = len(val)
+	}
+
+	return val[from:to], nil
+}
+
+// RequiredExpansion returns an env value, or an error if it is unset
+type RequiredExpansion struct {
+	Identifier string
+	Message    Expression
+}
+
+func (e RequiredExpansion) Identifiers() []string {
+	return []string{e.Identifier}
+}
+
+func (e RequiredExpansion) Expand(env Env) (string, error) {
+	val, ok := env.Get(e.Identifier)
+	if !ok {
+		msg, err := e.Message.Expand(env)
+		if err != nil {
+			return "", err
+		}
+		if msg == "" {
+			msg = "not set"
+		}
+		return "", fmt.Errorf("$%s: %s", e.Identifier, msg)
+	}
+	return val, nil
+}
+
+// Expression is a collection of either Text or Expansions
+type Expression []ExpressionItem
+
+func (e Expression) Identifiers() []string {
+	identifiers := []string{}
+	for _, item := range e {
+		if item.Expansion != nil {
+			identifiers = append(identifiers, item.Expansion.Identifiers()...)
+		}
+	}
+	return identifiers
+}
+
+func (e Expression) Expand(env Env) (string, error) {
+	buf := &bytes.Buffer{}
+
+	for _, item := range e {
+		if item.Expansion != nil {
+			result, err := item.Expansion.Expand(env)
+			if err != nil {
+				return "", err
+			}
+			_, _ = buf.WriteString(result)
+		} else {
+			_, _ = buf.WriteString(item.Text)
+		}
+	}
+
+	return buf.String(), nil
+}
+
+// ExpressionItem models either an Expansion or Text. Either/Or, never both.
+type ExpressionItem struct {
+	Text string
+	// -- or --
+	Expansion Expansion
+}
+
+func (i ExpressionItem) String() string {
+	if i.Expansion != nil {
+		return fmt.Sprintf("%#v", i.Expansion)
+	}
+	return fmt.Sprintf("%q", i.Text)
+}
diff --git a/vendor/github.com/buildkite/interpolate/parser.go b/vendor/github.com/buildkite/interpolate/parser.go
new file mode 100644
index 000000000..fa7e84340
--- /dev/null
+++ b/vendor/github.com/buildkite/interpolate/parser.go
@@ -0,0 +1,287 @@
+package interpolate
+
+import (
+	"fmt"
+	"strconv"
+	"strings"
+	"unicode"
+	"unicode/utf8"
+)
+
+// This is a recursive descent parser for our grammar. Because it can contain nested expressions like
+// ${LLAMAS:-${ROCK:-true}} we can't use regular expressions. The simplest possible alternative is
+// a recursive parser like this. It parses a chunk and then calls a function to parse that further
+// and so on and so forth. It results in a tree of objects that represent the things we've parsed (an AST).
+// This means that the logic for how expansions work lives in those objects, and the logic for how we go
+// from plain text to parsed objects lives here.
+//
+// To keep things simple, we do our "lexing" or "scanning" just as a few functions at the end of the file
+// rather than as a dedicated lexer that emits tokens. This matches the simplicity of the format we are parsing
+// relatively well
+//
+// Below is an EBNF grammar for the language. The parser was built by basically turning this into functions
+// and structs named the same reading the string bite by bite (peekRune and nextRune)
+
+/*
+EscapedBackslash = "\\"
+EscapedDollar    = ( "\$" | "$$")
+Identifier       = letter { letters | digit | "_" }
+Expansion        = "$" ( Identifier | Brace )
+Brace            = "{" Identifier [ Identifier BraceOperation ] "}"
+Text             = { EscapedBackslash | EscapedDollar | all characters except "$" }
+Expression       = { Text | Expansion }
+EmptyValue       = ":-" { Expression }
+UnsetValue       = "-" { Expression }
+Substring        = ":" number [ ":" number ]
+Required         = "?" { Expression }
+Operation        = EmptyValue | UnsetValue | Substring | Required
+*/
+
+const (
+	eof = -1
+)
+
+// Parser takes a string and parses out a tree of structs that represent text and Expansions
+type Parser struct {
+	input string // the string we are scanning
+	pos   int    // the current position
+}
+
+// NewParser returns a new instance of a Parser
+func NewParser(str string) *Parser {
+	return &Parser{
+		input: str,
+		pos:   0,
+	}
+}
+
+// Parse expansions out of the internal text and return them as a tree of Expressions
+func (p *Parser) Parse() (Expression, error) {
+	return p.parseExpression()
+}
+
+func (p *Parser) parseExpression(stop ...rune) (Expression, error) {
+	var expr Expression
+	var stopStr = string(stop)
+
+	for {
+		c := p.peekRune()
+		if c == eof || strings.ContainsRune(stopStr, c) {
+			break
+		}
+
+		// check for our escaped characters first, as we assume nothing subsequently is escaped
+		if strings.HasPrefix(p.input[p.pos:], `\\`) {
+			p.pos += 2
+			expr = append(expr, ExpressionItem{Text: `\\`})
+			continue
+		} else if strings.HasPrefix(p.input[p.pos:], `\$`) || strings.HasPrefix(p.input[p.pos:], `$$`) {
+			p.pos += 2
+			expr = append(expr, ExpressionItem{Text: `$`})
+			continue
+		}
+
+		// Ignore bash shell expansions
+		if strings.HasPrefix(p.input[p.pos:], `$(`) {
+			p.pos += 2
+			expr = append(expr, ExpressionItem{Text: `$(`})
+			continue
+		}
+
+		// If we run into a dollar sign and it's not the last char, it's an expansion
+		if c == '$' && p.pos < (len(p.input)-1) {
+			expansion, err := p.parseExpansion()
+			if err != nil {
+				return nil, err
+			}
+			expr = append(expr, ExpressionItem{Expansion: expansion})
+			continue
+		}
+
+		// nibble a character, otherwise if it's a \ or a $ we can loop
+		c = p.nextRune()
+
+		// Scan as much as we can into text
+		text := p.scanUntil(func(r rune) bool {
+			return (r == '$' || r == '\\' || strings.ContainsRune(stopStr, r))
+		})
+
+		expr = append(expr, ExpressionItem{Text: string(c) + text})
+	}
+
+	return expr, nil
+}
+
+func (p *Parser) parseExpansion() (Expansion, error) {
+	if c := p.nextRune(); c != '$' {
+		return nil, fmt.Errorf("Expected expansion to start with $, got %c", c)
+	}
+
+	// if we have an open brace, this is a brace expansion
+	if c := p.peekRune(); c == '{' {
+		return p.parseBraceExpansion()
+	}
+
+	identifier, err := p.scanIdentifier()
+	if err != nil {
+		return nil, err
+	}
+
+	return VariableExpansion{Identifier: identifier}, nil
+}
+
+func (p *Parser) parseBraceExpansion() (Expansion, error) {
+	if c := p.nextRune(); c != '{' {
+		return nil, fmt.Errorf("Expected brace expansion to start with {, got %c", c)
+	}
+
+	identifier, err := p.scanIdentifier()
+	if err != nil {
+		return nil, err
+	}
+
+	if c := p.peekRune(); c == '}' {
+		_ = p.nextRune()
+		return VariableExpansion{Identifier: identifier}, nil
+	}
+
+	var operator string
+	var exp Expansion
+
+	// Parse an operator, some trickery is needed to handle : vs :-
+	if op1 := p.nextRune(); op1 == ':' {
+		if op2 := p.peekRune(); op2 == '-' {
+			_ = p.nextRune()
+			operator = ":-"
+		} else {
+			operator = ":"
+		}
+	} else if op1 == '?' || op1 == '-' {
+		operator = string(op1)
+	} else {
+		return nil, fmt.Errorf("Expected an operator, got %c", op1)
+	}
+
+	switch operator {
+	case `:-`:
+		exp, err = p.parseEmptyValueExpansion(identifier)
+		if err != nil {
+			return nil, err
+		}
+	case `-`:
+		exp, err = p.parseUnsetValueExpansion(identifier)
+		if err != nil {
+			return nil, err
+		}
+	case `:`:
+		exp, err = p.parseSubstringExpansion(identifier)
+		if err != nil {
+			return nil, err
+		}
+	case `?`:
+		exp, err = p.parseRequiredExpansion(identifier)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	if c := p.nextRune(); c != '}' {
+		return nil, fmt.Errorf("Expected brace expansion to end with }, got %c", c)
+	}
+
+	return exp, nil
+}
+
+func (p *Parser) parseEmptyValueExpansion(identifier string) (Expansion, error) {
+	// parse an expression (text and expansions) up until the end of the brace
+	expr, err := p.parseExpression('}')
+	if err != nil {
+		return nil, err
+	}
+
+	return EmptyValueExpansion{Identifier: identifier, Content: expr}, nil
+}
+
+func (p *Parser) parseUnsetValueExpansion(identifier string) (Expansion, error) {
+	expr, err := p.parseExpression('}')
+	if err != nil {
+		return nil, err
+	}
+
+	return UnsetValueExpansion{Identifier: identifier, Content: expr}, nil
+}
+
+func (p *Parser) parseSubstringExpansion(identifier string) (Expansion, error) {
+	offset := p.scanUntil(func(r rune) bool {
+		return r == ':' || r == '}'
+	})
+
+	offsetInt, err := strconv.Atoi(strings.TrimSpace(offset))
+	if err != nil {
+		return nil, fmt.Errorf("Unable to parse offset: %v", err)
+	}
+
+	if c := p.peekRune(); c == '}' {
+		return SubstringExpansion{Identifier: identifier, Offset: offsetInt}, nil
+	}
+
+	_ = p.nextRune()
+	length := p.scanUntil(func(r rune) bool {
+		return r == '}'
+	})
+
+	lengthInt, err := strconv.Atoi(strings.TrimSpace(length))
+	if err != nil {
+		return nil, fmt.Errorf("Unable to parse length: %v", err)
+	}
+
+	return SubstringExpansion{Identifier: identifier, Offset: offsetInt, Length: lengthInt, HasLength: true}, nil
+}
+
+func (p *Parser) parseRequiredExpansion(identifier string) (Expansion, error) {
+	expr, err := p.parseExpression('}')
+	if err != nil {
+		return nil, err
+	}
+
+	return RequiredExpansion{Identifier: identifier, Message: expr}, nil
+}
+
+func (p *Parser) scanUntil(f func(rune) bool) string {
+	start := p.pos
+	for int(p.pos) < len(p.input) {
+		c, size := utf8.DecodeRuneInString(p.input[p.pos:])
+		if c == utf8.RuneError || f(c) {
+			break
+		}
+		p.pos += size
+	}
+	return p.input[start:p.pos]
+}
+
+func (p *Parser) scanIdentifier() (string, error) {
+	if c := p.peekRune(); !unicode.IsLetter(c) {
+		return "", fmt.Errorf("Expected identifier to start with a letter, got %c", c)
+	}
+	var notIdentifierChar = func(r rune) bool {
+		return (!unicode.IsLetter(r) && !unicode.IsNumber(r) && r != '_')
+	}
+	return p.scanUntil(notIdentifierChar), nil
+}
+
+func (p *Parser) nextRune() rune {
+	if int(p.pos) >= len(p.input) {
+		return eof
+	}
+	c, size := utf8.DecodeRuneInString(p.input[p.pos:])
+	p.pos += size
+	return c
+}
+
+func (p *Parser) peekRune() rune {
+	if int(p.pos) >= len(p.input) {
+		return eof
+	}
+	c, _ := utf8.DecodeRuneInString(p.input[p.pos:])
+	return c
+}
diff --git a/vendor/github.com/chrismellard/docker-credential-acr-env/pkg/token/token.go b/vendor/github.com/chrismellard/docker-credential-acr-env/pkg/token/token.go
index a76be1e4f..feff3e1a4 100644
--- a/vendor/github.com/chrismellard/docker-credential-acr-env/pkg/token/token.go
+++ b/vendor/github.com/chrismellard/docker-credential-acr-env/pkg/token/token.go
@@ -17,6 +17,7 @@ package token
 
 import (
 	"fmt"
+	"os"
 
 	"github.com/Azure/go-autorest/autorest/adal"
 	"github.com/Azure/go-autorest/autorest/azure/auth"
@@ -62,11 +63,46 @@ func getServicePrincipalToken(settings auth.EnvironmentSettings, resource string
 		return &adal.ServicePrincipalToken{}, fmt.Errorf("authentication method currently unsupported")
 	}
 
+	// federated OIDC JWT assertion
+	jwt, err := jwtLookup()
+	if err == nil {
+		clientID, isPresent := os.LookupEnv("AZURE_CLIENT_ID")
+		if !isPresent {
+			return &adal.ServicePrincipalToken{}, fmt.Errorf("failed to get client id from environment")
+		}
+		tenantID, isPresent := os.LookupEnv("AZURE_TENANT_ID")
+		if !isPresent {
+			return &adal.ServicePrincipalToken{}, fmt.Errorf("failed to get client id from environment")
+		}
+
+		oAuthConfig, err := adal.NewOAuthConfig(settings.Environment.ActiveDirectoryEndpoint, tenantID)
+		if err != nil {
+			return &adal.ServicePrincipalToken{}, fmt.Errorf("failed to initialise OAuthConfig - %w", err)
+		}
+
+		return adal.NewServicePrincipalTokenFromFederatedToken(*oAuthConfig, clientID, *jwt, resource)
+	}
+
 	// 4. MSI
-	msiEndpoint, err := adal.GetMSIEndpoint()
-	if err != nil {
-		return &adal.ServicePrincipalToken{}, fmt.Errorf("unable to determine MSIEndpoint %w", err)
+	return adal.NewServicePrincipalTokenFromManagedIdentity(resource, &adal.ManagedIdentityOptions{
+		ClientID: os.Getenv("AZURE_CLIENT_ID"),
+	})
+}
+
+func jwtLookup() (*string, error) {
+	jwt, isPresent := os.LookupEnv("AZURE_FEDERATED_TOKEN")
+	if isPresent {
+		return &jwt, nil
+	}
+
+	if jwtFile, isPresent := os.LookupEnv("AZURE_FEDERATED_TOKEN_FILE"); isPresent {
+		jwtBytes, err := os.ReadFile(jwtFile)
+		if err != nil {
+			return nil, err
+		}
+		jwt = string(jwtBytes)
+		return &jwt, nil
 	}
 
-	return adal.NewServicePrincipalTokenFromMSI(msiEndpoint, resource)
+	return nil, fmt.Errorf("no JWT found")
 }
diff --git a/vendor/github.com/clbanning/mxj/v2/doc.go b/vendor/github.com/clbanning/mxj/v2/doc.go
index bede31265..07ac098e2 100644
--- a/vendor/github.com/clbanning/mxj/v2/doc.go
+++ b/vendor/github.com/clbanning/mxj/v2/doc.go
@@ -14,6 +14,11 @@ Related Packages:
 	checkxml: github.com/clbanning/checkxml provides functions for validating XML data.
 
 Notes:
+	2022.11.28: v2.7 - add SetGlobalKeyMapPrefix to change default prefix, '#', for default keys
+	2022.11.20: v2.6 - add NewMapForattedXmlSeq for XML docs formatted with whitespace character
+	2021.02.02: v2.5 - add XmlCheckIsValid toggle to force checking that the encoded XML is valid
+	2020.12.14: v2.4 - add XMLEscapeCharsDecoder to preserve XML escaped characters in Map values
+	2020.10.28: v2.3 - add TrimWhiteSpace option
 	2020.05.01: v2.2 - optimize map to XML encoding for large XML docs.
 	2019.07.04: v2.0 - remove unnecessary methods - mv.XmlWriterRaw, mv.XmlIndentWriterRaw - for Map and MapSeq.
 	2019.07.04: Add MapSeq type and move associated functions and methods from Map to MapSeq.
diff --git a/vendor/github.com/clbanning/mxj/v2/leafnode.go b/vendor/github.com/clbanning/mxj/v2/leafnode.go
index cf413ebdd..1bc814fdc 100644
--- a/vendor/github.com/clbanning/mxj/v2/leafnode.go
+++ b/vendor/github.com/clbanning/mxj/v2/leafnode.go
@@ -44,7 +44,7 @@ func (mv Map) LeafNodes(no_attr ...bool) []LeafNode {
 
 func getLeafNodes(path, node string, mv interface{}, l *[]LeafNode, noattr bool) {
 	// if stripping attributes, then also strip "#text" key
-	if !noattr || node != "#text" {
+	if !noattr || node != textK {
 		if path != "" && node[:1] != "[" {
 			path += "."
 		}
diff --git a/vendor/github.com/clbanning/mxj/v2/readme.md b/vendor/github.com/clbanning/mxj/v2/readme.md
index 323a747d4..0e0a09a42 100644
--- a/vendor/github.com/clbanning/mxj/v2/readme.md
+++ b/vendor/github.com/clbanning/mxj/v2/readme.md
@@ -6,7 +6,7 @@ mxj supplants the legacy x2j and j2x packages. If you want the old syntax, use m
 <h4>Installation</h4>
 Using go.mod:
 <pre>
-go get github.com/clbanning/mxj/v2@v2.3.2
+go get github.com/clbanning/mxj/v2@v2.7	
 </pre>
 
 <pre>
@@ -42,6 +42,8 @@ For over a year I've wanted to refactor the XML-to-map[string]interface{} decode
 
 <h4>Notices</h4>
 
+	2022.11.28: v2.7 - add SetGlobalKeyMapPrefix to change default prefix, '#', for default keys
+	2022.11.20: v2.6 - add NewMapForattedXmlSeq for XML docs formatted with whitespace character
 	2021.02.02: v2.5 - add XmlCheckIsValid toggle to force checking that the encoded XML is valid
 	2020.12.14: v2.4 - add XMLEscapeCharsDecoder to preserve XML escaped characters in Map values
 	2020.10.28: v2.3 - add TrimWhiteSpace option
diff --git a/vendor/github.com/clbanning/mxj/v2/xml.go b/vendor/github.com/clbanning/mxj/v2/xml.go
index 2ea1bc25a..b72a1460f 100644
--- a/vendor/github.com/clbanning/mxj/v2/xml.go
+++ b/vendor/github.com/clbanning/mxj/v2/xml.go
@@ -22,6 +22,30 @@ import (
 	"time"
 )
 
+var (
+	textK      = "#text"
+	seqK       = "#seq"
+	commentK   = "#comment"
+	attrK      = "#attr"
+	directiveK = "#directive"
+	procinstK  = "#procinst"
+	targetK    = "#target"
+	instK      = "#inst"
+)
+
+// Support overriding default Map keys prefix
+
+func SetGlobalKeyMapPrefix(s string) {
+	textK = strings.ReplaceAll(textK, textK[0:1], s)
+	seqK = strings.ReplaceAll(seqK, seqK[0:1], s)
+	commentK = strings.ReplaceAll(commentK, commentK[0:1], s)
+	directiveK = strings.ReplaceAll(directiveK, directiveK[0:1], s)
+	procinstK = strings.ReplaceAll(procinstK, procinstK[0:1], s)
+	targetK = strings.ReplaceAll(targetK, targetK[0:1], s)
+	instK = strings.ReplaceAll(instK, instK[0:1], s)
+	attrK = strings.ReplaceAll(attrK, attrK[0:1], s)
+}
+
 // ------------------- NewMapXml & NewMapXmlReader ... -------------------------
 
 // If XmlCharsetReader != nil, it will be used to decode the XML, if required.
@@ -441,7 +465,7 @@ func xmlToMapParser(skey string, a []xml.Attr, p *xml.Decoder, r bool) (map[stri
 					val.(map[string]interface{})["_seq"] = seq // will overwrite an "_seq" XML tag
 					seq++
 				case interface{}: // a non-nil simple element: string, float64, bool
-					v := map[string]interface{}{"#text": val}
+					v := map[string]interface{}{textK: val}
 					v["_seq"] = seq
 					seq++
 					val = v
@@ -479,7 +503,7 @@ func xmlToMapParser(skey string, a []xml.Attr, p *xml.Decoder, r bool) (map[stri
 			} else if len(n) == 1 && len(na) > 0 {
 				// it's a simple element w/ no attributes w/ subelements
 				for _, v := range n {
-					na["#text"] = v
+					na[textK] = v
 				}
 				n[skey] = na
 			}
@@ -492,7 +516,7 @@ func xmlToMapParser(skey string, a []xml.Attr, p *xml.Decoder, r bool) (map[stri
 			}
 			if len(tt) > 0 {
 				if len(na) > 0 || decodeSimpleValuesAsMap {
-					na["#text"] = cast(tt, r, "#text")
+					na[textK] = cast(tt, r, textK)
 				} else if skey != "" {
 					n[skey] = cast(tt, r, skey)
 				} else {
@@ -913,7 +937,8 @@ func (b *byteReader) Read(p []byte) (int, error) {
 func (b *byteReader) ReadByte() (byte, error) {
 	_, err := b.r.Read(b.b)
 	if len(b.b) > 0 {
-		return b.b[0], nil
+		// issue #38
+		return b.b[0], err
 	}
 	var c byte
 	return c, err
@@ -1038,6 +1063,7 @@ func marshalMapToXmlIndent(doIndent bool, b *bytes.Buffer, key string, value int
 	if doIndent {
 		switch value.(type) {
 		case []interface{}, []string:
+			// list processing handles indentation for all elements
 		default:
 			if _, err = b.WriteString(p.padding); err != nil {
 				return err
@@ -1113,7 +1139,7 @@ func marshalMapToXmlIndent(doIndent bool, b *bytes.Buffer, key string, value int
 
 		// simple element? Note: '#text" is an invalid XML tag.
 		isComplex := false
-		if v, ok := vv["#text"]; ok && n+1 == lenvv {
+		if v, ok := vv[textK]; ok && n+1 == lenvv {
 			// just the value and attributes
 			switch v.(type) {
 			case string:
@@ -1177,7 +1203,7 @@ func marshalMapToXmlIndent(doIndent bool, b *bytes.Buffer, key string, value int
 		elemlist := make([][2]interface{}, len(vv))
 		n = 0
 		for k, v := range vv {
-			if k == "#text" {
+			if k == textK {
 				// simple element handled above
 				continue
 			}
diff --git a/vendor/github.com/clbanning/mxj/v2/xmlseq.go b/vendor/github.com/clbanning/mxj/v2/xmlseq.go
index 80632bd3c..9732dec39 100644
--- a/vendor/github.com/clbanning/mxj/v2/xmlseq.go
+++ b/vendor/github.com/clbanning/mxj/v2/xmlseq.go
@@ -13,6 +13,7 @@ import (
 	"errors"
 	"fmt"
 	"io"
+	"regexp"
 	"sort"
 	"strings"
 )
@@ -81,6 +82,8 @@ var NO_ROOT = NoRoot // maintain backwards compatibility
 //	ERRORS:
 //	   1. If a NoRoot error, "no root key," is returned, check the initial map key for a "#comment",
 //	      "#directive" or #procinst" key.
+//	   2. Unmarshaling an XML doc that is formatted using the whitespace character, " ", will error, since
+//	      Decoder.RawToken treats such occurances as significant. See NewMapFormattedXmlSeq().
 func NewMapXmlSeq(xmlVal []byte, cast ...bool) (MapSeq, error) {
 	var r bool
 	if len(cast) == 1 {
@@ -89,6 +92,28 @@ func NewMapXmlSeq(xmlVal []byte, cast ...bool) (MapSeq, error) {
 	return xmlSeqToMap(xmlVal, r)
 }
 
+// NewMapFormattedXmlSeq performs the same as NewMapXmlSeq but is useful for processing XML objects that
+// are formatted using the whitespace character, " ".  (The stdlib xml.Decoder, by default, treats all
+// whitespace as significant; Decoder.Token() and Decoder.RawToken() will return strings of one or more
+// whitespace characters and without alphanumeric or punctuation characters as xml.CharData values.)
+//
+// If you're processing such XML, then this will convert all occurrences of whitespace-only strings
+// into an empty string, "", prior to parsing the XML - irrespective of whether the occurrence is
+// formatting or is a actual element value.
+func NewMapFormattedXmlSeq(xmlVal []byte, cast ...bool) (MapSeq, error) {
+	var c bool
+	if len(cast) == 1 {
+		c = cast[0]
+	}
+
+	// Per PR #104 - clean out formatting characters so they don't show up in Decoder.RawToken() stream.
+	// NOTE: Also replaces element values that are solely comprised of formatting/whitespace characters
+	// with empty string, "".
+	r := regexp.MustCompile(`>[\n\t\r ]*<`)
+	xmlVal = r.ReplaceAll(xmlVal, []byte("><"))
+	return xmlSeqToMap(xmlVal, c)
+}
+
 // NewMpaXmlSeqReader returns next XML doc from an io.Reader as a MapSeq value.
 //	NOTES:
 //	   1. The 'xmlReader' will be parsed looking for an xml.StartElement, xml.Comment, etc., so BOM and other
@@ -212,12 +237,12 @@ func xmlSeqToMapParser(skey string, a []xml.Attr, p *xml.Decoder, r bool) (map[s
 					v.Value = escapeChars(v.Value)
 				}
 				if len(v.Name.Space) > 0 {
-					aa[v.Name.Space+`:`+v.Name.Local] = map[string]interface{}{"#text": cast(v.Value, r, ""), "#seq": i}
+					aa[v.Name.Space+`:`+v.Name.Local] = map[string]interface{}{textK: cast(v.Value, r, ""), seqK: i}
 				} else {
-					aa[v.Name.Local] = map[string]interface{}{"#text": cast(v.Value, r, ""), "#seq": i}
+					aa[v.Name.Local] = map[string]interface{}{textK: cast(v.Value, r, ""), seqK: i}
 				}
 			}
-			na["#attr"] = aa
+			na[attrK] = aa
 		}
 	}
 
@@ -285,10 +310,10 @@ func xmlSeqToMapParser(skey string, a []xml.Attr, p *xml.Decoder, r bool) (map[s
 			// where all the "list" subelements are decoded into an array.
 			switch val.(type) {
 			case map[string]interface{}:
-				val.(map[string]interface{})["#seq"] = seq
+				val.(map[string]interface{})[seqK] = seq
 				seq++
 			case interface{}: // a non-nil simple element: string, float64, bool
-				v := map[string]interface{}{"#text": val, "#seq": seq}
+				v := map[string]interface{}{textK: val, seqK: seq}
 				seq++
 				val = v
 			}
@@ -355,42 +380,42 @@ func xmlSeqToMapParser(skey string, a []xml.Attr, p *xml.Decoder, r bool) (map[s
 			}
 			if len(tt) > 0 {
 				// every simple element is a #text and has #seq associated with it
-				na["#text"] = cast(tt, r, "")
-				na["#seq"] = seq
+				na[textK] = cast(tt, r, "")
+				na[seqK] = seq
 				seq++
 			}
 		case xml.Comment:
 			if n == nil { // no root 'key'
-				n = map[string]interface{}{"#comment": string(t.(xml.Comment))}
+				n = map[string]interface{}{commentK: string(t.(xml.Comment))}
 				return n, NoRoot
 			}
 			cm := make(map[string]interface{}, 2)
-			cm["#text"] = string(t.(xml.Comment))
-			cm["#seq"] = seq
+			cm[textK] = string(t.(xml.Comment))
+			cm[seqK] = seq
 			seq++
-			na["#comment"] = cm
+			na[commentK] = cm
 		case xml.Directive:
 			if n == nil { // no root 'key'
-				n = map[string]interface{}{"#directive": string(t.(xml.Directive))}
+				n = map[string]interface{}{directiveK: string(t.(xml.Directive))}
 				return n, NoRoot
 			}
 			dm := make(map[string]interface{}, 2)
-			dm["#text"] = string(t.(xml.Directive))
-			dm["#seq"] = seq
+			dm[textK] = string(t.(xml.Directive))
+			dm[seqK] = seq
 			seq++
-			na["#directive"] = dm
+			na[directiveK] = dm
 		case xml.ProcInst:
 			if n == nil {
-				na = map[string]interface{}{"#target": t.(xml.ProcInst).Target, "#inst": string(t.(xml.ProcInst).Inst)}
-				n = map[string]interface{}{"#procinst": na}
+				na = map[string]interface{}{targetK: t.(xml.ProcInst).Target, instK: string(t.(xml.ProcInst).Inst)}
+				n = map[string]interface{}{procinstK: na}
 				return n, NoRoot
 			}
 			pm := make(map[string]interface{}, 3)
-			pm["#target"] = t.(xml.ProcInst).Target
-			pm["#inst"] = string(t.(xml.ProcInst).Inst)
-			pm["#seq"] = seq
+			pm[targetK] = t.(xml.ProcInst).Target
+			pm[instK] = string(t.(xml.ProcInst).Inst)
+			pm[seqK] = seq
 			seq++
-			na["#procinst"] = pm
+			na[procinstK] = pm
 		default:
 			// noop - shouldn't ever get here, now, since we handle all token types
 		}
@@ -580,7 +605,7 @@ func mapToXmlSeqIndent(doIndent bool, s *string, key string, value interface{},
 		if doIndent {
 			*s += p.padding
 		}
-		if key != "#comment" && key != "#directive" && key != "#procinst" {
+		if key != commentK && key != directiveK && key != procinstK {
 			*s += `<` + key
 		}
 	}
@@ -588,27 +613,27 @@ func mapToXmlSeqIndent(doIndent bool, s *string, key string, value interface{},
 	case map[string]interface{}:
 		val := value.(map[string]interface{})
 
-		if key == "#comment" {
-			*s += `<!--` + val["#text"].(string) + `-->`
+		if key == commentK {
+			*s += `<!--` + val[textK].(string) + `-->`
 			noEndTag = true
 			break
 		}
 
-		if key == "#directive" {
-			*s += `<!` + val["#text"].(string) + `>`
+		if key == directiveK {
+			*s += `<!` + val[textK].(string) + `>`
 			noEndTag = true
 			break
 		}
 
-		if key == "#procinst" {
-			*s += `<?` + val["#target"].(string) + ` ` + val["#inst"].(string) + `?>`
+		if key == procinstK {
+			*s += `<?` + val[targetK].(string) + ` ` + val[instK].(string) + `?>`
 			noEndTag = true
 			break
 		}
 
 		haveAttrs := false
 		// process attributes first
-		if v, ok := val["#attr"].(map[string]interface{}); ok {
+		if v, ok := val[attrK].(map[string]interface{}); ok {
 			// First, unroll the map[string]interface{} into a []keyval array.
 			// Then sequence it.
 			kv := make([]keyval, len(v))
@@ -621,21 +646,21 @@ func mapToXmlSeqIndent(doIndent bool, s *string, key string, value interface{},
 			// Now encode the attributes in original decoding sequence, using keyval array.
 			for _, a := range kv {
 				vv := a.v.(map[string]interface{})
-				switch vv["#text"].(type) {
+				switch vv[textK].(type) {
 				case string:
 					if xmlEscapeChars {
-						ss = escapeChars(vv["#text"].(string))
+						ss = escapeChars(vv[textK].(string))
 					} else {
-						ss = vv["#text"].(string)
+						ss = vv[textK].(string)
 					}
 					*s += ` ` + a.k + `="` + ss + `"`
 				case float64, bool, int, int32, int64, float32:
-					*s += ` ` + a.k + `="` + fmt.Sprintf("%v", vv["#text"]) + `"`
+					*s += ` ` + a.k + `="` + fmt.Sprintf("%v", vv[textK]) + `"`
 				case []byte:
 					if xmlEscapeChars {
-						ss = escapeChars(string(vv["#text"].([]byte)))
+						ss = escapeChars(string(vv[textK].([]byte)))
 					} else {
-						ss = string(vv["#text"].([]byte))
+						ss = string(vv[textK].([]byte))
 					}
 					*s += ` ` + a.k + `="` + ss + `"`
 				default:
@@ -647,8 +672,8 @@ func mapToXmlSeqIndent(doIndent bool, s *string, key string, value interface{},
 
 		// simple element?
 		// every map value has, at least, "#seq" and, perhaps, "#text" and/or "#attr"
-		_, seqOK := val["#seq"] // have key
-		if v, ok := val["#text"]; ok && ((len(val) == 3 && haveAttrs) || (len(val) == 2 && !haveAttrs)) && seqOK {
+		_, seqOK := val[seqK] // have key
+		if v, ok := val[textK]; ok && ((len(val) == 3 && haveAttrs) || (len(val) == 2 && !haveAttrs)) && seqOK {
 			if stmp, ok := v.(string); ok && stmp != "" {
 				if xmlEscapeChars {
 					stmp = escapeChars(stmp)
@@ -669,10 +694,10 @@ func mapToXmlSeqIndent(doIndent bool, s *string, key string, value interface{},
 		// 'kv' will hold everything that needs to be written
 		kv := make([]keyval, 0)
 		for k, v := range val {
-			if k == "#attr" { // already processed
+			if k == attrK { // already processed
 				continue
 			}
-			if k == "#seq" { // ignore - just for sorting
+			if k == seqK { // ignore - just for sorting
 				continue
 			}
 			switch v.(type) {
@@ -845,16 +870,16 @@ func (e elemListSeq) Less(i, j int) bool {
 	var iseq, jseq int
 	var fiseq, fjseq float64
 	var ok bool
-	if iseq, ok = e[i].v.(map[string]interface{})["#seq"].(int); !ok {
-		if fiseq, ok = e[i].v.(map[string]interface{})["#seq"].(float64); ok {
+	if iseq, ok = e[i].v.(map[string]interface{})[seqK].(int); !ok {
+		if fiseq, ok = e[i].v.(map[string]interface{})[seqK].(float64); ok {
 			iseq = int(fiseq)
 		} else {
 			iseq = 9999999
 		}
 	}
 
-	if jseq, ok = e[j].v.(map[string]interface{})["#seq"].(int); !ok {
-		if fjseq, ok = e[j].v.(map[string]interface{})["#seq"].(float64); ok {
+	if jseq, ok = e[j].v.(map[string]interface{})[seqK].(int); !ok {
+		if fjseq, ok = e[j].v.(map[string]interface{})[seqK].(float64); ok {
 			jseq = int(fjseq)
 		} else {
 			jseq = 9999999
diff --git a/vendor/github.com/cloudflare/circl/ecc/goldilocks/twist.go b/vendor/github.com/cloudflare/circl/ecc/goldilocks/twist.go
index 8cd4e333b..83d7cdadd 100644
--- a/vendor/github.com/cloudflare/circl/ecc/goldilocks/twist.go
+++ b/vendor/github.com/cloudflare/circl/ecc/goldilocks/twist.go
@@ -9,7 +9,7 @@ import (
 	fp "github.com/cloudflare/circl/math/fp448"
 )
 
-// twistCurve is -x^2+y^2=1-39082x^2y^2 and is 4-isogeneous to Goldilocks.
+// twistCurve is -x^2+y^2=1-39082x^2y^2 and is 4-isogenous to Goldilocks.
 type twistCurve struct{}
 
 // Identity returns the identity point.
diff --git a/vendor/github.com/cloudflare/circl/internal/sha3/keccakf.go b/vendor/github.com/cloudflare/circl/internal/sha3/keccakf.go
index ab19d0ad1..1755fd1e6 100644
--- a/vendor/github.com/cloudflare/circl/internal/sha3/keccakf.go
+++ b/vendor/github.com/cloudflare/circl/internal/sha3/keccakf.go
@@ -6,13 +6,21 @@ package sha3
 
 // KeccakF1600 applies the Keccak permutation to a 1600b-wide
 // state represented as a slice of 25 uint64s.
+// If turbo is true, applies the 12-round variant instead of the
+// regular 24-round variant.
 // nolint:funlen
-func KeccakF1600(a *[25]uint64) {
+func KeccakF1600(a *[25]uint64, turbo bool) {
 	// Implementation translated from Keccak-inplace.c
 	// in the keccak reference code.
 	var t, bc0, bc1, bc2, bc3, bc4, d0, d1, d2, d3, d4 uint64
 
-	for i := 0; i < 24; i += 4 {
+	i := 0
+
+	if turbo {
+		i = 12
+	}
+
+	for ; i < 24; i += 4 {
 		// Combines the 5 steps in each round into 2 steps.
 		// Unrolls 4 rounds per loop and spreads some steps across rounds.
 
diff --git a/vendor/github.com/cloudflare/circl/internal/sha3/sha3.go b/vendor/github.com/cloudflare/circl/internal/sha3/sha3.go
index b35cd006b..a0df5aa6c 100644
--- a/vendor/github.com/cloudflare/circl/internal/sha3/sha3.go
+++ b/vendor/github.com/cloudflare/circl/internal/sha3/sha3.go
@@ -51,6 +51,7 @@ type State struct {
 	// Specific to SHA-3 and SHAKE.
 	outputLen int             // the default output size in bytes
 	state     spongeDirection // whether the sponge is absorbing or squeezing
+	turbo     bool            // Whether we're using 12 rounds instead of 24
 }
 
 // BlockSize returns the rate of sponge underlying this hash function.
@@ -86,11 +87,11 @@ func (d *State) permute() {
 		xorIn(d, d.buf())
 		d.bufe = 0
 		d.bufo = 0
-		KeccakF1600(&d.a)
+		KeccakF1600(&d.a, d.turbo)
 	case spongeSqueezing:
 		// If we're squeezing, we need to apply the permutation before
 		// copying more output.
-		KeccakF1600(&d.a)
+		KeccakF1600(&d.a, d.turbo)
 		d.bufe = d.rate
 		d.bufo = 0
 		copyOut(d, d.buf())
@@ -136,7 +137,7 @@ func (d *State) Write(p []byte) (written int, err error) {
 			// The fast path; absorb a full "rate" bytes of input and apply the permutation.
 			xorIn(d, p[:d.rate])
 			p = p[d.rate:]
-			KeccakF1600(&d.a)
+			KeccakF1600(&d.a, d.turbo)
 		} else {
 			// The slow path; buffer the input until we can fill the sponge, and then xor it in.
 			todo := d.rate - bufl
@@ -193,3 +194,7 @@ func (d *State) Sum(in []byte) []byte {
 	_, _ = dup.Read(hash)
 	return append(in, hash...)
 }
+
+func (d *State) IsAbsorbing() bool {
+	return d.state == spongeAbsorbing
+}
diff --git a/vendor/github.com/cloudflare/circl/internal/sha3/shake.go b/vendor/github.com/cloudflare/circl/internal/sha3/shake.go
index b92c5b7d7..77817f758 100644
--- a/vendor/github.com/cloudflare/circl/internal/sha3/shake.go
+++ b/vendor/github.com/cloudflare/circl/internal/sha3/shake.go
@@ -57,6 +57,17 @@ func NewShake128() State {
 	return State{rate: rate128, dsbyte: dsbyteShake}
 }
 
+// NewTurboShake128 creates a new TurboSHAKE128 variable-output-length ShakeHash.
+// Its generic security strength is 128 bits against all attacks if at
+// least 32 bytes of its output are used.
+// D is the domain separation byte and must be between 0x01 and 0x7f inclusive.
+func NewTurboShake128(D byte) State {
+	if D == 0 || D > 0x7f {
+		panic("turboshake: D out of range")
+	}
+	return State{rate: rate128, dsbyte: D, turbo: true}
+}
+
 // NewShake256 creates a new SHAKE256 variable-output-length ShakeHash.
 // Its generic security strength is 256 bits against all attacks if
 // at least 64 bytes of its output are used.
@@ -64,6 +75,17 @@ func NewShake256() State {
 	return State{rate: rate256, dsbyte: dsbyteShake}
 }
 
+// NewTurboShake256 creates a new TurboSHAKE256 variable-output-length ShakeHash.
+// Its generic security strength is 256 bits against all attacks if
+// at least 64 bytes of its output are used.
+// D is the domain separation byte and must be between 0x01 and 0x7f inclusive.
+func NewTurboShake256(D byte) State {
+	if D == 0 || D > 0x7f {
+		panic("turboshake: D out of range")
+	}
+	return State{rate: rate256, dsbyte: D, turbo: true}
+}
+
 // ShakeSum128 writes an arbitrary-length digest of data into hash.
 func ShakeSum128(hash, data []byte) {
 	h := NewShake128()
@@ -77,3 +99,21 @@ func ShakeSum256(hash, data []byte) {
 	_, _ = h.Write(data)
 	_, _ = h.Read(hash)
 }
+
+// TurboShakeSum128 writes an arbitrary-length digest of data into hash.
+func TurboShakeSum128(hash, data []byte, D byte) {
+	h := NewTurboShake128(D)
+	_, _ = h.Write(data)
+	_, _ = h.Read(hash)
+}
+
+// TurboShakeSum256 writes an arbitrary-length digest of data into hash.
+func TurboShakeSum256(hash, data []byte, D byte) {
+	h := NewTurboShake256(D)
+	_, _ = h.Write(data)
+	_, _ = h.Read(hash)
+}
+
+func (d *State) SwitchDS(D byte) {
+	d.dsbyte = D
+}
diff --git a/vendor/github.com/cloudflare/circl/math/primes.go b/vendor/github.com/cloudflare/circl/math/primes.go
new file mode 100644
index 000000000..158fd83a7
--- /dev/null
+++ b/vendor/github.com/cloudflare/circl/math/primes.go
@@ -0,0 +1,34 @@
+package math
+
+import (
+	"crypto/rand"
+	"io"
+	"math/big"
+)
+
+// IsSafePrime reports whether p is (probably) a safe prime.
+// The prime p=2*q+1 is safe prime if both p and q are primes.
+// Note that ProbablyPrime is not suitable for judging primes
+// that an adversary may have crafted to fool the test.
+func IsSafePrime(p *big.Int) bool {
+	pdiv2 := new(big.Int).Rsh(p, 1)
+	return p.ProbablyPrime(20) && pdiv2.ProbablyPrime(20)
+}
+
+// SafePrime returns a number of the given bit length that is a safe prime with high probability.
+// The number returned p=2*q+1 is a safe prime if both p and q are primes.
+// SafePrime will return error for any error returned by rand.Read or if bits < 2.
+func SafePrime(random io.Reader, bits int) (*big.Int, error) {
+	one := big.NewInt(1)
+	p := new(big.Int)
+	for {
+		q, err := rand.Prime(random, bits-1)
+		if err != nil {
+			return nil, err
+		}
+		p.Lsh(q, 1).Add(p, one)
+		if p.ProbablyPrime(20) {
+			return p, nil
+		}
+	}
+}
diff --git a/vendor/github.com/cloudflare/circl/sign/ed25519/ed25519.go b/vendor/github.com/cloudflare/circl/sign/ed25519/ed25519.go
index 08ca65d79..2c73c26fb 100644
--- a/vendor/github.com/cloudflare/circl/sign/ed25519/ed25519.go
+++ b/vendor/github.com/cloudflare/circl/sign/ed25519/ed25519.go
@@ -1,7 +1,7 @@
 // Package ed25519 implements Ed25519 signature scheme as described in RFC-8032.
 //
 // This package provides optimized implementations of the three signature
-// variants and maintaining closer compatiblilty with crypto/ed25519.
+// variants and maintaining closer compatibility with crypto/ed25519.
 //
 //	| Scheme Name | Sign Function     | Verification  | Context           |
 //	|-------------|-------------------|---------------|-------------------|
diff --git a/vendor/github.com/coreos/go-oidc/v3/oidc/jwks.go b/vendor/github.com/coreos/go-oidc/v3/oidc/jwks.go
index 539933b3d..b1e3f7e3f 100644
--- a/vendor/github.com/coreos/go-oidc/v3/oidc/jwks.go
+++ b/vendor/github.com/coreos/go-oidc/v3/oidc/jwks.go
@@ -8,7 +8,7 @@ import (
 	"crypto/rsa"
 	"errors"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"sync"
 	"time"
@@ -159,7 +159,7 @@ func (r *RemoteKeySet) verify(ctx context.Context, jws *jose.JSONWebSignature) (
 	// https://openid.net/specs/openid-connect-core-1_0.html#RotateSigKeys
 	keys, err := r.keysFromRemote(ctx)
 	if err != nil {
-		return nil, fmt.Errorf("fetching keys %v", err)
+		return nil, fmt.Errorf("fetching keys %w", err)
 	}
 
 	for _, key := range keys {
@@ -228,11 +228,11 @@ func (r *RemoteKeySet) updateKeys() ([]jose.JSONWebKey, error) {
 
 	resp, err := doRequest(r.ctx, req)
 	if err != nil {
-		return nil, fmt.Errorf("oidc: get keys failed %v", err)
+		return nil, fmt.Errorf("oidc: get keys failed %w", err)
 	}
 	defer resp.Body.Close()
 
-	body, err := ioutil.ReadAll(resp.Body)
+	body, err := io.ReadAll(resp.Body)
 	if err != nil {
 		return nil, fmt.Errorf("unable to read response body: %v", err)
 	}
diff --git a/vendor/github.com/coreos/go-oidc/v3/oidc/oidc.go b/vendor/github.com/coreos/go-oidc/v3/oidc/oidc.go
index b159d1ccd..6e2b0e567 100644
--- a/vendor/github.com/coreos/go-oidc/v3/oidc/oidc.go
+++ b/vendor/github.com/coreos/go-oidc/v3/oidc/oidc.go
@@ -10,7 +10,7 @@ import (
 	"errors"
 	"fmt"
 	"hash"
-	"io/ioutil"
+	"io"
 	"mime"
 	"net/http"
 	"strings"
@@ -211,7 +211,7 @@ func NewProvider(ctx context.Context, issuer string) (*Provider, error) {
 	}
 	defer resp.Body.Close()
 
-	body, err := ioutil.ReadAll(resp.Body)
+	body, err := io.ReadAll(resp.Body)
 	if err != nil {
 		return nil, fmt.Errorf("unable to read response body: %v", err)
 	}
@@ -332,7 +332,7 @@ func (p *Provider) UserInfo(ctx context.Context, tokenSource oauth2.TokenSource)
 		return nil, err
 	}
 	defer resp.Body.Close()
-	body, err := ioutil.ReadAll(resp.Body)
+	body, err := io.ReadAll(resp.Body)
 	if err != nil {
 		return nil, err
 	}
diff --git a/vendor/github.com/coreos/go-oidc/v3/oidc/verify.go b/vendor/github.com/coreos/go-oidc/v3/oidc/verify.go
index 3e5ffbc76..0bca49a89 100644
--- a/vendor/github.com/coreos/go-oidc/v3/oidc/verify.go
+++ b/vendor/github.com/coreos/go-oidc/v3/oidc/verify.go
@@ -7,7 +7,7 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"strings"
 	"time"
@@ -182,7 +182,7 @@ func resolveDistributedClaim(ctx context.Context, verifier *IDTokenVerifier, src
 	}
 	defer resp.Body.Close()
 
-	body, err := ioutil.ReadAll(resp.Body)
+	body, err := io.ReadAll(resp.Body)
 	if err != nil {
 		return nil, fmt.Errorf("unable to read response body: %v", err)
 	}
diff --git a/vendor/github.com/decred/dcrd/dcrec/secp256k1/v4/LICENSE b/vendor/github.com/decred/dcrd/dcrec/secp256k1/v4/LICENSE
new file mode 100644
index 000000000..d2d1dd933
--- /dev/null
+++ b/vendor/github.com/decred/dcrd/dcrec/secp256k1/v4/LICENSE
@@ -0,0 +1,17 @@
+ISC License
+
+Copyright (c) 2013-2017 The btcsuite developers
+Copyright (c) 2015-2020 The Decred developers
+Copyright (c) 2017 The Lightning Network Developers
+
+Permission to use, copy, modify, and distribute this software for any
+purpose with or without fee is hereby granted, provided that the above
+copyright notice and this permission notice appear in all copies.
+
+THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
diff --git a/vendor/github.com/decred/dcrd/dcrec/secp256k1/v4/README.md b/vendor/github.com/decred/dcrd/dcrec/secp256k1/v4/README.md
new file mode 100644
index 000000000..b84bcdb77
--- /dev/null
+++ b/vendor/github.com/decred/dcrd/dcrec/secp256k1/v4/README.md
@@ -0,0 +1,72 @@
+secp256k1
+=========
+
+[![Build Status](https://github.com/decred/dcrd/workflows/Build%20and%20Test/badge.svg)](https://github.com/decred/dcrd/actions)
+[![ISC License](https://img.shields.io/badge/license-ISC-blue.svg)](http://copyfree.org)
+[![Doc](https://img.shields.io/badge/doc-reference-blue.svg)](https://pkg.go.dev/github.com/decred/dcrd/dcrec/secp256k1/v4)
+
+Package secp256k1 implements optimized secp256k1 elliptic curve operations.
+
+This package provides an optimized pure Go implementation of elliptic curve
+cryptography operations over the secp256k1 curve as well as data structures and
+functions for working with public and private secp256k1 keys.  See
+https://www.secg.org/sec2-v2.pdf for details on the standard.
+
+In addition, sub packages are provided to produce, verify, parse, and serialize
+ECDSA signatures and EC-Schnorr-DCRv0 (a custom Schnorr-based signature scheme
+specific to Decred) signatures.  See the README.md files in the relevant sub
+packages for more details about those aspects.
+
+An overview of the features provided by this package are as follows:
+
+- Private key generation, serialization, and parsing
+- Public key generation, serialization and parsing per ANSI X9.62-1998
+  - Parses uncompressed, compressed, and hybrid public keys
+  - Serializes uncompressed and compressed public keys
+- Specialized types for performing optimized and constant time field operations
+  - `FieldVal` type for working modulo the secp256k1 field prime
+  - `ModNScalar` type for working modulo the secp256k1 group order
+- Elliptic curve operations in Jacobian projective coordinates
+  - Point addition
+  - Point doubling
+  - Scalar multiplication with an arbitrary point
+  - Scalar multiplication with the base point (group generator)
+- Point decompression from a given x coordinate
+- Nonce generation via RFC6979 with support for extra data and version
+  information that can be used to prevent nonce reuse between signing algorithms
+
+It also provides an implementation of the Go standard library `crypto/elliptic`
+`Curve` interface via the `S256` function so that it may be used with other
+packages in the standard library such as `crypto/tls`, `crypto/x509`, and
+`crypto/ecdsa`.  However, in the case of ECDSA, it is highly recommended to use
+the `ecdsa` sub package of this package instead since it is optimized
+specifically for secp256k1 and is significantly faster as a result.
+
+Although this package was primarily written for dcrd, it has intentionally been
+designed so it can be used as a standalone package for any projects needing to
+use optimized secp256k1 elliptic curve cryptography.
+
+Finally, a comprehensive suite of tests is provided to provide a high level of
+quality assurance.
+
+## secp256k1 use in Decred
+
+At the time of this writing, the primary public key cryptography in widespread
+use on the Decred network used to secure coins is based on elliptic curves
+defined by the secp256k1 domain parameters.
+
+## Installation and Updating
+
+This package is part of the `github.com/decred/dcrd/dcrec/secp256k1/v4` module.
+Use the standard go tooling for working with modules to incorporate it.
+
+## Examples
+
+* [Encryption](https://pkg.go.dev/github.com/decred/dcrd/dcrec/secp256k1/v4#example-package-EncryptDecryptMessage)
+  Demonstrates encrypting and decrypting a message using a shared key derived
+  through ECDHE.
+
+## License
+
+Package secp256k1 is licensed under the [copyfree](http://copyfree.org) ISC
+License.
diff --git a/vendor/github.com/decred/dcrd/dcrec/secp256k1/v4/compressedbytepoints.go b/vendor/github.com/decred/dcrd/dcrec/secp256k1/v4/compressedbytepoints.go
new file mode 100644
index 000000000..bb0b41fda
--- /dev/null
+++ b/vendor/github.com/decred/dcrd/dcrec/secp256k1/v4/compressedbytepoints.go
@@ -0,0 +1,18 @@
+// Copyright (c) 2015 The btcsuite developers
+// Copyright (c) 2015-2022 The Decred developers
+// Use of this source code is governed by an ISC
+// license that can be found in the LICENSE file.
+
+package secp256k1
+
+// Auto-generated file (see genprecomps.go)
+// DO NOT EDIT
+
+var compressedBytePoints = "eJyk2wNCIAgAAMBs27Zt27a52bZt27Zt27Ztu+4RN/8YgP8pmqLC650yqn+RN9o5WamIzkLa9Agq2bEoRaoJ/oRJplKgCMS4iEExiT3u5gnfu//K8yz4XhSnQzTXYdtp6i45sAprIIyKo/AhtXelFMQPtnAcGf58V/JbVveLAN8Vcf0Q+bnIk0kWveCiUp9zy1Ko9e0uaYkPT0UfsCTgaZhyQTuNksSeqX9vTrQ5GH/G8fWiUIiM8Zvl31woXxiquMqOQMJCoQiZ/iXuDOqY7tTyHlv85rmSanWdJIe0JD1VkaEwqclvlvbtOy07cCk4KT/jXWxBk6kb7TMLkeWtCZli02fkxlspmDtHfMonSi0ScKI+ypNPlZVHgO1W4GkR4AkSbYSxX5oGlIctKHhCjRY9eR0GsIluyh4QFg9t4FU0TdkfLf4BSXR4MMmKV/aDCqtzxLvXaFGs0GVb7zLqgb0kn7nDXfGhpaDHAVIodPh3ummk9NZItmfr8juoNyszjGfELYp+OX5UK0lt7hcNU4NjciFV5Wd7rF4mtLxEEuUAmyUdQwDHGfahHiT9dk4+r7K6EPYYBbBaAQeWYegqF0z5jh/FwuFiOMV3oh7nteiCQCzGOJqamLDUBuox6qN4ZOLY4x+vIdtftTZM3+hI/xBsP5Zv0Yo1QQ8jcIP70VItBoA5MhNnb/AxAJzAPDvNTmrNgIqr66MA4MupfWmXLUa0gZu6/vA5lc2V6cKJC0xIayi9bT8kBWbiIVj/9oh5qCV/g53tVrxQ6XfhqsPWYFps2OYNc4vTaFEdPWT7BVQ8mWoNfwWqBHRV5KIyHgt1Mavq2Z7ogUtQRuRyipzfdg8hKVRf1r94lYx6hjntvVTgLiRvOtETLWBq/baEcWugzzIzxpLreLZWuSpPIj+yd7xLqrhNUu6uWQIESsLW8mIPQPS9tpxRI70BAQEYTY+gGvz8N5xgw3s1lCLjdaQA5ncTo18lEO1pjX0HkiKXSwBpVohq/1PSTUKwMXmdemLJmH0VfWx+xu+rIySuZYabbIJZRmoP7hx4qrjNR7ZLln4Fa96EAuW9C2RGaEjJXQ9XFGPJDi3O6PpdBHFKaPg0HXSqNaSf5HVB/npt+uEgjJWHh/bMHlB+Cq37JsrxklflGImfRY0WYdtecfotfzSaGGJXYGPdY6+Uk5OmyIgHXhgmAvG8kLXWetUZMxo5SuRCpdfdoNQ68uHArCZBkTJ2PTWfBs9MFazROg8x1CQdlvnwm3GSYWGuoJ6WsgBgGHZAxDltrlZDiYEpBMu2yV+sJ/M4cX1Vid9DJbwSWuMXdX22YqljiMvUf8gp5OUDO8mz8uD4izxRrDBa0k3sEsOdiPjVk/tGcJ9d47fkgYdy3jBfKSNrrG1Bvdn37xeqdSxFcEYdoggg3n8iy8Wo4FsHQJwB3QnexMLFrXO/4o5JCTJYUZFGBlT9yeU5rCdnGvJZeE68PVJVTlVxezDz3hnIMuy+EiH0QoasAI2GGlHvlsfDLcad8O7RfbwYd6nlG5phUmqOOQ6xgKFG309xCsbKvDumzmZ8WpVWGCvxYKExEGktwqkKfedH9PbOqcLSpzIDmoCD+/IQv2ZSKB3WzF+bZzAoxImoNSJPDDeCNkpeTbu58L3n8UQ6S3SHPhRoT9QneplWmOAhQoLTGNmzIqMZUflkPDNZJ1PUr7qnLP3OiPWWKfVm9HIXv7X2zdP0oFP5yC5cGCKG83zVSeBqd14przJKjmTOJTEFIJcZZt6LLnSPjxZkSMge3GLpx7KkCao7yMOxdxm7gKn4l5w4vrz1D/MuTgXvedy45y4n3YzmeUNNV12X5hUuCnC/RbBIfxXrE1JJffx1VpHc2Z88roux91yJK3zm9FHPcxWFL2eElsDqvYgoYlrrxIDCF8w0L9xVCJ/K1wBYV6z0Il1liZFnrh7oC7QnCoi/AZVC5wzuseezcZmsO1PXijTQ0Bz2N8iU9xr6H+hAMrmj5/kfZNGZwfRbQEYgFxnYiZ/RcnKxv6L/Ug2cGHP9l0pkpT1bcb6HfTZLVoy+UXd2qckfNk5rcKMh1Rl49vNssVRf7Hd8AfivO3ESlJUSz4MFkdDmiOzmO3GCXh864/drgFmZq6f1XiZsaz4r6NbjOTOQdQJf21TOmp1+bfXxGWCL5M810GZBhc6YLVGxcWFHwEhf/d8HuDXUa+i2WUcclqdokltn6q1nu2eLoI3aiyuYvyr08xBNo8h6o3/yX9fAyxP9Mmwwudd0GpruWyd+6Th6G7vUmuZ4LHgO1XTEVeMhK5PHoDx4J0JDDEVGv2kJdA/3hHRZXcjF/n6qveOFmgDS/K9c7qgLFfacIAS+VHxEk+Xm3UKLvhMgQXSU+GVKjei1uFONV4Ye67v33x7hbEEbT78HMWliBfVkEqbEOLiGV/81jLALoxKPMEAZaKMp2vBrwAHmcYqvhnZC1UE6Cr/JZW6k+69Bgxp+sGI3BfNvp5h/8spmJqg4myTAcqzYaW8Ami61S7cR5I5iErsXlk1oVtuqnyJi7rpaa89xob7p9udfTmT/ikUfL49GLZpxgYnjt7W/so79IqGHzZIGIIARcU7ktlYCMyhTUsBzf3Bt1fI3TPdf9q89J0+v8+lSdcIjcojNA6OKoSVmZl1IDJQ1FFUSB5nuRRnBQad6DQS/gHAZxefrebtPJA3qGzu4EsFsPJXaPKGq5gQaz1ERF1dpdRQmIeMWxLcyKaPK31zIUjilx0vGc0CupUPlgfzlAnni2l49rX6nxM8NF71OfhDKFLBIggWSfbBKORmOU1ZvFZIkfWIpDwOKy78HNLKSp/FNA7paMy9pcCxu0OvI9kcWld/GnM57qRnliEKgPUeQ9/Prs6koi6i8QAOov/xlN1Me38NfUgZIe5LJqw2p4hvWm0D7YuqCoZdYCnRVvwVDT/xcUc++4D7NeXYhKC1Ffqm8Jy7NWQE3v6koJY2q+T3yGH7+2c4V5HLboKAmLx7LSvsCRDjEhoUARsfKpiOSAxmJAf2Evbi5Z/+Ep1UFmFxGIrCPagCv/jUfTrQ+tB3CCp7L8Av2vR9x+42mKoeCso2te6hJ8+VZ3cq9beFbpyZUb/fOOwBjlS3NpWlKwU97IdO8Ey8Cr3w0TE9YOTY8Mu3LpY7j7PPBQtP/lrd9WaPQ7dJuSMp+mS/k8i4fIuuDBwMIzVouGhrn9t+nvTuXacu4D60+FYx+4+E27N0Q+QQY3rrMISc3dovqzKig1eMkIDQ8d5/Fwo7WflX2uHsYn16sKtRiQyMIagTwBBeTPEsm5U2YYkfBomnnO2pW3R9IdO2QghSgaQX50RveltU68Mck0D08wkYGWLA9TrrPfi7gzxJAyiup8DZsUrLsipVuEL47gpqdNtsaG7GV3ShLcCPfEKQEKzGRVs98mluYbdgEUagANpVz9XOstElchJ43RRkpMsmXYeoSzZatjSTDwGm6vHVgHrUrCk6dzTrrH2QZehW2xpjcc+JA4qp5zvuGSYgvC32BceJXaHvQMhwHs/5DXsxeioT3l4awYPOiJOVDihOyPZYb2iAWOUREfP3Seb2+3qyytoILxhIPf+0OYjWCTg8rb3mV3iAVpk5+PpwxDdwXI5GJ4Rz5BbmrY1ze7wcbSJvhEzIWONaUROb4ZEvIHHbMVBqyw0ITDtsv1S6dzgmZxZgRcrWSks18w49DFkEqrysIGd5HJcM5jpNWJvXax5ki9ggd6DDzzLWI6zBqgFht/NoOMiNfj8rkz61v0a8ynunoGYT2YB75l8dz80Vz+NvTEpN38PUdnv8dw12YmVQDvlXDXrrc7kdH5tigy4yLb/X8OIGY98t4PchBPxvtl/lZ7tCzOqU1fIFs5XqG0Xd5PpslyRkcpY0e81mcmxLPPE1dXm/j3t5BQpLKlKku137Y/Ln8HmU36BlrBS0Pr3Q36f5B+S8A48pP/Tb7BNB51Y8UI7Ub1vs6CueReJtn/crGW78BnfUiaJClNdGhaHdyveuLOsMjuUxQs8AUNi/miOuH1LE4s+v0UG8A4sXVdldX+FRkRgmcg5vk6xKFlGvIC1YIybgNrUgwUdE2P8iesBha81++nZ7KnL3l8E0ngcicmo3KpRbm+Wutc1c0NQhEnnjo0uiZ4xuVEFomiMtwkdD7ZlpBf/c5Awbf7wwUb4CxF+ha/zpWs/kLZIPRTaA2PHSQlGH+jSjRovkiI/Tn9Ba2mPNsW8v94k7CcHcrg6FtxVHjhd7Y6zPjOvYqeSstSHVAB9b7mLV4Q+TU1HM/g4eCcgHxQ+XIjelvMEVb4Bgp6VnQojLgPDC90zpna3WQMjvfaSoARO3vM1QioFr04Z+lg/UUre7tL3t6QYh3hPDuVC0p+y8DsZVAXs40fPjGFEUl2S4UuO5Q7+opHhQ1whzh6HySiEdJDcc/TMuk1oOVBLhEvgpzCJIngjYZ0Q8R/a5nBTNZdiEJwBlx7zjyI/BK36wsYgUW/NxePqrXlxQzmeY+o9uBGDJ4Au+WQePJ4SI/N43qkCHvnbHcCx0VTpsF/KP+ShrvwUvPlYho36mo/LA7HoywPU5iePgWgXCmA7QS9B+D+CwarAEkUtsJveNSkl5/aBqTQ7kWqA7ZP4DSR5WRPSsBSVrIH2EK1pPpQsgBCXs3o9KJROeFtFDeEEL/Yigqd5VvaQhL407jWgpFgNFlmaKcq2PTXWlpgyUwmPyUNmVHmza8saL+x7X4wxx5nBsM2UTqfafXxuR87Jv8+i1zpuNu4juOCM+QdGW9M7K7WnjUhtxq8I4p4xWzjT+/TGdcDfLZk4I45tl78NBJtR/H8mKcCaZ18eEcXf+J/nYUup7oMZu5+ed8KR48m7omvLKoDLOdVTkM+/6U5FcHDPGddnvoo6Fx9WCGkGYUPVE0y+qbFHOhIGEKpXSaJE/I2qLSYdKfIeJl0RzyqiGSVAiPE+3NWaBAGP39rkU6qmT0JixxcnRlbDrJx9ilvQNtiEZosu+M1K/8BXdvn9h3mIkrkPpKCEAPokV6J3ow1edX/3jttNgVdrLAdg9G7XkWZ1DrHb5smS2vgC5Tl4ez6YPKwROTT2y81Fo8ckE9gzWDkdLGFGM7ZTgvavoDCouXzQpgwx1wGEhYYegGbe89daiHrMIdyM1/BTu8xewC6uvpxt0NlJtgSwhZTh4/DPJKB5CD5wGrRFU9QdZpvRrh2zKhTrICkjaO60UKkjjw5S74vEMr9kYOcO9Xsugd8NXr3lToFFQPUda6LnnApS5MmCRth3sg+1/r96dEKGj6rAA+nDoQzJkZ4lnG7GWoZHyfdA+gV2Up7lpx74NOvChoWRCFwa1Ti4FfQfOCZUeiJwrdSekkNUgzkDcGXNciiAGpJaihg5PMtWVc+JL44g6fcH3wn/0hjiK0+XgkS4YXGusXaWowk1S5Mb88s1ZVfIHrVGrhKjIwXqrbjGlRsofTTW3L/1YMAfduSgZsTfE7x1pqDKJS5/QAL6/R8wkDP6znlJTOjJ3Q7mKRJSb7NxO5lqAum565vFUAEjG/F6ag+JXcliFEAtjB50aaVJq9Xdmr/41U1W3ohT37SFS+tO2QhxwCxYKLfZRZ5DTejhYjGjv9nJ+MPVs+reOkdiDN9B/umM3Dra5BYIR3e3Ma+sh7s7A3Vx8bChA637iqIcQHBRB/KC2jhIOJ6TloMJKwq7kb0E9XF9mJKmCg3hmo5d4RJzHqbNcjzYx7Yk5pW9u2bnVVTfNizvlXChMV4Jf5oYhhhryI6ltlUEoy0dcnVrxqGCr3oxeTTUf5UBKirSe1/gYybkHmnwPlavGS7xGvudqLruLswtEhy+WLGktsyMnJ8W9COKhKX+yT/JsbS4agPalAWAgq0Go9WOP3RF1RuzHL1/Twfhb1NYiWnyHTV97NVRg59dnhMnGmBgXkg61GiZUapX50LNQZxzNuqugyEHjxA5KJfat5xMGdWLkGemJFwfcuskXJeWXikIhyV4hgdXzZRgUxRslgMfjuxQLvmkV0Mo5xvsDp3TMwkg1PqkGEkXlV7AWFN3s01uhJ6yDjC2Uk+o6z0pfnoqwyJnVgeA3WjXxaVtR7egPbF8hfxxAfwKF0smjTHmboF0kgivS8DFJLv75/Ucq8fbYoMgadUoqnmcGJcHbqo0es+Dhi9Xl7vCUVADTnhnuyVi1432m6bM6IF6ay6xJCRKjLVmAyEooegmNImVU5uh5FGxvOAAyQ706a+NJGgUoH7knQYOL8ZyXPTJSWiqNEpr26wUb1hbclv6Q2iY+PTf2KneMpMOoIfJjCN562NYCeMp+soVRGxbyic3Kw5CfLkEZdmVFpFlp/gH3QYYfvp+catQcIPNavc4lWGp4i1Acl01RNbxphG4D/KBQ3D1souHPwVFKgaiC/gateFzhTrPRF19IEVRm4h1rGFjVw/0h0O8psDwOIUQVE6yWSmoOaMX56IjcaA3jEE/TStAQxNE3H5qejiTpfdUTzQdTRY2T0u2OiDdBC+f2dMXvjCGFtQItlBJQTQB+5X1HSQO3L/UBu2N2IH1WfCIaagjNUmrY+DpLuPswrx3pnRiwB+IZ/JH4x1YV5Frju6HvMEaEbV1VMA5+tyOcIbe18oGEX+GHKGb55evhOtLwWOEnIgwWtNtEu2k6sjlmeiYYIZe94CyD85JcA8jNtrGoOwPIzuOXQDjq2FyAZB4Y5oHWAFNbhuA7DjS3b/0r9FnVkB4st7jizbrNtR1TYyoGS7+lR4A7b7ya/FmVLMgKfAbohRbBjWWpfltG3mUVMQRTTI/F+Gsw0zwd0Y+OeqznaCusBQw2Lc8QWFJAylqaDK8ZRwDapfYycfqT1j2SxjIEL8FScDvLoaovVia3yBwMh2po02KhuyvIc1A3KVHZPpgD8RYU4+EhZCPky3ziajZKg3rOGHuBzw1A6g9gXNpN0pbWWS/gEyhMSGxg4AofPhtBYp1z5l/jmMREAJ0qnNpj3vXsXXaAKjNDjJel7acD0GUPaHRhsKq28WwZ/UuD+ILPjHDtblSZDMWR2a+tNY6kQm47emyolszCZo2fsc25fjpIzGXs0cetux4Dqzv03nH6XMdZwhuPqcrOixrdEEkqRPadaaRgfJymbY1HncC6myfR3zrPkEA3PLdw1x3ljW9+iZ1sPUeatW0c/nNggFNkllR4SxeOrOqgg18rwG8dPbaeun3WPVrvoIgd7oO/fUQJKSujMTWHZa8opUxebo6CahujaYmcGMC9h1ndg7r3k11sdoudFbd/0Ywwispr0E8h8XOUD2mVPlPesHFkAvglILLJ4WXRjSSnNcOdhwVilZTFgIlnDdimNm0JVz8Iz3WoP0LCp0+1sIDtpcuFVFUX6xd94DWvwsU0GstZp/Bd6TxbxfLluEDEZiy3YUJOsXSGBH8bcTJ1aZyu1woCqm4f4ogQG/otHbC0UKoYwwxNemdnuEdPF9Z0JMYKKo08Z53vle3XWrbODlTX+i9FAN5t6qe5RRgWuI6I68LMMB2ZBWGCwu8i2DinS1I9L4KgG0j0u7nA0vqcuJS/WCcLKXrgG20fgdRQWgYrhA0KHO5dqfeyNvSeU4h0pU754wmk58W07CK8z5cg/zzXGMuD8W+4PJtt+49U180vl5GWVWaUQZJ+MOOITDDV9UuA4tJ83c9vlnUzNeroPXVrPkt7kOA57ZNe2AkyfX4AR+q8paq/U8PwhABf1pXN79ERqG289WZdsb9waoaMeiyNYpvlwdD6gjoUZgOO3DdHKlYHSCeG87Wg9f0EMUkCS85KP9YETYylYArRn2Cy4CusH20VtLfLkP88l3VxQXV/PkPu0iwC3bFscgTVpUONTRqRoMCM2yI7MuLC9YPQTZsbFI4lMkpYCPKXaCra5lirPqucwJs1GqoCydQc+/2JuzNW3ZtuRYudz6zh1i3d9+alM6DMbSG08ao8AZwLW/KHbKBv5egSSHqsYB45H+aWJ96wANB3XanS5FvmKYQmO/mpndEk/N7geQJ6Eagc102vAM4FeOJRnmSoS58qGiPhsU5iDV4DwWJhZvFGSIslchcwjhuwOkvFRqlUfM8aQo3LWSXaXOS8oyPS86HHDIQtfeRAENPZ3OwnjkLG65FuhlIkOaCG4R3oThoPTsfTknjxf5z1JBhRBRCum8JRTWqHEYyOMHsnjicS/DH9zRCkEHdzRfkLOZoitOdpZsNaAYEprChcMLrLDZooVOj0vBgN2kEU4o569PY1x02SsaBWTffTVZvVnOc1j90s6YN5C754ZTMM04+J2B9V7j3BfM9YxQ+SSEcSO/QheRAjs1Fha1KUPNXg8lFuUJlOIQnWxvrupG1DPukFu0EYJLCUAhnBAL5/tXKdLHTKyRbm1BaDJSdDLcPSOngECoQH0C7UAOju6rz02WfgME7XNGRhmVdPLjfkdKle8Iw0cVwA7Zp2b5Qo4N99oOs61z6Y4GQy08B6xmWmlNccFSceTbSsTO+d6OfrK7pp/iqX4DE/RSSLhU/tvBcNlrUJXrr4tRK2L6hB8qn/JXI/jBPaO3TNKmVx4g4M4u27svPZfb/XozPSwBbi3qgsU3Q5+E1eZ3rKKolbViC+/LrGjZy1mm+Kvt7Ht9bd90kJ95+HJB2DhKY8jpzvUmXaCE8I6tnBvvao24ClQhwtFoKfsdVT1p80/vVBVyUNAb1sRPpTjjgvUr10ktSB1o0Kn7324E32nKDNkULKlBTRdNNAaAYDnQP/Eo7qukPuOjyR8oRJ2HU3f8ZvHTFXy9FYM+gxZj+wSDYkEch2ckTifXLHwDQaNSrIsGYKzaeJ2jAWsDHy1nStpusbz/O2FH46bUG94YJTVc9Wi7NkKNwt/PbmUJEds2/mP6wp3Z3sMRodI9NG7LZElsya61htUDAq8ucyuzD18z7n0wyJqKxSHJPOpvR9eAoSGrZJrhs9X0LKDrW/AuHAZ/cXQ1no/qjPeoZSJR33jTb8+4dUW8VX2Q7kBpO9ZrTTiYg3LXBPmKOGG6ODoKIeJ70obE3SBEB4AXJLHZ/4pmCvCAgABV+JB5v8dgAz+tjn/HSzi6oBGOCxqYVz7lg2JDM8d2LOQO7Z43ITYVfauEvbDjLM60S8t51edi33fD7bXGFKV/NmYy8yQTzsRnqx4vDblg4KV+/jxFSUE0x0M3RkOTy2FaedY7h1TIL/vViyJ2NO6eI92dcWLq3HQGio2RPh0MkEXRb2xtN7WkqE/MmGSlceDK5OEn5SnD11iI5y/VYbJfJj0jAIR6d4E5/oDAKKwJeufLHmIZZSKLSZ2VfCeHAEC5sktoU2na+vC1aAePQ9NeoQRegyDxHc60XsoW6iFXMkPu0FZ9Qfv3ZdKFHYHXn0G5pmYERvVgbctB4r7GJ6o4+eJxZDm+GkiC4Jw8wbZ5htmKiMAfhnWwGd9v/ihBblCIVp1nuFcnVQjJB915PyxvUE9wZC15lFUxk0Epa7YjhGUtVtjBdPIC4x3nIZJ8icVEUAAgwa7gBJ7alchWR04DXnJCyTVfaJWBNJz6q5oHv7qUMHd9VyfMdj6NTum63Nir/p7n3uLoJ0PwPwYbS83a1KNzAvyhdV9ypHLxGeDbP9LpOnmtUkC/TWOtdFKaZRR2dypMKeGE+0GZg/e5tjPvt6bhQeLl6KdYNIKCmMLx0rUp//YkkiGpJJtEPPNcLX6u7G2JYRRQPSzba9Xp+0S87BFdtHqHCvdxvkTvbOpg9xh5xQ4kBgwoXBCPlGlWplP0H+UQwB5D8lKIciWtdmVZLszP447LqeIrCKf/IoCUZei9vdI+bTHi1PthbG7xIDKO6+YJryCS0xA/4chsPnxVBRwjIJINQ9nuO41273xGQKmDdFEBs6vAVobitbvn1ZH23uZMESZX96o9XDuamK6Kf/KgpQfcj6tBtSX5QEV1CZkrzojQUO/+PHA6gUv2ZjqMOxyDZevUuOjUTo1gtGsY+w+kJvIUYSNg9w6lCqVcKA6tA1fNhvXf438haETgbYt4y07KqSsVXc8tKr3VTMQPJ1JLGuoa48AQJhRdy+BvR3rOvBSV++ZTsCkgDwb80VpzJAOSbqkCj5hu7EHLmfbvkbHZ4VSVluMY+LHxGZyowi3vqaabEBNDdXD3cGPO1m6mbdm0vxmwQhCgyHCcT1FaL//4wxyROIcOKe3YCpknT2YjYtcaX68pc+RC/MyEkAJoBr7uGkVxGJ3ZDGgecqQ2cjIqnH1ZUV0U5cEVx2L5jaTxw04k5xI0Ber8m+rJ7saZuPN+ygx6lHrMJenixAQmg/7N2VQuqmpHDxAMve+Anxp9hosyVm768h0LjWSUpdT29yGfMyfHKKWFjn4beQvUPYntPtGNp8G1nIJbzL8Fdp01C9GrnZjWCJZvK1sZB70onSsrWY585T8zSSyn6N6betbDnr88jIz0ssSwQ1UDROSfzqf1sV8+aKNFiMHkupDbFGZ7FZ1ndTgCHNaFIlU6Dwy8ZJO6J+QFNE5U+KfJfWA944DwusC/BEpsdDWiiFk0ECYn6t54z/BVFEeSrRsq4TAXYTfnXV6yA5URbVIzbIVyIAzZELWFWSTd57L3290vRBSCJSjkji0hpFHM3sCNZPpIrN6oK3YFycolTa4TCJrc801u+kuTZTVKS2Y/XmXvECwCMWnWsDhJwOahZi5cmlV5EcIpGq92gtZk+w8cmFm2I8RGs16IO63GvzA/RBiucWo5n9aBlcnZ2uKaIzEcrD7fMFvxQ00PGRkOCxASoZZxphcSWPfHFBgS9TEb2lNWwmxq6UQoIztgE30WGcJdoN04rJLKowps50xNxzhXkne/rIf7U5NAyy7ZSME/CH3/RvchIFNPQKqv0cxEPB8lDpN/NO1p0cjjqvqEa7xaZakbe50pY00WW6kK43s8cXUp3zYpFirE/K7944O11A1RbitQ+c9TCD8UUfB31YWkpgrelvnK/DhlQEfouj3IM8ouVMaC1DivFeY4XBJk7bVzOYwacQbil2pS2w+ij09l94qjEHXN6VpKFnOEao1GFXR76vaUak+CvKG3I2XjlkQPnwU1rs/y+6bIAUCQ27Ek6wcg5y1l55ay17DnSXh7FvItOONpLqpY5Sezkd+NaKM8tK8MaBqb/mmfCbkKtOLLoFs4x5Ndnjqomiz0iWzc7HMxdH7hZVWYyo/UXAovQOKSUtzk8GFe+HTMsI4mWgC190MpH8CEEXG0GI1MfREdtr+BaHQeR+Xv38xiiTFOUOyQLIiQ16eEGnISsTegDKImVYs0BtwslhG/taCz0lr3rTm/FAB6u0aw/e0gKi/RySn65kjWqtcqRzQT5LyKEdWGJI6Z7+OpOS9hUWruXezmdJbmVLng8yol9gTsm+cfK9PaCWQIFue3fB+NZn7cCkyWqUvTaJuyTc2ESuyn8rXB6k2RhDiDTZ3Q8YOnjuzTwOcThJYthMT+yS/9atI8q0QiJWu5Y3e4BhkZu/nOmri519zbCWxBbt0U2oHW+oMAmhowXCKbOt/tdM3Y1tgUUCflonBKpHvU6U3ZCdq7SwJ7jDPufsvbJPOTcGiLpTCjA7Ou4g0G1NtYus3jjworABGLURfulDRHiVblBdEaB4dX6N8+CmTZ/NhT79735JRrAzlBaHsxRQYIX2hCe51OqzlsNpBjPaDi/gL8le4JHoAdUS1XNNkmoMsNnYYrBquQebob3HpYiChA7uTe6SCWTyi9aLN1x28YiEAT7JZj7UU21eXn0IlvDbhy+0gh3tGGKOWvnOweVdwaxlBshDG8NAyvaQ6MSAZgjLoDaenXpyKC5quYWpJxKByw5Sb5cycLfU+wf5cHiF1dlDiFwt42l+k7G7zuxVOhHGNW87pg4j68HXzg+e4LUwKStit7LA0odvycHWXSW402BVqAsK5TW46hg2A2jT3kjzp6icPZP1xjUUmPxqAusg16PSiJTA56zccK8b1xHdvpj+pO6rvPsHjiT2lUD8DucY3fdiPxgotEjcBwVTeLDWKzp1K8s7m1hHVKtnrRqcRlgzy91296MNte85PlYV1iiFiATvAJsh7qLhI6DsnqBhsQJgmbdOHtgrBnpcRHXg2tgVxbKV7LE+ybuJB84LDlnZhQ+ZtbbAZlgU1VWjtG3HwrSrADO8v6JyE8EPdbMWYBfRQppTmmEXbGhbtx/h3UAWaTvtOjbazFqWbvk8qY1zmD6c/NeFCDeHxslrGlKc0SfvXUA7yHlUqVZ8x14WmG6NXiQLNfi/Wom23SGMkv92EQ8uG/bieilLbrEq6U3m2N9q3hyb+EBrfLmAfPHGK/2QbYa1R7tRuFn4XlI7Xz9PuO2TidNgpe2vfqEoP5T2XDsKg+XuQO+Gm4g4VX4sSFUzpduyVFWShH6AH3MvW7Gg+6EkZoMkr3zzuXLHw860t0RU7AaRdG/eoyrWgNkOmxvTANm9ClEx6BrHCfWvDnSkwB7euqrpJV8fLIaBSlCznaszkqy4244x7Yb9ysS/o9L6DEHRZVWfj737HblwDYCV8qzH5gU/kXI3i9+HnmmdcHPpHnb/fR3mF/be1ZHF317MXD0yZdB3Kuw0P9W27dsdXqlw1O7lVP+YlFMch/sn9mwLqOGLjdmT2AuXUo8Yqv2s6Q1T1suwnwjBE3NY8u82vqh5G2M++POyDG3X33xu0HmTrGKIWtr1OAD3VuFvfoUAqHwGwLYctVDYm/siP+7gDohJ+6faIE92xYZZp89KUfWftRoBkogf5NmSNZqF/l+9aXKrnepP4nDEs9PbP6cHQPg9I2/0EXIReLK32XKE67BT8MWt1CtVQXOx7/9wzaXzl2pd/t6TkN7bWcaOkg6AN0D3Ld8CtuLS/Gxv4Vo3RS1aorr1j0BF2OQLslpR42mJYOjHNd0S4Jd5mZYovju3fVlegfMAxEQAyt7bY379E0RRwnLeZUXgOCd1qdTqPr8lDhJ7PiFx/UttYlIythOYvoJoyUaPeezq0H/PPZCStqDXNbnga0eobIl1sNQ2K+pEKejL4h5MF9VZiC+QE5JLOoUbC+MZC0tFiLIpdNbjBbd4csPI3ht5jR9DVpbN2KlHlSiMf5oiY0e3CnqS0JZRgaHn+3MZBVPmd7yh7otO8nme5NYX0cKFzSVChjicW+FegIwGXBIQDqnuWr5zPbC33m0Gh6rZiZPF3ebb3Z1FbEtNNC1PmCkMYEUP29ybzDX5quuNfqL2H+hlgkIvNtYzGCv1hnPRhRCcjD+iMI5SXMYQq+9BB0jTURw12evhhSdrMuoidAsvl5a+T8Yr7rYDApt4T81l/cork/EbuGrznAXC903Zb/228hAYsjcB91mHRaOrd0edavZ99CNZdIyhcu8x+L9vXp+pqc7Yl24olI/61LymCfx7+OqCQwJ9GJ731kVt6X+K4GC5aiDyhRrXD2cJ0ygRICzZpd67TegiihiuWKOcY3JdQ/rlYjvs1yUjVbMgDfBndtWAzO2nTzLhqiJsRbo3OyVvfaoLdSgliLH/nnorb3pe3vwsgowu9MwbZ1HzEhu+njq/3TuEahhv9N5uMYBDrF3FasqnMyWaRSp9SO0dXU2ZiuLzAJtdMPi1dXYKRJGVP6AfXcGud94sD+qkkWN5dR5273gGJKc1Wk/KPd/NouhGRe8pL6u4G7xC1MvI0IID8xj5hfCWb9i8PlBfSd0I6qTfXKeP81glBC1pZVKb5ClKYCJpYff6nR7/v29ydsYYxqs5YOWYxLG05oifisQ7gyIumKjdUllSGpcF3hCSacTaVhFlF66dJ6seKWtnnogsRwEGy4loiNKzs4kJ0pqO0IPjDjUr5MTwvMugA0jHEJyowYOHCv1Ga4GmIPPmpl4lvyLcqt3ANXcTJ7ok6+2JQ92FiHKY+fOqb6u/y+KnNDUV6FvYtVxXSAGRTBjUhorqguaHUJq7kyndn/lpdao6K+HhE2qhYH9l+u//AWgmkbnjkENL7jymP4RRUOKRVPOs5O2ZdTkctUWDTOLncJHE4we7i6APEzfbQQs+ai0tRRMFz82YuZ09MkViJz3qW9E55L4Cild0sRnLA5sjddNollpJXaR+IylOW84+42K0YilrkLLQRIam11NYU8tKltkrKWdK6gCduHt/M3YFlYxRRjLSD2j1FqE8ApLKrqRrEksa7S9+3VNHbkn//3NsOL9JaxHnpkrtQQ9xFfBITwGQ0rQ1I+YZspVFuBHRk8kAlck2070qWuECNZff23TE4926Ky/nTzvemhoHBRhbFNO4ElF8bLWybKvPWLSCBGYqRngBOPjdWpMNQihKS8V6mOXX8THI5RYaFt2kOJdaeudP4gDdGmrR3NiY+H+K4HyRQDoi43sr7Va8HCfUCgc6slfMbbXn/igWx3KJPJjyBytreFPHhVm5UM6x/LwgqkQKLZGEMyLRpjILHoylLNtPsZ+xsk5qjuYdnTmG755KtPbQ923NYCy9R6eY4zfGaucmL4eMt68uZ5CqfvLjkAWr6/epBXwyBOZXxIkQWnZeVxmGF01tSBoj7jG42jkIggFp5BR/Qq1ltV5UA/ZQXYTL1BqNQgV2l5zTtZNOOOEVK2wedW1tsonQEQ4XiRzKr0fkZSqR3BOj7ACXfDMGmwS4X59kQystTaMInfuFWzia4uYSONvZcQtQOwOcPL3MwYWE7Ig+/MlmApvOZv4vZZmNEBxSnrMF2jP4UfP8w4SjcqOcZGMxEp5LT1Lfa15joK/jKMF0t3IZ8Iwd0DOFCZ3QxoxpdrHZyBbX1FfOcUdAQZgFqnuzDtlTsuw01FBWSNUD30qRKrmNpTLGhEBp36trunJZL2ahIl7zyL8WAxJmUN1/FF3qkFPf7dETEJX9f22kJOjKaP42cE3JPXxjmvlPZ9YzHCyeaDzp+NTdB2GefCCamNR4JV3HFVcFMXNqJ4Hh9yStLAczsX2YZ4JKJOQ5SLIUfrRcLrqmO/Wj3kTPDa3rfH/9NDmEeNnnJb/Wee/hBiCnyryAYZgu9ugc1qY26lQLewY+GMOkGbGz5HfdzfByxVgaCm4oAoZJUsvG8vI3pVZcFRULP6hgPzmfHt7zQ9+ck0/NFKGtgAx6wVaIuUTJOgEfgvCjikFSydff+GfCsogXsPmpiBAwEdp1UutKr5fQcjAWrhMthbQK18NuR7lwjVTpqhGrgRFxkQcNX8tSBHuW9BFOL2B8ks835oPih9Cxp7sKvD8YMERqlIs0BGiQCp65e5Yz49lITMSorlfy+KcUpVuAMYLdbpOp4msTYEPIf0l8TJVXGbc6Yr9AWoz8xxzxIylXl6VxF4WkhtH0U5Zj7Gba13dgtVRbX4vsphAV5RyzgRKW1wMjYeK9kkEQ+squ21bgz5HeRHQiP3159yYwokmAO3EGeAQWD+VYR87qlneZxaRdyoV38b94fr5vH+v0ZXrgC6RsWMslZaQGqN1xEzCKvcXrIFIQqciCV8d1OmTYJFw71kn3cBzZDA5l4rt7FVKxqrvYBFllfU9dIwCVZZ4YiRLYwSpZm7yjAVCN/ecaP5Zzy6CGDpGttWrsKmxB6g1AChFtFmKFBhkKIXdED7UmRXNJeCbp61zdqvf5APXIR2eWM+kEEK65AV34oD32e6gL7bFc2Ljsafj7B30aRYMdzy7IjfhiQVQBf2CTNQCd8PWx53uzQxnNPrl/VKkJM/L9z1bsMYcHwjN1bk+q/Wa4bq9siqjU0ZsKDSWU7i1nXL52l5JycaRTo7tvUai+2QFS2Dn4F9uIqGK3kUMCNYYBsPNemxBqEI5POVFr6ajMyS9F+4T9w9wXptBztb+lFPFaWQ4Ma/q6L12VVOh3h30B8h0AL3evKu809yU4b+U7i6Bscs/UREDWraoEs7UetLSffkTB3ZG9OH25gUtXU4dBp+CiM2QSBOBFAF9K+BvTgM/O74+7PheIZKsBWUY6emam1McPMdYLlLzIl6BdHAy5uLoXLE7NyZw9bSJKbrXUs+Akd+j1TMytjC9ke7YBcUb9+OuUVOxg8HXqHX6SdRef8ERFu/wNHXvglBeUAMMC7dYA6AJfFt7VzPxpv3tdvULTm+Px3UUjxp+JV5ubNUQO5+6chjYeIyWan4/T76SLU7tI2an6o1AR8iUzgapMAN65pJFScW7Mv0aBI2Bou7G2NxXbMkusrxWKi9umbLCjW4cZb9WzGUY8XcVwRlnqqmYKwY+Zfw1smlVfyBasNI4kxPIOC+kpurhAdujUKGGTHWmStRPCcG14SrwwUAst3FHyZKvsQGo59GHkS5jur4vPTQus9lWtHAtSwBbY2N2WbOeEL8T9x+FZdvQ1Lw/g/UzTWho1IE4PeZXlRp2Pm0j3dLSN91ao9YmpjtwRS1QwGzrhBkDk18PWvbkRBhwvW8YMXedJSISHnKvCzCAynoYZCT2uBdlAy0bRSUj/3DT7NZ28iRd6b0E7xWiqlO1JiFZg3eE9tQmfDhYaTQLTyJ7fb9AbO4O1XCgxIQVmB4KABTOgPxF1Hvk0wab16UoW8W6uLUXboJDtapCP6ZhGMpJgumHruxmrb+jMcLyx8/4u4f8Xe+oROFTCkahOkYe29VDRgnN8vVB9KTa1Sl5cazTY+ImVrZP7E2T461mGb6Nu7M6s/YLlVKXu16+nkzwQ2x6vYZ7VWLKaMux/yhkqLC6lOoz4srWBGT3DQUCiX16pyn2iXg6+3TbLj7k6fsvqP59ro6No0AuQZq55ksvot6+33KXo2M4/QQsCvAroHsimaeweOgc1C9xEd4tYMMKOEamF+khyICDXCLeh9G2p0lFmiuuGRr3nZziwzNC2Ei2Cg1VU78nob+rgLEXFa+V3pXgzuK2NbkWb6TkUePlYhAbfeaDze4ZjBG9gRKQrxhLa1mWWGjymxP7Kunke9O6i9QkbYRxbKZgDsz87Jtbz3EZeF2zs95mGm1/RRjy7E1o8/XyzB6rczulg2jqA6DpIDKVhKVFSRPB+OQHFGuv61WEuhVvOepHs1yiYWS/yTLv+exbRPi9UJdO1KazmfzECtNchfyJPJhdQpoSPrhBmSboZNkJaQpIzswCTgQrOo3Y6pjBWIRFbHFnpBpd3Vc8mFFh2EVyM++e2LNEOnH2IOjNQF0V2odyuJTX+csT49srzDDlOg5MaWqAPCD9LBecRjAj2VuoGzGOKTLs65v1WoD9eFF98K/8CLdryzpFuD1b3sX4KFM+MaITq3q36IEDdmfp2uSe2KFT3hPojt50ztGIPBFTtHHQ76AI6pLbiQg3JGt7BlNdPE2CkRuXl+GN0UWhvJ4DzMZe0KcveQlNwP4GOoUutW0fww9GxHd3SZBm+SnTHaKiIVLkNVGUfkcmopFvjMJS0FiSoiohe5PTXnCVJIre8F4oaG4ecNMiQF4tSjmUwRTDIIKWApBb4LE+xq9mtrT5aTyYcYKkGAQ7cRjyPSUDbQMYcgTRJkUFaV90ehHpvJR4c1Fah9AAqRqapZCakmCXxUVzkIIJbnXNWkqjcBOb/iSRhJHziVl058/KUjMNIVXOcdAjmiRq6dl58U7E3s2YLTurZ/0MzUypt/SJ9h+PaNqeYtd+1HDWKB/4ZaZvK4fHqLoJXnAf9ZHb9eFCN9piLm+Pehexkbg6eeAyuMF1GiPxXjnEMT6Y/eLuiaviYDYuNYm7A7LAQzLClp86B3TUmnhCIPJAKG3CS1xnDXT4Z7UShZBKCvTPZ8Mep5Lpz7zlaecFMSy8JXbADWHGfMa97EoND3A8oT6KEqqrEsxVWWd4PGza8HsfoY+kZZx0wSYOJjKtzBsU2JVMn/jamqK6Ee2R/dNxsT6JYPObjcEwycMGU+m+JLapmLo9I8Ugiz7a8p8pRZkx/Ct3hTzd5Nu8KOFpF+AugO/Ew3niJxELy3m5nDSihJS1vpay6KiNuXzr/RUho4R7HWJvp1sfaSaepbJXhZrvHATx7j50AIIZXywXZd6aoyojGg9X74p7ytRhxKzgMFwBC78gA0PLHLydMnKA2d8519etnZDxGTtPKABOxKgcn7KeSJKMmPdeCXiSumXxW56rmdxyrJJbP3PwThuTYodXd3RSGG5NZgNpQM/jIKmQl/5XOY5QW3U4Ib98S0HbN07YA8obDHSLlBuFdwOWlqqGM2OkvI1e7qnFPd5fenqJxRSr3Ob7vqaz2IbV/aGMcETUFTt+znfOS99QjnRo5NtqzM91I0Le/p6awFyWpohg3PAZf0hAO4HjouiVTiw2u01HykyfmCVs6wP+j/nhM5Rmo5t8T4y9lfYxl0/hgTHVXAisE34+dZsI2cMSi3F3OUzJ7srM7vy/NYTaIa3aeGd73LFk3lXr4LEQ7/qXzu/XqnyrSyqIBpKN6UYtQnkrDuiVBswefzgfEdOBebm+591Ri10PjLMWChEOIQF2s/ZfNXsl9LZAWzo68kIMG1yz2HHtnYn2dwEMC6k6nfRNUMrqAeGewxmzGEwj3nmk5q7GBxaKACSt+6XnCgQ1ZzQGnmU0gKhvyYXV0Zd3R6xUULhL8WKgr4TB1fiT1lSbV4+rVueupSKj29Pktx5gUu1bc4my3DemwZcIJuVPtjHS0SEziOq+21hub2eTp9nksjW2cMeJTznzaW/7JKDOJR3hnxclbori4J3Ci8y2k/oXOIBPaXiDtOE8TYeOoMG6DqmyksyqtLgSh05qD0+ATM6jNSzS9NJbO5dTnTfJYmgM0+bW1aDGWgIpe7P9rYyOJg9wrHk8h5Ev840HbNdGXSAp4SdMy7fwHIIknZNf9iw74gRbLP/GGVPWhHDGBPF0O0q9ca7jLqUCE/4iGpgvWx07Rr4os2rM46nR/5l5J0RIrbYnsXZ8atMOp67RFI2UOkE1YVImt+Nz8TtPmL8yS+9JMLn3NsF3UbiuVIUasG2bM/JeKNm8wzdUdngTII1A2guwY2xc/3oOhF5AMC5wHx1XvC41GOdUjc1/BRXpQb++MlDKll6GFfaxsk3LUgILXvXMFVg011a35XSP+zrCA8arwZrev42kOeRxQ9C5qIRb80Ck0j8SqmO+urRAMmmGdswc7CfaR+wFTIZU+MI09e0pPdB+xB3eaIsdisiWCP3/gNfXiEx3OTTlwaKSIZwIZdxbuHe76pGlaclDtLmRyhjzrLPRw25NxHdaVu4K7ugxAn8ZhMgaslx+j9DYTS3ML98h+cQFFTMhcAmC1Rvgaf9YnOTI5f3IBYFMAdVPIGl2A3GoIofQUfDeWPQDZ0EXhnXeOExBc0CZyLlXNpKyAp+H6wA+32NomAMFfRxDp9G7obRW/44s+bhNbxmSPSV8INiJu7eNufd3+4fIljPaDMmmt0b21ja/f11Y0cvvJTCtilv79jjKQyd/sw74KikH6viV+LjPStSZQtomYyldg3iA2PMRUEFMDU09ohawT6UDM4nsxwQKEz4+hdMrweuIrODJbf9asuUUWumkR90pqVwNMIQpMv4t69TXxenhhETEM0wf5UY2ezxeOydRAQM4ryh2+L7zTBkeqD/ZXRU+1YcJG610XeguBEJ7oKlE192z/bVbJsB6tPMpXjfUBbiLQ8hNxFil9jbiwz7Idgjpb6tfyKKVcNdTGEqWOsGst0eR4i1+6gIrwSl/OL7YQ7fhVVR9M3nc/YDwqV2Fs3l+Uti18niZ3iCqsXUPWecYJefeDOQukhSH9Ll+SbcJJht14I96KYoF4i4qrztbztBC40erk/jyM+hsDentEtVDOqLg/ecdLnrTJAEnWnxpZvdymEFZLk66S83CZzMnv2FS7IOFJAu8+7+UrEU7S/CUu+aZH+wCuHixWK6iq5Y0U3yr0V0CxiTkQWGPs91JkCxQlf01PuNAzXQDjzM17bCWK+LYsgkIEJYxpv+ohbyvT8DbXDSLNZGkxdHxYiC+ZITaGg5DCRnD3bcEBX6zbH3nqKnCOD2V3RedhErCxQt6vdXXLTFrvXNLgYvm65VmAf6pVH+gutSjEei6URst4JHEJUh+pMsMC6yHKbXO84dI2NXIm5hi93lcbwwAhYzgSic0rfLbG/svYhNTnUTxgiEidg59bmvvvCS1eUPI8YMUT9SEnhvXMl4nKzkH0jcOVP4ddckKrWXNDW9uJQuD8wOpOShNRJN/0G43JIhbGTf+alU5m7CJMfnDmsvWyHiUNL+is5PlMpTYGqg+cvYTiy8XeVKFL9xOZTu7/SLD1ZYO145fdjsWLKZnTBPZdIUs4+wcRd/cUKTaXa3URejWWfdvNG1T8JG+MhELsys4WVGndlQbp8ChxhrxpyDHm8d1sz6zTMqIN3EXYr/SZDGMwGIUywqimIPn/fOaJ27Welpq3cMW5i3g9vWc850Jah6wN/d6duqlJJU6BL6BvsLOjuZbxtOa5+B/DWZ19tXLmO7uB3nexcCYxHGmW33Zi4KDbEiIGWCIgNQcc0WVfzUjoLy8wIja0+52s4JJ1sYfBY3cfCtGIPvxnCkSUmhp2sAoNTGIM4WDO8atzF4x7tNhHrUwJkY42tT4kZrsx1YjTZoTU6UPwQQ3Am75yOZdDpd3AdAp1ppTskW+2nXsN2KSGKuhJHGeJfuVz9KS0igByrMCh+CXzgbMODtv9Afki9Y7hGEBpVhwsxHYmg6AszAmuIxg/llxfKG9VUHGRFB+K2+HsWZGAbnJXkbkvosgJrFRgDsS3rKZ5YQ7cs9ZD0/KjTvECcZZjoVKp2093IfjQEGjelaJWEVscqpAzZRRjnaBrBtQl5FqV3bZMP8J5Vu8DO8fXXhsfhHkf9lYUJDExFfwq75yzMLD+kG9kPdwLA9Rdi+arPyEXkXvAtipHNNgTMedvB+GthKAAhd5OZXYWI2Vj9wA0HKulx4wMO7mCLyYjxcw2WIIOvvUSkxQ7pTZfajgK/gdPn7OU042OYbFHDMYX8BC8LKM3GiL+KOLEIt7bgDxklmZ9Y4I5KzphsGiyp0GErOQx2bdkEYq/f60xwIteDGNxbPN419D9f/BcwkhrBLkLkzMm1qYlMzWyCdCvFtm4iaX/T4HLxoxgLmRokbzAy6vhEQbMkG34bj098rqc6KsK6+mkjdcEVQ5GcySlrQ1fHD3+S/aKcALXbkSoxsqTzfiBIivCP9mKWYm3VSij1eMjICKR4iTtn1iYRtBVx8qIBH88aFUVHkUphHGClQfjSMXVKgjtAk3f1355uSvWekMEtnJjOUYKNB6fuC1ElhOWVNQV3GwaljRjL/iCKC+r3eE5+B5Hd1AVdRbug7cU0Nz/DQ45J71QIc5BKGarQJwBCe6pXfuDfOaDLbi8SrG60u0p3w3uhBhnSFgIErUb95VJHJt0sskFT1LsCBS9flYgkya/CgxAmrU5gp+D0A25T+osY00jUnrwQYql/DlM2Bu1oY5Mre1TaAHvwcL2wDcFs4q5K0ByAHCwVlzM3EgUd0uS+r9n6aAzlR4Vp4XUz4p6Wx2lBUVHh0QDwbZ4HU3wV27YPclcJTMCv0NDrWDYqsw+Z8Ccom1cp97YZof1dFpvrRnONadgd+nEnY1ytib9lVIgSUKLSUf+yBoDy3L0FEsRc5zzwG6t/8ma8fRu4/vDTw33qm5RoSviozctV9EaJDb4OumsxIcbBBpcoF8G/U8stWyTTKn9Glmd8bhHR4E0yW+UnLOfEnnFeM8+v/oAeU3faTzg6W0ATLq0DpyPjuh9TX99ICVgFse0HnfUhqIvaZG0J4dssMg7gjmyC2FcJgJLVtm7TND+yyhAoEFiPOT++FYU3op+McXRGVNRFfDPQRGT95LgphZCJnsh1zZkGtgr9odAWpa+82RBd653N1UqjdwBOOGzUWRKT2JqIn5W4dNV+n9OZ22O9PfFd6Lh2fh28bM3S8eH/+/+RxaTUywKAKo1a0zLP0Z+N/b5/l4YbZhm6Vxn4rev+WVn0osaDGIr63/kKsyhP109KPAGU40IKHfBLasX7/Ue6PRiEggAAAM22bf5s27Zt27Zt27Zt27Zt1w1xgzzbafIr7vcXRhIlw2vQ8eiQX6SFhMBen9mqE7cxdYlRMPng2nGmsUCijTUAoV+j7bvt4oIXKpGRs63FUjuzgb8Pq2T/nYsVlJ3c01Rq29XGPtCWuZ1LdOzk78yrR7RGyNhJPYV2WQtk7sMAxPWEJykovzhI+d+r890INfzM1Uyn+VH2t56HUh9Imow0OU/9RwwRzMYS1++P4ELAjfeT7u7Bi5J5/pR4qiqTgspy6BPJ0D6vylIKaIMTQ2ODmeY3wBDDP68fLEMEYoskJ9s8ftsGAin0zBsFXoIa0Wu6eCvQjOzwY6wJL+WO8UHoL+R+C+U0t8BtK4fllGmAx4zxCTQNrfE9WKXohq365/GVYeXXSIpNjSIRlwiS4tV7nGlLlfwsmMlxTKtqT94BhCmoGG3+27W5EOaZjPUE5gknbBRfmMRcUNnjEIb1wdSOB77v48dxm7E5mhKnmAga8x4FLS09f4zZ1rjc5QDo95ZvL2GI+bGRUwdwCYfmczBAbpZSbDxxdnzzEEvbneFryhmtQ7NW4aDmaC6BVDGf0n89J9/oXORnDm5FPA9yHgVfyK0/EgN5XpJMuESPSfVOnAYYq//AuzZbf1yns5mHAbb+dBmkVdr77afy1VIghRLfgEJoEx7EWN0fQUyE3B2ENvd/98t4gKlX9Q1jb1EAx4V80WQvY1Dk5KRX1uc6Lsba/Y9lMvqwdhfPO0bhb7yCTFvuQRlnT61I1GxrA3c7pFTyjs+HslcXgCcNjnWRFj9viPB+Op8hGX9CCquKGIibgTBPZwOdmy8JqS3whB/SlG33ANpQYjwJk7KR0tWuqEDR1qn1AxemgfIORjf3srmQBP1ggpbrZ+Y4hxRX4MMp3ho1R0Ec7S8JwZfyH1VDWIdXLI+AZ2/WTtx63SjYO107Oix7lFC0Zj2+AMqrGluR0MG4i//C3zda7Bd1tr6d5n6dhaFtrNWCTOBZamPmMfe5QFnq6bXYXMzrPTn/XJLexZOiLu+cZ842qIKInMLxuPkA9As4yPY4ErPBEmRD64s58/ZDdx2qjHRzy+UVXuxefh2KWIzO8RxIWal8PSgUN3pAyderL0+qKfojrImsoN4qNv+RuCH7I1I8iASwMAhdSDqq3PtmplWOgxpjtbx9wn+yq/wqYJTheiPnqatfo6Rlrrf4yT+47VhM2BOAqQj2pHaksnercP4ZzXVL5ry0If/SZt4JQU/jTnjCbEzfHD6GhE9ucsLSBD2ZwnIGTNq6a4Oxc7DVPLelT5aeV3x9KnuhramvmqrjMw3U9oe/WMSSgfWKREnm7+90hTXpxGWtB8b6Q4X3uIX2yLynvKN1pz3yyacHBQ5pylV0sZVjPXe0gJrIEz4uNbQf8p3x+Plc/tVCwR0ECCYr03n+GebaOK9vH9vVIOwaB1sTAfPhm9osq9EW3aHLOG9wNEUH8GJB7MFm7Xt71dkj8LO/0CuV2OYaDphVlf4xXeRWSiwI6/m69qllFC4XZ97zjo1wl2dwqT5e4IsFKYGK13PWLjjN6YosUV5lsx+BEFCfRGQgeMVQAteMzk2ylElkDZNRHU1PJVshLnkPQh5msSb0/FQFQzvw25dhWFWT54yts4Z2Y5vSzae7O64F367D7OTvMQtXMHxgfduMtKj3OqKDTT4VdnowYzBFTyNi0lLLrbZ0+TSs1vbA/2yqYgpMDFZ3gfOJTy4x7eeDK9YWOhmAAr1Q9yUhVbqZ2G9X1o1HSJrgHuBCY87DVgMiagFkwlYnA269hrb5CQPWlGfrG1SyBgK54psQTVXAFyo7gpTzVIyx1jkYCGXhZ1IsWLSAgqR0QSqLjHV8XJopOqSGujAXJc6tFY/5yLUt0zaGCdGSIFnrmaAoUd2/OGwJUlsif+X4QjVx4OpDq2yALw6SRJXn2UQ+2yzurvexVROHBorWs2ft40uZw/z9iwqwRHF5Ll2sodcs1LehXOeFurDQ17wuuadF4LWi+TP7tgFyvL3ZRAZiqRGFov8dsvd05TzXbyF7406ZBC4U4Y8vceoMW6ZjhxexHRmJqwmGbNuLApgiX1ln/7KAiSn1Q/uuUg1piKjwJhRXpDidBN5th4T9mGy9VL8aaJaAXJPE+QjQId99yQxLT2GbRzb7hDtA0TN/mYCT2JvfITa2ZbB1Cefw9C0GIXbdW40FP7kzYR5AZ3wQOpdGuJ44OvwdNX7ivJ0UVKBfOGgm2ZkTJd+RW3L3v70CizA7dJVBs2ECjanjyKmI/EemGzUbdDKl4YMV1C3gCj0j/Ko5PNabMdfkoJOwx8pTcSx/i8izlwfFGyNS2F+AW2S/LbXm/NqxjX97NJ9gj70gCoA3KFaF0sWf6qDVhJgis/RTxYgzvkNcmiJMp2A9JeWG/vDFzXZR2kpxFBG4yKS3Rh6snQU/3+hiG8JGtYGjdfqmy/dPpD5eZaaK6zT+8gSSlhekuOiPuNB1kLRl73mZ6laN8brtuPcRLWp3TyMpgJmxGtjSNwP1KiGZvWrhJwFCdIUopPKiK1wEj4EtEjXieXcqeZoAGRE0V6dADyY4a14N4/BFVg1fo2C9b+l1U4hHF3F2ur9qZMzQ+qyzmTaikfAtZBiSguZE5On7CvM4fWuJsByBHveqZ7gu5YQw1u2bJpG80c1c1oGg9GXauG14F80Jsan45QHsG3/4G7uv7vfcZdt2xClQh0svSSiaBEDCm7gLT0cPR4flSab9EFaOFcKcs3I1nvT6qn6wRZjImTUPcrWN39Q/IhTXKZmgHLtJP3xJezOgwSLP6evlh+Pkl9Zl3n88stFXWQMFWPrV+seGzBEB/05vgEdpvIud0Ay6Y3KjvDJd95oh7SJwVZtieNbzsU0rYrQ4zleyHxj8r/SQhRVXMyXiIIAH2TG0eZnhef5z2yVFgke13BqxBDlQMS0Tz2XYC/reUSNH23SgnR+wSnNx6JAxWwCkjNjSmMi6773dvVfg+aPa20dIJGy32HzmZWp8GyiG4mhU3t5mbNfv4cnLbz22ySdjz5QmYh1x+peg4O+DoubJ1nE1KThHBRNekDa6UUm2F3e0NQgzSxFYo5M6DICpdmZJuOJ5q578XenJwOA3JPe2zjQz9SpPRCjDqzNFDWfHQd2ypGhilfeS0L1OsHHSMwKbfa8lDmiVOBXDbFoGRwYEE+Vw0bMbwFrft6s09eBJ9FnlPFHMBG5GQRQ+gyqFnuMEDEGsuIPCMZZTi56GeVi2XwoEkpsqaCkjIL+UPyG14rD9xL+MnJzgYCiJwJBb6HRbEzMlJZ6wHfgC7iq1CxLNKYhyltw9qYQFNHXJNxUtGVHfdrFv7wNxVMoZSnUqueq0duf4iYr0e7JtG72xikIwYZhJQ05Zy9r9gnoIOiCioeqz89AAwZPcO8ulMY1395MxZONqlSAMEFYuXOSr5rj9GXsC6K+afw7vy/VSnC9ozIkVcRQ2JDXU8R69FosfeFtP8P6L+C1GG7q3PFYGDCw+tc1abldPLZnpwQyz/UThcGZ+gM/6cbGKwG2aoqUvi2jBYkT1wcNkYrDPZ8xgJUhAkSkjgikEbQ+s/MEUXAd8Qapj+28Uul4yMDF7JQQ9w/vkFGG6w+pMiKaUqloNMWthDlx473wLlRmk1nwxGTuJipsP9iCOrlTmO71NQS3wRo6qZ7TH8my6TvMLWHnRyf+Jttx42vPfWOqFjx6zSDzzs6lcQ/CL7ymEz+o2UwihaziYsKeKyxCkOr8QHrvfUwVnQvLNjweg8dFisas2K22E2mKJ2+zgW7kAlMi+wg5gKw1Zw9yztr0D8DxTKCYBRJhuYZbGMFxisE2FlZVLnRUEnqv9R9R0YYQgT1uhpWlTpHhiZocVEvgRR5Ce74LOeGjXWr3hnYfNWYUr6x6oUtFqOZ7jrpW5emqzkVZLbnCzxavcB9SdPTEC2Xd+n0BqYlC6q7X5I8cac04SQ5P70hjpVhUAKrNjykPsJoqlab0lLeMbUi93XGKWnOod19sXkovyqDnS+Z3uW8l1MZrwND3mM47dq7Zk/nFbXlMlaIlEK3xyXwPiSHLlio122veWm/JaeUslWXzGT/JWrKuHhVgYykrX7DIvflkv+Ldvs5dv8eNm1KB0jaclikEuwY51ChcJ2/Ie87pjlNJuD3Wa5j1Dg/T8X2fzm9pmuNIsoLKNR5mPOUpsLK2+s4TKaec4qUi6qJvGcfcT71GX5roK07IFhAuF/x7nFmggmQESK4JgFGbyNZjjEUqgDqMct3DH7kR/iPhHseNSMZ4iYaQNItxFtIn0UCJBa16epzQlJWmnuSKRYClnd3xrGf1zic24shNFnxqyXoDYptQCDRma8VEkuRYTbpzfRAqax7mRpTZg1OH3DaICXTwCVkoy6MfO6yetcDjk6JCEOKlmUMX7voFBDjNRJm/8rfeo8dbTa4NRzif7yHRiOYvSYbDy6nEU8lMK4ZJvjzfsMuyCbsJfJLU0BzeaBo+ZBmL0UNK6ceTSc7WaBm67QuafmiUA8kqgAXdGxC53i7XW1Skmvad086jFqNfJe+HANhmABxgBlD6RxxVxd+ziIJln5+9n/18IdeV4rGS6sHxfYgtjwSP7utZINmlZrooE83OX+S6EZ4LYRGR4KVB1hp6uFxSmKsC9tVihqJ66v9y3nj9Q6B9Ywsx6hNy51Co83Y+EYFjQOA/LyjAPt3erc5EECn3zhXUoejsTE5JS8cJxugLm2KYkPbuUhgtQOD7Y2F2nW1XalyC0MlTLTl69AEQDv73GqKMNN1GaqRpfs7zxQKw7TLTZC2rn9fc6QwE9vUZ1+M75HKqcS6U423a75VzCSWPS7sE/kw0bMP+Sdr2WmV8U0Vw1NiuiZC1FSokOXK+4XigsnhFp4mn+Us+ji+FlPLgsS6DIiBz7hH3tUZSxTIacAQSnu9R/n+gn3mzRAIzCFJqeD+oLL/rvcLz8Ek5A4P5AfXvxsFkSm87xS8OCesDfOsx7+2dFXtbilC4kQXLeokIxKxvS34RcjxiCr5tTvjsGxpwB1qOvEKTHsWpIT1PYjBuHbR12FHm8egBZXkXB25XiguZq90R/G8dqAHeXpS52TPIohOapMqHvw1qrbBoq6XTGLsPqmQBfyo10oAnWcUgGDdviwWdGTEVi1Usi0J2inGe89VQ65GShzrX0VRJre1krPrxrUVmz3vlwI7cNxDDw0/WTUIEl/SyNPt8ezOELDzrQROnHrEYC+xbxfgaAeOcfL15M6dBvDbgymsYCE69szmDGvCmiEYpCucM8zAloBjVw0/cjseu3svAGMEYWeqZgPDGqztjwAszAeLF4F+dj1zg4iBYBA7Y/3cNBkY4EvmDKu+TamnMW/2p8/bREtVh4NubTgOJXnbnsjdPJR/qc6rMHy2Ub7Ew91Zoer38eIdlEOd1dEN7MJTSJuvdK+GMl2MTRdJsTJUaZ7nZvpa1Mndk7mnmWLpJIDlEIunXwh5hn+2f5g79q3mI4GLj9TqE5lTCk+4fy8cu8TKbR70mLJSP2JKxtzsj4+er0455kyIEqABzvI8WKKYPF5CwHL1n/IeJ4sKm3EVN7FepSvTXJ/+2Gu2K5u2qS0Yt8S3EiNJWY8rrvCXWid1AHGuZXdmuMCJYg1Nx28nY5EL8dn9bsKRB3YYZFOw8Svkta3M9mE2YMg8rs1kQEwwQttRJ8W/qfFosWj4IO+gn+zvfMFf7zq/lNIcPEo7Sa8WYnCY5CjPgMQ+m035VYujwOBQ4JA/PZtdFWOdObQmksvlsGx9GcZ4R084YqgAbamwOU8iXV7y6/yMRJ3Y1I8Ii0bBXL75eK11t3R+RhICx95L1QJW4YReId26IPVXYKh7/+TbwDlCGa3oPu3mJGqPMKlDe4NpTZKukP3uD9lx3EG7OuN3uOtb0l1lpzJdwMaXAb6IA3n+DfZm8770BIJ0xed/5FJI8xK4qODcY4dtHK0tUg52lgQi7l7AkNhJKR/hh3aTtPP6nk/J1XubAGmogfat+D/L3+KDyHZADU0V3ZlXNGN1vLa39xq7RATWDbsbGR+6Zbetc8BvXIjJ87PpCwTsY5/w9CDX6GonXWpzho97vRWxjeB4KPp8Ea9cDBBB2sA6vG8tTZ7wV1RalfhdHo+ofW5tRZhDn7fioQOWjAkn6HICMFyMLCS826dZviJp/OPN1UdDgOq/Pu6cvdeYDrktG6Duc5bLCSWilmn5zNHJq6CHvekWzv1IIqWDNvzmA0Ptvs1qJwhypvcDCkWNN8cBZ+D1T1TTXW36156XPNOgd76PmO9+Gm9yXV6QJ/lP5tAWUiB8b7QrkXnKRWUSDxB4tIoOPUozK8Ot5fpl7i6FwMCV054o+N/PITviMNK/+Ai7sUDleB1IDsYaJBagGNDGefG3qK1cmpHK/XUrNGCujoPCWHramFbTNSs/FIJKVqkO65yx1t+5vVB93j3kZqaQ9VPhf42LuxJApfZAWFrqrGQvfI+KvS3K+RNL+LVLP8I+OWrp+y2dJyOcCuO242tjz3GHkPQh+slq5QxcnZWoU0ism+PiGGF3dZaOvfb7yCuJSGV4OfydMt0nHE5DeDhIEyOkwu/rxKAcyeXbUeIX+6JYVXeTVqx0NnZB5Jy574+CXCq1dUzjybrSIUQbkQd2I00T93u9BCPCkiQgvuPseD/RwanN4vGhzpvfv87/upUvS3bdz5XIUZa8qUOrLRDEeO5HdaYM1aue49t0cqLNIqIeSPvfTcJ7IhE7R5fpCHaN/4/BRT/PHDMQ3IfG7KkcJ6EGj8NI+6HxDzXtbgdguUqXRDUZKJW/4d75OMBSfRn3F6oCBB1go3cDGMDM7WWkh5omChowUdDE1ntjby7hKqmRstYS47PHS+6X2bB/lvqSbZnIvubfLzYjmh6KTPLgzac2+z8796SQW7fyrIOCooM+oeCUuQo6PolCctT3zmkFwQWoDZhYYb9p89l5BLOO2TadHleeKaFBXy1HVKObxNPYWXPc7wquUW0OlGzY/qbHcv+fHhRKdlJsYn1BYxo506sYtUA+OsRsTVz8IliKjdPVNxLskOnWNUgKcmySCcImDOmiEtBh42+vTzOw9wz2UFEh4MexKUp63ENEpm8q5aip86Im7oAT8FBLWSN41DdmGe3SF69q+JCk+jrtl5cDgiZ8O4VX7vt460OepuqQqly9Vt3GsFYboMvhw+j73whFuW2QkZIDqK+V1amwP2n/V+hZhFQp2nL8F4EBmbgu6h/DAl13ycDv6VnEUEwbBuGTFFIWcJEQ9fwE/SpOuzDtNN1N3YaTfhO08/H8vyasYUqXqea8E35lwDmDvtJMpuwa0p1ggsCGp2piY31ZS0xpjbgwA+LP7YXZGrLjo0NC0ghArthpRh3LzP61fOvHDalyMSxa9n+CGfUQyaTVuBvryQTwFKaR7k4jnJghFCRuJ7PCvdebN1vmFyFi2dUcXIj12UOCT3v+hNa54HCUwbFM2g/HCkBZDsHag9em3WpYI9u5dpQs1MbK1UhXEDC5ODg3u73E2Za0fmKUl6a+3busXd+V0yMoPm4OWcLjdJu5NONdcwn3F16otq4rqSdn1Qk8crOxuLu4irkVt3caOnpwygg0N+3r3YxaY4Wvx8PpNXSGBC0UAY7isPSgAvWaaGm+kuokMOxMIZAVBACgVQDCCRIjGRnfVgP/gHJVJ3nUvyRCBtPjrcdgKlKznuX9d+2mpA8A6RpSvsGmmboNqD2aFI/RuFWIl1obx/SS1WIOJKm4x6gj1YdJKgDCYMC467ovFdfMnu/CKr3AebJE6YqPzslUFqRDMdiB4TJ5zAqd0fBzIhQYpPwCG3S3xsJmq/EbHSs6MqbyhxSj9XqaXlLy/HV32IzXqhv2qe6rHV/g9PvxiAgIMZkGvRJh+dJoyUGeAYL4m4O7QiL23D53vu65CwYuOXwEdRdi5RKedH7Yoj6dJVQOsNQPGLH9Zlu0uV7HOfim++Ru9JmYpzyiDaq5r2vqOBlmEgV8rlV+HNbPxl/FSVi3Iu07lVDvqOylbOfSYqZSLALixfVUl5pNjNDNkT8LywXAysZLVKIR5Ww1n0MOGdIkq7/ZWSboFJjmLgyxKZdvJUf211+9mEI4X2Xkiok7yIXW6U0/1QO8rkgteAfA6/PVOdpJpwhwRk3w+13rNWycD6ND4pjr2oBn0YPlDmx0PslCVEPF6soyetvGSD/vnWOHKnEySRq77ewbNaoB68oJHTMvIKIMmBgwsgi4I9XVJAPs0NwiaIOOMkjMBDKUCjzKLfd+DDpWgHdOLMKFqmuG/h73/F2vl1EOtlxI6reX/3W1yYIpvlfWKBLOkPKOnrKThYv4WCBY/SzTb3EGzpNQ5W39ayRBEkpsmS/YM9tAu1ToA3UHNTbhjN6buJK68ZVEIGyaTzYQap62b7VeqtjvNdEJBynRJi3YuVYOeN1553E077jlrgQbP7ZGyCLNIkXTQEWwPfigPcAX0/cf6V+rXWtN0fMW7tapp5XbAfkLw438pcsuoo+KlrWbTh7uG4bxLlcBwjUXdFcSulDl95ZwRQxu9nUSue+DgtcGfk/RcKB48RvVxWZpcYlA6ZWh3x3HYbXTZTU5x3frodv9qXQ1X77OBVy0ucGiu8nb2/xgEWafP9MMmbVZE2G6t7tPpq6aDK4iqqMfu3btRZAW6hj6JFF/Xs5p9I0Xdq6rEH1n3wLQGPOmdK+1HnQVD1c93Yx0MW0Wdgr7reCn30NqGdeKcTR4t4XTj8tOAuXrtNoX44ZnAYfCgkd9yCE7xBNgqvAqA9TTWKzSSTlppdrPk9YEEOZJekQDh2ioG2UqdjUT22oThNIjczBH5PgcL631X7vguYzGlOC4sMPZ1XcvU5dA510uWAAxkJphCXLlfg+Ccie1eyHNjwOZ6lz2k+7P3tYpTvRX8s0Q3WfOz6ltuiz9bgSm3okJ2Egr8iZoYGM5rydXmeJ8zT3yT8o7lzwBcj2e1Oo57+Nrda/jVdGdg3vdSrJLZYXlc1VGYakjsaHFMJdKQrxoCL4aC7ygxQXYooT1utyQKta7dz1eCZvjxtdQImb7FzbGxKpuWjpFj37hfoezNGnxvsWsedYBRtHzD9BiHWWfeXQ4dYnE3d4/5EHWG+O9q2WCgg7MUbniapTDmsQgq2JbkrlG/m2EzYnSeGSctg1e8YmqM3MdIxmjpLsKSlhL7WxHnYDzZ5dfWXUCvQtXsj6j3fb3oThHmBnW+7MWYasZsLz9mnWbiJeXUpWG+1W0qb5qz65cFGcl3Qsv/y2h9KjlBFG0vFblOisY2vRd4V1EHDgUGL1vbMjSNgG8lpSYM3V4lbp6Je5RAmwp4e5Z63bJ38taR8WQu0CUNtqCDgAJ4Rzt1C4kcajPimANDd+9eucw4LWgXJf1PxA2sQQY7TnGDbt6hs2HE9O7YIlZcIF+zP1x3Nb2Ksfom1Fp5d1au3l0fls5GKPau0/DZ5Kq50SNQ4TQLOCNQp1K1PL9+Ujf/F0jYbAN3hegwcAw0o4wA1VMqmPTB5J1r37lWeaNmFFEI73szCtcs2ur/xPmMcjLLg9gGyPHIOiT2jXTSDRIMsayiuVWXTYgOJeDT20169w5r+lF3a44i2aMHXQ61OjehVM8dUyyPfQUyWmGzV+8AXiqNQ0Ix6gvq23Je7dRKz9JMN3hrEyI2/2cczeaJtANIsd92BmIDs0OHH7eSsp6ObiS8V4K6xMXfsUudNv4GeQatNjkHgU8KcO0AjgNr4OHFavLzHOAmcgiYzKx3Vi8OqMihS5ehcBtHpjzzNP0ILwsEEhEwdWbIQP9GAsyhXY2vT2diKSvFbFo3LAePNJrhFOz3bqk2VHrwjp93pEeArfwoPV8ACe2tHNwkCYKKSwDPOWrZCr97t3ItateTpF5Cb6r+VuoFqXVEmT4aABk079MRSfodN0uu4ZhsUtS4dJwJspjRGPZzQ54BvIhN9CslAxsjWuqNhFuFNUtxMOJdhDE+QaSWAb12qhnH8fnIB8f1RGJm0d1O41yBrpJc4Wvc2xQaHOJuv/iTiq6UTANOfgrl78K4bw8c1wuShl5W0ij5grb6XU1BCygDAFL4JYdnoGKjpX9qeuTANvn80EVRhB/dVURUGxjbw58G7P68+FRePHqLYc62P/vt4gIQAUb4lzCz3+yzwImPVCQhBeibY2nvGp9X0wbDCWJk8mzxdOaQzW+PFGAhAfktTA/tru4RNfsRvAeADSH4tIc0GIL7Q4RTbyHa/IVKBsAS5p9jurT7d9nKv/000b0tMgHLKQuJeZ8QPmvaKLNztyJ2/53G+Y0WgDz+LCeXFhLac/odj0rRsT4imatageaDKUwI9Zix9dBXRrjTX4feKxJEpkO6j7eH8gW8MxxLokeJNhJPw7RyPulks7+KSRi6P54vdCa0SjkXYGwkjMk/JdKXo0qYm1aSzNwybaeDDJn5SYciaH0NmQpiuVkrzsUPNf88GWZe1zLL5Yj71Oy0mzFEIpXn1vuYVQX9lS6/J0vFhxNwaq03/LLXOJf1pEFXgRv5BuXt6ccK9oxVfiZZFkvf5rN8kF1kW2GfIgS5FoveQPtv41zVfPGzCY32JM88jEJVtgkEKPFD+8h7jSl9hNMWa4qxG1BuapBkkNxzkBV2ucUP1BAz5KCxIdcZs064pvFT+bUfSH/xKU5mNvSMW+37SCdUdVJRXdEGfPanazG+FarW5Y7B0L1LCh0TYb4VHrZjWefwNlW9M7zpc5qx/XNVn/QzToEpDdYjOlNQZeVOzbfZj4C5KT3HEklYRFgpeHmOAqsMLsG5o4ud0MdHHyjdWgZrYtfYX8BzeuhBQULUSnrKKA8brHYjqTcQxf49pXKNtI6Hp1QWMW4W7iESNB/5SOHzl8yBLSCjhkfrF33lZYHO8VEUqqjk5oSXQveWOMC21W6ZmzuihWCQYJOuDSaiLl513f63xWcGwveva3qZ3zMMUPD6wQp4MZWKNUBU2eosJoPNC2HxcX1cR7uER19By1pn0WkovRAboNLh+YNlE5YY9/bTt5/FDRYdpwIpQp4v6EapngXVaqvkFdhRXAADZ54yaJekOJjQsCuVNP5upcR2KYNGZpd6Gud5iurrKqndUT32nUU1YyMrW6OuCMh93BBAVgjWmezLv2Minl+Q1/8q6rWxX22+Z47fX5YqrTYb5gEZQjnPfS4D4/U9i9BX1uoAkGO5+17/t0ZXZ3TKFJuDOd0j9L8YAlt/kp3/bhzza5rY2aUxrhu7CvyUh54xdpfkb1AgFL1lUj2LDkoLaXTEp61n7i0ag2NqyAji8dJ2whLyRslWkxNWeSe/gpQpEHPtzDTe+WMgXlQqtkrGIC8P1nlUWpnNxWxxJyXLdSRWnkkwIGN6uB0Ac3Y8dHQ6X3bRDxy18u6OodB5i/ljNcJPjCqUp8JLvHS0a9vrryCTQoK4HeMQMEsg6t+DpPNAZSqsgiNG5p2xnTdn4Xm+7hvGXsi6HIHS4jwsh7fuvpVtNswhtsvLMkJ7h5Zi4gEWtV7NNWXkbXRkwN0Ywwu6hZNSkb/PVp+hYclvQVYQAHs5B4tYhTrBCQAhKVvpTdNfzYevu1y7NtPlQqe6xaya4LKDmFj5auNkgb/CFiJdZOzCqftv2Myqun2E/ZYP/MuYVR3BhAJlqTbMrj75FapnzLm4IsX9d4lM26Gwd7uymBRa7EXFgSbquCUHeip67qa/mkjRA/sFSZIvUfvrNVX0sZGGAMIXw9fa+4MViZ+8YP5jwlgpzamG+LpdAr4xYPQ3WNY+TJ90cw0A0lFFrkdZo7+JrE/00Xc/M63skDnX8d9ZQgcK+dvA101HCAHFY36zg7Quf9UQbCJvNpW78OLmpWKvTilNsZJ5d9srWlVj7H0PX0GuubjWs3vaJqwawHtl5nPZFitm1mB84WOWQqvjqWY8fstq2RWT3/cAdE6WW/CeZIsx3wMoZwZFtdpd+axyOag6zaKSMayd3F4Bt3L3OSJpperTnTHk7KH2iI1wh4D38IOBvlAsYe2OJmTY6iIhnhhn6CdgE0X6zDZlDMZB8tiSVHupPLAMjoSrnQZDNzBv0fNqtWeA1pb1aIbxyXNcQQtwe+94yS6B0TSUikmWTHz6YulqqDThH2jRm26KWV0YOg1MPIeU93dNvGfC9sllV2KlYUhuvhXSk0muGakm+UfdxTFPzKrvchcoKwAdLYb1YTf+lB40VJmaWUi4a5UgauV+hFe3XKrJwD9Mb6iW7SbaLJdpkBsBwcEMdwWBCZSCH2vgZstK0uc5gdCzF/Du9LQ3iOFRztdmvdZHuB1hiPXTC0hanSkocLBaoM2sxTECwano/CmsARyfsYGu4s1VmGx656FLfjersyDUqMYl28rhj2n3YEHa4BpeP/WtWmCs4OR+jWOsQ1TcFfJ+vECQKgYZZ4kiCDuTBKHlxCVcWLSi8cNlnZrVWpV5ocBgxX3GeM+EEpP57+S5t9bxwI0Sf79vMk7oLYP5Wcqk46kP5PEi1oZ1z8f7eARM7vt5DBLrm84t2cpajAKWei0mK1gy52mARWHJpZtD2tw6MFBUUtOL5BsIWmiIE6QIfqAs/GM1KCONq5qNvs+V9p6cT2KwKF0JXbksbDsMvHcwnugEFnG98ST4qg5rxNrUG+6n/48vgLxgxPQ5LZhpDCHEOuZEl2IHCqca5wOhaoxWwhAF8IgvH0qzNzR205N4y8RvweBnD/pljh+u1CRSeqctyHC3noh5sq2va+GYw1nrQyRrIM4/hWH5hgR+jpwRlhzjDAcBCd8ryTBscrWyih7VUuGZFE1ZV+yBVlEchKqzxkdwiBVhR5rK8EAEpIukwzu1paOCh5v0ItVtQ+u/qO1l/B5053Yngvz6NaHty3k+wu09qUKIOrXahVnWeX14X0UgRFwsUC7eshEdDmdQk/6V5ALhtmlkKgtHyoA/7HmzZdk/vOJWirDQL0kMr6K8dhijGvqZOVph7E2Sw6dba/QoSr9sSSoXbBJGDvTfyVkh06dg/an5ZdhWICM2mKbTuagaOAWVJuKi8swJCeqrJktFQddQbfy6iDD39e1fvcamXZB7OBbcl6EaKa2ZaFnrbfuNdBONQwUDAJ6+3e1+UXPmedRDccKlefkB+YAAf1/e+08VIDJ2o2Id6/FOtG692jX9oyOHiv+DIAbAWQXUNeIpv0ZDtrWlFvQEeO28j/gnukrq6avCnQAX7N9+Qs69pkn0JwMLFyyrMvD+XjnjTCogiK9h/0mRcoxzGWon9OjMPHSMgbimfWTBES5z+T5GOWuzwXidTZEL0YRYA9h2wF4gZchlzBKgGToso+zicT/xX7RnL8fZzigZEJ2i5BOHJ7NUv2oV0vBmK36ss4bww+QuMn5GgVJaUQcerEZ2WvqvumacDMnwDyTA0bZNAKOXT9hPAwQpLNWq8XGoSQqzJrvZCRQjES12sD9XM5e0ZzeXMg5CWPUXl6dZEjGghv85X8vwyZtMS0kyatDF/DBS6DY17DR9tsRaoukAnfLjYtEyYJGPyTQK+4ocef7ZrT9udtEh4eRbvX6f8Sa1DkdGjk3EeAthM9xhUJa2AvXRfDH4duZmzuVnKw+f7X6Lq7ghnxxWHhGYuDpHRgzh2plnob2hPXFx7TC7uf7JOQaGhSvO5MTY9T2HxMRptAuTO1tvweY6Geozj8ptoc3WFI3q/hCQBASfi09NQ5qMCkNkhGKNARmio7ulPU7Z8mvoGQtD9JK7oLfXU2bB1MhgpACFgHFu7JWOSlU07ycu3kL127Z11flT8V3UMGBwAEYn6pLMt+xP00QM+MA6QF6RJy/UTtCzUik2v0GybeFt4WoNKc0ZzazeQW+Amg3n1dc/qkPR54qAgs9O7JUm7Aiq+MuyImYq+DdzJhOvvNGFD422kZ6hLhzfb3RhPjGbSIYQM4zBh1GdYlSIb2HT5ivbJPXLIN1HlHSsHercI+jYRvMHaUjg8f2gfeQEcb956f6JcsBB4DeuDhngNhHQrPlRvAg0lGzSRdecvjVEwPOV+HEZxVlBK/vi5I2/NaQiD/s27iECy6euqpk9ySbNK9K7M4AJsNb/UyhsmEEJ6Ea01DqqFMhlp08L5hr9q1CkSv9QrzUW6TIUlUB/tT4yLGvj19Ya6Eeshks/QOt95aCEWQm/M8ECxK2pMRlASnzFkTbEV0hGmHylqe91pC9e4PGxQLrH12DMDIImx9qSV0aiIzpDV1JDoKiym587jnlf9Mx3tV3yJytLTjVysxKOFPdytUDdH/4zr0nIl7Uz277UwCGli+3nEilsj2ze88qYA5y9KsxHcw7XiQMmTO4dyNZdO/CVZ2yY3EWygQX6PYA53gny6Ymtd9vF712y2t9C46FMXe4R/e66kXAAj4hl4z814MnO3weRKafDXq9LNQxGgWC4kYfcEy6QXZBuvNkePJ+IR2JHn56ci4nWCHX6P1HEXDOVEkEujLrHuQup1BuuD44/AoIbjpYLVTw52YO4r3DVaZIKmsINcZTcwEQ/Vxnb8N4R1i9gfE1QldP00MJTJ5aVDXvNTYRwGGjuuYWpNuIN4cZ7AbcFdgr/141hi5P7iUpjYX30Sde1dTuJIgVoayVKlzlTmgvO0UJFrpc0pT6qIIaH1a9II5enLGarnTapkL2MzaZDXifazeCA8NOvuZ6VTpcdjlYhOaq3G9aP+tQ8AM4VnEL8DIO+9V4D2W1n9I3PLXtWHM/xso+0HiX0ShC8NpFE105k/hMGjUTg13EzncxDJtmO2L9xgifjxmXsZPArp8VDutHxK9kDv8FkbjDTjgeSw1k98YZuv3MqWsBf5FOlKfVY6Cj7CH1KE9S7OGfs3zyvtvYFNoE2mrczd3W4hADmiCLPlIVo17sy2/oh1ds3sNNo0UrkivyY6WgNrr5TPh+0rYlT4RIjLnGFiDXY5q85J11zsxCnnjF0BmcBqkzBaaRkW09W+mOBgX4H+791E1lKT+Ny+XL6zBOCgU4SDv7SRc2nbMh6fx9OEvDG0CtM7b9g7UhOXbBi80vya3REDBsryyImTxqcvnV3PDbtDWMGy/l2waT75qE6svfJM6aLMimqcWcZoc53+UwtEMg/B1wQR6KoE9riRXw8HvTQyKo4kFnAwd/3DaDCzgFVbG9ZGK7o5QlSdCeSFZgtzX++vNbTsREcMrmvvmK67m5sjKWVRkaE3HZLH2DRm7tK6HOLDfZw+tS/Jpguqe6u7pejmdfjBmn/5yJQ9FuLZAtNWwnbtZ7lh7IlCPlz3Xjke7aKb5nOXgFaAz/zjOLq/jzhH5afFLyCQKnMfHwGbsA4OmVrVKRRkD84TjQo1ljj+0nHK0CbuYqJ+gyzMJuTYQmgqx17rZtaFrJaL2sf1X0tsFDrmX0ToBI2nuwCjsF+pcmxgM6BJBcNujZ1syHqYwrQjj3fvetzxrWr5BSYkb/gXNfvQ+BCBwCVSlRFZD+xRzF+B9bXInoEL8izvye6ZcjXa3DJBPvinbMycanXEsZ1rWLg7X8w10wC1z6ExglrrwrUm4JxHDmyW9O3qj0UPLguGEcUIGy67m324Ie77rLrVMmyyW0LueiZo5xYZ574neEQfZvNxH5f1Px+XdDuMMJow8juEzCPbQljfrJlh7x0Io1jLny1nJqTfoJ/9jqp0do3FP0nbZfwJyeDJstBzxT1ZOFySCxEOyqNNLSbgR6etDeXcCld3YWlq2g8WXYv+We+RRYGnJlFDaRU7mh9On0vVJbVyWzjdEKQsUfTxAUEQ5QRyyFGYTAJGH2rnE3kCQBnu7YF07r0T9n/BsFj3APE1TAYn0hTYm7CQAmDf9e0XNYYqBBIm2fWkiPtaIo6NMPrKegeGZODfUQdn889Phc0QGs1NMxZdVxEZQ9Lzrdeawr7BC5lg3IeEF5GFz16HZZ7RaiqyVlOSsluNerBSmx6yo6yGHTlCWmbM8tuaN4qTVR83D9O1gIgwxFYriQFOMN8DEOd3OrrU60Si9YNL0Hxt2RsDNusjZXDtAEREYztw5z7RjtApwysgikBGaIh6LmB7KfJg6T35+0bB6Q8OlWpJQLDCSOU1u3t/E80Fla2IRTNbKi8v0QPArBve5Jw1qnhES2RTOQUT/OPTEmj+O5G5fMewqQwJAYuP3LuKbU6a2k2vX8qa9eKpngyY2580dDz9vMTibX2ozxl8vAMN0B7y20nnNqa3SYDQ6WMiFtglfz/ark9ObNP8+VCr7cmRHq1c4FHY5r/GfXqWSN9fsOGIRjNTSGuIOUyeudOMwn7LbAarn6oR2+vcPM99iGQzU1O5pxmHB14dD/h9d735qbsZEgUZdSQsMU/8+ZHqmhMGcwvxh1lUmP1DwXKihf4hgwE0jJEiS66YtHtZvVDkMlhV0usAU0VV3A7fbWM6o9PIfeImtqcsJtA67odzaE3q3ODjsa0GFWXcce1Jc5Ox++hOIyNfT7Py5xcFU6b9Kw37XtWkbk8DtGMyUSzFat0NnYxJgWt3ZWuddiX5EaAKB10IzsEGj5WXzX9lfGR+iodVsfefp6msUUg2yo8XaA4o+nYZxpxJsNxoI1zI0VB8577zqGhlbXf2SLfU7AEIAfgrpSKgQzarx6cMazWMHS9bQFQDDfpjJ5xG6PfWjRC5ElGiAZWI0a2WsYRfYhjXFQou5JWIKtjNt47WYGvoG+JmGGUt018SGatf+W0rhDTPKPcZ7Foq6P/8hOq97Ee9fDMkCGvF06sCr+A4Am9IhjUKBtSZgznrQ/0hUarM9dCNn2uwPOhFpwTAs3BmSZYAj0aynnxghq+WlHUZLsGfFqNKijS/VE5Y8OmxkniAKfRknic2wZfKOnHaDeHOgH0YJ7wwXUsRPuw1B5e6JSfVrIx3Nv+Al/lGyko8f3RaU3/O5m3xk5tJCxkTc8wHdjE4SlQWNdWf8dgSocW101wdjG3PHofj0zZQCFwst7Ql+lmSJxS/tl0UJhEGUsGUGKPrxV54lnS/yOC9qwwUtjUvzmmIoUoHn58OWtrzJq+6qtEU4rmIQ3gaDoJOMho9YzaIBqK4JAyboCJCCXFX2RbIg4uZQsDetH0vQV5QwKgcw9Y2Z00CXAj4wYJRQuqGn9EViHOLBO5h/4nIF/MGfg2xM4o3LxEjs0XqCW37DHssjU8si4BqwnCPmJ6wnbEZ9CbJbuN2y1Bi6UosYZkl0+DbKgdpzLvlWl/OyzM9Fok7lvvegCiQ97DKDBmbpFdg51QMlgDq/9Dw34qDHUPkW1OgUwgq8ZQghymZkNnI5ktc9pcTtCTgWRm62Eu5PlyM7pidL5c+x+PyTT6EzzI+FZnvJKMtX+3J+TBm+3ShTVF2TE65PCj8U+d4zZcggFFnTz5RtEuXgeLyCUhhP3vykST3EaT9NNPJdvPMjJnC0G+x/2Jhl/fzmwLLWVi3vxRjfk3ZAIcM1DL6tPHzZjS8GhHj3jQaXy/zIeZTfc1AgXlXxNxSQXYfizMM3me6iY93vT/7s56FoArmRh+GBy5PvOf10DSOsDqtSdQnB5oi08kTvadzX7G1TRzn68WVfnrmp35HjW1mfpy8F1gvFrkSSlCaI6kCeDLaWPZZCS4tGKvENFKDcSbFgdXwxAZk+wonTv4OZNe771YbJX86k7cR+ymYh+XEgdtp33VoqujQrCNQbgrvA8DA1V2Ly1nDE/5n1LiaCshe8LYa+1oPKjF1OJToAVDKmhdug90j4YCU9r53JrMCLEn1CUR3HwyZfQIokTcBpMIQ8BBRROAcP037pBFGYrD2/OM8FfhYh67G0mmVjgoMb+P0zey92YJW5EoW+EfyB4J9sEyMc+BvfdmMgzVZ4azf7TZ/3eDGrgrPCESGnf7aDxhrSAb3+vWQzU6isw6CTpAoH/5tbBleidzcIM/jMKhvvs3HxFpJXskM2rzW4V0z8gPGpaHb5xfP+fiDunjaM1e0r0ICsH8AYMkamn1F+O/964nVvoglrD6t6DfNx1KXep6eZdaH/n4YlgyVDeXPF8b1R//Cv0fOpnTom1O3LBl/PPgG7SOv8BLDZ3Rjc3uw7OfCp1LfkhvkdtBd+T0DRVAfysSiJB5fqoVDYILEjoSUhCrY6GVQQlQa7eHwQQoqwx2sXhL9FUpyOD0mSMQO/Nb+RhFCHHRax9pMuThfGmkjFzB7vyA+10QQvlPcYZXo28hfe7E04rFHL5/0vUAVc9kgGphR3rirR4iNeeLm2P75Qp5uWPaM2exJCFWG3v11rvD72M+qgk2Lng3AsL2+1i+h5ffgrwp/l4zT6vbnsm5fhPTxyaAtAfPDJ1JsPl25QfKUaJdnoDcTPVKpdSMC9oUIU3vzRzOJsBLSQFOisrjSKO+Hqbh4vjXYkV6vxk1g1Vjo8i+Q+R8VpSAD5rG5CeAOQ+hFC+z+ufgQTeddSpAZwXi24KUETMQNxkra4KC/GdH1RxImvNAGGe7ksl0Q2mEctuVF8tnKrjVgWchuwl7ujOQgmOth2Mpkn5HaYD1H8RdM6/vVadhpB9DH7cI8JMB9oaoZmvrBBKk5XETGURA3D0FmwXX2+uOXSf+blMc/YazcptOXpO3bC9kSqmHqilvomOpbHpECw1DdAd0HnS0IInuKQEq6N5FaDRIOtURRt7t1OL7FYkoeaF4wgyfl6tYAT6PFLFLyMPBWM4jq1WDp8Pt7oElWwT3tteMurCvZMFFE8Y0VrlYTRLGRhTGr+BYV0AKxg39QvokwCbDrAW4uGsWKKwNTuReOKI7hkIU1iqf59+LfPK8jJrtgFEr4QZh4l26rzEw7oINGe151R2gueQvCunXN6qjUTC3QHB1ti6pas/XIzC7SJx/ABxcaAS8A+79sIKoC2UsKTLr2ycH3936FO+5Jjgu4Xu1kt2AHlGYdYgq9nUUHHyP3AWFKYDIT2KnbMxPe1ZkktwimVLT3bA4usRdOlZbXVxRjQ/qJbeA031rjVywnEqGfHPYSHfI4ABYyT4IzBg+oRqjN4vu5aE3z8aM3ukYU1wwNbCCIEILL1cRf7UFdzDnhW7jO3m+MehfTu2L8WhJr7/SUjLdI2n5e/4Ll0qj0H6kfYKBncSTjNqSqgNMmBa585lmK5JLYhDhbg+24fygXyreD+58hzm1rcmlV50/EzmxHpMOuXWMwucR7mDAob+WPWbCD79ZfOlf6oebiC5prhI6n9IlqMHBVK87IZeKAat7nMeBOoY8Kgcbmm7M5NsxYgkijXC5og6sRT+4I7UhQGTRcGY3vRcWzEFq57m+AJXfl4Y6i76tA/6nmQWPZVV6qTtfNSP0z3lgj2gqMmySl4S6veKclbYzAkF7OXA+/xnFZmiZ7XJoOSPXH2ip39q+uEeLG5ZqpYpwoSTbSJ5tZo+hx6ZSTTkq+l8VfRdPShOdOx6Qhxql2ZpM/ZMI3Q7kG9xibIeSdON1478+uWyAYz5/1Rgx3G5sZEkoGRxte8aq/Tjwmtm5visLEnQp19HNOsSSdcCj3rG6VJBZwC27Wl2XJVL81mSLFUIDsUzclrgrJDl99BL1cxw9py1qI4/jW5/RzCQeDsoQDYrv86tblWZDr/xYlqXdurxaqG7lCPQhN+y5zsjBgswXOeomZBmuuq3OmS6yJeTcS1PVr1xQKEsf9iM63kald+x7ULse6tpuNkcPIMiXMFdE2vViu/cRpc0u/nHD7JJFEKWyFTlkQjBiRUuAVGOQWzJNEv4tUuqfzpMh8kVYQfbT0AkI2eSvMBfKcnDOMsGrj0VoQLuCbGO6/LbNjHD5yKX5SIr3BOIKo7KEHkz36gpSpmrd31woPW7hZKjtaE5ylvj9Mw1wG6zrbHUWSyKBW5XTPvJB9qo12Eq9hQiKIig3sb/6AFQYVT+aN3k3YYFqFFz7zyAJg54rVI4vMPjWzHjAYrKsTWPagv0JIxqvs0zezlLhZzUxyHfdVbCqyaMbk8lCCmBO7iaVJb23M3uQynAemptw/6nIKSCRfYrBt6eeQxnK8/ZKZZ3sf3F8CFgYu/sXzDRdfrZVcrqmpxaOdY9fm8e1n32Do4xgPv0Es/KNzRiNWzZc92r3GxqfGz3zN7OqcIzEYzfoMyIhW7GnGcyMwEgY0dSshfrZ6ySXmlxKK+vLVBQd4d5+kR4/YeZ1yGdfUxbmHPEK4DiHPwo+r4Q9ScaGjbgUzEaiSJlhDC9SoMyIAjPXYtU/ozjrAV/7sArUWiKxZoKR/okVfrZG4jfqVgn3Eac2SA1V5+kkp1/HXg6ra0cqf+ey8deZ1K4Ugibcg3DT0DI4UBtkyECYggEKcmnWNoVzye2Vj6n6p0SrA5wEFUYvLnMZYbf3UhrGcMajfS/OlRa/+fhNjznRuVkjyS2jNa4YsP2ttukxjvRnsCv/shdtbZPokfYayA9tVyhdLiaMoDvZjPozJawuMQmtjdW0CeTnfYdYZSQVETTC6lgxwPiq4sBhBcSqEutR5O4Y92f4hv5tuHEJ4+xKh7tx+jT9CYXlC2hQ2ITJjSIFgF7bnNi+bDsrDMREQqDiH+nuLcJb06snE4BdzkU8BdaGVMz1lqxWdmmbdCwFP2zTan1ZFFqMpLO0kXnf6sGVLryaJ9YaTybpu+oyYUr2GugfayCvR39vr/4Ftk127XB+P8vRh6K4dYu3rEKLON1aKkHuOplcgNwZi6MZp0Q2ndDecEIEePegnfJe7jiKw4zia/SKvKcNQp5Zf8G6V65WUq2xXnNLi1p9U1EGNPg+Q4nR7qhvKJmxrd7jjWxTB52gelnnNacOFL+78cgpCZw0VQNFV9HESCDi7yjXfY7m2taQa2AAmbhULV2YlPyPmsP1mNbMRfxJCSoIp2I0N6pAi4d99jpUmQtduhcsffyMN4DOfBeQtJoRXByLFgWuYulaLkGQ8Ixp3dFEM/e7EDW9ji1RyTu7liGuTiVSji5c5exPn8yDm51a8vDfshbg9ptuJLkxUY168mAsnai1eZE7wIMTQJYIHmJ0MsCYtKCFFf7Q64HKVqmMhnVfGG3epK7UMQe/+e2S50+Jdb6lhKl0RTHD3u5T3waLPVJVcDlSTUvRDth0f4g3Cbo7txm98bwNsupC48NYNrNgKDFTz6Se//TFYkBcOnFEFFlc/F+BqU56j+5Yn2pODpUVqF+zt/iZolXqwztt0Ahc4lVXh5DeQjt/5UdOjQSW3kvnCE684bDrQIEKwa7yWRBryN4GezIAFdTeyVBhewt59ZsIg9vqy+xwtXh+2UlN/kTbpo0KdQwN+lS+aPeMzJ0QnvpTwDbh+daoI7Eed7rnf88zDESXC5onKHXVOzUpDIfMn0eOAQTNOaOXqHJM15loxhGXIFaJ8eBuZ/3qAX3Q5k2uy+Gx01MRlenIGbLkefk0iqSOnFoent+C8fkwKpJwe3Is99Hnf+oWm2CedcY/u2UrK2fydvhbfzw8iunwcV9EeP/diIdqhLpWWeqYpI1vt03wWkP+3BtUFVnvX8KxtggU5OCe1SmwoiyNA7fXD+WZuWVnFt6isc905oyriYGb7L8JjrV8XupdOKgxcwIXmVFeKXK4RFjRPiDahWDIQPloFGf9Yv8yvs8wS+k0SUZj+fiF4aeFEXYhROGUmE0NkR/achop4/yJSqD/uB7NStT8xnbqDyU3f9EpTzbBRgdyktUu/XFcadExVAq76mQRH58aCSzhnmrfOucmzQ+MbOuKPNqe4EAEtgQ2t1zwDBcPZzRoXOUMWBQfH23L65UWQMnUckmhW+P/6f2N1X2IWMbz2+Fv31LW57VCr6p4edg4GL2bWj2ZV9H2njbyZlT4LoMPa1B1jscGMgpAOKA5kzssmdcpc3bw6k4h209UGwb1keOrHKOUJOhik5P3Wwn8Jj3fC3evRQsHisJgo9U2Cllf2EYXua5eZa9UkJ0T+Urihq3AmWWL/kW4PhoEYAAAAY9u2bdt2PrZt27Zt27Zt27bdITrIwcjUlXeLe61oCgG/sxUiz40kFngOiYH0ewNIaNS8oTjCIfCuHuHhkVCW7yhZd44oje6WcupQsjqOcotUG8UHrq++DQlfU7fHh+wG5A5vLBgbAHWGHa5QHd/IH6suUs6U4zbCWk9fD7ga7CMXMNOb3ptACowyF7JJn/t+pudfZMsaZj/nq+c0/2patXMAAzcTk3m9n0ON1KGAnLLE+8AO1S/LVTEaqopoI0QWFr+CgxGQ9MQ/4RvAqRJKvG8lY12dKbLhWzYs6ig2q8bpzU+3m3N9VMwZFliMJhj6lSSuQ2OwWegl29tsOgLDxTe89eZXY1aVo+u/PsRUhfJtl7RdZeoekbMhczaxL9jSF15GYujX2G55CwXh4PwDZhv1+jBwzIShEczLojQyHKvVKisigV9ALhKwQiJ/97kgLsbQA5WueOimdhguO4o4TJ1dynG501XRAD0BUDCGV+id4yiFmyKuz4FHRv7ccvJ86oR62i9MfEeodLejhpAy/Bsz8sIHdITdMvR76ipANppDn1ZgylIAbDEv3/kdZ+qfuWYHaXhX/xavw7cqq/XHKKXM747AdnYSsUIv4cZaiKqm9AtFk/noFC775tQZLkGUHe+uf7sHLl664Cj35HVf4jBe2JbpzBU8hOMw3U+AmPeBlLkKqIjaaV0FIhTXNNeVo3ariR48mxO6jR21F+O50u8yELzg1Lv2MwBopuQmXqbKAAxeBUghZHeJUy+1y9/UOgI7FRbUvrmFc9hMz++eU7yAA4Tncxf8+wuBjx5hBeokK19QJzdp+plvG4KNdQUhPZJMQ8BofWdi7JbK6QUqi1ee77MPbacZi4AK6StwI1rzkwLGytGjC3IK2jVoFjwD7IrYqua/SVlOqbUsoz/s0KbjafqLYVGq6mK6P2IpktHPK+1rrYuWQzVay9Zj65oVSogERbcClWu1Vf6N/IhLxvxCEe2yTHaBFRPrzWNvQ1UzCm9AMN6js/tMogjw9VJUMUQTmLMWMd7V1mt5PwXusR+kwmtyNL6ga+F1NYqIUxjYwopq6Yf3XjdnriVtTCzwQr0wjyZ7SXR9WHK1cPLE8NnST7Nl2Vxn5nsiTCfAbEgLBTwu1QrJ7m4KDujZPz5eD2kqEVs6kdwFoYcqnS1UOPthjbEO3RE9Vue49YruVAHZCS7Uesq+bpyMh/IYpiajU7UxbmhJ8wD15bvF+zc30UGmqrttC6R4tjjM99Gagx22WHAIV34lDyQvMx1fPh8NSnfclW51Ah/cuEj8eRy7Lkw7txTDON9XAMGVn9OvKpbm52TxCeWlPyENVxVagLCu+eYVaOziY3b5MjXcBKOaVCCM9HXov+0rWA4BNEP/YzLf8xLktvMFvao2sDwf2p8oiPJux727l7NgxslreQPMfXZTH5Lq1+PcC1c2nEHf7NMbRYrtoxxdlEzCmQoZXtPpcdlg/ghrRj7uQ7r8gnvVlTedC6V3K6a3MXA5GjZm4GXyZ2rchghmSGrYZZB3fqlXgnV5Lz0LDn99/NxloID40PJwjSiOb4cSuJmlJbEmyi8O97RxWDXuyBugN2eP0bE0uQkf+nykapObzy4FguYNhGMYeos5feZZ80YJjwvCRJte31Qgn+y3DmjncVcSTN+eJwehp2o73IsOq433HsnP7zJnRfCNBWkRXCMf16KATQ5zX78K6plYSXptCwXDOMGEEL95PWryxF6OSpL/FRw7lPPgfe0I1coiMXuNhmdddCAbcMVf+nmuk2kOeNAixlSN/swq5PzRbgQ7ncACr+l8BVSS7FuuNCeAMEDLge2vA2OCYrL5mwSJPfCKXpD9+Dkx6154CL31wcKpoaK4CylLbdCnUfn4VMwIpCestLJKjidazI4weYki9AWw4dHkMFBC75IItfMefOQP8Ekgow6w+OSeUtV1snrDxpQgiVK9Y1AlUSv5BihMuKyALfgPxJ0Q/pJnSn0pNKRefue0KD/sTnCLWOP4bNK73lhIGPBsZKqlW9pWQeqpToJ967z4SFrGOGA71mFDsGVHxBmq+2f/MmcKA87v9rHaQYSwC60rdgbmtTae9F/kHRL+DTvF3+zFJUrcTEDMXR8IPKsIXgRXfb3+i905NOpZBBZng8+/LmqwjDEAVaEkdc/ND2532JC1fc5Lc/k6mJatnbtmAKKHoUYcZArtX0C/hMuqF9yndQoGpHZaYApUgHRB+jeoDQ+GEzkoVyCCDw6Ca1FTloRNh+KTQKVyyEJh7mQd/jct3xlQIBDy/s7eOMHQ5z8+UMR1m69jbizlUd3hlYeKsQZrgnjq+OmfPco/i6IYJLOG5E1klh+CqTi3T8C53OybeGEEX8GFawG1KwPUQnXRY4Ol+PvTfDiolxBHnXnSuW/QLvEzMcvhLmpMSi2FK8GBQaT7GFdZt+TFCKq45IS3yaRR5EPHJOmwEbv+eujBR1S7wCLECJyKFqQpIHJPMknQLnnSKqtF6R07xqMmlVTKYoUeDq6ovGUe64XlxD5OulVQyhSDnRMRZiXriweUPuEsChi91jU1q7tFgtlX2Q5SDT7tf3Uxk5yOw4VSRQnxBm1EvYskWqkzlRkmBDv2BnkigwbdApAxv7YoccgyK/67w6n/wltb+EqDgmFvQkL11wzxv3HNF8K3R5X5z4jSmwCoAa61DlRmYpXIpNNeJp5FmkAhXrJlujd193IQtsMh0BQzU2jZtx0cvibw38l35QKtPs0amLlzA0bD5jdJP/jE+365CpCmjsH2a5VKfWUiQuzSxZnbqqMXCX9NV0/RP0Cu9V+qWiv0lHMmmmf2lqIxvR82UixEuGyQUCu9fB8o5RLQVQI1rieILP7tAt6zElYhzO8krab4mfJUvmcFjJR7ZCru5jAlCUBsI7H1JA2usfqu6BszAalmV379G6+hKFjm3jee1xd0wbSQbxRr1b7RBGVd/2QoidPed46iI3t5wMoTzJ2VGL6zwtYDytdg3h96/Dy25Ngh4m8pOJXxeyvAWrnUGBVpjFkToNJLrbA337Clu3JbyYTfH/yetiKlH8MJpbr8fSWYQAqh0SHVOq4X45iNdYLCsbd3AqeDIenDlBD3Y2sjDr+j7K1FjrFdkslZ25ZUEr7wYKOAXjma48U8J3Zg4K4v8XNswgiqlmQmBy4SgN+JOFHTMnDi0FdptNkMrxIf7vYsgx0HVhTzsTzqlc7+QFtWAZfOSN2etG16lYqsl1YjH1xfo2zJVNY8O4QrM/GLxnoHPgxZaSoxC1VxF5rKkGFS7ZObCcajVS2XLMLAAP7t1BFRB5cazZcSEXMKpyfOLRWF93Ax9warXvjTPdlhrp2MOi+/MbJYuDzyOMu5sepfV/x0zdKNMQnxfhoYiLXOgGlFtBvWMrr4IKlXM3BV7LkCFl1BJuk1a3fzrULVEBbB1YdvycmOMQUfLWTzFq2ahCmk3eDzVDx4/jfulA3j7eEVxKzcoYZaAn/tafybZMRsyoC0bFUy2sf/oeFjxQehWNulZ7AlmhOzQrVik6kw2xqwBKij+P5412NxlwGaXKe34KyUIXZhBZ0qdxGxYrZafJxdSG8YR9bUhd95uCd7iGMPEAoQlxwylyrjlN713gH9Zh9iWvi7RWObcWl+JNh2ZXSacr4Qi45QatoZOZzuXe90Q1yxg/oMIbFGCrJvxcscyR2F0M1D5nkJItDcWN1DmWh/Kj1sHwo+EsrdAokseuL0VHIohi2+1a9MbzV7AOQrst+xQxeQ9tX7rqOGVDVEBeAkNSvrZOzAlHDx0sa/DQGEafpmfICpuo8ETsJUBSo/yBKG01Y/GNCXSfuPFEgeqK2l7Y634TI08vIBtbgV5RjMVIVFtqK/Jh6c+/IGD14xWg8i+bRebx96HHEbeQti3tgKDQq+GJW2wGeofu1F889z5ve5vLfX/6BFZebMK+Z3GG3WXjLkesx8UfVPawUGMU9oqCHWsSN7meZM5EYdyfjjV6ktLEdoCuTV/e54Z88i5bYHuJw1ByC+LBrDuDlJn7/IDsmTP76Q3FZIGiUnAYRUjl/Nscknjeex2GoBIWL9XcHV9F6WgyaNOiZG6b2Kz14oA1dF5rWGa4P8drD4Isdb24QdWWI5pOfCC6/yB/VoUaKwnIzwjfyr1k1ZAJ76n7mIZXQRwTcEVznK3kEzFE55bXn8imb01iDEEK2zGXvLQL6b7Bt8VjEIPdazx61iHgL4EXID5i+Uoh3dmhGxYumYZT4ICU/S5E/iq5CxMW7hJy3dL2G/BrrDniXVMZA3HiiX2NsRk2+kK4FnMnrrXF0NWMjlIR4YO97H2jzUWz554FZQB/1dYdXBgh+EvlwBmsSpTud+zOg/0pYn5T00bWKax160L+N+2cPvDbMVsX3PgUHGH4W9gkVNRX0N2XC+ADvLHsMBbRHLu1cHxKTvhB29q0IjGAXjLvxPpsMJRgruPShcElsnbBDgl8L3gTZaEN7pkFFElRxeZQjlWhXmkauhGqUDKb1BOFYCzYEipJXRPLocExHDrGkLZ/CSaACSlhMbpe/JVsKe7OYK+Zx+Qp934wCoHGnWvOKg4q1VeV8t6ak0ZNzDlQPXTVnFblPy0UnPiFl8QTVwJyCjOBrw0PL2Ip9fUMPA1qcBWanqrJ4zUvODXyrAA8xd/Z2Jgf1v6utE8kHF4S2PA+1/aK8RZjlGUnV3NgqZ+iKgatqbHuZgyhshQvCLL9YyOxqDdgM2qDgwPvk3r8POYjzq3qJTvgIuEQuaNRG7RPz5ELLrUm2VfNwH5VmzLrEfKKi7HR4IvsU9JE5nClRsXZH2f1gXPJlmkIIjkgUii8sWq2J//REJtoXzv7+hlHDLYj/pmWWfg//8l3cnh0i/zS+Enb1GiHNVwnPKmtVhSWOmjhGghXaNdgu+7hjbB9ZQ0YvfDBK/xA3WaWi7i/gaZLtrBZ07ABrL05ua21JZ0YoJ65Wdp2uAhR9xqG94jQMypo7mah2S7XmEZuANola/nRs6SOthyQZsSNWI06ckHvrUEjQ1zqMCNPzq2Id1CZ2Mr1E1CsNOZT0AcJwCq91vXVcOsoUxWyby8VrCRykjva1csf37pI+SSfZNbbZFf9T2X49fluZajuXkDOmlHn8MITcFLF2iO5iTD311rrUkszMqGdQ1jFENOfr3HK9JBwInq6zVzxMOzTnsGgnDDjpP6jPJxDIAzjhyf+4LiBHzSkdnao4u1XPQOpAK1IFefQohl9u4ccTv8MTCr9AZNr3Hk/ZQ3NbED8IOgoKWYlLJJq2H1IVRpygliSqg1Falu8dBIZ2ICpUgXfw0P4d0XEvkt4qCrcrkyZi8oPTpUJ38mZetmo/k3qcLtCz7xCrfyBiXy0uoB4kA9xgX/jw99bHZkM9DaXicU7R6KR2C7YO1Jh30SEGoNT4aM7OD5kVRx+JwSLUcP/y8OByQz6PZOnKKrrbJMkQN1FHMp/DajiQWIWdqomzwuL/699n4EfDlu5YLcZg/FZYEbPLffw1ysZvuHgEc6r663ZrFew8KIuDRrzMHNI2fZWse/HtsnmyU2Z1kVtc4Dbwg7k8kf6kPH9b1crXHEkVmfBwdq1rDomjmTmBEWvfL7K0hGpAYWScVi5Tm7QFke6bspHuOO4bDEn/uyibF7YyC+12VPJb6bWnA8ZFj073uJByP8ED4ZGAh/P4WwEiK0muC9QH5Vrjj+RIcI3hwdR+BxfelzCfGhgtSerQ21VuojgGfZ/fHXddGVLjkKD4ml5i9Ai8F6+H5HrqKvKK+G+Ui0fWO/GM5s8wWMdjPWPbSqhr8l0jX+CfhxKX+XmfNzUlFWp1NaQ62cOp1/EK9JYTyo+WcHYTstuwHi79/E5b4l7VhNb3y5e4D7oBKbNZPR1XPhNIrLBAKyurKuDscmpYXfKWLzcXbHWbs4MbozlrRmM8cigQUW5cnd+6v7kK13Z43crblx3gF/YpSZjgvRiipMiPXud+LhSOxuur0WWb7/jZURr7u+r4n/VEb39gwKvOIGlJUR1hQ0V9J7gERaOiF5Y4eWRl1hKmXENHTVRZuWMnbCSmNXk5OluK33BWtNMaBmXUJwLv4Cxt56rBK1zEmtjHo1yCQhbvb2APwDXCCM46lrLeYi6yufEVaRE8ccBIo0eRsxVjA+0a3MMWVh/pdWNj0pAAsChOjG8ORGKinb890bbBBiqgdMYE9TFzjaEudHCDr7v23o+s28LQZJwHqFzn8m3WBm+YINVcg1Q9ZXgpgwhvdW9G6KAvLjKqt8pZSSbWPCZb9zeQOy8AVjMyYMXiJsBka1DZ1yaE+PUdP5+xbgnZ0YkvlmnoiO54spRQ1teVoDgs6WaLMed4bccr00CT8mE4g6jFGEqBag5H/EcOF9d1iA9z6mz0r6dC8fEMuhtEbeLXBNEpC9y0Q4uLi+G3T3pIwR7gKcTiZs+SJlUAYIrDkEXiCi6q7+zBb18+VWOOZxSzVS8k6+Em/ZIWSQ8Cfa8zwpPJ7hAIymRUPXQB0Nev1Y09GOFu0rhCtC/PjfMezlFrW1plk+oqFnpATWga2qsE+AOy7XGv43KzAxnx2g1RTxjZgc1ZVn8j2qRqktkl4PFfBOyBt1HjaOm3lT23nGIQp7fVzkmuknckxEQoBI7YRyxf4dMptj9xCDXxL3k5L9BarQoQHhiaRR7pt2oN5AHsxvs2s5OQfHwQNx5HTs3zDEdQVvYeT5aiiy6kDw1VUfuLA+nGFDnZTKPI+3eYNFfVVk+UGwMSLiWWrw+6R9Nvt06fHcVtOm+5earWOXfYXJl1AoAdZ8qlS+SGrcCqljqelylCJkpeRNwleDbEBYZ5zXm1Pdm+LkYvoDlKAUCdKsUAzLv8e6dNjtOUsRAjjfopx5JcHaE7m1Ea0eyc2S+qbbYcXTEMDN6d9fIU9FmJxjTXymPnk9vxYE44SUgAeg3kecF/IOwLTulx966emmSnundnlcRm1BTFhc4LuE3uahr+l3+Vd7HIVPPporjBCd5cAyrKvgbdepiAix+Fh5vcpBrcy3DsvAfDYXpEXRZjm5hEhJX3nQcKeiHoTh48DqjJebPQoAwKQ04Iqtx4QGkjf016u8nQwdjYU/IvgVoU5NNFT1IfVN9GK6ZHvRORR6PzjJ8VJraroF4GNtYjEkxsI/qrwPE4bFobskSOTv0GE7eNUGgPsOrxlkF7g1ear7OvEbArnK0bPZT+tSHciuTcZ3WaQ5SXSBEOzgelkjHBhzEUH0W+clvp3vbidl/HYb2bxuDEqZC8GV9n6bX7Jm79sncRW8i07909k2oB/4Np+eid0fMn7FFU5L/G8uX4bTPUeHNLV9VwPWi6a28pIW3KsSMA6aGyMJybrR4ks+HaCRAkas7l3SFrZafQU2QJ1GXkkIdsibBwXc7qVVikmRna1Uca4dvScvhJVs4TZIIwV2odwzrqqjvEdGninpW6dAL0bOeUXwzKsPZ1BU8IfPnG/J0Ax0StU/Vu/wtt44sMpyDyADIXVKAGOZlEcN8NULLU4q+ntW3/bFByhU0mPvJxr8Smoz0JjMXvPo/SUGsz42woudNXghe3cWH1bdqa36vLCE7FfR8z88F/B/JImnX5XFckhV7ZRuFa1xTEevj4nyCJJApGqifbyvHRDtDMxb/Ol9O4B9wha3ppyWvRTd30ZWaLvLyInAzxVx6jrxMB+aqIcnsNd98uT/fL7LmX6vqDUC1nSGuBqcJB2tdwwGpmn0OmMmZAC1DdY5oyjTd0/2i8nC+6ypLNBzoM0fkvIEt1Ecg5q7IT97JyIpciUTQJkN0/4gMdpvYrHc1y0gWTTUsAWC8YkHeDDytX2eT9M3rTOmcFc5Jk5DgVxtGjHikHugwg3SE7p4ViYDKkIq1B4azegV0xQ3Zf7WtdXkEU3sbevY7m9nI1jyRMYUn1wwTB1JKorvM4E9bgWU5akeaYvGQEHwym777EelXL3Pxahnhd3cNPkWQw0bmQ0wQVcfWoURzJUUt7ue/IKEsrCt6NMl4GOGpB5o4NeGe5NAw99zntLoSP4mR7qqx742v4PZy23n4U/PsLf8fjIY98Oe3FaYIFb/e2SZyX8iWEYny6anF+o9mhIGAMNuB/sIiLRtPjJ5vsn0GxuTYW4oRTbyOc2bhiIKZNqXqF0SI0LfzGM3kWnlmkJVZM9cuhYyIkCioqTy8QjcdN9AlRGHJ31YyLE30kfykIe3CQX8JeOXxUG6Bm56Ng1W9bTqIb6KD2lnzx2PCVUJFeQICE0EHym9Y/OpKGqjwPUvOikHLuyRFXHmvIsxTuzgjd4oYcqvAiEV2j4u5wj/tZGOjSXCAvmXn9MIhujkIyeUbh2rcsX3u1hPIzfgzOBIjFLk9rL5laa7VripH0PfTESKl1LYxs3wx7NWlEDxt22ZdjVLroFhQNcEsuhrIjHAldF4Y6qlwYwfEHdAjwwwNuO30fr17XBZ2psBbHXcBkwniVGvbXnrdWbx6gy2VKhGwQSOnbC72kC5rhIt8zZ9sujb78uOAEB3MPxE/JkrLW3iPk3stqkKvvO4ATq+mSRbZikIEwgrrY8rK8VGaL6NKUSDNHVte6Cv4yEY4jLr3PQ0CHdTolrLqWan6LTtEC/NJRZOUtQflmO65UJ89on5ZFhxOfQ7LzCIBpUUTeJ/hkemYmL2vjmjwW76Tb8YRqQ5OaEfArk1c5gSgQsytrA/H8iEfrAfPrAzJkwegU7NN6jQXQNC/EXP7fsgCDc2mC05x0JLz7oYNkgtU+Cr+3qkSd+n7FCFCVsP+hbrMu74GjZ3Ai1XqdMcRei0/nf3Prv+htRwtj67R+Qup4ywcWDJv86wKZNlwULrSjYo+aIl7j/qhGNvIm72jyXlM7+tPvzBPtsE8xWtBLy9eRM1pCBED9H+ZGl4BNWdv0j3JOGBA7QVrLGZhumpfBB6tSxXvezkHKkJu1X5ZIBKp1RbnWAPWodlrafKAeEWtcJEvVJx9gJjoPkD5Y32VLiRAa5HyCf7VuHvutPxxCciL1nc/0vRFwqpDBjhITqjEZMiC3SJ1QNv4/aD8m5cMPT5l4x7oBlZkqpapTno4Qi69kvTetua6KIPlGEqo54a7jgKaN+WZC33VYUnd8V7gctmJrUf9q2VtZhZXOYxu1foDS4xqkA75JSEwEG012IbLWW102pRg2eMXeXC5vp2zMHYD+uzkFaB0DPVUmnQK+cwZeCGBgP0Ywl8V/ozQeFplLcpaGJgIhuBGdnMTm1zR3OBZeEdCa8csCfJ5Eu2/Pk2thsRIaKJmM9e+fc7mU01jdHHLtZdPpqIE6mtTuBDoG5yvwQ7MeO08F+szKjDunH/y28UOT5Wj9pZ5+6ge1EsJ+0JLqSb/hWig8hgMS/fDJldjEKZMsISfl3eEQCVQT6aLWhuLnveCRcZjugf0Kx/Pj+MqHMSSAIks3tLuRboWEbB5w+23FjbvqOLTXdWBzRIsoyz8lQu0uWXGUN5rhMbvQEyxkqvdbGINIJN913BgbLoPAypZkEfmmYbh09t7nNW4dzjvJ+CTpRoIc57nb234h2JDjKYPaEVPGoL6Z4oUYVIpNhdjWHkEjpa+9aBgf1+/ZiAmUP9kWO4quIiwTZS5k7EignbdvaE08S2ZWyTnXO5S+SfRi79ctW9SZLWHSzpfZhlhjJr3zTnaebeNEaGYrT/JtbjKGcVADSGxmxBzfr3vD4p707tWF6t7783PuJCnj9SBTSOTOqwcpR67832nPQmTVcFlT5Moq9l122vIKRexDcIXuUasxNSadPonbc0uhr0G0zHNY7eaGL9ygzFner8iHkN41ZOKccYQAby8XOs/AutQwZ5UDGFyLBq+KjxUEDqMbz+febLrePzvzQv8nx6VHW5BGOQXSnSJy4PqWxUINXV6eseaD4ZfxvkORPIdwyE1F2TsE332rK0oXGeCzQLvXlm4HZM1sZPm55bPtYDQa7T3dycRQeqd6U18j6tLMq9/VZEnuOWLZWlXhICUX5vJRiCWrCVTAw+MJ0AnxdU5IHiXsW+e+dG+DLyRJaDJA1s61D4w3SYDRnEURT0CK4qpTqYy5wumDgIJr9G8RjOW2Mf7ASd3YOhrDoHDB4GbToakJnpu4W8UUa+dHbgGd3JciDlgCVEdJjQ+LAetH2Z0718yVGyshbtZnyJ86SxVzRu002LyZG4w1efSBIKup5EYHISNkHsn+mg/yQrBVuJTtCaxGIqdvMm1VSJxVQj12SX8HFIZoA/ZhGd06TvQrJRQYpM+AeseWL+bhUxzbBoqMkSia3M4hzk5+9H/jKSj9gvQT3IlJLcUyY+AI3HU4qz/iBEzN9qus0CT6E1nFKila/hdi4ZtZ0gPgKHq8441xQaUfbCrx2Ucdd2+9cs5BiErN4S7hWZPBlgBLbt5rJdj795DviM5/u4SCS7JYljBf3SPGuiSAZMZTuSoJ47IXKGHYb9KCbsB2h1NQ7oHs8LpcMLG279Gqh4aq9wL0mg8FGBczoY0sN2OKLs1PpaT+C4l23kYbrG5V+Y798YybYlMlf+CSSAO5sc769he6nm81Tu0BZuvGJM19C4VtSENA0zH97K0qRttKFbC5lZ8IzLw714J68g6n8zBX3NY2BqfWZDZSBG1PT/AG0UgkrxIUsrrBCAvlP99wekYPQ3PustNxSl9VNhfxCm8sRQEK5TT89O/IJl+hr7I8qw6mHadnwBlkoTM5XgdEa7+YXrXFLAAMY8SOCALzw921ei4q71TUiL9uWMHEpLmn/1gLo4btkiy15Tb5SGnR+UYtXEWDYlsiXF9CD9zAZtGYf3RXbuh4LjkRawvhvXZE//QtOtoKsgnykHTrwQEnlU9taRYV87oBG11t+uxrSEuKeNARIl+n4o/0vDk2xD7zZ0b3rQ9HliKL89WgF1jko5KMdB4dJ1zznbx2QBZVb5yAMGQctXRYFg3/Rh7JyowPVfFWhO9fKV+8oq8k3UWE6aBBDISAzs2yEoJ97tGPdrMVdcaya9FXlnNiKPDqmDUL2+w44Szx6R6TqnDDBxsz9bhHZ0vcQAFzLg2yt7UWhH2SMJbkvr+v8qMZ1DeEYnRi4jGSsui6QTtlBMQVGp+vXc1MtbIUEG7htaressttbty2sgZe5Xr7ey0BG7zTBWSVe1hrOgAnZ+V65gh77HRSiU/IttYYEHmwi9FCReFGv3NAlB1RL8Qi7tL1kfoggzebPDsD8H5lFGOu4iL3ziEp9IkBfnZf7LgDkT0+Z5O2hsFSYBVUKPu8XUX12rpKSfB9rPnWe0ZRyVxczgJqm+f52cDx3BcOtZOFmVA8mlyMkrMJSDnsOsxy/iFdbgt/lG85jdh3XM3hGpB9zijw779sW9FS3NgEje04tWxIyYh7C4aLjSOn5pUvVD1eV18S+Be/2TG0rGJY8GvwYR4Z5lXxvlcU/aTKU7nceDTi2O3x29/sXjcysnWTyHzfeN1WIgqkswUWpInhSwQxQ+5r02/ao2znXSvtPUWvxUCbKBuatSydKwudkpsZZGTKicBbdtikNu7mWxgvt2WkHnzEGk4niVcNYIvZwUCN+W961St6aw9Msf1vEFmhsz+Zm3kgPYFx3h4t34YvVYKeYypwS3AsPQ+vg9L6uarAdO7GbmEOgkctnsqZypohzHKxulS1UfZsDE+XFiP0Bvc8DyjNfS8Kry3NxUDm6LamVwQMGY5nSf6wqqCKZekaWLLiS5InhOuso7Yplz6jN1IENihvkmLkXODyAv/tPP/pRW5bqlHe1tEuB8pOFDSuxhR3O6xqN21k46Qd9cOZCYgnYTQzsu2XHnYSCyZ6kV2js39SNg5XrHX9hJqGqbKfT66GtgFKfHkfAjoO9VnpX0RDfWwQ70f7vvKl7BPUM2fpYwbghTQeVUIpKfHq4xNGx0m9ITbYo2QbaIvxed/wLliyuZR2dQb1hMocB/XVoq3yttrMaXt+f02UC0yynxrJ8iVnch3S18WE4Kg9tGg2c/yTqGXQvnb6EfxvoeEvmhTIWSWgZ4URJi+BOWCsxi7k/Nue2K2HOGYjeQlouSU59jRyowVeAIrPtMxYqKh4TaYMbILnhJIbmhznQlolGErP632HpeTwFP/Yti7WqKQX5Hsi3t7KlHe0OQ2Dfwz8VD8kEy6t8LUpZGRsu+GEQ2dlkhZj3/04HVJsFA8N3w7X7VZcoq6CRPPpaV9fQy03myrG3DrlNDLSfRkk5xpruXLLNZwtUi0mn4oMg4O8uLZ6g8+GkIDF3Xkz8tQ6lmcfoIkh3T2xysw+AUsEV35vw7vq/1dQ08ZDiPb7NmoMf5uvaCL/v7o0nGica9ZccXjDbTqdlxITLb5xyEPa+veRRJODjiOcSWXy/aV5HNrxVLUZGt4AyT9TaGgMHOvvPw0qouZvRfdhm0beYHV+Rx3/joQIZIK9xQRYsggvzw6YtHzHI+wZKTuZ3oVm3PCGw11JMYYYmwoHra/XutV/RApyuTZ8gX1BfUEq1Itz1JIznkCdaY/HkL59hcuyt4/JvnV+vwaZ3lbclraI3dbpILd9IjMjIyLfpb9C/NAD25bHxSS2X1I8KZM7+YO2RI17egp5knpS9xwY7vm3Mu0vdlfj4PA0SNk0b1csLi/kuT5cVUzYiP4E0/t7m8awRCzF86CpsADytdoYCYyutCxIrQyeToSmhFgTfl0x5VRGwspmzrJGCd/yYv18MOP3VsCremb/DRe30bBCcoKlxNbjNlvZ82GMUqwWXmdDdLaAIqcW8VPFE1LyRY4fnayP/2qbNR5xZZxDxkRMk42l699rKKtmTmytwhwr/HEqnenWy95JJnSRjf8QBT9ShbEyxQQAlbgKsUklctQVxqLMm9SGtxAyTlDPdIWsTW9Tlu7+ub1G8qU7ke+CH6nPhO6/thyzwE0hUHiffS2YUQ26AHQpRASLoRuBYvpBhiVrelOD3lSRLcqYWa97n4oZiiV3DJcdxepjEuN9R+URp7uEuA8RXIUoi7SOG/gE6dk4t3yKqDjORcK/gIufl0433AEgCLCHJXCeeiRPve9p4PzHw88Tuz0nfQoLmoet/5r2F2LG6Bn6f5S64AxIg/vhWjZTQQHAwDojF2psbW9DRsOwhMchGXWsQ/Yo6nJzzR8Qt0e1P7ZpUK4fMcUvUW1rzyufOF8V/mrKSjy2hlqDqi6vcbe3G2CBBaT4vZaOjNx3u1AASM9gHLFwmnO3/RDfJkKV5pIeVRMSzT79irY5qcggKSx9AoMQ2JVSyfCI9TJ+OsNhdnxQlsiF7Im9GmSx/rjZjDeOzwi+tW5O4UwUE6NfLptz/Ht2VvrxE8f9LcQuUe2dNLhYowRzX9x6x62S2jStt+okmZ1Q4lQ3r4WEmWxCx18S3k5fWscPIfliVJT+4G8jvEg0a+Y3yvdP+DpmtGFOmf59D/Jlirr2Jr+B81LZe8ngpxTzgrVmtSthpvJOD1aA6TKNpMvp4gmGWJEfKYn08GW1veSUZHhR/0GFkarc4AiupNRIHOdxLrNTLdfvVGlXwaFcDupmukWedN/gRaD03TBkPTA+QHTOv0igdogkycwnABfrW9JdykrwR4QU2lgRZaEqSmyX6TeLoOKsiJD4dHlcHWbuz31aYB5CyVe7qgkNMZoJqbWA1E/kR0s2R4J+dtbsiNF2MMwuS9+eDICwFsu/gI7IjV1BL5En7iKSfqxFfCnmTlh+rHeOeq7lVfULtlv5WrKFnlkf8ESU3qAkuCZvIO3coMDbVU5iHRl+GqgIIpAzDTSM5K44nbZZOANXzxL5PxvvEk0XAAqPYmEXpfC1WD9zCBgdrQpNfgbXbJXJNb51A6FyvFSsSQI4PxSPQsrd9nKNmbZo8Wkm/iLqVZIi5bJR5jn1BzNlexuVCVi63BwP0jRWlk2Uo0pM0wbQUeg6mtd68vPbNvZvD6jnQ27rRz4CoTXJpA+aBNh6ogNvBRq/ZVw5J2QCm1ngH4yH0rLEva9hK+aYAX0Hx0ea18Waxt4lkzcypHNzgoKVLunYKRfcrmTmT/nqOxvuKCSQ4NuQ0iLMNvWKYAL37491rKenk2xa8KgswxyXGxcq3fGRaOJZfZ8rt2gySwBdElyMKCFPmf1orqKpVvUlNjo7VLiXN/zu4GTOWbPvQ7eueSfiHmEGaEKG/TX2Jvz6Hu9rpBPc4IN8F3PF+nLgWfGfs6WquDjX/MkS/1zictsfzklfOdNvJXC1zBHRM3zB68Qcm1TGh2C75OdY9Qedpx1DZnEt4WILgoWYDMZsSwSKbeVI/8MvXNjxFuCsjwg0adU1tBfQMT232bRoyELy1/w8HS8tfwzfA71L3W+4gFV0grLhP4HRB1Wdk2w7YEVXuJgyMnUzFXihodOTjOR4RmFj18OFGAPPvusPdsYCWYJV9zYapI67gzXLNC4eZWzL0gWiHsjHEVbJNG/GxI3gLJaFSUI+ersdBEeQ2+UJgQPNrJsDkZ3lV7/GoH1MVfi6k07Np9jRkJ2u1xbmvJvaW/tWYWGfB0g8OCBkOCuziuRdtrKomT2UmpbnxE64f/HFm70cib1aniXQ+nbSltBiyqJ5RNZJoo0VYIgSPEP1jWcPjlpJgab4HNdrvpJWXy9C3Jv7V/8Js+5qei+qqfhOLPyhQksIgSFg+RZ+n2NLOjcIaWE40Nl3AI3a9zJ+KAJUSX85hBMF4TDDoWTIHzJTMphsyEpMTIgVxsROaVXeDd1kOmyGPsri7eUK1eJjID47XqXFFPSlMXw7XclL1EvEUR15symzyMs3ToCr18uOtCBEZAldIoDjgw9RLxVxOftX6isli8Lj0XSBtPTeR7FKrwUNjmB1/Gk78dszGqFKTRVzhxTJbjgQ8L1P/qLaWEXqyc64EGU1nIF/wSMW9OZbDRZjzo1n65mbBOJ0TwwVcqxjB8zsbMyZVZAM57fBMYrC2tzQpxlXCybTFES5O9SPk4DlFQrHB3xzr3R764hDB+BYQl5dFed+UIFxzr9fjbTk3MLzqsFym1pLpMELxB9KEfxn55graykfcSyKPNBn9+nEPSMv9iK3NFmZDqbLfs8wQulTrbYMaeskLnxptfyS9mumgv5H1MyRlxXVgaD0IDXBj5gnHdrVocI1r+nR53QLC+Ag6dQJm/dmE1wMEbaPJ5ZvJ7Ii1u5Zdglig7zMWDa/G7Kbu3SM2hZK4kuaB+HTW4p9XmGJSvUNWSuJR9ZYtfYfNXEJSt2ulinhjYSLvUajmZ7SDlzMmCA9nkHpRVvciYJkDUCHHWJE4ALOYh/2uS/gOELLtoAe15eTixvCv4QxLdQLrd+x+z0KL1o9J8kGgKC05obOQhXjHFpeyGkDc1J7qV74PxSY6uOJLKq8/gT9KgzG9UL1TLmdFAee9858QW0vWe35t8jaHfodKcgIQ3/HocTQoduf1Kr4MzyW44dl1+wXL31waIDp24cebRuChhBrEU4gkqM+Fs7wYBa7WUAcPp+XwP96UGcnBQp7aEgrkK1bwacylzhstBX3GO37Pww4J3Q8QKN+aJGfes1l/NAjxk/NoK6vKk4SNT4yvBUZcNHcpk5O5xD/Gbc1q085+QnEjUtRqxEwlW1dxw0Mz0Jdnsa+ok0fuIDAtvIlL4vA894WDJQIGMnrPptsAcGA7vfJNnK7mo2ZmGzoqvjvX97fTS6I3E+g5RT3Rd83VChSdTg6B35FtOW5kCiwVfv8ukwZe2rToCoLq2sGIXfgCE/Se/vkNMzFTQJky3TFNDNIpa41/2ZIBwcgjvpgKAalkd17vFKtqbsGVklcJ6BlJogJg5cQHLKIMz2MEU0GLC8vTlun8tPcJrROKeuPqwr1FtaIqg+5/rB+qfITsD/kz+SoZ7S4RUddCrQZ77FxkXA8lyPeGD/BRm9xrTE8HEJI2Ajd2KpbY1lqUs7tX6jAtekLDcaGPOaa4lZEAYQqZs/hXN5rcNQUWuVfcR9gAnb/yKVsVqhRMYKJ4IXUIv3GHpH4h9xg6C/6ZQBFFZ6KlUPjUwADmKmCU6+Rc1UDMDi6JTHu5xzIUD/UXw6HZLI33MIdSGuxnGEEv1U8zv1DIgnRXBEDTn2dlgewZb4WQS9zOXyHdYIvbgAvSiXVnyLoOIHAeM8txgKkcaz9zUyVfHjhNRn78hc92CAdTQadFvo/uWo5zg0rbcajMR/uZRb10J7RyJkJy5i7q0jo1yKXAZ2M4Z5kRVaGDNVRz1crwdy419dRFzlWmSdAhF2MxC1TASt5i+x5IkIOhgHmUVXPaYstrTAATs24U5xIKa/3XQlEDrmx/Bw7/PN+OlnlNK3kQqjbrzf18bcu+pFX83uC7c4V7ZDa5liN2hCjzkXmQtiQSJ6HEgeKR0Vba+Y+P3Yy9wGC8Tb7WZctp6AHwyuUTZDshdhKssI251M+ndXRYhlNp5ATBdVqUM+HTpYi4mp/PUFX09ID0StYEqmbfduX4vAVyKAzyip/nl1SI51gGgVrmAVlH9EniguFaw+nF0llN/WPl2oos7UZqC1HIIDnq2NAYFaDiai8/j/iAbIZVhBSHDpW6KfDJO4kBHaLaW6wMjfN04xF9gEaZ90o0F/EEGW1ELVBxXo5o6sFTQgYLbj2woKlWmtRV0Hk5xDC0KJkUpWNqCa+XzCXzYr7zGyqUnpikkcbpbLKOYS3L/Ap9ZqJVZ3X83bjMBR2UuhuMlVat52en2G5cN+PK3QB4BkzAZgmB4vPMrqDm4gJ9CTimG7IrOECLIw2qOjqCSPk7To+ZB7vozFWFLhLftYsdVUriiMxlipgk4K4ceYCnbVQa5iTMT4pNIhc6PeYY08FnuyWU8VPMzAZxejGTrA2CmwAIiMLpSVUrmgsJYLwq2SCuVnX49vFuWbgqY44PIydRruEJLT4xJEgMT1RB56XHqYYIRGhwxg9DS+VnIOwUx0lJT7i2fs19+hJAYlooXFu6BSRd1UZ9STyIyRl0ky5E82eXaUqRhXfWoG2Bu+9Qlzjn+iYK10pQ0ymoZEQmYrBOtVkVsTobSNuoRYuIZyhG4rpgBmjuo/6AzZcMMf0CgHgagd9/NVSX6X1gUnqE0Obq3WdXrrizJ+WW4a97sTnadWXV4VbwAYdG2D9Vcj1n8su4q1rSrZ8jo7UdqNQq4Wjp+a7w75iiUqDiEQlQcByo4aBU9XcRdYxsTveH8TibK2diHr/IIKhR9sOwCcuVfd+n4IQgL1eBjZDN4KQ7dgY6hUmLcM6mnDfzUgMykNA8HstEkavqioYFVjn2TuQq0DT3NmTPiiE58RwMHXlCfeNHv+I78DqLKKlj+e34x8B+nTwqf6bb+x+UmPI6kG70VQV6AueXw0vKEUAE/E6kmkYdZIrwsW3XWTKVgSkg4c/0otYiq+6yyMddiW7INwDB52EEV0hwWxhHJf8aeKQnVmOMEZFsyxUxe0cjDCNuBkvMvEIK9XDmBJLDlr5dWYtl3Duk6w06Xc6Q0q98xDjLB2GuFL9KXXoTkrk+36c/w0OlqBmn4yN0E7d6X9O5k/CjRFUmHJDgqXXwQiFj863Dk+MBtqYNCgQxeSW4IuY9bndjTIBvCZUNV/PhKQeo451qrNsLnMCEQVgni0JLoPQjGq3c0AkL7b1/ty0aGZ2G+U9YZh423GjH8yIkXdtvcXt5yRvzgaku6gl2BHeyijfpsFoxsGHGQOGbwiBtZ6/Sz6q2O1vx8NWjrVSQ5pOUZISmLWv9CPJP4D9kAC12HN6aTQrTsvCS234IqMcQzw0dga4Q6U+1p3wOWzLcEXTcZMYMF6i8dQ2kIPQpMlx+ax3nwp5cnsm6FIKsqiuJ4wK/CeDFXpQLbkyYxXLXn2n1iqJUW4h+TI6BPAtFwe/XC1H6pu48nrAIvND2lPtQE/TD5YkmVvKCaPsMx5qOfHA5/T/HRMQ4t/pM4EJaDWrKVc7KxfLPfX54Xi+a5m+geZXuUxIaKZpgv5khDr6p90UO63h+cNlWzt7UTEQQYm/5F9sOsx4WBIWIaNrt2Dp4b2vNJc8fUu1pJLkd5lttOxcGHyAERC/TdB/LpkWA7OFQZ8Otujmy1rhQ/Ci7OaHtrSgyxvqFucQB09i/VaHQ0yAozIo1GHtmrf9ZLczEJVQ0CkRpcP3L1MkP0DOF6pQrguFQvrBq5A6rqnc9s0M+mruGzJS8trtV+ZeASj0hoRjxFb2H+MTsPM/rGlbrX/rGeL15knOs5l/0eXEut2QTPSuIoHSP8ZjpJ6i1C5vhWqK07FNuL8qmFMsHxA7WGcSs712jDMSS9Sx2ETwoQHudneXRpeCDcx3AhEantxT9+AkjAfuX39PBAjWlv2SWVEPjk7IbdvNDq5JdeAn18HI2/H708FZ6+/uAhNHISGSAEIPiAEomIZlffw94zgUzvHFSUyHE+D3WEVy5f2Wylu1Heq5hOQJboqNzdiHMZxv/sDNvEX+CSvTvBwxnaJRt9fZXDdkb0inWTcBoLL8GnIFQAlxxISz5Oxw24GCW/my1upRh7djKBT72qVwsc/rE6nqsJnp1SOgVU+xBNsNkSaXExNQ2XxQJqtwQN8X7116zfsMdqr4SADs9VbqmoGNHmbn8Gtur9ntQFzif2bY46IkixPnv1RoevWkLmImIE+QyedxJJL+lKTJXuNOrEaLA9LVow3+duXiOrVHfUYNT6oQtPYivHP9b6eBC2ms1S5H0jn1fkMyi7ClbNI3VLQqrCMyDKSu5YJLv/MJbPPlY5KhumyIBBoJ4FM6wl2XOHwZbooSP34JuDFA41bXXQyl7PELyxp8Id7Ym5myuuU/NoTQb8JXUpRKdq07psiXPXeuqLrQObHoahRfJgK7Ks2Y4tTQF3/+Z2P0f7xwt4twYnsYaKTrLjXQ1VYEa8bCCcrCOgQELCGq/edjxa6EI7708hzDNVFYmQIBW4dir1mnwPJJaglENCepDTVwSjS/4+rqMtyXVqD0OIgxtUT12QQ+hRwGauedp8JWrOLn+0rXXbC4LohAVEFxTjPVOhtK7Rdcu5kuBDvh3p9ZEr1oEyShqLrxsjZZwGiwZtjaOvk75vwUUFoPJgaQdR+RclWdNZvDwJXIUW7Qb5REZk9iidIHsJRFhYtTCkb9MtSaFaUDUGcAUoQ/x2QUkCg12h194UeFMIXh9YU3KWAxq5S49lslo89RzxAw9suf7mgVeihKwsihTpm/SYFuID68CDQw9wRMS90nDGXIJ2ObYEiko6XCDhsbbc5uCwBMQYXqrEUOKQkBlT8T9i/ju1V5QsZswjJ1g08JDyk1iLqZh9+1qQN76kX7OPQg9E3kndQ92r4FZA1/JGqVoNQDlYU1kjxeDDI2jJxKId+CD573by+JYpFDbggyUJ++02Cr9Q3B5Br/Ldj2G6MzCXslEdjhxKDxS9qi+l9zFNHMHb3QHWJRN104/trvGpsW+4Hc/A3vltp9s+KzJXNuDoMbWfupam1ZffkfIkE70hVBRFksqhNityyQRFYV0lGMOyBbWqxXukBMjEWAcS6NYIIC5sm/uSvthvSB2qxgTKFAMzGx5Kk5QW2xKORjbBHQu4IMLptpuQQQCMbmOKTxp3E7b4ZUL51Wwv1UpdV8RH3GcMnPT4GnHQ1tK0r+Xmec+aDc5qLxf4CxjcavVpfEVpGJQaIv9ltIEteDXiiSHlx8k6JxC+nfHyEwcP7dFkxj7gCPd2yHgqPDi3e56IplLXH858FK9hhMrUyccNyIXOnbMeAD2HsVhJJKAMUSENB88RlZ1kycaFSbfmZ9A5FGXhe1CryFyTeMdoa2Rs/CJ6VqrGqHeWYToLA46SwDj0J6UcuiLoZ0gGTLXb2KcUInNMX16VNJLJSyfv+xB3euKjs5OmHH8vwg6JME8G7kW37Hj/FVH4akOHDF1Pg3gtoSDZLKDBmq2F6jkKFSHX/di6K5Eh/bSyxpU4+9HvVQU6Y8TQ1MmWfVl1JBo6YSw/AMGonGi0aXJIySHemM0vQWVLCtWu8V+M5Myb3p7/SKGsETnUaFntA6YN9Supxhl51O0atruHTzMU6mNE/kHtNr9jwTqmm2xHUSrIjfDJGVCJDwATSziv0dFEWjm7uIkoB6IoGUQVjMD2tbR58qjhEoDb2g8dX/pJZc4Rlifv13z60UzJyMTZAiueX3KeOIB4jbog7cDd8FnHijbj90YKqIS/jf8kVbSawR6tJuTtieZMf0qQVwSBdRsuO2C5k4EQxhqXiv+ROoz8THI7gFxn875mKvY5cAe5jIxfw4r19mQhg8tBP6HcawGt2ODaEA/QoHSi8BAeTi8HW5QazB7+bhxE31XHsopexQ50zvTf7v0TPMafSHbTJ5xRU8XjIw0ZXyRKOF2UQgOaVV26jofBr+yogie+v1RSrr8+64645KqzT8cUQXPm60yHUlaYJbnxINyfMrZO1myRXIYFZxB2PDfhxFe2mu1/CLdKKJhXtJ0Sl3Az6AaI6ife8qETRk+XTlL2FSEFhzX5qYj6T+jD02NLg2syMZlU9M1Mev6wYrVT0Lr7j3EVcSmJ2Rv1rbi6SqsG3Dcm1Ckl8PxIHv+RNxkuiW7eBiYV4RXxZSw9Ml+3aGFIve/zzrRmA7DvCdbCXX4Ozv3sPwo3YndjXRGjZju0X2qsZsRQSXEJUY0kXzzocBU7JFvszFbAvjan9OJoH9llcB2qcl/MW/qCY8caM5+OIeUfFygg79zk/DaQn0Het78DyRyD9sGJNy+3XfPYKTbRS0Ka+mP/QcQpKatXZw6zRatCXbI03FHGWyhirN/D81hRe6LJMMBVZudK2kp9nlLTIfbubFvYRKQsiyX0A40BNUiH0s075vX68zF2zVzulWW4Fvv9yOGqTJT+6CH3LdE/o8TJKTYnwzPKtjv+Yb2ylJXNlOL3Hud5jL5W/cQCeelzAbdHoTFUETIGxiFKfV+lo45S1yK5BD0cQUyGo8GxnRiuN1QjODi4XsD3gbbi1bOdnEGbTdtlkZu9HWN30ed9G6BeDypfO2QOlW+l6gNMANzOynMS8swp3l1IgkBXA26EbhvOi+n96LFuO9EMsGOGgwnq1nnJmBzqigcs/Zx64Pgm9puHobpNCLR72D0CK6sTj+h95CiOicBDhcCTZvvKbJx2oDEnXoSqxa+wh5R3XMJ3XUQdSvktc0+l0/l+eZUEONkmjwYS0k0Cc37XUd3OD/vKI44Oz1BVHIxCvwYM1q0CpNuCKbWXxDTAA98XWUoU/B6TSvIYjNNqQtoGZJGeLdOYChcWlDiAMjBuO54hW+KCZr46sQAG98UG4vkJoFsdPwUlHKHx6vV9xptRPQ2v0pO002QNwPSXXaifL9aPHAQOMJqXO13AEHmd3xrxZMp1nq8oPZ2YX5v2iVFqfvI01+m4c98UuQhZRHP/jNkOYsu0f9CSaF1m3WrBlxN/OFIh2wrfGB4qXrIvUZ/ygmxWczW8ekal4hWAoOeys0g1gDR85D2mqunv5OUnIIFCEfn4k/GaYESvrO4I+fmIrd7lu5+4hOx6i7z3a60oxV6D17B1IpWVbYNmOyodmuAUXRESlthIchptSVLJLIEiJKMaqymzB13wAc1D0AJ+pJUunKdcvMR0hIBZZ9xYY+/Af4ikijI3POR9XYtkHcQAItRITmRq6OnVbGe9SJM1tUUmXggTpEl3DkH43cAO5zitIyRHlGUjc5/X9RnKQzHruz+r/9PSUpNxxR21+blU7t5AYze2uc8YzhOiOINl9+7T3Zp66TzVaUIH2LcicrnsJTOXg3ONuE3HrdPCrlor3p3IXn8mbpFAf2DLdutO6Ip23Ha0F0DIrLiRBcfAyfXTIYef+F+JcSXl3P5AGrB5zPPCkyeg817fg0ge6OgJDptdB/3E4W6cHWZbaP3dY+zgP2ankPJY8iestlzrM3P1tmAX80ISSDMcHo9jkG5aN+7BcVSGZnvyBH0vMX6ixi/+o90ezAMxAAAABjbtu18bNu2bdu2bdu2bdu27Q7RQU4ABTIfuGalczGu8qV6Rx36E7pQcZ/nqLf2aw07+8ltPAqlCXHnYpj7eZNnqCRNVkguSCNATnH54Mw0KysC6CPwSWJ1KIYaNZRKc8CAbqJVD90dSAe/jXh44Jd7MDNnIGlvg4w6nq4elKcSiumzrAhWcTNMAsxOScL+IzmiOAMz9VScx0WNIMdqxtXAqIUkRth81AYdHOUPaXQYySBN1qXWQ9+9rh6LHlkw1+uff36qVlVFRKQW4E1bEsfz0VHIQptLGX8TguXH5Q1W6q2Z74U2Gtqxa+bj4nhyAgjcSdKHg3T5WS9/UwAVogWAqYQZ5KVgkNh2gMjRq2n+S4rFp4AtkC27L47SoxB1OTo6Cl/FHs+fwOyiJGUTSrdmdOrLKz8UrDekR4/i3dfAvUfb9PLRfgI2+K7USvHLxHm7yMfbBYySF2uhhqn5LYgwiuwVZ5WgdPvqB7+HXNRIj4DKopVd/nOgP15yZn65VuedHt74h36YA4NsTOvAlNGSkuayG0ocSBgMW5nhaS6IX6adwQp8UKgv/JZJn13UFzKM3B0/f0l4mr2RVfqO2tQNolpAgRNtEhtVREqUeFHq3qxhvpHFO6Wc7UNv8EI4try8K/2eDHqVGrSW5GT7Bag/xdDxROPZEA3mz92H/tS/bflkGTyT5yAIjmQPlbIXXfltNjMLSSXHBwp8R8P0q2xbxoAAYPBXwLUR99d61DvKS633qymg9D2Vij725XDAit2sn4ogTbqn+Yz9Xg+vqX4wp+YDtPf6bs7p2nSzfEZpWN8TgRdH58nH7vCpyxZ+ZPoCsx5slx/V0eTAeToDTS6EILlsD1qVhs4Mo1xDkTkFVYoKtHsDFDsPmrUOZmR4ZI7jSAvONxUN0V2x4gm4aN7PnpAMtcd1gbKzxRRiPqssWlDXSkjKkq+3GPy/pYCtM9hpgeKKhPJ0Ex6OctNHEf71AE0N8sdLgIzVqj3cxN8ZwG9K90KODVwVz4KWMI7XciBq4bWk9U+d+gMOgyuLUW8DLCmPgK7mASEw5sVSTvlafjzVVZECVC6EzLjp/GIeVfxO2i4FZpicwAaFc9rQL2Oh7zZVzVv1xuRAgjJ4F6jn4EnFZRRC5+33ZFC0UPMbNmGpnzOyjg5UceX3QC7nf5aW8aHamXAV3ZjgcFzpiUDSqhGfBRenF2SkoVSUXLzTxG9MKIBQxphNiiVx9hbccFocsHQvYxtC3fasvN8y1P29R/B+3/D3pxhSavNazG3ghRyRNVqHyyYS/A7oeK3DOKR8O97ickdMuJT58dJspru3GmiO+KHxdVDXklNOLxdYO4MscAxMFdZUl73ik3j95GxTVgTQtEKfuxQ+HPQ0sOOOBtXRfE/CjzwMDhdkFlsSATs017hNEKUwpdIFHl63wwgYtMyUt82y5+M8hwDCE1PGaRhcKnOLM3y6pxj5i1iy5k8T1tIhwIL7UsVPyC8hUA5DqUyFTOtknFnaqUUQYBrSBUZcSU8+ZHwyrb5PnhlzAXWXYpYgVk5PD0h1m2FOQ623He9KBj9LmcP7UC5ikIaMPzNd18y/PPq7L98LTq8mgt4VQtgVKurpI/Mzv+af69CVJfF4a0jK2gM+E1iEallSxpqHtMW0T3pc/FVA4pAFl0HMCm/UtMEsWEMsENCPS7Oq9tqYM9HBD4BG96VSl9C37pHWQnZUgkaVNz8w64qeEDP62eVEhe9Popgbfse0X02itstrU4GCuqYtByhloGgNGAn4CfYmljxdIJ90157Qctp6Qgyv4/UeTtL3leeF4YsDHSM6ZhKIB/HRERpNQP8iDgkkqa1Se6hq5p+qsURFZCSKWl+t3ea4P2dmz9ABVbV9/PW1qteSLR7GZWb9XYESlawld/E3g7g2PKmMCw1HtFONR1C3DcJD5s8k9gPV0kkU5OZ+TirImL5Vk35BsRszmrRsuver/Dmpg/C+f2Up75PXZSCqvZbwolX1wcdHGl5cxfcDY+NE6xgGAh+lQs7AYtFnxjq1lEn1QhsKasfWtx5PHAXrsBls90fPDeX5+nu2iWif6RN++TRdi6qYwnk1iv8IfnqTOJPdNuYPCgltSKu4T6gPomyolYfWP/GkKZX4Svl2Vgsjypejy3TkMwNo/D0JilgEw1YQTZ7SMlFzE2nYjphIShXNWUFjd7tvd/qFtLchMfSkOhH4XEz0YYUM6kkerYvjTagjcyM/Gq9cMCR8QCIkpE7sIk7ql/of9dKYfgRGQpFWcUUSxIbCSmBHbqQe7sSULx7QUqsxr+UGGvzOPg5kLvOGzuKStBSqb7gqp6srTpvj6FSX9ohgYb6UJg9Mbpg1kjoARBzl/DLM5mmggGhAxGDYt+0W38TztchrRpC+gvnDr/sEVUfoQgOhnGHlk+RGJNUQccU6H4LKDAAUdYm7HYGA2Ug/iDpmrFiHkSW8raWqJx039Xar83qzp2SYVMN71HcsGhZiiVlHJp2SDNi8TynKH/PnON91DXUAaOEXk9yFBHTomkfk8yFNK/cwNc2NMgd3gcAKn4/HY/uFnaB5WMy0rLOT7WVWJLO3hD7aYC3sChYwzMSoPldPMoFlYYf9l/boToKYCdMfyOXciU2iz9xk+5mT7bVIZ6vg+PKHLqqNP/FKPsw46wR8fl6cTrfqcDIAcY9crnjbF6izz3iday4PMaUKv4UNKEZdcG9NOAKBUHkgrrzoN6Aj10uJOH4SyjO28W0u3Yi5oHIYyX+h5Lgd8tyjXXvUW1Y6SBftm7IBOSHDKGCs6zJjsolZo1a14Ag0nfCheUVcROGJGKIuW0Ro3SGnDO1FQTfOkV8nbO6cyOTzDC8VWtCBllzf6/MqaTfFtfCxzQeBExncI3k6x57tUN5SiQ0Yd5N05+MOKGXmMYHG5AwJ1nIkB8agwyrpUdXjnHWbswls+k5LqM4VdT0003O4YVcrDcknRp+9noKGZvy1lyuXvMHrVkI6OFd75soklxlP78BgoCGQqlf9Bi9WxrqltFFFzc8ZD8yJLkP+rSsoxWEh4vtjdui3gS8JaZyr/ZnwI45oVwIpUdkYryJOf54IlSXvNdJAMMJidJ74kfesEJBx8k0Kecv0iU+ynlZG0BpUvcRZLo1T48NfiGwPa6K+5zUVI6fiw6kP2Lv41UcskVqI7JpNbri52z45wqEPTl1xwspPCh6KobyHwr5ne8Z40DerJ3qvZxs045hXCioTtUJmHXTzbJ3Uk3NphZjrphioUZGn11dCQT+VtpyZvtbwtZIO8+jCOFlLP1MP7DJzm4WAmMpwiPU6jM92Tz3tKNxL0APcFDbf2a1ypT+aHrofYFDHdwqBnKswxOVvFS75s9PsHsSYOU3zmqZQBXmvlNap/7hU0ib/LAwxLlvvR6cXhVn/0mKYNWSfowueI8mLgpFKFdUXEjPwo/KmXL39k9HHIPQ9PEn9zOTK7+1to6hfHvEEN05IUxgTIVIR5/SpOSbXNOBa9hJI7BKcQ/uLoixyl6V0hGo3yDdIqP+Ol/zqYb6apPNQPuTnqQYxq+HON5xti9s3frE8CutP4PwNASZNQ1NzirnW59wBmKoogcVfHKdz3Aj2i6gpW0XH4F56RkvUOXj+eyosnivinIWg0SQwpAnsWLaAx+5v0D7sS5NnTgIera586NTAyFCjb3Z+xp/EFT5Nf/rBsbye44ukOUomj2jtzHyCMZyuxKVYaPekEolOzSSAYXjrH6T1zDWWZH8gqQOczhzUFo8opGA6JA0+u8iPmRm/jNJuwFOMvBKcEYBABCXC/3Lq/UWHZ+wj0dOm6n15iHp4cNd4ZbmV4srfZnuycP1TNX+cNKnFtQpOR2aVCDHJN1YRtzDYRldUSeGH8oROcYNY7GaJdGSFEZCA8odXIOEutGm+i/ggN3ZlHAeeJlm74nHpHTxaTuOHEapBf5IK2KT+ne8QU57rMEhe/gX6Fr0RXIK0D0UhgMryzvlqxqggmYEr9cU4t5/3OyWBexEyc6Md59vHwgZi24MO+PLZOaG2sWBIneqHtNWdsFtEIBjOnCUf+EZb3w+05hMKmsLf8NyGwvtVR8CkKjXOLrdq0RpEg1TwqxDM1QvESIdV1ZZJVU99yrySFuD6U5MIj3scFSFX+NS8Ql/xEOYzTrEBeBUXR+zhfllrmhIjsYVvLAA7TuXJ5kNahBpHDGjfDd8+j1sYsVjsviAOPGMdbErUdDo+qlSgNadkmOQlqBsVwmLN1yZDsXr0UZkwNdEisCVqXtgv66l8hyrXL6YaHraMCOqVBZXQxlkcsqGtw95/WvABxOm9MW44/FhbaWlCCKyXrVj3zcNx4egviwcZnFpunrryNh9K/hpS38FVO16oo7NFvhCthHIvuToFhwIkjWvkJEuS1klOpJb2NNiKgLdSXX5/8T182L37lcYcFNVDjvp1/2i2JlLmpZp4YMKQUbvnOp1Wiq/effrTVJzLpphO8s9iaUotnphZTTNKQOen/1IJn3H1Fqigh0vDymQZ3phaq5288NDI5YoKQcZmu360Buh905jOxNhYFvYyGLMA4p+mBRtQ19vkwU7oVVdHtwiPM/Kt+/v6vA0l3rbEzOAf2/zscj7iUe3oVOaCZx7JzbcGiQmFgoJaxF+6XN/7V86xi3sZ3nXATRXvlXmxHJdurOCUnHPTsdSNAmAFuYJ5KX628ULhbENbQ6HkqLdHl08DQWy7SryKF9LgpU707TMv34kHCOcJC1+nfsV7iwOfOXWZuvm+/kwwRm0TKS3sYXiQpxiRqMX43IIHbX/jBXj3++yfJGUt7xVjIQlgHOeyhSD+eV2/KRB/U6W8Bkf/g7WCPG6/mFRSf1/az+IXSAUuaKi12u6BlNmxDgLFGLWFT0o75ZZMlHWWRSAHneS3AePU69a1DlqXQajzKqCyBQOkhzPfTtoLfSosrmGLYiF448Ut3k1N+hjVzk6xO40TCzb/i7xQKL/UGqV5C/cYGvvXrL3mfC6a8mBII9ySDROlZrmb2z2BSCx9gBmYrKFO7cgM4MuWpfJr0/yHJEpYhNoV68t2lkZo+n5GCBKdZBl+R6AylpLkj/W8Qr/1iiMgFoYNI9PS70Lci1Dn8dbF8OY0TgrvWPMEcOfCRF8ZqtWp7rnmIJ4mUf1Le7OxJPdW+152FMxPHJf0L95W/PVHc2ueVrXNUu9Tc1J9xJpDSJYLWnjlb9PDW5i6Z6iKb+52CDC4fHseWAjf0K/6WfChSo0NXo9t3O/lGH7K++m5CZTmha+rV5aCG3WXAQP+7ZeZG7D6dw5WFcrxy0CfwSp3cV96w0vXy8B7S6wxlHlcuQdhwixhklulxmwwmASX0nmHB0E6aXGdv+ZU+3Z5L8mt/ItTlsmB/nZ6X9okeBnVfavvKvcXRu4h6at/+urUlNEHYMN5wSm+D3GeUKldWPHFKpYdXvLF4RUW7NgNbDPZppnC1l1z27rKgamiidg3Jwa/3E3km+6XV22b27WqTFTNZrgnNtLC90QCjv1EodsWKsR34Dxdz78YFFxUlnLl5eaVjGi9UPCIgaPjESW7hu9wKX8tF9Vm97sxk9kcNPrkEOVbt/jg9FSIrqx0CWJS3z0c1tx+bsXjnfnkLnWa6izthoxwgQYsg8zdDnLdxPcSOeBS2htpjIJWUgDUK265WWXgyYhcQv9JPVGutuyoiohC605NMfFvdKWqgiymRQozcn44u+uDJKYKF4db5jGUB//HxhM9E4IA1CNVZKigKAHcyjzBeccn5g7bLdtZVoGMrCsgKs77YkZUdLsdE0dFknOkUljtPOaXf2NTiioR7CSXR1pek+BmqLLPSot0fuSnbeLDLhz4SPImjQWT4tOt3vO5HrsZTgT1XsNZ92R3Oq87nnKrmijJUPkOJDCUt7ht59xBZHbT7Q+71iDH3xZhy9TDaFL3YpFMm1huHi9xEBfJAgXYBM8VmTBQVHh62em66I5i5qjR0HPdV3uPa8PCvpEYukinod31IHUhafbHA9EnlJeRGWCyOEUT6q2g1bZ+W/BmSjsp6+IE5M2Yrmc0FzmpbNgqWH1yjyR2ON7sh4IF83L6nDW7FKEHKIvQHanUjz3gcpaPTKJy58YBkV0IIAWPYM0pRGDLfdJU0AAnOTyYhfV+E+rH6T3Pn5WA2utbkozTeXlSKWaWSyLFk8TMsZn47vrlsDAbyqsGkpDBvYihwiBUInNgSRJOkS/8bZE2qWtcbh4mdM2aHon+39nXs0wIx8KaJZVvWgHhbDl3SplzzSlBwjbdC9O/KETV+SNdq1AZ9zkgIBoO4XHQ0MSh23bqpYhwxEgAe6Pe9GPBwiThPuc/dK5D0J4/XWEmCkJsFmMnxpBElPgdHV21kxMO1rm3YPmn4q5/NTSZTED8Y11WHtuba4MjzcUQNQPH/zysh96BzzS/BYj7fFfXMXZFfpicKQSpiPRAQ+ZrrPmpSqoGCrVcoJePPu9wdwcrDx0NLwNpq5S6ehQJ/PNIxVNL4gVmQbhAeYpmIQCNCdN+g+R5jQoLEQqs+8fH54gyQBlXdbf2iIK4IoEwRCkn2pM2Ym7CqQUPz37H7OZNgP8p3ySL4le95kOOhXEqJKQt7y/MDQZRCmSmRgTEJ0s58Riu3yMUhtB6ahMC/C138XRzblIe3oyZ6knz2ak29TlOiuU9iJm26NY05sZmFLBD0rmDnfk+vUTwDQjIvFIJFohRH6nlKI5MIjL3I6n03d+0EO/7v56dDvWuB0o03Z4sQwLO4fgR7KPSytYdjj8W6NV1O+R5nzUWD/Bk2bKNxnUHZUAQLx+4/HTnFsUJ3MjqaO68lGatDFnrmh45e29eZBu7sGlE/3Z4zyRdpkQhJoxgDt6KuM88DqKnoxpTiTJ7u6O7vCSYehKBewbsPWJmyOnpsIqJ8uNRTFV7ufpJlnhv2Wcvw6NQ9v7aNGMNJpsXe8IWfCOhTaBd4eb/NOp2Ns/IMgzR5KdZRCKXQEsCxMASdR1T2WkZu/tm9FXwtOLPV4GV7Hx9Sr1B2UJ8YMUjZxmZeb4ZHMXwzuuPWBew4q8fPSH3uGMdRDhaFZFvxYaux14HMUucyicaSgKhfJqUAg9I7SLbO08NZee3KJ0bCH3zo5IwuKhRR0/9eaonmM5zTHVE+geeP3U6/FuCnivpnDTH+03jR67ZO+y6FE1ZUdKWIlPMZu09y6ET7O9Qkq0ZHeLgBe572/l3EzFbOat49mhFQFdaMnb+J2jt242GhGDnbXeCpRzdyhtIjppCxzyVMLhhZlo3iP902/MpLVlH6w+ejoCyuEeO/PmMpKpuF9ZERRbcKrOt5IBOazdAIwg+VegK6Ez2d/gtm6AMlXIMFF5ZJyeRPdiLR6ML50MhNZbKlnM3fNU/j5cY6m98UYmlcKMT8xRp7QleoLgmelMmOAohx1dKZysk7o+ssiQRT5yHeLYtNvA8wtvnt12Gcf0FIbo5BbMk73bW6VsX5BGMYpXOWey5o34Zat/W320ktSrjGeVv9qQAHh1aqib/Ojvawop1LdDkq1u/fl0ZTsfXSzduLsQ2rTNp8kp+Bb1KjgE+MpTgLDcgnjBSyVdtrzjTd9Yf2aY3Mjld5OhxOVLvHAiqgj8LbxYAPtlp63VCeU06U+MPvfmyKEccaRG2CaOtmYYTd2ErPAJRJG270CxhoNLcoyyjd7WK5LJ+KufplePwsmuvHAT8SJAgCdZQnCmMrU61IQAnuHnvOZj14IzHRDD6JPs7XK41TdU7txd0/NG40/PrLY4dyfRvlhigyg42TLgD6u9X4MkQhKIeQ3nlKRVeXs9rSouTxXFVXbPn9wChXVBv8BjoiN84IzgS/19co2yFlwdeEoSVK7kssMZLpU/8W7vp6Qry4J0RtgcLZ4gsOdAm2jTOoutaUmHPXyyNfSj5P3gkEWSwqJdNnXuCiFNLADjlEFPUnoUoujqnGCnmZRW6NL+M+UP7Rsji60nte4VwvR4/zvyhvVB49wmBFBEEmZ+/wmZfEB71xTMNtybpH/9J38uaQ+f2wIE+FTHUhGDoqezBm6HYj72PNVRwRVP50t/IgL10xOwWPMJZUusnZBs8c6HIerlLcMnEU30Nv9UAtFodsH1Fop2FzOpWNNXsNMEfifqSMyMBa7pBrDimx0Wnw3FgIufafKNWzmiT5RmhZnEJWFvdi1nbPFgGB2h1y4tTsFZ+WqxHw0hQG1k1XZ4Ahjs4/I8GMcsBDbkrzlX83y5QgfOhvYnsoPiYl9BBxUOid9Xp0ds4R2gG2MBvVANMBnR73nHD9NHSytBHYiOnpVF4K25MLf9/o3LfJmlBhQxHjBu64vl4KkdB57O+aYXHpx7HKTAub0zwqW6taDt8lkro9riIskUKqlnluU+lnIGeizL4MP2piFrGs9H8ZSI5k+DwwNDCWVKvnDOJBoEBTXcRG3foC6suEUowK2nw7fN1Q/LV61RL8QCWxeuYP8CtOqR108OCtQHTcL5apFkKRachaDHZGNUkLV6VL7xvwkg9yi3Sifnaaiuh1Q1WZb4+rU2lFUIkERN38Rv6B8LOaLRKlLdmPLHrWk1/i+mLPuYojWk0XsNGht2lLXG40GH97du/CYXofjBrdfxydmBi+0nqT0DqYZqGVs0NfM7MI8oUL//iVzn3mmxzAReKKWPpu4e4pCYGL4wW4P2I3y2j0eDSJKKTBuotwS2F2PlFk+wJyTMJCOVIGnUlVAKayBe/E3siWoYGqsaldeGKV/XuCQlJl+yJk8IVSKd8YeJ8DrkoiEasTx6R5/8O05fqGlzi0Y9maXTNOLNSkkT+jQlPggBR4X9hueYpJ2hOIjpqAomDcswaz76xCo2gk+W18hu5oe272e7MtkxeRobATDiGREsrERgsQUMihIo0wnLoKsQZOBtAYAzrOaImrBOI6+KwmkIqfzI0ppLKnIXE+xnrxNBMJKFyw8DW02/iOexgT9rLdE72Y1eQzXckyZ0FVzqb6NjPxIhVrtLX3tHwfuUhhq3LYKIfcjoTBT7xqG1fqKHh0oQIDAFoeM71T0KQLbB/n49ORwasQZbkbTI8inxqF2EB55v6lo/nahCvZ6drrpTqrQ1XTpkzlD9aF6dgaL8jo6DFPJnh9HWtbjDQHt4cNYSAZI3icc4vtEoQnTWij90XLmhynhVGZVKINyaV0LrPCYLWob1Ix2XEpNfwqByyp7ja7GCkF50p2T+yFfnr8Ex14zGK5VqERjEcUE4YUjpgWycGGmrc6nyYUrMMj3oTmsy2w6AG6AjnmE3yPNDR6aj13vv/OTnE48X4XoZiybeDKIvQM6xCcV4IoM5XcHOZGs1QdDIoH7OqzxYRyoWt8CsXgtX5CtScunQ51dT8c/+7J6WLM0L8nuLX1eXD9aRvfhZhZVyYVHOV8fuKBILROQhbQGhiyCFdfIznXATWzDVFz59pf7ohPMFxgQ07ZJpcYSfU5Io3DYgwv3tJRutP97S+Q/G4XOnmJfF9dgxHCYPJdjUFppfwksiuLud3nGk8MjuYeX2SqXTHuo+lVhnnjX7t7IFWV9DFPay7dYHvqrfD+BNPHZV4/8yyLOMpSygC/LGGVn7cKnyDcglCb9OTlde2WMBYGOwXrwhlOxukcDvtTeHEzis5UPv64hlFCC1ffF1mg91v+P0+4di5T5CVa8DPwATNwGw0ZMov3j1MjNLnirV1B5qDcNk++6c7/QH3SZ5Ahje5pwv8SH4lqJG1Y+1Psr8k9mmmX75K+Lvmv+hmLkHVVK8hY65/S2ieky0djtFKe5yMguWjEVRkIEW/fNIpq7I0Ef2cUaria2v+VbB+gXRyca3h1W1nJtwTf2HSREFE3F0fyKbC9DWH6TdyZ5FsXieWaKaEfF/dHHJC1PBxBnlCcKAnNJZ2fTnuRScE7FCfie1Dk//y/KDPlYHMJ5Voro6CXRtIL10J8wtmK6MA52SWS43GxkIbEY7n+nM9uB3CZOnQEMWdfpLD4Qr0EhUftiZq3ld/9HyQZccAHwbEFdSjQLBVgmno1XSm2wGS6NSH4zq+z0mSa2Vcx/APi2X8WF9vfmAVKrNzisGRanbKrSZVwASOi90/8ZDE/+yqYvEB3NFpHhgFor80048937Eu0sj7TN9lozXvPqQIgOaTJ1BkUiYkWAAZt2DoaQVyNcRJvJ0aaA5BMAeXzbzytGdSxx3nlFpMKsrxvZhgNz01vHnbTenQ0FifQHTpHt+JqZyKQv9TldrCT0EPYH/EFs7vI1Q9K9nxsKegOYdeXUgVDhcst3888klGNnO2rSwJ1LZ5iDbrIfWqFZPCdXLBzw0XQnGkrsDwlfMz+IEwg8HKtxL4DpBXtBEn9lEMz1svHOy8mEu/xD10gRrB1kmsGo0yBHgKD6WDRW4P66+FuP16NJqOmxzXwOiznKmATM2JbMCMDFcWyHRFTvO1+nKcni2H8+nUNLNK1t/IS8aKpQmovU2cQCK2lElzc+6zJe6QJrsSP3Ymrkh2zL5/v+GAUlPiAhHexWjefuw91DRxtJmnB9RvcwSjWv8CLILceAt4k277xoEo56qdIM/Umpgpqevw+b0dvM3/IB9U9WgjNn5S07R4zpeXhpsRSLLdMKsSC0SzyaBJuch3RxlmjT6dqVoLx36vRWwKATCedaTwMA92pwvf8/GTtGisLBq/OlkNMVFYI3N6saITXgwiKihiNmfceJqoDpLhpJ9x+5NAF3ba5Cd3mDU7MeRCLJX1GIPzApe7w17gdcPnVhugUFrigN6IhjaxzyOXynKUOt6lIQDl86JpfkiDJXIkxLIHT4EbQU+K45Z9fItcJMbKwNPeydfHpSWNEjXluPb35J4jHLHKtJl5bVyZio70nMsXs1/NEIFnpqeXqBqveDY2w27pDePrdxf4XhAkZqsG89uAG68cSXSZpAxhD9yXiuN1+eFS34Jn9DDV/ViymLHkMAyU6mfNAKjYFLOIZV2mJYw9N2tWODjeRU9A6eN8u1xzKCFA3dDaSZS7QQpEhFKPt5hAwdosCKw2KPhjngkwHX6HLP2+zGF6UoC42NzG0Dl1R4lXE4OAK9qsJVhos17E9BssTXKZiP7DgeblCionbTmSecM/u4CULv1MeHvDDP+fYTJnkGXBBm1p0LBPx9oumWtauHnh/nuSSeWsxziY84Y3kA6W7Hg60I3eZq2Tcsz1p6F25ipn9h6V4I3/AAuZimlPwHQQsXta30fOH2I9marehQmKe7WGnU1PH/t+7MVGuqOwHsyiGLXdcDly4mt2eCRM3q/LTPsy/yntMovH5kAzdckn86mi1OyXu3enImGk1K95ecUsaozPe8l9VGF9Iqvh90nyA6JiypztSO3E5B68I+uvQpPhRufOZaBnDP39ZwBrfPn8LYpiP33F907fhmQjjOm+1QX8qMvHurcMMmAXP1OMJnhH4n4VVr8ytiYRVWMA1EzQkoYA6qWD1XI8od4tA143p7PpsxRzay6Y9kX06MaF3mDuBmy2d2B1dilCBzeqsFKAX7iJeNRjyGCctD2N0V1XGhADeNl0KF/UlojRqeXKrmr5p7OD1lYWp/IBMEQKrCOJ1ZNy894ugVJKZjQuFSGWojHHCWnJukc413RocfWbEHdMF1wLy918jjhrHzbDVJo1+KQFBuQx/skDzB7VaKwiG0blk8Ttoz/Ozsk5BuJiNn1BJZ+KqE3EnxhWOvCkJWiBGIQmtzg//ctduIPr4/kpfivuEBTszGCfkQ1FsPLAbJ9vuCYcOZ1UmZb8Ae7VpLE7mvXj6jVCoKmvIIIeq9MIse5AWwJws3pXgSYf/mBLHZVohKGXc8vxp3g3YOhXcJLoEdshGWU9IG5o2V05cjSVtl4KiwkbTarTPGF0IQ9HKsBXiwk5fSBIau3tpvgTvTq4HGl9YCGZG0ajN7y2+U3lCsZAv9CR9y1K5Imm+2zDfFlIRfN8o1SFH1U1Y3JZvkHA4SDBNLAHexnpUc4torUJZbpl5bxG4bPKGd9J7/CpXF7wmNqVVURtZDasWmecOMWdXzj95C5eKqY9XgJx9lCIX909p8bcDPEfK6mTxSNE7yi2oQ8jLAJG8gDgxhZMvrp0MXPANediIaV6IGWth6AcFzInsZzv6DfRkpeW1RluGsClN4FzhPGO0QJc2Dfu7pzfvy/4daOF5F/zo3pqSTU3YB92LzrMfODLlU07d7FmZYIyiEK8OulcJ9xofNYhWHlkdFPqPHkDf8KbpkA0oGk21niJXu1r/bdPAKYwpX/nTHQNQKKPjopYSFcQMB0eAibQTFBaHy0d0v/+Gcobw5r4M6HQhRKpnhDrEXdmtS/mJKMPmrSjMHRljjKogbRaKBTiwobXkOvhwSqicEt7uDiwI5j52EkGKOlZyDbACCXDZA6i/upLl1kJS2B9sK+Ox0INxz1GjMcDp3dtE4ELPxfmxTB+ip7TYkx0BF55wXW3qchAXbB/IBfc78gW5aNDp1Qu6U+suvgTgVLwV8xEG+2OJ5ps1h/ptTtUWIhjpEwuBLG1tpDzqsNApH4qg4tSs0usSpBZFmetCBGUBe+RVJiwC/DrItNOSx+j/XB5lhy6Xmv2TSogqILBZyx+ltBdO47s+hr6MLPIovM7tqs9g2H1Z6RS3CySniK6NNjtQawlhxWxOIPTDyRNZ57eA3ON7ifERN9olXGZMDcWMQndVEKdBM5DNxPNh1fdTB6bG3tQahYUuK2dRlFyzTDyp+0M1LlKxasmTkN2UHscasWCV+NzKMzIImqcqnddfqlHQ2EAVzlTPQKPfMtKHroqs9s7pNBPhND66HGud2JBUuUCOoCbNkAiybcl54tw5YS6ajVQbpNPK+DrQNKG+eUYrUkkCENupztxea8Qib5xN7dtWab2ypUfNZCOotX5uA6Xnhg6aCYIzRbr+8IZdubAv7uGEE69dfDO8xxTYGLItHHfb1+w4yRnWgPoevOQsSMtw6yQUBkUrxowwVcrNixIFdueJeciLRvll8fusc1nq0z5fTQZNzguqok/v1/Yl/2jVH64IG81/GuZKk6ZeZbhqVXCVXwYpGiKMaMYLBMnFo+VTzKRVDwatvbVMp2Qo4aGrV43/kyWOAKSA5t/qlTpmzqMPBH3fKz/MlDW+pL58Lt2G0NolznUoceiNa539cTWZwoPXtk+NeLJqLZTu7mhI8yINY3A6hkC683nqn9Ircrc725d+AmskCtpFXXfYCCL1g2EJRm4fgf800jN6Vv1VE/eWu8zljoyCfB/Kk6fgGPUSZRMlSG8EjYnk+dt/gzveSA5CLWG5Y3lJYHpqmvKuE1K7hzhurkHkvUGMRMnA1YzAhCsygbBNkkBkDGm97dmTPzNWKZbc2d/ktIIIXHWt9OsVTfSuHAgIHqbHt4iSdkaB5NE1CV1G3TDEkPHrs6MalKIfW9B71ELYt+VuaCodQD8qE92ESjS593jWstxE2/boyDJKaiGCR6U2UcIBQZvRGeugiJws4q3+daKFnta8e+h19ecxVlOqtSu35xCbj/A4S0aoyfaSip7uRh8E0CfLk3IaImO8kPgpeMOCvUGu4XxHywo5Ehw5DJOioczU8a1TOgzJC+cOLFGLF2krI4nXwduKnSDWk8ZbKGzjw2ld2OGvhDHyDKUT7Ij3Z9rIwI8JjDBWUI4t777UoGJqkMV3TT7wMAph1lFJ6HApjP4xVIpQgKCs/FyXC3dOVPDtHpag0MxqsUOs82WMdhjN9oviYZ2PHvEbu57g989DiEtRhSZU5IQN+G1+a7gXaq/7TCgbX4OuEL1Ffeqx4KU/oVaNXeNLrXBKv6jA2nfTMuB0PMoo3vrtHb2ICaOESctjlFspxxlFEgVgT3jelLK5NKr7G07fwR91JdOluwFUzTamRN3oa2HnC8hq7/j3IcBo04nxVmugYH+nn+po+qN2t584F0WRs+V5vdu/P0GlCxlRqUNYaSFDAQSBS9Ccn8Ldq5WagDUrPtuyUXnkP1zO/JnhnU19aq/iyH6SCXdqjea8hcBpGWa53Cw4+A7qDmohC0lD3Xtmmq8IbOH/1hNYZeJWN5xD/C+1ugsmc2xtfeqd4qTW/JOj/fHW0stp/qiul4c6cTUOtXClMiu2FPT/ZB05Pm5Y/pHh4/OGco638/vPF2eIf3okfv31E0LKX7wlSgSupY5rpm7cvnK1+GNE7KFRLkbQu+qemG4X/0QLY6J6ZyUgjjY3E6EzMDdr2YSpLzWAeLwTyvH4/41M6pnxiGILyiS3Kd97YE3qJ6aEsjeULOa+d3htfI4yimr8YWHsowQ3d25hQENrNWAO3MlNoQKKX0i+BA9lc9lyZc/nibzwq30Ptoth/xvAAp59UfnaQKNh+HdT5ItKvDxOJUauMsInPi+7lb13fB+on0++s5yTVpAjIozv4ydC6ppr6mXHJYGmT/YT1mDGIzVPMonvMB6xQiliz4rMatHC/vkmhP50yDn8mjiuSmFWwn5wZpaRzKq8FKeXuIRXC4gCTYkiyIbxguf21Skf+3iY3Sh8gNWKiAFsYAQpYn7Azuw6bqH6WMd8weXaADv7mFhS6RO1BR1tAdd6kMgZ2tBII1tlJbXO55tpFbY4vcVEbmGych6bxg4irPBQoWY2z3S8vjT8w46rYQdAYCLCBUqKQBl8ZPGZOGnn8nusJING4/Uq8808V2lKmreYfG+Pk/XbaUOphHW9mxsh0JROC+zbLD/fS9+MXeb+tdMh7w+jH9UI8qsinHiuc3Vyhnp09+otqYuf/4ddRkyIRuoUPjzzZc2XH0BTgZDTlmDSAe6DD9erb/fAg32kCBQWlAbitqadR58JJuT2pfLdxYVvEc2D7Q+BGPe8yat+uoM2TaJcp6Gi1g7i4J3bC/vRRulUGw1IBimEy8s0dVNH2boh5sppehCx+eKIi51sVx+/p48oSszcXpMczbKIxLgIHB+mJanPgjMeFHKQVO0H43zbA44DB4mAUkI7fAtsVin3iiwvuaPvzDu2j+EFj4Yl+YMM/yKuFL2mSHyUCfeLwSZ/ixkAFZ4etELB/Dujj0b111pPaeZ0sHN4NTf3Djan3Gp37XdlZ0bBLRdQ9jbJXhP+fmvgl3Sx7mEJwKWCPujhcAhkeBCwG7FRCsVSX2GdLt4FS+EuiIG+Jk+d+mjXfMJfRsYO6lamLagHFpCZGPdWj3aPJ62KUtIICwa4vRQ0ytDVo9iNjPx2qzJ/pFkU33fFIWp/AcIPvLmpxNBdsQEBTK9/AtCUrN2j0bPWeLfDVD4I/KpJ1J4YEvak0/WF14Gujs0IRbSzbG6qQgTGDx3MK+w5Xptg648sxYjEsc72lyRRvcRZiDqAwGJmxXNhbMqnoCOtyJ1o2EJieYC2b3jQ+/Bl27SgoTdu2s4sHJHIRBTe9qGVsIo3+B4hWU4Gk1VGz5A/vVufnN5BLl3a4JWChWZw5285j/ksBT9+41z9TBwHOqwFliwrpzdoQUPQ5f69MgHXWcSYsEyAdMGSebJUSinQY65wDphOEi7OortshUHDrmJbXXYti6tvoNHu0OrDmH0hzmhGRRDtKSzjXzQ9aLdfPq0fAgjo9rk7WssxxtBmvPaeoPKkxJOZWb11Bnc8QwiMvkTdxDR++HIzYzcYG1WZGap1k35SWvjShTJyytDN4VnW3/33i5LkR3fR00NP3x+YR7afR7sjkPsIevxTYpL2hsI0lXAWOfpaxmx5OKP7wOz1oYYXZ50acjRYAGt5L+yRpqkD18etklPD+VXpyiLb/10fmNd31JaUnkaDAn5W6MGtZsj9Em9FaDnoNYfdEJbH1tulu1KPXD2w4R2w88GtaVhTynvGRZvMBoCzHwiBhctQ+VJNk7aeEnbufTUOxn13HNau0tr0Yx2v3oLdsMgI5lMbuv2hE8L1vcGz4ebShJfC5gL8m+qJ03AmWxYeJYJLaghzKF8iIdUCBOwx+VA/St3O7tvBpv2N6nfBs2XUsQH6VHhAhm5v0GKeDd9ZbVn+WPoiSi3DdLQ2pNdT5S0ejyJewW/bXSqz/Z1GsJ4SW14Vk11BcgCnWwaDF2wgQxL8ve5NuQgaq/AGMxYX4vV8X4RytElGzeGvuPfN16faavXy/GDa6IEvxySDWHOYJrb9RuaQHC6XM1EPWcReP/g+qckhX3UI24XHo0K6H7eYnIr/4uOXd6ZELi2urHNK0ncjzmCFe55nDbqKM92qu08oPoqizW8QSXFkEe9jS4MujbAe2Irg+PRLNkCLGSieFrKWus5eLVvaFLvsNSU5yr+td2pH1qH4uB0Htyv49++Snv+4fDk0BZ1J8kQ8zkNLOdW8QI1BzDBCJFdYOKARMg3wnfAUgXPxu+CF3ZFSeghcxXQ2VfVLwXNxkxDpSIMpTFTxNnIq3pT1a2SwtlzcwV3ujNFvN5XcnWh4UxqnxdkALc3rF/I220IKvCnhXH73u+lI68eO7D+uLW0AvyDwGK5skM3+S6srBSD8F8NSpbayIGuQY3k+O9DRmXSRoRCEIQGteMo5PMD8MkIAlD8Jp9pfFD5ykN8tWPpxmzooaOH2NLz4op3n+mudNvu4J1uzznyGQElW5+X2+ccGbkfUgYwnsWBAmwSj4Z+BhePqtkwhE/dh9EutBWWSSwXywihh2Ni8x619svRBafN7tm2D7r+iCt10MLdwOAYpHx8alsww/mLrA7bOkfqQ7tlyNof1B1n31k9Zk2EloQB5QX8mspI+CYRx7VACZccCFoilLKkLZNx7Bw00KACu72PX4pXKprBozxq1NdS7DpQWAeVDnDb1PijKxy2hxMYRWsIo1d5baVGb2moQ4EQi3GwmGVObbtCzlHnecDm29My8XXrXJuGh5gX6DnzeTllV7FQzQQpePnaXBb0IV2LFj8TMGpjW/fzrjdhGLYbgaiSVwV17fTfaaFZ/eW0+KtKTxvzksqrulO2jGsRn44j5KfLkTXATt0kqZ7ikZb+FEQNiMRIf2wuIERWHS091+mEF9CXHo9xaMdHyNWJmDAfjCOaIltczW0eBUgruKWsApWjozIzG80gP8aBb9Lxu0J92HmGcBHvHPLJcYjAw1QegXvuAs/lIcdZ5Fobt5ykdAmcOb2uDnS7j+GLPTXzk9gnHsJ/N0YBKaYhlk1Ddm2wIFQ7cBO7Nx+B9SOxROYtGAe8TTtdPkADNKir3xAd7bBVSaFS3lZW2+BP63kd3+aZHxWc60w3EjBb6jtWjDmfX7/xszd0Tmsi9yVemvcUZ2wor78NPcVkvSLVXYgIA5t2o2xtOI3bYor4RdaHS9AQUZlz1h4tjdst0bAjWgC9m9mOPVhRy+WzKMdRRC6sK1jRu/5xlu91ANDjuoxFYMYRB1JnIMONuX/ZVjY0ZROUtiM0AYwIddRHFfuStpTeFJ+yozMpz1L+Tlan7VqUQoPFMs9v65YvMh1qFhaBFHE3KpIh+UAwGFRwdyRNvB+Y7mYh7PL2GNOpbZdAEmmfzVtI83Dd0wWUuH0m0UUjOUBq5bn0FnOhdPsllZ15y/G5BmWpHr/JaPfzwrXaA2yel6Si8Gg6hg5cS64qBWZGwxizETULT3RvU2G04sPqQqweWlCVKnFu/W6oSyhF2KLU4mRq37vkMoreRyFNMEplE+esgpPU7BcWl3ZoBoXydbpN1QTtett+KWUMin3RZp71PBiLIdoZLiTkA1e8d6S/Bm4mVVQ7PQ8BvOcRORdoKtzmEonT63JheSDpaSUozUeCCbXhImimhsMacYChrry3RSJfzqK/xIkJ10m9YhCENcgX9E5jqVWkEsy2RZsz37WGGgI/PhXxLI0jHKMpjiUsE3AuaZdGm4mbBoeVOf1JDEAorXfbl13Lb3zB+//OpfO/iqxqTEKB3Q+YThMXDG7j/WvGGRdD5qoXxZkXagNIOCDpI3c5cdhj5AFbCkZyIFdyx0EAgLlJxxyB1VnS5GOtfZzA/RTBsPn/FR7iBYKBa10/hLqUK3rZL4mN/RY5+r3FW6gf5UQqQ4SOh3sZSGjGLv7oy18BAokSkCDM8AD9TL0NrKcE2FjjuDWwePVA/Oh50SQfJ8Wn5afIuoVn7kGzLbl/wBn4Vq8URed5T0NImN6uHUKcCXqjvSMdfjYS4J1+0oMODfOAuHP7AI/EqFf7uHQyVaM+KJ28wtVL5aZYy8wBYNFIir4NOXkLgtJnNyHVO5QCnCxKf3vU/3S9bqKSI1xz6CiBBythcYGftW7cW0YGG2cAohTt/abo1Up18bN5x5PrKNsOmEbvKzasqdeS45NkULEhE4basfyyQSehlnvdBiypaj54nlBo3pot16QsZF7DVLIYiKuTlVpfc006d6jVojSHMwc84wnmw5N/RrHSj2yRhRgnUPUsPtkTRz2EussTgivB0fK0Iod4ghTtpGQeMuhvFMkugo0GCjfa1cjtbbg1/VrI8u2CxxLlBkXDm3+9Bc/vN7V/htqzhspKriwy8GCV01NrOhqWp+q5spdU/POP8i66pz5lsrdUlzpuQjVq74lF8rt0AYgLtF7otwiuc/vODqUSN8wfJ9Io40RT+wFjThFwLEdv068B4gsXEtgmOmU1BQFRWRlQFclVIWv7OK+KuSU7i7cuW6aFp1m2GjHHt/ZuFiDw9F7wVDHoVyPxbTEcI6Be871r41uTG2TAb600ngWc0PDsgFwpJ5aV6aqghgAi2kCLCOKKXaiDBLRA6rXtf1wLkTJ0RoVOlgnuWJqPkJs3XteioWeZR962kyO6pb6Ps3gKE4WE6qIZQ91g0+ckFPaskMyhzMVnH41iEcOLnGqd6M9ZFxTrPRktjR+CRnO8NRYRh5IDtu9nk0lyPX9rdmlUIIFL5NB6k97jy9SN1fGanlZDZ8t2zhThOL/eQWQ9G77qDvTa3vn1WYDJlJ+RZRSsJEkuVDYKjvroZ+TOhntYdedDRDZ+LWs7VxXSuqs4nx23NrJfUwcU8EmLr5Ivsk9pP4/COOu2FTvMdiS4GQ9hFJ2Zo0PUIzUOXdpQz3qBXnqvgftHRvFSYUR5ZDosXcTh2dp99SJHBSt0T2KcOHIk1I5ZBulkGyQusBWLq9hTHd7pxZCmlBkvlW+9VJ1BSkfSshM+U2A9rj+FFiQa5syJL364tAAwZbZMKXNsmpyxQLor2SW3R8Dn1zeepeRjX44RuVFIXY9KzKP7fD3tVQMWIcxnKcoAlxe1eCoNbFYVoFAvnvkVn03Y8JuO78f87SAdfzqdZhy1DOiae0XO/COQhBhwmyZPbQlnpKY5uID6Plt6tOL2upIBvF4OpoVDKkEbsNceeRuV+4II7p/8FHOWG9FXMgAq0aHQ2moVBP1xk9Pdy4xgNFW5U0jCFv043shuo++zIc6pDwPUiWvZaPskbdbuX3digBn5hAlb42jOHJkFGrRNFsZEhi+q/93g6D5Iqjvj/cxke5wmx7cDhLluRqRd5Pfc/dW5KUOOmuI/5g1QnHPWPl8gvRdnCbzXRvw7m5qOqn2fX3MQ89Yh5oJacESH1cIqAMZNKSjA09e8RAFZP79MSPKpw7QQl6Ed1p2LJ6kEkebGV7FrVCZ69RJLEgNDiPABxFCWeN96qUman4PJvyjOTrROlUuE+aRe5uww8sp+sRqsbVh33gWWbbIhm1w9pZYVO7epwYFJaChNefVIxE9cFTHLLCrcfvSGq6ffaknfRr1KzkYbyJcrF9qBv7veMPjdh+ecJAZHKGBgbCanZ3mcs+7bpETH8uvtapeBEep8KbY2jL2S2dBCBr1CWiVbyr8AssFsH1qxOxhg8ET4T7QZT6tFVx1ec7Yqs7dJXYgWFX3fjyCqLwBQzzgSDHLu7i8ocYlIdoJJuJz52f47i695af0Q3wh09y7TLstW4e3jAN6q4LegzX01pNXtuQXxNKDCMALCFu11luURw8DfKu6GiwW64Nra3XIOAxd/ITQLw/L6GqY1uI5rqihpZiIqF/z0teWqGn0y4HuFhxABtfZ8HOILv8FAiYnM+ixlknPMgBFUYm2iLm1G8V5ZVlJHP0+pROu9MH52l2gerf4ods4TkbAnaTkn8ohr8NP2A3a8ia9hgMfPIqzAI1mE6K1+f2zEFF754izWPlNFAXfurXkAENpdjYrmq2jL+jBDxiuJ7xZLfvxGx1Y6fZKIQrFmYaG477MyBen1Uqmhr5NZtu6IdqqTReVRbTtPoUvalFrtKLJ7iIe5gU4LUt5q9vUhPwrAiBAOOyqNmt+S9kxYQpBxQkqyLuGxc1YaM0iHj0HbzPJBX1UVBb1Kc0KNNdXF5h0+XErFNqiiTypKo/IZDSyodm/ytAbBvmpYN2YXota9zIJpNm1iJDqqESfuQayg2NiGZrqKbG+p54xMD5Em0ihinqJwM8bGsKFsn9zcrIQ7w3PIi/wzl93d6+A+X0p5tlPrEPG29lPlQBpgl4FlwYZ8+FhIwHJ+8/q0VhrDhdn7ZIN2mOqoys2NDBZSaaPE/ZEW7+DIkWHJCaswX1G22qLFltCqxJj6M0N1k7zclpYGnSQHT6e8AMwQmqVp0es6Ll8XUIh+nwcH8OEoYXC6L1tyiDeBt0HQizkAWYCX1RJpZpKji7HDGYfQdENClNlFi1wX/StpeUw6zfyeI4qaNHsOkAvldwNW32ajpMmQCTQeYNundAvXDqTYlHBe+EDAFOBQDVxfDMSbmwW4NjoUX6ao7zopFpOtnorHUeez1JsMUOtNQ5FSINvy4pM5/e6xqdX2M0E5b+uQgGddsfj1tFdyhv2fZYDfFk6/OWhpxzVNwsrqOR1FBGQRB8urONBczMJBcQkhfMTftWSUFGHG7RBklNrpvUqTVomC5Ck4fQjPR3vvq+af2iyRSMNFgBEgHXZF/9jEd+ty20RzTx5OGGWKDSaocmPt6F3Wu66HBpm0UrB9rD4J8CLtPcmiBtj54HLDW3eYSjS5L/xeAlHfcXgTBqmKRs5SsHY/R0sSYWye6XwoERt0hk9Rl2ZjTvLkvH/ptTFVJ4Rzl+DzbSU3J8sQTKE09oBnw6HdM54jcDUibNjPHdOu8/fAaJIdJZoBsbiXHq7mAi5/q/90VmkSVCmS/bZVwJ4PlHo/3I0exKtFpPTd/PPzjbkeU9WWstFXh+9EBj8oMk1KjytUzytgN7I4fCp9r4jzNO/8DW7DHR6qxgraxzVbQwrUTHpipHF1QqS75BilZ5jIBCOH5sZ2ODwxowCKJs4xGDnLCCtO1V6miSboMamiYSKGZFG8nfUuHbDPMmjZhDCxg9prB/niU2Yvf3KrpB+FqzlHCL0r7esZzTjPSGa0DurIQjkmVQSX8mttx3Tf41GaDNpHzTAZPmrYW9NhxB60xKnBrjQPFPnqz0sdFINW7qSBAkYW4nI+7/25tmOxCbJVpBG0esu9GBeS306LDFjSSlMxQwTG4aJDuyGJaPfhUqFjVHu75S0qThOZUvUv/r8QBP17xBmYYfom7gf1OCBZiMY4vuqX2dvYEPzjRd18/avsGelumNhDhGYmtvEsWGArN+AKZOCPgJjibUHtvUSuuWpgR/od1DFegE8xF+PKM0IDbuZCLeBdcAx2EEKwkvvwXZ1cXZFnwn3RV74Du4+T4AB1h2lVseWm/+v/yw8D/2DSwOIdUf/Sz38ETFEZcfeF7fDAqJzqDWDBZJH90li0YtpxIKu+/Li1SFHDo8wyeeV3rFZn38YYEZ+nYSZHH88O/WqnpsLs/HVLbY3uenMrXXjMBgZ0Oy79XJUK3pbRTg4r7TClt0w2iqmY5QPOOU/MA4DzzQeg5n9HTlRricBHZmoOjcif/KDxjuHkOyniYk59A3OJCjLqOzk8Wi4TfhVgwPMcaqQTRYhr7PW/y7182JbfI8yfZkyD5T/tTvd2RW/ZFsHuujX+ncQKkUq2mVEKsk8hTudJ1oeSAPCEkTe19SZwSMTRi7+1xyUScOGcXCr6re24iP9Huj0g1KIgAADNftm2bdu2bdu2bdvm72bbtm1bs4hZyDGDJ0bv4JmKu4Grc649yb1WRYTQVDXa74VTuCQy/TxGxEKE/64kZSkDSnD9Fzmuw2Qr6U07NZxeR7A3loIh/CDYA55A7GIktXX81uxFY9qdP8lxviorDgN0nFtCjHunlo90cH28Yw1oc86UAAsaozU44vsvmUwbl1ONYRK8y6qJx7mUOp+/vnGEhyr6IcQC6kIKaO3MfrVRHkqZ6Lj6NhWpdZNnaoniljpDkKDHv8gkwdoQx7y5YZ2aGM7VxBoBHb1bms7nmJ1XHip3ozyYz7wU7tt7wjD4UPEINfcRaanxAJFNcvsAWuSr17zgIKk10M1nEs1djiPN60B4I+A047DPLJkbq/7SwaZCgDmvg3B5PZx+1uOFfBxC0ODNIv9t1/7LJAPAXrTtEY3xZzAQz9cIKAXvvehfz4JTjjz4S5HrefyCCKEJfZ/Gq6vwspBXEfZYEmy5jFbnX5tMhl18tQS3CQjWUxZC2ZUXRWxy/G3hj2IoQ3cAUx5cszW6gl1Oh7nnvHc8gPGTwPYbE6Z+7pp7tjgAETFkggpkXoNAXqa+ZSXMb8nfBZL2wXoqDzODBBAz3X2Hf3qkzfnhElf+wOXMpNa8GvoHDinsgET1srj4zbXw+f2ypasbXOGjQ6wonLf1PJ/cc5P6Q6lXxOLPqN20OUJuZ4MuwVLfETCLTSEFiIn/8paB3YMomXy0C9Q6On4PYQXfpwfMuFnM1Otql9lJHarrNw2Ay1edR/IR7smat5ZtkjfchLn/6a7OIJ34VayB2e1S79veYJ9nVO3xSf8GEqNujXW3hBzf5MvKXZcjFhpNoj4Tk0VGX+EgxHt3SWk7x5x2AGKLQMa9qiaY6102RdYV+pNqkVGBgG9IqhEc5dMQJJz04dl/Qa/rZd5lnxRTNodoTWfju6dqWWIaMB3/S3MByyq50dbj1la5j4pEruvcbaq0wJBW6ZgoDoug4zqxt0KZbNLTavpUIoPqJ34K3g3BkvKdntjmqPnORddoRTOglfg4NbXhxovtCBMJ2USphcz+dIGOlxbZqGVMQwXJqg9I+ajwquSdh2MpPrScLkm3kYNgKaQieHx6BpOjMVvdFWPy4L4ZLVErYin2xJBG5YVJy6PQzl1IfyGRn5ZQa/R90NtrmmFhxyObfgCaP7lgt5L9r2BBuSxS3Gj0aF37hukqpram8xUTeU/P2G6tAw7kIu/PACsQYLcoHRjhTJ2R7bYgG3L/q9WBIiija4JnmnRLiKNVP/TpVBYLK+bKNmi3gAa0Jq1qULT5/JAYSFnunIlBKAki7ohneWySgSGBOKouRvnCFFK8gK2cHj1nf6inUXPiKsvhnaUsacfIesm36iLbn5twt9LTuqmi74ZJT9+SV1G6vlxv2G/lCvZxmpzM8K0QF38C0xoY7wii7w5mPxapxO1KZbVFbf+u9mtkxRinf+GuMbFFwC2iUFLiqNPT3G3n/Ctw1ZiE8VCOwEAci4VZb6eqnQflc9+PcRN4HlBjvNQtd6Ah8/7yeAazyHDZ4V3jxNPWIWdtuh5XLMDsNwUPMxilMHShE+27+q24LeKDMRwz1+rI3IBwg84ZBwC1GQyQqXRyEalDoJnmtsH40IGF7CnosIvRJEMMBTa1Q99/koXMY1aWTeSAIzZCyf9ShXuYTdGPIqerQqt5xzS4q1JXYeIw1+Cj8KfvW/sdHpwaXazXnVCiH2RPUUjEM4Epv7diZCisu8ga/4jNxgYI5a3Xad/1b0TCvLn0esVNkmeJPEv/sUebjdv16iApF8jjEb3O8ydk/uFdLg5ptP8YltlZwjlG9vLNDerOgzXA9i4WLd4OkXnqgvyrz1bto+aNuQ9+rLl4Ifl1q+x5F65wTeCNff/Xz61HNfYfMMKB0ZZ5eWro51r5b5tlfW7hsDr3OCoTGVG279slkymUJ6BNDhCp33zR66lNlasKYW4zjfzyr0EmAyI2c7YhVsea4tJOncZYIuIfK/R3xftQDvU3lr41hJiOMzxg2qgO6XvNbT40qKuN12caX6chJNMmn9RmtG72z2XFovfolSoS4gcvH4Yg9CvDTIFRCk95rCIwDWQmlL2WK/lO5619oUBd3rKc8fDBhkrV5TaRBtEK8/nHF0LQJT6l+sGIzEeq211ppGufoTeD/CyyG4jFY3woi4PyUoChy63ccthwX7WuU20/ldJCrMBoa0KIp7c5lA0L04ZLNbZYLVfFSwe9B8cNqeYdwx5ffgnT4tSmngw+G/Jc5XdyWpnU2OKMEotFwROs0q+v8mJnY7ay9mFQMFpbQFKKLIW04CJIUntFb+YRSRwcZqKJ2pDw9PAsPdXmP8YxSPyHDvqSFT5KeHgxYCQDvRKH0H+LLkt13r8KaFrH0rBFdRkR4mpB+BNefJVWvP2+P2hd4m0pqimgnJSQgcjrlqAsSsPo1keIPWvhCW/e23dnknxFPSTIv5+5MRvh6XLSbCGlF/0ypXD/vP4sPlG6CVW+Sbqc0bhJCqCHQhW2Sq4boIN5hI5jVsFORwVAnWWLjlFaOxHOjHoewyqDYrtaDT7HuDurQymUa6l0NJXo6m7iP5GbgGUzqZOX0KDh1TWZtuP+dcVebWOiXDmBTOj5grwOxeppCiAg2t1kDmVRsLshkT7B/5MPL+dItnx14y0yFun+CQHOcy5Qw42305alumySpsFBy5eKn8wn4zh3XWBFUJw6NDSZNlEqxC3HpfCJ1blS91VSHUceQ6zIh/aD/bXboeozJmTk5/SZznNp86bifW9KK68Zypd9ERv3qGbQ4Edoz7zZJeXi0lYV2GmMc/zwa/5bNVOzs6Ws4tCI46grAPaqVfda2gA3sN94BiZV4JF9N96OJO0XnTYUGVVITjo0rNucKdSZ1cQOI0uCCWD/pC3hU6cGJ3b+MVHANtXGtCrUGN65odz83FkRNVHVmz5tfX/2EJjynzyridV9FiGVLzz9KMqWWP2jQanT4X6+g2qDPbdvtbwY1Zou1DMVAi206yOA7MWNIYM3TIADpNPxZAtSOcWIuoiiVLHXvGsBKBddoDvBmz+/X3jbW4jY00QCHRu3hvVmDX7ZB5BrwKyJJ4Ek5LW9opelysW6wikeJ1xYMvLYwDL3KiDxKRn56nQcweuMbddzoHHJDYOTwHnfPggIK9NC4a44b0cbK995/OvgBoWQh8l6KVDROwKG3QPPZVB5P98WNl1fI4Zb1OuyQDnTxzjlMGorWZ+1zTTjOHwv7tjJAgHFYAuhAOEfsdamD1RRHQlvzIS6zXkdcV049hHml2vmH2iywzvuLXaHx0NZp0JbPG0Cm3Qd1/igkN1jxZzrmbewJMwBENPxp8qcnGe+4UrWhWd1iSN+DVkyEXoo/FYp+IS86rayw0uVaZYsyLd8jWYUSkvrYClTvCC/nAuUy7RZuEr0f+JJEliNHjPAzbU3Uejf7wQ9uru79j8L/W7NPmWgzGDuej38mUMaqcs7Qw/LLzVQY5ZXmAU5dcufBLbzWJoiWSBVHih7ta4tZzoY8DiFgXShCKjlNjUfLQcSytZ7QvlDVZRjpPd6ILDkV5snlWGzUrHdOCcsds5ZTiHNTtOPBTY4sOjC7XVlV9K6ZFPK1nFHsMSQ1Op+j94DIJD3ZypVLk6pf5P2BGX9MJThWeqD+iUq26r1bNHbbRZzMTBK63C73hAzeJLfJCYgdf28+trQ0sfiyvaCk2XLmiLWeu1u7X4WKxB9F5KQfG4yIRb10e8TpV764IMTwA8a1DLeXtZVd3wnf6VizNl5SbNhk3ZwuZxZdvR21fohAYpq3/xc3WRs33scCI65uSrz9S6RNMFQMp6rc5YxEJGRK8qS5uwNpROpUAuIAepunXsU8fRoqXhf3A3ZBmo/4LB/l/9swvjUoVGcKPUZw5MDUKNsJJAM2U03lJyN1H6UNbcTXglDkfNLqyK2tdOkfa+KHwPVqMscendwOZROpsQkEHgzmMN+rOp2e0hfwQsTiHU5fJGusjgapLltr+vBpT6h/6m7YLyts2u1JUkDIOAUJoZKpegA91xmxVWDwz9v7gnxEAeCU9UF1tUL3YF7AYFbHVZ5uGZiiEcKPuHfEcid7FHHxV28hjeGD1gXszOVC7LPhfA+kp/NOGb2GGLkYaO60r/35evIT4qDrjAMfenoyF6D5VtuzhCHdyGgnyJU5SsaRZmnOUYcjRWngyGc1WC7YssQ0jzjo9JoNGHXxftfFuJ92Scm9YxDVPYaLcSeFkYPOp1g+Tt6jxeqS+7Un4foQlWYE0mMmgrS1xn4WrZtoopkiWG0dQeDze9YPADavS+iXgt/y0UCm30CxoTCEliX0d5GmxWR67NvF3FDjcDoLZCPkl5axLCXTnWFC9/3DHO/bmhrWqFdiqEef0WoM7CLsyO9jtjgSS9FDSNU30u9lA2Vfjq5FnYE+GjBJjYTV6TUuqE9jtl5NwVPafjw7ZB1D8ztVy04dMe+esNd6JpexuDM6NRDJrje2v6ToFW/ksFjNBRcIXzMAb1WCZuMM6tfJhorEA0+zq+1BbGHZJKh1n7x1r4d9484RL0395YwBiILx6LvdffVhGrPVbKj1uouogJ5u0KqUlDURWZtYyfdUW3xF2035XZwCbAaFllkVVXTMOwWYv6GnxKhGu59JWcVHJVWn4G37qIHNV9HF5HBwetUS7T0hG5IcoseOskMJbwOG3QNPKwSMlQpo2Wz+gtw5wDJvkpKMXDcuwyLNk0Gy+BOXGTqeAUzRBNGyAB0leEvclJIkLwXxyszJQuDEboScp4hWz3NvYK/1jR/GiYIkqVB3V9fDc0ZBcUTFcJHHP8E7saHtXdAzsBPbHeMtbQr6jp5fkGISw8iMxJUFS+h6Fc+iJw5h4ZCNDMr5RG3bv2VWj0q5o0usyu0lMGQFBvSV9dC5APZUf5/S9imGzI97tZA/AV5n8jme3EikM4sLBez7/iSc6jJoy9HU8+o6T7iaQLii3Yg5xhMJwnlcSGyr2xWzAJWhg8N93pnozkaS3GK5q0R5p3REIzSUEqOmijtmPtaJ8nwco4v06dX/FuGqT1Y2/FwlaRrJUpblSCBhf5OW45s9ZYotoOyJWdtCozYkO6uYNfqkFpYdELb6nmkm8ZzGnOvYFiLH4hUsKFT18jtN5kdyD8PSh0QvIepC6S9ZiThPG1K5DLMWLQINL9/1dVPugHEnWf2Mi1JRcMZCcAlk+D9iGchnGnx6tFIJPn2p0kY5uSavcT4kMeuBKhR2jbJ+BMQQONv4FpxxM+ZTol81eIh9nbAWbW7iu6WOlQR5HEORfKO9rQIBAmx/vXdAhx0J+erjphHeNotXncKfZCtWw4kesx8eFk2N3xgWtzugfKMfwzWd6H4c4zdZvGHFY0T5xptWbSjtWIdNAqy1DCPo/RaJqqleKz6wUu4aaRhtqGxGrPgYsyPCkQxcxGFKNagl32y/Jubmoi9UdRDTKMhsGPLzPUZzhAIGNO2ZEgg4tOLGFZ4Q9TsIPR5UgvSxNvuLuNBFYjhMKy4QkHw9x+1sZFC8gxBZSE6IFqxLLhd5skCTqISF7Fey9GT9oSiGePRMcDFjld+Zbie2NA760OUXDy+abyvnoWIvo8qmGbWp5CSEJZBHm9JLhcZKfY0LYkldpGr02uG4LSQAbwrn51EKJVjAJkDgvaKvEQPPn3k9OkUjtlUUiKdGCiACDS57pRMxgF+ZC5BdxvRp1zx3wUL0qomVoF6S4V9SgIf53jHQTVkqn9FCipeRuzRwSei95082SfEDU/vyxZwNF4dlNBgih7SHJZfxesoveo/eCtFXJ/Oj2aVUfhc/UN5GnwVWoLFNtOWpW5JOh6e8PJ+o6tb5wKURnyPy6gBYrV6HS4Q9qWR9wM88ttMPZWdhh896ykOaufFJpP1iPM6kKhfueXtUciUcZzK2KE47P1QKXpOZkxKvsgmlqOqQ9C2pmv/SYzITO1D1NP2tpq9Iz3EcB+YKU0AZzGFJyiZkpBF0dQeQu7rHjrgwongNR3OsvSpqQfgwogxBZlvtH6IIv16RXSAUMfn7TP8+gq24eW9JRKcXblvHobAk0fL36Ugc8aY/qR3pkOWq2OOBdXa2hLhwaKq6NSqB3M9NgiLQAjQ0tSz9RQjF0u0d3r/U1/ozsWwqzKOgjiLsZ0v9N1ZkHJzGb5eKPRHIrllNLS/pSewvDcad9ZCSB8O70NEwmVbDDCxWxtDOsATBrbFMmbGlMhgoxqmu7VoQy9Oi0QnByg0i61QPSadQ45LIclDRQ59T1/G1cJWq8ZWVkTTNf3xU8ZRKSRU4fuHUEzCN93vixeGITE60ZuDFSoBG9CRERDEsAQbblJbsqS9M1PP7Mk+J7X8dPueVGG7UKvpaeGLXkcxSwC5aM3Pl+SxlDVY4TBmTALrdBHObal5RUfrBb3k/bMzY4OhHQBa3q/rcKQPy7ueCmGCA9CdljFg5hEkTD5kaqRkNP3LiwAAZ2JymEJLLL6LixBHvMFqZk54Hm6QnBMBSToJbt9A+taF66BQ0ODSuArmvRopNYxu2FBXG3Vfs5ARTcUN1g6TMGThCWFN1U75KKV1a2eaGJU0TXgzJ7JU6T8BzoxIDWV/7z/uQREXk6RVJanQau5vpVPY1BZZHmW1QIS8a7kl7agzujxVTuSLf/AocoIsMtPxU7vq9dXbdq+YRlWvOpapnHmqpDJ75r+jLklc1VCSnaiEnJaiBzqtwhCEAGDzTK0jlAn3ODxRo/Seo3BB2Vg/JiMeC8/TXIdxQ6VN24jAdzwcDL54o/jCJdVORkb7RFUzz4EMZGfrnP05lvIizW1rv2LMtvGrM5pSd0iKNH5I2CmmjtN1fTJ1kWZmabd1ltwf+B1l7q2wZ9m2O/MiehF3CrpoWQ+kdE3FuSUI0onxnwCZFLvuOJNmgW+l4ZLbYVGaUhByVuvoNru0CbyYcqC6nqVekhtd6D9ig61vUjQ5wsfvb+UsDSLihYEZEMkurZpUtlvm/sL3ELfTPUT6PQg3mNhZ7wbPchWVkZqlZbNBrC+3HmULqIkTwXie0GupFeO+1iPogl15R4jqw66eglrLuj8oFRKe87zSXy6SatB+63+IjYK9yraX2iaxA7hqmQgJrGBve0140609YsTV/PA/Kxb0+/IHwYV6IGszcm/MYBbxz3rSN92STrw9LTU6S3aEildEacHg7iX9I5JEl3rrwAnWgjFej9fncQL02/ayumUy538jtBKdMPTakcYsW2M1fqIa+E6z4hJdoF0LoeM5SXihcKMophZB7+BgFb29jLPpLOtctonODVqOJrKcVkEH0nIjgBMZJrFuNElM+F7D+/pXu5Ti0DAXOSvBtGzKfmVCE/peCo/pX0f6Vx1IpOwh941Qx88X0i7wEjusDuHsrbz8onkQOOKaxbWGhh5R3HG9FP9iT8cis7uuLeq//TTW3B6dR+nKngyUwO1nhs/XDmEKR5JYlTo3qYrm6d1qeUzMgMddNxo/UAG5J+5YizqaofGCuiQHYvDR61N0euvNJ8bT36LjbgVxAYNh3pPCiZ3w4OrKAjanJZ3YiZNPymxcesFWJ3ji4IJji6BObh2GNCtBGZeqhn9/2OsxpG49bIAN4VlBFSqCcFLOkKSR5RrlDeFfFQ3df3QTPDq4FYVTD4Y8a2a1t1GwwvkYhiUM12CK5a59GJOWcXU++GK3SQZN5m5ZLoxRPtpJq5G3EvDHPxjX+Uba0V/Qrdo84vy6fisg8BbCf4C1Xbs5rvpQi4pN9k/2Qhz2gYszy2aYdr3cUWqeh8e114C241zHbVH6NVsk5Vp2IO8i37CyD5AH31Bt8NL96kIf8HN2uO46LZMCOUERgAEx7aZ9/TiGxY2B8ygwY8WHEGqtd9Twpflvp4zSZpyj9zT2S9saUTXvMkAwUFA52juIrBaLpHiHJ7rml/k6pL1B6wiTQeal/qHj7/BLTnVw1dSVOYqc7jUknB9OBNVZayd7ItdSfVFaazXhAW5bq/EyZpOuCKgmp0fwo3sQmkbopJ9Fqd3VeQObYONYsd+ve7iagq5Z2CAvgr5hDwwbZuRtOGyEgVynh5CwUNZsl3XRmJwKvsJ10f0H8jtHCf6OQRk8EV7k1gkvT/Kl2SLyu4jZpmFtTRO/w+KTTnN1wRV4M5X29wtorYQRW/D3jSVA/raYqa0P7Omn7OQfwcnThjncWUCLpBSv2Hhgu38tNKlHLO7+0wrzFZ9I7M49J+5jRMl7UZSyR3tQA/hhiVWFKs7EaMuhExCSS7TtG3z/fagzY+jQApGjQcN9/KTb8WmURTbI6qvkYtOfcXlXvA8YOcbxydWxPlY4y+uKlc9VY2lZAyW3OK/DR2S6iL+7lVr1dxdldI5NAfWkuQast08F1g1ZkGRiuhPqZg8GljmJrRaSybM3R2BzEViXTg+I4ltejFg9OWXsp5gl2WMSbxcOddqdjb1vveZrlqd9VHRfFDCSTmKvHVvLzBXNOSWPlX5mpCzlYN2i8cSat1X3IwKGGEjT+3zgEv9zU48gg2SpMIaeL/fM3qEqLWxIM+MKxh2+7q02a1x+hSdKzDCcoEUC/nXkXijQeYEMxO68RWka5F02IpwEA7eV+Ov58mfmitNxSkSMT6Q2cqD/J4bfM/zdisPPup4b0O4/mMckxkLWy4eq6s4DMbLcy634Jf7tSL3tcGWf6IlQR9A1aiwUENswfpEkEVWqmJ7ZOmy6PyRufhqgNheTMsBwa8mF8kNBOrQWXcNMyw10HIF7ezQLe7tqFEYtW/9YCT1xBa0STv1oH1Pyr5smWN7PPinV744ualmrJSo/9y+bNTfqNsVWwWolaVn93XVNvIfJgVCvVJmGv5iAC7gNGJtllMh7xJP5lypOskTe4fliqmy/k1B9FMZh1q938lFC+rgjLhhFN3V7jWqZkRbJoT0Ub7boB0WOV9yEjHb+ISrjTdwIu7h1UE5MJ6B8Dn1Z7DiYHyuK5D6GUZg7PYk0XDpjmys0/WYzBmZifPG/lHGV5k1ErquV+DvW7aVr/ikdTROT/Zz796bzfhtNKdfsrb9MvBLc24YoXwPn2mo/FhIu0DKIY/W8f2IqKym36FDrNiv4O85C8xBIH1oKqD/6+BmbSLCY/myt5H65Qi5QqKjE0w0zq5aB5MMeQJWIB2BkyXkLk//xgporo1jeufa/vhVl3w6XW5jQE4o1FTt2EQZhG+bm1p8TYA7RUKfsbmRJfVvilKeKAU9VRTGndQbA5I+WtDu3IxUPmqXptXxSsjBzsKowF703GttPFjodNCzXYi8CARuoc8+QelVx1qxLIPrIWSDQuJPfQWV/zoY+EMbRR28XG0btJU3SyAdUFA55fEqxBegSwBtCQ+UGa8IoD3lfTAIxHo+5N8Pasaz+Rtw1ry0ciWQYSGO70pYyjlo3RMOVxJIM8XfqaB+zC0JapFLD/3XS7ZOhd0fNe+QinMCvEicJv7KanS/JvCMenjRPW0QPezskK3G9s4BUvjk9sEVLl/r8bk2Ihl11caG176TLs7dDWzno6VafsMkPt7ED/XKdfonFYRlX1gPfAmkkw/pMX8DWNyL9dINASpl7xQavgOptQaJhJFm4yWbputYnFdBuW8L3DWzDURkLetnWz/QfSlZ2lNK+EV2MnSTtMD6VV0cISh7wk/bCpUHD8HZUOXaM4jIYn8WxJrtg/zgyFqOQGzG5ki/l7Ct5bnOgd9w9ISa1JftGkmJA4VzBLXgSjEX1PcFxJ5I1ym7qC8RFQyDA61Y68tbhO/z9+5VR7OawI9WYw06Ma9NV8WWbWSV5d6sOLkyq8FEAwswzdWMXRZJDraoNEDd/tooo8Ts0TWwaIXc9oG5AcMt4cJ1yzr+9tljTW8XvK7+COtwdGVP0svid9Uevv4M0PAtdQi3KxSMJjUpCBYulQABZUiEB/ju4yuN47c28rqlELCciGGAg6aMNwXOZEs7/WXNMM8JzVTqgq3iLjmltAMNf48VyX+B9JLELbtlqEZGe8806rvznPbyPlZXfgdPtRJIl24r6kw5WdYmSSo9j6bh/knad6ydWBn8QR7hrwR/hLWBKlbZLxLPozbQSPDpb1UIZWD/m/V1ocZ+5RKW+nNcN5SSk7fzF77EpJdOyZXtfPC0/3c+ssFZSo6Wz6DN3oOgfzD5s1lQ9ZTc+0Rtsaj3Q/RvvpLHVOIb1zrNPhe38BLeani3yX8kVUT6bl97NW7yjSsbx6RuxZcIzH/ojOdKZ5b67J5BBd0unmQXDOqJ7ia8dn6HFB4t6cmGeWBWwLhTnaEXQXWY1Lsae6ly003qMbmZTi975KzmabIxCVkgdIXuoV4xNUbT2hs08kKlOsNlM48FF2NHBYO7Jghp5csPJglf2plIu1wJLRVzRCq51i4Rwma+XVDpficotSEqUe3u3KpLRmxo9N3TG3R7h8GkgZOyKsgc398cKmg3GT1p/zsxAAUl1kC4HIA2ZCjQ21jV9SCwWSVcxAOrm/EnBdf4hhTJldgmkwOlVw4cVFqoEojrelphprrguOSTYl+etS3FTaSJ4YeTTRI2fz3ygYUuTqISoteHC+lu/EotUKGWa5wiUtYycCWeUZ+dUUq9pbpuga3hMptsUvmhZyaz+W8jjuycJ0e6gP5As8+YuF1FuftKH+VmwZmJhxXkHpD4P3vGlBlGlYCHTm6Co7K5+4LcCfCuxQSqAgvl8rT3UC0yPwi+rNnguXsJXcYBNOnYqjj7E6KdYpYbTal5I0ckSebS8x5WoS3/mGjr07YYwN71xB6E/bCrY/EuuqCVNnY9qwNAaOu4uxcc+yDNv1+mWxmxUaKENu6RigQn0nL75vSWx80U+Gt9k9F66rDxZf8DzYg+8EPydAVS0V+isH0tFcm8b5gq4EZ3Dlfjq26v7DZ3kj+IxfmnMbojxTRj7KRLM1VhVk1jH6x34FtJzWa9KjqocTimV3gFcupbFoOfI4PhdEC254dElookY9QPyQJoV/u7HKYxq7ViWo77EnWDGWjcvEzh4q6UJh1q8G7mvXIBY1QiwwA/9p5VCat0jbRyVxRi4s2sqLQMuKNb2GTunKkONJ0GNpWu9aWd/KpGDz4POjGkT6jkwiJ7re7r1Pq5V3QsV2/Wm5+ne17FK68cj3dIh5zMCA1mILzcHZNpTGqAs++aU9OsXOx+m9iIxUDPvFKOaxzpDiR7UKxr2gB6c3LFwbJHyUZZomMX86DH60F6uhxDyF56304Li1PchggmUIKZxONUJ7kN56r9le5K4ScGc4sh8Cu7pZOzQlhm5N0qFLHT0SCFSY+pXpFe2yW3VXhakVWUMb7kfiGMUveN2XQ/YZC+WZ3LbjqSDpzh5VR7UuqEDV8ifJycO7/wH57fwmYt2uLUQ6nj3nAXhw/0LwCNb6s+s4FMaiJj85JZjl4WAV5wb/SA0/OAeG43BhEISqh7Us1mClMfKefInIFvoZDbnRepEDNXAUiMsEzwtsH/ubPqvMSTkto98MCbqKgVyD0LUDlq7xpJFX9ZqandYDfo/y3e5IjIY3QpK2N/E/Ge8apBGF4l4h6xbUZqpJP4FNhkn4fFV8iXnE/xS0/8cXtE7Q/vd++5TGyqqmJ3JtYv77b9C8B3eI4WUU44CVnlSIZgmHn6rhzX7U9gK1qSrliPiIuxXV7htT9b2ao+1rs7bLcKO5uYL8j+1rcEZQriungMiefCtN+FAtqXcu2D4OHUlgoMJyiCBy1MPvmLCoNrTz94+ClUUAavw8nJyvbYBuJMWH/he/Z/NW/d8HvkUtK45CYnaNq3LfxSH7nLRQKnhdhSRvxle7jo5ysAHxOC1jDiJbT5ncHqNc7BWeByDiL8vEqiCW8iV/M0JAcWaARjg9UHjLPrPyI0DmwMdGd4nnR4ZIL9JYLaf6F/s6Gvk8JpJ4A5bCQTVEO7DKq+jl7scu1CnwP0mKn8ZSqni47pH2ZIGSJ8+m/BjQjENkpiZz4kk8oEzmzsGth5nRJIZ9M7T/StoIDSqf2UiH06Sog74HvOQigUyUk0BZQSZqcckTtHdq2BruYyBzP2cDGbLwPw9fw5LYKH/8ppGH8EFuBPR/hvf559OAGLxn9fqClwaEmNJkSa+lYXMd4CCoGb43r+2c25MwBA40yiLfZf6Jza6xF6NVKbXRGOOFeUpL9M5SWEhddnnC7TxwlsFOgU4TPlvDLzkkpMq4DVJ+2vJ5tQetm841CSyRUfDtXUFFWikQEnqEfuIUFt3NPK7VqubaWKHij9SnpKuwFrKUHDKr3DD/yRQLLaKmYINtzwGPvWJ5t8B3D/S9q8vB1suBIO1K/0lyM28vffGU8mPwdgANsi4ZqvwVyL+7qLeq43qbVk1+CjcSIKAVfgk6Rgbr9PxdjkX9vYyuWIpL3prqrATB2gk492X00rXEzD0Th2OqbRcH4pFP8M7qsLEvK5pbpgfDNoF8eXeUg/tvWc9AK3WfL/GSbZs56J4gjspESSeQ9mYegcKuDSHfYVdZDfdf/5X5xFXAelDituy/e0z0BluxxS7CWyeEX+PkXngu8uDilq0YqGmhVH4a/BjTWtTWbckpmPTRZCy3uSuUVxpu6Upk82/c/Yw60EhiEGTo1pvyJas3fpHRp8dlDBK8aoge+PhJbZXSyqgP7zOm6BhhtveH3sMUdyQFEeG7brw5BYd88hmeKOFTf6VBlZ/M5LSu0Us7vYgBhiML/nL8kYqgtlxg7qRadkPkGeUgWM5CkyEnDgyH9PZKuTeFDBiTXe4PT9EbEWPAUAS0gNZakQ04xp6kMIOHzkdKc1LSMv2nUMOYp/I1BiCZSa8Ejk3ME4oxVrTdS44W399eBBcvJXEWkUAJkabl6ejWwVooLAMR/pBjXSUrioC39EU/Zkpy/dbAXMfMz5B/3ahhmAWlKNOmYQw62MjYWwWMozRFy2zKzlDutbxk8OZfHQQQYLKLL0ZMvxdFWSI5nTaMC+T37+hy42/PoferUFZ7ZCVIdQ4OVSTiTrj1GnciMdKTAvNhgHFq5Drd8qG9K9PeyCu8U4OpPG9vVi5FDixv0qD1Lc8P/a8F6gxOT3KS17rkRSc2lPjIcaTuDGitwzv/xCDwDh0GL3EebxkVsrpmb9MqqDI6FpjacYIX9qeOF8fwNQqhM7WZHj2ufTQu3SPMUZLHiCx9YGZw9YhpiOcoe4OWw6u4YmiNGoWBH9fbiaPwbXKhugv3WbEe1CN/yjJeWbn9qancET0Meg1edIESPEz5Hyudj4G3A8whuNpFNzjyfwIDDtxWePduttKxC3QdOzLMum4xL5cudEQR506HEqkpDX2WRMRwbX3I4gmDcpObEZ64u4uiqqpGZVG+GscSFLvu6cE2E2II90pVEQxtylyHh3kXZA0z1h4V0QiwlJ7r+veZO7ZGvhQyi2qwKQfjow37ycbKtxlKm6Wk3SUi6yl19z0jp0oe/bGkO8cdB+uSmUXcwiLaNSpmDCfjKh0QTyuFweCiZl92m3OE4/q4tFEY6bLxGUq7qimQK5Nt/QyQRdfknWtEP4Uo7lm/3uddPLIb5E1redVeRC0SK70YWJQlKDT8qPidO5KTkcPvQ0QZLYxyr4pGol3NjGnfCiH2ZkyUqU0xj6MoYkXy2QS8mFm8xx8WCHH2rKc/RIOw9g/KD3Wc66GPgnH5AYs8rOlSbbOqOfAZkUxia5kv4TLx/Q238WiSyjtzYg0q445zQ9PZQ53iCR6sWU6c66VgYYKKKIQhcmY/Jdmizr0l7UoNUP65RSFppD2n4/i5CcZZ8XAzpqEcNcuBEqH2xwQv/RfGXMEjsjUnFaYwNI+vRtEGeCtvdKyxXhielEBoz7hJmZT0PWtfUBUVwXIYg3b5Qn5Qh2L6pjm4YSXW3ALVjPM5vUcSelWlPt9oTayfe4ULjoaiPVVypUk26pXVp6EWkuSubMrK2N4tsE7fhJib8aG7AFROvQcS/W/iJxpNVyVxFIEuqvL9hb4R/deTKRYzAAiFSgop7nFqqkefi8CZH2EQiYjybqJ/R5C1zltR6yzV6O18wPo+CcujeHd8c+cePPR+TCWStgnAgsTQdY1wlz2AYTuFIIFWz6o6CuNPHepfkFX2gGV2mi7ImxZonJTEhiGFdZKE8zW28hPFQ1mZxvpckhEgKGZWUxK2hb1XakkSyzu5Puc7TjuSn39Z7xSb5KA0Phtp0t6ntnoXG4lI7c6e+tfj2YFSTGpWTwxvQ5me5JGefKina6MdSCv/RNvVJMos3oDBfiwX8JMH3JlfFyf+OoWUnN7LY+QvmdhpWei1i8zpBH/8pojv605ayIQk0+LGgXxSU6vclH8ZotpcLxNxFVwNMkjmhExGZLgi8Zd0XG9D8dny4Nph7n+p8NfPrLSdfnI0UOMUF62/HJXJXbb1cm51nMR6D1OA3rvjA+jmDNOYYX7v03g7LER8dxHYsZCZDqDk6nWcHXxFOl7TyKELlXPybsv7tIfGNyozAKHsSck8QwFXfohsxGyNL3YniGOUi6bUNx3DJsZxbtNQzmPNcYGDQVcRmZ42chj8TumaUtPKy4vrO8RWt1v+wtJon39uJZhIVT3trtjEJXJPi4VuDPDO6ojCCGy3Oq11ylwyk5PJbt80hya5b/juQWL/eOTyapZ2/82CGs2M9Sw7CsEke3IH8QFaGxfPgshPZxSMLhKIYLYqf8w654G6ZG1wKv+Oh9SH/5wwB9cy339TzDC9d148OzqDDwwSFmkDUSgIxj+Uy/2KcswMbjWKOl/e+IGrDrY55W1BibtJ8B8XQqe5JaEX5CsrugJGCnrttwx1vQg5khD/4o9LzvZ8sypGXYeGafZd388rryEScdLm3PQCvH9vOF/pXVuDEHX5Hg1zERzU/oi4lVjIzRs2D8zMf2JlC88DF3GFnJ591MOLx6p6cdqPD+4W1p33/Aiznz54r2JfJ0wIPYOg7TKqf0hQucqkYLaxZqsdhKFFH4bhOMwiDVQ9U1zudHf+7Dfny9qB+8bwTrizOHXhby8T1locQSR9tj+dUu1Hsj26U6XpXAhOLMkAm2Wo7xO52oeH4U04qB2571Y8Wf3zbSviedp0MM5uHuRuU2gCtNpJKzGXdGrl8jU9il6NPEZ6FA4YmWi7TaDkZEEkrrsAIfL906ANFH3nr0wnfqNmUuyCs0B/htBDk4ljvC1G4yuZaAS/svXQ+qZBZJWKC8yrPeWoHRpzG+OYk7ncvNITzhh45dh7qHWSnK5f1skLVLViWX7Vwsxs29OZQxApyfjoTTaqvb/0OFfTvZbQD7ulgkZ8FprJ1vG5TCZ/pg73UsNbIPoTIyspDzNxKpvBIu9XUG4UxQO0B6iPUINnaxUS4srT2wUFAnrKzoZUsKpcYDCRrYYAp9uzNO80IYtlz1l/WacJCfRnCUhbmzEYxGX4Y+0khpc91LjY7DiMnbIcz+XXd8IMYCo+zEUX+yNth/EMnTMZ9kOlAWg3MV6FgCxbxj8Z/Gk6qWl8YCNPtgskBicc8eJGK+K4ZOD8wcWTywNX8VNWaqRrxdFQRTPVEaXRLEolUVCQAmObZolq2jD9lb2muNi5K78HVgnzUS1vO1HRO1cVNpLKASqK/hFWBPv2YtE3MoIZ9u9+8rsTORgH2+mCxprPQN71pXyReqe0YM7dRTuT50QhLTdfFYamwZjMiRhTfhaZBOcDDf9BYoOPTkw6RhhtI9543qWEtVrw32A5n2vwcSxLGnxaX1PQjqbrvRYmcIGEFsNmr57a9uQYLQUP4veNbmb3mrfow9SKxLdaK2ItE37QDGxzhgYKjGaHp5AT4LoUT5cYy1v/IS/KpNk9Zsdy2pegMFzVKUG533PElm6ZuccuMwzO9RiWlCE7xWLdSLY1PQYSw6SZxzTg7/3UxwdtLbezzWMGkHf5segxKlVQiKWGdNoX2HcZ0NcN8RNn14uZ+TIYRv2UjEi+n6UMTMknjePw7vtu7ljIh6tO+CGxZpQJ2BmwywMPjT918xjS+riKV+xNhRdgk3G6p/LSiG8fjBm0LQH7ydW+iKUhKDhJxTgmFT3PJZ1jnEZgiDmdAyQkSRS/uru5pWT+poTF/+1IwuGoBpKjBAgqvO4ubTm6I0H5Lsq88h6thWfzbO/+Dt40Ojn/aALt0+2y864K6GbSfDXnauhzNj+42e73Zgl0AHOvgjPgaX1LxrobsqHrLZqgG+/xRFulv2q010dIA4gRJSZHHh456SG6fCr5pfSdFAJKRsuPwHQX/dMMTpOyB3zQjMrrH2wvjDG0Pfu4xUkZN8h7w+gp3+VpUDHlfGFyXNiO6OLhq7d2bIYjaQxm3ddQ8h32O1a7vTlFNjdjwbJSAMBVGRzbCIzR3hhPCjJbHeAuyQIbF5rA7LjKuWX2GoV5IbZ9Hf3bbqUST9mrKy81EkciVcHCW8zqVLswuviz1ngEk/7U0nW3+T1WXNulHAA2XLJk/gGasNyGefKFnHt2QyNwP2pfaq8VTalsOKu/JcmL13oFJ2R5EPbvpisKCT/cbuuLC8VG3y5rtuNwTks2g7cT/cIvlmfnfBD3oEL86KviRLQ2oC+zDoE92jSubQShX+CfVvvyp80w/7o1WJmCZzYy3muzyvwSkscfsNgwKjfrxWhVuTB5sdi2/mK/UZ2xDoULgl/hsgRipttRiaI4YXnJuXOk/qcudXyjhQaC3shqpTeqgZs8jMWQPKalhnyKoWuKg00MrLWaOPMuadjkRHsjHtv++gHn9bgKE/BKxdRoGIcZ3/QXDeBRsYrD1le9tg2W8V82uBfpJ5vTUIgwbineTl1C1k/6fwDYfjdhJaQDjmo2nGbT5ouIzVlNSDnLvAZEEdf+Wn4L1xp74CRyo1aUSHFJbm4xWKCrNSE/gwQwjS5MbQPLkns01AfTrjuF4XBJEI9Sgj88G974PzLr1bXd76C8DHIfupErS6I/wwKkVqZktkkf1tPtOqxduw/+hRe8SemEogFfi/ae24WSbjizCOBTXnhmxJ7Q8uuXVHQSZkvtG0AEgAfVVkmgqQD7QsamQ8dbOBpi3HGTDoDXsncYru/4R72v6E97lDc7v+qxftXcr6QyVVRRrYL09QbCkoTOkb2YnpvuaRh/ho2Vj4MmUZRfaaWvUnhM54kMovEZHzQxFiJhQOwSv3eSFTouZLbWPPCSUKdMA9krCLQmvg2m7q14gxeFd5C8WDdpJL7T4cqvGauyWCuRrK2MUqfh17btZbxG+1N9Q6h/rFGVf12slm/OK0u9ym7diNcK8ozdez+lTwzfD8zrwUcq5ai2b9bQ2AtzzuIdJMvaVGSr5QIvXqMpTtH/4NFoRu1oqFQ5zgJXRIp7IK6PhrmPU6hrbmaoIEvko/jxBnJxlOwDL/Zl7NfbvHzraFFFgknALk/NYo4BhDZpboel6uCu+sFL3iszfqfwRZG9K1HY5RMQT38vslz97ubSM7O+AXEF78PTtszkGytetrlub1JT9SvHF73/UKNoThFKAkWz3z0mAjEDR/MZWrinxqsJJBuKYx8hUvL0XdfdMuS31jld9w/+hR5RrZUr9DQAi0AK8YOmiurjEKEdZkwmyBIJFo1hO7j3/py2x45KSwg4sqXAZG3Ql85EA2YxiN73buUp9tbvBP4xNZtbV8J8Ryt1QBiASO87Z+pFhs5Ly6rpLbJdQF7L1UV5R0k7+GClLpHtfFKA3FGFkStWoQaXdySW0xI3Nz7KOi5EwnC8ISstGeO/ScaA4+rZ1rz2gxhecDB0tmcMnNgxUWcXpo/K2llA6AdYmL2+/TSgSFjhRaTxIPIqM8hpp+8v8eFEBBeld9B6fktKVdWukn4lu0AnchLGy7ZF8kgsK7JnoHGE56X9Bky/kKRE2G/l1rrvMFHvQdC5pajX95gGdAj8J8ZMJpsktWFLEEiKXGIRnKPv8jFly0imD56+DQHJpZtMgvu9dansFjcZwDV8FqnGguEWpKzkMApQdJ/jgkyv+2/XXEs41u6VnrlEQ9PDfpvV5rPOuhB3HLLd3bHkmw/+JrO+fCxI9290pU41WdNuac8BJhB5QyEuk5vDtqcBo7/pngXkCPNtD7sqzSBNpYVM1jr+cChOVvlVwyoWECsXc9+thRxwbmSmtEpRsjVfSJmUPsfA4t5QjjGT+W02jubzEedZmSG1redqRdfKb2QT4z3OPYC97Ac2uauviGudnTQT17WuaNsRtAAPu1QxJ1tcuX6aZuDjBtsQ5QE8ZyPUJIYP0nydy4Q5Duk+0zZBZ1DiQv/OTLkJnaCLGjrw2O9REDXv7e1hhP6gqufbmeSRXwIqtEUK1ALOc2KcgWn/WQhJbwUNReUZ+jrz5vRdM/ElqAp0xv0if1sFuVDdAAaDoPp+Qobq5lcn4uZ59J/2hclKZoDN6N09cuAql/VQOGFIWk59blCNT1VJ/6DxGMdN/7kdTHKxStlUQLtHDsgroKXRnFwT4LWf8we+wrq0WqnIG55yndF/LXn75OOp+HM5++UHuHfOnEqLNfv6rVqPwe3/IxYP3UNuSqvfbzgUJApuXwI8X/eu0mP9iOk+ZuT5SIYqUDWWaoo2kFlG2vldQdCWXAnuzrphZr8vsmUB9B75JSM4L+uwPdeng8rrNttLDff9TrIkkYiRSzCPA1XPaP0NxBq2LRX+3H/RwGG54KZzpVlu44az6KlfB+YwkkWc6d5VccUDlh5PFY+qRrRoNAR8at/LBmhzfCIqTzQhCllwgbYVNJWDhY/0wcZ5HyNHCxYbo60zpVKLJypoE+ndW24eh4AStGJjw2jKxkuzvxEzqSo/xEhiW9EfAAe1XqXuReojsYCdh8Hoe4f59cfO53rvz0CBoDhBc4p2VG5uC4iMORNV15RWHesgAKS65PT2GUfOi+HFiT/qi8oNqs6ehv05xfAIk0lpQZuOamT53L4it7kpyPfxeU1+Witp18JZQ2QBnY08puo4Vlzw/RMzTTGAh9JNvupGRWjanTlu388udqDF9KEBinUv+avMdeAOZpzGCii6ckJZ2ePFL3LXng4PE5Q43lIeEzfYVbDRkoXKjUufxzrBy4flAsoJsdWaVgqnFZDHhltICqN+fTO65vNSNU2cvBwf7+81hRWZ+MT4vvMtQ0UMlc8D9fJeHMQNXYR9UNpKO1RsVnv40PyG1fQ7beKA6RQd8RWCWKfjSKM4OocWFgQqLSTIW9f7sI8A5JzQmIzTSclKJhf56GQWZtVXU3WZ/cEJwhVW2QV/sJXIsoEim2KvYjyVbnV2VgGKiUOm8hthVAq6en3vsu3NWMf9Yr+cLwjYOJsOLE5xgBpSmxCm+5n7lLjkuC80efZG/0nhYvelytxPaGjZ2OUYVZLnFGLomsgveivTsJfyuMOXlHiOh8Bi7vjGA0LggSe3Ki3BOkVl6nd5KeFKoTE+7S/YUNMhn+6FTaH3OOk19X7BtcDtxAj4taq869VVvw/OXWCA8yVndRTTZP8XlLVs9C/TlXs5lgeiUsNJrkSsIHv+T/YxCfP8MYZqSh05SZ5tJXkNZoUfZEEkz9L7j4LNw/MoX8K/zqaVMzlr6rymWd6d1iz9pfOxEOoiBzyzJ/TRplUuTzcZch7Nhs3RG8A+SuJxhaDEWac1tstqFoK13N5ub7g903hrfX6EyCt+hlBklq9sHBBxF8b4zKk8ZWpaCwTv8GxRGCfICyo/4lccWD32px4SkapTShzXkeHm/o8PU3R0fSsNDIObaIbkCCKj2Kk7D+lxfO3BAbjUNTjFlRsDixS8wDQVDsIiaHuUM2gJv1Jg59gMuQTFglv0cAHB9xMapi1oEQA6x0gK5KoXqZb+iVd6PYbThdoSHIOUiClYh2xiTXRSn386etbnqw87pa8Sq7y0f+FxHju024zX8x2XVyy8H2JM4mrLFSpNg2bvUX7Q0WPm1oMT8rY5PX5E6SUkRaFjydgJZ59yCvRQO46dqjkkE+SjWcFexAk454f+0JXyUu6eRmOrSWEQBOKS4iVVROvTttilWSOaG7AhGOWgJEpm/DHsgAFkgdlri/lJpWkd0w2j4O7xdFeNEwfot1P6jLBu3TAW6l8GSPltv/tP3dyopYMqw6WeIu3Dr076d6da9J/eFhEZaHEXnp5hyxnUOV30SKfOhJNvKcRsl3iiAtcepVV0RL3D5BJiyLqV/RB9p/JZEcAnRYNL+jWESWZ4eQvznhGfhqsyfFg6plwFzKaQetvp+Q0BAgcXDY61syL6tNeQBEBg9UAFvgW9kTH6f+iZOf211DuZAPsvd8WTeLLGYwiKxXSikCKR8QCre+9ZsVoHB0BfrWfT1nNPZ00ocjuhHAaEuQFfZJAOvRHc0pbqR8SfLATvMDvIJBIiFjOrO3AkQCBcqMgifodMAQNJthdlCR9nfIAzhqNg+oniKXK2zm6WWqeTOZXH2Oztk+jPrBSSWgU29U7keMmCB+NQrTKYOm84vuPCFv0fNbP46dY78DvH5S72aZNvq9g7sztMPGDOhdHNHOJj5jEckT616rYKAz/nPClSxSy6Pi7mcBJpbiUbM0BbrsHAMDNu2m9+1N2wi2KINHJAVtCR2LBWVTHcMGjYxthRMGs2AumLemtjgQNFNKQ4oTqQNVbW1t/kd+mIdXeOuqc3ZGwDChJ3MNeB53Oz1bhGb++qkKZzMPEeYTSrzmGZ8DTodo6owz1rgoxn0IO18OC1ieZQT2+hhxo71Y2lt2MHOWLwg08LvyYeWJwHWJ7VASvP2QGGPUvLMf/K6p5SBUnWYxKlsxl7By9NiaQr/RcvJCIBKL3NqPqPtYEEoxcYrXmpKy2whBbxT+IpmnpQj5WE40IhJnKNWLB2KyS8nHKu/TEQaYeKgXAh1LgOb+6YWqM5CZtH3OkF90MuQezecF4E/+ZPaiGVoQWYQSR+VUPEiM/Qa/rrKJTj5+Qy4+17poRfut50kPKaeIFWhKBBcw0NLZtR82qeZ9YNVYpYdufTq+RLWny0ZyD+a1rt4N4IOrU0QnT1wvPmlQmkTii9RKCCz9a1IpZ8xt98HgAm38Lvf2LsbK3pN1gI0Q8DfMUtTiuhkSyLR6Aj0RpuXYstUMn/GLsgAb7XyXjKcooEdBfFJ7YBJHEYEisIxWM6uJQtwyk9+fRXn73uYMBbGEL+cu6F1n+vzGXwjlcRD9RrwFt3oWIfCz5Tlq5ujBQqSj8d7qpETN2iZrrltlQHN7w8yfHbIG5kO+0hppm9TP+N42ad+pTArfqOcIIiYqrcGv8XD0xRSmSX6j610Y8azeObQLEplrblKuS7NQubXhFw0DIhvAEow7P1RZkXWZA/jTmATYcRzo2mH/SRP+Wl6i0v7BRoORyp+nxgLY2pziDzA+Zwutl779L3REoPFsHBinJRJCkBa1KxjP3kC0Q8zu06KcHsV018PrOh+fhuAcWQVORJcKyDLQyGTSg+SjtanEbh26l0s444MAg+Octp/Rfpwq3mi81CVw9MIYPpk3y7v+c3ISx4IASSyBjj8giKewiEkXG+/9f//+p2P+KR3xy788924Vd6IMcB4RMmE3Z4WHnXunFFHj7YRM6mkyScVXVTrsYQRxUHq1vyZxS5k3EwzkT5yegQIlkki5/a5Touu8JLPgLcgHFfkZCuSgaEr6sNdJLghmgKMlj+8VtEzUnVFLw0TQk8zXBpwmbIrdrG8rJTSkXxZj3/qZIzyvidYQzU0L1wY1b/F/VKIwg2uQUldMtPEvSpj4yr8bLzarv549WBrTY0KozmE/4Ev0b2Wy3t0yufkjY85U276GOHFr7IR2q1c79d4Fbw9oD9dLUJtM7aid+5xa1WQwrsk7yvoFJBLddX59AVgP/YczQOtlv/HqT4xwecwAe8q/nR0i9pnFJ6auxPKtay/OkrkzqiW8BoWsKE2L7Ajih8UMJ52r3m6eNdlFWxZQH3vWh2eptIkDsf6Tbg2EgBgAAwBgf27Zt27Zt27Zt27Zt27ZtdYgOcpGjX3kekvrL+AirgGBI4XDXVn58TFT4xFUMcZRZZTdETojgvIxisZ0nyxdFPrLQWDR6esJ9wV52jVJ0LPLRQ9j7qgHzsuHLrpVDSGJ7Yjzqw13w5BBSmOKw1vKVajR1rwTrTLnQOqB3Kq53MNr2d1V3jOOMQIZ6Uogkc4C6tkcqphhtCtenvNqnoHXpH7ybFvC9zPe7An8hW1O2FuWfAKhlTC6SecLz0jtzWdeEVr9eJVbzDGPW6lXcDX1FtNOj/fN6zBFLgKClRr9avdra02Gn0Awi5wEgoy3azNmZmNe5pM8h30r9oS0CGX5WBHh9Oljw1BGBPEMZuNMlThly/afZ8owlgIaA+8w2BIh4bwK/spVESZFCYmU4z4K5Kiy5lfirCRPPEPy8p0EO3BkRqmuqyxW+Z52UpNlLmbY9TDdDmZh1T2uzjrspip5AYDOBWt4FQJ6HPU/rjKYRQnLZtpnrgDdSLiHO0kv7qtVJC7KyBNvBfqi5a52nBaAomjRXUj4P319mRJSYBzWsr7IZN28tva1TYQZ1IFIIAASXACyqZUReBTbbS/aooBJh+Yn4GmNyborwwhEaBpY7310G3N7DBjm0vo1tMaXd+6ZLlDt9N9O9wu6alxHSklQRRqLmax7tVT8hYnJI39aWT7jLf8E/ezrgOH8PUNgjSaBbO556e9k+PF6ybwjsNYhMbPEf+Bcer6ViiM6UWS1mQCy23P5/fxH/ck6YmlRI2tRdcJJD77d581LK9l49eqBEJPkBLKPsk3+YSJycKKrH5po6ORp6TCWOuJN6rz5JS0Vi6+atdARVfeYFLxMdJVgE2uyQI8hlPeSqzG/RxdOccD6b72vK567ptJMLNnEM5icdMREaSvqsfMLPBTHJI1tWukoIYZWWqPTAfAcD1F40vTPorT36XQ0MJnApTMvYMxY9miNN9DrhMNdZH2btgCTcCByX33WF5aIVr21s57fYaWulNwuZH9sYFQK5k0oORrLA/6Fadkg/rM5J15R9zMDK7SP1wKPQhisctEi8HE9FwOPGLze+AKRVQhF+7oFbMD6D6GZ5Zp+vdqKF+fMucClUEIfGfusK32+WYusS9Pv8fdSxvUbdnfaeHYiBlFYGc4ev8Q/C358sxaN0hSBY+HqcA2p95xg+0d4unKnMbkwlAWWNwb7bke/ZI7AKN+pgYKGyztYPazRgBGkT08IIpJBor8ZCjdd9HERhvfjLQLoQcXYi0jsX7BMx2UhQXFsx+2y1ENkQwj/tE5FJYIkyGRdZgFEDYmoSQsuMkvJq8haprtO/xez7hDkVxf2DYe+cHg6XiIdQZ17E6tsW3P2EBCn2YL3M5RfY8KWRBIKQf3MWYhWK2spT+HBLZJkUZT3uYj2lcy8tRVFSYC1jZUP6jTrHjmbWr5BqFZTz9t+9kXb15v0LBZP7TYQA0UsrLBCLPNtuyuR7x4d7J5ZQnTapKmZ1kqNw2ooDxHZ1bBsTXnqnGf3eWKfGDuJKwOJ4154IaYqwAKW95YsCUA1rJskJypTgRhHQUHYHj5/C/U04HH3ugoDL4hZIm+N5HMk3k0YiHcKgAZusSLoXykCJqvpMdDdc6m+47EHsYkX4fRkVwFKPipf44VNXmiOr8SR7lOeXPdzo18B0I0z8xFSjjulLnfWR2KDNHX8c/OQo06wwCq3vX0JCQ7n5uL1218y0550oV8Jc1+6tBH6MyLQ/fjaokkszmDAWvfR02fVdMiT20j7vOGsWHBKiy8u/dmbRhbbNXP4Nsb1PbE9adUWrgqA+yZ8FVMwXrLtGKcdqdVXW2cw6sPkCDNLb7ADfebdEGv1VCGPP9BbKAh68/2ytSPs0MRZlRdU2fjcw2/wmhrcHkRcS+1yMql44cAr24wEEXmmVtGlCXDQCZJjiB7xUPN6vziCtPc1z7K0KqdzSJQvadhlEW8J6Bgdg8i4IMpOeV5X++q5rgxzkD0SDyxnHWIHbvDG2RvpHq33vvjPPAnwcr+qg0Sqmgu5ZZdaW8sfTRkSrsZadjh41Q8riJ852DGxjL20t6S9tIkKS7I4hn9NpQuxaTZ0Vhn0A8Ylk6ZRmGpbpeq2/FlZd0CbsafZety6RDEnMOHJtDfHCLkE5l0qT/9ZIDldkrhYBAdnOLuEdRlAzJYl0Zp1Cs/av96zZ+4serMApgd0x3RYxC9EqwZXMRge6IKewCpo5pxTMgo+BRdPAfkYUFIiIell9sCeLKy3bax9K9nlYeC9k5RVngJyTSF856OD9grlpEH6RemnIIhG/f9e5EQZfsdBGRPsYUJyXAYUT1TW7h+KW76qQMQXlOHmUxhC+EYyEBOfYg0N4NUNWwsx+K1R0e8Qx1x9ATEdLEF531mFBxc/Pjq4a5scgjRDkCp4L78AdRfIPMTE6bYZHNuyY6bEFdFtltOjR/1vtPePg/d7ND5gM9OmKWAV7+5KsOHIXC9shFcZYy2TmW5kdxk+xdaKkKQzmcAB39UbW1PStcfu6NYo47Rm0H1sD6Nvx3hw4+Q07Q2IkYpdUW52TVP+KrOStV0WZUaNrjTC9Kx70Y5fyXIZNXNgLTKRprP+0Ivk02snmDFBpjtSzIf1IG+9dtQRpl384abwbKex1R3FqOLOb06YrJ9TYNbqxUSH8TJR5a6N6SqZMeE6y403ML9/A1drw2cKCCp5OHKEXlvEOWTUm8BzIUfWmxo5b7s8Pmu5FEO7TuHkZxtvxuVPVFvyIDNxwi1PglWIUI470p/B43ncUaXclFvk2+JjgUv2kQ+t2NX1d7LUUpiHkNW3o70eIgkz88APThrjZ4hCm1l64nbmF1OLn0RPRpYgUZgEB32Ok8yokrrVE75Xn617cILo3nrSS+dP3Gr5h14vUnv7ZWGj5eXZXNYd5C11WUKBZUhxlKSnGc3PK2ezwbJA1aMC7H4VrJsq16CpRJ2QEQx6LmrVJzYFYzmxG3f4PRy+GE3XcY9gAwZqlOecDKXq3M5LPouLzfQSaNEBYCRib3w3uQWIWR5Pds6LuZHHJEvsXf5pzt9gDIc9qn3wn90LrqjQgtO7pDJ6FKQJZMPoRKumCX9RypYNI3tyZNEcBxun3ELUE+Khstb7QTHMLB8Obr1ZGKEi7tV7oZVkC8iV+iRUBhDu5UVMa/Yt3UAGV2ZfBsP3+xs55Bq5NYftqOwJB9qSMTlU21yfUqWxW564itqklSM5G7YdGbcc6fq9uciNYdhbk57nKLkP+C1dIejaliMsjYc2Di1B0ngT807RnTjJeZwpiVcXH4O3BessNSztpG/KDn4p9I+JXDqW/LdASYW4Umfn4vKJxgzpXn+k+WgbJECpw5KXjX8FDSjbSw4FBBWjRjCY4BeEbBR//bO5GO4PH5th4CAUtaIShbOjRDkvi67JWQ+HVP8vhlICJLax9pyKRto/a0lrQjVG5cU0CddaHxwyfLMjleWOnEW3RGXow+3UdOysVhsrxTRA++HyRAwlcAnlBbyw/YCqzRvo8sP12UzSp/gbCC7Dm2G+Qot0nQ2N7dPg1ZXFhTM48hGPvzOBN1Y1PZ7HMLIlZmSXWyXEf1ArI3p/HolLphmDK8/d4XYONKyE934Ii2eXjowuYYiPgHRCMC1PRDCw0onbe/mGxHNZXlHU3xs+U8q2vE65+UGu0qHq4yvgxoDPLr4a7tOl0GR541Dk/LBjsD2nSHCf2tumat3qrVDQQ1hqPSBqlvJaUVTg9503/lWt7d/FMPCev8HT+Ys1KImTT+RxH3tVLpPJQpfeIWF9tsM1eNb0MCEF0L/ruJsR030J0HgNmQYiwcJCWsw18xJOY7MuGHznJaLZjmneT+pYEwPz88brl6Z26rAZp58X+l+NxEL7tzTIbIPsgBc7odPnfjbej1g4Hd8c9U+MxAjMGYEng82suD3D2ROVCupxBhbgGyy4Abutw80P2QA2K1DoDU2Z3UqFNSZXi8T/+KFZrHvGvhkzNJrTPlrDooIPAgOU+JIhIjfyW5QYcMlL5FPFtoTftIIWj/Pif0RTHOjwPL2Tu+qFY63Qs4/yxAitBF3a1wBNFGAUl5FX9Rfo1aLPI41ykaLlqIYKSZLaM+Vt0os/4GTRF0hmvbJbWgjuriCl+Jtf9kg4+lNZhq8TLI6RLmpH5DoNCQ+awCIw5XZKLWnYtel4BoK2skD2F3+a9XuX+JPGywjaNd/BVg6dbC8Ff3hPKJgwBnj/uJP/69NqPdYwM+pCWC+ofN1wVPjwwLf/OC/z4v0oknQ94XQvvqiyuTINOiS2wL7LBCZCWPpu72Qqq4cZQh2Rbn+lBIVbUL6AKkM2His47waVSqOrSoH+mj6VBnokLya5JWETUBq/j/G8r61r+eYXw/aUmAHBiDsFZuKGThc0i1w4rEu9n7jv1eq144/lqL0z3K0ESH9ZHjRQTi4YSQzqjjmC0eN+DGxCgfuehEy4fuIwG2BMbi0kUlX94Bjed3N92dHv0Qmz4WlX02Kla8rhydN/VuwA7iF4kIAdEmnZ49+4IkglgVqjCNxIttCj/4F8A4383JXH/1Kq3D2fjRv+2Gzjhbt/UTeRmLnZxqPpjO1SIzS2NYMoFM/vlD9zutxJwOvO0FinOwCN0GzvJ0EbM6mlqTsT5F3/ecqmK+IFEfblvSfH7q5DnwJJQ1BrhKF6gV49l3SUt3DUJBd06cj+NbC3WvLf11wkA5hzurOfQUCDm4aTRx6qlNaS79+jSxXsxgokKWc2HpyuG0utEwzqV0+6daXo8hWvguUepEw7hf2azwCdDWNW9NluemZTjrRW2/PkYkAjSY7zYLn3GKDmhZB0FyJG7cRGZ0C55sYdvjvQmW5awk6aZoBREWKydr6Qv398mHipyMHTlNz+Mmd7/+e4U0s5wVLCS66pOCFOdS+wAcyndNygGub87dbDYOsabqswHuxj9pk/647uQb7mQCnkmd7ash8moeHlP7v8JyyWP6WuPC2FAO8HNBD2Tk5BytagaN7JPDyc474CVgQqgxbp2b9B4tU8cWUMNzF2OfM0urBPRnPy0BtX01s48GHo9n9uofO1JVtQ8wQZFCx3ToSXPwgaPbd8kAqTHe2HQAjz5X+NL2wjY2gNmAZkbcBDMefoMtURfHWQcjnJyBpcZFFid9B7mlGzOwXGshjZ4rqBz+tDDYf0Aaqsp40FUWGkICS3eBfbhd9nCrjoZZY9YuujRLrs7WXongoEN5xeMJAtaqxfrHFuQ6Y2hNehaLcSCc3ayXPv6BUt9IhLWkSSPrO3AvRDsK9/o0B4EmL3UxFcFmed2u1LspCw39dB92ESgJ64brfKUJa0mFu9/8x0osDeUxrtGKcmrYzHO1FSnBmVLRKrJCKyC81XHIdaZPJUQNpNy9AHEwlE5lrR75nfXwKmWKP+Mx/CBOf32r1odNVWRyQ2BXR2qA2SuX0X5PUK4N8RFuL2QAKZEnbhCvHMatf0V0D8C6jfNcZT5vJBQnaUFb63P1gzXiekf42PL9GRnjNzk098LvOC8ir95IV3jO8pEtPY+SqwlIZPmlVM8BynEThnVngypGnhFnQIwsuixVZEX9vpkEyPHGb/b9xlAtgPQaS42z1HdiVutWLAryPZF6Mr3awGgK+cG1jKWkNIz8ql2LdRtzzvgNkBzzCmdq3E153mPIHJUjwP23Cv+Y15ozB/Ff3xv8Bfp243n3zlIIJiP6siWA3+/ehVRSLvMUL7J3H9m4croh38jOX9ZHWHSv9sr5Xz0GnAyNEpaAwA/Ow/JyEVnbNG+SuTm6ywcSyGlxcuDjKyK+LCI9Jpr+fJa/4MzzfJ0Y4JmuVN6evrqr9vAwzl/ozNhcaMASTDFaWWG9cGuiGnvppN/USPnnkOIFbZzSNTczQJyaakQWwSw1DRYRREsdHBWi+C3bOH/HM/zXjwiR+RAWkFjEpukqgheac/zcGGpeu9yBshV+NkGrobDYDuhwgnnd/IDuMntjkukO7ooXU8TvIUouLk70h9qb43w3lwh7TI32YRkFMy3J79Q7S59uYihs4aucwQqyvd/IxaKKYvVkk/aC2FfTcfMc5/oo3IPZx/XprLkUJNv0hzKwIY7eKjscI+ybj2G+Enc3WWQ2gqNLRrGF6Tn4/gbsjcL5UOH4sdhZ/FbkQV/8QPoJ65OqIpb9r0DHfz0j0XpbDnj4bBdin4lgFYmbSq50RDN2LRu7/C3KFrrIJ28+N2iTSVZBIAP+/XnDb3EZsupDLNQovsBjskW9FegtmehGGLRKh/d/osTfYec4nt+WL3JTFVKDyW2WS2LyZeZI0efOoPUrxeciowwxBdTRpO0ksBzl+zpcmJNdzfEb1WOFknMnMg46FXNk/sdYzxacylvld9b6e/HdqeUTUtJQuFHq/wxRqA9RDbKPjxgiKWj1b8wDfxxGc1Jw2hNghr3J+d9FiSUD3nylKQQbKt+TOkClm0WSLtm24na4K2iKyQjwnj3jaxX0t8oEEuoLFOYgF81gSe9NiauE7au5SCkGR+56gAfyiPrUt45bUPSfjAZVRp72VImAeyuL8blHnXLLMWQHFiIDIIC3ORrbrEOuJBA37jAoWjpHU4JWlWKxWeG9MnJJfyp88d4ZHHOwb//luUuyfVVVB8BSKXWVDZJQNLLetNbEsULOXi6Z/Iwyk+F6fV9h1j5EJmsft/S2grauTj6rKuye9KmNxPW8Xa4txN1vqp7frpQpgfrtgmuIHsEKrXtRQGbnAZnx9MwXVM1y+XEKldK0IbEmqCScv27B8dOCxMbp0zwl4TbCYAtQN3dr6R1hW9AuQro1MrGmMMYN9fNZ7O7ZzmvSc3fE2J1Jcjg93Z3msSTZJ0GGRNRXIJ7GxGhzx85jfaFCPQhMo2jB+swncKwiASzqS1RbROAcMqBMUZeP99xnxj8M2FfVhGuXpgow3XtpZKFx7wRA4qwoLyS3Tnfzb+Sk86KrftlKiuJaK6mCMM4sS32NDDLiHN6MIem1XZqC4/n4W7bSRAQPjNb5koeNl7USLcL1DvqSz6+0tWKB+SK3xWfEVGptDzq1NwkD3ANuHxpFpdwm28kpxMJ7CsXyPjYTv7ZvdK3gFTDqtY+O+ByCnlK7siT7I5y8cnJ818ukIvNkRaNF/OdLX8jGp8gjHXRliDC3gfhadp7+M5rQ4yD7xMLkZJ7ZIm6PP8UEoBxnk2tbi3l6W9FULOgOV6qZHB0g45UWjmI0N7bMhgo5NAMtarxZ3MiuhSadFOGeCtGxh4lhAdjNdc9aKSTV56DnFkF/zuuUeIpb1VYbyWUXN67zNgkRkcnxM9vDLTswQ3pkfW4DU/JTMcbkVVqt9uBQ8rPbIz1jL/KU8iSfqcqdUYIkGMxwkHW9RJ+KrZcysUlJ+EAqmudgkFT5Y/DMBq2cGgzjAFz2xU38xEZQKIVDPnoP4ZtlEz4YPb/N3pviXs+Yqav06qMQ1RbprIKKPD79ie8D+kEMI+QpHGMqpgUGEo341WY5Ti/VGE0nLvR7mleqBPYNkEwnioJgqT5VCjjbsyGaA7zIj/feywPSnrHcoZWPOXycVQA97MB1KuDQ8W7EMVmeEybEgUkff6eeItUxTLqXA4q5BWURo+/vgCAgK6BsJSPRCD1huUexASjhr+wk2YUsp2mHdqj2FUPLwC/O6nzTFJ9hB0v1YqDfvhFDAY1LZVoGa8/iLaivIrkf6H4QJ7IfRdI2Sg019t3KeOLM6MGh0yhScH2UCFAeyA9y5Sv1+gckVg4pxEj8PzNM6WMA336W6ZktIcg74AFjC0czB/UwACRoo+lQ4ypWI4ZucbeFdqnOsTqX4cRe4OTFuqk3y9NEZE5cWRQjCWP1m9wrYFqkiT5WXGpPH78ylPbhCuReDkNHAOBdb/p1x6tCPVWY+GigRVMeLP1+bE46E2+E7xD70CJkr/bprizexo4zexIW+Ye/GSasuXnA9S1+SrH0MQr60sFbg9RSZj/KJKODJYHvxluopkTa+ERayLKCy/vDRrGKjCB4XoEINwUjmc84Q67PQlxaWNLI7c+1i/j2uta6t0miOBKLN7lP3kTHbR2clEMSvfrrz1bgtMYAbBzyj8i9An3wuKhQ9aHjoIsYEzcfqW2alN5uke51tO5vYmQp34RLy8q9F6YidN9eJfa3hbFBjN9VB3Q4f2SgmlvEJZVDGs7PMIrCWv9tp7zXC+cokeuQ5du5NO02E3l5VkUvtL2NuHW8+Evx4ic0G36AGM8vRPBrVt4fPbve8CgWoyIhsvtwTpFeSLMPtPTzrh/zrNBV9O5l52KjjMxyc55hjQqXUwCcS8aQyO8yroiI8VGra7ZWb54oqxAV+wAT+2TxkrMVlO/5aEPSNP0g/6wVdeq0B3fFrwUx6TDbWTNbSiOZrseO6EGTK3LdAWxFGLe8NVFg3gSQC+fvGqfyzdL2kE/ZGgTOAK/7rwtptBf8DNSt2hxN5ver7b8Qkiyo5x2zlEAycSdRuOf+CmkZF7Vh/tQA8P2LqhDVcmY/kIoYRDXTXQnbQoo1VrmnmdFS5RW9CjpgvvB55dYYJqceQltfZDppZCYVRF8Yy7h/NRVsaLvFPF4FDrKQ9DpJfe5aF5NSXuUv2L4amCwUyew+QodgchZcSW6/eK4l+UCczuk3O2AVKwTp8/mW77hwa4ZUa58v5UpY9opIPbdKKtbbWbMpW3qD8mVeA9g9oqnUkB0RBGSvt8TcXdVQkBTAuexIXdEymd9Vii7WebEU9WRmCAzd2UT9pBSikeyGLnvBnLZSOKqdFmjCyZNQ9u8tkfmQoDmlYL+wS+9fm+iz9MlNJxoVaHbREvcozS+URCPnSvTkGgcECrDmMP4nmylZ141om6xPbrCrAaIuYcHscT1kBpcp4bM9Z+khs18/z8iG+cwqfbN9wc85qu02wO6dBTeZ8awFrET3xZSVAd+mvZ4bfs0yg8rRwCqNZ8H4q5pZfRHtNf1sV6Gg4whnwj+HlNbS5tbQNnhDAXQ8cJElkvn4AwtAA5ioYGdUBQOiOmZ4HSM1QhvaLXnzJ6Ze4YU37B/M8yaEFTIiG3xbzbQvKGlI+nO7f8k774kwBl+MoMFQw2kZkWTf/6E8AxpBJAkBxoc8ovxhKGopRCVDpoGZHnfWwNE8AzySwrTGf3OKoXibGxOFdKIKh0FOitBWFTVHEXb2n7dZ98ztgwtiMx3psHttn8XXe9tKVD0qsE2AJTMF6YwHAwzY5RXzEpdJt6XiCWzpqE9v77IKzDz+y9thumJk1MdHPMSGDMKIzG5Hus87qgemGEYwv85DFYuBcq17RF9y7WtSFHA5zysnuFfYXMSA6OQnH5aHc6QR9q4IuWFgHmeJFbaeD2GQyTwlTXVu+H/09qdNjRCmjdGx0aErvFP3OJw6NVkcfBMtdudJDnzI1KnE6uMlgh3RydHp181dFG20TwDCFbbUSzIIHophU1vvvHVEioi5DIcuf9+WyWQcbRzWvR/wTh+01XSv97GSmVsViP3BhatQ5QWr1W9sbtd6xt0gIHCAdafeKcwit+Bmq4NHr1orxYR5ykTigZX/3zDKH9Tfj9HCe7OrocX9dW5jqpSiBi2vo+Vzg4ldNu8S7fjn/USZiwr80q4tmkttS2OOSY2Ac+knSWE69wkRAUMBhW9JkwZLByK2Ufx/Qf4eTGZo+plTHxpJ+Tr4JHeoFMO6HjXV/c0tAQTfhYidI5AfhRZqPdYTXQ57VoOCKz8LEaWnekZYxeiy7gqhY98VWGFLQUUn4XkJVbb1XTV+D2CMlWOg024T0B9GMtvnh/xGjgrrlG7bj4xKnuuRuOR66olSib2BPoiWTdyXsDREl6tEYsiQllzufSIuuxfGxQLncCFmvOg319D0usyLLt2SyzPX43KFmZt8SnruNHmB0ptumvffz+lEZ1vfWGzXC3zHO+FBac0/Oc36gsec+CFXgU6p80pazTbXOY1s5P/O8NRkW0UptZT0EdP4ihuyZcfebj6h3Z63HpJwN/0LSVcFOIylhJ80Gm1kRSGwFEJd0QKOw5wyglCgMhzo2apx7L3+GHe9GZPzYFStKnifDjo37bjP6pdB0/EV1g1vYBh4EmkuLU4pFFVjingfdbm4IMqOxBzfDpA4wFL3M6H4z6M12E+1B379uiFUW+255LE0Lzy+EWgR4u1XNC0Pr5CJjVxwWOC4Jjnc9r9FMUmF9sK+JIWSmMw8QFKBsEOyJkvW29RCO2EQ1rPRmhLB6l8F/rLmbpr6hBRoAOVB+WCK+Ma6jpQe4w/x5sBDG3G2LBc+JN/I17S62xPIHs9h5qdglyuHOeLwFAmFGwBsucz+NlhbIh/4pFjw2dG07lQraMCG3E+/lksviVR32IPv4oIXr4Ppq1Bw5nCKIQAGpwQ6pyA6LIBdoBlRaR+qScpz6lFbweNFPBBj/ew49g317/09hpJaDN1Cz3T669Vl6c7vkzSHu1m0ylmUAAZ7+DC74elfg+/PFM8SoJwktN2M0f+ImaTof2UIdxoZfwg1KwiJHy0Iv9kwwyIJD1uW4933uYshkMpaOv72SjIvNL0Sd6h7aa1Vx8mwSmvx0Q0b6T5I+Paewn5pHkBZamLzQw7AxHo0We7Mlk9R71tZuB1K8lB30JOJY7CcQo8nAczqzQDMT0NkI5Emb8Y2j2AyXrtty/MCJX04hqyYco2IsPdiUVaXxAMyuXqaMjDiAsqTpWbumxMXvBCfv/BlfwYZ4ILvN50YNy5MoQgE1cSzKqvui6SQSGjk6kauKReIV19HJU43oRbySC2kNN9Jlgb9jhLDkeqjyAaOZmuGQIBByLr4YevXLGNB7Xm7AUpLf/gp1XZcG6qa4nEmXspyHdIKIUeI29PYPBTlEeWbFZXh3J9y8mpWXax2ZCtCN3m2w440CDvZ4vGyazQtMbTEiHOPknbPNPEkwStW5SJ7PP+GPWNI2cJlU6rSd129wVppbdLqrXCLbJBsgDWmT13e5qopieOwibXNihXBVyDK13ASCaHvvjiduQxX6fHrwMIdhmVfpEJGf2jdjzej0YotdD2e/hy8PvanTij2gmq4ouEc2TgWt/MoVqucSHvXpz0SCxz1LOGzeZSocKBeLBqf12WiTEpPihp9W53+DXQLuBCnQd1CH1snV1uZVhftqeEIM7Cd5rPVv8JQvrvMi2UjkkLWGMEU+uO+dc/38WkYgrz73mPrqm5cfY668E0nnvWp7aWCfaoIIueOxqBQD1+tZmuCj4kwgbtBoPftrN5a8eJTK/79RBJpHZxwUk3fHiFaunHhZNRAe/dutmPGBJQ4ZO2+ahJSjuh9/2ed79qNydyIFQBhUlK2yEZ4IpBMHfaPukE6DkADNcVQskvR/Z0W/0xSUNHdlezS1q3mh9SMWrlGWD78sl7nikw7Yyz1cl06g59yvHfIzHAzTeW033NsaMDJze2tzlrr2mG31oLqiu8XYQNOO+JM9KAWAwmGes5jTgFerHaUNxkrmh+kPWfCAkEF255wMOpvWNO4bEKqSti8jOrRB1GBxVxQP1bhdTWg4CtHuOCIaw1OfEIgP+GXJusvPLACd3MHepHO/9invYXzsPefJGpo3zvafkM6XAKecHxOnFYD366ZzFxNBHmUx4Tez8h/sUo9uEbd9f0OmX00OXrR/oBoKU4QS4lW7XLmsJyZ6gkbpkXlcgh1MVBbS496Uhik73hber2oVS2rw+ElsXCySwxErbAnp15BvxA2jeV4ui9zi4IYPxfqkb5eRa3ZY7isdltgGt7YLWy4xJfgbfhZSP7GTWs0agMdSHC6KBuookBq+Z+YtuObEZOzaA5U9yHnFuUjlumL5ozSqEWMWQGT+fO9Vlcu3Ur7VNeJGI1rC2smBMS+dnkoNmKmXMIcAlBxW2Ixe2Vu567WFjBCybau9drVuRmcVYZK5Jv/eyhkKnz7jZKzlGottffbcg6W3H2E4NmbjJ6gVMVtPbuXGPlducaAK9vrGYAJ0vWDog3tgF0Ss25cx2lE2jFRDoQKeyUSdeBAvIqOPMj+dMtsGlI2c8alnqaDHRbvmTLPpssKl18375c5wPpANzXSU68EmIHIblh/B8xD4UJorzGRGFRoHxq6VOiqNJJrB+Ujz8e70OWKgS2rZ94twA6AAk1WIvDZNOfkj0o/5Gqb1iPWAb49mVbFoSCXvvz7kxEKQDw7F7UgqTi5YNO9f2GFFP+F+AQUolqLdk3QjjRSmW2/bU02sDqYgfTEe0gwPLYFytJk39COA16DXWsaCAvKiWTaU90ahtUiEsZUB7cFRvD6z3rLM7hCPbTq/S075wGRBV7Hlet3B7WIi6iiD9VgeZkPd8dtbEC1BrIzV0igUZcAT+TxU3CbZOD9i8JoJEKkrSoriP578fShKoeU5KMCFlsv2q92GG1WTmZwQX/MpcycSCY6Gw2XYqoWyat2W2JL8oix2AuN3P0FZAhjVsGIYxAiscsdaa6J7LI1gDAVqbDdl3f4j/dyoqfwVWhaG4RVEYyuDb+JhWQvHhZjDx47zg8YUjW62bPiqiJij25ctTzWlwgaALukJjlMWFNy+jFu4gm+Qp6+5USLyGWN2PwnN1loTaDaKB+eTRJxHIPj3rLa7qnBYReKmMuFg/DIEe9vTpIaRKMu1CLy7ueiPJV4XzHkTeE4xLGFCH4CUYjbqJHxOb6ILba8XrWOun77Ne8CUIqMamCHytLcqfewInC5QJlrAAuqpG1DWkELOvl97lmhbnBWzVQNzb19omLLgaMMFP2qDijXkQrd2f1qqyefFb1FipPnuXwB5Er6RhHWoT5tXThuzyyjbTinU6QCkzluUaee34SXJ11NNkFeKxEFh5FhPLANIqu3Gl2STAYviO2BycPt0RJhXF/jCgl+e5aVcYcZ3Hbaw5w4wqGvlsWSckFGhKzVsGW71PjEzkLMgfSZCkkDfpw6WoaTrfYDL3leTjQOgRnDOtQvalULP2+ZYTVFr5ZB8pb8lcxnCSRtUYfkVudrSere+6Tp99+p299WtZ9ABIwH2XD5YM+VF5XCwf4mG5GlQ6Ya2uRTp0j/a/kY9K+4izV+FgBlBUTuDX6bTEHoL2iJqQB2jnNMAyUKgIOe0Z/OfxZZ6tCmNHSn8QU6o1ulNH4LtysQUTEJElr4HeinKYPNPnWg20jGt7sq7lECXRuxjJon74P9omLLOWUq7c+SZzxki+IJStMJO2UZvgLaPxzq+ATNMfOwAgCYvS5as7J0ELuu8PnY+OtijRBXIIXg4s+1/maakxEtgJcjJK20FvXV635JIm9cR7jgkpLkSXSMOI5T/FcbvjhWqRbqJJbjFgyC3cG06bfrLZtDRDV7Lna4v58jOv1h+R3QtYmLvZD0JVQ9JnPfmZWjZBVUKgI2D335ch/51kShJPWzDPiqImGnCTeD4ZsRvsVoMEqKOSqzFRdjE88b7Kg5Ddy3nRdPaKS9zWJSAb6ZpsGyT5I8Vc6tg/QAbijL4ZQ0oeKg/PTTRwmYMDJh+s8tq/BfImGHllrHqAHCT6jxIWz34yIrc0PSsT2Yen5IJ4Qgl9/I2ArXzjFeveTI1JwY+JZs5WRxeDPjcxKD+vgLkl9O+nFF2ih0HT+cVxaZvHCctcGjlA7UUvbiB2q1wwaUD4VGl4ttfCpwy3IS4vMVnwEGjyXDmMi3UqEW1iDcpRf4dOQBK/MbK90h0c2ZevEQ68t/bLhIKWNpFP1PhBr59jkaX24lxIld7za7xRx9JhfVEjP1HiUDRv6z86xeUCKFtgY8mZqrfpQ2R3udklgS/+If9RYXLdEPRw9zqiJmXkXTkhJTh442idcr5MXJH2w2w06LShSh512peMeqHvfPh+9yHPsdMQrAl4wmI0w34R/RwrjQ8T7uwPwB/uKmQuH9JQkW2iYMdHoM8xFGKwlJy1BpmdqdwOYbVEFgv2bNdeOggjPS5vo9/3lupJ2k22zAIvETpZP+wtaerHkvpbb3J0Cczl0hMkQKRml6eZ74xx4cOTrixXRK3v4EHXMa2I/HMoZzBUz9iCXYsIb+QFc6rTKH70tScw7HAg1g/EPNvfXeUsBhI2IFgwv6niTQucuL0r4fa+tpIYnlC4mYkUGjfio76OA3lgGtbcv4McyInvVKOtuYEugikZPs1mRI+OChIQhJe4BCeKdTBfFOJT+HR7HFD4Do9qwQWxm2Ni9xAqtSBSlf/di6mjYyyRDWGOCatlF6iDt+X9yUaxlF+lthzvAcqwzff0mzZT4wXTiAbubYOvsnrsZjn4aufwbKok/+udL5TqEizyZ6tuIR0Obt8bo5O6PW8r09G30wT2147aOFykFFNNY4U+0NNChZK9F7qW114AAoyXSdBS4WdoJbeKV6317RFFCFcaN9r24I88Af1wiyjM21q+IdFKvcAUaZrbgVh58uCo3nKZcjcq5/hblaVqvMj5C+Zo4EKHvouctuvYMDteLg05l9j0qIBwVn4X66q8ABcqE0hKVGduxH+09JtpxVPKdhQM6N2+1YhJ2iV4+QMa7xtEzO8v/Xk1Bjm+qtv0rMOLads82LIOpqTnIeUgDMEGEPeG/M/kD/taVaSjgsuPy4NkJVqNbUsQhhN0Badh/ALWARyomIxZzSehSusjjn+9p+ItilOk/9u0D9ZBlmMhG93XTJVsSn24ZUk8Os+ILCOpODYJ7S9+9oMXhyByJT2bkSPjrjQjXggAG2fPAqjBTKsUHkklOM9qUODPu5nRO8xRSLKWylBSzYcgruAmVC1zQt1HnaejeX+Y620Id/4ok31I6Za7JKuPtexi6Om0C07cWasc7f9l/Sw5AWBS2eCaSYYnKJ1Jqm2HDK2WdcNArX+jddxW+yR/bFBvUeHb7GYjosW88pk6jxJPuv38OFHzPw+oTaUlUhIeCvHkctDm9yXpq+CxLhhAtDR0cRL6lgFgBn/yIlKP609yA3nO3bbziMIpKFhMvBU/QDuaeBky5AGKUxRach1GO2E7sRDOLVbR9hkqjrxTE2vUKtRKa+QaZz6OLyMIi4OuIlKR05i2pnzeMIskhrEg/nIxi6y4BFLcX8RVMuKEV/RpRQjij4XyBhl9N5UU5KIyCFJ4OAIn5CYjZrMqjaa1bJHwnTnc7lFDoA+D2LDEmtWUdik6vNXJCuTn5shWfYuJa2RdBekWCfqQOdPEv+SOB3HZnp+9+Rj5bIqq6qSdVxmj9FbN3C+7RCspMFLtAtvASHAqgT6VaTTYNtF24fDyvJDFuxjUxDenJiGczQRY2zhU164W6xzKwGpbLH/AptyEmNLy/rPL5LvNCYJz3hFAjI1Q15SmdDPdkdiahjsP8Ejeu0yOcgtPSEoMwKLb8hSG1zyjCPDKA+V/PG7fPsVImPnueyvgHXGNeujO9nldtPljC7us3ZysCzlcd+RnbL2gpQXuqtM37LRw4cKj/WqYk6/HvJZdYm7F6+9qSr5h0OawpTDMMlFgPHWwnjcmr3PEhNaEFtXnNcxCw+XVryZ8E32lkajCYxN4CiGR2hKXRqnqS50PK6Sdk0wkNHqXMt7O3IKtpbjQXw5wajXgryEAggvJt6pvJIqqjcaDtLJH0He4lsA9+wqMBoKp4pp7ze+/1O4mwHmWQwwKj4E+K/DsZI8+SRTHuILynuMcJtCe9wB5yQBuUpySrPLNab9YqrElNJq5pGccbUh2mn80dAY87G4XMRGQSrV7QBELCkv0K2dk3Kt1K3g1L19MaR/wd9G0y0KleN9iGU0vJMRRjEsrWSu+R+/n9aG9BHiVaImAEkRa9oj14Ck7oYHPuztqIjaL1RTdosSjzVcJmJT8VAPdXIcxGhVJInW41Iu+ReM8QorO1FuC3stT1+q1drgt/gZjks6QyFrbv+yw9sCG9fHVL0Fx95rynwHyJP6IQZCzRyIPnpxLEQs8sk2MgN0FlwmrqsNaVn/wT96T4JB3sQUuQOdoP9lsTi/S41Ibjfi1s2hF1D+ky/G1UxI/4rP7wGPpcthSznF82SB8FBbaVjpl8c9JHZ7hKLOsoYCjQ/rWvFEJtyVbgqriI+wHoTK8q7N3kvwz3ErOSY/NbEWpsrpIkR4iEOYgk0IGN+bld9I3P+RhuPQs8MOyoVKGfP4pBaCIHezX6nZUtkuokQKwU4ROdgI2HOhS1Hl8ewrQ75gbWXeQVCEhBUgnIhEEL0NZeXCrxlEwCTwAPdWDA0j6VjhWKxsc2gb60+s3mCBA92hSkypHGCGf1OnlXG18gtXi+2vJexEC2jjUQY8RzpPKL1+NZ4LdO5hqxKrB/6obB++L+QCXwEg1ml4K7OUwOWTyg8SDzoiUi33wBBx9A61EU7D+uLkRuPMvW6dEbHOz9RtgoV2o6suZpqDuzfXhcj5kDtlhOhV8B4VuQPZ9hvxrJq1rYmhZr+KrBs3YyfOsb9XVvGKKtuNruQVdBLajJFTpukwVl/KEff7WcldbccqFT2VB8rjZo7F3hoYgnyKUodid2mR6TjVHJK2TiWPEjCrTduAT4fVty+XsxwSTJUoRws8/UfX+FOfWLUtEcOqUJMvJ6/KswI//GYGPf5hv59qz1KxvQ4gxfRKfthxxhRHvcJ0XJh4IAGLvLtY+zP8f11NtrwtvvnAhjp7yhg0bYjqgI/kHBmLsErUq6VAkqJHU6F11zvBl5D3NUSyf30abSRylkPuuSsvZE8AyYP+e1xKuaZfw2tp+HmJZzz3tnIsSIAL4jRdCtX7Cpe/YUOGyQYKrsiPbozCJRfZzmQa2+pyqGBHK8yRdVXD0609tVyFSYTCipxHbJ6OvIcXPOzAhjz/xCcoBvid1y0iPvgMU4SoXRH1uqOKWtPH/sowG+PAZvFWpyQS4VQgiArCqXfdfcS4KN13j3p8/zwhe8MZ03qLcl/6nPtT5/PR2/EqCBQidj/RRRGJd5Tuthp2bCtiYPkHkjZKuyt5umh9zxRvZag8D3dA5xysg3CybUSfA/MJdB6P/5P/JqELfcvMmzLFKKCs0tME4q93ddn/PaKdkZfGvR97dRs0P6smNJ7jWwBl74UgZV7q8nVlCJlYfEWUv3XopsrpNUxAS2VnT+K1OLQmmuAtmSplElssbTImSYf3zw/JQL5Fy56C9UBb22pRieep9ilkqxtrgSdTjkB543a5t5sCdyZzwiew8wEmm/PNKrg0MZthZ4Tl5OgLvueGn8psRrlwhnL56ispmjd6MmGuUxippooU6qGE0VO5jhR7piDIroyfiTM8c+r3WfOjcs+rgiuYipZXv2hMO5hcDKKoPC894RF5vu2WldHMjFQTgTEQ0ypKOBGB78rlicP7jjXgMohUjRJZim/DN1V9FF2HjOL73QE9du9/KM6egHASZbDa6lyrIxqGFGUoDZ5Dl0fxVNVDTdIJvayy2dpUHh3DbVRxSHx/ftLnU0iXVbblGsfePiPKiEtVupiJ57TxJvZe6soWcnjDx78nx/QXR+kxaK9ekJnFm6N5xPOdcfmJYiIRYR16up+EoflsFGYQsvhMZyH5qpODJ4UxJczep+OHZ7HVb3f69v7VAL76Wzaxnyy6WFpvWxUTTsXW89iC4nC8w2XbOP+vEIzxnttKK8CDS6Gk+qa5puP5TQ0pTUeO9h1K3BgJxAoO/4ubkUoXb8WApizhN0ISJNd3y9DQC7qNQlZstWsuMrw8UJ2bC0OYn0h7u4bGyXzjDPRtslDZSIbPjA9uUrxoo+9Wc/JOTd2sQ3EdBn4WoIR8lUlbQqHa+HaT7boJSOco74fhC4/t3j5GnUyAn/0sORBT5IPRu7SHDIRKNOb3SfzhmwuihzRUi4qlotGpjfbczuzaCfxRlsfJ6Hwp9ThAdX/XOcpkp3WpMAlqIqrCBEi/qBY+pRwY9Bk6CDZgyMncegBS3yLIspPvXp+rPtBdYFb65+Xn7iDQ8Jh7ft/8kFOIUqzrQHG+j8V797eryB0mkcmfuWPduGQYdCfIbF06ZxjwU6fqBK1lzN4hG6cy/w4RomDnQEpdEtCy9meVA7HkEArzyJypJQ6+A1kozP4UOaDSrm6KxId8b7VaeCArdPeFv2WLHg4jpSfH62fuhTxihtCdVEt737yGZLYkPcJa9M1MOp0ILco3VrZ4FoLdoeDqy6JUV5li20Ta5LCh9FbFosZfYzRTpNbxHlTCATP33nbuESpCzWh3pjYTjjsUH8LwURdehZ89QAfUAcg62HU2nKZcRbj6A6gX4ArTGeTRtaAiOJFWHL0jCDqUk4t9RHwjqdfq9/NlYxBIjWYCkSVeXFs2KdAMBQy1nB6O16tAG89xh96MfLO0qUEq3bOcc1XKIKt4T56PhPpVnjzU4HFs8cVF5nt7M5MWjxZOK4d9g8xd5BrxkwPn6tu+SgufBd4bRel7gDCJCq9CtVYiqsX1oxCu51See91Vs5QLE2PAS4vDnLUyHykuAGI2+3G3y1c1utJePXi8gS6rvYp4cHOPqppW2v9FjoK2jlFlBSi8oTxh2IekgZp5mGgkgVTkInbWH8IITMXrB3xNm2MlWgOAydVpsTgej+PcP4CGcaW22G1I55npfH0asUdhvEFASB2wr6oCoUCE1W8u2X5Yq2G4Y8jG4/osi79BBxd8Dr35mpjygj+lR+92yAcosS5oyUay1UiS4w62PD+DbTw+IqmbBWKfdTXiG3ne8/1Q0A5gDYt2DzZS4eHgzO7DT3JWS2yBeN6jtk9E24ZHJ+cWs4UkKkiuE6EuXV/khh57CWdxag5obhJZW8tXNPmX1+tBaeCIcZSj7D+JqHsGi7gE8P03Otb3OCUjqT8g/CqeOn2/1LVGpExmKoS/PERV90zEkOJpjX8vfpeZ/rGiMjqTn1mVKK4OvsbEydfjn+k9HQRBy3a1IcN24bGCpbeW6Zq/u4EZ/54iWLglC7lhRJi6VFAJiXEaFKOutEVXpt6LaCpHtMOgjAnG4K0LG8pWTQiuK5TCf9jgPp9Ddt1vusgtTfa78Ktf7aLHEaVL4POGlplyeADLf1uHd01B3ScBv3KaVN6LYofYjGVdjlnfi7EQ05/xZ59kvKtJ0Fk0Y4ImDTBEVqUcB8hJUStuDMKzx5jKmVvg7AjQPfSEMCbdx0L9rOWVLy36LfyGV4uVe1uPRicZ6yV0fiE+B5glaN3l57sxMBBtuVkCsER7K78kVPN6Oa8OnFcLYxYumifE6UGC52rJOZ3Wz7gViNUBsR8hw9+L/fRQsAx4H7c3RhjAu7m3nfjjpmLdlSWic5oM2QTB/p86wpuUfM8BLmm3ypbfLVVxddBme5IB4iPcegk8XJ89KELkPIiaMhCc1tvAlH6Ihh1jmQtX9+LBTQGvQ2x2GAWRd7qlN0Ck1qpmhxyYubcCxAwJKXZzqgyZvmWUT9ABo7EqSj1qG8yGzyS+WXG+0d3xWFUMpzVAHgXJIWruuyYdRmd3FLCousj703bi6Y+sVevDRNI6entvsQWzRtDda0gLOoiLvLF7CzO3s2VZAhzratsIDCLWy97VpiLlmP61bSn2HXVXxiz3wE+QjCfrJKW5n4vlI8TKc/dE0QF/lAC90cEO0jwZwHQROTyktzRB3uDP1mLBYAo1NANFH4G3fR1GDqPePDew9KjYkW6T7oX52tNc2zsmbwJSxT5p2g4BiQ54VYQRQOpMIOvA7SgTHfg7kRrF8zpcyXG5zgh4i7oDrQtVEcZhOwS5pXuHwXkJVS1wS0WQ8SJS41DBEp8FMM9Z10feW/mLcDq22saaKf3pvPxjUaPhrB9AS8gG8ctSRhBjrp0oXoFdZiU1oxbNPzYzESj7e95L2QaeYcCLojxEMHi6fpiBwcp+nNHFzRTzsPAy4t8YuTVq0DvffVLOrD2GO6ugRSrDokZEok/KCeD8iOA3dYhmL1Q/TcDjg+V/blwoMBdkavKuFbFYlpiuJYOoyiEWJOXGQ6LzYyyTnzRm/QKHE3jcPl2OM1d/2DzNCd2W18b05Fqzfw3PXjRdaVD/5lVXKSD9o9OEGUpYHxthRYSGP6qi9/UQPHc5MusgRiQaqBhk2utsZ/mulYmseNC8aZWWyQl/VHm10WBcak4P+sAyVNBq+2JVmpN93Ea6oDewJSWcMTife0/g4AL6sB6rTApkOMTDIZhM9Vl/SycI90rXfkwHuHwRMl8OUSJRq8ZouSpz+RmfnY1PareqnAz6v5UQMZxFxQs2wXmErcTfpmutk2vvNudLA/bVvtK0lW7Tll1IEJGKHKcWuKKKJBX0b6D5Wua/w02dB4bafttnRZ9TP4JB52hg7iinoGVE3hcb1egqzW3yehbVK+QLch4tif64d9w8nmuPaCq9+eGDLMfq0d6uMqkoAJ6GUumUEXXzydCr7KR7xrxDwZPUwHL100dP0D0Pkmr8hQGbseN5/cdC9v5THN2U3A9oqwmwRPa04xo8BZCtXtD/ZEb1MvfWLPeqVQFHGFqoLw+uQ/UbmuCA2WBPAV098EK8ZeJSAIDp5x2LPmSIFfYQ6P07YBlWqO4AId42R/68nEC8mb2xLjzMLRxB13ivcTe2f5iY7ptPaRsobzJmbFo5bPeTrm7gIsQhiXwRThMDO1aTPBfalSjGz1guwpFqK1ZYc7PRQEReqJ2m6fdiJYJS5sJU7eKv4JDiGQ8CePOVdIRBJL8Sy9EuhdChtOcRt1SPyl/EGIhX7qj9hhzrhAzqYkkcvPXwt5D8C4fEDKmqXwxdM9wQctTG1jLxhZhlBVYZQAmefzY5TsWseF6hROBEfvjiUTqf7Yd2yA+Ic5LjrDMdHn2lj6n8XqeX6an8Dv+t49/3453Yo/l03wktyrOE2kePJ3mThNGo7KNqSXXz9E8KTaUrQDuK5YDWBtSnQsWOkr+RRk48Z9qqArY/7rrKfyL9E3GXOLHocWGfn6rEMXHrR11Hj1I6eF0mResNtrq/Bptb0lk+ZT9VQ7iGUFB2odKJUdkFOXs0Swi0tiulwSBi7tUBjazpuEGlHCBhpdqy5BmOsng1ITB5ntsx+8XcF3HgDMfMxgJfTPyJlfcf+moNEURWyRVJXd8eV3QrhRnjdxNnKKAuZmRMYAbU3qVPJkNUdZQRFC1gRGLBj/hLYoxMsE4PMIjjUgzfI0+v6rS1Uqt3n3y1CTKw6dEyrsCgrNgjQvCNVppVuM4mkoKzvm3XoFLuTDQHuSB2i6PBXOkRfCDO94mv/qFHEJC/sx6DyscdreaDKOvZvy5WNIdTYK3ANynpvV9fQ/vJzJzoRnj1leFRUSrY9HRF6EYNDPyjWhCcoSZmrMnZAYIlnCu+7EogFXkWYxaYT0M7UDjMnK6K+OCgEVFYdkfPJH1oa761BapNBDgLgQlt3fsc56XDSkSgYvo1K3a2tYWlNyZpaBS+oq+/zrIONsyKYMDiEnuLmYftwDAYr+6SFeaJVMaLSs5d6iTkIktE+kVd6/4Zf0XxXOYC4WABJGWr/8v/4fdxzujhW6Z0MZFa6mioXKKrGFxbU87lJCDI0rRwigD6P27oJNtYUZho5TQr2sqk8XUPTMzzAl38sMext7AHz2R+vskgXjXmp06rYSWPg7vis22PD1aj1eFabWX0dA7uOY8Yl26JX9FFTMLwLORLPtFzZjlJ4AowiSn77eXWy/p6t0O/yfysLjOdfcTpUZvAnD8B+UfDSIYocU2lS34m/Bh+9DubLPkNkQcGhQAWp1tzyoV8SWr/nbKRc28rHXkMiF+n0Ggm2trAkE0ndo+p6f9goAuXFeCEfC0ZeynsyWV7svOABl3S8CJozhnyuykb+pvO8xGA2aEFDPtZM6rRaN7a9VBd+loEgG1TZhtntxQGe0tfS5c6gq2/gyNB/Y6kST7wX6Gr9SumNrl0CTiACX6ob/Qx/o4EU9NLV7XIV4zxcRfsvkW0uW94lgMDnQmzQzktS3hFYuFXyUAa8btkfI8FheMs941IUQ+hhBO17WZNKGHTwB9sZVzH+k2wNCLQoCANBs27Zt62fbtm3b5su2bdu2brZds4hZyFF4ftiXpbMTQ189epD4zuxvIJoY2oHaW+w0DbQXo5MxFWFEcoH7UFIqbWdgTjJYuQ5IPIT2TCT96CZS6PTbGPiQpIGcYXy/fmz4AHQ2ZSS2sfYMKGwYTiMG88fhyA4WDgrzYUDMZMfTSZ3TPoTy7NkJTzd0Qvwc37MqzoAMOs2d2RKZj+zzw7eEDpw7q0eKeW+MH0BT1lH3caE1KQvfmZnyeyJ1Ulura1JohQQOGpKMFEQcY0OoOOsvl+FkEioQLtGnO+ds4AYuqm8bB1rAJF0n1ILNEfNrPac2a8zjZaPIahcwUm+ufa5swfOmbmtQkim+JAHbWTKNv3Q0FRYT6E5YVA78sOdBcfyuNY7jpLjgqyubnhUNeAy5igonifyiu3HqtE6k7lgjxh1Vnzb8/cGEemHhAJbrSFFdV1NgBEegZzrW6TMcxg9Q9P0nuFn31ft7PvxFVCvyttqMX9Yz2ey8fmFhp3gC/x0sv94cqU5zRXr8N/XijMNJIM/LcB8wxb8VmwiTmue4SWMtt5m8PD2OOPduKETaucGIF5/C7Qwfvs0V9oB1lKIW7rHf5SvtD+eOuBN0ZPkB/5uozWM6Mm4LpHKA2DpD5VxY0/yApUd02M86l7Fbz5+AbU+qXz+d0xKgnIZ8ZolEpVYRUobT3ZRjDeYWSZUAp21+O01JWLAeSYgjIYBWiJcLoE8BsU12k9h0lx9i/zxjH6xd6mTL9bwizK9IOJTc6jdFDaezpw9t2GiOvfp5CmNicXZzxD7z71x3HlcPIkA1QrP2iAWzgGNMaoB5toT/jJljS3Ty0+yKzN3WouIwF+lrxjq4ZlUFid41z6T8WGmKgKnKwGf0119caMqQ5A+5W4i94MX0CTkKcPXeOyKEsFe3YIYakw+itSxdg8OswZmzAmhapmyAUxzpTF5jMalBn9CL+XV9XgKtbEem+Tw9g2XbLZkkpmjrsckqVPWH9+XhokMS/hqcarwWXfK23AkDmx84Jv5mF4wQLs9PdsJI9orXsuawZMP7nbvgg3Rbfwzm3VsQdPeW+7VhfIbtM9QKoleqiupc2EWLTTmU5kJFf5wlLLRbAsVr+ld8VJg8bldq9PluLXbP55oVwTmfsK7x7vrk8gJzWTjkQ4+o++p6hthRhCZCKjP9i8a1NphfKalnt9B+sQ5bGJvGOK644uM7kfN4jmEIyfiw6wWJ19W4WK5MVZo54sAxbh/ogNHZ34nxzFuppezbDx+7dTWboOVScAT5lG+ryPa766DoumAu70ISI6TRLrMTGAYo7oA/76JkcAeeSAQsNUrpfZpIaD/0bO4ib96/cYapFrPHSCdUDKP2LjUhG1uLwGOrm9SAGa2vEzHQ9vBH0jBhJ4gliDMOUFEAtEAc58cY4iz+vUWEk0Vw76/6kgfxOVeKkwDOoVYRRVrUmSQNyvvB2C/npuL7uNJe52R62u+lukR9KjvCwuHBa0L6pRL8GyDTIGtWv0Yj3jTrK9sKb5VkwwLiDKN9CI+9/tm+qZ9+IdY8k4hfjr0034E2I7ktvFOZcxqk605nPlrhiSnD32IK/6OCZGU1i0Pv+eQxcwTTxyyjFHOkcnmC0aEPcsEcCnfGTwzJcZdSvj6OJBMzVu2ySMZJEnfB2rEd6/6qoBQIl3FJmMBmjAUbBvdllQyh1i8hCrxR2PpxBHzicl2lVXkXqoEfCOXEJRoZ/yVCff5EFh3qHJ30mAhGFeOPoW6P9gyyR7xT5trnrTPEJ3vVstmcNDuqGSO7iO+75PbP5JOvBaP4lidlWjQcSjF4z9w7TFUbXhjIrCx1LzsupJmACSesZg3E20lrvvH7w0rOwBRB6xrlXxkIrUvc7VZKRNdVnVv9LA9U4xUxYbysOONyBUDOrIkEUDTD2tw5nWc1cgMxRNDGFU7JCrzbZpsvgTtfSc9DdcvhKIZj6csdJgELFgmFG1CCMCuaez453O+wKJSLqaQAEZA629w1KTw7Lb2kEvhJTlC7MGvv53lTCmPogLdeFHMG0VV4TAicx1owqBg0T+tzYGJFYDZLMUEo+k4FTF39fngjyO9BK9ueigeoTiJsBFWr+YJ74SSIhWno5DlZ+WASUdt6OUYnKam8b0mzfYbsFs0rCTji8CiPxhDRhYBzoRSRTtU6b2rI389Fa/mTnVjA6sLOos3ffmfy+U9TYCM3cah57enWQHdmMVERYo/zrtUWqOd4iuNQwPjcIQHF1mnVlY1rS4L7oyvFunOmZUyCI5lt+Ciqk2qZnbaTnZNgoZ3eCN4opY74U9BhcdWANnuLLMyclxDoJmW1NsuxshFfeAv9t5fkbSyaKlcphV3JesdiC9G4843RhI1mUWjh2/zH+eiN9slWP9PVYehc+HgjZ8rsJoRAcgV/9lDb9DJXz/Kg8qyNvjbexoedAbT097Pi39AwnDdjbgVbfhGxETlBlrgMtVIgpyqxchgNbS7Cr7sIsiPototgQLGjsn/OHC1i/WGrgDGt0nAz6K97fBb1g8SSLVkBp/mKVYWGekIuh4TJgMD+jD/VBzG/Fi0bGqTGipyHbbJSxVOjmTtFjpjwvZYyM49GLNKNDnobgUilQKANDLWeM8J+M39iSAy+p0MyHPylnZJYDx4aid7lUkDkQHkk49AMC79zYnDZJJ1XsouSM5ISxbzbf//HOhrUb3RKLaIRDlsm4RcgdYR5hZ8HAl/pcjaxNPmmqPSVTmScKrzR/af+uMDQP/26I04M7qAhWrDQekR4WGf8O712++dvTWRKO1dV4fQiLiXVMxSUc2DsoiDWws/CEMwnmXlJ2YnHtYADgmizu0wAHQ2S6AbfJ8CxMSkobXCgsa9HDjVuhD+EL0zJ/Svg+3FhAYWyP90AoiYnNk0y85+Tr+Gupsi5QJtYtkhr25qcnpFEdGQK5p47UQAX5bKXxXk9iNDMpDDd75ig00iJJoJG1Bd+hfSY8EUT/2D7wg4dfaGMAjvTwu8w8jVigxogdDwgKxH7DOdko5QvCbwUn0ZD0PHirGRWYwYVImXvLYq2Yn5a91+iSntqpPeWyfq5IQX7gmF52RxmGiJycU99t8JWNhO0v/cpYtRm8C0NPo/bmmp8DxLIqqWIamymW7/B1GqlStvPMonAnZp4mlZyVzvCbS00fh01OZuMQc/Xjnap2c+71gf49o2Ah+lA/Ch2CUEpF2sZLMhTENXBqKCdMmG3sSej8kZuZCkEd4K1AIfGrYDELbgDpzHqmxcJBNTC/qIuHIJFHJHC6w2ma876vxDGrH0Q+ALMvrJevL6KZyqGZjpFHrOCOiaMHKFfy4zOEff7hRwVwJrCEonOykirr1b7VwO2sjHz2Sf/39A0Opv3GB+SdS9kvLYOPDguZ4RN32hZzZ+guVzCQWwSoSYF5n/dkO16tXQ9biVvZXGjjyeLIMvO/Sk1g8kKG9xJ9hAqELWdFmNK3DblV2Ks0xo46gHz/L1fa0fVymmnCMUwzHs9PoxKtoXX2d3TdcvOlbDLR2PKjYEZt6GZ7FsEb17c31a2YBCGKQbPdFGZRIUihfxe3avS5xbUuSkRXJTMqqIHc5RX77yayd33h7Nr6R6tkgHP4Ug5i42uiWuwGktRhiT2KuUC9/FydYe1l3WHQWd/uoI7Vt8gXmy/XZJMuiJ83yKzdjosC87cIjEjKTK61HOMk9kFe347sk+8z5hZuaNTKI2nNgH9qCfA+Zsv0xUjG5e7iigKCj9MXlK0PHkyLbY9V6OgdekNtGuFr3uPKo+WXfeGjAweGpL/yZYryKcd0SD9W0ZffS2Z+Z3PNFbif3zcVyzsmlAZsZxvBC5zTUK9s8wqj7sPzQxaUc44NUxmEJblwuMINHXz9u0a99RDrrqqT3CRvI+Rm1E1V39jZaUyQrQweHqy0JlygjeTNSGRa9EEIr/bpbiPqY2I26HGeZQytl4gfO4fIlbnfarOP9effNmEgEgK2wc6YPfjFnzg/8uX9El3Fnyi+y/LtvzX9cToFUNkSrQpP6CSFEfKPiw2lJWWefkIgAvzo6AitDhgbWdqfDPLZUAVXGPiJ17lfmPYzlFlv3QBOkXjtFRFDdwcSPVBrj4qOmU/oZJeTS1iE+3GRyN8uHlZ1LYuIZ3fPpi9I4HmuLeOzfFPKXaZlWjbrQuzbhUTZMIkObVidC3ReGf25Po1+Fycwe96qZEoy/9qy1LZKLAHJ5DQgZOK6qLNZKWJzIdeDN8SBozTUJx1HnhHcrJ3Og/pgCzL8MO8aQW/+D+rZ/1s2k6ome48bO/k5rPMyf4lbgPKLIhAkWI8JoVclXqWwmiHj93K2Ke9sTmRyRKqNIOgZb54HTYhGOjcxvQQn6hl6TaJ77EDyS1jgyg8Xf5LXOhKmRXKREt/YB2nsabhJCrRtfcFoAep85EUaglQ5CBWKIsStiFayuPAimxztrZwVibtc5oUo6igB7lxIapuHvNjluAEEPRpy6K13tz3DPHSzKR/6FcU5rYO4+W2N0LTX3GAXSc1RuB2fqVA9SRApA8TcdtGKfTAE/HAF4s3whtIVqTxsdD6GzXdeCDj3s0R5AxYLl1KecAIv5UmzKyTHhLI6oaGmDMn6VpaOtQ1wOGMVopLPe8Ow1Olz4zd5PAEDI2zQiYZS/5vI+am8jOJrMQRfbWvdowtJVe6ZQf+RhtQzQw8UJY2FHlMxbam+xIJnF6YajoBcgLlx+9AB0WZrQI6fMmYZi1iez4bFPsZSS9Ci3iVF49w9SeyQmaqZ2i8XYOKu+ONLMo8R0YqZryKdiEyonZNBDS2fpN/eNEHISvBBDL/XTs6/PDTT+CeGtLyuxrUKZDBNXfTl14D2P38V8dbHnDaBcKJZVdqE+uDq50jSUJbAkNdBRTqd16vCfSlNn2XoJ1KMSEi2rS86e+VG/PxrpeYktEZG6KHVO44WPcXLh4YS+9KAW2+HLfdYuLeNalvXRVFqSfEs9wKiEDuixu57d3rUAzhY1AmptSVaJPpxUAkYpeoQ0yTnXavzKDRKQT6VrkbGaJzojr+7UshD6hiHYLXpd/+b+5Y73kE9pSFgcq70uaMI5tyQTlyuGaLPXki0jAKuzE+j4O4jPOowEfHCabDUJgHmW9XhJ5UAImJErJJuQIW/5kqzewjoq90o650IOI0QxaQiQl6tBDC25crjnKnAUjzadgjxHDswaaplYyYbBZIDSqgbtih1MIBAp7i5xhNBogIIYlcUK4/sgqgtLosHrHzKpt94szBEqCM9NEyDiZFs9b2r7i81h7BccAlzQ2SZH4AgUE+YAMQ5K7v9gC7Jy6Q2VRuXB7+MNpkptDOGPs5Q3Q8Wulc/m6hT6R+C0aNrlU9PJC9aIQhjxQpjV+5aPn5Ic94ydrR9u6N3B2S49rWQlhSoQSuyBx/etTEX9ap2Sw9+fvRpKIdt10/HdbRvfQ9ScPMwuV5TNHbN/cic9FdvB9SaY7dX3Q6NDyXZnAcMlhF1+FfcCecCdztw00Gtv5oYb0gGtSxV8HbTSH8txv+/Bz4Ho6KWg0UfC1MOYWIelhnIVIYL5Q+hpURiFVDZk8cks4R6vJtmA8ezx17JUZo90O73OjGww+pHI1lAHwIV/avc8o981Y1NaFRvvKCmfEIUw0+bYrzkkrokCygTcM4QX2VmPq5D4cyNWU47GSlLo0bBaHWM4GZgB59uR2wEhci0QwimHBMmdmw8vOdyUwiv1dK8SaR7mmDRYeOjbIDGEkeJm+Ew2gp7bfhb8BoKCAYy8B/102WCMegmwOOV9pstPAxAVkZkkHTiFjrs0QMHqQo07GVtECHcKTAY//G4+Q9M+5aM+6/COtGx/DkY9QdyEAJOrUmkBI0gu6jyuVPu06cN4bHEaHQAJ/gLJPsIdA3TeM2YV32OFTNuHEG2U7Es0IHDJs2XqM1+twgu+exKZgxyYbXQgfkkaLo3EeOpJHIqE5+k3/4U0r2UWqYs/+BeVMlpze748BjqVpt2MBunMbnnGf9zqASS3j/ezq0/80V2eyBbE01uSNgYYS6EmqOZPN7oGiUCbQSyW+3MpltlGPHJSwBXu1Fxg0eV5GEX9mUrQQpgk6FXo62gU6PnWN1cFmweQiyvoRa3alKP29CT1N4CGU/x+D149HXllkPgY6+FHACEfy+MPuvHINSI2D/R6zfueVx/UJdOkKFFfRwcIS43CIDw4l8ZxFrJwlDieP6CWo0Gc2Rury8z+8mPTov2Ozxnnf5JJqrRcmzGA3+3WZP7ljO+XFrzR3jGRe3MmuBFSYpQ/qR+E/hsRbnxJrduK8hOaF412uMwdprsZtRF+On5UpNmctPRRF0ynQRwA8ykHiDjKdBw/s3xBYKPbxf+focuq5N+6z08VDyZC1o44P5y/XT58HTP2LlqrS/34hN02VfAV8Yw3orSVqZcaI85OfTxJ/TOb5DPt9CmnIcfXe2RDNcYrDKj1ipZJbS/+w4nWbk7sGvxljuh+NYICuO/Y8bl6lLiTzXpRf5nt9p4P6U4kMprHPHzaTO3V82W/XAb8q0U3lpkiAqLbkfnevqxv7eRHzKutirBlI+uiACsXsAaAp26dgsD14uUdxUC7IRyD824GhNdpKhjG7epsDW6lWqJRk++Kg0PbPwluS4H24P/PCWUYOQvB0FacZ01d8KN3ASaNiO8Ryxoy82kEHBH8eyEh9KMmkTBDv37Mb/1/ttFUtUW5DZxdy5gD5aJeDdAYwTqqVcRrOY5QYYZjKZUsJh/k14ySIkpapf5qkhAoOR6rjCDTP/WNN0s4o3MwVfGhdyWWX6bttQ9jDVzahes3M+LplkQVKed4UVi/lmf4x5PpKs1XvQP3RoX9YcjE7QngTLDZ9ALmMpCgH56IBFN1FuwwwvvqNI2p4jrKr7NTbbAhNqYDgKkTfgYPskSHO/0JnoopskLCzKFbILo0JOD403569P1nNhaU6bCiZG7a1kfGV3nnu7upQ4yHnYWkUxkkWce2Z3Q+JaRPOMftZJCAwtyZudtFU7fbOob9lRvT1OlKBOsx5KZsYbf0nmE7e612mFTg5iAPRDTKKWkdJgU9CGTYE+NVlNcVORtPa23CIF8+b5BO14JCtG8whA8zSNHbRSuf7DHd4bZm2QvmCd5A9CpJGStcu6nkLkUysX1QBMPxyiEchQjB4rSzTo9G9rQeW/dThw0DQo28KH0pJ+sPd0udCSCzobWrpvvu7mnq6JfPNZisFvdJrfqV8ZHE42sEun5Y9xMzhhloUo6vdcWj+o/2QFqRE0recff07G73iKGkxcmrmT6lieQjv2tZO5CEPId+btN+QVU8FlOGz//bRFI8EwH3FoH0hTywqudb9kSOgz7FAsSrHiyKuYWW4Co8EB7CsWpG3N9AUp2Ounqw6v1sapaZX+u+Xv+MjL+93XqxD6KidIQxR01gtS8NJModRw8uP1dveT3VG25poMpzleqRZA1PCpWrjCjoHLjhPyJYZq1+m4PG6OfqLbQ15n+UlKt3/EaA3Ey+PvLSVrA+GxFJ9OicDcckFc0My7KUZNYqgFkCj7wclW7eqO4cYr96UXpY2GZMjLMVqfSPSGolxrUtWdK9/kDW3vl8ypKMEHVrF0fmvNydA6CBeCvLUvKXdsEOeWWtXpNZJZ0RysGjx1QRWch2sA3Ylyzb5E3PA+Ap0Ih01U3UTGGAZwoP/42uiov3RJhORX1ip2ZttEdajs1SrbROA7hkUrFdrsKfHgu2F1XuQiZwP6RGA6W33Mw0smdXG0aTP5ZJzNmLgcrawKEwwjjGnkzTvfIaJGIqqqGfA60RCTa4JxTwPFVOL6UzBzQ5RKU+NMMluJbJQFjYE5fLmrDhLnoNhxc7qYmCPt/+4urQ15gGko4PzmcHjUyp3iTCpCq+T1I3Wd9HM6N+xB1/CjKGjJS9hIAcWJiSV3fusQ/UBZhVB1bTFl4biPSkTH8Qm6s7RPNSOhdcQhSeFG2tQZkneH6asBWkWcgi5X5+W+Y3C6I7LWERDP6jIuINZ/l052vFSsRzcOYzLBdzBKDKKb2D4Gfqx7UXn0YQlt0XsA5wlPo5gCfCYuLvFBdNl3UpJwAFDpnxcGzicW0xcKBytdm7HDtlFj9iGputBjXAs6r0wstzlykLVdkBcbLHErj97Ab1uN+sgl8D/N/CvG9esc0FFcU/uQL1uPX46s0F2Wj+PUEkT+qJfKiLoVIOA1GDlpjDZjss8jlGrBam49ImkqCj10I1jm+cd7us1ku6rUocW5q3iCGn7iDwW1iTUAn+Z6Dpy9a/T7EaZ+dvsvw0CSUQd0Z40B+p636O3LMqf7Xz8sDcrpQM/f3k/wLxve5GwCcYHlW8ycEvVAYmifMiDOMubZ9TSx3RnU8Nh4f07/2RA/gsu/ccIbUDqp1ttZzb1h5E7kyI9yZkZxW2cHz6VOAwzGuLaa/qOCf3XcWEc2uHPVt4vXRXgMhOwfUuTwxTZ27qonOLMH5VtmNDFNNbQJEILQzJiG7EL6G3HFkB4s86vM6iEjFyuNeLMBiNOqxkKNIxTPpX9ZgECq6yfNd+3L2uyRpesST000JklAQY95Uuxm9/uVSROheJ7L/qeRc2VtRw/swH+HiXM3xWe6tIgXD4s7iesg7BJmET0axyWRJdTKbK7rkigVMmWQ9s43xZQusTttEjMHiXX5/rd+FLpn4nHkV5f/jDGL8BLJcNxD8A0MiP1nDwear9TewfxfJr9bS1nR0yRPgS9NoEWtbiNVX0XD2d/oZ+8hxaCFcsauJy+NlXGy4arvYTcIwrRbQuOTqBTp6F8eRCsipwKtoS26psX+a5J37vnY5aIJ2Z0/ySqxsNGF5HGrsXyCzvOTaAPjk+I/3biokM4T7sW9XXlITLGtZo9g89HKyfOyMOWICpp4veZq8+8+lM3CjxL1N4ZAgp1UONUzMVGbfRwHK+oQbhWFF2dPcQzipKOrHxakkeyCbgUFbnEcfAh6u7xs51kZQ6kTr3z8up8Kuakj+cEZPfh4FEV2OSQH0Te3knWdqtYcqT3uGGgUXB7zZMfRcyqZYXPNCVSXROltPe3b42iNACNfRP8we22gcKO/rTdivZ3c6mWCm+Cl7C/H1wxM86CnbMSAN2V6ez1Uz2jXvWkBblCnJLGiUGdgoqF7C8tOsokeJV3Lx3GoUoGfpK2AS/FGqCAV5R/958kRbqgB0uWMqf9S3FwPhRr/avg/33HbmiClP+eXfhtdb91LYWdVh6I9qi2v25VpSOjXRKEQjy21CtpKsU8alZw5rNG264xz7mwXBKOuIsv7r7MX7rt5Bq5Z9pvU+NHwyBhsdrjOjXuoMee/zctwKo4P6GanFH/E/ZQU7oxp8mTse7MOd0+BnTtLnmD3rjNC9A45cn+7+tNabXHkRXMm4fmHFY3C30qmlSyvNvqxJpCmowA63Xc3SujVXh4vBGue8OJ+D21zB8dlcGJvJKQ4GVZxtbQrMisHJ79DMIR5AvwodchU9bLTUeSPXv6j7tWW/X+2kSNBonw7D4rW7M/fT0U+/FcVIfqdqeQDSzGNJpUwFGKQvwYj3TTpEqBGZYW6jOJ4mP77WKmkoivF7OdeqayGC965GZetazLrkxWh/kgnBhL6K7+XGnSzNQeLia3+MMw3xkR7vcp1L3OuKUDB8dpzoDudS6abvynYKJ3vqYc90VtsTWg/34we14N2uu7u/sz2mYq/U93LRLdbMyjByz/E0EMONrMSRPqD8OkdEDvFeoMyVcH8L1jCKCMFcaLiWVw27oKVWUgaZVlX4qxdZuaUvk5kRMwpY4aLVchrUjB0MimlIYJXy5AQvzNpg9PuO9szPq8XCU9NiQhR4QO4DxmoFTzX5wW2638Gzhp6asXejPaNHiyC3tC+g9l2lt1X+0WBWHUAyCNxM9OIVtD617H9rmw3CIctXpFI1nunQ5jeX3hezc5meeSmLN/N97LDDG/ybdPGeT9duWoYPoXDCW083W+5wKQ4btw14rSkc2JE+NHieKoCTQ2mWVqeobF0fW6xMNzcmLD5CCsgfIw4SktqzWkVWX0Goz1+wJWLyd03LJ6/wdk9TQJGSkvmWBHIpKJxJwxfPAPKjuAIM3PAcTJJLWfFmR5G3SgHiuBdcLsvb8PiOHBSt+oFBwtPwH+FA9Cpw35DU2pk4NHcYNXBzX+YwdRwJlaKp4SpFXoCZEfn8Jk2EBntZ263d7Wx3XUEU5/KBEeftV6TCyA7RYduydf3INZ31JLFAUtHY3c7VhkXyhAmwWBuVeEOQwgz88wGzUZMj7h5561Q/5ZgYFD98GXl3xS0l9ykr7wx7/v8b/Xnuyh2YYWltmh8lrz5ZQivp7DzFTR37nG4/314FM/zuO8M0yaEHYvbzWeLysBn2jAftzZ3oiTpNlaZsUQ2Y2X6ZMh70nXfwjT1ec4nSMmiAAl9paTH2sn4r0HiGQbBO1GEVsXTm1TwIsHgJ+Ya8w2HbJ7SnCfVKKEyWhxn4to00NtuptP+kYCy5+norLt7Ge0veUh4jdcglpw1Ni1Y/tCRA3N3H3LnxCAPkFnGmtlSk456ySzQZlYKpOAova4sZuuNUwyZEMG4h6CmGtIv6xinjOfYPx6LeOatsqIBcPjgY1vPfeJ1wEII9C+X28gNwBxc9aXc8adiUc25kkMxIZ+LBj2OeaFe9Ue1xkH6lMBHv6PyYzsFJKXRh0+7WdKL8g8WMLUm3g9X76HNrmoyF1J7eAJNOUUTsVxKDTOk7GJngBywrK+rEi/n0jNy7DuJ3wB/6enW60TrCidos1i/Nv64QQO6rVqwVOO7vVmS8H/7XMqn7gS9+iY4AJz703qhfg6yktrD3/FUzKbmmhVCvm6NSkO2eIg2dm3s7tHIGlcGINudtjJIZxEZNIj2xo3gKPyDNueWuEj9tjPU8+G0z3nJuj63/W/uzFl2PjuNRFAyhvRLz6jaGbAkNL4eDhqGS/d8GKEQXHav5RJhxklCYgDRzLwc2s7STwrRQFAsMjbyekGL3m4+RCsB4m943r0VTS+Qmt/5HS8N5uqOm8/9x6ECm6GVjbki9Bcckjikjsib5cE7WDCBv+l+A1YvUM6w8pNlVAdIiRlKpGKhZgS56jQPfy1VgZQD0ZJaxDP1JVXEECYM5hYbxXTxzxGCEeRL8hiQJ2mmPoZZxlb0HtLZIAysvVrmRG1yughL1Y4zMWToC9A1Hf2H7BJrUQQmR9ZrOk1qht7Dxjeed2cd046ERZsE95fLMcZtdrcfr596aQBb0Sp7UpcHcu7ht99QpujPS2IXpbGHkBP8CS1rvpGnnmF82I9cRPNiSs41pCfYg+DGSxQOblRtSrFtsCUap7C0BzPj2tgosKZ5mYi/cDUnnscgjNJzYaaEGBTlw3O9cth+r7HyukFUqefjjtCyPu9OyqlIIXOVKsyD56UXNwznFQIa+3SUuhUfWXDgIAgtq/4n90RTuVsgW/TCO0mfZu5WtUme2MnN6NaUjzspJVEZ/VHFN8/5q5wml1mHuX3agYQYE3t/WGAwnxpQg2PSILRuAmEhNfxPd+B3bTw00mHz2QsAtSwon/Qx9T8KvSZlPpy8STDie7Co6yAa/tOvCHfp9Z+jAgU0z6cdilUD8teeIFr68d4YMY/l0SGrq/t3HjxRxNt0fgXIMeLaNVJx0UsTiIFgUQkenzeoyrz/vok6jEcw3BqFcAos4qQrJjQ5HsIDk+gs2/WILNTBsucT1ZsE8MZag2bo1d9/vV5z6U2l8akvgaigFZ55tL8sDcqvpEb4gUEZ5/qTYBBOEsl/a0L80MNwCcRenC0T1xX3SSbj9RnC/xXaZZp2QSuUTaNcIHg1GdpXPHWwe/JsGu1cusR/WFT0u7iO3szHGafKZ/4wc0SaKGorMSBVnKVkt6quwACjFLaTTVWJLwCqR9zTL+7kVJ1qAh654hk+f0Ju+blMJPLlX0l88CbfJJq5OhW/lVITr4VYmXIj4x9NElwWmPyAU+bJ66lFdIKvUOi1JTll5QY2A42ycBxf6Bxqq472A67saaZGvADpATCS4HUc1SIRfI87HQ00YIWOvvmlb26XyFPLZLp0t1wQ/XmkQWiq3jdu3YO1GnWveF5iny/FHUOayO9fBPNKnQUGQatJ+/rj1QEHAqm/lM9VXfD3e9SUHh1ZS8GwjlWAHwnD4P9g1EI0vXG9z1H/cSKLJl7MDx96evgIZ8zq36YWYl4z/qIsutyTWFrWTDBkLYsh8nwcPfrIVTiqRzaiO8FKFNofm7495UesMVYCLExnzm0k1wJt/y1NQ4hIR9s3MarUZ8snA1xDtNHb+VkPl0BIC6xiWFqrri3He484cVX9lU03W+ZBwc/7Vzjrj/60lJfCC/37+QshSarteEF+VlDG7TNEqDjX+/+DUiQv73C4rQG5sqr4jOe7TKhej99AGI4woLt2f/CH++/sxGN4G+VRFM/pnQwXzbs3jw+v+HMVzeaEeetscmA1XIE+ZsPbVKNqBwurfBnUjgTXQlBRovds1Y5wRSHIWhQQNRQwZ0xq/d632b+WDWS7t0LtAFuGWL5pO1BA9ElbuFXBsK189cj7MrHLErBhKQR32V4t3Y24jSbnkXUXolAOzrnTYU+zmzH13wvMJ03uHlte1sV88IeVYOGNvgwbFJyKeLryqyJGA0u5GEqFi2/qssl/gkcFyu+O+K2WGvUQh4eP6ZDANZWMwDTc4X8tWhtbbGpRSbUskRrVbUpLCcCcBnm1xzfaPMmfBSFB1trJLfZ+DDu+s6HZCU9ylQO41CQKDBQhuLetOK1Fe0rmd5rTKhzBVw+J8FJXYH23E3ZiGErAeNVUHspwygJ1CzqugpDB2rjbYTPcH/ko7X8qIZdae4riYhtf7LLZGLFrfLVPvRyZEL2tlM6ykIuBJ2tbbkzTtVQu23YYL8ZahpEe3RfqlZBcj5xDlbH5Gp01FA+muWwHgiYXzwL/JeeQZzzndSrLcj8PpMPeKY67QIYFzJfm0zvcyQnMhvYwadcsEni3Up0Wn37nzNdkSXD7ItWdELbUa2NxKn+lhf6h1HXYKYpqHoMRx6MQ04r5fHU4tG4S8Fwu9mZ7vPhty/uFeTMX0k+LojW67cmXczFvQobZfm6esixLJ2L5HoGOkSPbCkONIxmwRzd0cNNoBZD9/N2y2/5at99uXRuPnXQbblihnjl5HBC0C9lNoO8meIxC7SvNUNLLjbjQIPqjEqe1BJVRETzVGdAvu/knriniMws3W6StmmhD/QZVFKj+a1VLdNa9zptqwHiYdCn3y+lSWMCql3Tmnww/AWtl9dCE6wG5bbyxeB/xPfAFC/juZE0iE0S0tQ8RLj8OW9H261HHmhlx93egpcQc0nb24VMbv1ztzKw3H867QMG7h7dijFNHkMLJhELcNLGMkdF+i0PlddC64e3z/Tk0y2qIgkuS97u7sET8tshWzIOtRtCSKVxQXiIyoWLk0Ffn6O0LdfZKHA9oPIIXzXmqnD9MFc83RLwvYg2OxcSNsYZesjiyJVnYYFeQb4vK144NYZTdcswsGYGPNtp/UTvLDcUgrT63Z/Qm+Cs25cj7sEIPYvme+IaflcdDEZUAww7OZucsIn0Zj8zkzy/jKS7YhflgXv8Ds7DE1E8c7NoiMUkEkcKxPnplql5sfhnq5S2EmqSwWUO6i05lvraYvBxv4qXbcUlr9nR7+ZHWvZzdfQzQyec2pTjKGv0DTcSz3nyIhh/FpmORJFbGXm+XeFWmdFuF412+VctDeo6pPFUvLIlcv3T02DJ+qSa8rzeEnwRsUgU3ucUNAJr0TGfjmT9Y6DvLaMN+9BJXKn3x8RQOo5EgAhMkXi/FSEaEIg2HyG3MjaLfDwJBo/hqTIk5YczMQmUTaabN51PglhiAe/TISkoVF/ye5b602uIB3PyfjDbU/yxXZbmnm1CFJn7WDQwpM7Um7LzBu2dY2RENZjVKMu1G3be4xAKs34IX87Ltg6rcuFEv+Wi8DeQuR8F4gzYiQxpKN7IQdVanIPwrxTJDroFAGNKNZgvT728PQmdvlzKhcj1c+DdOdy4XCGU9QIq+qg1ZD0ZvCABn8BKwIQRQWBpFQbOJFAmlFJ0mF53XbLSEapsTgZ/YjWlVqNrFQghTP0n167AkrBr6dtBxrmK/m4vgvcZXLs9Ilx6pwD2W+iwaiFH+A/evxKV/VP6TJbvAIsh+fW9XFo/OP+SyQ88PNwbW2JlJnyzf8eF3zlLR1F2vU4Q98/BqvZymYplTKGUzLQbrFkwfeEK031Mwtfdkftg+6wX9JP3SnmuKfDb4a4U59OSAE3a58/6NtV6my/6QCtjkmBPDexE/JwDlM8VVguhNPngJLdEAcawLQ5ISpmUiwTan4n3yVnp61XiYGPzlFXIUh1L/BbNOtV2E89YcCF5o9Ah0ga0XiGkl+FSbzwZzE04ehlA3F8QSkKVzOPFfYPWrmgm7sSuZgbEBwGKrYZYCjK4F+cXNFAwp05kg+c8PTcXWRe8k4VXrKEsbpsknaSjiDd+zZfX5nP+VUdW0H7WipyTaUpuXP5A9R40p25iPnJ4vVPCk9588YnSlppd84NKP8KyKj+RrYh76ovH4L3v7Jugw+QXXicBLeURIHMPAKxZuspfEHfqeoHMEOvddfWIpcDULw5+DtsiCCqTCbQXx5GTlA+EpWdjM+wYFz0hZWzVxyETPXT5jy9lozsHffmE2pVxzEUSm/l3zaMIeOMhy8QrcY94gGSEGvXRdFC9OFkgwWIw046MLIktOkZneQZ7sB0+6/BeKezoX1cvuR6KI2FKei29Scsi8bvWgNTCxtiJQe/CnhCWgiiHlIjd10TGNgpsJcTIN+PmxbJRej2foYwDLXReqA1VA0CdxICATscIF56vtcHIRSrxn2OtL+q23NoRlc7M91vftR8r9XwpdhDZYuBlzBxW3URYgaYcjqFCXWDIVek0e85/G9o/mw6lv9bNrVH5eetZ8Htddl5qI06DOKwq8Sz40xS+EYFyCT6Ixe1yyC1F28aSDsjJ5SUAoxSmhwG/L3yhGJiflQ0ZZ5W5ZNxowTHpO+p69RGj52mlLrXOFtaaoP7VEiHIUKljlehs1FQkykXftRNongN0upmDHQC2etp8CF0bhbElijLj3hAyXfAtIUrLPmIEhCePUgCmSdDxS4pC9lJsPwyzB4TTy+9B3ZVMpWwURBglxSnXx4zPi5iazkELV/V9aHzoB63A/XS+Srw7V5TPDECL8rSU3gXsGAMmAYuunPbb/E/nZA2pvR7566aHA4NCBzl6HlrEiQiUjzqRtEzw6kHugtoCiJaFyucxsp1IndjR97sH9gy48IcSDOIwjt7Tw4lOZ28oAzs+n7/73w4hrIJRIQx5fdRPjsMq+clHiNezML8SNC2XdPX72ahla3w5XEt/AtJiGti39o/tPuZJ7wZ3glr+L/t1FdaQHdVpfYxUk1kxD7iZv+VlyHKqSr/wZQM0GJXYBDI0dwgmGMQ5qbjkoWYoYAJBnn6Z8kkPFqB7G3yV8yy3I/40R/DOQkK6dMM/bCglAKazqqCXFVY+BwBKu8L61cjk2Dd8VayOHYN1Ti/h86g1v4J1wIEZ8RvCt9wV26UMVWieUaYjvSPcMrK+nWdrfNyO4pZKidWiuthfYiiFvQMd6cdmqfiU6OL2MuNdwblUmLPryLX/WwlREofRm2dGp9B7Bw7W66O68i3BsYjSxGNWHYeXKL9ZL3xf1eSiEA3e5P17NrpMZF7GJnxOpXzYtytcGJm7WqAOhFGU7Z+ESbHYNpqN58woLZi6Z0yz4ZX7uqIga/KFGRxIAmQ9dEX6PqiEFeiEha7AR4MFCDhsmlEQDoyhNRMb0hPHC/0kGaauPlOSkNrpqMsIPAvowyaPhm+jMvdRAV8V313tTnNul2NH4+vDBcGRaiu2OvLphTFdVzZO0qBJ2jLH3Xm4ACAbUGC+z2h/7XI0PI3ScOnL18BeD+XUUzk12sVhQ4+Fs2UCQy4DZEt2zfNOrjkC9bH8tjEgoWCzjgf/o775emYCcJRxmaZufeQSgA1U/7+dwZcZtYzkaAi/7VnSk+s0LFwOvsRWFA09pUkqQIroZLKaMiH2RoMzFLUyO+f6zkyDCSNoz2h+5LymlXn1byIUzX1/8T1HLOospU74aSwnRdd6BlG0Bie4J61/8ejpxw1XcOw3fGwedbgt+0vEpPTtd/PNq8B9nnhxeWTO+xeB0P3k2hUfBWqqmnPeSm8UwWYapssaxNgkkeFVWiA/noNiXZlayTQiNyB1Q1TBbCgTmv0GAdACATdZ1EVt9t35TMwOGaqpGauX0WB38iKjczSzemguBMSDIleQrcAAsah/tF5DuLqAPHc0BTNEaL8kczKLbs0cPQm4dyJ2hJybYlyTTkII2rQM69jpI4XJa1wMQtFX127X/evOSsOJWCqaon35uGzmfn+zhr15RjTZzai12G5fTYUefVeGq5DXV/Cc0h3q0mQ1EIvzDhPzUexPgUgVnPjkqeFBb4xSVKhDciuhHUt4WRN2eOIH/sqWdQqC75XIP+/KLyD57AB7FhB5a9PzSeMHtAcXwL2cV3pfOgvYOfCYf0Kbi1570r5tYd1mXI4VGoDuNH2w12623vrdgBpNqNseo1fUSpSfa4js12jyukLgtc6A83ZWgR705k7PypGJoH+WkS/MSEBItLm+704nebmRFCBv+qkSq8c3CzkzhlTGSmMh+lUvMBqWuCLyo/x8BCr+E8EELTWAzdkJALhL4UTDN5KQfhZN2MOShYCqbNbge/Lja8rPzmoBOPMA6FgbZ72u4BTlRczJ0kM1QbOoDSF4N9+DgOIa0X+KslTpOn1SDKsGjYz35X6Xt7yvXXjHn1YDT+SVEcwZCAXLlbzvNGitjypSFGIP6AqYGVnkTEK0UWW47HeAQHAY9VmwanqaAacoXZsYoiVYtbYis8Kca0S5uhp6LM8MpuNCQyO0CLeM/VUTTH7LBcZNHKflgkUXJ98uv78Xumy05/lpgioDO22I+YqpWM5JeTgeBNyC8yt06aGu/Ny+QYLOwxhTKoRurnk/GZ7OFOfTp7Lwk8esWz0PWtpw+jMeKzZGJhNzL7hBL1p+vjwTx6ttzej+QapyVntMsB+hU1zW4MNW/1+EuKlTlZVqvefYxPxmpyOb4GmMzhk9vmgSIUAc9l56/3+TCbmKvC3j+MCyXaNNnouvhuQo+sULpQHUn+OIy/lg4gs1xByzy2cs1rP563IAtXoXBCe2WBQwXXCyG3uMQsZM7k7Y/aH+/1aQk3MxnIjlPVjY1vihtU5CAVFWUCYl58TG1p492iD+/k1cBa+y/6h8fsY0aPWysr9GzHGyIwR3VXgAccQvkxPpzmgtYK/ykwrkSUzUTBSeF6YtDy8PbRGQgsHGX47BVb32EJZUJrEzTRw1yY6mZ44QdBTgKKag2FzYTFeKTTCpVXKSOJcdyq/zsii5jabcU+kAV0UZGYzcWKOUrLsinTTnclHZBDf8nxClH7HYW73SdJ3sSJi+ElSw3v/tJmY8Ge3sOPzWzylx/g7Wna1dZF6k2/lvwVceRcxWTbQFvEfsa/q4tEBbtDC97JtLpn663S9KFYFgh2Iile4J35IqRan1R9r2qDrdJmdqj4hkF2iPlscr3qTxhwGSXiMqjMqziCEg1XRgS8YCTYwQEtGDmGYDVyFDKPebFq8gHhW9qMnXSFZ+QqwECtN0bKFWnoUgwjFQc6GYNqGplhHXDeP1qViMiwfa/v1M4nRSmN4ZApEOKRisLWGipeksSONg+wPaY1c6M9Eq9iVaSD2mNard/Zn53TLF/hTTHJehxiqONXFnTxL0QySUY7jHpnWuWdsjHd/1r+pFcmnTOLqQ+ZnOvhrA8xs861ECc170JecpxSAeMt98ISHJDkjeyKfrTIiT5lo2tu13Zl056TvmYAGvL44JxiYTCF1HPXtGye1M2UHpOnXuv6Fyv1s+V/0So1CtJdpfoplUE+kmu/5zqCL6IJTGz9NzbS4NVHLGR9QwfTQO1q7dQnAVn/UZAEe3KVB2KJb2wMyzDduWq1AhZPwM+c6nkqw0AhDbgb0h5UtEkReni0oc3bhBiB790WSDecuhE8r0UmHNBR+6621J9DqfImfcDK0JLpWfeFTG4jpWH8cFZdvlLrts54Tz6sycpXhilpYOmey97pkAn22+7+3LhT1pN1zD23ybrWu5hZlkaMRHmpEGiZ5D2xGX5goiHTReQu9Y2VKG3mCSfuqCjr1X89/xgaiT8arqRf4CePbDOOezrLGc6ZkfzbFSbkcUi2197TsmywGFEbnz9sxpPsnSHT9Ga7gbrOg+0+eX5ozr1QwAW+VR2Op5bTKe048R9629jaB81b7dzPa3WkMoIZVdnBvMRPAzOQfmAWP78kv+4ix+Y3j4sdM3NFM2T9PPYAYrOcE77CjpGD+/2nNF1YvV2fN82SxtzqB8fit+X2AaGDL9Lvfr8uZ/okBhbtN4z/rkXfqnNSQqOp2hcA1lk+BgUgsFOOuJ+iAb/xrr3oaYPtS0GF+ZguKfhHOgoFixrPk3DXv5oecJ0WjKId5EbZBo4XhTLUEQQlTnX16N7gjLSmqFOZCCHDrm9QEFQ7UJrkdv1a53MDvfHSeNnKQI9+6uFtN71MjD3IB9CwKtmjDYl/+yYiKV9A3VFivZPxa3DGVZ0fsLcayOZnzS6HeKbFN0BjdF88IRzUim1gr64d77pZKtkAfIqcR9+3a/seHgR0Z+d70aB4NgNO3UfHA7A2yC5tzKSSq5wqRMjVIohqUO0D0GmKgeS8H6v6DXhlphkekmAYwiPpvba9ZlPfy69sBT6SPKi102a0HqOnLmiU2yuTIxpxEXDhr4LGA96MUCiJYZT+h3yK6njwZbJK/BzRHeHdGQEJFVxlV5djzx0hifakJ9HOW0Er8lQbKvrLE7JndW2onLPVjsPKpEvXD+KyLkjNu43VesJxvQlKXsuqSVjO7fPeK44EUmRerMTQrsJBmZtFBN1Ba7Lp6wX/gph8M25WviL9LLW3XbXeJ0rM45p3A0q6T+00Lnl7tnMGccTi6uv8Y2lWQltta4NA/qQN0TVnkiRVj5BewBoryeq8y+1ROdB6nmc+PNh0yqBxPI9yiBosWmYtX/0vygHvrdbdnz/XXIIWISZ3gZKG+nC+UZb8KEofpqMCQQO8WVetEACOiB3/oeoqSYyrJctjNPK/1yJi4lo+0OidjgUatzuk+l0Npl+t7Egwcxjj8l0ZQlRkdIkavztGnk7SgrrBJKazErT5S/dj+FcR5x7+XeVrJB3vgQI6QMe042OVKW5Lpk0+WwUA9BEZnF7Nw4U8sR6NeWjHbupKGrdLxd0NRyxOJRjGY1JdMTc25MoyuePDe6O4NxfYeRU0ab9qDALpcATHqFwq3nFaMIRTST3oa5CEcLQ6mtTil0QuBzDAjpmK0RM0Wck2ZRu5nDnm4vDoT0vymyF87nFQ2O3LkkPe7ED78CWIPRDVO1gEccFpUdF1SiXhefev+KdIofCrOK68NK2/uNjFf8jBfteEbFzn27hgIbgHqbSY79R51QQ+7kngxVgTRMvKMA+ZBFLLqZ+K683Wc74hvAhFNe+xWW5oAtBXwH9LBurHLK2eQ0b5gIhNVqjipBlBiEa1hD08USNOVsuzkXxJNH54KS8ueNe5dpCFdyhg36faP6LYZxKur//pcAwnwBSbdPF7uPGg+qy4D2ECth6cbNi72rf7SGkYwlA2L8Tf6o9ImsRAQHzsKqU1LzReo9xIfooDmNSejBzL/tPN9/2Hhay6JRzZSDP1zbqPczCxMo+Q2GtGUYf4xQnk9dkPWQSyp6+Z+XZ5za5vWIlcpiOTl1HaBmEoGwSR0oSjL7EwyEUQPH2ku1aWN/FeLH6iftfxfG+AikOcbMOwDx6lHa6SIMNhf9oMHzEO0bK+XyxACAXSe9y9rVkaVQ2BV8+et2R9mZc7N4agWyg7z5uFkLEC5zl+eHso/jfzXOZIC8JOTkWtmfQk+ulkOZfMut1zJXZrT5T30mrIKdEGJAimbZ+4UiF2PxDIkY17c+ZPPmm5OB18/qxyAUoZzZ7/x1Q9FaBrlOv/R+JMxMQjapfdncgaN+UrwqvWC3aMhJTo9ZbMU5lUPSE5hGV+wZvOVAFJ26rNqNJuRDBMwEaJVioOUb1xjZxuAGJ+rA6JmCI6Yuz8p85Zt6Vi7qvDqcQo7IYntfTjQbNkNZagOiSPhWX1tRmMA+Jyk3osWqKkMr8LN8PHFxdG14adF8NsV/z7vf9Gf/mJvF7yricm/r5Ff6u6zi9e4XAWJnPqHn7bLAIClwRKcpK9K/cbmIS9T6OpZ5W2pW4bRfkMcQluIqpNcTmKA51QHy4SmV7GnLodWYRJEoKUrZh/hXVUEKh6tJ2uCg72H/nKlz/WTYW5DHt3WGKIo1IUqHTz7rlIZaCZU2xELB/nNi7wF9bmcSCPMeUnq/Yxtzzt6Psfvv7xdUntiQeMmFvwc55XSYU35BXaCXnNurBZGN2YNR9U1wa7POuRLzur3uff1LmWQTxcKO4vhiZouJmnKZfJDnv5puGbB0cMI4viAHIKKTuMsn9HiGkGtA4ExMYtOHmrLOnaOBAr8x2S3grurO+61hE95yT/A1zYdWfvfQ+hJvRj8gq42o20fIfoTrL+880C59021jt4wkz0dL9RPfXizcob3i42x8/prhAVL2xQdM/KbPJxwPLklXzGG72082X6uNiNFC58yGUq6++p51iP6z4boMeKdNcAeT5PGJP1BOyNsQUQtMz5RSr5LgcTDsNcWxFJlo2EL0jdHE4KxqcF6iyx9r6iibDpVgh83byRNscduz+tw9xsnaA7FHOSYbQ/yhErYJMuc9PPNv2MtJN2NuQI1wk3lNT+ssgjTu7tQDvsYwe8ozxIi88QHu4jBGTkoWZBDx9V59LM0loNxbbCgj6qO465QPj89A7cqNXNAN23qaLfgI0d3NPyenYNe+rHMGqbZ3+Wk9I4CnzpaJG0oP4nyIEx/ZhL5DtVvE0Z1PPWRXtoo0OJKhqjXajiStiNlakY0XFJmY3wwyVwZF+l/MU4GW8wRzHIu+MrqCDrF8oL702+XPzIesZ1Oagi3vRHymoKeZZG5x1f6aYxtM2tfW0XVQSppoAfPVaCbZ8zJJCqN0r0o9dnf5E2PncEW2SCfYQpC5JyCcSN/qwMQ4PsduflUyyaAhYdOEXGAzk05AtYsxynIAD5DYHIWuJvLtBlQgJoyb8YqoucPaGB88d5p546Eej149Rrp05P6kDo4yiTpv1w90YzBI6Gs/9XvWu5p06bTSYqpROxv/X/1+WST0SKvV2nfVJH8uenhB7a/7MBfz3URXAq/lJTHTU3MfidaPT3cAzlh34nulVpQ1c1mn2IOivteKtAt6lvcnPs53b3NeZcTtkLFAKROJ1mcfqo+towN+isj04QzjZUMEpT29XdybvxOchd+ALbfBatTnxEQFiPmNU5+V2r9O7JeNcegHGKN3/HME83KH43xF1VTveKI115kvID48gAyS8Vh6+PL714bwhpU+zHSIfUkOL2e5Saiw/QKaC4cJuPRAlT6VGJP5ftz9Smr766LfV78+ferqAbz24fB5cYl34h7D+dFr0bTZ10xYxejsKlmBTEcsPRvMBbjDDzyxB1IRe5XfKtxn3xFFYWX9f6+GPkcCLVLqmEnnhxVzAhjSIFt4/ujPuHZUITIHQQW+cJLOTqchYYYN5ZxUvmN07q76hnSon4pXjLx1P65YsK+l6cFHKjykwgGESqkgEUMG7Fsr1WOK9x9ZCGvQoOIVNetHN1e8hW8UcuG1vI9o0hfSxluekELAvjkM+jLWf9yBRDogHdFFMHep0DwMykD0CfXqMFvcmiSJcTjgRakdhf2mrK91RKF2baOLk/0i3B4NQEAAAoNm2bdu2bdu2bds2f7Zt27btuiFukDf+++MmEHvi9GWAIpIy/poioR163frvAFJtTI3MFylSHDGJSHjlXLV9M7pl1fI18FQsL/rgJ5HpVFuFU3XQj59KulYBNOFJTroHP6Qr1+8GgOTaPLn0Dfp9nxE4Yt75Vve0KJyZ1cmamenWyRacejJvmlR80N+14+Z+sHuWVth2qEhVhKIY5XyFjvdxXn28Kx8o3mKfkG8T3W3wkY6PBG/6KndD07MhnXpq269hVGDc7nL1tJEbxMpCGjtRJC0AU9yxMYhmaVUXcg8eeT8SUvR73qYC1Zsz8WLMSULEArGGPFNns1Rq5q4yrnaF8MFNzkeB9ei9vrzJaIvCz0EPbbZmpj/K3bKXwtxcOhNVmZ3gg6VTAhyWvcdzw12PLKDBHWUWO8CK5G8xafuI3FXSEIGLyPYbyqXlHl89OZh4WJvd6keYS/9XHVKnbOcgsVRx59q3ySkKl1aDbOmiKcZ4ICKOvvSgn/viJdtam/rLAyjIdWq/XH0VR+lALlqdo+sMVf76tTaNkmwKBSF4GDg9r0Mv2a8kSP+PNUcHAycFsC8QQ/72BpuFuJnvilJd/1HY55YX+htPbB7WsDG1tW+yRflLoO5JIGw55EtRvxqQ7ibY3ksLba0vvRktqMJendX62MKxNUb1Z2K0NZM2+9OheGhB5OKqGZFhld47oRrR/zKCFbPBmVBpYHSo6riEVnhkDi03OXHP9vqZ7kSwdf1+opBdAI/YmHaTZVFeNj/pDG1hjJXsO3P6K2pJ5jzsdq9i/fiBy9+RcbczBWXxUiihMdu6IOcSiAzDDFYK2jd83ngXle7wCBjGNJoLqH8frycorO7WlZpBDbKYk8SdPIzeW0fueNavsEREdtMwCjiMTHT1LeWcfOWm8THShdXYR959SGCVF7wqmNFsCUp9H5+/IJ844I3vQ/7swBQPDwh1g28CYBdUUW3VGBMvBY6Dy7MLDlHZwiObNfbWrtVWBmIaRdI30V4IjcuceJU+++2oFHpBjiRyOkNIzfgl2MSvCOIHNd+a1WHi92bI+l4rkZubBJk2a/bqDabkYmKAjPYK+HPZ10CQrJgeMzRddFnByCN7RehXnoXpyKzOx/xnLAo3cgmlYOdL2Uai5Lzz+NK7kYVqNbd1iBITgD2ua+bdWelty3GmnivHCU/OOyTIgO4M/ytgcA1CrXB9O181VTGO8MyLDjfFQljQ5QhkMMn3UPngRGH64F/urh357AIVGkHERdvebH0WzLBroepmwBTAI85GUPfDhBcb7tt3YhEtskMyZeGmsVozxrFlQUHCcPTnwo0Y1fI4vL+TCdkuCAXWPvDM3qvGenhENOuz3VZDnsLyn5XFn71kU/u6Lvuj/PB6DaePUu2lnCzyt1MJXtuUbDqeMloRZA9z/JPdxpw8bAXik9GMVGpwXLtsEfNGCFPUsU/IX5A99wz07nx1MdtEZuAc1MVUXKky+jA/huMGBmGcn53PB7NgX20XwuKDxypUvRSWELq3Hsg4X2LRJXYcz4MYSN/p52Yoxcy7lax7PMOPUJfZnYs7RDvVG4/zAgylzljKY3ZOGA1mkYtWE+FHGHI305VMD2kSAJfW3kHA4AfzHYwTwpbGjGUcK67UPwgF9hNNFOexCJkAgc1Mr3TO8pmV6iAq+IfKjDsZClBv21mjcFDE+pJ4DG4MH6iqLRRAkjzmDoycyS/KSX90V4Hyf6IYi6ddMJvK01cdGF7tovg4yEY4iBTzY1mWz7sPxRahxyMwTxVQHh59UT0b4V6nzir2249IDubBjumYYAkg0t4r1Z5QXlWu7WmyQpvVSZIIbDFD8ZUg1MHcgXLaJBd2BfCMSSYLw9xXrdxxxedHD+3ZOdw7tlQ+MzYZX0fK0eZTsvtURUpJ4YJ/6oiKdoMTH7t4WuTWEhfGvRaEyeP3rkFEQZrauu1+8gTsGhFo/LB7lqrORvWpUty1IF8gP6NfQJgcTEUhn7iqoSY8aShqJSUHUGbUSOpsAxiTOQm+gJWdBqsIK1lEJKOqNwR6ODVtypSecsGOgFMKQu44zVWjMq4PYrLj8rZNGzI4z24/JopfIXMNsXz3Ne9qw3eyoMojRm//ZKkY+OmK+eKNus5EZxsbwlE9Wn+9dLCHRKY/qZqTFgHO+edrE8KQaSAR92Y+Xsa/W3EKw1kgIgv4L0lnoDrtQOdh99ItiQtwup6PYM7MJ9HPJYMvC/ksanhD4kYa8pbFz1AwWd0RpAEkUr8jXpJoUO2km2Bb0o0K7/ZFbwl2KBaCk5OLeaV7HMifC4jsFZ3cocgaKIzIALurs90xxIvBIePEFRPXcTZKJRxe6241eoxymm6IwBjwVmoHlfcAZUeSdwM17EAghiX7eP9SKOUT+qVdCslHUHNeWzCJu6ZZyWZH8sotkJsDvhveeGjRvo/a98VdUSUZ5sXAZxJs0hmyfBf6TZipfIU952UeWAT9j4kmd0Xp9M3x/3QPcK5Zc/+9LxAbAAEGl3XhGE2kp7MnmW9ksvjls8o5eZokm3gO7NimLzxLQlgTT5fIv9O/OQjU7ZN6UggU1s5cszGW2joLCQZM/cLbPpOa3bsW6eDNqiDK+PW0spAyN/eUT6+/cW29nR7iCmJEYuokqBuU3uY62TSkGwvBkg/927o/ODDfW5aPew/rU/zJ7yPYFj63Q2unmMCIv7MNXXWfVj6roFCbruFy331l1R20gKL/1QV2F3+lcXwgA4RDK0ccD5J4kyNWX/n3NuSkDfWwJVtVEiq6f0h26t8rNToBAvXXtEw+iv861D5EEIvS0sf+V9ZtVTZDSd5A/2PYJonGvtbr51SUF6+z7nQ44wr4aHw/uyVykYAPO+rdGoLoxPn+DQMB8a5RPZQ/1uvtimqWun6sArbYow72WVoxXcbwPMpNsSf0Clx4meXuBnvG+5BOR+/916I63uPx17IVqY/+9EPKv1BDEEtirVpqUN5jmFGbvWOUHwJPEGx76YQ8Kp7cbUdMA8dMaKIQDSNDOmszCjXdcvtNXMlhrPRdt/KG/KQtDL4zHpnHKTCBW8ZEAazB/xfbMR/wppFY0svKji3hojcwL9UQVa7rhpFr6JOyt8BJsTGn748jCQwBQxWJ0rd82vy5N27eylKLTQwrwnK1s1+ELHdS6PHnqDIW1jklTRvHkNrIe+UTE6HUUzUdTUg7nFh1OXltaPCsIJHstngDbBqKNS/gmuMChcIKXko3a1pvQqg9G1RsFV7dY2bCGkyK4SvvSkvi6yWVpPQVrSh4yJxKpkWrT0dejKUWnP52DYfh8+WYwm7PyYeKfshGRx4QG+er5v2MiGSTCLSP2mei8jNBA1DMItnuepa+QRoItlf56VHNH/OtAQ5nHebuZPTRlC+hTszXvWwDC8icHaekqX6NUeIuIve3Oa9dyGfUsXjZivTapDvNn6lv2am72ivXyCeYxnKgVlwkKdkdF8tpXwcpDEhs7s1JrROCUMd9CWMBSDySmyRN+PbkPPXLDpYMRl+IKcbAs4nV3WX/hiV600pP5XoY9PBU4OXW2ySn0JnkgjgZ60j9AtO5OHtj8/4bnVkPLJPaZ5hK1FhIf3v2nIEzk+tEPq2T463rtEwwPFng1guZlQorqf1eNm4htHGKtHQJIbvXNozh8nS2+a7P6AyxMi+i7JDb2biWT/uP0lWzPwc6dCz/455si2nExDL3RBXlQVnWFGn8rEUTVdcfkCGqfRo2eHj0ilsvazNowxSONyvocWkSBZjTZUZKHdVw8aVFAkfhO+NajpvQ68AgvjnUv7fAd0h3Rra3UfZMcsBsd4VCmXVOK+qd+3iiyxGavdB7FZYkdaN4dAZQ59sHNQqwlV1rjIiQiSsLenQayfzc+2Ox8vuoQrzfpR0T4IhUKHnUti7CDaI03jprT2mhB0CPeQGbcoyDhjy3/6ebo9USoZGIm3dw+RUTUBJMuGQtrmG3RXr5n63IfqvORa5DMCEB/fLKueXIBumkXrwsg18ReQ2oqYKqijmlbAAtQl9Q2yFAOZ0JnBHKA+dCqit3Hnz0VzZPYoHMtKLIT1KL2bBlLXnmDp+cIUXXN78OuzO4UkYFzXeMFpm3q1M+XbhmodnR0y1vb5NOzp/FCQh6c2Tk2Anidm71CriTuinT3drWv4PoISRxP9zl6MupplBUqoqLPvywvV93uhlvszQ+ef+CppZAR9kf44bNAK3y8qAqQDzEaOMmBh8MjMG6+tYlVWKdAcQ7N4rDU3WWX8/6zNvdweAOJGclDwHyNmYu5MOGohlVodiKxjkXWKI67OBPd+e1zuaGIMzg7RZ/9nnpIOtL2TlTOCAQceyCORbUdBGcMM11t1OslQC3C0GW3MI9muDalZOh3+2XO4EFgf6G4Z0aN5MFTfpdcMAimmkfShwNWsp74eWpmV21X/86MLcwk/IWxqjvzPcOo0cVpkFTyVpG6IyhGiSQlnl4+21iMl3Z7KnLv0RJw37/iiJ0zqaa2DA91UyiL8ue4iGxkmMAAqhqrXrQrYqJEIZSOVHYtMQsNJmaz2txzzlpMkR6SZkc/5EmvY15qAwxRCbQFZ+K8DgA4fX3yF61gjBIdrZ4gXLmYG50Gt1h+Om9hoWokh8c5/3F/MpY/BS/q1mJd2LXdQXJC2xJ5GLKwiyqA3xWZc4X4K/khW1tqX9ipt2oGwfZ0Uny7bA1AM3/etxK0o0bM8M6SrBdE3flKNQm0CckJzRlGJjek1RhzWh1sLsOkXmZGTQncJxi29PWmWadts8ogZq1uxpzdpTKPLfPKGFORgMiKZCJ0iRUA1iA71gxnYKic4nxbgl8GgXCuh3tAgvs87a6AIQOV7afxgo/cfE7Vn4trU1pejD/vZLlLDakLZAYTuh7AYHRQf1YynWJmsO5UDJ726y6mhF9y89paGsFbogPweel3bKhI6eOLmcfVLZZENqwnrNjwpFRmWd2/mg9HBEbqNTzFYmIv+fe1mjdGKnNESmN7Woi9eqtLjS9POlXNOHw0RkKlDjOdyO4EbPOynLfFTD1u5L1ix+V2PYT7EJwKg39DlB6N0Uln/SdbUYALwgiBrNDBYLRAG5d6JxzJXl1o71gRaawqTMtX4N+BaeogJI1Hkgn2IF3dZYf1JkN9CkECv/7MmJKks2XJFGa6xOBvIQQsV9E29F4J0zIJiOx7X96m+n4BWYIsl9hL5JidFm9tdzqjcDum5Dmt5JRFkNWetGCCb9pOv9JS8PMmLzg2Dy4Pl8tGm7JLTI6rLotk+/6Ybe+3AOInZhieMz4xuJ0378Pd7La58QVK4cz5FGaUz/YRWHTpR1pBgFVXFW7WB0rs0zU7bB/wDZggg1StBvwKRRk3wza1DIir11WgTccKqxZe8lauL0+v6ZRcKl9/mfaWcXgxsIxsK9nu5uVzzECSSn80Wl7UiMGoNsN5yRyW7QG4db1pho7kEkdjBuA4LkMJi67AwqbX68sQMVQcfh76anZtl6Gcrtxm+fCz+jdpQbzt2HJ15iE7Aoz4u1fPeuyzGddnUqoHWx/AnMBfxeDEYxofCWFfwWwkhUsxUllVrT5k0AhsFAnHi04vdOwTwH3SgVaXj5dMBEEK30ci1wOlKKEc0AatUV1ugH4QJ6bQeNBh0nUo9zRtr1fivYRoANpKQCeS9YqVcKLkSYh/6GDyJsvi3D/UFEfGyJIQz7OtuhEWBWC9P3NoqnjYXC7kp3uIJWfZ9OTewWVSuxKnnSZfA2zZuc/N6MoIu7VAwwk3bjtnOJEB5jNqkgAVEX69sWs9e0Fmoh+Ejid3ZL/nFziKq3aDlroynMNYutPl6hAIPX9AFuxnZCtBJDm5a2JGlwUv35889lNc33Q54zcUWwbDRU1vkdELCm91RgxeAHz/mWSxn4Bj2m6JtdSD8xSn7YYpFcx+pA8IpkIccir15d3QZj5MqYbHwtKA7cPGvtxr27hZjBqeyH/Of5WlpykSKnNJHUhQzFJ71fDJIkIljKU0TASO5rGZHDC7tqpvCL4Z7Fqmm4GyGs/+niojsq9fXihMGiHhVMIaZp//ibd1uPdJ+tlFxpjKXra56YCrPq2wKXN7LZeSZOfByyQQdBfyT5bqKTEmimeSHRAxmZpNORmXj42gURSmr7jqoyFS6SGq2pTgzQkSDHZsRcLfrZAOOlR3mja21pAUiL104mfRb6+HZvC8SKq6wpxu1x8Su8PrW7X1irDipORXue6yJOcQbLGZLjvLH9rQ0VTBr2E1XpnH99x2M5kDcYbBSAvkWwmkW/LOftaANnF8ruoKJT+rMkTg7Ox4s3uye6319atOM+Ml0R5F5HCqWmqeOgLc13AfvVn+qP0MYIPi3upLo/JIcpnCLNx0tYYELXpRkxTLJTiSf/CcBLvnOy2+Kdpaf054SIOZHY4jAdZUmONUTNHdx8JZOdUq9sKxcRpINJJo1vRcLOybz361ST/u4610/2u/IHvodrc2o2HKcIBHv2cHjKUlNukXnZML1Hh8fi8wl5hNbgfVxkpWXW0lRTv5Ehm4PkFwS/Tx3/e019V5jkoSiMN7Wn85pMqWlId5G/AsLeUF6hyqIBDvNie1/yyYqhscm3AHCU+sq4NieCOvs6TWJJ0FBaiIp1Ghh0d+U3PcNAn1tvA8HcArIVSoK4vsQP2m8rXEF258Br/IZ32sfGWbYKiwhASJBCDD4DcSi3QR/vqXKSlBleqmnT5beplWVsv2iU3VyIkXmuoHYB3IW848PmTTAfMu81tV8t68mzRz0SJDheC+2OvFV/5/F4SV4aiZf8e2eEUN4IKyDtjlyynCJ/MmGvZRJ2xcRlapuhi9WzF5OIDo4ZTHUgMmqF0b97LitA8AIFKDK5ile5OGzaepRI5uw1hnGMyQ8phENv4Y+ryRwCkWszPLTFLCf66QMPoEiTIt/QU2Ack3z7GS4vqsBvmX/MSgWuzV5H5yEy/b3JAjKlvyx4Rqj2V/rg7ql1bfOSGHsWmgRwTfsBsvFFk9Bfr/1D3CDWxKyK/5tADG5TWZZEBUcHywZE1+vkoGUG5pkOOJGKUK1rrZqG/WExs5cwOSjqSMrwpND75NrT6yjXnS7RVvRWF6Au02zONm5D+wAF8Ui6FccgP413OZeJzmFZGICydxKMtZpU566asxEQ7lX7s8Acs6XErKZtYJ5QQ5D1AKtBn8x5p/nxdcu6BUAZCEOW17wNXj9JfR6lHhcJ/8qQ9StSevQuLZSJo1QcYCBEjfxTyLRTt9zprEJZW/4HJCkKp9EYvzDsnRLDbL9Hu9ZP0cOt6LxF2uYF2604ytFjwRSoBPZNRDF0g+5puJoYQBfIOtUDtLodguv5TcrBj3/XKpHJlAmH3EsGOuOmRuW1ViSJCGbkA/nlP4eb6gS2kgyYT41aTfRQG0+EqOOc8kxVYlzlliNEAKqMExiiFQmEVBVXUGGe4qhQDUo1YtjVO9PX9DMcl7zy3nlbL92mPL4v+D/tQ2R3fw7HVgiywn2cJQlUPN7X/2tFYHYSbJiA7Pvvry3V/7TIQgG4mVNaq6bipYfwr0/kx93sj13HYrOKBK/Mkdox+CsaoJGkxFBzECHdP4uGZ+TQrA2UYfbldinlwfAYe+iK1yjpxBo9/3671yFcc4XHDKDQTfkT5ByfwkXx8sB7TUv/xEyTnQomYT+m3yQ2P4gS8liqHBH9BopHSrSvSQ92JsNfQXbeZn/BSAV/i6wEtNjuTvHTcZthKPUmZslfxh+x7xsPVGqMpzSEoTD1tmLbAFjVsoEKlJnqChUO/gR3T1Y34B5zzl87CrPF1VidWqNDTRiwtYCyXIiZE3EtSzia+q8M0gj+2Jt4O17o22cLDoeFbkpd9xtmhlJgLNBhwuTkI5yL0S+OzysMcTIJUsolVXJZu6LTaAnwGIhlW6zSFo2JepSeNejPp8VOGrNhfrzi8mkFEbO+VTpMF4xWto1St2rhDz4abqDpFAFJePUqk7PW+WnX3N1HhrKX1mUtSrpc6+qXtUB00k4OXBpFM2eZ3GThYwaGihZA8ydOlIVoeV/GLamWYUHtU//oji+SiVIPIsJ1LOfCkUcH9t7ss46sV1GZIaPB3yWvrfiYTPEGYa1r+zTxh5IGzvrp6JHv99lgefMpecb5PIpr2Yw6FoQKwxYsps6259TUHpOhY2zaLcrCNjicP1IUEPW239+3YhsgKiJghW06Y3rx8fNcuK78tRrijtBYHs+x79jiQKXAoF7o+VSt3d3lpRf+zyKjEvzbvBb/Pxm37e3DnHJ3uhml3GBjXLIKJjSVQRUu4dn8F9t+RUcnnVgaRzqJbwYdz7wOs6GCR8FA/ylvm14e8GY9STQl7XipH/zZAnoSkpoYE+qpqqlXpvTCg8JlNDGmFd3lM8f0D8ov3jfEQOWkOGbvUXvgYt40MRxi5Whrl8iaolJCKirAKbugMeiqe5kHb0sTaJRCKZMg9jSzC9j2S8si+NZAmpUBZMGd7Z+XKKOndzqbnp9HX4sbtphN5iVrZQ8AskQbFb7Q/rKlG88+JRcrl8d/hsEl0pxSsqbAMXHFOVPOtUd1dLhD8jfell/KqRYyJB5mC3B8WleZMI+Xl0xbgxa2yGR6inYY8qR9JhRcwO5ApO6xtv+kf9M4L+kNM2skdAWE9bSXExoo6KpQweH6KAs67gAxHSwMHWFgkzkaNTuzyuTxkrmX8yhv7FwnsPyuWKggLBEK6HnkGg6mA39r1Yxd7oAjIRsCTSu47LZMt6cXykhdK/kl0giHWuKk8schDMxCCLwYcc9rcfKPgrUrRfjX/NqsSHkOzCLvEvJiD7+xW4QYl8MwDLKoMWA8IPNiX3ZinT2OPVEXAv57wEn4iElgf2navXBHn47F/ULJoJ5h39hJ68LAO1IT89juaqGyp2iZ/uR1zZRhLFklgmdj/RhCfnzqMa2fP20hJRjRuVYRgpRKp6E9EhZMNBr9cKE4J4iTAsTLWkHdlFJuyoij4RBGEFoIuVlNQQYIW7Y+l9Kfc/k5Is4MVLlwBlextlsLX7TGEossGXJ1/0MiquEfbnxFeCcQMJ7oUOLqSQzaR7aOcC/42xBWlt7ZxiXryCklNc99GgFOs4ezpsgp/976Y+IAbYm3415ccJ04hCWewWZG8CR2GLi/NI7qCVaNhCsuRRlIWvIedFrI36GxAdf8d9ceqJs8htDKiIAfVgnCsLYIPwaBvJUB4wXYK1MjXTmRa6FNga89MUpQHI9g3PRFyXw1u8A9KpeGdB+hK9WYnFhlHiSNHP/0Bc226NC9IYSynyz2Q/XQUjiTV1PJyFsxpHyhVCRNEnIQGy/HPSIo5S08U3/pH4MUoGb42m+CJKTJmRXYrrR0AdLgwd2xDZFwm+p4Vz+HpRmS2gnQANwxhZN+6wGAT6RlnNEay8SunNAK921Jh9FOnbAiiYLBylYr7yC8yWGZ2SfWdXZiDHLE4qyCZEdaxQrLHQkAJ9lS67pEx4OfHoJx+TxCwn5krdlfZG3wE1IDVaiBgwj91eniOqjuphvgSu0+1lbjCJFs3+28VZpt2+3LLpCOv+SZunqPNvOjlkqw6vOmV6b6yQ5tHfTsfFVxmQpKdB+S5rFWll5Ju0DY0nZma4QviqbHW6xeGQo/VvoO/5RKljMlO46NDkgMsFpJWWUYPR0IWQMQfsZ/uRhlWhvP3cXemYeX3dLQUqHHXZLfrYTCBgLOqOwkcu0qPTG8dQjxResKXXm3brBRuzxKbTfuz244RzsP+RsNXoKQ0ikPuVWNJnRaISVuwuXr8nSgHmoeAYOMkPwc8lR5j4n+3GKqzdmgnf8qz4NHwCmvBc90OLjpSzDBA3TSjPvuigN1DJ2sHWbmlJ1FjaZ1RLcNro7h7dvkXBz76cUXfn45cGcli8IIQ0TuwStnR4ZZziLUa884njmwl+6tH9lho69owswkwuv72Wtef/ng5SRgPe2juA+GuOPefUQK0oYeYSc4T71qLRGrdweF0BhqW8+yZqGkPbGFpMtcyIkP+tIxrRTiG4iXkYCDByW51Z2b2JRDi0I64kyl1oikndHtrpp7VpeRBbEebxSWTx3TjF3hin2j3Pleg3bmiAPacUrUv9pVI6ZMpfhRRzhixzPnz/YViaBwljyT7zB9SvqoDZEpo0Z+skMLVf1fPgy8DCK++W+suVHQGbZ+49YvgwitJshDraF2pzCQ3WTDm+3Fw/YAfoT6409m9OflL3iWJjyVCWwKvDu58gswSeLwqMSEMqAuwU/ovqu65OzrFatfmy2GKvrSrfLNkiMU+BrqS8y+M4QyMYLbp30/DFfNVVF6hLJtW07DYESIe9H8D+qiTekIsw2PepfSvfCR4cTviRNE38i4Ct3ydGr+Cy5MZIr8I71afpNeJ0p8G2Q8g9uWkqZVm6oOv4lHI5D7P/8GzfjeUDoA1dMGJCEE7xVwdnWnEL7mc0yti9KP2iDBQUwMsCeKhIoehFkWE/IZeuR/YMWhR9TR+xY5aaaUUOWpeDixxmsMB7CuxkeEYJmXMldyd5nEjddY/835yZiZgOHnJOiUvnoosZBbSP0rdyntTUXD3p9TrY358w/8676vWucfqALwmchqevSl8LfXrgOyyaDWQv4ykc3blvzZcItyo9PET2Dq26OASLmK+31H9wMCmnctOEF5abdJKbzGgMAoJhEMBzBCQaeQ5WLMrqVyXXABmfH2jAeQo+DE0ek9aszJNN+pf8l2N7wgk8SeOPqUangt/5eORJcrlvO0M4X0KyRhEwXNoThv6WbCUPJmAYqocx4+i2kJqZbbOTkQ7Mm5ToU9eHR0+vdLyY2HRGL/OErAUmU+AemsL3S2zOt6JMmQSgqpXT0lVe0fem39dl8nEznO6XNSWHn2ercB2Ew/mVTLuDI9fjkrRpCp8lWchLGdTeevMsqnnhsKqs01DZnYfz6Xw/NN8lXcI92jK9TWMxkPaZVOyScjV6qDzTVBjbWLyyF6glW3eOjwGduKQ9UKARP4Fc4asNB3KITQ+WF4WzBTZUjLaLIGaE9Yeq+f4sdzxrR9fWwoas4uKlyYFVVB4hbN+MCO0EEBUcwg/jdqyDUq95UN09tT1VMWHFYj+ED+AGtsF5xq91+NXABqUZWlICEwqGaY47m2z2Bm0A96Na5isAaLI8o0GXunq1RsahTN7KYxdYo9EnoWrMNCo64CUxOoC0ik+qEy86wYZz0MeUhv0rmTp2REk2guk6IL40Lx0hsu/igD/sCSytMg9d51vpN86iIj4IFdTvbivEXxNII3szultXzIW01ooyGF72seHqpE5e+nPPeM1AjQkbeaurtUfqrp2rSebFa62y8dCcDGT5gVMt8lG7QvjmHgx1OOHpWgGyFPLj3Erxy3dZPwKEUx8CgD9RpK7Z874Qr7IfMlyAHLCP7i+nzcoLhrN6c0Em9CLWzH0SBZCDKfHpEXbGg6Tdu1iF9VIEozVw7LTkj8BKOQcs3yvZ5eRkuBQuNTdMkRnQPYzLQ1pud2ocEQKyZ16W9BBUq8nehb4PQ3cH2TSp56ziqw2dcEkcTKxlXUdgUtpaKz9oojIBVAyGw4YSfNYVFbivb5BLJbq6XA3lor9t4M/BHGHCzAJuo8589XmZLta94OF8sRpOBlstpA5bOZnuEBD4Kf0fjCIyp4WRbpBAfIrzPuXAdbAe6yvRWiLpJi17XYUSIiSxyD5pP3khCBAMzqY/MtN09xJFZohoFe7rbAfVVLpkwgWxEdxqhUOIvOKx1zD4FdPDwPUgTqf9wl2pNjy556SyrdC3voC/uOQvBOF4+dQFfrG2fppdWaIRqk+0YaOIrtiB3Rey8n/FOHuujnDJ5CwpD8RcW+/ArtuDiAOKSqP+NDBxgrqHKvUmohRUg5w7ICm1bP9BVvdAZ0yVibuiKpL1Q9fWC9n4daO1LWCfssM66kpvs7XK9QSJa20+JuTIixF8kELUQr7Vpnk8KE/5c5GzX3kR0ZT5E2E/tJcTaaacly3ISAlxug4F3dpI2CKTs59af8C3nq6JWOuW/loxEg70v7u9nT6xd6/YYk81KO/a0XwkI9aqSbn3Q6MiA9oscOexyBX/t6xcLt93Z4IHmDz/aJTu6S0jyq9FmBMQevoZawvvuD85KTOw9yYGpGtpHplkNRyeo21EYIZFiYYSIWbkFVLy6ShiBleuPJyxuiSL8aSMTWU7p4cGmv6vBscDoZxLfQXZi7y28OXkHi2PpJIZ5Vr5KjXHS6TuwxyGFl/zWRcYHfZxIkp/flu5sROwcvROJwsX71cOr3YFyfiGhxzfT3NrJQCkISOY5cABnya7xLQO34IrIBNh+TbC/EmSX0LJT3Ojjtt39l2QHt3ftNgnz+9g20cYNLyckeahnv4NivVkP3ERqKWRXtUsFg1HrbgAdo+vPmw2QY4BsavOxHfVuYQFskVJt/SyIlUWkmAz+QdIIZPIsyI1n4xHHkFhmWZrnZKD5Ima5SCzNgVugLWKHBLLILfoHXwZQAv1XEGfypNiBB7L/ApkkJmEtyF+PvnnV4j1VpzNd/D3cqer7+IvLtxjY8qR6/HVQYneXl5638rNTTU4PvtxMx+2Odj+mADuYTERnz6aCbTBtYEcM6uKrzg1wwth/UZu41pWBcPUmgm5292pkgQBZyHXuoFT/To7glsk4JsSkm01pYrSG718TwTvOJrvrN9+xOLueGfE84imtFOfoTl1kWlSWxqP1SlBHyMPajNq3tCvFWmyhnsuq5siMgjtH3eumZ6gNhpYJLekucQBgwbUwn0zTel0EzUJbtIHW9bZfslRYsd2ovui/3rBS1ArP3JtUeau4xbQkeill8Lesu1juDA5oqbTJ5lEwBKWz9PSH9ibQ8aoyMtMju1RAXKNAA27a8fqBsYvJ0ALVAAqTtVYh6kkpvQXzovjY1FnsQ4UwKW2V4t6B9fgWFgmpwhux8Oj8RTGzdzsBXrh7aKMU07M+fdnbT2cmUZHPAmIqh2wwZaUEQ6yOs1cHNmXiTFFHJsEFKYaizJpzaa1v4gxpfpKA+IHpp+jMf/lyc1KptTGgUiNonRN+AAT4OW7PcxThetmjO1pkgFA0Q0W6KLm398JssQcL5n3AQwj2MEDM9bnSCHNufmXPIz0WUZ9E4pvgzGRiw5rjo+uOd7F5MSTZ1Edag0Twi+nikfTEwCnVxwqCLkumzfw331BuX3lykLGAQx1r86wN9sdD9n6PKU1wgqiJ7tQL3sgRlIHglOpc9mH4CxJcuLDsmlBgHLzDcCR/WwmIy6SM6DUujaEvuQm1iX53h5CV7IwGlsL9fWvUBwjwhZv79GAyuZ/ANvBpyJBgTrEDps0zx/C+vMidVVofBMC+itEA0ZnkUuZMQ0B2/BMW8ZU/dQE1v87HIUCsvyLIBiwuQvbO2ZYXcvRbzm31ZnYYQztKT9MCJwXsoUwRtjiJhrKX/lAn//0Rk6gzhrX+snUq4F7JxXgE3m9mWVAwssTi54FwMnUdbRX+YJXcHKHulQ0zrQTo/DhK4KMgf6E7AZgPZB5wAA4IifLF2E5524vbYrknYhkLmUqdW00jM6v+rVRiuNeI3POuNGC3Eia3l3gH9MtNTHjnrDRk/YiKvwQcnjjtNg0cfjO2Q/wAo0yxjVTYngnD9kowuOspn8w19jZ38P/wdjpCZBzcNg8tCdOOP0S3HrvFrdCaPbQLwaGkimANu3bsEeTc1CBuA3nyeVO8ECSOlDFLqbcChjYmfedx7aZxs+jC3uF4M3+FoDC+3H5hLSmZAr1dedJO//KTiwSLh5tjCtLyp279HJihZik8yJP+RFC+YLM1Ew9QgK4kTW523hMsa1DPRDs7iBnZjtK55AtxfY9ZL+pV986FtsMApupWCODoIDnaFFDIGZEHJ5+wxWa4wpK1E9IG83HibmNAfzWrLD+aNopGQixn393G5/Kh8/xPazivO6QMgUVDYtcFRC1hK+/Cf4Vtrr4ar+3HVLSOmigWwXi1sgcDC3MEtgnSF68PmcIa3l5WKaPC7uweFRyFLNuAyPakP91qUyqCkDSpVkY283W1fRDmTCF+NtXM6KBsIP1z9wZwxkZ8TWo/WhSBF4Yh0SJQp+x8eiAVP7HgnQ8DIk3CvjiHR7IxZYbsTVCkaBejDCGFXvXik+XThSsiNk90NZu5ZDC+p5qu8+1oGIZTO6nX0eqNGlos2Sq2P3ecSO7wNubwW9zHwEXf7ThPNeIBNSrvvuX1lFJ1QgivRqNl8uyuqMSBRnzFm5eUJwTpgboQ2sEk/pI5XMt9J2xpd/C2SZmwcQdPdEdX/BwjeqVbUZDMRmxoc8/gREbyU8UWThxJO5B3Idx5JtKJ5AWQW8m8JpDAN6yPVLyJzfJElb4vTD+XEmc7cYY1QNUorgqsA+Dq5QMIfsO7LmOhSQX/dO5x+K+DAaqdkbPnD0feQSCfYv23wyrCABtMGJxc3e5vik73rvZS6xezlcBnfPb7QKgJi2wiOyW9mUjH6CUmTAIwcC/UG20JwlHiYZXFm0LMLn2DlBLmyTdGszjTUpzRXdVkGnGBPeKKpnCW6FN+S4YDssIDF2KTh2sbvhUWYLdekaZMUcg+h8NIyXZjyBAPBSGZ2U9GHwAnC3JkyMk+w7mhOXnhKnL1z9SlBBhPReYsgk+E76LLjcZplHbRGb0hQ7AgED7xJF7G9swP0j1SwssaUPkYauO2yrMIc8BvZSHEpuK2osknJWsTw1Cb9Bzi9yoEKIizQaG1N62xCawDZtBQsktHTOONV5CiABBXuqUPH21wbaKOFcv+KnEZYn8xcPKdl74XbM2Fjdnp/+N0OycfHJu5rzlTNB7js6ML+WuqM/BglXpGo+5PX+OOA1f4HlAhKx26pQrTvvbMYxtE3chhQ6NSnLsIzlxE7575odZLgIvx/oDflbCoL4tqpV0SuHusCe5g+GTmJA/cY/YeoNBio3kGM9SUt18i9sb1jZuqlKRWv02+i3JeORLnCC2vN1Hp01PDXP+N+kOZoQ0yrlcurOOkqYalX5Xh4Jy5RnaH54wgkDpaOK8LtGrQPF/vEoQHvrQwJCej7/V8PRdhFh7wg67pY9HxHJrI7NMKj+wU1smwimwFoc+wsYd7Eapqz9OUqgTfkke3AKQKTthrLAjAKJG7rlS0PkUWwAGC9Ri3S+/ar288NYqXdy0kuiT8CuI6P3VGCGYtwhaWEv5XoOVrmgJU5FO3d9EMR8MqG0RXdt76AhuoY9jTS5wMy6o3OjqseG8mlipELvp6pB4AmgLXN5/ZgToKXtgpRoaA7o/opeaMFXND4/LquMsCWZs20rPXBaR4oTcx98fknl2tPRW8k+eyboLMzqCdMRG5OUiNaLbQYLOIZgp1MDdNgGGqZsSB7kjqcb0KiODc+Uz7Cf/X5KRRDo3L31cP3mXElzeFUJ83IkR8DuNMIk6uLT3Ipw0q5k/2OIG8WtAGyBt8Rb0JM58oa2sg0Qu6pV/eq1Ax/hFShxnpJXhfQR5xDebExZdx7E+G/mZCtN0kjoOWEO6wg0uqRi+rWCku8HNWoY19iEn8qsjCQm0bv9qpjgzxLHjUhhymg32fg5Pzjq98DAwaJrDGQTsvS6eLo2V+6UV+jF8Fb4PJG2VpqjClG2c7kRvmlovqjJnUTYM1JkL+FoGxXgL8byEOJlzc8QZq3N4g8yF5l4XV+5uRHse+7GVSbbOnhKgWed4OM5D0x7wiH6q0BLSApAc2kg0REQ07Ut1+JD6NMoEJ1fwIhzOqlUcerrXEkz52Qx8T+tgoykzo2WsLQi86ixfs9stSmx9pnNVSSgbwHg/TTrU/wCfRhuFDlnLTwIRTnmjVIKbS+HP151BL04Tf+/Jl52FPVi49I3pLd+1YeiY9L1CtBHfNVadc/ItsnQ/XTc6va5tvb7iSg71YkPWoEZOtd6rhvE56iKWy5ZC6+VfC7f8/ndLD90C+OfnG3oyq5hguM/u+6cBUBy2gDlYe48w2fhDdCUCM2ndD/a4UyXfmhmCerorgfGze4amT8MKJHvEnc9wuUzuEAhxvQdb3LxS74irAjyHNclpPQwWkiSmx5w3i03/qox95LmmSDS2xaoagbj3vRgSKhlcBDBK96Sr+roV+rHxqChZn7BIwtFxlmfPV/EJvniibgKaVOB3wJ1A/S6kA4ZaWD5fnA/8uQo1/f4fXiMkzLGNW0CDEws+9QQD373VYsrtUonoB0exinRrcDMAUhZ29zJqrIRr9ugYy/pdThHcS3I3rPR7+1ddq8OZIBbHjfDbek+SkOy2tNyvNt4geeh5tqew+xqjJJ9oBejpw4hqEfY2dxxNh0nyMCvw212lWY6WIZRdwdDGvZ9kp2NgeiP/EB7x9+PON/2ilgbX4K3nbW8ykfYl3GDRSpJNzAYWW8oXt/y/FgbmjqnBO1+dSSywzX05eAijvyaxZpXFaz9xD7tfo8pfzNggMNq7ne2GY+DC6HL4RRwIezay03T6GCnv33SB7ejsUwGuLfQ+8ekPBstbstJmTSb/Wtpg8h1pJT5NB4auLcLaiBDqFR2OCGSbJyp6Who9oYPIM90hxD2s7YbZNZ4R4oi6iI4ShrZuSh94u92cTB22EAkd5s6FnZa0RGeHWwqqrgrqN+1em5+5gNjSs+RqYpjmSoWyPd/zcUFuDJ9I8RfJ0kVa1HvZAV3qu8cgeDlhpxNmBmcknW9wDTMOtuxuEPNrbiUgRkG5RG6AExo71Ou3UyGXpjvMHoHUAu+zcO0i4j2EH7ilW0+xjFfSzMxV9Brk24sLbyVfOnEjERlJmsua9WpO+tlsG7u9dn8aed8CwJzDi85CDs0MN0UqYA+wHQxqnQGbRKoGJD1+op80erKpYwhV/7xhfKqTgSOu6cKc6QCflYnRqfDbpkelokbaHLDhfB+Ll4CK/3pfH4APM0X+Lb35TG+zlgnkxOTMTiJ/CMQYt2KKF6y4DlDal+HfPyKSBkAd2IJrIN6Nafw4ycJ0e6uwjW6U+VZBLYiXwf/+lbaXrk7mtIUK7ggrRBUXvsr+roHvFz7ttK7I4yz1/PllUK5Q4egiPNbDHV8hJO/xrYdFxxBXD8i3RpmMl9QHQIT17w2hnDt/zCLmNWH62qX1s2UvuLb41PEwi/TPeFKeblZxCiBvWeA7eKc465XtWO0QOkC5wyIaD5xnG5RqjXVF4UCo7pRthlbzKJ4mTSqLRC3pJuFewrBswLGEmQgBsU2zz/6N0RqT/wglIFo4eMtPkKrtswO5X0EHoRQ9Dy+uR4uL7b3pA5iwQaZ+fhAhQCEqd7PTF1q/oXX4LSoOBVsAUMz5MMj80rJ7x4093p6i+FfaoTEvEysyXLwNiNtJKiibF3+okXljwS19s5U9Rn7Ul7OT3zQXj4GkULsuddqu/ObEhktcMxIZz6Pln7n6FV4tMDeYghDPuvZIMa7F64JH+BXdHEMdZyAVCUhmk8WMi/n8S9sHJDgoiTwZOICNyH8O8v3GVlAlZj3p9DA+zZwErLotnlrovJMGL8KfUtlRtWLxIDY1VbnlhIATg9L4jqjYMQBlJvN0Q853lgFum6fLEquJMKyzZEY/TxD2JDsw3GzRadoxZFaxra5HPvFEcE7peMLW84qYWNDA1VVZ7OUMbuRTQqRen0cK9oMhZTkGUO+fMoXo5QXSa7t0hb+mL8bZxRiskr8QE65WEmcmnjNJNd4OOfXshxL9eBKMjVfn6PE+mlJGjp1pmhBfAmg0PPmuW+wWGrLh9b+m5X2cViy00lVAJxWJUpehdYM0dGwXqjQIDwzUgSdqT6Sa3h1D2OIbk/x7l800R4YhttLH1twlh982vx3UrSVsewGv9TC53dUd1aVcGA1QWfjOrWkjNzLKZogjGEk4JOjZB69n9hb4IzNcpOOV7iWNIim8Lz6koC4uGt3+WYsOHs4oUGfSRUkK13LoUnf0SQBTSfFPwZUrTRflyIAdrKPLylFOTS45Zv9jVpVzzKZ/1zA+1zwdwKmWNnkMUuaJuMy/Jy6G4VJKVY2wYina4xFCy0yMKUuBnjCH2NNh6xlG9f0eoz8EqdnYOveAfHTYGNuRTXy1HI+zJFU5QefdHC+1iCmsQVS+AryyYVc8XYswAqiDipBdRXYyA8a+V2Cs6JMXi1NG1+MQKoQ0oGLtxjQpPgvXHB6l0kObc4O+Rqcfy5dLQK5zchwjHVS1V209WDVynx0I3YwDbtWWWbeqcuGhjbz5zY4BgITWLGyaZsCWEfL87BhhvsD2D+5IhpiY4YgUM8d398nhQsP8YCPXC+CQpTJXhL17RQOg3k/PaY1JQ0FD+ep5rYNbasDrR5lqnOURjO9NqwvqRFI3prfD+eH+0FAD9yN17wlDj9de7LsfaUlSStSQ0jAkSV0ANF7kTKLt0+mie0GJPp98yHCNAsDIpsxE26UYVdtctPtPuIuDUoQMYcPE76XlG9kHQxKD8KUktz97FHXXavgjBLubg99ubLWos7+lfgc7sbNMCnR34yDlyZQKmVCzj6X4VhFnlEw+wITGAHJpDMVZd0C3mbHLFI3R2tZHwDAjpJZwT5urTfdIYiqsj2QnJ+oTBh7q23fnWIg+zhP/w7b3oLBm/WCF7+jFY3V9IekRPkSFJOri0L0pIPYS7y5a12q2OTeTasN/F2fA9oDkjoDtIdvqtHy0QVs0571jZQCquwsaBFJ2UlLYyAwqARr3CtIP712Lbe2XdpbeyPafuzZdcvSPn4d0ycyua5pjnK5X77B83j6sJUN52Np9DBqirVRWADFgFNLcvnhrqBUUnzJfcokFByp554L0C0cSaas3FLqb5pi02UYQSVYMsw6s7JAB4UCgeLu9J9R1+ygauFvoM+VHWhkig2o2oTO8xsPfgkkKRgr43AYBWCC2LsInOA/NYmHrwzBkQIzXhc2RkufHRqeekshMXJgnvFXR3gzaR2G/lWB1RmUp41I8K3OWeRC+Cr0+xhLOYFXZVp3wAwgWXaQEgrOUI4vC3/abLth/NRzhm+o2/gWl5sg9vAWBeJOR4V7OWXtRxE6VHRZd/Ct7ZYLeFKAlQqqFnRaXQZti8+IpQ2ofd8qHK7Ol5K3EqXKraiZTv6X99UyudJefMd1UijpcHqRCBHOUizO+aliBtxLR09Me17eXfopHvFdZdtdAR4GFWtHr4YbjahzSv0dqX09P4FADoPmPHHiZbKbggLVy+XggcJF0poYv2zOBaWB67vI9RMSFq2P5lo2Zu7Y388HeashHrqmtYdrHsxa1WgLeuPXf2SuZF/1RDlXYT5ErKQ6yeQaSpDnGIamkD4LirRCDjDySvGInhXHfVVjS8amEFdqOZuy+ROZBynX5cueMjKPRPWGmFfbtcIq0j6OYh6IsmIezmLnfaBoqg6Eh5giYEUbnHkCatZ0Bvp/64Nmvbg3+7h4lm9Mo8w/ZEM9qpL3jghlC49vTBBB/2K93oByF/3mQo3hTXKRmR15Xrsc9oDxnhhm5PtclK9WXMlTj52l1PyJjHtTumOoh0sv6mbswBmZw/aXTEKqN4POFmya+xxN++c3r2UHX0laP9OugZZVbB2A4IZxK36GzcLsXaZoJnkHvV6atH0/7wYT+SNO24Ms7l1gmsqsdC5Jc18y3kyqVAq8JaW0kyzVC0CaGVbx8vSNCcRuPx0vyGldL1/GhJmi0ZroXhTeTGYbgUgLwrqjus66UjZ++pzx75xVrElkM4Tf5I9y6nxN/4UKtXR8nBoQIBRbO42G+Ol03EdrLaumx+N6CrIq/pSGgRWzox+VnmcpTWTZyVYia3F4nmZ5u8ILNgpbsDmrAEZ5BB6lQGcPJ5arrXWn9xMGqw4ECZ8K7yV1X9drFiswP1AMCrwAPyRvnkXsLI1IbpaBsvX8KUDIhhpNr66991gvW8y+vaPt9rAa9IzyXKtaP7C/zOHG48HAhqDGUEH1JXbfmp/JBBu7hAOSGDdx9uOS6JfxSQMVOr3WWDdv5gemWTOf4yqUVD9zjnHOwkt1kAT4zjvOinUad0UAcpM4mYl06Ndyq8q/i2geNyiQ0rM93Tf7HAalyw6UcbCbmJb6dSxLqTdcmhZpW46XPbiIIJg/2VPhJqwypHwqHascS7Q2lqIhOxroVvpybY7F8QhAPNn4DYC2+l+kWZR6wZLaU3Y+BntzoR4fT6aSXMwoM9ffIMOr2/tepNR7LxZGaugtBJDdGwlExuPFzU5sTlqGhjmok/Urvymj1UkrOdgmH1hUJxkAh0HBNZXLbYpOcFRXEIV/7Q0TzYxYJXJmmtd1oxWT7WfsE5hpNuDoWtUg62n539zOWxqazwsLvST3i40cfpVxoP2+6cPuIKakfivcMS6CNOsnChXtFdwqIj91ZFMHYQaROw9INNUPuKr3ucqBX2QG6SJm5DK5KQw3ZbHimkb6BPc2JCMTc5VSXFotKgZBb598V6dm88GReurFZtf/Rd+b9scAdx5eB1Vje9pmrc7pWYO4HvaTK4DI6ytRqgXlehFCnm8mtl4ct1OJ4IGLTqnmDsq0VquE051/t5b9ovvgwvbq4MxtmFxSoELGRq+T0cGEkEIwQOoSDbmObakdLL6VdUgxIg7hq8XTB8LUwYC7DExMEEZNGrUk/I7WlPdAy6JLXYgKWRjXQXWM7GuqWt3R3hycGVn94X3l3V8YTgwfRHz2aQ5vg2uS2x5vpbrG5OsQL6+0UweVJaalO3tc0fewNWwkf3M+Sg7qRPflkQzjUL1SpB59Ur/H7qc71GYFc3zzds2APB6NvTp4KjcjqvUOk55XiZL0G0f3hV1b+5isOvN1DLFFy43uqbfXxxcZcYkHpne0mee567ayiETJ7YB1MPukr6FK2a0/qMH6d9WFhmyx2AYjVCOWZ7wdiQUbCOp/aIbtQLyQ/JEk9Ha1ufDUJDO73FvDNq58nTZahzJSVC5RPaIc7j7qburIZ1JTeI4GZa3sIsgQmRYegxPi4QkL9rmuECgAV7Lo4IqB6iV97Ub+g/v3iSaloph/Z5IfB18ZMW2Csto2yc/Fv32XQ4+/zyKhzR1j5ypwx2lxgGM+IIJMWeozAnSs17NBEhex97Izz1IPwOG3L/AQzkpWvBSZmUGR0j/iF6wbe8s9wik6yTLGcXXBaj/WwS5Gv5K7GlgbanqbK+/MpqrnquipqiR8o1l/DcG7+EE9qY8x8f4t2TqgY65JaKHMcr/LsHBlW0K/hFD1sDUPmd2KoKOYxohXW4xE/xT3jc6KhOgg71pqrpLN7ZPZweSl2WJMVP6Bfy//f/3/HzXsbPrtbPrARCsIeka77s+XbUTQJgFDvApIkCgZhJ8kL/LvC0knRtTz8LbKvCfbWNuNfQcczRVNKh7g/WAmOGXQVrc+m02+x2Fe13VDFxHvlY7cKUezBvdSZR2j5PtdGbb2RZ0ZEVTHpzLnWEt3LqRuRwrS0U2I2hlZPdpYkcSY6M+juz4xRETbH+k+TUq92SzcXU38Vf5Igsqv52rghyYQ0eNrx8lZlCOnjMM5hnnM1hLrqK/omAGjs7B3F5I4FsUJCNV9/2sz25UmSPqWhgEgvmjAgZtGKEW+IXGACLaqe5Zn2khutY8HU1ak2/0NSNOZttit+b96fQOrEKU60upGz6dKV1Bo8tI8vVans8cmEY9zgsnhQD2Q2RvWGbhi3VsE7j70dNj85l4YYPC4ZZ90S9A8oKdWcUhGZh8G79kf536lhpTR0R2xmspVgQysa08DSPRS06sz/xUWkyxCVCNwi4Fx9AgRIKjOerK31Q2QV0A1ulwhfJCcau+yTptN/kBUaM1vCwryz8tyIfMbxMv8wkrjMw4aHTp6fuyJWz7M8SiLn74KWjHH3qZhTzUjN+LG7e/NQAOeyy0Yzax/YDDRwRfK+gwGuKQw/T38BCh0O3ptGbrBJHR3cJxGeAzlsNMO7mD6m2PtCkcPfj/jKlWTi+wd4f+Rbg8GoSAAAECzbdv1s23btm3btm3btm3btnlD3CAPWaa3z+sq7zV8V/sd+d88xL/TlOROpkrVsWvU69s5iC6WKAOH3s/343zwZs1bbViDT9jnGgH14Gie1/Fku9SxbL/zWaP7+Hjz9qCmT1CRIAVYqwQiM0SQzrHnTsmTr84aR3p64LtpaW6Mg3JtEpck/hcrr4LAdDC5059KleKMB5gTwSnEr1ukSmq51pVfGVip4mQTXqY0bn7ZRewhuySuub8GSNVfL7LB5TKxJ6cCzq7VAZnvD4Kcv59YZy1fWTtd7nHEmFlfznMjB00Z0R2TFCwz2wCTXyRrHZ1bmLZgJIpbxJ92axbsACs6twni1Ek4/SqgoEO/OJ7v1RY465Ev3umrurTadqdza32D8a5+0zn1MLAubFQAynqiy7juuIdt1235JFaib9MdpiSNXOJc5TdgYdOM5I6QpS9LBbDLwUCY6KKuiqfWB+hPudWMBhpHmBmvNF+tbUMyB4xqeooeIy2y71PxOSbt6q7RCbinF8T82g2xnL6ZVjyayozYxnMiXgOmxrvyWKx1juQj6hJnMneFsIkXNt6hnocwI9YBx9Dxz3TQtukdK7p3WGzhKKFNkIPEh+Nw03+50U2c94KKVr/INcshKjQHdbyBfl3HDef+l7mLjaf02ITUag+3KNGrOxTucLo076qHAqPw2Yncjl7QDr2Poz64SOZ+b6UMofEMpqugrVG1g0nX1M0q9NapZQowwZ90+LeoFp14UFcfaNxSvHIaXHH2o6d7W1hZWVyZ8zfYwVCkyEI7ogShGNwSSUAw9qarx4Ja1dobpcMXS45b8aV6iIAPBS2PUUPtPKAvGRxp2QmKbpcNvO0994HADdAUtPBORzXjsR5qFOp3jHHnPqJBFdlrAWFMoXjW8gz3Hl7l619s+PAvglNbEs0x+ArGhr89w2z0nOcbwC2oxTxy+U6Pk95SJN5h2Yrr/Ge9JWOLzNmKbRt+kcaskDUwdit6kw4pAdZtlTUoXC4ydufZxPm9nnpHZJp7vdsQIfSbusrVM39QwaZjsS5I7AU6VQjKMkePLqvwy+38MsF8dlKteQCJFrSmVuyJ9OIW8LtKnqJsH5BPl4N9Ufq2AT/vJMpNEf7uRGPIRUPUpTbKK8xKJUBevQpIGfDGOsXKRixeXwYtHYwYaWVcYXX6bgHiXuN1WKadEt26bM02JcoqwUKnpdk/BXCuSZISHTM9jC6TMLJSX7L+8jZZ88PrF1idyweGbNwqD0LKroFlrO7fmvK58UECZYRyeALrYWchq5JCB9mC0BI/yENIy4i4XX+74Fl5iVfJSLSJq9jddB6nBR/GgzpmAzaNshZgrks5shsJefTCIKMPsxpnFPhT0jErD+XuuA12NdgjRdYRqc/wQakY80qEiWyZhWmlbSQpdfwkjCKKYITN8lyUb6edLk5Q2q+YePOJwvnqR0W2EoviINL6OuIhfiTY6YqV7OyeWLEssiK37kq5mf8qE0LvU4S2jbdq1EkNJjss2SN6lWsOZhp9zCTfWYlaFoNjFWapXqJl9KvkT7QXHaqOryAYhGxClTbYOqjTVcxz4Vnq0lmYQfRGV47MS/PTpXj7jgJQWPp5Y+IhqU24uuLPJD6Y1aAiBvAK9ChZSY75O9QA0XxBFxk0Eew/vtDBvzfWlY6e53Blj11i5ExYQLF4qyO7MLnpSLl8Vnkg3pudwQQfLG/daY6M42R9BaS4OcZme6O5tZqUTyn69ux7fAN8Xuq5jwufqzYq5yRh5qZzy70G/dFonEX8Y0hggUcgL8YebxrELimmzesvl5tS+vzjJ2bvUNZ3r6cU3Pwdjx0ZmfcyKkjvaPNy1QjiTpWc/pLDrFDEWWOWlYSsNeYfy9UO3YgBfbvNwewqwFbWr4bsVlZSMiAg0DIX8GXjr6Y3FxHnRs5amu0WhGmzEFk/Um4yoztCJbAhernJIMR9UCtZSJcbqCDDuHHxgcwb867eMjawCRu8WAjjKvw1UhGZ92752/yQyrZPrNJ4/3nHqNlaseqLQSVitDsb3NkKt8E0BOhI2YU0yIVWD/PB3DU5TdOaSAvef2AJB9hYFS12x6ptjVw4PnpOPHesSRrZOJxVcv18E3BnhFZEzWiRDBPtvILbgkGYx0v5pe/6xXwTY3er9nlXwXtoWHTR5IAX8JRuOiDf6iw7ttxdVcwfKW8TEsUQ8ZfGhwf/A9ixMlI/ps/B13pmsFbqp9YzM4jqsi+byRrR0Y2BRYDD5XjKRTVhSvBT6jZQapzcXBPaSCfRM1vLSV2npaLJ5b2CiHmoc+nV1LKfUz6KH1cQ26K3w+yuIPewJQNZMDqc65UR20QHLxTGaFeU6hNrzZbwDPpARexD2Oi/E1hpN16Fs5oPryE2O0kW+SaBj7r/NRBwprcRY4ghAWdb8pVsCmtnyGedgFbLPO83Ocb5MsJrH3qQE7rwKwakcMg4bb2FPYWzHhWdaDH7Blzrq8wsIb9wbOQc8SJ8yYOOZPj3fhzEi9FyCFiSEphbbwvNjyomdyi/5MgPD8j7CW0/fL4XYA0XBRBDXlaOFqMMfyjP5htGDHEJDsyDcTE7bnBIzZzkRi/4YPK5p7hXd491mcLmfCg2rIDk0MZJN76dfNfnciLMXhg51yc2kTbCMdtip9FWipfvOruBuxQ1YHQ6TVYhJb0hAJDrvJ0Ds0xKkv+blf9NmNg6iGhPcNRbd/1L5TZO0X+L4YTYAWIhvdSbDDpU1uIx7i8pYh0FujU0Bmn82O2+1hS281MTvYAyt93yg/je0ZrkMCmJHFRx6c7tj5FEScq0BFEhR8htn3l56yDJ+wKQLr08s2LTnnYolT9i1m3a5Aj8BH/xEjXCqexalj3h1w7VdL6Ep7mAr33sbGFD/HDrWcVBERylYifOex4qVMieTYsQcSv10+kNH8hObGQRAgzejymB2E0aaQJYusp1T8g8auXN7zIL51ZMz9v5rtRK5jH8tu8Ot3MDFT7qyjtrEiYJgjrL5th9qEpTcjkl83ou6Mh7mmqfQHpmF1iaZBVLNO441DvjzP9FISh06Y7daB8RwqEKy6QrEZ5xRIYHbxReWcitj8WU9+/KCnzYRDcW8rBKvVhCWcFJSG1IUgORvJccid6YNjI8q5Vfp/IcJTA6Kv0ySUdF6iTbYIHVWzijlCSJW5YiSebkKJ+Z3uKgrB4JLys26x+kvhOYCZBbWeaZ+b+RJ0WrYERm2uZAt+J018kyg2tz1Ex85KEXu5lKYHizN0ZzspUNkn/YIavl+wq2dyFBEvCMI6iHldOeaSmMF8+JAxZjGtTQLV+aejrS+un+6rb56RHNnpUc/sKKrWUlp2a8/PStnT+DEI92fs4J07sHDoHW6SOQ+7cQakf4RhCDX/0L+VZLBAF5nGWbVm0gyOFGwiFTXO3wZa9CSYKc++gEiWvTObhTDmLotGwg3GuAlj3phPiQrFb/Ik9KcixiBdLpEVRuO/SMP1Uvb5a34Mlad9FfjmzaK5cANTrOMzqjzuDI4z9lqaY26+HWcaKpuB3x1ksljXDMV9LwPZEJwfyL/iyRatDFsYzuDGVgjpEQTX2NKt8AsutmC3GBjmdbcXZ/zJ4C3bTszjbA+8+ixj4OjEkcp1KanziO4wLiWq2F7spsX7BhNWh6T46X+PQTTqWpC70sy8qvBrdytiUYKPZ2C0XjYWN1jXGnBqnzIqbNOwRowt+pwYtuIiHryGrFacLEbae0QXtZp42nKXD3a4rmt3DFFWff5yXVznTMIxmMQtH+DbWXXg9wUCgMxttVaRzbbBrAyXdDo/QTgJXvP6Cavp3XVGPRQ05I8sz1sbalVPnYRZ9HaICDgQfeiQR0UNjodwuwLqYGgYSR6Ha/nzGmWptyqt0khOtrmyZGF2XaEpnR4HZGtTJhC5Q9c5cRuZbWLR1CGqNVjJwdEXBdYlBq8zSjNfvjrDEp5zQ9EijLioGpD5czAh6AS8O90tkQZiLB0TAuzlHKufIutwa8qOUnDuSXnQD/4QbAdEee6gLHskC1hwyLcaMp++6o4loOM8eGqmA7kXwiGbyxZ/UAHCDjoTolgnGFp8c8zTnTXKS7CKiBE33hKKYIBe3qYJKXmfaGZs0dq/HBlxVSZ6PG0DKf74L8zLTWwcYgMMRVIb5Ja5OCbbw+R3yTQplJqLytMMgkTwU+wz09LLFUt36UlCEPLnpjIWViOhou/dFltmq9EGfEGOMknlnuMaMtd7nvutg3XFwgBRWdf/eakKwJG+2eBp7LKjr2p3BbYVWVLZ0DAM1cZ7FeZPpZ/5klV4A7t53dGJyyMqTlGm2+CB0Z8Z+fpfF5Ba/Kpe7F6QiAOgqrqg8dKY6dNUHCrIdCOP0r1WrAdIBmNxkrNSUd1iDqSF2FcZDq8UpA66P7TaTEscnerme5kQOS5jW7SQRi9rh5yeBBapYOnx3Lk2mKF8XBB3QEC9CpvftoKBwGpHxNt0dpSMMyvslaeSeiowqHpHuSFiUkSEkNP/5YfJYO/QXPIOJg1N+nvysNijEeqOWALZ8o0EIY5j5gUmAedc4sKoP7Avv6i2jTZhVoCgs230z3YmrL2o8p+VGbPUy/C30l4epw2aQTNDh/U8JN7Cx0cZCCrrBecI4PJ0LAjys9pPGnVBxZL4/6LHLJRt3TkGkU7uh5q1uLYxUTCovoawRSJmw8M1nb63O0N9AlsTSnBq00Smf5Cb3k4GJ4pBAKrmR2wTqqFtljbfiZ+ha6E0/jSqbH6EMSa4JonPL4UF1XX9+TcBtJgz/ZXBxWMbl2xXcxl+PexjZm6+IEFNZ8UMBmSVUHcWvnCot3+bwBv8CaLyJ0Te00JdDnI3TIMlLS0UlwJYfUzZ0qDEodVEMs6Yr1mZziPMQG65swqKgPBXmpsBEr+hWDqFzjT8+Uh8EwG9HfcR50Hd7j/Trq0JmULbEWMZr2PCS9uozffzlE+lwymN2jWoA5DDCYoEQFYeRHclnjCCAEsTqEgHFi/uScC0sSSDmJYodo4IQO9ojINSskpGUubiIb155n/Vh1s9nKqKQw3tlK5OP4qVb41t4OWeAIq8nEqkhB/Ih/qKVHB5bRUcWwnWS1GLptcCxSNs4D66kkWDAgm8qOk7VnBY1ku6UXYWGB6diawxKTNzx0LoZBwpNA3A++KI3HBI+60vTv4qEPHM7359DsIShxNhn5l4nd1D8co9Z7X2JZiBP0HiF9RdIsTtABnVHNKUoL9KqrsJdZKeoNqMXuLyVj/WpALkZ6OIX5oaTxr4zUZJ1fFzKxVDAjc012pRlfh0R4ygpeYBvUJwR5djfY7sdR4vDOJqJ5bUu/Xw/B1sZQRAZ/bXg3g/tXacY1cElopoORMaopAR6PDP7mPmJC5m/GcFyk4UXMrQRO25xpZz4emjlbzNXLqlGUpBBwPma9MjFl8+nzHNjBBNqlVPmxDiivn5Bf9fgCd8laNtUPMbWN52DGY7xFbI7/KHxLOfSNmja9xJUtzoOhlrLwO5omCmxEsjI3qAa0bqFRpgyabtynU0lvi+eRgdJIbc2O8PbONdN+/q6OjlCw0NVq461ArAcLJqcuqKszRmNwiKdX9Y1mzWlYKq/Ah5XQeWksYngfIvxHCl72koNyru4yN8+ZIx5vtf5XeJn+FWFxvNeq9p6vnNi8H084LWrNFu0zUVOKIPiPMNBeRYtr9/HxYK3AfG9RDTlH2FuMHG3K/4rbNhLX00MpF+h7n9JcoGT1AaUPSWq5hU6Pv0bz+O/q9rqcgp/1ey4kfAitAgxKbwQ1UH9K4UxO7NeqoJPb2bYsiObBBf/q2EbqfsxAqFLdaotqsT+jmKUolo5UQhvvxwpEVX9BBGnJ8k7nEm+/vutZ98A8dc7U2clnnsiJS0r02dXQ+C8ts0pCCnAedzau2a2bwrGvUp2fDLVKkBcdHVclhP5uYlkn8uOGHgD/yQsbLSETWZOBwpeTh533aTLZOZYJSnFAVN1muMMwVqYwnrtQfEPScf+jh1S4g0CjER955YZzqLfZ8F/xcRoLTzz9Xtgfey5RU/fwOyAAxMUlLxKvB5goG8dChyw9h6mOmbSAh/uBl4yoC3id9nGYU2xgnZBOckXDBh/rHgVF5fSlao8+CIvIqIqrpBltdleU+5nScurLPA0n5BicEbUFI+07FhyqWXmq2Zj5VdvLt8assEzBecc9e+C92qYs52djkVgZEsidk6MxPwC9kZFd2YGZu+XFz8zxu+w5IJKoy4ZcuUwkKUoVv3MLC1zNqJJ+cnHHXwbCp87dcRU72HgQ3uyzsjY1u5N783uA09LDtE/HvLGbjD6HHNR1neYrzPxJm7DfevkUZpJAmTZSvyKsI9l3lNaK2paeRfrvJKhQGc0pPjB8k1516EhDPFNCRt+GW0fhfrmoouebbZGP7WDPGzGsgkQYQ+YwZguwypX7T+TIhFrmz4t22D9sn1oncYpjJyxXWMm/Th/oTnzwqKX1RtFHKYDC85WRhSMGlxnBMzUZPw3654Pb5uIQJcu2iI3vtjH/l/YnDmPZr5uVQTVLSbrRD/ioE7w6x2mjgS95HA8dewtfBFYpkM+u5Ja7uic5ZFU8Si8nsWZVZlXnyJFN6TN6dBtQYpL0pi3oqPdgVOI7ype+zyYsRZs+5warz6GiSg58ZxBTl6lyd4gBh5B+bigR7j/JAPBuApwpVkv6DMLbHW8g4IggSX8MjIkkR0GcWuXLo9/k0C9o7L76VO0tje9NuJLXbdiF9g/5xmiIZWH5UVEhtfza6Y4MU6QlLyq/ymJUF4Q6SVkxtorvnkyk1FVi3ebEWpHNuKGpsgU1AJWSEaNUGa2h7QAuEu5nFxZSvrE8E7zWLJnOaPITHfdVr/NnfDA8T4+wr4iOsxTj1gxzS3IB3iwWVroH/1tMx/F+hAHQPYv4N79taenpuhM0xIB7hGmoYxBYaC1XRVAxey3USjU1n5Qy76MCcgtXQAL3Em3RNcLUAvHFn1d5rXmNY+KRFUrdz2nqwNoRfJ0MrelFxo06T0Uy3d55hc2c36heCiJLC8WOOZMHfim0Bepj7dXiM4SzX7XX1JJ5Bta3O9VqVwH540zfnHwfhWKaSaezKCgSDc+IS3PPouq9mbmuSJPMtCTHzHmQDQb47pWqlmLh9pearkFz29UItQmcA2uVrFpZBPxpgxmRJoEBOqrVbyHBZPA/5n+LNQjllQCfikizvpTi/mgBJrZr9FzR6VRGnSZGozGrGJwnJevyugI8jijmpI8uEyIafcayzMt81OPLOKBxuWImiu4WWr2Bwjx16q6K6MyiSR+HRRFzDFHhbbnRizHj6kcPpagKoh11eKxpK17OLKMSr0N9Ic6TGBN3SfYgxtDkg6Gw9fL2uCKFPGXYCsfHki4n/q07jMu5QYFwu8wkZd325+R5Vi/LJF1+6tdd9sqrZDtUpRxqnTSAY39kXmREXV1AAFOyZXac2xrI99VdrU+BIcwTdboNl0imaH7UAcEBpVlhoCbEacxoBrjAEWzhTPlQvV421kuExYcn4LFHP5WziNQPKLqkDRMu/656scIrTylJn5/lez1VsKHEbGSbpHlMquP9SD1+HM4O/yWqrBaFeosONS5vYb1yIWuUMYKxvFl4iAJ2geRgT2eGR6o3rMh7fO4MRM196uEsCZOvYe36ejTWF3hVmM4rkQB+ZNj2BggNJIQuSk75Cp5tnxKBw3Rhy50mD5L8PiJCk1MUPbQC52MxU2IxxV6lRt2yThkMhIktBlqmJearN2KCg7NdwuaUSoQF8UQ6rFX+uSBgkinYdMS6GLTbuagCjbBW/Dx4wFPo7P3NW/eAAmB502Hz2SnFSPslrw4zIbBDoYFeoKz+krhmQov5WKOWuCDYUfk3eEh06Ibr5IrI0bPU1b6JfbGVdz8DNxs+rkvrgwdBC2jomv/N5kP9JkOEw66uyC5spfQ/XJs4fVYtnXnC72QgDXAja7jZuNkhrtas2424lvM/d0Jea7sJQ9QcQSU3snakpPWi9Agi0rcGs6eU67Ei383lz6YFVNiGYfOXmzcB33PfTT+kaAWiL9/XvX6qf4PWvQ4WqaFD80fFOVw+uexQFEt5ZdoQqY+Dy3KxNf0gfZrcVIUBbbyN0JlAZiM69Sk5TMAXL6PvS7xaGcNZwGic4U/+ZHyIi/OqF1Mytf8Kq4qgFJNyKQtBAUYyWkG7Ym2YQpzw4Zr6jG9O5u/qdIVsxgeKh/GGxJ1phMFfO3uxeAZC2swtrh41cJSjPdRaZ7l4hrrPN/LzLoIBSbK6IZjRo/478XXDDa4qO0UuthZ6xio1fZ9y6Dys8rXYGFc1WZ3gQeEgiUZgbzqasG8cM554ronaRp3LUI3399OBlAxOC8shj8G4XZ29VCFnp7hmqBoVvSk04G0udDlKbQIGb0jdEcdyhP1Sdvi6hr2CH1ET8cBT+w7yRC5mFp1/3DnVTZrFkfr+fMt9CaRN7YuSo/t3sH2sk2s6eTfVordh7W+WjA07SNruoh07LTOWK97DMBp7Jh9oG2zcp6qzz/TEbmO1iWpT0STXR9B9pS7o3DHXYNKkfHbArHHqWQt8hatuFDK9LrZuz1YrpOROO0zw1352LpGuL1EhU1kIDXXOIUQ9a2nsAFyGJL0tpsmVtTPTNnbZw2Xek1TLEDEdiIlF96FbhPlRnwK9BUh8SbzOpjxFmwfZHnz3vFAG0Y1BNqrxW8L1QqPQnLd/iB3glHr8BDwcUKGealRfoXsCrBn7aDGYtyz7g8chncjOXoOffJkHNz1AXvv3k0sX8MkSNxM1JcxNpbVxe/lbfAuTqQ2MRP/zW/Ol4SvA+SboEptJa2aTb4iHTHVpPBo5b1P41Eqar1JqILLTONF9FSmXuP6afQYGVa2PO0LndOrcYghXoGEgbV7rDyIZ/0TlLZVI9MngzfSpVJ8UHQuX5CEA3ZK38hgCjCJ5ZiQ7AzeytFEpDFysa5sj2x4BQeETtaeUrks+8/RlLNiYjYUOTGK8U+ODY/Abc66eyTnBYPK1Eyd9cFiCA9f3ciTdMFq7ExZyjLp9Ru+AicLVm8nrN8r4cf5nghjY6Husw39FmxV6y38yLMCsRkBqN4dK7dfPiRFe0KhuLYZzs6MLpjOb+pMpqn5Xu7zPfMrdc3XVNESPckOx80nlcA53mswVMP2dBIFQpqVI6dMI3WPrPgnbkTe/wweNyJ9KHAs9SkoovGQZ2lbpx1JkQzslW4lq2b+53PUYga1ncr1nJkCkPuPrEX41ErkjKp3Q3w3HJv0tHgdI/BbmJd9ir4d3KC+VC4vWOqei7WeomZ3IO0jC13o69b3KOKGQI/gluddqs2RxD8OIqJ800kRH1u+jxRb/OujuFDtfFEDTQSLjNfDSqgi1Vb9HtKAj0ODI7/BD6QPQHd0FCE6R+QCkIzC3RUhrgTIs7z95uHf9027R95uAzf7cYbgr7Xl7OYa30WmlENHaXzzABEPq7tSDpCZ4AoFqCCSWk9N+Ut88FMnTWmb1plRcfGoTpzOFWKcOPA+f7hBwm+c/gTclKEDUmvBift5Q8APEHs4yhaHC9Zu5ajOoT2Sxc0NDZ9n+0PB0gNKCKEqi9Orf92WoKCROdlUQ9lGV43BFnZRL0s7ZAX8DEYFAWyQIiQQIpnwKHcwNEq0RvOcDiHycZEkH3ayzaOfFHkjdRqgfJM4fJxs8Qw3oIlxtq+Ez99DBqquiu5tAX5fxkdoICEaUPWSNVxIFpt3CXsepQ3ONKOILXDMkJRpMw8SEh0dr9p4KwlOir/WtKOIQ4Bd5zeadlByXO+5x81ILl4q0kvnzqMTADk6d2M+guiOFJE3JniOJV9BsXCJzrlvb8GFGSWB/6kfL2SqY+YIQIkBSfrEmk3aRtK4RnxFMPpSJFfEPyVxcYgBrxnJ6TYGm/DVIOffMYi1Voc+cLsm4AE8qruCSr2gNmSCWSI7MW7aYRW/brzalapZ38o9k42J8VIYXPhjBQd7wsFPOvKOb8ihNTLU/XYzJEvqEHBqz2RYLYZTP8myCx4Q89VsdXfD3gghbNbMhovpKbQLDUxEIMVqmV40D7MDYCpjUHQdZEdT5BhUOqN0rDRkDum8c4JNazHaP7P6NA75VH5EaDX9FB9OZ8YdChLR0jUYd8XPffC5SI3tt0dN5afqc68MiR5UwrzDMzjqq7kPrMfPuGGp5bRqxDV3VjdJ1TqLK8qOmfjQ9yXMjUw7wgoE0NrZFJdvGwtEx0l4aHdpNk0xLhHy5eHlNsOvH4fMLj4lVmm93/1y3GS07RYq/Kdn6oEuX5Ykna34JXYYJ/GQ+8YfZcAoMbeZE+FCVQGLknR/qyTwsJchouT4LDksZCM/eq9Zq1f3ZEOKYIqaooojcInv2vjMG3eDEX3PXJoERwDv6p0+D5uiJPIgP1l7kcbpKXTOa8bkQlbAMGKCtlfa0nwocJvF0Vn9++YH2a8dGBsUhpZCJW85MFCP92kBOL+wtV3MXYm8uJMuh/bB5jJS0Pz59AHLqXq7iodIGZxUYt3tqIS/y77M7OSNyx3uiEk6lwei6vW/KcySN5jyhAafIL3gfqsRwYrbRiIemZI0SlObcS1nGUkoKviFKK8iBG6XsGrD097wVRgUvRzZkySHtpMQ/vLARUboueRtdnyAjWi945k+Rf15Q1tkjWwv5BktjEs/PESWK5cbdn11Zf1NoGvXlp11ps0ad/t8r+w3h0ifOlUoi6ZHKfEXx0f4JDYH/slFn9N9VwWFx9ZJeLQPgH5kY65ON1f1qiuL6B3CXEnFvJORwJRhjgCGoz73b7NsLniojKImjIAAGrY4r47Nfs1TcQTA53fO2cgz86buAXHYPXDCMttOjWZt4qnWN5QLIVt1h2yXbG8qWKeMg/Y/yIcUNSbemvRSeryiBziWHwRmhK4WaiZFE6xKFhxzIo6rr31HA78lcsZe7gOl4EQeZPezLBhRb0M+t+szGFdu/z6B2gggbp+BLw/kDsMfarMnq2SJiYSDWsWQKHS7/SXMWayHVNys7BrX3SadspFKjwXSasYajQd9uxcHtlRJNGN/tSMYjrFv76fBYMYee4Emz8EUirtpwqnqqGCW6GYUKK3q3CWryqmUsufx5jEE/qMmvsZPMmOFwBvknpfXTEnKSw37arcU/V4PTsZWJv+DOEvOqoJGy+OSj+3Dl1VL2qKSIZ7zJ2DBlmrB5sU4QrLkMHH/YQIz7OY+oQKIhIDuoV7Mm9kWeJ69wiwTBXf8dLeps+Bl7kU9eKBZ6spSTeC+ckVVTVW92uhF3Zu2YZoU7jOwB7qvdGAdAzGHQoFYU3vHyMAjlwns1ExOovO5bZarVTyzZVYELooZiXgNXlFLs7eR8eswPz3P556rMTS0XFYHOHG1Ot6VSX+F7se5RVrKq17DlozUrzTg5WLQoB/vmkvaE3DCpBGC+50UtwJOOANVJ1VTus0XYgVSXTmdoGzPvw1B7dXciqb1gxvQ6ogJZqu80IMhfZ9pRqtcI5ZveEMCyCKki8l2bv9Z+RbHKGA+ufOzKte9/FJbRxCi4XZUfGTr0i99bB7UiNKV7gLjbjphyBKhDwmCbo5z0VtHvTdxyQROXtRrEuOkto0UvqC/5QHdbsXNLoWP6aAwbePWqyWLx4AqSUZZMNSZOQ43u/piBLcIBc1ZhzqQRPPna11X1tAUsq1XIyVzlPQBrqW4mARCQxRTleA3msAmtijewPlqnd3DG5TMTK+yg8UFVIEpqmBFKSoFMHCFlT5wNqI8JTt5U6F2Q8jPEQHMP+DZfI8icl4xwWuzTZYod1cpWsfiuFcJfj0Rx2AJ0eytElQMlAYc9kq9yKlJg6UBR3INHyF5tKA2rV1ql0vj5nXy6zCnt1fexEph/KQHHdNuQe2yssDsP4bj/inrPqPEUPpA6tTBKpYuh9nLreDOnDKTkn/jEPwA7QSuNdIFt1tNNrvWriLge74RM6j6ltATq3DU23VrjJEDmq4xPVhEzU3vQT/UOpMo+7WALKZ6sdw1Czh8JX7KbM/dgd23S/8Y8o90zb+sZ5T3DgKXzMDyM3P+J+nA+NUMFRLasz1RjR7VaYH6w6VcaFKQTq4rf50COLlT/+2V11k6bpFssTI5cFxAG/CFdRK7OzVID/qIvO1UNjYbxcHlwhB5xd+CMJp7lsygNEFqvWR89REIF6nsAoidRHwTkjmVQH/ixpxOzV4UUQPOegZfyhKGMI22B8suqIvODCAXzFbyNQ4KpQxZ9WD35AhG1BNWmvyks9Ey8lkIxWGcCo1G1Cg7+R2r3uzMLmxmTDkPy2pKbKfyGWVjtuW3HLs1fEj1FStEfIiaeQ+IZLnu7dcSBPrCsjUZ9nWkGC9GIuTDHgJz8x/R+pBnIvFXUoAP9AIYXeQavK6+xt6jwE2fTFx6gC9Djxu9uJ1WRBn6TudzebKQp52isGnJEAFa28rDpA4W/erHBAZF0/RzCXXEpbMx9G0hnwybaKJb6c5F4VCXNu3x0B+spPgJZZmvjYGPRt0boI9F/jFvieSZlp3EDp8qXSoSPYeMrABQIVewCqp6N3EyCarxjrpwnf9/jtcU6oNVln1xoxbqgwZrT8gA8bSIaEz6kUbCYYJICRPOadOYacbCEWJYzAmbV8suu0wOWq6Om0e0T8CfJwHFeSdBeu1LSmt9GyRZPXVZmlfF1u5aHGg420selqLFLE42+GaeeVSxI2AFrSsPxq4FRJCttRTK5BG4vVfPcT7i9ViZlGPSFSqGs7h8TCkUXScXzfZ1TxJ9LWTHnKtbyXGKn5I7qtwMovZGvTHU0fE8NauaEXKafOEH1I5OTIZBo0w3++8CxOfYp3aR7kNc+14SNIhtinlBR9AmBBCMrMVsnR77OaTHhXmCqYOP9TTIqRXQlbluTlNkSZRhGmGqrzuVtTiJ6LTqTUBRt0gKM3Mh3XVZrHlEh0rniCLMIXYzgjQ5DC6F+8xTM7ucnKJzNqhdznhDgBcCSFVaGtJdzKrQ+pRxX8+C41FJfEBECsLsOxIIEVdoGLxuOvFvkQ+ExzDpnLaDXivS9zqEMqXHbSOACMxPcp55Fddhca+rOZuglVd4gdyV23jpAcMULvSd0MyIrU/v11lECAogcTK1jAqObw0H84jYxf8hfZl79ftS3iWoeO9gZOogzecN3g7eUjgXBwW+SGnaZK8FpCVSF0h0nLvJnA5kC4pTOXGDKVKg3bRh+m/SttwH1lll6lX4dRFkjvjgS6NQ1TtII+KbBrEO30eBiT3csAoSKsOdTB0Zgtc9JWygcNj7f43869aIxwVU4HIqqzV8AO8kkn+yf8L5LVfGIM6VZ1jT6euvc1V3T3XSSIYRyUXCsXkvmRAckhrCo9+WgXIoVxnuDfgu62vToF3kOayHPnXecvRkhE7YqAsbEWW6CbXCecDdsEK2j8Dap663cgYHT09hyVmJu9emQP5BuLnYQsSZeIdtOSYqGArJ+z+IXIUw6f9KJ46CLOI7BDOH/+YVHzrvQBgDg8PR64SOrWk/knb9pMpLYnoBhF+WCD8DKBH+Pr0fAKHPdemL1qWa0rNLFcNEQdS2wsgt8Fa+YfZ+/y6rD29cDZ0sNArNSvNmDuc0YdYz9zvqDOFO0IYwblxai9oNHW6f+4HGkM8fYvlagABgTdwCgTpFjQ+GDjHFde0qeNbaP2FSMZl39fvnhDiVd9PEBNoImy6RJ3eQXUSu48jzMsyb9M6kfKX+qpPg+yoDV2pVV23X7gISQGAO+KljyKDUN+0/u68/CrgqFB3Tiz9ySHRkeljukY6gr6F+TWop3r/lzeb7aodPMfM29tuPNmbWdQqwBrZsIXlSURne+YWVQNdejHavzXImYaDSZNaimwwnA90nxRGx1Gi25WYnh8Zb3/Pf9Gfu4hfia2ox9TJA3BUUNCOxfbeAfom9yP7l+dhanefpBmC9/yx3k2jooTyDVGpcNxFRIV0Bqop97KFggPh5n+Si91h3ZYB90uOXnvKr9hv525IJViMF9oU7eVRmEywL6fMjZU7Mw5Nqk9IjOKJuKCap9DQcFDMY/OhnYi+3vP+TCwfkFvUJIZe2NAaDOmHK6RA5zB/KSOO4teiYL9uOAYxpPan15vC6v26CSdYD0H37MFhLokSFQnccE/w3pRlY+lbM/XKMXg5pkbLNN6rmEcaay31Nu/pkgb/zmfFG/+bYg1q8yskj0a/c+iMWjyR+o1sGoUD3kIdNEnmUNyUloMYebpmHRMH1HtRS03/q1aFlyIW97Xi4xiraY/TACPvoGx3xas1yJVR/EhtUJwMtDXZlC4CEtu9Cw1eYq9ssmqEIvbjhWSBsd/7r3A4rIDLPlw2w84HMErspt9uZiyI6kMkww/K2e0L2KmCipJkI2b76lpatK/Dml5w9EmwphzI8xcARu1oEFsoD5TQT7sxRyj6V7BJHd1TKYWCtG+c5UJEamnnYyrC0XKBZdMettTooohwKx1ADOYXzOAxk4TKgcrL67AUpVn2tA9CMYTawgcyoPPq/JWRA0kAEfh0dCL5lpFuLMJyDcTHPETXyQM8nfZAxWjezcG7avlDFb7MKfbtZfD8yDwybhNGCKVuNKs/FhLYiKfM42FBM7geUSKU2GilhiYJKWeN4FQULHRI3uOwFhkXy/hNY54lqcDbmLsNBuB9EgfekdNvHvUKwYDgOoTLYTBJHg3AnMzZogb37mHX0jAm/ZIlgn5IRJSDABkBsfO5Yf5hr2guaoaYJHdFVTCI5m9CD3zUq+oaf4tOwq2R/Td7u/MekjzS41iw3Pr8jROQkRPersZETBsyjqDdxXnfxSHOkVmSZZh7dJ2cOyzx+10Hb5NBxVGHdYrLIe+jOclDl2mE2ML39AW9QQOrrSpgHLJHee1ctqBkq96HnP4Ilq1ikOdiwsmru+qH0YpujlBBkSIi5w6cAfuCecp2s+4vXI/CnRuK59IJXxC/1ox2AwdVm7RZOidpsq/tqSlSs/Z/UxxdciRUoScdmTjAz6Fk2Zu0OD0lwrTIhvmgjpe2h2E/WJ3oiNLXCExXc5DdfdY1Ys7Y1qD7F+HWc1RX0WYQviDlIBVTa4SpqLEdGfgNwX5vAohOVHm8k6hU62FDm1S+U/7KiVDEkbjT4hhKIMQhOa58His0wDlZPFU0aBVg1bafPsSjl7uJQQIWgXIglXed7L82+z+EwYD2VsvpfZAgiLyJGLfxrc7qTXlktAjxAgzthQmCqQEqzeQSP997NDCmR3viWfiYZ49IpsSU3XAYQoBrMWSH5uujgSB7coKG9Rk9kypvKvPsjsoBFfKDWgZ5iCQYBIZOqxJnw3K/e3OvrpSFUStMrYoRQR3pkzHwWFtvPe9W7fgmhQXFvtO1eTokDLaeECjShg2poNsOPkBqw8pdF5u4gWKTasQ7kukWKVqoXWkMLiatMplKkQdaTvcNrkYJBYE4FV7dSrjKw0IhVNxJhCzXDzjzZzav0ZqDD+STygyX4wO5qf7QEEqZBDzosUCxx6rXkDimOHyxWtddbYfKmc34eG54UwKV5fpxQSMMe9HiiGbujyKacTI94CCXonPh35h8Irr9v8qZ0KRUXaOaLjVLMFavD7FzXXvIYLtsgM8ni0DxtZ0RqE/OWADDhH71CoKlLZbXD99KLM9us6PAjr/czSoDLalpPtyFvM+TMoDcc5XAlxkrkKaApf20CC9vu5XYVzrDU/X6TCNKUDNHju1FJGerI/FFjkuhNuSDyC2n8qIwuWSGiW+66hEoMvUVwbj+Blyr6D2rDkYNWF7iGE+USxRaUpV6/UrRDte+Rs1TomiqW+C3uTq5Z1gp3T3b9X0gJMLDiLV3urRjeqD3LFEspRIo+qhry1slnBpe0e5OpeIbbkRh6pDWyqrdT2N0vqzfOcyO5U4HTUnMGpYrYabFlXWcIzvbaHhcdljfms6vKXujxMXrGOsaHAeUh1eO8Ptkrrz6v/sGXX2vyFHUtk/OzGyvs1yWlcLgyUhEEd77qZCLxtnTYaLxguGIA4tf96UzsWMr45BOrKCNEKyJz4ZkCmO7Q0Ctw9qzaKZhMAIXNzRWOcNiSsDmphlai1j2tncoyH5VCM3yaM+ORn599y7rp0onzlOYUkMDj8qgzX0yn86aBdueygXUEKA3qHBhM5bmBmx7hY8ZJX29WGzkHIaAHhJLWj/Q0Yx1Cse81LxDGHprSZMElVVgBBUU+0S5qLq6Fe3dUw/9xQONsJxyr59+KOY/T0Zm24BCtYukpIJCgZs5A+TqZMCcofcgD6B2ktKC0tE+mnuVVHvwFb1bSfluXTQi6LUEvYhelYSSsZAj9F01ZGy0CEGlyRFZOaPm0w/fTe7oafb0zrocxCcq0qWmP2mmqM5z2bmYGrfH1ir6ncW33N3bLVLy3Ly4eAG0foPdBsY5n8wrFqXliOJH2weUPJSRlgohSseGFU02FoY4G4svltKbDzTL4kThLRw8ri/EAph5oRsVRydPBLXXyrVlb3njj8PuEsKnJSqfvsc46jYtNm5YMjK6gfYwrsJe5cpn4P7x5y4qvu8nWbG4njDZKHVHlB9qrn/LMmYh/GRqHkX3WVQhm7jbAQFwVU2j3BngbFlPf+TqlTilaQNp2ZakeKHjkxNNvWVJqe3uCU1qVaPoZ0jQ6rcAAa5Y81mU/1BONc8N6LWtQgiBSJ6F0m8sLWW1jh/dqlYruxTEyW9A6aRFj2Da1Uz78UWpcK3bNeI8zIIr3zuIr1/z1+6IsqAkVjk8NeSQFoPVxaKHYea94BK49+kXU1LR5hCXlPUcPwg6gbOLDa7M4ChiUmzI7FYcOCRdZIJgZu/6hh+Vd2+4QP8Gs1xgBtNpkOu/dqwgIGE8T1NQ89ubocSuBvFuwtDtEJtxfJi++6+lBBLpkRilrkshdzZh1oPnv+5o5vRWd9QbQBqo2KUQlE2O6ff2IOaXOkdE0fpWFAJBeEZiRakMoxToLDoPKQLzYUo73Pb7HsocQzBejSlOP1p36+wxBl1i8O+baJKrh/YLSzLE4UIx7PgZN/kUUym2fDEq3mqE4NA+n84+HZA99FvNLwBwZGukTBXfpyF6HYBmg6Fwk0rJ098TiG9y7Jz2GKpXh0skrPqhh4T15mvittPpv0zldTb4M/Zca5WelHrNkHww7fu1JoNPOGogvBn7pX8s6Whhw2ab6zDPLqEb+hqHF8SEAozsoJz6ECuAJuqrXaxc5dOvF69kSj+RNhmSTinytIVjeD0EBm1CizY9tXGkqpYSMD9cYIclOCcIj4BbpJdztzKhq4fxYAkxxm4/f+bW+YkmDfJ0Xkv6l7HcPVa2iQnibx0Ro3MYVJ6UHqkY2lFj4cieXRBkMUpXwJY6oX3Armx87cBpJGR26t05kNfj6KwXPBpeudpcIpFnGKn7YW4NdkRoPYhCCt/Afzs+01hM2KVv6GrbVnFEy+leCGO4msuXjMXaGjf+AAw0P3M2RBEa2oiAoTNmY8robYOyhnEMQEr9tE3sAjW3dhqvtb1JHW+fm4yfD1k/6XgV6BhXNgu5VI9VVquIvS0vFWsCrVLoGxBuxbEuA1EbUPYEZH2J/peZ21XKytlFwYYQHFlBdvkwDDen6Fa2REtke0w16nF+AelH1HguONH9Y80I7O8YwzD1lwbgf06yss01ExA+pT0r53lM77jTRBENvL8+KdJaT8s/nsBZ0fmQBdMqJeJtTO60SIM0IFYT+i4Ku9KQ1muIg1l7IpAAUxyxQ3yGgc6UTT2QzmxZfczoNXUAdb+qp24TgI54pHdRxBohnYDSAmV8etQB0e9ba8m5Bi1GYfCvNnZ9D9fqh/mD6q5m+MMe/7ih8KT5uLtpQfSuNbkA2y8fqUr97RrnBVpED7gNNoBVIjkpx6BtWxg0zpqkAET4pZqoEuBf5Ll83RVpidNJfS25F9NhKZuNrr1h9wum+CQY/Ug2phFWGM1e0xfyvOuZpytXKu/E5iK1T9g9NWGRtXcHb3cAsoyO0QHHeL93VY1f6KO46xAPHEDmHCkp0tEV08/jeHLU+lH9BTHtqHPO7R83yuXNVR7pdHj/OoDhm9kjYKlFqIi5phxqNKuUu6rV63SjXJ4zWE3uwBAXPV181sYgJPEl3YRtUFZXK7B5SMvMQfgQSIxF7QDAluTsZSuAqKpJm0dSoAI6M9/Qwj9tu5Q1WC9CtdSYS6qO2iOLIKtlVqvPfBYkJ4u0NvfpAj6INYbCipa8DkCAzHEijKiTOUkpbhgMh1lnMCvjlBbCntKX87XJ84mC7XxakwwO7xllUAxKf+NuLZHIbkKg1fH8YqUQBzqeVEQeM6fU2sckSZQkCXIhj8MNrKrD7voaf6R+HXB6kalrwoKUBmeHr6nJVmEZwHPRAgIseh3axVs/KeDYlSF6WaxpglX78y8NIJL09L6NFT9S5bZE9qFSpFYiGMbW9FCW/ujMYwDlNobbRXe7gXeDZaMkm2L7JuAnNc0/wbwj81EPCWldiSO0BASbZHn3y8ZP4Em2BI93H5gkj6cN9xQrZCpAyQf+p38Yh5jlDC3iXyWI2HVS0tae+FvOjaMEmNqa9b4Ndol7E4cfPrYkZxLaNUbizfSHZ22iy/PIXVUpWxLliW+afwei5QiN659cuQAxqzpwb/K86CYIGLTfBSuCszNjH0Jszizk0qNLO0AR3WBcBcvgk3dm/Dpn6IeLQ4pF/JIng9rduuK7rlyXC0WlR4eSoUdUwi+3AxZwFHqoPU9oUiC7zFu3WXXwNwr42WaXsJMSOxQSpQe8q4FlrlGV9l3SSH+UD/RdpZurpzYRWNVyGl6378wBhoEHZAXBu+5n5ozeDURgeR1UpDINfMfgZIfhYRc/wBogtSYcVvX87+3tbRxVeD8VRi/vd4w+SuRvTooPytrWF1ORNwDj3a8HenhRD9LPiej5X4dotJJOmREOrOKSKs/Gdba3uA8lkXqKz4K+Tq718iuSVX+WKrT6nDgK0okqa3wBADokCTsF0hNtnBG0yxbJqEOFXm2FJrz88mya7pVfsZdXeNYGKwoTjZl29otRul5R/zmDeAAwvhcRFjYGbaZ94yZwo1KKdWkEZH/SSRo4L5ZOuO0BaLCYjxEpK9iSEmM3pMyoHPLTVzWPq9e7kIfTLgOObftqidftw05//Iv7V+sEKSVX41pDFbAxTknerO1P+4hw9Q/vSHqeDmfIPnrmvWWStshBWBxD6VAd5PiH7DuXWd+QOWjeFWi5cv9OZOJd4/GdCAzMpDx4++npzKOoM/0oxU64qzg6XjCRL1T+F76Tb6ksXSJQVLGa1w74Oni8+K1TVjxnu9qCw/g76b3d/847C8g8SEvNGummbxCx6b7YAQv0r8OkoZoU9CoBwtACa4HN4nDzyMW7/8Snd2fy3Ol91fVF3lGKdCA4mrvUkMCHQNgOuLOdZlV1s1eepjSdq/UCO+tBUk8B0MB97kdF+BDSdOm1+3+jj+w6ncuxGqzsbqI0ZFpjyuofCBvQNqOO4ZJUT9GlQ6+gK750tfDf+FSXnPo5ugGL1Up6v7WtXcpP57Av93cB/MuEN9SsWyPvIECdLDbZ9Uh1jstNeGfkUTjh1hdBRQRC24I2UkJqLYhqZXy91ngZVUGwAUM6O3qOSB0Qzl5Dd8JFbTIWOU8YYUx1nKuFE3oWihzwcxCW8vfPMEY4mnYy4kDh/IosxN7wLrUvoni0dlh4gF2lRH1kOQiquZqv6f1lGo9w/jQ6+SGSpTM1JDg82gjKiW/CyZ2wGVRkIxP4nc7CkWaHCtYg7Pxkndsx9y66DYtV1j4WD7+XDr71spmPMWI6W/7AQ9HNREZfifGGU4B4aPn1ECkLeSRkxGToU1Ljx1B6Q7dQFYLzbItrb/tgiGtETnCi1aIGw1O3l7JDtf8Ry/g0LGJUfVA1eubQpPB88Ash3fE7Y1yDcJPrwnSZL8INxWGUvsq4N8NPc9S3ozZcE5u8dMbT+ErxTphjt5qOV3kMw9ca05CPkx07KqZJjZ7pS0xvYtCXnAHZeqmd39bIpvXZR3Wx2Akao85iiK2IVrGtwPIrhLe0WQ7bmiES6avDfqo0pP/x4VLxTTtCKKbs2exaMiqDbURPTu00cJIQDbttdXySeNY31XGm26iEAAhOdczMK/QCOetdeP4i9sWaK+9lEp+tky8ct+Y1FbL4gEsnJwZEzp4BnufBoNv3yDpQi0Efohycxxe5vZogYmQtQmLmXZP+EoXtxC04v+f0ozj1C+NjpJJ8VBLT7Cpr2U2bVYIst9vRm458P0lkBwLUKMgFeX2h1l5Q8eWKhbeCzC2MX+Y7W8+TB7SioU+YQAgt/C7id+0Q7ri/YNauz0fBhYMDGq3XvUtfepCI4SyF9SWtt8vSxAySpxk0ye+/xDxqUx3XZxB+ZqugnyeWCOCwywqNp0iJI5JtQoPDBiGHr6vo9mLQYAhYtiFv/cLytJ9rULrp/09miyQ6SMIVDZgFjHfdSHk7rUd/wLD1qvZFOIyDo1u0+S2Mhhp8vFY7BYXXDjrAR2Zrt389uitZF+8MxMeT8Qm5OwBP9sw9+So1845FWqqkaSHr4odQHQYd0iCYye5JGQxaAlJlp+WOlH9jnK1EeAQfHZHhOBKMg3iu6wyHTVs6IhbSpF3hof5Mdkx+g+zy4NPm2bcXHYCJIZcUmN3vtoGl5/HYAeixuLB++HCJtKcZKyoz+oNlT4L1GbcwlW7W4JmXz6+mPuG5aFwyAGDUUPNnIVXRmR8gS8huKI8ML2Tj5764erIPN2JLe8taLOoKOX3lkLArXktiJ/XLoY/yFwcee/+eKgOSSs4GCG8YeAAYp81C6z/KQyELNiT3OhrzX02OoNkQ7rBM25gY2Xkqtp6vRL0frCRMDY6mqR1J2JVOxDN7rkUssx0+zOLpnGf6S+PiQtULqWL+TiuFE/xxB3xzrdwxEVqlamLkVFIh25S0Fkrc/Ih1EECma4KHStnyDip3dVZpBt0nlSZ+cqQzqA6PUMvb+L9XO2IaW/QDRljA4b9UqDZOFC47Qyt84NwqVbr7DWr6PrOIdXHXPeXpFtMCwIxrxxy2+aWC7XC5InItA+kriN1+hAG4kwlv0IzdEqETabYWGJXuLqICqchfinAvTCjxPPb1sQTqZLiTaQ82KKkvTv5I1zEtSROwdivm6RzVTdsgUqAXYJMq4wk/1f/w9JkaJ7ylYubOSYtwTn+UO78mHofFLjq12fu5kNtgFcPahKCMDDJ1hO3haJDMmZclvNQ3ZXXr7ON4IBl6Q1A4kvF9Fzy+awJL+5YFQv3RC56n1yMaKlfn9GjCBWCq+xkzvpobhC5IlvoS1VJw3C1SiGJx4ob8q+p42AVssIqFovwQvcjt9/cFIOynO/10jfWtsrgNqUwkMtEIBI4eLu3M6xwHlgtHfvJzgsZwquhhln6nMycv9TpRWTPzCr6g2a3DmVGwQyeTRSDsNhVV04NDyR3Gp+71Eo0qeYzSD9d4+YZji26I/XDmeJ5Kg+8wcRgS7QuBANqAtFMsS878qVno17atjfVvgsQbNKVxhUSUk08qDQgyzSBMTHyed+GqRWglwFjcl9iiRCDLp5CFFAWIy5Dqy9SqoUE4FJRYCTjz7vOzgSqUwB+8oh5v63X0hDLKUbVD4QfqkhklUbv9RRtpDmeMkYzmoLSa5GL1BleMNRCiV2LSJSEyguKzDdF3HbcsHf598wIf06FcxuODZ1pO4zmHddCp6NUi+R8na3x7Yo2OKxw7KuWnkvp/SbhU32i+TMiNcp2MOizoMb6FHKLx9++CRR/55t0cMd/ViM4AQ7Egt9u2wvPhKN+vE3KB9DM4h/RUcBH+jIFhAKde0KhNopyCx1vp/d0+TL7LW+v9wvx4Pym6aPO2nvb5cWwL6l8VoNjh9yyFz22PnYZKyhyaKONtqzei4acBdHWcGw9WKLErhfeCD2H+n2YBiIAQAAMLZt27Zt27Zt27Zt42Pbtm1bHaKD3MAa+Whtc42J8J4MiEOF04KrsYUFiPJouUvKlAcdsMrxmM8KwrcDCcqloAdEZnnlAELWjLmh6MUPZ/8UZquFg2XI5iV4iuTDP8jo1R37UoFzOlNSnIEaWZokCVNSinUcP35Xh5uLl9qgxm8S81Nqv8YlDPsjs4erB1M/92uEXesbZyIGKWEcMbhsl0mhbYW/qZJVkiIs8ngVkMuZSRxOSwAzxMs12dMNY7Yk9NLOLHwzDm1cv7V4fTToCuXyQs7rin28EByG9EM+2m515E/aCtoTXQ/4sJTMKl68AIRQ8faf2nuKwMtETd75OCBkY44GUdVNJ0ZmNQLrFqaxU5H6LswS6vRNVcFtngYWhNSg9hxpqDtXX/ygrpxJ1x3dqfby9TpvEOKHmgs0scoLIjDfALhlstvla6vZy/fTEsCp1pEH7qC/blmX5Cq1sox5GwnFpTEoEX4fhDan0aCg8Gy1HW5fy7IaYq6OFLljLA3UHxnQkPnaroaa5edXhsRs7xAWQ6NbUnr8kItoSj370Pnfp2vbRkjOBJOngqOmUDXRlkrwWlZR8qozReN1ckV8YJMQ5OIY6MNcSTsNmhczvnDFCwt3ZtSgQfYiucYPI/wKv0wlwd+dIPzJcb4PryDp7OI+HICIbwKq7TJYQVVMDBZ1x4G9clV566SaZfsdvMysaHW3TKMG6DXJ9rQuSNLX0yl9Y+ol+lYKk1qmMvnDUygPmLW+pAzXxVNcn/bJjohtYhrbagIKqW6lUWZUgg2zZbnu19v8ff731VBGTm8HcIUjMiY0KowhHmxwVCXF4F5zFOAx/gyMT4ggw6xIVc4l11OBvWFzd78LX3E79/wWTPXc8iBx2whBqVSy3aPpGIsKg7mzWYjQBFVHrAxR3uOn4AbOAPosEyE/glg+WRdYAogNJayWA62Hm/lD4xuL7RCPpAKp5lmiy15o3R8AZEMcE3+WqpWmmMwCHIptO2uqisKjsIvF8qPV2HJT4gUz26Tzc1PQ/ZYTAXkDmAf7Fp8yilb1ctRDQ3r473LPqQsu2M2hUi0u83HgWXZ2g55wCQOs0xLgdoCtPJbI3oJGUJRMAung3X5X7Yf0/RPC7tu2oF296cCukX/VR7R/aMFFVAehUxjgRoeCfDRptLpgTqkFjK+Wja1gdjGHNfvhqDdy9QKyrMiiPFu7sMfKS0wMpcKLNxl0w/JJcCJsQ+6gZ5cg6GOmk4mFBNTgonnsyCsHXTOfQV2DNhPk+UWLmqT4RU5rJytIY+ovLGlhbuajFFwbJY3hroa3kZkMkkC93UqfbXo5+j26PbJ2QZiSVwC42u0Kj1VG7VFfcVEMoCy3TRDS+Fob/0JXEtaae7Rss/dwR8vIMhyTVWMlaTkT7fH3XMzmIM8rUZWRQMWIh8IP0Va+7FSMOSV3yPsck7ZBVee39DTGBh17UBPTM1X3rWOZYK8XJuFsJD196xCR2oSa7XnatOpVTX/ENLpj7mePHsBab/fDfBX7qaZC5XTa7PTvmlgWBpcUAT/5sykRVrQZc44DiWtS93pHEYwmEgNk54KEcrrtN9CQc1m2Hd3Bh0g5FQ0UuBxcP7I5UuWOQbz4+mXimMkAFc4BjTf3vbL8GRDfKbs6al7G4Mb9PSj0GWKldEcSxH2DntoXWNUbThjMsr/zE6fx2bYD3stBWRl+EQqFgN/vOiIrpMXgUsXPCjU/0Phfhfq7ZwtdIZiWs0MPvUNPFSXRi+RstEbjRE/bzT4JssIeLhWPuUYPZs3lqPQFN1eTTlVOnVwnEMnfbxcSsNk+OrRjQFlm/whdC5Z4bAxMYjzFpirvgmY6Fq/TsM4gT2l5jnw3A3yaYCtGOQKn3N15h1J+cLZ7tMXHa5t8xbR4KoXLZK9PhBShCU9/8Gl7l6w94aUxS4afX8HL5mYQ90AsWoL2IR3x39RYbVFw9Sd357kysOk/rvge08zwc+ogpyr4S1u8D62h2v7e7Yc4lv4Cojued1pbosx5hQKr4rhu6MpeCvY15wQZJ4XWoygDTtEbvYTQ7TuI39ZOow84noGuxoKtEH3u+jzqzp37ciTjBu+TSnnRROhNFCyC2LBcdDo+DqrwnCTeH8wL11g9f0H0ZAcsMnsVHvw2NJElNkaDvG9dCB6NzAEIo5IxxNimBdNWpKXBGey3EMn6sh6/CQ1bhq6eIAKBddkcNg0axoxPqAagoAuEadEh0anSBbLSC85pfniUxtypVENJG09cCxWpYEptVPK3iOJJK+5HyBVFD0fXBTeMDODv2ZROkCuGcwALeR/HpS5mlE30O6gKlPKw72bMBDV9tmDryDXSQKj5Z8y3ebI0gQfP9NgG7eF3jE/UBEpogeRekIVHcgiMjToYVoFKx2aTDVXQNuO90rozJPgCoueup4QdpIIjpTGBtV4kDkqjstCdyhghXwnqD5SznsRMSB8n+HA1CQLg0u7J/lrzcPqlxD+UAYDDkR+aTo8gSL22+DHUvKvYRz5McjxEJwa5w1Hp09a3pk87l7d94BNPIrPtBi3LuEgpWP9pg+P7BCVdRl9s4l+r7Zfuo7sUx7+QqxAsGHpsDzQwQSH+M0fvmr/HzITqx6JMO5KHRMp+heJyXEeS+wkbc8/5XPe08oOw10vfJIdumE0g6X8mvPPsZpaxF+KPgiFmztr7SDilfLH7hTe7Y305Hq07iBApSG0RK/XgCgRt+BGONfZ5L3GEWkr3L2sL3BNDg17TFOikB+KnM5zEN6SqglNjdwUxnleBM5Y0StRSmHZ6TbHtxVqEU3bp34C+8+7Dnba0BK4MnC7ko+gX0tDXEBSvuiEEcDnWCuMtxOvtBp9WeHwYmtSq1sKmXr5gg0dM6GejYejgyF8MHNqazQpZvWZDFms64A+2m7I7xSuvZgmKqg/7zZVN19KsiaFfJw9HwD4RTfusoeqzpml9cVqIEKurvoxt9fE/mN6WPhpYNf81h99spMgp+2qV5Z8p/9yFQ7ulYZa9j0vk29opJ4JNcGzRtzXxeEqO6srymMV2BvvocN6Nqathnvmyw8NNpk22+X0+5c5plpyj/odN+dVtMAc86fU3Ld7t0F0+b0n6Nm5ZXX0KYQI6e7Mx4AEyGyUppiAOitJISCY19YhJdBAv9gu3c38gHmrIouRuaHNlpbhd/K1SvMKKgvIVBWUGtm9V9APK8nQbNnhkbf6QVwQQPQm4LYacjmb4JFkLPxxddDKqV9DBjHcBtLxrYfoR6p2fgMVONpdfDyyY1S0fNslFaMn7UNvPIVstNYBCNNTrQ0u2oJt1lixwwioeBWbVkapgeL0r87R6NNK90DEp3NdyY1vUMnqPLwzFnK7Y6dw+ltZESgtqZr+gfDBiCxqhEJvgQfb1KUJcWh7pqvj2YJ1DgNVJR9rWJ5wJi2OBuiK4HRT2Qiw3rEDY8A640yjNsoOxqHNdeJiHfnlIwGpahLhVoTHPXlyGUW9uOkyo9ZTj7hQag+M4ketw8MvrTbz6cE9rakKG0DbY1flEN/sCG8mm0J5MABWricVMhq4kQZEbjmiRLa8aHnhimLFbwYS+1Q9yXivtOwKkivu9cvu5nVaRSzTP5DTSp9RfoFazVlpVQQYLsPIKhGv8WVgLxUDFEfvrSkL5dl9FEXeSB+rkssDTvqhgKyAguIdCcvu0RPxECG9dAuLk+erNuTSGAVnSvacKTus2S1MMRwTeZUt/JaVRY0t2HcBnfC6hqCL4oYgWT2hZyqtRufIgo4YxYLtKx874TXK+TeXsKqkJKFbXAYfmPtxwHj3QodZRauNRMeizgCNd8UYX/P6Fd1FG0B68vdVYgfx+AMN0wR9s1E2OBypUToYQ0AAV4TfBKYAI34BsezZta2GdZA+hob+asjU6GoRFD45CCtPIQnmkOXJ/9pkrMleJmGawUVY2ncT3Z8KJpO5n9pYSbuvrM1WKnEdDnHNg/sBrh/3a1eP+b6vix0GKHwh7GKP/XUlGcvp7Qfa7zx8EYKIwduys7xfGZDMko0pvxlMIyPbEASIOiKrmsR3Fd+1B415O43gVead10KUUOmyR+y9ISCFa8Y0ChK1V4IboraLbaqCrr31TPd1oaJaEDUTPuPZWKFQb14ndld74u7gohEytHo3IVpIwWinGWPdLzE2fKvbbcG8y1h6dOGaedD1WJUvytf5qoggbwN30LHQJgrU4iAUCI1byw7yYv4bGUdzrlv8MJuBqMH2RMxNMTvzCL+8DCJzawTZav9y2DcubHo4mqb49zwPtSBxbNNouaWj2gH3TCsq6lhJLUTGkqZCF2OeowjZAt2r0B6b/ZmjBDuR+Uc+E/SWxIAXZ9cXj+xJesaWCGRvrz5rgiH2jdFotTbDpNrTpnb54YmHHk0trqmKyDrkEwEQcdxmZN5IHZ+ccaPAwYipA/To3Xa7fpIBz3J081OSUpzP775PNGKUyHm4eMJqvXLIVCm3t2vcQ8MbKZaNJjYjyLWnRAWSdBNwjd8PjYaglZA0DtlubefKCGqfiXyS5PBCeEsKaPP1haW3PI9btQ5ssZfPnLGai09Flp+Imgtv53kRLEFpnWu/X5/Tk47QJCE9Yg4x6xfwnoLAC6pxUkrQJIFF9V2aSHQXYOGTJWUzvEb0P9OqZLohRKUyAtSBKNg2tX+/SgNGQec3w+y8vieduaHr0fhfMTPVR8f7UBKx20pYPgwq1oE52JtAcRfO1B+idJDyJwwVdBnMCc8XreOe0JRXhyhclmbI3a+w3wWD7sL7SkiohZmqo4XdJKzGxbKcWSoI/hQYAKtDiNKkZQa/u6aUtET0QoYYI5I/nExB6UNSg7qva1k42BEUxXgaCV5SB2FPDUAuns6NvDbYk0snsDS3O2VCPtw1jvIuMGvZTs8uzlVkpFd6GLpX7oXOn4LJOy48yRV73wI7N4pjKCauISNPa3k0b/zYX0QHQIxlM5WURdawWiW1pMTrrvauECyOguFeJxPFDkY2+IsSbdAMRaaVVxn1Iye/WibhRMYS1O3lBNhzGHtqGrEzAgKhMkctjj0D8qlgTr0n92AcU5Ux/oUC5CCjYErGwYp5LEqvlqUjsBKCWEiQy/C2ZYAQBwUaT/HR7avJwU5yY589kHzy61msZuiP0zQYXvPV+616MuFCz+O+cRU8FygafJm9vKk77BYzC6WELI87wVOZU73CXvJboQyQ3e7vuqbAyxPwi0cBn/dQn0L7mwCeCnq3jBsCXde1tu+2CC7EcBhfw1HZo8yb59Eti4S+W2mqgeAXl2p1LUU6QDRoswHFGtuWEOpnPW4Sbs0yGzKNmCyKZRmeZNZcIEVJxD0a7XKHp/NHMX4kL+hOEvUmRAOXRT/ZYiYldcPYHMRWsAkveZE0JCTLoyvIkDeOC+fjO5iRfBXIJaQHFr+fpnv+AbphxokZ/hmNLnR1QENJzwEb5JzEu4AMP3qbnSWhW6I7WHq9PGeAy+PjJt0w6XMyBG/oz/ryhSf5QFnYTqEdVU8fzpNdRHGv4hCaKQbro0HS1jmTrmceIiy9WwTiHSe8IjFT5NGQhGUl4Hxx6T0KuGccrhiyrlBGr+5QatQxS/L9kvceGDz+LRK5cXQdXB/aMA7bbUdFTNE2Hn/NerWClr0I5jkA02rw3KtTRaEcDQPzLbIaVeWVtwvSts6fjOY7aNGEq+AFZiGamZJ5b6m9L2e5AxCtXmCRRjzSk6CRq6nCSiUqlh6KDRaqxTa2H/CUot/ewwRd9ixmo4c/c8EWI6C+35rLBKUg1/huV4qF+RNYSKl3sHQTYBVHIFRgN9xRHpLLF4H2KPWdl5nhyzczQeH8NEr7uiSdCu3JnGW+zaoUxfAetwT9egUpCgpaAqGP1bfbUGXOxWaAI4ZPZJiT8Ku1zsOm8IqlcaMMbaV64JYEz4gblEikcs4HH459ZpgzrXyuYJJNGwpcoeYsh557+XJ7+RItYazxNcRWEf5++VhxPBaQ+Na6CBvOPNRuUQEvMwjkn0gqE+lY+4q5AKhqq3nKopDAo99dw7cuoVYKNhtByQTcSAqz6OhxwU9EZ9XxJeEocg9VIK7zLwboBSfhjfBxCLv6LOgDrwCDJuXZhxeJJ955EBNOKVgicgQgBi7brpgdYaM2g2EfWnZWm9wuoX15oab5jWYaseskmKgFPcqdQliWRshd6B1XQyR+jQLLi0Y7QRgXAbZL9U4Ea0orNbp03nIbkIgvSzZ1BY1vaekbyAoEiEnaByFB5dSBHRmEX3uD8Q2sAzJReNzx1SO+XbyWw3i7kRf6zWzCY0iUBzX7NPHPIu1zeUMuu2Y/Hh8AgZTKidk8tVE8N3VGnYBooHzc/BvCdA+Ybg18mkVcD61x/J9/i9hnUxDsZNMrOfCYZHkHzmatbnKW7i+7HMHUBxculXEKX+/uG9PhS0IOS9NpNbRw/qmma+RMrlpvfR/qbnL2dNIkfVTTqsXSGmWYsu0XZ5MnzvqvVJ+b6ap80ChpId80oDXrLDqe1M8V1VKcMiEJigST89nf1LUROzeSx3XCdPNrGxjAl8pdC2eyzB7JyDIef0DBtfjwRXdRHDjLff5Qm5JDfUO1l8MhHYaWb3Zpox1B6fYwK+tBDv/vXiETD40rm6VKSLmKz086j28a6n0VzsTpzUmEFzW9j1M5k++/+G7gEaw8Rov/4OPOonuvQYrcR+HKHi2QR3wmCVnOMwughP1hs/oSIJ25oCyFoxW7rnwTfwuycNlQNO8xj72jzfRbCwQK8yG3/1utvEZgNwQHKsd0a7grEGmPsA8/K3ysqjX1WzPI9pdRF2UJOjXDWq5UOKEEzqgigG56K0wnMh05KlDqasreAgt9Z/kiKm35VApcbiKoqwgVRIPHFGm/oQNPs8TFX+hzYD0ggO14p8wTXN4rkdHgZMXzA/zRbG6g9abyJkdnl0W7pkP+yHe88fSq7NwcKdit1Jrl6a7IrxyypzpuG2JAfvRR/mPIh6itS+tOY5tsk7RSNgtbj+LZnnchc2Qr58siTBWPGwDFuVjBw5/HV+oedkS5oJ++nXHz72GGLhICZQrtMineWFHxfcOD2eaPsbCfbFNmY8tfMrpa+GZDCD3mMaLzpUUOSkrzNvMAbYvQPzZwnAdEMqKmAvM6FBFbeXypsNCZekgBjRnMI8Yw0oNE6SEMIQVO2kgPAiQ8G3DfIdj/46l2apEbpgNG+10LsNKJxCIpux5op1V5nEVsqTQB0Y5StikjacsfbV2fWqAQpZfsiJtlN7UQBAOZn4uM8gbwRflNZSSJB1yuoPZ7pPT3fOjA7tBsgNkHkIebFsA/FhqFd3tq9Ki8ePV/t3E6c7ehQbIt70umPKMKfZC5WVvzodJ18Z17G39LcCXqMYZ59wpvicceC3Jkq3SduohjDISX7DnQCMwbupoYFCw6S0ECAlPDwo4TNCqLSychNunzCLd7KZCHV/RZDwztL0EXYtIbupqbPWrzVxLqiPpI6Ndu2kRFFT816BiXRS6fVdUSgSHqt9952cNP9D+MhYGSDg8K9ZKiNpfxnjpLg3rx0o5+ZymlS3cN7EYQU4dpLGMV2VXPDn3QoDsrRaLzb5MyeNriI+K++R8PH4Fe+0FGz9cg2qaWEHnazhz8zBPJXhZq+aD0nTahG5SXycNcRFeOaiKxUDc+VFpm/r1Ar0Ww61Zz27XSWCaS217zhvj6e767RlO2bSLx+x53qVfM4QgQF6bfCCst1IEvM5Bfd0//gzAK/dB6NuLiLye0b05iluL/hAFDwfvPhQwI/BDdwAcF2yiF9oEUmi721IdVMIjGk2WvAKsgYp5LyUeUm3u5PWIbzQbMW/5RxtRend1M/wLnyEUu65WX3vIk+Yl+oHGoget1emDEBmCEVf8EyNkU0/ZJpaAAEpMg5Pn9LHgSTNS+958R3NALIFd94sk11oolI9LEbLF78LBa27GMdusB6XRXLZ2Gf0Q105++5jCD4el54SZ3m28V47/GkPHf/cbztM1QcmwjKZ5mHdkN5w/S7MpwIrYjROr1+tQNKh0w7mTdVVmEn/DhzJGBgEG8M1RuR5Ps5Zu/MczVqr/dsuNe8agFsqIPP2liv6EVLwz0F4k2aNkGGqDDDejP4KcaVk7wrvhuaIqvAN3LtvojXrEFgPjlADKJ8h7Bj4lFPRbR8yVLbYOLGrEztmIrVhpPpkSMIMtnvEm9/M2YGaIGiUPXpG95OElZE9ezHGLxEcO8obL2pOuZVbrSTmSk8va3vGBVpHTVIbWx//ES+wItfPxHqxcYvGWDpuleNr8NPbJBVNFWLlEZy0GB/B5QItrBlvezGsaXN7YdXwYhXkYrn5ZX6nQaXefkkDP5NI1OTJGRWgwKro3GAOYBtAv0uDfMYmsHbl3xSzGgm2QKS/GKhNJRi+c/T5o+v1DiB036S8iXniR4AmSy3W+D2tgBSpoA3UJNWupjs0JVk+9E1mh9vn85UrS/eH0LjAFsYCHtI2X3dt00uANONm9IrDGhg8L4EtCF4nvezTUiMob1iTumjXlRmwfcRjpQItUTIMfUhNHfUht6AlNPoJzj+qVBo1JflYlNb0VjQj38bAlwPz6aw3Z0q072218X4Y4Nnt9YcDN1igbPqz619p+uV5ViDh+dpLhiyD2m7LDjNQW+HcdrqV4GR1SpoCS66HM6FaQSeyqnkYrmo5cxtwIeXUwCy9uhrD4gVnHyLorA7kNsgbj1j/9aLGJE1RvQsS+IAlK/p5yE8XcZ26UxJ7x4psUoBqt7K4l8JPXV50FD4DeOwmEdpwW7uIAOVq33EYcQbK92tCF/IEkvZgsuTbtBOFOyo0898ucusi8WewtoKCajmHosmyUYqtD82O6spD1aNqYLm+VV0uDbn5X2rrbMspuQJZbumnRn2ot3vfLY2oRJ2uKy626D/0TjBnU9Ie6dYbvw5XB4zIUW3zNQn5DLQueJUjUmzlR9nysWDGyMsALw1ULvgq7hMMh/R4S1BfSHJabrlhlCzryk+wrBpgYO2+aT9Lj+WBEEa4qZF/eKYLa6EvwuEGPwxCUBig2wwga3fDtQH9q/B7vgg983aTe3lI7t/j+T5NCak1lO7ktb+1q+B8npG4yKaKxQKIjB4COXwgzpFKnlJWEKVBM8kMVm8EGpjZe/sQu9fmN0ZMBuK+Vhpxf27XvBqOkz41QteJR832BwyP2qyhXDk3sznqjKOpQoh4b3hq3H9sZE7htyLWzYiCvSTnJlXU5+c7eFZR8//MvR+DlP9qzIgM5aHIS9AMjGMvobz7HAotgAtPeODmXdqHL6VvetM+bhrDWIgPBtl4QPf9aUZfkgnlpux3loEcsE+sc6V0YKd+FZhQlxrcw6TK4N/2wJziilYpztGa1TmETQteI0mkRB/D9ooJAStf3XK4IFZD+bIblBnydHDVbJavCZX1wvvc5uza1s0sClEds5D5ogkWXmBtAV3+9t6TekYgcnK2q/WSP8bmWQmCJqioo76/o3MzsNtXKt8vJ3O7SL9+Xa8/uM0pNLQntSkDz2MEewmjNeQVXbHPQ3jyuh4oRqK88G5LO3smVfOYVZetB8ZgA4+YzQ9wc5VTnvxZB16xKm6E9zJhAp7V+FvOo3ZsGiQ+Nq19fZZ3u8kAMPTsZFEBuXJ/9s/HcQY1qgrRj/OsmAnX8I2NxSVKs2R0Y6azEljW/i0UsGSIVFSTQ9LEnCMBbd94i494Ja65tYH01GIEfvRRcaN8wvB7LYR63ffVQL2a4E6bcX6OEAwYXQYmyWG9lHLOV9VTjW2kkGBNBooKk3vm9AXzRzTYcVFE4Cp78gniajGTjrRKt/Qi4JfI/tjsXwN0h4YKwjawECKAG9jD/W29y5sqDN3Z0l1T5+3FO+nQRgy478X2RLb3EC+tOihAFEgaRVKalnakM73d+ZMAmbyzA5hMszuMzsee1t9kvZkiDA7fwk1LZEKek65YtTm5UDGF6+tZL8kdowDzxFjwJ/kE1diDWnlHhR2LfWhJXnO1+TuXsmhrc3tM7uX09dOv1WXJWJvEJvTFTTjVydhVLUw6X2NhdRKP5/RgjeGxjbyhIrMjrz8k2NuVN25NkWgVfrcqrgtMDuw4EnXEpyoxY/vlg7ZzjC/Ef6himrPggQFnMFc+Fz+lPMJyf285v2lcCrvNJPKDgIdzLl639mhOHpa+o4/SEcplvj5VXF+gwuN9sDoXHJkvHtyJrshYuFReHKQzXCwNcoQFn4oERXJmdUajlv2d+M7r5rvLzJ4FzAH8bvZy8HrX3NK/lm2LCEVidRcMrhMXAbxigyChBLPwkoOg3ka3lojZ8YBPuZmEMTT5kf8JjwBA9PAueSZswvP7GOchgjzk4iwhF+hk6bz+3FAOzyohUHsUA+hi2p8c58gWyNdOLm4ZAdR4x64C6008u7uQChjUy7IWxKOHzRlZ2oEoHwji+BQmEQ9Y9QaoCdBglafE9xXqC03gUv9ZnLd6nvH0MDZDWTvbSS8cvoHLL/0atGuTlM+glSWnKyRN7nMC4VdhGuYRvgdcwzGdiujO91VHZydSdRZh/Y3F9bXYbUW9mkBoyU9aZv+ER47TfDyXf1hwh7upv5BfVDby3eu9PqgGahICcZz2dYXNEmjgAXXxmV2xEqLnz9MxYarMAFtlpNeCP+zXpv/75pnEF2BWBWq5med9az0hkYCSb263dtkTDxptuNq/j63J+X+5PeR5eRRLEsXLMcqGtA9kWAEELF3urqis+AKTTw/ZzfBq8Rp7upCjd8shUDTs8CiHp3eF41FQpGRaALNEadJaeWXxrW8W/kAnrvSIQI8+oPXHV28ZViwbPVDoCuqByAvXGL7h/hemfnyW+YIsRgNRaDMMO+zS1YnfsH+3Z3pGab2ax0flOn59e0rF7L6zE2Hp15xiYdcvY+rLKBQ3Y+AxDhx01ootS+jSqKHORgtuIbj9a0BXDsisKyGzBnFxl9N2qUxzTJbFUb+VJHdJfGEd+HrH4QW/ge0CH8ItdjKZFlmrlc19BnXKcVT1PrjbWxqlGs9p0+NZthysCCILz6+BoHtb3EKQsLGe//Jju+oqxnVnm72/DOL/SpJMTv5Hs+oO8iQg1aFZjB5wyOCbT6VMOOo6HSAPKB6bEtP8U2dKyNOkpAbkoj9mMD7pMisMdgfxCSbayDZNZ7F7OMYaoojPP1pVUQYn3SCPapJVkeC/Zzr1Rb10xktGOAqaI5s6jOlFYUNc6XkAg8mkVYNcDtGYf0Velkx5V0mWdxVnEt9skIKo63cjY6Ce/4wneWKuuCpfFjz8gxXBgA9SafMoILG7l659AbwBBk4ph786Q2Z9boILLbXc/tmBfHGSBm8VWStD1ybk3ABhaVlJpTSNWtDMdpfpiXILNOp8qqDsTVdhLTlv8BHvNNWg0fqr8RoLbcEY5eJ8+qXUc49apnF2g/q7K7jvUk7d6dHad6qfmRR2nBiajQnXN92PtRCLjPQ3PN91r09CSwx6oJKSXM6HcU9VFbG9Mk0ZJwHjklFC4KNytt+ejuwSgLR7JrdGDNncmCSk1Y/zKqb1b/NJ3Qc4zB9Yacya9tddPG8u/i7Mf+vAbZLXUt6AThHgIABDl3ERMdqqGunIjAMdAyGs2ddF10+sDthbYOUBl1vOwyKHPv1x50jycC8DsbZxxpdcrOZOw2qr+Y57S2N/ppDIdU7lNvdJ3H9p2hGjUIuG2TRChk+48A8VYAJOG4TPGuSg9P2iT5ytBxskEj1LJcS3PrpcX6mRivzMt3MvnC/2jdGryHGYIxrkhqpKUl7nNS4N4G0xl1nB3Tw+UGieLtQSwt6sbwnQWCABqHhpjIXcDnwxP6ukoznYT4cGRchCrXwbOg+MGi2k4UVOIXEeM5eYnnI1j7AvpL0jjopafsAm0c0RVGLn2ILbXafxS+GeetohrmZbGmjuuCU9T9USpZA+dtbj/NhTyCoE4xHFguIhB/6+9FYK8hXh2mu94n38Ezdyj+1Iaa174lkKmLsYntpS3gEeLdVJR1zzyGNl1jFg39a2UPH7Fcn7oUlCaCcklBPOSFSpsOGV3aKORwVaQJCF99WWPJqngPQ3oWidYvFwmzB3xGEpNlJLAek9X6czywbPXJbpJi1nRGvd8AH5KIFEZKBTd2rgsvKiJDDcPJ/fjMVEigDL8SIhLF6c2OkavHY+lBgYDdugh3Hg4nglMMOPenOTiFuWttVFpVRb3o25Pqf8jO6No7LFD3cP55yptL303y1v72ANPsffnCRrR3dMdtrExHaz32nZpqw9peTzG1+z+pR8/UAYbZW2uVRRoYuEZwyw2Pgxz5EN4/k8ZKEniuCYhCAOksjwOzIxhRN8+o1yebJBrCM9bnvrWqa/cy7W3SEWz9u0J9HyRTVSEvBlO/lM4qfJkUbii9jyNr0P4gSZp7dHE8y8yZSdXsdpSERwcC+rJR5DheYvMxEltUDJh9X6fyGZNvzcS3mpHxLp/KCAg5o0ujun2exOdjuhyz0YFhvBbN8hKdGd/dxF0I/qfAIZSmhcpq0zusMZlYaOEOT9lFWZg6sQeo9kCBTm42axWGwsPJE6/9aIrdkghmneCS0cjtyVsECZ+6Wg8nr1RJ1YLilxFxswGtHzXSAp625v6iEZd/TBO9N3T07XBi/HdLq3EZ+RjxFxit0U9rsyUz4/MzGYfolVRwasGuZ21MvmUSibOGpH9o542Bfi20qqZ9qD4jRuBalK0Etr+zi5ij/GO9UuQUpSo/5ctEAvFPMxkhLhLBfwZTs9lT1qg+pXqEjSuJXQMIahDL2aB3mrA5RGlGv+6WBeBsJm6HmlPno08+Nd/G/3gHGJbI/FgYhcFysDNvuqV9EXw9mKRGSvnnIt1+34y5zt25RETxApy6rf6ldkPzJLDgGNpeQussnhGP8ak3ZxbmL9jstdpAnids+E1Dt6pLDzFTB7gr8edMcdE+YW1OI8pl85zk14ZMTO0J9CNLsnZ6jMwRj6RNrHQIa6VBJVPTP0EacR/vlxOHoq4a8XWx/BytwwyBNDBSkibLF8vdJad1jMeNiDBw5C5HgrvHqrS5b3CAWr8prdc/PkrKRO5+BIhfvMs9RWTgGWY/w3e36HkCh0cizQgIqWJShnTrwU8z0jFO2+u2yLKmLhwbtpQvgWsN9spAOChxQ8gnqIPVzULGOdwkdW3rjdCwX9L4XNZeH/sLAltMdzgL2ZTZjOFIxUHbdAxGeFo+NEyXL4c40Kbe7fHEck9DboiipM3bk31Xa2/fvsUPKTGhXW+fX4f7FmCbwsyfPOboGN7oy0or8U1aliNkkYbmI2ZnscxN+EUilDHqRFVZpY3FG79C75gxOKIeUub38TpIlL6wIglbqebMVKf0Z+PevTHe9z3g5j8+2pxEgreuW6uVG8FjEcCI8FU7Qe4+oXyrfl1PvCf4nMneIyhyKRfneFuN0XOVrag8TncUbMLCX7yvqs83AcO8eMOivA2ZF3rM8ALptciNcgp9PCRNMgekeV/cSZXCIBdgTDY3pO+3WTymK6eaAl3H9/BbZkVM8Jdj319oEF6aUIMLIb25c2jXAbxoksOrIBe932CbGBlP6s8DAZ07bZ/ObHL71pQWthzlfMDVjgsja20Hkc7wgu4yq0jPponTpote864ZIp9uGaq2UXr8+DC+KVDQ9XFlvyvl9i/kngSZXizV5Pjp+BFRpPn/LxTQkX/vf+D9Fypv7PFqhM5oohL4Ts49F9hpOYSKb2wvLGlIVmllnzn5BAlTP6qsVH+A02pkslksABCWrSacjN8B5N7VvHeLaP3J9S903p8WPSt33XszUmaPF3/Fsu7dtn0y8TURhv0wtDlD6bTw3DRTiGanlF022qnTGsoG3r6oU/5jh+FwHF9f2m6XBt8jDK+aeMRYNCCw5w01wJ3T/ch3UfVgEuc9NbwaZINcdaMIrB6qm/acYcEuYyJMAP9C7cCMXIwfum0GQkwipwvVqDL3Mtz8d4bRNk7sE9lrqxLIW2wDRVxwSsWckkgVnj39HLggXxKJxxUhMoRlBcBnLNb+SdO1gZg91PGK6uG4cqUkRGut0RNLmGjGLShtgcAL1oYHTQjepSGasbsla3ekPBzfsONrOxpD+NvE/NHW9+VivHHoVU6PpIwI7HJ5sK2stlAnpXyXstnL7N0MsweW/ndKeAq+x4XLY97t3vmJYOx0LY06TcTnISTd+ejNOgCxWOYKBAaYB4u+nbLh8O/EY3tAIrfn61MTF7HXA5q1hYb36AstI464FaSGZCRvsZcbeUh6fI/o2cPltFVWcakwrwiRjMTQoKR7LKv2VuNU99RmnWyze8WPJutSSPPhP75CGDZ7GST/OAZ5H2kd8OV3g5GUbXAO5MOXc983XHaFGDk/R9xlkWqaWCUfNRktzcRwGSjOPtybxV1nqWI2NqgXNcWFABqyXTL8gU6Q1lcbPJ8MvPMAMwpEAzEfmQbV0BSvoi6GQ0WnvgjqjbESdMLnZqP1SlgwRwQvfvN8OUJGvwfS/vUi9YgF602L2QYbP5esANWoPOLGnlt6pSl6bYypqXD1BAICS5V97kaIk2gRarb9DRitYRhhSNzx3vwab9Hc1D/56yRLr6vqQkeXxuZ2m4eZDaevudZSB/My/y5aUvY8/htB9dxntmAl/OAgeKdnItUVJLQILGrvP5W59PjO7QAYQZJrmLUgbBRJ5JzFzv9Jxgsod0K81DO+xNbOUDv5CecOU/4CBN6Ovb7282uwGPlHx5/7GEsg4ZaNITQ4tg9NZCq6uPoc/t6V7eXjMJtdj5XNwBG6pr7KUtTrF4EE1sO/9p+eLry7Q/CWJJ9wYVt0IZ+xabi1GTqiUlbMi7n/QbdKffmZ3VRKuZ21VZF0qIvEAVnMwHuLyWtiZPwh2qGou5WVrAimA74ao/IIsuWz43H75Fk2FUIz43B9ttWZeE4EHDoMHiIBV7X4yR5bE7yx7CucFRKbuF+oEG62OWStD49KcJ3EKv48eXM2JcHri6RoXtkZtIzW4U/dHFUqkMqmDLW4xA/ut7smZ2kS+xHuklzAA3fN7VaJNBRA9maeqVJUHev9kT1t3+aqE657GAsZ/fmZhZri4g2QJP3M5XBnGE0JNTvLlHW2kNKjsPMGfzYHYpQSJPRGAYfjJVbBqaTDEh5bLLprO5Oq6LCb9A7N6OYcjgFGbVRNUbQ7lfCOmVB0w0kGnUMdiSdjSvXOv+AwM7DLpRhbjcPPixEAMXfC6SWGyRROK0OoP+qusHAIyAujvpDRBYbjR/17gnzssmlIeumk43tVRj1JP0B1a4kov+g1ekKwUjvxNKxo9lb2+ru/7W6V98UAEgi+uGFquuGV4ZLyaKSnG9qdmY7qQyfV74YGzXeV1K2Hx0pRmZexMYg5c6HohKRO1VobY7RMvluTNK+xnP0fFcC2yFHSVGS+vEDRf1KUwaYVfSKp+HwNvT4n4AO6V3PLE5h3SisiSIVf4OvTt6x1g4hqK1y3mwzyUY5ZWy6r63kCWMBebhqvFCkktjdGRd2k9ZWFy4qDWWQ8eiYEhDp0ocUuHLe9xY/geSEbS4XwasvM/73KWGk2jN4WniiE70x4CM77pRlk+s+6D8GXo9+iFgu546Eiuvi2rWUDVBWmXIN0O3tsVA3Ar8+P+9sizVGTMJ7lQFQ7/zmc6cloFivcwc9uff8A9g8cxTmOgMRWfqV8F2ejt0g6wYXKFUv3/CMQjeE6uwAAOyC9gHibaBgr7jsan/VGzyFF4hEqTla4imTVNZriQUTKCEzt7PUT1juVuLlHjAezZaB1LXX0pcewrVtXuBWee4xhZ+gNvQfmLBumjuuZZM+FrQwieVMAhXnuxVWIlD0Zv+lNGpc8KFDpgSpDV16/Hc+wz5xjH3QhU6B29xNVvB4LT2SpECcxO3GkC4LDC9qnvyDu6vmzSFsHB0rem0k5+oW3yhQZy5LaqgfXWCkcz5tF5oxSKa924CLa21LeipjZx7byMR+hot/kTB7YTfy+RLwB+anUfDnP3YOhUeEZHfJfFz5yCcOXrOKQ97ikDMo8ABgYPsNoUVgyOnt/HJuOSqdKARQqd6p8/H5WtQ+lbpKkLNNlHvPnTRTi4IWltWiK7fZn0lwD9hGP8DNOSWBlotcvCv71algKYmO3suLyrax87Xr09jcYAUFgpTwRyrVH4SimI7EfzH91BRFNF5WQDbA6qU+uOeJ9fSyG/veDK61rRiwprprRc/vrWEZ6PMdF+AVxln9cGcTy6q7Z75pur59KvvKO0tuSGM9703YaKHehiX+8ejB26ZhHcXswdYITN0mDsX1KXUXhllu/v92i5301WnD2huokFc3ztNgiwc/tVxZcURUqluZchZTU9mTr6mPDUSrP0wGnWxg0LsU102p6RK8WWY7y9/9gaqwbecopR5tdxt343lQ06iMq+vQtNceFmZBuLAzxVbVDnvOqT/rI0MTO/2Z4xQwj+4UyAchDBLPanYb/psrZl7apMTp2BwYzagu39sXwPi8Snu18u7Da22m14P1Srg1RUvXPFdEaQq9lxS81TgkijshWcQsqYuHxK5DW+ylHDGUe/oHZ7BCvggRSG/DVr9Mdox9MiGRc8w3YQgkrs+SvEq/8AdhQx3ewPlXDmfy2o1rZUPr5lIOKpdDmW7g/4+DEAGonjMG8LQ5l4N+SwwBzB2ZHk5s6+Lta8Ar0BBpWclHEv2j9g0v+DodePukJbzvVFusqWPnPciJRUs62rSaS1u+13Pala8VoRjobdZ/QW9NN27utg+z4AiwZtPKIUy3DIVta6jzDGwUpFYyqOzbUH4wWOZwkh3fZ6n68oJOerJGXdDOTn48gO1ykIMjU2XXqlFkYrZrJWJndhjGSHht1Ufd1nEtyqKAoPfJOJ8OqUmwYG1mz0paFJM7W/CmsiTmgbtSvfEIH7shzJYgy0Ka1UreXvi4TdPyT1bB8FjKNHlidhCvta9YaIZGk6vUszya8SxYi70R/IbbCOnqY2b+2WP3uqAFKnYOzUwnEfvE28Omrglhm5jgvpv84YG7U7RI7P4tJ7TnJ7AZ6G8Bsubs7/Z9rqQxFT0d/B3l77bmOfwvJ6VdQz+6Qj18o0iOeBgbCx+s6H8mdjK6gnTffdqwLfBvfpRGvKh9PrbVk/3AfnS0KQGBdB7ljUdtrum5zs4cjSNAtzNoIEx2g5jriEwH2+LcLlBNUrTFP4ELxGUvRRtZPGf1RPxARUvvFUCgtQLH/fCCWL36qHTMvFmCWSjO/gsWC4FDGwtXoQFZ/jB+qrbLaNXIdYR0hxKOw/eG0N08D3W2OhWgln+IpsU99vpiZUVec2hxbDNtihXUzvie9HFva3sSSdm+INNwqq2qB/kW7MU9wjM+rA5gUqMkx4ErenK924MwSan9GDciIj+CGTfLIMAD8IOFZgnxdhJWiUD2oiEtjgO4iQa+mDqQEm0c5gdZ2it1oumeU2yG10xwIG4fIRDWBVj6opWPpFr5Pu179trNWVdYKfhbXrUOK9xiAALqN1evBoqMAQ0gFEbCcnz+KVik9qlBF1MPeGdYbv8K3SrKKKIxlOw4bYcZy5mctUAgOyTIFbFUdr2UDQBR2S/rKs6dJC+uIu53GB23NJNMsWLHFeKU1XYgk8tFj4+qmDeAZIpw6yYmDd7tob8mYR12Rncal2gBQWpJidplfJ/JB+BZlegIYooikDiToNOaJXUgyDtcByHS8KHh8c7u0XiOu7TjocEmzBvpEKbYdPtcyFem+GXcP15YForor1T3DgCpeXNQBsqzzXltMkRyfAfuaTmuBVj56b2dE5nZDp7FtgsK4WKojhkeWflaOQw350vKt+H6sq0sxWg8J7I5lcy7kecD6vr5HIH1I8DryS3y2KjaewZgb5RNCF2Ribn3qwunn3BuA+VQ4XLdVcN8T0n8Mn9YtGOzEK6zlanfD89MMCmAuAUsUtXUuqB5C+UQqfJGu5pLrgj9dG5G1EoxZAAol1rlPNbVcUHGwdGfAWsHvgrBFgPOl4cNS+WsVkb4URLjHcPF0gGyCfVpK9JTuWkznTLBYrpyjag+629YYf8hfIUg/+Yll7+kNlodL5WBel5PIgSo3wpx444iQ11WICQWSQk3M5l0YozAScQAENV6uv5AdcpehWps5K3VX2SzCJLFzKMW5Lf9On6SzWHY8H4KybuPGi3l5Ej+IKmIvZItEiNuoZiq0w1TG4O7r0lXWFA9+Ju88LUaKryzgW/SHntoakwfRhXSigIfOuY8nrsc0iQYuRPK34a6GmyMsVzvuJi3EmUHNj1MTXUu1LZ4MtAgc7y6LZYNvb9YNEEX3Z/kJiFX8QX7vV5ucXJo1PSA7H0c/MC7nNyZDCbHKFGYJCmzJ71UTAqVWpoa0IxoVE11OcXixjfiosANmhAk9o79LR+VQv8QNtxeM+3Ah7MESN9VrqnCI/wj+wtP67e77ayER1+GIAqyPMBfDQwZKxiV0OYDZJesdjtXdTGByKTH+zKW2MAXSHfC3BhzU/gWI2786b7OKPNdXCMCqNa4d/9OsX2RViBj8fXxf29DK30b1bFCk8IW9XBbDbm/hpR3Mxw+OivBYtAJh5YPIFOGo8VWRJh2Usan2ELnQbTx/MAo2CFsat7MfUDu64xJPb4q9LMRzBt5NUWvB6s1M/1mlHBYoP16n7pjplK/7T8VSiv7IuMJ9Z4EdyXsAMdMGvqZ7k/BZv7IcfTpYavh8GrcEnT4+4GSiXlFNvf0N0FY07WoU16hhwRZ+28vQs8aQlahRQg9hD92pzONJ6/7goPc0VmXx31LK9edoZclJOvPxQREgECtyqIwhWmcueQn3gayUMwY1hkHY0XbgpAHBrZghBfnY4EbUXJDQ+hTI4/uhbQ5oWPWIGHNpwO1z2f7QkVu41lTZ93NXEN4qhNwV2c0tP9ECEJm3wQL5q/Y8wgFi0913ZmFavJj0zLKbhSZ8iLZM78Y9/lWj9losYlYFPlT4eKJWM//b2UJW6+ud3AdmPjrpipLzJK2IOd52UW+7tNY1fa3SSYILZPE0xn5da1xh/LzctwJzciEs2P0g22pi9FNUg7YbRqoWWc3H5UBXU7IWSyC6icGTpcJVlAdGxEnmeUTaFGBZHKAkjwmchIr9Y22HRuQmOEmdz9514ghvdtClgj8W7DAHFhXBWhgHI4gIsOT3u0vg6P52VK1aunkDnAuYjcZ89vJR1quBzO2Y2YhQmFZovq7ag+0G1PUJeLnGa060y/o2AMS8HqgKMdsGM8rvSxQigP01IB92+n1z4TjHakVhWpa/KEkvGLOeFUgyXkkV7IyZC5H9ht422UbvmY1nK8s+mbi3HuGUdO6ixXT+QnCSU5Y5VAKcAi0VdB7evXEvJUNTFr64n7UsTdq3zzQjv+1d26r8VVvf5+tV0xm/DZcKXsnELcPwTEacSRa4FQu0rK4ApKd24CtoCZwk0B9hEcCzZFVO+Z1nAeB3JbyyWROYXIoISCnRLyGqVSwnGPD6Y8iihTN64cT6E1LqxBZqUvffeEkn2QZxSQj9eFeFPC/HrWPNY8pGdAX9dgu22lLkViRVmCwWs+kYBDCrN/jI0lcB9nZz7nZ2Md4nZ4w/WRkkpUETmVKSZfnh0MJU+n8k3Ou0UmvY3FmonG5OFJxu2ayWmcbJ+A3FUlJvc+gS8DuGC+qi/9BGyL/yhtJaCj3F2ah6FOrHJgRpby0jItcTJp1IRGojZ+BffDit0cxi52xkl8MN3iX0A7b8nyxEp0SUd6ivTHNO6OsZWK3bJFGDA0pUpzVpxKCvPh0ReH+OY3leupmn6tAYLWLMMT9jVWQtdjQhJ8bRiFFQwLe3Ch/rpaK48i/re7AfSUqXFcr9dnN5qW8fdabT8zqPnP8TFG12T0ArJiyjIHdhyeFIyI0qWTD/UHefXTEHwxWp0uRj7b0K2RXPLHJL+n5+3Os6jzYtwETbm8kN7jx/VGCqNZm4FNFW2r8EfTY3P9lDDskWN2kbjjos7HCkDFGwE4MKyiIaC/nYCcrHifSxOrDYpE2dtlWqoLbIof1SKZ/a5n1fCFnPoiwTozNxbNry8q7Uxy7WbhJDyxbFTczgWZhKRg4w1OVXVO+aW8mGPoEUIDjwzutnodfZpo2joU72D/H1D7V8Abj70gzBLmbC9X+R8EhaSsUOCZmxyihyd1aK14FBDf80irlE8b2wl2IsfgYR2vPs/qi5JmBOX38NNfgXVXJYQwzjvBhTuTuxJ3wgA2bNiT3j23nBKXOryR21wngLzPRYoHNDAAujCsRpnWfhCHRBWCSRY9zGjDmsL/sGpqLrtxJHf24hd/hJ+SfJUhgzPblgYCxBz+o/v/o4Nb7kcZonxbWr78YjEjepDsfK4kVDjat4pZMmcxTL1wgtecGfLe8v+BT3yyLpKTKA5bkj4umQM1TUNkkxt4AMDCUPMDOXR63NJ4PEe893hwV4cXaLmtQtqWx5MriEfrL2hYPW7x94tFmI6vHks2PuBnIuLF/F/74BOgFvWZ2wL8AeW4+HDPuqDqmbR1Y40S/35r0gJ5/bSimr430PsWvrAvSqhqAm854z1iLia2KswxbsSvsaC5vN1K62TEEO9MaK1qOSZQiodX25stUdhPBXAU+R9STYMXWkJAZikurUIUEWCJZwd16H45hB9qmkGCKsU78B9rnvyi5H6vhEz7NsQ2Q+ShiyJPkEnUshBifzg8XFbiZmCn5FGvjbrLyClLIDeoS7zvgKUgaQbTr543U2zOrJLxVvKCu1vf2ZwKovQsAVjA438nTPq4U1WgKP4u/10tKPbz4wzvhntLSYEhzbqnxwYzLfiBzcfS3Yv0c1voZ/UJ1vb1QjaIGb/8FWSUAIo8sAN9gk3IfbOtoFUWHC3fCwNjQ9DqLuObyiXfvo/8HRUd4pRN/tO6vfPdNztbxLp3S532qdTF7h/ldDamNlx4mjN3lWZ4RyO0jlnz9+cJAkrJepQy3VOV9YocqQAfaOsB1t9aMiHA53swJW1S0kePRwI/GViblVIujWlJOEOUoNfhGSvZVkslWuyumNfxEFqmfR2yHWEiHRl/5TT/4o9OKNmndNxc74WFSfgmND+r/8vdduLIy4IQRRC4SxRjC3GCJi9/ypf3kNqLEvnu+4QMhMo6yM4MxNomqBOrz+JWacRpkMof0HZeLqNPsA6aIobz9OdNrrj1uJWMSUI8z7DrrPnLjCeqPmKnR1x0t50kEizv1mg3UrS5yv94SJUGTMk8jTQxTBgeEGSeHTLnQwaZwWmYLadcnnhC+gbCHfQ24EblHPRHlpJXm2LutKYyVsdcKzI4ED6yacYttUULoL1iSHTft4jnZKU2h29On3//L0t34Vg1w4XrX1fvfhwu+cmOGIjLdC502BO5VsJF+nzKyjjTWtQry09IQQpaGaJiMsy0RLv/+3WKtqXAVXO7q6umpWXq4tOxFHZNk6ydfhFZTyKQmAH5J5tSszKimVizeB6mvhwHkr46uKr3SfJc3AVVrIxJYrrc4G6/rHGhOXZnbOE2TzK4MTo2NotKhdj7MbLGM60+5nZeLd2NYky21Q/DoHa9jT39izxyt/AfkmNlH03Xv+aTS1epjZMbUnmZ+6S7e0rlc4wIvI4jG+2fe/u2dL/mPOwk4ks26w2U204nUD4PWvgSeS6edYysrMjonzSSEZs6laQ+7yQ8lDVa5omHTQzjbNICJgY4GGtAZx7njoNMP25kDwurnz/RJDaQPs6O9fkUDnbrIb3DHRoEiOvto6/3rsyRI5Qq3uhLojwQCmhIoH+fdYhjKZDjJ/EKSSwHD/2BxbmBzTZx0IsDXVK5SpofjQE0BU1L2uiJtkpGSYvHKRZUExOVWt2/5306xgoaeUZ71OeQdncXQo6nx7aQ4VOC8/u+MEjy55bBdDRFpi9g5gNBtAOEEmdBOD9KQ3HzJnM/o90ezAMxAAAABjbtm3btm3btm07H9u2bdu27Q7RQe5NSfNo4eUGbWEU+4flgJo+7YuIzMsfP6x/OHNAFWof3urYApiI4E/VfqY/o1RqcGetZYlow2VqXNDTaQtkT5HhISP41WQKa9fKxeVw7pVc8QtNvDnqAH0Hf9UvmGs+K6l/kxVCPyOjUucrgG3m+YasR4UWa+SXpSXCUHjUoyRy/RWYgjSEn1uL5CV3H+F5UWCjK/Ex+wiLMF7W1ILbz+kZLa/NEGf1Si8enTspFI42FRJduYYQm7SkiBOiM6HLLRclrKZtAgjA1phRbHC34BswyuOpXRj9PdmI1fkoLPeP1Nwl9+DWzOBmXjh5Td5UcjqFTkdhqQ9Z/nXVDrjO9i6L2nO6py99+S7VEWbmXOwc2rLV/UzyITvdVmA6zApxt8GmemTy1n5ho3xdUqMwp/07UsaPVHBrA0E8o82+RrGIzXF/oFRg2MTbI2guz92jLIZid+gICvQ3jXI3hqOLYeFlLouLIN6NI7JXo8aRxcg2q6Wkkf4NMg7p8U8DILwpBPGPpFqNW5F/4CdPuPrPRYtQEOq6utKkLjojd7yH95iMhSh50+KJ6kNdhoOkka/rYT7VrJWMu78UMKA5yooXwx81YDCgs+KyWnodUwwk0HagVDPmN9czEa/L/gFE+uQtfXLW8UMdTKIxRsCr1Uosrmmi3aVZsdYTcPCg1KkKGwL5Y663nZoASmUwpk9P+dTkxA3PLrfInhFA6ff2qQ7IyeHY+OfptZVEha+s9lACHXnsUjEWKl1ocEyMAIRrKLk1VORRgxL0u2ejdzQ5olQkrwRQ658PCkXm7eoNhsv9YqcfNRZawL6QJFE/FQqbpDw1b549lIBIUHdIz7UbDvXwD+1AYY6Tfr4RtfjJWyoOTKowwO3C2JvoRmhbk+O5mIStpzBY8b58Ub19yWykutj9aU5wCasX5eh7mUjrpKa6o0EO5HZK7czRZYJPHw4o3OEwq26UlpGfGLt8KDWTcVBd9ae5GAOxYB2459vRcmddc1Q39L5wY2V3he9UBrdbDXd4YcHya3y8I2myETfC7IpZFV2NicB71T/UmNEUeh/sDcYmfRjnC3K+ufl+w/DN9Oga9hhHILE66qm2erPxT2A3bfE8Nmdt0QEeY3nGGzya81ZOd1wk3w83FPZS2S65Mrp9OWNEoUniNUsKqf2ra3F9DtpPEHw6xFrHVPX0v0eQXjijTQ3UX2CdioM1uqb1ssSBdDvYLfIAae7R/s06U+c3DAqBTL/SluJfWQKFnM5XfucHX63NeuS318s4rSVo38o8SyPwhS52KmYpHGc3EnchZ+IuHJt3sMAAJ4HBFq5zqkEWFTIjE4W7TuTxeYV8uGlvBPpmRMVv63kos+WBYeKZGxdjd44yGm1NTw28JoU7e5Z5RsXGnn1D79Eir9oTAopiQuJ2lizmW0Da2M0cmno+T/NVTzgDHRGIn9vq24zABikyCNoK4Nubi3BqiuAUlRVdmQ5ZozP2vOvprH1H3uBU7AHDoIGwLRQM1Y81WKMso072o2AQYGCj1+tlLVkqBMf2UMkIsuuGFEL3YVaS9hlnkVaWJhmw+nO4PhXbCW/J8+v7y84uxvQRo+Nb08fd5k1O7PQEunsMr7lWO/RsfE6NblrzJY7irNAuSDdXnZZDbuXkqGlb6HBsDMnz8kWKgh3PhKauHPKxzaPHWTalL/5xWt2rW7zRuLXm8+hOpR8blp4t9CHC0ty9Q92EDNQSem554Xv6LiCM8k523/i+2H242Nlr/EkB8PV741lYtDHNxbZcGBdC/vKwGPQKxS2PD4UkeFNPDTU241tsD7Ib2aqzDk9rnXywBWN6CVp/+KNkmgcrrQOQ27KySxxSBOdzT6T2jBhMtH/0e0IIVM4+A5M5LX2kNxVRTxxnCJGd5bkZSyjqGqIKQQJpWYcRUhFOPJSoYMzB4EJb2Z0d1FNQMmEGuJG9Flrc0FQMEERdApy+QI7VMocgHu85tNHbaDFtRTyWv5ipyWkmzHzTXYYXKwE1XDrpZKtJAOj4OSPeB0su7198XZMOZUm0Mt3cEMrPA0VKMn6ZSfeIKBTPPeRbhmtnn+AlEjzxJKYvjp59k3nnaNfwD/E/gWH05bSTw0kEpDXF2rDdcsZu9GzjLB0TCHDr1EUmBmCuDJv14zopYC0kAVi16geaF7rsRpsxmWvfsqiNw9G+N78xBwRc4G08Hykbq9lOEUChWY5vKo42WOBacyOEV3Wopis6XO0+ItEOujWn1SPjWWpEFu7VKZM7COBvhEqbeIPvE8jrUaqBverYU1LqIXbmLPjFTtk0edZtANABqZG5pz/kmKlNAipk2+pBEH55wqzy/txivkww1YuNFkgcXIeY0lhXlwMtROpL8WyX5lIxkP7VMVDG3F6LKcMbvgug5uCwDuN1WkTKwhSgXYQEFf+GvLe429zz2KiB/xn5hvTsufLT6gAwmfPDxQrF8L+/wTG8nRSrS9HGpqA7ca9CQQf4GI4Oi5VTfP74reN0mwStH0SMq/d+zjE7TxVDvkSFBamw+sCEhbS7Ivdolj6xqGiWX7OpxeByXMjftrQBZEcIN4+tT2RRBHkV8UmtwfEeZzZTCirCFukLsMyG85Bs2sUUu6chJiAXXERVryKYVMkmxQITKOM8Rh4kWc+hdalifzCQA1Dsk2nhuh5Sv9iDmsFqAwmIv3jtBR/npaCFNCVeOqTVBKCwPjgIO51o9+fnICoMnYnidFrCPX94JgVoWcDmyEXgqwFdZwOKwZIcNDhMSUnJgBqrJQPKyF4PgrMEjblz3yLbtHyJpHKRqnFymehpo9EdYlOxYnziuyLS9EYeH5+jT4vABw5GqB5XseNzKL3TGGGdZozG0T3gWDsIoBXQ7cdMiZHzKVx/eJDx4az36Gk3DKx9qAIgSNknAjLqMAxkrOTBHVcW36CxASpTxtxh9BRMBp/u8xWRjACV0eDnGk7qDjF/fchBdQfa26HOBWNo2fx4HCXlsjlxtj9dGJydDVygCPEqB+6a2G2GrSfieX4+hI6cvV7ela/phjGfuj9NkrGDFnV5yj5WMtwSaQ50aAzTH1ETdsi07MuCOiQZwhbyFG+3ntNVdOgWW22MgcOUUW/tqyCjWmn7njMydzlm+SaHNyr3UsTGR5KrjrKTPuvytvNQFhVGYLZT+TNtcpcbce71x/ULhDufM2CA6Gag84/PY3AC0U9Xb2NUfOi64TU60PvY1TJjjltW6494kAK3tb6bkTDBGtFxT1KFTErxZnl/w7hNLLar3RuKCB3icCcMhgrJBhWw2UvjN9To8jFsGcj/QLQ0ddg0sVjeBcvDrarVY5iDGBLf04dj/o2eafrl0ReLThuAVJeGK2+Ks1Ni0D0zaOWDJjDgU7blLzup//2KuJjoNJG00Mk50nzEBXWVjYuNHc98CzptoUohvjnKdtFb/b0mqDfb+Iimrrr9flTFe2CpBxGflfE4v6NhfH+oYUziIkhXhe5HxOWpU82BtC4SPcnZa2zWAOE1oC05+5GJ2rVkcPuro0GOm8+zacnHzvyGgzPLMvwRklZzBBqXR50YxhiuUWjq8TYa7eHcGDgT2JGVzYbeWKDb8yJtouLBbjp3mDRd/2g2EPxDddLWbUKchI83FCoUklcdGkrvjkGJNIo+KMREHWx0qUKs6BP3rNSKFFZCi0hIh6eyAoYAWIVPeBpj/5Dpm3/eQxe5TJ6slZCuZ5UspBXdj8Swzp0oxDRhYSFLxd33OzRfK6kegtFvJ+WjAXKSIv9Qea1MDkfzsUXs4AY+vUC3xUrMTEtGo8hpbP+T5QU12rxrny65b68CqnoUUJmIe9+MyATingxnYd5JnjIzlz5GeFU7ocgWO1eHW1W+vKqXqirnVbV83QhMlwkucK8DAnNDisX6FfGjuhIgwjQ+NdDhX1SMiXlyujy9KW2WPY01NQeBg3YKKWQRvTd2x8pJRmgcD1jKgfLwZSJTRW1ua7gsqaxz+2g25898mFNOH5E/b7WCE5bs2LpYWYTcJDfu/7nYlxcOXlMrzfh5mIh39MzSqaW/M83TimyzK4GzewDLGodDHQb7ZMq0B5n43hYIIpuVvkSowuvA9ALj7+Oc8Jrh+hHH5N3YMc9S95YZjL0KZViue4YCD7smWXK/UqBzfaS1JEo7hWo5u66/MfgXSlDDdW5BWgdGuiNh9wwRCl1pogAt8/er3r+M+ZdRBLhZJ2dWrhpCJOTtIU32V+RoJUlZtDK2f2ywBkXXlv45RHg7xmsNVT+tWMeQ94rykkpT4Z8DP2nBG/uv4JSVH1CYwlBhNcYTpnHuGumuS4kr4XhCrHgiLiijp0+xsSkGZZTr2+t6+Kw7IKUZDvNyPlz43I+a+CvcAbCc/i95Ofr2nYazadcV4SV5dVxKMyEs24GxxrOlmWbq7HNmrANRZTVlQSV1bb089DlzVCseUTds0WeRDo56Bu9eKCdns5Ev2JUxBc3KXyLrbbJVBD12oWAbUN56SaC/EJO+m1ghmN0U6cex5v7ElW0HbFsLKYA3cKq3tVs4ev0tR+SO83LLm4fFOQoc+x5DIdwIeHACtVB6P8vZVIi38rH2AjNM14n60SgeXsmrQFdBdk7qiA2gGwdC5hAyPseKGCegq8VHp0e0YIgF4GEA2OBJQRf1fDaewuCxHL+H+dO7XCKtU5ykEHcfeOuyMyVcpkCJflU8Q7ewQLnuTOPgUQ3Fr3pkw9AFV4FoMCjzfNppIQFiU3QHr5B+nk0o0A71/CaDXI2SdU+5b2L6aUNgfiqLn81W3Ir+CVlqGVYFF/8Fwp0bTuH+D1YMZdG+TnDrFIeIN4qIJr10dv5fjgnssFRz29U8h1P+u5LtqWyqSsw/jNQqrvIeAbld7VGlnYKRAvrHfakHlWOTtkRwLpe8oDJ4fLdNrMPb/kb4A0HABkN4it1EzhuEQkyliua+uiFsB8Gpt3ikZSwAGaGJw4aFB+k0LKzM061K8/AFSZ9D+UuopsViDx+2J/v2ZoWwyU7MyXJW6UO8bwZb9AXJy+uv6HNB8OsGPrYd0Jpdce7FobpwgDVl7IDsUqdYvmV0dMGOcoRNG+UJB8Zl5+8L0RP5n6reNT+CFbqqVxrQg8Omr5sUcEcKND7YoeiQBtw/rV3y/gbpmNFi8cV1d1lg/VqvPKzztLXE9K09l0X6F7HZTD8jPOxsXeCakux1aO+jZU/louq/+qZG+wrvSjw20KGwChk7fXnNi/vwWHHdCsIOHRbOO2aDmKUVUHwkfln3+I95ZoGXMOjtdrPpxMKYz1Wr18SHXTqA8tj4StiroQ4eZ9VYYEc0BWvN62Zd3bx65ijmM0pbohwUSkq7W6qpQ22zO7fWI4iPe901VnpluNjh5P5Xx+jiwhM1skf7zgcS8Cmj+hxlL/e5I9vmDYHas4hCel/O+byV0hCUxRknXzsKa3+VYsuw3+3UIlh5KRXqE5hiIv+wjHyZi7VFyBtALJpeFttkjy4GsmpbJi4/4t97yjzRi/zaMV06vuOYxWe0Kej9+/0xSWC1gl03N+6IRETtZldFfteto9UHmYeNkPq9fcuAyaclCvhHeVVNGeoLnaphszkZtqwWHEGbNVpqP/TDMydf+0xPWRL5itwn2NneU0/fZplSzJ5rU/8uDL6taD4+rAlyB5qL6NyZzlJDx7IkQzGZU0iibaRnuCY5arDsangcUdrlS9Ebyujziq8hZElpf1HwtuT3POxLjWlWRc9wxzF4oAZ4p5JeQ3eSFXaggRBDS3CWVoV8rUG8SWD8RMh7ZrcD4QosWTX6vRiyqOCOlH7ydf07zKgkWFgA46WQ4w/SbGzRTXU4Wlof/IdQ4KOFXCJuadtuokezmtQuXyfLcMhMJU+vKni3esIlAMl6A2txwtNNJGFKYTnxIkjz2ETTUehn/zg7OAO5vetLJorAVrwTvyfhKvOtLOPx0JdgaANHqh1sGbMM+5IbyhY0d6AQ9HwWuQaEhtxnVMaDyeDaqpRbN5A7eSQ7nwWtRY7j2OtPyHdSGGkJ7AIcslgP0s6uf/6CsCvqH0p8SOGB+dQ9et2Hit0bTAqVN0KyAEnvgklxYlH6tommzX8Gq9Wmz+I0f/O3HnmfROJsYX5X0PXZyp5Kbu8KHMrBqvjh9JcUfwcj29HwRsx0hvYzRGnzO+6lm9d9nCVqz8iG3qmRJ4ELSaFM4Bcb2NHIWCGpL+yOZow2WsDm7H0f+TP4lAw0Km2FpTHJcpkkHAfTD4o7rAUoFHlHoMwPLdWAbBYVoRO9ElD6yMQdu0M1sZiu/2ApPzq799oxIFhp9S2GamnTSGwWLUr4dYa1e1aiXl1IXsmjnvALgHRfEeLoaw1JFRuFuGzlpGSCMctLhLDv0+1k4Uch1qbXcXbhd8wqH04+3D3JEXe+J2rPhrPrWJeH2XUhdq6L+xghs4ZtCvEKdpPtYR5f+yAKdy3Na1SmA4I3z0BXf0eftVl5JcHGgNCm++HhzR2aYzsWC7qOP9jyjCkVpeShF/AZGQ7XnXPVpcIRP/+hQr0+fBWWDjXkk64xdjlnWHhbE8CvUaozFqG54AWbGuuFcohnnVQ5vENjcGK6amScSI8yjxvbcvuQvlpTT+DTkNocKS2WAei4JPmNldfNv51Dc2OcHCof6u+bCr/wMP5IvR0nxjLbQ4fcqiqskzdnO3efL3sNgofRupci3NRa3OupvJuhcxssf3p9eGTPIW9A6OZVNhMO7OcvGAy7y4BP1iADCZGy8ZYMRmCns7w+Tjg9eJKGE1aTlKZtCbtS3rg/Wcb5ZMGBn4g+JdUj2ocmn5kugewYOI0lxycAAbrPObPmEZqbHpOfUzApvaulEO35LXYcSYrk5l+IlaWXTndgHPvNOgjsdI0JX14V13zriHdjpUQdEzPYIUQXrwQVHsphT6ZKbYlx8POru03Ft6WJNqAz8Ikqml5sdJHOu6tfuHUd2f9ml2FgGm+bUGxTwwvgS3WmmOXBELnzNyYbmslScpSXoCN+fpsUZk4GGi/rpQ2zVcoIszX5cKODccgK/QjIicwPpnBqDmpKygY2hLbQV+fsp/fC85T0ShFFBAcBg6Tnqx7fO9izyCFbJaCij8hPjdD7doS2eg7d4xwzqTOgl1GU03mMJ6J632rkRtewW0Z7Fo+luGPULItwe+uySguejTZ8KF753AmD+7EM3NjsKNcmVVRQGhX01GTGA+tcmiViwf7GHUGOy2xs/3Wfdx2C+/0OcUrtwd2zH5UEkJnMOC7+cKK98KMFaj1nzjmESeJpqHV7VeD2D+tCdLgpSkBBU8vfwO4QRyAF2MBP71X4NzVTuYQT1pq4b2djpDIyzxRg0Hxp9dEDD4xOhonGxNoXhZzX30hXSA9KsbPUwU+EHQXNy8/UgO5xvvxwoRiuXGA8l6eR5ORpEPK6COirG/RkhJ4nyYzN4EAIxVl8JpuxetNHJkPo6VOPLufPvKx0stai+HDsGlQLzmGJPEHxcM+UzZj7Wylp60I841l+WAuBPJyI9gzL9XtmOFp5m7rWk+pLDkGs/eS39bIGCB9yvfztfNj1kDgbD8odjZIPvnB8iASkIKXJCIQfdk7Aj6yH14wyKRlKJ7Q9R0tRltqtdcqKcltwrpVUEQ9ac/7wuwvMbACBi5wTfwHS0LYKtJ1awFMYCvlPvvgfyreVlUoM1Yct77Mc1uu4yqlomlhniZyaVW9uNXRjvKj3LS8eQ4x5ARIosSMlqpy6Yi1iP/4iCLJvPC3sTxjT5FotUeqbGOxbZOlIkUtmKwX7vBY48eU6adHmuVT0/9TZPyu1Kzf3JWrofvtlCWKQl4NqDHhrZL2UUjOkbUrtbmN84qAEQO0NvmlFVxNecomC8sZe0H7YhoOerKpoz076bn78YietSXe77ybqZWDbyuq3nKj2EHFlWzMF5cWh54wnQO+wE7GaRVlvFJQh48VdNvj2uVy9ZvhEQuk6BgckJ+YTuV+/mdrE7SgW/ewHCI+sXZBvd/6scexN1VgLs9i6q1omkGdAq6tRlZPeJgUQD7dsEkaBUja1o+0l4hXBMWrc7Kugtsfa0a1vh6NMfnUFN4iBPgQfTfgt5at2/h7CPW2bjNSe8l/p4tr17JwUMOQwGRragmwuKaR/GVKo7bDbLIb9UNxQm31m/RuSuONAGBY6Mhzf3nNTN6/He9oa9N74fLrpxC3q6ysW4VD60CUybUc0H4cjz4e2Yn6m5IZxG8SL6n+U5LQzC1TPmuWgHfeSTn62kh0SYZXlbW8vAevcAEIr+k04ptPi84ksCSGIocitD5BqOq5aiW6USKPPewcAn5+d0oECzKndf/4FNFD8IGnSCGX9aCnjIniNrqJEIMXWOaqLZW+EIBNq3F7LCWFBbjJcTIjfZkZ2qP9M29+foJ+HF+3M7HDo0bMDLdiVLmA4TdBFvKpf6BqCQSXN1iaSr+/dogUGoeNxiqkEK4QitEL3TqPV3zCOJk4kwhbwxXMsE/oZuzULeho6Cq8CKMku29Rneulz6e+bs4OYJ8M/GJbyhNBDdavbh4XmPktmKtGjGwgsLBZFsoCqYcYTOHZZl6o4hTLjTHXCXtVN0f71eWkocNA6zxOwluIz23V1v0lsohywSzYOzzpgtzoijX49HN4O8urQuAw4v3YziIB74ekNk37g9svg5xDn6v/CzvsS3smmfdqaLjAGxCq9GD/l/gwBD5swBHAYzVF9WQZOJWUZFqMHzzkxU8fxgXZ96H44rMZ+NBIHP4d5BGqpRcudZcr59wygbRJltcRpzSAoC2DWT/U1i/Y6qITN6+RzNYgX7Bkac53lj2aiSa4zeiaBI2so/DgsDYTqKkvA74VvjXpofNnXId12syA07RwbIdZ5telXRUERYsVPh0HoB40CkkyR0xFx5CwPrUiUhm+vZ4Dkw/UZy+y0BHTcXziiMmiDqLjhM6hpCY6562rSKOTrZNVjY2PheFYxd4yjxJh/zwwjA8bwPjYTPTckuk/m5x9Zw9uvv77PCrZ4cXDd9rpAkXicZvH+NKgOcwXYCPNMdFwYkvKr4M4icLrIOah4TNiYX/yThGxKO1shtJVLX/PQQ8eXx07mwdPXuCjt3TC98gE9WLL5zVAusl/3x4bBhO337XCkhxHZYFLf1Gr7k9o4KfSLM3OPLMTKvSf+Vmkzbvguj0MlyJPuJ5udC0YqrjI7KVjqwuDVSRR8eSeE4w3dC0S6SjtfKxPvbWOkWXiA+BY1mFvwdVqN1ACegbAWX5gQFZjezr2VuIYjK6QRdSWCBF/BGXTg9sDFTMTqoTks8eGf7iJMvTpvtV6vK+piwHOyMCttHtLfdL0m/vo48uVyH17gGR+O1fsFCc2k+6t+wbHsbZmEmn9AJ5DmmfI4ZA/kLYb4HiQ/xFzp7CH8WBuxahtBPfoTy0/+pQV470eLYlMG+aQhmujB16sCNzU6qHDLI6O1K3NeKc9KelZ+W7FFeTgXlt73Em5YyliFavkjF8vz3U/xPH66zfMIvdXowSenGhN3g0Ct+WkngdasrUSh0l3mLb/OhdAwaEUyQKksFevnnXfBq423eH+cf4MCH3FpB5rXp4zIGYnzUPmVRJ3uCr+c6fIJFLyb+Qu+EobBBVuLoRyYGiy7veQM1Pymob5TUu7b8mQremFZF07J3IVjGm1Yn1fG/L7UJ1Gv2oJhAzU2p+Pwwg7pFgrdGumM2Z/vaRYLpOY7CXJZe9uSaSvmgc1jorsERSQfqUexX6x1nuHV/7G9LBV+zzJDCkbqL/B4XL1pPRhGfnV0Mq9UVgOS2rnPblC42kQZkuaPDrbWSnEcQo+RdLSZh1FG/qoO3d4UfDjNpLzvjd8P6Y0ErzBKhpMqKLg5PhntPFHGxHG/QBD3+CfFW1Lgd/EbdaJ+M+UZZeafvb4wwB0YiKN2/IyPQ2uEc8zWUTDRvzqWyDj81JuYuRhsiFIZzAduHXWd9TxiOcU2TkgppnJzidIY0TDiJc0q4kSKaUYfjOUkV+KvqaSAjKrl3iO5I5YcQ9W+jo4TLGqDRHMGCITBwjWVfWLBXESnKQM89E8bE3FcAQnZw97Yba8ojeCgtxxXIh1KobeOn+THgL6vX4Qps5heeOJaDzDzVcEyoyWxK8sg8v42DuHoQL7j70reF9shBRF6CVg2d3ea/vU6ReMNdTPws/HrTmFBXj7YW2gTJH7sLyt92LQ9abjsufUL7gBTL2U2ldbnJ8x16iIHzx8rsj6SVTD3lLKIsN+9lAPn+1+JsCIds78bYc81yxo4QOVGDHsVWM3xfKzv6Y1lzg0vj/X4HAJ+XOMf5/x4JodoOF3FWrVrLOLu18PwTYgy+OA/mDNcj4N5Bk5Pr8zqawH2QMDgdjQWImNJttgSpxQXqkIsasmMKU4wJA1C/m8zm1DBglID09Or8bWog97djMShUAV14v3W7YXJ2h56m3YrMLAY30DRPsKdJFcVHJv+iASTc7QbXnsfs+BqHpREXngXSc2cDkEmIbHSvGJlf6g3TDHUKfcSTCbgNsOrfIA2EfQTBORHIQx0/rgrOGJucKI9poLkpW2Y42zKIpx4Eo2azUf+ZxpMwPcNtmHDgG//xSPBlx1JGVueYjq5PxKX4HJo3sqxHNL0uHcWL/jkAzciMuU96GJbxMZ8iAe3XM3UR1LpMpn0mlq9hkfrRynopKIgXjkA+IH4JE/8ttzgZgLAYpo15CPA8t7LaGx71DsWs0CurOkOiH8JCe2eFkPM8NmxRAOl1gn6zi2JXmiyEA2cDfOpuqqadsVVEJRfKUBCwSS6flBRpaMO5Ngl3M2C87Gx1KCkJHZrZfi/WRkYTNdOtAGd5KuNDOu28KWhojSjlNh4N+qqS6WDxj1zulAdUMtbFJsopzupiTxtmtC4TrSHuo/gUHHooBstYbJCsuc1gf6wF4/n95cxcIzgJsQzo9yq7Tcuv7RvTUMJGX0lRE10iqQ9HQGBMwK9rrxdSTEm8h/l4UPBz2FUNcN6UCHKWcTwoGrWQju1AbWSnmAbUxX2uQYQ2sA4O7S5Ts0ivXzoZ2lsgBbHMmMAOUc7artTQHNnyc9914o3yR72AKSTUcE5h5qa9+w398xwJFtqqPAsDk/vEb8P5gMG7Ns2FstoLGEqhXySrGBZfHHWUFfhA2ar8zzUo6MPfZZy4loujryI3a6l51pMz8PX8HtjR2+YX2xeuG+mv1P6NOI5c5PPrDfke1TIdzUELH5JkfgoVh3Jg5bVyKi3g2+5ctUOYcHLdQDWvHWl3Fyf9PHJ8gAZAEX50go3f+RGzMyhvqMYRlF8Yvqrhbo4MiFftDkC0A57zXE+A48Dg19IMkad+/KAuIw8FQa8SqjuQFmLCWqkA9ZchOO00PWn2p8Xgha9cujQ8W3gHUi2ORpwi1lwZzEnI2YUgcgjP+RltlPC/fvpoXv0CDu/SLaT1fvEMnajP0SL1QVlV4AaXyPjj+DuZDDphuw7Q8tSqBLjPxB4LfrxQoUWCbSp4XoSN1U8mkDvd6k/a43d8mMIvxb1AyOOhHBoH4+McxG9zicubV71CqZSxBmypxxFjoLhjwHV2XkffIQcB1L2jTiPXu/z3MaLsRRcmSF3fM2Dk7zfZbJKW+RzeXZs8+E+mw1Y5mHE3W4wUgrvEgcvom93kVUg0LidNd62qkaRJgmDm5U72GcLdR7p4mzdgwouey3rYb+aeW+UuTH2FBvv3x3E0PAvP7xCXh7iQEKATcUSJLwlT52RwD29hfUBGIWsFpdtA41oYyN0u+nButjAhnBKvMMGoebDT8PehhwvW01nlI59Ud2oZssqxA2vyfF/YeFNlbA2tKzeumk7iYarqDdPE20URxS3qDnpF6qEIKym6St55AeEA60C+5/30d5HClpqwFINAI1mV9vDTFcf6jglwf74VyFgDH6ahhALvgjArhHmp0kWGGh33wlDbfBetFSsQhyFNAfBYnQpWsLaqqmlO1Jk3XpVBOL0V/kOt/O/ymBrsRrIlwJHt7/MMN3oXrPFDkbisfDmxtRnDuwW95kw65TdH92V74/zNvp/beoIpFHDheDpXY7/PlmolojzkWaSCmHeJ7ZCFRdDQ124oOixYVsG39mL0lGtChJ1o2mn/ibvejiZk4C0qZ/Ozk6+1zCNoY7tpYNmuvutUF7ELHo7lcAIWYgB1RGmy4QGpiinxrxSzH8uCkLFh5He9ruKhATlpv1HLjQy3D/a5SI9DGco7G/k/ZSiXcrUIGkfavuyx+vZWX4EQkokWA87ospkdyiS8GrxyI+6eJQg8Wh8n/VCYB1H8HooKIs3RSi6NYiPP9PYHdTngOsSrhtGUvdy58mAJgipWNndq/uS2YcVZQ1g6OfvGGN0wS2pUTdDbsICGd2e9MJ+AM5wdci+RGIRRCqGD3USLqh7gITeOZi32xH2spPZL/vOjq+1iuhCE0tnnj2SPX8TgX92tKgsuCDokXuPj4pn9OPheMuJxjpxxDckRJLz3zBqK1+k4+0xHwLv5gdD03S3A87UAp317+oQAOX3BlkUKRuZqBcSQGu0bC7XDjatC46qAVtvhTolDrH0bv9c9+vtMe4ga5HxjMTJXpUHh+p0NfezRfybGGA24oHtrPbZyGZUAVQrsOSylbtLVVFGVEiJENCS6KibqO3d8EKIE4xVAxJQWtBUawUDWQtVo1v1Y7SdQSCHuenDHQ+Qx6Fvj8GkDhXJAakmdlmUCJISqvv16dQDhgxz46qyqNgiK11zSeQZ46MMjFcaGHL1ZPQcbvaqg726f7GmC/uyfk9vB4LgXsKsmnt+6XJBlIlZuIqJYrCQa39PUHe0ELsdR3SqvLmg9Ki6QS8pAB6PKrPiMlx0uNLqwYaAkJSFvA/pmcvHeZ7+VqKHJEfWvPH+/TULMzcQtf+jClndCGh4ZCevBR95oSF2FIFgML+JF2Gkw9njihxN6A3lvRYnZwNWvIFNYLSoEnPrOGvZbVPYIEpQ3dIX+x4TbaHBD6IozgM/BZp2c1KSkyETAZXmuCvzanHAuOPQi7RC/5cScOZ8UJZcJNMghUlE6u8cy813tf9PMefFawn8I+aGeCo9brnH2XbyIsFiFZjDNBK6M6G8UPsCtLINZ4rhyJWwKg8wWerf/KpdQO8nhxBuDUXM060mgynULaetld9oEzFKHLjh0CrGe51oBYmyC0hmT67pyrlB3nPGnv3xa5nFWRN34sbQKXPc42J72MP5lb2MgvMXw23MuOTjBhGsqXgnx5vcc4+L6ANwnaRUqmeu1bYkaZPJ3rniIlu+7dKX03BP4/TZCtM/H63z8I4DpPQIMcGyEmKZLdzRgFFF6dLj88w6HaGjCu1Rmlz27MchyVueKDNLeaVghm+A6tVohuKRRjC/ySs+R4Z5Ax2JrMis5UsJf41MDYPk77EV02bPBR3/s7NyiR9SBxVPw2PV83U/ZR9aD8a9fuvp+qJvCbyxdbRN6eeIAmidTnZIns1ahBkTx1hPaUXZoyA94u+YQCTRMNA4iF8ICwtIcMzioOYJVU+m4ZUbn4fBLiH/+1OSg7xlmL9t4MG5qo1cKmgHpZn+FZm3CnErgXspkOEgfl3IiIKAYF7XYxE0272Ne7nOaAbzBvXUq23gAGngOgvB9QI4CjdgQwlrbnpiPCIQwcLrMjn9foHYWBJCAsy3NnF4FF6X/pjcv+XWQkp662yoCWCrZW2HKD0S0B2pe2ROW9oJQfThjro2Bs00w0MA97P1HyP2l52Qgy6wZjXwv0a8aKzbY9BjA0FLKPtJZsyjNTtRSpSnXiKA1lLeqwVMsHjUCEaCWqykjgOP2JakjBc6SwFbZKgXwhoeYSNhyUucA1NzkKEM9pTf4OA3Mfax9RYVJRjme3Q3To3woYLrfiWXIKaGHWwX4ybwqyQA9Oa/+9Ve1LyDnJ5hWyHbOzluL3AO5TeaufncoAe1gDB/TBzYfSyWVrsp+DuRHXDMsj6G43U2VS/CQzaxsMRavW9cIAgtv8tZ3CyE03kavul4pb/GQSao5X4wGiTc05GNmvfZ2e4CivIzpgadnMD7yxUL6qWDn1Kf/UwujqGzSFjC9dXdKb1rwtsL707L5lv/L2COnk6RRsj8tXKZhHrN7pqgUnaY0MX0zDB1/aXHlBwFTAF3UDriRYEP40KAcTEuKlV+2dQ1xLyTBSeJozRZSoDlzoAdEv248pzQFLIY/+D+ojYiBvxncoLo9kfW3GiDIOkR/XrN7swrThjZwGy4759DxVQzY2O7A77OmBRnBiEgPOO2woQpdnyJPRNDRfvMESLINgMIeRgNZ+kQ6+CBqmS+nl+pXXXg1vnwYhuwXROaYTjGmkLIcDICiBg0BnJ5OntJUpWtYOub191UfMdjG9q3ZmvTigvz2QHLnAIUWUk+igmJawPSNSNg5M3xib8vUgsUID/IkFF8VuEhqAXP54pG4MWzUs/wu1JEtBs4oNhof2ULWAJbgLtwgTqpMteGHyJimKET0DJpcLg11mYAQXkjC6i8A3UA7iQephW67lmov6WfsWS58Z/9sGfZNNyAEDFSh8AJu7SUorjdkD/Knen1mcaQDEOslHXm9Fzl16pzH81D+Syx46CXnQ4xU0TXW5ng2g140cw0LlgI5s0LfNiX1zu9jYOsWZN+7UeGtGZPZgo1Ypn2OgYji6S3GZJfekS2VUoIDe/gIRFueuBC4YxuEAt/TJt6NxIDwPEWQ88Vv9xrX6a7vOCW7/DGZKTw08yILzp/gKztGVw2k4po4pdh475nql8pSbWQVw73vZGMwN8uaVHns1NVgpHmR8gu8ug6a+2FSIdcvccT5tnWlu0qozn6hAMaVTN/jwH3fXrMb5HaKu8rVdVP+m8rbY4vs8qJ525RS9jFTTkGlzDt/d+1PBgUA7u2p8tBl5CYFE5F1NQaq9MUvDcBCP4ECtSGP0NyaHe7Jj1fC2jcvEdyA52KRhY7VXhLRjYuEAyCsEG39RYUCQeQPzBcnBPAjjIulucfGzrcyr/5bu9LzX9eTvVs7Nv42CmDIMzT384v/Ibdtb2meug4FKaWxABeJ9a0fKDL13AM6p5aSixyH2IVpXp4aEm7rENcw9T+NVt+VfHUVP61YefW00soghAUjW6Ghfxe/0Idc7BysqSR5O9QbueHy7VwEhc9inGdNREWriJzgUrYFkT9hX1iI3Zn4ynYYoDxcdmLfjz1pb8eXsPa8GWS7RKpnLQZ0bwBabSzZMRMgm4i49Lq2L+OES/0fNn5PWPNu0SwyyrSKi7utjS1m6qRl/ckKWCiQ0AKyG6RaXD//cPCqnLX0suRg9sgX06nH3LRoxgvu4gp83Mbry2RYwjW91whxg09mOZLgBfqyXkkmba7Eb2145kjXz3TfdpztR9N0cys2nhMWSGN/a1uRNpX9tXM8NNKF8M06tKNfauu0v+Gg1RKDvqnpAUrpHVot02Hm7ERGR0vSIpJiLSDeOvRfeFBOsMU+wifE/jzyOt2ObLMkVU6k8txQyeyUqeYW2R8JkQt9vscYx+mGAs+lOnDFZyiLlzRnrSCO9n0jmaI51cH178HRaW8AvWK9iMa9Jjtbleh5ZBp0afy5nSZr8+KyFni4sz928ig60FOsrSivTrysuqdgFp8MB4+GeC1BYwAZUU1yyKgBuaT2FERDo6wTv5Iwl3j7EHXH+haj3/P6SBHk0dQXA5K7Ug/FOLv2gW7CILWk4YjRTMNWZRsOJl0Dyo5e33KwWinj5t2k1Wjo/CADNCNZKm7OOozUItU9T6MeZ+D0D9nQkBY5kQrbfIF6GNhb85UDASF5kVXfuwafeobncLc+9BnvOJYtw2sW4RYtE6OFGZ9JClvExbMjaqiUF1PDgEQ6mGXJYHKtw98bCNqvJ1R0dKRsaurC+mwBNseoJxlagUIFN/hYchV2xf2MYNTokRUD7XQdYH1Gk3ocWS31sbCY6FSNfweSKkasDZLhSqGm8tYKFE0iNJ5nIK7gVb727yvU5B13jHuHroMhiODDJio4P3yuXrJe5+77BQI7h9SqE++q31YDkn9zMzdeZgL/j2adFztYbhxdXZpBH32xzcR4L9PN037A+oo8ZFLmyk4MvsNojRfOjBw9nQ1S2ib9a/uybkDoDtJR1t6NxmWbDogRUh328cLuW7XhkviG8Uf+ZrAmgz0CEzyPeGt7wBh5R+GzBHuJRrnR0WrzTJK0Ts+BAjaYITXm2qliDFuaTzwgcrQGuSbLhKF5FahYq7lILK85JLa/G87Wygpty3xU/nw27ADx5DsZhZP2QsMUawMMC0wRi5ZJsIHFPsvrZu+OztkoXS0WqGlbaf0aGuiXMW4ynBTz0ip/PSgP1esHNF5DrERzKLkuiGfF7Wt50hOXUMAqIQjUOT5WouLC9lVt19IAXei5FQDvogllkVfgnryH6+U+fAPq79e6x6t8rOY5Jz/2dMqVY5XX3lkY0fstowe0DzRNbRwtcC1yObJoZp8B9yz9nibg3dVpdRu5OMtVUQwFVYGgrIS+1FlvEP3KORSahKhBjS5ibUSg93uI4P6orLkmZi4NHbvvv0R7Mp1Gc/czm7/QhDBTvtRijO28WfrLXSZR2fHMXBgyZHGhpuOHjv7gR41miUEBxBL0stEprpd0pDSIi50la1JtvINkmbl5LwKihE47gILv2P4q/eJsgrY/aEzMdJUc7z0xXdSvMTkO/eydM4SeI0Ijp4vvucLIGu+8r+pVLB1gooC5c2ad7HBQD74OVBQn8k0vELELbjr2rWzkBs1R2ExdKO2SX0/gWLSxVriC0ETokf3x6teMFiQRuqHy3MbmR5kTBBf45w2L7WUGNo9m4wCfFSSl17H4En7YpONz5wJ5gFxuQqINJr0bSLaPwrKL9I94UVNml7gebuSDSKZP4eNso/YaCpNOEg/AScDp0dL45p/WBGMZGBFqOFM0QDcBJvaLMxgVWsZsBc3srAsvohlE0tqyKz/uC0WkhIXV+7GktDrh/KctTk35TArLpfjbNOimohvbOUzpX/mkcwPK7ykAQdDVZmULlJ/Szop+8SzvOf6mOtAFE8u89PE+g95/xKHrsV/FJsKuzpgkYPevMnVMtoIAUkdX181DyfCd8xKK/Hf4mZHTObsT/c4mZkPj67a7hrsx/sglhbRB7b3lAXZ9E6XpO2DzwX5g2o2EcZ9LN0BTuErt+mSV66oixODIhXwsiQoiWzu/802rJbHpdT9gkfP4D+AkH1UYa6SQWQLFNn0pUAvsgBsieZlYaqfAlSSRGHFEGhQp/vT4ny7pqZhLmlUDjfyLcQZbyoOJumU2WpCyGHXRb7oD8ev0kN+GM0ih/pipNkleSoYXiqZK/iU7xlCfRXt5nQPw87NhkYRfydj893a63UIqmonO81BjDdg6C1Gi2bSt56j2uPDXexG1oWQlmlRhAEQv90hIxyyUca4EL0d7B7J3O3k01u802CCemFHmmTXJuxTH2ZjMsNlU8lu0Lv+ug67n4C8W9ORSioJ4OxtTuboIkHmGRYXn7whFaXlFa4wmM0gCsd5EktN1d6M93k10AwMl/J3q5K/DghdEuutLEWUSLE7mCS7EMWkE/1jbYJq9n1cGYJZFj/RlQGJyoAUkdJZ7WnLMCEiUxaCn+diXAynnbudWRaKFQC/yUnyOWqog/iCW6oGMVugj6jM4DiOXyEmhDaOZtBaAuWBI+VsUMeGV/s2MrJWUC4Cv07CkpZQ8zOZNmcoAs9l4oHnM/WvH2vmPcURWFAHNFcSndLlpWCLUYkUa/UTtacK+pSx2ns08w+Ly0naYG2Gn3pDg9Mn++crfODdI+3zYbyEHITv+U61llR/Eo2zJiR6DBDSGhZR9xSVbrllYEEMTMA7MuBK6+wy4wqoXLLJ540JYKrIPuGuAe7AfJd+6iyzYRq3peaFTwfZmB/grCPHVsKzbtqf3/Ck7qCAn5CejW7kUyGXzzYjox9z2972J6e8AipysfGL5PHn/LDx0UEjK3agI435BRKHbpYZkCjtQULRr1cmsMVtKpayFEwNERbAD5/1AXAz1Oy+gUwx+jZPpmQyjuGTeCft2iPoUoMf0arHriTpD2bgibdyXyGaYBr8KkypnP9JQU60hgkghQIuYNmA6fi3dDK1M9pHtGbIbCSRvfQHVOKt4q+fimFsAP+m2eYbnoqsEblOcu1BK29nRaSl4H+hu5K+EbF67W4wj9Iae29tQgfhKtLNIbbsnqNDriDA0DB4Hb3dU3CbYibFA5xSIQKjXLqdyT0oPTE1EnskZiJ7AY3+V8aZ/7YefJWnVId5+by+QpF4H8dQHOXBG+V/dRMC/SXxLFsuSgEl4bTAYYtHIQvalsPMftWaXSnhIPVrj4YnmeotOa3mzEhsHqu3MX3vMYEIVR+leVscuyMXpZOUR5WPo08FeIL2pRhWoRRgbtijpBUxl3Y2CQ0cF1CroIvXLnybmFd39adcD3aYGJWy868YsGwMSIwhMERcILq88ERzZHMbsOhCjQFtg2mXnbb6XjL3K4SYI8IOPzXZtZRi2m7ArMkaZl6/ul8RLpmT3z4HHWfyTDvI/5Z7ubk96xHOhw0ubG9xrzP+U+1lgyjfpvI9qCqUL2wqOPGNZq+DgkZxsQK+iSF3ByKfSCGSOoXAlLyNu0cp/nxBmvuu8S8h1BHGTrNW14cwqAj5grydvEKADcXv0J2jFlhRVvQz+iZe+FFuqNmuPqMnm4NbPfanYTyqpfOySsgUsoxDfOjW1B/NP9tVqxmQZhKpv2bPq2WOVm+aVefyehbKYVjQaF+AuY9/1Sv+p2UGuPo82yGyRrzHwpva50t2lFKoE1epuiLqX4qEv4Hf4iI7rLoWXcqtHPa90IWeLDZe41vN3aPu/AOs3Ya7eyd6hGoCgT3WuGeqBWTbiOXyv2qa5l7p+/FHfSD9RcrS7IVqhTYDC/2dArlY201SH7sxfqKMlfyURz+C37baAWrzoHUAZ7Yo/rD9hhnOXrTt9dT5EL5ov8ndJiXBIX5k4PUKpSIC5xf4xtOVcjhJ2lTZD7IZ4RJpKkb+P9fiR+ip2oU7J36qfVZHqWfHDbF1J1VzSjqry9cwYoNTY/vJIvjy+3P9syDcSA92NxmkhP07I+mmyO5k2AsxLEYmr6INBaDM18UeViXnT1QD33hm/8WHhUeBBYFeNpgW11vSlX1+ZzMtPLNQHPKRJ3JHihylx1gP0i1By/kAWOl5QPgNPkS9uuqBncZF56SXkk3SztUry0Eqk9fEjTzywjwkNJCShxHE8u0/tmb3XQ842GznYY/uZA8kQ2L/NmIJDSxSbt47bvEqBpiHyboVz/aKLTZFmlW+0t5IZC9RWoGAVL/fAo7xEQ3LJ+XmPuEGg5w3QA/JuEBAZVR/x2mG0/aNHI36/A5CXDaoTlGii/c+71tMb2uI5ECGW7gTvGHOAQ93s/TGHCedNi9hVOwJ6D8IUDBQ6LzYobrZ7k9Gua0/PXnbP6OuFSkvYUqQevv4/l5jNSWLJ0VyxeiItynehKoI0LsoFPJGM6FP31G39Lqf433ZDMTCb4WVyY9eYEfDxpHB0Yore45K2yIOChnScYcCC7uelb4lSNHHLqD9lhMtdKH+FZKVkJ/BCpuFvmBNw3Y5PoSH3ww6bOchA7nmY1yAk9PiNEGsYJhpWbGcLW8VMGKUZDoCzMubLNltQlseAn3fzKUH5y8WO/37eUyrzFLXCImBGCqq5jrzhsntctqD3B5TepBNEu/lJlftMhdshqUq0qB1HSe2L9KroJH+a3QOXKc1XD+ndZp/kbQixRD8uVcVG9RIHNN4KscI8On7smNJFZmGfjKJCU3xpYxzGz8qxerim+YW36QBcfAAexvSYwXQveRYZPG9pc3Jti6vNgbtuhFycbWSUUl6JRNX5qne8Yjsv9AkedxPBwbegaGweCwJO7ody8FBuWlcQHdQIdfk+x7lIN8xn70y+i+gLRflBZAyl0EZ/S5U8Ad3VnNzhJ68Q3YBz4CgpuILBs28rCeJHJhAOMIud2xrIpobKG3p6NBrsOEV03CRj4b1KPXF5BIZvpwbP6PsEoJeWb8hKOe+TC0U0IdKIiVZWB4H+RetKGCk57JHi4AF5oOlCsFnEKXy5ywakZKHbPzy/mRy57DDNkedTLWQqKEssG2jB8HuU9mdUVXf1p/jumHp+ojEAD5GF5EBjGTBC24SA/PoGd3IWzV9IYSIoYvQ44qAfI5aXMPamqtql7zq1lp6VVA8k/a91GPqXV8V2LJlTHD1huNLbwQ/pQJupkQwFMYvIzeeGbofdv9Qnskd93H5zsSSZ17kUBuN7MPbbqFnV3EKdJvlbDdXzzezBqkSARcqqT29iwTubAf9+rYKuIwiZdqa/yW9eWvWXYm9wayCFUmYcZ5EIVeY4m+Rx8Ytqg30FSrINuiDbnONzq5NoOXcRmPPlGvweZ0e2ewqqDmiNPuFUPB6BpyPfvAskhYTa1BYtIg5WBZGObJg6mv8hEvqQTJPLciRJ2Z2vaK5ZNQZdNlG2Phml2kocORmlr8m4R2EQo8WoKavOdOxwTT9Gun9E1CAgQDlPOJ/GvBO8rW0o3oECfQvJ3gCMHk0g56d9zVPc9Y4A+w67vn7bKItty7k/eqGrw6zuxLGy+PutD1ocLTFNO3EUxiEI1/u8kPIBJE9TVMfXxEKze/Evnkirp7LJCL39osevQEUOpJr84g6y34rQzSdupMvOCg1ST8huRVwWB6VRY8tdj8WA72qjteBazt77Fc8BCXKW/yEjgy7fFoupCbEjFp9iCY9K0FFeNH+YusfH1RpuI0q0L7QjzpSF2mY+GHJytCa1b7RcucEqE5e75hF4MfMMVe76jvnpMRyLqmM+RTWZSZERKbFnE3C40XS9bPLA6cJu0j2R06TOxuKC2WCwTGmABkDr9nTBns07qMbx+7+FgAtiqBj9i+VYSiGTwdXuZNDy8GMgt+tbsWdEY8XT7Ka/IE7Df7Rj4awKk9XYmHQ/b/+P4cTs1xKXMLh8yYqB2fUgFCJJRJU1h8YYuo7c7waP2Nmp10eXkp2R11DHkT60eBUMEGZ7M3GZPy0108PePlbM5eOB5TJSHUdHkro23JlgqoYZomshC+U9V5Y78vbUgryGgD/PdHUxr6lZ/NQoJ1+oGpfooTHwdtMkZQlLDBijMlvAIU4ibJnuk2gq52/V7l9tezmeJJzRzkEvSNWOb5VtgmJ/XVbW8J+sGR25vg3PXqh3DUgQVbUfOGQYTbvG0iz9/ywUGauGDW8FvXLj49kp5jZERitICGShUAfs7Aqx+dUbCJ4FsZeF1umjpqa+5ZA0w7yFLhl0Mu5sR+vNYKNzMdGW/qdscyJBII2hwaTjMWRS4kwRlVU8xJvd50FGAJPbAoU2VGSbJm+kcXDeJb62ENwfi7IapDK6AY/px36a8bhHTSYZLRj8OyUUPyiGGst1uDo+hldSQY0IJhq5wFZ8jB1FE4LKkJtZuYcqxSuAIlYISWjxcj2PFa/WuyfNgHp98FFuZo5TM1xizmY6WQDlCgMw9hKJuIAyXat1rWY7Iy0GjVUqojqCGNbtbBmNql7kr/IQlZ1gTUlLbSRXhcIPk2ZSla1bqjzYON9UTQ6AFMhUnVdEgevtr42LKdZ1FjTYA/6QgcsDgkqsxauw0CKL7WutSKqsiPa3idMomNS+OWdYiOWeg1ifaZ7lMsx3TYKQfzGzAZQqbQvgIbbL3XNGg+AJwMCAP7SyYoU+D0uDc6nDQEyPMUYS6e9r9TBFdv6wiT41Fej1ELJzUYBVdSIoLo9P3WBdHhsUJXvRFqPH01q7TYjAtMe3J5UFJF5N4LZBNcQ2BO3H0wf6EV2dazCXmE64FMpN05bhmGVUdrTU67hSYTzKcS02ayt63wbN+STNO+ydFdMHdyCrgNjC6NaMLsjSPd/pNuDYSAGAADA2LZt27Zt27Zt27Zt27btj+10iA5ynP474yk1O6EwA/vqyXS2DZMngX6U9A1ODcpeLFg7JxG+ERmcxOjsuIh1KiEYLv+sBHHd7fuLkFEiPSoRTaTjcJ0Ph18eztKTBhCKOjEK2FpwafLMZkRUkw4E1njUlRze8MLJPRhQ54yI+/HoxYb7EwuAL615fR9eq8TzGmLBAo6C5u8bn98Yjyz1/polG3JnQDaHYVip1zgCoNxsC18ZhcJ3CLD7IQ1U0YC3qSCj/BlMAudJYN8gFo21rhbgrFKxVwatVs7r1re5AhoLkq1CP7er5GIU7KUMUVkAxJRMpTW64OCKcHs2OoFjZK4gANrEQLpOTHOVMZkHJX6NGFrIsaSF1wnbCnOvTzOMnp8M1NGhcRfp92MP9Clw48C6Ew8luaITV2a0CDkICSo1T7Ow7pusrCTAazeLtt5wH43EFJV6+I5kTC8y+5KJQ4sqWj+3TZe8hY5ze/Cai8s7qrpssBnnewIxsVBMJeikddlp9LaWElxuSemZz7B3juQD+n0a84e4rmf1d+EbIJJxE4rpXVBzyIXH6R6S+qUsLjjSK6ygONMX536KRwNbvs6C3XPtR0jCTvBIVOrnWCvg8iS7TZhJPv6NQxfmPdQDDAjsUime6nTFSdD3cXjFRdXhEnNjNoabdSi6EM7gCj24DxYkwwPt21BJntQuk2+r9T0dg7GrD42CWBFlgMZ3Y8JTwXSfx4vGiXoyQZt9hLdXSSIPF0sZAp6MCC599vX6ROgl0iytz4T5sFw0ImyDOqNidPBCA2zDTvHSLt6uUG7ADAIx9dvs74RHlF5IlzIZsJOVWqhve9fkx2wHQPkN/Stl735lkPKeuMCaQZ2edT3GJFQmoBakwlBk93hHZJR8hJnBEM6IFtq9DtsZm6xmaw6sLZhy0asutr4n9qNgUM+q+oITYit+jJwJZBkGyiLjeQ7F4KDMyGIjKc2bR4LE7ae1rri5cf+IRVRwzCmbG9ykWqyZEnciIXKwIEKI7m23MxD93G1HaeDc8ojwsdcOPiEeeKyKnh4lIWiyn8SuPHMqRJoroNuAw2FkUPgJBqoJoldJIWqcEikN5ZY6vrj2md5P/QawsQ33l7IHOZgBX1toYW7qolCCux7lzTNVumqSArBJB+MnA3VBUrAb2gY88qUm9b9hbQ0lU8HW0Qv8aiwu9UKTKp1Vj6cxWbollZNzrpkEZaGlWjUc5uDgKoGxujyoC9o8reDQPXz+VEFPKwBl3iyuElNz0eAFH2keFmn7i2mLF1ihqci6LNHOvDiEzR5Dh7DHC/+DDISixSs06ynpnDutTXSmJomlFaPFKQorIomj3QhB+VnWPXHYUhTNNNL2JB2OKdGLcsoCq3WoBHfHbofMRI4PIPiQfFNbPD55EmOlg0PsIrDh3v2NEXIkk8p5SO6oBvpQPJ1TQZndtG26YikMkmxXA8N2sWfzWGilaKqH0BJsEuwrGlrnGNyWtgS4c17XApUya6GNkwWel6Lxv2p2nJXNpcAwLM2DewlIXKPmcUj0eUBNGOq0GaEK4cJbijC32cJGvIV+iREWLvBmbuGog9TicVAW5jgV+jOPTKCGGWxodTeeEaZXmM1asoXHv3vEHfP4SXjF9vExBjQ8uLsVBgXNXLWZs1LHRsIG9j6WDBJy9djWPlW0H+D9J8MQ8zlYte4pi+692QFGh0kRRaqoeZtLtK1K2hzVWAZtgvrur7ItFujLbH0Z2A5adBR9be78Y+6jdGACnIIIJbYTuu+DzB+7UhRnhpE5pRv0o6IjIte2MZtuSg8PTzq5S01ifbUe8FI4Np9xMX7PkuLXWFcB9UyuqOc/gX82CTOJSlRZJw55kJZMW6S8uFUsvevvbHtpNX2EV3AU/vE30AKHZ7RPyJ8midaii1HBWmZZlrYQFdO/tqKnLlCVD0X4DMfmCPee/ttP/aZ8S0vvGiLVJvH4h0j5AAi62cmTbjVa/VVkSdrM6ABc1WLC5qa0kCsfQDkOCqzX/qADSPA4A0ypy/qG2PLOikw3kVbkZjPYcw9pnGB7PdF34/hogbHywfqcmMyUUs4vpee+HX4uEDbr43yXDKQyI2LsKk6I0pCmKehHAIjZWJMLyv/GShYHP6BwsOst5s4dEBy7rDrqEz+WB6CNxZD/pAs8OQyPxSMNtsSR5Br4LgV0LdKZjtIUTARRBkmChXEmMOB3wGC97oK+I2YSSXRt7/tvm5L69nBwin4C5iuKPLB+oyHSQBWV2juDWpk2ZuPnnWPcocOnUBy4IgTRdpPCpWbMwHZ31zCuQfkiQ+d6662GpGmwPEKOIzFwrNNpKWKCxTVJoeFS7ILJUX0HY4O30rv+W2aXfWbXCEN75md/lmRkMaI2DORSP1HKEydAhh58ZiAOLvyqPOh+YPyT+av6EMzQlOTD7rVtAGgAUBxVpiI6ZP4LNUnJdVUTm8t0lotJthPccfkaBFkN6ueXC0HL+1IBIHaH07JrRxheMXRkJvRA0C+HDt22SzAcGdEuVlvezFLgqQ+hyuJij43XUEpNCsi46lJHa94m7/s6D90BeC3rX0zrS9znUyo1erqe+ZaNjvTyAjCxP1ZFWCp+1c7yljhp4owTu0qQik3gyAsPysLGjl51amk8e55FZgkxd0EvvehA+Ojbhxa9c7SenBiUVtm2q6efXHU0RtP63F1SJ45qeBJBhh908Lgfw80V1/k072gd5oS3qivqwGqekbEY1zNDhTeW/8n9fkNXnR2KGcn+tlslCgwK5GsLzOmDBNHenjskRVqX+YU4krIJf3WvPQkkvGolQp8u1qTE9nxjQOstsQOq0NU7WxY8V1X/UsCJ7eHfDnyo2mTrwCM2grvYjEtChBDU6pHTmvOvKYp+AUioklSo+kfubiOfvBV4bSBmjqL+X4mXP7ip06QM4DIuI48+GZeglXCEfuS+2gdr3Ut0C7CbJGYslm45CNlPityopQwGx6RQOCEDoZ4atwP9yKd1NNb6b4KxmeMPKwf3s7OXea2Ui72P5PgWyCoOUiEjc9WaAr8jd7rmd3g7jmd2rgXlQPFQA3TUOUE1muhO7RDJfI2a+bbqFaKqxlPKbN8ZPibRGwdN6evTUr3jv4rvtQMgA95FbP39cbPRP2uzKPT6nQxY2UKjdBxg6qU/JCNpw+XcOzNQtBeZbn/HZKxFd2lx1fNqrTg0C9Z8y8kRzFzHnV0ELmSlNLrrLtOJfoP8C24Nc8gRarl1jeWvt0xkROcyvuTh8gKIuDH0CgjGPLtNCc2AhLKVWp12TebYXnwhCXBlRVueplFWSWqnkAyH8qBoCRPeQeFOsytDrINbZM+7nmlDI8WL8Nv8WWvjTK7hpu6jb3ZnKA6lLLOMEQ6Nb6YIEjcQTyn1B/l8EAMuh9WHIucrbNpDZvhfEcHzCR2+92F6hdIW7f4GxVmWqutz9pKg2JBRaiH1YEAUHj1uvZWrv/qaxHoirZeR/nHNuD3QpciJZPkxLTGTdg5qSBRbnqEr5YVbTqguMw8qGJpBbcTAmBR3fikCok2C91OapTVwMrwucexmV4Kp4iY2ExwyG1Gk0cXesMhHpBpJTl7F7M/MG1kOqxvBl2jslhk8UbHMWq6LGzttII0pTW22sH6Zp/BjAbBvRjl4oDH2W3sFo9vsVnNibYAzWUUzCbvCsi+5D/yKP32SnqtTNvD2OPSem6Rar5kgHqlazqgpNYVm3qULxQzdeBw7t5cYLLcbktMcgd/VgbhOoCq/lAiduBq3C0ngF3x/lelucpJ4Qx1bnVrHGTRUUom2VTUTaHcigMqGexHZIJp7qafmUk1Z9K9hc2ig6cHg38yBP4qRYLCDZK43omKXmoY8f+bgjtlIxyz0cdYaHf0WbN23hWhe84/Qc6TwH4y63nam6fdqYufEMSRFDkJgOr1Mz4Rfi/kE6lWJ9CRbzBNJG+FhqlOHxLXywGun8ayDsRxA4j1PTTlByhwsRL+5UJP+rog5EEp/OhS/2QIffaREHpTN0pl8oWr2GCtA3AAkZhBWq201qajnJYqb3COMwQ+bTl6Mi+Z+T/ukJroYE2mkuCTqTvCyWCb+EQjGq1RTt1t6L17M/V02IKbnzxzQIY8MW23q3Ylu8z6tD4W89+4OJHRX/XpsWvElHHxY8B1K9aEh7w4ejZkNOKWmnJahBXaaTZGwoA4YpazUgjtPB7j4teSA6ZJuSOveaQ2Z0j76E8fneMNnLKHXQe1p1XDkHZH+DrfFVad1H3SHEUlK2cTMP798puE6kf23hywzzdWn7O61OREB54IkVdwl+H/bsGDqUAWs8H48SjfERNDOXeKGXP2clV/NZd12RJNOlXyPWIYKs+8MMthqJR4VZzKCfHLXhmsZjy3qMKYLEhl/kGZ5QEK/QMDyX5ulQ/9yya4DRGKLpIBHxHPkRBGXF3cbtu/AXfMQf1koXDd7UXmWnjnQjpAEHXZSsFOSHVs7R9rqLncYoM/pDt5tUxZ9Tk2JfTyr5mDCh4BdTjgQxAIU2HkMraHD7glh1HGcnaF6nr0SL5geJrJosgJ6BhD1R7S5rT1nWvuZtLjYQBDcesJfQQcdfONPmlvmu4LvnKhCImZrVP9E/ezwcwtg9KL200NyjTfada99xhof8lN1FoW4ak832xgDXlwCo0GMVitQG9UJrZpkPTXC0Gcyu728ehNNdWrauzKZ9TiVPjXfaXXs9Eoy/yIu8ZcNsB9lwXd9ENj4NShR0Mu5gUXxBW/EzPh1vfLMNTOXLash7zbiz+DfzsTHRHJSsED+MWyRIJalpS4sNcRvHKzbnNHSMeiP0aLcWvITzsCzXYsMWIOPkWMYEPk5nE7+ZpvU6ylKrh/WwSxVcc665xaAYv1YD7HI2gD//ogYkKYwHt1W8+Sj3T1QZaj0IdT65Q/c1RagmGdUwfftXxgU7UhcyHnGuaKIo+EC42MyexUM/2otJnzglRbSrHbpajKCnIFGZmurnJ6fbSoacGzD0PiBHr8sg9/Q0yMvcZ225q6a30OgYaa52yrYt/KhPDqUEjv0I3NaBOlEHMxqZo8zxKMaVv1aC56Cl76xa9cVzk6W0BxJGV9JlAXF1hYyHNP7CQ1wJVDmX5t7rQz6ERZOJC+kDrkneCbzIofyIac9QVR5Pr7tyVsbhtjhiCLKfmZmP2l4D26IYjxjdw5W3/ZRMBEAaK6ldj8b1/YANGm7s7MMZXq/QWICmMRZlauwuOVLyPZvuIbTxpORBFl9yGpEzjjl8k45O+dcP2Do7X8Pjcn3RNcQT+G+VkssnUSBBfn1S3eG9JMpl5HIHp1T/GEQyqz+XGXC/dhwQ4a1rLBeiU0hDLREyZNCbhAJad5HQVA2aE3UWae3qs1MhxCUeL7sJzngCSJcB7yCKRM7zWn479oDhhlZx2t8s+ufTqmwIFjMU7VGnwsbA8430nCZvgULxM2dv6h6oInSi194lYt73p5goQ4y6bCmCpHfAnzBx4QPAbQAOlwWq5tWv5IEAWxDeIKhcSZplxh1+++2J59jn5LNGWrvxMW/hOL0amvJzE0SpODqmGD4t9QXGebsE4SJGCu8DtfBcfGLovjxN5oEqHrFnQs4ys1T+HnY6X8N4c7bxNwoxZ6ckQHy2pGGY6poZn+qLzFPgrklhtFNVdSmWZWfkq3K+w2Qt25iEUpcXNMIdSz3V+OmLMhLQu4dQGZ4vPmMb+6llKe1tjvo87jmUl36DSbymDoZ2r+EiYv7m9NhURg9RyHYYfeyLGyg1pwsyR64IdBGDMNeR4s285iDiXEOdi13j1VNoRZqL7+jevGZL9vDviw2riEDHkweFQXQ5wACfsGkpi2bzjINSYGKVadnA4TqDYM2k+QS0xS6CHVV5S4oeFg8W4KDuizYiYtSAZfhwG7o0o3e46C/CE//ZQt9yS0zvckV+omk6X7bVY3pfoOfH7SUtn/Ift8dLjya6pAeGuYWozEQeJffr5siZj52ogR3zegQMqcEIieeUxUMJ1GtjMa+pr9dWUFLePqJqzMgkk8FevS52iMRzfXZLCgjbGjZyGvejqMhu7u3kZ6tyKQTVodeECEacB0gI/52gTHpPWfBWxSdWHWr7lxA3m2NmAjPDajcEcb/9FdIu0FvdIukL3dYwnJwQP2lyWoPY73gxXca0vWoWKWueKKVFxLReuWIGubiNL/2hyxLDrNSsXpeoXNCwW3JIOOlstfY2eY966H0ms838fb+JDGz79AC3AiA3Q8aGP8hA+6y2gg2IGxFRMnNHCBIp4lpqnAazJl57uvfkO8S3CvrAnlRed7lSFkZFCuYSyt0msyjWp14nlELbHJsocJq60KLUus5YlRtejz+TLuh+Xs9+PQMKY4xiXaB6dxBi6NDrXkaMC+q/+A8EigtePtnJtmsxgEz2qeWbl4EvwnXVPwEFH1rG5lvTlC0puynpWAkRu/2CIgh45mmeYFvQSp63EJXrT5N2uyl1OH846hpNUxtTQADscJGi2cyDf1en1XNA3AXyHN85SIkugHAspJa99H/fd+FwPldGSV0/2dbMk35+aLDVBfgL/0aU/neb14G27wIlM1NC0ueSYGWW3Z+UX0oNcgDm1CwgZtNQElE9tk7JxRPf7Wpc/0vLFLc0kMAemra19ORJREkaXv7qe4fO3sK2zBlvm+K6TV8oH6jEDiw8hQdiHV1eZ1wI15PMrA61jGU7z8q67GaqQ2zPZ1+SY6M7GBd0LpNjVkfRusMaB83Qsi1iPU7bdJRDON5jKCkRsD+FofZvjBeyAjoadfjnozVeylkiY/sVhqzDQk77r7Uji+9AhfDAdNd7Fa7WtqJQwgtu7z++50IjALbhm+ZzDLb6oMATobZuohfgaosQBG09EipyI7nMiHAkGEjbaaQ2FruZWm7zThTm5v1e66zvgYOotGKOm6zFKR6a9/1rUHcklejwxHda1rmDGiqfkV+D/pjhMXYqcmN9OuiOsnkQF5hC4F5kJr61SyGc9Xe0Tq+CaBGBzYUZyaKoQU6VilmWt+e45Tgp8/XlvLuiX64FmdVrL+xEsiNSFDi1+jmHNqbwCUqOXWV4NsNl5h8pQGDQE4c8nWvXw7Q4pnL2O5s4g5mY8BZz5Z8K0QXSvVePgVzGZw5b+3E9b5V2tMNHVVj6LxoiKoIPX27Mlr1X+bZQO2Y4xnzKSiZraUBrsssT6BS/o4a5bi/SoddG5/q0Scj7SDTAinDuaEVQf8jyeXhOgpP4X+DMWKOf8Z3XdB3HjZrtvebb1xVyNFArJHrPUt8HENQupT3n3nqg7n1ewOqZvWLk9jMUlgXlvtyoQYL3cxdZTDLP/oiWCmsbm44Hc29A0lb1FZ4NFMKza1K5Ia6JI3Lv/oix2nZI9cy0tEzK9NCI4G194m5BdHpZnIeGVCS90GWf5gmeWGzvhVRbv9QBDdKn36o7IpZl2TdfNNNnclO5ORS0BE7pYW3FuIvIbZn+XsObrKcoqsjIrWIVpcDPazW1+XGM3L+mdsgUj3urUN5GaYv+M5XG5E9dxtwmzG27VQ/dKRGfgyVVBsDQtySMuxtnynKVKx4HWqJIYDnx+kAjPaTxLkFcGcEwA1Qx5xqyc+Do+AxP09PvGfUwKzmmMc/5HgF7oahLh/mucetaTQ1ABo/O71+SvXiAvcc1XnRY++2weXrNqGPpC6stjI7baXlOmCd68Yt4NVQZGErs3ZpGf2Fwzm0NamqG8j0wrMPLJMT01ZGyfgdm/hoKsBH+V+epWjz2lZiMrWElXzdJHCw5fcQfFRI1kDQzDHMPsbitUuHQnVkWOsMVUEbgAh2kPwELWEMVa8IWBVOxo9Wd8IF+tnt1lB56zSLG3NXPodZJ1ySI5DtLgEMVRqd2D7EkCkUzof+VrxeL4xn01hM9D/vL7swTNeGZO76ISjpDcoRVuPZO1UAXZnZdHkmc0ckVDED2HUEGFY9Mr41IHiyfEFaPaLlpPcq297P6JW7PCXrjKUIBNNWq8wVOK63xuMJB4yJLIL5J1hwswbzr2ansUV7EjA2EO3OJUTasOi4eUZrtyx3wUzuHudGeVLzn74wY1NsmTo3gxas6MuswAj3dhQIUVdP6v4DKAHVVExw0QSraG+9Athq/0h90Rc6jg67KVooUeTa3wMJzu0rv4D4WwXxl50rIulnqD+5IeuISRjqFsc8+Fzdwhw6PTs2cGW0yT3XBTA/Z0Bdb4wl2a+uUQKx7lkYe8wfeEtgwyKe8rPrnjs8Yiv8CKPRTLdM+XVYfevZJDTQcMXa5qlbpPH3Q72z4gAPEbkzJK4CsROPy5MYOq8kF8zVA5N4uZdJaLjR+TVuDjtzRciUDZVsuspZd4gPqU/8lQ5+AdQl3dguQRe/+kDNU6o6TogCuCkfaUuTVA2RXbSmtkhwM07M1TkYpp1yYXkGuO2RsEV+i9FX1vOZVlbVsqdp3MPR32JPNngt/1a6ereb3m7uT2BYmoFClUU8Kp1F1DkHsw1hNl9AYjYlWtzOE70yQvjI3VyufY++oRY7FCJ4mfRC6oYmD9ScV2fL315W0qcgAY0/nIiwwcmyxkIt+fYBeTTmOXHS7uWzYURCQ+Y0D5HETOE5kbDqav56eFBYymJI7S8Cw5gpcbEC82iAgZLAZ1oHO3cViK069lCKuFsQa4SUBLtZVBOeNbzIF2hnY//23zwByHSWbJTJX5pFhx6efAPQ6AnvNG41o6k6XL+gZYQOEKm3IaYbB0PGHNiSYEilvoI4zd3OAfR9CvILzIlZ6ctXnjjnQBggGfu3yhm9xR5ChqdC5HnKwrGSF9xknB8QkXUVuueD8SfY4Cc/E2ZjU1nBzVW0TxBrtOgkWwo7BkOec/IkCnfucFm4fWshsyzoATjLXnF3nPZZ4wth+ClxCU3bbrmsUmAPNs56lYlWUOI5gWGJTESOz0GHcsEjYvo8w1uRyvfyC/Xrdn6+G9nUL/IUAlwa7eHwhUb+Wu3ePPfifTb/8KaXmT8kY+AgTBjbYBSQNX+cYYbPjtDfFQ+A0AcZelJpM8KFm6TV5tVxFJWAJ3Dh216kPXCpKNlxu71NPJaCXASrEuttO1lOsvucSzu3RKIFGiPJW/eGTLwaFmbIw1BTo1MnKMOqxnGU/Hk+W6CIkSSXW92BvUuJxG4x/ogiXHQh9lpiFltdUBnxRCyu0I8TeOqS+KvmNo28CwxB3/ZeSpi/FljvAtJQUT670TGnxRb9M2bDdxiCNd/fXaOpIIMWXq0zyvP8aYxwPQvjbjB9EIwkSWOrGgSwTb8/i1BRDir2xZFKz/iN/yZoDGbnsUXXEbnQFHeY6e7y/FPg7SKOxBZNBj6P7oWLgWaIL8MgP552pHtghBgE/ZW8bEBIomaVz3s8lZwUdPA284E7f3V6X3wZecwLjzMCkvzAfRA2jXWbnCv4ofOl4uzyxCcFcC4nR3sM6sJR6rbDDREvpMoUQgPYrMLKQDbCezMeQXm1uM3axhsjC8sWs95mCPRPDxEuhlVOJxCfPh3fQuFCwMv4WqR9Z6tUiASeBAGoYvBFYiCYaOENj1yxNhsIpcH0Rl5NOgxrrMXggejA+kgOn/XjLbtpEokF30Mu9/HRoLNC8Sr0zIyRea6BkS1QtevAOd4k4YeU3Edk4I54xyya65Lc16hRZYRpxQ+JEFML3JaHnwXORpED+ExEwfwfty0l0o6o6vBfhr5rCwTPutsc+QIaJBSdLwsC1w2q9Hyt5S/uQ0X3801LXOayb8GBT1njgF89zDPOH3vBJwF/PmJVor21DfEH9ph9b0qHYkCCfPGK+oZqOFo7MFc2ZX2z2I+jGRd4tl0YOWY/kp0y7TC8Bravhj11/mHJ5vwpJXJPLoTd/mNUt5Fr/cNiwgX/rv+EBpVwfk7uz4vkc16kdhWyWrcAWFr1mggwYZKxeuUD5/kssOX6sEMlKz6zG3pNHStxMgiY+UbWnrrfM23OTQwVT1640BRqdT6JguBcJh4mr6W9vAy57wfE1Bpw1II7DdCWHbDF0h3ZBI76pInPyeJ3B8Dtml1oWSBYX3mwReRnDIt7sjQO3zLvb5tIUNALmjgQdL1GUu7ucPFocU3Xaxftr5TnID98MPcFsu11/3tjh3MVIhXTu2WshdDJ926xFyynZOerfHh0v8gFq27PVNP156KqXVW+60cBuC6lioQz48IKjjPuItjrQ3VBEmM+b4mDRPgwAVFAHd2wE0EgZOGYlrc+P1zI0PDvb5DzdS8w0WRoAg7sOurH9eu/NbMIztjsifkMXnR0TBxj9ftJc4094qPAYuzuuksBdt7JjAoZr9wR7oYF8VR/6T/oAGcNDBF8zImf+oTCDyV7F2ovaoPWUZHSUHx0+MI75FVkrm4ZJVrQFY9jR0PGDMxvaMIUFg3f1eivfHGsWjZdpUUV3u/MbXTK8qCbSyhG9yA1OALn91R32qOV0vfrm5p5DRBpxFTO9T7XtMYyd8naj6aMpd4xM/BMFRt0ED1AQAiN5j4L6HPh1eFU6+/QWw1lMgBMLoBV2r0+nPsmWGijtVZK44HrZe7P3qmin6smjT794cgdgpCEt+J0f0BWWpfOK5xeYp8webLeAZ2VKPNH8wWSgHVnq25obx8/SfQUhcFPILFN4pPbVNe9q2d5p7AhfixXmDr3xgXt6qqxjHvkVumK4zqnbSB+UXVShEObdsmQ21qbVtXjEoD+i+ENEXRpOJrinGViFdS3n2bxH+gV8BclqGrH9jGFTidsiRuI58sT5M9LKd4ryVncFtS2+2Ww4tMsO6Mus0AqmXUeBjso9VPyIJE0U3qcniqI6CYWYwxbKp0tlCLW4Ef7tfyCK+WPMxuMdXFXL+EHR1Xc51ag/nfXjyLqm9vr3VAToQEVEd/3PBukCAQltTMo02hFoKGIXYV3DFjAYQSh9drzhjpBRQknThm9inu2aWCLzViQes2a9KV2mjR9zXhiw/3tYuZGfbBY/XthEm828QsLSTjPWhw0be3mKJNpZe/1uuR1dp5UFvjE0uXm16DQpYpfe2LIWl8/l8bW1ONaE0huVc5hH1hV7DJkPAUCtBJcV8KS9YnGlVwsUFEZV15P133AqAkrqdXI8W1bss6RqBWI5jvWJqfZAJzoRkjIJIwAwLBtShGBtxsI4R9pASIq3dRfWUGvCGgR49RdJa6dfK1inACSy6olLOv+CCLJV91OgvaIxFmOuI2gA78+6O9IJbFgpTLyQVpfB4M9URqfYBc0yXLl2zlnF6vKUe3jnCQbm7XCT8jqi2+8Jw0OU4re1FGw77K4AefogeDI8p5clDo82ysQqLPY1pO7QxwkDO9+N3XabtZ3UF+/v0qrTcSZURR+OfbPezpgwvgIkX9SVMw/6ZR9FrYtMN2eOMtfUqXWVAnUiHutFEciyTFDnJ/QeD80uyxOlexoXaposGHVAo87Y4fMT5biC0eVoXnwh+VuBeaL4Eq9CxZVApMQvoWuzGJ5x/Vlj8aorQ+ixMWlsxQFBEy590F+7zbRAGw11eEaSV/2oCXiokjjHk8w0Pom2RX4cP0lxR97X8EV2ZK20pRy3oCKMNW1wtoVOG9EuQyZN0Hr+fjBxtc3V7gVQA037y5/05g1m0BJ1srsErc7TMA1cXhO2AZkjnwJPaCB6FQfdub3FNvXyhgqpvVump80Nq6KfFPBFKjIjsRCj+tgGsg2b4mktkK/Y7VPRQJAex2Or5gPx+OO9UOrWnRA2ZHQ7gO8bWwGA05oi4Zg55VYfZntCbQRihNti9SLWP/SWvDVJr7AmijHMwUi0QmGAnSOdiMTvHgSqLzr/Fa+fatlKNmdsUtJi6ELq13K6WuSOIT9VrSaxL+HNULTJPeFIjfttajY1KYpRs1PteoqRncBOc9k+G5YlBkZ8cnqxdthvGekt+qu69+m0p+LbsDT3tbGHtYl3otiwhCg3Y1JegH+gKW2kD/FfrCePcSo3szw2Qu5ViCZfx2HIPLhoek4FdgMBaWmLuE2E9aoWFb5VdisEBj7ppgA+x+PePwcHwabZg8oMT5fsujtkDzHy2P/OD5Tkfyw45XY/efot1cIDrfgIkUKGJ+zUDs80zlsyuI6ZnyHLK1S7Ubv4totXxisB23x+4Lh3PrhymSDOCsUEWOZIUPEZe5dS02oAT671Fs49Ulpv9A7TphL+QSeEFUmumMdXwNfdRDD0BnAgbQTdjTKA6qbXe3AUbL7TwBIv4ndyvFQpGHDDbTfoMgV5PCBp8n15jgJJj9LaSWQOhxPTVo3848lqUFv6FTQkdnPUcs3ml+c6a7tPxueuzmcM60ifYHfYPZRZ8YIMAxYUk6XiaYkln7z/yLIOpdsAf41LMwcml/QdDRq0uPNxFCtAcCUuk51HFoRimk0GBPUvBkzvDjLpstRHmUxnwfJe+fC1/YVS2nw1LpcreqstU8Grus4gwEYbD5dU4CveMcQ6Ampa2XIrPo8NqwnrQkXpDhq9qkLRIB03w7toM/Tn/Dln1hFPlWiO3u3MdWMjEaWtCcFNgg8I9iqHJEmDcZ9tdLPBg1moU5244bBhA/PZ5DRLe8BscMYvn+TYESiQO6k6CY7vuyKTRA4y/JKHMIiYWZ2bR338n7yKnMn04EWkArUSuc99N0H3rREtCbOzxuYF8Hiu70OMBxqwxQA62BQXFn+nH7YNYKydT8JYKXUHrEgBP313a1s79d/eL7fd0idIforLKdqRKrzoy28naqT63bfpITjNCqBZkajWkAgRNeDUGpw8WF9UhiNaqj9gsjrvleWtZyk/VLKrMxYzsejZkz7aSPJWycPA6nyDm/6UNgOXLoYVfdWelu5zwTeRSqVL/J1hMJ2Zz8w8/eyF/wS2sOGb8AqH9vuN9eHNKMFBwMK3iVTDpMT5yq/hp1fBpVmtRBEccWXvINOD5P76gTTD23/fBl6pjJ3MZuWCrTS+ASMqRkXiKW3zijiMgjaoe0e+Hi6YMOT/mlFhNm7QJsSipJPlEUHvQHb5/CzcYfeRLVzC/pwy9JakV2QblrEoXnvZmIresXTr1l8hEQaBmy7V49elyYtq2Qw9zRZPOOhrYZ8y+vLdUqV0omgJq7rsoe/wqgecVH7fo3Edq5UuTg/Y9lCU+zIh4e3SHGILQrUoyHOrj6wYLOwxd3Hzurdz/D1Bk8rXO3t2AzpBH5DvVheKLb6uRZLka7FxJKOJ9gMqDksGDATZejVLy266fSCYkG/La2Fzzohd+6fh7/Xzysn5CQ9JYzu6ChncM0DBIOUa6keE4MDyLSYQSzdS5GjZAXH9ILUFSfInVwQw2OEqeSCKJTqJL6I6kw9UKs/EoFcCBVahN1ALeomwiB9meEFrwD+5Z5LMEF+iVT9jGiRud75uFXX+LnIg24pfyHuborO+uIuPmehQ0QvQBr+Stx8vnx9OHEnNGivfPi/MjHUoWMsmf6U+n1vaiUIvHgCA/VaK8TukiHZN8qGCAYI3ahyMmgOM5c1LQEeomhNdEv5Mff6Q9kcWmjGOUctqT6cxPZscg0aiLwa159FfITjTJblEgZFvPl0dba/ieqtaM7FbnnCnCsTGyS8yhmc0Q8AueYkK06KXpvXl85PKNlNz0c+usgmCB9mWfz4CZ1+JCwtXcswmBOOF8rvZhoUYpfyqq0Ydq3H296JN4Q1uD3p5BC4MarEvsObF9KvWWJFTHg5ywqfwupBibyE4+JOkY9Q0McmP07tBUpTVBVnMRaM/qOMY2TB9fVzcu1OVbyELHAFyO/FPFe7Zi5v3CflLM4R4whfEFkAC7fEzSUn+lF/vcsgp5xIXJVa2HDowJarEU5RfHIVQ/d1kRVZ2dMb2+hRuXEkucJcvao/7ZbKJKEK4aFhRDH98QFi7bGGovr4vCFL6/VaXuTl8jDOx7lgwTiO5nWrkYLQZaDfXRLSTZGieVaglnYRckd0Sevpl48vwJFA1pEZlVU/qAzlMlrLdGf95/1tUoAIM2nVlvwgFQAUPY+7X5Y1+im23x5a9Hd+qGFtvCzqY/Rv4LmxcHehEh+N1Wl+1poBOXk/RVwjevMiVByKD+OPsLc/sJF1gPIigxUVdhf7AMx5+hMkD0ihG/0UJcdeuNPd5Z04aLdXEDk6A1S+hsM7EdMw3lXJGZPhO7svIIiF1vdN/3IDfQvAnoeZ1x6PH0LSiBWhURZ5S6NBTINqrLV4Ag2Z1wiZe21IC+iPJi5I6MrmF+7rmOcuA/biAZ7rfokVvnngaHpNjqESEaIUPSX1eOGyYa1WKDf5EBJxd28m8BhVZN4onwBfPBfkK69qzFqgcC0HHap/HdyhVB0qlmh68mnMDkcphsFaJoP5bnh0oyE7Drv9qDh6Xmg0wuhaqFjApT9wdQywMKvDmRfpmgZPFLfYmDlH89GEsVK+WKqJ9S8rABQrlTMHzqZpsdQbC6WnW+GAwfcdviY32zk+m4q02IT4itACwfbbxbgqrjPfWGIHR0g5clqADo58Xs2Vy1RoL1SCxCl/iDEEnjAFTrkKPD3Pvwezf/QcDGCzZtbomWQnGdyH1hJe27plkelAYMSCibSG4PyLFyjKxvuboFqTdQ4hWto7KFaDV6t5/u7cZas1PRBRdIt2Q3rG8HFes0N0N0+fr0uBSh1zjbdB9yD9axTeybehbmjpiFW5rMDINDYqzC18SMRySo6UjxnsFRQQ/gTUg5S8V0gc27Z1aiXB1UqIfevSa5I+Auku1sJSRzhYD5GeqYvsS90nXAlKbodU6nDwN9WDlZyGGNfRU7kc0NrHHeRX483dqFelzEcS2Sdtgk409Ealw5qwra27rD7ClXgGsBkwVd0TTbi/fAlvB9dPHCn2ZVQUJy1SokR1SUYs9U3BuY4oEV9h0DwHz7EKornch9ngcduSwPf9yqF7VJsybfcbIYIZ011jSDsLBlIQsd5PFPGk5nkBzDg8SzsLKb4FaX3LGwfrKj+p63loJ4bkIhmH83abqNrWxJtC/wZ2+ktE7hY0P88Az/pGRnQbP3q9E5kMwHFlGUQcJ0SyakA9yBj3ztNulPHwunf7nbCa5U2DiUmJILHDYtkkXlro7sZqlK4VK4xBRBRLt/Bmjzb9DPI57rIzmrFpS9Hvc+SQzRLor+wbU5oBlNe446643J59ffBMfP0aqulWp5tFDVpAGUxVpwcz7eQ2S5GcbfxEBg+3QHfpkEXRoAF4RUDRxEckcHuoWOdcSXM1FY9xVEuUfmdi8p/brPHN37e/i9lkTxpu0flLa2hmM5Sb3jIWnIZs4mda1JNHHwPAzROmoWpHxbhx2wW2aAQpCuj9SRSDHsIKB4AiE8UknGeprBomtw/SP+YVinMIVA57FVhmWh0klX2yyi8RB5QXOxJ9Wp9B98WpOnaAakWpJN+8uGsxeq5RZGPkbclCqF6Zh5dg3F1RxW9Qf/AM9Vs4mUNv7EoXa+jcaIezrSxenqvLvg4/DN/fTFMizAcDNA43Ed7toewtQqSJlnLfcyY0xE0/1GhBYPAzNpDKkBqdtqJX7ABbeewghl7bdWJYfud61QMvbFrHB0XIlZ/XfztgJCfjc5JBbSKH4hacsSxdBgbXFcy86HmN9gHXb6AA0izXG0vB6FbFG2t11ynxb8k10XyJlY3iAWvNSQmYXmYrmf0VVj0EGNA4aBpmD5XPwubT+c45cIpyyyKB7y/wMmwblBzoOn8zXlyMfyRNoS2SIzmvazOoBnEMZLrc2Zia0XSGCDj+wiBqoWP+DeJdQnH7pQh919buhWTqQic3C985NJSYnAqXF0scW6HzXojd+SJdVigqemN5d856w+TQSFoHFWSvYC30DAzV9VyDQnqF7gBL+Tg3ws3akET8loBmxRjEAqor3MtbzZ1c4g1cEtVqxcjBX6LyhFJG4wdx5lNxFJIcdpy2qk4HxTBx7lQY/VT5HSk1dv7bDoASSACKq6wnUgNHxnUTbpdJDSyyd8HB2Qk/5izBcQOtrkr3ed7oJq6BFesGMaoPL5q4IOLGP7Q0UUJoYf2vp+8tTUB5LHR3h1KayfqwVF8FSWC3q+d3IqAqjo43EXrIo6xrVmuZvJbHQD8G+lPrZiQlSYiorQmwGwG1SOtRGOw1hQ9GzaNoLhwlJ13OXSoO/0Bh7acmRisEt1iN8KmvztnFaDX1dp3sjxldWo1u3hKI1FDwNBYtbJSZY+56pEfOMlmt9a/8lLFbyV+dTjy/N5FPJe0TUUr6T6ejNqQ+LBGUMFoQ7+1EjvGh2l6Bx8HzhQW13a0U5W1kyb2vWOoX/Hez+ongk+rEaoBwwBMdUG9F6wqQyL+oYlLJOwQKinnIYvqi4duDvDEgfqY+fsqBBhlLqxTa4ebU+d5Xek3DxhrWRi5cWJqQnKQ+Womo62y7hc0lADjBnnIyyVHna6lvjp+eSB0k/HmKbxNFGW+UbD55lRSYVX7huLNTheAo1jCX05K2trhQx/9wTzsuG/L3u8hQ6sDwBcABRtnYH6hKLk/Lo1lSaUWhxs6p/qL2yOw5Hja7WVOxCy/gosg9X5tvtlkp7YunYTkushm9fqtnUMPx3CDW3g7MUW+ygt6vqF03H6jKGDMUEGOZ/F/L1vyBBpS5hEuk0BuKjxigaWYmvYVEd2YspThq3NsWvwBkgcWUAaTgeG/faemXjc3XhDEs0esKRxpJF6hKhqT6rgysiSjtLTx1frkwE3SImGEvcAauZhX4C2Bessh/2rB/SSa25oVJqOtfewezAvwPPj+MzxvbdqD66eSvpjCV8UojAe58JftqAxWuPPciTmtXbEe0P8Vn8xD3J5JkeXn+gNE5s0CYAXr8TfdWMWR1R+Teyerxq5cFsFxyIprF/JerpTjnoIDo+zfFhLp3Wp9dQRf5kvOddJH8EhdTna/haJ41+lyH6nnjDZwgLCMTtsoB2RRliWvUToaDZzo22wJac40aJW7wylG8DDRVi+jc8EL9eBuOuwwoGOWbfMleN3OccIWQFHu4buR4FzqcwI/iLk/kkKM2TUOlMnp4rxTRyEvQ14avn6bcHXdlbTEgwNzadjl4M6fZ2I9fjZTpEkCucM8nsCB2G0GgbvwzaQouj3AvUiWujDJvX+YkPYdWNisPBSYCJK51u7X6hJWGUKYmyeRxtl5Om+uAtgyO/9jN8NNhPFXzQNSdQwLrX+aJwvTjwxRgHUN1lE8+pTeAVRe6B2bsvzFN+vGe6InbaF1HtUZZexQuVxqz9tgn0TLmHDwOzBft0NaA9PeRYxs4UZ2ZjgpdKi7abcIK3Co4W1DQ4yj/hR92pSFojXeIYUZpQSrGZSfKUmJVvHfwi/0Ip6W3mYK+ClwGYLxzw35LEyyzHTdh7yMwPM2nztX8QvY1/q2lzj0O/Yr91pxp/0bWHz4ps0Efrsn+1QaTMY3THDyj543dpmD0EkAT1ictd6/qLrcC8kVFlkUIaSAdLD0w3Oem2qUNjXUuBcNFk2ok4P92Ivf2zEQEREYAplWaXKCBnzqCjBAV6+OcQjm4Z7ENhObWkNgK7506zIC55ImKL8DNZtUv0KUtyg1YSJBZRkrYHHjW3fwNcJEmHojJFlXZ1bs+lHgBXsLMZiDXvOQ+pZPDWVJd0AOEKfVZmC5A9/44AsPga3XckQgJMzj8jIeU1k/Z4hpkH7xDngaWrXLT6lmiuZcL1hj4kezopjFzqn0w1mdPAyAPqknHR/CAChvDEhrBC4pS9xy968fyZOu5illnM5YLLLxPQhkJzgRDxX3nQQjqZK8FenM5HOJQhORjEdwmsqkxArc/IZUNwOt0IkkDTjDjuFE6rVwvEvOrwCzSqm24IJ042zSn2qHm4P9SKsnUGTuBlZv9Be8gpx/GMurI/BpmyHgNwxhkm8oG9p7TipycjY1nnt4ccy7Ci0f0jJNZzXhNAaHDxR0PgTQeLt0w+RA86RzeKInsxbPM5dizO3FmxRtLl+iBH9bpzFhclF4rBrgrrwVQx0lxFNBc8cU9w1QjG9dYh2GWFfjMMdSsWP2QwJGjGYV1+nlQb0WmK+JD810sTcis2XLUar8xmejj+bL5FvNjPElMPyL2LJ34kKJZ9p0KaT72Z7HLJTvbiP56Ew/5ibZ+otIeXkVDoxIlgtHuFNVQajWMu9bn7cASQLc4sPmigeYE3L4OuIcj3jk3BQkec6unYaNpYNFHv9tshpxK8fzdFOPTqCXMHtEqUwQLlOGxVinSG5V7VYJP0pO5FJq/lx0reJCogYgZXO9xyusSrTm0jYMMdERgnfazzp884mHE6VCvVsok4Y+4oKYY1UePg/jtX0mwFK8Jt69oG6VX4nD5pY1zhXnfNzt50CWVhQNGTZx5jYLCkvZ3kteozto3Kxa2jFkHtbx7pSkFRXd74TDjtcg2lXpagCGZ0c3doq3yqMzXKX/l3XZlRv8DAHaaufcGn9uR1jOYP70k7251NucNpI3h8/IB7ty1eM3cQpYgNugh/BkvbqViAt40GMNxAX090MdC+eARjkRVy2hMxtf2xIySNMro8O5h/7dRPj0kClJcFkKDA/YIvQ9dMjdfkcUwFZASUPdaewCPb4jhIT7K2xTe70S4GmDceK3Uk15D8Tu7dOqRi95lPCiQM+TAgldlFa3gyJgl7+P8d2N4M3hOcP8aaDgBHiY1WZz9oJHdqA+c40N/V+QI3ZfNeGQCx7pKqFZuanZtkBmbm72/0sZnchxT69/T2b8d32mmGu+EICfhl62848YzH35J8ZDnyAIA1qOgWWfiaDkazyZJ1yldAb0wgWGDyf1Txz381xyfkaV0QWpvniyZaKmUTxo3DIR6K7htkn7jvV2mmomASk+1LtlojJjpygVRG3gnKW3HHR3d7eF9edL+w+8kLNo8T+RWUzM8p10bSH1gnCUtgF3h/yXBejTz9+Oo8OrCfsh9UqJkJnnVzXeix5EKapiwiXMW0VFCCjKAXDt4KrKYsJI9ozLokn3ZxY8XIb9cd1l/hY5zzjT9Hm/Yltysaf7MO3dZETNQ4Qa8o2DhyRYVgvkiRIqm+K9R3m5UdwgFj0hFpfRwhVPJ1BkRBtoN8tHBkreqogMxuocnQbsxcvIq0RGw2XJ6gXmzN5szK8qsKiZbSEoJLhMTz/Z2ZODPb+CXzygATWOaHRhf1/AEyaAjo3i71Ky7m8TkwiDT9LFIBuRn83L6903qbN/f5ZWiRaz2m06UAbasVQrIF9NhgZfKIK22wEXKQxvUiCgeIai2k/MtQ+VJrzvbUfLfw2gns0oSdMSVSTF1USgVY9EuXWwCXe6riWnUBLcYd2lnEjPOgf1qRHElq/UtyAfK9VgMxqzQ7BVCG7WZ9yTr+IG1UNyTitSa+SVAy9iwyT30YlyNu/nrCiJv8BWRaaOJYv7Q3KI3R2Y2jPZdyAfzH59PX8zbZPG5yBry2meFIGUMVGlwsPpBsfoStN/CJp7FgjmjkZ+KSAzL1tRqNVkwfZXjUSfUQ9bimKrj/qVR1+kagbxP7LTwgLbRN1o/O72TfBMhoBn3WQXtCSywpXheL5afid5lmbK3U3mfUGzmz7T+E90KGZ04rupjzTWqgrOgjaMGgmSstsAOWOztuIKF9sE7YQxCLqqV7pc3UzSUjpCb3aT/GoLEKeXnicbVeur7fBIe6JfSM8qY03gLlO6UArOmYlEDWgimunprxjLfLZ91eKciCnd1xZKex1XDyQJJQvvGxQ+/7+u2ECC8GtvaEzfOknXB+3pPfJaMPZNF2AFv+Hu07swhOLM8/sI/eos2j5xBkxxI+39mNaDnu2g9kmJjfLjgpMyIxI8lDSk8sw4+cNaTw5ppKfY4JIMYkgVUqMPkqI8/aOR7ev6axfL/us7mf9UX2i2c1L0DB8fVLCasvV0RUFDys+QsuuxgHaMcx1xr5/SCnx41Wh4ZkElK6yzDJTaS24Nmyc7lPj6jlcVQyR5xmOy7Vv7NLVaLLvsBm1PW+YreQcP/EtsAemAz0E3E0z9o/FNV3hO95dsraNWdF8F2QiupGWMEYMpwivvJRWdivO5+HZIdoQddzdIf2Pp4LrnC2SYHYfdlvscpiE0BzLtyI9TQfSmyhOhQF0twhNeWBFErs9XSSnF/xb2OrgZCFGZVfFSevi7pFcm/x6ymGwkVQRvluoMuir66fA0JWwUgkmWSNuK7zhnBjKEjpE7F9yVT8MWjaHHuE+pxOYdQdW+FT77y1fdP9dNilsrc7kRacRjoJigJ0MMjjTbIBW/JIeqOdPetR+UdYBCElbOpdBMxwg9dUs+9/6tzLFd+aPiyu6EsbVDIJDNK8DirkTSJTy7VP6JsMEjFQ13VpC2BYlLdqy/w1NrEBudKWH/H5o/lkmfUMH12jSr1Q+ATGfelG7l5ZD+bB4cYtW2+icUp+mB7NBIAFJK1Htso2ZqiIsIIWpzsgEXMkU+t51yBLCalN69xxEzglT7AxdzmwDb/U3c5M8Fl/FRd6lGz27tpUACfCW9ssjnwK1V/dHBldbO83L6Qq5KrgZWD6Spb3Eg3LLpoDLW0GBragw7lIEdt8AV6JROpwxERJPMIjAsFWuhQQgnfV0HOqcoO0gnTn1nQezU743cCDa8TGzAp47D0uDGx9UNX08Y6nokAPZHOMJo7JKf0OXTBAG7P57mH2010xqXgnBuyXgDSxOoZnZ7r9KS9CeNoad/Sjc1+JFCDZRb7eqmvnwxXkoyuyqmchYu7ZCYqtga2GX8WycpoXCVWFHTkUDmGCn/fwdcrvZOfUJwkMOL55Ss+WYhUCs/dNEPKY62uLTq2D2JMZ1S1d+nv8HmQVxwF4CQYNl2ZryBwRmAzgAJ+QrVpoEgpg7QQ0UV4Ju38SSHBMwTixqbcJV+n+qi6CPMZPG4SY86M2HrUDVeiHHFkWRuc2epTuRdDySABf0DYhcerznqLeW45rC/tNJM4B0q6AYUYNhzrBN2YthZHm057iyDrgzb0lvy//p9J6sb3VSdASGkHyCHBi6EhDamu01kk50ogNQN+KJZX1ySKTd2lDZ/+gWFgWOsaXx6TkBvGj5lCOM2JpD6t2ieEaZIZr8heEohimSwwAtYJ+I2aTyr2YBu/4ik4sCkxXXJ9lpyahSCn1VKLHqjtabuDLEqqt46zGtIYL73hMaH1mCAEejXT3KlWO96gk3HfRxKN3+Urt9Rm7mUSXYN+lW/5MZMlfW4wSFjCe8WtrOtzSCV8xDnlHCIzHIX/FMvLkekfJT03dwZ7qBTQazn8tTWO5aBh22GIdRweDpGSd3rqSYzwkFbabV8AWpqx1INosLY6Mq4rJCKOvbZfLn2dcsHvWVv/K1wzZ3cv8gLlacS/H6zWjSgdKCS87aXp1ohibVYs/cdeZoClJzJ74eNgTcPdX26bXO7LzPFRp+TtHATwXtKqsd4sazKBG2KXaca/eOM5NXuFT/yxmZHoOEoCpo+il7Ix7jIRFRu0J3qV54eEV9WM4O4RzKfNcyOGQmrFlfsDZXQX7ZPMpoiGDgg7mONu8YoKtg2FI0hYufelATbY5R0cbsfSTXrO2YDUoNa2AhTDzvC9DATeoaa62UQeknfvMi0uwH1uvcczghVGAMmvQ1lHUX/MxRvWuuJc9UgG/l3PuIIUmD8d+45n3tiEGxq3sDBcIPm65amtFalYoLNw4ApUbi73CBvNA4zTpQouPfXPneZJujIPTx8UM6OFjP0rKnFOE8MFg2/lje0c9VA+4MbWgzehrWfUKMnKfTvbSHqjwG7UzVXzoSzyCP/Xy1WKgbrns0M5qQxDY1ilJZmUSPrl0YKE2ArTJHKOZ7XL7hfRnzTZZcLm2sTwR+vcZ+oxedDhZvjr2q29Fksd47gtbipYoy1stG4gKD/3kui5+VLlkswrA14h+9o1JjbUVJZOEb8TxntsiVm6WSCp1GVv5Xf6u558sLH+RnrEtjHAidX9VNb7wHm80QRknK4UES2vlG723rEva3NV4BQaTIGWklac/0i3B4RaFAQAoNn2y7Zt27Zt27b1s93Ntm3btq1ZxCzkhLSKCy6cpHPPYplSe2dsMGZ15FtU4hyagh9U8WQgzFOFsylTd8+K47trQcmkV9l/ZFNny49orB0gQhi7ThkstU581c1deD7aKnAMNkaHF4VVV/0XIgw6zvi0RHynSE/O0S6Hp35p/vqzTIPRtrhyYp+ePIPjPZrcobx3AEtPvW7mQtTapnIxDL7CkAj8keOn6VvIqU7H1pnDKr5bxYq8quPwczZc9jnnEweenzCHUE6lCxrJKGtEQSIIa/tjPT9skgizROIJo4iLDb3enaol9zEg9W/mlMBOaW/r5Pdk+3YYjadiYTIyPmbJ5QdcNh2I7VoJmi6CEhzadZAbL2y5ZQViZjBSCjj5CgAxuQCvN+q81K96vsioAjR1kUue6L9QdoKP4UprPnRMXlwAHHWb+t3tSiFw25cDcO3TzSYy3Lb4KD5jtypv+MAgW1dMpiawxSdSvDIb0h/Imqx31vIv6dY3v6ur9HhJqFh92dRy4xsLPBlHoENwfNFUSFenIB3p80mvk/pyuqgMwsAYrJcOp/lLvW3SEoe+R2HUzluK1SKvwkoFsUXxa9kyKfsjEDN6dOLvy9T9Ny6go3LoN3m+2TBBged+kuaH/tUy1QiJnirVM+e5sRz3XFwGoZe0aFZeGnHX9V6brHdKUzNifD7ttogsA2Er9CGMO5N17GCUjj385kgSdHVF+uOUYGMAknsbXG4fOrltuw96RCwiP8hHrBNmZO8OeqI0NUohI+FtSeKNwkb5lSd9MWvaOuZZ/pyxyGNXtUruMx23JcJcxFV2xhwv3/lXQnsnALFRBmdRnW72zykYTFt0DL9Hgu2OeuB8zTK8WCvFqvmS+n0VcOx/sJKhlljzVhpQAl6IAq50fxeYSBG1vqwztf5bzjItGNqLW8z+yYH4x8eKxmDlJZBl2O2l6VrmVI5+gua4pbJJmGjqHveANReGReFsaDqrbo88vBPHv9M/kxVCt7idNN4jRbCl9LJJNOJC9+XNThP3Ida07h7zDKCuFTEUiUz8MsVsO1s0vlaVfAihyLOy32HMd8C6eQivptJ0MsmjFcRIKadmw1gaWxjM8a6aCNhc915n29VLfsWLQ06/1agDfBgIGpvpxM2fvLzGufILj+XR5voT2bv9PKKxcfdB3A95tv/uIxG/tGomrfjQb2H15MU1yRIA474O9st3ZS0EuWm0yTFUixBs5LaRippWD+9g/Pq/NtthHTjKz5deiaXFJswC0x7CCRk9g5X6BrzdmLnUVQOPMhAxO87HNL09R74tAsvzBjVMXjaseaFkw/MN9J5MQryq5rmwEl4DSRajxBX+964JkWHGZ52QUK7vHm2yFHEObfgfvYqPQMgElOztMC1tybrhgBDfwH0uduuQm4b4+WT59bD7V8IpxbBSEJWx2VZLshbRNbjvp4bSwD1jsQekc3d/7x4t6Sznnmpn6r4fCxqZHno+hn/1IlNIC79QNAU+KkL6LRgCL9QWizO+zUnKeKo/p1Emf3cz7pICA7PpbAcCoyxseA+n/xwfE/DvNEkoalUEQIX+RJoVy8U9L9rAxVlfs5wgxQNhlk1C5rKfJ4xgkUBYlcnKG/2+JyJVqOTIbZx1Y9cb7mVeNuZtSIGK7n3JaU7GNSw44oKjfBd6+YZ5cn1xOjN2UQVz+bjdMfJiV0z1xDvOsX+0/huvJA8MJf/OAA8UBKxUaJJDU2sRVnkzH9CcX+3XykS44IvXsV/HttUbv+WrJC1j/EygP6Z0o5HIhB24Emyd2rugrYg+uJjpqZUIZTB4DETNqHgK86HeFS2QAQqdMmkt2UXULMOX9TbPr6i5HVBdlMc+oTNyqBl6iYejqOEPMr8MVv0uCdpkLYXFwj1krAhJR0bXezPvEP0AQ90E+STlTCwsEGPA7+uKTV3UJjdoVovKbbBOcNdEg4evimKWje4dLYtmAE6fBLV09fW2AAq88ht3azMwBoXtJb+/r0xJfm7nGLNGct75vEy+rlOthalspjwqX7cItAprZDveFgMvCoFnSQa9KWZXccEceP2d/6tZYaKndqX0IcA8NpU2mMgEIvrFA4nd+fkbGNwzr8PW7jJhHI/uMI+HN7bgse1BkfegFbYvcfJInCHkDiMsrbExBXooFAhkdCNm2BtveAx9WWxCXOvD68QJ29sw84bHmE1oUkoDPMy2jrORMz0aiO+7E3Bj32aVeb3dE5Uni53Wnjn8wZD8b74BcZeFWdJHX5DXj8Y758t3jRhE25sjoWO6z45ViOpkcAw2+g5Ytzqkhd/JzPtUKS+SVp2nBZMuApFGEYPt2bEQ71lANNOKN90xJ4eEah5kC5oGUZzzVuwfmMvYlOHctdiEXHpm1WMUFB1lHUYnrrmbFSrhqvI81Yi3JqjkiBRlvKlwqgVDjey3AbOdqh3gothiiXg/KPCyGVPX/soT/Ja2vK0pJZPXDUSNIIHIkAqSjBgaWKGauKj7ko+ABrgQsFQQB3bEQPHMpEvfScqL1CxMqaCLiUVKqu3PawZNXApLhOtzRV69962+uYQCHsZAQPHTnlSd5tEEWHdhcNOXqK/CH6+7a5Zy56o8UVfgTfu6u+tk1Nli6JkypRUp1fLC9FbQjLqHwxvPF1uxhmXTZststXhsKTv3ZwQHog/ITNd7/k5eNWyqUzvz7ZxgpANDfJUqOiiKKaHx98Mm4QpFJE+kKdQr044Dl+7x7dEb4FHAwO5b/zfvJ93jMuSRz8YzqQ+1xy6GWezjzBGhF4irQVXyg3nEij3pzjYMFGDWxE0Quzh0SQZXVCLTebTc2e4uNe+ni9g3OHaColfDYcJxDXjyiB+zhECSi3yNzAw4jK3ZU0+2sgypfUfJi94J+4sqfL75BnJeSYijq0KxZJNF0kjfWmp/ybjc73gSlFKb7s45HpNFr9Kta/S+OyIocrMlQMS3FX6C04ihDTBRFxmdX9scfvva61Y3SaOoQfqIIJR5PtZ0YmDHewsw2jytgcmCwAlOymeGxQwlg0OjTKbs6yuVKqZr9KetI9zvwYU+apUh+uhazcgu8n9+JNvUuwPC88r29oLYMJ/akx1CWC9NVb9Cw6c2nnDU3tFrKL83lgh5bWm7AJNdgHWmbzw43JxS7eJD68kb1Eg+CXfRr7hO9/C9dFlcZak2wURefd9bkIGANP3gtODoD52wYJ5pcW3861Ue7+Sjdtn2NFcnOtj+KLCu/FTb/6BG/e91Myi46jV93JE4C3Fpa7ibiTv7BlFq6O1lm9YB5PZQdrwmk/NQFWF+2o1iauCsmAbpZpT4UkAwHwRNEkTxPFfHDS4sz4KJpLl2lVDo6WHK0cqQivoD0lLrvU7EXaOb+vafFFyU6X9fcSQ2e8S4LHe5QPLdIy4cDOwVKmy/2JQ4SaC/b28hoQk88m43avGjiVpEIwKwro3cRM1ChQ6h7+Z0aiJ70KXq0C+ujCU0EWnNKnB0RDNK+QSh0h25MVU6h11mSpFiRLWTlSww8ohZHcyFyZBd6oxJ+/DOmkAuFN80FG7iSlAyIGQGt8miVSOLBSUfx057JQJkTbhzlyNrv53MmqitI5tPCAnPgVvBjP+RXAq70RNSlKOB9yLC/Uu+PGY338A28oEHA5e8ATkTwmo/ZYWYWSpE4VQtOpvhYpfUUEh+grdCTwbsNjLaHEZm3O42OpPLDa8SR/j0mqywdk+uPIZwzBb2Oplo5gh9Rrk9j7skaGjk9K+DSRDFWm1is95C1MERGdhS8NYvEEW7Rz0HkCq12ejyD8XWChZP6wJqzT3E/uPTjj+DcTz71dgbJdSCMoehIBgCmbkE8+MBoiF29uuAAi1j59zE2xm185HzJnjQyWiPu8kh+fbLMaYZsljl7y17UkrBRAfZH5zAS24KtxQN+sRwr1O6a6zF48gLKvFiBNvkA3qANfHpuwxkV9+IxlCrmLtbcBy3+H032PF808zmO0oseRTAPElfJRyv/Rqh5fGz1jmvVmFn5O56fX45CC5mBdtZUz6rGOnJNaiprS1Vixlax3yRhITgy4At1dSvehu6hEfm+AI3YgHwfOBpo9PaeELl8DnYkLtY+zYDj8KcNX5cKVeEyCSWZ2Nyuxju48IjVSCRl569ZCoBEtWKi8SWtML/A8Ebtf2HSCIE3ziMoVQkh/lFRDxYJwmyo5lU1wZzxVi9vubvWphkyPy4xn1E8+VUuWiVRz9+4LUuliOah+uoaNKymjSmzcFpa09G4y1HNwKs/dnd5RYl+4oDBmDdcrx5en2q3ykGN9Im+geJKsXrzkwJCyJPzXExmL2FWokJOD9sRlmqqAAWh9I1QMEm2MqCUZ1RgIPO9LDLfMknNZLRTbnnxAP0bCmaEj02u/rfEvuAUPLGT6h6urPkXNKTMmHcnBNVO8uZGD4ESh0j4zqy21MO2U2ZDAliTLliLZ+HvKvV3E29m7zwHlnMLyOrYsxpxfD8G0W7Jrm7kYez1gqj2xvpwBYJjQ/cCGeftlK30DUdFxgA0ZeLCwsV5HOSJw2wonJIIAmR9wjtC7JMQ0YbTk+RVczIF7V3UugKd1OqBYo72P6HRDRWQfFOacbeZosXvKxclD2eO2x+wsqxqKHVTaKbZQjopFkN/UF8MI22WrP4a+LZP0y48fFyr8H0anfFU0lgIcd+8fYRqaRqbe1xw/nek67n02TH7ULX9JRYCHICx0+Evv7cjbUlIuMdK6bdw8pJegJOZS/PANOJkL0u/i6+lx+M2+k5SWb8KkIguXrK1uyO9LX/1D2/Em6OddxUZoelfJM9R1kkbnSFcweDta74NjveoGTQPl9WWApjsDhlYjyh5eSjKN482VlUuQm7FTr5bSLuWVKQ2/a0clks0DzVRmmylYdz2A8DdT7gxkvgw056gObHAu/QHYgHb4gOWIXeU/1qLnh3nxZjB3XrPGfVj8U9vdNhFmrLC3zFdU81w6VZFppUXKE5fOQgvbEhyRAllE2K3olJvGKkDQvuffAkYtTHW3qBfMTdwwxNDSE/xBfHfRuNIhiuYjzQlxbMH4JdsaX9CYSEK59zOFsY02cSAtfBNlEK6Fd6ssEkF3/yCTluczwrEeb/agEe5Awaoek57lipmuZ0dNqd87ICIqPrQYnpOjz5lyce4psgNF9DIrI2e+D5TnDcxbHW80h/WbUJqxaxkfwjcnpMhlr4RRpiAJ3T3WHUsXP8g2OyJdB48Fzi5VuLuZmEKp1FU13/I6pbvYZMcQQfzO7zcFHPkRuouZa9DvObXNODjABKzV5NDKMzBgqHLVsaf++QsGcrY8gp4WZzJHSYmhkZdmB1jd1TmFopjotT6WfGWtxy1Iqj8dTVy3XHfS/i8Y0XVfXu/VP/B3APwlfYaaB8EPas8EsZFjqi6ACGxpFyAdbRYnbft3F0865UXBJglb+a8rQXTxtpYyLhHgrY8T8hVlzMPyk6f4Y3oeLCdKDmNgpT611/j8b3RNImvKx/aRzbT5/U3NbUvCbm1LU7k0/JnyffNKKHsmhfNLeR+xGdXcf9J8D9TiyBLv1uQA1GtDGbhLyto7puyTTyYh1dCz0QLMCVG/3L9poMsxxBpTJKgixB3Kq/gO2kolKM9cXamxAFe6JxPIrHomiKkZU9qLZQHDx9A4epR1oRJ8eNxyfnGTb3I9e4CtRRBQXDywT2nPnpqL30OLsQ8Un0KLo52rQ4eI8mdNjH3pVXVLer6EpGwXb0c4QQgnFIYnZQfa+ZzDqZVhsPvc70M5WkKIzswMHDpakFD+fvlcC4CXm9QHIfsxGiQm8/obr7xQt9rQ1e+3AyQr88tcg3PVwkBwgBw06T2n2812hw0cD5y+coJHMyh0ztSjXOetTw73hBLZM2NDq+XeZxaObrfho7SGVSajLFg4BTxgaCZ7bP60zWUk2CMtvmW/ysEPjrr+garPzNVb1Q9u32/PGNcWdKBzLZS+AIuukZJUZF0Dk90Io8n25cldgqWIBKZNbdXSg3dQCqPalwam5utZZuBJI592qPdM1mxNXjLSzyhMRWVDBSDp+8NunV+jBl/TedKqqItMd9Ts2s9Z3FSppgrlAQbUX0CSydLFbQ2n2EatI3xAPXrg5W7dcan4jp+dufn21MlPHUE/DoZJTBogo0hNPgxOg3fU57UayxaeNp1LiDvkYPCT6X3ZUjpQc3vAGQy+Lo5x3livyqitlfmK7VLN+66CBx0sXhcWIzlo7pZz6y/swWqJGjEGeOePEI+8kVR5Vo6pg2+JtSbOwLeP9AYAaEFNGLaEnfRJXOEbzCFc4+xf/cy4XqO79xRwklpeHCwUj+2oaa3QRV6b+nAZ5DpiUG+SBXSVla3Ik6vGoqP1oS081cjsYaM2obC/y0wL74/9jaHUFRTdqOUBvH4iwEx0iVbMIooTrZguO95j9GQc3qQsGLwJYifhd8yuER+/WeIEPBb9RqQAoZdM8RSRHGVEmPTcjj6WX3SRFZdD2HjRTxsWa3m+h5lTxqjk6EXjm7GJNM0qItU74B36uKhbfYKP3yAy6KfSL51p4rlxs+cr58As2Ukx/838BIXw6sLafvM6TdFR8W+RKy12JP/lWOLrzNbQoj0cWmw7X3UiwW3U38i2nbzkAIOLOHq/kLOuuRpLOcteEub45Rt9d/UMxNAdxfgdgiT7IsuydRVgD0spweNHwR+IE0XSc4hlfkubOnEncYdUu7P5HfugetB0gPQPne9KFV7UwHF+PXR2DZ2q2oA8xBcXowMTcbKaspcSkEBjgxrUmhr+Mx2c0nCfcLZEKzoFe8PwiZ/zqXJAPzSO/oW5KUX94/fIwNC2HINEqYRWhmk6nv646AbNek6MpaakOo5NPy5Em4TMYJ8EVH7nq/CJIl/B8bUtkgWUgzhPFheEGxP9ppc6kDqcZhrlGZNiuBUbDv9Z+d0V61Q5kQ1YH8ojsjNUnJvURB/kNs0tOImQuvKEHJp1xSpZtZJK4bItpdNS149ihw9SFFMlIez8b04nenSKfqdUCArZo8TPB2O+VIStcxM54vCNDMk5KtB7vyC3FKmgn5FVhlcSc47YDLXY/WG6jCmQSfM9pKOe+JwNbM3jXWcHsqLfQwqxKLqb8ggWOuIcxMFRmqlo9ZehtwYHqhK9ssJ/ppMl8LeXXEY3ggyJx8yLONNoWCXCxWaqyiBFORhCdAGOLI25SAbc0TCT5+ZRJwY1j2EEc5q5IN9MlF3cfu+Xc/Ml0t5GFyYcBpP2zzQjOBKNFa/kqZ/p9C88j55p+wVafRmalI9MiHzjO0DTMQcXlUSlubFmFbuxvXegveI4akAoylkH/qiLipit3eTDOHpppi9M7XfMVgY6mN0Gq3SpDio20YdmKE7PnhYSAlEMeZsk6rY+mBEeOz0CV3lE1DricHGVhoWyo+939rffPxMx3EnHeBXRCc2Lc+2F9cpHgP193yXcnDvm98DIF3Ktq9a0NhHqTXm4KTuPjTjaiVAjewMM66wVVxAt61cOl7d8bX0XYbCeCy9olfLFIGCBjzEOJIy8zJt2PVuthbLc5kOXKQfxhfhZg638z7ES5C1fx2ghbNQuS1XjYs8q2k7MgPTtiEYQv/4rmQqx2UmkMhvSe9gh7PkTpnLsY7h0nZ/fFg4I/AssHehkdX5AH2ZGe/8k3kQiagO8lsIEQJdYd0OMimm5HIatyzYzuUZu7tgtO4Ty8Pvo3VoOkFd7t2DUTpaRwMxEiU1NMX31KKo3AGeISFoGlmYM13hxRrbTM1LFYzVoX5K/hZ8xbmtddgAp8y4L4zTGp0EJTcHMV1htNatSjpPlICdy19/xLCaGf9IkND6x46Usz9wU43J03QJSMB5EWWEdbPbapfEZa+5byyfx6rm4NgZxt6aU8kGmtOKxzH3qWNfV5wf6YX82J+vqyHZ+JQSkeOlwidDYvvxcZkliWhpW2OfrA/oUlxiCqmVU52rDlbejw5vLShUP5ouJrt+iiFYZdlHvDcL8aG3ptvLp6kmahVPFTLQ8m6GCsIUolPG//khVqz2OfYBInPrOKTA7k9SJXL3hcEXiv292nbKRHjQUgfTjQpNlvqI+pYyxxE/pWZvz4pAgOOety3J+pzalW/uDQuSapFSUyRomtWWb1AswO3jQKCyPkT8mrcd3VpjIF8CEn6Kd+fPn+/aqIzicuBHwIcmNUQMaK2WCV7D9ktjpfhyNQxaNBUv9dyoRyQLCaVObTACUpojhWqmDK3KCFyNVoslNHwO3xFTPcnBI5ohlqBwZHjK5q9h5tJ3nKSLh3uta+zTrwBjotsghcF/aHD8X5KzstYEU73YMCVJNMV8YRAAUmOZyP2DdjH3qdWy2RGU7fU/A2w7lwMFI8UGyzGPPwWklr/lbz9QGVxdHn2fiJZzuR5kzY6anKx6oIUjfJwE0mntzxdIH0xZPrYv2FKr1oUaX3LR+rhx7LddbzgiOHrUOUO8O5lqZEB4aaSbfzMyUaUS5hVML6jHfuvuRozCPmjvKBIdfRc1LYiHenRVy2XEysUATEpSYTU6OSld8YGQYWaPFCabPZb/DwVfC2ZQLF2ncgzd/Fv6vLKOH5y4UG/8Bkny/eXIrrN8EpwDHsTO8vYzioJklAi0+H+/Y5ji0MgdNNsaVlsaEMcaoNDF0i6zvkNfwr7sEtq78pvH5BY7tQkK1f5g1nj1DkhYQrq8x5/1BS+gIYoum8cA+10zdMCPypnsH0r1HgvaZXzTRh/EhdSR33b0uQJ3gv+vVYtJsgx4UIrlVvyKF4VdZemyhF0Jq8iCws6RaBpi5Fys6omV0gi65/lxnn1K5xyeRsvK5O13O2eRzXIoy3sU0fJoVQ5rD6e2QJqD23ubZufHnLz8LOyzk2I+OTCG0JMrePb0D1Me67en/iC+dz9T6rNfJpDGxR7O9XLbJd2+rXymZUdaQ17+rgc2AFoVgidfN+nVKTwKPrVuzQfgNpNGT9JBR33WCrs6cL0GCqz28NkzXW4FR2Q8kaLyQisjY5J7FonYDyZrIbLwEktcoDE48trx+zN3MSMnDInSWQ5rv+XHoeRzrtIjiY+sBiWMIvBagkBkSlakNKCpSEA5lbm2TPHdirO2wvmgk7NllPabrVn1Om7iVBc6Dohdf6Ydh8xQKhKIw669d5VmdE26cU/3000AeS/vkWVEH1KV2Ea4Fx7eEA4HDaKMdkPXmrec+eDXJTP6UUtIArvDZRQS3W+s00o2QMEW0tblqNvSFaPSdOdP+xp9sLRL/96VpobBaKX3PAI+DkOZOVooFlkiWuxHSvH/GpxMkIqiU61dI4OyNidIA/jTbzo5PIERcYy4oUIRbQNJjWe+wWXRCuTiKdB5BxeIEg3Qki7z1lOgZN/2szvloa43hxy0TJhUgIE5nudlEE3h8r4URnL+TTehyYEuDRchzHRNjBYZmOrmVegjNkoFBgzgYtXs4GOPeMGD1ItIqohEF9wW3TBEP2+rYQ+EzHftCYjH3dkHnm1k5qGcXBRL0ZgLU/UZTTI6tos2/BJo6haYf3yv1jWbTg7+pg4aeG0DZ/NId0ZDLQc3ESDczlXlP+KJzxald3KrDlp0qFh/OaQH38IdqNPTLfALEHCkH6YfnTFhORr5WAxt/5imByE9Oeeubo0PVEWJBfkm2x8EzClboryz0pv1WLKrFfyFuhRcQ4UJIqlbuSfsmd9x1VzjEDuwodljT42PdgnyAr7OWa8DzjrohyIIpQZrmEdvCpOcCwe/ZoGu8/B4RnbjL8vpHDKVfYCzDLFJ+xD4FATqviY6J4OtQxmCd32COlF09T8YQ/WNEC2vo2ljXLRWCS39yfzibK0myfC+Q8x/QDevPDK2GQtByPbO3IwAyb2xjDC75k8MeGU48FajRTUAwBp1FAHIgH4qNQT7EWUZzUxhu70lHIGtFKJOk6Ii68/rdtmIVf6rzVbksdYvmGxkymEUG97WHxCfVruBb60WDN2nrnrml5/Oa1EdMCKlAj4rPdywe112RyGRc0HH5labAwWC2hjrOxQxeJSab0ogaTX35Jq23zzCKr15734AOHOdncnx6sk+276KnhWzWRda5xIf1sG96MjuiLhupXESHuoXrssKHNCvVxY+/y3r2Q27r3Nf8kMLeM4bEEIOO6JgKwHKIzmBnImrVx8ebTNk+JcEqcEkStKXbX3vGsNmzKoELx08t62A+S3OltLUvvmkrhr+gKXSKu5OEcSGkho159sLsv2g2LsyrPr3i3ovU6/H3JxqEfAPguupEJcM6psGiOVDx3uq5qBPrV4iIMET8jPsy7pQd5VIccgSiDKSFhGgulrH+5fZElaSoELfTYmbfrFvZ8jcnqPPQSBvyMKzzifA9R5u6/bW1Q11vhFDtnT8Q00NFtby4MmUIOF8HP0GAjlWmLGDkyka5yHUIZlweE8CUr8o2Ve2FusiIsY24Tcot1SFAmHbcG6tzWhun7A8r/fB51i6lld9PJwk80EUKc1ei43NJQ8EeAkHZp71asSa6Az6QqpZoXPcW2HhuGSgBktHgRdtI3qI3+5PrwkkzdvKTjK0y4DYKMgUC5JWf5Mi3imJhv/Kxf4LuDObAZFMU4Otmu7IoCM4r/wOdB7AUWjw6LgsI9ekpF72Hl5aVqZbO2kuQJsrqfOPCpsLU0XMU/GS14rtr7zXVQBEVXwL2Uo5Ev+NnM0p1mV4EJ/e+txTNGB1cglR5ZMkwF0uvj4RDydMCka3cELIGswdeXIuySSnInPfu2WlBCL6V9RZfNSjIKvZWIQ1xtPnRcMEtZ//rLjSwGjsDnBlFMJeK6ZxsKaD80T8QXEIc9hLeX1/Vf50nZsSJZ6dn1sHojOGYQ9PhUs3VbJrHy4+exk8zgdWJ5P0Vp4AgK5h3RtTlPeOxL4qUxc+PL2iLsR2iwF5tK2/njPd4pa8EMvT5hGA71iV6xtIyMUZS4+4Mmd/M/v6Da7BHJm/dZ1YPv13ErGIHkNtGUQwWL/rFeJIOUpeKwQzeslCMZc6Cj0JjfOD2ppgJdypm21WBZ6l14nAVmjaIcoA1F1ss5vlDEtwi5wJo0XrLVRB+cIYBIPHP80zsbtsPrlF2Jl0NK5ym2rk96WHGKtcNbuDzBxMHCO4dQ911BXY8GIINLw4vJhSBjJAcNJDg5uIMyE2O2GS7aVhz1BhGteaUbaZEefmrZHu1XuD3wL/pEuG0PnuIuUvaPI5gfyPxiilnYacSn8S4YvmcUCAQbdIzP1Xa7cYXbYEGZqrlOJjpXqVvfkH9SDywXThjBcxyhZZNPHxPGPXV36YgDaF59Wd6kFTd5/a2Y1BR/9gcapy1g8BgFC5PDkgdIhmKy6/zk/xgSPQCbHDbjFY7SSrhpZHlRMbTivmyQc8C2JJgjGWCTCmaOTQiyZxOn3FxLpAUuywxsMDr+1oK27FJm8yP3LNC/WewThaUyrrUhVmd4PIFOcbx+1auUKdbZ3/HGiV8NQeGTZ3NY6ENoVEzxPWRREZjjyMvtvLuWtD1fD+JYTqhpvsG13sUyYaIPWJ3Z/ld7EW1/JTSlt5ICE/deOzaF5BLzfuLOORUz1bjSEYYzQdH5XbCY7VwTf1JySEdFCbVv5di4NhOV8qXu40Ljr4r7jvN4e4/R9+/zRa5Xxux0Z+gb+VXXLCDx+U673rq+hull8ktPERhtV0wUvvlIAIwco4nVRhZoWMRtmIzUgwYBwTiF8miN8dihskRg3PxDu8/vcxuP5AjNAW6Yt0MF43MmBL2/LaDUjdmggwfEitGLfP5sdiG+80wzlo2Oq41oRlSIhbi4Qn9jr+2BYj6uC9sQdbce1jeeVrTiP3E0jNLBw2XQ/nYEgSY/zRhqZJgPUbGZtwiOnPwpbTf36UrsRUsBkmzzC2KyokHBPWB+b68BPELfum3KyBYsCs9rL1WHMuSiWL0a371CvdPoe1SUseEC0FDH+kswlRFMAP6sFA5LlMM/7ypojDiM/+2TQvEycnu6MvRfyPRav0CHQQNy/0aDCVP76VU369Mcg3Uz5tWdhXwJBg1vNuD1dWvutBdphbbe//ki0j5VmQCvXAi8lWuiWqiLuc19ZkQlYhfGPKVhWMGU0M0dg61NBuE9moATSMacM9bBgHsYH4l8fjjgJaFt/K5xrmX/ihcFxIEEKHcjPeIS4/5jjefSYu7JzFLEIM8ii+YbfIFwYDRDCxAg0DEkYdOBke0XWrcGRIqMGxcZdNae3rJzfIF1ffRPj0X/z4hZdMuwu1yr38yKc9QOfWQ0Lt330BQvSWmHa6EOHIWeqMVjQJMOOzgoL13uMxFtu14wa8tyJ8YOdmpT+Burrkd0FENWWoEfN1TuDE0bXuStJ683gOrJYVKYEH61VlHC+uAIjaMnhNkYHDVzQlplpYNa75NMPLufic5poEqngKl4KkUwW9HZnlaxPThI5+7tw2ElAQlseHE1PEuGuQc5aAbCM4lt3lCQWqEH+w2SQew0soda6IhWQXsDNe2CcHQE1sz0Ens0/QrejVXBBClj8KyfgbwLbjOaAU9cGP20P7P9cygjsO/YqgO/PKpVedhtBeom3pMEYcr1csU+X2P++ec7Is7fzqlLxdSqQyA5xAqzA5K4jv3effQhGIMeXwdOKU/BZTdGLIWhQfzFSvLK6uJZ6wSFpDxBSQ1VxJxqAvvMougrEhE70QoMwhnNEeHIa10fkrV8RMUbhb/uZUk6GN5KPQ/bMB0GcMpqcWHZxcWJ23/P+8QerQ6AdUmvsfS1DLwcvTvHMnP9dG76DmY8Rix/S0L+J1YeS+xki6fg3alJXasm/TgCfYxBfGTkg4mTUV3T8vMEqa13jIWhEjPXn45SXLH//aZhbkYqGTqvNbNlj6WDxbX3y85miYti3faSl+DJqYp29r+EsYwmNy8MUDMvzWiJtPVflOFZ8MaRRmLfnnVaEb8UI/kcpGN7qY6YJXrZBr8I99ReHQFUuOD+1NfU0zr72s7CDeHohSxNzCxmt+cg8/UYPUeK5skARkuqYdHH0Q5bB7m8nbHntXcoa4G6Yu+Z008eHq4XaJoh2hQrzlQqtYDk3n+BhZeRE6UFr6MTOCUgLsU/AT26MJWQaG+pNrW/wJy0gnpvpkaAJZE7+wJT71sRL/IudVhj/xDvFhpyDT/a8cKvaffEo53hTCtUmDNeXMw0AEXKrySaYC8stSrfboutnAT+USOYebW/SQgiO8hqW+xcpCOpVxJFie8x7k/bLl7Jov5o6gRR91rLcKnFdcd0AiNwFIZU3yJ/0IFbwDltHchQJ2GjL2iCyVXbNmU8QB6tjZDSQOul8cOdQhSkhSE9ysO56lTn9fhe0YNfSzlOgj/Be66M8VPIwWRPmtBc53cTFFflBq66Eo+f5tFtAHVcdeHwjk2TeDDZVVf3pwpaj1FhXNVU+U2OP/9XSkA44dOzUC0T1uLEG6F2hgaOISwVKscfLOrZbkkGzDrFOHXwKwosv6UjwbvTTVhKN3lVaU65WDJ4stWbDm0LMM2k2d7mNQfniOaYamjpq2jrI8w1D6PZcaGIHVdEq/LfnlwGI9BCtirOOGRmvjibY43AtoAwfN4iV/+JZrMgik4Wo9C8uHK0sojJst4/7bvKDmZ5/eybRhDWU77LE41OIrIY100GyaRToHMO+56UOAnIWpElPXC+NGIm3suRp3RmE4qsQDGJJe9QDJg07/FE1LwR7UWA2+daxTnvJ0PsId63bs+NaPvxmjswBWK0C7hO9c/wAYGegAzKV7JqgVLlT1K+DaWkvC8Ob7Hz5p8CAv4GzZWqx8AXuujmqOsEw2ZPT/t0JbuR/pmuDdO18OiwXago2AENiQ/dWliyy2VaLXEw9ToyY4CuQgLLjVv5Ni+rsBr6wtBVgdJUbUyiw7fDuPrybzf5YjulyvFj8jXKPQRMCexSoCw3FzKvrJp96kkkWK/lGHsVato989ghR4or43OuLFQF/Xsdu33z18lAcy8k2Zm5qOdqZOsqNV4ODnzHkKuVGAtsEsEv6QWr/IfCnfwhqYYeucttEqHO8B9zPJIyh4zDL3alwWTF4JZa7LF6WsvSkLyA5AVcogkohG8U6mzP/FDbC8L3l2AwPfkAzW+sJdDLLuIAF1dHA0N5wUfK8bnTAYLDqYKFaD6U2C80QSdBdo5EoEOmeiTq9aGMc0v8MgsgZoa2k/JRVkZ2HYnNHHQThSYgcLC4AFLE/wZ+ekXemnFPPjVX1RTgS+A2KAiSrQEcMRugD2fglXf8pJg/DOqx8IGdADBwa3FeUd8M5YyFnIoJzwwkqdNZveFfLnNVmpxWbGQWj+ITGf9FEbHx3a5cEVVs7nhUiPAAwiR0oHPbbQyrUwTyDxvbnrdlqs7vsizV+rL5qrYy/7mJmdgHNDo0W2BsLSrRpEBQPpEwC5XzKLlD2s4FwB4eLegtcZd1AzqJ113IE1969lnu6oWivxO7E8hSOCU31qBnhkLMmlYQrpGzB1UeumJvvreZ083TAKl2clwe6sr25r4HpDEp3Hvp+MVix9Hi0CL6V+0H+URfoiFX6Fah6w0uxzOei6lOhesRut1l0KuYqaIVVWTvnPFv/kBo/mDTxNjl10jiUeyoVBeQXeKGieL/QM1i5DCsclyk3uX5rhpiO4vYqPbPjczrRY7ZUgdf4vpzJhUegHI5583trjG5+70VsoGnIo56AbrNPomKAui8pPNHyYZopTep1GgZQL32S6trRERIgk1AG0F2uwOTl/M1J6hvipOyPKhdRbvaUeFWtElavjedUyjkBtLDVPn+9537/HrHdENAacfjXrRSH/fINlYwsc3ywJb4yWZTbZ9lNoseKpxh2l3GFKGm+kfWlN599jUmH9BTliPPwERkfkNYpn6bry00TRoLNn+sMlg4ozK1Zm0Ar31wyf4WVD841mUU5inlKJblrNObaqo7HTh2pKKc6IFEeumI9vAL0/+vyoGln6F30eiY6TsETQl4v+US36zyX7UApeRek9CW5xe8E9Tpn1IcLSh+gbjwoceZGvD3v1xjKIWyW99oMqFju4OMrl0ynHg9XIz2ctuBUUt9MUN333uVQMFwbNvMmd1yavtxFOkVEvr+p6RuYBWPcARRlOpW3wl350bWDni7d7Rawz2g9BJnJhyLyfIG3iVE6OIHsW2plpc7hVySaf8rlDH8OvHu0OuNjssZv4s0IXrK/E16/6ot+4i1Io0D0FlOyOa9Ze/7s2ePa8mGmUcudiOaLR51C+PC/Q+2QwkrKJxNybtIZmQTJ7jMBKKIj/ZjiXm9ZKs2pbr+9FQltWh/1kU1E4OpJGrp6hUNbXj+B4ZDSle+2VT4GcC7yd8rgll8XVyZU7sMiDc42zpPrh9p7A3NktoCNLvwFhxb+fcxIsuKoJDhXWTswpL1f1/XgJ1F9e+EQRHb6+aeE4HdsoAhoaqJI/BsYyet0YABDJt0AOO+eloNTk9/8u4Spw+rKEqzsZ9MwwIHNRlyKw1Osf/P7LD/AIgvx04Usw0Y6Yy8kEYm/ctJXEPgPmT0nRkKWI4WpB3Z+Ysk8FULXNpRbLLzBUDk5wVbbIN7GdD6LMAK7MA1POrMI2+oVIVZnjEAD5ViYZZfNvolKQTJuEcOTMPzUQrJKCfdAbYIU8UiP4mmq33oWEJME89M80vxpjG3Ju9gM38bjcJDXAwe4HOACfWjCv9t4qLW6H8pwAUZij8Pz+G/9i6pfPXl/Ayd3XG1AqivE4MmPG6N1LJkQLxG4kNjCYoAYqDUoGCXa59TEuuP7ZlHhoBLaaZLRYrUm6uUdo1xHUnVCSqkcI75xUtJucPotWgIPqQFhnRBhyMtcRUbp+hhZlMoiY1+qrsqyepyfFO38LRV/SpDFE0BGHdhsKGyKvYdOAFxdCrujzJQe/N8zFz8v18a2NTJ3xiDq2iWUa+tNRZdUa1RrrisxhdGh4SxEo1tO881zRavl17NZGRQJLMpKlv2xpwCCFRxgtfz4cN/pLCODADXr8zGZvhybC6ilIz7+MlVjYmn5rILa2M2KEEOO0FUPvjkeQv52jLXgIufiraimklYUO6FPCSqTAbsnhwZSavbFR569CZVyHx10Z6eHklV33bZImbTDAsfzvxXEPYiIBpQuRpYW3X45tOZ4+OaCEQ2Sw7hKUyLQgtwwlndcnkf1P5VsJJY3s1JjFWYMwsTkrbinvS0Fa9FsLvMm/5LUBsuBFGcnbrF6ITREEp9ycTMuC2EsyRc+UjrIpzdeP7hnCUfDsFqTFNT6MCN9lpZHin9C45pRlMUs0nV0elbiS7+nvRyQn/BAuAqdGcRlYcvZ+IyAkeBSHF/x2rSRvJo/TLuKvtgf25lKCVrmGSs4nhbcwYgipaD/8B8XUIxzp2Zr+MYaaDb6OriYlwURNcEQjvkUlo+8pydMMgi/WQ5gHRha+LpPLvQ0g+zqOb0rV1FxZ2wQ0NNNLVlmVpa/fn8PWlzBpl0TrOSiuPle+eVkOl3K5Q6YhO8vqrdM/bheAhnwn6Uhxntx62WATi8gJHD+G9KjXsjf2glvhiN4N2MOfKJphd+8cfiv+iWt1xVJeA6mJSX8t8ItOoWB7bHBbrLJehRPOJm2Z3rDsDAFwOYmvybyOudHy9O64243nLQ5qDmVXLJzJNHhM5EoX2XOahOkePpDekKm8mgxQgHgdOawZJzEjf+r+eDDhZF84gBtdu6+20XidePxVLtpovK+VMl2Bu8oonjS6KyGSTt2pnG3YJ78fiBdyzULXzihTeSsG7VySciKva7GflVWDG1/4me/4iyIY2Kpcrw12LHkvwKiJfrPbpFCuZstJ2CSJAdDA7ZajexmbzvpMKeacUYMGn3w40omPPGvPgQhbI2nAMnMcljizX9/E3/mFNn5af7yzuqbUjic4weE5U9VsjhVet/41DWm6d3jkELuMy3kkNhaGrf7gyIcjhDYcIUqjpUviA/nWy/MK+njtvdTxPLyWR2g0Enrj/hFDQl0mJDV175IscIIZvOrGSVgJ2lLtZXtmuB/UkOZnaNKE+ih0ecT6m5k9JJ6L4Vo8Xo9pDtQBgYUiLwE/OI6JudO87oNys9WeHNn4wncon5/+ga99B+Z6UOmvqRPW9nx6q7G6QeEV6sqRYHYUJKSquMdC8JQYKqvVjlooRayzdWWUlKvYrcCMM9/AzYg8wDoU4lW3vh4OBiQ0hxnnCJ3bsE61+/+uBf55RnxDkZsU//HMvDwbh9Bo2SoMa+T7baUuv37n+3zq8n/LHf0eSEn7ZW7yIiAz59d1pS+hTMCni5amxOgtOIS1MxCvjDg8jU+KrpZaKXqEoPGZX/ixzqWvQSYU9vDHruwWbpWOphzC54W8BZXCOr8URSz/XufEak0sp7y6SWFR+ZGOvf0AhPVyEOqCXReSjqIAy9OQezvMM0r8czAdjDzJiAgSAai298G+oxRZ5hKECzXMSQkoQA2k6kGs47nr0XqiUq0sTuyCX0tKgNM6W+vkBeS1TFZGi8ZXtJbiQRetEuNCsO+5eunY72eIaPLJUjCIbr8QIt12cOzB8X09xxqTqsHXLaiKKjUR3UB3/dRLU68pSqzoi1YD7uvE7CtKQsISLYQD4K87MjJneILtHZPtMb8aWJXeP/SOdBDjVbnMJRafGG+3v1EvNrbH9RcGMvstMbNE7SR6POHQ8GxMiyDAjmZNGmzIzz087PFPBhCZ7gB0/izMSIUXiZcXJ9/P3LdyoIkh12tIyQbGvQu+xWns2VfxRp8cG07OyW0WlYMGiyECyyPHOuzhUEnxGkVz7WUeGXZozuvhSJyZRPwox+v2dAJV74MK5Sh9IdCwxYR3K3MMnUGA18InhRgncOfqYE2/9aIW0GS+/JvLjInmT4IvK8VJgswRiwPFn5oVRTMSujZLAGbxRMFvxCtzCFT1owI1k2jJ/qmDRkuciu2F4FSGef76PLo+uwt8CQ5MHNkXwF9YmyRNfvYGDmhJym/fVrxPN0sHhbS9J/MloUpp8JKl7NZ5k0Mc/QwfYNEuTuD838pAI3qD96vAGYM46oFYzkQEgRWg35SDiVlMne2kAd0EDg2CmrKqgbWiK7+vlC0EG9InRwQNSTMaU5lLzHVBzpb92AZW7HZT0nw77M3BuYsegWEav7R+PZd5tC6oXKrdEc7+a49RG2fgPJ5H9yxqrWAxvgiJ/erNg1tqF1GYwADZU0VZByI9gTt6dAD3vTpbcV4KrareN47o/tVsbV0vcpvCcBjvlzympNBIfrxMp0GWDMFWxukqUdsRONnDTFOBjub8DadxMbqB1jthf3ZlGoaBBIezz739fau2ZXNH7MQDNSDg34wNu0zqPmLgRBOa7jBMxKq3qosYwCLsCa/2hu6/uIxgWCw8WNEKt9Efd+B7TIMdIxYo7OHgkb1v/EMsDB9K8yTLyugp4lZp4q6x941cYhtOIvt9q2xh0UfupeAvOuAj5E+7x80iPcN0SJuxBE5quQB6BQMk0B0EnyUAs/7Ht6wD0Df2vbBE7OxLeR06Wsm6ShiQS6u9NPj9BYqcImKjElwyA8cDkWKPjRp4PrRheJvJ0NwIaZ3hJQKXzAvFwahV5tTOOAvET0S2fpLyVZM2hvGFZ0GH9xNdhE0augBT5LjKTwzfvxRbraxYxJE9S4ewVT67kHwWh6P+pFXmeh6Om0060zJI+EyWAkZVE8WxFw1dh+B4D8pF53uCirmR0ge1JerfSwlCTGHKjLb+dZttjmFLVcIVEQDVNHiwIVO7uap0M8N5bzCQmfQBMfKbjDipKBO2WYOriJnIqEzKIFZYESgVfphmugo8wkFMrqazhlpzqeDtoZW4E9tao28CLH8hSgYQxc0bfi5VuylQRxXTCpZa0C244pNdP1fU8oVj32clZq5JyIRWlAGxdFw+5iM6OTX13w09VA/NnFinOzmQ5hjrS+LPqa/hhtsHTn9AY1LmQOsCP+ooK/S7HXufO3xCC0KRUvNZygjuN0qenFoqKbgMJMAvumBz5bZW0kk0Lvl2bTYTI5FgXhg7CtbZGGOEwxolqEkUuUIEOVGYBSf8+5ZKdTyBGokOx3EgPuNZ0FgzZE6nbPdXkV9UI5F7RF0a3Eu7rYyyxA6UWXVd+OyXDBoHLPB6+g7zQ4XAr3IcMxNH5mQw0zaBtH5f7H4kPqi89rJEAkiQJjvRIFKGYgG8U7d6gIddVAbka2Dpt5nhmOa3a3ZSciU6dhIZitepOvlZ5nYuILyP49vE/8FkK1Parf74hjzbcr3Z4yZTtQlrm5yISjayOEO0XD63qp+xVvnq/L3Kz97VsFhCv1qrqKz1M+tqykppyuOt6UnJ5cURXBAVxB4AYA/CnEUu67MdN/PO5d5wsjEoksgVZ/VncJvhI5e+INRF8fCRodkoEi7SlGXptZMJrE0ZYaIL+KLU9dpVxo2mCV5L5gDj+As68MwTpNBYcxioql8Sez1c62VJy+r9m5IR97fZvDcZvt285ESyg2EOylFNHRkyWT33zsW1Xy081lZoFFwxuc4YCnpkS48W8x4lbguCQki2hyEU8ojmkTUjinuUSwZIK6kFwmOZCw5dwW1DfAaIoqUg11hkh6riuh2fhQin6CD5KATwhHl+VwYIQEPAlZz7W1haUzusrxCduN/GV+DeiNUQy8yGYPuHHy5+0OpF44RIibYcug7Pzgsd0MNQ6QIY1t7QY86zYbv9AZBKwJgm4imfO1XIZcN2o0qqTRpPVn5ODdEj8onDMUUutW/xiq9q3goC4oypOkzwKg39MbCNKuI2bTv87P+yS068RboPyzgYlmn8V3N2KR+fzfy8hbxTXXS6RpmTwtzZxzkCOViLIxEp3FJ+pBcjrjRkuEMCu1hnH3wA1g9M1q7Jpy/OLkek8KLyfnTFmUS2nRkhE+b/HIwJW1olHHE9UFm/574bIG6eKIe7tIsoLkU1HslfMB8ZUq3vUoWm6d1WtuRd2gxWn/y6LABZeLpV/o3EA7Cvw1Y+iRV91Va35ggtqgEnuiG7CwG+3xfpf59KNcpl2Y0mcJQuR4WaRUVUJXkGndah9uIqUPGvA/wGt8xnCOuWi02BsMR1tuqU1QYZS6rhQQvCet95sHQRwyFKLqdV0fg7JoiQyddyKTuJ0lkfGBcMkysLk2/MXz5S3Y47Ykcc+ylMjzseYxZ8yvTljBUDaBQ/pV8Q+6fk80cSxE7tVxzh/bbYfWnQN3U/7LtWog+JiI3iHb8HcaMmHZvYcnHHQpXoOBJqgyNJITgvYgdzMqyAJzQhzAniJhRA5q17ziSQQ4oNKOc78NoEXnDw9dMvEqt8wOFsh0DxGDQTKut07c3Y0LZCzkKQz0w1FRz/En3K5s9sAEofyu3f0xgJl5JPR5QG3j0OcpijlD/uXv12XlvczylTpP7bMP0ZEaZzBeP0CdFgzjFjpRXbpfmJFdiKHqoxSkP6l7eeV6onmPwldbEDsujLUyx4oOFYzGh4YHRG4/bs3A3WA5y+6F2fRh4RdwzXpZGULIjwTUz5NMlNRoYpBxPlIrjNecRlE6FPgcj9kdvkJkiDR5MKijXxNcbgV/Sv98aEvNN7ik21EDnk+UqZX7N4TCqWZENhqBKq3z44OkHjkTV7aV4taqWRuUhoy+N8VHfERADR/bqxUd8Uft8CtEB7rLWmv3HapkWhvtSPXRoly3Lk/o9oppZlfw75RkIdhafdsE0Ld5j07sODFbh8Hm3/2tZQ1rjK+BCJU2yJu3m03QNHsbhG2WWzYX/njrebwZDVmRxlDZtzt739IeVqWgsLR+FKx77YRHp+zbLARFdEO4tH8osOY+lEHyf7iHgCPUzSZm8hVA5jhNo7SPzQA4cWHd1NFyf1DJwb/X4/QJ6V5Tj3cst+X/9f6tYHsKROf34IpvgIEl3z4jT1FS6n5ewAu9jXtOuTeAdhG+EHcTTvt3B5h7GiTle03BTrZ3kkQ7DE+x9K7ZTp9jJ+vn9RjBv5PGSgwvwM3pKaxS4e6/XIDIZ/5MbKH8LgdzARVs4Pj9YdYO1xvrv7f0J9Lb4xv2LlNdKT7q2cdEGQeKlB/dQ2eHOKTwjlXmQBR9Kp82jaHSMSM6jF1NG5EVUL7sv+mYhQlqQyqLTVXoFEYfS70ka8an6z/d/d8g8XpWTFG9+3bF8IzaILkSd+zvV5r0KFcXAmBxl7pKI6Pqmz10s6p5faMsL/y2S2oLMg0XoCQXjTN7XEgiw8KrjMP+HWnIid/O3X2PvSFPDIqPcuQsq6pV0+jgKpf/lwGZMTDux6ieviXGO2jg5+I5nmKW8/DHiUTMB1h/bYB5bQQgsNk+Pw7s6AD5262omiTF7Jv/mxZeNnBGhknLZtDPQZyucBev6NBlPrIniQuw4vyhG3l0akZ2CYw1AZWdOiOhWnTbKxO8j4a3awRP0BV8X0+tBueE2+ZwgIxPxl+t/5hHvAh45gnr6OU5OY+B0Mv+qecCtcM4ppZ+Jf07QAp4mrJC0/HIKhAhfe9TvRFJHnjvTIpCIDw1Qmt23kxmlWr0l9Z1BWWQ13klnd3FRpVDEgYPMitOEBRvjza0lCKbDBg7Xu6SoLWmLWIqQAs3ZgscgR47JSlUQc/ZL8Nc52lnE3uEZQ3w4PabG3NUgmW1k1mUw9mxEWY2XxznD0afCa40923HieGvkezS8ynBTrP7HqoSBQ6M8SIJGtpciVr11uEmganAWvQ7GFuh6MgNoCCAHKr+6D1oRn9tql35fZp8ZuunWEldiswn4Ue1MRHpvPWzdzJa9cMWVJba3j37vMiJ402BHZoc72aNQBCPknEcfhvhIx+n2Cej75aEss5+MkgPFDlWvUO4udAu4xOQK4loQkeQ7M0Ubf0rALbyTeEiwRR886NgUXw6l3f1hzRtygswLkJ1AhA5zaHX6w/9mjsEUYsVotOdCf2NOPBep83KExu+fHhEgdTy76rcw1iw2MTJsgUBU1zYBuYtpZRdRFmdXXT74H+n2YBAKAgAANNu2bdu262fbtm3btm3btm2bN8QN8ti4qu07+d5RDPX61Au24eRRUb3TWXFOtYGu52g+a2WXLG8L6xdPMHgNdpNisT34+pOPTMFzOji/cyq2spfzZ/s3/6RZpcQrm78HfoY60yOApJVShlXzkrAvUXiCaS5DJvDWJF/FPfA5jRcj2Jto2/Xz7uK0/hiyvWwpCKd1tc4Nq8wRCbQCKjRE5Ssrjd/0VyP9xymg2wU8mFgqEePAiHHt8Ed9nUZKdjfhtSQthM+3oir+nltC52Gk8RPc6g+jtOC84txFKTUpZYLJrJAZCcS0ByvIsc+XWyeRKW50M052OoP+EtxkldcVv9s95sXdvSag110H+WHwBJMOvUzcfvVaMgU9GUPpTtUEYR1c1v3Qns0C8fhHJjJC3bLz9EkO7WMHAjXLjdmLSm+0y7JAzKiN7jpIlwN608gPa08wv2m0oJWNqZfnL08hgg4zdwBXRUb642IsyAhSBGr9TwMVlsWu0WhVSW5CPz7Zts7GQhEIdCqfIoMzfFaeLxMiHlEzeujNcxPQy8fwnBTCJ6EXSzNUUKoRmilMF/ewD9FI+bPoQ3h3z1tGZkZthXfDsB6axsxC34ri7e6838mA9DerxA8LldVjltqzy5PTshqOPYBLnx3aaKaDrzzV33Hvk82WcjfxNZOZwksCulnoGXq5BDxBDzSBovZnTpPvDmLsslajLaRewaivZ5ytGtMbH2gUov7GadPwja7wl0co7fPOuZzGNjrVYQIV9qm0+9HLye7hIROqCYwdccmHF0FQceugEoWo4al1eYrC2ncIUGzS9tOb76ZjjgfV3neURWcMJVUXzopLeVySxo7uSS4lp7u07o0CKARUxH5O1PIERg6sCOTc/QHj4XbNCg3JlQmE1TLKFk/S5+kZJDGAxCp+ezFA1vJmLZjEQa/IFT+vz/YMpAwLYZalBwAdx9LxrhH6CneV78E9FLPGTexgujlVs2Ridrfxg9+B8Gkw7hUjZR+E6fu1UwCr0L3z03lgTgD88uNEbFufYYQ4hbXerzozy6jzt5nVvAeu3npfGr8gFBf7Xj+4i8ZjPROAqIU5XCxH1W6Rup0oNs9SwPTNANHTt3a0xD1TbigZr212G9aDUevdbDgZD6fLgyUwDhD2j/YsGow23mkbSrzX2oh0N6jq3YquFL1RXQaabMGjjkHYmoa8zNX+mdDHrJv/GesKng9nz8QGYyeHRWCKukltmsDIINEMoy2UAZupZNOV4IZxDGZJwSixFrGVu7EOUkn62+Wxsf8wVMcJ94LWyWwjP8cSS9OwQXahOHv4dknHr7WQsc0SINuLq03uh9GlU3c9nA6n/oiWAZOclbDtRiFtv2aTY5g6dHR9JYD0PQStlfDyvXJOhfuQlOPw3KQDsvBsOn8zNdh4+TIu9APugZ8Z6cI5hEdnADkY5talgq9XNb4HT26/nZKPmXj1Ye4XKKw24PPojee2qBYGjzKcT4YhsnP2k92JCM8VwqWeKoKeJvHAHqKgyoNfR4uPRoL3lRdqnSW1i+9N1+pT3PhKVH35wSDlZOoM0TKX0XRWjvOIzELg2F7qjD9YCmSbeQr0CtDHfrErsfNU34Dy2NlTB0ZtEtEUI7X+UAkyoqMok2eslZZpOh/ByaGpgGmQ5HYXk8XUul3nK22KKJgTiJpvxkJGAjXn7G2OxaVpvBELynPRZnnj0YwrMbRi1aVmQm9PDhxS6I9W5PpTmPcax4wDClvMXsb3GUw8VJ0HTtZAUzkjpeVNjEsO9pcQf/HYOPrXw+wpQOzsgNpAoKxRA1B1T5SdMfu8bVavqGKXrDd21VIVe3R4vWh/LVib8UxhtOPeHxt0HsbSq+ZL2AR1aL8AuWNydN6ztQFw5BjP4rhHNwRtpPHs9uMREeewinam2RimINk8GzY7WatLEO1cDaHyK9SYRPNXgkHLBfcudKkeYR4cpGMf6LnXGpyMpJulMDokrQR07Yji2o2w+5TMTvDRE/EuNjBXZKYID2H5fR981zV4feRCmkPAxvwplSp6wpvaqhfNUbDdVOz+szlR6gF+Po6AiSyuZ8L4lxslhg0qg4ImfAnDvdzGSnDB6khZAOnUVWM/iBBLfMI6eBts4nxaY+rtDJX9q8iwV6srBd4PoNEgYouqHP9u/z4RtV9nIJRr6n7Awj9w6Yv1h3jV7hZQvCDiIQACTTx3OTF538c81soKouT5OVLycgwpG6RX00BYrf1mapT5UQgyxtm37/45pcS1KjqYcy6EjWXMj+2WNt/LWhIhPdAUwkltxft2xn3QZY1pD7EK61F8IX+VMF2uSaoFME84cFQrQb9d8y8g12bTPPZk2OtfB5QsL79A+kD47EQDbx428tzl0yN6tRpcGnugTaMO+KQuPviL59oqumnUi9uWRywluKx8cHUPTN3Yttl6xfuuzGJV7WtIyr0IKk+4cvEZKUW7PW5ErwJd3WZUIBVVKKfYvBm9WikXzDY3O1S0LiD/OhWJ84eeNykv2yvNkZSUqSw8WyOgnsrJ3GIdCklaNeSy35IaqV2U2UHgB7g/Ze7ZWc0Yz6UL5iJGgCEailU1JXo4TqnhpeFE0dbms6wc0yQ8KehURGsv00s10ETS5z1bECHKm/a0WDre+TCxOvobIURrscIJKioXQHg1gffOY6QcQxx5rEDlVOAJ4NiCZieBLhmf0mWtQFYMzZZ4gGSijN9llfyQzh1qKWAj3DAruFjBikbv5u39y1PFPIkGIDyyt504UxiTDdTaA5cE9yheOPST6+0Uh9lqglgiTPIvnHc5blp960UvD1XlNfgW/WlBjAPWPksTeXLQFoGgW1tobTp5OEHzbXNmrcIaIat+nq07Lh5wpGb25qx5KxPcooPqNDThE5hymC3ZFZAQx3RfvUvgiKMtxgTjOqHXrqLEX62OmU3g67RGyMNwYIMX3AfgtZy6O+pbHFGPY7SMQDtvKT7as7zcL8tk22EgazNVQXTB8MfAKOD5DGedpc8GzxOK+pCOdjPtKarbwkFmwyVbm3s3aihJthbfYfCwsXGxjBW/S1N13GwbkLPY8K5QB7zdYjoCmU3zlr+88Sj7Kf469E8ne0lCT+C+hsFlygSe2ZIqU+f6EDmgz7e9af/w/Y9CeX5Gf2M6xMJw+LhXbtRXB/xzXEgXRKOG4cL2aVWiGRmx9T4URyybTHKvaQF9GCmRjwKExWbhtJlk4yn7zfIPHs5BU8sqYa4Tiotv9ifnJVo8Xdx5X6HsCExc+ryfJI4kf+LFCZ0C6loQdzWmx1fAHs7q4gkeBnBHQkEWk/mLYuZ2UckpkX85q7ETf7hc02WfL1xh2I539lroO1g+a/62AWGFLU9+Gm2ytlNf/cnkmUR6YRaDhu8XzMoQLbSZV05Cw+xEPCmIplARC9qPVfbNoBDxv3ZFZ0kNKh0LfOXyfbzN3xMI890CxuR2MBHMdL7ZRyI/l0gXRVl+pJFoEDYdgGZcYGFoUgauQIol5nzuf0w87WcjwLgsUmv+lIJJbNS27AjgeVwnWg0F9L+4DT2D+s7ndNw+CUn5EQQbTo1UtaWYEZ7B2RtYxPdVCZjvVlupjDSPRrvsrpE0INYXvLSwsuyKWRZxp+HYQywbU4JE6eQLks1auWMQ2aX5pyTMUI4zNFSJTDuz7RN2P6GhjFm4pZjyXrSm2yhDo1sNRgAl8tQmPAcHL2ii56SjVBhwVIZ760maCjtjl3Z0H4Sm9PGNuWMaUkgC1CUiXTFCynAMOeIwcQXps0P7FklojES1KlrRZWr0zEF5OcRaAR8NoSKbHlrA+wJwHLoFNS1jwOGfL6Jr2Ibs1SHUmGn0VC+ft4AgA9NN5XQNBjvKoykqC3AztDTExVsv50rUc+ZIyVdgY2GEf2kbvXXq0WoSR3vi9YfSqLm1GiW2mpsAy5jl3z5a4qbu3FinND/4avwqVxkULSfsNpRV8NsmpP+0piDS3fmZZCRuAb7e4uuRMAoZXmIO0iyUtj7O4ntaxhyGjhUcz11ygpAlfqyKeno1pbz+6fD7w5jR9zLSxj+0a9k/VeYq3AMK1/8LkZ7hYduGORxIwIdlTg5q5UFmKNam7hKdf95zbPprYJt88+3PXGaVlVW5d3E0dadtCDBTjLM1uF58CrY4jaJXriaSmsEXKN/cjZBk7rruufwNG78GiZ4QyPeAZ+R0xcNuAp/wkAFylwGzOXbjdqPJe8TPoMh5xc4cmU8jig7nk34huImGSr5Wyu61trOB24DKld0rgmpDh6cz79c5Kr+SGdTQeCpduhcjnTuLAOlNUauEO2IRmQ6WvJqViDmSkRFUaQGrcrUT+jrys8hwfZdtz5Ont7pJZ9LGgrZlslk+Jq4BVxAeSQ9PHj2WNQDSexWUq9hYOKRdtg5JTAHXucHpx1uIfaXMM69svpYvNBa/SWBZe70vdjPu31fwy8hol6Vm5RnwMARIW9Z8OLUhoEuRutm/YIZLKo/73ZAXFNOe1XqIvtdh4QdlcNdTDiXPjiJPCd8u8BSpa8JLAy0O9cepUBJHcoI7k+IWoXXBlVQ1keg6PHqU6SeViX4zJZdxzAP6fWKP3iwqlHaj8WNOZpFPYn8IeD6gXA+GgYVPX/u1+sirJwSXgHJ/Zyfs6tS1ghHbs0nGFIt/Rp0N861zxk32UPLTbOONx//nut5rUjbno/h6MQ9Ngspg2+xNFZziU6EJVfwEm2Q8YITmJB+VG6kwvDb8IA0rFRnsRsbM8GtZR/PXESmef46nT7Y6sAUwcTik+T7BwkF3NEPx8XdgcTzeU78uFJDUH2BaWkqbAwn6mwPQ22/nDGMoEsCGMA0w4n6/yh1qGYuzYnC41Q85nD/gRLYohy21lpMf4Xhq0Khg6sS6NAF9aB+6l9ZNQjYFslur2lg4FiyxfvO8+K09Mm5jO1JPbNFmKMxkXbUDgn/ia8zRU66y/WklANgI9G7Py3995irHYhDTUIxKngzSIN1WMWHzI1Prxr0tVg9gg4kZMLRmfmKlaleWTyHrVmFTCV9jrNOcxhtXlkDqtLom5HgCDcu8Qr2CUAv1wKRiYzFtp+OWRr/QDfEHr4wNZU8EeSjPz14+ihpHTzyVkvRToSCFJVxxcocx46jM3YeoLY4RKbHF4RUEeNB3eMUZRxM0uLOQjZyP17co2Jdp2EBwzwZ6LtwWb6uX+4IX7IsFn/roH8tUAdtYzs/5+xYQAlKeUZTBM46XpKhoIu7400kuIh/YP2DswWzmV1mV9suNlqlvFUdE53uph5gIjrImz2m0Q+LCuQhQmOviGeu7K45ymc1WSunlejNdSNaEFWdx4RRGiTGcg8ttj5ZOuX9CzKLvWzjlWnZ1T39epZQaupv3chsSE3M5mer/IoXP5hnumP3SnhacCEAZZHHzs/B3VWvMhDy94hJuToMZFmLqOalNdGeqQNNZSg94+zqjKgokN5+Xrkr6M5aBplbl0DGBZ9MHrpo8dQLHWBGW6zAU0enDUvBa6gGPw0C21OQo3Wk1dH0efP5tnjjHnNW5fRV3330GQNPPRvTGifXSoiOYOQqyfqMTj53cEoOZSq2yvzopW5fed0Akhci4Vx7VN0mmW3ByPB4lC9csoRS+rjLqSfbYz+2LGIpemFgoqkCfYwtQdIPUpm53+VgqfricaNliqNIiN2kPoihcdKNA8zZUqpHueKU5lOg0k38tgG7L7m0MaGlto0j7GnAXJxtrQ3YwdBsdwhAt2Cv0T5gnNgdwKVlwCDNd4ea7p/B2DXUYGB7eI1hszLK38CmpoJa8ZsGeQgsgdSsJnDddR+6c9TasAp2ePSMxF8VyTJIwC4axQP/Exkf61yGtkvKdUjn/4tYqBjUqWYpQJQZW6Y6DjHVIAOSsgS6RbsH1SzpMa5jass4PhpDhGzzNgLyaAT+4sFarpj7by8sUUiO8cEDZOh9gq/i3FIrwqww8NO+y4btYi2agp3aGKS/3wJ3ekDkoMn721KMyGfk1I36bmhIPBdFZ2WBbAKGZbCrSL/JuuzAQGAkYJKqA6iWrAlovaFToGj/le5zTtspSUzhKAuP4PXDDL590x6NjkRedRhwHng/9WHeO/AXeyvJ6nv1iukgUIyfmKAUJtgywVbd0tFIjVoIMautxU1+ot/MgEsvEuPMZkh18SwToVEyfPKZkgCj7t+bVdAbdpUYP7WXpyH354jgmrfM8l7cJHp3fvLOu52JjCTTTSKHypQ9uUxfLOxbkyFDeHHrjMVlreJAn4EA7KVuES7vKWy9F2cdHfW42V+6Y83k/AjMEXDNO1FXw4oWPrwqw1rfXwpLLIuSeSIlin7xx35Ui6GsVFJeNRfhw1OuVJsSFU12WfZG4vfCRn97KUEmH8Q9itnMPFNdMR6ycCbWThHM4vGah0a1mpZWBEwP/eQi8tbWTaOSqxmWEEUgoQCjAi3OXND45q7KS43COSwJj4w0XMdDJKL/ndo2Q3Qqv9/bk5hbMfSvbamBwLhQJWWXMO+g7cfE65ZSjEZ9WgDKZcpIv/94pPDy6SQUWRQEa08yan5jAGJzRtSO3UwpCi3BHEdhqxhNt07+OIY4CxAYmWRpBfUuPfA4zpeCerzrB1b5vGOwANR22pYo8FnTOuZVUTwCZtNcghx6EtLus+4cVq9i4ihzMZsobbZJe1j/XcPM22JoEg/OXDCJPIanv0OVYKJu/ICd2xWQ+yp/WCMGopxWehPNqBueK91kBat8qAxaTLqaB7OsI1L99KVlEJU1npW6VXwFzWA5qqZjUs9IRqp0lqlpatw7LAusg9Dw3oSgmHnM/g4kjZ1y7f/V1065iv+TGYtX2q03iNzGv2m9bnr5Mwqgq2VJajTC/4/IBaWBlzWeyS0zC5Idp/YIJr17azxYp9EM+d0b2n3mNl8Hv0SWww30+RfzDUEIE32OBCyCo0qn+cBJfR0Wtui43nALFHm9bWRnUpBqcXW14an2lIcXI+INOQqJEjW51BH8Rd7sCcP2aMFqzVz+1D5odasUTaqUD6KU+RPGSf+JqqQY3Qp3Pk71f+R9bnyhTuLvuJJ/L1VJkAJZY28VvRvGlJH13PFNAB4k5469Gkn6dcs/xbJTwjUaqOc85XtHD9j84vv3gfKOrF4Ww5Io7JWdtuuMbxPNx7dqLw/WKn53RhGMfuxd4bRNVqAYp1NR9+ozlPnC1QRsCbwWvyfw3nyEdPRQMOqglBlcT0yzVaKfJZfB8zGNKV0smocP+2agwlwl3TWz+M01r6RxIP7FvTwAIlRn0AsHDfsHXa9pYOqTwa3CmX4ODY9OpKlPISwWhtw1G7pUAyCYqB/lZcg1IsFPQIeT4sg67tj4MJyYLCmlxLC9YRucoL1wCQXMMIhfwCBiO2NMujbBheRfVPotSs9ojr1sjiUYtTfSDmDSKPXrFKIEv9HQH9HwAgycWkjFOQRxJB6Gh7Y+5Gg7b1gng3A8tmldXWJ4tCCVVqGcPt6VbvldFHbyvxSMAvhuvVfNYEmHIyLa7rob5iIxyrEEh2PF09+IHgbcFKzBfelgeubDA3MXnKK7rulUJUw4G0DQoJenah8yVN62FtYA4UWZoVhNbL7r1NMWlPHUDCOy8kbqEN/fWMG+xxwZfexOxiXhPftj4gUUTlgSaKUtTiD7g0jLTQfnP3UTy4F4aksBTBe8bKCG8LhSLDcSAgcswdtoAd5Y/lLozpZUaTILHAktYeM/S2akJd0Gyio1IbtNQjqv+rfegeYX0eSSMlzIr1s6C2tPCDNVzJwRGiZPItFSqHFzWF4QZGHaqLoNmTP+2OQw8Qsyv/JIVjX/hE+gYI1aXhmpHZ83Vk3kvHH/xqDlwo1Z0Fy2lD6taPu2sKeAVzjxH3inKtjQUWNVg2AnvOY/KM68u4vorrVQGI5gieIATlfqnAMUqvlSKbeZoJm6EwMRC94jg/P6XH1erN8BxWc54Z6R7cxgpn4t/dxAxbOM75Zp7+AjnAtxbbRCkFUNBWe0q9Tk0zQNecTK7O4muTFlesWFQR/gOKDG9sFJ7XRlcUxtu4GH8txASmcihvu7zg2J/LTKF8d3/GtITcg5zATVfgZsPkDzzn7yQovWAeRaLJ3XU4HVSbC7s/R/9ZcGdVNlPbAPVY2FytcfV/cNbYPMMvvtKZ9Qm7b8JFV1dzKMZVGP5ddEL0Dfr9Gxtu8RkXIYpkI5oAlW0br1wKle308tmFzgnAs3c5G5aHvjH+a7z9wZNor7uWFkbbdz11tY0S2FNWbV3qHiNog0/LHR+7Cj71r5RnY3IbxjxNK1E2W4il8z0PTZYF3j+suuAK5yKwDJddin5vIgy5cE/QMMjWZ7h+Vtgzax2rzDpgggip6zTMf1BA6sZwF+I5p0v9B5RLjGMYLRKtlRisSKccKdAPYSE7ssvujvOD8Cnl1dFWzbrIdWy7WEBMMAJaQc2GZ3FX4IR68mVSBgH5rlJ0axt1fu3XksYHwW6iD3JBly409r9dKItFjkEzQY11tuWzNlG1spRSV8w2K6v32TtXL2vHFUe+NTnymDDAAeE6YCZdX+BbtkA1pWZrk3cGlCFEJDZlfisLDTNw55oafeMGaLKfbAsh4lf8mNQYEnRLR/qacaNwIQtoqfcRdzHYK7FWMgvFzlDR7/bDLNi6xvSwkAh4J/ac+LBE0XYIkAZoyaLjQiFKS3VoU/3gJTcpIwvt9yjrvhQPZShx2fJq+LP8VY2/A6nT8arKgcPRqJbeJpgwIxMfrUUWSmrsJk5NFyfpMJR79jKMmTescsJwXcF4o/PPx4ltmDsCHSpFpExSkaygfEifYcCpjXYW/h259UJSlg41Gl1QnOvuajunQk2tQLYDZ1fA7Wfa6OIdNuEoJ9Ei5ncznqCe+u1RdvPGNjObSDIxqiGWvNaXhFJ2dbREuvGrPMNBBKlQaEmVe101tiIaMq2fF0oY9B8SLgvTkv+yf8TZENmvUG97HcaZfwdfcLyM3RFK0PeNCmmE/46yKOXpGvSLKsD1UjpMQ/L5S8bCXvtSL5L37Iz7kVTVtvkLm3LHkSLwehDySUARe9cigMdA6k+A423xbzZm+NmNrqCgLqL8tcPb8ZFKKTivk39+BA0aVwU8rDYDlErNyo1P5L5nAtpY4FXIjz1On29RJSsRP7CqRKZxJyOABRVovyRTLu9VSWFlQ0vhC0yycvN13l5v9opNBHe4n/JmAR6S+bpuLpW1bGYMsjibXxS4UvygWMLPZgriC3oj4xQqT/G/DDkzewkWbc85VwbqDR2tQWOP2mgMvk10HA7J4BtxGjL31PiJntc2KmWTKNuPWKwIGD3RRE+66uAE3X23ZO5LtK+B71Km/Vkp61v0luuT//8CJrjJP34ok+iUtAUWXHCRPpdZprcF2QJXUSrUwasIo+WPp2ECB94UadAVibyxnrdKQaRRzTyZWlkfJnMtyy6z3Ac9fmeQDfBsE4Ud3rFp4Uv093EjWTgLndJ2rB0O0PPZms78bZZGtDm1ijFm4Xt6rDwB2xCqN7Zrlo+TCSzjpoLv/ytbJP2u6kGe57t/Nlg3Z1AwuM0xDu47XonJhAZ52+dnL+JaAe4/xDy9sjghiUYaUFfkuShQcvVpQ1YojI41v/eBplihE0l3Ro2ad9BtFfQAkhRlmzXXMe6x0tQZkrIry5iu81u+MLU4v4R9HGGa+Q8hQuNaXgn7pNo6wwHd6BiZyq9pOcY509eD/6bfahUVHMbJ047TV3OQOxbXrkjz8hYyzdqQj0ub92/LGTn3ZKvYPOQjoBM1JcDdcZMGaCwLgtlWqbNxs0D/zkJumiIbuMxIbeYThmAgIqRhdZQu0w6t5X8dvTZk1EsK+X3AxLLNNtCcHCezJFWVk8aaR24xIJ1PB49UTnR8FU0vqQS8NKIaoqMw8zXWMhj/InYQOTnjg2QNwckOmCUDFMRwrj1SkzjeIWSYSUX941pDKtimixGljjkJkxSiFNRpZ/Tit2QfDoC4LPgfAnGSZFrKSewBWb+aJunzV7ifPJDGOKeFyscQdjQV5QXwZLESN7MKrh2h1df+QILSOeiKPYvE3RPSby7lGnG0evJMEQZU5svWnZbcicQTcpaUCdvLMsdRWGZcWZNwDb4GHDnMG5qWyYroTvr4niIhV6zCgUHucQdVim6XO+b2O+4vgdiP2BNeSHqSwk18Y2B9PtRyIcIvbFaVQhKpTIrMFqn5axCjbvEANAHKzzQDQ5hA55tJ4ciKwJSiFCJXJfM4GGENcZpzJSlLaIf1GrwNFt0oHKNx7PU1xKoaiXK1W2anNnO8iNxdYle9e8nRfvn25mGQbK4xiQjrhcoiKrQDy2NN10VDxvjFp9zkl10cONdaBpfukfK8Y8AB2AnPXSExgeWs5iDUb4LsmZVVQKvXZdTZNPnsxMbDvnNaa277qnB3fqcl62tMDjhmL3c6AybY7lzIgFCUv6OSo4R4LNet/tpNrS7ZTZQAm3Bb4uCwCj8ditsIqrVWfKsaUbohZ/t/dMW5JQv/meunw4QmyeEtK+al0CSPH3Rs/RJ3lSZmkdHzg2u7UhvnNq9QI3zL7U6V+Z79s1VtWxxRk/Z0/SY69Xd09dE+EED8at8uU8RqVRTzh2L5e06AfDZW846rx28ZoSlFfrKhiHDGv3Dvwvt7AgYqkMgd5vKIESM0bCgnNzs9sEHz9QeJE4IPIkln+Rfy2Uzd+tbHNrtN469Z2fyy4Q5Mun6Ks9wMnUYArROD8YTefCoJYjgrEtInG22Sv7lm2UWrYauvKBuhVib1/i6Od48ahOu45jOBxyvCWATaD8tpj6nPTwxoHNldOTbypa4o5+r39Q7bJy26cz792zYq4ps40nyY9qRqdI6kSkmMznSaDLvE+Tj8pJZAducKiSuYlK6rAv46/Ipwy3+2PCyAHNfTEA7kDLJSTLHHfUC/a6JsQll7HZH6iHlAo64ff+I1qxBIaCd08WIAJocwrUnnWVYr8Su6flnzjnBaTodtKVuH7VCjd6EzQ1ol9g5bbq9dXVP6MhtTUcMf6RcAKuZ84T9AxmzHewyEvBm7e1F4wEgC04FunY3Xe5wfBJMpsnx5ICHgokEYl8E71GMomMwUykFjBlTRcL5ynq2bTtfJafUfPpfpPRYC5f82W2E+d7LSWHlDKouJBwiuojbnnCzjlcdA7OvZzwbkJil9OkUUB2cNYJxtULUHzEWcVLipumLGvBiK0UFO+e25INOXCVVBLiGz4Dpkf6nv3qVL7VMg5SULJ8ldc7jzcpcWaFRYrIho9czojkV5KEPpDG2LNow7dYw3T4AwdqIkI7KJFzT0jrWfR8gnKOZaMqQvAmyxnekhwPQMXacA2atLck6zPwFlzAwQSvQxyH8mKCmnnnzPBmm9kHo6mXAAqEqO70MUW0+JQ3MtnJeOJBMyTD3ZsNrmGaOMVlhsOQNh97eHcor5LqjAltR6L1Io/mgz9vS1FTkX4PMALzq8nqmrzkz0drxrAZyHsUejWPFiBAM0E1g3Te5Scawy1JEfTpKFe6YsU4fOKktatPgwXa+U5aOPfJZBcKpIhM2e8xBo7UEf3uczfR8zaLzRgYL+cdSCFxM8+vWZojsqeR6DwY9ve9YpjePow9V0PEdenCl5xaOjQtR1HjaNadWQndj+oU6t1oR4P3pDIOxhpWWd3fJRWeteHHLejquBjHFY83QgbJ2+UjUuixLs3dH5mHwdnJ16zF4450JCQ0F/PAlIe7COV5bjjVUq6+gUPuZ7mlu8vcMqFYtirupzf5Zg7S8qH5xcb1ND0HnblUdaJwQlbk0NBBpdl8jtmWtXNntz1bJI/xjKhrsr+U9yxR20HEybFU0R+tp2nc2B9I1CA22polzIolQYqKMloCGkJrGqmuvkTTCxl1sjOKCvuHn20jnhmL9mVaAXZqxzBrIVmBdsia2tiuX9hJCpHOlcEPTe56fPfw81WF1NODApamS85zmpRJrhIgIEQgKn4Xb17elU/cJO5RKc2bICtQ8ejbANZcxghSZHJTta/Dv3s8tjzsdk4Lf8LMJFcYUTC/BbCs/+erduMiND+R7ByZoC0/GC98Qm7FWKpS8n59i0znSzelgH4APc+NFxaWaewQpt1y70Rud14YYOpqC0zLtyEIO7phI01Y/9Ev3zhAyq1XNCE9hXkch9t+TZoCjCpcl6gOTbahXjzawmab0xqSKEtlHPIuEkGkfiy+O/7+wGrU47c3Wfnf2MsBZfSwlJBT/Cg8jRtV28ViB++BHB22MRNhUQqzxE7YBNDg+r2rfwFj+jozrIEwrc57Yu76mhENHkSq5IjEIpvNfECDhud1flqCLng9NF7q6vrbrjZoSNtyLZFvDIMPRl1wfCHBPp99475bGNHwqp/IeYpOUEdrxJK0qWMFgdVHESORVB6BdEGLCSF4HLYZYlHmzVNH2e3RCnGomakhgVI+hFQuzBREcMyNPPk3irt5nYA4/hrC/HW6dGDCf34pRPK7W784a3Asx3MKIyyhiSTCh/BqF0ZIijTJ4zod1v7z3C8CTu5NmVDD1xquBKDQDNo1Oe/11ApgUpM8pbSdARJlt6qxKrV2UyI2+nPX3r2i5s4pzsH0sdOQ00vdr53Q/PBS65WPpBlaXY6to7/GihXniuoKvOQFTtSiT5XA6IZMwhanWe4Nx3ejrtIelMdSgJ/HyvNfFlkOBnFSA36oriIQHsLjXtlOItBGoDoSNySEtk9hbc1RrcMvj1tEQ7G9YJQo0PID+Bk805OI30bs59zlJk5Cys71mAZzDbMmvwlSES8w74j4NXzKhvQ2Kwd+fCuy+MHmFnNF+Q/QjA0eT5GAnbpgAmVrzN+kE10cIk/cRwRSRQtVPve7vHXD6U1QgKpHowbysBAKq95/84IpF6IojWkACMi5YpIgnV4wN6ICwFV+/u671AkcJZxGpcaKLa2u5+Ma+x5wkXTDIoazllr2s8lvpKdu8a+9NOAV5tjhzuIm+h+5mIWu29anvg7/K4KfBT6zd9pwc6hyusC33o1+tL4SV5aTN/MBdmNbwvPoIpWoPANJs6Vmrl9EaA5afHBimJ36/Hi3dAO3i4gOVHB0w7HKnGLWgXf1o9VuxjNn09cEXqqyCIxJOJT9APSe4/tOF6UmmM7GNL2nVYlWAYHknKPmLCQTf49js3kGYgpY8CpqU5A2dVrJUntIVBtrKVpuPNZTAlD9+HJ/YXhdZPV1LBCWiKPqqlvwmiFfHxZtHOBuDWovcSkpzH1DHR45mC8s/uBY7UzhJvAeqpSIdDbn7YNSLEsIalel2jH31MCutrcKrbSRQ7ZgSyy2OJMHEUl83BdoYn6UQQdnRuhdv1U1dnQcHNUuiJ0GyJlvpiqZNvGPvx3fQFtEJjBDjQZry46IL0C9pBQ1XF40S6vDhjEUgonWqgqDnaLjpPB6qm3chI65I5I7bXaKM2p2i0N9RRq8hHHOcLsiNZV662N+qBn//yQK2n2AInvI6APFLegZuBvrC4U9cva+hU2epTu+vVr2N5WHryBBK2L+dwRZU/InEs5LbdJGCWeSZReAZOGkyCOVu3U3LuZseD+sdv3jFtVCBmIDeuMzd2cBOokVg0cZNWc8zxu4tjXzEnO5TsV4jgRHEkDWB8yqE/XpVgiYGb03QlKH712Zxb+pRMEuuQdyjaMuPDxU2u2cPZB+Fejt6ROLdvOB0O3LrJZ5/7vedvhx+BHSAj7E9gPY3asFzB1BvhcL+oHvsARidqH+LkAl2wbg03mkBn3R8ukuLsfItCi3bLcO4KDf0Psd6CfJM6NlAC6nY6DIa3uow0gJfX/y3vANlYi0QCMtAYwbiHz4zZ0Y4JIk9nH+R1jRwQ419bz28AWGsqDWT3qheV+KFutdeOW8orYc+jWbUmj0wdOHAuSPNGXQVGmIbKybz7dCW3YBvo3nItX7IIheB+nwTkTxRE/ChAuV2Zum9kTBi6X7VOXLT/Gw/hbQnDcC2TJmtH1N+OoeYr91k/AlnHJjoMuY8pAgyS9PyMkBlK+OUvj4VvBOcL921QwSO/P+2aDDT69JO10aNEeNHL7B1w2UHrpQWYNsgLRX9Q6iw3uEDlQUb28bGuVOlVAz9dOJumbrgnAQ87yuaaHSEqnraEKxgWnWqjHWOLzCadSVM9ZIc2Pc5EiUZhnwSBZFvzrEIXpxvqDivYJuAEfx+qJIZa0yQORb+CmJHpk9+2Zoezxf8ytu4TkPwel/w2m1J7Nzw+lWjdd6MHxnAoZEf2XTw9unG319jS82hI3ezEUuOnm6ThlNLuaB/oFh6WCdkUuCN+3ui84rqCdNcZrhqtU1Ocrp0A4EYzz+ZawPiPSv8mDbJZ/AQNwU9qnm/Vvo/8a5ok5Pi7EwitkzTmHA/Nec/EM3wufTFtPx6JZN1lA/EGQBw+1VWvjPOtwPzSwE86LOg7h9qb8nDElf29SdCcOtidCtO8Rra9Nunch2A6QpBfXpkfwvWIrXf2CgUGFuDR8VwudDux8WXoEr8O3W4IeyVNl2RqK2WgYHfVPF/vC/iE5A0zDmmq/YZW2akkNYEPfwaCd/BeJKW9uvjgDPEtOppJuhiBH3fEQSSCJGjmkV1mSDAqRveDMF7ENLwnuAhm4F1n3iQJaaZrKAQboNUp5wy1AsZjHDw+WB0Md2FhyFnOnYcAPbKaDs/2CGJ4clYALWy2AoVQt39WsBJnqI3gdnP2rMnA5Lhx1pRFdNTBVFVIAd9nu3WAGqft9xyo6HYhYNqvyWUailnSLOAHmRAlliLeoq1XeTSXKJWCLcw3tbgZzn6iRssHP+IgR2/zBaEw6N9vn/i1K2rXNvaNPJG7W5rFyGB3LdSzqyvh4HfErL3VC4MgLg7Hel2Fm7UAWCm9K0a7ff8sdWLeI6t/3Bao++FDcUC+BBOdtxhMUAC0mF90KyJhTaqy7bMcbDoQ2s0J6XjI5F5V2mcMbMuIfnYAXr2iBsb+/Nrf2DYWwn4WKcBoEXz1V334lLAQI92AZumJnW0jibCuRxmH+pnD3EsCRP98BilP2WwS0xPT8a8Hs7caXY4oCo7KhewDP45YUtg039TuXFgGlGH0Sv3xAa3fDXwHZ7Q5IO0DsimE9hc2bXbX7g51FiwLxeCIB1znQ+g0KHuhCms17vorW0Fd//+EZNWgUyWUAp3gftRVtsBqS3lOID/zp4Y90dlM1I4Q3wQCMZnGe9LJhhHlIcr7mSn4wCTjYkGIHNcjnaZjaL2Bhd2tRWT0pXcFqGaHAoCNEGKq9H6x3o0p5SQ85h7w6ieday7to8R+x6BO/Gb/TC60RAsIL6Y+O1Qh1fiXVvDs1Xiy7Jm39Lpe/3knX9VoweGXJ5yRWs1qD1HHPXsa+2jL1rSM+JOG4gb6VCsoJItryqWBgu9y6DHdovx4l6VoiC/2SWiLUhsWiwWskWE/eTT28wRq302GgVc4Qm5iOHqXJCsyUrWqLRGCjuhzMkuMXY/naAw5CVlM0CFCCh4OGx2PmbU/9Nykygon5DsMjU+O1Z8In7c7vnioLI7DNVcViht8bVU9DlgGovWeic1VdOZb/VJB3Gp2p03awQzf4qyDSbQxIIgA4s06f0pmxM0fiSS2BozbofyJzODzsYVMYfVIa7HdP8TDKB4b4a5isQ3KOAuA8eTGBxAj1d1bOocoIqc/xKOTpisV8C3SxlpuagZ0B7301wUglKXfMQ+2SdGGk1EYn23f1olzxYRLufIxNv8MnFH//yCts5V6xq/zv18rdOOv/LUkLmNj1VFmHx0g587xKVJ1CbXMkQL/aGaMQwdayEqvM8Yv0DQ3081MNTLNQZJOIvk1bnafoDEoG5LJCL5Rpugpbj2y3+AahsX0GddKo8PI4RRTW9ooisfNVpSufkrw0Wf86D7Bi9m1MGqiN1gFWr2ABPLUahyUSXNM5scebTZcfx4Bdp1RwS4TSW6t6POQGzU4ELO224iw464OoDTsgbZ2o0wZ3giCL5wyBhjI9hRJoudJx0xVW6MmXAvj5v2QXp0ps70aLjTdwWGYD46xc/33fHnrbot4B4ryjhsQaSvqds02zIoje5Wkl51X4/F3rrkWeul63iNKzD6lXSvPdQ0SggYUIh3PPVeyNIWl0ksM/MfwXVtZyVctgGhRHqZ9rMAsDXimRr3HJsN5mhTgFFz8YZ61yiTnrURFA4EWSrUk6vd9439t6nHoE0dY/n5M3TcN4WiVTHudTA6cJmhSZgxHXUnkKaKQgYHEnesL4rQLFeZ4G7T4W2gYw0GMzLPt9H+G+XkePIeYa97Ebhp2ibM8RuXFGoNEirkAMZL/bNqAhaD651uSpWiG4XiqCV46F2htg5Uj03yHOO/ljgi/GYDTz/07N5iUnlU9mZdweUhgrcKcIhHgBQYmk6K5nd2qQFyV9ocJU936b0hSw+83ilQwGikEWyVaUUMUMSewNU3eSLxJ43oG6v+C1lvprg8t3w2mWBCOfMIxM0oCVFgMeihbIfGh9R4JKz38MeusqPp7bbYW8x1CGnkhFKHk0c42CZwRTM9iao8Mj6MQVKgXhrYNzd4joNAAaMHsYFKyfz9yhaa3o1rZt5NIutUizx3STVB02gyXkxrUmpoOC3oJD01VcbRoj8JoSHYa3Cf6Tgvv9u5mleiOZ3m+ZS3ksr9BcB3AJ5hreqbDOiKvxQwZW94s/5JPZVt8gVHwJhKhstc0OO62Snr6RvHpY9fti+2pP2JOt0dOnLR/vIprAGlyC6F3VZCjFbYwdYYS6DrB4P4qwZo4d2SbMRnoQHjTwzdzFaFwtH+STV8XBkuAhUi5HcOOkK7qdoE7Kw5SS63ORggsO+JwmCdIm0lJsSKD3jTHuBi4IlBD/Yv/E6+ASj0+Yw0iWqfWXqE7jep1K98ZUCWVfKNqnpZ2AU2B8I0mCEcq2c5aDGz25IPMY+j+/UmgMqht/72y4W8Qg+y9tggG32AzPTflqtQz1CRFCY2pSktfrJLWir2HZK60pOHOWQ4hiAYP5dN6VhXw8Vj3jaGflctY59pHQqhsb/eOGnS3Loxyq9a5OoqCcdcc7jmIIvgP3Isq/UsXDjDkXAVYRATaPwboXyUW6QCgguz+tKh6G9elIXWt/RWgo/YwT1YMLTP+TDBX311itMYMx1Si7aQINryoMQQ/Bgxr9ZmxjcwFXM7E4VLnx63F6MkALaiaIedq2yxkQ01KrfCdNGLon/IBZgi7tVZVVz1g9JJDUcuQm5Ypaol10nejl5rIDY5DDZYisqrbs+957reqeZzpkgJc+eNNkoepgP9M/EZvsk+sVO0kZ5Wls+GNjbQPFBTKMU+4wsO4+jnops6k6eSPrelVhqTlyKuRqftUsFrbJ5BtOTHwPXTr3xtEyk4PbPDOIOLLyAGzQHs61cTP3LGn+rRBpuLh76TvjbNxAfr6EhKGwwExmP1cAnWe1gzT7RI9Yk1dOY3+AM28w0Go1gFxDhDShvySx+FVKn4YVIlyE/TmZtfyTrhgnE8oo5zfu26OCZ7Z57DmW6xZGxSZ1XoiGhSCcHMrlWHfqoSyy7cvh7pK2J9+s+2AsDUMGvOBqJUXHB6WoOVqelVBYC1AdYx0r3XP2zfFwc04zJB6w26VodRpAik8TtgWTOrz3WSJDyQR5cLB6J8L/suMdbszNlnV4uqi6nXYx7hlcMpHyHsqdGFYyok50Cvq9u+rWRIrtJOrbqGT93tBTtyQSeITvv/UHREa4zr9VdJoQ/9/VePGE/+Va0d5p3gFkTUBy7mHs77smd4OEQUU5i+ohIVIf8u7dyaSfKWohR0O2sjpCdb1sExRWRLgJNOrQ4Qt9xEYeaoIOfWrnESf98t0dXgUnwVAJAgx/DnHiGZ6F9Y970rDwarwMp2ZHxaleZo9rL/adx8aKEN5wtY2548NcgG+tEzsiSNPyhD3c4YHdnUfHeM72Z1FxXSCdTPf7VRwVZsyKKyZr1Lo/6BQ2hiF35iFPrti/LC3um6r4EHfAVOUnevLqYoq+gzylxaZjhM3ylrsn/q8BwnsTcuuRnbmTseHbtAATDCSHAkgqm01uUzeajnKDkfB3DaEm3M8IB+7cCXpQFW1ZDGgxIrSKZiIYE0m4T1jczVfU0VEuOisrYHPWtp2h9oKtAoDef29skgw5eNMqzw58pkjUcRutEUvOEqBCjv9WFV+awZrjeODTn0OEO5z603II+XvVm08YebHCA8l+EYjT+A2TwZHvK3O2ReRG5ldAks7/j0iE+mCZWUXBA2yZubstkCD8gLyffv+inO3qsMRPMkqt8yqzrTwaud7AQHUJoC0XsmZjbypwP0E2SPGja7B7eeNWkqhepB3UlP3KivjdD2dYAH8G/RJxXs4qApTzzW1Ofx1a7ztlOwGW62+xf3pZnv7j4MwjhCJvzwFRY5M+dUiQKAoiynnYu7hdt4pKNNZCahWW9ZjvKmK5SuySHiA9zeRJH4685eerBkfARO2KT3x+cH+NbLy6BZB5+q1xYJG+zJvYR85uiUck/cqoE4/cCKuuEzxCKrBG8awJeqT/e6aTLzmP9JQGF4L683pAeTqnc6hINW47kpUIi9c4vGd6un9kxEcfJJ7NfcMr79q9vgaZ62c5zttQx7H7poQpPj/nb4suknnKkhAY8wo+Lpv05qepCcnfgWSbqaMPrXcpbs0MiYngk/n/3bcZm7Hr07fnJ7Ozz0z6Fk8MaSAJHoQR9sk9hXA5FwkWXDMvMQxUebnGo5zYc0Sxqb4M/0qnaktqcWkblbEtMhFcVtHXxkfa9APm896ZJRfcXDD89BI+ttwnoxag/+E3M9JSRlZmcz1V85M2ywe4JJKlOClQ8gjDaBl88P01L+BwGMd+PP+6JW4ooevbytRhUIAAROujBSn8UrJ6q+VuU8VMviBK0PQHMibFEEiwRGpBmoLqbIb9avPutmRbS6UFyfHLyX2QSO9pP0K4fUorvuQTi4IEktWeR1YQw93SVOqRmvHrqovsyBimgZQy0/aibhO1XSJPDVmrPXGWQx6Ulp3t1QNPN2HRYQbLHNybYKETe9xM8lhNjJk83BlNz1k0hVf1YK1hKg3tVMEVxicPVgt8K58jN5QVU0LdTp1tS6RD8qLjqRdGdITRY7NX2A05HsdwNbH/plgLUVIFXYIsd0oJ/nsjQM7Civa4rqJ+x5hVxU6xEeM9FrPrn8CAYpp27Wg2CtfpZrusL6xRssaTKldxMJrsVkHPJ+RFPEoTYAeV3XUGkl8ZfZBqWdRM5HI1uUt9wArE15+RrjAFKXf/tUzSXtwl4FmCMXFL3Ji4dkLamBkkmIPW/ncWb+OyJpQANq/1YuDGiQcC+xbf617dd3oEeVBYcVgO87sByeup5EF9OwhekcENVurBK8HkBcJ+GZVf/PqyJ6b3sTyWtQpbbSmWtzMxAzPaSCm3IZrqwBUDB7rIjGNJWtHThO6Y/yhQWr7xKPKCKDLU+VjrWPrQoB/WJ18aRZN667BdU/ySR0dJq3yeU+EEyM05xHNIXUvGv6XXJixg81BIeDGSj7piOhtmGD9n27KDnJVQjBum02h77Mm0R1q9D2uJvm2t827zZMcCPN/0sA1UJzlPQdz73c/JYExGO7rJd+yOKSmIo/keusRuLm46hx0HXxp1zttAn7N/8S7gmU8mBoAKHfHVvyRfBkz858LbYRaHxY9VoNOdsMg3cJUTSFjMKSAvrLtADz2Qq9JnW4yOFGh40Xa8V9eK8tTUR2JyVbCBQuZHA4Gcq9FPaHcQd6LS4+OvMrf7SqhHrVokOFUuv68ezyRQ+HqWPUgpbcKZxaURbs26ObYPnaiXCGFbY1F25u/VstDcydUXxdS4yBZH6jyy1v0TyqPijQjlEB1OgahYQZh++bgyjyfSeIH8+t/PvQz9mNPSaz3JXdJS5EIOBTq8SeBr9SKCM/zz/x6MeQErY2uIiockH8LqXNYnabFzVBku3uoPlqLTSfHoESff2r1rkCNyI80Bash5cnzPoTJ55bxc7+iIgJRui8BfueQayxTH2KtZTlMLerdPk1K+KmrtI2iW//jeaa3BDVNKe8XC9HlXwFDHruyhZ9TrMtoQ0TfI+1FR3jV2fOEucG/WjFSWFTFxbui8gu1WrBiXXNf3dwXnTqgU2fFwR8dvdEHkZmJ+ewWREa8Sbf45EClJf1D2tR4M3ICX72BSTu6/C6sXBZiZLdCJHo1Z46pZC4ySQj/7YsDfsyzwuv4RLkHKv8sZuVCS2yDei5nTInttw7s7cmbSt0KIcdfrLBbfjqnxokqjPJsrqBD28Ka7SJ9rV0ZAsZYIt3v56P74MHtTmdn6SwTgP1kOL3v/sEY28pko4Q6ZUX1YPbQSe3XcWsMwOiX0jMZhyEuWL+GPv05X9ApnLdP/mzzAyynVWh/vfNWNfMpHD6H1WbftPxXBPdt06F2kf6yBDMDaS7dVz4egP3QakbsE9ED+uxPPezs7yD7iyDQi/Wd5dBVapT52qzITB3IlHbEU84Fdn9U0VCSaWIv1FPykWrYa5EJzGka1XAtOgfCLntqjFTYvCItFTHVwYO7sMCws+kkIY4+dl8IalMrXvhCxPEzgJQgekSQqBsCt8DyrIBZP8Q7tV0wyd+je8XLktuFmSqu7/0+TUBlZ8AKk+5+q2AA/SdOYvFAHNNZynaCw1yLT1mok/2AcTeWnAXGOmRxbWZ4kMaB9aaE9yiA8kSV1nUfTIWn8EaoLxr2D8axnlVuj+EawTtTjE/mX1lcJaVCkqffVOp6Avb+uQH2wTGT2LUV/v+r/+PBvjMwrh6YrxKRWUv1hQyHQOWp4eVwwVH+7KtJbg8zL0rdjT7LSEsqNhm4WJnm3Ae/Nz8DDiyVjlbLB41AxKUJpnrR7cpbLYr79L6MLI6uPvxpfSjRKJvOpfJrB+I3NS7+ovrAs82KE03d5DVuakgv0nJLih+R3k0/zTgTItUt2Jjoyq7AN95d573hJChiiFQKPU/vVWZuBz6UAO++knglXh0N7Nur1thQSMRtt+kClxn6EJYbfysG5bPvByhI+EFkPJRX+7oDrykvXEsoKQbRdtZ9Ru7/3fzAIyRkmyWU9gROdJmBjTlctqwjuI7hs3tMNScnMpfGCnh9hzslvdLJhKWZvNEhQf0mFKTSrtBAPvdcNTZ1m2d6l1V9VGDTJFK3qOuv4Bad3A3UQHurIbFDNYMq2noWukp0Y+NVGeuJBHHM8f43iadZSilg+3dAGlLQH9yRszuVhmSbrzk9o+p3+xhho+W84Qx4k5sI21Web0CztxNJSSc9Ix7V9ekQ1BLSpZrMGoqyD3KMrsyiBWYxBngnTrf0Ol0P0Dtta/QDMa+qgMHMFhTHv3MAXf3njpHkkFDpo+y98Y/Ku9ndcBV9tbHYnhqHnDs23XksN90VjL13T8SD7yxYvpJrmbcW9rketzQdqAYORALk6oPGJ7ucIgvIqPzQuiE+PxZboGtQlPPixYT6gIDaKjWbj3v/RcjnhFilJNFWxk2te5QplGqDNyeDWD457GJoegdiufUW3w25so+aRwXxsYdXFjKgtdHYc2l5Y0Ww4rMEuWEVKalUvInlDlgyAoymIxp7Q9AkIEF8JYbXq7k3wg6CYs+Ahg/pcuG6O1r8ZCoVbTxnq2AjSKnsyJzTvw81TXJ6YZE6LrXsHGB3jEklGBCtx69X3vP9xoKn7gx95N0+O9PbYC2+Oc309LRR4ymf3I1bVB8NHxYBgLZQyNiKuEli0WDRf3V8G9jlCikTtljwTsnS3ge/85lh0xJBW4qIdPjlIMfec4F0yv2Yyiwl+ThXtZQlwf1XBDaKvXXXnulUAJSH6BE2OW48ZJV19PNYZsk6i3bpBPkb0vMlU6O01GwKET89qQ5Tipq+nqMA7yWJGEy3aAqiy0hyg2lV7H8UKIpcDdwuXcdXx5N1Lqccd1MulhPdhwUqAYWzKAd2KFP6Qq8/8gG7n+k2wNCLQoCANBs27Zt2+5m27Zt27Zt42fb9bJtzCJmIQca9tpt4UNLv88LLW7Rmi4nHGkvW062Ne+Eeynccr4cQ5vh6z8DNncjvijOtQ6VD79l7IxCWhPY3hTfzRxy1o98jRr5AjV10YNAjZ0VQlycx7Ni29O8leACAaS5waqL+GU0fihFppjkwayA3W/DaQFhGrd4JsSKTFlJXCBrnIYerIXy5kERhJAjhOhU4nm6H2UxVDhdEhD0Mn2IR806vFLi6+pn5tjxbw1404w8AYkUJTC5uO8Tomzm9RGnwMbuCpssWFj2gibP/bbBKkJrADs3JzMGg3nl0gbi875AWhow6EuhYHb4AOcJkKGGxLzsuQSBccTUnVKxUlwrroLtEjj3jrsJU9BQhVop3GZxVgg/JPqikgAFpBkR1aGdf3Rifcgkj+ua5mjAmNS0dd92Q1wf5Guk0FmsalBvehty+9DuhAHK8djAKJt7mm4ubLPmwe/v0oJdWfZdraBaFEZUYa57jdjLgj7XinToC/WZR5rcX4NN3PXAQsWjaxNdwvhX32nKeftwSBTYRC1MuZ42SjYGMiqon+zIANr7HWvId+LIjWFpFBUoi+wXneChuiRm37uJmlaaYs6ymApjM1jpeKvg8qslatkaXhsJTHCa0o4cNli1xxz6bsaf5BCKtkfv/cUySEf2eRX2eKXbyc1l5/D1nIExrzvgZ2CmYxJ6finIvxLBMg8gA7WRspGUU/ViQBjh8DVqW4eT/4fQyFj+kZuzEVwJT4XX5f+sXjwQhvaixEQLqfXzQY3f86SpVYFasEm4h35mhFF1tHqTYJYZYF3Iud6QhrmvgSVCPAT61+KXLU1XIaUhwnstv6GE5VB64M/e650cVMU68ezSojKOPQYYJb2M8oo2K53k2HCvBwE2U1k3JaJwMQwf2wVb2e6hQqCTdDktTeQ5L2ivwhSiIP1HHamLa8TkXzaqbaeMb6PF04J5aDVz7L62yLMKxeDR5z46XHn+cKRR+b3QhMtkoqvvyXgz/5EDmxYcj2olcNDgMvamJhsZ9pHajtryq176loHwpxOLU02MEFJm7P18QBL0Ag7X+FjXx138ECOqG4mXa8HuO0mbkoX4lHgEu6U2ikr5G6T9trcCkTx2BMFHnuMjW73p3lUBpZDsDDW+6CzYY2VAS9y5ofrJqff3SSVfpVaHIDYwnDSBbuhdOz+whZWiUiU1QZimgnaOnrWj9qEqD6ZIYBWuhQqpweRmHzgct/kDozWt65oWQp9aB0QNvprl9+LYwP6bIVPIsdw5zRgU1rIRFfJYJw1Ip5bqI4NUTxtcBUGzUJp4DtHEAHSd4J32MZrh/dkbyeKbsc+PFI8tbalCNuL1CUqZAUiH1ZW4MSYuFUVE4Y0tc6nApiB4ZFre0zVyp871qJ2JY3B4N0Lb/8XWJs93EqPiKXDICCkiZnTa6TCxDzWm56fxV3DIYsVYdcwKVW2e+TwO7ECRIaVUjYcpkx4xipuWwx2sH9K/j75MfXaD2rwvwHMNtHsQRb0Q8bEfr/1jrNr010nykTk3wj7njQahsQvy+csCM4XiRs/hpclVZwR/msklzYUPJs0Vad2+njbvjnFGnpmDMva81KYY0q+d25pnS4GDfGDh/Gw/QPBxd8ZxWVNAXd3+dA/w3wZ4PjUzwOZo+S4G0YPytY0OweIiQKFy7t05DEYtHd6ibdHD9UidunZsr4jkk1zdk/N3P9+Zdzqm1eq5HfICk/fKAhZhjbYc7az4PHg9O5QkY0K1x4p8g0ciFe3g1ZV78e4DgFlp/Rjfwu8KHmdxUXxBaRiB0SzLUwWQuDdDrVlzavLd7otrMFvJwG9ye8lZTEeLhbkau3zS7Dy8EwCSt940HStA2ZW2EnSNITWxKgbf34zV1ENw8zYKeS0xpO3f+8TDXZoqsNdQz8/n3Cjx9BzJnCrRD6lYkwB9JUeDpTSu2reAXQlXzdAFPsCWs8SbRewFtQMlWATwRvnSq3Bupkioe2qErlbjrzbEZ7raAEFemjbIa6inCuW5uTR2YpnxBMgNLpJNm8gCPXWKGpEFGAxs1mfku9zgbdoOcLm9hgOgYhDkY7x3Qt9Mg2CLMbRfpNei2zwDs3El9rsyuPqD3BBmTIdQAXSFEm9h7Q6uihFZ5r+lEjlMagSD+AL+5j5ktkdYN07XJQPvXRc+KeRpX6t+2bzgvrzMczKXTCCF8xjvSjrrokiDJEEwr52nd4mUqGtVekX6z9T/2mSpQ8e4rrugT0/GHcxiRG/DzhGvjXCY5kAjDSNdh9X384tXrgRHy3wJQaDWi+FUwhNOZC9j8cKUeZW4sUsE3OyFVLPOyOn1BVWRJAf+CYp2j3d6mqlTshf4xwnwz16yv4JufKEP9pkMxvIcL/3GtovK1DM42RlQ9707iv+RdPnSWG7AcQeObL0XB6w2aaC98T91Aro5GJJY+gh4c9uv75oSKB4bNYEFhCObq2BZETcGcQHCtur8Ak4AGcf06OcpggC5bM8doyzAsuHXPBpzA7emjO2MmSLK0qJNhwiaGFtZXZWvkr8yJ37oLS3eIjuH+YQkBvBJfCqCiH2gxpywbnBN2xyTBBHd37Z+uQD8vYtDp1aMb4VUsOV81kjhxCiVUOrEdNt9DB9rIq5u+k8/NglMfsmpHV55t/QWPxcD7NeqAkCpMij2eXqO5totajK/J0RDMM8L08ixoRVGwCs6sivhy1YjdrEG0NbxjMbQvCGjhQtUkJF0VOU3eZ5cwVzIzt3cvO5drPBOUnfJdSD7nqZI968Althudp5lwjE3bTfOFW/TpET+MBSTWWAE3aEmJTG+jslt1v69tjD/bgSqE5nCQyfEyfXsN/k2HkJ0Weuw4dJcnXiGjfJssy1J6dvHfjvpemBos6dXR5LJScbx44f281Zk+5IsU7iMeLwoUl9w+YtYBQjpZLou3lmEfpwkFxh9w2cb7GZWqCzm6He9qiD46cuSUq7QvQQ0/Vi+z82iHMBxti9vMyT8IEl0CcJYoPO1fvEA5h8UqCZvekF6Ob8j4FMz3UaVNKA9DYRduQibGvEpOUryzgN0p5qfJNZX4L0KqYGhXJE9ppAJwJU6RKVqbPP0OhVw2FwT/HU2fFsM+rR7AMJyCT8aS2US1x3odvDxS4aS08gRpCXp1oW5JQgbLbhI/HlrFTyTlT+MJLcQdCTBNMPeBL6J0qzXNzmbXOHYiecCEhJ5ySUFdWR13TYv7w6Pq4YMXckd1kD0q/1iXUWXWMU2wDJ58DX/ysf87yfuECqvKgvvGdmBvOxA8SEE9R7r8Yal6ahLkoSimRo6lUWRykNeq1KYlf3nVqYPWxV1Qtj8oMYvRHCF6F+XcWgxYuivHNakzIwErTlJ9xDjjH3T9nO0Ej1UD9/QlmisRuARCpwSylCVc3R1e69eYow9Tcj2NvgP9oo3FXGEC8KRkdpA9o6YPsRN7V+aO5yOPQuJeelyiCBZYpc5c6hvCKUX1wtQtE0ATluKIgGDUI++XVTK6FeyssA6WmhgMgLO5mJp7gKf7XHEOr8L4jDhGgpkYwB0duxLfC/AL2j/mWFfql+KpeUrJGe2vBlZtAR5Ql6NRlhxmQxGXanZPGYkujs/IZO4adb22aEca/9MDe7Gnm3AJptXe9q6L9DqKBD1aBKLxyR8ThPa7X3+hHz1xu7KNfRc4WNxBU5+j6isrqCFZvcF2S7x2giA8E9zlBopjf6aaiC3XomHtp0c8dX+FH0DDK9ewQ3Z8Lf+7Yl3l/CyrobURjOpll7D8RXK8TW5XWvBInJUz08mWi1pG7K5oGXY21d9JDiFJIwHU/9umeny5b52ZJw2GooKI6+7b0DHedXhbkZvLEHAuZWzK9iOOBhmsftQoTeZUVRxvg6cqLY4d+CxB7I39Ml+kvw/PZukEe1DHK3iDkqyohgVYZLhLiBhJaibxZwczvj1tmMzl/x6DlkZzh6MCmyjhuGyKc/lJZwv55qs6vXNE9IbDdhvOuEei9Bs9jp5CjxiUjFoZHGX/EKCX7C2lPylg8OZTAyO0FmbAAO5QJfSemCTD5KnJ26blgYTud2xC30aCRe7nP5bV1cO2Y/DJWdFOFEVuvlP8Eo/yJiLj9c3sAAzjBwLvRSKzNol+AEbe/VY3ozvBxmPvDDK1Mss+dwNmGoasgzis9tD82U4PIYkzEiRhrCKO+IchIMob2WLdS4a/lO2TiWwkGJ8xtx2x7fwlOHT/zJCbUIl1EXOL7gSyebaBQlR9pUB6+fgIgn5SrnScplEoT9y63006crhUpYRpM5maR9U3t2vTtUPcU5Ic+MesL+/P0cd+p6WZBZB1Coy0mcLO31D2RUX1OeaIr6ksZ+tzPd8MT/hdzJk66Y1PBwHpUqaEKytgsdkYPeP09UGNJ3vLsJaOBI1qPa3sasC0e0iQW1Ty6T3ggt23kXmV/tJYa1xCI2nuAu9Rp3+m8P3PGe4AUZFmoHG8P8dYkkjq20JUJQIDTLFgVDg0Osh/NyiwnRW0KDk/GLYwkt+7hUjPsNilBq6m30mx4QRNqYXbKMoCPnYU0q5FFhlE+jpfPxnH5aWWUSuEbzQk2sBP3VWfVD9pXupgWBUcpLC3yXvunN/piqrEUHbm8Nyilv0QEbssRCMlRWAUhGpDQFoqT97bPd8NTk7So6ujTd+yczpcFxbW7sSQO2VsFYHZx9It661H19Tk2KzUb/TGOsiZqXI9kmyGke7GActbjO7G7VB+sj3rdDzFKBCL86JWa12/k40GX7vQ7zO2GLaWSprsb71TJXgeQOjTMPOnPRCcXgtFloay1xaOLl/jQ1pxoTDihVsjaTTmy4mU8vaSu/j/R4kMGFzqaeYCloVb0stTdhdMimExC3sJgTrkRLXSVUikOfwOYTg+2ENc0fbH0tuRfO8eF3FEvMyLE71XrjwZD8sWUpP1Ez/OyXESenfRZk7N8xU/ixVXsGmgKUGFPz9QEwNapNBhPW5WOgg6DdoOPM3MywFh9B/yZ03NmRE+dyg2OwyLllrnPM2IUu4p37oW8UAbf3m9mP9M937x2yiPVwd5iepCVmnS4UqN9n3/gFaRG5DpqvoSjSjAh6yQbQqe5pxjJo+zm/y4dB30VPMUYMhzYdupMX/jm81CfFr6E58nt47WhVxELb78QTwq9hn5CLRopGOg0pY40uV0f3+XtIGvNhUoorLMg81kmgiF52SWV1VwofAjqWeVUTH7AeESE0pZp7APaTZMtro/meRjik8z0XzR0coyfTWqI7LI/qha8/sLGdNMwID4u/3G8jKcz9uGR5pxba0eS1tCQdoGM2wUdoIf2NNoe/ccbxpQcDMWszhyzBx9nnN3PN4iVZAtfbsPayTY4yWwI1gVTeQD+ZqBsazFFXuD5g1NP6nvwhwpKoOkJNU7OKm1DUZd/cukKDS0SRT4XJ3DJ292EK84ug0C6I57oOMElDSvnNAG5iEwxU50y+DxkCvLkbCDL3cqQ0Nf17NB8uyYtTaBZpDQr+pJiBF84oa98ZLKVFV+v6MCk9N4yTROyn6l5mUedFSfnfIalySSIdUwVikBVRyE7z8iJOxmmjcPZIQ7iGbv+DpybxSP0Nbap70beBAhJCaAN49mymmdx0yFvY1rfvctK6LHp8rjPAnaj7uv1IYHi5XWfClTcMa/KxUbojMLYxHSlWBJ1i8WFwUiJhPOyW7emrFLvkfg68PJnIZGOjiWbCuX9EcbfzYmtFULwDZaZyLYtGoST/gXdlGLfZ5h4HpIox9EYio6F9XrC8lC27G9SL8hc3jcfm758GTPzqggK/LyZsroCuKys5s0Uk2qAV4+aWLI23xPx8sOIUuVYEE+uQbifLWaMAvSW3DOeJUkbwvN+ERBYTRKEZFxqrqRPK+njJ0HAkIOHINnDREQeR1PlldKXYt1ckCFx2K2DQVx9MqTzqlVx4eP0ivAuNhxerpXvnB3JeQa3EgHhfBk41zSXP3/XG9WTPbGQBZHTng14oNm9/xFYFDSCLjz08zWKkVmZlTprr8DyOhXdUeVELIr4SoIcJ6IsMQLMp1bYoRJXcVPXDjLQAGfx2s6zv1MaXTXaVJOhSKTXSTHtHOwleXqeaG8hDBCd9cIB/kJhA4Jz/ysFSWgMi+Rvo3o4GpX1+S/BCYkJlGheTiHAq75dFEI5cIZ/FuLqRpN3S1jPo4fmjJVk3z/qWeUCbv1m6Ax17E/i13v6HdWELO2/2WHtGIr0kKtv0To7vQmfZS+B2VDjVrdveOs5RttmwBVkdaPQXWttrG3xjKbwWuqbG0Unp0ZoR53mPXQLdgNUz1+KLzw2Jzohr60Fiq3mxGGn72l34+LPTr5OmUyHNhbSCWQhcCyQv0ppR55gGfFsh9VnmFMy2njWLuKG9kQZdvuyY1Zd/NXLwta8wZCsboip7NQST2l2Amk7nwSZZAwkgBiggCQQP43JiYtAu7cFUKNH3PkyOUGbCsdYBv+pmbsNE86suWHLwrnv0btanInmhXDGcHAuWtN9iBqNnjyBOE0z0egc+WuCJc49UTSak1EQ0ZCLWcWJYQIpVvx6RtzVT+ETlb393+h2xyzS2NGE63fSsfsoMOx5LPPQA/dxd2S40OGg9Un108Doq9pGyJH0IS+aNTfUHQg6rD1Q5Beod2VYLbfB5ph4jd173Rjy+9b69Vc7ngqU8+pktbzokIGqt8tGys+AK1qRqOuaRE4N3H8Ax2Pmw90qJ/VybRBrZBn4e/rDe6Xs5fhdoLm9Sap1lXmgZP1aGNywzJ03e3vFnE0z527YYTzQzdeF6XSThrVOqB+FzRFP1VEbzGKQin5qKIKxumYDJAw6tI+uItYMtQH04+njROPl+jvutqWSk1e2SQU5/Xnr1AeXX5G+2zHOXLdDI5EpeTS85nleN4W0dWsbpV8ojOQlddGUQN0gGRsJSL1fTarD+PzDx6cgjJo4P8QCx3hyTkWsTI3jGrYTOmZ5YLjQkH6EFLAM7E9ifC9IBi1f+e+jMANoQ5B2KahnEyY0g/fihMCy0zYoJh7W8U2OhnuixwQV1cApK5v9KMuse+bdRkWIXnl3mh6831ahhh6YHnik7CXtwoGhNcfN63tdQiloDfjaxqezsRfsNH/Yz+GKtFzcL39SgRic+m+LC9Rt9FBheljq7+fETIGyYDAUgLPBQAmLZtXjntZdhtFtgyH/r9Y6Pr+bLHENgaXQ7dpgMb2K+WvwnX/gLXuFKlcmQWaXf+m7oHMkV76k1v5s1+vG9KjuKdkYzCfJGRPnT9Z9EeKAEdiOWmaaFb0BGM2zOsrBuS7kJMt/wN7XT/g0JvHtm+1tYF2hB2fvoDAWuPv+mdCmDnAK+5A2LsTV1kQ68jKHZ/5A4ocoFiu7r1Zl7GkcNj8+OW27S4JR8pJ1J3DbMDe6MD6/0kD+hwrAkJoxisG8InF0ai5P+yV0P2LKQhRBRL3jSoCM7ROsu3QSmvmOGvkAzmY7yVX86QHcTvADe8AHY31DPaBo/6SfIs123LsnIEdmmYCiJ9Nak1+FvoStD3Nn2xTDN+6Ywp7AmjJQmS/i+af10iXJNE+4XChiikpvhGOWHkWO4IYWYJydkk4N+8Kjg12sswak30SkwblXlSqhN60tKTX9BbLkD5hPGwuzQ0eMSCDTq3Ih529mY4wbKoWIJFJw3vA905u8ddYLP/cNtI9YNQFXIimi83rMlGl0zummu5WHbYM+6f3PLcPGzctwA0tIC5yV7kdr2EVF6uLu3P52tYin0N8DAfEkz8AVGJ0GyVxX9PA2cbDCbfWko7cmS89120OIL7CpZ1dPp+C3YRrMNY96wDGDOcmkBDGxFYOqcGsCJqdXkfEEGD22xUM9XI2PJP+SHeNeKmh5/kCg4ZvTjGdzXqUzIBE0NvTIKr6o0VVx8V04eZQQ2WgaWUlqok4yDJgQ2jUDCkVNUBglNRMay25n0fgFcLkvuDZsisjE2FNAPqpgDRp3Zh7NAYCvj3GY1CbmnGJFAN4iQlJ3JnQuATm/1KK8u2/Gbp6kaRhNyEKcmGc8GXERw7oquz63sH0u+rj9URZl7PmgJX1ZUd7z+mdtXdo9Q4WFGCYyxqpyMM5c4OJUTFLlVmxUuFeQlMigCf4vAYz8FQVZFOHdnbQz4el+1uo+tbnMl9ORBlfOp/gxEv4oOlF7TM0/i+098FzvxBWFhgDh3KND2fVxLLKhtbOTz9QQVcRh+T6XyavBNEH5WDK7LrKa5DwNA2h8tNHRTPtv8YtSN0ZJay/eHbCrHQDik0btr+nRThv+azlT6jxRpXv+FQhcHIRIKKa4N0IW7560pUkq4iCPxD3bss1pJoNFAOX06+2FTPE5oXHSUPxTZOTsqehAB8i4vj24nWYz8vxZfLoQ9OX9p2qNERf7foEOJtk0kBn2yVzrihrj79Kwo/Hq7z4b36h21B+zngFsuYU7lNlhHLYYPkPn+//SoxXyGZ02aDSZBm8ZsiGjzcPnmbjgw2DXA/H9YU0pH4XOcb7WvBdf+I4mx1o2B1XdBHe0U8nVIqFkjhPpZ+c8o8F1kJrKA3SNCXgxBV8+3yMhpFTz0lhCf2BXfDmH1Lpk7ydc0N0vouvDfwK79hFbgSXRDOyGsNyjEjkShk78Lj0RcWWFh1+GiJQKUbGrpiKgZQFvlZKO5qSnPRCoy8zTfEsmcTrBi2TSE1xw2VpwRWT6044ohpRvOpWEuXgNU/lnoUxhBjyjcvfEciogkquGPWPLzSuK3vaTfei4i7h5A8Zi7TUlXxt9L5FsOa0Xr94VyUamGizGIFJ12qFG2fJHN2is7lAKDed+ehbfhLRB/Hy79aDLDCGkxGnZuUxhkmsKHtXU/OGniS3dDCYofJaTcfrZayKzzGs6LWIZKE+H8SyVuTukF3H4G2Oicb/P4zPR6XLGHrbAcL7HxLY861axwS67tWKga1BtG0wuJWFA2A5o18w6A7qv5Ysoyd+y2p+Dgz87xRPtTK0ybkMTeGX6qhRWlt0CYA430U/Yv5aJxcPf3PlvlJia1fqK10leSRGxP1Owz2iuMjNvRorINQsdzoltooo0VvQZEoL+/1ebNt0rMCpTqzjCsq6ILwnmzaKoDJHw77YAr14q/FvQbIrYT3ApY/dcQYb0MyXrhFTM3Bu+Dyg+arRjIlvdvk92hQIF4RKPCuSqLG5+6EQ71WDvp6/z9h14baR7r8AFG4qT2SN41zwxuwbSMt2TVJ7XNc/7WlT83AqUUYD8AnRRBsmCi8Oo15U/vhj+kJftWyg/3qPzMtFiL+mSODD7Owt/ztss2JM4a8eIsJQ7fmLSsulfMGCoIlj+Fl84zqlHP9WsrmaVqKuObL0Bw9StXcMDpQfdeSrgxqFNYYaD+aWQm5wK5ousPUolRfWFGBSK9VP07shzvD9cesyQVvQSJDd0dv1BMiUDmo7uqqG1COuLL2E1TDMZ+qZb8kmTq1MGLU5LdNc5LYq/Nzr8LEZa37BfSqmQr20zwetz3Z9PzUL+xxERxBQYknF/ZxcTiLgqowmE7eSY3Y0EHYNLoKdNg5Lm98SlsM91hRHiDYulEfpG4FVLoXKQSz+pDF8uhrtqVBOPdd9pNOkix+qjYSaTvfRT13LeVMq3QUymeSRhC1FWIwiZudfoe09IQgGWpQX0BNRhU5jhF3LuKiJ5TMbRRnFpDtsc+Ke+rWB94UlqHKps1rlENzKZvZo0VkzassUFNp3pYDhbjWhic1uc0NshXQBj0cZwGCPIrqeLzDPL1wve9uTYzXSR82xbIy3Z3POCeokPO6dzhzA/fUw+nkq6w4EP6xi1aAdKiU5UMskMjagdHqUhUs5ToME39J+vaqiYwIkRex+XMRJGlEIThCj28iTdiEYCPGtqY1IfNCloyC4BHPgYc6cPegFWNrEMDFkfMtmJ5Zhyj4/Fs8CwSAjHoIk6W6ynkbmeaXxu9WpjnzpkIJr3K552IBHu9QACAM1j/rX6Rwbl37VR12W2PixOO3S/QPGXmbTo6BsEE7KryzOsvH8BD9WG82cbjKfBf7yADNkCSqbsl4g7OWA9nKA34g4hg5hgoiDuTBvmKvV/VGBQ6j3j5hYhNCqN2pLlIoDGWQeMLSDbLctJRwXWB7XJVLo9XtrhILFTce0MtqPNr8ECUdUbWSZU2gVRjSxOSFrIYXMF3hxmBl5oBcPB/sZbUypu80N75BmrLX3uz+reqBS8Z1aL9lkwrPugyRDI8yTcDJU4EjJLtqv7mZ5NmriawDwuJBuuy4QxB9ub1VCfHcenyT14/F/1Yg0HtSUw0E4lFn8Cz6k2HOSvLtnnRBMOwQhm7NtmL65K8+oYR5qCiwBEKNymUhoLrW8XHMQLzjlNH0J3lQdfwR+AU9XQt53ohJ2dSrjqQdswyFA+zVyyNDcreWHRcQcdCIQvzB6g6D+ms6Yc4ZDguvD0h4l7JP/oejCVotR6bF/4Ac8q6+8Yh3LNpav6DAa680TB7Lhhws544AXvs4HhchLbrvTU8c7/ALfTU6xGOtHIt0ziyAJuPIlYUP8VqCaFytzsjejJKRikL6OjTTuwumUJYis+Xcsf5KNU+ZHaRqVyO7qLzm4ptORm4vVJamQjU/OmZjkD2ixt4s1ZmC4Ltvj8zhI++bPKVHe7Bs6wuOb7SPQJjqHW2KKHsZUFdcceSPimoVb8YA5wi0YnMF+Eokx9ybA4lVbwaMztHONdOKaCebiLkUnZs/+myOW5F/zLO23DZRrlLRhCd0cKXpfFTDDciXtgv6qQlO52YPcl8ZgVFN1rVj3HFyfRDFnfFs2uHZG7jb6VWIV6V8Qy/f6rTaRbEXAxGlpxCHk6blzo0LCJRliEuVDZKEn1IYWxNN9W430D5yw9IW9FGHjb1wKg64uMx68KETEGp8VGYn1x0FBxsqxG3SGNhhtYpLOcAWObDYnPwmo5q0PreTUM4DVoyzEJwfifKPJCJpDjYACuSZcK5PvcNsAorKweZ2FPJv+kV1ZdFzEoU+HFi0FSk1GevHThZnZJSyyVeeZYOeu6a+cmckStnixukdwsjhPha7t9nzJ/Qx4Hpf/oXPtCm3TXsy40qPqXd37jFabLS6/iizo6guY+QkVW5yQ+cihKZR93vZt+tToqNGz3AE0+9OVIqRkXETnGiCqVv98ihak1av+AmHmy954p2zjf1r6Md323A2oSKoBNznHsIBcSagSnjc1HaNwVCg/m3WyJt3wKjtvOoN829UIebwicpHwWHdTTLsLEAdqsOY1Yv1iteQUZR4WxAmgWdI7BLHdumRrb3bGUPh2jljF2k06BEITlcCxBHhUlXkpaPq3+NLbdoLI+44b+DAy3Bb5Kd1/qLbN3+Jd7cltwBH2J36l0L6wTt6XcRUOZA3fNGs/aZrmCjKoaBSfr/g2ZfLidWa/7r1z15JNtO8XEYst70daTjWqlOqP0ldRYEwzR1vpJi+56N3oP7bt1zxLl6YnMPHXHAAYenLDJwnUIBjjWdBG5IdgXBUECW5rrQJjZeDjysZkzMUMu6Tne52UenrshDDMzfkt+i+ygXbjWabXSPFpJWx8SkPDwnyrB9mvNWaekLtFhYzFt9/hQIiinJWjgbCe0sXkFCKrzYCFiSmq9SGMaXxh1HeIOmEeg9sePAtcrQEp95SmiHkDwcWAxqCbetXpsAq8Ls6WyZW+dcF65FqWa6ACW15MSifd4PkNwwbpgirNVpfOhGwND0i2+ejCZ3AmyBGRzLUip15QweOEMaKSFrK8fe0wS6K+9zwMnDDVpmyBP5f4fW/R8WyNKSzAY6ipGGxrcFZiCrr/mDyLIX4w7Tg5SprZKNidSKHZ+hUmsgQm93gc9qk+XUaZFQVFhMTdthEENFYKt7FziursUB1lz+Iu+z75dxNXq2PiNzOgudcB9Q65HYeuM8+oZ0yUevn8TtbauxnhW3nqfOLhGYQx7+iPkrjI7XPF6JjmYl7btbqpodilTiyA1KLJl1WRHLANA/IUXmQ7hDt8/ry0+7ReUXrJLAzlZjM/T7TJWT17BUNPz19/eDYVP5htKm7YEHdH8wr7kF6zUlXdtIRk3bQ8y2geNiHS7Lsac8EOdQP+Y5gEykKJB1CMX3oATsLPfb9hRhzj3gH/rXaGF+Oq/UB1dsB069BhDyRLc+YoKXQE7O7ldn7NynO9BDfQdY4bckFrZgL8tsbJFKgSu/RqYpyUzY3CaR7+xPeBtfzTzXvFiWEWArETIGilmJrO56V56MQougzxuFljnNBiXbjENwYN5zJq5TG1aJC3qDkXRG409nTnWXvfJowsGaQv7Lz1G24Ux6pcYQ331JEYuAm76oeCvzXo4EZwRYgZF5ZbjJdusRhnAHsW0yPKe8uXUDgfNEmNTlhOhmgI3Cfh8asTB94liF8vn4NKxwEnUNgD3E5yhoAxKgT8X7VJF4ShW3YKlHsUcNaC4j1r3YKoV4W9/8HkxtwI9VeOPHDyavSY1+irJFLcTiWnaZY5JLSKHO0RfUVFU0xpP+QMrAF6pqanUggeLUVUPudWnauWaMN8aKOsBXtSeyLpNbH1kNTR2ZPCGXb4T2N43+dQsNOSlzAPs4btSCR7Qo20nr7V4RJ/6dYduHfiSymZyVzUKOgPMawsx/UB8L0OxW9apkapK0VxQ+7QjA4NwmCTbooYAB0UGvgeaTDHd54yq5IIFt9HIi1sB6FtN9kJx+eheY1s2k8gGVT4hmlNhusBKqZeV81b6YmR+yGVWkpDml9gbb0D6Au1fu+0ihkqAdQf6P0xiVEujy/4LIv2NZXHaiCjVy2Wq69HYkNNlqoWhwL2FkngRxIC3oNpxdB79eDYnaK5U2GZGyRN5DKbE3n+3myeGZwVqMwJK1jgP32miZESPN8LUkos7FvElfwq+tteboux0gPaOCpChCwMGSc9NoLvTJ4iMNkJBy4J+6VPDB1P0kDK7CV9rBX6Lp19vV5OwozkDKa2q1zgY51PPRiJKti+u94qioLx4YlJzl36t73DZcnYTzL3Ex1FIOygfSfQQkJIV7H8CaHKs1TNRpxgVVp56XJrsfsybAPuVIMI19IMVmgnvHriebj1pohvOE+OKA7lSDm9L4JgFez11XWd9Ad9OdkD3mU27D8nqbEnl02Qvd0QgKEGRXhPIBkRrUqVMWywAV/21GkfcPt6ZgSdblLzE73OF6K2X1QUYikLP+Re8grdWstn/ALtlh/x+GfnH5yHYEiSdBXV0MdayhocHSFOi+SzjhfTbCJdcfXkJs0od3GdQ8qdQr6id6z1Odo8Fmu4/vAww5lijr4AjI8zr5/utwEhNnRddYDNSWK0S5vs1ObMdzOfMsYyigqhmn4en+CogQzdpFf4jE5KP6HnP5NefJqDHonA+mIlSqUC01kfqybjDtj1/wz+bebrSy75OiTsZASbzJNrqaBw2MdWF57cbC9tHM4l1GS5Xdegas9R+xcQlhHImO7B63PfmErRdDvV8JfpuKUmgmdaQzh1iFoytpNNBzgk+jN3W+bnGVoANuxd2f/lxRJd0dzfcaSw3myBhd2mzFLRIBbhCRout6qYhWVH4AX5ETu7EtiSZF1nuTytpZRydaYPsw7RqDA9AtFaHj5GUkRm5+NOuapJonahFK2VTYoL+5OK8UksJFJBQfOzENn6QoDWNIcqSoGA0XeONGk+dr+W8NEn2KDXKcROjJSaJdpdM2zzsIOHBOjkxwPzUDPqSur0d4b8BxnwiEKYJcW3y4q0cYXLL1069aWChBSHKBBcfoHbo1M5FPgbGwVZtSaiL6J61/js6MWIcXnmqsprMfJxF9z3GK3rWm9W3l21vYH9bKi5RskGz/8R8MpUu5BmzTlDV4+j/d7LRlvHvCMeWqGh6buF/5zOvIHNqRRg1YKSX9CWWtAtfp4hzjymty32ZTUhuHfpU8cRHxe5D0OhH+TlKL1biVBJe8i8h9WUjFa2MfSUn3hIq/GkxK9B1By2cUHhUpXVJK/m2KKavuBJb9nHALpmLkBPMv87doaSmBM4XeKMTFbhEg9wKcTGLHqOTVk+MoESFzBs73sKt2hIt1HJZ7WK9yLhvFuEDT2AQ9HbCKiCcMp5+EwAHw4aQz0hi4DwSHNjCHwpJlIdLtszNLfJc9rVXeG2LYhKAqtabWiPJ+ajZmewMr055fI4jBzGQODjcazryvlEbt31Y7JlLeqZKAlhR5xREeMwUBzu6Y/bbaI8nqbLwBbwqOSqQduI6wacT8oV9Hhldh2tty8cMY6l5mju1cEWRZibi9IfSM8zporFzKV81QYY1vrWOsLGKF74BkTEtXPxl+IPLQbXnJWOI2AktiOvwcAczqPlvldx1Sn9Q2dPSBWRR4Ho3hqWCEklkgSfeURHpXkrpvlt6K9voM3oP1jKRJJ3NjUaBTkXNQSE8FNYpBlob+9prznNXPrFh9+unSO6dx9hDC9T8VJGV2yVyi8IjvlkA/37HR3vaZsFaidk1cKgkPlg4ZqLeaEiGRaioNXXlzZhm2V6IC9Y/A4Fvb4eI+BwZDuI6Q5Q8s4/cnZHT5pqm2M7hmVXjoqKpWqSdZKpQdzoyBaAaVpeWzMH5y42FluhLyJiSFQuWMvfErF0Rd8iFAJtiWL48C3EHRgfEwlTxv7xbFakEoi7HFmE+Dv94e4njHlXgMiKtFQZtiEXb050Sd1yNkbpSQOCUvRsyxT0dCKO5HMdnlqzZzllzkImbqZI+L4ew7bGON6yF1sfRK3RhKkqQZJZg+sQ9s9KHyuh1LXbGGamM58gqC3udOVAwNrlxYQnjo3el4E9IPIe4cbSycQTqg8p8lK+cSOmRvFV1sK9LN2VJncQbVcbFHK+kdoKzKPcOCXMgknNrz0MekFUkXpmNdC7/r2EDxV515K0TTXjcmtVWrftesK0tG1mZ7S0Msrf0NYVGWB4tV4auxM79Zv7ayjORAO35sFsgF6aqJm7iFoqTVzc0F2zlwxeIPTnre2fGIMZgtX/UiazAJD39IKu2xbuy7xuCYxMN+oB5aCD09LugS6UYlvTCmjvhFGh4RheDUHcpHHqNq6EU6bRnYeFMbSL2xSjr//lZjfw/DpP7+T38g9xmOcoKmrKa4A5aMEowvQkV6SpK+/6eogs4aKV5CSg6rkBKYXX/PHu/XP/1sXbCoXJ1BXMUfZSYNhSJoj4YDSg+UW5qanUO5Fsen9D8iBDaf7NfeqsyXzHJ3fAranj18qn3CjsLy92WCdaJBjo3QsQCvokZ/Q6iWXRIP+OQDy7bf5C6hb5dILP3rJCDCLHnL1F8L49M2PtPu9FxqMePXx3Bl2WKxlF8j6AygkayczSizpTUOwlBGnnSoH0XKpCRzGwZ2er7fkDcbjlMmoewzHayd5G9v4tHFdEH2vX5quN72YCSrwg4TZsvOKWY3V0NXUH+LJ7EMK7tiynMk/F7a6sP4vVA2588vr24oDe+6bSjhFP0CskCQMeNt4Mic59B0sZPtbt9/fNL68AWXGM1PEcfvxEARrfQJsLX4CMRGFYWDb9Rq9do/bfKMNm/WKCLjdCR6+ZEpDI0Mw2o3t3lcNVz+iJ4VjY/GjxNw3H4l4rAtoCc4fRX/9oLH5ykQDrVTVd9h0K0x16upYf+rsUJ+mL/b9OX7noUek7H7fBWIWeNesrqxVz6RBdnGFdY+OeuYX2m+4tS5UtdUPZGO5Nq/Y+fqvJ+OK+CakzQb9iq7AaGNtnfEBnKQl9BocOL7Cw36ebaVTrXfXOE4vln/g7eMj8KHitht5GWZGVNTZxiM/UKQG+Eshxz+j+W6cIlTiU1JDBg0Wkk6h/yMXOjQ/6y0YRHaOEvob294guTF2B9Z2UnYfWYg1rz4fDzS5hUBbockZsP5sD/Xf9b7lkGpiZgIOpnInsyiagrpnsZhSW8j25fiPHh/J58VnhmgkDQ4IITyBGDP+g8HtHOu4j9nu0G3+9cAozCk9NKFG9OOFPAxHG/toKEz95BGrKV8D024J0D2X71vik/5m01njCyau+FRMjQMc52PCWtAcPPZmxOtPuPnOBZSyqQBHoREEX0p+FKkP1ikxnrcaIOiMo+zuvqCuQZBg+Nt6aSYVjPCC3x50DP1HPO2pxPpyrP/nxUqiRohXMiIlWhyXCjEC8XtLXpj8cfCy7DDI35BcJQ5F1axh/9tYAFcFiEKvqyYGc3DJ04WORCCI/D8MRX9lWJujSGGC77lVTXAmPLuJSaB5Mt/yQmUEV+jmAlQYfLi7bhVsJjOp8gnK/dF8yqoUlc75Ly+yvavGt658lDzHAzXoVNTts3DqKeKdeO8txDUUyUp4aSxCDYVHq9+vhhsT0KA5PfQHILWavYDY8vs9DqWEl244kj1iFTP4EYmVugJ29XKbl3fGpRs3YTntXSTw/7Ab/YEvy887JLTbUt2yhWKRyRYwY48ys/n1F0Kt9YkTp2j+blZMDqhWyWFtnLOvAS40ggPfHUyZONCXxt2W9xUE1tyJM4MR+WuqRjB5n5KF4xP2Qjl0D4tbfFfytzDrSmf11aDp8i+BrWlnJnxc0Y8eA/qjWk2Y53EMObOjTpf7E6OuaiQXGXW8Gp/fq0OQrOk8IqpkHDtW3oP+BtF2+slmVvgqnfS8koHufFi7NUcnKnQSvM7wLQbO/2KbsJsZnExNStsUXIm4zpWnG898VVX6mGxSnw0VvNNHeLj4sACPxdO/BtVlgyHEPSwpvM70rFAnG9BKDGBKvrT/1fNv42AG+Olt3EhoQfXlABOQj+YAl8T4gbI+Wbr8xd/v8wNcfL2inx4jiFP+CUGGQjhD3Vzc6Vr1xsKeMh3FBhdPk5pzun4mKvjitvUHSNOr3GGFuX4zg8L+WxLao7Mf7AWyHMlQu2ycttp3qNpK+8bTjKP1KsHS0yyHVKWI6n7gnSFz1FoY+CnvOIdg6mMbjbaBTCLQm8KO6BcSbg1rRfZmmY7dsTODUvpjjydKVL6fa/IpmiQXsYxcOf8kFXwnFhQFPNMG5S8OsNVzECmjmclPC86JlkBkIagKG4bYcx1jI6o7EYwF2Q0kdIRTjhQE0ZzUR9NI2oMDYQYrfkNUbl7N/UeM28758k+1Wvqpp+/PxTh7EJDs6R8Tpdpr9qwkFfrbHM+/RTeXhRwv3z23QjSK98jS9QiWNtYbFZdIJM2ve1iBzPzQmYLxjJYY1Js4VgX2Lr1KVU92hMMOYZFxJomQ8ugJishj5KArjCKw7izH7kR4e6iX18Gm9zZEioQbrgW0yHZSHpYX/22iRA2MU5y1hzI1NmDBZ+/oMdmoayf8x7+jqeJkFFbMdnjg2Bnbpezr9my5sYhX/QObAvH7zPASjzL6n9BIJuJx/ujSZMJFyaR3gYLV9qPEoJ/JDoJJHCLRMQZy7EssNbVLjAn7cd70hi+eNeWklNiijWvmJUeP4JcosWFw190gWMZALh13A8eeIIQKAgYL/jBh3Cvuii+FfRi3fs0JBb48DDrZ4R7eSKzfLVz0qDe1/wgy+jUx8NElSHqyyyXOUb7WGvsTUJYvouNVx3J6YRMSKKzRGXcmKNsupq4sRu9B/K6GfJredYDgUTckT4Qb4ZUawiZGD8JrfCy0CgSbxO9b3fClhKy13IzkDwuHyZJRU+EQlTBINceAMlewySsq9raQmUNFU2hBD47xn+BTPChFg5geIckLG4rUk6bc3wJ1kkmq5aXeE3m6MYkTR1aK9hEuLeVM5HPH2Cr+FvFMvhhsKYNZ6snIuzjJS6fGJPjrm6fP72D7yzmq2fZ/wTVW6VkjHXvXKegqxcbdpzyuB65oZrsiaOndqs73OWnNwJ/t6ExpR+kJ1K7rdhHxqX63DHTFtSvXWyJ3SFym31+U+DVbfXT8ufaxfzvx1Zz9vCMBqLjC4yH2evRKMPZz8xI2vSVCNyiXiNlVCApzdGMefA4Q1/szr83HPCseWcp0k4jMa4qT11hEnyYy8EM9Inp/5bOwRGomOC5SnVLQwYpUdbR4kuWsF99x6zpHhGfasrYNB9pmfsdV88rZq0Xxq+MYaRFPsJSCEe3eKqmMmBG/fVukyeD1QbN1RyOWE5WhcCoyLetNeCfowd9lPbL7s1ePPg4RgU5J/ori7Jr4a/4dipJvE98LGIrBFntm9JcaUREsQISU8QoOxBPndantyGFhx1nx7p6scy6falLuWjU1K0aAXaeyU1xvlAmnij/OA0bF5YgRNOoGUSn/lFZBFsj+hapeSQlr0eo+cwaGXU5V0MV/aGQRdGTe5GFgqsaQ+fRwUURcGWxN7XaXdPnYVEB2+dbFzQSYxHWGuHMK+IQdBv2CtpDOPcMFBvYZ6B62CUP/xl6VUCvBStYUHCus7vtvv15ALF3t04pR3VejRRGgNsV1Z7LsBWwtNZawk+nbZASoOJ5i2e6y0HtuJDar3wnWmVd6/auJqwYdWanxMGZlX4ffa14GKiBqC9IjxZ7srTgdA9klDDnCazgx8nB+O4H4faOUh9OWPbNoBtCr1CLxinQ5moZcuIqCOL8IiMQaS5iK9pbgu3uG2B0G96EUPD2LJFLDzssvnsQgKOV2tXmiVDLHrmNFFzdOgkLmzM3hkCArWrGMIgvZSMdTbZ7P/qgGnhQstIrNaRYZO/O2OxGNzFB4oLthmflXrohIWXH/OQEwldwJuvRaiYbCF/fz+egCPAQSf0H/oXMeX41ZcSOBE01JNM+f8Rh6EdBPO5/5FhbArSalaPBvoow2P/KbYO5IAZ2uz1qDJBFpU5o627hQXIUpB6xqJN/aGg2kkIlybVO+ZrFTSZR3+ovjjW2kRgKA6BT1M/yltiCe6zl0vUuyB/OcM+YUqxwTpTNxyDI3Oq7ulj7K7BVT0Rw1/01xsgKQB4xPfVcFBZ2deuXhRc6F4wuDOfGDWyHbnTM0l2CtOtDh3mfFh6onR4f1DDOA4JEG28caQZufGBI4ys+NIYE3xCxfA1MvcBxp3u9z0HmPL9Z7iEhHpUOUItfjtSzdM7kILyynKSO7QJI0zd2wsYM15lwPx5qRhBB4Foaj/APjx48M9xhNL0yKoHcefe8mKpAR6TWyWVweYcKS7shCngKsFbrsM98olHoPhxuESZtnqQfSKGmt8OKoaXJFgHL9tIM24mV8UcAGJdhOwCyTaa+JNOPXxNRqvyzP625NXAo1Me94sr3WK6qVrOgxnSB3Qum0fIm67dHxP5jiWk/dS8edjZ/d+nnIaRqXqxRgUho5y2DpX0tXTiUb/DlKxw6gTeqeWMeRfary2jb/LpdGWtzxjOmGyLpeS0ZJSCifEwHc9oVdWDd7KKcIIwGbELsFe6eHWVyK+ZewU6OJiHS3mqLTJyRcZVvvFPaqr/FSzyCUDOa9//qZ9OJfw11ohtSvDUW01/DUcVGlF5G0bPef+ZIAq5A80haHxJXzaVb7P2a+BPUd8u6K3V3eq/HQOycOCntraCHPEfIbu0qbv8Roc3SMOqwTy0yzMY0gZ9kwHkVQC0/M1RscXBTEXIA+uljWK/bHRqBqiUKCofeZURdAnHn7yQ8L5WMSFKIsz7crb68DRUs2WTZzYZcwBTz2P5qR55ZbF0eMdLlJyYhPOA1fZQ07KF5Gv+UYhkD7WNyKbL3xKjSDhMO+4vQlTh13Kpe8cOCSa52XPMURzpaFN1Lhnl+oJ0mzTQX5dCoIRhdOmv1tYgrLPHiYG7dbHrGwqO23n6FNIB+/e9BsB5Kg4Xq7xn6nEBi6T0Tjc0arL4TtPC9IJfBHaBv38x/c63a2Wi78XcAi8Ds1z0dXfZ1S9QgL/LeACJv3i4PNW3k/L+lD6LkwJGYlElqwZBvYAv+WIc9DkkfCi1mPOq/9w/rq5NXrQ5pyfDfaYMoO7/uwTXM8mIKOvVJ94H6XAsFK4ZcoissybedaxNBhzwox8ElY+9Yuie+g/QcNtJiDTUVuVi4kvbrwQeMUVS3T980UUIjbkWqzcklzCjRy/dpO/9R3O9cmJnSONrTK4CSmCLxU12Wbw5+XcZO5oLEol+1r1hVaDXAmcuyf0MbIQFa5d5zNlUPCjYKogs/GYFf5RGvEpM7IBQcnOHOlG6Qvp+SN3Mnrz4JHiPsfuHhtFHZ2uR9K7T5orBQSElEmQAKE3avsn2h5F59zQ2Orj2srmNrS9FUu/cgjLUNBgxk4JXF0q73sjkAcNzHilcCmLVReZH7G+18BVnReg/5voWO+d13PoOOqVnzC4LasPuALRjpWZnjRt3lFWIzmIypAn1n9PLG4y6KGhcSZ1QlK9xGg+LiPKTfDtgokZ4G1yVnLryTCjW4kZX6Hcnblqhy5IJXD+1HEXdSxmTJOLmL21LNRwDpo56pXHLxEqOL0i2DOPQtzn6sY6YuWCcThI/7E2r3Z76WxvsKi0P+QZN/lmEmTlPg0rCW2R3Um1890kMeUXiPybUffmlMkhm1/CstRJePYVPBUZLTZYy2qLbciglst+w86MdhERc4xMCFqtXniQEQ7L1xM0ZwMDanF9kln/bQbJfT8j2CpIGSk8TRWPcKtODg+U4lhN1vSH+iW4J2f1565k3zF/kvZEz6r2LysbSVFDmV8fEWI6r8hTA9iJ7/FSi0Yfp4Li3y/wFpBfBO/E84Qnf8kjMY5JupvvH7sD8TPBEXPONZQerE9XENGxJfYH6LqwdTGImhyzJoap3cN7gBI3s528nKcuo95CIdJ8diY/jwS/6//T7DsWnrlNWBN5h6qyyTEYDiPBXg6C5Sw4/qIyeWPDm6Z0xTQd0Nwh+/hJw639xPr9VzS/aYpw/488g14KRH+BctL1/94KgRpfjdcnQVsNmhtZGrWnRn715+G+r3LPTq6z7J8axXBL7KfkT4iseeW39sj0uP4PW9I2CS2G4NWexJwceH3MygVkMRUsZo8ihNC/YTqtihvqvVjHXXeLHFBfx6X0MMgdmHuNKaCl6kgNM1wBH1Ps2w8yvc5umGxEt6ouJmq5oetOoRxrhnlE+pqV8TR8B9E5uErnG9Pa1C3E1EMrYUJc0q3jKsw76vIOFOTW8rUbqp1FLAKO098bs3BPUlTUJIdc9KcvibjBldLZBU9hNeXCaFQMAmUUkhlDJcgoXKeufRW1Hxo030CMtCYeO0wOFAqDN7n4ITbg/Qp9xaszWXYrcsc9S2hym98xappy0qMkwr0YIPeMWyxQc35S8WyUbTUfi5iqN/th9IH4FahsjBQ/G3BJodDUL9Yv0lG/0EAYnHI4BJXj1Rbjj2O3uVncAB/ENtxqKGNXnN99MwItQ7/PFNEDCMTaJEC/ODb/3oDRfo5uSisaIVCktXsxYhhkrw39ym9LCT+mHA2ZyY8X3EMCJ+haFVNt2Y1Wos9LRBw1ZTaTny8ufuD3tdc/DijTnEaHmG/AyhRf+B8SJh585EQyKjmvilxEdxJv9ZYXa/eN6tb8TfHmEbyOZg5Gj+/MtHpMXqc9tFZrxIkdSiK66lKeJYJg9IEhhxst3ujvS+nUgZt1YU9LopS7VqCAEPnIJYqQRN6l5lXqruJKAr7zTnYcKiJ94q1DfcSQ5vKWr24H10wibKCSp5IJCAEzD0wddJONJNVtO5TgS97e2+YU5CWQZD9t+lQ95KMUnqCl1a5qmMhal7xs0SEzhlbbFHa2p/MFrB/ZynJSnzFH27qllvjXm8yLFdtn0vYat6L5s9CNUODmK2ObyCr4DdB+t5h766Ukd2mmvAOB/iQgrRX4G+3R5rEyps9r3JAhvT3XtAwE8e334Mr51fY3r/AqIcnMfKNyKR7MrfLPBxOcZOXNc60SYk6CagbGNOz2dWAXY6GDtgqoJh0VpImvM+zMUOC/EgpyFS+3px6QzhXjhG6nDMhhqMslppr3B0GscIJbW+Saoed+Bkn2djPgs+eJhEFOG0biVMtNS82lG6gE40z36C6iw8fdTzQ7d4T6W7zuHX8s1kP7aViKyu5AMP/Fnnm0Txv31GJx755WQQq0f9Huj0g1KIgAADNtm+2/bNt27Zt27Zt27b9sm0bs4hZyBE2RnN4w6UKW5YbDXwM+kcqefz0BexWH7qm/5H/AYhhgyaQODcFtcDnMwv7UVAmwUfGNzbmWriTx8UwLFu4BGmntBk/k5tUXJwMouVQt79y7tml0bnYmlPEfVwPj+O9CZ/hNeatK1pRFlQgaC5RnXlteAB3e1oe3j/ofsO8iMZmFzHtGNEaM8bqZgnKa0dGgjBzWI3eJtNHLgbuNC7qxkWbt99fpk8oPO837nX5x2/3qGAxOOCHpBFNigRWNQQ33Zum2jWrOnEMRpW2T+mimVwvtOC987eSWPSLX5rf64OCgkllmlO6K2YaTd4oBos6wKPWVCsONcuTvoOYI3BYuAu2arhh/BczdFtuffQKRyOgc5ZVWf6nsttVsAw/YImJJg+L93KWoY0VJaa2TuKIaHUlqsz29m1GZtpkxdmksT4u86YeuxwuwFoRYdUYQ00hnl8dJMDno8uIUc9uei3DaXN+gBhboiMsHaSOdFMt2G0lqwgPbYZz6NNuLqLWtdN8LqCYWW0zIzfmg4N8QV/rLcYNkDzRWwJGkHc2LFcZ3aliqE5wLfKibqDwrhbV4v44e9TlpaB9WcX8RNPnX+MKKUTqOHVbzmib787PWlYVIx0hjbjcZmL6WiN/Ieev0hiZet5IRkzmTRUc4heOaQlzhQiYX550b5xsqUjXMWm2SafTBS6O+Mod9sR2YYOWf6ANr0QLB2gFbAf3yc1PrnRQOen0ISPhkgPzZDyaYCrX458LvEOA4s1k2hzVNerbbkllEXHsRA45JFTsVYBQkieY3y6ncoLe6ptr/JGOYpU0h7nEy7P1rum0+3nUGORTQX97hm8gJAHkCpUE1wQSNVl6ScQlY4mpsSQpKjYb5g/rsGjOuavfBWkyC30vfQc8BfOJFRJv8SkpwDB0eKHXH3vWXn1jSfIQAEkJXD5Owbcp0YFqH/yO1x+DQ8h8E3OJZTW93DgLAdwenNUSxSGuvTMflY8Adc1h4a3+uGSSg/cg7dPSDdrhxoA/qkm/QvpB/ebo+hKw63ubEzw8UsqUSnITDQZYOkkii2RpmZM++zhiIsNd2oDrKXwLlGrOZW50lhPe2hprLo7Jbs6nzIgQQC5kTfj7zeyC/FZBwsTRYjiYhl5cC4HafVpjlEtmoXJpXc17H3hI2g7JZpwNgEiN8mtAzW/h95EmilvpOSEYSIQN1nTWclIw8hk7eWCVYJCnhT33T+PcISfX+LD+BUdhPv7HDAEAa+EY2BTHXpQHXTzzhTcExSlnyaAFeCY5N25cuGngovdJnAuGY/PlVYUw4xvqDATg5Vs2lpS4MB+FvZCBsFQxel6Iz88TMqfLIQ5oG8cRca9nXGOm5EAaNocCDRc1bpKqcKw2L7++EQo+6Nodr8x0SzNOt1uYO+/jjwkiVW+xMUQoYwdpFzqlcv8eknDP1jO4jLGCmHYbZdvn0aq7D49UEuzxBB6zhLpagPKK8ZK3tgNTTqLK5k57oHwLG4KPeS2oEv2nsh0A1VjXWrn9ZZT383t0IrWDTo604aTJBpS5ZjRoMHF8be92rP+MhQV76pNW8wD77SSwjgitPE/eCyJEnZbgVIZzLmDwOkaQUCeWQWEboYmQhSllqJ13pxReoS7nBalB7vPKJRBQKJd25PD8RHQNzKCV2ilLKh2rmK4GqcNIQKkSR6v4LTlwtAGPnRZKd0cE7l4v6S/jf+doKfkY54J1U/ajP2i0SLkL4NmFqgspxWzfV0q4XITB0ZOdEzV5a7us+aefI81ntY+4AunG4Z0P+9KGMJISEXYZstJDFwJwQrKxEdweIAhbsawR1Gu3iFcC+cqNHsiTQIiU8fl2ccPlPvOtb8TVEKJk4/sPdzSty1fTuFWwnH58qjdJgIUFm5OvPvK2N8VoYwhrnJF2uSgyamueIeajfP21IKCGHRzhzI4OQjFQhfa/eThi3Rx87X4r7U4ufrdg6QN5aSdKF6f7C6ESwby1h8MKfb9LSo0vnbxL3M6Kl2YmGUagUnhWSJGFO4Tofgt6Wa6Wt3uaeqqvCJGD+FHFL8pe8tTRCx0Li/0ZPyWr+0R0v9wvYzCskqUAUuQX98HRhfgeUS+xXqF4WeqmFNfLOyNKN00+yXscr2o75e9eORL/Ft5QvPEIX2SFnVqP1r+mxscM+ZCO/Qfx/EP6mzp+Bn0r3ZDKXTxNJotrbyUO+P1mI52pARYibBM6XYb16CDUVnhs/l4WwECLMZwEKxHTdKg1PbGbGMSgkbOUyaYdpqtclT/wE+qRnBRsH4pd2qLC0qQavTTI9iS1wSQQOTe4l5CuY2c1skZb05a+BLRzglNS3XfhstkzsfPN6Dkg3SV5tGE/f//uE+gV0ZsyQ03L8mW8qR/bU6G5rogjfsNjg+qhcC9DUlmjTSzxW16hlTHB6ijv13sTRbfkTKh92u257fm3qvd5R2tiIDYzjKVMlKZqJKyZIMv9Nm4qCmebIAZ65wONeVxmjUeAnGCXEKOEnbjxOH7Z0CXzXQKOUUHYo8UXqZmGc5NB0lbzuVGMUk3tXutf9p0S2j7wqm4csVBYbPRy+rRWZd4G4zH78SmRouOm16mRSdMst62Sww23E7sTosOh8Jwhw4AjwxZU2eR1yJUSTfZvqX2VEjvc8LpoR/EaXLvTHIeR4tMxnwG8/Hm3tF7k77vDI2gQmf+xK0rAP/m9sUyeMCHoAaDV8Bc31p40ta5MK3uCoW1n3l+laQhyLXm8staHD8atT84j00xnXHPq2mjFFZcEOGbBvmP5CyjmF4Ircfjrohc7UCLqTDHlzHs563vtNRumj/PzxvuXDx0nMHVYUs61DGUNHrkv9F2lWu57eNZokkI25kQyDutjfTkc6pkQL6OTy4/X1WclOzQ9/+u7JulEKnc/COEuYpp3zMJ6R9UHQZ5hB3aWLnvJB33VTAuVAeXqsFCs25iQd7Ih+KoGqjCMBR5hkVebahYwRAVYtujnkqD1tpoZno3pFFv8Qj1FyLrRI2MF8lcJ3SWd6u+6zwkzzUsDjTKT3WL1xMIYnd2VmBdN3hGBzpUoxhpWT7R8WOrtcfAK3WD7ZvG2PBeGsWFloMX1E5aHvwnCsbWmR0BuSmfqC740tJul9JX1gGUcJazj9GM1pitX2RJdTTVrrs0MrcP9eUu6UKvPQ6wbgoPmnDdo0wGbII32X5aM0uSDjNI299hBzXKL35y9TeQPNR9lZku4oBDSf6Be5js4lZzfunXNYsy1SP69wRub6MUjf/jx1sW3ismHDnmRw8IL6mKTDptBupgBKxW3P2IHkeT7Z0tdoQRxY64kRKycQGju3jXCYAdQfRKycY+evdwZHhKUcpXbYwZT9EZNuJmDsioLStLU6cmz6qK9iZFdOSneg5b8PVeu9y6vmOzWSKvqrIp5AZlr0yRf2LlXSTN8UQytZWFaY7zX1wV0aHY4PROwjm/pgWclqF4jXlm5QLkk2ew2C588nS+7YjFdWsiI3zuWj3ei4W6Jb0mfeNXdF4Vh5O8yNF4n3Y7fGxT2yQvr4SvORIEVhz2aykl8NrwbBhftStreqScJlun2Z4lqmEGudmQYY82qSVcwQl0AHti6jOqjEbo0tHi8kJsaI2wnegmSNE3oS5YBIxRwBBeDo90speCaMRKbZyfErNFRa9RckYwlyZ009ttTplbxyfMqABx0+lA/1c9qDIYP3dDLd01QfMd5Cl2SHcfPE4ek1dCd/ZRkeR3vm12jbqw6MPIJiJm0Z8Kqne+lRpysOWwRIdPpeDppmKDlCZ77W9LLTd/n+9XP0veJj8qYmyoz+BjfGS7lcJGm17AOgu+gYProftTmpa6OIAWgKbk6HvvxI9iNCQ0tWLMbXvpPlgxby77vn8QimlzEK59z9Z/T1CC+7/a8J+BM5JQiUrAOa7E9fT/j+ASCZ+tJ92lMFU4D4H+pYsyLHg4+7zt0xS0H/c7DSBTsAxz136kfNhl+LEqjMBjlCXhXbaVSh44F49LzUP0Ja+YG9/OFtkBa8aen42yoPUQbgzTm5MpXnlGke4xLvEGmvU8K29G2RN5sHB1GOefkOB+vwUlPsgW6A6drx12vDldCIJqBMoHCtF3/YpUHxGXI2VtcrFtTc5mtHmhBvwFn+UnOdAtLldeBA/wsehMsppgE5jWyo4LC/ieA4TeHqswZPF8KmxCmZbMXU41OkoSjda9WcEVPHmb1XbR9M02I2AcSLpeHzNBLbRFWbKMBGxNpMflcYB98zyzPDcA25EoYCd9p3TvQIyN10TO0d5sdtJmdQhD5N3teTz0FJuZz5KGEX9xTJJwGEJoLwcLyYSkHtZCt79QKoX3wOc92tQJVYPGW0tgW/P6mrmcuAlllBRvXURy4oye0/loGYuQA2m5rkNCg+ohTeMHxjz6IsdpvUR55XKgprWg4xaOD3wyF4N9ym9h86tmuiwPFdb6KJkIDDzDWKLtmrGVPDNsLOBq/P1mKb5WQ14zb/pP9r6uNO+lXKPhbRqiiUkuDvVz+7uLYxd+dVC0W1n3Fh2E7+RQrRqVHiOhsM4yNkvPk8ts7FZ4I22fNl3FoHK+KDThAjwlvDcwOsyJdKeWfHbZy1L2L7BBtikRnwxnKBGRDJ70lTNG+xcy5X3df1XNvWg4yWnepvDlcbGZoQEpa4roGXLc45CVL/7GacJdb1XL4On/XGFKOk2qntBNiv88/0VOUYYFbZMV/Z9hl3V8FW9Jvr4PdbJRhYY+0NBUxF0PH7U6T7bagBZjgWeWd6eXBLMFqBhQMExiSVpVnSA8JfRikXHKI6A4UMHRJ25VQ85nF0wP2Ox/tIPHkfJrcSJNBqzjveZOOr8XPBifcz9MMVk8kgUTS9Bk4PXhVwre3HQ/ibo1KGZxnlKyaEqn4uvNIn+PzDGutATLvcHqOsRCdMsEnZP9NIjyRyLO1E9/MD7iU3j1BW2aNvqeQpiEpznybAXZMzpE+cxSk397n8mZEdP1MaJjMEG6f2Uyd+H7rgpkUinPODs9KhttP7ziwIgJC2UgTcIRr4aAEdctNBEy/LX/RgofPFa0cyHSQtcx3bhkTEliKnhbbp7bIK3qqJtiufNUNIzPvwm/lhhK3o/9jVSkafLV39hRZQx4CUuyCJDEzrjncpBrcd+M5cUxaOMg8KxvLGdPt7rmehM/3/E9ErhHl66nVwCKsEmkycGQqDvFQmll+DzsQsxqlU/1Ylzfwv+NsXQQ2eUHoHy+/DggzBCkgWjvmS/YJtlmOOFaHL2900ex7nEIvk7RV63nTA0iTsypaqP/E6D6hY+jk4ImLrhDvVVQNT+pYpE8zUeBRRLesdysVEPULvM8yyEz+eI5ZS/xHXM4ty+5CFH6KCtwLDmbKbfeSIPPA12KO01wHlVid26jZO74hx9w3Z8fZOvhqnGmX+Auhgu1rSSywsqtbCzz4SIj9PuWqae2ANulw6Uv9p7z8453QySChexl7g9lSlj8LJVVeydBE3/mEVjEZl6FUC66CZXm8ztW0YkGNqsETqtYoZ1hAh/6bDdrfvfNGDSXz8qGcyUfSURjQvGxEXTlhS7aydhIU/nMpA3+NMltAHdbJJsTiKJm9MKGHIulmcU9N8/aqBBKMIru0fw3+8eYV6ohNWKQiSqject4tD7sGZzgyl0gyzq3npLQWSzBuiwQlguAcf2oBQlxYX/PVZ274N/DbF15IL1is8isFM1xiZQjbS9v8vr9rrP/4lMtO4r7BoXBEmIT7InsZsvC9H8ezx8BO6LqBkxeS1XYZeNKvCu6KvXOpkVZf7S/3x7CcYUDxgRGsY5Ik9ckxYFUu4VB6xvCY991z3Hy2k4qbTZVmTyO+AFnjRtVts1N8jJQIZSDUqGPPb5N0NZy3250pIDGCKX9qSVtHFGd/n2VJTA8357jYUzZBI7/CZ/hoPqNtqfGfyEpmIW9J7XRDBnjdiflrjmNlkMR5nsnHvuY+eu8+ttEOFnrchVTcmVFdoZXfJMrdjHLQlS0xzPBuRWgFAm8hbaB4UxwgeIlI8A9+1/RaxjpWNasBgmpBSiI8nOVwxrg/KR/3tPdI9TleRzSwyzr/8ZvH4U7bCGJRGR3G0iUg7Y19oEfLElt2kteYWtvYbrVYSqO/J4PJEjtxrfU+XftLK6hlsAcY8vRE3Uskz7UfY4O+rQsxp2UlzctvP+fBQOvOgvaTaZ5TC/f6rS1yCrRDwDkp+GIYiAsYyPSSn3vRDyLJYOCiVoDZufBRlKrDLICVn1J09fwlrDrjOxUTcMg1KwV81kIkriJqHYRz/wav/zh305a7YTXR3YrPxsrFtgrTOFiWLjD3BqmEMoecyT9IGAES5qKzc5kCZOzYslf07GUb3B45tkivKx6mP4maiq6/TVSDM6KAKHC6qelTOKfwo1NapKJit99EBcWUmhcHY1oq3fOh0hQIHkNXKq2CRuOdkgiVjPfQetRPJakokvYLG0rhAquzwSm3/V8z4yRepo1HboeKqFM0iSfMzckm65wXC7+LjiD8UbyMcg91t2B33SCzU+MFigctO29PCnnskKBZcehWHzvSo37l9c1F6u6QhW0CXU0w/tHjHsog6LANkKUEnskObx8otIaOH0O2DkKDKTO8SMdQV6myynBQf1oUhlmQ+YhkpJgkxGs2srw9hAuNASue63UAJXTvtqgZtj5lM8DcZq+1MXdtKW0xKCYCM8sYbkrT6HwI2VfIRQyL2rhlfRgEWVDcxF2J4O7cFHFYgoGqNjklfdBGtluFRgRNoJOxVSHjJHv1HgoV/w7wVg1WMcs6tG/9DazAVj0bjNz9ie7y15KB2JH8Xh/yAnjWsi8WIZcsS154LfIAiO1Lc+gsgFHVLL++qFBPgZ6NR5r6m1s/5HYAqPaOA3RWWTqxjSIvb95uxh40rorv4eFX++yb3srpqWT7zdbJFyCcDrKF5VwjCvRkFx/ScDmpbi1FUJ0MrsWylQxNBOHzA5+UKKg981vq+0g1py5tFAlKLtvVIwPgs7zqknrQAmAL82d5+k5zUjs57SWD/l5WzjYHqq8dlW+1PM26K/OVlXvUDvf5WQmGNjtypxQMMsrfeaJcdzgbRwiCXw5+eZ/oxodZKrfw/nETlxJmSI15ikJO0CiAErXnAedK3AWassZe/GN3is/KZgpqebEjS/TFH9Af+yz4DsWE1afbZiclF+CpHFEwyX2Ptl+mQ8Qk2p7G9fVD1wm+dPEbTd3KExiO6oNmxLFrgkqjE6+aUvmmL8Us0OO5kp8pCNm2fRV/iEQ4Z7r2fo+1K33ALjjKBagfMSIdHyLv8YaIsSMIxbB0Rpaw7Ww7yFlgwtMKYMaoiYXgNx2a0MJIRIZX3DQ+CmqQ4YqJTYFt85mwpbFwsH34OaboyyuSePVy3fZBvPxOhMjGONRUP7p7ta/aV97z4y4lREU5Co1reQbKN0leg+B1AYEkEq87YurToqkh0LbMEZWCcMTToZM/xcFLd9u1YQZ9QKN7C+oZCXtf9VrpAzad/TZNSrXmDyFMBb3y5M9GxbpuHhttkh4sPnKEXutBb26pEGY4wUbu/s7VvZ22yQ6isO5BdajBz+HXmiMY/Zsb3cqsjhVj1AS2XAV2SEfUR9AGU9Z4LfTRqa4cTGziLivxsEHqBpGzbdc4l2yeMulhHsRs5a/13hmhM+aY9qbtU50XZTDEjtlxjYrdPqUXjjYt8YXTmq6AjyqB0oRNFRaATpn+ZR2FYySsUn2ck0l5EmJYDpPPBmnmVP/SGsl8To5LOMsVQ97O6tFtQ3HckJqKa4etDRsVfZ/VHjJWAxoRdnqRFTZhGltgJLRO8ft/t9Ska8eBPB4RmRZRJC1ZFPkyQWNeOoeBoYSDwZ3wkLHjqCXVz4XgHlc3fE39MUC6yOvCVwWiGSpFYu840L04xyj9oV5I3imwO6IF3YEmR//BdMsS8OvXgbUo8wHxyg13AJVnk2VLzjWIDAkBKCwpCNFlRV2dnMjy23jknjXjcJ8eIaJk13OxUMShYnmEJDH4LJjJjVxaXU9EGBcguUl7H6t6AUDlz0Zo5NX4+1V+/6Fw4OofPMwjuA6Wv3kX9Vfk0hNdrDoTbIZjGaZIFmkxlXC9+Ago7cGuSNx29pLxiIERMGoRAoVEjRlOd7LWOPpvqH2Wv5f+jbYx/jci7AecytxJrCeEWawZe3w2KG4VGqhtVaKxwVsH0rwM6cRTyBbgYnYORh5qLICSoRa8A4mfrkxqhObMAVWc9qSLoIXKAbLBLwuKwvwKI3HHpe42XXLO7vRempRERWvih9XZtCZ/5Ummqis6TfFfETsTrsp2jGzyvjDs7SR8sTdiryaLZbBmKFBUOIfeWoP8e6YnfWvSx62NdfIn6bb/GFV2/uapVBQBRR5NlDa421eq5etAkIZbSGtzfJHCkRH16WFIKVjR3lo98fiMfWk7+nod4zT/vzk2GfY1pV/asBe4yOCjBH1O5TmxtEyYB9GVIYfC1F8NqLu6tY1nzlwM4p6seqJ3YgTZGo//rvqqYa/jNsfnR7J/YIOVjRCBGS+ORZReK+j/Vr5zAQ6PjFUWhmi1pd5C7DuovMOtW3GD93Cz0FUgPC4whm03elRsotndOWk4MnGC/zEwtcKPtJE4h3d/Su99dE4blmpjm/ySW94LPNzs59IVua89jCcM4pja1yr0pyJ5PmS7agSKlumqAFpAyE9Y97SlRXYFgTt5HUEJmEBWbfuuFpgFHeEt2dsnm4MSfLuLWwcVDQw1z+YICm9ykfcjC+iQR+bVV+UL8B5Jq4QUjeleS//TnIbaNtcffGC9NcdB6PTrc6GDmCtd7HlhvMmWXmcJKjCP5+T4caSSgwhMOk4bwFmb6yRLKv9XZmcXjWOi25rRSjYlhjfS2xp8kzXdE72TpbkbHlIZfSnRXt0Io+2gqoUrc6KKuyvn7QkzkkWVIvOlg2S/yfz9+3fRWuQ1Mb++Uc5bqF/Ggrifi+XlFTwdoQPLeW//NxN1y2P3J9rcscvJN87HovhK0kmvR1uiasZCVtHUyc0GLWhK1hDlfxZ2Yc3F4xstIsZOHq+s2qutdsujMfOmzmLhv7VAcco3Nqog+sBUt+dYAjOiJxedpk98nTClp73UL21VUY6I3gcmmKy3YBPpfDyEu6ei04kTXBLvAOIhUFoATCwlnTMr0lNtWKyFEj9zHIhrTofPzN8XfEAqTfkfxTDfFzG2ujk6sa5VvxZuVWyp8MB6NNEJ5k2+PjEQW81xbKSy1vV1UlG+Agr7O88pmHDA1hDVff/gC6/v/GX2Kq+8W0ozbyF5CrO45WfJN29c1HU5nouktEslEIvWhQ1VRtnJv1qI7/hRV1APwKcHpmALyyy5NwuCNwOdq316DSJFhye4tQgd6olZelzi/QzeWg2+yYWbFCuz7mJ78NgZ3OfYOCSxzcGMJQ5HgV+yv5Y+XU6g7MLyX74wL/P1rEW3DFDi0GqyXM+LZUcYzORbrcDovM/WlScNoS0Y9hHg0ZHmL4PSS6V6fEqSjmFs+3HUvWpbctnJ4JJzQ67KaXQN8QpYjq4ryHRqReXRkM6qZ6WJxLp2UkYCWA1vjuAIOQvg9wEwbm4KwuDR5ZpObwpsWxKbvreEFdg0To8/fPYAt81BosVdsPXGd1UnlbHN2RwNF0O6kBUPO4DYRRnwhz5FeuLjFDsNSN1HsrCUIR/0e4WuTvpnWW5zOqVs+FtpS1cA3AgcZplhmvssWNhA/USTUnU+dungm7ew+sRBZgbvGwy+qcSa7/MjSDnsUKWmeemIUYmRYIMQCAWjyJ8fTsvtMp6cn3OLF6+vyBnxIwtFV3Vfesrpfvw7tlhPVstGAvL0gWyebI5Z7zrGzxQKRsOOin2pfNiekkKn+TfGRTtnbywbqDcDCFwCCjc0c9+AqKLIhJNwxWSSHdU+Gvk0VELa6dXMS8Sxz/RCXFBxbeZpcpm8bjtZHvqPpK9LWsGQSgH/p+GVz73Efs6QQ/KBFLpsO+Ujcm3FH/Lbz/ptVlTXowUkW+KUT1cloJKAhNbm3xNDbFzMBpFewNUseStcJg1QiJLucuZGGMhGdKxyk6jG57drFIOYwXn2Wpno/UjwVMYSuYoWVYzoMyyyEATIS+k4gqbepTpdmaxhyeFHLJ7Cf9/L3EWs64eR3NkM6Pfh6hy6S8uJyjdibp1CYJEnod4pskgQVE2earDl7JUGFnSNKiwolVf47IEn4qGf3gzCcl+ijJGG+TNu+Mf8K+2+Yw1jeS16HXEid2522VfO6rzd8LbAA530mqYatiQ2sBfkaV4TwbDZC8AXd0PUSYmXlUwjSPHTwmIWIDtScUPzRvMyqhqBVFQ5zRV+qfZd1Cy8J070PTSaYzMGqG0wSXHBWa5VCi+US3oc1WAmt8HgEjBEnrW0Fv9BwNCLsybfHYHdb71EjmzTREjvjI4ffQ2q3YpyvldnALsVxtl+9rZBL0UULZFA2U4TAgi9Pl9BeQimTse7gzCKHtjtrSR34KbmYwAPLPaN2Dsnlgu+fIaM0gyY0F0eo5h2Q6bi4dnDEJJQtp32roKJQ7FpcywcAzvYnCxQ+MsHB+JVSt0C0MT4ryWij9RmjvFotsYJXnfgRQc97BBqTJw4XoR5niv5+KnZy5W/v660BkZon00J5a3N46wF0Z22TaVhQqx7R74+9tXmIKwZp6z4GKzGmfx0ZMc1sC8qyZcM+hk38VJDc1+PkYvRSd9M9bK+bCHxPmQhhEOsPaQHmkWdnEDCwSo2I2T6D09vh0hKyVucFnGQe6nrd7sH3w4waRmbb9VXOuDmpO/nfnDLEZI3n6R2CxVJJHXo5lhksaU1BmnHcF9NSw2Bstu3Sd2G6dxMpuG1KikBa7cseRN32rTa6iY2huvxp97ekT6hv7pepNSWM3/6NJsEJi+LZzpkBC3OoUoFt/e6cabGVWgHPXXaEj1+ShqdEii+hwaDPQ4i9xrxAoksSxlK0WerYc+wb22/SUsoFfaODr8MkJZjR/aUIjhohz1m1GPafg5GiQbqBRhOxGCzwvk9IS0sT06yzr07n7r3kJkIRJIz5dlWMrKr//g7QXZxCXGub2Hclu1vKBlgkB12rKbdhT8MvZsNWBFVFukKZyCvUHDf54e2rsrSEBEMWe/+8pCm5NRGNKSFWjFs+70ehGBLG5HGqTeZfk1qAns0NhCu4WHYqbY+Y7iHjthULjesOcNygiFOi17OKL4pnLM0nZcRpoJVlFnK6FoFfdVOPaGcIjfyuMPnPZLcTNCnmt0f3GXRZLE8XzE21dw+xBMWc8oi19+fRIk3eYpqmpwbhhobH628cujSWlRcgsit4my7mlvdNVBiec4Rd6cLVqcdQTx39ZOv8GRY/3GXtets1yx1w2pLumANVtCLuaTnwEGYYMesVqzGG0Re239aivWR7JZVIx3ak9kvRAoN8IR25J1aRyugPEOPyxspKoWdNCNdSVjcdzWPbNhfSn7aQo2pkUw2UrAqDfHzyKM84vRFf6k9In0s2xt/4fKrl0SY76XWPrxwKbQLBHiQEoUYI372gW1HQ/HU/2h9j/WEjYSo5zSj11ObaaMjDaCPzInYQ5ZHhbe9RY0LiJUuB2csSpsby0NWjxa/TChdxgjh3odGBgDjlQ0twZUnv9gxZYTKa2KAqoAMSTnWp8KFUMahpS6TOlE1bxuewlwF4fIHwCpPedByyxKlITQsTYKA3Jd+lSliku10ya+tF6Q93glLLbrIKjPJxyGGTwNnn9e7qwVugDvAtf9oA+2nGoulzCSvMlXYBS7luXJS9jdNcAXXmHslqSbTLMQykHsFOI7EGNrWYwHBa/gJRdD85xLAvCY9fLdmUJmmJqrfJqGsne6/Wqxv5kOiL0pRnV1RSTLomNDAd4XeZmurSS3MNoqnPqOWA932e9VTjGWvoiK6ISwwSqoOF/WUKINBlDACBafrXY193OVNbYasYv+V1XJxGU4Lqv6eh3zfuKVHBIYiEpVzEvavGLV3xrY7BECfMbqx7mnJyJgkxErGk1HR6PovYvdt4rRDXKGd8mwhsyISdYnJ827CTbKcG2BDSGsWXv+Eln8ijGxMYY9EHaFYon8bUBmRy361ZzAH9FohQtTSHHwO5R9KuG+AuSVu7rKd9Wds82hlbhPaKNqoIONYqWnucAPkRVdBH39wm+zohN4fsV+B8E8qQIC9uLnNd4eWJygqzjeS/sXD+LRxhmT44vtdGUgTt75N2zLTDGbYGU0K07yhKTg99rLiLMV2gbvQt8TbCxa1ZGZo/waJAGRR6L51eb35Pdm3JD8hNvgkMU91cpBFtVyzMplu7eS0dPq/uGXbN4Vr+jrd9sm/r0lQfYk6UIkvjqBNzjA+U7ztT4lVw+6vf9j45BtlO4bhEzKitJqj60nRDEsL5LtFY58CBJVJXL6Cv8WyJiADhGb2azGKA+YsEM/hvFi8J8SGzxvWw+SFv0V1HMPOElJqFofZLyj/vMBYyog98Dwi803x3ziMgLTGTT4ciAwDhvSInJyk2fWsOZqLvZb+tVR1zOd9DZpRVOcyXZfatI+qGE7UTkNz6rc0KoX0vJslxPfdg088QR/XFwlMinur8e8LndcU2ByCfUpzsNAbzOFOMXT56sAb8eh5BkSUE8RSYez7+PXRYH8CBnMSfeqYBjEwNgXyBeD9+G08TBWVEZtVUwuv2c9ObSI15kQbfHv1tRSVLfMUVVN4Jv6xkX9/ol5qa0/h1Thezxx00CNTxh//dr+W2AqBZP2I7KWOu5iqYzWv/0lsHI8bVVJ+tJjTqqxtRyeUJlxOp/vYWVnc2vbwAX61ksqyeoSHuzE+FpO0t6BL5/WF7kx1NWHOWA7exMqVZIHvXNepOiupQRUDvnTfsOKFCjob+vQFt/PJ+PbYeqpZJ4SVv3dh+LZcrQXFFufzSFUE+3JPLRgdj+LPIQQPwmwt6qdNIIuTePgxDv/VqEmEPylRECXK/MwFpRRPax043m+k/L1ok7Xj5mXV7D3/ysw4LtYrw44eXJ4N3nVWorI+WlPyE1OzKu0UyVCadHUznOMnFnrdjusA9hDefiDnaI7dB5gw8/gzZQo51A9b/5KztrO3VNUlWUBkwfY6FYeHfIwsUHYDSZI5oiFd6ZgcLusuZdm6BBQ1+xF/o1QZH56CVxXysfxeom3wb6Wm3Qt1t9R4L88EeN99GZmGJKqKYtNS433n2JrfYlUNvAyWa7A750lBMyQ4vOtODvl1hRcylAWx63IAF8jUnY1lPXg97WD1eLnQlwMcMUK1EkfKZyQyUE3jVkOdRJvKeh2GGJFEjIgXsZxpV7nqYw93UOCxMus7JWzqLjdt1P9FadbPOCIvShRgxu+UwH2wJ/Kgcbv9LJ0eki85kR2VpGk0cYwguJ+y7oZnoYDwwwxaSia6J3Yfr0ToTmnlK4fP+nensDKw2l/XcV5xyzQ7F2BjQq+luxZ+So3nnso2d4NP50HsCoqNA9XrEc+i2QUnpBa+uvDJL+Dn4LitjHOVAukLZQ7mb/HvAwc23uNSUFQTjHXblVrCSzEmDa0iL0WrilUBpJkHgPqXSZYAt6GLcdYuXl5OIkgfMLzyOsPu7+wF/PQ3MaGNESUxPI0QXVf5Mbg5RvcPHuLSEuYMYIKuLD5qExvQbwu8UAeYnYIc2IXi9RwioZwpxPGuH9YtpSm47BLzCj0G2sj5PxShPaP0sF8/o4Kbsc++C24XaAKfSPuOzRVpR3i/fuYBqnmg0KlhkVrognaciVjBWEn+gJFV9suZsHKNS44qS/OiwO3OiIE4jAxJMgLuAExIESbCxeNHutQtrzZJG3OkT8xSwg61f59bVu/Y+pc5GXyTMu/Mzamb+kM0y4Zbcj/kbIeBl4KZJk8Dkd7gDWwlUGQ3UmvyXZw8jwGSgphHoDb8KY12Sa1ZSEc81LGNtI0OFYI9jj3Mul1rovx9+pXamXxsmMIYOSnur5VxXGPmdMBiGtZ7B8I+UHAMXJv/Woc4c5+9MKxtOoEWonSz9Ir7L1LeDTda7Pl7izdwum88CeSkGof0coIlZT3lfwmKJwpMqQbakeZ/NH1N7s67Oi0IWDUipWY6tOp5iuU3Mh59JNyRyLJt7BBEIVnhpctUPrx7fit9k4MerRJHMcZZHvyHxt9lROJDCErtOeBzvBJeM6vjnQKVDnc7tueqim+V/xhISAQrlaS68uIUXm0goheGy/2VUbpzxdYRhi2J3tXQNebsjAfiTHCDJn+/L/CI5bcCcSjW4+trOPVvxKao+pCctUgoXccAMdIlAgOBrDINmb2GywLuFJdeeHYmAWKFe1+ELxEx+gnFnqrkapEysgh1fLxe2yyT+HW1VhgvluyqvnM0Fi5S3Vln2LFfpjOB1lAQlQrhTF2ZZaFo1KX0duEymeDQVspKY4ePBMW7WlnThWmgwHKVONVFMYfOYyedRQcFGUQ23AApWLWtTd82RJ0pR2SOCYXFudnc5zVi6FVSQwuDSiL4rLudmBSLzHyx2byda6aQjL2Wd/T/0LF0LbJIMuMgGhdIOd4mm952jbi1B4tXfzxcYtKkojtQOaL3VxctUMQXoJAqxD7VCKh6RBBI4BDctl+kMSo7JzAZEaueCszffo7oWgre1om3wtlT9NJVfvZ932Zhwyiv85/uCmO56WbH7S8XLWUko30EkcGqJhD47aracdWN0ltU6QVM2SV+iUoD6nqOr4JB/pxheYUK4APQnq0CfulWu8YKxASWmSrl8fYV8oSVM2xiPFW0kPvXm+UOGl4lq/cP8MUlJYEtFMvCe5Ly+EjY9664mh/zpBwHxK74gHzpuk61j5QWXvou4YF5pWVvxacffo4RNPvKDNt5c6BR8UWdgTOTvfb50l7pp8fYpdsCSzWoBdGYimDPb6No6QMXjM7iItHBNh6Ns3p1WwcZ+3hpG+tLfIOyAnlse9hDgJM+Vm35DBYq2fWshVNSv8efOvXOxuJ18bjXAzAPeyzQf6gb7MrM3yEST0SMCa/4k28loetrDDogfxNMI5puk2gANcu/4yW7efuRJSUHwxx6VKzmCVMG7Hstugmjz3xXBHrN5IRu/M/kmu3GZ9dO5WN5yZasJ4OUrNrM5C87JLZ8aEgD0EdOhQor8suirZmpPP5AYsPszm9Q1yUBDuKgtZIPCDc7RN8d+GR7HjOHitBAysN/WOGDQVuciInMFB6RHtJ6UvPxDItPpd/ijxPkDIDtVKxUZiJ1YZNUbVLcYAJo+X8rm8ZbAOq61oHac7qJ1TXcmrWE7tqHzjcUuJUEvQshqYq9uq1shqU/SyhNOIm1os36TfLLXnYW0BC8LqZVzwB8Jj4i7Qgn8K2EXT6WXGmt+X2dY3UGlh0Qs5NvQI1vVZ6h1vlbTIY6cxnwKA/V6ckKpHPi1cTQWts6gvMv0CkwNx4tjUSPe+mWtSgJ3ZYZ8iXB6I6nN167XrjWHyGDKf6N6X8bmCCXZbwUgoiDWRwu06nZakinYxaSYGwFXHBVPSV0jUF3tLBCyK9jmhpeTVwjnmy1RB235W80fkwGsct7830Yh3epejZ+o8zxIVv/2fE+5GI6VacZTTzM7JYMS1zapjhnlYtjEqWqwVlfdETdL8MrCoB1b7TMMEoVFrVxScJSddKaw/olYbBTV5YEbZXYjOvrEFQTyoXlqvSOlnVI+9QomMjB4hm/rqNeEVQpvYxkDAR4h47VQ3k9NCI0J+8K0u2GGlIluy2ZsG1AfiMtnxVHDCc+dmWu0TOFmqhHrYd45fxWl578ZZDSGkpq3l5JnSkEKYpkWOinFAhz5kSeibmQghLXaGlqvwhWlcj9C/TARvpNIuv6kEOKyhO/rYFtdJgtsN15MLO/nq8d96LgMs8ivdYQuDwSZ7VxVBeodl5g6Wnh16p/8u9XWFbFQjWZzPyduRvv5LBx3Yx+FZ21R1+XFHmTTgsls20j2Mzw/DXjTPoVB904Oi47eq9rf6DCQvKYrMaF+aRaZqSoMTOv2GfV4oV88lUKymGvIqiZmVBd4SjQ1WzYESNFu2XSmmudXAAkPIRKqcSQIcrGq4B9FPmZHKeRC7ZFHQFvgBmaDsm/fQkIx9fl04b2GsS83ukJjPlRlfHKUAihDxWsenCQMVAC7G2RunPqMU37gr7l4FLFdvhibqDM3ZzE8ftPXpgbfXtLU4YYSAq8AI2smHNcxa4JI+QVXMqFEZ1nB6lQtx8IKy7pEoZJap47pqIVlwAXXp/mgX7R/7A2DgI2lZ+5Hhuu30TqCyzoQv4RKTtdXEPQFh9XEYh/q+KJHC0WOhmUyNNMY8lWJ1K5IlOS2vp+elMrEEO012orgOFCXRfF2FtcussYVbPT6SDPsxWA+7tCr6JaqXHTswN/bPAfyI+AaOHY7J9jHGzphaW6VLutfJLDk5LdGSmQe3Uo/YH9gugDKySyX1JPXD4T5a++FdtgZxYujKEoBNsRSn9JmrsEP/MEKgLAKxK7XqZcOZgo1vbsExWG60ORsMDkHUyxP3cd1chj/n4/wU7mkZPFe65ONiwfKHZ4k577npBOfxh5x5ftWfb87esZjaannJM4hKhhOowKf0LuOU7ZEueHwMqXPpaMlyTGH+KR6dUR+Kkcts/zbvGxhJGcsEMfZvKvaF90wPx30hymx/jB6rfGXxHtyrmbSEiauHLDJKd6zKXIhzv58KZ+KvU+kEWICCWHw/rzPTwXj7v8/tMbsr1I70FkEY/9bkXsUTcfTp6pSmf7vh2vMLxS/lDOLZd/THeTl5MLFACTLXnjTF6mWsjC0D9kCIBerdVsJf2vhnRVbHw5hQ7NR1YylBk0nvoRMO+FSKSRcvTv3hpXRp/aKDjlnQMQ0pb6nIawZXB+RmHaOoREdzn7VqhWNik7ygdGd24/sR5jVeVEKFTtNubi+Mg2TxR+q6UGWA2c8a3RHm1EiG6n/BCGkj/P7NdznYTL8fBmik3hYRZ3me6Z4FLmZ/+ykLo0+rWQiD0cRY3xBMbyqytDjNLevH7InEMATgPopicrhV5K9PjHkN7QzCu8gToQhQ9aTIsUHiSH0vIoP9CRFPkRScjs2gUTzqatAuvfrSbHbhD9968ERKtqFAWNawZCxcEBi+Ii6vgGR0mEUQ2jgJjtQYd9YE1xXXT7Is3CoD3jLV8AYkjX557XmlElaz9LLAjxOYWkI8d+R8KBifmnBsN2MsEgi1kSNB9GnK2lZZLWtuN91iIR9IL67z+Sd0RKsSCp0EMD/kdnMd26nn7Tqoo09GmJGzUBkJssUp5iaNwX0HYeANVcoMnjkvzgoy424y2NECGjduVEXFjZrb+qKmfeCevZsv9x8z2gsy3R016mCkD6nW4+9iA9uVOcxu5VgyhJessZkfwTky3twfDrJ+HitRqOywXyO4CIRe4q0I1Mp+RJsHRhfIt4hD6NgYlJsXsnWWtBlEzNudgdnwHbyg4fCH4H9HfVjCBsUhsTFP4Nzn/LOtiZztIsS/f3bi2JUJvc+OtL847Q65W8BRZkJS1GJnxhD9yyuM9Yo7pZqYZOZSNOwV8I0E5Qo+gQU6kzwb5WHTBhvulut7YFL3rnb693SqiPIGRdpNhYASPMC2Vcc4HujihVUkIuBHyRkUDwkWdYLzAGyEgOkrAb/1j8dOgCzhWMXLm1mH3E7sL7oliYR416xogFygsp/+EUd7YNrVLE4mO+OM+tveufyI3U0AcBfaqAgZCmKR3IxJmY0GyOWNDhLbLBIlvcPuUo8b9iuOCTf90zVlE7Zj1Vv8/DkVBKahwxDn0ze42swIqkPxNXya3QJwdm/+2kKYQRgK8zMfvwJbgJ03m5ES3uXVz7zBMazjghZPlqw+smNe4/+JPD1qkBnnma3s3alRJ39aQuSxd3eJ8hEjxUEgOvRUBiY/OMD8wHF0HltBY4Q7/cDyljvXMylg00+lS1PYopk+kvtr74Q1y1THFySXQ+aMSGj7vl1Nv/7H3CZS+TtD240syJnu1qZsMl9ap9m4ftmpIGS5xbDP2tsyY0Uh1/XBr+wpRqyb0fRaXNvhSDzxhQ2r7ITDwlhPaWsKN49w2DwjYXmFdeuTiD0lMj7u/1ErcQ/YjHQ2JRRoaaUSIDTYkQddHso7AHbxLLu81jcXzRj/lW9WJfFZihyxVmpX454bkAhzTb0ysarkdp46ihqYJmhTdtXBzSoeGJuuTwsfOpuOgZH2RdqUKARyS7hwNFqS9N9sPXBz0tLNGGoZ0VRFF4p6hBa7iTbBNZkdc2/ve6hXst9kn6Gau7SYD/hyt57rkNAy/L7IPv2tNdYUaXszDBPJDTkzFPqb/vLz90o1GZ/mImxbWI2NHW6m2EwrPxUz7eQ0Hjyw06n4MEeK/OUIYbo3ecWQRB3qwsWRt2X3oVjl3jqzTUpPAckKcPOEN9EAm9zo+8nt9WbYz5W7hR9DYhHeTCIPpC3SCaLni/HttcfHNySp52jhySyBfD2yhheXslsDVHqsgJipCjaIOPwBkWFUNaCV4G8dyq1GUCMaSMDlxQl5wvZ8m+B7KhDP0gAY3j31DMl557njsndNykZY8Hz5QWsftSv/KpuiwuFwYIvJvO6yNe07WesE8E+SOBMGxO+6KQ5R4Lgcu2jf/EjCPVz1X/2IC63bbVZPDJkOSygdumL1mDDqw1hjGFmETFzFG5n0iG22Ix8yjnbxe58lf9ypuexbG5rIeMo30jspH3cqW7xPfZ7/Wf+UVomE86p5WvWOc77ChBUkbZ51OlbOHsschh0bBOxAo2Cj5VfH1HA0KblJy3/xLFe/nheP7BFtvDLZ8tJ+lSZR3vdv1nqGe0c3DhDp0NHNqlWDo/HmtbhYGD6EDqTZpGABGNsfC26nVfMzGfD73bHK3L69Lm9AeUQ/9xzSbtETpsIDVSiztVPeHwz5oFLiGfHffbxc+hQcTj0s8951jEZ7dYfBo5m+70NiX+uV0ucLlkvfGnTEV1FK+oS5wdYJ9umxXF85BNYmvJltTUJx31pSdutihKw6w2u30riYInn2Qg3CYVtaMstptwdB5DKotTjs95c3K/23uL1KjLXk+nsOV8jfmZUNi7VH6sMphuOwmYoCufMQ5shx5GNXmtL8wA8rHV9IZiQlv427TgKTgooLzyYxguFljhuDLyWmdrnJSo8TD/4QkKCy8Qs5GX3V6jndBgQEcjoGS0nEsK+5g6974JiNlrpJx5mvwMU/L0P1OFoKtFEQ1Boml+j/JpWmXn/Zedf0Hq+s2UeptPDAOJfrH/jYoxxia7P727crkT69VxYm8ShjLA8HzRlrMZlC2GA8HKr/Aaqnq3dP6cSv7i+GTgZgTnsYWIPDD2X37jY8OhPFYxJTOZ/xnNhsBypcElnDYO++GTsKUyxRWFOU54Ju1qq33sx2RcdNTXMVKftpL9/vDlGKNV8116UrXuycg5xtmWypqaJ4HYaMiG6ULftXFwMOnI04PDySxuZwvx5UOhaB2wm6vl5/+ITEFri8d2hw7fEPxWbd5MG4kqzXw+WJKe5lEbdVNJkCD20laloER47TVJL5oBdusRB0F+G5tsza/8Z44947cHHeSg+SHROdIymrF0CnYpA96juFcgtUv2Z/ViFAxHrcRKpHKGB+lJpK8oQi/2gruJ2npWyT26aiYj4a6NURf5dvvRgBHalzxpzTYr7BhdF3juN98QuV35nJ2+hkSMUBgVrlBEw9JVVI337RgoOd9d+uo/hl71yGuX1fmecCH6avQesmaGnl9isvzO6q7aCqaAuDQITjvQVsX9LXLC84QVDCnBbWagYcsI+zbkd6+cuKk59cG7XxolWrOVpe3jJs+++uxiFo6gtMXHpmmgQqke0R+YUvUYdklllzgtCNrw0ZS4+etahZvQt8Vur0gOUmGCgcdjR5HG7W/YZj0xeFtGlA3R7l2VMCjGCIw20IhkTWryzBrWtTMTjUZltANAt/Bv+dm7jioaTXCkMu/SkiYzNAEqgkYnhap9O0pIaoa8NTxahTW9WQhD75wtw2z3dRr7+8Qi3tfgYo6w/jakTsbVYcMZH6BN/wFEWOqjlaGhenf8HW3e2rkq46Y8z6XW5cuZDlxtE9bjGJhx5r1/I/lxOWjBfjQrcu6NsoX07a+Mi1GXg+lB4KG3LdKDUYLSMMGVL3o9zMNuvj6zOr4nd9HPWtCcAKh+duqj5TtrmBfYDRaaOwWCVzxE4XX7MeOYcaXzBWoLe4u44Y6qiTMCM7qNL8ftiOt//SP80UDQy8rbiSFLa6YMQKQt3Fp9tQZmiBkc79pNnquWZWFm3tu/unL8V5w90ltgWfOvICCjr4SB9w9AkcTbbCFRrnin7ZCaMFJGvnoJx9TSiNankl4fEFh0SzvbEhVt3T8vNuBga8iH2K2S4QY66eceXSUmPTPa666s3JbvBMlz1GXDoeGRNFww+jFdZq7rA14ocmHIWlNOrwahQ+qXqGseKLjSN80iauvb1KI9PTaq2VS2WBO1/I/tz+zcBSWQfVMcAn9lKY2biM1I+2pb8H9OgVv/GRHMqOr286Rzu0F7Qvkf5FoFY0XyrrZgq4FyUbfUSafyiI7Q58QzLGqGUtoe/cgPYf6//r8Y2NJ7b9ZBGLVL4gRPzVX4sTAIFP/HEn1nwLtn5MDAwdnhA/fL/PgFCgv6k2wFMRuTdettoBAbFQ4eGwwf06+Q4uAk58/zXvLpfEkwD/bPpYXTFEiGpXUdWQgU41G6tI4JlrxsAuwQ+hZHj+fbcw98T6KwLOvT+C2ktP82gku02S4YtRgK/QoZ3RqVMYgQRjZY08q81inUyByYAgg1APl7UDwwepv0EWywkK4JeHMYjLw+UetilCDLatrykx+92ncc5az0NUzqFkMjbjiSzk9ei7N2N+TrSz7TElMnp+5fnaSJIKSisXGz6Y10EBPexgkHfJyKNNwpe8iiRJUYulHKh1IldHpIKAHN4j5HycZBCy/btbZIor2/crlkxwKCdfl6JZc2VPVcfxiqW9Ghf8GrqjqGt4xRUWds1+0JsOvxYGmNLx7YbDFccIFy1UKG22xfM43ycjQh0YdKvo6mtr3fHmwUTKvAizbbDE+S+MYtTuZRosFLYJSExFY7Y1RjTkgKsK0e0/LvmYIAU2FuXiRXPD2ncN0XgZElkGlRcBVCsrkC862OqGyaAKsuq9yt/b/nEHbuKvUGL47bJYvw2s0h2G9wsJJmEl0IHXgh6zDX76YJXXsNCl1PHOGDX5GyLVCAqpiXDcuTKH/HtX9K2WQSu5BjOouuPLhGTSy2mHSo0B3xostqflMkTqdHiFU+9BAIq0URiFE3c8NzGD2IWaN3j3rIpFeTjKvFx8xwHUshJN8Zhb3jsGA7c9m+sOfmBF9G6MvXQUosoqpHFMceofqt041OIIN2iJr646jQlTBWK6r+2mveQ8ZH2tKIuVvMVZxPUO2NuSVYPcOJkAp6JqZO69vdnMxVJB3n1IwHLN0HxWPsdM/h9UYdCSqwVtJyUIGFsIq24vAjKw+0+tj+9M6y4xe0LVXN+2gXA0x3aUsrMygbIriYDpix1jp6x1rMmfmSsulJVLf2f51cUsdzgYM9fhKtH3DqCsDyrzlCiozmyiSYlFc6gejAbjuUaWo2fTu4O8NLTWdIbgLhKutfK0bCkTdCUGYxoyN+lqQmgrR/pfjiVnBND+9l/Fso1h9CDVEjuBlC1mytlLWn6zmrRKlyUK4sVmrFocjGLF8HPdF1QmlkSiTvFDwH6NBvLGCRyW8QcjYVRXfRoEgXKadn+kXhk88rD43kwHEGuLSBTp3bQ9QzzZqPOhecjwTR0SkRrA0zUIBRIq846mX9Y06WykeGVaySC42opRMAERf7zf3NA7r0v77RLlVYb9ft5nYdSYqE2tDmyLVONjH+XHAU89hDqJn/YJEZ/f+qvcb4+BvkVhAUvNgIi4MM63+mN4Sc/ke6PSDUoiAAAM22bdu2bdt62bZt18+2bZs327Y1i5iFHJIO7rrPPvTgKPksfHmpafsHJUUuZuVhoidbR2WC1GnUuMP9JgBHFR8ObdWz/wj66jmkaNYuJ2hllL3SfdenH2e9mNWqfqp7Jz/j+LufqYfHoB8wtS+sdI3d7q9xAMqGAevcP6VPLVIa7Pdv7yI0hLg9C4FRfWmHCoKYvOunAIvTCPDJNS6YanMMmvJh3XgMXihx+LfnyE4QX1+yv/I6TSdW6uS3s5g3Dmgai+zUn8ZbpYx6H+UjLkWfpiPyYG3rGCzZnWdReod+0UHbkFvMRu13/ONXAw4SW7VNfi2J+GFxYivGS3NKDUOBt9Y4Ut/adRGBz9n6upMImUQ107oZ2EL8bL3r/b2w5PcwmYERDt76oK0Uo9c7/1gW6+tGSjLlmYMGaZC16Lgkc47NLxl3aXwextyhcSMIHQbj95gprlf9iWyNBqCiAl9QlLP25Y61uc87LvyGEdgv+rGm2MEPYkteYJ1twWiEM5jDqN1LTv8fpu4mkdksoSpFystKxnm4k4uanNVh+ty8QYT08+usK+Yzb6kfrTFU/EfwKTpLljDVGzDLvplqcwF21smWhnfwmEyktk3BYY/RXyqaIevVssdqL+f3ktf7YQw7XKQ84hUfF7bOf2VmpOdnw1ynJjocDshJ6hH3VAB5um+dSJIBtB5QsnM+utnmrrC9vhoJ6aJM9+aQORVqCd0KTlmF/p+2oVt0zoZKFlSMu44DWLSNm8aKrFTwNDzq1XbtXJrcxOAH3eXcWt6SunMYFuez/EdTLR3HXGvs8VTXoCRfy2yTkC53bJKXUKDteF/ZjWHetuqR462XDNMyzna2Md2wapU2c33iVkYyQ4SKiCenLYhhrZ5NygMKBda+WvyGSSqbanyATqMuM/pLqzwEeLhUpiFWllt5FWenILH9ArvRGHlw6M/5ZnYBNTJ2gD7IYcUttctnhsaL85an1iRPN0oQr2s97FpuBYnj4IU1SvbfmZFkslyBQA+bC4QCwquZHvSaxtLAHjDj7ql3lt6qfeYHg5/wSG5qc9V7mR5bTtwPDWaKUXeUBXPBDtwe/+n0J0LtmUOSSFEqOWAMvIrOdYKDJmGohyIJDrlFSJAY2W5vfXWXVYGusWX3V+nn86bEg3jkTtHKl+ZpH13IoJyxZO7fPoPgbloixm8CCnKpuBK9c+p/bkRIt6KyN3REdb0pawiR3lHYSvro6Bben07z2Mu13qS1mYdts/+26zqpBTwxMDhL7pohcBkXmukVUjqK9t25+D+q6niaSiZSaBzK6sHsEQ+GhntPPTB1lSQ7cFQ3gUzo3kjGo/zpVhDeJ4U8nmXx0aVEDPj9UXRPJRx9aqmwGm7Kt4GVE3XdoGi2P5uDy3BiWAg+9CNzboXqbqHosnlHuYmcCcYn3kMcL4Vk6U/h7HLx3KIcUeGPjNL1cS95L+emlLTLBkNzoes7C6J/Z/jk3jyNfjxHqWHcwe8Y/Sg5ZkGG2zLQ2DkNaqw8Zveu/Nhymo6dDECZMwnG+3jCHzWKEyPuQatnpDlrtJO1vrMHyG6HYitLqETVc6dMPnzvsRMnvTrXXds4yrq9NAWRjQGQiPevktZwKreGYhzw7AenqXl6EerO0wbKK1AxSNG2UIRGsuzKK7/kiD2k0jBOlGARC4Ivz21c0blK3hMgAVGUj1vzGBgitiOENbjZC+xygVWmSc62uKTxv794ztbZuAk2cTcHufyaUb3z54kjn/4UB9FKwF8o7T6lWaRNRjTX08cOgol3rpCMThlCca/rYUggnYN2+ie1vdqKxIjxh5ZJEhP0KN2NuLinATOOCbfUZodTGUGIJPwNXg8/M+b9nJdGdEI26mYvOIxcQKU5gvshFhENSkx0+70rWRXiCWMtAX9vKSCqcS93uPGSyejPIMhV1y1S5U6plrHq9+gHk5KtAFPJ+52LLK1i9iXQPBrlQuWmuypBDwT25EDWFm0ssyUQ5IhRPTjLmWqLIopn2GD+k/SL2jILTfMThUZGQvAH82fMPzN+PfyP56gd7K+VI8dqwH1gL3rwypZCbN87qi9o588HmkDua9dSztytToKfv0mUSySZafaou7YBTCJMI7qygAlGHYxZPZ/hdvwO7bAPQAnVA639223aIJMWDavzc49XzGggJbLIK00LOxVAh+UmuVXki5h7T62E9zx8UfLkGub1xuo+UgKsFYYYZYOTdw5PH53wa5hRJ7R+BDPsqfJ+kM0gjQPZNcvHHOeL+zxm4Yqo2eEleXcA2tVVt6n656k/uarG2XXf2MNsH1KRcJvb4MFppLLv1PW9y08VINvSfgjRmzY9ZlPW1QCte24xuQ9GAZb8cgYW2573HTL4ETuwKuRCzp8hJWWcqHGoroqUedzEwkEhsSaJ8uLXMI36awfkaPq0AUKa4Z4tM+PnmTD1S+fGtsagzbDNzRsx9xscJ6NNXX2i+gRoMnz57VnhsC2QsmJ89ciWuk/29p+H3Qe7yJl8FEKOE0cf7OoTSqf7feboE04St0S/81SB5r14loJsyGvWSstPNUyILgMajpkJRyOsM0wORLgnyPcFIpZheG5lrK4OlROXFlNad0QlxvjIBSlReR2pJNWcLxVAoUt95JnpgjiGzifZgBJApFY9c1OsLvHczTDY1Skxv6lc7H4lw88CzcxR+Us9otM/ZOe1+JOiVcOyl3ZhOybFLcz8NyXyz9b9gU8UueeVC8PEbYu1ob3Nc2DF6DgTsje0KmCCfKD91B8Z0plcLI19u7zA/fF9g3BQc81ie9khQd1RXX4rQ3JqjJtMMXyqliU676UJTCDl0A5H0ewrt5xfLHZk2fnyfQRN2wPPPNbjdxCQmGU3JsWCHyi6m3Hh9D3Y5X7sFN3cYgE2MXN26/fr6GicVpD7CqfwGb9kxlSqBBXzF4IvjPBUjammGu8izejMS+IkUyHkcInHPy1krTuqLGXc2XGj+EBkD7bZCxn/AaGamGmGW0y3Zw4XUnUtSQKuafKtYmqZEQDL1v9a9SZApzbNmpRghpClYvCxX+envkN6A6C39vEEsDR4pYFTHp0Wxau8iApH1WmYwKoEc/TeEoPiTTrXN6CV5LJyhmXhYoLKwKH8wcJFFM72nTRtj0ixxSuJba/iGqRaNkIuSujZeRQtpz4vlT7tch7lcLSbCYxZyI4SkH099w5Z+eSjHq20S60fnDZ9LPEKlxHK8cyMU1uB9i/eZZg7hBxjT8mqJjxtoKrKVDl+H53lkLxB4FNQvShZX+47/EvHUtdnDg2hlgg5uwZWZ8rVh6ksI++QxrSMKtZMLd54gktMHZQSt2ZIwVP9k1YjRljNpWhvpe7f/PN4LST8Zt8jO3vlpiVcm5CAzz2oHzE6nQWNFekKMnn7jJAHTP8QvVlNULnjb3bCsB56cUL0cQIFCYGv82Csm3a2GQg9471X9kYd2ctJOrHPlzjDScBCK+/aocIonEZw1XIMQHleIt/WFFI+yYbEj+pjFBLhbId2m8lXMmxd0/NW1tuAyMvY9Ux4f2LQmLl+o+3xYWQ4JQxa/uO9gV8G8r7B5rgjClJaQT8w9hyMykCQ7S3TYaNWKQmeUlscaKtdoGybdCrvRRNrDzfZ43tv2TrMrNbGfF2B1Eho/cmHlQ9ToeL8Vl+Rx9kR+443YGht8eP59NqKYiRGQLaC5fYXfljhLOVl/2wW1EuB+LPXgzBbNbJ71it+9eb9pOEU7dtQy/DTlhOZNULLQtsFXTqOy3f6/OqTNBf2QEX/ESs5gMeEcJvXYTF5XSXbVtbZCyKM3OJTy4bSGxRFdOJMguhhSPijWTsLLjlRj7owU3LbFLWvCc5EmSTSGI5uAj0WGfJCcfY8oQ1LcEDBrDhG5Qayixq+QzyaVRYueSn3ZpyLTKkj8zm2psqn0W7pm8cuVBjSpBRyZdEJWgMooj9I2nYY0pcuxHVhHLRZ+SaIeflPmXY8oNYxCH/5u279Y7YDIReC15dKWOcDY+u1N16XHoR+EXZmLYQzzM/wzgsid3hOA83nGIHUc2Cg0P9M9RJE2RHQ0IoeDsjXnoovlHghTuvbnCOedOtevFMpzzX997EVxveBgMRzjCp+klFamQPToPrbkH2hv7TVjCt0aVnaRHyf2uDuZmnzrOMBMzKLPoDz3ykQ5bsQKHj905vDFuCCDxAKCPRznjnmbVu8cKA6WV4HSLiNjKLKPcGwKBNkuToBV9mnUQjKI2VzKeVwGok5vQX02FQOjoeDBrtqsbbOK491DOJgBqlCaRD+giLwcb7/I0KSYNfajSgl3JngJc1l4v/bdn9GZQtSwT94/sooDoorkptCghIQBuF/wAQe73XwJfahPuoNhxJkYmnF9/7iRnr86aDfanpTuRxJUdcVvqCFZ8rb9qjZpYjIapLTBOulYQqyFUapYlpR91czWe+6sOGo5XtdBnGvfZBYCFSjK1SSVnw9XWkA197Jtds2P6YbnQnvwdd34rxeOVlK7lFaCdZfJuW15N8EG42iihbg3ei1uPiZpBllLSeBUHyKLKW0ieeAidcJOu3WSBIaGQ6r+YtCh+gzvG1fI91qOaV1O/ONK9oHUbCvGR1PxD4NsZHoFvrmtk6sVF/KPK6emletm5e+VNo9Tmt+aWWMI7INUXEjEyPQhvFa5a88VPpRx0RTampnThwWJGomPbRhvrhnbERP331QXydXBFGAP4WVZLA6P/ro+cLIA/BTH9JWCGdB1nuI1lFYYCeH/fQMPEDqHg0RU/kAixSwecIPCZOVxyThG+w1tAfXEiYNBjBa2IJLPVdWdF9IMwJaldX3qV7Ui4RNh1lphTPg0L+lWR5qJXC00B+HU3PH+WcKGqVFJmMaDe3W9NxcyFB3f0EFQZdkWKc4/NStf6X2Z9w3FhDnHVwDsoijtW9EvCvuV19QmjOSfLVuXu0ls9mDPL6uvJbhOPIvQyDC4wrC7MzinKrmw6GJtLQYo80yujADShfgopG4xhw3i6SP3N/Sxj4S6O3emC0bSNu6BRPZPkzQd8Tb2LsUad308hd4GmIOv3pA1Eo5itGclm8X7GMq9ppnne88PIww8AcL1LTYxj0PrCyRd1eUJyaMrKOdh3i1i4PBqTskZ2H4XWCzV3atfKHHHQefasbnoPtFj3NtxASSzLO7kcWRyk4COrYpEg+ZkDcCXZNlmQ1BPlySmXwQhhGRpxcAf5w0u0+me2M1tEmFLQyj5OGi/Ff4B8AquUure0UIlcp6YMBcsXmBIO6g0A1ykvdMzR0H9gnsE6y+5ibM0NF8I91pQ4e09sZ2g+BUCaoEADR2uRx94HJX2yl5YaSpLBmJ9QBawAOJb/vDhKUoB7Hat1wF5QmCN3x53RM5ktVcpUB8b8StnHtPlz4QUB34IgE0Jqv13OuqUq+8l8y500+dL5we4AyDvGLh+vQYAi8uRNGu3+Rs/x/bcDsZSqa00+OdjvrCPMTJdLMIYYfdt81GImhLe1dKsjYC+JVeoCWqLI/D7FKWwauVAt9s4OTJQdMaiLKnYDMBsqmvJ+0od9KDbHxoYxzebl19xNJ8+7cy1vppjHyqUx/hgpfPYLmBXwgfBdmSgG2vyp5slInNSawx1az2f1Nb5lPKfwrss0QTn9UxgYCQhQIQ7Oe0o9TS0/pGk/xyh1g3itCZWHdOjSkoq6nAhvjhMKRP9qJzC3zu2y4zvz9JK1TLk2KsPK9kqBpGV92mm+op/x5MJCkJPE42F0q2qISdkDcFraeJ7CVS8rDlkCQtQ10pZS80RQf2E+TxJO3zA9TICxX34gK2+5mXX2Vj3AAi3bz78B3mZ7SeUW0uFAB/FbCh8Ade8gbWKwgr/GsIVTWa1CZZduHcCTI0Iyqu6Chyyzo9eP6zUSQcaPRhStKCzXlWVknuUcXRRpMjr2yunfFwXXLasW3wUqBO1ATVVI54UT/TIF4bip/wSKvfjyV8oLrnqgDsR/gD2AolGJjV10dqBc62R+4f1XXg0fQJlAeAP1I+MTimzXGmZfTmgrz3rQ/2pg0zhb0wFijGMzXosNJkORI2Sm1zuhDso6s3AZiWUON7R6gKNnuhAUEF5sREML/nrVSpxzWDOxzN6tQL6IQMiqG87SXjXrqzPtryYhAW1sXE4nrcZL/rfkLpK7yaRxosLP7ks9WweMXPYRlE/QNaDtP2PNn0hlOdLxedvrU6rq5HmMDC1K+L+DevqmRUj8qe1PG2Lb5S/voTisKWKjIH6Q75aN47WF0wliRw56TqKWnQaBYmOxKTBewkFyGJSFrC/3DUzyOdKxr4SNXaulsczb+edhP+Or2T7xZW6QgzJTrIdQvSvhSJ83ndTflBo9wFjKi117L89wPuXiqYf7HWlU5VEOPPHzL4ELFytnuL392x/64oo2BuklKfsLtjkmA2Dmf4MoFNECrvbEMYV4F71w/OdND9eMetjKIfnDmqE1u6L9kvDC8O4XXPbsA24CyoiVJLdKMih19Zk3tdN0Co77ihkZH+YOMnV/fko5pU4kBHQ8LavhB6Vob+E2GvEGei3uq1vumSwAsE+SNSSnVTLeUNI+/lDISE3ISA/SCf10Wx4zLNUeKFbHBzh8FfSKUgCzq5/6e1SfzHGqVZQ9EceE3WDJ4+2cEwxVUxbyv1gfGdG7m+DGwbZAp1MQrm7gG9NrSic/mZmclch52/77lYVC0jcXaq02vv0m2rWEmxTbFlxEsFaiTAFZL6Ivit/j0HObOrjGIkNhKv4KHzgLvD2RW8rbcvGD8gSzOSltZxnlwWJAJvah6MCW35ytOU07r4wuaz/CdLeO5gyMqMLMGRnZ0yYrG68kLg5WaZdSE2qkO2czvBW/jarVfo9Nnuwh/cM1L71NO56ef2NyXOVaBO9SQjcNUJI/l0zlIks3MZskNkK+CH6q+Jk5jpUJ3fKFCB3hkEV5kOyOT1YnhIFQO2LabT5Tb+9KPC4K7wIksq5PzDIwoI3yuRlO3zLqBzBqZohm85zBC6LmtP3bMm8tmZj/4yz1LLRMqGtezeYWD8YnSJq9bk/QGxJlfyKfJGlPuLYFQbAgt4VHShUXPRtKt0OsR6xY8jpad2kSNBZI0h6bNSd65dU5d6yGq6DGzKRVsVDMux9pE2ZM5Df9yltBJZ3imxJFHyUZBEWliNKHYUm6b8A6hyAe+GPcnVGfCOl/qxzFqMh1vXrLO7Nj47C8fkZvKe/B8xsbRHnadmKozM6EZ2+6dPYMR7tAhx//5Q3Z6ClwkG2hkLTbO05hD/OguE1uGiDHpB5z8qxyID/tvzfpQa9WvJb7SJX4/JBLG9oemzAnf98bVXxA9EBHJ9nP88ptIkidDfdY8ybg2BZtwiocVT6z+77qqRWdGvwjNBvCQtrqnlt1i12V7PlOuNyrrc/2wRDqB7xFjASl9disl8fR0G8e/Bo4if5g2SofgtwyxlhPpUcTT9N60VYXENSf9VQXVn8a5Ncq99H44PTLbSbQYAbWbNeolOzFMCBTXvqOKE3taYfuWdqzlmhY0uCa7YxXGvHkJ09UN05CdLMmozz58sOrh+BTEhR/JRwvWyvtTyUn5B1e3GlJ5CnIz9WfV94afE1ropqHyVch4Q7E80QIhgqDWRmFooMcOfR6eHPeAvxJBiiJukpJBmm1nv/Gxaf77/soe+nKpH5VeJNQYmUSUzSkKY3l4beCKZurqv2l3QHTXzcnfzb073q4t68M2P5+6ecvMx+LmP9LKikm3/uBNZp1AihWavXQF3oQtQiRkMaYbXF85moW2S7GanTzfPHULilVehpfqszr/nOBKDW+ZuQ/AwbP83wT0PdsbsHBJ8aLJNGpjPWBz1HLpFbvK27qZXq1Zmh8eyzfTCuPqWi1e3R+aQv6iMJvik3ZbN7thLL/alL+AfwCASXgoN5r6cWdvwbRq+V2uOXQDZP03YbdIcmRbRvE/BZGzvmUkzy9Sfsj40D0iUozQMFdEZE3FH1iakKYraJaZ60zpfkbkzUTtiOUeuXOnsbvpS9eNwFR3Mv1HQmL96thumcMcdAp1m4MfTfHhZWPutaEqrqxuWD8hH5Tcm4kLnJ+ddmKACtvyK4U85XE/F6HDRdxV8jgAitEv7b665XWAhbVzYnXNLCcJrxGJeysODEFd3R8d6s14PJqo1dIB2KASOiqEUBiPeNslA7iD3tayNhyj+BLWdg0XIhceqNvI/zrJqyi8pJ7I+rPp/7CX8bxMVQPSoMXi1nGAvRlgO2Ktu9m63WCZTVw7XQc8kZZ5q2sRsEneTdCphWipiVoXmp+y+C3yGehww62zMhGrGH3c5QS7YvdzpIA6hpmOmOPn0/7LDsl7bHbbSXewx6wmjPZ1Coc+pKHQq1Y0J1yqWdeYLBbHO92OkK/u/eFUyYNmPhBFWB9rHIpG5b3h5yqbfiFjwFepTWATZQgdVx5d3tUvkfNRzWKRwPBeEUv8F4LH9jfNkW9X/R3yhPPCC4GW0PIQ041E4uA+IiQ0MkA+lRUTHKMpr1LGKdrE6Dqox1Hw885pBFp236nMKtpL3vbl0XTE96NpOmNhhewjgXgCC7uKoJ9dMeVBykWI4iqGankjrUNDXlEWKuHv87XWUn3hX5/SrVlG40xlNyDolrIZSbIyIxyc+YIVPtO26g0Dqd9VH2XSsTQfl0ltRQwD//X2/em4y6P/ZwE9HUBoWm3mDUHXbPRQM8ayu47C/9khB9P0PWLunzjvnj3V7lB7ZW+RVvkQ+Qd4TrPBvKlaWo2aGCn+e+6E40B8yQDLwS+tY8W8f7MdaN+VJNfLoKvuL5eyR0NTAGmoh4nOLRASf72/+47gkNl75po0FDclNsBCvcj1JaS1EDuXel/o2s+DogOedu5eYT7mTT9Ty2Q7FWtmB1DwlfhOz/+PlE761t4zRexlCWA2WD/a6oY+phz9qWNC8vKD56rc3VcYif3vIOvuUBr5j9Va9h3By2pkxIzAgtSXoCGHQENNNeJni5RA24l/l95sPopSdHlVj9N2MRLS1XMgr8V121YtYysRONGH+X8LwyspSIRyBuQ+pgZkhzX8+gbtinRoGiDLnSmeivpjzIhcicrHiT4unXyYnmhpSpXczY8LtdcYWCaTSsqcGT+oUH5WHPfqJec4Cqf4GqfYNIXZvXgavQy1QW2AVXTE9HygObD631fJROjt56kLGtWWnlv24RluNODXomYpQfjPaH3P33tmeWO546g3Ivi5gnscfDUnRMV2go49QxdAjUEP3TzZY41fuIHj1VmEywHN2An5BmjohJzDe9ObWa5O73qQrznkIsafcTeA2OrzE6rWOWph2JagIvGm/CuF+/Ze1qhEv8S7/NTXjqrTA7WFHv8pD7XeyswXQKitXrJNgXoNIX0fXRbSawRCR/MM+7eXoy/lip8okE7+Mjfehes66oZOL26Ct2qvm70Z3aICThcb44zK/rDyjqsHMuVJf1D55GmM/IV5UnAeJq257Kcd6ATPG5RrMdaIBe2I9C578gHGNiSzqYLurLe+h5DS8Kku+w6+1KQY1xpze7v2AYRTQmNhcknMrnMdO6ez5+ths0glC29oVIfidGTmE61b9ljtWE9P6xac/lx9cnJ/2w0I6KY/ud0t5zno4IZtOIbOO2JHRXHtJetMS+XQBmOIqIUX9Q+PCduZXfzrX01TEqSxQ6mL+k1SThPmGCi3rzL3HIW5TnkHzrS2c4Rf9s8c2wmsVd2lRYpHEP4RWPkZIWe2vJLo/TRtkv7cnox2Ip8d3QU1sBNvMTKhEO1L67ZqGEq6ejPjRZNNL1oCfV6RVKZArVhNWENyGazi20inF/mJveZpP4IXOv2aHFeq+++C1V3A0C22yc5aEPE7x6GhXXtpdcsGqbA+zjksluCIoJjjuK5jLHvNuvdaxMkO4cGZcka7fIPTn0/QhwZ8XtLYBRF1VIeaU8uhX97w62nzrhi2ppwV6c2BVoFERy41SftIA/xEmlarCBodagS8vep2wlY0QjgC2DhnHbQ91pm7z4+C45vZaS61XqLPZlVqbeQ11xsUIflR3/+Nf5eXCd0uK1QqDPYfQmreXXn19JA/L2KVY5Db4dhhH1nd7l4AWDorYNuNODx1kakSZVUDm7cvr87Jf8g31BODdzM6i/FZhL4ANPUWAQ5kj6YG/F6doRwM1+CDt/OeTNQ+XMpC09q6EYmzOh09b/IcstkVGViTUPJtu6LGiWjQZEbiZIDRzdHxM2xFywnaNDaqz0b+GTI7TSx58+VKzG0+cwAI7qLEDNAjJ7OZVeN2LXW0hEr40syHQM3/fGR6Zto+2s3aZhchGRcbV/yb79LZEyuv3cf6VcLX2qsfCnUbh66LW8JTx/N+NrKOEdVHiOJHWr2782a2FhR1ATZP4PWkemdp15Mav0khkEi24f7Hk+DIt72eT5BaCX6hSbxgIf7fJIS+ZKkCsjsHk/L8A30SV3ukYSeLT8gKjVWPZOq6XEE0xDmYg7cnWpo5N1l/Fq8fDCt/f7T9bv5MKd+cipeBUgRqywEyv+Yjp3MUswaCswNQrW8GRLW/TGwY0GqRIjADSKfO2FYrInKLXvNVF4/l/zThWgyHCWAhntYLWY6yp0XXt93Zig4yASSI62ypXYlnQfaRUw8XHDyeYu0ED0iHxdRDS6oKDsucfwvD1tRcvo+gc+PdyTXEsYY5y/q/a9zepZSCqcq2G4OXL9S5DkulstVyeEcoeHPtmkGB+ZNuqc15zUnRjkTJxehgHaq4Ra/HPe7UIsOK2lGBYjVIHZqpGF0QU2RfH/zpWIcBnNSaP7w7lwUd46bIsztKD+K9MniqegUCU1ULARtPrcVbp9+XCWs6uJFZYDa14Jk0JBk8C2mQD1v5byKQyQbUd2x3kXjNRRaA28bEZABy2q5PD4YAkCcNZnaVDRCJPDFcoN0QUfVMNhQ+7k8DjIqJDev4FVJTwoRstYHVakZ6Xpckhs9Yqx4hXXd9lNKbGFSy5scxIpQjSeKLIutmzMlDSxIiHUV6HmPXK7M/4ivAvGMySh+/c0Yv78uMcmonFmGpFD8oNa7bSI0K/3HJNDpUDLxAmLUl3DhD6xsinnhBqCsKoOkJ9eqwUBwBHERyTJeBLTXZqVPl4zmFcmEcsjyqdJpXtesph/+kSCWOEKczTIrpFsB1i1v5eK8gO2DyBZ90Y512ZngVlLXULGPd1YyEI7l6jfhwTekP1IuPDlwURg+LgaejSW+87yX1M6jOjFaOJOYM7j+x7wQIhLoozeB3uhm3esaVKOog6w4JecXHk4MCSTvXSNCcXs2lyR2Gx//Ss2KSl5GYgYRzJX/POtlpPrynzuFSScjh912o+GqcmnUmtekXejvkOqqfz1OCs6nHTWz2F/hoZIb4YG8jSef1tquAHN0xWP1yU2Non5xdTLokLVbsBYHdAZeHedtGXLSdPygcVXBhXz7qRGgp83nKMZmnN8oRg7nJ1sCLg5Tw/xo8aMkDA088D3fdetaFsS6XUbi4pb4Klp8ki5f9Kj+fUe2BrEjvMPPqjiOFvzknzsuuFqaq/MPnMPhAqEafa+NCba5eGl7qTdza/taRst1EiQFvxUrlEUdGdwjPYdvigFyjM5MfqUePgqilvHVy18aMTLmAFN3QUTr+m0MFxm7Qlbku0aMk3lJx7BStoQtYgIC4g0wyNIE+5uPGnNcfILd5h0jNQqfP8aEf/LDf8ZY0ebmjV3v7zPdvZMkJI+wL71RvUpi/wh6QHW1QDMn6Oph5lf46bmFzudKuW3G3ECKgKE2Su/9fT/c8o1t88G0wnr4mMLTBf7vcw4duKPxyBiwVu0309aYoJXQtLgh5PdpiyndAwC0mgdZawD1b/1MQ1AZFL+HmGt4wN4WHP6Y/LTvVUIor+psDziQ4c8FP6ht48VO1jNzw4WUvO9B7ORJDYeySsuXvwLoIRBhNUzVREzzl47od2eN2anV3OQQhyVO2Zq4HuTU60l9klCGBLRFo4GH2qn4orNp6pxH/Cv0+eXoUQlm25LpikOjOVwPv6T2MNZrU4Qn9zbafEBU/8wxtmAjsVmp0DHLJ39dMgyrebEnrcMvoMUaJGGizM9gNiSTUHxsfunDroGVXEsz8JopwfLODh7fCLTGjbrHMW6PzLk5Tjc1GtsSaHtTd2PzQgwER4PnDxZ7pjaZ5jxMokDm4hgi3XUiN9vzir7HHsW5M1Ievs0B8164L4AJZ6Gq2OCGUBZlhRZWcMoVHgUK9vu4RpLI47Ba9HRePhAlI5qt1Soe0BxZEeksHZPyz8TeKgYql2BnSyoiEmXFqixq4Q+Crs1mdPnYyKrrAyzV7mtrH+IqKEfzsA6DdmotgG+Ak96W8PIX67mLxFnBbJfTgCCC94r6iswx76QLy49npKyMbKA6I2feqJVrJExCdv0aSQLJ8r9L2g/mgaVR/mcWIj7xJ2akHij8QLLSh0S9T7DzJn4j+JNiEgdkJNLmyhxpZscvZuivkSSk1Afp3C5Z4bbHsN7zVeTfxOtgk+lQQJLBZqLWiuewNsy0myDNyvAWCAR31HhzROOFzLfyUqJiDFfbOQHZwRXNuARObQYuEumUl3aIoKkd+WxjNz/L8gEFKjaQjZLTJb3CROkbfTiyDTHd0oOa0FQdJBP3YI9YSNact6AIMHmZ+uZENUaFTbBdU4AK6Abz78fmC8jDUQWbbfjH/SHzsYlCBbd66QhGI7AfbaSJqIrsmJbSDdrZDs3uH3ndlqSUAB2pkpR2PoamXkUN3nHw66uuODOj7KEI7aDfuq2gUOQsyp0VXinyXHtW8zyE/MZuxWWZU0TfkjHPGNPnrYJYoze0GpJhpz6zPFzGOyWyYyJ3iaZWA0bmgBbACtGuCij7DuC12L5NETaYc3KUDeibLtqKB7JUKwwlbz/FKGNMywNh+eGenlYCyY0zuNvlswYB8iG5djULdudjmI7u/A/Kx7ij6x3vAxU7E/iHwWP82y7pu0UB3jg60sNDFa/XHl3bnBcA2x60lKg7u6Mdlfj6IM65F3LAyvj8t9auhb0WMjBuG0kQ1StWkwa7DTqlvc9UeuW4PGLRdLwf65HX1v74EZnpCfuqLGuVrnGAMgIlHTfBOYsHBMseBOYm5ACcbTy6jf/2p33BYJAWzN2SXtdD9HHD5ehs/JgZhA6kpaPXLYVKA/hMMXLxM32xKlTX5oUfze+p9yZWMq1VkePxG9DGb124kq8tbioV11wK7iTsEvnhOvIQZ/cfWIsAAspM6Y/Hkwrr9/zwF3QqvfCcR6wTsWRYbc+qR6xbSWE6lckwDGHiMqu198d4sVBVFphoyJkxjHXXZ1BZIe4XBig+M1v3nHvDNRUMvDbqfcRh8gOY1QBJDpViTMqsdL86SHEgnUVn9EVjA2sxeyPm4nU1Fcv5z68LUc/AVQke1jOaX0fdHJ1rvVhjRAV8KoJVwsHX/d9UZuiz6JMpFXayuLM9il3iEeQYrh7MXsZ1ruMBvdSjiHU3eUgi//3VTaII5HVFjw1QcIrdF1BTCRwFD7a75/8YJCtJRG782M3EXj9Ds+jiYNTToZr7APA66nEMQJr5xNhDX67j/VbdAj5Lx9j72KeobSMlJXQLpe/ZlQzWgRp/UmnAmZeFCbqIRt+WYJrHVRDSwuV5qAUsNdudqNYgUP51TmDiQZwOw9g8pC1e2/e7jkfvlg2fCXTvjg6yQlaQ4dbdqCZ5OrJEcTxkJekzJiw4nfq7Ty1MX5ltw4zm0w8rR2wWXVNQCyOhikehsa2wkNgG4AqE1ZGeGw72+bvX2VUrXwVJui2fHJ17RQMblz9dVRXv1Du9mp+jxx5mR8rM2Icnlhj26Xaer+MhVRvm1ZIwrmFSr1XZMxu2+XF+4IW5/3u9P1Ic1NtiMxEEJ/P3p2ELtkYMDExvA+0KgexatfYZJth4jRWYadO1+nsJaVHyclQXmnTZx02V6AfAEGgOKc3WgnAcEDnNzX+yI36IOkPweuu09PXnzsa1qx+bO6ouXVeNWVtrjsxP/vZd7Je7VIUsPuNMdCUj09qIRtA8F38FvobzrWex0qCf822DYTBejqP/sBM8833qbrejzlSaU/1wp7kwvodDvtOWyqq4/JW2JgvduJrj7uf3Qmcx0xeTySVla40gA5bTCCt70f8QSRUGTGefaabl5w4QUP7zIk4+Ry8gvhwvi/bLS0ZBIUY5TYbfHNUrNGhXV37DNcHveoVe4pXZMUC2xB+u7+10UNYuE7Dc1Uf0W7k1eWQXgZgvYLAuCytRnzgk3vPJjGGHxedtzT9JJ3ckscKOUW6efaDm2fcOiIwmO2CT+QNXa2NE1eIGToKWu4QhYdkuZD3/X09LdQns/J8rIl4mQyolJyk1xV6H+rtf4XWkE8tQp+XiO8qnxDCBmP8FaxWCCywLzavw6FhPYZUjH5gOxmxfmw9bnsH0ZLGszmgkghKg105KmfIWem62HlnfOnM5FfM0XMSw3zLv9kF8Qv1XzliX0nn/h/oqIhSne6gS1Ud1Rj8C+UqjyxoFAowokBtE9YPiTz3s9FHSAKefLrJq8GEMLh/MJLZ2y53O5SDFTib4uDgaI7ikdnVBcq0ykP4yNA2WIFTiQdyo77cfdcNHycoZV92ThtMgpcgaXCQ5ixYrHgxPZ5/TnudUusDbxlaHGMd3ChQ2tO6b3IN94btaqDO0gjatn7s1pMId29NZoKkkU2B99NgmuCohgogDQi3TkX4tZ/c20U6I5YKeMDc4gcTJDntt9kQhuLoqEHXYhdc7/JGlBuVcp5U1AHwWCFn8DKaZiQfbXdldbQAM/eUs31kAQOBnY2fb07Y15+QWZ9KL0G32N9BBsc2Hz0qC1CxqoiE4nU92t8z4mXYcTtqNXELRQXUbxWXmBiVSy/OWG5S6iuN554ypaLjObKKLcXI/W/m1G429XzZVlCku4bJ2CPg51e9Zl5zK9mYm8k0wAz8zMFq0pOAgvLiM8FmTadQ200CAsolpTt8c+A5MOwqPuRiUfUuNJUGjfZ/1hefSlQRB5yDCPxNEfv0xQbO8oE7F09cRiYWb7oZ5sC/Z0e3o8uROl40znEV1WWkYgb2r6wiqfFQIzWTouZlGiBJPsUtt4jFIFiDnf+CY0jMCBkbWWPH5ny7N9Exb0RnucB7Gw9PrlF88JAzNroo+iXtsGqcv7TCcLEjkD+T11Q7C0AVVg2BteTrktbW2ctxh4rWyKWIfZA0chpH3igrC1suwnnaBBqMO9EcAsyGdw8dfCKjnfZpiefhVXi3eDhKcy/fHR848jL2YYarJ3hlhuml4ykzK31wMVbmE9lWWbtcElEsG5qx4fwBs8Wvi5OnmkWtZUj0EFzACzHV77yxo7u6bY75FdSlCyeYpr7/Nj2OMCkIDec9EDZKZpfBOJnTBNrKnPmC9S1h5D89x3E47ofW5JD8blVl7xco/84Q+GHb3n0mEIkX9m7tGibGXOPLyJiluwhxSlo2ql19P6q5/Qny4Ht2xeraq6UUf78aVcf1a9W+1giFw9hFa/xcDRBB+WrKbSJtPe6cAkFNOf5XoCC3j6rxGA7OWYg1jsG5lIh0HifAxfyj5TG86cWK68Blz38vxpN4ObUHI5ZA9RAKgqrHSvCfrazS3HwGrselyW7Om8VIg790GPDYKvtz15koJpLGhw4Sw6oNzGTj/KgfHedulcH0FI4rmzjTIAEgXB7ibfWDr8Oy2pVX42gZYzpYqbi1kwk68G5pRHJsBYRS25xlBHCZzIeF3UIWQss4gyiNMkyQ2a1YwiIoOZ1TIMo7SYzGFsLaKgfOzbDN16GUOFCldX40i59WcPo9OP38wQdKUQleWIs2S40czZRL3z4WdWqgb3dADDQOddqXoCoQLiUxn5vs7UuCVs9bNI20R5hvRgW8BbqSDWwNesruYl4sHKfW/Jof9x6kI8E/c7t2Tu8Z5d7l6l9W/c94cN/9064jTDf95w0/mya42ykPCyaVP8RR6SLO/TnDNYhvkwto0la/sfHI0Dt+jpZ9aFQT+xDupn0HXVcow4FtoP99RxFgczidMvkSUG3blUzIAnHz60KGF4asdsOo0baAWH9zjRK6BodH+xymtk1SoMHfMK9oEFg7zO/THvLRgQZ+VXLMwHgV+f0OOXFjsCGfWcN57u+Xx+oPL6atHkbhV6c0KvS71XJc+a99b64hZ+R//ihJwbvZOarqT5VrBfpiVhKb9BkChR8vIPd43akOHm+G6DfM9oJPPJ+pqk2kwGlbsouaDXn/kPlRzUgbhy46+c0SGCvPellxhGK7wtzHV8z9kV1+DTeWIv4xJee9KEHAre4RM5qUNfl14rRJXv8JHXyDsVpuhcMiTcML5ZuCTTlu7drKiFPQvzRHsCL/6KhOLXEChxqZiCNONQbxJPSdFtn8OqTJ8De6152Y+SNCKQ6r0ZIrdwQC5WIrz5PRCArFNt6yDp0Jt1PeKRwzN7/kDBIrvEGrW3oTt0xGoMSKdGSoEMTbHjTd1bmqX9B0r4FH0i0TYAWPDHcS8KZ/5UvXX23TmoD+YrZZLUqvCLPz9KpSkblh669qBULt1xUOQ0NHcZHsbwjLS1Oyns3BnY993HwTBrXtrdDdEWyU2Ge2aGBT4oOICrKiXGWbPsnBXDl45hFKQPrcNEtuGdqy2xF9R/BXeA0Zkfz25d8d08zRxuCS710iwzYnaodEit+ULhAXbADj30ApNi/3QSFr0WLq/HHjnn9fVXy/ekeca12X1BwYmXOXaziSrFx6zmyz6WmpHztuBADqeKlGO7XDokDMwr/qzbnkbNi+GAIZXemByW4TSRcu6f3BHqB/QZstB3K1OtXk1SG1HuJCF+p69MBF86GrCSp4mRcoRRu5OFAvFVzHV0GHs0IPsU9oSu5JIRhBXMMgISE1/0SmoHKrxLQXkberKhY7QjaiE/XvfvvWJe+MMdOuSOLgiJJM42xPclMWM3KTc8hJpWmJKiM3HLlgxZUHS5CGkg6GRaaTFxdHuXlrWXmbcAJxfKIQ3JCBVZlbj/MzGhw7nPR9tZW6RRnEsqWcATiKixu0CizGc4eklB+btBocp0ROZD1zXv45HLT5vY0ypPnvaBhcv13X9gS3yTZH6jcGsSEIaWV9pUgur0L53tc6Aut/mrzCCGaAK8KDo+e52UaUNVu7J6N90oLYEKwQs0TfkQQWaSl1k3eTc/tg6d43RuhXpLddWn0SZ1/nGcatRFRfGVNS8Wcdh3ALnWFZzUcG4TuJHrTs1J20CX4JM5xPy/txWUtAfrXGD3WcAz4z1kV8xyYCZmbupyVNX6wrA2NVNHp4BGP17f5BUrkDRI8BQhnolw7g32w0cNMSzv6HQZbaax5rpp7K40to9NXUIPQX6GsXx0B7QX+DLT7m51DeUpasxsZ2FTTF/fWti26OI84zlW5M+6ZsqCtDxi77hqTHtiXEwZfMjO0Ll56knbc4vhqemVqj0svdrOnA6qEVJd0GxGRTCJN6govd5bZEAoFdtOZC9+bkmP74PThaU6VcfTOzTVS+nakgcwKP8PU/cKfF8XYpqDITBKUm2UD/CG+u9jBmhR5wsabKH2M2hZB3K519hWUbz62svNeYnG93imHh4b/y52TMj7NF+HGlewy7qzXLPycpwinItgw5mX/TdulzeI2hoRAMvyuk5bw2gfNLApQ0ojKVfPGuu5lALb4qoM3nAAMnMUgwJlmPXVTW0TWBWLVguVaTn2IJsrtVEehMtPhxM9A4q2f098mm20XUk1G2E1UQc0Un4KZUbfHM6/eY5cxx3Z1JcH2i4SEsAwAcPEhl6tWMpNeTHAR/uNfn1JO9HYrg87Fv6lZvGoETvO3PIo6xfkDpJNK7vIkSdmRdq46KPtfMH2cbKNt2OtjMmHtKXoJ2xjHrhxa6dOxeV9OYyt6TY7LG1iGPQWtYwAXFvtFD+3F2BYnFpPWPfhbmfDdkYY1618tfNbhhHwiP2N+X5sZAmedY+Q38ZM8jcWunCbVf14jyOtTfj5FoSsKFhzTEPot0Fuun/d5dvhNvd1dMbsvglqddlj1ZJhdHSEpV7pIZnBxq8Jxt0WCXNf5gWSKyoVLFZWLkdpCpfV8UDYXLXiesnRgrEj6J6qujTySB5Eob8dPG8RX7zpulrS1983oY1VI6vLWtJ9/qZXzhaf6laejQdfYlLX/yUPxFa/4zwyehptrlE0uhdLeEgs0PDF0V+uw8d+56GVJMUyRvvxiMPip7bJXftVuDEL0Z2OnBGFEVkqB5vqchoNvcz3AzC0pItcLoN8OBKremL1+VqUSHdhUpvGcXptOe0ffeas2RRlTXcp++qTcnhjI9OPLAsGpk3gwlTdeUMI/fdD6sqo3OYIVPFNDEhFRoIKGc8y3Ezy9vI6YiIv8E7sm7JwJaSK7nf79VM2wYyOtCcfJRrjteGYyYL3PwjqfYRR1pmdNdkoVyG2Lud54c5Nt0rwWvdgKK3IgP0x+hWXTA5qgZzP9i6PJt3HLWVlfCZ9eDFKY3Tst6odYZCnHOQXf9V0UdwfjIzvv+wXJKwVDmbDXLzIlkQO/h/iFcQFE4vui2uwEjVsKAanPBXjElptE5kG83g2G98pcXbwkhWEQyt1UjWi597a0v5ttl6Qbwjg2b0X5C9wE3gIFe646xERvL8/lf7bVMDD+U7s9k737wrFiJ1//OGfRD2mZe4UPkYjhk104vq5PZHp5C7cx2TWE2a6TrAqmz3dS+g83s2kxyByF7rZ7Q4iuFzdOC9gl+5PkZKfele55/bBVlOG9yt4HG3NsZ9hFW6l6sxmVpd+ISD8Qr3tjDyH6WWavUJhSB406denG6RmqZm0FAyQB0KiJTCUGd7cRr004YlY3JqZIpV2d9o8ymgCnp2tv2qYj/ynlFpY+xL8KOVAbFTjRjU2RuhqjM76jzyXMyvg/X5OcME7SbgbOTocjb3tV8cLdt8v9+R0kXBWewP3XhW9ovsgjMbqgGexxhRn8riC9xVu78LLTBCqpGD0jMDnkAU9ljk3IBeZgxl1PLM64wGnyZOFwQPoNUKJ35xMQG0hrBwskQXOtrY9P70CBCmvhRPGjEcrk0g1GShlrG1tDfjykUOQpjgOHwIFlGiTAsVNcxal4UfS1ihYqJWafppzkbsPffoTZUffHuh7aHJ486u6ieS0kA8kfo8hod5W+3Wr+QCZNG/lApgQV1uUjsfyUP+hFSPmTOoBXhUbkjD6mfSzlbwnoWIRGn8ppXWczcg6PmvuotjSEn+NtfrTa+tt+Vcw3QILIkcRR6FxYG3HqHkWbAHPwjSO8ct6SdkEfNxonla35ZVjbcmUuu2ERoRgA6uI/W0VhFfFOq7ta9j446jwTYZDLRobyQvDnv+nDfuHvTQbm9HbKne5VfPAaHmVZRHbkOwM9UsLOjX9hgZiAwDM2kEuBbvr9i9DA9r6gHDHT4PQTSY0hEWHSRZY01XLj5ges68t7KzYphJYDusoyUm1MnVOISO8f0rDW73pK4sZTsGuZzL3JOFTuHs5vNgfUixMKf+8b14wi8ukMM43kWq+LElYjV1XEtT+wO7bM5i5IBy00D7tw7ejF8f4qpChvNCw4thfR1RyllB1VDNwKS4LxD463G9ibOLMSeW50D0EPpG1/ynT8AM6wnzSTIktTXvvVytgsUOUbMFJvu6TkaZ988xkVaU3Spr3mRcVoQz+aglUNts0It29Gh4Fs3gba4rlIQo6rGt6cyc1xrNbqpL+f1ul9mfOxxn8rqsJPrtP+amr3vV4vG+eqrCvzqfx7IczL7/aHiPUmD7B3L2zCD54kS+KThllRtR1Ztw0CF2nhV9fay1vt0Bhhb3vzsYa44x7jUXkEkwhY7j2z2Th1E5geGhZ7co4mb+UV0P+ByDEiMS/HE3r1+vxQOho696TMZtCxxwxksGi6IjB05UUSY8cdO78KjtBFgN+EgO9TTn5bsIkg2rcQA8rB17fxN2cukqByOkOuRz8ZD3bIblpIMlym/qsITm36ZB5TgHaJ2uTmL8TJOmvlXnvZOfudX3qjc8raRsyI0Iy9but2mVzw9AjWNTutJVfo7Mr6ICKF/vqDPKzODeqeptDVTlf9Fj5doBMDmYYLFfVXRKXl7QxmrNjOEslPXK9rs4J/1pFe00EkK3DOPPAM2MRzln0Z+LrZONyiAhVyLmTNHArCMWUNbN7aPtqHrKu6jzC0x/eJaYIXz3i4z15GC2NBA90wREzElzkyy7RJW2R34G6M9z+MedDS/7ejM7+OVdaXDpMJzjDjooeJ44HcbSnV912wOxqkwNwAfHyLqUiwSGxRtXYF6SPpox//yArpesLYBU7DxedcG+zMAf8CvNecavSnfpQbXW+4p2prNFsgxZYRukhqLiPRbsbO9BZtXEkrry+E3q3HTPdRGVYIwsQh+MxNx26ZxjZF9kUr+5mRzZ2FZoFqYz56LE5Ve2OQP1pSduKxtrzq8yT6XzHWM/4vS6YymkBjnddqlPE2ib3XQwVgqVzqiqq313687P/1/x2bqaA0aW5YV4hmrJoEEcZzf+McKecKO9LoMBqKlvagVGB7JVLghcdrk7mT7lRQDckzWvJpf7zKaJHHZwo/r2d2HIvgN7Gjc6qP09bRbUQfEtkCek26r6crqM9oo/XONsddemxHHhb5zutjtmmjQNTbo1kcLUjR7KOO0jioH99+EIlWf9DBi7Ancu6EaIsqAzp9PkhcOg+jl9iheWMHbP86TI/2E/t3KTbDtmgXwsVoSl6juFPHQOx9WqPV1khsUXnaeg/glmvgFqxCPi3uG46uUKEHVGWDSMIPi+FKhbayuqZMIHPOnda+mTErbVAvcrkWORuOrAdETyMEj3A3PYujYtlSpskzjFXCt/Uaz20PIGJ70dhi/3CYTpO+twtfC93etMOrNUrV8kLVyFRq7FOayucz/qNdyy2pHULEUDTzheCTIGO/y5Dl5gVv9sOLWoOFj9K6WhVe01Kg7XFmH087DMjpRAUNBRMltIBPwQtry5eZrvmUruwVZNmG1kUG0WpCPfxdSoq5x1HJWgOhoVQw0JjoxCwQpaqy3ufjJ+DOJPkvfgiRng9lGEDQH1LCO7zKhqF7tbvodk3XO8Zi2EHgZcF29FCrcf/TBZGXB9lz2MW48uSys9zl4dFP+R+S1KZ8/GHbfBNslMauq4uOF+WjKrn7+vyalMn5Rx9ZIcQ8sCwvzzrG+IeAPj5sWZKRPQRCyNEZ/B47JFAf4XWR7iGbwTUIb9hmT66n24XdT+yAnPDZT/I8MW4oBK8/aDJCiMlQ1liDva1nXRjtqt5usWHWktm0zjlHu181UfbkgArwgU45dzIHcqAuV6Qi2Y+H3Fqv6/ZLSA3NRe0yM4/SC27xfz6RbTsNiukgIMoNlFHmfdTuDfeH45aQnRZs5YdRLwYsH2+h42BIb33MEi3UCeOEAycc+1dIRY3Ns7zmvwSyuwvMdZlf7EZO2tFtg9GOpno4Ux1eoPwacj+c5Q+2eF3VwsrpLRdqWgrx9nIQtdPy83ZfMopbAMNtOW6wgDDkfxSr0aIX065SR2e2U3vLXy4lIykv0CdWnicYarmx+L/4tN+Y4f8KtELmkcqpUamoKP+pbXQR6/U69H8/eunGrkKTYJzrrNuksZtxd3pp+twsXNgz3Di7d1Fkmzj0aol5pQ+4QjXUtZBJC3wR++vtI6zqELeJ1OZq5KlJRfaYdaDjSxEvOXE7IYcgzdql5/JRXirciEFUZc0FGqAIK/eR5XoZpI5+tDS41VxiuuiGqdC2DAOcUmVk9tqNG4AZhrOI4ufOES/RxAibefyiNzsl9QOqibDvvpQ1ypMfCjE9jwb29G8XdwNM44E8CKLcY4unUiXp0Q0C61kYKr9bqHFtJq89CVDCnKiq+DiXxRdNzOva0L9naGaRx3ukzT4qCr1c2acYc0ct440OK7WQoTrz/0e6PSDUoiAAAM22bdu2bdu2bftl2zZvdj/btm3MImYhxyaB6jMoA0ojMlwL5+g/mHu5UVN4ydaHqJezm6rL5pOYxUGhMcp4U2Xfz6m4L7PqOcD4dV1jdqDJIOF/SgrYrSf37gQHXe2XEzt43ULk1vF/x5YxG/iAUmRdVgM/jFy/0yACAkP5sgj3gBErlzyX98sVOPX/xrg2xJcIZ1+L9oUKqR69Zsi+NnxwPI4qhUIKSArTG1Ekx2qT3XPplWde4LsUu5rcUM4aOOZz3kHqBBqC2Bs1QPZ96AmjNyjjfpqtW0fUYh90QvLsGkpRg+/tGryci9hUeQgclxsTYvBzVxkBokyN55wy91Op4YVGjg19m+4QSoYN/fmc8pVerCMOhE8oSoQt82nRgukqjaJzBlLxmeeOwSvOAjCutPKZ8+FV7lOTbYLlys4nc9LPVjJeGn5kv1UzHU9QhqJPDbrE/n92AJmttvsVTeZMhf22Gn+WJMN7fohIK7sQjrjxKPMPa5CIs+ddzi1hIHivj9b/YKyl1P820i3xND27TpiDEeHbinRZlZMiD0yweSNXxTGgaoAFqLiXB5DveCQj8AV/tOVxkhc+smw9odzlTn4IFzgwN/+mnJKaZTNDy9EtqDxFsIFoqSGaGSUbNTSuGnMDGaj9cyU9Jx3njvpWz+pUE9BXdL4N7Zy5uFpldFBpdvJ5bA/DOq9/b6BBxQl9UABoEtzNkFuNkwVYpea+iqRq6yTOYrkPhE3gz89CZ5cWR5T0VavNHQ7zCOllEB8qZGxT8A+qQqPhxk7oQVOixqiQKwRnotKk06rKFWH3Ewrt+343eI2g7pprb/zmL9Pt/wDZTIxQ4bmij8BdbcltKPV0qbiZe+TOjecrC2gmomGfn/irdqcakPm+ARn5YOgrcmMdEoUCE5b8FnwLJNbG85m85l040tG7E0WOT7TTF8j1kOos3IJsxsfA5o6NYUlQT/cTpPrR6h2xLg8nBqUpHkx0qG3MxjAsUQIX5C9cfztzUluQdim4bSNnzBbqYlfBbuGgz0MYEJjkk+ii9gJ9ntxn1jX/zgQH4kx+U5GWLGFBEmAUKHckTmUNiMPQNibv69h3FxE8SsOKlnG5UrvzeI8BrWq2nPgI8tHW/5hMnY7Mu5cgEu7Ys6uXdExmd18X7KZHRPL+SdCZ+ZHs5mMEMxjSugHsUBYKxDe/P5Ja3SDgrASulUe88+fwnfkdnlHQYkS4nbkvbIAumDx8+apZcKCQBl1GWRn+uMXgiu4TSlHMM3FGbgh+fThR6Ke5PBc/MOgbz2IRQ2e0yicaF2cMDkgaotW28xQYQYoJ5EWsB4qNGn0HrDtjBGVR36/1zFeChvdDUDzisNTKJM904u29bX/jEN2R7jxozzUwFh4yqEnyQOrFbN7mKxmZlbey5DaszGeMny81eIk8M9kHNXAP8U7gO6Ie+GAuUX9OIwgy/qMbLw/s5cS8/dwOUulujYunSNfGqkHi+u+SCpSWxoMTv5rnhKjMzH/H7oZBv4bM7g7cqRykIEnpn173CzHVuqz0gwwzwRB70UzjJ00UXt19AS5i5hen5OFRfNlyp5aNeljDbL0U0lAk+NCLlSXfX6MFzfP4wQJi6H9qEO9DGcs4sleogyy3y7g4tUQVfAi1dhVB/L3dmlMPaoItdAoQmhY7DAcJNjVLrbFe66Yj4lrx0GFbaLReqeSXgwzb9r89sFE8cvXhTXUwms7HY1CsEhE9v+uwqTy3oxNONYmGexW8LTfpFqA/xpvdf6YcM/JVNJ7GvGaYu7X42fB1uPcnELsUbdSBf72gMhKmT6iHlNB5G0KFwGTv+4nrEJQUs9hKeJFjKYz01qjaEyNyjgGRAeIe6x7SH2knjXscw2YTm0kI6HezjFxWck5ShngyYon42ehiUHpdZrXS1y1biIiJw7kzeV2/ZcIRsASYJb35HBeELtXarkkXTFYjic8mBhvv1BOS5M8xybJ+cxc1tbhO6QH2LASp+XSTofc6PUIrgmH+gsbK/dv4Tth4rVkjpvy82tmTsK2uQamL2qn8nvsH9prajrltJrsafNZZFI/7/GtU2x9shEkj9HesVaNhXY/T/+VUH5qLoCvUIQRMERrKUYb5VhGP8d2pxGr+vuhuqYohlPuQDrqGxI/+yzqgC0o/I5SKVZkNEVWN4dz15NTdRQSqrBLxGf1U4CiCLTeigBNzTmlR2xMWQv9KnLgkX097+Ra/S/XVCuTVtOgCCmnD2uKz/8HHtUckWSK8/vU9zQKkXKn6YF34QAXPBoBahLAhR7ptdoMtwkth10gpelEfZGsZVvdqnErBpvqTxbCekCd6WxEFDBltlXp6+VcWe8mgviD9eAFbrWLa0J+8J3odc5XaMnhUq4FsQIFJN1BKqnizcnyElRiFW2dHaLxKUYIADlomW3rj2uDzSa/MyIx+bXBiysy+qWYC2COJ8/0uVSjK7IlnxPu3GgMvLZyEyPyc7kQ3qRbee+4dFB7LFQeJINIKZ3iSnHKhxY3QMmCH2fPGDnS83q6tOYutByauzd6FCVty1KfBG/XcMX4MkIIVWIvKwjXCDl8CLK4ylp+lecsAhrl5H7nKLcaNqeWi3hKWzq4NgMO2ghAdENdpfYaxrZEicAqohjtrU76jJoiVLkmhIyVsOlDt6zVtenWY5Jn3XAfxK603pE+KuNU0BBrfmTpkZTcKB32EBuXQCu/zWEGL7iwW3AHGibjbGfuQIDITqb2+mz0Kuj/OwLJjoBo0766mfcpD6qXjFhDoFxG3H/wBIyPy0Gsm2AaranT+6gZELx3TDDhzUmZTaObbKvdREvboDA7cAMP/hDKDPm0WgAXQaAXe5dMs4bgzxr51LTn7gdomuVRw0nE4LWxSnSKeVeO/Wa760R0AMTT33jukA1MPEqciTVdcU2F7v+bST2Jr6KueOzPzIrifVLyRSDDpB6yuDC4IGHkeIzSvYirQRhz98qvDcBHZ5k8dG+WQdDRhEyl0ra29RIOH/zakAvRpOvItVXjuuGsyd07CUATCDw3awX//A6MYeRvySdLaSXPLwY570VJmnHk1Q90u6EMi/nnqg88cNFGkEyZUAh5OSRk/UIDBXLkuHkxppQvivjcu3CIxccDZjVva9mOumvmtyI7DmPVyr/rE0/WQ/KozI/zWdf1i3mCXwePDq/k+a5kzU4RZtVgZSLWLksDWStaWAFB+X71J3WwzyonbMnI0NvjbF6XKyWHveXClYk7XeZKVrGu7MmfykFUHWU4hyCWovenYhoK0zPPO537lxUsHkbb/R4OyZ2VtNhp6QRtlK5+RZf0e7hBEATVHLYQGzxPceMRQ/k/gsEa92p7EDw5A8hDPIo/9u1D8uwrbhYbuKEc0V3IoZ46f4y6YMpZeuULd2r+iEtWMURmikESb6WKuvGSADY9PN0st+gPbz5f7wzo3h1TNJavrBIKgoEIm5eprcDRJm82mqEoCWq0D3XMZ3aXLMaMCSjJx0uBm/HFQqPbID+ICZv3pNmPJo1LdVrvJkNLqnZG9NSEtWe42y/tpnP+7JKDQSdg5tVY+pRBDXrWb/xCWX0xFZh/AOkPOYi4jAJrGN602rozCGsmm4K25W/CohIS+/JGBXDQ8f+lksGXUFx2BbdLOTbhGaui30jdzmppIxOEqsP82BskGKU/bg9QbrQvqe2lFXo+J6Yz4gH4nspLp7DYxMQqCghYkVfRoqf5Wzmu4Li2dDIF641XoK8D/L6aJli5cr2D+yh8zTtEfOOaLXNLvVcfukt5AUeVXQbpVzJER7m4uCITQKuDc5N3cD4K6xImLNcSjJFokNlrwv2wVmUf7k2ouoJjhbWLtYD8nk5PJlcmzt52o7HVmbh3xrwAovDfXIzWBy0/4MSUDQIZVMHUd+mLqKT0TS++uCMsP7M2x8aQ5KYw2eF8goX1EVdxvgSvZBboqIJmji7vJ79brnAqcbCx2Q78js36X0lUwVbKTyQja8d6UL/819b8G2nQ7vNG3d+qlKsjgnHEEwGAz9cY57iYlSlYsklC5QLdx3z2/KZ/h57TEOs2VndkwFh+N5KtXLCbQvYGyUrw/u4/4HciHADAm+78ukLuwSUdr51LoyS0EkDV44RagUCj/9zx/Cti6JW8nquEgk9eFQja5gIU6aqAvyncaMhYYqIbLAeirQHLZeG79UMcphzJKBUamvL2OByJGXL6t97p0/b5T04fCIwp8hh992+0tPXQm5e19C1YeWEKlL/v/ivqmHG/O5NcwwNolPdeSPDsov2tUXupByoVD/cj0TpjVV8kJGZMCXtsZgGyM/rq5+3J3TUUVLaWFdKIwHI9CjY4QCSQe4Q1JGVlMWP9L0unotB7NmjVICdci9/2znUG9qbkxt+lvz816DS/mmLWWQTdGpuVbyAC4BPQHgJDWOhScVGBQOUO6j6I8syljcRZupLeOHU2eNdgVQ8REF276N/nqT2htHphm9RD5iYTB1dCCZWfGI54f2+1JWGRXUnXS4SPFPqfqIeyZTKPb3ociAvmIT+FWmzoUuOd09kPGqAfg9djQpyuJHuOZYtWco0HRFqNKo5NIT/UEakG6hFAd2uXbz+ivaoGyeV7jQULuPAJkpfftnUmNgjbciYn40FsmBCi225pJ4Q8N547fvJq11pHwDVI5TxKw6s3cvsowF9BIPRdb93Yr5ionztSRiAztjGCH1rGjgjDwmnlryHC/Fl6uYfw7DJEZ3FK9gJGEbZqed/MOIB9QE9uxJhE0VBwdo1Ik8CEv4eh3cEDqN51DAh5hxPLetIsWXghafagj9eB2dhuJvfe0DACq+YQz/3hGfo9sZC+em6CknLSmpFVO5IOkHH/d4gneY2r+PHpCxkr1Ozg8bhHf1vz2Pums5/1W6r5aaUHTykEuyMUe4UqlAytVWlYXvGTq3Mc7OCPb3mbVA5CTYWRg+s46r+xONXZi63+WW9fQKeKzjvE7Y0nRSFTmvRZ2hSD0dTvu5WphcI8ErH2MXNk9/AogLL2obsivSVSurK8r5wK4/FvJD0mJak5tcLgrRaPo/k0Dtc2r+J5wGyLsHhmbO4Wn9JGz61kBjXPDXZcrZwCNmOz1Ts4fAVcJB6tx4vL6hJ44w4quTsfYyStXMz5f7xCmp9Y8C/mnNMGLy0l06n/Z5rv0JQhYnyv0Mrahc8UGT2kw8zb7uEl8Ni4HjmnZMM9F4P8ZwHZOo7TDqCIxQU5kyHQSybyB+pZJEUfXgE3muwgprMX8p7EIIEtaWSLCrc2WlfcY4E+mP4A+w9pck3j5bFlkknQDzvx87W1MRkIg+FgJUoyoLOBgKYceK3vF6oxi0twV62eyP0ALyI42+5MFJ+ZIqIXmq+XEH27CfRP5patnIzYUknc1fjjQjoJRziKUlf5NLNAbxcAYjIQu9fwjBj5jUTtjJ0lj07p1J8DHrBR8YtFR4jt51zKc7iL6cbQjnNeqFQ7AcmmbjefJ3mFFJg9YEHJ87zMD31vTyRjmRmUaC/P2aHyB62xjw8HfZwdCnS7TBWa4sDDlsG2OWJ1wFNGh19CaxndlIc0futidqHFJk2XJFHd04ZmWfnU2fpWawJX4F9eNPQXjUCA2BB9DkC3MwFqcwSX2mNAIlwuB1xJ+2NcAc9zs1y3Ew1PkndyZorUWuOUCVJpuKcCSzN0DKb8cI7lH+60rNFhEGMi4mzfHP8F0ELyomDRLSfWpnGbToHO6Mdvu90cordhgUEiu+Mj9PZjI/CKaYja7zVrsXqPv/sawSa/NgZ7rEihdrBSQunf/JKXQG40toldxgDpqN3MBlXDHGwRgkpyzu5tsN2fcfVImHFaEPEXCXPC124ilCSlS/ZzlgWNR1FqDBIPmpjpBXWw2Yx/NHICs1R/2+bVKo15HvxByoICiZvxE8CXbM2fxWp/FslNH6IYZhxaYnjOuZasFkB6yxr768AT9xOVzqeP3tlqWceBcPbLjvXk5fuyrWLUbmV2odHum7Qlge8hHxNBwAW4hgDGJGVjKWbz15EGbkNvsXBH4DCXa/mu5kSUikM9ss8cFhvkeRelzJLzBrNtmdd30X0gSTRNJpdsfS7UR5PHr6AjEqd+REjCz+mbtvqVG32WROXn0GXdCIywrekIV34Pln7Fio6w4euBUyombSWJ/Sw/22eGZG3a+yExRe0VwWujCalMbJfrs0BSkMNDmf2l2rRBFb5PF6VmYaU59s+T0H5pAPbJtNaMnAJn6PlOjGdv4GSJm2FJjsVTkOhQZ97MhXRmjU2BRNgmZYOQtD7+FmKWM4RSFcVb7ps1sLrl9KaMlkrh7QuAJt0L4lTthBXAz7S6TW9as/0O16gMF/3p+u7LvtbroTxQPYoI7DCIe3EOPu/kmQx4jsH2V3TvKXLujCug7ZyoNznpCKJAaecAqkYvk7KwOn+5RvtqPxpQ9iJqB5ESGo65r0kjMY7PcW8sLhBi4Y8NjD+jUjgX55BDJPOymj8Q6bUD0Dwn1KA78skeVuoOxrdNBPXDO2wGBKmEaGhp1uzNOClOHz3ZgTeMgpDwgj2JGo6IHjSsuz5ivPnULrOWPy0YLgr4cWlR3465skxA3bClVwojG+eCkB2S9NZ4qUAQt/SycLdF0PwJosiZx7bOPoHeiVkL+Sts0lvOxpM1VoU9JENNj5H8FdYgV+JqlqsK9tLzHWfs6ERDd2E85NqzA4NpAR7FOvvoUEzaKTY3rzQKnba+O1iAVo0y8qLJmu+wmTnb4yEn46hU3zMZuNOGTKCvEOt9PdN/lVp1qS6GRi6OBR6VdqF0sQ7NB4M92FjxuHJXnagzRP2kCnn7mWDJqW5ysX767IP3KcIgOzg6vUOGyeB5acTvw7cN7fhQpbJaqnk7Vq/IsTaKKd5GEv+vhYwGbv6UynRQLhnNg5lXg1TFFm0quK2TnJUwNFgLPTK7aAzxydiOkO9kVOQeZ4P77Atvv2v+Af1ex25hDJ/lgxkrIvLKCimIXbnwQZYl9ocbrkEIQCx1OoZcbxhLjOsuiVuNCeCy3wDG0B2NvQ6vu+corXEK3iJwbuJC54KDstbMKfLPwyQe9dyFrACDthmDBu5c4ZMEgvVJlXdwDb13/bEkR+D7A0sy4Y/lLE5y/WUpkBHX+SWb0PKZcu4uCqfezam+FdWBVGltZ5E3oONSDfcDEBu4yICbny4pw0cPdoyQZQl4GD9xJHOPsALGGoPrEbEZFFCi8qHF3l+G4ESup1ukel3HyHJjgA5mV+2dXlKAmCWwcSZ0xQWPa4avM95m+yFYLnD89kPioIEV9BhC1GV4nnx5YPBEH9Ro0EondEki9itX8/h6y6Ijg4kl5D75ZAgmdT0hOX4HPclvGV9l0xk29r6q7tB5moGfyUwB1NFJoYm09aGk9GSBd+3J+EpLyr9Lq/wCl5D6uahnYTHzTZLBkj3FVC9FWtL9Z5SDcDngmxlvwg0LR056rR5fAKZEweoRg0/R6aiYSwqniD16K6L/5vcjdimsf8nN3iOtgPVu+k16nZZ5YfRyquBR7GGDS78mbD8do31oQGgVQdhc/MVWKeAK4jX3t3uPMx0SoYiXYioBCJE1Xb6yCOU7wp6wwYVHthX49MmHll5/Zf44SmTCzdl3lmqXRlf2HGFAeCeg2MrPa9UxKDf1COwgCURm1O9CBsDjWbNEw3DxqvgTbgAuSBCHkrC8GcafFiiCTZzcaOhbAU/k18RtBNg5RD1NHco4oj0nQ57zPrSgz1Aus478V91coFDZmye9mXsVBMLXeC+/3vdtWUkvJHd0zTzeDYCRRdwkRU0ZV/uGuNuMxNCUlCa6w81xb9tMIRE8iYzig2JUiHbVrTvl/y6CcLEJjlkn7XXoqIzCL4w6LKwOArMxZb+kuy+fZXG8fvJmqdqfx6dxQkPfWCAf0Cy3FlZ3ds2Rd7zhdIoyghWHTf/2bBav9UQQy4HBCqnzJim2C0ASUtsc2qnAcghfZH/WqSDG9LApduRxzGKzUs2dIEfaA7fiC52HxEACWUdJC2EX+gpp5fcZuSYsIbDW+Zxq4TnJJJE+rP/wWS3zZKKNoZottNfh4UlbUEYQwvpUJWan8XZZYjGz05eAR63XRIkA8aA9hcClSA70gJEU+QtG8IyoNXPrPRRMr2EdsElU/oGlpZZA+8rH09gg/x/u2P54c3meKmUJLMUCnXB7RouwnZWMzcZtwMyvlyo/d0yQiZaXteKr4cZ068BKkkbis4nClAz6YPGHVCN/Ub1QmS7N3tdsr8FpRHY8QHoYIPyaGf6LirD7FBJ9QYa7lFgwrbGBOFWkepRwMTNuAN5Nle5WXLEZhfW0qZCJCvBkbidHsf932ez9phXDCjn5n3ZVulojOcGEQpzcCeirkyuPOkG5v/WBf+Xp7Dv+1JPI+jXWYS9MQrE2qLHYe8UFzOi16pcmPCxdz2pfnHrJAjTXQdBd3Nt0xfdo72MQvQVDORvplpfce4hr8p5om2vAFlHG2mxTdnVR6GE7N5y9ht3UKT/JdB5U1tPqUmloNmhOWc/k2AxC2FY1LfcVwmCmgs5wSRYAQSQVr1oZdDQMjfXTo5Fh44MGD7TXmoQnJxL7bhjeN4+fp8pVE9cTt4KAfkheBn/uWUdd8LK/1YafUCaG6ZjEo7N3oVxmGqgjBBLJdw/DKDsglBR3DV3nTtfBwv/y0dDHzjpdmwMjB9i1h67v49yTsaepoQGU7EnFtidp8aRBxaBPVBEFmAl3xaToUC9r8xJ5sgAIulZjyJJz/97ABMX6zJqwgNnuWSgwg9Nl7eYnvo8jQAOup4BnOB1ojEoowGXKTchBKFSaYi98SiSlW9inTI2Xx7+KlL9U5MHEQtv+JVX0dJBVkwISMZqB3q89j8lzgXUOJ9CUjdAYIEAN9QtgkB0jmQ+I5c/YlgtkbepX3VBGgQyGuwpmMKrQXW525rhkEIH5/zQhPMNjfOvudYM5ecwTWiZqrgGetmYzZoej0/QXPuohs9x6fZQlRag84EG4R4F8FYcS93v1aNtMJGnnGV8aJCRN1Ij6F8nBAQJPc6vff9COfPQ2/Iq3PhwJHY6BULvy5ET2+edwUax/y3gKrZpdhNPrtl8Y2dEbre1qadParaHZw9Vl/REsHixoL6hR+wPEQeaki0HxRB8UONZjZ8m7ULNc0lL9rRVm9L/BrL4G6zd+nDDFp1HUZPMxHdeMA2amDhF6rh8hNZ8s0qh+GQOp6GcaK/ffm88TPvLA3mVb5j/ovegWSBUzWk031pbH9PTK8lordNiNLr3in6Q7WgUXPKV0/TNnyVrSUZkmRaFY57ItaWowlYiahGPgKnSxS2gG9uv3pkjxj+b9nv2e4qMS89KMyam42F757OoX3qUg9UVUAP2d/a5KgD0vLxTX2p7Up4ub298glKhSwSlJw37o2kGOoAh58d6bGPk1+LcQ7u47MR7JFDIIoQeN/OGm/vwzin8ExUXXXy7zRdrEOETTsGlZSSu3Lz9zF2kqSNa9pA7FmaB86qOzxK6o/lwZQ/xAW8FrhkQD0z1cFRWS1fDpYrKHz66CbSwI5JzcHXoUYhWD+iVzJAUbJG+tfPE9stdWNB8mLBKSfpYPIM1rex8o4m+44M5zM6kJxgvLbbHMi3aSQcXRluFD8KZ7SJKjSwvnmrA2C8iB3DiLOfARR0Q6BU1RTCObzIxs8/+k8xklm/nBEWoxFloB/NAan3MUZA02kkn8/bt988Zj9Svw8Vxl4g4yxeJIL+Gt/YU1vNA2B3HEdXAxDg8tFpKpUhx3UWCgd3T7N1nug0gJB2OevdZhWcnVz0Fg1a7sdVK3+Ja0CFNrijl8pqbhjUbsJNrbEO34Dv3g+rl9CCv+74VmuIF7vHxPTuzYKmabvaRiAGcMqLTCUP2Bv71qnggJJaYkjNRXNAVys7xFHhcwV/oi9/2GFmqXumbekg9l8jPm9/YNORcow5gyrBnbMj+/sSwJ92bqaFPL0DlEGN/DNNN2Suq+o6LW7r5nmqHmMBDhJ42W4gmfgMxr861PaK2zXxbTPoCbP0Av9Dpn40MVlAIr3Wn6DQQlnXs+SFkwwNagUbvf9Zf5KUh3/7vo7JlWoZseOEO3baR/DAYE/hEoSvmVfe+SFTQpRI/I9l4RPRO+tDJ/3OCacmoa4To32lyEmSwpCHuC8tegVSaYD1un8HJN0g8ZiNNpTMq/domFa0UpKwh+/oTjaozRL02z2wouXErZLKOfyyB75oRg0h1O6zKQwcex5DvopqxfQkYPiIt3TC0895CN5Uel2dyO9Q+n+I1/QoTQwFm88jJWL2ualcLmecVtsq5QotNKQrl+xq4wKj397aDwx3FCOnPo5zccNRQbGrR0FXPaGrv5m4oNWbU7URMG4gx34HtzBSAhwwXJLtL1bpQClnU+MTU8o2BQcRfgwtNjUsYww/IkKT/Q8K4E1+IiynHyHP339gny/nHjiTvEUu88maS8xlX46oAyELIMqPL/2Cos0Z3AJfEEMap/bLDcQevl7kmgNRdZMXj8N+awUgbqQJaTXvXFiN3cAz12UNUal5r4omPvI8K/tfQMgjv0Kc7vs8KyDDzbDHU9S6TNYDK0+2ERLI7nbJUpjsYvhfGZdhFYzpSpb0l2twKWzMf5DtQvzGq6TBt7tbHy/7nnypDiGFZBoaLfrCi5Nj0zOa4OIkHPM3HcVvsONa/ZN40ObGvS+GMy1MxXidCmgr3257IazVA6NE6xmGwmI52Jk8A52JVXLoiAJzuqjfyxR/9zNnYMpZ+rgn8a4IcnTwxzOUGrebuyCk2baq3VRWJ94VCgqXiRIOEJfZbgE18GRNbb3JkkBV4wdz83+VaKidKKwZSoRqSyeKVV8UdLLzLoSzgXmXZ3nd4lL60L9j+JVGmDg3biFo66yKA/52EJ2ITSJOx2se9V/hsn6JFVRDIyAQVIAJWqpJMZ3qJopyo1gFN8uptdRmjGLyY4ig0rGHvV7WcGdCtVpo2PEcC1RUT8fF6GutxkjFmH0hmdXcvKg7kaecrEOJ6pTqEvvjFJbG8HZbXXfPU8HQWs899iy1W4beJMUC+5+nu2U87eZ3uo+mr0ePDdd+UZqYNclDkO7LWesM8xxGNLk3dfYUWk2lhqwsLwQJGqN/17hmKXaOkOvUk4nhoQuuhoVFaReOkpJQguPZ5RPsAGO6EyUIaKHEA12lEep9SG1ZZJbYCvycCgTWMO+00iGDjnA6xnEf06DPdcF8qwbsJ3jJmAMn142LHXPrUGCNAnzT+8w3MaK/hPBleb1FMM3wNoNiQyh/KgbpxjjYtHg00AHBPqH2qRGukYDKFhklIjoj3DIjbXN1lkV+Hc3TMKma84C+CuuVh4TfMB9YEyMAceUTvzU9IJbWQu5Cj9pvYq1bdyXB4rIfTPTJBjSqRfIGqH60I+PhHrtVFyX2VyTa3X0KAgD2OPFHrrXkZrezzoU7d2+22CjfM5+ePT1MR3omeKJOa6/0+NXh2h3YafPrmLhhR4BId6gCOxvsGUXYVFUzCsZmuLYAGP0tez9tMq5YFmr03HJBOP+ecNIQ+HhpTxx6WuX+Orl/QQ1aZbMJDehfB6E0dRhI9ykUyNrnn477+8ihNTSt+FjAzrO5hCpnM7YGkjEFyDsX60wS7amZSx9iVRqRHfRqBAbGDwRaYfKQXihGZ1LI6VH/k8XwQoQOu+Dm6wRxBBRJwAacZTsOB8b8YZOMiJI8VKSH0C2SKOkEF+BqGAfwofZi7IJxWrJdLW5R2ofUZpXEbQdr4NW84IxADBka8vgCBMrn4B61sHgw1UFJSybxXbQ2FiLaYfJdRWj3rwMT24y/ml8oK7liZlYeWkgMz3zEgbx+ggOF8HRqQByyf75GGIHyIs0CbyCxKpkDBVV8iVsZWGEoDe8udBgAmRTJV4FKhqmqF2BMTgx2Hvkzbb05/RiNLbZLT+O8G+XDZ058MsF8KChGFWTYF6tdnXKQglhiZgUnIOVXi2LQ09ARjnViV5NBAdhGo7q8aD+gnc9NDMCVQA83vCBpNlftqPEv9vkrvOdSFOjKnzVTAgJIvY5KhfuKug3c00kPHJHSunxL93Mx466I0nRu7zvK8uo/D5DF15ZM/0iEPIwBr6gerOLeFc09y+xT9IpIqR/97DnRWeK29LhJr8C5EDaiUz2zNTp2ApkcGiU0s8a6lMWu9G5L+VXe+RNyBl8g+OBOASJ91GcS3X3DmRhctAsGwdAGtXXr1TLBfKvYmazpM9kMnNwWr2aF3mt3zRGnr1fjFdzr1zd9UcRBaVdcbknDDJdnBMpkeYrBOxJQy8ZAZ8EMrC8xeoCHrzqxSwkSDpg/q5mrAw3l08wWZo46swTupNiIReMGR1yBsP0YBXFmD5CmvQ+F1RwoeY+FRmS8RJav9pKmeIhf7ztnVO0JrxWja0BsMJbj+GSHo4/M0FWA9Bxk/USk8czoPhPwKuyq76PZT/3PB8C+dVeYj042LLc/IZ63RPjH0u3T7G6sgF9vCytPo36murl+kKYF6JyYTred6KhQs6IA5vCu3U6rGhadmubtMksGAEK04PcANk6vvR0rKYN7FhSQskDTman+6T+Fi71gorapNkbrJroRBqAtQ5QjxfGfcaEJk0Lg3RBREuGEDQP6nx4zaZE5cUUxBFxi3BoEngBRvSa3W4W3W5pMsVIZ3TusV9irIycEkLqqcC3hwIqXtVNLRoOOjmYBLTpcprxBVcwdsuxqgA1UK0akUDoDnpPvsbv+vbKA5qdmvPCfJSgnGhE9ua2l8onxnnuEeGnNx2iYY12AE8g5kB2HA0UFU8n9o291HVgiLodsLxcGpUU83NObWoR7uiQefXkgHZSywEPi9Uu7d/H4IUzQX7y1nzSkG5Ok2e9T4H3kFQ36unyMO4V+d+7rBkqfS2B+5+dQXxL2gPopJBvtl75cHcl4v4OJNfE+2j/vUt77udVFiBsyywchaHdrwNcv2RdAU7HWWa0yPvj38dAg5f11j/K+jCruZ/ujOizwhOqeI/zLM2bxpS3pSb4PHrJ96Ux0pINAVHE7ikqecT6NL1jtJAsxU1bxGrZg051j8/WLCoCohZP/UgfdE/10lp7srW0pAytyPessViTthQSTYEHOlMHzjszxAcnONLp1LDWDhBBh3yV/K11ORPI/5KcA0aX7qJ8+ROzSnaI7TH5UVs0FoQxgasoxJTQnAwHYUnuEAZO9zvFkaYghystFxBFxglTGmQp4DVLJ7/zPYT4PHGpmiq0YiPcGswsK/y370VkG3LYW7dmdQdhEtcQaX6Tf8RrfWtN60BNKg6LliJAZNuTbYMCM/XMeimcQ18Y5FBK/l5ZD4HRlJI7MDWKwZATDX8Df2Lp23Ij110G4/uu2PtRdswCLnEtdNUZKA+1J6hXItZpf2p2dK3WU/XiDyGDOqvUUbOL7HmJiaxUzE3tSwx0bBOmat8XCZl+GOsf5BV4oHuYubLKpTrulrm4DU8Mcdh2U8fXBpPDFRDVAfFybu22Vs0dQ3HA9uuAdcjC80tfUJb6ijVS2PV4MPtizL3qIOld4W8N0iMRBacTp2ZREx+xtNk9f9oWWvfj+aXQ/26IvU5O9/Heu5My+rfFNSJmcO6rC4m1DUIkCWdFityFoZPcCDMQxjsolv0329ovs9dTpkh/8rQz6UkYqPyhEin7qEWN7E8/CeoVtlXWrCWTLWQZdcFJ4YGJnnwkiNf/sgawe1Pq+Bg+a3CuUxdIuhnTaVOP9+QvSSV8lkoax3u1az+3CLZpvXKxIdAAp41zM7K3jIS9cVkrprc8VrCMMjw4RJYKvQI/g99gj3yqZQf1WsyK3vddocEO0P9JB9zuOkIgoJfDagD3bFonEGSFqF8NIz1HiJ6vP71i3KthQlMGna8fmPUa0Ps2T6fWylRNTe5vuseRvXgi/ZbkQ+I7x0d4lgwSQ5kDmRaykWaTv+WbVUbvK1ucfLoVqsUw0+aa2B1Z/prdKyVchJ/3nUC+i9mR7P8D1YzjHtAzCUKGS/31+KwHhnJVSiXZj+PG7dqyN4nWIw2/R7p7p0ETgg9LBllG3EMejGbx7Q35ZPgXeVuNKIuVLzBJuFPCEXaZmZdB8a0AEbGXMYPHZuROrtSa4TqetYmCR0tyh13ZO5bnpqnjsdCnNEPsW8fHbaQKDU8eW/afAKXSVXv4PIQR+fhMfZiJSBLR/LrAezilmN+NE+ZjnBspA86mF+hCnR/VcS+jEMSSyA6ndwfs027eq1UXPbqJfBrXUWMSO8fxR5QghZT/IB6ne5Y2l18IQiPubII3IStP4n41ZzSrHe3kEmUD80/dBRfINOPz513XjagVmH1AC/Z81DEJanYkd3oVxRzQu8UmCP0HSOMm5sDDlq2WBnCmuedhM2i1t5Gj8WGAgSDv0L0xEOsmB2gTJ5N8Aou23Zcx3ZoM1T84IK8WCSqTxrqKIT9TI5VSS5DQdXD/e2n8TYTj9IQ8kbiWCoEe/c2GGMLfN879Ky1xzeFKVRCojC3mVfl8xRCM2BJlxeAaqtkZ3A/czPsni8s2tYM5rqbF9Wwp3yoppbBopePYmBvyFfbF7mGPB5a1QxntCq34NHDqPATvFnz2wLogQpO/5pM38ahXrzCywh1ldFK2Wgdv/kYNW2kKw9u6PHtUuAYiby9Z3+dqWUv7Rp9wieLQH/ipmsDklTzYgW4X1mKyjt+IQvvCvl17q78/i2DfwpL789kpRA9g7xOidbOzaT8MIFcq1xlarmdI+BBsATFvNizBP4sUYJ9oYC5zL0wIULUg21X5+9cbs2XvC672UDjch0aG2HcyE5TdXkPMse14vpt/JgGdyw13BcTxtL3M99N1m0zX87XckyC8h50iWoKXMxXGiIWD0ce844NPeKZQEGozfvyoRtlycoaJYFKlrYUjkck4ZzvkotEXod8W6VkzNxYZW+/IFhCa89HYHopojFj5UQ/Z/OGtyG9xl6y/O9ZA5sQfMSrZ3KnO808Z6EOTONzvT6Nrc3tOYe43SB9vV6ysh8NWavcW5exhws57l/rIERp9G0BjbEmfqqn9KMyNMOwmTQBydrOwVNB+cUh6VOd7rLhBRuFvQ7pdwwFghDFFxJOTG9uLnPiOYe7VTxlEXabM5KuIilurZkPU3bKkEerRaN4ZtuBbTrcnICqPrNU7FTGytB99HGSHp7rKDjWfnqdGKudHKVTYlTZZ06wyoTnx7leIoaOMUgEzk6s4cZwIss4deH/R1kWgDL7nJDiW+DWmPUA6n0/QVUPwWEiTXUiMgmdBPd3ad1ijpVvLV9e+u4qs4L1fgXhuNbbhwMS8Msw3yaUkN4XxYVsatoKz90zD93Hkgb+EWuWhT8HHR3hVjYtQuUhO2bIp8J39S84FrEgVxiF4emk03kBUxsjHOm0FtT3xAQ1YE2Yg6cM7Mn/kTNTAbPKPLUmC6fOHiS2lQlp1TUSBcJoRF7AXfufLSN5Im5tCkwdP+wQ864Om8D8YcGOV1UhqBMhCr8BQfa7X8NXSqpu7/k5kZFwak8k0BFi0h8JpCndsNe8IjIXWLvvy9LNI0pxbf83XduNiwioQmbv6ghMn6F3gCqtwH9Ny33cBGdHjllFhhnW+7NiOFl38oCS4z8nhfD2du/LBwgt1llgMtEupBTsDpp819GK8z7VwMsj87U4F0tWYRymOHPs6mScnGiadkX7L5+PwS6LWOzIx1Y3o6xdtTNt8PAridxQFmLYWTwCzYREfRPlY4BfC06JkzdCMK2XC9YVuXsGclFHcxKN+5mkS0O6/iam+fvCdLXTV6c/Pkk6UXFO7EIQlszI+V0sQ0szTTUW/sKq7XPwzbGXkDt9XPohtAueLi2kHLdpIwqzPSujN8f98dpHVOn5xEmPZdaftdflw4cvQ5007bGE3VjjGHE4QCtmyg7SF5bmyIwO93OcxkvRqDo10ni2rkwwFj56WIxrqkKSjA1SciIeAT2P/pdCx5pGUb7Gx7WHnx5EBdM9hrrX2Iga3NHzNzRx832zFhpJ2nJpqMsFKMsO8Fo258n6P5T0dLcCv3wYQoJiBhu0uoirR+x5zq/AbAqwzUjioQnC4HmOXBXXBtQ9R8njo8aBBKuWtqnSetk3n0+WyyEEkSEju91Q+RIxndHiTzpU5pNIUBphZkA61oZuYwVwNLW0bU5nDkpQtJyTZiG+5WnRswEZmqm+4dAppHtpyuet92c7YL6fDk5zxFv3rUO0CBlO5GK0ZEcfgVe0CVmGZ9nUxUqlz+sdMje35d7Vl34aL6NpK8n0NP3UKqbUSYb2bp6iDWS8BS1l60YwWVtxMZkpRzB14ugIL7Vysxj33giDwRtphm2G5PQA8q+eaZzfvZ/lyVlbSdUX60lhdhTP9jMloq8Tk/KoOqiJYrzdqWdRvqbZV3BKD9LNumOcfaA2JWqDeZWOrJb6qa7aEX5Xq9gEIjKSCCecaFd0QVEJAXW2BRMADr6A2R1m4Ng97byvOHolfPfV9vi5jtdlBoZb9yIrssS1SU+5OYXCU3ItWWM5lTUA3L8Mg0C28ubof8pzHpwTZhitiRMPTNYTiHR4o75f09c9MygcPY1TEMc+ubwzX20VARlcebL61R0EWZxmjm17fTj2GnrsDUIMFH06ds3Pk3rgXDPYXYEH254bcDrfPImG9llRVFyXuq078PSEOmy2VnctgvOGi0jy4XteZ/01NYfm1oKWP80dn1GFrN1WbrF3WbPyjj9YbskCXp7lN13hXz8eyFdR/kH9wmkNHpzXZfjU29ezjNRp677Ssl7/wsmeB+3YkZlFlsmeGudhEImuYEgzrxCv48F+YGKNfYDGl+NNm25rKQRkN5FT+729JdUIjPkFB7U5PJNPWJWs+ihvc+L9twZuoaXsbTb5RCHPeXDXDp0+BHWiJEgVmTHY4VCIkB0ow/aTNnDh1F4OiEnOorCeZc77hUNrhqBJ6GA+j6+HTdyvf6DE7L/UmQ79I12lrj8zGDKee9dtFmqU2PZKIBYIgYSDOt2SdSjxwxWh+iBpWob9cn/cDfsBC8Hv9E7P/lJy3Wi1bWeQXBIniv2nM4ktAiOH5l5/k4qmD124fIyDQOqm93DiX6CTNDeJI2qbo478hqAWchjTv9Cf1GRBKAcYW5TYloSxiRhl13WEZN2q702ktQFUP0VIaPKR1/vwfvpEriWnajfnATSjz2UNr1SYFIJveevM3FeMVSknTs+EUmWu1MrizjjTSb1uef9VHmPWsrIr0HoXSlNU9mokJvhKUWmsrRBwLpg1SmuGiXwPfC1RQN+ZjNxBzbvjTLTZ6wCSVuHW6H4D1gU7j2ZU32yDBE+Hwa+NeDAApTIdJKRsRJwv5R4Oyb0RZMqToxeGHupTejUzdnoB8JXaluY5/Kg/Brh1Plv/11YDeawOcoG8MxwKYURCbZLFtW4aqxTYVAFwOiQGTxZfd6HNxSxFb01L3gV8QbkbsdfxxL11J+gjZcCyxcsWliNMftXQNwULkiXEYKF5vWWF7wTrMgp3Anje9zCTaFvDOnv+daBcmbO+6hvRNSDf/xkJ/Lupo3mwJz9P4o/58aFnduZXk6VJygatKafj2J9IKe9st+0RkxNwxjjU/glOj1K6Uppf8BNzxKQY3zJDZ2jaY7mqTNrmEKtWwiD94W1i4VfZd4056KFp4fYjKcAn4CbrC3qiJEbuOaC/OTPTA4Np2eB7bCkXFOAZ43lqlyicdZUZqMGx/CrR8j6rGfJyMGoPZ76Zx0H1Q3A4+YnYxw0pTilH5t+wuuZux1pgIHeYF8gRQf8DlKm4nqTt60LQ8nbWRyiiQgBMvD/dbNtHGd6svtcpfGWFHTnkRFU9KIevARGSM2WKlvJXylH0GeCA6P9zy7ijR0u17IFUNp7UoW18yonLyH0kM6DxhGDyeW6GDjA4mjeR0OSze2x1bRGDaOKgVUyaws3lkJhONEGmzOObEYsK6e5DvlsUeJ1L7Q3MmSrKgn3nZeR3EFy4gT6v2Tts0VBbu+lgYzLYF4hVovMDiS1hTMZcWgjuGSODTbQJtFvWYg+qsctBFVTYhwC+eTjK/vjv35Di7SbeP42mq9hKOCnk2/AChBhoFWjpDdid54njeOlI2WIMfTspxBU4il0S+tOTeosMgdS8ple3ZtlJnOHtW6uf+1Yg9cyy97JmWR9hEtMjwyNbA1FpNvbAWCqDgLMy+K/vo623MyaVetRYkd3iCtM0Czm7q11AnO8Wgg81glxpxyKNxMwZjLUyrYBiq+ZptIlJTfXhXJwLGaf2kw71CCfKX+J5QpFcaiSBh58zkt7VABW8Rp8KK8A6ZoB4EKTlC/8DzJubOmqDNVgXcPjm6yFc2jxSFOvYTWbZ1Q1+rrHl0Umpkgw9UQOk4GHm8l2KiWwXUl1ALKpHHhjDNS7vykq/CzNUiNo9ruxnJDUyP6bO+30E1lvKJ2/v+SqjbGeziiBEmXQhSaXz0ho1juyclcoikP//JI2/GYNo9IFUL0RiYUYmax6RsO8IW6X+jJSmz8P6CKDgQl92OjOK/0KJirsZ7JaxB8VlouW2bHUxb3Q/npECN858ab2rlTGFB6KKCU/XYq3uh0d+gr7r6vkzxA/AiL5s1dOFv4J5z8YgqnPdeRv0vDSJE3lT5/kKS8YOq/aZ0R0AXIXtUxNCgUdSgBwz8gzsyqMP+cIX43leJMttequKRxFMWlImC22/hbZ/3CKsiYBYCCGdu9Njro4dgLfIWCh8dLuWTL86pztjkFiy2dErUoZpJySeS+RVOL6GnErvEGJT9CkGCBAwVSX71HM4DoKFoxsNrx+gHzAHCuNAYiPu+mF51yrV+050UHHNJRO6NmW4y3ZXk5jHudqGOWDmySFoSaXfcf9A8dM20dIM4Hyl7yVvZ/5EZeGD8YHOhFbcxUyTtVKfmf4mWpm1gtcZClGTBAZRLiKcevx9eVEyYHK1hixbVnp6FvzZTO0rATqui+pn5uCi2uW5kjlMsiqfxYLiNSO5VCxS9oQLZsEWqCnMSmUidaWMNVUsrG0BiJuWh/p7dwqK6MGq4N04Y0YlLC/9z+lm8t3EPDu6U+PEkldoRtSpxYlDaAep+VNJcbuEO6jfYmxqYX4lIT/MRhke+1baFQWIPDV+T0UC5rZwt7NAM573E7CyM7H5d+Bj3kFXkODNu9J1VExgWOstK1zWtlLk690VrXSqp8fIpRzC/fGNQeR9PKMTv1wQ5o2WUv2EpfHnKUlUFhmERyotTorWtxnwuR0/Px0pV2xb0w7CvM+gjQTf4AW5IszvlAGkjI6q5wnsMpJDPdlyTePt9+gnjEW/j8lIAQmpP5HN8xBfpzuXYGUScb/8QFUHB0kK9SIhMuba1eZV3qdP+Ip6CK2yjTxxBt4PQ8QiZH5iEkDjf5arnKuJpAUnWRsFkTQX2k+0NNskZxEjuxMakHoTtZf2PqXEbM+z6NRrqFaRPx6psaE9YvNJUG08bL7xu6JTSgXf5i1lnD1MGQ3SOZeaIJ6a5vpYvi+Zzd8jJrAL83vXztw6cZJ3Hai1DspxagqMZCjfK3snAjLapHpajK5eujPiZf6hpWikBkc+UFyuH4zDg4jMie/IRXmpz5F6TSXdq8mR7sUTUjkpCct7VPln2P1B4u1s3isXbIOcv7msVprDGAE08HfxrKYLXyUFbx5u/g2pusd2+0GVyfLFLIC7L6vnmO4fSnLh+PmBkw4K5+97yF+5XgLIsKpGyUgPaGjCDeiK/mr+OFrtjDuHH4LlcX7z/1vetnJnd8da3wYzfSZ0c3yppzuxEbL+l2LLIdfHbi02RhD7GIC5Df6qEaT8U9iFlKge8IsLGNO4hxLfC8fiKEcRZrHq6jjwFLj4NnTcmyCjyVjM5C4+o2mF+l3/ydTSA5rfSbof0/K8wA3QU+dh4XYcVbAlmFkJGYkTjeMeulzNi2erWTdez7kuuI0fH5axmQGDZxLpQ6b8Wc3vmnC0yYdGuDmrQ5zku8cJAbcm85zhtAm5eYlD/qqVHcq3RQnhgb6S6ZGSkCmXwO/r+XgY7V/B2jw6EKF4iwzK5qg6mzxTj9btqmuyHnLaz3LoyO3V7Kv6HTy7nhUARXgcn+J+ZxzQdXhzAKyynP2ZY0YX45+gJ5SVgW6E++AhmcaSA/8pByS68Zwk46ICUd3V1XmV/nfsoVQ0QJHOJFqbbSEb7kQbftCtshfhb5jzpuAGKNePo1n6+xVU3tt9Prf6r1d28wAIcs1hie3qmbu0OeNrmNhCJnLxP0cPlUyTYN9WxLXRj25BGAbl6UZs583rZiZ6N7IqMXWNotKw0CnzWME8vcy8YZ39RJmvJ5PcFVXBP5prbFHdykVFMuWcs/uba0KUV2nB6jW9pJq8ChXnjPnntuRmeLGdq1tgcj40arXiWEtVSgIopl73nEwtqlmMzYEytl4aT+3/9/zjXqC1oc83BORVutZtgYnai35joHsV/tzxNSmS0/3X+ixZs80rDWVQNdE5kqO3v6QlhVrjzCpq7wDxj37DODhtW9wozmPEDdWNvobFOPqtONXPOuJTunDzeqW70kjCpwT3Fh8yItT8cni2fL8OnEVJ9Va1ws9E322W2x3oCd2RH7hwxpgwRNJZAKhYq0STa85mSyzmGWkVgZOtuYI00XolPzN+wU3Y68kcr1XrNeBoFF3QH8zJA8tM1TSjszkNSLpV84uKKKjGblukvAeDDXc+QPJCqfR9lGaW+W3emxtpRS01lxyOCUnNiI0hZ6grbOWP1SKdFfaRWEuweoCCoBnxArTgUOIM4v5UoTab8ZnM4Pz37d92jymzTN7aAgcMCCRURh9f3wmQXE/6gw8R7N4e/ro24IGCG9LUlUPjoCs4X2QIJsWIFx9P6eaHoJ0jBMEzd9ssI/z3ZF8lf4iBb/AkJz+DynFd/TqZHixZqwz7eQ1qFvp493VxcuaEi5Dl3Sm6jPrIsM86aCh8iZvie6nBGZeMZLMGaOL2Ym+6havIGTkJ3B4nks8HxuSFthlXBeDiJqzlhCsniidQuUskR0pYPDBCy1Qt3zh1btE6Ola28or04rX73vVlV4tglgv/JbMGGvfQdswfq+aX4wAq5d87OAEQXnBZ0w78V/lxr2ZHMyQfoT4H3AiF5HtLMt4ixK0nsiC+d7ujRGhm1YSPrc69iCi4XJ1C4+OCiFODn6pBXOMeE92DMIykkoeFRZccO3XlSGAESCf9t8ZPklwK186YUP9HigNDuOHAoYa+l0OHg1fEHqSGyaVYCT6r5y0/gwwwIB6C7ZVO1h1UnW/uzsQv97uTh0r0f557XFMhV1Ato1c+GDFBrS/8SBmW+XuvwsZUxkA1jqXbuN/aFM9MlygLV1bdJZPWHZJi0yT4f8HuiDbO6iorjdfKVqBAke7RIdEn0ggpkkn33gKkg2Qat9hMy3F1w4wbTbaLuPeG80TGrZ3ZziCBQGJt8GGiJ8DUSSgkgsEQAHErj6G/pAw3ColpcQXD/FaEaeeQoqC1Ut5ekT4kFu3zycqYrMv/iX4kLjtk0Igk/SSTaMLQQSG0EHQbomETyC1QKkPPx+a1w3thjrk25b92qWQZQ9stJbd5TXrxuiHmX9dv8VJhBz92O+ohmxjwz5Za7fzFnbYCHyVm1ssl0MQUN01NJh+wTQYd0NWiIr785Xr84VT9pmbAhkV474NGC0ZJJ0Li+Py5cKssZfitk2Hxzp62BvWdSExBcRa6nmZhLtesGH5qNm/plUHkurDEY8iQroXEyFJhHvQ7K/vZXcz0CAupdEsagsIaFrkBF4k1pGy0PvDkE1vT9swhFjz9pIYGo5LUuU1QYkWP2Q/e0vjA2wjC+qA+K7zuMoFSQwNHS/h23TbWqwA0DYaVoHUr4GIIjbaub0x0wBYZf8MzBlIWE53sbfph881kQlp2lbqhEkjdVsN69RqMcXmhOUMxzRin86yy1Jev7H+n2gFCLggAANNt2L9vGzbZt27Zt27Zt27bt+hmziFnIwSLqF5bXojb11rKACPJ14ZTaXwdKAayZUilkSRWIgpqDTmmIZKmcOzXVOgH9ZNktKIYo1pSWdrn35XKqqbStIL7mHgpQ0j6x5seXRG0fiUw/8k8UIXegpROrrPcKfo97yWD7/ujRbJkmHBJhm5UesqGg6/oL/0f3ornIPH2KCRRAD2zbpESoO0RudvrfDbcizxuPBnzWe6+yqrfVn/t0juJNiZwCU5U7hPLf2ejKI55ieMqZ81OeyPEa9l4SAvifjvMdoRC/MjztIMWdsnymCS45gXdYvLcYP6ry1e51m0MVkkCIz8qCzSQO0906IAZfR6aFkVdf0AqJwzbWPYgTDM6kmKhAOHvjP1UMDaZVV4vUrqCWGM2W7hvikrBAX1Yab5SjFjjIXmpPUpgEE7ipD9+Dhdv7S30rI9AO9s3eEh2iZFqtS4Md4D1Z+RGrjpDzNfk60D1HokM5P2padbdWB/oJ7hAdSg8dz4TMAkiVVsSplk2KnMeUARimXPApJdjCtGU2MDvxT0oWSSR4gvF/VH4M6R30NXqiNZbYkSKtkcBLbN9AN2AR3aiQoZ1uZLIZmzAVL4HmES8lhmCy088eEqCcGIn2Kor87uUnahI/YkEbsm4WGYl73+1DER9pIIp1HM3Ws9uoZlxWeMtq2mx/RuMuWU4Roq/Lv7R/oyuDOo3k400mvyH3L2FDCSqSF6bPtMS4/HzTLUeqhNBeJM9LzAEk0vysuZsTjMWLLPBbZ4V2OSB0NLACpbEkPOGPyznbTDOUVKXd6ns7IdAdGxaKRxw0VH7LjYzNSEHh1h8ZcCIogdp7akzh4Q1ezTj5MWnzHqh5AVfjnrEM57DckuwyBS9kxBJDnSzXxJm2WEHFT5dV3D4zpMkTZqAqiQIetGARH0tYft4/wlB2+ZxOzWRPfDrUd2glXGfM2jC2DhhJ87VIeTUnRa4brwsHOMd+Z8PXNcNCybPuNUcjGmzdzU5U/VjhruPMsT0WiGBG/cPHSjLir3mxJf/kd4UkMj+w8DiJsheDMDBEs8sw7oPyipGcoY7S8b0slrjTNvusaJ1iQ2tgmbtT1U6J0f8pi2w3dSPChltpYzguQlk0A4Hc7DAjQGoz+EEVFxQY0jPGnCGvdUSozX2Ub/6g2t1HOoLJRXELG/0DLTIHvan3QhiB4+/S1pR2hwwhJYqtYH0eU5oxL1xMbB29L/V5anyLot6vmDW8ux9z3H3U/qS61/+upQ26fPqiYeTEtWlsJoRzoRJW1vNHMGJvPrM2P4X8cBET02RbxlNenw/wv7m5L+goaTHYNWcgutQfuQN58uujWlfEXdzdOdOcbp5iMgdfZgucj6brHAc37Z4F17JdThe2mJIAYE+in6ZQVNGT6ArnDo6vG2X+foFODo/a29jxF2//yk7+hCSJI9RS7tbXDNuNJR0DVcvQpBu9EjNlaPAkLcpBcvfkM/k0MixcRLIjNVGRLDmDdv7ehGaj+xzsbaE1XSwbxoOBqMPgotKv01H5B5vgx2fi+5bKln0j3rn86ZA2tEyf0FwEPBqAUAm+d0H2GBoueJ3UUImwlbmK3Ufjj+IbiCSeuUS7FAxulFI+yH8WxvCLPCaJ/FCcxeo9QXWbNGgEfXQFf7RH7wfJb+r5cCimsUBMu6eo+F/pMmOMRKymsYenl1qhW0MZJec8WkNfXv1VbWHIKM4trqPrhoLluwr+kz7/PZ+YpgOAPGnT+SDT8F/2tfnJDJ6SqolCQsRH45NenXoQPXJkhcq1TPp9IhNz8qTt9/gomR3nxFgsczEdnPAVEXSPGwcopLo4eSihX63wz29AkH1HD5TTbaFiigU52e0R+k1XWbQ0cryuCGUsy2G2fyMd5koddgENtvaOiba6RbvpZmk+mdrBwfsAL0YZRvxWsKNJmPIgZd9tIW8B03ApMWnOP7J/b0Va/4V+HXHD9uP3Xr8SuQMLXFfv7z+EWzoPPjcLJYbMNutkjSVAeR4cVD17AjRhdLao2Ell72CoeP/hrSFLRjjgbhmFZumono6KKf20j3NEM30970kTStUS5ydvAM/Y9MAHMOU1JJraKcBFGUkOQGsiLEVZdwqVy6Gx6RuevDd7kqzubxm5zgVW746M0Vfl9p/gKDfTyqUdKYaIvGZpGE9TbnpUrbTKtB5C30nPaPgQUaX56WRyJvdBHhcEuBJCXldK/Z290hKkEK7vkwf0YO3qD9HoQ8+2R8UNk3i7+Vq4O16P/iw3a03dGkpywjUbiIrMC4UIul45sTuTMEK50vnXyvd4y2tVVcVONp98rvSGmi1s9e5sAP3SELhJd85jGmy/812+vkVTAnWQysqdKqLs5coLwXR1qfWRH9aWs4o64JV5E24cQ+btOBrJCep8dR0uiebYQUOpP8h3/rsYwesEkPI2H0GQh6lmvFcTmiE9oEsJEZ5fpe3gr7KPC/KifsCP3cfCFqGoN3WcrNl5vTj7Q6qaKd9RU0eO5RlTxhsFQJM1zIrI90b942Bn1YezjfFgcLR9JHdaNtpSMGjBABWKPqkuSAcL6Ar/M6RoV8us24dK++lERtOsoGNflq2X4y7bovPZmTJVfJPqxyRznMQtt3x3Hy42UB+mARmZra8BwCeJapF8gRfbe+j/R7wx6iWs7oiN81DMZLywKQALaXB/bl/+E4r7vEKIZADRe2LFi4JcPbsc0AhyCKaFXsDS8hKpKBO2554VQuP1KNADPsjGDgrOBmSHFWjWnoWNIMFZS7iArV/4iluXL1UqVeAQulpM1NMYiXKcCJgICLXh6FH/TnggPnUmJemI1AeKTmJn2AByBYpJlwjEdgJn+jVFLgvQHY1/XLDzhf0NZ+mEj+adsMSacUVfUZS1Dvx+fZbGFeY9MqMRed2w2fii4VmqpjnF0Xu3+Y/4AUXXfhuiEkMlAb1l8ywa1KoVcTJzMYeRv5YLRhaF6KCcN9bHsiJYdZczGYuqOmSAvIOB1UkM0vSo848Hywp5oWJea0w9z4LifAnawt3F5bTknZ1xrOjO4INNG3L7cK5g9SqloVgGG5LOqaqm0jeBmhOeLCPu27yJDYgVfGzvHDvDHeynyRojytNkSGMJK0qyDt/YWRBmizxAFs05Vfp1WYEr81Xm4smwFIp9YYXZntyVfjWf5UbL3sv5W6CHwoGwWNnB7FU85g2t8YFVi70BSMGMWTHrTVTheZC3xOUVbCqTXKOnLAjSrebPdxVyjbv1MJoSfLQvML3w6jjIgRg52cjrhhQhA593ifJB0mbHYhwtB3SwIZAJ4ghayTWvwX/xJevFd/YPIXPMewW9DU23rs+XkHXz6DQ3F9G/q/98fbK3+vtYtk7l5gtLEcRqpqWlJNJUTnXuV1WonDcCbKG3TXSqBc82hH32Pw6U2QZG90BC53qU5bGb5YL35CIFCl/Kix5m6ofPKJb7uWpJjAlbl+WUek9gTq5L0cb9oWrNq6Et3Limrwi3ZDBkVdfKDg8s4iLMJ5t8Saomi1SCcUG5F7jUD89MLqtWkxv/faQ7rKUmXYxahe/r8jjOk8mKLiGqsVC7kYwNFFd2mKkXu+PR1fWLtjdvYpe9Qv+ZUKOnO6HuWc7Wbw3QXYkFsI0GE/eR/fGIRAl7dB3tFPc6jVv45oPKVAJ+BgSPfodPyqmV3ACzHBrGJ6rG0uvhd0h5lkvGO1wFynnYZqxR61Ne0nVsvwQ3vO7umhngY2VP9BpziY12lMN4N95W74dUIx716McnUml6dEvb9lXF2YmMQUbECIlIKny9nn064ePnP9CZBlSQc5BX/g71HFG9YTEI715ujG2/TPB/M26O+f38sAR7gBcHhhLLxLdREtXen54DJV0mlZgWy2zySnN9rAmNnR6Q2hBJcIhul828uNxN41g0hJwpZXPF/DBcB9CCFX4QKX38kJvYxmle9h3sWryB4vJK0W5m3LkuO6Ow3/e/CTedjSiqY+swjvI8JtfDDp0EYl0nWDPjV0DCC0NGSTxWGAH0EjCdPvfYPZAnfINYpYeWpOBsLnlPPk6/0OMRG67+hG6u0mBlTBfRdr0ihNuNhuiJ423oPEOadCekd3JztOF/gL711NIxsz8ihJ/PMTs5TxxxoTw+MS/dLDg5rk9nQbNsKJCTXfu4L2bZD7h6MNuUqdOTBRK+DWmc5QI7WBrKXYktKPEo9yBDHqdfXfr61freCQlW5mPmIeZWH/0rZ8nTdHmxLKiytxJ7STU8Iii7unWytp647MGGyJpsNKjgf0DpFUlhZSUJGfyvA05iUUKhMXkeCXYqpuMMij3iUoQgD5/K/93wh4AOho10+uylpQlJuQ8DPZlMW3vBaMzGgJGdB/LBs+/15aSgFTbDlv85v6d0kQKGV+9q6sBK5r0r4cpvb0SQlWKcIOEEvbAGKb83nECDCQ7nFLsEmnY9xba8vL2AzqGFEOUoX7g/Y2Xy8ZSXUTTwzzeebsYzGeBCRDvDB+Ym+ugYG0Xh6xFmedApDbmg6acrKMaz+qOhJwXz7EHnHlpfnlsAfbOhcrcgS9KDo/9dBfETcbST7Q50YACHKlmd+hPbRz0yrjJ++8hqyy+Cv0gXDDzEk0ZkU0Ql3zFWJ+sPouiRSmmM8aO7l3kD6KnvTNeDKXrZaFmrOVRSdXf5D+NqzFVp/r2e/FcXeIZMC348qPOM/46QrxOOgFKybNGm1poZJgkGH0VCt41qrkvpF0v5Q+0Ck6RS4V7TvWnMOpJZCghZtFsrzIUw5fzZSNYNqcaRA7EuSpE2Wf7xLmKlYwk4tzCyYzxK3uXQsmL4Pl915U5nRpdE2b3qMN+41pJ4PgGffJMcYZWbUSbfvn8ZDWxSNLK0MJZ4fMoQL5jCOVDMx5juNJ153fbN2T/agfMbYVfOsWkFcjE6zLzFhmIzji+Vgy/B1ynsNivyVdcwIf+R+rIkIRmgd4vlbm8M7WysKA8DKNdgkhzV2axrl0G4Vw+x/PM0kuMwgWVwB7ak+ViqyU6E+hE/QVpGl2Y8HfELgsYXR554TCMURLtOiZXA4w8xctNFTF6ksnkDgbNLzDgM4PCV+xiDfw7Bi+FVk1ytVmnV4vIFkZ3pwohe18ycffSrRafDsuRd00uWRHqVyGY1WYXTOW+csVqGbtV0IvcEFGzFVONRzMbwGHn96vcYRz+EPA1CGhb9FNQbK9yMNxTAwrk8idQbrD+Qx6iWIFfwHlAuZ0iZ2DRoyTSP2MkiB/ZttZfqpeJkSSR/GG0eZ/s5AmTr+7Gup/p2U/u9pmLBs+5xBdLfH991p0sjSJRk73CcXWMevcSX5xDjiTunQQZgcM2H6a2RPpdQFmoudURsdvR1quBm1y4mkwddxnuB+lOK8Rv5ynDWGVHc+ngrCIkYFYR0hMcX8x7aJiJhzTgyv0TtGNAaNofS6mK6ONY1ul7nc1PxDHCQ3bjjzuiPf8gN/Omt5/w7idlg0w50IugRWyY6DavDhALbBS5Za2yhBfIf3GvKzhE9EM044HgD0cObcz6i5kgEG9Ypbi4X0A1XdlsdTLZxs64tNZvy/yESfl5cQWGIgSLVbSPTt+vMr2wkmzPHHIahpsLS9+rfp7lpTA16Wb0otJNKRZwnUlEzsSVqCBI8zgAv8g+sRVB2EH/2gb+1B03aFAzyMkx+OYYlgutHl5TYv+258MNnOKEQ4K/Ua+2zcs47D6pkJdyRs+P9VV6xku6L7Ehg9Aub2c/I/ToXhlxLmlsIS7lbDeDZrBRSYG7Ox/ko77YkqJB9LylRFW7XA3lJ6tWpfhMSt/s9VRS7fjSb7OngoI22nbHoEXq10TrLyZyUI4zjLzKSZZrQ2pLA268NEGzKJGF7Z/lx3V7Pjtsgzm/R2ebCUkjR7FvqX2iI0AQRBcBX+LdGxNgYTUX05ys/UylHA3RhcEd9kSnBwA1cq4ZJdf1ChUDtNJgmEVCki4GlcKAUyJDOkQyeElEx7oAbv2mWJ+KqcE1tuhDi2NBPSpu4JyWXp03YBbgowTJi527SswpBxTgMK1a1HLUCni2TGTYW2lq3lr0jIWUxXpSwfwnjKxJmt1jQIWB3Ze2itciS7qq9pZh4o4y+MTqDrlj3LelbyTkudIDaU1QefZOlncerCKpsM2iD7nwxd48d7l1cYZYxs1JUGprvl7blXXetHwJ0uEaT6WpFOfOR/lggd2Q8IsacXUCR3b8tq/YHLjgK7ihWXomGG9XGBI8idG7PCtcvDTsEprVrqXQ/tX8FtFpnn5ShSbXVaAMlpN12iupVXXCLSEfYfw7tu46rVR7vK4O6dL81n6gfsHh9dCEP3lpKvw9NclIz2pNNnolZSQsdVoZKSVXJMWKn1/uh3WYi7tuVgpuCC7qFQd0VgFgDOnvkBEg26CJcXlHjiePFqc986ErELiTFNtEL78uyaq2SkY9z2rU2RjDDsJ7X7ZIcfstQrcBuDYvPbdvh3gRVbzaXGUSu82WTuHWaIymLjBzsNIVwLh5cep29HPNdeSok1Ss3PZgveu7yDrDguCuJuqpOaWk/YeL7IRvdu53N7YbPcTCXWw0FkxwPRYcHvrCZXGq14PfaaMBLZ6MRrxYLvUklynHHMEB1W7jPuw/68exKTz/1S47GtL8FjozrZDDB1Sa3UsynZrUlZghppOrM0eDfgKfi5o40TkaaRhWLR3g5V6ymhcbzhp55PU12py2UBFcQP5hvpwqDZKN9/61P3nLTrKL204GtUU87pt2w1slwDihGTsAPAnyucwiAj/FTwJ5BoLXY4UVLPU4PvB33xLObFgTyt6hsyBSsa3RLD/n82Pxx5ah0BHc0j/OqCyr32xvDCRuk7KvJYCQYRHX/7pJ0cWlSM+ltcSAbFITSSo7k+l6edoI76xEAmdqT1gBoBi9QmwyGC/LQyuU9TmG7SvaA1aYX1aPjZ5q1NDRNy0s5xXr9tj0HmV6yT5SsYACuybvllcRwFOWeKLLFO8Fi0Ui8Y55mR3Rm287giYVD5TZXBwqNYrAMnHwB6Mg31XqElTXrYAaOanvKmL/5EWZNM9cdnGWZ4LavfRfqFx3pv041Xiqoom5nimUbMfF6PvE2yJJXgEW8J3OPeZLhR9Y6Z00rem45O689S4Npgli2r9quONNEf6drcOFZ1F1e2cFylZhvCrRN6P6zyyZnWaeWMZmtOY7BO2m2iP1aVuQe6WL1FnXKumswjpoki/Bmoch6ZIlSs571hf0jtlIhG4zuHbI8m58DflANuv7XfVaggDuflZIfWZ2UgxCWgrasLMqZL+4jQyaXP3VmaKkIP8PJrzAFQG4Yl/CgSdj5qaeIqzq2jc1GnunFPo1AWKjwT6EwSMAop2Bvhv2wm7T+1YVe3ZFwRsTSyjvzKjeVKibRfgsscvYFwMAkzjT9xxQ9YHGAIEZOAGu3iFMpQzZwyohIgAJ+OyoJaI4V/FL4KX0jSDo9Cw0wGI9t5dD0dIflttg9ojabz9t5knEF4ywRWOFBld2CtWIIe1Am5MMwzOHxaVen0ssT9YoNI75FbVCVFiR0zNxw7Qc0Syvqu3BauBog+wd/Ur9+Y0ATgvobfGVNu3iuaHxshGOdF0nJF5gXrROmX5Hvk9PKRfA+p8ClCb8OvD098ak8/pS5ZrMGJUOJDwKZI3raYa9W9ugWfdDuPpEj3TG+GwFO87wZnmVaa9aDuvTnoqpsrw6DzauCUHcx+Eq5ZN7/0xMPYUBlZHG//TSi8T5Y3WmK5bK9w+ZC5KnW9LszennUSmyioukx1xcwxKxq57i6EAZYWm/uKjwg8Yy9oZn8tw2sxd2HBe5YX2hGM9Mkx07ihqx8QHiVjE8GgKlM51diNnN3LGRAfiE8QumL7HVmFVOIxBoFAneSi+xt/TfBOr6AQIUycQfi1TD8dSd5qM8YHVDCiRy9Lq4oOYWdgAdo+g5PGbt/JQRRZH+YkqXx+4gR7T8jSZPxYHdPF6Er8gFA+DwdSyDbFbYP/3bWoVnflCg+8liGk3WKkwDXX+zL0kuvzJGKsuCw52F+UyKHGuEA+0R99dydoteE6mjbqP84jPhnk4uIbMtr3jOPphm36hMQyPpqrp7T0oupKahOafpY6lkgOQdb4Zcy+GjiR8y2vLXFe7KTm/yFCxfC88adxWzJtBn4Es5cymH/RysTfjYKQthqDRGA4Onys9YHuSW8Hp/0mPvdsQlZDAO6L5sg9xwQGMlyjIfcCeeJmfpuy3Pqmyvve2udbiwjGNdmy9pl0UPhUAdPywYu8Za80eSaIp7Mnnv/CkN8AJ2BdIS2bHFgN6KSew4ZjPNYOCmRKxwazuSwZuJy6UNtstfT8/1FuucCUKwLuki04GFFKw+e88mIBYPApjcEzHInuPhaqyNLrY2KLB+QfJw+X8Inx8hhycCWPT3LIY1PEk/nB1ddYZO5XX8x/Lb3EwgTIXZ0Oa9ePQuZGyykG8+gVOmvoBLGBBTYstTIz7/pBokQCVU4WM1OknDEQFo6k8rzNN7YT6Vshr2CHhwwinOvYfI5TrarmxdO1I6zI+G0mh5w4G7Fzzo9ozQdikUZ/EdJYQwJdXjT0+3F9gU8b2ISRAeOMYmenHB+zvbOMIELst6CWzTJADcp+HA/FsLO0h9Ta9QHMKf45BlSSOOoL0LG3SNEhINZipekuHipTVMzHYsiVeErA+KCghIv8rE3iiTxEVbjQHjPHc4z9ot+7WOC4JZ387luApmwMPHbxvpITHcL3MOm+RG1SJscfbGcWPNdoVK1sC5bmMTpzqswxRlsduEwSkE4Cd4iXJ88Skk7lDS10Oo3k8Q1WPz86/+UhHEs96/IJ/yWo3VW3dmtS3D2F6cID1SGp2EZZArFmBbo9I2xjIzzrOswyaRE+Cj9dHryJHv+9nh+FSKrRa6rR/rwbLy+ktfB0cr0fXNmBlGgNcls1SJxtD3s5K1DHtcwA/WWzV9qDxjKB81FO/WxWkbTvFRbq+OW6OdxIBD5kki95qItnPvzSlqxEa9G8BWj0v6yud6iC3EVHtd7fDjvt84dYKgbg4zW1kkecBDUuuyvA3UqOcQHOqNEK0lMbOZtaJUGNYQb9qnwFARl/KPmd8UryhK+SpOByGQlH2Yv6NrMgQiisi6E2ZlHS7KuhygxN3dTkMS1ldhOSniQF4lG8LdMUkaSOxu+KUkPNB1KcPbNRLPODxfMzbgJJP1YySuXy6Mz2UrU4aCUY89QvfN1+relDxGE7rFux0dcfWvwmdmpTWOyGdl8aqQ2musI7ujqPgCrU15MZ7i5j4oGcoXBi7NUPPnUewnZyKd46pAmzhtUlcIUqKV/2OfERtsytXbBmkjU4P2Tr5kBiepMniSmKP4fwH4yCOLcv+KhQFhM4VCQ8ZlPoRH059EwCzsYs7A3SuW0ITFxCZSNAEzgjP1H7DWWl1PRSSAWZMBOB2X4VxzOlzfU2VU7Oykv4ZyExrPG/OF7Oj1FjCjxVU3Zmn1+fxPI9sIMLfSm4FhUEAkXq6P+gAE0WHLI5eidQq3mEdm4vvAfjvtX6FpnIUYyTbn0vb4NQ5sF9cVhwIPCQ6pzzPD8kjdLgYYv2zfpx5zF2sAVTyQ+mHRbSEQmCmKauzSbZPBGi5MR2fJUGTu4TT2DweccCgT7p72UuWKZPu9s0w8v2FiO8wc/UssQvoiEIrSJg7t1DQGQDR03f96NQrommAQOmc+6M2wxknsKudsr4lBvk9rdlMBODaMW/b4XG33mLh9fHGkZ1RDdPXV8YWQpnecWlwv7h8U2evUDGBVI8Q+lPPDPEqvDz4/snOtSoCqVutPcf3BdGqGlHvGZXMtEFL5gTs5BHCgWnJVXCM/KPTQa92V8ePUTmaqcvYUO4n1d/N56wVUnjfxUMkB6NSyOYedcRGpsmX5XiTSCc4aymaQ1S6PfHcDlLI0Az6gtchMY1xtt7psuUqUswwxzbLImygIp978jpux7CcJIpA9AWdXz38Y7x4C93Q74JspNcMYjmPabknQoE+XRsUdpRBnen/XLb37pt8xGtNs+yc0dfVSxg7TaIctPdqyTRhuDPDCtUEGifsTf01PdEJrhgMDA9WIQWA+FMwokc4sSufWPahUklvKJRl95rZ7EKTLwcvun4to5/iQC3W/u0sSNtPDX5G1XOo0zxw5/gGPYZtQPzwPf11R8ERX3HlS7HmtW+exGCDcBeCd5qjtH/eVHV5+AvZ/PL90KQz2+Z0RihYOgPV1vZRzsvFs5X6mgss5whmCknKx+ucr4FcKuYEJt0dqOP18Vg11GG80ustt0tRiFgVPfgYyew35YWKsvd7KGD4SaNOujlcoJ1pk5KgfYHwev2XzpzVLzG+aC5GcvlJv663jNrIyfglaqPMw55tKG02h2uc/KNJCgAyoiuWG5k5plPe5IkJAIkNXof8SKIvq+pcj81UQrL73+ZEUG94p+R7MG0RwL+TamEwqm1YOn2UGCkHknhhp/A6Dr3/0SSnk3fE5+UfmBMMgddm9hAU+neV57myQ566sXoK4pE1Sleb186fPBNuF0SbNKPrR+HPqGKr3NQxZbuPFBSHmz4Vc/S8fmHMp2/4itv3syi5xlYKLBmWHm+bblQhok21Gj+6hy71LIh+9MmDKqg7p9fH4dFQTTX2JrXK9Y4rfGJHE92WF8LS0qnRUSGbS/Awwat1H/5ZKGFFRlGKK0+0S761UIIkbgh2nWaEandd0pgW1hMfD+jKaCCNKQGBrilpdz1tmaqI9hXPLQdB2PCVgsr2PdVDAnkoaBcGdgGP0y398jIhgqLMRrbymdn6jEbCi3k0mJV3XeoGn65nIuZsQS3aIOOzO7Z82ebtxjE9TisAi1Z1+pn4ocR7Tk/AQzhcaW/BfRAVD06u7BOJT8b1MdWTVlEGu3Sj2JPA/w8AO1TFx//oDnc1kncSMBqJx3v6UjCg3RW7GDuYzzpD1GEAotr3tOtr9eLedfzDxBMm5l0C62nt1hezEnDgRUCdqhC/8o01pG4w55OWwVcMh2YiEpaYyg1VdYx4dhiLTxshFlORCU20p8mJHfovGnwJVkLO4WOt4H4/xLOyiarIF7FCGeUQrtVv5bBClF5fxCylhau23LtH4eXnQDtIOtojBtRMgG6oHAbqvOYFi3ZkxE96WNPStjE3vOVpt/jZsc7CGWmdaoq7EK7La5vCAYF50QbnI8oqmThdgEf6yz2ojc/q0LTgs/SITzl4CgBBo919BWYSp0YchCb0yLomLx2CcEpqeZFdqM2MYT882CCXheI1npYb9Wj8oF47l0qijb8dc1lngCeZxDeLGkI6GTQ3sAoFzUvHvB5zDPBA7P4cKKqSCEkZLlj2AbaUkEAcfn5b4DFHV3zoP4RAc4zZQs8VCDnHgKqQYVaz8rzHt9Inqyhyg1ECCIaCEOmFZG85jqLPIYVufXysXkArX1Yio9itWmmwaYkzguVqZ2ranLuZPdrG47sDhI7E/7XnIVwCFmTESdAkppZnJvB1OOxOGvdoZNWOkIYHskry3bLoKVMoSdi/wcLXvzfvBHaDn+2hvEPQl6gjzP61sNSFrbXn2RuSRl98juh4/eEH1Mbd4nnLpFgqSnVHJQVn0v0Bgo0a+hClJRAhnZB1hiDyRUF2Ms0gyM+aX7cj6mOypGLfkLnJp5GbMKnWRiumocryUcQiUCgqa8NGmXzPi4AVeGjAq/MvxCsaB4XR63vosCsg09mAjCWEBWGFxS+9DrRphxW4Ol3BXn3jIwVDYu319QE80iR4yFsG4+ihUViXGMPnl2s0yCYU0Ek/p/ye5/rxIhJIx1KKVTafM5wsqZw2EjD+n0YWzu/xVKbZRWyvwew0ANzL/1b+0zGyYfO1jgaFwvSQud8gHh81zBNizipV3PC8U0bDsvHg8b3hTlPKcFZdnXWrbR4KWjx62UTp6lxGVmZCPp8pKNKDcRSuAn234DbSsl2JgeQnXcfPd7vbaSd5d+iOwc/2LMywXz7GVNGWLNTiKKhzAu1UfFXPpyQZ5R4DAuOHVb5Fiq/dlkHJNzFd3VcsyIrlfJ3txwvUCNfqaUx/Xgo2ODzxeoE6eUHpltYvS42zs43I6y9erYoMHZMsvTnwkF7RQMw82lw93gObMVecRY4rJcTXYXDavOqR0Cf9QXtBfMigcMKWIkXgvAEf7HtkHqx5bO5Hxy6CO4IkZI/YN+TxfyPs/RfiXgz0Fk1VAPqOyfZ8b06mmCyIi/ZQCdjixA6eUBBPBEWD3snek6Si3Lr9OYAvPS2ct7Q6PjnYqjPf95Bz1pFlgq4ayCyU0Y3uY+ObVTUpikzBPK9GtqZIY4C6WELx2cTCaRCCyZ5BjLtWrM7BJRRCX80KZpIFqk+zKy9gvuN8Vm2S4SLTKSvalcPwZU9Dab9ylzh7SDFuEJVXvj5mKtcWtMnKN71hq/P6zmIFE0rIw8TevNbGsleyxBNTsnSg3FGcSdLSp1WlTHR84qxaFfyvSjn0fCU+Vn17Hr+6o2NbZk1n+ZQ+FIaDLrDod6GZm62/11Vxx4sdOoJo2dQO4ck6BfODchph7lH/n+5EeBDSCn58XJE9ud4uVdPv9j5/UzJfUIzJUnejLDA4Ug12B94E07nMkLpt387R4RXoHedrVnSwnMofYgiz8zqXtCNrx5DVm9jUOusa4lNNQa1sMN8Zs3I7q8UceIGc6vTexo+i9b6RT15Z8IU9SxeqNI+OnfwUwNaxIePALVy7nFhjmdw9yHIXENq6NnUfJIHhxbYV6CS4fmR6aTjZgIrv9UGJTMwQ+/ps9VO0tzx+TTJgSJdAXpY8nf+M39IAVHErKgwvBvhPJtPh/5W08+wL5KoQvB6mjjLz1JGmw3zaOlah6w0Mr7frmysX/V+bUpavmzlawSUxd9uiACzBxH/WWG1Bs8L2zy2C4+B/nJ8NUs72Z+NHKVC313OVKzpfugM60kGaS3hJPu6OsjbyVmlTo2w4MFYtjmw+I66f5Q+jlEYnmL498O2XNuqGV3o4dnpFLx3zPzdLIgQpojO6a36M+hrE3HNVrg4VGB6OnPkWj5pdZo1g0bRi6fJajkqVnicTHdhBD3lXMKBlCfGze6oWqjASAj9lHLPTK+IMFrBnQy9zH1vaL1rVSZtl1VOOCqfAzSpsFJnKmO4SrlTdpXH6wIUxaStMXZzui4SHOuITNQyakKmYAd8igk3hvcrY4UhkK7Je2mbeNBz80kftVyfri/92c3b/pa+/P9Fjlqnt2iNKmpWf6w+01OGS2xBRy5kbRQUOo3dqNcHyvgemb0yCTySNy2JEzNId9ELQFdATBtFNzSs5xMmGa9Ggkn7rhZgjEoKpk37Z9RAf2iOvPsyYx80BY3EY3xOET7Ipcoze5seKt1Cfq5ozKYkWapWaJzFrnM1ra9JBvLqVM2O7swjlMUTQz5MeyvxLFNn15WyVJQF78YneVmQWsk0k4Bmaya9KkUtj7/X/qaQbrhXfe7JJjxlVnD/WdJIaWr/iXn4osKiirCbOMG2UGr9jO9wRSIX4lrUbh3JcselHrtu9joJpd3fDDru9N6uYrECS+mk5RTcLQL4c3GClNSufyo5rn6pOgqAjikjLhq1vCgP8epVGUUCu11+39r4vX6fketZPbnuSzfocf/Wl64JafgZTHFOn38TM4eCdwJ1+W/3F/vqMX8r41EMaCqBhdTQI8YguJAy0pzqqIJIKWU+PFchDvW8Rve6mTi/vEg7s3AJQrqoDtfgFbDfRdvTu6yEcnpV1IBeh6oOsT8SUJ98vBZce5EPRb9GVUIPv4RXML9OPZ1X2OxApWLDivcVTIbXZ6MoMTqX1aXLuj8kN7fw38LSiyTK+zIrb6UVQppeJ+X70C4aGVsf1cOB9+OAhqhUx346rAf/f/FdzECZvwC5baraUglXuNYmTVM+CJH2KMuV4anIKnoZXKEtbkuqJViAWRd17/Xk4luF8Q2Ro1KEzo71GrioymCcNbkr5Ux5IkBbzxM3R5pbt0dgvpvCkl0PvwaWctdrXUos9rfarrr5PXRvm7g30H25hVH2VUWCEOs/Q7SXLR1fxLgJ99+7urZDNRt4GMX5t4nSU/ugOkW7FzJK8wtHwLm+Yx1zpo3K0SmMKP+UqFqSJTkTfB51vCNllYRI1BA5Ze94+BNsLok7DcYEDsRDR0AF+MWxJ7caZbUxXWmb/zKxTUdx9o2hZ49ejbTM9yuvsSIjgkQmKsXlDhBV6nB2EejHU5o9SKGXVaC9M1ngfP0EKGY08/msNYBzB3fWZWjyZVz3AyCUXdsKBPU4Bu008sYsMFYDl47qqIYpgmCyq32yoKFSHwo+qnBFYiiSBA5xG0Y4nmwucjqJsOkOcbTrS8jH7EoR8yZUTf6LenLjkqywG2YUQhhhk9Dtio3qgywH/+ksTxGLcH9/TAdERj4WYO2Acuxp9TYkI8U0slhox3S8yutZpUwn2cxyWrM60n3BafhbTgAn3m/IFaVvzaclQx7bCb85Z6ZRwBtTPM/eFsPDSXJRbmLiS2+Qs3pe4HFo2mr+3ksa+kLIVrRjrZPyS/+/sdV1PaU0Fd/ixCOxgWkM87Qe0uEaTBIZh5spZiALk2pT7rZ+XrfEfiPUUy00GgD72oiQahf12RbVGUDZpoQpZflnCNUvztCZkF8ZTsZsypIxRrrlWsOvxCLbJplKpjNwqh9pfH5HFwocbmqelIxLBCPOLIs2yMY7kBUp1rW34wpqpcYQdk0DE8z7/3BDmODhLuBtk2KQg4cT0qdHXcN6p8+xYn015uywYvwz09HekddWeNmckQj265XhFgqWxaWAxQ1OFgLRfnPxplXlbWKKmCodq0oa1/SvCH+YbETYr5l6FS0pS6BAySBjawCs51AxTaJbhIkl3moeYAwXIFFSwn5DlomvPNIcoHuzXHifOa+Ym7yA8gjkVpm5ijihbxXiUa1uyiMVLnIPvklRvHDN/FIu9SG4/s3GOdaPrJu48Ax0bgtdMXj0CmjiTn7Nma8l9sOXQRd060eG4JxdO8aBkVPhr7FLajZK26lviAlkfU2aOpNOkSUiBj1nW5G7uiNBCfFx9eE7uYfKsQK/DNw60sNvjUBOCxr4/quFnV8xhTbwIh9je6lkgrnwM10glMLrfhupAS2oHh+NLA3w9/NpgL68Ol3ItOjNidcC3hswO4urbG3LpMtFtD4HivGpI8H/tje7VQTiH9eIIC+GTU1ojicYCFTQ+WSQ+l2kOQvUozPKsu3UlITWXWRr/sWv56GourDoNrAZRY568811FbO3woLXWMmhf/9zApa6A4IGBJKx2XYigr5WAVByCEcJa/cd51/PX/L+wGXJIJ/3j/wNUscZQ3b++yNsI9YnWfG2i+W8ZaXkHEHVXMqT4sKkUiTMVKfOx+UrCbswY6+2PY7j3cM43Bp+dHpCDpjyURcTcJ4Lnzg1qIDubbRAuUjv27buxnxOr2fH5cViemw9XJ4OosaL+A8LR7vxH3uGS9cPgW8phQab46ErWF2gssMOYtA8FRkSyJkLibc3mV60wKMooOK0HIxSeADnXMSTCqVOjZzyLTMSlGtDVzNXcewp6kCx4g10ooJgySGut3RbrjQe+cDieAgs/TL+AV4lLOJcrl+JknoS2A1Qp62KVB1D+YxtflF6hhd56jNSvORyHFel4jpwiDgjod6hLhnhmt1kqsvACOCtWTVwlQj449+st2rU12IQ0gLt+6U8Z4NEx4c3xoOR+Rk14WvCq8oxJniWXDsgYruQCp6+RTixFH7zSbpLfidlG4H3Zsav6ufMANV1i+prj/pJCA1r1C1HeNtT+fB2Y9ha8uhcGrABwNqRE0b/0eklUVc9FtDOwVN4ADy+Snk58EXydp2c1FQpvqwnor4UW5CsHuUyLDHjDiZtlOZQ1bUGUmer1kqXSUEzO0suLfBolCRci4LtcFIjNWSUU6ZQgUqKf7ra1AO60cn5GjY8ZicbIeothpFLj9IUX0eJNQIFTIlRWl6xOMrVE6wXRf+yXf+TgzkcY8RD7SF6T1iY5aR42auUj5FZRgUV965aSnKiu6Wsgf6YId/4o9Boi2mdTNrJX6iXhxX6Wxi7/Dtb6dSc8fNyIO4796U5j8s80aJjzYZ2H0/3QLDv/Mjcf88XguJRG8QlYtbEcta1Lrz9ophA4iJPUm7FDrWMoz1qRLdnVAkHZqTl29WLordJke3/UsJAuYmCiHnuDuS6JW75s6uCzylrrixNup0LPgUWXOc4dbQlbHs9lbuz4X4UGheFdZnFyLOhaoxtYlS+3Ik03RvBcI/GTQudlTuMWzzlUGXXQhFv86XHdMt76PI1ckgxaBE/IJ71aGUyur4BY34cM9o11Q8J6oWFO6GmD2SySQOAJ1/SwZenVjANysKgwObpw1Q6JX376LtgbK20JnR3H8j1Ilhq6wJGOJSAlNNOCstJqfGv3Jr8RYay3oQY0Wd69CQHCZtcuSR+wKPyWSn8z+pXOxW/iaz1rL1CKxz2YS22bOJaZVivYIXi+wWg4bUBx6BKov6ktg9r3Vuiqu38Rz9Wwy87ymAgXX+1EEoMKeEvs/zTSXap6ZFnA0ZdeIC4YB6v/ZQR5EQbZcRkgqlQ+TSP8f9IlhXaAknZKC/uUC5juv0pZS/vhwM7Ac6tiEPoe6uh0TeFg9SHihqAqXNwWO1FCjOTeOH8KUdhKqg6Xm3EUXBh5SsBW0wOfKRFrR+byxQBxA5WltTmqeP9OJ2ofcdTeHrUOeqacWwhaclD9qd6pLk+YX9HjCIN1xUodAuzIzbVJK6ejBXC26KD1dbKmHN5ziMebQvoJ1/sBzXM3E5nX77B0HNXwBtFnlFxwnfQfm3Os6XvqcywzYpow8946x2jO0+yozyXgFpGy2slOMLINGB3oMCN9xwpTkNuJaY6u9buVCbTr7jKZIvykfM9ddQUTfgbNXs//7rQYdDZefzdkJhZWsR3IxetNylUIfVHSR+clhwq+fbPhXlGcRekyfw+uQVCH/UCdvnyHy445opnOyKVTkvaC82La9u5eFbKC/Ev2j5NCiDWABJU9y9HF4kmxo8b/i1aUstseveD8QEK2Xv0Rk2QhGMqAIUU6FuPh86mbwuUji5PcRV75mRVS03gTtZlrJrr6Y2VrMppvmXl8BSzwATfI+UKR8ZB4yufkJ1U8OqplQWO+RBqYeYUfGL38v82atnNWtouorGx5N6CY55qc+dS5Vu1QscHhkO8EgdnYxM7otuDr/SZnbJMzBbFsO9i4NSJM4XAjtfwZWdfRzWtU/5FnH11/Byu76Kf+qJE6rZR+5pBOkwR+4C+X6X2LthfmV5KZCtZg66Qel5K6couNtS1oDAnOuKvbV+rBEaCZbrtmfeBbTv6weTYyR6ZHiHNK1vCEiCDELWVT62HXxNVEZXsCV5/h5/bPpoNxUivw1hj0RG3nLZxZX2O9qvB5HnAfuGCkkUPzkVsNSaire/TAKKnKJqS+vtebupAMjPnDvoaOu826X7vCzoLotirOTu7ZdPmgTfA5p9c3axfIs1NZ31BFA9ehCkWCXVwzhEyIopUbLgSPnlSV3/pcapjUa0V3Lm9sJMcxjFZZ9FyfKtsP3QRSZ2r/xz/ZzXTetCJ+8wJOYysw0vzAtFvErpKv8tsnhjTFrGFhHxuU7w7qgVeU3Wdlfjotsa63NqEu0UX4BVpXmJEOlac3MfFcx2MnJsZhKQHKwDJtlwfyU1xJ+qctjyBZdQHucoxR/r0WSeOanEcin0n5ZsPx0FL8V3Fy6zB+r+wGE7leZ8abPBCYlqQEH9JUOGiJKqo9Fa2rvUi+gMl/OWHhqG92jYPUClP5PTEnMofOKKKBlk/XcLqxgMSmZpxaQd7Wdj34dWE1Z+4FVgmUWIrCEsgAFN9apYIqHtyn7VYrZ8Q2i3JqBezCb6dwoTvs9GfgW9yzNChJGtK7aDCG9Fq8L5/K0NpcyFJZ05r1YORrr8t+v1jixq5o3MfJNcSU+K+LsBcHABRiRMZmdbaow8UQXvy9/HIQ85dsW+YQDmq0czjEbicJr3/oqE0ItusPZwJZRSa24BBVFiZaER7G29wxuFqVJArUtPxSZtiqZKQ72oZsX5LpcQ5WCjvXjXhX1P+a7xRzG6bJ7VaeMfZRtF/7Tp+iai1S3XkeBSePF9NxBds6K+Wa/ZLscBJPRS1RMu0DIcXAPpryVA3hC5AXPkX+ZieaZet5671utbLiw/+XSEyb/kE++gVgRnDvjqrsb4Ccbn9Av99lqt+LEccKLMUfGp0fHAZevApU1OEx7HZ3izJkP0RMp9L3y5pHc5rKmk4ZRnW42Wp6Yq+wRA0Srp0IoMF1Jv9doiPUiCkpbH2IxcKIF40M/sezlA+UThVYLK03YtWjIvRIn1x7Hous8w0RdC+R/chMcXtZaol9HPHFOcsAcnBOwEb5OfQ3Bv2a6ue+yC4ePBaP3Hm9PpyQodnG3xj4RHALhrNb6ta2Zu99KOM1qEbt/XVDrIQCpCaUmnf1poc2YzQsgEn6/i9YxaYskWLnZtD/bx7WyPHobwahGkik1M7zBxv5lQAbisNM59CwK9ahin/RpMlfeqwqgRUza/o7eorecQiFjrvwKCGaXBaVB1dYcX7VfOnbfWZBStrbTOrWGjRlWHmECxJF0nlp/fOOM8ne1mO+j/Trf8lIRzOtVSpWauuq6sc5krUk7UkfHlmsGjc6LXvoptFtAvvjuNA1yWz4BdbnNYoKhT5spGh/8eYIVaE4QmkPQNp5fXhAqCtyI8ObRt+ENBA/d/qwQ/h8p5xCEENB/DIjuRhIBL2rQynHHds5PLfoE/peFoy1Zt+RUgmsgQRESRpRHCf4MEjN0mrgEI5cYs2iB5tnotdnn63LTy2Jmoh3gK3F5pkrM4xJ1FbGpAb56rC2GVTIedmcpcWC8JMNvr2Tif7iXRHc1bZkrDi8YyVHaer+tPfnsuHnr0gMVjKtfqgsfcxjxfbNewUrnEWegsuF9rUFOt5WHwH8tT2wmUBNi66yisOqhHrfk7QwmO8hADbqeKBVtXC3N3lFwUbTYyWTbSxfNBzmCoTtzuCCUk8mtsOVnqnXt+oTkPP9W2j08IaChr56fltYT9vP7z8sZRNGQ30xSSacoZeUfLLLeDqLZmoG82taeGX2d9VbVvtZbdr93Zbu2GPlSPAMsRd0mIMJoKPgb1tsOh63XKFuWC6dRgoFnx1+vlzIgzs2O4cqr5kjaJUanO25BKzsT3ZZW2KFauXuXvxX6tSljrr05fZ9Hu81nJlunUtiLMPMc/+XPNYNz3olnzS1a6Ohmc+GQdcsI7Kd45jZ8U+MFokA4l5D80ki55qMbUXb2xcyzzDLLozRGo7J9CgLaKMCxtx/3jH5r0YG6S0sAmfP5rn18jbiBFI+xBUKRmvHYgOQzfyul4kQaXL6iw7qCKG9hh5DQsbN/X2g06COOvGIMxypvqztPOEmHMtrwJNNSz4571VIiW5YvuMq/S6t1mybgXx7+FrF3ZIKxntwaJxeQz60py5mAtbtZFc9KvI2sj+WY3gGkEfpgy/RMeRgrsn2SlNw/L41/V1lMv4rm+Lsnv+ylRQaqLEJRdBEHXBgt+TNfK8yFaLUa6nuOeUMsq5L6xp0N7DU4vM1/JgwrhCmWROi5IfBnRzaiWYsoovxl6kgRIE3HulcOf21LpOWItNvhAEvLxGh2+KcPMOnT5G4yKV4W1K2oGltQ4uHF8i6KN8W5/HzZBFvRXsSbIjQKKmvb5Dp7Ku6qVLthRBCIumDR6/ArOx06p4L15r0FsGJDXw3d1hRXt5PIr1YeEn/o1blWz8o2Xr3AjyNe4miUp+V8tFaSIhLMAr33oEyW7+MN3E+Bm5dTMHqkHEq0NZxx4IAJo9JZKiqOxcJSg+RQIyC5Afqu5Xz1NYMaiQjvLCHpMXTYMgFX7nqPzDv0PAnfBfwdM8mYC4jQZDquTVorgyD2jmb6mJMLBCthCXc40STdIjtbItO/PWiE/Ew6N2t3bVyj7AP9IdacZr+2iq0M36Z3w0vQL7AG+oncSwilxsPlFdRKzH2d6TdddE+ytwAEhnF8559gd84f3hYFMrYLz82jrzqaKWR5UL3lYoG9yP9GxR50GCB5ZcAo9fHgdwfdcl/s2FRlB1O49TWjF0Lbm2HXXGUCm36pk6UNIR4JNDH9eqhMPLy3DDxR4XGV65WUjRjcRaJViwLXEjXr224jQYA2gmfEzAsv67sOcy4UDnYRRBIow2YfPVX3vyQHEjICpnTdLTRqyye5/DWeY49cW/aOZHLw1xOgMGahcyrOCBGZTjx/e7DY1Ab10twCqnNUXT/HBQdaPx2oy4H9UVaT9f/3/b7kcoM89GhfpibPW0MKqdNwO0NQnDO7GLORHKfBF0WYHbrGdDYtK5fPqsjfTVp+MYq1pnc7v7e6AD2h/4u20v00RnGAUCvjDQgDdULiYRehWRzjd42CUiN/0SSNMVzsB9OXl/UZ/YtcXuqFEoyYSQD9xuPzKXkb/IUB/8HP317nRRw8zI/9WENtselNgZT4/eZtkegNJN+lu4Fz2RaSrDVCmkMM8X/rw+ow8SgYdi2M7bTNJhHzqkR1pHviUtbtQbVrGnXn58E/+Lr+StoQraiP1bshXyzKidy2wrOI9Yvsv0Cr6TtCIUnihqIA9Ttp35KQgJJcPpfFGuIC7ghtz7UP6iu8bpLLGYfd2k0C9VBIo1XwioV1ckb/ppUO7Ll29G3pFAN37i5BOCOlkFCn5RBGMdsj3LrlX8dLlMSXbp3J2ULuqZy1b54rfmzyWVuiQ+hOB+KmNDYWrBpSWOYoafGyUpduTE7xQ9quxGpqwavqmPPHcOxqF1FY4s5a7UOXl8/m6Ri9vgdJj7lWwSKNRsW3L2p0KJ7ZohyR+9cgkrd8shRCU+4pZa4TREE1Xo4OIUpOArqUcYtl09883SkLsolirLyigJtva87f3smjAMP2I8kmFQcD9ifmIKPsLkSYOlu+gQmAYDR2PFF8X9fM3HEp0DcM+J4vXFxNi5xbfhxTMeOp668zn7XAOL9F/KAViSsNFjILBDGsdrDM3VYwEVw8DE783h/MdcchPOjHte1izxuPuW7KDK6S5qCbNWFfikCJ7dl4QqjnM139OFLT2cxbUfaXXurqBoxtxc3++gMbhFQxUmAsMjfRTSHKBt9vQBrq/YMa+wmvC2gmcrGdh2OIplKIrj88cHFFnjVW6TaGic0fFpy09YSLiWo/uct/V/6HFQVTv76Q7OQERh6+4hBIwwVTcKtf+Hquc/PyX/saHNFqXNWlxRyjWfSvIBfGP/ClYP2Pme8GN+Bos2wmWfJxtbP5XKCJRK8y0KZxIj/Loz7Nk+yBPmNUuY7x2k65VTx/fMDr94/kZuWyjokww3jSXifi/wvod85jK9pOyhe71RgUaiPKzN7Z461mwc6ItJ1V9egV7U26M4BBPJJarD+d377p01lCpqLaQBQ2EigJeUaq2ITqQzAMobl9TFd4WjjGbB+7wd/u7/v5BHDSQyFwdof/Y/Om8AHQbTiOhNrvvqFHWvBhC/n/L01lzwIWSWq9xTH3D2Uu7la0n8kB6/FOu8Tz3LdebHwvop16l04ovN4K9qtJHqELrB/8Y2Pza3c4EUV/d5xGQitThNTMtltFFDj3bDYSplAaoRTB797gm4fdj7+RS59UdzNYhAh+W9ahZllpt/zG3NLrSYQPXAOvmt3Y/wIf2KR70Has8HnY4qHHmVSxJLA9UwZj4LJ1JAWkkB+vsYaGKrZtFW07Y18ZmrmTCNB27oH6pEPZBDdELehPsNuabXE2MXIhZeEYAQY3Y3hzY6O4VvXV4FbSSkehE3sqzdgI6l8vc3t++b/vh9cZtQe9RrswcGdLVkMrYQzfEnjDnmXX4eCmPmvZX+W4j1Cs0ObnIIc/NGl/8DBHp3rhzBmbvV4lT5f9Huj0YBmIAAACMbdu2bdu2bdu2bdu2bds2PlaH6CCHXswpaXHZyJ8qVKuW0fM3giMRTNSt0rmICOtVWj3SYFgChTE22QPGmaoNHgJfF9HabVlm6CDzr9DymEapl45f2dDEnrtMrcPebz4JwS+NONGpG19AqPdxedRgRxdSzusjHM1HEHh0Ri1g5ZtFiFi6K7hhY0RTZzMLyuWwln/mwHZgPotM4roKVo/vcq7AgaAo7vroSu4O0reqhS4pFy9phJDxmFMi95pOxOXy3PtO1j6+v+j6IdZEvChzcMt9eiSlDN5RZtSLW7h1o1DTGtIGTWVQMAzinRpUj+I32/nt2tLnnYYhY+puIPdsFpdBfo38SwAR2495wkRomIUaYAQynUB4SkGh3kyGxkf/beMb0ysbjfLsGHe09Ny+YdOvPe0NMdTV8r0X+McqkCAoRHeEgnQGdT4lVDvqyNXffA0wnRmxEpwWxpS2R1pLN/1DvlTOPAXuvejteW5q5Oy2RxmNH6wvR+BAf7zVqtp1hwYiuzAk+GeP20aozsznHZLCsyZlLL788iJy/2rYrHRTn+Lfsu6ezNVTRW9DoWYQsvsurtmU/UTZV5gmL0uRQAniQhV0TCfSd0OyMTlmKi4BjCNwC+u2Rp6a1bz+CaY1PgY4GqlypwWK/0JAShFwLhQ7dQGeXdbKyb5aVQb749DdITL74Yto4w6IKS3sGCW3/aDlsDYT/J2xeEG/cNfh7K88sw0sCURFYT8yVcWQaNSf3XdDFzoJ9nJyXa93A1YQr3x5oaev7EtjEsJiR6Kf0VDME8ReHBsApnHbIBxCLXkiqx5sIRPrW0CkoELzqxwETYqdsQR+ztUEmAfhNCgM3/s0euvUDtisPRejF0/QPc0SbNgcllmdD4uSBckxNr2m1pnI/cs2TewSCTlfadPrZbJoC1lGgyBqHhYxrLlPLiJTrCBOcbaO70+lhCWlxXtjTscvcGs4b/VSPz+ZBUtoRqilx3H+3hMWifDFMwi0rFPgDqM17hJ0xKmF8W7aIsZV36hDVd7JugNdXz0Msr/Xl8BJRfV6fbSgDSHh8xbkOoAl2ZoU5sko6CeOQ5QyXJ7SOPdd+ORGoOEEAoCuuhENZZ0lzkdmBRdieGl2hATi4UdF+mea2k63LQcF32w5jy0rX5RGyWO2OG/ngL+tjNCPTto9N+8e3W0IufPRYoNrnjYjwGKIEXx6riVmiu1i8tDqdNGV28nt1RCZ4e1OGQWmiLGrfiKgra8YH23tTyrAeFjlAGbdOE7JP79A7pw9lw9Y6mcTp4cUGl5MlO38Tf3njIC2fbQ6Pw+t9RjhvAw/yFUkRie5EXaeTzmS3oUsr77HIVF+5KAHXBf7iNfaY8gj7Au3j+kIEVJU9ZZyKnGu+gnlQGslEfogRea5fWrhGyRYNTerhs2zNZTOFd6hEG/UgFaUzhcFA87gKAwcUUz3nNaxY+vOJBlaP8IX18ahBEKqxnJSCZ9TpDPi4/FqSMXqUQZ+8B8y8pNmhn1/mInBNHvcFjgx7v2+yFeLgcXcwaaoklzh96/RwQoiFcorou0vg7eZij/iPGnblYVW0C9v2YcgFDWD5swqzjgTApXPkfHLAVGJPNWf7BGAUrmp3FRsgerPIAjkSoRAC3zdkVtlAzLhVr8XZe9BmNfnRECNmFb25FWo026r0gZQDCttmLV8hhBcNsZyq6HgK9Tq6vJZrzwLRg3A3V5IKXITzjDKKIAfC1+3XyPGhi47UQW7ybXgHyfqVFsRL9ETEaJd1yhzPI0fMZ1ginz3IvH3IM7FYP1WAOpHY8t9Li+1L/vrzxy3hIV39zVjGXPOUx7qekY/Q0BWqr140JHdB8OqT19MC/oDoM2Pyqp088EmaJZKqBEt24aMgOzOFVMQCAC1juER6sTkr2rradEvIiQSf6pfy5GPC32GgLVgpEQtKOaAUpKe8ol5ZROpvzM8vZT05hnWf3VrtpZe9q0xL6YEVNO9Xmw6mDt0kXtyB2DvV7dZxtjaAtvRbxbac07gORA1vBVZyDM5x23K8zPUn9HSyeiwwT4e1IN82m5r1WSGsqtzlK03w+wOSY0OALvRsYUBE/i9oNl8x7HTKRoDiSeZh1iIhw++qoI0Att9ySWqowhwXLsxsU8GgRPpzrcJX3lIiCnrSeRP04QDLqerbgTkt9GOnjmu5AgG2ayOLOpdGN1pcFfr9pb0/cjsCvcVJS24UO74BmlYUQONWNmjbiBYAKNKuLuAviPxd/5auT8DQKpZzBpExEubz6jqyTf2YiHStkMP7OTnXmVfszpWf5awyyDWsCh/JtrzS9QKFXoNFIJaDekrsFUOimj4FDC/k36PwipBmvdUNThI0mIedCCWPRTVIgn2/hcdRkKYl6lPKAsKvzVgTo53Rp8n4ScSxwoR0lrrYbqoot3giUoMvMIDg8CL/rm5u7SqiFVZJx5KNwtx6rWhuZV9pH9OxlXZ8q9y/QRzCpaYIvSgkDgDHnexoXTpGVItEeu0hk53rn62/5D43uZTiG5zL9P/7dCW8YUxPWmUksW3rWBMrogmDkR93ed7qtypSWKr72t7joOAxNLUaeozGze/mnzovDNBP7nZQgkpd7LZeefrx+0mOarMCaqg6ryOU3PP/JuWG7zLibuuZkVVO3w3fDBCZFmNqQtvn4PpYuZnYgAm+Rpgj1RPax08EbE602y4CrK+uA8aRoW2sltmqAFvT8M5lG1X9W4nXHlx6YHDW2daS9w2l+2I8yjfujLQbm+L+agXkIItrrcWhnBAEhnUGrDpiV8PsW0QiHK5/mo6IgIrjQReJVK8+ivTpkZ3exw7dMZCj047/nkhoq4rXdG0rREGhd6yvfkK8mv7faaIybT6wGRgfFPrfZR+M1YrTDHcULjTBH/aCGGiCNw0DBxOu1i5KAS0PGXeDi8ZfuA9rKOsuhE3JHxp6PqGh+cbH5BSKcduMYdU/4cq9RVUdU8VQaSAQGTCq/xQC3UDDun0D7FbFdRdGM5Brl8Q3zqhoUzHSr53FdSLcmlIlKlLKsc9OTavnUDL3SPrOtNw7C14UFshL8DA9yg2kL/IlIxksO8VOfjm0OFg1vZW9wo1eab9zjLs9vHEY6vB4Mr9wSFQn0qcWKCagSGcmu/Naixi96IhwNfMgj/xt6yxDXyRuijAaLCgjzHWTNSW4LUU/V/K+gr3+QHTlbFocF9DE7BuLBb4WzyBI/JNLU48ifzXiapevcEpdGbS3Uegmq/rCITF6wjE2NosEEN9ZtA7FGDu0CIPWDsqdbswqdrLjTUb85030R/8r4I0k1U14+TRwZCHfw3FbGQcoo5y8/1EEctRxJaQ3ESXEdv7VPCVDjqs7S9s6xTwVosDnLSYZg1kpbXiw9143GVy77pBQXhd5lz4lh3BNsjTsKWMnCyfoMZd4/NwY3FXjwtdZxSXMjvLo6WbXixy61SdnKuyGEl1JqXFkkh2j99u0iDIDB8RknOetO0q4UhJ6x3XNGsGUrOOSEuMOsegPY7MM2M3xaRzuyExpUaaqydL7KcUK0r+05CshD0dTVzaEFSRoXBUzCCjy57FrS/BKKiVakJtW5mm+p47Dyi7Kx+YMepJFnyli6BlcAU6TaSpwDAVz8xa+sXRJzUEE+TrfGWzuJ+A+7wnqc+OcXJ43ZOhpb6LAN5f/37SgfePRqE989ebcP3IFZ7C8cf10Z/lomwkFRHU5jXpIqkXq7R3eybk+WeWkWA18kBqcMm4gpuKtMHS9v5XkV9cCre2M88qNiGBTIB+vl2i2ucYnInVU+Wp+M/xZBK3luF1PNE3MbkO17JUoaQW5jyw/Eg09xFmr0lw6onRfD67tG1YU2seHTba2OzJSx/FMTVYoVaL2XBLn0U1Bqb4feLiJD88DgxUojK1PRPW08u5jm8EGiDGEGWyoaYM152sBLdbzjbffXMZ5dijV+wVGvBLm9ZcVkuCFS14cQhj8KNu+JJ0HdJMM0ldVL42CHXZvep+5ERbY8Bwy9sLkWCONDssvo1lYewRc18bzi7kHentW10X1adY633jdWdZ+MLzdiwM/iAxFaqGmEn0IQu27FWy9iKMlnm7VpvJLWpScEdpjh7aeghuJ1G72hT2QUvSo1Otgt2vqdQRaBKrh5NkZFQWlFDeEmJ0kmjnv+QotnTPlJxqmZlA+Y4igp9L/txIBWK1gc6PV+T7OdQ7UxOs6AYk4nfXMUhVWTcmsHNhvuQ1mIhZrzJ/z2Eitz5y/S2ruVBpCzb1isP5Jg3XIy4Z6PbfgVXdcPe2DoFJ7jijeNFFjrr2C9MOE3iI7TrJo7quGrpPu7aFOcnpxx3ubwQYbpzd3ryXNJJYnVKMc6hBxQmLoIKbyDOx2XyjSuPY3HnyYm9lkyi/UCNCJ1PktSyqMD6R4QhQ9aV7LcfpKt30ZV/y2zbWNXTCwNFJ7msYsdKI4dMdVHsZ6JEGhFd49OJS0GNV5g0XSTmraAq89uAiYaMN4aQW/7Sl/GqF76ItJAZ1Yt7wCNpjsXMg1o4NAq33YfHlxyt/EJaPVDFhawGhSeOq2FLkkeIh1rshv2av70s26A0H/na4gKbJf88CJf0U4bUWqK3GYKm8Y7NrVSAYGpN1U7YygH7cF3ICQ83v5VCy61VHAWn+OGYQHkwWmPcDcZwjE/86RZQMGW9i3n9I12GFHKAPHJJ8OMnLj5eM+mqzbfaHimXLjaSA23TUrUjsYRFE74vO7yMwEfTjrv39bxHCCt4WHwMzKa1t2npYnvizARl/BAB6gSgSNBAcbm+LIGJioo6EbE4WgEIT9FIvykIOfmFozXvNNl5YOo1LCdxFonRo6Tsuz0zlm07n5qHCguuBR1MAhgmp0ItW1rGNC5T4rK4PDbU6OW3uCOx8vxv3cdgrG7ibQE+eZUiLR0ZZwmkwHg31RismW/osID+t6kf7o/iKc+c7eTmQ24NClzgP/miOEeCfMcuoWDvF1LTmJJjyNyhE8ivBLIUf8Fbxk+Siyd5yJgmdRTrEPYaxa9AnMauDgttloRgfLOdt4QF2FCPboXDWHjtXZat8sC840OJdRpmtMYWkwE8xKazggsd47x/2a4KYuuDsqt9T+RsFCeJur9nfKeAGIuYZ/CboaD/fHVkWnPDSZ1cTte55o20AjPkuc50IahngTMdY9/9k3CwH3HHBtkO40UuczPlYEH3LBkJPVmTJ9TX6Am6WcSFg6rjm8SRIJVATxRyEEilv/mWgWHf+w1BXxAUCl0Qj7weRGAhTmdKwulaoO6rZ/IOTdCamzJezuQdCn/EQzWKFTy4H2jIWdxY2+MuCZNYZ2ndh73wimKVES9D+EDI6G38Ulkz3b2KWSSFxn7M2xOzdgMia90ORoNg7Si3ylKTWtNnQgYPSqU1LWNQhAwfLE+UV+dQgrzdYz+TbT/NYdqkX4M1eU2Kgq2VwnLXqnLhypYFnEu51vWeQMBh113EIrqj177adVANsDbzKmOjOL9Nzt2iOcicYdpyvLUrjz0AlxFQGIiJExsfrooaweU0QZCAZ6zubf54Axv6Seoes9aAA0suUBqB/gL5f+Vq8i+dPgWgvqhq4n0VCuPFR+YmWLc6QlQOl3ZrvduhoeQf4LA9pXSKMvfzlgvdLstESd2USkmIqwyR7P945aBy6aPYrqYdp9+nRd6Sby4GFiTUW8JbXgiE8mpF+6PCbvnvRZ66nVkQjIYmcF2l1l0TKf40ifHwcek+lqnWBtZoGeH5dqcd+Zgh+Unyjlag/lyQmTKbsr69uyEF+QMoPAWn/W8Wfk3LPEm6lP4i2bWH6xy/J9YiBPa1Jx1+RIVFxm+WVtMbdQLAeTQu39Yne/6gIDmVwTtZ6PedDxPsJzUwkU1hQUNaw1ymEMZSBCzMtEhKJ/zH8xBevHIuUQutO4Lx6XQj3gLB3OfX5xKT7xyCmP+h73+x6Y2sSv1O3o49v1Kh3ykwyRbbToJUx2+QhMiqR0pFDhd1wARQ18aSNG3hhiSoPLIetzDWCYe9VaMQ7rDDahIJUnySifwNmWYSHcNNX7Z1vPq0OhxdxhdOX3+wakSHDqnEbvaEapN338zKT/uEuSpm8ALpXgYKXj3OjKtBQuVw9lF4fPDnVOKy+M8cBqlFRvtX89WdTJulsJVwX4DaPNAmUNLc7TpiV3BTqaZDsArL+yH21xu1IN6KgqXJ7f6N4YVrBYommUwEOI12SH+ccz9g8qxq75XQur6nIWvn7kYyxW9LjZJGFc/yJ3w13niSG+1CGvw1/Jal2ieqslB9tgpQl1vXt8hwX6XaPj546LCoe4v1pAr41FyM69EK7rltLlXxJD81f9lSCsRh0adSqS3KRoUScAOxlf+W5hfqdtQenkESi7s2Ynoz83WrrJ0ekCnd5FmByu5Uf++SbVLuCjvJyFwGsmdg20nOsMdblmaWc1EFf8KOBiwtL0Q8GbJlfRsAzk+JJPkmrzdIlVRmud0T21TrqK9MamZZgJczrdX0HVTzxqDa1CZtqvX9d9p5Qn8SJ3clnjt7fJtzYy56XSikQnmQPCfdJwsrQDW7Fh4bFJSOjzDpXepl3TeymzSKy2eN9BrhlvpbYM0K/wnUqDJdD1MP9vkDglqNEUmD+EPAw12E1MQxDbFP4mM1DQ+Y0vTVtECiFvueywtSKX8om00XzkRdlH9mYGeJSChHf2Es7eOS2Q7T4Pa9QpmL7KKufhslwJedmpOOkp2zQS4+qYUNo5TsUmyEZ8gfjs2HIq23/hvu12W/EOd2t1QDJbyLDvHUo7SupBRLnd6ZmWexowyWIzBAoLYtswuOuHGyvUNGWunMs61InMtBMn41lqJhz8yMRR5P7rh8SeeonezDZ+9YTsFoDwqwFdrCauY7CbgpIK356cqQ4v5qqVVm3adpX4SJjEm+qjXK7D4x+/XSH9KysPYWrDIbpAj6f1hafRxz1oCRYnjcJqFfirHfK7Vss7b8h7ozDnECvPpTcGLhNmbNJaKjPAH+AoJSwThqzyT2m+ydUzDJzE6OYK65jb/F8Oo3OLJK1eSZv+40+25Mgvzom32v5LMmWZShOawDd4PtPTgONHWDfWUywQU1GpiWMU5qtBrCUXJLKQT+kvu6Q2cz41GwthiMfwWph6ueBbK7RxWpjwWGLlDjDX3BQ8Wnk9tKBTVBR9ZkbqRCaV/XMzlyn4xuDqjEV33slvU5ZeislN86wSBaYXzWbyOPntgf4jjHVGdrdSXRj47Uf/ahIUjzxpE/jRmDCwC1ERCr3q7ZVLE+wrWVoJj1PsX/Cap2E8pxwfFw6xvoG8Y+2h8N3RYP+saWgeG46CSOe+RWKsgXmIGd9Q5ikqjMMdyWKKhBjTzPUxEq1G1WpHF1JihXsUxIMJry0RQgJcp1r3XWEv4gpTeI0nOsLucZglDzxNg80jf0fwndd7qxQuqUb/bR+ah7g+rccyRrTq4mNWqIBxwG6MIulf7kvFhGjVoiS57xZ8QVD9UcUMPE8RAW/YYW+VEULWQvN6VLAvrUuaq9F6naNxwhgW0uMzMHbo4EK5Jbgv59tJ4hwHaXa6jznWF1K2zGD/u9z+IDewsguFN5BHSEvvvL84NBNVRZ9Gd7bJvOjwdRTRVQySMndktnrIEqZhYOJWyVooHgXNYl0wsJ+xF9UdivXvOrmvheIg2uVd/9rScc0bt6N0XOc/uZOZ9XLynUmr8HUYQBQcvehris5nE6l8kKy7HpdiQn8iIYG22J84GaXEcyvmQSVjdVRymyixa9qgULQObLUevJ14NjGvibm9UrnCGFCqtmOSuZZGGo1PeY/p2U1xc3iHpBhy3MbDM8MecDhHrq9qjj7JLfDU9wZ2cHPe/pYvp3PSZ2fZJB6vWu8/FWxbLzIhuLMNtxtbmdca5zux2WVkvLlnDU+YE2B+3Twn/LVKvX2Rrs7jrzoDrm05YSFhPmXwT47wr4EwD7LTfmmt+cUYqy6S/nglVRFU3miWbUsXOqaV6xUfiA8sH4HZts1VlPe4ncXeN0DdQMs4UPFJ6gr6N0uY0KHKgMkOmV7yPSw9PQksyVUOXxrbKbmTbro2VNkv9wZYMDQw1jzx1DdJPnMJdGxzZmofZ/Yl5kB14Y3C5dhJi13ILYyMRoVz3eTCUtDcShKDj4rhANUNQxkfTJOTyiyqhv7MIXL2WCE7byvAbiA/MdjrtyR01RgFCSP9mMULDbXdS1vO3fTVeTfCQOw5Y5nr/fe15M7MNIet76rihw0TZiAStsRWOOoLBFP7Id13DtxZTDBXL4KMQ9mAX/j8IjlmZZ0txCLeaVaA00PF34+qutMRI6yrxOr9b/FL0TnfMgP8R8ITKvAGPEbbbz5G/muRDFDFBAWQpXtqZQGznk1Ho7uIKgPv3Z7WMBfa0ePGWyzhTPrnhoPSoqVDeGjiYRDb/vrD9TmpQTgPQ4xWE0ZstKPZIsESW0NnX3IayM95lYx+OSSKD657RJTQpu4YfjkcSPJ6CeA3sPOyOqiMViqRhy1PpuGpFV98HtUpw1hIZNCAh5oal7Qwok5BcKpkH7HCNCgfL0A2kzS5A3MHbytFgn+3xbkFQ6KOGFkRsh6gYT9GOTuokSW82NpBVQZhWv8LCKTCPMV8FxCASitRBUjxmtVumqu2Bsfj1ELLu9fYNF32phtys5ZTbahQJBacLWOYyCTbRNDgDdeitKsPKE86Su27n0Kp/NAItz1WMQigfCyB92pgQ9S3zw8xbHHGaE3YVCuFaaEou1wugCL/LqiYha1Rp6Al9FYMeFRkPw0/Fxx1cBA+RucdG2bQmAbjr3T7nivVKSNGPTZVuzbB26oKggG4wPT8zRG9e1b5JxKU0dY0LZ6GffA4XiZX5hScUknPgTUjI1k975kiZX8LZe8611Lw1R93ShPStUzceKi2xf7/m5xoAhcsK0KGi1iOhoMus8u9wO51WJZ/ZAX1sUa7Qv3m4DR53+ZhK3DrwOd2QzkdyrpufMEkk8r6yT3QCyXv9s4dC2sEO4KyqQfR4FBFqBEUa8qwKwWda5Xv/pdL96nJqGgHV5nAR8l1Uygg7bRDoCTR4jDWF6BcnG6+OUFHBK+e/KGwNmHnbPOK4JHXens+rnZmXD9pO8qeIZh1u6r4jL1i+w9znFVOnBvbh289GFsff/g8j3dhAt0DCgfY35Fp89xhzGJozU3pEPoJmg6ItYt+uSdqCDv4qxTY6QueAjTtOOtatAcTpA8M6Zqevp/CsPnQmW0yexue8Lu2Jk92/SXeffAjBBBww3GDhN9v9dXRnDdSTWixMixkDVHRuAK1c9Fh1MeBKTqbUQKPKb1YX0cc+iD01/c7pJ7gaWviDCPq4cgF32eL8BDIO0vdKUZ6vOcUXmaxPZv2KiufApWWDtqFwzQFbuubC3UN0D1vZOIJlobem6sB+R2AdCvA83z863cKSRZ4Z1M8jGDu6xlf/AM6lVXXsAsfZEm/pjH8omNul3k7lG4mwaTvBXUAlGcds2gA1XfXPThpvECTNrDCawb9WO4271VaFXR/10kylErUKBQjoo7IZvFJ02mp+wN5JG0yii0n/klWChjMH3igi+mgxMPxvXqmd2wUfSRAqF9vpbQzPzzsjyaJVRsHzBF2RyTBn29ZmiENR05FdBKdpYD8zEw85qN59qjV5m2weBaCd7cSG+Y1ZWxYetZyk4u23F72KWvGzl7Jxc4ISf/Cjw7F31d6tOYfXtfSFx4qLHEJtrKQ98YCSBpLs6hv176Q/ODS5e/+0jCmRNBjh9dEOUIpXDbcrAzb5/9NdRllhCSwiwFfjokPqyppwaetEsQv1Y2am5uHuDNRUtl14JMF814J2mQZZrLQTAiT7RwvbV2btoMb0k4p0fhBfl+bxfdPpUM2fOcQwqxxCH+hwRu8gneE6GctuAUnHe1BpCQ3vkmYUZNSxw9NPyqzrchAZRgwVF6AL7a9q3cFXYFWA1UM/81GP4T//QKd2hPgImxWWAYo8xiZ+5nYB6mhR9z5Cmld8pII561uKGDUt/ng3F5Por8HcRXTF+Sgmqq8bYgLEmahC/9soOyY0l+ms+QupBn5pead8+TDsQjRISgZKpZ6oz6c1LoKBVShn9PmiAypoJMb8wE4Ovor3DpgxNRsVxiUxQqgpCqPfs3oiPdCb48ARU8v05JuCWuEcsJ0/p2b3cP6+4x1qvCQt76g0FyfTbh9psUkFSSt5YA1aUX7rqG0ME8mHas7XlNsPGCMrNsV6TN+LAbGwfO8S/wiUdyh0XD4xA1gnM8fCY3MlCsaylmUdw6qWhb9y85LTs4mwXbjSyW3HC97+xtTrukIJKa8VZpLGQ3tCw4a6yiPu3Jd9xtSsH+HTQVZZgJyYG1stXUDq3ymuEsCTPghaT9ee9BPSU+KrVIhQvcBJoJa0q22b5X/xHTmSVDxSCZ5AgERWRq/8gSlIjkNZQngPO1BzGrOx26eaLSEcZL3hjoWCWI3EwrDecmB18IDADwS2fuMyj2kNtWRhA/zqL5GiAgnTZ3X8X86PyOQpOyAl49urCo36dN3Au8uPlCQukC3UJgXhY62g8c0RaY5N2RuEz59XBoN2lOYTfelCg34xyd8CxZgpvMTYgBwXfv0ZP/vh0UR000DG9dg/G+nj9hs268GnqfTtjoXl1RMuC+sYuDIn54KXL/sPrTLYgFeorXeUs8Q8PncfFmnImGEYKQkm5z7cAWLAJzHdvuVXHcGvPzunHdI3umHnDR2RLcD00tr8x7kS9V+ZvAqsjumsle640aa83lUPe1uMPpPCFscRVlaSpcOWglD46TA4bsvM9Q+O53A/cRJuABrbBLKdVgIwsjm3Xuswn1faldXqZux1t7h0wvVHQ1ZvrzA0NtbT5rH2SiWDZ0rpmoy78i09zn8LpVVTj8gfGdE24R4/7fxZxGHSj1XJxhobCsUPO8ErlCoHCEBoCDSrwUecoFS7OYdJ8Z1he6kjE05tdybJfskNkxxF3+tIt2DRiYE/s1MOGBjg9B8OvKNGesi9DJmVxpCWzjrdvqHk7hA/Lr+zX1mvOkz0egWEP+oRKw9DbaXVqqJBDOnDYCpZnauA1+pq4SEpWbxUtKBQrzYopxa2NKGMSEpsguyUUf2yg+I549HEbddiDOVLuv/MBcF1nw3o2BL/f84GKwHT2zObE4ooFJ42KlAgj+2iYKxhdc2JKZhIPfkW4JW6JR8UGl5R9EtGSuRwEcV6hsSACXazmjL9ptrTCfApjZOO7MFi6GHxAgYhkY7/E/n76hbYZvjXpJt01bQ9JST5GyyfRJ5Pyy/aI317VNkZJsVka3GxbM6q9t8B+cPQqqlqeneuNcmE/pUBScjUTYJWtlc22THRoDJH9ZGy7nPzNWHWG3ekV52WXeA3y4ghN49xESPo4zbzW+S7IdEkgNM9h3K0zvoymt5mPlmSoHrJ57rsjnKGFojjFIyC1rfNGR9IDm4wy8hik2ZN0dre3xN6GSy+PzwNVhClnVgKn68miv6ZbvKAWB87ZvbZ8F2Om5T3M0eH1EhQ9lOXAcM/WmAdKURsrEec9YeXOXHdMq8RdBxS1RRwPmwnbguUHZxHSdSTJU6AwYr2afP0eXERRVXOzxnYDDzCTw5gQAuW1LRwwSH5kvpQqjH4RJaE4uMZsQIxg7VhiBubJwPVML2nIp+poWtbHbTAr2s3dqvikYemn59xEQs/mmFXE43zDiZhtWjV72iIvQFwoluegVmRMgGH+hJ3dUJvv62VB3HFThVqGak/LjQx74pIhEry89hd0DueyOB5fEaJ9DfDi0gJtJpvMthXSKWdxYfFxmrlfMhXF51mFO9p1qIZiSdLxcdEVRmzGzenye9YqygqJHZ7EZsD6/LCl7e1KYSdPt1MjMm0B/bF1NzkaJHmTezzGOI9BMisBTRfGn/mhoN/VTaE+vDLc3F/pL4KfslIJrB1Cmqa1tDtLMaKRm7FcuUVzd6aQJDNiGHKEv3BrnbM1tMcvbBUtZClCuG40tpD0IY1WwfHYi10qGjJHl5BGi069WdID2jIq/NewB4q7lzMHKW4cqwjFYe18j5Vyhrt/U0XgG5gFOm0+Yuw9b+sTbNbUEkaY6i7BvOasrW1yy2hWsfbk7ra5B5KRglsEkGcGhZ3ezGugqO7i3blZonczOuXf4dgRh+mu+0PcWNBtzvOCcfG0COMFXnGYjbXK3Avl7pcbEH1w7gjToMtvbYm0HGUyfb4PwZDyFVFF93poCW+gmta5/GrxUWdOtKit7l15NulZcKHr9X7V2yjl3FOyyhvMLdr4qsz21GgPmAGkaHWs4lHK2G5qhhxG3jlXJcP/GDJNSQ0lFppbDqMYoBHTXci/D90+PlDrbdB44e7j8RITThyW4xN1yq/J+IiPb9C9yvXqGEzQURY7jVT6qP1rW29XhD9cWVBKQ8ZMdcTXAdmUOYHhOT8QadE/Sk3nukI6gDu1Lnzu7kxqqE/MtF8HSukV9TCY4wSvVCMhOxKXbXKTMQAyDRR2ECR/6arUwmykmmkFShrUs6WmRIShON56xeLJYccmkdjlZSMsmQnEAiqpNiWSDfRunInXpd1CDL06RFQ6yFYwkmaey5Q6U1rOxK1Rgrho9iex3PkdZ+jCfN34jwhVT51YQzc7biKa9zdCWKiVafKOannVxtEhD2fPWf+VjSSrMreq1Q9Z7um+Y4YM76kgYQMgcBhcyrh51gcC72CX5fYo7053vZxXYqUhuim68krXevoiSsJlnopcn7iIckSnTMNWUNyTOh9C0A1TNyHTx13ip3kSRtcL7pe2qYHLZwCU7UXVlqyyVM5F1Nxzkz1VdmFsdQrbWKxFtZCuBKc0ertJGoK1mBwNVXeQh2QgX8EY5NYz7EeufWkG73SuOvxoiDqkLYerIxkaW7kdj/j5v+cnLoz3SLAla+Mxu8FD66SOehTTyqFvWKgyJIZp8qkQpM6AVhj9MTtig4QQ7YGaN4Zc8dHvIT9QHECSOK/1tz24imDfELJ+JDJRSBJpJRHkp6Zmaujsa4Khz2SQ8XMgG94Npjqd2sngvO8ZVl/vS5orrQdEqee1QYw3ZyCHrvT7rHXOuGcuVpcSQw4JNMKaHUgbn1kUy1tZE2mXWy7sbx2/E4P8aSLvp/3JI8C31dMeK19W5FmmCBN9saXvxzlW/kUIGrUX1q7J4ejHx4Vi7yBfezOF0lr+Ju/2RCsYNSuN+PZbYLTuld1CRNq149H68Kvi1HZzbHVCyj8ELvG/D/CL0GQG5htP/UUsRZNt+//AZERAFPbfHuUJcvHDLwnaki1IQF985OmjKqIRsITzrKeSoAGHE3BQztA5GGkW/bYAUTlN8/yYoyzy/huI1kY5Nq1CMi/EZKtzaq5XXNlXIZMBsiUueM1VCVkOHoBXOl2twHaiVt2T2tE3WIwUvXkBnHZ+4glTs3lltoFe9BF1G+jwMhNdzbhjjzSZ9mXYi6/YmQ2m/Q06PjUBnTGAqdfD/lhYB/elN6lZagtXziUuA6PIY7S94OQi3kXWSMrWIWHReXjhBWSps5EtvqP42FZoG4WH4pGMOKRX1AZ7V+9q5icMVr51DKUcJZ9pZwL9DCJp/OToJ8JJGhle9D9CsgGdBtO56Bu05xDxHhCyufZmF0/qMi4+rv7x8fES1rqb5incHmWpSXktzAvpTBcLxYWlG7lUZg6DiUWEMB3LxYNvlmZS3vIKFOPcrvCPAECnVG8GprLCEeX0rlemTZpKP+l6QrmCNNcw3kOnhDYheCVtDz/WF1f2Z/qI48FEyi5Yqt4U5IsU+dEuenASDCRwPGc3uk5zui+qQ7Yyfr2hbCDzEAvXKshaSEgkPjdwOUj+3JwSyF6XbMSFO2iQAAn1h4w9I3DhXrFAfPXGn742ranTcJtCVsHDR1bzArJZHeTgSltIhmitb8BQmAvUpt4KmfhpB+5YP6CbN0OcbVaDV0BuvuuKs/gxEP3V8UV2bj+nrPeId7n383XpcBSsmyeE8Rlcv70DV4BvNe6qW0H1LscS6qxUx/fb4N6yU02fl4yRHQth3ZtsrouZa+oKkjg4YvfDShSskYJCFDQH1+hoqOup8CibiabpYIfpXD0yVKn6IrSoXKmQNOk1NG9/HyVqxx97wDyYlGUPI4VQNHKWtAm/bKNsm/ajn4Gipw8hCW5UgPSHofrSqzBlg0T2+kSM0F4l3RGORm263Uae+j8FqWqzr92qGObS8RGZ3Hp1S8AY0ILLBTs+z3mNRX/zYq2CVicJXVjkuKHk7+6EOY9CpVTV5JgZApECLFby4fZS1JE0Xw6JM7hoWWRyEF8/4MgDsb3/OQ8JPtvloBNUGl02dOSRE3+1PtPAdt9ArR71wqEsjryYTQ7jptQu6bF56SOK3oYhdkNcTVgBc7CrVw2oI27Hnv04IpEMRtRJi429+vSx0Hbi7aHD2RtkO6FxfT8OU/pN5nLmNv5ltNy95ATadSKle0MMblZZxs8JanrSTeJ05+9e84qr/GNojXowTUd50Cb6WYggZ4JhLg5Wl1cnUsDgGSFFZgUoau89mvO8p9wBR0nL6ok0EBIT8W/8Y1Q6uIyAhqrvsfwpi5I5rrH6qqTEEqvwguUudjnIdHq/wgOgH5fqQ7JTGcZ7VWmqyYcOkav/1dRiV8ljrqNdpBBAa/Xz8QcHLQWtWA+0GYpjet8GMgf/0DHEqLqmQh4PVzCdVxagVAnncPIWEMelUNC+buzcWwjiNxGlh7ut2W8D/g4drqlWhBW5e+hDjKsjSmwbKO6K7KNsZUmxtVj/PW2uGiKdpAqWOtsOq+wRUNNwCjPMoRaFROtWbeLk81Kc9eEYo/29PJUPfRgBKO/g58arMsDKZZPT6+XdmQfwEfflKflUBAb4Usr0Ay9QCXu2E4We4+PJo9Id5/NQLTLJNwkgrcSAocZOGgLQbinNjdAhyC40qc6IcpTqlTt3jKW5R6gLsClLkgZR6Sp1TtNvyL2PEqB0XOPUdTc0TmCkG24F6Emlkt7KghauhNmjggGsAA7cvcv/Nmlg1o6Wb3Q1rChbNd3u85tRQpStel4aq1mgaaGhFCcm4F/rAZ6SKmkCgAck/FIEGbSTgytlNMDmLmvnFk4Gqgh6r/b3MKZnEzrYul+9EQ4mvvAeYYczpqeSHTakOPmZV4dJ2twSQSwLR3wwLcGsZGIIpegaRq1lvqAU9W60nBLBxNEmco2mJKOAAdc5yaixdQzqNT9iWGTtUQDFlNuxy6C+mzInAJICF74By2oMl200MCozNo1Fr5lQ9bjocFBkJ7l/KKMBAuWcnC02s2GDMPyKO6yk2yHq20ZQ/PputDAZJTH2fD+DnaUBiQgILNel1vaebJP7zBXvgBbjWYiluYzyqjaVCzoJaR3pnp2uRYHqRGya2gn6VtNQ9qwP23uOC6XvPTYJH10CnTZoGE0weUABlmLDma3rT1zrWR2NBaORLoYSpjSV9tG1N4OQJtutRU8ROvo0q/duY5KPgmcNYpppsguTNEpwazRrgUGMxFELWNjzM7VVszhTLatV7zzPVjd0e/sF5j8sSKy3tAIeLnEtBxDHLo0aphJUb+CN99QQB5wWuHr2qzWv8VgvdrnG7x4uZUnANSq4f7VMvHCGJZ5P5jE6kGaktlFJE3JvsupwlYzDwqlR1oXKLwCIg/Dt0grGJdLwuk7Tr9a+2XvpFlTzHtHr1RhjlrocxtaIl+v2Xzb+ETP/uxfrI0AO8lQ0fK8oL8Ppqpv6c8H8cIsXohNGmAabpuh4jmO2JZOEvkdyFSiaa2NtZDy4iwlEk2Gan7BFDaUiqlqixyH+KQdojdBPrtlbGensUsXFN7SYburb0FFuezPvBesiApxtFKtbH1isYkMAgvoCiPgOD7tmKnI1fYQfZa0ZdY4e0ZqzuEO+VsqIM3Bz2IciCn6oU5vpw3c5LaJPaHfkEiIwDukfdlcS2jTi2yN7gMgqyBkfLN1c0F+FSFemSkqLpAffIBYbS1jyIjgqAPAtZ/17/DuDJrkH6hW2GHrf2iiRXiLbAZREGD2lXeCmhl0xRWJrE80Dq1rA+7E+bjdjRDXC+FRR+/aaXWKWcOg8nCgKGcRnHr4gJT/16flmReFLJg/7k/va8ro/bdiUgjeaJrqQorpLpHOdpylGzWmlms9DmmNOwhm/I/WJM7S8cKhtKXJQ53qG3pf7M/84u5gRcpx86T2fvRPV7d8eYphhc4Kn43eAlgEu5pYoWzcX+mZGj815moGPndMGd8oPCzq9BLpzBpa00dVOq+OhEP8GcKTUybeyZt9bdFqTZn5nxE0NkPwND4pxoMzKUhoTulLhVBG3XZjioBWZFi7oAH1R0FtDno1UolMxIMwViolmpx0WDg5se62LWPdoaVa57aoThdyg9jmcSkyKgDOyFjib9MlYF8F45xDStwCYAskJPfi+5I6eay9b7DZl5D7DI55LxTGavXbYErf2e66lA5XzJf9YgoW1zieG1ZE5zbnG11h2Isn3ELqBxMxClT7R4aBdabUybciTca3R31aqbD7hPE6luwyLGO1Lrwh7ZKpOktvIX6j+D1SApKHP8+zgooSMKkF+ArMdYqfan38Q/v3s+a0JS5+Ta/ro4AXorh1YRGX0bVR7Dirge/m6r093rRtBwdwkrg+EmHv+24/UepDqqXsLLvCphvz7Fqgzc6H6jXGh7oxdvmvrdyRx6T5bPeiKBc4KiasnnAJ+B4Z4cTF7CKQfyjwuk1abcUR3d5wSBYbezqSyArKAJ2Q3VYDEi3GPEufNk9uur5wvGI+IQtqwUI0wR2uQ8uUA2/W4DOXIVCI+rb+F7p4uRElrmNdQfkLIHeEy2f8eoK+Q8mCf1ugqNujGn6895Pvqlq/K5olwIhYOkYENnNBGIJVn0mLvEZqknKmGcTsv/arGm6pG7P2TXx+dizZEJ4gE54RXpUer9qQBEGy3Ljm9LOSc7pYbu25O0r49A879dZnYpdsblx06+zczQY9QPgjfrFtes0lC5whUX36li6v+uqmTo1HbXpagoLBm53x2hXx0vJTA5ZN3Glg/79UkxqhMqOTXh8qxsl+ar46FJOWIH04llG88POS2gDjcxWK8bBUdXRg9avA0RMLhJSggAkO8B11aZv/5a4XzHXhlCJsnFs4/7UdJmmYB/RnusNK+d4xmFLzVmIMWtx5GU609fro+LCig82+DtPFAZ+2GFGLXLjzo0Uuz8d3hsVqRtTqHF7i9aVkZ5xxIvumAnZjTxEA6tx/R+1UAQw9S3T4t2puosORqeqvuvtqI1w7nVuprGBsnCpgjSC7zJKx8WP1y+SFAB6pJAswr1xpyh9gFR6JqNr6d59FOLHMNo/AI44ppqoX7zpmcbY9gMMKlilspWOSWxklrTSp5iE/Asfkz7eKbsS8S4adgjFQD/MnbhFrypn8RWPXXj0BVBBZNulC5/85rhT3iocoljHum6U4mPuCwrK5QwHlMzMzvJlIhqUDyou36aSq5ngjjGPfxK+XasD5hW6xp18OFv4V1sAAt3FuJLZRAYTHFak5aCWlniMUn7+EF2S4G5h/Po2xvPUAE23bLVh5QggrnbayCjRo6E+EItaBiTShbDOd8D1P+5FPSZie0462W+CKImQ3JKq3/lYJCt7VQ0Yy9POuNJo1JyWzUHaEgT1Q64fj2QgR7hLiURN/+FXVKMGZRFkTK/1kr9GyBlUk3QpFxVdM29AANJMC6RlY1qjC062Sp0EnlFijB8oV4Llrn6Jg9Lnb8hQ6dLIkAfOs2ZqX22dNxGd5hC81JXTGQIif7nQJcN1d4s7kOO/l8GCRFfr4N87NB4RWj7H/qYeqrVJu1W1NvAlFBlBZlBp2Uilzgr84DlS3FFBlJcSe1VmWwOJYkTy64RLHtB0qOXEaPzx1DqKsN8pjYR8xsH/8xU5lXjuVm4w42ytFugyGQnnMCDIAAEd8TrkvnWgMTs2Kcnwk/ZNnRhiOGjHTuJflJj+QBJoKwwmOnXNmT68EioQ1TCSvC+/Gb9SssBrLL/NBQN36Vph/qQot9+mMsVPbAgMrZo0BUUpMoyV1Fz+foTmmdsw9FILTfNQPcuAoM7cCaSD1hmKgpI/FJDNiHzs2rUTA2CVUC5xe+Yy+WZZQzeYYOCPCfdH66Ch4EBcokfVHS3cpjzmjI5OkjIA+sO6qYwGaJ7EhSXlDavl+YnNsp4WxwxZ/Np1dUK43mnbBJ5BAO7qVvfA13ntTnBKVUt4p7lxqmQMXeGk9FL6oAhHbT0GYXrLbrCYeeydXAYl+vwpR35RxIwYM2OSU0BhFn9YnTUtAW0VhosCNzMHCaaMlB043m0oIzFxctgUshgkNy6XwNGJtu31k4pPgWVeLaIEDik+r2qhRhz+D4fHfGYEG1c4we3Fuy33DUubWU8svNw04MwgNwp09lIHD2LQGK3M8utpEw8bkIh2K7Q3ACq+cKBAXAqjiFpPM8UdDP8NHAX6EdJoSTnL1RICLfki//tyFzi5SKKCH2f6c07dqOhPeftwd7J6LlpJLxMmo/O5zhLFVwO9oqxAdrg5zc+j025xqbTOGREfPxmwo6zuqgPaNtChi8hqY2v67r9kPdbMV3HbZ9myETomyUz2aEBZM1pZUbFpxZjDS6IYjbBGpbZU/wLvVacNpcS4jlDEknQSF20jBqYU0Dx5kvJcRBj3i7vRpBACg6DG5FqZetqNm6qGdivqrWJfVeykOWrDGx/3MkVZZ+DCZ+694Zd00ijZfHB/FSTxzArA0+rGqYrYAEls1qaM4oWxQP01TFqTbnvbKPoxOIqy46NOKoVgzSKvEkfdAi49OTGeqbt8IvNW7g1dbfSGGK128ysC/FwEcm3/i1lFFX94ciZwIXHe1jy/qTT0/mA81nAL9ngJRWo7pZ4Vnwp77vge2KlXqP2NbBW8/E4GRSzJmkki3gJu6d1tllGa15z/Nl+RkPC4BZQ18UjznOY93eYN6Gk5HvP+5mndVLXS/hMZcTPuw5YZI/wve/BhDuT956d9LO5bDuV+YgXBPxuLQPzy2ahcasXoM3Klh9/6qCvWY2B5d90h3+iMN6cDqbcgWgdToZtcbVOWPO2knHdVS9Z3glJDWdnFn0UJvg7+ODX+WoPsn2ohqqTLD2DI2jb2OaLzP5+WlzupSZEQhPKKAnZvRkV0ZVjhTJeZm3T1q5ZHwS5R0CMlaMxPZzjAmLXFE/YezVgu2ADuhsUq4mmCs95uhKLtMvto9QdE0elvIhi3/edWHWPmnOlBqXlE2Ivz7aRHK/6vlQKbPIjjIlCNX2TPUagdL0wmMzQ1YAWavefpaJRsYnIZK5SahiAyCAXhFqnIDpAeXGd2KEdkHWMlISTcGmccre/BY39zZ+QZwv8qGjZaTZcwLi/mrp727eUaeQDbMCAVRULZEmZh26fW7WbBExGuIFtVKcC73KIFaH2fOvbikF7v0fVXQokSz7J6mOXj+IcV86PScN4drtCzSrinlI9vbGhwvKy3MWoXVqdHpGKeZJw8qBvnMqz2IYWcOec6oTPnv39iTTb3PJqwQCsKy1oYAnzgVs2KVDtvMTr2gRtj2jtVdtIBzqmuXUpQhlIr6ZOjqIzC9TYJHdXxSSdLwdth1S/qsNhABxsjBPxQWRsydMqmoYaguiq685UWaoLTtRlixb2py1S3p3FKJt19tcGVOo5QDNCP1mJJIZD44j6B/glH7/P8AOBbczNoYeb7MMv49CD3F8FLRkszgVzjxMwJv3KCTZrty0xUJ+zyJZY+/HVzrmYemgpIaByyM5IRN/fGL9xIsJW5uygLbZV1TCT9PYhQHzMOC62Qjpnd1R9RMM1q/OuQkygGqBDiYOWsESJErMZnLSjAvvvTDE5xhLTdC+dVpMAn6OpMkQbh4V63eszj26cjQd4yRixMMr2WAcXJwqbEi83hYg1UqxZaq91kOF+zd683tm6ZMmaoHfudzjG7dZKrsw8gUuopqRXzSNs6z5H18n+tULLWLlOigx1O0vZSPBiCLrJtydWSBA01H7Sl/UwZWaunhxY5sFwMchUOJLiNtz4b1NJVJ5FcH3UCIwl2gLw7Lefs98tjVts8jN4WJ4RccQE57OcvPT84EaX/xQK0kznXL47vzgMQf6ckUGR+pC8zmbQ3vYV9IMEuPa0fulqeMo2tkiq3RUk8osoe4dMauSuwGlpUkIC05SZoHofMFaoXMV+HJdEoFdwmxeO3TWQRFGVIXtbUWLGv3/An9fnsA17zTekayKsYoamEcuG2H73Z1J4p//X/xPyeDnqrK4oayx0f+zAHBCBNELvHhW/hArUWkIsqKarSNvWQmudGCk4INeCkWgXJnRLKLw8W/nd7j8NubK0aDzh6KkEMrVk+ZvV5d8GE0vAwWJ1uhjR+TxEJkfqwU3418h/v8IH+4vFU3dqfuLKUC0X79Vck/0yyajqevPqD63cd8y9HrryFjCkih2kdSovOtXxF9/KYFbyKdMGIOaB7swwUEcZlM1k91vJSrmcLPVm7rv6D1tZWyAzoBTMz9iqK4iR24IBjZrF7r1eCiF0j8/hJ+Bg/q5OOhzBTxeuKOP2wMH7k6zIuHZIURKFq8PeZkpG1379HfZk1oczQKaFdRwBfzGfe7Y4hx5QQe/RdetLOuB7W+tvp7eE9v4esnM3Yz1bbSqpxP1S4MGgYVV3q1OPafm4jbgJrBzL9Fn6EurkcamjMSTr4AOt/YSL0EAQGMzqeVLh2Cf1wsjdAlrYvsCGHnI4t2Y+0yva8z+dOhTsHlS943V7YCEuoUZTXGiaZ0uj+yxC3vAhGj7ae8vCe7E5+rANhmq3D5S2ol7vZkm18E2aXZYefZr+VLw6JRtZS9ixH6k+uuCrRtXunxhrtb3dX1nclJcNycuZXhPiMCYaWygc1Ox4bGQaotwjK9ED4FZ1iIflavCgbKECgxc7ZqGfIKfmN4eEOw5SCOY794ig6oUDK4EVeYENFXBQdnbOug5RCWqIl+S82It9UTbgEJdop5nIfeUkEZ6jqy7W0djRFqHjhkvJzG8hoWdaI2yGfcxD74sXP2qT6DiyDXHxcTyZ4VdUyj7l90YL3hMNJe7YcQwd4NgZviCWjBK3nHpivLZ82/xQtz5V5jgPimx7Baadig4DJsNaQIk4kcgb1Fy7sJT/npjahH3h87MuAXjDmB1YscDFGKXq+enYb3Fq9vSnnwbFYWsR5274qy85Pq046FmF8coT6E/3xiGdlugO9DUXsHt2+SbNHlVRm7/H+0EOqWOBR3HE7Y+IVCy+pgCxlMUpsBO3zB93r1GYS+xPpTeVCKF6qbwEFDLfEekDNmcEFTw0WA6Pi0hpYEIHm0R3/crrD7Ulmxnm5fekx/f6MQ5sqKLi5KB3k9hXSwF8mSiBF/5dxZ8iSkcZB4NxeyAOk5bAYAqJoqqb57keNYNUJx7CgBA2/PioWCII+wiLlKZS+OleYQLk5rLWi3Gbp5+qYCfEwfOKcphiVzpgYmw6gL9BC37SiCLwz9su0V1Xky9k2xrp3YhZ69mz+iQG+khntXZPJWv4KbY6XpjrCSwvIsj5kFN5/WuWi+1OVioVzAo/Co5xqB2j2X2Y4eKG+FrlQXfJcbPJhcY4tF/It723wFaGTkPpf9tlPmhOwUDfqTpjA9fN3IuZLYMUaAejaqfJGBlJsQH7OLW0GNzw4fo8dw0QGGo1hzLUciwfccInkBy45I/jwyTbjh/JHnDUdGYHmxViij0pNCYexXuPgPYz7/q4w1EOQsNOMD3cRu3d+dtkRfqQC/SUjpfMIrSJji0gtg5brqh6RQGCv70ZuN354MlrLBVLRQFtQcalaPL8VojaJ4/VurvxLbXzxD48yT4IYqpvuBirrRU7DHiQSsjDC4afr2nX9o6Tqf7CmZMUJbKiKWuuIe4b3UPAsfmSDvTzskaEsi57PvWRHQ0d8lvL1VC3qxVsaa3nQ+T4j3R7MAzEAAAAGNu2beNj27Zt27Zt27Zt27atDtFBrr/8j4cXFDMwRwpy/chS54vtWtwuQiLf5Zmam4CYlRA2QRDlr5qenx1r4fuiyWPsp0CxOL/waefM6Gcz8jqAaxonElVUgIZMFuyPrZJrCzrosGTe+p+mQshcCfwpA02LGmuywZPLznBQqdUoassHQ1WPJOhYLYw3c1dANdvBe3wXbeaYMcJHlbFjmHnE33PRJON4PgNQoQGy5Hi/NflHHVUY42Q1DEeizvw6Oj1fG+MH0p/ByLo002+ecMRXQL3bD6SKHeQcw37ALKcU06vgS5AOvjf3/bZigEML8eAPYDbC4dvdbrkrMCbMR6GKv37uZHjpzqtJkBcNp44XDHmpRtRsjGhuXHMKgQDP2C6gAP883qyfOAzZZo7+8DTMSLuwnM6+J0mFPxHaF20wiSm36nUOlB8CqI5zwq8cDHKm9O97NbCawFoulyERoTO1JVWUw+zGxL7BNvWxDuh5tnpDIFIEdOvlB6sd8JHnT4pjgmQbVprnOysst1z+FxuELolEmj5+AkOI3wCrbrvjqy6ySWAsoXrVi4rYOfrJAoW86gnj3DXWP7SuU4/0LAFcOdakGMGgYgo7yCTytVsO2HJ7Ct73zL9StAJfLG90eadPlCjlWxLigGzp8GDyGWZKdImKHb6e9wz9/ITC0Li25kckJi0PFFNx5ZvfQW8cDnMX/DQzPWFsrt/lXZvg4ez5gVX6LThhrSityI3DARwXDMfYXOfLod33JWob2VHYH9VcIL3ZBTHTyG9bF7/ewZ3oQXrlHpHnPXWXjwb7dKYcrnFdEScI2ZehLF3GjvYdH/am2Ai65LGSc/Txv0ocnBcLjz8/0gAtlygbyCeStBeF0AI4sIYA9zpFu/CQSkROTvjQEgTLg0HlTqoKy6UHANOtuz6WfaJ+SSqpMbjhLVC75gCkRrxvA/Xp6PO2J2o8CsXDZkGvhfrOz23RAv8trRZmgL9sgetXjR2ipoh49Hqy1PA4skiyPFkOnewsxEdN7Luw+MNAPFtvW2wZoVqazZYmlvsuEY8gNtaoz+MT7P4PpkYkgMyrzXWUKmqKsnPyJjOUewIOX8hi7OdpG28/zP430Av2ZSZ7QT9Va5V84VYbCiHG4TLBck6mYC+YAXKQ1HeDK67dE/54o9rmYKShiO7wi+4GtXXWkDrYH3HzFKYjf+EORK/ImVkuw6lzVK0vAF7IlTEIRtOP3eT9PuEctA86CM03Ie1YPpr7K85KRlGP8uGQoVGxn8UU6S/Xf8ZXywuIZ34SglC126Qba4zd145+m3Wssg8Gt8w/aT37WQcILl4AZ09ITMso9Bl65kbiy+f0gQE3ZgBftTFAvKYzcMcTFXdL3m7zKsQS48AzgU5CsvDF5blGL7Tv/t1ENNXjzdMQ7WuVWKLeIiHMk+pBtgEDiaPtR6cjlyldkgzYHYEfltl96Wi2MuQ+OQVq7KJNJPBg2GLZhIUVj4bugkgfw3TaqO6HTVBKaH/1RCAXwSEP2vI21os53nyZGpdSn/Um7utWRo+6zkdwnpepy/L9sjzxy88n75uyhUeIKu/MyGgvh+Sw/n7kG+QMu72wB3DvJMW8uVbT4eZqlzOVXYaep5e2q5ZF+OY24Sz9sWJahCx2ej93HcFwpmTFWD1sNIkV0H+afdaRH+Y7IhZfJITurms64fRvodikRV2cirFA76GES2CjWsD1S0UrB2I5iQxf8LI6QOt54NnXPyJfuf26ySb/1uTX8m/3wuj34EeCbqF9+UZVeYXk2hBUOk6/pOBpc9OmGfk2zD/WKR08IrtnPYESxrsy+SfP76bV5/JZYTNfFVbd/xRKcDx5zYuz3fVNW43pEJEzi4D9gVHqLX9k0uCCUAp2c+yBtLy6njtGFpFwz4ocrepX4a/ukzNMKHFUXCRwbXTkK/fTCopM4PZ7EF9IoCGz9s90a7wQ3br+5ufbS9PbN9sr7P1J3djPXPvwx2N0zWLiOEbggDtJPVztAt0x49SkZjTBR4io0d7JRMkqs8Pd0B2mBpqmDBvBD2WvUBW1aqQM1nwDq7uGQm/OIqjyxrdfkj1SfV5UNOUdZc35pxbMkv6xuP8aWpYrg4i2aXglgmXSJRv1sBCuwaNYYVJJcQFIgIeog0Tan94iMlxEGZ016UfQkHbWGtvylNsI+S+I6sbGwT6E7tV1g8xt6EPYha70+KuaqaRlM60I5HQn2xgVgcBO29nYzIjDz4hLGnrSqwLx2Am+7HN8V0r2Nd3HURfR5aviTiNaoDkHUI9MMMuD7Sflqvc2p4CjyP3r8fPzWN+y+g6jalhL+COe5pvXOxxbp5zMu9moTnr+FRq2l8tMLf5EzvmmR0UHEpdlQJgQ0XY5lqG+qCUpIeYGR7+odIG5pQw2PiFs+kvFnM+vJD6CBb+m5qamhbuqsQfbTfw33jWNddwBZLHpGwk/YRNuOCGSiv4wF5voOwxiHJV5W+laOgUHTDbXbrusg3RL3CDbH0K/hct7zj7wblaZ0NcFsJc0jYvuPaAABE5ZZb1Ss5IyP2V8uTG06FI6y8GHmsT/+YIYO7iY1VFKW1XWcU28ztNKRbf7YHBzohWYF6941LGLlw4ZbEsO0360n6Di01YeDcesyaeYzQ8zuLsF4s8J4j+KMIlB4fXkbG0JB678HKXBO5fPVDncBhnoZzo9BTS3CVE/Nuw02HM9aT10JhO7cAyh8LL+jf+X4tP7Tu15Qg/y28TF+ll08eQQLZdB4Wlra+Xe9k2O9EtL1K9cU+Az6wP820N7ukbcinidFl94GsRX/E5iYe5CgSwMMbG646Z1U9S0Mtj+yS7pI+d1Bgy6glBxw5uwbqF10yghjF6FwY01v9yninnZ7XtLuiKC3AEhs130CIeRzEEUj6i58rjtOGjWGazFbbnL+fFg5/nm/w9BWQNyqRfVHr1iJ8lh3pJ4Fmi5VZ0rRbP/tVBq/p9t6WQ38DfloRcaGqWkayS9a7NRHdIICLQ6mTHH6R1Sq5mSHOSwAKbcjSmxMcB9B8cuxzHEgGiA1/7rHzHTpSTfyZyyNwxyhuuiXHpnBw6IpAci2vW6mM/83+U9mlD6xgmVUTzqZl4HIUzOqwq/1WdkZALP5hvtJytAxAhI0xgeMqpj6wQh/+Ktwfm/8/5cxjVLsRmU878o9JLG1dnsqt5caEGPtEEZ7Z5cmbb49KiUzPWJLIY+Qa33Q5rVm550Kp3ieUocDtW42qsxm6fH+pMOnPml1sUnAjewIW2htoq8NKqr+RQ72dlPDK/DmTHyVOp75ujTgSE2lIhoveUDN/swwE2o9eVwqwE+zkwqdRsAmKjCK27D1lwGhLYttKIzpwSrEVcpTPYsqsKRbjj7PTO4tX8/XWPE0WGIhNzc23tdvUCqfZXLDlJ88rfQKhnV6rGxwt8GphDCzkDgawv24f74u1jjqxYC/psmFNR6puQeibnMPAor3T9nXh9KXddlyFAC0xotvGIwMLNuGJYc1hSGckBrQlzBhQ87zBywcP68cMvXkGGQfiSsvjactXtt7zg37kd7iqEPMFlAi4S2A/ljv/zDUE8Keq/69y1cca29PBtI741jxU6LvBKLgLL3f0+nB1bbeYDJxcvJwZ7RfDyIY41IlDjEXyphU0DPaEEo9uPOz887STo+OvgrUL8nsVBmIWc8u2hQdTXyYpF6Ml6qzSMBsz7DCUFI7rnVDGcGuiCwlQsmBFJUeg3t3mavwm+28XrL5c+OsUZEfnAUjC99CS1B5XVkrAW+eg707cyrcabCOiD3mrttLaFz7rpwKOFvSwbpq5FTuvYO+idgYiG2PNhuh8QIwpMeVxOpdMVwHQARo9k18pF4drLUk/V+g/2tbY+a9EpzMY/Huy0svPWeJmZFvxSzHXr3HVJ2lRPEDD6WKusqNKdP2Uq4unU7SsjvgCQ0hHvgTaWqoxjWZAJJpa+/qlfXzNtWLD0JmBqX1n/WtUeYAfsAaWIQVoDftdZLwJbiVkuVlrO9iuE9vbZnvUoo3FlXbm5hRHkqxTkEbjbUtAS3lUAxfg+rJN054NIFaXjpnj6lK/bKSC05QX1Bu4lig9aTpTKW0+WZ2BZbWK8ft+/wRz6FhGwZwo57gBqT1UpD8I+/0CxcAh3UWboji1RjwIZuLDV1PVShoIhtw8KhGiXfFAei2kHQXWQ0bMW0uwR3kjstyxKzBtqwFms6FjkGxRJ3yff67Ci7VMngRLPOxCzjxGyADaxYEETE4lK5B9RkVIQFMWSBVYCDCbc4v1xSuXRJX2aVEEo6TbRZZ/yPOUAyGepp+SHygBRClngCvZxCIU924SeMg10vvZ3+IrBvCeMaMij8XP54fIEIm1tiQ0t/gJGeQaY2DV+ZKuM708AnFkId6eh/2ofBPZm13Jvv0je/do3SG5CqJQoQo/jru0Hp0gz2H2dli6+Lw+81OW4GuPjKqwV/2gvQX33jIl6xBTXmq4LCMljm3QS8DpFeiSXUkzSVwOzJoAOiOwLKHFF3xLjH4KiDK3hmS9Vog7D0zjLgb+CqV/s7MKBf+ZW2dbcXse/grqoOILS8IOUgAvBMVLgHcTmJ4a8+xseiJv2c6GG/0ChoVQji//RJ6xrhojG5uoqFKYxHwpYedX0z38ElmgwqvLSoBs0oxXwuwxcR9EFLQo5gZegFMiXvlakx1fdOqQGd2wFSBvo/rbfFJKLCIO7f73ny0r+4TcLg7aYUVd7UxMxGMn5fnjqrUVhY0OVirCdXJO1QnpFguLzHCE8yuTp8KdtUUdkpJkgIN/b0piTkcGt6ZKfYkD41HSWEfD4FYFX331qPPfDNnZ+YLYUkl1gJ+c8gUnI0oTmuiZpLfDPFnOV2SUfjvDTDhp11Uz3tOHCxp7O1O/i2hM4dIXoEj7AS0/b16w8EMoBN8K8G7w5wslgWys2LJDD8gFdeXik6CKHDI4cfWuhd+FGV8fI40OhScywznt/XU5TkaRyfhXuTmZ4dNO3Iwie1YR0xVlTek5EeMrp46zZY+NwNaP0A6/UN9wbJ/bSfbVma4RMUu87IsVjpiRmAmlawM+IluYHolN6G1bwJ0CSUhT9//NMURlAwxcB9ulLQBkbI5lpn1e482mDNaFJkCVaL7Rmc0RU+rDw+/aXKOrZQ/bxZgFE4wcjIRbIjk3evXbQBeyYqpsW0jkpwtNYE9iUxjC1uArvSO8VeDu20oQTVoBiyNACPZvLe9qkyTAw0soCc8KV0XnYv2hsVSfxXo9l47Ev2+FVVmY8zMBj/FCQguWXIMAXdDbnpP6xj6RHhc/e4kIcYMkC91B5ymhVGC6sBKurEFogNEfW7kRJFhyF1cqYXhShNr19UGWrnhvZ9abo3gsdd2hBr8AzF0MalYMIFXiAPfAFlaJIhy/VHI5uWEyMoZQs/KIH1yjpowRay6nPJzj4dQ1zgepCaTOkPHDAZ9qWQ1sW5cURalQm5r+yuuzLA5MEbXgCYWq6I5Kopz96gNXS+rNS+Cpp8y3Pm1v7RrtEppzsV58BV7vU284BxMxJL2sTBsEx035yap9IcbntEF64zMtXp3k3Er+uLE9gXEfD1GGjqDVCbQmpq2rBkpkMBc/3aDD+X6uQcPdWmplmGtO4NtyLvHKkN4rBilLxoexUuUrpq0LoycWmGiFoQZ9w7wMhJKAqES6b+1EsSxU5m5AYB1z75XcMU99SkPGx0uzTlD99pxIOnsSGtxhcloRAcpp59JW/jDfq5bBLoJ6D4vEjmsAtcywISxCK/9v6le1/U+ucg6e+Fb+EGsmjTS9Y66mgfIat7SRqBAekdBu2R2WCJ0jKMijKrSrkAyfB/V+w+vbD2xYfasC3t7rfqQEaLuJp/ILsf03T1PI2cgKLVsu2spM+8WfHM6jKMdp0jQ6Ns8LWmJR5LfUDOB/WBCCngG1lGvD11OVRbNAKWacpTsm+IMTdk0IqOBDAKui2l7xNF7jBcHBBcNhiz9TIMKteaAJo6Rl0ipu/iN/hFmeyxK8Z339xLYIJy22mp7Zl/CUxXTszPkhh3wLgnTpO/OEMdz5EQdX7sJgZigEvpo2ilzkDHf1v9s+ZEsYAz7kibi8rxa/S0O+EnV4kMkJ1JYaVAw6MX15Mjb5oxXAJS60vUICnrZzCey77RRIhlsO5GPLol2yxQTGSuatP4bdHE/avvNYy+R0mUU2wAYAjDGSefRsk1YKfJs1ylwqRutzuIHR1T0d6wccvgCbFvL9rlZemJEdbfpILj6IAN8iDq5Ds1Y8xyef1zl+OPlUMZXT1jyNjn+jW3W5vJTqTLgYlLeCnxLIY1hC4GX7ctMYsyGZctfxQ4rNyxeRRUNNIMRZseDKbkPhXoh4aSgPVQQ1mn0hVczUoiCO866oW4UOFzx2VuSrbnaOlXMmERvI4xamEyWiPCDU5zfDLNjlm18hgxMQzk2pF4LfnnOYQHkgm+WMsGmMaPVaYs14aXjJYOKqs03pwB+OcPB1VzJ4WPCbf9zG09tQH7S00GacBvQb+wY8srJyOQj4dhvQZZRphTUO4pv6n2naaUJMFwxhRKuo9+6umEvqyIlJ/TwdhPwzYD9aPJKJQpWMOIePnGdI45G7lRuNj9pTrYderSRIjyzZPprUH1eUBCJjWqnO5+TEd7wfevUid3W0mfcokps7/vt458eYf/Rf6E592jsGRgI2lTqocCFhd/4Mn/0u1CV75bktb9Hp8JelVE+BTN8uix5hTFREup/gTXOeIjSfisNZZfR7QPNRZab/3xBKzBLY9HCqgcCs4YN40D9ncQBE+WVuvK30zwEd/eUomAfyqaBk8faX6+BTPcXcIUhnRIcRfhHtTRtvNLxKGqnMBhNbC+YBhWANypAYBP3WJiG3Gsr98khLcZJYbByQMTvIJisn0cJQ58phU7sp8iyPhGjG5eH/inOMwm/PtnuUmWaQXbbhrxVa9gPP/mBd/YLPsh38K2gkE+wx2HDV0gh6xJMIhdRWdMDY98tUPF2j1L0n85bwldwK54X9K3kXurPTqb9J+w+MbBwuhMYJpmZ4qQYccfB0hiQq36DAckZ5PgQwVhI0Z2wvbdfufEnINPyEIRMlF80fqTmULH3BFPHG3bspJKjtaRqJcCLK5lf0XizVhSNlek2lbeIMnfjn/RturmdYGKLcPrP8Eb0w4f6wlPy/noaNwjpHfKRh7uAYPLCkehyYeAlM8sahs6jIla4xR7cLxCqNggJnMLcYfh8jvG1kvlrlRS/JpqaMuE4TGuDyFnI1Ssdks97CHjxRfKLE77PwuMqIdqdg+aCfikBmBeTPWKP5R6vIliF25AkfRlpJgRbV6gQDmpN/pESqp8fnVPGKUU6bCznW6dhQyo14RYm1Z6vAvlq+hh8LGlmhNIoHVwGWmpXRIiIfiknGEmD/FmmIkunJUc3IQHuNHATKiVrDNchGBZ1NgW/rbHGSNtz9QkbTyZcOMfZg0pQJ5w3EV1xF6sll/mbuR35uFvDorK4VHW8ZNMkcK0GSRYSNQmulQ86Tc7tofTwL+J6An4IFK8NlA3+wEVLJ/VYMPSQhJQHC2z+vIjIepyJhF/Eksu9uJqvnJUQ/ZNhmW+UMHEPTWcK5Rg3ATsicIW7GsRX7X3O4SP5DRV0NtUUyJ79xtsQMOICAcXeswfQqYSdTGWc6zGSP+RuT8g9T9r2LSMQBYxNy2XDoyAfduuNepiineSaO1HFNlczMnUohZ7qfs0sKhdY/4GfJ5wouYosW43MLsesLBHMUQP+xLpBEoHqZB0UEFSTfDSZzUvZi4W/685s3L9cNqV6ABbD2oORK2wk1I+BsQ/MfXjDaUwrursIWVyEMilTCXgNO41pQ/GurDy7DNnRS/TlEBsJf9rCNJzNnHPItOgT445TZohmKIiY16kVqaWQus19+CDuIuA3T29xjY/STU/G5Nq/0r9TCQ78SJpioUhiyRqOepL/C1SWvTH7UqSYsVTOUAm0+yl7mizdeVPf8jLK4LPAxks2wGeGQ4gceMrUDzUjovBOLc9cHX2/OkUkKqi4sw7svKYDGW+ssVyF0Polbc76xQQvs2xN5FZqNIYd5w1M6VwoL9dg3ge0w25EWKjr6oZJUORGL3k7zuQu0OW7gPCwQqA17a1FsVt5NlFWrk5En0tBvprw7lD5yDauy2SEaWgipK/Ug2qoA+41BrDsUEQ6iDOkyLJ5tYqMl9Vc7mxPm93OkbGSpSwSdQvzfHI4OSrfOeaUHZUzMUMrPGxgKbrTj08UaD5mrelGWyHPSt1vZrU0iI7UiA2NxxqNAu6zLQtp0FpmJmy9zt0/Cn4hqksxpPWMPtksnGgZP1iANBpH5bSEKBX4z+uTtOFa1RhBvBHoaHXD9cEfsZhPFgJA2Yn/qzl0oBHOGmPJLnBXYJ0RWQ2xvyUhyTvm1SD7+o0RHecA4vQe3jBqVcr+TCZtFgRz0+o6E0sJqv8o5TGjATIA9Fka6mhAuAutoca6ROTDoLK5o9SkTzdFpCuOEr+CbRp1lRAcQ3Xnuj+S2F7R3p5npUNytkApLYllPCtVYRjGHtAubXiwvt9W1Ql+r7QKoEbFbXf1ri86M6BWXHBmjcERFdlVylar9Dd575kf+8B9LLEzWhFmvF1/a9tbH2/ZNAzcaBMvENknz60Sc3lFSbd3XNVP7BGEtgDz+ECV+z2PaCiHTtD7Jg3B2PONVASPvkToGG9DaLk72HrJsTIUKE6gAUjqdXkvf7b9l7a5ZUgURt8WH2h/DX3i4PEg41EuH3x7eGkn/sNRBwrQAsxSFPhnqco8IstsHK0QxlS4YpPzzWGVWVrSP5FocSwDOUx3w5DMMLyZKXU9oeiyK7Spwc9hKa4EmOwDLZOKIT8Kqkwr33IvrPlfn1PDUi0ayTb3zBFDv9XfQ7iWDo/OYsg2S1M7Qwl98K/TTPhv0H5fUcYbdoNJWiI2qrcexj7u/29qdmh1No7555eqs7qZRC1RHDZgOPxFDu7ivhLC6DSe86q8LlYZO92Y6v83cQxWDdj71VEryD6dhdNI5XQeHel6GsxfhWhETpz7VxrlzQDu96bNtjnX252nbVFMUpqJAiFHV5e9bmP7MgCcB5gj86NdLupmG24kxkK/aPfFK30CuKyKO6qKyC+2HowPg/5mVN1zrRRoWbNJFeN+xSptCQApxCbQ3tABNpZlJWKqU/uMSoDFnvbWR8ib7mcHMqPED8EJr8w6yQTUpVP/3zl1CgxpCTYCQakW6uYASCjG66IMsPGZZDLJkV+svoMC1JdzLQOFyV5+98en9/svA2NDgJmQPplbEOAzTEpJCH+SDT7Y6T8YDbXsYK5EVDgIP3fzhl/fX5bDQTeIS5xFjaUomY6WWhnpahqDeE7Nqltl7BuRRdOBHDBD/bvQQOgmc7lecdiu0QlvMVyJLKQQLGy0MIT6ku1sfTx/TgkxpVdn2CcdQGVsbgc3BWbEF1Q+d4euPx0V1mNh6nXMI2uhwPbZBiAKpu70bEawUXREO6K8noECGuKhn4HP3SWAgKIeIK7xgqCK8EATr7twlIN2eV2LbHfDk/TJMR9ovX6LYdFE7QW9HdiwWk8BMNk499S+SWoQfOLdqKH3w1tk2Od6mq1Db55u1wzMoJCSlcAku0x0R8nesIsy8FrzaFfvzkzvQkSNoyHqomt6kK7eldq2qmetbHV1KXPGTqsYvaOx+g1ae/6zWafdE5FFjVltGeJbOmKPJQ5yfX13Ob6QuoSpKuaG7nKovHN/XXWi/OHlck29tFvIn/wRGKbMPWPNuFXaGbG2fiMjd3G6SUMxvMpAbrVp62b9M1BB1w9q+WuiYZM1qF4lV9guTFFOtwXfHrZqjSWRBZcROfrhMjCtr+UWkcUkOhAqu9QE8d7rXcoph8WA0SDGJDeAt0s9YAb5QA0i268mamTbHDV6AvsVQuDX5YnHW2P4bR1UmfIx7TDD8jYvsn0tkDZXHXlc0uwaQ4Pe73R0hRLTtOXABugrj05bgoIzivZGjtaSHzAQ/MWqpXUYJWD49ZmFil8Zh0D9yaHgCvjYpXf1GIkeyLNJNjpQAbVgGGlIOyqvHimkKZ/RyduoM9Orrpjb8Hdwu220iOSpGte8xdJArUBHGfvK1dNO+rM1uB9CeG3pT8je5N/4NJezNeWXDxJEFtbR4PrHF7y+IkfW67XZSnu+xymUaXORHbU7dqG6LPjbnOAxobxwqd0OQOKM33SNNcwFK+nGm0DgHsj01o71dOLRmpnTFpNsXzZ1WpP5OK5ECJuvGe/+8ERqzjOf3JzQ9gfhogtHcOEqLzI9kRq9Nz5sexTZ1yHq5XpbpiihtwdDh76hhY+nUV0+Lyp9cAUtZ/JS6ASnEcPcKFAaRYO90vXSYeIa6xfhZ6r/RbYlI7DflGj6dAeCEWVF3qhBtzEku34NWHjxoqgdg+cDLjhYgi1g4A2GlYi4SpA25PcBDY9mTbph9ZytvjryOR6vZ8aO+LQElDSa/Py2pdm7LP6sQU5mazgK7HsijLeQ8bw8cAg9cmfcmIsLUcl6DQ9izdR+u0Ys2mvOQB+rVgd7kNJKCbn4jB9Wj58cBH3NH+KYp2WWZ2O1w8KODQgz/UEaiYO3MhMpCBcahjQnBn9fXZgyG54HE2SiPVMQNCPJ+o9sbk6KG/VFp51R9R39u64LQo2l04eaIS2NneSTCAV8bFzkEGvXi9nH8JsOPjoIm/EdjJ135Xf6VlHOhYU7+MYnrXXOwLDS8CN31k55LiU1vj9J2RKHm8kNwqYNXALYaAGYxVpvD6f7Zjc/+QgFHIu1m5i7IiIG3CANjTAzphA9Ot7hVR9isSIqxhyylEDoGQOg4ghpKBsfPQudjw5GZHQxDfwI852Znbl8R6r+UYysGx4h+YSJXIUcbXVKVuCnQhMATz4Hwr/EMjYY79Z6ptP7K4kTZtj3E7570kyaVJa04wnysPA/Zd5Jv1SYSiCbhgxlh2K1hQBUWiyITUbbmtXQ0n7TjOBJXPTsStH2MzMkP6iFqVz3oHnqHmwPfcnvF9nzyKEkTW6Bl6xGsOvCU1jWK3Xgko8ZMztrk2sbesn4Mk52QanHx2pYQf0Q0GVDtTNEEfL+Ab57zL2seudZtJLPttnJO4jbbappFTlHX+6b4WEx5tKRZ3kiB31PoRKhodKPCMr+RH4iGB4xLwbSFu2Dcqg448B3R8qeVQ5G3ndZxhRNv6mYyj30eAFv4YfvmjIvAXrjt3MgMS4GlvUHryljrOH6IwaU/JQuxE/at68yFv2w5DJT+iLLQ6DPiwh78vjdj3hLAppRCVM5ShpHzLbyI9VYMR2Yw7mmI7HjTuBKSzvpmBq9XJuKHvYNfLaYcohOih6aeNBItoj2Mkk49UcdMFEQB2mRCD3ROe0YZ5IdPQ+3ZkF95UAtWnWnfbm0j+rjB5ieIi/SAzkw/7wFY4R/eMRt0KzNSMn+dbbblMLy85y1SEBvsxpiPSeSH4hnK76SaIOiETbF350A7X/CDYBcczTYoA6qaIknHESNn4PQxHyoLES4b5roUuvZsUKi1gCOpogpj7xUDaQwWUfyNTmVwRTy7cyGdqJzVCLQBWrOAHYBbi9Oc65QyCCeFY/lKKpCgQHdNtQGYyPf5C3gmDlLYgOS5jBdETnBPHE+up3UY1aE0hKHRY2AX+TkLAXr0rJedA0UzrqF+jCCBuSShAOqCgpCuq3440XZU3qRGe0CGWDkMH0bjEhWzDaW7JGvxEbGBAHoezIHywiEF018yHH5HHKra++xefpj59nc7ChFwTT9RkKyA8xC4LLzFftGnXvqhU7QCLNQFbZ7bYHqbHEM4w3esk5nkZ8LvJ6379I9iNSOFj5lArxvjPLyy2QXpUfE5L2OFHloaT6A6tZUxhxqGhBZVZM3D/EzPc+TGHkexyF4fMsM+wcRLIO8oGBoV7356oEyqDesIIGu/vAeTtmqKFhnkY2rTKqtYdWOiisgQEtrRU70nXH9Ao98hAzVIy8OIHmWug3nrKMkUUdagb8SUrYq5dAiQe1uRfFitYKQ6j4R/6erubJ+MipxSjYTaBlJGVnmPQpwSi+2mPi3mLtlbV4rKBYyjfbK3M1h01ltoUEnMLOKQ6nrx2qHc1mheUBRpxmefyl8zUW8AOhsoXcY9rCLTq4NnNScTbRqa2mxpTx6moEJYis8+fd2Fnr5Mz5Z3u+waG/UbzrRg97CapMaPwBx7U+CZjOe4A+u6Vk6owJqHQkHi6BIvUbB6tZzZGIhNyWKZmTRnPeCgcP/Q5lbqzffNkHN9sEHdT4EueL2MNHhU4A3o6C5iKsbpYR2yjoyHXKy6TtpcuTJDiCEPh9v0UzG6bxC8jbgo+A+p8FnRDIa3c2svB0AgGyny67MnaS/wQTg7NwQ18t4RQRNchd9jgcL6Lbe2w7clSxFe3evL/fXuigIXP0HEK9ld6yGVcImOSqeRCxW2FzRfYsmEOmPQOSwqL+tbkglWcv/8NiascNfl88oaso+9QvAu2vc271XwSPeM+gTulpPGeQFRSfTyq94Qj5uxQlmsdYG8igkCJJ1IrPzBOJUU1PycSa64EcpqFNR11mljkoWAqu3INUwaIWCnzdBjh6M5G61N0dT9HwiKca1nzVt7MGaGOr/HmmnZcN8KJ9n7KoWy+/pxKKVXscbfIWbVPMyjNzUapJ3jwLeLYTRcPvQwNA6zKdUFSpN87f1wHc4Vqp/5vgwjiMPZibWzGfZO/CstTUupTsHWEpnQ/dhlCQk4DCMMus6oYlIjtQKuujB7kixyZpI0t0/kZpcEKCv1ujSQ9pvtHZvDFUAI4KGyLZB//dTLdCf2NcRw9rs5TjXP+itp3rN/Ed4JIDtr2NMYbDgZQkoNHWYRNogsGmWHAtdLIbWlwJqi7ei7UqstQeFjGsgzHFykNCSfbgiH4Goe4WzbMbE4M1vmJOq8zGbsIOAdlf4dXPUCZpRyuganf06R6l1dZXyVd1RVQzIx6UOfg40narwTf7FnTbZA66fvpA+UgsB/Y3ZXswRBeTUUuMqmGlxZ37QJlCb0VIK0X57UUSpkcXmU4tQPfEFJ++Epn9NZpnXYD7egTCyMugPvd9gX/VUh56rqIwP0RR9igmvx8P/roajGg60QZhEkHYSVOpQiY7P0EbBbXPEnRMwjJZldKqlVhkzBDS7fPjnJQBeAeyxfhX3nFrfxj6ojo9lBuWqkdxBiDPMRT/NWrq2ptZidirj6Krgkv+pFjmitZOK6Gg0VI1CjzNnu3CknNXsyohUuhGD87QqFziEqcdwJ8WpRwlHUYHW2BOAdvonAHr7OIMU6kiLX3XYAQxxjrSPU0+LbO4Xrshb7wrTC+8grJqUiPU8YP3ce9AjCUEx+biyJUmOuskq07Q+qmeI/1WPA3GfV/r00YngkYw/urC5Lc0fWw5YgdJE5dxHtQ22WHGe98dCWA3DYFt8aXG0UKeE8cbDQhgib/9DywUVo74T0NTN46h43zvUvrfR2NpLQpibegpyLQIxABwpk7eFOWmCCCHy9VWKkWBis7lLpV8ZcgHF8dszJm3snYSPfBrT8FGPeHQt6Jqmu49YTAQaP5ywOOiDg+oKsCRDDIJ3FJ9XlFRGoNDKhXyFsBcu3qR2Ch/EYm9OY4nbE4z5PeBrvh1UG1t6oWoryKMgzH2ZT6sD+xeDg0bI/IGoZIuB7cJhbgChTt0G0k0KqbjppkX+gADMeeLvKtVSnoqfJ1HcU1FuAuwOcEcr/anGP6yFwTcs7yuRC++Moy5sEXfNg+l57Pi9y4FGUmONY/xjEQ6gYz02DX05O5ddhRlKAldAY30Or24LjPUfJkj37zboRJS4AS22b5EIu357ZsmjJJZxYZLAYg6C2tTzLVv6CmIHO32xJecnmBsRuWRmkB0fzzX7QPAsBmqF4EbfY7aNbUFrJpg3UhEbn/lQ+5X6BiFOMKCrLzLubenjYICktjSmqW8sw3VFXmtcL8ciSlfc+e2Eq/+VciyLN+hkhFOpSc1HyK8n0Oov8IxhBtNeZRO7/wDq5gPNhjLWuNpRWhiwCiGpgHHInm7pQ6jRS5dMg8RohSAoMNINglf7hjT9OAeVAowD5dxYq3EIfri2fSX8N1u0OxMzYPwObkpn6LdptgJhs4kF141qOIXIC4cVwize16hPKOzrKxVhbI1/nDPL3AilXLmpsEnjv8NsnN7Scsq7S2XqM946nOhtXd36wRcFZkpXVJbVwsSUfT92V9Cr192pFfi7zxaKm+3PbLCcCj1b7IBRTN0THJqWP+4uEJGeFhDJhJOu4UeaZm+Lhw62P33w3gFocfa9kvphc2OWDIDLFJY5rmSeGcrBL+Ygn1Ntin8d22NetBlQAt5PF2NuZgXo86qj31pP2RbSv4nNZYvxZiK5LErzDWftiO/liOEypvsiMXGkj7F2+GreWsSA1QGAxXXEO9hNPfLasVkYHc7RKFWRjkxKroQHnbo5cBwymz/Ywl4duDiT5PReKGwBani+GOvqwLpXDcKKBA/fzP4XNCaOE+wDJxeoEANJE2+hkzfbMXjM6SNcwGj401TY3L9aUS0UyHfQNEDK1E6jE/IQy4/LSCZmHCqykjsX1JUBVtqFWFPOkIncDTI8EPsP9ILrHL8GsBJfnoYRoq6Co8SI7EQ/1Vbq6KLrZuwZphi/rB5/zY6UZQpbvaX3gLEIJZGQ8BZsfmX/SWXp3JCOrBdmiPE7+G3pwPCHgPxWVafFolAL9TR9K8MI1iJlQjkvJOOGnjKUw36ezWLPaHpTL272vk0FUmY3NO8VYBrE+C4enq8UY/Ry65hv9y2NfEGU5Iscw+xJQDPFvTUo6y/6KfZq/pVq09QeTm2unHZjPp7vAw1ZLiGzrZZvzPURmwTyI3WWQvp3SkA7bkC1sHoy3OsBGfSHiogKa5lM7+t4h4CHOanVRPF1lCATasiwvBLsB47G52CAzXeZXV3k14vzYNiMSRZ1Rbx5ErrEVVcM+BM81XP6qCh+qGpbltiOaL6NpMUYK8ItplLBS8d4ilZpWtAiyY2hil+EzM5eTAjsalrM1bz61I/IUZl2ZreCtacaBG2aSnVFzpv4hlpJnO8o/OoutOAGlX0wjxecpvh4eZNLKhUckhY+MuwN/B6i6hg/3yrK2k8+HODTwb39fgl3z3JK7f4JGC9MEf6mcwwGt1iTFlHiuFPEkxdCdCsavWfvR6Jb8QkAq9L9KVJRpHtOJMeDTTt94hIkvZPbLdFyBbFI/uAtxvUsS4hEx+efbKaeaDxpSWLYjlw21KTeJTU2APg9Lv+jChTh55uYaGuJJ/5pdv+aVcryft+wtdXuN4nF2M1MWwaaw4RU35H/wK+7wmoOnyGYZpv+G70aieeD9eIcVUQbdVpmIpKvj9Tv4zvzaRLHeN9Uo7PkXQz74c1bM8FRAHsC4Wo+2h4WBRBY//9ArLkD884CCoY1FJf9ysIypqkhlh1B1l45xHa8LKUuvzzP0KujQwT0gyR6SQYF4WOOdzJ5iaPu3gCNIbo8FMaxJLKtZdjllmg55jp0Tu8EqllVyelj1ujdlA0GwXtj2CNuwjdUzvP1UoUEZuwx4ddSSz5KWWzXh3is95ykNidKfu9QZg8b03s/vD9CLgAwcmeWlKabeL+X7oSxXvy5DRamlbUYKGeyCvbFQavG3u7CUsgNLcdN0s3mQXxYwCIC4jPrU0265Xw0N3bDnlOQxuDkanwW0E4v5CDJJOadYyqRMX8uERqkIgF24xMXX/FVliZ7/ioHvfIUc2jmvgWIEGSkfyOPKwbcpHf1YgqaR98IvR5tH0hfknVJ38pK9DXrQI71ivQPJqACyJYugQrTBLfTlqM1upqQrCKlK9PbhNvPSvrOT3J1ANX7GU9lZi1GalXxEZFpH/3T+AMmRLQB2wQkCD8x/J4LDTwzpse7vG68sO+XrZIaIzjwvoySs54E6M8HQEiQCBorSfRPTmE+X/ZGMpePl171ljauhp4EKKeciLQX9w/rSPorYGIDSIkKdKTrh1ykKVlm31hOOhgdgZYWXju/jZSwBM/EKRSwG/oiDOoncbLP2LZJNoqod0FRA/0I+GslmMC8emwATOuffzdqj/LYJAMFnMtZMl1d4+Ta8Xc6QI/Cci1a2Q4xU45hw9slsaTSi51TcrsZYHkkxYbtYmwljW5rmLbOJpb9ojWZ+5HpOvRyQxSDIbq8CvgrE2s4A2REs6U6lax+jFB9IGEwPs0yHsOlkbMwvWFfJVp17QLjdWsIGH7we4hdxCAhOO/G/+CbB3LaFjeMRcmKfyCz6GCyLjqt3T5FLl57WLOc3RZ2Lcf/zpGd3wt5tXcZ+xPRSo2mrvoJ9Tcu0AAEkpGwXqTvPsXWM2z+345m/TcYweuQbh6AcLBGqn+kiw/VjysAXPGUrWoZuiBOWtRpP/loqsfKbgkdIpO3SJvB1KADSyjp2W60fAM9pJrxAlCsrSgOwdGFC/dqAg40S2LG5ZVPKDyIdGmL79i6CPiRaz5IgBcq69HBE6rSf7xH99BHRNDKUh7vgg2hqmpOwZ2Woo7pG3WNyH8Gsjw+cbEpAxhaaqA2mE7IG70KPjOxgfKojgug1HnCYzkLXIn2X0x+MVamYNMF15mYnA4ZZTIZiaoVwD0jLy3PXZVAPQLOHYIfaygC8Vi3h5/tzn3BnyZ2PK4ZUT21FUOd2aCJfb+aq/OhZqf39H/lm7AG4VZ+N40CdqTnhOuj62pSmCfaHUqmucXlzXV7rDyQHweR2+kcNMrMPoQ/MTLQCXVmKNArJw7GimYtNSFJ9SsHIMHmA02h+JTjhGHwIQHvmMoQ0nY6tyuAhTruTCSz8vZlyQdl7yA+eKnp4zgHRiluNPk5dd8NWHNN9FgyJp+hAyJzY9L8TXUUC8v8HFE+EvU0hID72TKcG7p5B3dx2ikwiHsb8b3XEV2KNLaiPq1gjKkrIvf5KSO+KgZMaHnSBr2j/OjR3UwgIO1wJgH0eseWrxy2e0l3NbsUEEMPzJNExLCMXBO6g6MTgGr/tQ3hoGh7mlmWbmHc19XSmLMhCv54ZmoOBfEu7zYIdOmEApHsvyjvV3om4cLrdp5Q93z6J2Ooqih62bbl9AVIqYlwqqpmau6csYnhi95neOg8yGAj5XRrqsSO5ectwM/gqC+zUZtFTpeSNnSNIdLwirLe+2LHJt8K/hJm/T8Wtf+9uRiwBy4Tp3kxuQK2seRx96U+NvCpHbmkhsCq2vYgXkgU/uDZ6bdtb5re4lV/whO2Ac0X7itWCw67J/EL0I5264lRB4P+lwHwkSMyoiizu5o/VWDp9645JpTKFUo3Qh5mBixAVYCXYR04V8eRREpg2zCrnNfi30qaHsJ7ppyH2STtoxz62uL++Jj2GRU6MrexmYrHbawbDZ34AlIa/GSc5fiEQ0mBlRjTN42H86ljkZNLU7Cfu+RjBV8kq0/JPBLERp7BQu8REv/RW6KO0P1Ee8FeEDluhfPJghaaAo/ReS/urUUurVsYt55QQ2tQMYXflZcLZSMexAN3tjVSc4R4bOCY7WZy04r46Z3GlFDh8KYY6J9SpL/hdBwNxYbYL1W8MVvfLV2a3WNruQLvaiCKQ+zGG50J1vTDN2Ka2NZ8xTZC3qeDLo/Fz+zLbn2huCptWdAoRrDYG+NvIxreAyjpZxLhcHm+0RW3N86RuBETSMkcPenH8QW7MMrJR3tZt5+ympMoRNpl81YKEh7IG5Est/JOHxsSjWwW1zngYFZb2+vx25AQ+Pg1A4NDCOiQb++P5zWrzFsC/TWOmXrxTckmywIcw3nVPR+R5ohzOLWukhSjeGtO1k2REOKB5QxwNE2/Hv3AMmB3pbm0su0n6iY8DP/jDWZbhcQOuK+1ls2/XUiSOp7B+qoVySMhomWtFoq70aF9l/x5uXkCXKHFrZQvGlsW9CjWm9logKSa9dt9SHgn030V1v+J/MGGsKzMy+oz0DIeVjreX/JldY3Q9hJTShjA/7lBCFNtzHC03aJL88rIKtf2Z9JFPAQKFpi2aKmJqbxBHRTDIvZd6zwikJRupVVgACowvBAPcotHN3awJru+LvFPLriavW6bgsycT3lrd1rVYqKrWptRk0HxIyVmsxlu+mlvIBMMI5JPUImRNlQzZdYLEuQ7Mx5NUMPpDmuqU6BkWm9PL4YnF9JbMpshNwDg9Oqp87LGh6SD7cuvfO3WHFj3EHjkcZ2Rk2KFgbQ42OudLUJqcrBlsHXFa8EYJuDq8bNywNenIK494nTY0aKg96o1/OZIePF1ik2Hzn/7cMvJitBQJaaqt8JbGMhX/RBNqoTr4NAhij5iCa6TSBsDqfjyMaOxVlCQCD9alkmGlW59Cxhj/ldpcld/RJhUwlw+ALVBbxfSIMj07KLREwinm2SMg9b1IJKV96znRriL/ajFxn9AsRg3MHllGCRVBmNy+lh3ey9IezY155HxWlccD4ZKCeAmOkl3P0WZLpJlm76FR1lCydKj4x2gheXg9CJfICgK/87IAOD4G6wgldehQrwNBc/+FoamCay84DrtygoTwKQbxVkVY6IsQ1/LFcwvVWhXz+/tCtJNMgrl4mBUnHjzGzkb7bWzDd6WQ0CCNA88dsoMXAfOfC0pZ69rmBdOiK2x/QIra4ptGWt84QGUhP/WbfiM7iqA0RxGVzzxvGp/7FXtRVlL1JP8MZWnsZ6KCudQF6WUP46ACuG1a7WZQiBF0EsHHlaj5pcah9U4TcmQ3BLqIr0wb7mnKqueYn/rPsdf4dvfAKzpmQmWouFlHVAG3SxzbiOCAQyG9FhqchszQ9A9W963bjnJrajjsZHWQ6jdUap/VxQpg3ohdoj0y9lcBuVoZW11wI6yBIOd7un37NHOhAk6DVKe5xmaRyP6QloeQ1EfXZE0K1g00kl+SrU96hP9y4/zr10SzB9G7athe3cljqG8OlJy4FMntGIZEVUO4nGbWhHUDeuZlpkYWVC0h9NrTuhzAUFCZf4OsLiJYkNtZvmUe4ixJUhJwLY9meXC7UZI+9dNsdGV/O5jbVIokfsq+bt3VhH1OcSAzL0tYmrADCAtnduUolR46E9fD7W6vmv50yntE3KreXcOvaHTS9xHVkS+EKiqn98NxHmRpjEAjlm/qVPgrmHzCcKXS1cHcPHJPu8UCLeTpTrLHvdLm7Ngc5GRI0OQ18t4xfaYWW1NbhRfgd713ptccZYZsK5JNZ3dzBm+U0TzSy6RdTNvyHxivasOlCjemE8Ipcx1BQWIAITIAk7BFSkuwZ9MifrGZ3Sq7okStz/or/eK7lN8DpbrH8PylQRBKXT7Pz0OxtnjmW7RPZip5ndhUrNiCCtbnrXt8jtTgFckMvUhmj8kcYuWei0vKCEqO+I66MkB+3G3HUUyr+lZ/yNHIpIHzkvN53N/J92jx6iEK5Hd4HPhe3js4jgMaB3hZaejlsiOfmvHV885RNZtrr/v/60+DzFqTmhhHysFyEZ6TkvnyyeDSRDQp2NPCtB+M34Bb6u8kfcAd0MF20CIGUD1MhSXaZSlkbKEWFwcr9y7EvNtxJjhaqjCaTFaRuQYA1sDROGbMGmSMdbwV/o2exJNhVmRpgPldrV1czM+vHd0i/8aY+wDP2TlkL1cgQJg5TQJpt0/jb4LHFvcqkDJcY6JEs5ZEwUbYE1e7IQN52H6GzLK7Z4Dk0wOuXX+tc3BNdhol9fY856wEMe248RU9e1mUuDMoIiEjbrfKv7xTdUjzeKmBUNXtZ9kq2XPgYDFg7CtKsgyraFNpcCUh1vvEaFeOasCFKOc9iu7kCztf0p8anvhyd4CYO/r54pBPtL/ucC3BpVRiniQmuvWMroljCkN9oIxpeEgjf6poudhlIS59jHxu/fJ4RtVcUrdtmYyfRc3Q7SQJsEHRyqK+gilRR60kXKljF8twWUHJUXRP4soptlGH1/PHosrWIkScrjUF5qnlvI/F1sjofZtpNHko0lq4gAhURzyPCKJFn8p+KXsn9hdQbPiJWpu1sOGG5CvGGf40bS1hdvkbqPpCJwekkSkaTdx2NOQ0e4kZnDZ9B21yW/qDtBwhcrnzb/6lWg2mFUUyTWPxfCoze876MOGM3HkcvMHNdMM1+TOKNSUbhtsEsimA/eVcAGYRVDCey8H5ktJfWnCn4/WYzDOikm8B485rHTiP6v/z8B9tmvG1hf5gkSF5DqEwAG4R1/cenbFqJUmo4hYP+kFXFQkqpMXmr5+IiB/MqA3unR0wK+FsdH2D/ZDsZ10dos2YctNvtRTn6Gtn5bXMXmHaoi9Pagot2KNhofy+VhuYOMO3k50Q9REUQn+83oE1rU0t/+9YAEqG5XGZml99ySzomw/PeXyjx7EiLUOaeYUNtyoJIUfpPyyhEZaYvu6+ayk1BxzCfRB518YXzjKJ/oc54x43uYQcp1N2fzrxPUNKEiGfXl7h81PyvmcxdO1tewjeQPnbCbGtWpk4P+WgeSYuD8qXRtwLtUx+EDPMnra2tEJlqNBrzMjlORW7XUzaBxEHn7rQMae+L8FZQaU+DzjGp4u+0FsJi13i7ILjcVUxJIhi+Z7X5FLEYXb6mhh31wat1m8y2TpYDVuPJBLOxHD8BcNC1tO8beh1+sMSM5cfAelbN6vLpaMGqKH150vOxSZQ0AXFnAsgDmjjb2CvY6IlEGrscSvTl5PWQql4ed24DmMVUllU2DedqqKW5cZuwqJC0xsVTMFxYJYaO1iGG/YMbGP2/QP1C8Km3cbX2OHMnk/a0UBO/1rQ/Q6b04D7LsFjvZvFy5hW+f2J399A/Wd2kXWHs9GGTq9WGTVktleHSm8xMWyuly1aVtxJp7dVpcwmVKo6npcmXRwu9aIAAE2sTBf8dkBeNXGrWtca+D2PCysWtEO5Jnpk3iARS6IXUGAtLvcYAq2M2Qj+grYxwrHrTENYGtFHY3so5sFkOW1JD/OhUUJl/FuRbOjkfvv7cYxCfaIn6sK3kpoIoDNU4WmqLxHIn7HhXm442v/cXWaCYOgo00FndtT8u1zGIEnwDCfk/0o13r9hDC55/RLd/3BGmrbsY+MC7ZZqkeGsdarso5wDUSWH7V6xpQgD4SwwZkj/z/BPvilT34FHTYYqCztAH8s/zwz6KxlzW/wt+ydiKE6KxQ24o1T7GpNcKj3+d+3tH3ifoEyo2AwsfZdhV/JpCK+D83qPOSNnBFCmJanugFT4SvEk/NTgkKkJtHqSy/C+OeqiheeBQDjjqluI0mn/Pelfc/cEYd3vCJYNAFdN2dSuC8rO5GHjA8ryFTsynHmXZOd5YUl8sE9twlxL4xqWqoS/Lh7kd5rA3idd9ucj8EFry2WQjMug/Zij9k1AeeNa6x2bPTnxuxuoLNgfHbHTxvglpNlGiOgjJsF4vt4X7vCyAfOviZgvwLe9J14SELXtqV9TIZ77x9Nn+gGoBpY9ej6Bng+SSVQXSid0NCfJz2jRzrnwvBa14u43Xj0B2az863FkZLR9pIQy2hjr/PSD3jI5y7D6J/kQq9Gms0xaPXxCXdwhDE7RvtWT5kbxl3SERhbOqWxVEx9Qu1hmSJ5r4qLO1C0T5pdYWlm2/rJtjrkD5F1OEvWCRDJzqWWLuTyr5UEsJxlitGHyphOP9xa8gy2UwcMkJOOIiuqpEHKNNY2FUukJOdzuhJFRhz63gj7KNPadleXteoubCezEIC062qTJQhvVjYpJBeHxp37nTZ8lXF5uZOIDXI0l4OCaPyuG3sGBHpKSFDADhkxcZp5pbJGIyIZrPov3m/PE3Aypcii6XkpslpoPJNPR7R2zTK/xAMobtxr9A4Wb2yOthhaIAZ9RSWLVX0TCQk0O4jA7dvhqD0w1VMNUi7Yt0ewRJLYqhXhzQimMfrtB26/ya+lX7L/KIJ9acZlKkA2KhW4Ci1RmPpHzGOZohFEB9ZxrrNTD2gLDZ6OwNe/Ee6PRgGYgAAAIxt287Htm3btm3btm3btm3bdofoIHfl5AKsrWpi92ZUHihF1eh8d0DNyMWZZDgPuKhfx9P7tNTDQXkIxk/X0MuYeqGFeXi4+EwVFjMnFSSQG8A/TGt1iDYUxHsLPrHJSQPIRDbNcHEBBcsvoVVUBAqSzTA5vQ/22Vngjv/VWQIYCvo1fpSQL+mcfQ3LF+3zD66lxjBr0s8IhCzyyZlxSMP/qpiwg4u1nfhbECOWTsS6cPjd32pWug6JUdgKnBl0u8qLe7ufxGfeo2aslOx9zqGs2FheWYYQv9WYP08JSDqmZ8C2tuJyth6ghDyFkQpCow9hDjQhQh9CVz66uqYyCjZ7OvP3Tt8HYVsE0JfSKS1p6iBa7s3dfaeHr7bJKdYYnHKmTkQr6tA43ydY92TccdEhIWsYbO0Hpla1n4vkYr76zBWZ4auSjd1OqVF+WaiskwwBnt0JBuZvb5/GnGIrct1aPuRtK1aVhoh0HFIcNfq7SficyeHcN7lPa5rbU1jrBr0Q5AcutvZYgLYvj6nJYzZ9B+8q8zdhSfdYDuK9gLL9+LOHG1E6G+3N/TYQOEOK60OwXvhsvHaoif+x4aufuaywncYGFSqF043X2tMxfR6EqBKikfZMQ7yMI8wuryNDmKGMyk9rzqSqgQ/tXUX1wRNh7JgCA/k7GuIzwnl2jcPSaRwMO+vpOR66bqI4QzxWYvdA+ZlfuL3EerZ2RXMn+rDG4DpVPIO9NC8M4V2FVx+zWBbuqF98By+YA0SrXq5i2kKQYokY9v1mTxNd3PLM+WEqXqnQGLyo+YkCRa3XjlPtu5ClKvTTXiNi7gfbC4xYCSpFktqwpPX75Bcv88uWZHuhuFek7W/dssl7Qbwj2QJyqBhrygu3rNwXGEetvxbCd5r9Vnh0zTtA5O4HWQeuGlm6EMQqLjumh16uho8bRLdvS3b0hvsXsvaYd/GPV8IItteDJUtQpA+B67EBPaMa8zW17RHZ9cARjMCHEDJ8FxI83JnZxsXdWAcox5xRrXyRMWOsl9U15xYXO3NUjQaqKAW0E5+5ldN9jXV+iCdXXp11kEPeXWCtST2n0vUpbDSdXptkwIrx4cu22aDGMjydL/0b7aJMVFt4XMKsLHPGP7rQjKTmR2Y6I8KD1W15GC0Qa9QRhmWb98w8z9APkmuzRqZQPFOMDL+iSsRBBUH2425rJynuCa3GkoWEPgQc5wXwabX0hrsyxW9E3heqy0E0qPOLvE0c0PBPd/qKNNFz1+01KSvMUoQju9BeuIZInlNWYLPaUbiWqoom59KhG35Mn73m+HthKxeZ1gZMNpk+OtoaDC+N5I+AoOUlrXHc69wkmKzd5Wgv6aiygwD9ZgDlTfJqqu31eoAaZxqMbt/vOntwSnVj3mQiJ4ZnNnW0e02xV4wbdpiaKJpdclUnuCfAQAFJkpt1yIwPr4QkDoVe/UN2r2YbaSOowuRoSi/XoHATPhB1k4q8tO/2yeJKwe1VrOtS1TaSkGob5WTgCBHWCm3jGY29YrleiKy5Md1gVmjxNIxC2bdn9f7W41d2uVHatMt8jA59kL6veKjwkUdlD0gmopjzCIbFw1W1ii5tvLw7mW4U/vEABT4zjccXOsrNIlBZDdIf9APDNi1XCDRpxef9frPtJ50LWD16Nlq6CpiK6VihNQS8TJy6xv7Lrpvt4YRDmM1ybKjvZ/FblaHvcQtXbC+LONmfIp4be0bKRku/EUHRZt4VB9TMkPHwHDfU5opu9Pd5kgS2TqBBbIYF2xFCSXYPiCisKTKWrFPaDbwmq6RaP3plK4AiGJT2S8Oo0qxmk/7nSzUDJuxrvKhOaCFxeA9avOhO30D7mVmcLdV3CW3Sarxiri/K3lbR1deg7bmhpQluysmgboUkcUoOMhMB8CrWvfJgAQW30/tgq9PvfHQOlDZo36bF3jtwyJSbuKvJkoiN2HRnPT4ItXIOkjoMlpZtGA7wuev9vczlsAzUsFzcW/WyZzUYn3zM5COvAQHT7nZVRTou69qGEo/D4xS9IriHP4PgMkEnGy4EO3mlX6V/xwwSYCW55+0PYKlYuyTyjY5lV1i99df3U96WcwiSBi3qRc9CMOyW2Pa81qkNWzgTGpplE7sc052lFu8Paf+YC1d7RkRTcWQ16U8LKNGFT00Q+SKie5LAVRs1+K7DxfqLTPBy4vGneXqNB5d8VB2adeiFtKulwHqDORgW4CONaHHLnGLbNckw8220UhrPEs4y45g0DuymFQivD1m7vUiUVYfi+PAZOLQsFrVw1Khfq5RYFqBINCIhpD6urFHGjTOlZiBqqzIgfJMxxpKJ4SJGzxGHfSnzZ45cDRl9J0ThUoH6Y5q4vsuyd6K9X7ag0GaW1YJzlAodNCenGBWerAbECJQbHQWcwj5tEahPsyRMu7jbKN+P/PKVV4lmWO2DaB1A5hCiX+t86O7fAoh2aBpkhp4Lv9CC0mXmn0o6zLfjtZglQMfdDEQ/tj2wIyz9b0beNQzZ3w+uZmlkIXDVxCi46smQPivS10+FJCl7KrNjWdx5eJdLGRPpfi0GLVfyFRQWRj/zMK4bGlMxj9U4p2bYy/hg2Sg5qJXRZ3bQ7omAKbhmuJ2M+0PKe+E817TYyRgXwf6/XEVAbFXZu8CiQ4+Pf0rbmGjdOV0VHL6D9HBUZ/6jIdBqfNzZLpr8vncX7TD1EldiIm21mJ3rRgPROaAxJ42l4V5GQqDPzXfz7tEA/5pA8NLW3zPp6lX8ilfRuwc1Q+4Cq8KHZ2fkSS7Dk+aGCu4GDZJIerHCujeCzlNSdHz53chiOaPSEL1RCaqw/8hcihMfmsby2iBqhs4iTNq7j5eQlcx7hMNghRwQJ7r8n/FQj4niClc3Hs0d7SGfhb8NTMj36n3zUtcfTF1BeLjRz80j7Gs/ltDgOMfZgn4vTemrU9m6wynsXoxnWn0RNQravoqVZ8nEDHEy6QlKNNixnrGT5Q47OzYMr72V7hq1j/EfilWVK/JEN7wPYVA4IOMjFaN3mq5POXrSWM3//np7blkypco4IYwFnrUM9yV6xsUvEpRNd2uLQBkvb+EYOs7nZ2VlejKntMx6/7Huh0gQy7DHrKVom2DmYx6XviyP9ZW8Lm5UTN7Qu55EBhjeQwVJrH1c1Zrd9DtSWqFwLpOQ+GEs3wv3YiidwjeY+qgA8uODGMNGWSZqH+v9HSOFx4nWmVeiTaf4i+JEqmMo3X2Cc40y66Zpxvf0Yk362Xmu2rtCZQfl1p9ilGaYL2WeCINJazjDsZ7DbpOAi9SDU2+3imgPENWpqMIYVllhsSXiMYaiEH0dJEbeL2i90rK0QpF0pX0dQI3z9YcAH1ZhsX8qg/jIxltQiPr0yRffhT3i8Cjpec33A8W3L6WN0Sqzd+LcmXoGzSW/Hs4nRJ7ruTYTzZQlcQNQHg6cICh6L5HkCW8BY73WCCgHcYjCp9hkxYPTYhnqMiY5ZwFbRwvFkkXvOLbtzcl+gR/XEy8/glNEB4fXYK+hWLsOrOXsJaXDw101hYUbZotMMXYEnM4jk0ZojxS15YqPLcqnaN9yRyx1tV+5Z+Ly8/BWUxkGVfS6rxCMP6lZZy/n13SDBWrM8IMzkZ8tjN6Yt4rfryoMZAPdvlFHR4Zrit5A29EbRK66h8Q74V9iBiUi5nhuNeO/JEe6g4xroYuZgR3v9RVvU1yWj+fIGw0nw72MLuIgVxqCPQzvTOR7T3rNWPVwKYO5SaD7QOtqwZZXUcKy3R/EJ1kZp2Z+JjPxByEtTSdfkMDfSltL2w/JLJPBavS1g3OjREXpmtsZPFuwK+E+8reXJheePg9JW7FQ+EwHLOhVTPUULpcQT17xDQD3EgXQGa6NC+PGoqiv86YucHbv+G2pr8TQFKKxL4SWm9uYJGMfVs0jQnDrIDywjqEBX5fyDQQOcnch/GPogo9NPuKoxn+su9GRqiwBEJ74nNAcvR09BOm+q7+vNKDCmTCqwHlGN+t8BagmBx2SMH/OkSlZA5ws5ISPXGPk7HtG5qGZvLLsJIT+6FoIBNIL9wYyn0xYd0HRoxPgxFIEfbXqCzFuniyN3OZ9TRAp+niIcME/DMZQkkM8us5Tkj5bG3nk8xa60IQEFgy7GfH63W9wy3dg/ZmnQ6LCxrWRcKaliaJjodbXwXn1fzHUyGRSQIqOvVAwKAq7h0KPyUIPPBedC9AFhm5q0lkLZeVQxA6Zs7Z/HYM2lkUMWUijFxiS/rioqIFiQuH+3KdXYR/gnKOJ0CjKdbX8ThnROv0qXUZ33j2cFwMoZO6/1Yvi6fLA26bXSQ/jWZC29U/rIdoZVWEUdQh/uTIt4+1IjZyox58Ppx3VjMvT1Kz/uqY53O4Ln860bwv3Lsk8acSba+kAZk8/5akipUJ3MEx5GzUxWVPyPz/RsNiCA5rj+J42RCmTCquWdx+YPkrdgo73/bP2U+u9OGnTiRSQos9DtihY9z1yLoHzdAr9M4E4cL9rCXQTUCrmDECJJ5kuvitFsT1kSHQEUgxiU3J1NI0DrWkZnpuVMKBD9pHpKApW/b3m9YmBNB0AZS6dLI5MsU49ZY1zcobO7UROU9F+ExKcPBPxTGEHr1EuLpKRzzh05aCMIu+rm7MrXdutM3E9vV+aqeYtbkJesL8zEwzjvDtt6pvXk2tox1uwfkuSzwq6+aLGgwKnesmGQe4FpcUV/Z2Su0pPlgczaEhOu+OSwifbascEj2v/zA5YwcHi5qhbOCikPG5zDvIgruRzhOvP48xHXzmd8KUAPkwyGK6lDZ2bbuZa3cFzaN7vP+td8CE8dRbGuydzL9/wG/w6w+mEpPPLi7MUu74RK7pFoMJvgr5O2HPjry4+JjBj95udb+5P//xHgcIExneq61pDhV/rx9Rw7f/8eo1cpPmpHrxnf7w1VEo2KoxECVfM/esRyubAJbQanSfUn2YBdxC9Uu0W5oMHT9yj4XlbZeUwM+cu/sVT0eMee0sydwfwFKOYZ3C0ZhVH5hFeoVawifbzwdy69E0WuNduKZJ9Rb97CX984Ta7R7vfqIDSnTAuzpG6Szd8v5dRrAeF8Rolprz8FrApq9GcvufZhxYtQSSwrGgXfR/dC884hnRsQhoAgAh9l/YNEte2XjMERv43KzGeZyTBlqxYgEqO1sxGpYL6OI9ysGaXd4YE4JlIHewIVtWSEqM5G4CHUm77XTattJOYX3sszT7pls1s1Q5A9B1ELsr7zdJG3Xmh465Wi60Tupg+4pEpqqGDtxCOGxAZ5hdKn8va/1I8PTooe7PugfLQqhY5uz4jCT6d5khe0mOFxAFLR8ENurAwgLOPkbgsRUbcBHsBjcFsqLZmBCucVUBRZ4ZpLgNI2RiBZDr9Q01pgBZFQjdHCTSvQRnkYfigcvRz2X4X6/Fg42Vxmb5+5D+rAspQ4pEUKEFPFcedA0QNeqipmJPr7YsuUymz9pP26KQuAgXjvjL6NSoy4CNx1q0VUDTpb421tx00supBxNZ08HpF9aGGH3Wu4jpPjuO8C4yW7GNHIfAYmOu71xlhEnDdWiQgzu8qECpkCtl/FeL+zlgzf3lR4JpyIlOg+wjWzM1335LWlEqIiGC7aCiUPZqnKaHrsv85ofciHRvuKggXvRMSTykgrBc+89iJDpTuVFg8W7vvfs8QFq0y/Ox+AdDID6y9H6+9EXiqsYQC256jlUSoZ81HyeWSh0ol3UHLkHMyTx0IrzPXTXtWwvPzdmd9qKHNKBGsLPZ4eJoNFLW0U0IljL2OFZggihcsDHa4tK9Vyan39acEw9Dpl98iqSs8B2vT0//su3jtIBpMadrRPXrWPOUhdtU8qA6wPyjt9pn0CZkjY7zvDdpiZoaSwMP9ZFJimq9d1TzFQgeVVYAUkDaZhVAzk367kfTYB7NecwbCvo4H0aNotmbwFe+zmc1WH3sP0UW+zEdy+u9TVebvyTlQcwhpQ6QZsHpcdJCtLBUIl4MpeFoBkslYTUL3bnLJkik4wTPOToCkzH92tvrisg5AATG9KJlOceRoQGIl6fzWiUS9uXtEsUX3a58QpEcUoHYhXQHixpjCIDFWn4jLAb+DdB8ZWoMn7qVfB12k3sVrZEK5E7nWD9RW2nKE+Aedb+ig410HoLxqO1Hm9z1d1ubmrULgZvBvWwhoN3SWTVOlYwLlghjsJCX6queZIRuaqdMyo/BOsbLj0k2vlgp/PzxtWf0a6ptdyE2xJ8MEdk4OiAmLEHMMs6vdTME+1oZPzB41zJGq58fT8HN1QMGYQQZn39mpAOHBmlIkfAnb4pBkhHLDeQVAi7Hl3t6avaTF2m+rtl5i9aO8Ib8Rs81NtYRSkcM9kMFaqBMyIt2UHPE7SW9TbNaZryqxBt/ae3BRBv9PmpJqG4epLsgD5vOPKdkjJa3iKzEIehB0x2ZI08QQha8+39EUe3a/VezpITUSZvj6dZ3XlMZJN0cmMqeV+8hyHoe3opOYQ+3p7YfzRitsk3scdeZaOKDPepIrAYowG11xsipKFa4vJIDYF3nOQn6fSt20EWkjs5Itze2+VPYVi986wEnoWE9PozF/DIpikakPOyvsCd+muOG5le7fAk40Nwd9KGdyCBtQp6o+w7tW6RNa47NLvud5Xy2HlD+DnL0QX6kKtVmmkYyOEcGgQl0CDXlnq0hF9fEaCGdeRX9p/FzxAlAIjfFE1ZdDpitz4TwEotMcmebWv+f1C2v89Ga3R3R3CB2bGDM2yX8xzBBRbMxECGKAT4VLR8GxLH8zlXykP4rxu0fQbejTtCru4dsdW3KqG/iMrZeaUoY6M3rAH6J3cR2MlUawl/8C7HHuM4zqAqLbJxxlvyFEGfJog3dY39LItkz8UQ0hD6tWYTFNv6Q/DCkDSJ5DoLl90+KQhgBKwV1qtXqzFYC1cOEiypcfSJ3umjV7AJIzo4BjA4bTZmQUZbZpJMceBWfAiVqGxj+hYGWpFI7aGRAfOLYxZzr+aECjVNVTo6PtAhtjcOWnO4Ma7RxUPLWhn+Yw+61OAxk6XkW/IG4oSzZnuVSqMgWlQI3bws6PZ66nYK5zqZBb8kTJsb3ibotuJB/mssB/m1nuXHEhsHEfAFzT3uJONiLALa+lVB5dEIRiyf6NoZmdxlXB73HqEIRYfsmyBEl8ZfQCLzKIqIG/uk6XnUBlnhlndmWD3PdN7V5p93Ru4nmTP8w6OqX3Iw56w/pQmA2siZG91N+9N78QTkMVuRKqkjBISq4re59EYYR88VdrM5cxS+fwvOoEOciNPTstNjeKRVibE1nU9MAhQnyDNQlq+kOpiKfveRocHqS4Kso4XjK4CeIm+nMYZnGno/MDlBxDPZs8mr75UVYXfk2JzU0Ynx5gYUzuvAsihQGm//3b8fWUfybPPFAJAIuzKQYTefPJw2EosavZFYqID0vksC2FLSY1Q8TpBGf8B5/8e9MutoS1O3swxBEayC+5GGN8rkPq0IYY8yWZr6On3QHm1FNHDVWus2tutynuknJG7b9yG58Lr5qtJzFt6bdz4U2wobqTwt4FOGB6HwZByNhGpLT2NrUSTuPIiL8sgUusHvzGahZ+vUTzeoeDkaUyllL7l9UXmZGZ+FGltbv/Irhv3xI60Sb2YYk+cLdrS2msJHacngg5pmCDKeYGO7POnfH4Z0Z08TX1CNd6aQEMtKRgXZ2j8UX+GHD1Q376Sd/pJcG+QikxYRMHZFfVMU8Lo4Zmd0j1MMLZK3YgY2N+DJRGrJlaEsFNHWQ84Ckl9NvYT+wziX+dyVe1kH3q/pWuF3SubS2+AHyadsnBok2jUqWhPHng/oapj1+belDQ4pcHVAV31O6zu20d9uipCBJIgrjCWSYAFLQ/Xl0JxrvS+BRffdD72tArufW8tYm9SXi7HRrbHOxY5FrmKn2XNjBur3C+Fnf7TEamBhPBneQ31QNYVAmwIig8NNfLuXjnf1eNxlCea5bJFsuEa+waxp7GYEdNp8/0JuDV8YkoSvNKnU4IscIk5pJFxztPUot9eWsCTVE/aWjls8kdjk/swxVtF9BxRcqpzMnSccT49Ghu0Cf/419D+9Te94FpfFU28xVcJNSuFk6KIU0hNxv/AiL3XpbQ6M6+k1643g49M+Yy0Fv08kdK4t4u6wBYrj2tA14KhAwE7yzLxQqpOW2m/QYS6yHE6Mv4eBxfn90ht4bBz1jN8uBDE8kq7OuupucTLNPQJRJd1IZWf/xmwCQKr2+kUJbas8t/DXOTPrd0any5V0ZOKJWGIhNrt8onSZG7DZ1JkhAPgLgu4WDGUcBh2ot+37hzmcTZBpDXTXGApf1YZpnKB6TsKk/3Yp3evQDM8g6g3lHlIuzM3CpITpRvvZ+egWUB/eoWfVyZ9s998eMfXUMbISFBgCOweuun1Vhd9NTJkxqVNTjTB4WEKBIAAImTmH0jYjtHpVHDaxZVmWyPb5QVTQrtX92Jsm7HRVaqe6GCanqaolj1ON99wAHvkkBauAowTDVk70kBgT62EJ/+99UOAV2E9YL9I4z99CTo+V3Rx3OlPg1QHdkfoac543XuZaaZQ382JHzgRLgLjqn1MYKac438XvR2kAjnjO85TuhTo0fYBMeNJEX611FVS/bBMAK+FmQxPtDYu7Guiu5oANCTxNkHnJVmBtIh+9RA5WbD4/MmGN25LNYPIjHQZR+vqjN28VGy2SMxJ/rGrNJGi8SB/yVHTp6xoihPuimzK63WDd37dT97CRVPAvaRegdB2iVqNAOzFUjS1GS8du6oZIvY+RAveSL3jkqRboLyv0ZQjdTGxSVxsgYwxyjz9hj9qXmSKupj0uKeMDoHNBfd0i/NTGavugFPn1l+D6D1NFL1m9PvXKUlU8U5wfRwl7l9k8MJJHx1d7VzKjbhOqlUq9VVIDqszfHgYUyNlSyjKSuvLJv+Q6dgElRBuGB77G2MadfyCE4iQujiX3DMimX8iBFdxCwzz8WpcZK9ODmzrVrJsoqnP6odnxWLIyASBAgyISP+9ol9F9OMujqlCCcMqGF7HR5lCBtcDpl+st8/hgSgGUH53n8AbST1RIYboFLUjriWkMCJTt9032mH0BKu4ICj7SMQccUv0iNzLeOIS2s3IkdX1QDZgLlwYhb031Mb+fxpkn2E8EhtuFJjDaUEKhn1WI4uX/zHcR9NfkC1yR1igJeb9N9bYXo27pDwWcjH1SNYcztVerEXlrLyMaGoX6c8wUtpQG8ITcpLyrnxnumuGpHf2ru0xtUMI9ZGAmP0sGL+Xc3/zgIRF87q2PssXg8ucKVueATsr5T6FKff886Vezq6iLFfr0LF2gbCFYoud+fzeepGeGpSJwGRSo7x6oiHaq2dacL2nPfy3y2cJn4DzROyskmFazr3oNpUXxyKr3uhwIoJ66sao7ggJIZKIxPDrdrM4SfO38OAn4J66btaSR6ZUwjiqbhW0PiWwtIXFLfexq5sDXzp1hjOnz+XDGTOaXcSZtv6/CYZ7Laf/MLy6UeMM1cUJd1ylhbslp0rE+RAlUzYDDtWTnByT5npxvtheGnMZUCXUo0W4K/Bk7TC3UgobLYBR6n9yk/F3hNK/0B6Z6Vqg3qSu3VKogpLiKpx7yePULdTd4PBHpdlZxbbulzZTaxO2aeoMs63EB6vCZ8aMM9Re9RsijhPWP6sqaahz2zt4HBbiRbHSIn3gJZG8S2im5tdtjuqIWfaFhadQJwfB4TV4uauMC+tf4T7Kji3oQ10cnDLZv1jwudLTgATZaxdB73VetQ3kcpUvKMQxUV48t+1EMWOr0aA7A3gGwt9lNfdXqC/4W6brnI1z2depShcmTOrht60s3NSilgYUeZnYIWQuIFM6mM8PW4RIUNmRINd7OwyRtHM9AqN+Z2Yg44NCsRvei6E2k38AnkFeMosj+DW9fGZJVQAg0xZunyrwQx/f8lRBm1sCsq0iNXRgrte0tTfZwv10qDqeBvTmC3O9tcwql1dhBh/TfeXKTauT67BHvQLxN6D/8QWzD2q5GLUwsj0VRmamu+lapt3UaWEhoeu1TPvMLFQR7jNsKwes300gWpEqkOZGmSZ3vN2gKo4iEZL7VkFmQluunDTIq0N8v41HE1FB5oEagnp5J6iaU9l4F38KJqoJU5N8hsN5+mEUqNSTZS62HfPBZESum3ToPuN/r3S8W1jDAgmmdL0ReRdD9elNeBW/wtthDy0AathavM0mJdegviA7mpODawr0OxXuC0cb5ZAZI8pLljAZnydQGWGkEu01RKhGmKL5FdeKgXaTSoquo1Pn6j/nX5uHyoEtEgYdzrG23HQ64CfgEtbZ+qjahgimtor27/8yNppXOyLBojGFhHKW9mbzkGz+bRHbfEadYUIwT2fsgmBBAsXzQ2ACLt9SjxBc1iQ88WYcvRMGKnzu1xFmpmU8ERW6cPKc9ZGhQKRBehFlJp0xF87ZwtTlvOXIdCpEkulA30g9VP2gVefX7b6Oxe6jRDPxh9DFwRH1fgXZxDlXWgW32w+wZzjN4C/mwm3ewqfVIQYuDgExGC0ie1OzEd6H3Vl2/K16bxWrSloLD9qySjRejb2hIQI3LNmq1ClG2lQj8OeydLFZ0Fxxh9uZ4ZMiJ8Hrzx6BSipk39xa+AHZzw31jbE6ATWnHblySa+YP2VywWlvO4C8xlQWbCI3DHgpy7TyFrewx1NiDs/0Xwmg6JZzudcP6uqRYfL78tUF4abOw3AAa0txacTM2TeUcwDDQewNIg0/OxcB7ToE2QHJfeE0o3s8yeh9dFRkz/GmY0hD/cMlkOeqDxeBfjKN7naR0O2aSH+4LAgEh5Ft43bKBa4BAMxnyn68G4O9VX5+2KyXg7GH4Op+8QSemIkk6wOjkCsx49MMo2z4GRlmmRDR2EAQl6UJ80xbVfzT+Gnp1GQ6wxOck/1/MPoJs6IQN7mSt3EmozvYvYtV7aWQqetN94c+99bvNWBz+ao61ClEJB0yz/vffKas+keF1u3bBCGMHxh+IVq2yTW4DpQUqiEB2zEXOCbyvgboJfPBg6MF4cEzwa8CoUN+zbsNOEAb4cDjMGSsrgFKxusOOU/FHVFTqiu5Xc7zugA+fT5zfZ9KEnBbxLn1GsywPVS+B/B5Wf17ofJzfIGDwcATuNVFXiEyQNgjtiqh6CQdhSZfme6yO85L1zBtRVv1T9hbXHfixS9jEOMs829m+TNNVBZXui0ziRi9i2LG1Aru8g9lZouPLOalruCH0nCW18KfrQXqhS9G5dBdychTt6f4k6Tp38rbfhPu1qeomHmVu20T+eAM2HyWUS6h3xcos4xjcMJ/WNmeBuR0MvlVaAnyMcc9IeRVVhAJtu3UEM8VDlsZr8qZysSyADxZBmT0QxJnfxDNhJRPNXYtt1McBrwbo5IwiJU2L9Vp/xkM82mbiUg/I6XqUE4IhTYTMz1wW67sNT0wksVsIpjdrwWWZjFXxhXlnp2I6J3603csxs0AxDhr8Udv2OdCQJZ0tQZeVG9S9QYcInH1SU9jNZGNEqvBsna2aYkyozg62u6EmkpdAK52Ud+bS6caWInxxrfa08CcxyLHR68v8U7GVa43qG2EsKuBtprhehe3EdKFJId7Kn2W9Lzy+Gg3KvPq7eiNFfqeucuaEFbSbDtQ03ADcHuUpK73dIOE1sa+ufH6N3SstXw+AjqDIv5C87AyzbDg7nrfkgnASr+1z24Z/VOGdvg79yzLkF2H/BspaUUXN5jl2xOAF0X7LwE/DSFXKrRBK6OqJ8Y8TXm+NhgoEdv45VgkBTmVF2fjA87uTXmjZPxN6mlS5w7Jn4aDOjb0GWuQbwpDSlaMJH5KQXKodeiKFD46LZdGG9ZyUCFnAASbBoJmrxuUjIpVNlFjHgWtVVwBo1Ls46dpPfflbur9cFfkC0yMNcIDe4YkqY75LkigrVjYS1Tsp2ShXvjcsqbsUdWyF3zFox2U1miynoo4I8kllEXn1P4eUDT8KznvGdeTXgn65EjqK4y1hL4Pbx8leveV6PlzAQgtyQPe8n3+lbImK/XVYwKrt47ybD6dO8wDfhebx440SHhJM4vnlYZYIpfDGYvhnpqVtbvM2IhcUzHaK9oTWTtCn+Y4g8iXFQJeGDjr5MsroE9AaoJttSvF9Z9L+9hwHjbI8UR84AJxBrizVWso8lEtEjsKZaIqBtL6GPwoP1mzyfB+dDKVqZ0RGwKFb1Psa+8NYrjSNx5mcJaRXwVr97O9P3mSminEUlO7i8Ta/imGO0VS6AICSxa7LYEI/0J/Ac2YWRBshJoGmcWSietf+M+VSjXnJZEtVv6FqOAVSbbNHJtqyfwsXl37oaTXs5kqL6SvJCXMlUOtIaDO1TxrLMg6I8O9Y5PEFj2ZFRMh0phnNOnzw78C3LNB1F/k74a4bia/CbYLq0CYIhrbi1Kw8EJXo1vEmihew0QS36P7r3tyrrK6cXkqynfy+0K56FJzWOSEMKVAGweldbrJ3qmXhELAHdJoqolECtuTpMz2XXoQiL96eq9RS1hYZvetfx2dlmtzS34U00X+rYMa8YayjJJR9EBNTF765OygE/+7pe/U/CxW6WxTCcm9JmcG/dV+1ev8Ep48PkvnrptHl1uTOgnS1AF0qr7vC+YYvNteSRo6IDp5Zba8CTwHcT8k5TmSBnydCjjRRS9SQLPQ0/J8L0pXwBXKvsh+MAlPmUZteXXL0DRHzYmR/W+uLtxmp1bXs0mAqPC84eMzexQ3BY+vWY6pPb5IuqAefvV+wravBM7rq36FnIwp6kQIRXqR4JFb0hmojEklJj+tjStpf1RuV+sBpmkK6vO0R1CKDb1XcsgiOd9UsfF2ugnx5dnwJZy2L1qZwlFYwBkpr3uWT8AorKesJQX0FHfOY5TvhXBGw5lHB2rKPPfH4uAOVUcxxutiKRNGzfY+C1E/7Kijo7vUxhxkFjwz+Rqx2m0S6p38ekGdxZfc1HiZhIg1i2Kjw4CMM/sLhH+OGZHK5gis3ilIkaXUi+R3028oDXRM1uGND2RJGRpvEFIksRSK5wmStHxP9GJMtVR5o4udk6us8TBHW1fLLPxyu1gvG44V9fEtBEY8Bhzk6a8p6TDMbG6I701S+hWKJiZwUQ0IGYjdfY5remFqikNel/GZ66RJURtnDNkt8Icpf/RvQEw3rw0IvRhX810TV1DxqOxs+rHPQvxHQjq2UnL8BI4fETgOeUyL7r7wNIm/KOwfbx+UHSOjdKnmjFIS+9/0PLEs2230YqpDnpon2u0SjzvGtm9DYn/hRuvje/kP6x0KaZd2qGdkJDLduo9PE7VmmcIP/TMHLw8oRBeIis+hol2GrHkQ2MSyD3kaOD75PPt6dm7foQ1Uiif0Mura9zqtPxgdJQzpdw3FvRqMqPufItzOJmfujtKhqLmy+DiAC3Y4+3kJW4AigA4f5wmKNs+Hwm5DumKhr+8XkBxrjQexSACNjNQP+oIKk4QIsOibN1HxN+s8p68S7h57qBZQw1vFOTNJKEz/XIesvdnizD/NM1nJpNWPze3CuPhVYk7BBjX2GGJfuV4UN+UC5ysj/R/MvS/Ir3jwo3i9c42z3wsjMudZ6IK/wy3Y6TjPwmUujri1qfiY/ctOcKARA+CEZA/MZnQG5bNplAFdcl6yjKJfeSiWKZXFNGCaM4u6/gKfBncTDNo8XRVHbCrla87S3ZMB8zajlO0oLXFS1Jywoi3kOlOSdYuEUilV9ASscCWLjPaS4x3DcI1Zf0lIfD9iJR8RxU9D5/BNyFnY+xZKuMfWYVxJ7De/eZ+rSgyvB2mvfFBJtYVk0uTVt2azgZqXMyohOk64z++AhoxBx91cpt9ffemGZDz6PnhkRqE0EgeVDJ4hDy8w5/0Z22un7dsM1swjEG+cZf2fNW0zt9TXjQFX3xXDpqDNRHlZurk1EsIaxG1X+wobUMcj2HhutV3LHjZmHWhiJG1TkD03xEg88OYXKW5Rd2iFqKHFSUcmOWYC8AdItsIkPkXAx8GTml3sFyHADeY1YeqRgdWuG5AxdzgAysGiEqARJc+3uOlJQd7ivqWJXFFuWtV3Zr6dsynV2ZJjE/683ECutimS/gL0+bu0vTbU8ADpOPNsExBF9bUmoDCdZfU1Vpo2qfXLUcGtETBt/+zqkCP6ucje7U6A6s8A8sZg08W0rsgjGgOnhSIfFXob113iblVnd2d4q6kH6ZZgCLlxTIQY+kIwzAZqGaduCf7AvektN8zzhqntJ17hrKsfxIY+ctO748K7sfR1gN9A9WJd6CKlAsXB8Fu46ISFL7HRNSS404NUQ94/HrGtMYKgqMtHqRM0rqrGxLAhgLVzojlsLPc8sfnEwFrtsGe2ge+FK0RoMthrQGIqRw5qa8c+20RCaGJmEqDj2DojaattgKEV/SSzpEEww55ee+1TVWO083OCDW1O2MrHLA9dK5WzED+5U7NPbGjTNKxLLxM5VXlKloM515BR9BoqO0kgV8a4UT57UpvIAfsYyBuUmR7ZCg02V9rBrO2ThIx73qkNwaUeWo2CdPVgOm9+ogNnTGdlonY7Cj0sr6Lk2zVxTsZ3To5E+SUR3nRuUDy6kXJ1XSN4GJtnQpk2RusVswC/lGjbLb0u+0vqTHq0rT6h8vxBSkpEnGNZ03fAQftHUczIc23hoVCAz7dDH3ev01FwKqkkaXJBwCdwYm/TRCpnSX5eRZqeyMagiOeemYc2GekxM+W4m/yySMPG84dvOfCLijotsrS8/ekTUQPGUqgTt6UY4PvyY/NC2VfL126vmhK9wn4dESn8UA4hoylOI6hsxUby0dEDL2+rU8KwyI1Q80PMAwB5wZr8Qc1s0oToMrUqwsaWRDjEVY3nMrRhGUCpPdT0CvJYk7UNWuXMW4NG1YikewbAJUJHXk2TCA6wGVtrgvre/QaburPwnCv7gXSNroebBJzXr+jZHcn4XDKT+KWXMaxZZDNSfTnFNRr2GPOyOETxImV7Es7ZKBlO4uOrKFeR+lj//ZSqXfIggm7MoCuH79xloocYferzLJkxlv/RDw/2AT2mjyPk84IkLLwnNZD4+naVZjmzD9oEU3Djp1ifmRf+wQaqGNDbHUR2iuYkwkh5BMUwzH5vgcWEYCAFGrdh2u3zZgKiwd20kv8C2YYU4ffOZ3qTs2QAiH6mJ3jLhgaMvLKfL1azTZYn2I66QA4+7zH2iLmWwu1H53n2yVmeb8eYoX+mw+7FZOJJ+lIeKMi+czCYRU/ZahIP/yKuyJaqCG7Ux3yQKzZlV0aIbm7cc45Vh3oXprkd4KSvvKuWcGdE3Yky9Wk4ZPkf192MlLPO4jJTzqeK4hkrESCveKdETmCnAsBf4hFQHggJepKbyk4IaSRSHwPgKiZUR/Usn9X4OOV9uXae1iSyLoGGZSSrsoiS9ZCHDqq+HE+CqG4R6Cz02lz5XGl0aEwZOHm7bv18QfahwpMZv/9BSMzMP686a3pEDvY351/z0BmCmApKhivxR5lr/aYBJK7ekScKyh4eZnMwj3c9OL+ULtSpTsI0NJC5/jM2AndJFM+KyRcckYi4vh6s0niYGe0sXHaElc1+o4wEdxKXG7lfNjMr102j0c9fsM/oPTPdtfHsZLsTF/HX+aL2eM2M3GjHR/IvexvcCLxX7WzHj0NkDt0n+MMfHpfAka9O4oB7fiATVBLVorLBuXHoz1O0usxw55G6FNKC03r+wPpDCAuTK+0bDe9AEsqHZFwAWCvb+JEQDKFGZ7IInOjrPPL4D8zVUxiAPT3zcz61xCQg8GqEPo3rO+Px2DYhikrWVTLbGiAwOravwmfoFxobgP4Ds403Iw8Qzxn/pjdjxNaGZnm+d8tf3Z6ms+JCOggLVgzkCXRHSFv21iLwQvlQZCbiIIqC8DIakBFILbbF15t5SXUBd2ASZMNXwXEdeCW8mcQ7qovJ9Hkvy0r0Q917xYXmWFTQqK80MFRpeTuJwZzAcygvuyfT9ujL00aM7E57Pj2xGAXz9JEeYWw7QDQgrQ4xFUrP5nsJzwiifStpP6BiaJNjOF10Y8d5LWYi83ydzD3E/Sonr8z4g8dFSXdN1YD89mAIUoTyaM/71VGChVDg60tCm8N2IHwsNrGqajh2X5nmHOQTuy6MkpUqTLGwxdiTha4kKyB8RrrAsizRdxeMLTzOLejZBeuXCRAUyK394qwDaeUpqNZ8dkVYDr38pFftU+mdW8kXH1H8I/9Tu0QBCqqcFmY4Z9MAMQpwIeNV1xUD74Uz0cnBV2izHVMeBU7cwJuAi1i0M5JRzOHLdiK05W8/WxdOQiP/gH5klGaa7TWPOjcL2ND3l49pP3suIemE2cyCMTmc7P+YmcyYU3XHLUizx//uwQ7AG0R2mxl5k6MZ1vEzX+YyBVfwCSoSy3gBVyrd9h2oqCcTAPBYXoy86udjEdlGIGS1HIJY9Do/It6U2WNybNfZQJ6Pa3nW0Dpcpbmsb/wEl23LTm2dQga7VmZse3ZC6KhGTKFCpW/jJfMzPxZA4zgvOqR82fe6X7ql1SSgImCMTsQwo01BrM88eZy3kAWRWK7k8J2cC6EYZU04F7UfIJouKj/AGfBxuCz4ss+K5vZyqS325TdT50+Xf0/MVCNm/eMDgGm0BJVjlq9+5BBnDROwBEWiUcie/VhcwpsXTXI3N4tlD22G1HraLomwAjPnqbKTUCNfrGpwkyshRG8xnux8aSNH1bKxmczPFsOZ5E+Vja5cPAAhXzQehBVwImum+yknEs6SC09WsgCH+Nart3BgidLuRLrmjFsMHLZMgbdAFQV4H40sYrMQJwHohCi6BT9UG+v8yGjEphaAmFGs2PLMlYjMEiSKG7nFemF/9jG1pc8H47YJU33qnhxf4Xi9cNJRC07B0XPMwcJ4CySXVRQnmS4ynDJeNVqZbdUTG1OhurlYeQA6SCQ//IaWwuK9B7yPGs1Fe4QbrKzRZJ9yKi/zWNo6/xM2tDLA+5Ie3cKvgFifcH6CH6FdgfK+79/610WxBy1hm+HhDeCzNZ/a1usLcxXNWxeeQgqYb0e+rM/UfxT6DnlQUjg26ioN6SkwLjLjpR6iMZJ+hd7D/4w3xwcg8VNTNAh2gr21tkJdCsaAO0hYNdldS1o2Gd7YowflZwIhg3c555He9rI0DC2D0V2yz2CtIbJ3qfM/Y5SATr1WKnnzU/zNNylaEoPS9vxVNtXZZVBzJTwcPbwe5AgGp2RhD23rHHU38BeGPnkPduBIC0LMAQNLGesyL8NFUMOLAmTq+o1RDhcilaJ3NgB8BiE153kcSWSGazRk8jPqe7lDa1bO6tmQ3pZdaK3ZoyY41t1yNHDJcoPGUFiB7RDHOtlZ6S8vjrvDnAKyiROHXC3jLc8qSU421lbQjX612rMTZou4YyL1Gd3RGhskmQAU8l0zHFHn79of+2ezYhn0hRx2q8Qvz9A9DSJq/UohjySBXhewQkdmAKzyj9cZvZcTRZkTKBv0ksz+FfI3l/rNT3zni4aF7zOGvEmijKZpcO47NRhPuLTD0cg1jUikCyiUMzZQGribFNG+Gzr/G4QXXGYgCdJO1MdmzKKVBtf2+jQ7n/pyWzUpO2kH414XPo2p/Kd/Mu0lzHs42r/kDN4iS046PCwhxRy01uYH6xMbLbyXTk/ew4VP5MGfcS5oSIoJPm0grzeGvniDYqgHRzj3J250wyzFK7lvQ0Nk9jLCdvVKcrMnDO1LM46Z1DlvsXagJmCZwzt13IXHwzDosK8LEXDp7AaFhM5KYBbL0X/OcOHdSXuq5CdYDG62SpeO/cLVF46YZTdVuALkUamJRaWJksD9rW5m6FdaGs7aVJq9WNCH72QaqyzrbaJyH4FYctpEMHNzI8JFVYxb2R3GI4FTKqwvHmBRZV/qMBVW/3A9nZemdtL5OPA8wzrc4KobeU7zrKP5f5eZFPYVkBSWt7AVEqfSHlpOQvFavLuqfDdDC4aEDXTBwZTtCz9FcaFGheVO+/8jAYdpAP6JAzuIS8ce06kWZDHUYASaXRpr6dTu20CulI2zAHqqsNNb3vugiSifpeDnfnrwrGk4D7eaLf7sMtTZZh1QSqA1DgyaK12OzzRPjXvbsNvdb1Yvk2aa+xgwAanK6gwVHfEBMhyS9oShaEVNeyT3e+F/ANfF5ffBpeVOWnVzKIJ5HS64akL6rWTdVhvj1B39J+X0R+X6/WWLUngsmAuJvrgO2G5fbUyiluf0NXScEQIUgrHbvv3re7iYVvrOM2KRXUCZCWswqjcci2E6tVJTRQraYokv89qDesZyDMouax7Ipi2z5vOUMe2UCoeVaFhx0JU/EnxzPX4JJA+gDK3BsVZzmQhPmfpbLk10W1+A7rUlzu65n+cBOGxVQBGslFW3Z68m+GmHj0tMV055tRWs+zQtj0KCt8L/2W2CmQ7PGH+2e8or2zE+inuKkrsHZfNWtuGOKZi5lTdc/lhh8zxjWAiR7GK5i3DROs2/EnhUqiJxtrYFzMSnBIbOP5xrDo5SZlJYLWH3kga12JPG0H/FCy/TsgxueLv4ZX094jsxtzJQU6cNbCvsuoRoGqQ8zD4B1JCOtoTCQ0lt9bvbrMbZgmE9k4btz2QfOwCEHBV4BZzTyFxKkItRPWJI6ZKukRecwO23uLsTEMHf9D1478AVSqC4TDNJDGaUrv0ZIKDMgZTMM+JCMHF+RPiD2/nNEbJEHDm4DKI20BWr/mjPsu+S5QrVLNbUWwwRwRnMUvtLoDjQ98OrhacaNJ9/7dfcsJmRKi1wk7VURxy/BVGhv1L8TCD+8TrmX2VYZjYNu/ZMkoD3pGd+pwVPlISI8MIkUsPX52iWjHCWHlcvQexSMtxdAfH1OH5zZZ/ahEQWRuTFHuGdrPUiRKz2ilBtMMeyXS0iRYHtsb6QZPObkfFB3hv9no4VVqX4/HYybU3SgRyB9v4UWU4OHKp/VETzeizBgSLbRlnXIJDluSKOmDsrlchoMIGXflUxd4Z0CwWe6ltxZlFaW+CNmh/CGsIXc268Vh8x6uUspCPwllczufHL8XGgp/GQ1qWGR5m7YV3NrmSpwqjmWT/LoMxqK5CnW7aUabodjHDRstsMXOfgH9oavVAnYl+vJFXnWZuC54tTRdLLYaX7Q6OZtAy7iJEAIF/ZOBOIlW9/KYWme5EkGMnYpxcvvdpDk07pEpqDgP2kj7n3xX5OERlvZskovmsNLlohYUI309RYEmv27GvOWvtvYcHSra1qo7YpLrwhaVN3+E6W4Sgm5EPQhFZfZNABideWJ5BvcYxKgNAHvF9xf/+hsQh/PrgDZ6bdMoZGiD+1Sj+wem/iobD4Fm66QPEF/Xy9MrP7sNpWE7n5vtxXE4UOjAiWN5SEBZ/Rk2Vehev6xPuL1NLi4jhjmmUtafH7N8R1w4n/iy7ZfETBRh7nUIC8qUhMl6k3ceKdj4mWjtD3XenvpezeJUCNWtwmY8NUHostgr1lhS8z4uUPMMkELkKnd9pn7AngqC20KIkdUHdT5irc9WQ52hLd3lDbt9CS0tyGGG+Jof/cwmqCvzqxOF8NhxubJVtGBZGtEsD8G+kj3IqByryCe7ZvmFAypfYB4nk/Gan+/xjtneMlt/alNmlv54hbcUntPwcGdC1UIhZ0Bpl/pL0S+L8+dxqhxt8+7phZpLT7PX2NNYZ54UgH7xk5ox/SRgYGvsjv5y6Ti8zZXw2O8d3N6FRejmWYUaYMavlBqa1g5nDL0ccLbIqq1mlLGcN/vC8klp3I48eWbz99m+6S2xPnpQiNUglMOGK7MrZOIXswff37YjWeHQ7zv3HsHPLWO7AIn9faD8HWH5yQlBVLoDmZiU2SpCCwP79/V7p+yJgWR8w3apoN+WfQTOZyz7mxd9GlGRiJHuNrgOAT8yS6GByAOyz6C2BuFRsvJdR5gD4iPI7vq4LrlKvnJtaMw538JwZGvHNN0D9l3BCJWjlN6/0+DDgxUJhGU/g3xiasNFXbJ678xwk0QblscukDryOh8PUNkufssiJyI2AQ5EZJezyTLmS2sn13ASBtmjSmNdZb6z8ccgoLtBccuCPkWGfxi7xlT19QGF/KAjM//X/kOJ9/lmY4cVWYBMPCcnIDfCJZKPwpuGMfxsadfrjVFBKJYYhNlOmottWziMLQwLRNjJ/EBPei73LU37h6+MnEWQp//zYaDVYYbWPRw0T7lvv0AaY8AJ1FThs60V8owCgXpAvpdUBSsMNuyN4aMyDiXZ7OeJMeMwYonn48UHv7DUzRBq/jgKpu1uGOGwIVN8ljJEEb00OKxUdA3/12ser/XjvbgKl4Clo9H2a5b4o7l4o6DyJbzdnPlM3hAosaovqR2nVT7+JR3p6H3ujkPEfhV4IMU0cV+svHoDUI1yR5VKF0gJ9RBoKzKJ5zMyUUPBHur9CWIyccHgDyX2XF6Q/fKkYpK0I1O1PifUCiRzAV34R8oUhFLsOXm9wPY5Sc1k4UYuroZ80yauxRHnFrCqx85EjlSu3yNT7BjXIDk6c9c1gfBC14ZqNfOrN3f65Tej0cS2675IGMMRyVUqkJ37PGUuWO3thktYLexaTtItFPoiIu+sEpWSexii9LjVRuP/ua2iUALQBf9NIRNnVcVpZJ2DLCYDt+PF9RBw+5160S5gC258642uXp30IIQXCjlPZJwBs90f/kpDxlxoRholxWiI46yvCXWs7owUxZjqYEtW34wATQIDvprGGvvtDY0R3VZ0s92cSakSzMFplZb9IIpLQwjrHzPKUAq61suKTE5LkXjFwsBHRnR+gwYjSa+nl+Kwbcvve8F1xwWQlUo82OB0QPuwjwq3EpFBV/XR1Yh3BlWH1zp/BSKVwGMKmEZfhKsJmZj1tVkxhLJxDF3px03kVZ8l0J3omi/hmTVAtzpGekD1nIZDj1Yrf1zo0d6aBUVdBmyD22Y8ZQFsHFYZg4HNMyx2PvWG8oF01svvbpoX7HMO7QG6kJKg5CvP5joM+XTeI/dMUfX9CxTNNmhPc9enqUGPjm0A6XkjIH+DkFl/SGx3AMzBPYSlKCS3HfmLHPtgCv/NU6KGN0ryqVo5RJUI4h1POLNjYysbspKln9ZyCA62BOB3ro4eFDQYErEYL+pD2dza93rYwT/zbNd5aXhxDpkhdXH0PS1qla5klUofTzfbbNgsh0kxI7nut0gx4TQ+7FmFkw5UNOCF+dSDfCtQsZjpZd1y9YGYgl2S6gawhW/MxF3G6y0DibAXvL1ov2Zkt+DanOsvELEquHaMoMUAT036hybF9/tLzfbPhpi6Lnm63tlxZMPzuJzDfwsxYlCep0JAB3vS0OoauQRh+xFd7T1U3dMERssi6U84OUy+RStyuDjTupXh7ILt0zPnNN9Sf9RPFABySA/Pev6dwKn+oP5b5tnChmr5ex3yKWz/vpimntitpcSi7j5dws8R7u15MJPZXGEgfKJdNaWyuRT96HE7581JDxJ/JVsxz0oV7XvXAaCUVFJs2gpIoiRjVnoQ9bk61H8csaUOY+n6wNiqZgu7wsbKJGxe4ScUSaF++Q/0e0g1ctZnYa3mbmBt8aWRmiA09K8j9KgjC72mKa8G4gsdD8N0F/jH/k/yW5cNpPyI+RIei9F9W8h1fr1ipUxfeDR/2x4Ixgq7tbd45BahkeXKi1oVx3z91gh4GID3KFog0J5HO/TfErPQENmqKP8LsSNJAGgjp6q31snEAfhrp0SG9/Ch9Ajy2gX4sO9T6Sp7T4GWf9+ie244aJTAlDmqPmS06yqIFrpH2mkTcF10c0FiNJbTzI75yW2U11XLsiMkPK/NEAUKA8uROnJLzISl9bMxqEFpTcSzJE7uvJjSvrpg+QRqeEJuFkbtK6+bTJ9Kj7NP9g6RB81wEms/n6Tc6+2P0npLGGQIakPdl2k0iTYW/lYOw+sdUmt4Ftzr9V8b5tZnkRPwf6faAUAmDAAA427ZtTrZt27bNyfbLrpdtu/5s28Zk7SH2IB9OCmZzxxj5zb0bY6vjYuO7Zc4JPussRUKmcPDFY8ZxNJuwhwQW5GGDXf7T5DycgHWbEMJNyix+RVtREZK9N7S9UGAhAAJaZI1AtcP3dzEO7sO5U/aTcvKMfCd2BUgmSBIuzKwbmHgfHIAfimSMuTnjmSHR3DxhOAfJmNMDprbo5AJ6w3yGstz+lccaLH+d9fIKO1BdIQFR+6o2W+byhztkjn748k/Dxd/Jp7CB+UHQ7zaLlG+xkli9pR6pH05UISV+iwsH2IVFcxdqMx73mlP2kYlJYxkEeVgh6xk/wncVXgmiH8ElxlavuG8CRiYVgfyPZSnghx/oMMwd53FqvIVF2pNlGINZPR82IADRxu1tYavub8sT/UOSJdlrn1Nrxpog5OEF+XkNWPp/zJnFVNNYFX9X/50Ve7g0JtI0bQl9pa6te8sg5DMHJY/n4SY1XHDVk0V2fuH4RcrOGCeYoxlV8MCH4+s7pZznNc7DnAt4wb14rt0H15XmgaJbUyI2FaZtaYm+q+tr/MZspowPdC1s+gCU9TgZ/9OPVeLmCyTRGRaQvm//hx+btivIml4QlMlCFK9mLP2dKKqStkR6Dtu2xuALHLJhNIQqjUN8MxE8L4pjk/yabcW0ZeXw1T5U4E+Pin2tpru8xd2y8RPDK/JTJ12i9XpOXuT1yRhe/jfSK90T112tKDGdPUUp2wx8XhSU04AD5PKK8DpHs4jq6VTddrRdC509ymXSgOlZGBymjrcQKZDFbnAE6RX4ViKVvozzPMQCLxlF8nJQtw8Ey1pZLyOXxx4SWjf/rm9KSdfiue1OCOecK+GhY53qq2RULQZCW7o7CUj5M2qnxapZ6lsmadupWbDejfekNRSSsI+slJP4hDiNL+w4U8hXyu3Fh/rsaM3nABzErWISkvb5iAap3a+BPDFWRmusuMUMVOsB/4VW3BB+XGlTjKaP5y6CdJSbDeRjam9j47d/4XIKvv0u1IanyRl6wIP2e4npWTV3mmQxfQz7HM3V1EfpZNVemSFU/R3F0LdK8yOPuk9fGD2EQnD0ICu3fn7tQtHoiVpSm/eDNKWvINMIvb+v6W1t7A7kburv2yQRClkxi/q055XTK8xPJGHUFQZBdv2pApcgaZEr1UgK9anclJju90qU1pHsVYyaPXg62sTKumtMqPgm8W3/8RY4I8w9qrz7MazFWMuxrjMPJCBUDEo/p/jFzpv30EOUzIS1TZllqAkCilQ9CbaY5yepaHhwgwOaZtUbl30L/9K0bK2jotnK4ZD5QFQI3Jrx/YZBrgkOYrDV13dny+yAh/0k5WT03tIKK5kZyEsjHruByrfCmyxAU2FTU+6IsPbbXnQrnjCNRz1e298Jke8qEcot6+m2q5hL7zzrynOliIWlnWgWj86HBqSiPQ4DLOkYEnriDDEc9NvsjL6zNTWEvbYBOhdLEjAvGy7CKNJ2FULPz5ZiE4x2+SyXpNlQfu1vk461sKgvkliU2zgvcu1j9JYa1HhO10uz4yGzjopEoeftAvUVOGdJzybuJ4aqnSzXWqjtXuJO/7Xm5MsLrl3m2SRYPsjQ5In+sak2uB6qKYFOGE1TNNQWsPCg4Z7lJwWQzOxG0e/GGMCMvPGW7uxl7cXGHnbSssKB5eXsirxNaUy71ZVaKemM2BNv8jdgimYdLy4G1z/DDvl7aEECErYg71xo101tgZJLwnZNFMtzgIYGGi/P8CkMjq039JD8VZ54r5xSEN8Yq/wBK112BZt/2gTit5evFMuWSRpTp7+CWrjChLg7Ndkns4tj+ZITlIpMf71yEl9UzK//GRL7DInc9jJv4KrHmzc175GIwIHaTW6MTkJO2L3es7OdNfu4a6eEHKWwppxuK/yj++d8uUJYOFt0Z00cydafRYoTaGr42U0L5FEoruWQGR+V0H6NaCwJ1hvBYoHnpOfW3bygTiw6mtICUWoNluRG13jiAB09fCwK7sS3uWRhOVRUvgZEvs10tYGOXC3ILNgA/f/jLMQj25eSToUIEfOuajO1E6+YvNfqAJ04DtC3Yu5lykZLdxZAEPBaD2DDHzrzAOlyFsYAPaYZeW7iOJ77Kvp0ouvNgEThNt+n7v5z9mi8SkiP6hrgASXJ9kSnUXRekwrkbLgKGrH5qffrG5ykXBFoQv+QNXj8rmEljVygpoEI3RsWgIzmemTnE+AecZJGzOfV64YvtRBBtwRzmaWIhNMF302xpbb/tXJXi6wMd3da6vdXsuYXWa+3rXEKr3Vf8zIax9lqBiyqCHHEbZpMnto5F+ijESXfMcmU63jvvVjVRsxCZ5Mrv47KlRennE8sVyzw3A3u94wjcQb6zhvaLPlCBkKgbxh8504J9kkur6bA+qKnNRGfiamTHrHYVmRSEbW07m8/W7R8ZgbLLXoHSciM13i9l5PShntVyXLvZ6I87vjgsgHnS/erqw0zvXz6gu0FF3j12sghPoYo3OJsmcZ8NBtUTRmPMugOxtMpv7HsOlgoVMQNSyhM3sd0VzPFpPNVyAfXEjsELnXdyn5zfPNRYZfblJCjIniIWYWxFQzTP7KsiY2HrvhDZN6IHFIDETnkeZEpUqu8pNbR+6VaycYwefLuLkD0SO/8MzpJZpe0lNDTKXBpeDEVvFNNlzqsY7P3+7uGrZYUQV6TPxZEsWvAMZN4NvDqdn5jYt4VKSMMI2hWlh+CHVSZvNyZp5g4y4WjbSfyh3kRQiR3sxN6sgbpNnMKEnnatW3H8mPkSMw7IGxX+OD2fLXw0tQJUfaRZzhAaOT2HPr1WjXhxL/nUSzzoDrI7nn5JLBXHqtfyVzdNZ16LsPRPtF6H1Rae+kDU0xGKp8aFa788mZ5Ga0NrKIYjlb27b+46k9VYqg2Rt+lEmZL4nD87f4Q6JQc0BbHWhgQjnZr5fb/lT8M/ZVGmvB1W09L27q0cBzo31KWQcWivK33kv4YA1e5UsOjCqBORwtqvYaYk/bLwcXGelzvZ1FmqKBQBUQkgdscsYrKlsewxdRslUTeb7bzIE/lqpwzwQ5eUPMcq5yHAK8WvtuHXOXY6TOL43ddMGRhrHITyGvn9/qadA13Wtv9LMKKof1EvTDULhAOYlQxkdBUNoWpIoAM+FdqcirSGDl3TYuBYvunWmdKFk494XFJ26+3Xn2zTbdtOX/YxanJeARfTGCEprmimxbMy6OwTFyssu1vDJ0T50RDxn65PqCn/TYTM+Lbni7lafq+tCcn3CAHJ1IiRiQMmTlBFhd5Avk512cK9++FHy4hM2vi5FIh4diWLw83vkkMnBcw2mMi9piLJ3HmRw8sAvKm+ImpborkBrlsGGSZAo0kw2c/sTqN6Knj9s6YZS2CyA2jUt6Q5mkHCgOEp1ktcagKmF/JXI+TFu9MWJOBBNSbcSEOVP8JbPubNb4FXQuGeofPgaaufO/0iMg0U8+TrYy6nJ4y6K25j/bXrMEXrIeeE4VdGqx1Kz20d/wn8GHDZ2Rq2zAg8byvVKAvSuH0iB58M6RbVtcgLfHlwSYoMNHPuzb68Fg665BA52J5di2XEQeTcjEteHSrQBSIgrwtdS+tzMpoDx+8cbkFD6xj6NNhuFnMcbHNk1bNbItag+LIlhkjplttKlCuEDbz8yl5fulFAXEaQHGdyYMndjeatbVxwMxlynvX1Bh5axLk8b/ywga/VHsvL85f8H2N2TGPSDK6kAHPtTsEcJVT97XMyZoP5L0KwdPdgt1PsOJIQ4o5zUTnBYiH3vyB77EQovZD+DsmkE78Aa/pt1xAuMZ/930OMZDK3qG3pKtJq/UMOyy6z3odqsdVmYnzvOBOf6v77sbMAA/8ovmcaULrNm2uLn4zGmAgVZYHwQm4VclAMYLInU5az8A3emicTjXVPlYfh3Ia1voJCnIHkm/Wnn/hdlDne1KXVPyOeYZqvlsMKizXbJlO2xSNy86U3gQA6tnBi+z8GNpd+jZAE1CjeXfHPSN2aHYIKHPQnHKdVFVOJJhQEvALlwmNGlkWFn3yb3FUr8BTZ7CQ7G6hasFrGG5UDT156IjY9jjbryvHXIADX0Yt1o22SalR4awf+gcZprzrBSxGXsj8Nbk1WKhq0DDXQaoBNeurnUrmU/TAtUFQ5VryRo89PnrKnEsIbS+wGdM2R7bMQc7B0r1aV476DkqJjhQc7pUqIY4MUhs4XGO+Cixr/mUd9GUeSYKsZliFaVxMWV9X2rC1BzSk9T+viUgpAfpAotm9lf/qtSQFJjbj6d67Di6FUst2dHnFyPgUywpxuNFW3Ax1rwxDyGlKtTmteOe5R9n4wdE8GkstDVgqT6wVNWmoJf6lmkwHvZerh0b55TrsTs+/2TSfOGZ31LB32pDUGAjazTlgNimFRq7nYF+jCIyQ9CB0KrxsNvKug6kR+1zAOiqTdPytZoF2EKZ5spX2ss26d132UgVyHi/indMCmJZz7RcOmgNm+vnlGbKmpuzoA8EYwGSsr0zAIkfTfR31aJWAHcZElCzqqGEu4a5tLRFQQHgwbt98t6ro8kTAQ45I30kC/gCkikrOCcwQp/K08XMnt8ofVQldLQ1SbfsLC7TEaGLMHW8UZ3RLSZsOAG5XhzeOSa4TXEk5JebWeOXLROa71Zwuvurr1TNxsq2V6r1rfS+YMrfmFdxUojN3x9yV++Uu6E/mHdbip1cfTrFPBgX40QjSZs53Z0hz5wEq667PDnLgpGQO3tfoOuf541ndkTPWhGTyApT32WN7DK7YxJweuAHkiR1hq/TdxPjMf0n9lE/Vnm6NhkC6H1H2QYy+M54qSxXDC/oQ1eO6o3jN2KASM+/LlNwqf1NlSKr+MpQxg70NaWWsf07waYN4pqfC0hQWRZyfmgESKja+LH6RFq31g+g4y/wGl9mpPzU+SB9P12+GcgHfBgFChyYX7nZw02abrbJFQvriiGqaKI96JAZu0qNALMR1wfnbVj3oxRb+cp/xVuaTNW6M3jmnqkY5rgbfrdhNgc1vkpQ7AkQFGJfFczQxMm5r9hobC4KdnXE5zT6YCUUeUo76k+7Ww/fkprPkwrF87cDSq+6pRSFYUdLc29TfVNN0Houd9Zoh2Rk7hK2A+RjR9yqFBwHTDAIObhxR750NNQIP00IuY7GyRUG13yL5wOVWtbtNbNRIEaSSghVwvODWOd3xDUcwV+pjDlZ7ovd/bXZ0KtWw87aOt3eDxjgOybiXCj4koZoQojoMXU4CpKSj45P5nkskdDwIOCiH48LTKrJDGIWeNjz2PhrJdKFZBp6RNZd8bofihwfBjFbb8sLk+lkXaxcc//D5RXhzr+P2OHBkKIY9g24YlxO+JLbzKx0lP5KXPpZzCQhzniJi+8Qb/aeCXyHr/9FaI9NCMcaCbKJkjQMHgtNXskbQN9P40+CbsdyGVijm5XpsfNSZj3lduIEL+lFCXz8r/Tp/1ZuMWMkToC1Iil1sBzlCmvu8AkSKS6M3/3RzgUJJ1mZ8IHFOjWVPJg9bgMkRe/mT3jKuuJFc9CQf9Amv1LKwlol4u7aHdRzm9xFkQdlqXKVppImI1cqLhRqpd0VXtGQ3jRgh+Bu/v2QZ084Acc721SQ7sd1ry7RKSum5PhPEDZMH1fn6vdzMrk6uTYExTt7l1S+3d68twSRv7HjZEjHC/imgnQ8wetHqknTtlXMyBM7Ejg725XLj+tfoilyazGD45M4BUohsKvrRr4+Vy5IOCjSw580NlTnmF4yeAzW2KlZj7sjsVW4YtsBZQPo+/xVJM96J3T/tpc6C74EWn2iGtUpwaPoFKaIapKm0MBkQ3EuJsDiFvIOEbXyWc76fsnICQ9WCh4CiPtlBv7u6q1KA3Ot5jY2o7povV5tyFUxPVjXITvKY6/6jhaAW28WrpPQMn/VoYp8rgCENlCyqk9RKZ5viwfJrwCssU3gFGcI5s8DJ1sCTttEjUZzYTv3onhDzj0pkp0AZVKPOelNgjuqoWgtYptNgs4X0Gfm6t1lstfE78dD9ldRNai/QAwwpkFGZNT9aUPQi/Puw+iqb4s01MQdJs4lFhmdE4HXQhd1NvQKL30vHwhE+2H3hTLfccmhm+d7OYpDIbTscDrKqpHcpu1L7jUauRgrLJUSp0soUc0Vq/j+93fOO/X1ZwtvqMo0S0dg3H8xMV/ART2ZziSksK++afy+RTCd/wQL2OmMmz7xKGXHmKN0Uk4Te1IvQEnGbxNIggxTcn4lA5+TFBwk73rKe9gK9BxePSNgAfA1wzlhdJq1P48XGlpeSCPdEuCDHu9m+NHvehIoDmsE6yJLaLvwxyT+PXGaRO207VrKcEw1n4joPMvnltujI2P8hNnonPVKnlfjolYHWOcHF7/sP3BlaOA3iY7+Sr06IGaCuTPhzPq0a95iUeg1cWGx9pjm30/pjMTU4lN8iamwaifBfZqbJ8Xo1Y9U17f/xsRzTLgv2r3Ixngvg7UCD9F6zKOfp9DrArviFA7HUJtIZ+9JfvGeMQ26qsGXvdpIw5ZAIfSilypYcikW6XMoQsBcn3yYPkltS6sKqY7APFBFUv9Nki9MJTa4nLYMoGH+jpxKkG3/nmY5I09dB1W8rzJLnwh7DWa+kjvkGaf0T0UpLRfhT0Oz3GINDfMsqMrqJA3Zy6KyfrRUkp1CuDPaeFTdrTe4BH6i3THKk2YIvtvvdKwnD3zrlfVWOXcJ9uHyjtnpY0mTTuQF4A3YkhHt7ctO6IDhLQefupnyvt9DitWgsu1ElErTmGPjrnQNPRHiv2IsAFyaSSg1aBTfD7XnJ3V9RlISTZF4eWxym2M/PrK6iXgiVLK0BiNwBBZXK4kfuloTJ/6YdtU7/kpMfqzWKlmLnEUI0nZ9CJ9Kqvp8E7uMssCmHXv9yAhhaBnU58QAIbodzKIaWqMbgBVUdeQbI+NA3DURUeHkT/lADDJzn3f5t1VoA+bj2AijPgQQHt7AR63nRdbpegd3ViaJE9DvmEReai0vmOf4Gxd1Fw20F71MF97zJV9x/6WtBRcgedSvoXCCXELWayW4ww33QsxFThNGFS0FIVO2XT1yuVA34gbHeIVWAZJP5OmNdthxVMMSIUGysLXQt40Fu0Xh9mFaMP3mkpNvnpDBeavWEMKHRZW0PqDZChYZzZ80tK71PrXKDivpqdJyPo1KsQcHwa/MNEavH8a9hf3ZgRN9/HYs8kbIynZ7oe+XeisSZD12nDmZOY3h7hXUxUOQ6inJGc2hBu/HxSkDF2SJWTB2y3O4OKl51Wgt7WVEKmSK+A8ObKqjlZUGmoaVGkSn3riwQ75YwSzLQo24jpZjz3DYOgGjFwRNWFwx7mpd5vxoK4PLQnmppUJ1tjfM9kWmSbFpFjL/3wjFhMxm6XDguuDACYABsACpJRXZsdHeMsM3nULP03jPKRUWcXvMEDocSP+zZcThjOEE3zrgKuBCX3aoqpxpa8UKOq+vOKntBtV0F6fIc3OIFOxsWKDrjlALwTA4nDLvOD0GJDUxnJAEx+lq0kzgE9i1nS/nKoFBhLZG32ohTQg0NTRypkohRgmUrPsx1eY54vcOZCGMPKvCFiuYE/uRUe2/lCuCTWRotajSEFXkLmzX5mCKXulQEcwGuWKksaateXA6LQS2HlRwqiOg8eTd5f9GSd00NI6GBtIu4jJJFQIVGX6o2zMghFsLtqZfV2quyI7GRlMH5qpq7BueYh1KMYZRDChvK6MvpjB1NMRaV4yVsNoQAdjwT9dNzrF/KAT+0qQ7TdP0O6RKQduqLOQitKzLyhwZxLZAY8Fo9HUzpH2jK6WxDzjXTnItHpSDKZ6wPNooQsCVi47Aq/hilzlg+BWU2gMTIYYdvSiQ0j8N1HLSHLU7Yc29fYXv0X5rs1lToazTyroAbb9wH67vP2bVQ8i7sRiWeMIx3kw//1UuNq5qW/xn0x9VMad2FAvRsfqM5gD77bBYNHQMCk4+p1+RQSmqZgTGAz+fBRGyLNNAz1JBZzoDGQ2xdEsxKb2yGLtZVdvANFDajyI7n9R1C5dtxg3sl643gL5nReIH/1JwydxYBROfef7HDURgNvbAaFosscvF4VRM05wIlL9WU7LTIXw/G398q3RsYN4HpVe9ACOdZWtK5f2AwwG1ssnaJ9VQ8f0nFKBDfISoiHTWbxrODJR4FolpYqpH0xeZqGuVc1hhsb9piDV5iUD7VaWV9O+VBmEnKZqxo/qnJ2q2JDf5Hbw60yC/OQurqagvujoxCxlYLF2SZfS6Hy3ULxgTKHKVKA4vtJIhQcLUpNLTGYKpWmZcwrSrKmCGmzgVFw4raj+eI02OhFzMUaR5fgE/LJAs0KF0WhGbC1rT7qGSM87zS/U6Ky7JO75tS+8q8vX4iSZZKlfhv2A+wmRSC/dDM2yHGP4GaE7HMVtIj+JzU/oBU/KfAgZ/c7R0lM5XkKdvHv+iiV+EXoLhcKSQOfyjmUS2eslkMbXqrf+zPL1QZjZBbcFM+1JrQbwIxB9e/6DfZBYLOCZtk/Gcf0YnFPY9Jt/8POrV2Ef4jCs8Eu/ayWc3mFLE5t3OKudB3sgZ5pFRCDAd1L6KSJLVgnb4nRhTipTmla2C8YU9/VM6erOjgbKW8pRJ+1Z/vt8RIw5btbnNs0MPa1lHYbvyEpaWq4XNpK/03ys/qrA85UC1ZiTx0L/S22vRgvQePNQsP3WGVXzW9DUrwtdWS/hqJTPaZd+Q1AnYZ9+fRjQPr2rGhRu2TW2eYNmzvmiTwu2fZqjO+U9m578W/hKjegU0qB/kJoQsVUevsofqeFZ5+4mniDMsV+sBZI4MkcSPmSkeSIVmme5JBM5XCf/q4UpIEv6X8kkV1+9+KhS1HbWGj+iBg6AO0sprvIAhsJX1GInpkOKPgWQHOrNBVcoY/irYYo1xJVBdDuxusmXbsGTboW15UYl8Rg9AHr6H/Zd85VsIQ5x3hWopmVzUY4jwDdXemTyyrpN9Y3+4hHQ7Kjd4A7jYqE0z1Tfo2pzJwUI+grIKMPBWKRn9DmVl2zm9R2gH81uWeOePaov3PCdthltdridHKt7JN5+g6G8gA0g8BBgmTPrk37D/MZ2FdE9vHs69CBlIiRV6eft5utSsp8L8NG9ZGCdGOqr8SLbFIejVN8geqy9/AKmTnq9whAK7LZTb6BqG9To3bfN3M6SPi5rbqa+JeQ2tkfOvmm9Xc5yLj2/mJ+aJua3l66fe0aoPcLlNAD1YPy1XoWWIMC0m7PflL+0y6uP4PYbogdwF8b5m1ocjbHfFFPjp3DwtBaZ13P/8q76tSeArTUJbnF0nCbiC3PvOVTBs2s2HV1+a5eSSkTad5kIEL0L4W2+ZPXmaDzwBRwXqJeCTDXVwbOdFjVSLqI5rEX7ztg9zR9y7yyaSLBhk1pB/nqmP8rgRMyENh65njna+x2KStr7Nhzh3I76GZWGPqEU2sMxoT2Xj8IVPFI8l8fuZFCGhL1cEAi70boybaksS/wDjIO/5hoHH/hrdPaq1T5N5OiDf/UeQ8WmzsQkJCpai+TNCO7IKKY8ufk6T+qf/K6nnnObz6JTHf/mNsMheSqva/DxGPZpYoh+cek58WDwWAXazG99Y4Sjoh41eFZILyTir0Y7NyLtSIAPniTvtnekYqx67t/qLF6xvvro34feHm+kd0RKxsYsmI+f3gl8BcnrCNJwd72wekKrj6/Q7Xf1BV5Qns3QT/du4d0IKIzY2/o/l/WXxjsB4OwdPrW+aALjVZwJsiFWHZKWGT7CpcfBoTfUG2Jbqc/tH+3OesuwuUkmj4lTL57wK9lkir55OFT3Z9+YaSbkddIEUAtjFoHtsBSik2PpfbUmttjyRE+L6iqjPjHBYSQ0FOrxpA2OHmPV8k4E0KHliRFHqk+UFRSAdG1QHxxMi5khm5yIBxhOkfBZJo8AJQfDOH+VMX9W76OXpaTPzcL1cCJ70nyCss3GCnSRhSp1MgMaEdxYyYAeougcK5V7SpZSQOc9r/tA0fk2rswd7FXzh5pj3IMNyz9UxoOzFqRBq8J/bcQe5DXZL2OC4A6wzxs/iie2OUkDh0EM/bt4Aot7a1HeQgQqD8RZSzwShSKnbUWe1znRbtPNLuUCgOp5yCOGzTJiHQFqgEmhTuyAf1kuEchZyOvdwrOBiXOnFl/WJ0+2skdvgNp66RCR6n1Go06J+wDpeql64idsVOqrW+mGErV03wqguENIyoIoNIsW4hYlSBeDsSYLkbBP4j6bJsbfbFhJxBeFYv34SlLWq9+SsdgfxNEUMgmxluGN7et+ZjeA8/XZX1PGU4bb45O/+GYGKXqn0GaDiAWP1VTuHCizTiUHTh6Q6xiVFyh4I5+wVNDXQ9aio+PoC3YY0GHN5BSYN40Vs7GDBEvrf8808CbO9xBQktQAx5NNmTxGzK/1O0Ge374hlKKcZEBUHu/4upxR/6L5771QGVmOAtFFZmif9+5DwgacacHRKExSIv1FRumwCk8aid0w4yXi4JCTXT/pzqxCtjkSAFvx4hfdMcvbioXTaBUMzMCZfGTcGRJvQX+rtzQhIrbJ9W9eRBGFawKws4WGBLJpWFv4JSjC71XMXrQe353dtoG3/o5cwtwdC9raOE19MmYiKWRONJkZ6hMKe56frNVSAEHJnvaSsf9gsf74t/EDVP4KnYZyXBCPSEPKpqFD4d/K9GBByKA2GEGBupnnFhw40zCuGBw0y5i8jADIilZwXfZ4YXZ78X8I6nvha3GHhAoVGDjbPZsPjxwL0bkQ+Cds1g9jeJRO3zNc3mSQcwSoXvvsksO41cJ6u17OWhAZlsSptl0QQWe0wTLwtlcdwssu+I3pHQexRz/mUmvhLA32yn5/c7nUVD8TfYwYhmc5OtJcBXE17BlWZMVqVxX6UOJlrZuPL+CI/YPrLvE4Y8nm1d3KxAA029NJksk3TcM8ilRiAkZk7o3S3bU7dN88JzUJD8SCMoZu2ytPKfE64FkGZwbpv4dL5r+fyvHZ7FdYkfDPkHqHKPaZK+R+Gu2d8S5uJvxP8GLFrpXF1JEF6NHhFi2xb+gS7xkN41D2JcoK6/1VEJGsBYFD2Vjt9Qqr163h8Cg532sMfLSBaRWIs0JBysDr6FKtwzqDIPM9nmef9DY8NELJCclT13OQ7RPCiAYonELZ11Guwofn79l3VbonrP/h8zpj7RZ+gLMuwPBRXUhkrzJYecx7/xM2YnphzEfNkokHwDYfPM7/4McS1p+ebVuZy4snhypcqHMjmmh8JgwT0PELr39NkHVCacX1FBFxVltJw2whw0E5ZcsEFo5lSfZO8lPPhInf8KE4Pm2zy+AtFbCZmuxQcd4iR0mokn01DRr+4Ui5mImICUHV6brHnrtK/PXKxhY/9Bmrgf42a5JkT+iA1qw/70P551VDW96/bwCToKxImJ4zb4nL1MbduFh+SERdQhUElRhXj+fCJecYDRMLjRDSo5JFnw7WkeEPU9iICUR9prG1GavVLhh+LKdbTHpPuTboV5gTJsdfYoMUDykEsLShbXW7WEFRbOaJl3DTRg3w2D768w1WnkcuhQBH0pa8ptLFC9/VRnTuMom7ii1fe0jtOcQmfkMWirSHIwdILLgMuK67yhtoG6FJdYHu1rait30nJfBZT52TeVbmseVdCbC22jdrVq+UuEBVrbtv2pXnQUWXcQeZCe/NpcN6yrkgG2MnJl9wfdkPOw0GsXfQOMMhkQ3Y//sKYAsoPgM65O4TBf1ZoNP0TNaSSCQGzanXP9T0SfSzxk2RulrdlMLI++7tqb5F/rkeMPE9SG9ugX9poGaHJQWMnzCtMS0PJJ+mOV2p0HXnRi9Z7k94L/M1rbyF8o41Nx7R42ZjrrvnSoeVOHfCi5mhw1gCl3sY6lAeJN63T+WHb0UWqnLEPQWlk2h6a6/S6D5+V/Il5bghXT736DvGy9jjVIYUFmrLSAmgeqxtudASh/kAoizifSRewum+yMvhhMP5AdSrhV1xsRQLg8G7Rm2AvrwL0yUKem/fqLws7EMcBMDxicGKzy0/4Saz6l05lXUxk5uqtZcasnqeTFTTPknoxriTxSZHOkxy+yHNoa1yCK5Sq9DZ/kD/uunXxVdYEDBgJCRk6TFB/MXRZ932snIJ2hW+gcWNHYVUstK/jQYmQTV6v/695dMID9xKr2+wPyIr5e/0b0GO6jGk8wgKIeVZLivJA148JgW8FXCHJ9Xz3tuuXrvESPHT3rBy5qqYzxxMjRcWU/M3mDJPGhyBVOQRClUEgvsQuniQwP912/KXdrUVEI8mc7bqL27TjWOSgEP8eewhueW1m5G8sNXty/HwvvLrLmYV59qvMNSgS9gqXoyDewtQ8iPoQ2W//Kzfo6UN4GnWKjBIl87kmJj69S+xTXfs9VKTvGQ5rFgx3F3yuDTqd8SOjWNP926hNdUq6WBdRCdhVHo6vR4Ct7lUw1vau+zi7LBCJFRsdJLLKIkwlxPEt4X6LsP7sqxSTts54Ehi+ki8WG4jim2oBuJNP3U0zxsyGTY1CKjpKkX9lPhSS+LZXR1NZN2Io7qxRe5sHMsZH3nR5GTHMLtHk3YXNjkbjW71xLJQXqTPKwq6SQ58OEMG2xUhF7shUE0FPC3oFtuwtEH/NlwuE6kdLcOO37aH7JyNDTIxGr23dSjG/xL6KSwM2y1vsUVvlTu7/CeTSPBIKaht+B2M9B6r7QTZjd3u9AvunfsoKIsdhfelnLdL/mp1H+pEDEEeJcN1TtWtU1370ai4YHx0ZWnULTYlSoFSWstP/claBuqSJUUe/z87QjZA/1ir6W7SyhB/apGif/ueFRjEWtpNy3XOcRxjndTndNC6dHVyEWlaR7YgHLOSIVboJAEMGYKtN4glSSTa/hhDWv9Xto0F9Y7wON7JetNIZWjVjlN1NnDwu/S63iykZVz2CGzxw8e+Jh/TRLaVXvS7BIOdn+uowWvMWot+IlgfhpwpVKz76/BKE4msCXjh2mDXIwxRzXz0UEJsZP9Cr141qaj51AKmxOvZfyyA+snPdWky9wtcKMjQbfIQ2Louhal4EazJr55RtApmcz1yY43EKIePY/7PwA5tyHcbJPMc0YZhWG7wLx8XzOq1tQOFnW/fx5zbEeaUBLUkjSkoHLgJan/8IjfxW/rjA6voKeySuOemlB42gVawBCzwW50ezvinxQlvlkW+ZVdrzCqx0LX+tlFapGsBS1Gkg+vIp98v1ajE36ZMZF9rQESJAkULGUweV4BqWVwtseff/G462Tpxgncf9oiJQZSySw/Pd8/53ap5ZzB6JiGEvzrUuBia4JrGE7UftMU41sOjzea+D47KBnHyuW+fWRg76qU/PRPb4i6+h1fPaxEA+Tp3Muu331XSulAF3YGeryatv0mDPsEVaD39sPLzTvMpTGq/AjTEA0sNnx7/J8GTyJj61Wta4PkgPdck5IrSe8AUV94/k3o/3fYC0FezuCSUrrv2Hr/A0cBKfqJ2A0BDTNeiEFr2+h7r3o8ZicdyGAy+9GTLCsOvMLbrHZap4FLUj/y5sAohEw9n1IQbLwRjDxkyrA4osahxO0eppMJCLwtKrimKnfTv70lpJ9HmjePgReo87GNLMy1XZAUkBc656h+zOsnfsw9GBuGl5KtkyezrquYUX+SM9vusxcYB6P8TiWX86KS3uhhX+oVDdr2FA+kXZ3qOl5df/wo/tEZtZiSlKVjR4a85THon/K9E+BsFROGsjhKOv4FP1yAXjfRLKXcsrStgjIMQxFpKiLMLdF43p7wVzVFPCiosPDZtpZ7dSm1+YZsiHkqh7jxVAI+HZlpeyC4ZznTjntGVlrPNHwP9lP927+8RwSi+p5ys1n+f3S5FcTxvV+7z/gxdb4WQldij7/nHAsT0hcbmPIqVCxjPyhDC5DgaUgiQotLifUtxDP3n9NHoXk+2m7O2feTpGvK3JJnMIvI0LeM6IIqRijQuNrebhO2i1zvwrfw79qAePL/rPACgCLTOf49Eq0iYC4yOAm1pb+Hgt+brdO6KJ9x486zhJqbopFlC5qIAeyQ5BKyTBL2KM1WwjmbfRWTGRKEdQtJRzTrMMJu2LiSeMt4vk9tuw6ZF8WWY1n1m3usPYe/Serq/1Cv0ac70gxTiOHh4QOXnWsdO5F1KEWNIISQjwAMfMupKKkq9O1YyNveptDDBSlLQ5jsNnFhH8MlbJkLh32z1wN3TQkCHGaYuZbBFEV+rlsK7RI3fy0jiHZrp0jlupEI7f5twzlN3mARY76eCgHmvQxe0z0jpp7SfDt7VFLhGLYzvmi7kQhfWHDeU3n2l3IOwrQo4shNsmPg0K1crJ61Utqa5xOVu6bzZPQYVzUeGXIDLVxer6IR4EIb6KB0TZbASEyvBcz7Zyxt3NP8Q+4hd4z4rKpUqVJJ9KAuvg03TalsHrCzvRJs4SwwOckA25I4uTcE8uzoBJDjCgsvCRy2PAablpdFbBd4jX6u/DJnMhLxJidVn2wC16koJgd68Vg2sq23gpHGMEXIbUYZZB1X6LwV0y/g5B/cDIF1taI32tdcjjkjdKOo4qpjjBra3P3Imv9AX1OIqLRWtWxubSlx/83UTlTDO/c+KcBWbIV9Jec4suDyAf6oT5NoYw/vRypYKI6dPh9RYmSps3Quq1ROkfA50XjgYO6ZXXRggGm9KTvYAT0W+d28hcEnsu98ytWn2XvhFAY5yhFUMyWpqJ+DxJmL86KKIqGy4LtIhyC5SMwjQSNSJg1pYgMNl+zScphB0+YyoxFgEeQqxKGHtKDa6ivnOrsnhLCSNqt5K+khabKvxScF34kyhcOIHuhS11KbFAIYPFuQZSeloFGRZSJt/IkCdLm2jCGZzoHqDefHvgnkSQWwt7uZyGRKl45AHoXZ7CxRoUqhmUIoQeCzG+/qAt3EFW0LHNKsPRZ73epO/0VIh/t+mcrYyoLqoS1/yhJSTs5MQrZXeQO7rVLF3v9jp/sBaZJEO0S7u4Rq/yJIh2pM1EHFOXKwWCZgzrj4kgN8QnV/ENYDLFiuPEBnylH92cS5dD2GzavuOrQvbaBOYpuN0jxS8kMDisl7XHKKussmIS5JtqcYhvTL2CTxjmsc0lQKjMD7Wms2oyItp4o4+nZ92A3w9mVzOMgX8+1Vhz/LbdCepDZngDSo905iEuHf1ySoip04eOJ3Pl1hJFF2K1IRTYS1rF+3H41PKG+64fIQ10ltUkMf9dIiZ2qnZ0/6ZX3yO9Kbt9zq+MG6fUx8yhOxEM58EL8NLrY4INNYPEsYJR4jkd3O2ugOAMUX4WxkvO/kahIWGkWoF5YNzfpY2DabSb8lGAMWbkDrLq9aNJ+ipCxH4sidIw7Vac5//f1ls64cYEtdFw4j5QAVDj/eFkw3rtr0AspJmYS6KlZ76mv5qC4ct3rPJLhlRsZkakiVZXwOOz8vwCILrNraULlMCHTIzG0QwJFCYlYsxVmY3dkUO6S2p82g0RSI0KvFIswFnUFdDWh0wJcWKZHyYlWw9noKvcRYIQT08ss+z6zA95AVmjwlPwPRana6Gdl56kFu1P/obvH5+jz37qeytXPvxllnB9YfYOScEu1mgPL2pnGqmFw3ze01BgxlnhsU8J9Tg/HANXBO7QMIgKovdJUIv+cyQ2OKD7oQSMRnA2aR1h6wtCPnbHFPJ8saAfpLWlWH5VlseHJMk8rseFSQ/o8Se9wW5LJaI6IJKHy81GLtVoQ0jr2LnV7izY8Ppl+zXdY81by31Fuzrnnxp8kiFo1mF5ZexGILt8XavVBdne+NX5seWHOYNXWalH9/c8jhZCH+B/qRyjTzlaTMl7hOLMCmcbt3RK6Cuv7SN+H1KVqnMhrrZnVkkFNmyEKH1Hy0rVGnigrDbLpG7Rg5VHFpGxT/hn9Go1BDy855aAqNVc8FwuZUWUnGBGfkhhqjTrNzci4Wc662UfJHWUPna22GbW0RdpghHpfmRfy6ZJdR50aFINp4X1NqixoAxR48vWciH00AgX4U1imkkNp9H66e10iESU+4Dvz/QjFYcOGjAr+230lKtSSNces7m/lBxSuHVcgkf2Vck6FMv8nGyxdUktqtcjXFtd8t6+m6YXHDJuS1wAjiywb+qWPPUZrWBTPTPxuaQDyt58WuXx6/l6xIlFO3QOaP2SVr00p4JJvNeod5EmV6++l3rVIj/pmCUJgZgpv9e9uvYHhDn/yVwc0ot3HCFhc5TR47S+i3Xxd3Y1i1iOmfz68og8DYFpl4l/d7jQQUEdZzh6U+UXla584DWVH6vy4yc2EoQumsdsGAnJ11VdKvPMH7Q/+0ABpjsFoO0hNEbI/GFuBlY2gn7bgo+92cLwnO5Qh+8Dj463oDGZe7G4heCNETSwbYjBWo0iPbbsN8GajvZbigllLrMpGHfVZQbEriIQO+ibAMhU1VNQLW3R3DocJGYqEsjWOjsuroEpJrYLx7iU0OGptk4+bU4m9/9KZF6qwWVEhHt1XSh4tgH68Wr7lnVBGz5q2pi8XJrtXgBEq+Mg+VYZEc6f4+3p+lEaxe7s1H1iUMkwS2IBpcrIEKpCfymU2D2WZnAooIO4qjSHBiYOh3+VsZJcvZTJrAW1WYcs3VJHK2CedNIlMV3jrt/HvaY68ACiahQER109woRCYdzSDpfYluIDpxs0YmRdz2rPfN5oLcG1FLczYUTU/WPcFX2emRGTcq5GIX5GbCsBYk9RpagIOYw8a7o6dV1/uH0978l9170RkMj0Hqk1UM3czc7cp13IwBuhJ+xckwiKm1vk4m7ypnZo47pi/DK+uEnfTgnQX9rXmQ2d+hQM9UOfPMk7FbCtio89Wgjh685qGIkE3x5U3Wwv/2fnRE3g2Fs5FBKgwKuVOwZKWRjYRhoT3nHBzXHB+kTj0fD1heA9aYVfgISGsfqN/ed/sBzOz9dxEUwRxs0FRL1tmuUCYXP22P2BlDTnAGkWk9QhOMBvXa+KU2tvMVUf0006iXkj7b6PuAEU+EyY092Vx0/J+bMjVbYE8ECQPxWZyP9I+RQag/5HyAUOgM9aelUCeUdd0UoUYz8WLT9cU6MAAZH9XxOjTWN2Whv/2DjSuXk2MvDJR2CKuoXEON7RpgZ2XIru0HmrmoKvgt2WAySuCh9Fpc9aHbqj81X473p1W7aPMprZdKcRWSssEUkE/FDGVaYAtvJ+II6UWTOXjevF47VJrBpxKfWw9U1Vskzo3FpOTfCaJ+I+Yuge4eCdPlR+TteWEsChoMaDtZxzyv5PENLG0C1hLQaD2C0gD9h8yPN5oj5hBZjDi+aHXJnbBx+Qx6yMMVK5PpywGrUjyJMMnVjpGcxFkkzc35W9hGG8Esyq0K4b0vHTAnFCYGbDQAiKoP3nNHvzT/foZzGDQ7zjOCUY7tRxb5T2nDryeOGqeOrFF8sDxL/ZaTjnuQKLLLp0rnyiefqJ95DheH/a3yP/Gpwc7phADrFx9PoZNXxbv1fpXD2cCKsxCTSbkj53Xim5d9Jk1O49dKMwbYVIooQpn9rpLnyU5HOq5CFEkNgXSmX4ziizuX346MaGSU/elBMmlIW0roaZptNNMZk+NFEbkiRpvvFfPAsPq7X35qACO6Hf6/Zedd3bzsNKM7czhBTxDN+NWMfIvE6nyFZxLJA+SMgsFmNrhVshvssKcf7I5DJDUAhFjka5BYLlft+CmfaA+SheuAjmPO04v6SepfZWk2qtIUWgbOdGwl9XvW+uaT763ObHd3bIOFS3DP6siJ40gzM0XS7M5cgqvT0Gj/K8ZrN4+cyuSern5wC5DsCK1uX+Q50f3fW9XTpoQieEilo8u2dLanPI0zZrOSsI4b0SPc3HWl5CUGtlp/BkT9LWuHzArVQqyAxfxIdDe6RzGNLvKeIffjCbypBJltCKwzo4kN+v2PBicxRk+u/5ZlPRcqAHNOAI1zzfcpk9KkBt//Oy5i/oBUsekXJg0SJfoDiWBzjDIlocEfE5s+UMNh9ieRw6nFJesFoakV6geF08DTFyCRbriZ828OQ05zQ/Jn2ZX6mfKvYds25NWcNaLWTeuuujwTZzN25jHFUIgubJsUQFhEeIEYiQyoPSjRM0KWYXERDd7/vST4vqvZ5pfp0N94WEB7u4E0mh/Ovb2pk5/lOSerc4lboXXA6ompIQgYnG7DMO2XmRDnWukXrsqUNTyT+a7I6Q5W4/MizJmQKs04D+FFsGXtQksUZ8AnORj+RaAO5O+3VP+Mip6bd7WDxVkOxgwVfSpHJW0KIIjd3FSIw7jpRYe2ksk0YJDFI2eAAtMhC8igPuNI4krTuE1rro0HfthTYtD8c1rfYxUXdM3PEZDvIgovXySq54RGdfojEVxyKwL4NGshwWjFh44Fa12FG3r9hBEl+xtiUrc6AEtv2MuSHTpXTCKuz5Q9leT1PHAZWPkYiLnuky177OZNSAvyqIy5XZXKAPcvILsyS4D1FoqqZGMxRwoR8HlsPztfUT7kCvEYKfWZNKXgdD+js1MFcr9hXWUVtd3ZIIHzn2ZsyaEAykHK3QtCHsD2XYL+d/XzAy47BhqeNYRuk0EVI/JOLHkmAUsgg+bgckXe6ACZteOEo2QnLsO/WUYrzSOtVxEKwy4yWsTNKRNhOXfYSsJfbJ9efD+hiKJqwThw95TZK+o0fSSSsponSy+cgVeVbh5m/+M2WGQkBzDN8zHRU1ta4q8EjFM5CfebUlDvmMVg5s77SG6mG5Ub5x/OZKdwHgYHzbH167YeKcl+EkLBihXX9Hlap17OupGM9LWfwDi/E867M4akmR9TXMB21RegLoR/y3S+5twG7V5JfBKWpOLSEfkua2Xycg7KRbM7h/rBXgOcmrCtKLE1pVJT6XJzdYk0Tw3/+0Wt1k4O7M2bsanUQWdYQq5GIrrWaEI+lYwmW7rFaYV0bhcM2/L+XmXoxOUg9Th5SwUGZYSn1Yc7gNNBHsHXgjtW+Fm0KVtqu6ildp0JQAnMnvYNFg4WSj3+Ct6otos3vRksZY7VZabu5SL5LH93GvbwmhIHgbymEIF6/6xSIbbEO2AoqVdOKhnif4ZhfKb/QGLwsnlb/6BKpR6pkLn2R9NAx82W87cJmWBye9sems5+F1zo/2lwV+hT3CZWgV6Pmgtr+qHPccpdsO55mmaUgd10shCqEi8ruvrIf6T1ZE6OZdCVA4K5age5CiGEyZun2MfmPXchXO9gNkkdbPzVkkQPBYp+PcQHcJ/22FFsrogLtJHV5qo88IYyMvbkhymmslmKaj8DPCyr6exkJ8b4OxR+NNtwsqPgAnvpvyAZjCYHjFOO4pEsc/wXINeD4X4G4IdKye0aH0zyU4ycyXo2EMvn3SuExY/kgq3+9qBXJUqJFiWaHGV162Te51N26+wSikIKJuNwxuRQ2DOH2AHqkGwHTjEsHcFKn4Lltt9c4Ecr7ky+43l+eY30wW0bfAFtc65upm6xA9MUwJ8rnOiqB4Wlc/p1EBilU2XdLtQ8RCn3XssVsniMr58JEmwdQ8WWf/+KWq1rXJvecvjv+7WjTlo5wd9LiEbZzr9XnsLpfGaKDuOImPei/qN3bOoh0vf9BgE+Ul3hQGDGcTPqMwngXyDbCEnEZUuzcZurh5sMFPuq6liPbop7sYTvVeRlxjXJZm/uy0JKZGFQUabJFuA22MDmt54eb5aq2jpDaHNT8zyE8RUx2FW5ihP7DGQUpod5fub/NVunivD5uf0XCxvK/Xpu7hNv1Gqo96Q7lMzgNPUMFV8nc+W5SYtbzgMYdyVi/m6K8uGaakyaHYQKfW2zwkHWHcQ38QuDGp6c+N0jPwkivMYZdxX0N17FEPaOYsHPTQK+idZjSUTnv0aZ8eNKTvPcUBBWwwvKbEb3CfHhnb17frLAcwOB+sWpsCAM60vKFUnp4pxDlSnNelKkbIRl7sqUyG7p5t106YdkaCvmoysc8UknOe2SQLZHRSRXRBZotDyuTqu+QKEGN8ENSMcfu9deQMB+eY+1v/r/9nJlkEp+BUpQ4sx/FEUHP97dV8w20I2VENv3z8TnT/t1TyDzrywVHzub8DtUdh8b6eBfBEsjuR9oXgqvrCnaSqMpyIBU57trUNDesKHmEBYQZTfmbjcmqP9snFgG6g9Nr264Wtx0fvHtUTsxDh8+6eLUPZT0dUqlnd9v7ITmUoKwbur/glUH7LLgDSjeSwItAcenTbX0W2YpXpj6REyuwVQK7e9tQU1UF8/Fb5/EwrDlGzGdBuPpgKwJiTH+dnP/EbjHvB0rOsDzgpbFz2nzfMlLKciQjPmxiabmwtiYp2yx+Q1MHZTo+usTvocLgxvY8NKUjJOu4PRQM6004z7eUM6OT+iFskeLQ/Bh2fJ0FbjkTvn/HnjJZkSTz2w/4aqOfUhimFJA/Nzc0pff5LqLFD2YEu37NMdvYWIveFoA1vZxR5wXbHbQQ+tCJXGjyldJGdsT+PWdu6pHYZiZymbUfPZAO39RyNQaH7mjyZVTwiuFK1T40mlV4v4OrWv0ggzQ3mgk9eUZ1uK+QYr85AMPr0cdyOt53JhKrWdcHRrfIsv7MNuSk4Xslx4Vx8tW8U8Plf+h9e9hw2Qd7BKZbiWmFpOTagH7fxfLuZZ06VHjC1q58z2Gg090hAWbgOmqneCr6UBb6k2x9m/5GOteYBMTWTQYaHFkXJMqKJvvKv2Pn8mdTc8RCaEsI2mmIXpkoAEjs49UiL4JBrM4RvhB43MAIKgsNWxtlp9gZmFAXORb2OD6o8VhGKSwSScT3YWI2q6LmcN3X85pIBsZ3VomGpr9lDLuhfl23UCPZZNosj1SiB5u2e46F/UQVcFguwPxAeB/Gbjhvl+tEVfpeJtNNm1GZLybV0RDZF07/wc87w+aF2j/jGzVpVWQcOz/TO9XMgdtlPZp8pyoQKrCofZskPQfh1x5sfbJM/jnLngsy1fD1lAZxQ1AZgpasp7lx3lXW4TpWMNW9k78aIhUCt1AGeKMb5uDXdHTdnFs0qYIJb3pPq5Zhgk0mEcex7wKWqPLEjktYHpiOvME8mX18euXuYCqggoghKlbKU15sxf1quRED/7z24gviCRNSkAyKNFZxYmd56WsRJv2MIz46CWMlBLCceF2cGDaMHoxn2QsJ+cuX/g6f420vXB5Pc3Ua92MjeaAtnb/hEh4Scehrd3bXq8rADQDG5VrY/HzsnEnP92RHUvK2rTM/uftVio3ZRnMc0ZFrr0haldAW6/+tbnUO5oltrUDT0BXugAVjv5hDxwhLUU9ptHuOz9pLJkMz3hmbNjyeqvFUMA4377Jv2CF2K0pba1O75Q9qs5e6YroftiCEd1mL80fo6eWNOVmTtEzofp0MlZEPbXKG2i+MQRrJIPOHp5olYVT59XQC77rK+TrUIp5OTV4AlwiWYk3lMr69Dvz5aitADi3fs35HeSb14qRVQstAAnQRYtHneWGwNcMw39xI0psVdW7RpZw7ahaq7Ttd3eCwx1QyPDX5y1rG1PYhQPLevBCE1OJHCCi7oukldpirQEb901xfWb1DzxooanVm2o/k4VDRVQIcllwEIQ/shQcr0LganP1bmYm0e1rHeT8QWzEqTBgpvFJriDvdHE9WZTglDHylSUVC1TIOeNljDU5fIHMxwm1v4Gncd/vk+pSLaUbvITftMyRrRtjh1pUoUtKu773Ky/pLPU3fD0Tgydz4uVEhtMm1C6xn96fLDYQsKuKaoCwPzfXO2Rn579zHm1/DvrLPPcsHLI4x2ilogUwoK+p089rpYwj3v3M/87be/4bXKeIHFdrN8B+cdoHvBtlI5M0oYyYOeZllet+mUik7mo3geHzlIoI0RUTGgcZU714hcYMDIAxSQkzSyG9Qo8S+tCT9qj3DC/DPDzaLZQ5n8uAsz23iLUFge9G959BVqmzMstuCKCnwwkGl/8aGeyCXJuh0dO/I90e0CoRUEAAJpt27ZtGz/btm3btm3b7mXXzbaNWcQs5IyGJvMYWVgjBJaS+NpTAAg5oGl22Y+HuzHn2v2DGARkqKutQ5Az7cdqRAnCyB7IDr6qlD5/CE5Ay/Wtw8RruSFQO0n3PJFyN2xko+zSbq0Onwh/hDYVMkcXobHk02J8J6W6ur4iZDS+UW5lzstkTg8VZy7eOpvCgGx8/uURJEL7yF0oi3DZ6ESOK7hkX9w5uVcvjvRUobEQZ1dVv9goYWxr6gRhAGbqkK1kMXbj8toutSlz5+WhcfG9dx1R+ifM2kR7wFZ9Ey7QGsx5H7zE+u2yAyvjG0/bShgH0keHJmkVXAiPk4gYYY9reb5vhVOSzwTtG9OAgdb6w7iYAp3P5bFfcKiTGgNY/tC6yTqy0SvrtzMRNSRQcenqId1i7c7RLOIvfxncBOkgUkLr8IIF06iiprdxT7xsLb1tDLkvc3dCI6tVYQCQziCNqQUpzNVgoaCbi0D6C1GA4gBqxiXs/c3zD8q0wLgUzH0a/zX1ruKXS+1g2ZPAaGTjr7NQ0oUkKJ8JG2L6fS5KoQUNZ8XZDuaX8SuQgKX0EdkCCclsK2F8jZGJS+u9StYPwmak7B+miUS6I9J6WbR+uBRqKkIfGzZro0z+imPcTegm5O4rXwx1/Q3X96FoH1dbdZ6wOhKm4pcZuYEHbi9Cq55K0pvUCHqoveAeYWkK7ZYYCHMwtRv8Sxx4cH0/5blIOdSOCnoWfxY1rkaIsFsXYhW5eRtXxPxBjqFwFPTJckLeqEuJPQa79KyYxF5CzG/yVSfdxtwY+m0JmiMAy6qoGszRkscAgAqwjhdgP39u7z53UlgJAWD33+t8rWYCQ/lZYFhADJ33aiOgmcDXpPTLOsYjUrPHGIUF7xvRYUcUHFN+fsI9qXPDwe6CSaH2/u/DmSgmFnEzFN59r3z/yfbFX4mRSkeEEbYoBzkNyIYegAz+epr04s6c5uFziaqBZgd7ZSpn1nDe5u22JpSTLYvRmYYc15RxUT/8Q67mAdxXEiR+KopMaMLCGPavR7dOBfsqF+ReJ70hokWQmupvdliofGW4BdLYflZKSuP4wkwPat2Y7So1RfFyf+ZjmM6Z36bsGots0mR0KhEXrBPT/AJBo3FAtzg5vuYmC3x+tYQa3YyI1jSFxRlfgCh+QEHjIX1YSHslnKE8EDm72QKEG7Xfi/4aryGlinrlpkRDRWbmfb0Gwa7wYUBayBCohE1Hh1LfmP5hNFXiuz+dsfKUbgobi+Gas8gAgNfQOhhmcG6rxgZcEbvTkiqZyYyL9+z3Zll7dMZU8qvuiJHAgD2tej2V0fRo1dqMqJAcUo/+8/dkNMvnPO+tX7eR7LnHu23KnvkzKqNNpaFjvM8PmVyuvoWZfwzuhAwXfj4/8BO1UGKdPdabrFHxDvhFLq4WsRF36iK/cxUUxZPhQO8ZvUaCHvIHirNm/44VIi7MuMHfCsszOX01CWf4jdGFWyraS4H7XZ6au7U1YSswF1rEYdlhHFEhadSioP6npzEJ43oiMbchC7ldOa+CbcyTR/fWHpuPX/iLsYs5PPwdwUJNp0cl+YWQfibX25Z1UmRGvUHP+EKhbev/ZLFO+rs1Hy6iafTqq1MMstsAZnWEHenNw4PCyK1h3eqP1fvwJyR6aMHGX2LBc/FXjRMDGqgP44VQbHJcGmQ/VBVZklwNRFQsZG/J5+qvWn59lV4Iru9jzzMu7m7wOUAMPvBjzjMIPsSeJrHGGnGBjatyihzcr17lYyW4r7niusRvF3LuNscdDvlOjs1SVxclJRenZFT+F48MoQVkixLcdFBL+0r/wuIqQHim71NJ1KEBI866gnY9SKvLPyycUBDHX0th7bPQABlreV4Uq1k7sm2ekUM1fEXucDt4dauITyeUjq+oN4IvV67Df6gQn3Wd+wM1b5norayW4yW/iy0ZtcAo/B5D6JvYiOS5rpXtWHSVS4qkda4uwtlYQocFDBPk5P+smEtV+gRo7Nfos1xKJMzmV0u9wAmF3wbCbd3slhPGxKK8F359Yrl8astn8HB4N8KRTWl/vrwZisQbFMP7EiptjvsqhOs6QR0d9XigEWEpPELlHzDfjlyJqi2Dcq3lcv34e9gYspRyh9QUQuMfjWDMtSQ/b/+5d+YJ6U4Eqja7IIUqGrTqNAacpyIHpEDps8MHmF98ypdMbDogzcPAxeUsxA4+CnekKjpeUdb3GOova5JBWreYrZeJBZv33Vi7oujo7f+KDamBC/jmk8DxYDFz1SMoKXGUykzrkgqZlDi3icO+2Gh2jBrH1Vb1op33msiv56HmxXcUr6BK6AooEe8QgdMeZRDZqBK9vuSszFEv+HBvtbS2/Lc2PZkbxU99fS3s+28YZ7nSm0H1aaYhxae4vpEhypw+IrDvTn/DbcUOwn8EPJy7hOeBzlRZOnJeAluXuOVCC/PecNcj6sLTLZtmlf3khNXQMy8H4pQc0+VDyu+WE6gIdv8e/dvOCwmuM2JUER3gMHGKr1PS5xhLpgcQVETdq0TgIsla0VqD0rflTD+yhVx7pNTR/UtNyyt2/sFDcb2jNIAAFavtG3eI4dwPUELVFtF++I6BP0QswkABYSTUI1JuN3lKGSicofovCjZrckdqtL3puF4nWHC6LjWtKxjzU6b1/cIQ0nfrI0VPPDauIMnPZNYajGSxNcYl8mbuwQucuGgpzgEHawTZ72eRYiBX9MzaZUdB/Y9p5Yg5fg3d5Rcox/K8fCdU2HQU8EXy31li47Rxaix9lPn4ia1mu3BcqpzwLIRdxBcaISSWVV2nv2EDpQmImDfC8/irzuYzqJVl/tKmjSGcR47g+ujtceBt8AUrHYIAGz7X3uJVDYXTAAkuUVQKGMHaIJ6EwORMf/e3TvjiGUpulcux7hQydLz1Ax3edGyCG6ZR+8KbeykqjAmvC/I3wBumHWEXOjpzCQt0r4ahHbWcW07wNgv4JwWlGC8iTwGXbLU4q5MIBt3e7EBShkhtspiDjfRY3nbE9Q4SU9UWFfkCMh9II9MfvVzSXirmnnTxPmV7+NWVcavJ7+vjb7ndbGsmy6LPFpNTKi+SOoPqX0nCXrOzaPxbA505pcxvst6y7yrr5/7MEu2NBDSwcmtePN7QQCjqIqrjqOB+kVd85GfA1OX2euf927016h8NKCsFJE/CuGjQLVf2oi2HVKSY7zgGOKXgbERAm4FVfsQwz2X5Ttr+BCwTV8TrliNdXc4tEmWm1+IvXW2mTfho+x418I1URH+j2nOVNnDQEBnuO2Rhao1RYBvQrQzUXsM7YTGb4qSzxB6MMMQa4ch4c5HC/NUl/7w/F0ROQvWYOwxsNK5vvI8+iaVBqs9jDtm5BTOu7Yzi7IPzYFs4eVXxU/48GaKw6kpNF0gZdf+MCd1koDGO038VqlpYnaTZGNzKTck9Wco2WsTLWi7wCcr/WdwSmR6FtXjDIkeViG6TfGGVtQf5lo9RVeET6t5GdDxBEaARYb1X33iBwEtef00uTWBCk573n7e7RrMoHO7FH2g7RU0Ctpab34HUC4xjm8mB+DGqhSHEhkKLZZYi+alSeKW+vfcNsmM8KKQH0cWKsxunsDLwILqlJ6RhATvyFupXUOJqflrNDM6uxF365z7Cba0nPxhWu3QjRVt89jYJdDTxnThYbo9dBLlL4cJSxmsaxjaSpajrAIvhN7tyX9pFEVF8SqLbVH4YJhdPZclZchwsDDaIdNOMnTgXr45/Q2fg6V1uciaHtTMrl0OdctWNQkB0LTZpRzwkKSxcaNk6h+Ru35f1C0Tw7VFp/7VAO81d+ve9vtLXhKo5Nru5YN1BFrkKiebFQHjqECF8MN+BJbNounilpKpVCoMZRj+37v0ofSm/UwOYh4fRPs+ln4YwkRGtr2ZrPLjhEokFsbEM0CimMVL0NJgiJYzUVoCcwA8S+pg1ys01Qm03YEqcud7vIwq95NZR7wlZOVkOpKEy5jvJ4CCbZgNV3kDmy+/nl9yKJxqU2vjhUnvSlUxGWZ8f5xf5swLhS+OGdXQIRAuXkxeclXnLzSy/Qo5tX+SCU5chtb2YH6AIFU7ZUmFNKFYkRhVzPFRAa5sg1tsJmysLkU6ZYehwa7J2yVIMkQnhe/rpqmMAY5UsFO6sDXkkfNQFeEy8I6KHI7n+Xz7WcJG8wwNpnOLKapFpxP5NP2Db1MqBt4lnA6zfwWtF4WSaHLSF4ldvbpFh16CHn2s5c13ilrxb/KZmyWtOn03bB7agIDld4SbeXAaFRHyD+B0TaRA4RbRuCmTljnlSJUez1oneRQYT3QXSw/uKhIY0pFoiUMMa8CJ5uNCM5Z4mtYxAmGA/Suj3N0w3LyusY5d0B0ohvEW6+J1lx0vPMRngl8iqVbUcEH6y/xm1mC/0vA1qqg+ZbQElYEvGLBzya4Am4IUMWMVBsPB2+E7dBNOsDRCX8xDdeZH0+hIFEGuJ8TqQembSpAH2ov/aR6Aam40N/1mlT92uUHxaIorshSj3RxVNs2G6lQoC0806YAZaAtE53GL3u3/uou93TG0CgT2SRNJHnwaH4lAcjKkK1UnvuIWwI2lrMO1zJHjQ/gmBESAS45yUlvN84Hfj9/A/fhhJNTWHRxQvJFvWvYDL6Lp8hM8un5ZRlVZps7kVLGpRqaBGv/e7jCHaoS5yZ3/AkczNNLzFGr0eyeWlWIw+48zmslNfbKR6RVW64jv2zk/oBioWUnwnRS0uPAFDgooIttlpt0gt4ou/7Q63VsAo8Pt8VfSmpz+/8IXjjp1iONZ97waYDpDbTKMzCATZOgbXX/WgMKpFUkSHq8uhuAfUboHCW7AXsvXxOYxbapqso2vA655VWzqiZi8KuV2UnFFfIwiGeRbDQ+EYOpjfQGyvlNerSIsggLyCt9tbIC/g9rSHlNiNS8DeaJv1z/URrKQpgLMxi0NsWX0dRRXKx6phOEhBgT5eHTrXO3TH5zkWjrD7/YSC8UqpiiH7dM7qpSrHwz6oUAJe53pv4Pe1t/RcUvE57zCcVl8sdC4WVmcIYWrs/gC0yyJjY+20F5GrhdUdMzTIGhDKTs/arK4LMoCCWbzKTJrSNC36L0J8XdcuEajsyPOsc4+dlW2ngbDUb0bxbvG6dXvxSlkkKs8tQPOPLqmhwYxpWaXsL2CAfS7AtFQ7yu/d3gU/GXiYdEgV3H9yG/omXkB3+AFf25/wMUPbknaRP/LQr3beCpGSSovT9AXX1DuOviq2RNgpGziNXwGooQAnXFoXyPSAdaogaZU+ACiscpx0Q/UDQ8UigKsSZm38guGX7vO7fiEjNDaZAng82xbOXPKfPGVXCYpaz0PVAnlEQB0Ycf2AlMkjm9UQMLuT34zi5VZiI3e1F9I8hMzkVGbbdw+oL8lAfvJVmeGGNJBtPIUrzD/IpUCybSDw9FVgRexy8XnygpVZsx8xjOgiMWrKXVWa1JzSvyyjhoSyDKpxGjy4ut6IHRLDPnfYu0gsgM8IPl1bfoQtwfzahjiz+8GnNNMQe3zQ128OnP0locbD0ZVkdUJh/Qd+9ena5MNo2TcLkHQ/3Gt47JiC4L+lF9YGcxHBnL7WQNoOOl3paIoz4TclO2QZpkZ9LH6btLTkOt9I9iSwV3UQIDUvhR36n/meYx7/ISbhynPxKgdUhTbNy77Esixsv9rjH/ra0SLf88DqR17pvxAreab1JIsqfvD6T+bBIdVBRsuk0KE/NjkL2AOBFjD6E8xHQiOym+fodp6uevCCfNi7oQ26C22y2oMhqvG0LryCmX2YIeoeIXifGCc8vN1C2CwCK/rISTjbWdVQgJl80NSj5A2PkHx7OjGfBwMKrPR9nLqRicCjhem7ZQO/k5pHs2WKSdToYZ4TZJeuu+6XN4KOneA4YfiUlxFG2lad8wRiuXtzzmGGeJXlNZtRABgt9F7MgggIlm0FVa1QJfVDPY0HPnQbtYphmp9LZuvfub28rJPi6kjp8kQBLcfkoFwBSYH5PzNwSTx0lHdw+YA0XQO0pASgSUwymZBTNkHBi5YymnlBblIqUigq/DOjVxDzr2Aq8dvJmCPGBIAMRGcX/+fmiNuaTLzt4EA8Lry6sjWsnjnsZoKFjXQ+MUdOL8/9NzQrnLCrSC7DcXidVkgI3FYmOy67PVRtUtL0NCAziT/O3H3uFctTwaRxhgcC/n0s+QWxVRFFPSRoCl6gVY3AcCBPwUA/cS8+Cld3MaGQRrO/Dk5K6mhkpBNHlx6MOqpezwQWs1uI4WQZAcE6f9wSlmvhGOyxBKLBDI6MWKPiNh7X2Gv0c3N/PyHMOmyNo/9ECDbAQiEBXB6xiKlnqXU0q4eoll0RVfUC1m3YglibPonpIWuz5GdCmgl7/sNUumHabhqLYCLfXiU3a9059tUYdZ9ssACF4mVaD3reonuIXjJIlrbpbA3ZE4mh6aECDKjGXshbDaRD+SPjfpKQYh3xGiwFJbHft2uyUH1rtz8fDOP7SScwzu2GsMUhZeDLROfxERaj3mAX+79PHnxQY+OgXduUKf8NiisL4N8JtzIUUSq6tafjsFeCKcrbNex8HMdZKETN3LMVdou3Uu5t7vsEszo2kKXkAvUhLsCm1zNQTCPfu/5CpCMS8UuFxtPtZAGoY9K1ZGAa+0sQmvNCD1RP11onPdFA9Jrvm6uYWOXjcNDAZw5vKzy0JFOWn2L4Br5bsfYDttwSd12ON8tkmI40OmVAYMFRCeNbMkS7J+o/04JUE1TeWplpTuMM/TQFhJdK9454WW09soJZWmTbJOs0pdtg9gIvtP2cLNUzmu+G4dbf64upui6N2MtIGF2OQ73c/CRdtpAHpPEyYczV+O9U1+jWmhr3gxBfK0vTMK6xh/eFPVdSWi70UlR4lcanZ/gzvMp/GoQBbMgjujDUY8VRpKzoQMs1fIuScbn5T3Swc1ZPseOGdiLH9Lpi1H2nuaLrTsOZgtpzYyI/OVEurYPIrfGZBK5HtQfhSRSqYJbNZi2NBD4HsD8XshUWRccAR/FwG5gnQZ/WkVlOkFEV0mxBFgW+VSvC6q1/PCObO1rxOhQk1dvEtKqNV2CWcQZycQxy/5Sy+YF4mWLVuJsBGDDiM2cEvxw/ieCTlB8Oe3kihBKJnOJhgdH7NvlQMfrUcJju5tyRL6tooxtCYs5qeHTfh4faD0EMWOA96I0uxDNY6kQn7DX/bLJDHNVk+WoZn78BzZiRcY8HYtRl9kHDBQmCGPhS4S6HZ5UiKcNxtZZlRXxSYVpdqLuYKxB82PWF99db48JmWxb4OhD4ys+P1IWNIVMc+3Kf4d4F8X99XQ1bB5QtoXECBoYE+pouYd/dvl5Jj91pRovVURt+gWCULK/RJ/gc8YcfGmIV5FaW5T4p4LW52WkJuBjpE/HXzDkIO3w2NiIKAUTj3mawQUE388e2t4UCU++32o/DkadYfibSRrZpagrkaS5szFePpE+LK+/aQVUbeeRDMuwnbNp/XUOWQFDouNUSFQ7d/stSa6FTdXbWvOggvaCC9hlPVgu26UNAl9vQ93lc9ENcwg72hoPoVjoSBavDh4AfJluqWQb8puA31FJQF6g7t7Z3RyqKmPZ3X5L8fQ77l61blsKlFG4qUTnCZGh6UoT/fOeIjyrCSE3WI8RVAZ/xIBaljeDI71+gvn1fq+iOndVaE+lzL2p4X+Ig3luHrUuvxjzFcvtWwOEhG7c9/Uw8bkJVnsfUJ1TcIxVEYwYJ4M63HcJyXnAk/JrrI4hz9LClIF6TUjtgtCW3ybnUSEcUNzeGynn5TaWZP+sH35HlffAceerw1o/LKkJMa9PidEYbr4JYU5PuGeBfFBWH/3EK/2i8KuOSht+87oWtvEQpqjZbHV5texjzoMZJT0v2w9G7wYgLf2iiHYJopPe/JJdVNwYg978JQutdtRoLsQTKXuGzRt6D+suVbd6GmNaDnbqiFPwdD7EMAJUMAPctxAwx6C1tWi6Urv4n0LPt6XaBWdxNmIVRcdXnC3J+wkMyaychqUbPwMBGjf1cgeqyzT2LRltQzFZBJx5D7JfZqOCa2+oqRXebFFu9Wq2NeNtKUlYXyTiym+Xm/lUtWsp/VqjpmZa/5ThTMwP+mVCf7kzZ3h9h1yVSzzVwWTWyrJXhj/ef1+Ssle3E56ji417KJ3WYCETxNLb5KrWxs9vszvvktQphU7S2/7+9uMTgyrC9SPTrBMHg45a5T4cIz+5scsnvyIggxRHoO40x6nPeBbgRe9kzvl0mIKkhSeekk5gMlYeea/fAGe9JB2CFBCWFCNrXwVWLIJUi+6+CwkiGUJkNaK66kBiwGFCRHWuvrzjAyqWspSCaxC5oD6b/Vd3ys6vqDyCmW47vJ//t+gS6r4Zy/1lY836Ab/jrETn2iidKG+qL0h6l8rQUO0u7uQn3lmE7/KUn9MXyhfjS/J/zN1JQ6ZZyJtvgom2gt6dF5+9U3hQfb/4SVkTVNGaKqHMeb9VhqmQmTRDwEhXXW0Xu9+XCDwh0aFVHhGZc2OnjfGMORDQd+CX92pgRUw/cvt1kLON0gYKorjUOqVDQ23iQ6977byJL4HDymM+DVwEOR2E/BpPr1GkA9hPhQxExR1oZnTJLntMYqjFgfx/kyrRFUa+V//wEJhwhuKhFNpO+ud+UC6Ix1f+gAJbaF/NwrYs4eWaQcuNcCE12bQXhrx//kDKbVpft5f1mLylFEeITXQAE7cZ3tzvPnNFCsmXzQFRitumDh/VdpMhk9i+JAJgCCsBKPbVGX9jcKLf+3yErRbYKVkGQFtqrPdVQYYnks9EGfgCdWqg++xX/SJa4pqz+Z5xTMTrLKqf3YMZBs0fTvBPKiL63bNBS7iARUBKSNGlGczDuZiH1amgRnVcKFc/HTm7/IiFE6Bl/yFc/hc9bu+0BF0DAfB4+ueZR4mO0U/Fh3uMtbSRmeas9Txx82+QJLcZNvm1IN5Z0Ey6efagYDXC4wsUHyV4v3v9KiFSNg0euFTrvSlulukH1Hwn75I6D+KHBerfkgAe9UiN68Whp7Ab3bCMQpfPbGqaCp9bxvWcgnBJPxrTsNbMAd2WTZmjXFn1veIyd0ATRiFSKEH9OI30Jclm64Umv8u9C8jBwE24qx2Z0EbpzQdwhLjaBdEG0RDxP4rJqJqISFzO6zLu1Sj5mljRw9Dm9UFXVzVm3RAoC7ehRw6KYXaBUsgfNHO24QuyoZOrUIPdgcxBU1L/Oggpn2a0EGAcqsmL7jY+kqqJwuR3wthhkC5lBS1HqWdw1TAM5taU1tqR4oFbHAmdhxh49Y8Nad6vupfPXBIiGcFD2sGT+PO1TgyGb9/3FXyv+5oqAaL4b+QKM/4TheRi3idGX6UOVpk6gdauUHss+0GkQbXUjE0ncpbkt9xC1+HlwcNyPvkpxJ/5zq+FpVbeXgr2dscdvp/BH/ZuMTR5AnUHnrDdYwl3FiohmdHl/D7knfswfSwIJ/iVu91AwaGQXQcUUKqZxVTNXkktZ69kT5et3797pZTqwzf7IrEM5Zh9aF9KLOgq9nTHyRzF+cuRxQ5Sfdh0EJUNnJtDaEU9hyt+tvYKh8fl3p/4ZH65ZjrujSpw/IFcyLYdYW2mRgIOjza/qeT98r7llA4UkSY8tKb9Ilw5UYGyaA7ogxK/TTUQARBzUFFQopkYq2EiP5vUVgBzkdKy9rtVThIgwCkY6sJXwbiKuH8gT0/DcnUtLmJH2lYO7UD+ecOcB18jrgWEngJrgczpwr7rHxCfQoervnF/z3N3NZX+nuFX1uatb70FY0h+AGiI6tAz3KkzFJfESekiUPvSfoHPHUF7Yuujcf4Li/9VHdTDXu8rJmy86wRfKW46lxisrJyH888XcsjbdTGf3hiFNgKVsFuB4dgRejFJ73CGQSEwe3oCp1juvj7UKW2H8YUNbXl9feXN1I42b0uQl60QZU6e4MhTb6DYdPyK+mUiyuygUMezxd7yx5Oe2RCtSdm7krCusU+N2n2QEhLt9NBFVydrD50/u3k9934w07MTJmZNkeuJwN1YTuj9aIANvC+/YkHiQu1w/eGLTFSThl9BTJ+VM7dlilzc4vKmDAT6OtwW8qhOzHuJ3QPJ4kDbKBUI7hXDHTDq/RaXpna8Q8HiRsbXY5gju8mcit05Bb6g7/dc1Vnvu2lpEcrFQ8WyOrXhn8W2Zc3z3Qw85rn+iTd3YmYpq09yceKjComVgnA/OMPndsKQgFDjAWRgMB4P0kaT6XB/ZjGdYu/7qs9kMtzlAXi6gFstzpEXerU//Aotw16faQ+ppqsW784SEgOQSOZP+tEJuqX60bXFO814V+OhPPcW+4z8PbnaHG8s6ESiXtCaTA5BKaY8i5STbB6xHFGcRliZ2U7tzUC2Oky3OIlmX150RUkt7F6Tycv9ACZxyRWAgKFRAUgQSywg7+d9UBUASJWlx1QAIIIUTGnMEPLWvvEbRXYM75DmQ2eMu8mygwui7SCEzkdnW675yL+ezDnX+YD5v300VqNBxPzUMDGEq82nMpLPJl7w6teVpgiBZU5bpLy1fVEE35yrpAzwMGtAMZZYh4RrL00sT3eDiWHmz9u4trQXxZwIH5xMCIHYWUXtntJO1MfSJjbl4b8xRmJrNMt7ZU3m6CnntDvtj0ck8h/CkQKn/xQ3jR42bC3Ww8m4zKLVsnm6BBfJMMJIJNndtha/uEJ4Po0BthlV1kf0IQ2cmPy1AXmmOQshmiY6NXdTFaB8lZBZYTk4oSqYbCCIdd4gEAbwzHOmoLAKsmafCOhDs4URarPd+D8QLHR+0xlbdGbzhnLv+JHYfiztGUYw7zue8l1P216AEtA0wM3203U8aSIjEK7/Twe3SA7+ViLcozrrfsjS6PczRhGI9UKUnnMlVXUbbth74QUuNIxG1zGtHW7JPjgZbi1tlvyFuX6SIpt0JSeFdM/oZveEX+1gY8djiiOhhftZb9Nk2bSTPj7rx/Vgt8nuQR1H5o6k+iah9fkb0Fl9nE1ygl/r1tWw54mLUd9GKMJV9VPAjmh3G2VyqqMKKbcp+UwdFb06caKcotqAgW2G1PI1Ix0PfxpVaHkQTYFi9Q6YmE/cpLrmf8YVC9Yt+k5yRelje4fmQUN4uN4dTvg/NPrH0fF19zveai32di3Nd9wVjaws/yjXJW1dhoeWx34jwbrU/yBFte0lxZ/9rfBuphFmequ+VmFh7UMsrwBn/YFzSAdkCsmlchGF4+5djFZxUPMM7+RhLLkpngkJkPQSwkaM5H3rPCRhWRHamSEOfgy01Z+e17I9c8JR/CEhxH/KYuiBZEewdtL/h5DGr7N4A4qJHsMzdFB1aLyWPWAcauU4iP9aRLcBIMwqT1sPMSyaRUUHZpoEfV2y7Syt7rqLdt1cpHUCNB4y71ERY4HxBfZ/GwXd6LANRl8fF9/73H7k685haUzxZHI0qUNHwuZpAvMfcsmD/gyyMSeW90HP9XRnr9SycDn+64cf2bq+cP5k1TASa4nwEmYShIGOtlHePIo7EXJ0MBNPH/L6Iu/sRbYWakyoITEOxDzXAzn8EdER6ESHTs/Eg1Wy/hGBRrH9hypLufNgci8R5hBlqhho/BsU/MpAqdxvRWFDc/xAfewCBfsUNQYKCo6eTUq8ygczpOJbQwxgvqFj+NcimnRoNDsvDVn1oOyxfO26sKJSn6+c+MoMFfv4uA8kJ3TwclY1Kr91Loi6mHCbit4a9Kraz44FJU1gQIUpkt0qRPaMaIfheGew89e6L6IdkV4rKMob0ZuaDXOKew+do72oCdl52hvXJ6zGkBa6GadhNfJ1wiakO19mP0t5aW408pvM/f/sT5CSaWoaBLlDt5T3lPBCIJu7BA/Qaux2dB1pr34Gx66leMwJfUKlk2tkBGlJAAmncQzo9xgjcqIjIKDLQ3POeEYg+HGxQjciHWqeJrOm1R9LFkAToYkRh1TWmrh1HktM1KF+iJhBY/VvnPUxc/e6Lxf0VcZ7ADootXpbYe540hMVtm99kD3q3FI+wPR2mVM/8e3kxJrpW/ECZ57ETR/jj0J1B5vmJz8PhvG/zcuYnmn4wAuou0kuN0++cNTk6FwQeiGoxlJ9Qt4zseXzW2O+ha3QCG6EmvC+5Zini+Vf2oqwjiTuZIeHWVl4LtGdUwBQ19p2XrDISpfwLENw0pmLvF8C7ASojWXS7UHzziHCjdKBUqBrAOn9OfQYDJUNvte8yPDi7j/h1ziAgXlfhaincz+vcGXkcoCZwqX4rpMGyllg2TgpjEjaNMeUfjLqX6Mqz2T14FH02hI3VchCHkCW7eoeo3Oz0MYr412syw9qJYzi2UJM9KkLja5LJhd1S3uhJuN8pXrILkTXC1rqYIi+8trQZYWq8uQ+SEb1P6aBH1memNHoZrQVULyyExWChdcP/knYGCwsKJAzP/OaC4y2mMJvhqHW91go9qjI0ZwxqLzrUtJ1r1z7Yj9/BN3o1fL1gyuqQkHiyI0wuEf1fiC7QGwkEu3qRRmykVU0Usw1Qy/GZPmOJCpx/F/2by7s9rVqyLvyorX7H5xtvt3d3fs8vByeH3tPl1K+Fb0nMo+StGpdC5IcKnU99dSkSzK4adr0tp5FWXLw6l8YMpsMNUGfP6cEKWLvaSMjBtOXsXWmCuecg94jeoug6A/wnX3t+pXqIoqnyxxINjjPJ5aX3fmnWL1/d6xSk5qobPTo3iEM6padj6cbr/a3IoIhLeApjUy2xzX/dnJd1XP7DMGeJBLfxbJLnEMi6jLLQWtBChB/hArDMASkrsFoaTyyDFS/J4gD88gQIkqug1SzPV11iWe5/lsodmGjq0yy41O6Nfr2NqbBg4ZBkjvanjXuWdoZc+NlclS1Bgq3FOxJtMoJm+ionYdMp8znhMjn9UVRHvdO0IpIcblwTWMl6os9jMfy7/viBL8PtoiAfgjvsbIsIMTJ5h0e+Eys/sg1yWCIUgP2a2/rp7LCezTU6YaxjTGg5LQlDDyhqoIS/qGNFrTvdkYZHhmSnx9JBhE4OMug1VjbDL/kjPOGE1OFda9EUJL5Dw1Eqw3xnJiPe8LD70N3ibsnuOZ/xcGsMYwSQF/a/L8HiESYnt9XSoO+Y9qykeqqBtU04quNa3YHr0LeuM5K8fy3GBJu9jhYiVQ8Oh3v/DZz0BYfaLLdfSkUW/QsUlSRy4X/xdBo6PkaeKtNPity+W+4TAXyNtI9oifa8jnTJxQVdEmmfwYppKjEntQtrQHZHYCisYvnJZEgv60JfAG0TuX4hQ7jLAcxf+KPUYdb03XY518CPjat/Aigj64YNo8E7hy/h99x2Ai1YaJJ7RTGuZ/nIkMnUFEmrMd+UqKzukymPlmz+2SbNZMx37GGxrtdis135EuHNmo7yzpyYbLX7sR0MS+MQB/izrfgIHhiIo7HvTjpCEUoPyyYdRHkTeZ6xFPKCVzOo36974VBC7wjHXz0ZjzrJEC+zdzBsjfuHHeQ0Wly/ty6UKL3HdqPG953TfsPndsJhouwxUnSaC4h5LCRlcHUVDu85fOswkpkcg6xcRRvr/wmRwVh9M0xyrGHmbgboz6Ldc+GlMLH3Vm5Z5kBsV7PPlgmKsJsOl3xx95DuDZhfl+eAWw+f4G2v5Ilt+D2xvENm1SiGcc8QNVj0dAhsFnjn3CG608idHLpOSm6zLBKL56hvt3pYpEj1nbTPelZiqygnWNBJbUEZ4VUrpotmty0BwWxYdFj7oFL22stU4GuvJqcKdFLRpXN5xgNRA2PalovJOSghyTj6zXfD4WSH71BXQjc4BQyonkkuokwV1KFeuJ8/HzDtCLjyaND1toF3oETk3vm93Qy1Qzqzj7YlRRzJ7WTYOS/Brs/9XFheHykkXt2LQTrzsMJ/U66gR6G6Hmi9XflMCzb0YMGN+WblFL6uHvzygWKtWIQwsixfx+YzCLBHRDlxfJe8m5Pe4t/ghOeDa7k0Hnqf6wFNDG7eBhzDCR20DjNQBULgAu960jOVi5BcjOF7KUINw6RIm3LOde8nOo12i+Im5ub+QR3c6DRux461qUXuJ97gGGBzhdM82ehu4jmcw8QU88AFKSiYqOcUpLZ7d7hJq4qcMCq5mejbdtqMibuSqlBMKrtWtJ4GXf9CxHevM+KnZh8vsrmZNRzgdSLY+gHw4r6urvSN1bARF/6Vnb2aEvjHtdf83YXuSAaCkPMVHf+AmTaOdBiRgd5Z28NtIv2bl+OJPq3niGQAX9iRme81DHD9FnBVfpgWPyMB/wlQIDGbb5wkZTyvQuPcwypvy+Fvao8UVL1Tg5/0K8luFjGU1DNMn7QsN3JH/AowWkzlXVlNFBpxluzr9nN/NKrEfGvps503eBQCOcQ3tHsYJl39Jz31H/zIO2FJqDeHKtYJU6lk1gJ2JfOKhboQ/Et4QXdyHgc0SPB/c5nOz7zRPsKL+L2GqCzvvXjjWTmSdJWPTDbM2QhwmPlrOT4tpwRrBCo28+cjeRO31IYM66ivvuLsOxBB3SmtZKuVw2jKjQC6rbNQkLmv//TJ+czJtgq9Jo+HEbNpG2ajUgLc+fJWNO0g/dop0R4EOMO1OF0Ib1ltno1QgzAnrILJ+vQ6Kw/lj1rzB3inlUK0/aQrXI2P4OooNvhKyHUS1bWAzhPcLpl3Xcy3OQlftDEb3ni9bUFib7iBZqBCzN1cjGwjY0OjkliCxVr9JHGZxEFc0DHhenC/nKRIdaSQdpKP9EFleGqkt+fGdjk8G8RcmpFY5rZHakeGC2DE+1xgkk4VBwLohQy4xVeHXY4ptAgWKopwp+IZmVT3OGZEfOIqCZLe5Q/jWCdSC4prdDQyTkm4CLhnhpACGkrZv7Ojebl88gEE6/QLdLbJWogLsmhYECznS+VA3xQkj/B782bzrAHwzyOa+TWNsVMJKVvv4lnfnpgvSDBy1ju5sn1cpUxz9IVrpz0fSNltfJDnYuz3JhPcUMEBEOtNXUy6m3uKcfoHTzxVehBfj1iSna/nmECC6k8c/+APoAur+bjIUcWJ7jmlUosU0T3HKllhz+OgPeZ0kwRlo6Wl1hnS5ZGTXqbjh5sKeZfEVCKSLpupwuAq0erJmuJRbvkPxztGuD5UDoPfTbBWqQbaSrSvTqnETuBlv1Frylb+rvfPNjXvRPuwzSTHWWzlfbuqc6Qq6wqTD/iG1uuNr2PU11xdYoLtiOERN0h28R4kOifWywstnws197t69AyiZL+24y6kGIuyWY817oYvy/NvOSoRu+9gVhRfukdCf4Z4xgc7BwqZy1d5+iSp3eQuy/SXGtqDzf6ZYWXzk7Pq/rN7Phaliayk+cqYC/5WgTQa3Kp6sNuN1tbnXI9D4MNDJdFklMdS1LoVfEvDirZ7FUJTnCmNru9ip1qR44kvsIuoMWbqalz0v5OECq9eJnEpwRyEpPh5xtO+KTsFwvRYJKaWQZEXx7bg0KjWQf3Mja+X2k8GoUl1LM5qfEx2/Y2nRAwFaRogywOAZpqxfT0xGrD2ApKmRWztSZynLen3MkHrJH0+y8eZMzPiArZR85tGj9UTvlhln8ndqYTjfXgC6XvMxHPKG8GvaPmVvH29p1TgxsZwZtZZAmF0cKs9SxYR4qXpewq+KNxtjzuk0MNaDXru+HgkQSZ5VYPYGRaW/zSwEmzJfOPtMLai+6KMKErsSinqw7PPNjIm60+APG7Zq1gfR9gzwKdAq6rV82SADEZDJrfT9w/h3SUTevo71g7Pt/A9DhzIySzuvG7ppzblz0ux/3VO3nxOCUCjVepWm7o97xUmOzrcuFYQDLi5VDvD5QbarhUBmXJbfmeWH1iu3Q3N2452VnJQLMD0UpcamcWSwYMoK07Neub2LGzLalGhcGbS49SxTOGgmbn/RT6xAaekRhnUcQK2IXCaOGg6gAO8/IIkQ131E2dvPw0OD0SiFh5aGxOGJ9Du4jXdmNOg23r5tm35wHLgz9oiiT2253qnCVds6gmxf6HcxJsrH+OFcBKm0QOupE2n5GuBP03kF66UXcUFOOC8/wjGBrnyOM43nB9E4p4+LGpQqzgo7CzU1f1P5OILpjdz6Whlr48eL64EjX28ohK7tCM64xkZ2mYBOkCxwLv8PpYlsqnjqCqv6e8p/J9tn9CA2MqVbrarfaQsQPG3aM0+H7jcQifcL4qGWrKFbaJdHhHWI7qp2YhxlZaI16mmEiM1HRdzdP3WULCxPUJty4XhfIAziTkBqsb6JyGcIYLN9UipVI1QRIfSRW6rIO5fUmx6BCPf3dCXKZqSwNkmIewUr/mPxG8KF8YHbcMnm+iNAQPXq8efSeW/ydylte3Dq/jauRt9bZSWAQk2eeXVRm9Oor9vxUsbfLMW9wDK54Ugn3BBW6UO2RjknhNImEqL4udSI6xCtDiOFeH6hI/z5rVmUM4lwVnFlCiAexJqOqq6sVBHmjtJFPbSJIGvxQ9ogJCZ8g2PmLyenumN3ylaGS1kd0KlLb9I2u6MDjXn78T1kgSHzZePotT9U1EJibduMUg2tuJpn4ikIM82mRYu7pJs8GK8PVoOv7YTJqdScuMFrMl/Txdb4PQdC8aFvWTT6I3zaG9Aw4vDBHZV45cEAq/khx/9KRfNDW8vwJ3EM4lXnb5P1+mZmIbvQYTvhVbPgwF7VPL81/DeSMmzQ3U8TAGMGqCYk9k2aaasaptvXASl9BhCr0KrguBIzrDTdZhL8vH7AxwvyEhB9gj2NMyb8B/YvP6kMZ4iDMNspmsaoVqkjzmLWMzFY51b0KLlxDcizcmORjaJx98b4LS8xjE1j1COticKdfdMYdb7m0G37XA5N7gj+0PYBlfSOvj+sX4wj5P6Yn8q3snMZ3sFuMlGPvZaleVbYCMf03+Iijhvf5ab2SNPVQGS0MU5oSK5v/eYY3mF6XWJja62FltrGi/UcotbKKkaMXLH09raKigVRebfA56lKB5oZjSHTb0Ojil0y4VXDK3SvjfBdX8hukXOR3DHtZmJN1xKpCfRwNtBCa5R+wJq6W2LFfEfG7P3nbXpSMdij/5qVUa1jSYb17ThMwk7xtlD7eZnq64S8CrganYEd0Pb1kZ23P9oxphTIIGq5VZdxLLO9PwaDxd6dOO0Pj3PQQsQbbkysibm8LP+8u6FfmjV8w+pD6gPHlTaukzgcfFqw1aXO8qHMJvguA1fPALbAFYcCqpQGCEInOi5NNIqgQP4drfdhJSDpA0CaLOhA7Ic15oqEzM2NosRrGNxwuLszEi7ABucxIkwYt8jVze4mYd+MiJycvK1PHRuGKW6rfkPBDlI5/In6CLaCqI/tTkTDvIjG04p6vUlgtcIDDXDFdXPiySGs0PpCi2FMzVPCLx3qoTmwSNm6FsLMHOI7MMCXaAdJvmxXy69bBZjbd7tkJvSgqT/9GsJhQ1wwdqH129jiByq3ibBaLe3Pc3QNGLE52BVmZg09v7KSR+P1OaIYZ7twqdETXaxrDQGUBvGXCtfvKhHwjTLdCISHANWt3bg2dunbHxDmWRSrRBpSyEV6mWOn1WeCcKFXmbMy3EJKvBEyitHsjCrguv9SLcqniX4hLYpB1TC5y2gFHg6Dk6uD0iuEvom6QaIVhs2zn+Z5DN7Nvt0tWgnnIwlFFnUZOgx1KthAwoPUm+ByBw0upNyipA222r1Jzx7MrOEtU8aE95Xe4LMOyKupwEUzjbLDSP/yWPJJMq5xIeQQXJKok0lh9Sy42gQpcmnV/peOC/z0BOuBb3+gm7SisO+vGwqFY+MREuJcxKPkQETO2lvEwOXNbGeOeVWyw8kTn+orlsaTAwUtwOXWLFX/NYtC5wUcyxAKaVvPiYZa9dDK9IetGEG0j/VJlj5PvE19JIsBXpMPhSUy/dLv1ts46ntUvz7iLY7gRgHwVxsdRlFiTBrVXCqujR6xeQsa+mk3i8WM50f3+7wTzGFoM6/s2XnGeohrMYvFmSSPd6868Rsw75rkcRjt6PCyfEyHld/EXhM1H3X6nWTxAWKpos93sS3fUvG6UZJNuIbeioQ+iEv5Nyonl+FuP3sGYM+ML9OB1fdQHheTvhgHr1l+GQyS3RejAZCdo41KGWmpeSdmH/jpgZy4oGlQ60pK26Mixg6PlGMVFy/weiOXWxcfhyu9WqjPEcd0hKb4OhCunvK8egiRIz0Aynr2BQ7B57PJ02vuMAfCZFVdM9zEDX4Z1159a8IAUEeOoK+FBfgudIspzP+e4pNSMB+BuygnEkEclPBmk3CWrQjG502c8TobBzb/VpgLzpt6VVraCPPfPNJoUR9nBVasUkgWa2HegzQRtQCTbSWXMPLZxuXFWTtEOE+3mVR7JG4YEYy+y+AAy3GHcFuxamLnaYybfO+CFufPEO7yMlioNUDgu7u+kL5nd1bs1X3oQ3eEy4scxHe40nhsyVbbBWwQxCLsvh7s0FU86xgE5SPt2Q3MX1OQYbsG5aBhOD2C01AuUgW6RCYUAgFyWM5VJ1SHADijs8bADpwhummePexUDI+jnAYj0l3OkOjCVvc4CejGtPU+dLiQGTR6qZjYrHnMVaEYJmeBJG5b01N0ax3n+YlvlpexqBiyMNDDnNNnFQPF/ZQ/yPY2hKbkaz+BD60Ib5OTyg0lFe4CppM5xrMSj+0S+wZzjmX+zBHVVHl7E8mU8keES8e+VUZGNEPfvNbIftHFg29g4rm6QRjnE3XRIKq5IdLoiDYt4XSGKxnlnaFFClCr7alH5YodIk+12uSrYqHK1G4IK/oP/Od9zonF4jYuYXhDp/dISRqsxyIytxiLwvbLF6+siyOrAwREpn/UHbKks9dkgZTqj1Zl5dkDfkrUw08u0o+G//r+AljjsRPr5jg9lyHohcX5DWQYgO72IuCQFIRqppJSY17TBt9IiztqJ85siAk8LJNz5QwSWGNyYWUpt3Ly0wDuuZXSjDCmndM9oa/DPp+80YZjODZEWUG7m6TArczYXwOJp9deUpP1YeD8RnGQa+BUNnCIG9PPYy5FNjGxVpnF/FiNhwrvR0sb1dYu5eLSramtLAVaWbe5ZufNUnacPnvnWBrRWEA3OHm7L88y7bgLBXu7WXtsswhgzNdG/C6OHwc/7SaDIFVbyv3mZdnDLPG55bBOcQ127bul/DndLJ6EXMZYfR6KdlArtWch+6sMO4q64UOaTflhPlVkfCs9S2lkr9rmUV0tR82RfZftOPeksE1/79VQDTpOXqyGkMYDLNPg35H8kQ4NHRnwB2vqIoxJ6Qwsky+rp4PMQ1fks0mAWQAHrOwPdx9OTtk/QHzT2xCxP5IrRAoXrBJtmh+z/gLhd7Hy0ANGCwLa7Yk1fyniU84K97DbfPpe7WYEf1U3AH8LUwoSonLOp7r78uCJWQd4ueDRyoctgJ3yWGd05VPklvf1zqCOPriQt+K1JcTd1+9MH/sMciEh1SKpns1iE1Vx6PrFYZhrS7RIjlna6mhljYFd/vhGp8cFZr7y6F19qkAh0pWLIiS0GjsczIpDuI5gG6oDdbk7EidJQjVZJxaqw/hG0C94gB1e18fJ0k+YfZPBAfJJG9UQjnHHS2iBUoA/2lHp+QYPjHFsXAG//Hy3RtmXyJsKJGLkzwrK5mGSeSUD+TzcXedysDegZk6Jj6kjAFVJMP0tKIN9yimy6D0hnqYddjLlVQrTfK4xg4Oe30ydY5hhdVXmxjGIHPD/fXC8dGy6ZPqNhu3GeUKBLmN9l3Uljc6ThMKYUZUBinA8EJ+ZT9Yjt3yEM0UU5VtO22NtuNEvocwXLOetC1UFnOhb3QUIO2wndEfGMDXrkpSJda1zWWlZt9HIcLKzvgHgLJ9y2YapYiDqRLMsQTSNXWuBDceLASvbrrHmNL103C0T2qR1xvR+dCLoqHCdOnIjVH33JuykFhQ3JapJoez0k8mwTeEjkvho3q2vP1//T+X/g3b0L8/4tOFoPCoTtxdp4rnh5CMUyuYUAL0rFEuYyreq5HzS9IXC+Bd7IurZw0bJoVrovCd2EHxhBNVBlWV11cSKP4G1UAw9X5UeQOLRclJCpH+b7zDnZBiR8/HYF/cfwpBfmc8iA10GugtFnNnpxrTrlIsuK+LOkRtRNVFINglaE8ZE+Bn+iiXRtzzoerC28khuFxr7Gh9TNbth5sttrUbL1sTVABSabP3iBeqljIQfHwysH711f9uyWeqG1i/KE6wEtL4D/scZ/j4CYfV/iWNzPnFOnDkRbFAO2nvtD8dUAUhoZTIa55LVGAvYFphLM0wd3bUqEpvT/Nqdls+aQrdyKZVbpWo7WSamL46YxOxR4IVAe3c+oVFXKHcgwVawG3ZkMA+CEOmx10W6W1sdbuRqP5Xz+WMnrx62E8ynx/2twN/jhVwUQlxWFV9gve3UPcNii4Ey/nfGeemSRmJqeAtE5b3YWoc7InlC7iqo61FUPAULWYeWObEUnbwFlFwgQZwGZsV1hf+WCyhwpwKufgODh9FNv/kcejuOemLnMicT0JnIH6+xkCXjo0G9QAg6tZTphn7hDIcAU+a8cqaOCqJRAu5C5We6mW8153vsmMxlhMCIWZx/UZs283QM5ZgK0Y+03eqNoey051dq4njkyM9N/TnLh/ZRFeEJD4B4YHyFdmKVDv2G7gnAhjC/6OwtwWGQmcCi8U/FZUljUQC5wTloSoRxnrpUmrMiFIk/vw4E5doK5xbzLp0+mOCCYc+/Vbl1IWGAVrzv01428PVEp/3V9biewhlu77MtFPAci131/TlcTv148bolBPBAAHCHTxkhq35DsTXow6Hc47DrimkV5jt7YcwBe7jM/tzVRB55nSPSddT4uzhVPOiIkfXllFygtiJ/edd4rrBhraPbewWlKN07m1zlCzBxXFrG4ynWWLQiWQSdwzxZm0GXTVNiY+lObP0HkQu4Utpe2VsrlYxk0dyCTyt1fmnM/k5thHKfFIOaI01uj54irhbxWJOMafSEV6YeYE4o2PMYN5vfcBJ1VfrJPr23Cv/R+pah8Mbaw5a+dmuXS3Lp4C8MDLqmaMv8k+n1KLwJt1s3Gzllv5/bbD2hAg9gQWX7jcNTBgOAtrAqgCMyJXvbdSFISYv7PzdMx52Wbgcq4gwtkKBWhku6kV+kzm8IdDReMcDaoeeh1rIkkfOOP3lQeKn6T/hGutJKqEbT1qU21zT79tjt9aBzt3LFcNTpEi+SY4mgyOyq7wo0RjhtVBjGqCIXyULiI/NTtDrhyQTX5dSYf5PLETAu4yW5NfUOMRN+MjnSIVv4Hi8IZNWt1XnYQmC+OiKfymAUZcKCWTDMtGQJ5TYkE/RIALaw3ajALZf4J1O33fjle3Ay6pLT4uGbHUxgaIudqRPpMgTgb66UeGuLJ1wUcT5IwjsmWACcgunO4ddVXyySCrM/Ql6TRlD6NlAQzT2kXR3/5fZNg6eZNmWqiW6sNyjh7cVsFY/rl15zarBvCM0Bsg7lPuhDMn63b3cVsugA60seJvct0OoXhIAFvRSzast2XJfjdS2kKZU0WfZDCjyq+mQtdmZXEWiaZmyllL7b2T7m6xvb7Sh6NQXSe5lfizHIWyBzZXIg+w9SU2x3ni1w0wuKyIVbyC2hqMmDZwRV5T0Eb781fUcH4JuAjj9O//qWNlGrcd3gZS8cwpuR1XlNuSu9VAvwDioRCAu4Y6qfloiYcL4aL5Sg1yTGkMEZYCnd8wP1bc28F9h9Y4PcUXf2ktuqLJY9qicbI/bdc7qsAY9T76cpvUb8oeQDRRCHZhGhCjuLXfdCmm0B1jD8LqBovFE+u1MAL/PgXDVGhRdFdPOq6xKb9RK53l5NTSaEDhpA1+OZqh5BdaKQTKRjlKq13qi46pOI1hDH8n3hHrt2itrnamSfeVmPiVJN3YPaFvYgC6yPTKdxC9g3btor5h4TgxY7kJr98GGG+U84TlmReGtwOCGnr1vacdzN8EdnIXHAoSH7n+k2wNCLQoCANBs29bNL9vmz7Zt27Zt27Zt27Y9i5iFnM83ndQfU0L8YtvnI5ZUczF9WlRdUeQIFXS9mRvXD9XTwNLWcZqJBgzfYfakaORGh843XD4MNhPV81kXlZBTjOMKK5CelBMmc7K5XjVwb0uRSj1LB7QzNwbiE+vEfyE2ESr9w13V+NXeOOfgC4jYHhzyKnqeO5dN1R3pey6DifjIJFFtjCxuTTwUne8YVmBjX0e0T/wPq/kRILLsmRGBP0/FQZ7B3b8prwy2QaXMjsJGAeMNpVSd/s5S8Xl0pCXqsbxxxOiLahL3nTP10LOQds3n4WqI9K9vSTdBLq+eDE99S+1C9yyhrsQ6w/AJKpEYQlCnfIN4Kk02ryQh7FVw3nQQUzxkpB7uSXwkuNZzATbtg1XooeJTMqO3KGlsL11tnUDkyqIqgRU/kkOazETDoceFNDgN9aKIJGrNECw+UHafxRudF8qnq0tYU9qzCDV96uMHMFA3p/uycW6V93fpO5llvsAozXaq8WFBjLdlKM7nRV8foIHTiCSORfvKjb//GXs76TvLDnWolqD5B16dDLK9GZBfHqUWE3Nfepf8jX0gEykk5noIRuRsjBTTP3li8FViLHGCmKmXEiGmJppTBs2i3IundNPJB6WuPtFTUmGXOyNJqzRr88DVoteG3l6S0wji4W2zDQZLADg3MUVPyo43MbVzSJyl/dbosC+SJuydQD4Mq2Bm1fPuL2ISkVXQHN+oSFmmPOVuOboX8y4/Mc+c8+/gBgdbcwVaqQsSkc+FNICXWypaJFxeyTn/SC0jcgGhRchCw6yugCoMH+7+CSHUw9sgAEaDZWPwQ70w3Ee3UvXGmtQQot5flfnI1sGe1FzUmLocsOkeZIsg/djPsJxfq/YVPW92J3+f8UFwCdvEEHfr4h9kSmHl4QHFHEtJfqnWP89nLBhLKJVRZvmyHHglRMk1XbLKvicbz/Kfhq2TTprwDjEV4G5xNRnZXZFWXe5BtQjkxN0UWJpH90+itaHLK9DKjpLPSTiRm/TzjgekzoQ/LWkGoVSjPruUg6xQ9hCQwqaV+Wfeb4HvgJ2wuUpqTWNnh2nHHQXdsNU1Njr3itUQEp7w7Sp+Kd9ZyKR8xRVRKf7BTX3o56e+nYT5DE/wyRPOiodzITp13faAHKGwj8PumWwg8HmwEpc0YjTUhldWHgY33ojxG0A+jaPTD77CpoEYjrY5O8HxzBukHgK7qu6Sagt7+ZPR+8DHB946O6wEkDz80sdOV5E35VSCLSxrCmpII3/a4dRhhZSbugNPxPwsBcOOP8pYaNZTOcci8lte40hDh1ftenTJdwsJEB2apb3sq2ckPMF6GdU4IxJGMifX05t/w2wtF8Qk1KX0tosy9bmo8YvQYFRwGgiGkznZDNoQGdWlb0KtiaZX2aYhR/0n1Q4JrP3hdztfjLPPpxGC/TFFdBUxn+y3cOd2aS2TF7qcUUkXcO69IUfXpWG6Vz/kiRxb8blDR/JvqHJaxD7ZGdKuFsp/i/remgqfMQNZXiTgzUBjYM6g0u8gMtcEZt48hs49jm7SNnx1DblvY+MD1zDxPbPOKP4TXDyIuQi+mEdBk0MeZRPBhdG3l1l65p9dgjCfQ8HWjpFgq4utulX2MpxyqFEuEwMDPrqu1fE0MiqN/YsxQT9uefvrZjQp9U8KeKDjo3DCoU/Uo1FdkSlnSJj/fn5V6SX/BTb87P31PcL7s5/lGdCfa+RRMOS7wLHSwJmxZ8MtBLe6Yy/UVNTcmg4fzuz/6nLBsRkgKgwt0P++UVLp1vC5ET6N9fCZkA+efXhY+n2T3+hkkQRiMXWgoLCymxy60m3uiZb0/yAFKdePa2sHWTWMHRXFjXQtaN696NBen5bvF+q50AS8QYkS8xv+TN1fh2/TbzPpXhPE4sDE9sQnRnX1XBfiz6BKwt+nQlGjJTiMe2f+9WsVHS5Ijr0NpNIssFw9gTkJ0C5RWsPzTp1mUtsbEx/4mgTPHCXmYRcn07W3oBbGSeZKpMDs59ayQW3vGM4JTwouGDaNyrezy4Zkl74xNJaRxwqZGa2Q3bicL+Idgm1fagYe2ZN+4pkgJmJtFRFmto418RUXm5+Qg8klScVZfbUuVo20bwMY3DsFU9yZSqoiq1yODiT434REwM19VnFb+V8w8SrJgTJFTDK+rrOSJEh4e5hexKdQlHMlWkCE4Ycuc5Jh7in6eq5f/516vdLkBV3Dknga+UZxfGhniwpn7tGSt5Zg58Y7riudZeAbsEaDca27NmvHW7ENCP9HFYRrzghy9SsUPqc71hgGcwr+n9bwDwraeKsTpC8qqNtmTbitIEF8AQZtQ15pfJB/39alNq/8L7Dj+hEW2EV+GKXs+SCVXBiu7UD3/QfBeV7EjkBZo64oIAH/a7x2KjogBSQrJQzYfGsbqWtpVYhE6L0cBh/Yr+1E5rWAkpr2YhwghybJUSG+a3y5pLwjhOehjjyZDr5IaO1Kg8z+0BlOtYat+cslB91L4HKcH4q0Kpa+6nMHdM3a5hkR6+DODCljz6UPPfefAOG2G1V3vEYj8t2FBKcELWFgd/BAhFK/SgbN03BCs2ll1EusZw8XyM8MEYgRVlJ8ooszY8ui7ciWjbADIKpaAoa5Snh7K5DogNpi5K1EaXO5DdZ37tRX9avpMbMXjYMsC2/opViN+pGqKR75Z0s9KtdPIy22jLuJxH/CbNFK3jC2t3UVG9/ANoyJuZZ9UmbosTqcQCObNpYXoD3Tf9sn5pYHqxScaSB/E08kYcEvqlGz88NMKFAlo+mRf4IWucB2aUOox+kfOEbCimlvPtJEP0XOr1DjDt1mB2OZ3+gP6kmMGIUPL3pmPAPnk/hcJvI+W7Kv1Mn7UEh1G1UiZ8pngOTveJ/NAA/PMwj4+5gLUlYkL85ldmQQCXcSKV+deqrEoWMPAT47M1nGAcPYDh9rJMhUvQ0eFYcGJT0MbPzlO45DpIiFuFB6j/dIAzzBKTdPpTQFdh8GYmkrhA1CBoOquZO6md/Uh4ROGkG8yEBbFmcG9/qWr6WVpcVhVUoyqSRECt2kbDVN8qD5GtwvitHDF1Fp3WobxUnMeQ/1MWJOAA0du8x9jMySGJ9OFkyqR5jjSGj7HtXwNye42bdFiM5BCXOBR15VCdnhn0IvVEK6lJIAcXwx2j5XXOdIQVjjPonLOUZsX+5l4QIsMqWNaBO9KqMxhlu6bowZsTCjEkdslwb/3f3+F5D6HtNt8/qibz2V26HHviLX+uxS1CZBuo0IqqoZd7ho8M8E27USDslWHWVWMB/4n8BTnrh3XrioLJnuUpbjiMRnTlm2s8jLn/qlOvPeBPO/SQC9G/rWn042M+DBCSu9+s3O6oCV4ABBnCMecq9ptQfGX7b5cUVFiERi4gO270/lFJ8hWnWbViIMq9dlju3x1hPNmcIbIzH+EzzZgo74dq0EokulmbUT68DIBYR1k+aQLScSJZyvUG26FDfTU0C4tQmuedu3lBzeSIajrzctCOPppaQImks+h+BxM0k3+OVblIoeIq7hyU83+TJG8K1sbE6NQy6yt/QhS4ZGgXKEe+q/k3H8LDrVsClrYg3Vt0mFWOUT+Zvs/PcWEzyls2gXr6397VeLQS1lrZUDUltGBgWBu4bxdb5lHtptt2TPn8S9n2q69E+1cw5+s3EJZfeL+3CPcmWQgaErPrkoLgzRnhpgDmISAQ/As6vi5hpetx+Q6IriVlXFwsm51uzKZ9XT/hCp8DAISn43s/EdhBYUqN/fff/y3Hl2Zm1azlG+s242HfNGU+qCbjI6kWnhQ8zmouRPSTjXC4AwwSM19QvlukFiY6S6wWQe8Rv/Z5sqUfIksmbwTsQpSR5dY4n5MXMM9GL4OMk5PVtk6zXQdzeMLjXQVW4uq7rd8csEXtTRmWdSGlvlI+gbuMPPdULuFtq1e4l+8sqGrYlUSLH30hGmcj8bEkjOi6WHZxLiyKAizQMrh6Ap76a6syLsVKh4kt6ASNrbiRXsCmy/RsN/0PCZYjfnDA77548AG3BQ53iXH7mRU3nnAfZnzI1j47WAOH1j/GSSPEhfYvRbn72dtQDyntc9ibACFa6Q5a0N0mA83ZcPOv8r1NCAegz76pGfIj1+CLNuh/bmCB341jwchRBAxrcq/sNMjWuwquOC/ayWHek6FJCiLKlt4ARokooxATIyE3aloHYtyO56j8Mywe/qhWDvbCsIQppHv57Sxrc+WYVP8EwcqXmtuFjql4PLfm+P+eebmNMgOI6uENXdJbC8K1BS6RcSReysJXtkKMFmRChuc4fAPwscLp+Mp2jE1JpX36MlXzNYssfoYySFAqSbakB5rt7cIKxlytUlG9Ol/vlzeI9jHhgi9F2PzWTqhj39bDC+G+twov/D7bnhBN+NWfRSZdFi3mNV/wcNy1IipjYmsnbjdHvO7LLJl5/eYchYStGNKnKwubHNdh51uni2Bhf4E4nhXd6BH63ZWt+xg4FYWA+VeM4YeOxm+gxy1ELyhamuzhraJ5NnfGIN7OB27nmwfqit8U9VtMDhtpjXyBkWUljlHYeyEVxOed95eN5XrTrMc8D5BG2GbUhjOfZI8rYLywy7X4CADhLsuCHRW1IYLWNKfN5D73F8jk33LS5hn772XxRqkg8DyHbJmEzXK9v4KOovH32Ci/mNYjtQTinalgUqPMpKuIZCXo39wTFMG+nkbxfeDt7n49gavQ9/RfjRF5bWacBgcvil2ob/9f1wBt9kb9E12n02H8QdSQTNS6vpG6m75n82iXTyT++O/hrG3xe0V6d3m2Vt0Cdnhom8kfeNyzKHdivL3OPmXmw/b3toiExltd8+sJkBa4bO/IsQxulh7HVeYQY79gmBI6Vmn2RFsRSVVfLJIEq7fY/63lTk0WnM0lh2Dnw6lSTHnjrJ9oHoakblzvghM4/3z6KdWxkvxGGtgJABAtdacISb1D4p1UKCm6O3uUTtt5cVTsCTTFDJX0LOs7INFyTEWtOiUWFCioLvW3KUkzRmLg5C7AOd8lWpxt5fFFmkU5h070CmcovjABelFs9ibUSAEhwbj6Ibr/EROxitk2RQe47yok+z0q0UKT59o4cnIOgc1ATM8GBt05VrNZ55F240I7+X5lbJElXc7R2WQ+zTaLmJFTri6S3wJh5e8mNIrFiuCBIc8j367lEyzufDtsxK38DVI+FjZyYdCmOXedGY5C/NBj5zNgPgaTyo4tCYbvHT/FKhHbWzbAzZ7gk1GLXJ1MvAPsVJ82e1q5scPjdcJ2H5QBrT+iUPwJnKa4SMXPoKOOEdMFmkzzCusm4VbCwX2khonAOamUTdDHMTULwCMLzfWAvuu0KB5prJmQGjiv6twyCvzv8am9lhXfwYe5vb8CGHWLXCe7H8VyImXlSdvZqb2Mcg8CpcFUlZx0kFXd04eKs5X2ZUlgrCn40iNyNnfWD2Cj/HQZ5mx2w8zfgHQeizm2oXTSqDWrwRQjVMRvgfHi+7oe0kTadoU2heBtqvnXWrQQJfM1R9yhF4gtKQG6q6tbt4CWIxOIrlXDVr21oW5gxgcA75xubee9Ad9jQUw+bnHlntr402v8rh3wHAN8ag5Os6I9ea39LUxAer9TKPJq0X8FsUMXQ+/10JQOoE56vznzeAqKqu8aFSBTMrb8AzjhmxEX6/2nSBNUdoIIIJsqtCdNzDa/72P51TqIZpbtOz6zFEwVuHGC2AXP7A1e098yUfgRbAAsrCUrMbh5T/qqbmOJjeJEdUO/Bgvw9wqtg0lP0piANt6uLW/i8nRbqvHMbK9Cm/kTmfXs8t61uVsJJcAKSfPMMJSAjOtk2W+z5V/Owzae0MoHgUyDZ5SsxhWp/KxpjMsadC3E+ROk8vnRywNRV51f2KRA5sqv0lnEcYUQi1Y+csTHxqxTwVXGlT2mRFFbH3vBo/D49fFPyItdIJgFIERdPHHDDeuigeDDFfycjBuRf3KYSor+ehPAO5crzaWrdChp37G3CrsSlk6vXocsogrqO2GsdFa2ItwRuzuARlBYDX/dd90nCEIkpLEmcyM/IW8DwGuCzbPQZdQiCT8JGya66tO2y38lAcgJTSKo+SCA78u1m1F+0cLaHK5gycM10AMmZkrHrPyn78xy7pLpgR/0GCNrN6UXtvYMCvxSVMhJYWEiQNqoAu7uecPvPW/Dh/UOVvhIJQyN0SXC1i4M+KP6bmtlbJYLt5hSgf+374mDHWgNyhF6QwWLr2REUDDCOcCasJ/x2GzcfPihno/hIx1o7f+8IZr8/FLVXVcYNNbyQbc8JLcbof6HQ5646h8TZZfVTTA53HluLSBb40Ul85ZU7sayIQZNejRIM6P+/u/uWfngdn3pC7AbANDyEpAZLzzhg263sIw3hDs3xrUxdotB7GGTDWEjsdgUq1NHeXnIvbNqkbb6fnxmZ8j5OqbrRt9DB9/YUVfOkR6D0YX0fQpUy/ysX8XU3OEXHGuwgLDGGKrG542TzSULO6mT6lKhIQcPEd13EXxU8yn0XVg4AcVEds0fZwQ61ubAzEmlCqH1vxSID2jAUI2Y/gLcx0Or2i0KMyoW6JRPw+UaM7kTA/qCAXBbJLOtsjFVL30YxAJNfroy40RsglZEawVrhIA5vbNqyoJj9Gu9ZPSqbebEHGyXmJ90ol/N7ve/7+xpiL1Y1hUo00O75Gu28Leuj0xAblDn3oHGpI1waNc+VC8QUc4HONlwBccBtqgxq0aOp9ONgX/QE3/VYobJPAkEfGOqkjmrlafrw5CqEO4jJXGZ1FIvRjfkuOT7HLuVS17j13gsaMMhn0yEHLZ3W7GNaiB+xjeOHLoGnQYBTERrBSR7FKgUkPvJZTYJW4IW+oyLNH9s9a/KOvCUSyVCjZPydrtzOYRQzCJB2EKM+4BETBYz9Z2BUWWCzPIZgk60JMhxtlI4ag1wUqU41n8VyNJGdcs3Rjjys0wJUDuUyzovceWNUILENKohNCZ4qeoZWwzTvJx28SpEtfhrafhznZ9UQ64Y2nJw9KQeEsU8yOMfG5NHl4qSo306cUzQCgEJC3wJtW6KtjztQH4v3yzWeMG5RZMT5FBYIOHVZCgIXH8/lxuap9KOTYiGb3J1G3jddnWi5CpyAoLtnhv05phOxPhd9wZA3h69GLvnxSivjmoBb0mXyqscUlCr9aL/eJ7+Nxix1yiWeUiiCw7ItPoQ8wn3nZjeSHQ1xEpDkEK3svVX2qt2pX6LgnDVtKMJYQrH7z+jA449/B3Gp5jFfWxpXo9Smulcfd6Ucc/b7Gz5L3n8f2A1xSmLpkvCPKKzclhAQdzyVFr8yAc7lI64b3VhUM0BkP0DLyn7ArH6JxXlHlYBOOlB5ZTYshwd6seAi1imTyz3tcqqyCsbt+VV9EbE3rpuSoepgiRDqDMlY8GXtJtajgCtw6vhdpi/Iavlpcr7FMmifkh5m0kgBiv8IzhKzz8AhIGWZFoWkQpcCiSiz6qaJVkTf9Xw56HbvIItRDRFDuNkqNdUY3rUtad6J525NDDxTPltHxqMOa4YaYGNXl8zGcOuYqqG6imyq72NK+xMEIehV+eM81HUnjJCyrhfsKWaZQB2RTWoA/rXRZCjcfeWQEIkFfZfxzV2DeOis6pEnxdlpGUu8Egq2/9ma0vewVtKhkBQU3iMSGuYWOpQdY+1L7LeoHmEPMpeZx/f2jC28ugnw/65L4iDgOSbakDfE89RDgUjVTnBu8r4FQhr3vHyPkylKbIx8KBVHtBEmHPFqSAhH/l+Li4sRB6iWL82IyXrlyt4/NhqJZCb/lgdZNWGtjlWOxluOGyjR6krYyrd1qPVad+I2dL/UAmf2OxtszIu+SwvirKBrah6hAyQpVw2N98thFldWo0SRy/ARY/8BTvIRoT5gAu7Phy+3s+JW9Rx8y/ad0c79Ox/GtEqbGGrfcNzfvETEaG/gQHPEDs/UAommRc2q3Tq68QUD4uYobFt5mUV6e547tjBxQY3Pm5NJ+wCYonyrKlSyvMiIzXIUqS0JV3FyiX+mYmZrHZ/WpfVJAGeiHvT8bm+jDk+8BTC4zy4HkUSmutk+LQ8plz8afWlytJOwT1k35fDYPh6DFZeZFEW/hjgkI1XGa4R1P77hyNI8ZofbRp9NdjfWj5jrgNhe25DvYwh6KyOmKnGw3guTuH5J7Y/j8jywS1pADGp1eZKiBNzkCUOvQCjFcsYntuFzYfK1QU8MwbPfq15fqCJxDjGa9XtLwYorvxT47cWUDiRHcqGm5YsVBBisb7SDD6foFmdN/z12HIaoP4v/Kuo1CXbFjFiFGyqd+VtvdEyZaEP85xWACo09OI6hXCEaoiY66X3aVHC2GPA2VHSeOulIijsbREKCGHZQW9xlmiCd0NO/0OhnM1HfMkIajf9z4gDYJAJgXB0gkUaZb1eTbi//7ZzWvpVQ+akNQyjgcdDwZ3LhksOlk7VXFu2TZhqWDH+tmioloIgt4WaHERxqaUkeo/L40UIBLg8kA0ONSD6CThUXEarHDIhSVgUCMV8UNVX+oTIAyRPNbu5xm2V64X7T3Qhlqb9mfD49f5dP2tWsnEkhctgoFnb3fBYCPeyuxRh1UsGSxyZMSoEuYn4ndMbFXl6Z+DpbA1fI3uKtxGPwz+V1kH/18IEUeaux1mUSM49hTYHW6NYGqSfh83o06HGLWGAIB4uML/k9C+G2sadOg5hxZ2iZOPcw3yBba6+TdzCO2kDSS54vB4b9/c/UWx5HMwqzV1fnGLwc7VqdyVtC42Jb8GYeT+YT2HQ/SmMSOTgzO2YNKqzixFWtSPZHaQCWeXotCMDD84o0Bc1VXKS9WUV9mHcThuMeSo6dma1YVe/8BLdgt2hYd4Nhi7GuLQEoN4EpsCITMV+RBue3g2bn+wFdLt0AbH4WtQmiFFS4zHtTokqfe15Fh1owecPyLtnP164uCCOwbH3L7KEly1QTiTvzaiyV0JtfKGCEcXSrrMFcF1mdSOdCYlarXNrpIFDaKJ6jB5smtkmOODcKS+2p0NDwaHyCMKJ6S/qyTpEzv1GWx7lRxO45wprEzR16BJUqjJn2deikgjidl1MWPjkXWWHCczrroiHQ/K6YM6LSQRNQsPtHO5gJB9b9tUDGPEyhTHaUXTYBi14qf1RFfxvwmdkjXeV2o65IJT+Oy9+UKUi1NaKC5rIiXKR1GKCCj8zdEmQyjGlEv2fK2mbJJx8z7jVJuSQ8WVChsoj6FExdJ3mzjugSR5zvji5+2wwx5T3t52Nc+IB4eNR7W7r7T9g321TevVaiAluQDFL4MWpWSkLcrtJ/rwVObBV8LrMCdDxlDzI1ZhmxFNxE6fTWRTH9el0gOhxTy+Yr9CuE6qhIOC+LJHFXz0AuG2tJygovZG0izPLKhLquIfB7iubPgd45jOK1VHFiaC7wGNwzXmfJRVWp/LAzEv7HMJkKPeFJVFL0q1qIpIhHrxeNqlhKYp/3Xt06e3mKShjzBFh5yYEVBWk0n1vEw2LmV57WMQ7TCMz71XxYdWe1nEvc8SP2lz2kNaU6yIwcxLnfKJywTGCxZJ6A4eO39nuSq6QlUEnq9aiDTojWeL1zLnAhb3KGCSmybFFKUc6cXkD3Cq1DJo7fPom+RmG0/8k/RSCe/CyKpbxl+/89bETQ/aeyuzAgLcQI7HtpgEaHBMRk9zIMlpMPjENd/pBuo7oFJOnq++71AdyR+RDkH+UljyMx3izf3r5ufOCggH3oCaVv4fhPerwC4RWQIVSSxFQD6IBndWmYeImrdnZvS2kJSt3Phx6/o4Cs2LrQtqXek1uzpsPfshxR4D39mTMwdYHVoxFY/7uZ4y0R+JdXWin/PbeoDviJ8K/HFQotMxIRdU8g6HEzkAsz8du32Eu8dMagn1yiWJC7v9nnGDsG8Q+jSlG1p/J9p1IbAZ7R8d/dGiE2UhDom5B2KjuabGCdeiychJTo7cGI3zRUUQ+NjV3FV3Myszuo3fz5risNFq5Zv1Fs6osmfXD1ma0M4wOvXNWWlq7dzG3QsDzTeYaYHEJhZAyuztOQJHU4D8mEibiejDNXhCLVP4HWCPRLfR4wKLsLH7QU/tfgiC600WBJjy0lYWgWZXC8c2PhdBa05pJvTLp+SpXhv6hes0mPIDg4mL7dNQEVMfnAJloeoaj/fQ7Q/+31HWxRpua3jV/6D0ZKwTutuMkDKJTGii+7uDjXZ1e0RPotfrzsu3t5U1j3triNr8eLDOgRWCq83boU+NMARNTKaDRo44HQc/BjBipu40C5i78ebWxH7vOEBtvRScWwkYw+RRsSYoG0pJl3VY0Bhzs6s4v+AnGU/L4SC2sCCF+5xgywRdUi/jSM2VnzOiuZk1zZmoV4SoBNvuGhfd2+S5iCwjk0ioI+X+J9G/YoYJ3tD1Hfby06AvYzQ1bm9LCDc5/50vqPdTk04d5rSTVG2whAOtbzXRayAJcjdrVJiNYObiTKUkwPcp/CFralVI3vO5u/i0oKU+NL58/YRf5NH2ZABySV6prBCl7VAfPcMxPr8+IS7WhVPEF5urUE24NlGrIxi2U+k5C8jtD4hgGoSELo9qu1xhzNt+bAAXPCxoTH2rd7nm6a37isVdg9uPum/5UrNixcLQ0MFRT3ynwIAXmSWJgobD7BzxNRFU5L2n5Yepnh+nZrHSqwUdO8JlaslR0hMVfn+q/2IBzFDSS7UVI9Q5QYPKlqCiMtbWlL03vxBhZ2jpVItObJpMGcBJxQjnSBhymFjyVlmc7rL5NzoGJfgb+beV6e00osSpTvxd0F9SJb1lx28/JapZsIZ008DCId7ose7W09W7Aij5/RmTxYmCkyWx0SBzJQgHUzTN4Ptir5ycx/lGVyGYwsUH29rnpAyV8vY2Vj2bJ/M2xuL5dL+qSKwTuH13zSt95l+v2Wc9OrNUmWBP3X9sy24YOQm+5ka1bltcWOSKfYEg5qZ7BAbRg4tcSw6qD+b9uowSMz+XIF7go5WZAlERSDLrko/mayaATkjUFfvFC1qhLEugkQeDSgvL0JrJa8sahRiUhzLdNtu/ZjXX/wIh56vpoKjE/F6nY2Dsk89YYV30oIUBYqQaIxprbTplkRFP5BW8NFf0QcKNySD8mSn06pU+8nuiM2nRUZSKoljYSD/DNDvSJrB3F0x5NW71vxr9MYAr7csbhv4tK6G73pKV/XQC//4QQMoh+l/6ssEa/ttdRHRwr54IPnfzsvMkLDtkmcJk2xrwCrSVAnKZY8xKJmIBpu+C/y3dDg1s0nEuKbDwgWScVwfXsSHbaVopIQZLaOiaVR7MmT4CDK4BG1C6DZ+imFpKUg34sXNPkbSoL0Bq0erVnI3La5pxol2aL1IQndHwLq6IY+BwAsez8SR68hTA1BeZpO//KUpUiYts95EbGoKAmEntDN1M9BxNSOxhPZScv4UEmS5U2OBO6JqMPeQGjFx6FDhgIAyAEFrT+OzQiTrIm1mO5ExjjwmEYO22rueLTmRsiQMXpCp5rzSW0YoLWoUYX6RsS1FYNGV4EJPMjXVxZsuMQ0Lo7gDss6r8wWv66bRmSLoE/E7RbXtG84UiRiQIEEiDy+E5HeuAUSWOWWZ16el0xexGUWFymyMYFZOAWw58ju8GC3nz7tTGoZ4I6HCkjzP7XfBzdOg36UPQNIRmYmuOVAsSr/NGThQdqOERBrzGzhzl4aD0o0bSzryVCjOcNl8C2JaWYTD6jXubmMy7SdxbLeHV16IN2vKOiP0+2Y7dLUeqQmPyT2aRlOFUp4Ld/iVUYlM7/AeM5HEAXpyLSODUte+TS4RVad35Jfg/aafTOy67D8H8Ad79vtTmP/4tEQOCY9yg0l+YEX8Vyl7aLoREiGWHrkFoLPnMjsHL3kJwrHFhf4RjVKcs5UFISC8JaUQxte+me0S9+8sqjEtNFHZa/NDaFayJAtHy26AMVwCyLKkJc3JMgeGqPdj11lyxljN8WE8ox34CzImH6qViUcyOwjDiOrcM9CXjcdgnLIk7L5hq9A/khH1+asWy81n0/ej0ntuNWJvNjYhOng+7fWUMpgGQIOyp5DTlV0HUY4b/o7pynAGX+C75FMzRhLoUPoKmEUEfF4Kb4V3cJAVcDaMeS0ckxSXMh54/vDMWDFFAFtAIqyPhyg4/1llbYWpu6kFRiQJhNokouKzfwImjmYGcjqoXuUA09v452fztChsfqPT/7ipEUTG0ThD9L03jgnNNEXg3wEGPDHucOFJL2ueMpOzXS5Bup0SJQKBU4KNC4foIXl4kxYkkRrILQ5mkl4Fja68j5BPcwsrMQrxVwkZc4HPOXTQlC+P+m/0+Q/uT2KgSs0YCTCzUzDXla98Yab/bXE2KAPq/uMypRhdN0m84qe6syDH2vnjrz3K07+DdPw+IGumZHvX0qkz8si2ywRa5yHSS+BphiiASt7YLASZ7q34gYJ2w9ZOGSNje8uExOXqal8T9ww45ca9lRWv8Z75Xh96CtzNChrM9ZBv1K6P2EjOJDhlKc9xZQMPoICCtAD4Q6Ha8Ezb6JQJgN4x2UqiGlNUuamHQhcaWAhcOjX2AduRmdCLB/g7KyTp+I2pAcMsCIyaaky0lDyj9m9jFPitrZEl5bod4yrvzHs9mtusnT6w/jo2pxkYmlidj44dipKp1qUevqYxSgmHg8/vBS1yO9dqlWcB7RamH2XieRsAG1eJCJJhKXZH4xS907DtkfuDO5mHvkBJkGF3VHzDi79sCLMmGmcBjYs8WNB8f4KKIAyMQB6C7ymAKlD20kpXnmHCoI7SclI4eqh5gL/9mt4BiAiM3yppsBNLCVXFm97EUTm00FRf07UN/TSzEWCUMdd5RVcVrjDOgwdcX5O2ikt9k4B5KZk9rXV6w06YrKJwPQ8GYFmemeU2QLJtc4OEUqlyYeoaFxsdq4abUXi/1LuwLf3rDEyAf8ZppOECOCqRmWtk3NL2m3yz5SVkaIZdUc/0PblMkkteUg9+j9YdxLjHrswLFppZSWWB/HjGpqCpZMdjzr/aG47If9a1WAA5JpeHXaYtroK4Z5qRUJAJ+t/wOMla6v2+hCEz1+jf4snAy7zYOviTV8AKKWwfLQGGLKkBmpRrpWe1xSz+Exv0AT0G51pVUqW+IyaGROo+ypjwmTXsEIJHRGfVAjMiAz+ULv2cIy9OFBxZiYulw/l5RHlXwgNs2WLBSY3r39+5egF1yWX28s7fDsAMvgCfGVFfGAHabZPIfwDWjMZTnneT4f/KwRmoF6AifoaCS/PUnT26HIxf/rNNUQ6BjPkqhZIu+mjgKdW+8OWEnjdQ6s6kBLxZukkLNZNsZ7+Ib5g8NYWeAxn0xugJyZfJ89ugVPreLVb8RVUPTIM+g/BJIuX3ax1MT7/y0axEI5hbkPV1t/TuX8NFmtt/IfO1bkCRaK4XZxW9xklsmI5aQZ1VT5CPHgWqbjmzJg9pBR8x+jdrrkUU0DDCZnE7ee5OiKlmiqwUl0i93IL9IAiKtnLIOXwd9dR2iZ8VCAzGpHgR7WejIQsTxLPjYBLnmwcVNqItojgKohwNga03u4kgvHR5SgXfRLv/fANCkX54q3EoY4zxpo9VbMx2FU8f9td1jeRB0xwH4HyBAJ83P4PBIQINQGqWrTgVbU146DErVLj1zU6+It1IGITFBucuKY8Wm561PHPAAhdInxEoroN7uBs4KcfzYjIJUrDiqye/Z6n7B3Xbhc7QCVfqiFmHgDPFQGL0y8+MzbsIDagkbHYyrQ7mA8Mgq9WMQIMdpdxBwRHdqJE0E5JZVqqPlPWle4UOOrCUaDKhVz87NOSMyrtD3HodgtYOc6avnyWHIx/+44UiMYxDFlU/jr2zW16h/sESwQ2yYARwk1JjVn8dQOSjzqPx9zhJCpprJYQpmdFqmEKL77lAUFPvAeAJMqPvmdmSTOY2aTWHNBmoCjbvA0Tkaz0k5DkC0n2WqM3qGiKHPfyFzwC7E3vqYdvwkzL3fnrJZ+yJmj6KKHUcWQY45ADdSmLqh46coQlreEYvsUBmNRneIXl5O0Fs+mbW1nUu89Do60vVbx2FlYZOevi/YeA3RvVJThi0IgaKgG5nPdK3k3NwfPXNj3Hj8c1+cGAcn3TD8XUjFWCeJxzrd5Xo5ZDFv1GK0Jovs/izys6iqp0bTKZt7I8Z4QfBdgX0vnl2AjAw5a0K6/JfYNAhbJHjCV/VBnl2ac2g/qgoV7i4v7fon5pqBN8sM6Owagm09Xpx9Y81IobOb9Q/Zni8+2Z4gefb9Ku61fwFyOEbYNsJR2ris1LaQ+bHQz9SNJz57YN/GvgL1SiTVZFDQnusUMPtkNjoGv3GscYw5ZXAcpUbbLt25oTVBvlalqViTu9Kt9sZ05xFvkbXVP7ovBeo/WJsvZlDj2XH/F6IRnfSWZDCs5MbewFypmIDQHZIuCLhUw04JJRkoXDs0/CshJj/CDLKJDK47X4jGVnJVEmzhbK1jiRcaiSeWmipqycfT9GiTYWTTOUEj3zR2YZmfz57BRRdYq+CdJBqZlyVJwCzncb/ur/ZCAVCRxwiv9USqxoldXgZrp34ZBz9gu1eujCtWRlZU3Zh+3nS6YJ7x0AfgTuBKq+FxXOtX2dtXvYWHiZPXy33zdnDkRxPB8/4YJj/0WYPCX9+DNxFUxpQfHHryYnt/lO56TMgZhndj9tAqLPxKLGHqNUAi2cmGHX0fW2Td74ghrvv/yEW5+qa6U4If5WEgU4wVQ9TFgqERuRhTX3rp8jZkdgOrwxLuu74RFZlmbSu4jevmYV1zgaeytW1+rJt5yLubSqNmfeAaWoGndNqp7UprVQlnTdFqkrkJCF6fcFxJcbS9qJdEocUC2gFwnw7PQYa4PdpTUNppx+8ZPvrfRbFIDpkSCJpRiY41ZZjEK4S7ocijCmjfTZNf5a6Qpk3EEDi5p6ubB7D4my4eC4bLJ8892sCXCXIumDdThO+qYCZ0dP+6H4SLi4bYf1gG52X9KrUt/1otjFGIJtgNYDwk30kfFnVvxwZhgyR6fBKAZzk22qoxGpRZPyZjS951frO13xyLbn5o7P/KFppcczUTzqst7XLid5mDZlOqKZDZthcm/1S5rgi5MxL/MSR8yeAC5x3+8EabIWoBMQbdNvG3fLMwnrqfh9CarURT7ziqhjBqq2ZU7rEkUBiG1cd2m1L9mUtgJNFmXh1L4wcGomEipIiWdO25e6AWJmUnFTC81K+Mop7HDzAvMNwHz3wc0IcIqnqhEfBQqjRFfLsODPlWHIfid5TiVrxwdchjGYOopy2VbYxnOzEuhUTSRVaBRKxRQRdrVFgVYSq+JHsu+fMWavckEGRXhtwdZfsGsnThQYOFw9ENibCxkPNyH8F1N8cCS/v9YWYJAz8KAhFv2SUn8v5xTp54Su0MKsZrZlFsHDnmg4D1jY+wg6W5s/GFYCNUjFIsV50weGpIUAq9E3jqoniMELeGOpXnXAWKEfcYjcjsXhrpS21S0DSHN8cUan0oY2jLGKZgOHNaPVEnUoVR8diiqkVtNIxtA6+oZZ1jFf2Eiv0Uw4F7bS8B0yCiym7WjgqNQ5aGvHmPiXZ3G/+JsSYoCy9rLI4AGHW3pORob/Do5zCDP+Kps3684MwwvpVL2tH33TK/etPI+xvrDpLSKVGXI4b4lIv5cnUp/sokRZeDBIDyftzyiPlgmTPTuitstJnSGLzvtr4v0MAvUUkqgGBp2RA5LC4EPH45a6EjZj0Qx1A+rMo6jO34N4CG4UWCJkIFUBZ/O32umMf3/9ax0fTj3KlQDVKKRTGyVxWmZherW2a3b1acVarWnRM2dWr4qdLCizxyp7FR+6kLjnna2uPMlJuNARL5orrbpdaZkM9osoqD3ertQsZjnf4eWaYNFi4fOSiUPVgzsSv84eqmIIX1nkshg4RCz481lg6raAxSl69t3r0haKHPSoFs5gTHal4g4CR14cWuITf+Dswh37udBVeA1tAp+jUipxG3BKqjzYgYjxoPsoRhbiQJ10KLkWg4vzi0II5fP2vYZAOagtNs0SO+nvOODmEw/9lmrIOBiBipQg2GkUpXiI4OqHLdmcuWvdPRGh60m7/ynx8AgYzXfgJ3TpopBmzPOOnMisvLTdSWlXxqy5S0GAlcmy8j+OIWaZLhvoJgKK2NsGwx6ZjQihb4mt36T4hex1r9KGp9w8OyI4buUzzWsPHVCJ+VWkHiYZ/cVYwNlLW0klQzg3wuE+eg3kk/wsFjqqWEPZeKQIkFhEM93vbyypSVdvxrDgwgZQ9R9LIQuDLsEpbFPn1AL0nZ1TaeBdFYktLAZk6Q3Ktqc+SsUX3S16alyGiHNnU+0p7Ul4AD0FjchhZn5i8xyELT5+McPKXAolU0BEsHzKFKJWd4jQsftyUWHxkTW8Tq8NXyCeuJ6HMvvug3sdErjyoyaEwlsqcNhzqKj3SReFBUBFDRcV/1HyE4bQqVkXQ976Q8asM7dwwhj/eW3wyW41fzI4AKdvxuYZ7GOgYO5qL/SzATkwgQ0ZZyO1PPGtcvKNGyOaO2uzsTkSTbdFJZLRsNnKPqLTWdJVJ6JGsb9KKL20MCXllBTe2Qh6xMCQvl/5FP7M+2OWqDZgvNyLVNxIfjmZnvnrwyLcXzECgF6MQQxoR5ZNsWsCGM1ZtIxdzt28LikGL5X6kx2qp2YQvBSGwV5maFFeshxf58rM+MIbAL2xM2JsK3W/odmzTaQkdeGx1BD6hMiaj7DnNgDFvlGOe+3Bk9gDDQZMD81aMDbPNBPStlfQuIHJiOZg5//4cbkw2U+Ul+jVZsASTpeK24fqPl5zlwdujxiZcI2aNspqKENiIHDox/dBQRrQnZONlCp5M0E4o5KUoNIjEnRomB+jkq8WZz6LOBtYxFJY+oHetUnuYAkyZRMLEiY8erSB0k8ffKz9/tVuNXI4++C8c7AwzezAiI757z4f4cLmTWQfss5R0i+5w3TVT5NIOSxuVrQXoNvz3ng4TEFM+F5tD9VT/Gfhpb/4H0fsft7Ws4HmYRvHkvWTihwGN06wVOHAIFwf25Tsb2hbH0m+PdmuDm2JCdGiU9JpZEVvt0ZISuwKNXOEdrduWh22nDN6utYcpmsy7ivsDvujHZM0m64yFfrbHVIo45EScMpA063y1OBtEDncVv/dv5/LUqgn5oPVTgXailJcBIWj4K6KOj5SlE6hbAzXktZyJNXXfstKqzMdmPdnrMF3ZzHorX+AYW8ML0SNHMLsLEfPCP8CSLocquf1ogqSYve8FehPBIHFl2zaX5nL6D0aSLuz3Xbl+0jPPIqmfaqrGrRLS/dU9236e/MRbXO39zFNpZc1nbu8+iZ0Uu5plaebxS3Su2iQuumVp6+2U9RFvj7ybWDuALnFKg4Lg3/b7VZrsuInaTxf7qj/V+TXJeY+ACqJbtRjXx4tGTesRRA0Jbz1VHMXVnDmFe9LPv+++Epiis9O15qPxHf+50qTUbEnmbqnK9k+Vw2Ie60rxo7VCRyhh7Yed/QdSXUOjTQKAjBfgVsSL0+WTDdtwNMPfcpxTIWZNf5qxt4IjPwzk+uu/QqCU3npuUMd3OV6MmtWl4q09pP2pFjwYF7dpp6rsSzfMGbpZRqFmMBIQRZrn+izkTAygTEzLMyWBynFT2f2WwarUTzWUP3JeoGZV3uKVYeq/WUbRGDpOMSBJGve+BpCz67w5h7TGdOnJ6AJb4ypEzItD8Npik02XePNiTG3dCQw6Zhm1pT73TIvzfK6YBgzlxB4q+BlKF+/VhHOqQ+yw1Ssr5fPdR1lK0uiVvSZL3vl77bo+gXEsofCUHOWen1eOQyii98azIkSA/BixKjsBHzn1NAu0YVAPL3yOt4pKILLlksZcbUlBuFsRlxZMdPFByMX+1mxJUmp/l3wkePZ9VYvD+OyxnpUCEM+UGaau/EBdsZ7EhOeIBkSh8usGA5UQcl7AObH0iT9WVo64y5yKjiB4708Cl+zguDA4jqZE3xbWWqryP84t9nIMXur9Oq/ejiQZ76g2B4+JSHBCSNVxUp9HTYq0iN79uY7EGoy6DDoUd/g9rtwoxm/tJQlbJxgitl/tNTQ7JMfbEFo3A8JNUV7xDZRAOyVF9lYceFBfSQxddx/YOuZUUWIhZd1sHLsOjp/7Ol6n98FdkvzYhUaZLygtTDjpEerzT+U7xI0Ux6CLOqE7m8OZreC8FiDxhGtMgv5PDLKbYvaksJO8iABSA5ZCBmd9ouoIJt/5T+/D+H3LgMXem7LGj1IYYBuljhqZzArTq/1a0Xui/6aMoqdMM6hV79ZKLkPw48S8blwNnYtsC8PildrLgYUhYQs24lzkSvFXXd0ef8RGdE06DiFzSaen3bYV5brjki0tpt1uaGpdlPc9R2WpX+K1D/VZVSR6+G6yO2jp9i5STojhrieCzmILbFrJxp6YSJPjrHkvAvKvn8dfiN1tSAPDzzaG7OqeeKU0lvV7krq2tqaRW8dUUR4iN/fN7fr0ObbUrgcNQLoXFlYrdZ+LrLXu0/FXI39IU1gxkOZ8uvlg7YkUFlhDmoAmcuzuXCuVX9XyrUXOGpJ64hLTeXIykbIIQiOD1DrZXpCBmCBUfuCLnaPp5nYHJESYDyf8lH2DYLf4YP+oHAcGjXeAoFoHFnKCYJlUivMaW8W+2YTy4rgV9OfWLNpRzS0PtXXM3PmeeEvGSAuzffvv5onTwUYUCW66VfWbmxoBay4wJstcXwgbxsAAaKMhdaOodVZEBPYqygepajVFd4LoEReCHWeFMlKs2mVOGSOkDpOC9gVeTzo6Vzn8kZaYloXSbDzPvlekK0F8VQ7dYIGRwDiIr4Yog7ssUipLAV09BAIJ9HRwofZraLvOMT/cxHfjHx6UlOewIltbYKbXrjaoLwqcP+rmVIfu4gA4+Wjl4gTRsT8c8v17omB2+nfmlSbqVyP8+BpvY1F3zSSwiOEqDfUXc9atzBvfBpLRcKyKp4Zg8OGMMDf4lHxg1JIc6Wmo3a/CDatKB1rUKQ2Vs2yPVu3GVt7Ez1601/GlvXoDJezRzbAwuccRdK5sB8TbJT6l1MnNbvacE1t21yrGOZvrkzdlA09xavQluAX8Ct0J6Ww9hYgj7XMxzFdqFbM3rKO8SlubqxQ/+ktGHUPFcJ4m5LF7Nk0hCcR2SLZ/2jKGksocovck2cYeYfDK93gYLxe1C0AUqNvYtkz1HlepKdWtQSGIEAJdxHVfH6RjsYpz8vM/9Udc2zNz5vUgL09X1z7q99k6o1CZeOgUbDdHH8GBuPe04UkZidK3q+3JQOSeGdoof/HzvXJCdL9zmIYECaEuAjWL9+JwQtYz9az5v2NnVaQJT00h+j+8xZlCKxHs3lEsEMnFnQx2UmX8VPOkDNk4jL4StHp51ENrzSyXK4vlYNfUpTQd2s48LnCXZPbeRjNKF7J640urI7R1UF4auNAVU17cmLhDm68z8WY0mgW1uGvFkUX0qTZfTAhYwsm3lBIWxgF2oDCzN8lyv7LVamyh9HcMXOBcm8os5hRlMr7F7abPH4+dYFhUnhTdEWjE1vqYAp/UEGb3/RvY7pqHiWhP8A2gJLOXB6OZn/ocMvr9QnQ/0SS9Kt37g7Jj+J2HgIF1bvRCK8+0ool3cVSdxLhdce9UyXtawvz/wjEnkSlgHzo/M/ydyRI+k8f0q8wIdNAUNerYVgUOL9r/5E3IRgxB+RkF8ODXoDjNUlduBLkbMp80NOWMXQV6dnZevjNenRCXcbajAx6KOu5OnwZYDi9wcBA8ynfgyZESRjl1J8vX7PoQfgcqHY/LY3zDHR7fd9fU/l//rxQvXwnLLLNTug+UpPtIrHANNf/WhQyRp6asPY3D3tav1R823+2PZBM+cT05CM+Dh5qREXAgwmKRMwVtBULpMA5c4lKXIyjmwvORgG2EkaFDbXtWWYMYUqM2g0jIUexdwcjxMBXZCD80rfKteNAVmt7TwaOTJ+tbajayR+92NdNmxk72Q9bthJXaZjFtK54V4Uz/omagF2nmUC30K1EIjnA8F6gWYSlFRMQS2J8ZbmXTa1X9I8ySPdgBlykJgc9r/3K/L+xKvMw56fAy0GagsrpUihO0NAhnewS9pnKErqpllSdn2KsJTvNKHIEB/4aEU9Jn0Me3dgxjFsxYt0M/HShselfsuCfDmKsRaURoYFq+z/XCFEaBZzr1ehwUuGvUR++zAd17uDZLf6jkiwpifvnEDaeoWWljBTJaDHXgQTaToV32ZB/Qvh2vKc5sCH2TZ/XfBTgFvOUvy5w+YUVZgMdGvsaFipIaV8uRbDhYYihX13SIamarnGISYZdM3TWhuNeakqFHQhVhWq+Khalnmd7CPd0F5ISi7gM45R/Eh0F8ENtj01anEfTKjbFzMgfl6izitDYBQmlK0YIjWNUm0Gvcf3aw1rC2mWplTzZpcMVH4lMTxGIkrkJTZwEbL2x0zGJ5KTrUnwYOKYwjQvJ4zOYSc4k6wl2xdYwSPnBhn2T88r6JXjuVKwN1RYK5EVjbiaBQ1azP96xkzA1K6Ko1gjd7Z84KquVRSCoA/z2l8tdSeic0B7k6N609YbVQX2M6ta9BJCeODp++sH1MNAJBMiMMG5OXnLjv5oFgLhw+XVOsvCwoDSztZLTmVDgcO84GfD8eeX78qelHhBXZfBLGcX1SlalQHwDedHKzYsPNEi+Qj1q87LoRLPBcKTiKmXNoPPHgQ6Smw8H7i1bINXqlt7o6lbn6DF5Sgviwyz+ZCHUa8GTYsbvAck2TARaAIGODpTMRzzzK8b9v1PV1neAE1qV4JY+QK/kqAwaX+rHKVnPPByojqol40oR5OmeFVBKVRVjTQK0s3hJrYNbEKmtKHbLa7M4Lnl6QaJvaQgyYXT+Mgq/8dqz9LP47LtfOKLUKvzYyHvinsxmaDREhc4kRQ0yM29j1lpOJRZ2Sijdc/tfi7afI1OC5K5pRZkhg40V22Regs3tluwekSIp24ZPWP0NIFVSE0+WdDf+T7ubvUI30VxAwnvseENpWpCyGjQ+FqXgx1AY8Li5vAEQ9SQYEvNY9WxvEwP0cdjhOnHG1vNcle6XqYtsODr/r6wssznscaqzXDOySRlCZQ/akm/FkvJlHCxcYV1bU5N2HxjPXur44UpsbLDVvcVMyKJIQXIWCqMd5LL34j3nTJRKYb7A+O3WDvd5/2W//QS0IPQWzRhl3Q6TSTlzA5uHZjfljcCjKbQ2MOXk5veTh3/am8BhF8Y4BC2qOKcgRsOVefpSlOyeHQ2MI/4oF+5uOTuT4TTziqQX4qU9mm3iMtmnBCHleddMsYKjUyhB8VtsmwVjBGYx295fWFtfphFvWFrsS8smrW9kPdXEeiinPK+f6WSb9geC0s09cb5WydqbP8fL3UGODm1f9WSgNqX4Ytwk+LPpG4CbK82MOvTDBIEstk9fNxg0Zjc4plk33xdnj4T8E+RbbuyvsZ/+O+bJTIm9LkVCSXAYmYZO7skS7RuE9Wj8H7NTBRFqPDzUz4kdY+gtWnpjgFwrnxk7Vpyp6lqeK5+WsNxZJXNNATXpDt8PGjoOuTtUZnsp6c0PuE6A2VeW/QWIRoabnzdpzVA8EoZUd0g45bL7d2WqyOqCVL9bvNbQRdmWE6zCltJ2qvWnK38P5OiOSC+hiirLOIPm4nO+WSwm/5L1tMn1WA6t9qgWw0pG5GauJZqRi7N3FHBhCPYrEOW2T5ffkemeyWRGR1h3CwnW8EyIWFTyAMThPJbs1KMb31we8OXLdMxDOGuSSf2i6/rNHGVMRrc7ptJty3oYgd4wJg3uxJZzssLLFR3S/pOw4jVPw9ucRK+oO0aZ2id2ixoh6I8dLiJik2zNfGA6KcJ/rGkBrR33wqQf90XHGsGuWsqW+7tkzddgBNV+q4TQsV6zYYRGc5Oz7H+n2gBiHggAANLZt27Zt27atxrZt2/b8qJnYaGzb3EPsQZ7s5dBIAV2yX3sUVbjlAvk6TA9lOpRFOG+BbkbRpRysc8Kq+/pXJ5etKidMx18PWSJX7mfGq5aJluAaoBPJ6o3S826/4hM14qo3sKhqRW6bXlAfDC/qCbdinvaMGytBlLtmJSHa+zXQP7Yni+TDCxhgQHHHKN0z4Yj+ETvERKc+4OP+HFb8gJI23H030I9Ew4JXDvaMry44EILsJlU4Brwmjtg8deC3sJR2WkK1Pjon20R0cxPjZaA11gtACMhcOBOAjd9pIqDm3nsu5vv2hl76u1zZ9LfEbsJp3ECxMra7LHH8IlomRoh65I6BRqGq4pQbyc89fDKrZx4+4L9lakLYcjaZa6cvAOgquM19KNAh8MCMn0qOSmO5/+VlWjJYC9epp3vJFViAdozwGYjPwG+2g36IkHEU4u2MWYVb+Z9s2nvRZQB2KxjPd8vNOZ3vbfxswyD7DzrfBt7L3wJwHItLAYb6c7fFG7uIA5ehOcv4+rKEPLU7T5WeQ8hhjPFQK3EMcPfSNoI+z3eBlk3qqCyV6hDmI4kwFhtw+3b2Nv1aXCO3ghGVR9wcW5VdfoB+giB4zKn3YnDcvTC4akUsaIQF3FDUu5QIF0WCWn+tpcltf3SeC/0Y+PRUggfOxgnRFAinmCeObobaSnOx4ZF+Muo8VxBHQ8gs9hAavFXj00ZboFpsEVMh/pqB2X+xQV25jocAu35MjlwISNyDIeG/8oiFhyUNoIq2qyr6rpyhzn28AHuDAva/F+blSyYbNFLtAMsRpKMGyRcGYY/APTX4QfwD+clXEEGcfQxjWT8ldbzxu5P8erep8OKqBmG6AS0jBSeqgj9SfrLNql+cFx84YzkVGvfzhUWWURoKdH0+bB/485KfefhMOnh9JzWhY0r12RH4itTVjfwz78BMtyssINVQij1P+zJsbnH7ghD8Ob1Zfa+xFzcDJ4hOst+Ss1ao7KukM+i+NYWSIfdjB3OLpnpgfGDeh57LBnG8HFDGRf+A1b6XkSm60YyrCWyJWE4MO6XnpOsmYd3ye+jAmhPqoOGfP/ARD7m6PkAIizEzCo6D2cVWN6y0xujpB5hvo7bUqDCp/gcsWIdMpANPrSUUWyrCJmecl8nXzQ2r0x83bGrL2DHPrmy+BnETd2hxbO+ITqzVoZV+W8zgyOlqJFPw51GOhJ5hj0HVdcSPxyuVOII9kUhM+Fr2qvxs5R1J+d2fWHCAVle0bgEfldr8be+RDz2C89rH83Ug7Lgc8xTtZzJ5/fcLI/US70HtrV4e88CLhTqlcWcvLK9Cf8zzREDlPX2ztQIhORPF/0+pSHWkv5XfRDk6ZUPPVqpYehEpgWSgM6WB1IvKjJii4Twx5wdmGRfxp7O3+hoiAlizVlxdQ32+lgq509VnCWbFfzgFwBs2gf3C5KZ/dIAR0epg5JXB2t29mNFKJKuMGw4PgOIHuzLtO2BFtd2t2+M/aPj9vjxy6sJnt7K28t3wbPPVlgRh5BWzA3cPyH0eii46+lN4xjUYtpo5QTuj2NJojIE3JCqwAYqm+w+35jzNo37N/lolCUEXUhn4HHQKdKg9gYIT6ncyWR2rW3QXp2drAk1WJphXv0zR/vgN+OSRK4MyG65ao7DSEsBxPtcvuNmDFHKH5wWZio5SvBDmaeMwWK0SsDNvttvHNwQ/69vrbH32OqD4Rdb/Hi3Tdfqr9HUWb/qpnnc1gArWRtauttlK7VFH9S4S6SFpM0HFhCM/PaPCqQfsuJd0uuXkbx9SCqK9QK7ozTaCaHVC/jlmpaLpxPKDFrX7oP7Ub6f6DjPyPe9VSLKyc3joxZNE+IBLAMIyMAlT6WlX0gGkYlakFIIjXtsusElBfAX12z1Pnm/HWxlB/T2w3VLwXKCZmKab3B+VdMjsvJqYg09gRzd6Vf+vDD3l0CQCQnwSe+AEhrvSx4/XIJ/n9actPjjg9ywqF4KoQd4vPaRlL39nUbHXNWEFgpHrUyrxl22vUchDbfwu8mfzOjoZZ7oByq71T2BBNp55X03Upst9u02py/j6pXVYzjcKr6IynlJMjS+LLv8XN96lEJMDukc3MPPGoOrbz85EMO8hQjH0cmX2a2/eFVUkPPNv0l7gH7VLjrZ+4dPzntpsGay7VtHaLGIqjAhWpRxU0JGVwAOruj7Tg9nID+M//o+HbBhHUqXGKquRql7U1flxyp1h62qr8gLdgbnB/eTGFmd32cYHJE+mJGtB9nz2MGG/aRdHh8gkdEsIuFypNc3ElA4p7bpNulv63PFy9PkpEao5ttXJLTcnevWROWk+ClqYcgKOIqjUV1mcfZDKagO/F98pg6aqK7mFceHzH/Qb04nr7MDou05o3Hs1VbGSwVZv7Bjr8MXbtzzhBTSaLflSMKUBEWNuUwoZQQ8lXoEqKc0zc6PKR/ESuhN9PHyGBKafp6IGTyovfqcmn6vvMKOJ47asEW9KvpIe/MrXLDAqXK/5r/iqu+g44Zu8EMMfhOw5UHVlGoxgZ2JmfknAjM+/spkVKh6x+10x9e7od72u8EJZZPW/hsEvWWCHJ44v0iVCkOGycIPzWEgwbf6Q95jN4ZduIjSOLgbCgou4Ngsae+gW0ZcI8ILnh602Vn2rw7sQ90/FQ93sHJ5ZHYHzFNx2HB+ZXr62A2I39qNKVSwJlBr4c5SXl4BtMuBd4w9DOhV0eeyTKVbe5ahiwfCfQ6wi5SzpPM3nkOZq8prlge8tu/sm1IKpOzlCG0ibo9/LdbGp7I0PIk3bvzsIAvax1ZnZvDrSoOQF5qv+hecAfuRK6lH3XXHzPvd3reIjByLbqX8fLL4FzYCi01kFIfZfvpj0+i/nxrycY4mNVdRvnL3VGq0/cWFp28uafO3OnDZzH055M8lpdwd5ooIxfpG0mAhu/D52K2a2uRMqikAJ+0TPSeeAmMBnbJgha3MkDx50GCcyljwBL8RiabJrlJQa3IM/thuNSgR51nzeeIPJPtT4VIbt1NqIclz9Fb7jlHDUcIYi45p6//FYBnUri0SeXrWU9Hw+kFUOjGPaLhNIP9cuZE+2fgoYoQwy74bClqvHDQkNsFxQ3QeCRxrfq8IQntvomkNtm6MoQT1q2OP2wVKR73v5TqIWyLq9Jwrq4cdOnzrb86ow5bahtitAOUZDWgRGwbiCBrLWeDfy0cyDFI92P7Xxu7gjAEgQ6SNG+6GWVQdr4FqXLMk14l75GPpgEA+hBTIQ9RoN/VQCSvJkg6qCJIjjQOPSmwfFUqjBSwC26Ywq10hfGLv69XhBLJNKCXy8YNyKN41kk8IZBt18i9DEgWRaL/uwwLX+yjXCiVYJjD4ubFTLTuUZ5RwscAaoN6hXWh6aVXOQY3FSH8/BmoQmdzluuG82SVQ+f0DJ63F+WhcNIvyUU0hsxLGh2i8xo8Rv4LVFhJYxTrPtVpoEGgmMzyeiREI+ZRTFKk3XMcK8DeZHgbWkkipD9XwrS03F+nUEfqFtkcHzFg/eH6l9xwuFEhVE897ubJ2EXdynrZAgGGPvuFRlKNlvXzV4EIbHD4foDNmIsMUyHrpGRYM+pwpPcySRovMZzaZWK3G6qNzw/4y3fYHQhp2Tk13OqvQg3N5bRE0ggtOvC4YnxH5gJGtjX8ZyT4iKKW6Vy3xF8C2Mf/5zvlGUq/iN+YNjD3+XTIit+J9ZQ1pP9+E/ApiEfackI0NQLaeyFUVH+9Urx7QpmHqqoRxUL5s5nFVAVl9wnMCHsyb2898mbgWVf9/3s6hXKWcGiII0UW/G/wXm31m4Q+42t7IpQ9JtgHJ5Vn3x6u5Y8M+3dBMy6T9K3TI0/ERp0rXvT5O+RHPx7rib2YQw2VzbWratrT3T6YFocdxhjOgDc/CGfhvCUyQpJNLnVpJJU9ygtMfarxsNmcHsoeCnPmGXdVTb1/fK0pg6I+ZZWC+lQMhJjBZqpJ3lg50I74bn2Lz1nUyRQO0TSjzgqBB69fhVwi+I9iM+35whTFWbOd9wjrVE4EBPck3yWfFZjhLsAYp0Vqh7BcTTlqk+ZvM6bok4CeH2IT3x6CfUnE9JRG1YihWFZa5RbvrKdRdOp3TZhsSEwgkJIouS56zhzMToRpFkLFiHsw8/0Q70XYJ4eSa0RUM32bT0XZ8d9sXJPZpN9ondJEKBVpTbTUDMShl3lhdcF7rF2V9PRibOHCswdjWeGrXxIp/ctIEEtq6oqUyVQxWrDMnpWyO68lp9mktPwRkV+zYX0ELFDPFLDMPXTU2s/UzZ7Ni4uzN80rpO+EkaoWUcKObH99mC5b6KnDTYP6M/ItAgoiXZxv5Ph+iOO0OiCIwY1Bu1RCyE9tkRzf688mybbebRYtIzdtIojeVbTJFBhSu7NFoWeEfuUDQWVfudOHF+LHlUbiGnNaVNV9ppxqkOjuKrVscpiMyLbD625DrkkHabtismP6shLLT6fTro6/OqcD/4v1VrDPGPKROPkVnl1KDJM9t3PxGNiUwjO8mFG7+9qK5tvCuFW4ZYt+e7vS1Msa/W+DnQrxNQjHhpOiuVy4fU/gqia3cPuv+OSZTkgTNNELnwnR/0tb/5HCeK3nPTZLu2RaKQTsXRveZH2VB7inPJ7ZNxGz/NCXrtprystwwUsYbwB+gzMgGsgh7Qx4xP7lQTvmO7yBZeU6WtQsgl7oz3BIPCteVbFTlC8YzC+iqeXNi3Re5TVKcD0J59/EJBoslCO0k53lOBlDoilLxYJwUNjhZj4VzT2oFEa1xWaeP/UigwSJoX9RU21GB3YdFcwJtDeU2rOQJZOfxrT223PoE2mZ6uSuTfkcIF7QvNtZmS41LI52fDtx/HDwnlP4i6iv9k0ihZsTmok0SSoRMnlBjJM9KjdhTa8tDmSubHq5hpVrMWlRZN0/hiwSKsJRGYMhcCYx+flsb689+q8huQsEfRCyDzRk5sSK/F3cG458OolcUY8yCJvs+4VD5dcYxpXi+r9Cp5q8gLj+OUbFjpVdw/17FtBDqhuccrhzTxrIZrkk0aB0YXTYZOJPhlealVjti2ddJi0frgcp6u/TEvH6vAy4keI7xrStqyEy69otXYPPP6HuTGN9eSEcPJFaGgmJDdY9qjTVA4MiHXTgatayusyYfpl6o7/fYiSpUr1X7qjHVU+aabZB0Chs3td0Vkz2sr3+6qMgzNOJrttTqBMIh2OmkFgqwJQpfT4DIMmvUPaL+S9ploJxFmU5EnYOZwrLQMpkGxOhCgc4LVe3/YhMlmBMBfZsHBA9UYDHf11dyhSlFUVx490SfOTN/B6u6n2x9ZlqIpQLr3bAXJFIOlub/RdP81+hWoxSWTNsUjbXWfk/h3mn5wlqnX71QEKZUzLJGJwFPxbfjwLpYhnYLF60RLTCCwZMRVS4SBoRbZxSgUQqXdjQh5FZ7YGLSRfLI1v2ddDryBZRoBWggaPlTSuKMaGZmqNtEMhsmB4vQlcPP6KMygpMHqelTXXFaOUexiufkgFOUF/ei4/rkW59saYoTgsX7srgVTnWxCtxYNA7kt7MCf7hum9KH5dMnPt8ml6pxx8fIRFs/TbusvVXVtDs+vMVUrLWhQGnIPM7Vv0mNFCHGKCjS0W6262uvxblS9R2xrqT16xwaaoD2d0SH8iFm3hj8aQjQWBCCVJDOm8UlF7w3/CXPF5IR1Q+LV8LYJ8U6PDRvzFat7X7xk22cyYYacVSNonrKmZt1BoElfN92yVeiV1HpwYvs9odIrPu7PZWeBooTo/k2sVsGcfBV4ii4QBdOng6H7rxivOo14F7c9ZNHDqqlpSmyMKPaDXHvnO5FtobKamAyMl+uQGwNNNBi/cpqihPWyMrddBdBosJ9R/vcDEMuPrfqnuoHtuoA0Y/GcDS5f1qghD1FswL9wGLBCwxkmrWyW2VdUabFUCqXCcNB8KkijFsoPd/Rj5/CMjNRV7Rr5qUbpmY0XXxgZ9+z0R1Qi1QDdaGneh9VsoMFQYl+n4+86u7seTfvR2ueyXyrVhvRWUUCWiTfZaMYsawWBDBVxh+sot2On6seFghefpi1iXcce4n/z6+WZCw4SXjdeATXzC0u2ChFOx10NiCMHibiexZb+n6Sf9Vm3OY+gwKlY4AgazupkVHLr2Si0huzqdEKZ0jXYWao+CbVRWaC/WRpX6ar1Zg3QgH/ez3Z5i/N7KaFeeheuqCrijLcx2WOyeEmhZVTGgcXeGqVQNsOV0nZ+8u+idU+X1n24+IQd6g3luJ6/KVEC65R448PMjlXaCe89zI7CcDEH77oElYRXdOCBP/EKbXCU4XtxAMf1T2Rwv0yCcZn7I7SVZj5tOm4FsUszHqTEXTES7EBDaveimz1sKAqOChqj7KBegjMJ/4G1kNFMgihfnz6ay42n6Ptw90EyfmsF6sukwOBGxl+rPZz+cn0knc9ZbNr71gMxc5Gsxivo6bqzMGco2aThYBnhF5YxdLt44AUXYSL3tMWO5cokt6dUpsaFFy/POR4v5HB29m3kbgs/+GtJe2ZhOYe0nJGxXHFYCwEWzQx0i+AIItwJB2I9VWz1p+JyfHKrCZroMWJ5qhcaAiEfZjD9vKmD14lALoZbC96t09R/+n74s8fDd6x3lU8xMP6IW/oYqeVBZVnMMIaYM9dFWDI4MOqrMwsg7WSMW/pwlCPbjicbPHgwm4E/f6Nw+hOcG2kmld+caNS60G88XnXmwDhCdEOmgGewkQqmFy6SdzvJQaKbkiGU3ddbKOmdv1tYwE6/sOoHxq2u1gxEZoq73S2Rlfk8MOucgzL/2j3Xfh2/FRCzrdG9vZekBr7sZNEvuE11qMQjoR1RWq/WbfJrvFYBQltUXUmOeDNPi+N3r8/LEaPZ+wAopF0qNGqVkwE3UxyzOluaSFrG1nlzBrOhsHRBHo/wpnTAbeNEXf1aYwemPDsr4I9RP9ef+9RX5BG7MeR3dMQllaMLULVgYQbhwRTZLgAh8/GRrvufcZ1IRSJohArSLD3VTMLfgkcoLmLUAIsdH2IbEdrOYlu+riVpA9jORi2RuoUW3l7DqzbkIFEBsWbHK4n7RJh6EtnN8vw5f0nVQl7LJ5JeIZyyOT9JA94N5nUlE4ETF9A3eu9yh44G4P0Ytfwa/KpMnWWTdeMM6DeoWUEZ5BrX8cj56OMUeCmfHAal9DJv7ZztGRC9S1R6NmK7pvvXbQHd8desH7nxP7c3Kd89fo5YYUUXwDrWZ5z7lw2Lcgi04n00XG1TcjwtX4D/lnSgPGbq4GafUwI8+2OxejM9xnOxOieKAvhd2gFdXBJKIXIAPX/KxXs513rwT9BCnEbFaCUZb4vIjSZ0D3kkZVSp1J5wfHSEInypEXXKe18zotKgjg9QDrm0L+L4CY6g9m2ThnfiJGGlgJclNf8Km/uuljH362rc2XtuOj9TYS+9x4RXup1mM1pkOuvWBLfSluLcWyFn7LkNEJ0w0gPJi9w7hJcntOKvGAz0qi/FItEnmbyAUmHAeO08Ht5Ri3pQBrWVcRkibG1TNYBjMi11eD0O0JJ0Xd94ljn0qE4AK9iH7vmJwDIUAqf+pkUFdB6L6hX8U3tlSh2YapT7CtRrG77PM586p21U11nlDABK2x7M5y+9tdUmY4alcZqRCl2ivQWoTybrEEMoq/m/zbXzCxY4sgeLlhlqnSrWkurTg5XE9xR8/HO3SKx8ogIpQtvOZKtsEwZ/EGyVfS6gyb2OlhHf7Wi03TBjiVfRNf4VePmTkM8afzP6xC0ULgSaUA7ZB0+WfXTdonS29E6fYe5o3KjPHFI1T9uZN0AaHPuiHWWLMqdUrRiGqwexBIFTkdCjm2tVywbxzxpMaX0giuSphnJdfHXgVN/jWDhyos22RBMH7OfLomgvr7gxNgkLYEcRtAcbj+AjHHn1zZmW75DZbPBi+JQH10kpHDfyzM1GzimSd39aNHp3KVORmxmDE/xvFBFKOS1uXRrEv5YzAVgfLSV5Cbm1HQsfa4JOEL8pv2rJKdPelDSX54YHebdh1LnqTQs9QtWo8pn2doZX3eyHCYepHa/secRm+BzaGwEmB0trznQ22XHtS3gjPfKHYwDR/bdHRkpSY1eirMZQ9kO8vpyOpYlZ65TN2RbWLwsm6llSbDK78nvoH3AdY4/HltpKwblVcB2ryu9G4xo2jU7Hix0Zmz0t3XVwr6Z0S+pSM4F4W2e9eYntJqbh86d92FfTqaG6KsuT135wQskYrHswLHpnvhD2M5W+a9YNgtoHTWkUAycE85JXQRj1rnl/YluEzzogrReMrxzUPY9GdxahcQDv14MmrEcJAoNc5yntF2pcjtVJPcDTVug/iPqfvT6Hq78fIhg0xl8cfk2LNU6ith4ed6ramPJSAn9JES5cF7AEd7TzcSF4KfumjojwG5hoxP3WexHfqE7ZMO41vted8EpEV7iGvOxZqpZz5yc4RXr9CfZkSjMYJmt5GEyFnQUo7AI2uvMJX/DS6xMBFj1oI7Kr93jgLbVH72Jxu43UrnPgDs9oQ5w4Jeua9aT+7F8Y8UvpZYGJKUDpI9rMx8CSl2Pw6k4odFfi6PhwpBySLzoDBAfy/EVXqTOx9HclQ0KLdWjdrHnVFzwpb+LkMzctX4eWs9p8OkAhMOfUkKCG9wiu+s/oxS8PgmUx8K8w7OJvJFmWXfQ7SEWiI6d/gPgVs5aOiPzGWG+UMCi2V5uGPmHgAQpdvXbT9H8LlTy/aCUMdXMCmxt+7ldjwyMDcz4FR7rJrtNwj4W/cmHMhPPAj9P9YWqBgRb1ShlD7kzNUfLg4fwgvovjAKk994zG5q10xd6HTroiBKNYiwa701Us58RIXA6LDLt73djbFdjm3LSmVIykcGstkJxBGSz8fjx4/tHqU0G40Gs7evGZ91ZndJ+XDB93IYVsDcP7OQ5w5eN57WB41sFtnaoKZjqjkpUOXy5F3HhmYTEVcfp1A8lcYWQhnwqhJ57EzXq2RubYwUt3yGvW7U6ecIo5bRLejHsyDKQ4gmR2QhLoTV9TYdGpytHNVJ3RSjaJqiD9clf+5ForGvYhFRxi5XKItVL337m3+UhbCEEsJDc2v5zVBF9AZTq0tJYrp68wazsefdrTFfN3KnlPa0VnbUu9AAhTc3AU/oCy3nHQ+qWAnwF1WfEUyDKlr+1XVQUOc9xUhyycDcQoLYSdW25QuYp6h6JakbAK2uJlm82ccb905pCizpGcVaD92IeNM/jDaZweBH756ULkoAqvefHswLNezhiLGflPDvDNPQ89MefEf1vbxy76vtGNk4xuVAtWBIwyVuPNSlnD9QG83DOMp5C85bV8BrupvMg33VXx4kSE5b9pkHz7qNRGugkeDsw2y00CKogMc9qsQkehDIUZM2EeOHsw/dHZQITRboOVqTkjLL+w5TBQUt3OGxDeR7LPLdcZAFN5Ick6rlpKyX8LoTZ6qhML9BPrGNu97BSsnUL7Q1JtwhqJbqfd6egNxHwEmuq97BxXmsT36WLZ1hXMiyl/oidS0Z5VwdmaiqnElfsJPJkchtsDPvtRx/xzwpXITYLTSeX4E+ucjrH7szfKAi+H3grnYI7KYGhVRj9CKIZzal6KL82aXesj7Y4mJN8DrsDDVM7EDIW/79+ihlSNPKQdw34YgpJxnrXHqyIlAXKVouis4dfYk2yckMjFNRlQRKbBBZn52+yK63d1wT51J2Q3kBBd2FZaKqZzPmUg7i2oFuukoC/csT1KtEm6k3xCkSiMN/wSchGidJX5/dKnOh/ChnrTe9o291730M4HOSoPZ3JEPs7TISgZf+GvaxRb1QVTkRnAxAvgdJ4agfIQIvCJrqrk/L1dYjYkyIJIFM8ourIOMyk/Br+CE//NBbMBGgc1A7dr34vrEAcO0tCsjg3yXMRaPct4IOfrrwIhypv/EXLEJTcEAH7OwBKX6u2BG8COe4Zo6h1ZZB2SUI7u5/vnafVTMSG8bsRd0Z+scV13YS8E9J1jXrE7bbPT7xSl+lJ0p+/zXzq7TLWhTrfnoTdhwZfp/dcxnu4ZqSODFxt8mveGEJnYy7oQwqMne8zM27moyrvG1rsgB+QmOfjY+JWK5OCJVFaWFz8RTPEmldAkAZGeV8qiqIgbAczlFn7ZIF6g7Q95zFPGctnd1oXIA/g29+XCVHVuZmKX87j1TuZ6ZY0+mPD8gYZLWwVs47YCtxE8XO2PXt3LJ3TlUi+txpfVvGAkIdJpRzSc5SnC8Kz9t5jShudw2sW6dayxaM8epYQfAfKSrYBrqjeYouslpR47gWS0FR2Wx8RNuLmQpQB9qDS+6a/vmxG4Z7l+bpLYiO+h8kFfFfudNBBjuoByM03+Lq4jNknKskBSAd0Vd3VFIczbeJdboPZ4oJwJ8+3Qz2Ub84cnHz0bDKwXslY28uDHX/aIgFWDvkiq+wZHpO2AovfcASY9Dqw/uY+h/qWDRWIUqpmqxTvG5KiUaK0WzQYJZUsf2OCL+sAkQjqB+MV1mePYZXYLSu4nDhV0Oj0WHlyVRbRv9d9bEpeIeTG3TuOByHGkBaRIbhXGEye/5YaMTMyZNc+pQlOiuh1I/FEeMedG6iDAhdp0dPFRdXrqzqsg8mw16OZFrTxBVGMjyFpm8zbnu/yTtL5Hfy0Jpajimjh6w9MPIrPEZg4yzgmbKi8kRp6vm3iQZGBociOTTkKiBLIHMxxpr81PoDSCPiRPO6NTprNQFGFD798NvQTgKzcdNbc1K8sMwf+AhVAvL3FgOL01JcYRscl81ik+I+uSVO7qHve+ZC39MZOkDX3RVIMIox/OyyLCUitrjubHWuB0MZ7Fr/hLn/UP0hMtT8eFl5WUNhHyeEhprsJFWVJHNaXyRoBmvXJjFHa9XOtbaWlUoWbtiEosF/bt1IeN4236VaSwmT7ZwTi1djtfntPQ4QejzvQRVUoSVC3Zr2vQ72zNbmkxD4hfwTIHJ6NqjK+07ZUt5doVnwCkUqe310srCy0iZ7cktv4myS87lwoVcizL+kbWctPZqndBV0J09XudHHvvnPSX/qH5K3AUNDckDhzrN56hBH+iZc9h/sNKfE4wfWzrCkNx0F8M3y3kUIg6KnO14KSqPuI17dhsQ48VFKLuF/RszqSXFItZ1MKRWLwhH1kAxt8oFhbtoLo9WoTtWSEPeTK4Xqc5hRDo/w/MR4mfcGWrU5EYfT1oC5UCc2ZNavVDAlPDPtHHSE11z5pNXwcTyoBciKPoGKCWkAXUEig1O7rxyRg3fkmd+Qz1VMAPvLlEGQ09eo7EI6GtCyv2gzMjy6u4MmLOQvOqtloyKBrS/JCR+znL+7Gk7x1KKCNPZT2Trkik5Xiw1bAnRZZyIm9s08WT0qQ2sQU7JM/QJZtMrdXZH3ahAFQWggijBInjCtJrFwAgW5k3mLTeo2TRgkFcOMeyyUhV9uqXMJM2ArB1dY8HlfeVpB59rSooFUTH2HTn6GmjxoPXJRl5ZvbDQ+jZAMJ2EWwrRDszA+YGoXVUK0AQKRMqSg5kEVzBSDaxOXQXIS8cOKXZNYWLur3Xf/zNPOBKRpb5pgJWFRwJmYwYt2UUYLKxitrSvWsHDX1fzBQ/gxGVYGNpQVsLcWzgPoijMfJKlrYOweUD7DaaR7u2Ham8Gco0l2kv4G4PVU48bvegKXsv+yQb2FBCBh27U92imnB8FXqAb4K0q7tS1wck5n4bKKmkz45w0vvVEf2JrEppa3iBLdcbn/C/4aISB7pw5l3SNlKvv+X07dSWuVu4brZmcVJYtUCbzpeCkTJBp9V/plKic5aOqtYXpESHMtOAgd4XXiPMKqyZG7ZAjsVwsRjz58HqZM9gQanV34bevs2gjUDNjkdHqU/IlUiH1u4qc8tIVU8yb8sOCYyFWM7kQv3tsedzOjSTdc2thgNL2W5+36WW9JsCCs5b8EzDkxOQMA4ojxHPEDH/oh97W3kdkrM/oqgh6JI1DMjYtvnf/7w44qdI/YTO9sA21xbNlSoXSzZpOUMFiblLsVqViZ/iyuyHICYoJ3qpz37j0klDTeomhXJs8t+5guc79pan/1NUqEaFTwBxq+TpATGAMiqIkh9b7PmgtuLjfEPBHxGCbayT9T/HT4LtJrOsCOcJr2Bkw4PnoeMnlPLjmsXXH1V7cXLFhHnDdBifwPIHsBaq5ZP0xONpiFZ8W5Asi9mb5bSZtKrfHBjPAEzsNhXyRr1U9qv8gloMJdiso/GcqgOECpSSQ/Fy2FMyRK8T3G30jCgUhn/usfcfAVLJEZCBvycMp17R092eTqRc843boIqgMi+zYQUyJnFhRObkL6ZVeVMCLahqPdkxidWa8DrLURh+WMNtSWghqI1pplftrHobS3zAc+hfziMYlzHMQUdEgg3l5TbGgbYz79FlKkMnbOX2jGfCCBRgPMkB+qb8nPRD0uqozOJoQ1tTuIs3DVNsi5o5eU71aCA0kO4kH0mX01Ye4JOsR429oKd8BGXlNKmotp4y1Sa9drhKeh96rgtI6JiKuI7KGb19CkcBcXYtJs4MjQrPQh+tbdN68aWngAqry3BD3KuOC7nz4mqsTf8YdZlFiBE6SJLfAXFtlO8UD3MgZT0XtTLYx83edZhtV+vJgzO9cmmPOVJS+phgUZnncGH5VTePkfnX/Xn8b0tgEVZKCVlf2j0KdMX2C/wvKdjkUgXERvmzQMHRfBU3Ji+6LYtmMp4Vktk9uw+rCTz9Dvj0LCNevrumRv/sUWEiNRse5ulfdBHiix9Inb8WvACter6UN8MpMsbleVSM/Qw/DmM/qmOpFPpKe+0CurwYHFxq9ms7QmvqpreWt+1HGDGQngfVSRY5Du3R2+EMxCjZ/sP2gu4rRoQkfKQtsvhfEsWExAK+Aa7VH7n89kK/V5ghxNZrCKeApfHPa1BX0wxluNtgSq5WUuhtwQ4QjxlYbtWp90cF8yw5xMUxIyO6+3QdXsXUi06pWARvmGQjJJCWrwRImynhfNf1NI8rc5nvEq/+V+PMWILjuGmSlxL0ITKLslNvucbH7VjrFoGIvft5OASUNabSAQt9ra9c7A1JykFsIWqvHT5iJ6vGROEuqBRpfFbqwmNQOUsX1xImW4sRHHIyveyQt84HkAG7xymFF5KvjLNXMpnfcov3fJzymSj8XseXS2KGWOGDbhJ1xQWB1UCT54bgL+jMzDOytwmUG/0llYScNn9/DPc5tgESvqJ+b9kkfw3XeZu6JKllLdnT74eUGh4XLmbXopcDnGy+ovg9DpXzb5UjbqAErxAK3Y7dl2IBxkEUtjX0f+dNP/s66U1lWg6f/BwiXHciGQPoe0v6QXzZ5L7tUvsL/XBg/gPmqwkcBMPfJICojbZfVcCQ0IqbOy2GX0/2E1YByGC7zoxumV4T7A4+538PVzGUp1aCv9ljcrngtCH1cjQi8JsDDGzN9nbXY0S5kGOEI/cZ7pxeuDbzU6QhpmwhcO7TFo1GP+HBmkL3/A8/Vq1YCY+HUlUWUjWm3T/CB3oflRMOqjmvVqUPDQbRd2Mq3wn+WodGfENzMuUpjwqNCMLbg8hjTJW64oXGW62tvtQJhqXbTRrVEa0k64z8hE7xE9RN7CI2uAGrEvWQnddl4bEYc6bH/u4w/K8+CJsoNvOAkoLPMWWk8EbJvyU8eErPR0SXWHHxG5LAbqt5bw3CSpP3Hv25P/jg0e+ZRZe5RtcI/nnnHsez0nkFknnPiapkc/49A7rtbUeWlZmilT5vyK61lf8OFtZVVsSWL6zC0EPUBIFtc2QFRPMhmlmkHk56dK5Nv1HNPiUo/ku0CN33XO3NNCfo0ZOcMkzeppxHHM2SKO/g8kTnapgcAcZBkXx9P1KiJx1r/t+uHiVmJGSSKqRVg07QQAtxFP13jhUsxNMRmbCQf7w7RIHJDZoL7Yphu83aViJfpP85TSBdBoZmEBIgZhi2WPddHxvkqjRD8YpNi5hSljtbS0lrGOrH0wUdjACmU4XAoB123m4mQR6H9q4MqX31dnjBK0NR+7axVlHjZqV1vEPDz74isKfqzU2Zld052r+fv/vaKY6z5CoUYyVg5yea1uhtR3O0QahGNKVaYOrflJaMHvFRHILP9cSvscmC4xJ2qAMxyS3lzxkhcZW1TMJUtcpu81V8TiRUtXlFBpbe0zqc4M12HGhutNBFHpRuQGONB/YE/2BR+1VxQ6gUt/sBpZursbaxBqonR7wtMv4OZqoMi9qhdcG//JTVPpqJgLz+lvWGXq8wnPvsw9Og+7bUXtRWejPTjoroWRiYDfUwTKcuJE4fMkBcGflhSaMot6T6STfntO6G9gu0YzwpZu49A4GmB9ynaMwfBa2zW1L0hqVhcrAsf4boZpton3ylGlFQd0VRRgVQ5ONWr+7TomPteqUXZBU13ouNm6eNYVIiR+OEsr/8I4KdhTnpAJF97KefJMA0XWv7YaMt0m7O29otrBQBCqpPQmWaNlmkbDO8lHZ0ertaOAI/qf9gcour/kEyUtYRYcQqP+sYnOdiXFetKFdIhEicxGgqh5xmBvjJIiPBUOXG308LtyBvRnFsurx1Wv8L4KDhZ+Y93kDjNHlREGmypElpi0TcskQ1jqEErTtJH2AYZssY1Mo5SSW4audR8yLEZppBY1902Qrs1igKsGncpQKhDGOhkvEEBYfLx8v15bd0VVZLLtq0akc9zaxBz+GEzAg9Xa7STxtO+gcIxXXBBJgdcDqCHDBr+/9yRyjR63s/GfV3ICrP1d5B/Md8yco2k1l8iPJ3KWVJVkrfb0biQSjXS8TZfg3e2q6haSis5RPvQk2ysk8qokE1aKi2hOT3eYro42OLQgkd5Iblpvgq7FYzjlnMYQtEoubwrcnWrk47PULJkXMZ0MYBmrQEm1Bjm3Ieyx5oCXJeVdtyp+Xxg/ZYK7fvOn3lJlbOAKnnjPJAMJuw8iNJc+6vLWexXuz4F4LlSfZcXM75HROn+L+mwcnOYo2BFyISbuEd0iQ/NbFta9XEuuGpNkicPrkGgIQy1tILQj2Yes+qzwbQZr3LaDA2uqEVCIcdI2FGsrg60s3iDJXM1nKHTr6ePdbaX9Ol72JjsLyZccJS2i/0Au/2xJEwAshesS6HIzv0smjYJdLeDK2WjHMyTpIDMC3iZdz3wJtsqwOb8chZD5VV9/3OkBX/VKMpwCHw5CJc7CPq6aJMEXNO1ny6D+ffie86SRan0q9t19u3ZYwl+g8W2trXDFExN71wxwjToTYdoeET3PF0w8xjn4ByebZVpa5nfnX/7ZSUPJROhsXzEm08MElm+YbOwMCYTVT+5y4+TcMHnxiA4utsl6koqvtoyM/ZX/Z13knUjONK2PkmwzPTrHlXwvBFFW7xh+fx/pXjasQGG4CygyS8ET7T5ZbFxouUCZqUhPBZSIpRajXt6Q5DCPAs7Uksg66oZqVEsjBaanCWKTQPVek5Y8UGocpwBUWS42wfzJQagU7gJbxanS8deMCsXJMs+J2qsmdWxNQ8/N7Kjjdmub4dV4UIR1EWLtpyjKwNuFxvwV9Uo75qRTONHuOIrPXKqLBl+siXgK8IkYGtHZFGCvwE8JnaS0eVjUnO8pyZ0Wnk4vwzurkdu9/GMAVleepD9qx+U80xugnlIvi0Bwf9Z1aiMHCYjZYq3r3HDFVlV8er/pOqb1bRZCGF202ZBjeCHuhwrGGShG6qqwJLhy6fPuKykFbVqJPYYDIMc29wM8x8EhDRk3YC49RLI9zg2wMO5zhaITawwjMGajckbh8EwMWW2JSs6ojHO9yRHqWc7JnI8JPaOY8LtSGY+Iyt0fcdp3BQs0j56SZoKRucX5eFhciMb3hGkBCEYmCfPh7R+OXgaEhoK/pd4/NgdMjG2VG3k0bBR9bWFF2N232ojJFQ2KAvMlAv43R6j1AMb5/WlbUk0tfUYUSXJ2sQ0hPd57ae6yAsY/do4LenKcCrywbXh20ry+2s0sh3iQ4AZSlwBItaNTYz4ZlyLcw2i96qaO2etOfjrZgey4int5vLXvZAV1iKqvPY2631gZgt3WYzF85QIF+MUqmIVx16/U4eUhdDyO45Cr8fuWedmJToE6HJDOFNhxjmvgBFP4uoXh9fxLrXjelUnSEuBi/7LtTK+RMiTgdlFJYaD94tRbtQ9agm8VXB3HrjLCYcgIutS1mgjngj9HKK+0nm00aQJSAq+k0Vf4ubFxum5w/GFX6P5ad+jXjEcbCE+/n8U3lPUqO/ZdwzHq43n6wBMkWxdsdgzKR2Rr77t66pEsqWjCo1aB4HPkdNQVt3vUDXUS4belMipu7iZu7p7Jg/fuyfyD/IN9qDS7Zii8rVaKSfR/GgcnTxM/2BVjREiRsYN6gTtIEsa3hW2AVuH98eS1YTTgZusj9eCG8ZrM66Vt5UfSwxr+4Y7eqnN8uqa04x6dF+npFhYqpsn7ZsYeiIWQgoBgIpLNgNlbOFvDgRAfzDDUu0Ineh/tc+7pAqudW77256/nW0PFiMDmVASiMoJpVyLMXLtW7BpziJhGWcFlH/FJAneIGVQr6o1YKbYmktNRsJUnmzvCx6eSMk8zlhYWywRVPOPuvaez5dqlSURYjfvzHv7mtilw3g0SE4kYDH3n8qFGhrPxe4hZFq38nNcEJ/rXG/XFD+m+f4NaVznEYK8wZPLIHeiH2MaRYjqajHyq4iz2miqsCdJEtrd7PQw9xYM2rHl6BaWbbajxH0yenzwuLtwO/Dy3M6/pjVxB3X3leHnfDJNdwR9IWYUeKvXw7Efp9mw3Kyn4RAlXJ09ulw2gnWBawqLK7tp/ahbap9q1TmgMo0UOVF1Etu3TzHxKL6oNUsAkgrAzKxR6IqtxefMhOdfL2d0flSobOQQSyDrhWgI8kXTJ1FAFz+5r1P3XUzIqSwwXT0+qdIk1GW5SNKW04Zrcn2CvECFC2niNjEWeENAItLAgdjNRXdyhUW5ygegy5O24eBor7E69OfgxOBSz7uAu4liym6A4U3X2X1xZkZ5Qn17fc60VrH0aVZdbzHk4jkr/pBH6y/tHx3a74YZROoheTHCMdOlxM5SaWix7ROxE5bRpYn5gDc8M23V5Tqnl0+jj/Xa7x4avdf5nJTtqz9ftwVv6xnicbMk/sQENKfoMK24d/ntJwpXYLIl6OtLFTVbd7hi/lUyo778li/1yF8Raw6aGtCTNyAtAJNmleeL1RZapjbzwCPz6Co2P+YuZ89ZmCzl82ndI2nGQm/W+lYF3qsoBK6F9fGXVTqB35LGN7/Szq07kAFNGIzRcsv+WuUWzfBXVOXmFtMX4HIas9uejuezl8/RlHOKQDgeRvKCN0L59opKOXBXFIfyWhiMFszu+2T/C48jElC9yzV8Ia/iZAywUR8F7uM1+dQfqDDyGmzxgQZSIavWbsuDF29ohe8j5uMYisJS1yjrgKPFc1CzCzuZJtKIUXfhQ3kq+5D4qdM7ryLTlQp5zU1lZlMdwsBo0VnUCjFDSiIfgjnmVeOiDSBTraz8hmn47ukpnySmFXEvvLID5CdX659HymzJ+DGGmBYThw7wV3FPQ2W5JslNm2/Hj+vbY9+NALF5JAjgvSbX1OEM7ED9ZtbpLyS3Lcrjw48ftHHFDzuRhztIJSnD1pyP+tE2wfHy5a5ycXlmQG9feOOMoANCL1fKsJ7GKLPoQrse7Oy3BRdGcPHnAyCGvGTZNC/1+nYxHedJe3rOjmcDIBteZcp8QQRtRQpV1ywtlQGu9qYJ4nEFdvOGxwUp+ajjT75PFayibD9ZGwjZiKIEVf9KosCNNMqCad/emjzVhFZNuiI2dRzkKB33XTTlR1/IHAivRbUXDZwfODA59ekaRwGwMfxbwPNb9/DfY5vRBULLTg4hvWfC5h3+pibDgE8nl1RLPaP33KejxnByYQpBTe/Bz5lemW3CRMZz24y5QjlC5bdFLkIEJJ3hlB33JFarK3CZucqjrAnhumHUod0KgP9KMPG/7LeVoFo941ZQVD4I7hBHEhDevNFcCelgx/GSzJAy4sFRfulAZG76azIYqafWGscotv9I3VQTGtq4za1ZjOnm+T6xeaDeg7Sv6YmFSB7bf+NC7a5Xm2TW+D0n960OMuxHBClXThdMmCmyN12UcK/RZ47dtwvsF958axiJjVKPM2tU+vPQfKlQSEXLoMFQkDm/zg0KGcYffw3jjgJ2/Myf40XT9bBdqBjaX/HtdwwYdQpBTDVDiHaPRPwDiRgVr2uHndAt8D3Xbv8aBQn8LzXz0XzNWecqslvVgNwJQ+2tzlN7HpUwVei2AYOc7kSR3SmBDk3uo6q5sUurO9MBw7HGPQIPKE+SxA0AtG0oXL2faXzpq61lSRpxXHl3+WRunJ27CW8hptFz1PYfZICeSflC9gFQlvMpLsH8t0RMGb7wEeTpvqF4WOlS1kc9j7f5L+DJj4PFABqmqyC2VS+XZfWViviB88dJ+SFR+1lDgIyL5eLLjTQLZUhj1CkibLujsB+Pksv+E67QRC94tpVhA0uOQGd3+a8w/fQqcefQp7wzz36ms3JY+iCcsjzYuv0mxYLHrGtNECDNCUtXfP7QUXDJTqbeYyOLvyXQMo5hFTXjoFVsmtFiiXKR2e3Q9Vu/gR6D3U7+fwnrWndvMmJ+/qaCVw1XLZRrXZk5VUvnUkVKJNRIYrOPDZ2zE/SpRnv558ovNPEPsmEb9evsLMAUCzN4mrlKTfysXb4eKMTAyzcKbpk/YTpecaQkJIsr5j/tP3Nees/1u4H9sfEZ8+5/iW2mwtPxEt2Tv45NHrcwAcrfZlQLquSF6HUNolx/wooqGJVZj1YPeZX5mppeJF6dcnF+2AKkZ8FFSd0uiPtUHsXuNclkcvOlnt55wTQ2qqvggnjgqGXSepX/9CRR0cNU4C9ieo9U2gUUcsqYBBLWQXz4J4BuNMO+hSrYFLqEHnKdl++kzlYKxzri+P1+I+xFAbxj1lvNNxTcnJeKALXg3CnxwgpTOk894DNH+0gr5tcMNToPI9RFTm+cMfeTXxFNm3eSWqSUs+S/WAPH+zWYJmyJUUpr8CTMGyZFsIfIWy230ZoPZL9U4/oidsAuYznwO/o9u2GKn1iuTvWaHL0lF4TVMAMDC9Bvd2vKNk/xAAx0UuR99HlPdmnCT6bho26gMuN/O5XwUqcGLFK88bfi2lp0QOvVWcYTYAVhcnYVlKNshg8ZFEYrOvKR6q3Z+0C1sVQ6Z7UUx33SO3WvpQMVOb2KQ79oBxQofjbKYC/aEoKZtL9S9RVpx6Li4UAW7g0dDYJ9bCOuOOi649ulZRxMEhq+KGPLSyN5yElbyLq4K1qq5DjnEtWWLZ0Zt8YgNyxhKhAcyAAB6qeA94b+heFaL9fci32nLUeTrz0DQzOdoQxBXQRLsZS+2sl91rIEN0TS29InIxRJ5zEPoW8TKG0FOweuikkf5NkRrbaZWhpVbciA4EXr+LtgNny2N/UluOzORU1LeAWqCaC4FzqenWKIn78t/cEoQEtDfWBp9usawgAY13Qpn9Hv9DbSOMhitgTW5iLjbn6QSuusoHGfdAR79zjDns1qf/OJBd3XVLlqKYqqzdsjDtmmL9RKp52pu7QPETelZ1mu5ILoaL/jy6pJb1QB8bb3hhlACEKF1KLidenKS4CmW3ScPTwbtDKFW1x0jUmM3xtM8DhqSiptjj82cLMQU6+VC0QeByXrExtVBscgOxKdTOMpSghb0R7oistIImiw/oFFuDMsllubSw2Nmnw//r/nwuHRqkVfXW4/8KKMPjXrgzeWq3KCe2eGY1sEpLTbR2PA+wdsrb2e5udlNCGhGYMsglitKdFJRhZNXeGcGBBohVB4M3w/kXtj7GZNhW07vtiEAH32lhLouDKIeBuPOlh7BD1k3D2FjWnHEM1Qzfcpqf+PN/jTtDyCblFEMuwMFyohLfj1z+pxHFE+tUyPJcwGo328kw2U2lBp5n2yeyuRHHUmOMRZiOymuZW/tWkpZY27Hw2sUl5NnHyPQ9KkUaKcX12AZIIFhuu1lKRYri60qxqF4sIEeN7v+WYfUsb6NxeionqZ2xFIy5qanPoT+onPEgYgoxwCf15s8h1WzIUQ1LGGBaCElu5UP8UJl5IcKX5i0DrFfAIhzYfymbq16Yw7q8+Xw0sP0sfV69CFq+kFOnZEZhNDNkGo7yiZM4OtCEuL1xAqq1LI+czljGUX4iHoqmjor3rHvmnCJnh6JAhXDPt1p1uhayevcfhNVy8u/2pd+bJkZmIg2/dOkAm9angVqXYHSg7UbiwjMEFa7S9ZH5GcC/6j0LijYPaFRRNdAPxNTJlpon85pH6ez5WJ8T1b82NSppEcRn6IyVOt7Df5nJpV5tZkf+ietdiaMd/hMUYUu2hhONGXqomMs0m4r9hurYsPOlYGWiM2jXcZa9EtJMoCzCcEM48nKW8QVc/kT//2YJ+aEv0ls7lzsxIXJZp6Ug66YzHzoi0VlwByVgBjcScOwbRZO7/oUnhqwf/l5+MuFbEX3E84ZeGHMZiuUjD02yIrmRgWB7kX57xgNWeo5gs5wvpJwjiNchxl4yec/9oBd5yqygEIwnBOEgnd1hN7z4HtopFUh3He9C8dD6ag8yQILDOSCgeQl0q0Sl+31dmCGHnCMEpq1AvD44S0uon/y9vmdI0+Eb0yWVuqADEi9xp+TD4DzfcYubIkkLASW4sgyXSe33nSgFC7zhmrOW/ZhdWfTheQ2JiPgFYR+HTkg0sGEPUB1SzFhyX8+Ee6rzQMZ0+KZgqB6reiPD8ShcbHv+L9zDzVShp3qbzVbdMf1viDdgiA6c/SZISCEvj7VeEjMc4OHxBpwlk3mo0xSctObU1z4wa2mfy6l8/niYKYeFqhN5wswiXpGE/VZMU1Z8lWdoFj37JMamDywyJwXEbifvUSdGQT07POz6ZLDydmnSR3C8E5UiC2lfvnyG+hDy/wM+MASy+604OqyckSAao4/X/3GumCmO8Cfrb9F8h9E6trRQw1lGrt/vVQBQLuEKp9buxnlxjde85cNQv4D6HkFA3rWsIUyDyt9qsB+VPfoECP9eWf4IjwnbYP7LiAFcOLXn1tZwyWGL9ok/mr1dZwcc7Ew1jMK8iJYGF1Qd+NoOEWddjbPM2B6gFBC+9UApNUAdfs6tGKqrZdJYi3ibHD0LdSMdvaJd0u6NwIMUm9g7tLd07MmNteqUGiYt8owo32mTSLyx5B4+1hwi60P8lZyz34CZQ4mH3cQQ8T3GWXrXc/8mqzNulDn87rBjqk7F4NwnWRUdkEYYeVzy/jKle4xVqb806N0hBNb4ex1c+/+Yf0Rj1bD4nC98wYLCDgjD6XlpIQ5w3rVdjYsPvhdTLGxtIklL+YJcnzh6j4gh3suvwMgPzKopg2LpmtMF0Nc8qS0yrGvgr0hFA/ncuf4nIIh3os8Vz5zxvxX7sb1D5zIlef/6fVfiyoy7me/qBOwOUESytr7jFWyw1RQnuPVQkklf4EOokdtYoyFlhp0lKyCyDk4RxOlnk/RyoNEvUDU9WWYCXgxhlwwBE6Ogkf87XltzVG/jaOA7Je/DlXmtWVK1N/HbDLZAsL6etcuD4PJU5fVEPWr5pijyUqOcAIg4HzbwzaCgcuf3BqVIlacxk/854liCfi9hFFf+mtmCRZmWoeghMV5TymGbjQhCcY66pXWvL9InvwfR05VoDyIFSPusER863Ir+zn9Zs3Pwh9VyUyaoSVny7CfqX+apLlEesLmnAlXjYtlVdROz7i1DE65NW5M6i8e33yIe+N2ngzUzxPg/GDs2JaGb7ceAQvNNr9kYC++FjPaH06kj6V4Zq+0A5EsnkoDTROZWxie46oI9gi+E/hxhEbcmk22kbPu0IFYdWu4J5uBcerebAhrJagIIrgr9F/IfIrJuHbuXHAQ3XBSE8TkN5Hk4loUcI9WvAzakrosFjzf9ItweEWhQEAKDZtm3btm3btm3bP9t2L5s327aNWcQs5PR5JkzN37RlkC99V3t7ivORY1MUvmyuVWmWGe1ffiXq55Urroyp6tqNcJAilM9G9Mm1HYl+vz6Q49mk+/M58WwKvzDFt6mHnMbhpy0u++zepcpIPb2GF07EUtbq3Evshwvo6imouzRAxlWrE89rFRlJMyisa1O8Jdfrjoro3UeVYI9vt/yAILpRQ1gsiK3uSBMS2LJVAUR50LPA0ycrolMKI39P1L1jveO+PLXkbcSLIaHUBkVXalk34VM+mAa43bQN6XNOMzWEbVMw1qbA8v3kP8PNw4sNTNPhKie4TLbSCdazZStngL1etzPvthxQgwYjsWtmySrjIkEzxZQO3Dl+FGzokggUhLWd7S91a7HHs7CLPXM1xWGBSi4mApUwebCfQKlS/kvjdQxUW8wV7wtqMqTiZlev1ubNqAzS+dKa9nzIp57hjS5L2uCnD3J4Q9mNNMNWW6nzJBm8i5TvnuUwLLrT8oOD+2wAWneO7Stgn7nUCTU4mgkhPBOexBhWQ4hRjmYI3P7RPuei/g9uOKywYEDV0Ogf0jtrQjtpOlOkIVXlBSmjirvUR+u8WNLExDFCRbjA5w79my9WrhrYVG3FkjA8S0x35dseLDLnTcJRmMLQndf44P2/YE2bRNqxzM8NyR8T0x4qYRxKcaKXlZDXQNBkNGo2ru+cOr+QmrlXCf/XYFC2HsqaW9C6+dTwXaOFCrngIboajQWwpRDsGxfcZEeslEgEviWSAtFT8Kz8MVtgkDdxjuJL+0fPH/q9DSVN4P8cM8WNjd/D4+obp+wNJMUUI1kUaSMhDt9Vb5qRh7o9tJatSyTsyBO7ifC/fOGC3kYdmQswPa5ShrJQiE/defu/EYfwD5OJX44huyEvsN0IcgRxD7eKT9Sa3QzbuNCbt2toAkAP8bBnLFUFU0Fz1IHw12cHQKuE5Ig2MuMwTig37g3+A2NqaNN3UCJq2i9u9+3smU/oMVLcaiUB8nG3cfk9j/Oh1CpjSdsMt4VAycP2OsSkHU+nS2lUMedVGX0UjgdZF9KNYQRjSLcvsrP771kw1pXPTANhlLL7e/aV7hpQJESTZTeEY4tmzPHL3h/zyg6ncMcylzGrj57b2qmsqaq/uozwx5uyL4IdOkp+fKbAUORCPoaKU8YOlEYjvUa2ykYPK6anXM0rN3Dy1J4mpWRSQG3VhGmUaNE+8qsMCHbcwJv5cFglRjovTIM7Ar3H8uCpYyak8KGngPaxaRIzq33zJgPzfEG97E0cmYxjgNDTPnqvWRrI896Lr6sleyKwe5O5Ms9ktYmzjH9rQluQXDSEXDKD3KIhCnF5P1MhPf8l88lSIZr+VUHH9pqMRzNyc4w/jMhYZHd+YrUlEwuMUeuw8a/rXPXnUuQTo1x5/29SMPSz518QrOdAPCatMzoLURCiGNFHUtL5f7TlA+6kZX7OxApceIJaMPO3/+LcCrocCmpRSE/4vXaFwsoZUVkshgprS/4Rgl3ClEcvBHDKuQOD2TjvPpDSmdT1Gmeug5G6INdLd4gs9VrPgHsy+sNNkNF5EtAzfI1qZ+AQ0atmiR9q1shJ5JR4QQO2ZbHJNi3gQIEyTfDi4h20AIqSU0v1+5Y4XhnqbhLT/+YqTFgKI0LaCBY9thlUSlXtLA7JdkG2d3WJT8lxckxcG4yJ+wcrMBrTRZVFhgmUuJYvJUQ3hhmXXeJR3bYq8YrufTQcaB02ftm3ndeMEzCoesl7fZSpuWYh31L4r95jax7MbqJOEiBWyq37XAg15dArBw7oyjiT6iAHXsx9fGcskP0HvFBK4DmaMCGFyV4vJFY2UkGEydrL0xJtuZOepSCeJ+WBg7T4vm9KlsLNS7t1DMethIE9pw+Ui/J/FszRe2PEeFjHBuNaX5YsL7qDIFe5UDPSiCTCQzY5GAnTJnG2BvL57YTxu4Op/tOZTqUzp8fi/RoLGJliX+csYLK9RRDyhyKx8f8Nr0UEcLRQsIewJW0g/G6I/RFK7RFiwfpBlbQxixR67cy7FZDXjxc9JmQ6eiNQxHFUtDXO2tQf7adoSlxy3591Jf2UexGipxoOSrhAW4xb1cqEi8HCxNm8CDEaIod98AR+B29gLYcM6cUkN0HXKyzkrUM0OTorioFPqMU5uSOrKCEy2SgrGWbQsv1odFsM6FBJP9oWWW6TEUQf3+j5VOIfhPa4U+a3MQnGb+95VIm/IcB6Vz4AzTBrX2YnaK0biNvFodWlko0fhlgOI0UijtzOV7WGKipo1w2zvmhSXPuVjJles6e7e12IOZ/2GzfGLRbL2fG2n2RXcbVyh0mzMBELTlXd3fqPsjGWG2aBqYu8oSczubcNQm1TJHh/WmIkV8HmvVEQcwRV0Ddo35FlqUn9GbJz0tQ40NztxbKe+NF/L6dq5TOspV53zG3+1ZRtf1aw6TlgI5KZGlrxU2Be5beFJHygrL8paydf9OK9yHfPOf5j0WSIbnWUAT6PH4iRCBuaiOe7VByoG2xb+8dCqiHKhKTCr/qj0X6JLBfNpjq8ZHLtSqKPhoD85Tyw1GR99YrRMT6z8NcpfLa5plWs/8LHf1g0VdCIsdAMRqL7Z7wOd2gbG3Et050g2V1JRULm/VSKTb15T+M9F8JBBb9Wlgwn+eSoMz8O37DLTAgsxxqVwX8zqF1hotTdi1jah59oH7puHnQGp0ZxhTX59xxuawyicCqOnwksZquO5jF8fWWLfY2BrjPL7Dv0DxnKDPmNuCR5QuY/cvayvUH0H7dobGFwIJzWdvrsT4T08p0uE8gaks8sO0jjh0fdkFGNqcz+ML85PKytjkr0dTuHzw5Vmcw8fjDiOik22y2DkXmbZ1euL+OSHUHDp4axu7RY0F8adxmXj0Ma9juGDKqApNYlVURwkF8W32KXdMae/duJ968XxbxQDAzJinFZA2xhJx61+tb3Bsvjs/CRwwZuvgDplZmHT4+XvqjCzLR36Ab2xyOkeqRVCYQIsO8vqgE0aK/nr13Ck36SLixUL4oO5nN2aZi9RJ56rYgucpVP0t1lmkfVbxXFRnKFM5cXBH07jHUpazL1CfXlf+iXBfk5asjbn2YMkEuo2K/ueeCHHbgX6VQOsaiF/hd8F7yuezgculoYDmdyGJGu4YS8X0NGzlX7zfh2Qpz1BfUcJzIZHus+pW21LE8Oka7ZRA4MbI7cLts9mo2kcMp9JNtLCuKl6YBQVMDfSLBS7u1pIub6n/CQNqJc+IOKlZFS5E1ld+sh1qYRFDdhVXIG/tx0KmdTh1ZfaR0wkb0ugHJ/S/i/LWw8bNfZ4tXepse1hdiFnGR7bDqvNDrgoytbiDEGuEPECo5B2uX1d7vbKMeFsdv1UXsgc9fv2nhT+rcQ6qHHiANxhWMogb/SQcq2Oh841T3dE23b5VLqSIaG9Qe1rPJFyU5XNCQNq3KOyeer6F7ixVyVd/QxJjXCZY6mP1IzQAI/Pg/WJG1eZdEBmvbao5OKya/ZDtKOM3XMaALWhU6Yz4iD6TaOsTAfRlMv0Sh2b0t33RQSm3Zjkslu/ODUrBdvn5QyouFMEfCZ6XKF9W/qH4+X7JxKM9Q5TtyKuOozHFV8LBLXQtKdHcfm0yFHrGOGq7IAx7NgpJSO+unBgxRLWuTbEKiEoeUSoQSR5kFsXm7JbLUpab5f5v3l7GvxqeMweD7IPiFkuvy9f90P+0cBTIcut5ZobeTI1FmsNlhp/w9gMGu/y3haXP+8rX1kdGjFnYkvmL1t0UuJB32RExdcGUiX1HaQwde7RCND/Psoru30s371iDpXuDJjU2/laj29kfeW/yRwJgl1nAhbdAExcA80LXXLyESw2w3Zi6cC7TaqG+5eppnk6mbJ8p9BAl+Z4qmfG41YQ2V/1Q/nGZdL3xGm6+Ucg9Ix0a+HyLBcGx2pYCxPy1AFTxMbcBbcTGi/nfkn1oOyfxhMEe5I1UekikYo5LuIX30nDgMBs4Ptig1+TYJr5+jYW9lMsZZ8Spleh+jaAu0Mx0LIkOc5XwLVM+odZJOsIVxHsSvesi7I9j7B8ICXhPC1/rf5F3vs8fKtUxYB3q0ecoSnBIU0xFJgN4LUWea29RPeah3JTKqfC9md3/nWNZRlKDxrdz1hBe3dUMkWzTU/9Q8Jq4oyCKmaH0NzFaHhDKYAQTB1Asae/JoM9jahyZJbG86As3yWs46IgOv0o3dD6+YU51T4EBoZ/jWWCG0f+TLDwEa55wBO4mmB4r/iUGzyIa2NUzFOlpEOuszasxreneiOC9DpTGFkgNXydgEMuYiddZHCt3H8VqrIxMagoOxoVz6xHnG2Pg66tKRKwDNdoap14veEGi9XnYmUntw/YDqPar8ZA2TXSWKKCBUOORWgyZGy6cBySQctC2LdhvP48rXfn/Wj3TzEJJb3hOlY68rkVsxLc98y2nqtFISOB+CelAOlbdxJ4+EA11msjlL/JjJYbQ/PMeLHRNQL5CPDky57ePs8grsMZY60Kxtc37uq72xzMH/WwsnqAHK7PyuLNGfhS4GmSCJXiRu/cNAmpRSXlVvvehsHBo9++UhWHUohaZSOh/IlMGmxoTbiS0YLdMg9vQ9NKLr2Ytf2C4A26RXZnJmhRy9OG5X55hXQjx4KqqNKi6DDh6pPCFDdgsPsLSW2PlMcCqVldCh3ysB/fObuNFmf5z8dxW9jMPJGu1YGGF09kH5DV2SKaHkoTiofxug2H9ePN3Shl3DiDCTtivIb+F7dcVSjqECviPrQJ/hFmgYaDk/dS58WJ2osB9T/7DhYjpIGntcssbuPZH2r7Z4jFkAdiLM69hSQ+R2pYlGpTI4MQ5KK9CHPOstNDz5x2h1lWCDX2dw6vHl0Mk8mqimqnNKbG8oIfBMPbft/OkvXQ6UjINkcpHQ43ACtZbqc893CDLRtLL/PeljfeLvhl5hx+extOfSyduZdIMJHfkrpnXc6En7iGancq0DULkH1cbcyMUEu2KK0lp6gsgPzNt9GWZJZbVDCyjtDKoGm4j/L8SL2X+d4ZQbDr87wLPQyu6+vT8fDzIaTRyvSpOZmP4znGHq2SCCILI0J4Ed3tZvuxemutT/JXckUDnjIMVXVpje8IEaLLbqgcD7qyBOWucZOnaVPEZ/7/ZUprtrgCzlde83iZnMWIrmubBefUP/B3TBk3QxZomQjLjRH1BVMMPlKc+QQhv04s0BI5nqp8k4neSMyAYzmfd9X+2yhCrYEOfw3Ddodesogma6+MRa2rX6Is4KeDFlpH3ot/6vLqaDQoDZdQjGghtH/I9Afj/WgdS9TNXF2Sx5a7a1cOfbausp8fWnHSjAsvGKZVsk3E7IUiKmMUHUd4O95yFwYBDeiz5Yf3MEm7Wlo+NQuohFmwgnZgk0+xDntu5zD4hlsb43DFqaZr5LO3S/jF8ak0By17qOJsmTcKrKDHfmDtZMpfKilXJDYiOyqin1C9AQBTyWcS9Xu0BYzS1sk3qZUaRY6BuHuNCi3spKRZlp0X+nB4Esz35MZFa5gNn4eK1Tq33RBAvk4Of0ABbTPQzVLYKP0V6sP//GY2QnbHnR1TI7sktZgpEH9fYkhYQSQrn//yyfsAC0SL98v/6Y2Mm6BjtLY1lmCWf2HVCBhECi0iD2uWN3AABPpZnIY26RMVUKbk5crVUIlnuoTE/r5tnfyqp0qe0tN6xYugUYV3+e4haQTJ6HL5dzss7nrVDPgdNOoKg7wI0F1WtcMYW/Db/GxS4EgncHC9332zvCURWWauLJ2HSHKJjdqoE7aLZ04fKgw5Gl5AaU+pH1NvIii5ZWfjObYWxf6Z/MSVWNvvCsFLZvf1s87ZdRMf3yb3W/TWo0tgTjv5Y3Mt8CexkJD7fJZZO1FcgV95mydNv4KziI3frKKFbodVpWy8QwufKkIVmW0YTyLsOfi/WQUHcdxw6gpWI1GfqWlU4oraPhi7sMgdOM0iG11zLNHonH/p1Yy00A/B/mi+VATq8P3QoJ6nKqr0Nn/cprqGSGeGOq9Tnjq4Rgi8t6ahlKBlusklm3vmIyzw7VjrzWNIpBUidJ15TTxkyIjaK/LZ+ATXI+XarDtVjd7hLuwaxi1pwU/lxi7beu3rwjifmhl+OadrRFNyJjyxiWqXaunvwb7sPyoCIQK3PWKuTGWa8oOX5cTB0gxN6gE5iBotKVEHVPvet2oLI762ph6t9VVQNq601C8dVEtLnfY39tLUzXhvsJ5GQuWA5QxYCyk+7DZS0m130En+NR0rXi9KMNvYbHb+rzwszgfX2Ndtc1vfqhqrCU3wkOZKna5dPY8/rmW9DUeMQ+uCjg7RhzncyaMNopDxiDQ3nSovzzCxN2IQyQAzBK/feC/w/AmfsPT/DaeETyN52tZenLXQOW1jrI5HSo1vPGFgjcVJP9L0GoSLo+ZiD3qEALXffTm9C5ZJYax7TUgwKOEiAPemPGOHp5cLLd/tWayaDAc0xtYD6CFQlfgGkAN89FhDBvy2IaKdRzMyX1Kqixl/UwN3Hx06AkKdezDTcrV4O7X4bc9SXqDoUOmzX1+ldc/6l8g1VH13DMpBA7PZrRPcsScdrONaLoxSAtwyALChFgjHyv26w+lNtNrIvIj3/TGGqa2uTbWnwvCgzDMbwdQGC+E/GJsOK3M5HMXXwk1anHjWS78dfon5s6VnevqBSMyLHkcn51VABrVOOamlLRyrit6GSIJs9QSJr7hmur+yGD7dTyMHWKiYvucgq+SP2aiEg91kfB3inwXr7mQAGs4M3hMsj5G9Bh3KpJopp8zmB/RzpipvQr5jDYlOtxYzFGLX0FisKOk2lZcQpXa33QJJGsMo5tkqaU9Sq4Vr1rKPruh75bRBpP1CQuwAEOB+9duXuZ/S5y88KqjuF2hcn4cOSlTVbRO4xxlGgRtEIYE5Ilsyj76h9/NfbaAcLYBX7E4sYe0fq5/6QpAuoOiCwiTINnDbxeqtpRxUAuECI6uYoRLSPgswiISmA2wwcfKM2BstgGn6bSH3evIuiHFOOCV7E5ZrcnP6r8irvxuAYMnSL1wAyflyfEoglj+AUpvG/YP0wUj/4HXluE1Dep3nflZqqjtZGlEKMnEjmJ/5o4rdggXZSdaLICdkPngEYttwdLfYV6miY7qu/maAOIWisZcM54Qzg53tXMiU8LruGORmBNwQiOJy0bekMEl8hu+EziBo9ViSKyC/xsSLKGeq9Y6pAxxYKBqTp4rjOttzTIrKDKRz1TaacCK97wpb+VjpwAnatkclL8I1atX7bI5ONilN+3pSjBYQ7qY1vaLHrFL4OEpuIlxs3ulCA2+YR6k0lWFcitBfElD9gf/lVwkV8SULwrV4eIwmWiXdKKfx6JJKky2Kd+YqjAuc8jERZk339psTOu98knxjBKw1Y0YX7B26GdQml/ZJ3eXQiG7gBalsYwNQUAk81SBqC5FArfVrFb/Q15CytsyNoZ5PCnzd0eqVk+IgmTiCl7JOK8eQrL5lIAor956bXkomA2o1UE1hQH0PDF3aUB1FM5VWx7KEITCGtxkketr90eeit8Hh3s8QtQNZ002qLzR8FeHMtRyI2cjtffLuMOeffI3zH7C3bfN8e2qR4O+GWI48hxnD0WXYLk4X3OJfmheNDiQgQ9SCCmyvWkPd0NR4NxVeer5QHUTYdDol2FMV6gu+t+/ia/N9QXpE/RCj48JSO0RE4zNbqOtAZxIS4D3KHPO4bfOn+L8z05nvJ6Y5oI9CO6chQDX/MsSxtz93lWci1LTiWM8loCeeUEGw6e3Lgawbw8NS4c4fAvRxQSGOTYT4ySJEzBep/5Gw3ggBSggMoJZZwSSzNqT+tQTAQSpWLyYGbJ33E+cVw+cn9ZPQwNTzG6X/m5GSDvGl9SlJj6zhQmJDhBR4xE9cH9BUhB8/Eq/l6+Wc68ypFLB0iPz2+0KVee+1+LVoHO6og6zrnaCaf60OF+jFhKXnER7Q/fXNlAZlP4KhC8tjGd7sEBHsOIjL1SXFtqFSuuqfHklH48vDq5vjPPw+Kwzbvc/Vzi3HfW9URDudhp67BA8UOc9ZJwgEMmP6sjYdgBD4AgUgasG8HrQpU/sF9iRe9EcYZfGpRr0YVcba11BmWPgeT/1D3Qua774u5Vph1VRMD5MhxlP5WA10WE71EMNojhF4D/us9U7ZkpEP2pyjNZaioQFl2nUq6TJk0HI125Nm8ha91JmVRADm4i6rfSeighGZGb3MniXqTQEzZarzXblII/G0Pf5elu4M7yHR68BicAgaJ8KH1wBbrloYpwmyUPHWyTlZbCxzejuMtXgTXVmeqSe1h6RYcEUvlPlA5bUxC38EBL3zq6m5m3PBze58l4ElAm89xzNQxL6e/s6MkgHc/uoUrF6m5l9+Mw/7JxxBtaHq7oc/3g/pVN+EIDy5YYH4fgC3SatUJO066EuJBZX5Rovq1Q9tK7lWokc523ArgvF1LRBriZbxL3tT8qR9OWLa/1poV6UooWDzSj1nNAb4zLRtx2E9LLrKPrbdr4BUrqyQ4WIYLqlOQz6uwYWI4Ef1tKJVNfPVNqlBIgMTuL0ABMJhZNww8fXmrDEr73gjb86BIpdNCJ+GsaNaq9eJMXNFehXjoJMQQ+Jr8rZfn0HTBXAPzzQynMM60QlzRL2O0DorQB1JdPJkPJXQf0IJVskDMhPNW0rlm3n9+l5+hfYgjhXMe/OzgjIQ3s8T7xRlZdvcgNjjnrrD5VXaKr4wr6TbGMMfEP77vKlVDhogJPGgVsxZlQgSdOccg+4Ip7Xdlygi5n9iiKhz2I+R3hDqQ5fAbkTJiUXAr+cjkEVAF4z3WMXsnq48GHNKLvulKFPw3uRsmB53E+eXOrSzOztKzo+Vk2h7FEbnutv/7tHWaxpVQgpOWaD+vY6QRtR7V42oEI/RNq6IqOOIFsUjZ8p5Vs282k/5nrZ9ekioYIIrX3LDOftzNRk4Q9oo3B/+yCswWwiXox41nCuNLj+EDrkuViU24B2tR1qfnWZRJI1PHlnrKSxuAoo4FkYWu1D24juuGINyOyrb9nuNgIM1QLv4RPThE3iPGsGZSPcM2B8o/m9TPVw28QVgrLKBT5ZPUxWIdmv/COj+GAPyoIWOHT/dLI6TVywu3Ipui+fh7DycaAL5WAzMHoRX+CZ9LPKCgyr64cN0qoWDoHl9ZpEGwmzwDce9gPFHY+IRBqx49XTLUjj/JqrQLQwSOchdXFm36ojn3nVk73fNWooYsTrsvG0e+IbVOSEPbEzQAV535QryMsz9hqv3U77fn2yDfdsfrA1zXyvKpMmuM0XUIOVDR5/mrx3PDAGmuj6lqKjk29XQJ5YXOmBnk82trh4NP1xvqrVccS9pk04Sg8yBI0MrrfFHbvnZh6a4tQotsr25bb2eXw/k7iVrWzNzWW9hrAnwuWjCgx16BamtmA6LG0//emYAp8OYBxiYnHfFqOsDx0ulS79QrEogLCWqNsncG9GBGesV9VwnhVfkjOUpkf2J/4vEjFG8KMLyz8dKyuMgeNotzt7HetiHr+Z8Lf0lAjv6ITkagdZO6IkwO7Bd8rOeJx/QOFc0grASTeEErOrfe3AxWQCL9VsVYokpAyEURQb+oGAOplqQ8ZsJkKgNFBWzujO7YhYNfLxvF1Hi3Cta/uKL+mQQMSVeGjBbZNqlix5CdV+cebc0hnnPwJBin6tMPQlavqzfom8Xy1w5ECPfZnfJZq8D/GCNEpYrHJ7Ld+n2LvkrjV61XfykiCH21Uv6n8IV26XR9eY4Sc86OeEzJUS4tBD2hIMzjlUQBuD8TL85SMTd0mDIjz2BOQR3GdOmW4TrRxN1RGvd2A59wJVS2kQvji7siWOsmWjJxXmhy9ywsad9RmNFaDgxhpHy+0CFjP4aHxgrZ2+0v38hG7EyJuPxqyAYJUE7B+mWFMobV19FzSs1Jf1BozyumVGmHrnL7SOoa8ypnBxkR/XxffKITreJ5QduUqWsdi1J2B7TfSOuEHF/NcMrEewWnKQwxDmddjQSUEW9bVPYyzlYwYM3Ql2etlB/S+FQYQfjGUdseU363BsIw+RXj6QUD5vd+RgOPY0wxl/UyH+fEZ2W26qHjTdZ+x5QGCiIDwgdVce84vy5yn4jCDRBqkiiYxC4+ysp86FNVdrbfbQEUhJW8jSzEDzaSLyjKERDfIKbocWaR5yPDWG/sImXBZZmyBVuW5NIFXV7u/UY7Ab3dkgxP5NhQE8C5pIvwqZ5CB86Y+lKKYpYa8T5QCafgpf9rdOFA+LaV4WYycnY7M20WYkJlm/snziDal5klB7+V7BJLbvfZZyC/trjzL4mY9GseYvD/siesz+vr1kH06sVG7Tq6pvdms2u5vemTM2WZJ+iGDuGDvgqPHzRiLLLmWi9fxMz8r3wyFUarf2GAawft1tekkz5HjLgpR53kW57jwMEitYxu+9ToP8L6MFIr9pS6fmc48PVeI4e8C1aq0YcENgtbWMqqtV0/onBGJddYy5t8uBmK0lHZ7Yr/KD1W6Xx/8MGzX1F9pNKq/T73MyzRbwuwq610Brsb34WEirrRvITq4JJnb2I+R3DQghT+wNOEQ3dTbEQbjxYAjit3aZ5lgfap7FmWHI9xdzCwn1EuhsnEhctJZp58t1pK7MCPUVOjdn/mNcLmaW5D++BbLkYMUkcJFfH86FNDFrQ9kEms+tG9UaE1UpG8wL1qehWeoInEEG+wd8MyfRr1LY93oGa7JWhM9SCGm2HjTSQo7IAJwSe6PtbPbsOAFFWnlWVMLQQt34qxMj+kwah9MCzI2qzZfRHhCgjIkfFw1lDNFbkz1uihA0bfyxXazwnxwGAg82q4AStABB0G08aZV6rG9tzKD4eH7kzwTwKwjb3+ttSpyEpS7kpkSSQUx11ov3efcJMOCkCoPO8xu8SH897lkdAMw1yfmOowAO669ed9XwopXZY2v3361qmp+8yewqh4jpGMPK9Lgnv+mfWAzEBT/UVoARfj7TUQj0kIJESCCu2g2HQz7dQzf7EunDXYwT/sgOzuofhLba+OoIq2lulvLboA4nsqKh0AHefsnLLIuLRDZNmlbyCULDpEq3dFsnk0tsZJXSo96xMn0t5Meko6CQhi+kl26zXEOsGuYOy/tEXDsSixMm4f7JGVTSC8hlnNdXFzzh2aEWOPmpHdrdvbay+13wbogMjY6iQR6PdpRXT75gZFtsdhdRd6zzYmMs+BMvh+W1V1nl7jbCWNIxlzFS2zlk72XyVuH8h3q2GaltuYi4r5ol6v5Cq+msLzUERFvQfz7E2JnTZdcsmGTmLlOrJACqd1l875hs9kcahTyhKukhJj14MlVxP4qqQVb8iXqDOvHwoNFQU83SLrffcDdTOwscxIY+aVRTKVzg+rxZ2rJbT/0QhMswbsFfSCDpptYdq6MthR1lzb7hx1oVRCuhvlmzVr0d0audIBs2zFohokYuHsfaUXvCnGcqUconsKVAJEQcT2mD2D9ZY7SG9viaCmfa/A4heEod8cMal5lfk1dBo4hXSSAY4ucVoJ5BFAyYf0eoE+FjQ+1KjB8iUPAJilZovT58IEOQbtXRQxTwcTroCPnZxuZp9ZbGPceUk5Xj5LZvPaQoZCMug7U2q1Wa496s7nFuTYJT+LnOWXO4DmYO+7YNOGCTed7PfPY3k5QKnAvdZHmRx71wYO5IS32DhwFxbh3DAc+pf4M2UoZVVMF6P3s+okFVBIxNXPdaCLGKtuZq33I4hfIWSa7GtP8AlbTqe+3CdT+CzRbO5+JIXe/m3eXZ3icUzNLGnNzav79OQvipB36zBbylvpCYnUtJ6sCO9e2rxHVJ692ONQgPfm+df/FwSplY/UJGqmQtpVGga3eGC+fnYdYejbKHwliUmMuDOq6tAo0IGHmhY8ChFsXGbdtdjv07eI1XDb7ZBow2SAoyAPf9xvIEcff/sHBSNRVIHMM/KbWZWK3haEYKZeeXHNMedxFnG6JzgClF99PdaAmTWi5KRK/lEUxGHCBgfbLnz8ijpeirFK1LxEYqlbpf1aYLuFufpIHqqYMP0kBAD5v9VGsN6kt6OTNLrXvRyqqaMxv4cmJ8XeX2rZ4krzXGA26POTz2HVMbsXS1Cbc/zA7EP0YoQ7rT6Vf+WLbuY6TCwzVltFaYFymPlEHsoC/HcPiPa48v/xEFRjz1cfn97qq3PsXs7vvWecG04dafrXN6c3Ibv1iVM9RNJVAcjKHW9Ul/GoNXz73tYU0riDEQuKZmnIPNl5bHYgc9rSlhNi77w8bqYHdwRuh0jb8EASznsYzY7aDv3TWGFF7XhgvRquxNNNos+is6rV0SkUcaXJgQEPFnsw8/R4QR03ylVnKF2e2DWuaaSd5EGLIEjytH+75w3Nw8zeg09gtTkcUNCngpzJhtZUO0ZUbAFAwfx42tpW8SAxeiF0mfIbGX4Yl10Qc4hb9naofgKv8AmlRx/qU4/5bHtMe5G9OOwyt1eP+6oznNhljJz7HqsTVYz1uRJ/FF3aMT5wuBIrVaSMznFF4lRD1lBQH/YrvL9oIwBdetkXvgR43YxUg6n+t/C0XW6QfC8A/FEg1poSnNZKy/O6apfCsG9m7rvHHwtrYj6wK8qpCNs40rTsQEbS+pzyENgZIKmmar1EL/ylHjd2CLFGmGXFLRARDMoz3/kE7M74P3mEt+vpyekM9dxQ2CD2cfmta33rEfBApzCOJwTshDFy4m3ZZwxKzk9wWuOLnUFukuwFlrAiKnhKeEQBiWKhNuQTdpfPo16Ar/a60zJvhTVZni9uqsovkj4aqbO8HXnxs6LJLtI+goCtbWWngg5SL5sSimVV9XBxfcE4lrdtATCm0SmRiFh4wMkXKEjeoTSGaMNBIrIzAAAEXrYuU612h6pyH9oCP7ocFKf0vIRR7DdaTbmW0ujZ+td5X6OizYd/TjOB0EZ3oSOmWIRrAhvK3ys/bmU5Z6yUm7cHi/5IG9UgJ73su5LiGd0bEaELozBsy7Jqr5EC+BysSUR8co5ajkhSpfAJKerkPe2uJ2dE7RlGpswAmA6o9ylAWGbgC2YfamX0lxi1ryybkW3CLb6FO51SOogOHVNLa9FID4/lUCIZV8D6RigolgF9s6O0hRwXF1bEM7/OGa5VnxkkC2VJfudqvg01Mr7qOoOx8/SvEo12xMMhOW26ZW9rcgnZELPLwzBeUC1pmpF2T4vELHC5f1EWdIr6Wy6gcl7Vjvb6FLzsMwEH+yLmSGzBRLm+V/Vg7DiGBGB/mRdQPR8j04R1fa80nXfSOByD0NuJpcUBBbpOAnruyuvrKmx2N65Y6ojJQTJk+SFBc+XqgTVayZ4Ln9JSUgGJkpQ2Y5Q/L8IVJP9ThINxL3eDg15tVq7HLoBnuwZ/JsEc4G1iI3aCkTCX4RUG0oCAAtMXdJ1i+vwP2AvrmUVkBjGeu86xAUoxfUyqrnGgmfA1ka/IuaWrCzoyO+9KJCRsug5ngo0W6gJiniTkkqE6R5FdtA+LRmPUPN/TpvZbFDOQNoo3vHC6OhCUTw9gaTuXEAAdi3bpXBG8wgpMOdcUJMBsjpiPlUjJYwOsANe5HwT6F6Y/5DXYX5HDYgR5rc3jy+nYuxBwmq+ic1WJUHMMt0omcwCz7IDy1WVeuwo801O5kW8NQShrdcDrwpkdnrRTheF/6g825xuAnnyNPUZiosd9eXOf32k2MWF8AIh9Y9xjyy3Yx4yNyDQMEBbI11h4KIKpBqYeSkeQCfJeUcUncTCHVTQ0893cyCyqDaZWtoICflrnmtk/9QGvyKO4/tI6d4tFnUAyNOWBKVNHN7bvPk1gYxd2xiCPVHxRAdfzGpcauI0FlDyX/txqhaANKHerky+7GLr8o3+bakF59KGfk0tHpI5/7XnnsZv3M6u4XR9GYb15IesoXnTQ7ke81HCFUAB3jSihMTfKxawV4OcUj8pknrlctOAPus8fEjB4q+JJ8fteaJmfroTvu9wmlJ3Lx4pzVGl/wqGPCrBdYULGAmMnybINZRgNGg95tv/oBlfrtzcXFuWlw4vE30VipF//tgkZam0SBJVlG2AX5cAwtK/YoWOA4rbuO4EbB61DsW8FKXQjYrB41S9XHadmYXz523fFvo8pZQgeliZZHhqgj7dinqJ96Ci6HqE/GlMmavRfhm0MmmDMHAs/t3IMV/+frRkj6BeQWcQjVb1lCrpUmtWwStvfedEUMxlVLe9Zelu6jNjdcUCp6bwTbJ0BBBPMk7b4wrTX+Mei4+2JvHf6E5kchYBYhB94GJdMDQZ96zQE78L3l+oZGImu1LaEULqDXC5c0TZv4z3egMWL45VsRW255yT+POIrZhjavD3h6JMOuwr/a/htfwiSruYaer2u8Rbre26FICZgrkb1JulyLSc+DBxDi9bX3SyL/TS/y2HDSpCWtU2Zjr+XkU28z7t1EuoqORhfFVzXjnh9JvUMq9UVGXKF/vcCKy0Bbro0Zxd9GHO9SVJ5HzVH1+lONG2Q5ERaWHvoKzROCOoO+6oktsLgjkHW+gxyW3gjGY5KZA0qwCzDOycenQHSWAsYGpR07vGZp0LhtAoAtXc5Zm7nVyw4H6AnpI84be+6Ees2tfb7fcla3YkL+iBkNuW4n09CqOUPU9xr/m6/JGV6Tr8RD3V/mfFHl5GnL6VFdZGeNUtl1upOH+VqgXd3MyZc1VpXXWRY959bSNEoZR3bsM0ScLIP18YnWfCUiz2ghn1RqBXbpfcYnX1rwQqz9WJ2FqMBqhOyKWyQZo7P3zEyn7tJmAuNtrITHbTxTFSKXOocqmUzO9EFh3pDN0qq5NSaS9cIgclvYLLplXhrgXjdIm4ems9GAtjx7/RrAAK9/a59pft2Ji7pGDfLOo5dBic8T66Ilwwi9Ggyab7JfPc4ArEIhP0PrG/o4DmUeeUWv8B9ZhAUEtLo2sWV3Stkdr6qHpZhHnMQEKNWzI01HbLeSesG4n7d1hKhOCBNxxfXKRCvNcHCVpWQX1C0iqThJDsDqBaUNlua5et0jPlFC5LDEu/2qyYCuKFwvEhr+siUHcvgQkDkK74pK/zvUfe5cVLV2QPdyt6aTwVqX8D40HKvFuW6rwnHbpCbQjmmLaQ7vwq57L986BB2e+8CaVmgyXtu8Ahkuu2RwfNdUwGQltvDXUQA8FG8+Hikw0H/dBsxV0WjUrXOZIPMf31hUXe3YVDjO8a1XGsOfHyqY+YIDMHlKs4vL7/LVZQdypP0vrrCdwrT4v/Z3TYPjcrOkJwFEFCzEXFhgRX8udI/DaQmvs2CzkBnRiv5v8LB8wbupVk9dJkzAmAnVMi4o18jFcQqPyw/NOwuNglik2SbZpPp1Cn53sIxmVOjRynAx7ws6+ELRAcxnnXXSW3XSjHoD9TkOtLoPXHce31pC9QPPa0sOa+HOBuvqgb8+wptYM2VCZpIqANhgzx7xoTKl61KCWZgv9MHAJUTFfDgO3UGbODf0IasKIbWyt+H3qgkzOfYGqSnfG4l1Hoj07Xro/VfBxVol7dFuXPeEP9Ygblu8VvVH8wwRtKVqwW9U8I0wxty7qkQGRunnyhVCZWMmF4ro3Rd6qvOqoxOnTQOQxb/KSaLwaVIfiSlYo0HK7BO3JP/YL86pNRZWfPZzED3LDrwpZIoEEtPpvGO9wgnV5yqhFPk8MtEIcHR6HffFDJpPpqZ1PPaBT8wbnPyuNSPRcZXBJMEJYRpAuFcKtE43AWFdnU8eNCloXRrJGARTPvXNvUnJrccSOU5KVBQJvpYvyPaRdET16tUIsWLrWi+B0PiSrivNF8rQx0A0bXNLZ9jeHzTsuyXQVHU06BBEZOKTpFHH5H/bf71yvlU1ekKxR53F2rTRIcV+JLVVz5u2GG6L43PvRS8ZNisvXE13jfDifknFwoqydppZn3S4AjSFhbicZgPy9/Gxnl66Q1yyc5vjF2bGuH0pem3C0pYqB5SlICHW947p4RCD7T//JL3YDvs97BTcpZymEjjWSFq1FWmQGdBngt2x6CEr5gxI0mDVhDr8PQsZWp/P+kUGvyqOl8cYa6eCboJ//dWp+xiUgbFG35PAEpt5++EYZhnRgorGqgbkBEUETW0tteOVt9OUBpfGkFMoc5piNo/K5Oc+5iFHsLP3WbvPEt9kP3yAkolqXxZgUBc3mV53uTPA6dtrVZpJcGhO1JqrjjwQaPJg33njKgjruLxPMofyGphJ09j5zVPJOFyOAQjHtLdXK/CzB2itOilHfIN3sPt4JDrXtAcIo1mA9pxmPxGx2puuDbqb4Pkdz7inUvSHIQqv7im5IsFEgDSUVJHLzFvVXcQFMaIxHesW2gmgiwNo9v+JmJvZsleNOnQi2PrvURXzpAM0xF71kk04HuzvK8cz6CUstNbnXy+teGPkTOegwFpqtOkk7hyuiCKwWhQyM5zrCxA1Fa7RovmJfBuaLvuUagy65n19bHhzClFdJaB/UYvzujTs3TH5XKZxyGXVu0VE32JtCXxSAF1PR3BNfwSvh3/2Yjn2huvg5c3S1y88mIzwlRi6Kq3G7IdYHz4V6J4h7o6+PgHMK81jf+bAnTMUII8R7M47a39ugsMMvnRY+QRHoJ9EhqKjsQdAtbn4eMhwAiu1eT4DQfF7Gr5FqCPFvGmpiGHZjLNLxPOd4hhpMJj1u0CNqIOhchVVJ7su4JO5WVmiuBF3T+tD916WnJNVQgrh9RYgNP9GpIGvMfsPZW/7cCGJ7eW+l5jZ84SjIMwK9+sat1+MKwikFVPyICbPICTgOY6XuKidp/q8CJYrGroMyUQ67fFgEeHVWjxlPt+a8SECkcw6bSQ07UFs/qLOcq0yblxdc6gC/ppOWvniW9s4IJGweMwfvg1gdYflgGdf3tyG7lDeHZ/PHsyHIbevvQchOp8oO34sfYUbQbLnw184l/CG6Ok5Fqo+536Hpn9wrumEwjJUgEYw9SJLrcwmwrZsm5eMKQdtuSpQLt8HF3qrd4f6LnNyu7FkA+Ta9TWqWDqyAlBdwveZtZ7EEiXGseYIIrd/RucTflgQRn61f5I5HRzbFr9gFZmELnJ1fJ4PzDFFQf0/tZp+D9I533pHvcm6P7Zn6v+8kqPoV7Js5wWyye4wRtgorPt1xlMN6vH9q1sa71Hcq/wj1F/ss4JuMZ9dbcuigTHjVC/H1EhMAZ4T+52ljcu1/r5x/6bMEZ6jLns4/x7wV4IDQcktIHXumFxleW6yvVXBTce9x1HCzysELoaM6zgcHoqbkO9jQyFwhD39vOn8q+DkO9FUxKY4gBiDnm7ybuIsW4wig2UeAiMHweyyVB53AcdKz9fVFQ/sv0rPHTJtV2+EbEBGh9lAQa95kSD+WHl3kek4G+2a0QPGp2Y9jBL/3i6WdGrvKH3ikb+DtQQy49bnWPUlsd7rUzM6YsYCxTVOQAKHCVS4OHrprK1RUABHJ0M4zUkCu9MMakr0jqBCytnsN+dNNIRohwFfaXM/LyUyffDhv+Ff2taGwdXR6WnQXwHvW5eyXbUzzPZZPzao4AQ/wGDJnY+PrTCYx6unK3VrD5BPmBYAi87DYkykSgFfUkOzdnDqHh5OKR6xqHtWRcWzTek4g3tYM77BX2Ci0vc3Qkh/Hk+SOu7ez2V8VEi6Ku23hyrw9nSaN9rXrRliMFmaMy4zFydHwSczxTOk9OTEXyze5xSwSM9pP1cR5ZwOxMZ5xXHsELj3yipUqAR4qlY4EP3HOcbgRR9F02TSRvE7RfNGQv3lRxheKkODET1G8R2DhW/GZAieTlBr+87BPLebnd+BfHu2KBlT9iubNyCu08lYzYZqMvaSgdeFo9QRSLoDwAFBe5SrpTTpBpWGesSKvF0Z008MWFpesanP/xY5EmoWg9omQpVVYpc9COlIUeKRdIfY25/78aFAtDvGCJfBAOurnNZKSipKXxfiQKZaLBnZg4TYrtaFH//05FwoGasNUOKtHszSs7ppQzgYTwENvflGUTkqRbwRoRKo4kSkoRJytyywE8BK8TA/XB0m8S1AxPE6BruB7JmJDHmtXJm/DTCVXsUZEgCdGaZAtHhbSiiahnl/JrDK7yNbn0zIytxmQ5kcCb/2a6IE/kX1cS1j3TjH5GGN16QatyAbGTAX0a0vNzXvpE1kL40wJDilYmGTyX+diX44upzSnezUV575csp6DsxsukwwoRbVXOUclo4421dmJpYNRLhv4BbA9+u7c6zOM9ZSmJvFMGkqIqfVDnd9dhkSZ8doKSv9I3J8koKTMt1qfBPDX8YreMYVi40aGlsEcjNLgoSLr/M6Rphkw0EQrLuIN09K1jeMn79cGorsG4TrlQ+yiAvzqYzCLCJXdwcRvnbquoQ7RYoyzNye1UAMKwLZ2YTeem+g7DQNkqRQFPun6PG6iawYbockQJg9r5r0T8LgRNZeIxhwTkMbVFYHQ47nKzUrgqn0eKu3TLKAaDRvJWeeIuPTz9WFynTLAfrPPynXjh6HyG6uUs4SbSMMyflWXNh9sSu2z8kw5QduzC5MIIHux5FvriJUd0lbVMSfNKde4synDZCi5TIeo5F5XeI+H/igvMR+mYbGIVgJGqssJ5jmN/GMobOaV4PpjkYMMoSYAWG70Yt0DNsWc91C0jz7uj9ZwwGRJ+FwPnOzDVnv243sFYLxcrIh6hFpR2ez/ddwn+O+KnnsTbssCXYL3g4M6idzxG11qtXK0ReH6H40gbjxTs7kc6h/0prhgklK+OJOXy5ueObZJixb6auHnrucwyoRlvYMK37T2aLwXKJ1SUh+8FtzW4bwS5YHFXno6tx+nQBWC/pFZGyMR8LoifRb1TFNkmLgJc732/FNip/14vt/QpsBU6h0e1TMFG9W1KDRA/8TK79Pn7Gxx65eTlLUo0PL/KVYCJ6Lc3dQSpBmf+Y2DZCQ/WhERwqOviCO/pLkkDjaDxmJ89t5mvGV7qD9xjBaorXdXiBJ8aLfV90WIX4XQ3c5jbkywJWNuCTPZL19ComuPlogYSfrkKqUtFtHwjRTj8E98csKBzm7MA69JPFNvHnKk9UvMoC+8fXujuJBcDmBNK4wEifTDwPy+GBJailszEbuzElnw8jrEbdsJYkKT4zlLgszjfWrPr2XLRy3dyR4TkEz5jRyl+TsWICqzSEjRULpOWGtsVa3ZL2gKRrgCDjegUdGQG7q4xlAsk1fKr0naEPcuWzL/cl8DZoRGzw4wVoMYkRIob5tyzjhPhI9A2LEwl2A59KcsrPBPOt1ZtXH96pcBqQrtFa07GbK1IVSGpJbjaHVDHVw2xP16l9qviUTmU1UoEgHorSoayL/lFrPrCSHM3ZwajPlpRCGz5/sARLjAD4wiOEFKHQpzE23yhNICne6HRq1t2LsGwUMmIkbn5lkUo/utr6eG13/lqmLd9UY8zWp4Lo7w8NKd0LACbfVuN7erQhx5BLlIvGaLp0uw+ULT1Xztja+P5tGkmtCqQgQ8BpuLBRuoGk3ir7mRZrUAfMO7fpYKCK5Gz387p6Us/LSGIEXvysD9L1iygT/c1gd4cK3aaMQQJJyctiPL1dCsQV7uRTsnG6nsnfzzn7CBE6E2HBn988JFbTpa/7V5OQMgxPtdhYXD3tcmhRxbnQ5dXYEQ3wj7G4LWYs4sq8rgWIz+X/+PhCi2ae3gbEmZvFCY67srXoCCXpzLB9p/txaqy10a3zi7ccCcUgjryTDxxAQHDWHR8SeD9aecXovYp7dKO6YDHQcd/TjXNu5cKaz/RysnnL2+MfFB6g8FJQtOpUgg/wbxJd8HpihKxPa3iEnXtZ1hZ7Rr+4JujlztajNaou/ymYV0gcCgfFs3eROecDG3NhWf4g6SIKHDcJrXVcSW3oveOhbDCRq0si8ir1k5hlFH6C5XFm0K0mMTxXZ1Cq1VTR7/lYjOZ0BhCTZSGuzGYjJAnqcSzt2b3ovbdMrHui3Z/2NX7PPf6L4JFsYn8kZr76wq/i5qdK0aBSo0jPjOhnRj+psIo8imGgaXuHsXrLOs/2yJZ8kMOD8rFv3SN5PgmYq1kB0jDisqtCAg7my765U9M7ClmPO5JGsfKwshEvM4d6W9SceqHG2mrMkv9wyI8WNY3kRZa0wnzw3RpGbCBw8m6POUAW11tp2gTIFE4M6cYzkvB6UFigHjtn0WGEl4DgaUPq4ODHOZ788lMkc9ZGW356bzzHkJ75nGnNci46UC03BckDeUOa5KxreZ5dOY7j9OnzDbn7y2k/15zp7knv+0ac4kWQXX9JXddeAm7yuonMLMC+m0PDkrOjs/cWNlm01yHht+gcUh4ZDlRjhAg+TIgydCPaodcDJyCuIzcKwlXlcJpn/wu2IcymLO+BWazudde8YmMp7wyFuO5HKH09qQxPFeD5lis4fLxfxhm8JycrmakiAkWjlE6FXLnYFBxoEost1wO1s9DzMaYnF/O27aZT4Yre92Vu4sZdjb7MxQj7l3JS8afTcmy87YqzXIEwR8mvzQJ63dLI4FzP1DrFhmdXOg0kZ/Nd2pQi/Ui5OXaOKQqlg/lr9k/3urXbO4YA9nrcgKHSHCTRwmTPY3TFccJjYvP+nrCdqp+xLA0x826oZizxAoZdG4nIL4wkQJvSTx8dE7O8ltLxKumCqDSWk0WX7VPRCXVj6Z7J85yPgYiMlYEArpMtvVbiqCKQX0NKuCWMivS28pLh7pbkyouHbWl2uTPr35QCYWWIuBr2InvL3WKRNhYj56sxSJxZ3sgGnNf/PztOAmOMydSTs+6RPUps31+PqCzA8TjxWek4UP5Qu7uSR88cAA2uFhLZ6QU9nuf/kfRU15ZVi6CQbe5BePnCTNi//r2ueYxnCHXVQ+Vk4OQeZJ9VzoNA1h3rDIQq4AoWV+CdKFORzZHyjvGJ5ka4kv6tycrOewgJKwe2wrHKOqJvSjyBGzAvU8OaUZobNBPADFPTQZv8HFnyTxkQEbwKwIjBcze2oJp4uZPT1h+6H/z8k4JVpIyMC2vRTTPFNV5zFlRzgf78a7VBHrMU2jEP6seio5SntsL6Uzd4hkngSUKMDIeWiGZDcYuiEVBL8KMh+9lx4tL3JXrMj7zeaYK/YJZZfjPzYX9txz2p1X1ynY6ehQNS1KjYTZNfbjQXoF81MeFzDpBKPqfCWqZBmNZ3oUnWryrm0Zdo3yZE5cZ2svGd2QxXBeVDgJEfYnFEyd4MxiTyyqJgyRHKX9FM6tfBaTs7+rjDucyUdHLzl2ZlSpgGR2W/WQnLW6W6NgBHzEu6u8GK3bNyaCxqaD2cHu6gXINXp+WlVhp0SvzE1KjoNSOHz2dwia4KgfN02hqcihbIkatGSwtDfcu52QsJJjbiXmnqkv0axgEY3wwfFuxEyTAmo5Id+rxVXG66vNV/0wuf9I3nEPEqDL7yHiI73OSMAWxpkK40B1Et7hserNofzVbmjGKB7AibnOwKiQHSUqnPQ0QTf18R5SJwXFTJCUeH2OLpNlHWQlt+9mM0HUGP16Bd41lLBmA+sm+RQvhEHdBU/b3eYIV1M1sClTBamrS55iJw1THTniAt2q13ItRVCeGmijCP1PsMJ3/2X99yQq/ZOUTiYOi4N0VnKdi2NKslqRC/H2303rGXh6Dt6V9inMQv6aIDSJ6bncAglXwmYIB66YoSZ/u8SMySfsyyg+6w9lO3O05VXT7eWte+uTiISLWlol6UnzsTSbtkvzLiXGiNYP5qQIhZ4ovluPai5/mVJCWP2vLUy/hbhPwp9X1GEvtPcKtIUiQ74/3sgKfu/SG0RyGygn4M7WXRU8OMRY7f6f69b5QJoG23H/9odZCuYDmQdzoWS1Amg2Svtt9SE2XAuxfN6ezS+JIdCsvC8xqsfKMi9SSxnFTfV0+Pp4aH96XMGC4fZ6XzYMTCUzuQFRyaeu6Cv6xaX8xkg5G5j/e+QM9/TI/0i3B8NADAAAgLFt27Zt27aNj23btm3btm3b6hAd5KIYa4m2ktL6vhshvyOUtE9Ls/b1WHtMi/+kCXFOjlJCn3J+cyY4Vh/JpUuJVTJHN54nasunZzRCod5Na6all288m1K2p4WSjNFapqnSeRqheSwBEMpFAWrprMcuPnd/t7QLfmW/VWj0Sz2SyvrzuSCaZozmAwRLaguCmPMeKrA9YrR15o0lR7d7jiyf0kxSrhvgwseQ/AQ1H3DsgMd5bnUwLVT/lFhTbrEzdFywXWp+sN8d6f4QF2i9ms9Okh6RbRvAXN5DjiQ8lDavfVVLdJE9NPtfPS15WtVvVc4U06Qw2C+q6M7Fj8/Kv2gYH931UoS2KjoeiZpY0cQtWOl88XUR37E4EILFUuMoR26dZ9xzFewz/2be6kF7B7tafZ47+Ilk/CMuOz50Z+ApGyeAIq1GdpPX1YMPfdkqdILUSj0Tr8EojfbqT17LiuFu44d8H1gkUQ0yezQMO3oB8JdMSEZ/8bjLuH3AHPd4YSFMjrypvM3BXcQ0GWBsLczO+/hMe/0OV81FCLRG3L5Hz5xoP0NRt3XfC7nQJY51zdElk/xgIp7aHgeyXaATF31yN5cNxeNPQYM7d3MZYkKPk9dclQz4UHRmm2dR/8LyyKag5TvH1iHIOaq7CkyrRATYa3YxiTDutbaZIRC0jnW5RtRrmUV+iQg0cB3DEqJINp3cphzXOmmvZmta1aX9sQHOOjwx4Geinr3r9q53vV2wvSCYfbsTj0pZWhrGbSUfBLG0lEceQuJS45LefVRP1DuG0UFCHWHy4Znd7xcU+NjvLKNhMocF5wavc9z9ve0EZS0XyGqEbC0nLOM2Zi/9kWAnbCvjgAymc0qoIOS9X12Zzup+H6Gi/BOg1etjg4DceGeLJHKWuH/veiEW3LkZQ+7a//58/41Bhi8QBziLn8cq8/evQrnTIm1yoLFbxlVFU4tEDZFYVxtPSlWZy+kgl8aFvGm3Yon9YnzQ94xgdxPMr62kDvKq96/AB+I5nLgEzVDR3DTTIc/yTeah0DzdOr6Q+QUlUzv2pWaISW8gT6uVUFplk/NO+9kMMtz0XOEiV/f5dBHx3D6gKKyM7LfpElyJ9OaIbP9RqAuiI31ruHIHJXG6yJp5uqPEFz05S16uFRqmxpI4zjr5AhVmn9kbe9/qkFS6t4DsB2rS4j5gRBAQq6Th1lBrKr6npC8vH+jrol0CosXrbf0e1H1xYmLG1Ycvp2ppE9/nSHd1gnwtUSdSwEAFSCG/JAeGJ8XIb2d3dV0zsgkpiKSzqHq3ym80EqzPBkSoCe8LafFp3qy73cglsst/Z3B+oUorTmRQPCQHI8wUGuaD7BnaASjHuc5HKWDuFMTWwGZXbaWMQM5n9ffAUVk9Rr1ye7tJLiSsQ9nUJ649L0HWVdjuZUo4Yt5kLXUzhjOyUCvIqBUS3KnByvcBrSFKZemZpUVJnFC0pRg1wyIslzKHcGIXoSp3ilGIgSD4gCN8xSaIq8y3eUj70dbXWT+IWTLEK1kUUcP0y1q+UBHVfYdk7XcKNKhp4K4wVOvstwSIL5HQzrvJ8ReTMEu8ZCZJxCMp7PivMrUu6nRpXHdciMju8meZIvyBw0lve/GEUyi5j7accohiu2HHniD6Vf/rQYYvCkyFY+VluSDnZ4jq1qySZu0CHGkjY1b8WlRmfgmCGiCEGbps2z5VJ85nfbRWEiAKCZGhQBt5rdtz12uVkCok51dE4zLt0+lAAbrceUmCk97Tu0zEsGBPUt68eeUpu3obPhoLubbS6tVC3bXcMkxJtO104TRUTyWuvQOKCTICRaXvOzJamdsYY3cQ8ZcWL4oglwblxEwV4KTOmO9dOFPmyvznYNDQ299ooo2qnUjwXnmvVFpF40gHmRfHbD14K6/PKS79bkkpAaglMwdwlqHAMO7ctuSatjtiFO9i6328d189B56k3AbCd88+2BVsVGpOruYHyflx3GTibqtNWwzX/LKN3EuCi0WFmKefT57h3m/qRpppF0st0apPxkRWPFUy6tzpuRjwiM5Bo8eCcMugXG7nTIqlYWmRXvtW6b3lhruNHJDmIlZROGHafJZcwQTA4oTUB75sNeBl0Ekrurwl0KjuZZLxzioU6ADW3/9yuEdVwS8XMTdhkBvrW0kDDsTJMHry1aDJNZ8kx94G8AbzQYtrhxnGWUmJZXzb6hDdNyDuHZFu0+fx1RwAI3Ifl7cQTXSN8Zat/AfRTeEHV1571Y9eGs+Z3n83+TlDriBccP1L3e3HLN8zVH0uoC+95tocfkn5bfLQC5D1XEXs8pFJnuGEZK44d6svSo2wAbfPfjpchjHRmQzP3Br9kpuol/XhcYaoEzWTaG2cj6BVksyU4Dr/7Pqgpzw9K6/aL+vSNrrMAccUMcWiXeZgpq/hzMSTaV9r0wuLnwiLfBLazjivq/v9p9WNQLxJlgA1C571SrM9U3VBMVAlMssxA4aIrOl4EzBrY783cqW9MZRh71a87YuP4UnD3B/GcW9A1YxMZGTAa2G4DRZgQqMNd/skfs8QPawxtKLpZoWsOqbIXrUlnzM6xMM/fTEjApuse+iXhvLhidiCBNGS1qqPAornAVYn5CQthxd6SjBDJe129OfGF8dxE4QUSTUeMySMSHaO8Xo2HkbR39hOYgkprAbWKxeWYiBl2ix4uFfRIh6NGT1sP5Pt7unsfNf18zoGjvOi2iT+HSY5HDP4z17gvXp+N4QmZR6BPG+9i8pyT2nWjUJOHsLT7+y5gn0KbHgyXsYhY8r8vfssg/bmPVirvwj+X6TVEZi1ZZicbxcqnVDpQSwX58cq2WG+oIZCNIfdOIpzNtf6xr4A1NLXao3JPwEcGuDoK+8zdZIuEubSdGyk6Jzl9byAFpIGJXXstuLI+f0bnBpzi4Hju6o1Lx8GkmVzg8X7d8NlG119cjk91TItGOuFodTHSjPbR996IV4nWIk+90kxBQoWDPlPaW/1cvODjX/ua487zJ62wE1TVw9Zwp6INAuiqnW9UrIOrX/ugYqD9/AJ94AEX62KxEHOURi3D4FZW4xw6DQCpXS1oLAKJWy7JIuMa6WC0/Uj2mlnWM8LjPVRTgAj3XEkOsxOsWjjeSIelNMy1NjMtwY3UQKGDpAL1QXfJ0psDalEl0DaEPUreCFIH76WNgSr9AdeaHCRiMoYcYqA96N8apY0++uDvvYX+7eJSC0nLPsKI975MiKqxm1aB8oFb3RI/C133vedAATqjeIFOrv6d8fvXYbF8EZis2AuGt14bAK8fdQb5CKoa4HRBvntrymsfsAIwt5q/EHIxjWN6JZ3eEBJ8qbAJq1CQd6CURS8eTmcBaSm7NyBohhYiYYYHKXnhkr3IqkwbXX+x+ocnXUkiT8aU3oe04hHk7h9pvjkGaxI7vgKRosTF1Jqqq0qR6+OfXzko54z4WWC0PI1p8OVfonq8ice97TT+cijec6/h8E+RMI7AuWzUOy5kmkjo4vQuv8KZ7cY79lwaLFs8OSXSqUUs6hw/i3SKkHqg0YDVINd1pIFS6CnIp9ihiM2JKYNDUCu8BxYk1souELKihF9v5fbi4fidCqQH+8O7PwQLRCf5PsLlX3A7XYLP562QZgep3QMh+YfFlMUZywt1xv9eQ8+pWWJnqfPZ8WfwSbyntDvWdH0pWwHK5KAY9L3hTnUQSj9MeKVKrbbAvuKQozq3Vg0CYck/COcfzL0DpkSs8GNJl3Ds0eTJ2pw6Nm9Z9qAvbIxwJQczgB4QB94no3UItq1VqtDyrEibaQkgJITkxzyAP9RY7xuD18ulimsQB9kTCpm+GcsW7MaVb2GATUgl9WtiwfDifhIQBuPn1UqKVZvCt5ut3IBDMA3oCaYLuj0+hJuQHYXDLnM4dlvjhbCP+kyFH5qftiZzePiFK7z5h5NoiJNTFZBBr6fB/ddysNLLbrymfBQC/F36ArqxjWt3AlUpHYkkI/YkXaqnoepD/kpswhyhMupIZcBLllzyTDAe8p5MW9X9bU7Fv47EvRs7bNkro7uZ8rvN20vuCtJKRGJtAiYRdIrPXrpoOhCuSVj7vsGaziUkyJXsuggi45p6bHW/Of7Yl48SYm7EIDknSWuF/cTEP5JdPkMU8FaOSWdKamOytMOK39ePzCaypvJiiJY8cIany7tfpcRMVdDopLvwpczrpSUGlSW/rtryf9Ri/e5G70TA/0WnC3ErqAGZhr51q2FhI5IZA65dzHYOWtcYf5RjsiK1LZexng1BHe2RoN7lljYVEX3ddAHbLo9rxFZ4/xNT0f6FP8F80Jea+rvAAo1I0xckzjOxVemc5I1df6TFpI/jV/CbmSKqm49WHnfKKbseHtWZTNLOKyetPRPKeyn4Y7Gci0JhyIDEebkNrLl4dtZFKkHmqhwJxOmMzDTekzfOTX6Y7H9+u7JRtq+/kYLbccWqDri0EUshnUg7xxyiwToNBQe7UHv3P+g29CP83NM5kRqdl1NTfccMwFGOaLv9nFJWyc/ZgpIXgZn20pZyFiM2SpiBNkPcrmlc/8YiHxH55NvuvUNqkCD9CLhfrY8ND65b958uo7JcunUpPQjV+IiGgsuF3InAd0ebyo1PZXfT99QmeEXp0yHQ6vQa2xcIudqsSVUIivYuI5sCz0POc6qR1PYBfLbmMZz8X2fex2GPk7vmxoj8s2W31NRx/geumLEE/4aLWHIQTSoOjZajv1sZeyaUqz3AqZ4yUeaRdRUhihDJAysY8c1M7G5Nv/OFiaUfuTi+qIdvKgUjNJ0cEJDwfBWnSZM9UcFoKfY8J1hvoXN3djUjCWZ9IFz3fiG3vSurcb+qjT8r4ADaDni0DNhIBsvVCt4wu8xH8vYMrHyOUGv1iY2alJWAHV9N2CMV6dlLjlMN9vgemN+yAN5CpDuJYgzasaocF+HrY6FcDJMU6teezJSmC/wTbpwP3S4oVpEZAQZuqCR7lVLR0wgoWeh4L3SA8DSuV4uuXIvwfI962adUyBuxuiQ8D37Xm3LoS+5l3jbZY3rj3kh/3EC5lqdtf4BO/ikVLamw+WwaMxq6jWW0ISxJTH2GazaDTgFcuFggZDiBEmbH2PBj0XFy9lU7UUzgRcboYWM8F+nFpG/xN2RU2DNAOiY9ZsIF87uK0dIcFvN9fcxbhYxkcDegw+GhZHWJjB0v0NRBGKDRppNIUp7NmfeTFPlXIaH/XzKgPeEu61HcyYWqa5O7gkCx5IRHOJQ6wQ1GB0YbdZeN23xrp7qDOgAQhf06/ugdLClZZ5yso2ixtwvqLS7T9VchswnVZCz2VJJKX8vtGksXbSl31M3kC2qIoAWC20BiwG0AC7PMxvbZq/WtW4xNYdIvLgq1pV1BrXfEVmPPuX9uCs/IURsvJxgPFQt0uGB0qTsZ75ym9hnRsjN5WHNsklAQptBSHjZgb/m4o6u6hNc3sbcFyvsidmoohAbMXiD0PVdnCjFL3nYFTySGCVxt7K4Q6Dc2sythKLca3gqG0L8KW7Pwp8keIUimyViEQyQvMDS2K12c9nS5/RE85wv1b0dik2W0/wf0e/3dx1f3NcAcK6piUz0+toiXceT+sDIahSebOzWqlKkDs8b7tiprcyH8GYMCMt+7KYVqJZDoFDP5w/g3hpDkPifvm5Tv2FUfTG5wTa/n7HF7u4zEi7lP/VjrfTpc6dwqdTHB+XxSSOroChuRUB7xIdzf46jG1QHxRRFzml3WPQdPbt/zk0QSH9/e376AjTZYCOq71rvPd1WZTAF/nmiIg9I1Uz9i7n9+b8BBkbyuFNCkUtj+SuS4n0f1lpBNUCU0hU7r1yFc5SUKmWbgMPe4bWigr+eXFLpTtKDf2cOjKBDWiWWt/ucFwPOOW3ZyMtJTAzTYYTtZmQcMxEutXab8iCHX/gwyI/hIsherXgnQDiQVS9YOcQ303o5eJNfelgLNNFawjHbZrTF8yeryeUbzPQjSZ9bNUh77SlHAG1UNhMzBDFm7bEPdonSYrVgSvw08X8aPbBIAFnkGZxvrWVX0mxOxh50ZVxQSLW7nVcGsuUqofPsCBGJbaFYzXIb/a+3TAOpVgZUmQRs8Zp8oaMu7PoI9VUQGJKGz+US/IJsFczTFI7V5M7zfigm9VKkBkhxLrCxpLHV6qhwCPb0WOtWct85ReKqbyhb/EdjFW9oJE5mxRB1oetphO44w463pW8i9dIJ0C8Gm4qd3uMG45sgqc/pq5Wrwl0sPbJ8tRSVTCJpYIs570/c7dI16UjffJcCz6Tv/BuLPmY7wtAmqHEn2IL5/phNgP17UObXAsWT/gi6kzmn+dp8Pw9LhgpTj/GEg83sonJFxVpLz6amQN+csUebuoG8yA0E8pQMSXNS9jtChuGxKqdsK6OVnyLVf/vEF3Lzo1j5siAzyoxAdqT5NelfUOBEWoXSGuhzK4bLYD9lQKfAP6E0VlsdSbHp+6Ly5voyrQ7wO3k5HYWN6f5S0Vb9EvLned00DNt3gnPt/FzJk4MQGGieGJ4OBtxGNFzc4tMWsb5BOuGhU3kTG1CfXb7Hf2LjKh7MO4XiaCOJmW4ETX/AxjtOxgc1QUOkZOatPtxOgwMyKff+UjsEb+W+JRHGX9Y+LX/qp6hVUnlIeAQmrBQEi9kviqlc+vO68MFWnSqKJkFZ+39ybKfQZ4WZDMEgA09qFkO/pWVpO/hFNQa09y2LuILY9rDyqLOX2Tk/Ef5IqHwMysuEMKEZFwJCMAlG0xnWFCPC7d0YNHl8VUyQV3SeRgSaA6UJQ/Rt72zzT3rSyGMJh9fWho3fIe7q46szZkGb4DDHpftptgJ3iY/K8gX9CNYT2ntuheuZgV2RbrM0udH5y/kGj0p4/lPl/ZJm+q5PGv2usjseOIx3Mv9+Dr7EWElNXpTTsVGgOed4sxmsxngwC6Mdi56c6LFjLBXko2Ys2ks6DWYxa0Nws9+84vMtwsrHHQOqcgS6ZL2yylKDAr8x7A4fUDHWBPtxmd0xRoobtHLdE6H82PXZtfv3++oFIwhY7F+Co+8W0fuej9kZFCkUunJQeJc0YHx9zyNbTjFSI9Bz9B5rxYY9+1baGmxmwRCgVTgzikXQX3BEO/yMWRG5VQ4hsrYE3gWt/y61IuEWzdpEwtJ/FpYtUWBV9Kmplj0uXsK44GdV6I7nvKbld4H7/CJHuaImNZiDxEGrkYpH211SHNR2/Czse0jOygKzupJjA9Q9pZsO3p7K038nxIEIFVjRmJlDfZ5A7MmqBxClW6bv+FwiBmko/xSZrBtgaPKoUyiOiJXxA639pRmNtQMvZ4kdqumHSD3mSZN1Nlt0/EpAv6OgZzfB27xzRzkJaTgKf8DcnIqpeebABSkouMraZSqrSa4juWywchJlAmxsOeekmGaUPRTkE0Fi71M7UrvJG2ep4SvChwQ+oZEEXy0De7evR7OWJM0kIbqOdq0sRGcbDlQlH964K17DpkQ4Pbwcpw1cB89UanETS7/AJatEW9X8LbRc1mGtPAUDIdlX/QeXHIka4zod7od6kICuXj+NCZx5VU9Ys2lhItOdJ8kWZlu4UFcPAwmkMl2QpvfvS27hCHbZNv7Z5qQL29J0z4gMiOGlLbLWp9o6yO/4jPSa13OWbgvepvsX8mxk4Hwtxg/LoaWrOqe0q6PzTLfBNggPLOgNiSalqW+mhs0QYo7p+asyLcdI6Kx8GWiQGKySqQb9Uo4Ahmi+HJW48PH2WAfZDEiusP+dfYzutypWJMx0WxjDQ2fsZKrppKqlE2jqj3ppQuuP6lhw9kTPc+86oAUa3BNH0p5KBp2hX3JMasLxKRt1lNSalGfE8t4LcUrQUfLkyJU67b9YUt+EnwDaApOawBkA0KXv5+Y4M/RboKWy1KAF/NxHF6Z1/9Vyq6hhZXqlcJadz2101ntPU885cuity9FwS9fbz0hayp4BMzQPoTAuKz1dnBjd7O1TAk6fRDu3Zm+358JLfsUW6EgCMYPjbomNABDQKSu5KHRxCWNMYrBJw/errmwAAFVJ6oW7OerEmc3zuPYYU29N5/NFiGi/FMVDaGCmCKqj19ytpKgDbp9+1NNmG/dQFDVRMuUkCFlfFMN5si6J7bS6kPleWwSlX2jo17iwroSLupYwrQ0ajk6d39Y05iCKB27MUGqYtjzKCjqZTZh4SwkgSDM9CTOc8z08R6Xz8KzfLc/LjCrKlanlEe8cr9GE4AbRVuT8nvJcTDIF5143596QWNpupJNDYJKKBEDVWZRBAAAQwM0BRY5dfUFMbgdeI5Ai+6UpKzGjDZbh8e0cpToVJixbX2If+R2N/W1Y3beaDB97kEuWLZndYgIfxLEHWpE3RuCDIvChNDveYSmLUcJPeEForL1Sz+ziDzlHpHi5IS4d4cbQ1pQQtCh5xroFqbqCEaATC3aqfbfzXWvH9U+jakyNxl+spupZC8UuFKOQysEwtV7ujpJXKCONwVBphGag3SqmbA/XYY5WuIgMlFuIlY+24dU33zQ/qik8MufUxa/bvgw1rPuKwSM7XnOjOt1K+wZoltNS2tyIc/JmxzXbxdykE+clhfhD6tfGkgqqD1XTQaM1JSw3wXAsj0i3yRDeziy8tJN9Md3Pt+XAj9poTovKUOdiFNZ4cBDOnClGcSX1DaUYXfj4gLh2+g1uaNIf9jXBz/UWP81WDsA03kMZ7DRoqqb5Do1mv+lrqvkWzhDlq/lUOPUxDIaIsQ/VDrlp6gfoWBi+in+R4fEcbxfDQ9CqANiKQeLePhyxKgLRfoopvJBzMzJE+rlumdOhZMc2FfpNLHn7GlUNJuk0/E00ctd9ZSgd53ityKMfXTN/yYT1OZIvmxwLX8cBcwVaGLFxZ6eqvpYJYWiAr5c/wOLe0Hu/kTfg2i3KWNEk//bUmXUYbR3B46v7mvKBo8HGXBs89ypCmWukJIZOAwhmItIqaLOFj+XDtCVcb/8rUXc/LI1KWWtHzO/j1USspqoZ/0WleeQ41A2Okunv1mPJewhh/BJdIMMuSYA6e9odEOmAOPtFqyAkgWZn6VTZQ/D83BotCLS34t4D7LQtU7h/LYE5wXQepsyhavOQPjM8DFH/poRcCayclH24cN+f0CpfbQkbYaiUwRH/QQhD4YNN/bKZSrJgv4SIV9CPHxTcz91uQBA9g01CL3bdNwA9GGPZK9nqeH5IRfsalaVgXJ2Xh5GN5gBQJPSSz5PatL3unK8OFCpXbaq7xWTVZIx/+FZyDm6qClDq/sFsQcmBFoMfRTV/ZmnYYtiOobdsQRBtJtvJy5T4fsrLTbaOR6Pt3qCv72peQoA5Rt8diRNLuYliEAZ7xL9FfM/Q0G/yrYjX0fx3tc9s04V5Ht6Dc9TDlUnfycEsHu9GEFQ0QdvfibXbSXdWeA517WRSdqjlq8ZREVAGCsJjQS3hcmdZr1S88RVeCAaxZPdmudvPcHvqIs4dZUMlLGMQ2PnsVaStx0nNskb6khDiOV3rCMT3MhQhZxp7It6Eq8g08DASpciCUMQK3NUsjcrLs4Rdt9qVvBk4PrLtkrtGJ1uQnbI5NSwUfm1uRM3Q8Zpxys+hzxYXqjmtZxtH4DD1uMzxJRdsj7nWxVgE9eWIpzwJEzGZcdUNJ3chUT/RKfzwNq8Ll5kHKJpkfocsmwK062hHI8KUnn6iSBSkm1kuE9AivtkEmW7TcTXBfP7Ptds5TFO3xFSld2CatymTe9UylrB8c+IAy4xSv5uOF2qgFp4YWX0atvJti4gi0KEv6z6oQvSah2TF0cnJg4wAfvWp0Kvlx1cVhrlzj++w6Ixto8sO+LLIkjHayWTA5MaRvJ0fvfm3hwB72/G0+3tMatieg7RVz7QLcmCOSwdRdvaosW9mIYVrZLM5lNPEfQ8sfpWcgDnznMYm8T636GgmE1ICFrxX3BRjXB7ucJMetzrVlFwATzs458CLt6X1nNzm9lD3WOZTU41euqKJLbzYvcA4mzCt/z2b0RcuhXoAk2yDcf+uhfXDHh4iw0RrDgWafifBOt6gQYUdQZgcMergfdqHtDUCQ1L6IXR6dC6oKpEm/0lA9TjR8PDu0BCmuQn8z4qdRwR7PsOym7RUqQGKRDFOEGbzn0c/zq3ZKDF+zU1zZ6GapwYGXpcC4Bddr3v8Y+w6CxqWAoz9IjWgZ9cH+Z/It227ip15bAs1TsjyGYQHyspmBMUe6VnssXT4mms4ekytOxLc+ogpTVSKsPUmf5nehxEgvvdFP/OyyVSaMWE1HtHagpQb3N+1AMKfAZVzoUn/eZH7MhREYTSOM06LL16uox4CKRI5dLuo3b9GvuKldObWjjY5EGRzFQL4NIRfsPnIu250GxI1nHzBLmVi+WbAAaYoxQq4grKsv4VDb5BGhmGyraDFla8ZI/TBOO3G86+Zgj+mkIYzqZif7dHdYEgJgREBemKs3J0VytxEpYI708wDhB32FkGjEROnLtgeFvTMkFbMhBKAG6k5Hh/wjiU2TvzdyUHosn0DO3Mvo8U9gdOyVhPAN1jTJjtubUDaSkTT/K7lrdeXDAgpbinFC0MVdZ0orhXgVGbShciVfYo5GEAedblE/+GnXI6sYGfMkhMLnv63o2TpLN6cMXTALmt1ZXmLNoPN9k0kzVMeaqOCdE79RdKcyL1bR1JGDi7bYvEIsDAZAFtLq0Ksgdom3xtWcrFU6pBCnNCOXxYDYTawzONZO65A1pJjHokast5MvOqY6Zfgynf48RDLlKrjeBZrG3N2osT46q1b4sGv1mjyIe0DJx5+WGHwS6gsa+7XYyjPVpOQrVuX7CGXgEa/dqIMZI1VVenUzUS7OfoP/OEGux9V4j95cnJRCL2o6dfNnf03ZMh4IlD4SEChGjw2n9o7Ulepw/T73CK7VGb/Jbuss6XRy6C0gmjnm0vvmwmsB/U/Nb6KOhaOJcCUiNy3CpAdT6nqJj4Wxb4pFNRttg8YWsZy8MSgKs63vyDAhOkNfZ5NH+TSPz2kFGvbFjWA2LPNDn3HY8nn8j/LyMA2+I7B8ryDLShbEBMzqP6dWf0i5y7NNKEEp1YAwNxC/zyhdBNPL1kF8frDsTNG+QnooVmAXTSwsfErE+oHbvOYye4m6Fyeu1Z32XuOAh1YdbVEHZ3kBSb84smXAWh+2u7IW4BfrVKhY5IdzJGghUQ8Fl5EdP2VTg/xGKpk3OqcuEBSSEjLlkpUqDyNnkva9fccauAHTM742zdSXa2iA2OhZr+NgHC4orTOuV1o77en3lY6iWhl9vDu6y++h1Jhp7w/N0J2iBTnXHSPeUWpYw20jyQU12tRpeY1Ni31v8cHf2/WDvbLuyu0/hyWeSi3qm81SEkh6elSM0F3XL4hamUP1eyVSilo9iZq9NmXRr2XB+tnEH7yWM/5d7bRGaJeRpvKFZFsiGWBf49bFZRhMpb0kRyZuGzg/mdYVh0TefsCyGAKXSqdj/NOKs2jGmaQqrp1nDtnaHpYNnY0GNahkv9S28tOOsZtFVst62UeEqOHqOkCa2/sZ9Ej9FMCme1NTLbwS02d+2DJT+Mv3SXaGHRWRha3kw8EtUlleYXd75YL+htldiGLXMdQa6U9Up9N1FFaoxBWU/oEaFK55fKKnUSFlKn0Upub5SZ/ia6vCe2OBfoo17Hup0Q8BCFWsBbBLbzeqRENTZyOBkWJIY1INm8WcW/P+ciPkVXFjdMZ+7uXlxJJIB5dnQ6a1qIynAM3h5gdsOkwkdb/Jd8T5jqZ255DXWXfT+f7m0WvoQDBQqllDe84P7L9UOvReODrp5iG+0xQWj7y3EJKRSIUlhVuX5g23+DWRu8AFZ8fEB/pnJCWjKCzr2bavPSvfKKRnP5ImeDktJyj93XXYQT/gJUiiUU8cjqjK8ooMh0jLlviaiWsNCT5GT/6bK1JkSFJwRKw7nafc1EJWBsNyNV1NN18ovIkHSOX33Too+ImyQXSUF13AhlUTSKsueSPJySTSKZ8APln9BYWaQtWypzMqOrU3qH0VosiKkXM0MLNBkNnGIPhLRuXYXTcXYlrK4cZ4/nXEQhwckW1+/0KmSqah5BETgiMSpXBOSrSdQ2yhGjaQNnmlGyGz83Q8oE/j1bFliT0zuhFSXc4fpRBMjfmF2ZRl5mQML3sl67SvcBVmBOfhSjW2HiN/5xUp6WaQtUSP6OSVJnNBqIr1v6a6ZLwrkjWmUR0Apav1cnCQJrvogTzw5YRGuUDXwjsR213ehsJ3cg4Tv6jRdX/PMOH68uJ9kF7IZZfjenlig3pSRFUUXAZdf+jd4rlAq/gXzJSs7Itqwc3KXX54+nHmXBA8dFN4qeoEsS1EVLVRBesWpISeGrhJwhFKP+1d1mYDYrWsHkv07bPbVdxIaO3uPTC5M22FdJ8vqECeQE6LYKjuiBawpm/LFgAlegkLGXNMo98oHQqv1BG3t1KuGrtnt58q+IdUW7h/SWIYSBjZYF/7p5Pv79liG/gshIm6jGWuc84T9YwpOedNBq66jMiCEeomFNlfD7en5aryasK8a6YmlOlrIaoR5L57gkgLibkrV9FBCvd2F2QeIdBn/UXvHw9w40nlxJwDxht4pe/FbFqwKCI9EA0DribZ9E/bMItU/FGdzKsBgsCzevZaYQnoArifJAsxVkQp/IbOAnBxxIjUaSgtllzdLTkSuf15qNnH6Kx7Xfd50ecm0TPLtfPTSP7kLIilTdnFyqe96E9JJsXArNRKioEJgpwd7CEELu4soijs9lqkVaO8BjWBoxRGpIqNxzwCJMvIPUwPpTQn/LjvxppBnQg+aDv8rPp5iknnKAm5VI3zRCzT2fd8rcwtB00cbzovL5jrSYpnTXpLwYEKNqYmAqmC+8orY4E50ZhDLZKq9RtcbCDYLQcH+1gdi/8TKjnJaoLHDm02TwijfjNAcSSFJxM9dr+PazodqUd35ZIXO+RqhYQ2Kidbbzctcfn4bTQaWX71Nf+53cKf1WFPZuoL9G1OLBCb7kkiMrR91Gw18KJcLC0IS9p3pCVbxLHn7ju1Q4YDcElIxKN12nPWrIAfxzqwF3lwpZR1CQb/6a3k//GYSSRCjAs4Fs+XucbYSjBt7poEOQDOvpmFOaopdxDBqYeeB+6ShNYR5nwYkGfXcSej1UoDHqYw4D1ro52VQOODtd1AZe3kgXJSVN3PuFI0X48RIQk3cN2XA3bH++XAyp3+C+lUkEAEFA8M9Tk881CxQccWxnprYM+zR2VOSrswXhXPhdiXnmUA92hq2mYnSZ9YwSbtyExYyGvsI5uR6XQXiofDWVBvghkqmRFfjjt0m0g+ycMe5SNL1EtJ9Kx4S5Im2LBGb3t9roPRbFjiR5KIHQonf2IAgpBzdNwTCDMA6o5XWlgXuUYP0wQ8uI0zoq6Em3Om8iIi1qzSWVkjGTCOiPidyu3S0wR04M6WBEZm8mMD7oSZZigRCAaX7muUXhG0m64IQCjTyhvmaLvNcFruQ/I+wsx2mv5veHrkkr5qWCna022k00DcqfbWxg0bYQbuIRf7C8CCvRAOzcPUVZXke+g20kkZzLadVsQdZKAWxsp3sK7OHc+fycD1bIVvx4oRcplykdeAM4WbBfqqaWZnBKvmkYU7S4snviQrxOIQI5NiLUSHiUxmCM1bEJBtCQMmuiyggCUp7apKRhm0N2+JcaURXwNufMqrbTT0xdEof4tg5i6Bmv0+Q5cMOv0/ia2EuLw4WzHpt/wNfbi7F8xowFx3Q+RHF9d/MaoWr/MBI6wxYXhNDdcfRzcssdVB8fccUqr2K6iyYpMESOZH5wbasIDQ9RvHyWNOmgoWlFA19TYtnhB5+AmltURvhkgGENM/3gRTQ8LLNBVGnre1sih/GERxOWTewc+NJ+xnNHgy2agUfXYv3Gligrc1rSBBe6Ko2Zsfz/mGIh2ud+atyWvCWoS4OYykr2GFX5HLv4Hmj1VvZpOXnNHSNTrEZeT1q8wtsUCxQh/tt+/yQXAOBSk+13ZRXsRFyFgQFnW+S+SgqKpG3BPgRAVbuQ0PDdQYrYDrDDwfy8PkzkTaNSYqlEWRJvFJLpAqIjmNMhYGjnR0ked2Clomje08Aw7rmE3Z9uVVZ6YlQhqEfbs4+nOC/niYkqDngiF15Xbf11i4XO/yrDb3dcgqlIcIMRnRFLD1ZtG1PVyAdgPpxDahtXD6NurcXkHiQkce7UDwkFnaGUyYyB8UBPCauhEzpXWLCQcua2AFtZEethvxZoc3bX4OLIkoodv88+pA14lgn+4OFTBxO/oiIYgp5f86Ltb8irUaCWqnVjc6UkvvvPIg60bEZpBP8eKFYM2hmRVjOp2GARYNenLA7M1+RXRQH8JhkcKh3/+K2UGvsuSwvCkfvmwffyG8EDxwurHRoQqtcoeBE/ayskGqvVaujClmSqN0nyy71/KAXU8x0NAfdNm6YLfJZFp2VM66hKSrFqnd3E5HIq03NTNei0mj8jMF3yQ7vMcYxeooCkocfSzakbmMHxkTUmqZA/Op9XnOB/n5aNIk14N4ClRk5Bnbl6fvezvOnwZb3DN3a9l+JyF4zHVFjTisgqi/Yi502WanY5aMGWWmIlC/oAD8qOTwVyuNqSb/jzU2LSAtN44H2E28Xb5C14qWqVHg4Qh3xN++T+gIUrd/P6/x3tc31hbPrmr3UlywrGIjKNeDGTKK4ZpP2yrmOVrM9tziRjj8BAj+e+AFHDr62qGWBsbvHYKJUjsPZPdvEZ8E0CIlr7IuALz5xac+LWPU+slWEIYJegXkHkb0BhAtk9lDs+PZG8EgYu8FFf5slCHrwSR244zVk/1hxChME6UwFUHYL/1dYwhFwwuSmd9NLTSKiDFa1LvP8S1m+tkxUx9gxbXyEEIh0Q4z2UcVxG7pls6EaQOxbTAgOkOPXryArA7BJMqzPP8DxImmz40s2wJ565cu8Do9SkHJ/x3kUWdY2kFvHLZe8zNI60jC9acduXU1ymIsi/0rVRtDThrNt29HNtBGVqvGis+BQGHs0WUtEqBctWyU7O9sq4F8Puh0mmWxT2odm9bXVAMhjfBviXQYRctPxTwvWMjcFlfBJPF1gEtzYWVuiWNxcGBkl6Ib/gaTtSkoZKzBQbbWluSy1cksnNZUnkiljKXYObKkw93eYEuhwZinH0oiUfjnfi0Xrsst+9qSloGbh+ZM58K9fRDDG49hOf/8n8x1FEshSau1vf03T/7XZxYR9hzDftERHQbDHthqCrLOtPlZexJITSwG28OOcZDVMphMk9e+gmdsm1Tblt4GjPySMruSOW3px6FDdtGBzAabA0SAfcTmfylIBLtU8a1g/bE8zYosKbNPDJX8R58rk5b3EbO5OUNkI3b2Z8IAyiGZrPE2Xs/Tam68oJGARhgecWmTbeE2XVF8T+dCTRQCUKAHZ4HMjBR2j2s1+D04WeIhJPJMxf5waPjc2A4Jyma2Ma5DXP/MWUgzYFGmIm6YlA7IH7xvn1FJxJ0dpWp0j4XUaLujnubtsgu/tAickrvHnLNKsJRdiOO8agpFSqqwHa2ROY6OQr9Lvrp7efcyaQRne+2amB/pKm2Eg12m96xdc+SInUxAMyDHXt8VE4pxdyEmvtULO6+TPqYBlnZ2In+tnKJcp1lzEh/sddMp89S0UAUuSXQyRPq+8xphk+VFbbv+kmoFEiBDoJLaOUnuB+ZjYGa05IbJ4iQT8n1q+RIMOoJudCX9pFSqBFWft7l5bXfm1oFJxi+faEbmJVu0Mivqiz/WUICaXACnRQhIOUc+XrHsUW/XT+M/K4WVmMg7dTHgoEW+2jWaqJF6SQy/IXjdjkrLDDZ4OWMm7mtIK7qvHwnRGRE2YgTAW6N9cESPE2UXZ0cARZemUJqUlJrVoCX3O9AIQckpLqG63JngayDmslXN0cQUT38GjnucqEGLolu9coVOqa/6PWU5CD4r01KiZWygnQH/XpTV+9dqAK1jm2Ub1kES4Os1AlTG39GT7GrRZlarTUeFO/WgGzSbN6O2PTU+6i5lXDpa7IeZkINnXPAokWUxABX4L5RveLJ1XQcuGEWIn7K6xfiZkhnjs/zjiRExjqqMUEvK6WY3psKjx35FrGuNvRgXpyWz9ymOs/GvekqeOza4VIFK2sTUlSk0OwOWXC45y821QKW4ZeWm9z8s8dSnzc16wt4bjCmxHx2u6tsfqc8zNmUJjfySsXpO7oiPPAu9Yd9yh5cE3tlRVgf0Qozh9OwALJ7+MNFJz2L4A702g7BB96v3r9WkomkOG8QmYcImMVbHeTNgIg8gCxCnNfONj00by1EiejTDFqLU19mZoENg/NAS2LX7SMrr76Pdpsd9BtNZm+Sm11TMb/3LIAzGVwhukPBOFEqN6U+cM7SW7+gxzW441S/I6KPTBcXSfhnPrMtluFNY7DsVhbgxAOse91EfO711fO1vg3cbh81qtvxM7My4joEmkHmH72GfeQRE5N4zsOzeU8AzY9922RBXskMveD6MuKwj6KtiUs8b5Fmq5o5gSWEz6/neKsyiPGD65Ar18H1F+sd/MW0KapB4hUCWEDH0P6YW8nPBo7GcZNylR84cHvzM+o0XDIs2hIOB4jltaMDVDEn5ojCs5HkB4RJsHZY8XbIExHO3Fs0Fwaqzh+0q5LleAXQnZ9J1vOOPTwDS3TLFplHoc+T+P667bPKCMpEmN5bvZME9Nonoy9dUMEAlVOI/fCOlfXb2TSagU7JIZ0C6r53ih8EzdQXD9IF7LR+SCMUsJU+vDDlbKVM3l1m929495xzlAl+nedlwNfBw40rq/zN+WsM04zIcfAOqRGlp3TNj4ISwzUchQmEhkTM0f2iPsz3+G9Ggtoe3RJVidMU16LdKR7uCE9cZfQMYCpRP/6BQWfJPuJ8aAD3o2RaawpjkM/W74IO8xacRWg500LMu8jJofiZuNSMF+RggMhTeUz14a33Gxa+AZXRFNTwAx1mhNuQXnvA3Ze9SJKgaQHrAzzO5wLzJdvkO/pRj2Cn1x/JsbC+orK+Z4Vvmz4LI/B7HKTY/y1ze5GvOn5pGLDdPva3corFThC4DKdhDBKj9W88pksjByxh24SaphzQHDVS3cBPxWo3lYHcccAlQZt8Ox2EqPuKF9J+0/Ky7LvyPNdIa+ws/ssReuK6iue5wkcDIvxQc/E9/JHr+HQPIRKlqNiSlP0jXz0XL/OtdWTG+YgAyz8N3a2lwXBbDN+S0YZ8CjwlQVO+AL7j/nToTiidKkuTl16EtF/duk1ggSrfwQOSdclgPdMmowJdosWFKjUGyWt1OdSpWTexf6mXA7WOmKzj5sN/QqenEeHVo6mC0YrAlL5VS+NRCAOR3/QaYJsYHF4UITQZWe8r2woCOWEO0zIgsheioF0Ijqg+L/rzOlMZ7ZrLn1Rh41FmzoIlniTef/aq1hbVlhcd078wOIMYzvPtthDatMTENmzYysNJN0NhiZQofcO9yTjYkHqoKGqI5NnP/Msf3PjvRZttUKoSfJUrzMoSIvu8AnseSYBspYeJEpzwczbkb4gMMyE4Si8hWkr5MaGc0cNaacVKhyPq6pR0LXre1woo/ib4siDeL+nNoL9E0Gqqwf4Kl2OeBGNPxMWGPC2icNyoZA4yoydH2XaEQX+Ai13j+vGl9VldnWSsqs1IbWqsB8optbek3MXIipqOgUgtV5vyPLbaXRsZ2nz6bjutXCrDaQ8cfB5aiiiOmvkz9PFJPVzg4tBrMLKQ5M1WWtmdTrphKVyaR1bpywEcNEU+tASZUNzVEVMAar82VLugoYYO3HoCCBPttyMV/3ZJ/vukaT4WTq0nfoe8j86JTHF0sBHyZG1uiezNOQQFB0TJ5eZGHV/5wpI0kEC6p0u1Yo9fldkcs50k9bhQ6lDBxARF8Kur3fFbB74be7bmDcwLWKOqEzSTHxXFn0pGFfupLIANVVnqqbRV0zzLDToE42UWj29DvsDBcbFw5oHEKurUduP6WtOzgyvrpMXPphRNfR2wFO6AtKOG6vwhGyY4kZjPjpfEe6DalwJQUNqaDliuWySZgDWo1YiwNtkrDAjjGH0+QbCTDbCvsLhr4wEHKZ9LQ42+WQenSDj/Fzfdch89ENajus0yKZkpBUKZfFX+FL4P3MVNHg3vlITbMzFK7XGBWpbYVZ8Ze6jfoAzVRRig9yI9Lw3/cWPjIh4t/RHPuotrz8WSG+PjzNzipBBaEU3X0HZdb1BeRzGKr73oiqthRtDBWZr3I+8BMhR87k6BnFgR7dL8GQlfyBdyGfyjTkewLczb/m1oP8A7C/yT2m/MTBr8NRkejBBe2bYWu/CRjxIRfo3EDE1VEKy3B9Tjz5DwROeMzgg2QQPH329yJcN/p7BOSwfe0uAuPGtWa6xPNNs9aZZHyYTN8KU7ITzj8ZHo1fzeSGtw2P4kswGd7aqlROBPXioDJeOOh3a60OsH9dPSJ3psLYowFOfaMm1VtQjuYgTHBZzPhzLfxWRaE79v9mKo0/TE0nGiSrGHm73u6O59deY65IeH05jtdhxCSHwkvPw3jEZruJp0SKNQ6q4fE9PRN57ty9BIsGDnMTNzUYmVWnpIM7v3iTZhsCijYMdO8OH1BKa4HdOIwO2O+VbJdJKxuk+vGUP5Lk5bfDCz6pWrKkX3q7oUWEHBOAzHvNQlJ7A6lahjFrR+2DY7QbFpkoj/PfCWwy527QtMIlgjbAwTUHmN/dY4eyxImb+ldnSz0pndX1dsnxLmpoZ5iB6vaEZ89eB1PPkgr313K6+X9ftAJnbycwQ9lWLvGkrjc6b3HY4pc5hDBOAUy6b60ehVJFLgbsQ44hoYjjDG7GAY/dIC17vxwiaYzaJv+CDGi41w9vTYQA+jVz0rL/LYtKNCbCd2vocYkagYZnRxfa6Cy79EAzRBXgUjDRvBGHRuKG0b6ZWLmzZKFE93oBWGjjc3ESI3YT0rXQtOsmPdEC3BoxMmQv3X9vvgXIttYQPpOAINJMTmEMVWkoulEKEjMJmR9vlmmT2BBwl7Ax3ONUql0uDgOSMF7bqorAOre/CW7rcvIH7VR3ibvPE4S51wBUBawlFSG9W1u3UzeRPpghKRgSlN49jz5/on4pPUry2frgAxWVmQsqTfMso5XBxJovNCTSM+/PnHxCWVlahjmrRv9Qbf1rv9EoVkxd35M673hCyIodC2hracYGxKDKQaf0K+tOIxODzzHrrkNU/pm/3ExXzmWo7yK+vAZxmyqQQE4yXUdcSLiWH8J74vAqL3ZoiO5E0B9Q7Nu1RdzXp0VLuzQu4hh2JADWi15vfMK+ayMvhpb3xFZIZ/wez2Ejsm2KZuwcvRdbuTrxaCXXzFBUr2DPRIFEUBsEwSuh4IRvS4cmTTP/P71qeNdsUencK5dwDQ3962qpM1oUVnjEBNR7Yv3c524w1AAaQR25WZykCkE/L9NXxnuEjyRdsUIJEmH0hMq2W4gGcBJpCCuMZ/rwJR7I0YpCNY/jg4MCXzfGnVFEZFOo1TG2dJ5jHQPg7MLm6FmrYuE5IhgOIhxrNqHy5eskmrHrLkIAC8YPAhegQH4zH0q8ECZynjRnbkAibk46BDq+b/+n8nns7Sk60MW+s3x37oFYmxNoCtv9L+M68pQ9REJabvzdRz8xZNneH0CkJkl/BAWTsyg3xTdg9JCcBtsJzcpjx99buyUGEvF1kWXp9hdeeiUVoSKGHwdElw/KWgVZh8hpU1pC3oheYQjAg28gmKXeBriyxbqpOLNKl6z2Yhl3r6XNvd7Cf0ysllgFFyJiQM/Cl1LSJpy3lCZFLz/Vx/Y56GhPCvszLwY1ydjLvQgk6zcv9Gv825kNwn9R3JSvNZaxYy6R5hK4puocI93+wVIpsOBH91XyYvQCq/ujE3GA3ZlXVv+wq5/aTm5TedQxnmXiIrxEBhR6+YmFMk8iQ3kCpECfsympWWmXPk4S6/WPF2BQgteEfUB1IiwUzFGErmpxGjA2LMF+sd4eNoic7r8Yc8o422oDl44rbM5TKsyS945bR5k/tvywIiGsJXOrgJhwuB+Mh2zK7PWVnoNSuREzGfiDR5uiUWoGngt1H7coVQ/E39pnaVB+8ZD2eAH7zspk8SD0uX8uQ6+VaTP/I2K2Vgc2fXr9MHIpCrlWQivYw3iqO1GBGLOAbAa6VzX58YMymtraf+FNfCdfZ8ULSryqu/ChlTkh6Bxa7NcR1QI7aynLKoUfyVnusc6kfrdWkSjvMWAvyNxA8j/x8PwhRQwFwuX10eg/yjLOrBw/Gth1DDZ3rOqc2iFf17YyzN239NQSQJ9rlvxIkGkhP7o8v09eCZVZdbu8ihnEGyFWzz5DElUVlf/N3hVEAMv0RpDDRq8Z18wXTalf7UOxSJxm1Q5affAgNwLK1kxn/6Yo8RHf6h4xGP8i/fiWd02EkOYoz1bv3s7Sf/2vR85D6SW5BjLzgrTopwbZh8DDvVinJDR1hqF42Oli9zRITLPJgBGo/fqpzZ3aN5Y/ByPGEQI9M85WZ1+6JFJMthOgk5kYu+HdTwhWjnJtsnONl7bh6aeMfk06iiWr5zEHB+zafLcTqQDbmvxbaGd5JdipFM78PbVl9Hn9mZ5jqX+PU5+JwhSTKBE1GnOXKkYFFZxPcUdtIJFLcf8EeWCVL7HFvCPyiLBmRnQpNq5VcNXrtustSitnorECZBR3wxfn3dXSyubDfG78udC2uVF2pdAylih7tAKO7PW1vMV/7ki65MgoXXTPaaX3stmTVlRZry071TzLO9sVW8ZeA+zYeWQdj6hUjNpW47Cv0SE8ZzHC+A2BUKfGFebvCh+fAOEcIcxUk+Rq/cA5IQc/JhEYyv+e5f5nejRUlQW5GgKgWyQwtcKvOy1KvpGkhv+4qXk3r70jv1b8eRBpdaIMVTkdgrMIMylfkm4XzWPnUzo4vS4O4fLW99Nx/cIXIyj2eGyhDfkHZ+5DcPdiMyrgIMlL6mvgq/dxf8N7t4HyZ2IW+BATCshuS5jVTE2GVc88gOX+tdVLGnYAWMd+MHBzXoDgBlJoxYLOYT1DCE2kLcxved6g+yMvxFkpOdmapM0N0Vm0PUyzKqL/UIhi5MADOH9nXZiy83juCFQFSNirY0zBIk+txXwdZIACeb5Nkeb5H/QQjVBmDVI3zTxiIuxYIOru8zC6WyIAxSVX7sGSqOyRvmFANfSaEfh0aIyQxWEXPBlAN3z8TzOmhf3wDORu72J/cUo48C9TVQMQ1C62NFL02dgKuH2PZdb9eAwjp4prvJQ2WcBqJeEgIFyvplMokJZgVI14lAwoEqlaBzVikKTk7QpddJWZZfV4Mk9UDciYm+LGokPW9PyKpT5le0LbTbHPcGI/gYH9xgucFyAaEtfH8Wvvx5kYL6JhjK+ijMxVyO5R1FGucPhdy6m+C9MPYkOY8AzX+Vyb/pawYchh7abwXo8wCoCyS33Lqe1aLiqQrJGaW3JG+sADPpdfm2dbqkdOdEedfFXbxgkK7TGdV+qwr+O/Sq1WMGhwoIu1zhl/C7SFn2B7kVyMfJ/f1F2+VkFCAW2wniE10t9fiogce+FpQqjh0pf8innuiqgvvndybtskvFlIo+gw4h/pWLdaRhDuKAZGYe6dGtzjAiDW+BHLJ5PuFhp/56gO6SDSIsbT2dLRj/WUstNKkAPaX3D17mjWGDOungZFeuWSW9cCIj04RHfwulbAbPfNmo8OS4htlulritWNv6McWCadMVs+Vov2txAeHRjks/rwGrishz4woftxqusio6EP8+Fed1iagOead1sDmvy4dGPCIItn5sfFAEuZ07aDn0j9XZJVjxr/NbS93cG7sWEKiI6Nmb334xkyQDMw/Y/lBAnuj2Nx/cYckSWQdhxVDf/aQIoQYgTJ/zn7peo8opOmRpHyQne0AWeFWtpihl+3Ooz6IysZwmosr6wpRoRVgIl809ZkFv8n+k24NBKAgAANBs27ZdP9u2bdu2bdu2bdu2bd4QN8gbsiZ5gbJcJ89QAVZSswHhmD24ujBV87+rwRUJ/9cCL+glPfdWbOHkFZS7wrUZu870pxkowQXbrM21KIqvPgd19hd751dmFzy0cfZX7RBlGcTrfJSOjYqufio5URrykM2FgXfTvT0kVpUIvOkErggBQOMcN8QYh0avszS0i7VL1cLkgMxjcwdcG1yKt0RWEPIOj9Vw+yMaPQWFeQwAVLMYxtQlQL6PSx8KFsZ8rSZVq5FLTkel73fL4mN/zt//l+B2VSK96tHHapPfljFi64q3SaHiHe4x3c0g+Su5VnfEgSO5Vlbh9VOKo884gCGhN3wp1R9nZrrq2nsBIbaY9pNk+cJFHHt7HMerVwaZoDt9L4LAtJWUDZBUfYThI8E34lrtGF15Pm0TvJYfUQKlAoLYNoRcsEgGTREMj+QyXZ5LsnHGRLcM/CtKkag1lv4QBD4FPfLJOkFr4K7WaDGTpZDd5GnIUJmpOXR752YMH9baKNEvHzV1qxiGikpRqFd1wnnF3PPVmAy8LQnmkZQ5+eYy7SCwNl+38Fwv/+rHXRqhPRc6HpzRySi8FgWzAgapLlJihXiDDSka47deXZzwBPZNCPtqOnZCrJpOuJh5hBNjoLbaKzcb2T3KPNG89uV6dDo/18anporjJt2xHZk62eLhwFUrRAZhynBYhJ1N+sn714SIPHULlTNZOBYFtMwc+eMQhCKR5S/FSJ0jkSHTx/HqIcnfkpiyYyx4dYqSNNu2Q0fGH2TeCUbzs+Q2StgfkplNGhlttwYMwZCmRtyIt9GoLIO9caOKFwVRAPENmA6QsV28xCESZjh7SY2R4wXlKnkJFA5zCF9z+9rUAvlckKkM7Upa3YjoyZIWi7UVo4zOOLwBgxF1Tq01zFeRgyYD6msm9/QYlm5PG1zN0BrLwzSLZ0Zm1S8yW039DrdbXmQtfPpy5wTAW99TFWvdHWOFZA6e3LwWm9j1lWIrwRjSTKRmH1uDMlZOpkqLIDFhulX1bK5uTJ98oCkK2rkLXC3YVHf4qmzlhIRnrlmfKnHCKYBmzaCQ4oaWEpc0SDst1kpclsN1/wSsP+oFGd3Dm5X+c64HR+6iQ2o9RHLOSII3BODvCrm39Jxg3MChabcqZp60W6A82QSelAzkLZHkUYT3jjb9ZA/yUblCB5wM8rMwaysr/i/cNNikymWE46serAAzJVIkV2VC18jWQxPAehTnTHq0QBdBLijIBK7hflGUmSXh3i7+db2rGuj6qLHxcuztBu34xvS3/GPrYqPpqrhGumzDUXGVISBUtf6yvX8RKHFA1VcUJpbpuL4dh8SATRjdEZ9B8gOaLgVdawBqNCywEmIbheyqmlkL+ygBZ3nqSfVkc70kLyhCCxowGEg51xklCzr8xxNst8T5hCObCycqV30vx/SVF8SxHSR0z8bGQv4n2vKWBqR1ciWYMg2bSpSSGo68CeiVx8RBBzm++94ODw4i5mQdjcAJJ97kgJ52N7ox8lK1GNhD1WPnt6B9uoTa9zVe8ixL9XIR8pTE2e7Yffemokaw7DsltWEXdNXxUpvnSXcXMQjZTG8Vms9N76TkvLSHGygP21mUsczMhSgd/WSk9Gf1yhwmVc4lp0UOFF1ryhuIDMmKVXPeVayljySIrOPrbhUTxEBU0aYU5eMNT8gzlEDQdVme7a8dyc7WHMWpJC8pPO3z/unV/a/L+/oKOsGqgPdyiN6i/bc1YzHtL4wIfm47Li3Qyah7SHUg4CDZjVXzT4v3zLz1XLClDPjl4Zlq2YG5RZEkx1jZqi8WpUwQlRHzyLUlfojai60H4x/a7b/eBrgK/5IwSs6yEO6AdO6OKXt+T+AfFVXnwcZFbg+TmaaXY6/fx/nm4RE1Th8cp2Xnh56cTSETbmrKz2Mo9euitL3H62LrpVDH3RRF90jKbdgbEDXykBdnlktjguYRA7PuTUePRPsVUVY4IUQge5bAG5KznzIJN+fVhoztz+NHAtwjoW1wTr0Qn79R6vXcI7c1giE+TVa8fftkcxGPz3iIzKcaeCs29Fu4H7ZBpG0yRVPekv5PrDjL+p6LXqzozqI70/dZn2kPAMXP7Nz0n5g255GVyZZoaDB74U0dnE3HVKS6/Nn5gB7B6vlwRczr9R44O5eDtrlLcGUQMg8pPpJ4mfSIptdYWT2zeC72MP9kbFSUhkdOICn8QXkhPELEvUF9N8cwN1svI6ohuPRNQ7qgzvOHlxWOM+DasVwdMgU7+3Sob1eyiDF9wOfKAamUrctZnDbQRf2JeUaLyC9DzT0CjI+Kw/uL9Cah23bSMmYAP61TItjiOIh/Ymxlzl8HoJ1H6ZRthzfPPxM+w2fEW2KyD+eRMxZTDO8krmDDARe/w7NwiknwRS2f0B1E/Q66SryB08kQy8TvZU9YAgIiUm0HSf0ezKCVpDs8yCKDnzwx/8bNwwyVjiJYZpTUeNg3HXB8qYrBmUmhvkr5Gr0PB7nDjHc+K5E5tyr/wdfXEndJjAy7I2uD0DHX90lupvGZKfMCER/7btaMBIu2ABuL8U9x0UdJX2752DwYf5tyP5sSeFh+TWkXCWEr5vmz9wqcIwkqw/Vgx2Ola42KiOliwlxJ+1FqdzMdPMZT2YXbbZKBzy91ww8tozmRoLsj4m9tBrMhEkWODcZCWTxPFNZdqvd8BLAGDa6je1tss8JkIWXtJULSnWZv18J++4myKHSUMiegc/1o0BRY9acpJBKeIIx0ksfBgjmm1ShoGkMYPclw+uwjGo/qm1t8Ru80T9lMP8uS4hpL12jSXGazoTe/4e+VWXsFnI95V5NBjlh2sohpDT62VN0GlcWzflPO3Kwevanlfix69BMMay4mRjlO0nNhzEcRbidooLQ3fBs8vvLnfrcIimRjU+NS1XhGtz9I9Edr8xDq19+9XxyihQxVSD8RPeQ0I86D68HoZhkisqmeU64Anj0BHK59DZdAqOUxnREE1lnD9UkAmfhc0S6ihkd3DRFJpTOc/DmvXdLLholNTWRqQ97VxPhgywjaZCMd3HXMgNaMck0fQDBuKEWLZT/M693tQDQKx9gL0u2KSMNNiTCs12Wd1aNK4/+KORCLyjIJlxUuj9bkLTKXJ7CnudIrkkD9ANZ0XnFvmxj26Argx67aGV1BS9LWpS/kuVfQ1ITZxFomAWLK8lheNd7klPpsd/twkl3I62UftFOB7PSHqrx1KgiPd5so8Hc5hnMK4O4b+MT1FeM2CTNDCP4JiZr3REEq2l8/JJEINaBlT22Qizjr1HDNm7Q9p53bvDmqfeytNr8AzxIN44uzNUGLb8+4vt/DwSnWUTgXcH8Eh50hMLuyiSz3SL6UQI0iuYDnvvYWwIKhZL2CzESY8imRJ7+znAzwp6xNcshAXhMkAwUvbBbbw6ViwzmDN7qpIpNYWG+7qeLBcSvG1k5AwRQXrSVS2jLwtR6cbkoCMGblaY2jtPE+HFOvgwffXOAVaq1+b1FQStMQLLw8LtD/6yOmSlpBWvBvctfxknlgvmzOq15cuq6lg96zm4O7cx0G/amjMA2zo5jBSqxENoULRbP+DCXzKAy6LMxrpOvstEE6OeC3B8CBVhv6EwvlWb2ZX9W4iD+HnNC6C66I+tD/kiV6/6unqyB+fnNo+tUjzYqporofnZSOi2a0oEazXP9GrEcyN4kFtm7N9Irf6isEgYexGu6Tn0Qi+xcUqweZeYFUzo5JJOfgoNBahRCYLKJKqDcw8+58l9DCFaGIG223NaY/4MOJE1AMDrlJcVV0FSfWu0yUWDDuHI+kQ0mMyuHOAFrBbfsEN9/9KoqRWmc7nSQ0/7gN9feWZk2nNXd0kzRpf7VJtS0w5rcWDNl/kaZ9KyVGTysEojDE9XiQZ92qWF9NtppDmXnPaF2WhR/8wHzchal34oJIxleK3i4eN+gs3tKw5KVt1zhmn+nowikyYZuo2/+AvjdHhOi5tXiKp4z+s4Gtv96yLkj7ixzPCYdUke//sbyiLpnBve55yAZGbWKC2ECurhGvIbqq3g7Z537hiywHq9dj7M+EgMVFdqNaLSVApJMEKYZBkMOwGIse0R8jMPqwsxrut5DGCnvRUxmXmTQz1CrD8PX1bQlnpOcFKewUYZj+PTV9b0t+L7HkYfHVutBYTLoLkEirgMXmy89JAvzeXpAwQybq3y/spSvSgNnVQoFUQQuN+wDW5CCJxbnFCHQlevAY7/uhvNauzQA9XtuHe24p6ZVih5WVNeoCtTnHR9HRTj4g5CHHwIDmCgJwFzV9QMyKjhBL/kAJ01eXbz9roJEVLiZ9cPkG+GYihhuUXUYpU2IPC5UjuTHk88svQezNhT83Q5037alC0j6vuA3lBBlO5Iet+ahQmYl9CbSr8nliCUIf5Zw7Xuf5a/WRWXGXh3xYHNEdNOXLlck96MQayEq5OO6kvRLjmAvpl/p4jjJ9kqyS472heosG12XA0yYXUaeZJQbUz6NSr9ovdWxvY64moJp531Gp4uSh6xxZrtsxCVns1VFLJ9vQ2vd562qRnO2FXbTUnNwPgnNFMqx1E1pIocz/7uZN/coRERnbf6xSKR/B9nWIE1COaOCtS+Bfw6JRLG17gZ+jUZwHrZ0xeoAekrEJpGCMTzY01HhSQUp7pc0/p80VFr+8R+A0r0gIsQY3tclP4KRCpKAAdwuCYtA73WItDWj4UkrG9NxY2M0XgaKNuwwDu551hHFO4rvnIu5/j5wMD9rrUBAA0PzeRhFRsKW81D36Lcw4jj/MJDLosoOOLMsMGHKW7rNY8kYYHbJMEZtuecGzHv72KCLYeoFhvrsW6cs7s4IX6Ufm7T6Wf2U35VUkfm/sQDf9tvDaASzFdNtgvkdLDyExXI0VPIaYlLxea2dM2MYhkas+3vI32HUZ431ZD3g8fbLlmG/ZRUQLZ+4FLw0RlRpSIO8pNobMIlmoLU14o90p6iaubHFDDCzfcNIbTWjqvWg+ghLNcUqZqQzQ4zrlER1dN8b0EjWkocKBINUd10T0LzljoL77JGCptoO0K5Ctyq5DPcLNBHVOv/rDbgqJiuni9pGaB6OlD4P8chRpFYKFR4OjWAxtd9U/CNKARt/BNkG6hLGwWbEenGYWqZh8uZtQr3+ActVkraPNpHapuRg4dXFKVq1W2O2ASIS4KeQK1zs1yrAXuiLizpSSnW/n0yBsx940p4frpBDIbit2ceyfkbsdvCjaSkI1uw8x8K0S0AyVyGpl6hUjEfYBF3sLk6D17bAcyECi72cBWBAtxwo9QnjLEoICIgxna91jB8JhTn+5WTmjPF+24YiQL/e1DnN8YkZCa9agbFaXWy0T8TM9muuB2D5epan082T101WJwkVqEphNBmolhYhzyKTKbjySo8olBWRXcvgn60WnwmzBnhlvOH1Fyim2xYPbDyx7RC5pngEkabCyx2wygPFRjuH8q8HNjfyNo3V0qLbPC68yLYASxb5i+V1vuHMu9l91B79gxQTNtkyY0s1g3vKI0bUJj5kzuIJUBBO3FAI9vtuhI/fY8jZPr2sKeNDt2htNdDBxBoIDFfgZRUp2o6zaI5diJbpEgLRcF31J968K7g2QH8JXWeMVDxaeDOYOAkFT1kIDSSq8IPdQ1hdTybeKfh5SILjMtXZk2fQ4LN/8Jb0wDBfArpdoqhhj1TAKbT7pIRNVeIALzFqZd1PsuMR9hoQiOQMDAmhCISgj/7Zwmcf0vzRmjNVIu4NH25hh9gqY+GU8xXVl7DHGHI3mzQdYyEYYx5D2ePva1MvlbYletNeCIuhBgeaLqIEYIHLpnJyw7T6AKzuS8cHxwvU4MaLk44HhMtMp2Ciw1g5LM2w/7BlsOFNZWPzAuDyIkyEvMyAEGT0XjOTqI5kXWXzT72X/yDamQX7z4Zgs++J5YFVy0A+9IhXnzdjxy8tDE2oKpNNr6GX7ExEUo32e4ZiVDRRKiArcOeaHm8V33S0ZwrnxVDy+5XkLv9gyvW25npkvhzZzR6trQ7LqgK7C0T+peg3dWdKiSPudwmw6zEpWJeCyHgW5PyGFPgY3GK0H51V2UjuszFUmI0K+X3Oe6JIpwci6v/7GTM5zfoCVa+tFr1XfHhW3bNezyXRTzk1efcN8IaNWpVHRjXl+IAeJYciAyOPhDH54flYEYKVCQJL1MswHJPuF0JJSIHuU353XiDX1bIacL2PRPZv8HF4tf8yPFiZ0ArOilfUV7G+G7bop1vWS3+ww4i32Tj9LcaS1XnLhPJJvGn2JLfWSx8qIzV9VwR+gHr2yxt+cdD8c8sqZzvucWk/CIc45MZ6blJZes2juV+GnzacpEFX+DAhzdkuIrvCL07frCQ0giKKWCPsMFYg9efDwG46ps9Gnzsko9m1m7iZeGnwUzgtqS2M9rLac4EE5hk+97Or7rAs8sRee8eculxaUNT17n2gNBkgRTWsOtjcPxbmmAYeFjW6QG+H3LzYXuo97OWbplpvoYQr+SP8Xa0/MoDS6EOCkjJg69EX8OqWMDiZ5Ty1y8wPcQ9Ns8oNOSJFljxrlXIU0nekN3jPG0xxtWpXZp1COZK6QKOKLFrEUN0vFxkIid0a+R3ZnxsCKVlECysFVTVsJ8Bk1o1/QZGfixUyA1RriUlXiyOfS4z1who+q/HME3ZeS8uZRGz0aEBcREWmWv7o5XOJOgvAgcO5ldCeWVRNmVC6r+koOUc7rz6S4BAcTTpIdYMfxCQruQOtW+Q906Ic4WUG9LaxuR4RgItPrRvX29bgkq9uOScPO1zhxdRLbQ/kBtevEg655SkFbPPJiTmsLPH7lEJeBr28hclZrVT70jsjtHQf1EqMlzCkLPyBX70y1424G+G/a2guxo+xFsjrigq6a+WSiyuHjQs7JyddV+UJ3a8Sz58zvlVvTBQA9zcFlwPUWz6n2bu7g0Dw+SCo7pFI5TX+n6s4g6XYTkaf6FS6Lw1Tb38aIg54vZFhP076a66ZGT1Uq85JizUSyn/Vo+dABvXFVM16+Xn9K5P7kugGdAc87Y742qiCWmcWsBjaklGTdoGNNzcRvvQZeoB3oN6p003fWGjQvWKZcfjDLBGNZ7lvBhnVjzhJoX2iPNka2uMCjLX9s7eAtEDbn8AX/p6sbr2278PoyX8k803VQgVtc1l4VDvLVvEowQfCtF2fl8irYbqiWAlaYN1+Fub0zpr8vwaGHZQIlVeTXZOFmzraGNhsqvbS6/MuiUszywSxDUNj5xc7PlVD3iGMjPIwI7LLWVEezY4chKHitGYP9jiFL7Oaqt9qwVD0mRcKjDix6HO6qcCtr7AeN7TNF+YTjCzLOGq1c09ASUzw2Y01SobFr/whpKBt54856ahPBiQ/lsNgwKzIUBat6oAPNKvdB8t/Xm9yofwWkC3LErLJJgefMl3kPfQYILs8q294hzyTjMwfXc/3TIUyi4LLsMZCQEdUyoQTw8p0ADDmYlG2v9zLNNUVyIBptMiCw9ByZJyKCgPS3oJtUE+SUEsBCqtC6wXN8unlC/GtYZ3nD2xLAV7UyWRyXss6Bf3cxQLVUFP76w1+jozMCubVVhyJEO0Hw918LlubH5oPAzI8K9Lxo2ZPzoqc5f4rjqH2Y/C3SKgKrBKTnYDHsrHJqCTvkLOWZ7y8aBMkeXff+ZK5oi3VdY2c+ksqzNK0hk3a6sDMeqH8fO7wQS3TzIhoh8fiCfgJMrdWUdd+bFSK9dqGDj8o+gz5VRyBpU3NKUpJXatBwCLr4n8Xq76PCdZaZY/V94ZvIOlD8LdgZAHGOGlbC+pu++YLPJSSDNrYgsLbOQ4tDapOWw95nA0eKpY3XDqxzI2bWDEISeSBp2UfuKlZQNzG9FQRSa1sdoGBHdKcTP5WyRJmf8GPJVfgpct88SBT3CdDOwtODJBj7kuKfhNUHft9W39LRA29ARjGDGYfwHL7iFEZ9GmqLu6aCdMQtqKmt/EgpzhRRjMQ9sbcy+CRqydC7LFpi7UT4jt3W+i0Q4v3JOLu5zTHIgMP7AZhE+DfhB61GgeToK5cIYQDmW8O5nhc110Frqz2Dj8fus3rE+fAJbeJubVYYO25hcS6iIFepeHQ+Xayp5Lr5oSV4AjzUiegp9xwHioYGcGG+QaHoFbdwgOcaMuz1VbMn/utUtaiBaffU3/pWeysOlL7eR0/BYyTvzmeezgCeJKL3revxWuSyINSSst083N9syjH/eB73Bscy2t+T7eXYDX/ak7Gb/bOujc66++WWNWFRHMvydeUO8xpeuHnMNg5vsdO9OnQtxTozzqN51Y3PX/lJz63DqBBuM8NFg3eP2lsRlxWelA3fMetms+avn/WtgKd5aLmc6BzWxKztOHQgqk98RnGF7IyqRYlXnn6UphV6dg1AlDZaES2F7ZSFezaxepGFmRFsPqz3bW7jxwwcwcNzvV6wB96hhuEKCAXrirk4pP7R8Mh2xAaQBBrrI7FCzpwcE3EENEl4nvEwqGm6TuisGblO0liaV4RXoxXBZVngTb0yzCthfDQUWtgjjFQT62Y+u5SPnQjkMS97YSzx3TZRXmUUP0vPXUndFGOqOW5wXjWDnhfjU/MvHF2b0Dja3v4mfNAK/Yqs2PnRXw25mlg1jsPju7KhOBeEVRwsZ36fzKLWimMSE5eEu4kch7dkGIIbK2n1IOGyWHLks8gqfkr36gmuEeO8ZeDCM1YiN8oulF0TU5k0irVrCpNvoe/Om3yPklqVeAWhhPrBV5teF4iwwioydnaiPJdQn5NgebBdKBrhoavy0NlHo350GLk3HHd0m+tDj44SFsba9UdFDpnP+4tA2+RdUMGCUl4B/Ms7rW29iErlfKaVsZlk+Uyjz+brq+66u6QTtCCYyxAuoM4meizEgcfmuAvTrrY4BNEjF/C4Nie8eBqGrGBekhYSmLZ3EDihf6dCnwfFgHzCxi9STWGcDNbVwYuELCsc3qDr6gchvMZ6Z1p/Qmz7rCzEq7EZqnjxD0R3ZdS3c9ihnxlPPOXEwDR/w6DV2lW/V4nXzcGjW9oVyGtZ4InBMi09G5I9Q2dYDESCawNPrLvkKKOLpwq43Deh4wHlO8+lasW/76T/zGon/zCupOzjOgbk760bS5FgJ9qyHhyEKoHnFsgLORJCyCX4ValYK2lRNbnyCvQZ8F1aOMGAYLPtp89QwEqaAF+IxAU4f7ahe9r22Z/jKcsWcIRFTEGE5mCWdxsAy9TcGXh5OSvT1iX8tUjSyMMxqC8QE/fkM+IYgPU/bfIIMRKbfN1aEgGgmuEj1sBsWHbNfIAdidl3qFtY92Xdrzu0NJ7oOOyuEtgZ/A4U6rCdwYeulCmiSmP3U1JQENOwRQI4dkUkt7eU+xYJVQ80KDJc8MPGi1nWUTtE/5H7t/C46Q7ZqJyhTqvnvW+jdNbg0T5cXcW6gw/FE85C1yPHjJ3R2hOyfPhW09O7yI6np83jbWhW4QqDWsO64Jrvb/x110x1HlIclAF9mL3eAlqU0Rn3eouTVUiTnyXWAK6DZ4kzl8Mmld8cIRcNbwZriYapbpDaUjoMVBze9ytj6lBr8UNb4Eg4OhM6sHlmVPDLKOB+lK/9j1civ/hf9zKNZdvAGInkKvUxmn84q+JfEVukLXHwZz/0RFXKFkZ6yzRMFG3sPrnO9F51IfX0Itt6Z+cH1LuXHvV+3R5HSerFKInsM6B3ZFCu9NuWcsnBK70PSpA0Tz/L9wwh/LavMmqVmDmAPP54aYgAbervhX5sCBB+S/MM3RfnR7NJtl3+QSzV2Qczo9avEZc/wA3vF6Gh/yM8DhXZbx+a8Mi32Q1pCqdBTmCvvdnhBgpyvJhZY6Aabsi3UpTo6Br3hK5KGOfiHemdp8OlcEmnsXASofXxbKzLwqFtUjiNYTXoAZs8X2EfK0TBqPTQOLQTgaS7Xil1knIoRRghpyaxXc9T/kLp8VLKWS54BanHiQYkYIBH8t0ALGH/s2WuSCyhqPhSqPrk4GwwFjJwKyb+7L1+wSgdNAJxMmNESttsCNsAGcRFmUH+mha5zy9eK2pzmHUIqI+UODJu5zqBhGP83+NFxrtBDApmUdnWX769mtcXM8tSyEof0PZO1JSPCZJyu0mlbgf5nqKhHZp0oFh+rvAq5K20LAjeWg2g2/fnSVtFyJaeEaKwJ6sBQaWQ67TQ6W7ma4HWYxF9Qn+K3/EwkneqaCpdgN5r9jtS0DrMr5Y1Yo8xUWWNsNMxW1fMgqzSZdywFV/EgEUAKTXTJn4LgbQ4eShRDwNEmHIr2dHrYLnEkfW1ZYPhZj5gNjcKBKpSmPfF7U6b0RNmuVOvxZAsSGZSBeFGBwn5u9uiXVZO2l5ULG82JxSKx7oCo608FaUTp7QgjMlMDkdlvr9vVYOdNJ+CpTpnQGY/FbnYlEMaSFgq7btisiL0bQ845VdT7kNFmsDxCk3h7l8sZHYLRWly8CiTZmtaHRmYlPlit7JIcOTGKg8P87OhhKwrFJcoCeCE3uOHE4G7sot7f2Pde7BQmaKShw7nb9fUQI4PWbOKbA40f79LI1w0QFqWqQF7zP3EYSnZZIQVtMIJasMABjEngo9Z0JWr+OeDX/en8EKS3iJaJabVi/Z9BiKXsTx0MbOm1+DhvCrWeldcSqemuXttO59kTfISjSWvaoy1d6DW7pn8TOt6Zg6Xr6oir7/NUOLv5th1of/DiyrspdTj1RBSyTe+13q94dTagzNcTHYp7vaZDVgoTnLyd8oyRtqxcQx6CrxMLbywAPI92QShxfxZmUtr2+D3kIAdctWY+daq5pTcBCILT45crBb6OjKJR65PWCNV9tTTDME4SlJFV8uUpGqPzL5wGTqP1lblczJ0ATWaSjVxZBq77KgZAiOJY0nduEfneb6h52HAAb9Xd3ZVAX5EYcrkCLwhZcdphGSeAxLyTHWpSYs5rz1L0IPosQsZ/NnJd89ymv7zKW9TDuPOU1jpM8Q/mn1hZon3RIuLDrhnihhc4QAhfssj+jIbVlYgPmSmaNHbV01o0RJ5D8nbGxQLb0al4/sJLxs+dSG+H7Bcop0NcULfU7hrVYhzcmQ4YhfjSSuofVob7xmbOY0ULlkvWe+tMNDxSRU6I/DZdFmoBiVGH55zFg3NAc9ujpTsqcknfZtZoV1jHMEjrMt2nHiLaxDuH0wr0opg5AWyJRZXFUVhyF2Iqa2WDwbSoFOcax+7Wl13w77316vVpScxDc2Oqv3x+f4+g5r2VlYmr3AbXLwyTrmX75tJL+yjM4zYp74qBPZg9oOQTB+l8wwDkqGUSUEa0NVGbO67McuB0+8MT1D6zox50C+MuX+xHMerNufcrhwurGjAVIpxAN1B3q6hPnI1RLoX4nqJH7ZX8ftKIeaQYkAdhrS4+IURIkRXh0/gUrI0G6/Kh1O/95UGJgmD7j6vIFula0KRbh3czl+b7BHfgVjCJRWvEkKgnWKMPPUZ2xU5tQQS1xXfgfCD0DepIgIYT53oBB0oU1YIiGzKSlu8/F14tEGvzsBbd7C2RH8jaB2bYZmxJybniq7zOtAnSEbbOKVacR26couyswBnqhQoqs6tVK5ciS6w6dCJ/pBWurFHDxOr857BMGQNYQOO71mGOJxRiuPDDoEt+zzOnjpyyWG1QEmwoCPZKtA9NLnTtRLycDwBGz8JmH3Cd/oPDMnmqB1hZxEIi1hoTZme8pU8cJoUsBgT1MtmrmUz1APz7bDlZlL4jwGXxOtbzH5CYWI9e0mRZRKgd5hGs/rxyO3PIVeCVEq+hwW7yA7AcfiFHZpvWVQy401q0qAkI+DqZkPdPSi438zxVcH08NbwosNM3hOHt2UWFql2GOh+CZTIJsAbhZAv3ElPswsm4PE4c4KELN1s3rbF23Y6ZRoUa3iKYivbVlbWstATyHp28gef34125HBgEKuPYwtQaKHh+2dqu23fuJeZycXywfhEIO9Ccv+42T8CCK1X2d4/znpc7FIrjfZsk+THO4/Weg7LD7ahRyRyddNd3YFPtsNZ6T10Q5Z0SyCcgu2KFKIM5PQujXADwaS/7cezeoFLQ85x2slHEwtpUjbB/V70xgLt9PevTGXK8jDNbkMv8R5LPGztvdO3HSta0E/qbV5/GCSNMY/4gVw0Yk7Og5eZcYSfRqnkYldAhUPnsFkM7wjF/bpkUK3v5EsQC66MiDCbBhTWbfv41DHgpJwMqsg1ePjvKAF88ek9+gvbrvcN2kFodfN0OMnaby/9OvOheoCvi9TCtv5IVVa7EE88S9xQTWHCFuPbtHtBu5toLzWQOOJ6/TJfUBo+0u3w+v6JxCJiewJ4+FIXu08JbVxeJ/cA1a43I9JvPLaaO5oi6/+WdYC9chVAssLpfWMTQ8Zb+f0Q1CKcXFOhNoi28ZCjojXzBIQ1nhf24qYFNgWcHBkAhe7+OgXx9AG3sdKfY0UHuuFf95ravQL9Fsu+LyhTUrhJlgDJI9lYLXa7FS1wmuI3ZOph+dfTq/Fw9WayjCv8GqH/YsQA5OFqO1fZDoRYijA/S4HBPnA8CNkZl3oOyx8hU8+WFkjN0++7jsHfFh0UFOJNYCXwMkCcVpwHtO8gEWj2v/cjsjXJcWuBfVwDZguAJnKAqnfFdiFjtfM93A2j3MpPIg9LOArHaWm9Itdp29E2haxcAly+2uINwS+nm3UuUAdVQgYZDIaNV6N+Gl/WFK0a2Vc5IJa4mEZY5ImmEdc/hoh4U7PUG0hp5dDlLkgWZYoc+1BGJztTZ7dwDneSF2fJfI1AE2hL8GLTNIuDl5luldXrOgXHC2lNuLEYBhMz0wbljeQz1qaqQWR13G0hBp9Kc0qBP8lQwa1XT/CQztYQ/+EIe9Rz1qGYQPQ4RPIs6Y+SyiX7RCXd2RS9ByAPmCzUQoe7mbrx1gS/lRVLDw+vuem1lVBFZdYEpcKJp4xLeKEc5cdCJVwDsdY3TR7EXvePiASpbs/PesCn+GTf3aQCXU6+Nrq+y5q5gyhrQQbcKLW67SyBg0hGF37ICm4XF7PXTQKd6uxFsoCuw33ANeZFmhT+rIu/RA7sOPh+OBTPYzCKOSvgf5B9IIt8jDrMwOTaBXHawCwkmHlJzqfOxjU0HtJtgK51YQq6Afaqams0tgvKK/uS0cXAWprd6zeYJYL9RtICCq0ScsXzu65eaMAlZnLWlFfIAywhO5S9MW1jRV5koWiUMSCTQm1uOCJfLhnlqnurFGfuHrYuED6sLLQeDBBUhIhV916s9FtBGJGcFt0QLtJzoNo91TWAZaBfzVPnujeAImRFMFwPEccXC6NeZu7Bd6HlLHECdn0xojNK6j4JjOgb/qUXX20nXI2BsQs95SDJAfjbVMRnSqsVYIawqbHh+uTKNgzFm16XageM7wFr+ZdcYKMhKCbBkFVTLHHHl8bv2CQwar16OtmbcJ29P3uA/qRj5zZmQzkjMHrYE6LzikDT3aPtWeWtoDPu+ZX4Mdf0umGeXO6zgYr0r08uMhAgaeAdF4hqzVXOdFwRKibS7AJuMX9hID/dnkE/gOd+uoxxqvBqgPKyU4D7mNmoI8qosqdNsyyU/nMWyRyjt3EvyFjJnQL+pQV7eAO54/uzOxl0se2SsjqPM4yKPy7knaXluS/HreZxVgfZC1anJwaSZbffHEn3kqYfqOJ7blnvJKhfVtGhXu/PbSUG0+igt49a3uq3LWNtcGi/A4rERrtnEJRW4h4OloFZst4S3kTHDUnuP2IoGEfiJeMBiichPfkb3tWiooiPeEigxbobUZpbiY11JueZXDi+A4U2H9ggJEcIudy62WMsCXFjcKvgCOSyzCnK+y6CsTUvGut9vnXUXsFSt/xqa2lNWuivg7aC0r5BT9o6pPap5dQRso1eH/mDXMGNtrHzLpukpYGbB78H3k55pzDNqBIhZEi+TYwix/PraPzss2mSF2mqRDRPKHvYODPUaRl3VvyTM5kfSMBBxfb/bV5GeVGA6VhfAnFOw8RvMzmTFBSndJLYcFHIJxMPM81uFnh/YutqaCwP1tetuRkQiTEp6lj9y2z9OmvMRd1sbgQUTo+jp52cp93DUOXYCLCEawVOonLvJuymYulPV6sXTI7wPNRttrFaJ3cNDGeltNXa7gQqAD2xnHrdLa8pO3IW0poVMI0fJHR5ltvzOUKfujgpr3cInaOLJmxjooSjBkZAcbYj6b0CXiMpdWhDvvzuKxNo9s70dXqudoiwxDAgb6xiFekliiEc4ey8RDXCNDGUCghWhY607wlxZB+khyoOy0JhtjNtz+dpLffQGtgyRg2fhDLuhku4ItytNonH0oPNL5e9iw/r0ecLRV6w7+17pJwYwhdPLwuoVai1gEi+pQvYzISkZ8/6ImXWuWHKcxYD3DRTEq/miUr9wdaXFbJJf7o0E3+9DnxBBaoeVPFClNT655+XaztD0Qz4Dtt4l0ned3Xo/30i+7hdSquMFJIuOAoWFSxsSBffLVrZ93IvVFDqGtFiQkpgArpWG/CkMe808JS5ccFPS+g39wwDu21NGbVzNIhXHA18fQQVlnUVn/RelqCp0212HDRN0M6PatVgoMnDftMMq3J1jA+/02qYW45PYXr9qhE8p/eb83AmMqrLyxl1JyUmh8BTq3NM83BHvHVbfsKxDZhSt8NptoSAsY5VpQadS9dxvZMjY8XaeeysIiEZEj47DY41IA6/+Qys06eyx42eyomcCTCmseEuvbsuDymDLWcCWUHPwLG7mSU3HpDAIrnsGU3gJOjEAhf6Wtgqb2OIKRmUbVkvpjXTZRAz7PlqQl8nBNSN13v1x0RNiyVD9jyRX5VPzAiRJ59f1M3b5+tXjPljidYJX7U01buZLaYi+LLJCt1MNXA5Xi349f4AYwMUtEuCgrxHokCg1H/AKxzbctlRU7g16ooTGbHTDxk3kOlDgCiOmah2Hi8nwKTQXrtvcx6YZ6Fte403eYuVjnBT+nvHSz7pscr8+xiKlRIy0WppLDY+YzzNTTBxh8AS3xLJQNgER751Ud7iREFJEn0qekFfLlQLqiwFi5RGQrF+dZvRDNxZivIUkpWkRBauwp2IVTyrfzT/vSy3irOsxnzNCwAi1m+EyoQZKH+PqGbSwIkhSQB7ljNLGaPrjZGcGQlukPPsBwhcQ4IKdnaeEsw+/JLe+NpCVBEYa8isW2mZH0NgSTIKproqHk6VM6ALV3zQsLzmtuZpMH9gfRVKauizFxtjJ50nJ5/iLEZmHYjsXy63dv0mzYM+2wjT1ZTd13Y2CgqnwDP/4aE0mUgsbj0D6sKEpFYTIyXXAddldIPuDZW1IRe8yLgRScgUFnVkVtEJRjTPu2NV64xopBO7blcFhBr5cgFU+y/dnrn+WPrhEIpc5RPnugGwDJTqXHMAR05YP1cC5S4ylNZ0zm+n9uRD219A9klI3zQV0vtLVrOIgvWmBi3eRe1E2JFxfrs2OXERLZMLualxG7yV1K0MD0ZQXM8z3z8wOMbWa/n8kuBr1ap+uMtJnu28NaS8x77MYQm4J2Fx6FJAx97MemlV5ED7bX4TJpKnWZZ8+h7e+F+/q3xEVS+7BwoL16EUSL3xI1/ohw96Ok28NUiryELPfGgNWKVU2pST4KEwGfu/lJgoIPHbPNTFy7I3yhIEQcB79xxjjOzXTrBaTmmG/cYojnT3fJGlNmIQ+RltqQ4C5x/6PyQKus0IQcHqGf+kwWsLyMLdQjbZ6FFd9VfI+CW+htiWg5S6CthsfkRulgmnjwyrYqBeIoHH56GiRdFMaakKw6QCRyYxA71KwQ9t0l6c64ZPpw1JhrZq1jwzZwOThrTk1XAelLOQqu+TPebk5dtEVtZ3oBpPdGTnLw5b7ddvsxyLvOt9MBDOsCJpgkOYMhvZ4nJcO6IzGO49ksmg+r4isOIv9mQIaMppQh5QapI+oj8HOwVIRrP9hm0viKnOxNcNqZfp2TqALIDRuETWB8NpE6maCB5yaO8gX7oZIuR/nTXgjckkOo5i0IO3opprBMKlpk4VI2J79Uy1JfB49BaU1hHtHlgAwr6csXEGHG3wW3k40dcjfAGO+IJZb0ykTOtuFGkdzvvw3xvFVjmcRtMMOO4cM3s97VH3n5FRg7DZ38akKZvhVEaPYfmDRKq/d5T1aLKcN+WlnCD+wrsSdlbImGopHEFVBoAaUL8r2dd6X2i0fc+qmaK9xnZLvlHBoB5q5nw3C08koB8rFQSGoccquHDe+P0vKYDddI4dmew36w71CLKZu6fpCRjz3ZF51ZMIGnDwgWlLkz+y8Y8wQEp5c1iuuIQv5IVbDcA0bmicmx7T5JNAm0+hxk09mVEP3r9A4b1yTHYVLGjpt42Unu2I+nnGi9jfs4MwLbB2ixBT15QSBt2fR1j0kxPCpJUqACtJ3T8M4GmibUAK+flN0QMKaT7lV7vdOaaC9Sm3n+fVAbI8pYsnsx59a/cGwH5YKAqatuqe0cUZh5VzEXkuoKwnz2LnpqWsNzQR99b5EBh5jFfh81CGzPBxHLp9J+oLrupHFEufQZjDUJvQXJKnSRKsv4w5dKvtHtMjaU412c8oPfWjtNFt2/HwC865ySMNAAKVSALY++dM3Cls+y2BqXm1K0qMO7yZE3ADG1vhuDQzAK99IrC1qJs2SHo8tZL28NyioZ6Awm7wMcp6NhKJCNf2NFXcQNB0sH1plJNb16zK6dHbXzttoxlwP5TvRGZo5rx4zXh+28PfN63dlidLGMLji3pFGziyH1E63bzKg+T1QM/qySHwz1yojato4CE48gvHC1EE8T6HKxA9cpLIn4JJWfZWFdO5At8b+6QVcKxBCoxZ2hNkdUnOpW92euM+3i8/yqjKtUKvU+Fu3POSzLOU62frrCXQy2GByo9ktGtOFRUS47T522ESAT8jNvGE/pIyNnDA77ii6Dj6NxxZRCD5flefLRsvTKTZwPlQ57yAED1jy97kXdC5juBhcsquot3tj3/ve040hzrOCOXFRYEMvTtUToICaJS5j7WlBS0izfegLl8ZGLu9i/9GIluQp2ZOo5/fAv8QP59Gz12qQe07TjB/68JkIv0ZTKtPzhtekRqttnwpRQ/tMJNMepRvgmyY+A1O/b11ZxMdafn7KWi+Cv4YZH0gH2O8zAR1SpZij7F73E74VstA5M32ekKzKjbC3lg7kDGWxNxb4cHv+r74XUeXybDloFcPv5gxuQNSvfvjLbtTC0yYB8mMwjgfsGLJ3kQ+1aqakpaPrgY8cSvPQvYd4lHAS89bczkgLTrB34pFMmmd+P4+5ATquj3ZcvzKWSq4Z8rJzQ07KEn9mxBeSteP8x23KV/vy+FTsYPJMNgzR1UcWhjlRPn5aXaVnhItOSg4SC67IOZ5kr4fU+PVEqepNpFwSeOtkuNje9Tbx+SyeYUgGfWuFXc0ReRGJtmcreYyE+BMWyG20Ooq5u6uZlm2y9mzcXeCoZwx4HtOSC8LaP2jWvld5zq/3OOPw26w0zdX0xm/Hg79CJZhTO+ODz4oZmqKyRms3eJyKZrOgRzi9B0GYL91l9JEmJhuB8HX3vzW2tCMVDsj3Ql6OFBvozA493HFTGUPxUNZsJefYWLsj8RSKyGbsoYBgsgDRoIYhb06BR1uKEiiquiu5tgdCu7jYkGMA8zN9dKOeafAOjK4ixufQDJlapw0+LC8jX+2p2/h/v29CGpzL7k1Jt26N0WkOuPAU9+S45l0tC7gFebtdbH8OjoR56WwZ0uq4kLup4LCWUYqATxTONFkKwRCljTisnCNUIapgFLH4VK/L6hUAwdKQXECRjGHWhk6QfwpsFuPp8lrPp+/akVKBnzW8rhR2VLY8pZug7MY5Jr8wq0p1aPZKETCI8Lz53bAcpZxUVuTowZnfdOktRxoMHeMPLa/yYIAOOGmT/Fdh2D5defQlXbkcdX1T1205hQanoz9gP5RVsHjzyvWGbaeO1+0STsgU1fCuErElhaSdHj5M8OWAogICLrHZcwQhRDF8OR1pvyE5wrF+v7FCCe2TfefaBNRFhprCOkAPWj2XnAsaqGpZY2p4wJ7N2h4EhRvPi2Zk+Z9BT0weQyM1kkPsGdORDY5ZT3FsE/25xTR+25ma0lSD2CzKlJZxLuArMVlT8hvvjzsESfKhefwcdsDqgy/dEfLriNUKH8AZ1nz/G0OXatbKH+BfJv6iF34DoiMzYU2hX9miVHIuvaOUP+iLpyFlGtnsKmfbZNProNuPsk4uJkY1BhJejHkO9ekKeWyaYMRCHhYamMJS7/K+DQ9jm4eUUnRxYInT+jrlY7Q5na56p7kB2Kl9NMTBzl381Vo+yPtocTIblsL+Gp6L6S3QWLI7W69x+DXCyB4/AMFgQIF0qYeRqRPm1A6DCXmk/FDodse87U8r1rUZBgWO+8hwD/K96RtVahiXMOlwG3W9ZSx5JXWKnOE8ddj/kWCxZoGV2wjb/9IT8/0WpwqAGnBVCFd+Wu9Yhl6HrH+eUYYUHdGdd0gJrUbwOiPfBC4gHX5FQyFQ381gOjyS130jG7mbu9HGglDfK+3kvzCnaqOuFj1HSwL4vB5vV2rYkG6Euy7RT6AwZM09Q9CO1MzB/IGcjSH3rZMVOmMW+m1vkRvGSci5f4RwBHGdq44KR0Q6SfkaH8QhZkHOAqRdgvbeW/xycMA/qhoZQPXTh/TqCfNMaHOkI4BvRvhjRGHjo7vBMl2PETNTq1Vc6MZYCl6Tx8pTeIlF4GlVykjtLfCrRaSsMjOe7krBO1kd1910+gYDL3kFbab4NUkHraT8OpVc62hkdrcfQiS6AXRKabwxwUTyqqOGz8XA95uyG3pskhdL8umTSPZCJHwuAMaEZLvkQaOZPqEu3Flb4uD/GESMImiACHYV2VfwIrmxCE3y7qoH2+YHj9eCkWZx+3miwR/QcAG7+ghFQzVUXzWs0g02AUnve35Oqg6HjAddGdv902mQoO3bXjDwwwzSRYNG10ZDmdx9JybK4BUJjbE8Lq9hKaNPWu7fLYjTPg9c4z3UApzkwr97kUeOZWBcVNWu9gSVyqbkjsWCV88Zlf6oyDunrP4iQqwaaSszc7FA0LBD3GuRlU/k/Q/FfhNzglQd0/V1JvyIQHbBrcnWr7PvD11sWkoyty3s9n1CKbq7bzI4mfXNOENgjwz9UBwGLSC1IJ66BlEAs49KINI/PE/+5iW4KZJS+BFR0dXsz/tUkPlSQ6DkbFx/F4tWmAk4IWh2cq+d3qF+9nWxZcxv/nA6d9M4NjFbNnmO+APETa8ImyNtSqVm/ZDGSunfHdjA6wiLHydlZZRxCX305leBbS9mxr5Ucup+nMVly7Hsw2okshrpZ4Bhvw9zw865G1LBb5sJ6yqiC4NfrwojcfZh1WHltH2eJ5HKR/Qr5zwJAC1Ubympiii9ALNIovAY10/yFux/+Fvp6+u1VQgAXPQAeZ4UIoQCVtUpWp+to7X7at86/FhiBhvbzVojxwwCRtc+sf1f/0/G0/8slg9THbGbDVoKxndvpIwjq+KCv2volVNXNCfKD/IoVPNtxMRYQqXsFLaExujSEd5PARm7pQhALcf123OhTR2uulNpm+Wyj+n0QkuoD5owy9Aur2WnEUHKu26xBGBgbfEJYLeSHi/7jalWdXT7FHFy7Vj3oYax+Gnn9G4fQJhRn6x+JG/xs7gYv5++WRBuw/N1stJkH9SEUhoryc646n1A4KnSqbvvxlBfqqCv2ullpRtuZV08owbwrVbR8RNxRAcbp1BDdSKmfTc4P4tskzMN91YFA+s++OP0b2VTwv8F69Iv3fdHu19QatJBk2HBIBnarYLd/EN1Eoy943KHblEvzGh1uXeSIZCKx2EEDlVXj5iUGG3UHsX4jr22MTlP/T3F5NItAjofnxAkNmozP1vExJfCjjXb8XIIxDBN7UnHPDnanpkNW2JkvsrARyL5ojkrg3YS1K8LQepzPcXlR1+607xYc24WhbIRonSsYB2HbI6z+aMscOdAmz8gY7w8jGvK8CzVDF0OxanYqAMNjO6J/h62s8uO84QfeBY9seo0kJZSVzDtG5OIJVOvBIjsv1MFLeRNb97dFpvlCmQweUgowKL0f0tnLK8WPSq43a2sOFQIoLAHdFLW5oe/EucKb1BpNT0pfM81xSCA/pi51gP0eXZb2wVQrMpnzaiqZ5HW3/BKghpRswxLwFJgKSNmx2EgxpTRPC2dZuus1i9iGCPH5CZLCiExhyfLluRsU9LEz7x3FbaAlISNcp55btGb8W9PN8mHl9CIxX6EPERnM9ABiY3uZyNp4lJ7q3/zFtXd+6sz4lHUQkX4xk4JhUXM+zp2xcQEHQlZDaZ5ofEAzGr943HdpNhw2KykfN9ACVfsb2RjqlE/7YfGtmANVgkjjwSgRXNi5j7rtb+bfDTiFY7QOfxB4NFcgpIJdW8szEm5T0dF91k3g+l3C/oWOErRMYtlW38Ce5i3bBh33YbrO5Wcc1BtFXA5Yh+y94BWoOkQz/atkX7BZ7pFpsWvUzZrzvDXBO8+1QiRDMTxZbHMkLBnzr/QHO13PKmJ053WhkZOw4wj3Yw9bFH2l7Ecw758CPIaQ8FWEj2XrL1W7CMPAFm5urhSNcyeHimbxXyKxRzXLpoe4ERJBfJrp5Hxj3O4ZnimF2G1Ol+xhsmyiO1McCcXd2Gi9uwcrqdmW7BCSmqVzP/w5bXDzIO53Wlp4SS3/hRsDyFsSI3SP6jwebt50gwWgNb0U7ccHdLlLhI+E0DwgThhpbrmkS7LHpAIDH0iJLSQ9N5GuyNNhRuaRMxChc6Lgso0JrBtnjLVNn7eYeRrIGyM1+CaG76WgvgrN8E+ThiUzYwvFVtursf1Vv+YUP7CRrMkjhjNF4qzzF1Cmw1zA4ejVxstYhv58F1vfRSBqlGruFGJULN20+pTdFpkYmiggU3Qff2gAvVfzMKjwShoS3uj7R16qf7sfVBBjBgvc+IL5CGgqvGpzCAeC7M3/e71dylAH2RiYwoZqgj0c3+M3Blm3tw2Zy1WuICUkR9TMM/O8nJzk5+ro2lmKeA449YOIBgHtGlgH4Gqo4wGj/L2O4O3xCIjg3vz087aZ74fPI+VaU6NXQ4kUjgFPMQs5HYvFWPwcq2MbeXuQgnWCRO4/DjyWk4w8j5CaSCsHeARdGZKZyp7xt5VFWv4jHdjZlS0V0nz1R0eaKZE+yzrUTCz1nWOr5XvupkZ/UEhErNh9hicO++NifhUt8BwEEVscjETcLmMZRfiPCYnbSU5EboiXpfF0yLfKP3H1os8ZXbJKff/UWJfTtN8WsvkAS/r2nwJr+UUCIVU0AZeAY3sM9/dxVDKevAeqZ25c9gFHTvD4KvOJ2IwqC4CtCwSTF228V6PXs1B4FGM12IHrqAHpsGingL+vf6GaHXFprW4ntd4w1MVSr6TkRf+fvvlLuOwvQrBSpjqAiXAfkNY6L/YJ7jZ5RXsZaDKQk8JCzkV58yX5qrme36zU4J0BZZZjhtf4+Stsas+qpL8WjPQTDy8Lzdq7eRvo91Y+VeX1hiK7chT4+gd8bUfgwPTkE/D6HfR9c43Ah2Sizr6+opQcftR+RDlQENEMDkSpYEQikP1G3mLKWcSNwzWCH5PXq9iMzPQo+ayEivnbN+OSvw5rNExpAlhuvW7qaXGTXZviEy9cOdsJcMRrUGLtaHGX59U9JBMOQXJmZyX9h+6bJvzBZdJr9mo+uBBl5sNOADsy1zRhyg4GQTtFNVRqrQgMeySD9dAiLUurU7lxLsbTH3MuOkfRFABd3CHLE+F9nIJFlYHpTFu6Q77CKrR7D+d5xqkGNa0BGHFW3uy9hBg2S9gh9OZnt44eyEpxh4z9lfdz4HBAicNZitKRRy/I9nGn/ZkQqIxHg6VL0bdbMmieFQORm2cPoiMdxGxtuinT4vyFsm2PtB7uI/0u0BoRYFAQBotm3btm3b7mXbtm3b/Nl2N9u2XbOIWcgx8g6s0BaTmXRL4i1vxz76PR6s4JXwd78YJS+DY/NR8eJicoORqLxSz5408OvrvFVuv4CgPNHNSSZz+TFkaOfZGqjC8AHZiK2IbstcVq3SMsc6Kc64fO93UnJZlCmCSQgwQ+scL+rzMAAEDCSG3FFBZsty65HqQ9tr/A7JiIF22KIoyuLgDCzYoF2e9EkiNH2uXD1uebS5zrlUMNwB7Fdv4PSOD1iSnGIPfP0n+IyRnBrMboV9s7y7BSmcJNWP+0hwCsZ7SMV7+/nrAnT8ywOlN7jJ3fk3m0w/Pu0LfZ4Z1dokIGpnQZ3JcvyqGeq6OuWq8X//02FAkX/tbC62Hm12ZbABx9nf8F95K/TfubRHKg/6b9v6eNiUcAf5RRXNKbwMSTj0NsuazYmk1GiWoUsHeUGmutSPYZf8EvVT+Bb4GVYGXg4K1SE/TAaOLWp2hlGJk1YItLYhqpgHpJe1xpf1b1Iou43H02lB0pZ5kJPSdVuFeCHo0OsihoBIt5c6emFssjks6uH0EP/eQoxX2o/+w1dp0v3GSEnsonGlIM01WrKJ7uqw1KBGIpPuYoqZk90GYPnv8ZA+ErEaKohiM9dzElzR+GzGuGrE/APRhxHrXEbT9ZFFoYMSwc4G7oKcOxD/J4Kw5gZvKqIRgiOUiT685vNlCLokhczmuI8fR12rTLywFGVEGnH942fe8ZPFP/783sUqJu04+Dq7WMTL4EDQiQ6rEObc3z8izDbmz17QLsv6QDMDwU2xuxL2VoRw9ux53UMc22RaHK0YJM/324poxH1ao/qoIOEFc2+IlefBwrfQkb6JVRbDQtRCIQ4pqNNmZo/0QM7j36aExMw30CiXbxtNa/dWBQkk/KTo0ZIcGUxNTLRzeZdLUMLR46Iusa1E43AUsZK9j5X4ONqZbMzAB2ZwAA1YzTECL2Jb3BXubi24ONbw+BSbazsy819ZJKW+HiIM3Dv0DQHvKAlwqfKORuhVCTb9Xonp73Swo/VHgkvvX1DM83FaVRDG9MPiJNfEZE3lBR14DJak9vhVOYvYmHo8GhvVt+TMZ57VAr+icehL1eRscdKAU3VB3FqDTszjLfzmVxL3ze9+AiLox9wQ0fj1+kVdKAFlur2G6JpVGh+3oH+jIDGkNw5DPozRf2veyngbNGiqoH/ABB1oj+DNv5z1olCni/dg4n+woR8buY5d3/uanpKi6VV1E2vHgkxMuuqfSOl2bpZfHS0IqFc0kNFKpPcf4fzQ++7MomcwTovT1h7styNpwagKiRi4dEu3NdbJcF26wVMTFN42Mb+6VR2aN0Y83mludh++RevFhPXHjTv6dad4EC5ps3adEYcdxMrq8yyYXN+M9KPig66m4CWfbQ8BWHZggc8bueEe16yRuNdQ4CWNV8u8c2cUqLR40rwqgjpilib/SGC0yEyojKKN+F9vmiZxEhuNHJuMrJznTrrKIDb6MYDfEFf9ySq/5ZdhHWmwEucEooW28Wt1UYBuk/0djRGnEboru5Y3/pDTO3Yupt4y+Ej4mSRS55pvnXe68EE1eysyHdPjkB3DS8jpNSeXZ/iiutBZiWsNrBype72T/9gZYa37Vge03uL5xSxJ1emZDguLy4JftFB2Gm8/N3/OWwB+q2oyRxAhtZKb5yKizeN8znhjNjj01JTDsuG06k2ky1wPOtVlG8F0mC03XBKpl+jwIMlxdpXGv2ra7iI58Bs9+JyAYt5qcY1PRsNTDvKNDTraxRTp09oDzaxS05kgn0+KnlHRu/192Kk8UiLsqHM1E8TJpr9Bmd+cunEGl/QZR1Nba/AiKA5F6OVgjqeWVGOeLs56a2mxYDhzk5wDdGbQjqKWv33/AaYR6PkrQVTJHOSxnFBqnrrVuwjxxESXJSuQiHoGyQ+HC4rVwrb5DbwI5uAmnDPUthS1Be1ilSL6KE5+GA+d+c3/iFpLs2NUQ59JvsK2LSPHCtpyjRkTofgFTnMrHRJhqtuVGFEDpGcXMhMU+pu7+0or2xV+5LeFs7n4zKsK97e3c0OP2j8wUDjUZjFfyP7zmTSqNv7PrvQxovZWT+zgpZtk9BeWGue0PYfc1s/GZRgCMVzlUJAWGyxOtMlZI+2o99v7+QrQr60IzNsBbwd3jWTKuOmWN5n5+uwW63EwFpP+AYkuluXbytcxeJSoKVWTs6eqtLjPp9npxz/NGonQ5p26GoWlDp0CXHy7WU2hugtWUVojNjOZfzcoCUm/kx4XYl2E8Jx69kxW2a4FN30wEL5YylzaOHpslFe6DBucrix603T0dT/c3xNz2ckH0W93z9lvGyWnbxnU/2vvtE51j2YdOU7OggDJCL4uKyH7WK4QPpWKt73XGAZ/55pgBXcXKnYXdx8hrixe6faQiBot3QyIX2A77Igjy20pVrsLi/EDAJIlutg2ZFRx7L+OVRAbDoKaWpon1Ra/7DO/P7jvBiNBGa24o4IeclleTnSZCLWvMHpHM2tOVsV+rVWALwWIjkz8x5qslhnsUlgjjEqQIZAgAEkttcZ1n/HJwFmCa9xbm6TYI/Cv3tYlcc6F5GZTvXUcdDf9Dgf26qUnmfgUWNJoyvo2kaxagn6eY74W3qvPNB9Lz5ValUXeT//kXvMWxCxV/0An3P0JcIdz0BflgrIuyie7rmT7cSvDFEz9tiiNYC4Py8gOSa61spQppUW1pFwnJr4IzQv5L/dhGnzM4F73zJxi/xSX1disJ9RzdF1GEn9OZ4eVWiuB7S7Pi97xxdALZQc9eYgCU/bMI2LEysjVU6Lx/5DdhCZeb/1e6fnonphbwlJQ0SmHM8HGNiIkVb46fRnbEa1Ed38ISfc0C57dDHdnaBiVnVPkkzqtURIXw93lvKZEAt8G5muEmsf331x/LQeeFfUwE0posjvm/q6Gp8ZLEbj9xe5NXIaPg+Y8dRJ+WEJlhVWTP9ybibf2JkY+rxtRR+ROU1ua9ARDHj7PT1jUNOzBVeaW208nIOcmamag2y4Q8qc1vxlAxq4Zm/hzWZrDOwwYGKKC9jZq0JUcM4p4oEkNrEalzyjfLJ+xH04rVPlkKPHn83qBehKlSwoEW707XVyFpqhqTmB6Dn5TpT5+ghPFWdGN/dvaGV5xr6jFGgKHIBch56K+Ei/tqmnG9FCNlPg4Ruu8QlgTRemOu2WG1kEy5+G/R1xWETbzJ59yI/u9CH+1CkT3ESClt9APNVBWu3t/TpDJo6QmD/2VsSTiPJsVRKEVYyMIKmhEp7d3/MQ6/j2Y1lbhjaTuf2TiZsM6Vsvnp79S5dzdrvW2iVTrS4lBg1GJ8v0lMrkqSuTAsONo0YA09lw/I8DEdPDCukcwCkyQJfrpMKlQU4TE+hbkNL9MtKNj85lhB9PrLmx+yBAlf+4wMAUXBq3h+l7F0uVKKxLGzz68daGZH7Ql8qpMP3buYpnodp6QA8WXAzbZo5AhrIimg18mh9e8mCoe7qajwz+kM8xbEsrit2/+eXB2XEhvgz9iw7Ln5QMGqsLlOWN2iHdTHbripPSMZh/va/HsnClxZgz0nW1AaC0Xf678lBIKjXh1Yqqx96Y4PrAEUFGkwfooXDYxEoT8JIjkTqOMRqLupuXuGmBRibTZA/50cXZ57LTIzeO8KTEfoiEh4mnFL1UKGdK5lfDagCs30kw67/cC7kSJWgVXSSade9SJejq8KCXozGCorvCP4M97lfcGV2EIlXN67X+i1GVPdP/xOFXBiMSY6QGeVsm+6jzuR98ggWgM3XoccNIppnhP9JSaexoFkAUsj/BXKee4XnAIbmw8fETRFZsyZkSosdJmUD/S2IqwvPnNF6UgrO4XBvpbaWkKcEyT1/3x6eylHMrABdHMsuqJp3yXwMy5lJ23qw9mmstnHUzQUfofSSsiuE6PpOoW/ThWSunhGp2fZQ/rhCGBY6XVC6xCkdNVmW7aFZ8e2lQYRK/NpnO2OX/YCZAvtGZtTyy+I7/CZfgP6q4ECjI4xMqT8sRVp71Az9+Bn0MKbabSikn6J/oH7fJOwckIL6WjjQLbTNGcA7pziT0o7uMFo4W0lXB5GkHG5NnO4ZmWpuJefOMEnZhiyCGBz5CzQwJLruLh1UWC7pfowmzU/nuXN/1Rx55YJMZlEwoL1nzod8yokSj3vQ+2m7Zbr6qqc0of5OOQkNHr/BKuXm+cEeHN+iwOGl0pn7OvC9e5SvfMVGFCWQvTtW9C4fH1U4qv8eZXfxqN5EHCV2bmHqOaGBLdyssWeVyVtVaNZ2VOKVetmp+5kqJ4bYGZcv9ZI59dCx8lN5K1rOGCAXqS5YQ2uMglXOGKAr2jTF9qyp2/mbo81csCyhOGXp93M9IU7+uS1tC1lp7TCOmVsl/0ZZR34rdmmW9HIQsigmVDJiO21LbSpilWtNO+cbvQj6viYYOaCNkVw2ff4/Kfl6B43niyLpB1NxFRchT0jY6W7pR/jvW26zsA6gVFr33a6nJY95gQxMk2rfbLXpUOFSQITJP1BIsgCU84ikyid9/rWnVvPfMCPtHe0Q45voB64E3EyWExtMoaI9wOXO3EAKy2Id80ss2Q1/5r8vBVVIUBAqxQSkoL/omZOz1ZhJvMt0hfBcavjRbrwOrl+nXtYkw87b78FLP7qg87RIzGDO06Yw9Xx6RTJdbaIpq2B7LmMsRhbLsaz5h0dVwZ5Ws3Katq4+d9/ytCf6K9SoKX8FK6nbrKKEJWFUG2I15pxGk9KMfWI5OscHyN2i8nxxOh+zmssAjeIBNPXuo6Hi2/GGodnsWVyCZoH7sc+GYBnC9GgaanNnNJmosMv0WWgOyG7h3afSjfOWCx154s13aCQUx7EohhCwSTtvkljIULJ8vtrvOArUPM5w3GeN8bISmYYFx1oY+Sg8QlCi8fJjJ4u7ACKuUnxERXs9nRWI5zavmhFXA9ISf3wYg8nSc9L8nj7mqFMPbPvvZtPxebBTPM1Y4m8Ma0pzJPMSTPRrFlYHzpRumdf5N7Y8ico5ZNbJzNKJiPm7h7qfs/fqjMvbxm/q6s4RRUr3lSYEdEEeoI3+QoE4BmVgjNVidFqQLJce/tDYsihr6kRtL8Mj5Y7XTSx7X5Q3ru3WmgiQavmzsgTBNhDzGdBzdZwtUME4t5O/zTA3/2CK8Qp3vq/wFSSBwSSmAQE01e1kaw8y4Za7vMeFJBDdwyN2ywCiRte5qy6LO56ubzcG0vbCPA48m0xNEK9yQdA9dcCSQBhkt6gdml9JM94kJDJUAjKesbxswxLygRgtqTNLx+kw8ZPsDyDV0lu8LUjsAEWNFb0H6kGTQsE6nV1zFuPuAmrrSsCBWZ/O6XTwzSkzquhkVS3vtsnfAmdoHDFlZa+oID5XxWRO8PNoU+yYs5qFEvluAH2bE/6ouBGPKZI0FjoSSI9GcIXAbNtEOW+ZEvUR2omqjlawM/hpXwtyBWOS5mHFZu+/8tnkFrRjc3Lp+5MDFbeck47iqp+gNcBYgrJpeRbg8Wt7ktLSJ5ruKnOGEHMlG9oQJt/Bhv5/QfoqDLyrbgq68PacZR6sFuVaUkUxzW2Q0LXv5mamwr4nI/EJ2vmZefpJ9H3BRFCjvlkFZ8g0hx9pdkmHvDYTOvOoVW4/WusFu08gQObnzzjasRQv0FNKlLmsRuDvK7a3OA5lhsyYPHrP3oEO2dbFDew4T1TJzxCZ/kE+l/FO5ZtZ/pkGie/e0lZYrNOrBKFPx3GE269cZIzbY3+z+agn6GNJV4Wm1/A209Pxf0OhwOaeTQleizaeYpgu6BUkrD1n6okPdt8sPTUuB1pq2zGkuMG2D7wXlsw7PAbJMTT0DZ2pW1JFwQD4YOIMcjBrqvUJF0OHvjLLm11Tik1YiRvhlsHh75T/s9cr/XzbbGW42gZwFMNviz8IfD5k9A9hr6+cQ+MIa3MUBOIRwajnUDqwForb+T1tDbDhemPAZ0LyzeudZDLTTrqT28oWzC6mr5x9uORwvnqNQCuiqH5rZ6JGtyCKIlA0zl7dStDzbCciEhEFIXbOmNB853WbpMzvBDItcmIYETms0aNgMgXihuN3Ku3r21RIKR0hxuuKxJtWfju/HOqL6qPwsz8chyGRwVNzXGemWaamyPzIbE9jDYMk3bIvVn4FvzwA92eIz5Pgt3S5WM2kKFOIzDr9cXLkWD7BLYQHPnzp8wsflRHxyf5C+B/GCsfjMSWXCMQqDUR9BR2U5fbGaNRnBQAWfQEJTJ5e6UIQhKhf2tLteJaUxMXsnBwN+ZG2x2bm5uQCjz4/9iI1d+k0IPRTDhkiXvKFl6ez4qEdTRz6FqoZZ3SD3OxnF1DAXlHCZdem41dBeNyvQqKNAB1ZVsIf6VGG03ZDq6ykf1qNaYpt0OQCEUC6dvc2YHdprGcSjKRE610iuo/6mV0I/tqP23MTZi0GYjKAwzA425Nd5zMmfSYKod7AxuuihqJrWoghAkcLTphQ8sG1RfmhU+rLZ+p2JFSoaIPuWbnUcKq/tllxUga4WXP4Cyuut3fNkO50i9jYzgCpt/7tPnWeUvRKLSkupEIIKZ0dn4hpDkuZvQ3GT4lC3lxF5sarN9qdnNg3Y3TP1SaDP3GfDbAK1TYmxZtF9nJh7Cljxa8se8xnYFh/ELKDTKomQu6rp8RArKT5R7bC0MK7zcb7yktnsg71SHr9waD4rmXS+SGM2P5AugXTSy5Zo5o6/BQ+9aNKHECYYuWCgmkgbpKnAxh+n5fL5Imnq+G/o0k8GsDmGarpDYAEQ8KKAnjW8Fo/EvSZI8PyZ/CybxwwXAEVwDDCuZhEfHUmvjwA2N7XUBW84M8/pu/7kjJsEh7SWsVQ24LC2OWUwFkOb1YmnSGF/7xgRdHR4WYs5XZwtM4poenNoIu1hkOOCWrvMoYGDgEDrQuw9lEV8J8qPoIXdC8OMMuReDB8q2nEnJOteDhRy3jGL+R6mpA5ztdNIcm8rg+C6jssYmFU0x7hTSiEo5zolmfiATlrXEB0lmeJxXYiAeoUQJDbzE1zDh947y7wyetnE3mIqyZHDO4T+i5JzxaxCJx5+NbuhanRdKcX14lpuDf0sis9myEabCwqLslT9HfKV72Avj4u5d9DL/FUM0VeguXE7di2t5FZ0/CgSpRdanCBTGAFO2xN84mCraOzS01fzJzDilepepUSBbGc1XEbqrvdQTx1+zsSfYBuL9wHJCchpCd4uLI1TUlG7d2ua4WH89dDb8h8oSq9+9ig4Bbxz05l0rnellULEOzXlcc4tqi6alK9S81S24NIE4MYYrPouvfe7iH6SGfzfmWi53UfCTKWghDm/c4t70SqHzZiODJmzGPbuWkcb+sfeiS5UfFLUucKIVHb6jWmR25s2vjz9U7EhGIMEg2/eUvvivzMz7PGtMRkwrc3/ogikfx9/6nlbwArpJP+XRIl/ln6bNr/A11w/bPqm+LMjz0QiSfThwuzXFFEZYACHvGMIyqmB8E7w0ziazIfeA6g+wfAe+/cR6PVSvvglkRLdybyDzjL64Xy9XGOA4fQmsWwUo1doFJoYDljonms7x1YTnKWD2mzX9NNn4NzsC8iPtF8ykYs6vm9ZZNdTWWgrBAzdR5uB8Y2nz4W9xWi6ye3E3U1x2AjNNQu2+rL1Dx+1Fwuab5cUh5XD/aUBqaKVdQpBBQ2RKzqIjX2s7eE2cJoHPyt09YPJevzjy+FsmRKHYXE4/uQbfpjMs9Lt5z0zQtqIj+HvXX4rUHK5Z9ljZcuyS0P3vQLogtN4ACAy8EE53rpI2UEJVUmwZ5qDGehjM7b5fC8Aq9eyiEY8VuAgGNE+7H/+rSDTeSwtCbQSk8egVxX2LpPh2raldQakpLqmhkrx+d2Dm/Cg5HDB0xh6byJAMWAaotAZmYAEXW2peisHPjtkGZZsXsuSfoIQleQhcAU8XOZ1d1oow+fxum9+vkrjyqX4aO5/GZfLR5ST0aKUKStVBVKpMhoIesBczrZ0s7DEUonyQuRPRO7xx0K08wd5j+wd57QVe2IWfN0DXgSxdpGzrHmnv005xVVROAWW1kJV0wlT5fWJKA9Z6jH1JT0OhaM0+r0F8/C33vVCDXtdg93sUQwwMaWQ43NodtzeTCojb+HotFaqo/wZf3gOtzvA7gIfXdDjUHd3ajOneXqu9Pa4tfTmLiwY0caJaipRRd6M6UHPopXQam8Y83yZKXULhP62J3bCfYRHpc62G0MuXbwIjRcK/X+T8MJk3DnKSnOaMgNnmYn4bDqpz8VtzVWaRRvt9OUUz5cpiH0R91v0DGtQRp8+DGl3x6mGlTvdbhjdycLHJaJJ1KM5lfzv5rhV4RojqCJHQyLsCKDN97V+twFwBL4xm9JURTVvpEUokbDL0IqNnKjXcHhn6G7hlu+Y9vmqUF/fH2cuwdSpc5qegu5I2iLI+QeQqhbKWRbPIh+dibZdtRuR+ptDd0aj0U4DHCRccWM7pqZ+W5p1gRdJZAchXhfrsxaa3VN3m5obbo872jx0qxXCBMES1SqFnN3pVM1QIyuEgvEDmlJRoY0shbKMxvbVnVZOYNbod6UcD0PCHRpcndNnGgI+Wv9QTKwpl4dQZ1PCmIXZzt+OZPJ5ap+AwqZXnjeO5LWGaWPSny+Fpc93lkFQxmnZldLrQgtzdBeHb1zxM+SBhjKjMaqE9gh48xjXqe0WVYFgA+MfJby9Msz48hVEGCi/yHKyhaPMiuUvabiMMYeSlMlbkJBEWsuWGM5Kqgj1yIhJkItvZ/ke19qdo2OsxFye0L8Y2yJ1GP+ZQRjrdbDNOuxAHkm0CAxnLkIC1U+4qp7Ncdo6UzaTJxNtcmSO4pwkHBl5tOtY9M/niW0FugBDA32VnYek2mZI6dpvD78oCv9liG68j/9FMb5nUwBARlIUIedd3kARm73fQWHTbRvIZ5TSxua8GlgczAwIhfMaxzyL0bH9X1SIcQ61L/KEIcyVOQAwQMDdlcwAiXCJ7hO6zncnuh74nDIfnn4YpoaJpxzEGybCVCGUorBOUqgOMx+VFb2XGW/Qy/Pv7aU5wA3hk1ykPIJI5ZbnHZetL57n1/qbp5ptMxtjttREJkVQ9G+LKIGe/Clm50RFyjYRAXT/ynVpmNphxrA8+YuDle9Oj+snJ+QQa9bavZzbohkXEOB22kVb3DQ3pMX86KR8za19f7xPYQsCsBhO6DEbyJpIysV9VTdjj/K2S2o3y78NSZZNocihrUen2CP+8e58ZsPyw3SBX1gpaqmd55UkNAOXp3ONt53/8SyB3GExjPldqaLdj695FHKFwx+E4kvyMAjQMUM6swW+MkxjWLfhqSZQBULerbgDPhNIb1Kn9ESyiL5x1ULap9FlYfa1NzW4SNr+KU3TDinQ3qgtqPMOpXyiWP/kTZZZtK6Qkg6aLu4OiXBnIkai7k6c/WsWPQSHNtvNBQAJhKxb4541fR1Xce0Qh6PfUv+I1iyynyvHm0UwM5M6x1XKMXVNn/6L7KhL7STyJ/oPzzb8Z8o5KffVWYagbEVxbQrBUIzB9H/k5XmgHHEfIJ1C/BDjj51MSKyN+zwJchjQ571xdQ4EPgxuM9oj5BnS+xQ0r5god+Uwz/1uYUgub9aLMpYijA8WzxL+S/wixKBhcfD7EWVvtcYoZw/pFB77Mccnuz/v7TzBfeDr5mRZEvdhlOgggkv1VDI2RVWhrpRjkBh5fRoot2QBkRH3aXQD7XxEYM2c7NSHSJQgrw1825RFCLtE3BuFoEyXFgC8z6D0Hd3l1b4UeRvWAVbxIKG6+Rp06DwTsQg8g8znxzGlM2nFEYJOhPkzEJuk/tPw66EjGyJucy0hFeoaUVaZUadC1YoFm9+lHaNWS8R7NMWfRgViRrzLa4qDwcerNPkMfZnxO9sTDpSmWgZt6GZgOXp2CzcL47UbaVLVLdp5MJ6Pg4UHR7tqlXsrBbgZBpp3bJeXSUrM+4MQKWJZtqNPoB6TLZRLqEVqUexf2bd0gMs4z4GWfoeHq+/5grIa0OHS9Q2j4XqRgCJdnP+oytXzUaNQwI8SIQZCiWGtFKx/UvjDlrfjLeYenLMSsveb2679ZFr/MTRcc1buRnRsPh8jpDfb7X6ggWy4eqdacD4y/J9aHasr82OKyz2rhvJCoB4Tg26EbbzCdGKzSBh+jHlFJ3LO66EOFQJNuF8MKSuP3deuCye2UA0nF3CkNjU+w7xBi1EiO7KWcpd/GVfiv24e1cXDNM9LNiJYEUw6oGX+SAa+DCukFT//HNCNaxjYL+4JTEN5Eg2+kwZ7XnNt3uUQqMu7AWhEGR+GE5tc48PkdSl4SUDYqxA0FXNI4AfFqhvP54eJ/4hKkwgmYH8xClJrtEhJUfwHDRyx1OluVsznYoVmvnqPV8WLEk7VbOoXtcj7Ih7uS8TYKW4YB9pa4vBfRyEaS8MXqE7sHk0T+UgLaFbhZT2+xW+EaySyn2MBS3M/h3b8iJbhcZVpDSJDoCrtT/fWam0AHPcvX00/rGuCPlGLq1xQD/dA2k3hFORkEwiYDDIw98lcxvxS0ke/v+ZrC/7mgFBwrnrFJMPUI2fBvyUtLh/x3jsY+Cwp9WfRWxUiBeIZ57pMKVpDgZYENKpCcah7+S2egMMooZ/U9LKTmv89fGvylHuWnjmEtR0k7GllNcfLpd+zq7OJYq+WzVok3qTdYtuOrNJqmFcU3TXFxIEcEGabdH7UOwTUHH8GgXcsjcxqu33qMZ/jsXp995ros1XPvUDnhGaIjX9QQ66JOmYRn7V2Xl9IMfqfa3Iowu5yKSSE9vUx19O+OjOHwYkf2lseIBQyRTYH/z5sbhYPTHJhwThNCuY1iNt0XSFQrMC6yVk/9lkhotdKLv5dGcG52dZN8KQPGFVeeAZUp9GOq/RRBF2n9CNTXuDznBzrYnAYZopCidP9+J0/eY5iwDwMqFieLxI/IITlrIxbl5fydcwsmGn6639cFxsXUvHGVfD1dyTV9vr7wzcj4jvL8SSCVuVaA2zouS6YgcfHM2MyhTdW2fj1rI0D88ebETeH3j0giYrqFRPzBG3bnqjY3loqQNF0Jf8aNqhX0PE0p6zviOy9A12X8WXDnFAfG4+3LimbFDVbxv6kNHChcDra8YrK1fa3BU0NWS+673mb11bVmY2WgZn2IsythY/p9KqcWtk53E7IxXCJH9AOfVTSWo1XRgkOjwhko2vLuU6ubNA5rNFLOilJ402Ws0nz6GjPFZL9xzltLscbNPMt7l2l+Z91noZuegVYJug76UkOOZ4n6J3247CndJ9R2tnLWrru2c4+n8i4/sPVbngHog12e79JdPw+MCDhQ/lifU14JID62roPr2OA1Es8rFS6GjPsJl9gwV3XTNoZ0GvCe8LlAkd3kFNIEjeH0SLqK6TZtcTXuKhzCtwHKh9aygm5c7lY5UMfE7d+JlpdWhT8gMBWt+HgLXVVrWfDepXgd2xChjWRcmQWU6IXkdaO8FvlU3HgZTvx2vAQEUPQV/KY7OEQLMISL/NhlXhVPIOsJ4RdYQxA3KxT+oNszv+IHUUcMJ2VTL1sMGB0T2ZH7i8sHkKeZdcWiybDJEBsbwDuu8ZYr20wNuY3nj3Vc/Z48oomLAKF7IF1xWcJtlhWno23fUa0J8JiGQhj3ZgxTssrX4xyLcAwpiNyzc4pna9E7fZsag3ye35SoggLOZMorfYTtSi7VQyfGD5HhFzj+jqmQf5cHU1mylCIb1wT0OT0NtMGpg9kzUgxuB1fGZYd5557KPgnJaJNOV3dM02xILzlNKLf5j7rTwGTMObGbx9bIdO/rITUc4eXi2Nf2WJMbIq+luo0ssJcn7BuWnqP/HJCNw3SdjRn+Lezkcnh9hUd+D5tX5C2lG4x6RX36cQdjvzGarbu/rDu/BCz3TCgpXlnThc8o9Uay0+XLaqX0Lam1jHRhB66X/saGKp5R/Yhc1i3+H64Lf/IONuhCLDJCyXOeb/5j1xiGSHXWUMMGB2UCMu/uKho/Mu4/onolqsTqO93oK31KNpuun8rEibE3zOlDbkIMSywcYPkbOi8YWgplaQ8QdjeLzPsuWVYFbWKIPrVtRAnYKG+dqXVRwdjuAzWTIfnEsxMPglp/zFiss/y53QZkmJPKc1QohzOrlt4qOBaobVuApjheRJhhBXlBlYuw0FweVwRZwmBtMDT4dCWfUjVdzGW/Gj3ImDp2z03GmkIRdDNCrHeOHDoktdTbDD1X5OOxPJJZ4WCqKg0PoriekBjWVK3oJBqCfUthM5xink9xuqllBXEBaZxkLWVaYL5R1DDVg7rj0VgFBUTW15qHTstGEC3OWsRssnyTgme6SK3eSzJxxWRObZE4sgSrczArcuf90NWCNrMdcGsN0IvZoTwryBqOZYbTxyQjvYWkI5BfzTsjH4EOyGwyiFPQVfzL00qgEmhUDSBUoZHDnnAhTtNXNX9lYl5XlajHTlqKg8ucRydylXaqklC9LNpJA8nnbQKJif9X1pVcgXuxjWInZ0koNe8tNyKY4ueSObpvnwkpqzNeFuEsC2Zm/eWdmsTIzIJotukr2ndjkRrmiq+UkKCuGFD1Cdh/gajibEDEMrkMgXOuKTMF8W9jRr2mF7gByUAfczYNP8bkrp8tqFCkuazb/IykxqN+ydzAGmRqPOM7KsyDZDNTrAMn+UQU/URk3bJPVBxlRiuRAxnxdzeFxu3fUZM8Rk4fAN3HZfM8wUmREgsNpfuGwzupl3QQUPG5g92dX/pI4SdJe78QnJj4/POs4+X4G557JM6/IBR1T+I9xUR//nwAQmb9U2KN7PGaQLwNefV/sWWtNpC/FpZoJEymaRHRuINvv7Lahnerx2wmIT0PTreS7V40ZlNlMuhkKUzr+W9LIG0+Sx3QlHbMA7fLQq3veoCwht52TOperPJxiUWlgyISO4p4uoDudPwOpSqqiUEW2SlaePWxaX7b47u49iHQ2/zZ5ao7ixs6u2XnSqp/yhAZAA40oJqpclIx3bCemSj2HyfPBXk+2WauQDzhopQ7ifzUV2XMjWpjIT+MmpFYQW4vJeM44WnJ1om8FIfEZoQWaBza9Pf1NxQPpyhAfOV9fHQ8nVzrvWwTV/s80OFnlMt5wkpXixCDJ28HcMBn8Wj6wwfReM5pUUE0k+JNT3xYA2ieabii9D62/SYslibbizUu2cExpE+/nxSszLsRx6bfs4c49DIVtdozAfxquryho4sNx8pq2QluxTQLA3qevTjkAYWnaFaTcAVbOdSGgsqQzq/136a+sjFWmgcFfRmrJL+vMNzROVYtYf4HKSiA1hoJJ2FA/Engg1dV3b0SiZMHb/Wuc6+h1n+RZK1wZtmSrnpIDrkwwQfKbdNIIvJ97l96DwWoyj88vk9JUolXVySlnmxvQ+Hi7XArk0J8xwI0plMaZbdhvILk52SMvssJ/hf4T3Wl2NctnU5p6XqMFj5581HZryuljQVzLcTBLiNkIKSNDU+x9Z1R24qAAmVVVMrq0xDhrJoHt0qqNxfuyZcJhG9/Wx3Ey55rEX/aTDVR3KoxnHGg6hWWUvZmjK72s2BHIQnLENt8aJ0o5XdnHxmC/6qvLeyTE9kgfP9kQZSAY8o+e+weC+XPksUvMTObyZaP9PsH8eURBWd79DaUfrpKMOPtwxxzjkxLFsg1fK1el9iMUmBVP87ASUg5Moy2loItv6Ui5ZYtmhAK30zuF0jYPEd8Uf8RdNRmLbiKP+e45YtPIZB53cRzf+EpyveHl8sKhwRIGiL5NKSSAKvp+RiHBkMKzKhi890aEEHDB0Xp0OPsjCHYyZ9V13R1u0kvKotwkYfz/ISM/2Iseo1n2jy8l9V5zgye7izXqpuFUPCKb5od277/w7XeXHVBwzDW3d7C2G76FFFrhZila4t6tWj1S78fQmerwl3I4MYQCP7QdollmZ+3JhtXkZ3S8RS69f25luZ0ODQ/SI/lslj2u93xWyUOtWbLsPaQMoGCthYq0CDwho8FgEoXxpD/iNX/Qh0xZUhPMRnFS91hY5YwImKEPIuK1lCxelaAQQkaora/ycTiI3Lxe3zKpnrWiN9XTtuZV237n6nNMw5dI1p4Ul/vSOXTsIBNPEgV9EZuX6zl2umyWZVv1w16W2rH18cEeWeUHWNpSL7/F9JWXfkU51pZNZOr1AfnQjzZGIS3ko4CwOz/Bnehw6EJ1Yzk6Wz8W64cnklH4UDsujSq9aCOJbWxtri6zXTC34eTuH7IfKIs5xZ3VIPG0C3v1BPhOHzUNBIIJ7ZcCYOdTwa3ZjIXYBe7+KNb6sLjOECoQkmN49Lg/SUkksMbU20gkkik+69NT1F7J5r0Lhy4xGIgKcZnzfAYNNHrBeTQ1mm2Vhy8HPG+q69FL4ZB+8hnEzdUH4E59cqA86ixCJYTjahKGiOc6qxYNmPLwQ0O03QagRBbjBA8pyPlZKX3zwt14DE/NTMRR/3pt88xxsGVdM8YUFxizCYrg2Mex3Oc7w0eP2Fw9gai2Mm1XeY7nko0gonMxctyzYlyIqHLQAp+Uq6ZmSYrhdvxM5dP/EAM6eioXLe4PaBsHPqHL4JTLsxn1cA4xj+v/bhoDQszdQlSwQlqUdEo7f7vpj3uRCDG+xmyelFKb9pmbG2n4HSRWLiLKz3iUcHkuXJNVi0PR893S9Zbe9AoPXaw3gyhlPxg3xLa2PAQ7njq/jkmvsGjYxfabfc0gt13L+B94XrDrb2CA4i1DPxUK8cAOaFBwRoW43QQXRhl6yg5j2ntNmxcEl99JXXA1wVt2Ni0m8HjyIG9JoQCPnwdry+0yVm5PgQ252FPWG3ARvY7KDvn0t943BNl87r9RmkWcFAsdAE6H2QXMeWSrFh05JGQkEIPdmTXLIy4n7KnN+fo76HEvDdUokVunZsywN6sQ63MCJTNXU6msW51M9KSHQ/q6YcPmlm6m7rCFHSSVIX5tstwd15QQWXU6M36e1d57R+THglyidYGb766mc0jm5SACsr2D0PzY/QDZ0zmsXIKF6yuBHGrDsogriL+B06IPm/MGAguGEjzaH1VezWxOCvq7oc6XDPiKd+QM/PhV7uCT5rpsfFPZuioy+oQkt7mJAuRMhgWRgtfNze8ki/mH8baFigrYra0g6nRbDeAdPpb2i9BqQTf+FaopNi4EGXWS7PXEINCeQOylQLCBI/OFkUCVNnHq+hJDj/5bH4H+Fg/XHoeufJw+Uwuh8PEHu9qWi/VXwazgakGdfGl1yqi79R4K4/EEzUp/soXM6rccd85zfh2vqutA/y27tGkTjRPj1CWoEfJa1c1z/YuaZa4FkJQPRSkiQJEUK3sp2uWE+x5kYzHHIKGl8dRrzv+2rlT/m9izdD/+KXp2cnqZVL5X5h+e/T3HMmFJwGGsZ5Dxz+sla4v54yxLBFQoQZTHCqxnAE6itWbBDj7SGrD9UbcZ57/bAhIK2afY8G3R0Msa7fyhH+afZqsWjhXZFdtEKYQcK8T1sFN5lK4tJjRL0JCvXo92Uec2VlMm5xSUlV+bdG4qq8Qu9aUwdaMqvb9fhz/nXDoCCuTxwReP0gPj2Q1DixkerIDHlBzs0sASej7xk9UxTS992HmYl+oZKRKqh7DTopnQ32pXZzR9TxrqVaZk8MKbVg4FQ51YamfUzFEV6as6nWF+XcmkwN+YuaL830OMvAG6f9gC7UuihYDMrg+wDIl4Hb5Ad10jZbCZHL0ojo2A3GMMSYOjrAkuxKb5OEDcioHovR/kr7K2qSHybDuvLQkJoqsJxmXSvCtvVLhaOTc7YXsPX5ZcXfkaradu6DPhU5n+ghQUt4C/CjXMnwqCH1SmNcsbBZiGaNwBX91KB6GRJoC/sHWEwcLB19bLa9pX11d0HoCcoSGeT2QLzYIAcb4ZEmqRfwcA1SlPcnnWBSt72+jybiHU/2JYdUSKisx0pXHnG2zm9ylae0aye2Q9FE1SC7D+dxqYFj1gPO7/6LifLK+0Fb36M9S6GPosC04UPpaMjDMy0Wze9jEB1wIQfksFeICv/fxoqRtPeJT07WR5G/fmKFHlJaia+5Db2RAqcpjA3/2VWPd8gr+o74Zr45NxDpL31JDb9knTOsPky+1UNA/ZMCLlwJ+JfAaZapKHxkyW3DE2C408+l7PgwnowzZrslNxqKfNVtJNt2TOI/WP5epJ7ULqrYcLQQK8rPqUpoHliP4oiN5uizkBUcSTZYThUsq6RVYRSrhzz+81iJv6sjJPlSJuQVZfXgSsGfB8bqiGIf3rjTas8Y3GKJtznMzzG5GYuzK9BIF8ecAfJvp6DjtkU3csUci3Tw9FqCDczNYBJVrb7Pdn05wUKe1Ozk4SBO63qmehaNV/u7YSrDpdouX/Z6yhRUgTSo0ko6Xrlo8nasYgwIQJKgv/vkGb4TAgVIFOnjQtP83zmub0p9ZgGzO4xe2DozksG1VvhYToKU1L5oUD/6yZiTZ5bwdFq6RDJ2FTaxPnIWfv2NszL3klaAgnDDZ1XM8/jCPXD0colB/KikyD6PiarQvX4UrNVYxT/if2piG58CZvi++s/mF+fyXIBgw1MU/BqOv+D7+YgWilkNgkWdEKknI1hrRQ2KWuiu83KNUvRnnTio/6Fpktm5MFnd0Wq4Oa8qM4LnM+wE9EIUFYqyBdclhIvQ/D4KzM+trUr3qnXOdkQKB6dMEJAAdSMeHkNYXPXi6lR3oz2vNO/82yse4+I/k1a0IS1lPSl2UIDjWKgsHUn2AwuQFPOtBEs92KmbtWM0fxVz5jqoveSurhaMlLAkuejNK9+npE2vK/sA4Uo4kMSbDi+x9nB+ScKYK5RJSYiTLltPXHY/CD9a8Hkzu1tFAYT03TImuSBzGV6TlIb2rIhXYQ1SHTTS1Fz7SJVk/RZnSqvZ/GMad198/6IL2iSQr5Vg8H7lr+NvyF7uO63cVwW4BfYyo2uvahZZhkyxKfhSflwewxkJOwqKqCtaTOivJKLQzmyD7AWa4xWZFwx5DsUeVcSSWnmzzCBoZP39a4hBcrmVLl359hmtR3hnek3sxkLejWqxGCQD9Io/yh4kzkGy/78a/nNn0USHl1cVdsAiYVLD6klxdyqsg355DeMYR+lTRsIOjp/LrubsVbmx6gq9VTTrwv0zXqXwMLozjUPs5AAa7U/IZLn5dH08uABzG2Fdw2BBpzN/vgTOYYkW7LhAmu5d6xSgzfAifyvf6DgnD3nttVyNGoJ/Sf6Ys45lLSQuMg8BaYh5yoOm2nvp7WGRON/894vt3lsOu7XjgRkHuPuOucoPhXSTQ7xfXXUc2m1o6mHzRVqQLD+9nI4oAq0iHz6JY1u6WvwTPmAg1ftStBtGWn+yc5uKZt9ar62BFqfafMtOehJXQW0vfKhJrWLKBzWzFXpbif3SHYbgVTR5SUsCJde1eqX1LlV96I85OpoG9jGV7pZDSuonF+3idKNnFYs9KNG8sKaudJd0VaKhy6sahiVLo1KkyKq3WmLWiODXm+iKaWS3yArw/MsgzrdDfP9FxxN6M/HFkm9Wlk2pAuS5VmrpET6/lB6RFpWxZHYvA5EfGWYgKKMV+TIJr5MUsNy8okjt0VIlQlDWdQgx51CYrUptZ810y7DIWRrNWh3ufsGQJNPvuTx4kc/LjLTzq/whRfLCTez/o65T+QekIPERovG6dI1Mt75bhutMCLyVFEBR0GR8cqVd0ek+p/qr4vS+ijrIRmMaFmjjd5maUxWqPgwmsrL4+HqNTRHDF+vTFGv7zL+TbfCnuB1JhvUHcn5ZurgyWNgAJZ/ELeZoR5DrYuT8Ltft68AhpOju7e+Q1j3N4fWHpNGtRr1mD3y2p4K8+LCw1RSATIjDBLZUG4GpGChNCaXKYsgqfCYfjn6WjCQf0SHUGowqaU0o42sNY4oYslxhMeUggIDYPc0lfrQ2thyh4RpfGW/Ga8j6mK4uZ4/wtjtLNpUCXHWAAgO6ObL0laiakIPvediBnBwt1d7hV6CCVXktGLCgqfgBYXDTkt6UDF6p2HgpwXJGHfBNgLHxrDjiZDfLMFf5KhuPnSfyX9X7NJjpDEeXm29BBVlAAsdP/ZAQLSMgIJo0yNXUhmhK4xgMpVadfv5Tb92HcFKdBhJkIYCvm1QokTq0LZYPnjrGF7ngkihITOcMrunaY7kPqYUvs/hKGTFPSuPJfBYMhZpoF8mQlYNAPIKg3ZzReiWFIpvWpqQ0Nbr2m/N1ZnGDzy+0n4a7/ZWtjcuK1cEr8E73GNTRV7sO7kwPaUfa2mLpZuy0e/Udgr49sa1354maEPUtC6c8+9cJt1ZsFoo3jXMws11cBnIpZAHK5kOEd0cHywAb3uLgv853lCxRkDfnbY42OHbA5QV+bPZ40RIAqydNa40prG39ew5eOlIGvPCxz+H6nyn2Ivb3fE0LP3yile34Y8NN2+IO/RWyLRC98FyGb+NWvLbEcUHEpZMVBJOdMcuBcFtfi5B5mWJsZBz4Qr1c6B5eIT0GaZ+SCEt6i4gaIRSzrKQ1HumPFKzTJsbluouKLhNAI++cuM1zr3S6ktVXGt7F9qzY7RLAdZnQfZDbzV4wRGCKktIX11k/mkr29N+8Z7SD+Tc1Vg2rxAFGxKyHyZ6ekbhURP1WFb620b3SBiK4mwYJzZyqkvflRznUQ3W2HSQp8mXkKOnhLZgC7KpC/Fz4W0yNyhTOq+AfeQWhBMWJMyx0hwMsTE8iiQb4V144hqm5W6XdhL+JkQ8VveckZLNhbmDv0KJhMMy7e6sikHHzDwuqg3ftLjB6PwUvZmiIgcKiUc76xU4OTY9aZtgsLM1n2w+9DokhReciZkXPdRV+frn8zgFu9Li9c3y+IxAdQYq2TMAgq4XhDC1AobktdO5p6KqKDgRyGZNY+vyoJSwENmHID7NmrQSarZ2yt39e70+7N/qXcuQbEJ7I+x+b2NtQaZCNcgeN71CR0hc6NuOVy92Jnj5boIHZlcongU/eXxbczq21J9Yc17D1Gam5JkGc3yzpiLu1I/Ydu53nMs1o3YJPU3xR9x5i9DOd+wQF1HCS4O9ZovC3ccy1dNZw53bg/hmMbtqyGTIbpgjawhpjH6ImkV/70BlYlyK3d1Vws3mxTJCi6D+BDiFP3DkIJy9Hgix6IVT1xkpZHC6wha94UG5Y7b0vDoSSDyk6b1Q+pupRFY1hZwGclBMFsCRu23Oi0kjNRciYLDv1SNxji9F7a0C5l0PFmYLmhFBMSmlfSVmuH07mQ8ESsKs9+J2Iso0Uaj5nRfeJa4oh0esScf2VMSTYXSwK7E/SkCiaZcIK2s9Ep4dyIapTY4uWTzWlF/fPUNROZUE9NmrW9xyl0VdMnne/4Hf2eaHCEYFAFRMu32lNRHH8KcfpJV6+6yH9hsX+89vUTEGg272c0c4Z7t5f9v/4/OJiCBWUMeuOSxl4Ak/6Qa304t2alFq8IQuJQcOUFHQr5vRI6THPv2CBY45ypHWbOZBW1ltEHs28J177h9dC2QULVsTmiouApUSfMO/cDawVma/LfxoH2QrI9HdAdW7E8+wlzS8i/geDShpjNn9uhQa146Gb0JW+k4vcvohauiOdgk3nGe69cOfhspvfaqthC6MCkpJLxg9Dvb7jOE/+4z5CftENopHwFi99DhtEWRTbN9htWWrQRT/b59/WvWk5rMsKrjkO+Xo9Vs6IEizoToepr+9kJ1MbIlU7g5sMwVEJlVs+Nv9T3pdURol7UTPz3WaUfxF64toaallMHSiUQO+xgvRj8wp0VjCDwZrmL3AjfUtxlHxfZ1ESV4xgQmy0Hk1RmRHi5iAQWEOOZ1JcC26uL25nY16Xytj3H0JHc7xwM1crSODpSuzH4JRxaS8xA6cyRvpqhyI1F38FHX0cTOFAuamj2hgDvy88sSYVPRzxgmjepvaVtFdvic3xmXZZZB5R1W2QjbDTR0Rf7saGs/L2yeDYDdLZTpRtoFf7gYDk9xbdnmZb+wgjt1KcfE04rbrxkYSi1Ht0wr2EpiCu2BX3cLYUi50+v7+MZ6pD1941v5piwZ9Jd+JtpU4icZDAnKtFgSy/OfAYv2c5UrmIKDa8rgqz0UXsfR1YIi7cOZlAinliHbJhqfTQKSoxinr5X8fntbUTtU1BIu22QLXEOal5EWNVd/Y1Ojhn3RUNhCJR/dlfko1QGy9pO42GC7wWhkjKSLEOpTQfYpyWmZObKoOrMWcTeHdPinWLmmk2ST6upJgakKBD3Cjd0w3DDpdElyJ8BmMAIqEDbt2FUVCYxpfY0U1f8oMJBEwRvrFIWB9d5PDeCJ91yF57MTDvHtv7T+callhl3t2h5gSOb919mPJ/jEJ24lsp0odJEBLc9EUTL+cdfNqbPfEaZ9SxGbZyCaku/0lEn04qSy7TlZ/g1s+DMR8nQZdLwaxP+FeW4TxoouUopKH+OzKfWifPAFqBDKxVgyRcX6DYNxk7+0dIwWpSSOzFvbo/AV45YT/elaP55bRQvWzVRY9/S0InuBuAszyMboV6WLwHxsnwdrF/mf7aDSPmge1BZ0t02KttXz0Mo1XwDS6J3vaabCf9auYTHGjRwfnOhZd0Rf/htYKj/rtdyRAXoE21fOl14JDrVLuS5RpGzaw5iKsFJ78aY6DbHiiDwhpZMFcUVdlpt1m/mxk6ld0jCNlxoLGKbNykNqRipimyDadWZysXtYb+wWbegMA3QC5xjwnWcP3LHxr5D7fY7uVh/SEhuXL5P2pRP/uNeUrKHz+fzuiq9yygjfCM0qG1L09khY9Oz/3T4vfhdTbubLFFx08LGGkbZILEs6MNNEMklNWfIPbFRizntZUDosuYObNVSOd98VuJmt7K+nfQHxbnGWuUV0UrH/KFNEBhfyoDjD9ncWD8UJ9WSkxCjVkUarlW6UTObvMcD2YBr86viaEbgj0A2o9qqM9df70VwAh8f3ACxHKl5uL6qi29QAfKLGSKnJshgkWUBdo016pKkF2dNfsoZs2B6pMJrT2zv2AmWZt6RWkwqWh0IYwk+XX2+5zh9qASpzYZZr1Tpo07hoboLZatUfJKt8POCnM+SVfkHhc4SM1Ojd60ZjIdc0m49Ydzq3293HXrxMebd1vzIcCecgLtNAFTdAu1T/PrWWVGw0yBdL/Ngix1puc4+Fuu8Tm/sf8DPtVwSsr4ck3iw3M0AqDSGSnmvbzYearaogN9W3/6CCxnyMgq8KG+FLYbZeLrXBdqA8wsJFkPblXAHRKBPHvPBYP9HnFGtqQSjO6ASjkE+3GSJMYAEYkjq7h2FmUYlVB31xF9vJIVldkLS2v2RIIOFgRP1kTr4tpQJS6MRitwuCshOcMfviYfHIWvVI3zr16czYuWVmXv58lY0dg9dbaIgerjskYAtFVs1TA3DK0XLd0MQK1zHPMdzQ2VoFpm0PiZUfYLphIsNjqboGO5oKPo9P7n38osMfjKItdhzUxyLAeu/ghHkZJMPpJzYrILOCYpgwHlXIN4Ui5nPEil5V9RokV6im710ha3R6qe25sQRpITYzRlyFJHHNZ5HnTrpXYzjo4IyAitZdahzGNlh2dk1LE7tQ3Ae+fMmEaITUParWZObbQcNDosjgH0TXoBrg0BW+CmkR03r10EbZrrVUG/lh7OwXleEWv25T03cf6IhyPkgszyAjguaELhuN0FmrZwf31Z+wjxEU4+YKPudzLTwldkASjpK5IYbkl+MlaMqE1Y6Dg9L1SlGlqJl/Mhj133DPkmWqGSTwYLXaCKlVW331KCXirvHZW8dsvnpwAFL5j8d+dO1pNabfrTTEc1XrxvvmDt9Tph3krureCoCcfEVwjzdqfpTUtYUYh0GHjem8yNL5j30GLqZ/NzRmZCpWCs8e7x37IDAuZPklr1op8s3npXrt4HDeeV8wH+RLEzx7vxvnlwso8lRIBOmLIOfkYnimYxOOHyT1u5/pNuDYSAGAADA2LZt27Zt2zY+tm3btm3btm11iA5yWYrSchvJo7vIgW+3J5yDjCMdC5VBFWYHiQJkVI2QTKUAJ4BYvZak9CDGF1UGVdFfuZMoHvfnDbwmJiIXRQK3vqBOZhqo6xHQ2BwkhiF6NstPNyYQj51plliIAiEaUthBQlyA/MB/TGslf93jB5yjhAw/vy2jm0jYsx4guWLd4qsdWPvwBwcbDgXoed6dr01jTrCxQ0ryALkLxHa2USqRLIKAeJoejTpfPpeQhHwBWP8C/jVoFYKqR0c/KbsfQZZew7W5qDWea37jrMOcPT8CGoamSsMImDvAZPJtu7cWoaUcbho7HjeIuhEt097u4tZTt+GgRvBsOdjZV9M3nsyZX9PeV6XFNEVXNBZGvysdf9gBWoRH7oXLU0ufJIczMxZqsStPsMZtAApA0/IhJzPShjPQM8N6L+jfqIU8E+rX9V1oVa355Le1xX+x0KvM6kC1ZAAlaS5nvnZznm1LGgAYTozm68bek4vss4Glit7qatN2H2sSozoWQknBYETxgeivJNIV7ZM4UPhznM1b6nraRLt31+xt+7kfzVoZ4TjVxUBlPx0rRK5+EH6WZih7MZeFGgHpk5mejb41P/l0sJl1kEKgam3IBCrajt9E995xYr7xKAgrgf3dspvwIDTByHnvKS3DDLh+OWX28BoTJPNkoKLBYXq/aIGWUvH8mTjkRjNe2A+ZKHs5xE3dTxUTk0LiikWDV4RhLZcXR5ClfdD+dYDrWgBmePcEUoBSTBSxqQlUdxSYJ24LITCvkqQ3e9XwM9XGMGv91mRFxmouZpJPBEHi0D1YTwN5cc5axVbYjdn86v00Mznq33x0NdjDmu68ylx0IaMUJwxx/+52TomD3GERT0DlK6dGoYKRY2+v7PC4KnOK3WyqBS2klvYih+bDDXrzBLA4lpCENxgqw1GoOJqjDynXbgPIuWcOwDfHSo7vITAikN+EHT5n188mYNqbFtiTVxtJb3c60vFZPvj1EmPtjq0/3mTcAthYgu0J8a/KleItPAIPU2Cw/H5Shti8lizCzbxBy5N7FmIlf6qfaIrLstIqFZsVaKE8k9HtnrdOU/RqJfMWwa55OMaRASj7lrLRbpdEfYTv79vtHp25SnIIFDhvET+qhXomeKLNEuBwaElaNFPSgz69/rsa22jGjj8CsavwYuGjGJJqP/cmg8pCK/Lp4vihV8SpE+18X4jl8ypdC4NEFVVVPaepgKWfhhPsQffcvMbXVVcRrNbZKWYmLLVaerh1CPSDMwNm3GaoC9/i2j78ABhiDg2nnAXocZLkO353XqSyOVVN5BY0edOjC873a97i7RwKV7Ly917UF630mKQdTwP+4GJdUwtA9Rc5+Yz3EMS0OxBy31bVp75IrhWOl50YD6KPKrpMMtQHAxfvE68sgxYLTchvVZNrFqx2wYaa4ApmgU2VDiy2PUUjC7Ro4NznXNARB6Oc2k7sEZlnDpte0Mapg54sADvbcqtrP0LIGToEYmGSN839i990ZfQmfKt+RorSvNumv1Hid2Z9DaYOsjJte38YAUFCc37PF+tzWrnfwzzEZqH1G72o7Pc685rd3LxhSrdzCHEiPRGu41KaOCltAZi7NxNFoYks35E6QqOVdLN3u6ogFsI92WLyd/7Ia8//9M5rVjLz1oLNb1g/9K3cav5SjfaogXkdt7NShla87hlDKxjpaGqNrQy6VmJGJviBoDdLvLavI5Wyu8XBu2d0+LJwfQusQtBMtDFsJKAvYwMpsIl2u+iegQVrilIQeZmTKobap2uIx9HAsbud/rxXXNWS5Ode8vvwjp+33aMacaDXn1WaoTCf2h7J1OQLkLGIxHBxEhmCMH3iVCYu4tVJXgetpMCIaLrPdOpd6ZSRZOc9pawnDEDjQp/2owH4alRVw286936DnDlIPWGcm6+VJztxHVWyfdvwFR8XzTO/0wEjjGSSbOkTjOyR5ewaFjhsBzgKGKNDlIKU971taiKD5VkdexHTPYe2FJ6yRBAOGBALb173B/Lqsxq1g7sRQpMm2u2Njpy3ztckvf7ZBD9zY/ockh+lvhjovwX415JxnHAnERYNmRDjN+rqRrMx7orspNFwPseTXwa/RknDH94Lic407TL4mclBYG8kTEHGN1nxp/CQNwO2tYi+0gG2X45EytipQo+GZJzerwNkwdB9nJHoPhcuCNXUuNtf/shVttSxGB4GaUkneifOXpZYsqr1QX0SZyyu3NDCdixSznw1jnmDTc04Plj/41n6Kblb4ZPo61Yknr+25k+OczIvfvsk0nSE2ufGDofz5x/SxyepEX5daF9q8bk/rCjQh/SxNlXL0OCFY840ZrQ0rnt42H6vRHcwsZwxDFlmAo2duTAhX/Rg6H9I/96uASJxZMm5DWt8woWgY/9ceqrl0XhX475Jvy0oo3TmBkt+vCG02q07zc4dJl/vGDWWssQfDJgEL1EHKfw90h7Nu6bMYTtwuoQ4DssgHaBP31TPT59WvGkMhcwppT7zJDWxsspDbmogxPp9xzyV2Umhhh9cvO1heCqhRtyKfL4Xowi5TEFzVR4DuCsQJivQJw9rM5FmiUBkK2xVtFU9ZiXCymU3AEEpUl05AQvbmG9aN5nZ12mjlO92UrPLk9sP7hES2IWpyUPr6moRp7U0Pi2T5gXr0z9ppzifZe7tNdfvRx4LI6yodprOdNEOSY8E2kgJ1Suu25svwTFNV545lC2GlR5wnCBcMIMnCdcWA9zq7e6yR9HxrsidGd1FbDSSHDOnG5BOBBkBMtZhBIsDzy3TEqQvG4vNXYJv2KCAFx9Fl5kWdKjc+o+lkhki3Vm07QKVxpfwTnE6A88DP6huuPLIm4HZcDOVD/md6EN3X38TEddKtBq/AxQi3surezXMTXLPjJ6bj1yQgfb1LRgtUAosNQFHPLbuqwNWYusPTFPp3gEgInVzUqaiAHGZEOJiHnFmqSdArc5Gr9T+cOchg+7eLGuZ5/G43glFbts4GcHhhmmPLo+IhS/5h3lqgOhPIBquOzWXM2M1STd1+tkM/9lACofk+8YeT2U4dH6diop3XhrcteP2GiAuFklE7JUdMlY6kn3Tfz9U3kF+5tWNLMA+wluHI/slyQiPOzSFUCg6CfVjO0tr/jJQM/Ha3BWbzN6O8qZJptczX/qIffT2FLk/ssjvYOKg/Ywq+TiVCxBlMb+g1DucWktF77X0eM/GM2D4hktlg7ELxMfmsFF6cCCuPFq/CVNAm0cie+MYcoiskCJgWxjsaVtWrq4rZ/oRDHMPxFFd9Wsm7JDBnc1vEqpPrXjAD/vZ5Vo0tPH2WyAEte3hYeZJsHEkI+lhUdw7NxAz4gi2BlKAvrft4RqOsxlqAtmAXSVufQmxXKU8YINbs5ih1Pww9l9v7J+vwMxxTsS0uyuFdJ01j3sALiSf+EfPoFAohwaUzR+lvFa+anW5fF/T8frYzZTOS5dEmV13goSZCQDQ4eVC8alFaOF7omAT7poTMCuwaBhzFSau/4xq1xh67eRrwGnyM7IEAJdbP1S1+xknFhZfE78ElyxfU4tTGS9q9ttbVgqkYxuO2ZORygJ70MidebtsKe6MzDNTZTjFLRZf6NAEqoCJp8BI6uJ2/Q8JNpVXfSEi2LqYrz3AzB3x6bV3FDadUiyT38n1BKphpxSIvfiG9UOIshOzJnVBPbC9zJyRzHYI3r+5TFkdlgrchSH2JR+li2GjcuHPmJBlXg+vax51XhrLmUCg0TNWS5h4kh3WtZ74SSKkULOVlkEj4q3BTygfgy/ChsJs5a8ayYdhhPDEP9jfaMGw91UZsMH5+JpiC6y6kyYwV1g29CQCBsAmeaseKKx8kDHGaoy+aTQPFyFQlTR/e0ECzLHGYrBvK0DlagWZBS7CCOeD7iTRJKC5jF99OdRYBFTcHBX5Ol413cdF3149O0BEgX5cMwCSLmc3n9gtNzs5pXmivrktfJyl3Z+NAsU8SYuUirB8EM4CgPtb+G+BUelN2sd4he3RgUbkFyJQiRkRDErERqamtgV2PiSKf4RqVxvU8a2UK/k0EZIY3yvDbFoJFOZbqCbQ67Po/0BcNvPZ7XFwBdTwOnGIVq8NSfxSaJEtTkpC36mxn8fgQSFQPpHO0nmOp0JphQFrycE/AVWmCNtGgzXwFO/P9LXGk33cblOFOKffvWP+NT3BmOUWVAgpIrNXZVOeCgUqS9HZf8UIVlGhYyudSBJmAdHyrPcPp6ai+OI4jjTHpkmugTqPREsFXuGRhj0MWCMr/dSj8Dkem1YwSCUMsZy/fMKQIz88Bkq3Rnuy6PG3ocuK44bx2wyJcbQU2x89iu0WaItzU8k65SyiouwlzwRVWG8a65GRe3FG8EKBnK/8CwyX/OmTQDWCcZ6zL6PB9ywFJH+nSZjqd+hl+Iq00+cJGRlhEuWdZKdElCx9WohEalral0Cf1nDIgETU4IXmH9zcOIJ9KeCocu+jphPgreFwjvK+m6TWaL0oW6BSGLqSi6ImxGG/HiGSKAZRNip9gtIM2Ld6ZToevx7cK0w+tCHrFBItYDmnhIDNlP/pxfmghgdz6grej5htC6F4L7oAF5lAoJiWQH3NMX/9gaL27qEYCLpU34foYy16yysnSRF8/VwU5qzrSLN9SkNyabGh+Kh2lwizyBt/tykFoUbsFYACNZg5NHR2Yyw2rqfPTnInwIn3Y1vpaPIjV7CLkI5ju8ok91SyMuIudvROjmJDihHd4SgYJeuAYU2sjWalQtOekySeakcKYiu5Jo91PdRI0+z3XboAu9y7Kj9b6Y2dRwfdVjqRab/tPZhP0dqrfc/DChJIVTa7cFK/BDBpAxrYk48w+BSBEGvBUICwsGGEJtrBY1G6K/YM0SoKOcRFjCFDAtxZ2ib9gqyO5F1Cd6sbtwSbeJbH2T52nmRYA0ehcLLXHBxvSm+kp2oZmjwHLpKp0oAUz/KWDcKPjYYd/6l9mGl6vZW5bMrFzxLdTkOAAoz/nByZMn/gfQsRCpS9VyQrFjLZciebm7zryk1OnFK5EjHDHH9+2tJSL6Jy9rhRKCPNLGpw/BW2RL2pCs8mNj2xrO90tKV/+LebLVg6Ni/Sd+havSYve23oogpZ0xtJPG4hJRV6ZhZqE+ckkmaeRJaywJ0ACCWKeonnOhcNTE5KK1NQXamBUKeMOArpSQKatPk4flGz1Z3Ah1ZDuHeMIRomKik/fuE6XxX3AR6dh0UXCKDtpJAZeBGnEvA133IR8NGUeIlfOc9ZE5u4cxouEuKBKUkXQ0Oj6kb2rS8kTRyykEDtgNYyx/VC9i4jcGrWlqqhSodaA/HcAAgksjkLXN+7/6o3UeYQ5Kv5IYnCeMYtNpKT86ok0RV8OwxyfbZ41FYTKdrE87qRFKB4YSvI0PTae0SQkDRNUMV3LUV9Qrvl1jfNVck9B8hlm9SeW7vjfiIITwVl2qckEmcrdwTvPNyfN+e5zJ5Cd63WpEf/kXsUkQBbL2+J7vozGyWmE5lTXdnVcMc8WyjektTqRG5nHXOKbGERv+OBkrfIJ6HMP8uhoCR4O0iX8sOLv6Zz81cI1t+QCmg3vvubKFn7YHca/O5NBpJM2DNLJYuRihacwnD/AcQvlo1s0rY4dN4Gh4kKu6d4XwWWAsokz2PU2R/Hw6AVl0d4yLJD76fZxLx/qM0UQo+/bSEe2VPhhnEEeQsDfbsAQ1tDGGsQoJFDTSSZpCos4HSBmM/ews4uvBmpBirUmkKpRs9/L0tf4Du5spWCiI7gsX09UXvm9hS1A+0emXPPzI7PfvH0jihj2iJH0IURl5YzsP0cWjebYks2N+DdI3RMpcvagEnUleCmxeI9y9hQBJc08Ym1XSskLbAWow9Qi+2Ep/IhYNZaULieq/2HQfrALgX/E4yWZjWFD4GKMwFiEuKdwO/VcIkpjXICL8mkMKudr9vhc8aZpnFwBHQ4eYhKrc45nDOujkJ3A2O5xugW8lnHXFd5BALaUVUuyuLwanzK4SQiiXv2sliP6C1bk00+d/jcVjK1pKWZiOYNw4OsIVDem+DO14ArwaAPc+AdoJVnHcdsPiKg2ruExq1fTFgToRpo36Qv5OvRM7tnOilksKuuspLgETnDD5zQMPKi02jOT9IxyRoqBhtcvdoicDQDtyoRLj3I1jb2puHh1d7gwzNCGso1AiJjGFVE6Odsb+EKSxCROSFBzFrRnrKMYTart2oQ+GsDbcS9ubG/VnyJG5bIy+JOL9rjlaKu8IMUVLRUbbuJbOimqyTEIlQj3AykGEMsZT0Ps7u6YbOK5tZbgLtQ4okm89UoEauiquujSrwzXgKiMpwrFbp+eRYpRZUoViecJ4cofq7WAllyCmlP7aosj/1PqTrXLE8tOo5H3+voQHdXbrv4CuShp8Yi+/sHjquYV54XtbUYBtkUZWMe+KK4lZOkP/YoGTI4t8UikDoWxYFat7D4K/1cs/Wzbb5ItkW4/+3ebllUeYWfkZmuJ3XtA7MjE4oJuYbFwJqsfVCIwIGtPttTTpXbU6JaUakEpUFqXlrvNVbeQleafoJviGtjR3sYzEW+hqlc9x/am+56iuAJOvggQ39h4gl6PiAsrhDoFbuIzKUNFi/nQq576L4aQrvGhAEAKWSw262o0B100Nk/jYX9RTw6VsYl80W15pKhY2zrzZ2aZCxsjAmb8MKKg24a53pcJ4wndjKvbMddIq53l4919goUG2ybT94d1nRQoLSHUg61LkfB+TrEmVE5ohed+uIio+AV+k+YlJFKEFQJRTpTjcfBHvOtGeFslG9+HmXWhYSPN8nAW0cu7MJZ7eRrAqZc8t8UTeeM4Z7AEhp0xByX8giLQS2wTqunG8ymmhh/Ui8aeSZBwHp2qkHcIOIpnsvuGejvhdMQU2cY/HUuPoAODz57MXMJZ6RB6FknZ/9XL8n9z3oDlaasfBM+ePN2X+McbCSO7Ct/QqBahBaZPF+HniCdl3U5qW98xhKzJLsgr/gsmWwPhR1hcpF89yOMzZPOLbuzE1L/zH/enrNIRTEaL6a7sj/r1WlSRaeSgStqp8t0vYsRzPWPydrArJqOnva7rQEeDpCyFr0o2vqDNe42q2iLS3Kb/xRmeZbo+IAxbjsd43V0IVbRaGqi9txG9u1pWFytNJWBX+NBk0104E4ozTe048+GDIE+rfD9e6Kal8IQqYZnaBZsx/8p2VHqHAsVmpmzehcGNz9vcogiyj22qRMG/Sa3L7uaFhctS0GW69AbOckLEU8hZIPnHC+1sEFbCXKgwePe8sc6QUPQwggvomIdPn7guRY/xsVNYZd6gYauZBggThakLVIlzImxqRjVrvgLh53U0j2FXVNo16vIAMD2AyYD1COjSu/UMpTgHMhorx232ssasM64gCNRV7OlfKmRoeel8ZyjQ0oAkLMdr+z+unSKzbcNK32MSnIjaTbSkY/yCay9i/4dVSTeZBz406FY/DypyfjZ9CJnFMCbfH1L/IsBB/p+f4joqdPtyHVt/aK6Aa237S20Ek/UOdUyrya/d4oS96rdQZ6kGj4nCToGu+adDZ7CxmkanTirt7ee7c3ygtkR9Z0QnHAcj8xYxK38S5D8DFxy38koLhNx/jeNnXJ+jERBOf5yPIPLbpfXd6/nxSZmBDOt6MyGtvf9+J7xPeWB3FBG5EUyrdysgRmiSVUB7ohM8UUFiivpVMhIXoG85xKTDQ5+OhxBAnKSVG+bRXQD2Y9eo+rwLxLoFxF8rMb4Mlpi5GZSc9qc6Ur9Da0VJh1J4SxqhTb1zcdwRDSySvv1CopOI1bxlg4ySzGo4OYY61Ru1KCn8Q5bSBg2GMsYaul0hqJGjyIxBWQsDpKmh8O6DkI6CKRotMYl9DcjEoCneZ4gbnvCEgrxKzPQZrblZP42+6S6x65P+wYrLrNwkMU0SGJ6mpsbEUEKpA3LzNDo/hF7feUl7HInLHzVBXb2gwrxhr7/IHBXA3FqHAKuZ/I6/2vXxI6h30RtFTXoTm5nHnBF/0UkGEhxfXUOm7/gFyWyHDZfhE5EKhw5P/pQu6j8i1HISQv44DiMCUKzWgMGWl85T6o3Q8jFO2CWaIVLuxqA0r5TD2fF+sVF/mMxFKDzp9oB8dde0eelEV/rQJ3NB7RpKPZCrG5gwmgCKlr5m38OnNivnu8RDuYKuikhPeSHbe7mLJEsiti9IXVrHz+gu3b+hepdl+M+cRTewocJAnvfdAa8+DwralLtWmGeiwvejbcTPG2em9a1CFEX1KBsHrkzp8k8zKubxlQmkFzZ1UZ5My7XR9CRG3LBkyoDjAk1RUcKlx8HvKFYQPPOnYHI9aXChwMuvouB83NsFFtTSsp2wmtsvL3GU7e3u2P7zym+NVLvTU6tSm9nH3t2zVUpA7EezRjPKZnv442z/1kd9wJmS0hcqLqxL86iLGbVdrESmc0ki7rbKtJNkYIxFoyXR7499NuA8WIajRM5JD0niz44G8l1FrnDOEYddD46LgIddGukd/l3tLFwIeqMG0EO/N1Or5EL1ImO/h++CcFkwqVAV4px4L/Xh0vkJW3Vp2FZKcxHD3u3oey/s37Wt3vim8m29SZ2VYzOVaFHYgM2GuLdVeMZ8y1Ewj1mvjNLVWsw8QBxxzaVN1JO3h3E/GNRAuHdLKM/lLA2sS9cZvd65zUMhmSVEHVMkMH3QkZl4ULYSyuzAZK6Nos6psGUiFZkfULdpzprXqEbMcbl/f3rVurLACYax1PVsVevlbzR4s7IzbeMkZDD94ETQ1b/e/9getowgQCQuvAD/Sji2GURVx5yJEY6LBuromNxKninWAX+gcJgv65Moq5krsw/22UXEsa8fmdoQ6MalMw/17XgP9PxF2KPgMoll8vZQbVVep5flSeoybN511OY95ZBm6H+bh4tecVEVu5sUTbfy9PgsFRz7o2faNn1rYmbkGNgllCbtKVUAA3HkqwffNbwyYCfbrKb7rYBraGe8268bVy8oiGt2dT42t6ejC+mXDbRvLu91cZ4GwliGd4WgfKEXCOZSQadzldDvejtSI2nihO6tFuCpzsI8KRZBC3ggoelxewA9SarsJljKWLeUf+cDyEVAoCVG6eJznbqKChXV/TsDeNoKGQsO/5J56PJovmqK9b9OqCkFLzrQG5XcJMw4scpxd3cjvaZWseYlLzhuFlh3THSSXCPM52gchaM8yP6tdWaFKEYnWyNw+NZON33AO0y7hDrtUg/nEglHTwhyIGGBaRj7u3uGktYaH+FJYnuinFc7LUdAOplfKPjzY9VAEtnm2rT61CD9CjZP0FmWHxuDPWQs2ld60Webxa38N2XjH32Cyt5khn/K1etcMhXs4TW4oVBQRcg+hF3FC+S54tcFohR4yPKmlfMfkfyEElGeKYktK0K0sJ5ycmzGNMPw2WQP+DWkv17AvJDpuZ96V7+K6vkN6PFlPWSKwcPs38ax33+I5zsAEP2YPmA6S4Y0VVZJmZDBmDLl4bPK5+rK80SZtLcuqoHMf3w1aQAkKCqI9mblApSBFC1jTloHDWf3P5EQIutUbIr6Gz/1m4hJjTkKR60p3Dbq74blhXOExlLlEFm2Uy91wE5O0FLrIQAO5ITMqv47ERBbvVWOzQKoGFthzoMbJw60fOJ2i7Lo/eDCeO3441u7T30/B8qduD6WSyartmdfS+klL7E0Fyr3Vr80mLz0sQce4mM9oKeANRmNJ+WRaR3zQJkBRupE0P+7JZeofaeaqszFjnlcueKc20RoIRJ9krv0Xilq1KqMSOltb+xNhVmc2yMoYCj+5XFN/kpW6AbIkb8auDEZC6r31UYDrzkYiwXDsnTZWIrDsgkGWJxxvBOhhQ9BsZTclZ3jc+DVkVQOCvoTNKQZfdVXfFYjUjHfnKO7S3hsCcJMmI4hX2lfjtrfTzOmOKsc1jPirRv1nQBMoRiEK1qBi/tV4HjmSrQOUYgX8UbHPaYMYRjZ403z0ZjD9j/HLXXvI9c2F3UEqxzMJhwiFsQJ6Ojh7csfr3M68NE2xWRJdL8TR1aPTEALWKQiT5sWU7ZbG3I2a+DylJkH4dv6WeWrfqGVErhD0hILVfmTBnyREpAsmFpvgeBcUYp44Svrt1aJ89dIZ2Xm+533JBtIv/Rd4jPsYcR/9vM86Hlq4dY75zfcIevHXVRwyUL+qgNO1SHpY1DErnTctzwvV93GAeU6QR55zd5LOBvzJTVAplUMnuMeLUKJBA647u8D2Hhs8wN9qhjn0lENaZqteX1q1wd1oVG+YqYGjuw9+3M1x2MDeqB4Nv3+lyJokZ9ovTWYy2mAM3r4axCtcWXHJX9+4iPK9DrURpuZ8DfQcEjE0addecXZwZ5exqSrB9pZtJRpiF97Mtyc9gUBJd8mT7CkXijwtvMNNH8mExL6vG02h8AWPN4MhHtiqpUWNeUPozbv8SjRWNIIwV+n2uBbqq4S4D/6JrgN+k9tk1qqmDyKfcH5z8RfYVgt+xDFMUn8ozLPxrpw0crwJpBWvhqC9r7iRwit5yh8UA6MjN09FGO2W/eUE1Ii2DcBcFW2Icj0mkPXVUiRo+jw4jMC2SzCt9CmHGF1KVybjSOa2tX572Sqg2WnmPX2fgIoUKgZlnPR4rKaNPEtGHkCKJdtpWTN5NEZ9mqsJuYeJ8BjDvHfpNu4l14N/Jz3Z+P3fJcyHPywmgkO29s2IfpX2Hu3Q5uaWj7hKlbKZleSN2aIm+7ueak5Rymd8dblNCrCX1fxJeKdXeYfjrCPdjyjQ05iXnBhF7bCxthDLXoi8Fw42fNYH5wbl4qhea0C9KiETRW3Q72heFhLDVIaQGcx7hjuWHVe5ffC3T5PPGBlF8ji4GqhHvXIAJEO/H6ahss1ZLPGzcUW73EBmk5FtAfJ0MKtFBC8QUD558lX4Lgq7HKGEPeR9r8BNRRmiXVhHdqMOKXCKJZt9LMBqIreyYNIRNpv1kJSrQvf7xMud5EVXc6kjqVkT3Sr9DgvtuMiPYT1W5ac3Hx9xMNqWAWE17UBuK9eSzET3Yt11lzXyO07LMdZh5MRd/rSV55RXZr3zISFSB8t0MYwN3Kp80rUhelcbu6Bxumx42Vd8V9p/vdz1CiYbWkXPgxU0F8ucB2LxFvbnoNUFkuNVOC0hEPjpST90FznWC+Xe31Omi5E8krtyqTFpIScQL8Qbv82jI/AoRaChu/JbZO5iQAvLCBZvjT7+PedYwzav5GYH88lKrErkXvwmSeIQ7wIX3ia4DH3GT3xGgSWLCV6qdvY23CPItEAK9utd9sveu6x2pEd2qN71HTm2fDrYfnSEzxWtk8h88mdWum7w8k02YLNzY76LW79eh8kMv+ZvXEpDD1xkBQC0tq9QGn7G8V6DM1XHttGAGuGlD6dCkc4voinMwFgz1wcXrAAXvPhZfl7Munq11rPIy4G0rbUSSXe0MmXvuju7RUUhM/79MN66snP/o1jx04hg49RoDnFcngBbkOeHa6+6f8DqGUTc/AMoIs3CXqbaHG7tptrgRKOeyyoUDtU0Vl2HtkJtLkmOjPwmOWOCCHtxCRaeCveepfMScMFd3mVPxME9JoS4Sxo5xRkWLAafzEyHPyir+0FlkU4taEWXXgX033AfN1Lr33Bvzeard2OWmLyLG9cm5Gy8HJ9SLkq+hqoWUDWjqun/qP2+o0CziDC374o10PSVrMIgiy60G68bybnK9x7m5Xlxdpb1t9pzXGCZyHaNU+Q+1rXlS8nvPnHDPwjkxO3/9s8u1vhzo8s3eNO9G/0rgJfweW9s6Augp2PRLVsWpeiRwyvNi46tDyWyJvyvSq8D6R4YFE22PGQxd2l7gZ85oA4j688n7NwyQh0Kjtnp1mnLDvIT4uZ4ebzdRchEObAGr53mvI5sWAfIrYCRR0qyubvst7J521Bcf24lxX4cfTFZwWQ75DabFpw5vsFYkEI5/5ZHlAX8AwyxgfKoJcfP7C/I2hEIBttd6LDMKdPbOFIgdBZERNeDHqEsk7PQf3NMeJa85jEO0i1FQXieKPZ3vEZNkC5oA7R9db+PB2f6PK5Gpm75g4Xt4tn/WBRxcA9Q9G2sfyZJHAx8NxZIk7ETOIc+kq/nEM9c0xMBc1+hwdKcFXIanmfDZTKAiHIJAtJAThY9CWwTBBzfooKCY1+RWukYpENm0hBCsM3eZDzqyTeOrh41L9yvHpIEyILboybH906CURNiMyaUDmTr5O1MNQLo+E9zsQixHTOhiNpVIEg4Zo/c0VaRn73juUl6b/miDmgTihxX3Ueaxiv6hBFV9F5h+nU7XZdgEfBjQhikzz/Y6ShhX7KNxvY8eVWqjALoN+nRHhTC0drNTa7uofbomRMg936WGqJ2H49tbj7jw5QSzdEkWS/4uYr5IOspKmv88K8IQXe05Liw/XoCteYJIbpHJkyFDdm+Y3kyA/R9Wj0wbl1t0xHjjG9B3BbS2DKU1ONm7EB4QqwUzPM4ic0y1EJWd3lcQUC9jFEhe4TcfGUIzxr/rd9NkSb/vKHE42+8ve2oWOSxgMvEF+Y6llnHYsLpyUgR62nrQU+RCf6FhJDxXUR23+vWmaJI/9tA1GJRsAyAhWGuvKwa5kmRGGWCOWMa/3jxieqoackEUc/qdPs3Tj96ANv6D6wigZAFuFOJzZZRdw2bsZBSF3fDneLJDTR4bHBQv6PN9DjbvOuCiXPYXQ1ZgopxuD4+hCmZXe0/tUucd41WCUAWSEmuhBJMC+1XFMUtxYHLHdXx6+N46AATi0asdnUrLWG0G0uKmQq3Ck2OpGsQNNuJuQv4xcwDd1Xu0ZY41koLmZdfnr60Zk6/v8NIoEvPbid9697R0WA0yDLfbWgDy6Nvtr7w7Mlwf5SoTz3YpImDOWqDjdx59K6S9BNcX5CuQ7NuM7mWXkbGN1cJjT52s/gz3ePJ75nDbOD3WweUcXPKtYl9QBnz4uRyXMuNWA1TnchrFxAb/v3279i4RCilRcpXS5FBWanAGnyZNSG4de8BaIATqQwQvH7USexU6YNJg1WzEp+TxhrlzQatL1C5nPbQtJaGau3M0HDK8uXA54vxf+YmI/bRSAU2rVOwtIQJOpoIbGjkkmQnyGy2JCuxldfAW7dcEXPjf59RUOoPh3VKM+SlSWn0a8OWib42y1qwhSRbqwkjyVlHXJ7OS5IlhXwNvxxo5G/QJiWYclp/tlSD/w+ltRVicHCk42J1LIful3NuE29OJlXxiMIt6XyrFK3EQityNvTzfT5oGzgAqCfiYVSZ3kta+a3SWZ05g0faRngMz8Z6wCZuf3gvFzYZZoY9w1836P8SET2RW+P7XrQqSfm/pWrCBpXrxRevVxbStBgDA3mf7SmKxvJHqdQzHjK7BCBlFrzm+u40e55u5K4DlwLnhKoCIvp3aVDXegKwRiQVcfyc8yX44cB7IIUUjmVxKIAZwg4PRivmqGki43CRbd3TTb+qqAB4zDZcdDSh9VwFrw+b5nLdsO+cV5C5m3kJZuKCh5WfIOWXWCgcaUJdJW/0JWdmzLodsgqWCKo6oIFJH5dIe/f1+JPXdfS7hCkT0u0XzojEwNVloIh+ttS7vPob1CTjGKC+Uc1O5xjQhFju+nLAshk5ijlc83n3HvSNbbNiI1imEWOobT3/Adn+xzyam+qOVf743/NnGAqna+YCDy9RYiPTmElRd8MXnrai7Hxv1H3PyFaifh+ZUdddrn4u8PG8MvjrmKDs1HSTUbkCafL1/jvRlBCTjUapMY2QydNpTN1gwH49Nx7ZiR7vCyHlgVtC4vAk2F/2pazyy6qd61hVs0h/m48oR0ydBXKow2rrp5L9B2r1D6jz3kn3BlEVP9Y4D9LZ+weSOYg3DINk92nFeWahmf7F1w4YRoKwQlWtJMBvcrdPhgryqHZLomm9IG3JAj+j5S0A822WRreb9fyIeBSdS28MC+iuIdINng0RsdtzgSNMenfuXAFySb78OrHLY96OWrsYnO8pK5rYhUU+Knt2eU3YuVeM78BSbLgNCXutxMDMUgGc/pY1/JOVtPrON0KjEgODR3JiGr+9AAlHAJcgGwNI6GvAs+42m7Qh82Myz11LcIgYLmZJsPko9QtG9SoDrUv+UzX4YS46LdYqrA9kYBP/Zyj/kVC0TH9DjwX9TQIxBuQmiGMxpq8KE7Bm3jeZzuluNCDHj5TZUkHYszBqaECRU2hSAJfkZ4pM/rvmezTjYWx7Rq8DNbxdgVfWPSFS4wIt2CFY+N3MMG3teM54zp64xK6Szxt6fPZQrJLCTTqNOiSjTustRAVpKMuFpP3axZn/RoFIbDILPGjyeu3IwlsQ8A+VVgLffnOEM8B7GxsE+xmiUQvKD4AuqqTpwXJulJoa5bfZUl5GcRcYywS9R2fAu8yE73VlGNOvsSOsxYv7pSW9ZwKEG/I/RIXQU/0Qpi+dANCMYbmJrR7yaSYgZeZQVJkrr15kwtlV+ZqH/1ynu+uuJUlk5r7ccKqwlpKsWh6RXiqS11L3ZMhwZyFxRyBeMV+WXab71cOkAQL7SOLV/GAsoCeDEQL0ur3cIXCmWRsoWOW+syo9eQ+ELqnho1OuI34HB29BCCaMcZhYaO8D0IhP6+LRnuSoyA3Zwsj03ujVDB6VmJQ2HR+8bEcGSgTbg9/yp2VBKw/vwKPOvPjgkuD215dmYS4VZb+DgVHvjuz8JIDVLVQ1ElpgVC/X1/HNWIGiKGWet+3UHMy7gv6JsipIKFjjtzoNEdop4P9XSN+MQkRQHaEsniIMeFcdL9jYl3OlQAaM5EXF4yIG72p3HkGs1/smXkAaPetVe/oNMVPxdnUcEfW9pwj1rucUkcDh5qibrIO4MOi+ZTnU4XV9W7CmC0tyUpiXU82R1yU1DyjJMCXyZ0peKv3k/eLKxW3t85y5dvGofertU6YjqQCd+k9U0Tf4nOV0PxLNLlU7ee1KynsyPBKz4G++4E1dgxMFKkmB7WV8U9KP3YFQrZjdYnnR92yGgk5OgDo0pcw+dlvMq5H36NZtaFRigH9MXQ48lJ0jsGDn6MM1pIRC/jGp9lTdcHHX2k6cZxFaj6jNCGLEK2C7MQq7cFwcvGa3/gHy+9Q8jfcCa+vUd6dVDuJUwqfPk0aYDOoZ4DkBHOPr8bNCtEFEuQ+KeuutO5gtjozT6oRFwVCTOS9L9b2TWRozRjonFPrImMdtKX1rexqbRXDsZRD3xdgziiMzEsx7qmAwM2XVNVOmAoJiejr6E2yGfHVqJtY4oJSHySfRh1aa4DKF5nWt0uiZuuvdTsOh2EPLFFL8H5FFN9wHdEaKJOtajTa08swy9QXj6TCXNJuQUzMA9eep3+xInL+O47VsfMUyVUm5QorNP09Uh2yii5dUDE0xMPUxnXfXrjaTEvLKje97yzfpDf5AEnAgJOql6Krr9lZQCTEzSAREi6Y/NTY5kLyGvuR1M4dMhk1awBNLkPt6te1ZbpVckLSpveo79Z1MHlTfcXZ1VsdoGcomN5QFh08nGI5oSREI/2QTgZHhbCDb25aGLJ++Eu7yCK62MjFJj4p0scmhPybbVTiqjUfmGxA59FzaMyxJ5KvYSPrpzjFnqXB/x0XglIQ6rryXVJdnXYnL72UitdJeXuNynh9ZEaNU9RyhQYX6RiQJI6vYK4iVPDeRjosKGQaTo/VvBtE8Q7p2VPbGat8ScQTioE8Yb8+2jmftbMvm7dUv/2bQ02EB1ixeNz5EiqWfTGds1K8BEMvYRxKpL6o8Y9r5dJ2+5Tv3lDbm8lInQJLy4m8yx/2hSTpnAwMPgo249KACb22cwcm0gVNUIOlBTJvFRrhr9rJHb9Poqh4Fwwg44l9mG7Bn7HLpfg58PLCNYdfUufW4eI5eazx+9cb+/Pu+EzYdjCuiyNfA72HL9YCPdJqY54UTcZOAsBhK+ZXS4JDQ1XONpGay8QIm7S5x7DeLH+2XpiSk4kuSZX/Y0YCDheD/+oDfYDhomi9j8R4rVegt/5rMKITLYG6vppaLKEivwagQRB/HplrZfKioFetQsxdwk5Kbtvl6ZrIx6lrCjBJS4VGcCoEZvk8MWTWaELJOqnqGiC3ucjOgopoZ98UrDjDnsEbFIJF3S7dFZtSPd1W+pUw2/kR4JQ2e/wIBANeJG+u9AVEJNYa716he5GND+uxYdRyZKIDN9m0IBjUtHZc16CvcpHogL/JeU8JcaiRjjpa8Drz4OVVeGHz5LeAH8LQEC99j/1gLrW1vA+T0tQb9spXN47oKP1cc1lM3HelOMVQK+K0bqn2HTZcrmO1f1col6Ex5j6QY4+ikdmFM97cdVNCL1+tLw6kBk8CYyqhgpUpas36kZaGtKqL88xbSw85KG4zzIVKFgfbHZ0vHQSi1t6TGD0jhvwxrtuPEjcgG0Suk0LfFwhD80bMN9GQYkZXhP9djPV957JUe4aK50/0lBQsvqk9SYlALZpdP8lJDytH38emYXor+LqTGY/bBszOpDp4l0PxDEP5wkJ9EbXiChh6Cs54Q9mFOwvGjjQ2uEbEVbGKEjCly3KlS+qt1P4h9LvNoBDMRyVJOsnRsJZNokJ8J6HDJTAiLKSgDbsTI9HhSF0bo4MfrgoRgG2QMt9jnyvHSsZ7q5Bta3tsM/uaerzAljwCcYeWXhsmI5cg8cMGsOeFND24Oxcbz0wMp75gUVVn9bxrEYxNLjycE+jtvyyrHvrt2QDnTJclIRSb89ioQhPWE/fgyST027cZAw2z2+fjbyJrwF0RwxTphwqoqC1UvPNLj3xNSY78GZqD4cAo27pWEktAKJEGz3sh9SBX/YL4CcL+Gq4XSh5gXVDGS6lgqIT/c6dmR0F7JHMNrTenBmcsLgeQG/0aGEH+N6lxPdm9D1Bwb+i09Yp28G+gJ8wuTIxtNbnYQ/32XHRmE7Ea+2gCQ5/C7MVRHvQ/uZIK+Eqa4SCYfIuK0OC+5Mg942baBHYwdSd6bgayAs0h+2+UiVOE1pUZN+5m8d5hXSnNyVr2N7DqBRRFqXLgTy+Gt9qW1ptz0alopIHi8Bd0Eorj5elbW2y9gUXNLCf+Blc3WK4hr54a7kZQnPu3aGzP/rtO4dUAZRMnVe72bkvjd3ZVH0dY21SpDhoUX7MPqJaEciPHsq8jxjCxiibdq6Btg15wpJuAkWhJA78JGKhBMTX7IY9Do9J/uD133dQfIx6Un7U/CI7NJoRioAkW2+eqz4eqX1IvuUOVcLXCOMq4s8WC9ZZolFDTkGypuGnC41awGLUv1CQy9C1CNGJM6rBlRvVTItgWnTpc2n3zaGxW55OYQklBFI2Nh9CeAYFWzidLbTNlmD34+L/U+sszinPm86reftyZRjOl8H3x6Qu6JwzEZqosJFK/F674rxENi/HeMw4aebPWDrAI30A1VlGoPpjtZyTak17eYIdkqV6oTdVHy7+Tsb9GUVk0g6UfVPWy0wSJDt2wfYnC20m3ef9cAyljeuSjOn+5nexAQ8lWRWl8lyfLZY8TkzPGu7iF5kf6auNx9YowvUlh/6gnDRwarKTHfxlqpk90i3N0NbGNSBSpmyN7ZWZvrw/Udq5NdZs+zFEmJMHJo8zJzEQ5UiYURwA3gDuIdbRRBcmqf0QANkS4aOtJVCr/7c5mYpV5xTW/anzcKtW8ZahrHwwgfPDsfw9iZkgh7WzSNfTczgUnMrkrxYjmVOC/psIEdcr/WoI3sYTWUdGKwDKLbUV/pBF56BLjvlpIKskZePtJQ40xgjrxxXkgKMa9KCrkM/kxSMk5TYrjHxHRxYSsIBJWmwweLL0Pcsi4u2Nwa82peYTyKIV16ObR31XVmZSQFnCki7uMiuYBYnEO6tuPcoR9I5ijv7iCZLSXEn9UOcNY9u15NHASRsRRGdiulNSikkuOOs6T08Ciu/JqNKb69pBH3FZAqnBtyV643/kP7htf+tPLnmYOPIuN72STFo+z/SEW1b7Q/wEDQIUQfhlxj0saK8wTSvHbk49LMCbnAE/ucX3kpvXqndhCOqb3nP4bd0T2wZ7mqBoSLgNMLuEAu7MYE+eUfU7Sf2JqesZuDmlDJ/cXeljpXpPZ0sepzHY4wCbJDjvhYo4zg3TGCXwD3z1KErgwhBeYQQho55TLy0nGdZKU8mMQit4NYDF0O9gSuUe2CsnFVU/Pw2WwuwVL76u7yD4RiM5vfpXi9+nr53cST0EvtcloKlTQod1/pfWfoesjbSwUvfhNoC5U352/xs0Q6DM/aw4vRINfYcj/TcZCaUA4XdPlU3EzLp41atZrgzaPscmnoSb1LkZ5F9erle8QuEu9rP4Nne6Bt4lz3PcE7acXBSKkKgOL4L2lDUzpLYMeJAptwjPlljz0I3uy3Ulto02cpzm4oK9XiPQxct4ReeSsfWGd8x+Jmcs8AxyY//5XsVuy6ioXfSnQhaV/MX69qBcCfHCnEMiUfEfXPUAgNDAQuiReOWxGPsAdhQDSsFrljUzk1/nuH0qFPN7ycUJYhCKvQhpvEawhREUmqXmCwrotzCMR0kBOF1EjzWCLG62BkcdzvICq2+sfZZDMDtqn7O1FjkaP5Fl7EU05x9g+Q6Goxzh3E+NhibyVP1mc4DXjZ2GcxmzLY80FXum6uxg2F5VphPF/QpzkVRKHZciELZqF5MQZQwCltkVG03a5XAUkJ8m3S12Lcrrk6AQlQ5jPcnX8kQmuEUjuN3OrhxwoKh/1zRw6+PgyT3NrKW5BiV3b+hBssKfvuzlys1eLy/Lteh1RwpVo6FH0VtMt9kJHMrNh6kqYYu9w1efDRXyLmrfkPw+ocBwHoLAw8i6HsGuIcSCCfqigT5U6irwPgavFNiIWNWEnwa1VfrDwhPQqLEfTk9YQMCfA9A9OD6HWbfaml+vspEgFd1zu4+TTFjQvd9Ask/9ia9O8M1PXvSqVvpiA9z8sKOqizTQVYUyxp8UzsSyQS56VndjQlzXdwgjZg/6ZDcUFAzXK0/gU9PYsRXFs+4txy8HVI0BMrHoeiJWBP2bMPJ1d3hGIhpDhWsXhvAawb2W/jA90R+ww6XLHyXRcCpheFVUXMLYI8d0pVtB9uZayai3b+ALp8R5oNob5rr7RBARJQBa4bhCANZU3TkSS0s3OiP9Xo74Z38OiP4iadN7H3UlirJ44Ju8adnTxrRDA+eQ2AcYO9i2VktZIdO/oLsblITMmDSyvTM+MG/5BlLqGR9zlsRkUJAb+5lkDSBSgKgsgL2Ol6biSMYPxa5Yl6H6sTISokxEvSbiyi5zjFvo7xUnLp0nWmi8g/aUoOTyc41tsMimKlLkTH9hnb7hqf/r/z17zXw/truqVfONUmbDoMGBsr63aGcpNjQfA7TR3tHTJbg23cmKhk11i7++4RAhyn/QmyVKQ1Qws8Xn474QlttHQfySBW98bBlEBexS+v+t67jHSkff8ZRVVUN26DjknmAdWPyW8g5xFo0EY4rZXN6+vTKZMpnNHxCbMFYozJ1QfTBEAiZqDCFIssiHvOcoUbYwjosG2WfUhwI+IHfvs31wxHnDG9Oeo8AfsZ9SsT+pmQJUZLAMEmPbdPy4BrefOh0nbT0MwPo/aeBJgiRBo4BM2yDHw+27Brt8JledD88gK95k8OUvq7apCR1CxpagSGyY1zL39fwKzF14b4s7ZxDRR+3KYoETJKk2l5FC6ShSnEcF92wbZrZNla9YNgrcHa9XE5GxnRytLm9V7JRODJO9hZNjV8FaCGyX+3CVVhut/n14r7jq3RYTiHKhsCqxLgW+itOHWBRE0YN6oRhQuqrVIrl7VX+1Ejz1pgL6iY4Y7PrfvyrGHefzhMGw1bs+pun03JvY6TZfFqU/mT5eesHxCmb5AjMcZV9Q79xMDn90W11NCnSSahoUocfYhmKpbJUjz7cj/5y1lECQUUA4mWzSA54c6Eyy4tY9BfO3wfPQQ2HvgJ7UhUeae8g9HUBRAerIlpcJKmdIUvJCUCHTIjcPHiKvdmq7obds0rTZ9FyAVC8HH96PvSpD1qBH5qlm9uynpabJqJ+hDOkjwn6TT/dOM0cQ1pdt/JhwQDq6cRte1KyHF7Prx8KDTpNRjcpns+cLy+aKP40bsYr/88Y6rdVlEVrOwhQebFMqjaUSPxQfi+DqFFLB7CYvah07TSqUsbT3lKFbdy/Q5Ok94QZ2tlhzlzp716gQxNN7JrF2GNWqVpNMhz4Z8EjoukaP0M2HmNoIzme6stbDBBLeUVtrazJlp2043PtYLWfAdZmYUB7FnkdEXZE4U8NGHYoDkHUWY7b49yyYSgCpPVL/7OBQd65V8ST/M466v1beKsp+4L2O6kkcrbtRbqtkDYqN/AxGTP4Y5jy44UoRNbawCDrkEqpY7/o1aginMbN7sxeHKaBVDlUfTxcTDhXhGoh0ZTpTJ86FBbaphF+BT9kypbQFfBMgmbeXG6HnmP1jcuoHvhTLRFbpbWweIXl6nEWCZXBOfDw5+DrcIheiGH8vclzWtGwiJuQ56MWf0j2qL7AMXMCvvZYoK+8jfJmqJaZ1BKn/jMh4kmzPE/KWK1LT/X7oCwGngUfhVG7jVBoUTDdIMW17dylQR72eulQyArKd91porXEKP5vUkps7woBY2U04yJfWWIRs2e6ldTEsd55LZXsN9Xak4JxxkpKY05HH8uLJjoCUGoEnssgPffBEM2tpaEG4+3Mps2XurlBM8HsOfjlHeJWeXuvZ4RZmdvyZL0UrxSKEWAWWbKxocZFWf7lYwVs7u/CcL5XS/zrXkPGaq3blrgaoDtPsRxxDDRS6JZUBn//USbFQhPlyNqc6WCgiWzY9wDawDdPbwXBxmA7CGsGKG7C+3+1sdVjwgkmnFwWGq0Etl1+WViy8mHSn8yciL+l5bzV3tXZuS+7iamrIwaFtE3Ke1c+erJvUJAzBrYUTiowF+AqjQJZm3OIwrnLSn+Ulc4A5YUdfpE4ArZpF77NSck+rFF/3Jg38dOzY6EyIk4bUSbbdADdgpFuKXwAVLGNuaJQc6LhhaS4KFH6byLzNxUrdJyWzg6Qmn/TJTHPEzICbuQzk+I7gGMACdUfaq7nChNcMrizxwrKSjUGas8mHL4XNTefYAJxt3sMbNReQES2Erz9RiGAqopP604EDg0dPwuiC4+TILZ2xM8Voz3jxTR3/YIu42dOK9rrlS6SLh+LCwNLkTcSIukXg6LUwYx5AX4gga82xgA3EAAiqGZZAckzVvnf38ke5nb25Izc5zQ+0i2BBqbtu2ipqyay9suOPgetw/R1OJiHEXWatTO1j/us0zCrIy7wc2Z+dYNgZBWnBhCqcY9SWDArUU94IdDprobgL5vcoZbFUJb6f45QRALgdfmQtlUOUFrv4Nacx0pcoQZ4F2bwaU0VYUW92sxlExsMbvJ/idGg5CbP2IsqO4gxo7/3IUrmri1WGvVvY8Mffv0sV7on0dyLFNJs2xQJkFjbT0qqwovEM03M3fgyZ1s9/0FjVLhCup1MT4AgjE8m/AtSEiOjRgIVf7hyo4wQA935Cec/86NREF9SoE1RjsnkjT31U3kce64BMX9/bpkSvDoci/Yra75thK8J7G0ZZmjMr5WOTfr5cUF3u+74GwB80yPBUV0ZWJXBCFN+Lo6p6Zb7WRhzpUPZpb7KyzRNozahsW3rFIjuUafYB8uFp4ZNgJd7YEiAAjecY9QxCGiKQxj2LkwJKO2+RRy/JfTQ+LIs0BqYbQBc5R7E21ZAXj3i9cfHzGFB/WtRy7kN0tkWIWWwwy2Sz7TasSTYR+FMNh2AXirdnOJLPCcYPB2cSaEsNoZfLQbcAbfnNiAX8boIz90eoLruf6IpcnJNpEQlQ3U7XwQxZgzPGufPJbCAV5G7EUQm98kcS0znshf4U/mVFov26bRkCMp5JMLe7CqGMSm2pzDbob9yKYzq1aHn6HwAhON7HtOAiz0LCvUpwiz9RJvFqJK2LM7pI0EI7bv1eY0gQDYqC0wGZ10+1oi1HtuBU4vN4ztrP/LiZBKYdddDb1AcUPmWVA42dCuPVw7PW3snpg4BlH3YMw2TtgZYFs/8fJBBquRaX/6b9neYnwHfj0v5UEITOEzALC+wRRvla5X8NC9alucOY8YaAb10nVhUG5FV0M6LPFQCeSYrnre6dY9AbI5Yb5opaAo8mAdDoDUaMNEujMdYRuWw1i2Ay6LTaBUf8Eb68R1Ea3nMIs8piZflAB3nAdjKcdRRrxv8YIvXR8w55YFvbAZmBcYuYbQ8H6DTLDZ3rg2D/t/Yd+YI0XvJ6dHkCly0t5PjSBoGnjZPslv4jwmv66E+xTbQ7AeHpBWuMSeA5LPoziq8vC1bFY+Pl5npdX+/jOI+F2QyJnaIPAZj5dtRYZCosk63uejR6XkaB+btbEPS9iqUe39bj9Q59o6xi0U2rQVC/SXQC/cRaIV4Q3LAcNUlZsQz+Mcfp2H/zPYD8Br2MxbAQmAiKGVDu0NsBqhMpZ6tHIjX1ZCSDsl6vtpmjDm4YTN+oisFsfYC//Tji4fxwWCHqac1f3xaR//fVBXAMUdhgzloJbuY36+072dcmgSbHaha3RbwxilGrBIDGCtAEDyfa3ltLBsQI5WssUOn1a5uLQl5VXC+GMItvHDgwPxzFww8m5mutf+cvcKZe7Uy+cCTrGqAfVkML1XqR3i9rtnsRE58OISAwQb8IDqz1mjPZnNnxkpFBuwtNC+ue9sAx7tMd4056EAn4clFVsDFYICqdPpqaLoMSSniZepN1rWFnrVSqdMY0jMVNNEzF3JSH2EcEnV6rsPoDyPsNDj+p7KhyaQlVng15JpBGvcWeoQxwzisC1JnsIk3H9/6NHrG8s0MrHbWDP/XyIm2cteZc7kMFWMGO06PIbOGvB7FY8kTNDeITSsfB03HP+/rk20CAGiVy5THFc82ptbTVKOzZtpa1TJB6ntBFRHp5u0COw5to31BLtR9Fm8P/ye7PQSUxNuX5mWbyGIH9ZW68Q0VAXFINvAY0ZbUhQJkzXQRYVzMtW55UFRRzFiKvjWDBgBZdlxph4GtwqbODR2XbK6lygC1F/S3surjQmKjCodHzR2HGzyYYeafKvwb7aASTcKS19DQS6iX1FOjs2tBSZhFeSn7LE4cjGAj4tFljdY8/Qa/W7UKLMIGwUS/WKlTD86+7W2dktlMFKhKUnJr4sLA9RBEiWfkDs9EA45UNmA/d6cfoVwHBa67ckCNXF72OncMB2a3Ja+GIOzYvEjvQqYaSiseZclF6tcJGJCIDd/Iwk27ojLvXPfkw1kcC74gdgR4OFJji8cE+sfw0XXSVjvQqeIa2QAoIJm6bobN4lslTMNlwd8u+jrPHZxxg1m7KM12WRTB9tEFlbvTmW0v8V5snRSvrwZvYcKoRGOXD1QEjtXp6BxBZL1eQdLh1oDpJajo7+Ow0SYoveAWghmjy2smRzEzkuepEiH5cfAvOWMgAdKudTbrrKFMbdzn1MODe3Js7L42tTaHzLewlMd+etfvrBZjk/RoRfbpwOjw3KXV3dMxvO+HV8XdK76jwLlC8ZEBCMOemfo/eeb1VmprDnQczfdySaKDrpFp6QYdtFRtCPqxAM7VQvSjBfEcBNEY7PZ9mJiH7G0vo+74lIBJaIWzfydrj3ry6SFDGkNRbXtQw14wpbDVDEUMG3YYi18Yi4nyXCh3jHLN3sBr3MH4rIu/aMkkangKUM5yj2nYffTbPyIFMGynKcxkhAl/2lX7VIDJwgKn6TBZmL8E0+tzHBIhG1GreADC4P9Ga3IfN8W+AQkTkbioJIy1K/ztZl2uY+sFDKKLRoySWtJmY8kfO2r2bgiA/fhPSBvzfTjPZKmxTwm5czibWV5lixOMd9k/cuPpjnO5EHIMx/Uei5f80R74kUAynpSSZcQZ8HVBrJaUgi2dL/UyuTZHrVVAQqkIsyCQJ1QeWkPN0PQD9rvvK91QnLchFY7A1K3oUMRr1XSRTFazifGU2nhX3FR1B0ctHRmDvNfXypBtkP6XkYFdfT6m3liIypcMvkIMYoER2vOdN5tX5jcAndAwrv/Bbaq/l/Y0QP4J+SIlKK9NGARdb6h+hekGxFVJaPn2/DY1aT3zlxvxzpvTyFlEkF8n2tCYAyksoLLmG+F0PFwmXnYtEoJwHy4bXwSRJe8hvCCEgQRm4h1PBW9amk7A/zdu0XVrGvnSrXw70SwvpR1p+S0BFVi8DNpj6yhVAy8m/liz0dkwe9AlO5LZ0K3YcSbRtO5QD0RorQZ7arPkxv72cMqJkVYUINivF/JkCXsYrA04CdjXKctfoQywzjsU80SIgvAHEhoXiT33IxgKndGmY5DUJG2SWCUidYT0dXlkPeObXTs/AYdVwSLrZ528wLFucYQElfpOnilt9j+DPKP8diCI1DHeKyKMOV9Ks/E1fuMGSESTsEcd9NW4ELa0VThEW7afMaSRPKVFmtU49NBkEoad1TjI58yVXDNu/Sofe7opmt/KzNHnUaPvBpQdDv1bMGAZz+4blvaMPs80O0wTqSaAj7jPQGXppXQxdmAk8U2aDEIRDuUjRVTWEonEzP3+9BDxNZqkXBu3svwf2iUwE8plOe12ro0+8+fBVUg1NuMSf1gKC0yrfylVbBEA9uVgan+PmvRBxoelq/1eFnILVcPAzCABmHRyVL5/iaUaR2bnoWcngu6OU529AwKpYN5o8tqWiKDmT6QxBZwAq9JION/W/I8FULRbqtwsQUer4MoI8/ExvHc26/YHjeRjm+HTvi1yzhm/DMANzetkooLpTkuTFIvxUgR4veE3Dfv5mgx2fGGtIPQVqAzgmrnPYj3MphcTMsfMro19LTMR/3PBKpus7lS0yxnz3fi4XRG4gQYCrIfuAkIlROLSkp5f4boCIiweSZMS0v81/46e3uStsQ586Wzq80pGJv3tU14H/A9cib28OB4Tq2p+SmZ7pxDjUfqosgGjxhFGX4wccdLBjxeHfnXCmuYds5UTJhWH0vk9yVELm0rc32ckagyFyTOCWP1XrLa/YTWzNX4YreF3DnUqxVyInIO+dohe4xFzyuiQXcOa0SirGCDq2c7rLXLfKVUt5W0FucCwcmAu3uHx4uOlJujIDBI4G2EFzhnq1MkvkCg0OZDbaFnVP+YsqrhcM+F7dXMI8Ueh6SXyoFdXc4PirUlVPhJ7YmV3mTF80znFD766cjbwUEwZh6M7AMMia0ME8ZsDReikFzccGq3OZqGjAC+iDCZXR5E8UIN07kNNEH7ZvaGHISjX5WcSVo75UQOz5Zl5uukVyDeZSo0BgDHNW7+JNIov+bqIEPneRxRu3KQeYwrZHaDDaEv4CKH6ed3qj+6HDVbF6ci02L4RhT7rjjadtzUQGIZiNALz3mvJdWynAlNsqIxRtADr9QZQ+eqjyyU4Z2dgp7LSxf4T0LYwemI1pPfSh+2WQMoZf9RVMPx1y0lOgHfxGLiHzNqiXHfrT2hXWke+k+d3BToa+Hr+vPEI6ldn1swVHVO+hUKw5zSlVL+NgJXNi397O9AU7RfmKP9gx6yt0mpOw5vNc+0DIzVqmZ6FVgbwv7e1Jj9nGJ3OED89OnkWcBSzrv7t+nf1rByxPu41Hbje5PFxHiEDMJkeYMOEDcHTqqHaqQWz1mv1Iu8Kiz7SdOpUyTlQ8SXZtuyTRNOdFzMqijJm/J0kGu2aybc+Y340v7VDYhCSadEsRUurL5eONzIh5gNo4uJdYSmX6Bs7dLJJPl8usWZaWUWqPZXdCdSeNDXQgqI3wrES9ZMe64Hw/45fFszALI72s2aBfuftzEIwKmdVn+6my91qzYgfhVX9r8lXxM3/wWdv0b4yUdZuiEnfDN4T0FkX3tE9sWWpYzpLmZhkavj7FNK1EF1+8MA9Ops5kgwmgQs5zmnkZeYzYXiFsSjB/bi3fe7z+EU6Afv41Tbn5X+cOflVb2RFJULs9PZhwWMiu7JPknIj8hWUudUYDtCa8DZDzQISRxHC06xPxmTmfTsnxOtqVEDxFNzBeaR506aSo3WR+cRqV5zy2LcYBjP2HuOE4F7RO4U3mY79LyAg0HzJpSeIaanXCVwd4QZva9XM96WI7vvG/kOwNfHRO00ZZ8BDm5jhjcWEnDs0x4U+H9i44qXQ7S8KZ6eD+lTqO2qkp/mBDyd1ohE5TAT6vpE7nN3dUtPoOis7QbUFnosWcykzaGGnAbrrftkiFUAFaiFIsMOk+hk5mnYIiS5Z8MCC4+o0eTjULbLzFN6SLV4QRY6LjW8a7GwWyEwo3wo53HGy0vomzl7RUyLWeWU/swTtZ3yGGiHTMLLWnnE0H1WoZjew1jrTmajMbdsEot1fN2SrLlI3K31mQ4EiqOHTUar751wGFj5XegEHSpoKMmeImJRnkkaQlN/bll9XSijIksbwl35FU770u8dLLuiyuU0fVfofAHifYTaLb0zMKfwWlhhSh7Nur3PzNOeVia6r2gSN5kOmZGnMEIGpk72hkSCO+ikIOdoWeWeVODl7JXuKh7O55YkFEUMdsFonHtI+CAuw3+yJM9awL+hVwMoqKPXx3qxALYQ7E/7R2DVwfwTPvb2sSUHoFHwSsV2CvpbKduDQ3SXyDw5x25W0HD7kGvO1ECZ3i0OIiV18i5HSWgt5G7qyYB9o0Gil+6EZTpVdEn/iyeuaUk/2oZvin7XlbkjuXIjUUCHg0lktUsVsWBkTZFUhaFpdyJbiEe7DdCFE37EfK7wr7sgViBUSOFlLEjoEn/GA553wVwjeLfn0VoN4pMxGorzhOeUkw5j2B0+HvZs2rFtHP2hsFTaX3CGNTqAxE/qJNbQft4c7eyzJkjEk6996vmRXwN3kG8eOrgj1lgcwo08wwrWtIPkvHnOLJ3YvFSZPpR+uN94e0QpQ9P3tSfq+LN4oi2CcnjYnF6b6PlQiuPCrUYpA1hjCvs02wTu3gpOtJ/Z9RBGn0/lQOSwZkQQ8hbLvJDZeu1iry5gYRDMkZbmON96kQW7w02xT5NwaJHV1kBsv8124XTEgTJKbIkSsWJNhHgHMoYM4cePy/7+CLKymCPbkT9kk5dboP9IR2EGhlHPm22pA+CRREjGzZ1MqJaHj1KCvkyMwG4qQEB4V13h01y8YwjMW0NduEohYFp9OmFy1lEcaL9mOdSchwSBjQPOC473qoqiqvQ8a05OvxgjrGYuBS+id11eHwIB8d7XM86A2pVaiiaQLJVjPmKphRkkdLWvIH2m33tP1fxhzU9UNaK9K6331IWk2Ljbn8zj4e+OAgHkV4xUZzvB3F6h2E3y5uXoTN/yQSDKGGSJYawTS819bzWRm/bc1XEOaC8h0dIBx8KVJcxTOcfZeOO3SJNebVfzAAKnmxbVRRZ2JeFdlEElSUUGTPGhwzu9O0n4lmxQkhceaZ7yWN+rgcBFzVbrMLaUY+cjT1E3tzuEF3Q0gAus6/xoX8N7vp7+QHDT8OgOV0RW2Pj6ZOBEsuty6iLrU/4e/jpEOTOsp/jLDjy2bX1ylsvJHpC5wISF0Bs5UBJTqmW1OkywKJ4upfQE+h0Pzy7J3mdbYSE25c5w0nHCFBfJ0riqqsE4WZ0HF5QO3Xf1C8taPKsukHNzCWZ/JkFGKlQHDz1RkhLTnBl6YpR1L4VIYggxE5vxw51l8ZTRkREP0ukSKr1jerY++R5bTIDx2FJlm0GG7BnpziauS9tvNrFPv1StFlTz7lyebBwuIvvhXAr4zMV4DAc1+E2+mnkLre6CRcBsfKNzMcs2mACoVbq61c1gyItDCmn1Ohp6OCiRVJZHmb5D0G130x2gbtO6ziPF4XZS4XTINftyv1PuMGs0BqJokCIbTO91APiOV6b1cSiMz/3Npeinofh7+XvRe+CEiV0PzhetXjNShuMRCR3Zhg6OIO4TRzwRVfX2ljXjlHBOqnQAlFIkbPqbNm22Vvh9HwT//R8EeIwGgwhx7Fpk/u5oW9gPCxKG2DdDBJ9//HHXRL2b7W9C3Gool046G50wZx+ADl1GOJEDx++ue8FhhfwaZ/hnCdAdK2bt/v3v0SYrykxwMvmUcL70Q0wf0E0wG+ibMcBELT5qwkiDkotFqTQHgYZ9QjLsLb3wlBRoXpextZVL1G9zAXQTbVfxzutIdEPcUyGFe6c6vuGIDJrTL7sH4ftSpojZ1v5tsN+Q7NTJSDID9jbuAJJtyiDAls82Nnvwt/HJdQ4or+mawLJOOpDCcObbgVVIRzzPIZ6l1rVHAcHBTeW1V+tCqNE/OrvNCK/8wqXmsEm41jTLlZV+g9QLD3OvRUTMz2sfSwjTwHsn+42MKWKkAHZtEfx1fTg+QlB3IxDbNMHnnziIBDsXvL6RSQx/BPisy3JbTQ5+9SHByBkpf/COdN8L2ahZc5vqmzfi+A/V3BXna917h0D3So+6qx9oPbj0XeJlQ6VJC8picIcjaRJGmgtEj6d5aBKNnJLuEBDzN61HF+/xXbXtPASbNBHgMV6qRZO35mC+2gIOnMIDkc74U3RXaFOw8iuJJdXYHFhFu4NMIeLRFKXtsyDMmAZSfR2vG7uWqP7cb56OrUIervLHII5Aky0xwiL49vDvhvfJjTozNerVvNMqvdlCif5NMJGqgkv18wMvWJIVbjnM09eRW54doubayebybpYRGNFLhGLhZhO7muwfHrnsf6c1/E/NCrfHsA8CSpcoCH90XdqkJYPRGa4CR7I0IYDGr1ud1KZgDXzRTZ3XZNRyYh7huu8rsEzXRh83GRSrMmcQRaFV2YMeqHk9d81ZWSxDQPhsvBg0e1jsC6I4uWvsDL3dyuCqRCVC7uH/UMmG6ms5hHs8wJL/a8gt1z5RYdugiEo28ggNaC/8J0v2L8qPnrCq34Ko1zPOXyjDoESxysVKm0v3GfAt+uk6C65ziXMB54YQT0d5fw7gea2x3xhgB0NWolqjggam1xayw+Z0U9KHaYuteystaNwkEqr+O+XExfN+Dsxfn2pEaYmvBMTiXrqsR57ByMHrdPDBZbSpQ1k8wzkJbWatWI1rEwsWaV5b2V7FV6k+q1ZG+ltfza0tO8MGybbBVJSpCrRU5l5eyeO5jpYR9dwggW7JPkR+yD8EZ7GDAu5iD35l3jMYdMnccr/YYWup2mtV5GMRUOYvtA0OjCp8pYBKOdWBhqUOSXE5Ymd44lsGdN/GBA/iRWgs34Hu4ZOjrzVe9sw3TOFDhGkwb+f4lX9IkoMSpVdl0ENfZWo1S5ySaE7YvVF0Bzc/1dTgdeMoCHheql+YDCRfbwOJeCkK+nC2vYhViX+YtqpIW5YGXVN72Z9l9dPiksLggZpSg5HJlGJNeEhp1+bqZ/sYBBAk7cB9ynwOpzldh4UlPehIM8z/2zHcgfnDK7hKU+wXddD62uAKJr7MXqGBnTP4dv9FlhqDwZ4WuJzpgocfWFE/j7FSvOB4yUB1RKwTJpLuGRCgJDmViuBIdxUTQuqWxLazWkn1Hz4DGRaeubhdVAR5VTml5o+h+9WDwGTSRitnXxlKPdtN1bpnz7gHgkvT/yXp0WZ/qJ5wIOjgvst5yqAPV0rcgm1rg3EW+on6HQ1uGTqq9aVkJCXYQpBUXylKB1OpFbZExJT0viGaGncBbc2DhDGuoAAc3IrnpvxohyZXjZcChXpUIkKpaSg6XzObp/B142uir5Jc4w12ftblX0sDGIDVYsE5rkahEz8fnSPyXvug9t2Hv33a9Wil+54KO/2nMXYjcAmV5VXIqr0mP9I4gzoSGIuKX/vrSAug4+bsSBqJkUcqWYqAMNpthsa8fy9RROpUnSghHqWPqnDr9MHmZcH+m1IEtdb4SCLDB+S0pxQHN67CP8Y7ZbNfhqEAJtvS2GTmv5C4nVO9xySmhbuMEkGbv1uP/qUOwIQiqaewmxApRx42cr2YfH44O6GqoTLXX3UV8aZSywhu5F1XBIwT/rR4X2xBkWNlq7K10JGS9fLb6v7CCPAg8SVwoYTbrcPlhZWZcE8UNR0Ah++knSRbMomEmJ1cr5RQ80v8DtFulrWPqZE233taehJqYRLh4LoBrRoPifBV3TwcflM2k4rTLElLMZniWZtCCYJTWykM9FMlrwtKge+mtBSlg+6wlSCpgf3zKEHWBjpYb6R1pyRgTaA7xbkqLg0uCjas/kxzpVFHQogQc4Z/WcBlnoGQT5ocdUNpjmJWLWdEwWnOejbeAajWFUNP875AM/egZpbD0J99FnHLz1XNcAU1ZVZHB3RWdpok5dnRFiOiNsVT9mGdiYMgmMVd8Ww+j4toGEkQZ6c8wvGl6VuzmaaXHTdgJpR/ib3i8oKzOBCSi+Te0RKsTXDiDVOfI/NmgJCFvuv8cRgTE3damcmu19i6OLFhOEx0YBKGWd2pRAQzfbFHTmfx1wUvOYoOcO0gXF6U1ucxsGxvUc2ABlpYEo91Wvrm+uOO1tLsQwagoR/dIrDX1fpJIp0xZpNuRkGlOUj9R2w5+Kmf2XTl7AdWS1MV2L+ZRxvKDvL2bSQksbGr5OuBZCJ7CFyaqUVuoTST/VY+Bv1Rz1aUx4/IqTBG0iiXtANhvNFUMB/0t+08FwxF5E1EXSrirjiUfXsif30CEmPG8pyhm5EQwxW0Pd9HL7sWSR6QAtzLGvUM4DNlgep7+7spDBkaL1B6Qc9WQ4QhcOkU+uqyfCxXn3JurRIWhZX+G+mSUhKbblazOR96sUEM0eDvPc3KvS/aIk1fZgIL3Tg6h16LRtxakZJfF9Px9e6vtOKx85vsWblhiPjD7sGQ3z0REmOnXZMooch5uauOm3XUoXxd6ebzqiFoq4mBba39a2ofJjT88A7IQDeBAl7WiQxISXQnBr1D7eb9zvCfL20KBE5lSu9iQTb1A9RZw+iYRYWKR6kSnN0k7yX24nHiMd/V9fjSqvMPxtr+g1/soVdek/Zn9p0NlwGLqyGSt1MkWZ0pRq8qhze7aL4v8X8lLOvTae5po1tK8lHjPxp0bJxXeBMzRNkpn8qiCwk46Kz/JUS7QChLjF+5QGBmAlfdEbOqnI7WGNJO3/IwbTIPHQMBDjOn0gV/Oztg8d1ia5ciAZlUGoA1NbCdxvAyi8btoze16pN5E8zxCV9Gv7OJ/bfORChq4/EDogdOF1STQKRoMa/rd3Bfwl9RaFt8Hcs87Bt+5/MN7XndIKDtH0zBjLz8+kEDYf2PCPMT2Yqc3QJt1D85BI8lqIR/T8r60YldemM8b+08NemZURk1i/TmJs55qIjApUzkCLSPpKy4nNfZSHuS0vESkon6la8RAycE6D0Fcze4XMrLtis0kFogh+aiVVMKOdLo12OSnfn72NnkZQknX0sSXW1F1/vpo7h4p6+HKigAZhrF9RC0xP6Zx3WmBuLYhiF5E5/9ph3IYcAZ5VzSh26yon2EvvaKLHrTMkHWrcMbTngwA2teVxr5FP4BTJ+Btm/0cq2yAmMuNxBmdm6IQsS/1nxGwqviIaF20OLnhu9V6+KYh+oLHK4GsKhHo/6m5nGq+K39/ljKL3aBBcgIKy5En84lKuQ0EC7d4JWOxLGdkXpqKOa3LaGDSv8OZQ8ElQOils8o49EkjHZXIR0gKRzheY9JB0PxvIUoWOMtfv4jFfvHZxCZpI4Q7Py4H2RIDhk5PpDrk1K6qmPhRKfvHcZBhxfewE6M6vubPpoTbcf/Z+hAKVtJnfs7ITPkuhE/LkwOEh5c8hdBGMi216S0j21TTOXHlCLAhqY0YFArgnzmKjJmg8e3Mq80B38zEIoOZ52e6mqBz15wfI8wUNXfsphCmVIVIXxNE8U1vjYLkv0IVZ7ipxPgAS9q9cAd+PFjkEutHHz9JKROBH4ZtvWvuBx8ovaQgKUHZomgEJGfQnJcK3iaM7b7jVWRtGb4/GPbUPHA8caQE/mWiHuCRNLN7EF6/qj6PsyZsM+J7xQScYGX7xftCHbwLCT7sQrkbfBRt52hS2wwSrzdBSAei9WYpShPx5BnPnxfcCIG3A6G1cQacMHp/b6gFganpsnN0kn9/PrLmVhAAe3Sirurd7UQTpjo47NdQyKvSQjHMSsM+/42n3p7PNt9RJS8KCNwDP1lIYij6pjR9gFFadEgOuDBKKwApBCXYJsWOGvef4V7kI6pXl7rvvgrg/jXnsS4ZadaKnCQj0g6/p+WIx0dHCkUdTSKwNzlGvit2/K2YcimxjKGVeuWZRJSAH2MXqMb5K0ZbejOITH2dJ5nwCm4X1KgNOr9CWg2slIIGGgOJqyPPfvNtxdJcA4Z2NQWso7u+2A7fVFTdzIi8Se3b/JNe4QZ62mX3ujRelSwBW++tHGw/FNNQq7MRZDiJox9Fnl1cmbi0WP8g9mQDjrhl0VmygbMUW1H4PsWWmdKPavPyhXnIvDjRQ9FiJKuq+fkUxUQEWIX8Hv00HMA3pfkh0+B9TNCCnLusL1qSepcIYuYzJkL9yV8O1iOdbSgOpwBB+HWOOewomH5lxkKBJsfTu/Gcy505rDHm1N3Wfq/PpoGC9cL0knusoov6iWR7jVTE9mXIc9pk//tHj4wGZP/PtJYgCB16oztOX4kaw6lWKETwwvqYPxHdUYMeQH/CwU9Jcor3u6Y8aS+XRlqi+Z9QIFZGcXxPHzITBZtVeYD62dQB3rNehfBjxWjaZbbBou/VJkkMYm10Bf4/bdrqx0A2w28A6ZaKzH4gZbEcROW1V/aVMSfGaqXMY2Nph+oWE5HsISUUHfPAyVbUphJmMdKjNRawBKJ1YM6e+tHRP9TawGyV75MV2e+qT6lekkVBQwow56/027L4ZjpD+caU1c4IqbpSzD3NK+wop85BRVZvjJbTW1t6GggkLbsCYh6VY2trgxYDBITFqje1CkzxdKhujnFoXkAAHOMngxAuNzf1UaHVLZAVUAVfgF6p6sihCeZlaNOL51N5zlvwYuA+bi5/dJw9mYfecpMgb0lcwiROielLZIivHdoOPc/V2pNBHEiqbGEsF7DKtUbA/bPSlsJVD/r5fkeNTH2bAN12oMz/qgr0fEmCrXvzo/kxnzIcEuKYKDe+jqZpymfLpw/vDla+wSsB4Ql74oXk8wDC91GA5/u0XiB0eCGLbNH+M85W3T8S83E6UC3TjrB8bE/uvTrW9+P6Tl6O4vFG/onGD/0rDSpZuuCIQlwB4CnlDNuf/UXrXn6tlcd4u2SvMBIIJ9lBv5MD/UsC7IF1lSp3FM+T36oVVqs2Xd6xcrSm5fdTe/MxT7n6iBBGbKImxl28KJWvF799Cmi+2JC8aQ6LZuSW7Sks6JruOD0XrWWCW9iiFzlX/e+KR3ZZxcVnhBrd77rU5INuCohinvacV57p064MXQW/o/WVt8vlZg8/yUr/mp7Deq2B+uFONHalUBwwU+PLMsn1vEJ9tCNA8yWppuow07sB7vPVm1I4z2mWTw1nWkjuzmPf9RHPhb+HChHW3QN0JgHXmwOhkkRPcOjilgivQbGc+IbQfMMTv18SRCfAMEs3BLFFWg1/lDJ0yBaO81iZFzrplSHcI6+tlLZ8ZtY+kWIy09bNfTtoTbQiopsvDBGvGpFC6wkeJ+hcRWkyXOe11+PIc5EH3LguQ5u8CGuf0aA6Im7EwYZ4sD5WjYM61c8cGAxOYYq/WF/qbnzKLpscMQESXpmNQWRRwSntpUzFWnXKXRbqh8c3L8tNZyOzChFkXt/+lGL3ExOgS5Ch9j4l7KxtHSm7+GnhvzlU0fW2aAsSJJ+v7hsE1mxyvEwo8AmfRHOY0Szn5nUPMOGDqf2GjU1JNHJh/bs7JLwhtVlq2h4cMsSaJ/x4xx0RI+VAtVAyn1asJ6onoOIn6S80LJ/fuxXUvT6B7GxkWDzuhDObbSFnYJcS6L70SgDp7toIvZeCnqTtrcd9bBcga6NplRdIYHbjZg/fcs3XvWGbUfGexvzHIz4Ve90N7cmVqSblnFatoeKeeePB85WgMXWZzBRtJNb2Jf+qCS3fcIIrE+ULqK1KozvBuldBmWkBz2cQZYfZo/baEZKtAcKsresa9PN9QsR+Tmad/f+q+ghPsveJkYWw/YTWS/IZwPa1mxAdHzJ0BLLGhO4FIMJxt5+wl1pRdZXFGudWZS4/rERFcpWB1O+KhL8bebK8stIlWXbk2FWuVFOG7XoMDfg+i1GkxdpTRWxbFSPwg7JhpHtaDgjCoW3YukvpPG8HaQPCC45pmVTrJ+dY/ViRCK7wKvNYafsaAJIB6Te8BYE7TjhROQsjsgsmXmMzzphC+hw54M4x/cTNIvTTIID70A381AnVx107l4PuSp6izOgd4M0GlSSFEzFS8xAqURzaTYGQ3eKiRqiI0pJiJahk+0Iiito/K6CeI9Qag8yh0Mr6zHbJpEqNb61A1y/z18lUnMC32VDebzdgAuC0wadYjufpDQzd1q3CJvGr4I6ui4a9wsjbSUcrbDIZ0ModSKhs7De3qvlLRB7z6Cdi8uXNqgoz6f6yNsXv3p2osQq2WFAkBjPcZLnhwIbHoPq1FcsVbSIYH3LB5NllmxUN2MsXDPky3IWyOXRSlAckm2EwizdYA72OBw21chxC7aL/R6Tv3HiO5zuMcv3407DedlPuBTT13WtlUWV0TFLqIRpWePoL3TiaP1koUwGtYnCa5R64rz2v6AUnvC+FO1NgPRIoBxDscbYJn9fNeePMNz1j3vGWiUU0MjArI0fa5k3SBjuiPXlJPtc3LSO4s3NaOzF416Xb3fsZyBeMecsFwIaspAtoP84G0+erqCbaRdhn26mpOtUZO/dtY/UWx6+/NwaAdCLR5hjnlyZJbWlSwdDOk8Yxhcm+LsTHAEspULrJKisByAGgqoHbKz5LMRnyU7XLaW5lhOV2s8aIksVdVkWnk6isZpgKiE8vRHyyILQQ+ID/juMQiEHcK0pagGtBEnULuN+ZfpNQmPfw9LfkjoBeaSJZtMM6E4lFa/D3Mwbd5B3kuvMYOYt+vB6D3j+sw4w1ilYU84YnhJ3YK1s9/rhZOEiogjVRCZbuvjUQqxRYqquGDamSquekSdp7zOT85VoGBX1vjnDFAuRVBDBISh6O5fjf9IjCdRVLSCOHn4rP6IQJFfPFRSEV1JIIPplpPjTXraTCFfAAyrMCkot5CIjPu2ol2EsQlp0irNnl52Yczw4ofocLn3GzAfbLWCprnp2qqSb0Pdz6AX6VjdYx7IYfuCnpOJQNJXzaGyTUYIrBU04RPFyTB502cj4Rj6jfsHa8gSlEoiswSkYmDv3TwC07roHGwWUvf7u8YgRAfLLEWRPOir9/CBF4ZkZFSkj82ehdnwRzO2uz7cFbPHeBC+UILqzlnk8DDkL3nS0u9/xaoOuCamnUXKW7vW91IOvHsQBp/oPXbi3WnrbGxWWJAdfPY7ylIRfOU3hLQUeYpQPmlFCGxVJvOKx3lstHTvYzPhdOT0/L4v21+9rF1Q/g3PFc/ROHziYNdiby8YGLO02yC34O4+uhZzUUOwzVDiYbf76EMV/6pvMUhoJWbLYC790sZDcpxLRAywAH1eFaI9iQW8K5O1R7IXY2zotxWuLHmMGWwmLuuLuZiuGmiIiezZXzFbPbkatH6xxRSpjJDH/z8yPx8MGMW51YF1ZECpaJoRQDTuZHy4/PIi5MiVUcDWvJa9m4EVB/1xUdUqPce5UC5tIcoRz4xT3KaxTCLBpODYJkOK/rRJdeg2ljQHcY1gS3fZNmcmurng8eX180gTse3UPczzhdSkSdw4GgAgDL28pKDQOKEZQvgQKjAYrdCu8AnOAdizvTrmGYPTE36oGor5FPVAgvJmgwuYKvjiEV91D/vse1iDGy5qIdtnLhSBgmvOt0mzSCgp82KlBETHOhfRBAAmSI+g47S65j0ZoU7SrUPaxAwzh2HQq86OQSa0PnPgDG9yGODbtRU2UyRmUlbqIXZuLgZ/JrbbFfVTJyu5wDqbGrjLxPoewJ9hRTTWTny5okrGZIhVFlpQYiDNtw1Y+O426lC/vWjxoBZpt7F1iQRS/HpGqwrnaVo1qvrJXDVVka4rfEhx22/eo0HWoi0JiIXlgNZZPCOo6pXXY9fLXyl2G4ZbtZyhrHVcWQB3K6b2XN4vUqiXwy9KilmVryPAYbM9Fxa7hYwJun9b+AXw48Gpb5vwSVCSzcc4nCOe/RJFpHldkoayyUPJV3WHEPZTMxnDQ9Y9Jrj+hW5ZiPlQw2grWxispPmUfLTrCZZ44tZulhXuDz+PzESXzvFvGoMgb2Qh37VkHMIsJgMRc7cNKcjUOpdQL8nWF9LGsHtjPg8VW1zr4SyaPXvmtUeTXjeOnUMLcibHmJtQ1BYZ5mZMuXbM689gF8xDUs8mbnrsZ931Bwd7gGM8NNP1BkWFAA+lFoSFuQjzVo75BcX1laD/nqd6K5bS4/s7WnyaotV7u+8wudLdfv9Y4Hq8pZX/bE3P7uleAAe+pLDSx84yJ+cC2BbqVgypf8H8xGKnfA16frYXrbHv+QrAvAcqZzuo79//bqTxHUNQ4E21gPoWKOlxEDDjsy63cHSlCEU4u3dR0DQmM7R8NhsDR8XhOR/8EEIwdkEnfazZYqmSQ707xrB5Nv9kKwEJ++ai9FSX0hkQTvRbhdJ7hhFGacwoy4iZR9SYveIe3KvjYuYVcfAUqNBRv0g/7ZYvqS59p4Ngl6+wW6MPOK1JqHNtVnu3C15+Sa69E+4TqTUS89Q/uUdfOsw4uf0YwNnWNqbnpq2mcEc74uM29RS98XKbdnaep76GazAqJdYVUts7IWYxF058OB1u3qOcU6IXgH6r1Z1SEGFJcVgJXvpW9tS2wtThN+/Bb+p1HLXribf5LhRzsqRseulQmMYDaMrYww7mX0FDuXUI+uvZqbbn1ezGAyQKHVnnekktp2Ep7N1UlIN5gCcfknwgOpMIaKt4tL1giDDCnywVvxMCYrTA2mdCmsHfXHMO/TIiFIL0zlVTzAD7+GygCw1DVTP5Hv1C+YvlJDT1R2mOV79JOgJGcx9DynD8/pIxv/1Q77L1DNSbYmte6SHawsiwsooDGgoYvNCyFkfHa9RcOB7/ZzK+n19hngYVdsbF9fON2WBYHbrpxY8ufuggrtlNI93jbDlleK5mt/shvh3LlYuK+1PiDgpN4RODiXVMpmVHjq8cz3ofzDqJHazmbSVdQnIj3fQGRr6L/XLexT9bY59ZaqrEZPKXvfUsjHJTDsVOJpfYxHp2v97tnsQPpiA70v/Y3rK7FmuE0waQc/ugcXCzVGscntOd1lVLXKeB7JQMd8VZhgV4MKCFompJjW9ffMilqn8OIR6QUqEVSGNCc2n8B6L/CtQmP8eHZ8U+0aiEPrabJA/7w+3tKHdHZrGCgNhgAt6AAlzEUHYH8j4CE03xudUIAaz7htA1g3+U2KlsTL9F93A9KDKrZrSCZJRMbE4nv+70oYVQC6zHywILPZTH9aL79U8v1yZKGIi9GT+SGVrEBtYf9WjrouotLEtvXp2sbnIuTK3jH3p7lEqcolb5rnL76bi88TMzkRclrnyyB4neK1Y7hhJ9RPfceMu/DiW7igmDHO7gFR64idbpJcjd5TIdTy0AiajehpYbQs2Ctde5z+rrGeUc2EyCIKo+eDPuXRuzPfOkYQuSenUH41KPiGs5GlSJsDTzyTEr0jlJWIKEwYM4st0/dyOn7zQdu7yp8crDON9UPCCad/AdLWBVQVHpPfTqi7XHJ3SJHpi3wYnNusLrd6p42Ei0r6GQavLAFzEpFS+vJlvbCt8UqwyHqkwr6Zmwvgoypn6zFd+D/pDtPO8FSdtkUW5vK8r6+3kmOAo2AQerp8Rez40KjYZrQ3iROmEOER1ZtTXvtrcKZSWqzV0JgCaNfI1yxQb4Nmc0QrjqMThAgkWmApNpdAaxeatMwc07w15BmMcTyOQQmsu3XkfzqjZeuJMrrsruk7/mcdD3MrHMr4x4bYUNNZnuPrZYgED5rVJHrUhnR2gd1Q84Lfxsl4KeA/eoU7JB3T2uqfoNEFi1Ii4lAIDm1hMb8bDCIcFh9nEb2YLh4q2XILHEdZ+ZxY+kDI2KJ93byLCX7ijr8FzLyuEtOldvaR65aCFJklLJGSayW8mT9Eu+coKNLBo+EtvYkmuPX38nKoZ/zIVHsmJmL5MYTp6KrJxQWkKuFmBxDTTRt9eDGLzuJboNpeHP60/qEyvDzTw+Jv9Lc9U/BdddnrsPlBoTzukpL9faD0M0bx8tsxAe7LwymR8cYpzDPcYcufQ0qU/og783+YYJr3GwbDwYcVjJDBhV13Ci0ilYoR77BuItvYAu95bLHSkynpC2vhpTGK0CoHoUoJ7jmTSiCFVn87ccWQJzIurha5nTyYAowB6AFaMGnzgXQgWwfuEvxNweY8caVMvrrGoaymdIflBPzOz7fQ7JXAEWAtw21faCxgiWeCe7MaeDTilCLyJwvkZ7RWIhcNWAIRNSYkJBcebNXMiYJxFcGzmtRTTE/PN183MFt53b+w7WJLBFy0wVhEndvBvY/TOqMlRV9MvTaVK3nSruBuBWtH7OyY9gtbGknFLz/h9Kb1e6fCP+UKec4uOU7lo6ZAWwFlwd4LhT0U1NZ1YL8QWkQs+6odxRlGpy0rxTHismGYeOXI9I01WU3BT0BQPCGcPGIzivCi214NwBBIPqhGxq29+wPPx+QLHROQlvS3WaMH9YXzGMOTmcENThVVuWTZXE1hF02+7aTH3KwjLHtlU8ePOP/ZGL5vOYZiYY4SZNQETu8mxCoeNNdpwdA3GlaVZ64jbe35iRpwIk/wWYfoESSUM0qV1WLno1GEwwSUUnu2Y/hJJYPgDwrRNQ6AN/K72qCucfPgL6yM9vZ333wJ2CuqeCiy+IGIAPFHMMARoKQQzDk3ufz3NELAeWAvxlxsE1MrSl2IYi8SdYeVChXPUinThxlWxxhCQkFaCoNVVjtctzLm8BjmGPFzwNpaGeWD083hHP6/d/tU+oUUia1EEa/Fug5vBMHlEefK7d8KlvHQd7rca0A4yKL8euZ0fyoZEI9HBvpMURCOs40Ue0p4Puawq8hHLboSmAd9Zk8QZhZ//XfBKfBDfsWTDQl9ccaP515kgOPEGUiT3K7nR2QKm0TA3tHx9VCYdVpxzMKW5Q6vdSg1/L7HzXqOtxB9CIEmhIlF5YbUpdKN6HF6Ud1Wb3H8QF9Hv3VCaGcY+VmOt2ZnS+VuzsBX4BE9fy9zyHKJtbDT7gZeCkgXHt9Kny2ZBjBV7ESyrjB4IbQToE3RKZVst+NX4Ozzcb6owiMHTrqFFTjodX7NVEdZ+Y/plUtt0C0irptIwwheZ5lpmR6XL/Hie8BhLyO7RXfo2vKKNhZs5gjQ96pGTDNRjIqEZfcdM7GIqWZXV6eHaZJ2X2J5IaBF6Rlo6T4oY3lehQNNrPyrzQaIbUkywRDfzke1zERoTzB1N0NsWk0ZcIkBIDYlV6FkvJ0R65IW+PazKv6sODKe1ltqRjX8BB9U1J0yUloO6qzML/5XEBx/Z8bkCgzDGIeiqtYahfAg0+VRBaPzfceGr3P2PttOuQQR918oGXb+O13uZJDmYMAXNcuFtb5lqUxbTaWa7vRrrIa0i67IqEPAwNBfG2WT4zdffCsphSxDcFNElrEYGWSFKwaF5ACP1PEz1WgpjueIMEVHvqXEhWzlaVYqhUbEmNjqkJD0nWTIKNWIwVppO6jVdnavZTtf0WQcB5TZNRj4nY9iF+Vj8Zs3SKADwpIcZfQqC43e0n4Cvh8iXsGW/76zbDl0P1986MRqU3gYrJrgMYfvJdQi3mZJnHvfKf93FMQ8AWCrISElLncQasIZ2VF+EIF5qKgCP74UWBg38ug0vOvINlpIBkattzI8OkEHbr8ar0Ecw+1+KtueCDKh5hf39EnwFZ8b1PsG7Y+wxWOWXxAv+dHyDzd/JEGQZF2A8Etrz2YYu8rJf4d4omu0k7SkeDsZwhwOlvVZ/Mu0DaoQ7pDwkT4mo+GxwjCXw4U2OLfdW7xOd8+1RbtfFBO9j2tOSLmbN+1hkPD/rLPrG+MuhsWoZuPIxEoRNyrCvAXShrWtfduOdst0klBDqx/medMWcuD0tDtX/FUPadwPpzGFX7xjJxjzWGT2DYxu+oAk+CWiULowz1XN/15Dg2wguNFUqpxau917fah+KEN/4Y2R4y7/xcTpfwNpIE3BKCPyCLV6gxot2jJy6/uUfl6BkeCtaOIWrWE5E3o55WYoBMGgqUHAzdfYC1BZmS6Gbf8m6tCxydHRjpx0IlrIvbaNVPgT2sBi0+myPOefzEdMXYpDQ4PGcpz8XcU2Zd6Iv+AATaTMXS8OIp069Z0bhOv4O711mWAyOI9M0ZMNC3ACAJwFdxH2/54FonyMlQcBBBWCsacggROjlkG5UaAEn/5KeIVjw18DV8mw3ke/vp5WXZU56KyRk9Sse5sE0d2nvVwcS/N0bkFPwkAOjSB+ndi6f/XyO81o4UJ4vvyYpAINzIiE7ePPc+9/rdswXMcG6MYsrDDLwgeIG9QYY+n6vWqPdgbaU7DpgutKiA9ju3IY/5Hat1c9zkXQNhuXIcYowURduJpiaQ8nP66QCnCAlOMKBcuVm48T85zIoV/O+Mn1m7YzJ0Esp64d9JwtIeNxDwZrv0x9O7gnue0eDTB+kscOHWKn9Iy8P6aevyEVqQNV7xG4qWG03ZBwtbHe8rJOPk1zGeKMaO1NsDAqyyUqOiebiLjaTCaw8TnhjrCoGj3hmddRu/qN3Hm5oq7iaE610fs8Ykjk9/E8bcAR4jFA3TaiYUjkKmVB2ef0Lhv0rOaho1+/CIVE0bho8pHJlhqa+2Gm0fHJJQ50jpfPCjbF+YNqGGkg5OaET4tkD4FR7smv7Gpz2zXx62Sr9N+Q8DWIwxkNZDZjlTlZ4CwiCTfGXjqKAmiDGfWSQD/tpjEyCX21fIxD7BFHIaTRbcxn2RWBXIZ6ZSYDZkX4it2sGGSf6BBQ9CWzMVJY+al6/pfP44obBVlSDQmiEPnLDAOl9UYj8ou0ERZ4JykNRR1pixLyK3lMbM6M2K8BzgBnPHIOMaSU8xt3MOWduLqFpOU0giUgedRs4kDpD9/EU7UUAtOrHCD/e/s4c8pxjUo1WNEb5csGAQDbtyTGmCuiJNT93/VPeSicIsmtvXacq0zlBGdr0CPkBAAD//5VYk3s="
+
+// Set accessor to a real function.
+func init() {
+	compressedBytePointsFn = func() string {
+		return compressedBytePoints
+	}
+}
diff --git a/vendor/github.com/decred/dcrd/dcrec/secp256k1/v4/curve.go b/vendor/github.com/decred/dcrd/dcrec/secp256k1/v4/curve.go
new file mode 100644
index 000000000..c9d47f307
--- /dev/null
+++ b/vendor/github.com/decred/dcrd/dcrec/secp256k1/v4/curve.go
@@ -0,0 +1,1272 @@
+// Copyright (c) 2015-2022 The Decred developers
+// Copyright 2013-2014 The btcsuite developers
+// Use of this source code is governed by an ISC
+// license that can be found in the LICENSE file.
+
+package secp256k1
+
+import (
+	"encoding/hex"
+	"math/bits"
+)
+
+// References:
+//   [SECG]: Recommended Elliptic Curve Domain Parameters
+//     https://www.secg.org/sec2-v2.pdf
+//
+//   [GECC]: Guide to Elliptic Curve Cryptography (Hankerson, Menezes, Vanstone)
+//
+//   [BRID]: On Binary Representations of Integers with Digits -1, 0, 1
+//           (Prodinger, Helmut)
+//
+//   [STWS]: Secure-TWS: Authenticating Node to Multi-user Communication in
+//           Shared Sensor Networks (Oliveira, Leonardo B. et al)
+
+// All group operations are performed using Jacobian coordinates.  For a given
+// (x, y) position on the curve, the Jacobian coordinates are (x1, y1, z1)
+// where x = x1/z1^2 and y = y1/z1^3.
+
+// hexToFieldVal converts the passed hex string into a FieldVal and will panic
+// if there is an error.  This is only provided for the hard-coded constants so
+// errors in the source code can be detected. It will only (and must only) be
+// called with hard-coded values.
+func hexToFieldVal(s string) *FieldVal {
+	b, err := hex.DecodeString(s)
+	if err != nil {
+		panic("invalid hex in source file: " + s)
+	}
+	var f FieldVal
+	if overflow := f.SetByteSlice(b); overflow {
+		panic("hex in source file overflows mod P: " + s)
+	}
+	return &f
+}
+
+// hexToModNScalar converts the passed hex string into a ModNScalar and will
+// panic if there is an error.  This is only provided for the hard-coded
+// constants so errors in the source code can be detected. It will only (and
+// must only) be called with hard-coded values.
+func hexToModNScalar(s string) *ModNScalar {
+	var isNegative bool
+	if len(s) > 0 && s[0] == '-' {
+		isNegative = true
+		s = s[1:]
+	}
+	if len(s)%2 != 0 {
+		s = "0" + s
+	}
+	b, err := hex.DecodeString(s)
+	if err != nil {
+		panic("invalid hex in source file: " + s)
+	}
+	var scalar ModNScalar
+	if overflow := scalar.SetByteSlice(b); overflow {
+		panic("hex in source file overflows mod N scalar: " + s)
+	}
+	if isNegative {
+		scalar.Negate()
+	}
+	return &scalar
+}
+
+var (
+	// The following constants are used to accelerate scalar point
+	// multiplication through the use of the endomorphism:
+	//
+	// φ(Q) ⟼ λ*Q = (β*Q.x mod p, Q.y)
+	//
+	// See the code in the deriveEndomorphismParams function in genprecomps.go
+	// for details on their derivation.
+	//
+	// Additionally, see the scalar multiplication function in this file for
+	// details on how they are used.
+	endoNegLambda = hexToModNScalar("-5363ad4cc05c30e0a5261c028812645a122e22ea20816678df02967c1b23bd72")
+	endoBeta      = hexToFieldVal("7ae96a2b657c07106e64479eac3434e99cf0497512f58995c1396c28719501ee")
+	endoNegB1     = hexToModNScalar("e4437ed6010e88286f547fa90abfe4c3")
+	endoNegB2     = hexToModNScalar("-3086d221a7d46bcde86c90e49284eb15")
+	endoZ1        = hexToModNScalar("3086d221a7d46bcde86c90e49284eb153daa8a1471e8ca7f")
+	endoZ2        = hexToModNScalar("e4437ed6010e88286f547fa90abfe4c4221208ac9df506c6")
+
+	// Alternatively, the following parameters are valid as well, however,
+	// benchmarks show them to be about 2% slower in practice.
+	// endoNegLambda = hexToModNScalar("-ac9c52b33fa3cf1f5ad9e3fd77ed9ba4a880b9fc8ec739c2e0cfc810b51283ce")
+	// endoBeta      = hexToFieldVal("851695d49a83f8ef919bb86153cbcb16630fb68aed0a766a3ec693d68e6afa40")
+	// endoNegB1     = hexToModNScalar("3086d221a7d46bcde86c90e49284eb15")
+	// endoNegB2     = hexToModNScalar("-114ca50f7a8e2f3f657c1108d9d44cfd8")
+	// endoZ1        = hexToModNScalar("114ca50f7a8e2f3f657c1108d9d44cfd95fbc92c10fddd145")
+	// endoZ2        = hexToModNScalar("3086d221a7d46bcde86c90e49284eb153daa8a1471e8ca7f")
+)
+
+// JacobianPoint is an element of the group formed by the secp256k1 curve in
+// Jacobian projective coordinates and thus represents a point on the curve.
+type JacobianPoint struct {
+	// The X coordinate in Jacobian projective coordinates.  The affine point is
+	// X/z^2.
+	X FieldVal
+
+	// The Y coordinate in Jacobian projective coordinates.  The affine point is
+	// Y/z^3.
+	Y FieldVal
+
+	// The Z coordinate in Jacobian projective coordinates.
+	Z FieldVal
+}
+
+// MakeJacobianPoint returns a Jacobian point with the provided X, Y, and Z
+// coordinates.
+func MakeJacobianPoint(x, y, z *FieldVal) JacobianPoint {
+	var p JacobianPoint
+	p.X.Set(x)
+	p.Y.Set(y)
+	p.Z.Set(z)
+	return p
+}
+
+// Set sets the Jacobian point to the provided point.
+func (p *JacobianPoint) Set(other *JacobianPoint) {
+	p.X.Set(&other.X)
+	p.Y.Set(&other.Y)
+	p.Z.Set(&other.Z)
+}
+
+// ToAffine reduces the Z value of the existing point to 1 effectively
+// making it an affine coordinate in constant time.  The point will be
+// normalized.
+func (p *JacobianPoint) ToAffine() {
+	// Inversions are expensive and both point addition and point doubling
+	// are faster when working with points that have a z value of one.  So,
+	// if the point needs to be converted to affine, go ahead and normalize
+	// the point itself at the same time as the calculation is the same.
+	var zInv, tempZ FieldVal
+	zInv.Set(&p.Z).Inverse()  // zInv = Z^-1
+	tempZ.SquareVal(&zInv)    // tempZ = Z^-2
+	p.X.Mul(&tempZ)           // X = X/Z^2 (mag: 1)
+	p.Y.Mul(tempZ.Mul(&zInv)) // Y = Y/Z^3 (mag: 1)
+	p.Z.SetInt(1)             // Z = 1 (mag: 1)
+
+	// Normalize the x and y values.
+	p.X.Normalize()
+	p.Y.Normalize()
+}
+
+// addZ1AndZ2EqualsOne adds two Jacobian points that are already known to have
+// z values of 1 and stores the result in the provided result param.  That is to
+// say result = p1 + p2.  It performs faster addition than the generic add
+// routine since less arithmetic is needed due to the ability to avoid the z
+// value multiplications.
+//
+// NOTE: The points must be normalized for this function to return the correct
+// result.  The resulting point will be normalized.
+func addZ1AndZ2EqualsOne(p1, p2, result *JacobianPoint) {
+	// To compute the point addition efficiently, this implementation splits
+	// the equation into intermediate elements which are used to minimize
+	// the number of field multiplications using the method shown at:
+	// https://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-0.html#addition-mmadd-2007-bl
+	//
+	// In particular it performs the calculations using the following:
+	// H = X2-X1, HH = H^2, I = 4*HH, J = H*I, r = 2*(Y2-Y1), V = X1*I
+	// X3 = r^2-J-2*V, Y3 = r*(V-X3)-2*Y1*J, Z3 = 2*H
+	//
+	// This results in a cost of 4 field multiplications, 2 field squarings,
+	// 6 field additions, and 5 integer multiplications.
+	x1, y1 := &p1.X, &p1.Y
+	x2, y2 := &p2.X, &p2.Y
+	x3, y3, z3 := &result.X, &result.Y, &result.Z
+
+	// When the x coordinates are the same for two points on the curve, the
+	// y coordinates either must be the same, in which case it is point
+	// doubling, or they are opposite and the result is the point at
+	// infinity per the group law for elliptic curve cryptography.
+	if x1.Equals(x2) {
+		if y1.Equals(y2) {
+			// Since x1 == x2 and y1 == y2, point doubling must be
+			// done, otherwise the addition would end up dividing
+			// by zero.
+			DoubleNonConst(p1, result)
+			return
+		}
+
+		// Since x1 == x2 and y1 == -y2, the sum is the point at
+		// infinity per the group law.
+		x3.SetInt(0)
+		y3.SetInt(0)
+		z3.SetInt(0)
+		return
+	}
+
+	// Calculate X3, Y3, and Z3 according to the intermediate elements
+	// breakdown above.
+	var h, i, j, r, v FieldVal
+	var negJ, neg2V, negX3 FieldVal
+	h.Set(x1).Negate(1).Add(x2)                // H = X2-X1 (mag: 3)
+	i.SquareVal(&h).MulInt(4)                  // I = 4*H^2 (mag: 4)
+	j.Mul2(&h, &i)                             // J = H*I (mag: 1)
+	r.Set(y1).Negate(1).Add(y2).MulInt(2)      // r = 2*(Y2-Y1) (mag: 6)
+	v.Mul2(x1, &i)                             // V = X1*I (mag: 1)
+	negJ.Set(&j).Negate(1)                     // negJ = -J (mag: 2)
+	neg2V.Set(&v).MulInt(2).Negate(2)          // neg2V = -(2*V) (mag: 3)
+	x3.Set(&r).Square().Add(&negJ).Add(&neg2V) // X3 = r^2-J-2*V (mag: 6)
+	negX3.Set(x3).Negate(6)                    // negX3 = -X3 (mag: 7)
+	j.Mul(y1).MulInt(2).Negate(2)              // J = -(2*Y1*J) (mag: 3)
+	y3.Set(&v).Add(&negX3).Mul(&r).Add(&j)     // Y3 = r*(V-X3)-2*Y1*J (mag: 4)
+	z3.Set(&h).MulInt(2)                       // Z3 = 2*H (mag: 6)
+
+	// Normalize the resulting field values as needed.
+	x3.Normalize()
+	y3.Normalize()
+	z3.Normalize()
+}
+
+// addZ1EqualsZ2 adds two Jacobian points that are already known to have the
+// same z value and stores the result in the provided result param.  That is to
+// say result = p1 + p2.  It performs faster addition than the generic add
+// routine since less arithmetic is needed due to the known equivalence.
+//
+// NOTE: The points must be normalized for this function to return the correct
+// result.  The resulting point will be normalized.
+func addZ1EqualsZ2(p1, p2, result *JacobianPoint) {
+	// To compute the point addition efficiently, this implementation splits
+	// the equation into intermediate elements which are used to minimize
+	// the number of field multiplications using a slightly modified version
+	// of the method shown at:
+	// https://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-0.html#addition-zadd-2007-m
+	//
+	// In particular it performs the calculations using the following:
+	// A = X2-X1, B = A^2, C=Y2-Y1, D = C^2, E = X1*B, F = X2*B
+	// X3 = D-E-F, Y3 = C*(E-X3)-Y1*(F-E), Z3 = Z1*A
+	//
+	// This results in a cost of 5 field multiplications, 2 field squarings,
+	// 9 field additions, and 0 integer multiplications.
+	x1, y1, z1 := &p1.X, &p1.Y, &p1.Z
+	x2, y2 := &p2.X, &p2.Y
+	x3, y3, z3 := &result.X, &result.Y, &result.Z
+
+	// When the x coordinates are the same for two points on the curve, the
+	// y coordinates either must be the same, in which case it is point
+	// doubling, or they are opposite and the result is the point at
+	// infinity per the group law for elliptic curve cryptography.
+	if x1.Equals(x2) {
+		if y1.Equals(y2) {
+			// Since x1 == x2 and y1 == y2, point doubling must be
+			// done, otherwise the addition would end up dividing
+			// by zero.
+			DoubleNonConst(p1, result)
+			return
+		}
+
+		// Since x1 == x2 and y1 == -y2, the sum is the point at
+		// infinity per the group law.
+		x3.SetInt(0)
+		y3.SetInt(0)
+		z3.SetInt(0)
+		return
+	}
+
+	// Calculate X3, Y3, and Z3 according to the intermediate elements
+	// breakdown above.
+	var a, b, c, d, e, f FieldVal
+	var negX1, negY1, negE, negX3 FieldVal
+	negX1.Set(x1).Negate(1)                // negX1 = -X1 (mag: 2)
+	negY1.Set(y1).Negate(1)                // negY1 = -Y1 (mag: 2)
+	a.Set(&negX1).Add(x2)                  // A = X2-X1 (mag: 3)
+	b.SquareVal(&a)                        // B = A^2 (mag: 1)
+	c.Set(&negY1).Add(y2)                  // C = Y2-Y1 (mag: 3)
+	d.SquareVal(&c)                        // D = C^2 (mag: 1)
+	e.Mul2(x1, &b)                         // E = X1*B (mag: 1)
+	negE.Set(&e).Negate(1)                 // negE = -E (mag: 2)
+	f.Mul2(x2, &b)                         // F = X2*B (mag: 1)
+	x3.Add2(&e, &f).Negate(2).Add(&d)      // X3 = D-E-F (mag: 4)
+	negX3.Set(x3).Negate(4)                // negX3 = -X3 (mag: 5)
+	y3.Set(y1).Mul(f.Add(&negE)).Negate(1) // Y3 = -(Y1*(F-E)) (mag: 2)
+	y3.Add(e.Add(&negX3).Mul(&c))          // Y3 = C*(E-X3)+Y3 (mag: 3)
+	z3.Mul2(z1, &a)                        // Z3 = Z1*A (mag: 1)
+
+	// Normalize the resulting field values as needed.
+	x3.Normalize()
+	y3.Normalize()
+	z3.Normalize()
+}
+
+// addZ2EqualsOne adds two Jacobian points when the second point is already
+// known to have a z value of 1 (and the z value for the first point is not 1)
+// and stores the result in the provided result param.  That is to say result =
+// p1 + p2.  It performs faster addition than the generic add routine since
+// less arithmetic is needed due to the ability to avoid multiplications by the
+// second point's z value.
+//
+// NOTE: The points must be normalized for this function to return the correct
+// result.  The resulting point will be normalized.
+func addZ2EqualsOne(p1, p2, result *JacobianPoint) {
+	// To compute the point addition efficiently, this implementation splits
+	// the equation into intermediate elements which are used to minimize
+	// the number of field multiplications using the method shown at:
+	// https://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-0.html#addition-madd-2007-bl
+	//
+	// In particular it performs the calculations using the following:
+	// Z1Z1 = Z1^2, U2 = X2*Z1Z1, S2 = Y2*Z1*Z1Z1, H = U2-X1, HH = H^2,
+	// I = 4*HH, J = H*I, r = 2*(S2-Y1), V = X1*I
+	// X3 = r^2-J-2*V, Y3 = r*(V-X3)-2*Y1*J, Z3 = (Z1+H)^2-Z1Z1-HH
+	//
+	// This results in a cost of 7 field multiplications, 4 field squarings,
+	// 9 field additions, and 4 integer multiplications.
+	x1, y1, z1 := &p1.X, &p1.Y, &p1.Z
+	x2, y2 := &p2.X, &p2.Y
+	x3, y3, z3 := &result.X, &result.Y, &result.Z
+
+	// When the x coordinates are the same for two points on the curve, the
+	// y coordinates either must be the same, in which case it is point
+	// doubling, or they are opposite and the result is the point at
+	// infinity per the group law for elliptic curve cryptography.  Since
+	// any number of Jacobian coordinates can represent the same affine
+	// point, the x and y values need to be converted to like terms.  Due to
+	// the assumption made for this function that the second point has a z
+	// value of 1 (z2=1), the first point is already "converted".
+	var z1z1, u2, s2 FieldVal
+	z1z1.SquareVal(z1)                        // Z1Z1 = Z1^2 (mag: 1)
+	u2.Set(x2).Mul(&z1z1).Normalize()         // U2 = X2*Z1Z1 (mag: 1)
+	s2.Set(y2).Mul(&z1z1).Mul(z1).Normalize() // S2 = Y2*Z1*Z1Z1 (mag: 1)
+	if x1.Equals(&u2) {
+		if y1.Equals(&s2) {
+			// Since x1 == x2 and y1 == y2, point doubling must be
+			// done, otherwise the addition would end up dividing
+			// by zero.
+			DoubleNonConst(p1, result)
+			return
+		}
+
+		// Since x1 == x2 and y1 == -y2, the sum is the point at
+		// infinity per the group law.
+		x3.SetInt(0)
+		y3.SetInt(0)
+		z3.SetInt(0)
+		return
+	}
+
+	// Calculate X3, Y3, and Z3 according to the intermediate elements
+	// breakdown above.
+	var h, hh, i, j, r, rr, v FieldVal
+	var negX1, negY1, negX3 FieldVal
+	negX1.Set(x1).Negate(1)                // negX1 = -X1 (mag: 2)
+	h.Add2(&u2, &negX1)                    // H = U2-X1 (mag: 3)
+	hh.SquareVal(&h)                       // HH = H^2 (mag: 1)
+	i.Set(&hh).MulInt(4)                   // I = 4 * HH (mag: 4)
+	j.Mul2(&h, &i)                         // J = H*I (mag: 1)
+	negY1.Set(y1).Negate(1)                // negY1 = -Y1 (mag: 2)
+	r.Set(&s2).Add(&negY1).MulInt(2)       // r = 2*(S2-Y1) (mag: 6)
+	rr.SquareVal(&r)                       // rr = r^2 (mag: 1)
+	v.Mul2(x1, &i)                         // V = X1*I (mag: 1)
+	x3.Set(&v).MulInt(2).Add(&j).Negate(3) // X3 = -(J+2*V) (mag: 4)
+	x3.Add(&rr)                            // X3 = r^2+X3 (mag: 5)
+	negX3.Set(x3).Negate(5)                // negX3 = -X3 (mag: 6)
+	y3.Set(y1).Mul(&j).MulInt(2).Negate(2) // Y3 = -(2*Y1*J) (mag: 3)
+	y3.Add(v.Add(&negX3).Mul(&r))          // Y3 = r*(V-X3)+Y3 (mag: 4)
+	z3.Add2(z1, &h).Square()               // Z3 = (Z1+H)^2 (mag: 1)
+	z3.Add(z1z1.Add(&hh).Negate(2))        // Z3 = Z3-(Z1Z1+HH) (mag: 4)
+
+	// Normalize the resulting field values as needed.
+	x3.Normalize()
+	y3.Normalize()
+	z3.Normalize()
+}
+
+// addGeneric adds two Jacobian points without any assumptions about the z
+// values of the two points and stores the result in the provided result param.
+// That is to say result = p1 + p2.  It is the slowest of the add routines due
+// to requiring the most arithmetic.
+//
+// NOTE: The points must be normalized for this function to return the correct
+// result.  The resulting point will be normalized.
+func addGeneric(p1, p2, result *JacobianPoint) {
+	// To compute the point addition efficiently, this implementation splits
+	// the equation into intermediate elements which are used to minimize
+	// the number of field multiplications using the method shown at:
+	// https://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-0.html#addition-add-2007-bl
+	//
+	// In particular it performs the calculations using the following:
+	// Z1Z1 = Z1^2, Z2Z2 = Z2^2, U1 = X1*Z2Z2, U2 = X2*Z1Z1, S1 = Y1*Z2*Z2Z2
+	// S2 = Y2*Z1*Z1Z1, H = U2-U1, I = (2*H)^2, J = H*I, r = 2*(S2-S1)
+	// V = U1*I
+	// X3 = r^2-J-2*V, Y3 = r*(V-X3)-2*S1*J, Z3 = ((Z1+Z2)^2-Z1Z1-Z2Z2)*H
+	//
+	// This results in a cost of 11 field multiplications, 5 field squarings,
+	// 9 field additions, and 4 integer multiplications.
+	x1, y1, z1 := &p1.X, &p1.Y, &p1.Z
+	x2, y2, z2 := &p2.X, &p2.Y, &p2.Z
+	x3, y3, z3 := &result.X, &result.Y, &result.Z
+
+	// When the x coordinates are the same for two points on the curve, the
+	// y coordinates either must be the same, in which case it is point
+	// doubling, or they are opposite and the result is the point at
+	// infinity.  Since any number of Jacobian coordinates can represent the
+	// same affine point, the x and y values need to be converted to like
+	// terms.
+	var z1z1, z2z2, u1, u2, s1, s2 FieldVal
+	z1z1.SquareVal(z1)                        // Z1Z1 = Z1^2 (mag: 1)
+	z2z2.SquareVal(z2)                        // Z2Z2 = Z2^2 (mag: 1)
+	u1.Set(x1).Mul(&z2z2).Normalize()         // U1 = X1*Z2Z2 (mag: 1)
+	u2.Set(x2).Mul(&z1z1).Normalize()         // U2 = X2*Z1Z1 (mag: 1)
+	s1.Set(y1).Mul(&z2z2).Mul(z2).Normalize() // S1 = Y1*Z2*Z2Z2 (mag: 1)
+	s2.Set(y2).Mul(&z1z1).Mul(z1).Normalize() // S2 = Y2*Z1*Z1Z1 (mag: 1)
+	if u1.Equals(&u2) {
+		if s1.Equals(&s2) {
+			// Since x1 == x2 and y1 == y2, point doubling must be
+			// done, otherwise the addition would end up dividing
+			// by zero.
+			DoubleNonConst(p1, result)
+			return
+		}
+
+		// Since x1 == x2 and y1 == -y2, the sum is the point at
+		// infinity per the group law.
+		x3.SetInt(0)
+		y3.SetInt(0)
+		z3.SetInt(0)
+		return
+	}
+
+	// Calculate X3, Y3, and Z3 according to the intermediate elements
+	// breakdown above.
+	var h, i, j, r, rr, v FieldVal
+	var negU1, negS1, negX3 FieldVal
+	negU1.Set(&u1).Negate(1)               // negU1 = -U1 (mag: 2)
+	h.Add2(&u2, &negU1)                    // H = U2-U1 (mag: 3)
+	i.Set(&h).MulInt(2).Square()           // I = (2*H)^2 (mag: 1)
+	j.Mul2(&h, &i)                         // J = H*I (mag: 1)
+	negS1.Set(&s1).Negate(1)               // negS1 = -S1 (mag: 2)
+	r.Set(&s2).Add(&negS1).MulInt(2)       // r = 2*(S2-S1) (mag: 6)
+	rr.SquareVal(&r)                       // rr = r^2 (mag: 1)
+	v.Mul2(&u1, &i)                        // V = U1*I (mag: 1)
+	x3.Set(&v).MulInt(2).Add(&j).Negate(3) // X3 = -(J+2*V) (mag: 4)
+	x3.Add(&rr)                            // X3 = r^2+X3 (mag: 5)
+	negX3.Set(x3).Negate(5)                // negX3 = -X3 (mag: 6)
+	y3.Mul2(&s1, &j).MulInt(2).Negate(2)   // Y3 = -(2*S1*J) (mag: 3)
+	y3.Add(v.Add(&negX3).Mul(&r))          // Y3 = r*(V-X3)+Y3 (mag: 4)
+	z3.Add2(z1, z2).Square()               // Z3 = (Z1+Z2)^2 (mag: 1)
+	z3.Add(z1z1.Add(&z2z2).Negate(2))      // Z3 = Z3-(Z1Z1+Z2Z2) (mag: 4)
+	z3.Mul(&h)                             // Z3 = Z3*H (mag: 1)
+
+	// Normalize the resulting field values as needed.
+	x3.Normalize()
+	y3.Normalize()
+	z3.Normalize()
+}
+
+// AddNonConst adds the passed Jacobian points together and stores the result in
+// the provided result param in *non-constant* time.
+//
+// NOTE: The points must be normalized for this function to return the correct
+// result.  The resulting point will be normalized.
+func AddNonConst(p1, p2, result *JacobianPoint) {
+	// The point at infinity is the identity according to the group law for
+	// elliptic curve cryptography.  Thus, ∞ + P = P and P + ∞ = P.
+	if (p1.X.IsZero() && p1.Y.IsZero()) || p1.Z.IsZero() {
+		result.Set(p2)
+		return
+	}
+	if (p2.X.IsZero() && p2.Y.IsZero()) || p2.Z.IsZero() {
+		result.Set(p1)
+		return
+	}
+
+	// Faster point addition can be achieved when certain assumptions are
+	// met.  For example, when both points have the same z value, arithmetic
+	// on the z values can be avoided.  This section thus checks for these
+	// conditions and calls an appropriate add function which is accelerated
+	// by using those assumptions.
+	isZ1One := p1.Z.IsOne()
+	isZ2One := p2.Z.IsOne()
+	switch {
+	case isZ1One && isZ2One:
+		addZ1AndZ2EqualsOne(p1, p2, result)
+		return
+	case p1.Z.Equals(&p2.Z):
+		addZ1EqualsZ2(p1, p2, result)
+		return
+	case isZ2One:
+		addZ2EqualsOne(p1, p2, result)
+		return
+	}
+
+	// None of the above assumptions are true, so fall back to generic
+	// point addition.
+	addGeneric(p1, p2, result)
+}
+
+// doubleZ1EqualsOne performs point doubling on the passed Jacobian point when
+// the point is already known to have a z value of 1 and stores the result in
+// the provided result param.  That is to say result = 2*p.  It performs faster
+// point doubling than the generic routine since less arithmetic is needed due
+// to the ability to avoid multiplication by the z value.
+//
+// NOTE: The resulting point will be normalized.
+func doubleZ1EqualsOne(p, result *JacobianPoint) {
+	// This function uses the assumptions that z1 is 1, thus the point
+	// doubling formulas reduce to:
+	//
+	// X3 = (3*X1^2)^2 - 8*X1*Y1^2
+	// Y3 = (3*X1^2)*(4*X1*Y1^2 - X3) - 8*Y1^4
+	// Z3 = 2*Y1
+	//
+	// To compute the above efficiently, this implementation splits the
+	// equation into intermediate elements which are used to minimize the
+	// number of field multiplications in favor of field squarings which
+	// are roughly 35% faster than field multiplications with the current
+	// implementation at the time this was written.
+	//
+	// This uses a slightly modified version of the method shown at:
+	// https://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-0.html#doubling-mdbl-2007-bl
+	//
+	// In particular it performs the calculations using the following:
+	// A = X1^2, B = Y1^2, C = B^2, D = 2*((X1+B)^2-A-C)
+	// E = 3*A, F = E^2, X3 = F-2*D, Y3 = E*(D-X3)-8*C
+	// Z3 = 2*Y1
+	//
+	// This results in a cost of 1 field multiplication, 5 field squarings,
+	// 6 field additions, and 5 integer multiplications.
+	x1, y1 := &p.X, &p.Y
+	x3, y3, z3 := &result.X, &result.Y, &result.Z
+	var a, b, c, d, e, f FieldVal
+	z3.Set(y1).MulInt(2)                     // Z3 = 2*Y1 (mag: 2)
+	a.SquareVal(x1)                          // A = X1^2 (mag: 1)
+	b.SquareVal(y1)                          // B = Y1^2 (mag: 1)
+	c.SquareVal(&b)                          // C = B^2 (mag: 1)
+	b.Add(x1).Square()                       // B = (X1+B)^2 (mag: 1)
+	d.Set(&a).Add(&c).Negate(2)              // D = -(A+C) (mag: 3)
+	d.Add(&b).MulInt(2)                      // D = 2*(B+D)(mag: 8)
+	e.Set(&a).MulInt(3)                      // E = 3*A (mag: 3)
+	f.SquareVal(&e)                          // F = E^2 (mag: 1)
+	x3.Set(&d).MulInt(2).Negate(16)          // X3 = -(2*D) (mag: 17)
+	x3.Add(&f)                               // X3 = F+X3 (mag: 18)
+	f.Set(x3).Negate(18).Add(&d).Normalize() // F = D-X3 (mag: 1)
+	y3.Set(&c).MulInt(8).Negate(8)           // Y3 = -(8*C) (mag: 9)
+	y3.Add(f.Mul(&e))                        // Y3 = E*F+Y3 (mag: 10)
+
+	// Normalize the resulting field values as needed.
+	x3.Normalize()
+	y3.Normalize()
+	z3.Normalize()
+}
+
+// doubleGeneric performs point doubling on the passed Jacobian point without
+// any assumptions about the z value and stores the result in the provided
+// result param.  That is to say result = 2*p.  It is the slowest of the point
+// doubling routines due to requiring the most arithmetic.
+//
+// NOTE: The resulting point will be normalized.
+func doubleGeneric(p, result *JacobianPoint) {
+	// Point doubling formula for Jacobian coordinates for the secp256k1
+	// curve:
+	//
+	// X3 = (3*X1^2)^2 - 8*X1*Y1^2
+	// Y3 = (3*X1^2)*(4*X1*Y1^2 - X3) - 8*Y1^4
+	// Z3 = 2*Y1*Z1
+	//
+	// To compute the above efficiently, this implementation splits the
+	// equation into intermediate elements which are used to minimize the
+	// number of field multiplications in favor of field squarings which
+	// are roughly 35% faster than field multiplications with the current
+	// implementation at the time this was written.
+	//
+	// This uses a slightly modified version of the method shown at:
+	// https://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-0.html#doubling-dbl-2009-l
+	//
+	// In particular it performs the calculations using the following:
+	// A = X1^2, B = Y1^2, C = B^2, D = 2*((X1+B)^2-A-C)
+	// E = 3*A, F = E^2, X3 = F-2*D, Y3 = E*(D-X3)-8*C
+	// Z3 = 2*Y1*Z1
+	//
+	// This results in a cost of 1 field multiplication, 5 field squarings,
+	// 6 field additions, and 5 integer multiplications.
+	x1, y1, z1 := &p.X, &p.Y, &p.Z
+	x3, y3, z3 := &result.X, &result.Y, &result.Z
+	var a, b, c, d, e, f FieldVal
+	z3.Mul2(y1, z1).MulInt(2)                // Z3 = 2*Y1*Z1 (mag: 2)
+	a.SquareVal(x1)                          // A = X1^2 (mag: 1)
+	b.SquareVal(y1)                          // B = Y1^2 (mag: 1)
+	c.SquareVal(&b)                          // C = B^2 (mag: 1)
+	b.Add(x1).Square()                       // B = (X1+B)^2 (mag: 1)
+	d.Set(&a).Add(&c).Negate(2)              // D = -(A+C) (mag: 3)
+	d.Add(&b).MulInt(2)                      // D = 2*(B+D)(mag: 8)
+	e.Set(&a).MulInt(3)                      // E = 3*A (mag: 3)
+	f.SquareVal(&e)                          // F = E^2 (mag: 1)
+	x3.Set(&d).MulInt(2).Negate(16)          // X3 = -(2*D) (mag: 17)
+	x3.Add(&f)                               // X3 = F+X3 (mag: 18)
+	f.Set(x3).Negate(18).Add(&d).Normalize() // F = D-X3 (mag: 1)
+	y3.Set(&c).MulInt(8).Negate(8)           // Y3 = -(8*C) (mag: 9)
+	y3.Add(f.Mul(&e))                        // Y3 = E*F+Y3 (mag: 10)
+
+	// Normalize the resulting field values as needed.
+	x3.Normalize()
+	y3.Normalize()
+	z3.Normalize()
+}
+
+// DoubleNonConst doubles the passed Jacobian point and stores the result in the
+// provided result parameter in *non-constant* time.
+//
+// NOTE: The point must be normalized for this function to return the correct
+// result.  The resulting point will be normalized.
+func DoubleNonConst(p, result *JacobianPoint) {
+	// Doubling the point at infinity is still infinity.
+	if p.Y.IsZero() || p.Z.IsZero() {
+		result.X.SetInt(0)
+		result.Y.SetInt(0)
+		result.Z.SetInt(0)
+		return
+	}
+
+	// Slightly faster point doubling can be achieved when the z value is 1
+	// by avoiding the multiplication on the z value.  This section calls
+	// a point doubling function which is accelerated by using that
+	// assumption when possible.
+	if p.Z.IsOne() {
+		doubleZ1EqualsOne(p, result)
+		return
+	}
+
+	// Fall back to generic point doubling which works with arbitrary z
+	// values.
+	doubleGeneric(p, result)
+}
+
+// mulAdd64 multiplies the two passed base 2^64 digits together, adds the given
+// value to the result, and returns the 128-bit result via a (hi, lo) tuple
+// where the upper half of the bits are returned in hi and the lower half in lo.
+func mulAdd64(digit1, digit2, m uint64) (hi, lo uint64) {
+	// Note the carry on the final add is safe to discard because the maximum
+	// possible value is:
+	//   (2^64 - 1)(2^64 - 1) + (2^64 - 1) = 2^128 - 2^64
+	// and:
+	//   2^128 - 2^64 < 2^128.
+	var c uint64
+	hi, lo = bits.Mul64(digit1, digit2)
+	lo, c = bits.Add64(lo, m, 0)
+	hi, _ = bits.Add64(hi, 0, c)
+	return hi, lo
+}
+
+// mulAdd64Carry multiplies the two passed base 2^64 digits together, adds both
+// the given value and carry to the result, and returns the 128-bit result via a
+// (hi, lo) tuple where the upper half of the bits are returned in hi and the
+// lower half in lo.
+func mulAdd64Carry(digit1, digit2, m, c uint64) (hi, lo uint64) {
+	// Note the carry on the high order add is safe to discard because the
+	// maximum possible value is:
+	//   (2^64 - 1)(2^64 - 1) + 2*(2^64 - 1) = 2^128 - 1
+	// and:
+	//   2^128 - 1 < 2^128.
+	var c2 uint64
+	hi, lo = mulAdd64(digit1, digit2, m)
+	lo, c2 = bits.Add64(lo, c, 0)
+	hi, _ = bits.Add64(hi, 0, c2)
+	return hi, lo
+}
+
+// mul512Rsh320Round computes the full 512-bit product of the two given scalars,
+// right shifts the result by 320 bits, rounds to the nearest integer, and
+// returns the result in constant time.
+//
+// Note that despite the inputs and output being mod n scalars, the 512-bit
+// product is NOT reduced mod N prior to the right shift.  This is intentional
+// because it is used for replacing division with multiplication and thus the
+// intermediate results must be done via a field extension to a larger field.
+func mul512Rsh320Round(n1, n2 *ModNScalar) ModNScalar {
+	// Convert n1 and n2 to base 2^64 digits.
+	n1Digit0 := uint64(n1.n[0]) | uint64(n1.n[1])<<32
+	n1Digit1 := uint64(n1.n[2]) | uint64(n1.n[3])<<32
+	n1Digit2 := uint64(n1.n[4]) | uint64(n1.n[5])<<32
+	n1Digit3 := uint64(n1.n[6]) | uint64(n1.n[7])<<32
+	n2Digit0 := uint64(n2.n[0]) | uint64(n2.n[1])<<32
+	n2Digit1 := uint64(n2.n[2]) | uint64(n2.n[3])<<32
+	n2Digit2 := uint64(n2.n[4]) | uint64(n2.n[5])<<32
+	n2Digit3 := uint64(n2.n[6]) | uint64(n2.n[7])<<32
+
+	// Compute the full 512-bit product n1*n2.
+	var r0, r1, r2, r3, r4, r5, r6, r7, c uint64
+
+	// Terms resulting from the product of the first digit of the second number
+	// by all digits of the first number.
+	//
+	// Note that r0 is ignored because it is not needed to compute the higher
+	// terms and it is shifted out below anyway.
+	c, _ = bits.Mul64(n2Digit0, n1Digit0)
+	c, r1 = mulAdd64(n2Digit0, n1Digit1, c)
+	c, r2 = mulAdd64(n2Digit0, n1Digit2, c)
+	r4, r3 = mulAdd64(n2Digit0, n1Digit3, c)
+
+	// Terms resulting from the product of the second digit of the second number
+	// by all digits of the first number.
+	//
+	// Note that r1 is ignored because it is no longer needed to compute the
+	// higher terms and it is shifted out below anyway.
+	c, _ = mulAdd64(n2Digit1, n1Digit0, r1)
+	c, r2 = mulAdd64Carry(n2Digit1, n1Digit1, r2, c)
+	c, r3 = mulAdd64Carry(n2Digit1, n1Digit2, r3, c)
+	r5, r4 = mulAdd64Carry(n2Digit1, n1Digit3, r4, c)
+
+	// Terms resulting from the product of the third digit of the second number
+	// by all digits of the first number.
+	//
+	// Note that r2 is ignored because it is no longer needed to compute the
+	// higher terms and it is shifted out below anyway.
+	c, _ = mulAdd64(n2Digit2, n1Digit0, r2)
+	c, r3 = mulAdd64Carry(n2Digit2, n1Digit1, r3, c)
+	c, r4 = mulAdd64Carry(n2Digit2, n1Digit2, r4, c)
+	r6, r5 = mulAdd64Carry(n2Digit2, n1Digit3, r5, c)
+
+	// Terms resulting from the product of the fourth digit of the second number
+	// by all digits of the first number.
+	//
+	// Note that r3 is ignored because it is no longer needed to compute the
+	// higher terms and it is shifted out below anyway.
+	c, _ = mulAdd64(n2Digit3, n1Digit0, r3)
+	c, r4 = mulAdd64Carry(n2Digit3, n1Digit1, r4, c)
+	c, r5 = mulAdd64Carry(n2Digit3, n1Digit2, r5, c)
+	r7, r6 = mulAdd64Carry(n2Digit3, n1Digit3, r6, c)
+
+	// At this point the upper 256 bits of the full 512-bit product n1*n2 are in
+	// r4..r7 (recall the low order results were discarded as noted above).
+	//
+	// Right shift the result 320 bits.  Note that the MSB of r4 determines
+	// whether or not to round because it is the final bit that is shifted out.
+	//
+	// Also, notice that r3..r7 would also ordinarily be set to 0 as well for
+	// the full shift, but that is skipped since they are no longer used as
+	// their values are known to be zero.
+	roundBit := r4 >> 63
+	r2, r1, r0 = r7, r6, r5
+
+	// Conditionally add 1 depending on the round bit in constant time.
+	r0, c = bits.Add64(r0, roundBit, 0)
+	r1, c = bits.Add64(r1, 0, c)
+	r2, r3 = bits.Add64(r2, 0, c)
+
+	// Finally, convert the result to a mod n scalar.
+	//
+	// No modular reduction is needed because the result is guaranteed to be
+	// less than the group order given the group order is > 2^255 and the
+	// maximum possible value of the result is 2^192.
+	var result ModNScalar
+	result.n[0] = uint32(r0)
+	result.n[1] = uint32(r0 >> 32)
+	result.n[2] = uint32(r1)
+	result.n[3] = uint32(r1 >> 32)
+	result.n[4] = uint32(r2)
+	result.n[5] = uint32(r2 >> 32)
+	result.n[6] = uint32(r3)
+	result.n[7] = uint32(r3 >> 32)
+	return result
+}
+
+// splitK returns two scalars (k1 and k2) that are a balanced length-two
+// representation of the provided scalar such that k ≡ k1 + k2*λ (mod N), where
+// N is the secp256k1 group order.
+func splitK(k *ModNScalar) (ModNScalar, ModNScalar) {
+	// The ultimate goal is to decompose k into two scalars that are around
+	// half the bit length of k such that the following equation is satisfied:
+	//
+	// k1 + k2*λ ≡ k (mod n)
+	//
+	// The strategy used here is based on algorithm 3.74 from [GECC] with a few
+	// modifications to make use of the more efficient mod n scalar type, avoid
+	// some costly long divisions, and minimize the number of calculations.
+	//
+	// Start by defining a function that takes a vector v = <a,b> ∈ ℤ⨯ℤ:
+	//
+	// f(v) = a + bλ (mod n)
+	//
+	// Then, find two vectors, v1 = <a1,b1>, and v2 = <a2,b2> in ℤ⨯ℤ such that:
+	// 1) v1 and v2 are linearly independent
+	// 2) f(v1) = f(v2) = 0
+	// 3) v1 and v2 have small Euclidean norm
+	//
+	// The vectors that satisfy these properties are found via the Euclidean
+	// algorithm and are precomputed since both n and λ are fixed values for the
+	// secp256k1 curve.  See genprecomps.go for derivation details.
+	//
+	// Next, consider k as a vector <k, 0> in ℚ⨯ℚ and by linear algebra write:
+	//
+	// <k, 0> = g1*v1 + g2*v2, where g1, g2 ∈ ℚ
+	//
+	// Note that, per above, the components of vector v1 are a1 and b1 while the
+	// components of vector v2 are a2 and b2.  Given the vectors v1 and v2 were
+	// generated such that a1*b2 - a2*b1 = n, solving the equation for g1 and g2
+	// yields:
+	//
+	// g1 = b2*k / n
+	// g2 = -b1*k / n
+	//
+	// Observe:
+	// <k, 0> = g1*v1 + g2*v2
+	//        = (b2*k/n)*<a1,b1> + (-b1*k/n)*<a2,b2>              | substitute
+	//        = <a1*b2*k/n, b1*b2*k/n> + <-a2*b1*k/n, -b2*b1*k/n> | scalar mul
+	//        = <a1*b2*k/n - a2*b1*k/n, b1*b2*k/n - b2*b1*k/n>    | vector add
+	//        = <[a1*b2*k - a2*b1*k]/n, 0>                        | simplify
+	//        = <k*[a1*b2 - a2*b1]/n, 0>                          | factor out k
+	//        = <k*n/n, 0>                                        | substitute
+	//        = <k, 0>                                            | simplify
+	//
+	// Now, consider an integer-valued vector v:
+	//
+	// v = c1*v1 + c2*v2, where c1, c2 ∈ ℤ (mod n)
+	//
+	// Since vectors v1 and v2 are linearly independent and were generated such
+	// that f(v1) = f(v2) = 0, all possible scalars c1 and c2 also produce a
+	// vector v such that f(v) = 0.
+	//
+	// In other words, c1 and c2 can be any integers and the resulting
+	// decomposition will still satisfy the required equation.  However, since
+	// the goal is to produce a balanced decomposition that provides a
+	// performance advantage by minimizing max(k1, k2), c1 and c2 need to be
+	// integers close to g1 and g2, respectively, so the resulting vector v is
+	// an integer-valued vector that is close to <k, 0>.
+	//
+	// Finally, consider the vector u:
+	//
+	// u  = <k, 0> - v
+	//
+	// It follows that f(u) = k and thus the two components of vector u satisfy
+	// the required equation:
+	//
+	// k1 + k2*λ ≡ k (mod n)
+	//
+	// Choosing c1 and c2:
+	// -------------------
+	//
+	// As mentioned above, c1 and c2 need to be integers close to g1 and g2,
+	// respectively.  The algorithm in [GECC] chooses the following values:
+	//
+	// c1 = round(g1) = round(b2*k / n)
+	// c2 = round(g2) = round(-b1*k / n)
+	//
+	// However, as section 3.4.2 of [STWS] notes, the aforementioned approach
+	// requires costly long divisions that can be avoided by precomputing
+	// rounded estimates as follows:
+	//
+	// t = bitlen(n) + 1
+	// z1 = round(2^t * b2 / n)
+	// z2 = round(2^t * -b1 / n)
+	//
+	// Then, use those precomputed estimates to perform a multiplication by k
+	// along with a floored division by 2^t, which is a simple right shift by t:
+	//
+	// c1 = floor(k * z1 / 2^t) = (k * z1) >> t
+	// c2 = floor(k * z2 / 2^t) = (k * z2) >> t
+	//
+	// Finally, round up if last bit discarded in the right shift by t is set by
+	// adding 1.
+	//
+	// As a further optimization, rather than setting t = bitlen(n) + 1 = 257 as
+	// stated by [STWS], this implementation uses a higher precision estimate of
+	// t = bitlen(n) + 64 = 320 because it allows simplification of the shifts
+	// in the internal calculations that are done via uint64s and also allows
+	// the use of floor in the precomputations.
+	//
+	// Thus, the calculations this implementation uses are:
+	//
+	// z1 = floor(b2<<320 / n)                                     | precomputed
+	// z2 = floor((-b1)<<320) / n)                                 | precomputed
+	// c1 = ((k * z1) >> 320) + (((k * z1) >> 319) & 1)
+	// c2 = ((k * z2) >> 320) + (((k * z2) >> 319) & 1)
+	//
+	// Putting it all together:
+	// ------------------------
+	//
+	// Calculate the following vectors using the values discussed above:
+	//
+	// v = c1*v1 + c2*v2
+	// u = <k, 0> - v
+	//
+	// The two components of the resulting vector v are:
+	// va = c1*a1 + c2*a2
+	// vb = c1*b1 + c2*b2
+	//
+	// Thus, the two components of the resulting vector u are:
+	// k1 = k - va
+	// k2 = 0 - vb = -vb
+	//
+	// As some final optimizations:
+	//
+	// 1) Note that k1 + k2*λ ≡ k (mod n) means that k1 ≡ k - k2*λ (mod n).
+	//    Therefore, the computation of va can be avoided to save two
+	//    field multiplications and a field addition.
+	//
+	// 2) Since k1 = k - k2*λ = k + k2*(-λ), an additional field negation is
+	//    saved by storing and using the negative version of λ.
+	//
+	// 3) Since k2 = -vb = -(c1*b1 + c2*b2) = c1*(-b1) + c2*(-b2), one more
+	//    field negation is saved by storing and using the negative versions of
+	//    b1 and b2.
+	//
+	// k2 = c1*(-b1) + c2*(-b2)
+	// k1 = k + k2*(-λ)
+	var k1, k2 ModNScalar
+	c1 := mul512Rsh320Round(k, endoZ1)
+	c2 := mul512Rsh320Round(k, endoZ2)
+	k2.Add2(c1.Mul(endoNegB1), c2.Mul(endoNegB2))
+	k1.Mul2(&k2, endoNegLambda).Add(k)
+	return k1, k2
+}
+
+// nafScalar represents a positive integer up to a maximum value of 2^256 - 1
+// encoded in non-adjacent form.
+//
+// NAF is a signed-digit representation where each digit can be +1, 0, or -1.
+//
+// In order to efficiently encode that information, this type uses two arrays, a
+// "positive" array where set bits represent the +1 signed digits and a
+// "negative" array where set bits represent the -1 signed digits.  0 is
+// represented by neither array having a bit set in that position.
+//
+// The Pos and Neg methods return the aforementioned positive and negative
+// arrays, respectively.
+type nafScalar struct {
+	// pos houses the positive portion of the representation.  An additional
+	// byte is required for the positive portion because the NAF encoding can be
+	// up to 1 bit longer than the normal binary encoding of the value.
+	//
+	// neg houses the negative portion of the representation.  Even though the
+	// additional byte is not required for the negative portion, since it can
+	// never exceed the length of the normal binary encoding of the value,
+	// keeping the same length for positive and negative portions simplifies
+	// working with the representation and allows extra conditional branches to
+	// be avoided.
+	//
+	// start and end specify the starting and ending index to use within the pos
+	// and neg arrays, respectively.  This allows fixed size arrays to be used
+	// versus needing to dynamically allocate space on the heap.
+	//
+	// NOTE: The fields are defined in the order that they are to minimize the
+	// padding on 32-bit and 64-bit platforms.
+	pos        [33]byte
+	start, end uint8
+	neg        [33]byte
+}
+
+// Pos returns the bytes of the encoded value with bits set in the positions
+// that represent a signed digit of +1.
+func (s *nafScalar) Pos() []byte {
+	return s.pos[s.start:s.end]
+}
+
+// Neg returns the bytes of the encoded value with bits set in the positions
+// that represent a signed digit of -1.
+func (s *nafScalar) Neg() []byte {
+	return s.neg[s.start:s.end]
+}
+
+// naf takes a positive integer up to a maximum value of 2^256 - 1 and returns
+// its non-adjacent form (NAF), which is a unique signed-digit representation
+// such that no two consecutive digits are nonzero.  See the documentation for
+// the returned type for details on how the representation is encoded
+// efficiently and how to interpret it
+//
+// NAF is useful in that it has the fewest nonzero digits of any signed digit
+// representation, only 1/3rd of its digits are nonzero on average, and at least
+// half of the digits will be 0.
+//
+// The aforementioned properties are particularly beneficial for optimizing
+// elliptic curve point multiplication because they effectively minimize the
+// number of required point additions in exchange for needing to perform a mix
+// of fewer point additions and subtractions and possibly one additional point
+// doubling.  This is an excellent tradeoff because subtraction of points has
+// the same computational complexity as addition of points and point doubling is
+// faster than both.
+func naf(k []byte) nafScalar {
+	// Strip leading zero bytes.
+	for len(k) > 0 && k[0] == 0x00 {
+		k = k[1:]
+	}
+
+	// The non-adjacent form (NAF) of a positive integer k is an expression
+	// k = ∑_(i=0, l-1) k_i * 2^i where k_i ∈ {0,±1}, k_(l-1) != 0, and no two
+	// consecutive digits k_i are nonzero.
+	//
+	// The traditional method of computing the NAF of a positive integer is
+	// given by algorithm 3.30 in [GECC].  It consists of repeatedly dividing k
+	// by 2 and choosing the remainder so that the quotient (k−r)/2 is even
+	// which ensures the next NAF digit is 0.  This requires log_2(k) steps.
+	//
+	// However, in [BRID], Prodinger notes that a closed form expression for the
+	// NAF representation is the bitwise difference 3k/2 - k/2.  This is more
+	// efficient as it can be computed in O(1) versus the O(log(n)) of the
+	// traditional approach.
+	//
+	// The following code makes use of that formula to compute the NAF more
+	// efficiently.
+	//
+	// To understand the logic here, observe that the only way the NAF has a
+	// nonzero digit at a given bit is when either 3k/2 or k/2 has a bit set in
+	// that position, but not both.  In other words, the result of a bitwise
+	// xor.  This can be seen simply by considering that when the bits are the
+	// same, the subtraction is either 0-0 or 1-1, both of which are 0.
+	//
+	// Further, observe that the "+1" digits in the result are contributed by
+	// 3k/2 while the "-1" digits are from k/2.  So, they can be determined by
+	// taking the bitwise and of each respective value with the result of the
+	// xor which identifies which bits are nonzero.
+	//
+	// Using that information, this loops backwards from the least significant
+	// byte to the most significant byte while performing the aforementioned
+	// calculations by propagating the potential carry and high order bit from
+	// the next word during the right shift.
+	kLen := len(k)
+	var result nafScalar
+	var carry uint8
+	for byteNum := kLen - 1; byteNum >= 0; byteNum-- {
+		// Calculate k/2.  Notice the carry from the previous word is added and
+		// the low order bit from the next word is shifted in accordingly.
+		kc := uint16(k[byteNum]) + uint16(carry)
+		var nextWord uint8
+		if byteNum > 0 {
+			nextWord = k[byteNum-1]
+		}
+		halfK := kc>>1 | uint16(nextWord<<7)
+
+		// Calculate 3k/2 and determine the non-zero digits in the result.
+		threeHalfK := kc + halfK
+		nonZeroResultDigits := threeHalfK ^ halfK
+
+		// Determine the signed digits {0, ±1}.
+		result.pos[byteNum+1] = uint8(threeHalfK & nonZeroResultDigits)
+		result.neg[byteNum+1] = uint8(halfK & nonZeroResultDigits)
+
+		// Propagate the potential carry from the 3k/2 calculation.
+		carry = uint8(threeHalfK >> 8)
+	}
+	result.pos[0] = carry
+
+	// Set the starting and ending positions within the fixed size arrays to
+	// identify the bytes that are actually used.  This is important since the
+	// encoding is big endian and thus trailing zero bytes changes its value.
+	result.start = 1 - carry
+	result.end = uint8(kLen + 1)
+	return result
+}
+
+// ScalarMultNonConst multiplies k*P where k is a scalar modulo the curve order
+// and P is a point in Jacobian projective coordinates and stores the result in
+// the provided Jacobian point.
+//
+// NOTE: The point must be normalized for this function to return the correct
+// result.  The resulting point will be normalized.
+func ScalarMultNonConst(k *ModNScalar, point, result *JacobianPoint) {
+	// -------------------------------------------------------------------------
+	// This makes use of the following efficiently-computable endomorphism to
+	// accelerate the computation:
+	//
+	// φ(P) ⟼ λ*P = (β*P.x mod p, P.y)
+	//
+	// In other words, there is a special scalar λ that every point on the
+	// elliptic curve can be multiplied by that will result in the same point as
+	// performing a single field multiplication of the point's X coordinate by
+	// the special value β.
+	//
+	// This is useful because scalar point multiplication is significantly more
+	// expensive than a single field multiplication given the former involves a
+	// series of point doublings and additions which themselves consist of a
+	// combination of several field multiplications, squarings, and additions.
+	//
+	// So, the idea behind making use of the endomorphism is thus to decompose
+	// the scalar into two scalars that are each about half the bit length of
+	// the original scalar such that:
+	//
+	// k ≡ k1 + k2*λ (mod n)
+	//
+	// This in turn allows the scalar point multiplication to be performed as a
+	// sum of two smaller half-length multiplications as follows:
+	//
+	// k*P = (k1 + k2*λ)*P
+	//     = k1*P + k2*λ*P
+	//     = k1*P + k2*φ(P)
+	//
+	// Thus, a speedup is achieved so long as it's faster to decompose the
+	// scalar, compute φ(P), and perform a simultaneous multiply of the
+	// half-length point multiplications than it is to compute a full width
+	// point multiplication.
+	//
+	// In practice, benchmarks show the current implementation provides a
+	// speedup of around 30-35% versus not using the endomorphism.
+	//
+	// See section 3.5 in [GECC] for a more rigorous treatment.
+	// -------------------------------------------------------------------------
+
+	// Per above, the main equation here to remember is:
+	//   k*P = k1*P + k2*φ(P)
+	//
+	// p1 below is P in the equation while p2 is φ(P) in the equation.
+	//
+	// NOTE: φ(x,y) = (β*x,y).  The Jacobian z coordinates are the same, so this
+	// math goes through.
+	//
+	// Also, calculate -p1 and -p2 for use in the NAF optimization.
+	p1, p1Neg := new(JacobianPoint), new(JacobianPoint)
+	p1.Set(point)
+	p1Neg.Set(p1)
+	p1Neg.Y.Negate(1).Normalize()
+	p2, p2Neg := new(JacobianPoint), new(JacobianPoint)
+	p2.Set(p1)
+	p2.X.Mul(endoBeta).Normalize()
+	p2Neg.Set(p2)
+	p2Neg.Y.Negate(1).Normalize()
+
+	// Decompose k into k1 and k2 such that k = k1 + k2*λ (mod n) where k1 and
+	// k2 are around half the bit length of k in order to halve the number of EC
+	// operations.
+	//
+	// Notice that this also flips the sign of the scalars and points as needed
+	// to minimize the bit lengths of the scalars k1 and k2.
+	//
+	// This is done because the scalars are operating modulo the group order
+	// which means that when they would otherwise be a small negative magnitude
+	// they will instead be a large positive magnitude.  Since the goal is for
+	// the scalars to have a small magnitude to achieve a performance boost, use
+	// their negation when they are greater than the half order of the group and
+	// flip the positive and negative values of the corresponding point that
+	// will be multiplied by to compensate.
+	//
+	// In other words, transform the calc when k1 is over the half order to:
+	//   k1*P = -k1*-P
+	//
+	// Similarly, transform the calc when k2 is over the half order to:
+	//   k2*φ(P) = -k2*-φ(P)
+	k1, k2 := splitK(k)
+	if k1.IsOverHalfOrder() {
+		k1.Negate()
+		p1, p1Neg = p1Neg, p1
+	}
+	if k2.IsOverHalfOrder() {
+		k2.Negate()
+		p2, p2Neg = p2Neg, p2
+	}
+
+	// Convert k1 and k2 into their NAF representations since NAF has a lot more
+	// zeros overall on average which minimizes the number of required point
+	// additions in exchange for a mix of fewer point additions and subtractions
+	// at the cost of one additional point doubling.
+	//
+	// This is an excellent tradeoff because subtraction of points has the same
+	// computational complexity as addition of points and point doubling is
+	// faster than both.
+	//
+	// Concretely, on average, 1/2 of all bits will be non-zero with the normal
+	// binary representation whereas only 1/3rd of the bits will be non-zero
+	// with NAF.
+	//
+	// The Pos version of the bytes contain the +1s and the Neg versions contain
+	// the -1s.
+	k1Bytes, k2Bytes := k1.Bytes(), k2.Bytes()
+	k1NAF, k2NAF := naf(k1Bytes[:]), naf(k2Bytes[:])
+	k1PosNAF, k1NegNAF := k1NAF.Pos(), k1NAF.Neg()
+	k2PosNAF, k2NegNAF := k2NAF.Pos(), k2NAF.Neg()
+	k1Len, k2Len := len(k1PosNAF), len(k2PosNAF)
+
+	// Add left-to-right using the NAF optimization.  See algorithm 3.77 from
+	// [GECC].
+	//
+	// Point Q = ∞ (point at infinity).
+	var q JacobianPoint
+	m := k1Len
+	if m < k2Len {
+		m = k2Len
+	}
+	for i := 0; i < m; i++ {
+		// Since k1 and k2 are potentially different lengths and the calculation
+		// is being done left to right, pad the front of the shorter one with
+		// 0s.
+		var k1BytePos, k1ByteNeg, k2BytePos, k2ByteNeg byte
+		if i >= m-k1Len {
+			k1BytePos, k1ByteNeg = k1PosNAF[i-(m-k1Len)], k1NegNAF[i-(m-k1Len)]
+		}
+		if i >= m-k2Len {
+			k2BytePos, k2ByteNeg = k2PosNAF[i-(m-k2Len)], k2NegNAF[i-(m-k2Len)]
+		}
+
+		for mask := uint8(1 << 7); mask > 0; mask >>= 1 {
+			// Q = 2 * Q
+			DoubleNonConst(&q, &q)
+
+			// Add or subtract the first point based on the signed digit of the
+			// NAF representation of k1 at this bit position.
+			//
+			// +1: Q = Q + p1
+			// -1: Q = Q - p1
+			//  0: Q = Q (no change)
+			if k1BytePos&mask == mask {
+				AddNonConst(&q, p1, &q)
+			} else if k1ByteNeg&mask == mask {
+				AddNonConst(&q, p1Neg, &q)
+			}
+
+			// Add or subtract the second point based on the signed digit of the
+			// NAF representation of k2 at this bit position.
+			//
+			// +1: Q = Q + p2
+			// -1: Q = Q - p2
+			//  0: Q = Q (no change)
+			if k2BytePos&mask == mask {
+				AddNonConst(&q, p2, &q)
+			} else if k2ByteNeg&mask == mask {
+				AddNonConst(&q, p2Neg, &q)
+			}
+		}
+	}
+
+	result.Set(&q)
+}
+
+// ScalarBaseMultNonConst multiplies k*G where k is a scalar modulo the curve
+// order and G is the base point of the group and stores the result in the
+// provided Jacobian point.
+//
+// NOTE: The resulting point will be normalized.
+func ScalarBaseMultNonConst(k *ModNScalar, result *JacobianPoint) {
+	bytePoints := s256BytePoints()
+
+	// Start with the point at infinity.
+	result.X.Zero()
+	result.Y.Zero()
+	result.Z.Zero()
+
+	// bytePoints has all 256 byte points for each 8-bit window.  The strategy
+	// is to add up the byte points.  This is best understood by expressing k in
+	// base-256 which it already sort of is.  Each "digit" in the 8-bit window
+	// can be looked up using bytePoints and added together.
+	kb := k.Bytes()
+	for i := 0; i < len(kb); i++ {
+		pt := &bytePoints[i][kb[i]]
+		AddNonConst(result, pt, result)
+	}
+}
+
+// isOnCurve returns whether or not the affine point (x,y) is on the curve.
+func isOnCurve(fx, fy *FieldVal) bool {
+	// Elliptic curve equation for secp256k1 is: y^2 = x^3 + 7
+	y2 := new(FieldVal).SquareVal(fy).Normalize()
+	result := new(FieldVal).SquareVal(fx).Mul(fx).AddInt(7).Normalize()
+	return y2.Equals(result)
+}
+
+// DecompressY attempts to calculate the Y coordinate for the given X coordinate
+// such that the result pair is a point on the secp256k1 curve.  It adjusts Y
+// based on the desired oddness and returns whether or not it was successful
+// since not all X coordinates are valid.
+//
+// The magnitude of the provided X coordinate field val must be a max of 8 for a
+// correct result.  The resulting Y field val will have a max magnitude of 2.
+func DecompressY(x *FieldVal, odd bool, resultY *FieldVal) bool {
+	// The curve equation for secp256k1 is: y^2 = x^3 + 7.  Thus
+	// y = +-sqrt(x^3 + 7).
+	//
+	// The x coordinate must be invalid if there is no square root for the
+	// calculated rhs because it means the X coordinate is not for a point on
+	// the curve.
+	x3PlusB := new(FieldVal).SquareVal(x).Mul(x).AddInt(7)
+	if hasSqrt := resultY.SquareRootVal(x3PlusB); !hasSqrt {
+		return false
+	}
+	if resultY.Normalize().IsOdd() != odd {
+		resultY.Negate(1)
+	}
+	return true
+}
diff --git a/vendor/github.com/decred/dcrd/dcrec/secp256k1/v4/doc.go b/vendor/github.com/decred/dcrd/dcrec/secp256k1/v4/doc.go
new file mode 100644
index 000000000..ac01e2343
--- /dev/null
+++ b/vendor/github.com/decred/dcrd/dcrec/secp256k1/v4/doc.go
@@ -0,0 +1,59 @@
+// Copyright (c) 2013-2014 The btcsuite developers
+// Copyright (c) 2015-2022 The Decred developers
+// Use of this source code is governed by an ISC
+// license that can be found in the LICENSE file.
+
+/*
+Package secp256k1 implements optimized secp256k1 elliptic curve operations in
+pure Go.
+
+This package provides an optimized pure Go implementation of elliptic curve
+cryptography operations over the secp256k1 curve as well as data structures and
+functions for working with public and private secp256k1 keys.  See
+https://www.secg.org/sec2-v2.pdf for details on the standard.
+
+In addition, sub packages are provided to produce, verify, parse, and serialize
+ECDSA signatures and EC-Schnorr-DCRv0 (a custom Schnorr-based signature scheme
+specific to Decred) signatures.  See the README.md files in the relevant sub
+packages for more details about those aspects.
+
+An overview of the features provided by this package are as follows:
+
+  - Private key generation, serialization, and parsing
+  - Public key generation, serialization and parsing per ANSI X9.62-1998
+  - Parses uncompressed, compressed, and hybrid public keys
+  - Serializes uncompressed and compressed public keys
+  - Specialized types for performing optimized and constant time field operations
+  - FieldVal type for working modulo the secp256k1 field prime
+  - ModNScalar type for working modulo the secp256k1 group order
+  - Elliptic curve operations in Jacobian projective coordinates
+  - Point addition
+  - Point doubling
+  - Scalar multiplication with an arbitrary point
+  - Scalar multiplication with the base point (group generator)
+  - Point decompression from a given x coordinate
+  - Nonce generation via RFC6979 with support for extra data and version
+    information that can be used to prevent nonce reuse between signing
+    algorithms
+
+It also provides an implementation of the Go standard library crypto/elliptic
+Curve interface via the S256 function so that it may be used with other packages
+in the standard library such as crypto/tls, crypto/x509, and crypto/ecdsa.
+However, in the case of ECDSA, it is highly recommended to use the ecdsa sub
+package of this package instead since it is optimized specifically for secp256k1
+and is significantly faster as a result.
+
+Although this package was primarily written for dcrd, it has intentionally been
+designed so it can be used as a standalone package for any projects needing to
+use optimized secp256k1 elliptic curve cryptography.
+
+Finally, a comprehensive suite of tests is provided to provide a high level of
+quality assurance.
+
+# Use of secp256k1 in Decred
+
+At the time of this writing, the primary public key cryptography in widespread
+use on the Decred network used to secure coins is based on elliptic curves
+defined by the secp256k1 domain parameters.
+*/
+package secp256k1
diff --git a/vendor/github.com/decred/dcrd/dcrec/secp256k1/v4/ecdh.go b/vendor/github.com/decred/dcrd/dcrec/secp256k1/v4/ecdh.go
new file mode 100644
index 000000000..96869a3cd
--- /dev/null
+++ b/vendor/github.com/decred/dcrd/dcrec/secp256k1/v4/ecdh.go
@@ -0,0 +1,21 @@
+// Copyright (c) 2015 The btcsuite developers
+// Copyright (c) 2015-2023 The Decred developers
+// Use of this source code is governed by an ISC
+// license that can be found in the LICENSE file.
+
+package secp256k1
+
+// GenerateSharedSecret generates a shared secret based on a private key and a
+// public key using Diffie-Hellman key exchange (ECDH) (RFC 5903).
+// RFC5903 Section 9 states we should only return x.
+//
+// It is recommended to securely hash the result before using as a cryptographic
+// key.
+func GenerateSharedSecret(privkey *PrivateKey, pubkey *PublicKey) []byte {
+	var point, result JacobianPoint
+	pubkey.AsJacobian(&point)
+	ScalarMultNonConst(&privkey.Key, &point, &result)
+	result.ToAffine()
+	xBytes := result.X.Bytes()
+	return xBytes[:]
+}
diff --git a/vendor/github.com/decred/dcrd/dcrec/secp256k1/v4/ellipticadaptor.go b/vendor/github.com/decred/dcrd/dcrec/secp256k1/v4/ellipticadaptor.go
new file mode 100644
index 000000000..42022646b
--- /dev/null
+++ b/vendor/github.com/decred/dcrd/dcrec/secp256k1/v4/ellipticadaptor.go
@@ -0,0 +1,255 @@
+// Copyright 2020-2022 The Decred developers
+// Use of this source code is governed by an ISC
+// license that can be found in the LICENSE file.
+
+package secp256k1
+
+// References:
+//   [SECG]: Recommended Elliptic Curve Domain Parameters
+//     https://www.secg.org/sec2-v2.pdf
+//
+//   [GECC]: Guide to Elliptic Curve Cryptography (Hankerson, Menezes, Vanstone)
+
+import (
+	"crypto/ecdsa"
+	"crypto/elliptic"
+	"math/big"
+)
+
+// CurveParams contains the parameters for the secp256k1 curve.
+type CurveParams struct {
+	// P is the prime used in the secp256k1 field.
+	P *big.Int
+
+	// N is the order of the secp256k1 curve group generated by the base point.
+	N *big.Int
+
+	// Gx and Gy are the x and y coordinate of the base point, respectively.
+	Gx, Gy *big.Int
+
+	// BitSize is the size of the underlying secp256k1 field in bits.
+	BitSize int
+
+	// H is the cofactor of the secp256k1 curve.
+	H int
+
+	// ByteSize is simply the bit size / 8 and is provided for convenience
+	// since it is calculated repeatedly.
+	ByteSize int
+}
+
+// Curve parameters taken from [SECG] section 2.4.1.
+var curveParams = CurveParams{
+	P:        fromHex("fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f"),
+	N:        fromHex("fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141"),
+	Gx:       fromHex("79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798"),
+	Gy:       fromHex("483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8"),
+	BitSize:  256,
+	H:        1,
+	ByteSize: 256 / 8,
+}
+
+// Params returns the secp256k1 curve parameters for convenience.
+func Params() *CurveParams {
+	return &curveParams
+}
+
+// KoblitzCurve provides an implementation for secp256k1 that fits the ECC Curve
+// interface from crypto/elliptic.
+type KoblitzCurve struct {
+	*elliptic.CurveParams
+}
+
+// bigAffineToJacobian takes an affine point (x, y) as big integers and converts
+// it to Jacobian point with Z=1.
+func bigAffineToJacobian(x, y *big.Int, result *JacobianPoint) {
+	result.X.SetByteSlice(x.Bytes())
+	result.Y.SetByteSlice(y.Bytes())
+	result.Z.SetInt(1)
+}
+
+// jacobianToBigAffine takes a Jacobian point (x, y, z) as field values and
+// converts it to an affine point as big integers.
+func jacobianToBigAffine(point *JacobianPoint) (*big.Int, *big.Int) {
+	point.ToAffine()
+
+	// Convert the field values for the now affine point to big.Ints.
+	x3, y3 := new(big.Int), new(big.Int)
+	x3.SetBytes(point.X.Bytes()[:])
+	y3.SetBytes(point.Y.Bytes()[:])
+	return x3, y3
+}
+
+// Params returns the parameters for the curve.
+//
+// This is part of the elliptic.Curve interface implementation.
+func (curve *KoblitzCurve) Params() *elliptic.CurveParams {
+	return curve.CurveParams
+}
+
+// IsOnCurve returns whether or not the affine point (x,y) is on the curve.
+//
+// This is part of the elliptic.Curve interface implementation.  This function
+// differs from the crypto/elliptic algorithm since a = 0 not -3.
+func (curve *KoblitzCurve) IsOnCurve(x, y *big.Int) bool {
+	// Convert big ints to a Jacobian point for faster arithmetic.
+	var point JacobianPoint
+	bigAffineToJacobian(x, y, &point)
+	return isOnCurve(&point.X, &point.Y)
+}
+
+// Add returns the sum of (x1,y1) and (x2,y2).
+//
+// This is part of the elliptic.Curve interface implementation.
+func (curve *KoblitzCurve) Add(x1, y1, x2, y2 *big.Int) (*big.Int, *big.Int) {
+	// The point at infinity is the identity according to the group law for
+	// elliptic curve cryptography.  Thus, ∞ + P = P and P + ∞ = P.
+	if x1.Sign() == 0 && y1.Sign() == 0 {
+		return x2, y2
+	}
+	if x2.Sign() == 0 && y2.Sign() == 0 {
+		return x1, y1
+	}
+
+	// Convert the affine coordinates from big integers to Jacobian points,
+	// do the point addition in Jacobian projective space, and convert the
+	// Jacobian point back to affine big.Ints.
+	var p1, p2, result JacobianPoint
+	bigAffineToJacobian(x1, y1, &p1)
+	bigAffineToJacobian(x2, y2, &p2)
+	AddNonConst(&p1, &p2, &result)
+	return jacobianToBigAffine(&result)
+}
+
+// Double returns 2*(x1,y1).
+//
+// This is part of the elliptic.Curve interface implementation.
+func (curve *KoblitzCurve) Double(x1, y1 *big.Int) (*big.Int, *big.Int) {
+	if y1.Sign() == 0 {
+		return new(big.Int), new(big.Int)
+	}
+
+	// Convert the affine coordinates from big integers to Jacobian points,
+	// do the point doubling in Jacobian projective space, and convert the
+	// Jacobian point back to affine big.Ints.
+	var point, result JacobianPoint
+	bigAffineToJacobian(x1, y1, &point)
+	DoubleNonConst(&point, &result)
+	return jacobianToBigAffine(&result)
+}
+
+// moduloReduce reduces k from more than 32 bytes to 32 bytes and under.  This
+// is done by doing a simple modulo curve.N.  We can do this since G^N = 1 and
+// thus any other valid point on the elliptic curve has the same order.
+func moduloReduce(k []byte) []byte {
+	// Since the order of G is curve.N, we can use a much smaller number by
+	// doing modulo curve.N
+	if len(k) > curveParams.ByteSize {
+		tmpK := new(big.Int).SetBytes(k)
+		tmpK.Mod(tmpK, curveParams.N)
+		return tmpK.Bytes()
+	}
+
+	return k
+}
+
+// ScalarMult returns k*(Bx, By) where k is a big endian integer.
+//
+// This is part of the elliptic.Curve interface implementation.
+func (curve *KoblitzCurve) ScalarMult(Bx, By *big.Int, k []byte) (*big.Int, *big.Int) {
+	// Convert the affine coordinates from big integers to Jacobian points,
+	// do the multiplication in Jacobian projective space, and convert the
+	// Jacobian point back to affine big.Ints.
+	var kModN ModNScalar
+	kModN.SetByteSlice(moduloReduce(k))
+	var point, result JacobianPoint
+	bigAffineToJacobian(Bx, By, &point)
+	ScalarMultNonConst(&kModN, &point, &result)
+	return jacobianToBigAffine(&result)
+}
+
+// ScalarBaseMult returns k*G where G is the base point of the group and k is a
+// big endian integer.
+//
+// This is part of the elliptic.Curve interface implementation.
+func (curve *KoblitzCurve) ScalarBaseMult(k []byte) (*big.Int, *big.Int) {
+	// Perform the multiplication and convert the Jacobian point back to affine
+	// big.Ints.
+	var kModN ModNScalar
+	kModN.SetByteSlice(moduloReduce(k))
+	var result JacobianPoint
+	ScalarBaseMultNonConst(&kModN, &result)
+	return jacobianToBigAffine(&result)
+}
+
+// X returns the x coordinate of the public key.
+func (p *PublicKey) X() *big.Int {
+	return new(big.Int).SetBytes(p.x.Bytes()[:])
+}
+
+// Y returns the y coordinate of the public key.
+func (p *PublicKey) Y() *big.Int {
+	return new(big.Int).SetBytes(p.y.Bytes()[:])
+}
+
+// ToECDSA returns the public key as a *ecdsa.PublicKey.
+func (p *PublicKey) ToECDSA() *ecdsa.PublicKey {
+	return &ecdsa.PublicKey{
+		Curve: S256(),
+		X:     p.X(),
+		Y:     p.Y(),
+	}
+}
+
+// ToECDSA returns the private key as a *ecdsa.PrivateKey.
+func (p *PrivateKey) ToECDSA() *ecdsa.PrivateKey {
+	var privKeyBytes [PrivKeyBytesLen]byte
+	p.Key.PutBytes(&privKeyBytes)
+	var result JacobianPoint
+	ScalarBaseMultNonConst(&p.Key, &result)
+	x, y := jacobianToBigAffine(&result)
+	newPrivKey := &ecdsa.PrivateKey{
+		PublicKey: ecdsa.PublicKey{
+			Curve: S256(),
+			X:     x,
+			Y:     y,
+		},
+		D: new(big.Int).SetBytes(privKeyBytes[:]),
+	}
+	zeroArray32(&privKeyBytes)
+	return newPrivKey
+}
+
+// fromHex converts the passed hex string into a big integer pointer and will
+// panic is there is an error.  This is only provided for the hard-coded
+// constants so errors in the source code can bet detected. It will only (and
+// must only) be called for initialization purposes.
+func fromHex(s string) *big.Int {
+	if s == "" {
+		return big.NewInt(0)
+	}
+	r, ok := new(big.Int).SetString(s, 16)
+	if !ok {
+		panic("invalid hex in source file: " + s)
+	}
+	return r
+}
+
+// secp256k1 is a global instance of the KoblitzCurve implementation which in
+// turn embeds and implements elliptic.CurveParams.
+var secp256k1 = &KoblitzCurve{
+	CurveParams: &elliptic.CurveParams{
+		P:       curveParams.P,
+		N:       curveParams.N,
+		B:       fromHex("0000000000000000000000000000000000000000000000000000000000000007"),
+		Gx:      curveParams.Gx,
+		Gy:      curveParams.Gy,
+		BitSize: curveParams.BitSize,
+		Name:    "secp256k1",
+	},
+}
+
+// S256 returns an elliptic.Curve which implements secp256k1.
+func S256() *KoblitzCurve {
+	return secp256k1
+}
diff --git a/vendor/github.com/decred/dcrd/dcrec/secp256k1/v4/error.go b/vendor/github.com/decred/dcrd/dcrec/secp256k1/v4/error.go
new file mode 100644
index 000000000..ac8c45127
--- /dev/null
+++ b/vendor/github.com/decred/dcrd/dcrec/secp256k1/v4/error.go
@@ -0,0 +1,67 @@
+// Copyright (c) 2020 The Decred developers
+// Use of this source code is governed by an ISC
+// license that can be found in the LICENSE file.
+
+package secp256k1
+
+// ErrorKind identifies a kind of error.  It has full support for errors.Is and
+// errors.As, so the caller can directly check against an error kind when
+// determining the reason for an error.
+type ErrorKind string
+
+// These constants are used to identify a specific RuleError.
+const (
+	// ErrPubKeyInvalidLen indicates that the length of a serialized public
+	// key is not one of the allowed lengths.
+	ErrPubKeyInvalidLen = ErrorKind("ErrPubKeyInvalidLen")
+
+	// ErrPubKeyInvalidFormat indicates an attempt was made to parse a public
+	// key that does not specify one of the supported formats.
+	ErrPubKeyInvalidFormat = ErrorKind("ErrPubKeyInvalidFormat")
+
+	// ErrPubKeyXTooBig indicates that the x coordinate for a public key
+	// is greater than or equal to the prime of the field underlying the group.
+	ErrPubKeyXTooBig = ErrorKind("ErrPubKeyXTooBig")
+
+	// ErrPubKeyYTooBig indicates that the y coordinate for a public key is
+	// greater than or equal to the prime of the field underlying the group.
+	ErrPubKeyYTooBig = ErrorKind("ErrPubKeyYTooBig")
+
+	// ErrPubKeyNotOnCurve indicates that a public key is not a point on the
+	// secp256k1 curve.
+	ErrPubKeyNotOnCurve = ErrorKind("ErrPubKeyNotOnCurve")
+
+	// ErrPubKeyMismatchedOddness indicates that a hybrid public key specified
+	// an oddness of the y coordinate that does not match the actual oddness of
+	// the provided y coordinate.
+	ErrPubKeyMismatchedOddness = ErrorKind("ErrPubKeyMismatchedOddness")
+)
+
+// Error satisfies the error interface and prints human-readable errors.
+func (e ErrorKind) Error() string {
+	return string(e)
+}
+
+// Error identifies an error related to public key cryptography using a
+// sec256k1 curve. It has full support for errors.Is and errors.As, so the
+// caller can  ascertain the specific reason for the error by checking
+// the underlying error.
+type Error struct {
+	Err         error
+	Description string
+}
+
+// Error satisfies the error interface and prints human-readable errors.
+func (e Error) Error() string {
+	return e.Description
+}
+
+// Unwrap returns the underlying wrapped error.
+func (e Error) Unwrap() error {
+	return e.Err
+}
+
+// makeError creates an Error given a set of arguments.
+func makeError(kind ErrorKind, desc string) Error {
+	return Error{Err: kind, Description: desc}
+}
diff --git a/vendor/github.com/decred/dcrd/dcrec/secp256k1/v4/field.go b/vendor/github.com/decred/dcrd/dcrec/secp256k1/v4/field.go
new file mode 100644
index 000000000..8d9ac74d5
--- /dev/null
+++ b/vendor/github.com/decred/dcrd/dcrec/secp256k1/v4/field.go
@@ -0,0 +1,1681 @@
+// Copyright (c) 2013-2014 The btcsuite developers
+// Copyright (c) 2015-2022 The Decred developers
+// Copyright (c) 2013-2022 Dave Collins
+// Use of this source code is governed by an ISC
+// license that can be found in the LICENSE file.
+
+package secp256k1
+
+// References:
+//   [HAC]: Handbook of Applied Cryptography Menezes, van Oorschot, Vanstone.
+//     http://cacr.uwaterloo.ca/hac/
+
+// All elliptic curve operations for secp256k1 are done in a finite field
+// characterized by a 256-bit prime.  Given this precision is larger than the
+// biggest available native type, obviously some form of bignum math is needed.
+// This package implements specialized fixed-precision field arithmetic rather
+// than relying on an arbitrary-precision arithmetic package such as math/big
+// for dealing with the field math since the size is known.  As a result, rather
+// large performance gains are achieved by taking advantage of many
+// optimizations not available to arbitrary-precision arithmetic and generic
+// modular arithmetic algorithms.
+//
+// There are various ways to internally represent each finite field element.
+// For example, the most obvious representation would be to use an array of 4
+// uint64s (64 bits * 4 = 256 bits).  However, that representation suffers from
+// a couple of issues.  First, there is no native Go type large enough to handle
+// the intermediate results while adding or multiplying two 64-bit numbers, and
+// second there is no space left for overflows when performing the intermediate
+// arithmetic between each array element which would lead to expensive carry
+// propagation.
+//
+// Given the above, this implementation represents the field elements as
+// 10 uint32s with each word (array entry) treated as base 2^26.  This was
+// chosen for the following reasons:
+// 1) Most systems at the current time are 64-bit (or at least have 64-bit
+//    registers available for specialized purposes such as MMX) so the
+//    intermediate results can typically be done using a native register (and
+//    using uint64s to avoid the need for additional half-word arithmetic)
+// 2) In order to allow addition of the internal words without having to
+//    propagate the carry, the max normalized value for each register must
+//    be less than the number of bits available in the register
+// 3) Since we're dealing with 32-bit values, 64-bits of overflow is a
+//    reasonable choice for #2
+// 4) Given the need for 256-bits of precision and the properties stated in #1,
+//    #2, and #3, the representation which best accommodates this is 10 uint32s
+//    with base 2^26 (26 bits * 10 = 260 bits, so the final word only needs 22
+//    bits) which leaves the desired 64 bits (32 * 10 = 320, 320 - 256 = 64) for
+//    overflow
+//
+// Since it is so important that the field arithmetic is extremely fast for high
+// performance crypto, this type does not perform any validation where it
+// ordinarily would.  See the documentation for FieldVal for more details.
+
+import (
+	"encoding/hex"
+)
+
+// Constants used to make the code more readable.
+const (
+	twoBitsMask   = 0x3
+	fourBitsMask  = 0xf
+	sixBitsMask   = 0x3f
+	eightBitsMask = 0xff
+)
+
+// Constants related to the field representation.
+const (
+	// fieldWords is the number of words used to internally represent the
+	// 256-bit value.
+	fieldWords = 10
+
+	// fieldBase is the exponent used to form the numeric base of each word.
+	// 2^(fieldBase*i) where i is the word position.
+	fieldBase = 26
+
+	// fieldBaseMask is the mask for the bits in each word needed to
+	// represent the numeric base of each word (except the most significant
+	// word).
+	fieldBaseMask = (1 << fieldBase) - 1
+
+	// fieldMSBBits is the number of bits in the most significant word used
+	// to represent the value.
+	fieldMSBBits = 256 - (fieldBase * (fieldWords - 1))
+
+	// fieldMSBMask is the mask for the bits in the most significant word
+	// needed to represent the value.
+	fieldMSBMask = (1 << fieldMSBBits) - 1
+
+	// These fields provide convenient access to each of the words of the
+	// secp256k1 prime in the internal field representation to improve code
+	// readability.
+	fieldPrimeWordZero  = 0x03fffc2f
+	fieldPrimeWordOne   = 0x03ffffbf
+	fieldPrimeWordTwo   = 0x03ffffff
+	fieldPrimeWordThree = 0x03ffffff
+	fieldPrimeWordFour  = 0x03ffffff
+	fieldPrimeWordFive  = 0x03ffffff
+	fieldPrimeWordSix   = 0x03ffffff
+	fieldPrimeWordSeven = 0x03ffffff
+	fieldPrimeWordEight = 0x03ffffff
+	fieldPrimeWordNine  = 0x003fffff
+)
+
+// FieldVal implements optimized fixed-precision arithmetic over the
+// secp256k1 finite field.  This means all arithmetic is performed modulo
+//
+//	0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f.
+//
+// WARNING: Since it is so important for the field arithmetic to be extremely
+// fast for high performance crypto, this type does not perform any validation
+// of documented preconditions where it ordinarily would.  As a result, it is
+// IMPERATIVE for callers to understand some key concepts that are described
+// below and ensure the methods are called with the necessary preconditions that
+// each method is documented with.  For example, some methods only give the
+// correct result if the field value is normalized and others require the field
+// values involved to have a maximum magnitude and THERE ARE NO EXPLICIT CHECKS
+// TO ENSURE THOSE PRECONDITIONS ARE SATISFIED.  This does, unfortunately, make
+// the type more difficult to use correctly and while I typically prefer to
+// ensure all state and input is valid for most code, this is a bit of an
+// exception because those extra checks really add up in what ends up being
+// critical hot paths.
+//
+// The first key concept when working with this type is normalization.  In order
+// to avoid the need to propagate a ton of carries, the internal representation
+// provides additional overflow bits for each word of the overall 256-bit value.
+// This means that there are multiple internal representations for the same
+// value and, as a result, any methods that rely on comparison of the value,
+// such as equality and oddness determination, require the caller to provide a
+// normalized value.
+//
+// The second key concept when working with this type is magnitude.  As
+// previously mentioned, the internal representation provides additional
+// overflow bits which means that the more math operations that are performed on
+// the field value between normalizations, the more those overflow bits
+// accumulate.  The magnitude is effectively that maximum possible number of
+// those overflow bits that could possibly be required as a result of a given
+// operation.  Since there are only a limited number of overflow bits available,
+// this implies that the max possible magnitude MUST be tracked by the caller
+// and the caller MUST normalize the field value if a given operation would
+// cause the magnitude of the result to exceed the max allowed value.
+//
+// IMPORTANT: The max allowed magnitude of a field value is 64.
+type FieldVal struct {
+	// Each 256-bit value is represented as 10 32-bit integers in base 2^26.
+	// This provides 6 bits of overflow in each word (10 bits in the most
+	// significant word) for a total of 64 bits of overflow (9*6 + 10 = 64).  It
+	// only implements the arithmetic needed for elliptic curve operations.
+	//
+	// The following depicts the internal representation:
+	// 	 -----------------------------------------------------------------
+	// 	|        n[9]       |        n[8]       | ... |        n[0]       |
+	// 	| 32 bits available | 32 bits available | ... | 32 bits available |
+	// 	| 22 bits for value | 26 bits for value | ... | 26 bits for value |
+	// 	| 10 bits overflow  |  6 bits overflow  | ... |  6 bits overflow  |
+	// 	| Mult: 2^(26*9)    | Mult: 2^(26*8)    | ... | Mult: 2^(26*0)    |
+	// 	 -----------------------------------------------------------------
+	//
+	// For example, consider the number 2^49 + 1.  It would be represented as:
+	// 	n[0] = 1
+	// 	n[1] = 2^23
+	// 	n[2..9] = 0
+	//
+	// The full 256-bit value is then calculated by looping i from 9..0 and
+	// doing sum(n[i] * 2^(26i)) like so:
+	// 	n[9] * 2^(26*9) = 0    * 2^234 = 0
+	// 	n[8] * 2^(26*8) = 0    * 2^208 = 0
+	// 	...
+	// 	n[1] * 2^(26*1) = 2^23 * 2^26  = 2^49
+	// 	n[0] * 2^(26*0) = 1    * 2^0   = 1
+	// 	Sum: 0 + 0 + ... + 2^49 + 1 = 2^49 + 1
+	n [10]uint32
+}
+
+// String returns the field value as a normalized human-readable hex string.
+//
+//	Preconditions: None
+//	Output Normalized: Field is not modified -- same as input value
+//	Output Max Magnitude: Field is not modified -- same as input value
+func (f FieldVal) String() string {
+	// f is a copy, so it's safe to normalize it without mutating the original.
+	f.Normalize()
+	return hex.EncodeToString(f.Bytes()[:])
+}
+
+// Zero sets the field value to zero in constant time.  A newly created field
+// value is already set to zero.  This function can be useful to clear an
+// existing field value for reuse.
+//
+//	Preconditions: None
+//	Output Normalized: Yes
+//	Output Max Magnitude: 1
+func (f *FieldVal) Zero() {
+	f.n[0] = 0
+	f.n[1] = 0
+	f.n[2] = 0
+	f.n[3] = 0
+	f.n[4] = 0
+	f.n[5] = 0
+	f.n[6] = 0
+	f.n[7] = 0
+	f.n[8] = 0
+	f.n[9] = 0
+}
+
+// Set sets the field value equal to the passed value in constant time.  The
+// normalization and magnitude of the two fields will be identical.
+//
+// The field value is returned to support chaining.  This enables syntax like:
+// f := new(FieldVal).Set(f2).Add(1) so that f = f2 + 1 where f2 is not
+// modified.
+//
+//	Preconditions: None
+//	Output Normalized: Same as input value
+//	Output Max Magnitude: Same as input value
+func (f *FieldVal) Set(val *FieldVal) *FieldVal {
+	*f = *val
+	return f
+}
+
+// SetInt sets the field value to the passed integer in constant time.  This is
+// a convenience function since it is fairly common to perform some arithmetic
+// with small native integers.
+//
+// The field value is returned to support chaining.  This enables syntax such
+// as f := new(FieldVal).SetInt(2).Mul(f2) so that f = 2 * f2.
+//
+//	Preconditions: None
+//	Output Normalized: Yes
+//	Output Max Magnitude: 1
+func (f *FieldVal) SetInt(ui uint16) *FieldVal {
+	f.Zero()
+	f.n[0] = uint32(ui)
+	return f
+}
+
+// SetBytes packs the passed 32-byte big-endian value into the internal field
+// value representation in constant time.  SetBytes interprets the provided
+// array as a 256-bit big-endian unsigned integer, packs it into the internal
+// field value representation, and returns either 1 if it is greater than or
+// equal to the field prime (aka it overflowed) or 0 otherwise in constant time.
+//
+// Note that a bool is not used here because it is not possible in Go to convert
+// from a bool to numeric value in constant time and many constant-time
+// operations require a numeric value.
+//
+//	Preconditions: None
+//	Output Normalized: Yes if no overflow, no otherwise
+//	Output Max Magnitude: 1
+func (f *FieldVal) SetBytes(b *[32]byte) uint32 {
+	// Pack the 256 total bits across the 10 uint32 words with a max of
+	// 26-bits per word.  This could be done with a couple of for loops,
+	// but this unrolled version is significantly faster.  Benchmarks show
+	// this is about 34 times faster than the variant which uses loops.
+	f.n[0] = uint32(b[31]) | uint32(b[30])<<8 | uint32(b[29])<<16 |
+		(uint32(b[28])&twoBitsMask)<<24
+	f.n[1] = uint32(b[28])>>2 | uint32(b[27])<<6 | uint32(b[26])<<14 |
+		(uint32(b[25])&fourBitsMask)<<22
+	f.n[2] = uint32(b[25])>>4 | uint32(b[24])<<4 | uint32(b[23])<<12 |
+		(uint32(b[22])&sixBitsMask)<<20
+	f.n[3] = uint32(b[22])>>6 | uint32(b[21])<<2 | uint32(b[20])<<10 |
+		uint32(b[19])<<18
+	f.n[4] = uint32(b[18]) | uint32(b[17])<<8 | uint32(b[16])<<16 |
+		(uint32(b[15])&twoBitsMask)<<24
+	f.n[5] = uint32(b[15])>>2 | uint32(b[14])<<6 | uint32(b[13])<<14 |
+		(uint32(b[12])&fourBitsMask)<<22
+	f.n[6] = uint32(b[12])>>4 | uint32(b[11])<<4 | uint32(b[10])<<12 |
+		(uint32(b[9])&sixBitsMask)<<20
+	f.n[7] = uint32(b[9])>>6 | uint32(b[8])<<2 | uint32(b[7])<<10 |
+		uint32(b[6])<<18
+	f.n[8] = uint32(b[5]) | uint32(b[4])<<8 | uint32(b[3])<<16 |
+		(uint32(b[2])&twoBitsMask)<<24
+	f.n[9] = uint32(b[2])>>2 | uint32(b[1])<<6 | uint32(b[0])<<14
+
+	// The intuition here is that the field value is greater than the prime if
+	// one of the higher individual words is greater than corresponding word of
+	// the prime and all higher words in the field value are equal to their
+	// corresponding word of the prime.  Since this type is modulo the prime,
+	// being equal is also an overflow back to 0.
+	//
+	// Note that because the input is 32 bytes and it was just packed into the
+	// field representation, the only words that can possibly be greater are
+	// zero and one, because ceil(log_2(2^256 - 1 - P)) = 33 bits max and the
+	// internal field representation encodes 26 bits with each word.
+	//
+	// Thus, there is no need to test if the upper words of the field value
+	// exceeds them, hence, only equality is checked for them.
+	highWordsEq := constantTimeEq(f.n[9], fieldPrimeWordNine)
+	highWordsEq &= constantTimeEq(f.n[8], fieldPrimeWordEight)
+	highWordsEq &= constantTimeEq(f.n[7], fieldPrimeWordSeven)
+	highWordsEq &= constantTimeEq(f.n[6], fieldPrimeWordSix)
+	highWordsEq &= constantTimeEq(f.n[5], fieldPrimeWordFive)
+	highWordsEq &= constantTimeEq(f.n[4], fieldPrimeWordFour)
+	highWordsEq &= constantTimeEq(f.n[3], fieldPrimeWordThree)
+	highWordsEq &= constantTimeEq(f.n[2], fieldPrimeWordTwo)
+	overflow := highWordsEq & constantTimeGreater(f.n[1], fieldPrimeWordOne)
+	highWordsEq &= constantTimeEq(f.n[1], fieldPrimeWordOne)
+	overflow |= highWordsEq & constantTimeGreaterOrEq(f.n[0], fieldPrimeWordZero)
+
+	return overflow
+}
+
+// SetByteSlice interprets the provided slice as a 256-bit big-endian unsigned
+// integer (meaning it is truncated to the first 32 bytes), packs it into the
+// internal field value representation, and returns whether or not the resulting
+// truncated 256-bit integer is greater than or equal to the field prime (aka it
+// overflowed) in constant time.
+//
+// Note that since passing a slice with more than 32 bytes is truncated, it is
+// possible that the truncated value is less than the field prime and hence it
+// will not be reported as having overflowed in that case.  It is up to the
+// caller to decide whether it needs to provide numbers of the appropriate size
+// or it if is acceptable to use this function with the described truncation and
+// overflow behavior.
+//
+//	Preconditions: None
+//	Output Normalized: Yes if no overflow, no otherwise
+//	Output Max Magnitude: 1
+func (f *FieldVal) SetByteSlice(b []byte) bool {
+	var b32 [32]byte
+	b = b[:constantTimeMin(uint32(len(b)), 32)]
+	copy(b32[:], b32[:32-len(b)])
+	copy(b32[32-len(b):], b)
+	result := f.SetBytes(&b32)
+	zeroArray32(&b32)
+	return result != 0
+}
+
+// Normalize normalizes the internal field words into the desired range and
+// performs fast modular reduction over the secp256k1 prime by making use of the
+// special form of the prime in constant time.
+//
+//	Preconditions: None
+//	Output Normalized: Yes
+//	Output Max Magnitude: 1
+func (f *FieldVal) Normalize() *FieldVal {
+	// The field representation leaves 6 bits of overflow in each word so
+	// intermediate calculations can be performed without needing to
+	// propagate the carry to each higher word during the calculations.  In
+	// order to normalize, we need to "compact" the full 256-bit value to
+	// the right while propagating any carries through to the high order
+	// word.
+	//
+	// Since this field is doing arithmetic modulo the secp256k1 prime, we
+	// also need to perform modular reduction over the prime.
+	//
+	// Per [HAC] section 14.3.4: Reduction method of moduli of special form,
+	// when the modulus is of the special form m = b^t - c, highly efficient
+	// reduction can be achieved.
+	//
+	// The secp256k1 prime is equivalent to 2^256 - 4294968273, so it fits
+	// this criteria.
+	//
+	// 4294968273 in field representation (base 2^26) is:
+	// n[0] = 977
+	// n[1] = 64
+	// That is to say (2^26 * 64) + 977 = 4294968273
+	//
+	// The algorithm presented in the referenced section typically repeats
+	// until the quotient is zero.  However, due to our field representation
+	// we already know to within one reduction how many times we would need
+	// to repeat as it's the uppermost bits of the high order word.  Thus we
+	// can simply multiply the magnitude by the field representation of the
+	// prime and do a single iteration.  After this step there might be an
+	// additional carry to bit 256 (bit 22 of the high order word).
+	t9 := f.n[9]
+	m := t9 >> fieldMSBBits
+	t9 = t9 & fieldMSBMask
+	t0 := f.n[0] + m*977
+	t1 := (t0 >> fieldBase) + f.n[1] + (m << 6)
+	t0 = t0 & fieldBaseMask
+	t2 := (t1 >> fieldBase) + f.n[2]
+	t1 = t1 & fieldBaseMask
+	t3 := (t2 >> fieldBase) + f.n[3]
+	t2 = t2 & fieldBaseMask
+	t4 := (t3 >> fieldBase) + f.n[4]
+	t3 = t3 & fieldBaseMask
+	t5 := (t4 >> fieldBase) + f.n[5]
+	t4 = t4 & fieldBaseMask
+	t6 := (t5 >> fieldBase) + f.n[6]
+	t5 = t5 & fieldBaseMask
+	t7 := (t6 >> fieldBase) + f.n[7]
+	t6 = t6 & fieldBaseMask
+	t8 := (t7 >> fieldBase) + f.n[8]
+	t7 = t7 & fieldBaseMask
+	t9 = (t8 >> fieldBase) + t9
+	t8 = t8 & fieldBaseMask
+
+	// At this point, the magnitude is guaranteed to be one, however, the
+	// value could still be greater than the prime if there was either a
+	// carry through to bit 256 (bit 22 of the higher order word) or the
+	// value is greater than or equal to the field characteristic.  The
+	// following determines if either or these conditions are true and does
+	// the final reduction in constant time.
+	//
+	// Also note that 'm' will be zero when neither of the aforementioned
+	// conditions are true and the value will not be changed when 'm' is zero.
+	m = constantTimeEq(t9, fieldMSBMask)
+	m &= constantTimeEq(t8&t7&t6&t5&t4&t3&t2, fieldBaseMask)
+	m &= constantTimeGreater(t1+64+((t0+977)>>fieldBase), fieldBaseMask)
+	m |= t9 >> fieldMSBBits
+	t0 = t0 + m*977
+	t1 = (t0 >> fieldBase) + t1 + (m << 6)
+	t0 = t0 & fieldBaseMask
+	t2 = (t1 >> fieldBase) + t2
+	t1 = t1 & fieldBaseMask
+	t3 = (t2 >> fieldBase) + t3
+	t2 = t2 & fieldBaseMask
+	t4 = (t3 >> fieldBase) + t4
+	t3 = t3 & fieldBaseMask
+	t5 = (t4 >> fieldBase) + t5
+	t4 = t4 & fieldBaseMask
+	t6 = (t5 >> fieldBase) + t6
+	t5 = t5 & fieldBaseMask
+	t7 = (t6 >> fieldBase) + t7
+	t6 = t6 & fieldBaseMask
+	t8 = (t7 >> fieldBase) + t8
+	t7 = t7 & fieldBaseMask
+	t9 = (t8 >> fieldBase) + t9
+	t8 = t8 & fieldBaseMask
+	t9 = t9 & fieldMSBMask // Remove potential multiple of 2^256.
+
+	// Finally, set the normalized and reduced words.
+	f.n[0] = t0
+	f.n[1] = t1
+	f.n[2] = t2
+	f.n[3] = t3
+	f.n[4] = t4
+	f.n[5] = t5
+	f.n[6] = t6
+	f.n[7] = t7
+	f.n[8] = t8
+	f.n[9] = t9
+	return f
+}
+
+// PutBytesUnchecked unpacks the field value to a 32-byte big-endian value
+// directly into the passed byte slice in constant time.  The target slice must
+// must have at least 32 bytes available or it will panic.
+//
+// There is a similar function, PutBytes, which unpacks the field value into a
+// 32-byte array directly.  This version is provided since it can be useful
+// to write directly into part of a larger buffer without needing a separate
+// allocation.
+//
+//	Preconditions:
+//	  - The field value MUST be normalized
+//	  - The target slice MUST have at least 32 bytes available
+func (f *FieldVal) PutBytesUnchecked(b []byte) {
+	// Unpack the 256 total bits from the 10 uint32 words with a max of
+	// 26-bits per word.  This could be done with a couple of for loops,
+	// but this unrolled version is a bit faster.  Benchmarks show this is
+	// about 10 times faster than the variant which uses loops.
+	b[31] = byte(f.n[0] & eightBitsMask)
+	b[30] = byte((f.n[0] >> 8) & eightBitsMask)
+	b[29] = byte((f.n[0] >> 16) & eightBitsMask)
+	b[28] = byte((f.n[0]>>24)&twoBitsMask | (f.n[1]&sixBitsMask)<<2)
+	b[27] = byte((f.n[1] >> 6) & eightBitsMask)
+	b[26] = byte((f.n[1] >> 14) & eightBitsMask)
+	b[25] = byte((f.n[1]>>22)&fourBitsMask | (f.n[2]&fourBitsMask)<<4)
+	b[24] = byte((f.n[2] >> 4) & eightBitsMask)
+	b[23] = byte((f.n[2] >> 12) & eightBitsMask)
+	b[22] = byte((f.n[2]>>20)&sixBitsMask | (f.n[3]&twoBitsMask)<<6)
+	b[21] = byte((f.n[3] >> 2) & eightBitsMask)
+	b[20] = byte((f.n[3] >> 10) & eightBitsMask)
+	b[19] = byte((f.n[3] >> 18) & eightBitsMask)
+	b[18] = byte(f.n[4] & eightBitsMask)
+	b[17] = byte((f.n[4] >> 8) & eightBitsMask)
+	b[16] = byte((f.n[4] >> 16) & eightBitsMask)
+	b[15] = byte((f.n[4]>>24)&twoBitsMask | (f.n[5]&sixBitsMask)<<2)
+	b[14] = byte((f.n[5] >> 6) & eightBitsMask)
+	b[13] = byte((f.n[5] >> 14) & eightBitsMask)
+	b[12] = byte((f.n[5]>>22)&fourBitsMask | (f.n[6]&fourBitsMask)<<4)
+	b[11] = byte((f.n[6] >> 4) & eightBitsMask)
+	b[10] = byte((f.n[6] >> 12) & eightBitsMask)
+	b[9] = byte((f.n[6]>>20)&sixBitsMask | (f.n[7]&twoBitsMask)<<6)
+	b[8] = byte((f.n[7] >> 2) & eightBitsMask)
+	b[7] = byte((f.n[7] >> 10) & eightBitsMask)
+	b[6] = byte((f.n[7] >> 18) & eightBitsMask)
+	b[5] = byte(f.n[8] & eightBitsMask)
+	b[4] = byte((f.n[8] >> 8) & eightBitsMask)
+	b[3] = byte((f.n[8] >> 16) & eightBitsMask)
+	b[2] = byte((f.n[8]>>24)&twoBitsMask | (f.n[9]&sixBitsMask)<<2)
+	b[1] = byte((f.n[9] >> 6) & eightBitsMask)
+	b[0] = byte((f.n[9] >> 14) & eightBitsMask)
+}
+
+// PutBytes unpacks the field value to a 32-byte big-endian value using the
+// passed byte array in constant time.
+//
+// There is a similar function, PutBytesUnchecked, which unpacks the field value
+// into a slice that must have at least 32 bytes available.  This version is
+// provided since it can be useful to write directly into an array that is type
+// checked.
+//
+// Alternatively, there is also Bytes, which unpacks the field value into a new
+// array and returns that which can sometimes be more ergonomic in applications
+// that aren't concerned about an additional copy.
+//
+//	Preconditions:
+//	  - The field value MUST be normalized
+func (f *FieldVal) PutBytes(b *[32]byte) {
+	f.PutBytesUnchecked(b[:])
+}
+
+// Bytes unpacks the field value to a 32-byte big-endian value in constant time.
+//
+// See PutBytes and PutBytesUnchecked for variants that allow an array or slice
+// to be passed which can be useful to cut down on the number of allocations by
+// allowing the caller to reuse a buffer or write directly into part of a larger
+// buffer.
+//
+//	Preconditions:
+//	  - The field value MUST be normalized
+func (f *FieldVal) Bytes() *[32]byte {
+	b := new([32]byte)
+	f.PutBytesUnchecked(b[:])
+	return b
+}
+
+// IsZeroBit returns 1 when the field value is equal to zero or 0 otherwise in
+// constant time.
+//
+// Note that a bool is not used here because it is not possible in Go to convert
+// from a bool to numeric value in constant time and many constant-time
+// operations require a numeric value.  See IsZero for the version that returns
+// a bool.
+//
+//	Preconditions:
+//	  - The field value MUST be normalized
+func (f *FieldVal) IsZeroBit() uint32 {
+	// The value can only be zero if no bits are set in any of the words.
+	// This is a constant time implementation.
+	bits := f.n[0] | f.n[1] | f.n[2] | f.n[3] | f.n[4] |
+		f.n[5] | f.n[6] | f.n[7] | f.n[8] | f.n[9]
+
+	return constantTimeEq(bits, 0)
+}
+
+// IsZero returns whether or not the field value is equal to zero in constant
+// time.
+//
+//	Preconditions:
+//	  - The field value MUST be normalized
+func (f *FieldVal) IsZero() bool {
+	// The value can only be zero if no bits are set in any of the words.
+	// This is a constant time implementation.
+	bits := f.n[0] | f.n[1] | f.n[2] | f.n[3] | f.n[4] |
+		f.n[5] | f.n[6] | f.n[7] | f.n[8] | f.n[9]
+
+	return bits == 0
+}
+
+// IsOneBit returns 1 when the field value is equal to one or 0 otherwise in
+// constant time.
+//
+// Note that a bool is not used here because it is not possible in Go to convert
+// from a bool to numeric value in constant time and many constant-time
+// operations require a numeric value.  See IsOne for the version that returns a
+// bool.
+//
+//	Preconditions:
+//	   - The field value MUST be normalized
+func (f *FieldVal) IsOneBit() uint32 {
+	// The value can only be one if the single lowest significant bit is set in
+	// the first word and no other bits are set in any of the other words.
+	// This is a constant time implementation.
+	bits := (f.n[0] ^ 1) | f.n[1] | f.n[2] | f.n[3] | f.n[4] | f.n[5] |
+		f.n[6] | f.n[7] | f.n[8] | f.n[9]
+
+	return constantTimeEq(bits, 0)
+}
+
+// IsOne returns whether or not the field value is equal to one in constant
+// time.
+//
+//	Preconditions:
+//	  - The field value MUST be normalized
+func (f *FieldVal) IsOne() bool {
+	// The value can only be one if the single lowest significant bit is set in
+	// the first word and no other bits are set in any of the other words.
+	// This is a constant time implementation.
+	bits := (f.n[0] ^ 1) | f.n[1] | f.n[2] | f.n[3] | f.n[4] | f.n[5] |
+		f.n[6] | f.n[7] | f.n[8] | f.n[9]
+
+	return bits == 0
+}
+
+// IsOddBit returns 1 when the field value is an odd number or 0 otherwise in
+// constant time.
+//
+// Note that a bool is not used here because it is not possible in Go to convert
+// from a bool to numeric value in constant time and many constant-time
+// operations require a numeric value.  See IsOdd for the version that returns a
+// bool.
+//
+//	Preconditions:
+//	  - The field value MUST be normalized
+func (f *FieldVal) IsOddBit() uint32 {
+	// Only odd numbers have the bottom bit set.
+	return f.n[0] & 1
+}
+
+// IsOdd returns whether or not the field value is an odd number in constant
+// time.
+//
+//	Preconditions:
+//	  - The field value MUST be normalized
+func (f *FieldVal) IsOdd() bool {
+	// Only odd numbers have the bottom bit set.
+	return f.n[0]&1 == 1
+}
+
+// Equals returns whether or not the two field values are the same in constant
+// time.
+//
+//	Preconditions:
+//	  - Both field values being compared MUST be normalized
+func (f *FieldVal) Equals(val *FieldVal) bool {
+	// Xor only sets bits when they are different, so the two field values
+	// can only be the same if no bits are set after xoring each word.
+	// This is a constant time implementation.
+	bits := (f.n[0] ^ val.n[0]) | (f.n[1] ^ val.n[1]) | (f.n[2] ^ val.n[2]) |
+		(f.n[3] ^ val.n[3]) | (f.n[4] ^ val.n[4]) | (f.n[5] ^ val.n[5]) |
+		(f.n[6] ^ val.n[6]) | (f.n[7] ^ val.n[7]) | (f.n[8] ^ val.n[8]) |
+		(f.n[9] ^ val.n[9])
+
+	return bits == 0
+}
+
+// NegateVal negates the passed value and stores the result in f in constant
+// time.  The caller must provide the magnitude of the passed value for a
+// correct result.
+//
+// The field value is returned to support chaining.  This enables syntax like:
+// f.NegateVal(f2).AddInt(1) so that f = -f2 + 1.
+//
+//	Preconditions:
+//	  - The max magnitude MUST be 63
+//	Output Normalized: No
+//	Output Max Magnitude: Input magnitude + 1
+func (f *FieldVal) NegateVal(val *FieldVal, magnitude uint32) *FieldVal {
+	// Negation in the field is just the prime minus the value.  However,
+	// in order to allow negation against a field value without having to
+	// normalize/reduce it first, multiply by the magnitude (that is how
+	// "far" away it is from the normalized value) to adjust.  Also, since
+	// negating a value pushes it one more order of magnitude away from the
+	// normalized range, add 1 to compensate.
+	//
+	// For some intuition here, imagine you're performing mod 12 arithmetic
+	// (picture a clock) and you are negating the number 7.  So you start at
+	// 12 (which is of course 0 under mod 12) and count backwards (left on
+	// the clock) 7 times to arrive at 5.  Notice this is just 12-7 = 5.
+	// Now, assume you're starting with 19, which is a number that is
+	// already larger than the modulus and congruent to 7 (mod 12).  When a
+	// value is already in the desired range, its magnitude is 1.  Since 19
+	// is an additional "step", its magnitude (mod 12) is 2.  Since any
+	// multiple of the modulus is congruent to zero (mod m), the answer can
+	// be shortcut by simply multiplying the magnitude by the modulus and
+	// subtracting.  Keeping with the example, this would be (2*12)-19 = 5.
+	f.n[0] = (magnitude+1)*fieldPrimeWordZero - val.n[0]
+	f.n[1] = (magnitude+1)*fieldPrimeWordOne - val.n[1]
+	f.n[2] = (magnitude+1)*fieldBaseMask - val.n[2]
+	f.n[3] = (magnitude+1)*fieldBaseMask - val.n[3]
+	f.n[4] = (magnitude+1)*fieldBaseMask - val.n[4]
+	f.n[5] = (magnitude+1)*fieldBaseMask - val.n[5]
+	f.n[6] = (magnitude+1)*fieldBaseMask - val.n[6]
+	f.n[7] = (magnitude+1)*fieldBaseMask - val.n[7]
+	f.n[8] = (magnitude+1)*fieldBaseMask - val.n[8]
+	f.n[9] = (magnitude+1)*fieldMSBMask - val.n[9]
+
+	return f
+}
+
+// Negate negates the field value in constant time.  The existing field value is
+// modified.  The caller must provide the magnitude of the field value for a
+// correct result.
+//
+// The field value is returned to support chaining.  This enables syntax like:
+// f.Negate().AddInt(1) so that f = -f + 1.
+//
+//	Preconditions:
+//	  - The max magnitude MUST be 63
+//	Output Normalized: No
+//	Output Max Magnitude: Input magnitude + 1
+func (f *FieldVal) Negate(magnitude uint32) *FieldVal {
+	return f.NegateVal(f, magnitude)
+}
+
+// AddInt adds the passed integer to the existing field value and stores the
+// result in f in constant time.  This is a convenience function since it is
+// fairly common to perform some arithmetic with small native integers.
+//
+// The field value is returned to support chaining.  This enables syntax like:
+// f.AddInt(1).Add(f2) so that f = f + 1 + f2.
+//
+//	Preconditions:
+//	  - The field value MUST have a max magnitude of 63
+//	Output Normalized: No
+//	Output Max Magnitude: Existing field magnitude + 1
+func (f *FieldVal) AddInt(ui uint16) *FieldVal {
+	// Since the field representation intentionally provides overflow bits,
+	// it's ok to use carryless addition as the carry bit is safely part of
+	// the word and will be normalized out.
+	f.n[0] += uint32(ui)
+
+	return f
+}
+
+// Add adds the passed value to the existing field value and stores the result
+// in f in constant time.
+//
+// The field value is returned to support chaining.  This enables syntax like:
+// f.Add(f2).AddInt(1) so that f = f + f2 + 1.
+//
+//	Preconditions:
+//	  - The sum of the magnitudes of the two field values MUST be a max of 64
+//	Output Normalized: No
+//	Output Max Magnitude: Sum of the magnitude of the two individual field values
+func (f *FieldVal) Add(val *FieldVal) *FieldVal {
+	// Since the field representation intentionally provides overflow bits,
+	// it's ok to use carryless addition as the carry bit is safely part of
+	// each word and will be normalized out.  This could obviously be done
+	// in a loop, but the unrolled version is faster.
+	f.n[0] += val.n[0]
+	f.n[1] += val.n[1]
+	f.n[2] += val.n[2]
+	f.n[3] += val.n[3]
+	f.n[4] += val.n[4]
+	f.n[5] += val.n[5]
+	f.n[6] += val.n[6]
+	f.n[7] += val.n[7]
+	f.n[8] += val.n[8]
+	f.n[9] += val.n[9]
+
+	return f
+}
+
+// Add2 adds the passed two field values together and stores the result in f in
+// constant time.
+//
+// The field value is returned to support chaining.  This enables syntax like:
+// f3.Add2(f, f2).AddInt(1) so that f3 = f + f2 + 1.
+//
+//	Preconditions:
+//	  - The sum of the magnitudes of the two field values MUST be a max of 64
+//	Output Normalized: No
+//	Output Max Magnitude: Sum of the magnitude of the two field values
+func (f *FieldVal) Add2(val *FieldVal, val2 *FieldVal) *FieldVal {
+	// Since the field representation intentionally provides overflow bits,
+	// it's ok to use carryless addition as the carry bit is safely part of
+	// each word and will be normalized out.  This could obviously be done
+	// in a loop, but the unrolled version is faster.
+	f.n[0] = val.n[0] + val2.n[0]
+	f.n[1] = val.n[1] + val2.n[1]
+	f.n[2] = val.n[2] + val2.n[2]
+	f.n[3] = val.n[3] + val2.n[3]
+	f.n[4] = val.n[4] + val2.n[4]
+	f.n[5] = val.n[5] + val2.n[5]
+	f.n[6] = val.n[6] + val2.n[6]
+	f.n[7] = val.n[7] + val2.n[7]
+	f.n[8] = val.n[8] + val2.n[8]
+	f.n[9] = val.n[9] + val2.n[9]
+
+	return f
+}
+
+// MulInt multiplies the field value by the passed int and stores the result in
+// f in constant time.  Note that this function can overflow if multiplying the
+// value by any of the individual words exceeds a max uint32.  Therefore it is
+// important that the caller ensures no overflows will occur before using this
+// function.
+//
+// The field value is returned to support chaining.  This enables syntax like:
+// f.MulInt(2).Add(f2) so that f = 2 * f + f2.
+//
+//	Preconditions:
+//	  - The field value magnitude multiplied by given val MUST be a max of 64
+//	Output Normalized: No
+//	Output Max Magnitude: Existing field magnitude times the provided integer val
+func (f *FieldVal) MulInt(val uint8) *FieldVal {
+	// Since each word of the field representation can hold up to
+	// 32 - fieldBase extra bits which will be normalized out, it's safe
+	// to multiply each word without using a larger type or carry
+	// propagation so long as the values won't overflow a uint32.  This
+	// could obviously be done in a loop, but the unrolled version is
+	// faster.
+	ui := uint32(val)
+	f.n[0] *= ui
+	f.n[1] *= ui
+	f.n[2] *= ui
+	f.n[3] *= ui
+	f.n[4] *= ui
+	f.n[5] *= ui
+	f.n[6] *= ui
+	f.n[7] *= ui
+	f.n[8] *= ui
+	f.n[9] *= ui
+
+	return f
+}
+
+// Mul multiplies the passed value to the existing field value and stores the
+// result in f in constant time.  Note that this function can overflow if
+// multiplying any of the individual words exceeds a max uint32.  In practice,
+// this means the magnitude of either value involved in the multiplication must
+// be a max of 8.
+//
+// The field value is returned to support chaining.  This enables syntax like:
+// f.Mul(f2).AddInt(1) so that f = (f * f2) + 1.
+//
+//	Preconditions:
+//	  - Both field values MUST have a max magnitude of 8
+//	Output Normalized: No
+//	Output Max Magnitude: 1
+func (f *FieldVal) Mul(val *FieldVal) *FieldVal {
+	return f.Mul2(f, val)
+}
+
+// Mul2 multiplies the passed two field values together and stores the result
+// result in f in constant time.  Note that this function can overflow if
+// multiplying any of the individual words exceeds a max uint32.  In practice,
+// this means the magnitude of either value involved in the multiplication must
+// be a max of 8.
+//
+// The field value is returned to support chaining.  This enables syntax like:
+// f3.Mul2(f, f2).AddInt(1) so that f3 = (f * f2) + 1.
+//
+//	Preconditions:
+//	  - Both input field values MUST have a max magnitude of 8
+//	Output Normalized: No
+//	Output Max Magnitude: 1
+func (f *FieldVal) Mul2(val *FieldVal, val2 *FieldVal) *FieldVal {
+	// This could be done with a couple of for loops and an array to store
+	// the intermediate terms, but this unrolled version is significantly
+	// faster.
+
+	// Terms for 2^(fieldBase*0).
+	m := uint64(val.n[0]) * uint64(val2.n[0])
+	t0 := m & fieldBaseMask
+
+	// Terms for 2^(fieldBase*1).
+	m = (m >> fieldBase) +
+		uint64(val.n[0])*uint64(val2.n[1]) +
+		uint64(val.n[1])*uint64(val2.n[0])
+	t1 := m & fieldBaseMask
+
+	// Terms for 2^(fieldBase*2).
+	m = (m >> fieldBase) +
+		uint64(val.n[0])*uint64(val2.n[2]) +
+		uint64(val.n[1])*uint64(val2.n[1]) +
+		uint64(val.n[2])*uint64(val2.n[0])
+	t2 := m & fieldBaseMask
+
+	// Terms for 2^(fieldBase*3).
+	m = (m >> fieldBase) +
+		uint64(val.n[0])*uint64(val2.n[3]) +
+		uint64(val.n[1])*uint64(val2.n[2]) +
+		uint64(val.n[2])*uint64(val2.n[1]) +
+		uint64(val.n[3])*uint64(val2.n[0])
+	t3 := m & fieldBaseMask
+
+	// Terms for 2^(fieldBase*4).
+	m = (m >> fieldBase) +
+		uint64(val.n[0])*uint64(val2.n[4]) +
+		uint64(val.n[1])*uint64(val2.n[3]) +
+		uint64(val.n[2])*uint64(val2.n[2]) +
+		uint64(val.n[3])*uint64(val2.n[1]) +
+		uint64(val.n[4])*uint64(val2.n[0])
+	t4 := m & fieldBaseMask
+
+	// Terms for 2^(fieldBase*5).
+	m = (m >> fieldBase) +
+		uint64(val.n[0])*uint64(val2.n[5]) +
+		uint64(val.n[1])*uint64(val2.n[4]) +
+		uint64(val.n[2])*uint64(val2.n[3]) +
+		uint64(val.n[3])*uint64(val2.n[2]) +
+		uint64(val.n[4])*uint64(val2.n[1]) +
+		uint64(val.n[5])*uint64(val2.n[0])
+	t5 := m & fieldBaseMask
+
+	// Terms for 2^(fieldBase*6).
+	m = (m >> fieldBase) +
+		uint64(val.n[0])*uint64(val2.n[6]) +
+		uint64(val.n[1])*uint64(val2.n[5]) +
+		uint64(val.n[2])*uint64(val2.n[4]) +
+		uint64(val.n[3])*uint64(val2.n[3]) +
+		uint64(val.n[4])*uint64(val2.n[2]) +
+		uint64(val.n[5])*uint64(val2.n[1]) +
+		uint64(val.n[6])*uint64(val2.n[0])
+	t6 := m & fieldBaseMask
+
+	// Terms for 2^(fieldBase*7).
+	m = (m >> fieldBase) +
+		uint64(val.n[0])*uint64(val2.n[7]) +
+		uint64(val.n[1])*uint64(val2.n[6]) +
+		uint64(val.n[2])*uint64(val2.n[5]) +
+		uint64(val.n[3])*uint64(val2.n[4]) +
+		uint64(val.n[4])*uint64(val2.n[3]) +
+		uint64(val.n[5])*uint64(val2.n[2]) +
+		uint64(val.n[6])*uint64(val2.n[1]) +
+		uint64(val.n[7])*uint64(val2.n[0])
+	t7 := m & fieldBaseMask
+
+	// Terms for 2^(fieldBase*8).
+	m = (m >> fieldBase) +
+		uint64(val.n[0])*uint64(val2.n[8]) +
+		uint64(val.n[1])*uint64(val2.n[7]) +
+		uint64(val.n[2])*uint64(val2.n[6]) +
+		uint64(val.n[3])*uint64(val2.n[5]) +
+		uint64(val.n[4])*uint64(val2.n[4]) +
+		uint64(val.n[5])*uint64(val2.n[3]) +
+		uint64(val.n[6])*uint64(val2.n[2]) +
+		uint64(val.n[7])*uint64(val2.n[1]) +
+		uint64(val.n[8])*uint64(val2.n[0])
+	t8 := m & fieldBaseMask
+
+	// Terms for 2^(fieldBase*9).
+	m = (m >> fieldBase) +
+		uint64(val.n[0])*uint64(val2.n[9]) +
+		uint64(val.n[1])*uint64(val2.n[8]) +
+		uint64(val.n[2])*uint64(val2.n[7]) +
+		uint64(val.n[3])*uint64(val2.n[6]) +
+		uint64(val.n[4])*uint64(val2.n[5]) +
+		uint64(val.n[5])*uint64(val2.n[4]) +
+		uint64(val.n[6])*uint64(val2.n[3]) +
+		uint64(val.n[7])*uint64(val2.n[2]) +
+		uint64(val.n[8])*uint64(val2.n[1]) +
+		uint64(val.n[9])*uint64(val2.n[0])
+	t9 := m & fieldBaseMask
+
+	// Terms for 2^(fieldBase*10).
+	m = (m >> fieldBase) +
+		uint64(val.n[1])*uint64(val2.n[9]) +
+		uint64(val.n[2])*uint64(val2.n[8]) +
+		uint64(val.n[3])*uint64(val2.n[7]) +
+		uint64(val.n[4])*uint64(val2.n[6]) +
+		uint64(val.n[5])*uint64(val2.n[5]) +
+		uint64(val.n[6])*uint64(val2.n[4]) +
+		uint64(val.n[7])*uint64(val2.n[3]) +
+		uint64(val.n[8])*uint64(val2.n[2]) +
+		uint64(val.n[9])*uint64(val2.n[1])
+	t10 := m & fieldBaseMask
+
+	// Terms for 2^(fieldBase*11).
+	m = (m >> fieldBase) +
+		uint64(val.n[2])*uint64(val2.n[9]) +
+		uint64(val.n[3])*uint64(val2.n[8]) +
+		uint64(val.n[4])*uint64(val2.n[7]) +
+		uint64(val.n[5])*uint64(val2.n[6]) +
+		uint64(val.n[6])*uint64(val2.n[5]) +
+		uint64(val.n[7])*uint64(val2.n[4]) +
+		uint64(val.n[8])*uint64(val2.n[3]) +
+		uint64(val.n[9])*uint64(val2.n[2])
+	t11 := m & fieldBaseMask
+
+	// Terms for 2^(fieldBase*12).
+	m = (m >> fieldBase) +
+		uint64(val.n[3])*uint64(val2.n[9]) +
+		uint64(val.n[4])*uint64(val2.n[8]) +
+		uint64(val.n[5])*uint64(val2.n[7]) +
+		uint64(val.n[6])*uint64(val2.n[6]) +
+		uint64(val.n[7])*uint64(val2.n[5]) +
+		uint64(val.n[8])*uint64(val2.n[4]) +
+		uint64(val.n[9])*uint64(val2.n[3])
+	t12 := m & fieldBaseMask
+
+	// Terms for 2^(fieldBase*13).
+	m = (m >> fieldBase) +
+		uint64(val.n[4])*uint64(val2.n[9]) +
+		uint64(val.n[5])*uint64(val2.n[8]) +
+		uint64(val.n[6])*uint64(val2.n[7]) +
+		uint64(val.n[7])*uint64(val2.n[6]) +
+		uint64(val.n[8])*uint64(val2.n[5]) +
+		uint64(val.n[9])*uint64(val2.n[4])
+	t13 := m & fieldBaseMask
+
+	// Terms for 2^(fieldBase*14).
+	m = (m >> fieldBase) +
+		uint64(val.n[5])*uint64(val2.n[9]) +
+		uint64(val.n[6])*uint64(val2.n[8]) +
+		uint64(val.n[7])*uint64(val2.n[7]) +
+		uint64(val.n[8])*uint64(val2.n[6]) +
+		uint64(val.n[9])*uint64(val2.n[5])
+	t14 := m & fieldBaseMask
+
+	// Terms for 2^(fieldBase*15).
+	m = (m >> fieldBase) +
+		uint64(val.n[6])*uint64(val2.n[9]) +
+		uint64(val.n[7])*uint64(val2.n[8]) +
+		uint64(val.n[8])*uint64(val2.n[7]) +
+		uint64(val.n[9])*uint64(val2.n[6])
+	t15 := m & fieldBaseMask
+
+	// Terms for 2^(fieldBase*16).
+	m = (m >> fieldBase) +
+		uint64(val.n[7])*uint64(val2.n[9]) +
+		uint64(val.n[8])*uint64(val2.n[8]) +
+		uint64(val.n[9])*uint64(val2.n[7])
+	t16 := m & fieldBaseMask
+
+	// Terms for 2^(fieldBase*17).
+	m = (m >> fieldBase) +
+		uint64(val.n[8])*uint64(val2.n[9]) +
+		uint64(val.n[9])*uint64(val2.n[8])
+	t17 := m & fieldBaseMask
+
+	// Terms for 2^(fieldBase*18).
+	m = (m >> fieldBase) + uint64(val.n[9])*uint64(val2.n[9])
+	t18 := m & fieldBaseMask
+
+	// What's left is for 2^(fieldBase*19).
+	t19 := m >> fieldBase
+
+	// At this point, all of the terms are grouped into their respective
+	// base.
+	//
+	// Per [HAC] section 14.3.4: Reduction method of moduli of special form,
+	// when the modulus is of the special form m = b^t - c, highly efficient
+	// reduction can be achieved per the provided algorithm.
+	//
+	// The secp256k1 prime is equivalent to 2^256 - 4294968273, so it fits
+	// this criteria.
+	//
+	// 4294968273 in field representation (base 2^26) is:
+	// n[0] = 977
+	// n[1] = 64
+	// That is to say (2^26 * 64) + 977 = 4294968273
+	//
+	// Since each word is in base 26, the upper terms (t10 and up) start
+	// at 260 bits (versus the final desired range of 256 bits), so the
+	// field representation of 'c' from above needs to be adjusted for the
+	// extra 4 bits by multiplying it by 2^4 = 16.  4294968273 * 16 =
+	// 68719492368.  Thus, the adjusted field representation of 'c' is:
+	// n[0] = 977 * 16 = 15632
+	// n[1] = 64 * 16 = 1024
+	// That is to say (2^26 * 1024) + 15632 = 68719492368
+	//
+	// To reduce the final term, t19, the entire 'c' value is needed instead
+	// of only n[0] because there are no more terms left to handle n[1].
+	// This means there might be some magnitude left in the upper bits that
+	// is handled below.
+	m = t0 + t10*15632
+	t0 = m & fieldBaseMask
+	m = (m >> fieldBase) + t1 + t10*1024 + t11*15632
+	t1 = m & fieldBaseMask
+	m = (m >> fieldBase) + t2 + t11*1024 + t12*15632
+	t2 = m & fieldBaseMask
+	m = (m >> fieldBase) + t3 + t12*1024 + t13*15632
+	t3 = m & fieldBaseMask
+	m = (m >> fieldBase) + t4 + t13*1024 + t14*15632
+	t4 = m & fieldBaseMask
+	m = (m >> fieldBase) + t5 + t14*1024 + t15*15632
+	t5 = m & fieldBaseMask
+	m = (m >> fieldBase) + t6 + t15*1024 + t16*15632
+	t6 = m & fieldBaseMask
+	m = (m >> fieldBase) + t7 + t16*1024 + t17*15632
+	t7 = m & fieldBaseMask
+	m = (m >> fieldBase) + t8 + t17*1024 + t18*15632
+	t8 = m & fieldBaseMask
+	m = (m >> fieldBase) + t9 + t18*1024 + t19*68719492368
+	t9 = m & fieldMSBMask
+	m = m >> fieldMSBBits
+
+	// At this point, if the magnitude is greater than 0, the overall value
+	// is greater than the max possible 256-bit value.  In particular, it is
+	// "how many times larger" than the max value it is.
+	//
+	// The algorithm presented in [HAC] section 14.3.4 repeats until the
+	// quotient is zero.  However, due to the above, we already know at
+	// least how many times we would need to repeat as it's the value
+	// currently in m.  Thus we can simply multiply the magnitude by the
+	// field representation of the prime and do a single iteration.  Notice
+	// that nothing will be changed when the magnitude is zero, so we could
+	// skip this in that case, however always running regardless allows it
+	// to run in constant time.  The final result will be in the range
+	// 0 <= result <= prime + (2^64 - c), so it is guaranteed to have a
+	// magnitude of 1, but it is denormalized.
+	d := t0 + m*977
+	f.n[0] = uint32(d & fieldBaseMask)
+	d = (d >> fieldBase) + t1 + m*64
+	f.n[1] = uint32(d & fieldBaseMask)
+	f.n[2] = uint32((d >> fieldBase) + t2)
+	f.n[3] = uint32(t3)
+	f.n[4] = uint32(t4)
+	f.n[5] = uint32(t5)
+	f.n[6] = uint32(t6)
+	f.n[7] = uint32(t7)
+	f.n[8] = uint32(t8)
+	f.n[9] = uint32(t9)
+
+	return f
+}
+
+// SquareRootVal either calculates the square root of the passed value when it
+// exists or the square root of the negation of the value when it does not exist
+// and stores the result in f in constant time.  The return flag is true when
+// the calculated square root is for the passed value itself and false when it
+// is for its negation.
+//
+// Note that this function can overflow if multiplying any of the individual
+// words exceeds a max uint32.  In practice, this means the magnitude of the
+// field must be a max of 8 to prevent overflow.  The magnitude of the result
+// will be 1.
+//
+//	Preconditions:
+//	  - The input field value MUST have a max magnitude of 8
+//	Output Normalized: No
+//	Output Max Magnitude: 1
+func (f *FieldVal) SquareRootVal(val *FieldVal) bool {
+	// This uses the Tonelli-Shanks method for calculating the square root of
+	// the value when it exists.  The key principles of the method follow.
+	//
+	// Fermat's little theorem states that for a nonzero number 'a' and prime
+	// 'p', a^(p-1) ≡ 1 (mod p).
+	//
+	// Further, Euler's criterion states that an integer 'a' has a square root
+	// (aka is a quadratic residue) modulo a prime if a^((p-1)/2) ≡ 1 (mod p)
+	// and, conversely, when it does NOT have a square root (aka 'a' is a
+	// non-residue) a^((p-1)/2) ≡ -1 (mod p).
+	//
+	// This can be seen by considering that Fermat's little theorem can be
+	// written as (a^((p-1)/2) - 1)(a^((p-1)/2) + 1) ≡ 0 (mod p).  Therefore,
+	// one of the two factors must be 0.  Then, when a ≡ x^2 (aka 'a' is a
+	// quadratic residue), (x^2)^((p-1)/2) ≡ x^(p-1) ≡ 1 (mod p) which implies
+	// the first factor must be zero.  Finally, per Lagrange's theorem, the
+	// non-residues are the only remaining possible solutions and thus must make
+	// the second factor zero to satisfy Fermat's little theorem implying that
+	// a^((p-1)/2) ≡ -1 (mod p) for that case.
+	//
+	// The Tonelli-Shanks method uses these facts along with factoring out
+	// powers of two to solve a congruence that results in either the solution
+	// when the square root exists or the square root of the negation of the
+	// value when it does not.  In the case of primes that are ≡ 3 (mod 4), the
+	// possible solutions are r = ±a^((p+1)/4) (mod p).  Therefore, either r^2 ≡
+	// a (mod p) is true in which case ±r are the two solutions, or r^2 ≡ -a
+	// (mod p) in which case 'a' is a non-residue and there are no solutions.
+	//
+	// The secp256k1 prime is ≡ 3 (mod 4), so this result applies.
+	//
+	// In other words, calculate a^((p+1)/4) and then square it and check it
+	// against the original value to determine if it is actually the square
+	// root.
+	//
+	// In order to efficiently compute a^((p+1)/4), (p+1)/4 needs to be split
+	// into a sequence of squares and multiplications that minimizes the number
+	// of multiplications needed (since they are more costly than squarings).
+	//
+	// The secp256k1 prime + 1 / 4 is 2^254 - 2^30 - 244.  In binary, that is:
+	//
+	// 00111111 11111111 11111111 11111111
+	// 11111111 11111111 11111111 11111111
+	// 11111111 11111111 11111111 11111111
+	// 11111111 11111111 11111111 11111111
+	// 11111111 11111111 11111111 11111111
+	// 11111111 11111111 11111111 11111111
+	// 11111111 11111111 11111111 11111111
+	// 10111111 11111111 11111111 00001100
+	//
+	// Notice that can be broken up into three windows of consecutive 1s (in
+	// order of least to most significant) as:
+	//
+	//   6-bit window with two bits set (bits 4, 5, 6, 7 unset)
+	//   23-bit window with 22 bits set (bit 30 unset)
+	//   223-bit window with all 223 bits set
+	//
+	// Thus, the groups of 1 bits in each window forms the set:
+	// S = {2, 22, 223}.
+	//
+	// The strategy is to calculate a^(2^n - 1) for each grouping via an
+	// addition chain with a sliding window.
+	//
+	// The addition chain used is (credits to Peter Dettman):
+	// (0,0),(1,0),(2,2),(3,2),(4,1),(5,5),(6,6),(7,7),(8,8),(9,7),(10,2)
+	// => 2^1 2^[2] 2^3 2^6 2^9 2^11 2^[22] 2^44 2^88 2^176 2^220 2^[223]
+	//
+	// This has a cost of 254 field squarings and 13 field multiplications.
+	var a, a2, a3, a6, a9, a11, a22, a44, a88, a176, a220, a223 FieldVal
+	a.Set(val)
+	a2.SquareVal(&a).Mul(&a)                                  // a2 = a^(2^2 - 1)
+	a3.SquareVal(&a2).Mul(&a)                                 // a3 = a^(2^3 - 1)
+	a6.SquareVal(&a3).Square().Square()                       // a6 = a^(2^6 - 2^3)
+	a6.Mul(&a3)                                               // a6 = a^(2^6 - 1)
+	a9.SquareVal(&a6).Square().Square()                       // a9 = a^(2^9 - 2^3)
+	a9.Mul(&a3)                                               // a9 = a^(2^9 - 1)
+	a11.SquareVal(&a9).Square()                               // a11 = a^(2^11 - 2^2)
+	a11.Mul(&a2)                                              // a11 = a^(2^11 - 1)
+	a22.SquareVal(&a11).Square().Square().Square().Square()   // a22 = a^(2^16 - 2^5)
+	a22.Square().Square().Square().Square().Square()          // a22 = a^(2^21 - 2^10)
+	a22.Square()                                              // a22 = a^(2^22 - 2^11)
+	a22.Mul(&a11)                                             // a22 = a^(2^22 - 1)
+	a44.SquareVal(&a22).Square().Square().Square().Square()   // a44 = a^(2^27 - 2^5)
+	a44.Square().Square().Square().Square().Square()          // a44 = a^(2^32 - 2^10)
+	a44.Square().Square().Square().Square().Square()          // a44 = a^(2^37 - 2^15)
+	a44.Square().Square().Square().Square().Square()          // a44 = a^(2^42 - 2^20)
+	a44.Square().Square()                                     // a44 = a^(2^44 - 2^22)
+	a44.Mul(&a22)                                             // a44 = a^(2^44 - 1)
+	a88.SquareVal(&a44).Square().Square().Square().Square()   // a88 = a^(2^49 - 2^5)
+	a88.Square().Square().Square().Square().Square()          // a88 = a^(2^54 - 2^10)
+	a88.Square().Square().Square().Square().Square()          // a88 = a^(2^59 - 2^15)
+	a88.Square().Square().Square().Square().Square()          // a88 = a^(2^64 - 2^20)
+	a88.Square().Square().Square().Square().Square()          // a88 = a^(2^69 - 2^25)
+	a88.Square().Square().Square().Square().Square()          // a88 = a^(2^74 - 2^30)
+	a88.Square().Square().Square().Square().Square()          // a88 = a^(2^79 - 2^35)
+	a88.Square().Square().Square().Square().Square()          // a88 = a^(2^84 - 2^40)
+	a88.Square().Square().Square().Square()                   // a88 = a^(2^88 - 2^44)
+	a88.Mul(&a44)                                             // a88 = a^(2^88 - 1)
+	a176.SquareVal(&a88).Square().Square().Square().Square()  // a176 = a^(2^93 - 2^5)
+	a176.Square().Square().Square().Square().Square()         // a176 = a^(2^98 - 2^10)
+	a176.Square().Square().Square().Square().Square()         // a176 = a^(2^103 - 2^15)
+	a176.Square().Square().Square().Square().Square()         // a176 = a^(2^108 - 2^20)
+	a176.Square().Square().Square().Square().Square()         // a176 = a^(2^113 - 2^25)
+	a176.Square().Square().Square().Square().Square()         // a176 = a^(2^118 - 2^30)
+	a176.Square().Square().Square().Square().Square()         // a176 = a^(2^123 - 2^35)
+	a176.Square().Square().Square().Square().Square()         // a176 = a^(2^128 - 2^40)
+	a176.Square().Square().Square().Square().Square()         // a176 = a^(2^133 - 2^45)
+	a176.Square().Square().Square().Square().Square()         // a176 = a^(2^138 - 2^50)
+	a176.Square().Square().Square().Square().Square()         // a176 = a^(2^143 - 2^55)
+	a176.Square().Square().Square().Square().Square()         // a176 = a^(2^148 - 2^60)
+	a176.Square().Square().Square().Square().Square()         // a176 = a^(2^153 - 2^65)
+	a176.Square().Square().Square().Square().Square()         // a176 = a^(2^158 - 2^70)
+	a176.Square().Square().Square().Square().Square()         // a176 = a^(2^163 - 2^75)
+	a176.Square().Square().Square().Square().Square()         // a176 = a^(2^168 - 2^80)
+	a176.Square().Square().Square().Square().Square()         // a176 = a^(2^173 - 2^85)
+	a176.Square().Square().Square()                           // a176 = a^(2^176 - 2^88)
+	a176.Mul(&a88)                                            // a176 = a^(2^176 - 1)
+	a220.SquareVal(&a176).Square().Square().Square().Square() // a220 = a^(2^181 - 2^5)
+	a220.Square().Square().Square().Square().Square()         // a220 = a^(2^186 - 2^10)
+	a220.Square().Square().Square().Square().Square()         // a220 = a^(2^191 - 2^15)
+	a220.Square().Square().Square().Square().Square()         // a220 = a^(2^196 - 2^20)
+	a220.Square().Square().Square().Square().Square()         // a220 = a^(2^201 - 2^25)
+	a220.Square().Square().Square().Square().Square()         // a220 = a^(2^206 - 2^30)
+	a220.Square().Square().Square().Square().Square()         // a220 = a^(2^211 - 2^35)
+	a220.Square().Square().Square().Square().Square()         // a220 = a^(2^216 - 2^40)
+	a220.Square().Square().Square().Square()                  // a220 = a^(2^220 - 2^44)
+	a220.Mul(&a44)                                            // a220 = a^(2^220 - 1)
+	a223.SquareVal(&a220).Square().Square()                   // a223 = a^(2^223 - 2^3)
+	a223.Mul(&a3)                                             // a223 = a^(2^223 - 1)
+
+	f.SquareVal(&a223).Square().Square().Square().Square() // f = a^(2^228 - 2^5)
+	f.Square().Square().Square().Square().Square()         // f = a^(2^233 - 2^10)
+	f.Square().Square().Square().Square().Square()         // f = a^(2^238 - 2^15)
+	f.Square().Square().Square().Square().Square()         // f = a^(2^243 - 2^20)
+	f.Square().Square().Square()                           // f = a^(2^246 - 2^23)
+	f.Mul(&a22)                                            // f = a^(2^246 - 2^22 - 1)
+	f.Square().Square().Square().Square().Square()         // f = a^(2^251 - 2^27 - 2^5)
+	f.Square()                                             // f = a^(2^252 - 2^28 - 2^6)
+	f.Mul(&a2)                                             // f = a^(2^252 - 2^28 - 2^6 - 2^1 - 1)
+	f.Square().Square()                                    // f = a^(2^254 - 2^30 - 2^8 - 2^3 - 2^2)
+	//                                                     //   = a^(2^254 - 2^30 - 244)
+	//                                                     //   = a^((p+1)/4)
+
+	// Ensure the calculated result is actually the square root by squaring it
+	// and checking against the original value.
+	var sqr FieldVal
+	return sqr.SquareVal(f).Normalize().Equals(val.Normalize())
+}
+
+// Square squares the field value in constant time.  The existing field value is
+// modified.  Note that this function can overflow if multiplying any of the
+// individual words exceeds a max uint32.  In practice, this means the magnitude
+// of the field must be a max of 8 to prevent overflow.
+//
+// The field value is returned to support chaining.  This enables syntax like:
+// f.Square().Mul(f2) so that f = f^2 * f2.
+//
+//	Preconditions:
+//	  - The field value MUST have a max magnitude of 8
+//	Output Normalized: No
+//	Output Max Magnitude: 1
+func (f *FieldVal) Square() *FieldVal {
+	return f.SquareVal(f)
+}
+
+// SquareVal squares the passed value and stores the result in f in constant
+// time.  Note that this function can overflow if multiplying any of the
+// individual words exceeds a max uint32.  In practice, this means the magnitude
+// of the field being squared must be a max of 8 to prevent overflow.
+//
+// The field value is returned to support chaining.  This enables syntax like:
+// f3.SquareVal(f).Mul(f) so that f3 = f^2 * f = f^3.
+//
+//	Preconditions:
+//	  - The input field value MUST have a max magnitude of 8
+//	Output Normalized: No
+//	Output Max Magnitude: 1
+func (f *FieldVal) SquareVal(val *FieldVal) *FieldVal {
+	// This could be done with a couple of for loops and an array to store
+	// the intermediate terms, but this unrolled version is significantly
+	// faster.
+
+	// Terms for 2^(fieldBase*0).
+	m := uint64(val.n[0]) * uint64(val.n[0])
+	t0 := m & fieldBaseMask
+
+	// Terms for 2^(fieldBase*1).
+	m = (m >> fieldBase) + 2*uint64(val.n[0])*uint64(val.n[1])
+	t1 := m & fieldBaseMask
+
+	// Terms for 2^(fieldBase*2).
+	m = (m >> fieldBase) +
+		2*uint64(val.n[0])*uint64(val.n[2]) +
+		uint64(val.n[1])*uint64(val.n[1])
+	t2 := m & fieldBaseMask
+
+	// Terms for 2^(fieldBase*3).
+	m = (m >> fieldBase) +
+		2*uint64(val.n[0])*uint64(val.n[3]) +
+		2*uint64(val.n[1])*uint64(val.n[2])
+	t3 := m & fieldBaseMask
+
+	// Terms for 2^(fieldBase*4).
+	m = (m >> fieldBase) +
+		2*uint64(val.n[0])*uint64(val.n[4]) +
+		2*uint64(val.n[1])*uint64(val.n[3]) +
+		uint64(val.n[2])*uint64(val.n[2])
+	t4 := m & fieldBaseMask
+
+	// Terms for 2^(fieldBase*5).
+	m = (m >> fieldBase) +
+		2*uint64(val.n[0])*uint64(val.n[5]) +
+		2*uint64(val.n[1])*uint64(val.n[4]) +
+		2*uint64(val.n[2])*uint64(val.n[3])
+	t5 := m & fieldBaseMask
+
+	// Terms for 2^(fieldBase*6).
+	m = (m >> fieldBase) +
+		2*uint64(val.n[0])*uint64(val.n[6]) +
+		2*uint64(val.n[1])*uint64(val.n[5]) +
+		2*uint64(val.n[2])*uint64(val.n[4]) +
+		uint64(val.n[3])*uint64(val.n[3])
+	t6 := m & fieldBaseMask
+
+	// Terms for 2^(fieldBase*7).
+	m = (m >> fieldBase) +
+		2*uint64(val.n[0])*uint64(val.n[7]) +
+		2*uint64(val.n[1])*uint64(val.n[6]) +
+		2*uint64(val.n[2])*uint64(val.n[5]) +
+		2*uint64(val.n[3])*uint64(val.n[4])
+	t7 := m & fieldBaseMask
+
+	// Terms for 2^(fieldBase*8).
+	m = (m >> fieldBase) +
+		2*uint64(val.n[0])*uint64(val.n[8]) +
+		2*uint64(val.n[1])*uint64(val.n[7]) +
+		2*uint64(val.n[2])*uint64(val.n[6]) +
+		2*uint64(val.n[3])*uint64(val.n[5]) +
+		uint64(val.n[4])*uint64(val.n[4])
+	t8 := m & fieldBaseMask
+
+	// Terms for 2^(fieldBase*9).
+	m = (m >> fieldBase) +
+		2*uint64(val.n[0])*uint64(val.n[9]) +
+		2*uint64(val.n[1])*uint64(val.n[8]) +
+		2*uint64(val.n[2])*uint64(val.n[7]) +
+		2*uint64(val.n[3])*uint64(val.n[6]) +
+		2*uint64(val.n[4])*uint64(val.n[5])
+	t9 := m & fieldBaseMask
+
+	// Terms for 2^(fieldBase*10).
+	m = (m >> fieldBase) +
+		2*uint64(val.n[1])*uint64(val.n[9]) +
+		2*uint64(val.n[2])*uint64(val.n[8]) +
+		2*uint64(val.n[3])*uint64(val.n[7]) +
+		2*uint64(val.n[4])*uint64(val.n[6]) +
+		uint64(val.n[5])*uint64(val.n[5])
+	t10 := m & fieldBaseMask
+
+	// Terms for 2^(fieldBase*11).
+	m = (m >> fieldBase) +
+		2*uint64(val.n[2])*uint64(val.n[9]) +
+		2*uint64(val.n[3])*uint64(val.n[8]) +
+		2*uint64(val.n[4])*uint64(val.n[7]) +
+		2*uint64(val.n[5])*uint64(val.n[6])
+	t11 := m & fieldBaseMask
+
+	// Terms for 2^(fieldBase*12).
+	m = (m >> fieldBase) +
+		2*uint64(val.n[3])*uint64(val.n[9]) +
+		2*uint64(val.n[4])*uint64(val.n[8]) +
+		2*uint64(val.n[5])*uint64(val.n[7]) +
+		uint64(val.n[6])*uint64(val.n[6])
+	t12 := m & fieldBaseMask
+
+	// Terms for 2^(fieldBase*13).
+	m = (m >> fieldBase) +
+		2*uint64(val.n[4])*uint64(val.n[9]) +
+		2*uint64(val.n[5])*uint64(val.n[8]) +
+		2*uint64(val.n[6])*uint64(val.n[7])
+	t13 := m & fieldBaseMask
+
+	// Terms for 2^(fieldBase*14).
+	m = (m >> fieldBase) +
+		2*uint64(val.n[5])*uint64(val.n[9]) +
+		2*uint64(val.n[6])*uint64(val.n[8]) +
+		uint64(val.n[7])*uint64(val.n[7])
+	t14 := m & fieldBaseMask
+
+	// Terms for 2^(fieldBase*15).
+	m = (m >> fieldBase) +
+		2*uint64(val.n[6])*uint64(val.n[9]) +
+		2*uint64(val.n[7])*uint64(val.n[8])
+	t15 := m & fieldBaseMask
+
+	// Terms for 2^(fieldBase*16).
+	m = (m >> fieldBase) +
+		2*uint64(val.n[7])*uint64(val.n[9]) +
+		uint64(val.n[8])*uint64(val.n[8])
+	t16 := m & fieldBaseMask
+
+	// Terms for 2^(fieldBase*17).
+	m = (m >> fieldBase) + 2*uint64(val.n[8])*uint64(val.n[9])
+	t17 := m & fieldBaseMask
+
+	// Terms for 2^(fieldBase*18).
+	m = (m >> fieldBase) + uint64(val.n[9])*uint64(val.n[9])
+	t18 := m & fieldBaseMask
+
+	// What's left is for 2^(fieldBase*19).
+	t19 := m >> fieldBase
+
+	// At this point, all of the terms are grouped into their respective
+	// base.
+	//
+	// Per [HAC] section 14.3.4: Reduction method of moduli of special form,
+	// when the modulus is of the special form m = b^t - c, highly efficient
+	// reduction can be achieved per the provided algorithm.
+	//
+	// The secp256k1 prime is equivalent to 2^256 - 4294968273, so it fits
+	// this criteria.
+	//
+	// 4294968273 in field representation (base 2^26) is:
+	// n[0] = 977
+	// n[1] = 64
+	// That is to say (2^26 * 64) + 977 = 4294968273
+	//
+	// Since each word is in base 26, the upper terms (t10 and up) start
+	// at 260 bits (versus the final desired range of 256 bits), so the
+	// field representation of 'c' from above needs to be adjusted for the
+	// extra 4 bits by multiplying it by 2^4 = 16.  4294968273 * 16 =
+	// 68719492368.  Thus, the adjusted field representation of 'c' is:
+	// n[0] = 977 * 16 = 15632
+	// n[1] = 64 * 16 = 1024
+	// That is to say (2^26 * 1024) + 15632 = 68719492368
+	//
+	// To reduce the final term, t19, the entire 'c' value is needed instead
+	// of only n[0] because there are no more terms left to handle n[1].
+	// This means there might be some magnitude left in the upper bits that
+	// is handled below.
+	m = t0 + t10*15632
+	t0 = m & fieldBaseMask
+	m = (m >> fieldBase) + t1 + t10*1024 + t11*15632
+	t1 = m & fieldBaseMask
+	m = (m >> fieldBase) + t2 + t11*1024 + t12*15632
+	t2 = m & fieldBaseMask
+	m = (m >> fieldBase) + t3 + t12*1024 + t13*15632
+	t3 = m & fieldBaseMask
+	m = (m >> fieldBase) + t4 + t13*1024 + t14*15632
+	t4 = m & fieldBaseMask
+	m = (m >> fieldBase) + t5 + t14*1024 + t15*15632
+	t5 = m & fieldBaseMask
+	m = (m >> fieldBase) + t6 + t15*1024 + t16*15632
+	t6 = m & fieldBaseMask
+	m = (m >> fieldBase) + t7 + t16*1024 + t17*15632
+	t7 = m & fieldBaseMask
+	m = (m >> fieldBase) + t8 + t17*1024 + t18*15632
+	t8 = m & fieldBaseMask
+	m = (m >> fieldBase) + t9 + t18*1024 + t19*68719492368
+	t9 = m & fieldMSBMask
+	m = m >> fieldMSBBits
+
+	// At this point, if the magnitude is greater than 0, the overall value
+	// is greater than the max possible 256-bit value.  In particular, it is
+	// "how many times larger" than the max value it is.
+	//
+	// The algorithm presented in [HAC] section 14.3.4 repeats until the
+	// quotient is zero.  However, due to the above, we already know at
+	// least how many times we would need to repeat as it's the value
+	// currently in m.  Thus we can simply multiply the magnitude by the
+	// field representation of the prime and do a single iteration.  Notice
+	// that nothing will be changed when the magnitude is zero, so we could
+	// skip this in that case, however always running regardless allows it
+	// to run in constant time.  The final result will be in the range
+	// 0 <= result <= prime + (2^64 - c), so it is guaranteed to have a
+	// magnitude of 1, but it is denormalized.
+	n := t0 + m*977
+	f.n[0] = uint32(n & fieldBaseMask)
+	n = (n >> fieldBase) + t1 + m*64
+	f.n[1] = uint32(n & fieldBaseMask)
+	f.n[2] = uint32((n >> fieldBase) + t2)
+	f.n[3] = uint32(t3)
+	f.n[4] = uint32(t4)
+	f.n[5] = uint32(t5)
+	f.n[6] = uint32(t6)
+	f.n[7] = uint32(t7)
+	f.n[8] = uint32(t8)
+	f.n[9] = uint32(t9)
+
+	return f
+}
+
+// Inverse finds the modular multiplicative inverse of the field value in
+// constant time.  The existing field value is modified.
+//
+// The field value is returned to support chaining.  This enables syntax like:
+// f.Inverse().Mul(f2) so that f = f^-1 * f2.
+//
+//	Preconditions:
+//	  - The field value MUST have a max magnitude of 8
+//	Output Normalized: No
+//	Output Max Magnitude: 1
+func (f *FieldVal) Inverse() *FieldVal {
+	// Fermat's little theorem states that for a nonzero number a and prime
+	// prime p, a^(p-1) = 1 (mod p).  Since the multiplicative inverse is
+	// a*b = 1 (mod p), it follows that b = a*a^(p-2) = a^(p-1) = 1 (mod p).
+	// Thus, a^(p-2) is the multiplicative inverse.
+	//
+	// In order to efficiently compute a^(p-2), p-2 needs to be split into
+	// a sequence of squares and multiplications that minimizes the number
+	// of multiplications needed (since they are more costly than
+	// squarings). Intermediate results are saved and reused as well.
+	//
+	// The secp256k1 prime - 2 is 2^256 - 4294968275.
+	//
+	// This has a cost of 258 field squarings and 33 field multiplications.
+	var a2, a3, a4, a10, a11, a21, a42, a45, a63, a1019, a1023 FieldVal
+	a2.SquareVal(f)
+	a3.Mul2(&a2, f)
+	a4.SquareVal(&a2)
+	a10.SquareVal(&a4).Mul(&a2)
+	a11.Mul2(&a10, f)
+	a21.Mul2(&a10, &a11)
+	a42.SquareVal(&a21)
+	a45.Mul2(&a42, &a3)
+	a63.Mul2(&a42, &a21)
+	a1019.SquareVal(&a63).Square().Square().Square().Mul(&a11)
+	a1023.Mul2(&a1019, &a4)
+	f.Set(&a63)                                    // f = a^(2^6 - 1)
+	f.Square().Square().Square().Square().Square() // f = a^(2^11 - 32)
+	f.Square().Square().Square().Square().Square() // f = a^(2^16 - 1024)
+	f.Mul(&a1023)                                  // f = a^(2^16 - 1)
+	f.Square().Square().Square().Square().Square() // f = a^(2^21 - 32)
+	f.Square().Square().Square().Square().Square() // f = a^(2^26 - 1024)
+	f.Mul(&a1023)                                  // f = a^(2^26 - 1)
+	f.Square().Square().Square().Square().Square() // f = a^(2^31 - 32)
+	f.Square().Square().Square().Square().Square() // f = a^(2^36 - 1024)
+	f.Mul(&a1023)                                  // f = a^(2^36 - 1)
+	f.Square().Square().Square().Square().Square() // f = a^(2^41 - 32)
+	f.Square().Square().Square().Square().Square() // f = a^(2^46 - 1024)
+	f.Mul(&a1023)                                  // f = a^(2^46 - 1)
+	f.Square().Square().Square().Square().Square() // f = a^(2^51 - 32)
+	f.Square().Square().Square().Square().Square() // f = a^(2^56 - 1024)
+	f.Mul(&a1023)                                  // f = a^(2^56 - 1)
+	f.Square().Square().Square().Square().Square() // f = a^(2^61 - 32)
+	f.Square().Square().Square().Square().Square() // f = a^(2^66 - 1024)
+	f.Mul(&a1023)                                  // f = a^(2^66 - 1)
+	f.Square().Square().Square().Square().Square() // f = a^(2^71 - 32)
+	f.Square().Square().Square().Square().Square() // f = a^(2^76 - 1024)
+	f.Mul(&a1023)                                  // f = a^(2^76 - 1)
+	f.Square().Square().Square().Square().Square() // f = a^(2^81 - 32)
+	f.Square().Square().Square().Square().Square() // f = a^(2^86 - 1024)
+	f.Mul(&a1023)                                  // f = a^(2^86 - 1)
+	f.Square().Square().Square().Square().Square() // f = a^(2^91 - 32)
+	f.Square().Square().Square().Square().Square() // f = a^(2^96 - 1024)
+	f.Mul(&a1023)                                  // f = a^(2^96 - 1)
+	f.Square().Square().Square().Square().Square() // f = a^(2^101 - 32)
+	f.Square().Square().Square().Square().Square() // f = a^(2^106 - 1024)
+	f.Mul(&a1023)                                  // f = a^(2^106 - 1)
+	f.Square().Square().Square().Square().Square() // f = a^(2^111 - 32)
+	f.Square().Square().Square().Square().Square() // f = a^(2^116 - 1024)
+	f.Mul(&a1023)                                  // f = a^(2^116 - 1)
+	f.Square().Square().Square().Square().Square() // f = a^(2^121 - 32)
+	f.Square().Square().Square().Square().Square() // f = a^(2^126 - 1024)
+	f.Mul(&a1023)                                  // f = a^(2^126 - 1)
+	f.Square().Square().Square().Square().Square() // f = a^(2^131 - 32)
+	f.Square().Square().Square().Square().Square() // f = a^(2^136 - 1024)
+	f.Mul(&a1023)                                  // f = a^(2^136 - 1)
+	f.Square().Square().Square().Square().Square() // f = a^(2^141 - 32)
+	f.Square().Square().Square().Square().Square() // f = a^(2^146 - 1024)
+	f.Mul(&a1023)                                  // f = a^(2^146 - 1)
+	f.Square().Square().Square().Square().Square() // f = a^(2^151 - 32)
+	f.Square().Square().Square().Square().Square() // f = a^(2^156 - 1024)
+	f.Mul(&a1023)                                  // f = a^(2^156 - 1)
+	f.Square().Square().Square().Square().Square() // f = a^(2^161 - 32)
+	f.Square().Square().Square().Square().Square() // f = a^(2^166 - 1024)
+	f.Mul(&a1023)                                  // f = a^(2^166 - 1)
+	f.Square().Square().Square().Square().Square() // f = a^(2^171 - 32)
+	f.Square().Square().Square().Square().Square() // f = a^(2^176 - 1024)
+	f.Mul(&a1023)                                  // f = a^(2^176 - 1)
+	f.Square().Square().Square().Square().Square() // f = a^(2^181 - 32)
+	f.Square().Square().Square().Square().Square() // f = a^(2^186 - 1024)
+	f.Mul(&a1023)                                  // f = a^(2^186 - 1)
+	f.Square().Square().Square().Square().Square() // f = a^(2^191 - 32)
+	f.Square().Square().Square().Square().Square() // f = a^(2^196 - 1024)
+	f.Mul(&a1023)                                  // f = a^(2^196 - 1)
+	f.Square().Square().Square().Square().Square() // f = a^(2^201 - 32)
+	f.Square().Square().Square().Square().Square() // f = a^(2^206 - 1024)
+	f.Mul(&a1023)                                  // f = a^(2^206 - 1)
+	f.Square().Square().Square().Square().Square() // f = a^(2^211 - 32)
+	f.Square().Square().Square().Square().Square() // f = a^(2^216 - 1024)
+	f.Mul(&a1023)                                  // f = a^(2^216 - 1)
+	f.Square().Square().Square().Square().Square() // f = a^(2^221 - 32)
+	f.Square().Square().Square().Square().Square() // f = a^(2^226 - 1024)
+	f.Mul(&a1019)                                  // f = a^(2^226 - 5)
+	f.Square().Square().Square().Square().Square() // f = a^(2^231 - 160)
+	f.Square().Square().Square().Square().Square() // f = a^(2^236 - 5120)
+	f.Mul(&a1023)                                  // f = a^(2^236 - 4097)
+	f.Square().Square().Square().Square().Square() // f = a^(2^241 - 131104)
+	f.Square().Square().Square().Square().Square() // f = a^(2^246 - 4195328)
+	f.Mul(&a1023)                                  // f = a^(2^246 - 4194305)
+	f.Square().Square().Square().Square().Square() // f = a^(2^251 - 134217760)
+	f.Square().Square().Square().Square().Square() // f = a^(2^256 - 4294968320)
+	return f.Mul(&a45)                             // f = a^(2^256 - 4294968275) = a^(p-2)
+}
+
+// IsGtOrEqPrimeMinusOrder returns whether or not the field value exceeds the
+// group order divided by 2 in constant time.
+//
+//	Preconditions:
+//	  - The field value MUST be normalized
+func (f *FieldVal) IsGtOrEqPrimeMinusOrder() bool {
+	// The secp256k1 prime is equivalent to 2^256 - 4294968273 and the group
+	// order is 2^256 - 432420386565659656852420866394968145599.  Thus,
+	// the prime minus the group order is:
+	// 432420386565659656852420866390673177326
+	//
+	// In hex that is:
+	// 0x00000000 00000000 00000000 00000001 45512319 50b75fc4 402da172 2fc9baee
+	//
+	// Converting that to field representation (base 2^26) is:
+	//
+	// n[0] = 0x03c9baee
+	// n[1] = 0x03685c8b
+	// n[2] = 0x01fc4402
+	// n[3] = 0x006542dd
+	// n[4] = 0x01455123
+	//
+	// This can be verified with the following test code:
+	//   pMinusN := new(big.Int).Sub(curveParams.P, curveParams.N)
+	//   var fv FieldVal
+	//   fv.SetByteSlice(pMinusN.Bytes())
+	//   t.Logf("%x", fv.n)
+	//
+	//   Outputs: [3c9baee 3685c8b 1fc4402 6542dd 1455123 0 0 0 0 0]
+	const (
+		pMinusNWordZero  = 0x03c9baee
+		pMinusNWordOne   = 0x03685c8b
+		pMinusNWordTwo   = 0x01fc4402
+		pMinusNWordThree = 0x006542dd
+		pMinusNWordFour  = 0x01455123
+		pMinusNWordFive  = 0x00000000
+		pMinusNWordSix   = 0x00000000
+		pMinusNWordSeven = 0x00000000
+		pMinusNWordEight = 0x00000000
+		pMinusNWordNine  = 0x00000000
+	)
+
+	// The intuition here is that the value is greater than field prime minus
+	// the group order if one of the higher individual words is greater than the
+	// corresponding word and all higher words in the value are equal.
+	result := constantTimeGreater(f.n[9], pMinusNWordNine)
+	highWordsEqual := constantTimeEq(f.n[9], pMinusNWordNine)
+	result |= highWordsEqual & constantTimeGreater(f.n[8], pMinusNWordEight)
+	highWordsEqual &= constantTimeEq(f.n[8], pMinusNWordEight)
+	result |= highWordsEqual & constantTimeGreater(f.n[7], pMinusNWordSeven)
+	highWordsEqual &= constantTimeEq(f.n[7], pMinusNWordSeven)
+	result |= highWordsEqual & constantTimeGreater(f.n[6], pMinusNWordSix)
+	highWordsEqual &= constantTimeEq(f.n[6], pMinusNWordSix)
+	result |= highWordsEqual & constantTimeGreater(f.n[5], pMinusNWordFive)
+	highWordsEqual &= constantTimeEq(f.n[5], pMinusNWordFive)
+	result |= highWordsEqual & constantTimeGreater(f.n[4], pMinusNWordFour)
+	highWordsEqual &= constantTimeEq(f.n[4], pMinusNWordFour)
+	result |= highWordsEqual & constantTimeGreater(f.n[3], pMinusNWordThree)
+	highWordsEqual &= constantTimeEq(f.n[3], pMinusNWordThree)
+	result |= highWordsEqual & constantTimeGreater(f.n[2], pMinusNWordTwo)
+	highWordsEqual &= constantTimeEq(f.n[2], pMinusNWordTwo)
+	result |= highWordsEqual & constantTimeGreater(f.n[1], pMinusNWordOne)
+	highWordsEqual &= constantTimeEq(f.n[1], pMinusNWordOne)
+	result |= highWordsEqual & constantTimeGreaterOrEq(f.n[0], pMinusNWordZero)
+
+	return result != 0
+}
diff --git a/vendor/github.com/decred/dcrd/dcrec/secp256k1/v4/loadprecomputed.go b/vendor/github.com/decred/dcrd/dcrec/secp256k1/v4/loadprecomputed.go
new file mode 100644
index 000000000..91c3d3776
--- /dev/null
+++ b/vendor/github.com/decred/dcrd/dcrec/secp256k1/v4/loadprecomputed.go
@@ -0,0 +1,91 @@
+// Copyright 2015 The btcsuite developers
+// Copyright (c) 2015-2022 The Decred developers
+// Use of this source code is governed by an ISC
+// license that can be found in the LICENSE file.
+
+package secp256k1
+
+import (
+	"compress/zlib"
+	"encoding/base64"
+	"io"
+	"strings"
+	"sync"
+)
+
+//go:generate go run genprecomps.go
+
+// bytePointTable describes a table used to house pre-computed values for
+// accelerating scalar base multiplication.
+type bytePointTable [32][256]JacobianPoint
+
+// compressedBytePointsFn is set to a real function by the code generation to
+// return the compressed pre-computed values for accelerating scalar base
+// multiplication.
+var compressedBytePointsFn func() string
+
+// s256BytePoints houses pre-computed values used to accelerate scalar base
+// multiplication such that they are only loaded on first use.
+var s256BytePoints = func() func() *bytePointTable {
+	// mustLoadBytePoints decompresses and deserializes the pre-computed byte
+	// points used to accelerate scalar base multiplication for the secp256k1
+	// curve.
+	//
+	// This approach is used since it allows the compile to use significantly
+	// less ram and be performed much faster than it is with hard-coding the
+	// final in-memory data structure.  At the same time, it is quite fast to
+	// generate the in-memory data structure on first use with this approach
+	// versus computing the table.
+	//
+	// It will panic on any errors because the data is hard coded and thus any
+	// errors means something is wrong in the source code.
+	var data *bytePointTable
+	mustLoadBytePoints := func() {
+		// There will be no byte points to load when generating them.
+		if compressedBytePointsFn == nil {
+			return
+		}
+		bp := compressedBytePointsFn()
+
+		// Decompress the pre-computed table used to accelerate scalar base
+		// multiplication.
+		decoder := base64.NewDecoder(base64.StdEncoding, strings.NewReader(bp))
+		r, err := zlib.NewReader(decoder)
+		if err != nil {
+			panic(err)
+		}
+		serialized, err := io.ReadAll(r)
+		if err != nil {
+			panic(err)
+		}
+
+		// Deserialize the precomputed byte points and set the memory table to
+		// them.
+		offset := 0
+		var bytePoints bytePointTable
+		for byteNum := 0; byteNum < len(bytePoints); byteNum++ {
+			// All points in this window.
+			for i := 0; i < len(bytePoints[byteNum]); i++ {
+				p := &bytePoints[byteNum][i]
+				p.X.SetByteSlice(serialized[offset:])
+				offset += 32
+				p.Y.SetByteSlice(serialized[offset:])
+				offset += 32
+				p.Z.SetInt(1)
+			}
+		}
+		data = &bytePoints
+	}
+
+	// Return a closure that initializes the data on first access.  This is done
+	// because the table takes a non-trivial amount of memory and initializing
+	// it unconditionally would cause anything that imports the package, either
+	// directly, or indirectly via transitive deps, to use that memory even if
+	// the caller never accesses any parts of the package that actually needs
+	// access to it.
+	var loadBytePointsOnce sync.Once
+	return func() *bytePointTable {
+		loadBytePointsOnce.Do(mustLoadBytePoints)
+		return data
+	}
+}()
diff --git a/vendor/github.com/decred/dcrd/dcrec/secp256k1/v4/modnscalar.go b/vendor/github.com/decred/dcrd/dcrec/secp256k1/v4/modnscalar.go
new file mode 100644
index 000000000..f66496ed5
--- /dev/null
+++ b/vendor/github.com/decred/dcrd/dcrec/secp256k1/v4/modnscalar.go
@@ -0,0 +1,1101 @@
+// Copyright (c) 2020-2022 The Decred developers
+// Use of this source code is governed by an ISC
+// license that can be found in the LICENSE file.
+
+package secp256k1
+
+import (
+	"encoding/hex"
+	"math/big"
+)
+
+// References:
+//   [SECG]: Recommended Elliptic Curve Domain Parameters
+//     https://www.secg.org/sec2-v2.pdf
+//
+//   [HAC]: Handbook of Applied Cryptography Menezes, van Oorschot, Vanstone.
+//     http://cacr.uwaterloo.ca/hac/
+
+// Many elliptic curve operations require working with scalars in a finite field
+// characterized by the order of the group underlying the secp256k1 curve.
+// Given this precision is larger than the biggest available native type,
+// obviously some form of bignum math is needed.  This code implements
+// specialized fixed-precision field arithmetic rather than relying on an
+// arbitrary-precision arithmetic package such as math/big for dealing with the
+// math modulo the group order since the size is known.  As a result, rather
+// large performance gains are achieved by taking advantage of many
+// optimizations not available to arbitrary-precision arithmetic and generic
+// modular arithmetic algorithms.
+//
+// There are various ways to internally represent each element.  For example,
+// the most obvious representation would be to use an array of 4 uint64s (64
+// bits * 4 = 256 bits).  However, that representation suffers from the fact
+// that there is no native Go type large enough to handle the intermediate
+// results while adding or multiplying two 64-bit numbers.
+//
+// Given the above, this implementation represents the field elements as 8
+// uint32s with each word (array entry) treated as base 2^32.  This was chosen
+// because most systems at the current time are 64-bit (or at least have 64-bit
+// registers available for specialized purposes such as MMX) so the intermediate
+// results can typically be done using a native register (and using uint64s to
+// avoid the need for additional half-word arithmetic)
+
+const (
+	// These fields provide convenient access to each of the words of the
+	// secp256k1 curve group order N to improve code readability.
+	//
+	// The group order of the curve per [SECG] is:
+	// 0xffffffff ffffffff ffffffff fffffffe baaedce6 af48a03b bfd25e8c d0364141
+	orderWordZero  uint32 = 0xd0364141
+	orderWordOne   uint32 = 0xbfd25e8c
+	orderWordTwo   uint32 = 0xaf48a03b
+	orderWordThree uint32 = 0xbaaedce6
+	orderWordFour  uint32 = 0xfffffffe
+	orderWordFive  uint32 = 0xffffffff
+	orderWordSix   uint32 = 0xffffffff
+	orderWordSeven uint32 = 0xffffffff
+
+	// These fields provide convenient access to each of the words of the two's
+	// complement of the secp256k1 curve group order N to improve code
+	// readability.
+	//
+	// The two's complement of the group order is:
+	// 0x00000000 00000000 00000000 00000001 45512319 50b75fc4 402da173 2fc9bebf
+	orderComplementWordZero  uint32 = (^orderWordZero) + 1
+	orderComplementWordOne   uint32 = ^orderWordOne
+	orderComplementWordTwo   uint32 = ^orderWordTwo
+	orderComplementWordThree uint32 = ^orderWordThree
+	//orderComplementWordFour  uint32 = ^orderWordFour  // unused
+	//orderComplementWordFive  uint32 = ^orderWordFive  // unused
+	//orderComplementWordSix   uint32 = ^orderWordSix   // unused
+	//orderComplementWordSeven uint32 = ^orderWordSeven // unused
+
+	// These fields provide convenient access to each of the words of the
+	// secp256k1 curve group order N / 2 to improve code readability and avoid
+	// the need to recalculate them.
+	//
+	// The half order of the secp256k1 curve group is:
+	// 0x7fffffff ffffffff ffffffff ffffffff 5d576e73 57a4501d dfe92f46 681b20a0
+	halfOrderWordZero  uint32 = 0x681b20a0
+	halfOrderWordOne   uint32 = 0xdfe92f46
+	halfOrderWordTwo   uint32 = 0x57a4501d
+	halfOrderWordThree uint32 = 0x5d576e73
+	halfOrderWordFour  uint32 = 0xffffffff
+	halfOrderWordFive  uint32 = 0xffffffff
+	halfOrderWordSix   uint32 = 0xffffffff
+	halfOrderWordSeven uint32 = 0x7fffffff
+
+	// uint32Mask is simply a mask with all bits set for a uint32 and is used to
+	// improve the readability of the code.
+	uint32Mask = 0xffffffff
+)
+
+var (
+	// zero32 is an array of 32 bytes used for the purposes of zeroing and is
+	// defined here to avoid extra allocations.
+	zero32 = [32]byte{}
+)
+
+// ModNScalar implements optimized 256-bit constant-time fixed-precision
+// arithmetic over the secp256k1 group order. This means all arithmetic is
+// performed modulo:
+//
+//	0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141
+//
+// It only implements the arithmetic needed for elliptic curve operations,
+// however, the operations that are not implemented can typically be worked
+// around if absolutely needed.  For example, subtraction can be performed by
+// adding the negation.
+//
+// Should it be absolutely necessary, conversion to the standard library
+// math/big.Int can be accomplished by using the Bytes method, slicing the
+// resulting fixed-size array, and feeding it to big.Int.SetBytes.  However,
+// that should typically be avoided when possible as conversion to big.Ints
+// requires allocations, is not constant time, and is slower when working modulo
+// the group order.
+type ModNScalar struct {
+	// The scalar is represented as 8 32-bit integers in base 2^32.
+	//
+	// The following depicts the internal representation:
+	// 	 ---------------------------------------------------------
+	// 	|       n[7]     |      n[6]      | ... |      n[0]      |
+	// 	| 32 bits        | 32 bits        | ... | 32 bits        |
+	// 	| Mult: 2^(32*7) | Mult: 2^(32*6) | ... | Mult: 2^(32*0) |
+	// 	 ---------------------------------------------------------
+	//
+	// For example, consider the number 2^87 + 2^42 + 1.  It would be
+	// represented as:
+	// 	n[0] = 1
+	// 	n[1] = 2^10
+	// 	n[2] = 2^23
+	// 	n[3..7] = 0
+	//
+	// The full 256-bit value is then calculated by looping i from 7..0 and
+	// doing sum(n[i] * 2^(32i)) like so:
+	// 	n[7] * 2^(32*7) = 0    * 2^224 = 0
+	// 	n[6] * 2^(32*6) = 0    * 2^192 = 0
+	// 	...
+	// 	n[2] * 2^(32*2) = 2^23 * 2^64  = 2^87
+	// 	n[1] * 2^(32*1) = 2^10 * 2^32  = 2^42
+	// 	n[0] * 2^(32*0) = 1    * 2^0   = 1
+	// 	Sum: 0 + 0 + ... + 2^87 + 2^42 + 1 = 2^87 + 2^42 + 1
+	n [8]uint32
+}
+
+// String returns the scalar as a human-readable hex string.
+//
+// This is NOT constant time.
+func (s ModNScalar) String() string {
+	b := s.Bytes()
+	return hex.EncodeToString(b[:])
+}
+
+// Set sets the scalar equal to a copy of the passed one in constant time.
+//
+// The scalar is returned to support chaining.  This enables syntax like:
+// s := new(ModNScalar).Set(s2).Add(1) so that s = s2 + 1 where s2 is not
+// modified.
+func (s *ModNScalar) Set(val *ModNScalar) *ModNScalar {
+	*s = *val
+	return s
+}
+
+// Zero sets the scalar to zero in constant time.  A newly created scalar is
+// already set to zero.  This function can be useful to clear an existing scalar
+// for reuse.
+func (s *ModNScalar) Zero() {
+	s.n[0] = 0
+	s.n[1] = 0
+	s.n[2] = 0
+	s.n[3] = 0
+	s.n[4] = 0
+	s.n[5] = 0
+	s.n[6] = 0
+	s.n[7] = 0
+}
+
+// IsZeroBit returns 1 when the scalar is equal to zero or 0 otherwise in
+// constant time.
+//
+// Note that a bool is not used here because it is not possible in Go to convert
+// from a bool to numeric value in constant time and many constant-time
+// operations require a numeric value.  See IsZero for the version that returns
+// a bool.
+func (s *ModNScalar) IsZeroBit() uint32 {
+	// The scalar can only be zero if no bits are set in any of the words.
+	bits := s.n[0] | s.n[1] | s.n[2] | s.n[3] | s.n[4] | s.n[5] | s.n[6] | s.n[7]
+	return constantTimeEq(bits, 0)
+}
+
+// IsZero returns whether or not the scalar is equal to zero in constant time.
+func (s *ModNScalar) IsZero() bool {
+	// The scalar can only be zero if no bits are set in any of the words.
+	bits := s.n[0] | s.n[1] | s.n[2] | s.n[3] | s.n[4] | s.n[5] | s.n[6] | s.n[7]
+	return bits == 0
+}
+
+// SetInt sets the scalar to the passed integer in constant time.  This is a
+// convenience function since it is fairly common to perform some arithmetic
+// with small native integers.
+//
+// The scalar is returned to support chaining.  This enables syntax like:
+// s := new(ModNScalar).SetInt(2).Mul(s2) so that s = 2 * s2.
+func (s *ModNScalar) SetInt(ui uint32) *ModNScalar {
+	s.Zero()
+	s.n[0] = ui
+	return s
+}
+
+// constantTimeEq returns 1 if a == b or 0 otherwise in constant time.
+func constantTimeEq(a, b uint32) uint32 {
+	return uint32((uint64(a^b) - 1) >> 63)
+}
+
+// constantTimeNotEq returns 1 if a != b or 0 otherwise in constant time.
+func constantTimeNotEq(a, b uint32) uint32 {
+	return ^uint32((uint64(a^b)-1)>>63) & 1
+}
+
+// constantTimeLess returns 1 if a < b or 0 otherwise in constant time.
+func constantTimeLess(a, b uint32) uint32 {
+	return uint32((uint64(a) - uint64(b)) >> 63)
+}
+
+// constantTimeLessOrEq returns 1 if a <= b or 0 otherwise in constant time.
+func constantTimeLessOrEq(a, b uint32) uint32 {
+	return uint32((uint64(a) - uint64(b) - 1) >> 63)
+}
+
+// constantTimeGreater returns 1 if a > b or 0 otherwise in constant time.
+func constantTimeGreater(a, b uint32) uint32 {
+	return constantTimeLess(b, a)
+}
+
+// constantTimeGreaterOrEq returns 1 if a >= b or 0 otherwise in constant time.
+func constantTimeGreaterOrEq(a, b uint32) uint32 {
+	return constantTimeLessOrEq(b, a)
+}
+
+// constantTimeMin returns min(a,b) in constant time.
+func constantTimeMin(a, b uint32) uint32 {
+	return b ^ ((a ^ b) & -constantTimeLess(a, b))
+}
+
+// overflows determines if the current scalar is greater than or equal to the
+// group order in constant time and returns 1 if it is or 0 otherwise.
+func (s *ModNScalar) overflows() uint32 {
+	// The intuition here is that the scalar is greater than the group order if
+	// one of the higher individual words is greater than corresponding word of
+	// the group order and all higher words in the scalar are equal to their
+	// corresponding word of the group order.  Since this type is modulo the
+	// group order, being equal is also an overflow back to 0.
+	//
+	// Note that the words 5, 6, and 7 are all the max uint32 value, so there is
+	// no need to test if those individual words of the scalar exceeds them,
+	// hence, only equality is checked for them.
+	highWordsEqual := constantTimeEq(s.n[7], orderWordSeven)
+	highWordsEqual &= constantTimeEq(s.n[6], orderWordSix)
+	highWordsEqual &= constantTimeEq(s.n[5], orderWordFive)
+	overflow := highWordsEqual & constantTimeGreater(s.n[4], orderWordFour)
+	highWordsEqual &= constantTimeEq(s.n[4], orderWordFour)
+	overflow |= highWordsEqual & constantTimeGreater(s.n[3], orderWordThree)
+	highWordsEqual &= constantTimeEq(s.n[3], orderWordThree)
+	overflow |= highWordsEqual & constantTimeGreater(s.n[2], orderWordTwo)
+	highWordsEqual &= constantTimeEq(s.n[2], orderWordTwo)
+	overflow |= highWordsEqual & constantTimeGreater(s.n[1], orderWordOne)
+	highWordsEqual &= constantTimeEq(s.n[1], orderWordOne)
+	overflow |= highWordsEqual & constantTimeGreaterOrEq(s.n[0], orderWordZero)
+
+	return overflow
+}
+
+// reduce256 reduces the current scalar modulo the group order in accordance
+// with the overflows parameter in constant time.  The overflows parameter
+// specifies whether or not the scalar is known to be greater than the group
+// order and MUST either be 1 in the case it is or 0 in the case it is not for a
+// correct result.
+func (s *ModNScalar) reduce256(overflows uint32) {
+	// Notice that since s < 2^256 < 2N (where N is the group order), the max
+	// possible number of reductions required is one.  Therefore, in the case a
+	// reduction is needed, it can be performed with a single subtraction of N.
+	// Also, recall that subtraction is equivalent to addition by the two's
+	// complement while ignoring the carry.
+	//
+	// When s >= N, the overflows parameter will be 1.  Conversely, it will be 0
+	// when s < N.  Thus multiplying by the overflows parameter will either
+	// result in 0 or the multiplicand itself.
+	//
+	// Combining the above along with the fact that s + 0 = s, the following is
+	// a constant time implementation that works by either adding 0 or the two's
+	// complement of N as needed.
+	//
+	// The final result will be in the range 0 <= s < N as expected.
+	overflows64 := uint64(overflows)
+	c := uint64(s.n[0]) + overflows64*uint64(orderComplementWordZero)
+	s.n[0] = uint32(c & uint32Mask)
+	c = (c >> 32) + uint64(s.n[1]) + overflows64*uint64(orderComplementWordOne)
+	s.n[1] = uint32(c & uint32Mask)
+	c = (c >> 32) + uint64(s.n[2]) + overflows64*uint64(orderComplementWordTwo)
+	s.n[2] = uint32(c & uint32Mask)
+	c = (c >> 32) + uint64(s.n[3]) + overflows64*uint64(orderComplementWordThree)
+	s.n[3] = uint32(c & uint32Mask)
+	c = (c >> 32) + uint64(s.n[4]) + overflows64 // * 1
+	s.n[4] = uint32(c & uint32Mask)
+	c = (c >> 32) + uint64(s.n[5]) // + overflows64 * 0
+	s.n[5] = uint32(c & uint32Mask)
+	c = (c >> 32) + uint64(s.n[6]) // + overflows64 * 0
+	s.n[6] = uint32(c & uint32Mask)
+	c = (c >> 32) + uint64(s.n[7]) // + overflows64 * 0
+	s.n[7] = uint32(c & uint32Mask)
+}
+
+// SetBytes interprets the provided array as a 256-bit big-endian unsigned
+// integer, reduces it modulo the group order, sets the scalar to the result,
+// and returns either 1 if it was reduced (aka it overflowed) or 0 otherwise in
+// constant time.
+//
+// Note that a bool is not used here because it is not possible in Go to convert
+// from a bool to numeric value in constant time and many constant-time
+// operations require a numeric value.
+func (s *ModNScalar) SetBytes(b *[32]byte) uint32 {
+	// Pack the 256 total bits across the 8 uint32 words.  This could be done
+	// with a for loop, but benchmarks show this unrolled version is about 2
+	// times faster than the variant that uses a loop.
+	s.n[0] = uint32(b[31]) | uint32(b[30])<<8 | uint32(b[29])<<16 | uint32(b[28])<<24
+	s.n[1] = uint32(b[27]) | uint32(b[26])<<8 | uint32(b[25])<<16 | uint32(b[24])<<24
+	s.n[2] = uint32(b[23]) | uint32(b[22])<<8 | uint32(b[21])<<16 | uint32(b[20])<<24
+	s.n[3] = uint32(b[19]) | uint32(b[18])<<8 | uint32(b[17])<<16 | uint32(b[16])<<24
+	s.n[4] = uint32(b[15]) | uint32(b[14])<<8 | uint32(b[13])<<16 | uint32(b[12])<<24
+	s.n[5] = uint32(b[11]) | uint32(b[10])<<8 | uint32(b[9])<<16 | uint32(b[8])<<24
+	s.n[6] = uint32(b[7]) | uint32(b[6])<<8 | uint32(b[5])<<16 | uint32(b[4])<<24
+	s.n[7] = uint32(b[3]) | uint32(b[2])<<8 | uint32(b[1])<<16 | uint32(b[0])<<24
+
+	// The value might be >= N, so reduce it as required and return whether or
+	// not it was reduced.
+	needsReduce := s.overflows()
+	s.reduce256(needsReduce)
+	return needsReduce
+}
+
+// zeroArray32 zeroes the provided 32-byte buffer.
+func zeroArray32(b *[32]byte) {
+	copy(b[:], zero32[:])
+}
+
+// SetByteSlice interprets the provided slice as a 256-bit big-endian unsigned
+// integer (meaning it is truncated to the first 32 bytes), reduces it modulo
+// the group order, sets the scalar to the result, and returns whether or not
+// the resulting truncated 256-bit integer overflowed in constant time.
+//
+// Note that since passing a slice with more than 32 bytes is truncated, it is
+// possible that the truncated value is less than the order of the curve and
+// hence it will not be reported as having overflowed in that case.  It is up to
+// the caller to decide whether it needs to provide numbers of the appropriate
+// size or it is acceptable to use this function with the described truncation
+// and overflow behavior.
+func (s *ModNScalar) SetByteSlice(b []byte) bool {
+	var b32 [32]byte
+	b = b[:constantTimeMin(uint32(len(b)), 32)]
+	copy(b32[:], b32[:32-len(b)])
+	copy(b32[32-len(b):], b)
+	result := s.SetBytes(&b32)
+	zeroArray32(&b32)
+	return result != 0
+}
+
+// PutBytesUnchecked unpacks the scalar to a 32-byte big-endian value directly
+// into the passed byte slice in constant time.  The target slice must must have
+// at least 32 bytes available or it will panic.
+//
+// There is a similar function, PutBytes, which unpacks the scalar into a
+// 32-byte array directly.  This version is provided since it can be useful to
+// write directly into part of a larger buffer without needing a separate
+// allocation.
+//
+// Preconditions:
+//   - The target slice MUST have at least 32 bytes available
+func (s *ModNScalar) PutBytesUnchecked(b []byte) {
+	// Unpack the 256 total bits from the 8 uint32 words.  This could be done
+	// with a for loop, but benchmarks show this unrolled version is about 2
+	// times faster than the variant which uses a loop.
+	b[31] = byte(s.n[0])
+	b[30] = byte(s.n[0] >> 8)
+	b[29] = byte(s.n[0] >> 16)
+	b[28] = byte(s.n[0] >> 24)
+	b[27] = byte(s.n[1])
+	b[26] = byte(s.n[1] >> 8)
+	b[25] = byte(s.n[1] >> 16)
+	b[24] = byte(s.n[1] >> 24)
+	b[23] = byte(s.n[2])
+	b[22] = byte(s.n[2] >> 8)
+	b[21] = byte(s.n[2] >> 16)
+	b[20] = byte(s.n[2] >> 24)
+	b[19] = byte(s.n[3])
+	b[18] = byte(s.n[3] >> 8)
+	b[17] = byte(s.n[3] >> 16)
+	b[16] = byte(s.n[3] >> 24)
+	b[15] = byte(s.n[4])
+	b[14] = byte(s.n[4] >> 8)
+	b[13] = byte(s.n[4] >> 16)
+	b[12] = byte(s.n[4] >> 24)
+	b[11] = byte(s.n[5])
+	b[10] = byte(s.n[5] >> 8)
+	b[9] = byte(s.n[5] >> 16)
+	b[8] = byte(s.n[5] >> 24)
+	b[7] = byte(s.n[6])
+	b[6] = byte(s.n[6] >> 8)
+	b[5] = byte(s.n[6] >> 16)
+	b[4] = byte(s.n[6] >> 24)
+	b[3] = byte(s.n[7])
+	b[2] = byte(s.n[7] >> 8)
+	b[1] = byte(s.n[7] >> 16)
+	b[0] = byte(s.n[7] >> 24)
+}
+
+// PutBytes unpacks the scalar to a 32-byte big-endian value using the passed
+// byte array in constant time.
+//
+// There is a similar function, PutBytesUnchecked, which unpacks the scalar into
+// a slice that must have at least 32 bytes available.  This version is provided
+// since it can be useful to write directly into an array that is type checked.
+//
+// Alternatively, there is also Bytes, which unpacks the scalar into a new array
+// and returns that which can sometimes be more ergonomic in applications that
+// aren't concerned about an additional copy.
+func (s *ModNScalar) PutBytes(b *[32]byte) {
+	s.PutBytesUnchecked(b[:])
+}
+
+// Bytes unpacks the scalar to a 32-byte big-endian value in constant time.
+//
+// See PutBytes and PutBytesUnchecked for variants that allow an array or slice
+// to be passed which can be useful to cut down on the number of allocations
+// by allowing the caller to reuse a buffer or write directly into part of a
+// larger buffer.
+func (s *ModNScalar) Bytes() [32]byte {
+	var b [32]byte
+	s.PutBytesUnchecked(b[:])
+	return b
+}
+
+// IsOdd returns whether or not the scalar is an odd number in constant time.
+func (s *ModNScalar) IsOdd() bool {
+	// Only odd numbers have the bottom bit set.
+	return s.n[0]&1 == 1
+}
+
+// Equals returns whether or not the two scalars are the same in constant time.
+func (s *ModNScalar) Equals(val *ModNScalar) bool {
+	// Xor only sets bits when they are different, so the two scalars can only
+	// be the same if no bits are set after xoring each word.
+	bits := (s.n[0] ^ val.n[0]) | (s.n[1] ^ val.n[1]) | (s.n[2] ^ val.n[2]) |
+		(s.n[3] ^ val.n[3]) | (s.n[4] ^ val.n[4]) | (s.n[5] ^ val.n[5]) |
+		(s.n[6] ^ val.n[6]) | (s.n[7] ^ val.n[7])
+
+	return bits == 0
+}
+
+// Add2 adds the passed two scalars together modulo the group order in constant
+// time and stores the result in s.
+//
+// The scalar is returned to support chaining.  This enables syntax like:
+// s3.Add2(s, s2).AddInt(1) so that s3 = s + s2 + 1.
+func (s *ModNScalar) Add2(val1, val2 *ModNScalar) *ModNScalar {
+	c := uint64(val1.n[0]) + uint64(val2.n[0])
+	s.n[0] = uint32(c & uint32Mask)
+	c = (c >> 32) + uint64(val1.n[1]) + uint64(val2.n[1])
+	s.n[1] = uint32(c & uint32Mask)
+	c = (c >> 32) + uint64(val1.n[2]) + uint64(val2.n[2])
+	s.n[2] = uint32(c & uint32Mask)
+	c = (c >> 32) + uint64(val1.n[3]) + uint64(val2.n[3])
+	s.n[3] = uint32(c & uint32Mask)
+	c = (c >> 32) + uint64(val1.n[4]) + uint64(val2.n[4])
+	s.n[4] = uint32(c & uint32Mask)
+	c = (c >> 32) + uint64(val1.n[5]) + uint64(val2.n[5])
+	s.n[5] = uint32(c & uint32Mask)
+	c = (c >> 32) + uint64(val1.n[6]) + uint64(val2.n[6])
+	s.n[6] = uint32(c & uint32Mask)
+	c = (c >> 32) + uint64(val1.n[7]) + uint64(val2.n[7])
+	s.n[7] = uint32(c & uint32Mask)
+
+	// The result is now 256 bits, but it might still be >= N, so use the
+	// existing normal reduce method for 256-bit values.
+	s.reduce256(uint32(c>>32) + s.overflows())
+	return s
+}
+
+// Add adds the passed scalar to the existing one modulo the group order in
+// constant time and stores the result in s.
+//
+// The scalar is returned to support chaining.  This enables syntax like:
+// s.Add(s2).AddInt(1) so that s = s + s2 + 1.
+func (s *ModNScalar) Add(val *ModNScalar) *ModNScalar {
+	return s.Add2(s, val)
+}
+
+// accumulator96 provides a 96-bit accumulator for use in the intermediate
+// calculations requiring more than 64-bits.
+type accumulator96 struct {
+	n [3]uint32
+}
+
+// Add adds the passed unsigned 64-bit value to the accumulator.
+func (a *accumulator96) Add(v uint64) {
+	low := uint32(v & uint32Mask)
+	hi := uint32(v >> 32)
+	a.n[0] += low
+	hi += constantTimeLess(a.n[0], low) // Carry if overflow in n[0].
+	a.n[1] += hi
+	a.n[2] += constantTimeLess(a.n[1], hi) // Carry if overflow in n[1].
+}
+
+// Rsh32 right shifts the accumulator by 32 bits.
+func (a *accumulator96) Rsh32() {
+	a.n[0] = a.n[1]
+	a.n[1] = a.n[2]
+	a.n[2] = 0
+}
+
+// reduce385 reduces the 385-bit intermediate result in the passed terms modulo
+// the group order in constant time and stores the result in s.
+func (s *ModNScalar) reduce385(t0, t1, t2, t3, t4, t5, t6, t7, t8, t9, t10, t11, t12 uint64) {
+	// At this point, the intermediate result in the passed terms has been
+	// reduced to fit within 385 bits, so reduce it again using the same method
+	// described in reduce512.  As before, the intermediate result will end up
+	// being reduced by another 127 bits to 258 bits, thus 9 32-bit terms are
+	// needed for this iteration.  The reduced terms are assigned back to t0
+	// through t8.
+	//
+	// Note that several of the intermediate calculations require adding 64-bit
+	// products together which would overflow a uint64, so a 96-bit accumulator
+	// is used instead until the value is reduced enough to use native uint64s.
+
+	// Terms for 2^(32*0).
+	var acc accumulator96
+	acc.n[0] = uint32(t0) // == acc.Add(t0) because acc is guaranteed to be 0.
+	acc.Add(t8 * uint64(orderComplementWordZero))
+	t0 = uint64(acc.n[0])
+	acc.Rsh32()
+
+	// Terms for 2^(32*1).
+	acc.Add(t1)
+	acc.Add(t8 * uint64(orderComplementWordOne))
+	acc.Add(t9 * uint64(orderComplementWordZero))
+	t1 = uint64(acc.n[0])
+	acc.Rsh32()
+
+	// Terms for 2^(32*2).
+	acc.Add(t2)
+	acc.Add(t8 * uint64(orderComplementWordTwo))
+	acc.Add(t9 * uint64(orderComplementWordOne))
+	acc.Add(t10 * uint64(orderComplementWordZero))
+	t2 = uint64(acc.n[0])
+	acc.Rsh32()
+
+	// Terms for 2^(32*3).
+	acc.Add(t3)
+	acc.Add(t8 * uint64(orderComplementWordThree))
+	acc.Add(t9 * uint64(orderComplementWordTwo))
+	acc.Add(t10 * uint64(orderComplementWordOne))
+	acc.Add(t11 * uint64(orderComplementWordZero))
+	t3 = uint64(acc.n[0])
+	acc.Rsh32()
+
+	// Terms for 2^(32*4).
+	acc.Add(t4)
+	acc.Add(t8) // * uint64(orderComplementWordFour) // * 1
+	acc.Add(t9 * uint64(orderComplementWordThree))
+	acc.Add(t10 * uint64(orderComplementWordTwo))
+	acc.Add(t11 * uint64(orderComplementWordOne))
+	acc.Add(t12 * uint64(orderComplementWordZero))
+	t4 = uint64(acc.n[0])
+	acc.Rsh32()
+
+	// Terms for 2^(32*5).
+	acc.Add(t5)
+	// acc.Add(t8 * uint64(orderComplementWordFive)) // 0
+	acc.Add(t9) // * uint64(orderComplementWordFour) // * 1
+	acc.Add(t10 * uint64(orderComplementWordThree))
+	acc.Add(t11 * uint64(orderComplementWordTwo))
+	acc.Add(t12 * uint64(orderComplementWordOne))
+	t5 = uint64(acc.n[0])
+	acc.Rsh32()
+
+	// Terms for 2^(32*6).
+	acc.Add(t6)
+	// acc.Add(t8 * uint64(orderComplementWordSix)) // 0
+	// acc.Add(t9 * uint64(orderComplementWordFive)) // 0
+	acc.Add(t10) // * uint64(orderComplementWordFour) // * 1
+	acc.Add(t11 * uint64(orderComplementWordThree))
+	acc.Add(t12 * uint64(orderComplementWordTwo))
+	t6 = uint64(acc.n[0])
+	acc.Rsh32()
+
+	// Terms for 2^(32*7).
+	acc.Add(t7)
+	// acc.Add(t8 * uint64(orderComplementWordSeven)) // 0
+	// acc.Add(t9 * uint64(orderComplementWordSix)) // 0
+	// acc.Add(t10 * uint64(orderComplementWordFive)) // 0
+	acc.Add(t11) // * uint64(orderComplementWordFour) // * 1
+	acc.Add(t12 * uint64(orderComplementWordThree))
+	t7 = uint64(acc.n[0])
+	acc.Rsh32()
+
+	// Terms for 2^(32*8).
+	// acc.Add(t9 * uint64(orderComplementWordSeven)) // 0
+	// acc.Add(t10 * uint64(orderComplementWordSix)) // 0
+	// acc.Add(t11 * uint64(orderComplementWordFive)) // 0
+	acc.Add(t12) // * uint64(orderComplementWordFour) // * 1
+	t8 = uint64(acc.n[0])
+	// acc.Rsh32() // No need since not used after this.  Guaranteed to be 0.
+
+	// NOTE: All of the remaining multiplications for this iteration result in 0
+	// as they all involve multiplying by combinations of the fifth, sixth, and
+	// seventh words of the two's complement of N, which are 0, so skip them.
+
+	// At this point, the result is reduced to fit within 258 bits, so reduce it
+	// again using a slightly modified version of the same method.  The maximum
+	// value in t8 is 2 at this point and therefore multiplying it by each word
+	// of the two's complement of N and adding it to a 32-bit term will result
+	// in a maximum requirement of 33 bits, so it is safe to use native uint64s
+	// here for the intermediate term carry propagation.
+	//
+	// Also, since the maximum value in t8 is 2, this ends up reducing by
+	// another 2 bits to 256 bits.
+	c := t0 + t8*uint64(orderComplementWordZero)
+	s.n[0] = uint32(c & uint32Mask)
+	c = (c >> 32) + t1 + t8*uint64(orderComplementWordOne)
+	s.n[1] = uint32(c & uint32Mask)
+	c = (c >> 32) + t2 + t8*uint64(orderComplementWordTwo)
+	s.n[2] = uint32(c & uint32Mask)
+	c = (c >> 32) + t3 + t8*uint64(orderComplementWordThree)
+	s.n[3] = uint32(c & uint32Mask)
+	c = (c >> 32) + t4 + t8 // * uint64(orderComplementWordFour) == * 1
+	s.n[4] = uint32(c & uint32Mask)
+	c = (c >> 32) + t5 // + t8*uint64(orderComplementWordFive) == 0
+	s.n[5] = uint32(c & uint32Mask)
+	c = (c >> 32) + t6 // + t8*uint64(orderComplementWordSix) == 0
+	s.n[6] = uint32(c & uint32Mask)
+	c = (c >> 32) + t7 // + t8*uint64(orderComplementWordSeven) == 0
+	s.n[7] = uint32(c & uint32Mask)
+
+	// The result is now 256 bits, but it might still be >= N, so use the
+	// existing normal reduce method for 256-bit values.
+	s.reduce256(uint32(c>>32) + s.overflows())
+}
+
+// reduce512 reduces the 512-bit intermediate result in the passed terms modulo
+// the group order down to 385 bits in constant time and stores the result in s.
+func (s *ModNScalar) reduce512(t0, t1, t2, t3, t4, t5, t6, t7, t8, t9, t10, t11, t12, t13, t14, t15 uint64) {
+	// At this point, the intermediate result in the passed terms is grouped
+	// into the respective bases.
+	//
+	// Per [HAC] section 14.3.4: Reduction method of moduli of special form,
+	// when the modulus is of the special form m = b^t - c, where log_2(c) < t,
+	// highly efficient reduction can be achieved per the provided algorithm.
+	//
+	// The secp256k1 group order fits this criteria since it is:
+	//   2^256 - 432420386565659656852420866394968145599
+	//
+	// Technically the max possible value here is (N-1)^2 since the two scalars
+	// being multiplied are always mod N.  Nevertheless, it is safer to consider
+	// it to be (2^256-1)^2 = 2^512 - 2^256 + 1 since it is the product of two
+	// 256-bit values.
+	//
+	// The algorithm is to reduce the result modulo the prime by subtracting
+	// multiples of the group order N.  However, in order simplify carry
+	// propagation, this adds with the two's complement of N to achieve the same
+	// result.
+	//
+	// Since the two's complement of N has 127 leading zero bits, this will end
+	// up reducing the intermediate result from 512 bits to 385 bits, resulting
+	// in 13 32-bit terms.  The reduced terms are assigned back to t0 through
+	// t12.
+	//
+	// Note that several of the intermediate calculations require adding 64-bit
+	// products together which would overflow a uint64, so a 96-bit accumulator
+	// is used instead.
+
+	// Terms for 2^(32*0).
+	var acc accumulator96
+	acc.n[0] = uint32(t0) // == acc.Add(t0) because acc is guaranteed to be 0.
+	acc.Add(t8 * uint64(orderComplementWordZero))
+	t0 = uint64(acc.n[0])
+	acc.Rsh32()
+
+	// Terms for 2^(32*1).
+	acc.Add(t1)
+	acc.Add(t8 * uint64(orderComplementWordOne))
+	acc.Add(t9 * uint64(orderComplementWordZero))
+	t1 = uint64(acc.n[0])
+	acc.Rsh32()
+
+	// Terms for 2^(32*2).
+	acc.Add(t2)
+	acc.Add(t8 * uint64(orderComplementWordTwo))
+	acc.Add(t9 * uint64(orderComplementWordOne))
+	acc.Add(t10 * uint64(orderComplementWordZero))
+	t2 = uint64(acc.n[0])
+	acc.Rsh32()
+
+	// Terms for 2^(32*3).
+	acc.Add(t3)
+	acc.Add(t8 * uint64(orderComplementWordThree))
+	acc.Add(t9 * uint64(orderComplementWordTwo))
+	acc.Add(t10 * uint64(orderComplementWordOne))
+	acc.Add(t11 * uint64(orderComplementWordZero))
+	t3 = uint64(acc.n[0])
+	acc.Rsh32()
+
+	// Terms for 2^(32*4).
+	acc.Add(t4)
+	acc.Add(t8) // * uint64(orderComplementWordFour) // * 1
+	acc.Add(t9 * uint64(orderComplementWordThree))
+	acc.Add(t10 * uint64(orderComplementWordTwo))
+	acc.Add(t11 * uint64(orderComplementWordOne))
+	acc.Add(t12 * uint64(orderComplementWordZero))
+	t4 = uint64(acc.n[0])
+	acc.Rsh32()
+
+	// Terms for 2^(32*5).
+	acc.Add(t5)
+	// acc.Add(t8 * uint64(orderComplementWordFive)) // 0
+	acc.Add(t9) // * uint64(orderComplementWordFour) // * 1
+	acc.Add(t10 * uint64(orderComplementWordThree))
+	acc.Add(t11 * uint64(orderComplementWordTwo))
+	acc.Add(t12 * uint64(orderComplementWordOne))
+	acc.Add(t13 * uint64(orderComplementWordZero))
+	t5 = uint64(acc.n[0])
+	acc.Rsh32()
+
+	// Terms for 2^(32*6).
+	acc.Add(t6)
+	// acc.Add(t8 * uint64(orderComplementWordSix)) // 0
+	// acc.Add(t9 * uint64(orderComplementWordFive)) // 0
+	acc.Add(t10) // * uint64(orderComplementWordFour)) // * 1
+	acc.Add(t11 * uint64(orderComplementWordThree))
+	acc.Add(t12 * uint64(orderComplementWordTwo))
+	acc.Add(t13 * uint64(orderComplementWordOne))
+	acc.Add(t14 * uint64(orderComplementWordZero))
+	t6 = uint64(acc.n[0])
+	acc.Rsh32()
+
+	// Terms for 2^(32*7).
+	acc.Add(t7)
+	// acc.Add(t8 * uint64(orderComplementWordSeven)) // 0
+	// acc.Add(t9 * uint64(orderComplementWordSix)) // 0
+	// acc.Add(t10 * uint64(orderComplementWordFive)) // 0
+	acc.Add(t11) // * uint64(orderComplementWordFour) // * 1
+	acc.Add(t12 * uint64(orderComplementWordThree))
+	acc.Add(t13 * uint64(orderComplementWordTwo))
+	acc.Add(t14 * uint64(orderComplementWordOne))
+	acc.Add(t15 * uint64(orderComplementWordZero))
+	t7 = uint64(acc.n[0])
+	acc.Rsh32()
+
+	// Terms for 2^(32*8).
+	// acc.Add(t9 * uint64(orderComplementWordSeven)) // 0
+	// acc.Add(t10 * uint64(orderComplementWordSix)) // 0
+	// acc.Add(t11 * uint64(orderComplementWordFive)) // 0
+	acc.Add(t12) // * uint64(orderComplementWordFour) // * 1
+	acc.Add(t13 * uint64(orderComplementWordThree))
+	acc.Add(t14 * uint64(orderComplementWordTwo))
+	acc.Add(t15 * uint64(orderComplementWordOne))
+	t8 = uint64(acc.n[0])
+	acc.Rsh32()
+
+	// Terms for 2^(32*9).
+	// acc.Add(t10 * uint64(orderComplementWordSeven)) // 0
+	// acc.Add(t11 * uint64(orderComplementWordSix)) // 0
+	// acc.Add(t12 * uint64(orderComplementWordFive)) // 0
+	acc.Add(t13) // * uint64(orderComplementWordFour) // * 1
+	acc.Add(t14 * uint64(orderComplementWordThree))
+	acc.Add(t15 * uint64(orderComplementWordTwo))
+	t9 = uint64(acc.n[0])
+	acc.Rsh32()
+
+	// Terms for 2^(32*10).
+	// acc.Add(t11 * uint64(orderComplementWordSeven)) // 0
+	// acc.Add(t12 * uint64(orderComplementWordSix)) // 0
+	// acc.Add(t13 * uint64(orderComplementWordFive)) // 0
+	acc.Add(t14) // * uint64(orderComplementWordFour) // * 1
+	acc.Add(t15 * uint64(orderComplementWordThree))
+	t10 = uint64(acc.n[0])
+	acc.Rsh32()
+
+	// Terms for 2^(32*11).
+	// acc.Add(t12 * uint64(orderComplementWordSeven)) // 0
+	// acc.Add(t13 * uint64(orderComplementWordSix)) // 0
+	// acc.Add(t14 * uint64(orderComplementWordFive)) // 0
+	acc.Add(t15) // * uint64(orderComplementWordFour) // * 1
+	t11 = uint64(acc.n[0])
+	acc.Rsh32()
+
+	// NOTE: All of the remaining multiplications for this iteration result in 0
+	// as they all involve multiplying by combinations of the fifth, sixth, and
+	// seventh words of the two's complement of N, which are 0, so skip them.
+
+	// Terms for 2^(32*12).
+	t12 = uint64(acc.n[0])
+	// acc.Rsh32() // No need since not used after this.  Guaranteed to be 0.
+
+	// At this point, the result is reduced to fit within 385 bits, so reduce it
+	// again using the same method accordingly.
+	s.reduce385(t0, t1, t2, t3, t4, t5, t6, t7, t8, t9, t10, t11, t12)
+}
+
+// Mul2 multiplies the passed two scalars together modulo the group order in
+// constant time and stores the result in s.
+//
+// The scalar is returned to support chaining.  This enables syntax like:
+// s3.Mul2(s, s2).AddInt(1) so that s3 = (s * s2) + 1.
+func (s *ModNScalar) Mul2(val, val2 *ModNScalar) *ModNScalar {
+	// This could be done with for loops and an array to store the intermediate
+	// terms, but this unrolled version is significantly faster.
+
+	// The overall strategy employed here is:
+	// 1) Calculate the 512-bit product of the two scalars using the standard
+	//    pencil-and-paper method.
+	// 2) Reduce the result modulo the prime by effectively subtracting
+	//    multiples of the group order N (actually performed by adding multiples
+	//    of the two's complement of N to avoid implementing subtraction).
+	// 3) Repeat step 2 noting that each iteration reduces the required number
+	//    of bits by 127 because the two's complement of N has 127 leading zero
+	//    bits.
+	// 4) Once reduced to 256 bits, call the existing reduce method to perform
+	//    a final reduction as needed.
+	//
+	// Note that several of the intermediate calculations require adding 64-bit
+	// products together which would overflow a uint64, so a 96-bit accumulator
+	// is used instead.
+
+	// Terms for 2^(32*0).
+	var acc accumulator96
+	acc.Add(uint64(val.n[0]) * uint64(val2.n[0]))
+	t0 := uint64(acc.n[0])
+	acc.Rsh32()
+
+	// Terms for 2^(32*1).
+	acc.Add(uint64(val.n[0]) * uint64(val2.n[1]))
+	acc.Add(uint64(val.n[1]) * uint64(val2.n[0]))
+	t1 := uint64(acc.n[0])
+	acc.Rsh32()
+
+	// Terms for 2^(32*2).
+	acc.Add(uint64(val.n[0]) * uint64(val2.n[2]))
+	acc.Add(uint64(val.n[1]) * uint64(val2.n[1]))
+	acc.Add(uint64(val.n[2]) * uint64(val2.n[0]))
+	t2 := uint64(acc.n[0])
+	acc.Rsh32()
+
+	// Terms for 2^(32*3).
+	acc.Add(uint64(val.n[0]) * uint64(val2.n[3]))
+	acc.Add(uint64(val.n[1]) * uint64(val2.n[2]))
+	acc.Add(uint64(val.n[2]) * uint64(val2.n[1]))
+	acc.Add(uint64(val.n[3]) * uint64(val2.n[0]))
+	t3 := uint64(acc.n[0])
+	acc.Rsh32()
+
+	// Terms for 2^(32*4).
+	acc.Add(uint64(val.n[0]) * uint64(val2.n[4]))
+	acc.Add(uint64(val.n[1]) * uint64(val2.n[3]))
+	acc.Add(uint64(val.n[2]) * uint64(val2.n[2]))
+	acc.Add(uint64(val.n[3]) * uint64(val2.n[1]))
+	acc.Add(uint64(val.n[4]) * uint64(val2.n[0]))
+	t4 := uint64(acc.n[0])
+	acc.Rsh32()
+
+	// Terms for 2^(32*5).
+	acc.Add(uint64(val.n[0]) * uint64(val2.n[5]))
+	acc.Add(uint64(val.n[1]) * uint64(val2.n[4]))
+	acc.Add(uint64(val.n[2]) * uint64(val2.n[3]))
+	acc.Add(uint64(val.n[3]) * uint64(val2.n[2]))
+	acc.Add(uint64(val.n[4]) * uint64(val2.n[1]))
+	acc.Add(uint64(val.n[5]) * uint64(val2.n[0]))
+	t5 := uint64(acc.n[0])
+	acc.Rsh32()
+
+	// Terms for 2^(32*6).
+	acc.Add(uint64(val.n[0]) * uint64(val2.n[6]))
+	acc.Add(uint64(val.n[1]) * uint64(val2.n[5]))
+	acc.Add(uint64(val.n[2]) * uint64(val2.n[4]))
+	acc.Add(uint64(val.n[3]) * uint64(val2.n[3]))
+	acc.Add(uint64(val.n[4]) * uint64(val2.n[2]))
+	acc.Add(uint64(val.n[5]) * uint64(val2.n[1]))
+	acc.Add(uint64(val.n[6]) * uint64(val2.n[0]))
+	t6 := uint64(acc.n[0])
+	acc.Rsh32()
+
+	// Terms for 2^(32*7).
+	acc.Add(uint64(val.n[0]) * uint64(val2.n[7]))
+	acc.Add(uint64(val.n[1]) * uint64(val2.n[6]))
+	acc.Add(uint64(val.n[2]) * uint64(val2.n[5]))
+	acc.Add(uint64(val.n[3]) * uint64(val2.n[4]))
+	acc.Add(uint64(val.n[4]) * uint64(val2.n[3]))
+	acc.Add(uint64(val.n[5]) * uint64(val2.n[2]))
+	acc.Add(uint64(val.n[6]) * uint64(val2.n[1]))
+	acc.Add(uint64(val.n[7]) * uint64(val2.n[0]))
+	t7 := uint64(acc.n[0])
+	acc.Rsh32()
+
+	// Terms for 2^(32*8).
+	acc.Add(uint64(val.n[1]) * uint64(val2.n[7]))
+	acc.Add(uint64(val.n[2]) * uint64(val2.n[6]))
+	acc.Add(uint64(val.n[3]) * uint64(val2.n[5]))
+	acc.Add(uint64(val.n[4]) * uint64(val2.n[4]))
+	acc.Add(uint64(val.n[5]) * uint64(val2.n[3]))
+	acc.Add(uint64(val.n[6]) * uint64(val2.n[2]))
+	acc.Add(uint64(val.n[7]) * uint64(val2.n[1]))
+	t8 := uint64(acc.n[0])
+	acc.Rsh32()
+
+	// Terms for 2^(32*9).
+	acc.Add(uint64(val.n[2]) * uint64(val2.n[7]))
+	acc.Add(uint64(val.n[3]) * uint64(val2.n[6]))
+	acc.Add(uint64(val.n[4]) * uint64(val2.n[5]))
+	acc.Add(uint64(val.n[5]) * uint64(val2.n[4]))
+	acc.Add(uint64(val.n[6]) * uint64(val2.n[3]))
+	acc.Add(uint64(val.n[7]) * uint64(val2.n[2]))
+	t9 := uint64(acc.n[0])
+	acc.Rsh32()
+
+	// Terms for 2^(32*10).
+	acc.Add(uint64(val.n[3]) * uint64(val2.n[7]))
+	acc.Add(uint64(val.n[4]) * uint64(val2.n[6]))
+	acc.Add(uint64(val.n[5]) * uint64(val2.n[5]))
+	acc.Add(uint64(val.n[6]) * uint64(val2.n[4]))
+	acc.Add(uint64(val.n[7]) * uint64(val2.n[3]))
+	t10 := uint64(acc.n[0])
+	acc.Rsh32()
+
+	// Terms for 2^(32*11).
+	acc.Add(uint64(val.n[4]) * uint64(val2.n[7]))
+	acc.Add(uint64(val.n[5]) * uint64(val2.n[6]))
+	acc.Add(uint64(val.n[6]) * uint64(val2.n[5]))
+	acc.Add(uint64(val.n[7]) * uint64(val2.n[4]))
+	t11 := uint64(acc.n[0])
+	acc.Rsh32()
+
+	// Terms for 2^(32*12).
+	acc.Add(uint64(val.n[5]) * uint64(val2.n[7]))
+	acc.Add(uint64(val.n[6]) * uint64(val2.n[6]))
+	acc.Add(uint64(val.n[7]) * uint64(val2.n[5]))
+	t12 := uint64(acc.n[0])
+	acc.Rsh32()
+
+	// Terms for 2^(32*13).
+	acc.Add(uint64(val.n[6]) * uint64(val2.n[7]))
+	acc.Add(uint64(val.n[7]) * uint64(val2.n[6]))
+	t13 := uint64(acc.n[0])
+	acc.Rsh32()
+
+	// Terms for 2^(32*14).
+	acc.Add(uint64(val.n[7]) * uint64(val2.n[7]))
+	t14 := uint64(acc.n[0])
+	acc.Rsh32()
+
+	// What's left is for 2^(32*15).
+	t15 := uint64(acc.n[0])
+	// acc.Rsh32() // No need since not used after this.  Guaranteed to be 0.
+
+	// At this point, all of the terms are grouped into their respective base
+	// and occupy up to 512 bits.  Reduce the result accordingly.
+	s.reduce512(t0, t1, t2, t3, t4, t5, t6, t7, t8, t9, t10, t11, t12, t13, t14,
+		t15)
+	return s
+}
+
+// Mul multiplies the passed scalar with the existing one modulo the group order
+// in constant time and stores the result in s.
+//
+// The scalar is returned to support chaining.  This enables syntax like:
+// s.Mul(s2).AddInt(1) so that s = (s * s2) + 1.
+func (s *ModNScalar) Mul(val *ModNScalar) *ModNScalar {
+	return s.Mul2(s, val)
+}
+
+// SquareVal squares the passed scalar modulo the group order in constant time
+// and stores the result in s.
+//
+// The scalar is returned to support chaining.  This enables syntax like:
+// s3.SquareVal(s).Mul(s) so that s3 = s^2 * s = s^3.
+func (s *ModNScalar) SquareVal(val *ModNScalar) *ModNScalar {
+	// This could technically be optimized slightly to take advantage of the
+	// fact that many of the intermediate calculations in squaring are just
+	// doubling, however, benchmarking has shown that due to the need to use a
+	// 96-bit accumulator, any savings are essentially offset by that and
+	// consequently there is no real difference in performance over just
+	// multiplying the value by itself to justify the extra code for now.  This
+	// can be revisited in the future if it becomes a bottleneck in practice.
+
+	return s.Mul2(val, val)
+}
+
+// Square squares the scalar modulo the group order in constant time.  The
+// existing scalar is modified.
+//
+// The scalar is returned to support chaining.  This enables syntax like:
+// s.Square().Mul(s2) so that s = s^2 * s2.
+func (s *ModNScalar) Square() *ModNScalar {
+	return s.SquareVal(s)
+}
+
+// NegateVal negates the passed scalar modulo the group order and stores the
+// result in s in constant time.
+//
+// The scalar is returned to support chaining.  This enables syntax like:
+// s.NegateVal(s2).AddInt(1) so that s = -s2 + 1.
+func (s *ModNScalar) NegateVal(val *ModNScalar) *ModNScalar {
+	// Since the scalar is already in the range 0 <= val < N, where N is the
+	// group order, negation modulo the group order is just the group order
+	// minus the value.  This implies that the result will always be in the
+	// desired range with the sole exception of 0 because N - 0 = N itself.
+	//
+	// Therefore, in order to avoid the need to reduce the result for every
+	// other case in order to achieve constant time, this creates a mask that is
+	// all 0s in the case of the scalar being negated is 0 and all 1s otherwise
+	// and bitwise ands that mask with each word.
+	//
+	// Finally, to simplify the carry propagation, this adds the two's
+	// complement of the scalar to N in order to achieve the same result.
+	bits := val.n[0] | val.n[1] | val.n[2] | val.n[3] | val.n[4] | val.n[5] |
+		val.n[6] | val.n[7]
+	mask := uint64(uint32Mask * constantTimeNotEq(bits, 0))
+	c := uint64(orderWordZero) + (uint64(^val.n[0]) + 1)
+	s.n[0] = uint32(c & mask)
+	c = (c >> 32) + uint64(orderWordOne) + uint64(^val.n[1])
+	s.n[1] = uint32(c & mask)
+	c = (c >> 32) + uint64(orderWordTwo) + uint64(^val.n[2])
+	s.n[2] = uint32(c & mask)
+	c = (c >> 32) + uint64(orderWordThree) + uint64(^val.n[3])
+	s.n[3] = uint32(c & mask)
+	c = (c >> 32) + uint64(orderWordFour) + uint64(^val.n[4])
+	s.n[4] = uint32(c & mask)
+	c = (c >> 32) + uint64(orderWordFive) + uint64(^val.n[5])
+	s.n[5] = uint32(c & mask)
+	c = (c >> 32) + uint64(orderWordSix) + uint64(^val.n[6])
+	s.n[6] = uint32(c & mask)
+	c = (c >> 32) + uint64(orderWordSeven) + uint64(^val.n[7])
+	s.n[7] = uint32(c & mask)
+	return s
+}
+
+// Negate negates the scalar modulo the group order in constant time.  The
+// existing scalar is modified.
+//
+// The scalar is returned to support chaining.  This enables syntax like:
+// s.Negate().AddInt(1) so that s = -s + 1.
+func (s *ModNScalar) Negate() *ModNScalar {
+	return s.NegateVal(s)
+}
+
+// InverseValNonConst finds the modular multiplicative inverse of the passed
+// scalar and stores result in s in *non-constant* time.
+//
+// The scalar is returned to support chaining.  This enables syntax like:
+// s3.InverseVal(s1).Mul(s2) so that s3 = s1^-1 * s2.
+func (s *ModNScalar) InverseValNonConst(val *ModNScalar) *ModNScalar {
+	// This is making use of big integers for now.  Ideally it will be replaced
+	// with an implementation that does not depend on big integers.
+	valBytes := val.Bytes()
+	bigVal := new(big.Int).SetBytes(valBytes[:])
+	bigVal.ModInverse(bigVal, curveParams.N)
+	s.SetByteSlice(bigVal.Bytes())
+	return s
+}
+
+// InverseNonConst finds the modular multiplicative inverse of the scalar in
+// *non-constant* time.  The existing scalar is modified.
+//
+// The scalar is returned to support chaining.  This enables syntax like:
+// s.Inverse().Mul(s2) so that s = s^-1 * s2.
+func (s *ModNScalar) InverseNonConst() *ModNScalar {
+	return s.InverseValNonConst(s)
+}
+
+// IsOverHalfOrder returns whether or not the scalar exceeds the group order
+// divided by 2 in constant time.
+func (s *ModNScalar) IsOverHalfOrder() bool {
+	// The intuition here is that the scalar is greater than half of the group
+	// order if one of the higher individual words is greater than the
+	// corresponding word of the half group order and all higher words in the
+	// scalar are equal to their corresponding word of the half group order.
+	//
+	// Note that the words 4, 5, and 6 are all the max uint32 value, so there is
+	// no need to test if those individual words of the scalar exceeds them,
+	// hence, only equality is checked for them.
+	result := constantTimeGreater(s.n[7], halfOrderWordSeven)
+	highWordsEqual := constantTimeEq(s.n[7], halfOrderWordSeven)
+	highWordsEqual &= constantTimeEq(s.n[6], halfOrderWordSix)
+	highWordsEqual &= constantTimeEq(s.n[5], halfOrderWordFive)
+	highWordsEqual &= constantTimeEq(s.n[4], halfOrderWordFour)
+	result |= highWordsEqual & constantTimeGreater(s.n[3], halfOrderWordThree)
+	highWordsEqual &= constantTimeEq(s.n[3], halfOrderWordThree)
+	result |= highWordsEqual & constantTimeGreater(s.n[2], halfOrderWordTwo)
+	highWordsEqual &= constantTimeEq(s.n[2], halfOrderWordTwo)
+	result |= highWordsEqual & constantTimeGreater(s.n[1], halfOrderWordOne)
+	highWordsEqual &= constantTimeEq(s.n[1], halfOrderWordOne)
+	result |= highWordsEqual & constantTimeGreater(s.n[0], halfOrderWordZero)
+
+	return result != 0
+}
diff --git a/vendor/github.com/decred/dcrd/dcrec/secp256k1/v4/nonce.go b/vendor/github.com/decred/dcrd/dcrec/secp256k1/v4/nonce.go
new file mode 100644
index 000000000..81b205d9c
--- /dev/null
+++ b/vendor/github.com/decred/dcrd/dcrec/secp256k1/v4/nonce.go
@@ -0,0 +1,263 @@
+// Copyright (c) 2013-2014 The btcsuite developers
+// Copyright (c) 2015-2020 The Decred developers
+// Use of this source code is governed by an ISC
+// license that can be found in the LICENSE file.
+
+package secp256k1
+
+import (
+	"bytes"
+	"crypto/sha256"
+	"hash"
+)
+
+// References:
+//   [GECC]: Guide to Elliptic Curve Cryptography (Hankerson, Menezes, Vanstone)
+//
+//   [ISO/IEC 8825-1]: Information technology — ASN.1 encoding rules:
+//     Specification of Basic Encoding Rules (BER), Canonical Encoding Rules
+//     (CER) and Distinguished Encoding Rules (DER)
+//
+//   [SEC1]: Elliptic Curve Cryptography (May 31, 2009, Version 2.0)
+//     https://www.secg.org/sec1-v2.pdf
+
+var (
+	// singleZero is used during RFC6979 nonce generation.  It is provided
+	// here to avoid the need to create it multiple times.
+	singleZero = []byte{0x00}
+
+	// zeroInitializer is used during RFC6979 nonce generation.  It is provided
+	// here to avoid the need to create it multiple times.
+	zeroInitializer = bytes.Repeat([]byte{0x00}, sha256.BlockSize)
+
+	// singleOne is used during RFC6979 nonce generation.  It is provided
+	// here to avoid the need to create it multiple times.
+	singleOne = []byte{0x01}
+
+	// oneInitializer is used during RFC6979 nonce generation.  It is provided
+	// here to avoid the need to create it multiple times.
+	oneInitializer = bytes.Repeat([]byte{0x01}, sha256.Size)
+)
+
+// hmacsha256 implements a resettable version of HMAC-SHA256.
+type hmacsha256 struct {
+	inner, outer hash.Hash
+	ipad, opad   [sha256.BlockSize]byte
+}
+
+// Write adds data to the running hash.
+func (h *hmacsha256) Write(p []byte) {
+	h.inner.Write(p)
+}
+
+// initKey initializes the HMAC-SHA256 instance to the provided key.
+func (h *hmacsha256) initKey(key []byte) {
+	// Hash the key if it is too large.
+	if len(key) > sha256.BlockSize {
+		h.outer.Write(key)
+		key = h.outer.Sum(nil)
+	}
+	copy(h.ipad[:], key)
+	copy(h.opad[:], key)
+	for i := range h.ipad {
+		h.ipad[i] ^= 0x36
+	}
+	for i := range h.opad {
+		h.opad[i] ^= 0x5c
+	}
+	h.inner.Write(h.ipad[:])
+}
+
+// ResetKey resets the HMAC-SHA256 to its initial state and then initializes it
+// with the provided key.  It is equivalent to creating a new instance with the
+// provided key without allocating more memory.
+func (h *hmacsha256) ResetKey(key []byte) {
+	h.inner.Reset()
+	h.outer.Reset()
+	copy(h.ipad[:], zeroInitializer)
+	copy(h.opad[:], zeroInitializer)
+	h.initKey(key)
+}
+
+// Resets the HMAC-SHA256 to its initial state using the current key.
+func (h *hmacsha256) Reset() {
+	h.inner.Reset()
+	h.inner.Write(h.ipad[:])
+}
+
+// Sum returns the hash of the written data.
+func (h *hmacsha256) Sum() []byte {
+	h.outer.Reset()
+	h.outer.Write(h.opad[:])
+	h.outer.Write(h.inner.Sum(nil))
+	return h.outer.Sum(nil)
+}
+
+// newHMACSHA256 returns a new HMAC-SHA256 hasher using the provided key.
+func newHMACSHA256(key []byte) *hmacsha256 {
+	h := new(hmacsha256)
+	h.inner = sha256.New()
+	h.outer = sha256.New()
+	h.initKey(key)
+	return h
+}
+
+// NonceRFC6979 generates a nonce deterministically according to RFC 6979 using
+// HMAC-SHA256 for the hashing function.  It takes a 32-byte hash as an input
+// and returns a 32-byte nonce to be used for deterministic signing.  The extra
+// and version arguments are optional, but allow additional data to be added to
+// the input of the HMAC.  When provided, the extra data must be 32-bytes and
+// version must be 16 bytes or they will be ignored.
+//
+// Finally, the extraIterations parameter provides a method to produce a stream
+// of deterministic nonces to ensure the signing code is able to produce a nonce
+// that results in a valid signature in the extremely unlikely event the
+// original nonce produced results in an invalid signature (e.g. R == 0).
+// Signing code should start with 0 and increment it if necessary.
+func NonceRFC6979(privKey []byte, hash []byte, extra []byte, version []byte, extraIterations uint32) *ModNScalar {
+	// Input to HMAC is the 32-byte private key and the 32-byte hash.  In
+	// addition, it may include the optional 32-byte extra data and 16-byte
+	// version.  Create a fixed-size array to avoid extra allocs and slice it
+	// properly.
+	const (
+		privKeyLen = 32
+		hashLen    = 32
+		extraLen   = 32
+		versionLen = 16
+	)
+	var keyBuf [privKeyLen + hashLen + extraLen + versionLen]byte
+
+	// Truncate rightmost bytes of private key and hash if they are too long and
+	// leave left padding of zeros when they're too short.
+	if len(privKey) > privKeyLen {
+		privKey = privKey[:privKeyLen]
+	}
+	if len(hash) > hashLen {
+		hash = hash[:hashLen]
+	}
+	offset := privKeyLen - len(privKey) // Zero left padding if needed.
+	offset += copy(keyBuf[offset:], privKey)
+	offset += hashLen - len(hash) // Zero left padding if needed.
+	offset += copy(keyBuf[offset:], hash)
+	if len(extra) == extraLen {
+		offset += copy(keyBuf[offset:], extra)
+		if len(version) == versionLen {
+			offset += copy(keyBuf[offset:], version)
+		}
+	} else if len(version) == versionLen {
+		// When the version was specified, but not the extra data, leave the
+		// extra data portion all zero.
+		offset += privKeyLen
+		offset += copy(keyBuf[offset:], version)
+	}
+	key := keyBuf[:offset]
+
+	// Step B.
+	//
+	// V = 0x01 0x01 0x01 ... 0x01 such that the length of V, in bits, is
+	// equal to 8*ceil(hashLen/8).
+	//
+	// Note that since the hash length is a multiple of 8 for the chosen hash
+	// function in this optimized implementation, the result is just the hash
+	// length, so avoid the extra calculations.  Also, since it isn't modified,
+	// start with a global value.
+	v := oneInitializer
+
+	// Step C (Go zeroes all allocated memory).
+	//
+	// K = 0x00 0x00 0x00 ... 0x00 such that the length of K, in bits, is
+	// equal to 8*ceil(hashLen/8).
+	//
+	// As above, since the hash length is a multiple of 8 for the chosen hash
+	// function in this optimized implementation, the result is just the hash
+	// length, so avoid the extra calculations.
+	k := zeroInitializer[:hashLen]
+
+	// Step D.
+	//
+	// K = HMAC_K(V || 0x00 || int2octets(x) || bits2octets(h1))
+	//
+	// Note that key is the "int2octets(x) || bits2octets(h1)" portion along
+	// with potential additional data as described by section 3.6 of the RFC.
+	hasher := newHMACSHA256(k)
+	hasher.Write(oneInitializer)
+	hasher.Write(singleZero[:])
+	hasher.Write(key)
+	k = hasher.Sum()
+
+	// Step E.
+	//
+	// V = HMAC_K(V)
+	hasher.ResetKey(k)
+	hasher.Write(v)
+	v = hasher.Sum()
+
+	// Step F.
+	//
+	// K = HMAC_K(V || 0x01 || int2octets(x) || bits2octets(h1))
+	//
+	// Note that key is the "int2octets(x) || bits2octets(h1)" portion along
+	// with potential additional data as described by section 3.6 of the RFC.
+	hasher.Reset()
+	hasher.Write(v)
+	hasher.Write(singleOne[:])
+	hasher.Write(key[:])
+	k = hasher.Sum()
+
+	// Step G.
+	//
+	// V = HMAC_K(V)
+	hasher.ResetKey(k)
+	hasher.Write(v)
+	v = hasher.Sum()
+
+	// Step H.
+	//
+	// Repeat until the value is nonzero and less than the curve order.
+	var generated uint32
+	for {
+		// Step H1 and H2.
+		//
+		// Set T to the empty sequence.  The length of T (in bits) is denoted
+		// tlen; thus, at that point, tlen = 0.
+		//
+		// While tlen < qlen, do the following:
+		//   V = HMAC_K(V)
+		//   T = T || V
+		//
+		// Note that because the hash function output is the same length as the
+		// private key in this optimized implementation, there is no need to
+		// loop or create an intermediate T.
+		hasher.Reset()
+		hasher.Write(v)
+		v = hasher.Sum()
+
+		// Step H3.
+		//
+		// k = bits2int(T)
+		// If k is within the range [1,q-1], return it.
+		//
+		// Otherwise, compute:
+		// K = HMAC_K(V || 0x00)
+		// V = HMAC_K(V)
+		var secret ModNScalar
+		overflow := secret.SetByteSlice(v)
+		if !overflow && !secret.IsZero() {
+			generated++
+			if generated > extraIterations {
+				return &secret
+			}
+		}
+
+		// K = HMAC_K(V || 0x00)
+		hasher.Reset()
+		hasher.Write(v)
+		hasher.Write(singleZero[:])
+		k = hasher.Sum()
+
+		// V = HMAC_K(V)
+		hasher.ResetKey(k)
+		hasher.Write(v)
+		v = hasher.Sum()
+	}
+}
diff --git a/vendor/github.com/decred/dcrd/dcrec/secp256k1/v4/privkey.go b/vendor/github.com/decred/dcrd/dcrec/secp256k1/v4/privkey.go
new file mode 100644
index 000000000..ca3e8da28
--- /dev/null
+++ b/vendor/github.com/decred/dcrd/dcrec/secp256k1/v4/privkey.go
@@ -0,0 +1,111 @@
+// Copyright (c) 2013-2014 The btcsuite developers
+// Copyright (c) 2015-2023 The Decred developers
+// Use of this source code is governed by an ISC
+// license that can be found in the LICENSE file.
+
+package secp256k1
+
+import (
+	cryptorand "crypto/rand"
+	"io"
+)
+
+// PrivateKey provides facilities for working with secp256k1 private keys within
+// this package and includes functionality such as serializing and parsing them
+// as well as computing their associated public key.
+type PrivateKey struct {
+	Key ModNScalar
+}
+
+// NewPrivateKey instantiates a new private key from a scalar encoded as a
+// big integer.
+func NewPrivateKey(key *ModNScalar) *PrivateKey {
+	return &PrivateKey{Key: *key}
+}
+
+// PrivKeyFromBytes returns a private based on the provided byte slice which is
+// interpreted as an unsigned 256-bit big-endian integer in the range [0, N-1],
+// where N is the order of the curve.
+//
+// WARNING: This means passing a slice with more than 32 bytes is truncated and
+// that truncated value is reduced modulo N.  Further, 0 is not a valid private
+// key.  It is up to the caller to provide a value in the appropriate range of
+// [1, N-1].  Failure to do so will either result in an invalid private key or
+// potentially weak private keys that have bias that could be exploited.
+//
+// This function primarily exists to provide a mechanism for converting
+// serialized private keys that are already known to be good.
+//
+// Typically callers should make use of GeneratePrivateKey or
+// GeneratePrivateKeyFromRand when creating private keys since they properly
+// handle generation of appropriate values.
+func PrivKeyFromBytes(privKeyBytes []byte) *PrivateKey {
+	var privKey PrivateKey
+	privKey.Key.SetByteSlice(privKeyBytes)
+	return &privKey
+}
+
+// generatePrivateKey generates and returns a new private key that is suitable
+// for use with secp256k1 using the provided reader as a source of entropy.  The
+// provided reader must be a source of cryptographically secure randomness to
+// avoid weak private keys.
+func generatePrivateKey(rand io.Reader) (*PrivateKey, error) {
+	// The group order is close enough to 2^256 that there is only roughly a 1
+	// in 2^128 chance of generating an invalid private key, so this loop will
+	// virtually never run more than a single iteration in practice.
+	var key PrivateKey
+	var b32 [32]byte
+	for valid := false; !valid; {
+		if _, err := io.ReadFull(rand, b32[:]); err != nil {
+			return nil, err
+		}
+
+		// The private key is only valid when it is in the range [1, N-1], where
+		// N is the order of the curve.
+		overflow := key.Key.SetBytes(&b32)
+		valid = (key.Key.IsZeroBit() | overflow) == 0
+	}
+	zeroArray32(&b32)
+
+	return &key, nil
+}
+
+// GeneratePrivateKey generates and returns a new cryptographically secure
+// private key that is suitable for use with secp256k1.
+func GeneratePrivateKey() (*PrivateKey, error) {
+	return generatePrivateKey(cryptorand.Reader)
+}
+
+// GeneratePrivateKeyFromRand generates a private key that is suitable for use
+// with secp256k1 using the provided reader as a source of entropy.  The
+// provided reader must be a source of cryptographically secure randomness, such
+// as [crypto/rand.Reader], to avoid weak private keys.
+func GeneratePrivateKeyFromRand(rand io.Reader) (*PrivateKey, error) {
+	return generatePrivateKey(rand)
+}
+
+// PubKey computes and returns the public key corresponding to this private key.
+func (p *PrivateKey) PubKey() *PublicKey {
+	var result JacobianPoint
+	ScalarBaseMultNonConst(&p.Key, &result)
+	result.ToAffine()
+	return NewPublicKey(&result.X, &result.Y)
+}
+
+// Zero manually clears the memory associated with the private key.  This can be
+// used to explicitly clear key material from memory for enhanced security
+// against memory scraping.
+func (p *PrivateKey) Zero() {
+	p.Key.Zero()
+}
+
+// PrivKeyBytesLen defines the length in bytes of a serialized private key.
+const PrivKeyBytesLen = 32
+
+// Serialize returns the private key as a 256-bit big-endian binary-encoded
+// number, padded to a length of 32 bytes.
+func (p PrivateKey) Serialize() []byte {
+	var privKeyBytes [PrivKeyBytesLen]byte
+	p.Key.PutBytes(&privKeyBytes)
+	return privKeyBytes[:]
+}
diff --git a/vendor/github.com/decred/dcrd/dcrec/secp256k1/v4/pubkey.go b/vendor/github.com/decred/dcrd/dcrec/secp256k1/v4/pubkey.go
new file mode 100644
index 000000000..54c54be5f
--- /dev/null
+++ b/vendor/github.com/decred/dcrd/dcrec/secp256k1/v4/pubkey.go
@@ -0,0 +1,237 @@
+// Copyright (c) 2013-2014 The btcsuite developers
+// Copyright (c) 2015-2022 The Decred developers
+// Use of this source code is governed by an ISC
+// license that can be found in the LICENSE file.
+
+package secp256k1
+
+// References:
+//   [SEC1] Elliptic Curve Cryptography
+//     https://www.secg.org/sec1-v2.pdf
+//
+//   [SEC2] Recommended Elliptic Curve Domain Parameters
+//     https://www.secg.org/sec2-v2.pdf
+//
+//   [ANSI X9.62-1998] Public Key Cryptography For The Financial Services
+//     Industry: The Elliptic Curve Digital Signature Algorithm (ECDSA)
+
+import (
+	"fmt"
+)
+
+const (
+	// PubKeyBytesLenCompressed is the number of bytes of a serialized
+	// compressed public key.
+	PubKeyBytesLenCompressed = 33
+
+	// PubKeyBytesLenUncompressed is the number of bytes of a serialized
+	// uncompressed public key.
+	PubKeyBytesLenUncompressed = 65
+
+	// PubKeyFormatCompressedEven is the identifier prefix byte for a public key
+	// whose Y coordinate is even when serialized in the compressed format per
+	// section 2.3.4 of [SEC1](https://secg.org/sec1-v2.pdf#subsubsection.2.3.4).
+	PubKeyFormatCompressedEven byte = 0x02
+
+	// PubKeyFormatCompressedOdd is the identifier prefix byte for a public key
+	// whose Y coordinate is odd when serialized in the compressed format per
+	// section 2.3.4 of [SEC1](https://secg.org/sec1-v2.pdf#subsubsection.2.3.4).
+	PubKeyFormatCompressedOdd byte = 0x03
+
+	// PubKeyFormatUncompressed is the identifier prefix byte for a public key
+	// when serialized according in the uncompressed format per section 2.3.3 of
+	// [SEC1](https://secg.org/sec1-v2.pdf#subsubsection.2.3.3).
+	PubKeyFormatUncompressed byte = 0x04
+
+	// PubKeyFormatHybridEven is the identifier prefix byte for a public key
+	// whose Y coordinate is even when serialized according to the hybrid format
+	// per section 4.3.6 of [ANSI X9.62-1998].
+	//
+	// NOTE: This format makes little sense in practice an therefore this
+	// package will not produce public keys serialized in this format.  However,
+	// it will parse them since they exist in the wild.
+	PubKeyFormatHybridEven byte = 0x06
+
+	// PubKeyFormatHybridOdd is the identifier prefix byte for a public key
+	// whose Y coordingate is odd when serialized according to the hybrid format
+	// per section 4.3.6 of [ANSI X9.62-1998].
+	//
+	// NOTE: This format makes little sense in practice an therefore this
+	// package will not produce public keys serialized in this format.  However,
+	// it will parse them since they exist in the wild.
+	PubKeyFormatHybridOdd byte = 0x07
+)
+
+// PublicKey provides facilities for efficiently working with secp256k1 public
+// keys within this package and includes functions to serialize in both
+// uncompressed and compressed SEC (Standards for Efficient Cryptography)
+// formats.
+type PublicKey struct {
+	x FieldVal
+	y FieldVal
+}
+
+// NewPublicKey instantiates a new public key with the given x and y
+// coordinates.
+//
+// It should be noted that, unlike ParsePubKey, since this accepts arbitrary x
+// and y coordinates, it allows creation of public keys that are not valid
+// points on the secp256k1 curve.  The IsOnCurve method of the returned instance
+// can be used to determine validity.
+func NewPublicKey(x, y *FieldVal) *PublicKey {
+	var pubKey PublicKey
+	pubKey.x.Set(x)
+	pubKey.y.Set(y)
+	return &pubKey
+}
+
+// ParsePubKey parses a secp256k1 public key encoded according to the format
+// specified by ANSI X9.62-1998, which means it is also compatible with the
+// SEC (Standards for Efficient Cryptography) specification which is a subset of
+// the former.  In other words, it supports the uncompressed, compressed, and
+// hybrid formats as follows:
+//
+// Compressed:
+//
+//	<format byte = 0x02/0x03><32-byte X coordinate>
+//
+// Uncompressed:
+//
+//	<format byte = 0x04><32-byte X coordinate><32-byte Y coordinate>
+//
+// Hybrid:
+//
+//	<format byte = 0x05/0x06><32-byte X coordinate><32-byte Y coordinate>
+//
+// NOTE: The hybrid format makes little sense in practice an therefore this
+// package will not produce public keys serialized in this format.  However,
+// this function will properly parse them since they exist in the wild.
+func ParsePubKey(serialized []byte) (key *PublicKey, err error) {
+	var x, y FieldVal
+	switch len(serialized) {
+	case PubKeyBytesLenUncompressed:
+		// Reject unsupported public key formats for the given length.
+		format := serialized[0]
+		switch format {
+		case PubKeyFormatUncompressed:
+		case PubKeyFormatHybridEven, PubKeyFormatHybridOdd:
+		default:
+			str := fmt.Sprintf("invalid public key: unsupported format: %x",
+				format)
+			return nil, makeError(ErrPubKeyInvalidFormat, str)
+		}
+
+		// Parse the x and y coordinates while ensuring that they are in the
+		// allowed range.
+		if overflow := x.SetByteSlice(serialized[1:33]); overflow {
+			str := "invalid public key: x >= field prime"
+			return nil, makeError(ErrPubKeyXTooBig, str)
+		}
+		if overflow := y.SetByteSlice(serialized[33:]); overflow {
+			str := "invalid public key: y >= field prime"
+			return nil, makeError(ErrPubKeyYTooBig, str)
+		}
+
+		// Ensure the oddness of the y coordinate matches the specified format
+		// for hybrid public keys.
+		if format == PubKeyFormatHybridEven || format == PubKeyFormatHybridOdd {
+			wantOddY := format == PubKeyFormatHybridOdd
+			if y.IsOdd() != wantOddY {
+				str := fmt.Sprintf("invalid public key: y oddness does not "+
+					"match specified value of %v", wantOddY)
+				return nil, makeError(ErrPubKeyMismatchedOddness, str)
+			}
+		}
+
+		// Reject public keys that are not on the secp256k1 curve.
+		if !isOnCurve(&x, &y) {
+			str := fmt.Sprintf("invalid public key: [%v,%v] not on secp256k1 "+
+				"curve", x, y)
+			return nil, makeError(ErrPubKeyNotOnCurve, str)
+		}
+
+	case PubKeyBytesLenCompressed:
+		// Reject unsupported public key formats for the given length.
+		format := serialized[0]
+		switch format {
+		case PubKeyFormatCompressedEven, PubKeyFormatCompressedOdd:
+		default:
+			str := fmt.Sprintf("invalid public key: unsupported format: %x",
+				format)
+			return nil, makeError(ErrPubKeyInvalidFormat, str)
+		}
+
+		// Parse the x coordinate while ensuring that it is in the allowed
+		// range.
+		if overflow := x.SetByteSlice(serialized[1:33]); overflow {
+			str := "invalid public key: x >= field prime"
+			return nil, makeError(ErrPubKeyXTooBig, str)
+		}
+
+		// Attempt to calculate the y coordinate for the given x coordinate such
+		// that the result pair is a point on the secp256k1 curve and the
+		// solution with desired oddness is chosen.
+		wantOddY := format == PubKeyFormatCompressedOdd
+		if !DecompressY(&x, wantOddY, &y) {
+			str := fmt.Sprintf("invalid public key: x coordinate %v is not on "+
+				"the secp256k1 curve", x)
+			return nil, makeError(ErrPubKeyNotOnCurve, str)
+		}
+		y.Normalize()
+
+	default:
+		str := fmt.Sprintf("malformed public key: invalid length: %d",
+			len(serialized))
+		return nil, makeError(ErrPubKeyInvalidLen, str)
+	}
+
+	return NewPublicKey(&x, &y), nil
+}
+
+// SerializeUncompressed serializes a public key in the 65-byte uncompressed
+// format.
+func (p PublicKey) SerializeUncompressed() []byte {
+	// 0x04 || 32-byte x coordinate || 32-byte y coordinate
+	var b [PubKeyBytesLenUncompressed]byte
+	b[0] = PubKeyFormatUncompressed
+	p.x.PutBytesUnchecked(b[1:33])
+	p.y.PutBytesUnchecked(b[33:65])
+	return b[:]
+}
+
+// SerializeCompressed serializes a public key in the 33-byte compressed format.
+func (p PublicKey) SerializeCompressed() []byte {
+	// Choose the format byte depending on the oddness of the Y coordinate.
+	format := PubKeyFormatCompressedEven
+	if p.y.IsOdd() {
+		format = PubKeyFormatCompressedOdd
+	}
+
+	// 0x02 or 0x03 || 32-byte x coordinate
+	var b [PubKeyBytesLenCompressed]byte
+	b[0] = format
+	p.x.PutBytesUnchecked(b[1:33])
+	return b[:]
+}
+
+// IsEqual compares this public key instance to the one passed, returning true
+// if both public keys are equivalent.  A public key is equivalent to another,
+// if they both have the same X and Y coordinates.
+func (p *PublicKey) IsEqual(otherPubKey *PublicKey) bool {
+	return p.x.Equals(&otherPubKey.x) && p.y.Equals(&otherPubKey.y)
+}
+
+// AsJacobian converts the public key into a Jacobian point with Z=1 and stores
+// the result in the provided result param.  This allows the public key to be
+// treated a Jacobian point in the secp256k1 group in calculations.
+func (p *PublicKey) AsJacobian(result *JacobianPoint) {
+	result.X.Set(&p.x)
+	result.Y.Set(&p.y)
+	result.Z.SetInt(1)
+}
+
+// IsOnCurve returns whether or not the public key represents a point on the
+// secp256k1 curve.
+func (p *PublicKey) IsOnCurve() bool {
+	return isOnCurve(&p.x, &p.y)
+}
diff --git a/vendor/github.com/digitorus/pkcs7/Makefile b/vendor/github.com/digitorus/pkcs7/Makefile
index 47c73b868..07c78e14c 100644
--- a/vendor/github.com/digitorus/pkcs7/Makefile
+++ b/vendor/github.com/digitorus/pkcs7/Makefile
@@ -1,7 +1,7 @@
 all: vet staticcheck test
 
 test:
-	go test -covermode=count -coverprofile=coverage.out .
+	GODEBUG=x509sha1=1 go test -covermode=count -coverprofile=coverage.out .
 
 showcoverage: test
 	go tool cover -html=coverage.out
diff --git a/vendor/github.com/digitorus/pkcs7/ber.go b/vendor/github.com/digitorus/pkcs7/ber.go
index 73da024a0..31963b119 100644
--- a/vendor/github.com/digitorus/pkcs7/ber.go
+++ b/vendor/github.com/digitorus/pkcs7/ber.go
@@ -5,8 +5,6 @@ import (
 	"errors"
 )
 
-var encodeIndent = 0
-
 type asn1Object interface {
 	EncodeTo(writer *bytes.Buffer) error
 }
@@ -18,7 +16,6 @@ type asn1Structured struct {
 
 func (s asn1Structured) EncodeTo(out *bytes.Buffer) error {
 	//fmt.Printf("%s--> tag: % X\n", strings.Repeat("| ", encodeIndent), s.tagBytes)
-	encodeIndent++
 	inner := new(bytes.Buffer)
 	for _, obj := range s.content {
 		err := obj.EncodeTo(inner)
@@ -26,7 +23,6 @@ func (s asn1Structured) EncodeTo(out *bytes.Buffer) error {
 			return err
 		}
 	}
-	encodeIndent--
 	out.Write(s.tagBytes)
 	encodeLength(out, inner.Len())
 	out.Write(inner.Bytes())
@@ -67,10 +63,6 @@ func ber2der(ber []byte) ([]byte, error) {
 	}
 	obj.EncodeTo(out)
 
-	// if offset < len(ber) {
-	//	return nil, fmt.Errorf("ber2der: Content longer than expected. Got %d, expected %d", offset, len(ber))
-	//}
-
 	return out.Bytes(), nil
 }
 
@@ -149,14 +141,14 @@ func readObject(ber []byte, offset int) (asn1Object, int, error) {
 		for ber[offset] >= 0x80 {
 			tag = tag*128 + ber[offset] - 0x80
 			offset++
-			if offset > berLen {
+			if offset >= berLen {
 				return nil, 0, errors.New("ber2der: cannot move offset forward, end of ber data reached")
 			}
 		}
 		// jvehent 20170227: this doesn't appear to be used anywhere...
 		//tag = tag*128 + ber[offset] - 0x80
 		offset++
-		if offset > berLen {
+		if offset >= berLen {
 			return nil, 0, errors.New("ber2der: cannot move offset forward, end of ber data reached")
 		}
 	}
@@ -172,7 +164,10 @@ func readObject(ber []byte, offset int) (asn1Object, int, error) {
 	var length int
 	l := ber[offset]
 	offset++
-	if offset > berLen {
+	if l >= 0x80 && offset >= berLen {
+		// if indefinite or multibyte length, we need to verify there is at least one more byte available
+		// otherwise we need to be flexible here for length == 0 conditions
+		// validation that the length is available is done after the length is correctly parsed
 		return nil, 0, errors.New("ber2der: cannot move offset forward, end of ber data reached")
 	}
 	indefinite := false
@@ -184,17 +179,20 @@ func readObject(ber []byte, offset int) (asn1Object, int, error) {
 		if numberOfBytes == 4 && (int)(ber[offset]) > 0x7F {
 			return nil, 0, errors.New("ber2der: BER tag length is negative")
 		}
-		if (int)(ber[offset]) == 0x0 {
+		if offset + numberOfBytes > berLen {
+			// == condition is not checked here, this allows for a more descreptive error when the parsed length is
+			// compared with the remaining available bytes (`contentEnd > berLen`)
+			return nil, 0, errors.New("ber2der: cannot move offset forward, end of ber data reached")
+		}
+		if (int)(ber[offset]) == 0x0 && (numberOfBytes == 1 || ber[offset+1] <= 0x7F)  {
+			// `numberOfBytes == 1` is an important conditional to avoid a potential out of bounds panic with `ber[offset+1]`
 			return nil, 0, errors.New("ber2der: BER tag length has leading zero")
 		}
 		debugprint("--> (compute length) indicator byte: %x\n", l)
-		debugprint("--> (compute length) length bytes: % X\n", ber[offset:offset+numberOfBytes])
+		//debugprint("--> (compute length) length bytes: %x\n", ber[offset:offset+numberOfBytes])
 		for i := 0; i < numberOfBytes; i++ {
 			length = length*256 + (int)(ber[offset])
 			offset++
-			if offset > berLen {
-				return nil, 0, errors.New("ber2der: cannot move offset forward, end of ber data reached")
-			}
 		}
 	} else if l == 0x80 {
 		indefinite = true
@@ -206,12 +204,12 @@ func readObject(ber []byte, offset int) (asn1Object, int, error) {
 	}
 	//fmt.Printf("--> length        : %d\n", length)
 	contentEnd := offset + length
-	if contentEnd > len(ber) {
+	if contentEnd > berLen {
 		return nil, 0, errors.New("ber2der: BER tag length is more than available data")
 	}
 	debugprint("--> content start : %d\n", offset)
 	debugprint("--> content end   : %d\n", contentEnd)
-	debugprint("--> content       : % X\n", ber[offset:contentEnd])
+	//debugprint("--> content       : %x\n", ber[offset:contentEnd])
 	var obj asn1Object
 	if indefinite && kind == 0 {
 		return nil, 0, errors.New("ber2der: Indefinite form tag must have constructed encoding")
diff --git a/vendor/github.com/digitorus/pkcs7/pkcs7.go b/vendor/github.com/digitorus/pkcs7/pkcs7.go
index 0b74dff9b..aca3c53f4 100644
--- a/vendor/github.com/digitorus/pkcs7/pkcs7.go
+++ b/vendor/github.com/digitorus/pkcs7/pkcs7.go
@@ -101,9 +101,9 @@ func getHashForOID(oid asn1.ObjectIdentifier) (crypto.Hash, error) {
 	return crypto.Hash(0), ErrUnsupportedAlgorithm
 }
 
-// getDigestOIDForSignatureAlgorithm takes an x509.SignatureAlgorithm
+// GetDigestOIDForSignatureAlgorithm takes an x509.SignatureAlgorithm
 // and returns the corresponding OID digest algorithm
-func getDigestOIDForSignatureAlgorithm(digestAlg x509.SignatureAlgorithm) (asn1.ObjectIdentifier, error) {
+func GetDigestOIDForSignatureAlgorithm(digestAlg x509.SignatureAlgorithm) (asn1.ObjectIdentifier, error) {
 	switch digestAlg {
 	case x509.SHA1WithRSA, x509.ECDSAWithSHA1:
 		return OIDDigestAlgorithmSHA1, nil
diff --git a/vendor/github.com/digitorus/timestamp/rfc3161_struct.go b/vendor/github.com/digitorus/timestamp/rfc3161_struct.go
index 04060dd02..c5692253c 100644
--- a/vendor/github.com/digitorus/timestamp/rfc3161_struct.go
+++ b/vendor/github.com/digitorus/timestamp/rfc3161_struct.go
@@ -45,7 +45,7 @@ func (s pkiStatusInfo) FailureInfo() FailureInfo {
 		}
 	}
 
-	return UnkownFailureInfo
+	return UnknownFailureInfo
 }
 
 // eContent within SignedData is TSTInfo
diff --git a/vendor/github.com/digitorus/timestamp/timestamp.go b/vendor/github.com/digitorus/timestamp/timestamp.go
index 8069cad8f..9e6da2d92 100644
--- a/vendor/github.com/digitorus/timestamp/timestamp.go
+++ b/vendor/github.com/digitorus/timestamp/timestamp.go
@@ -23,8 +23,8 @@ import (
 type FailureInfo int
 
 const (
-	// UnkownFailureInfo mean that no known failure info was provided
-	UnkownFailureInfo FailureInfo = -1
+	// UnknownFailureInfo mean that no known failure info was provided
+	UnknownFailureInfo FailureInfo = -1
 	// BadAlgorithm defines an unrecognized or unsupported Algorithm Identifier
 	BadAlgorithm FailureInfo = 0
 	// BadRequest indicates that the transaction not permitted or supported
@@ -268,7 +268,7 @@ func ParseResponse(bytes []byte) (*Timestamp, error) {
 	if resp.Status.Status > 0 {
 		var fis string
 		fi := resp.Status.FailureInfo()
-		if fi != UnkownFailureInfo {
+		if fi != UnknownFailureInfo {
 			fis = fi.String()
 		}
 		return nil, fmt.Errorf("%s: %s (%v)",
@@ -405,12 +405,12 @@ func CreateRequest(r io.Reader, opts *RequestOptions) ([]byte, error) {
 	return req.Marshal()
 }
 
-// CreateResponse returns a DER-encoded timestamp response with the specified contents.
+// CreateResponseWithOpts returns a DER-encoded timestamp response with the specified contents.
 // The fields in the response are populated as follows:
 //
 // The responder cert is used to populate the responder's name field, and the
 // certificate itself is provided alongside the timestamp response signature.
-func (t *Timestamp) CreateResponse(signingCert *x509.Certificate, priv crypto.Signer) ([]byte, error) {
+func (t *Timestamp) CreateResponseWithOpts(signingCert *x509.Certificate, priv crypto.Signer, opts crypto.SignerOpts) ([]byte, error) {
 	messageImprint := getMessageImprint(t.HashAlgorithm, t.HashedMessage)
 
 	tsaSerialNumber, err := generateTSASerialNumber()
@@ -421,7 +421,7 @@ func (t *Timestamp) CreateResponse(signingCert *x509.Certificate, priv crypto.Si
 	if err != nil {
 		return nil, err
 	}
-	signature, err := t.generateSignedData(tstInfo, priv, signingCert)
+	signature, err := t.generateSignedData(tstInfo, priv, signingCert, opts)
 	if err != nil {
 		return nil, err
 	}
@@ -438,6 +438,19 @@ func (t *Timestamp) CreateResponse(signingCert *x509.Certificate, priv crypto.Si
 	return tspResponseBytes, nil
 }
 
+// CreateResponse returns a DER-encoded timestamp response with the specified contents.
+// The fields in the response are populated as follows:
+//
+// The responder cert is used to populate the responder's name field, and the
+// certificate itself is provided alongside the timestamp response signature.
+//
+// This function is equivalent to CreateResponseWithOpts, using a SHA256 hash.
+//
+// Deprecated: Use CreateResponseWithOpts instead.
+func (t *Timestamp) CreateResponse(signingCert *x509.Certificate, priv crypto.Signer) ([]byte, error) {
+	return t.CreateResponseWithOpts(signingCert, priv, crypto.SHA256)
+}
+
 // CreateErrorResponse is used to create response other than granted and granted with mod status
 func CreateErrorResponse(pkiStatus Status, pkiFailureInfo FailureInfo) ([]byte, error) {
 	var bs asn1.BitString
@@ -553,7 +566,7 @@ func (t *Timestamp) populateSigningCertificateV2Ext(certificate *x509.Certificat
 		return nil, x509.ErrUnsupportedAlgorithm
 	}
 	if t.HashAlgorithm.HashFunc() == crypto.SHA1 {
-		return nil, fmt.Errorf("for SHA1 usae ESSCertID instead of ESSCertIDv2")
+		return nil, fmt.Errorf("for SHA1 use ESSCertID instead of ESSCertIDv2")
 	}
 
 	h := t.HashAlgorithm.HashFunc().New()
@@ -591,12 +604,33 @@ func (t *Timestamp) populateSigningCertificateV2Ext(certificate *x509.Certificat
 	return signingCertV2Bytes, nil
 }
 
-func (t *Timestamp) generateSignedData(tstInfo []byte, signer crypto.Signer, certificate *x509.Certificate) ([]byte, error) {
+// digestAlgorithmToOID converts the hash func to the corresponding OID.
+// This should have parity with [pkcs7.getHashForOID].
+func digestAlgorithmToOID(hash crypto.Hash) (asn1.ObjectIdentifier, error) {
+	switch hash {
+	case crypto.SHA1:
+		return pkcs7.OIDDigestAlgorithmSHA1, nil
+	case crypto.SHA256:
+		return pkcs7.OIDDigestAlgorithmSHA256, nil
+	case crypto.SHA384:
+		return pkcs7.OIDDigestAlgorithmSHA384, nil
+	case crypto.SHA512:
+		return pkcs7.OIDDigestAlgorithmSHA512, nil
+	}
+	return nil, pkcs7.ErrUnsupportedAlgorithm
+}
+
+func (t *Timestamp) generateSignedData(tstInfo []byte, signer crypto.Signer, certificate *x509.Certificate, opts crypto.SignerOpts) ([]byte, error) {
 	signedData, err := pkcs7.NewSignedData(tstInfo)
 	if err != nil {
 		return nil, err
 	}
-	signedData.SetDigestAlgorithm(pkcs7.OIDDigestAlgorithmSHA256)
+
+	alg, err := digestAlgorithmToOID(opts.HashFunc())
+	if err != nil {
+		return nil, err
+	}
+	signedData.SetDigestAlgorithm(alg)
 	signedData.SetContentType(asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 9, 16, 1, 4})
 
 	signingCertV2Bytes, err := t.populateSigningCertificateV2Ext(certificate)
@@ -616,7 +650,11 @@ func (t *Timestamp) generateSignedData(tstInfo []byte, signer crypto.Signer, cer
 		signerInfoConfig.SkipCertificates = true
 	}
 
-	err = signedData.AddSigner(certificate, signer, signerInfoConfig)
+	if len(t.Certificates) > 0 {
+		err = signedData.AddSignerChain(certificate, signer, t.Certificates, signerInfoConfig)
+	} else {
+		err = signedData.AddSigner(certificate, signer, signerInfoConfig)
+	}
 	if err != nil {
 		return nil, err
 	}
@@ -628,7 +666,7 @@ func (t *Timestamp) generateSignedData(tstInfo []byte, signer crypto.Signer, cer
 	return signature, nil
 }
 
-// copied from cryto/x509 package
+// copied from crypto/x509 package
 // oidNotInExtensions reports whether an extension with the given oid exists in
 // extensions.
 func oidInExtensions(oid asn1.ObjectIdentifier, extensions []pkix.Extension) bool {
diff --git a/vendor/github.com/distribution/reference/.gitattributes b/vendor/github.com/distribution/reference/.gitattributes
new file mode 100644
index 000000000..d207b1802
--- /dev/null
+++ b/vendor/github.com/distribution/reference/.gitattributes
@@ -0,0 +1 @@
+*.go text eol=lf
diff --git a/vendor/github.com/distribution/reference/.gitignore b/vendor/github.com/distribution/reference/.gitignore
new file mode 100644
index 000000000..dc07e6b04
--- /dev/null
+++ b/vendor/github.com/distribution/reference/.gitignore
@@ -0,0 +1,2 @@
+# Cover profiles
+*.out
diff --git a/vendor/github.com/distribution/reference/.golangci.yml b/vendor/github.com/distribution/reference/.golangci.yml
new file mode 100644
index 000000000..793f0bb7e
--- /dev/null
+++ b/vendor/github.com/distribution/reference/.golangci.yml
@@ -0,0 +1,18 @@
+linters:
+  enable:
+    - bodyclose
+    - dupword # Checks for duplicate words in the source code
+    - gofmt
+    - goimports
+    - ineffassign
+    - misspell
+    - revive
+    - staticcheck
+    - unconvert
+    - unused
+    - vet
+  disable:
+    - errcheck
+
+run:
+  deadline: 2m
diff --git a/vendor/github.com/distribution/reference/CODE-OF-CONDUCT.md b/vendor/github.com/distribution/reference/CODE-OF-CONDUCT.md
new file mode 100644
index 000000000..48f6704c6
--- /dev/null
+++ b/vendor/github.com/distribution/reference/CODE-OF-CONDUCT.md
@@ -0,0 +1,5 @@
+# Code of Conduct
+
+We follow the [CNCF Code of Conduct](https://github.com/cncf/foundation/blob/main/code-of-conduct.md).
+
+Please contact the [CNCF Code of Conduct Committee](mailto:conduct@cncf.io) in order to report violations of the Code of Conduct.
diff --git a/vendor/github.com/distribution/reference/CONTRIBUTING.md b/vendor/github.com/distribution/reference/CONTRIBUTING.md
new file mode 100644
index 000000000..ab2194665
--- /dev/null
+++ b/vendor/github.com/distribution/reference/CONTRIBUTING.md
@@ -0,0 +1,114 @@
+# Contributing to the reference library
+
+## Community help
+
+If you need help, please ask in the [#distribution](https://cloud-native.slack.com/archives/C01GVR8SY4R) channel on CNCF community slack.
+[Click here for an invite to the CNCF community slack](https://slack.cncf.io/)
+
+## Reporting security issues
+
+The maintainers take security seriously. If you discover a security
+issue, please bring it to their attention right away!
+
+Please **DO NOT** file a public issue, instead send your report privately to
+[cncf-distribution-security@lists.cncf.io](mailto:cncf-distribution-security@lists.cncf.io).
+
+## Reporting an issue properly
+
+By following these simple rules you will get better and faster feedback on your issue.
+
+ - search the bugtracker for an already reported issue
+
+### If you found an issue that describes your problem:
+
+ - please read other user comments first, and confirm this is the same issue: a given error condition might be indicative of different problems - you may also find a workaround in the comments
+ - please refrain from adding "same thing here" or "+1" comments
+ - you don't need to comment on an issue to get notified of updates: just hit the "subscribe" button
+ - comment if you have some new, technical and relevant information to add to the case
+ - __DO NOT__ comment on closed issues or merged PRs. If you think you have a related problem, open up a new issue and reference the PR or issue.
+
+### If you have not found an existing issue that describes your problem:
+
+ 1. create a new issue, with a succinct title that describes your issue:
+   - bad title: "It doesn't work with my docker"
+   - good title: "Private registry push fail: 400 error with E_INVALID_DIGEST"
+ 2. copy the output of (or similar for other container tools):
+   - `docker version`
+   - `docker info`
+   - `docker exec <registry-container> registry --version`
+ 3. copy the command line you used to launch your Registry
+ 4. restart your docker daemon in debug mode (add `-D` to the daemon launch arguments)
+ 5. reproduce your problem and get your docker daemon logs showing the error
+ 6. if relevant, copy your registry logs that show the error
+ 7. provide any relevant detail about your specific Registry configuration (e.g., storage backend used)
+ 8. indicate if you are using an enterprise proxy, Nginx, or anything else between you and your Registry
+
+## Contributing Code
+
+Contributions should be made via pull requests. Pull requests will be reviewed
+by one or more maintainers or reviewers and merged when acceptable.
+
+You should follow the basic GitHub workflow:
+
+ 1. Use your own [fork](https://help.github.com/en/articles/about-forks)
+ 2. Create your [change](https://github.com/containerd/project/blob/master/CONTRIBUTING.md#successful-changes)
+ 3. Test your code
+ 4. [Commit](https://github.com/containerd/project/blob/master/CONTRIBUTING.md#commit-messages) your work, always [sign your commits](https://github.com/containerd/project/blob/master/CONTRIBUTING.md#commit-messages)
+ 5. Push your change to your fork and create a [Pull Request](https://help.github.com/en/github/collaborating-with-issues-and-pull-requests/creating-a-pull-request-from-a-fork)
+
+Refer to [containerd's contribution guide](https://github.com/containerd/project/blob/master/CONTRIBUTING.md#successful-changes)
+for tips on creating a successful contribution.
+
+## Sign your work
+
+The sign-off is a simple line at the end of the explanation for the patch. Your
+signature certifies that you wrote the patch or otherwise have the right to pass
+it on as an open-source patch. The rules are pretty simple: if you can certify
+the below (from [developercertificate.org](http://developercertificate.org/)):
+
+```
+Developer Certificate of Origin
+Version 1.1
+
+Copyright (C) 2004, 2006 The Linux Foundation and its contributors.
+660 York Street, Suite 102,
+San Francisco, CA 94110 USA
+
+Everyone is permitted to copy and distribute verbatim copies of this
+license document, but changing it is not allowed.
+
+Developer's Certificate of Origin 1.1
+
+By making a contribution to this project, I certify that:
+
+(a) The contribution was created in whole or in part by me and I
+    have the right to submit it under the open source license
+    indicated in the file; or
+
+(b) The contribution is based upon previous work that, to the best
+    of my knowledge, is covered under an appropriate open source
+    license and I have the right under that license to submit that
+    work with modifications, whether created in whole or in part
+    by me, under the same open source license (unless I am
+    permitted to submit under a different license), as indicated
+    in the file; or
+
+(c) The contribution was provided directly to me by some other
+    person who certified (a), (b) or (c) and I have not modified
+    it.
+
+(d) I understand and agree that this project and the contribution
+    are public and that a record of the contribution (including all
+    personal information I submit with it, including my sign-off) is
+    maintained indefinitely and may be redistributed consistent with
+    this project or the open source license(s) involved.
+```
+
+Then you just add a line to every git commit message:
+
+    Signed-off-by: Joe Smith <joe.smith@email.com>
+
+Use your real name (sorry, no pseudonyms or anonymous contributions.)
+
+If you set your `user.name` and `user.email` git configs, you can sign your
+commit automatically with `git commit -s`.
diff --git a/vendor/github.com/distribution/reference/GOVERNANCE.md b/vendor/github.com/distribution/reference/GOVERNANCE.md
new file mode 100644
index 000000000..200045b05
--- /dev/null
+++ b/vendor/github.com/distribution/reference/GOVERNANCE.md
@@ -0,0 +1,144 @@
+# distribution/reference Project Governance
+
+Distribution [Code of Conduct](./CODE-OF-CONDUCT.md) can be found here.
+
+For specific guidance on practical contribution steps please
+see our [CONTRIBUTING.md](./CONTRIBUTING.md) guide.
+
+## Maintainership
+
+There are different types of maintainers, with different responsibilities, but
+all maintainers have 3 things in common:
+
+1) They share responsibility in the project's success.
+2) They have made a long-term, recurring time investment to improve the project.
+3) They spend that time doing whatever needs to be done, not necessarily what
+is the most interesting or fun.
+
+Maintainers are often under-appreciated, because their work is harder to appreciate.
+It's easy to appreciate a really cool and technically advanced feature. It's harder
+to appreciate the absence of bugs, the slow but steady improvement in stability,
+or the reliability of a release process. But those things distinguish a good
+project from a great one.
+
+## Reviewers
+
+A reviewer is a core role within the project.
+They share in reviewing issues and pull requests and their LGTM counts towards the
+required LGTM count to merge a code change into the project.
+
+Reviewers are part of the organization but do not have write access.
+Becoming a reviewer is a core aspect in the journey to becoming a maintainer.
+
+## Adding maintainers
+
+Maintainers are first and foremost contributors that have shown they are
+committed to the long term success of a project. Contributors wanting to become
+maintainers are expected to be deeply involved in contributing code, pull
+request review, and triage of issues in the project for more than three months.
+
+Just contributing does not make you a maintainer, it is about building trust
+with the current maintainers of the project and being a person that they can
+depend on and trust to make decisions in the best interest of the project.
+
+Periodically, the existing maintainers curate a list of contributors that have
+shown regular activity on the project over the prior months. From this list,
+maintainer candidates are selected and proposed in a pull request or a
+maintainers communication channel.
+
+After a candidate has been announced to the maintainers, the existing
+maintainers are given five business days to discuss the candidate, raise
+objections and cast their vote. Votes may take place on the communication
+channel or via pull request comment. Candidates must be approved by at least 66%
+of the current maintainers by adding their vote on the mailing list. The
+reviewer role has the same process but only requires 33% of current maintainers.
+Only maintainers of the repository that the candidate is proposed for are
+allowed to vote.
+
+If a candidate is approved, a maintainer will contact the candidate to invite
+the candidate to open a pull request that adds the contributor to the
+MAINTAINERS file. The voting process may take place inside a pull request if a
+maintainer has already discussed the candidacy with the candidate and a
+maintainer is willing to be a sponsor by opening the pull request. The candidate
+becomes a maintainer once the pull request is merged.
+
+## Stepping down policy
+
+Life priorities, interests, and passions can change. If you're a maintainer but
+feel you must remove yourself from the list, inform other maintainers that you
+intend to step down, and if possible, help find someone to pick up your work.
+At the very least, ensure your work can be continued where you left off.
+
+After you've informed other maintainers, create a pull request to remove
+yourself from the MAINTAINERS file.
+
+## Removal of inactive maintainers
+
+Similar to the procedure for adding new maintainers, existing maintainers can
+be removed from the list if they do not show significant activity on the
+project. Periodically, the maintainers review the list of maintainers and their
+activity over the last three months.
+
+If a maintainer has shown insufficient activity over this period, a neutral
+person will contact the maintainer to ask if they want to continue being
+a maintainer. If the maintainer decides to step down as a maintainer, they
+open a pull request to be removed from the MAINTAINERS file.
+
+If the maintainer wants to remain a maintainer, but is unable to perform the
+required duties they can be removed with a vote of at least 66% of the current
+maintainers. In this case, maintainers should first propose the change to
+maintainers via the maintainers communication channel, then open a pull request
+for voting. The voting period is five business days. The voting pull request
+should not come as a surpise to any maintainer and any discussion related to
+performance must not be discussed on the pull request.
+
+## How are decisions made?
+
+Docker distribution is an open-source project with an open design philosophy.
+This means that the repository is the source of truth for EVERY aspect of the
+project, including its philosophy, design, road map, and APIs. *If it's part of
+the project, it's in the repo. If it's in the repo, it's part of the project.*
+
+As a result, all decisions can be expressed as changes to the repository. An
+implementation change is a change to the source code. An API change is a change
+to the API specification. A philosophy change is a change to the philosophy
+manifesto, and so on.
+
+All decisions affecting distribution, big and small, follow the same 3 steps:
+
+* Step 1: Open a pull request. Anyone can do this.
+
+* Step 2: Discuss the pull request. Anyone can do this.
+
+* Step 3: Merge or refuse the pull request. Who does this depends on the nature
+of the pull request and which areas of the project it affects.
+
+## Helping contributors with the DCO
+
+The [DCO or `Sign your work`](./CONTRIBUTING.md#sign-your-work)
+requirement is not intended as a roadblock or speed bump.
+
+Some contributors are not as familiar with `git`, or have used a web
+based editor, and thus asking them to `git commit --amend -s` is not the best
+way forward.
+
+In this case, maintainers can update the commits based on clause (c) of the DCO.
+The most trivial way for a contributor to allow the maintainer to do this, is to
+add a DCO signature in a pull requests's comment, or a maintainer can simply
+note that the change is sufficiently trivial that it does not substantially
+change the existing contribution - i.e., a spelling change.
+
+When you add someone's DCO, please also add your own to keep a log.
+
+## I'm a maintainer. Should I make pull requests too?
+
+Yes. Nobody should ever push to master directly. All changes should be
+made through a pull request.
+
+## Conflict Resolution
+
+If you have a technical dispute that you feel has reached an impasse with a
+subset of the community, any contributor may open an issue, specifically
+calling for a resolution vote of the current core maintainers to resolve the
+dispute. The same voting quorums required (2/3) for adding and removing
+maintainers will apply to conflict resolution.
diff --git a/vendor/github.com/distribution/reference/LICENSE b/vendor/github.com/distribution/reference/LICENSE
new file mode 100644
index 000000000..e06d20818
--- /dev/null
+++ b/vendor/github.com/distribution/reference/LICENSE
@@ -0,0 +1,202 @@
+Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "{}"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright {yyyy} {name of copyright owner}
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+
diff --git a/vendor/github.com/distribution/reference/MAINTAINERS b/vendor/github.com/distribution/reference/MAINTAINERS
new file mode 100644
index 000000000..9e0a60c8b
--- /dev/null
+++ b/vendor/github.com/distribution/reference/MAINTAINERS
@@ -0,0 +1,26 @@
+# Distribution project maintainers & reviewers
+#
+# See GOVERNANCE.md for maintainer versus reviewer roles
+#
+# MAINTAINERS (cncf-distribution-maintainers@lists.cncf.io)
+# GitHub ID, Name, Email address
+"chrispat","Chris Patterson","chrispat@github.com"
+"clarkbw","Bryan Clark","clarkbw@github.com"
+"corhere","Cory Snider","csnider@mirantis.com"
+"deleteriousEffect","Hayley Swimelar","hswimelar@gitlab.com"
+"heww","He Weiwei","hweiwei@vmware.com"
+"joaodrp","João Pereira","jpereira@gitlab.com"
+"justincormack","Justin Cormack","justin.cormack@docker.com"
+"squizzi","Kyle Squizzato","ksquizzato@mirantis.com"
+"milosgajdos","Milos Gajdos","milosthegajdos@gmail.com"
+"sargun","Sargun Dhillon","sargun@sargun.me"
+"wy65701436","Wang Yan","wangyan@vmware.com"
+"stevelasker","Steve Lasker","steve.lasker@microsoft.com"
+#
+# REVIEWERS
+# GitHub ID, Name, Email address
+"dmcgowan","Derek McGowan","derek@mcgstyle.net"
+"stevvooe","Stephen Day","stevvooe@gmail.com"
+"thajeztah","Sebastiaan van Stijn","github@gone.nl"
+"DavidSpek", "David van der Spek", "vanderspek.david@gmail.com"
+"Jamstah", "James Hewitt", "james.hewitt@gmail.com"
diff --git a/vendor/github.com/distribution/reference/Makefile b/vendor/github.com/distribution/reference/Makefile
new file mode 100644
index 000000000..c78576b75
--- /dev/null
+++ b/vendor/github.com/distribution/reference/Makefile
@@ -0,0 +1,25 @@
+# Project packages.
+PACKAGES=$(shell go list ./...)
+
+# Flags passed to `go test`
+BUILDFLAGS ?= 
+TESTFLAGS ?= 
+
+.PHONY: all build test coverage
+.DEFAULT: all
+
+all: build
+
+build: ## no binaries to build, so just check compilation suceeds
+	go build ${BUILDFLAGS} ./...
+
+test: ## run tests
+	go test ${TESTFLAGS} ./...
+
+coverage: ## generate coverprofiles from the unit tests
+	rm -f coverage.txt
+	go test ${TESTFLAGS} -cover -coverprofile=cover.out ./...
+
+.PHONY: help
+help:
+	@awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n  make \033[36m\033[0m\n"} /^[a-zA-Z_\/%-]+:.*?##/ { printf "  \033[36m%-27s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST)
diff --git a/vendor/github.com/distribution/reference/README.md b/vendor/github.com/distribution/reference/README.md
new file mode 100644
index 000000000..e2531e49c
--- /dev/null
+++ b/vendor/github.com/distribution/reference/README.md
@@ -0,0 +1,30 @@
+# Distribution reference
+
+Go library to handle references to container images.
+
+<img src="/distribution-logo.svg" width="200px" />
+
+[![Build Status](https://github.com/distribution/reference/actions/workflows/test.yml/badge.svg?branch=main&event=push)](https://github.com/distribution/reference/actions?query=workflow%3ACI)
+[![GoDoc](https://img.shields.io/badge/go.dev-reference-007d9c?logo=go&logoColor=white&style=flat-square)](https://pkg.go.dev/github.com/distribution/reference)
+[![License: Apache-2.0](https://img.shields.io/badge/License-Apache--2.0-blue.svg)](LICENSE)
+[![codecov](https://codecov.io/gh/distribution/reference/branch/main/graph/badge.svg)](https://codecov.io/gh/distribution/reference)
+[![FOSSA Status](https://app.fossa.com/api/projects/custom%2B162%2Fgithub.com%2Fdistribution%2Freference.svg?type=shield)](https://app.fossa.com/projects/custom%2B162%2Fgithub.com%2Fdistribution%2Freference?ref=badge_shield)
+
+This repository contains a library for handling refrences to container images held in container registries. Please see [godoc](https://pkg.go.dev/github.com/distribution/reference) for details.
+
+## Contribution
+
+Please see [CONTRIBUTING.md](CONTRIBUTING.md) for details on how to contribute
+issues, fixes, and patches to this project.
+
+## Communication
+
+For async communication and long running discussions please use issues and pull requests on the github repo.
+This will be the best place to discuss design and implementation.
+
+For sync communication we have a #distribution channel in the [CNCF Slack](https://slack.cncf.io/)
+that everyone is welcome to join and chat about development.
+
+## Licenses
+
+The distribution codebase is released under the [Apache 2.0 license](LICENSE).
diff --git a/vendor/github.com/distribution/reference/SECURITY.md b/vendor/github.com/distribution/reference/SECURITY.md
new file mode 100644
index 000000000..aaf983c0f
--- /dev/null
+++ b/vendor/github.com/distribution/reference/SECURITY.md
@@ -0,0 +1,7 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+The maintainers take security seriously. If you discover a security issue, please bring it to their attention right away!
+
+Please DO NOT file a public issue, instead send your report privately to cncf-distribution-security@lists.cncf.io.
diff --git a/vendor/github.com/distribution/reference/distribution-logo.svg b/vendor/github.com/distribution/reference/distribution-logo.svg
new file mode 100644
index 000000000..cc9f4073b
--- /dev/null
+++ b/vendor/github.com/distribution/reference/distribution-logo.svg
@@ -0,0 +1 @@
+<svg id="Layer_1" data-name="Layer 1" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 564.27793 654.82002"><defs><style>.cls-1{fill:#416ba9;}.cls-2{fill:#74c3d5;}</style></defs><path class="cls-1" d="M17.48582,567.55941c0-3.66375,2.2168-4.91716,4.91609-4.91716H36.66877c18.70153,0,28.24476,9.06127,28.24476,33.64387,0,22.26771-7.51889,35.57065-27.95526,35.57065H22.40191c-2.69929,0-4.91609-1.25341-4.91609-4.91609Zm20.33987,49.741c7.61539,0,10.60365-6.94043,10.60365-20.72586,0-15.13429-3.85568-19.376-10.70015-19.376H33.97v40.10182Z"/><path class="cls-1" d="M72.43613,567.55941c0-3.66375,2.21681-4.91716,4.9161-4.91716h6.36251c2.69876,0,4.91609,1.25341,4.91609,4.91716v59.38127c0,3.66268-2.21733,4.91609-4.91609,4.91609H77.35223c-2.69929,0-4.9161-1.25341-4.9161-4.91609Z"/><path class="cls-1" d="M99.718,613.05875l5.78405-1.06042c4.33764-.77092,4.53063,1.15692,5.78352,3.85674a6.70953,6.70953,0,0,0,6.5555,3.95218c3.56672,0,6.26548-1.83134,6.26548-5.59158,0-12.82046-27.6663-11.08561-27.6663-34.31724,0-10.79718,7.80839-18.1236,20.43637-18.1236,11.08614,0,16.96615,4.8196,20.05091,12.918.96445,2.31277,1.44641,4.7231-2.98826,5.59052l-5.20559,1.06042c-3.95218.77092-4.33764-1.06042-6.073-3.66269a6.39679,6.39679,0,0,0-5.49456-3.08475c-3.18125,0-5.20559,1.83134-5.20559,4.7231,0,12.24252,27.56981,10.60418,27.56981,33.73931,0,12.532-8.77231,19.66545-22.36422,19.66545-11.47159,0-17.93007-4.43467-20.82236-14.07387C95.57286,616.24,95.1874,613.92617,99.718,613.05875Z"/><path class="cls-1" d="M154.86187,576.62068h-8.09735c-3.66321,0-4.91662-2.21734-4.91662-4.91716v-4.14411c0-2.69983,1.25341-4.91716,4.91662-4.91716H179.058c3.66321,0,4.91609,2.21733,4.91609,4.91716v4.14411c0,2.69982-1.25288,4.91716-4.91609,4.91716h-8.09788v50.32c0,3.66268-2.21681,4.91609-4.9161,4.91609h-6.266c-2.69876,0-4.9161-1.25341-4.9161-4.91609Z"/><path class="cls-1" d="M189.76022,567.55941c0-3.66375,2.21681-4.91716,4.9161-4.91716h16.2912c15.13481,0,23.03969,5.68808,23.03969,20.05144,0,8.38684-3.27775,13.68787-8.29034,16.77369l9.35076,27.76173c1.34938,4.04974-.96445,4.62766-3.37425,4.62766h-8.67581c-2.89176,0-4.53063-1.92783-5.30208-4.7231L211.546,605.92532h-5.68755v21.01536c0,3.66268-2.2168,4.91609-4.91609,4.91609h-6.266c-2.69929,0-4.9161-1.25341-4.9161-4.91609Zm20.14688,25.35246c4.14517,0,7.61592-1.6394,7.61592-8.57984,0-7.61486-3.37425-8.19384-7.22993-8.19384h-4.43467v16.77368Z"/><path class="cls-1" d="M241.91422,567.55941c0-3.66375,2.2168-4.91716,4.91609-4.91716h6.36251c2.69876,0,4.9161,1.25341,4.9161,4.91716v59.38127c0,3.66268-2.21734,4.91609-4.9161,4.91609h-6.36251c-2.69929,0-4.91609-1.25341-4.91609-4.91609Z"/><path class="cls-1" d="M267.75024,567.55941c0-3.66375,2.2168-4.91716,4.91609-4.91716h14.94182c16.77316,0,24.09958,5.49508,24.09958,18.31659,0,6.94044-3.08475,11.953-8.96477,14.5553v.193c6.74744,2.31384,10.41065,7.13343,10.41065,15.80977,0,16.58069-11.3751,20.33987-25.449,20.33987H272.66633c-2.69929,0-4.91609-1.25341-4.91609-4.91609Zm20.72533,22.5572c4.33817,0,6.84447-2.12083,6.84447-7.32642,0-4.91716-2.79579-6.36251-6.84447-6.36251h-4.9161v13.68893Zm.386,27.95473c5.88,0,7.90436-2.40926,7.90436-7.80785,0-5.88-3.18126-7.80786-7.80839-7.80786h-5.39806v15.61571Z"/><path class="cls-1" d="M320.09776,567.55941c0-3.66375,2.21733-4.91716,4.91662-4.91716h6.362c2.69929,0,4.91663,1.25341,4.91663,4.91716v43.282c0,5.78457,2.3133,8.38684,6.748,8.38684,4.43413,0,7.13343-2.60227,7.13343-8.38684v-43.282c0-3.66375,2.21733-4.91716,4.91609-4.91716H361.26c2.6993,0,4.91663,1.25341,4.91663,4.91716v41.06573c0,15.80871-7.13343,24.00256-23.42516,24.00256-16.0982,0-22.6537-8.19385-22.6537-24.00256Z"/><path class="cls-1" d="M384.59236,576.62068H376.495c-3.66322,0-4.91663-2.21734-4.91663-4.91716v-4.14411c0-2.69983,1.25341-4.91716,4.91663-4.91716h32.29343c3.66321,0,4.91609,2.21733,4.91609,4.91716v4.14411c0,2.69982-1.25288,4.91716-4.91609,4.91716H400.6911v50.32c0,3.66268-2.21734,4.91609-4.91663,4.91609h-6.266c-2.69929,0-4.9161-1.25341-4.9161-4.91609Z"/><path class="cls-1" d="M419.49071,567.55941c0-3.66375,2.21681-4.91716,4.9161-4.91716h6.36251c2.69876,0,4.91609,1.25341,4.91609,4.91716v59.38127c0,3.66268-2.21733,4.91609-4.91609,4.91609h-6.36251c-2.69929,0-4.9161-1.25341-4.9161-4.91609Z"/><path class="cls-1" d="M443.20536,597.34654c0-21.30485,5.59106-35.57171,24.48505-35.57171s24.48505,14.26686,24.48505,35.57171c0,22.07472-6.84394,35.37766-24.485,35.37766S443.20536,619.42126,443.20536,597.34654Zm32.48643,0c0-16.29226-2.12083-22.26877-8.00138-22.26877-5.88,0-8.00085,5.97651-8.00085,22.26877,0,17.06212,2.4098,22.17121,8.00085,22.17121C473.378,619.51775,475.69179,614.40866,475.69179,597.34654Z"/><path class="cls-1" d="M499.69859,567.55941c0-3.66375,2.2168-4.91716,4.9161-4.91716h6.941a7.56728,7.56728,0,0,1,6.84394,4.43467l13.207,29.88363h.19247V567.55941c0-3.66375,2.21733-4.91716,4.91662-4.91716h4.62714c2.69876,0,4.91609,1.25341,4.91609,4.91716v59.38127c0,3.66268-2.21733,4.91609-4.91609,4.91609h-5.68756c-2.98878,0-4.72363-1.83134-5.977-4.43466L514.15792,593.5863h-.19247v33.35438c0,3.66268-2.21733,4.91609-4.91663,4.91609h-4.43413c-2.6993,0-4.9161-1.25341-4.9161-4.91609Z"/><g id="F1L4Xu"><path class="cls-2" d="M461.28162,365.26377c14.626-14.99573,31.51073-27.88581,43.901-45.3001,23.6055-33.17709,21.5881-53.98611-9.08528-79.89549-5.54727-4.68571-8.18237-7.96252-5.187-15.251,2.57641-6.26934,3.76528-13.21711,4.83156-19.981,5.90314-37.44659-11.00082-60.70078-48.64828-63.33267-13.137-.91842-16.45015-5.43062-19.21754-16.935-9.30387-38.67663-34.59038-53.67167-74.13662-44.585-10.18443,2.3401-17.05741,2.2529-24.8593-6.77926-30.175-34.93317-59.58084-35.22646-91.95222-.348-9.64337,10.39025-15.6225,11.83918-28.62783,5.4055-32.90341-16.27713-59.8387-3.10046-69.78437,35.47712-4.6848,18.17164-11.36854,26.3489-30.24471,30.1582-31.33028,6.32259-44.78933,33.5759-35.57532,69.531,3.76252,14.68215,4.6826,23.43655-10.28992,33.26423-22.74913,14.93216-25.22052,35.33713-11.0953,59.39875a163.06863,163.06863,0,0,0,18.46085,24.68707c6.40258,7.28037,13.94521,13.55817,19.80434,21.482C65.25053,338.04809,43.116,321.28746,27.8598,297.29993c-17.05057-26.80876-13.40609-48.15088,13.33187-65.26212,13.64688-8.73344,14.87507-15.92347,10.65871-30.93464-12.7269-45.31048,5.12054-71.29348,52.09339-78.34017,9.12234-1.36851,13.24368-4.37134,14.93358-13.09156a120.37358,120.37358,0,0,1,6.91928-23.66458C140.26672,51.59355,166.89048,40.64934,200.93587,56.76c12.995,6.14933,20.16447,5.77862,30.68022-5.2998C268.21035,12.90788,301.23887,13.957,336.089,53.95609c7.03437,8.07364,13.32723,7.58749,21.51782,5.54845,49.26567-12.26462,82.34232,9.66738,86.80352,52.02378.85563,8.12375,4.89151,12.49189,13.59822,11.06745a9.08058,9.08058,0,0,1,2.06083.01162c48.42775,3.32745,67.90447,29.37216,55.65225,76.28488-3.68675,14.11627-5.266,23.35647,9.83168,33.3918,24.025,15.96919,26.43605,40.908,10.89058,67.22194C523.519,321.384,492.3391,349.49056,461.28162,365.26377Z"/><path class="cls-2" d="M222.21166,412.15994c-43.3335,8.71069-88.628,7.98395-130.77907,28.38523,94.59324,34.57588,265.86321,39.32494,381.28659.87883-20.80256-13.03877-43.25235-15.46757-64.96771-19.52875-21.46582-4.01455-43.21049-6.53754-65.22855-9.773,2.32155-9.0906,5.71941-13.26155,14.6818-11.53506,34.9755,6.73747,70.6065,10.43856,104.30053,22.96341,8.18218,3.04152,18.89124,4.40911,19.86455,15.15614,1.09622,12.10448-6.10692,24.09739-16.79915,25.67409-30.25013,4.46064-56.38559,26.36212-84.9133,26.506-28.47048.14371-52.82989-.52977-79.492,14.17476-20.18156,11.13047-46.332,2.83194-64.16335-15.45408-6.83775-7.01216-11.13794-6.37864-19.02114-2.85829-23.91278,10.67842-47.24546,8.5124-67.31614-8.79886-7.10279-6.12627-13.27536-7.629-22.06165-6.68907a44.08867,44.08867,0,0,1-27.74743-5.86122C89.8179,459.38315,82.0507,451.437,82.898,439.18832c.77048-11.13889,11.49627-12.35089,19.55689-15.40536,33.62848-12.74306,69.18754-16.82889,104.26785-23.14551C215.75685,399.01074,219.15407,403.38339,222.21166,412.15994Z"/></g><rect class="cls-1" x="157.9184" y="278.28554" width="63.75238" height="63.75238"/><rect class="cls-1" x="241.008" y="278.28554" width="63.75238" height="63.75238"/><rect class="cls-1" x="157.9184" y="361.37514" width="63.75238" height="63.75238"/><rect class="cls-1" x="367.09657" y="153.06724" width="63.75176" height="63.75177" transform="translate(-13.91822 336.28471) rotate(-45)"/><polygon class="cls-1" points="239.799 221.785 239.799 222.389 296.3 250.79 325.004 193.987 268.201 165.284 239.799 221.785"/><rect class="cls-1" x="341.49858" y="264.8759" width="63.75384" height="63.75383" transform="translate(-59.8512 496.2174) rotate(-63.19922)"/><rect class="cls-1" x="157.9184" y="195.19594" width="63.75238" height="63.75238"/><rect class="cls-1" x="241.008" y="361.37514" width="63.75238" height="63.75238"/><rect class="cls-1" x="324.39973" y="361.37514" width="63.75238" height="63.75238"/></svg>
\ No newline at end of file
diff --git a/vendor/github.com/docker/distribution/reference/helpers.go b/vendor/github.com/distribution/reference/helpers.go
similarity index 94%
rename from vendor/github.com/docker/distribution/reference/helpers.go
rename to vendor/github.com/distribution/reference/helpers.go
index 978df7eab..d10c7ef83 100644
--- a/vendor/github.com/docker/distribution/reference/helpers.go
+++ b/vendor/github.com/distribution/reference/helpers.go
@@ -32,7 +32,7 @@ func FamiliarString(ref Reference) string {
 }
 
 // FamiliarMatch reports whether ref matches the specified pattern.
-// See https://godoc.org/path#Match for supported patterns.
+// See [path.Match] for supported patterns.
 func FamiliarMatch(pattern string, ref Reference) (bool, error) {
 	matched, err := path.Match(pattern, FamiliarString(ref))
 	if namedRef, isNamed := ref.(Named); isNamed && !matched {
diff --git a/vendor/github.com/docker/distribution/reference/normalize.go b/vendor/github.com/distribution/reference/normalize.go
similarity index 52%
rename from vendor/github.com/docker/distribution/reference/normalize.go
rename to vendor/github.com/distribution/reference/normalize.go
index b3dfb7a6d..a30229d01 100644
--- a/vendor/github.com/docker/distribution/reference/normalize.go
+++ b/vendor/github.com/distribution/reference/normalize.go
@@ -1,19 +1,42 @@
 package reference
 
 import (
-	"errors"
 	"fmt"
 	"strings"
 
-	"github.com/docker/distribution/digestset"
 	"github.com/opencontainers/go-digest"
 )
 
-var (
+const (
+	// legacyDefaultDomain is the legacy domain for Docker Hub (which was
+	// originally named "the Docker Index"). This domain is still used for
+	// authentication and image search, which were part of the "v1" Docker
+	// registry specification.
+	//
+	// This domain will continue to be supported, but there are plans to consolidate
+	// legacy domains to new "canonical" domains. Once those domains are decided
+	// on, we must update the normalization functions, but preserve compatibility
+	// with existing installs, clients, and user configuration.
 	legacyDefaultDomain = "index.docker.io"
-	defaultDomain       = "docker.io"
-	officialRepoName    = "library"
-	defaultTag          = "latest"
+
+	// defaultDomain is the default domain used for images on Docker Hub.
+	// It is used to normalize "familiar" names to canonical names, for example,
+	// to convert "ubuntu" to "docker.io/library/ubuntu:latest".
+	//
+	// Note that actual domain of Docker Hub's registry is registry-1.docker.io.
+	// This domain will continue to be supported, but there are plans to consolidate
+	// legacy domains to new "canonical" domains. Once those domains are decided
+	// on, we must update the normalization functions, but preserve compatibility
+	// with existing installs, clients, and user configuration.
+	defaultDomain = "docker.io"
+
+	// officialRepoPrefix is the namespace used for official images on Docker Hub.
+	// It is used to normalize "familiar" names to canonical names, for example,
+	// to convert "ubuntu" to "docker.io/library/ubuntu:latest".
+	officialRepoPrefix = "library/"
+
+	// defaultTag is the default tag if no tag is provided.
+	defaultTag = "latest"
 )
 
 // normalizedNamed represents a name which has been
@@ -35,14 +58,14 @@ func ParseNormalizedNamed(s string) (Named, error) {
 		return nil, fmt.Errorf("invalid repository name (%s), cannot specify 64-byte hexadecimal strings", s)
 	}
 	domain, remainder := splitDockerDomain(s)
-	var remoteName string
+	var remote string
 	if tagSep := strings.IndexRune(remainder, ':'); tagSep > -1 {
-		remoteName = remainder[:tagSep]
+		remote = remainder[:tagSep]
 	} else {
-		remoteName = remainder
+		remote = remainder
 	}
-	if strings.ToLower(remoteName) != remoteName {
-		return nil, errors.New("invalid reference format: repository name must be lowercase")
+	if strings.ToLower(remote) != remote {
+		return nil, fmt.Errorf("invalid reference format: repository name (%s) must be lowercase", remote)
 	}
 
 	ref, err := Parse(domain + "/" + remainder)
@@ -56,41 +79,53 @@ func ParseNormalizedNamed(s string) (Named, error) {
 	return named, nil
 }
 
-// ParseDockerRef normalizes the image reference following the docker convention. This is added
-// mainly for backward compatibility.
-// The reference returned can only be either tagged or digested. For reference contains both tag
-// and digest, the function returns digested reference, e.g. docker.io/library/busybox:latest@
-// sha256:7cc4b5aefd1d0cadf8d97d4350462ba51c694ebca145b08d7d41b41acc8db5aa will be returned as
-// docker.io/library/busybox@sha256:7cc4b5aefd1d0cadf8d97d4350462ba51c694ebca145b08d7d41b41acc8db5aa.
+// namedTaggedDigested is a reference that has both a tag and a digest.
+type namedTaggedDigested interface {
+	NamedTagged
+	Digested
+}
+
+// ParseDockerRef normalizes the image reference following the docker convention,
+// which allows for references to contain both a tag and a digest. It returns a
+// reference that is either tagged or digested. For references containing both
+// a tag and a digest, it returns a digested reference. For example, the following
+// reference:
+//
+//	docker.io/library/busybox:latest@sha256:7cc4b5aefd1d0cadf8d97d4350462ba51c694ebca145b08d7d41b41acc8db5aa
+//
+// Is returned as a digested reference (with the ":latest" tag removed):
+//
+//	docker.io/library/busybox@sha256:7cc4b5aefd1d0cadf8d97d4350462ba51c694ebca145b08d7d41b41acc8db5aa
+//
+// References that are already "tagged" or "digested" are returned unmodified:
+//
+//	// Already a digested reference
+//	docker.io/library/busybox@sha256:7cc4b5aefd1d0cadf8d97d4350462ba51c694ebca145b08d7d41b41acc8db5aa
+//
+//	// Already a named reference
+//	docker.io/library/busybox:latest
 func ParseDockerRef(ref string) (Named, error) {
 	named, err := ParseNormalizedNamed(ref)
 	if err != nil {
 		return nil, err
 	}
-	if _, ok := named.(NamedTagged); ok {
-		if canonical, ok := named.(Canonical); ok {
-			// The reference is both tagged and digested, only
-			// return digested.
-			newNamed, err := WithName(canonical.Name())
-			if err != nil {
-				return nil, err
-			}
-			newCanonical, err := WithDigest(newNamed, canonical.Digest())
-			if err != nil {
-				return nil, err
-			}
-			return newCanonical, nil
+	if canonical, ok := named.(namedTaggedDigested); ok {
+		// The reference is both tagged and digested; only return digested.
+		newNamed, err := WithName(canonical.Name())
+		if err != nil {
+			return nil, err
 		}
+		return WithDigest(newNamed, canonical.Digest())
 	}
 	return TagNameOnly(named), nil
 }
 
-// splitDockerDomain splits a repository name to domain and remotename string.
+// splitDockerDomain splits a repository name to domain and remote-name.
 // If no valid domain is found, the default domain is used. Repository name
 // needs to be already validated before.
 func splitDockerDomain(name string) (domain, remainder string) {
 	i := strings.IndexRune(name, '/')
-	if i == -1 || (!strings.ContainsAny(name[:i], ".:") && name[:i] != "localhost") {
+	if i == -1 || (!strings.ContainsAny(name[:i], ".:") && name[:i] != localhost && strings.ToLower(name[:i]) == name[:i]) {
 		domain, remainder = defaultDomain, name
 	} else {
 		domain, remainder = name[:i], name[i+1:]
@@ -99,13 +134,13 @@ func splitDockerDomain(name string) (domain, remainder string) {
 		domain = defaultDomain
 	}
 	if domain == defaultDomain && !strings.ContainsRune(remainder, '/') {
-		remainder = officialRepoName + "/" + remainder
+		remainder = officialRepoPrefix + remainder
 	}
 	return
 }
 
 // familiarizeName returns a shortened version of the name familiar
-// to to the Docker UI. Familiar names have the default domain
+// to the Docker UI. Familiar names have the default domain
 // "docker.io" and "library/" repository prefix removed.
 // For example, "docker.io/library/redis" will have the familiar
 // name "redis" and "docker.io/dmcgowan/myapp" will be "dmcgowan/myapp".
@@ -119,8 +154,15 @@ func familiarizeName(named namedRepository) repository {
 	if repo.domain == defaultDomain {
 		repo.domain = ""
 		// Handle official repositories which have the pattern "library/<official repo name>"
-		if split := strings.Split(repo.path, "/"); len(split) == 2 && split[0] == officialRepoName {
-			repo.path = split[1]
+		if strings.HasPrefix(repo.path, officialRepoPrefix) {
+			// TODO(thaJeztah): this check may be too strict, as it assumes the
+			//  "library/" namespace does not have nested namespaces. While this
+			//  is true (currently), technically it would be possible for Docker
+			//  Hub to use those (e.g. "library/distros/ubuntu:latest").
+			//  See https://github.com/distribution/distribution/pull/3769#issuecomment-1302031785.
+			if remainder := strings.TrimPrefix(repo.path, officialRepoPrefix); !strings.ContainsRune(remainder, '/') {
+				repo.path = remainder
+			}
 		}
 	}
 	return repo
@@ -180,20 +222,3 @@ func ParseAnyReference(ref string) (Reference, error) {
 
 	return ParseNormalizedNamed(ref)
 }
-
-// ParseAnyReferenceWithSet parses a reference string as a possible short
-// identifier to be matched in a digest set, a full digest, or familiar name.
-func ParseAnyReferenceWithSet(ref string, ds *digestset.Set) (Reference, error) {
-	if ok := anchoredShortIdentifierRegexp.MatchString(ref); ok {
-		dgst, err := ds.Lookup(ref)
-		if err == nil {
-			return digestReference(dgst), nil
-		}
-	} else {
-		if dgst, err := digest.Parse(ref); err == nil {
-			return digestReference(dgst), nil
-		}
-	}
-
-	return ParseNormalizedNamed(ref)
-}
diff --git a/vendor/github.com/docker/distribution/reference/reference.go b/vendor/github.com/distribution/reference/reference.go
similarity index 93%
rename from vendor/github.com/docker/distribution/reference/reference.go
rename to vendor/github.com/distribution/reference/reference.go
index b7cd00b0d..e98c44daa 100644
--- a/vendor/github.com/docker/distribution/reference/reference.go
+++ b/vendor/github.com/distribution/reference/reference.go
@@ -4,11 +4,14 @@
 // Grammar
 //
 //	reference                       := name [ ":" tag ] [ "@" digest ]
-//	name                            := [domain '/'] path-component ['/' path-component]*
-//	domain                          := domain-component ['.' domain-component]* [':' port-number]
+//	name                            := [domain '/'] remote-name
+//	domain                          := host [':' port-number]
+//	host                            := domain-name | IPv4address | \[ IPv6address \]	; rfc3986 appendix-A
+//	domain-name                     := domain-component ['.' domain-component]*
 //	domain-component                := /([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])/
 //	port-number                     := /[0-9]+/
 //	path-component                  := alpha-numeric [separator alpha-numeric]*
+//	path (or "remote-name")         := path-component ['/' path-component]*
 //	alpha-numeric                   := /[a-z0-9]+/
 //	separator                       := /[_.]|__|[-]*/
 //
@@ -21,7 +24,6 @@
 //	digest-hex                      := /[0-9a-fA-F]{32,}/ ; At least 128 bit digest value
 //
 //	identifier                      := /[a-f0-9]{64}/
-//	short-identifier                := /[a-f0-9]{6,64}/
 package reference
 
 import (
@@ -145,7 +147,7 @@ type namedRepository interface {
 	Path() string
 }
 
-// Domain returns the domain part of the Named reference
+// Domain returns the domain part of the [Named] reference.
 func Domain(named Named) string {
 	if r, ok := named.(namedRepository); ok {
 		return r.Domain()
@@ -154,7 +156,7 @@ func Domain(named Named) string {
 	return domain
 }
 
-// Path returns the name without the domain part of the Named reference
+// Path returns the name without the domain part of the [Named] reference.
 func Path(named Named) (name string) {
 	if r, ok := named.(namedRepository); ok {
 		return r.Path()
@@ -175,7 +177,8 @@ func splitDomain(name string) (string, string) {
 // hostname and name string. If no valid hostname is
 // found, the hostname is empty and the full value
 // is returned as name
-// DEPRECATED: Use Domain or Path
+//
+// Deprecated: Use [Domain] or [Path].
 func SplitHostname(named Named) (string, string) {
 	if r, ok := named.(namedRepository); ok {
 		return r.Domain(), r.Path()
@@ -185,7 +188,6 @@ func SplitHostname(named Named) (string, string) {
 
 // Parse parses s and returns a syntactically valid Reference.
 // If an error was encountered it is returned, along with a nil Reference.
-// NOTE: Parse will not handle short digests.
 func Parse(s string) (Reference, error) {
 	matches := ReferenceRegexp.FindStringSubmatch(s)
 	if matches == nil {
@@ -237,7 +239,6 @@ func Parse(s string) (Reference, error) {
 // the Named interface. The reference must have a name and be in the canonical
 // form, otherwise an error is returned.
 // If an error was encountered it is returned, along with a nil Reference.
-// NOTE: ParseNamed will not handle short digests.
 func ParseNamed(s string) (Named, error) {
 	named, err := ParseNormalizedNamed(s)
 	if err != nil {
@@ -320,11 +321,13 @@ func WithDigest(name Named, digest digest.Digest) (Canonical, error) {
 
 // TrimNamed removes any tag or digest from the named reference.
 func TrimNamed(ref Named) Named {
-	domain, path := SplitHostname(ref)
-	return repository{
-		domain: domain,
-		path:   path,
+	repo := repository{}
+	if r, ok := ref.(namedRepository); ok {
+		repo.domain, repo.path = r.Domain(), r.Path()
+	} else {
+		repo.domain, repo.path = splitDomain(ref.Name())
 	}
+	return repo
 }
 
 func getBestReferenceType(ref reference) Reference {
diff --git a/vendor/github.com/distribution/reference/regexp.go b/vendor/github.com/distribution/reference/regexp.go
new file mode 100644
index 000000000..65bc49d79
--- /dev/null
+++ b/vendor/github.com/distribution/reference/regexp.go
@@ -0,0 +1,163 @@
+package reference
+
+import (
+	"regexp"
+	"strings"
+)
+
+// DigestRegexp matches well-formed digests, including algorithm (e.g. "sha256:<encoded>").
+var DigestRegexp = regexp.MustCompile(digestPat)
+
+// DomainRegexp matches hostname or IP-addresses, optionally including a port
+// number. It defines the structure of potential domain components that may be
+// part of image names. This is purposely a subset of what is allowed by DNS to
+// ensure backwards compatibility with Docker image names. It may be a subset of
+// DNS domain name, an IPv4 address in decimal format, or an IPv6 address between
+// square brackets (excluding zone identifiers as defined by [RFC 6874] or special
+// addresses such as IPv4-Mapped).
+//
+// [RFC 6874]: https://www.rfc-editor.org/rfc/rfc6874.
+var DomainRegexp = regexp.MustCompile(domainAndPort)
+
+// IdentifierRegexp is the format for string identifier used as a
+// content addressable identifier using sha256. These identifiers
+// are like digests without the algorithm, since sha256 is used.
+var IdentifierRegexp = regexp.MustCompile(identifier)
+
+// NameRegexp is the format for the name component of references, including
+// an optional domain and port, but without tag or digest suffix.
+var NameRegexp = regexp.MustCompile(namePat)
+
+// ReferenceRegexp is the full supported format of a reference. The regexp
+// is anchored and has capturing groups for name, tag, and digest
+// components.
+var ReferenceRegexp = regexp.MustCompile(referencePat)
+
+// TagRegexp matches valid tag names. From [docker/docker:graph/tags.go].
+//
+// [docker/docker:graph/tags.go]: https://github.com/moby/moby/blob/v1.6.0/graph/tags.go#L26-L28
+var TagRegexp = regexp.MustCompile(tag)
+
+const (
+	// alphanumeric defines the alphanumeric atom, typically a
+	// component of names. This only allows lower case characters and digits.
+	alphanumeric = `[a-z0-9]+`
+
+	// separator defines the separators allowed to be embedded in name
+	// components. This allows one period, one or two underscore and multiple
+	// dashes. Repeated dashes and underscores are intentionally treated
+	// differently. In order to support valid hostnames as name components,
+	// supporting repeated dash was added. Additionally double underscore is
+	// now allowed as a separator to loosen the restriction for previously
+	// supported names.
+	separator = `(?:[._]|__|[-]+)`
+
+	// localhost is treated as a special value for domain-name. Any other
+	// domain-name without a "." or a ":port" are considered a path component.
+	localhost = `localhost`
+
+	// domainNameComponent restricts the registry domain component of a
+	// repository name to start with a component as defined by DomainRegexp.
+	domainNameComponent = `(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])`
+
+	// optionalPort matches an optional port-number including the port separator
+	// (e.g. ":80").
+	optionalPort = `(?::[0-9]+)?`
+
+	// tag matches valid tag names. From docker/docker:graph/tags.go.
+	tag = `[\w][\w.-]{0,127}`
+
+	// digestPat matches well-formed digests, including algorithm (e.g. "sha256:<encoded>").
+	//
+	// TODO(thaJeztah): this should follow the same rules as https://pkg.go.dev/github.com/opencontainers/go-digest@v1.0.0#DigestRegexp
+	// so that go-digest defines the canonical format. Note that the go-digest is
+	// more relaxed:
+	//   - it allows multiple algorithms (e.g. "sha256+b64:<encoded>") to allow
+	//     future expansion of supported algorithms.
+	//   - it allows the "<encoded>" value to use urlsafe base64 encoding as defined
+	//     in [rfc4648, section 5].
+	//
+	// [rfc4648, section 5]: https://www.rfc-editor.org/rfc/rfc4648#section-5.
+	digestPat = `[A-Za-z][A-Za-z0-9]*(?:[-_+.][A-Za-z][A-Za-z0-9]*)*[:][[:xdigit:]]{32,}`
+
+	// identifier is the format for a content addressable identifier using sha256.
+	// These identifiers are like digests without the algorithm, since sha256 is used.
+	identifier = `([a-f0-9]{64})`
+
+	// ipv6address are enclosed between square brackets and may be represented
+	// in many ways, see rfc5952. Only IPv6 in compressed or uncompressed format
+	// are allowed, IPv6 zone identifiers (rfc6874) or Special addresses such as
+	// IPv4-Mapped are deliberately excluded.
+	ipv6address = `\[(?:[a-fA-F0-9:]+)\]`
+)
+
+var (
+	// domainName defines the structure of potential domain components
+	// that may be part of image names. This is purposely a subset of what is
+	// allowed by DNS to ensure backwards compatibility with Docker image
+	// names. This includes IPv4 addresses on decimal format.
+	domainName = domainNameComponent + anyTimes(`\.`+domainNameComponent)
+
+	// host defines the structure of potential domains based on the URI
+	// Host subcomponent on rfc3986. It may be a subset of DNS domain name,
+	// or an IPv4 address in decimal format, or an IPv6 address between square
+	// brackets (excluding zone identifiers as defined by rfc6874 or special
+	// addresses such as IPv4-Mapped).
+	host = `(?:` + domainName + `|` + ipv6address + `)`
+
+	// allowed by the URI Host subcomponent on rfc3986 to ensure backwards
+	// compatibility with Docker image names.
+	domainAndPort = host + optionalPort
+
+	// anchoredTagRegexp matches valid tag names, anchored at the start and
+	// end of the matched string.
+	anchoredTagRegexp = regexp.MustCompile(anchored(tag))
+
+	// anchoredDigestRegexp matches valid digests, anchored at the start and
+	// end of the matched string.
+	anchoredDigestRegexp = regexp.MustCompile(anchored(digestPat))
+
+	// pathComponent restricts path-components to start with an alphanumeric
+	// character, with following parts able to be separated by a separator
+	// (one period, one or two underscore and multiple dashes).
+	pathComponent = alphanumeric + anyTimes(separator+alphanumeric)
+
+	// remoteName matches the remote-name of a repository. It consists of one
+	// or more forward slash (/) delimited path-components:
+	//
+	//	pathComponent[[/pathComponent] ...] // e.g., "library/ubuntu"
+	remoteName = pathComponent + anyTimes(`/`+pathComponent)
+	namePat    = optional(domainAndPort+`/`) + remoteName
+
+	// anchoredNameRegexp is used to parse a name value, capturing the
+	// domain and trailing components.
+	anchoredNameRegexp = regexp.MustCompile(anchored(optional(capture(domainAndPort), `/`), capture(remoteName)))
+
+	referencePat = anchored(capture(namePat), optional(`:`, capture(tag)), optional(`@`, capture(digestPat)))
+
+	// anchoredIdentifierRegexp is used to check or match an
+	// identifier value, anchored at start and end of string.
+	anchoredIdentifierRegexp = regexp.MustCompile(anchored(identifier))
+)
+
+// optional wraps the expression in a non-capturing group and makes the
+// production optional.
+func optional(res ...string) string {
+	return `(?:` + strings.Join(res, "") + `)?`
+}
+
+// anyTimes wraps the expression in a non-capturing group that can occur
+// any number of times.
+func anyTimes(res ...string) string {
+	return `(?:` + strings.Join(res, "") + `)*`
+}
+
+// capture wraps the expression in a capturing group.
+func capture(res ...string) string {
+	return `(` + strings.Join(res, "") + `)`
+}
+
+// anchored anchors the regular expression by adding start and end delimiters.
+func anchored(res ...string) string {
+	return `^` + strings.Join(res, "") + `$`
+}
diff --git a/vendor/github.com/distribution/reference/sort.go b/vendor/github.com/distribution/reference/sort.go
new file mode 100644
index 000000000..416c37b07
--- /dev/null
+++ b/vendor/github.com/distribution/reference/sort.go
@@ -0,0 +1,75 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package reference
+
+import (
+	"sort"
+)
+
+// Sort sorts string references preferring higher information references.
+//
+// The precedence is as follows:
+//
+//  1. [Named] + [Tagged] + [Digested] (e.g., "docker.io/library/busybox:latest@sha256:<digest>")
+//  2. [Named] + [Tagged]              (e.g., "docker.io/library/busybox:latest")
+//  3. [Named] + [Digested]            (e.g., "docker.io/library/busybo@sha256:<digest>")
+//  4. [Named]                         (e.g., "docker.io/library/busybox")
+//  5. [Digested]                      (e.g., "docker.io@sha256:<digest>")
+//  6. Parse error
+func Sort(references []string) []string {
+	var prefs []Reference
+	var bad []string
+
+	for _, ref := range references {
+		pref, err := ParseAnyReference(ref)
+		if err != nil {
+			bad = append(bad, ref)
+		} else {
+			prefs = append(prefs, pref)
+		}
+	}
+	sort.Slice(prefs, func(a, b int) bool {
+		ar := refRank(prefs[a])
+		br := refRank(prefs[b])
+		if ar == br {
+			return prefs[a].String() < prefs[b].String()
+		}
+		return ar < br
+	})
+	sort.Strings(bad)
+	var refs []string
+	for _, pref := range prefs {
+		refs = append(refs, pref.String())
+	}
+	return append(refs, bad...)
+}
+
+func refRank(ref Reference) uint8 {
+	if _, ok := ref.(Named); ok {
+		if _, ok = ref.(Tagged); ok {
+			if _, ok = ref.(Digested); ok {
+				return 1
+			}
+			return 2
+		}
+		if _, ok = ref.(Digested); ok {
+			return 3
+		}
+		return 4
+	}
+	return 5
+}
diff --git a/vendor/github.com/docker/cli/cli/command/cli.go b/vendor/github.com/docker/cli/cli/command/cli.go
index 2a61d5e48..1551c14da 100644
--- a/vendor/github.com/docker/cli/cli/command/cli.go
+++ b/vendor/github.com/docker/cli/cli/command/cli.go
@@ -8,7 +8,6 @@ import (
 	"path/filepath"
 	"runtime"
 	"strconv"
-	"strings"
 	"sync"
 	"time"
 
@@ -48,9 +47,7 @@ type Streams interface {
 // Cli represents the docker command line client.
 type Cli interface {
 	Client() client.APIClient
-	Out() *streams.Out
-	Err() io.Writer
-	In() *streams.In
+	Streams
 	SetIn(in *streams.In)
 	Apply(ops ...DockerCliOption) error
 	ConfigFile() *configfile.ConfigFile
@@ -191,7 +188,7 @@ func (cli *DockerCli) ManifestStore() manifeststore.Store {
 // RegistryClient returns a client for communicating with a Docker distribution
 // registry
 func (cli *DockerCli) RegistryClient(allowInsecure bool) registryclient.RegistryClient {
-	resolver := func(ctx context.Context, index *registry.IndexInfo) types.AuthConfig {
+	resolver := func(ctx context.Context, index *registry.IndexInfo) registry.AuthConfig {
 		return ResolveAuthConfig(ctx, cli, index)
 	}
 	return registryclient.NewRegistryClient(resolver, UserAgent(), allowInsecure)
@@ -329,13 +326,8 @@ func (cli *DockerCli) getInitTimeout() time.Duration {
 
 func (cli *DockerCli) initializeFromClient() {
 	ctx := context.Background()
-	if !strings.HasPrefix(cli.dockerEndpoint.Host, "ssh://") {
-		// @FIXME context.WithTimeout doesn't work with connhelper / ssh connections
-		// time="2020-04-10T10:16:26Z" level=warning msg="commandConn.CloseWrite: commandconn: failed to wait: signal: killed"
-		var cancel func()
-		ctx, cancel = context.WithTimeout(ctx, cli.getInitTimeout())
-		defer cancel()
-	}
+	ctx, cancel := context.WithTimeout(ctx, cli.getInitTimeout())
+	defer cancel()
 
 	ping, err := cli.client.Ping(ctx)
 	if err != nil {
@@ -383,7 +375,7 @@ func (cli *DockerCli) ContextStore() store.Store {
 // the "default" context is used if:
 //
 //   - The "--host" option is set
-//   - The "DOCKER_HOST" ([DefaultContextName]) environment variable is set
+//   - The "DOCKER_HOST" ([client.EnvOverrideHost]) environment variable is set
 //     to a non-empty value.
 //
 // In these cases, the default context is used, which uses the host as
diff --git a/vendor/github.com/docker/cli/cli/command/events_utils.go b/vendor/github.com/docker/cli/cli/command/events_utils.go
index 16d76892a..6a2907c53 100644
--- a/vendor/github.com/docker/cli/cli/command/events_utils.go
+++ b/vendor/github.com/docker/cli/cli/command/events_utils.go
@@ -3,28 +3,28 @@ package command
 import (
 	"sync"
 
-	eventtypes "github.com/docker/docker/api/types/events"
+	"github.com/docker/docker/api/types/events"
 	"github.com/sirupsen/logrus"
 )
 
 // EventHandler is abstract interface for user to customize
 // own handle functions of each type of events
 type EventHandler interface {
-	Handle(action string, h func(eventtypes.Message))
-	Watch(c <-chan eventtypes.Message)
+	Handle(action string, h func(events.Message))
+	Watch(c <-chan events.Message)
 }
 
 // InitEventHandler initializes and returns an EventHandler
 func InitEventHandler() EventHandler {
-	return &eventHandler{handlers: make(map[string]func(eventtypes.Message))}
+	return &eventHandler{handlers: make(map[string]func(events.Message))}
 }
 
 type eventHandler struct {
-	handlers map[string]func(eventtypes.Message)
+	handlers map[string]func(events.Message)
 	mu       sync.Mutex
 }
 
-func (w *eventHandler) Handle(action string, h func(eventtypes.Message)) {
+func (w *eventHandler) Handle(action string, h func(events.Message)) {
 	w.mu.Lock()
 	w.handlers[action] = h
 	w.mu.Unlock()
@@ -33,7 +33,7 @@ func (w *eventHandler) Handle(action string, h func(eventtypes.Message)) {
 // Watch ranges over the passed in event chan and processes the events based on the
 // handlers created for a given action.
 // To stop watching, close the event chan.
-func (w *eventHandler) Watch(c <-chan eventtypes.Message) {
+func (w *eventHandler) Watch(c <-chan events.Message) {
 	for e := range c {
 		w.mu.Lock()
 		h, exists := w.handlers[e.Action]
diff --git a/vendor/github.com/docker/cli/cli/command/registry.go b/vendor/github.com/docker/cli/cli/command/registry.go
index 90cc08c53..95c16d7dc 100644
--- a/vendor/github.com/docker/cli/cli/command/registry.go
+++ b/vendor/github.com/docker/cli/cli/command/registry.go
@@ -3,8 +3,6 @@ package command
 import (
 	"bufio"
 	"context"
-	"encoding/base64"
-	"encoding/json"
 	"fmt"
 	"io"
 	"os"
@@ -12,6 +10,7 @@ import (
 	"strings"
 
 	configtypes "github.com/docker/cli/cli/config/types"
+	"github.com/docker/cli/cli/hints"
 	"github.com/docker/cli/cli/streams"
 	"github.com/docker/distribution/reference"
 	"github.com/docker/docker/api/types"
@@ -21,20 +20,15 @@ import (
 	"github.com/pkg/errors"
 )
 
-// ElectAuthServer returns the default registry to use.
-//
-// Deprecated: use [registry.IndexServer] instead.
-func ElectAuthServer(_ context.Context, _ Cli) string {
-	return registry.IndexServer
-}
+const patSuggest = "You can log in with your password or a Personal Access " +
+	"Token (PAT). Using a limited-scope PAT grants better security and is required " +
+	"for organizations using SSO. Learn more at https://docs.docker.com/go/access-tokens/"
 
-// EncodeAuthToBase64 serializes the auth configuration as JSON base64 payload
-func EncodeAuthToBase64(authConfig types.AuthConfig) (string, error) {
-	buf, err := json.Marshal(authConfig)
-	if err != nil {
-		return "", err
-	}
-	return base64.URLEncoding.EncodeToString(buf), nil
+// EncodeAuthToBase64 serializes the auth configuration as JSON base64 payload.
+//
+// Deprecated: use [registrytypes.EncodeAuthConfig] instead.
+func EncodeAuthToBase64(authConfig registrytypes.AuthConfig) (string, error) {
+	return registrytypes.EncodeAuthConfig(authConfig)
 }
 
 // RegistryAuthenticationPrivilegedFunc returns a RequestPrivilegeFunc from the specified registry index info
@@ -52,7 +46,7 @@ func RegistryAuthenticationPrivilegedFunc(cli Cli, index *registrytypes.IndexInf
 		if err != nil {
 			return "", err
 		}
-		return EncodeAuthToBase64(authConfig)
+		return registrytypes.EncodeAuthConfig(authConfig)
 	}
 }
 
@@ -62,19 +56,19 @@ func RegistryAuthenticationPrivilegedFunc(cli Cli, index *registrytypes.IndexInf
 //
 // It is similar to [registry.ResolveAuthConfig], but uses the credentials-
 // store, instead of looking up credentials from a map.
-func ResolveAuthConfig(_ context.Context, cli Cli, index *registrytypes.IndexInfo) types.AuthConfig {
+func ResolveAuthConfig(_ context.Context, cli Cli, index *registrytypes.IndexInfo) registrytypes.AuthConfig {
 	configKey := index.Name
 	if index.Official {
 		configKey = registry.IndexServer
 	}
 
 	a, _ := cli.ConfigFile().GetAuthConfig(configKey)
-	return types.AuthConfig(a)
+	return registrytypes.AuthConfig(a)
 }
 
 // GetDefaultAuthConfig gets the default auth config given a serverAddress
 // If credentials for given serverAddress exists in the credential store, the configuration will be populated with values in it
-func GetDefaultAuthConfig(cli Cli, checkCredStore bool, serverAddress string, isDefaultRegistry bool) (types.AuthConfig, error) {
+func GetDefaultAuthConfig(cli Cli, checkCredStore bool, serverAddress string, isDefaultRegistry bool) (registrytypes.AuthConfig, error) {
 	if !isDefaultRegistry {
 		serverAddress = registry.ConvertToHostname(serverAddress)
 	}
@@ -83,20 +77,27 @@ func GetDefaultAuthConfig(cli Cli, checkCredStore bool, serverAddress string, is
 	if checkCredStore {
 		authconfig, err = cli.ConfigFile().GetAuthConfig(serverAddress)
 		if err != nil {
-			return types.AuthConfig{
+			return registrytypes.AuthConfig{
 				ServerAddress: serverAddress,
 			}, err
 		}
 	}
 	authconfig.ServerAddress = serverAddress
 	authconfig.IdentityToken = ""
-	res := types.AuthConfig(authconfig)
+	res := registrytypes.AuthConfig(authconfig)
 	return res, nil
 }
 
 // ConfigureAuth handles prompting of user's username and password if needed
-func ConfigureAuth(cli Cli, flUser, flPassword string, authconfig *types.AuthConfig, isDefaultRegistry bool) error {
-	// On Windows, force the use of the regular OS stdin stream. Fixes #14336/#14210
+func ConfigureAuth(cli Cli, flUser, flPassword string, authconfig *registrytypes.AuthConfig, isDefaultRegistry bool) error {
+	// On Windows, force the use of the regular OS stdin stream.
+	//
+	// See:
+	// - https://github.com/moby/moby/issues/14336
+	// - https://github.com/moby/moby/issues/14210
+	// - https://github.com/moby/moby/pull/17738
+	//
+	// TODO(thaJeztah): we need to confirm if this special handling is still needed, as we may not be doing this in other places.
 	if runtime.GOOS == "windows" {
 		cli.SetIn(streams.NewIn(os.Stdin))
 	}
@@ -117,11 +118,18 @@ func ConfigureAuth(cli Cli, flUser, flPassword string, authconfig *types.AuthCon
 	if flUser = strings.TrimSpace(flUser); flUser == "" {
 		if isDefaultRegistry {
 			// if this is a default registry (docker hub), then display the following message.
-			fmt.Fprintln(cli.Out(), "Login with your Docker ID to push and pull images from Docker Hub. If you don't have a Docker ID, head over to https://hub.docker.com to create one.")
+			fmt.Fprintln(cli.Out(), "Log in with your Docker ID or email address to push and pull images from Docker Hub. If you don't have a Docker ID, head over to https://hub.docker.com/ to create one.")
+			if hints.Enabled() {
+				fmt.Fprintln(cli.Out(), patSuggest)
+				fmt.Fprintln(cli.Out())
+			}
 		}
 		promptWithDefault(cli.Out(), "Username", authconfig.Username)
-		flUser = readInput(cli.In(), cli.Out())
-		flUser = strings.TrimSpace(flUser)
+		var err error
+		flUser, err = readInput(cli.In())
+		if err != nil {
+			return err
+		}
 		if flUser == "" {
 			flUser = authconfig.Username
 		}
@@ -135,12 +143,15 @@ func ConfigureAuth(cli Cli, flUser, flPassword string, authconfig *types.AuthCon
 			return err
 		}
 		fmt.Fprintf(cli.Out(), "Password: ")
-		term.DisableEcho(cli.In().FD(), oldState)
-
-		flPassword = readInput(cli.In(), cli.Out())
+		_ = term.DisableEcho(cli.In().FD(), oldState)
+		defer func() {
+			_ = term.RestoreTerminal(cli.In().FD(), oldState)
+		}()
+		flPassword, err = readInput(cli.In())
+		if err != nil {
+			return err
+		}
 		fmt.Fprint(cli.Out(), "\n")
-
-		term.RestoreTerminal(cli.In().FD(), oldState)
 		if flPassword == "" {
 			return errors.Errorf("Error: Password Required")
 		}
@@ -152,14 +163,15 @@ func ConfigureAuth(cli Cli, flUser, flPassword string, authconfig *types.AuthCon
 	return nil
 }
 
-func readInput(in io.Reader, out io.Writer) string {
-	reader := bufio.NewReader(in)
-	line, _, err := reader.ReadLine()
+// readInput reads, and returns user input from in. It tries to return a
+// single line, not including the end-of-line bytes, and trims leading
+// and trailing whitespace.
+func readInput(in io.Reader) (string, error) {
+	line, _, err := bufio.NewReader(in).ReadLine()
 	if err != nil {
-		fmt.Fprintln(out, err.Error())
-		os.Exit(1)
+		return "", errors.Wrap(err, "error while reading input")
 	}
-	return string(line)
+	return strings.TrimSpace(string(line)), nil
 }
 
 func promptWithDefault(out io.Writer, prompt string, configDefault string) {
@@ -170,14 +182,19 @@ func promptWithDefault(out io.Writer, prompt string, configDefault string) {
 	}
 }
 
-// RetrieveAuthTokenFromImage retrieves an encoded auth token given a complete image
+// RetrieveAuthTokenFromImage retrieves an encoded auth token given a complete
+// image. The auth configuration is serialized as a base64url encoded RFC4648,
+// section 5) JSON string for sending through the X-Registry-Auth header.
+//
+// For details on base64url encoding, see:
+// - RFC4648, section 5:   https://tools.ietf.org/html/rfc4648#section-5
 func RetrieveAuthTokenFromImage(ctx context.Context, cli Cli, image string) (string, error) {
 	// Retrieve encoded auth token from the image reference
 	authConfig, err := resolveAuthConfigFromImage(ctx, cli, image)
 	if err != nil {
 		return "", err
 	}
-	encodedAuth, err := EncodeAuthToBase64(authConfig)
+	encodedAuth, err := registrytypes.EncodeAuthConfig(authConfig)
 	if err != nil {
 		return "", err
 	}
@@ -185,14 +202,14 @@ func RetrieveAuthTokenFromImage(ctx context.Context, cli Cli, image string) (str
 }
 
 // resolveAuthConfigFromImage retrieves that AuthConfig using the image string
-func resolveAuthConfigFromImage(ctx context.Context, cli Cli, image string) (types.AuthConfig, error) {
+func resolveAuthConfigFromImage(ctx context.Context, cli Cli, image string) (registrytypes.AuthConfig, error) {
 	registryRef, err := reference.ParseNormalizedNamed(image)
 	if err != nil {
-		return types.AuthConfig{}, err
+		return registrytypes.AuthConfig{}, err
 	}
 	repoInfo, err := registry.ParseRepositoryInfo(registryRef)
 	if err != nil {
-		return types.AuthConfig{}, err
+		return registrytypes.AuthConfig{}, err
 	}
 	return ResolveAuthConfig(ctx, cli, repoInfo.Index), nil
 }
diff --git a/vendor/github.com/docker/cli/cli/command/streams.go b/vendor/github.com/docker/cli/cli/command/streams.go
deleted file mode 100644
index 43dc6cd00..000000000
--- a/vendor/github.com/docker/cli/cli/command/streams.go
+++ /dev/null
@@ -1,32 +0,0 @@
-package command
-
-import (
-	"io"
-
-	"github.com/docker/cli/cli/streams"
-)
-
-// InStream is an input stream used by the DockerCli to read user input
-//
-// Deprecated: Use [streams.In] instead.
-type InStream = streams.In
-
-// OutStream is an output stream used by the DockerCli to write normal program
-// output.
-//
-// Deprecated: Use [streams.Out] instead.
-type OutStream = streams.Out
-
-// NewInStream returns a new [streams.In] from an [io.ReadCloser].
-//
-// Deprecated: Use [streams.NewIn] instead.
-func NewInStream(in io.ReadCloser) *streams.In {
-	return streams.NewIn(in)
-}
-
-// NewOutStream returns a new [streams.Out] from an [io.Writer].
-//
-// Deprecated: Use [streams.NewOut] instead.
-func NewOutStream(out io.Writer) *streams.Out {
-	return streams.NewOut(out)
-}
diff --git a/vendor/github.com/docker/cli/cli/config/configfile/file.go b/vendor/github.com/docker/cli/cli/config/configfile/file.go
index 609a88c27..442c31110 100644
--- a/vendor/github.com/docker/cli/cli/config/configfile/file.go
+++ b/vendor/github.com/docker/cli/cli/config/configfile/file.go
@@ -37,7 +37,6 @@ type ConfigFile struct {
 	PruneFilters         []string                     `json:"pruneFilters,omitempty"`
 	Proxies              map[string]ProxyConfig       `json:"proxies,omitempty"`
 	Experimental         string                       `json:"experimental,omitempty"`
-	StackOrchestrator    string                       `json:"stackOrchestrator,omitempty"` // Deprecated: swarm is now the default orchestrator, and this option is ignored.
 	CurrentContext       string                       `json:"currentContext,omitempty"`
 	CLIPluginsExtraDirs  []string                     `json:"cliPluginsExtraDirs,omitempty"`
 	Plugins              map[string]map[string]string `json:"plugins,omitempty"`
@@ -95,6 +94,9 @@ func (configFile *ConfigFile) ContainsAuth() bool {
 
 // GetAuthConfigs returns the mapping of repo to auth configuration
 func (configFile *ConfigFile) GetAuthConfigs() map[string]types.AuthConfig {
+	if configFile.AuthConfigs == nil {
+		configFile.AuthConfigs = make(map[string]types.AuthConfig)
+	}
 	return configFile.AuthConfigs
 }
 
diff --git a/vendor/github.com/docker/cli/cli/config/credentials/file_store.go b/vendor/github.com/docker/cli/cli/config/credentials/file_store.go
index de1c676e5..ea30fc300 100644
--- a/vendor/github.com/docker/cli/cli/config/credentials/file_store.go
+++ b/vendor/github.com/docker/cli/cli/config/credentials/file_store.go
@@ -52,7 +52,8 @@ func (c *fileStore) GetAll() (map[string]types.AuthConfig, error) {
 
 // Store saves the given credentials in the file store.
 func (c *fileStore) Store(authConfig types.AuthConfig) error {
-	c.file.GetAuthConfigs()[authConfig.ServerAddress] = authConfig
+	authConfigs := c.file.GetAuthConfigs()
+	authConfigs[authConfig.ServerAddress] = authConfig
 	return c.file.Save()
 }
 
diff --git a/vendor/github.com/docker/cli/cli/connhelper/commandconn/commandconn.go b/vendor/github.com/docker/cli/cli/connhelper/commandconn/commandconn.go
index a0b035c92..835c4c48d 100644
--- a/vendor/github.com/docker/cli/cli/connhelper/commandconn/commandconn.go
+++ b/vendor/github.com/docker/cli/cli/connhelper/commandconn/commandconn.go
@@ -23,6 +23,7 @@ import (
 	"runtime"
 	"strings"
 	"sync"
+	"sync/atomic"
 	"syscall"
 	"time"
 
@@ -32,7 +33,7 @@ import (
 )
 
 // New returns net.Conn
-func New(ctx context.Context, cmd string, args ...string) (net.Conn, error) {
+func New(_ context.Context, cmd string, args ...string) (net.Conn, error) {
 	var (
 		c   commandConn
 		err error
@@ -64,81 +65,68 @@ func New(ctx context.Context, cmd string, args ...string) (net.Conn, error) {
 
 // commandConn implements net.Conn
 type commandConn struct {
-	cmd           *exec.Cmd
-	cmdExited     bool
-	cmdWaitErr    error
-	cmdMutex      sync.Mutex
-	stdin         io.WriteCloser
-	stdout        io.ReadCloser
-	stderrMu      sync.Mutex
-	stderr        bytes.Buffer
-	stdioClosedMu sync.Mutex // for stdinClosed and stdoutClosed
-	stdinClosed   bool
-	stdoutClosed  bool
-	localAddr     net.Addr
-	remoteAddr    net.Addr
+	cmdMutex     sync.Mutex // for cmd, cmdWaitErr
+	cmd          *exec.Cmd
+	cmdWaitErr   error
+	cmdExited    atomic.Bool
+	stdin        io.WriteCloser
+	stdout       io.ReadCloser
+	stderrMu     sync.Mutex // for stderr
+	stderr       bytes.Buffer
+	stdinClosed  atomic.Bool
+	stdoutClosed atomic.Bool
+	closing      atomic.Bool
+	localAddr    net.Addr
+	remoteAddr   net.Addr
 }
 
-// killIfStdioClosed kills the cmd if both stdin and stdout are closed.
-func (c *commandConn) killIfStdioClosed() error {
-	c.stdioClosedMu.Lock()
-	stdioClosed := c.stdoutClosed && c.stdinClosed
-	c.stdioClosedMu.Unlock()
-	if !stdioClosed {
-		return nil
+// kill terminates the process. On Windows it kills the process directly,
+// whereas on other platforms, a SIGTERM is sent, before forcefully terminating
+// the process after 3 seconds.
+func (c *commandConn) kill() {
+	if c.cmdExited.Load() {
+		return
 	}
-	return c.kill()
-}
-
-// killAndWait tries sending SIGTERM to the process before sending SIGKILL.
-func killAndWait(cmd *exec.Cmd) error {
+	c.cmdMutex.Lock()
 	var werr error
 	if runtime.GOOS != "windows" {
 		werrCh := make(chan error)
-		go func() { werrCh <- cmd.Wait() }()
-		cmd.Process.Signal(syscall.SIGTERM)
+		go func() { werrCh <- c.cmd.Wait() }()
+		_ = c.cmd.Process.Signal(syscall.SIGTERM)
 		select {
 		case werr = <-werrCh:
 		case <-time.After(3 * time.Second):
-			cmd.Process.Kill()
+			_ = c.cmd.Process.Kill()
 			werr = <-werrCh
 		}
 	} else {
-		cmd.Process.Kill()
-		werr = cmd.Wait()
+		_ = c.cmd.Process.Kill()
+		werr = c.cmd.Wait()
 	}
-	return werr
+	c.cmdWaitErr = werr
+	c.cmdMutex.Unlock()
+	c.cmdExited.Store(true)
 }
 
-// kill returns nil if the command terminated, regardless to the exit status.
-func (c *commandConn) kill() error {
-	var werr error
-	c.cmdMutex.Lock()
-	if c.cmdExited {
-		werr = c.cmdWaitErr
-	} else {
-		werr = killAndWait(c.cmd)
-		c.cmdWaitErr = werr
-		c.cmdExited = true
-	}
-	c.cmdMutex.Unlock()
-	if werr == nil {
-		return nil
-	}
-	wExitErr, ok := werr.(*exec.ExitError)
-	if ok {
-		if wExitErr.ProcessState.Exited() {
-			return nil
-		}
+// handleEOF handles io.EOF errors while reading or writing from the underlying
+// command pipes.
+//
+// When we've received an EOF we expect that the command will
+// be terminated soon. As such, we call Wait() on the command
+// and return EOF or the error depending on whether the command
+// exited with an error.
+//
+// If Wait() does not return within 10s, an error is returned
+func (c *commandConn) handleEOF(err error) error {
+	if err != io.EOF {
+		return err
 	}
-	return errors.Wrapf(werr, "commandconn: failed to wait")
-}
 
-func (c *commandConn) onEOF(eof error) error {
-	// when we got EOF, the command is going to be terminated
-	var werr error
 	c.cmdMutex.Lock()
-	if c.cmdExited {
+	defer c.cmdMutex.Unlock()
+
+	var werr error
+	if c.cmdExited.Load() {
 		werr = c.cmdWaitErr
 	} else {
 		werrCh := make(chan error)
@@ -146,18 +134,17 @@ func (c *commandConn) onEOF(eof error) error {
 		select {
 		case werr = <-werrCh:
 			c.cmdWaitErr = werr
-			c.cmdExited = true
+			c.cmdExited.Store(true)
 		case <-time.After(10 * time.Second):
-			c.cmdMutex.Unlock()
 			c.stderrMu.Lock()
 			stderr := c.stderr.String()
 			c.stderrMu.Unlock()
-			return errors.Errorf("command %v did not exit after %v: stderr=%q", c.cmd.Args, eof, stderr)
+			return errors.Errorf("command %v did not exit after %v: stderr=%q", c.cmd.Args, err, stderr)
 		}
 	}
-	c.cmdMutex.Unlock()
+
 	if werr == nil {
-		return eof
+		return err
 	}
 	c.stderrMu.Lock()
 	stderr := c.stderr.String()
@@ -166,71 +153,86 @@ func (c *commandConn) onEOF(eof error) error {
 }
 
 func ignorableCloseError(err error) bool {
-	errS := err.Error()
-	ss := []string{
-		os.ErrClosed.Error(),
+	return strings.Contains(err.Error(), os.ErrClosed.Error())
+}
+
+func (c *commandConn) Read(p []byte) (int, error) {
+	n, err := c.stdout.Read(p)
+	// check after the call to Read, since
+	// it is blocking, and while waiting on it
+	// Close might get called
+	if c.closing.Load() {
+		// If we're currently closing the connection
+		// we don't want to call onEOF
+		return n, err
 	}
-	for _, s := range ss {
-		if strings.Contains(errS, s) {
-			return true
-		}
+
+	return n, c.handleEOF(err)
+}
+
+func (c *commandConn) Write(p []byte) (int, error) {
+	n, err := c.stdin.Write(p)
+	// check after the call to Write, since
+	// it is blocking, and while waiting on it
+	// Close might get called
+	if c.closing.Load() {
+		// If we're currently closing the connection
+		// we don't want to call onEOF
+		return n, err
 	}
-	return false
+
+	return n, c.handleEOF(err)
 }
 
+// CloseRead allows commandConn to implement halfCloser
 func (c *commandConn) CloseRead() error {
 	// NOTE: maybe already closed here
 	if err := c.stdout.Close(); err != nil && !ignorableCloseError(err) {
-		logrus.Warnf("commandConn.CloseRead: %v", err)
+		return err
 	}
-	c.stdioClosedMu.Lock()
-	c.stdoutClosed = true
-	c.stdioClosedMu.Unlock()
-	if err := c.killIfStdioClosed(); err != nil {
-		logrus.Warnf("commandConn.CloseRead: %v", err)
-	}
-	return nil
-}
+	c.stdoutClosed.Store(true)
 
-func (c *commandConn) Read(p []byte) (int, error) {
-	n, err := c.stdout.Read(p)
-	if err == io.EOF {
-		err = c.onEOF(err)
+	if c.stdinClosed.Load() {
+		c.kill()
 	}
-	return n, err
+
+	return nil
 }
 
+// CloseWrite allows commandConn to implement halfCloser
 func (c *commandConn) CloseWrite() error {
 	// NOTE: maybe already closed here
 	if err := c.stdin.Close(); err != nil && !ignorableCloseError(err) {
-		logrus.Warnf("commandConn.CloseWrite: %v", err)
-	}
-	c.stdioClosedMu.Lock()
-	c.stdinClosed = true
-	c.stdioClosedMu.Unlock()
-	if err := c.killIfStdioClosed(); err != nil {
-		logrus.Warnf("commandConn.CloseWrite: %v", err)
+		return err
 	}
-	return nil
-}
+	c.stdinClosed.Store(true)
 
-func (c *commandConn) Write(p []byte) (int, error) {
-	n, err := c.stdin.Write(p)
-	if err == io.EOF {
-		err = c.onEOF(err)
+	if c.stdoutClosed.Load() {
+		c.kill()
 	}
-	return n, err
+	return nil
 }
 
+// Close is the net.Conn func that gets called
+// by the transport when a dial is cancelled
+// due to it's context timing out. Any blocked
+// Read or Write calls will be unblocked and
+// return errors. It will block until the underlying
+// command has terminated.
 func (c *commandConn) Close() error {
-	var err error
-	if err = c.CloseRead(); err != nil {
+	c.closing.Store(true)
+	defer c.closing.Store(false)
+
+	if err := c.CloseRead(); err != nil {
 		logrus.Warnf("commandConn.Close: CloseRead: %v", err)
+		return err
 	}
-	if err = c.CloseWrite(); err != nil {
+	if err := c.CloseWrite(); err != nil {
 		logrus.Warnf("commandConn.Close: CloseWrite: %v", err)
+		return err
 	}
-	return err
+
+	return nil
 }
 
 func (c *commandConn) LocalAddr() net.Addr {
diff --git a/vendor/github.com/docker/cli/cli/connhelper/connhelper.go b/vendor/github.com/docker/cli/cli/connhelper/connhelper.go
index 9ac9d6744..b98d97c25 100644
--- a/vendor/github.com/docker/cli/cli/connhelper/connhelper.go
+++ b/vendor/github.com/docker/cli/cli/connhelper/connhelper.go
@@ -5,6 +5,7 @@ import (
 	"context"
 	"net"
 	"net/url"
+	"strings"
 
 	"github.com/docker/cli/cli/connhelper/commandconn"
 	"github.com/docker/cli/cli/connhelper/ssh"
@@ -47,7 +48,13 @@ func getConnectionHelper(daemonURL string, sshFlags []string) (*ConnectionHelper
 		}
 		return &ConnectionHelper{
 			Dialer: func(ctx context.Context, network, addr string) (net.Conn, error) {
-				return commandconn.New(ctx, "ssh", append(sshFlags, sp.Args("docker", "system", "dial-stdio")...)...)
+				args := []string{"docker"}
+				if sp.Path != "" {
+					args = append(args, "--host", "unix://"+sp.Path)
+				}
+				sshFlags = addSSHTimeout(sshFlags)
+				args = append(args, "system", "dial-stdio")
+				return commandconn.New(ctx, "ssh", append(sshFlags, sp.Args(args...)...)...)
 			},
 			Host: "http://docker.example.com",
 		}, nil
@@ -66,3 +73,10 @@ func GetCommandConnectionHelper(cmd string, flags ...string) (*ConnectionHelper,
 		Host: "http://docker.example.com",
 	}, nil
 }
+
+func addSSHTimeout(sshFlags []string) []string {
+	if !strings.Contains(strings.Join(sshFlags, ""), "ConnectTimeout") {
+		sshFlags = append(sshFlags, "-o ConnectTimeout=30")
+	}
+	return sshFlags
+}
diff --git a/vendor/github.com/docker/cli/cli/connhelper/ssh/ssh.go b/vendor/github.com/docker/cli/cli/connhelper/ssh/ssh.go
index bde01ae7f..fb4c91110 100644
--- a/vendor/github.com/docker/cli/cli/connhelper/ssh/ssh.go
+++ b/vendor/github.com/docker/cli/cli/connhelper/ssh/ssh.go
@@ -30,9 +30,7 @@ func ParseURL(daemonURL string) (*Spec, error) {
 		return nil, errors.Errorf("no host specified")
 	}
 	sp.Port = u.Port()
-	if u.Path != "" {
-		return nil, errors.Errorf("extra path after the host: %q", u.Path)
-	}
+	sp.Path = u.Path
 	if u.RawQuery != "" {
 		return nil, errors.Errorf("extra query after the host: %q", u.RawQuery)
 	}
@@ -47,6 +45,7 @@ type Spec struct {
 	User string
 	Host string
 	Port string
+	Path string
 }
 
 // Args returns args except "ssh" itself combined with optional additional command args
diff --git a/vendor/github.com/docker/cli/cli/context/docker/load.go b/vendor/github.com/docker/cli/cli/context/docker/load.go
index 09ec40505..76f6eaf30 100644
--- a/vendor/github.com/docker/cli/cli/context/docker/load.go
+++ b/vendor/github.com/docker/cli/cli/context/docker/load.go
@@ -25,12 +25,6 @@ type EndpointMeta = context.EndpointMetaBase
 type Endpoint struct {
 	EndpointMeta
 	TLSData *context.TLSData
-
-	// Deprecated: Use of encrypted TLS private keys has been deprecated, and
-	// will be removed in a future release. Golang has deprecated support for
-	// legacy PEM encryption (as specified in RFC 1423), as it is insecure by
-	// design (see https://go-review.googlesource.com/c/go/+/264159).
-	TLSPassword string
 }
 
 // WithTLSData loads TLS materials for the endpoint
diff --git a/vendor/github.com/docker/cli/cli/context/store/store.go b/vendor/github.com/docker/cli/cli/context/store/store.go
index 037464bb1..710125230 100644
--- a/vendor/github.com/docker/cli/cli/context/store/store.go
+++ b/vendor/github.com/docker/cli/cli/context/store/store.go
@@ -494,20 +494,6 @@ func importEndpointTLS(tlsData *ContextTLSData, path string, data []byte) error
 	return nil
 }
 
-// IsErrContextDoesNotExist checks if the given error is a "context does not exist" condition.
-//
-// Deprecated: use github.com/docker/docker/errdefs.IsNotFound()
-func IsErrContextDoesNotExist(err error) bool {
-	return errdefs.IsNotFound(err)
-}
-
-// IsErrTLSDataDoesNotExist checks if the given error is a "context does not exist" condition
-//
-// Deprecated: use github.com/docker/docker/errdefs.IsNotFound()
-func IsErrTLSDataDoesNotExist(err error) bool {
-	return errdefs.IsNotFound(err)
-}
-
 type contextdir string
 
 func contextdirOf(name string) contextdir {
diff --git a/vendor/github.com/docker/cli/cli/flags/options.go b/vendor/github.com/docker/cli/cli/flags/options.go
index cea0faf77..03c1f2db2 100644
--- a/vendor/github.com/docker/cli/cli/flags/options.go
+++ b/vendor/github.com/docker/cli/cli/flags/options.go
@@ -83,7 +83,7 @@ func (o *ClientOptions) InstallFlags(flags *pflag.FlagSet) {
 
 	// opts.ValidateHost is not used here, so as to allow connection helpers
 	hostOpt := opts.NewNamedListOptsRef("hosts", &o.Hosts, nil)
-	flags.VarP(hostOpt, "host", "H", "Daemon socket(s) to connect to")
+	flags.VarP(hostOpt, "host", "H", "Daemon socket to connect to")
 	flags.StringVarP(&o.Context, "context", "c", "",
 		`Name of the context to use to connect to the daemon (overrides `+client.EnvOverrideHost+` env var and default context set with "docker context use")`)
 }
diff --git a/vendor/github.com/docker/cli/cli/flags/options_deprecated.go b/vendor/github.com/docker/cli/cli/flags/options_deprecated.go
deleted file mode 100644
index 97fb7e4e6..000000000
--- a/vendor/github.com/docker/cli/cli/flags/options_deprecated.go
+++ /dev/null
@@ -1,11 +0,0 @@
-package flags
-
-// CommonOptions are options common to both the client and the daemon.
-//
-// Deprecated: use [ClientOptions].
-type CommonOptions = ClientOptions
-
-// NewCommonOptions returns a new CommonOptions
-//
-// Deprecated: use [NewClientOptions].
-var NewCommonOptions = NewClientOptions
diff --git a/vendor/github.com/docker/cli/cli/hints/hints.go b/vendor/github.com/docker/cli/cli/hints/hints.go
new file mode 100644
index 000000000..f99df8fda
--- /dev/null
+++ b/vendor/github.com/docker/cli/cli/hints/hints.go
@@ -0,0 +1,18 @@
+package hints
+
+import (
+	"os"
+	"strconv"
+)
+
+// Enabled returns whether cli hints are enabled or not
+func Enabled() bool {
+	if v := os.Getenv("DOCKER_CLI_HINTS"); v != "" {
+		enabled, err := strconv.ParseBool(v)
+		if err != nil {
+			return true
+		}
+		return enabled
+	}
+	return true
+}
diff --git a/vendor/github.com/docker/cli/cli/registry/client/client.go b/vendor/github.com/docker/cli/cli/registry/client/client.go
index ba76a34fc..1c33a836f 100644
--- a/vendor/github.com/docker/cli/cli/registry/client/client.go
+++ b/vendor/github.com/docker/cli/cli/registry/client/client.go
@@ -7,10 +7,10 @@ import (
 	"strings"
 
 	manifesttypes "github.com/docker/cli/cli/manifest/types"
+	"github.com/docker/cli/cli/trust"
 	"github.com/docker/distribution"
 	"github.com/docker/distribution/reference"
 	distributionclient "github.com/docker/distribution/registry/client"
-	"github.com/docker/docker/api/types"
 	registrytypes "github.com/docker/docker/api/types/registry"
 	"github.com/opencontainers/go-digest"
 	"github.com/pkg/errors"
@@ -36,7 +36,7 @@ func NewRegistryClient(resolver AuthConfigResolver, userAgent string, insecure b
 }
 
 // AuthConfigResolver returns Auth Configuration for an index
-type AuthConfigResolver func(ctx context.Context, index *registrytypes.IndexInfo) types.AuthConfig
+type AuthConfigResolver func(ctx context.Context, index *registrytypes.IndexInfo) registrytypes.AuthConfig
 
 // PutManifestOptions is the data sent to push a manifest
 type PutManifestOptions struct {
@@ -78,6 +78,7 @@ func (c *client) MountBlob(ctx context.Context, sourceRef reference.Canonical, t
 	if err != nil {
 		return err
 	}
+	repoEndpoint.actions = trust.ActionsPushAndPull
 	repo, err := c.getRepositoryForReference(ctx, targetRef, repoEndpoint)
 	if err != nil {
 		return err
@@ -103,6 +104,7 @@ func (c *client) PutManifest(ctx context.Context, ref reference.Named, manifest
 		return digest.Digest(""), err
 	}
 
+	repoEndpoint.actions = trust.ActionsPushAndPull
 	repo, err := c.getRepositoryForReference(ctx, ref, repoEndpoint)
 	if err != nil {
 		return digest.Digest(""), err
@@ -152,7 +154,9 @@ func (c *client) getHTTPTransportForRepoEndpoint(ctx context.Context, repoEndpoi
 		c.authConfigResolver(ctx, repoEndpoint.info.Index),
 		repoEndpoint.endpoint,
 		repoEndpoint.Name(),
-		c.userAgent)
+		c.userAgent,
+		repoEndpoint.actions,
+	)
 	return httpTransport, errors.Wrap(err, "failed to configure transport")
 }
 
diff --git a/vendor/github.com/docker/cli/cli/registry/client/endpoint.go b/vendor/github.com/docker/cli/cli/registry/client/endpoint.go
index f69c5c0dc..6d0e920c5 100644
--- a/vendor/github.com/docker/cli/cli/registry/client/endpoint.go
+++ b/vendor/github.com/docker/cli/cli/registry/client/endpoint.go
@@ -6,10 +6,11 @@ import (
 	"net/http"
 	"time"
 
+	"github.com/docker/cli/cli/trust"
 	"github.com/docker/distribution/reference"
 	"github.com/docker/distribution/registry/client/auth"
 	"github.com/docker/distribution/registry/client/transport"
-	authtypes "github.com/docker/docker/api/types"
+	registrytypes "github.com/docker/docker/api/types/registry"
 	"github.com/docker/docker/registry"
 	"github.com/pkg/errors"
 )
@@ -17,6 +18,7 @@ import (
 type repositoryEndpoint struct {
 	info     *registry.RepositoryInfo
 	endpoint registry.APIEndpoint
+	actions  []string
 }
 
 // Name returns the repository name
@@ -74,7 +76,7 @@ func getDefaultEndpointFromRepoInfo(repoInfo *registry.RepositoryInfo) (registry
 }
 
 // getHTTPTransport builds a transport for use in communicating with a registry
-func getHTTPTransport(authConfig authtypes.AuthConfig, endpoint registry.APIEndpoint, repoName string, userAgent string) (http.RoundTripper, error) {
+func getHTTPTransport(authConfig registrytypes.AuthConfig, endpoint registry.APIEndpoint, repoName, userAgent string, actions []string) (http.RoundTripper, error) {
 	// get the http transport, this will be used in a client to upload manifest
 	base := &http.Transport{
 		Proxy: http.ProxyFromEnvironment,
@@ -98,8 +100,11 @@ func getHTTPTransport(authConfig authtypes.AuthConfig, endpoint registry.APIEndp
 		passThruTokenHandler := &existingTokenHandler{token: authConfig.RegistryToken}
 		modifiers = append(modifiers, auth.NewAuthorizer(challengeManager, passThruTokenHandler))
 	} else {
+		if len(actions) == 0 {
+			actions = trust.ActionsPullOnly
+		}
 		creds := registry.NewStaticCredentialStore(&authConfig)
-		tokenHandler := auth.NewTokenHandler(authTransport, creds, repoName, "push", "pull")
+		tokenHandler := auth.NewTokenHandler(authTransport, creds, repoName, actions...)
 		basicHandler := auth.NewBasicHandler(creds)
 		modifiers = append(modifiers, auth.NewAuthorizer(challengeManager, tokenHandler, basicHandler))
 	}
@@ -120,7 +125,7 @@ type existingTokenHandler struct {
 	token string
 }
 
-func (th *existingTokenHandler) AuthorizeRequest(req *http.Request, params map[string]string) error {
+func (th *existingTokenHandler) AuthorizeRequest(req *http.Request, _ map[string]string) error {
 	req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", th.token))
 	return nil
 }
diff --git a/vendor/github.com/docker/cli/cli/registry/client/fetcher.go b/vendor/github.com/docker/cli/cli/registry/client/fetcher.go
index acae274a4..3ce09d137 100644
--- a/vendor/github.com/docker/cli/cli/registry/client/fetcher.go
+++ b/vendor/github.com/docker/cli/cli/registry/client/fetcher.go
@@ -202,7 +202,8 @@ func pullManifestList(ctx context.Context, ref reference.Named, repo distributio
 		}
 
 		// Replace platform from config
-		imageManifest.Descriptor.Platform = types.OCIPlatform(&manifestDescriptor.Platform)
+		p := manifestDescriptor.Platform
+		imageManifest.Descriptor.Platform = types.OCIPlatform(&p)
 
 		infos = append(infos, imageManifest)
 	}
@@ -242,11 +243,6 @@ func (c *client) iterateEndpoints(ctx context.Context, namedRef reference.Named,
 
 	confirmedTLSRegistries := make(map[string]bool)
 	for _, endpoint := range endpoints {
-		if endpoint.Version == registry.APIVersion1 {
-			logrus.Debugf("skipping v1 endpoint %s", endpoint.URL)
-			continue
-		}
-
 		if endpoint.URL.Scheme != "https" {
 			if _, confirmedTLS := confirmedTLSRegistries[endpoint.URL.Host]; confirmedTLS {
 				logrus.Debugf("skipping non-TLS endpoint %s for host/port that appears to use TLS", endpoint.URL)
diff --git a/vendor/github.com/docker/cli/cli/streams/in.go b/vendor/github.com/docker/cli/cli/streams/in.go
index 44b0de38b..1a10f7c83 100644
--- a/vendor/github.com/docker/cli/cli/streams/in.go
+++ b/vendor/github.com/docker/cli/cli/streams/in.go
@@ -9,38 +9,42 @@ import (
 	"github.com/moby/term"
 )
 
-// In is an input stream used by the DockerCli to read user input
+// In is an input stream to read user input. It implements [io.ReadCloser]
+// with additional utilities, such as putting the terminal in raw mode.
 type In struct {
 	commonStream
 	in io.ReadCloser
 }
 
+// Read implements the [io.Reader] interface.
 func (i *In) Read(p []byte) (int, error) {
 	return i.in.Read(p)
 }
 
-// Close implements the Closer interface
+// Close implements the [io.Closer] interface.
 func (i *In) Close() error {
 	return i.in.Close()
 }
 
-// SetRawTerminal sets raw mode on the input terminal
+// SetRawTerminal sets raw mode on the input terminal. It is a no-op if In
+// is not a TTY, or if the "NORAW" environment variable is set to a non-empty
+// value.
 func (i *In) SetRawTerminal() (err error) {
-	if os.Getenv("NORAW") != "" || !i.commonStream.isTerminal {
+	if !i.isTerminal || os.Getenv("NORAW") != "" {
 		return nil
 	}
-	i.commonStream.state, err = term.SetRawTerminal(i.commonStream.fd)
+	i.state, err = term.SetRawTerminal(i.fd)
 	return err
 }
 
-// CheckTty checks if we are trying to attach to a container tty
-// from a non-tty client input stream, and if so, returns an error.
+// CheckTty checks if we are trying to attach to a container TTY
+// from a non-TTY client input stream, and if so, returns an error.
 func (i *In) CheckTty(attachStdin, ttyMode bool) error {
 	// In order to attach to a container tty, input stream for the client must
 	// be a tty itself: redirecting or piping the client standard input is
 	// incompatible with `docker run -t`, `docker exec -t` or `docker attach`.
 	if ttyMode && attachStdin && !i.isTerminal {
-		eText := "the input device is not a TTY"
+		const eText = "the input device is not a TTY"
 		if runtime.GOOS == "windows" {
 			return errors.New(eText + ".  If you are using mintty, try prefixing the command with 'winpty'")
 		}
@@ -49,8 +53,9 @@ func (i *In) CheckTty(attachStdin, ttyMode bool) error {
 	return nil
 }
 
-// NewIn returns a new In object from a ReadCloser
+// NewIn returns a new [In] from an [io.ReadCloser].
 func NewIn(in io.ReadCloser) *In {
-	fd, isTerminal := term.GetFdInfo(in)
-	return &In{commonStream: commonStream{fd: fd, isTerminal: isTerminal}, in: in}
+	i := &In{in: in}
+	i.fd, i.isTerminal = term.GetFdInfo(in)
+	return i
 }
diff --git a/vendor/github.com/docker/cli/cli/streams/out.go b/vendor/github.com/docker/cli/cli/streams/out.go
index 95e21464a..2383b0857 100644
--- a/vendor/github.com/docker/cli/cli/streams/out.go
+++ b/vendor/github.com/docker/cli/cli/streams/out.go
@@ -8,8 +8,9 @@ import (
 	"github.com/sirupsen/logrus"
 )
 
-// Out is an output stream used by the DockerCli to write normal program
-// output.
+// Out is an output stream to write normal program output. It implements
+// an [io.Writer], with additional utilities for detecting whether a terminal
+// is connected, getting the TTY size, and putting the terminal in raw mode.
 type Out struct {
 	commonStream
 	out io.Writer
@@ -19,23 +20,29 @@ func (o *Out) Write(p []byte) (int, error) {
 	return o.out.Write(p)
 }
 
-// SetRawTerminal sets raw mode on the input terminal
+// SetRawTerminal puts the output of the terminal connected to the stream
+// into raw mode.
+//
+// On UNIX, this does nothing. On Windows, it disables LF -> CRLF/ translation.
+// It is a no-op if Out is not a TTY, or if the "NORAW" environment variable is
+// set to a non-empty value.
 func (o *Out) SetRawTerminal() (err error) {
-	if os.Getenv("NORAW") != "" || !o.commonStream.isTerminal {
+	if !o.isTerminal || os.Getenv("NORAW") != "" {
 		return nil
 	}
-	o.commonStream.state, err = term.SetRawTerminalOutput(o.commonStream.fd)
+	o.state, err = term.SetRawTerminalOutput(o.fd)
 	return err
 }
 
-// GetTtySize returns the height and width in characters of the tty
-func (o *Out) GetTtySize() (uint, uint) {
+// GetTtySize returns the height and width in characters of the TTY, or
+// zero for both if no TTY is connected.
+func (o *Out) GetTtySize() (height uint, width uint) {
 	if !o.isTerminal {
 		return 0, 0
 	}
 	ws, err := term.GetWinsize(o.fd)
 	if err != nil {
-		logrus.Debugf("Error getting size: %s", err)
+		logrus.WithError(err).Debug("Error getting TTY size")
 		if ws == nil {
 			return 0, 0
 		}
@@ -43,8 +50,9 @@ func (o *Out) GetTtySize() (uint, uint) {
 	return uint(ws.Height), uint(ws.Width)
 }
 
-// NewOut returns a new Out object from a Writer
+// NewOut returns a new [Out] from an [io.Writer].
 func NewOut(out io.Writer) *Out {
-	fd, isTerminal := term.GetFdInfo(out)
-	return &Out{commonStream: commonStream{fd: fd, isTerminal: isTerminal}, out: out}
+	o := &Out{out: out}
+	o.fd, o.isTerminal = term.GetFdInfo(out)
+	return o
 }
diff --git a/vendor/github.com/docker/cli/cli/streams/stream.go b/vendor/github.com/docker/cli/cli/streams/stream.go
index 21f0e452e..54c9cda0b 100644
--- a/vendor/github.com/docker/cli/cli/streams/stream.go
+++ b/vendor/github.com/docker/cli/cli/streams/stream.go
@@ -4,31 +4,32 @@ import (
 	"github.com/moby/term"
 )
 
-// commonStream is an input stream used by the DockerCli to read user input
 type commonStream struct {
 	fd         uintptr
 	isTerminal bool
 	state      *term.State
 }
 
-// FD returns the file descriptor number for this stream
+// FD returns the file descriptor number for this stream.
 func (s *commonStream) FD() uintptr {
 	return s.fd
 }
 
-// IsTerminal returns true if this stream is connected to a terminal
+// IsTerminal returns true if this stream is connected to a terminal.
 func (s *commonStream) IsTerminal() bool {
 	return s.isTerminal
 }
 
-// RestoreTerminal restores normal mode to the terminal
+// RestoreTerminal restores normal mode to the terminal.
 func (s *commonStream) RestoreTerminal() {
 	if s.state != nil {
-		term.RestoreTerminal(s.fd, s.state)
+		_ = term.RestoreTerminal(s.fd, s.state)
 	}
 }
 
-// SetIsTerminal sets the boolean used for isTerminal
+// SetIsTerminal overrides whether a terminal is connected. It is used to
+// override this property in unit-tests, and should not be depended on for
+// other purposes.
 func (s *commonStream) SetIsTerminal(isTerminal bool) {
 	s.isTerminal = isTerminal
 }
diff --git a/vendor/github.com/docker/cli/cli/trust/trust.go b/vendor/github.com/docker/cli/cli/trust/trust.go
index 457f799fd..5a862e7f0 100644
--- a/vendor/github.com/docker/cli/cli/trust/trust.go
+++ b/vendor/github.com/docker/cli/cli/trust/trust.go
@@ -17,7 +17,6 @@ import (
 	"github.com/docker/distribution/registry/client/auth"
 	"github.com/docker/distribution/registry/client/auth/challenge"
 	"github.com/docker/distribution/registry/client/transport"
-	"github.com/docker/docker/api/types"
 	registrytypes "github.com/docker/docker/api/types/registry"
 	"github.com/docker/docker/registry"
 	"github.com/docker/go-connections/tlsconfig"
@@ -79,24 +78,23 @@ func Server(index *registrytypes.IndexInfo) (string, error) {
 }
 
 type simpleCredentialStore struct {
-	auth types.AuthConfig
+	auth registrytypes.AuthConfig
 }
 
-func (scs simpleCredentialStore) Basic(u *url.URL) (string, string) {
+func (scs simpleCredentialStore) Basic(*url.URL) (string, string) {
 	return scs.auth.Username, scs.auth.Password
 }
 
-func (scs simpleCredentialStore) RefreshToken(u *url.URL, service string) string {
+func (scs simpleCredentialStore) RefreshToken(*url.URL, string) string {
 	return scs.auth.IdentityToken
 }
 
-func (scs simpleCredentialStore) SetRefreshToken(*url.URL, string, string) {
-}
+func (scs simpleCredentialStore) SetRefreshToken(*url.URL, string, string) {}
 
 // GetNotaryRepository returns a NotaryRepository which stores all the
 // information needed to operate on a notary repository.
 // It creates an HTTP transport providing authentication support.
-func GetNotaryRepository(in io.Reader, out io.Writer, userAgent string, repoInfo *registry.RepositoryInfo, authConfig *types.AuthConfig, actions ...string) (client.Repository, error) {
+func GetNotaryRepository(in io.Reader, out io.Writer, userAgent string, repoInfo *registry.RepositoryInfo, authConfig *registrytypes.AuthConfig, actions ...string) (client.Repository, error) {
 	server, err := Server(repoInfo.Index)
 	if err != nil {
 		return nil, err
@@ -160,7 +158,7 @@ func GetNotaryRepository(in io.Reader, out io.Writer, userAgent string, repoInfo
 	scope := auth.RepositoryScope{
 		Repository: repoInfo.Name.Name(),
 		Actions:    actions,
-		Class:      repoInfo.Class,
+		Class:      repoInfo.Class, // TODO(thaJeztah): Class is no longer needed for plugins and can likely be removed; see https://github.com/docker/cli/pull/4114#discussion_r1145430825
 	}
 	creds := simpleCredentialStore{auth: *authConfig}
 	tokenHandlerOptions := auth.TokenHandlerOptions{
@@ -292,7 +290,7 @@ func GetSignableRoles(repo client.Repository, target *client.Target) ([]data.Rol
 // ImageRefAndAuth contains all reference information and the auth config for an image request
 type ImageRefAndAuth struct {
 	original   string
-	authConfig *types.AuthConfig
+	authConfig *registrytypes.AuthConfig
 	reference  reference.Named
 	repoInfo   *registry.RepositoryInfo
 	tag        string
@@ -301,8 +299,8 @@ type ImageRefAndAuth struct {
 
 // GetImageReferencesAndAuth retrieves the necessary reference and auth information for an image name
 // as an ImageRefAndAuth struct
-func GetImageReferencesAndAuth(ctx context.Context, rs registry.Service,
-	authResolver func(ctx context.Context, index *registrytypes.IndexInfo) types.AuthConfig,
+func GetImageReferencesAndAuth(ctx context.Context,
+	authResolver func(ctx context.Context, index *registrytypes.IndexInfo) registrytypes.AuthConfig,
 	imgName string,
 ) (ImageRefAndAuth, error) {
 	ref, err := reference.ParseNormalizedNamed(imgName)
@@ -311,13 +309,7 @@ func GetImageReferencesAndAuth(ctx context.Context, rs registry.Service,
 	}
 
 	// Resolve the Repository name from fqn to RepositoryInfo
-	var repoInfo *registry.RepositoryInfo
-	if rs != nil {
-		repoInfo, err = rs.ResolveRepository(ref)
-	} else {
-		repoInfo, err = registry.ParseRepositoryInfo(ref)
-	}
-
+	repoInfo, err := registry.ParseRepositoryInfo(ref)
 	if err != nil {
 		return ImageRefAndAuth{}, err
 	}
@@ -356,7 +348,7 @@ func getDigest(ref reference.Named) digest.Digest {
 }
 
 // AuthConfig returns the auth information (username, etc) for a given ImageRefAndAuth
-func (imgRefAuth *ImageRefAndAuth) AuthConfig() *types.AuthConfig {
+func (imgRefAuth *ImageRefAndAuth) AuthConfig() *registrytypes.AuthConfig {
 	return imgRefAuth.authConfig
 }
 
diff --git a/vendor/github.com/docker/cli/opts/capabilities.go b/vendor/github.com/docker/cli/opts/capabilities.go
index 8b5787037..82d071853 100644
--- a/vendor/github.com/docker/cli/opts/capabilities.go
+++ b/vendor/github.com/docker/cli/opts/capabilities.go
@@ -21,15 +21,15 @@ const (
 // This function only handles rudimentary formatting; no validation is performed,
 // as the list of available capabilities can be updated over time, thus should be
 // handled by the daemon.
-func NormalizeCapability(cap string) string {
-	cap = strings.ToUpper(strings.TrimSpace(cap))
-	if cap == AllCapabilities || cap == ResetCapabilities {
-		return cap
+func NormalizeCapability(capability string) string {
+	capability = strings.ToUpper(strings.TrimSpace(capability))
+	if capability == AllCapabilities || capability == ResetCapabilities {
+		return capability
 	}
-	if !strings.HasPrefix(cap, "CAP_") {
-		cap = "CAP_" + cap
+	if !strings.HasPrefix(capability, "CAP_") {
+		capability = "CAP_" + capability
 	}
-	return cap
+	return capability
 }
 
 // CapabilitiesMap normalizes the given capabilities and converts them to a map.
diff --git a/vendor/github.com/docker/distribution/.golangci.yml b/vendor/github.com/docker/distribution/.golangci.yml
index 36c083b0f..61dd0e00e 100644
--- a/vendor/github.com/docker/distribution/.golangci.yml
+++ b/vendor/github.com/docker/distribution/.golangci.yml
@@ -1,7 +1,5 @@
 linters:
   enable:
-    - structcheck
-    - varcheck
     - staticcheck
     - unconvert
     - gofmt
@@ -14,6 +12,14 @@ linters:
   disable:
     - errcheck
 
+linters-settings:
+  revive:
+    rules:
+      # TODO(thaJeztah): temporarily disabled the "unused-parameter" check.
+      # It produces many warnings, and some of those may need to be looked at.
+      - name: unused-parameter
+        disabled: true
+
 run:
   deadline: 2m
   skip-dirs:
diff --git a/vendor/github.com/docker/distribution/.mailmap b/vendor/github.com/docker/distribution/.mailmap
index d94c3936e..d7b832d9e 100644
--- a/vendor/github.com/docker/distribution/.mailmap
+++ b/vendor/github.com/docker/distribution/.mailmap
@@ -49,3 +49,6 @@ Hayley Swimelar <hswimelar@gmail.com>
 Jose D. Gomez R <jose.gomez@suse.com>
 Shengjing Zhu <zhsj@debian.org>
 Silvin Lubecki <31478878+silvin-lubecki@users.noreply.github.com>
+James Hewitt <james.hewitt@gmail.com>
+Marcus Pettersen Irgens <m@mrcus.dev>
+Ben Manuel <bmanuel@users.noreply.github.com>
diff --git a/vendor/github.com/docker/distribution/BUILDING.md b/vendor/github.com/docker/distribution/BUILDING.md
index 2981d016b..4c43b03cb 100644
--- a/vendor/github.com/docker/distribution/BUILDING.md
+++ b/vendor/github.com/docker/distribution/BUILDING.md
@@ -114,4 +114,4 @@ the registry binary generated in the "./bin" directory:
 ### Optional build tags
 
 Optional [build tags](http://golang.org/pkg/go/build/) can be provided using
-the environment variable `DOCKER_BUILDTAGS`.
+the environment variable `BUILDTAGS`.
diff --git a/vendor/github.com/docker/distribution/Dockerfile b/vendor/github.com/docker/distribution/Dockerfile
index fb54b6813..ebd42c242 100644
--- a/vendor/github.com/docker/distribution/Dockerfile
+++ b/vendor/github.com/docker/distribution/Dockerfile
@@ -1,7 +1,7 @@
 # syntax=docker/dockerfile:1
 
-ARG GO_VERSION=1.19.9
-ARG ALPINE_VERSION=3.16
+ARG GO_VERSION=1.20.8
+ARG ALPINE_VERSION=3.18
 ARG XX_VERSION=1.2.1
 
 FROM --platform=$BUILDPLATFORM tonistiigi/xx:${XX_VERSION} AS xx
@@ -22,12 +22,12 @@ RUN --mount=target=. \
 FROM base AS build
 ARG TARGETPLATFORM
 ARG LDFLAGS="-s -w"
-ARG BUILDTAGS="include_oss include_gcs"
+ARG BUILDTAGS="include_oss,include_gcs"
 RUN --mount=type=bind,target=/go/src/github.com/docker/distribution,rw \
     --mount=type=cache,target=/root/.cache/go-build \
     --mount=target=/go/pkg/mod,type=cache \
     --mount=type=bind,source=/tmp/.ldflags,target=/tmp/.ldflags,from=version \
-      set -x ; xx-go build -trimpath -ldflags "$(cat /tmp/.ldflags) ${LDFLAGS}" -o /usr/bin/registry ./cmd/registry \
+      set -x ; xx-go build -tags "${BUILDTAGS}" -trimpath -ldflags "$(cat /tmp/.ldflags) ${LDFLAGS}" -o /usr/bin/registry ./cmd/registry \
       && xx-verify --static /usr/bin/registry
 
 FROM scratch AS binary
diff --git a/vendor/github.com/docker/distribution/Makefile b/vendor/github.com/docker/distribution/Makefile
index 75e118201..dcdbcb547 100644
--- a/vendor/github.com/docker/distribution/Makefile
+++ b/vendor/github.com/docker/distribution/Makefile
@@ -50,7 +50,7 @@ version/version.go:
 
 check: ## run all linters (TODO: enable "unused", "varcheck", "ineffassign", "unconvert", "staticheck", "goimports", "structcheck")
 	@echo "$(WHALE) $@"
-	@GO111MODULE=off golangci-lint run
+	@GO111MODULE=off golangci-lint --build-tags "${BUILDTAGS}" run
 
 test: ## run tests, except integration test with test.short
 	@echo "$(WHALE) $@"
diff --git a/vendor/github.com/docker/distribution/blobs.go b/vendor/github.com/docker/distribution/blobs.go
index 2a659eaa3..671372abf 100644
--- a/vendor/github.com/docker/distribution/blobs.go
+++ b/vendor/github.com/docker/distribution/blobs.go
@@ -8,7 +8,7 @@ import (
 	"net/http"
 	"time"
 
-	"github.com/docker/distribution/reference"
+	"github.com/distribution/reference"
 	"github.com/opencontainers/go-digest"
 	v1 "github.com/opencontainers/image-spec/specs-go/v1"
 )
diff --git a/vendor/github.com/docker/distribution/reference/helpers_deprecated.go b/vendor/github.com/docker/distribution/reference/helpers_deprecated.go
new file mode 100644
index 000000000..cbd119250
--- /dev/null
+++ b/vendor/github.com/docker/distribution/reference/helpers_deprecated.go
@@ -0,0 +1,34 @@
+package reference
+
+import "github.com/distribution/reference"
+
+// IsNameOnly returns true if reference only contains a repo name.
+//
+// Deprecated: use [reference.IsNameOnly].
+func IsNameOnly(ref reference.Named) bool {
+	return reference.IsNameOnly(ref)
+}
+
+// FamiliarName returns the familiar name string
+// for the given named, familiarizing if needed.
+//
+// Deprecated: use [reference.FamiliarName].
+func FamiliarName(ref reference.Named) string {
+	return reference.FamiliarName(ref)
+}
+
+// FamiliarString returns the familiar string representation
+// for the given reference, familiarizing if needed.
+//
+// Deprecated: use [reference.FamiliarString].
+func FamiliarString(ref reference.Reference) string {
+	return reference.FamiliarString(ref)
+}
+
+// FamiliarMatch reports whether ref matches the specified pattern.
+// See [path.Match] for supported patterns.
+//
+// Deprecated: use [reference.FamiliarMatch].
+func FamiliarMatch(pattern string, ref reference.Reference) (bool, error) {
+	return reference.FamiliarMatch(pattern, ref)
+}
diff --git a/vendor/github.com/docker/distribution/reference/normalize_deprecated.go b/vendor/github.com/docker/distribution/reference/normalize_deprecated.go
new file mode 100644
index 000000000..1b4a459d7
--- /dev/null
+++ b/vendor/github.com/docker/distribution/reference/normalize_deprecated.go
@@ -0,0 +1,92 @@
+package reference
+
+import (
+	"regexp"
+
+	"github.com/distribution/reference"
+	"github.com/opencontainers/go-digest"
+	"github.com/opencontainers/go-digest/digestset"
+)
+
+// ParseNormalizedNamed parses a string into a named reference
+// transforming a familiar name from Docker UI to a fully
+// qualified reference. If the value may be an identifier
+// use ParseAnyReference.
+//
+// Deprecated: use [reference.ParseNormalizedNamed].
+func ParseNormalizedNamed(s string) (reference.Named, error) {
+	return reference.ParseNormalizedNamed(s)
+}
+
+// ParseDockerRef normalizes the image reference following the docker convention,
+// which allows for references to contain both a tag and a digest.
+//
+// Deprecated: use [reference.ParseDockerRef].
+func ParseDockerRef(ref string) (reference.Named, error) {
+	return reference.ParseDockerRef(ref)
+}
+
+// TagNameOnly adds the default tag "latest" to a reference if it only has
+// a repo name.
+//
+// Deprecated: use [reference.TagNameOnly].
+func TagNameOnly(ref reference.Named) reference.Named {
+	return reference.TagNameOnly(ref)
+}
+
+// ParseAnyReference parses a reference string as a possible identifier,
+// full digest, or familiar name.
+//
+// Deprecated: use [reference.ParseAnyReference].
+func ParseAnyReference(ref string) (reference.Reference, error) {
+	return reference.ParseAnyReference(ref)
+}
+
+// Functions and types below have been removed in distribution v3 and
+// have not been ported to github.com/distribution/reference. See
+// https://github.com/distribution/distribution/pull/3774
+
+var (
+	// ShortIdentifierRegexp is the format used to represent a prefix
+	// of an identifier. A prefix may be used to match a sha256 identifier
+	// within a list of trusted identifiers.
+	//
+	// Deprecated: support for short-identifiers is deprecated, and will be removed in v3.
+	ShortIdentifierRegexp = regexp.MustCompile(shortIdentifier)
+
+	shortIdentifier = `([a-f0-9]{6,64})`
+
+	// anchoredShortIdentifierRegexp is used to check if a value
+	// is a possible identifier prefix, anchored at start and end
+	// of string.
+	anchoredShortIdentifierRegexp = regexp.MustCompile(`^` + shortIdentifier + `$`)
+)
+
+type digestReference digest.Digest
+
+func (d digestReference) String() string {
+	return digest.Digest(d).String()
+}
+
+func (d digestReference) Digest() digest.Digest {
+	return digest.Digest(d)
+}
+
+// ParseAnyReferenceWithSet parses a reference string as a possible short
+// identifier to be matched in a digest set, a full digest, or familiar name.
+//
+// Deprecated: support for short-identifiers is deprecated, and will be removed in v3.
+func ParseAnyReferenceWithSet(ref string, ds *digestset.Set) (Reference, error) {
+	if ok := anchoredShortIdentifierRegexp.MatchString(ref); ok {
+		dgst, err := ds.Lookup(ref)
+		if err == nil {
+			return digestReference(dgst), nil
+		}
+	} else {
+		if dgst, err := digest.Parse(ref); err == nil {
+			return digestReference(dgst), nil
+		}
+	}
+
+	return reference.ParseNormalizedNamed(ref)
+}
diff --git a/vendor/github.com/docker/distribution/reference/reference_deprecated.go b/vendor/github.com/docker/distribution/reference/reference_deprecated.go
new file mode 100644
index 000000000..5b732498e
--- /dev/null
+++ b/vendor/github.com/docker/distribution/reference/reference_deprecated.go
@@ -0,0 +1,172 @@
+// Package reference is deprecated, and has moved to github.com/distribution/reference.
+//
+// Deprecated: use github.com/distribution/reference instead.
+package reference
+
+import (
+	"github.com/distribution/reference"
+	"github.com/opencontainers/go-digest"
+)
+
+const (
+	// NameTotalLengthMax is the maximum total number of characters in a repository name.
+	//
+	// Deprecated: use [reference.NameTotalLengthMax].
+	NameTotalLengthMax = reference.NameTotalLengthMax
+)
+
+var (
+	// ErrReferenceInvalidFormat represents an error while trying to parse a string as a reference.
+	//
+	// Deprecated: use [reference.ErrReferenceInvalidFormat].
+	ErrReferenceInvalidFormat = reference.ErrReferenceInvalidFormat
+
+	// ErrTagInvalidFormat represents an error while trying to parse a string as a tag.
+	//
+	// Deprecated: use [reference.ErrTagInvalidFormat].
+	ErrTagInvalidFormat = reference.ErrTagInvalidFormat
+
+	// ErrDigestInvalidFormat represents an error while trying to parse a string as a tag.
+	//
+	// Deprecated: use [reference.ErrDigestInvalidFormat].
+	ErrDigestInvalidFormat = reference.ErrDigestInvalidFormat
+
+	// ErrNameContainsUppercase is returned for invalid repository names that contain uppercase characters.
+	//
+	// Deprecated: use [reference.ErrNameContainsUppercase].
+	ErrNameContainsUppercase = reference.ErrNameContainsUppercase
+
+	// ErrNameEmpty is returned for empty, invalid repository names.
+	//
+	// Deprecated: use [reference.ErrNameEmpty].
+	ErrNameEmpty = reference.ErrNameEmpty
+
+	// ErrNameTooLong is returned when a repository name is longer than NameTotalLengthMax.
+	//
+	// Deprecated: use [reference.ErrNameTooLong].
+	ErrNameTooLong = reference.ErrNameTooLong
+
+	// ErrNameNotCanonical is returned when a name is not canonical.
+	//
+	// Deprecated: use [reference.ErrNameNotCanonical].
+	ErrNameNotCanonical = reference.ErrNameNotCanonical
+)
+
+// Reference is an opaque object reference identifier that may include
+// modifiers such as a hostname, name, tag, and digest.
+//
+// Deprecated: use [reference.Reference].
+type Reference = reference.Reference
+
+// Field provides a wrapper type for resolving correct reference types when
+// working with encoding.
+//
+// Deprecated: use [reference.Field].
+type Field = reference.Field
+
+// AsField wraps a reference in a Field for encoding.
+//
+// Deprecated: use [reference.AsField].
+func AsField(ref reference.Reference) reference.Field {
+	return reference.AsField(ref)
+}
+
+// Named is an object with a full name
+//
+// Deprecated: use [reference.Named].
+type Named = reference.Named
+
+// Tagged is an object which has a tag
+//
+// Deprecated: use [reference.Tagged].
+type Tagged = reference.Tagged
+
+// NamedTagged is an object including a name and tag.
+//
+// Deprecated: use [reference.NamedTagged].
+type NamedTagged reference.NamedTagged
+
+// Digested is an object which has a digest
+// in which it can be referenced by
+//
+// Deprecated: use [reference.Digested].
+type Digested reference.Digested
+
+// Canonical reference is an object with a fully unique
+// name including a name with domain and digest
+//
+// Deprecated: use [reference.Canonical].
+type Canonical reference.Canonical
+
+// Domain returns the domain part of the [Named] reference.
+//
+// Deprecated: use [reference.Domain].
+func Domain(named reference.Named) string {
+	return reference.Domain(named)
+}
+
+// Path returns the name without the domain part of the [Named] reference.
+//
+// Deprecated: use [reference.Path].
+func Path(named reference.Named) (name string) {
+	return reference.Path(named)
+}
+
+// SplitHostname splits a named reference into a
+// hostname and name string. If no valid hostname is
+// found, the hostname is empty and the full value
+// is returned as name
+//
+// Deprecated: Use [reference.Domain] or [reference.Path].
+func SplitHostname(named reference.Named) (string, string) {
+	return reference.SplitHostname(named)
+}
+
+// Parse parses s and returns a syntactically valid Reference.
+// If an error was encountered it is returned, along with a nil Reference.
+//
+// Deprecated: use [reference.Parse].
+func Parse(s string) (reference.Reference, error) {
+	return reference.Parse(s)
+}
+
+// ParseNamed parses s and returns a syntactically valid reference implementing
+// the Named interface. The reference must have a name and be in the canonical
+// form, otherwise an error is returned.
+// If an error was encountered it is returned, along with a nil Reference.
+//
+// Deprecated: use [reference.ParseNamed].
+func ParseNamed(s string) (reference.Named, error) {
+	return reference.ParseNamed(s)
+}
+
+// WithName returns a named object representing the given string. If the input
+// is invalid ErrReferenceInvalidFormat will be returned.
+//
+// Deprecated: use [reference.WithName].
+func WithName(name string) (reference.Named, error) {
+	return reference.WithName(name)
+}
+
+// WithTag combines the name from "name" and the tag from "tag" to form a
+// reference incorporating both the name and the tag.
+//
+// Deprecated: use [reference.WithTag].
+func WithTag(name reference.Named, tag string) (reference.NamedTagged, error) {
+	return reference.WithTag(name, tag)
+}
+
+// WithDigest combines the name from "name" and the digest from "digest" to form
+// a reference incorporating both the name and the digest.
+//
+// Deprecated: use [reference.WithDigest].
+func WithDigest(name reference.Named, digest digest.Digest) (reference.Canonical, error) {
+	return reference.WithDigest(name, digest)
+}
+
+// TrimNamed removes any tag or digest from the named reference.
+//
+// Deprecated: use [reference.TrimNamed].
+func TrimNamed(ref reference.Named) reference.Named {
+	return reference.TrimNamed(ref)
+}
diff --git a/vendor/github.com/docker/distribution/reference/regexp.go b/vendor/github.com/docker/distribution/reference/regexp.go
deleted file mode 100644
index 786034932..000000000
--- a/vendor/github.com/docker/distribution/reference/regexp.go
+++ /dev/null
@@ -1,143 +0,0 @@
-package reference
-
-import "regexp"
-
-var (
-	// alphaNumericRegexp defines the alpha numeric atom, typically a
-	// component of names. This only allows lower case characters and digits.
-	alphaNumericRegexp = match(`[a-z0-9]+`)
-
-	// separatorRegexp defines the separators allowed to be embedded in name
-	// components. This allow one period, one or two underscore and multiple
-	// dashes.
-	separatorRegexp = match(`(?:[._]|__|[-]*)`)
-
-	// nameComponentRegexp restricts registry path component names to start
-	// with at least one letter or number, with following parts able to be
-	// separated by one period, one or two underscore and multiple dashes.
-	nameComponentRegexp = expression(
-		alphaNumericRegexp,
-		optional(repeated(separatorRegexp, alphaNumericRegexp)))
-
-	// domainComponentRegexp restricts the registry domain component of a
-	// repository name to start with a component as defined by DomainRegexp
-	// and followed by an optional port.
-	domainComponentRegexp = match(`(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])`)
-
-	// DomainRegexp defines the structure of potential domain components
-	// that may be part of image names. This is purposely a subset of what is
-	// allowed by DNS to ensure backwards compatibility with Docker image
-	// names.
-	DomainRegexp = expression(
-		domainComponentRegexp,
-		optional(repeated(literal(`.`), domainComponentRegexp)),
-		optional(literal(`:`), match(`[0-9]+`)))
-
-	// TagRegexp matches valid tag names. From docker/docker:graph/tags.go.
-	TagRegexp = match(`[\w][\w.-]{0,127}`)
-
-	// anchoredTagRegexp matches valid tag names, anchored at the start and
-	// end of the matched string.
-	anchoredTagRegexp = anchored(TagRegexp)
-
-	// DigestRegexp matches valid digests.
-	DigestRegexp = match(`[A-Za-z][A-Za-z0-9]*(?:[-_+.][A-Za-z][A-Za-z0-9]*)*[:][[:xdigit:]]{32,}`)
-
-	// anchoredDigestRegexp matches valid digests, anchored at the start and
-	// end of the matched string.
-	anchoredDigestRegexp = anchored(DigestRegexp)
-
-	// NameRegexp is the format for the name component of references. The
-	// regexp has capturing groups for the domain and name part omitting
-	// the separating forward slash from either.
-	NameRegexp = expression(
-		optional(DomainRegexp, literal(`/`)),
-		nameComponentRegexp,
-		optional(repeated(literal(`/`), nameComponentRegexp)))
-
-	// anchoredNameRegexp is used to parse a name value, capturing the
-	// domain and trailing components.
-	anchoredNameRegexp = anchored(
-		optional(capture(DomainRegexp), literal(`/`)),
-		capture(nameComponentRegexp,
-			optional(repeated(literal(`/`), nameComponentRegexp))))
-
-	// ReferenceRegexp is the full supported format of a reference. The regexp
-	// is anchored and has capturing groups for name, tag, and digest
-	// components.
-	ReferenceRegexp = anchored(capture(NameRegexp),
-		optional(literal(":"), capture(TagRegexp)),
-		optional(literal("@"), capture(DigestRegexp)))
-
-	// IdentifierRegexp is the format for string identifier used as a
-	// content addressable identifier using sha256. These identifiers
-	// are like digests without the algorithm, since sha256 is used.
-	IdentifierRegexp = match(`([a-f0-9]{64})`)
-
-	// ShortIdentifierRegexp is the format used to represent a prefix
-	// of an identifier. A prefix may be used to match a sha256 identifier
-	// within a list of trusted identifiers.
-	ShortIdentifierRegexp = match(`([a-f0-9]{6,64})`)
-
-	// anchoredIdentifierRegexp is used to check or match an
-	// identifier value, anchored at start and end of string.
-	anchoredIdentifierRegexp = anchored(IdentifierRegexp)
-
-	// anchoredShortIdentifierRegexp is used to check if a value
-	// is a possible identifier prefix, anchored at start and end
-	// of string.
-	anchoredShortIdentifierRegexp = anchored(ShortIdentifierRegexp)
-)
-
-// match compiles the string to a regular expression.
-var match = regexp.MustCompile
-
-// literal compiles s into a literal regular expression, escaping any regexp
-// reserved characters.
-func literal(s string) *regexp.Regexp {
-	re := match(regexp.QuoteMeta(s))
-
-	if _, complete := re.LiteralPrefix(); !complete {
-		panic("must be a literal")
-	}
-
-	return re
-}
-
-// expression defines a full expression, where each regular expression must
-// follow the previous.
-func expression(res ...*regexp.Regexp) *regexp.Regexp {
-	var s string
-	for _, re := range res {
-		s += re.String()
-	}
-
-	return match(s)
-}
-
-// optional wraps the expression in a non-capturing group and makes the
-// production optional.
-func optional(res ...*regexp.Regexp) *regexp.Regexp {
-	return match(group(expression(res...)).String() + `?`)
-}
-
-// repeated wraps the regexp in a non-capturing group to get one or more
-// matches.
-func repeated(res ...*regexp.Regexp) *regexp.Regexp {
-	return match(group(expression(res...)).String() + `+`)
-}
-
-// group wraps the regexp in a non-capturing group.
-func group(res ...*regexp.Regexp) *regexp.Regexp {
-	return match(`(?:` + expression(res...).String() + `)`)
-}
-
-// capture wraps the expression in a capturing group.
-func capture(res ...*regexp.Regexp) *regexp.Regexp {
-	return match(`(` + expression(res...).String() + `)`)
-}
-
-// anchored anchors the regular expression by adding start and end delimiters.
-func anchored(res ...*regexp.Regexp) *regexp.Regexp {
-	return match(`^` + expression(res...).String() + `$`)
-}
diff --git a/vendor/github.com/docker/distribution/reference/regexp_deprecated.go b/vendor/github.com/docker/distribution/reference/regexp_deprecated.go
new file mode 100644
index 000000000..4b9c1b58e
--- /dev/null
+++ b/vendor/github.com/docker/distribution/reference/regexp_deprecated.go
@@ -0,0 +1,50 @@
+package reference
+
+import (
+	"github.com/distribution/reference"
+)
+
+// DigestRegexp matches well-formed digests, including algorithm (e.g. "sha256:<encoded>").
+//
+// Deprecated: use [reference.DigestRegexp].
+var DigestRegexp = reference.DigestRegexp
+
+// DomainRegexp matches hostname or IP-addresses, optionally including a port
+// number. It defines the structure of potential domain components that may be
+// part of image names. This is purposely a subset of what is allowed by DNS to
+// ensure backwards compatibility with Docker image names. It may be a subset of
+// DNS domain name, an IPv4 address in decimal format, or an IPv6 address between
+// square brackets (excluding zone identifiers as defined by [RFC 6874] or special
+// addresses such as IPv4-Mapped).
+//
+// Deprecated: use [reference.DomainRegexp].
+//
+// [RFC 6874]: https://www.rfc-editor.org/rfc/rfc6874.
+var DomainRegexp = reference.DigestRegexp
+
+// IdentifierRegexp is the format for string identifier used as a
+// content addressable identifier using sha256. These identifiers
+// are like digests without the algorithm, since sha256 is used.
+//
+// Deprecated: use [reference.IdentifierRegexp].
+var IdentifierRegexp = reference.IdentifierRegexp
+
+// NameRegexp is the format for the name component of references, including
+// an optional domain and port, but without tag or digest suffix.
+//
+// Deprecated: use [reference.NameRegexp].
+var NameRegexp = reference.NameRegexp
+
+// ReferenceRegexp is the full supported format of a reference. The regexp
+// is anchored and has capturing groups for name, tag, and digest
+// components.
+//
+// Deprecated: use [reference.ReferenceRegexp].
+var ReferenceRegexp = reference.ReferenceRegexp
+
+// TagRegexp matches valid tag names. From [docker/docker:graph/tags.go].
+//
+// Deprecated: use [reference.TagRegexp].
+//
+// [docker/docker:graph/tags.go]: https://github.com/moby/moby/blob/v1.6.0/graph/tags.go#L26-L28
+var TagRegexp = reference.TagRegexp
diff --git a/vendor/github.com/docker/distribution/reference/sort_deprecated.go b/vendor/github.com/docker/distribution/reference/sort_deprecated.go
new file mode 100644
index 000000000..a73251b6f
--- /dev/null
+++ b/vendor/github.com/docker/distribution/reference/sort_deprecated.go
@@ -0,0 +1,10 @@
+package reference
+
+import "github.com/distribution/reference"
+
+// Sort sorts string references preferring higher information references.
+//
+// Deprecated: use [reference.Sort].
+func Sort(references []string) []string {
+	return reference.Sort(references)
+}
diff --git a/vendor/github.com/docker/distribution/registry.go b/vendor/github.com/docker/distribution/registry.go
index 6c3210989..d0deee65d 100644
--- a/vendor/github.com/docker/distribution/registry.go
+++ b/vendor/github.com/docker/distribution/registry.go
@@ -3,7 +3,7 @@ package distribution
 import (
 	"context"
 
-	"github.com/docker/distribution/reference"
+	"github.com/distribution/reference"
 )
 
 // Scope defines the set of items that match a namespace.
diff --git a/vendor/github.com/docker/distribution/registry/api/v2/descriptors.go b/vendor/github.com/docker/distribution/registry/api/v2/descriptors.go
index c3bf90f71..7fceefbc6 100644
--- a/vendor/github.com/docker/distribution/registry/api/v2/descriptors.go
+++ b/vendor/github.com/docker/distribution/registry/api/v2/descriptors.go
@@ -4,7 +4,7 @@ import (
 	"net/http"
 	"regexp"
 
-	"github.com/docker/distribution/reference"
+	"github.com/distribution/reference"
 	"github.com/docker/distribution/registry/api/errcode"
 	"github.com/opencontainers/go-digest"
 )
diff --git a/vendor/github.com/docker/distribution/registry/api/v2/urls.go b/vendor/github.com/docker/distribution/registry/api/v2/urls.go
index 3c3ec9893..ab6406335 100644
--- a/vendor/github.com/docker/distribution/registry/api/v2/urls.go
+++ b/vendor/github.com/docker/distribution/registry/api/v2/urls.go
@@ -6,7 +6,7 @@ import (
 	"net/url"
 	"strings"
 
-	"github.com/docker/distribution/reference"
+	"github.com/distribution/reference"
 	"github.com/gorilla/mux"
 )
 
diff --git a/vendor/github.com/docker/distribution/registry/client/blob_writer.go b/vendor/github.com/docker/distribution/registry/client/blob_writer.go
index 695bf852f..dac030c73 100644
--- a/vendor/github.com/docker/distribution/registry/client/blob_writer.go
+++ b/vendor/github.com/docker/distribution/registry/client/blob_writer.go
@@ -42,6 +42,8 @@ func (hbu *httpBlobUpload) ReadFrom(r io.Reader) (n int64, err error) {
 	}
 	defer req.Body.Close()
 
+	req.Header.Set("Content-Type", "application/octet-stream")
+
 	resp, err := hbu.client.Do(req)
 	if err != nil {
 		return 0, err
diff --git a/vendor/github.com/docker/distribution/registry/client/errors.go b/vendor/github.com/docker/distribution/registry/client/errors.go
index 024df43dd..ce9902034 100644
--- a/vendor/github.com/docker/distribution/registry/client/errors.go
+++ b/vendor/github.com/docker/distribution/registry/client/errors.go
@@ -4,8 +4,8 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
-	"io"
 	"io/ioutil"
+	"mime"
 	"net/http"
 
 	"github.com/docker/distribution/registry/api/errcode"
@@ -38,13 +38,29 @@ func (e *UnexpectedHTTPResponseError) Error() string {
 	return fmt.Sprintf("error parsing HTTP %d response body: %s: %q", e.StatusCode, e.ParseErr.Error(), string(e.Response))
 }
 
-func parseHTTPErrorResponse(statusCode int, r io.Reader) error {
+func parseHTTPErrorResponse(resp *http.Response) error {
 	var errors errcode.Errors
-	body, err := ioutil.ReadAll(r)
+	body, err := ioutil.ReadAll(resp.Body)
 	if err != nil {
 		return err
 	}
 
+	statusCode := resp.StatusCode
+	ctHeader := resp.Header.Get("Content-Type")
+
+	if ctHeader == "" {
+		return makeError(statusCode, string(body))
+	}
+
+	contentType, _, err := mime.ParseMediaType(ctHeader)
+	if err != nil {
+		return fmt.Errorf("failed parsing content-type: %w", err)
+	}
+
+	if contentType != "application/json" && contentType != "application/vnd.api+json" {
+		return makeError(statusCode, string(body))
+	}
+
 	// For backward compatibility, handle irregularly formatted
 	// messages that contain a "details" field.
 	var detailsErr struct {
@@ -52,16 +68,7 @@ func parseHTTPErrorResponse(statusCode int, r io.Reader) error {
 	}
 	err = json.Unmarshal(body, &detailsErr)
 	if err == nil && detailsErr.Details != "" {
-		switch statusCode {
-		case http.StatusUnauthorized:
-			return errcode.ErrorCodeUnauthorized.WithMessage(detailsErr.Details)
-		case http.StatusForbidden:
-			return errcode.ErrorCodeDenied.WithMessage(detailsErr.Details)
-		case http.StatusTooManyRequests:
-			return errcode.ErrorCodeTooManyRequests.WithMessage(detailsErr.Details)
-		default:
-			return errcode.ErrorCodeUnknown.WithMessage(detailsErr.Details)
-		}
+		return makeError(statusCode, detailsErr.Details)
 	}
 
 	if err := json.Unmarshal(body, &errors); err != nil {
@@ -85,6 +92,19 @@ func parseHTTPErrorResponse(statusCode int, r io.Reader) error {
 	return errors
 }
 
+func makeError(statusCode int, details string) error {
+	switch statusCode {
+	case http.StatusUnauthorized:
+		return errcode.ErrorCodeUnauthorized.WithMessage(details)
+	case http.StatusForbidden:
+		return errcode.ErrorCodeDenied.WithMessage(details)
+	case http.StatusTooManyRequests:
+		return errcode.ErrorCodeTooManyRequests.WithMessage(details)
+	default:
+		return errcode.ErrorCodeUnknown.WithMessage(details)
+	}
+}
+
 func makeErrorList(err error) []error {
 	if errL, ok := err.(errcode.Errors); ok {
 		return []error(errL)
@@ -121,11 +141,10 @@ func HandleErrorResponse(resp *http.Response) error {
 				} else {
 					err.Message = err.Code.Message()
 				}
-
-				return mergeErrors(err, parseHTTPErrorResponse(resp.StatusCode, resp.Body))
+				return mergeErrors(err, parseHTTPErrorResponse(resp))
 			}
 		}
-		err := parseHTTPErrorResponse(resp.StatusCode, resp.Body)
+		err := parseHTTPErrorResponse(resp)
 		if uErr, ok := err.(*UnexpectedHTTPResponseError); ok && resp.StatusCode == 401 {
 			return errcode.ErrorCodeUnauthorized.WithDetail(uErr.Response)
 		}
diff --git a/vendor/github.com/docker/distribution/registry/client/repository.go b/vendor/github.com/docker/distribution/registry/client/repository.go
index 04e5a3ba0..fd42a1e66 100644
--- a/vendor/github.com/docker/distribution/registry/client/repository.go
+++ b/vendor/github.com/docker/distribution/registry/client/repository.go
@@ -14,8 +14,8 @@ import (
 	"strings"
 	"time"
 
+	"github.com/distribution/reference"
 	"github.com/docker/distribution"
-	"github.com/docker/distribution/reference"
 	v2 "github.com/docker/distribution/registry/api/v2"
 	"github.com/docker/distribution/registry/client/transport"
 	"github.com/docker/distribution/registry/storage/cache"
diff --git a/vendor/github.com/docker/distribution/registry/storage/cache/memory/memory.go b/vendor/github.com/docker/distribution/registry/storage/cache/memory/memory.go
index 42d94d9bd..f2953b02c 100644
--- a/vendor/github.com/docker/distribution/registry/storage/cache/memory/memory.go
+++ b/vendor/github.com/docker/distribution/registry/storage/cache/memory/memory.go
@@ -4,8 +4,8 @@ import (
 	"context"
 	"sync"
 
+	"github.com/distribution/reference"
 	"github.com/docker/distribution"
-	"github.com/docker/distribution/reference"
 	"github.com/docker/distribution/registry/storage/cache"
 	"github.com/opencontainers/go-digest"
 )
diff --git a/vendor/github.com/docker/distribution/vendor.conf b/vendor/github.com/docker/distribution/vendor.conf
index bd1b4bff6..20818428f 100644
--- a/vendor/github.com/docker/distribution/vendor.conf
+++ b/vendor/github.com/docker/distribution/vendor.conf
@@ -9,6 +9,7 @@ github.com/bugsnag/osext 0dd3f918b21bec95ace9dc86c7e70266cfc5c702
 github.com/bugsnag/panicwrap e2c28503fcd0675329da73bf48b33404db873782
 github.com/denverdino/aliyungo afedced274aa9a7fcdd47ac97018f0f8db4e5de2
 github.com/dgrijalva/jwt-go 4bbdd8ac624fc7a9ef7aec841c43d99b5fe65a29 https://github.com/golang-jwt/jwt.git # v3.2.2
+github.com/distribution/reference 49c28499d219290c3226822e9cfcd4ede6d75379 # v0.5.0
 github.com/docker/go-metrics 399ea8c73916000c64c2c76e8da00ca82f8387ab
 github.com/docker/libtrust fa567046d9b14f6aa788882a950d69651d230b21
 github.com/garyburd/redigo 535138d7bcd717d6531c701ef5933d98b1866257
@@ -47,5 +48,5 @@ gopkg.in/check.v1 64131543e7896d5bcc6bd5a76287eb75ea96c673
 gopkg.in/square/go-jose.v1 40d457b439244b546f023d056628e5184136899b
 gopkg.in/yaml.v2 v2.2.1
 rsc.io/letsencrypt e770c10b0f1a64775ae91d240407ce00d1a5bdeb https://github.com/dmcgowan/letsencrypt.git
-github.com/opencontainers/go-digest a6d0ee40d4207ea02364bd3b9e8e77b9159ba1eb
+github.com/opencontainers/go-digest ea51bea511f75cfa3ef6098cc253c5c3609b037a # v1.0.0
 github.com/opencontainers/image-spec 67d2d5658fe0476ab9bf414cec164077ebff3920 # v1.0.2
diff --git a/vendor/github.com/docker/docker-credential-helpers/client/client.go b/vendor/github.com/docker/docker-credential-helpers/client/client.go
index d1d0434cb..678153cf8 100644
--- a/vendor/github.com/docker/docker-credential-helpers/client/client.go
+++ b/vendor/github.com/docker/docker-credential-helpers/client/client.go
@@ -26,7 +26,7 @@ func isValidCredsMessage(msg string) error {
 
 // Store uses an external program to save credentials.
 func Store(program ProgramFunc, creds *credentials.Credentials) error {
-	cmd := program("store")
+	cmd := program(credentials.ActionStore)
 
 	buffer := new(bytes.Buffer)
 	if err := json.NewEncoder(buffer).Encode(creds); err != nil {
@@ -50,7 +50,7 @@ func Store(program ProgramFunc, creds *credentials.Credentials) error {
 
 // Get executes an external program to get the credentials from a native store.
 func Get(program ProgramFunc, serverURL string) (*credentials.Credentials, error) {
-	cmd := program("get")
+	cmd := program(credentials.ActionGet)
 	cmd.Input(strings.NewReader(serverURL))
 
 	out, err := cmd.Output()
@@ -81,7 +81,7 @@ func Get(program ProgramFunc, serverURL string) (*credentials.Credentials, error
 
 // Erase executes a program to remove the server credentials from the native store.
 func Erase(program ProgramFunc, serverURL string) error {
-	cmd := program("erase")
+	cmd := program(credentials.ActionErase)
 	cmd.Input(strings.NewReader(serverURL))
 	out, err := cmd.Output()
 	if err != nil {
@@ -99,7 +99,7 @@ func Erase(program ProgramFunc, serverURL string) error {
 
 // List executes a program to list server credentials in the native store.
 func List(program ProgramFunc) (map[string]string, error) {
-	cmd := program("list")
+	cmd := program(credentials.ActionList)
 	cmd.Input(strings.NewReader("unused"))
 	out, err := cmd.Output()
 	if err != nil {
diff --git a/vendor/github.com/docker/docker-credential-helpers/client/command.go b/vendor/github.com/docker/docker-credential-helpers/client/command.go
index 0183c0639..1936234be 100644
--- a/vendor/github.com/docker/docker-credential-helpers/client/command.go
+++ b/vendor/github.com/docker/docker-credential-helpers/client/command.go
@@ -1,11 +1,9 @@
 package client
 
 import (
-	"fmt"
 	"io"
 	"os"
-
-	exec "golang.org/x/sys/execabs"
+	"os/exec"
 )
 
 // Program is an interface to execute external programs.
@@ -31,27 +29,26 @@ func NewShellProgramFuncWithEnv(name string, env *map[string]string) ProgramFunc
 
 func createProgramCmdRedirectErr(commandName string, args []string, env *map[string]string) *exec.Cmd {
 	programCmd := exec.Command(commandName, args...)
-	programCmd.Env = os.Environ()
 	if env != nil {
 		for k, v := range *env {
-			programCmd.Env = append(programCmd.Env, fmt.Sprintf("%s=%s", k, v))
+			programCmd.Env = append(programCmd.Environ(), k+"="+v)
 		}
 	}
 	programCmd.Stderr = os.Stderr
 	return programCmd
 }
 
-// Shell invokes shell commands to talk with a remote credentials helper.
+// Shell invokes shell commands to talk with a remote credentials-helper.
 type Shell struct {
 	cmd *exec.Cmd
 }
 
-// Output returns responses from the remote credentials helper.
+// Output returns responses from the remote credentials-helper.
 func (s *Shell) Output() ([]byte, error) {
 	return s.cmd.Output()
 }
 
-// Input sets the input to send to a remote credentials helper.
+// Input sets the input to send to a remote credentials-helper.
 func (s *Shell) Input(in io.Reader) {
 	s.cmd.Stdin = in
 }
diff --git a/vendor/github.com/docker/docker-credential-helpers/credentials/credentials.go b/vendor/github.com/docker/docker-credential-helpers/credentials/credentials.go
index 91d9d4bba..eac551884 100644
--- a/vendor/github.com/docker/docker-credential-helpers/credentials/credentials.go
+++ b/vendor/github.com/docker/docker-credential-helpers/credentials/credentials.go
@@ -10,6 +10,20 @@ import (
 	"strings"
 )
 
+// Action defines the name of an action (sub-command) supported by a
+// credential-helper binary. It is an alias for "string", and mostly
+// for convenience.
+type Action = string
+
+// List of actions (sub-commands) supported by credential-helper binaries.
+const (
+	ActionStore   Action = "store"
+	ActionGet     Action = "get"
+	ActionErase   Action = "erase"
+	ActionList    Action = "list"
+	ActionVersion Action = "version"
+)
+
 // Credentials holds the information shared between docker and the credentials store.
 type Credentials struct {
 	ServerURL string
@@ -43,42 +57,52 @@ func SetCredsLabel(label string) {
 	CredsLabel = label
 }
 
-// Serve initializes the credentials helper and parses the action argument.
+// Serve initializes the credentials-helper and parses the action argument.
 // This function is designed to be called from a command line interface.
 // It uses os.Args[1] as the key for the action.
 // It uses os.Stdin as input and os.Stdout as output.
 // This function terminates the program with os.Exit(1) if there is an error.
 func Serve(helper Helper) {
-	var err error
 	if len(os.Args) != 2 {
-		err = fmt.Errorf("Usage: %s <store|get|erase|list|version>", os.Args[0])
+		_, _ = fmt.Fprintln(os.Stdout, usage())
+		os.Exit(1)
 	}
 
-	if err == nil {
-		err = HandleCommand(helper, os.Args[1], os.Stdin, os.Stdout)
+	switch os.Args[1] {
+	case "--version", "-v":
+		_ = PrintVersion(os.Stdout)
+		os.Exit(0)
+	case "--help", "-h":
+		_, _ = fmt.Fprintln(os.Stdout, usage())
+		os.Exit(0)
 	}
 
-	if err != nil {
-		fmt.Fprintf(os.Stdout, "%v\n", err)
+	if err := HandleCommand(helper, os.Args[1], os.Stdin, os.Stdout); err != nil {
+		_, _ = fmt.Fprintln(os.Stdout, err)
 		os.Exit(1)
 	}
 }
 
-// HandleCommand uses a helper and a key to run a credential action.
-func HandleCommand(helper Helper, key string, in io.Reader, out io.Writer) error {
-	switch key {
-	case "store":
+func usage() string {
+	return fmt.Sprintf("Usage: %s <store|get|erase|list|version>", Name)
+}
+
+// HandleCommand runs a helper to execute a credential action.
+func HandleCommand(helper Helper, action Action, in io.Reader, out io.Writer) error {
+	switch action {
+	case ActionStore:
 		return Store(helper, in)
-	case "get":
+	case ActionGet:
 		return Get(helper, in, out)
-	case "erase":
+	case ActionErase:
 		return Erase(helper, in)
-	case "list":
+	case ActionList:
 		return List(helper, out)
-	case "version":
+	case ActionVersion:
 		return PrintVersion(out)
+	default:
+		return fmt.Errorf("%s: unknown action: %s", Name, action)
 	}
-	return fmt.Errorf("Unknown credential action `%s`", key)
 }
 
 // Store uses a helper and an input reader to save credentials.
@@ -132,18 +156,17 @@ func Get(helper Helper, reader io.Reader, writer io.Writer) error {
 		return err
 	}
 
-	resp := Credentials{
+	buffer.Reset()
+	err = json.NewEncoder(buffer).Encode(Credentials{
 		ServerURL: serverURL,
 		Username:  username,
 		Secret:    secret,
-	}
-
-	buffer.Reset()
-	if err := json.NewEncoder(buffer).Encode(resp); err != nil {
+	})
+	if err != nil {
 		return err
 	}
 
-	fmt.Fprint(writer, buffer.String())
+	_, _ = fmt.Fprint(writer, buffer.String())
 	return nil
 }
 
@@ -181,6 +204,6 @@ func List(helper Helper, writer io.Writer) error {
 
 // PrintVersion outputs the current version.
 func PrintVersion(writer io.Writer) error {
-	fmt.Fprintf(writer, "%s (%s) %s\n", Name, Package, Version)
+	_, _ = fmt.Fprintf(writer, "%s (%s) %s\n", Name, Package, Version)
 	return nil
 }
diff --git a/vendor/github.com/docker/docker-credential-helpers/credentials/error.go b/vendor/github.com/docker/docker-credential-helpers/credentials/error.go
index fe6a5aef4..8fa4d5d25 100644
--- a/vendor/github.com/docker/docker-credential-helpers/credentials/error.go
+++ b/vendor/github.com/docker/docker-credential-helpers/credentials/error.go
@@ -1,5 +1,7 @@
 package credentials
 
+import "errors"
+
 const (
 	// ErrCredentialsNotFound standardizes the not found error, so every helper returns
 	// the same message and docker can handle it properly.
@@ -21,6 +23,11 @@ func (errCredentialsNotFound) Error() string {
 	return errCredentialsNotFoundMessage
 }
 
+// NotFound implements the [ErrNotFound][errdefs.ErrNotFound] interface.
+//
+// [errdefs.ErrNotFound]: https://pkg.go.dev/github.com/docker/docker@v24.0.1+incompatible/errdefs#ErrNotFound
+func (errCredentialsNotFound) NotFound() {}
+
 // NewErrCredentialsNotFound creates a new error
 // for when the credentials are not in the store.
 func NewErrCredentialsNotFound() error {
@@ -30,8 +37,8 @@ func NewErrCredentialsNotFound() error {
 // IsErrCredentialsNotFound returns true if the error
 // was caused by not having a set of credentials in a store.
 func IsErrCredentialsNotFound(err error) bool {
-	_, ok := err.(errCredentialsNotFound)
-	return ok
+	var target errCredentialsNotFound
+	return errors.As(err, &target)
 }
 
 // IsErrCredentialsNotFoundMessage returns true if the error
@@ -53,6 +60,12 @@ func (errCredentialsMissingServerURL) Error() string {
 	return errCredentialsMissingServerURLMessage
 }
 
+// InvalidParameter implements the [ErrInvalidParameter][errdefs.ErrInvalidParameter]
+// interface.
+//
+// [errdefs.ErrInvalidParameter]: https://pkg.go.dev/github.com/docker/docker@v24.0.1+incompatible/errdefs#ErrInvalidParameter
+func (errCredentialsMissingServerURL) InvalidParameter() {}
+
 // errCredentialsMissingUsername represents an error raised
 // when the credentials object has no username or when no
 // username is provided to a credentials operation requiring
@@ -63,6 +76,12 @@ func (errCredentialsMissingUsername) Error() string {
 	return errCredentialsMissingUsernameMessage
 }
 
+// InvalidParameter implements the [ErrInvalidParameter][errdefs.ErrInvalidParameter]
+// interface.
+//
+// [errdefs.ErrInvalidParameter]: https://pkg.go.dev/github.com/docker/docker@v24.0.1+incompatible/errdefs#ErrInvalidParameter
+func (errCredentialsMissingUsername) InvalidParameter() {}
+
 // NewErrCredentialsMissingServerURL creates a new error for
 // errCredentialsMissingServerURL.
 func NewErrCredentialsMissingServerURL() error {
@@ -78,8 +97,8 @@ func NewErrCredentialsMissingUsername() error {
 // IsCredentialsMissingServerURL returns true if the error
 // was an errCredentialsMissingServerURL.
 func IsCredentialsMissingServerURL(err error) bool {
-	_, ok := err.(errCredentialsMissingServerURL)
-	return ok
+	var target errCredentialsMissingServerURL
+	return errors.As(err, &target)
 }
 
 // IsCredentialsMissingServerURLMessage checks for an
@@ -91,8 +110,8 @@ func IsCredentialsMissingServerURLMessage(err string) bool {
 // IsCredentialsMissingUsername returns true if the error
 // was an errCredentialsMissingUsername.
 func IsCredentialsMissingUsername(err error) bool {
-	_, ok := err.(errCredentialsMissingUsername)
-	return ok
+	var target errCredentialsMissingUsername
+	return errors.As(err, &target)
 }
 
 // IsCredentialsMissingUsernameMessage checks for an
diff --git a/vendor/github.com/docker/docker/AUTHORS b/vendor/github.com/docker/docker/AUTHORS
index 0728bfe18..b31418192 100644
--- a/vendor/github.com/docker/docker/AUTHORS
+++ b/vendor/github.com/docker/docker/AUTHORS
@@ -29,6 +29,7 @@ Adam Pointer <adam.pointer@skybettingandgaming.com>
 Adam Singer <financeCoding@gmail.com>
 Adam Walz <adam@adamwalz.net>
 Adam Williams <awilliams@mirantis.com>
+AdamKorcz <adam@adalogics.com>
 Addam Hardy <addam.hardy@gmail.com>
 Aditi Rajagopal <arajagopal@us.ibm.com>
 Aditya <aditya@netroy.in>
@@ -81,6 +82,7 @@ Alex Goodman <wagoodman@gmail.com>
 Alex Nordlund <alexander.nordlund@nasdaq.com>
 Alex Olshansky <i@creagenics.com>
 Alex Samorukov <samm@os2.kiev.ua>
+Alex Stockinger <alex@atomicjar.com>
 Alex Warhawk <ax.warhawk@gmail.com>
 Alexander Artemenko <svetlyak.40wt@gmail.com>
 Alexander Boyd <alex@opengroove.org>
@@ -198,6 +200,7 @@ Anusha Ragunathan <anusha.ragunathan@docker.com>
 Anyu Wang <wanganyu@outlook.com>
 apocas <petermdias@gmail.com>
 Arash Deshmeh <adeshmeh@ca.ibm.com>
+arcosx <arcosx@outlook.com>
 ArikaChen <eaglesora@gmail.com>
 Arko Dasgupta <arko@tetrate.io>
 Arnaud Lefebvre <a.lefebvre@outlook.fr>
@@ -241,6 +244,7 @@ Benjamin Atkin <ben@benatkin.com>
 Benjamin Baker <Benjamin.baker@utexas.edu>
 Benjamin Boudreau <boudreau.benjamin@gmail.com>
 Benjamin Böhmke <benjamin@boehmke.net>
+Benjamin Wang <wachao@vmware.com>
 Benjamin Yolken <yolken@stripe.com>
 Benny Ng <benny.tpng@gmail.com>
 Benoit Chesneau <bchesneau@gmail.com>
@@ -634,6 +638,7 @@ Eng Zer Jun <engzerjun@gmail.com>
 Enguerran <engcolson@gmail.com>
 Eohyung Lee <liquidnuker@gmail.com>
 epeterso <epeterson@breakpoint-labs.com>
+er0k <er0k@er0k.net>
 Eric Barch <barch@tomesoftware.com>
 Eric Curtin <ericcurtin17@gmail.com>
 Eric G. Noriega <enoriega@vizuri.com>
@@ -754,6 +759,7 @@ Félix Baylac-Jacqué <baylac.felix@gmail.com>
 Félix Cantournet <felix.cantournet@cloudwatt.com>
 Gabe Rosenhouse <gabe@missionst.com>
 Gabor Nagy <mail@aigeruth.hu>
+Gabriel Adrian Samfira <gsamfira@cloudbasesolutions.com>
 Gabriel Goller <gabrielgoller123@gmail.com>
 Gabriel L. Somlo <gsomlo@gmail.com>
 Gabriel Linder <linder.gabriel@gmail.com>
@@ -855,6 +861,7 @@ Hongbin Lu <hongbin034@gmail.com>
 Hongxu Jia <hongxu.jia@windriver.com>
 Honza Pokorny <me@honza.ca>
 Hsing-Hui Hsu <hsinghui@amazon.com>
+Hsing-Yu (David) Chen <davidhsingyuchen@gmail.com>
 hsinko <21551195@zju.edu.cn>
 Hu Keping <hukeping@huawei.com>
 Hu Tao <hutao@cn.fujitsu.com>
@@ -887,6 +894,7 @@ Igor Dolzhikov <bluesriverz@gmail.com>
 Igor Karpovich <i.karpovich@currencysolutions.com>
 Iliana Weller <iweller@amazon.com>
 Ilkka Laukkanen <ilkka@ilkka.io>
+Illia Antypenko <ilya@antipenko.pp.ua>
 Illo Abdulrahim <abdulrahim.illo@nokia.com>
 Ilya Dmitrichenko <errordeveloper@gmail.com>
 Ilya Gusev <mail@igusev.ru>
@@ -938,6 +946,7 @@ Jamie Hannaford <jamie@limetree.org>
 Jamshid Afshar <jafshar@yahoo.com>
 Jan Breig <git@pygos.space>
 Jan Chren <dev.rindeal@gmail.com>
+Jan Garcia <github-public@n-garcia.com>
 Jan Götte <jaseg@jaseg.net>
 Jan Keromnes <janx@linux.com>
 Jan Koprowski <jan.koprowski@gmail.com>
@@ -1206,6 +1215,7 @@ Kimbro Staken <kstaken@kstaken.com>
 Kir Kolyshkin <kolyshkin@gmail.com>
 Kiran Gangadharan <kiran.daredevil@gmail.com>
 Kirill SIbirev <l0kix2@gmail.com>
+Kirk Easterson <kirk.easterson@gmail.com>
 knappe <tyler.knappe@gmail.com>
 Kohei Tsuruta <coheyxyz@gmail.com>
 Koichi Shiraishi <k@zchee.io>
@@ -1240,10 +1250,12 @@ Lars Kellogg-Stedman <lars@redhat.com>
 Lars R. Damerow <lars@pixar.com>
 Lars-Magnus Skog <ralphtheninja@riseup.net>
 Laszlo Meszaros <lacienator@gmail.com>
+Laura Brehm <laurabrehm@hey.com>
 Laura Frank <ljfrank@gmail.com>
 Laurent Bernaille <laurent.bernaille@datadoghq.com>
 Laurent Erignoux <lerignoux@gmail.com>
 Laurie Voss <github@seldo.com>
+Leandro Motta Barros <lmb@stackedboxes.org>
 Leandro Siqueira <leandro.siqueira@gmail.com>
 Lee Calcote <leecalcote@gmail.com>
 Lee Chao <932819864@qq.com>
@@ -1563,6 +1575,7 @@ Nick Neisen <nwneisen@gmail.com>
 Nick Parker <nikaios@gmail.com>
 Nick Payne <nick@kurai.co.uk>
 Nick Russo <nicholasjamesrusso@gmail.com>
+Nick Santos <nick.santos@docker.com>
 Nick Stenning <nick.stenning@digital.cabinet-office.gov.uk>
 Nick Stinemates <nick@stinemates.org>
 Nick Wood <nwood@microsoft.com>
@@ -1584,6 +1597,7 @@ NikolaMandic <mn080202@gmail.com>
 Nikolas Garofil <nikolas.garofil@uantwerpen.be>
 Nikolay Edigaryev <edigaryev@gmail.com>
 Nikolay Milovanov <nmil@itransformers.net>
+ningmingxiao <ning.mingxiao@zte.com.cn>
 Nirmal Mehta <nirmalkmehta@gmail.com>
 Nishant Totla <nishanttotla@gmail.com>
 NIWA Hideyuki <niwa.niwa@nifty.ne.jp>
@@ -1615,6 +1629,7 @@ Omri Shiv <Omri.Shiv@teradata.com>
 Onur Filiz <onur.filiz@microsoft.com>
 Oriol Francès <oriolfa@gmail.com>
 Oscar Bonilla <6f6231@gmail.com>
+oscar.chen <2972789494@qq.com>
 Oskar Niburski <oskarniburski@gmail.com>
 Otto Kekäläinen <otto@seravo.fi>
 Ouyang Liduo <oyld0210@163.com>
@@ -1822,6 +1837,7 @@ Rory Hunter <roryhunter2@gmail.com>
 Rory McCune <raesene@gmail.com>
 Ross Boucher <rboucher@gmail.com>
 Rovanion Luckey <rovanion.luckey@gmail.com>
+Roy Reznik <roy@wiz.io>
 Royce Remer <royceremer@gmail.com>
 Rozhnov Alexandr <nox73@ya.ru>
 Rudolph Gottesheim <r.gottesheim@loot.at>
@@ -2271,6 +2287,7 @@ Xiaoyu Zhang <zhang.xiaoyu33@zte.com.cn>
 xichengliudui <1693291525@qq.com>
 xiekeyang <xiekeyang@huawei.com>
 Ximo Guanter Gonzálbez <joaquin.guantergonzalbez@telefonica.com>
+xin.li <xin.li@daocloud.io>
 Xinbo Weng <xihuanbo_0521@zju.edu.cn>
 Xinfeng Liu <xinfeng.liu@gmail.com>
 Xinzi Zhou <imdreamrunner@gmail.com>
@@ -2282,6 +2299,7 @@ Yahya <ya7yaz@gmail.com>
 yalpul <yalpul@gmail.com>
 YAMADA Tsuyoshi <tyamada@minimum2scp.org>
 Yamasaki Masahide <masahide.y@gmail.com>
+Yamazaki Masashi <masi19bw@gmail.com>
 Yan Feng <yanfeng2@huawei.com>
 Yan Zhu <yanzhu@alauda.io>
 Yang Bai <hamo.by@gmail.com>
diff --git a/vendor/github.com/docker/docker/api/common.go b/vendor/github.com/docker/docker/api/common.go
index bee9b875a..cba66bc46 100644
--- a/vendor/github.com/docker/docker/api/common.go
+++ b/vendor/github.com/docker/docker/api/common.go
@@ -3,7 +3,7 @@ package api // import "github.com/docker/docker/api"
 // Common constants for daemon and client.
 const (
 	// DefaultVersion of Current REST API
-	DefaultVersion = "1.42"
+	DefaultVersion = "1.43"
 
 	// NoBaseImageSpecifier is the symbol used by the FROM
 	// command to specify that no base image is to be used.
diff --git a/vendor/github.com/docker/docker/api/swagger.yaml b/vendor/github.com/docker/docker/api/swagger.yaml
index afe7a8c37..7635b9f66 100644
--- a/vendor/github.com/docker/docker/api/swagger.yaml
+++ b/vendor/github.com/docker/docker/api/swagger.yaml
@@ -19,10 +19,10 @@ produces:
 consumes:
   - "application/json"
   - "text/plain"
-basePath: "/v1.42"
+basePath: "/v1.43"
 info:
   title: "Docker Engine API"
-  version: "1.42"
+  version: "1.43"
   x-logo:
     url: "https://docs.docker.com/assets/images/logo-docker-main.png"
   description: |
@@ -55,8 +55,8 @@ info:
     the URL is not supported by the daemon, a HTTP `400 Bad Request` error message
     is returned.
 
-    If you omit the version-prefix, the current version of the API (v1.42) is used.
-    For example, calling `/info` is the same as calling `/v1.42/info`. Using the
+    If you omit the version-prefix, the current version of the API (v1.43) is used.
+    For example, calling `/info` is the same as calling `/v1.43/info`. Using the
     API without a version-prefix is deprecated and will be removed in a future release.
 
     Engine releases in the near future should support this version of the API,
@@ -976,6 +976,13 @@ definitions:
             items:
               type: "integer"
               minimum: 0
+          Annotations:
+            type: "object"
+            description: |
+              Arbitrary non-identifying metadata attached to container and
+              provided to the runtime when the container is started.
+            additionalProperties:
+              type: "string"
 
           # Applicable to UNIX platforms
           CapAdd:
@@ -1122,6 +1129,7 @@ definitions:
               remapping option is enabled.
           ShmSize:
             type: "integer"
+            format: "int64"
             description: |
               Size of `/dev/shm` in bytes. If omitted, the system uses 64MB.
             minimum: 0
@@ -1610,6 +1618,34 @@ definitions:
           "WorkDir": "/var/lib/docker/overlay2/ef749362d13333e65fc95c572eb525abbe0052e16e086cb64bc3b98ae9aa6d74/work"
         }
 
+  FilesystemChange:
+    description: |
+      Change in the container's filesystem.
+    type: "object"
+    required: [Path, Kind]
+    properties:
+      Path:
+        description: |
+          Path to file or directory that has changed.
+        type: "string"
+        x-nullable: false
+      Kind:
+        $ref: "#/definitions/ChangeType"
+
+  ChangeType:
+    description: |
+      Kind of change
+
+      Can be one of:
+
+      - `0`: Modified ("C")
+      - `1`: Added ("A")
+      - `2`: Deleted ("D")
+    type: "integer"
+    format: "uint8"
+    enum: [0, 1, 2]
+    x-nullable: false
+
   ImageInspect:
     description: |
       Information about an image in the local image cache.
@@ -1746,15 +1782,14 @@ definitions:
           Total size of the image including all layers it is composed of.
 
           In versions of Docker before v1.10, this field was calculated from
-          the image itself and all of its parent images. Docker v1.10 and up
-          store images self-contained, and no longer use a parent-chain, making
-          this field an equivalent of the Size field.
+          the image itself and all of its parent images. Images are now stored
+          self-contained, and no longer use a parent-chain, making this field
+          an equivalent of the Size field.
 
-          This field is kept for backward compatibility, but may be removed in
-          a future version of the API.
+          > **Deprecated**: this field is kept for backward compatibility, but
+          > will be removed in API v1.44.
         type: "integer"
         format: "int64"
-        x-nullable: false
         example: 1239828
       GraphDriver:
         $ref: "#/definitions/GraphDriverData"
@@ -1802,7 +1837,6 @@ definitions:
       - Created
       - Size
       - SharedSize
-      - VirtualSize
       - Labels
       - Containers
     properties:
@@ -1888,19 +1922,17 @@ definitions:
         x-nullable: false
         example: 1239828
       VirtualSize:
-        description: |
+        description: |-
           Total size of the image including all layers it is composed of.
 
           In versions of Docker before v1.10, this field was calculated from
-          the image itself and all of its parent images. Docker v1.10 and up
-          store images self-contained, and no longer use a parent-chain, making
-          this field an equivalent of the Size field.
+          the image itself and all of its parent images. Images are now stored
+          self-contained, and no longer use a parent-chain, making this field
+          an equivalent of the Size field.
 
-          This field is kept for backward compatibility, but may be removed in
-          a future version of the API.
+          Deprecated: this field is kept for backward compatibility, and will be removed in API v1.44.
         type: "integer"
         format: "int64"
-        x-nullable: false
         example: 172064416
       Labels:
         description: "User-defined key/value metadata."
@@ -4652,7 +4684,8 @@ definitions:
         example: false
       OOMKilled:
         description: |
-          Whether this container has been killed because it ran out of memory.
+          Whether a process within this container has been killed because it ran
+          out of memory since the container was last started.
         type: "boolean"
         example: false
       Dead:
@@ -5035,7 +5068,7 @@ definitions:
           Go runtime (`GOOS`).
 
           Currently returned values are "linux" and "windows". A full list of
-          possible values can be found in the [Go documentation](https://golang.org/doc/install/source#environment).
+          possible values can be found in the [Go documentation](https://go.dev/doc/install/source#environment).
         type: "string"
         example: "linux"
       Architecture:
@@ -5043,7 +5076,7 @@ definitions:
           Hardware architecture of the host, as returned by the Go runtime
           (`GOARCH`).
 
-          A full list of possible values can be found in the [Go documentation](https://golang.org/doc/install/source#environment).
+          A full list of possible values can be found in the [Go documentation](https://go.dev/doc/install/source#environment).
         type: "string"
         example: "x86_64"
       NCPU:
@@ -5129,42 +5162,8 @@ definitions:
       ServerVersion:
         description: |
           Version string of the daemon.
-
-          > **Note**: the [standalone Swarm API](https://docs.docker.com/swarm/swarm-api/)
-          > returns the Swarm version instead of the daemon  version, for example
-          > `swarm/1.2.8`.
         type: "string"
-        example: "17.06.0-ce"
-      ClusterStore:
-        description: |
-          URL of the distributed storage backend.
-
-
-          The storage backend is used for multihost networking (to store
-          network and endpoint information) and by the node discovery mechanism.
-
-          <p><br /></p>
-
-          > **Deprecated**: This field is only propagated when using standalone Swarm
-          > mode, and overlay networking using an external k/v store. Overlay
-          > networks with Swarm mode enabled use the built-in raft store, and
-          > this field will be empty.
-        type: "string"
-        example: "consul://consul.corp.example.com:8600/some/path"
-      ClusterAdvertise:
-        description: |
-          The network endpoint that the Engine advertises for the purpose of
-          node discovery. ClusterAdvertise is a `host:port` combination on which
-          the daemon is reachable by other hosts.
-
-          <p><br /></p>
-
-          > **Deprecated**: This field is only propagated when using standalone Swarm
-          > mode, and overlay networking using an external k/v store. Overlay
-          > networks with Swarm mode enabled use the built-in raft store, and
-          > this field will be empty.
-        type: "string"
-        example: "node5.corp.example.com:8000"
+        example: "24.0.2"
       Runtimes:
         description: |
           List of [OCI compliant](https://github.com/opencontainers/runtime-spec)
@@ -5242,7 +5241,8 @@ definitions:
       SecurityOptions:
         description: |
           List of security features that are enabled on the daemon, such as
-          apparmor, seccomp, SELinux, user-namespaces (userns), and rootless.
+          apparmor, seccomp, SELinux, user-namespaces (userns), rootless and
+          no-new-privileges.
 
           Additional configuration options for each security feature may
           be present, and are included as a comma-separated list of key/value
@@ -6875,9 +6875,9 @@ paths:
         Returns which files in a container's filesystem have been added, deleted,
         or modified. The `Kind` of modification can be one of:
 
-        - `0`: Modified
-        - `1`: Added
-        - `2`: Deleted
+        - `0`: Modified ("C")
+        - `1`: Added ("A")
+        - `2`: Deleted ("D")
       operationId: "ContainerChanges"
       produces: ["application/json"]
       responses:
@@ -6886,22 +6886,7 @@ paths:
           schema:
             type: "array"
             items:
-              type: "object"
-              x-go-name: "ContainerChangeResponseItem"
-              title: "ContainerChangeResponseItem"
-              description: "change item in response to ContainerChanges operation"
-              required: [Path, Kind]
-              properties:
-                Path:
-                  description: "Path to file that has changed"
-                  type: "string"
-                  x-nullable: false
-                Kind:
-                  description: "Kind of change"
-                  type: "integer"
-                  format: "uint8"
-                  enum: [0, 1, 2]
-                  x-nullable: false
+              $ref: "#/definitions/FilesystemChange"
           examples:
             application/json:
               - Path: "/dev"
@@ -8228,7 +8213,7 @@ paths:
 
             Available filters:
 
-            - `until=<duration>`: duration relative to daemon's time, during which build cache was not used, in Go's duration format (e.g., '24h')
+            - `until=<timestamp>` remove cache older than `<timestamp>`. The `<timestamp>` can be Unix timestamps, date formatted timestamps, or Go duration strings (e.g. `10m`, `1h30m`) computed relative to the daemon's local time.
             - `id=<id>`
             - `parent=<id>`
             - `type=<string>`
@@ -9911,7 +9896,9 @@ paths:
               Id: "22be93d5babb089c5aab8dbc369042fad48ff791584ca2da2100db837a1c7c30"
               Warning: ""
         403:
-          description: "operation not supported for pre-defined networks"
+          description: |
+            Forbidden operation. This happens when trying to create a network named after a pre-defined network,
+            or when trying to create an overlay network on a daemon which is not part of a Swarm cluster.
           schema:
             $ref: "#/definitions/ErrorResponse"
         404:
@@ -10374,6 +10361,12 @@ paths:
             default if omitted.
           required: true
           type: "string"
+        - name: "force"
+          in: "query"
+          description: |
+            Force disable a plugin even if still in use.
+          required: false
+          type: "boolean"
       tags: ["Plugin"]
   /plugins/{name}/upgrade:
     post:
diff --git a/vendor/github.com/docker/docker/api/types/auth.go b/vendor/github.com/docker/docker/api/types/auth.go
index ddf15bb18..9ee329a2f 100644
--- a/vendor/github.com/docker/docker/api/types/auth.go
+++ b/vendor/github.com/docker/docker/api/types/auth.go
@@ -1,22 +1,7 @@
 package types // import "github.com/docker/docker/api/types"
+import "github.com/docker/docker/api/types/registry"
 
-// AuthConfig contains authorization information for connecting to a Registry
-type AuthConfig struct {
-	Username string `json:"username,omitempty"`
-	Password string `json:"password,omitempty"`
-	Auth     string `json:"auth,omitempty"`
-
-	// Email is an optional value associated with the username.
-	// This field is deprecated and will be removed in a later
-	// version of docker.
-	Email string `json:"email,omitempty"`
-
-	ServerAddress string `json:"serveraddress,omitempty"`
-
-	// IdentityToken is used to authenticate the user and get
-	// an access token for the registry.
-	IdentityToken string `json:"identitytoken,omitempty"`
-
-	// RegistryToken is a bearer token to be sent to a registry
-	RegistryToken string `json:"registrytoken,omitempty"`
-}
+// AuthConfig contains authorization information for connecting to a Registry.
+//
+// Deprecated: use github.com/docker/docker/api/types/registry.AuthConfig
+type AuthConfig = registry.AuthConfig
diff --git a/vendor/github.com/docker/docker/api/types/client.go b/vendor/github.com/docker/docker/api/types/client.go
index 97aca0230..d8cd30613 100644
--- a/vendor/github.com/docker/docker/api/types/client.go
+++ b/vendor/github.com/docker/docker/api/types/client.go
@@ -7,6 +7,7 @@ import (
 
 	"github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/api/types/filters"
+	"github.com/docker/docker/api/types/registry"
 	units "github.com/docker/go-units"
 )
 
@@ -180,7 +181,7 @@ type ImageBuildOptions struct {
 	// at all (nil). See the parsing of buildArgs in
 	// api/server/router/build/build_routes.go for even more info.
 	BuildArgs   map[string]*string
-	AuthConfigs map[string]AuthConfig
+	AuthConfigs map[string]registry.AuthConfig
 	Context     io.Reader
 	Labels      map[string]string
 	// squash the resulting image's layers to the parent
diff --git a/vendor/github.com/docker/docker/api/types/configs.go b/vendor/github.com/docker/docker/api/types/configs.go
index 7689f38b3..7d5930bbe 100644
--- a/vendor/github.com/docker/docker/api/types/configs.go
+++ b/vendor/github.com/docker/docker/api/types/configs.go
@@ -3,7 +3,7 @@ package types // import "github.com/docker/docker/api/types"
 import (
 	"github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/api/types/network"
-	specs "github.com/opencontainers/image-spec/specs-go/v1"
+	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
 )
 
 // configs holds structs used for internal communication between the
@@ -16,7 +16,7 @@ type ContainerCreateConfig struct {
 	Config           *container.Config
 	HostConfig       *container.HostConfig
 	NetworkingConfig *network.NetworkingConfig
-	Platform         *specs.Platform
+	Platform         *ocispec.Platform
 	AdjustCPUShares  bool
 }
 
diff --git a/vendor/github.com/docker/docker/api/types/container/change_response_deprecated.go b/vendor/github.com/docker/docker/api/types/container/change_response_deprecated.go
new file mode 100644
index 000000000..6b4b47390
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/types/container/change_response_deprecated.go
@@ -0,0 +1,6 @@
+package container
+
+// ContainerChangeResponseItem change item in response to ContainerChanges operation
+//
+// Deprecated: use [FilesystemChange].
+type ContainerChangeResponseItem = FilesystemChange
diff --git a/vendor/github.com/docker/docker/api/types/container/change_type.go b/vendor/github.com/docker/docker/api/types/container/change_type.go
new file mode 100644
index 000000000..fe8d6d369
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/types/container/change_type.go
@@ -0,0 +1,15 @@
+package container
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+// ChangeType Kind of change
+//
+// Can be one of:
+//
+// - `0`: Modified ("C")
+// - `1`: Added ("A")
+// - `2`: Deleted ("D")
+//
+// swagger:model ChangeType
+type ChangeType uint8
diff --git a/vendor/github.com/docker/docker/api/types/container/change_types.go b/vendor/github.com/docker/docker/api/types/container/change_types.go
new file mode 100644
index 000000000..3a3a83866
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/types/container/change_types.go
@@ -0,0 +1,23 @@
+package container
+
+const (
+	// ChangeModify represents the modify operation.
+	ChangeModify ChangeType = 0
+	// ChangeAdd represents the add operation.
+	ChangeAdd ChangeType = 1
+	// ChangeDelete represents the delete operation.
+	ChangeDelete ChangeType = 2
+)
+
+func (ct ChangeType) String() string {
+	switch ct {
+	case ChangeModify:
+		return "C"
+	case ChangeAdd:
+		return "A"
+	case ChangeDelete:
+		return "D"
+	default:
+		return ""
+	}
+}
diff --git a/vendor/github.com/docker/docker/api/types/container/container_changes.go b/vendor/github.com/docker/docker/api/types/container/container_changes.go
deleted file mode 100644
index 16dd5019e..000000000
--- a/vendor/github.com/docker/docker/api/types/container/container_changes.go
+++ /dev/null
@@ -1,20 +0,0 @@
-package container // import "github.com/docker/docker/api/types/container"
-
-// ----------------------------------------------------------------------------
-// Code generated by `swagger generate operation`. DO NOT EDIT.
-//
-// See hack/generate-swagger-api.sh
-// ----------------------------------------------------------------------------
-
-// ContainerChangeResponseItem change item in response to ContainerChanges operation
-// swagger:model ContainerChangeResponseItem
-type ContainerChangeResponseItem struct {
-
-	// Kind of change
-	// Required: true
-	Kind uint8 `json:"Kind"`
-
-	// Path to file that has changed
-	// Required: true
-	Path string `json:"Path"`
-}
diff --git a/vendor/github.com/docker/docker/api/types/container/deprecated.go b/vendor/github.com/docker/docker/api/types/container/deprecated.go
deleted file mode 100644
index 0cb70e363..000000000
--- a/vendor/github.com/docker/docker/api/types/container/deprecated.go
+++ /dev/null
@@ -1,16 +0,0 @@
-package container // import "github.com/docker/docker/api/types/container"
-
-// ContainerCreateCreatedBody OK response to ContainerCreate operation
-//
-// Deprecated: use CreateResponse
-type ContainerCreateCreatedBody = CreateResponse
-
-// ContainerWaitOKBody OK response to ContainerWait operation
-//
-// Deprecated: use WaitResponse
-type ContainerWaitOKBody = WaitResponse
-
-// ContainerWaitOKBodyError container waiting error, if any
-//
-// Deprecated: use WaitExitError
-type ContainerWaitOKBodyError = WaitExitError
diff --git a/vendor/github.com/docker/docker/api/types/container/filesystem_change.go b/vendor/github.com/docker/docker/api/types/container/filesystem_change.go
new file mode 100644
index 000000000..9e9c2ad1d
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/types/container/filesystem_change.go
@@ -0,0 +1,19 @@
+package container
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+// FilesystemChange Change in the container's filesystem.
+//
+// swagger:model FilesystemChange
+type FilesystemChange struct {
+
+	// kind
+	// Required: true
+	Kind ChangeType `json:"Kind"`
+
+	// Path to file or directory that has changed.
+	//
+	// Required: true
+	Path string `json:"Path"`
+}
diff --git a/vendor/github.com/docker/docker/api/types/container/host_config.go b/vendor/github.com/docker/docker/api/types/container/hostconfig.go
similarity index 84%
rename from vendor/github.com/docker/docker/api/types/container/host_config.go
rename to vendor/github.com/docker/docker/api/types/container/hostconfig.go
index 100f434ce..d4e6f5537 100644
--- a/vendor/github.com/docker/docker/api/types/container/host_config.go
+++ b/vendor/github.com/docker/docker/api/types/container/hostconfig.go
@@ -101,7 +101,8 @@ func (n IpcMode) IsShareable() bool {
 
 // IsContainer indicates whether the container uses another container's ipc namespace.
 func (n IpcMode) IsContainer() bool {
-	return strings.HasPrefix(string(n), string(IPCModeContainer)+":")
+	_, ok := containerID(string(n))
+	return ok
 }
 
 // IsNone indicates whether container IpcMode is set to "none".
@@ -116,15 +117,14 @@ func (n IpcMode) IsEmpty() bool {
 
 // Valid indicates whether the ipc mode is valid.
 func (n IpcMode) Valid() bool {
+	// TODO(thaJeztah): align with PidMode, and consider container-mode without a container name/ID to be invalid.
 	return n.IsEmpty() || n.IsNone() || n.IsPrivate() || n.IsHost() || n.IsShareable() || n.IsContainer()
 }
 
 // Container returns the name of the container ipc stack is going to be used.
-func (n IpcMode) Container() string {
-	if n.IsContainer() {
-		return strings.TrimPrefix(string(n), string(IPCModeContainer)+":")
-	}
-	return ""
+func (n IpcMode) Container() (idOrName string) {
+	idOrName, _ = containerID(string(n))
+	return idOrName
 }
 
 // NetworkMode represents the container network stack.
@@ -147,17 +147,14 @@ func (n NetworkMode) IsPrivate() bool {
 
 // IsContainer indicates whether container uses a container network stack.
 func (n NetworkMode) IsContainer() bool {
-	parts := strings.SplitN(string(n), ":", 2)
-	return len(parts) > 1 && parts[0] == "container"
+	_, ok := containerID(string(n))
+	return ok
 }
 
 // ConnectedContainer is the id of the container which network this container is connected to.
-func (n NetworkMode) ConnectedContainer() string {
-	parts := strings.SplitN(string(n), ":", 2)
-	if len(parts) > 1 {
-		return parts[1]
-	}
-	return ""
+func (n NetworkMode) ConnectedContainer() (idOrName string) {
+	idOrName, _ = containerID(string(n))
+	return idOrName
 }
 
 // UserDefined indicates user-created network
@@ -178,18 +175,12 @@ func (n UsernsMode) IsHost() bool {
 
 // IsPrivate indicates whether the container uses the a private userns.
 func (n UsernsMode) IsPrivate() bool {
-	return !(n.IsHost())
+	return !n.IsHost()
 }
 
 // Valid indicates whether the userns is valid.
 func (n UsernsMode) Valid() bool {
-	parts := strings.Split(string(n), ":")
-	switch mode := parts[0]; mode {
-	case "", "host":
-	default:
-		return false
-	}
-	return true
+	return n == "" || n.IsHost()
 }
 
 // CgroupSpec represents the cgroup to use for the container.
@@ -197,22 +188,20 @@ type CgroupSpec string
 
 // IsContainer indicates whether the container is using another container cgroup
 func (c CgroupSpec) IsContainer() bool {
-	parts := strings.SplitN(string(c), ":", 2)
-	return len(parts) > 1 && parts[0] == "container"
+	_, ok := containerID(string(c))
+	return ok
 }
 
 // Valid indicates whether the cgroup spec is valid.
 func (c CgroupSpec) Valid() bool {
-	return c.IsContainer() || c == ""
+	// TODO(thaJeztah): align with PidMode, and consider container-mode without a container name/ID to be invalid.
+	return c == "" || c.IsContainer()
 }
 
-// Container returns the name of the container whose cgroup will be used.
-func (c CgroupSpec) Container() string {
-	parts := strings.SplitN(string(c), ":", 2)
-	if len(parts) > 1 {
-		return parts[1]
-	}
-	return ""
+// Container returns the ID or name of the container whose cgroup will be used.
+func (c CgroupSpec) Container() (idOrName string) {
+	idOrName, _ = containerID(string(c))
+	return idOrName
 }
 
 // UTSMode represents the UTS namespace of the container.
@@ -220,7 +209,7 @@ type UTSMode string
 
 // IsPrivate indicates whether the container uses its private UTS namespace.
 func (n UTSMode) IsPrivate() bool {
-	return !(n.IsHost())
+	return !n.IsHost()
 }
 
 // IsHost indicates whether the container uses the host's UTS namespace.
@@ -230,13 +219,7 @@ func (n UTSMode) IsHost() bool {
 
 // Valid indicates whether the UTS namespace is valid.
 func (n UTSMode) Valid() bool {
-	parts := strings.Split(string(n), ":")
-	switch mode := parts[0]; mode {
-	case "", "host":
-	default:
-		return false
-	}
-	return true
+	return n == "" || n.IsHost()
 }
 
 // PidMode represents the pid namespace of the container.
@@ -254,32 +237,19 @@ func (n PidMode) IsHost() bool {
 
 // IsContainer indicates whether the container uses a container's pid namespace.
 func (n PidMode) IsContainer() bool {
-	parts := strings.SplitN(string(n), ":", 2)
-	return len(parts) > 1 && parts[0] == "container"
+	_, ok := containerID(string(n))
+	return ok
 }
 
 // Valid indicates whether the pid namespace is valid.
 func (n PidMode) Valid() bool {
-	parts := strings.Split(string(n), ":")
-	switch mode := parts[0]; mode {
-	case "", "host":
-	case "container":
-		if len(parts) != 2 || parts[1] == "" {
-			return false
-		}
-	default:
-		return false
-	}
-	return true
+	return n == "" || n.IsHost() || validContainer(string(n))
 }
 
 // Container returns the name of the container whose pid namespace is going to be used.
-func (n PidMode) Container() string {
-	parts := strings.SplitN(string(n), ":", 2)
-	if len(parts) > 1 {
-		return parts[1]
-	}
-	return ""
+func (n PidMode) Container() (idOrName string) {
+	idOrName, _ = containerID(string(n))
+	return idOrName
 }
 
 // DeviceRequest represents a request for devices from a device driver.
@@ -408,16 +378,17 @@ type UpdateConfig struct {
 // Portable information *should* appear in Config.
 type HostConfig struct {
 	// Applicable to all platforms
-	Binds           []string      // List of volume bindings for this container
-	ContainerIDFile string        // File (path) where the containerId is written
-	LogConfig       LogConfig     // Configuration of the logs for this container
-	NetworkMode     NetworkMode   // Network mode to use for the container
-	PortBindings    nat.PortMap   // Port mapping between the exposed port (container) and the host
-	RestartPolicy   RestartPolicy // Restart policy to be used for the container
-	AutoRemove      bool          // Automatically remove container when it exits
-	VolumeDriver    string        // Name of the volume driver used to mount volumes
-	VolumesFrom     []string      // List of volumes to take from other container
-	ConsoleSize     [2]uint       // Initial console size (height,width)
+	Binds           []string          // List of volume bindings for this container
+	ContainerIDFile string            // File (path) where the containerId is written
+	LogConfig       LogConfig         // Configuration of the logs for this container
+	NetworkMode     NetworkMode       // Network mode to use for the container
+	PortBindings    nat.PortMap       // Port mapping between the exposed port (container) and the host
+	RestartPolicy   RestartPolicy     // Restart policy to be used for the container
+	AutoRemove      bool              // Automatically remove container when it exits
+	VolumeDriver    string            // Name of the volume driver used to mount volumes
+	VolumesFrom     []string          // List of volumes to take from other container
+	ConsoleSize     [2]uint           // Initial console size (height,width)
+	Annotations     map[string]string `json:",omitempty"` // Arbitrary non-identifying metadata attached to container and provided to the runtime
 
 	// Applicable to UNIX platforms
 	CapAdd          strslice.StrSlice // List of kernel capabilities to add to the container
@@ -463,3 +434,23 @@ type HostConfig struct {
 	// Run a custom init inside the container, if null, use the daemon's configured settings
 	Init *bool `json:",omitempty"`
 }
+
+// containerID splits "container:<ID|name>" values. It returns the container
+// ID or name, and whether an ID/name was found. It returns an empty string and
+// a "false" if the value does not have a "container:" prefix. Further validation
+// of the returned, including checking if the value is empty, should be handled
+// by the caller.
+func containerID(val string) (idOrName string, ok bool) {
+	k, v, hasSep := strings.Cut(val, ":")
+	if !hasSep || k != "container" {
+		return "", false
+	}
+	return v, true
+}
+
+// validContainer checks if the given value is a "container:" mode with
+// a non-empty name/ID.
+func validContainer(val string) bool {
+	id, ok := containerID(val)
+	return ok && id != ""
+}
diff --git a/vendor/github.com/docker/docker/api/types/deprecated.go b/vendor/github.com/docker/docker/api/types/deprecated.go
deleted file mode 100644
index 216d1df0f..000000000
--- a/vendor/github.com/docker/docker/api/types/deprecated.go
+++ /dev/null
@@ -1,14 +0,0 @@
-package types // import "github.com/docker/docker/api/types"
-
-import "github.com/docker/docker/api/types/volume"
-
-// Volume volume
-//
-// Deprecated: use github.com/docker/docker/api/types/volume.Volume
-type Volume = volume.Volume
-
-// VolumeUsageData Usage details about the volume. This information is used by the
-// `GET /system/df` endpoint, and omitted in other endpoints.
-//
-// Deprecated: use github.com/docker/docker/api/types/volume.UsageData
-type VolumeUsageData = volume.UsageData
diff --git a/vendor/github.com/docker/docker/api/types/filters/errors.go b/vendor/github.com/docker/docker/api/types/filters/errors.go
new file mode 100644
index 000000000..f52f69440
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/types/filters/errors.go
@@ -0,0 +1,37 @@
+package filters
+
+import "fmt"
+
+// invalidFilter indicates that the provided filter or its value is invalid
+type invalidFilter struct {
+	Filter string
+	Value  []string
+}
+
+func (e invalidFilter) Error() string {
+	msg := "invalid filter"
+	if e.Filter != "" {
+		msg += " '" + e.Filter
+		if e.Value != nil {
+			msg = fmt.Sprintf("%s=%s", msg, e.Value)
+		}
+		msg += "'"
+	}
+	return msg
+}
+
+// InvalidParameter marks this error as ErrInvalidParameter
+func (e invalidFilter) InvalidParameter() {}
+
+// unreachableCode is an error indicating that the code path was not expected to be reached.
+type unreachableCode struct {
+	Filter string
+	Value  []string
+}
+
+// System marks this error as ErrSystem
+func (e unreachableCode) System() {}
+
+func (e unreachableCode) Error() string {
+	return fmt.Sprintf("unreachable code reached for filter: %q with values: %s", e.Filter, e.Value)
+}
diff --git a/vendor/github.com/docker/docker/api/types/filters/parse.go b/vendor/github.com/docker/docker/api/types/filters/parse.go
index f8fe79407..0c39ab5f1 100644
--- a/vendor/github.com/docker/docker/api/types/filters/parse.go
+++ b/vendor/github.com/docker/docker/api/types/filters/parse.go
@@ -10,7 +10,6 @@ import (
 	"strings"
 
 	"github.com/docker/docker/api/types/versions"
-	"github.com/pkg/errors"
 )
 
 // Args stores a mapping of keys to a set of multiple values.
@@ -99,7 +98,7 @@ func FromJSON(p string) (Args, error) {
 	// Fallback to parsing arguments in the legacy slice format
 	deprecated := map[string][]string{}
 	if legacyErr := json.Unmarshal(raw, &deprecated); legacyErr != nil {
-		return args, invalidFilter{errors.Wrap(err, "invalid filter")}
+		return args, &invalidFilter{}
 	}
 
 	args.fields = deprecatedArgs(deprecated)
@@ -163,13 +162,13 @@ func (args Args) MatchKVList(key string, sources map[string]string) bool {
 	}
 
 	for value := range fieldValues {
-		testKV := strings.SplitN(value, "=", 2)
+		testK, testV, hasValue := strings.Cut(value, "=")
 
-		v, ok := sources[testKV[0]]
+		v, ok := sources[testK]
 		if !ok {
 			return false
 		}
-		if len(testKV) == 2 && testKV[1] != v {
+		if hasValue && testV != v {
 			return false
 		}
 	}
@@ -196,6 +195,38 @@ func (args Args) Match(field, source string) bool {
 	return false
 }
 
+// GetBoolOrDefault returns a boolean value of the key if the key is present
+// and is intepretable as a boolean value. Otherwise the default value is returned.
+// Error is not nil only if the filter values are not valid boolean or are conflicting.
+func (args Args) GetBoolOrDefault(key string, defaultValue bool) (bool, error) {
+	fieldValues, ok := args.fields[key]
+
+	if !ok {
+		return defaultValue, nil
+	}
+
+	if len(fieldValues) == 0 {
+		return defaultValue, &invalidFilter{key, nil}
+	}
+
+	isFalse := fieldValues["0"] || fieldValues["false"]
+	isTrue := fieldValues["1"] || fieldValues["true"]
+
+	conflicting := isFalse && isTrue
+	invalid := !isFalse && !isTrue
+
+	if conflicting || invalid {
+		return defaultValue, &invalidFilter{key, args.Get(key)}
+	} else if isFalse {
+		return false, nil
+	} else if isTrue {
+		return true, nil
+	}
+
+	// This code shouldn't be reached.
+	return defaultValue, &unreachableCode{Filter: key, Value: args.Get(key)}
+}
+
 // ExactMatch returns true if the source matches exactly one of the values.
 func (args Args) ExactMatch(key, source string) bool {
 	fieldValues, ok := args.fields[key]
@@ -246,20 +277,12 @@ func (args Args) Contains(field string) bool {
 	return ok
 }
 
-type invalidFilter struct{ error }
-
-func (e invalidFilter) Error() string {
-	return e.error.Error()
-}
-
-func (invalidFilter) InvalidParameter() {}
-
 // Validate compared the set of accepted keys against the keys in the mapping.
 // An error is returned if any mapping keys are not in the accepted set.
 func (args Args) Validate(accepted map[string]bool) error {
 	for name := range args.fields {
 		if !accepted[name] {
-			return invalidFilter{errors.New("invalid filter '" + name + "'")}
+			return &invalidFilter{name, nil}
 		}
 	}
 	return nil
diff --git a/vendor/github.com/docker/docker/api/types/image/opts.go b/vendor/github.com/docker/docker/api/types/image/opts.go
new file mode 100644
index 000000000..3cefecb0d
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/types/image/opts.go
@@ -0,0 +1,9 @@
+package image
+
+import ocispec "github.com/opencontainers/image-spec/specs-go/v1"
+
+// GetImageOpts holds parameters to inspect an image.
+type GetImageOpts struct {
+	Platform *ocispec.Platform
+	Details  bool
+}
diff --git a/vendor/github.com/docker/docker/api/types/image_summary.go b/vendor/github.com/docker/docker/api/types/image_summary.go
index 90b983a25..0f6f14484 100644
--- a/vendor/github.com/docker/docker/api/types/image_summary.go
+++ b/vendor/github.com/docker/docker/api/types/image_summary.go
@@ -85,13 +85,10 @@ type ImageSummary struct {
 	// Total size of the image including all layers it is composed of.
 	//
 	// In versions of Docker before v1.10, this field was calculated from
-	// the image itself and all of its parent images. Docker v1.10 and up
-	// store images self-contained, and no longer use a parent-chain, making
-	// this field an equivalent of the Size field.
+	// the image itself and all of its parent images. Images are now stored
+	// self-contained, and no longer use a parent-chain, making this field
+	// an equivalent of the Size field.
 	//
-	// This field is kept for backward compatibility, but may be removed in
-	// a future version of the API.
-	//
-	// Required: true
-	VirtualSize int64 `json:"VirtualSize"`
+	// Deprecated: this field is kept for backward compatibility, and will be removed in API v1.44.
+	VirtualSize int64 `json:"VirtualSize,omitempty"`
 }
diff --git a/vendor/github.com/docker/docker/api/types/registry/authconfig.go b/vendor/github.com/docker/docker/api/types/registry/authconfig.go
new file mode 100644
index 000000000..97a924e37
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/types/registry/authconfig.go
@@ -0,0 +1,99 @@
+package registry // import "github.com/docker/docker/api/types/registry"
+import (
+	"encoding/base64"
+	"encoding/json"
+	"io"
+	"strings"
+
+	"github.com/pkg/errors"
+)
+
+// AuthHeader is the name of the header used to send encoded registry
+// authorization credentials for registry operations (push/pull).
+const AuthHeader = "X-Registry-Auth"
+
+// AuthConfig contains authorization information for connecting to a Registry.
+type AuthConfig struct {
+	Username string `json:"username,omitempty"`
+	Password string `json:"password,omitempty"`
+	Auth     string `json:"auth,omitempty"`
+
+	// Email is an optional value associated with the username.
+	// This field is deprecated and will be removed in a later
+	// version of docker.
+	Email string `json:"email,omitempty"`
+
+	ServerAddress string `json:"serveraddress,omitempty"`
+
+	// IdentityToken is used to authenticate the user and get
+	// an access token for the registry.
+	IdentityToken string `json:"identitytoken,omitempty"`
+
+	// RegistryToken is a bearer token to be sent to a registry
+	RegistryToken string `json:"registrytoken,omitempty"`
+}
+
+// EncodeAuthConfig serializes the auth configuration as a base64url encoded
+// RFC4648, section 5) JSON string for sending through the X-Registry-Auth header.
+//
+// For details on base64url encoding, see:
+// - RFC4648, section 5:   https://tools.ietf.org/html/rfc4648#section-5
+func EncodeAuthConfig(authConfig AuthConfig) (string, error) {
+	buf, err := json.Marshal(authConfig)
+	if err != nil {
+		return "", errInvalidParameter{err}
+	}
+	return base64.URLEncoding.EncodeToString(buf), nil
+}
+
+// DecodeAuthConfig decodes base64url encoded (RFC4648, section 5) JSON
+// authentication information as sent through the X-Registry-Auth header.
+//
+// This function always returns an AuthConfig, even if an error occurs. It is up
+// to the caller to decide if authentication is required, and if the error can
+// be ignored.
+//
+// For details on base64url encoding, see:
+// - RFC4648, section 5:   https://tools.ietf.org/html/rfc4648#section-5
+func DecodeAuthConfig(authEncoded string) (*AuthConfig, error) {
+	if authEncoded == "" {
+		return &AuthConfig{}, nil
+	}
+
+	authJSON := base64.NewDecoder(base64.URLEncoding, strings.NewReader(authEncoded))
+	return decodeAuthConfigFromReader(authJSON)
+}
+
+// DecodeAuthConfigBody decodes authentication information as sent as JSON in the
+// body of a request. This function is to provide backward compatibility with old
+// clients and API versions. Current clients and API versions expect authentication
+// to be provided through the X-Registry-Auth header.
+//
+// Like DecodeAuthConfig, this function always returns an AuthConfig, even if an
+// error occurs. It is up to the caller to decide if authentication is required,
+// and if the error can be ignored.
+func DecodeAuthConfigBody(rdr io.ReadCloser) (*AuthConfig, error) {
+	return decodeAuthConfigFromReader(rdr)
+}
+
+func decodeAuthConfigFromReader(rdr io.Reader) (*AuthConfig, error) {
+	authConfig := &AuthConfig{}
+	if err := json.NewDecoder(rdr).Decode(authConfig); err != nil {
+		// always return an (empty) AuthConfig to increase compatibility with
+		// the existing API.
+		return &AuthConfig{}, invalid(err)
+	}
+	return authConfig, nil
+}
+
+func invalid(err error) error {
+	return errInvalidParameter{errors.Wrap(err, "invalid X-Registry-Auth header")}
+}
+
+type errInvalidParameter struct{ error }
+
+func (errInvalidParameter) InvalidParameter() {}
+
+func (e errInvalidParameter) Cause() error { return e.error }
+
+func (e errInvalidParameter) Unwrap() error { return e.error }
diff --git a/vendor/github.com/docker/docker/api/types/registry/registry.go b/vendor/github.com/docker/docker/api/types/registry/registry.go
index 62a88f5be..b83f5d7b2 100644
--- a/vendor/github.com/docker/docker/api/types/registry/registry.go
+++ b/vendor/github.com/docker/docker/api/types/registry/registry.go
@@ -4,7 +4,7 @@ import (
 	"encoding/json"
 	"net"
 
-	v1 "github.com/opencontainers/image-spec/specs-go/v1"
+	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
 )
 
 // ServiceConfig stores daemon registry services configuration.
@@ -113,8 +113,8 @@ type SearchResults struct {
 type DistributionInspect struct {
 	// Descriptor contains information about the manifest, including
 	// the content addressable digest
-	Descriptor v1.Descriptor
+	Descriptor ocispec.Descriptor
 	// Platforms contains the list of platforms supported by the image,
 	// obtained by parsing the manifest
-	Platforms []v1.Platform
+	Platforms []ocispec.Platform
 }
diff --git a/vendor/github.com/docker/docker/api/types/time/timestamp.go b/vendor/github.com/docker/docker/api/types/time/timestamp.go
index 2a74b7a59..cab5c32e3 100644
--- a/vendor/github.com/docker/docker/api/types/time/timestamp.go
+++ b/vendor/github.com/docker/docker/api/types/time/timestamp.go
@@ -95,37 +95,37 @@ func GetTimestamp(value string, reference time.Time) (string, error) {
 	return fmt.Sprintf("%d.%09d", t.Unix(), int64(t.Nanosecond())), nil
 }
 
-// ParseTimestamps returns seconds and nanoseconds from a timestamp that has the
-// format "%d.%09d", time.Unix(), int64(time.Nanosecond()))
-// if the incoming nanosecond portion is longer or shorter than 9 digits it is
-// converted to nanoseconds.  The expectation is that the seconds and
-// seconds will be used to create a time variable.  For example:
+// ParseTimestamps returns seconds and nanoseconds from a timestamp that has
+// the format ("%d.%09d", time.Unix(), int64(time.Nanosecond())).
+// If the incoming nanosecond portion is longer than 9 digits it is truncated.
+// The expectation is that the seconds and nanoseconds will be used to create a
+// time variable.  For example:
 //
-//	seconds, nanoseconds, err := ParseTimestamp("1136073600.000000001",0)
-//	if err == nil since := time.Unix(seconds, nanoseconds)
+//	seconds, nanoseconds, _ := ParseTimestamp("1136073600.000000001",0)
+//	since := time.Unix(seconds, nanoseconds)
 //
-// returns seconds as def(aultSeconds) if value == ""
-func ParseTimestamps(value string, def int64) (int64, int64, error) {
+// returns seconds as defaultSeconds if value == ""
+func ParseTimestamps(value string, defaultSeconds int64) (seconds int64, nanoseconds int64, err error) {
 	if value == "" {
-		return def, 0, nil
+		return defaultSeconds, 0, nil
 	}
 	return parseTimestamp(value)
 }
 
-func parseTimestamp(value string) (int64, int64, error) {
-	sa := strings.SplitN(value, ".", 2)
-	s, err := strconv.ParseInt(sa[0], 10, 64)
+func parseTimestamp(value string) (sec int64, nsec int64, err error) {
+	s, n, ok := strings.Cut(value, ".")
+	sec, err = strconv.ParseInt(s, 10, 64)
 	if err != nil {
-		return s, 0, err
+		return sec, 0, err
 	}
-	if len(sa) != 2 {
-		return s, 0, nil
+	if !ok {
+		return sec, 0, nil
 	}
-	n, err := strconv.ParseInt(sa[1], 10, 64)
+	nsec, err = strconv.ParseInt(n, 10, 64)
 	if err != nil {
-		return s, n, err
+		return sec, nsec, err
 	}
 	// should already be in nanoseconds but just in case convert n to nanoseconds
-	n = int64(float64(n) * math.Pow(float64(10), float64(9-len(sa[1]))))
-	return s, n, nil
+	nsec = int64(float64(nsec) * math.Pow(float64(10), float64(9-len(n))))
+	return sec, nsec, nil
 }
diff --git a/vendor/github.com/docker/docker/api/types/types.go b/vendor/github.com/docker/docker/api/types/types.go
index 036405299..b413e0200 100644
--- a/vendor/github.com/docker/docker/api/types/types.go
+++ b/vendor/github.com/docker/docker/api/types/types.go
@@ -123,9 +123,8 @@ type ImageInspect struct {
 	// store images self-contained, and no longer use a parent-chain, making
 	// this field an equivalent of the Size field.
 	//
-	// This field is kept for backward compatibility, but may be removed in
-	// a future version of the API.
-	VirtualSize int64 // TODO(thaJeztah): deprecate this field
+	// Deprecated: Unused in API 1.43 and up, but kept for backward compatibility with older API versions.
+	VirtualSize int64 `json:"VirtualSize,omitempty"`
 
 	// GraphDriver holds information about the storage driver used to store the
 	// container's and image's filesystem.
@@ -297,8 +296,6 @@ type Info struct {
 	Labels             []string
 	ExperimentalBuild  bool
 	ServerVersion      string
-	ClusterStore       string `json:",omitempty"` // Deprecated: host-discovery and overlay networks with external k/v stores are deprecated
-	ClusterAdvertise   string `json:",omitempty"` // Deprecated: host-discovery and overlay networks with external k/v stores are deprecated
 	Runtimes           map[string]Runtime
 	DefaultRuntime     string
 	Swarm              swarm.Info
@@ -350,20 +347,19 @@ func DecodeSecurityOptions(opts []string) ([]SecurityOpt, error) {
 			continue
 		}
 		secopt := SecurityOpt{}
-		split := strings.Split(opt, ",")
-		for _, s := range split {
-			kv := strings.SplitN(s, "=", 2)
-			if len(kv) != 2 {
+		for _, s := range strings.Split(opt, ",") {
+			k, v, ok := strings.Cut(s, "=")
+			if !ok {
 				return nil, fmt.Errorf("invalid security option %q", s)
 			}
-			if kv[0] == "" || kv[1] == "" {
+			if k == "" || v == "" {
 				return nil, errors.New("invalid empty security option")
 			}
-			if kv[0] == "name" {
-				secopt.Name = kv[1]
+			if k == "name" {
+				secopt.Name = v
 				continue
 			}
-			secopt.Options = append(secopt.Options, KeyValue{Key: kv[0], Value: kv[1]})
+			secopt.Options = append(secopt.Options, KeyValue{Key: k, Value: v})
 		}
 		so = append(so, secopt)
 	}
@@ -656,12 +652,18 @@ type Checkpoint struct {
 
 // Runtime describes an OCI runtime
 type Runtime struct {
-	Path string   `json:"path"`
+	// "Legacy" runtime configuration for runc-compatible runtimes.
+
+	Path string   `json:"path,omitempty"`
 	Args []string `json:"runtimeArgs,omitempty"`
 
+	// Shimv2 runtime configuration. Mutually exclusive with the legacy config above.
+
+	Type    string                 `json:"runtimeType,omitempty"`
+	Options map[string]interface{} `json:"options,omitempty"`
+
 	// This is exposed here only for internal use
-	// It is not currently supported to specify custom shim configs
-	Shim *ShimConfig `json:"-"`
+	ShimConfig *ShimConfig `json:"-"`
 }
 
 // ShimConfig is used by runtime to configure containerd shims
diff --git a/vendor/github.com/docker/docker/api/types/versions/compare.go b/vendor/github.com/docker/docker/api/types/versions/compare.go
index 489e917ee..621725a36 100644
--- a/vendor/github.com/docker/docker/api/types/versions/compare.go
+++ b/vendor/github.com/docker/docker/api/types/versions/compare.go
@@ -16,11 +16,11 @@ func compare(v1, v2 string) int {
 		otherTab = strings.Split(v2, ".")
 	)
 
-	max := len(currTab)
-	if len(otherTab) > max {
-		max = len(otherTab)
+	maxVer := len(currTab)
+	if len(otherTab) > maxVer {
+		maxVer = len(otherTab)
 	}
-	for i := 0; i < max; i++ {
+	for i := 0; i < maxVer; i++ {
 		var currInt, otherInt int
 
 		if len(currTab) > i {
diff --git a/vendor/github.com/docker/docker/api/types/volume/deprecated.go b/vendor/github.com/docker/docker/api/types/volume/deprecated.go
deleted file mode 100644
index ab622d8cc..000000000
--- a/vendor/github.com/docker/docker/api/types/volume/deprecated.go
+++ /dev/null
@@ -1,11 +0,0 @@
-package volume // import "github.com/docker/docker/api/types/volume"
-
-// VolumeCreateBody Volume configuration
-//
-// Deprecated: use CreateOptions
-type VolumeCreateBody = CreateOptions
-
-// VolumeListOKBody Volume list response
-//
-// Deprecated: use ListResponse
-type VolumeListOKBody = ListResponse
diff --git a/vendor/github.com/docker/docker/client/build_prune.go b/vendor/github.com/docker/docker/client/build_prune.go
index 397d67cdc..2b6606236 100644
--- a/vendor/github.com/docker/docker/client/build_prune.go
+++ b/vendor/github.com/docker/docker/client/build_prune.go
@@ -3,8 +3,8 @@ package client // import "github.com/docker/docker/client"
 import (
 	"context"
 	"encoding/json"
-	"fmt"
 	"net/url"
+	"strconv"
 
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/filters"
@@ -23,12 +23,12 @@ func (cli *Client) BuildCachePrune(ctx context.Context, opts types.BuildCachePru
 	if opts.All {
 		query.Set("all", "1")
 	}
-	query.Set("keep-storage", fmt.Sprintf("%d", opts.KeepStorage))
-	filters, err := filters.ToJSON(opts.Filters)
+	query.Set("keep-storage", strconv.Itoa(int(opts.KeepStorage)))
+	f, err := filters.ToJSON(opts.Filters)
 	if err != nil {
 		return nil, errors.Wrap(err, "prune could not marshal filters option")
 	}
-	query.Set("filters", filters)
+	query.Set("filters", f)
 
 	serverResp, err := cli.post(ctx, "/build/prune", query, nil, nil)
 	defer ensureReaderClosed(serverResp)
@@ -38,7 +38,7 @@ func (cli *Client) BuildCachePrune(ctx context.Context, opts types.BuildCachePru
 	}
 
 	if err := json.NewDecoder(serverResp.body).Decode(&report); err != nil {
-		return nil, fmt.Errorf("Error retrieving disk usage: %v", err)
+		return nil, errors.Wrap(err, "error retrieving disk usage")
 	}
 
 	return &report, nil
diff --git a/vendor/github.com/docker/docker/client/client.go b/vendor/github.com/docker/docker/client/client.go
index 09ea4851f..54fa36cca 100644
--- a/vendor/github.com/docker/docker/client/client.go
+++ b/vendor/github.com/docker/docker/client/client.go
@@ -56,6 +56,36 @@ import (
 	"github.com/pkg/errors"
 )
 
+// DummyHost is a hostname used for local communication.
+//
+// It acts as a valid formatted hostname for local connections (such as "unix://"
+// or "npipe://") which do not require a hostname. It should never be resolved,
+// but uses the special-purpose ".localhost" TLD (as defined in [RFC 2606, Section 2]
+// and [RFC 6761, Section 6.3]).
+//
+// [RFC 7230, Section 5.4] defines that an empty header must be used for such
+// cases:
+//
+//	If the authority component is missing or undefined for the target URI,
+//	then a client MUST send a Host header field with an empty field-value.
+//
+// However, [Go stdlib] enforces the semantics of HTTP(S) over TCP, does not
+// allow an empty header to be used, and requires req.URL.Scheme to be either
+// "http" or "https".
+//
+// For further details, refer to:
+//
+//   - https://github.com/docker/engine-api/issues/189
+//   - https://github.com/golang/go/issues/13624
+//   - https://github.com/golang/go/issues/61076
+//   - https://github.com/moby/moby/issues/45935
+//
+// [RFC 2606, Section 2]: https://www.rfc-editor.org/rfc/rfc2606.html#section-2
+// [RFC 6761, Section 6.3]: https://www.rfc-editor.org/rfc/rfc6761#section-6.3
+// [RFC 7230, Section 5.4]: https://datatracker.ietf.org/doc/html/rfc7230#section-5.4
+// [Go stdlib]: https://github.com/golang/go/blob/6244b1946bc2101b01955468f1be502dbadd6807/src/net/http/transport.go#L558-L569
+const DummyHost = "api.moby.localhost"
+
 // ErrRedirect is the error returned by checkRedirect when the request is non-GET.
 var ErrRedirect = errors.New("unexpected redirect in response")
 
@@ -126,7 +156,12 @@ func CheckRedirect(req *http.Request, via []*http.Request) error {
 //		client.WithAPIVersionNegotiation(),
 //	)
 func NewClientWithOpts(ops ...Opt) (*Client, error) {
-	client, err := defaultHTTPClient(DefaultDockerHost)
+	hostURL, err := ParseHostURL(DefaultDockerHost)
+	if err != nil {
+		return nil, err
+	}
+
+	client, err := defaultHTTPClient(hostURL)
 	if err != nil {
 		return nil, err
 	}
@@ -134,8 +169,8 @@ func NewClientWithOpts(ops ...Opt) (*Client, error) {
 		host:    DefaultDockerHost,
 		version: api.DefaultVersion,
 		client:  client,
-		proto:   defaultProto,
-		addr:    defaultAddr,
+		proto:   hostURL.Scheme,
+		addr:    hostURL.Host,
 	}
 
 	for _, op := range ops {
@@ -161,13 +196,12 @@ func NewClientWithOpts(ops ...Opt) (*Client, error) {
 	return c, nil
 }
 
-func defaultHTTPClient(host string) (*http.Client, error) {
-	hostURL, err := ParseHostURL(host)
+func defaultHTTPClient(hostURL *url.URL) (*http.Client, error) {
+	transport := &http.Transport{}
+	err := sockets.ConfigureTransport(transport, hostURL.Scheme, hostURL.Host)
 	if err != nil {
 		return nil, err
 	}
-	transport := &http.Transport{}
-	_ = sockets.ConfigureTransport(transport, hostURL.Scheme, hostURL.Host)
 	return &http.Client{
 		Transport:     transport,
 		CheckRedirect: CheckRedirect,
@@ -283,13 +317,12 @@ func (cli *Client) HTTPClient() *http.Client {
 // ParseHostURL parses a url string, validates the string is a host url, and
 // returns the parsed URL
 func ParseHostURL(host string) (*url.URL, error) {
-	protoAddrParts := strings.SplitN(host, "://", 2)
-	if len(protoAddrParts) == 1 {
+	proto, addr, ok := strings.Cut(host, "://")
+	if !ok || addr == "" {
 		return nil, errors.Errorf("unable to parse docker host `%s`", host)
 	}
 
 	var basePath string
-	proto, addr := protoAddrParts[0], protoAddrParts[1]
 	if proto == "tcp" {
 		parsed, err := url.Parse("tcp://" + addr)
 		if err != nil {
diff --git a/vendor/github.com/docker/docker/client/client_unix.go b/vendor/github.com/docker/docker/client/client_unix.go
index f0783f708..319b738d3 100644
--- a/vendor/github.com/docker/docker/client/client_unix.go
+++ b/vendor/github.com/docker/docker/client/client_unix.go
@@ -1,11 +1,8 @@
-//go:build linux || freebsd || openbsd || netbsd || darwin || solaris || illumos || dragonfly
-// +build linux freebsd openbsd netbsd darwin solaris illumos dragonfly
+//go:build !windows
+// +build !windows
 
 package client // import "github.com/docker/docker/client"
 
 // DefaultDockerHost defines OS-specific default host if the DOCKER_HOST
 // (EnvOverrideHost) environment variable is unset or empty.
 const DefaultDockerHost = "unix:///var/run/docker.sock"
-
-const defaultProto = "unix"
-const defaultAddr = "/var/run/docker.sock"
diff --git a/vendor/github.com/docker/docker/client/client_windows.go b/vendor/github.com/docker/docker/client/client_windows.go
index 5abe60457..56572d1a2 100644
--- a/vendor/github.com/docker/docker/client/client_windows.go
+++ b/vendor/github.com/docker/docker/client/client_windows.go
@@ -3,6 +3,3 @@ package client // import "github.com/docker/docker/client"
 // DefaultDockerHost defines OS-specific default host if the DOCKER_HOST
 // (EnvOverrideHost) environment variable is unset or empty.
 const DefaultDockerHost = "npipe:////./pipe/docker_engine"
-
-const defaultProto = "npipe"
-const defaultAddr = "//./pipe/docker_engine"
diff --git a/vendor/github.com/docker/docker/client/container_create.go b/vendor/github.com/docker/docker/client/container_create.go
index f82420b67..193a2bb56 100644
--- a/vendor/github.com/docker/docker/client/container_create.go
+++ b/vendor/github.com/docker/docker/client/container_create.go
@@ -9,7 +9,7 @@ import (
 	"github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/api/types/network"
 	"github.com/docker/docker/api/types/versions"
-	specs "github.com/opencontainers/image-spec/specs-go/v1"
+	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
 )
 
 type configWrapper struct {
@@ -20,7 +20,7 @@ type configWrapper struct {
 
 // ContainerCreate creates a new container based on the given configuration.
 // It can be associated with a name, but it's not mandatory.
-func (cli *Client) ContainerCreate(ctx context.Context, config *container.Config, hostConfig *container.HostConfig, networkingConfig *network.NetworkingConfig, platform *specs.Platform, containerName string) (container.CreateResponse, error) {
+func (cli *Client) ContainerCreate(ctx context.Context, config *container.Config, hostConfig *container.HostConfig, networkingConfig *network.NetworkingConfig, platform *ocispec.Platform, containerName string) (container.CreateResponse, error) {
 	var response container.CreateResponse
 
 	if err := cli.NewVersionError("1.25", "stop timeout"); config != nil && config.StopTimeout != nil && err != nil {
@@ -75,7 +75,7 @@ func (cli *Client) ContainerCreate(ctx context.Context, config *container.Config
 // Similar to containerd's platforms.Format(), but does allow components to be
 // omitted (e.g. pass "architecture" only, without "os":
 // https://github.com/containerd/containerd/blob/v1.5.2/platforms/platforms.go#L243-L263
-func formatPlatform(platform *specs.Platform) string {
+func formatPlatform(platform *ocispec.Platform) string {
 	if platform == nil {
 		return ""
 	}
diff --git a/vendor/github.com/docker/docker/client/container_diff.go b/vendor/github.com/docker/docker/client/container_diff.go
index 29dac8491..c22c819a7 100644
--- a/vendor/github.com/docker/docker/client/container_diff.go
+++ b/vendor/github.com/docker/docker/client/container_diff.go
@@ -9,8 +9,8 @@ import (
 )
 
 // ContainerDiff shows differences in a container filesystem since it was started.
-func (cli *Client) ContainerDiff(ctx context.Context, containerID string) ([]container.ContainerChangeResponseItem, error) {
-	var changes []container.ContainerChangeResponseItem
+func (cli *Client) ContainerDiff(ctx context.Context, containerID string) ([]container.FilesystemChange, error) {
+	var changes []container.FilesystemChange
 
 	serverResp, err := cli.get(ctx, "/containers/"+containerID+"/changes", url.Values{}, nil)
 	defer ensureReaderClosed(serverResp)
diff --git a/vendor/github.com/docker/docker/client/distribution_inspect.go b/vendor/github.com/docker/docker/client/distribution_inspect.go
index 7f36c99a0..efab066d3 100644
--- a/vendor/github.com/docker/docker/client/distribution_inspect.go
+++ b/vendor/github.com/docker/docker/client/distribution_inspect.go
@@ -5,13 +5,13 @@ import (
 	"encoding/json"
 	"net/url"
 
-	registrytypes "github.com/docker/docker/api/types/registry"
+	"github.com/docker/docker/api/types/registry"
 )
 
 // DistributionInspect returns the image digest with the full manifest.
-func (cli *Client) DistributionInspect(ctx context.Context, image, encodedRegistryAuth string) (registrytypes.DistributionInspect, error) {
+func (cli *Client) DistributionInspect(ctx context.Context, image, encodedRegistryAuth string) (registry.DistributionInspect, error) {
 	// Contact the registry to retrieve digest and platform information
-	var distributionInspect registrytypes.DistributionInspect
+	var distributionInspect registry.DistributionInspect
 	if image == "" {
 		return distributionInspect, objectNotFoundError{object: "distribution", id: image}
 	}
@@ -23,7 +23,7 @@ func (cli *Client) DistributionInspect(ctx context.Context, image, encodedRegist
 
 	if encodedRegistryAuth != "" {
 		headers = map[string][]string{
-			"X-Registry-Auth": {encodedRegistryAuth},
+			registry.AuthHeader: {encodedRegistryAuth},
 		}
 	}
 
diff --git a/vendor/github.com/docker/docker/client/errors.go b/vendor/github.com/docker/docker/client/errors.go
index e5a8a865f..6878144c4 100644
--- a/vendor/github.com/docker/docker/client/errors.go
+++ b/vendor/github.com/docker/docker/client/errors.go
@@ -58,31 +58,6 @@ func (e objectNotFoundError) Error() string {
 	return fmt.Sprintf("Error: No such %s: %s", e.object, e.id)
 }
 
-// IsErrUnauthorized returns true if the error is caused
-// when a remote registry authentication fails
-//
-// Deprecated: use errdefs.IsUnauthorized
-func IsErrUnauthorized(err error) bool {
-	return errdefs.IsUnauthorized(err)
-}
-
-type pluginPermissionDenied struct {
-	name string
-}
-
-func (e pluginPermissionDenied) Error() string {
-	return "Permission denied while installing plugin " + e.name
-}
-
-// IsErrNotImplemented returns true if the error is a NotImplemented error.
-// This is returned by the API when a requested feature has not been
-// implemented.
-//
-// Deprecated: use errdefs.IsNotImplemented
-func IsErrNotImplemented(err error) bool {
-	return errdefs.IsNotImplemented(err)
-}
-
 // NewVersionError returns an error if the APIVersion required
 // if less than the current supported version
 func (cli *Client) NewVersionError(APIrequired, feature string) error {
diff --git a/vendor/github.com/docker/docker/client/hijack.go b/vendor/github.com/docker/docker/client/hijack.go
index 6bdacab10..7e84865f6 100644
--- a/vendor/github.com/docker/docker/client/hijack.go
+++ b/vendor/github.com/docker/docker/client/hijack.go
@@ -23,14 +23,10 @@ func (cli *Client) postHijacked(ctx context.Context, path string, query url.Valu
 	if err != nil {
 		return types.HijackedResponse{}, err
 	}
-
-	apiPath := cli.getAPIPath(ctx, path, query)
-	req, err := http.NewRequest(http.MethodPost, apiPath, bodyEncoded)
+	req, err := cli.buildRequest(http.MethodPost, cli.getAPIPath(ctx, path, query), bodyEncoded, headers)
 	if err != nil {
 		return types.HijackedResponse{}, err
 	}
-	req = cli.addHeaders(req, headers)
-
 	conn, mediaType, err := cli.setupHijackConn(ctx, req, "tcp")
 	if err != nil {
 		return types.HijackedResponse{}, err
@@ -64,7 +60,6 @@ func fallbackDial(proto, addr string, tlsConfig *tls.Config) (net.Conn, error) {
 }
 
 func (cli *Client) setupHijackConn(ctx context.Context, req *http.Request, proto string) (net.Conn, string, error) {
-	req.Host = cli.addr
 	req.Header.Set("Connection", "Upgrade")
 	req.Header.Set("Upgrade", proto)
 
@@ -80,8 +75,8 @@ func (cli *Client) setupHijackConn(ctx context.Context, req *http.Request, proto
 	// state. Setting TCP KeepAlive on the socket connection will prohibit
 	// ECONNTIMEOUT unless the socket connection truly is broken
 	if tcpConn, ok := conn.(*net.TCPConn); ok {
-		tcpConn.SetKeepAlive(true)
-		tcpConn.SetKeepAlivePeriod(30 * time.Second)
+		_ = tcpConn.SetKeepAlive(true)
+		_ = tcpConn.SetKeepAlivePeriod(30 * time.Second)
 	}
 
 	clientconn := httputil.NewClientConn(conn, nil)
@@ -96,7 +91,7 @@ func (cli *Client) setupHijackConn(ctx context.Context, req *http.Request, proto
 			return nil, "", err
 		}
 		if resp.StatusCode != http.StatusSwitchingProtocols {
-			resp.Body.Close()
+			_ = resp.Body.Close()
 			return nil, "", fmt.Errorf("unable to upgrade to %s, received %d", proto, resp.StatusCode)
 		}
 	}
diff --git a/vendor/github.com/docker/docker/client/image_create.go b/vendor/github.com/docker/docker/client/image_create.go
index b1c022777..6a9b708f7 100644
--- a/vendor/github.com/docker/docker/client/image_create.go
+++ b/vendor/github.com/docker/docker/client/image_create.go
@@ -8,6 +8,7 @@ import (
 
 	"github.com/docker/distribution/reference"
 	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/registry"
 )
 
 // ImageCreate creates a new image based on the parent options.
@@ -32,6 +33,6 @@ func (cli *Client) ImageCreate(ctx context.Context, parentReference string, opti
 }
 
 func (cli *Client) tryImageCreate(ctx context.Context, query url.Values, registryAuth string) (serverResponse, error) {
-	headers := map[string][]string{"X-Registry-Auth": {registryAuth}}
+	headers := map[string][]string{registry.AuthHeader: {registryAuth}}
 	return cli.post(ctx, "/images/create", query, nil, headers)
 }
diff --git a/vendor/github.com/docker/docker/client/image_push.go b/vendor/github.com/docker/docker/client/image_push.go
index 845580d4a..dd1b8f347 100644
--- a/vendor/github.com/docker/docker/client/image_push.go
+++ b/vendor/github.com/docker/docker/client/image_push.go
@@ -8,6 +8,7 @@ import (
 
 	"github.com/docker/distribution/reference"
 	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/registry"
 	"github.com/docker/docker/errdefs"
 )
 
@@ -49,6 +50,6 @@ func (cli *Client) ImagePush(ctx context.Context, image string, options types.Im
 }
 
 func (cli *Client) tryImagePush(ctx context.Context, imageID string, query url.Values, registryAuth string) (serverResponse, error) {
-	headers := map[string][]string{"X-Registry-Auth": {registryAuth}}
+	headers := map[string][]string{registry.AuthHeader: {registryAuth}}
 	return cli.post(ctx, "/images/"+imageID+"/push", query, nil, headers)
 }
diff --git a/vendor/github.com/docker/docker/client/image_search.go b/vendor/github.com/docker/docker/client/image_search.go
index e69fa3722..5f0c49ed3 100644
--- a/vendor/github.com/docker/docker/client/image_search.go
+++ b/vendor/github.com/docker/docker/client/image_search.go
@@ -48,6 +48,6 @@ func (cli *Client) ImageSearch(ctx context.Context, term string, options types.I
 }
 
 func (cli *Client) tryImageSearch(ctx context.Context, query url.Values, registryAuth string) (serverResponse, error) {
-	headers := map[string][]string{"X-Registry-Auth": {registryAuth}}
+	headers := map[string][]string{registry.AuthHeader: {registryAuth}}
 	return cli.get(ctx, "/images/search", query, headers)
 }
diff --git a/vendor/github.com/docker/docker/client/interface.go b/vendor/github.com/docker/docker/client/interface.go
index e9c1ed722..7993c5a48 100644
--- a/vendor/github.com/docker/docker/client/interface.go
+++ b/vendor/github.com/docker/docker/client/interface.go
@@ -15,7 +15,7 @@ import (
 	"github.com/docker/docker/api/types/registry"
 	"github.com/docker/docker/api/types/swarm"
 	"github.com/docker/docker/api/types/volume"
-	specs "github.com/opencontainers/image-spec/specs-go/v1"
+	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
 )
 
 // CommonAPIClient is the common methods between stable and experimental versions of APIClient.
@@ -47,8 +47,8 @@ type CommonAPIClient interface {
 type ContainerAPIClient interface {
 	ContainerAttach(ctx context.Context, container string, options types.ContainerAttachOptions) (types.HijackedResponse, error)
 	ContainerCommit(ctx context.Context, container string, options types.ContainerCommitOptions) (types.IDResponse, error)
-	ContainerCreate(ctx context.Context, config *container.Config, hostConfig *container.HostConfig, networkingConfig *network.NetworkingConfig, platform *specs.Platform, containerName string) (container.CreateResponse, error)
-	ContainerDiff(ctx context.Context, container string) ([]container.ContainerChangeResponseItem, error)
+	ContainerCreate(ctx context.Context, config *container.Config, hostConfig *container.HostConfig, networkingConfig *network.NetworkingConfig, platform *ocispec.Platform, containerName string) (container.CreateResponse, error)
+	ContainerDiff(ctx context.Context, container string) ([]container.FilesystemChange, error)
 	ContainerExecAttach(ctx context.Context, execID string, config types.ExecStartCheck) (types.HijackedResponse, error)
 	ContainerExecCreate(ctx context.Context, container string, config types.ExecConfig) (types.IDResponse, error)
 	ContainerExecInspect(ctx context.Context, execID string) (types.ContainerExecInspect, error)
@@ -166,7 +166,7 @@ type SwarmAPIClient interface {
 type SystemAPIClient interface {
 	Events(ctx context.Context, options types.EventsOptions) (<-chan events.Message, <-chan error)
 	Info(ctx context.Context) (types.Info, error)
-	RegistryLogin(ctx context.Context, auth types.AuthConfig) (registry.AuthenticateOKBody, error)
+	RegistryLogin(ctx context.Context, auth registry.AuthConfig) (registry.AuthenticateOKBody, error)
 	DiskUsage(ctx context.Context, options types.DiskUsageOptions) (types.DiskUsage, error)
 	Ping(ctx context.Context) (types.Ping, error)
 }
@@ -176,7 +176,7 @@ type VolumeAPIClient interface {
 	VolumeCreate(ctx context.Context, options volume.CreateOptions) (volume.Volume, error)
 	VolumeInspect(ctx context.Context, volumeID string) (volume.Volume, error)
 	VolumeInspectWithRaw(ctx context.Context, volumeID string) (volume.Volume, []byte, error)
-	VolumeList(ctx context.Context, filter filters.Args) (volume.ListResponse, error)
+	VolumeList(ctx context.Context, options volume.ListOptions) (volume.ListResponse, error)
 	VolumeRemove(ctx context.Context, volumeID string, force bool) error
 	VolumesPrune(ctx context.Context, pruneFilter filters.Args) (types.VolumesPruneReport, error)
 	VolumeUpdate(ctx context.Context, volumeID string, version swarm.Version, options volume.UpdateOptions) error
diff --git a/vendor/github.com/docker/docker/client/login.go b/vendor/github.com/docker/docker/client/login.go
index f05852063..19e985e0b 100644
--- a/vendor/github.com/docker/docker/client/login.go
+++ b/vendor/github.com/docker/docker/client/login.go
@@ -5,13 +5,12 @@ import (
 	"encoding/json"
 	"net/url"
 
-	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/registry"
 )
 
 // RegistryLogin authenticates the docker server with a given docker registry.
 // It returns unauthorizedError when the authentication fails.
-func (cli *Client) RegistryLogin(ctx context.Context, auth types.AuthConfig) (registry.AuthenticateOKBody, error) {
+func (cli *Client) RegistryLogin(ctx context.Context, auth registry.AuthConfig) (registry.AuthenticateOKBody, error) {
 	resp, err := cli.post(ctx, "/auth", url.Values{}, auth, nil)
 	defer ensureReaderClosed(resp)
 
diff --git a/vendor/github.com/docker/docker/client/ping.go b/vendor/github.com/docker/docker/client/ping.go
index 27e8695cb..347ae71e0 100644
--- a/vendor/github.com/docker/docker/client/ping.go
+++ b/vendor/github.com/docker/docker/client/ping.go
@@ -64,10 +64,10 @@ func parsePingResponse(cli *Client, resp serverResponse) (types.Ping, error) {
 		ping.BuilderVersion = types.BuilderVersion(bv)
 	}
 	if si := resp.header.Get("Swarm"); si != "" {
-		parts := strings.SplitN(si, "/", 2)
+		state, role, _ := strings.Cut(si, "/")
 		ping.SwarmStatus = &swarm.Status{
-			NodeState:        swarm.LocalNodeState(parts[0]),
-			ControlAvailable: len(parts) == 2 && parts[1] == "manager",
+			NodeState:        swarm.LocalNodeState(state),
+			ControlAvailable: role == "manager",
 		}
 	}
 	err := cli.checkResponseErr(resp)
diff --git a/vendor/github.com/docker/docker/client/plugin_install.go b/vendor/github.com/docker/docker/client/plugin_install.go
index 012afe61c..3a740ec4f 100644
--- a/vendor/github.com/docker/docker/client/plugin_install.go
+++ b/vendor/github.com/docker/docker/client/plugin_install.go
@@ -8,6 +8,7 @@ import (
 
 	"github.com/docker/distribution/reference"
 	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/registry"
 	"github.com/docker/docker/errdefs"
 	"github.com/pkg/errors"
 )
@@ -67,12 +68,12 @@ func (cli *Client) PluginInstall(ctx context.Context, name string, options types
 }
 
 func (cli *Client) tryPluginPrivileges(ctx context.Context, query url.Values, registryAuth string) (serverResponse, error) {
-	headers := map[string][]string{"X-Registry-Auth": {registryAuth}}
+	headers := map[string][]string{registry.AuthHeader: {registryAuth}}
 	return cli.get(ctx, "/plugins/privileges", query, headers)
 }
 
 func (cli *Client) tryPluginPull(ctx context.Context, query url.Values, privileges types.PluginPrivileges, registryAuth string) (serverResponse, error) {
-	headers := map[string][]string{"X-Registry-Auth": {registryAuth}}
+	headers := map[string][]string{registry.AuthHeader: {registryAuth}}
 	return cli.post(ctx, "/plugins/pull", query, privileges, headers)
 }
 
@@ -106,7 +107,7 @@ func (cli *Client) checkPluginPermissions(ctx context.Context, query url.Values,
 			return nil, err
 		}
 		if !accept {
-			return nil, pluginPermissionDenied{options.RemoteRef}
+			return nil, errors.Errorf("permission denied while installing plugin %s", options.RemoteRef)
 		}
 	}
 	return privileges, nil
diff --git a/vendor/github.com/docker/docker/client/plugin_push.go b/vendor/github.com/docker/docker/client/plugin_push.go
index d20bfe844..18f9754c4 100644
--- a/vendor/github.com/docker/docker/client/plugin_push.go
+++ b/vendor/github.com/docker/docker/client/plugin_push.go
@@ -3,11 +3,13 @@ package client // import "github.com/docker/docker/client"
 import (
 	"context"
 	"io"
+
+	"github.com/docker/docker/api/types/registry"
 )
 
 // PluginPush pushes a plugin to a registry
 func (cli *Client) PluginPush(ctx context.Context, name string, registryAuth string) (io.ReadCloser, error) {
-	headers := map[string][]string{"X-Registry-Auth": {registryAuth}}
+	headers := map[string][]string{registry.AuthHeader: {registryAuth}}
 	resp, err := cli.post(ctx, "/plugins/"+name+"/push", nil, nil, headers)
 	if err != nil {
 		return nil, err
diff --git a/vendor/github.com/docker/docker/client/plugin_upgrade.go b/vendor/github.com/docker/docker/client/plugin_upgrade.go
index 115cea945..995d1fd2c 100644
--- a/vendor/github.com/docker/docker/client/plugin_upgrade.go
+++ b/vendor/github.com/docker/docker/client/plugin_upgrade.go
@@ -7,6 +7,7 @@ import (
 
 	"github.com/docker/distribution/reference"
 	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/registry"
 	"github.com/pkg/errors"
 )
 
@@ -34,6 +35,6 @@ func (cli *Client) PluginUpgrade(ctx context.Context, name string, options types
 }
 
 func (cli *Client) tryPluginUpgrade(ctx context.Context, query url.Values, privileges types.PluginPrivileges, name, registryAuth string) (serverResponse, error) {
-	headers := map[string][]string{"X-Registry-Auth": {registryAuth}}
+	headers := map[string][]string{registry.AuthHeader: {registryAuth}}
 	return cli.post(ctx, "/plugins/"+name+"/upgrade", query, privileges, headers)
 }
diff --git a/vendor/github.com/docker/docker/client/request.go b/vendor/github.com/docker/docker/client/request.go
index c799095c1..bcedcf3bd 100644
--- a/vendor/github.com/docker/docker/client/request.go
+++ b/vendor/github.com/docker/docker/client/request.go
@@ -96,16 +96,14 @@ func (cli *Client) buildRequest(method, path string, body io.Reader, headers hea
 		return nil, err
 	}
 	req = cli.addHeaders(req, headers)
+	req.URL.Scheme = cli.scheme
+	req.URL.Host = cli.addr
 
 	if cli.proto == "unix" || cli.proto == "npipe" {
-		// For local communications, it doesn't matter what the host is. We just
-		// need a valid and meaningful host name. (See #189)
-		req.Host = "docker"
+		// Override host header for non-tcp connections.
+		req.Host = DummyHost
 	}
 
-	req.URL.Host = cli.addr
-	req.URL.Scheme = cli.scheme
-
 	if expectedPayload && req.Header.Get("Content-Type") == "" {
 		req.Header.Set("Content-Type", "text/plain")
 	}
diff --git a/vendor/github.com/docker/docker/client/service_create.go b/vendor/github.com/docker/docker/client/service_create.go
index 23024d0f8..b6065b8ee 100644
--- a/vendor/github.com/docker/docker/client/service_create.go
+++ b/vendor/github.com/docker/docker/client/service_create.go
@@ -8,6 +8,7 @@ import (
 
 	"github.com/docker/distribution/reference"
 	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/registry"
 	"github.com/docker/docker/api/types/swarm"
 	"github.com/opencontainers/go-digest"
 	"github.com/pkg/errors"
@@ -21,7 +22,7 @@ func (cli *Client) ServiceCreate(ctx context.Context, service swarm.ServiceSpec,
 	}
 
 	if options.EncodedRegistryAuth != "" {
-		headers["X-Registry-Auth"] = []string{options.EncodedRegistryAuth}
+		headers[registry.AuthHeader] = []string{options.EncodedRegistryAuth}
 	}
 
 	// Make sure containerSpec is not nil when no runtime is set or the runtime is set to container
diff --git a/vendor/github.com/docker/docker/client/service_update.go b/vendor/github.com/docker/docker/client/service_update.go
index 8014b8625..ff8cded8b 100644
--- a/vendor/github.com/docker/docker/client/service_update.go
+++ b/vendor/github.com/docker/docker/client/service_update.go
@@ -6,6 +6,7 @@ import (
 	"net/url"
 
 	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/registry"
 	"github.com/docker/docker/api/types/swarm"
 )
 
@@ -23,7 +24,7 @@ func (cli *Client) ServiceUpdate(ctx context.Context, serviceID string, version
 	}
 
 	if options.EncodedRegistryAuth != "" {
-		headers["X-Registry-Auth"] = []string{options.EncodedRegistryAuth}
+		headers[registry.AuthHeader] = []string{options.EncodedRegistryAuth}
 	}
 
 	if options.RegistryAuthFrom != "" {
diff --git a/vendor/github.com/docker/docker/client/volume_list.go b/vendor/github.com/docker/docker/client/volume_list.go
index d8204f8db..d5ea9827c 100644
--- a/vendor/github.com/docker/docker/client/volume_list.go
+++ b/vendor/github.com/docker/docker/client/volume_list.go
@@ -10,13 +10,13 @@ import (
 )
 
 // VolumeList returns the volumes configured in the docker host.
-func (cli *Client) VolumeList(ctx context.Context, filter filters.Args) (volume.ListResponse, error) {
+func (cli *Client) VolumeList(ctx context.Context, options volume.ListOptions) (volume.ListResponse, error) {
 	var volumes volume.ListResponse
 	query := url.Values{}
 
-	if filter.Len() > 0 {
+	if options.Filters.Len() > 0 {
 		//nolint:staticcheck // ignore SA1019 for old code
-		filterJSON, err := filters.ToParamWithVersion(cli.version, filter)
+		filterJSON, err := filters.ToParamWithVersion(cli.version, options.Filters)
 		if err != nil {
 			return volumes, err
 		}
diff --git a/vendor/github.com/docker/docker/pkg/homedir/homedir_linux.go b/vendor/github.com/docker/docker/pkg/homedir/homedir_linux.go
index 7df039b4c..ded1c7c8c 100644
--- a/vendor/github.com/docker/docker/pkg/homedir/homedir_linux.go
+++ b/vendor/github.com/docker/docker/pkg/homedir/homedir_linux.go
@@ -64,13 +64,14 @@ func stick(f string) error {
 
 // GetDataHome returns XDG_DATA_HOME.
 // GetDataHome returns $HOME/.local/share and nil error if XDG_DATA_HOME is not set.
+// If HOME and XDG_DATA_HOME are not set, getpwent(3) is consulted to determine the users home directory.
 //
 // See also https://standards.freedesktop.org/basedir-spec/latest/ar01s03.html
 func GetDataHome() (string, error) {
 	if xdgDataHome := os.Getenv("XDG_DATA_HOME"); xdgDataHome != "" {
 		return xdgDataHome, nil
 	}
-	home := os.Getenv("HOME")
+	home := Get()
 	if home == "" {
 		return "", errors.New("could not get either XDG_DATA_HOME or HOME")
 	}
@@ -79,13 +80,14 @@ func GetDataHome() (string, error) {
 
 // GetConfigHome returns XDG_CONFIG_HOME.
 // GetConfigHome returns $HOME/.config and nil error if XDG_CONFIG_HOME is not set.
+// If HOME and XDG_CONFIG_HOME are not set, getpwent(3) is consulted to determine the users home directory.
 //
 // See also https://standards.freedesktop.org/basedir-spec/latest/ar01s03.html
 func GetConfigHome() (string, error) {
 	if xdgConfigHome := os.Getenv("XDG_CONFIG_HOME"); xdgConfigHome != "" {
 		return xdgConfigHome, nil
 	}
-	home := os.Getenv("HOME")
+	home := Get()
 	if home == "" {
 		return "", errors.New("could not get either XDG_CONFIG_HOME or HOME")
 	}
@@ -93,8 +95,9 @@ func GetConfigHome() (string, error) {
 }
 
 // GetLibHome returns $HOME/.local/lib
+// If HOME is not set, getpwent(3) is consulted to determine the users home directory.
 func GetLibHome() (string, error) {
-	home := os.Getenv("HOME")
+	home := Get()
 	if home == "" {
 		return "", errors.New("could not get HOME")
 	}
diff --git a/vendor/github.com/docker/docker/pkg/ioutils/temp_unix.go b/vendor/github.com/docker/docker/pkg/ioutils/temp_unix.go
deleted file mode 100644
index 748912230..000000000
--- a/vendor/github.com/docker/docker/pkg/ioutils/temp_unix.go
+++ /dev/null
@@ -1,11 +0,0 @@
-//go:build !windows
-// +build !windows
-
-package ioutils // import "github.com/docker/docker/pkg/ioutils"
-
-import "os"
-
-// TempDir on Unix systems is equivalent to os.MkdirTemp.
-func TempDir(dir, prefix string) (string, error) {
-	return os.MkdirTemp(dir, prefix)
-}
diff --git a/vendor/github.com/docker/docker/pkg/ioutils/temp_windows.go b/vendor/github.com/docker/docker/pkg/ioutils/temp_windows.go
deleted file mode 100644
index a57fd9af6..000000000
--- a/vendor/github.com/docker/docker/pkg/ioutils/temp_windows.go
+++ /dev/null
@@ -1,16 +0,0 @@
-package ioutils // import "github.com/docker/docker/pkg/ioutils"
-
-import (
-	"os"
-
-	"github.com/docker/docker/pkg/longpath"
-)
-
-// TempDir is the equivalent of os.MkdirTemp, except that the result is in Windows longpath format.
-func TempDir(dir, prefix string) (string, error) {
-	tempDir, err := os.MkdirTemp(dir, prefix)
-	if err != nil {
-		return "", err
-	}
-	return longpath.AddPrefix(tempDir), nil
-}
diff --git a/vendor/github.com/docker/docker/pkg/ioutils/tempdir_deprecated.go b/vendor/github.com/docker/docker/pkg/ioutils/tempdir_deprecated.go
new file mode 100644
index 000000000..b3321602c
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/ioutils/tempdir_deprecated.go
@@ -0,0 +1,10 @@
+package ioutils
+
+import "github.com/docker/docker/pkg/longpath"
+
+// TempDir is the equivalent of [os.MkdirTemp], except that on Windows
+// the result is in Windows longpath format. On Unix systems it is
+// equivalent to [os.MkdirTemp].
+//
+// Deprecated: use [longpath.MkdirTemp].
+var TempDir = longpath.MkdirTemp
diff --git a/vendor/github.com/docker/docker/pkg/jsonmessage/jsonmessage.go b/vendor/github.com/docker/docker/pkg/jsonmessage/jsonmessage.go
index cf8d04b1b..035160c83 100644
--- a/vendor/github.com/docker/docker/pkg/jsonmessage/jsonmessage.go
+++ b/vendor/github.com/docker/docker/pkg/jsonmessage/jsonmessage.go
@@ -16,8 +16,8 @@ import (
 // ensure the formatted time isalways the same number of characters.
 const RFC3339NanoFixed = "2006-01-02T15:04:05.000000000Z07:00"
 
-// JSONError wraps a concrete Code and Message, `Code` is
-// is an integer error code, `Message` is the error message.
+// JSONError wraps a concrete Code and Message, Code is
+// an integer error code, Message is the error message.
 type JSONError struct {
 	Code    int    `json:"code,omitempty"`
 	Message string `json:"message,omitempty"`
@@ -27,20 +27,28 @@ func (e *JSONError) Error() string {
 	return e.Message
 }
 
-// JSONProgress describes a Progress. terminalFd is the fd of the current terminal,
-// Start is the initial value for the operation. Current is the current status and
-// value of the progress made towards Total. Total is the end value describing when
-// we made 100% progress for an operation.
+// JSONProgress describes a progress message in a JSON stream.
 type JSONProgress struct {
+	// Current is the current status and value of the progress made towards Total.
+	Current int64 `json:"current,omitempty"`
+	// Total is the end value describing when we made 100% progress for an operation.
+	Total int64 `json:"total,omitempty"`
+	// Start is the initial value for the operation.
+	Start int64 `json:"start,omitempty"`
+	// HideCounts. if true, hides the progress count indicator (xB/yB).
+	HideCounts bool `json:"hidecounts,omitempty"`
+	// Units is the unit to print for progress. It defaults to "bytes" if empty.
+	Units string `json:"units,omitempty"`
+
+	// terminalFd is the fd of the current terminal, if any. It is used
+	// to get the terminal width.
 	terminalFd uintptr
-	Current    int64 `json:"current,omitempty"`
-	Total      int64 `json:"total,omitempty"`
-	Start      int64 `json:"start,omitempty"`
-	// If true, don't show xB/yB
-	HideCounts bool   `json:"hidecounts,omitempty"`
-	Units      string `json:"units,omitempty"`
-	nowFunc    func() time.Time
-	winSize    int
+
+	// nowFunc is used to override the current time in tests.
+	nowFunc func() time.Time
+
+	// winSize is used to override the terminal width in tests.
+	winSize int
 }
 
 func (p *JSONProgress) String() string {
@@ -56,8 +64,7 @@ func (p *JSONProgress) String() string {
 	if p.Total <= 0 {
 		switch p.Units {
 		case "":
-			current := units.HumanSize(float64(p.Current))
-			return fmt.Sprintf("%8v", current)
+			return fmt.Sprintf("%8v", units.HumanSize(float64(p.Current)))
 		default:
 			return fmt.Sprintf("%d %s", p.Current, p.Units)
 		}
@@ -110,17 +117,17 @@ func (p *JSONProgress) String() string {
 	return pbBox + numbersBox + timeLeftBox
 }
 
-// shim for testing
+// now returns the current time in UTC, but can be overridden in tests
+// by setting JSONProgress.nowFunc to a custom function.
 func (p *JSONProgress) now() time.Time {
-	if p.nowFunc == nil {
-		p.nowFunc = func() time.Time {
-			return time.Now().UTC()
-		}
+	if p.nowFunc != nil {
+		return p.nowFunc()
 	}
-	return p.nowFunc()
+	return time.Now().UTC()
 }
 
-// shim for testing
+// width returns the current terminal's width, but can be overridden
+// in tests by setting JSONProgress.winSize to a non-zero value.
 func (p *JSONProgress) width() int {
 	if p.winSize != 0 {
 		return p.winSize
@@ -164,13 +171,11 @@ func cursorDown(out io.Writer, l uint) {
 	fmt.Fprint(out, aec.Down(l))
 }
 
-// Display displays the JSONMessage to `out`. If `isTerminal` is true, it will erase the
-// entire current line when displaying the progressbar.
+// Display prints the JSONMessage to out. If isTerminal is true, it erases
+// the entire current line when displaying the progressbar. It returns an
+// error if the [JSONMessage.Error] field is non-nil.
 func (jm *JSONMessage) Display(out io.Writer, isTerminal bool) error {
 	if jm.Error != nil {
-		if jm.Error.Code == 401 {
-			return fmt.Errorf("authentication is required")
-		}
 		return jm.Error
 	}
 	var endl string
@@ -204,9 +209,22 @@ func (jm *JSONMessage) Display(out io.Writer, isTerminal bool) error {
 	return nil
 }
 
-// DisplayJSONMessagesStream displays a json message stream from `in` to `out`, `isTerminal`
-// describes if `out` is a terminal. If this is the case, it will print `\n` at the end of
-// each line and move the cursor while displaying.
+// DisplayJSONMessagesStream reads a JSON message stream from in, and writes
+// each [JSONMessage] to out. It returns an error if an invalid JSONMessage
+// is received, or if a JSONMessage containers a non-zero [JSONMessage.Error].
+//
+// Presentation of the JSONMessage depends on whether a terminal is attached,
+// and on the terminal width. Progress bars ([JSONProgress]) are suppressed
+// on narrower terminals (< 110 characters).
+//
+//   - isTerminal describes if out is a terminal, in which case it prints
+//     a newline ("\n") at the end of each line and moves the cursor while
+//     displaying.
+//   - terminalFd is the fd of the current terminal (if any), and used
+//     to get the terminal width.
+//   - auxCallback allows handling the [JSONMessage.Aux] field. It is
+//     called if a JSONMessage contains an Aux field, in which case
+//     DisplayJSONMessagesStream does not present the JSONMessage.
 func DisplayJSONMessagesStream(in io.Reader, out io.Writer, terminalFd uintptr, isTerminal bool, auxCallback func(JSONMessage)) error {
 	var (
 		dec = json.NewDecoder(in)
@@ -271,13 +289,19 @@ func DisplayJSONMessagesStream(in io.Reader, out io.Writer, terminalFd uintptr,
 	return nil
 }
 
-type stream interface {
+// Stream is an io.Writer for output with utilities to get the output's file
+// descriptor and to detect wether it's a terminal.
+//
+// it is subset of the streams.Out type in
+// https://pkg.go.dev/github.com/docker/cli@v20.10.17+incompatible/cli/streams#Out
+type Stream interface {
 	io.Writer
 	FD() uintptr
 	IsTerminal() bool
 }
 
-// DisplayJSONMessagesToStream prints json messages to the output stream
-func DisplayJSONMessagesToStream(in io.Reader, stream stream, auxCallback func(JSONMessage)) error {
+// DisplayJSONMessagesToStream prints json messages to the output Stream. It is
+// used by the Docker CLI to print JSONMessage streams.
+func DisplayJSONMessagesToStream(in io.Reader, stream Stream, auxCallback func(JSONMessage)) error {
 	return DisplayJSONMessagesStream(in, stream, stream.FD(), stream.IsTerminal(), auxCallback)
 }
diff --git a/vendor/github.com/docker/docker/pkg/longpath/longpath.go b/vendor/github.com/docker/docker/pkg/longpath/longpath.go
index 4177affba..1c5dde521 100644
--- a/vendor/github.com/docker/docker/pkg/longpath/longpath.go
+++ b/vendor/github.com/docker/docker/pkg/longpath/longpath.go
@@ -1,17 +1,20 @@
-// longpath introduces some constants and helper functions for handling long paths
-// in Windows, which are expected to be prepended with `\\?\` and followed by either
-// a drive letter, a UNC server\share, or a volume identifier.
-
+// Package longpath introduces some constants and helper functions for handling
+// long paths in Windows.
+//
+// Long paths are expected to be prepended with "\\?\" and followed by either a
+// drive letter, a UNC server\share, or a volume identifier.
 package longpath // import "github.com/docker/docker/pkg/longpath"
 
 import (
+	"os"
+	"runtime"
 	"strings"
 )
 
 // Prefix is the longpath prefix for Windows file paths.
 const Prefix = `\\?\`
 
-// AddPrefix will add the Windows long path prefix to the path provided if
+// AddPrefix adds the Windows long path prefix to the path provided if
 // it does not already have it.
 func AddPrefix(path string) string {
 	if !strings.HasPrefix(path, Prefix) {
@@ -24,3 +27,17 @@ func AddPrefix(path string) string {
 	}
 	return path
 }
+
+// MkdirTemp is the equivalent of [os.MkdirTemp], except that on Windows
+// the result is in Windows longpath format. On Unix systems it is
+// equivalent to [os.MkdirTemp].
+func MkdirTemp(dir, prefix string) (string, error) {
+	tempDir, err := os.MkdirTemp(dir, prefix)
+	if err != nil {
+		return "", err
+	}
+	if runtime.GOOS != "windows" {
+		return tempDir, nil
+	}
+	return AddPrefix(tempDir), nil
+}
diff --git a/vendor/github.com/docker/docker/registry/auth.go b/vendor/github.com/docker/docker/registry/auth.go
index 38f41db22..dd75a49f3 100644
--- a/vendor/github.com/docker/docker/registry/auth.go
+++ b/vendor/github.com/docker/docker/registry/auth.go
@@ -9,7 +9,6 @@ import (
 	"github.com/docker/distribution/registry/client/auth"
 	"github.com/docker/distribution/registry/client/auth/challenge"
 	"github.com/docker/distribution/registry/client/transport"
-	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/registry"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
@@ -19,7 +18,7 @@ import (
 const AuthClientID = "docker"
 
 type loginCredentialStore struct {
-	authConfig *types.AuthConfig
+	authConfig *registry.AuthConfig
 }
 
 func (lcs loginCredentialStore) Basic(*url.URL) (string, string) {
@@ -35,12 +34,12 @@ func (lcs loginCredentialStore) SetRefreshToken(u *url.URL, service, token strin
 }
 
 type staticCredentialStore struct {
-	auth *types.AuthConfig
+	auth *registry.AuthConfig
 }
 
 // NewStaticCredentialStore returns a credential store
 // which always returns the same credential values.
-func NewStaticCredentialStore(auth *types.AuthConfig) auth.CredentialStore {
+func NewStaticCredentialStore(auth *registry.AuthConfig) auth.CredentialStore {
 	return staticCredentialStore{
 		auth: auth,
 	}
@@ -66,7 +65,7 @@ func (scs staticCredentialStore) SetRefreshToken(*url.URL, string, string) {
 // loginV2 tries to login to the v2 registry server. The given registry
 // endpoint will be pinged to get authorization challenges. These challenges
 // will be used to authenticate against the registry to validate credentials.
-func loginV2(authConfig *types.AuthConfig, endpoint APIEndpoint, userAgent string) (string, string, error) {
+func loginV2(authConfig *registry.AuthConfig, endpoint APIEndpoint, userAgent string) (string, string, error) {
 	var (
 		endpointStr          = strings.TrimRight(endpoint.URL.String(), "/") + "/v2/"
 		modifiers            = Headers(userAgent, nil)
@@ -138,7 +137,7 @@ func ConvertToHostname(url string) string {
 }
 
 // ResolveAuthConfig matches an auth configuration to a server address or a URL
-func ResolveAuthConfig(authConfigs map[string]types.AuthConfig, index *registry.IndexInfo) types.AuthConfig {
+func ResolveAuthConfig(authConfigs map[string]registry.AuthConfig, index *registry.IndexInfo) registry.AuthConfig {
 	configKey := GetAuthConfigKey(index)
 	// First try the happy case
 	if c, found := authConfigs[configKey]; found || index.Official {
@@ -154,7 +153,7 @@ func ResolveAuthConfig(authConfigs map[string]types.AuthConfig, index *registry.
 	}
 
 	// When all else fails, return an empty auth config
-	return types.AuthConfig{}
+	return registry.AuthConfig{}
 }
 
 // PingResponseError is used when the response from a ping
diff --git a/vendor/github.com/docker/docker/registry/endpoint_v1.go b/vendor/github.com/docker/docker/registry/endpoint_v1.go
index c7e930c8a..56257dc79 100644
--- a/vendor/github.com/docker/docker/registry/endpoint_v1.go
+++ b/vendor/github.com/docker/docker/registry/endpoint_v1.go
@@ -35,13 +35,13 @@ type v1Endpoint struct {
 
 // newV1Endpoint parses the given address to return a registry endpoint.
 // TODO: remove. This is only used by search.
-func newV1Endpoint(index *registry.IndexInfo, userAgent string, metaHeaders http.Header) (*v1Endpoint, error) {
+func newV1Endpoint(index *registry.IndexInfo, headers http.Header) (*v1Endpoint, error) {
 	tlsConfig, err := newTLSConfig(index.Name, index.Secure)
 	if err != nil {
 		return nil, err
 	}
 
-	endpoint, err := newV1EndpointFromStr(GetAuthConfigKey(index), tlsConfig, userAgent, metaHeaders)
+	endpoint, err := newV1EndpointFromStr(GetAuthConfigKey(index), tlsConfig, headers)
 	if err != nil {
 		return nil, err
 	}
@@ -100,7 +100,7 @@ func trimV1Address(address string) (string, error) {
 	return address, nil
 }
 
-func newV1EndpointFromStr(address string, tlsConfig *tls.Config, userAgent string, metaHeaders http.Header) (*v1Endpoint, error) {
+func newV1EndpointFromStr(address string, tlsConfig *tls.Config, headers http.Header) (*v1Endpoint, error) {
 	if !strings.HasPrefix(address, "http://") && !strings.HasPrefix(address, "https://") {
 		address = "https://" + address
 	}
@@ -121,7 +121,7 @@ func newV1EndpointFromStr(address string, tlsConfig *tls.Config, userAgent strin
 	return &v1Endpoint{
 		IsSecure: tlsConfig == nil || !tlsConfig.InsecureSkipVerify,
 		URL:      uri,
-		client:   httpClient(transport.NewTransport(tr, Headers(userAgent, metaHeaders)...)),
+		client:   httpClient(transport.NewTransport(tr, Headers("", headers)...)),
 	}, nil
 }
 
diff --git a/vendor/github.com/docker/docker/registry/search.go b/vendor/github.com/docker/docker/registry/search.go
new file mode 100644
index 000000000..60b86ea22
--- /dev/null
+++ b/vendor/github.com/docker/docker/registry/search.go
@@ -0,0 +1,139 @@
+package registry // import "github.com/docker/docker/registry"
+
+import (
+	"context"
+	"net/http"
+	"strconv"
+	"strings"
+
+	"github.com/docker/docker/api/types/filters"
+	"github.com/docker/docker/api/types/registry"
+	"github.com/docker/docker/errdefs"
+
+	"github.com/docker/distribution/registry/client/auth"
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
+)
+
+var acceptedSearchFilterTags = map[string]bool{
+	"is-automated": true,
+	"is-official":  true,
+	"stars":        true,
+}
+
+// Search queries the public registry for repositories matching the specified
+// search term and filters.
+func (s *Service) Search(ctx context.Context, searchFilters filters.Args, term string, limit int, authConfig *registry.AuthConfig, headers map[string][]string) ([]registry.SearchResult, error) {
+	if err := searchFilters.Validate(acceptedSearchFilterTags); err != nil {
+		return nil, err
+	}
+
+	isAutomated, err := searchFilters.GetBoolOrDefault("is-automated", false)
+	if err != nil {
+		return nil, err
+	}
+	isOfficial, err := searchFilters.GetBoolOrDefault("is-official", false)
+	if err != nil {
+		return nil, err
+	}
+
+	hasStarFilter := 0
+	if searchFilters.Contains("stars") {
+		hasStars := searchFilters.Get("stars")
+		for _, hasStar := range hasStars {
+			iHasStar, err := strconv.Atoi(hasStar)
+			if err != nil {
+				return nil, errdefs.InvalidParameter(errors.Wrapf(err, "invalid filter 'stars=%s'", hasStar))
+			}
+			if iHasStar > hasStarFilter {
+				hasStarFilter = iHasStar
+			}
+		}
+	}
+
+	unfilteredResult, err := s.searchUnfiltered(ctx, term, limit, authConfig, headers)
+	if err != nil {
+		return nil, err
+	}
+
+	filteredResults := []registry.SearchResult{}
+	for _, result := range unfilteredResult.Results {
+		if searchFilters.Contains("is-automated") {
+			if isAutomated != result.IsAutomated {
+				continue
+			}
+		}
+		if searchFilters.Contains("is-official") {
+			if isOfficial != result.IsOfficial {
+				continue
+			}
+		}
+		if searchFilters.Contains("stars") {
+			if result.StarCount < hasStarFilter {
+				continue
+			}
+		}
+		filteredResults = append(filteredResults, result)
+	}
+
+	return filteredResults, nil
+}
+
+func (s *Service) searchUnfiltered(ctx context.Context, term string, limit int, authConfig *registry.AuthConfig, headers http.Header) (*registry.SearchResults, error) {
+	// TODO Use ctx when searching for repositories
+	if hasScheme(term) {
+		return nil, invalidParamf("invalid repository name: repository name (%s) should not have a scheme", term)
+	}
+
+	indexName, remoteName := splitReposSearchTerm(term)
+
+	// Search is a long-running operation, just lock s.config to avoid block others.
+	s.mu.RLock()
+	index, err := newIndexInfo(s.config, indexName)
+	s.mu.RUnlock()
+
+	if err != nil {
+		return nil, err
+	}
+	if index.Official {
+		// If pull "library/foo", it's stored locally under "foo"
+		remoteName = strings.TrimPrefix(remoteName, "library/")
+	}
+
+	endpoint, err := newV1Endpoint(index, headers)
+	if err != nil {
+		return nil, err
+	}
+
+	var client *http.Client
+	if authConfig != nil && authConfig.IdentityToken != "" && authConfig.Username != "" {
+		creds := NewStaticCredentialStore(authConfig)
+		scopes := []auth.Scope{
+			auth.RegistryScope{
+				Name:    "catalog",
+				Actions: []string{"search"},
+			},
+		}
+
+		// TODO(thaJeztah); is there a reason not to include other headers here? (originally added in 19d48f0b8ba59eea9f2cac4ad1c7977712a6b7ac)
+		modifiers := Headers(headers.Get("User-Agent"), nil)
+		v2Client, err := v2AuthHTTPClient(endpoint.URL, endpoint.client.Transport, modifiers, creds, scopes)
+		if err != nil {
+			return nil, err
+		}
+		// Copy non transport http client features
+		v2Client.Timeout = endpoint.client.Timeout
+		v2Client.CheckRedirect = endpoint.client.CheckRedirect
+		v2Client.Jar = endpoint.client.Jar
+
+		logrus.Debugf("using v2 client for search to %s", endpoint.URL)
+		client = v2Client
+	} else {
+		client = endpoint.client
+		if err := authorizeClient(client, authConfig, endpoint); err != nil {
+			return nil, err
+		}
+	}
+
+	return newSession(client, endpoint).searchRepositories(remoteName, limit)
+}
diff --git a/vendor/github.com/docker/docker/registry/service.go b/vendor/github.com/docker/docker/registry/service.go
index 25b116a27..b848065b3 100644
--- a/vendor/github.com/docker/docker/registry/service.go
+++ b/vendor/github.com/docker/docker/registry/service.go
@@ -3,56 +3,40 @@ package registry // import "github.com/docker/docker/registry"
 import (
 	"context"
 	"crypto/tls"
-	"net/http"
 	"net/url"
 	"strings"
 	"sync"
 
 	"github.com/docker/distribution/reference"
-	"github.com/docker/distribution/registry/client/auth"
-	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/registry"
 	"github.com/docker/docker/errdefs"
 	"github.com/sirupsen/logrus"
 )
 
-// Service is the interface defining what a registry service should implement.
-type Service interface {
-	Auth(ctx context.Context, authConfig *types.AuthConfig, userAgent string) (status, token string, err error)
-	LookupPullEndpoints(hostname string) (endpoints []APIEndpoint, err error)
-	LookupPushEndpoints(hostname string) (endpoints []APIEndpoint, err error)
-	ResolveRepository(name reference.Named) (*RepositoryInfo, error)
-	Search(ctx context.Context, term string, limit int, authConfig *types.AuthConfig, userAgent string, headers map[string][]string) (*registry.SearchResults, error)
-	ServiceConfig() *registry.ServiceConfig
-	LoadAllowNondistributableArtifacts([]string) error
-	LoadMirrors([]string) error
-	LoadInsecureRegistries([]string) error
-}
-
-// defaultService is a registry service. It tracks configuration data such as a list
+// Service is a registry service. It tracks configuration data such as a list
 // of mirrors.
-type defaultService struct {
+type Service struct {
 	config *serviceConfig
 	mu     sync.RWMutex
 }
 
 // NewService returns a new instance of defaultService ready to be
 // installed into an engine.
-func NewService(options ServiceOptions) (Service, error) {
+func NewService(options ServiceOptions) (*Service, error) {
 	config, err := newServiceConfig(options)
 
-	return &defaultService{config: config}, err
+	return &Service{config: config}, err
 }
 
 // ServiceConfig returns a copy of the public registry service's configuration.
-func (s *defaultService) ServiceConfig() *registry.ServiceConfig {
+func (s *Service) ServiceConfig() *registry.ServiceConfig {
 	s.mu.RLock()
 	defer s.mu.RUnlock()
 	return s.config.copy()
 }
 
 // LoadAllowNondistributableArtifacts loads allow-nondistributable-artifacts registries for Service.
-func (s *defaultService) LoadAllowNondistributableArtifacts(registries []string) error {
+func (s *Service) LoadAllowNondistributableArtifacts(registries []string) error {
 	s.mu.Lock()
 	defer s.mu.Unlock()
 
@@ -60,7 +44,7 @@ func (s *defaultService) LoadAllowNondistributableArtifacts(registries []string)
 }
 
 // LoadMirrors loads registry mirrors for Service
-func (s *defaultService) LoadMirrors(mirrors []string) error {
+func (s *Service) LoadMirrors(mirrors []string) error {
 	s.mu.Lock()
 	defer s.mu.Unlock()
 
@@ -68,7 +52,7 @@ func (s *defaultService) LoadMirrors(mirrors []string) error {
 }
 
 // LoadInsecureRegistries loads insecure registries for Service
-func (s *defaultService) LoadInsecureRegistries(registries []string) error {
+func (s *Service) LoadInsecureRegistries(registries []string) error {
 	s.mu.Lock()
 	defer s.mu.Unlock()
 
@@ -78,7 +62,7 @@ func (s *defaultService) LoadInsecureRegistries(registries []string) error {
 // Auth contacts the public registry with the provided credentials,
 // and returns OK if authentication was successful.
 // It can be used to verify the validity of a client's credentials.
-func (s *defaultService) Auth(ctx context.Context, authConfig *types.AuthConfig, userAgent string) (status, token string, err error) {
+func (s *Service) Auth(ctx context.Context, authConfig *registry.AuthConfig, userAgent string) (status, token string, err error) {
 	// TODO Use ctx when searching for repositories
 	var registryHostName = IndexHostname
 
@@ -129,69 +113,9 @@ func splitReposSearchTerm(reposName string) (string, string) {
 	return nameParts[0], nameParts[1]
 }
 
-// Search queries the public registry for images matching the specified
-// search terms, and returns the results.
-func (s *defaultService) Search(ctx context.Context, term string, limit int, authConfig *types.AuthConfig, userAgent string, headers map[string][]string) (*registry.SearchResults, error) {
-	// TODO Use ctx when searching for repositories
-	if hasScheme(term) {
-		return nil, invalidParamf("invalid repository name: repository name (%s) should not have a scheme", term)
-	}
-
-	indexName, remoteName := splitReposSearchTerm(term)
-
-	// Search is a long-running operation, just lock s.config to avoid block others.
-	s.mu.RLock()
-	index, err := newIndexInfo(s.config, indexName)
-	s.mu.RUnlock()
-
-	if err != nil {
-		return nil, err
-	}
-	if index.Official {
-		// If pull "library/foo", it's stored locally under "foo"
-		remoteName = strings.TrimPrefix(remoteName, "library/")
-	}
-
-	endpoint, err := newV1Endpoint(index, userAgent, headers)
-	if err != nil {
-		return nil, err
-	}
-
-	var client *http.Client
-	if authConfig != nil && authConfig.IdentityToken != "" && authConfig.Username != "" {
-		creds := NewStaticCredentialStore(authConfig)
-		scopes := []auth.Scope{
-			auth.RegistryScope{
-				Name:    "catalog",
-				Actions: []string{"search"},
-			},
-		}
-
-		modifiers := Headers(userAgent, nil)
-		v2Client, err := v2AuthHTTPClient(endpoint.URL, endpoint.client.Transport, modifiers, creds, scopes)
-		if err != nil {
-			return nil, err
-		}
-		// Copy non transport http client features
-		v2Client.Timeout = endpoint.client.Timeout
-		v2Client.CheckRedirect = endpoint.client.CheckRedirect
-		v2Client.Jar = endpoint.client.Jar
-
-		logrus.Debugf("using v2 client for search to %s", endpoint.URL)
-		client = v2Client
-	} else {
-		client = endpoint.client
-		if err := authorizeClient(client, authConfig, endpoint); err != nil {
-			return nil, err
-		}
-	}
-
-	return newSession(client, endpoint).searchRepositories(remoteName, limit)
-}
-
 // ResolveRepository splits a repository name into its components
 // and configuration of the associated registry.
-func (s *defaultService) ResolveRepository(name reference.Named) (*RepositoryInfo, error) {
+func (s *Service) ResolveRepository(name reference.Named) (*RepositoryInfo, error) {
 	s.mu.RLock()
 	defer s.mu.RUnlock()
 	return newRepositoryInfo(s.config, name)
@@ -210,7 +134,7 @@ type APIEndpoint struct {
 
 // LookupPullEndpoints creates a list of v2 endpoints to try to pull from, in order of preference.
 // It gives preference to mirrors over the actual registry, and HTTPS over plain HTTP.
-func (s *defaultService) LookupPullEndpoints(hostname string) (endpoints []APIEndpoint, err error) {
+func (s *Service) LookupPullEndpoints(hostname string) (endpoints []APIEndpoint, err error) {
 	s.mu.RLock()
 	defer s.mu.RUnlock()
 
@@ -219,7 +143,7 @@ func (s *defaultService) LookupPullEndpoints(hostname string) (endpoints []APIEn
 
 // LookupPushEndpoints creates a list of v2 endpoints to try to push to, in order of preference.
 // It gives preference to HTTPS over plain HTTP. Mirrors are not included.
-func (s *defaultService) LookupPushEndpoints(hostname string) (endpoints []APIEndpoint, err error) {
+func (s *Service) LookupPushEndpoints(hostname string) (endpoints []APIEndpoint, err error) {
 	s.mu.RLock()
 	defer s.mu.RUnlock()
 
@@ -233,3 +157,11 @@ func (s *defaultService) LookupPushEndpoints(hostname string) (endpoints []APIEn
 	}
 	return endpoints, err
 }
+
+// IsInsecureRegistry returns true if the registry at given host is configured as
+// insecure registry.
+func (s *Service) IsInsecureRegistry(host string) bool {
+	s.mu.RLock()
+	defer s.mu.RUnlock()
+	return !s.config.isSecureIndex(host)
+}
diff --git a/vendor/github.com/docker/docker/registry/service_v2.go b/vendor/github.com/docker/docker/registry/service_v2.go
index d4352583f..c8c545d21 100644
--- a/vendor/github.com/docker/docker/registry/service_v2.go
+++ b/vendor/github.com/docker/docker/registry/service_v2.go
@@ -7,7 +7,7 @@ import (
 	"github.com/docker/go-connections/tlsconfig"
 )
 
-func (s *defaultService) lookupV2Endpoints(hostname string) (endpoints []APIEndpoint, err error) {
+func (s *Service) lookupV2Endpoints(hostname string) (endpoints []APIEndpoint, err error) {
 	ana := s.config.allowNondistributableArtifacts(hostname)
 
 	if hostname == DefaultNamespace || hostname == IndexHostname {
diff --git a/vendor/github.com/docker/docker/registry/session.go b/vendor/github.com/docker/docker/registry/session.go
index 6418e2d6b..86a5cd9ed 100644
--- a/vendor/github.com/docker/docker/registry/session.go
+++ b/vendor/github.com/docker/docker/registry/session.go
@@ -11,7 +11,6 @@ import (
 	"strings"
 	"sync"
 
-	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/registry"
 	"github.com/docker/docker/errdefs"
 	"github.com/docker/docker/pkg/ioutils"
@@ -28,7 +27,7 @@ type session struct {
 
 type authTransport struct {
 	http.RoundTripper
-	*types.AuthConfig
+	*registry.AuthConfig
 
 	alwaysSetBasicAuth bool
 	token              []string
@@ -50,7 +49,7 @@ type authTransport struct {
 // If the server sends a token without the client having requested it, it is ignored.
 //
 // This RoundTripper also has a CancelRequest method important for correct timeout handling.
-func newAuthTransport(base http.RoundTripper, authConfig *types.AuthConfig, alwaysSetBasicAuth bool) *authTransport {
+func newAuthTransport(base http.RoundTripper, authConfig *registry.AuthConfig, alwaysSetBasicAuth bool) *authTransport {
 	if base == nil {
 		base = http.DefaultTransport
 	}
@@ -145,7 +144,7 @@ func (tr *authTransport) CancelRequest(req *http.Request) {
 	}
 }
 
-func authorizeClient(client *http.Client, authConfig *types.AuthConfig, endpoint *v1Endpoint) error {
+func authorizeClient(client *http.Client, authConfig *registry.AuthConfig, endpoint *v1Endpoint) error {
 	var alwaysSetBasicAuth bool
 
 	// If we're working with a standalone private registry over HTTPS, send Basic Auth headers
@@ -207,10 +206,10 @@ func (r *session) searchRepositories(term string, limit int) (*registry.SearchRe
 	}
 	defer res.Body.Close()
 	if res.StatusCode != http.StatusOK {
-		return nil, &jsonmessage.JSONError{
+		return nil, errdefs.Unknown(&jsonmessage.JSONError{
 			Message: fmt.Sprintf("Unexpected status code %d", res.StatusCode),
 			Code:    res.StatusCode,
-		}
+		})
 	}
 	result := new(registry.SearchResults)
 	return result, errors.Wrap(json.NewDecoder(res.Body).Decode(result), "error decoding registry search results")
diff --git a/vendor/github.com/dustin/go-humanize/.travis.yml b/vendor/github.com/dustin/go-humanize/.travis.yml
new file mode 100644
index 000000000..ac12e485a
--- /dev/null
+++ b/vendor/github.com/dustin/go-humanize/.travis.yml
@@ -0,0 +1,21 @@
+sudo: false
+language: go
+go_import_path: github.com/dustin/go-humanize
+go:
+  - 1.13.x
+  - 1.14.x
+  - 1.15.x
+  - 1.16.x
+  - stable
+  - master
+matrix:
+  allow_failures:
+    - go: master
+  fast_finish: true
+install:
+  - # Do nothing. This is needed to prevent default install action "go get -t -v ./..." from happening here (we want it to happen inside script step).
+script:
+  - diff -u <(echo -n) <(gofmt -d -s .)
+  - go vet .
+  - go install -v -race ./...
+  - go test -v -race ./...
diff --git a/vendor/github.com/dustin/go-humanize/LICENSE b/vendor/github.com/dustin/go-humanize/LICENSE
new file mode 100644
index 000000000..8d9a94a90
--- /dev/null
+++ b/vendor/github.com/dustin/go-humanize/LICENSE
@@ -0,0 +1,21 @@
+Copyright (c) 2005-2008  Dustin Sallings <dustin@spy.net>
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+
+<http://www.opensource.org/licenses/mit-license.php>
diff --git a/vendor/github.com/dustin/go-humanize/README.markdown b/vendor/github.com/dustin/go-humanize/README.markdown
new file mode 100644
index 000000000..7d0b16b34
--- /dev/null
+++ b/vendor/github.com/dustin/go-humanize/README.markdown
@@ -0,0 +1,124 @@
+# Humane Units [![Build Status](https://travis-ci.org/dustin/go-humanize.svg?branch=master)](https://travis-ci.org/dustin/go-humanize) [![GoDoc](https://godoc.org/github.com/dustin/go-humanize?status.svg)](https://godoc.org/github.com/dustin/go-humanize)
+
+Just a few functions for helping humanize times and sizes.
+
+`go get` it as `github.com/dustin/go-humanize`, import it as
+`"github.com/dustin/go-humanize"`, use it as `humanize`.
+
+See [godoc](https://pkg.go.dev/github.com/dustin/go-humanize) for
+complete documentation.
+
+## Sizes
+
+This lets you take numbers like `82854982` and convert them to useful
+strings like, `83 MB` or `79 MiB` (whichever you prefer).
+
+Example:
+
+```go
+fmt.Printf("That file is %s.", humanize.Bytes(82854982)) // That file is 83 MB.
+```
+
+## Times
+
+This lets you take a `time.Time` and spit it out in relative terms.
+For example, `12 seconds ago` or `3 days from now`.
+
+Example:
+
+```go
+fmt.Printf("This was touched %s.", humanize.Time(someTimeInstance)) // This was touched 7 hours ago.
+```
+
+Thanks to Kyle Lemons for the time implementation from an IRC
+conversation one day. It's pretty neat.
+
+## Ordinals
+
+From a [mailing list discussion][odisc] where a user wanted to be able
+to label ordinals.
+
+    0 -> 0th
+    1 -> 1st
+    2 -> 2nd
+    3 -> 3rd
+    4 -> 4th
+    [...]
+
+Example:
+
+```go
+fmt.Printf("You're my %s best friend.", humanize.Ordinal(193)) // You are my 193rd best friend.
+```
+
+## Commas
+
+Want to shove commas into numbers? Be my guest.
+
+    0 -> 0
+    100 -> 100
+    1000 -> 1,000
+    1000000000 -> 1,000,000,000
+    -100000 -> -100,000
+
+Example:
+
+```go
+fmt.Printf("You owe $%s.\n", humanize.Comma(6582491)) // You owe $6,582,491.
+```
+
+## Ftoa
+
+Nicer float64 formatter that removes trailing zeros.
+
+```go
+fmt.Printf("%f", 2.24)                // 2.240000
+fmt.Printf("%s", humanize.Ftoa(2.24)) // 2.24
+fmt.Printf("%f", 2.0)                 // 2.000000
+fmt.Printf("%s", humanize.Ftoa(2.0))  // 2
+```
+
+## SI notation
+
+Format numbers with [SI notation][sinotation].
+
+Example:
+
+```go
+humanize.SI(0.00000000223, "M") // 2.23 nM
+```
+
+## English-specific functions
+
+The following functions are in the `humanize/english` subpackage.
+
+### Plurals
+
+Simple English pluralization
+
+```go
+english.PluralWord(1, "object", "") // object
+english.PluralWord(42, "object", "") // objects
+english.PluralWord(2, "bus", "") // buses
+english.PluralWord(99, "locus", "loci") // loci
+
+english.Plural(1, "object", "") // 1 object
+english.Plural(42, "object", "") // 42 objects
+english.Plural(2, "bus", "") // 2 buses
+english.Plural(99, "locus", "loci") // 99 loci
+```
+
+### Word series
+
+Format comma-separated words lists with conjuctions:
+
+```go
+english.WordSeries([]string{"foo"}, "and") // foo
+english.WordSeries([]string{"foo", "bar"}, "and") // foo and bar
+english.WordSeries([]string{"foo", "bar", "baz"}, "and") // foo, bar and baz
+
+english.OxfordWordSeries([]string{"foo", "bar", "baz"}, "and") // foo, bar, and baz
+```
+
+[odisc]: https://groups.google.com/d/topic/golang-nuts/l8NhI74jl-4/discussion
+[sinotation]: http://en.wikipedia.org/wiki/Metric_prefix
diff --git a/vendor/github.com/dustin/go-humanize/big.go b/vendor/github.com/dustin/go-humanize/big.go
new file mode 100644
index 000000000..f49dc337d
--- /dev/null
+++ b/vendor/github.com/dustin/go-humanize/big.go
@@ -0,0 +1,31 @@
+package humanize
+
+import (
+	"math/big"
+)
+
+// order of magnitude (to a max order)
+func oomm(n, b *big.Int, maxmag int) (float64, int) {
+	mag := 0
+	m := &big.Int{}
+	for n.Cmp(b) >= 0 {
+		n.DivMod(n, b, m)
+		mag++
+		if mag == maxmag && maxmag >= 0 {
+			break
+		}
+	}
+	return float64(n.Int64()) + (float64(m.Int64()) / float64(b.Int64())), mag
+}
+
+// total order of magnitude
+// (same as above, but with no upper limit)
+func oom(n, b *big.Int) (float64, int) {
+	mag := 0
+	m := &big.Int{}
+	for n.Cmp(b) >= 0 {
+		n.DivMod(n, b, m)
+		mag++
+	}
+	return float64(n.Int64()) + (float64(m.Int64()) / float64(b.Int64())), mag
+}
diff --git a/vendor/github.com/dustin/go-humanize/bigbytes.go b/vendor/github.com/dustin/go-humanize/bigbytes.go
new file mode 100644
index 000000000..3b015fd59
--- /dev/null
+++ b/vendor/github.com/dustin/go-humanize/bigbytes.go
@@ -0,0 +1,189 @@
+package humanize
+
+import (
+	"fmt"
+	"math/big"
+	"strings"
+	"unicode"
+)
+
+var (
+	bigIECExp = big.NewInt(1024)
+
+	// BigByte is one byte in bit.Ints
+	BigByte = big.NewInt(1)
+	// BigKiByte is 1,024 bytes in bit.Ints
+	BigKiByte = (&big.Int{}).Mul(BigByte, bigIECExp)
+	// BigMiByte is 1,024 k bytes in bit.Ints
+	BigMiByte = (&big.Int{}).Mul(BigKiByte, bigIECExp)
+	// BigGiByte is 1,024 m bytes in bit.Ints
+	BigGiByte = (&big.Int{}).Mul(BigMiByte, bigIECExp)
+	// BigTiByte is 1,024 g bytes in bit.Ints
+	BigTiByte = (&big.Int{}).Mul(BigGiByte, bigIECExp)
+	// BigPiByte is 1,024 t bytes in bit.Ints
+	BigPiByte = (&big.Int{}).Mul(BigTiByte, bigIECExp)
+	// BigEiByte is 1,024 p bytes in bit.Ints
+	BigEiByte = (&big.Int{}).Mul(BigPiByte, bigIECExp)
+	// BigZiByte is 1,024 e bytes in bit.Ints
+	BigZiByte = (&big.Int{}).Mul(BigEiByte, bigIECExp)
+	// BigYiByte is 1,024 z bytes in bit.Ints
+	BigYiByte = (&big.Int{}).Mul(BigZiByte, bigIECExp)
+	// BigRiByte is 1,024 y bytes in bit.Ints
+	BigRiByte = (&big.Int{}).Mul(BigYiByte, bigIECExp)
+	// BigQiByte is 1,024 r bytes in bit.Ints
+	BigQiByte = (&big.Int{}).Mul(BigRiByte, bigIECExp)
+)
+
+var (
+	bigSIExp = big.NewInt(1000)
+
+	// BigSIByte is one SI byte in big.Ints
+	BigSIByte = big.NewInt(1)
+	// BigKByte is 1,000 SI bytes in big.Ints
+	BigKByte = (&big.Int{}).Mul(BigSIByte, bigSIExp)
+	// BigMByte is 1,000 SI k bytes in big.Ints
+	BigMByte = (&big.Int{}).Mul(BigKByte, bigSIExp)
+	// BigGByte is 1,000 SI m bytes in big.Ints
+	BigGByte = (&big.Int{}).Mul(BigMByte, bigSIExp)
+	// BigTByte is 1,000 SI g bytes in big.Ints
+	BigTByte = (&big.Int{}).Mul(BigGByte, bigSIExp)
+	// BigPByte is 1,000 SI t bytes in big.Ints
+	BigPByte = (&big.Int{}).Mul(BigTByte, bigSIExp)
+	// BigEByte is 1,000 SI p bytes in big.Ints
+	BigEByte = (&big.Int{}).Mul(BigPByte, bigSIExp)
+	// BigZByte is 1,000 SI e bytes in big.Ints
+	BigZByte = (&big.Int{}).Mul(BigEByte, bigSIExp)
+	// BigYByte is 1,000 SI z bytes in big.Ints
+	BigYByte = (&big.Int{}).Mul(BigZByte, bigSIExp)
+	// BigRByte is 1,000 SI y bytes in big.Ints
+	BigRByte = (&big.Int{}).Mul(BigYByte, bigSIExp)
+	// BigQByte is 1,000 SI r bytes in big.Ints
+	BigQByte = (&big.Int{}).Mul(BigRByte, bigSIExp)
+)
+
+var bigBytesSizeTable = map[string]*big.Int{
+	"b":   BigByte,
+	"kib": BigKiByte,
+	"kb":  BigKByte,
+	"mib": BigMiByte,
+	"mb":  BigMByte,
+	"gib": BigGiByte,
+	"gb":  BigGByte,
+	"tib": BigTiByte,
+	"tb":  BigTByte,
+	"pib": BigPiByte,
+	"pb":  BigPByte,
+	"eib": BigEiByte,
+	"eb":  BigEByte,
+	"zib": BigZiByte,
+	"zb":  BigZByte,
+	"yib": BigYiByte,
+	"yb":  BigYByte,
+	"rib": BigRiByte,
+	"rb":  BigRByte,
+	"qib": BigQiByte,
+	"qb":  BigQByte,
+	// Without suffix
+	"":   BigByte,
+	"ki": BigKiByte,
+	"k":  BigKByte,
+	"mi": BigMiByte,
+	"m":  BigMByte,
+	"gi": BigGiByte,
+	"g":  BigGByte,
+	"ti": BigTiByte,
+	"t":  BigTByte,
+	"pi": BigPiByte,
+	"p":  BigPByte,
+	"ei": BigEiByte,
+	"e":  BigEByte,
+	"z":  BigZByte,
+	"zi": BigZiByte,
+	"y":  BigYByte,
+	"yi": BigYiByte,
+	"r":  BigRByte,
+	"ri": BigRiByte,
+	"q":  BigQByte,
+	"qi": BigQiByte,
+}
+
+var ten = big.NewInt(10)
+
+func humanateBigBytes(s, base *big.Int, sizes []string) string {
+	if s.Cmp(ten) < 0 {
+		return fmt.Sprintf("%d B", s)
+	}
+	c := (&big.Int{}).Set(s)
+	val, mag := oomm(c, base, len(sizes)-1)
+	suffix := sizes[mag]
+	f := "%.0f %s"
+	if val < 10 {
+		f = "%.1f %s"
+	}
+
+	return fmt.Sprintf(f, val, suffix)
+
+}
+
+// BigBytes produces a human readable representation of an SI size.
+//
+// See also: ParseBigBytes.
+//
+// BigBytes(82854982) -> 83 MB
+func BigBytes(s *big.Int) string {
+	sizes := []string{"B", "kB", "MB", "GB", "TB", "PB", "EB", "ZB", "YB", "RB", "QB"}
+	return humanateBigBytes(s, bigSIExp, sizes)
+}
+
+// BigIBytes produces a human readable representation of an IEC size.
+//
+// See also: ParseBigBytes.
+//
+// BigIBytes(82854982) -> 79 MiB
+func BigIBytes(s *big.Int) string {
+	sizes := []string{"B", "KiB", "MiB", "GiB", "TiB", "PiB", "EiB", "ZiB", "YiB", "RiB", "QiB"}
+	return humanateBigBytes(s, bigIECExp, sizes)
+}
+
+// ParseBigBytes parses a string representation of bytes into the number
+// of bytes it represents.
+//
+// See also: BigBytes, BigIBytes.
+//
+// ParseBigBytes("42 MB") -> 42000000, nil
+// ParseBigBytes("42 mib") -> 44040192, nil
+func ParseBigBytes(s string) (*big.Int, error) {
+	lastDigit := 0
+	hasComma := false
+	for _, r := range s {
+		if !(unicode.IsDigit(r) || r == '.' || r == ',') {
+			break
+		}
+		if r == ',' {
+			hasComma = true
+		}
+		lastDigit++
+	}
+
+	num := s[:lastDigit]
+	if hasComma {
+		num = strings.Replace(num, ",", "", -1)
+	}
+
+	val := &big.Rat{}
+	_, err := fmt.Sscanf(num, "%f", val)
+	if err != nil {
+		return nil, err
+	}
+
+	extra := strings.ToLower(strings.TrimSpace(s[lastDigit:]))
+	if m, ok := bigBytesSizeTable[extra]; ok {
+		mv := (&big.Rat{}).SetInt(m)
+		val.Mul(val, mv)
+		rv := &big.Int{}
+		rv.Div(val.Num(), val.Denom())
+		return rv, nil
+	}
+
+	return nil, fmt.Errorf("unhandled size name: %v", extra)
+}
diff --git a/vendor/github.com/dustin/go-humanize/bytes.go b/vendor/github.com/dustin/go-humanize/bytes.go
new file mode 100644
index 000000000..0b498f488
--- /dev/null
+++ b/vendor/github.com/dustin/go-humanize/bytes.go
@@ -0,0 +1,143 @@
+package humanize
+
+import (
+	"fmt"
+	"math"
+	"strconv"
+	"strings"
+	"unicode"
+)
+
+// IEC Sizes.
+// kibis of bits
+const (
+	Byte = 1 << (iota * 10)
+	KiByte
+	MiByte
+	GiByte
+	TiByte
+	PiByte
+	EiByte
+)
+
+// SI Sizes.
+const (
+	IByte = 1
+	KByte = IByte * 1000
+	MByte = KByte * 1000
+	GByte = MByte * 1000
+	TByte = GByte * 1000
+	PByte = TByte * 1000
+	EByte = PByte * 1000
+)
+
+var bytesSizeTable = map[string]uint64{
+	"b":   Byte,
+	"kib": KiByte,
+	"kb":  KByte,
+	"mib": MiByte,
+	"mb":  MByte,
+	"gib": GiByte,
+	"gb":  GByte,
+	"tib": TiByte,
+	"tb":  TByte,
+	"pib": PiByte,
+	"pb":  PByte,
+	"eib": EiByte,
+	"eb":  EByte,
+	// Without suffix
+	"":   Byte,
+	"ki": KiByte,
+	"k":  KByte,
+	"mi": MiByte,
+	"m":  MByte,
+	"gi": GiByte,
+	"g":  GByte,
+	"ti": TiByte,
+	"t":  TByte,
+	"pi": PiByte,
+	"p":  PByte,
+	"ei": EiByte,
+	"e":  EByte,
+}
+
+func logn(n, b float64) float64 {
+	return math.Log(n) / math.Log(b)
+}
+
+func humanateBytes(s uint64, base float64, sizes []string) string {
+	if s < 10 {
+		return fmt.Sprintf("%d B", s)
+	}
+	e := math.Floor(logn(float64(s), base))
+	suffix := sizes[int(e)]
+	val := math.Floor(float64(s)/math.Pow(base, e)*10+0.5) / 10
+	f := "%.0f %s"
+	if val < 10 {
+		f = "%.1f %s"
+	}
+
+	return fmt.Sprintf(f, val, suffix)
+}
+
+// Bytes produces a human readable representation of an SI size.
+//
+// See also: ParseBytes.
+//
+// Bytes(82854982) -> 83 MB
+func Bytes(s uint64) string {
+	sizes := []string{"B", "kB", "MB", "GB", "TB", "PB", "EB"}
+	return humanateBytes(s, 1000, sizes)
+}
+
+// IBytes produces a human readable representation of an IEC size.
+//
+// See also: ParseBytes.
+//
+// IBytes(82854982) -> 79 MiB
+func IBytes(s uint64) string {
+	sizes := []string{"B", "KiB", "MiB", "GiB", "TiB", "PiB", "EiB"}
+	return humanateBytes(s, 1024, sizes)
+}
+
+// ParseBytes parses a string representation of bytes into the number
+// of bytes it represents.
+//
+// See Also: Bytes, IBytes.
+//
+// ParseBytes("42 MB") -> 42000000, nil
+// ParseBytes("42 mib") -> 44040192, nil
+func ParseBytes(s string) (uint64, error) {
+	lastDigit := 0
+	hasComma := false
+	for _, r := range s {
+		if !(unicode.IsDigit(r) || r == '.' || r == ',') {
+			break
+		}
+		if r == ',' {
+			hasComma = true
+		}
+		lastDigit++
+	}
+
+	num := s[:lastDigit]
+	if hasComma {
+		num = strings.Replace(num, ",", "", -1)
+	}
+
+	f, err := strconv.ParseFloat(num, 64)
+	if err != nil {
+		return 0, err
+	}
+
+	extra := strings.ToLower(strings.TrimSpace(s[lastDigit:]))
+	if m, ok := bytesSizeTable[extra]; ok {
+		f *= float64(m)
+		if f >= math.MaxUint64 {
+			return 0, fmt.Errorf("too large: %v", s)
+		}
+		return uint64(f), nil
+	}
+
+	return 0, fmt.Errorf("unhandled size name: %v", extra)
+}
diff --git a/vendor/github.com/dustin/go-humanize/comma.go b/vendor/github.com/dustin/go-humanize/comma.go
new file mode 100644
index 000000000..520ae3e57
--- /dev/null
+++ b/vendor/github.com/dustin/go-humanize/comma.go
@@ -0,0 +1,116 @@
+package humanize
+
+import (
+	"bytes"
+	"math"
+	"math/big"
+	"strconv"
+	"strings"
+)
+
+// Comma produces a string form of the given number in base 10 with
+// commas after every three orders of magnitude.
+//
+// e.g. Comma(834142) -> 834,142
+func Comma(v int64) string {
+	sign := ""
+
+	// Min int64 can't be negated to a usable value, so it has to be special cased.
+	if v == math.MinInt64 {
+		return "-9,223,372,036,854,775,808"
+	}
+
+	if v < 0 {
+		sign = "-"
+		v = 0 - v
+	}
+
+	parts := []string{"", "", "", "", "", "", ""}
+	j := len(parts) - 1
+
+	for v > 999 {
+		parts[j] = strconv.FormatInt(v%1000, 10)
+		switch len(parts[j]) {
+		case 2:
+			parts[j] = "0" + parts[j]
+		case 1:
+			parts[j] = "00" + parts[j]
+		}
+		v = v / 1000
+		j--
+	}
+	parts[j] = strconv.Itoa(int(v))
+	return sign + strings.Join(parts[j:], ",")
+}
+
+// Commaf produces a string form of the given number in base 10 with
+// commas after every three orders of magnitude.
+//
+// e.g. Commaf(834142.32) -> 834,142.32
+func Commaf(v float64) string {
+	buf := &bytes.Buffer{}
+	if v < 0 {
+		buf.Write([]byte{'-'})
+		v = 0 - v
+	}
+
+	comma := []byte{','}
+
+	parts := strings.Split(strconv.FormatFloat(v, 'f', -1, 64), ".")
+	pos := 0
+	if len(parts[0])%3 != 0 {
+		pos += len(parts[0]) % 3
+		buf.WriteString(parts[0][:pos])
+		buf.Write(comma)
+	}
+	for ; pos < len(parts[0]); pos += 3 {
+		buf.WriteString(parts[0][pos : pos+3])
+		buf.Write(comma)
+	}
+	buf.Truncate(buf.Len() - 1)
+
+	if len(parts) > 1 {
+		buf.Write([]byte{'.'})
+		buf.WriteString(parts[1])
+	}
+	return buf.String()
+}
+
+// CommafWithDigits works like the Commaf but limits the resulting
+// string to the given number of decimal places.
+//
+// e.g. CommafWithDigits(834142.32, 1) -> 834,142.3
+func CommafWithDigits(f float64, decimals int) string {
+	return stripTrailingDigits(Commaf(f), decimals)
+}
+
+// BigComma produces a string form of the given big.Int in base 10
+// with commas after every three orders of magnitude.
+func BigComma(b *big.Int) string {
+	sign := ""
+	if b.Sign() < 0 {
+		sign = "-"
+		b.Abs(b)
+	}
+
+	athousand := big.NewInt(1000)
+	c := (&big.Int{}).Set(b)
+	_, m := oom(c, athousand)
+	parts := make([]string, m+1)
+	j := len(parts) - 1
+
+	mod := &big.Int{}
+	for b.Cmp(athousand) >= 0 {
+		b.DivMod(b, athousand, mod)
+		parts[j] = strconv.FormatInt(mod.Int64(), 10)
+		switch len(parts[j]) {
+		case 2:
+			parts[j] = "0" + parts[j]
+		case 1:
+			parts[j] = "00" + parts[j]
+		}
+		j--
+	}
+	parts[j] = strconv.Itoa(int(b.Int64()))
+	return sign + strings.Join(parts[j:], ",")
+}
diff --git a/vendor/github.com/dustin/go-humanize/commaf.go b/vendor/github.com/dustin/go-humanize/commaf.go
new file mode 100644
index 000000000..2bc83a03c
--- /dev/null
+++ b/vendor/github.com/dustin/go-humanize/commaf.go
@@ -0,0 +1,41 @@
+//go:build go1.6
+// +build go1.6
+
+package humanize
+
+import (
+	"bytes"
+	"math/big"
+	"strings"
+)
+
+// BigCommaf produces a string form of the given big.Float in base 10
+// with commas after every three orders of magnitude.
+func BigCommaf(v *big.Float) string {
+	buf := &bytes.Buffer{}
+	if v.Sign() < 0 {
+		buf.Write([]byte{'-'})
+		v.Abs(v)
+	}
+
+	comma := []byte{','}
+
+	parts := strings.Split(v.Text('f', -1), ".")
+	pos := 0
+	if len(parts[0])%3 != 0 {
+		pos += len(parts[0]) % 3
+		buf.WriteString(parts[0][:pos])
+		buf.Write(comma)
+	}
+	for ; pos < len(parts[0]); pos += 3 {
+		buf.WriteString(parts[0][pos : pos+3])
+		buf.Write(comma)
+	}
+	buf.Truncate(buf.Len() - 1)
+
+	if len(parts) > 1 {
+		buf.Write([]byte{'.'})
+		buf.WriteString(parts[1])
+	}
+	return buf.String()
+}
diff --git a/vendor/github.com/dustin/go-humanize/ftoa.go b/vendor/github.com/dustin/go-humanize/ftoa.go
new file mode 100644
index 000000000..bce923f37
--- /dev/null
+++ b/vendor/github.com/dustin/go-humanize/ftoa.go
@@ -0,0 +1,49 @@
+package humanize
+
+import (
+	"strconv"
+	"strings"
+)
+
+func stripTrailingZeros(s string) string {
+	if !strings.ContainsRune(s, '.') {
+		return s
+	}
+	offset := len(s) - 1
+	for offset > 0 {
+		if s[offset] == '.' {
+			offset--
+			break
+		}
+		if s[offset] != '0' {
+			break
+		}
+		offset--
+	}
+	return s[:offset+1]
+}
+
+func stripTrailingDigits(s string, digits int) string {
+	if i := strings.Index(s, "."); i >= 0 {
+		if digits <= 0 {
+			return s[:i]
+		}
+		i++
+		if i+digits >= len(s) {
+			return s
+		}
+		return s[:i+digits]
+	}
+	return s
+}
+
+// Ftoa converts a float to a string with no trailing zeros.
+func Ftoa(num float64) string {
+	return stripTrailingZeros(strconv.FormatFloat(num, 'f', 6, 64))
+}
+
+// FtoaWithDigits converts a float to a string but limits the resulting string
+// to the given number of decimal places, and no trailing zeros.
+func FtoaWithDigits(num float64, digits int) string {
+	return stripTrailingZeros(stripTrailingDigits(strconv.FormatFloat(num, 'f', 6, 64), digits))
+}
diff --git a/vendor/github.com/dustin/go-humanize/humanize.go b/vendor/github.com/dustin/go-humanize/humanize.go
new file mode 100644
index 000000000..a2c2da31e
--- /dev/null
+++ b/vendor/github.com/dustin/go-humanize/humanize.go
@@ -0,0 +1,8 @@
+/*
+Package humanize converts boring ugly numbers to human-friendly strings and back.
+
+Durations can be turned into strings such as "3 days ago", numbers
+representing sizes like 82854982 into useful strings like, "83 MB" or
+"79 MiB" (whichever you prefer).
+*/
+package humanize
diff --git a/vendor/github.com/dustin/go-humanize/number.go b/vendor/github.com/dustin/go-humanize/number.go
new file mode 100644
index 000000000..6470d0d47
--- /dev/null
+++ b/vendor/github.com/dustin/go-humanize/number.go
@@ -0,0 +1,192 @@
+package humanize
+
+/*
+Slightly adapted from the source to fit go-humanize.
+
+Author: https://github.com/gorhill
+Source: https://gist.github.com/gorhill/5285193
+
+*/
+
+import (
+	"math"
+	"strconv"
+)
+
+var (
+	renderFloatPrecisionMultipliers = [...]float64{
+		1,
+		10,
+		100,
+		1000,
+		10000,
+		100000,
+		1000000,
+		10000000,
+		100000000,
+		1000000000,
+	}
+
+	renderFloatPrecisionRounders = [...]float64{
+		0.5,
+		0.05,
+		0.005,
+		0.0005,
+		0.00005,
+		0.000005,
+		0.0000005,
+		0.00000005,
+		0.000000005,
+		0.0000000005,
+	}
+)
+
+// FormatFloat produces a formatted number as string based on the following user-specified criteria:
+// * thousands separator
+// * decimal separator
+// * decimal precision
+//
+// Usage: s := RenderFloat(format, n)
+// The format parameter tells how to render the number n.
+//
+// See examples: http://play.golang.org/p/LXc1Ddm1lJ
+//
+// Examples of format strings, given n = 12345.6789:
+// "#,###.##" => "12,345.67"
+// "#,###." => "12,345"
+// "#,###" => "12345,678"
+// "#\u202F###,##" => "12 345,68"
+// "#.###,###### => 12.345,678900
+// "" (aka default format) => 12,345.67
+//
+// The highest precision allowed is 9 digits after the decimal symbol.
+// There is also a version for integer number, FormatInteger(),
+// which is convenient for calls within template.
+func FormatFloat(format string, n float64) string {
+	// Special cases:
+	//   NaN = "NaN"
+	//   +Inf = "+Infinity"
+	//   -Inf = "-Infinity"
+	if math.IsNaN(n) {
+		return "NaN"
+	}
+	if n > math.MaxFloat64 {
+		return "Infinity"
+	}
+	if n < (0.0 - math.MaxFloat64) {
+		return "-Infinity"
+	}
+
+	// default format
+	precision := 2
+	decimalStr := "."
+	thousandStr := ","
+	positiveStr := ""
+	negativeStr := "-"
+
+	if len(format) > 0 {
+		format := []rune(format)
+
+		// If there is an explicit format directive,
+		// then default values are these:
+		precision = 9
+		thousandStr = ""
+
+		// collect indices of meaningful formatting directives
+		formatIndx := []int{}
+		for i, char := range format {
+			if char != '#' && char != '0' {
+				formatIndx = append(formatIndx, i)
+			}
+		}
+
+		if len(formatIndx) > 0 {
+			// Directive at index 0:
+			//   Must be a '+'
+			//   Raise an error if not the case
+			// index: 0123456789
+			//        +0.000,000
+			//        +000,000.0
+			//        +0000.00
+			//        +0000
+			if formatIndx[0] == 0 {
+				if format[formatIndx[0]] != '+' {
+					panic("RenderFloat(): invalid positive sign directive")
+				}
+				positiveStr = "+"
+				formatIndx = formatIndx[1:]
+			}
+
+			// Two directives:
+			//   First is thousands separator
+			//   Raise an error if not followed by 3-digit
+			// 0123456789
+			// 0.000,000
+			// 000,000.00
+			if len(formatIndx) == 2 {
+				if (formatIndx[1] - formatIndx[0]) != 4 {
+					panic("RenderFloat(): thousands separator directive must be followed by 3 digit-specifiers")
+				}
+				thousandStr = string(format[formatIndx[0]])
+				formatIndx = formatIndx[1:]
+			}
+
+			// One directive:
+			//   Directive is decimal separator
+			//   The number of digit-specifier following the separator indicates wanted precision
+			// 0123456789
+			// 0.00
+			// 000,0000
+			if len(formatIndx) == 1 {
+				decimalStr = string(format[formatIndx[0]])
+				precision = len(format) - formatIndx[0] - 1
+			}
+		}
+	}
+
+	// generate sign part
+	var signStr string
+	if n >= 0.000000001 {
+		signStr = positiveStr
+	} else if n <= -0.000000001 {
+		signStr = negativeStr
+		n = -n
+	} else {
+		signStr = ""
+		n = 0.0
+	}
+
+	// split number into integer and fractional parts
+	intf, fracf := math.Modf(n + renderFloatPrecisionRounders[precision])
+
+	// generate integer part string
+	intStr := strconv.FormatInt(int64(intf), 10)
+
+	// add thousand separator if required
+	if len(thousandStr) > 0 {
+		for i := len(intStr); i > 3; {
+			i -= 3
+			intStr = intStr[:i] + thousandStr + intStr[i:]
+		}
+	}
+
+	// no fractional part, we can leave now
+	if precision == 0 {
+		return signStr + intStr
+	}
+
+	// generate fractional part
+	fracStr := strconv.Itoa(int(fracf * renderFloatPrecisionMultipliers[precision]))
+	// may need padding
+	if len(fracStr) < precision {
+		fracStr = "000000000000000"[:precision-len(fracStr)] + fracStr
+	}
+
+	return signStr + intStr + decimalStr + fracStr
+}
+
+// FormatInteger produces a formatted number as string.
+// See FormatFloat.
+func FormatInteger(format string, n int) string {
+	return FormatFloat(format, float64(n))
+}
diff --git a/vendor/github.com/dustin/go-humanize/ordinals.go b/vendor/github.com/dustin/go-humanize/ordinals.go
new file mode 100644
index 000000000..43d88a861
--- /dev/null
+++ b/vendor/github.com/dustin/go-humanize/ordinals.go
@@ -0,0 +1,25 @@
+package humanize
+
+import "strconv"
+
+// Ordinal gives you the input number in a rank/ordinal format.
+//
+// Ordinal(3) -> 3rd
+func Ordinal(x int) string {
+	suffix := "th"
+	switch x % 10 {
+	case 1:
+		if x%100 != 11 {
+			suffix = "st"
+		}
+	case 2:
+		if x%100 != 12 {
+			suffix = "nd"
+		}
+	case 3:
+		if x%100 != 13 {
+			suffix = "rd"
+		}
+	}
+	return strconv.Itoa(x) + suffix
+}
diff --git a/vendor/github.com/dustin/go-humanize/si.go b/vendor/github.com/dustin/go-humanize/si.go
new file mode 100644
index 000000000..8b8501984
--- /dev/null
+++ b/vendor/github.com/dustin/go-humanize/si.go
@@ -0,0 +1,127 @@
+package humanize
+
+import (
+	"errors"
+	"math"
+	"regexp"
+	"strconv"
+)
+
+var siPrefixTable = map[float64]string{
+	-30: "q", // quecto
+	-27: "r", // ronto
+	-24: "y", // yocto
+	-21: "z", // zepto
+	-18: "a", // atto
+	-15: "f", // femto
+	-12: "p", // pico
+	-9:  "n", // nano
+	-6:  "µ", // micro
+	-3:  "m", // milli
+	0:   "",
+	3:   "k", // kilo
+	6:   "M", // mega
+	9:   "G", // giga
+	12:  "T", // tera
+	15:  "P", // peta
+	18:  "E", // exa
+	21:  "Z", // zetta
+	24:  "Y", // yotta
+	27:  "R", // ronna
+	30:  "Q", // quetta
+}
+
+var revSIPrefixTable = revfmap(siPrefixTable)
+
+// revfmap reverses the map and precomputes the power multiplier
+func revfmap(in map[float64]string) map[string]float64 {
+	rv := map[string]float64{}
+	for k, v := range in {
+		rv[v] = math.Pow(10, k)
+	}
+	return rv
+}
+
+var riParseRegex *regexp.Regexp
+
+func init() {
+	ri := `^([\-0-9.]+)\s?([`
+	for _, v := range siPrefixTable {
+		ri += v
+	}
+	ri += `]?)(.*)`
+
+	riParseRegex = regexp.MustCompile(ri)
+}
+
+// ComputeSI finds the most appropriate SI prefix for the given number
+// and returns the prefix along with the value adjusted to be within
+// that prefix.
+//
+// See also: SI, ParseSI.
+//
+// e.g. ComputeSI(2.2345e-12) -> (2.2345, "p")
+func ComputeSI(input float64) (float64, string) {
+	if input == 0 {
+		return 0, ""
+	}
+	mag := math.Abs(input)
+	exponent := math.Floor(logn(mag, 10))
+	exponent = math.Floor(exponent/3) * 3
+
+	value := mag / math.Pow(10, exponent)
+
+	// Handle special case where value is exactly 1000.0
+	// Should return 1 M instead of 1000 k
+	if value == 1000.0 {
+		exponent += 3
+		value = mag / math.Pow(10, exponent)
+	}
+
+	value = math.Copysign(value, input)
+
+	prefix := siPrefixTable[exponent]
+	return value, prefix
+}
+
+// SI returns a string with default formatting.
+//
+// SI uses Ftoa to format float value, removing trailing zeros.
+//
+// See also: ComputeSI, ParseSI.
+//
+// e.g. SI(1000000, "B") -> 1 MB
+// e.g. SI(2.2345e-12, "F") -> 2.2345 pF
+func SI(input float64, unit string) string {
+	value, prefix := ComputeSI(input)
+	return Ftoa(value) + " " + prefix + unit
+}
+
+// SIWithDigits works like SI but limits the resulting string to the
+// given number of decimal places.
+//
+// e.g. SIWithDigits(1000000, 0, "B") -> 1 MB
+// e.g. SIWithDigits(2.2345e-12, 2, "F") -> 2.23 pF
+func SIWithDigits(input float64, decimals int, unit string) string {
+	value, prefix := ComputeSI(input)
+	return FtoaWithDigits(value, decimals) + " " + prefix + unit
+}
+
+var errInvalid = errors.New("invalid input")
+
+// ParseSI parses an SI string back into the number and unit.
+//
+// See also: SI, ComputeSI.
+//
+// e.g. ParseSI("2.2345 pF") -> (2.2345e-12, "F", nil)
+func ParseSI(input string) (float64, string, error) {
+	found := riParseRegex.FindStringSubmatch(input)
+	if len(found) != 4 {
+		return 0, "", errInvalid
+	}
+	mag := revSIPrefixTable[found[2]]
+	unit := found[3]
+
+	base, err := strconv.ParseFloat(found[1], 64)
+	return base * mag, unit, err
+}
diff --git a/vendor/github.com/dustin/go-humanize/times.go b/vendor/github.com/dustin/go-humanize/times.go
new file mode 100644
index 000000000..dd3fbf5ef
--- /dev/null
+++ b/vendor/github.com/dustin/go-humanize/times.go
@@ -0,0 +1,117 @@
+package humanize
+
+import (
+	"fmt"
+	"math"
+	"sort"
+	"time"
+)
+
+// Seconds-based time units
+const (
+	Day      = 24 * time.Hour
+	Week     = 7 * Day
+	Month    = 30 * Day
+	Year     = 12 * Month
+	LongTime = 37 * Year
+)
+
+// Time formats a time into a relative string.
+//
+// Time(someT) -> "3 weeks ago"
+func Time(then time.Time) string {
+	return RelTime(then, time.Now(), "ago", "from now")
+}
+
+// A RelTimeMagnitude struct contains a relative time point at which
+// the relative format of time will switch to a new format string.  A
+// slice of these in ascending order by their "D" field is passed to
+// CustomRelTime to format durations.
+//
+// The Format field is a string that may contain a "%s" which will be
+// replaced with the appropriate signed label (e.g. "ago" or "from
+// now") and a "%d" that will be replaced by the quantity.
+//
+// The DivBy field is the amount of time the time difference must be
+// divided by in order to display correctly.
+//
+// e.g. if D is 2*time.Minute and you want to display "%d minutes %s"
+// DivBy should be time.Minute so whatever the duration is will be
+// expressed in minutes.
+type RelTimeMagnitude struct {
+	D      time.Duration
+	Format string
+	DivBy  time.Duration
+}
+
+var defaultMagnitudes = []RelTimeMagnitude{
+	{time.Second, "now", time.Second},
+	{2 * time.Second, "1 second %s", 1},
+	{time.Minute, "%d seconds %s", time.Second},
+	{2 * time.Minute, "1 minute %s", 1},
+	{time.Hour, "%d minutes %s", time.Minute},
+	{2 * time.Hour, "1 hour %s", 1},
+	{Day, "%d hours %s", time.Hour},
+	{2 * Day, "1 day %s", 1},
+	{Week, "%d days %s", Day},
+	{2 * Week, "1 week %s", 1},
+	{Month, "%d weeks %s", Week},
+	{2 * Month, "1 month %s", 1},
+	{Year, "%d months %s", Month},
+	{18 * Month, "1 year %s", 1},
+	{2 * Year, "2 years %s", 1},
+	{LongTime, "%d years %s", Year},
+	{math.MaxInt64, "a long while %s", 1},
+}
+
+// RelTime formats a time into a relative string.
+//
+// It takes two times and two labels.  In addition to the generic time
+// delta string (e.g. 5 minutes), the labels are used applied so that
+// the label corresponding to the smaller time is applied.
+//
+// RelTime(timeInPast, timeInFuture, "earlier", "later") -> "3 weeks earlier"
+func RelTime(a, b time.Time, albl, blbl string) string {
+	return CustomRelTime(a, b, albl, blbl, defaultMagnitudes)
+}
+
+// CustomRelTime formats a time into a relative string.
+//
+// It takes two times two labels and a table of relative time formats.
+// In addition to the generic time delta string (e.g. 5 minutes), the
+// labels are used applied so that the label corresponding to the
+// smaller time is applied.
+func CustomRelTime(a, b time.Time, albl, blbl string, magnitudes []RelTimeMagnitude) string {
+	lbl := albl
+	diff := b.Sub(a)
+
+	if a.After(b) {
+		lbl = blbl
+		diff = a.Sub(b)
+	}
+
+	n := sort.Search(len(magnitudes), func(i int) bool {
+		return magnitudes[i].D > diff
+	})
+
+	if n >= len(magnitudes) {
+		n = len(magnitudes) - 1
+	}
+	mag := magnitudes[n]
+	args := []interface{}{}
+	escaped := false
+	for _, ch := range mag.Format {
+		if escaped {
+			switch ch {
+			case 's':
+				args = append(args, lbl)
+			case 'd':
+				args = append(args, diff/mag.DivBy)
+			}
+			escaped = false
+		} else {
+			escaped = ch == '%'
+		}
+	}
+	return fmt.Sprintf(mag.Format, args...)
+}
diff --git a/vendor/github.com/ebitengine/purego/.gitignore b/vendor/github.com/ebitengine/purego/.gitignore
new file mode 100644
index 000000000..b25c15b81
--- /dev/null
+++ b/vendor/github.com/ebitengine/purego/.gitignore
@@ -0,0 +1 @@
+*~
diff --git a/vendor/github.com/matttproud/golang_protobuf_extensions/LICENSE b/vendor/github.com/ebitengine/purego/LICENSE
similarity index 100%
rename from vendor/github.com/matttproud/golang_protobuf_extensions/LICENSE
rename to vendor/github.com/ebitengine/purego/LICENSE
diff --git a/vendor/github.com/ebitengine/purego/README.md b/vendor/github.com/ebitengine/purego/README.md
new file mode 100644
index 000000000..7115f7276
--- /dev/null
+++ b/vendor/github.com/ebitengine/purego/README.md
@@ -0,0 +1,74 @@
+# purego
+[![Go Reference](https://pkg.go.dev/badge/github.com/ebitengine/purego?GOOS=darwin.svg)](https://pkg.go.dev/github.com/ebitengine/purego?GOOS=darwin)
+
+A library for calling C functions from Go without Cgo.
+
+## Motivation
+
+The [Ebitengine](https://github.com/hajimehoshi/ebiten) game engine was ported to use only Go on Windows. This enabled
+cross-compiling to Windows from any other operating system simply by setting `GOOS=windows`. The purego project was
+born to bring that same vision to the other platforms supported by Ebitengine.
+
+## Benefits
+
+- **Simple Cross-Compilation**: No C means you can build for other platforms easily without a C compiler.
+- **Faster Compilation**: Efficiently cache your entirely Go builds.
+- **Smaller Binaries**: Using Cgo generates a C wrapper function for each C function called. Purego doesn't!
+- **Dynamic Linking**: Load symbols at runtime and use it as a plugin system.
+- **Foreign Function Interface**: Call into other languages that are compiled into shared objects.
+
+## Example
+
+This example only works on macOS and Linux. For a complete example look at [libc](https://github.com/ebitengine/purego/tree/main/examples/libc) which supports Windows and FreeBSD.
+
+```go
+package main
+
+import (
+	"fmt"
+	"runtime"
+
+	"github.com/ebitengine/purego"
+)
+
+func getSystemLibrary() string {
+	switch runtime.GOOS {
+	case "darwin":
+		return "/usr/lib/libSystem.B.dylib"
+	case "linux":
+		return "libc.so.6"
+	default:
+		panic(fmt.Errorf("GOOS=%s is not supported", runtime.GOOS))
+	}
+}
+
+func main() {
+	libc, err := purego.Dlopen(getSystemLibrary(), purego.RTLD_NOW|purego.RTLD_GLOBAL)
+	if err != nil {
+		panic(err)
+	}
+	var puts func(string)
+	purego.RegisterLibFunc(&puts, libc, "puts")
+	puts("Calling C from Go without Cgo!")
+}
+```
+
+Then to run: `CGO_ENABLED=0 go run main.go`
+
+### External Code
+
+Purego uses code that originates from the Go runtime. These files are under the BSD-3
+License that can be found [in the Go Source](https://github.com/golang/go/blob/master/LICENSE).
+This is a list of the copied files:
+
+* `abi_*.h` from package `runtime/cgo`
+* `zcallback_darwin_*.s` from package `runtime`
+* `internal/fakecgo/abi_*.h` from package `runtime/cgo`
+* `internal/fakecgo/asm_GOARCH.s` from package `runtime/cgo`
+* `internal/fakecgo/callbacks.go` from package `runtime/cgo`
+* `internal/fakecgo/go_GOOS_GOARCH.go` from package `runtime/cgo`
+* `internal/fakecgo/iscgo.go` from package `runtime/cgo`
+* `internal/fakecgo/setenv.go` from package `runtime/cgo`
+* `internal/fakecgo/freebsd.go` from package `runtime/cgo`
+
+The files `abi_*.h` and `internal/fakecgo/abi_*.h` are the same because Bazel does not support cross-package use of `#include` so we need each one once per package. (cf. [issue](https://github.com/bazelbuild/rules_go/issues/3636))
diff --git a/vendor/github.com/ebitengine/purego/abi_amd64.h b/vendor/github.com/ebitengine/purego/abi_amd64.h
new file mode 100644
index 000000000..9949435fe
--- /dev/null
+++ b/vendor/github.com/ebitengine/purego/abi_amd64.h
@@ -0,0 +1,99 @@
+// Copyright 2021 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Macros for transitioning from the host ABI to Go ABI0.
+//
+// These save the frame pointer, so in general, functions that use
+// these should have zero frame size to suppress the automatic frame
+// pointer, though it's harmless to not do this.
+
+#ifdef GOOS_windows
+
+// REGS_HOST_TO_ABI0_STACK is the stack bytes used by
+// PUSH_REGS_HOST_TO_ABI0.
+#define REGS_HOST_TO_ABI0_STACK (28*8 + 8)
+
+// PUSH_REGS_HOST_TO_ABI0 prepares for transitioning from
+// the host ABI to Go ABI0 code. It saves all registers that are
+// callee-save in the host ABI and caller-save in Go ABI0 and prepares
+// for entry to Go.
+//
+// Save DI SI BP BX R12 R13 R14 R15 X6-X15 registers and the DF flag.
+// Clear the DF flag for the Go ABI.
+// MXCSR matches the Go ABI, so we don't have to set that,
+// and Go doesn't modify it, so we don't have to save it.
+#define PUSH_REGS_HOST_TO_ABI0()	\
+	PUSHFQ			\
+	CLD			\
+	ADJSP	$(REGS_HOST_TO_ABI0_STACK - 8)	\
+	MOVQ	DI, (0*0)(SP)	\
+	MOVQ	SI, (1*8)(SP)	\
+	MOVQ	BP, (2*8)(SP)	\
+	MOVQ	BX, (3*8)(SP)	\
+	MOVQ	R12, (4*8)(SP)	\
+	MOVQ	R13, (5*8)(SP)	\
+	MOVQ	R14, (6*8)(SP)	\
+	MOVQ	R15, (7*8)(SP)	\
+	MOVUPS	X6, (8*8)(SP)	\
+	MOVUPS	X7, (10*8)(SP)	\
+	MOVUPS	X8, (12*8)(SP)	\
+	MOVUPS	X9, (14*8)(SP)	\
+	MOVUPS	X10, (16*8)(SP)	\
+	MOVUPS	X11, (18*8)(SP)	\
+	MOVUPS	X12, (20*8)(SP)	\
+	MOVUPS	X13, (22*8)(SP)	\
+	MOVUPS	X14, (24*8)(SP)	\
+	MOVUPS	X15, (26*8)(SP)
+
+#define POP_REGS_HOST_TO_ABI0()	\
+	MOVQ	(0*0)(SP), DI	\
+	MOVQ	(1*8)(SP), SI	\
+	MOVQ	(2*8)(SP), BP	\
+	MOVQ	(3*8)(SP), BX	\
+	MOVQ	(4*8)(SP), R12	\
+	MOVQ	(5*8)(SP), R13	\
+	MOVQ	(6*8)(SP), R14	\
+	MOVQ	(7*8)(SP), R15	\
+	MOVUPS	(8*8)(SP), X6	\
+	MOVUPS	(10*8)(SP), X7	\
+	MOVUPS	(12*8)(SP), X8	\
+	MOVUPS	(14*8)(SP), X9	\
+	MOVUPS	(16*8)(SP), X10	\
+	MOVUPS	(18*8)(SP), X11	\
+	MOVUPS	(20*8)(SP), X12	\
+	MOVUPS	(22*8)(SP), X13	\
+	MOVUPS	(24*8)(SP), X14	\
+	MOVUPS	(26*8)(SP), X15	\
+	ADJSP	$-(REGS_HOST_TO_ABI0_STACK - 8)	\
+	POPFQ
+
+#else
+// SysV ABI
+
+#define REGS_HOST_TO_ABI0_STACK (6*8)
+
+// SysV MXCSR matches the Go ABI, so we don't have to set that,
+// and Go doesn't modify it, so we don't have to save it.
+// Both SysV and Go require DF to be cleared, so that's already clear.
+// The SysV and Go frame pointer conventions are compatible.
+#define PUSH_REGS_HOST_TO_ABI0()	\
+	ADJSP	$(REGS_HOST_TO_ABI0_STACK)	\
+	MOVQ	BP, (5*8)(SP)	\
+	LEAQ	(5*8)(SP), BP	\
+	MOVQ	BX, (0*8)(SP)	\
+	MOVQ	R12, (1*8)(SP)	\
+	MOVQ	R13, (2*8)(SP)	\
+	MOVQ	R14, (3*8)(SP)	\
+	MOVQ	R15, (4*8)(SP)
+
+#define POP_REGS_HOST_TO_ABI0()	\
+	MOVQ	(0*8)(SP), BX	\
+	MOVQ	(1*8)(SP), R12	\
+	MOVQ	(2*8)(SP), R13	\
+	MOVQ	(3*8)(SP), R14	\
+	MOVQ	(4*8)(SP), R15	\
+	MOVQ	(5*8)(SP), BP	\
+	ADJSP	$-(REGS_HOST_TO_ABI0_STACK)
+
+#endif
diff --git a/vendor/github.com/ebitengine/purego/abi_arm64.h b/vendor/github.com/ebitengine/purego/abi_arm64.h
new file mode 100644
index 000000000..5d5061ec1
--- /dev/null
+++ b/vendor/github.com/ebitengine/purego/abi_arm64.h
@@ -0,0 +1,39 @@
+// Copyright 2021 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Macros for transitioning from the host ABI to Go ABI0.
+//
+// These macros save and restore the callee-saved registers
+// from the stack, but they don't adjust stack pointer, so
+// the user should prepare stack space in advance.
+// SAVE_R19_TO_R28(offset) saves R19 ~ R28 to the stack space
+// of ((offset)+0*8)(RSP) ~ ((offset)+9*8)(RSP).
+//
+// SAVE_F8_TO_F15(offset) saves F8 ~ F15 to the stack space
+// of ((offset)+0*8)(RSP) ~ ((offset)+7*8)(RSP).
+//
+// R29 is not saved because Go will save and restore it.
+
+#define SAVE_R19_TO_R28(offset) \
+	STP	(R19, R20), ((offset)+0*8)(RSP) \
+	STP	(R21, R22), ((offset)+2*8)(RSP) \
+	STP	(R23, R24), ((offset)+4*8)(RSP) \
+	STP	(R25, R26), ((offset)+6*8)(RSP) \
+	STP	(R27, g), ((offset)+8*8)(RSP)
+#define RESTORE_R19_TO_R28(offset) \
+	LDP	((offset)+0*8)(RSP), (R19, R20) \
+	LDP	((offset)+2*8)(RSP), (R21, R22) \
+	LDP	((offset)+4*8)(RSP), (R23, R24) \
+	LDP	((offset)+6*8)(RSP), (R25, R26) \
+	LDP	((offset)+8*8)(RSP), (R27, g) /* R28 */
+#define SAVE_F8_TO_F15(offset) \
+	FSTPD	(F8, F9), ((offset)+0*8)(RSP) \
+	FSTPD	(F10, F11), ((offset)+2*8)(RSP) \
+	FSTPD	(F12, F13), ((offset)+4*8)(RSP) \
+	FSTPD	(F14, F15), ((offset)+6*8)(RSP)
+#define RESTORE_F8_TO_F15(offset) \
+	FLDPD	((offset)+0*8)(RSP), (F8, F9) \
+	FLDPD	((offset)+2*8)(RSP), (F10, F11) \
+	FLDPD	((offset)+4*8)(RSP), (F12, F13) \
+	FLDPD	((offset)+6*8)(RSP), (F14, F15)
diff --git a/vendor/github.com/ebitengine/purego/cgo.go b/vendor/github.com/ebitengine/purego/cgo.go
new file mode 100644
index 000000000..32fe78235
--- /dev/null
+++ b/vendor/github.com/ebitengine/purego/cgo.go
@@ -0,0 +1,15 @@
+// SPDX-License-Identifier: Apache-2.0
+// SPDX-FileCopyrightText: 2022 The Ebitengine Authors
+
+//go:build cgo && (darwin || freebsd || linux)
+
+package purego
+
+// if CGO_ENABLED=1 import the Cgo runtime to ensure that it is set up properly.
+// This is required since some frameworks need TLS setup the C way which Go doesn't do.
+// We currently don't support ios in fakecgo mode so force Cgo or fail
+// Even if CGO_ENABLED=1 the Cgo runtime is not imported unless `import "C"` is used.
+// which will import this package automatically. Normally this isn't an issue since it
+// usually isn't possible to call into C without using that import. However, with purego
+// it is since we don't use `import "C"`!
+import _ "runtime/cgo"
diff --git a/vendor/github.com/ebitengine/purego/dlerror.go b/vendor/github.com/ebitengine/purego/dlerror.go
new file mode 100644
index 000000000..cf4c0505d
--- /dev/null
+++ b/vendor/github.com/ebitengine/purego/dlerror.go
@@ -0,0 +1,15 @@
+// SPDX-License-Identifier: Apache-2.0
+// SPDX-FileCopyrightText: 2023 The Ebitengine Authors
+
+//go:build darwin || freebsd || linux
+
+package purego
+
+// Dlerror represents an error value returned from Dlopen, Dlsym, or Dlclose.
+type Dlerror struct {
+	s string
+}
+
+func (e Dlerror) Error() string {
+	return e.s
+}
diff --git a/vendor/github.com/ebitengine/purego/dlfcn.go b/vendor/github.com/ebitengine/purego/dlfcn.go
new file mode 100644
index 000000000..2ee6f34b3
--- /dev/null
+++ b/vendor/github.com/ebitengine/purego/dlfcn.go
@@ -0,0 +1,94 @@
+// SPDX-License-Identifier: Apache-2.0
+// SPDX-FileCopyrightText: 2022 The Ebitengine Authors
+
+//go:build darwin || freebsd || linux
+
+package purego
+
+import (
+	"unsafe"
+)
+
+// Unix Specification for dlfcn.h: https://pubs.opengroup.org/onlinepubs/7908799/xsh/dlfcn.h.html
+
+var (
+	fnDlopen  func(path string, mode int) uintptr
+	fnDlsym   func(handle uintptr, name string) uintptr
+	fnDlerror func() string
+	fnDlclose func(handle uintptr) bool
+)
+
+func init() {
+	RegisterFunc(&fnDlopen, dlopenABI0)
+	RegisterFunc(&fnDlsym, dlsymABI0)
+	RegisterFunc(&fnDlerror, dlerrorABI0)
+	RegisterFunc(&fnDlclose, dlcloseABI0)
+}
+
+// Dlopen examines the dynamic library or bundle file specified by path. If the file is compatible
+// with the current process and has not already been loaded into the
+// current process, it is loaded and linked. After being linked, if it contains
+// any initializer functions, they are called, before Dlopen
+// returns. It returns a handle that can be used with Dlsym and Dlclose.
+// A second call to Dlopen with the same path will return the same handle, but the internal
+// reference count for the handle will be incremented. Therefore, all
+// Dlopen calls should be balanced with a Dlclose call.
+func Dlopen(path string, mode int) (uintptr, error) {
+	u := fnDlopen(path, mode)
+	if u == 0 {
+		return 0, Dlerror{fnDlerror()}
+	}
+	return u, nil
+}
+
+// Dlsym takes a "handle" of a dynamic library returned by Dlopen and the symbol name.
+// It returns the address where that symbol is loaded into memory. If the symbol is not found,
+// in the specified library or any of the libraries that were automatically loaded by Dlopen
+// when that library was loaded, Dlsym returns zero.
+func Dlsym(handle uintptr, name string) (uintptr, error) {
+	u := fnDlsym(handle, name)
+	if u == 0 {
+		return 0, Dlerror{fnDlerror()}
+	}
+	return u, nil
+}
+
+// Dlclose decrements the reference count on the dynamic library handle.
+// If the reference count drops to zero and no other loaded libraries
+// use symbols in it, then the dynamic library is unloaded.
+func Dlclose(handle uintptr) error {
+	if fnDlclose(handle) {
+		return Dlerror{fnDlerror()}
+	}
+	return nil
+}
+
+//go:linkname openLibrary openLibrary
+func openLibrary(name string) (uintptr, error) {
+	return Dlopen(name, RTLD_NOW|RTLD_GLOBAL)
+}
+
+func loadSymbol(handle uintptr, name string) (uintptr, error) {
+	return Dlsym(handle, name)
+}
+
+// these functions exist in dlfcn_stubs.s and are calling C functions linked to in dlfcn_GOOS.go
+// the indirection is necessary because a function is actually a pointer to the pointer to the code.
+// sadly, I do not know of anyway to remove the assembly stubs entirely because //go:linkname doesn't
+// appear to work if you link directly to the C function on darwin arm64.
+
+//go:linkname dlopen dlopen
+var dlopen uintptr
+var dlopenABI0 = uintptr(unsafe.Pointer(&dlopen))
+
+//go:linkname dlsym dlsym
+var dlsym uintptr
+var dlsymABI0 = uintptr(unsafe.Pointer(&dlsym))
+
+//go:linkname dlclose dlclose
+var dlclose uintptr
+var dlcloseABI0 = uintptr(unsafe.Pointer(&dlclose))
+
+//go:linkname dlerror dlerror
+var dlerror uintptr
+var dlerrorABI0 = uintptr(unsafe.Pointer(&dlerror))
diff --git a/vendor/github.com/ebitengine/purego/dlfcn_darwin.go b/vendor/github.com/ebitengine/purego/dlfcn_darwin.go
new file mode 100644
index 000000000..66ccf16d9
--- /dev/null
+++ b/vendor/github.com/ebitengine/purego/dlfcn_darwin.go
@@ -0,0 +1,19 @@
+// SPDX-License-Identifier: Apache-2.0
+// SPDX-FileCopyrightText: 2022 The Ebitengine Authors
+
+package purego
+
+// Source for constants: https://opensource.apple.com/source/dyld/dyld-360.14/include/dlfcn.h.auto.html
+
+const (
+	RTLD_DEFAULT = ^uintptr(0) - 1 // Pseudo-handle for dlsym so search for any loaded symbol
+	RTLD_LAZY    = 0x1             // Relocations are performed at an implementation-dependent time.
+	RTLD_NOW     = 0x2             // Relocations are performed when the object is loaded.
+	RTLD_LOCAL   = 0x4             // All symbols are not made available for relocation processing by other modules.
+	RTLD_GLOBAL  = 0x8             // All symbols are available for relocation processing of other modules.
+)
+
+//go:cgo_import_dynamic purego_dlopen dlopen "/usr/lib/libSystem.B.dylib"
+//go:cgo_import_dynamic purego_dlsym dlsym "/usr/lib/libSystem.B.dylib"
+//go:cgo_import_dynamic purego_dlerror dlerror "/usr/lib/libSystem.B.dylib"
+//go:cgo_import_dynamic purego_dlclose dlclose "/usr/lib/libSystem.B.dylib"
diff --git a/vendor/github.com/ebitengine/purego/dlfcn_freebsd.go b/vendor/github.com/ebitengine/purego/dlfcn_freebsd.go
new file mode 100644
index 000000000..b34b61f70
--- /dev/null
+++ b/vendor/github.com/ebitengine/purego/dlfcn_freebsd.go
@@ -0,0 +1,18 @@
+// SPDX-License-Identifier: Apache-2.0
+// SPDX-FileCopyrightText: 2022 The Ebitengine Authors
+
+package purego
+
+// Constants as defined in https://github.com/freebsd/freebsd-src/blob/main/include/dlfcn.h
+const (
+	RTLD_DEFAULT = ^uintptr(0) - 2 // Pseudo-handle for dlsym so search for any loaded symbol
+	RTLD_LAZY    = 0x00001         // Relocations are performed at an implementation-dependent time.
+	RTLD_NOW     = 0x00002         // Relocations are performed when the object is loaded.
+	RTLD_LOCAL   = 0x00000         // All symbols are not made available for relocation processing by other modules.
+	RTLD_GLOBAL  = 0x00100         // All symbols are available for relocation processing of other modules.
+)
+
+//go:cgo_import_dynamic purego_dlopen dlopen "libc.so.7"
+//go:cgo_import_dynamic purego_dlsym dlsym "libc.so.7"
+//go:cgo_import_dynamic purego_dlerror dlerror "libc.so.7"
+//go:cgo_import_dynamic purego_dlclose dlclose "libc.so.7"
diff --git a/vendor/github.com/ebitengine/purego/dlfcn_linux.go b/vendor/github.com/ebitengine/purego/dlfcn_linux.go
new file mode 100644
index 000000000..301127538
--- /dev/null
+++ b/vendor/github.com/ebitengine/purego/dlfcn_linux.go
@@ -0,0 +1,14 @@
+// SPDX-License-Identifier: Apache-2.0
+// SPDX-FileCopyrightText: 2022 The Ebitengine Authors
+
+package purego
+
+// Source for constants: https://codebrowser.dev/glibc/glibc/bits/dlfcn.h.html
+
+const (
+	RTLD_DEFAULT = 0x00000 // Pseudo-handle for dlsym so search for any loaded symbol
+	RTLD_LAZY    = 0x00001 // Relocations are performed at an implementation-dependent time.
+	RTLD_NOW     = 0x00002 // Relocations are performed when the object is loaded.
+	RTLD_LOCAL   = 0x00000 // All symbols are not made available for relocation processing by other modules.
+	RTLD_GLOBAL  = 0x00100 // All symbols are available for relocation processing of other modules.
+)
diff --git a/vendor/github.com/ebitengine/purego/dlfcn_nocgo_linux.go b/vendor/github.com/ebitengine/purego/dlfcn_nocgo_linux.go
new file mode 100644
index 000000000..2c8009fdb
--- /dev/null
+++ b/vendor/github.com/ebitengine/purego/dlfcn_nocgo_linux.go
@@ -0,0 +1,19 @@
+// SPDX-License-Identifier: Apache-2.0
+// SPDX-FileCopyrightText: 2022 The Ebitengine Authors
+
+//go:build !cgo
+
+package purego
+
+// if there is no Cgo we must link to each of the functions from dlfcn.h
+// then the functions are called inside dlfcn_stubs.s
+
+//go:cgo_import_dynamic purego_dlopen dlopen "libdl.so.2"
+//go:cgo_import_dynamic purego_dlsym dlsym "libdl.so.2"
+//go:cgo_import_dynamic purego_dlerror dlerror "libdl.so.2"
+//go:cgo_import_dynamic purego_dlclose dlclose "libdl.so.2"
+
+// on amd64 we don't need the following line - on 386 we do...
+// anyway - with those lines the output is better (but doesn't matter) - without it on amd64 we get multiple DT_NEEDED with "libc.so.6" etc
+
+//go:cgo_import_dynamic _ _ "libdl.so.2"
diff --git a/vendor/github.com/ebitengine/purego/dlfcn_stubs.s b/vendor/github.com/ebitengine/purego/dlfcn_stubs.s
new file mode 100644
index 000000000..d8c6eea3c
--- /dev/null
+++ b/vendor/github.com/ebitengine/purego/dlfcn_stubs.s
@@ -0,0 +1,26 @@
+// SPDX-License-Identifier: Apache-2.0
+// SPDX-FileCopyrightText: 2022 The Ebitengine Authors
+
+//go:build darwin || freebsd || (linux && !cgo)
+
+#include "textflag.h"
+
+// func dlopen(path *byte, mode int) (ret uintptr)
+TEXT dlopen(SB), NOSPLIT|NOFRAME, $0-0
+	JMP purego_dlopen(SB)
+	RET
+
+// func dlsym(handle uintptr, symbol *byte) (ret uintptr)
+TEXT dlsym(SB), NOSPLIT|NOFRAME, $0-0
+	JMP purego_dlsym(SB)
+	RET
+
+// func dlerror() (ret *byte)
+TEXT dlerror(SB), NOSPLIT|NOFRAME, $0-0
+	JMP purego_dlerror(SB)
+	RET
+
+// func dlclose(handle uintptr) (ret int)
+TEXT dlclose(SB), NOSPLIT|NOFRAME, $0-0
+	JMP purego_dlclose(SB)
+	RET
diff --git a/vendor/github.com/ebitengine/purego/func.go b/vendor/github.com/ebitengine/purego/func.go
new file mode 100644
index 000000000..48677850d
--- /dev/null
+++ b/vendor/github.com/ebitengine/purego/func.go
@@ -0,0 +1,305 @@
+// SPDX-License-Identifier: Apache-2.0
+// SPDX-FileCopyrightText: 2022 The Ebitengine Authors
+
+//go:build darwin || freebsd || linux || windows
+
+package purego
+
+import (
+	"math"
+	"reflect"
+	"runtime"
+	"unsafe"
+
+	"github.com/ebitengine/purego/internal/strings"
+)
+
+// RegisterLibFunc is a wrapper around RegisterFunc that uses the C function returned from Dlsym(handle, name).
+// It panics if it can't find the name symbol.
+func RegisterLibFunc(fptr interface{}, handle uintptr, name string) {
+	sym, err := loadSymbol(handle, name)
+	if err != nil {
+		panic(err)
+	}
+	RegisterFunc(fptr, sym)
+}
+
+// RegisterFunc takes a pointer to a Go function representing the calling convention of the C function.
+// fptr will be set to a function that when called will call the C function given by cfn with the
+// parameters passed in the correct registers and stack.
+//
+// A panic is produced if the type is not a function pointer or if the function returns more than 1 value.
+//
+// These conversions describe how a Go type in the fptr will be used to call
+// the C function. It is important to note that there is no way to verify that fptr
+// matches the C function. This also holds true for struct types where the padding
+// needs to be ensured to match that of C; RegisterFunc does not verify this.
+//
+// # Type Conversions (Go <=> C)
+//
+//	string <=> char*
+//	bool <=> _Bool
+//	uintptr <=> uintptr_t
+//	uint <=> uint32_t or uint64_t
+//	uint8 <=> uint8_t
+//	uint16 <=> uint16_t
+//	uint32 <=> uint32_t
+//	uint64 <=> uint64_t
+//	int <=> int32_t or int64_t
+//	int8 <=> int8_t
+//	int16 <=> int16_t
+//	int32 <=> int32_t
+//	int64 <=> int64_t
+//	float32 <=> float (WIP)
+//	float64 <=> double (WIP)
+//	struct <=> struct (WIP)
+//	func <=> C function
+//	unsafe.Pointer, *T <=> void*
+//	[]T => void*
+//
+// There is a special case when the last argument of fptr is a variadic interface (or []interface}
+// it will be expanded into a call to the C function as if it had the arguments in that slice.
+// This means that using arg ...interface{} is like a cast to the function with the arguments inside arg.
+// This is not the same as C variadic.
+//
+// There are some limitations when using RegisterFunc on Linux. First, there is no support for function arguments.
+// Second, float32 and float64 arguments and return values do not work when CGO_ENABLED=1. Otherwise, Linux
+// has the same feature parity as Darwin.
+//
+// # Memory
+//
+// In general it is not possible for purego to guarantee the lifetimes of objects returned or received from
+// calling functions using RegisterFunc. For arguments to a C function it is important that the C function doesn't
+// hold onto a reference to Go memory. This is the same as the [Cgo rules].
+//
+// However, there are some special cases. When passing a string as an argument if the string does not end in a null
+// terminated byte (\x00) then the string will be copied into memory maintained by purego. The memory is only valid for
+// that specific call. Therefore, if the C code keeps a reference to that string it may become invalid at some
+// undefined time. However, if the string does already contain a null-terminated byte then no copy is done.
+// It is then the responsibility of the caller to ensure the string stays alive as long as it's needed in C memory.
+// This can be done using runtime.KeepAlive or allocating the string in C memory using malloc. When a C function
+// returns a null-terminated pointer to char a Go string can be used. Purego will allocate a new string in Go memory
+// and copy the data over. This string will be garbage collected whenever Go decides it's no longer referenced.
+// This C created string will not be freed by purego. If the pointer to char is not null-terminated or must continue
+// to point to C memory (because it's a buffer for example) then use a pointer to byte and then convert that to a slice
+// using unsafe.Slice. Doing this means that it becomes the responsibility of the caller to care about the lifetime
+// of the pointer
+//
+// # Example
+//
+// All functions below call this C function:
+//
+//	char *foo(char *str);
+//
+//	// Let purego convert types
+//	var foo func(s string) string
+//	goString := foo("copied")
+//	// Go will garbage collect this string
+//
+//	// Manually, handle allocations
+//	var foo2 func(b string) *byte
+//	mustFree := foo2("not copied\x00")
+//	defer free(mustFree)
+//
+// [Cgo rules]: https://pkg.go.dev/cmd/cgo#hdr-Go_references_to_C
+func RegisterFunc(fptr interface{}, cfn uintptr) {
+	fn := reflect.ValueOf(fptr).Elem()
+	ty := fn.Type()
+	if ty.Kind() != reflect.Func {
+		panic("purego: fptr must be a function pointer")
+	}
+	if ty.NumOut() > 1 {
+		panic("purego: function can only return zero or one values")
+	}
+	if cfn == 0 {
+		panic("purego: cfn is nil")
+	}
+	{
+		// this code checks how many registers and stack this function will use
+		// to avoid crashing with too many arguments
+		var ints int
+		var floats int
+		var stack int
+		for i := 0; i < ty.NumIn(); i++ {
+			arg := ty.In(i)
+			switch arg.Kind() {
+			case reflect.String, reflect.Uintptr, reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64,
+				reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64, reflect.Ptr, reflect.UnsafePointer, reflect.Slice,
+				reflect.Func, reflect.Bool:
+				if ints < numOfIntegerRegisters() {
+					ints++
+				} else {
+					stack++
+				}
+			case reflect.Float32, reflect.Float64:
+				if floats < numOfFloats {
+					floats++
+				} else {
+					stack++
+				}
+			default:
+				panic("purego: unsupported kind " + arg.Kind().String())
+			}
+		}
+		sizeOfStack := maxArgs - numOfIntegerRegisters()
+		if stack > sizeOfStack {
+			panic("purego: too many arguments")
+		}
+	}
+	v := reflect.MakeFunc(ty, func(args []reflect.Value) (results []reflect.Value) {
+		if len(args) > 0 {
+			if variadic, ok := args[len(args)-1].Interface().([]interface{}); ok {
+				// subtract one from args bc the last argument in args is []interface{}
+				// which we are currently expanding
+				tmp := make([]reflect.Value, len(args)-1+len(variadic))
+				n := copy(tmp, args[:len(args)-1])
+				for i, v := range variadic {
+					tmp[n+i] = reflect.ValueOf(v)
+				}
+				args = tmp
+			}
+		}
+		var sysargs [maxArgs]uintptr
+		stack := sysargs[numOfIntegerRegisters():]
+		var floats [numOfFloats]uintptr
+		var numInts int
+		var numFloats int
+		var numStack int
+		var addStack, addInt, addFloat func(x uintptr)
+		if runtime.GOARCH == "arm64" || runtime.GOOS != "windows" {
+			// Windows arm64 uses the same calling convention as macOS and Linux
+			addStack = func(x uintptr) {
+				stack[numStack] = x
+				numStack++
+			}
+			addInt = func(x uintptr) {
+				if numInts >= numOfIntegerRegisters() {
+					addStack(x)
+				} else {
+					sysargs[numInts] = x
+					numInts++
+				}
+			}
+			addFloat = func(x uintptr) {
+				if numFloats < len(floats) {
+					floats[numFloats] = x
+					numFloats++
+				} else {
+					addStack(x)
+				}
+			}
+		} else {
+			// On Windows amd64 the arguments are passed in the numbered registered.
+			// So the first int is in the first integer register and the first float
+			// is in the second floating register if there is already a first int.
+			// This is in contrast to how macOS and Linux pass arguments which
+			// tries to use as many registers as possible in the calling convention.
+			addStack = func(x uintptr) {
+				sysargs[numStack] = x
+				numStack++
+			}
+			addInt = addStack
+			addFloat = addStack
+		}
+
+		var keepAlive []interface{}
+		defer func() {
+			runtime.KeepAlive(keepAlive)
+			runtime.KeepAlive(args)
+		}()
+		for _, v := range args {
+			switch v.Kind() {
+			case reflect.String:
+				ptr := strings.CString(v.String())
+				keepAlive = append(keepAlive, ptr)
+				addInt(uintptr(unsafe.Pointer(ptr)))
+			case reflect.Uintptr, reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64:
+				addInt(uintptr(v.Uint()))
+			case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64:
+				addInt(uintptr(v.Int()))
+			case reflect.Ptr, reflect.UnsafePointer, reflect.Slice:
+				// There is no need to keepAlive this pointer separately because it is kept alive in the args variable
+				addInt(v.Pointer())
+			case reflect.Func:
+				addInt(NewCallback(v.Interface()))
+			case reflect.Bool:
+				if v.Bool() {
+					addInt(1)
+				} else {
+					addInt(0)
+				}
+			case reflect.Float32:
+				addFloat(uintptr(math.Float32bits(float32(v.Float()))))
+			case reflect.Float64:
+				addFloat(uintptr(math.Float64bits(v.Float())))
+			default:
+				panic("purego: unsupported kind: " + v.Kind().String())
+			}
+		}
+		// TODO: support structs
+		var r1, r2 uintptr
+		if runtime.GOARCH == "arm64" || runtime.GOOS != "windows" {
+			// Use the normal arm64 calling convention even on Windows
+			syscall := syscall9Args{
+				cfn,
+				sysargs[0], sysargs[1], sysargs[2], sysargs[3], sysargs[4], sysargs[5], sysargs[6], sysargs[7], sysargs[8],
+				floats[0], floats[1], floats[2], floats[3], floats[4], floats[5], floats[6], floats[7],
+				0, 0, 0,
+			}
+			runtime_cgocall(syscall9XABI0, unsafe.Pointer(&syscall))
+			r1, r2 = syscall.r1, syscall.r2
+		} else {
+			// This is a fallback for amd64, 386, and arm. Note this may not support floats
+			r1, r2, _ = syscall_syscall9X(cfn, sysargs[0], sysargs[1], sysargs[2], sysargs[3], sysargs[4], sysargs[5], sysargs[6], sysargs[7], sysargs[8])
+		}
+		if ty.NumOut() == 0 {
+			return nil
+		}
+		outType := ty.Out(0)
+		v := reflect.New(outType).Elem()
+		switch outType.Kind() {
+		case reflect.Uintptr, reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64:
+			v.SetUint(uint64(r1))
+		case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64:
+			v.SetInt(int64(r1))
+		case reflect.Bool:
+			v.SetBool(r1 != 0)
+		case reflect.UnsafePointer:
+			// We take the address and then dereference it to trick go vet from creating a possible miss-use of unsafe.Pointer
+			v.SetPointer(*(*unsafe.Pointer)(unsafe.Pointer(&r1)))
+		case reflect.Ptr:
+			// It is safe to have the address of r1 not escape because it is immediately dereferenced with .Elem()
+			v = reflect.NewAt(outType, runtime_noescape(unsafe.Pointer(&r1))).Elem()
+		case reflect.Func:
+			// wrap this C function in a nicely typed Go function
+			v = reflect.New(outType)
+			RegisterFunc(v.Interface(), r1)
+		case reflect.String:
+			v.SetString(strings.GoString(r1))
+		case reflect.Float32, reflect.Float64:
+			// NOTE: r2 is only the floating return value on 64bit platforms.
+			// On 32bit platforms r2 is the upper part of a 64bit return.
+			v.SetFloat(math.Float64frombits(uint64(r2)))
+		default:
+			panic("purego: unsupported return kind: " + outType.Kind().String())
+		}
+		return []reflect.Value{v}
+	})
+	fn.Set(v)
+}
+
+func numOfIntegerRegisters() int {
+	switch runtime.GOARCH {
+	case "arm64":
+		return 8
+	case "amd64":
+		return 6
+	// TODO: figure out why 386 tests are not working
+	/*case "386":
+		return 0
+	case "arm":
+		return 4*/
+	default:
+		panic("purego: unknown GOARCH (" + runtime.GOARCH + ")")
+	}
+}
diff --git a/vendor/github.com/ebitengine/purego/go_runtime.go b/vendor/github.com/ebitengine/purego/go_runtime.go
new file mode 100644
index 000000000..9593dac90
--- /dev/null
+++ b/vendor/github.com/ebitengine/purego/go_runtime.go
@@ -0,0 +1,17 @@
+// SPDX-License-Identifier: Apache-2.0
+// SPDX-FileCopyrightText: 2022 The Ebitengine Authors
+
+//go:build darwin || freebsd || linux || windows
+
+package purego
+
+import (
+	"unsafe"
+)
+
+//go:linkname runtime_cgocall runtime.cgocall
+func runtime_cgocall(fn uintptr, arg unsafe.Pointer) int32 // from runtime/sys_libc.go
+
+//go:linkname runtime_noescape runtime.noescape
+//go:noescape
+func runtime_noescape(p unsafe.Pointer) unsafe.Pointer // from runtime/stubs.go
diff --git a/vendor/github.com/ebitengine/purego/internal/cgo/syscall_cgo_unix.go b/vendor/github.com/ebitengine/purego/internal/cgo/syscall_cgo_unix.go
new file mode 100644
index 000000000..9a4538de8
--- /dev/null
+++ b/vendor/github.com/ebitengine/purego/internal/cgo/syscall_cgo_unix.go
@@ -0,0 +1,58 @@
+// SPDX-License-Identifier: Apache-2.0
+// SPDX-FileCopyrightText: 2022 The Ebitengine Authors
+
+//go:build freebsd || linux
+
+package cgo
+
+// this file is placed inside internal/cgo and not package purego
+// because Cgo and assembly files can't be in the same package.
+
+/*
+ #cgo LDFLAGS: -ldl
+
+#include <stdint.h>
+#include <dlfcn.h>
+#include <errno.h>
+#include <assert.h>
+
+typedef struct syscall9Args {
+	uintptr_t fn;
+	uintptr_t a1, a2, a3, a4, a5, a6, a7, a8, a9;
+	uintptr_t f1, f2, f3, f4, f5, f6, f7, f8;
+	uintptr_t r1, r2, err;
+} syscall9Args;
+
+void syscall9(struct syscall9Args *args) {
+	assert((args->f1|args->f2|args->f3|args->f4|args->f5|args->f6|args->f7|args->f8) == 0);
+	uintptr_t (*func_name)(uintptr_t a1, uintptr_t a2, uintptr_t a3, uintptr_t a4, uintptr_t a5, uintptr_t a6, uintptr_t a7, uintptr_t a8, uintptr_t a9);
+	*(void**)(&func_name) = (void*)(args->fn);
+	uintptr_t r1 =  func_name(args->a1,args->a2,args->a3,args->a4,args->a5,args->a6,args->a7,args->a8,args->a9);
+	args->r1 = r1;
+	args->err = errno;
+}
+
+*/
+import "C"
+import "unsafe"
+
+// assign purego.syscall9XABI0 to the C version of this function.
+var Syscall9XABI0 = unsafe.Pointer(C.syscall9)
+
+// all that is needed is to assign each dl function because then its
+// symbol will then be made available to the linker and linked to inside dlfcn.go
+var (
+	_ = C.dlopen
+	_ = C.dlsym
+	_ = C.dlerror
+	_ = C.dlclose
+)
+
+//go:nosplit
+func Syscall9X(fn, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2, err uintptr) {
+	args := C.syscall9Args{C.uintptr_t(fn), C.uintptr_t(a1), C.uintptr_t(a2), C.uintptr_t(a3),
+		C.uintptr_t(a4), C.uintptr_t(a5), C.uintptr_t(a6),
+		C.uintptr_t(a7), C.uintptr_t(a8), C.uintptr_t(a9), 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}
+	C.syscall9(&args)
+	return uintptr(args.r1), uintptr(args.r2), uintptr(args.err)
+}
diff --git a/vendor/github.com/ebitengine/purego/internal/fakecgo/abi_amd64.h b/vendor/github.com/ebitengine/purego/internal/fakecgo/abi_amd64.h
new file mode 100644
index 000000000..9949435fe
--- /dev/null
+++ b/vendor/github.com/ebitengine/purego/internal/fakecgo/abi_amd64.h
@@ -0,0 +1,99 @@
+// Copyright 2021 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Macros for transitioning from the host ABI to Go ABI0.
+//
+// These save the frame pointer, so in general, functions that use
+// these should have zero frame size to suppress the automatic frame
+// pointer, though it's harmless to not do this.
+
+#ifdef GOOS_windows
+
+// REGS_HOST_TO_ABI0_STACK is the stack bytes used by
+// PUSH_REGS_HOST_TO_ABI0.
+#define REGS_HOST_TO_ABI0_STACK (28*8 + 8)
+
+// PUSH_REGS_HOST_TO_ABI0 prepares for transitioning from
+// the host ABI to Go ABI0 code. It saves all registers that are
+// callee-save in the host ABI and caller-save in Go ABI0 and prepares
+// for entry to Go.
+//
+// Save DI SI BP BX R12 R13 R14 R15 X6-X15 registers and the DF flag.
+// Clear the DF flag for the Go ABI.
+// MXCSR matches the Go ABI, so we don't have to set that,
+// and Go doesn't modify it, so we don't have to save it.
+#define PUSH_REGS_HOST_TO_ABI0()	\
+	PUSHFQ			\
+	CLD			\
+	ADJSP	$(REGS_HOST_TO_ABI0_STACK - 8)	\
+	MOVQ	DI, (0*0)(SP)	\
+	MOVQ	SI, (1*8)(SP)	\
+	MOVQ	BP, (2*8)(SP)	\
+	MOVQ	BX, (3*8)(SP)	\
+	MOVQ	R12, (4*8)(SP)	\
+	MOVQ	R13, (5*8)(SP)	\
+	MOVQ	R14, (6*8)(SP)	\
+	MOVQ	R15, (7*8)(SP)	\
+	MOVUPS	X6, (8*8)(SP)	\
+	MOVUPS	X7, (10*8)(SP)	\
+	MOVUPS	X8, (12*8)(SP)	\
+	MOVUPS	X9, (14*8)(SP)	\
+	MOVUPS	X10, (16*8)(SP)	\
+	MOVUPS	X11, (18*8)(SP)	\
+	MOVUPS	X12, (20*8)(SP)	\
+	MOVUPS	X13, (22*8)(SP)	\
+	MOVUPS	X14, (24*8)(SP)	\
+	MOVUPS	X15, (26*8)(SP)
+
+#define POP_REGS_HOST_TO_ABI0()	\
+	MOVQ	(0*0)(SP), DI	\
+	MOVQ	(1*8)(SP), SI	\
+	MOVQ	(2*8)(SP), BP	\
+	MOVQ	(3*8)(SP), BX	\
+	MOVQ	(4*8)(SP), R12	\
+	MOVQ	(5*8)(SP), R13	\
+	MOVQ	(6*8)(SP), R14	\
+	MOVQ	(7*8)(SP), R15	\
+	MOVUPS	(8*8)(SP), X6	\
+	MOVUPS	(10*8)(SP), X7	\
+	MOVUPS	(12*8)(SP), X8	\
+	MOVUPS	(14*8)(SP), X9	\
+	MOVUPS	(16*8)(SP), X10	\
+	MOVUPS	(18*8)(SP), X11	\
+	MOVUPS	(20*8)(SP), X12	\
+	MOVUPS	(22*8)(SP), X13	\
+	MOVUPS	(24*8)(SP), X14	\
+	MOVUPS	(26*8)(SP), X15	\
+	ADJSP	$-(REGS_HOST_TO_ABI0_STACK - 8)	\
+	POPFQ
+
+#else
+// SysV ABI
+
+#define REGS_HOST_TO_ABI0_STACK (6*8)
+
+// SysV MXCSR matches the Go ABI, so we don't have to set that,
+// and Go doesn't modify it, so we don't have to save it.
+// Both SysV and Go require DF to be cleared, so that's already clear.
+// The SysV and Go frame pointer conventions are compatible.
+#define PUSH_REGS_HOST_TO_ABI0()	\
+	ADJSP	$(REGS_HOST_TO_ABI0_STACK)	\
+	MOVQ	BP, (5*8)(SP)	\
+	LEAQ	(5*8)(SP), BP	\
+	MOVQ	BX, (0*8)(SP)	\
+	MOVQ	R12, (1*8)(SP)	\
+	MOVQ	R13, (2*8)(SP)	\
+	MOVQ	R14, (3*8)(SP)	\
+	MOVQ	R15, (4*8)(SP)
+
+#define POP_REGS_HOST_TO_ABI0()	\
+	MOVQ	(0*8)(SP), BX	\
+	MOVQ	(1*8)(SP), R12	\
+	MOVQ	(2*8)(SP), R13	\
+	MOVQ	(3*8)(SP), R14	\
+	MOVQ	(4*8)(SP), R15	\
+	MOVQ	(5*8)(SP), BP	\
+	ADJSP	$-(REGS_HOST_TO_ABI0_STACK)
+
+#endif
diff --git a/vendor/github.com/ebitengine/purego/internal/fakecgo/abi_arm64.h b/vendor/github.com/ebitengine/purego/internal/fakecgo/abi_arm64.h
new file mode 100644
index 000000000..5d5061ec1
--- /dev/null
+++ b/vendor/github.com/ebitengine/purego/internal/fakecgo/abi_arm64.h
@@ -0,0 +1,39 @@
+// Copyright 2021 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Macros for transitioning from the host ABI to Go ABI0.
+//
+// These macros save and restore the callee-saved registers
+// from the stack, but they don't adjust stack pointer, so
+// the user should prepare stack space in advance.
+// SAVE_R19_TO_R28(offset) saves R19 ~ R28 to the stack space
+// of ((offset)+0*8)(RSP) ~ ((offset)+9*8)(RSP).
+//
+// SAVE_F8_TO_F15(offset) saves F8 ~ F15 to the stack space
+// of ((offset)+0*8)(RSP) ~ ((offset)+7*8)(RSP).
+//
+// R29 is not saved because Go will save and restore it.
+
+#define SAVE_R19_TO_R28(offset) \
+	STP	(R19, R20), ((offset)+0*8)(RSP) \
+	STP	(R21, R22), ((offset)+2*8)(RSP) \
+	STP	(R23, R24), ((offset)+4*8)(RSP) \
+	STP	(R25, R26), ((offset)+6*8)(RSP) \
+	STP	(R27, g), ((offset)+8*8)(RSP)
+#define RESTORE_R19_TO_R28(offset) \
+	LDP	((offset)+0*8)(RSP), (R19, R20) \
+	LDP	((offset)+2*8)(RSP), (R21, R22) \
+	LDP	((offset)+4*8)(RSP), (R23, R24) \
+	LDP	((offset)+6*8)(RSP), (R25, R26) \
+	LDP	((offset)+8*8)(RSP), (R27, g) /* R28 */
+#define SAVE_F8_TO_F15(offset) \
+	FSTPD	(F8, F9), ((offset)+0*8)(RSP) \
+	FSTPD	(F10, F11), ((offset)+2*8)(RSP) \
+	FSTPD	(F12, F13), ((offset)+4*8)(RSP) \
+	FSTPD	(F14, F15), ((offset)+6*8)(RSP)
+#define RESTORE_F8_TO_F15(offset) \
+	FLDPD	((offset)+0*8)(RSP), (F8, F9) \
+	FLDPD	((offset)+2*8)(RSP), (F10, F11) \
+	FLDPD	((offset)+4*8)(RSP), (F12, F13) \
+	FLDPD	((offset)+6*8)(RSP), (F14, F15)
diff --git a/vendor/github.com/ebitengine/purego/internal/fakecgo/asm_amd64.s b/vendor/github.com/ebitengine/purego/internal/fakecgo/asm_amd64.s
new file mode 100644
index 000000000..1ad925475
--- /dev/null
+++ b/vendor/github.com/ebitengine/purego/internal/fakecgo/asm_amd64.s
@@ -0,0 +1,39 @@
+// Copyright 2009 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+#include "textflag.h"
+#include "abi_amd64.h"
+
+// Called by C code generated by cmd/cgo.
+// func crosscall2(fn, a unsafe.Pointer, n int32, ctxt uintptr)
+// Saves C callee-saved registers and calls cgocallback with three arguments.
+// fn is the PC of a func(a unsafe.Pointer) function.
+// This signature is known to SWIG, so we can't change it.
+TEXT crosscall2(SB), NOSPLIT|NOFRAME, $0-0
+	PUSH_REGS_HOST_TO_ABI0()
+
+	// Make room for arguments to cgocallback.
+	ADJSP $0x18
+
+#ifndef GOOS_windows
+	MOVQ DI, 0x0(SP) // fn
+	MOVQ SI, 0x8(SP) // arg
+
+	// Skip n in DX.
+	MOVQ CX, 0x10(SP) // ctxt
+
+#else
+	MOVQ CX, 0x0(SP) // fn
+	MOVQ DX, 0x8(SP) // arg
+
+	// Skip n in R8.
+	MOVQ R9, 0x10(SP) // ctxt
+
+#endif
+
+	CALL runtime·cgocallback(SB)
+
+	ADJSP $-0x18
+	POP_REGS_HOST_TO_ABI0()
+	RET
diff --git a/vendor/github.com/ebitengine/purego/internal/fakecgo/asm_arm64.s b/vendor/github.com/ebitengine/purego/internal/fakecgo/asm_arm64.s
new file mode 100644
index 000000000..50e5261d9
--- /dev/null
+++ b/vendor/github.com/ebitengine/purego/internal/fakecgo/asm_arm64.s
@@ -0,0 +1,36 @@
+// Copyright 2015 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+#include "textflag.h"
+#include "abi_arm64.h"
+
+// Called by C code generated by cmd/cgo.
+// func crosscall2(fn, a unsafe.Pointer, n int32, ctxt uintptr)
+// Saves C callee-saved registers and calls cgocallback with three arguments.
+// fn is the PC of a func(a unsafe.Pointer) function.
+TEXT crosscall2(SB), NOSPLIT|NOFRAME, $0
+/*
+ * We still need to save all callee save register as before, and then
+ *  push 3 args for fn (R0, R1, R3), skipping R2.
+ * Also note that at procedure entry in gc world, 8(RSP) will be the
+ *  first arg.
+ */
+	SUB  $(8*24), RSP
+	STP  (R0, R1), (8*1)(RSP)
+	MOVD R3, (8*3)(RSP)
+
+	SAVE_R19_TO_R28(8*4)
+	SAVE_F8_TO_F15(8*14)
+	STP (R29, R30), (8*22)(RSP)
+
+	// Initialize Go ABI environment
+	BL runtime·load_g(SB)
+	BL runtime·cgocallback(SB)
+
+	RESTORE_R19_TO_R28(8*4)
+	RESTORE_F8_TO_F15(8*14)
+	LDP (8*22)(RSP), (R29, R30)
+
+	ADD $(8*24), RSP
+	RET
diff --git a/vendor/github.com/ebitengine/purego/internal/fakecgo/callbacks.go b/vendor/github.com/ebitengine/purego/internal/fakecgo/callbacks.go
new file mode 100644
index 000000000..f6a079a7c
--- /dev/null
+++ b/vendor/github.com/ebitengine/purego/internal/fakecgo/callbacks.go
@@ -0,0 +1,93 @@
+// Copyright 2011 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build darwin || freebsd || linux
+
+package fakecgo
+
+import (
+	_ "unsafe"
+)
+
+// TODO: decide if we need _runtime_cgo_panic_internal
+
+//go:linkname x_cgo_init_trampoline x_cgo_init_trampoline
+//go:linkname _cgo_init _cgo_init
+var x_cgo_init_trampoline byte
+var _cgo_init = &x_cgo_init_trampoline
+
+// Creates a new system thread without updating any Go state.
+//
+// This method is invoked during shared library loading to create a new OS
+// thread to perform the runtime initialization. This method is similar to
+// _cgo_sys_thread_start except that it doesn't update any Go state.
+
+//go:linkname x_cgo_thread_start_trampoline x_cgo_thread_start_trampoline
+//go:linkname _cgo_thread_start _cgo_thread_start
+var x_cgo_thread_start_trampoline byte
+var _cgo_thread_start = &x_cgo_thread_start_trampoline
+
+// Notifies that the runtime has been initialized.
+//
+// We currently block at every CGO entry point (via _cgo_wait_runtime_init_done)
+// to ensure that the runtime has been initialized before the CGO call is
+// executed. This is necessary for shared libraries where we kickoff runtime
+// initialization in a separate thread and return without waiting for this
+// thread to complete the init.
+
+//go:linkname x_cgo_notify_runtime_init_done_trampoline x_cgo_notify_runtime_init_done_trampoline
+//go:linkname _cgo_notify_runtime_init_done _cgo_notify_runtime_init_done
+var x_cgo_notify_runtime_init_done_trampoline byte
+var _cgo_notify_runtime_init_done = &x_cgo_notify_runtime_init_done_trampoline
+
+// Indicates whether a dummy thread key has been created or not.
+//
+// When calling go exported function from C, we register a destructor
+// callback, for a dummy thread key, by using pthread_key_create.
+
+//go:linkname _cgo_pthread_key_created _cgo_pthread_key_created
+var x_cgo_pthread_key_created uintptr
+var _cgo_pthread_key_created = &x_cgo_pthread_key_created
+
+// Set the x_crosscall2_ptr C function pointer variable point to crosscall2.
+// It's for the runtime package to call at init time.
+func set_crosscall2() {
+	// nothing needs to be done here for fakecgo
+	// because it's possible to just call cgocallback directly
+}
+
+//go:linkname _set_crosscall2 runtime.set_crosscall2
+var _set_crosscall2 = set_crosscall2
+
+// Store the g into the thread-specific value.
+// So that pthread_key_destructor will dropm when the thread is exiting.
+
+//go:linkname x_cgo_bindm_trampoline x_cgo_bindm_trampoline
+//go:linkname _cgo_bindm _cgo_bindm
+var x_cgo_bindm_trampoline byte
+var _cgo_bindm = &x_cgo_bindm_trampoline
+
+// TODO: decide if we need x_cgo_set_context_function
+// TODO: decide if we need _cgo_yield
+
+var (
+	// In Go 1.20 the race detector was rewritten to pure Go
+	// on darwin. This means that when CGO_ENABLED=0 is set
+	// fakecgo is built with race detector code. This is not
+	// good since this code is pretending to be C. The go:norace
+	// pragma is not enough, since it only applies to the native
+	// ABIInternal function. The ABIO wrapper (which is necessary,
+	// since all references to text symbols from assembly will use it)
+	// does not inherit the go:norace pragma, so it will still be
+	// instrumented by the race detector.
+	//
+	// To circumvent this issue, using closure calls in the
+	// assembly, which forces the compiler to use the ABIInternal
+	// native implementation (which has go:norace) instead.
+	threadentry_call        = threadentry
+	x_cgo_init_call         = x_cgo_init
+	x_cgo_setenv_call       = x_cgo_setenv
+	x_cgo_unsetenv_call     = x_cgo_unsetenv
+	x_cgo_thread_start_call = x_cgo_thread_start
+)
diff --git a/vendor/github.com/ebitengine/purego/internal/fakecgo/doc.go b/vendor/github.com/ebitengine/purego/internal/fakecgo/doc.go
new file mode 100644
index 000000000..efbe4212e
--- /dev/null
+++ b/vendor/github.com/ebitengine/purego/internal/fakecgo/doc.go
@@ -0,0 +1,33 @@
+// SPDX-License-Identifier: Apache-2.0
+// SPDX-FileCopyrightText: 2022 The Ebitengine Authors
+
+//go:build darwin || freebsd
+
+// Package fakecgo implements the Cgo runtime (runtime/cgo) entirely in Go.
+// This allows code that calls into C to function properly when CGO_ENABLED=0.
+//
+// # Goals
+//
+// fakecgo attempts to replicate the same naming structure as in the runtime.
+// For example, functions that have the prefix "gcc_*" are named "go_*".
+// This makes it easier to port other GOOSs and GOARCHs as well as to keep
+// it in sync with runtime/cgo.
+//
+// # Support
+//
+// Currently, fakecgo only supports macOS on amd64 & arm64. It also cannot
+// be used with -buildmode=c-archive because that requires special initialization
+// that fakecgo does not implement at the moment.
+//
+// # Usage
+//
+// Using fakecgo is easy just import _ "github.com/ebitengine/purego" and then
+// set the environment variable CGO_ENABLED=0.
+// The recommended usage for fakecgo is to prefer using runtime/cgo if possible
+// but if cross-compiling or fast build times are important fakecgo is available.
+// Purego will pick which ever Cgo runtime is available and prefer the one that
+// comes with Go (runtime/cgo).
+package fakecgo
+
+//go:generate go run gen.go
+//go:generate gofmt -s -w symbols.go
diff --git a/vendor/github.com/ebitengine/purego/internal/fakecgo/freebsd.go b/vendor/github.com/ebitengine/purego/internal/fakecgo/freebsd.go
new file mode 100644
index 000000000..bb73a709e
--- /dev/null
+++ b/vendor/github.com/ebitengine/purego/internal/fakecgo/freebsd.go
@@ -0,0 +1,27 @@
+// Copyright 2010 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build freebsd && !cgo
+
+package fakecgo
+
+import _ "unsafe" // for go:linkname
+
+// Supply environ and __progname, because we don't
+// link against the standard FreeBSD crt0.o and the
+// libc dynamic library needs them.
+
+// Note: when building with cross-compiling or CGO_ENABLED=0, add
+// the following argument to `go` so that these symbols are defined by
+// making fakecgo the Cgo.
+//   -gcflags="github.com/ebitengine/purego/internal/fakecgo=-std"
+
+//go:linkname _environ environ
+//go:linkname _progname __progname
+
+//go:cgo_export_dynamic environ
+//go:cgo_export_dynamic __progname
+
+var _environ uintptr
+var _progname uintptr
diff --git a/vendor/github.com/ebitengine/purego/internal/fakecgo/go_darwin_amd64.go b/vendor/github.com/ebitengine/purego/internal/fakecgo/go_darwin_amd64.go
new file mode 100644
index 000000000..fb3a3f7f0
--- /dev/null
+++ b/vendor/github.com/ebitengine/purego/internal/fakecgo/go_darwin_amd64.go
@@ -0,0 +1,71 @@
+// Copyright 2011 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package fakecgo
+
+import "unsafe"
+
+//go:nosplit
+//go:norace
+func _cgo_sys_thread_start(ts *ThreadStart) {
+	var attr pthread_attr_t
+	var ign, oset sigset_t
+	var p pthread_t
+	var size size_t
+	var err int
+
+	sigfillset(&ign)
+	pthread_sigmask(SIG_SETMASK, &ign, &oset)
+
+	size = pthread_get_stacksize_np(pthread_self())
+	pthread_attr_init(&attr)
+	pthread_attr_setstacksize(&attr, size)
+	// Leave stacklo=0 and set stackhi=size; mstart will do the rest.
+	ts.g.stackhi = uintptr(size)
+
+	err = _cgo_try_pthread_create(&p, &attr, unsafe.Pointer(threadentry_trampolineABI0), ts)
+
+	pthread_sigmask(SIG_SETMASK, &oset, nil)
+
+	if err != 0 {
+		print("fakecgo: pthread_create failed: ")
+		println(err)
+		abort()
+	}
+}
+
+// threadentry_trampolineABI0 maps the C ABI to Go ABI then calls the Go function
+//
+//go:linkname x_threadentry_trampoline threadentry_trampoline
+var x_threadentry_trampoline byte
+var threadentry_trampolineABI0 = &x_threadentry_trampoline
+
+//go:nosplit
+//go:norace
+func threadentry(v unsafe.Pointer) unsafe.Pointer {
+	ts := *(*ThreadStart)(v)
+	free(v)
+
+	setg_trampoline(setg_func, uintptr(unsafe.Pointer(ts.g)))
+
+	// faking funcs in go is a bit a... involved - but the following works :)
+	fn := uintptr(unsafe.Pointer(&ts.fn))
+	(*(*func())(unsafe.Pointer(&fn)))()
+
+	return nil
+}
+
+// here we will store a pointer to the provided setg func
+var setg_func uintptr
+
+//go:nosplit
+//go:norace
+func x_cgo_init(g *G, setg uintptr) {
+	var size size_t
+
+	setg_func = setg
+
+	size = pthread_get_stacksize_np(pthread_self())
+	g.stacklo = uintptr(unsafe.Add(unsafe.Pointer(&size), -size+4096))
+}
diff --git a/vendor/github.com/ebitengine/purego/internal/fakecgo/go_darwin_arm64.go b/vendor/github.com/ebitengine/purego/internal/fakecgo/go_darwin_arm64.go
new file mode 100644
index 000000000..b000b3fbf
--- /dev/null
+++ b/vendor/github.com/ebitengine/purego/internal/fakecgo/go_darwin_arm64.go
@@ -0,0 +1,86 @@
+// Copyright 2011 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package fakecgo
+
+import "unsafe"
+
+//go:nosplit
+//go:norace
+func _cgo_sys_thread_start(ts *ThreadStart) {
+	var attr pthread_attr_t
+	var ign, oset sigset_t
+	var p pthread_t
+	var size size_t
+	var err int
+
+	sigfillset(&ign)
+	pthread_sigmask(SIG_SETMASK, &ign, &oset)
+
+	size = pthread_get_stacksize_np(pthread_self())
+	pthread_attr_init(&attr)
+	pthread_attr_setstacksize(&attr, size)
+	// Leave stacklo=0 and set stackhi=size; mstart will do the rest.
+	ts.g.stackhi = uintptr(size)
+
+	err = _cgo_try_pthread_create(&p, &attr, unsafe.Pointer(threadentry_trampolineABI0), ts)
+
+	pthread_sigmask(SIG_SETMASK, &oset, nil)
+
+	if err != 0 {
+		print("fakecgo: pthread_create failed: ")
+		println(err)
+		abort()
+	}
+}
+
+// threadentry_trampolineABI0 maps the C ABI to Go ABI then calls the Go function
+//
+//go:linkname x_threadentry_trampoline threadentry_trampoline
+var x_threadentry_trampoline byte
+var threadentry_trampolineABI0 = &x_threadentry_trampoline
+
+//go:nosplit
+//go:norace
+func threadentry(v unsafe.Pointer) unsafe.Pointer {
+	ts := *(*ThreadStart)(v)
+	free(v)
+
+	// TODO: support ios
+	//#if TARGET_OS_IPHONE
+	//	darwin_arm_init_thread_exception_port();
+	//#endif
+	setg_trampoline(setg_func, uintptr(unsafe.Pointer(ts.g)))
+
+	// faking funcs in go is a bit a... involved - but the following works :)
+	fn := uintptr(unsafe.Pointer(&ts.fn))
+	(*(*func())(unsafe.Pointer(&fn)))()
+
+	return nil
+}
+
+// here we will store a pointer to the provided setg func
+var setg_func uintptr
+
+// x_cgo_init(G *g, void (*setg)(void*)) (runtime/cgo/gcc_linux_amd64.c)
+// This get's called during startup, adjusts stacklo, and provides a pointer to setg_gcc for us
+// Additionally, if we set _cgo_init to non-null, go won't do it's own TLS setup
+// This function can't be go:systemstack since go is not in a state where the systemcheck would work.
+//
+//go:nosplit
+//go:norace
+func x_cgo_init(g *G, setg uintptr) {
+	var size size_t
+
+	setg_func = setg
+	size = pthread_get_stacksize_np(pthread_self())
+	g.stacklo = uintptr(unsafe.Add(unsafe.Pointer(&size), -size+4096))
+
+	//TODO: support ios
+	//#if TARGET_OS_IPHONE
+	//	darwin_arm_init_mach_exception_handler();
+	//	darwin_arm_init_thread_exception_port();
+	//	init_working_dir();
+	//#endif
+}
diff --git a/vendor/github.com/ebitengine/purego/internal/fakecgo/go_freebsd_amd64.go b/vendor/github.com/ebitengine/purego/internal/fakecgo/go_freebsd_amd64.go
new file mode 100644
index 000000000..9aa57ef66
--- /dev/null
+++ b/vendor/github.com/ebitengine/purego/internal/fakecgo/go_freebsd_amd64.go
@@ -0,0 +1,93 @@
+// Copyright 2011 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package fakecgo
+
+import "unsafe"
+
+//go:nosplit
+func _cgo_sys_thread_start(ts *ThreadStart) {
+	var attr pthread_attr_t
+	var ign, oset sigset_t
+	var p pthread_t
+	var size size_t
+	var err int
+
+	//fprintf(stderr, "runtime/cgo: _cgo_sys_thread_start: fn=%p, g=%p\n", ts->fn, ts->g); // debug
+	sigfillset(&ign)
+	pthread_sigmask(SIG_SETMASK, &ign, &oset)
+
+	pthread_attr_init(&attr)
+	pthread_attr_getstacksize(&attr, &size)
+	// Leave stacklo=0 and set stackhi=size; mstart will do the rest.
+	ts.g.stackhi = uintptr(size)
+
+	err = _cgo_try_pthread_create(&p, &attr, unsafe.Pointer(threadentry_trampolineABI0), ts)
+
+	pthread_sigmask(SIG_SETMASK, &oset, nil)
+
+	if err != 0 {
+		print("fakecgo: pthread_create failed: ")
+		println(err)
+		abort()
+	}
+}
+
+// threadentry_trampolineABI0 maps the C ABI to Go ABI then calls the Go function
+//
+//go:linkname x_threadentry_trampoline threadentry_trampoline
+var x_threadentry_trampoline byte
+var threadentry_trampolineABI0 = &x_threadentry_trampoline
+
+//go:nosplit
+func threadentry(v unsafe.Pointer) unsafe.Pointer {
+	ts := *(*ThreadStart)(v)
+	free(v)
+
+	setg_trampoline(setg_func, uintptr(unsafe.Pointer(ts.g)))
+
+	// faking funcs in go is a bit a... involved - but the following works :)
+	fn := uintptr(unsafe.Pointer(&ts.fn))
+	(*(*func())(unsafe.Pointer(&fn)))()
+
+	return nil
+}
+
+// here we will store a pointer to the provided setg func
+var setg_func uintptr
+
+//go:nosplit
+func x_cgo_init(g *G, setg uintptr) {
+	var size size_t
+	var attr *pthread_attr_t
+
+	/* The memory sanitizer distributed with versions of clang
+	   before 3.8 has a bug: if you call mmap before malloc, mmap
+	   may return an address that is later overwritten by the msan
+	   library.  Avoid this problem by forcing a call to malloc
+	   here, before we ever call malloc.
+
+	   This is only required for the memory sanitizer, so it's
+	   unfortunate that we always run it.  It should be possible
+	   to remove this when we no longer care about versions of
+	   clang before 3.8.  The test for this is
+	   misc/cgo/testsanitizers.
+
+	   GCC works hard to eliminate a seemingly unnecessary call to
+	   malloc, so we actually use the memory we allocate.  */
+
+	setg_func = setg
+	attr = (*pthread_attr_t)(malloc(unsafe.Sizeof(*attr)))
+	if attr == nil {
+		println("fakecgo: malloc failed")
+		abort()
+	}
+	pthread_attr_init(attr)
+	pthread_attr_getstacksize(attr, &size)
+	// runtime/cgo uses __builtin_frame_address(0) instead of `uintptr(unsafe.Pointer(&size))`
+	// but this should be OK since we are taking the address of the first variable in this function.
+	g.stacklo = uintptr(unsafe.Pointer(&size)) - uintptr(size) + 4096
+	pthread_attr_destroy(attr)
+	free(unsafe.Pointer(attr))
+}
diff --git a/vendor/github.com/ebitengine/purego/internal/fakecgo/go_freebsd_arm64.go b/vendor/github.com/ebitengine/purego/internal/fakecgo/go_freebsd_arm64.go
new file mode 100644
index 000000000..1db518e3a
--- /dev/null
+++ b/vendor/github.com/ebitengine/purego/internal/fakecgo/go_freebsd_arm64.go
@@ -0,0 +1,96 @@
+// Copyright 2011 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package fakecgo
+
+import "unsafe"
+
+//go:nosplit
+func _cgo_sys_thread_start(ts *ThreadStart) {
+	var attr pthread_attr_t
+	var ign, oset sigset_t
+	var p pthread_t
+	var size size_t
+	var err int
+
+	//fprintf(stderr, "runtime/cgo: _cgo_sys_thread_start: fn=%p, g=%p\n", ts->fn, ts->g); // debug
+	sigfillset(&ign)
+	pthread_sigmask(SIG_SETMASK, &ign, &oset)
+
+	pthread_attr_init(&attr)
+	pthread_attr_getstacksize(&attr, &size)
+	// Leave stacklo=0 and set stackhi=size; mstart will do the rest.
+	ts.g.stackhi = uintptr(size)
+
+	err = _cgo_try_pthread_create(&p, &attr, unsafe.Pointer(threadentry_trampolineABI0), ts)
+
+	pthread_sigmask(SIG_SETMASK, &oset, nil)
+
+	if err != 0 {
+		print("fakecgo: pthread_create failed: ")
+		println(err)
+		abort()
+	}
+}
+
+// threadentry_trampolineABI0 maps the C ABI to Go ABI then calls the Go function
+//
+//go:linkname x_threadentry_trampoline threadentry_trampoline
+var x_threadentry_trampoline byte
+var threadentry_trampolineABI0 = &x_threadentry_trampoline
+
+//go:nosplit
+func threadentry(v unsafe.Pointer) unsafe.Pointer {
+	ts := *(*ThreadStart)(v)
+	free(v)
+
+	setg_trampoline(setg_func, uintptr(unsafe.Pointer(ts.g)))
+
+	// faking funcs in go is a bit a... involved - but the following works :)
+	fn := uintptr(unsafe.Pointer(&ts.fn))
+	(*(*func())(unsafe.Pointer(&fn)))()
+
+	return nil
+}
+
+// here we will store a pointer to the provided setg func
+var setg_func uintptr
+
+// x_cgo_init(G *g, void (*setg)(void*)) (runtime/cgo/gcc_linux_amd64.c)
+// This get's called during startup, adjusts stacklo, and provides a pointer to setg_gcc for us
+// Additionally, if we set _cgo_init to non-null, go won't do it's own TLS setup
+// This function can't be go:systemstack since go is not in a state where the systemcheck would work.
+//
+//go:nosplit
+func x_cgo_init(g *G, setg uintptr) {
+	var size size_t
+	var attr *pthread_attr_t
+
+	/* The memory sanitizer distributed with versions of clang
+	   before 3.8 has a bug: if you call mmap before malloc, mmap
+	   may return an address that is later overwritten by the msan
+	   library.  Avoid this problem by forcing a call to malloc
+	   here, before we ever call malloc.
+
+	   This is only required for the memory sanitizer, so it's
+	   unfortunate that we always run it.  It should be possible
+	   to remove this when we no longer care about versions of
+	   clang before 3.8.  The test for this is
+	   misc/cgo/testsanitizers.
+
+	   GCC works hard to eliminate a seemingly unnecessary call to
+	   malloc, so we actually use the memory we allocate.  */
+
+	setg_func = setg
+	attr = (*pthread_attr_t)(malloc(unsafe.Sizeof(*attr)))
+	if attr == nil {
+		println("fakecgo: malloc failed")
+		abort()
+	}
+	pthread_attr_init(attr)
+	pthread_attr_getstacksize(attr, &size)
+	g.stacklo = uintptr(unsafe.Pointer(&size)) - uintptr(size) + 4096
+	pthread_attr_destroy(attr)
+	free(unsafe.Pointer(attr))
+}
diff --git a/vendor/github.com/ebitengine/purego/internal/fakecgo/go_libinit.go b/vendor/github.com/ebitengine/purego/internal/fakecgo/go_libinit.go
new file mode 100644
index 000000000..71da11281
--- /dev/null
+++ b/vendor/github.com/ebitengine/purego/internal/fakecgo/go_libinit.go
@@ -0,0 +1,66 @@
+// SPDX-License-Identifier: Apache-2.0
+// SPDX-FileCopyrightText: 2022 The Ebitengine Authors
+
+//go:build darwin || freebsd || linux
+
+package fakecgo
+
+import (
+	"syscall"
+	"unsafe"
+)
+
+var (
+	pthread_g pthread_key_t
+
+	runtime_init_cond = PTHREAD_COND_INITIALIZER
+	runtime_init_mu   = PTHREAD_MUTEX_INITIALIZER
+	runtime_init_done int
+)
+
+//go:nosplit
+func x_cgo_notify_runtime_init_done() {
+	pthread_mutex_lock(&runtime_init_mu)
+	runtime_init_done = 1
+	pthread_cond_broadcast(&runtime_init_cond)
+	pthread_mutex_unlock(&runtime_init_mu)
+}
+
+// Store the g into a thread-specific value associated with the pthread key pthread_g.
+// And pthread_key_destructor will dropm when the thread is exiting.
+func x_cgo_bindm(g unsafe.Pointer) {
+	// We assume this will always succeed, otherwise, there might be extra M leaking,
+	// when a C thread exits after a cgo call.
+	// We only invoke this function once per thread in runtime.needAndBindM,
+	// and the next calls just reuse the bound m.
+	pthread_setspecific(pthread_g, g)
+}
+
+// _cgo_try_pthread_create retries pthread_create if it fails with
+// EAGAIN.
+//
+//go:nosplit
+//go:norace
+func _cgo_try_pthread_create(thread *pthread_t, attr *pthread_attr_t, pfn unsafe.Pointer, arg *ThreadStart) int {
+	var ts syscall.Timespec
+	// tries needs to be the same type as syscall.Timespec.Nsec
+	// but the fields are int32 on 32bit and int64 on 64bit.
+	// tries is assigned to syscall.Timespec.Nsec in order to match its type.
+	tries := ts.Nsec
+	var err int
+
+	for tries = 0; tries < 20; tries++ {
+		err = int(pthread_create(thread, attr, pfn, unsafe.Pointer(arg)))
+		if err == 0 {
+			pthread_detach(*thread)
+			return 0
+		}
+		if err != int(syscall.EAGAIN) {
+			return err
+		}
+		ts.Sec = 0
+		ts.Nsec = (tries + 1) * 1000 * 1000 // Milliseconds.
+		nanosleep(&ts, nil)
+	}
+	return int(syscall.EAGAIN)
+}
diff --git a/vendor/github.com/ebitengine/purego/internal/fakecgo/go_linux_amd64.go b/vendor/github.com/ebitengine/purego/internal/fakecgo/go_linux_amd64.go
new file mode 100644
index 000000000..9aa57ef66
--- /dev/null
+++ b/vendor/github.com/ebitengine/purego/internal/fakecgo/go_linux_amd64.go
@@ -0,0 +1,93 @@
+// Copyright 2011 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package fakecgo
+
+import "unsafe"
+
+//go:nosplit
+func _cgo_sys_thread_start(ts *ThreadStart) {
+	var attr pthread_attr_t
+	var ign, oset sigset_t
+	var p pthread_t
+	var size size_t
+	var err int
+
+	//fprintf(stderr, "runtime/cgo: _cgo_sys_thread_start: fn=%p, g=%p\n", ts->fn, ts->g); // debug
+	sigfillset(&ign)
+	pthread_sigmask(SIG_SETMASK, &ign, &oset)
+
+	pthread_attr_init(&attr)
+	pthread_attr_getstacksize(&attr, &size)
+	// Leave stacklo=0 and set stackhi=size; mstart will do the rest.
+	ts.g.stackhi = uintptr(size)
+
+	err = _cgo_try_pthread_create(&p, &attr, unsafe.Pointer(threadentry_trampolineABI0), ts)
+
+	pthread_sigmask(SIG_SETMASK, &oset, nil)
+
+	if err != 0 {
+		print("fakecgo: pthread_create failed: ")
+		println(err)
+		abort()
+	}
+}
+
+// threadentry_trampolineABI0 maps the C ABI to Go ABI then calls the Go function
+//
+//go:linkname x_threadentry_trampoline threadentry_trampoline
+var x_threadentry_trampoline byte
+var threadentry_trampolineABI0 = &x_threadentry_trampoline
+
+//go:nosplit
+func threadentry(v unsafe.Pointer) unsafe.Pointer {
+	ts := *(*ThreadStart)(v)
+	free(v)
+
+	setg_trampoline(setg_func, uintptr(unsafe.Pointer(ts.g)))
+
+	// faking funcs in go is a bit a... involved - but the following works :)
+	fn := uintptr(unsafe.Pointer(&ts.fn))
+	(*(*func())(unsafe.Pointer(&fn)))()
+
+	return nil
+}
+
+// here we will store a pointer to the provided setg func
+var setg_func uintptr
+
+//go:nosplit
+func x_cgo_init(g *G, setg uintptr) {
+	var size size_t
+	var attr *pthread_attr_t
+
+	/* The memory sanitizer distributed with versions of clang
+	   before 3.8 has a bug: if you call mmap before malloc, mmap
+	   may return an address that is later overwritten by the msan
+	   library.  Avoid this problem by forcing a call to malloc
+	   here, before we ever call malloc.
+
+	   This is only required for the memory sanitizer, so it's
+	   unfortunate that we always run it.  It should be possible
+	   to remove this when we no longer care about versions of
+	   clang before 3.8.  The test for this is
+	   misc/cgo/testsanitizers.
+
+	   GCC works hard to eliminate a seemingly unnecessary call to
+	   malloc, so we actually use the memory we allocate.  */
+
+	setg_func = setg
+	attr = (*pthread_attr_t)(malloc(unsafe.Sizeof(*attr)))
+	if attr == nil {
+		println("fakecgo: malloc failed")
+		abort()
+	}
+	pthread_attr_init(attr)
+	pthread_attr_getstacksize(attr, &size)
+	// runtime/cgo uses __builtin_frame_address(0) instead of `uintptr(unsafe.Pointer(&size))`
+	// but this should be OK since we are taking the address of the first variable in this function.
+	g.stacklo = uintptr(unsafe.Pointer(&size)) - uintptr(size) + 4096
+	pthread_attr_destroy(attr)
+	free(unsafe.Pointer(attr))
+}
diff --git a/vendor/github.com/ebitengine/purego/internal/fakecgo/go_linux_arm64.go b/vendor/github.com/ebitengine/purego/internal/fakecgo/go_linux_arm64.go
new file mode 100644
index 000000000..1db518e3a
--- /dev/null
+++ b/vendor/github.com/ebitengine/purego/internal/fakecgo/go_linux_arm64.go
@@ -0,0 +1,96 @@
+// Copyright 2011 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package fakecgo
+
+import "unsafe"
+
+//go:nosplit
+func _cgo_sys_thread_start(ts *ThreadStart) {
+	var attr pthread_attr_t
+	var ign, oset sigset_t
+	var p pthread_t
+	var size size_t
+	var err int
+
+	//fprintf(stderr, "runtime/cgo: _cgo_sys_thread_start: fn=%p, g=%p\n", ts->fn, ts->g); // debug
+	sigfillset(&ign)
+	pthread_sigmask(SIG_SETMASK, &ign, &oset)
+
+	pthread_attr_init(&attr)
+	pthread_attr_getstacksize(&attr, &size)
+	// Leave stacklo=0 and set stackhi=size; mstart will do the rest.
+	ts.g.stackhi = uintptr(size)
+
+	err = _cgo_try_pthread_create(&p, &attr, unsafe.Pointer(threadentry_trampolineABI0), ts)
+
+	pthread_sigmask(SIG_SETMASK, &oset, nil)
+
+	if err != 0 {
+		print("fakecgo: pthread_create failed: ")
+		println(err)
+		abort()
+	}
+}
+
+// threadentry_trampolineABI0 maps the C ABI to Go ABI then calls the Go function
+//
+//go:linkname x_threadentry_trampoline threadentry_trampoline
+var x_threadentry_trampoline byte
+var threadentry_trampolineABI0 = &x_threadentry_trampoline
+
+//go:nosplit
+func threadentry(v unsafe.Pointer) unsafe.Pointer {
+	ts := *(*ThreadStart)(v)
+	free(v)
+
+	setg_trampoline(setg_func, uintptr(unsafe.Pointer(ts.g)))
+
+	// faking funcs in go is a bit a... involved - but the following works :)
+	fn := uintptr(unsafe.Pointer(&ts.fn))
+	(*(*func())(unsafe.Pointer(&fn)))()
+
+	return nil
+}
+
+// here we will store a pointer to the provided setg func
+var setg_func uintptr
+
+// x_cgo_init(G *g, void (*setg)(void*)) (runtime/cgo/gcc_linux_amd64.c)
+// This get's called during startup, adjusts stacklo, and provides a pointer to setg_gcc for us
+// Additionally, if we set _cgo_init to non-null, go won't do it's own TLS setup
+// This function can't be go:systemstack since go is not in a state where the systemcheck would work.
+//
+//go:nosplit
+func x_cgo_init(g *G, setg uintptr) {
+	var size size_t
+	var attr *pthread_attr_t
+
+	/* The memory sanitizer distributed with versions of clang
+	   before 3.8 has a bug: if you call mmap before malloc, mmap
+	   may return an address that is later overwritten by the msan
+	   library.  Avoid this problem by forcing a call to malloc
+	   here, before we ever call malloc.
+
+	   This is only required for the memory sanitizer, so it's
+	   unfortunate that we always run it.  It should be possible
+	   to remove this when we no longer care about versions of
+	   clang before 3.8.  The test for this is
+	   misc/cgo/testsanitizers.
+
+	   GCC works hard to eliminate a seemingly unnecessary call to
+	   malloc, so we actually use the memory we allocate.  */
+
+	setg_func = setg
+	attr = (*pthread_attr_t)(malloc(unsafe.Sizeof(*attr)))
+	if attr == nil {
+		println("fakecgo: malloc failed")
+		abort()
+	}
+	pthread_attr_init(attr)
+	pthread_attr_getstacksize(attr, &size)
+	g.stacklo = uintptr(unsafe.Pointer(&size)) - uintptr(size) + 4096
+	pthread_attr_destroy(attr)
+	free(unsafe.Pointer(attr))
+}
diff --git a/vendor/github.com/ebitengine/purego/internal/fakecgo/go_setenv.go b/vendor/github.com/ebitengine/purego/internal/fakecgo/go_setenv.go
new file mode 100644
index 000000000..818372ea0
--- /dev/null
+++ b/vendor/github.com/ebitengine/purego/internal/fakecgo/go_setenv.go
@@ -0,0 +1,18 @@
+// SPDX-License-Identifier: Apache-2.0
+// SPDX-FileCopyrightText: 2022 The Ebitengine Authors
+
+//go:build darwin || freebsd || linux
+
+package fakecgo
+
+//go:nosplit
+//go:norace
+func x_cgo_setenv(arg *[2]*byte) {
+	setenv(arg[0], arg[1], 1)
+}
+
+//go:nosplit
+//go:norace
+func x_cgo_unsetenv(arg *[1]*byte) {
+	unsetenv(arg[0])
+}
diff --git a/vendor/github.com/ebitengine/purego/internal/fakecgo/go_util.go b/vendor/github.com/ebitengine/purego/internal/fakecgo/go_util.go
new file mode 100644
index 000000000..7a43b42b6
--- /dev/null
+++ b/vendor/github.com/ebitengine/purego/internal/fakecgo/go_util.go
@@ -0,0 +1,33 @@
+// SPDX-License-Identifier: Apache-2.0
+// SPDX-FileCopyrightText: 2022 The Ebitengine Authors
+
+//go:build darwin || freebsd || linux
+
+package fakecgo
+
+import "unsafe"
+
+// _cgo_thread_start is split into three parts in cgo since only one part is system dependent (keep it here for easier handling)
+
+// _cgo_thread_start(ThreadStart *arg) (runtime/cgo/gcc_util.c)
+// This get's called instead of the go code for creating new threads
+// -> pthread_* stuff is used, so threads are setup correctly for C
+// If this is missing, TLS is only setup correctly on thread 1!
+// This function should be go:systemstack instead of go:nosplit (but that requires runtime)
+//
+//go:nosplit
+//go:norace
+func x_cgo_thread_start(arg *ThreadStart) {
+	var ts *ThreadStart
+	// Make our own copy that can persist after we return.
+	//	_cgo_tsan_acquire();
+	ts = (*ThreadStart)(malloc(unsafe.Sizeof(*ts)))
+	//	_cgo_tsan_release();
+	if ts == nil {
+		println("fakecgo: out of memory in thread_start")
+		abort()
+	}
+	// *ts = *arg would cause a writebarrier so use memmove instead
+	memmove(unsafe.Pointer(ts), unsafe.Pointer(arg), unsafe.Sizeof(*ts))
+	_cgo_sys_thread_start(ts) // OS-dependent half
+}
diff --git a/vendor/github.com/ebitengine/purego/internal/fakecgo/iscgo.go b/vendor/github.com/ebitengine/purego/internal/fakecgo/iscgo.go
new file mode 100644
index 000000000..ce17d1828
--- /dev/null
+++ b/vendor/github.com/ebitengine/purego/internal/fakecgo/iscgo.go
@@ -0,0 +1,19 @@
+// Copyright 2010 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build darwin || freebsd || linux
+
+// The runtime package contains an uninitialized definition
+// for runtime·iscgo. Override it to tell the runtime we're here.
+// There are various function pointers that should be set too,
+// but those depend on dynamic linker magic to get initialized
+// correctly, and sometimes they break. This variable is a
+// backup: it depends only on old C style static linking rules.
+
+package fakecgo
+
+import _ "unsafe" // for go:linkname
+
+//go:linkname _iscgo runtime.iscgo
+var _iscgo bool = true
diff --git a/vendor/github.com/ebitengine/purego/internal/fakecgo/libcgo.go b/vendor/github.com/ebitengine/purego/internal/fakecgo/libcgo.go
new file mode 100644
index 000000000..c12d403c3
--- /dev/null
+++ b/vendor/github.com/ebitengine/purego/internal/fakecgo/libcgo.go
@@ -0,0 +1,35 @@
+// SPDX-License-Identifier: Apache-2.0
+// SPDX-FileCopyrightText: 2022 The Ebitengine Authors
+
+//go:build darwin || freebsd || linux
+
+package fakecgo
+
+type (
+	size_t         uintptr
+	sigset_t       [128]byte
+	pthread_attr_t [64]byte
+	pthread_t      int
+	pthread_key_t  uint64
+)
+
+// for pthread_sigmask:
+
+type sighow int32
+
+const (
+	SIG_BLOCK   sighow = 0
+	SIG_UNBLOCK sighow = 1
+	SIG_SETMASK sighow = 2
+)
+
+type G struct {
+	stacklo uintptr
+	stackhi uintptr
+}
+
+type ThreadStart struct {
+	g   *G
+	tls *uintptr
+	fn  uintptr
+}
diff --git a/vendor/github.com/ebitengine/purego/internal/fakecgo/libcgo_darwin.go b/vendor/github.com/ebitengine/purego/internal/fakecgo/libcgo_darwin.go
new file mode 100644
index 000000000..03c917183
--- /dev/null
+++ b/vendor/github.com/ebitengine/purego/internal/fakecgo/libcgo_darwin.go
@@ -0,0 +1,20 @@
+// SPDX-License-Identifier: Apache-2.0
+// SPDX-FileCopyrightText: 2022 The Ebitengine Authors
+
+package fakecgo
+
+type (
+	pthread_mutex_t struct {
+		sig    int64
+		opaque [56]byte
+	}
+	pthread_cond_t struct {
+		sig    int64
+		opaque [40]byte
+	}
+)
+
+var (
+	PTHREAD_COND_INITIALIZER  = pthread_cond_t{sig: 0x3CB0B1BB}
+	PTHREAD_MUTEX_INITIALIZER = pthread_mutex_t{sig: 0x32AAABA7}
+)
diff --git a/vendor/github.com/ebitengine/purego/internal/fakecgo/libcgo_freebsd.go b/vendor/github.com/ebitengine/purego/internal/fakecgo/libcgo_freebsd.go
new file mode 100644
index 000000000..baf03fa85
--- /dev/null
+++ b/vendor/github.com/ebitengine/purego/internal/fakecgo/libcgo_freebsd.go
@@ -0,0 +1,14 @@
+// SPDX-License-Identifier: Apache-2.0
+// SPDX-FileCopyrightText: 2022 The Ebitengine Authors
+
+package fakecgo
+
+type (
+	pthread_cond_t  uintptr
+	pthread_mutex_t uintptr
+)
+
+var (
+	PTHREAD_COND_INITIALIZER  = pthread_cond_t(0)
+	PTHREAD_MUTEX_INITIALIZER = pthread_mutex_t(0)
+)
diff --git a/vendor/github.com/ebitengine/purego/internal/fakecgo/libcgo_linux.go b/vendor/github.com/ebitengine/purego/internal/fakecgo/libcgo_linux.go
new file mode 100644
index 000000000..93aa5b26e
--- /dev/null
+++ b/vendor/github.com/ebitengine/purego/internal/fakecgo/libcgo_linux.go
@@ -0,0 +1,14 @@
+// SPDX-License-Identifier: Apache-2.0
+// SPDX-FileCopyrightText: 2022 The Ebitengine Authors
+
+package fakecgo
+
+type (
+	pthread_cond_t  [48]byte
+	pthread_mutex_t [48]byte
+)
+
+var (
+	PTHREAD_COND_INITIALIZER  = pthread_cond_t{}
+	PTHREAD_MUTEX_INITIALIZER = pthread_mutex_t{}
+)
diff --git a/vendor/github.com/ebitengine/purego/internal/fakecgo/setenv.go b/vendor/github.com/ebitengine/purego/internal/fakecgo/setenv.go
new file mode 100644
index 000000000..b69d4b39f
--- /dev/null
+++ b/vendor/github.com/ebitengine/purego/internal/fakecgo/setenv.go
@@ -0,0 +1,19 @@
+// Copyright 2011 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build darwin || freebsd || linux
+
+package fakecgo
+
+import _ "unsafe" // for go:linkname
+
+//go:linkname x_cgo_setenv_trampoline x_cgo_setenv_trampoline
+//go:linkname _cgo_setenv runtime._cgo_setenv
+var x_cgo_setenv_trampoline byte
+var _cgo_setenv = &x_cgo_setenv_trampoline
+
+//go:linkname x_cgo_unsetenv_trampoline x_cgo_unsetenv_trampoline
+//go:linkname _cgo_unsetenv runtime._cgo_unsetenv
+var x_cgo_unsetenv_trampoline byte
+var _cgo_unsetenv = &x_cgo_unsetenv_trampoline
diff --git a/vendor/github.com/ebitengine/purego/internal/fakecgo/symbols.go b/vendor/github.com/ebitengine/purego/internal/fakecgo/symbols.go
new file mode 100644
index 000000000..d7401f705
--- /dev/null
+++ b/vendor/github.com/ebitengine/purego/internal/fakecgo/symbols.go
@@ -0,0 +1,184 @@
+// Code generated by 'go generate' with gen.go. DO NOT EDIT.
+
+// SPDX-License-Identifier: Apache-2.0
+// SPDX-FileCopyrightText: 2022 The Ebitengine Authors
+
+//go:build darwin || freebsd || linux
+
+package fakecgo
+
+import (
+	"syscall"
+	"unsafe"
+)
+
+// setg_trampoline calls setg with the G provided
+func setg_trampoline(setg uintptr, G uintptr)
+
+//go:linkname memmove runtime.memmove
+func memmove(to, from unsafe.Pointer, n uintptr)
+
+// call5 takes fn the C function and 5 arguments and calls the function with those arguments
+func call5(fn, a1, a2, a3, a4, a5 uintptr) uintptr
+
+func malloc(size uintptr) unsafe.Pointer {
+	ret := call5(mallocABI0, uintptr(size), 0, 0, 0, 0)
+	// this indirection is to avoid go vet complaining about possible misuse of unsafe.Pointer
+	return *(*unsafe.Pointer)(unsafe.Pointer(&ret))
+}
+
+func free(ptr unsafe.Pointer) {
+	call5(freeABI0, uintptr(ptr), 0, 0, 0, 0)
+}
+
+func setenv(name *byte, value *byte, overwrite int32) int32 {
+	return int32(call5(setenvABI0, uintptr(unsafe.Pointer(name)), uintptr(unsafe.Pointer(value)), uintptr(overwrite), 0, 0))
+}
+
+func unsetenv(name *byte) int32 {
+	return int32(call5(unsetenvABI0, uintptr(unsafe.Pointer(name)), 0, 0, 0, 0))
+}
+
+func sigfillset(set *sigset_t) int32 {
+	return int32(call5(sigfillsetABI0, uintptr(unsafe.Pointer(set)), 0, 0, 0, 0))
+}
+
+func nanosleep(ts *syscall.Timespec, rem *syscall.Timespec) int32 {
+	return int32(call5(nanosleepABI0, uintptr(unsafe.Pointer(ts)), uintptr(unsafe.Pointer(rem)), 0, 0, 0))
+}
+
+func abort() {
+	call5(abortABI0, 0, 0, 0, 0, 0)
+}
+
+func pthread_attr_init(attr *pthread_attr_t) int32 {
+	return int32(call5(pthread_attr_initABI0, uintptr(unsafe.Pointer(attr)), 0, 0, 0, 0))
+}
+
+func pthread_create(thread *pthread_t, attr *pthread_attr_t, start unsafe.Pointer, arg unsafe.Pointer) int32 {
+	return int32(call5(pthread_createABI0, uintptr(unsafe.Pointer(thread)), uintptr(unsafe.Pointer(attr)), uintptr(start), uintptr(arg), 0))
+}
+
+func pthread_detach(thread pthread_t) int32 {
+	return int32(call5(pthread_detachABI0, uintptr(thread), 0, 0, 0, 0))
+}
+
+func pthread_sigmask(how sighow, ign *sigset_t, oset *sigset_t) int32 {
+	return int32(call5(pthread_sigmaskABI0, uintptr(how), uintptr(unsafe.Pointer(ign)), uintptr(unsafe.Pointer(oset)), 0, 0))
+}
+
+func pthread_self() pthread_t {
+	return pthread_t(call5(pthread_selfABI0, 0, 0, 0, 0, 0))
+}
+
+func pthread_get_stacksize_np(thread pthread_t) size_t {
+	return size_t(call5(pthread_get_stacksize_npABI0, uintptr(thread), 0, 0, 0, 0))
+}
+
+func pthread_attr_getstacksize(attr *pthread_attr_t, stacksize *size_t) int32 {
+	return int32(call5(pthread_attr_getstacksizeABI0, uintptr(unsafe.Pointer(attr)), uintptr(unsafe.Pointer(stacksize)), 0, 0, 0))
+}
+
+func pthread_attr_setstacksize(attr *pthread_attr_t, size size_t) int32 {
+	return int32(call5(pthread_attr_setstacksizeABI0, uintptr(unsafe.Pointer(attr)), uintptr(size), 0, 0, 0))
+}
+
+func pthread_attr_destroy(attr *pthread_attr_t) int32 {
+	return int32(call5(pthread_attr_destroyABI0, uintptr(unsafe.Pointer(attr)), 0, 0, 0, 0))
+}
+
+func pthread_mutex_lock(mutex *pthread_mutex_t) int32 {
+	return int32(call5(pthread_mutex_lockABI0, uintptr(unsafe.Pointer(mutex)), 0, 0, 0, 0))
+}
+
+func pthread_mutex_unlock(mutex *pthread_mutex_t) int32 {
+	return int32(call5(pthread_mutex_unlockABI0, uintptr(unsafe.Pointer(mutex)), 0, 0, 0, 0))
+}
+
+func pthread_cond_broadcast(cond *pthread_cond_t) int32 {
+	return int32(call5(pthread_cond_broadcastABI0, uintptr(unsafe.Pointer(cond)), 0, 0, 0, 0))
+}
+
+func pthread_setspecific(key pthread_key_t, value unsafe.Pointer) int32 {
+	return int32(call5(pthread_setspecificABI0, uintptr(key), uintptr(value), 0, 0, 0))
+}
+
+//go:linkname _malloc _malloc
+var _malloc uintptr
+var mallocABI0 = uintptr(unsafe.Pointer(&_malloc))
+
+//go:linkname _free _free
+var _free uintptr
+var freeABI0 = uintptr(unsafe.Pointer(&_free))
+
+//go:linkname _setenv _setenv
+var _setenv uintptr
+var setenvABI0 = uintptr(unsafe.Pointer(&_setenv))
+
+//go:linkname _unsetenv _unsetenv
+var _unsetenv uintptr
+var unsetenvABI0 = uintptr(unsafe.Pointer(&_unsetenv))
+
+//go:linkname _sigfillset _sigfillset
+var _sigfillset uintptr
+var sigfillsetABI0 = uintptr(unsafe.Pointer(&_sigfillset))
+
+//go:linkname _nanosleep _nanosleep
+var _nanosleep uintptr
+var nanosleepABI0 = uintptr(unsafe.Pointer(&_nanosleep))
+
+//go:linkname _abort _abort
+var _abort uintptr
+var abortABI0 = uintptr(unsafe.Pointer(&_abort))
+
+//go:linkname _pthread_attr_init _pthread_attr_init
+var _pthread_attr_init uintptr
+var pthread_attr_initABI0 = uintptr(unsafe.Pointer(&_pthread_attr_init))
+
+//go:linkname _pthread_create _pthread_create
+var _pthread_create uintptr
+var pthread_createABI0 = uintptr(unsafe.Pointer(&_pthread_create))
+
+//go:linkname _pthread_detach _pthread_detach
+var _pthread_detach uintptr
+var pthread_detachABI0 = uintptr(unsafe.Pointer(&_pthread_detach))
+
+//go:linkname _pthread_sigmask _pthread_sigmask
+var _pthread_sigmask uintptr
+var pthread_sigmaskABI0 = uintptr(unsafe.Pointer(&_pthread_sigmask))
+
+//go:linkname _pthread_self _pthread_self
+var _pthread_self uintptr
+var pthread_selfABI0 = uintptr(unsafe.Pointer(&_pthread_self))
+
+//go:linkname _pthread_get_stacksize_np _pthread_get_stacksize_np
+var _pthread_get_stacksize_np uintptr
+var pthread_get_stacksize_npABI0 = uintptr(unsafe.Pointer(&_pthread_get_stacksize_np))
+
+//go:linkname _pthread_attr_getstacksize _pthread_attr_getstacksize
+var _pthread_attr_getstacksize uintptr
+var pthread_attr_getstacksizeABI0 = uintptr(unsafe.Pointer(&_pthread_attr_getstacksize))
+
+//go:linkname _pthread_attr_setstacksize _pthread_attr_setstacksize
+var _pthread_attr_setstacksize uintptr
+var pthread_attr_setstacksizeABI0 = uintptr(unsafe.Pointer(&_pthread_attr_setstacksize))
+
+//go:linkname _pthread_attr_destroy _pthread_attr_destroy
+var _pthread_attr_destroy uintptr
+var pthread_attr_destroyABI0 = uintptr(unsafe.Pointer(&_pthread_attr_destroy))
+
+//go:linkname _pthread_mutex_lock _pthread_mutex_lock
+var _pthread_mutex_lock uintptr
+var pthread_mutex_lockABI0 = uintptr(unsafe.Pointer(&_pthread_mutex_lock))
+
+//go:linkname _pthread_mutex_unlock _pthread_mutex_unlock
+var _pthread_mutex_unlock uintptr
+var pthread_mutex_unlockABI0 = uintptr(unsafe.Pointer(&_pthread_mutex_unlock))
+
+//go:linkname _pthread_cond_broadcast _pthread_cond_broadcast
+var _pthread_cond_broadcast uintptr
+var pthread_cond_broadcastABI0 = uintptr(unsafe.Pointer(&_pthread_cond_broadcast))
+
+//go:linkname _pthread_setspecific _pthread_setspecific
+var _pthread_setspecific uintptr
+var pthread_setspecificABI0 = uintptr(unsafe.Pointer(&_pthread_setspecific))
diff --git a/vendor/github.com/ebitengine/purego/internal/fakecgo/symbols_darwin.go b/vendor/github.com/ebitengine/purego/internal/fakecgo/symbols_darwin.go
new file mode 100644
index 000000000..7341fecd4
--- /dev/null
+++ b/vendor/github.com/ebitengine/purego/internal/fakecgo/symbols_darwin.go
@@ -0,0 +1,27 @@
+// Code generated by 'go generate' with gen.go. DO NOT EDIT.
+
+// SPDX-License-Identifier: Apache-2.0
+// SPDX-FileCopyrightText: 2022 The Ebitengine Authors
+
+package fakecgo
+
+//go:cgo_import_dynamic purego_malloc malloc "/usr/lib/libSystem.B.dylib"
+//go:cgo_import_dynamic purego_free free "/usr/lib/libSystem.B.dylib"
+//go:cgo_import_dynamic purego_setenv setenv "/usr/lib/libSystem.B.dylib"
+//go:cgo_import_dynamic purego_unsetenv unsetenv "/usr/lib/libSystem.B.dylib"
+//go:cgo_import_dynamic purego_sigfillset sigfillset "/usr/lib/libSystem.B.dylib"
+//go:cgo_import_dynamic purego_nanosleep nanosleep "/usr/lib/libSystem.B.dylib"
+//go:cgo_import_dynamic purego_abort abort "/usr/lib/libSystem.B.dylib"
+//go:cgo_import_dynamic purego_pthread_attr_init pthread_attr_init "/usr/lib/libSystem.B.dylib"
+//go:cgo_import_dynamic purego_pthread_create pthread_create "/usr/lib/libSystem.B.dylib"
+//go:cgo_import_dynamic purego_pthread_detach pthread_detach "/usr/lib/libSystem.B.dylib"
+//go:cgo_import_dynamic purego_pthread_sigmask pthread_sigmask "/usr/lib/libSystem.B.dylib"
+//go:cgo_import_dynamic purego_pthread_self pthread_self "/usr/lib/libSystem.B.dylib"
+//go:cgo_import_dynamic purego_pthread_get_stacksize_np pthread_get_stacksize_np "/usr/lib/libSystem.B.dylib"
+//go:cgo_import_dynamic purego_pthread_attr_getstacksize pthread_attr_getstacksize "/usr/lib/libSystem.B.dylib"
+//go:cgo_import_dynamic purego_pthread_attr_setstacksize pthread_attr_setstacksize "/usr/lib/libSystem.B.dylib"
+//go:cgo_import_dynamic purego_pthread_attr_destroy pthread_attr_destroy "/usr/lib/libSystem.B.dylib"
+//go:cgo_import_dynamic purego_pthread_mutex_lock pthread_mutex_lock "/usr/lib/libSystem.B.dylib"
+//go:cgo_import_dynamic purego_pthread_mutex_unlock pthread_mutex_unlock "/usr/lib/libSystem.B.dylib"
+//go:cgo_import_dynamic purego_pthread_cond_broadcast pthread_cond_broadcast "/usr/lib/libSystem.B.dylib"
+//go:cgo_import_dynamic purego_pthread_setspecific pthread_setspecific "/usr/lib/libSystem.B.dylib"
diff --git a/vendor/github.com/ebitengine/purego/internal/fakecgo/symbols_freebsd.go b/vendor/github.com/ebitengine/purego/internal/fakecgo/symbols_freebsd.go
new file mode 100644
index 000000000..bff096d51
--- /dev/null
+++ b/vendor/github.com/ebitengine/purego/internal/fakecgo/symbols_freebsd.go
@@ -0,0 +1,27 @@
+// Code generated by 'go generate' with gen.go. DO NOT EDIT.
+
+// SPDX-License-Identifier: Apache-2.0
+// SPDX-FileCopyrightText: 2022 The Ebitengine Authors
+
+package fakecgo
+
+//go:cgo_import_dynamic purego_malloc malloc "libc.so.7"
+//go:cgo_import_dynamic purego_free free "libc.so.7"
+//go:cgo_import_dynamic purego_setenv setenv "libc.so.7"
+//go:cgo_import_dynamic purego_unsetenv unsetenv "libc.so.7"
+//go:cgo_import_dynamic purego_sigfillset sigfillset "libc.so.7"
+//go:cgo_import_dynamic purego_nanosleep nanosleep "libc.so.7"
+//go:cgo_import_dynamic purego_abort abort "libc.so.7"
+//go:cgo_import_dynamic purego_pthread_attr_init pthread_attr_init "libpthread.so"
+//go:cgo_import_dynamic purego_pthread_create pthread_create "libpthread.so"
+//go:cgo_import_dynamic purego_pthread_detach pthread_detach "libpthread.so"
+//go:cgo_import_dynamic purego_pthread_sigmask pthread_sigmask "libpthread.so"
+//go:cgo_import_dynamic purego_pthread_self pthread_self "libpthread.so"
+//go:cgo_import_dynamic purego_pthread_get_stacksize_np pthread_get_stacksize_np "libpthread.so"
+//go:cgo_import_dynamic purego_pthread_attr_getstacksize pthread_attr_getstacksize "libpthread.so"
+//go:cgo_import_dynamic purego_pthread_attr_setstacksize pthread_attr_setstacksize "libpthread.so"
+//go:cgo_import_dynamic purego_pthread_attr_destroy pthread_attr_destroy "libpthread.so"
+//go:cgo_import_dynamic purego_pthread_mutex_lock pthread_mutex_lock "libpthread.so"
+//go:cgo_import_dynamic purego_pthread_mutex_unlock pthread_mutex_unlock "libpthread.so"
+//go:cgo_import_dynamic purego_pthread_cond_broadcast pthread_cond_broadcast "libpthread.so"
+//go:cgo_import_dynamic purego_pthread_setspecific pthread_setspecific "libpthread.so"
diff --git a/vendor/github.com/ebitengine/purego/internal/fakecgo/symbols_linux.go b/vendor/github.com/ebitengine/purego/internal/fakecgo/symbols_linux.go
new file mode 100644
index 000000000..ee3ab7aaf
--- /dev/null
+++ b/vendor/github.com/ebitengine/purego/internal/fakecgo/symbols_linux.go
@@ -0,0 +1,27 @@
+// Code generated by 'go generate' with gen.go. DO NOT EDIT.
+
+// SPDX-License-Identifier: Apache-2.0
+// SPDX-FileCopyrightText: 2022 The Ebitengine Authors
+
+package fakecgo
+
+//go:cgo_import_dynamic purego_malloc malloc "libc.so.6"
+//go:cgo_import_dynamic purego_free free "libc.so.6"
+//go:cgo_import_dynamic purego_setenv setenv "libc.so.6"
+//go:cgo_import_dynamic purego_unsetenv unsetenv "libc.so.6"
+//go:cgo_import_dynamic purego_sigfillset sigfillset "libc.so.6"
+//go:cgo_import_dynamic purego_nanosleep nanosleep "libc.so.6"
+//go:cgo_import_dynamic purego_abort abort "libc.so.6"
+//go:cgo_import_dynamic purego_pthread_attr_init pthread_attr_init "libpthread.so.0"
+//go:cgo_import_dynamic purego_pthread_create pthread_create "libpthread.so.0"
+//go:cgo_import_dynamic purego_pthread_detach pthread_detach "libpthread.so.0"
+//go:cgo_import_dynamic purego_pthread_sigmask pthread_sigmask "libpthread.so.0"
+//go:cgo_import_dynamic purego_pthread_self pthread_self "libpthread.so.0"
+//go:cgo_import_dynamic purego_pthread_get_stacksize_np pthread_get_stacksize_np "libpthread.so.0"
+//go:cgo_import_dynamic purego_pthread_attr_getstacksize pthread_attr_getstacksize "libpthread.so.0"
+//go:cgo_import_dynamic purego_pthread_attr_setstacksize pthread_attr_setstacksize "libpthread.so.0"
+//go:cgo_import_dynamic purego_pthread_attr_destroy pthread_attr_destroy "libpthread.so.0"
+//go:cgo_import_dynamic purego_pthread_mutex_lock pthread_mutex_lock "libpthread.so.0"
+//go:cgo_import_dynamic purego_pthread_mutex_unlock pthread_mutex_unlock "libpthread.so.0"
+//go:cgo_import_dynamic purego_pthread_cond_broadcast pthread_cond_broadcast "libpthread.so.0"
+//go:cgo_import_dynamic purego_pthread_setspecific pthread_setspecific "libpthread.so.0"
diff --git a/vendor/github.com/ebitengine/purego/internal/fakecgo/trampolines_amd64.s b/vendor/github.com/ebitengine/purego/internal/fakecgo/trampolines_amd64.s
new file mode 100644
index 000000000..24b620606
--- /dev/null
+++ b/vendor/github.com/ebitengine/purego/internal/fakecgo/trampolines_amd64.s
@@ -0,0 +1,104 @@
+// SPDX-License-Identifier: Apache-2.0
+// SPDX-FileCopyrightText: 2022 The Ebitengine Authors
+
+//go:build darwin || linux || freebsd
+
+/*
+trampoline for emulating required C functions for cgo in go (see cgo.go)
+(we convert cdecl calling convention to go and vice-versa)
+
+Since we're called from go and call into C we can cheat a bit with the calling conventions:
+ - in go all the registers are caller saved
+ - in C we have a couple of callee saved registers
+
+=> we can use BX, R12, R13, R14, R15 instead of the stack
+
+C Calling convention cdecl used here (we only need integer args):
+1. arg: DI
+2. arg: SI
+3. arg: DX
+4. arg: CX
+5. arg: R8
+6. arg: R9
+We don't need floats with these functions -> AX=0
+return value will be in AX
+*/
+#include "textflag.h"
+#include "go_asm.h"
+
+// these trampolines map the gcc ABI to Go ABI and then calls into the Go equivalent functions.
+
+TEXT x_cgo_init_trampoline(SB), NOSPLIT, $16
+	MOVQ DI, AX
+	MOVQ SI, BX
+	MOVQ ·x_cgo_init_call(SB), DX
+	MOVQ (DX), CX
+	CALL CX
+	RET
+
+TEXT x_cgo_thread_start_trampoline(SB), NOSPLIT, $8
+	MOVQ DI, AX
+	MOVQ ·x_cgo_thread_start_call(SB), DX
+	MOVQ (DX), CX
+	CALL CX
+	RET
+
+TEXT x_cgo_setenv_trampoline(SB), NOSPLIT, $8
+	MOVQ DI, AX
+	MOVQ ·x_cgo_setenv_call(SB), DX
+	MOVQ (DX), CX
+	CALL CX
+	RET
+
+TEXT x_cgo_unsetenv_trampoline(SB), NOSPLIT, $8
+	MOVQ DI, AX
+	MOVQ ·x_cgo_unsetenv_call(SB), DX
+	MOVQ (DX), CX
+	CALL CX
+	RET
+
+TEXT x_cgo_notify_runtime_init_done_trampoline(SB), NOSPLIT, $0
+	CALL ·x_cgo_notify_runtime_init_done(SB)
+	RET
+
+TEXT x_cgo_bindm_trampoline(SB), NOSPLIT, $0
+	CALL ·x_cgo_bindm(SB)
+	RET
+
+// func setg_trampoline(setg uintptr, g uintptr)
+TEXT ·setg_trampoline(SB), NOSPLIT, $0-16
+	MOVQ G+8(FP), DI
+	MOVQ setg+0(FP), BX
+	XORL AX, AX
+	CALL BX
+	RET
+
+TEXT threadentry_trampoline(SB), NOSPLIT, $16
+	MOVQ DI, AX
+	MOVQ ·threadentry_call(SB), DX
+	MOVQ (DX), CX
+	CALL CX
+	RET
+
+TEXT ·call5(SB), NOSPLIT, $0-56
+	MOVQ fn+0(FP), BX
+	MOVQ a1+8(FP), DI
+	MOVQ a2+16(FP), SI
+	MOVQ a3+24(FP), DX
+	MOVQ a4+32(FP), CX
+	MOVQ a5+40(FP), R8
+
+	XORL AX, AX // no floats
+
+	PUSHQ BP       // save BP
+	MOVQ  SP, BP   // save SP inside BP bc BP is callee-saved
+	SUBQ  $16, SP  // allocate space for alignment
+	ANDQ  $-16, SP // align on 16 bytes for SSE
+
+	CALL BX
+
+	MOVQ BP, SP // get SP back
+	POPQ BP     // restore BP
+
+	MOVQ AX, ret+48(FP)
+	RET
diff --git a/vendor/github.com/ebitengine/purego/internal/fakecgo/trampolines_arm64.s b/vendor/github.com/ebitengine/purego/internal/fakecgo/trampolines_arm64.s
new file mode 100644
index 000000000..9c80fe2f6
--- /dev/null
+++ b/vendor/github.com/ebitengine/purego/internal/fakecgo/trampolines_arm64.s
@@ -0,0 +1,72 @@
+// SPDX-License-Identifier: Apache-2.0
+// SPDX-FileCopyrightText: 2022 The Ebitengine Authors
+
+//go:build darwin || freebsd || linux
+
+#include "textflag.h"
+#include "go_asm.h"
+
+// these trampolines map the gcc ABI to Go ABI and then calls into the Go equivalent functions.
+
+TEXT x_cgo_init_trampoline(SB), NOSPLIT, $0-0
+	MOVD R0, 8(RSP)
+	MOVD R1, 16(RSP)
+	MOVD ·x_cgo_init_call(SB), R26
+	MOVD (R26), R2
+	CALL (R2)
+	RET
+
+TEXT x_cgo_thread_start_trampoline(SB), NOSPLIT, $0-0
+	MOVD R0, 8(RSP)
+	MOVD ·x_cgo_thread_start_call(SB), R26
+	MOVD (R26), R2
+	CALL (R2)
+	RET
+
+TEXT x_cgo_setenv_trampoline(SB), NOSPLIT, $0-0
+	MOVD R0, 8(RSP)
+	MOVD ·x_cgo_setenv_call(SB), R26
+	MOVD (R26), R2
+	CALL (R2)
+	RET
+
+TEXT x_cgo_unsetenv_trampoline(SB), NOSPLIT, $0-0
+	MOVD R0, 8(RSP)
+	MOVD ·x_cgo_unsetenv_call(SB), R26
+	MOVD (R26), R2
+	CALL (R2)
+	RET
+
+TEXT x_cgo_notify_runtime_init_done_trampoline(SB), NOSPLIT, $0-0
+	CALL ·x_cgo_notify_runtime_init_done(SB)
+	RET
+
+TEXT x_cgo_bindm_trampoline(SB), NOSPLIT, $0
+	CALL ·x_cgo_bindm(SB)
+	RET
+
+// func setg_trampoline(setg uintptr, g uintptr)
+TEXT ·setg_trampoline(SB), NOSPLIT, $0-16
+	MOVD G+8(FP), R0
+	MOVD setg+0(FP), R1
+	CALL R1
+	RET
+
+TEXT threadentry_trampoline(SB), NOSPLIT, $0-0
+	MOVD R0, 8(RSP)
+	MOVD ·threadentry_call(SB), R26
+	MOVD (R26), R2
+	CALL (R2)
+	MOVD $0, R0                     // TODO: get the return value from threadentry
+	RET
+
+TEXT ·call5(SB), NOSPLIT, $0-0
+	MOVD fn+0(FP), R6
+	MOVD a1+8(FP), R0
+	MOVD a2+16(FP), R1
+	MOVD a3+24(FP), R2
+	MOVD a4+32(FP), R3
+	MOVD a5+40(FP), R4
+	CALL R6
+	MOVD R0, ret+48(FP)
+	RET
diff --git a/vendor/github.com/ebitengine/purego/internal/fakecgo/trampolines_stubs.s b/vendor/github.com/ebitengine/purego/internal/fakecgo/trampolines_stubs.s
new file mode 100644
index 000000000..e8726376d
--- /dev/null
+++ b/vendor/github.com/ebitengine/purego/internal/fakecgo/trampolines_stubs.s
@@ -0,0 +1,90 @@
+// Code generated by 'go generate' with gen.go. DO NOT EDIT.
+
+// SPDX-License-Identifier: Apache-2.0
+// SPDX-FileCopyrightText: 2022 The Ebitengine Authors
+
+//go:build darwin || freebsd || linux
+
+#include "textflag.h"
+
+// these stubs are here because it is not possible to go:linkname directly the C functions on darwin arm64
+
+TEXT _malloc(SB), NOSPLIT|NOFRAME, $0-0
+	JMP purego_malloc(SB)
+	RET
+
+TEXT _free(SB), NOSPLIT|NOFRAME, $0-0
+	JMP purego_free(SB)
+	RET
+
+TEXT _setenv(SB), NOSPLIT|NOFRAME, $0-0
+	JMP purego_setenv(SB)
+	RET
+
+TEXT _unsetenv(SB), NOSPLIT|NOFRAME, $0-0
+	JMP purego_unsetenv(SB)
+	RET
+
+TEXT _sigfillset(SB), NOSPLIT|NOFRAME, $0-0
+	JMP purego_sigfillset(SB)
+	RET
+
+TEXT _nanosleep(SB), NOSPLIT|NOFRAME, $0-0
+	JMP purego_nanosleep(SB)
+	RET
+
+TEXT _abort(SB), NOSPLIT|NOFRAME, $0-0
+	JMP purego_abort(SB)
+	RET
+
+TEXT _pthread_attr_init(SB), NOSPLIT|NOFRAME, $0-0
+	JMP purego_pthread_attr_init(SB)
+	RET
+
+TEXT _pthread_create(SB), NOSPLIT|NOFRAME, $0-0
+	JMP purego_pthread_create(SB)
+	RET
+
+TEXT _pthread_detach(SB), NOSPLIT|NOFRAME, $0-0
+	JMP purego_pthread_detach(SB)
+	RET
+
+TEXT _pthread_sigmask(SB), NOSPLIT|NOFRAME, $0-0
+	JMP purego_pthread_sigmask(SB)
+	RET
+
+TEXT _pthread_self(SB), NOSPLIT|NOFRAME, $0-0
+	JMP purego_pthread_self(SB)
+	RET
+
+TEXT _pthread_get_stacksize_np(SB), NOSPLIT|NOFRAME, $0-0
+	JMP purego_pthread_get_stacksize_np(SB)
+	RET
+
+TEXT _pthread_attr_getstacksize(SB), NOSPLIT|NOFRAME, $0-0
+	JMP purego_pthread_attr_getstacksize(SB)
+	RET
+
+TEXT _pthread_attr_setstacksize(SB), NOSPLIT|NOFRAME, $0-0
+	JMP purego_pthread_attr_setstacksize(SB)
+	RET
+
+TEXT _pthread_attr_destroy(SB), NOSPLIT|NOFRAME, $0-0
+	JMP purego_pthread_attr_destroy(SB)
+	RET
+
+TEXT _pthread_mutex_lock(SB), NOSPLIT|NOFRAME, $0-0
+	JMP purego_pthread_mutex_lock(SB)
+	RET
+
+TEXT _pthread_mutex_unlock(SB), NOSPLIT|NOFRAME, $0-0
+	JMP purego_pthread_mutex_unlock(SB)
+	RET
+
+TEXT _pthread_cond_broadcast(SB), NOSPLIT|NOFRAME, $0-0
+	JMP purego_pthread_cond_broadcast(SB)
+	RET
+
+TEXT _pthread_setspecific(SB), NOSPLIT|NOFRAME, $0-0
+	JMP purego_pthread_setspecific(SB)
+	RET
diff --git a/vendor/github.com/ebitengine/purego/internal/strings/strings.go b/vendor/github.com/ebitengine/purego/internal/strings/strings.go
new file mode 100644
index 000000000..5b0d25225
--- /dev/null
+++ b/vendor/github.com/ebitengine/purego/internal/strings/strings.go
@@ -0,0 +1,40 @@
+// SPDX-License-Identifier: Apache-2.0
+// SPDX-FileCopyrightText: 2022 The Ebitengine Authors
+
+package strings
+
+import (
+	"unsafe"
+)
+
+// hasSuffix tests whether the string s ends with suffix.
+func hasSuffix(s, suffix string) bool {
+	return len(s) >= len(suffix) && s[len(s)-len(suffix):] == suffix
+}
+
+// CString converts a go string to *byte that can be passed to C code.
+func CString(name string) *byte {
+	if hasSuffix(name, "\x00") {
+		return &(*(*[]byte)(unsafe.Pointer(&name)))[0]
+	}
+	b := make([]byte, len(name)+1)
+	copy(b, name)
+	return &b[0]
+}
+
+// GoString copies a null-terminated char* to a Go string.
+func GoString(c uintptr) string {
+	// We take the address and then dereference it to trick go vet from creating a possible misuse of unsafe.Pointer
+	ptr := *(*unsafe.Pointer)(unsafe.Pointer(&c))
+	if ptr == nil {
+		return ""
+	}
+	var length int
+	for {
+		if *(*byte)(unsafe.Add(ptr, uintptr(length))) == '\x00' {
+			break
+		}
+		length++
+	}
+	return string(unsafe.Slice((*byte)(ptr), length))
+}
diff --git a/vendor/github.com/ebitengine/purego/is_ios.go b/vendor/github.com/ebitengine/purego/is_ios.go
new file mode 100644
index 000000000..ed31da978
--- /dev/null
+++ b/vendor/github.com/ebitengine/purego/is_ios.go
@@ -0,0 +1,13 @@
+// SPDX-License-Identifier: Apache-2.0
+// SPDX-FileCopyrightText: 2022 The Ebitengine Authors
+
+//go:build !cgo
+
+package purego
+
+// if you are getting this error it means that you have
+// CGO_ENABLED=0 while trying to build for ios.
+// purego does not support this mode yet.
+// the fix is to set CGO_ENABLED=1 which will require
+// a C compiler.
+var _ = _PUREGO_REQUIRES_CGO_ON_IOS
diff --git a/vendor/github.com/ebitengine/purego/nocgo.go b/vendor/github.com/ebitengine/purego/nocgo.go
new file mode 100644
index 000000000..5b989ea81
--- /dev/null
+++ b/vendor/github.com/ebitengine/purego/nocgo.go
@@ -0,0 +1,25 @@
+// SPDX-License-Identifier: Apache-2.0
+// SPDX-FileCopyrightText: 2022 The Ebitengine Authors
+
+//go:build !cgo && (darwin || freebsd || linux)
+
+package purego
+
+// if CGO_ENABLED=0 import fakecgo to setup the Cgo runtime correctly.
+// This is required since some frameworks need TLS setup the C way which Go doesn't do.
+// We currently don't support ios in fakecgo mode so force Cgo or fail
+//
+// The way that the Cgo runtime (runtime/cgo) works is by setting some variables found
+// in runtime with non-null GCC compiled functions. The variables that are replaced are
+// var (
+//		iscgo             bool 							// in runtime/cgo.go
+//		_cgo_init         unsafe.Pointer 				// in runtime/cgo.go
+//		_cgo_thread_start unsafe.Pointer				// in runtime/cgo.go
+//		_cgo_notify_runtime_init_done unsafe.Pointer 	// in runtime/cgo.go
+//		_cgo_setenv unsafe.Pointer  					// in runtime/env_posix.go
+//		_cgo_unsetenv unsafe.Pointer					// in runtime/env_posix.go
+// )
+// importing fakecgo will set these (using //go:linkname) with functions written
+// entirely in Go (except for some assembly trampolines to change GCC ABI to Go ABI).
+// Doing so makes it possible to build applications that call into C without CGO_ENABLED=1.
+import _ "github.com/ebitengine/purego/internal/fakecgo"
diff --git a/vendor/github.com/ebitengine/purego/sys_amd64.s b/vendor/github.com/ebitengine/purego/sys_amd64.s
new file mode 100644
index 000000000..6daa298df
--- /dev/null
+++ b/vendor/github.com/ebitengine/purego/sys_amd64.s
@@ -0,0 +1,143 @@
+// SPDX-License-Identifier: Apache-2.0
+// SPDX-FileCopyrightText: 2022 The Ebitengine Authors
+
+//go:build darwin || freebsd || (!cgo && linux)
+
+#include "textflag.h"
+#include "abi_amd64.h"
+#include "go_asm.h"
+#include "funcdata.h"
+
+// syscall9X calls a function in libc on behalf of the syscall package.
+// syscall9X takes a pointer to a struct like:
+// struct {
+//	fn    uintptr
+//	a1    uintptr
+//	a2    uintptr
+//	a3    uintptr
+//	a4    uintptr
+//	a5    uintptr
+//	a6    uintptr
+//	a7    uintptr
+//	a8    uintptr
+//	a9    uintptr
+//	r1    uintptr
+//	r2    uintptr
+//	err   uintptr
+// }
+// syscall9X must be called on the g0 stack with the
+// C calling convention (use libcCall).
+GLOBL ·syscall9XABI0(SB), NOPTR|RODATA, $8
+DATA ·syscall9XABI0(SB)/8, $syscall9X(SB)
+TEXT syscall9X(SB), NOSPLIT|NOFRAME, $0
+	PUSHQ BP
+	MOVQ  SP, BP
+	SUBQ  $32, SP
+	MOVQ  DI, 24(BP) // save the pointer
+
+	MOVQ syscall9Args_f1(DI), X0 // f1
+	MOVQ syscall9Args_f2(DI), X1 // f2
+	MOVQ syscall9Args_f3(DI), X2 // f3
+	MOVQ syscall9Args_f4(DI), X3 // f4
+	MOVQ syscall9Args_f5(DI), X4 // f5
+	MOVQ syscall9Args_f6(DI), X5 // f6
+	MOVQ syscall9Args_f7(DI), X6 // f7
+	MOVQ syscall9Args_f8(DI), X7 // f8
+
+	MOVQ syscall9Args_fn(DI), R10 // fn
+	MOVQ syscall9Args_a2(DI), SI  // a2
+	MOVQ syscall9Args_a3(DI), DX  // a3
+	MOVQ syscall9Args_a4(DI), CX  // a4
+	MOVQ syscall9Args_a5(DI), R8  // a5
+	MOVQ syscall9Args_a6(DI), R9  // a6
+	MOVQ syscall9Args_a7(DI), R11 // a7
+	MOVQ syscall9Args_a8(DI), R12 // a8
+	MOVQ syscall9Args_a9(DI), R13 // a9
+	MOVQ syscall9Args_a1(DI), DI  // a1
+
+	// push the remaining paramters onto the stack
+	MOVQ R11, 0(SP)  // push a7
+	MOVQ R12, 8(SP)  // push a8
+	MOVQ R13, 16(SP) // push a9
+	XORL AX, AX      // vararg: say "no float args"
+
+	CALL R10
+
+	MOVQ 24(BP), DI              // get the pointer back
+	MOVQ AX, syscall9Args_r1(DI) // r1
+	MOVQ X0, syscall9Args_r2(DI) // r2
+
+	XORL AX, AX  // no error (it's ignored anyway)
+	ADDQ $32, SP
+	MOVQ BP, SP
+	POPQ BP
+	RET
+
+TEXT callbackasm1(SB), NOSPLIT|NOFRAME, $0
+	// remove return address from stack, we are not returning to callbackasm, but to its caller.
+	MOVQ 0(SP), AX
+	ADDQ $8, SP
+
+	MOVQ 0(SP), R10 // get the return SP so that we can align register args with stack args
+
+	// make space for first six int and 8 float arguments below the frame
+	ADJSP $14*8, SP
+	MOVSD X0, (1*8)(SP)
+	MOVSD X1, (2*8)(SP)
+	MOVSD X2, (3*8)(SP)
+	MOVSD X3, (4*8)(SP)
+	MOVSD X4, (5*8)(SP)
+	MOVSD X5, (6*8)(SP)
+	MOVSD X6, (7*8)(SP)
+	MOVSD X7, (8*8)(SP)
+	MOVQ  DI, (9*8)(SP)
+	MOVQ  SI, (10*8)(SP)
+	MOVQ  DX, (11*8)(SP)
+	MOVQ  CX, (12*8)(SP)
+	MOVQ  R8, (13*8)(SP)
+	MOVQ  R9, (14*8)(SP)
+	LEAQ  8(SP), R8      // R8 = address of args vector
+
+	MOVQ R10, 0(SP) // push the stack pointer below registers
+
+	// determine index into runtime·cbs table
+	MOVQ $callbackasm(SB), DX
+	SUBQ DX, AX
+	MOVQ $0, DX
+	MOVQ $5, CX               // divide by 5 because each call instruction in ·callbacks is 5 bytes long
+	DIVL CX
+	SUBQ $1, AX               // subtract 1 because return PC is to the next slot
+
+	// Switch from the host ABI to the Go ABI.
+	PUSH_REGS_HOST_TO_ABI0()
+
+	// Create a struct callbackArgs on our stack to be passed as
+	// the "frame" to cgocallback and on to callbackWrap.
+	// $24 to make enough room for the arguments to runtime.cgocallback
+	SUBQ $(24+callbackArgs__size), SP
+	MOVQ AX, (24+callbackArgs_index)(SP)  // callback index
+	MOVQ R8, (24+callbackArgs_args)(SP)   // address of args vector
+	MOVQ $0, (24+callbackArgs_result)(SP) // result
+	LEAQ 24(SP), AX                       // take the address of callbackArgs
+
+	// Call cgocallback, which will call callbackWrap(frame).
+	MOVQ ·callbackWrap_call(SB), DI // Get the ABIInternal function pointer
+	MOVQ (DI), DI                   // without <ABIInternal> by using a closure.
+	MOVQ AX, SI                     // frame (address of callbackArgs)
+	MOVQ $0, CX                     // context
+
+	CALL crosscall2(SB) // runtime.cgocallback(fn, frame, ctxt uintptr)
+
+	// Get callback result.
+	MOVQ (24+callbackArgs_result)(SP), AX
+	ADDQ $(24+callbackArgs__size), SP     // remove callbackArgs struct
+
+	POP_REGS_HOST_TO_ABI0()
+
+	MOVQ 0(SP), R10 // get the SP back
+
+	ADJSP $-14*8, SP // remove arguments
+
+	MOVQ R10, 0(SP)
+
+	RET
diff --git a/vendor/github.com/ebitengine/purego/sys_arm64.s b/vendor/github.com/ebitengine/purego/sys_arm64.s
new file mode 100644
index 000000000..914ebb4e9
--- /dev/null
+++ b/vendor/github.com/ebitengine/purego/sys_arm64.s
@@ -0,0 +1,63 @@
+// SPDX-License-Identifier: Apache-2.0
+// SPDX-FileCopyrightText: 2022 The Ebitengine Authors
+
+//go:build darwin || freebsd || (!cgo && linux) || windows
+
+#include "textflag.h"
+#include "go_asm.h"
+#include "funcdata.h"
+
+// syscall9X calls a function in libc on behalf of the syscall package.
+// syscall9X takes a pointer to a struct like:
+// struct {
+//	fn    uintptr
+//	a1    uintptr
+//	a2    uintptr
+//	a3    uintptr
+//	a4    uintptr
+//	a5    uintptr
+//	a6    uintptr
+//	a7    uintptr
+//	a8    uintptr
+//	a9    uintptr
+//	r1    uintptr
+//	r2    uintptr
+//	err   uintptr
+// }
+// syscall9X must be called on the g0 stack with the
+// C calling convention (use libcCall).
+GLOBL ·syscall9XABI0(SB), NOPTR|RODATA, $8
+DATA ·syscall9XABI0(SB)/8, $syscall9X(SB)
+TEXT syscall9X(SB), NOSPLIT, $0
+	SUB  $16, RSP   // push structure pointer
+	MOVD R0, 8(RSP)
+
+	FMOVD syscall9Args_f1(R0), F0 // f1
+	FMOVD syscall9Args_f2(R0), F1 // f2
+	FMOVD syscall9Args_f3(R0), F2 // f3
+	FMOVD syscall9Args_f4(R0), F3 // f4
+	FMOVD syscall9Args_f5(R0), F4 // f5
+	FMOVD syscall9Args_f6(R0), F5 // f6
+	FMOVD syscall9Args_f7(R0), F6 // f7
+	FMOVD syscall9Args_f8(R0), F7 // f8
+
+	MOVD syscall9Args_fn(R0), R12 // fn
+	MOVD syscall9Args_a2(R0), R1  // a2
+	MOVD syscall9Args_a3(R0), R2  // a3
+	MOVD syscall9Args_a4(R0), R3  // a4
+	MOVD syscall9Args_a5(R0), R4  // a5
+	MOVD syscall9Args_a6(R0), R5  // a6
+	MOVD syscall9Args_a7(R0), R6  // a7
+	MOVD syscall9Args_a8(R0), R7  // a8
+	MOVD syscall9Args_a9(R0), R8  // a9
+	MOVD syscall9Args_a1(R0), R0  // a1
+
+	MOVD R8, (RSP) // push a9 onto stack
+
+	BL (R12)
+
+	MOVD  8(RSP), R2              // pop structure pointer
+	ADD   $16, RSP
+	MOVD  R0, syscall9Args_r1(R2) // save r1
+	FMOVD F0, syscall9Args_r2(R2) // save r2
+	RET
diff --git a/vendor/github.com/ebitengine/purego/sys_unix_arm64.s b/vendor/github.com/ebitengine/purego/sys_unix_arm64.s
new file mode 100644
index 000000000..c1552d349
--- /dev/null
+++ b/vendor/github.com/ebitengine/purego/sys_unix_arm64.s
@@ -0,0 +1,70 @@
+// SPDX-License-Identifier: Apache-2.0
+// SPDX-FileCopyrightText: 2023 The Ebitengine Authors
+
+//go:build darwin || freebsd || (!cgo && linux)
+
+#include "textflag.h"
+#include "go_asm.h"
+#include "funcdata.h"
+#include "abi_arm64.h"
+
+TEXT callbackasm1(SB), NOSPLIT|NOFRAME, $0
+	NO_LOCAL_POINTERS
+
+	// On entry, the trampoline in zcallback_darwin_arm64.s left
+	// the callback index in R12 (which is volatile in the C ABI).
+
+	// Save callback register arguments R0-R7 and F0-F7.
+	// We do this at the top of the frame so they're contiguous with stack arguments.
+	SUB   $(16*8), RSP, R14
+	FSTPD (F0, F1), (0*8)(R14)
+	FSTPD (F2, F3), (2*8)(R14)
+	FSTPD (F4, F5), (4*8)(R14)
+	FSTPD (F6, F7), (6*8)(R14)
+	STP   (R0, R1), (8*8)(R14)
+	STP   (R2, R3), (10*8)(R14)
+	STP   (R4, R5), (12*8)(R14)
+	STP   (R6, R7), (14*8)(R14)
+
+	// Adjust SP by frame size.
+	SUB $(26*8), RSP
+
+	// It is important to save R27 because the go assembler
+	// uses it for move instructions for a variable.
+	// This line:
+	// MOVD ·callbackWrap_call(SB), R0
+	// Creates the instructions:
+	// ADRP 14335(PC), R27
+	// MOVD 388(27), R0
+	// R27 is a callee saved register so we are responsible
+	// for ensuring its value doesn't change. So save it and
+	// restore it at the end of this function.
+	// R30 is the link register. crosscall2 doesn't save it
+	// so it's saved here.
+	STP (R27, R30), 0(RSP)
+
+	// Create a struct callbackArgs on our stack.
+	MOVD $(callbackArgs__size)(RSP), R13
+	MOVD R12, callbackArgs_index(R13)    // callback index
+	MOVD R14, callbackArgs_args(R13)     // address of args vector
+	MOVD ZR, callbackArgs_result(R13)    // result
+
+	// Move parameters into registers
+	// Get the ABIInternal function pointer
+	// without <ABIInternal> by using a closure.
+	MOVD ·callbackWrap_call(SB), R0
+	MOVD (R0), R0                   // fn unsafe.Pointer
+	MOVD R13, R1                    // frame (&callbackArgs{...})
+	MOVD $0, R3                     // ctxt uintptr
+
+	BL crosscall2(SB)
+
+	// Get callback result.
+	MOVD $(callbackArgs__size)(RSP), R13
+	MOVD callbackArgs_result(R13), R0
+
+	// Restore LR and R27
+	LDP 0(RSP), (R27, R30)
+	ADD $(26*8), RSP
+
+	RET
diff --git a/vendor/github.com/ebitengine/purego/syscall.go b/vendor/github.com/ebitengine/purego/syscall.go
new file mode 100644
index 000000000..44176be2a
--- /dev/null
+++ b/vendor/github.com/ebitengine/purego/syscall.go
@@ -0,0 +1,40 @@
+// SPDX-License-Identifier: Apache-2.0
+// SPDX-FileCopyrightText: 2022 The Ebitengine Authors
+
+//go:build darwin || freebsd || linux || windows
+
+package purego
+
+const (
+	maxArgs     = 9
+	numOfFloats = 8 // arm64 and amd64 both have 8 float registers
+)
+
+// SyscallN takes fn, a C function pointer and a list of arguments as uintptr.
+// There is an internal maximum number of arguments that SyscallN can take. It panics
+// when the maximum is exceeded. It returns the result and the libc error code if there is one.
+//
+// NOTE: SyscallN does not properly call functions that have both integer and float parameters.
+// See discussion comment https://github.com/ebiten/purego/pull/1#issuecomment-1128057607
+// for an explanation of why that is.
+//
+// On amd64, if there are more than 8 floats the 9th and so on will be placed incorrectly on the
+// stack.
+//
+// The pragma go:nosplit is not needed at this function declaration because it uses go:uintptrescapes
+// which forces all the objects that the uintptrs point to onto the heap where a stack split won't affect
+// their memory location.
+//
+//go:uintptrescapes
+func SyscallN(fn uintptr, args ...uintptr) (r1, r2, err uintptr) {
+	if fn == 0 {
+		panic("purego: fn is nil")
+	}
+	if len(args) > maxArgs {
+		panic("purego: too many arguments to SyscallN")
+	}
+	// add padding so there is no out-of-bounds slicing
+	var tmp [maxArgs]uintptr
+	copy(tmp[:], args)
+	return syscall_syscall9X(fn, tmp[0], tmp[1], tmp[2], tmp[3], tmp[4], tmp[5], tmp[6], tmp[7], tmp[8])
+}
diff --git a/vendor/github.com/ebitengine/purego/syscall_cgo_linux.go b/vendor/github.com/ebitengine/purego/syscall_cgo_linux.go
new file mode 100644
index 000000000..59c9a00bb
--- /dev/null
+++ b/vendor/github.com/ebitengine/purego/syscall_cgo_linux.go
@@ -0,0 +1,30 @@
+// SPDX-License-Identifier: Apache-2.0
+// SPDX-FileCopyrightText: 2022 The Ebitengine Authors
+
+//go:build cgo
+
+package purego
+
+import (
+	_ "unsafe" // for go:linkname
+
+	"github.com/ebitengine/purego/internal/cgo"
+)
+
+var syscall9XABI0 = uintptr(cgo.Syscall9XABI0)
+
+// this is only here to make the assembly files happy :)
+type syscall9Args struct {
+	fn, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr
+	f1, f2, f3, f4, f5, f6, f7, f8         uintptr
+	r1, r2, err                            uintptr
+}
+
+//go:nosplit
+func syscall_syscall9X(fn, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2, err uintptr) {
+	return cgo.Syscall9X(fn, a1, a2, a3, a4, a5, a6, a7, a8, a9)
+}
+
+func NewCallback(_ interface{}) uintptr {
+	panic("purego: NewCallback not supported")
+}
diff --git a/vendor/github.com/ebitengine/purego/syscall_sysv.go b/vendor/github.com/ebitengine/purego/syscall_sysv.go
new file mode 100644
index 000000000..2d295cb0e
--- /dev/null
+++ b/vendor/github.com/ebitengine/purego/syscall_sysv.go
@@ -0,0 +1,214 @@
+// SPDX-License-Identifier: Apache-2.0
+// SPDX-FileCopyrightText: 2022 The Ebitengine Authors
+
+//go:build darwin || freebsd || (!cgo && linux && (amd64 || arm64))
+
+package purego
+
+import (
+	"reflect"
+	"runtime"
+	"sync"
+	"unsafe"
+)
+
+var syscall9XABI0 uintptr
+
+type syscall9Args struct {
+	fn, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr
+	f1, f2, f3, f4, f5, f6, f7, f8         uintptr
+	r1, r2, err                            uintptr
+}
+
+//go:nosplit
+func syscall_syscall9X(fn, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2, err uintptr) {
+	args := syscall9Args{
+		fn, a1, a2, a3, a4, a5, a6, a7, a8, a9,
+		a1, a2, a3, a4, a5, a6, a7, a8,
+		r1, r2, err,
+	}
+	runtime_cgocall(syscall9XABI0, unsafe.Pointer(&args))
+	return args.r1, args.r2, args.err
+}
+
+// NewCallback converts a Go function to a function pointer conforming to the C calling convention.
+// This is useful when interoperating with C code requiring callbacks. The argument is expected to be a
+// function with zero or one uintptr-sized result. The function must not have arguments with size larger than the size
+// of uintptr. Only a limited number of callbacks may be created in a single Go process, and any memory allocated
+// for these callbacks is never released. At least 2000 callbacks can always be created. Although this function
+// provides similar functionality to windows.NewCallback it is distinct.
+//
+// NOTE: Linux is currently not supported and will panic if called.
+func NewCallback(fn interface{}) uintptr {
+	if runtime.GOOS == "linux" {
+		panic("purego: NewCallback not supported")
+	}
+	return compileCallback(fn)
+}
+
+// maxCb is the maximum number of callbacks
+// only increase this if you have added more to the callbackasm function
+const maxCB = 2000
+
+var cbs struct {
+	lock  sync.Mutex
+	numFn int                  // the number of functions currently in cbs.funcs
+	funcs [maxCB]reflect.Value // the saved callbacks
+}
+
+type callbackArgs struct {
+	index uintptr
+	// args points to the argument block.
+	//
+	// The structure of the arguments goes
+	// float registers followed by the
+	// integer registers followed by the stack.
+	//
+	// This variable is treated as a continuous
+	// block of memory containing all of the arguments
+	// for this callback.
+	args unsafe.Pointer
+	// Below are out-args from callbackWrap
+	result uintptr
+}
+
+func compileCallback(fn interface{}) uintptr {
+	val := reflect.ValueOf(fn)
+	if val.Kind() != reflect.Func {
+		panic("purego: the type must be a function but was not")
+	}
+	if val.IsNil() {
+		panic("purego: function must not be nil")
+	}
+	ty := val.Type()
+	for i := 0; i < ty.NumIn(); i++ {
+		in := ty.In(i)
+		switch in.Kind() {
+		case reflect.Struct, reflect.Interface, reflect.Func, reflect.Slice,
+			reflect.Chan, reflect.Complex64, reflect.Complex128,
+			reflect.String, reflect.Map, reflect.Invalid:
+			panic("purego: unsupported argument type: " + in.Kind().String())
+		}
+	}
+output:
+	switch {
+	case ty.NumOut() == 1:
+		switch ty.Out(0).Kind() {
+		case reflect.Pointer, reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64,
+			reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr,
+			reflect.Bool, reflect.UnsafePointer:
+			break output
+		}
+		panic("purego: unsupported return type: " + ty.String())
+	case ty.NumOut() > 1:
+		panic("purego: callbacks can only have one return")
+	}
+	cbs.lock.Lock()
+	defer cbs.lock.Unlock()
+	if cbs.numFn >= maxCB {
+		panic("purego: the maximum number of callbacks has been reached")
+	}
+	cbs.funcs[cbs.numFn] = val
+	cbs.numFn++
+	return callbackasmAddr(cbs.numFn - 1)
+}
+
+const ptrSize = unsafe.Sizeof((*int)(nil))
+
+const callbackMaxFrame = 64 * ptrSize
+
+// callbackasm is implemented in zcallback_GOOS_GOARCH.s
+//
+//go:linkname __callbackasm callbackasm
+var __callbackasm byte
+var callbackasmABI0 = uintptr(unsafe.Pointer(&__callbackasm))
+
+// callbackWrap_call allows the calling of the ABIInternal wrapper
+// which is required for runtime.cgocallback without the
+// <ABIInternal> tag which is only allowed in the runtime.
+// This closure is used inside sys_darwin_GOARCH.s
+var callbackWrap_call = callbackWrap
+
+// callbackWrap is called by assembly code which determines which Go function to call.
+// This function takes the arguments and passes them to the Go function and returns the result.
+func callbackWrap(a *callbackArgs) {
+	cbs.lock.Lock()
+	fn := cbs.funcs[a.index]
+	cbs.lock.Unlock()
+	fnType := fn.Type()
+	args := make([]reflect.Value, fnType.NumIn())
+	frame := (*[callbackMaxFrame]uintptr)(a.args)
+	var floatsN int // floatsN represents the number of float arguments processed
+	var intsN int   // intsN represents the number of integer arguments processed
+	// stack points to the index into frame of the current stack element.
+	// The stack begins after the float and integer registers.
+	stack := numOfIntegerRegisters() + numOfFloats
+	for i := range args {
+		var pos int
+		switch fnType.In(i).Kind() {
+		case reflect.Float32, reflect.Float64:
+			if floatsN >= numOfFloats {
+				pos = stack
+				stack++
+			} else {
+				pos = floatsN
+			}
+			floatsN++
+		default:
+			if intsN >= numOfIntegerRegisters() {
+				pos = stack
+				stack++
+			} else {
+				// the integers begin after the floats in frame
+				pos = intsN + numOfFloats
+			}
+			intsN++
+		}
+		args[i] = reflect.NewAt(fnType.In(i), unsafe.Pointer(&frame[pos])).Elem()
+	}
+	ret := fn.Call(args)
+	if len(ret) > 0 {
+		switch k := ret[0].Kind(); k {
+		case reflect.Uint, reflect.Uint64, reflect.Uint32, reflect.Uint16, reflect.Uint8, reflect.Uintptr:
+			a.result = uintptr(ret[0].Uint())
+		case reflect.Int, reflect.Int64, reflect.Int32, reflect.Int16, reflect.Int8:
+			a.result = uintptr(ret[0].Int())
+		case reflect.Bool:
+			if ret[0].Bool() {
+				a.result = 1
+			} else {
+				a.result = 0
+			}
+		case reflect.Pointer:
+			a.result = ret[0].Pointer()
+		case reflect.UnsafePointer:
+			a.result = ret[0].Pointer()
+		default:
+			panic("purego: unsupported kind: " + k.String())
+		}
+	}
+}
+
+// callbackasmAddr returns address of runtime.callbackasm
+// function adjusted by i.
+// On x86 and amd64, runtime.callbackasm is a series of CALL instructions,
+// and we want callback to arrive at
+// correspondent call instruction instead of start of
+// runtime.callbackasm.
+// On ARM, runtime.callbackasm is a series of mov and branch instructions.
+// R12 is loaded with the callback index. Each entry is two instructions,
+// hence 8 bytes.
+func callbackasmAddr(i int) uintptr {
+	var entrySize int
+	switch runtime.GOARCH {
+	default:
+		panic("purego: unsupported architecture")
+	case "386", "amd64":
+		entrySize = 5
+	case "arm", "arm64":
+		// On ARM and ARM64, each entry is a MOV instruction
+		// followed by a branch instruction
+		entrySize = 8
+	}
+	return callbackasmABI0 + uintptr(i*entrySize)
+}
diff --git a/vendor/github.com/ebitengine/purego/syscall_windows.go b/vendor/github.com/ebitengine/purego/syscall_windows.go
new file mode 100644
index 000000000..a4db9f131
--- /dev/null
+++ b/vendor/github.com/ebitengine/purego/syscall_windows.go
@@ -0,0 +1,45 @@
+// SPDX-License-Identifier: Apache-2.0
+// SPDX-FileCopyrightText: 2022 The Ebitengine Authors
+
+package purego
+
+import (
+	"syscall"
+	_ "unsafe" // only for go:linkname
+
+	"golang.org/x/sys/windows"
+)
+
+var syscall9XABI0 uintptr
+
+type syscall9Args struct {
+	fn, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr
+	f1, f2, f3, f4, f5, f6, f7, f8         uintptr
+	r1, r2, err                            uintptr
+}
+
+func syscall_syscall9X(fn, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2, err uintptr) {
+	r1, r2, errno := syscall.Syscall9(fn, 9, a1, a2, a3, a4, a5, a6, a7, a8, a9)
+	return r1, r2, uintptr(errno)
+}
+
+// NewCallback converts a Go function to a function pointer conforming to the stdcall calling convention.
+// This is useful when interoperating with Windows code requiring callbacks. The argument is expected to be a
+// function with one uintptr-sized result. The function must not have arguments with size larger than the
+// size of uintptr. Only a limited number of callbacks may be created in a single Go process, and any memory
+// allocated for these callbacks is never released. Between NewCallback and NewCallbackCDecl, at least 1024
+// callbacks can always be created. Although this function is similiar to the darwin version it may act
+// differently.
+func NewCallback(fn interface{}) uintptr {
+	return syscall.NewCallback(fn)
+}
+
+//go:linkname openLibrary openLibrary
+func openLibrary(name string) (uintptr, error) {
+	handle, err := windows.LoadLibrary(name)
+	return uintptr(handle), err
+}
+
+func loadSymbol(handle uintptr, name string) (uintptr, error) {
+	return windows.GetProcAddress(windows.Handle(handle), name)
+}
diff --git a/vendor/github.com/ebitengine/purego/zcallback_amd64.s b/vendor/github.com/ebitengine/purego/zcallback_amd64.s
new file mode 100644
index 000000000..d2c750828
--- /dev/null
+++ b/vendor/github.com/ebitengine/purego/zcallback_amd64.s
@@ -0,0 +1,2014 @@
+// Code generated by wincallback.go using 'go generate'. DO NOT EDIT.
+
+//go:build darwin || freebsd || (!cgo && linux)
+
+// runtime·callbackasm is called by external code to
+// execute Go implemented callback function. It is not
+// called from the start, instead runtime·compilecallback
+// always returns address into runtime·callbackasm offset
+// appropriately so different callbacks start with different
+// CALL instruction in runtime·callbackasm. This determines
+// which Go callback function is executed later on.
+#include "textflag.h"
+
+TEXT callbackasm(SB), NOSPLIT|NOFRAME, $0
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
+	CALL callbackasm1(SB)
diff --git a/vendor/github.com/ebitengine/purego/zcallback_arm64.s b/vendor/github.com/ebitengine/purego/zcallback_arm64.s
new file mode 100644
index 000000000..fc3683d56
--- /dev/null
+++ b/vendor/github.com/ebitengine/purego/zcallback_arm64.s
@@ -0,0 +1,4014 @@
+// Code generated by wincallback.go using 'go generate'. DO NOT EDIT.
+
+//go:build darwin || freebsd || (!cgo && linux)
+
+// External code calls into callbackasm at an offset corresponding
+// to the callback index. Callbackasm is a table of MOV and B instructions.
+// The MOV instruction loads R12 with the callback index, and the
+// B instruction branches to callbackasm1.
+// callbackasm1 takes the callback index from R12 and
+// indexes into an array that stores information about each callback.
+// It then calls the Go implementation for that callback.
+#include "textflag.h"
+
+TEXT callbackasm(SB), NOSPLIT|NOFRAME, $0
+	MOVD $0, R12
+	B    callbackasm1(SB)
+	MOVD $1, R12
+	B    callbackasm1(SB)
+	MOVD $2, R12
+	B    callbackasm1(SB)
+	MOVD $3, R12
+	B    callbackasm1(SB)
+	MOVD $4, R12
+	B    callbackasm1(SB)
+	MOVD $5, R12
+	B    callbackasm1(SB)
+	MOVD $6, R12
+	B    callbackasm1(SB)
+	MOVD $7, R12
+	B    callbackasm1(SB)
+	MOVD $8, R12
+	B    callbackasm1(SB)
+	MOVD $9, R12
+	B    callbackasm1(SB)
+	MOVD $10, R12
+	B    callbackasm1(SB)
+	MOVD $11, R12
+	B    callbackasm1(SB)
+	MOVD $12, R12
+	B    callbackasm1(SB)
+	MOVD $13, R12
+	B    callbackasm1(SB)
+	MOVD $14, R12
+	B    callbackasm1(SB)
+	MOVD $15, R12
+	B    callbackasm1(SB)
+	MOVD $16, R12
+	B    callbackasm1(SB)
+	MOVD $17, R12
+	B    callbackasm1(SB)
+	MOVD $18, R12
+	B    callbackasm1(SB)
+	MOVD $19, R12
+	B    callbackasm1(SB)
+	MOVD $20, R12
+	B    callbackasm1(SB)
+	MOVD $21, R12
+	B    callbackasm1(SB)
+	MOVD $22, R12
+	B    callbackasm1(SB)
+	MOVD $23, R12
+	B    callbackasm1(SB)
+	MOVD $24, R12
+	B    callbackasm1(SB)
+	MOVD $25, R12
+	B    callbackasm1(SB)
+	MOVD $26, R12
+	B    callbackasm1(SB)
+	MOVD $27, R12
+	B    callbackasm1(SB)
+	MOVD $28, R12
+	B    callbackasm1(SB)
+	MOVD $29, R12
+	B    callbackasm1(SB)
+	MOVD $30, R12
+	B    callbackasm1(SB)
+	MOVD $31, R12
+	B    callbackasm1(SB)
+	MOVD $32, R12
+	B    callbackasm1(SB)
+	MOVD $33, R12
+	B    callbackasm1(SB)
+	MOVD $34, R12
+	B    callbackasm1(SB)
+	MOVD $35, R12
+	B    callbackasm1(SB)
+	MOVD $36, R12
+	B    callbackasm1(SB)
+	MOVD $37, R12
+	B    callbackasm1(SB)
+	MOVD $38, R12
+	B    callbackasm1(SB)
+	MOVD $39, R12
+	B    callbackasm1(SB)
+	MOVD $40, R12
+	B    callbackasm1(SB)
+	MOVD $41, R12
+	B    callbackasm1(SB)
+	MOVD $42, R12
+	B    callbackasm1(SB)
+	MOVD $43, R12
+	B    callbackasm1(SB)
+	MOVD $44, R12
+	B    callbackasm1(SB)
+	MOVD $45, R12
+	B    callbackasm1(SB)
+	MOVD $46, R12
+	B    callbackasm1(SB)
+	MOVD $47, R12
+	B    callbackasm1(SB)
+	MOVD $48, R12
+	B    callbackasm1(SB)
+	MOVD $49, R12
+	B    callbackasm1(SB)
+	MOVD $50, R12
+	B    callbackasm1(SB)
+	MOVD $51, R12
+	B    callbackasm1(SB)
+	MOVD $52, R12
+	B    callbackasm1(SB)
+	MOVD $53, R12
+	B    callbackasm1(SB)
+	MOVD $54, R12
+	B    callbackasm1(SB)
+	MOVD $55, R12
+	B    callbackasm1(SB)
+	MOVD $56, R12
+	B    callbackasm1(SB)
+	MOVD $57, R12
+	B    callbackasm1(SB)
+	MOVD $58, R12
+	B    callbackasm1(SB)
+	MOVD $59, R12
+	B    callbackasm1(SB)
+	MOVD $60, R12
+	B    callbackasm1(SB)
+	MOVD $61, R12
+	B    callbackasm1(SB)
+	MOVD $62, R12
+	B    callbackasm1(SB)
+	MOVD $63, R12
+	B    callbackasm1(SB)
+	MOVD $64, R12
+	B    callbackasm1(SB)
+	MOVD $65, R12
+	B    callbackasm1(SB)
+	MOVD $66, R12
+	B    callbackasm1(SB)
+	MOVD $67, R12
+	B    callbackasm1(SB)
+	MOVD $68, R12
+	B    callbackasm1(SB)
+	MOVD $69, R12
+	B    callbackasm1(SB)
+	MOVD $70, R12
+	B    callbackasm1(SB)
+	MOVD $71, R12
+	B    callbackasm1(SB)
+	MOVD $72, R12
+	B    callbackasm1(SB)
+	MOVD $73, R12
+	B    callbackasm1(SB)
+	MOVD $74, R12
+	B    callbackasm1(SB)
+	MOVD $75, R12
+	B    callbackasm1(SB)
+	MOVD $76, R12
+	B    callbackasm1(SB)
+	MOVD $77, R12
+	B    callbackasm1(SB)
+	MOVD $78, R12
+	B    callbackasm1(SB)
+	MOVD $79, R12
+	B    callbackasm1(SB)
+	MOVD $80, R12
+	B    callbackasm1(SB)
+	MOVD $81, R12
+	B    callbackasm1(SB)
+	MOVD $82, R12
+	B    callbackasm1(SB)
+	MOVD $83, R12
+	B    callbackasm1(SB)
+	MOVD $84, R12
+	B    callbackasm1(SB)
+	MOVD $85, R12
+	B    callbackasm1(SB)
+	MOVD $86, R12
+	B    callbackasm1(SB)
+	MOVD $87, R12
+	B    callbackasm1(SB)
+	MOVD $88, R12
+	B    callbackasm1(SB)
+	MOVD $89, R12
+	B    callbackasm1(SB)
+	MOVD $90, R12
+	B    callbackasm1(SB)
+	MOVD $91, R12
+	B    callbackasm1(SB)
+	MOVD $92, R12
+	B    callbackasm1(SB)
+	MOVD $93, R12
+	B    callbackasm1(SB)
+	MOVD $94, R12
+	B    callbackasm1(SB)
+	MOVD $95, R12
+	B    callbackasm1(SB)
+	MOVD $96, R12
+	B    callbackasm1(SB)
+	MOVD $97, R12
+	B    callbackasm1(SB)
+	MOVD $98, R12
+	B    callbackasm1(SB)
+	MOVD $99, R12
+	B    callbackasm1(SB)
+	MOVD $100, R12
+	B    callbackasm1(SB)
+	MOVD $101, R12
+	B    callbackasm1(SB)
+	MOVD $102, R12
+	B    callbackasm1(SB)
+	MOVD $103, R12
+	B    callbackasm1(SB)
+	MOVD $104, R12
+	B    callbackasm1(SB)
+	MOVD $105, R12
+	B    callbackasm1(SB)
+	MOVD $106, R12
+	B    callbackasm1(SB)
+	MOVD $107, R12
+	B    callbackasm1(SB)
+	MOVD $108, R12
+	B    callbackasm1(SB)
+	MOVD $109, R12
+	B    callbackasm1(SB)
+	MOVD $110, R12
+	B    callbackasm1(SB)
+	MOVD $111, R12
+	B    callbackasm1(SB)
+	MOVD $112, R12
+	B    callbackasm1(SB)
+	MOVD $113, R12
+	B    callbackasm1(SB)
+	MOVD $114, R12
+	B    callbackasm1(SB)
+	MOVD $115, R12
+	B    callbackasm1(SB)
+	MOVD $116, R12
+	B    callbackasm1(SB)
+	MOVD $117, R12
+	B    callbackasm1(SB)
+	MOVD $118, R12
+	B    callbackasm1(SB)
+	MOVD $119, R12
+	B    callbackasm1(SB)
+	MOVD $120, R12
+	B    callbackasm1(SB)
+	MOVD $121, R12
+	B    callbackasm1(SB)
+	MOVD $122, R12
+	B    callbackasm1(SB)
+	MOVD $123, R12
+	B    callbackasm1(SB)
+	MOVD $124, R12
+	B    callbackasm1(SB)
+	MOVD $125, R12
+	B    callbackasm1(SB)
+	MOVD $126, R12
+	B    callbackasm1(SB)
+	MOVD $127, R12
+	B    callbackasm1(SB)
+	MOVD $128, R12
+	B    callbackasm1(SB)
+	MOVD $129, R12
+	B    callbackasm1(SB)
+	MOVD $130, R12
+	B    callbackasm1(SB)
+	MOVD $131, R12
+	B    callbackasm1(SB)
+	MOVD $132, R12
+	B    callbackasm1(SB)
+	MOVD $133, R12
+	B    callbackasm1(SB)
+	MOVD $134, R12
+	B    callbackasm1(SB)
+	MOVD $135, R12
+	B    callbackasm1(SB)
+	MOVD $136, R12
+	B    callbackasm1(SB)
+	MOVD $137, R12
+	B    callbackasm1(SB)
+	MOVD $138, R12
+	B    callbackasm1(SB)
+	MOVD $139, R12
+	B    callbackasm1(SB)
+	MOVD $140, R12
+	B    callbackasm1(SB)
+	MOVD $141, R12
+	B    callbackasm1(SB)
+	MOVD $142, R12
+	B    callbackasm1(SB)
+	MOVD $143, R12
+	B    callbackasm1(SB)
+	MOVD $144, R12
+	B    callbackasm1(SB)
+	MOVD $145, R12
+	B    callbackasm1(SB)
+	MOVD $146, R12
+	B    callbackasm1(SB)
+	MOVD $147, R12
+	B    callbackasm1(SB)
+	MOVD $148, R12
+	B    callbackasm1(SB)
+	MOVD $149, R12
+	B    callbackasm1(SB)
+	MOVD $150, R12
+	B    callbackasm1(SB)
+	MOVD $151, R12
+	B    callbackasm1(SB)
+	MOVD $152, R12
+	B    callbackasm1(SB)
+	MOVD $153, R12
+	B    callbackasm1(SB)
+	MOVD $154, R12
+	B    callbackasm1(SB)
+	MOVD $155, R12
+	B    callbackasm1(SB)
+	MOVD $156, R12
+	B    callbackasm1(SB)
+	MOVD $157, R12
+	B    callbackasm1(SB)
+	MOVD $158, R12
+	B    callbackasm1(SB)
+	MOVD $159, R12
+	B    callbackasm1(SB)
+	MOVD $160, R12
+	B    callbackasm1(SB)
+	MOVD $161, R12
+	B    callbackasm1(SB)
+	MOVD $162, R12
+	B    callbackasm1(SB)
+	MOVD $163, R12
+	B    callbackasm1(SB)
+	MOVD $164, R12
+	B    callbackasm1(SB)
+	MOVD $165, R12
+	B    callbackasm1(SB)
+	MOVD $166, R12
+	B    callbackasm1(SB)
+	MOVD $167, R12
+	B    callbackasm1(SB)
+	MOVD $168, R12
+	B    callbackasm1(SB)
+	MOVD $169, R12
+	B    callbackasm1(SB)
+	MOVD $170, R12
+	B    callbackasm1(SB)
+	MOVD $171, R12
+	B    callbackasm1(SB)
+	MOVD $172, R12
+	B    callbackasm1(SB)
+	MOVD $173, R12
+	B    callbackasm1(SB)
+	MOVD $174, R12
+	B    callbackasm1(SB)
+	MOVD $175, R12
+	B    callbackasm1(SB)
+	MOVD $176, R12
+	B    callbackasm1(SB)
+	MOVD $177, R12
+	B    callbackasm1(SB)
+	MOVD $178, R12
+	B    callbackasm1(SB)
+	MOVD $179, R12
+	B    callbackasm1(SB)
+	MOVD $180, R12
+	B    callbackasm1(SB)
+	MOVD $181, R12
+	B    callbackasm1(SB)
+	MOVD $182, R12
+	B    callbackasm1(SB)
+	MOVD $183, R12
+	B    callbackasm1(SB)
+	MOVD $184, R12
+	B    callbackasm1(SB)
+	MOVD $185, R12
+	B    callbackasm1(SB)
+	MOVD $186, R12
+	B    callbackasm1(SB)
+	MOVD $187, R12
+	B    callbackasm1(SB)
+	MOVD $188, R12
+	B    callbackasm1(SB)
+	MOVD $189, R12
+	B    callbackasm1(SB)
+	MOVD $190, R12
+	B    callbackasm1(SB)
+	MOVD $191, R12
+	B    callbackasm1(SB)
+	MOVD $192, R12
+	B    callbackasm1(SB)
+	MOVD $193, R12
+	B    callbackasm1(SB)
+	MOVD $194, R12
+	B    callbackasm1(SB)
+	MOVD $195, R12
+	B    callbackasm1(SB)
+	MOVD $196, R12
+	B    callbackasm1(SB)
+	MOVD $197, R12
+	B    callbackasm1(SB)
+	MOVD $198, R12
+	B    callbackasm1(SB)
+	MOVD $199, R12
+	B    callbackasm1(SB)
+	MOVD $200, R12
+	B    callbackasm1(SB)
+	MOVD $201, R12
+	B    callbackasm1(SB)
+	MOVD $202, R12
+	B    callbackasm1(SB)
+	MOVD $203, R12
+	B    callbackasm1(SB)
+	MOVD $204, R12
+	B    callbackasm1(SB)
+	MOVD $205, R12
+	B    callbackasm1(SB)
+	MOVD $206, R12
+	B    callbackasm1(SB)
+	MOVD $207, R12
+	B    callbackasm1(SB)
+	MOVD $208, R12
+	B    callbackasm1(SB)
+	MOVD $209, R12
+	B    callbackasm1(SB)
+	MOVD $210, R12
+	B    callbackasm1(SB)
+	MOVD $211, R12
+	B    callbackasm1(SB)
+	MOVD $212, R12
+	B    callbackasm1(SB)
+	MOVD $213, R12
+	B    callbackasm1(SB)
+	MOVD $214, R12
+	B    callbackasm1(SB)
+	MOVD $215, R12
+	B    callbackasm1(SB)
+	MOVD $216, R12
+	B    callbackasm1(SB)
+	MOVD $217, R12
+	B    callbackasm1(SB)
+	MOVD $218, R12
+	B    callbackasm1(SB)
+	MOVD $219, R12
+	B    callbackasm1(SB)
+	MOVD $220, R12
+	B    callbackasm1(SB)
+	MOVD $221, R12
+	B    callbackasm1(SB)
+	MOVD $222, R12
+	B    callbackasm1(SB)
+	MOVD $223, R12
+	B    callbackasm1(SB)
+	MOVD $224, R12
+	B    callbackasm1(SB)
+	MOVD $225, R12
+	B    callbackasm1(SB)
+	MOVD $226, R12
+	B    callbackasm1(SB)
+	MOVD $227, R12
+	B    callbackasm1(SB)
+	MOVD $228, R12
+	B    callbackasm1(SB)
+	MOVD $229, R12
+	B    callbackasm1(SB)
+	MOVD $230, R12
+	B    callbackasm1(SB)
+	MOVD $231, R12
+	B    callbackasm1(SB)
+	MOVD $232, R12
+	B    callbackasm1(SB)
+	MOVD $233, R12
+	B    callbackasm1(SB)
+	MOVD $234, R12
+	B    callbackasm1(SB)
+	MOVD $235, R12
+	B    callbackasm1(SB)
+	MOVD $236, R12
+	B    callbackasm1(SB)
+	MOVD $237, R12
+	B    callbackasm1(SB)
+	MOVD $238, R12
+	B    callbackasm1(SB)
+	MOVD $239, R12
+	B    callbackasm1(SB)
+	MOVD $240, R12
+	B    callbackasm1(SB)
+	MOVD $241, R12
+	B    callbackasm1(SB)
+	MOVD $242, R12
+	B    callbackasm1(SB)
+	MOVD $243, R12
+	B    callbackasm1(SB)
+	MOVD $244, R12
+	B    callbackasm1(SB)
+	MOVD $245, R12
+	B    callbackasm1(SB)
+	MOVD $246, R12
+	B    callbackasm1(SB)
+	MOVD $247, R12
+	B    callbackasm1(SB)
+	MOVD $248, R12
+	B    callbackasm1(SB)
+	MOVD $249, R12
+	B    callbackasm1(SB)
+	MOVD $250, R12
+	B    callbackasm1(SB)
+	MOVD $251, R12
+	B    callbackasm1(SB)
+	MOVD $252, R12
+	B    callbackasm1(SB)
+	MOVD $253, R12
+	B    callbackasm1(SB)
+	MOVD $254, R12
+	B    callbackasm1(SB)
+	MOVD $255, R12
+	B    callbackasm1(SB)
+	MOVD $256, R12
+	B    callbackasm1(SB)
+	MOVD $257, R12
+	B    callbackasm1(SB)
+	MOVD $258, R12
+	B    callbackasm1(SB)
+	MOVD $259, R12
+	B    callbackasm1(SB)
+	MOVD $260, R12
+	B    callbackasm1(SB)
+	MOVD $261, R12
+	B    callbackasm1(SB)
+	MOVD $262, R12
+	B    callbackasm1(SB)
+	MOVD $263, R12
+	B    callbackasm1(SB)
+	MOVD $264, R12
+	B    callbackasm1(SB)
+	MOVD $265, R12
+	B    callbackasm1(SB)
+	MOVD $266, R12
+	B    callbackasm1(SB)
+	MOVD $267, R12
+	B    callbackasm1(SB)
+	MOVD $268, R12
+	B    callbackasm1(SB)
+	MOVD $269, R12
+	B    callbackasm1(SB)
+	MOVD $270, R12
+	B    callbackasm1(SB)
+	MOVD $271, R12
+	B    callbackasm1(SB)
+	MOVD $272, R12
+	B    callbackasm1(SB)
+	MOVD $273, R12
+	B    callbackasm1(SB)
+	MOVD $274, R12
+	B    callbackasm1(SB)
+	MOVD $275, R12
+	B    callbackasm1(SB)
+	MOVD $276, R12
+	B    callbackasm1(SB)
+	MOVD $277, R12
+	B    callbackasm1(SB)
+	MOVD $278, R12
+	B    callbackasm1(SB)
+	MOVD $279, R12
+	B    callbackasm1(SB)
+	MOVD $280, R12
+	B    callbackasm1(SB)
+	MOVD $281, R12
+	B    callbackasm1(SB)
+	MOVD $282, R12
+	B    callbackasm1(SB)
+	MOVD $283, R12
+	B    callbackasm1(SB)
+	MOVD $284, R12
+	B    callbackasm1(SB)
+	MOVD $285, R12
+	B    callbackasm1(SB)
+	MOVD $286, R12
+	B    callbackasm1(SB)
+	MOVD $287, R12
+	B    callbackasm1(SB)
+	MOVD $288, R12
+	B    callbackasm1(SB)
+	MOVD $289, R12
+	B    callbackasm1(SB)
+	MOVD $290, R12
+	B    callbackasm1(SB)
+	MOVD $291, R12
+	B    callbackasm1(SB)
+	MOVD $292, R12
+	B    callbackasm1(SB)
+	MOVD $293, R12
+	B    callbackasm1(SB)
+	MOVD $294, R12
+	B    callbackasm1(SB)
+	MOVD $295, R12
+	B    callbackasm1(SB)
+	MOVD $296, R12
+	B    callbackasm1(SB)
+	MOVD $297, R12
+	B    callbackasm1(SB)
+	MOVD $298, R12
+	B    callbackasm1(SB)
+	MOVD $299, R12
+	B    callbackasm1(SB)
+	MOVD $300, R12
+	B    callbackasm1(SB)
+	MOVD $301, R12
+	B    callbackasm1(SB)
+	MOVD $302, R12
+	B    callbackasm1(SB)
+	MOVD $303, R12
+	B    callbackasm1(SB)
+	MOVD $304, R12
+	B    callbackasm1(SB)
+	MOVD $305, R12
+	B    callbackasm1(SB)
+	MOVD $306, R12
+	B    callbackasm1(SB)
+	MOVD $307, R12
+	B    callbackasm1(SB)
+	MOVD $308, R12
+	B    callbackasm1(SB)
+	MOVD $309, R12
+	B    callbackasm1(SB)
+	MOVD $310, R12
+	B    callbackasm1(SB)
+	MOVD $311, R12
+	B    callbackasm1(SB)
+	MOVD $312, R12
+	B    callbackasm1(SB)
+	MOVD $313, R12
+	B    callbackasm1(SB)
+	MOVD $314, R12
+	B    callbackasm1(SB)
+	MOVD $315, R12
+	B    callbackasm1(SB)
+	MOVD $316, R12
+	B    callbackasm1(SB)
+	MOVD $317, R12
+	B    callbackasm1(SB)
+	MOVD $318, R12
+	B    callbackasm1(SB)
+	MOVD $319, R12
+	B    callbackasm1(SB)
+	MOVD $320, R12
+	B    callbackasm1(SB)
+	MOVD $321, R12
+	B    callbackasm1(SB)
+	MOVD $322, R12
+	B    callbackasm1(SB)
+	MOVD $323, R12
+	B    callbackasm1(SB)
+	MOVD $324, R12
+	B    callbackasm1(SB)
+	MOVD $325, R12
+	B    callbackasm1(SB)
+	MOVD $326, R12
+	B    callbackasm1(SB)
+	MOVD $327, R12
+	B    callbackasm1(SB)
+	MOVD $328, R12
+	B    callbackasm1(SB)
+	MOVD $329, R12
+	B    callbackasm1(SB)
+	MOVD $330, R12
+	B    callbackasm1(SB)
+	MOVD $331, R12
+	B    callbackasm1(SB)
+	MOVD $332, R12
+	B    callbackasm1(SB)
+	MOVD $333, R12
+	B    callbackasm1(SB)
+	MOVD $334, R12
+	B    callbackasm1(SB)
+	MOVD $335, R12
+	B    callbackasm1(SB)
+	MOVD $336, R12
+	B    callbackasm1(SB)
+	MOVD $337, R12
+	B    callbackasm1(SB)
+	MOVD $338, R12
+	B    callbackasm1(SB)
+	MOVD $339, R12
+	B    callbackasm1(SB)
+	MOVD $340, R12
+	B    callbackasm1(SB)
+	MOVD $341, R12
+	B    callbackasm1(SB)
+	MOVD $342, R12
+	B    callbackasm1(SB)
+	MOVD $343, R12
+	B    callbackasm1(SB)
+	MOVD $344, R12
+	B    callbackasm1(SB)
+	MOVD $345, R12
+	B    callbackasm1(SB)
+	MOVD $346, R12
+	B    callbackasm1(SB)
+	MOVD $347, R12
+	B    callbackasm1(SB)
+	MOVD $348, R12
+	B    callbackasm1(SB)
+	MOVD $349, R12
+	B    callbackasm1(SB)
+	MOVD $350, R12
+	B    callbackasm1(SB)
+	MOVD $351, R12
+	B    callbackasm1(SB)
+	MOVD $352, R12
+	B    callbackasm1(SB)
+	MOVD $353, R12
+	B    callbackasm1(SB)
+	MOVD $354, R12
+	B    callbackasm1(SB)
+	MOVD $355, R12
+	B    callbackasm1(SB)
+	MOVD $356, R12
+	B    callbackasm1(SB)
+	MOVD $357, R12
+	B    callbackasm1(SB)
+	MOVD $358, R12
+	B    callbackasm1(SB)
+	MOVD $359, R12
+	B    callbackasm1(SB)
+	MOVD $360, R12
+	B    callbackasm1(SB)
+	MOVD $361, R12
+	B    callbackasm1(SB)
+	MOVD $362, R12
+	B    callbackasm1(SB)
+	MOVD $363, R12
+	B    callbackasm1(SB)
+	MOVD $364, R12
+	B    callbackasm1(SB)
+	MOVD $365, R12
+	B    callbackasm1(SB)
+	MOVD $366, R12
+	B    callbackasm1(SB)
+	MOVD $367, R12
+	B    callbackasm1(SB)
+	MOVD $368, R12
+	B    callbackasm1(SB)
+	MOVD $369, R12
+	B    callbackasm1(SB)
+	MOVD $370, R12
+	B    callbackasm1(SB)
+	MOVD $371, R12
+	B    callbackasm1(SB)
+	MOVD $372, R12
+	B    callbackasm1(SB)
+	MOVD $373, R12
+	B    callbackasm1(SB)
+	MOVD $374, R12
+	B    callbackasm1(SB)
+	MOVD $375, R12
+	B    callbackasm1(SB)
+	MOVD $376, R12
+	B    callbackasm1(SB)
+	MOVD $377, R12
+	B    callbackasm1(SB)
+	MOVD $378, R12
+	B    callbackasm1(SB)
+	MOVD $379, R12
+	B    callbackasm1(SB)
+	MOVD $380, R12
+	B    callbackasm1(SB)
+	MOVD $381, R12
+	B    callbackasm1(SB)
+	MOVD $382, R12
+	B    callbackasm1(SB)
+	MOVD $383, R12
+	B    callbackasm1(SB)
+	MOVD $384, R12
+	B    callbackasm1(SB)
+	MOVD $385, R12
+	B    callbackasm1(SB)
+	MOVD $386, R12
+	B    callbackasm1(SB)
+	MOVD $387, R12
+	B    callbackasm1(SB)
+	MOVD $388, R12
+	B    callbackasm1(SB)
+	MOVD $389, R12
+	B    callbackasm1(SB)
+	MOVD $390, R12
+	B    callbackasm1(SB)
+	MOVD $391, R12
+	B    callbackasm1(SB)
+	MOVD $392, R12
+	B    callbackasm1(SB)
+	MOVD $393, R12
+	B    callbackasm1(SB)
+	MOVD $394, R12
+	B    callbackasm1(SB)
+	MOVD $395, R12
+	B    callbackasm1(SB)
+	MOVD $396, R12
+	B    callbackasm1(SB)
+	MOVD $397, R12
+	B    callbackasm1(SB)
+	MOVD $398, R12
+	B    callbackasm1(SB)
+	MOVD $399, R12
+	B    callbackasm1(SB)
+	MOVD $400, R12
+	B    callbackasm1(SB)
+	MOVD $401, R12
+	B    callbackasm1(SB)
+	MOVD $402, R12
+	B    callbackasm1(SB)
+	MOVD $403, R12
+	B    callbackasm1(SB)
+	MOVD $404, R12
+	B    callbackasm1(SB)
+	MOVD $405, R12
+	B    callbackasm1(SB)
+	MOVD $406, R12
+	B    callbackasm1(SB)
+	MOVD $407, R12
+	B    callbackasm1(SB)
+	MOVD $408, R12
+	B    callbackasm1(SB)
+	MOVD $409, R12
+	B    callbackasm1(SB)
+	MOVD $410, R12
+	B    callbackasm1(SB)
+	MOVD $411, R12
+	B    callbackasm1(SB)
+	MOVD $412, R12
+	B    callbackasm1(SB)
+	MOVD $413, R12
+	B    callbackasm1(SB)
+	MOVD $414, R12
+	B    callbackasm1(SB)
+	MOVD $415, R12
+	B    callbackasm1(SB)
+	MOVD $416, R12
+	B    callbackasm1(SB)
+	MOVD $417, R12
+	B    callbackasm1(SB)
+	MOVD $418, R12
+	B    callbackasm1(SB)
+	MOVD $419, R12
+	B    callbackasm1(SB)
+	MOVD $420, R12
+	B    callbackasm1(SB)
+	MOVD $421, R12
+	B    callbackasm1(SB)
+	MOVD $422, R12
+	B    callbackasm1(SB)
+	MOVD $423, R12
+	B    callbackasm1(SB)
+	MOVD $424, R12
+	B    callbackasm1(SB)
+	MOVD $425, R12
+	B    callbackasm1(SB)
+	MOVD $426, R12
+	B    callbackasm1(SB)
+	MOVD $427, R12
+	B    callbackasm1(SB)
+	MOVD $428, R12
+	B    callbackasm1(SB)
+	MOVD $429, R12
+	B    callbackasm1(SB)
+	MOVD $430, R12
+	B    callbackasm1(SB)
+	MOVD $431, R12
+	B    callbackasm1(SB)
+	MOVD $432, R12
+	B    callbackasm1(SB)
+	MOVD $433, R12
+	B    callbackasm1(SB)
+	MOVD $434, R12
+	B    callbackasm1(SB)
+	MOVD $435, R12
+	B    callbackasm1(SB)
+	MOVD $436, R12
+	B    callbackasm1(SB)
+	MOVD $437, R12
+	B    callbackasm1(SB)
+	MOVD $438, R12
+	B    callbackasm1(SB)
+	MOVD $439, R12
+	B    callbackasm1(SB)
+	MOVD $440, R12
+	B    callbackasm1(SB)
+	MOVD $441, R12
+	B    callbackasm1(SB)
+	MOVD $442, R12
+	B    callbackasm1(SB)
+	MOVD $443, R12
+	B    callbackasm1(SB)
+	MOVD $444, R12
+	B    callbackasm1(SB)
+	MOVD $445, R12
+	B    callbackasm1(SB)
+	MOVD $446, R12
+	B    callbackasm1(SB)
+	MOVD $447, R12
+	B    callbackasm1(SB)
+	MOVD $448, R12
+	B    callbackasm1(SB)
+	MOVD $449, R12
+	B    callbackasm1(SB)
+	MOVD $450, R12
+	B    callbackasm1(SB)
+	MOVD $451, R12
+	B    callbackasm1(SB)
+	MOVD $452, R12
+	B    callbackasm1(SB)
+	MOVD $453, R12
+	B    callbackasm1(SB)
+	MOVD $454, R12
+	B    callbackasm1(SB)
+	MOVD $455, R12
+	B    callbackasm1(SB)
+	MOVD $456, R12
+	B    callbackasm1(SB)
+	MOVD $457, R12
+	B    callbackasm1(SB)
+	MOVD $458, R12
+	B    callbackasm1(SB)
+	MOVD $459, R12
+	B    callbackasm1(SB)
+	MOVD $460, R12
+	B    callbackasm1(SB)
+	MOVD $461, R12
+	B    callbackasm1(SB)
+	MOVD $462, R12
+	B    callbackasm1(SB)
+	MOVD $463, R12
+	B    callbackasm1(SB)
+	MOVD $464, R12
+	B    callbackasm1(SB)
+	MOVD $465, R12
+	B    callbackasm1(SB)
+	MOVD $466, R12
+	B    callbackasm1(SB)
+	MOVD $467, R12
+	B    callbackasm1(SB)
+	MOVD $468, R12
+	B    callbackasm1(SB)
+	MOVD $469, R12
+	B    callbackasm1(SB)
+	MOVD $470, R12
+	B    callbackasm1(SB)
+	MOVD $471, R12
+	B    callbackasm1(SB)
+	MOVD $472, R12
+	B    callbackasm1(SB)
+	MOVD $473, R12
+	B    callbackasm1(SB)
+	MOVD $474, R12
+	B    callbackasm1(SB)
+	MOVD $475, R12
+	B    callbackasm1(SB)
+	MOVD $476, R12
+	B    callbackasm1(SB)
+	MOVD $477, R12
+	B    callbackasm1(SB)
+	MOVD $478, R12
+	B    callbackasm1(SB)
+	MOVD $479, R12
+	B    callbackasm1(SB)
+	MOVD $480, R12
+	B    callbackasm1(SB)
+	MOVD $481, R12
+	B    callbackasm1(SB)
+	MOVD $482, R12
+	B    callbackasm1(SB)
+	MOVD $483, R12
+	B    callbackasm1(SB)
+	MOVD $484, R12
+	B    callbackasm1(SB)
+	MOVD $485, R12
+	B    callbackasm1(SB)
+	MOVD $486, R12
+	B    callbackasm1(SB)
+	MOVD $487, R12
+	B    callbackasm1(SB)
+	MOVD $488, R12
+	B    callbackasm1(SB)
+	MOVD $489, R12
+	B    callbackasm1(SB)
+	MOVD $490, R12
+	B    callbackasm1(SB)
+	MOVD $491, R12
+	B    callbackasm1(SB)
+	MOVD $492, R12
+	B    callbackasm1(SB)
+	MOVD $493, R12
+	B    callbackasm1(SB)
+	MOVD $494, R12
+	B    callbackasm1(SB)
+	MOVD $495, R12
+	B    callbackasm1(SB)
+	MOVD $496, R12
+	B    callbackasm1(SB)
+	MOVD $497, R12
+	B    callbackasm1(SB)
+	MOVD $498, R12
+	B    callbackasm1(SB)
+	MOVD $499, R12
+	B    callbackasm1(SB)
+	MOVD $500, R12
+	B    callbackasm1(SB)
+	MOVD $501, R12
+	B    callbackasm1(SB)
+	MOVD $502, R12
+	B    callbackasm1(SB)
+	MOVD $503, R12
+	B    callbackasm1(SB)
+	MOVD $504, R12
+	B    callbackasm1(SB)
+	MOVD $505, R12
+	B    callbackasm1(SB)
+	MOVD $506, R12
+	B    callbackasm1(SB)
+	MOVD $507, R12
+	B    callbackasm1(SB)
+	MOVD $508, R12
+	B    callbackasm1(SB)
+	MOVD $509, R12
+	B    callbackasm1(SB)
+	MOVD $510, R12
+	B    callbackasm1(SB)
+	MOVD $511, R12
+	B    callbackasm1(SB)
+	MOVD $512, R12
+	B    callbackasm1(SB)
+	MOVD $513, R12
+	B    callbackasm1(SB)
+	MOVD $514, R12
+	B    callbackasm1(SB)
+	MOVD $515, R12
+	B    callbackasm1(SB)
+	MOVD $516, R12
+	B    callbackasm1(SB)
+	MOVD $517, R12
+	B    callbackasm1(SB)
+	MOVD $518, R12
+	B    callbackasm1(SB)
+	MOVD $519, R12
+	B    callbackasm1(SB)
+	MOVD $520, R12
+	B    callbackasm1(SB)
+	MOVD $521, R12
+	B    callbackasm1(SB)
+	MOVD $522, R12
+	B    callbackasm1(SB)
+	MOVD $523, R12
+	B    callbackasm1(SB)
+	MOVD $524, R12
+	B    callbackasm1(SB)
+	MOVD $525, R12
+	B    callbackasm1(SB)
+	MOVD $526, R12
+	B    callbackasm1(SB)
+	MOVD $527, R12
+	B    callbackasm1(SB)
+	MOVD $528, R12
+	B    callbackasm1(SB)
+	MOVD $529, R12
+	B    callbackasm1(SB)
+	MOVD $530, R12
+	B    callbackasm1(SB)
+	MOVD $531, R12
+	B    callbackasm1(SB)
+	MOVD $532, R12
+	B    callbackasm1(SB)
+	MOVD $533, R12
+	B    callbackasm1(SB)
+	MOVD $534, R12
+	B    callbackasm1(SB)
+	MOVD $535, R12
+	B    callbackasm1(SB)
+	MOVD $536, R12
+	B    callbackasm1(SB)
+	MOVD $537, R12
+	B    callbackasm1(SB)
+	MOVD $538, R12
+	B    callbackasm1(SB)
+	MOVD $539, R12
+	B    callbackasm1(SB)
+	MOVD $540, R12
+	B    callbackasm1(SB)
+	MOVD $541, R12
+	B    callbackasm1(SB)
+	MOVD $542, R12
+	B    callbackasm1(SB)
+	MOVD $543, R12
+	B    callbackasm1(SB)
+	MOVD $544, R12
+	B    callbackasm1(SB)
+	MOVD $545, R12
+	B    callbackasm1(SB)
+	MOVD $546, R12
+	B    callbackasm1(SB)
+	MOVD $547, R12
+	B    callbackasm1(SB)
+	MOVD $548, R12
+	B    callbackasm1(SB)
+	MOVD $549, R12
+	B    callbackasm1(SB)
+	MOVD $550, R12
+	B    callbackasm1(SB)
+	MOVD $551, R12
+	B    callbackasm1(SB)
+	MOVD $552, R12
+	B    callbackasm1(SB)
+	MOVD $553, R12
+	B    callbackasm1(SB)
+	MOVD $554, R12
+	B    callbackasm1(SB)
+	MOVD $555, R12
+	B    callbackasm1(SB)
+	MOVD $556, R12
+	B    callbackasm1(SB)
+	MOVD $557, R12
+	B    callbackasm1(SB)
+	MOVD $558, R12
+	B    callbackasm1(SB)
+	MOVD $559, R12
+	B    callbackasm1(SB)
+	MOVD $560, R12
+	B    callbackasm1(SB)
+	MOVD $561, R12
+	B    callbackasm1(SB)
+	MOVD $562, R12
+	B    callbackasm1(SB)
+	MOVD $563, R12
+	B    callbackasm1(SB)
+	MOVD $564, R12
+	B    callbackasm1(SB)
+	MOVD $565, R12
+	B    callbackasm1(SB)
+	MOVD $566, R12
+	B    callbackasm1(SB)
+	MOVD $567, R12
+	B    callbackasm1(SB)
+	MOVD $568, R12
+	B    callbackasm1(SB)
+	MOVD $569, R12
+	B    callbackasm1(SB)
+	MOVD $570, R12
+	B    callbackasm1(SB)
+	MOVD $571, R12
+	B    callbackasm1(SB)
+	MOVD $572, R12
+	B    callbackasm1(SB)
+	MOVD $573, R12
+	B    callbackasm1(SB)
+	MOVD $574, R12
+	B    callbackasm1(SB)
+	MOVD $575, R12
+	B    callbackasm1(SB)
+	MOVD $576, R12
+	B    callbackasm1(SB)
+	MOVD $577, R12
+	B    callbackasm1(SB)
+	MOVD $578, R12
+	B    callbackasm1(SB)
+	MOVD $579, R12
+	B    callbackasm1(SB)
+	MOVD $580, R12
+	B    callbackasm1(SB)
+	MOVD $581, R12
+	B    callbackasm1(SB)
+	MOVD $582, R12
+	B    callbackasm1(SB)
+	MOVD $583, R12
+	B    callbackasm1(SB)
+	MOVD $584, R12
+	B    callbackasm1(SB)
+	MOVD $585, R12
+	B    callbackasm1(SB)
+	MOVD $586, R12
+	B    callbackasm1(SB)
+	MOVD $587, R12
+	B    callbackasm1(SB)
+	MOVD $588, R12
+	B    callbackasm1(SB)
+	MOVD $589, R12
+	B    callbackasm1(SB)
+	MOVD $590, R12
+	B    callbackasm1(SB)
+	MOVD $591, R12
+	B    callbackasm1(SB)
+	MOVD $592, R12
+	B    callbackasm1(SB)
+	MOVD $593, R12
+	B    callbackasm1(SB)
+	MOVD $594, R12
+	B    callbackasm1(SB)
+	MOVD $595, R12
+	B    callbackasm1(SB)
+	MOVD $596, R12
+	B    callbackasm1(SB)
+	MOVD $597, R12
+	B    callbackasm1(SB)
+	MOVD $598, R12
+	B    callbackasm1(SB)
+	MOVD $599, R12
+	B    callbackasm1(SB)
+	MOVD $600, R12
+	B    callbackasm1(SB)
+	MOVD $601, R12
+	B    callbackasm1(SB)
+	MOVD $602, R12
+	B    callbackasm1(SB)
+	MOVD $603, R12
+	B    callbackasm1(SB)
+	MOVD $604, R12
+	B    callbackasm1(SB)
+	MOVD $605, R12
+	B    callbackasm1(SB)
+	MOVD $606, R12
+	B    callbackasm1(SB)
+	MOVD $607, R12
+	B    callbackasm1(SB)
+	MOVD $608, R12
+	B    callbackasm1(SB)
+	MOVD $609, R12
+	B    callbackasm1(SB)
+	MOVD $610, R12
+	B    callbackasm1(SB)
+	MOVD $611, R12
+	B    callbackasm1(SB)
+	MOVD $612, R12
+	B    callbackasm1(SB)
+	MOVD $613, R12
+	B    callbackasm1(SB)
+	MOVD $614, R12
+	B    callbackasm1(SB)
+	MOVD $615, R12
+	B    callbackasm1(SB)
+	MOVD $616, R12
+	B    callbackasm1(SB)
+	MOVD $617, R12
+	B    callbackasm1(SB)
+	MOVD $618, R12
+	B    callbackasm1(SB)
+	MOVD $619, R12
+	B    callbackasm1(SB)
+	MOVD $620, R12
+	B    callbackasm1(SB)
+	MOVD $621, R12
+	B    callbackasm1(SB)
+	MOVD $622, R12
+	B    callbackasm1(SB)
+	MOVD $623, R12
+	B    callbackasm1(SB)
+	MOVD $624, R12
+	B    callbackasm1(SB)
+	MOVD $625, R12
+	B    callbackasm1(SB)
+	MOVD $626, R12
+	B    callbackasm1(SB)
+	MOVD $627, R12
+	B    callbackasm1(SB)
+	MOVD $628, R12
+	B    callbackasm1(SB)
+	MOVD $629, R12
+	B    callbackasm1(SB)
+	MOVD $630, R12
+	B    callbackasm1(SB)
+	MOVD $631, R12
+	B    callbackasm1(SB)
+	MOVD $632, R12
+	B    callbackasm1(SB)
+	MOVD $633, R12
+	B    callbackasm1(SB)
+	MOVD $634, R12
+	B    callbackasm1(SB)
+	MOVD $635, R12
+	B    callbackasm1(SB)
+	MOVD $636, R12
+	B    callbackasm1(SB)
+	MOVD $637, R12
+	B    callbackasm1(SB)
+	MOVD $638, R12
+	B    callbackasm1(SB)
+	MOVD $639, R12
+	B    callbackasm1(SB)
+	MOVD $640, R12
+	B    callbackasm1(SB)
+	MOVD $641, R12
+	B    callbackasm1(SB)
+	MOVD $642, R12
+	B    callbackasm1(SB)
+	MOVD $643, R12
+	B    callbackasm1(SB)
+	MOVD $644, R12
+	B    callbackasm1(SB)
+	MOVD $645, R12
+	B    callbackasm1(SB)
+	MOVD $646, R12
+	B    callbackasm1(SB)
+	MOVD $647, R12
+	B    callbackasm1(SB)
+	MOVD $648, R12
+	B    callbackasm1(SB)
+	MOVD $649, R12
+	B    callbackasm1(SB)
+	MOVD $650, R12
+	B    callbackasm1(SB)
+	MOVD $651, R12
+	B    callbackasm1(SB)
+	MOVD $652, R12
+	B    callbackasm1(SB)
+	MOVD $653, R12
+	B    callbackasm1(SB)
+	MOVD $654, R12
+	B    callbackasm1(SB)
+	MOVD $655, R12
+	B    callbackasm1(SB)
+	MOVD $656, R12
+	B    callbackasm1(SB)
+	MOVD $657, R12
+	B    callbackasm1(SB)
+	MOVD $658, R12
+	B    callbackasm1(SB)
+	MOVD $659, R12
+	B    callbackasm1(SB)
+	MOVD $660, R12
+	B    callbackasm1(SB)
+	MOVD $661, R12
+	B    callbackasm1(SB)
+	MOVD $662, R12
+	B    callbackasm1(SB)
+	MOVD $663, R12
+	B    callbackasm1(SB)
+	MOVD $664, R12
+	B    callbackasm1(SB)
+	MOVD $665, R12
+	B    callbackasm1(SB)
+	MOVD $666, R12
+	B    callbackasm1(SB)
+	MOVD $667, R12
+	B    callbackasm1(SB)
+	MOVD $668, R12
+	B    callbackasm1(SB)
+	MOVD $669, R12
+	B    callbackasm1(SB)
+	MOVD $670, R12
+	B    callbackasm1(SB)
+	MOVD $671, R12
+	B    callbackasm1(SB)
+	MOVD $672, R12
+	B    callbackasm1(SB)
+	MOVD $673, R12
+	B    callbackasm1(SB)
+	MOVD $674, R12
+	B    callbackasm1(SB)
+	MOVD $675, R12
+	B    callbackasm1(SB)
+	MOVD $676, R12
+	B    callbackasm1(SB)
+	MOVD $677, R12
+	B    callbackasm1(SB)
+	MOVD $678, R12
+	B    callbackasm1(SB)
+	MOVD $679, R12
+	B    callbackasm1(SB)
+	MOVD $680, R12
+	B    callbackasm1(SB)
+	MOVD $681, R12
+	B    callbackasm1(SB)
+	MOVD $682, R12
+	B    callbackasm1(SB)
+	MOVD $683, R12
+	B    callbackasm1(SB)
+	MOVD $684, R12
+	B    callbackasm1(SB)
+	MOVD $685, R12
+	B    callbackasm1(SB)
+	MOVD $686, R12
+	B    callbackasm1(SB)
+	MOVD $687, R12
+	B    callbackasm1(SB)
+	MOVD $688, R12
+	B    callbackasm1(SB)
+	MOVD $689, R12
+	B    callbackasm1(SB)
+	MOVD $690, R12
+	B    callbackasm1(SB)
+	MOVD $691, R12
+	B    callbackasm1(SB)
+	MOVD $692, R12
+	B    callbackasm1(SB)
+	MOVD $693, R12
+	B    callbackasm1(SB)
+	MOVD $694, R12
+	B    callbackasm1(SB)
+	MOVD $695, R12
+	B    callbackasm1(SB)
+	MOVD $696, R12
+	B    callbackasm1(SB)
+	MOVD $697, R12
+	B    callbackasm1(SB)
+	MOVD $698, R12
+	B    callbackasm1(SB)
+	MOVD $699, R12
+	B    callbackasm1(SB)
+	MOVD $700, R12
+	B    callbackasm1(SB)
+	MOVD $701, R12
+	B    callbackasm1(SB)
+	MOVD $702, R12
+	B    callbackasm1(SB)
+	MOVD $703, R12
+	B    callbackasm1(SB)
+	MOVD $704, R12
+	B    callbackasm1(SB)
+	MOVD $705, R12
+	B    callbackasm1(SB)
+	MOVD $706, R12
+	B    callbackasm1(SB)
+	MOVD $707, R12
+	B    callbackasm1(SB)
+	MOVD $708, R12
+	B    callbackasm1(SB)
+	MOVD $709, R12
+	B    callbackasm1(SB)
+	MOVD $710, R12
+	B    callbackasm1(SB)
+	MOVD $711, R12
+	B    callbackasm1(SB)
+	MOVD $712, R12
+	B    callbackasm1(SB)
+	MOVD $713, R12
+	B    callbackasm1(SB)
+	MOVD $714, R12
+	B    callbackasm1(SB)
+	MOVD $715, R12
+	B    callbackasm1(SB)
+	MOVD $716, R12
+	B    callbackasm1(SB)
+	MOVD $717, R12
+	B    callbackasm1(SB)
+	MOVD $718, R12
+	B    callbackasm1(SB)
+	MOVD $719, R12
+	B    callbackasm1(SB)
+	MOVD $720, R12
+	B    callbackasm1(SB)
+	MOVD $721, R12
+	B    callbackasm1(SB)
+	MOVD $722, R12
+	B    callbackasm1(SB)
+	MOVD $723, R12
+	B    callbackasm1(SB)
+	MOVD $724, R12
+	B    callbackasm1(SB)
+	MOVD $725, R12
+	B    callbackasm1(SB)
+	MOVD $726, R12
+	B    callbackasm1(SB)
+	MOVD $727, R12
+	B    callbackasm1(SB)
+	MOVD $728, R12
+	B    callbackasm1(SB)
+	MOVD $729, R12
+	B    callbackasm1(SB)
+	MOVD $730, R12
+	B    callbackasm1(SB)
+	MOVD $731, R12
+	B    callbackasm1(SB)
+	MOVD $732, R12
+	B    callbackasm1(SB)
+	MOVD $733, R12
+	B    callbackasm1(SB)
+	MOVD $734, R12
+	B    callbackasm1(SB)
+	MOVD $735, R12
+	B    callbackasm1(SB)
+	MOVD $736, R12
+	B    callbackasm1(SB)
+	MOVD $737, R12
+	B    callbackasm1(SB)
+	MOVD $738, R12
+	B    callbackasm1(SB)
+	MOVD $739, R12
+	B    callbackasm1(SB)
+	MOVD $740, R12
+	B    callbackasm1(SB)
+	MOVD $741, R12
+	B    callbackasm1(SB)
+	MOVD $742, R12
+	B    callbackasm1(SB)
+	MOVD $743, R12
+	B    callbackasm1(SB)
+	MOVD $744, R12
+	B    callbackasm1(SB)
+	MOVD $745, R12
+	B    callbackasm1(SB)
+	MOVD $746, R12
+	B    callbackasm1(SB)
+	MOVD $747, R12
+	B    callbackasm1(SB)
+	MOVD $748, R12
+	B    callbackasm1(SB)
+	MOVD $749, R12
+	B    callbackasm1(SB)
+	MOVD $750, R12
+	B    callbackasm1(SB)
+	MOVD $751, R12
+	B    callbackasm1(SB)
+	MOVD $752, R12
+	B    callbackasm1(SB)
+	MOVD $753, R12
+	B    callbackasm1(SB)
+	MOVD $754, R12
+	B    callbackasm1(SB)
+	MOVD $755, R12
+	B    callbackasm1(SB)
+	MOVD $756, R12
+	B    callbackasm1(SB)
+	MOVD $757, R12
+	B    callbackasm1(SB)
+	MOVD $758, R12
+	B    callbackasm1(SB)
+	MOVD $759, R12
+	B    callbackasm1(SB)
+	MOVD $760, R12
+	B    callbackasm1(SB)
+	MOVD $761, R12
+	B    callbackasm1(SB)
+	MOVD $762, R12
+	B    callbackasm1(SB)
+	MOVD $763, R12
+	B    callbackasm1(SB)
+	MOVD $764, R12
+	B    callbackasm1(SB)
+	MOVD $765, R12
+	B    callbackasm1(SB)
+	MOVD $766, R12
+	B    callbackasm1(SB)
+	MOVD $767, R12
+	B    callbackasm1(SB)
+	MOVD $768, R12
+	B    callbackasm1(SB)
+	MOVD $769, R12
+	B    callbackasm1(SB)
+	MOVD $770, R12
+	B    callbackasm1(SB)
+	MOVD $771, R12
+	B    callbackasm1(SB)
+	MOVD $772, R12
+	B    callbackasm1(SB)
+	MOVD $773, R12
+	B    callbackasm1(SB)
+	MOVD $774, R12
+	B    callbackasm1(SB)
+	MOVD $775, R12
+	B    callbackasm1(SB)
+	MOVD $776, R12
+	B    callbackasm1(SB)
+	MOVD $777, R12
+	B    callbackasm1(SB)
+	MOVD $778, R12
+	B    callbackasm1(SB)
+	MOVD $779, R12
+	B    callbackasm1(SB)
+	MOVD $780, R12
+	B    callbackasm1(SB)
+	MOVD $781, R12
+	B    callbackasm1(SB)
+	MOVD $782, R12
+	B    callbackasm1(SB)
+	MOVD $783, R12
+	B    callbackasm1(SB)
+	MOVD $784, R12
+	B    callbackasm1(SB)
+	MOVD $785, R12
+	B    callbackasm1(SB)
+	MOVD $786, R12
+	B    callbackasm1(SB)
+	MOVD $787, R12
+	B    callbackasm1(SB)
+	MOVD $788, R12
+	B    callbackasm1(SB)
+	MOVD $789, R12
+	B    callbackasm1(SB)
+	MOVD $790, R12
+	B    callbackasm1(SB)
+	MOVD $791, R12
+	B    callbackasm1(SB)
+	MOVD $792, R12
+	B    callbackasm1(SB)
+	MOVD $793, R12
+	B    callbackasm1(SB)
+	MOVD $794, R12
+	B    callbackasm1(SB)
+	MOVD $795, R12
+	B    callbackasm1(SB)
+	MOVD $796, R12
+	B    callbackasm1(SB)
+	MOVD $797, R12
+	B    callbackasm1(SB)
+	MOVD $798, R12
+	B    callbackasm1(SB)
+	MOVD $799, R12
+	B    callbackasm1(SB)
+	MOVD $800, R12
+	B    callbackasm1(SB)
+	MOVD $801, R12
+	B    callbackasm1(SB)
+	MOVD $802, R12
+	B    callbackasm1(SB)
+	MOVD $803, R12
+	B    callbackasm1(SB)
+	MOVD $804, R12
+	B    callbackasm1(SB)
+	MOVD $805, R12
+	B    callbackasm1(SB)
+	MOVD $806, R12
+	B    callbackasm1(SB)
+	MOVD $807, R12
+	B    callbackasm1(SB)
+	MOVD $808, R12
+	B    callbackasm1(SB)
+	MOVD $809, R12
+	B    callbackasm1(SB)
+	MOVD $810, R12
+	B    callbackasm1(SB)
+	MOVD $811, R12
+	B    callbackasm1(SB)
+	MOVD $812, R12
+	B    callbackasm1(SB)
+	MOVD $813, R12
+	B    callbackasm1(SB)
+	MOVD $814, R12
+	B    callbackasm1(SB)
+	MOVD $815, R12
+	B    callbackasm1(SB)
+	MOVD $816, R12
+	B    callbackasm1(SB)
+	MOVD $817, R12
+	B    callbackasm1(SB)
+	MOVD $818, R12
+	B    callbackasm1(SB)
+	MOVD $819, R12
+	B    callbackasm1(SB)
+	MOVD $820, R12
+	B    callbackasm1(SB)
+	MOVD $821, R12
+	B    callbackasm1(SB)
+	MOVD $822, R12
+	B    callbackasm1(SB)
+	MOVD $823, R12
+	B    callbackasm1(SB)
+	MOVD $824, R12
+	B    callbackasm1(SB)
+	MOVD $825, R12
+	B    callbackasm1(SB)
+	MOVD $826, R12
+	B    callbackasm1(SB)
+	MOVD $827, R12
+	B    callbackasm1(SB)
+	MOVD $828, R12
+	B    callbackasm1(SB)
+	MOVD $829, R12
+	B    callbackasm1(SB)
+	MOVD $830, R12
+	B    callbackasm1(SB)
+	MOVD $831, R12
+	B    callbackasm1(SB)
+	MOVD $832, R12
+	B    callbackasm1(SB)
+	MOVD $833, R12
+	B    callbackasm1(SB)
+	MOVD $834, R12
+	B    callbackasm1(SB)
+	MOVD $835, R12
+	B    callbackasm1(SB)
+	MOVD $836, R12
+	B    callbackasm1(SB)
+	MOVD $837, R12
+	B    callbackasm1(SB)
+	MOVD $838, R12
+	B    callbackasm1(SB)
+	MOVD $839, R12
+	B    callbackasm1(SB)
+	MOVD $840, R12
+	B    callbackasm1(SB)
+	MOVD $841, R12
+	B    callbackasm1(SB)
+	MOVD $842, R12
+	B    callbackasm1(SB)
+	MOVD $843, R12
+	B    callbackasm1(SB)
+	MOVD $844, R12
+	B    callbackasm1(SB)
+	MOVD $845, R12
+	B    callbackasm1(SB)
+	MOVD $846, R12
+	B    callbackasm1(SB)
+	MOVD $847, R12
+	B    callbackasm1(SB)
+	MOVD $848, R12
+	B    callbackasm1(SB)
+	MOVD $849, R12
+	B    callbackasm1(SB)
+	MOVD $850, R12
+	B    callbackasm1(SB)
+	MOVD $851, R12
+	B    callbackasm1(SB)
+	MOVD $852, R12
+	B    callbackasm1(SB)
+	MOVD $853, R12
+	B    callbackasm1(SB)
+	MOVD $854, R12
+	B    callbackasm1(SB)
+	MOVD $855, R12
+	B    callbackasm1(SB)
+	MOVD $856, R12
+	B    callbackasm1(SB)
+	MOVD $857, R12
+	B    callbackasm1(SB)
+	MOVD $858, R12
+	B    callbackasm1(SB)
+	MOVD $859, R12
+	B    callbackasm1(SB)
+	MOVD $860, R12
+	B    callbackasm1(SB)
+	MOVD $861, R12
+	B    callbackasm1(SB)
+	MOVD $862, R12
+	B    callbackasm1(SB)
+	MOVD $863, R12
+	B    callbackasm1(SB)
+	MOVD $864, R12
+	B    callbackasm1(SB)
+	MOVD $865, R12
+	B    callbackasm1(SB)
+	MOVD $866, R12
+	B    callbackasm1(SB)
+	MOVD $867, R12
+	B    callbackasm1(SB)
+	MOVD $868, R12
+	B    callbackasm1(SB)
+	MOVD $869, R12
+	B    callbackasm1(SB)
+	MOVD $870, R12
+	B    callbackasm1(SB)
+	MOVD $871, R12
+	B    callbackasm1(SB)
+	MOVD $872, R12
+	B    callbackasm1(SB)
+	MOVD $873, R12
+	B    callbackasm1(SB)
+	MOVD $874, R12
+	B    callbackasm1(SB)
+	MOVD $875, R12
+	B    callbackasm1(SB)
+	MOVD $876, R12
+	B    callbackasm1(SB)
+	MOVD $877, R12
+	B    callbackasm1(SB)
+	MOVD $878, R12
+	B    callbackasm1(SB)
+	MOVD $879, R12
+	B    callbackasm1(SB)
+	MOVD $880, R12
+	B    callbackasm1(SB)
+	MOVD $881, R12
+	B    callbackasm1(SB)
+	MOVD $882, R12
+	B    callbackasm1(SB)
+	MOVD $883, R12
+	B    callbackasm1(SB)
+	MOVD $884, R12
+	B    callbackasm1(SB)
+	MOVD $885, R12
+	B    callbackasm1(SB)
+	MOVD $886, R12
+	B    callbackasm1(SB)
+	MOVD $887, R12
+	B    callbackasm1(SB)
+	MOVD $888, R12
+	B    callbackasm1(SB)
+	MOVD $889, R12
+	B    callbackasm1(SB)
+	MOVD $890, R12
+	B    callbackasm1(SB)
+	MOVD $891, R12
+	B    callbackasm1(SB)
+	MOVD $892, R12
+	B    callbackasm1(SB)
+	MOVD $893, R12
+	B    callbackasm1(SB)
+	MOVD $894, R12
+	B    callbackasm1(SB)
+	MOVD $895, R12
+	B    callbackasm1(SB)
+	MOVD $896, R12
+	B    callbackasm1(SB)
+	MOVD $897, R12
+	B    callbackasm1(SB)
+	MOVD $898, R12
+	B    callbackasm1(SB)
+	MOVD $899, R12
+	B    callbackasm1(SB)
+	MOVD $900, R12
+	B    callbackasm1(SB)
+	MOVD $901, R12
+	B    callbackasm1(SB)
+	MOVD $902, R12
+	B    callbackasm1(SB)
+	MOVD $903, R12
+	B    callbackasm1(SB)
+	MOVD $904, R12
+	B    callbackasm1(SB)
+	MOVD $905, R12
+	B    callbackasm1(SB)
+	MOVD $906, R12
+	B    callbackasm1(SB)
+	MOVD $907, R12
+	B    callbackasm1(SB)
+	MOVD $908, R12
+	B    callbackasm1(SB)
+	MOVD $909, R12
+	B    callbackasm1(SB)
+	MOVD $910, R12
+	B    callbackasm1(SB)
+	MOVD $911, R12
+	B    callbackasm1(SB)
+	MOVD $912, R12
+	B    callbackasm1(SB)
+	MOVD $913, R12
+	B    callbackasm1(SB)
+	MOVD $914, R12
+	B    callbackasm1(SB)
+	MOVD $915, R12
+	B    callbackasm1(SB)
+	MOVD $916, R12
+	B    callbackasm1(SB)
+	MOVD $917, R12
+	B    callbackasm1(SB)
+	MOVD $918, R12
+	B    callbackasm1(SB)
+	MOVD $919, R12
+	B    callbackasm1(SB)
+	MOVD $920, R12
+	B    callbackasm1(SB)
+	MOVD $921, R12
+	B    callbackasm1(SB)
+	MOVD $922, R12
+	B    callbackasm1(SB)
+	MOVD $923, R12
+	B    callbackasm1(SB)
+	MOVD $924, R12
+	B    callbackasm1(SB)
+	MOVD $925, R12
+	B    callbackasm1(SB)
+	MOVD $926, R12
+	B    callbackasm1(SB)
+	MOVD $927, R12
+	B    callbackasm1(SB)
+	MOVD $928, R12
+	B    callbackasm1(SB)
+	MOVD $929, R12
+	B    callbackasm1(SB)
+	MOVD $930, R12
+	B    callbackasm1(SB)
+	MOVD $931, R12
+	B    callbackasm1(SB)
+	MOVD $932, R12
+	B    callbackasm1(SB)
+	MOVD $933, R12
+	B    callbackasm1(SB)
+	MOVD $934, R12
+	B    callbackasm1(SB)
+	MOVD $935, R12
+	B    callbackasm1(SB)
+	MOVD $936, R12
+	B    callbackasm1(SB)
+	MOVD $937, R12
+	B    callbackasm1(SB)
+	MOVD $938, R12
+	B    callbackasm1(SB)
+	MOVD $939, R12
+	B    callbackasm1(SB)
+	MOVD $940, R12
+	B    callbackasm1(SB)
+	MOVD $941, R12
+	B    callbackasm1(SB)
+	MOVD $942, R12
+	B    callbackasm1(SB)
+	MOVD $943, R12
+	B    callbackasm1(SB)
+	MOVD $944, R12
+	B    callbackasm1(SB)
+	MOVD $945, R12
+	B    callbackasm1(SB)
+	MOVD $946, R12
+	B    callbackasm1(SB)
+	MOVD $947, R12
+	B    callbackasm1(SB)
+	MOVD $948, R12
+	B    callbackasm1(SB)
+	MOVD $949, R12
+	B    callbackasm1(SB)
+	MOVD $950, R12
+	B    callbackasm1(SB)
+	MOVD $951, R12
+	B    callbackasm1(SB)
+	MOVD $952, R12
+	B    callbackasm1(SB)
+	MOVD $953, R12
+	B    callbackasm1(SB)
+	MOVD $954, R12
+	B    callbackasm1(SB)
+	MOVD $955, R12
+	B    callbackasm1(SB)
+	MOVD $956, R12
+	B    callbackasm1(SB)
+	MOVD $957, R12
+	B    callbackasm1(SB)
+	MOVD $958, R12
+	B    callbackasm1(SB)
+	MOVD $959, R12
+	B    callbackasm1(SB)
+	MOVD $960, R12
+	B    callbackasm1(SB)
+	MOVD $961, R12
+	B    callbackasm1(SB)
+	MOVD $962, R12
+	B    callbackasm1(SB)
+	MOVD $963, R12
+	B    callbackasm1(SB)
+	MOVD $964, R12
+	B    callbackasm1(SB)
+	MOVD $965, R12
+	B    callbackasm1(SB)
+	MOVD $966, R12
+	B    callbackasm1(SB)
+	MOVD $967, R12
+	B    callbackasm1(SB)
+	MOVD $968, R12
+	B    callbackasm1(SB)
+	MOVD $969, R12
+	B    callbackasm1(SB)
+	MOVD $970, R12
+	B    callbackasm1(SB)
+	MOVD $971, R12
+	B    callbackasm1(SB)
+	MOVD $972, R12
+	B    callbackasm1(SB)
+	MOVD $973, R12
+	B    callbackasm1(SB)
+	MOVD $974, R12
+	B    callbackasm1(SB)
+	MOVD $975, R12
+	B    callbackasm1(SB)
+	MOVD $976, R12
+	B    callbackasm1(SB)
+	MOVD $977, R12
+	B    callbackasm1(SB)
+	MOVD $978, R12
+	B    callbackasm1(SB)
+	MOVD $979, R12
+	B    callbackasm1(SB)
+	MOVD $980, R12
+	B    callbackasm1(SB)
+	MOVD $981, R12
+	B    callbackasm1(SB)
+	MOVD $982, R12
+	B    callbackasm1(SB)
+	MOVD $983, R12
+	B    callbackasm1(SB)
+	MOVD $984, R12
+	B    callbackasm1(SB)
+	MOVD $985, R12
+	B    callbackasm1(SB)
+	MOVD $986, R12
+	B    callbackasm1(SB)
+	MOVD $987, R12
+	B    callbackasm1(SB)
+	MOVD $988, R12
+	B    callbackasm1(SB)
+	MOVD $989, R12
+	B    callbackasm1(SB)
+	MOVD $990, R12
+	B    callbackasm1(SB)
+	MOVD $991, R12
+	B    callbackasm1(SB)
+	MOVD $992, R12
+	B    callbackasm1(SB)
+	MOVD $993, R12
+	B    callbackasm1(SB)
+	MOVD $994, R12
+	B    callbackasm1(SB)
+	MOVD $995, R12
+	B    callbackasm1(SB)
+	MOVD $996, R12
+	B    callbackasm1(SB)
+	MOVD $997, R12
+	B    callbackasm1(SB)
+	MOVD $998, R12
+	B    callbackasm1(SB)
+	MOVD $999, R12
+	B    callbackasm1(SB)
+	MOVD $1000, R12
+	B    callbackasm1(SB)
+	MOVD $1001, R12
+	B    callbackasm1(SB)
+	MOVD $1002, R12
+	B    callbackasm1(SB)
+	MOVD $1003, R12
+	B    callbackasm1(SB)
+	MOVD $1004, R12
+	B    callbackasm1(SB)
+	MOVD $1005, R12
+	B    callbackasm1(SB)
+	MOVD $1006, R12
+	B    callbackasm1(SB)
+	MOVD $1007, R12
+	B    callbackasm1(SB)
+	MOVD $1008, R12
+	B    callbackasm1(SB)
+	MOVD $1009, R12
+	B    callbackasm1(SB)
+	MOVD $1010, R12
+	B    callbackasm1(SB)
+	MOVD $1011, R12
+	B    callbackasm1(SB)
+	MOVD $1012, R12
+	B    callbackasm1(SB)
+	MOVD $1013, R12
+	B    callbackasm1(SB)
+	MOVD $1014, R12
+	B    callbackasm1(SB)
+	MOVD $1015, R12
+	B    callbackasm1(SB)
+	MOVD $1016, R12
+	B    callbackasm1(SB)
+	MOVD $1017, R12
+	B    callbackasm1(SB)
+	MOVD $1018, R12
+	B    callbackasm1(SB)
+	MOVD $1019, R12
+	B    callbackasm1(SB)
+	MOVD $1020, R12
+	B    callbackasm1(SB)
+	MOVD $1021, R12
+	B    callbackasm1(SB)
+	MOVD $1022, R12
+	B    callbackasm1(SB)
+	MOVD $1023, R12
+	B    callbackasm1(SB)
+	MOVD $1024, R12
+	B    callbackasm1(SB)
+	MOVD $1025, R12
+	B    callbackasm1(SB)
+	MOVD $1026, R12
+	B    callbackasm1(SB)
+	MOVD $1027, R12
+	B    callbackasm1(SB)
+	MOVD $1028, R12
+	B    callbackasm1(SB)
+	MOVD $1029, R12
+	B    callbackasm1(SB)
+	MOVD $1030, R12
+	B    callbackasm1(SB)
+	MOVD $1031, R12
+	B    callbackasm1(SB)
+	MOVD $1032, R12
+	B    callbackasm1(SB)
+	MOVD $1033, R12
+	B    callbackasm1(SB)
+	MOVD $1034, R12
+	B    callbackasm1(SB)
+	MOVD $1035, R12
+	B    callbackasm1(SB)
+	MOVD $1036, R12
+	B    callbackasm1(SB)
+	MOVD $1037, R12
+	B    callbackasm1(SB)
+	MOVD $1038, R12
+	B    callbackasm1(SB)
+	MOVD $1039, R12
+	B    callbackasm1(SB)
+	MOVD $1040, R12
+	B    callbackasm1(SB)
+	MOVD $1041, R12
+	B    callbackasm1(SB)
+	MOVD $1042, R12
+	B    callbackasm1(SB)
+	MOVD $1043, R12
+	B    callbackasm1(SB)
+	MOVD $1044, R12
+	B    callbackasm1(SB)
+	MOVD $1045, R12
+	B    callbackasm1(SB)
+	MOVD $1046, R12
+	B    callbackasm1(SB)
+	MOVD $1047, R12
+	B    callbackasm1(SB)
+	MOVD $1048, R12
+	B    callbackasm1(SB)
+	MOVD $1049, R12
+	B    callbackasm1(SB)
+	MOVD $1050, R12
+	B    callbackasm1(SB)
+	MOVD $1051, R12
+	B    callbackasm1(SB)
+	MOVD $1052, R12
+	B    callbackasm1(SB)
+	MOVD $1053, R12
+	B    callbackasm1(SB)
+	MOVD $1054, R12
+	B    callbackasm1(SB)
+	MOVD $1055, R12
+	B    callbackasm1(SB)
+	MOVD $1056, R12
+	B    callbackasm1(SB)
+	MOVD $1057, R12
+	B    callbackasm1(SB)
+	MOVD $1058, R12
+	B    callbackasm1(SB)
+	MOVD $1059, R12
+	B    callbackasm1(SB)
+	MOVD $1060, R12
+	B    callbackasm1(SB)
+	MOVD $1061, R12
+	B    callbackasm1(SB)
+	MOVD $1062, R12
+	B    callbackasm1(SB)
+	MOVD $1063, R12
+	B    callbackasm1(SB)
+	MOVD $1064, R12
+	B    callbackasm1(SB)
+	MOVD $1065, R12
+	B    callbackasm1(SB)
+	MOVD $1066, R12
+	B    callbackasm1(SB)
+	MOVD $1067, R12
+	B    callbackasm1(SB)
+	MOVD $1068, R12
+	B    callbackasm1(SB)
+	MOVD $1069, R12
+	B    callbackasm1(SB)
+	MOVD $1070, R12
+	B    callbackasm1(SB)
+	MOVD $1071, R12
+	B    callbackasm1(SB)
+	MOVD $1072, R12
+	B    callbackasm1(SB)
+	MOVD $1073, R12
+	B    callbackasm1(SB)
+	MOVD $1074, R12
+	B    callbackasm1(SB)
+	MOVD $1075, R12
+	B    callbackasm1(SB)
+	MOVD $1076, R12
+	B    callbackasm1(SB)
+	MOVD $1077, R12
+	B    callbackasm1(SB)
+	MOVD $1078, R12
+	B    callbackasm1(SB)
+	MOVD $1079, R12
+	B    callbackasm1(SB)
+	MOVD $1080, R12
+	B    callbackasm1(SB)
+	MOVD $1081, R12
+	B    callbackasm1(SB)
+	MOVD $1082, R12
+	B    callbackasm1(SB)
+	MOVD $1083, R12
+	B    callbackasm1(SB)
+	MOVD $1084, R12
+	B    callbackasm1(SB)
+	MOVD $1085, R12
+	B    callbackasm1(SB)
+	MOVD $1086, R12
+	B    callbackasm1(SB)
+	MOVD $1087, R12
+	B    callbackasm1(SB)
+	MOVD $1088, R12
+	B    callbackasm1(SB)
+	MOVD $1089, R12
+	B    callbackasm1(SB)
+	MOVD $1090, R12
+	B    callbackasm1(SB)
+	MOVD $1091, R12
+	B    callbackasm1(SB)
+	MOVD $1092, R12
+	B    callbackasm1(SB)
+	MOVD $1093, R12
+	B    callbackasm1(SB)
+	MOVD $1094, R12
+	B    callbackasm1(SB)
+	MOVD $1095, R12
+	B    callbackasm1(SB)
+	MOVD $1096, R12
+	B    callbackasm1(SB)
+	MOVD $1097, R12
+	B    callbackasm1(SB)
+	MOVD $1098, R12
+	B    callbackasm1(SB)
+	MOVD $1099, R12
+	B    callbackasm1(SB)
+	MOVD $1100, R12
+	B    callbackasm1(SB)
+	MOVD $1101, R12
+	B    callbackasm1(SB)
+	MOVD $1102, R12
+	B    callbackasm1(SB)
+	MOVD $1103, R12
+	B    callbackasm1(SB)
+	MOVD $1104, R12
+	B    callbackasm1(SB)
+	MOVD $1105, R12
+	B    callbackasm1(SB)
+	MOVD $1106, R12
+	B    callbackasm1(SB)
+	MOVD $1107, R12
+	B    callbackasm1(SB)
+	MOVD $1108, R12
+	B    callbackasm1(SB)
+	MOVD $1109, R12
+	B    callbackasm1(SB)
+	MOVD $1110, R12
+	B    callbackasm1(SB)
+	MOVD $1111, R12
+	B    callbackasm1(SB)
+	MOVD $1112, R12
+	B    callbackasm1(SB)
+	MOVD $1113, R12
+	B    callbackasm1(SB)
+	MOVD $1114, R12
+	B    callbackasm1(SB)
+	MOVD $1115, R12
+	B    callbackasm1(SB)
+	MOVD $1116, R12
+	B    callbackasm1(SB)
+	MOVD $1117, R12
+	B    callbackasm1(SB)
+	MOVD $1118, R12
+	B    callbackasm1(SB)
+	MOVD $1119, R12
+	B    callbackasm1(SB)
+	MOVD $1120, R12
+	B    callbackasm1(SB)
+	MOVD $1121, R12
+	B    callbackasm1(SB)
+	MOVD $1122, R12
+	B    callbackasm1(SB)
+	MOVD $1123, R12
+	B    callbackasm1(SB)
+	MOVD $1124, R12
+	B    callbackasm1(SB)
+	MOVD $1125, R12
+	B    callbackasm1(SB)
+	MOVD $1126, R12
+	B    callbackasm1(SB)
+	MOVD $1127, R12
+	B    callbackasm1(SB)
+	MOVD $1128, R12
+	B    callbackasm1(SB)
+	MOVD $1129, R12
+	B    callbackasm1(SB)
+	MOVD $1130, R12
+	B    callbackasm1(SB)
+	MOVD $1131, R12
+	B    callbackasm1(SB)
+	MOVD $1132, R12
+	B    callbackasm1(SB)
+	MOVD $1133, R12
+	B    callbackasm1(SB)
+	MOVD $1134, R12
+	B    callbackasm1(SB)
+	MOVD $1135, R12
+	B    callbackasm1(SB)
+	MOVD $1136, R12
+	B    callbackasm1(SB)
+	MOVD $1137, R12
+	B    callbackasm1(SB)
+	MOVD $1138, R12
+	B    callbackasm1(SB)
+	MOVD $1139, R12
+	B    callbackasm1(SB)
+	MOVD $1140, R12
+	B    callbackasm1(SB)
+	MOVD $1141, R12
+	B    callbackasm1(SB)
+	MOVD $1142, R12
+	B    callbackasm1(SB)
+	MOVD $1143, R12
+	B    callbackasm1(SB)
+	MOVD $1144, R12
+	B    callbackasm1(SB)
+	MOVD $1145, R12
+	B    callbackasm1(SB)
+	MOVD $1146, R12
+	B    callbackasm1(SB)
+	MOVD $1147, R12
+	B    callbackasm1(SB)
+	MOVD $1148, R12
+	B    callbackasm1(SB)
+	MOVD $1149, R12
+	B    callbackasm1(SB)
+	MOVD $1150, R12
+	B    callbackasm1(SB)
+	MOVD $1151, R12
+	B    callbackasm1(SB)
+	MOVD $1152, R12
+	B    callbackasm1(SB)
+	MOVD $1153, R12
+	B    callbackasm1(SB)
+	MOVD $1154, R12
+	B    callbackasm1(SB)
+	MOVD $1155, R12
+	B    callbackasm1(SB)
+	MOVD $1156, R12
+	B    callbackasm1(SB)
+	MOVD $1157, R12
+	B    callbackasm1(SB)
+	MOVD $1158, R12
+	B    callbackasm1(SB)
+	MOVD $1159, R12
+	B    callbackasm1(SB)
+	MOVD $1160, R12
+	B    callbackasm1(SB)
+	MOVD $1161, R12
+	B    callbackasm1(SB)
+	MOVD $1162, R12
+	B    callbackasm1(SB)
+	MOVD $1163, R12
+	B    callbackasm1(SB)
+	MOVD $1164, R12
+	B    callbackasm1(SB)
+	MOVD $1165, R12
+	B    callbackasm1(SB)
+	MOVD $1166, R12
+	B    callbackasm1(SB)
+	MOVD $1167, R12
+	B    callbackasm1(SB)
+	MOVD $1168, R12
+	B    callbackasm1(SB)
+	MOVD $1169, R12
+	B    callbackasm1(SB)
+	MOVD $1170, R12
+	B    callbackasm1(SB)
+	MOVD $1171, R12
+	B    callbackasm1(SB)
+	MOVD $1172, R12
+	B    callbackasm1(SB)
+	MOVD $1173, R12
+	B    callbackasm1(SB)
+	MOVD $1174, R12
+	B    callbackasm1(SB)
+	MOVD $1175, R12
+	B    callbackasm1(SB)
+	MOVD $1176, R12
+	B    callbackasm1(SB)
+	MOVD $1177, R12
+	B    callbackasm1(SB)
+	MOVD $1178, R12
+	B    callbackasm1(SB)
+	MOVD $1179, R12
+	B    callbackasm1(SB)
+	MOVD $1180, R12
+	B    callbackasm1(SB)
+	MOVD $1181, R12
+	B    callbackasm1(SB)
+	MOVD $1182, R12
+	B    callbackasm1(SB)
+	MOVD $1183, R12
+	B    callbackasm1(SB)
+	MOVD $1184, R12
+	B    callbackasm1(SB)
+	MOVD $1185, R12
+	B    callbackasm1(SB)
+	MOVD $1186, R12
+	B    callbackasm1(SB)
+	MOVD $1187, R12
+	B    callbackasm1(SB)
+	MOVD $1188, R12
+	B    callbackasm1(SB)
+	MOVD $1189, R12
+	B    callbackasm1(SB)
+	MOVD $1190, R12
+	B    callbackasm1(SB)
+	MOVD $1191, R12
+	B    callbackasm1(SB)
+	MOVD $1192, R12
+	B    callbackasm1(SB)
+	MOVD $1193, R12
+	B    callbackasm1(SB)
+	MOVD $1194, R12
+	B    callbackasm1(SB)
+	MOVD $1195, R12
+	B    callbackasm1(SB)
+	MOVD $1196, R12
+	B    callbackasm1(SB)
+	MOVD $1197, R12
+	B    callbackasm1(SB)
+	MOVD $1198, R12
+	B    callbackasm1(SB)
+	MOVD $1199, R12
+	B    callbackasm1(SB)
+	MOVD $1200, R12
+	B    callbackasm1(SB)
+	MOVD $1201, R12
+	B    callbackasm1(SB)
+	MOVD $1202, R12
+	B    callbackasm1(SB)
+	MOVD $1203, R12
+	B    callbackasm1(SB)
+	MOVD $1204, R12
+	B    callbackasm1(SB)
+	MOVD $1205, R12
+	B    callbackasm1(SB)
+	MOVD $1206, R12
+	B    callbackasm1(SB)
+	MOVD $1207, R12
+	B    callbackasm1(SB)
+	MOVD $1208, R12
+	B    callbackasm1(SB)
+	MOVD $1209, R12
+	B    callbackasm1(SB)
+	MOVD $1210, R12
+	B    callbackasm1(SB)
+	MOVD $1211, R12
+	B    callbackasm1(SB)
+	MOVD $1212, R12
+	B    callbackasm1(SB)
+	MOVD $1213, R12
+	B    callbackasm1(SB)
+	MOVD $1214, R12
+	B    callbackasm1(SB)
+	MOVD $1215, R12
+	B    callbackasm1(SB)
+	MOVD $1216, R12
+	B    callbackasm1(SB)
+	MOVD $1217, R12
+	B    callbackasm1(SB)
+	MOVD $1218, R12
+	B    callbackasm1(SB)
+	MOVD $1219, R12
+	B    callbackasm1(SB)
+	MOVD $1220, R12
+	B    callbackasm1(SB)
+	MOVD $1221, R12
+	B    callbackasm1(SB)
+	MOVD $1222, R12
+	B    callbackasm1(SB)
+	MOVD $1223, R12
+	B    callbackasm1(SB)
+	MOVD $1224, R12
+	B    callbackasm1(SB)
+	MOVD $1225, R12
+	B    callbackasm1(SB)
+	MOVD $1226, R12
+	B    callbackasm1(SB)
+	MOVD $1227, R12
+	B    callbackasm1(SB)
+	MOVD $1228, R12
+	B    callbackasm1(SB)
+	MOVD $1229, R12
+	B    callbackasm1(SB)
+	MOVD $1230, R12
+	B    callbackasm1(SB)
+	MOVD $1231, R12
+	B    callbackasm1(SB)
+	MOVD $1232, R12
+	B    callbackasm1(SB)
+	MOVD $1233, R12
+	B    callbackasm1(SB)
+	MOVD $1234, R12
+	B    callbackasm1(SB)
+	MOVD $1235, R12
+	B    callbackasm1(SB)
+	MOVD $1236, R12
+	B    callbackasm1(SB)
+	MOVD $1237, R12
+	B    callbackasm1(SB)
+	MOVD $1238, R12
+	B    callbackasm1(SB)
+	MOVD $1239, R12
+	B    callbackasm1(SB)
+	MOVD $1240, R12
+	B    callbackasm1(SB)
+	MOVD $1241, R12
+	B    callbackasm1(SB)
+	MOVD $1242, R12
+	B    callbackasm1(SB)
+	MOVD $1243, R12
+	B    callbackasm1(SB)
+	MOVD $1244, R12
+	B    callbackasm1(SB)
+	MOVD $1245, R12
+	B    callbackasm1(SB)
+	MOVD $1246, R12
+	B    callbackasm1(SB)
+	MOVD $1247, R12
+	B    callbackasm1(SB)
+	MOVD $1248, R12
+	B    callbackasm1(SB)
+	MOVD $1249, R12
+	B    callbackasm1(SB)
+	MOVD $1250, R12
+	B    callbackasm1(SB)
+	MOVD $1251, R12
+	B    callbackasm1(SB)
+	MOVD $1252, R12
+	B    callbackasm1(SB)
+	MOVD $1253, R12
+	B    callbackasm1(SB)
+	MOVD $1254, R12
+	B    callbackasm1(SB)
+	MOVD $1255, R12
+	B    callbackasm1(SB)
+	MOVD $1256, R12
+	B    callbackasm1(SB)
+	MOVD $1257, R12
+	B    callbackasm1(SB)
+	MOVD $1258, R12
+	B    callbackasm1(SB)
+	MOVD $1259, R12
+	B    callbackasm1(SB)
+	MOVD $1260, R12
+	B    callbackasm1(SB)
+	MOVD $1261, R12
+	B    callbackasm1(SB)
+	MOVD $1262, R12
+	B    callbackasm1(SB)
+	MOVD $1263, R12
+	B    callbackasm1(SB)
+	MOVD $1264, R12
+	B    callbackasm1(SB)
+	MOVD $1265, R12
+	B    callbackasm1(SB)
+	MOVD $1266, R12
+	B    callbackasm1(SB)
+	MOVD $1267, R12
+	B    callbackasm1(SB)
+	MOVD $1268, R12
+	B    callbackasm1(SB)
+	MOVD $1269, R12
+	B    callbackasm1(SB)
+	MOVD $1270, R12
+	B    callbackasm1(SB)
+	MOVD $1271, R12
+	B    callbackasm1(SB)
+	MOVD $1272, R12
+	B    callbackasm1(SB)
+	MOVD $1273, R12
+	B    callbackasm1(SB)
+	MOVD $1274, R12
+	B    callbackasm1(SB)
+	MOVD $1275, R12
+	B    callbackasm1(SB)
+	MOVD $1276, R12
+	B    callbackasm1(SB)
+	MOVD $1277, R12
+	B    callbackasm1(SB)
+	MOVD $1278, R12
+	B    callbackasm1(SB)
+	MOVD $1279, R12
+	B    callbackasm1(SB)
+	MOVD $1280, R12
+	B    callbackasm1(SB)
+	MOVD $1281, R12
+	B    callbackasm1(SB)
+	MOVD $1282, R12
+	B    callbackasm1(SB)
+	MOVD $1283, R12
+	B    callbackasm1(SB)
+	MOVD $1284, R12
+	B    callbackasm1(SB)
+	MOVD $1285, R12
+	B    callbackasm1(SB)
+	MOVD $1286, R12
+	B    callbackasm1(SB)
+	MOVD $1287, R12
+	B    callbackasm1(SB)
+	MOVD $1288, R12
+	B    callbackasm1(SB)
+	MOVD $1289, R12
+	B    callbackasm1(SB)
+	MOVD $1290, R12
+	B    callbackasm1(SB)
+	MOVD $1291, R12
+	B    callbackasm1(SB)
+	MOVD $1292, R12
+	B    callbackasm1(SB)
+	MOVD $1293, R12
+	B    callbackasm1(SB)
+	MOVD $1294, R12
+	B    callbackasm1(SB)
+	MOVD $1295, R12
+	B    callbackasm1(SB)
+	MOVD $1296, R12
+	B    callbackasm1(SB)
+	MOVD $1297, R12
+	B    callbackasm1(SB)
+	MOVD $1298, R12
+	B    callbackasm1(SB)
+	MOVD $1299, R12
+	B    callbackasm1(SB)
+	MOVD $1300, R12
+	B    callbackasm1(SB)
+	MOVD $1301, R12
+	B    callbackasm1(SB)
+	MOVD $1302, R12
+	B    callbackasm1(SB)
+	MOVD $1303, R12
+	B    callbackasm1(SB)
+	MOVD $1304, R12
+	B    callbackasm1(SB)
+	MOVD $1305, R12
+	B    callbackasm1(SB)
+	MOVD $1306, R12
+	B    callbackasm1(SB)
+	MOVD $1307, R12
+	B    callbackasm1(SB)
+	MOVD $1308, R12
+	B    callbackasm1(SB)
+	MOVD $1309, R12
+	B    callbackasm1(SB)
+	MOVD $1310, R12
+	B    callbackasm1(SB)
+	MOVD $1311, R12
+	B    callbackasm1(SB)
+	MOVD $1312, R12
+	B    callbackasm1(SB)
+	MOVD $1313, R12
+	B    callbackasm1(SB)
+	MOVD $1314, R12
+	B    callbackasm1(SB)
+	MOVD $1315, R12
+	B    callbackasm1(SB)
+	MOVD $1316, R12
+	B    callbackasm1(SB)
+	MOVD $1317, R12
+	B    callbackasm1(SB)
+	MOVD $1318, R12
+	B    callbackasm1(SB)
+	MOVD $1319, R12
+	B    callbackasm1(SB)
+	MOVD $1320, R12
+	B    callbackasm1(SB)
+	MOVD $1321, R12
+	B    callbackasm1(SB)
+	MOVD $1322, R12
+	B    callbackasm1(SB)
+	MOVD $1323, R12
+	B    callbackasm1(SB)
+	MOVD $1324, R12
+	B    callbackasm1(SB)
+	MOVD $1325, R12
+	B    callbackasm1(SB)
+	MOVD $1326, R12
+	B    callbackasm1(SB)
+	MOVD $1327, R12
+	B    callbackasm1(SB)
+	MOVD $1328, R12
+	B    callbackasm1(SB)
+	MOVD $1329, R12
+	B    callbackasm1(SB)
+	MOVD $1330, R12
+	B    callbackasm1(SB)
+	MOVD $1331, R12
+	B    callbackasm1(SB)
+	MOVD $1332, R12
+	B    callbackasm1(SB)
+	MOVD $1333, R12
+	B    callbackasm1(SB)
+	MOVD $1334, R12
+	B    callbackasm1(SB)
+	MOVD $1335, R12
+	B    callbackasm1(SB)
+	MOVD $1336, R12
+	B    callbackasm1(SB)
+	MOVD $1337, R12
+	B    callbackasm1(SB)
+	MOVD $1338, R12
+	B    callbackasm1(SB)
+	MOVD $1339, R12
+	B    callbackasm1(SB)
+	MOVD $1340, R12
+	B    callbackasm1(SB)
+	MOVD $1341, R12
+	B    callbackasm1(SB)
+	MOVD $1342, R12
+	B    callbackasm1(SB)
+	MOVD $1343, R12
+	B    callbackasm1(SB)
+	MOVD $1344, R12
+	B    callbackasm1(SB)
+	MOVD $1345, R12
+	B    callbackasm1(SB)
+	MOVD $1346, R12
+	B    callbackasm1(SB)
+	MOVD $1347, R12
+	B    callbackasm1(SB)
+	MOVD $1348, R12
+	B    callbackasm1(SB)
+	MOVD $1349, R12
+	B    callbackasm1(SB)
+	MOVD $1350, R12
+	B    callbackasm1(SB)
+	MOVD $1351, R12
+	B    callbackasm1(SB)
+	MOVD $1352, R12
+	B    callbackasm1(SB)
+	MOVD $1353, R12
+	B    callbackasm1(SB)
+	MOVD $1354, R12
+	B    callbackasm1(SB)
+	MOVD $1355, R12
+	B    callbackasm1(SB)
+	MOVD $1356, R12
+	B    callbackasm1(SB)
+	MOVD $1357, R12
+	B    callbackasm1(SB)
+	MOVD $1358, R12
+	B    callbackasm1(SB)
+	MOVD $1359, R12
+	B    callbackasm1(SB)
+	MOVD $1360, R12
+	B    callbackasm1(SB)
+	MOVD $1361, R12
+	B    callbackasm1(SB)
+	MOVD $1362, R12
+	B    callbackasm1(SB)
+	MOVD $1363, R12
+	B    callbackasm1(SB)
+	MOVD $1364, R12
+	B    callbackasm1(SB)
+	MOVD $1365, R12
+	B    callbackasm1(SB)
+	MOVD $1366, R12
+	B    callbackasm1(SB)
+	MOVD $1367, R12
+	B    callbackasm1(SB)
+	MOVD $1368, R12
+	B    callbackasm1(SB)
+	MOVD $1369, R12
+	B    callbackasm1(SB)
+	MOVD $1370, R12
+	B    callbackasm1(SB)
+	MOVD $1371, R12
+	B    callbackasm1(SB)
+	MOVD $1372, R12
+	B    callbackasm1(SB)
+	MOVD $1373, R12
+	B    callbackasm1(SB)
+	MOVD $1374, R12
+	B    callbackasm1(SB)
+	MOVD $1375, R12
+	B    callbackasm1(SB)
+	MOVD $1376, R12
+	B    callbackasm1(SB)
+	MOVD $1377, R12
+	B    callbackasm1(SB)
+	MOVD $1378, R12
+	B    callbackasm1(SB)
+	MOVD $1379, R12
+	B    callbackasm1(SB)
+	MOVD $1380, R12
+	B    callbackasm1(SB)
+	MOVD $1381, R12
+	B    callbackasm1(SB)
+	MOVD $1382, R12
+	B    callbackasm1(SB)
+	MOVD $1383, R12
+	B    callbackasm1(SB)
+	MOVD $1384, R12
+	B    callbackasm1(SB)
+	MOVD $1385, R12
+	B    callbackasm1(SB)
+	MOVD $1386, R12
+	B    callbackasm1(SB)
+	MOVD $1387, R12
+	B    callbackasm1(SB)
+	MOVD $1388, R12
+	B    callbackasm1(SB)
+	MOVD $1389, R12
+	B    callbackasm1(SB)
+	MOVD $1390, R12
+	B    callbackasm1(SB)
+	MOVD $1391, R12
+	B    callbackasm1(SB)
+	MOVD $1392, R12
+	B    callbackasm1(SB)
+	MOVD $1393, R12
+	B    callbackasm1(SB)
+	MOVD $1394, R12
+	B    callbackasm1(SB)
+	MOVD $1395, R12
+	B    callbackasm1(SB)
+	MOVD $1396, R12
+	B    callbackasm1(SB)
+	MOVD $1397, R12
+	B    callbackasm1(SB)
+	MOVD $1398, R12
+	B    callbackasm1(SB)
+	MOVD $1399, R12
+	B    callbackasm1(SB)
+	MOVD $1400, R12
+	B    callbackasm1(SB)
+	MOVD $1401, R12
+	B    callbackasm1(SB)
+	MOVD $1402, R12
+	B    callbackasm1(SB)
+	MOVD $1403, R12
+	B    callbackasm1(SB)
+	MOVD $1404, R12
+	B    callbackasm1(SB)
+	MOVD $1405, R12
+	B    callbackasm1(SB)
+	MOVD $1406, R12
+	B    callbackasm1(SB)
+	MOVD $1407, R12
+	B    callbackasm1(SB)
+	MOVD $1408, R12
+	B    callbackasm1(SB)
+	MOVD $1409, R12
+	B    callbackasm1(SB)
+	MOVD $1410, R12
+	B    callbackasm1(SB)
+	MOVD $1411, R12
+	B    callbackasm1(SB)
+	MOVD $1412, R12
+	B    callbackasm1(SB)
+	MOVD $1413, R12
+	B    callbackasm1(SB)
+	MOVD $1414, R12
+	B    callbackasm1(SB)
+	MOVD $1415, R12
+	B    callbackasm1(SB)
+	MOVD $1416, R12
+	B    callbackasm1(SB)
+	MOVD $1417, R12
+	B    callbackasm1(SB)
+	MOVD $1418, R12
+	B    callbackasm1(SB)
+	MOVD $1419, R12
+	B    callbackasm1(SB)
+	MOVD $1420, R12
+	B    callbackasm1(SB)
+	MOVD $1421, R12
+	B    callbackasm1(SB)
+	MOVD $1422, R12
+	B    callbackasm1(SB)
+	MOVD $1423, R12
+	B    callbackasm1(SB)
+	MOVD $1424, R12
+	B    callbackasm1(SB)
+	MOVD $1425, R12
+	B    callbackasm1(SB)
+	MOVD $1426, R12
+	B    callbackasm1(SB)
+	MOVD $1427, R12
+	B    callbackasm1(SB)
+	MOVD $1428, R12
+	B    callbackasm1(SB)
+	MOVD $1429, R12
+	B    callbackasm1(SB)
+	MOVD $1430, R12
+	B    callbackasm1(SB)
+	MOVD $1431, R12
+	B    callbackasm1(SB)
+	MOVD $1432, R12
+	B    callbackasm1(SB)
+	MOVD $1433, R12
+	B    callbackasm1(SB)
+	MOVD $1434, R12
+	B    callbackasm1(SB)
+	MOVD $1435, R12
+	B    callbackasm1(SB)
+	MOVD $1436, R12
+	B    callbackasm1(SB)
+	MOVD $1437, R12
+	B    callbackasm1(SB)
+	MOVD $1438, R12
+	B    callbackasm1(SB)
+	MOVD $1439, R12
+	B    callbackasm1(SB)
+	MOVD $1440, R12
+	B    callbackasm1(SB)
+	MOVD $1441, R12
+	B    callbackasm1(SB)
+	MOVD $1442, R12
+	B    callbackasm1(SB)
+	MOVD $1443, R12
+	B    callbackasm1(SB)
+	MOVD $1444, R12
+	B    callbackasm1(SB)
+	MOVD $1445, R12
+	B    callbackasm1(SB)
+	MOVD $1446, R12
+	B    callbackasm1(SB)
+	MOVD $1447, R12
+	B    callbackasm1(SB)
+	MOVD $1448, R12
+	B    callbackasm1(SB)
+	MOVD $1449, R12
+	B    callbackasm1(SB)
+	MOVD $1450, R12
+	B    callbackasm1(SB)
+	MOVD $1451, R12
+	B    callbackasm1(SB)
+	MOVD $1452, R12
+	B    callbackasm1(SB)
+	MOVD $1453, R12
+	B    callbackasm1(SB)
+	MOVD $1454, R12
+	B    callbackasm1(SB)
+	MOVD $1455, R12
+	B    callbackasm1(SB)
+	MOVD $1456, R12
+	B    callbackasm1(SB)
+	MOVD $1457, R12
+	B    callbackasm1(SB)
+	MOVD $1458, R12
+	B    callbackasm1(SB)
+	MOVD $1459, R12
+	B    callbackasm1(SB)
+	MOVD $1460, R12
+	B    callbackasm1(SB)
+	MOVD $1461, R12
+	B    callbackasm1(SB)
+	MOVD $1462, R12
+	B    callbackasm1(SB)
+	MOVD $1463, R12
+	B    callbackasm1(SB)
+	MOVD $1464, R12
+	B    callbackasm1(SB)
+	MOVD $1465, R12
+	B    callbackasm1(SB)
+	MOVD $1466, R12
+	B    callbackasm1(SB)
+	MOVD $1467, R12
+	B    callbackasm1(SB)
+	MOVD $1468, R12
+	B    callbackasm1(SB)
+	MOVD $1469, R12
+	B    callbackasm1(SB)
+	MOVD $1470, R12
+	B    callbackasm1(SB)
+	MOVD $1471, R12
+	B    callbackasm1(SB)
+	MOVD $1472, R12
+	B    callbackasm1(SB)
+	MOVD $1473, R12
+	B    callbackasm1(SB)
+	MOVD $1474, R12
+	B    callbackasm1(SB)
+	MOVD $1475, R12
+	B    callbackasm1(SB)
+	MOVD $1476, R12
+	B    callbackasm1(SB)
+	MOVD $1477, R12
+	B    callbackasm1(SB)
+	MOVD $1478, R12
+	B    callbackasm1(SB)
+	MOVD $1479, R12
+	B    callbackasm1(SB)
+	MOVD $1480, R12
+	B    callbackasm1(SB)
+	MOVD $1481, R12
+	B    callbackasm1(SB)
+	MOVD $1482, R12
+	B    callbackasm1(SB)
+	MOVD $1483, R12
+	B    callbackasm1(SB)
+	MOVD $1484, R12
+	B    callbackasm1(SB)
+	MOVD $1485, R12
+	B    callbackasm1(SB)
+	MOVD $1486, R12
+	B    callbackasm1(SB)
+	MOVD $1487, R12
+	B    callbackasm1(SB)
+	MOVD $1488, R12
+	B    callbackasm1(SB)
+	MOVD $1489, R12
+	B    callbackasm1(SB)
+	MOVD $1490, R12
+	B    callbackasm1(SB)
+	MOVD $1491, R12
+	B    callbackasm1(SB)
+	MOVD $1492, R12
+	B    callbackasm1(SB)
+	MOVD $1493, R12
+	B    callbackasm1(SB)
+	MOVD $1494, R12
+	B    callbackasm1(SB)
+	MOVD $1495, R12
+	B    callbackasm1(SB)
+	MOVD $1496, R12
+	B    callbackasm1(SB)
+	MOVD $1497, R12
+	B    callbackasm1(SB)
+	MOVD $1498, R12
+	B    callbackasm1(SB)
+	MOVD $1499, R12
+	B    callbackasm1(SB)
+	MOVD $1500, R12
+	B    callbackasm1(SB)
+	MOVD $1501, R12
+	B    callbackasm1(SB)
+	MOVD $1502, R12
+	B    callbackasm1(SB)
+	MOVD $1503, R12
+	B    callbackasm1(SB)
+	MOVD $1504, R12
+	B    callbackasm1(SB)
+	MOVD $1505, R12
+	B    callbackasm1(SB)
+	MOVD $1506, R12
+	B    callbackasm1(SB)
+	MOVD $1507, R12
+	B    callbackasm1(SB)
+	MOVD $1508, R12
+	B    callbackasm1(SB)
+	MOVD $1509, R12
+	B    callbackasm1(SB)
+	MOVD $1510, R12
+	B    callbackasm1(SB)
+	MOVD $1511, R12
+	B    callbackasm1(SB)
+	MOVD $1512, R12
+	B    callbackasm1(SB)
+	MOVD $1513, R12
+	B    callbackasm1(SB)
+	MOVD $1514, R12
+	B    callbackasm1(SB)
+	MOVD $1515, R12
+	B    callbackasm1(SB)
+	MOVD $1516, R12
+	B    callbackasm1(SB)
+	MOVD $1517, R12
+	B    callbackasm1(SB)
+	MOVD $1518, R12
+	B    callbackasm1(SB)
+	MOVD $1519, R12
+	B    callbackasm1(SB)
+	MOVD $1520, R12
+	B    callbackasm1(SB)
+	MOVD $1521, R12
+	B    callbackasm1(SB)
+	MOVD $1522, R12
+	B    callbackasm1(SB)
+	MOVD $1523, R12
+	B    callbackasm1(SB)
+	MOVD $1524, R12
+	B    callbackasm1(SB)
+	MOVD $1525, R12
+	B    callbackasm1(SB)
+	MOVD $1526, R12
+	B    callbackasm1(SB)
+	MOVD $1527, R12
+	B    callbackasm1(SB)
+	MOVD $1528, R12
+	B    callbackasm1(SB)
+	MOVD $1529, R12
+	B    callbackasm1(SB)
+	MOVD $1530, R12
+	B    callbackasm1(SB)
+	MOVD $1531, R12
+	B    callbackasm1(SB)
+	MOVD $1532, R12
+	B    callbackasm1(SB)
+	MOVD $1533, R12
+	B    callbackasm1(SB)
+	MOVD $1534, R12
+	B    callbackasm1(SB)
+	MOVD $1535, R12
+	B    callbackasm1(SB)
+	MOVD $1536, R12
+	B    callbackasm1(SB)
+	MOVD $1537, R12
+	B    callbackasm1(SB)
+	MOVD $1538, R12
+	B    callbackasm1(SB)
+	MOVD $1539, R12
+	B    callbackasm1(SB)
+	MOVD $1540, R12
+	B    callbackasm1(SB)
+	MOVD $1541, R12
+	B    callbackasm1(SB)
+	MOVD $1542, R12
+	B    callbackasm1(SB)
+	MOVD $1543, R12
+	B    callbackasm1(SB)
+	MOVD $1544, R12
+	B    callbackasm1(SB)
+	MOVD $1545, R12
+	B    callbackasm1(SB)
+	MOVD $1546, R12
+	B    callbackasm1(SB)
+	MOVD $1547, R12
+	B    callbackasm1(SB)
+	MOVD $1548, R12
+	B    callbackasm1(SB)
+	MOVD $1549, R12
+	B    callbackasm1(SB)
+	MOVD $1550, R12
+	B    callbackasm1(SB)
+	MOVD $1551, R12
+	B    callbackasm1(SB)
+	MOVD $1552, R12
+	B    callbackasm1(SB)
+	MOVD $1553, R12
+	B    callbackasm1(SB)
+	MOVD $1554, R12
+	B    callbackasm1(SB)
+	MOVD $1555, R12
+	B    callbackasm1(SB)
+	MOVD $1556, R12
+	B    callbackasm1(SB)
+	MOVD $1557, R12
+	B    callbackasm1(SB)
+	MOVD $1558, R12
+	B    callbackasm1(SB)
+	MOVD $1559, R12
+	B    callbackasm1(SB)
+	MOVD $1560, R12
+	B    callbackasm1(SB)
+	MOVD $1561, R12
+	B    callbackasm1(SB)
+	MOVD $1562, R12
+	B    callbackasm1(SB)
+	MOVD $1563, R12
+	B    callbackasm1(SB)
+	MOVD $1564, R12
+	B    callbackasm1(SB)
+	MOVD $1565, R12
+	B    callbackasm1(SB)
+	MOVD $1566, R12
+	B    callbackasm1(SB)
+	MOVD $1567, R12
+	B    callbackasm1(SB)
+	MOVD $1568, R12
+	B    callbackasm1(SB)
+	MOVD $1569, R12
+	B    callbackasm1(SB)
+	MOVD $1570, R12
+	B    callbackasm1(SB)
+	MOVD $1571, R12
+	B    callbackasm1(SB)
+	MOVD $1572, R12
+	B    callbackasm1(SB)
+	MOVD $1573, R12
+	B    callbackasm1(SB)
+	MOVD $1574, R12
+	B    callbackasm1(SB)
+	MOVD $1575, R12
+	B    callbackasm1(SB)
+	MOVD $1576, R12
+	B    callbackasm1(SB)
+	MOVD $1577, R12
+	B    callbackasm1(SB)
+	MOVD $1578, R12
+	B    callbackasm1(SB)
+	MOVD $1579, R12
+	B    callbackasm1(SB)
+	MOVD $1580, R12
+	B    callbackasm1(SB)
+	MOVD $1581, R12
+	B    callbackasm1(SB)
+	MOVD $1582, R12
+	B    callbackasm1(SB)
+	MOVD $1583, R12
+	B    callbackasm1(SB)
+	MOVD $1584, R12
+	B    callbackasm1(SB)
+	MOVD $1585, R12
+	B    callbackasm1(SB)
+	MOVD $1586, R12
+	B    callbackasm1(SB)
+	MOVD $1587, R12
+	B    callbackasm1(SB)
+	MOVD $1588, R12
+	B    callbackasm1(SB)
+	MOVD $1589, R12
+	B    callbackasm1(SB)
+	MOVD $1590, R12
+	B    callbackasm1(SB)
+	MOVD $1591, R12
+	B    callbackasm1(SB)
+	MOVD $1592, R12
+	B    callbackasm1(SB)
+	MOVD $1593, R12
+	B    callbackasm1(SB)
+	MOVD $1594, R12
+	B    callbackasm1(SB)
+	MOVD $1595, R12
+	B    callbackasm1(SB)
+	MOVD $1596, R12
+	B    callbackasm1(SB)
+	MOVD $1597, R12
+	B    callbackasm1(SB)
+	MOVD $1598, R12
+	B    callbackasm1(SB)
+	MOVD $1599, R12
+	B    callbackasm1(SB)
+	MOVD $1600, R12
+	B    callbackasm1(SB)
+	MOVD $1601, R12
+	B    callbackasm1(SB)
+	MOVD $1602, R12
+	B    callbackasm1(SB)
+	MOVD $1603, R12
+	B    callbackasm1(SB)
+	MOVD $1604, R12
+	B    callbackasm1(SB)
+	MOVD $1605, R12
+	B    callbackasm1(SB)
+	MOVD $1606, R12
+	B    callbackasm1(SB)
+	MOVD $1607, R12
+	B    callbackasm1(SB)
+	MOVD $1608, R12
+	B    callbackasm1(SB)
+	MOVD $1609, R12
+	B    callbackasm1(SB)
+	MOVD $1610, R12
+	B    callbackasm1(SB)
+	MOVD $1611, R12
+	B    callbackasm1(SB)
+	MOVD $1612, R12
+	B    callbackasm1(SB)
+	MOVD $1613, R12
+	B    callbackasm1(SB)
+	MOVD $1614, R12
+	B    callbackasm1(SB)
+	MOVD $1615, R12
+	B    callbackasm1(SB)
+	MOVD $1616, R12
+	B    callbackasm1(SB)
+	MOVD $1617, R12
+	B    callbackasm1(SB)
+	MOVD $1618, R12
+	B    callbackasm1(SB)
+	MOVD $1619, R12
+	B    callbackasm1(SB)
+	MOVD $1620, R12
+	B    callbackasm1(SB)
+	MOVD $1621, R12
+	B    callbackasm1(SB)
+	MOVD $1622, R12
+	B    callbackasm1(SB)
+	MOVD $1623, R12
+	B    callbackasm1(SB)
+	MOVD $1624, R12
+	B    callbackasm1(SB)
+	MOVD $1625, R12
+	B    callbackasm1(SB)
+	MOVD $1626, R12
+	B    callbackasm1(SB)
+	MOVD $1627, R12
+	B    callbackasm1(SB)
+	MOVD $1628, R12
+	B    callbackasm1(SB)
+	MOVD $1629, R12
+	B    callbackasm1(SB)
+	MOVD $1630, R12
+	B    callbackasm1(SB)
+	MOVD $1631, R12
+	B    callbackasm1(SB)
+	MOVD $1632, R12
+	B    callbackasm1(SB)
+	MOVD $1633, R12
+	B    callbackasm1(SB)
+	MOVD $1634, R12
+	B    callbackasm1(SB)
+	MOVD $1635, R12
+	B    callbackasm1(SB)
+	MOVD $1636, R12
+	B    callbackasm1(SB)
+	MOVD $1637, R12
+	B    callbackasm1(SB)
+	MOVD $1638, R12
+	B    callbackasm1(SB)
+	MOVD $1639, R12
+	B    callbackasm1(SB)
+	MOVD $1640, R12
+	B    callbackasm1(SB)
+	MOVD $1641, R12
+	B    callbackasm1(SB)
+	MOVD $1642, R12
+	B    callbackasm1(SB)
+	MOVD $1643, R12
+	B    callbackasm1(SB)
+	MOVD $1644, R12
+	B    callbackasm1(SB)
+	MOVD $1645, R12
+	B    callbackasm1(SB)
+	MOVD $1646, R12
+	B    callbackasm1(SB)
+	MOVD $1647, R12
+	B    callbackasm1(SB)
+	MOVD $1648, R12
+	B    callbackasm1(SB)
+	MOVD $1649, R12
+	B    callbackasm1(SB)
+	MOVD $1650, R12
+	B    callbackasm1(SB)
+	MOVD $1651, R12
+	B    callbackasm1(SB)
+	MOVD $1652, R12
+	B    callbackasm1(SB)
+	MOVD $1653, R12
+	B    callbackasm1(SB)
+	MOVD $1654, R12
+	B    callbackasm1(SB)
+	MOVD $1655, R12
+	B    callbackasm1(SB)
+	MOVD $1656, R12
+	B    callbackasm1(SB)
+	MOVD $1657, R12
+	B    callbackasm1(SB)
+	MOVD $1658, R12
+	B    callbackasm1(SB)
+	MOVD $1659, R12
+	B    callbackasm1(SB)
+	MOVD $1660, R12
+	B    callbackasm1(SB)
+	MOVD $1661, R12
+	B    callbackasm1(SB)
+	MOVD $1662, R12
+	B    callbackasm1(SB)
+	MOVD $1663, R12
+	B    callbackasm1(SB)
+	MOVD $1664, R12
+	B    callbackasm1(SB)
+	MOVD $1665, R12
+	B    callbackasm1(SB)
+	MOVD $1666, R12
+	B    callbackasm1(SB)
+	MOVD $1667, R12
+	B    callbackasm1(SB)
+	MOVD $1668, R12
+	B    callbackasm1(SB)
+	MOVD $1669, R12
+	B    callbackasm1(SB)
+	MOVD $1670, R12
+	B    callbackasm1(SB)
+	MOVD $1671, R12
+	B    callbackasm1(SB)
+	MOVD $1672, R12
+	B    callbackasm1(SB)
+	MOVD $1673, R12
+	B    callbackasm1(SB)
+	MOVD $1674, R12
+	B    callbackasm1(SB)
+	MOVD $1675, R12
+	B    callbackasm1(SB)
+	MOVD $1676, R12
+	B    callbackasm1(SB)
+	MOVD $1677, R12
+	B    callbackasm1(SB)
+	MOVD $1678, R12
+	B    callbackasm1(SB)
+	MOVD $1679, R12
+	B    callbackasm1(SB)
+	MOVD $1680, R12
+	B    callbackasm1(SB)
+	MOVD $1681, R12
+	B    callbackasm1(SB)
+	MOVD $1682, R12
+	B    callbackasm1(SB)
+	MOVD $1683, R12
+	B    callbackasm1(SB)
+	MOVD $1684, R12
+	B    callbackasm1(SB)
+	MOVD $1685, R12
+	B    callbackasm1(SB)
+	MOVD $1686, R12
+	B    callbackasm1(SB)
+	MOVD $1687, R12
+	B    callbackasm1(SB)
+	MOVD $1688, R12
+	B    callbackasm1(SB)
+	MOVD $1689, R12
+	B    callbackasm1(SB)
+	MOVD $1690, R12
+	B    callbackasm1(SB)
+	MOVD $1691, R12
+	B    callbackasm1(SB)
+	MOVD $1692, R12
+	B    callbackasm1(SB)
+	MOVD $1693, R12
+	B    callbackasm1(SB)
+	MOVD $1694, R12
+	B    callbackasm1(SB)
+	MOVD $1695, R12
+	B    callbackasm1(SB)
+	MOVD $1696, R12
+	B    callbackasm1(SB)
+	MOVD $1697, R12
+	B    callbackasm1(SB)
+	MOVD $1698, R12
+	B    callbackasm1(SB)
+	MOVD $1699, R12
+	B    callbackasm1(SB)
+	MOVD $1700, R12
+	B    callbackasm1(SB)
+	MOVD $1701, R12
+	B    callbackasm1(SB)
+	MOVD $1702, R12
+	B    callbackasm1(SB)
+	MOVD $1703, R12
+	B    callbackasm1(SB)
+	MOVD $1704, R12
+	B    callbackasm1(SB)
+	MOVD $1705, R12
+	B    callbackasm1(SB)
+	MOVD $1706, R12
+	B    callbackasm1(SB)
+	MOVD $1707, R12
+	B    callbackasm1(SB)
+	MOVD $1708, R12
+	B    callbackasm1(SB)
+	MOVD $1709, R12
+	B    callbackasm1(SB)
+	MOVD $1710, R12
+	B    callbackasm1(SB)
+	MOVD $1711, R12
+	B    callbackasm1(SB)
+	MOVD $1712, R12
+	B    callbackasm1(SB)
+	MOVD $1713, R12
+	B    callbackasm1(SB)
+	MOVD $1714, R12
+	B    callbackasm1(SB)
+	MOVD $1715, R12
+	B    callbackasm1(SB)
+	MOVD $1716, R12
+	B    callbackasm1(SB)
+	MOVD $1717, R12
+	B    callbackasm1(SB)
+	MOVD $1718, R12
+	B    callbackasm1(SB)
+	MOVD $1719, R12
+	B    callbackasm1(SB)
+	MOVD $1720, R12
+	B    callbackasm1(SB)
+	MOVD $1721, R12
+	B    callbackasm1(SB)
+	MOVD $1722, R12
+	B    callbackasm1(SB)
+	MOVD $1723, R12
+	B    callbackasm1(SB)
+	MOVD $1724, R12
+	B    callbackasm1(SB)
+	MOVD $1725, R12
+	B    callbackasm1(SB)
+	MOVD $1726, R12
+	B    callbackasm1(SB)
+	MOVD $1727, R12
+	B    callbackasm1(SB)
+	MOVD $1728, R12
+	B    callbackasm1(SB)
+	MOVD $1729, R12
+	B    callbackasm1(SB)
+	MOVD $1730, R12
+	B    callbackasm1(SB)
+	MOVD $1731, R12
+	B    callbackasm1(SB)
+	MOVD $1732, R12
+	B    callbackasm1(SB)
+	MOVD $1733, R12
+	B    callbackasm1(SB)
+	MOVD $1734, R12
+	B    callbackasm1(SB)
+	MOVD $1735, R12
+	B    callbackasm1(SB)
+	MOVD $1736, R12
+	B    callbackasm1(SB)
+	MOVD $1737, R12
+	B    callbackasm1(SB)
+	MOVD $1738, R12
+	B    callbackasm1(SB)
+	MOVD $1739, R12
+	B    callbackasm1(SB)
+	MOVD $1740, R12
+	B    callbackasm1(SB)
+	MOVD $1741, R12
+	B    callbackasm1(SB)
+	MOVD $1742, R12
+	B    callbackasm1(SB)
+	MOVD $1743, R12
+	B    callbackasm1(SB)
+	MOVD $1744, R12
+	B    callbackasm1(SB)
+	MOVD $1745, R12
+	B    callbackasm1(SB)
+	MOVD $1746, R12
+	B    callbackasm1(SB)
+	MOVD $1747, R12
+	B    callbackasm1(SB)
+	MOVD $1748, R12
+	B    callbackasm1(SB)
+	MOVD $1749, R12
+	B    callbackasm1(SB)
+	MOVD $1750, R12
+	B    callbackasm1(SB)
+	MOVD $1751, R12
+	B    callbackasm1(SB)
+	MOVD $1752, R12
+	B    callbackasm1(SB)
+	MOVD $1753, R12
+	B    callbackasm1(SB)
+	MOVD $1754, R12
+	B    callbackasm1(SB)
+	MOVD $1755, R12
+	B    callbackasm1(SB)
+	MOVD $1756, R12
+	B    callbackasm1(SB)
+	MOVD $1757, R12
+	B    callbackasm1(SB)
+	MOVD $1758, R12
+	B    callbackasm1(SB)
+	MOVD $1759, R12
+	B    callbackasm1(SB)
+	MOVD $1760, R12
+	B    callbackasm1(SB)
+	MOVD $1761, R12
+	B    callbackasm1(SB)
+	MOVD $1762, R12
+	B    callbackasm1(SB)
+	MOVD $1763, R12
+	B    callbackasm1(SB)
+	MOVD $1764, R12
+	B    callbackasm1(SB)
+	MOVD $1765, R12
+	B    callbackasm1(SB)
+	MOVD $1766, R12
+	B    callbackasm1(SB)
+	MOVD $1767, R12
+	B    callbackasm1(SB)
+	MOVD $1768, R12
+	B    callbackasm1(SB)
+	MOVD $1769, R12
+	B    callbackasm1(SB)
+	MOVD $1770, R12
+	B    callbackasm1(SB)
+	MOVD $1771, R12
+	B    callbackasm1(SB)
+	MOVD $1772, R12
+	B    callbackasm1(SB)
+	MOVD $1773, R12
+	B    callbackasm1(SB)
+	MOVD $1774, R12
+	B    callbackasm1(SB)
+	MOVD $1775, R12
+	B    callbackasm1(SB)
+	MOVD $1776, R12
+	B    callbackasm1(SB)
+	MOVD $1777, R12
+	B    callbackasm1(SB)
+	MOVD $1778, R12
+	B    callbackasm1(SB)
+	MOVD $1779, R12
+	B    callbackasm1(SB)
+	MOVD $1780, R12
+	B    callbackasm1(SB)
+	MOVD $1781, R12
+	B    callbackasm1(SB)
+	MOVD $1782, R12
+	B    callbackasm1(SB)
+	MOVD $1783, R12
+	B    callbackasm1(SB)
+	MOVD $1784, R12
+	B    callbackasm1(SB)
+	MOVD $1785, R12
+	B    callbackasm1(SB)
+	MOVD $1786, R12
+	B    callbackasm1(SB)
+	MOVD $1787, R12
+	B    callbackasm1(SB)
+	MOVD $1788, R12
+	B    callbackasm1(SB)
+	MOVD $1789, R12
+	B    callbackasm1(SB)
+	MOVD $1790, R12
+	B    callbackasm1(SB)
+	MOVD $1791, R12
+	B    callbackasm1(SB)
+	MOVD $1792, R12
+	B    callbackasm1(SB)
+	MOVD $1793, R12
+	B    callbackasm1(SB)
+	MOVD $1794, R12
+	B    callbackasm1(SB)
+	MOVD $1795, R12
+	B    callbackasm1(SB)
+	MOVD $1796, R12
+	B    callbackasm1(SB)
+	MOVD $1797, R12
+	B    callbackasm1(SB)
+	MOVD $1798, R12
+	B    callbackasm1(SB)
+	MOVD $1799, R12
+	B    callbackasm1(SB)
+	MOVD $1800, R12
+	B    callbackasm1(SB)
+	MOVD $1801, R12
+	B    callbackasm1(SB)
+	MOVD $1802, R12
+	B    callbackasm1(SB)
+	MOVD $1803, R12
+	B    callbackasm1(SB)
+	MOVD $1804, R12
+	B    callbackasm1(SB)
+	MOVD $1805, R12
+	B    callbackasm1(SB)
+	MOVD $1806, R12
+	B    callbackasm1(SB)
+	MOVD $1807, R12
+	B    callbackasm1(SB)
+	MOVD $1808, R12
+	B    callbackasm1(SB)
+	MOVD $1809, R12
+	B    callbackasm1(SB)
+	MOVD $1810, R12
+	B    callbackasm1(SB)
+	MOVD $1811, R12
+	B    callbackasm1(SB)
+	MOVD $1812, R12
+	B    callbackasm1(SB)
+	MOVD $1813, R12
+	B    callbackasm1(SB)
+	MOVD $1814, R12
+	B    callbackasm1(SB)
+	MOVD $1815, R12
+	B    callbackasm1(SB)
+	MOVD $1816, R12
+	B    callbackasm1(SB)
+	MOVD $1817, R12
+	B    callbackasm1(SB)
+	MOVD $1818, R12
+	B    callbackasm1(SB)
+	MOVD $1819, R12
+	B    callbackasm1(SB)
+	MOVD $1820, R12
+	B    callbackasm1(SB)
+	MOVD $1821, R12
+	B    callbackasm1(SB)
+	MOVD $1822, R12
+	B    callbackasm1(SB)
+	MOVD $1823, R12
+	B    callbackasm1(SB)
+	MOVD $1824, R12
+	B    callbackasm1(SB)
+	MOVD $1825, R12
+	B    callbackasm1(SB)
+	MOVD $1826, R12
+	B    callbackasm1(SB)
+	MOVD $1827, R12
+	B    callbackasm1(SB)
+	MOVD $1828, R12
+	B    callbackasm1(SB)
+	MOVD $1829, R12
+	B    callbackasm1(SB)
+	MOVD $1830, R12
+	B    callbackasm1(SB)
+	MOVD $1831, R12
+	B    callbackasm1(SB)
+	MOVD $1832, R12
+	B    callbackasm1(SB)
+	MOVD $1833, R12
+	B    callbackasm1(SB)
+	MOVD $1834, R12
+	B    callbackasm1(SB)
+	MOVD $1835, R12
+	B    callbackasm1(SB)
+	MOVD $1836, R12
+	B    callbackasm1(SB)
+	MOVD $1837, R12
+	B    callbackasm1(SB)
+	MOVD $1838, R12
+	B    callbackasm1(SB)
+	MOVD $1839, R12
+	B    callbackasm1(SB)
+	MOVD $1840, R12
+	B    callbackasm1(SB)
+	MOVD $1841, R12
+	B    callbackasm1(SB)
+	MOVD $1842, R12
+	B    callbackasm1(SB)
+	MOVD $1843, R12
+	B    callbackasm1(SB)
+	MOVD $1844, R12
+	B    callbackasm1(SB)
+	MOVD $1845, R12
+	B    callbackasm1(SB)
+	MOVD $1846, R12
+	B    callbackasm1(SB)
+	MOVD $1847, R12
+	B    callbackasm1(SB)
+	MOVD $1848, R12
+	B    callbackasm1(SB)
+	MOVD $1849, R12
+	B    callbackasm1(SB)
+	MOVD $1850, R12
+	B    callbackasm1(SB)
+	MOVD $1851, R12
+	B    callbackasm1(SB)
+	MOVD $1852, R12
+	B    callbackasm1(SB)
+	MOVD $1853, R12
+	B    callbackasm1(SB)
+	MOVD $1854, R12
+	B    callbackasm1(SB)
+	MOVD $1855, R12
+	B    callbackasm1(SB)
+	MOVD $1856, R12
+	B    callbackasm1(SB)
+	MOVD $1857, R12
+	B    callbackasm1(SB)
+	MOVD $1858, R12
+	B    callbackasm1(SB)
+	MOVD $1859, R12
+	B    callbackasm1(SB)
+	MOVD $1860, R12
+	B    callbackasm1(SB)
+	MOVD $1861, R12
+	B    callbackasm1(SB)
+	MOVD $1862, R12
+	B    callbackasm1(SB)
+	MOVD $1863, R12
+	B    callbackasm1(SB)
+	MOVD $1864, R12
+	B    callbackasm1(SB)
+	MOVD $1865, R12
+	B    callbackasm1(SB)
+	MOVD $1866, R12
+	B    callbackasm1(SB)
+	MOVD $1867, R12
+	B    callbackasm1(SB)
+	MOVD $1868, R12
+	B    callbackasm1(SB)
+	MOVD $1869, R12
+	B    callbackasm1(SB)
+	MOVD $1870, R12
+	B    callbackasm1(SB)
+	MOVD $1871, R12
+	B    callbackasm1(SB)
+	MOVD $1872, R12
+	B    callbackasm1(SB)
+	MOVD $1873, R12
+	B    callbackasm1(SB)
+	MOVD $1874, R12
+	B    callbackasm1(SB)
+	MOVD $1875, R12
+	B    callbackasm1(SB)
+	MOVD $1876, R12
+	B    callbackasm1(SB)
+	MOVD $1877, R12
+	B    callbackasm1(SB)
+	MOVD $1878, R12
+	B    callbackasm1(SB)
+	MOVD $1879, R12
+	B    callbackasm1(SB)
+	MOVD $1880, R12
+	B    callbackasm1(SB)
+	MOVD $1881, R12
+	B    callbackasm1(SB)
+	MOVD $1882, R12
+	B    callbackasm1(SB)
+	MOVD $1883, R12
+	B    callbackasm1(SB)
+	MOVD $1884, R12
+	B    callbackasm1(SB)
+	MOVD $1885, R12
+	B    callbackasm1(SB)
+	MOVD $1886, R12
+	B    callbackasm1(SB)
+	MOVD $1887, R12
+	B    callbackasm1(SB)
+	MOVD $1888, R12
+	B    callbackasm1(SB)
+	MOVD $1889, R12
+	B    callbackasm1(SB)
+	MOVD $1890, R12
+	B    callbackasm1(SB)
+	MOVD $1891, R12
+	B    callbackasm1(SB)
+	MOVD $1892, R12
+	B    callbackasm1(SB)
+	MOVD $1893, R12
+	B    callbackasm1(SB)
+	MOVD $1894, R12
+	B    callbackasm1(SB)
+	MOVD $1895, R12
+	B    callbackasm1(SB)
+	MOVD $1896, R12
+	B    callbackasm1(SB)
+	MOVD $1897, R12
+	B    callbackasm1(SB)
+	MOVD $1898, R12
+	B    callbackasm1(SB)
+	MOVD $1899, R12
+	B    callbackasm1(SB)
+	MOVD $1900, R12
+	B    callbackasm1(SB)
+	MOVD $1901, R12
+	B    callbackasm1(SB)
+	MOVD $1902, R12
+	B    callbackasm1(SB)
+	MOVD $1903, R12
+	B    callbackasm1(SB)
+	MOVD $1904, R12
+	B    callbackasm1(SB)
+	MOVD $1905, R12
+	B    callbackasm1(SB)
+	MOVD $1906, R12
+	B    callbackasm1(SB)
+	MOVD $1907, R12
+	B    callbackasm1(SB)
+	MOVD $1908, R12
+	B    callbackasm1(SB)
+	MOVD $1909, R12
+	B    callbackasm1(SB)
+	MOVD $1910, R12
+	B    callbackasm1(SB)
+	MOVD $1911, R12
+	B    callbackasm1(SB)
+	MOVD $1912, R12
+	B    callbackasm1(SB)
+	MOVD $1913, R12
+	B    callbackasm1(SB)
+	MOVD $1914, R12
+	B    callbackasm1(SB)
+	MOVD $1915, R12
+	B    callbackasm1(SB)
+	MOVD $1916, R12
+	B    callbackasm1(SB)
+	MOVD $1917, R12
+	B    callbackasm1(SB)
+	MOVD $1918, R12
+	B    callbackasm1(SB)
+	MOVD $1919, R12
+	B    callbackasm1(SB)
+	MOVD $1920, R12
+	B    callbackasm1(SB)
+	MOVD $1921, R12
+	B    callbackasm1(SB)
+	MOVD $1922, R12
+	B    callbackasm1(SB)
+	MOVD $1923, R12
+	B    callbackasm1(SB)
+	MOVD $1924, R12
+	B    callbackasm1(SB)
+	MOVD $1925, R12
+	B    callbackasm1(SB)
+	MOVD $1926, R12
+	B    callbackasm1(SB)
+	MOVD $1927, R12
+	B    callbackasm1(SB)
+	MOVD $1928, R12
+	B    callbackasm1(SB)
+	MOVD $1929, R12
+	B    callbackasm1(SB)
+	MOVD $1930, R12
+	B    callbackasm1(SB)
+	MOVD $1931, R12
+	B    callbackasm1(SB)
+	MOVD $1932, R12
+	B    callbackasm1(SB)
+	MOVD $1933, R12
+	B    callbackasm1(SB)
+	MOVD $1934, R12
+	B    callbackasm1(SB)
+	MOVD $1935, R12
+	B    callbackasm1(SB)
+	MOVD $1936, R12
+	B    callbackasm1(SB)
+	MOVD $1937, R12
+	B    callbackasm1(SB)
+	MOVD $1938, R12
+	B    callbackasm1(SB)
+	MOVD $1939, R12
+	B    callbackasm1(SB)
+	MOVD $1940, R12
+	B    callbackasm1(SB)
+	MOVD $1941, R12
+	B    callbackasm1(SB)
+	MOVD $1942, R12
+	B    callbackasm1(SB)
+	MOVD $1943, R12
+	B    callbackasm1(SB)
+	MOVD $1944, R12
+	B    callbackasm1(SB)
+	MOVD $1945, R12
+	B    callbackasm1(SB)
+	MOVD $1946, R12
+	B    callbackasm1(SB)
+	MOVD $1947, R12
+	B    callbackasm1(SB)
+	MOVD $1948, R12
+	B    callbackasm1(SB)
+	MOVD $1949, R12
+	B    callbackasm1(SB)
+	MOVD $1950, R12
+	B    callbackasm1(SB)
+	MOVD $1951, R12
+	B    callbackasm1(SB)
+	MOVD $1952, R12
+	B    callbackasm1(SB)
+	MOVD $1953, R12
+	B    callbackasm1(SB)
+	MOVD $1954, R12
+	B    callbackasm1(SB)
+	MOVD $1955, R12
+	B    callbackasm1(SB)
+	MOVD $1956, R12
+	B    callbackasm1(SB)
+	MOVD $1957, R12
+	B    callbackasm1(SB)
+	MOVD $1958, R12
+	B    callbackasm1(SB)
+	MOVD $1959, R12
+	B    callbackasm1(SB)
+	MOVD $1960, R12
+	B    callbackasm1(SB)
+	MOVD $1961, R12
+	B    callbackasm1(SB)
+	MOVD $1962, R12
+	B    callbackasm1(SB)
+	MOVD $1963, R12
+	B    callbackasm1(SB)
+	MOVD $1964, R12
+	B    callbackasm1(SB)
+	MOVD $1965, R12
+	B    callbackasm1(SB)
+	MOVD $1966, R12
+	B    callbackasm1(SB)
+	MOVD $1967, R12
+	B    callbackasm1(SB)
+	MOVD $1968, R12
+	B    callbackasm1(SB)
+	MOVD $1969, R12
+	B    callbackasm1(SB)
+	MOVD $1970, R12
+	B    callbackasm1(SB)
+	MOVD $1971, R12
+	B    callbackasm1(SB)
+	MOVD $1972, R12
+	B    callbackasm1(SB)
+	MOVD $1973, R12
+	B    callbackasm1(SB)
+	MOVD $1974, R12
+	B    callbackasm1(SB)
+	MOVD $1975, R12
+	B    callbackasm1(SB)
+	MOVD $1976, R12
+	B    callbackasm1(SB)
+	MOVD $1977, R12
+	B    callbackasm1(SB)
+	MOVD $1978, R12
+	B    callbackasm1(SB)
+	MOVD $1979, R12
+	B    callbackasm1(SB)
+	MOVD $1980, R12
+	B    callbackasm1(SB)
+	MOVD $1981, R12
+	B    callbackasm1(SB)
+	MOVD $1982, R12
+	B    callbackasm1(SB)
+	MOVD $1983, R12
+	B    callbackasm1(SB)
+	MOVD $1984, R12
+	B    callbackasm1(SB)
+	MOVD $1985, R12
+	B    callbackasm1(SB)
+	MOVD $1986, R12
+	B    callbackasm1(SB)
+	MOVD $1987, R12
+	B    callbackasm1(SB)
+	MOVD $1988, R12
+	B    callbackasm1(SB)
+	MOVD $1989, R12
+	B    callbackasm1(SB)
+	MOVD $1990, R12
+	B    callbackasm1(SB)
+	MOVD $1991, R12
+	B    callbackasm1(SB)
+	MOVD $1992, R12
+	B    callbackasm1(SB)
+	MOVD $1993, R12
+	B    callbackasm1(SB)
+	MOVD $1994, R12
+	B    callbackasm1(SB)
+	MOVD $1995, R12
+	B    callbackasm1(SB)
+	MOVD $1996, R12
+	B    callbackasm1(SB)
+	MOVD $1997, R12
+	B    callbackasm1(SB)
+	MOVD $1998, R12
+	B    callbackasm1(SB)
+	MOVD $1999, R12
+	B    callbackasm1(SB)
diff --git a/vendor/github.com/emicklei/go-restful/v3/CHANGES.md b/vendor/github.com/emicklei/go-restful/v3/CHANGES.md
index 02a73ccfd..5edd5a7ca 100644
--- a/vendor/github.com/emicklei/go-restful/v3/CHANGES.md
+++ b/vendor/github.com/emicklei/go-restful/v3/CHANGES.md
@@ -1,6 +1,15 @@
 # Change history of go-restful
 
-## [v3.10.1] - 2022-11-19
+## [v3.11.0] - 2023-08-19
+
+- restored behavior as <= v3.9.0 with option to change path strategy using TrimRightSlashEnabled. 
+
+## [v3.10.2] - 2023-03-09 - DO NOT USE
+
+- introduced MergePathStrategy to be able to revert behaviour of path concatenation to 3.9.0
+  see comment in Readme how to customize this behaviour.
+
+## [v3.10.1] - 2022-11-19 - DO NOT USE
 
 - fix broken 3.10.0 by using path package for joining paths
 
diff --git a/vendor/github.com/emicklei/go-restful/v3/README.md b/vendor/github.com/emicklei/go-restful/v3/README.md
index 0625359dc..e3e30080e 100644
--- a/vendor/github.com/emicklei/go-restful/v3/README.md
+++ b/vendor/github.com/emicklei/go-restful/v3/README.md
@@ -79,7 +79,7 @@ func (u UserResource) findUser(request *restful.Request, response *restful.Respo
 - Content encoding (gzip,deflate) of request and response payloads
 - Automatic responses on OPTIONS (using a filter)
 - Automatic CORS request handling (using a filter)
-- API declaration for Swagger UI ([go-restful-openapi](https://github.com/emicklei/go-restful-openapi), see [go-restful-swagger12](https://github.com/emicklei/go-restful-swagger12))
+- API declaration for Swagger UI ([go-restful-openapi](https://github.com/emicklei/go-restful-openapi))
 - Panic recovery to produce HTTP 500, customizable using RecoverHandler(...)
 - Route errors produce HTTP 404/405/406/415 errors, customizable using ServiceErrorHandler(...)
 - Configurable (trace) logging
@@ -96,6 +96,7 @@ There are several hooks to customize the behavior of the go-restful package.
 - Compression
 - Encoders for other serializers
 - Use [jsoniter](https://github.com/json-iterator/go) by building this package using a build tag, e.g. `go build -tags=jsoniter .` 
+- Use the package variable `TrimRightSlashEnabled` (default true) to control the behavior of matching routes that end with a slash `/` 
 
 ## Resources
 
@@ -108,4 +109,4 @@ There are several hooks to customize the behavior of the go-restful package.
 
 Type ```git shortlog -s``` for a full list of contributors.
 
-© 2012 - 2022, http://ernestmicklei.com. MIT License. Contributions are welcome.
+© 2012 - 2023, http://ernestmicklei.com. MIT License. Contributions are welcome.
diff --git a/vendor/github.com/emicklei/go-restful/v3/route.go b/vendor/github.com/emicklei/go-restful/v3/route.go
index ea05b3da8..306c44be7 100644
--- a/vendor/github.com/emicklei/go-restful/v3/route.go
+++ b/vendor/github.com/emicklei/go-restful/v3/route.go
@@ -40,7 +40,8 @@ type Route struct {
 	ParameterDocs           []*Parameter
 	ResponseErrors          map[int]ResponseError
 	DefaultResponse         *ResponseError
-	ReadSample, WriteSample interface{} // structs that model an example request or response payload
+	ReadSample, WriteSample interface{}   // structs that model an example request or response payload
+	WriteSamples            []interface{} // if more than one return types is possible (oneof) then this will contain multiple values
 
 	// Extra information used to store custom information about the route.
 	Metadata map[string]interface{}
@@ -164,7 +165,13 @@ func tokenizePath(path string) []string {
 	if "/" == path {
 		return nil
 	}
-	return strings.Split(strings.TrimLeft(path, "/"), "/")
+	if TrimRightSlashEnabled {
+		// 3.9.0
+		return strings.Split(strings.Trim(path, "/"), "/")
+	} else {
+		// 3.10.2
+		return strings.Split(strings.TrimLeft(path, "/"), "/")
+	}
 }
 
 // for debugging
@@ -177,4 +184,8 @@ func (r *Route) EnableContentEncoding(enabled bool) {
 	r.contentEncodingEnabled = &enabled
 }
 
-var TrimRightSlashEnabled = false
+// TrimRightSlashEnabled controls whether
+// - path on route building is using path.Join
+// - the path of the incoming request is trimmed of its slash suffux.
+// Value of true matches the behavior of <= 3.9.0
+var TrimRightSlashEnabled = true
diff --git a/vendor/github.com/emicklei/go-restful/v3/route_builder.go b/vendor/github.com/emicklei/go-restful/v3/route_builder.go
index 830ebf148..75168c12e 100644
--- a/vendor/github.com/emicklei/go-restful/v3/route_builder.go
+++ b/vendor/github.com/emicklei/go-restful/v3/route_builder.go
@@ -31,17 +31,18 @@ type RouteBuilder struct {
 	typeNameHandleFunc TypeNameHandleFunction // required
 
 	// documentation
-	doc                     string
-	notes                   string
-	operation               string
-	readSample, writeSample interface{}
-	parameters              []*Parameter
-	errorMap                map[int]ResponseError
-	defaultResponse         *ResponseError
-	metadata                map[string]interface{}
-	extensions              map[string]interface{}
-	deprecated              bool
-	contentEncodingEnabled  *bool
+	doc                    string
+	notes                  string
+	operation              string
+	readSample             interface{}
+	writeSamples           []interface{}
+	parameters             []*Parameter
+	errorMap               map[int]ResponseError
+	defaultResponse        *ResponseError
+	metadata               map[string]interface{}
+	extensions             map[string]interface{}
+	deprecated             bool
+	contentEncodingEnabled *bool
 }
 
 // Do evaluates each argument with the RouteBuilder itself.
@@ -135,9 +136,9 @@ func (b RouteBuilder) ParameterNamed(name string) (p *Parameter) {
 	return p
 }
 
-// Writes tells what resource type will be written as the response payload. Optional.
-func (b *RouteBuilder) Writes(sample interface{}) *RouteBuilder {
-	b.writeSample = sample
+// Writes tells which one of the resource types will be written as the response payload. Optional.
+func (b *RouteBuilder) Writes(samples ...interface{}) *RouteBuilder {
+	b.writeSamples = samples // oneof
 	return b
 }
 
@@ -342,19 +343,29 @@ func (b *RouteBuilder) Build() Route {
 		ResponseErrors:                   b.errorMap,
 		DefaultResponse:                  b.defaultResponse,
 		ReadSample:                       b.readSample,
-		WriteSample:                      b.writeSample,
+		WriteSamples:                     b.writeSamples,
 		Metadata:                         b.metadata,
 		Deprecated:                       b.deprecated,
 		contentEncodingEnabled:           b.contentEncodingEnabled,
 		allowedMethodsWithoutContentType: b.allowedMethodsWithoutContentType,
 	}
+	// set WriteSample if one specified
+	if len(b.writeSamples) == 1 {
+		route.WriteSample = b.writeSamples[0]
+	}
 	route.Extensions = b.extensions
 	route.postBuild()
 	return route
 }
 
-func concatPath(path1, path2 string) string {
-	return path.Join(path1, path2)
+// merge two paths using the current (package global) merge path strategy.
+func concatPath(rootPath, routePath string) string {
+
+	if TrimRightSlashEnabled {
+		return strings.TrimRight(rootPath, "/") + "/" + strings.TrimLeft(routePath, "/")
+	} else {
+		return path.Join(rootPath, routePath)
+	}
 }
 
 var anonymousFuncCount int32
diff --git a/vendor/github.com/fatih/color/README.md b/vendor/github.com/fatih/color/README.md
index 5152bf59b..be82827ca 100644
--- a/vendor/github.com/fatih/color/README.md
+++ b/vendor/github.com/fatih/color/README.md
@@ -7,7 +7,6 @@ suits you.
 
 ![Color](https://user-images.githubusercontent.com/438920/96832689-03b3e000-13f4-11eb-9803-46f4c4de3406.jpg)
 
-
 ## Install
 
 ```bash
@@ -124,17 +123,17 @@ fmt.Println("All text will now be bold magenta.")
 ```
 
 ### Disable/Enable color
- 
+
 There might be a case where you want to explicitly disable/enable color output. the 
 `go-isatty` package will automatically disable color output for non-tty output streams 
 (for example if the output were piped directly to `less`).
 
 The `color` package also disables color output if the [`NO_COLOR`](https://no-color.org) environment
-variable is set (regardless of its value).
+variable is set to a non-empty string.
 
-`Color` has support to disable/enable colors programatically both globally and
+`Color` has support to disable/enable colors programmatically both globally and
 for single color definitions. For example suppose you have a CLI app and a
-`--no-color` bool flag. You can easily disable the color output with:
+`-no-color` bool flag. You can easily disable the color output with:
 
 ```go
 var flagNoColor = flag.Bool("no-color", false, "Disable color output")
@@ -167,11 +166,10 @@ To output color in GitHub Actions (or other CI systems that support ANSI colors)
 * Save/Return previous values
 * Evaluate fmt.Formatter interface
 
-
 ## Credits
 
- * [Fatih Arslan](https://github.com/fatih)
- * Windows support via @mattn: [colorable](https://github.com/mattn/go-colorable)
+* [Fatih Arslan](https://github.com/fatih)
+* Windows support via @mattn: [colorable](https://github.com/mattn/go-colorable)
 
 ## License
 
diff --git a/vendor/github.com/fatih/color/color.go b/vendor/github.com/fatih/color/color.go
index 98a60f3c8..889f9e77b 100644
--- a/vendor/github.com/fatih/color/color.go
+++ b/vendor/github.com/fatih/color/color.go
@@ -19,10 +19,10 @@ var (
 	// set (regardless of its value). This is a global option and affects all
 	// colors. For more control over each color block use the methods
 	// DisableColor() individually.
-	NoColor = noColorExists() || os.Getenv("TERM") == "dumb" ||
+	NoColor = noColorIsSet() || os.Getenv("TERM") == "dumb" ||
 		(!isatty.IsTerminal(os.Stdout.Fd()) && !isatty.IsCygwinTerminal(os.Stdout.Fd()))
 
-	// Output defines the standard output of the print functions. By default
+	// Output defines the standard output of the print functions. By default,
 	// os.Stdout is used.
 	Output = colorable.NewColorableStdout()
 
@@ -35,10 +35,9 @@ var (
 	colorsCacheMu sync.Mutex // protects colorsCache
 )
 
-// noColorExists returns true if the environment variable NO_COLOR exists.
-func noColorExists() bool {
-	_, exists := os.LookupEnv("NO_COLOR")
-	return exists
+// noColorIsSet returns true if the environment variable NO_COLOR is set to a non-empty string.
+func noColorIsSet() bool {
+	return os.Getenv("NO_COLOR") != ""
 }
 
 // Color defines a custom color object which is defined by SGR parameters.
@@ -120,7 +119,7 @@ func New(value ...Attribute) *Color {
 		params: make([]Attribute, 0),
 	}
 
-	if noColorExists() {
+	if noColorIsSet() {
 		c.noColor = boolPtr(true)
 	}
 
@@ -152,7 +151,7 @@ func (c *Color) Set() *Color {
 		return c
 	}
 
-	fmt.Fprintf(Output, c.format())
+	fmt.Fprint(Output, c.format())
 	return c
 }
 
@@ -164,16 +163,21 @@ func (c *Color) unset() {
 	Unset()
 }
 
-func (c *Color) setWriter(w io.Writer) *Color {
+// SetWriter is used to set the SGR sequence with the given io.Writer. This is
+// a low-level function, and users should use the higher-level functions, such
+// as color.Fprint, color.Print, etc.
+func (c *Color) SetWriter(w io.Writer) *Color {
 	if c.isNoColorSet() {
 		return c
 	}
 
-	fmt.Fprintf(w, c.format())
+	fmt.Fprint(w, c.format())
 	return c
 }
 
-func (c *Color) unsetWriter(w io.Writer) {
+// UnsetWriter resets all escape attributes and clears the output with the give
+// io.Writer. Usually should be called after SetWriter().
+func (c *Color) UnsetWriter(w io.Writer) {
 	if c.isNoColorSet() {
 		return
 	}
@@ -192,20 +196,14 @@ func (c *Color) Add(value ...Attribute) *Color {
 	return c
 }
 
-func (c *Color) prepend(value Attribute) {
-	c.params = append(c.params, 0)
-	copy(c.params[1:], c.params[0:])
-	c.params[0] = value
-}
-
 // Fprint formats using the default formats for its operands and writes to w.
 // Spaces are added between operands when neither is a string.
 // It returns the number of bytes written and any write error encountered.
 // On Windows, users should wrap w with colorable.NewColorable() if w is of
 // type *os.File.
 func (c *Color) Fprint(w io.Writer, a ...interface{}) (n int, err error) {
-	c.setWriter(w)
-	defer c.unsetWriter(w)
+	c.SetWriter(w)
+	defer c.UnsetWriter(w)
 
 	return fmt.Fprint(w, a...)
 }
@@ -227,8 +225,8 @@ func (c *Color) Print(a ...interface{}) (n int, err error) {
 // On Windows, users should wrap w with colorable.NewColorable() if w is of
 // type *os.File.
 func (c *Color) Fprintf(w io.Writer, format string, a ...interface{}) (n int, err error) {
-	c.setWriter(w)
-	defer c.unsetWriter(w)
+	c.SetWriter(w)
+	defer c.UnsetWriter(w)
 
 	return fmt.Fprintf(w, format, a...)
 }
@@ -248,8 +246,8 @@ func (c *Color) Printf(format string, a ...interface{}) (n int, err error) {
 // On Windows, users should wrap w with colorable.NewColorable() if w is of
 // type *os.File.
 func (c *Color) Fprintln(w io.Writer, a ...interface{}) (n int, err error) {
-	c.setWriter(w)
-	defer c.unsetWriter(w)
+	c.SetWriter(w)
+	defer c.UnsetWriter(w)
 
 	return fmt.Fprintln(w, a...)
 }
@@ -396,7 +394,7 @@ func (c *Color) DisableColor() {
 }
 
 // EnableColor enables the color output. Use it in conjunction with
-// DisableColor(). Otherwise this method has no side effects.
+// DisableColor(). Otherwise, this method has no side effects.
 func (c *Color) EnableColor() {
 	c.noColor = boolPtr(false)
 }
diff --git a/vendor/github.com/fatih/color/color_windows.go b/vendor/github.com/fatih/color/color_windows.go
new file mode 100644
index 000000000..be01c558e
--- /dev/null
+++ b/vendor/github.com/fatih/color/color_windows.go
@@ -0,0 +1,19 @@
+package color
+
+import (
+	"os"
+
+	"golang.org/x/sys/windows"
+)
+
+func init() {
+	// Opt-in for ansi color support for current process.
+	// https://learn.microsoft.com/en-us/windows/console/console-virtual-terminal-sequences#output-sequences
+	var outMode uint32
+	out := windows.Handle(os.Stdout.Fd())
+	if err := windows.GetConsoleMode(out, &outMode); err != nil {
+		return
+	}
+	outMode |= windows.ENABLE_PROCESSED_OUTPUT | windows.ENABLE_VIRTUAL_TERMINAL_PROCESSING
+	_ = windows.SetConsoleMode(out, outMode)
+}
diff --git a/vendor/github.com/fatih/color/doc.go b/vendor/github.com/fatih/color/doc.go
index 04541de78..9491ad541 100644
--- a/vendor/github.com/fatih/color/doc.go
+++ b/vendor/github.com/fatih/color/doc.go
@@ -5,106 +5,105 @@ that suits you.
 
 Use simple and default helper functions with predefined foreground colors:
 
-    color.Cyan("Prints text in cyan.")
+	color.Cyan("Prints text in cyan.")
 
-    // a newline will be appended automatically
-    color.Blue("Prints %s in blue.", "text")
+	// a newline will be appended automatically
+	color.Blue("Prints %s in blue.", "text")
 
-    // More default foreground colors..
-    color.Red("We have red")
-    color.Yellow("Yellow color too!")
-    color.Magenta("And many others ..")
+	// More default foreground colors..
+	color.Red("We have red")
+	color.Yellow("Yellow color too!")
+	color.Magenta("And many others ..")
 
-    // Hi-intensity colors
-    color.HiGreen("Bright green color.")
-    color.HiBlack("Bright black means gray..")
-    color.HiWhite("Shiny white color!")
+	// Hi-intensity colors
+	color.HiGreen("Bright green color.")
+	color.HiBlack("Bright black means gray..")
+	color.HiWhite("Shiny white color!")
 
-However there are times where custom color mixes are required. Below are some
+However, there are times when custom color mixes are required. Below are some
 examples to create custom color objects and use the print functions of each
 separate color object.
 
-    // Create a new color object
-    c := color.New(color.FgCyan).Add(color.Underline)
-    c.Println("Prints cyan text with an underline.")
+	// Create a new color object
+	c := color.New(color.FgCyan).Add(color.Underline)
+	c.Println("Prints cyan text with an underline.")
 
-    // Or just add them to New()
-    d := color.New(color.FgCyan, color.Bold)
-    d.Printf("This prints bold cyan %s\n", "too!.")
+	// Or just add them to New()
+	d := color.New(color.FgCyan, color.Bold)
+	d.Printf("This prints bold cyan %s\n", "too!.")
 
 
-    // Mix up foreground and background colors, create new mixes!
-    red := color.New(color.FgRed)
+	// Mix up foreground and background colors, create new mixes!
+	red := color.New(color.FgRed)
 
-    boldRed := red.Add(color.Bold)
-    boldRed.Println("This will print text in bold red.")
+	boldRed := red.Add(color.Bold)
+	boldRed.Println("This will print text in bold red.")
 
-    whiteBackground := red.Add(color.BgWhite)
-    whiteBackground.Println("Red text with White background.")
+	whiteBackground := red.Add(color.BgWhite)
+	whiteBackground.Println("Red text with White background.")
 
-    // Use your own io.Writer output
-    color.New(color.FgBlue).Fprintln(myWriter, "blue color!")
+	// Use your own io.Writer output
+	color.New(color.FgBlue).Fprintln(myWriter, "blue color!")
 
-    blue := color.New(color.FgBlue)
-    blue.Fprint(myWriter, "This will print text in blue.")
+	blue := color.New(color.FgBlue)
+	blue.Fprint(myWriter, "This will print text in blue.")
 
 You can create PrintXxx functions to simplify even more:
 
-    // Create a custom print function for convenient
-    red := color.New(color.FgRed).PrintfFunc()
-    red("warning")
-    red("error: %s", err)
+	// Create a custom print function for convenient
+	red := color.New(color.FgRed).PrintfFunc()
+	red("warning")
+	red("error: %s", err)
 
-    // Mix up multiple attributes
-    notice := color.New(color.Bold, color.FgGreen).PrintlnFunc()
-    notice("don't forget this...")
+	// Mix up multiple attributes
+	notice := color.New(color.Bold, color.FgGreen).PrintlnFunc()
+	notice("don't forget this...")
 
 You can also FprintXxx functions to pass your own io.Writer:
 
-    blue := color.New(FgBlue).FprintfFunc()
-    blue(myWriter, "important notice: %s", stars)
-
-    // Mix up with multiple attributes
-    success := color.New(color.Bold, color.FgGreen).FprintlnFunc()
-    success(myWriter, don't forget this...")
+	blue := color.New(FgBlue).FprintfFunc()
+	blue(myWriter, "important notice: %s", stars)
 
+	// Mix up with multiple attributes
+	success := color.New(color.Bold, color.FgGreen).FprintlnFunc()
+	success(myWriter, don't forget this...")
 
 Or create SprintXxx functions to mix strings with other non-colorized strings:
 
-    yellow := New(FgYellow).SprintFunc()
-    red := New(FgRed).SprintFunc()
+	yellow := New(FgYellow).SprintFunc()
+	red := New(FgRed).SprintFunc()
 
-    fmt.Printf("this is a %s and this is %s.\n", yellow("warning"), red("error"))
+	fmt.Printf("this is a %s and this is %s.\n", yellow("warning"), red("error"))
 
-    info := New(FgWhite, BgGreen).SprintFunc()
-    fmt.Printf("this %s rocks!\n", info("package"))
+	info := New(FgWhite, BgGreen).SprintFunc()
+	fmt.Printf("this %s rocks!\n", info("package"))
 
 Windows support is enabled by default. All Print functions work as intended.
-However only for color.SprintXXX functions, user should use fmt.FprintXXX and
+However, only for color.SprintXXX functions, user should use fmt.FprintXXX and
 set the output to color.Output:
 
-    fmt.Fprintf(color.Output, "Windows support: %s", color.GreenString("PASS"))
+	fmt.Fprintf(color.Output, "Windows support: %s", color.GreenString("PASS"))
 
-    info := New(FgWhite, BgGreen).SprintFunc()
-    fmt.Fprintf(color.Output, "this %s rocks!\n", info("package"))
+	info := New(FgWhite, BgGreen).SprintFunc()
+	fmt.Fprintf(color.Output, "this %s rocks!\n", info("package"))
 
 Using with existing code is possible. Just use the Set() method to set the
 standard output to the given parameters. That way a rewrite of an existing
 code is not required.
 
-    // Use handy standard colors.
-    color.Set(color.FgYellow)
+	// Use handy standard colors.
+	color.Set(color.FgYellow)
 
-    fmt.Println("Existing text will be now in Yellow")
-    fmt.Printf("This one %s\n", "too")
+	fmt.Println("Existing text will be now in Yellow")
+	fmt.Printf("This one %s\n", "too")
 
-    color.Unset() // don't forget to unset
+	color.Unset() // don't forget to unset
 
-    // You can mix up parameters
-    color.Set(color.FgMagenta, color.Bold)
-    defer color.Unset() // use it in your function
+	// You can mix up parameters
+	color.Set(color.FgMagenta, color.Bold)
+	defer color.Unset() // use it in your function
 
-    fmt.Println("All text will be now bold magenta.")
+	fmt.Println("All text will be now bold magenta.")
 
 There might be a case where you want to disable color output (for example to
 pipe the standard output of your app to somewhere else). `Color` has support to
@@ -112,24 +111,24 @@ disable colors both globally and for single color definition. For example
 suppose you have a CLI app and a `--no-color` bool flag. You can easily disable
 the color output with:
 
-    var flagNoColor = flag.Bool("no-color", false, "Disable color output")
+	var flagNoColor = flag.Bool("no-color", false, "Disable color output")
 
-    if *flagNoColor {
-    	color.NoColor = true // disables colorized output
-    }
+	if *flagNoColor {
+		color.NoColor = true // disables colorized output
+	}
 
 You can also disable the color by setting the NO_COLOR environment variable to any value.
 
 It also has support for single color definitions (local). You can
 disable/enable color output on the fly:
 
-     c := color.New(color.FgCyan)
-     c.Println("Prints cyan text")
+	c := color.New(color.FgCyan)
+	c.Println("Prints cyan text")
 
-     c.DisableColor()
-     c.Println("This is printed without any color")
+	c.DisableColor()
+	c.Println("This is printed without any color")
 
-     c.EnableColor()
-     c.Println("This prints again cyan...")
+	c.EnableColor()
+	c.Println("This prints again cyan...")
 */
 package color
diff --git a/vendor/github.com/fsnotify/fsnotify/.cirrus.yml b/vendor/github.com/fsnotify/fsnotify/.cirrus.yml
new file mode 100644
index 000000000..ffc7b992b
--- /dev/null
+++ b/vendor/github.com/fsnotify/fsnotify/.cirrus.yml
@@ -0,0 +1,13 @@
+freebsd_task:
+  name: 'FreeBSD'
+  freebsd_instance:
+    image_family: freebsd-13-2
+  install_script:
+    - pkg update -f
+    - pkg install -y go
+  test_script:
+      # run tests as user "cirrus" instead of root
+    - pw useradd cirrus -m
+    - chown -R cirrus:cirrus .
+    - FSNOTIFY_BUFFER=4096 sudo --preserve-env=FSNOTIFY_BUFFER -u cirrus go test -parallel 1 -race ./...
+    -                      sudo --preserve-env=FSNOTIFY_BUFFER -u cirrus go test -parallel 1 -race ./...
diff --git a/vendor/github.com/fsnotify/fsnotify/.gitignore b/vendor/github.com/fsnotify/fsnotify/.gitignore
index 1d89d85ce..391cc076b 100644
--- a/vendor/github.com/fsnotify/fsnotify/.gitignore
+++ b/vendor/github.com/fsnotify/fsnotify/.gitignore
@@ -4,3 +4,4 @@
 
 # Output of go build ./cmd/fsnotify
 /fsnotify
+/fsnotify.exe
diff --git a/vendor/github.com/fsnotify/fsnotify/CHANGELOG.md b/vendor/github.com/fsnotify/fsnotify/CHANGELOG.md
index 77f9593bd..e0e575754 100644
--- a/vendor/github.com/fsnotify/fsnotify/CHANGELOG.md
+++ b/vendor/github.com/fsnotify/fsnotify/CHANGELOG.md
@@ -1,16 +1,87 @@
 # Changelog
 
-All notable changes to this project will be documented in this file.
+Unreleased
+----------
+Nothing yet.
 
-The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
-and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+1.7.0 - 2023-10-22
+------------------
+This version of fsnotify needs Go 1.17.
 
-## [Unreleased]
+### Additions
 
-Nothing yet.
+- illumos: add FEN backend to support illumos and Solaris. ([#371])
+
+- all: add `NewBufferedWatcher()` to use a buffered channel, which can be useful
+  in cases where you can't control the kernel buffer and receive a large number
+  of events in bursts. ([#550], [#572])
+
+- all: add `AddWith()`, which is identical to `Add()` but allows passing
+  options. ([#521])
+
+- windows: allow setting the ReadDirectoryChangesW() buffer size with
+  `fsnotify.WithBufferSize()`; the default of 64K is the highest value that
+  works on all platforms and is enough for most purposes, but in some cases a
+  highest buffer is needed. ([#521])
+
+### Changes and fixes
+
+- inotify: remove watcher if a watched path is renamed ([#518])
+
+  After a rename the reported name wasn't updated, or even an empty string.
+  Inotify doesn't provide any good facilities to update it, so just remove the
+  watcher. This is already how it worked on kqueue and FEN.
+
+  On Windows this does work, and remains working.
+
+- windows: don't listen for file attribute changes ([#520])
+
+  File attribute changes are sent as `FILE_ACTION_MODIFIED` by the Windows API,
+  with no way to see if they're a file write or attribute change, so would show
+  up as a fsnotify.Write event. This is never useful, and could result in many
+  spurious Write events.
+
+- windows: return `ErrEventOverflow` if the buffer is full ([#525])
+
+  Before it would merely return "short read", making it hard to detect this
+  error.
+
+- kqueue: make sure events for all files are delivered properly when removing a
+  watched directory ([#526])
+
+  Previously they would get sent with `""` (empty string) or `"."` as the path
+  name.
+
+- kqueue: don't emit spurious Create events for symbolic links ([#524])
+
+  The link would get resolved but kqueue would "forget" it already saw the link
+  itself, resulting on a Create for every Write event for the directory.
+
+- all: return `ErrClosed` on `Add()` when the watcher is closed ([#516])
+
+- other: add `Watcher.Errors` and `Watcher.Events` to the no-op `Watcher` in
+  `backend_other.go`, making it easier to use on unsupported platforms such as
+  WASM, AIX, etc. ([#528])
+
+- other: use the `backend_other.go` no-op if the `appengine` build tag is set;
+  Google AppEngine forbids usage of the unsafe package so the inotify backend
+  won't compile there.
 
-## [1.6.0] - 2022-10-13
+[#371]: https://github.com/fsnotify/fsnotify/pull/371
+[#516]: https://github.com/fsnotify/fsnotify/pull/516
+[#518]: https://github.com/fsnotify/fsnotify/pull/518
+[#520]: https://github.com/fsnotify/fsnotify/pull/520
+[#521]: https://github.com/fsnotify/fsnotify/pull/521
+[#524]: https://github.com/fsnotify/fsnotify/pull/524
+[#525]: https://github.com/fsnotify/fsnotify/pull/525
+[#526]: https://github.com/fsnotify/fsnotify/pull/526
+[#528]: https://github.com/fsnotify/fsnotify/pull/528
+[#537]: https://github.com/fsnotify/fsnotify/pull/537
+[#550]: https://github.com/fsnotify/fsnotify/pull/550
+[#572]: https://github.com/fsnotify/fsnotify/pull/572
 
+1.6.0 - 2022-10-13
+------------------
 This version of fsnotify needs Go 1.16 (this was already the case since 1.5.1,
 but not documented). It also increases the minimum Linux version to 2.6.32.
 
diff --git a/vendor/github.com/fsnotify/fsnotify/README.md b/vendor/github.com/fsnotify/fsnotify/README.md
index d4e6080fe..e480733d1 100644
--- a/vendor/github.com/fsnotify/fsnotify/README.md
+++ b/vendor/github.com/fsnotify/fsnotify/README.md
@@ -1,29 +1,31 @@
 fsnotify is a Go library to provide cross-platform filesystem notifications on
-Windows, Linux, macOS, and BSD systems.
+Windows, Linux, macOS, BSD, and illumos.
 
-Go 1.16 or newer is required; the full documentation is at
+Go 1.17 or newer is required; the full documentation is at
 https://pkg.go.dev/github.com/fsnotify/fsnotify
 
-**It's best to read the documentation at pkg.go.dev, as it's pinned to the last
-released version, whereas this README is for the last development version which
-may include additions/changes.**
-
 ---
 
 Platform support:
 
-| Adapter               | OS             | Status                                                       |
-| --------------------- | ---------------| -------------------------------------------------------------|
-| inotify               | Linux 2.6.32+  | Supported                                                    |
-| kqueue                | BSD, macOS     | Supported                                                    |
-| ReadDirectoryChangesW | Windows        | Supported                                                    |
-| FSEvents              | macOS          | [Planned](https://github.com/fsnotify/fsnotify/issues/11)    |
-| FEN                   | Solaris 11     | [In Progress](https://github.com/fsnotify/fsnotify/pull/371) |
-| fanotify              | Linux 5.9+     | [Maybe](https://github.com/fsnotify/fsnotify/issues/114)     |
-| USN Journals          | Windows        | [Maybe](https://github.com/fsnotify/fsnotify/issues/53)      |
-| Polling               | *All*          | [Maybe](https://github.com/fsnotify/fsnotify/issues/9)       |
-
-Linux and macOS should include Android and iOS, but these are currently untested.
+| Backend               | OS         | Status                                                                    |
+| :-------------------- | :--------- | :------------------------------------------------------------------------ |
+| inotify               | Linux      | Supported                                                                 |
+| kqueue                | BSD, macOS | Supported                                                                 |
+| ReadDirectoryChangesW | Windows    | Supported                                                                 |
+| FEN                   | illumos    | Supported                                                                 |
+| fanotify              | Linux 5.9+ | [Not yet](https://github.com/fsnotify/fsnotify/issues/114)                |
+| AHAFS                 | AIX        | [aix branch]; experimental due to lack of maintainer and test environment |
+| FSEvents              | macOS      | [Needs support in x/sys/unix][fsevents]                                   |
+| USN Journals          | Windows    | [Needs support in x/sys/windows][usn]                                     |
+| Polling               | *All*      | [Not yet](https://github.com/fsnotify/fsnotify/issues/9)                  |
+
+Linux and illumos should include Android and Solaris, but these are currently
+untested.
+
+[fsevents]:   https://github.com/fsnotify/fsnotify/issues/11#issuecomment-1279133120
+[usn]:        https://github.com/fsnotify/fsnotify/issues/53#issuecomment-1279829847
+[aix branch]: https://github.com/fsnotify/fsnotify/issues/353#issuecomment-1284590129
 
 Usage
 -----
@@ -83,20 +85,23 @@ run with:
 
     % go run ./cmd/fsnotify
 
+Further detailed documentation can be found in godoc:
+https://pkg.go.dev/github.com/fsnotify/fsnotify
+
 FAQ
 ---
 ### Will a file still be watched when it's moved to another directory?
 No, not unless you are watching the location it was moved to.
 
-### Are subdirectories watched too?
+### Are subdirectories watched?
 No, you must add watches for any directory you want to watch (a recursive
 watcher is on the roadmap: [#18]).
 
 [#18]: https://github.com/fsnotify/fsnotify/issues/18
 
 ### Do I have to watch the Error and Event channels in a goroutine?
-As of now, yes (you can read both channels in the same goroutine using `select`,
-you don't need a separate goroutine for both channels; see the example).
+Yes. You can read both channels in the same goroutine using `select` (you don't
+need a separate goroutine for both channels; see the example).
 
 ### Why don't notifications work with NFS, SMB, FUSE, /proc, or /sys?
 fsnotify requires support from underlying OS to work. The current NFS and SMB
@@ -107,6 +112,32 @@ This could be fixed with a polling watcher ([#9]), but it's not yet implemented.
 
 [#9]: https://github.com/fsnotify/fsnotify/issues/9
 
+### Why do I get many Chmod events?
+Some programs may generate a lot of attribute changes; for example Spotlight on
+macOS, anti-virus programs, backup applications, and some others are known to do
+this. As a rule, it's typically best to ignore Chmod events. They're often not
+useful, and tend to cause problems.
+
+Spotlight indexing on macOS can result in multiple events (see [#15]). A
+temporary workaround is to add your folder(s) to the *Spotlight Privacy
+settings* until we have a native FSEvents implementation (see [#11]).
+
+[#11]: https://github.com/fsnotify/fsnotify/issues/11
+[#15]: https://github.com/fsnotify/fsnotify/issues/15
+
+### Watching a file doesn't work well
+Watching individual files (rather than directories) is generally not recommended
+as many programs (especially editors) update files atomically: it will write to
+a temporary file which is then moved to to destination, overwriting the original
+(or some variant thereof). The watcher on the original file is now lost, as that
+no longer exists.
+
+The upshot of this is that a power failure or crash won't leave a half-written
+file.
+
+Watch the parent directory and use `Event.Name` to filter out files you're not
+interested in. There is an example of this in `cmd/fsnotify/file.go`.
+
 Platform-specific notes
 -----------------------
 ### Linux
@@ -151,11 +182,3 @@ these platforms.
 
 The sysctl variables `kern.maxfiles` and `kern.maxfilesperproc` can be used to
 control the maximum number of open files.
-
-### macOS
-Spotlight indexing on macOS can result in multiple events (see [#15]). A temporary
-workaround is to add your folder(s) to the *Spotlight Privacy settings* until we
-have a native FSEvents implementation (see [#11]).
-
-[#11]: https://github.com/fsnotify/fsnotify/issues/11
-[#15]: https://github.com/fsnotify/fsnotify/issues/15
diff --git a/vendor/github.com/fsnotify/fsnotify/backend_fen.go b/vendor/github.com/fsnotify/fsnotify/backend_fen.go
index 1a95ad8e7..28497f1dd 100644
--- a/vendor/github.com/fsnotify/fsnotify/backend_fen.go
+++ b/vendor/github.com/fsnotify/fsnotify/backend_fen.go
@@ -1,10 +1,19 @@
 //go:build solaris
 // +build solaris
 
+// Note: the documentation on the Watcher type and methods is generated from
+// mkdoc.zsh
+
 package fsnotify
 
 import (
 	"errors"
+	"fmt"
+	"os"
+	"path/filepath"
+	"sync"
+
+	"golang.org/x/sys/unix"
 )
 
 // Watcher watches a set of paths, delivering events on a channel.
@@ -17,9 +26,9 @@ import (
 // When a file is removed a Remove event won't be emitted until all file
 // descriptors are closed, and deletes will always emit a Chmod. For example:
 //
-//     fp := os.Open("file")
-//     os.Remove("file")        // Triggers Chmod
-//     fp.Close()               // Triggers Remove
+//	fp := os.Open("file")
+//	os.Remove("file")        // Triggers Chmod
+//	fp.Close()               // Triggers Remove
 //
 // This is the event that inotify sends, so not much can be changed about this.
 //
@@ -33,16 +42,16 @@ import (
 //
 // To increase them you can use sysctl or write the value to the /proc file:
 //
-//     # Default values on Linux 5.18
-//     sysctl fs.inotify.max_user_watches=124983
-//     sysctl fs.inotify.max_user_instances=128
+//	# Default values on Linux 5.18
+//	sysctl fs.inotify.max_user_watches=124983
+//	sysctl fs.inotify.max_user_instances=128
 //
 // To make the changes persist on reboot edit /etc/sysctl.conf or
 // /usr/lib/sysctl.d/50-default.conf (details differ per Linux distro; check
 // your distro's documentation):
 //
-//     fs.inotify.max_user_watches=124983
-//     fs.inotify.max_user_instances=128
+//	fs.inotify.max_user_watches=124983
+//	fs.inotify.max_user_instances=128
 //
 // Reaching the limit will result in a "no space left on device" or "too many open
 // files" error.
@@ -58,14 +67,20 @@ import (
 // control the maximum number of open files, as well as /etc/login.conf on BSD
 // systems.
 //
-// # macOS notes
+// # Windows notes
+//
+// Paths can be added as "C:\path\to\dir", but forward slashes
+// ("C:/path/to/dir") will also work.
 //
-// Spotlight indexing on macOS can result in multiple events (see [#15]). A
-// temporary workaround is to add your folder(s) to the "Spotlight Privacy
-// Settings" until we have a native FSEvents implementation (see [#11]).
+// When a watched directory is removed it will always send an event for the
+// directory itself, but may not send events for all files in that directory.
+// Sometimes it will send events for all times, sometimes it will send no
+// events, and often only for some files.
 //
-// [#11]: https://github.com/fsnotify/fsnotify/issues/11
-// [#15]: https://github.com/fsnotify/fsnotify/issues/15
+// The default ReadDirectoryChangesW() buffer size is 64K, which is the largest
+// value that is guaranteed to work with SMB filesystems. If you have many
+// events in quick succession this may not be enough, and you will have to use
+// [WithBufferSize] to increase the value.
 type Watcher struct {
 	// Events sends the filesystem change events.
 	//
@@ -92,44 +107,129 @@ type Watcher struct {
 	//                      initiated by the user may show up as one or multiple
 	//                      writes, depending on when the system syncs things to
 	//                      disk. For example when compiling a large Go program
-	//                      you may get hundreds of Write events, so you
-	//                      probably want to wait until you've stopped receiving
-	//                      them (see the dedup example in cmd/fsnotify).
+	//                      you may get hundreds of Write events, and you may
+	//                      want to wait until you've stopped receiving them
+	//                      (see the dedup example in cmd/fsnotify).
+	//
+	//                      Some systems may send Write event for directories
+	//                      when the directory content changes.
 	//
 	//   fsnotify.Chmod     Attributes were changed. On Linux this is also sent
 	//                      when a file is removed (or more accurately, when a
 	//                      link to an inode is removed). On kqueue it's sent
-	//                      and on kqueue when a file is truncated. On Windows
-	//                      it's never sent.
+	//                      when a file is truncated. On Windows it's never
+	//                      sent.
 	Events chan Event
 
 	// Errors sends any errors.
+	//
+	// ErrEventOverflow is used to indicate there are too many events:
+	//
+	//  - inotify:      There are too many queued events (fs.inotify.max_queued_events sysctl)
+	//  - windows:      The buffer size is too small; WithBufferSize() can be used to increase it.
+	//  - kqueue, fen:  Not used.
 	Errors chan error
+
+	mu      sync.Mutex
+	port    *unix.EventPort
+	done    chan struct{}       // Channel for sending a "quit message" to the reader goroutine
+	dirs    map[string]struct{} // Explicitly watched directories
+	watches map[string]struct{} // Explicitly watched non-directories
 }
 
 // NewWatcher creates a new Watcher.
 func NewWatcher() (*Watcher, error) {
-	return nil, errors.New("FEN based watcher not yet supported for fsnotify\n")
+	return NewBufferedWatcher(0)
 }
 
-// Close removes all watches and closes the events channel.
+// NewBufferedWatcher creates a new Watcher with a buffered Watcher.Events
+// channel.
+//
+// The main use case for this is situations with a very large number of events
+// where the kernel buffer size can't be increased (e.g. due to lack of
+// permissions). An unbuffered Watcher will perform better for almost all use
+// cases, and whenever possible you will be better off increasing the kernel
+// buffers instead of adding a large userspace buffer.
+func NewBufferedWatcher(sz uint) (*Watcher, error) {
+	w := &Watcher{
+		Events:  make(chan Event, sz),
+		Errors:  make(chan error),
+		dirs:    make(map[string]struct{}),
+		watches: make(map[string]struct{}),
+		done:    make(chan struct{}),
+	}
+
+	var err error
+	w.port, err = unix.NewEventPort()
+	if err != nil {
+		return nil, fmt.Errorf("fsnotify.NewWatcher: %w", err)
+	}
+
+	go w.readEvents()
+	return w, nil
+}
+
+// sendEvent attempts to send an event to the user, returning true if the event
+// was put in the channel successfully and false if the watcher has been closed.
+func (w *Watcher) sendEvent(name string, op Op) (sent bool) {
+	select {
+	case w.Events <- Event{Name: name, Op: op}:
+		return true
+	case <-w.done:
+		return false
+	}
+}
+
+// sendError attempts to send an error to the user, returning true if the error
+// was put in the channel successfully and false if the watcher has been closed.
+func (w *Watcher) sendError(err error) (sent bool) {
+	select {
+	case w.Errors <- err:
+		return true
+	case <-w.done:
+		return false
+	}
+}
+
+func (w *Watcher) isClosed() bool {
+	select {
+	case <-w.done:
+		return true
+	default:
+		return false
+	}
+}
+
+// Close removes all watches and closes the Events channel.
 func (w *Watcher) Close() error {
-	return nil
+	// Take the lock used by associateFile to prevent lingering events from
+	// being processed after the close
+	w.mu.Lock()
+	defer w.mu.Unlock()
+	if w.isClosed() {
+		return nil
+	}
+	close(w.done)
+	return w.port.Close()
 }
 
 // Add starts monitoring the path for changes.
 //
-// A path can only be watched once; attempting to watch it more than once will
-// return an error. Paths that do not yet exist on the filesystem cannot be
-// added. A watch will be automatically removed if the path is deleted.
+// A path can only be watched once; watching it more than once is a no-op and will
+// not return an error. Paths that do not yet exist on the filesystem cannot be
+// watched.
 //
-// A path will remain watched if it gets renamed to somewhere else on the same
-// filesystem, but the monitor will get removed if the path gets deleted and
-// re-created, or if it's moved to a different filesystem.
+// A watch will be automatically removed if the watched path is deleted or
+// renamed. The exception is the Windows backend, which doesn't remove the
+// watcher on renames.
 //
 // Notifications on network filesystems (NFS, SMB, FUSE, etc.) or special
 // filesystems (/proc, /sys, etc.) generally don't work.
 //
+// Returns [ErrClosed] if [Watcher.Close] was called.
+//
+// See [Watcher.AddWith] for a version that allows adding options.
+//
 // # Watching directories
 //
 // All files in a directory are monitored, including new files that are created
@@ -139,15 +239,63 @@ func (w *Watcher) Close() error {
 // # Watching files
 //
 // Watching individual files (rather than directories) is generally not
-// recommended as many tools update files atomically. Instead of "just" writing
-// to the file a temporary file will be written to first, and if successful the
-// temporary file is moved to to destination removing the original, or some
-// variant thereof. The watcher on the original file is now lost, as it no
-// longer exists.
-//
-// Instead, watch the parent directory and use Event.Name to filter out files
-// you're not interested in. There is an example of this in [cmd/fsnotify/file.go].
-func (w *Watcher) Add(name string) error {
+// recommended as many programs (especially editors) update files atomically: it
+// will write to a temporary file which is then moved to to destination,
+// overwriting the original (or some variant thereof). The watcher on the
+// original file is now lost, as that no longer exists.
+//
+// The upshot of this is that a power failure or crash won't leave a
+// half-written file.
+//
+// Watch the parent directory and use Event.Name to filter out files you're not
+// interested in. There is an example of this in cmd/fsnotify/file.go.
+func (w *Watcher) Add(name string) error { return w.AddWith(name) }
+
+// AddWith is like [Watcher.Add], but allows adding options. When using Add()
+// the defaults described below are used.
+//
+// Possible options are:
+//
+//   - [WithBufferSize] sets the buffer size for the Windows backend; no-op on
+//     other platforms. The default is 64K (65536 bytes).
+func (w *Watcher) AddWith(name string, opts ...addOpt) error {
+	if w.isClosed() {
+		return ErrClosed
+	}
+	if w.port.PathIsWatched(name) {
+		return nil
+	}
+
+	_ = getOptions(opts...)
+
+	// Currently we resolve symlinks that were explicitly requested to be
+	// watched. Otherwise we would use LStat here.
+	stat, err := os.Stat(name)
+	if err != nil {
+		return err
+	}
+
+	// Associate all files in the directory.
+	if stat.IsDir() {
+		err := w.handleDirectory(name, stat, true, w.associateFile)
+		if err != nil {
+			return err
+		}
+
+		w.mu.Lock()
+		w.dirs[name] = struct{}{}
+		w.mu.Unlock()
+		return nil
+	}
+
+	err = w.associateFile(name, stat, true)
+	if err != nil {
+		return err
+	}
+
+	w.mu.Lock()
+	w.watches[name] = struct{}{}
+	w.mu.Unlock()
 	return nil
 }
 
@@ -157,6 +305,336 @@ func (w *Watcher) Add(name string) error {
 // /tmp/dir and /tmp/dir/subdir then you will need to remove both.
 //
 // Removing a path that has not yet been added returns [ErrNonExistentWatch].
+//
+// Returns nil if [Watcher.Close] was called.
 func (w *Watcher) Remove(name string) error {
+	if w.isClosed() {
+		return nil
+	}
+	if !w.port.PathIsWatched(name) {
+		return fmt.Errorf("%w: %s", ErrNonExistentWatch, name)
+	}
+
+	// The user has expressed an intent. Immediately remove this name from
+	// whichever watch list it might be in. If it's not in there the delete
+	// doesn't cause harm.
+	w.mu.Lock()
+	delete(w.watches, name)
+	delete(w.dirs, name)
+	w.mu.Unlock()
+
+	stat, err := os.Stat(name)
+	if err != nil {
+		return err
+	}
+
+	// Remove associations for every file in the directory.
+	if stat.IsDir() {
+		err := w.handleDirectory(name, stat, false, w.dissociateFile)
+		if err != nil {
+			return err
+		}
+		return nil
+	}
+
+	err = w.port.DissociatePath(name)
+	if err != nil {
+		return err
+	}
+
 	return nil
 }
+
+// readEvents contains the main loop that runs in a goroutine watching for events.
+func (w *Watcher) readEvents() {
+	// If this function returns, the watcher has been closed and we can close
+	// these channels
+	defer func() {
+		close(w.Errors)
+		close(w.Events)
+	}()
+
+	pevents := make([]unix.PortEvent, 8)
+	for {
+		count, err := w.port.Get(pevents, 1, nil)
+		if err != nil && err != unix.ETIME {
+			// Interrupted system call (count should be 0) ignore and continue
+			if errors.Is(err, unix.EINTR) && count == 0 {
+				continue
+			}
+			// Get failed because we called w.Close()
+			if errors.Is(err, unix.EBADF) && w.isClosed() {
+				return
+			}
+			// There was an error not caused by calling w.Close()
+			if !w.sendError(err) {
+				return
+			}
+		}
+
+		p := pevents[:count]
+		for _, pevent := range p {
+			if pevent.Source != unix.PORT_SOURCE_FILE {
+				// Event from unexpected source received; should never happen.
+				if !w.sendError(errors.New("Event from unexpected source received")) {
+					return
+				}
+				continue
+			}
+
+			err = w.handleEvent(&pevent)
+			if err != nil {
+				if !w.sendError(err) {
+					return
+				}
+			}
+		}
+	}
+}
+
+func (w *Watcher) handleDirectory(path string, stat os.FileInfo, follow bool, handler func(string, os.FileInfo, bool) error) error {
+	files, err := os.ReadDir(path)
+	if err != nil {
+		return err
+	}
+
+	// Handle all children of the directory.
+	for _, entry := range files {
+		finfo, err := entry.Info()
+		if err != nil {
+			return err
+		}
+		err = handler(filepath.Join(path, finfo.Name()), finfo, false)
+		if err != nil {
+			return err
+		}
+	}
+
+	// And finally handle the directory itself.
+	return handler(path, stat, follow)
+}
+
+// handleEvent might need to emit more than one fsnotify event if the events
+// bitmap matches more than one event type (e.g. the file was both modified and
+// had the attributes changed between when the association was created and the
+// when event was returned)
+func (w *Watcher) handleEvent(event *unix.PortEvent) error {
+	var (
+		events     = event.Events
+		path       = event.Path
+		fmode      = event.Cookie.(os.FileMode)
+		reRegister = true
+	)
+
+	w.mu.Lock()
+	_, watchedDir := w.dirs[path]
+	_, watchedPath := w.watches[path]
+	w.mu.Unlock()
+	isWatched := watchedDir || watchedPath
+
+	if events&unix.FILE_DELETE != 0 {
+		if !w.sendEvent(path, Remove) {
+			return nil
+		}
+		reRegister = false
+	}
+	if events&unix.FILE_RENAME_FROM != 0 {
+		if !w.sendEvent(path, Rename) {
+			return nil
+		}
+		// Don't keep watching the new file name
+		reRegister = false
+	}
+	if events&unix.FILE_RENAME_TO != 0 {
+		// We don't report a Rename event for this case, because Rename events
+		// are interpreted as referring to the _old_ name of the file, and in
+		// this case the event would refer to the new name of the file. This
+		// type of rename event is not supported by fsnotify.
+
+		// inotify reports a Remove event in this case, so we simulate this
+		// here.
+		if !w.sendEvent(path, Remove) {
+			return nil
+		}
+		// Don't keep watching the file that was removed
+		reRegister = false
+	}
+
+	// The file is gone, nothing left to do.
+	if !reRegister {
+		if watchedDir {
+			w.mu.Lock()
+			delete(w.dirs, path)
+			w.mu.Unlock()
+		}
+		if watchedPath {
+			w.mu.Lock()
+			delete(w.watches, path)
+			w.mu.Unlock()
+		}
+		return nil
+	}
+
+	// If we didn't get a deletion the file still exists and we're going to have
+	// to watch it again. Let's Stat it now so that we can compare permissions
+	// and have what we need to continue watching the file
+
+	stat, err := os.Lstat(path)
+	if err != nil {
+		// This is unexpected, but we should still emit an event. This happens
+		// most often on "rm -r" of a subdirectory inside a watched directory We
+		// get a modify event of something happening inside, but by the time we
+		// get here, the sudirectory is already gone. Clearly we were watching
+		// this path but now it is gone. Let's tell the user that it was
+		// removed.
+		if !w.sendEvent(path, Remove) {
+			return nil
+		}
+		// Suppress extra write events on removed directories; they are not
+		// informative and can be confusing.
+		return nil
+	}
+
+	// resolve symlinks that were explicitly watched as we would have at Add()
+	// time. this helps suppress spurious Chmod events on watched symlinks
+	if isWatched {
+		stat, err = os.Stat(path)
+		if err != nil {
+			// The symlink still exists, but the target is gone. Report the
+			// Remove similar to above.
+			if !w.sendEvent(path, Remove) {
+				return nil
+			}
+			// Don't return the error
+		}
+	}
+
+	if events&unix.FILE_MODIFIED != 0 {
+		if fmode.IsDir() {
+			if watchedDir {
+				if err := w.updateDirectory(path); err != nil {
+					return err
+				}
+			} else {
+				if !w.sendEvent(path, Write) {
+					return nil
+				}
+			}
+		} else {
+			if !w.sendEvent(path, Write) {
+				return nil
+			}
+		}
+	}
+	if events&unix.FILE_ATTRIB != 0 && stat != nil {
+		// Only send Chmod if perms changed
+		if stat.Mode().Perm() != fmode.Perm() {
+			if !w.sendEvent(path, Chmod) {
+				return nil
+			}
+		}
+	}
+
+	if stat != nil {
+		// If we get here, it means we've hit an event above that requires us to
+		// continue watching the file or directory
+		return w.associateFile(path, stat, isWatched)
+	}
+	return nil
+}
+
+func (w *Watcher) updateDirectory(path string) error {
+	// The directory was modified, so we must find unwatched entities and watch
+	// them. If something was removed from the directory, nothing will happen,
+	// as everything else should still be watched.
+	files, err := os.ReadDir(path)
+	if err != nil {
+		return err
+	}
+
+	for _, entry := range files {
+		path := filepath.Join(path, entry.Name())
+		if w.port.PathIsWatched(path) {
+			continue
+		}
+
+		finfo, err := entry.Info()
+		if err != nil {
+			return err
+		}
+		err = w.associateFile(path, finfo, false)
+		if err != nil {
+			if !w.sendError(err) {
+				return nil
+			}
+		}
+		if !w.sendEvent(path, Create) {
+			return nil
+		}
+	}
+	return nil
+}
+
+func (w *Watcher) associateFile(path string, stat os.FileInfo, follow bool) error {
+	if w.isClosed() {
+		return ErrClosed
+	}
+	// This is primarily protecting the call to AssociatePath but it is
+	// important and intentional that the call to PathIsWatched is also
+	// protected by this mutex. Without this mutex, AssociatePath has been seen
+	// to error out that the path is already associated.
+	w.mu.Lock()
+	defer w.mu.Unlock()
+
+	if w.port.PathIsWatched(path) {
+		// Remove the old association in favor of this one If we get ENOENT,
+		// then while the x/sys/unix wrapper still thought that this path was
+		// associated, the underlying event port did not. This call will have
+		// cleared up that discrepancy. The most likely cause is that the event
+		// has fired but we haven't processed it yet.
+		err := w.port.DissociatePath(path)
+		if err != nil && err != unix.ENOENT {
+			return err
+		}
+	}
+	// FILE_NOFOLLOW means we watch symlinks themselves rather than their
+	// targets.
+	events := unix.FILE_MODIFIED | unix.FILE_ATTRIB | unix.FILE_NOFOLLOW
+	if follow {
+		// We *DO* follow symlinks for explicitly watched entries.
+		events = unix.FILE_MODIFIED | unix.FILE_ATTRIB
+	}
+	return w.port.AssociatePath(path, stat,
+		events,
+		stat.Mode())
+}
+
+func (w *Watcher) dissociateFile(path string, stat os.FileInfo, unused bool) error {
+	if !w.port.PathIsWatched(path) {
+		return nil
+	}
+	return w.port.DissociatePath(path)
+}
+
+// WatchList returns all paths explicitly added with [Watcher.Add] (and are not
+// yet removed).
+//
+// Returns nil if [Watcher.Close] was called.
+func (w *Watcher) WatchList() []string {
+	if w.isClosed() {
+		return nil
+	}
+
+	w.mu.Lock()
+	defer w.mu.Unlock()
+
+	entries := make([]string, 0, len(w.watches)+len(w.dirs))
+	for pathname := range w.dirs {
+		entries = append(entries, pathname)
+	}
+	for pathname := range w.watches {
+		entries = append(entries, pathname)
+	}
+
+	return entries
+}
diff --git a/vendor/github.com/fsnotify/fsnotify/backend_inotify.go b/vendor/github.com/fsnotify/fsnotify/backend_inotify.go
index 54c77fbb0..921c1c1e4 100644
--- a/vendor/github.com/fsnotify/fsnotify/backend_inotify.go
+++ b/vendor/github.com/fsnotify/fsnotify/backend_inotify.go
@@ -1,5 +1,8 @@
-//go:build linux
-// +build linux
+//go:build linux && !appengine
+// +build linux,!appengine
+
+// Note: the documentation on the Watcher type and methods is generated from
+// mkdoc.zsh
 
 package fsnotify
 
@@ -26,9 +29,9 @@ import (
 // When a file is removed a Remove event won't be emitted until all file
 // descriptors are closed, and deletes will always emit a Chmod. For example:
 //
-//     fp := os.Open("file")
-//     os.Remove("file")        // Triggers Chmod
-//     fp.Close()               // Triggers Remove
+//	fp := os.Open("file")
+//	os.Remove("file")        // Triggers Chmod
+//	fp.Close()               // Triggers Remove
 //
 // This is the event that inotify sends, so not much can be changed about this.
 //
@@ -42,16 +45,16 @@ import (
 //
 // To increase them you can use sysctl or write the value to the /proc file:
 //
-//     # Default values on Linux 5.18
-//     sysctl fs.inotify.max_user_watches=124983
-//     sysctl fs.inotify.max_user_instances=128
+//	# Default values on Linux 5.18
+//	sysctl fs.inotify.max_user_watches=124983
+//	sysctl fs.inotify.max_user_instances=128
 //
 // To make the changes persist on reboot edit /etc/sysctl.conf or
 // /usr/lib/sysctl.d/50-default.conf (details differ per Linux distro; check
 // your distro's documentation):
 //
-//     fs.inotify.max_user_watches=124983
-//     fs.inotify.max_user_instances=128
+//	fs.inotify.max_user_watches=124983
+//	fs.inotify.max_user_instances=128
 //
 // Reaching the limit will result in a "no space left on device" or "too many open
 // files" error.
@@ -67,14 +70,20 @@ import (
 // control the maximum number of open files, as well as /etc/login.conf on BSD
 // systems.
 //
-// # macOS notes
+// # Windows notes
+//
+// Paths can be added as "C:\path\to\dir", but forward slashes
+// ("C:/path/to/dir") will also work.
 //
-// Spotlight indexing on macOS can result in multiple events (see [#15]). A
-// temporary workaround is to add your folder(s) to the "Spotlight Privacy
-// Settings" until we have a native FSEvents implementation (see [#11]).
+// When a watched directory is removed it will always send an event for the
+// directory itself, but may not send events for all files in that directory.
+// Sometimes it will send events for all times, sometimes it will send no
+// events, and often only for some files.
 //
-// [#11]: https://github.com/fsnotify/fsnotify/issues/11
-// [#15]: https://github.com/fsnotify/fsnotify/issues/15
+// The default ReadDirectoryChangesW() buffer size is 64K, which is the largest
+// value that is guaranteed to work with SMB filesystems. If you have many
+// events in quick succession this may not be enough, and you will have to use
+// [WithBufferSize] to increase the value.
 type Watcher struct {
 	// Events sends the filesystem change events.
 	//
@@ -101,36 +110,148 @@ type Watcher struct {
 	//                      initiated by the user may show up as one or multiple
 	//                      writes, depending on when the system syncs things to
 	//                      disk. For example when compiling a large Go program
-	//                      you may get hundreds of Write events, so you
-	//                      probably want to wait until you've stopped receiving
-	//                      them (see the dedup example in cmd/fsnotify).
+	//                      you may get hundreds of Write events, and you may
+	//                      want to wait until you've stopped receiving them
+	//                      (see the dedup example in cmd/fsnotify).
+	//
+	//                      Some systems may send Write event for directories
+	//                      when the directory content changes.
 	//
 	//   fsnotify.Chmod     Attributes were changed. On Linux this is also sent
 	//                      when a file is removed (or more accurately, when a
 	//                      link to an inode is removed). On kqueue it's sent
-	//                      and on kqueue when a file is truncated. On Windows
-	//                      it's never sent.
+	//                      when a file is truncated. On Windows it's never
+	//                      sent.
 	Events chan Event
 
 	// Errors sends any errors.
+	//
+	// ErrEventOverflow is used to indicate there are too many events:
+	//
+	//  - inotify:      There are too many queued events (fs.inotify.max_queued_events sysctl)
+	//  - windows:      The buffer size is too small; WithBufferSize() can be used to increase it.
+	//  - kqueue, fen:  Not used.
 	Errors chan error
 
 	// Store fd here as os.File.Read() will no longer return on close after
 	// calling Fd(). See: https://github.com/golang/go/issues/26439
 	fd          int
-	mu          sync.Mutex // Map access
 	inotifyFile *os.File
-	watches     map[string]*watch // Map of inotify watches (key: path)
-	paths       map[int]string    // Map of watched paths (key: watch descriptor)
-	done        chan struct{}     // Channel for sending a "quit message" to the reader goroutine
-	doneResp    chan struct{}     // Channel to respond to Close
+	watches     *watches
+	done        chan struct{} // Channel for sending a "quit message" to the reader goroutine
+	closeMu     sync.Mutex
+	doneResp    chan struct{} // Channel to respond to Close
+}
+
+type (
+	watches struct {
+		mu   sync.RWMutex
+		wd   map[uint32]*watch // wd → watch
+		path map[string]uint32 // pathname → wd
+	}
+	watch struct {
+		wd    uint32 // Watch descriptor (as returned by the inotify_add_watch() syscall)
+		flags uint32 // inotify flags of this watch (see inotify(7) for the list of valid flags)
+		path  string // Watch path.
+	}
+)
+
+func newWatches() *watches {
+	return &watches{
+		wd:   make(map[uint32]*watch),
+		path: make(map[string]uint32),
+	}
+}
+
+func (w *watches) len() int {
+	w.mu.RLock()
+	defer w.mu.RUnlock()
+	return len(w.wd)
+}
+
+func (w *watches) add(ww *watch) {
+	w.mu.Lock()
+	defer w.mu.Unlock()
+	w.wd[ww.wd] = ww
+	w.path[ww.path] = ww.wd
+}
+
+func (w *watches) remove(wd uint32) {
+	w.mu.Lock()
+	defer w.mu.Unlock()
+	delete(w.path, w.wd[wd].path)
+	delete(w.wd, wd)
+}
+
+func (w *watches) removePath(path string) (uint32, bool) {
+	w.mu.Lock()
+	defer w.mu.Unlock()
+
+	wd, ok := w.path[path]
+	if !ok {
+		return 0, false
+	}
+
+	delete(w.path, path)
+	delete(w.wd, wd)
+
+	return wd, true
+}
+
+func (w *watches) byPath(path string) *watch {
+	w.mu.RLock()
+	defer w.mu.RUnlock()
+	return w.wd[w.path[path]]
+}
+
+func (w *watches) byWd(wd uint32) *watch {
+	w.mu.RLock()
+	defer w.mu.RUnlock()
+	return w.wd[wd]
+}
+
+func (w *watches) updatePath(path string, f func(*watch) (*watch, error)) error {
+	w.mu.Lock()
+	defer w.mu.Unlock()
+
+	var existing *watch
+	wd, ok := w.path[path]
+	if ok {
+		existing = w.wd[wd]
+	}
+
+	upd, err := f(existing)
+	if err != nil {
+		return err
+	}
+	if upd != nil {
+		w.wd[upd.wd] = upd
+		w.path[upd.path] = upd.wd
+
+		if upd.wd != wd {
+			delete(w.wd, wd)
+		}
+	}
+
+	return nil
 }
 
 // NewWatcher creates a new Watcher.
 func NewWatcher() (*Watcher, error) {
-	// Create inotify fd
-	// Need to set the FD to nonblocking mode in order for SetDeadline methods to work
-	// Otherwise, blocking i/o operations won't terminate on close
+	return NewBufferedWatcher(0)
+}
+
+// NewBufferedWatcher creates a new Watcher with a buffered Watcher.Events
+// channel.
+//
+// The main use case for this is situations with a very large number of events
+// where the kernel buffer size can't be increased (e.g. due to lack of
+// permissions). An unbuffered Watcher will perform better for almost all use
+// cases, and whenever possible you will be better off increasing the kernel
+// buffers instead of adding a large userspace buffer.
+func NewBufferedWatcher(sz uint) (*Watcher, error) {
+	// Need to set nonblocking mode for SetDeadline to work, otherwise blocking
+	// I/O operations won't terminate on close.
 	fd, errno := unix.InotifyInit1(unix.IN_CLOEXEC | unix.IN_NONBLOCK)
 	if fd == -1 {
 		return nil, errno
@@ -139,9 +260,8 @@ func NewWatcher() (*Watcher, error) {
 	w := &Watcher{
 		fd:          fd,
 		inotifyFile: os.NewFile(uintptr(fd), ""),
-		watches:     make(map[string]*watch),
-		paths:       make(map[int]string),
-		Events:      make(chan Event),
+		watches:     newWatches(),
+		Events:      make(chan Event, sz),
 		Errors:      make(chan error),
 		done:        make(chan struct{}),
 		doneResp:    make(chan struct{}),
@@ -157,8 +277,8 @@ func (w *Watcher) sendEvent(e Event) bool {
 	case w.Events <- e:
 		return true
 	case <-w.done:
+		return false
 	}
-	return false
 }
 
 // Returns true if the error was sent, or false if watcher is closed.
@@ -180,17 +300,15 @@ func (w *Watcher) isClosed() bool {
 	}
 }
 
-// Close removes all watches and closes the events channel.
+// Close removes all watches and closes the Events channel.
 func (w *Watcher) Close() error {
-	w.mu.Lock()
+	w.closeMu.Lock()
 	if w.isClosed() {
-		w.mu.Unlock()
+		w.closeMu.Unlock()
 		return nil
 	}
-
-	// Send 'close' signal to goroutine, and set the Watcher to closed.
 	close(w.done)
-	w.mu.Unlock()
+	w.closeMu.Unlock()
 
 	// Causes any blocking reads to return with an error, provided the file
 	// still supports deadline operations.
@@ -207,17 +325,21 @@ func (w *Watcher) Close() error {
 
 // Add starts monitoring the path for changes.
 //
-// A path can only be watched once; attempting to watch it more than once will
-// return an error. Paths that do not yet exist on the filesystem cannot be
-// added. A watch will be automatically removed if the path is deleted.
+// A path can only be watched once; watching it more than once is a no-op and will
+// not return an error. Paths that do not yet exist on the filesystem cannot be
+// watched.
 //
-// A path will remain watched if it gets renamed to somewhere else on the same
-// filesystem, but the monitor will get removed if the path gets deleted and
-// re-created, or if it's moved to a different filesystem.
+// A watch will be automatically removed if the watched path is deleted or
+// renamed. The exception is the Windows backend, which doesn't remove the
+// watcher on renames.
 //
 // Notifications on network filesystems (NFS, SMB, FUSE, etc.) or special
 // filesystems (/proc, /sys, etc.) generally don't work.
 //
+// Returns [ErrClosed] if [Watcher.Close] was called.
+//
+// See [Watcher.AddWith] for a version that allows adding options.
+//
 // # Watching directories
 //
 // All files in a directory are monitored, including new files that are created
@@ -227,44 +349,59 @@ func (w *Watcher) Close() error {
 // # Watching files
 //
 // Watching individual files (rather than directories) is generally not
-// recommended as many tools update files atomically. Instead of "just" writing
-// to the file a temporary file will be written to first, and if successful the
-// temporary file is moved to to destination removing the original, or some
-// variant thereof. The watcher on the original file is now lost, as it no
-// longer exists.
-//
-// Instead, watch the parent directory and use Event.Name to filter out files
-// you're not interested in. There is an example of this in [cmd/fsnotify/file.go].
-func (w *Watcher) Add(name string) error {
-	name = filepath.Clean(name)
+// recommended as many programs (especially editors) update files atomically: it
+// will write to a temporary file which is then moved to to destination,
+// overwriting the original (or some variant thereof). The watcher on the
+// original file is now lost, as that no longer exists.
+//
+// The upshot of this is that a power failure or crash won't leave a
+// half-written file.
+//
+// Watch the parent directory and use Event.Name to filter out files you're not
+// interested in. There is an example of this in cmd/fsnotify/file.go.
+func (w *Watcher) Add(name string) error { return w.AddWith(name) }
+
+// AddWith is like [Watcher.Add], but allows adding options. When using Add()
+// the defaults described below are used.
+//
+// Possible options are:
+//
+//   - [WithBufferSize] sets the buffer size for the Windows backend; no-op on
+//     other platforms. The default is 64K (65536 bytes).
+func (w *Watcher) AddWith(name string, opts ...addOpt) error {
 	if w.isClosed() {
-		return errors.New("inotify instance already closed")
+		return ErrClosed
 	}
 
+	name = filepath.Clean(name)
+	_ = getOptions(opts...)
+
 	var flags uint32 = unix.IN_MOVED_TO | unix.IN_MOVED_FROM |
 		unix.IN_CREATE | unix.IN_ATTRIB | unix.IN_MODIFY |
 		unix.IN_MOVE_SELF | unix.IN_DELETE | unix.IN_DELETE_SELF
 
-	w.mu.Lock()
-	defer w.mu.Unlock()
-	watchEntry := w.watches[name]
-	if watchEntry != nil {
-		flags |= watchEntry.flags | unix.IN_MASK_ADD
-	}
-	wd, errno := unix.InotifyAddWatch(w.fd, name, flags)
-	if wd == -1 {
-		return errno
-	}
+	return w.watches.updatePath(name, func(existing *watch) (*watch, error) {
+		if existing != nil {
+			flags |= existing.flags | unix.IN_MASK_ADD
+		}
 
-	if watchEntry == nil {
-		w.watches[name] = &watch{wd: uint32(wd), flags: flags}
-		w.paths[wd] = name
-	} else {
-		watchEntry.wd = uint32(wd)
-		watchEntry.flags = flags
-	}
+		wd, err := unix.InotifyAddWatch(w.fd, name, flags)
+		if wd == -1 {
+			return nil, err
+		}
 
-	return nil
+		if existing == nil {
+			return &watch{
+				wd:    uint32(wd),
+				path:  name,
+				flags: flags,
+			}, nil
+		}
+
+		existing.wd = uint32(wd)
+		existing.flags = flags
+		return existing, nil
+	})
 }
 
 // Remove stops monitoring the path for changes.
@@ -273,32 +410,22 @@ func (w *Watcher) Add(name string) error {
 // /tmp/dir and /tmp/dir/subdir then you will need to remove both.
 //
 // Removing a path that has not yet been added returns [ErrNonExistentWatch].
+//
+// Returns nil if [Watcher.Close] was called.
 func (w *Watcher) Remove(name string) error {
-	name = filepath.Clean(name)
-
-	// Fetch the watch.
-	w.mu.Lock()
-	defer w.mu.Unlock()
-	watch, ok := w.watches[name]
+	if w.isClosed() {
+		return nil
+	}
+	return w.remove(filepath.Clean(name))
+}
 
-	// Remove it from inotify.
+func (w *Watcher) remove(name string) error {
+	wd, ok := w.watches.removePath(name)
 	if !ok {
 		return fmt.Errorf("%w: %s", ErrNonExistentWatch, name)
 	}
 
-	// We successfully removed the watch if InotifyRmWatch doesn't return an
-	// error, we need to clean up our internal state to ensure it matches
-	// inotify's kernel state.
-	delete(w.paths, int(watch.wd))
-	delete(w.watches, name)
-
-	// inotify_rm_watch will return EINVAL if the file has been deleted;
-	// the inotify will already have been removed.
-	// watches and pathes are deleted in ignoreLinux() implicitly and asynchronously
-	// by calling inotify_rm_watch() below. e.g. readEvents() goroutine receives IN_IGNORE
-	// so that EINVAL means that the wd is being rm_watch()ed or its file removed
-	// by another thread and we have not received IN_IGNORE event.
-	success, errno := unix.InotifyRmWatch(w.fd, watch.wd)
+	success, errno := unix.InotifyRmWatch(w.fd, wd)
 	if success == -1 {
 		// TODO: Perhaps it's not helpful to return an error here in every case;
 		//       The only two possible errors are:
@@ -312,28 +439,28 @@ func (w *Watcher) Remove(name string) error {
 		//         are watching is deleted.
 		return errno
 	}
-
 	return nil
 }
 
-// WatchList returns all paths added with [Add] (and are not yet removed).
+// WatchList returns all paths explicitly added with [Watcher.Add] (and are not
+// yet removed).
+//
+// Returns nil if [Watcher.Close] was called.
 func (w *Watcher) WatchList() []string {
-	w.mu.Lock()
-	defer w.mu.Unlock()
+	if w.isClosed() {
+		return nil
+	}
 
-	entries := make([]string, 0, len(w.watches))
-	for pathname := range w.watches {
+	entries := make([]string, 0, w.watches.len())
+	w.watches.mu.RLock()
+	for pathname := range w.watches.path {
 		entries = append(entries, pathname)
 	}
+	w.watches.mu.RUnlock()
 
 	return entries
 }
 
-type watch struct {
-	wd    uint32 // Watch descriptor (as returned by the inotify_add_watch() syscall)
-	flags uint32 // inotify flags of this watch (see inotify(7) for the list of valid flags)
-}
-
 // readEvents reads from the inotify file descriptor, converts the
 // received events into Event objects and sends them via the Events channel
 func (w *Watcher) readEvents() {
@@ -367,14 +494,11 @@ func (w *Watcher) readEvents() {
 		if n < unix.SizeofInotifyEvent {
 			var err error
 			if n == 0 {
-				// If EOF is received. This should really never happen.
-				err = io.EOF
+				err = io.EOF // If EOF is received. This should really never happen.
 			} else if n < 0 {
-				// If an error occurred while reading.
-				err = errno
+				err = errno // If an error occurred while reading.
 			} else {
-				// Read was too short.
-				err = errors.New("notify: short read in readEvents()")
+				err = errors.New("notify: short read in readEvents()") // Read was too short.
 			}
 			if !w.sendError(err) {
 				return
@@ -403,18 +527,29 @@ func (w *Watcher) readEvents() {
 			// doesn't append the filename to the event, but we would like to always fill the
 			// the "Name" field with a valid filename. We retrieve the path of the watch from
 			// the "paths" map.
-			w.mu.Lock()
-			name, ok := w.paths[int(raw.Wd)]
-			// IN_DELETE_SELF occurs when the file/directory being watched is removed.
-			// This is a sign to clean up the maps, otherwise we are no longer in sync
-			// with the inotify kernel state which has already deleted the watch
-			// automatically.
-			if ok && mask&unix.IN_DELETE_SELF == unix.IN_DELETE_SELF {
-				delete(w.paths, int(raw.Wd))
-				delete(w.watches, name)
+			watch := w.watches.byWd(uint32(raw.Wd))
+
+			// inotify will automatically remove the watch on deletes; just need
+			// to clean our state here.
+			if watch != nil && mask&unix.IN_DELETE_SELF == unix.IN_DELETE_SELF {
+				w.watches.remove(watch.wd)
+			}
+			// We can't really update the state when a watched path is moved;
+			// only IN_MOVE_SELF is sent and not IN_MOVED_{FROM,TO}. So remove
+			// the watch.
+			if watch != nil && mask&unix.IN_MOVE_SELF == unix.IN_MOVE_SELF {
+				err := w.remove(watch.path)
+				if err != nil && !errors.Is(err, ErrNonExistentWatch) {
+					if !w.sendError(err) {
+						return
+					}
+				}
 			}
-			w.mu.Unlock()
 
+			var name string
+			if watch != nil {
+				name = watch.path
+			}
 			if nameLen > 0 {
 				// Point "bytes" at the first byte of the filename
 				bytes := (*[unix.PathMax]byte)(unsafe.Pointer(&buf[offset+unix.SizeofInotifyEvent]))[:nameLen:nameLen]
diff --git a/vendor/github.com/fsnotify/fsnotify/backend_kqueue.go b/vendor/github.com/fsnotify/fsnotify/backend_kqueue.go
index 29087469b..063a0915a 100644
--- a/vendor/github.com/fsnotify/fsnotify/backend_kqueue.go
+++ b/vendor/github.com/fsnotify/fsnotify/backend_kqueue.go
@@ -1,12 +1,14 @@
 //go:build freebsd || openbsd || netbsd || dragonfly || darwin
 // +build freebsd openbsd netbsd dragonfly darwin
 
+// Note: the documentation on the Watcher type and methods is generated from
+// mkdoc.zsh
+
 package fsnotify
 
 import (
 	"errors"
 	"fmt"
-	"io/ioutil"
 	"os"
 	"path/filepath"
 	"sync"
@@ -24,9 +26,9 @@ import (
 // When a file is removed a Remove event won't be emitted until all file
 // descriptors are closed, and deletes will always emit a Chmod. For example:
 //
-//     fp := os.Open("file")
-//     os.Remove("file")        // Triggers Chmod
-//     fp.Close()               // Triggers Remove
+//	fp := os.Open("file")
+//	os.Remove("file")        // Triggers Chmod
+//	fp.Close()               // Triggers Remove
 //
 // This is the event that inotify sends, so not much can be changed about this.
 //
@@ -40,16 +42,16 @@ import (
 //
 // To increase them you can use sysctl or write the value to the /proc file:
 //
-//     # Default values on Linux 5.18
-//     sysctl fs.inotify.max_user_watches=124983
-//     sysctl fs.inotify.max_user_instances=128
+//	# Default values on Linux 5.18
+//	sysctl fs.inotify.max_user_watches=124983
+//	sysctl fs.inotify.max_user_instances=128
 //
 // To make the changes persist on reboot edit /etc/sysctl.conf or
 // /usr/lib/sysctl.d/50-default.conf (details differ per Linux distro; check
 // your distro's documentation):
 //
-//     fs.inotify.max_user_watches=124983
-//     fs.inotify.max_user_instances=128
+//	fs.inotify.max_user_watches=124983
+//	fs.inotify.max_user_instances=128
 //
 // Reaching the limit will result in a "no space left on device" or "too many open
 // files" error.
@@ -65,14 +67,20 @@ import (
 // control the maximum number of open files, as well as /etc/login.conf on BSD
 // systems.
 //
-// # macOS notes
+// # Windows notes
+//
+// Paths can be added as "C:\path\to\dir", but forward slashes
+// ("C:/path/to/dir") will also work.
 //
-// Spotlight indexing on macOS can result in multiple events (see [#15]). A
-// temporary workaround is to add your folder(s) to the "Spotlight Privacy
-// Settings" until we have a native FSEvents implementation (see [#11]).
+// When a watched directory is removed it will always send an event for the
+// directory itself, but may not send events for all files in that directory.
+// Sometimes it will send events for all times, sometimes it will send no
+// events, and often only for some files.
 //
-// [#11]: https://github.com/fsnotify/fsnotify/issues/11
-// [#15]: https://github.com/fsnotify/fsnotify/issues/15
+// The default ReadDirectoryChangesW() buffer size is 64K, which is the largest
+// value that is guaranteed to work with SMB filesystems. If you have many
+// events in quick succession this may not be enough, and you will have to use
+// [WithBufferSize] to increase the value.
 type Watcher struct {
 	// Events sends the filesystem change events.
 	//
@@ -99,18 +107,27 @@ type Watcher struct {
 	//                      initiated by the user may show up as one or multiple
 	//                      writes, depending on when the system syncs things to
 	//                      disk. For example when compiling a large Go program
-	//                      you may get hundreds of Write events, so you
-	//                      probably want to wait until you've stopped receiving
-	//                      them (see the dedup example in cmd/fsnotify).
+	//                      you may get hundreds of Write events, and you may
+	//                      want to wait until you've stopped receiving them
+	//                      (see the dedup example in cmd/fsnotify).
+	//
+	//                      Some systems may send Write event for directories
+	//                      when the directory content changes.
 	//
 	//   fsnotify.Chmod     Attributes were changed. On Linux this is also sent
 	//                      when a file is removed (or more accurately, when a
 	//                      link to an inode is removed). On kqueue it's sent
-	//                      and on kqueue when a file is truncated. On Windows
-	//                      it's never sent.
+	//                      when a file is truncated. On Windows it's never
+	//                      sent.
 	Events chan Event
 
 	// Errors sends any errors.
+	//
+	// ErrEventOverflow is used to indicate there are too many events:
+	//
+	//  - inotify:      There are too many queued events (fs.inotify.max_queued_events sysctl)
+	//  - windows:      The buffer size is too small; WithBufferSize() can be used to increase it.
+	//  - kqueue, fen:  Not used.
 	Errors chan error
 
 	done         chan struct{}
@@ -133,6 +150,18 @@ type pathInfo struct {
 
 // NewWatcher creates a new Watcher.
 func NewWatcher() (*Watcher, error) {
+	return NewBufferedWatcher(0)
+}
+
+// NewBufferedWatcher creates a new Watcher with a buffered Watcher.Events
+// channel.
+//
+// The main use case for this is situations with a very large number of events
+// where the kernel buffer size can't be increased (e.g. due to lack of
+// permissions). An unbuffered Watcher will perform better for almost all use
+// cases, and whenever possible you will be better off increasing the kernel
+// buffers instead of adding a large userspace buffer.
+func NewBufferedWatcher(sz uint) (*Watcher, error) {
 	kq, closepipe, err := newKqueue()
 	if err != nil {
 		return nil, err
@@ -147,7 +176,7 @@ func NewWatcher() (*Watcher, error) {
 		paths:        make(map[int]pathInfo),
 		fileExists:   make(map[string]struct{}),
 		userWatches:  make(map[string]struct{}),
-		Events:       make(chan Event),
+		Events:       make(chan Event, sz),
 		Errors:       make(chan error),
 		done:         make(chan struct{}),
 	}
@@ -197,8 +226,8 @@ func (w *Watcher) sendEvent(e Event) bool {
 	case w.Events <- e:
 		return true
 	case <-w.done:
+		return false
 	}
-	return false
 }
 
 // Returns true if the error was sent, or false if watcher is closed.
@@ -207,11 +236,11 @@ func (w *Watcher) sendError(err error) bool {
 	case w.Errors <- err:
 		return true
 	case <-w.done:
+		return false
 	}
-	return false
 }
 
-// Close removes all watches and closes the events channel.
+// Close removes all watches and closes the Events channel.
 func (w *Watcher) Close() error {
 	w.mu.Lock()
 	if w.isClosed {
@@ -239,17 +268,21 @@ func (w *Watcher) Close() error {
 
 // Add starts monitoring the path for changes.
 //
-// A path can only be watched once; attempting to watch it more than once will
-// return an error. Paths that do not yet exist on the filesystem cannot be
-// added. A watch will be automatically removed if the path is deleted.
+// A path can only be watched once; watching it more than once is a no-op and will
+// not return an error. Paths that do not yet exist on the filesystem cannot be
+// watched.
 //
-// A path will remain watched if it gets renamed to somewhere else on the same
-// filesystem, but the monitor will get removed if the path gets deleted and
-// re-created, or if it's moved to a different filesystem.
+// A watch will be automatically removed if the watched path is deleted or
+// renamed. The exception is the Windows backend, which doesn't remove the
+// watcher on renames.
 //
 // Notifications on network filesystems (NFS, SMB, FUSE, etc.) or special
 // filesystems (/proc, /sys, etc.) generally don't work.
 //
+// Returns [ErrClosed] if [Watcher.Close] was called.
+//
+// See [Watcher.AddWith] for a version that allows adding options.
+//
 // # Watching directories
 //
 // All files in a directory are monitored, including new files that are created
@@ -259,15 +292,28 @@ func (w *Watcher) Close() error {
 // # Watching files
 //
 // Watching individual files (rather than directories) is generally not
-// recommended as many tools update files atomically. Instead of "just" writing
-// to the file a temporary file will be written to first, and if successful the
-// temporary file is moved to to destination removing the original, or some
-// variant thereof. The watcher on the original file is now lost, as it no
-// longer exists.
-//
-// Instead, watch the parent directory and use Event.Name to filter out files
-// you're not interested in. There is an example of this in [cmd/fsnotify/file.go].
-func (w *Watcher) Add(name string) error {
+// recommended as many programs (especially editors) update files atomically: it
+// will write to a temporary file which is then moved to to destination,
+// overwriting the original (or some variant thereof). The watcher on the
+// original file is now lost, as that no longer exists.
+//
+// The upshot of this is that a power failure or crash won't leave a
+// half-written file.
+//
+// Watch the parent directory and use Event.Name to filter out files you're not
+// interested in. There is an example of this in cmd/fsnotify/file.go.
+func (w *Watcher) Add(name string) error { return w.AddWith(name) }
+
+// AddWith is like [Watcher.Add], but allows adding options. When using Add()
+// the defaults described below are used.
+//
+// Possible options are:
+//
+//   - [WithBufferSize] sets the buffer size for the Windows backend; no-op on
+//     other platforms. The default is 64K (65536 bytes).
+func (w *Watcher) AddWith(name string, opts ...addOpt) error {
+	_ = getOptions(opts...)
+
 	w.mu.Lock()
 	w.userWatches[name] = struct{}{}
 	w.mu.Unlock()
@@ -281,9 +327,19 @@ func (w *Watcher) Add(name string) error {
 // /tmp/dir and /tmp/dir/subdir then you will need to remove both.
 //
 // Removing a path that has not yet been added returns [ErrNonExistentWatch].
+//
+// Returns nil if [Watcher.Close] was called.
 func (w *Watcher) Remove(name string) error {
+	return w.remove(name, true)
+}
+
+func (w *Watcher) remove(name string, unwatchFiles bool) error {
 	name = filepath.Clean(name)
 	w.mu.Lock()
+	if w.isClosed {
+		w.mu.Unlock()
+		return nil
+	}
 	watchfd, ok := w.watches[name]
 	w.mu.Unlock()
 	if !ok {
@@ -315,7 +371,7 @@ func (w *Watcher) Remove(name string) error {
 	w.mu.Unlock()
 
 	// Find all watched paths that are in this directory that are not external.
-	if isDir {
+	if unwatchFiles && isDir {
 		var pathsToRemove []string
 		w.mu.Lock()
 		for fd := range w.watchesByDir[name] {
@@ -326,20 +382,25 @@ func (w *Watcher) Remove(name string) error {
 		}
 		w.mu.Unlock()
 		for _, name := range pathsToRemove {
-			// Since these are internal, not much sense in propagating error
-			// to the user, as that will just confuse them with an error about
-			// a path they did not explicitly watch themselves.
+			// Since these are internal, not much sense in propagating error to
+			// the user, as that will just confuse them with an error about a
+			// path they did not explicitly watch themselves.
 			w.Remove(name)
 		}
 	}
-
 	return nil
 }
 
-// WatchList returns all paths added with [Add] (and are not yet removed).
+// WatchList returns all paths explicitly added with [Watcher.Add] (and are not
+// yet removed).
+//
+// Returns nil if [Watcher.Close] was called.
 func (w *Watcher) WatchList() []string {
 	w.mu.Lock()
 	defer w.mu.Unlock()
+	if w.isClosed {
+		return nil
+	}
 
 	entries := make([]string, 0, len(w.userWatches))
 	for pathname := range w.userWatches {
@@ -352,18 +413,18 @@ func (w *Watcher) WatchList() []string {
 // Watch all events (except NOTE_EXTEND, NOTE_LINK, NOTE_REVOKE)
 const noteAllEvents = unix.NOTE_DELETE | unix.NOTE_WRITE | unix.NOTE_ATTRIB | unix.NOTE_RENAME
 
-// addWatch adds name to the watched file set.
-// The flags are interpreted as described in kevent(2).
-// Returns the real path to the file which was added, if any, which may be different from the one passed in the case of symlinks.
+// addWatch adds name to the watched file set; the flags are interpreted as
+// described in kevent(2).
+//
+// Returns the real path to the file which was added, with symlinks resolved.
 func (w *Watcher) addWatch(name string, flags uint32) (string, error) {
 	var isDir bool
-	// Make ./name and name equivalent
 	name = filepath.Clean(name)
 
 	w.mu.Lock()
 	if w.isClosed {
 		w.mu.Unlock()
-		return "", errors.New("kevent instance already closed")
+		return "", ErrClosed
 	}
 	watchfd, alreadyWatching := w.watches[name]
 	// We already have a watch, but we can still override flags.
@@ -383,27 +444,30 @@ func (w *Watcher) addWatch(name string, flags uint32) (string, error) {
 			return "", nil
 		}
 
-		// Follow Symlinks
-		//
-		// Linux can add unresolvable symlinks to the watch list without issue,
-		// and Windows can't do symlinks period. To maintain consistency, we
-		// will act like everything is fine if the link can't be resolved.
-		// There will simply be no file events for broken symlinks. Hence the
-		// returns of nil on errors.
+		// Follow Symlinks.
 		if fi.Mode()&os.ModeSymlink == os.ModeSymlink {
-			name, err = filepath.EvalSymlinks(name)
+			link, err := os.Readlink(name)
 			if err != nil {
+				// Return nil because Linux can add unresolvable symlinks to the
+				// watch list without problems, so maintain consistency with
+				// that. There will be no file events for broken symlinks.
+				// TODO: more specific check; returns os.PathError; ENOENT?
 				return "", nil
 			}
 
 			w.mu.Lock()
-			_, alreadyWatching = w.watches[name]
+			_, alreadyWatching = w.watches[link]
 			w.mu.Unlock()
 
 			if alreadyWatching {
-				return name, nil
+				// Add to watches so we don't get spurious Create events later
+				// on when we diff the directories.
+				w.watches[name] = 0
+				w.fileExists[name] = struct{}{}
+				return link, nil
 			}
 
+			name = link
 			fi, err = os.Lstat(name)
 			if err != nil {
 				return "", nil
@@ -411,7 +475,7 @@ func (w *Watcher) addWatch(name string, flags uint32) (string, error) {
 		}
 
 		// Retry on EINTR; open() can return EINTR in practice on macOS.
-		// See #354, and go issues 11180 and 39237.
+		// See #354, and Go issues 11180 and 39237.
 		for {
 			watchfd, err = unix.Open(name, openMode, 0)
 			if err == nil {
@@ -444,14 +508,13 @@ func (w *Watcher) addWatch(name string, flags uint32) (string, error) {
 			w.watchesByDir[parentName] = watchesByDir
 		}
 		watchesByDir[watchfd] = struct{}{}
-
 		w.paths[watchfd] = pathInfo{name: name, isDir: isDir}
 		w.mu.Unlock()
 	}
 
 	if isDir {
-		// Watch the directory if it has not been watched before,
-		// or if it was watched before, but perhaps only a NOTE_DELETE (watchDirectoryFiles)
+		// Watch the directory if it has not been watched before, or if it was
+		// watched before, but perhaps only a NOTE_DELETE (watchDirectoryFiles)
 		w.mu.Lock()
 
 		watchDir := (flags&unix.NOTE_WRITE) == unix.NOTE_WRITE &&
@@ -473,13 +536,10 @@ func (w *Watcher) addWatch(name string, flags uint32) (string, error) {
 // Event values that it sends down the Events channel.
 func (w *Watcher) readEvents() {
 	defer func() {
-		err := unix.Close(w.kq)
-		if err != nil {
-			w.Errors <- err
-		}
-		unix.Close(w.closepipe[0])
 		close(w.Events)
 		close(w.Errors)
+		_ = unix.Close(w.kq)
+		unix.Close(w.closepipe[0])
 	}()
 
 	eventBuffer := make([]unix.Kevent_t, 10)
@@ -513,18 +573,8 @@ func (w *Watcher) readEvents() {
 
 			event := w.newEvent(path.name, mask)
 
-			if path.isDir && !event.Has(Remove) {
-				// Double check to make sure the directory exists. This can
-				// happen when we do a rm -fr on a recursively watched folders
-				// and we receive a modification event first but the folder has
-				// been deleted and later receive the delete event.
-				if _, err := os.Lstat(event.Name); os.IsNotExist(err) {
-					event.Op |= Remove
-				}
-			}
-
 			if event.Has(Rename) || event.Has(Remove) {
-				w.Remove(event.Name)
+				w.remove(event.Name, false)
 				w.mu.Lock()
 				delete(w.fileExists, event.Name)
 				w.mu.Unlock()
@@ -540,26 +590,30 @@ func (w *Watcher) readEvents() {
 			}
 
 			if event.Has(Remove) {
-				// Look for a file that may have overwritten this.
-				// For example, mv f1 f2 will delete f2, then create f2.
+				// Look for a file that may have overwritten this; for example,
+				// mv f1 f2 will delete f2, then create f2.
 				if path.isDir {
 					fileDir := filepath.Clean(event.Name)
 					w.mu.Lock()
 					_, found := w.watches[fileDir]
 					w.mu.Unlock()
 					if found {
-						// make sure the directory exists before we watch for changes. When we
-						// do a recursive watch and perform rm -fr, the parent directory might
-						// have gone missing, ignore the missing directory and let the
-						// upcoming delete event remove the watch from the parent directory.
-						if _, err := os.Lstat(fileDir); err == nil {
-							w.sendDirectoryChangeEvents(fileDir)
+						err := w.sendDirectoryChangeEvents(fileDir)
+						if err != nil {
+							if !w.sendError(err) {
+								closed = true
+							}
 						}
 					}
 				} else {
 					filePath := filepath.Clean(event.Name)
-					if fileInfo, err := os.Lstat(filePath); err == nil {
-						w.sendFileCreatedEventIfNew(filePath, fileInfo)
+					if fi, err := os.Lstat(filePath); err == nil {
+						err := w.sendFileCreatedEventIfNew(filePath, fi)
+						if err != nil {
+							if !w.sendError(err) {
+								closed = true
+							}
+						}
 					}
 				}
 			}
@@ -582,21 +636,31 @@ func (w *Watcher) newEvent(name string, mask uint32) Event {
 	if mask&unix.NOTE_ATTRIB == unix.NOTE_ATTRIB {
 		e.Op |= Chmod
 	}
+	// No point sending a write and delete event at the same time: if it's gone,
+	// then it's gone.
+	if e.Op.Has(Write) && e.Op.Has(Remove) {
+		e.Op &^= Write
+	}
 	return e
 }
 
 // watchDirectoryFiles to mimic inotify when adding a watch on a directory
 func (w *Watcher) watchDirectoryFiles(dirPath string) error {
 	// Get all files
-	files, err := ioutil.ReadDir(dirPath)
+	files, err := os.ReadDir(dirPath)
 	if err != nil {
 		return err
 	}
 
-	for _, fileInfo := range files {
-		path := filepath.Join(dirPath, fileInfo.Name())
+	for _, f := range files {
+		path := filepath.Join(dirPath, f.Name())
+
+		fi, err := f.Info()
+		if err != nil {
+			return fmt.Errorf("%q: %w", path, err)
+		}
 
-		cleanPath, err := w.internalWatch(path, fileInfo)
+		cleanPath, err := w.internalWatch(path, fi)
 		if err != nil {
 			// No permission to read the file; that's not a problem: just skip.
 			// But do add it to w.fileExists to prevent it from being picked up
@@ -606,7 +670,7 @@ func (w *Watcher) watchDirectoryFiles(dirPath string) error {
 			case errors.Is(err, unix.EACCES) || errors.Is(err, unix.EPERM):
 				cleanPath = filepath.Clean(path)
 			default:
-				return fmt.Errorf("%q: %w", filepath.Join(dirPath, fileInfo.Name()), err)
+				return fmt.Errorf("%q: %w", path, err)
 			}
 		}
 
@@ -622,26 +686,37 @@ func (w *Watcher) watchDirectoryFiles(dirPath string) error {
 //
 // This functionality is to have the BSD watcher match the inotify, which sends
 // a create event for files created in a watched directory.
-func (w *Watcher) sendDirectoryChangeEvents(dir string) {
-	// Get all files
-	files, err := ioutil.ReadDir(dir)
+func (w *Watcher) sendDirectoryChangeEvents(dir string) error {
+	files, err := os.ReadDir(dir)
 	if err != nil {
-		if !w.sendError(fmt.Errorf("fsnotify.sendDirectoryChangeEvents: %w", err)) {
-			return
+		// Directory no longer exists: we can ignore this safely. kqueue will
+		// still give us the correct events.
+		if errors.Is(err, os.ErrNotExist) {
+			return nil
 		}
+		return fmt.Errorf("fsnotify.sendDirectoryChangeEvents: %w", err)
 	}
 
-	// Search for new files
-	for _, fi := range files {
-		err := w.sendFileCreatedEventIfNew(filepath.Join(dir, fi.Name()), fi)
+	for _, f := range files {
+		fi, err := f.Info()
 		if err != nil {
-			return
+			return fmt.Errorf("fsnotify.sendDirectoryChangeEvents: %w", err)
+		}
+
+		err = w.sendFileCreatedEventIfNew(filepath.Join(dir, fi.Name()), fi)
+		if err != nil {
+			// Don't need to send an error if this file isn't readable.
+			if errors.Is(err, unix.EACCES) || errors.Is(err, unix.EPERM) {
+				return nil
+			}
+			return fmt.Errorf("fsnotify.sendDirectoryChangeEvents: %w", err)
 		}
 	}
+	return nil
 }
 
 // sendFileCreatedEvent sends a create event if the file isn't already being tracked.
-func (w *Watcher) sendFileCreatedEventIfNew(filePath string, fileInfo os.FileInfo) (err error) {
+func (w *Watcher) sendFileCreatedEventIfNew(filePath string, fi os.FileInfo) (err error) {
 	w.mu.Lock()
 	_, doesExist := w.fileExists[filePath]
 	w.mu.Unlock()
@@ -652,7 +727,7 @@ func (w *Watcher) sendFileCreatedEventIfNew(filePath string, fileInfo os.FileInf
 	}
 
 	// like watchDirectoryFiles (but without doing another ReadDir)
-	filePath, err = w.internalWatch(filePath, fileInfo)
+	filePath, err = w.internalWatch(filePath, fi)
 	if err != nil {
 		return err
 	}
@@ -664,10 +739,10 @@ func (w *Watcher) sendFileCreatedEventIfNew(filePath string, fileInfo os.FileInf
 	return nil
 }
 
-func (w *Watcher) internalWatch(name string, fileInfo os.FileInfo) (string, error) {
-	if fileInfo.IsDir() {
-		// mimic Linux providing delete events for subdirectories
-		// but preserve the flags used if currently watching subdirectory
+func (w *Watcher) internalWatch(name string, fi os.FileInfo) (string, error) {
+	if fi.IsDir() {
+		// mimic Linux providing delete events for subdirectories, but preserve
+		// the flags used if currently watching subdirectory
 		w.mu.Lock()
 		flags := w.dirFlags[name]
 		w.mu.Unlock()
diff --git a/vendor/github.com/fsnotify/fsnotify/backend_other.go b/vendor/github.com/fsnotify/fsnotify/backend_other.go
index a9bb1c3c4..d34a23c01 100644
--- a/vendor/github.com/fsnotify/fsnotify/backend_other.go
+++ b/vendor/github.com/fsnotify/fsnotify/backend_other.go
@@ -1,39 +1,169 @@
-//go:build !darwin && !dragonfly && !freebsd && !openbsd && !linux && !netbsd && !solaris && !windows
-// +build !darwin,!dragonfly,!freebsd,!openbsd,!linux,!netbsd,!solaris,!windows
+//go:build appengine || (!darwin && !dragonfly && !freebsd && !openbsd && !linux && !netbsd && !solaris && !windows)
+// +build appengine !darwin,!dragonfly,!freebsd,!openbsd,!linux,!netbsd,!solaris,!windows
+
+// Note: the documentation on the Watcher type and methods is generated from
+// mkdoc.zsh
 
 package fsnotify
 
-import (
-	"fmt"
-	"runtime"
-)
+import "errors"
 
-// Watcher watches a set of files, delivering events to a channel.
-type Watcher struct{}
+// Watcher watches a set of paths, delivering events on a channel.
+//
+// A watcher should not be copied (e.g. pass it by pointer, rather than by
+// value).
+//
+// # Linux notes
+//
+// When a file is removed a Remove event won't be emitted until all file
+// descriptors are closed, and deletes will always emit a Chmod. For example:
+//
+//	fp := os.Open("file")
+//	os.Remove("file")        // Triggers Chmod
+//	fp.Close()               // Triggers Remove
+//
+// This is the event that inotify sends, so not much can be changed about this.
+//
+// The fs.inotify.max_user_watches sysctl variable specifies the upper limit
+// for the number of watches per user, and fs.inotify.max_user_instances
+// specifies the maximum number of inotify instances per user. Every Watcher you
+// create is an "instance", and every path you add is a "watch".
+//
+// These are also exposed in /proc as /proc/sys/fs/inotify/max_user_watches and
+// /proc/sys/fs/inotify/max_user_instances
+//
+// To increase them you can use sysctl or write the value to the /proc file:
+//
+//	# Default values on Linux 5.18
+//	sysctl fs.inotify.max_user_watches=124983
+//	sysctl fs.inotify.max_user_instances=128
+//
+// To make the changes persist on reboot edit /etc/sysctl.conf or
+// /usr/lib/sysctl.d/50-default.conf (details differ per Linux distro; check
+// your distro's documentation):
+//
+//	fs.inotify.max_user_watches=124983
+//	fs.inotify.max_user_instances=128
+//
+// Reaching the limit will result in a "no space left on device" or "too many open
+// files" error.
+//
+// # kqueue notes (macOS, BSD)
+//
+// kqueue requires opening a file descriptor for every file that's being watched;
+// so if you're watching a directory with five files then that's six file
+// descriptors. You will run in to your system's "max open files" limit faster on
+// these platforms.
+//
+// The sysctl variables kern.maxfiles and kern.maxfilesperproc can be used to
+// control the maximum number of open files, as well as /etc/login.conf on BSD
+// systems.
+//
+// # Windows notes
+//
+// Paths can be added as "C:\path\to\dir", but forward slashes
+// ("C:/path/to/dir") will also work.
+//
+// When a watched directory is removed it will always send an event for the
+// directory itself, but may not send events for all files in that directory.
+// Sometimes it will send events for all times, sometimes it will send no
+// events, and often only for some files.
+//
+// The default ReadDirectoryChangesW() buffer size is 64K, which is the largest
+// value that is guaranteed to work with SMB filesystems. If you have many
+// events in quick succession this may not be enough, and you will have to use
+// [WithBufferSize] to increase the value.
+type Watcher struct {
+	// Events sends the filesystem change events.
+	//
+	// fsnotify can send the following events; a "path" here can refer to a
+	// file, directory, symbolic link, or special file like a FIFO.
+	//
+	//   fsnotify.Create    A new path was created; this may be followed by one
+	//                      or more Write events if data also gets written to a
+	//                      file.
+	//
+	//   fsnotify.Remove    A path was removed.
+	//
+	//   fsnotify.Rename    A path was renamed. A rename is always sent with the
+	//                      old path as Event.Name, and a Create event will be
+	//                      sent with the new name. Renames are only sent for
+	//                      paths that are currently watched; e.g. moving an
+	//                      unmonitored file into a monitored directory will
+	//                      show up as just a Create. Similarly, renaming a file
+	//                      to outside a monitored directory will show up as
+	//                      only a Rename.
+	//
+	//   fsnotify.Write     A file or named pipe was written to. A Truncate will
+	//                      also trigger a Write. A single "write action"
+	//                      initiated by the user may show up as one or multiple
+	//                      writes, depending on when the system syncs things to
+	//                      disk. For example when compiling a large Go program
+	//                      you may get hundreds of Write events, and you may
+	//                      want to wait until you've stopped receiving them
+	//                      (see the dedup example in cmd/fsnotify).
+	//
+	//                      Some systems may send Write event for directories
+	//                      when the directory content changes.
+	//
+	//   fsnotify.Chmod     Attributes were changed. On Linux this is also sent
+	//                      when a file is removed (or more accurately, when a
+	//                      link to an inode is removed). On kqueue it's sent
+	//                      when a file is truncated. On Windows it's never
+	//                      sent.
+	Events chan Event
+
+	// Errors sends any errors.
+	//
+	// ErrEventOverflow is used to indicate there are too many events:
+	//
+	//  - inotify:      There are too many queued events (fs.inotify.max_queued_events sysctl)
+	//  - windows:      The buffer size is too small; WithBufferSize() can be used to increase it.
+	//  - kqueue, fen:  Not used.
+	Errors chan error
+}
 
 // NewWatcher creates a new Watcher.
 func NewWatcher() (*Watcher, error) {
-	return nil, fmt.Errorf("fsnotify not supported on %s", runtime.GOOS)
+	return nil, errors.New("fsnotify not supported on the current platform")
 }
 
-// Close removes all watches and closes the events channel.
-func (w *Watcher) Close() error {
-	return nil
-}
+// NewBufferedWatcher creates a new Watcher with a buffered Watcher.Events
+// channel.
+//
+// The main use case for this is situations with a very large number of events
+// where the kernel buffer size can't be increased (e.g. due to lack of
+// permissions). An unbuffered Watcher will perform better for almost all use
+// cases, and whenever possible you will be better off increasing the kernel
+// buffers instead of adding a large userspace buffer.
+func NewBufferedWatcher(sz uint) (*Watcher, error) { return NewWatcher() }
+
+// Close removes all watches and closes the Events channel.
+func (w *Watcher) Close() error { return nil }
+
+// WatchList returns all paths explicitly added with [Watcher.Add] (and are not
+// yet removed).
+//
+// Returns nil if [Watcher.Close] was called.
+func (w *Watcher) WatchList() []string { return nil }
 
 // Add starts monitoring the path for changes.
 //
-// A path can only be watched once; attempting to watch it more than once will
-// return an error. Paths that do not yet exist on the filesystem cannot be
-// added. A watch will be automatically removed if the path is deleted.
+// A path can only be watched once; watching it more than once is a no-op and will
+// not return an error. Paths that do not yet exist on the filesystem cannot be
+// watched.
 //
-// A path will remain watched if it gets renamed to somewhere else on the same
-// filesystem, but the monitor will get removed if the path gets deleted and
-// re-created, or if it's moved to a different filesystem.
+// A watch will be automatically removed if the watched path is deleted or
+// renamed. The exception is the Windows backend, which doesn't remove the
+// watcher on renames.
 //
 // Notifications on network filesystems (NFS, SMB, FUSE, etc.) or special
 // filesystems (/proc, /sys, etc.) generally don't work.
 //
+// Returns [ErrClosed] if [Watcher.Close] was called.
+//
+// See [Watcher.AddWith] for a version that allows adding options.
+//
 // # Watching directories
 //
 // All files in a directory are monitored, including new files that are created
@@ -43,17 +173,26 @@ func (w *Watcher) Close() error {
 // # Watching files
 //
 // Watching individual files (rather than directories) is generally not
-// recommended as many tools update files atomically. Instead of "just" writing
-// to the file a temporary file will be written to first, and if successful the
-// temporary file is moved to to destination removing the original, or some
-// variant thereof. The watcher on the original file is now lost, as it no
-// longer exists.
-//
-// Instead, watch the parent directory and use Event.Name to filter out files
-// you're not interested in. There is an example of this in [cmd/fsnotify/file.go].
-func (w *Watcher) Add(name string) error {
-	return nil
-}
+// recommended as many programs (especially editors) update files atomically: it
+// will write to a temporary file which is then moved to to destination,
+// overwriting the original (or some variant thereof). The watcher on the
+// original file is now lost, as that no longer exists.
+//
+// The upshot of this is that a power failure or crash won't leave a
+// half-written file.
+//
+// Watch the parent directory and use Event.Name to filter out files you're not
+// interested in. There is an example of this in cmd/fsnotify/file.go.
+func (w *Watcher) Add(name string) error { return nil }
+
+// AddWith is like [Watcher.Add], but allows adding options. When using Add()
+// the defaults described below are used.
+//
+// Possible options are:
+//
+//   - [WithBufferSize] sets the buffer size for the Windows backend; no-op on
+//     other platforms. The default is 64K (65536 bytes).
+func (w *Watcher) AddWith(name string, opts ...addOpt) error { return nil }
 
 // Remove stops monitoring the path for changes.
 //
@@ -61,6 +200,6 @@ func (w *Watcher) Add(name string) error {
 // /tmp/dir and /tmp/dir/subdir then you will need to remove both.
 //
 // Removing a path that has not yet been added returns [ErrNonExistentWatch].
-func (w *Watcher) Remove(name string) error {
-	return nil
-}
+//
+// Returns nil if [Watcher.Close] was called.
+func (w *Watcher) Remove(name string) error { return nil }
diff --git a/vendor/github.com/fsnotify/fsnotify/backend_windows.go b/vendor/github.com/fsnotify/fsnotify/backend_windows.go
index ae392867c..9bc91e5d6 100644
--- a/vendor/github.com/fsnotify/fsnotify/backend_windows.go
+++ b/vendor/github.com/fsnotify/fsnotify/backend_windows.go
@@ -1,6 +1,13 @@
 //go:build windows
 // +build windows
 
+// Windows backend based on ReadDirectoryChangesW()
+//
+// https://learn.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-readdirectorychangesw
+//
+// Note: the documentation on the Watcher type and methods is generated from
+// mkdoc.zsh
+
 package fsnotify
 
 import (
@@ -27,9 +34,9 @@ import (
 // When a file is removed a Remove event won't be emitted until all file
 // descriptors are closed, and deletes will always emit a Chmod. For example:
 //
-//     fp := os.Open("file")
-//     os.Remove("file")        // Triggers Chmod
-//     fp.Close()               // Triggers Remove
+//	fp := os.Open("file")
+//	os.Remove("file")        // Triggers Chmod
+//	fp.Close()               // Triggers Remove
 //
 // This is the event that inotify sends, so not much can be changed about this.
 //
@@ -43,16 +50,16 @@ import (
 //
 // To increase them you can use sysctl or write the value to the /proc file:
 //
-//     # Default values on Linux 5.18
-//     sysctl fs.inotify.max_user_watches=124983
-//     sysctl fs.inotify.max_user_instances=128
+//	# Default values on Linux 5.18
+//	sysctl fs.inotify.max_user_watches=124983
+//	sysctl fs.inotify.max_user_instances=128
 //
 // To make the changes persist on reboot edit /etc/sysctl.conf or
 // /usr/lib/sysctl.d/50-default.conf (details differ per Linux distro; check
 // your distro's documentation):
 //
-//     fs.inotify.max_user_watches=124983
-//     fs.inotify.max_user_instances=128
+//	fs.inotify.max_user_watches=124983
+//	fs.inotify.max_user_instances=128
 //
 // Reaching the limit will result in a "no space left on device" or "too many open
 // files" error.
@@ -68,14 +75,20 @@ import (
 // control the maximum number of open files, as well as /etc/login.conf on BSD
 // systems.
 //
-// # macOS notes
+// # Windows notes
 //
-// Spotlight indexing on macOS can result in multiple events (see [#15]). A
-// temporary workaround is to add your folder(s) to the "Spotlight Privacy
-// Settings" until we have a native FSEvents implementation (see [#11]).
+// Paths can be added as "C:\path\to\dir", but forward slashes
+// ("C:/path/to/dir") will also work.
 //
-// [#11]: https://github.com/fsnotify/fsnotify/issues/11
-// [#15]: https://github.com/fsnotify/fsnotify/issues/15
+// When a watched directory is removed it will always send an event for the
+// directory itself, but may not send events for all files in that directory.
+// Sometimes it will send events for all times, sometimes it will send no
+// events, and often only for some files.
+//
+// The default ReadDirectoryChangesW() buffer size is 64K, which is the largest
+// value that is guaranteed to work with SMB filesystems. If you have many
+// events in quick succession this may not be enough, and you will have to use
+// [WithBufferSize] to increase the value.
 type Watcher struct {
 	// Events sends the filesystem change events.
 	//
@@ -102,31 +115,52 @@ type Watcher struct {
 	//                      initiated by the user may show up as one or multiple
 	//                      writes, depending on when the system syncs things to
 	//                      disk. For example when compiling a large Go program
-	//                      you may get hundreds of Write events, so you
-	//                      probably want to wait until you've stopped receiving
-	//                      them (see the dedup example in cmd/fsnotify).
+	//                      you may get hundreds of Write events, and you may
+	//                      want to wait until you've stopped receiving them
+	//                      (see the dedup example in cmd/fsnotify).
+	//
+	//                      Some systems may send Write event for directories
+	//                      when the directory content changes.
 	//
 	//   fsnotify.Chmod     Attributes were changed. On Linux this is also sent
 	//                      when a file is removed (or more accurately, when a
 	//                      link to an inode is removed). On kqueue it's sent
-	//                      and on kqueue when a file is truncated. On Windows
-	//                      it's never sent.
+	//                      when a file is truncated. On Windows it's never
+	//                      sent.
 	Events chan Event
 
 	// Errors sends any errors.
+	//
+	// ErrEventOverflow is used to indicate there are too many events:
+	//
+	//  - inotify:      There are too many queued events (fs.inotify.max_queued_events sysctl)
+	//  - windows:      The buffer size is too small; WithBufferSize() can be used to increase it.
+	//  - kqueue, fen:  Not used.
 	Errors chan error
 
 	port  windows.Handle // Handle to completion port
 	input chan *input    // Inputs to the reader are sent on this channel
 	quit  chan chan<- error
 
-	mu       sync.Mutex // Protects access to watches, isClosed
-	watches  watchMap   // Map of watches (key: i-number)
-	isClosed bool       // Set to true when Close() is first called
+	mu      sync.Mutex // Protects access to watches, closed
+	watches watchMap   // Map of watches (key: i-number)
+	closed  bool       // Set to true when Close() is first called
 }
 
 // NewWatcher creates a new Watcher.
 func NewWatcher() (*Watcher, error) {
+	return NewBufferedWatcher(50)
+}
+
+// NewBufferedWatcher creates a new Watcher with a buffered Watcher.Events
+// channel.
+//
+// The main use case for this is situations with a very large number of events
+// where the kernel buffer size can't be increased (e.g. due to lack of
+// permissions). An unbuffered Watcher will perform better for almost all use
+// cases, and whenever possible you will be better off increasing the kernel
+// buffers instead of adding a large userspace buffer.
+func NewBufferedWatcher(sz uint) (*Watcher, error) {
 	port, err := windows.CreateIoCompletionPort(windows.InvalidHandle, 0, 0, 0)
 	if err != nil {
 		return nil, os.NewSyscallError("CreateIoCompletionPort", err)
@@ -135,7 +169,7 @@ func NewWatcher() (*Watcher, error) {
 		port:    port,
 		watches: make(watchMap),
 		input:   make(chan *input, 1),
-		Events:  make(chan Event, 50),
+		Events:  make(chan Event, sz),
 		Errors:  make(chan error),
 		quit:    make(chan chan<- error, 1),
 	}
@@ -143,6 +177,12 @@ func NewWatcher() (*Watcher, error) {
 	return w, nil
 }
 
+func (w *Watcher) isClosed() bool {
+	w.mu.Lock()
+	defer w.mu.Unlock()
+	return w.closed
+}
+
 func (w *Watcher) sendEvent(name string, mask uint64) bool {
 	if mask == 0 {
 		return false
@@ -167,14 +207,14 @@ func (w *Watcher) sendError(err error) bool {
 	return false
 }
 
-// Close removes all watches and closes the events channel.
+// Close removes all watches and closes the Events channel.
 func (w *Watcher) Close() error {
-	w.mu.Lock()
-	if w.isClosed {
-		w.mu.Unlock()
+	if w.isClosed() {
 		return nil
 	}
-	w.isClosed = true
+
+	w.mu.Lock()
+	w.closed = true
 	w.mu.Unlock()
 
 	// Send "quit" message to the reader goroutine
@@ -188,17 +228,21 @@ func (w *Watcher) Close() error {
 
 // Add starts monitoring the path for changes.
 //
-// A path can only be watched once; attempting to watch it more than once will
-// return an error. Paths that do not yet exist on the filesystem cannot be
-// added. A watch will be automatically removed if the path is deleted.
+// A path can only be watched once; watching it more than once is a no-op and will
+// not return an error. Paths that do not yet exist on the filesystem cannot be
+// watched.
 //
-// A path will remain watched if it gets renamed to somewhere else on the same
-// filesystem, but the monitor will get removed if the path gets deleted and
-// re-created, or if it's moved to a different filesystem.
+// A watch will be automatically removed if the watched path is deleted or
+// renamed. The exception is the Windows backend, which doesn't remove the
+// watcher on renames.
 //
 // Notifications on network filesystems (NFS, SMB, FUSE, etc.) or special
 // filesystems (/proc, /sys, etc.) generally don't work.
 //
+// Returns [ErrClosed] if [Watcher.Close] was called.
+//
+// See [Watcher.AddWith] for a version that allows adding options.
+//
 // # Watching directories
 //
 // All files in a directory are monitored, including new files that are created
@@ -208,27 +252,41 @@ func (w *Watcher) Close() error {
 // # Watching files
 //
 // Watching individual files (rather than directories) is generally not
-// recommended as many tools update files atomically. Instead of "just" writing
-// to the file a temporary file will be written to first, and if successful the
-// temporary file is moved to to destination removing the original, or some
-// variant thereof. The watcher on the original file is now lost, as it no
-// longer exists.
-//
-// Instead, watch the parent directory and use Event.Name to filter out files
-// you're not interested in. There is an example of this in [cmd/fsnotify/file.go].
-func (w *Watcher) Add(name string) error {
-	w.mu.Lock()
-	if w.isClosed {
-		w.mu.Unlock()
-		return errors.New("watcher already closed")
+// recommended as many programs (especially editors) update files atomically: it
+// will write to a temporary file which is then moved to to destination,
+// overwriting the original (or some variant thereof). The watcher on the
+// original file is now lost, as that no longer exists.
+//
+// The upshot of this is that a power failure or crash won't leave a
+// half-written file.
+//
+// Watch the parent directory and use Event.Name to filter out files you're not
+// interested in. There is an example of this in cmd/fsnotify/file.go.
+func (w *Watcher) Add(name string) error { return w.AddWith(name) }
+
+// AddWith is like [Watcher.Add], but allows adding options. When using Add()
+// the defaults described below are used.
+//
+// Possible options are:
+//
+//   - [WithBufferSize] sets the buffer size for the Windows backend; no-op on
+//     other platforms. The default is 64K (65536 bytes).
+func (w *Watcher) AddWith(name string, opts ...addOpt) error {
+	if w.isClosed() {
+		return ErrClosed
+	}
+
+	with := getOptions(opts...)
+	if with.bufsize < 4096 {
+		return fmt.Errorf("fsnotify.WithBufferSize: buffer size cannot be smaller than 4096 bytes")
 	}
-	w.mu.Unlock()
 
 	in := &input{
-		op:    opAddWatch,
-		path:  filepath.Clean(name),
-		flags: sysFSALLEVENTS,
-		reply: make(chan error),
+		op:      opAddWatch,
+		path:    filepath.Clean(name),
+		flags:   sysFSALLEVENTS,
+		reply:   make(chan error),
+		bufsize: with.bufsize,
 	}
 	w.input <- in
 	if err := w.wakeupReader(); err != nil {
@@ -243,7 +301,13 @@ func (w *Watcher) Add(name string) error {
 // /tmp/dir and /tmp/dir/subdir then you will need to remove both.
 //
 // Removing a path that has not yet been added returns [ErrNonExistentWatch].
+//
+// Returns nil if [Watcher.Close] was called.
 func (w *Watcher) Remove(name string) error {
+	if w.isClosed() {
+		return nil
+	}
+
 	in := &input{
 		op:    opRemoveWatch,
 		path:  filepath.Clean(name),
@@ -256,8 +320,15 @@ func (w *Watcher) Remove(name string) error {
 	return <-in.reply
 }
 
-// WatchList returns all paths added with [Add] (and are not yet removed).
+// WatchList returns all paths explicitly added with [Watcher.Add] (and are not
+// yet removed).
+//
+// Returns nil if [Watcher.Close] was called.
 func (w *Watcher) WatchList() []string {
+	if w.isClosed() {
+		return nil
+	}
+
 	w.mu.Lock()
 	defer w.mu.Unlock()
 
@@ -279,7 +350,6 @@ func (w *Watcher) WatchList() []string {
 // This should all be removed at some point, and just use windows.FILE_NOTIFY_*
 const (
 	sysFSALLEVENTS  = 0xfff
-	sysFSATTRIB     = 0x4
 	sysFSCREATE     = 0x100
 	sysFSDELETE     = 0x200
 	sysFSDELETESELF = 0x400
@@ -305,9 +375,6 @@ func (w *Watcher) newEvent(name string, mask uint32) Event {
 	if mask&sysFSMOVE == sysFSMOVE || mask&sysFSMOVESELF == sysFSMOVESELF || mask&sysFSMOVEDFROM == sysFSMOVEDFROM {
 		e.Op |= Rename
 	}
-	if mask&sysFSATTRIB == sysFSATTRIB {
-		e.Op |= Chmod
-	}
 	return e
 }
 
@@ -321,10 +388,11 @@ const (
 )
 
 type input struct {
-	op    int
-	path  string
-	flags uint32
-	reply chan error
+	op      int
+	path    string
+	flags   uint32
+	bufsize int
+	reply   chan error
 }
 
 type inode struct {
@@ -334,13 +402,14 @@ type inode struct {
 }
 
 type watch struct {
-	ov     windows.Overlapped
-	ino    *inode            // i-number
-	path   string            // Directory path
-	mask   uint64            // Directory itself is being watched with these notify flags
-	names  map[string]uint64 // Map of names being watched and their notify flags
-	rename string            // Remembers the old name while renaming a file
-	buf    [65536]byte       // 64K buffer
+	ov      windows.Overlapped
+	ino     *inode            // i-number
+	recurse bool              // Recursive watch?
+	path    string            // Directory path
+	mask    uint64            // Directory itself is being watched with these notify flags
+	names   map[string]uint64 // Map of names being watched and their notify flags
+	rename  string            // Remembers the old name while renaming a file
+	buf     []byte            // buffer, allocated later
 }
 
 type (
@@ -413,7 +482,10 @@ func (m watchMap) set(ino *inode, watch *watch) {
 }
 
 // Must run within the I/O thread.
-func (w *Watcher) addWatch(pathname string, flags uint64) error {
+func (w *Watcher) addWatch(pathname string, flags uint64, bufsize int) error {
+	//pathname, recurse := recursivePath(pathname)
+	recurse := false
+
 	dir, err := w.getDir(pathname)
 	if err != nil {
 		return err
@@ -433,9 +505,11 @@ func (w *Watcher) addWatch(pathname string, flags uint64) error {
 			return os.NewSyscallError("CreateIoCompletionPort", err)
 		}
 		watchEntry = &watch{
-			ino:   ino,
-			path:  dir,
-			names: make(map[string]uint64),
+			ino:     ino,
+			path:    dir,
+			names:   make(map[string]uint64),
+			recurse: recurse,
+			buf:     make([]byte, bufsize),
 		}
 		w.mu.Lock()
 		w.watches.set(ino, watchEntry)
@@ -465,6 +539,8 @@ func (w *Watcher) addWatch(pathname string, flags uint64) error {
 
 // Must run within the I/O thread.
 func (w *Watcher) remWatch(pathname string) error {
+	pathname, recurse := recursivePath(pathname)
+
 	dir, err := w.getDir(pathname)
 	if err != nil {
 		return err
@@ -478,6 +554,10 @@ func (w *Watcher) remWatch(pathname string) error {
 	watch := w.watches.get(ino)
 	w.mu.Unlock()
 
+	if recurse && !watch.recurse {
+		return fmt.Errorf("can't use \\... with non-recursive watch %q", pathname)
+	}
+
 	err = windows.CloseHandle(ino.handle)
 	if err != nil {
 		w.sendError(os.NewSyscallError("CloseHandle", err))
@@ -535,8 +615,11 @@ func (w *Watcher) startRead(watch *watch) error {
 		return nil
 	}
 
-	rdErr := windows.ReadDirectoryChanges(watch.ino.handle, &watch.buf[0],
-		uint32(unsafe.Sizeof(watch.buf)), false, mask, nil, &watch.ov, 0)
+	// We need to pass the array, rather than the slice.
+	hdr := (*reflect.SliceHeader)(unsafe.Pointer(&watch.buf))
+	rdErr := windows.ReadDirectoryChanges(watch.ino.handle,
+		(*byte)(unsafe.Pointer(hdr.Data)), uint32(hdr.Len),
+		watch.recurse, mask, nil, &watch.ov, 0)
 	if rdErr != nil {
 		err := os.NewSyscallError("ReadDirectoryChanges", rdErr)
 		if rdErr == windows.ERROR_ACCESS_DENIED && watch.mask&provisional == 0 {
@@ -563,9 +646,8 @@ func (w *Watcher) readEvents() {
 	runtime.LockOSThread()
 
 	for {
+		// This error is handled after the watch == nil check below.
 		qErr := windows.GetQueuedCompletionStatus(w.port, &n, &key, &ov, windows.INFINITE)
-		// This error is handled after the watch == nil check below. NOTE: this
-		// seems odd, note sure if it's correct.
 
 		watch := (*watch)(unsafe.Pointer(ov))
 		if watch == nil {
@@ -595,7 +677,7 @@ func (w *Watcher) readEvents() {
 			case in := <-w.input:
 				switch in.op {
 				case opAddWatch:
-					in.reply <- w.addWatch(in.path, uint64(in.flags))
+					in.reply <- w.addWatch(in.path, uint64(in.flags), in.bufsize)
 				case opRemoveWatch:
 					in.reply <- w.remWatch(in.path)
 				}
@@ -605,6 +687,8 @@ func (w *Watcher) readEvents() {
 		}
 
 		switch qErr {
+		case nil:
+			// No error
 		case windows.ERROR_MORE_DATA:
 			if watch == nil {
 				w.sendError(errors.New("ERROR_MORE_DATA has unexpectedly null lpOverlapped buffer"))
@@ -626,13 +710,12 @@ func (w *Watcher) readEvents() {
 		default:
 			w.sendError(os.NewSyscallError("GetQueuedCompletionPort", qErr))
 			continue
-		case nil:
 		}
 
 		var offset uint32
 		for {
 			if n == 0 {
-				w.sendError(errors.New("short read in readEvents()"))
+				w.sendError(ErrEventOverflow)
 				break
 			}
 
@@ -703,8 +786,9 @@ func (w *Watcher) readEvents() {
 
 			// Error!
 			if offset >= n {
+				//lint:ignore ST1005 Windows should be capitalized
 				w.sendError(errors.New(
-					"Windows system assumed buffer larger than it is, events have likely been missed."))
+					"Windows system assumed buffer larger than it is, events have likely been missed"))
 				break
 			}
 		}
@@ -720,9 +804,6 @@ func (w *Watcher) toWindowsFlags(mask uint64) uint32 {
 	if mask&sysFSMODIFY != 0 {
 		m |= windows.FILE_NOTIFY_CHANGE_LAST_WRITE
 	}
-	if mask&sysFSATTRIB != 0 {
-		m |= windows.FILE_NOTIFY_CHANGE_ATTRIBUTES
-	}
 	if mask&(sysFSMOVE|sysFSCREATE|sysFSDELETE) != 0 {
 		m |= windows.FILE_NOTIFY_CHANGE_FILE_NAME | windows.FILE_NOTIFY_CHANGE_DIR_NAME
 	}
diff --git a/vendor/github.com/fsnotify/fsnotify/fsnotify.go b/vendor/github.com/fsnotify/fsnotify/fsnotify.go
index 30a5bf0f0..24c99cc49 100644
--- a/vendor/github.com/fsnotify/fsnotify/fsnotify.go
+++ b/vendor/github.com/fsnotify/fsnotify/fsnotify.go
@@ -1,13 +1,18 @@
-//go:build !plan9
-// +build !plan9
-
 // Package fsnotify provides a cross-platform interface for file system
 // notifications.
+//
+// Currently supported systems:
+//
+//	Linux 2.6.32+    via inotify
+//	BSD, macOS       via kqueue
+//	Windows          via ReadDirectoryChangesW
+//	illumos          via FEN
 package fsnotify
 
 import (
 	"errors"
 	"fmt"
+	"path/filepath"
 	"strings"
 )
 
@@ -33,34 +38,52 @@ type Op uint32
 // The operations fsnotify can trigger; see the documentation on [Watcher] for a
 // full description, and check them with [Event.Has].
 const (
+	// A new pathname was created.
 	Create Op = 1 << iota
+
+	// The pathname was written to; this does *not* mean the write has finished,
+	// and a write can be followed by more writes.
 	Write
+
+	// The path was removed; any watches on it will be removed. Some "remove"
+	// operations may trigger a Rename if the file is actually moved (for
+	// example "remove to trash" is often a rename).
 	Remove
+
+	// The path was renamed to something else; any watched on it will be
+	// removed.
 	Rename
+
+	// File attributes were changed.
+	//
+	// It's generally not recommended to take action on this event, as it may
+	// get triggered very frequently by some software. For example, Spotlight
+	// indexing on macOS, anti-virus software, backup software, etc.
 	Chmod
 )
 
-// Common errors that can be reported by a watcher
+// Common errors that can be reported.
 var (
-	ErrNonExistentWatch = errors.New("can't remove non-existent watcher")
-	ErrEventOverflow    = errors.New("fsnotify queue overflow")
+	ErrNonExistentWatch = errors.New("fsnotify: can't remove non-existent watch")
+	ErrEventOverflow    = errors.New("fsnotify: queue or buffer overflow")
+	ErrClosed           = errors.New("fsnotify: watcher already closed")
 )
 
-func (op Op) String() string {
+func (o Op) String() string {
 	var b strings.Builder
-	if op.Has(Create) {
+	if o.Has(Create) {
 		b.WriteString("|CREATE")
 	}
-	if op.Has(Remove) {
+	if o.Has(Remove) {
 		b.WriteString("|REMOVE")
 	}
-	if op.Has(Write) {
+	if o.Has(Write) {
 		b.WriteString("|WRITE")
 	}
-	if op.Has(Rename) {
+	if o.Has(Rename) {
 		b.WriteString("|RENAME")
 	}
-	if op.Has(Chmod) {
+	if o.Has(Chmod) {
 		b.WriteString("|CHMOD")
 	}
 	if b.Len() == 0 {
@@ -70,7 +93,7 @@ func (op Op) String() string {
 }
 
 // Has reports if this operation has the given operation.
-func (o Op) Has(h Op) bool { return o&h == h }
+func (o Op) Has(h Op) bool { return o&h != 0 }
 
 // Has reports if this event has the given operation.
 func (e Event) Has(op Op) bool { return e.Op.Has(op) }
@@ -79,3 +102,45 @@ func (e Event) Has(op Op) bool { return e.Op.Has(op) }
 func (e Event) String() string {
 	return fmt.Sprintf("%-13s %q", e.Op.String(), e.Name)
 }
+
+type (
+	addOpt   func(opt *withOpts)
+	withOpts struct {
+		bufsize int
+	}
+)
+
+var defaultOpts = withOpts{
+	bufsize: 65536, // 64K
+}
+
+func getOptions(opts ...addOpt) withOpts {
+	with := defaultOpts
+	for _, o := range opts {
+		o(&with)
+	}
+	return with
+}
+
+// WithBufferSize sets the [ReadDirectoryChangesW] buffer size.
+//
+// This only has effect on Windows systems, and is a no-op for other backends.
+//
+// The default value is 64K (65536 bytes) which is the highest value that works
+// on all filesystems and should be enough for most applications, but if you
+// have a large burst of events it may not be enough. You can increase it if
+// you're hitting "queue or buffer overflow" errors ([ErrEventOverflow]).
+//
+// [ReadDirectoryChangesW]: https://learn.microsoft.com/en-gb/windows/win32/api/winbase/nf-winbase-readdirectorychangesw
+func WithBufferSize(bytes int) addOpt {
+	return func(opt *withOpts) { opt.bufsize = bytes }
+}
+
+// Check if this path is recursive (ends with "/..." or "\..."), and return the
+// path with the /... stripped.
+func recursivePath(path string) (string, bool) {
+	if filepath.Base(path) == "..." {
+		return filepath.Dir(path), true
+	}
+	return path, false
+}
diff --git a/vendor/github.com/fsnotify/fsnotify/mkdoc.zsh b/vendor/github.com/fsnotify/fsnotify/mkdoc.zsh
index b09ef7683..99012ae65 100644
--- a/vendor/github.com/fsnotify/fsnotify/mkdoc.zsh
+++ b/vendor/github.com/fsnotify/fsnotify/mkdoc.zsh
@@ -2,8 +2,8 @@
 [ "${ZSH_VERSION:-}" = "" ] && echo >&2 "Only works with zsh" && exit 1
 setopt err_exit no_unset pipefail extended_glob
 
-# Simple script to update the godoc comments on all watchers. Probably took me
-# more time to write this than doing it manually, but ah well 🙃
+# Simple script to update the godoc comments on all watchers so you don't need
+# to update the same comment 5 times.
 
 watcher=$(<<EOF
 // Watcher watches a set of paths, delivering events on a channel.
@@ -16,9 +16,9 @@ watcher=$(<<EOF
 // When a file is removed a Remove event won't be emitted until all file
 // descriptors are closed, and deletes will always emit a Chmod. For example:
 //
-//     fp := os.Open("file")
-//     os.Remove("file")        // Triggers Chmod
-//     fp.Close()               // Triggers Remove
+//	fp := os.Open("file")
+//	os.Remove("file")        // Triggers Chmod
+//	fp.Close()               // Triggers Remove
 //
 // This is the event that inotify sends, so not much can be changed about this.
 //
@@ -32,16 +32,16 @@ watcher=$(<<EOF
 //
 // To increase them you can use sysctl or write the value to the /proc file:
 //
-//     # Default values on Linux 5.18
-//     sysctl fs.inotify.max_user_watches=124983
-//     sysctl fs.inotify.max_user_instances=128
+//	# Default values on Linux 5.18
+//	sysctl fs.inotify.max_user_watches=124983
+//	sysctl fs.inotify.max_user_instances=128
 //
 // To make the changes persist on reboot edit /etc/sysctl.conf or
 // /usr/lib/sysctl.d/50-default.conf (details differ per Linux distro; check
 // your distro's documentation):
 //
-//     fs.inotify.max_user_watches=124983
-//     fs.inotify.max_user_instances=128
+//	fs.inotify.max_user_watches=124983
+//	fs.inotify.max_user_instances=128
 //
 // Reaching the limit will result in a "no space left on device" or "too many open
 // files" error.
@@ -57,14 +57,20 @@ watcher=$(<<EOF
 // control the maximum number of open files, as well as /etc/login.conf on BSD
 // systems.
 //
-// # macOS notes
+// # Windows notes
 //
-// Spotlight indexing on macOS can result in multiple events (see [#15]). A
-// temporary workaround is to add your folder(s) to the "Spotlight Privacy
-// Settings" until we have a native FSEvents implementation (see [#11]).
+// Paths can be added as "C:\\path\\to\\dir", but forward slashes
+// ("C:/path/to/dir") will also work.
 //
-// [#11]: https://github.com/fsnotify/fsnotify/issues/11
-// [#15]: https://github.com/fsnotify/fsnotify/issues/15
+// When a watched directory is removed it will always send an event for the
+// directory itself, but may not send events for all files in that directory.
+// Sometimes it will send events for all times, sometimes it will send no
+// events, and often only for some files.
+//
+// The default ReadDirectoryChangesW() buffer size is 64K, which is the largest
+// value that is guaranteed to work with SMB filesystems. If you have many
+// events in quick succession this may not be enough, and you will have to use
+// [WithBufferSize] to increase the value.
 EOF
 )
 
@@ -73,20 +79,36 @@ new=$(<<EOF
 EOF
 )
 
+newbuffered=$(<<EOF
+// NewBufferedWatcher creates a new Watcher with a buffered Watcher.Events
+// channel.
+//
+// The main use case for this is situations with a very large number of events
+// where the kernel buffer size can't be increased (e.g. due to lack of
+// permissions). An unbuffered Watcher will perform better for almost all use
+// cases, and whenever possible you will be better off increasing the kernel
+// buffers instead of adding a large userspace buffer.
+EOF
+)
+
 add=$(<<EOF
 // Add starts monitoring the path for changes.
 //
-// A path can only be watched once; attempting to watch it more than once will
-// return an error. Paths that do not yet exist on the filesystem cannot be
-// added. A watch will be automatically removed if the path is deleted.
+// A path can only be watched once; watching it more than once is a no-op and will
+// not return an error. Paths that do not yet exist on the filesystem cannot be
+// watched.
 //
-// A path will remain watched if it gets renamed to somewhere else on the same
-// filesystem, but the monitor will get removed if the path gets deleted and
-// re-created, or if it's moved to a different filesystem.
+// A watch will be automatically removed if the watched path is deleted or
+// renamed. The exception is the Windows backend, which doesn't remove the
+// watcher on renames.
 //
 // Notifications on network filesystems (NFS, SMB, FUSE, etc.) or special
 // filesystems (/proc, /sys, etc.) generally don't work.
 //
+// Returns [ErrClosed] if [Watcher.Close] was called.
+//
+// See [Watcher.AddWith] for a version that allows adding options.
+//
 // # Watching directories
 //
 // All files in a directory are monitored, including new files that are created
@@ -96,14 +118,27 @@ add=$(<<EOF
 // # Watching files
 //
 // Watching individual files (rather than directories) is generally not
-// recommended as many tools update files atomically. Instead of "just" writing
-// to the file a temporary file will be written to first, and if successful the
-// temporary file is moved to to destination removing the original, or some
-// variant thereof. The watcher on the original file is now lost, as it no
-// longer exists.
-//
-// Instead, watch the parent directory and use Event.Name to filter out files
-// you're not interested in. There is an example of this in [cmd/fsnotify/file.go].
+// recommended as many programs (especially editors) update files atomically: it
+// will write to a temporary file which is then moved to to destination,
+// overwriting the original (or some variant thereof). The watcher on the
+// original file is now lost, as that no longer exists.
+//
+// The upshot of this is that a power failure or crash won't leave a
+// half-written file.
+//
+// Watch the parent directory and use Event.Name to filter out files you're not
+// interested in. There is an example of this in cmd/fsnotify/file.go.
+EOF
+)
+
+addwith=$(<<EOF
+// AddWith is like [Watcher.Add], but allows adding options. When using Add()
+// the defaults described below are used.
+//
+// Possible options are:
+//
+//   - [WithBufferSize] sets the buffer size for the Windows backend; no-op on
+//     other platforms. The default is 64K (65536 bytes).
 EOF
 )
 
@@ -114,16 +149,21 @@ remove=$(<<EOF
 // /tmp/dir and /tmp/dir/subdir then you will need to remove both.
 //
 // Removing a path that has not yet been added returns [ErrNonExistentWatch].
+//
+// Returns nil if [Watcher.Close] was called.
 EOF
 )
 
 close=$(<<EOF
-// Close removes all watches and closes the events channel.
+// Close removes all watches and closes the Events channel.
 EOF
 )
 
 watchlist=$(<<EOF
-// WatchList returns all paths added with [Add] (and are not yet removed).
+// WatchList returns all paths explicitly added with [Watcher.Add] (and are not
+// yet removed).
+//
+// Returns nil if [Watcher.Close] was called.
 EOF
 )
 
@@ -153,20 +193,29 @@ events=$(<<EOF
 	//                      initiated by the user may show up as one or multiple
 	//                      writes, depending on when the system syncs things to
 	//                      disk. For example when compiling a large Go program
-	//                      you may get hundreds of Write events, so you
-	//                      probably want to wait until you've stopped receiving
-	//                      them (see the dedup example in cmd/fsnotify).
+	//                      you may get hundreds of Write events, and you may
+	//                      want to wait until you've stopped receiving them
+	//                      (see the dedup example in cmd/fsnotify).
+	//
+	//                      Some systems may send Write event for directories
+	//                      when the directory content changes.
 	//
 	//   fsnotify.Chmod     Attributes were changed. On Linux this is also sent
 	//                      when a file is removed (or more accurately, when a
 	//                      link to an inode is removed). On kqueue it's sent
-	//                      and on kqueue when a file is truncated. On Windows
-	//                      it's never sent.
+	//                      when a file is truncated. On Windows it's never
+	//                      sent.
 EOF
 )
 
 errors=$(<<EOF
 	// Errors sends any errors.
+	//
+	// ErrEventOverflow is used to indicate there are too many events:
+	//
+	//  - inotify:      There are too many queued events (fs.inotify.max_queued_events sysctl)
+	//  - windows:      The buffer size is too small; WithBufferSize() can be used to increase it.
+	//  - kqueue, fen:  Not used.
 EOF
 )
 
@@ -200,7 +249,9 @@ set-cmt() {
 
 set-cmt '^type Watcher struct '             $watcher
 set-cmt '^func NewWatcher('                 $new
+set-cmt '^func NewBufferedWatcher('         $newbuffered
 set-cmt '^func (w \*Watcher) Add('          $add
+set-cmt '^func (w \*Watcher) AddWith('      $addwith
 set-cmt '^func (w \*Watcher) Remove('       $remove
 set-cmt '^func (w \*Watcher) Close('        $close
 set-cmt '^func (w \*Watcher) WatchList('    $watchlist
diff --git a/vendor/github.com/gabriel-vasile/mimetype/README.md b/vendor/github.com/gabriel-vasile/mimetype/README.md
index d310928de..231b29190 100644
--- a/vendor/github.com/gabriel-vasile/mimetype/README.md
+++ b/vendor/github.com/gabriel-vasile/mimetype/README.md
@@ -10,9 +10,6 @@
 </h6>
 
 <p align="center">
-  <a href="https://travis-ci.org/gabriel-vasile/mimetype">
-    <img alt="Build Status" src="https://travis-ci.org/gabriel-vasile/mimetype.svg?branch=master">
-  </a>
   <a href="https://pkg.go.dev/github.com/gabriel-vasile/mimetype">
     <img alt="Go Reference" src="https://pkg.go.dev/badge/github.com/gabriel-vasile/mimetype.svg">
   </a>
diff --git a/vendor/github.com/gabriel-vasile/mimetype/internal/magic/binary.go b/vendor/github.com/gabriel-vasile/mimetype/internal/magic/binary.go
index 29bdded3e..f1e944987 100644
--- a/vendor/github.com/gabriel-vasile/mimetype/internal/magic/binary.go
+++ b/vendor/github.com/gabriel-vasile/mimetype/internal/magic/binary.go
@@ -150,32 +150,34 @@ func Marc(raw []byte, limit uint32) bool {
 }
 
 // Glb matches a glTF model format file.
-// GLB is the binary file format representation of 3D models save in
+// GLB is the binary file format representation of 3D models saved in
 // the GL transmission Format (glTF).
-// see more: https://docs.fileformat.com/3d/glb/
-//           https://www.iana.org/assignments/media-types/model/gltf-binary
-// GLB file format is based on little endian and its header structure
-// show  below:
+// GLB uses little endian and its header structure is as follows:
 //
-// <-- 12-byte header                             -->
-// | magic            | version          | length   |
-// | (uint32)         | (uint32)         | (uint32) |
-// | \x67\x6C\x54\x46 | \x01\x00\x00\x00 | ...      |
-// | g   l   T   F    | 1                | ...      |
+// 	<-- 12-byte header                             -->
+// 	| magic            | version          | length   |
+// 	| (uint32)         | (uint32)         | (uint32) |
+// 	| \x67\x6C\x54\x46 | \x01\x00\x00\x00 | ...      |
+// 	| g   l   T   F    | 1                | ...      |
+//
+// Visit [glTF specification] and [IANA glTF entry] for more details.
+//
+// [glTF specification]: https://registry.khronos.org/glTF/specs/2.0/glTF-2.0.html
+// [IANA glTF entry]: https://www.iana.org/assignments/media-types/model/gltf-binary
 var Glb = prefix([]byte("\x67\x6C\x54\x46\x02\x00\x00\x00"),
 	[]byte("\x67\x6C\x54\x46\x01\x00\x00\x00"))
 
 // TzIf matches a Time Zone Information Format (TZif) file.
 // See more: https://tools.ietf.org/id/draft-murchison-tzdist-tzif-00.html#rfc.section.3
 // Its header structure is shown below:
-// +---------------+---+
-// |  magic    (4) | <-+-- version (1)
-// +---------------+---+---------------------------------------+
-// |           [unused - reserved for future use] (15)         |
-// +---------------+---------------+---------------+-----------+
-// |  isutccnt (4) |  isstdcnt (4) |  leapcnt  (4) |
-// +---------------+---------------+---------------+
-// |  timecnt  (4) |  typecnt  (4) |  charcnt  (4) |
+// 	+---------------+---+
+// 	|  magic    (4) | <-+-- version (1)
+// 	+---------------+---+---------------------------------------+
+// 	|           [unused - reserved for future use] (15)         |
+// 	+---------------+---------------+---------------+-----------+
+// 	|  isutccnt (4) |  isstdcnt (4) |  leapcnt  (4) |
+// 	+---------------+---------------+---------------+
+// 	|  timecnt  (4) |  typecnt  (4) |  charcnt  (4) |
 func TzIf(raw []byte, limit uint32) bool {
 	// File is at least 44 bytes (header size).
 	if len(raw) < 44 {
diff --git a/vendor/github.com/gabriel-vasile/mimetype/internal/magic/magic.go b/vendor/github.com/gabriel-vasile/mimetype/internal/magic/magic.go
index 466058fbe..34b84f401 100644
--- a/vendor/github.com/gabriel-vasile/mimetype/internal/magic/magic.go
+++ b/vendor/github.com/gabriel-vasile/mimetype/internal/magic/magic.go
@@ -177,7 +177,9 @@ func newXMLSig(localName, xmlns string) xmlSig {
 // and, optionally, followed by the arguments for the interpreter.
 //
 // Ex:
-//  #! /usr/bin/env php
+//
+//	#! /usr/bin/env php
+//
 // /usr/bin/env is the interpreter, php is the first and only argument.
 func shebang(sigs ...[]byte) Detector {
 	return func(raw []byte, limit uint32) bool {
diff --git a/vendor/github.com/gabriel-vasile/mimetype/internal/magic/text_csv.go b/vendor/github.com/gabriel-vasile/mimetype/internal/magic/text_csv.go
index 6a1561923..84ed64928 100644
--- a/vendor/github.com/gabriel-vasile/mimetype/internal/magic/text_csv.go
+++ b/vendor/github.com/gabriel-vasile/mimetype/internal/magic/text_csv.go
@@ -3,6 +3,7 @@ package magic
 import (
 	"bytes"
 	"encoding/csv"
+	"errors"
 	"io"
 )
 
@@ -19,12 +20,23 @@ func Tsv(raw []byte, limit uint32) bool {
 func sv(in []byte, comma rune, limit uint32) bool {
 	r := csv.NewReader(dropLastLine(in, limit))
 	r.Comma = comma
-	r.TrimLeadingSpace = true
+	r.ReuseRecord = true
 	r.LazyQuotes = true
 	r.Comment = '#'
 
-	lines, err := r.ReadAll()
-	return err == nil && r.FieldsPerRecord > 1 && len(lines) > 1
+	lines := 0
+	for {
+		_, err := r.Read()
+		if errors.Is(err, io.EOF) {
+			break
+		}
+		if err != nil {
+			return false
+		}
+		lines++
+	}
+
+	return r.FieldsPerRecord > 1 && lines > 1
 }
 
 // dropLastLine drops the last incomplete line from b.
diff --git a/vendor/github.com/gabriel-vasile/mimetype/mimetype.go b/vendor/github.com/gabriel-vasile/mimetype/mimetype.go
index 08e68e334..1b5909b75 100644
--- a/vendor/github.com/gabriel-vasile/mimetype/mimetype.go
+++ b/vendor/github.com/gabriel-vasile/mimetype/mimetype.go
@@ -39,7 +39,8 @@ func Detect(in []byte) *MIME {
 //
 // DetectReader assumes the reader offset is at the start. If the input is an
 // io.ReadSeeker you previously read from, it should be rewinded before detection:
-//  reader.Seek(0, io.SeekStart)
+//
+//	reader.Seek(0, io.SeekStart)
 func DetectReader(r io.Reader) (*MIME, error) {
 	var in []byte
 	var err error
diff --git a/vendor/github.com/gabriel-vasile/mimetype/supported_mimes.md b/vendor/github.com/gabriel-vasile/mimetype/supported_mimes.md
index cdec4e674..5ec6f6b65 100644
--- a/vendor/github.com/gabriel-vasile/mimetype/supported_mimes.md
+++ b/vendor/github.com/gabriel-vasile/mimetype/supported_mimes.md
@@ -1,4 +1,4 @@
-## 172 Supported MIME types
+## 173 Supported MIME types
 This file is automatically generated when running tests. Do not edit manually.
 
 Extension | MIME type | Aliases
diff --git a/vendor/github.com/go-logr/logr/README.md b/vendor/github.com/go-logr/logr/README.md
index ab5931181..a8c29bfbd 100644
--- a/vendor/github.com/go-logr/logr/README.md
+++ b/vendor/github.com/go-logr/logr/README.md
@@ -1,6 +1,7 @@
 # A minimal logging API for Go
 
 [![Go Reference](https://pkg.go.dev/badge/github.com/go-logr/logr.svg)](https://pkg.go.dev/github.com/go-logr/logr)
+[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/go-logr/logr/badge)](https://securityscorecards.dev/viewer/?platform=github.com&org=go-logr&repo=logr)
 
 logr offers an(other) opinion on how Go programs and libraries can do logging
 without becoming coupled to a particular logging implementation.  This is not
@@ -73,6 +74,29 @@ received:
 If the Go standard library had defined an interface for logging, this project
 probably would not be needed.  Alas, here we are.
 
+When the Go developers started developing such an interface with
+[slog](https://github.com/golang/go/issues/56345), they adopted some of the
+logr design but also left out some parts and changed others:
+
+| Feature | logr | slog |
+|---------|------|------|
+| High-level API | `Logger` (passed by value) | `Logger` (passed by [pointer](https://github.com/golang/go/issues/59126)) |
+| Low-level API | `LogSink` | `Handler` |
+| Stack unwinding | done by `LogSink` | done by `Logger` |
+| Skipping helper functions | `WithCallDepth`, `WithCallStackHelper` | [not supported by Logger](https://github.com/golang/go/issues/59145) |
+| Generating a value for logging on demand | `Marshaler` | `LogValuer` |
+| Log levels | >= 0, higher meaning "less important" | positive and negative, with 0 for "info" and higher meaning "more important" |
+| Error log entries | always logged, don't have a verbosity level | normal log entries with level >= `LevelError` |
+| Passing logger via context | `NewContext`, `FromContext` | no API |
+| Adding a name to a logger | `WithName` | no API |
+| Modify verbosity of log entries in a call chain | `V` | no API |
+| Grouping of key/value pairs | not supported | `WithGroup`, `GroupValue` |
+
+The high-level slog API is explicitly meant to be one of many different APIs
+that can be layered on top of a shared `slog.Handler`. logr is one such
+alternative API, with [interoperability](#slog-interoperability) provided by the [`slogr`](slogr)
+package.
+
 ### Inspiration
 
 Before you consider this package, please read [this blog post by the
@@ -118,6 +142,91 @@ There are implementations for the following logging libraries:
 - **github.com/go-kit/log**: [gokitlogr](https://github.com/tonglil/gokitlogr) (also compatible with github.com/go-kit/kit/log since v0.12.0)
 - **bytes.Buffer** (writing to a buffer): [bufrlogr](https://github.com/tonglil/buflogr) (useful for ensuring values were logged, like during testing)
 
+## slog interoperability
+
+Interoperability goes both ways, using the `logr.Logger` API with a `slog.Handler`
+and using the `slog.Logger` API with a `logr.LogSink`. [slogr](./slogr) provides `NewLogr` and
+`NewSlogHandler` API calls to convert between a `logr.Logger` and a `slog.Handler`.
+As usual, `slog.New` can be used to wrap such a `slog.Handler` in the high-level
+slog API. `slogr` itself leaves that to the caller.
+
+## Using a `logr.Sink` as backend for slog
+
+Ideally, a logr sink implementation should support both logr and slog by
+implementing both the normal logr interface(s) and `slogr.SlogSink`.  Because
+of a conflict in the parameters of the common `Enabled` method, it is [not
+possible to implement both slog.Handler and logr.Sink in the same
+type](https://github.com/golang/go/issues/59110).
+
+If both are supported, log calls can go from the high-level APIs to the backend
+without the need to convert parameters. `NewLogr` and `NewSlogHandler` can
+convert back and forth without adding additional wrappers, with one exception:
+when `Logger.V` was used to adjust the verbosity for a `slog.Handler`, then
+`NewSlogHandler` has to use a wrapper which adjusts the verbosity for future
+log calls.
+
+Such an implementation should also support values that implement specific
+interfaces from both packages for logging (`logr.Marshaler`, `slog.LogValuer`,
+`slog.GroupValue`). logr does not convert those.
+
+Not supporting slog has several drawbacks:
+- Recording source code locations works correctly if the handler gets called
+  through `slog.Logger`, but may be wrong in other cases. That's because a
+  `logr.Sink` does its own stack unwinding instead of using the program counter
+  provided by the high-level API.
+- slog levels <= 0 can be mapped to logr levels by negating the level without a
+  loss of information. But all slog levels > 0 (e.g. `slog.LevelWarning` as
+  used by `slog.Logger.Warn`) must be mapped to 0 before calling the sink
+  because logr does not support "more important than info" levels.
+- The slog group concept is supported by prefixing each key in a key/value
+  pair with the group names, separated by a dot. For structured output like
+  JSON it would be better to group the key/value pairs inside an object.
+- Special slog values and interfaces don't work as expected.
+- The overhead is likely to be higher.
+
+These drawbacks are severe enough that applications using a mixture of slog and
+logr should switch to a different backend.
+
+## Using a `slog.Handler` as backend for logr
+
+Using a plain `slog.Handler` without support for logr works better than the
+other direction:
+- All logr verbosity levels can be mapped 1:1 to their corresponding slog level
+  by negating them.
+- Stack unwinding is done by the `slogr.SlogSink` and the resulting program
+  counter is passed to the `slog.Handler`.
+- Names added via `Logger.WithName` are gathered and recorded in an additional
+  attribute with `logger` as key and the names separated by slash as value.
+- `Logger.Error` is turned into a log record with `slog.LevelError` as level
+  and an additional attribute with `err` as key, if an error was provided.
+
+The main drawback is that `logr.Marshaler` will not be supported. Types should
+ideally support both `logr.Marshaler` and `slog.Valuer`. If compatibility
+with logr implementations without slog support is not important, then
+`slog.Valuer` is sufficient.
+
+## Context support for slog
+
+Storing a logger in a `context.Context` is not supported by
+slog. `logr.NewContext` and `logr.FromContext` can be used with slog like this
+to fill this gap:
+
+    func HandlerFromContext(ctx context.Context) slog.Handler {
+        logger, err := logr.FromContext(ctx)
+        if err == nil {
+            return slogr.NewSlogHandler(logger)
+        }
+        return slog.Default().Handler()
+    }
+
+    func ContextWithHandler(ctx context.Context, handler slog.Handler) context.Context {
+        return logr.NewContext(ctx, slogr.NewLogr(handler))
+    }
+
+The downside is that storing and retrieving a `slog.Handler` needs more
+allocations compared to using a `logr.Logger`. Therefore the recommendation is
+to use the `logr.Logger` API in code which uses contextual logging.
+
 ## FAQ
 
 ### Conceptual
@@ -241,7 +350,9 @@ Otherwise, you can start out with `0` as "you always want to see this",
 
 Then gradually choose levels in between as you need them, working your way
 down from 10 (for debug and trace style logs) and up from 1 (for chattier
-info-type logs.)
+info-type logs). For reference, slog pre-defines -4 for debug logs
+(corresponds to 4 in logr), which matches what is
+[recommended for Kubernetes](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-instrumentation/logging.md#what-method-to-use).
 
 #### How do I choose my keys?
 
diff --git a/vendor/github.com/go-logr/logr/SECURITY.md b/vendor/github.com/go-logr/logr/SECURITY.md
new file mode 100644
index 000000000..1ca756fc7
--- /dev/null
+++ b/vendor/github.com/go-logr/logr/SECURITY.md
@@ -0,0 +1,18 @@
+# Security Policy
+
+If you have discovered a security vulnerability in this project, please report it
+privately. **Do not disclose it as a public issue.** This gives us time to work with you
+to fix the issue before public exposure, reducing the chance that the exploit will be
+used before a patch is released.
+
+You may submit the report in the following ways:
+
+- send an email to go-logr-security@googlegroups.com
+- send us a [private vulnerability report](https://github.com/go-logr/logr/security/advisories/new)
+
+Please provide the following information in your report:
+
+- A description of the vulnerability and its impact
+- How to reproduce the issue
+
+We ask that you give us 90 days to work on a fix before public exposure.
diff --git a/vendor/github.com/go-logr/logr/funcr/funcr.go b/vendor/github.com/go-logr/logr/funcr/funcr.go
index e52f0cd01..12e5807cc 100644
--- a/vendor/github.com/go-logr/logr/funcr/funcr.go
+++ b/vendor/github.com/go-logr/logr/funcr/funcr.go
@@ -116,17 +116,17 @@ type Options struct {
 	// Equivalent hooks are offered for key-value pairs saved via
 	// logr.Logger.WithValues or Formatter.AddValues (see RenderValuesHook) and
 	// for user-provided pairs (see RenderArgsHook).
-	RenderBuiltinsHook func(kvList []interface{}) []interface{}
+	RenderBuiltinsHook func(kvList []any) []any
 
 	// RenderValuesHook is the same as RenderBuiltinsHook, except that it is
 	// only called for key-value pairs saved via logr.Logger.WithValues.  See
 	// RenderBuiltinsHook for more details.
-	RenderValuesHook func(kvList []interface{}) []interface{}
+	RenderValuesHook func(kvList []any) []any
 
 	// RenderArgsHook is the same as RenderBuiltinsHook, except that it is only
 	// called for key-value pairs passed directly to Info and Error.  See
 	// RenderBuiltinsHook for more details.
-	RenderArgsHook func(kvList []interface{}) []interface{}
+	RenderArgsHook func(kvList []any) []any
 
 	// MaxLogDepth tells funcr how many levels of nested fields (e.g. a struct
 	// that contains a struct, etc.) it may log.  Every time it finds a struct,
@@ -163,7 +163,7 @@ func (l fnlogger) WithName(name string) logr.LogSink {
 	return &l
 }
 
-func (l fnlogger) WithValues(kvList ...interface{}) logr.LogSink {
+func (l fnlogger) WithValues(kvList ...any) logr.LogSink {
 	l.Formatter.AddValues(kvList)
 	return &l
 }
@@ -173,12 +173,12 @@ func (l fnlogger) WithCallDepth(depth int) logr.LogSink {
 	return &l
 }
 
-func (l fnlogger) Info(level int, msg string, kvList ...interface{}) {
+func (l fnlogger) Info(level int, msg string, kvList ...any) {
 	prefix, args := l.FormatInfo(level, msg, kvList)
 	l.write(prefix, args)
 }
 
-func (l fnlogger) Error(err error, msg string, kvList ...interface{}) {
+func (l fnlogger) Error(err error, msg string, kvList ...any) {
 	prefix, args := l.FormatError(err, msg, kvList)
 	l.write(prefix, args)
 }
@@ -229,7 +229,7 @@ func newFormatter(opts Options, outfmt outputFormat) Formatter {
 type Formatter struct {
 	outputFormat outputFormat
 	prefix       string
-	values       []interface{}
+	values       []any
 	valuesStr    string
 	depth        int
 	opts         *Options
@@ -246,10 +246,10 @@ const (
 )
 
 // PseudoStruct is a list of key-value pairs that gets logged as a struct.
-type PseudoStruct []interface{}
+type PseudoStruct []any
 
 // render produces a log line, ready to use.
-func (f Formatter) render(builtins, args []interface{}) string {
+func (f Formatter) render(builtins, args []any) string {
 	// Empirically bytes.Buffer is faster than strings.Builder for this.
 	buf := bytes.NewBuffer(make([]byte, 0, 1024))
 	if f.outputFormat == outputJSON {
@@ -292,7 +292,7 @@ func (f Formatter) render(builtins, args []interface{}) string {
 // This function returns a potentially modified version of kvList, which
 // ensures that there is a value for every key (adding a value if needed) and
 // that each key is a string (substituting a key if needed).
-func (f Formatter) flatten(buf *bytes.Buffer, kvList []interface{}, continuing bool, escapeKeys bool) []interface{} {
+func (f Formatter) flatten(buf *bytes.Buffer, kvList []any, continuing bool, escapeKeys bool) []any {
 	// This logic overlaps with sanitize() but saves one type-cast per key,
 	// which can be measurable.
 	if len(kvList)%2 != 0 {
@@ -334,7 +334,7 @@ func (f Formatter) flatten(buf *bytes.Buffer, kvList []interface{}, continuing b
 	return kvList
 }
 
-func (f Formatter) pretty(value interface{}) string {
+func (f Formatter) pretty(value any) string {
 	return f.prettyWithFlags(value, 0, 0)
 }
 
@@ -343,7 +343,7 @@ const (
 )
 
 // TODO: This is not fast. Most of the overhead goes here.
-func (f Formatter) prettyWithFlags(value interface{}, flags uint32, depth int) string {
+func (f Formatter) prettyWithFlags(value any, flags uint32, depth int) string {
 	if depth > f.opts.MaxLogDepth {
 		return `"<max-log-depth-exceeded>"`
 	}
@@ -614,7 +614,7 @@ func isEmpty(v reflect.Value) bool {
 	return false
 }
 
-func invokeMarshaler(m logr.Marshaler) (ret interface{}) {
+func invokeMarshaler(m logr.Marshaler) (ret any) {
 	defer func() {
 		if r := recover(); r != nil {
 			ret = fmt.Sprintf("<panic: %s>", r)
@@ -675,12 +675,12 @@ func (f Formatter) caller() Caller {
 
 const noValue = "<no-value>"
 
-func (f Formatter) nonStringKey(v interface{}) string {
+func (f Formatter) nonStringKey(v any) string {
 	return fmt.Sprintf("<non-string-key: %s>", f.snippet(v))
 }
 
 // snippet produces a short snippet string of an arbitrary value.
-func (f Formatter) snippet(v interface{}) string {
+func (f Formatter) snippet(v any) string {
 	const snipLen = 16
 
 	snip := f.pretty(v)
@@ -693,7 +693,7 @@ func (f Formatter) snippet(v interface{}) string {
 // sanitize ensures that a list of key-value pairs has a value for every key
 // (adding a value if needed) and that each key is a string (substituting a key
 // if needed).
-func (f Formatter) sanitize(kvList []interface{}) []interface{} {
+func (f Formatter) sanitize(kvList []any) []any {
 	if len(kvList)%2 != 0 {
 		kvList = append(kvList, noValue)
 	}
@@ -727,8 +727,8 @@ func (f Formatter) GetDepth() int {
 // FormatInfo renders an Info log message into strings.  The prefix will be
 // empty when no names were set (via AddNames), or when the output is
 // configured for JSON.
-func (f Formatter) FormatInfo(level int, msg string, kvList []interface{}) (prefix, argsStr string) {
-	args := make([]interface{}, 0, 64) // using a constant here impacts perf
+func (f Formatter) FormatInfo(level int, msg string, kvList []any) (prefix, argsStr string) {
+	args := make([]any, 0, 64) // using a constant here impacts perf
 	prefix = f.prefix
 	if f.outputFormat == outputJSON {
 		args = append(args, "logger", prefix)
@@ -745,10 +745,10 @@ func (f Formatter) FormatInfo(level int, msg string, kvList []interface{}) (pref
 }
 
 // FormatError renders an Error log message into strings.  The prefix will be
-// empty when no names were set (via AddNames),  or when the output is
+// empty when no names were set (via AddNames), or when the output is
 // configured for JSON.
-func (f Formatter) FormatError(err error, msg string, kvList []interface{}) (prefix, argsStr string) {
-	args := make([]interface{}, 0, 64) // using a constant here impacts perf
+func (f Formatter) FormatError(err error, msg string, kvList []any) (prefix, argsStr string) {
+	args := make([]any, 0, 64) // using a constant here impacts perf
 	prefix = f.prefix
 	if f.outputFormat == outputJSON {
 		args = append(args, "logger", prefix)
@@ -761,12 +761,12 @@ func (f Formatter) FormatError(err error, msg string, kvList []interface{}) (pre
 		args = append(args, "caller", f.caller())
 	}
 	args = append(args, "msg", msg)
-	var loggableErr interface{}
+	var loggableErr any
 	if err != nil {
 		loggableErr = err.Error()
 	}
 	args = append(args, "error", loggableErr)
-	return f.prefix, f.render(args, kvList)
+	return prefix, f.render(args, kvList)
 }
 
 // AddName appends the specified name.  funcr uses '/' characters to separate
@@ -781,7 +781,7 @@ func (f *Formatter) AddName(name string) {
 
 // AddValues adds key-value pairs to the set of saved values to be logged with
 // each log line.
-func (f *Formatter) AddValues(kvList []interface{}) {
+func (f *Formatter) AddValues(kvList []any) {
 	// Three slice args forces a copy.
 	n := len(f.values)
 	f.values = append(f.values[:n:n], kvList...)
diff --git a/vendor/github.com/go-logr/logr/logr.go b/vendor/github.com/go-logr/logr/logr.go
index e027aea3f..2a5075a18 100644
--- a/vendor/github.com/go-logr/logr/logr.go
+++ b/vendor/github.com/go-logr/logr/logr.go
@@ -127,9 +127,9 @@ limitations under the License.
 // such a value can call its methods without having to check whether the
 // instance is ready for use.
 //
-// Calling methods with the null logger (Logger{}) as instance will crash
-// because it has no LogSink. Therefore this null logger should never be passed
-// around. For cases where passing a logger is optional, a pointer to Logger
+// The zero logger (= Logger{}) is identical to Discard() and discards all log
+// entries. Code that receives a Logger by value can simply call it, the methods
+// will never crash. For cases where passing a logger is optional, a pointer to Logger
 // should be used.
 //
 // # Key Naming Conventions
@@ -258,6 +258,12 @@ type Logger struct {
 // Enabled tests whether this Logger is enabled.  For example, commandline
 // flags might be used to set the logging verbosity and disable some info logs.
 func (l Logger) Enabled() bool {
+	// Some implementations of LogSink look at the caller in Enabled (e.g.
+	// different verbosity levels per package or file), but we only pass one
+	// CallDepth in (via Init).  This means that all calls from Logger to the
+	// LogSink's Enabled, Info, and Error methods must have the same number of
+	// frames.  In other words, Logger methods can't call other Logger methods
+	// which call these LogSink methods unless we do it the same in all paths.
 	return l.sink != nil && l.sink.Enabled(l.level)
 }
 
@@ -267,11 +273,11 @@ func (l Logger) Enabled() bool {
 // line.  The key/value pairs can then be used to add additional variable
 // information.  The key/value pairs must alternate string keys and arbitrary
 // values.
-func (l Logger) Info(msg string, keysAndValues ...interface{}) {
+func (l Logger) Info(msg string, keysAndValues ...any) {
 	if l.sink == nil {
 		return
 	}
-	if l.Enabled() {
+	if l.sink.Enabled(l.level) { // see comment in Enabled
 		if withHelper, ok := l.sink.(CallStackHelperLogSink); ok {
 			withHelper.GetCallStackHelper()()
 		}
@@ -289,7 +295,7 @@ func (l Logger) Info(msg string, keysAndValues ...interface{}) {
 // while the err argument should be used to attach the actual error that
 // triggered this log line, if present. The err parameter is optional
 // and nil may be passed instead of an error instance.
-func (l Logger) Error(err error, msg string, keysAndValues ...interface{}) {
+func (l Logger) Error(err error, msg string, keysAndValues ...any) {
 	if l.sink == nil {
 		return
 	}
@@ -314,9 +320,16 @@ func (l Logger) V(level int) Logger {
 	return l
 }
 
+// GetV returns the verbosity level of the logger. If the logger's LogSink is
+// nil as in the Discard logger, this will always return 0.
+func (l Logger) GetV() int {
+	// 0 if l.sink nil because of the if check in V above.
+	return l.level
+}
+
 // WithValues returns a new Logger instance with additional key/value pairs.
 // See Info for documentation on how key/value pairs work.
-func (l Logger) WithValues(keysAndValues ...interface{}) Logger {
+func (l Logger) WithValues(keysAndValues ...any) Logger {
 	if l.sink == nil {
 		return l
 	}
@@ -467,15 +480,15 @@ type LogSink interface {
 	// The level argument is provided for optional logging.  This method will
 	// only be called when Enabled(level) is true. See Logger.Info for more
 	// details.
-	Info(level int, msg string, keysAndValues ...interface{})
+	Info(level int, msg string, keysAndValues ...any)
 
 	// Error logs an error, with the given message and key/value pairs as
 	// context.  See Logger.Error for more details.
-	Error(err error, msg string, keysAndValues ...interface{})
+	Error(err error, msg string, keysAndValues ...any)
 
 	// WithValues returns a new LogSink with additional key/value pairs.  See
 	// Logger.WithValues for more details.
-	WithValues(keysAndValues ...interface{}) LogSink
+	WithValues(keysAndValues ...any) LogSink
 
 	// WithName returns a new LogSink with the specified name appended.  See
 	// Logger.WithName for more details.
@@ -546,5 +559,5 @@ type Marshaler interface {
 	//     with exported fields
 	//
 	// It may return any value of any type.
-	MarshalLog() interface{}
+	MarshalLog() any
 }
diff --git a/vendor/github.com/go-openapi/errors/api.go b/vendor/github.com/go-openapi/errors/api.go
index 77f1f92c5..c13f3435f 100644
--- a/vendor/github.com/go-openapi/errors/api.go
+++ b/vendor/github.com/go-openapi/errors/api.go
@@ -112,7 +112,7 @@ func flattenComposite(errs *CompositeError) *CompositeError {
 	for _, er := range errs.Errors {
 		switch e := er.(type) {
 		case *CompositeError:
-			if len(e.Errors) > 0 {
+			if e != nil && len(e.Errors) > 0 {
 				flat := flattenComposite(e)
 				if len(flat.Errors) > 0 {
 					res = append(res, flat.Errors...)
diff --git a/vendor/github.com/go-openapi/jsonpointer/pointer.go b/vendor/github.com/go-openapi/jsonpointer/pointer.go
index 7df9853de..de60dc7dd 100644
--- a/vendor/github.com/go-openapi/jsonpointer/pointer.go
+++ b/vendor/github.com/go-openapi/jsonpointer/pointer.go
@@ -26,6 +26,7 @@
 package jsonpointer
 
 import (
+	"encoding/json"
 	"errors"
 	"fmt"
 	"reflect"
@@ -40,6 +41,7 @@ const (
 	pointerSeparator = `/`
 
 	invalidStart = `JSON pointer must be empty or start with a "` + pointerSeparator
+	notFound     = `Can't find the pointer in the document`
 )
 
 var jsonPointableType = reflect.TypeOf(new(JSONPointable)).Elem()
@@ -48,13 +50,13 @@ var jsonSetableType = reflect.TypeOf(new(JSONSetable)).Elem()
 // JSONPointable is an interface for structs to implement when they need to customize the
 // json pointer process
 type JSONPointable interface {
-	JSONLookup(string) (interface{}, error)
+	JSONLookup(string) (any, error)
 }
 
 // JSONSetable is an interface for structs to implement when they need to customize the
 // json pointer process
 type JSONSetable interface {
-	JSONSet(string, interface{}) error
+	JSONSet(string, any) error
 }
 
 // New creates a new json pointer for the given string
@@ -81,9 +83,7 @@ func (p *Pointer) parse(jsonPointerString string) error {
 			err = errors.New(invalidStart)
 		} else {
 			referenceTokens := strings.Split(jsonPointerString, pointerSeparator)
-			for _, referenceToken := range referenceTokens[1:] {
-				p.referenceTokens = append(p.referenceTokens, referenceToken)
-			}
+			p.referenceTokens = append(p.referenceTokens, referenceTokens[1:]...)
 		}
 	}
 
@@ -91,26 +91,26 @@ func (p *Pointer) parse(jsonPointerString string) error {
 }
 
 // Get uses the pointer to retrieve a value from a JSON document
-func (p *Pointer) Get(document interface{}) (interface{}, reflect.Kind, error) {
+func (p *Pointer) Get(document any) (any, reflect.Kind, error) {
 	return p.get(document, swag.DefaultJSONNameProvider)
 }
 
 // Set uses the pointer to set a value from a JSON document
-func (p *Pointer) Set(document interface{}, value interface{}) (interface{}, error) {
+func (p *Pointer) Set(document any, value any) (any, error) {
 	return document, p.set(document, value, swag.DefaultJSONNameProvider)
 }
 
 // GetForToken gets a value for a json pointer token 1 level deep
-func GetForToken(document interface{}, decodedToken string) (interface{}, reflect.Kind, error) {
+func GetForToken(document any, decodedToken string) (any, reflect.Kind, error) {
 	return getSingleImpl(document, decodedToken, swag.DefaultJSONNameProvider)
 }
 
 // SetForToken gets a value for a json pointer token 1 level deep
-func SetForToken(document interface{}, decodedToken string, value interface{}) (interface{}, error) {
+func SetForToken(document any, decodedToken string, value any) (any, error) {
 	return document, setSingleImpl(document, value, decodedToken, swag.DefaultJSONNameProvider)
 }
 
-func getSingleImpl(node interface{}, decodedToken string, nameProvider *swag.NameProvider) (interface{}, reflect.Kind, error) {
+func getSingleImpl(node any, decodedToken string, nameProvider *swag.NameProvider) (any, reflect.Kind, error) {
 	rValue := reflect.Indirect(reflect.ValueOf(node))
 	kind := rValue.Kind()
 
@@ -159,7 +159,7 @@ func getSingleImpl(node interface{}, decodedToken string, nameProvider *swag.Nam
 
 }
 
-func setSingleImpl(node, data interface{}, decodedToken string, nameProvider *swag.NameProvider) error {
+func setSingleImpl(node, data any, decodedToken string, nameProvider *swag.NameProvider) error {
 	rValue := reflect.Indirect(reflect.ValueOf(node))
 
 	if ns, ok := node.(JSONSetable); ok { // pointer impl
@@ -210,7 +210,7 @@ func setSingleImpl(node, data interface{}, decodedToken string, nameProvider *sw
 
 }
 
-func (p *Pointer) get(node interface{}, nameProvider *swag.NameProvider) (interface{}, reflect.Kind, error) {
+func (p *Pointer) get(node any, nameProvider *swag.NameProvider) (any, reflect.Kind, error) {
 
 	if nameProvider == nil {
 		nameProvider = swag.DefaultJSONNameProvider
@@ -241,7 +241,7 @@ func (p *Pointer) get(node interface{}, nameProvider *swag.NameProvider) (interf
 	return node, kind, nil
 }
 
-func (p *Pointer) set(node, data interface{}, nameProvider *swag.NameProvider) error {
+func (p *Pointer) set(node, data any, nameProvider *swag.NameProvider) error {
 	knd := reflect.ValueOf(node).Kind()
 
 	if knd != reflect.Ptr && knd != reflect.Struct && knd != reflect.Map && knd != reflect.Slice && knd != reflect.Array {
@@ -363,6 +363,127 @@ func (p *Pointer) String() string {
 	return pointerString
 }
 
+func (p *Pointer) Offset(document string) (int64, error) {
+	dec := json.NewDecoder(strings.NewReader(document))
+	var offset int64
+	for _, ttk := range p.DecodedTokens() {
+		tk, err := dec.Token()
+		if err != nil {
+			return 0, err
+		}
+		switch tk := tk.(type) {
+		case json.Delim:
+			switch tk {
+			case '{':
+				offset, err = offsetSingleObject(dec, ttk)
+				if err != nil {
+					return 0, err
+				}
+			case '[':
+				offset, err = offsetSingleArray(dec, ttk)
+				if err != nil {
+					return 0, err
+				}
+			default:
+				return 0, fmt.Errorf("invalid token %#v", tk)
+			}
+		default:
+			return 0, fmt.Errorf("invalid token %#v", tk)
+		}
+	}
+	return offset, nil
+}
+
+func offsetSingleObject(dec *json.Decoder, decodedToken string) (int64, error) {
+	for dec.More() {
+		offset := dec.InputOffset()
+		tk, err := dec.Token()
+		if err != nil {
+			return 0, err
+		}
+		switch tk := tk.(type) {
+		case json.Delim:
+			switch tk {
+			case '{':
+				if err := drainSingle(dec); err != nil {
+					return 0, err
+				}
+			case '[':
+				if err := drainSingle(dec); err != nil {
+					return 0, err
+				}
+			}
+		case string:
+			if tk == decodedToken {
+				return offset, nil
+			}
+		default:
+			return 0, fmt.Errorf("invalid token %#v", tk)
+		}
+	}
+	return 0, fmt.Errorf("token reference %q not found", decodedToken)
+}
+
+func offsetSingleArray(dec *json.Decoder, decodedToken string) (int64, error) {
+	idx, err := strconv.Atoi(decodedToken)
+	if err != nil {
+		return 0, fmt.Errorf("token reference %q is not a number: %v", decodedToken, err)
+	}
+	var i int
+	for i = 0; i < idx && dec.More(); i++ {
+		tk, err := dec.Token()
+		if err != nil {
+			return 0, err
+		}
+		switch tk := tk.(type) {
+		case json.Delim:
+			switch tk {
+			case '{':
+				if err := drainSingle(dec); err != nil {
+					return 0, err
+				}
+			case '[':
+				if err := drainSingle(dec); err != nil {
+					return 0, err
+				}
+			}
+		}
+	}
+	if !dec.More() {
+		return 0, fmt.Errorf("token reference %q not found", decodedToken)
+	}
+	return dec.InputOffset(), nil
+}
+
+// drainSingle drains a single level of object or array.
+// The decoder has to guarantee the begining delim (i.e. '{' or '[') has been consumed.
+func drainSingle(dec *json.Decoder) error {
+	for dec.More() {
+		tk, err := dec.Token()
+		if err != nil {
+			return err
+		}
+		switch tk := tk.(type) {
+		case json.Delim:
+			switch tk {
+			case '{':
+				if err := drainSingle(dec); err != nil {
+					return err
+				}
+			case '[':
+				if err := drainSingle(dec); err != nil {
+					return err
+				}
+			}
+		}
+	}
+	// Consumes the ending delim
+	if _, err := dec.Token(); err != nil {
+		return err
+	}
+	return nil
+}
+
 // Specific JSON pointer encoding here
 // ~0 => ~
 // ~1 => /
diff --git a/vendor/github.com/go-playground/validator/v10/Makefile b/vendor/github.com/go-playground/validator/v10/Makefile
index ec3455bd5..09f171ba1 100644
--- a/vendor/github.com/go-playground/validator/v10/Makefile
+++ b/vendor/github.com/go-playground/validator/v10/Makefile
@@ -13,6 +13,6 @@ test:
 	$(GOCMD) test -cover -race ./...
 
 bench:
-	$(GOCMD) test -bench=. -benchmem ./...
+	$(GOCMD) test -run=NONE -bench=. -benchmem ./...
 
 .PHONY: test lint linters-install
\ No newline at end of file
diff --git a/vendor/github.com/go-playground/validator/v10/README.md b/vendor/github.com/go-playground/validator/v10/README.md
index 931b3414a..8e80d52a5 100644
--- a/vendor/github.com/go-playground/validator/v10/README.md
+++ b/vendor/github.com/go-playground/validator/v10/README.md
@@ -1,7 +1,7 @@
 Package validator
 =================
-<img align="right" src="https://raw.githubusercontent.com/go-playground/validator/v10/logo.png">[![Join the chat at https://gitter.im/go-playground/validator](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/go-playground/validator?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
-![Project status](https://img.shields.io/badge/version-10.14.0-green.svg)
+<img align="right" src="logo.png">[![Join the chat at https://gitter.im/go-playground/validator](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/go-playground/validator?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
+![Project status](https://img.shields.io/badge/version-10.15.4-green.svg)
 [![Build Status](https://travis-ci.org/go-playground/validator.svg?branch=master)](https://travis-ci.org/go-playground/validator)
 [![Coverage Status](https://coveralls.io/repos/go-playground/validator/badge.svg?branch=master&service=github)](https://coveralls.io/github/go-playground/validator?branch=master)
 [![Go Report Card](https://goreportcard.com/badge/github.com/go-playground/validator)](https://goreportcard.com/report/github.com/go-playground/validator)
@@ -67,6 +67,12 @@ Please see https://pkg.go.dev/github.com/go-playground/validator/v10 for detaile
 Baked-in Validations
 ------
 
+### Special Notes:
+- If new to using validator it is highly recommended to initialize it using the `WithRequiredStructEnabled` option which is opt-in to new behaviour that will become the default behaviour in v11+. See documentation for more details.
+```go
+validate := validator.New(validator.WithRequiredStructEnabled())
+```
+
 ### Fields:
 
 | Tag | Description |
@@ -158,6 +164,7 @@ Baked-in Validations
 | credit_card | Credit Card Number |
 | mongodb | MongoDB ObjectID |
 | cron | Cron |
+| spicedb | SpiceDb ObjectID/Permission/Type |
 | datetime | Datetime |
 | e164 | e164 formatted phone number |
 | email | E-mail String
@@ -259,71 +266,72 @@ Benchmarks
 ------
 ###### Run on MacBook Pro (15-inch, 2017) go version go1.10.2 darwin/amd64
 ```go
+go version go1.21.0 darwin/arm64
 goos: darwin
-goarch: amd64
-pkg: github.com/go-playground/validator
-BenchmarkFieldSuccess-8                                         20000000                83.6 ns/op             0 B/op          0 allocs/op
-BenchmarkFieldSuccessParallel-8                                 50000000                26.8 ns/op             0 B/op          0 allocs/op
-BenchmarkFieldFailure-8                                          5000000               291 ns/op             208 B/op          4 allocs/op
-BenchmarkFieldFailureParallel-8                                 20000000               107 ns/op             208 B/op          4 allocs/op
-BenchmarkFieldArrayDiveSuccess-8                                 2000000               623 ns/op             201 B/op         11 allocs/op
-BenchmarkFieldArrayDiveSuccessParallel-8                        10000000               237 ns/op             201 B/op         11 allocs/op
-BenchmarkFieldArrayDiveFailure-8                                 2000000               859 ns/op             412 B/op         16 allocs/op
-BenchmarkFieldArrayDiveFailureParallel-8                         5000000               335 ns/op             413 B/op         16 allocs/op
-BenchmarkFieldMapDiveSuccess-8                                   1000000              1292 ns/op             432 B/op         18 allocs/op
-BenchmarkFieldMapDiveSuccessParallel-8                           3000000               467 ns/op             432 B/op         18 allocs/op
-BenchmarkFieldMapDiveFailure-8                                   1000000              1082 ns/op             512 B/op         16 allocs/op
-BenchmarkFieldMapDiveFailureParallel-8                           5000000               425 ns/op             512 B/op         16 allocs/op
-BenchmarkFieldMapDiveWithKeysSuccess-8                           1000000              1539 ns/op             480 B/op         21 allocs/op
-BenchmarkFieldMapDiveWithKeysSuccessParallel-8                   3000000               613 ns/op             480 B/op         21 allocs/op
-BenchmarkFieldMapDiveWithKeysFailure-8                           1000000              1413 ns/op             721 B/op         21 allocs/op
-BenchmarkFieldMapDiveWithKeysFailureParallel-8                   3000000               575 ns/op             721 B/op         21 allocs/op
-BenchmarkFieldCustomTypeSuccess-8                               10000000               216 ns/op              32 B/op          2 allocs/op
-BenchmarkFieldCustomTypeSuccessParallel-8                       20000000                82.2 ns/op            32 B/op          2 allocs/op
-BenchmarkFieldCustomTypeFailure-8                                5000000               274 ns/op             208 B/op          4 allocs/op
-BenchmarkFieldCustomTypeFailureParallel-8                       20000000               116 ns/op             208 B/op          4 allocs/op
-BenchmarkFieldOrTagSuccess-8                                     2000000               740 ns/op              16 B/op          1 allocs/op
-BenchmarkFieldOrTagSuccessParallel-8                             3000000               474 ns/op              16 B/op          1 allocs/op
-BenchmarkFieldOrTagFailure-8                                     3000000               471 ns/op             224 B/op          5 allocs/op
-BenchmarkFieldOrTagFailureParallel-8                             3000000               414 ns/op             224 B/op          5 allocs/op
-BenchmarkStructLevelValidationSuccess-8                         10000000               213 ns/op              32 B/op          2 allocs/op
-BenchmarkStructLevelValidationSuccessParallel-8                 20000000                91.8 ns/op            32 B/op          2 allocs/op
-BenchmarkStructLevelValidationFailure-8                          3000000               473 ns/op             304 B/op          8 allocs/op
-BenchmarkStructLevelValidationFailureParallel-8                 10000000               234 ns/op             304 B/op          8 allocs/op
-BenchmarkStructSimpleCustomTypeSuccess-8                         5000000               385 ns/op              32 B/op          2 allocs/op
-BenchmarkStructSimpleCustomTypeSuccessParallel-8                10000000               161 ns/op              32 B/op          2 allocs/op
-BenchmarkStructSimpleCustomTypeFailure-8                         2000000               640 ns/op             424 B/op          9 allocs/op
-BenchmarkStructSimpleCustomTypeFailureParallel-8                 5000000               318 ns/op             440 B/op         10 allocs/op
-BenchmarkStructFilteredSuccess-8                                 2000000               597 ns/op             288 B/op          9 allocs/op
-BenchmarkStructFilteredSuccessParallel-8                        10000000               266 ns/op             288 B/op          9 allocs/op
-BenchmarkStructFilteredFailure-8                                 3000000               454 ns/op             256 B/op          7 allocs/op
-BenchmarkStructFilteredFailureParallel-8                        10000000               214 ns/op             256 B/op          7 allocs/op
-BenchmarkStructPartialSuccess-8                                  3000000               502 ns/op             256 B/op          6 allocs/op
-BenchmarkStructPartialSuccessParallel-8                         10000000               225 ns/op             256 B/op          6 allocs/op
-BenchmarkStructPartialFailure-8                                  2000000               702 ns/op             480 B/op         11 allocs/op
-BenchmarkStructPartialFailureParallel-8                          5000000               329 ns/op             480 B/op         11 allocs/op
-BenchmarkStructExceptSuccess-8                                   2000000               793 ns/op             496 B/op         12 allocs/op
-BenchmarkStructExceptSuccessParallel-8                          10000000               193 ns/op             240 B/op          5 allocs/op
-BenchmarkStructExceptFailure-8                                   2000000               639 ns/op             464 B/op         10 allocs/op
-BenchmarkStructExceptFailureParallel-8                           5000000               300 ns/op             464 B/op         10 allocs/op
-BenchmarkStructSimpleCrossFieldSuccess-8                         3000000               417 ns/op              72 B/op          3 allocs/op
-BenchmarkStructSimpleCrossFieldSuccessParallel-8                10000000               163 ns/op              72 B/op          3 allocs/op
-BenchmarkStructSimpleCrossFieldFailure-8                         2000000               645 ns/op             304 B/op          8 allocs/op
-BenchmarkStructSimpleCrossFieldFailureParallel-8                 5000000               285 ns/op             304 B/op          8 allocs/op
-BenchmarkStructSimpleCrossStructCrossFieldSuccess-8              3000000               588 ns/op              80 B/op          4 allocs/op
-BenchmarkStructSimpleCrossStructCrossFieldSuccessParallel-8     10000000               221 ns/op              80 B/op          4 allocs/op
-BenchmarkStructSimpleCrossStructCrossFieldFailure-8              2000000               868 ns/op             320 B/op          9 allocs/op
-BenchmarkStructSimpleCrossStructCrossFieldFailureParallel-8      5000000               337 ns/op             320 B/op          9 allocs/op
-BenchmarkStructSimpleSuccess-8                                   5000000               260 ns/op               0 B/op          0 allocs/op
-BenchmarkStructSimpleSuccessParallel-8                          20000000                90.6 ns/op             0 B/op          0 allocs/op
-BenchmarkStructSimpleFailure-8                                   2000000               619 ns/op             424 B/op          9 allocs/op
-BenchmarkStructSimpleFailureParallel-8                           5000000               296 ns/op             424 B/op          9 allocs/op
-BenchmarkStructComplexSuccess-8                                  1000000              1454 ns/op             128 B/op          8 allocs/op
-BenchmarkStructComplexSuccessParallel-8                          3000000               579 ns/op             128 B/op          8 allocs/op
-BenchmarkStructComplexFailure-8                                   300000              4140 ns/op            3041 B/op         53 allocs/op
-BenchmarkStructComplexFailureParallel-8                          1000000              2127 ns/op            3041 B/op         53 allocs/op
-BenchmarkOneof-8                                                10000000               140 ns/op               0 B/op          0 allocs/op
-BenchmarkOneofParallel-8                                        20000000                70.1 ns/op             0 B/op          0 allocs/op
+goarch: arm64
+pkg: github.com/go-playground/validator/v10
+BenchmarkFieldSuccess-8                                         33142266                35.94 ns/op            0 B/op          0 allocs/op
+BenchmarkFieldSuccessParallel-8                                 200816191                6.568 ns/op           0 B/op          0 allocs/op
+BenchmarkFieldFailure-8                                          6779707               175.1 ns/op           200 B/op          4 allocs/op
+BenchmarkFieldFailureParallel-8                                 11044147               108.4 ns/op           200 B/op          4 allocs/op
+BenchmarkFieldArrayDiveSuccess-8                                 6054232               194.4 ns/op            97 B/op          5 allocs/op
+BenchmarkFieldArrayDiveSuccessParallel-8                        12523388                94.07 ns/op           97 B/op          5 allocs/op
+BenchmarkFieldArrayDiveFailure-8                                 3587043               334.3 ns/op           300 B/op         10 allocs/op
+BenchmarkFieldArrayDiveFailureParallel-8                         5816665               200.8 ns/op           300 B/op         10 allocs/op
+BenchmarkFieldMapDiveSuccess-8                                   2217910               540.1 ns/op           288 B/op         14 allocs/op
+BenchmarkFieldMapDiveSuccessParallel-8                           4446698               258.7 ns/op           288 B/op         14 allocs/op
+BenchmarkFieldMapDiveFailure-8                                   2392759               504.6 ns/op           376 B/op         13 allocs/op
+BenchmarkFieldMapDiveFailureParallel-8                           4244199               286.9 ns/op           376 B/op         13 allocs/op
+BenchmarkFieldMapDiveWithKeysSuccess-8                           2005857               592.1 ns/op           288 B/op         14 allocs/op
+BenchmarkFieldMapDiveWithKeysSuccessParallel-8                   4400850               296.9 ns/op           288 B/op         14 allocs/op
+BenchmarkFieldMapDiveWithKeysFailure-8                           1850227               643.8 ns/op           553 B/op         16 allocs/op
+BenchmarkFieldMapDiveWithKeysFailureParallel-8                   3293233               375.1 ns/op           553 B/op         16 allocs/op
+BenchmarkFieldCustomTypeSuccess-8                               12174412                98.25 ns/op           32 B/op          2 allocs/op
+BenchmarkFieldCustomTypeSuccessParallel-8                       34389907                35.49 ns/op           32 B/op          2 allocs/op
+BenchmarkFieldCustomTypeFailure-8                                7582524               156.6 ns/op           184 B/op          3 allocs/op
+BenchmarkFieldCustomTypeFailureParallel-8                       13019902                92.79 ns/op          184 B/op          3 allocs/op
+BenchmarkFieldOrTagSuccess-8                                     3427260               349.4 ns/op            16 B/op          1 allocs/op
+BenchmarkFieldOrTagSuccessParallel-8                            15144128                81.25 ns/op           16 B/op          1 allocs/op
+BenchmarkFieldOrTagFailure-8                                     5913546               201.9 ns/op           216 B/op          5 allocs/op
+BenchmarkFieldOrTagFailureParallel-8                             9810212               113.7 ns/op           216 B/op          5 allocs/op
+BenchmarkStructLevelValidationSuccess-8                         13456327                87.66 ns/op           16 B/op          1 allocs/op
+BenchmarkStructLevelValidationSuccessParallel-8                 41818888                27.77 ns/op           16 B/op          1 allocs/op
+BenchmarkStructLevelValidationFailure-8                          4166284               272.6 ns/op           264 B/op          7 allocs/op
+BenchmarkStructLevelValidationFailureParallel-8                  7594581               152.1 ns/op           264 B/op          7 allocs/op
+BenchmarkStructSimpleCustomTypeSuccess-8                         6508082               182.6 ns/op            32 B/op          2 allocs/op
+BenchmarkStructSimpleCustomTypeSuccessParallel-8                23078605                54.78 ns/op           32 B/op          2 allocs/op
+BenchmarkStructSimpleCustomTypeFailure-8                         3118352               381.0 ns/op           416 B/op          9 allocs/op
+BenchmarkStructSimpleCustomTypeFailureParallel-8                 5300738               224.1 ns/op           432 B/op         10 allocs/op
+BenchmarkStructFilteredSuccess-8                                 4761807               251.1 ns/op           216 B/op          5 allocs/op
+BenchmarkStructFilteredSuccessParallel-8                         8792598               128.6 ns/op           216 B/op          5 allocs/op
+BenchmarkStructFilteredFailure-8                                 5202573               232.1 ns/op           216 B/op          5 allocs/op
+BenchmarkStructFilteredFailureParallel-8                         9591267               121.4 ns/op           216 B/op          5 allocs/op
+BenchmarkStructPartialSuccess-8                                  5188512               231.6 ns/op           224 B/op          4 allocs/op
+BenchmarkStructPartialSuccessParallel-8                          9179776               123.1 ns/op           224 B/op          4 allocs/op
+BenchmarkStructPartialFailure-8                                  3071212               392.5 ns/op           440 B/op          9 allocs/op
+BenchmarkStructPartialFailureParallel-8                          5344261               223.7 ns/op           440 B/op          9 allocs/op
+BenchmarkStructExceptSuccess-8                                   3184230               375.0 ns/op           424 B/op          8 allocs/op
+BenchmarkStructExceptSuccessParallel-8                          10090130               108.9 ns/op           208 B/op          3 allocs/op
+BenchmarkStructExceptFailure-8                                   3347226               357.7 ns/op           424 B/op          8 allocs/op
+BenchmarkStructExceptFailureParallel-8                           5654923               209.5 ns/op           424 B/op          8 allocs/op
+BenchmarkStructSimpleCrossFieldSuccess-8                         5232265               229.1 ns/op            56 B/op          3 allocs/op
+BenchmarkStructSimpleCrossFieldSuccessParallel-8                17436674                64.75 ns/op           56 B/op          3 allocs/op
+BenchmarkStructSimpleCrossFieldFailure-8                         3128613               383.6 ns/op           272 B/op          8 allocs/op
+BenchmarkStructSimpleCrossFieldFailureParallel-8                 6994113               168.8 ns/op           272 B/op          8 allocs/op
+BenchmarkStructSimpleCrossStructCrossFieldSuccess-8              3506487               340.9 ns/op            64 B/op          4 allocs/op
+BenchmarkStructSimpleCrossStructCrossFieldSuccessParallel-8     13431300                91.77 ns/op           64 B/op          4 allocs/op
+BenchmarkStructSimpleCrossStructCrossFieldFailure-8              2410566               500.9 ns/op           288 B/op          9 allocs/op
+BenchmarkStructSimpleCrossStructCrossFieldFailureParallel-8      6344510               188.2 ns/op           288 B/op          9 allocs/op
+BenchmarkStructSimpleSuccess-8                                   8922726               133.8 ns/op             0 B/op          0 allocs/op
+BenchmarkStructSimpleSuccessParallel-8                          55291153                23.63 ns/op            0 B/op          0 allocs/op
+BenchmarkStructSimpleFailure-8                                   3171553               378.4 ns/op           416 B/op          9 allocs/op
+BenchmarkStructSimpleFailureParallel-8                           5571692               212.0 ns/op           416 B/op          9 allocs/op
+BenchmarkStructComplexSuccess-8                                  1683750               714.5 ns/op           224 B/op          5 allocs/op
+BenchmarkStructComplexSuccessParallel-8                          4578046               257.0 ns/op           224 B/op          5 allocs/op
+BenchmarkStructComplexFailure-8                                   481585              2547 ns/op            3041 B/op         48 allocs/op
+BenchmarkStructComplexFailureParallel-8                           965764              1577 ns/op            3040 B/op         48 allocs/op
+BenchmarkOneof-8                                                17380881                68.50 ns/op            0 B/op          0 allocs/op
+BenchmarkOneofParallel-8                                         8084733               153.5 ns/op             0 B/op          0 allocs/op
 ```
 
 Complementary Software
diff --git a/vendor/github.com/go-playground/validator/v10/baked_in.go b/vendor/github.com/go-playground/validator/v10/baked_in.go
index 8e6b169cb..0b6233070 100644
--- a/vendor/github.com/go-playground/validator/v10/baked_in.go
+++ b/vendor/github.com/go-playground/validator/v10/baked_in.go
@@ -23,7 +23,7 @@ import (
 	"golang.org/x/text/language"
 
 	"github.com/gabriel-vasile/mimetype"
-	"github.com/leodido/go-urn"
+	urn "github.com/leodido/go-urn"
 )
 
 // Func accepts a FieldLevel interface for all validation needs. The return
@@ -230,6 +230,7 @@ var (
 		"luhn_checksum":                 hasLuhnChecksum,
 		"mongodb":                       isMongoDB,
 		"cron":                          isCron,
+		"spicedb":                       isSpiceDB,
 	}
 )
 
@@ -372,9 +373,9 @@ func isMAC(fl FieldLevel) bool {
 
 // isCIDRv4 is the validation function for validating if the field's value is a valid v4 CIDR address.
 func isCIDRv4(fl FieldLevel) bool {
-	ip, _, err := net.ParseCIDR(fl.Field().String())
+	ip, net, err := net.ParseCIDR(fl.Field().String())
 
-	return err == nil && ip.To4() != nil
+	return err == nil && ip.To4() != nil && net.IP.Equal(ip)
 }
 
 // isCIDRv6 is the validation function for validating if the field's value is a valid v6 CIDR address.
@@ -1294,8 +1295,13 @@ func isEq(fl FieldLevel) bool {
 
 		return field.Uint() == p
 
-	case reflect.Float32, reflect.Float64:
-		p := asFloat(param)
+	case reflect.Float32:
+		p := asFloat32(param)
+
+		return field.Float() == p
+
+	case reflect.Float64:
+		p := asFloat64(param)
 
 		return field.Float() == p
 
@@ -1414,25 +1420,21 @@ func isURL(fl FieldLevel) bool {
 	switch field.Kind() {
 	case reflect.String:
 
-		var i int
 		s := field.String()
 
-		// checks needed as of Go 1.6 because of change https://github.com/golang/go/commit/617c93ce740c3c3cc28cdd1a0d712be183d0b328#diff-6c2d018290e298803c0c9419d8739885L195
-		// emulate browser and strip the '#' suffix prior to validation. see issue-#237
-		if i = strings.Index(s, "#"); i > -1 {
-			s = s[:i]
-		}
-
 		if len(s) == 0 {
 			return false
 		}
 
-		url, err := url.ParseRequestURI(s)
-
+		url, err := url.Parse(s)
 		if err != nil || url.Scheme == "" {
 			return false
 		}
 
+		if url.Host == "" && url.Fragment == "" && url.Opaque == "" {
+			return false
+		}
+
 		return true
 	}
 
@@ -1450,7 +1452,13 @@ func isHttpURL(fl FieldLevel) bool {
 	case reflect.String:
 
 		s := strings.ToLower(field.String())
-		return strings.HasPrefix(s, "http://") || strings.HasPrefix(s, "https://")
+
+		url, err := url.Parse(s)
+		if err != nil || url.Host == "" {
+			return false
+		}
+
+		return url.Scheme == "http" || url.Scheme == "https"
 	}
 
 	panic(fmt.Sprintf("Bad field type %T", field.Interface()))
@@ -1559,6 +1567,10 @@ func isFilePath(fl FieldLevel) bool {
 
 	field := fl.Field()
 
+	// Not valid if it is a directory.
+	if isDir(fl) {
+		return false
+	}
 	// If it exists, it obviously is valid.
 	// This is done first to avoid code duplication and unnecessary additional logic.
 	if exists = isFile(fl); exists {
@@ -1708,7 +1720,7 @@ func hasValue(fl FieldLevel) bool {
 		if fl.(*validate).fldIsPointer && field.Interface() != nil {
 			return true
 		}
-		return field.IsValid() && field.Interface() != reflect.Zero(field.Type()).Interface()
+		return field.IsValid() && !field.IsZero()
 	}
 }
 
@@ -1732,7 +1744,7 @@ func requireCheckFieldKind(fl FieldLevel, param string, defaultNotFoundValue boo
 		if nullable && field.Interface() != nil {
 			return false
 		}
-		return field.IsValid() && field.Interface() == reflect.Zero(field.Type()).Interface()
+		return field.IsValid() && field.IsZero()
 	}
 }
 
@@ -1753,8 +1765,11 @@ func requireCheckFieldValue(
 	case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr:
 		return field.Uint() == asUint(value)
 
-	case reflect.Float32, reflect.Float64:
-		return field.Float() == asFloat(value)
+	case reflect.Float32:
+		return field.Float() == asFloat32(value)
+
+	case reflect.Float64:
+		return field.Float() == asFloat64(value)
 
 	case reflect.Slice, reflect.Map, reflect.Array:
 		return int64(field.Len()) == asInt(value)
@@ -2053,8 +2068,13 @@ func isGte(fl FieldLevel) bool {
 
 		return field.Uint() >= p
 
-	case reflect.Float32, reflect.Float64:
-		p := asFloat(param)
+	case reflect.Float32:
+		p := asFloat32(param)
+
+		return field.Float() >= p
+
+	case reflect.Float64:
+		p := asFloat64(param)
 
 		return field.Float() >= p
 
@@ -2099,10 +2119,16 @@ func isGt(fl FieldLevel) bool {
 
 		return field.Uint() > p
 
-	case reflect.Float32, reflect.Float64:
-		p := asFloat(param)
+	case reflect.Float32:
+		p := asFloat32(param)
+
+		return field.Float() > p
+
+	case reflect.Float64:
+		p := asFloat64(param)
 
 		return field.Float() > p
+
 	case reflect.Struct:
 
 		if field.Type().ConvertibleTo(timeType) {
@@ -2141,8 +2167,13 @@ func hasLengthOf(fl FieldLevel) bool {
 
 		return field.Uint() == p
 
-	case reflect.Float32, reflect.Float64:
-		p := asFloat(param)
+	case reflect.Float32:
+		p := asFloat32(param)
+
+		return field.Float() == p
+
+	case reflect.Float64:
+		p := asFloat64(param)
 
 		return field.Float() == p
 	}
@@ -2274,8 +2305,13 @@ func isLte(fl FieldLevel) bool {
 
 		return field.Uint() <= p
 
-	case reflect.Float32, reflect.Float64:
-		p := asFloat(param)
+	case reflect.Float32:
+		p := asFloat32(param)
+
+		return field.Float() <= p
+
+	case reflect.Float64:
+		p := asFloat64(param)
 
 		return field.Float() <= p
 
@@ -2320,8 +2356,13 @@ func isLt(fl FieldLevel) bool {
 
 		return field.Uint() < p
 
-	case reflect.Float32, reflect.Float64:
-		p := asFloat(param)
+	case reflect.Float32:
+		p := asFloat32(param)
+
+		return field.Float() < p
+
+	case reflect.Float64:
+		p := asFloat64(param)
 
 		return field.Float() < p
 
@@ -2568,9 +2609,17 @@ func isDirPath(fl FieldLevel) bool {
 func isJSON(fl FieldLevel) bool {
 	field := fl.Field()
 
-	if field.Kind() == reflect.String {
+	switch field.Kind() {
+	case reflect.String:
 		val := field.String()
 		return json.Valid([]byte(val))
+	case reflect.Slice:
+		fieldType := field.Type()
+
+		if fieldType.ConvertibleTo(byteSliceType) {
+			b := field.Convert(byteSliceType).Interface().([]byte)
+			return json.Valid(b)
+		}
 	}
 
 	panic(fmt.Sprintf("Bad field type %T", field.Interface()))
@@ -2798,6 +2847,23 @@ func isMongoDB(fl FieldLevel) bool {
 	return mongodbRegex.MatchString(val)
 }
 
+// isSpiceDB is the validation function for validating if the current field's value is valid for use with Authzed SpiceDB in the indicated way
+func isSpiceDB(fl FieldLevel) bool {
+	val := fl.Field().String()
+	param := fl.Param()
+
+	switch param {
+	case "permission":
+		return spicedbPermissionRegex.MatchString(val)
+	case "type":
+		return spicedbTypeRegex.MatchString(val)
+	case "id", "":
+		return spicedbIDRegex.MatchString(val)
+	}
+
+	panic("Unrecognized parameter: " + param)
+}
+
 // isCreditCard is the validation function for validating if the current field's value is a valid credit card number
 func isCreditCard(fl FieldLevel) bool {
 	val := fl.Field().String()
diff --git a/vendor/github.com/go-playground/validator/v10/doc.go b/vendor/github.com/go-playground/validator/v10/doc.go
index f5aa9e523..c4dbb595f 100644
--- a/vendor/github.com/go-playground/validator/v10/doc.go
+++ b/vendor/github.com/go-playground/validator/v10/doc.go
@@ -247,7 +247,7 @@ Example #2
 This validates that the value is not the data types default zero value.
 For numbers ensures value is not zero. For strings ensures value is
 not "". For slices, maps, pointers, interfaces, channels and functions
-ensures the value is not nil.
+ensures the value is not nil. For structs ensures value is not the zero value when using WithRequiredStructEnabled.
 
 	Usage: required
 
@@ -256,7 +256,7 @@ ensures the value is not nil.
 The field under validation must be present and not empty only if all
 the other specified fields are equal to the value following the specified
 field. For strings ensures value is not "". For slices, maps, pointers,
-interfaces, channels and functions ensures the value is not nil.
+interfaces, channels and functions ensures the value is not nil. For structs ensures value is not the zero value.
 
 	Usage: required_if
 
@@ -273,7 +273,7 @@ Examples:
 The field under validation must be present and not empty unless all
 the other specified fields are equal to the value following the specified
 field. For strings ensures value is not "". For slices, maps, pointers,
-interfaces, channels and functions ensures the value is not nil.
+interfaces, channels and functions ensures the value is not nil. For structs ensures value is not the zero value.
 
 	Usage: required_unless
 
@@ -290,7 +290,7 @@ Examples:
 The field under validation must be present and not empty only if any
 of the other specified fields are present. For strings ensures value is
 not "". For slices, maps, pointers, interfaces, channels and functions
-ensures the value is not nil.
+ensures the value is not nil. For structs ensures value is not the zero value.
 
 	Usage: required_with
 
@@ -307,7 +307,7 @@ Examples:
 The field under validation must be present and not empty only if all
 of the other specified fields are present. For strings ensures value is
 not "". For slices, maps, pointers, interfaces, channels and functions
-ensures the value is not nil.
+ensures the value is not nil. For structs ensures value is not the zero value.
 
 	Usage: required_with_all
 
@@ -321,7 +321,7 @@ Example:
 The field under validation must be present and not empty only when any
 of the other specified fields are not present. For strings ensures value is
 not "". For slices, maps, pointers, interfaces, channels and functions
-ensures the value is not nil.
+ensures the value is not nil. For structs ensures value is not the zero value.
 
 	Usage: required_without
 
@@ -338,7 +338,7 @@ Examples:
 The field under validation must be present and not empty only when all
 of the other specified fields are not present. For strings ensures value is
 not "". For slices, maps, pointers, interfaces, channels and functions
-ensures the value is not nil.
+ensures the value is not nil. For structs ensures value is not the zero value.
 
 	Usage: required_without_all
 
@@ -352,7 +352,7 @@ Example:
 The field under validation must not be present or not empty only if all
 the other specified fields are equal to the value following the specified
 field. For strings ensures value is not "". For slices, maps, pointers,
-interfaces, channels and functions ensures the value is not nil.
+interfaces, channels and functions ensures the value is not nil. For structs ensures value is not the zero value.
 
 	Usage: excluded_if
 
@@ -369,7 +369,7 @@ Examples:
 The field under validation must not be present or empty unless all
 the other specified fields are equal to the value following the specified
 field. For strings ensures value is not "". For slices, maps, pointers,
-interfaces, channels and functions ensures the value is not nil.
+interfaces, channels and functions ensures the value is not nil. For structs ensures value is not the zero value.
 
 	Usage: excluded_unless
 
@@ -879,8 +879,6 @@ This is done using os.Stat and github.com/gabriel-vasile/mimetype
 
 	Usage: image
 
-# URL String
-
 # File Path
 
 This validates that a string value contains a valid file path but does not
@@ -1384,6 +1382,12 @@ This validates that a string value contains a valid cron expression.
 
 	Usage: cron
 
+# SpiceDb ObjectID/Permission/Object Type
+
+This validates that a string is valid for use with SpiceDb for the indicated purpose. If no purpose is given, a purpose of 'id' is assumed.
+
+	Usage: spicedb=id|permission|type
+
 # Alias Validators and Tags
 
 Alias Validators and Tags
diff --git a/vendor/github.com/go-playground/validator/v10/options.go b/vendor/github.com/go-playground/validator/v10/options.go
new file mode 100644
index 000000000..1dea56fd7
--- /dev/null
+++ b/vendor/github.com/go-playground/validator/v10/options.go
@@ -0,0 +1,16 @@
+package validator
+
+// Option represents a configurations option to be applied to validator during initialization.
+type Option func(*Validate)
+
+// WithRequiredStructEnabled enables required tag on non-pointer structs to be applied instead of ignored.
+//
+// This was made opt-in behaviour in order to maintain backward compatibility with the behaviour previous
+// to being able to apply struct level validations on struct fields directly.
+//
+// It is recommended you enabled this as it will be the default behaviour in v11+
+func WithRequiredStructEnabled() Option {
+	return func(v *Validate) {
+		v.requiredStructEnabled = true
+	}
+}
diff --git a/vendor/github.com/go-playground/validator/v10/regexes.go b/vendor/github.com/go-playground/validator/v10/regexes.go
index ba450b3d0..6c8f98560 100644
--- a/vendor/github.com/go-playground/validator/v10/regexes.go
+++ b/vendor/github.com/go-playground/validator/v10/regexes.go
@@ -68,6 +68,9 @@ const (
 	cveRegexString                   = `^CVE-(1999|2\d{3})-(0[^0]\d{2}|0\d[^0]\d{1}|0\d{2}[^0]|[1-9]{1}\d{3,})$` // CVE Format Id https://cve.mitre.org/cve/identifiers/syntaxchange.html
 	mongodbRegexString               = "^[a-f\\d]{24}$"
 	cronRegexString                  = `(@(annually|yearly|monthly|weekly|daily|hourly|reboot))|(@every (\d+(ns|us|µs|ms|s|m|h))+)|((((\d+,)+\d+|(\d+(\/|-)\d+)|\d+|\*) ?){5,7})`
+	spicedbIDRegexString             = `^(([a-zA-Z0-9/_|\-=+]{1,})|\*)$`
+	spicedbPermissionRegexString     = "^([a-z][a-z0-9_]{1,62}[a-z0-9])?$"
+	spicedbTypeRegexString           = "^([a-z][a-z0-9_]{1,61}[a-z0-9]/)?[a-z][a-z0-9_]{1,62}[a-z0-9]$"
 )
 
 var (
@@ -134,4 +137,7 @@ var (
 	cveRegex                   = regexp.MustCompile(cveRegexString)
 	mongodbRegex               = regexp.MustCompile(mongodbRegexString)
 	cronRegex                  = regexp.MustCompile(cronRegexString)
+	spicedbIDRegex             = regexp.MustCompile(spicedbIDRegexString)
+	spicedbPermissionRegex     = regexp.MustCompile(spicedbPermissionRegexString)
+	spicedbTypeRegex           = regexp.MustCompile(spicedbTypeRegexString)
 )
diff --git a/vendor/github.com/go-playground/validator/v10/util.go b/vendor/github.com/go-playground/validator/v10/util.go
index 3925cfe1c..4bd947bdf 100644
--- a/vendor/github.com/go-playground/validator/v10/util.go
+++ b/vendor/github.com/go-playground/validator/v10/util.go
@@ -261,13 +261,19 @@ func asUint(param string) uint64 {
 	return i
 }
 
-// asFloat returns the parameter as a float64
+// asFloat64 returns the parameter as a float64
 // or panics if it can't convert
-func asFloat(param string) float64 {
-
+func asFloat64(param string) float64 {
 	i, err := strconv.ParseFloat(param, 64)
 	panicIf(err)
+	return i
+}
 
+// asFloat64 returns the parameter as a float64
+// or panics if it can't convert
+func asFloat32(param string) float64 {
+	i, err := strconv.ParseFloat(param, 32)
+	panicIf(err)
 	return i
 }
 
diff --git a/vendor/github.com/go-playground/validator/v10/validator.go b/vendor/github.com/go-playground/validator/v10/validator.go
index 6f6d53ada..342c4ec24 100644
--- a/vendor/github.com/go-playground/validator/v10/validator.go
+++ b/vendor/github.com/go-playground/validator/v10/validator.go
@@ -99,6 +99,8 @@ func (v *validate) traverseField(ctx context.Context, parent reflect.Value, curr
 
 	current, kind, v.fldIsPointer = v.extractTypeInternal(current, false)
 
+	var isNestedStruct bool
+
 	switch kind {
 	case reflect.Ptr, reflect.Interface, reflect.Invalid:
 
@@ -160,86 +162,61 @@ func (v *validate) traverseField(ctx context.Context, parent reflect.Value, curr
 			}
 		}
 
-	case reflect.Struct:
-
-		typ = current.Type()
-
-		if !typ.ConvertibleTo(timeType) {
-
-			if ct != nil {
-
-				if ct.typeof == typeStructOnly {
-					goto CONTINUE
-				} else if ct.typeof == typeIsDefault {
-					// set Field Level fields
-					v.slflParent = parent
-					v.flField = current
-					v.cf = cf
-					v.ct = ct
-
-					if !ct.fn(ctx, v) {
-						v.str1 = string(append(ns, cf.altName...))
-
-						if v.v.hasTagNameFunc {
-							v.str2 = string(append(structNs, cf.name...))
-						} else {
-							v.str2 = v.str1
-						}
-
-						v.errs = append(v.errs,
-							&fieldError{
-								v:              v.v,
-								tag:            ct.aliasTag,
-								actualTag:      ct.tag,
-								ns:             v.str1,
-								structNs:       v.str2,
-								fieldLen:       uint8(len(cf.altName)),
-								structfieldLen: uint8(len(cf.name)),
-								value:          current.Interface(),
-								param:          ct.param,
-								kind:           kind,
-								typ:            typ,
-							},
-						)
-						return
-					}
-				}
-
-				ct = ct.next
-			}
-
-			if ct != nil && ct.typeof == typeNoStructLevel {
-				return
-			}
-
-		CONTINUE:
-			// if len == 0 then validating using 'Var' or 'VarWithValue'
-			// Var - doesn't make much sense to do it that way, should call 'Struct', but no harm...
-			// VarWithField - this allows for validating against each field within the struct against a specific value
-			//                pretty handy in certain situations
-			if len(cf.name) > 0 {
-				ns = append(append(ns, cf.altName...), '.')
-				structNs = append(append(structNs, cf.name...), '.')
-			}
-
-			v.validateStruct(ctx, parent, current, typ, ns, structNs, ct)
+		if kind == reflect.Invalid {
 			return
 		}
-	}
 
-	if ct == nil || !ct.hasTag {
-		return
+	case reflect.Struct:
+		isNestedStruct = !current.Type().ConvertibleTo(timeType)
+		// For backward compatibility before struct level validation tags were supported
+		// as there were a number of projects relying on `required` not failing on non-pointer
+		// structs. Since it's basically nonsensical to use `required` with a non-pointer struct
+		// are explicitly skipping the required validation for it. This WILL be removed in the
+		// next major version.
+		if isNestedStruct && !v.v.requiredStructEnabled && ct != nil && ct.tag == requiredTag {
+			ct = ct.next
+		}
 	}
 
 	typ = current.Type()
 
 OUTER:
 	for {
-		if ct == nil {
+		if ct == nil || !ct.hasTag || (isNestedStruct && len(cf.name) == 0) {
+			// isNestedStruct check here
+			if isNestedStruct {
+				// if len == 0 then validating using 'Var' or 'VarWithValue'
+				// Var - doesn't make much sense to do it that way, should call 'Struct', but no harm...
+				// VarWithField - this allows for validating against each field within the struct against a specific value
+				//                pretty handy in certain situations
+				if len(cf.name) > 0 {
+					ns = append(append(ns, cf.altName...), '.')
+					structNs = append(append(structNs, cf.name...), '.')
+				}
+
+				v.validateStruct(ctx, parent, current, typ, ns, structNs, ct)
+			}
 			return
 		}
 
 		switch ct.typeof {
+		case typeNoStructLevel:
+			return
+
+		case typeStructOnly:
+			if isNestedStruct {
+				// if len == 0 then validating using 'Var' or 'VarWithValue'
+				// Var - doesn't make much sense to do it that way, should call 'Struct', but no harm...
+				// VarWithField - this allows for validating against each field within the struct against a specific value
+				//                pretty handy in certain situations
+				if len(cf.name) > 0 {
+					ns = append(append(ns, cf.altName...), '.')
+					structNs = append(append(structNs, cf.name...), '.')
+				}
+
+				v.validateStruct(ctx, parent, current, typ, ns, structNs, ct)
+			}
+			return
 
 		case typeOmitEmpty:
 
@@ -366,7 +343,7 @@ OUTER:
 						ct = ct.next
 
 						if ct == nil {
-							return
+							continue OUTER
 						}
 
 						if ct.typeof != typeOr {
diff --git a/vendor/github.com/go-playground/validator/v10/validator_instance.go b/vendor/github.com/go-playground/validator/v10/validator_instance.go
index d2ee8fe38..a4dbdd098 100644
--- a/vendor/github.com/go-playground/validator/v10/validator_instance.go
+++ b/vendor/github.com/go-playground/validator/v10/validator_instance.go
@@ -53,6 +53,8 @@ var (
 	timeDurationType = reflect.TypeOf(time.Duration(0))
 	timeType         = reflect.TypeOf(time.Time{})
 
+	byteSliceType = reflect.TypeOf([]byte{})
+
 	defaultCField = &cField{namesEqual: true}
 )
 
@@ -77,19 +79,20 @@ type internalValidationFuncWrapper struct {
 
 // Validate contains the validator settings and cache
 type Validate struct {
-	tagName          string
-	pool             *sync.Pool
-	hasCustomFuncs   bool
-	hasTagNameFunc   bool
-	tagNameFunc      TagNameFunc
-	structLevelFuncs map[reflect.Type]StructLevelFuncCtx
-	customFuncs      map[reflect.Type]CustomTypeFunc
-	aliases          map[string]string
-	validations      map[string]internalValidationFuncWrapper
-	transTagFunc     map[ut.Translator]map[string]TranslationFunc // map[<locale>]map[<tag>]TranslationFunc
-	rules            map[reflect.Type]map[string]string
-	tagCache         *tagCache
-	structCache      *structCache
+	tagName               string
+	pool                  *sync.Pool
+	tagNameFunc           TagNameFunc
+	structLevelFuncs      map[reflect.Type]StructLevelFuncCtx
+	customFuncs           map[reflect.Type]CustomTypeFunc
+	aliases               map[string]string
+	validations           map[string]internalValidationFuncWrapper
+	transTagFunc          map[ut.Translator]map[string]TranslationFunc // map[<locale>]map[<tag>]TranslationFunc
+	rules                 map[reflect.Type]map[string]string
+	tagCache              *tagCache
+	structCache           *structCache
+	hasCustomFuncs        bool
+	hasTagNameFunc        bool
+	requiredStructEnabled bool
 }
 
 // New returns a new instance of 'validate' with sane defaults.
@@ -97,7 +100,7 @@ type Validate struct {
 // It caches information about your struct and validations,
 // in essence only parsing your validation tags once per struct type.
 // Using multiple instances neglects the benefit of caching.
-func New() *Validate {
+func New(options ...Option) *Validate {
 
 	tc := new(tagCache)
 	tc.m.Store(make(map[string]*cTag))
@@ -144,6 +147,9 @@ func New() *Validate {
 		},
 	}
 
+	for _, o := range options {
+		o(v)
+	}
 	return v
 }
 
diff --git a/vendor/github.com/goccy/go-json/.codecov.yml b/vendor/github.com/goccy/go-json/.codecov.yml
new file mode 100644
index 000000000..e98134570
--- /dev/null
+++ b/vendor/github.com/goccy/go-json/.codecov.yml
@@ -0,0 +1,32 @@
+codecov:
+  require_ci_to_pass: yes
+
+coverage:
+  precision: 2
+  round: down
+  range: "70...100"
+
+  status:
+    project:
+      default:
+        target: 70%
+        threshold: 2%
+    patch: off
+    changes: no
+
+parsers:
+  gcov:
+    branch_detection:
+      conditional: yes
+      loop: yes
+      method: no
+      macro: no
+
+comment:
+  layout: "header,diff"
+  behavior: default
+  require_changes: no
+
+ignore:
+  - internal/encoder/vm_color
+  - internal/encoder/vm_color_indent
diff --git a/vendor/github.com/goccy/go-json/.gitignore b/vendor/github.com/goccy/go-json/.gitignore
new file mode 100644
index 000000000..378283829
--- /dev/null
+++ b/vendor/github.com/goccy/go-json/.gitignore
@@ -0,0 +1,2 @@
+cover.html
+cover.out
diff --git a/vendor/github.com/goccy/go-json/.golangci.yml b/vendor/github.com/goccy/go-json/.golangci.yml
new file mode 100644
index 000000000..57ae5a528
--- /dev/null
+++ b/vendor/github.com/goccy/go-json/.golangci.yml
@@ -0,0 +1,83 @@
+run:
+  skip-files:
+    - encode_optype.go
+    - ".*_test\\.go$"
+
+linters-settings:
+  govet:
+    enable-all: true
+    disable:
+      - shadow
+
+linters:
+  enable-all: true
+  disable:
+    - dogsled
+    - dupl
+    - exhaustive
+    - exhaustivestruct
+    - errorlint
+    - forbidigo
+    - funlen
+    - gci
+    - gochecknoglobals
+    - gochecknoinits
+    - gocognit
+    - gocritic
+    - gocyclo
+    - godot
+    - godox
+    - goerr113
+    - gofumpt
+    - gomnd
+    - gosec
+    - ifshort
+    - lll
+    - makezero
+    - nakedret
+    - nestif
+    - nlreturn
+    - paralleltest
+    - testpackage
+    - thelper
+    - wrapcheck
+    - interfacer
+    - lll
+    - nakedret
+    - nestif
+    - nlreturn
+    - testpackage
+    - wsl
+    - varnamelen
+    - nilnil
+    - ireturn
+    - govet
+    - forcetypeassert
+    - cyclop
+    - containedctx
+    - revive
+
+issues:
+  exclude-rules:
+    # not needed
+    - path: /*.go
+      text: "ST1003: should not use underscores in package names"
+      linters:
+        - stylecheck
+    - path: /*.go
+      text: "don't use an underscore in package name"
+      linters:
+        - golint
+    - path: rtype.go
+      linters:
+        - golint
+        - stylecheck
+    - path: error.go
+      linters:
+        - staticcheck
+
+  # Maximum issues count per one linter. Set to 0 to disable. Default is 50.
+  max-issues-per-linter: 0
+
+  # Maximum count of issues with the same text. Set to 0 to disable. Default is 3.
+  max-same-issues: 0
diff --git a/vendor/github.com/goccy/go-json/CHANGELOG.md b/vendor/github.com/goccy/go-json/CHANGELOG.md
new file mode 100644
index 000000000..d09bb89c3
--- /dev/null
+++ b/vendor/github.com/goccy/go-json/CHANGELOG.md
@@ -0,0 +1,425 @@
+# v0.10.2 - 2023/03/20
+
+### New features
+
+* Support DebugDOT option for debugging encoder ( #440 )
+
+### Fix bugs
+
+* Fix combination of embedding structure and omitempty option ( #442 )
+
+# v0.10.1 - 2023/03/13
+
+### Fix bugs
+
+* Fix checkptr error for array decoder ( #415 )
+* Fix added buffer size check when decoding key ( #430 )
+* Fix handling of anonymous fields other than struct ( #431 )
+* Fix to not optimize when lower conversion can't handle byte-by-byte ( #432 )
+* Fix a problem that MarshalIndent does not work when UnorderedMap is specified ( #435 )
+* Fix mapDecoder.DecodeStream() for empty objects containing whitespace ( #425 )
+* Fix an issue that could not set the correct NextField for fields in the embedded structure ( #438 )
+
+# v0.10.0 - 2022/11/29
+
+### New features
+
+* Support JSON Path ( #250 )
+
+### Fix bugs
+
+* Fix marshaler for map's key ( #409 )
+
+# v0.9.11 - 2022/08/18
+
+### Fix bugs
+
+* Fix unexpected behavior when buffer ends with backslash ( #383 )
+* Fix stream decoding of escaped character ( #387 )
+
+# v0.9.10 - 2022/07/15
+
+### Fix bugs
+
+* Fix boundary exception of type caching ( #382 )
+
+# v0.9.9 - 2022/07/15
+
+### Fix bugs
+
+* Fix encoding of directed interface with typed nil ( #377 )
+* Fix embedded primitive type encoding using alias ( #378 )
+* Fix slice/array type encoding with types implementing MarshalJSON ( #379 )
+* Fix unicode decoding when the expected buffer state is not met after reading ( #380 )
+
+# v0.9.8 - 2022/06/30
+
+### Fix bugs
+
+* Fix decoding of surrogate-pair ( #365 )
+* Fix handling of embedded primitive type ( #366 )
+* Add validation of escape sequence for decoder ( #367 )
+* Fix stream tokenizing respecting UseNumber ( #369 )
+* Fix encoding when struct pointer type that implements Marshal JSON is embedded ( #375 )
+
+### Improve performance
+
+* Improve performance of linkRecursiveCode ( #368 )
+
+# v0.9.7 - 2022/04/22
+
+### Fix bugs
+
+#### Encoder
+
+* Add filtering process for encoding on slow path ( #355 )
+* Fix encoding of interface{} with pointer type ( #363 )
+
+#### Decoder
+
+* Fix map key decoder that implements UnmarshalJSON ( #353 )
+* Fix decoding of []uint8 type ( #361 )
+
+### New features
+
+* Add DebugWith option for encoder ( #356 )
+
+# v0.9.6 - 2022/03/22
+
+### Fix bugs
+
+* Correct the handling of the minimum value of int type for decoder ( #344 )
+* Fix bugs of stream decoder's bufferSize ( #349 )
+* Add a guard to use typeptr more safely ( #351 )
+
+### Improve decoder performance
+
+* Improve escapeString's performance ( #345 )
+
+### Others
+
+* Update go version for CI ( #347 )
+
+# v0.9.5 - 2022/03/04
+
+### Fix bugs
+
+* Fix panic when decoding time.Time with context ( #328 )
+* Fix reading the next character in buffer to nul consideration ( #338 )
+* Fix incorrect handling on skipValue ( #341 )
+
+### Improve decoder performance
+
+* Improve performance when a payload contains escape sequence ( #334 )
+
+# v0.9.4 - 2022/01/21
+
+* Fix IsNilForMarshaler for string type with omitempty ( #323 )
+* Fix the case where the embedded field is at the end ( #326 )
+
+# v0.9.3 - 2022/01/14
+
+* Fix logic of removing struct field for decoder ( #322 )
+
+# v0.9.2 - 2022/01/14
+
+* Add invalid decoder to delay type error judgment at decode ( #321 )
+
+# v0.9.1 - 2022/01/11
+
+* Fix encoding of MarshalText/MarshalJSON operation with head offset ( #319 )
+
+# v0.9.0 - 2022/01/05
+
+### New feature
+
+* Supports dynamic filtering of struct fields ( #314 )
+
+### Improve encoding performance
+
+* Improve map encoding performance ( #310 )
+* Optimize encoding path for escaped string ( #311 )
+* Add encoding option for performance ( #312 )
+
+### Fix bugs
+
+* Fix panic at encoding map value on 1.18 ( #310 )
+* Fix MarshalIndent for interface type ( #317 )
+
+# v0.8.1 - 2021/12/05
+
+* Fix operation conversion from PtrHead to Head in Recursive type ( #305 )
+
+# v0.8.0 - 2021/12/02
+
+* Fix embedded field conflict behavior ( #300 )
+* Refactor compiler for encoder ( #301 #302 )
+
+# v0.7.10 - 2021/10/16
+
+* Fix conversion from pointer to uint64  ( #294 )
+
+# v0.7.9 - 2021/09/28
+
+* Fix encoding of nil value about interface type that has method ( #291 )
+
+# v0.7.8 - 2021/09/01
+
+* Fix mapassign_faststr for indirect struct type ( #283 )
+* Fix encoding of not empty interface type ( #284 )
+* Fix encoding of empty struct interface type ( #286 )
+
+# v0.7.7 - 2021/08/25
+
+* Fix invalid utf8 on stream decoder ( #279 )
+* Fix buffer length bug on string stream decoder ( #280 )
+
+Thank you @orisano !!
+
+# v0.7.6 - 2021/08/13
+
+* Fix nil slice assignment ( #276 )
+* Improve error message ( #277 )
+
+# v0.7.5 - 2021/08/12
+
+* Fix encoding of embedded struct with tags ( #265 )
+* Fix encoding of embedded struct that isn't first field ( #272 )
+* Fix decoding of binary type with escaped char ( #273 )
+
+# v0.7.4 - 2021/07/06
+
+* Fix encoding of indirect layout structure ( #264 )
+
+# v0.7.3 - 2021/06/29
+
+* Fix encoding of pointer type in empty interface ( #262 )
+
+# v0.7.2 - 2021/06/26
+
+### Fix decoder
+
+* Add decoder for func type to fix decoding of nil function value ( #257 )
+* Fix stream decoding of []byte type ( #258 )
+
+### Performance
+
+* Improve decoding performance of map[string]interface{} type ( use `mapassign_faststr` ) ( #256 )
+* Improve encoding performance of empty interface type ( remove recursive calling of `vm.Run` ) ( #259 )
+
+### Benchmark
+
+* Add bytedance/sonic as benchmark target ( #254 )
+
+# v0.7.1 - 2021/06/18
+
+### Fix decoder
+
+* Fix error when unmarshal empty array ( #253 )
+
+# v0.7.0 - 2021/06/12
+
+### Support context for MarshalJSON and UnmarshalJSON ( #248 )
+
+* json.MarshalContext(context.Context, interface{}, ...json.EncodeOption) ([]byte, error)
+* json.NewEncoder(io.Writer).EncodeContext(context.Context, interface{}, ...json.EncodeOption) error
+* json.UnmarshalContext(context.Context, []byte, interface{}, ...json.DecodeOption) error
+* json.NewDecoder(io.Reader).DecodeContext(context.Context, interface{}) error
+
+```go
+type MarshalerContext interface {
+  MarshalJSON(context.Context) ([]byte, error)
+}
+
+type UnmarshalerContext interface {
+  UnmarshalJSON(context.Context, []byte) error
+}
+```
+
+### Add DecodeFieldPriorityFirstWin option ( #242 )
+
+In the default behavior, go-json, like encoding/json, will reflect the result of the last evaluation when a field with the same name exists. I've added new options to allow you to change this behavior. `json.DecodeFieldPriorityFirstWin` option reflects the result of the first evaluation if a field with the same name exists. This behavior has a performance advantage as it allows the subsequent strings to be skipped if all fields have been evaluated.
+
+### Fix encoder
+
+* Fix indent number contains recursive type ( #249 )
+* Fix encoding of using empty interface as map key ( #244 )
+
+### Fix decoder
+
+* Fix decoding fields containing escaped characters ( #237 )
+
+### Refactor
+
+* Move some tests to subdirectory ( #243 )
+* Refactor package layout for decoder ( #238 )
+
+# v0.6.1 - 2021/06/02
+
+### Fix encoder
+
+* Fix value of totalLength for encoding ( #236 )
+
+# v0.6.0 - 2021/06/01
+
+### Support Colorize option for encoding (#233)
+
+```go
+b, err := json.MarshalWithOption(v, json.Colorize(json.DefaultColorScheme))
+if err != nil {
+  ...
+}
+fmt.Println(string(b)) // print colored json
+```
+
+### Refactor
+
+* Fix opcode layout - Adjust memory layout of the opcode to 128 bytes in a 64-bit environment ( #230 )
+* Refactor encode option ( #231 )
+* Refactor escape string ( #232 )
+
+# v0.5.1 - 2021/5/20
+
+### Optimization
+
+* Add type addrShift to enable bigger encoder/decoder cache ( #213 )
+
+### Fix decoder
+
+* Keep original reference of slice element ( #229 )
+
+### Refactor
+
+* Refactor Debug mode for encoding ( #226 )
+* Generate VM sources for encoding ( #227 )
+* Refactor validator for null/true/false for decoding ( #221 )
+
+# v0.5.0 - 2021/5/9
+
+### Supports using omitempty and string tags at the same time ( #216 )
+
+### Fix decoder
+
+* Fix stream decoder for unicode char ( #215 )
+* Fix decoding of slice element ( #219 )
+* Fix calculating of buffer length for stream decoder ( #220 )
+
+### Refactor
+
+* replace skipWhiteSpace goto by loop ( #212 )
+
+# v0.4.14 - 2021/5/4
+
+### Benchmark
+
+* Add valyala/fastjson to benchmark ( #193 )
+* Add benchmark task for CI ( #211 )
+
+### Fix decoder
+
+* Fix decoding of slice with unmarshal json type ( #198 )
+* Fix decoding of null value for interface type that does not implement Unmarshaler ( #205 )
+* Fix decoding of null value to []byte by json.Unmarshal ( #206 )
+* Fix decoding of backslash char at the end of string ( #207 )
+* Fix stream decoder for null/true/false value ( #208 )
+* Fix stream decoder for slow reader ( #211 )
+
+### Performance
+
+* If cap of slice is enough, reuse slice data for compatibility with encoding/json ( #200 )
+
+# v0.4.13 - 2021/4/20
+
+### Fix json.Compact and json.Indent
+
+* Support validation the input buffer for json.Compact and json.Indent ( #189 )
+* Optimize json.Compact and json.Indent ( improve memory footprint ) ( #190 )
+
+# v0.4.12 - 2021/4/15
+
+### Fix encoder
+
+* Fix unnecessary indent for empty slice type ( #181 )
+* Fix encoding of omitempty feature for the slice or interface type ( #183 )
+* Fix encoding custom types zero values with omitempty when marshaller exists ( #187 )
+
+### Fix decoder
+
+* Fix decoder for invalid top level value ( #184 )
+* Fix decoder for invalid number value ( #185 )
+
+# v0.4.11 - 2021/4/3
+
+* Improve decoder performance for interface type
+
+# v0.4.10 - 2021/4/2
+
+### Fix encoder
+
+* Fixed a bug when encoding slice and map containing recursive structures
+* Fixed a logic to determine if indirect reference
+
+# v0.4.9 - 2021/3/29
+
+### Add debug mode
+
+If you use `json.MarshalWithOption(v, json.Debug())` and `panic` occurred in `go-json`, produces debug information to console.
+
+### Support a new feature to compatible with encoding/json
+
+- invalid UTF-8 is coerced to valid UTF-8 ( without performance down )
+
+### Fix encoder
+
+- Fixed handling of MarshalJSON of function type
+
+### Fix decoding of slice of pointer type
+
+If there is a pointer value, go-json will use it. (This behavior is necessary to achieve the ability to prioritize pre-filled values). However, since slices are reused internally, there was a bug that referred to the previous pointer value. Therefore, it is not necessary to refer to the pointer value in advance for the slice element, so we explicitly initialize slice element by `nil`.
+
+# v0.4.8 - 2021/3/21
+
+### Reduce memory usage at compile time
+
+* go-json have used about 2GB of memory at compile time, but now it can compile with about less than 550MB.
+
+### Fix any encoder's bug
+
+* Add many test cases for encoder
+* Fix composite type ( slice/array/map )
+* Fix pointer types
+* Fix encoding of MarshalJSON or MarshalText or json.Number type
+
+### Refactor encoder
+
+* Change package layout for reducing memory usage at compile
+* Remove anonymous and only operation
+* Remove root property from encodeCompileContext and opcode
+
+### Fix CI
+
+* Add Go 1.16
+* Remove Go 1.13
+* Fix `make cover` task
+
+### Number/Delim/Token/RawMessage use the types defined in encoding/json by type alias
+
+# v0.4.7 - 2021/02/22
+
+### Fix decoder
+
+* Fix decoding of deep recursive structure
+* Fix decoding of embedded unexported pointer field
+* Fix invalid test case
+* Fix decoding of invalid value
+* Fix decoding of prefilled value
+* Fix not being able to return UnmarshalTypeError when it should be returned
+* Fix decoding of null value
+* Fix decoding of type of null string
+* Use pre allocated pointer if exists it at decoding
+
+### Reduce memory usage at compile
+
+* Integrate int/int8/int16/int32/int64 and uint/uint8/uint16/uint32/uint64 operation to reduce memory usage at compile
+
+### Remove unnecessary optype
diff --git a/vendor/github.com/goccy/go-json/LICENSE b/vendor/github.com/goccy/go-json/LICENSE
new file mode 100644
index 000000000..6449c8bff
--- /dev/null
+++ b/vendor/github.com/goccy/go-json/LICENSE
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2020 Masaaki Goshima
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/vendor/github.com/goccy/go-json/Makefile b/vendor/github.com/goccy/go-json/Makefile
new file mode 100644
index 000000000..5bbfc4c9a
--- /dev/null
+++ b/vendor/github.com/goccy/go-json/Makefile
@@ -0,0 +1,39 @@
+PKG := github.com/goccy/go-json
+
+BIN_DIR := $(CURDIR)/bin
+PKGS := $(shell go list ./... | grep -v internal/cmd|grep -v test)
+COVER_PKGS := $(foreach pkg,$(PKGS),$(subst $(PKG),.,$(pkg)))
+
+COMMA := ,
+EMPTY :=
+SPACE := $(EMPTY) $(EMPTY)
+COVERPKG_OPT := $(subst $(SPACE),$(COMMA),$(COVER_PKGS))
+
+$(BIN_DIR):
+	@mkdir -p $(BIN_DIR)
+
+.PHONY: cover
+cover:
+	go test -coverpkg=$(COVERPKG_OPT) -coverprofile=cover.out ./...
+
+.PHONY: cover-html
+cover-html: cover
+	go tool cover -html=cover.out
+
+.PHONY: lint
+lint: golangci-lint
+	$(BIN_DIR)/golangci-lint run
+
+golangci-lint: | $(BIN_DIR)
+	@{ \
+		set -e; \
+		GOLANGCI_LINT_TMP_DIR=$$(mktemp -d); \
+		cd $$GOLANGCI_LINT_TMP_DIR; \
+		go mod init tmp; \
+		GOBIN=$(BIN_DIR) go install github.com/golangci/golangci-lint/cmd/golangci-lint@v1.48.0; \
+		rm -rf $$GOLANGCI_LINT_TMP_DIR; \
+	}
+
+.PHONY: generate
+generate:
+	go generate ./internal/...
diff --git a/vendor/github.com/goccy/go-json/README.md b/vendor/github.com/goccy/go-json/README.md
new file mode 100644
index 000000000..7bacc54f9
--- /dev/null
+++ b/vendor/github.com/goccy/go-json/README.md
@@ -0,0 +1,529 @@
+# go-json
+
+![Go](https://github.com/goccy/go-json/workflows/Go/badge.svg)
+[![GoDoc](https://godoc.org/github.com/goccy/go-json?status.svg)](https://pkg.go.dev/github.com/goccy/go-json?tab=doc)
+[![codecov](https://codecov.io/gh/goccy/go-json/branch/master/graph/badge.svg)](https://codecov.io/gh/goccy/go-json)
+
+Fast JSON encoder/decoder compatible with encoding/json for Go
+
+<img width="400px" src="https://user-images.githubusercontent.com/209884/92572337-42b42900-f2bf-11ea-973a-c74a359553a5.png"></img>
+
+# Roadmap
+
+```
+* version ( expected release date )
+
+* v0.9.0
+ |
+ | while maintaining compatibility with encoding/json, we will add convenient APIs
+ |
+ v
+* v1.0.0
+```
+
+We are accepting requests for features that will be implemented between v0.9.0 and v.1.0.0.
+If you have the API you need, please submit your issue [here](https://github.com/goccy/go-json/issues).
+
+# Features
+
+- Drop-in replacement of `encoding/json`
+- Fast ( See [Benchmark section](https://github.com/goccy/go-json#benchmarks) )
+- Flexible customization with options
+- Coloring the encoded string
+- Can propagate context.Context to `MarshalJSON` or `UnmarshalJSON`
+- Can dynamically filter the fields of the structure type-safely
+
+# Installation
+
+```
+go get github.com/goccy/go-json
+```
+
+# How to use
+
+Replace import statement from `encoding/json` to `github.com/goccy/go-json`
+
+```
+-import "encoding/json"
++import "github.com/goccy/go-json"
+```
+
+# JSON library comparison
+
+|  name  |  encoder | decoder | compatible with `encoding/json` |
+| :----: | :------: | :-----: | :-----------------------------: |
+| encoding/json |  yes | yes | N/A |
+| [json-iterator/go](https://github.com/json-iterator/go) | yes | yes | partial |
+| [easyjson](https://github.com/mailru/easyjson) | yes | yes |  no |
+| [gojay](https://github.com/francoispqt/gojay) | yes | yes |  no |
+| [segmentio/encoding/json](https://github.com/segmentio/encoding/tree/master/json) | yes | yes | partial |
+| [jettison](https://github.com/wI2L/jettison) | yes | no | no |
+| [simdjson-go](https://github.com/minio/simdjson-go) | no | yes | no |
+| goccy/go-json | yes | yes | yes |
+
+- `json-iterator/go` isn't compatible with `encoding/json` in many ways (e.g. https://github.com/json-iterator/go/issues/229 ), but it hasn't been supported for a long time.
+- `segmentio/encoding/json` is well supported for encoders, but some are not supported for decoder APIs such as `Token` ( streaming decode )
+
+## Other libraries
+
+- [jingo](https://github.com/bet365/jingo)
+
+I tried the benchmark but it didn't work.
+Also, it seems to panic when it receives an unexpected value because there is no error handling...
+
+- [ffjson](https://github.com/pquerna/ffjson)
+
+Benchmarking gave very slow results.
+It seems that it is assumed that the user will use the buffer pool properly.
+Also, development seems to have already stopped
+
+# Benchmarks
+
+```
+$ cd benchmarks
+$ go test -bench .
+```
+
+## Encode
+
+<img width="700px" src="https://user-images.githubusercontent.com/209884/107126758-0845cb00-68f5-11eb-8db7-086fcf9bcfaa.png"></img>
+<img width="700px" src="https://user-images.githubusercontent.com/209884/107126757-07ad3480-68f5-11eb-87aa-858cc5eacfcb.png"></img>
+
+## Decode
+
+<img width="700" alt="" src="https://user-images.githubusercontent.com/209884/107979944-bd1d6d80-7002-11eb-944b-9d17b6674e3f.png">
+<img width="700" alt="" src="https://user-images.githubusercontent.com/209884/107979931-b989e680-7002-11eb-87a0-66fc22d90dd4.png">
+<img width="700" alt="" src="https://user-images.githubusercontent.com/209884/107979940-bc84d700-7002-11eb-9647-869bbc25c9d9.png">
+
+
+# Fuzzing
+
+[go-json-fuzz](https://github.com/goccy/go-json-fuzz) is the repository for fuzzing tests.
+If you run the test in this repository and find a bug, please commit to corpus to go-json-fuzz and report the issue to [go-json](https://github.com/goccy/go-json/issues).
+
+# How it works
+
+`go-json` is very fast in both encoding and decoding compared to other libraries.
+It's easier to implement by using automatic code generation for performance or by using a dedicated interface, but `go-json` dares to stick to compatibility with `encoding/json` and is the simple interface. Despite this, we are developing with the aim of being the fastest library.
+
+Here, we explain the various speed-up techniques implemented by `go-json`.
+
+## Basic technique
+
+The techniques listed here are the ones used by most of the libraries listed above.
+
+### Buffer reuse
+
+Since the only value required for the result of `json.Marshal(interface{}) ([]byte, error)` is `[]byte`, the only value that must be allocated during encoding is the return value `[]byte` .
+
+Also, as the number of allocations increases, the performance will be affected, so the number of allocations should be kept as low as possible when creating `[]byte`.
+
+Therefore, there is a technique to reduce the number of times a new buffer must be allocated by reusing the buffer used for the previous encoding by using `sync.Pool`.
+
+Finally, you allocate a buffer that is as long as the resulting buffer and copy the contents into it, you only need to allocate the buffer once in theory.
+
+```go
+type buffer struct {
+    data []byte
+}
+
+var bufPool = sync.Pool{
+    New: func() interface{} {
+        return &buffer{data: make([]byte, 0, 1024)}
+    },
+}
+
+buf := bufPool.Get().(*buffer)
+data := encode(buf.data) // reuse buf.data
+
+newBuf := make([]byte, len(data))
+copy(newBuf, buf)
+
+buf.data = data
+bufPool.Put(buf)
+```
+
+### Elimination of reflection
+
+As you know, the reflection operation is very slow.
+
+Therefore, using the fact that the address position where the type information is stored is fixed for each binary ( we call this `typeptr` ),
+we can use the address in the type information to call a pre-built optimized process.
+
+For example, you can get the address to the type information from `interface{}` as follows and you can use that information to call a process that does not have reflection.
+
+To process without reflection, pass a pointer (`unsafe.Pointer`) to the value is stored.
+
+```go
+
+type emptyInterface struct {
+    typ unsafe.Pointer
+    ptr unsafe.Pointer
+}
+
+var typeToEncoder = map[uintptr]func(unsafe.Pointer)([]byte, error){}
+
+func Marshal(v interface{}) ([]byte, error) {
+    iface := (*emptyInterface)(unsafe.Pointer(&v)
+    typeptr := uintptr(iface.typ)
+    if enc, exists := typeToEncoder[typeptr]; exists {
+        return enc(iface.ptr)
+    }
+    ...
+}
+```
+
+※ In reality, `typeToEncoder` can be referenced by multiple goroutines, so exclusive control is required.
+
+## Unique speed-up technique
+
+## Encoder
+
+### Do not escape arguments of `Marshal`
+
+`json.Marshal` and `json.Unmarshal` receive `interface{}` value and they perform type determination dynamically to process.
+In normal case, you need to use the `reflect` library to determine the type dynamically, but since `reflect.Type` is defined as `interface`, when you call the method of `reflect.Type`, The reflect's argument is escaped.
+
+Therefore, the arguments for `Marshal` and `Unmarshal` are always escaped to the heap.
+However, `go-json` can use the feature of `reflect.Type` while avoiding escaping.
+
+`reflect.Type` is defined as `interface`, but in reality `reflect.Type` is implemented only by the structure `rtype` defined in the `reflect` package.
+For this reason, to date `reflect.Type` is the same as `*reflect.rtype`.
+
+Therefore, by directly handling `*reflect.rtype`, which is an implementation of `reflect.Type`, it is possible to avoid escaping because it changes from `interface` to using `struct`.
+
+The technique for working with `*reflect.rtype` directly from `go-json` is implemented at [rtype.go](https://github.com/goccy/go-json/blob/master/internal/runtime/rtype.go)
+
+Also, the same technique is cut out as a library ( https://github.com/goccy/go-reflect )
+
+Initially this feature was the default behavior of `go-json`.
+But after careful testing, I found that I passed a large value to `json.Marshal()` and if the argument could not be assigned to the stack, it could not be properly escaped to the heap (a bug in the Go compiler).
+
+Therefore, this feature will be provided as an **optional** until this issue is resolved.
+
+To use it, add `NoEscape` like `MarshalNoEscape()`
+
+### Encoding using opcode sequence
+
+I explained that you can use `typeptr` to call a pre-built process from type information.
+
+In other libraries, this dedicated process is processed by making it an function calling like anonymous function, but function calls are inherently slow processes and should be avoided as much as possible.
+
+Therefore, `go-json` adopted the Instruction-based execution processing system, which is also used to implement virtual machines for programming language.
+
+If it is the first type to encode, create the opcode ( instruction ) sequence required for encoding.
+From the second time onward, use `typeptr` to get the cached pre-built opcode sequence and encode it based on it. An example of the opcode sequence is shown below.
+
+```go
+json.Marshal(struct{
+    X int `json:"x"`
+    Y string `json:"y"`
+}{X: 1, Y: "hello"})
+```
+
+When encoding a structure like the one above, create a sequence of opcodes like this:
+
+```
+- opStructFieldHead ( `{` )
+- opStructFieldInt ( `"x": 1,` )
+- opStructFieldString ( `"y": "hello"` )
+- opStructEnd ( `}` )
+- opEnd
+```
+
+※ When processing each operation, write the letters on the right.
+
+In addition, each opcode is managed by the following structure ( 
+Pseudo code ).
+
+```go
+type opType int
+const (
+    opStructFieldHead opType = iota
+    opStructFieldInt
+    opStructFieldStirng
+    opStructEnd
+    opEnd
+)
+type opcode struct {
+    op opType
+    key []byte
+    next *opcode
+}
+```
+
+The process of encoding using the opcode sequence is roughly implemented as follows.
+
+```go
+func encode(code *opcode, b []byte, p unsafe.Pointer) ([]byte, error) {
+    for {
+        switch code.op {
+        case opStructFieldHead:
+            b = append(b, '{')
+            code = code.next
+        case opStructFieldInt:
+            b = append(b, code.key...)
+            b = appendInt((*int)(unsafe.Pointer(uintptr(p)+code.offset)))
+            code = code.next
+        case opStructFieldString:
+            b = append(b, code.key...)
+            b = appendString((*string)(unsafe.Pointer(uintptr(p)+code.offset)))
+            code = code.next
+        case opStructEnd:
+            b = append(b, '}')
+            code = code.next
+        case opEnd:
+            goto END
+        }
+    }
+END:
+    return b, nil
+}
+```
+
+In this way, the huge `switch-case` is used to encode by manipulating the linked list opcodes to avoid unnecessary function calls.
+
+### Opcode sequence optimization
+
+One of the advantages of encoding using the opcode sequence is the ease of optimization.
+The opcode sequence mentioned above is actually converted into the following optimized operations and used.
+
+```
+- opStructFieldHeadInt ( `{"x": 1,` )
+- opStructEndString ( `"y": "hello"}` )
+- opEnd
+```
+
+It has been reduced from 5 opcodes to 3 opcodes !
+Reducing the number of opcodees means reducing the number of branches with `switch-case`.
+In other words, the closer the number of operations is to 1, the faster the processing can be performed.
+
+In `go-json`, optimization to reduce the number of opcodes itself like the above and it speeds up by preparing opcodes with optimized paths.
+
+### Change recursive call from CALL to JMP
+
+Recursive processing is required during encoding if the type is defined recursively as follows:
+
+```go
+type T struct {
+    X int
+    U *U
+}
+
+type U struct {
+    T *T
+}
+
+b, err := json.Marshal(&T{
+    X: 1,
+    U: &U{
+        T: &T{
+            X: 2,
+        },
+    },
+})
+fmt.Println(string(b)) // {"X":1,"U":{"T":{"X":2,"U":null}}}
+```
+
+In `go-json`, recursive processing is processed by the operation type of ` opStructFieldRecursive`.
+
+In this operation, after acquiring the opcode sequence used for recursive processing, the function is **not** called recursively as it is, but the necessary values ​​are saved by itself and implemented by moving to the next operation.
+
+The technique of implementing recursive processing with the `JMP` operation while avoiding the `CALL` operation is a famous technique for implementing a high-speed virtual machine.
+
+For more details, please refer to [the article](https://engineering.mercari.com/blog/entry/1599563768-081104c850) ( but Japanese only ).
+
+### Dispatch by typeptr from map to slice
+
+When retrieving the data cached from the type information by `typeptr`, we usually use map.
+Map requires exclusive control, so use `sync.Map` for a naive implementation.
+
+However, this is slow, so it's a good idea to use the `atomic` package for exclusive control as implemented by `segmentio/encoding/json` ( https://github.com/segmentio/encoding/blob/master/json/codec.go#L41-L55 ).
+
+This implementation slows down the set instead of speeding up the get, but it works well because of the nature of the library, it encodes much more for the same type.
+
+However, as a result of profiling, I noticed that `runtime.mapaccess2` accounts for a significant percentage of the execution time. So I thought if I could change the lookup from map to slice.
+
+There is an API named `typelinks` defined in the `runtime` package that the `reflect` package uses internally.
+This allows you to get all the type information defined in the binary at runtime.
+
+The fact that all type information can be acquired means that by constructing slices in advance with the acquired total number of type information, it is possible to look up with the value of `typeptr` without worrying about out-of-range access.
+
+However, if there is too much type information, it will use a lot of memory, so by default we will only use this optimization if the slice size fits within **2Mib** .
+
+If this approach is not available, it will fall back to the `atomic` based process described above.
+
+If you want to know more, please refer to the implementation [here](https://github.com/goccy/go-json/blob/master/internal/runtime/type.go#L36-L100)
+
+## Decoder
+
+### Dispatch by typeptr from map to slice
+
+Like the encoder, the decoder also uses typeptr to call the dedicated process.
+
+### Faster termination character inspection using NUL character
+
+In order to decode, you have to traverse the input buffer character by position.
+At that time, if you check whether the buffer has reached the end, it will be very slow.
+
+`buf` : `[]byte` type variable. holds the string passed to the decoder
+`cursor` : `int64` type variable. holds the current read position
+
+```go
+buflen := len(buf)
+for ; cursor < buflen; cursor++ { // compare cursor and buflen at all times, it is so slow.
+    switch buf[cursor] {
+    case ' ', '\n', '\r', '\t':
+    }
+}
+```
+
+Therefore, by adding the `NUL` (`\000`) character to the end of the read buffer as shown below, it is possible to check the termination character at the same time as other characters.
+
+```go
+for {
+    switch buf[cursor] {
+    case ' ', '\n', '\r', '\t':
+    case '\000':
+        return nil
+    }
+    cursor++
+}
+```
+
+### Use Boundary Check Elimination
+
+Due to the `NUL` character optimization, the Go compiler does a boundary check every time, even though `buf[cursor]` does not cause out-of-range access.
+
+Therefore, `go-json` eliminates boundary check by fetching characters for hotspot by pointer operation. For example, the following code.
+
+```go
+func char(ptr unsafe.Pointer, offset int64) byte {
+	return *(*byte)(unsafe.Pointer(uintptr(ptr) + uintptr(offset)))
+}
+
+p := (*sliceHeader)(&unsafe.Pointer(buf)).data
+for {
+    switch char(p, cursor) {
+    case ' ', '\n', '\r', '\t':
+    case '\000':
+        return nil
+    }
+    cursor++
+}
+```
+
+### Checking the existence of fields of struct using Bitmaps
+
+I found by the profiling result, in the struct decode, lookup process for field was taking a long time.
+
+For example, consider decoding a string like `{"a":1,"b":2,"c":3}` into the following structure:
+
+```go
+type T struct {
+    A int `json:"a"`
+    B int `json:"b"`
+    C int `json:"c"`
+}
+```
+
+At this time, it was found that it takes a lot of time to acquire the decoding process corresponding to the field from the field name as shown below during the decoding process.
+
+```go
+fieldName := decodeKey(buf, cursor) // "a" or "b" or "c"
+decoder, exists := fieldToDecoderMap[fieldName] // so slow
+if exists {
+    decoder(buf, cursor)
+} else {
+    skipValue(buf, cursor)
+}
+```
+
+To improve this process, `json-iterator/go` is optimized so that it can be branched by switch-case when the number of fields in the structure is 10 or less (switch-case is faster than map). However, there is a risk of hash collision because the value hashed by the FNV algorithm is used for conditional branching. Also, `gojay` processes this part at high speed by letting the library user yourself write `switch-case`.
+
+
+`go-json` considers and implements a new approach that is different from these. I call this **bitmap field optimization**.
+
+The range of values ​​per character can be represented by `[256]byte`. Also, if the number of fields in the structure is 8 or less, `int8` type can represent the state of each field.
+In other words, it has the following structure.
+
+- Base ( 8bit ): `00000000`
+- Key "a": `00000001` ( assign key "a" to the first bit )
+- Key "b": `00000010` ( assign key "b" to the second bit )
+- Key "c": `00000100` ( assign key "c" to the third bit )
+
+Bitmap structure is the following
+
+```
+        | key index(0) |
+------------------------
+ 0      | 00000000     |
+ 1      | 00000000     |
+~~      |              |
+97 (a)  | 00000001     |
+98 (b)  | 00000010     |
+99 (c)  | 00000100     |
+~~      |              |
+255     | 00000000     |
+```
+
+You can think of this as a Bitmap with a height of `256` and a width of the maximum string length in the field name.
+In other words, it can be represented by the following type .
+
+```go
+[maxFieldKeyLength][256]int8
+```
+
+When decoding a field character, check whether the corresponding character exists by referring to the pre-built bitmap like the following.
+
+```go
+var curBit int8 = math.MaxInt8 // 11111111
+
+c := char(buf, cursor)
+bit := bitmap[keyIdx][c]
+curBit &= bit
+if curBit == 0 {
+    // not found field
+}
+```
+
+If `curBit` is not `0` until the end of the field string, then the string is
+You may have hit one of the fields.
+But the possibility is that if the decoded string is shorter than the field string, you will get a false hit.
+
+- input: `{"a":1}`
+```go
+type T struct {
+    X int `json:"abc"`
+}
+```
+※ Since `a` is shorter than `abc`, it can decode to the end of the field character without `curBit` being 0.
+
+Rest assured. In this case, it doesn't matter because you can tell if you hit by comparing the string length of `a` with the string length of `abc`.
+
+Finally, calculate the position of the bit where `1` is set and get the corresponding value, and you're done.
+
+Using this technique, field lookups are possible with only bitwise operations and access to slices.
+
+`go-json` uses a similar technique for fields with 9 or more and 16 or less fields. At this time, Bitmap is constructed as `[maxKeyLen][256]int16` type.
+
+Currently, this optimization is not performed when the maximum length of the field name is long (specifically, 64 bytes or more) in addition to the limitation of the number of fields from the viewpoint of saving memory usage.
+
+### Others
+
+I have done a lot of other optimizations. I will find time to write about them. If you have any questions about what's written here or other optimizations, please visit the `#go-json` channel on `gophers.slack.com` .
+
+## Reference
+
+Regarding the story of go-json, there are the following articles in Japanese only.
+
+- https://speakerdeck.com/goccy/zui-su-falsejsonraiburariwoqiu-mete
+- https://engineering.mercari.com/blog/entry/1599563768-081104c850/
+
+# Looking for Sponsors
+
+I'm looking for sponsors this library. This library is being developed as a personal project in my spare time. If you want a quick response or problem resolution when using this library in your project, please register as a [sponsor](https://github.com/sponsors/goccy). I will cooperate as much as possible. Of course, this library is developed as an MIT license, so you can use it freely for free.
+
+# License
+
+MIT
diff --git a/vendor/github.com/goccy/go-json/color.go b/vendor/github.com/goccy/go-json/color.go
new file mode 100644
index 000000000..e80b22b48
--- /dev/null
+++ b/vendor/github.com/goccy/go-json/color.go
@@ -0,0 +1,68 @@
+package json
+
+import (
+	"fmt"
+
+	"github.com/goccy/go-json/internal/encoder"
+)
+
+type (
+	ColorFormat = encoder.ColorFormat
+	ColorScheme = encoder.ColorScheme
+)
+
+const escape = "\x1b"
+
+type colorAttr int
+
+//nolint:deadcode,varcheck
+const (
+	fgBlackColor colorAttr = iota + 30
+	fgRedColor
+	fgGreenColor
+	fgYellowColor
+	fgBlueColor
+	fgMagentaColor
+	fgCyanColor
+	fgWhiteColor
+)
+
+//nolint:deadcode,varcheck
+const (
+	fgHiBlackColor colorAttr = iota + 90
+	fgHiRedColor
+	fgHiGreenColor
+	fgHiYellowColor
+	fgHiBlueColor
+	fgHiMagentaColor
+	fgHiCyanColor
+	fgHiWhiteColor
+)
+
+func createColorFormat(attr colorAttr) ColorFormat {
+	return ColorFormat{
+		Header: wrapColor(attr),
+		Footer: resetColor(),
+	}
+}
+
+func wrapColor(attr colorAttr) string {
+	return fmt.Sprintf("%s[%dm", escape, attr)
+}
+
+func resetColor() string {
+	return wrapColor(colorAttr(0))
+}
+
+var (
+	DefaultColorScheme = &ColorScheme{
+		Int:       createColorFormat(fgHiMagentaColor),
+		Uint:      createColorFormat(fgHiMagentaColor),
+		Float:     createColorFormat(fgHiMagentaColor),
+		Bool:      createColorFormat(fgHiYellowColor),
+		String:    createColorFormat(fgHiGreenColor),
+		Binary:    createColorFormat(fgHiRedColor),
+		ObjectKey: createColorFormat(fgHiCyanColor),
+		Null:      createColorFormat(fgBlueColor),
+	}
+)
diff --git a/vendor/github.com/goccy/go-json/decode.go b/vendor/github.com/goccy/go-json/decode.go
new file mode 100644
index 000000000..74c6ac3bc
--- /dev/null
+++ b/vendor/github.com/goccy/go-json/decode.go
@@ -0,0 +1,263 @@
+package json
+
+import (
+	"context"
+	"fmt"
+	"io"
+	"reflect"
+	"unsafe"
+
+	"github.com/goccy/go-json/internal/decoder"
+	"github.com/goccy/go-json/internal/errors"
+	"github.com/goccy/go-json/internal/runtime"
+)
+
+type Decoder struct {
+	s *decoder.Stream
+}
+
+const (
+	nul = '\000'
+)
+
+type emptyInterface struct {
+	typ *runtime.Type
+	ptr unsafe.Pointer
+}
+
+func unmarshal(data []byte, v interface{}, optFuncs ...DecodeOptionFunc) error {
+	src := make([]byte, len(data)+1) // append nul byte to the end
+	copy(src, data)
+
+	header := (*emptyInterface)(unsafe.Pointer(&v))
+
+	if err := validateType(header.typ, uintptr(header.ptr)); err != nil {
+		return err
+	}
+	dec, err := decoder.CompileToGetDecoder(header.typ)
+	if err != nil {
+		return err
+	}
+	ctx := decoder.TakeRuntimeContext()
+	ctx.Buf = src
+	ctx.Option.Flags = 0
+	for _, optFunc := range optFuncs {
+		optFunc(ctx.Option)
+	}
+	cursor, err := dec.Decode(ctx, 0, 0, header.ptr)
+	if err != nil {
+		decoder.ReleaseRuntimeContext(ctx)
+		return err
+	}
+	decoder.ReleaseRuntimeContext(ctx)
+	return validateEndBuf(src, cursor)
+}
+
+func unmarshalContext(ctx context.Context, data []byte, v interface{}, optFuncs ...DecodeOptionFunc) error {
+	src := make([]byte, len(data)+1) // append nul byte to the end
+	copy(src, data)
+
+	header := (*emptyInterface)(unsafe.Pointer(&v))
+
+	if err := validateType(header.typ, uintptr(header.ptr)); err != nil {
+		return err
+	}
+	dec, err := decoder.CompileToGetDecoder(header.typ)
+	if err != nil {
+		return err
+	}
+	rctx := decoder.TakeRuntimeContext()
+	rctx.Buf = src
+	rctx.Option.Flags = 0
+	rctx.Option.Flags |= decoder.ContextOption
+	rctx.Option.Context = ctx
+	for _, optFunc := range optFuncs {
+		optFunc(rctx.Option)
+	}
+	cursor, err := dec.Decode(rctx, 0, 0, header.ptr)
+	if err != nil {
+		decoder.ReleaseRuntimeContext(rctx)
+		return err
+	}
+	decoder.ReleaseRuntimeContext(rctx)
+	return validateEndBuf(src, cursor)
+}
+
+var (
+	pathDecoder = decoder.NewPathDecoder()
+)
+
+func extractFromPath(path *Path, data []byte, optFuncs ...DecodeOptionFunc) ([][]byte, error) {
+	if path.path.RootSelectorOnly {
+		return [][]byte{data}, nil
+	}
+	src := make([]byte, len(data)+1) // append nul byte to the end
+	copy(src, data)
+
+	ctx := decoder.TakeRuntimeContext()
+	ctx.Buf = src
+	ctx.Option.Flags = 0
+	ctx.Option.Flags |= decoder.PathOption
+	ctx.Option.Path = path.path
+	for _, optFunc := range optFuncs {
+		optFunc(ctx.Option)
+	}
+	paths, cursor, err := pathDecoder.DecodePath(ctx, 0, 0)
+	if err != nil {
+		decoder.ReleaseRuntimeContext(ctx)
+		return nil, err
+	}
+	decoder.ReleaseRuntimeContext(ctx)
+	if err := validateEndBuf(src, cursor); err != nil {
+		return nil, err
+	}
+	return paths, nil
+}
+
+func unmarshalNoEscape(data []byte, v interface{}, optFuncs ...DecodeOptionFunc) error {
+	src := make([]byte, len(data)+1) // append nul byte to the end
+	copy(src, data)
+
+	header := (*emptyInterface)(unsafe.Pointer(&v))
+
+	if err := validateType(header.typ, uintptr(header.ptr)); err != nil {
+		return err
+	}
+	dec, err := decoder.CompileToGetDecoder(header.typ)
+	if err != nil {
+		return err
+	}
+
+	ctx := decoder.TakeRuntimeContext()
+	ctx.Buf = src
+	ctx.Option.Flags = 0
+	for _, optFunc := range optFuncs {
+		optFunc(ctx.Option)
+	}
+	cursor, err := dec.Decode(ctx, 0, 0, noescape(header.ptr))
+	if err != nil {
+		decoder.ReleaseRuntimeContext(ctx)
+		return err
+	}
+	decoder.ReleaseRuntimeContext(ctx)
+	return validateEndBuf(src, cursor)
+}
+
+func validateEndBuf(src []byte, cursor int64) error {
+	for {
+		switch src[cursor] {
+		case ' ', '\t', '\n', '\r':
+			cursor++
+			continue
+		case nul:
+			return nil
+		}
+		return errors.ErrSyntax(
+			fmt.Sprintf("invalid character '%c' after top-level value", src[cursor]),
+			cursor+1,
+		)
+	}
+}
+
+//nolint:staticcheck
+//go:nosplit
+func noescape(p unsafe.Pointer) unsafe.Pointer {
+	x := uintptr(p)
+	return unsafe.Pointer(x ^ 0)
+}
+
+func validateType(typ *runtime.Type, p uintptr) error {
+	if typ == nil || typ.Kind() != reflect.Ptr || p == 0 {
+		return &InvalidUnmarshalError{Type: runtime.RType2Type(typ)}
+	}
+	return nil
+}
+
+// NewDecoder returns a new decoder that reads from r.
+//
+// The decoder introduces its own buffering and may
+// read data from r beyond the JSON values requested.
+func NewDecoder(r io.Reader) *Decoder {
+	s := decoder.NewStream(r)
+	return &Decoder{
+		s: s,
+	}
+}
+
+// Buffered returns a reader of the data remaining in the Decoder's
+// buffer. The reader is valid until the next call to Decode.
+func (d *Decoder) Buffered() io.Reader {
+	return d.s.Buffered()
+}
+
+// Decode reads the next JSON-encoded value from its
+// input and stores it in the value pointed to by v.
+//
+// See the documentation for Unmarshal for details about
+// the conversion of JSON into a Go value.
+func (d *Decoder) Decode(v interface{}) error {
+	return d.DecodeWithOption(v)
+}
+
+// DecodeContext reads the next JSON-encoded value from its
+// input and stores it in the value pointed to by v with context.Context.
+func (d *Decoder) DecodeContext(ctx context.Context, v interface{}) error {
+	d.s.Option.Flags |= decoder.ContextOption
+	d.s.Option.Context = ctx
+	return d.DecodeWithOption(v)
+}
+
+func (d *Decoder) DecodeWithOption(v interface{}, optFuncs ...DecodeOptionFunc) error {
+	header := (*emptyInterface)(unsafe.Pointer(&v))
+	typ := header.typ
+	ptr := uintptr(header.ptr)
+	typeptr := uintptr(unsafe.Pointer(typ))
+	// noescape trick for header.typ ( reflect.*rtype )
+	copiedType := *(**runtime.Type)(unsafe.Pointer(&typeptr))
+
+	if err := validateType(copiedType, ptr); err != nil {
+		return err
+	}
+
+	dec, err := decoder.CompileToGetDecoder(typ)
+	if err != nil {
+		return err
+	}
+	if err := d.s.PrepareForDecode(); err != nil {
+		return err
+	}
+	s := d.s
+	for _, optFunc := range optFuncs {
+		optFunc(s.Option)
+	}
+	if err := dec.DecodeStream(s, 0, header.ptr); err != nil {
+		return err
+	}
+	s.Reset()
+	return nil
+}
+
+func (d *Decoder) More() bool {
+	return d.s.More()
+}
+
+func (d *Decoder) Token() (Token, error) {
+	return d.s.Token()
+}
+
+// DisallowUnknownFields causes the Decoder to return an error when the destination
+// is a struct and the input contains object keys which do not match any
+// non-ignored, exported fields in the destination.
+func (d *Decoder) DisallowUnknownFields() {
+	d.s.DisallowUnknownFields = true
+}
+
+func (d *Decoder) InputOffset() int64 {
+	return d.s.TotalOffset()
+}
+
+// UseNumber causes the Decoder to unmarshal a number into an interface{} as a
+// Number instead of as a float64.
+func (d *Decoder) UseNumber() {
+	d.s.UseNumber = true
+}
diff --git a/vendor/github.com/goccy/go-json/docker-compose.yml b/vendor/github.com/goccy/go-json/docker-compose.yml
new file mode 100644
index 000000000..db40c79ad
--- /dev/null
+++ b/vendor/github.com/goccy/go-json/docker-compose.yml
@@ -0,0 +1,13 @@
+version: '2'
+services:
+  go-json:
+    image: golang:1.18
+    volumes:
+      - '.:/go/src/go-json'
+    deploy:
+      resources:
+        limits:
+          memory: 620M
+    working_dir: /go/src/go-json
+    command: |
+      sh -c "go test -c . && ls go-json.test"
diff --git a/vendor/github.com/goccy/go-json/encode.go b/vendor/github.com/goccy/go-json/encode.go
new file mode 100644
index 000000000..4bd899f38
--- /dev/null
+++ b/vendor/github.com/goccy/go-json/encode.go
@@ -0,0 +1,326 @@
+package json
+
+import (
+	"context"
+	"io"
+	"os"
+	"unsafe"
+
+	"github.com/goccy/go-json/internal/encoder"
+	"github.com/goccy/go-json/internal/encoder/vm"
+	"github.com/goccy/go-json/internal/encoder/vm_color"
+	"github.com/goccy/go-json/internal/encoder/vm_color_indent"
+	"github.com/goccy/go-json/internal/encoder/vm_indent"
+)
+
+// An Encoder writes JSON values to an output stream.
+type Encoder struct {
+	w                 io.Writer
+	enabledIndent     bool
+	enabledHTMLEscape bool
+	prefix            string
+	indentStr         string
+}
+
+// NewEncoder returns a new encoder that writes to w.
+func NewEncoder(w io.Writer) *Encoder {
+	return &Encoder{w: w, enabledHTMLEscape: true}
+}
+
+// Encode writes the JSON encoding of v to the stream, followed by a newline character.
+//
+// See the documentation for Marshal for details about the conversion of Go values to JSON.
+func (e *Encoder) Encode(v interface{}) error {
+	return e.EncodeWithOption(v)
+}
+
+// EncodeWithOption call Encode with EncodeOption.
+func (e *Encoder) EncodeWithOption(v interface{}, optFuncs ...EncodeOptionFunc) error {
+	ctx := encoder.TakeRuntimeContext()
+	ctx.Option.Flag = 0
+
+	err := e.encodeWithOption(ctx, v, optFuncs...)
+
+	encoder.ReleaseRuntimeContext(ctx)
+	return err
+}
+
+// EncodeContext call Encode with context.Context and EncodeOption.
+func (e *Encoder) EncodeContext(ctx context.Context, v interface{}, optFuncs ...EncodeOptionFunc) error {
+	rctx := encoder.TakeRuntimeContext()
+	rctx.Option.Flag = 0
+	rctx.Option.Flag |= encoder.ContextOption
+	rctx.Option.Context = ctx
+
+	err := e.encodeWithOption(rctx, v, optFuncs...)
+
+	encoder.ReleaseRuntimeContext(rctx)
+	return err
+}
+
+func (e *Encoder) encodeWithOption(ctx *encoder.RuntimeContext, v interface{}, optFuncs ...EncodeOptionFunc) error {
+	if e.enabledHTMLEscape {
+		ctx.Option.Flag |= encoder.HTMLEscapeOption
+	}
+	ctx.Option.Flag |= encoder.NormalizeUTF8Option
+	ctx.Option.DebugOut = os.Stdout
+	for _, optFunc := range optFuncs {
+		optFunc(ctx.Option)
+	}
+	var (
+		buf []byte
+		err error
+	)
+	if e.enabledIndent {
+		buf, err = encodeIndent(ctx, v, e.prefix, e.indentStr)
+	} else {
+		buf, err = encode(ctx, v)
+	}
+	if err != nil {
+		return err
+	}
+	if e.enabledIndent {
+		buf = buf[:len(buf)-2]
+	} else {
+		buf = buf[:len(buf)-1]
+	}
+	buf = append(buf, '\n')
+	if _, err := e.w.Write(buf); err != nil {
+		return err
+	}
+	return nil
+}
+
+// SetEscapeHTML specifies whether problematic HTML characters should be escaped inside JSON quoted strings.
+// The default behavior is to escape &, <, and > to \u0026, \u003c, and \u003e to avoid certain safety problems that can arise when embedding JSON in HTML.
+//
+// In non-HTML settings where the escaping interferes with the readability of the output, SetEscapeHTML(false) disables this behavior.
+func (e *Encoder) SetEscapeHTML(on bool) {
+	e.enabledHTMLEscape = on
+}
+
+// SetIndent instructs the encoder to format each subsequent encoded value as if indented by the package-level function Indent(dst, src, prefix, indent).
+// Calling SetIndent("", "") disables indentation.
+func (e *Encoder) SetIndent(prefix, indent string) {
+	if prefix == "" && indent == "" {
+		e.enabledIndent = false
+		return
+	}
+	e.prefix = prefix
+	e.indentStr = indent
+	e.enabledIndent = true
+}
+
+func marshalContext(ctx context.Context, v interface{}, optFuncs ...EncodeOptionFunc) ([]byte, error) {
+	rctx := encoder.TakeRuntimeContext()
+	rctx.Option.Flag = 0
+	rctx.Option.Flag = encoder.HTMLEscapeOption | encoder.NormalizeUTF8Option | encoder.ContextOption
+	rctx.Option.Context = ctx
+	for _, optFunc := range optFuncs {
+		optFunc(rctx.Option)
+	}
+
+	buf, err := encode(rctx, v)
+	if err != nil {
+		encoder.ReleaseRuntimeContext(rctx)
+		return nil, err
+	}
+
+	// this line exists to escape call of `runtime.makeslicecopy` .
+	// if use `make([]byte, len(buf)-1)` and `copy(copied, buf)`,
+	// dst buffer size and src buffer size are differrent.
+	// in this case, compiler uses `runtime.makeslicecopy`, but it is slow.
+	buf = buf[:len(buf)-1]
+	copied := make([]byte, len(buf))
+	copy(copied, buf)
+
+	encoder.ReleaseRuntimeContext(rctx)
+	return copied, nil
+}
+
+func marshal(v interface{}, optFuncs ...EncodeOptionFunc) ([]byte, error) {
+	ctx := encoder.TakeRuntimeContext()
+
+	ctx.Option.Flag = 0
+	ctx.Option.Flag |= (encoder.HTMLEscapeOption | encoder.NormalizeUTF8Option)
+	for _, optFunc := range optFuncs {
+		optFunc(ctx.Option)
+	}
+
+	buf, err := encode(ctx, v)
+	if err != nil {
+		encoder.ReleaseRuntimeContext(ctx)
+		return nil, err
+	}
+
+	// this line exists to escape call of `runtime.makeslicecopy` .
+	// if use `make([]byte, len(buf)-1)` and `copy(copied, buf)`,
+	// dst buffer size and src buffer size are differrent.
+	// in this case, compiler uses `runtime.makeslicecopy`, but it is slow.
+	buf = buf[:len(buf)-1]
+	copied := make([]byte, len(buf))
+	copy(copied, buf)
+
+	encoder.ReleaseRuntimeContext(ctx)
+	return copied, nil
+}
+
+func marshalNoEscape(v interface{}) ([]byte, error) {
+	ctx := encoder.TakeRuntimeContext()
+
+	ctx.Option.Flag = 0
+	ctx.Option.Flag |= (encoder.HTMLEscapeOption | encoder.NormalizeUTF8Option)
+
+	buf, err := encodeNoEscape(ctx, v)
+	if err != nil {
+		encoder.ReleaseRuntimeContext(ctx)
+		return nil, err
+	}
+
+	// this line exists to escape call of `runtime.makeslicecopy` .
+	// if use `make([]byte, len(buf)-1)` and `copy(copied, buf)`,
+	// dst buffer size and src buffer size are differrent.
+	// in this case, compiler uses `runtime.makeslicecopy`, but it is slow.
+	buf = buf[:len(buf)-1]
+	copied := make([]byte, len(buf))
+	copy(copied, buf)
+
+	encoder.ReleaseRuntimeContext(ctx)
+	return copied, nil
+}
+
+func marshalIndent(v interface{}, prefix, indent string, optFuncs ...EncodeOptionFunc) ([]byte, error) {
+	ctx := encoder.TakeRuntimeContext()
+
+	ctx.Option.Flag = 0
+	ctx.Option.Flag |= (encoder.HTMLEscapeOption | encoder.NormalizeUTF8Option | encoder.IndentOption)
+	for _, optFunc := range optFuncs {
+		optFunc(ctx.Option)
+	}
+
+	buf, err := encodeIndent(ctx, v, prefix, indent)
+	if err != nil {
+		encoder.ReleaseRuntimeContext(ctx)
+		return nil, err
+	}
+
+	buf = buf[:len(buf)-2]
+	copied := make([]byte, len(buf))
+	copy(copied, buf)
+
+	encoder.ReleaseRuntimeContext(ctx)
+	return copied, nil
+}
+
+func encode(ctx *encoder.RuntimeContext, v interface{}) ([]byte, error) {
+	b := ctx.Buf[:0]
+	if v == nil {
+		b = encoder.AppendNull(ctx, b)
+		b = encoder.AppendComma(ctx, b)
+		return b, nil
+	}
+	header := (*emptyInterface)(unsafe.Pointer(&v))
+	typ := header.typ
+
+	typeptr := uintptr(unsafe.Pointer(typ))
+	codeSet, err := encoder.CompileToGetCodeSet(ctx, typeptr)
+	if err != nil {
+		return nil, err
+	}
+
+	p := uintptr(header.ptr)
+	ctx.Init(p, codeSet.CodeLength)
+	ctx.KeepRefs = append(ctx.KeepRefs, header.ptr)
+
+	buf, err := encodeRunCode(ctx, b, codeSet)
+	if err != nil {
+		return nil, err
+	}
+	ctx.Buf = buf
+	return buf, nil
+}
+
+func encodeNoEscape(ctx *encoder.RuntimeContext, v interface{}) ([]byte, error) {
+	b := ctx.Buf[:0]
+	if v == nil {
+		b = encoder.AppendNull(ctx, b)
+		b = encoder.AppendComma(ctx, b)
+		return b, nil
+	}
+	header := (*emptyInterface)(unsafe.Pointer(&v))
+	typ := header.typ
+
+	typeptr := uintptr(unsafe.Pointer(typ))
+	codeSet, err := encoder.CompileToGetCodeSet(ctx, typeptr)
+	if err != nil {
+		return nil, err
+	}
+
+	p := uintptr(header.ptr)
+	ctx.Init(p, codeSet.CodeLength)
+	buf, err := encodeRunCode(ctx, b, codeSet)
+	if err != nil {
+		return nil, err
+	}
+
+	ctx.Buf = buf
+	return buf, nil
+}
+
+func encodeIndent(ctx *encoder.RuntimeContext, v interface{}, prefix, indent string) ([]byte, error) {
+	b := ctx.Buf[:0]
+	if v == nil {
+		b = encoder.AppendNull(ctx, b)
+		b = encoder.AppendCommaIndent(ctx, b)
+		return b, nil
+	}
+	header := (*emptyInterface)(unsafe.Pointer(&v))
+	typ := header.typ
+
+	typeptr := uintptr(unsafe.Pointer(typ))
+	codeSet, err := encoder.CompileToGetCodeSet(ctx, typeptr)
+	if err != nil {
+		return nil, err
+	}
+
+	p := uintptr(header.ptr)
+	ctx.Init(p, codeSet.CodeLength)
+	buf, err := encodeRunIndentCode(ctx, b, codeSet, prefix, indent)
+
+	ctx.KeepRefs = append(ctx.KeepRefs, header.ptr)
+
+	if err != nil {
+		return nil, err
+	}
+
+	ctx.Buf = buf
+	return buf, nil
+}
+
+func encodeRunCode(ctx *encoder.RuntimeContext, b []byte, codeSet *encoder.OpcodeSet) ([]byte, error) {
+	if (ctx.Option.Flag & encoder.DebugOption) != 0 {
+		if (ctx.Option.Flag & encoder.ColorizeOption) != 0 {
+			return vm_color.DebugRun(ctx, b, codeSet)
+		}
+		return vm.DebugRun(ctx, b, codeSet)
+	}
+	if (ctx.Option.Flag & encoder.ColorizeOption) != 0 {
+		return vm_color.Run(ctx, b, codeSet)
+	}
+	return vm.Run(ctx, b, codeSet)
+}
+
+func encodeRunIndentCode(ctx *encoder.RuntimeContext, b []byte, codeSet *encoder.OpcodeSet, prefix, indent string) ([]byte, error) {
+	ctx.Prefix = []byte(prefix)
+	ctx.IndentStr = []byte(indent)
+	if (ctx.Option.Flag & encoder.DebugOption) != 0 {
+		if (ctx.Option.Flag & encoder.ColorizeOption) != 0 {
+			return vm_color_indent.DebugRun(ctx, b, codeSet)
+		}
+		return vm_indent.DebugRun(ctx, b, codeSet)
+	}
+	if (ctx.Option.Flag & encoder.ColorizeOption) != 0 {
+		return vm_color_indent.Run(ctx, b, codeSet)
+	}
+	return vm_indent.Run(ctx, b, codeSet)
+}
diff --git a/vendor/github.com/goccy/go-json/error.go b/vendor/github.com/goccy/go-json/error.go
new file mode 100644
index 000000000..5b2dcee50
--- /dev/null
+++ b/vendor/github.com/goccy/go-json/error.go
@@ -0,0 +1,41 @@
+package json
+
+import (
+	"github.com/goccy/go-json/internal/errors"
+)
+
+// Before Go 1.2, an InvalidUTF8Error was returned by Marshal when
+// attempting to encode a string value with invalid UTF-8 sequences.
+// As of Go 1.2, Marshal instead coerces the string to valid UTF-8 by
+// replacing invalid bytes with the Unicode replacement rune U+FFFD.
+//
+// Deprecated: No longer used; kept for compatibility.
+type InvalidUTF8Error = errors.InvalidUTF8Error
+
+// An InvalidUnmarshalError describes an invalid argument passed to Unmarshal.
+// (The argument to Unmarshal must be a non-nil pointer.)
+type InvalidUnmarshalError = errors.InvalidUnmarshalError
+
+// A MarshalerError represents an error from calling a MarshalJSON or MarshalText method.
+type MarshalerError = errors.MarshalerError
+
+// A SyntaxError is a description of a JSON syntax error.
+type SyntaxError = errors.SyntaxError
+
+// An UnmarshalFieldError describes a JSON object key that
+// led to an unexported (and therefore unwritable) struct field.
+//
+// Deprecated: No longer used; kept for compatibility.
+type UnmarshalFieldError = errors.UnmarshalFieldError
+
+// An UnmarshalTypeError describes a JSON value that was
+// not appropriate for a value of a specific Go type.
+type UnmarshalTypeError = errors.UnmarshalTypeError
+
+// An UnsupportedTypeError is returned by Marshal when attempting
+// to encode an unsupported value type.
+type UnsupportedTypeError = errors.UnsupportedTypeError
+
+type UnsupportedValueError = errors.UnsupportedValueError
+
+type PathError = errors.PathError
diff --git a/vendor/github.com/goccy/go-json/internal/decoder/anonymous_field.go b/vendor/github.com/goccy/go-json/internal/decoder/anonymous_field.go
new file mode 100644
index 000000000..b6876cf0d
--- /dev/null
+++ b/vendor/github.com/goccy/go-json/internal/decoder/anonymous_field.go
@@ -0,0 +1,41 @@
+package decoder
+
+import (
+	"unsafe"
+
+	"github.com/goccy/go-json/internal/runtime"
+)
+
+type anonymousFieldDecoder struct {
+	structType *runtime.Type
+	offset     uintptr
+	dec        Decoder
+}
+
+func newAnonymousFieldDecoder(structType *runtime.Type, offset uintptr, dec Decoder) *anonymousFieldDecoder {
+	return &anonymousFieldDecoder{
+		structType: structType,
+		offset:     offset,
+		dec:        dec,
+	}
+}
+
+func (d *anonymousFieldDecoder) DecodeStream(s *Stream, depth int64, p unsafe.Pointer) error {
+	if *(*unsafe.Pointer)(p) == nil {
+		*(*unsafe.Pointer)(p) = unsafe_New(d.structType)
+	}
+	p = *(*unsafe.Pointer)(p)
+	return d.dec.DecodeStream(s, depth, unsafe.Pointer(uintptr(p)+d.offset))
+}
+
+func (d *anonymousFieldDecoder) Decode(ctx *RuntimeContext, cursor, depth int64, p unsafe.Pointer) (int64, error) {
+	if *(*unsafe.Pointer)(p) == nil {
+		*(*unsafe.Pointer)(p) = unsafe_New(d.structType)
+	}
+	p = *(*unsafe.Pointer)(p)
+	return d.dec.Decode(ctx, cursor, depth, unsafe.Pointer(uintptr(p)+d.offset))
+}
+
+func (d *anonymousFieldDecoder) DecodePath(ctx *RuntimeContext, cursor, depth int64) ([][]byte, int64, error) {
+	return d.dec.DecodePath(ctx, cursor, depth)
+}
diff --git a/vendor/github.com/goccy/go-json/internal/decoder/array.go b/vendor/github.com/goccy/go-json/internal/decoder/array.go
new file mode 100644
index 000000000..4b23ed43f
--- /dev/null
+++ b/vendor/github.com/goccy/go-json/internal/decoder/array.go
@@ -0,0 +1,176 @@
+package decoder
+
+import (
+	"fmt"
+	"unsafe"
+
+	"github.com/goccy/go-json/internal/errors"
+	"github.com/goccy/go-json/internal/runtime"
+)
+
+type arrayDecoder struct {
+	elemType     *runtime.Type
+	size         uintptr
+	valueDecoder Decoder
+	alen         int
+	structName   string
+	fieldName    string
+	zeroValue    unsafe.Pointer
+}
+
+func newArrayDecoder(dec Decoder, elemType *runtime.Type, alen int, structName, fieldName string) *arrayDecoder {
+	// workaround to avoid checkptr errors. cannot use `*(*unsafe.Pointer)(unsafe_New(elemType))` directly.
+	zeroValuePtr := unsafe_New(elemType)
+	zeroValue := **(**unsafe.Pointer)(unsafe.Pointer(&zeroValuePtr))
+	return &arrayDecoder{
+		valueDecoder: dec,
+		elemType:     elemType,
+		size:         elemType.Size(),
+		alen:         alen,
+		structName:   structName,
+		fieldName:    fieldName,
+		zeroValue:    zeroValue,
+	}
+}
+
+func (d *arrayDecoder) DecodeStream(s *Stream, depth int64, p unsafe.Pointer) error {
+	depth++
+	if depth > maxDecodeNestingDepth {
+		return errors.ErrExceededMaxDepth(s.char(), s.cursor)
+	}
+
+	for {
+		switch s.char() {
+		case ' ', '\n', '\t', '\r':
+		case 'n':
+			if err := nullBytes(s); err != nil {
+				return err
+			}
+			return nil
+		case '[':
+			idx := 0
+			s.cursor++
+			if s.skipWhiteSpace() == ']' {
+				for idx < d.alen {
+					*(*unsafe.Pointer)(unsafe.Pointer(uintptr(p) + uintptr(idx)*d.size)) = d.zeroValue
+					idx++
+				}
+				s.cursor++
+				return nil
+			}
+			for {
+				if idx < d.alen {
+					if err := d.valueDecoder.DecodeStream(s, depth, unsafe.Pointer(uintptr(p)+uintptr(idx)*d.size)); err != nil {
+						return err
+					}
+				} else {
+					if err := s.skipValue(depth); err != nil {
+						return err
+					}
+				}
+				idx++
+				switch s.skipWhiteSpace() {
+				case ']':
+					for idx < d.alen {
+						*(*unsafe.Pointer)(unsafe.Pointer(uintptr(p) + uintptr(idx)*d.size)) = d.zeroValue
+						idx++
+					}
+					s.cursor++
+					return nil
+				case ',':
+					s.cursor++
+					continue
+				case nul:
+					if s.read() {
+						s.cursor++
+						continue
+					}
+					goto ERROR
+				default:
+					goto ERROR
+				}
+			}
+		case nul:
+			if s.read() {
+				continue
+			}
+			goto ERROR
+		default:
+			goto ERROR
+		}
+		s.cursor++
+	}
+ERROR:
+	return errors.ErrUnexpectedEndOfJSON("array", s.totalOffset())
+}
+
+func (d *arrayDecoder) Decode(ctx *RuntimeContext, cursor, depth int64, p unsafe.Pointer) (int64, error) {
+	buf := ctx.Buf
+	depth++
+	if depth > maxDecodeNestingDepth {
+		return 0, errors.ErrExceededMaxDepth(buf[cursor], cursor)
+	}
+
+	for {
+		switch buf[cursor] {
+		case ' ', '\n', '\t', '\r':
+			cursor++
+			continue
+		case 'n':
+			if err := validateNull(buf, cursor); err != nil {
+				return 0, err
+			}
+			cursor += 4
+			return cursor, nil
+		case '[':
+			idx := 0
+			cursor++
+			cursor = skipWhiteSpace(buf, cursor)
+			if buf[cursor] == ']' {
+				for idx < d.alen {
+					*(*unsafe.Pointer)(unsafe.Pointer(uintptr(p) + uintptr(idx)*d.size)) = d.zeroValue
+					idx++
+				}
+				cursor++
+				return cursor, nil
+			}
+			for {
+				if idx < d.alen {
+					c, err := d.valueDecoder.Decode(ctx, cursor, depth, unsafe.Pointer(uintptr(p)+uintptr(idx)*d.size))
+					if err != nil {
+						return 0, err
+					}
+					cursor = c
+				} else {
+					c, err := skipValue(buf, cursor, depth)
+					if err != nil {
+						return 0, err
+					}
+					cursor = c
+				}
+				idx++
+				cursor = skipWhiteSpace(buf, cursor)
+				switch buf[cursor] {
+				case ']':
+					for idx < d.alen {
+						*(*unsafe.Pointer)(unsafe.Pointer(uintptr(p) + uintptr(idx)*d.size)) = d.zeroValue
+						idx++
+					}
+					cursor++
+					return cursor, nil
+				case ',':
+					cursor++
+					continue
+				default:
+					return 0, errors.ErrInvalidCharacter(buf[cursor], "array", cursor)
+				}
+			}
+		default:
+			return 0, errors.ErrUnexpectedEndOfJSON("array", cursor)
+		}
+	}
+}
+
+func (d *arrayDecoder) DecodePath(ctx *RuntimeContext, cursor, depth int64) ([][]byte, int64, error) {
+	return nil, 0, fmt.Errorf("json: array decoder does not support decode path")
+}
diff --git a/vendor/github.com/goccy/go-json/internal/decoder/assign.go b/vendor/github.com/goccy/go-json/internal/decoder/assign.go
new file mode 100644
index 000000000..c53e6ad9f
--- /dev/null
+++ b/vendor/github.com/goccy/go-json/internal/decoder/assign.go
@@ -0,0 +1,438 @@
+package decoder
+
+import (
+	"fmt"
+	"reflect"
+	"strconv"
+)
+
+var (
+	nilValue = reflect.ValueOf(nil)
+)
+
+func AssignValue(src, dst reflect.Value) error {
+	if dst.Type().Kind() != reflect.Ptr {
+		return fmt.Errorf("invalid dst type. required pointer type: %T", dst.Type())
+	}
+	casted, err := castValue(dst.Elem().Type(), src)
+	if err != nil {
+		return err
+	}
+	dst.Elem().Set(casted)
+	return nil
+}
+
+func castValue(t reflect.Type, v reflect.Value) (reflect.Value, error) {
+	switch t.Kind() {
+	case reflect.Int:
+		vv, err := castInt(v)
+		if err != nil {
+			return nilValue, err
+		}
+		return reflect.ValueOf(int(vv.Int())), nil
+	case reflect.Int8:
+		vv, err := castInt(v)
+		if err != nil {
+			return nilValue, err
+		}
+		return reflect.ValueOf(int8(vv.Int())), nil
+	case reflect.Int16:
+		vv, err := castInt(v)
+		if err != nil {
+			return nilValue, err
+		}
+		return reflect.ValueOf(int16(vv.Int())), nil
+	case reflect.Int32:
+		vv, err := castInt(v)
+		if err != nil {
+			return nilValue, err
+		}
+		return reflect.ValueOf(int32(vv.Int())), nil
+	case reflect.Int64:
+		return castInt(v)
+	case reflect.Uint:
+		vv, err := castUint(v)
+		if err != nil {
+			return nilValue, err
+		}
+		return reflect.ValueOf(uint(vv.Uint())), nil
+	case reflect.Uint8:
+		vv, err := castUint(v)
+		if err != nil {
+			return nilValue, err
+		}
+		return reflect.ValueOf(uint8(vv.Uint())), nil
+	case reflect.Uint16:
+		vv, err := castUint(v)
+		if err != nil {
+			return nilValue, err
+		}
+		return reflect.ValueOf(uint16(vv.Uint())), nil
+	case reflect.Uint32:
+		vv, err := castUint(v)
+		if err != nil {
+			return nilValue, err
+		}
+		return reflect.ValueOf(uint32(vv.Uint())), nil
+	case reflect.Uint64:
+		return castUint(v)
+	case reflect.Uintptr:
+		vv, err := castUint(v)
+		if err != nil {
+			return nilValue, err
+		}
+		return reflect.ValueOf(uintptr(vv.Uint())), nil
+	case reflect.String:
+		return castString(v)
+	case reflect.Bool:
+		return castBool(v)
+	case reflect.Float32:
+		vv, err := castFloat(v)
+		if err != nil {
+			return nilValue, err
+		}
+		return reflect.ValueOf(float32(vv.Float())), nil
+	case reflect.Float64:
+		return castFloat(v)
+	case reflect.Array:
+		return castArray(t, v)
+	case reflect.Slice:
+		return castSlice(t, v)
+	case reflect.Map:
+		return castMap(t, v)
+	case reflect.Struct:
+		return castStruct(t, v)
+	}
+	return v, nil
+}
+
+func castInt(v reflect.Value) (reflect.Value, error) {
+	switch v.Type().Kind() {
+	case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64:
+		return v, nil
+	case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr:
+		return reflect.ValueOf(int64(v.Uint())), nil
+	case reflect.String:
+		i64, err := strconv.ParseInt(v.String(), 10, 64)
+		if err != nil {
+			return nilValue, err
+		}
+		return reflect.ValueOf(i64), nil
+	case reflect.Bool:
+		if v.Bool() {
+			return reflect.ValueOf(int64(1)), nil
+		}
+		return reflect.ValueOf(int64(0)), nil
+	case reflect.Float32, reflect.Float64:
+		return reflect.ValueOf(int64(v.Float())), nil
+	case reflect.Array:
+		if v.Len() > 0 {
+			return castInt(v.Index(0))
+		}
+		return nilValue, fmt.Errorf("failed to cast to int64 from empty array")
+	case reflect.Slice:
+		if v.Len() > 0 {
+			return castInt(v.Index(0))
+		}
+		return nilValue, fmt.Errorf("failed to cast to int64 from empty slice")
+	case reflect.Interface:
+		return castInt(reflect.ValueOf(v.Interface()))
+	case reflect.Map:
+		return nilValue, fmt.Errorf("failed to cast to int64 from map")
+	case reflect.Struct:
+		return nilValue, fmt.Errorf("failed to cast to int64 from struct")
+	case reflect.Ptr:
+		return castInt(v.Elem())
+	}
+	return nilValue, fmt.Errorf("failed to cast to int64 from %s", v.Type().Kind())
+}
+
+func castUint(v reflect.Value) (reflect.Value, error) {
+	switch v.Type().Kind() {
+	case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64:
+		return reflect.ValueOf(uint64(v.Int())), nil
+	case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr:
+		return v, nil
+	case reflect.String:
+		u64, err := strconv.ParseUint(v.String(), 10, 64)
+		if err != nil {
+			return nilValue, err
+		}
+		return reflect.ValueOf(u64), nil
+	case reflect.Bool:
+		if v.Bool() {
+			return reflect.ValueOf(uint64(1)), nil
+		}
+		return reflect.ValueOf(uint64(0)), nil
+	case reflect.Float32, reflect.Float64:
+		return reflect.ValueOf(uint64(v.Float())), nil
+	case reflect.Array:
+		if v.Len() > 0 {
+			return castUint(v.Index(0))
+		}
+		return nilValue, fmt.Errorf("failed to cast to uint64 from empty array")
+	case reflect.Slice:
+		if v.Len() > 0 {
+			return castUint(v.Index(0))
+		}
+		return nilValue, fmt.Errorf("failed to cast to uint64 from empty slice")
+	case reflect.Interface:
+		return castUint(reflect.ValueOf(v.Interface()))
+	case reflect.Map:
+		return nilValue, fmt.Errorf("failed to cast to uint64 from map")
+	case reflect.Struct:
+		return nilValue, fmt.Errorf("failed to cast to uint64 from struct")
+	case reflect.Ptr:
+		return castUint(v.Elem())
+	}
+	return nilValue, fmt.Errorf("failed to cast to uint64 from %s", v.Type().Kind())
+}
+
+func castString(v reflect.Value) (reflect.Value, error) {
+	switch v.Type().Kind() {
+	case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64:
+		return reflect.ValueOf(fmt.Sprint(v.Int())), nil
+	case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr:
+		return reflect.ValueOf(fmt.Sprint(v.Uint())), nil
+	case reflect.String:
+		return v, nil
+	case reflect.Bool:
+		if v.Bool() {
+			return reflect.ValueOf("true"), nil
+		}
+		return reflect.ValueOf("false"), nil
+	case reflect.Float32, reflect.Float64:
+		return reflect.ValueOf(fmt.Sprint(v.Float())), nil
+	case reflect.Array:
+		if v.Len() > 0 {
+			return castString(v.Index(0))
+		}
+		return nilValue, fmt.Errorf("failed to cast to string from empty array")
+	case reflect.Slice:
+		if v.Len() > 0 {
+			return castString(v.Index(0))
+		}
+		return nilValue, fmt.Errorf("failed to cast to string from empty slice")
+	case reflect.Interface:
+		return castString(reflect.ValueOf(v.Interface()))
+	case reflect.Map:
+		return nilValue, fmt.Errorf("failed to cast to string from map")
+	case reflect.Struct:
+		return nilValue, fmt.Errorf("failed to cast to string from struct")
+	case reflect.Ptr:
+		return castString(v.Elem())
+	}
+	return nilValue, fmt.Errorf("failed to cast to string from %s", v.Type().Kind())
+}
+
+func castBool(v reflect.Value) (reflect.Value, error) {
+	switch v.Type().Kind() {
+	case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64:
+		switch v.Int() {
+		case 0:
+			return reflect.ValueOf(false), nil
+		case 1:
+			return reflect.ValueOf(true), nil
+		}
+		return nilValue, fmt.Errorf("failed to cast to bool from %d", v.Int())
+	case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr:
+		switch v.Uint() {
+		case 0:
+			return reflect.ValueOf(false), nil
+		case 1:
+			return reflect.ValueOf(true), nil
+		}
+		return nilValue, fmt.Errorf("failed to cast to bool from %d", v.Uint())
+	case reflect.String:
+		b, err := strconv.ParseBool(v.String())
+		if err != nil {
+			return nilValue, err
+		}
+		return reflect.ValueOf(b), nil
+	case reflect.Bool:
+		return v, nil
+	case reflect.Float32, reflect.Float64:
+		switch v.Float() {
+		case 0:
+			return reflect.ValueOf(false), nil
+		case 1:
+			return reflect.ValueOf(true), nil
+		}
+		return nilValue, fmt.Errorf("failed to cast to bool from %f", v.Float())
+	case reflect.Array:
+		if v.Len() > 0 {
+			return castBool(v.Index(0))
+		}
+		return nilValue, fmt.Errorf("failed to cast to string from empty array")
+	case reflect.Slice:
+		if v.Len() > 0 {
+			return castBool(v.Index(0))
+		}
+		return nilValue, fmt.Errorf("failed to cast to string from empty slice")
+	case reflect.Interface:
+		return castBool(reflect.ValueOf(v.Interface()))
+	case reflect.Map:
+		return nilValue, fmt.Errorf("failed to cast to string from map")
+	case reflect.Struct:
+		return nilValue, fmt.Errorf("failed to cast to string from struct")
+	case reflect.Ptr:
+		return castBool(v.Elem())
+	}
+	return nilValue, fmt.Errorf("failed to cast to bool from %s", v.Type().Kind())
+}
+
+func castFloat(v reflect.Value) (reflect.Value, error) {
+	switch v.Type().Kind() {
+	case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64:
+		return reflect.ValueOf(float64(v.Int())), nil
+	case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr:
+		return reflect.ValueOf(float64(v.Uint())), nil
+	case reflect.String:
+		f64, err := strconv.ParseFloat(v.String(), 64)
+		if err != nil {
+			return nilValue, err
+		}
+		return reflect.ValueOf(f64), nil
+	case reflect.Bool:
+		if v.Bool() {
+			return reflect.ValueOf(float64(1)), nil
+		}
+		return reflect.ValueOf(float64(0)), nil
+	case reflect.Float32, reflect.Float64:
+		return v, nil
+	case reflect.Array:
+		if v.Len() > 0 {
+			return castFloat(v.Index(0))
+		}
+		return nilValue, fmt.Errorf("failed to cast to float64 from empty array")
+	case reflect.Slice:
+		if v.Len() > 0 {
+			return castFloat(v.Index(0))
+		}
+		return nilValue, fmt.Errorf("failed to cast to float64 from empty slice")
+	case reflect.Interface:
+		return castFloat(reflect.ValueOf(v.Interface()))
+	case reflect.Map:
+		return nilValue, fmt.Errorf("failed to cast to float64 from map")
+	case reflect.Struct:
+		return nilValue, fmt.Errorf("failed to cast to float64 from struct")
+	case reflect.Ptr:
+		return castFloat(v.Elem())
+	}
+	return nilValue, fmt.Errorf("failed to cast to float64 from %s", v.Type().Kind())
+}
+
+func castArray(t reflect.Type, v reflect.Value) (reflect.Value, error) {
+	kind := v.Type().Kind()
+	if kind == reflect.Interface {
+		return castArray(t, reflect.ValueOf(v.Interface()))
+	}
+	if kind != reflect.Slice && kind != reflect.Array {
+		return nilValue, fmt.Errorf("failed to cast to array from %s", kind)
+	}
+	if t.Elem() == v.Type().Elem() {
+		return v, nil
+	}
+	if t.Len() != v.Len() {
+		return nilValue, fmt.Errorf("failed to cast [%d]array from slice of %d length", t.Len(), v.Len())
+	}
+	ret := reflect.New(t).Elem()
+	for i := 0; i < v.Len(); i++ {
+		vv, err := castValue(t.Elem(), v.Index(i))
+		if err != nil {
+			return nilValue, err
+		}
+		ret.Index(i).Set(vv)
+	}
+	return ret, nil
+}
+
+func castSlice(t reflect.Type, v reflect.Value) (reflect.Value, error) {
+	kind := v.Type().Kind()
+	if kind == reflect.Interface {
+		return castSlice(t, reflect.ValueOf(v.Interface()))
+	}
+	if kind != reflect.Slice && kind != reflect.Array {
+		return nilValue, fmt.Errorf("failed to cast to slice from %s", kind)
+	}
+	if t.Elem() == v.Type().Elem() {
+		return v, nil
+	}
+	ret := reflect.MakeSlice(t, v.Len(), v.Len())
+	for i := 0; i < v.Len(); i++ {
+		vv, err := castValue(t.Elem(), v.Index(i))
+		if err != nil {
+			return nilValue, err
+		}
+		ret.Index(i).Set(vv)
+	}
+	return ret, nil
+}
+
+func castMap(t reflect.Type, v reflect.Value) (reflect.Value, error) {
+	ret := reflect.MakeMap(t)
+	switch v.Type().Kind() {
+	case reflect.Map:
+		iter := v.MapRange()
+		for iter.Next() {
+			key, err := castValue(t.Key(), iter.Key())
+			if err != nil {
+				return nilValue, err
+			}
+			value, err := castValue(t.Elem(), iter.Value())
+			if err != nil {
+				return nilValue, err
+			}
+			ret.SetMapIndex(key, value)
+		}
+		return ret, nil
+	case reflect.Interface:
+		return castMap(t, reflect.ValueOf(v.Interface()))
+	case reflect.Slice:
+		if v.Len() > 0 {
+			return castMap(t, v.Index(0))
+		}
+		return nilValue, fmt.Errorf("failed to cast to map from empty slice")
+	}
+	return nilValue, fmt.Errorf("failed to cast to map from %s", v.Type().Kind())
+}
+
+func castStruct(t reflect.Type, v reflect.Value) (reflect.Value, error) {
+	ret := reflect.New(t).Elem()
+	switch v.Type().Kind() {
+	case reflect.Map:
+		iter := v.MapRange()
+		for iter.Next() {
+			key := iter.Key()
+			k, err := castString(key)
+			if err != nil {
+				return nilValue, err
+			}
+			fieldName := k.String()
+			field, ok := t.FieldByName(fieldName)
+			if ok {
+				value, err := castValue(field.Type, iter.Value())
+				if err != nil {
+					return nilValue, err
+				}
+				ret.FieldByName(fieldName).Set(value)
+			}
+		}
+		return ret, nil
+	case reflect.Struct:
+		for i := 0; i < v.Type().NumField(); i++ {
+			name := v.Type().Field(i).Name
+			ret.FieldByName(name).Set(v.FieldByName(name))
+		}
+		return ret, nil
+	case reflect.Interface:
+		return castStruct(t, reflect.ValueOf(v.Interface()))
+	case reflect.Slice:
+		if v.Len() > 0 {
+			return castStruct(t, v.Index(0))
+		}
+		return nilValue, fmt.Errorf("failed to cast to struct from empty slice")
+	default:
+		return nilValue, fmt.Errorf("failed to cast to struct from %s", v.Type().Kind())
+	}
+}
diff --git a/vendor/github.com/goccy/go-json/internal/decoder/bool.go b/vendor/github.com/goccy/go-json/internal/decoder/bool.go
new file mode 100644
index 000000000..ba6cf5bc4
--- /dev/null
+++ b/vendor/github.com/goccy/go-json/internal/decoder/bool.go
@@ -0,0 +1,83 @@
+package decoder
+
+import (
+	"fmt"
+	"unsafe"
+
+	"github.com/goccy/go-json/internal/errors"
+)
+
+type boolDecoder struct {
+	structName string
+	fieldName  string
+}
+
+func newBoolDecoder(structName, fieldName string) *boolDecoder {
+	return &boolDecoder{structName: structName, fieldName: fieldName}
+}
+
+func (d *boolDecoder) DecodeStream(s *Stream, depth int64, p unsafe.Pointer) error {
+	c := s.skipWhiteSpace()
+	for {
+		switch c {
+		case 't':
+			if err := trueBytes(s); err != nil {
+				return err
+			}
+			**(**bool)(unsafe.Pointer(&p)) = true
+			return nil
+		case 'f':
+			if err := falseBytes(s); err != nil {
+				return err
+			}
+			**(**bool)(unsafe.Pointer(&p)) = false
+			return nil
+		case 'n':
+			if err := nullBytes(s); err != nil {
+				return err
+			}
+			return nil
+		case nul:
+			if s.read() {
+				c = s.char()
+				continue
+			}
+			goto ERROR
+		}
+		break
+	}
+ERROR:
+	return errors.ErrUnexpectedEndOfJSON("bool", s.totalOffset())
+}
+
+func (d *boolDecoder) Decode(ctx *RuntimeContext, cursor, depth int64, p unsafe.Pointer) (int64, error) {
+	buf := ctx.Buf
+	cursor = skipWhiteSpace(buf, cursor)
+	switch buf[cursor] {
+	case 't':
+		if err := validateTrue(buf, cursor); err != nil {
+			return 0, err
+		}
+		cursor += 4
+		**(**bool)(unsafe.Pointer(&p)) = true
+		return cursor, nil
+	case 'f':
+		if err := validateFalse(buf, cursor); err != nil {
+			return 0, err
+		}
+		cursor += 5
+		**(**bool)(unsafe.Pointer(&p)) = false
+		return cursor, nil
+	case 'n':
+		if err := validateNull(buf, cursor); err != nil {
+			return 0, err
+		}
+		cursor += 4
+		return cursor, nil
+	}
+	return 0, errors.ErrUnexpectedEndOfJSON("bool", cursor)
+}
+
+func (d *boolDecoder) DecodePath(ctx *RuntimeContext, cursor, depth int64) ([][]byte, int64, error) {
+	return nil, 0, fmt.Errorf("json: bool decoder does not support decode path")
+}
diff --git a/vendor/github.com/goccy/go-json/internal/decoder/bytes.go b/vendor/github.com/goccy/go-json/internal/decoder/bytes.go
new file mode 100644
index 000000000..939bf4327
--- /dev/null
+++ b/vendor/github.com/goccy/go-json/internal/decoder/bytes.go
@@ -0,0 +1,118 @@
+package decoder
+
+import (
+	"encoding/base64"
+	"fmt"
+	"unsafe"
+
+	"github.com/goccy/go-json/internal/errors"
+	"github.com/goccy/go-json/internal/runtime"
+)
+
+type bytesDecoder struct {
+	typ           *runtime.Type
+	sliceDecoder  Decoder
+	stringDecoder *stringDecoder
+	structName    string
+	fieldName     string
+}
+
+func byteUnmarshalerSliceDecoder(typ *runtime.Type, structName string, fieldName string) Decoder {
+	var unmarshalDecoder Decoder
+	switch {
+	case runtime.PtrTo(typ).Implements(unmarshalJSONType):
+		unmarshalDecoder = newUnmarshalJSONDecoder(runtime.PtrTo(typ), structName, fieldName)
+	case runtime.PtrTo(typ).Implements(unmarshalTextType):
+		unmarshalDecoder = newUnmarshalTextDecoder(runtime.PtrTo(typ), structName, fieldName)
+	default:
+		unmarshalDecoder, _ = compileUint8(typ, structName, fieldName)
+	}
+	return newSliceDecoder(unmarshalDecoder, typ, 1, structName, fieldName)
+}
+
+func newBytesDecoder(typ *runtime.Type, structName string, fieldName string) *bytesDecoder {
+	return &bytesDecoder{
+		typ:           typ,
+		sliceDecoder:  byteUnmarshalerSliceDecoder(typ, structName, fieldName),
+		stringDecoder: newStringDecoder(structName, fieldName),
+		structName:    structName,
+		fieldName:     fieldName,
+	}
+}
+
+func (d *bytesDecoder) DecodeStream(s *Stream, depth int64, p unsafe.Pointer) error {
+	bytes, err := d.decodeStreamBinary(s, depth, p)
+	if err != nil {
+		return err
+	}
+	if bytes == nil {
+		s.reset()
+		return nil
+	}
+	decodedLen := base64.StdEncoding.DecodedLen(len(bytes))
+	buf := make([]byte, decodedLen)
+	n, err := base64.StdEncoding.Decode(buf, bytes)
+	if err != nil {
+		return err
+	}
+	*(*[]byte)(p) = buf[:n]
+	s.reset()
+	return nil
+}
+
+func (d *bytesDecoder) Decode(ctx *RuntimeContext, cursor, depth int64, p unsafe.Pointer) (int64, error) {
+	bytes, c, err := d.decodeBinary(ctx, cursor, depth, p)
+	if err != nil {
+		return 0, err
+	}
+	if bytes == nil {
+		return c, nil
+	}
+	cursor = c
+	decodedLen := base64.StdEncoding.DecodedLen(len(bytes))
+	b := make([]byte, decodedLen)
+	n, err := base64.StdEncoding.Decode(b, bytes)
+	if err != nil {
+		return 0, err
+	}
+	*(*[]byte)(p) = b[:n]
+	return cursor, nil
+}
+
+func (d *bytesDecoder) DecodePath(ctx *RuntimeContext, cursor, depth int64) ([][]byte, int64, error) {
+	return nil, 0, fmt.Errorf("json: []byte decoder does not support decode path")
+}
+
+func (d *bytesDecoder) decodeStreamBinary(s *Stream, depth int64, p unsafe.Pointer) ([]byte, error) {
+	c := s.skipWhiteSpace()
+	if c == '[' {
+		if d.sliceDecoder == nil {
+			return nil, &errors.UnmarshalTypeError{
+				Type:   runtime.RType2Type(d.typ),
+				Offset: s.totalOffset(),
+			}
+		}
+		err := d.sliceDecoder.DecodeStream(s, depth, p)
+		return nil, err
+	}
+	return d.stringDecoder.decodeStreamByte(s)
+}
+
+func (d *bytesDecoder) decodeBinary(ctx *RuntimeContext, cursor, depth int64, p unsafe.Pointer) ([]byte, int64, error) {
+	buf := ctx.Buf
+	cursor = skipWhiteSpace(buf, cursor)
+	if buf[cursor] == '[' {
+		if d.sliceDecoder == nil {
+			return nil, 0, &errors.UnmarshalTypeError{
+				Type:   runtime.RType2Type(d.typ),
+				Offset: cursor,
+			}
+		}
+		c, err := d.sliceDecoder.Decode(ctx, cursor, depth, p)
+		if err != nil {
+			return nil, 0, err
+		}
+		return nil, c, nil
+	}
+	return d.stringDecoder.decodeByte(buf, cursor)
+}
diff --git a/vendor/github.com/goccy/go-json/internal/decoder/compile.go b/vendor/github.com/goccy/go-json/internal/decoder/compile.go
new file mode 100644
index 000000000..fab643764
--- /dev/null
+++ b/vendor/github.com/goccy/go-json/internal/decoder/compile.go
@@ -0,0 +1,487 @@
+package decoder
+
+import (
+	"encoding/json"
+	"fmt"
+	"reflect"
+	"strings"
+	"sync/atomic"
+	"unicode"
+	"unsafe"
+
+	"github.com/goccy/go-json/internal/runtime"
+)
+
+var (
+	jsonNumberType   = reflect.TypeOf(json.Number(""))
+	typeAddr         *runtime.TypeAddr
+	cachedDecoderMap unsafe.Pointer // map[uintptr]decoder
+	cachedDecoder    []Decoder
+)
+
+func init() {
+	typeAddr = runtime.AnalyzeTypeAddr()
+	if typeAddr == nil {
+		typeAddr = &runtime.TypeAddr{}
+	}
+	cachedDecoder = make([]Decoder, typeAddr.AddrRange>>typeAddr.AddrShift+1)
+}
+
+func loadDecoderMap() map[uintptr]Decoder {
+	p := atomic.LoadPointer(&cachedDecoderMap)
+	return *(*map[uintptr]Decoder)(unsafe.Pointer(&p))
+}
+
+func storeDecoder(typ uintptr, dec Decoder, m map[uintptr]Decoder) {
+	newDecoderMap := make(map[uintptr]Decoder, len(m)+1)
+	newDecoderMap[typ] = dec
+
+	for k, v := range m {
+		newDecoderMap[k] = v
+	}
+
+	atomic.StorePointer(&cachedDecoderMap, *(*unsafe.Pointer)(unsafe.Pointer(&newDecoderMap)))
+}
+
+func compileToGetDecoderSlowPath(typeptr uintptr, typ *runtime.Type) (Decoder, error) {
+	decoderMap := loadDecoderMap()
+	if dec, exists := decoderMap[typeptr]; exists {
+		return dec, nil
+	}
+
+	dec, err := compileHead(typ, map[uintptr]Decoder{})
+	if err != nil {
+		return nil, err
+	}
+	storeDecoder(typeptr, dec, decoderMap)
+	return dec, nil
+}
+
+func compileHead(typ *runtime.Type, structTypeToDecoder map[uintptr]Decoder) (Decoder, error) {
+	switch {
+	case implementsUnmarshalJSONType(runtime.PtrTo(typ)):
+		return newUnmarshalJSONDecoder(runtime.PtrTo(typ), "", ""), nil
+	case runtime.PtrTo(typ).Implements(unmarshalTextType):
+		return newUnmarshalTextDecoder(runtime.PtrTo(typ), "", ""), nil
+	}
+	return compile(typ.Elem(), "", "", structTypeToDecoder)
+}
+
+func compile(typ *runtime.Type, structName, fieldName string, structTypeToDecoder map[uintptr]Decoder) (Decoder, error) {
+	switch {
+	case implementsUnmarshalJSONType(runtime.PtrTo(typ)):
+		return newUnmarshalJSONDecoder(runtime.PtrTo(typ), structName, fieldName), nil
+	case runtime.PtrTo(typ).Implements(unmarshalTextType):
+		return newUnmarshalTextDecoder(runtime.PtrTo(typ), structName, fieldName), nil
+	}
+
+	switch typ.Kind() {
+	case reflect.Ptr:
+		return compilePtr(typ, structName, fieldName, structTypeToDecoder)
+	case reflect.Struct:
+		return compileStruct(typ, structName, fieldName, structTypeToDecoder)
+	case reflect.Slice:
+		elem := typ.Elem()
+		if elem.Kind() == reflect.Uint8 {
+			return compileBytes(elem, structName, fieldName)
+		}
+		return compileSlice(typ, structName, fieldName, structTypeToDecoder)
+	case reflect.Array:
+		return compileArray(typ, structName, fieldName, structTypeToDecoder)
+	case reflect.Map:
+		return compileMap(typ, structName, fieldName, structTypeToDecoder)
+	case reflect.Interface:
+		return compileInterface(typ, structName, fieldName)
+	case reflect.Uintptr:
+		return compileUint(typ, structName, fieldName)
+	case reflect.Int:
+		return compileInt(typ, structName, fieldName)
+	case reflect.Int8:
+		return compileInt8(typ, structName, fieldName)
+	case reflect.Int16:
+		return compileInt16(typ, structName, fieldName)
+	case reflect.Int32:
+		return compileInt32(typ, structName, fieldName)
+	case reflect.Int64:
+		return compileInt64(typ, structName, fieldName)
+	case reflect.Uint:
+		return compileUint(typ, structName, fieldName)
+	case reflect.Uint8:
+		return compileUint8(typ, structName, fieldName)
+	case reflect.Uint16:
+		return compileUint16(typ, structName, fieldName)
+	case reflect.Uint32:
+		return compileUint32(typ, structName, fieldName)
+	case reflect.Uint64:
+		return compileUint64(typ, structName, fieldName)
+	case reflect.String:
+		return compileString(typ, structName, fieldName)
+	case reflect.Bool:
+		return compileBool(structName, fieldName)
+	case reflect.Float32:
+		return compileFloat32(structName, fieldName)
+	case reflect.Float64:
+		return compileFloat64(structName, fieldName)
+	case reflect.Func:
+		return compileFunc(typ, structName, fieldName)
+	}
+	return newInvalidDecoder(typ, structName, fieldName), nil
+}
+
+func isStringTagSupportedType(typ *runtime.Type) bool {
+	switch {
+	case implementsUnmarshalJSONType(runtime.PtrTo(typ)):
+		return false
+	case runtime.PtrTo(typ).Implements(unmarshalTextType):
+		return false
+	}
+	switch typ.Kind() {
+	case reflect.Map:
+		return false
+	case reflect.Slice:
+		return false
+	case reflect.Array:
+		return false
+	case reflect.Struct:
+		return false
+	case reflect.Interface:
+		return false
+	}
+	return true
+}
+
+func compileMapKey(typ *runtime.Type, structName, fieldName string, structTypeToDecoder map[uintptr]Decoder) (Decoder, error) {
+	if runtime.PtrTo(typ).Implements(unmarshalTextType) {
+		return newUnmarshalTextDecoder(runtime.PtrTo(typ), structName, fieldName), nil
+	}
+	if typ.Kind() == reflect.String {
+		return newStringDecoder(structName, fieldName), nil
+	}
+	dec, err := compile(typ, structName, fieldName, structTypeToDecoder)
+	if err != nil {
+		return nil, err
+	}
+	for {
+		switch t := dec.(type) {
+		case *stringDecoder, *interfaceDecoder:
+			return dec, nil
+		case *boolDecoder, *intDecoder, *uintDecoder, *numberDecoder:
+			return newWrappedStringDecoder(typ, dec, structName, fieldName), nil
+		case *ptrDecoder:
+			dec = t.dec
+		default:
+			return newInvalidDecoder(typ, structName, fieldName), nil
+		}
+	}
+}
+
+func compilePtr(typ *runtime.Type, structName, fieldName string, structTypeToDecoder map[uintptr]Decoder) (Decoder, error) {
+	dec, err := compile(typ.Elem(), structName, fieldName, structTypeToDecoder)
+	if err != nil {
+		return nil, err
+	}
+	return newPtrDecoder(dec, typ.Elem(), structName, fieldName), nil
+}
+
+func compileInt(typ *runtime.Type, structName, fieldName string) (Decoder, error) {
+	return newIntDecoder(typ, structName, fieldName, func(p unsafe.Pointer, v int64) {
+		*(*int)(p) = int(v)
+	}), nil
+}
+
+func compileInt8(typ *runtime.Type, structName, fieldName string) (Decoder, error) {
+	return newIntDecoder(typ, structName, fieldName, func(p unsafe.Pointer, v int64) {
+		*(*int8)(p) = int8(v)
+	}), nil
+}
+
+func compileInt16(typ *runtime.Type, structName, fieldName string) (Decoder, error) {
+	return newIntDecoder(typ, structName, fieldName, func(p unsafe.Pointer, v int64) {
+		*(*int16)(p) = int16(v)
+	}), nil
+}
+
+func compileInt32(typ *runtime.Type, structName, fieldName string) (Decoder, error) {
+	return newIntDecoder(typ, structName, fieldName, func(p unsafe.Pointer, v int64) {
+		*(*int32)(p) = int32(v)
+	}), nil
+}
+
+func compileInt64(typ *runtime.Type, structName, fieldName string) (Decoder, error) {
+	return newIntDecoder(typ, structName, fieldName, func(p unsafe.Pointer, v int64) {
+		*(*int64)(p) = v
+	}), nil
+}
+
+func compileUint(typ *runtime.Type, structName, fieldName string) (Decoder, error) {
+	return newUintDecoder(typ, structName, fieldName, func(p unsafe.Pointer, v uint64) {
+		*(*uint)(p) = uint(v)
+	}), nil
+}
+
+func compileUint8(typ *runtime.Type, structName, fieldName string) (Decoder, error) {
+	return newUintDecoder(typ, structName, fieldName, func(p unsafe.Pointer, v uint64) {
+		*(*uint8)(p) = uint8(v)
+	}), nil
+}
+
+func compileUint16(typ *runtime.Type, structName, fieldName string) (Decoder, error) {
+	return newUintDecoder(typ, structName, fieldName, func(p unsafe.Pointer, v uint64) {
+		*(*uint16)(p) = uint16(v)
+	}), nil
+}
+
+func compileUint32(typ *runtime.Type, structName, fieldName string) (Decoder, error) {
+	return newUintDecoder(typ, structName, fieldName, func(p unsafe.Pointer, v uint64) {
+		*(*uint32)(p) = uint32(v)
+	}), nil
+}
+
+func compileUint64(typ *runtime.Type, structName, fieldName string) (Decoder, error) {
+	return newUintDecoder(typ, structName, fieldName, func(p unsafe.Pointer, v uint64) {
+		*(*uint64)(p) = v
+	}), nil
+}
+
+func compileFloat32(structName, fieldName string) (Decoder, error) {
+	return newFloatDecoder(structName, fieldName, func(p unsafe.Pointer, v float64) {
+		*(*float32)(p) = float32(v)
+	}), nil
+}
+
+func compileFloat64(structName, fieldName string) (Decoder, error) {
+	return newFloatDecoder(structName, fieldName, func(p unsafe.Pointer, v float64) {
+		*(*float64)(p) = v
+	}), nil
+}
+
+func compileString(typ *runtime.Type, structName, fieldName string) (Decoder, error) {
+	if typ == runtime.Type2RType(jsonNumberType) {
+		return newNumberDecoder(structName, fieldName, func(p unsafe.Pointer, v json.Number) {
+			*(*json.Number)(p) = v
+		}), nil
+	}
+	return newStringDecoder(structName, fieldName), nil
+}
+
+func compileBool(structName, fieldName string) (Decoder, error) {
+	return newBoolDecoder(structName, fieldName), nil
+}
+
+func compileBytes(typ *runtime.Type, structName, fieldName string) (Decoder, error) {
+	return newBytesDecoder(typ, structName, fieldName), nil
+}
+
+func compileSlice(typ *runtime.Type, structName, fieldName string, structTypeToDecoder map[uintptr]Decoder) (Decoder, error) {
+	elem := typ.Elem()
+	decoder, err := compile(elem, structName, fieldName, structTypeToDecoder)
+	if err != nil {
+		return nil, err
+	}
+	return newSliceDecoder(decoder, elem, elem.Size(), structName, fieldName), nil
+}
+
+func compileArray(typ *runtime.Type, structName, fieldName string, structTypeToDecoder map[uintptr]Decoder) (Decoder, error) {
+	elem := typ.Elem()
+	decoder, err := compile(elem, structName, fieldName, structTypeToDecoder)
+	if err != nil {
+		return nil, err
+	}
+	return newArrayDecoder(decoder, elem, typ.Len(), structName, fieldName), nil
+}
+
+func compileMap(typ *runtime.Type, structName, fieldName string, structTypeToDecoder map[uintptr]Decoder) (Decoder, error) {
+	keyDec, err := compileMapKey(typ.Key(), structName, fieldName, structTypeToDecoder)
+	if err != nil {
+		return nil, err
+	}
+	valueDec, err := compile(typ.Elem(), structName, fieldName, structTypeToDecoder)
+	if err != nil {
+		return nil, err
+	}
+	return newMapDecoder(typ, typ.Key(), keyDec, typ.Elem(), valueDec, structName, fieldName), nil
+}
+
+func compileInterface(typ *runtime.Type, structName, fieldName string) (Decoder, error) {
+	return newInterfaceDecoder(typ, structName, fieldName), nil
+}
+
+func compileFunc(typ *runtime.Type, strutName, fieldName string) (Decoder, error) {
+	return newFuncDecoder(typ, strutName, fieldName), nil
+}
+
+func typeToStructTags(typ *runtime.Type) runtime.StructTags {
+	tags := runtime.StructTags{}
+	fieldNum := typ.NumField()
+	for i := 0; i < fieldNum; i++ {
+		field := typ.Field(i)
+		if runtime.IsIgnoredStructField(field) {
+			continue
+		}
+		tags = append(tags, runtime.StructTagFromField(field))
+	}
+	return tags
+}
+
+func compileStruct(typ *runtime.Type, structName, fieldName string, structTypeToDecoder map[uintptr]Decoder) (Decoder, error) {
+	fieldNum := typ.NumField()
+	fieldMap := map[string]*structFieldSet{}
+	typeptr := uintptr(unsafe.Pointer(typ))
+	if dec, exists := structTypeToDecoder[typeptr]; exists {
+		return dec, nil
+	}
+	structDec := newStructDecoder(structName, fieldName, fieldMap)
+	structTypeToDecoder[typeptr] = structDec
+	structName = typ.Name()
+	tags := typeToStructTags(typ)
+	allFields := []*structFieldSet{}
+	for i := 0; i < fieldNum; i++ {
+		field := typ.Field(i)
+		if runtime.IsIgnoredStructField(field) {
+			continue
+		}
+		isUnexportedField := unicode.IsLower([]rune(field.Name)[0])
+		tag := runtime.StructTagFromField(field)
+		dec, err := compile(runtime.Type2RType(field.Type), structName, field.Name, structTypeToDecoder)
+		if err != nil {
+			return nil, err
+		}
+		if field.Anonymous && !tag.IsTaggedKey {
+			if stDec, ok := dec.(*structDecoder); ok {
+				if runtime.Type2RType(field.Type) == typ {
+					// recursive definition
+					continue
+				}
+				for k, v := range stDec.fieldMap {
+					if tags.ExistsKey(k) {
+						continue
+					}
+					fieldSet := &structFieldSet{
+						dec:         v.dec,
+						offset:      field.Offset + v.offset,
+						isTaggedKey: v.isTaggedKey,
+						key:         k,
+						keyLen:      int64(len(k)),
+					}
+					allFields = append(allFields, fieldSet)
+				}
+			} else if pdec, ok := dec.(*ptrDecoder); ok {
+				contentDec := pdec.contentDecoder()
+				if pdec.typ == typ {
+					// recursive definition
+					continue
+				}
+				var fieldSetErr error
+				if isUnexportedField {
+					fieldSetErr = fmt.Errorf(
+						"json: cannot set embedded pointer to unexported struct: %v",
+						field.Type.Elem(),
+					)
+				}
+				if dec, ok := contentDec.(*structDecoder); ok {
+					for k, v := range dec.fieldMap {
+						if tags.ExistsKey(k) {
+							continue
+						}
+						fieldSet := &structFieldSet{
+							dec:         newAnonymousFieldDecoder(pdec.typ, v.offset, v.dec),
+							offset:      field.Offset,
+							isTaggedKey: v.isTaggedKey,
+							key:         k,
+							keyLen:      int64(len(k)),
+							err:         fieldSetErr,
+						}
+						allFields = append(allFields, fieldSet)
+					}
+				} else {
+					fieldSet := &structFieldSet{
+						dec:         pdec,
+						offset:      field.Offset,
+						isTaggedKey: tag.IsTaggedKey,
+						key:         field.Name,
+						keyLen:      int64(len(field.Name)),
+					}
+					allFields = append(allFields, fieldSet)
+				}
+			} else {
+				fieldSet := &structFieldSet{
+					dec:         dec,
+					offset:      field.Offset,
+					isTaggedKey: tag.IsTaggedKey,
+					key:         field.Name,
+					keyLen:      int64(len(field.Name)),
+				}
+				allFields = append(allFields, fieldSet)
+			}
+		} else {
+			if tag.IsString && isStringTagSupportedType(runtime.Type2RType(field.Type)) {
+				dec = newWrappedStringDecoder(runtime.Type2RType(field.Type), dec, structName, field.Name)
+			}
+			var key string
+			if tag.Key != "" {
+				key = tag.Key
+			} else {
+				key = field.Name
+			}
+			fieldSet := &structFieldSet{
+				dec:         dec,
+				offset:      field.Offset,
+				isTaggedKey: tag.IsTaggedKey,
+				key:         key,
+				keyLen:      int64(len(key)),
+			}
+			allFields = append(allFields, fieldSet)
+		}
+	}
+	for _, set := range filterDuplicatedFields(allFields) {
+		fieldMap[set.key] = set
+		lower := strings.ToLower(set.key)
+		if _, exists := fieldMap[lower]; !exists {
+			// first win
+			fieldMap[lower] = set
+		}
+	}
+	delete(structTypeToDecoder, typeptr)
+	structDec.tryOptimize()
+	return structDec, nil
+}
+
+func filterDuplicatedFields(allFields []*structFieldSet) []*structFieldSet {
+	fieldMap := map[string][]*structFieldSet{}
+	for _, field := range allFields {
+		fieldMap[field.key] = append(fieldMap[field.key], field)
+	}
+	duplicatedFieldMap := map[string]struct{}{}
+	for k, sets := range fieldMap {
+		sets = filterFieldSets(sets)
+		if len(sets) != 1 {
+			duplicatedFieldMap[k] = struct{}{}
+		}
+	}
+
+	filtered := make([]*structFieldSet, 0, len(allFields))
+	for _, field := range allFields {
+		if _, exists := duplicatedFieldMap[field.key]; exists {
+			continue
+		}
+		filtered = append(filtered, field)
+	}
+	return filtered
+}
+
+func filterFieldSets(sets []*structFieldSet) []*structFieldSet {
+	if len(sets) == 1 {
+		return sets
+	}
+	filtered := make([]*structFieldSet, 0, len(sets))
+	for _, set := range sets {
+		if set.isTaggedKey {
+			filtered = append(filtered, set)
+		}
+	}
+	return filtered
+}
+
+func implementsUnmarshalJSONType(typ *runtime.Type) bool {
+	return typ.Implements(unmarshalJSONType) || typ.Implements(unmarshalJSONContextType)
+}
diff --git a/vendor/github.com/goccy/go-json/internal/decoder/compile_norace.go b/vendor/github.com/goccy/go-json/internal/decoder/compile_norace.go
new file mode 100644
index 000000000..eb7e2b134
--- /dev/null
+++ b/vendor/github.com/goccy/go-json/internal/decoder/compile_norace.go
@@ -0,0 +1,29 @@
+//go:build !race
+// +build !race
+
+package decoder
+
+import (
+	"unsafe"
+
+	"github.com/goccy/go-json/internal/runtime"
+)
+
+func CompileToGetDecoder(typ *runtime.Type) (Decoder, error) {
+	typeptr := uintptr(unsafe.Pointer(typ))
+	if typeptr > typeAddr.MaxTypeAddr {
+		return compileToGetDecoderSlowPath(typeptr, typ)
+	}
+
+	index := (typeptr - typeAddr.BaseTypeAddr) >> typeAddr.AddrShift
+	if dec := cachedDecoder[index]; dec != nil {
+		return dec, nil
+	}
+
+	dec, err := compileHead(typ, map[uintptr]Decoder{})
+	if err != nil {
+		return nil, err
+	}
+	cachedDecoder[index] = dec
+	return dec, nil
+}
diff --git a/vendor/github.com/goccy/go-json/internal/decoder/compile_race.go b/vendor/github.com/goccy/go-json/internal/decoder/compile_race.go
new file mode 100644
index 000000000..49cdda4a1
--- /dev/null
+++ b/vendor/github.com/goccy/go-json/internal/decoder/compile_race.go
@@ -0,0 +1,37 @@
+//go:build race
+// +build race
+
+package decoder
+
+import (
+	"sync"
+	"unsafe"
+
+	"github.com/goccy/go-json/internal/runtime"
+)
+
+var decMu sync.RWMutex
+
+func CompileToGetDecoder(typ *runtime.Type) (Decoder, error) {
+	typeptr := uintptr(unsafe.Pointer(typ))
+	if typeptr > typeAddr.MaxTypeAddr {
+		return compileToGetDecoderSlowPath(typeptr, typ)
+	}
+
+	index := (typeptr - typeAddr.BaseTypeAddr) >> typeAddr.AddrShift
+	decMu.RLock()
+	if dec := cachedDecoder[index]; dec != nil {
+		decMu.RUnlock()
+		return dec, nil
+	}
+	decMu.RUnlock()
+
+	dec, err := compileHead(typ, map[uintptr]Decoder{})
+	if err != nil {
+		return nil, err
+	}
+	decMu.Lock()
+	cachedDecoder[index] = dec
+	decMu.Unlock()
+	return dec, nil
+}
diff --git a/vendor/github.com/goccy/go-json/internal/decoder/context.go b/vendor/github.com/goccy/go-json/internal/decoder/context.go
new file mode 100644
index 000000000..cb2ffdafd
--- /dev/null
+++ b/vendor/github.com/goccy/go-json/internal/decoder/context.go
@@ -0,0 +1,254 @@
+package decoder
+
+import (
+	"sync"
+	"unsafe"
+
+	"github.com/goccy/go-json/internal/errors"
+)
+
+type RuntimeContext struct {
+	Buf    []byte
+	Option *Option
+}
+
+var (
+	runtimeContextPool = sync.Pool{
+		New: func() interface{} {
+			return &RuntimeContext{
+				Option: &Option{},
+			}
+		},
+	}
+)
+
+func TakeRuntimeContext() *RuntimeContext {
+	return runtimeContextPool.Get().(*RuntimeContext)
+}
+
+func ReleaseRuntimeContext(ctx *RuntimeContext) {
+	runtimeContextPool.Put(ctx)
+}
+
+var (
+	isWhiteSpace = [256]bool{}
+)
+
+func init() {
+	isWhiteSpace[' '] = true
+	isWhiteSpace['\n'] = true
+	isWhiteSpace['\t'] = true
+	isWhiteSpace['\r'] = true
+}
+
+func char(ptr unsafe.Pointer, offset int64) byte {
+	return *(*byte)(unsafe.Pointer(uintptr(ptr) + uintptr(offset)))
+}
+
+func skipWhiteSpace(buf []byte, cursor int64) int64 {
+	for isWhiteSpace[buf[cursor]] {
+		cursor++
+	}
+	return cursor
+}
+
+func skipObject(buf []byte, cursor, depth int64) (int64, error) {
+	braceCount := 1
+	for {
+		switch buf[cursor] {
+		case '{':
+			braceCount++
+			depth++
+			if depth > maxDecodeNestingDepth {
+				return 0, errors.ErrExceededMaxDepth(buf[cursor], cursor)
+			}
+		case '}':
+			depth--
+			braceCount--
+			if braceCount == 0 {
+				return cursor + 1, nil
+			}
+		case '[':
+			depth++
+			if depth > maxDecodeNestingDepth {
+				return 0, errors.ErrExceededMaxDepth(buf[cursor], cursor)
+			}
+		case ']':
+			depth--
+		case '"':
+			for {
+				cursor++
+				switch buf[cursor] {
+				case '\\':
+					cursor++
+					if buf[cursor] == nul {
+						return 0, errors.ErrUnexpectedEndOfJSON("string of object", cursor)
+					}
+				case '"':
+					goto SWITCH_OUT
+				case nul:
+					return 0, errors.ErrUnexpectedEndOfJSON("string of object", cursor)
+				}
+			}
+		case nul:
+			return 0, errors.ErrUnexpectedEndOfJSON("object of object", cursor)
+		}
+	SWITCH_OUT:
+		cursor++
+	}
+}
+
+func skipArray(buf []byte, cursor, depth int64) (int64, error) {
+	bracketCount := 1
+	for {
+		switch buf[cursor] {
+		case '[':
+			bracketCount++
+			depth++
+			if depth > maxDecodeNestingDepth {
+				return 0, errors.ErrExceededMaxDepth(buf[cursor], cursor)
+			}
+		case ']':
+			bracketCount--
+			depth--
+			if bracketCount == 0 {
+				return cursor + 1, nil
+			}
+		case '{':
+			depth++
+			if depth > maxDecodeNestingDepth {
+				return 0, errors.ErrExceededMaxDepth(buf[cursor], cursor)
+			}
+		case '}':
+			depth--
+		case '"':
+			for {
+				cursor++
+				switch buf[cursor] {
+				case '\\':
+					cursor++
+					if buf[cursor] == nul {
+						return 0, errors.ErrUnexpectedEndOfJSON("string of object", cursor)
+					}
+				case '"':
+					goto SWITCH_OUT
+				case nul:
+					return 0, errors.ErrUnexpectedEndOfJSON("string of object", cursor)
+				}
+			}
+		case nul:
+			return 0, errors.ErrUnexpectedEndOfJSON("array of object", cursor)
+		}
+	SWITCH_OUT:
+		cursor++
+	}
+}
+
+func skipValue(buf []byte, cursor, depth int64) (int64, error) {
+	for {
+		switch buf[cursor] {
+		case ' ', '\t', '\n', '\r':
+			cursor++
+			continue
+		case '{':
+			return skipObject(buf, cursor+1, depth+1)
+		case '[':
+			return skipArray(buf, cursor+1, depth+1)
+		case '"':
+			for {
+				cursor++
+				switch buf[cursor] {
+				case '\\':
+					cursor++
+					if buf[cursor] == nul {
+						return 0, errors.ErrUnexpectedEndOfJSON("string of object", cursor)
+					}
+				case '"':
+					return cursor + 1, nil
+				case nul:
+					return 0, errors.ErrUnexpectedEndOfJSON("string of object", cursor)
+				}
+			}
+		case '-', '0', '1', '2', '3', '4', '5', '6', '7', '8', '9':
+			for {
+				cursor++
+				if floatTable[buf[cursor]] {
+					continue
+				}
+				break
+			}
+			return cursor, nil
+		case 't':
+			if err := validateTrue(buf, cursor); err != nil {
+				return 0, err
+			}
+			cursor += 4
+			return cursor, nil
+		case 'f':
+			if err := validateFalse(buf, cursor); err != nil {
+				return 0, err
+			}
+			cursor += 5
+			return cursor, nil
+		case 'n':
+			if err := validateNull(buf, cursor); err != nil {
+				return 0, err
+			}
+			cursor += 4
+			return cursor, nil
+		default:
+			return cursor, errors.ErrUnexpectedEndOfJSON("null", cursor)
+		}
+	}
+}
+
+func validateTrue(buf []byte, cursor int64) error {
+	if cursor+3 >= int64(len(buf)) {
+		return errors.ErrUnexpectedEndOfJSON("true", cursor)
+	}
+	if buf[cursor+1] != 'r' {
+		return errors.ErrInvalidCharacter(buf[cursor+1], "true", cursor)
+	}
+	if buf[cursor+2] != 'u' {
+		return errors.ErrInvalidCharacter(buf[cursor+2], "true", cursor)
+	}
+	if buf[cursor+3] != 'e' {
+		return errors.ErrInvalidCharacter(buf[cursor+3], "true", cursor)
+	}
+	return nil
+}
+
+func validateFalse(buf []byte, cursor int64) error {
+	if cursor+4 >= int64(len(buf)) {
+		return errors.ErrUnexpectedEndOfJSON("false", cursor)
+	}
+	if buf[cursor+1] != 'a' {
+		return errors.ErrInvalidCharacter(buf[cursor+1], "false", cursor)
+	}
+	if buf[cursor+2] != 'l' {
+		return errors.ErrInvalidCharacter(buf[cursor+2], "false", cursor)
+	}
+	if buf[cursor+3] != 's' {
+		return errors.ErrInvalidCharacter(buf[cursor+3], "false", cursor)
+	}
+	if buf[cursor+4] != 'e' {
+		return errors.ErrInvalidCharacter(buf[cursor+4], "false", cursor)
+	}
+	return nil
+}
+
+func validateNull(buf []byte, cursor int64) error {
+	if cursor+3 >= int64(len(buf)) {
+		return errors.ErrUnexpectedEndOfJSON("null", cursor)
+	}
+	if buf[cursor+1] != 'u' {
+		return errors.ErrInvalidCharacter(buf[cursor+1], "null", cursor)
+	}
+	if buf[cursor+2] != 'l' {
+		return errors.ErrInvalidCharacter(buf[cursor+2], "null", cursor)
+	}
+	if buf[cursor+3] != 'l' {
+		return errors.ErrInvalidCharacter(buf[cursor+3], "null", cursor)
+	}
+	return nil
+}
diff --git a/vendor/github.com/goccy/go-json/internal/decoder/float.go b/vendor/github.com/goccy/go-json/internal/decoder/float.go
new file mode 100644
index 000000000..9b2eb8b35
--- /dev/null
+++ b/vendor/github.com/goccy/go-json/internal/decoder/float.go
@@ -0,0 +1,170 @@
+package decoder
+
+import (
+	"strconv"
+	"unsafe"
+
+	"github.com/goccy/go-json/internal/errors"
+)
+
+type floatDecoder struct {
+	op         func(unsafe.Pointer, float64)
+	structName string
+	fieldName  string
+}
+
+func newFloatDecoder(structName, fieldName string, op func(unsafe.Pointer, float64)) *floatDecoder {
+	return &floatDecoder{op: op, structName: structName, fieldName: fieldName}
+}
+
+var (
+	floatTable = [256]bool{
+		'0': true,
+		'1': true,
+		'2': true,
+		'3': true,
+		'4': true,
+		'5': true,
+		'6': true,
+		'7': true,
+		'8': true,
+		'9': true,
+		'.': true,
+		'e': true,
+		'E': true,
+		'+': true,
+		'-': true,
+	}
+
+	validEndNumberChar = [256]bool{
+		nul:  true,
+		' ':  true,
+		'\t': true,
+		'\r': true,
+		'\n': true,
+		',':  true,
+		':':  true,
+		'}':  true,
+		']':  true,
+	}
+)
+
+func floatBytes(s *Stream) []byte {
+	start := s.cursor
+	for {
+		s.cursor++
+		if floatTable[s.char()] {
+			continue
+		} else if s.char() == nul {
+			if s.read() {
+				s.cursor-- // for retry current character
+				continue
+			}
+		}
+		break
+	}
+	return s.buf[start:s.cursor]
+}
+
+func (d *floatDecoder) decodeStreamByte(s *Stream) ([]byte, error) {
+	for {
+		switch s.char() {
+		case ' ', '\n', '\t', '\r':
+			s.cursor++
+			continue
+		case '-', '0', '1', '2', '3', '4', '5', '6', '7', '8', '9':
+			return floatBytes(s), nil
+		case 'n':
+			if err := nullBytes(s); err != nil {
+				return nil, err
+			}
+			return nil, nil
+		case nul:
+			if s.read() {
+				continue
+			}
+			goto ERROR
+		default:
+			goto ERROR
+		}
+	}
+ERROR:
+	return nil, errors.ErrUnexpectedEndOfJSON("float", s.totalOffset())
+}
+
+func (d *floatDecoder) decodeByte(buf []byte, cursor int64) ([]byte, int64, error) {
+	for {
+		switch buf[cursor] {
+		case ' ', '\n', '\t', '\r':
+			cursor++
+			continue
+		case '-', '0', '1', '2', '3', '4', '5', '6', '7', '8', '9':
+			start := cursor
+			cursor++
+			for floatTable[buf[cursor]] {
+				cursor++
+			}
+			num := buf[start:cursor]
+			return num, cursor, nil
+		case 'n':
+			if err := validateNull(buf, cursor); err != nil {
+				return nil, 0, err
+			}
+			cursor += 4
+			return nil, cursor, nil
+		default:
+			return nil, 0, errors.ErrUnexpectedEndOfJSON("float", cursor)
+		}
+	}
+}
+
+func (d *floatDecoder) DecodeStream(s *Stream, depth int64, p unsafe.Pointer) error {
+	bytes, err := d.decodeStreamByte(s)
+	if err != nil {
+		return err
+	}
+	if bytes == nil {
+		return nil
+	}
+	str := *(*string)(unsafe.Pointer(&bytes))
+	f64, err := strconv.ParseFloat(str, 64)
+	if err != nil {
+		return errors.ErrSyntax(err.Error(), s.totalOffset())
+	}
+	d.op(p, f64)
+	return nil
+}
+
+func (d *floatDecoder) Decode(ctx *RuntimeContext, cursor, depth int64, p unsafe.Pointer) (int64, error) {
+	buf := ctx.Buf
+	bytes, c, err := d.decodeByte(buf, cursor)
+	if err != nil {
+		return 0, err
+	}
+	if bytes == nil {
+		return c, nil
+	}
+	cursor = c
+	if !validEndNumberChar[buf[cursor]] {
+		return 0, errors.ErrUnexpectedEndOfJSON("float", cursor)
+	}
+	s := *(*string)(unsafe.Pointer(&bytes))
+	f64, err := strconv.ParseFloat(s, 64)
+	if err != nil {
+		return 0, errors.ErrSyntax(err.Error(), cursor)
+	}
+	d.op(p, f64)
+	return cursor, nil
+}
+
+func (d *floatDecoder) DecodePath(ctx *RuntimeContext, cursor, depth int64) ([][]byte, int64, error) {
+	buf := ctx.Buf
+	bytes, c, err := d.decodeByte(buf, cursor)
+	if err != nil {
+		return nil, 0, err
+	}
+	if bytes == nil {
+		return [][]byte{nullbytes}, c, nil
+	}
+	return [][]byte{bytes}, c, nil
+}
diff --git a/vendor/github.com/goccy/go-json/internal/decoder/func.go b/vendor/github.com/goccy/go-json/internal/decoder/func.go
new file mode 100644
index 000000000..4cc12ca81
--- /dev/null
+++ b/vendor/github.com/goccy/go-json/internal/decoder/func.go
@@ -0,0 +1,146 @@
+package decoder
+
+import (
+	"bytes"
+	"fmt"
+	"unsafe"
+
+	"github.com/goccy/go-json/internal/errors"
+	"github.com/goccy/go-json/internal/runtime"
+)
+
+type funcDecoder struct {
+	typ        *runtime.Type
+	structName string
+	fieldName  string
+}
+
+func newFuncDecoder(typ *runtime.Type, structName, fieldName string) *funcDecoder {
+	fnDecoder := &funcDecoder{typ, structName, fieldName}
+	return fnDecoder
+}
+
+func (d *funcDecoder) DecodeStream(s *Stream, depth int64, p unsafe.Pointer) error {
+	s.skipWhiteSpace()
+	start := s.cursor
+	if err := s.skipValue(depth); err != nil {
+		return err
+	}
+	src := s.buf[start:s.cursor]
+	if len(src) > 0 {
+		switch src[0] {
+		case '"':
+			return &errors.UnmarshalTypeError{
+				Value:  "string",
+				Type:   runtime.RType2Type(d.typ),
+				Offset: s.totalOffset(),
+			}
+		case '[':
+			return &errors.UnmarshalTypeError{
+				Value:  "array",
+				Type:   runtime.RType2Type(d.typ),
+				Offset: s.totalOffset(),
+			}
+		case '{':
+			return &errors.UnmarshalTypeError{
+				Value:  "object",
+				Type:   runtime.RType2Type(d.typ),
+				Offset: s.totalOffset(),
+			}
+		case '-', '0', '1', '2', '3', '4', '5', '6', '7', '8', '9':
+			return &errors.UnmarshalTypeError{
+				Value:  "number",
+				Type:   runtime.RType2Type(d.typ),
+				Offset: s.totalOffset(),
+			}
+		case 'n':
+			if err := nullBytes(s); err != nil {
+				return err
+			}
+			*(*unsafe.Pointer)(p) = nil
+			return nil
+		case 't':
+			if err := trueBytes(s); err == nil {
+				return &errors.UnmarshalTypeError{
+					Value:  "boolean",
+					Type:   runtime.RType2Type(d.typ),
+					Offset: s.totalOffset(),
+				}
+			}
+		case 'f':
+			if err := falseBytes(s); err == nil {
+				return &errors.UnmarshalTypeError{
+					Value:  "boolean",
+					Type:   runtime.RType2Type(d.typ),
+					Offset: s.totalOffset(),
+				}
+			}
+		}
+	}
+	return errors.ErrInvalidBeginningOfValue(s.buf[s.cursor], s.totalOffset())
+}
+
+func (d *funcDecoder) Decode(ctx *RuntimeContext, cursor, depth int64, p unsafe.Pointer) (int64, error) {
+	buf := ctx.Buf
+	cursor = skipWhiteSpace(buf, cursor)
+	start := cursor
+	end, err := skipValue(buf, cursor, depth)
+	if err != nil {
+		return 0, err
+	}
+	src := buf[start:end]
+	if len(src) > 0 {
+		switch src[0] {
+		case '"':
+			return 0, &errors.UnmarshalTypeError{
+				Value:  "string",
+				Type:   runtime.RType2Type(d.typ),
+				Offset: start,
+			}
+		case '[':
+			return 0, &errors.UnmarshalTypeError{
+				Value:  "array",
+				Type:   runtime.RType2Type(d.typ),
+				Offset: start,
+			}
+		case '{':
+			return 0, &errors.UnmarshalTypeError{
+				Value:  "object",
+				Type:   runtime.RType2Type(d.typ),
+				Offset: start,
+			}
+		case '-', '0', '1', '2', '3', '4', '5', '6', '7', '8', '9':
+			return 0, &errors.UnmarshalTypeError{
+				Value:  "number",
+				Type:   runtime.RType2Type(d.typ),
+				Offset: start,
+			}
+		case 'n':
+			if bytes.Equal(src, nullbytes) {
+				*(*unsafe.Pointer)(p) = nil
+				return end, nil
+			}
+		case 't':
+			if err := validateTrue(buf, start); err == nil {
+				return 0, &errors.UnmarshalTypeError{
+					Value:  "boolean",
+					Type:   runtime.RType2Type(d.typ),
+					Offset: start,
+				}
+			}
+		case 'f':
+			if err := validateFalse(buf, start); err == nil {
+				return 0, &errors.UnmarshalTypeError{
+					Value:  "boolean",
+					Type:   runtime.RType2Type(d.typ),
+					Offset: start,
+				}
+			}
+		}
+	}
+	return cursor, errors.ErrInvalidBeginningOfValue(buf[cursor], cursor)
+}
+
+func (d *funcDecoder) DecodePath(ctx *RuntimeContext, cursor, depth int64) ([][]byte, int64, error) {
+	return nil, 0, fmt.Errorf("json: func decoder does not support decode path")
+}
diff --git a/vendor/github.com/goccy/go-json/internal/decoder/int.go b/vendor/github.com/goccy/go-json/internal/decoder/int.go
new file mode 100644
index 000000000..1a7f08199
--- /dev/null
+++ b/vendor/github.com/goccy/go-json/internal/decoder/int.go
@@ -0,0 +1,246 @@
+package decoder
+
+import (
+	"fmt"
+	"reflect"
+	"unsafe"
+
+	"github.com/goccy/go-json/internal/errors"
+	"github.com/goccy/go-json/internal/runtime"
+)
+
+type intDecoder struct {
+	typ        *runtime.Type
+	kind       reflect.Kind
+	op         func(unsafe.Pointer, int64)
+	structName string
+	fieldName  string
+}
+
+func newIntDecoder(typ *runtime.Type, structName, fieldName string, op func(unsafe.Pointer, int64)) *intDecoder {
+	return &intDecoder{
+		typ:        typ,
+		kind:       typ.Kind(),
+		op:         op,
+		structName: structName,
+		fieldName:  fieldName,
+	}
+}
+
+func (d *intDecoder) typeError(buf []byte, offset int64) *errors.UnmarshalTypeError {
+	return &errors.UnmarshalTypeError{
+		Value:  fmt.Sprintf("number %s", string(buf)),
+		Type:   runtime.RType2Type(d.typ),
+		Struct: d.structName,
+		Field:  d.fieldName,
+		Offset: offset,
+	}
+}
+
+var (
+	pow10i64 = [...]int64{
+		1e00, 1e01, 1e02, 1e03, 1e04, 1e05, 1e06, 1e07, 1e08, 1e09,
+		1e10, 1e11, 1e12, 1e13, 1e14, 1e15, 1e16, 1e17, 1e18,
+	}
+	pow10i64Len = len(pow10i64)
+)
+
+func (d *intDecoder) parseInt(b []byte) (int64, error) {
+	isNegative := false
+	if b[0] == '-' {
+		b = b[1:]
+		isNegative = true
+	}
+	maxDigit := len(b)
+	if maxDigit > pow10i64Len {
+		return 0, fmt.Errorf("invalid length of number")
+	}
+	sum := int64(0)
+	for i := 0; i < maxDigit; i++ {
+		c := int64(b[i]) - 48
+		digitValue := pow10i64[maxDigit-i-1]
+		sum += c * digitValue
+	}
+	if isNegative {
+		return -1 * sum, nil
+	}
+	return sum, nil
+}
+
+var (
+	numTable = [256]bool{
+		'0': true,
+		'1': true,
+		'2': true,
+		'3': true,
+		'4': true,
+		'5': true,
+		'6': true,
+		'7': true,
+		'8': true,
+		'9': true,
+	}
+)
+
+var (
+	numZeroBuf = []byte{'0'}
+)
+
+func (d *intDecoder) decodeStreamByte(s *Stream) ([]byte, error) {
+	for {
+		switch s.char() {
+		case ' ', '\n', '\t', '\r':
+			s.cursor++
+			continue
+		case '-':
+			start := s.cursor
+			for {
+				s.cursor++
+				if numTable[s.char()] {
+					continue
+				} else if s.char() == nul {
+					if s.read() {
+						s.cursor-- // for retry current character
+						continue
+					}
+				}
+				break
+			}
+			num := s.buf[start:s.cursor]
+			if len(num) < 2 {
+				goto ERROR
+			}
+			return num, nil
+		case '0':
+			s.cursor++
+			return numZeroBuf, nil
+		case '1', '2', '3', '4', '5', '6', '7', '8', '9':
+			start := s.cursor
+			for {
+				s.cursor++
+				if numTable[s.char()] {
+					continue
+				} else if s.char() == nul {
+					if s.read() {
+						s.cursor-- // for retry current character
+						continue
+					}
+				}
+				break
+			}
+			num := s.buf[start:s.cursor]
+			return num, nil
+		case 'n':
+			if err := nullBytes(s); err != nil {
+				return nil, err
+			}
+			return nil, nil
+		case nul:
+			if s.read() {
+				continue
+			}
+			goto ERROR
+		default:
+			return nil, d.typeError([]byte{s.char()}, s.totalOffset())
+		}
+	}
+ERROR:
+	return nil, errors.ErrUnexpectedEndOfJSON("number(integer)", s.totalOffset())
+}
+
+func (d *intDecoder) decodeByte(buf []byte, cursor int64) ([]byte, int64, error) {
+	b := (*sliceHeader)(unsafe.Pointer(&buf)).data
+	for {
+		switch char(b, cursor) {
+		case ' ', '\n', '\t', '\r':
+			cursor++
+			continue
+		case '0':
+			cursor++
+			return numZeroBuf, cursor, nil
+		case '-', '1', '2', '3', '4', '5', '6', '7', '8', '9':
+			start := cursor
+			cursor++
+			for numTable[char(b, cursor)] {
+				cursor++
+			}
+			num := buf[start:cursor]
+			return num, cursor, nil
+		case 'n':
+			if err := validateNull(buf, cursor); err != nil {
+				return nil, 0, err
+			}
+			cursor += 4
+			return nil, cursor, nil
+		default:
+			return nil, 0, d.typeError([]byte{char(b, cursor)}, cursor)
+		}
+	}
+}
+
+func (d *intDecoder) DecodeStream(s *Stream, depth int64, p unsafe.Pointer) error {
+	bytes, err := d.decodeStreamByte(s)
+	if err != nil {
+		return err
+	}
+	if bytes == nil {
+		return nil
+	}
+	i64, err := d.parseInt(bytes)
+	if err != nil {
+		return d.typeError(bytes, s.totalOffset())
+	}
+	switch d.kind {
+	case reflect.Int8:
+		if i64 < -1*(1<<7) || (1<<7) <= i64 {
+			return d.typeError(bytes, s.totalOffset())
+		}
+	case reflect.Int16:
+		if i64 < -1*(1<<15) || (1<<15) <= i64 {
+			return d.typeError(bytes, s.totalOffset())
+		}
+	case reflect.Int32:
+		if i64 < -1*(1<<31) || (1<<31) <= i64 {
+			return d.typeError(bytes, s.totalOffset())
+		}
+	}
+	d.op(p, i64)
+	s.reset()
+	return nil
+}
+
+func (d *intDecoder) Decode(ctx *RuntimeContext, cursor, depth int64, p unsafe.Pointer) (int64, error) {
+	bytes, c, err := d.decodeByte(ctx.Buf, cursor)
+	if err != nil {
+		return 0, err
+	}
+	if bytes == nil {
+		return c, nil
+	}
+	cursor = c
+
+	i64, err := d.parseInt(bytes)
+	if err != nil {
+		return 0, d.typeError(bytes, cursor)
+	}
+	switch d.kind {
+	case reflect.Int8:
+		if i64 < -1*(1<<7) || (1<<7) <= i64 {
+			return 0, d.typeError(bytes, cursor)
+		}
+	case reflect.Int16:
+		if i64 < -1*(1<<15) || (1<<15) <= i64 {
+			return 0, d.typeError(bytes, cursor)
+		}
+	case reflect.Int32:
+		if i64 < -1*(1<<31) || (1<<31) <= i64 {
+			return 0, d.typeError(bytes, cursor)
+		}
+	}
+	d.op(p, i64)
+	return cursor, nil
+}
+
+func (d *intDecoder) DecodePath(ctx *RuntimeContext, cursor, depth int64) ([][]byte, int64, error) {
+	return nil, 0, fmt.Errorf("json: int decoder does not support decode path")
+}
diff --git a/vendor/github.com/goccy/go-json/internal/decoder/interface.go b/vendor/github.com/goccy/go-json/internal/decoder/interface.go
new file mode 100644
index 000000000..45c69ab8c
--- /dev/null
+++ b/vendor/github.com/goccy/go-json/internal/decoder/interface.go
@@ -0,0 +1,528 @@
+package decoder
+
+import (
+	"bytes"
+	"encoding"
+	"encoding/json"
+	"reflect"
+	"unsafe"
+
+	"github.com/goccy/go-json/internal/errors"
+	"github.com/goccy/go-json/internal/runtime"
+)
+
+type interfaceDecoder struct {
+	typ           *runtime.Type
+	structName    string
+	fieldName     string
+	sliceDecoder  *sliceDecoder
+	mapDecoder    *mapDecoder
+	floatDecoder  *floatDecoder
+	numberDecoder *numberDecoder
+	stringDecoder *stringDecoder
+}
+
+func newEmptyInterfaceDecoder(structName, fieldName string) *interfaceDecoder {
+	ifaceDecoder := &interfaceDecoder{
+		typ:        emptyInterfaceType,
+		structName: structName,
+		fieldName:  fieldName,
+		floatDecoder: newFloatDecoder(structName, fieldName, func(p unsafe.Pointer, v float64) {
+			*(*interface{})(p) = v
+		}),
+		numberDecoder: newNumberDecoder(structName, fieldName, func(p unsafe.Pointer, v json.Number) {
+			*(*interface{})(p) = v
+		}),
+		stringDecoder: newStringDecoder(structName, fieldName),
+	}
+	ifaceDecoder.sliceDecoder = newSliceDecoder(
+		ifaceDecoder,
+		emptyInterfaceType,
+		emptyInterfaceType.Size(),
+		structName, fieldName,
+	)
+	ifaceDecoder.mapDecoder = newMapDecoder(
+		interfaceMapType,
+		stringType,
+		ifaceDecoder.stringDecoder,
+		interfaceMapType.Elem(),
+		ifaceDecoder,
+		structName,
+		fieldName,
+	)
+	return ifaceDecoder
+}
+
+func newInterfaceDecoder(typ *runtime.Type, structName, fieldName string) *interfaceDecoder {
+	emptyIfaceDecoder := newEmptyInterfaceDecoder(structName, fieldName)
+	stringDecoder := newStringDecoder(structName, fieldName)
+	return &interfaceDecoder{
+		typ:        typ,
+		structName: structName,
+		fieldName:  fieldName,
+		sliceDecoder: newSliceDecoder(
+			emptyIfaceDecoder,
+			emptyInterfaceType,
+			emptyInterfaceType.Size(),
+			structName, fieldName,
+		),
+		mapDecoder: newMapDecoder(
+			interfaceMapType,
+			stringType,
+			stringDecoder,
+			interfaceMapType.Elem(),
+			emptyIfaceDecoder,
+			structName,
+			fieldName,
+		),
+		floatDecoder: newFloatDecoder(structName, fieldName, func(p unsafe.Pointer, v float64) {
+			*(*interface{})(p) = v
+		}),
+		numberDecoder: newNumberDecoder(structName, fieldName, func(p unsafe.Pointer, v json.Number) {
+			*(*interface{})(p) = v
+		}),
+		stringDecoder: stringDecoder,
+	}
+}
+
+func (d *interfaceDecoder) numDecoder(s *Stream) Decoder {
+	if s.UseNumber {
+		return d.numberDecoder
+	}
+	return d.floatDecoder
+}
+
+var (
+	emptyInterfaceType = runtime.Type2RType(reflect.TypeOf((*interface{})(nil)).Elem())
+	EmptyInterfaceType = emptyInterfaceType
+	interfaceMapType   = runtime.Type2RType(
+		reflect.TypeOf((*map[string]interface{})(nil)).Elem(),
+	)
+	stringType = runtime.Type2RType(
+		reflect.TypeOf(""),
+	)
+)
+
+func decodeStreamUnmarshaler(s *Stream, depth int64, unmarshaler json.Unmarshaler) error {
+	start := s.cursor
+	if err := s.skipValue(depth); err != nil {
+		return err
+	}
+	src := s.buf[start:s.cursor]
+	dst := make([]byte, len(src))
+	copy(dst, src)
+
+	if err := unmarshaler.UnmarshalJSON(dst); err != nil {
+		return err
+	}
+	return nil
+}
+
+func decodeStreamUnmarshalerContext(s *Stream, depth int64, unmarshaler unmarshalerContext) error {
+	start := s.cursor
+	if err := s.skipValue(depth); err != nil {
+		return err
+	}
+	src := s.buf[start:s.cursor]
+	dst := make([]byte, len(src))
+	copy(dst, src)
+
+	if err := unmarshaler.UnmarshalJSON(s.Option.Context, dst); err != nil {
+		return err
+	}
+	return nil
+}
+
+func decodeUnmarshaler(buf []byte, cursor, depth int64, unmarshaler json.Unmarshaler) (int64, error) {
+	cursor = skipWhiteSpace(buf, cursor)
+	start := cursor
+	end, err := skipValue(buf, cursor, depth)
+	if err != nil {
+		return 0, err
+	}
+	src := buf[start:end]
+	dst := make([]byte, len(src))
+	copy(dst, src)
+
+	if err := unmarshaler.UnmarshalJSON(dst); err != nil {
+		return 0, err
+	}
+	return end, nil
+}
+
+func decodeUnmarshalerContext(ctx *RuntimeContext, buf []byte, cursor, depth int64, unmarshaler unmarshalerContext) (int64, error) {
+	cursor = skipWhiteSpace(buf, cursor)
+	start := cursor
+	end, err := skipValue(buf, cursor, depth)
+	if err != nil {
+		return 0, err
+	}
+	src := buf[start:end]
+	dst := make([]byte, len(src))
+	copy(dst, src)
+
+	if err := unmarshaler.UnmarshalJSON(ctx.Option.Context, dst); err != nil {
+		return 0, err
+	}
+	return end, nil
+}
+
+func decodeStreamTextUnmarshaler(s *Stream, depth int64, unmarshaler encoding.TextUnmarshaler, p unsafe.Pointer) error {
+	start := s.cursor
+	if err := s.skipValue(depth); err != nil {
+		return err
+	}
+	src := s.buf[start:s.cursor]
+	if bytes.Equal(src, nullbytes) {
+		*(*unsafe.Pointer)(p) = nil
+		return nil
+	}
+
+	dst := make([]byte, len(src))
+	copy(dst, src)
+
+	if err := unmarshaler.UnmarshalText(dst); err != nil {
+		return err
+	}
+	return nil
+}
+
+func decodeTextUnmarshaler(buf []byte, cursor, depth int64, unmarshaler encoding.TextUnmarshaler, p unsafe.Pointer) (int64, error) {
+	cursor = skipWhiteSpace(buf, cursor)
+	start := cursor
+	end, err := skipValue(buf, cursor, depth)
+	if err != nil {
+		return 0, err
+	}
+	src := buf[start:end]
+	if bytes.Equal(src, nullbytes) {
+		*(*unsafe.Pointer)(p) = nil
+		return end, nil
+	}
+	if s, ok := unquoteBytes(src); ok {
+		src = s
+	}
+	if err := unmarshaler.UnmarshalText(src); err != nil {
+		return 0, err
+	}
+	return end, nil
+}
+
+func (d *interfaceDecoder) decodeStreamEmptyInterface(s *Stream, depth int64, p unsafe.Pointer) error {
+	c := s.skipWhiteSpace()
+	for {
+		switch c {
+		case '{':
+			var v map[string]interface{}
+			ptr := unsafe.Pointer(&v)
+			if err := d.mapDecoder.DecodeStream(s, depth, ptr); err != nil {
+				return err
+			}
+			*(*interface{})(p) = v
+			return nil
+		case '[':
+			var v []interface{}
+			ptr := unsafe.Pointer(&v)
+			if err := d.sliceDecoder.DecodeStream(s, depth, ptr); err != nil {
+				return err
+			}
+			*(*interface{})(p) = v
+			return nil
+		case '-', '0', '1', '2', '3', '4', '5', '6', '7', '8', '9':
+			return d.numDecoder(s).DecodeStream(s, depth, p)
+		case '"':
+			s.cursor++
+			start := s.cursor
+			for {
+				switch s.char() {
+				case '\\':
+					if _, err := decodeEscapeString(s, nil); err != nil {
+						return err
+					}
+				case '"':
+					literal := s.buf[start:s.cursor]
+					s.cursor++
+					*(*interface{})(p) = string(literal)
+					return nil
+				case nul:
+					if s.read() {
+						continue
+					}
+					return errors.ErrUnexpectedEndOfJSON("string", s.totalOffset())
+				}
+				s.cursor++
+			}
+		case 't':
+			if err := trueBytes(s); err != nil {
+				return err
+			}
+			**(**interface{})(unsafe.Pointer(&p)) = true
+			return nil
+		case 'f':
+			if err := falseBytes(s); err != nil {
+				return err
+			}
+			**(**interface{})(unsafe.Pointer(&p)) = false
+			return nil
+		case 'n':
+			if err := nullBytes(s); err != nil {
+				return err
+			}
+			*(*interface{})(p) = nil
+			return nil
+		case nul:
+			if s.read() {
+				c = s.char()
+				continue
+			}
+		}
+		break
+	}
+	return errors.ErrInvalidBeginningOfValue(c, s.totalOffset())
+}
+
+type emptyInterface struct {
+	typ *runtime.Type
+	ptr unsafe.Pointer
+}
+
+func (d *interfaceDecoder) DecodeStream(s *Stream, depth int64, p unsafe.Pointer) error {
+	runtimeInterfaceValue := *(*interface{})(unsafe.Pointer(&emptyInterface{
+		typ: d.typ,
+		ptr: p,
+	}))
+	rv := reflect.ValueOf(runtimeInterfaceValue)
+	if rv.NumMethod() > 0 && rv.CanInterface() {
+		if u, ok := rv.Interface().(unmarshalerContext); ok {
+			return decodeStreamUnmarshalerContext(s, depth, u)
+		}
+		if u, ok := rv.Interface().(json.Unmarshaler); ok {
+			return decodeStreamUnmarshaler(s, depth, u)
+		}
+		if u, ok := rv.Interface().(encoding.TextUnmarshaler); ok {
+			return decodeStreamTextUnmarshaler(s, depth, u, p)
+		}
+		if s.skipWhiteSpace() == 'n' {
+			if err := nullBytes(s); err != nil {
+				return err
+			}
+			*(*interface{})(p) = nil
+			return nil
+		}
+		return d.errUnmarshalType(rv.Type(), s.totalOffset())
+	}
+	iface := rv.Interface()
+	ifaceHeader := (*emptyInterface)(unsafe.Pointer(&iface))
+	typ := ifaceHeader.typ
+	if ifaceHeader.ptr == nil || d.typ == typ || typ == nil {
+		// concrete type is empty interface
+		return d.decodeStreamEmptyInterface(s, depth, p)
+	}
+	if typ.Kind() == reflect.Ptr && typ.Elem() == d.typ || typ.Kind() != reflect.Ptr {
+		return d.decodeStreamEmptyInterface(s, depth, p)
+	}
+	if s.skipWhiteSpace() == 'n' {
+		if err := nullBytes(s); err != nil {
+			return err
+		}
+		*(*interface{})(p) = nil
+		return nil
+	}
+	decoder, err := CompileToGetDecoder(typ)
+	if err != nil {
+		return err
+	}
+	return decoder.DecodeStream(s, depth, ifaceHeader.ptr)
+}
+
+func (d *interfaceDecoder) errUnmarshalType(typ reflect.Type, offset int64) *errors.UnmarshalTypeError {
+	return &errors.UnmarshalTypeError{
+		Value:  typ.String(),
+		Type:   typ,
+		Offset: offset,
+		Struct: d.structName,
+		Field:  d.fieldName,
+	}
+}
+
+func (d *interfaceDecoder) Decode(ctx *RuntimeContext, cursor, depth int64, p unsafe.Pointer) (int64, error) {
+	buf := ctx.Buf
+	runtimeInterfaceValue := *(*interface{})(unsafe.Pointer(&emptyInterface{
+		typ: d.typ,
+		ptr: p,
+	}))
+	rv := reflect.ValueOf(runtimeInterfaceValue)
+	if rv.NumMethod() > 0 && rv.CanInterface() {
+		if u, ok := rv.Interface().(unmarshalerContext); ok {
+			return decodeUnmarshalerContext(ctx, buf, cursor, depth, u)
+		}
+		if u, ok := rv.Interface().(json.Unmarshaler); ok {
+			return decodeUnmarshaler(buf, cursor, depth, u)
+		}
+		if u, ok := rv.Interface().(encoding.TextUnmarshaler); ok {
+			return decodeTextUnmarshaler(buf, cursor, depth, u, p)
+		}
+		cursor = skipWhiteSpace(buf, cursor)
+		if buf[cursor] == 'n' {
+			if err := validateNull(buf, cursor); err != nil {
+				return 0, err
+			}
+			cursor += 4
+			**(**interface{})(unsafe.Pointer(&p)) = nil
+			return cursor, nil
+		}
+		return 0, d.errUnmarshalType(rv.Type(), cursor)
+	}
+
+	iface := rv.Interface()
+	ifaceHeader := (*emptyInterface)(unsafe.Pointer(&iface))
+	typ := ifaceHeader.typ
+	if ifaceHeader.ptr == nil || d.typ == typ || typ == nil {
+		// concrete type is empty interface
+		return d.decodeEmptyInterface(ctx, cursor, depth, p)
+	}
+	if typ.Kind() == reflect.Ptr && typ.Elem() == d.typ || typ.Kind() != reflect.Ptr {
+		return d.decodeEmptyInterface(ctx, cursor, depth, p)
+	}
+	cursor = skipWhiteSpace(buf, cursor)
+	if buf[cursor] == 'n' {
+		if err := validateNull(buf, cursor); err != nil {
+			return 0, err
+		}
+		cursor += 4
+		**(**interface{})(unsafe.Pointer(&p)) = nil
+		return cursor, nil
+	}
+	decoder, err := CompileToGetDecoder(typ)
+	if err != nil {
+		return 0, err
+	}
+	return decoder.Decode(ctx, cursor, depth, ifaceHeader.ptr)
+}
+
+func (d *interfaceDecoder) decodeEmptyInterface(ctx *RuntimeContext, cursor, depth int64, p unsafe.Pointer) (int64, error) {
+	buf := ctx.Buf
+	cursor = skipWhiteSpace(buf, cursor)
+	switch buf[cursor] {
+	case '{':
+		var v map[string]interface{}
+		ptr := unsafe.Pointer(&v)
+		cursor, err := d.mapDecoder.Decode(ctx, cursor, depth, ptr)
+		if err != nil {
+			return 0, err
+		}
+		**(**interface{})(unsafe.Pointer(&p)) = v
+		return cursor, nil
+	case '[':
+		var v []interface{}
+		ptr := unsafe.Pointer(&v)
+		cursor, err := d.sliceDecoder.Decode(ctx, cursor, depth, ptr)
+		if err != nil {
+			return 0, err
+		}
+		**(**interface{})(unsafe.Pointer(&p)) = v
+		return cursor, nil
+	case '-', '0', '1', '2', '3', '4', '5', '6', '7', '8', '9':
+		return d.floatDecoder.Decode(ctx, cursor, depth, p)
+	case '"':
+		var v string
+		ptr := unsafe.Pointer(&v)
+		cursor, err := d.stringDecoder.Decode(ctx, cursor, depth, ptr)
+		if err != nil {
+			return 0, err
+		}
+		**(**interface{})(unsafe.Pointer(&p)) = v
+		return cursor, nil
+	case 't':
+		if err := validateTrue(buf, cursor); err != nil {
+			return 0, err
+		}
+		cursor += 4
+		**(**interface{})(unsafe.Pointer(&p)) = true
+		return cursor, nil
+	case 'f':
+		if err := validateFalse(buf, cursor); err != nil {
+			return 0, err
+		}
+		cursor += 5
+		**(**interface{})(unsafe.Pointer(&p)) = false
+		return cursor, nil
+	case 'n':
+		if err := validateNull(buf, cursor); err != nil {
+			return 0, err
+		}
+		cursor += 4
+		**(**interface{})(unsafe.Pointer(&p)) = nil
+		return cursor, nil
+	}
+	return cursor, errors.ErrInvalidBeginningOfValue(buf[cursor], cursor)
+}
+
+func NewPathDecoder() Decoder {
+	ifaceDecoder := &interfaceDecoder{
+		typ:        emptyInterfaceType,
+		structName: "",
+		fieldName:  "",
+		floatDecoder: newFloatDecoder("", "", func(p unsafe.Pointer, v float64) {
+			*(*interface{})(p) = v
+		}),
+		numberDecoder: newNumberDecoder("", "", func(p unsafe.Pointer, v json.Number) {
+			*(*interface{})(p) = v
+		}),
+		stringDecoder: newStringDecoder("", ""),
+	}
+	ifaceDecoder.sliceDecoder = newSliceDecoder(
+		ifaceDecoder,
+		emptyInterfaceType,
+		emptyInterfaceType.Size(),
+		"", "",
+	)
+	ifaceDecoder.mapDecoder = newMapDecoder(
+		interfaceMapType,
+		stringType,
+		ifaceDecoder.stringDecoder,
+		interfaceMapType.Elem(),
+		ifaceDecoder,
+		"", "",
+	)
+	return ifaceDecoder
+}
+
+var (
+	truebytes  = []byte("true")
+	falsebytes = []byte("false")
+)
+
+func (d *interfaceDecoder) DecodePath(ctx *RuntimeContext, cursor, depth int64) ([][]byte, int64, error) {
+	buf := ctx.Buf
+	cursor = skipWhiteSpace(buf, cursor)
+	switch buf[cursor] {
+	case '{':
+		return d.mapDecoder.DecodePath(ctx, cursor, depth)
+	case '[':
+		return d.sliceDecoder.DecodePath(ctx, cursor, depth)
+	case '-', '0', '1', '2', '3', '4', '5', '6', '7', '8', '9':
+		return d.floatDecoder.DecodePath(ctx, cursor, depth)
+	case '"':
+		return d.stringDecoder.DecodePath(ctx, cursor, depth)
+	case 't':
+		if err := validateTrue(buf, cursor); err != nil {
+			return nil, 0, err
+		}
+		cursor += 4
+		return [][]byte{truebytes}, cursor, nil
+	case 'f':
+		if err := validateFalse(buf, cursor); err != nil {
+			return nil, 0, err
+		}
+		cursor += 5
+		return [][]byte{falsebytes}, cursor, nil
+	case 'n':
+		if err := validateNull(buf, cursor); err != nil {
+			return nil, 0, err
+		}
+		cursor += 4
+		return [][]byte{nullbytes}, cursor, nil
+	}
+	return nil, cursor, errors.ErrInvalidBeginningOfValue(buf[cursor], cursor)
+}
diff --git a/vendor/github.com/goccy/go-json/internal/decoder/invalid.go b/vendor/github.com/goccy/go-json/internal/decoder/invalid.go
new file mode 100644
index 000000000..4c9721b09
--- /dev/null
+++ b/vendor/github.com/goccy/go-json/internal/decoder/invalid.go
@@ -0,0 +1,55 @@
+package decoder
+
+import (
+	"reflect"
+	"unsafe"
+
+	"github.com/goccy/go-json/internal/errors"
+	"github.com/goccy/go-json/internal/runtime"
+)
+
+type invalidDecoder struct {
+	typ        *runtime.Type
+	kind       reflect.Kind
+	structName string
+	fieldName  string
+}
+
+func newInvalidDecoder(typ *runtime.Type, structName, fieldName string) *invalidDecoder {
+	return &invalidDecoder{
+		typ:        typ,
+		kind:       typ.Kind(),
+		structName: structName,
+		fieldName:  fieldName,
+	}
+}
+
+func (d *invalidDecoder) DecodeStream(s *Stream, depth int64, p unsafe.Pointer) error {
+	return &errors.UnmarshalTypeError{
+		Value:  "object",
+		Type:   runtime.RType2Type(d.typ),
+		Offset: s.totalOffset(),
+		Struct: d.structName,
+		Field:  d.fieldName,
+	}
+}
+
+func (d *invalidDecoder) Decode(ctx *RuntimeContext, cursor, depth int64, p unsafe.Pointer) (int64, error) {
+	return 0, &errors.UnmarshalTypeError{
+		Value:  "object",
+		Type:   runtime.RType2Type(d.typ),
+		Offset: cursor,
+		Struct: d.structName,
+		Field:  d.fieldName,
+	}
+}
+
+func (d *invalidDecoder) DecodePath(ctx *RuntimeContext, cursor, depth int64) ([][]byte, int64, error) {
+	return nil, 0, &errors.UnmarshalTypeError{
+		Value:  "object",
+		Type:   runtime.RType2Type(d.typ),
+		Offset: cursor,
+		Struct: d.structName,
+		Field:  d.fieldName,
+	}
+}
diff --git a/vendor/github.com/goccy/go-json/internal/decoder/map.go b/vendor/github.com/goccy/go-json/internal/decoder/map.go
new file mode 100644
index 000000000..07a9caea6
--- /dev/null
+++ b/vendor/github.com/goccy/go-json/internal/decoder/map.go
@@ -0,0 +1,280 @@
+package decoder
+
+import (
+	"reflect"
+	"unsafe"
+
+	"github.com/goccy/go-json/internal/errors"
+	"github.com/goccy/go-json/internal/runtime"
+)
+
+type mapDecoder struct {
+	mapType                 *runtime.Type
+	keyType                 *runtime.Type
+	valueType               *runtime.Type
+	canUseAssignFaststrType bool
+	keyDecoder              Decoder
+	valueDecoder            Decoder
+	structName              string
+	fieldName               string
+}
+
+func newMapDecoder(mapType *runtime.Type, keyType *runtime.Type, keyDec Decoder, valueType *runtime.Type, valueDec Decoder, structName, fieldName string) *mapDecoder {
+	return &mapDecoder{
+		mapType:                 mapType,
+		keyDecoder:              keyDec,
+		keyType:                 keyType,
+		canUseAssignFaststrType: canUseAssignFaststrType(keyType, valueType),
+		valueType:               valueType,
+		valueDecoder:            valueDec,
+		structName:              structName,
+		fieldName:               fieldName,
+	}
+}
+
+const (
+	mapMaxElemSize = 128
+)
+
+// See detail: https://github.com/goccy/go-json/pull/283
+func canUseAssignFaststrType(key *runtime.Type, value *runtime.Type) bool {
+	indirectElem := value.Size() > mapMaxElemSize
+	if indirectElem {
+		return false
+	}
+	return key.Kind() == reflect.String
+}
+
+//go:linkname makemap reflect.makemap
+func makemap(*runtime.Type, int) unsafe.Pointer
+
+//nolint:golint
+//go:linkname mapassign_faststr runtime.mapassign_faststr
+//go:noescape
+func mapassign_faststr(t *runtime.Type, m unsafe.Pointer, s string) unsafe.Pointer
+
+//go:linkname mapassign reflect.mapassign
+//go:noescape
+func mapassign(t *runtime.Type, m unsafe.Pointer, k, v unsafe.Pointer)
+
+func (d *mapDecoder) mapassign(t *runtime.Type, m, k, v unsafe.Pointer) {
+	if d.canUseAssignFaststrType {
+		mapV := mapassign_faststr(t, m, *(*string)(k))
+		typedmemmove(d.valueType, mapV, v)
+	} else {
+		mapassign(t, m, k, v)
+	}
+}
+
+func (d *mapDecoder) DecodeStream(s *Stream, depth int64, p unsafe.Pointer) error {
+	depth++
+	if depth > maxDecodeNestingDepth {
+		return errors.ErrExceededMaxDepth(s.char(), s.cursor)
+	}
+
+	switch s.skipWhiteSpace() {
+	case 'n':
+		if err := nullBytes(s); err != nil {
+			return err
+		}
+		**(**unsafe.Pointer)(unsafe.Pointer(&p)) = nil
+		return nil
+	case '{':
+	default:
+		return errors.ErrExpected("{ character for map value", s.totalOffset())
+	}
+	mapValue := *(*unsafe.Pointer)(p)
+	if mapValue == nil {
+		mapValue = makemap(d.mapType, 0)
+	}
+	s.cursor++
+	if s.skipWhiteSpace() == '}' {
+		*(*unsafe.Pointer)(p) = mapValue
+		s.cursor++
+		return nil
+	}
+	for {
+		k := unsafe_New(d.keyType)
+		if err := d.keyDecoder.DecodeStream(s, depth, k); err != nil {
+			return err
+		}
+		s.skipWhiteSpace()
+		if !s.equalChar(':') {
+			return errors.ErrExpected("colon after object key", s.totalOffset())
+		}
+		s.cursor++
+		v := unsafe_New(d.valueType)
+		if err := d.valueDecoder.DecodeStream(s, depth, v); err != nil {
+			return err
+		}
+		d.mapassign(d.mapType, mapValue, k, v)
+		s.skipWhiteSpace()
+		if s.equalChar('}') {
+			**(**unsafe.Pointer)(unsafe.Pointer(&p)) = mapValue
+			s.cursor++
+			return nil
+		}
+		if !s.equalChar(',') {
+			return errors.ErrExpected("comma after object value", s.totalOffset())
+		}
+		s.cursor++
+	}
+}
+
+func (d *mapDecoder) Decode(ctx *RuntimeContext, cursor, depth int64, p unsafe.Pointer) (int64, error) {
+	buf := ctx.Buf
+	depth++
+	if depth > maxDecodeNestingDepth {
+		return 0, errors.ErrExceededMaxDepth(buf[cursor], cursor)
+	}
+
+	cursor = skipWhiteSpace(buf, cursor)
+	buflen := int64(len(buf))
+	if buflen < 2 {
+		return 0, errors.ErrExpected("{} for map", cursor)
+	}
+	switch buf[cursor] {
+	case 'n':
+		if err := validateNull(buf, cursor); err != nil {
+			return 0, err
+		}
+		cursor += 4
+		**(**unsafe.Pointer)(unsafe.Pointer(&p)) = nil
+		return cursor, nil
+	case '{':
+	default:
+		return 0, errors.ErrExpected("{ character for map value", cursor)
+	}
+	cursor++
+	cursor = skipWhiteSpace(buf, cursor)
+	mapValue := *(*unsafe.Pointer)(p)
+	if mapValue == nil {
+		mapValue = makemap(d.mapType, 0)
+	}
+	if buf[cursor] == '}' {
+		**(**unsafe.Pointer)(unsafe.Pointer(&p)) = mapValue
+		cursor++
+		return cursor, nil
+	}
+	for {
+		k := unsafe_New(d.keyType)
+		keyCursor, err := d.keyDecoder.Decode(ctx, cursor, depth, k)
+		if err != nil {
+			return 0, err
+		}
+		cursor = skipWhiteSpace(buf, keyCursor)
+		if buf[cursor] != ':' {
+			return 0, errors.ErrExpected("colon after object key", cursor)
+		}
+		cursor++
+		v := unsafe_New(d.valueType)
+		valueCursor, err := d.valueDecoder.Decode(ctx, cursor, depth, v)
+		if err != nil {
+			return 0, err
+		}
+		d.mapassign(d.mapType, mapValue, k, v)
+		cursor = skipWhiteSpace(buf, valueCursor)
+		if buf[cursor] == '}' {
+			**(**unsafe.Pointer)(unsafe.Pointer(&p)) = mapValue
+			cursor++
+			return cursor, nil
+		}
+		if buf[cursor] != ',' {
+			return 0, errors.ErrExpected("comma after object value", cursor)
+		}
+		cursor++
+	}
+}
+
+func (d *mapDecoder) DecodePath(ctx *RuntimeContext, cursor, depth int64) ([][]byte, int64, error) {
+	buf := ctx.Buf
+	depth++
+	if depth > maxDecodeNestingDepth {
+		return nil, 0, errors.ErrExceededMaxDepth(buf[cursor], cursor)
+	}
+
+	cursor = skipWhiteSpace(buf, cursor)
+	buflen := int64(len(buf))
+	if buflen < 2 {
+		return nil, 0, errors.ErrExpected("{} for map", cursor)
+	}
+	switch buf[cursor] {
+	case 'n':
+		if err := validateNull(buf, cursor); err != nil {
+			return nil, 0, err
+		}
+		cursor += 4
+		return [][]byte{nullbytes}, cursor, nil
+	case '{':
+	default:
+		return nil, 0, errors.ErrExpected("{ character for map value", cursor)
+	}
+	cursor++
+	cursor = skipWhiteSpace(buf, cursor)
+	if buf[cursor] == '}' {
+		cursor++
+		return nil, cursor, nil
+	}
+	keyDecoder, ok := d.keyDecoder.(*stringDecoder)
+	if !ok {
+		return nil, 0, &errors.UnmarshalTypeError{
+			Value:  "string",
+			Type:   reflect.TypeOf(""),
+			Offset: cursor,
+			Struct: d.structName,
+			Field:  d.fieldName,
+		}
+	}
+	ret := [][]byte{}
+	for {
+		key, keyCursor, err := keyDecoder.decodeByte(buf, cursor)
+		if err != nil {
+			return nil, 0, err
+		}
+		cursor = skipWhiteSpace(buf, keyCursor)
+		if buf[cursor] != ':' {
+			return nil, 0, errors.ErrExpected("colon after object key", cursor)
+		}
+		cursor++
+		child, found, err := ctx.Option.Path.Field(string(key))
+		if err != nil {
+			return nil, 0, err
+		}
+		if found {
+			if child != nil {
+				oldPath := ctx.Option.Path.node
+				ctx.Option.Path.node = child
+				paths, c, err := d.valueDecoder.DecodePath(ctx, cursor, depth)
+				if err != nil {
+					return nil, 0, err
+				}
+				ctx.Option.Path.node = oldPath
+				ret = append(ret, paths...)
+				cursor = c
+			} else {
+				start := cursor
+				end, err := skipValue(buf, cursor, depth)
+				if err != nil {
+					return nil, 0, err
+				}
+				ret = append(ret, buf[start:end])
+				cursor = end
+			}
+		} else {
+			c, err := skipValue(buf, cursor, depth)
+			if err != nil {
+				return nil, 0, err
+			}
+			cursor = c
+		}
+		cursor = skipWhiteSpace(buf, cursor)
+		if buf[cursor] == '}' {
+			cursor++
+			return ret, cursor, nil
+		}
+		if buf[cursor] != ',' {
+			return nil, 0, errors.ErrExpected("comma after object value", cursor)
+		}
+		cursor++
+	}
+}
diff --git a/vendor/github.com/goccy/go-json/internal/decoder/number.go b/vendor/github.com/goccy/go-json/internal/decoder/number.go
new file mode 100644
index 000000000..10e5435e6
--- /dev/null
+++ b/vendor/github.com/goccy/go-json/internal/decoder/number.go
@@ -0,0 +1,123 @@
+package decoder
+
+import (
+	"encoding/json"
+	"strconv"
+	"unsafe"
+
+	"github.com/goccy/go-json/internal/errors"
+)
+
+type numberDecoder struct {
+	stringDecoder *stringDecoder
+	op            func(unsafe.Pointer, json.Number)
+	structName    string
+	fieldName     string
+}
+
+func newNumberDecoder(structName, fieldName string, op func(unsafe.Pointer, json.Number)) *numberDecoder {
+	return &numberDecoder{
+		stringDecoder: newStringDecoder(structName, fieldName),
+		op:            op,
+		structName:    structName,
+		fieldName:     fieldName,
+	}
+}
+
+func (d *numberDecoder) DecodeStream(s *Stream, depth int64, p unsafe.Pointer) error {
+	bytes, err := d.decodeStreamByte(s)
+	if err != nil {
+		return err
+	}
+	if _, err := strconv.ParseFloat(*(*string)(unsafe.Pointer(&bytes)), 64); err != nil {
+		return errors.ErrSyntax(err.Error(), s.totalOffset())
+	}
+	d.op(p, json.Number(string(bytes)))
+	s.reset()
+	return nil
+}
+
+func (d *numberDecoder) Decode(ctx *RuntimeContext, cursor, depth int64, p unsafe.Pointer) (int64, error) {
+	bytes, c, err := d.decodeByte(ctx.Buf, cursor)
+	if err != nil {
+		return 0, err
+	}
+	if _, err := strconv.ParseFloat(*(*string)(unsafe.Pointer(&bytes)), 64); err != nil {
+		return 0, errors.ErrSyntax(err.Error(), c)
+	}
+	cursor = c
+	s := *(*string)(unsafe.Pointer(&bytes))
+	d.op(p, json.Number(s))
+	return cursor, nil
+}
+
+func (d *numberDecoder) DecodePath(ctx *RuntimeContext, cursor, depth int64) ([][]byte, int64, error) {
+	bytes, c, err := d.decodeByte(ctx.Buf, cursor)
+	if err != nil {
+		return nil, 0, err
+	}
+	if bytes == nil {
+		return [][]byte{nullbytes}, c, nil
+	}
+	return [][]byte{bytes}, c, nil
+}
+
+func (d *numberDecoder) decodeStreamByte(s *Stream) ([]byte, error) {
+	start := s.cursor
+	for {
+		switch s.char() {
+		case ' ', '\n', '\t', '\r':
+			s.cursor++
+			continue
+		case '-', '0', '1', '2', '3', '4', '5', '6', '7', '8', '9':
+			return floatBytes(s), nil
+		case 'n':
+			if err := nullBytes(s); err != nil {
+				return nil, err
+			}
+			return nil, nil
+		case '"':
+			return d.stringDecoder.decodeStreamByte(s)
+		case nul:
+			if s.read() {
+				continue
+			}
+			goto ERROR
+		default:
+			goto ERROR
+		}
+	}
+ERROR:
+	if s.cursor == start {
+		return nil, errors.ErrInvalidBeginningOfValue(s.char(), s.totalOffset())
+	}
+	return nil, errors.ErrUnexpectedEndOfJSON("json.Number", s.totalOffset())
+}
+
+func (d *numberDecoder) decodeByte(buf []byte, cursor int64) ([]byte, int64, error) {
+	for {
+		switch buf[cursor] {
+		case ' ', '\n', '\t', '\r':
+			cursor++
+			continue
+		case '-', '0', '1', '2', '3', '4', '5', '6', '7', '8', '9':
+			start := cursor
+			cursor++
+			for floatTable[buf[cursor]] {
+				cursor++
+			}
+			num := buf[start:cursor]
+			return num, cursor, nil
+		case 'n':
+			if err := validateNull(buf, cursor); err != nil {
+				return nil, 0, err
+			}
+			cursor += 4
+			return nil, cursor, nil
+		case '"':
+			return d.stringDecoder.decodeByte(buf, cursor)
+		default:
+			return nil, 0, errors.ErrUnexpectedEndOfJSON("json.Number", cursor)
+		}
+	}
+}
diff --git a/vendor/github.com/goccy/go-json/internal/decoder/option.go b/vendor/github.com/goccy/go-json/internal/decoder/option.go
new file mode 100644
index 000000000..502f772eb
--- /dev/null
+++ b/vendor/github.com/goccy/go-json/internal/decoder/option.go
@@ -0,0 +1,17 @@
+package decoder
+
+import "context"
+
+type OptionFlags uint8
+
+const (
+	FirstWinOption OptionFlags = 1 << iota
+	ContextOption
+	PathOption
+)
+
+type Option struct {
+	Flags   OptionFlags
+	Context context.Context
+	Path    *Path
+}
diff --git a/vendor/github.com/goccy/go-json/internal/decoder/path.go b/vendor/github.com/goccy/go-json/internal/decoder/path.go
new file mode 100644
index 000000000..a15ff69e3
--- /dev/null
+++ b/vendor/github.com/goccy/go-json/internal/decoder/path.go
@@ -0,0 +1,670 @@
+package decoder
+
+import (
+	"fmt"
+	"reflect"
+	"strconv"
+
+	"github.com/goccy/go-json/internal/errors"
+	"github.com/goccy/go-json/internal/runtime"
+)
+
+type PathString string
+
+func (s PathString) Build() (*Path, error) {
+	builder := new(PathBuilder)
+	return builder.Build([]rune(s))
+}
+
+type PathBuilder struct {
+	root                    PathNode
+	node                    PathNode
+	singleQuotePathSelector bool
+	doubleQuotePathSelector bool
+}
+
+func (b *PathBuilder) Build(buf []rune) (*Path, error) {
+	node, err := b.build(buf)
+	if err != nil {
+		return nil, err
+	}
+	return &Path{
+		node:                    node,
+		RootSelectorOnly:        node == nil,
+		SingleQuotePathSelector: b.singleQuotePathSelector,
+		DoubleQuotePathSelector: b.doubleQuotePathSelector,
+	}, nil
+}
+
+func (b *PathBuilder) build(buf []rune) (PathNode, error) {
+	if len(buf) == 0 {
+		return nil, errors.ErrEmptyPath()
+	}
+	if buf[0] != '$' {
+		return nil, errors.ErrInvalidPath("JSON Path must start with a $ character")
+	}
+	if len(buf) == 1 {
+		return nil, nil
+	}
+	buf = buf[1:]
+	offset, err := b.buildNext(buf)
+	if err != nil {
+		return nil, err
+	}
+	if len(buf) > offset {
+		return nil, errors.ErrInvalidPath("remain invalid path %q", buf[offset:])
+	}
+	return b.root, nil
+}
+
+func (b *PathBuilder) buildNextCharIfExists(buf []rune, cursor int) (int, error) {
+	if len(buf) > cursor {
+		offset, err := b.buildNext(buf[cursor:])
+		if err != nil {
+			return 0, err
+		}
+		return cursor + 1 + offset, nil
+	}
+	return cursor, nil
+}
+
+func (b *PathBuilder) buildNext(buf []rune) (int, error) {
+	switch buf[0] {
+	case '.':
+		if len(buf) == 1 {
+			return 0, errors.ErrInvalidPath("JSON Path ends with dot character")
+		}
+		offset, err := b.buildSelector(buf[1:])
+		if err != nil {
+			return 0, err
+		}
+		return offset + 1, nil
+	case '[':
+		if len(buf) == 1 {
+			return 0, errors.ErrInvalidPath("JSON Path ends with left bracket character")
+		}
+		offset, err := b.buildIndex(buf[1:])
+		if err != nil {
+			return 0, err
+		}
+		return offset + 1, nil
+	default:
+		return 0, errors.ErrInvalidPath("expect dot or left bracket character. but found %c character", buf[0])
+	}
+}
+
+func (b *PathBuilder) buildSelector(buf []rune) (int, error) {
+	switch buf[0] {
+	case '.':
+		if len(buf) == 1 {
+			return 0, errors.ErrInvalidPath("JSON Path ends with double dot character")
+		}
+		offset, err := b.buildPathRecursive(buf[1:])
+		if err != nil {
+			return 0, err
+		}
+		return 1 + offset, nil
+	case '[', ']', '$', '*':
+		return 0, errors.ErrInvalidPath("found invalid path character %c after dot", buf[0])
+	}
+	for cursor := 0; cursor < len(buf); cursor++ {
+		switch buf[cursor] {
+		case '$', '*', ']':
+			return 0, errors.ErrInvalidPath("found %c character in field selector context", buf[cursor])
+		case '.':
+			if cursor+1 >= len(buf) {
+				return 0, errors.ErrInvalidPath("JSON Path ends with dot character")
+			}
+			selector := buf[:cursor]
+			b.addSelectorNode(string(selector))
+			offset, err := b.buildSelector(buf[cursor+1:])
+			if err != nil {
+				return 0, err
+			}
+			return cursor + 1 + offset, nil
+		case '[':
+			if cursor+1 >= len(buf) {
+				return 0, errors.ErrInvalidPath("JSON Path ends with left bracket character")
+			}
+			selector := buf[:cursor]
+			b.addSelectorNode(string(selector))
+			offset, err := b.buildIndex(buf[cursor+1:])
+			if err != nil {
+				return 0, err
+			}
+			return cursor + 1 + offset, nil
+		case '"':
+			if cursor+1 >= len(buf) {
+				return 0, errors.ErrInvalidPath("JSON Path ends with double quote character")
+			}
+			offset, err := b.buildQuoteSelector(buf[cursor+1:], DoubleQuotePathSelector)
+			if err != nil {
+				return 0, err
+			}
+			return cursor + 1 + offset, nil
+		}
+	}
+	b.addSelectorNode(string(buf))
+	return len(buf), nil
+}
+
+func (b *PathBuilder) buildQuoteSelector(buf []rune, sel QuotePathSelector) (int, error) {
+	switch buf[0] {
+	case '[', ']', '$', '.', '*', '\'', '"':
+		return 0, errors.ErrInvalidPath("found invalid path character %c after quote", buf[0])
+	}
+	for cursor := 0; cursor < len(buf); cursor++ {
+		switch buf[cursor] {
+		case '\'':
+			if sel != SingleQuotePathSelector {
+				return 0, errors.ErrInvalidPath("found double quote character in field selector with single quote context")
+			}
+			if len(buf) <= cursor+1 {
+				return 0, errors.ErrInvalidPath("JSON Path ends with single quote character in field selector context")
+			}
+			if buf[cursor+1] != ']' {
+				return 0, errors.ErrInvalidPath("expect right bracket for field selector with single quote but found %c", buf[cursor+1])
+			}
+			selector := buf[:cursor]
+			b.addSelectorNode(string(selector))
+			b.singleQuotePathSelector = true
+			return b.buildNextCharIfExists(buf, cursor+2)
+		case '"':
+			if sel != DoubleQuotePathSelector {
+				return 0, errors.ErrInvalidPath("found single quote character in field selector with double quote context")
+			}
+			selector := buf[:cursor]
+			b.addSelectorNode(string(selector))
+			b.doubleQuotePathSelector = true
+			return b.buildNextCharIfExists(buf, cursor+1)
+		}
+	}
+	return 0, errors.ErrInvalidPath("couldn't find quote character in selector quote path context")
+}
+
+func (b *PathBuilder) buildPathRecursive(buf []rune) (int, error) {
+	switch buf[0] {
+	case '.', '[', ']', '$', '*':
+		return 0, errors.ErrInvalidPath("found invalid path character %c after double dot", buf[0])
+	}
+	for cursor := 0; cursor < len(buf); cursor++ {
+		switch buf[cursor] {
+		case '$', '*', ']':
+			return 0, errors.ErrInvalidPath("found %c character in field selector context", buf[cursor])
+		case '.':
+			if cursor+1 >= len(buf) {
+				return 0, errors.ErrInvalidPath("JSON Path ends with dot character")
+			}
+			selector := buf[:cursor]
+			b.addRecursiveNode(string(selector))
+			offset, err := b.buildSelector(buf[cursor+1:])
+			if err != nil {
+				return 0, err
+			}
+			return cursor + 1 + offset, nil
+		case '[':
+			if cursor+1 >= len(buf) {
+				return 0, errors.ErrInvalidPath("JSON Path ends with left bracket character")
+			}
+			selector := buf[:cursor]
+			b.addRecursiveNode(string(selector))
+			offset, err := b.buildIndex(buf[cursor+1:])
+			if err != nil {
+				return 0, err
+			}
+			return cursor + 1 + offset, nil
+		}
+	}
+	b.addRecursiveNode(string(buf))
+	return len(buf), nil
+}
+
+func (b *PathBuilder) buildIndex(buf []rune) (int, error) {
+	switch buf[0] {
+	case '.', '[', ']', '$':
+		return 0, errors.ErrInvalidPath("found invalid path character %c after left bracket", buf[0])
+	case '\'':
+		if len(buf) == 1 {
+			return 0, errors.ErrInvalidPath("JSON Path ends with single quote character")
+		}
+		offset, err := b.buildQuoteSelector(buf[1:], SingleQuotePathSelector)
+		if err != nil {
+			return 0, err
+		}
+		return 1 + offset, nil
+	case '*':
+		if len(buf) == 1 {
+			return 0, errors.ErrInvalidPath("JSON Path ends with star character")
+		}
+		if buf[1] != ']' {
+			return 0, errors.ErrInvalidPath("expect right bracket character for index all path but found %c character", buf[1])
+		}
+		b.addIndexAllNode()
+		offset := len("*]")
+		if len(buf) > 2 {
+			buildOffset, err := b.buildNext(buf[2:])
+			if err != nil {
+				return 0, err
+			}
+			return offset + buildOffset, nil
+		}
+		return offset, nil
+	}
+
+	for cursor := 0; cursor < len(buf); cursor++ {
+		switch buf[cursor] {
+		case ']':
+			index, err := strconv.ParseInt(string(buf[:cursor]), 10, 64)
+			if err != nil {
+				return 0, errors.ErrInvalidPath("%q is unexpected index path", buf[:cursor])
+			}
+			b.addIndexNode(int(index))
+			return b.buildNextCharIfExists(buf, cursor+1)
+		}
+	}
+	return 0, errors.ErrInvalidPath("couldn't find right bracket character in index path context")
+}
+
+func (b *PathBuilder) addIndexAllNode() {
+	node := newPathIndexAllNode()
+	if b.root == nil {
+		b.root = node
+		b.node = node
+	} else {
+		b.node = b.node.chain(node)
+	}
+}
+
+func (b *PathBuilder) addRecursiveNode(selector string) {
+	node := newPathRecursiveNode(selector)
+	if b.root == nil {
+		b.root = node
+		b.node = node
+	} else {
+		b.node = b.node.chain(node)
+	}
+}
+
+func (b *PathBuilder) addSelectorNode(name string) {
+	node := newPathSelectorNode(name)
+	if b.root == nil {
+		b.root = node
+		b.node = node
+	} else {
+		b.node = b.node.chain(node)
+	}
+}
+
+func (b *PathBuilder) addIndexNode(idx int) {
+	node := newPathIndexNode(idx)
+	if b.root == nil {
+		b.root = node
+		b.node = node
+	} else {
+		b.node = b.node.chain(node)
+	}
+}
+
+type QuotePathSelector int
+
+const (
+	SingleQuotePathSelector QuotePathSelector = 1
+	DoubleQuotePathSelector QuotePathSelector = 2
+)
+
+type Path struct {
+	node                    PathNode
+	RootSelectorOnly        bool
+	SingleQuotePathSelector bool
+	DoubleQuotePathSelector bool
+}
+
+func (p *Path) Field(sel string) (PathNode, bool, error) {
+	if p.node == nil {
+		return nil, false, nil
+	}
+	return p.node.Field(sel)
+}
+
+func (p *Path) Get(src, dst reflect.Value) error {
+	if p.node == nil {
+		return nil
+	}
+	return p.node.Get(src, dst)
+}
+
+func (p *Path) String() string {
+	if p.node == nil {
+		return "$"
+	}
+	return p.node.String()
+}
+
+type PathNode interface {
+	fmt.Stringer
+	Index(idx int) (PathNode, bool, error)
+	Field(fieldName string) (PathNode, bool, error)
+	Get(src, dst reflect.Value) error
+	chain(PathNode) PathNode
+	target() bool
+	single() bool
+}
+
+type BasePathNode struct {
+	child PathNode
+}
+
+func (n *BasePathNode) chain(node PathNode) PathNode {
+	n.child = node
+	return node
+}
+
+func (n *BasePathNode) target() bool {
+	return n.child == nil
+}
+
+func (n *BasePathNode) single() bool {
+	return true
+}
+
+type PathSelectorNode struct {
+	*BasePathNode
+	selector string
+}
+
+func newPathSelectorNode(selector string) *PathSelectorNode {
+	return &PathSelectorNode{
+		BasePathNode: &BasePathNode{},
+		selector:     selector,
+	}
+}
+
+func (n *PathSelectorNode) Index(idx int) (PathNode, bool, error) {
+	return nil, false, &errors.PathError{}
+}
+
+func (n *PathSelectorNode) Field(fieldName string) (PathNode, bool, error) {
+	if n.selector == fieldName {
+		return n.child, true, nil
+	}
+	return nil, false, nil
+}
+
+func (n *PathSelectorNode) Get(src, dst reflect.Value) error {
+	switch src.Type().Kind() {
+	case reflect.Map:
+		iter := src.MapRange()
+		for iter.Next() {
+			key, ok := iter.Key().Interface().(string)
+			if !ok {
+				return fmt.Errorf("invalid map key type %T", src.Type().Key())
+			}
+			child, found, err := n.Field(key)
+			if err != nil {
+				return err
+			}
+			if found {
+				if child != nil {
+					return child.Get(iter.Value(), dst)
+				}
+				return AssignValue(iter.Value(), dst)
+			}
+		}
+	case reflect.Struct:
+		typ := src.Type()
+		for i := 0; i < typ.Len(); i++ {
+			tag := runtime.StructTagFromField(typ.Field(i))
+			child, found, err := n.Field(tag.Key)
+			if err != nil {
+				return err
+			}
+			if found {
+				if child != nil {
+					return child.Get(src.Field(i), dst)
+				}
+				return AssignValue(src.Field(i), dst)
+			}
+		}
+	case reflect.Ptr:
+		return n.Get(src.Elem(), dst)
+	case reflect.Interface:
+		return n.Get(reflect.ValueOf(src.Interface()), dst)
+	case reflect.Float64, reflect.String, reflect.Bool:
+		return AssignValue(src, dst)
+	}
+	return fmt.Errorf("failed to get %s value from %s", n.selector, src.Type())
+}
+
+func (n *PathSelectorNode) String() string {
+	s := fmt.Sprintf(".%s", n.selector)
+	if n.child != nil {
+		s += n.child.String()
+	}
+	return s
+}
+
+type PathIndexNode struct {
+	*BasePathNode
+	selector int
+}
+
+func newPathIndexNode(selector int) *PathIndexNode {
+	return &PathIndexNode{
+		BasePathNode: &BasePathNode{},
+		selector:     selector,
+	}
+}
+
+func (n *PathIndexNode) Index(idx int) (PathNode, bool, error) {
+	if n.selector == idx {
+		return n.child, true, nil
+	}
+	return nil, false, nil
+}
+
+func (n *PathIndexNode) Field(fieldName string) (PathNode, bool, error) {
+	return nil, false, &errors.PathError{}
+}
+
+func (n *PathIndexNode) Get(src, dst reflect.Value) error {
+	switch src.Type().Kind() {
+	case reflect.Array, reflect.Slice:
+		if src.Len() > n.selector {
+			if n.child != nil {
+				return n.child.Get(src.Index(n.selector), dst)
+			}
+			return AssignValue(src.Index(n.selector), dst)
+		}
+	case reflect.Ptr:
+		return n.Get(src.Elem(), dst)
+	case reflect.Interface:
+		return n.Get(reflect.ValueOf(src.Interface()), dst)
+	}
+	return fmt.Errorf("failed to get [%d] value from %s", n.selector, src.Type())
+}
+
+func (n *PathIndexNode) String() string {
+	s := fmt.Sprintf("[%d]", n.selector)
+	if n.child != nil {
+		s += n.child.String()
+	}
+	return s
+}
+
+type PathIndexAllNode struct {
+	*BasePathNode
+}
+
+func newPathIndexAllNode() *PathIndexAllNode {
+	return &PathIndexAllNode{
+		BasePathNode: &BasePathNode{},
+	}
+}
+
+func (n *PathIndexAllNode) Index(idx int) (PathNode, bool, error) {
+	return n.child, true, nil
+}
+
+func (n *PathIndexAllNode) Field(fieldName string) (PathNode, bool, error) {
+	return nil, false, &errors.PathError{}
+}
+
+func (n *PathIndexAllNode) Get(src, dst reflect.Value) error {
+	switch src.Type().Kind() {
+	case reflect.Array, reflect.Slice:
+		var arr []interface{}
+		for i := 0; i < src.Len(); i++ {
+			var v interface{}
+			rv := reflect.ValueOf(&v)
+			if n.child != nil {
+				if err := n.child.Get(src.Index(i), rv); err != nil {
+					return err
+				}
+			} else {
+				if err := AssignValue(src.Index(i), rv); err != nil {
+					return err
+				}
+			}
+			arr = append(arr, v)
+		}
+		if err := AssignValue(reflect.ValueOf(arr), dst); err != nil {
+			return err
+		}
+		return nil
+	case reflect.Ptr:
+		return n.Get(src.Elem(), dst)
+	case reflect.Interface:
+		return n.Get(reflect.ValueOf(src.Interface()), dst)
+	}
+	return fmt.Errorf("failed to get all value from %s", src.Type())
+}
+
+func (n *PathIndexAllNode) String() string {
+	s := "[*]"
+	if n.child != nil {
+		s += n.child.String()
+	}
+	return s
+}
+
+type PathRecursiveNode struct {
+	*BasePathNode
+	selector string
+}
+
+func newPathRecursiveNode(selector string) *PathRecursiveNode {
+	node := newPathSelectorNode(selector)
+	return &PathRecursiveNode{
+		BasePathNode: &BasePathNode{
+			child: node,
+		},
+		selector: selector,
+	}
+}
+
+func (n *PathRecursiveNode) Field(fieldName string) (PathNode, bool, error) {
+	if n.selector == fieldName {
+		return n.child, true, nil
+	}
+	return nil, false, nil
+}
+
+func (n *PathRecursiveNode) Index(_ int) (PathNode, bool, error) {
+	return n, true, nil
+}
+
+func valueToSliceValue(v interface{}) []interface{} {
+	rv := reflect.ValueOf(v)
+	ret := []interface{}{}
+	if rv.Type().Kind() == reflect.Slice || rv.Type().Kind() == reflect.Array {
+		for i := 0; i < rv.Len(); i++ {
+			ret = append(ret, rv.Index(i).Interface())
+		}
+		return ret
+	}
+	return []interface{}{v}
+}
+
+func (n *PathRecursiveNode) Get(src, dst reflect.Value) error {
+	if n.child == nil {
+		return fmt.Errorf("failed to get by recursive path ..%s", n.selector)
+	}
+	var arr []interface{}
+	switch src.Type().Kind() {
+	case reflect.Map:
+		iter := src.MapRange()
+		for iter.Next() {
+			key, ok := iter.Key().Interface().(string)
+			if !ok {
+				return fmt.Errorf("invalid map key type %T", src.Type().Key())
+			}
+			child, found, err := n.Field(key)
+			if err != nil {
+				return err
+			}
+			if found {
+				var v interface{}
+				rv := reflect.ValueOf(&v)
+				_ = child.Get(iter.Value(), rv)
+				arr = append(arr, valueToSliceValue(v)...)
+			} else {
+				var v interface{}
+				rv := reflect.ValueOf(&v)
+				_ = n.Get(iter.Value(), rv)
+				if v != nil {
+					arr = append(arr, valueToSliceValue(v)...)
+				}
+			}
+		}
+		_ = AssignValue(reflect.ValueOf(arr), dst)
+		return nil
+	case reflect.Struct:
+		typ := src.Type()
+		for i := 0; i < typ.Len(); i++ {
+			tag := runtime.StructTagFromField(typ.Field(i))
+			child, found, err := n.Field(tag.Key)
+			if err != nil {
+				return err
+			}
+			if found {
+				var v interface{}
+				rv := reflect.ValueOf(&v)
+				_ = child.Get(src.Field(i), rv)
+				arr = append(arr, valueToSliceValue(v)...)
+			} else {
+				var v interface{}
+				rv := reflect.ValueOf(&v)
+				_ = n.Get(src.Field(i), rv)
+				if v != nil {
+					arr = append(arr, valueToSliceValue(v)...)
+				}
+			}
+		}
+		_ = AssignValue(reflect.ValueOf(arr), dst)
+		return nil
+	case reflect.Array, reflect.Slice:
+		for i := 0; i < src.Len(); i++ {
+			var v interface{}
+			rv := reflect.ValueOf(&v)
+			_ = n.Get(src.Index(i), rv)
+			if v != nil {
+				arr = append(arr, valueToSliceValue(v)...)
+			}
+		}
+		_ = AssignValue(reflect.ValueOf(arr), dst)
+		return nil
+	case reflect.Ptr:
+		return n.Get(src.Elem(), dst)
+	case reflect.Interface:
+		return n.Get(reflect.ValueOf(src.Interface()), dst)
+	}
+	return fmt.Errorf("failed to get %s value from %s", n.selector, src.Type())
+}
+
+func (n *PathRecursiveNode) String() string {
+	s := fmt.Sprintf("..%s", n.selector)
+	if n.child != nil {
+		s += n.child.String()
+	}
+	return s
+}
diff --git a/vendor/github.com/goccy/go-json/internal/decoder/ptr.go b/vendor/github.com/goccy/go-json/internal/decoder/ptr.go
new file mode 100644
index 000000000..de12e105c
--- /dev/null
+++ b/vendor/github.com/goccy/go-json/internal/decoder/ptr.go
@@ -0,0 +1,96 @@
+package decoder
+
+import (
+	"fmt"
+	"unsafe"
+
+	"github.com/goccy/go-json/internal/runtime"
+)
+
+type ptrDecoder struct {
+	dec        Decoder
+	typ        *runtime.Type
+	structName string
+	fieldName  string
+}
+
+func newPtrDecoder(dec Decoder, typ *runtime.Type, structName, fieldName string) *ptrDecoder {
+	return &ptrDecoder{
+		dec:        dec,
+		typ:        typ,
+		structName: structName,
+		fieldName:  fieldName,
+	}
+}
+
+func (d *ptrDecoder) contentDecoder() Decoder {
+	dec, ok := d.dec.(*ptrDecoder)
+	if !ok {
+		return d.dec
+	}
+	return dec.contentDecoder()
+}
+
+//nolint:golint
+//go:linkname unsafe_New reflect.unsafe_New
+func unsafe_New(*runtime.Type) unsafe.Pointer
+
+func UnsafeNew(t *runtime.Type) unsafe.Pointer {
+	return unsafe_New(t)
+}
+
+func (d *ptrDecoder) DecodeStream(s *Stream, depth int64, p unsafe.Pointer) error {
+	if s.skipWhiteSpace() == nul {
+		s.read()
+	}
+	if s.char() == 'n' {
+		if err := nullBytes(s); err != nil {
+			return err
+		}
+		*(*unsafe.Pointer)(p) = nil
+		return nil
+	}
+	var newptr unsafe.Pointer
+	if *(*unsafe.Pointer)(p) == nil {
+		newptr = unsafe_New(d.typ)
+		*(*unsafe.Pointer)(p) = newptr
+	} else {
+		newptr = *(*unsafe.Pointer)(p)
+	}
+	if err := d.dec.DecodeStream(s, depth, newptr); err != nil {
+		return err
+	}
+	return nil
+}
+
+func (d *ptrDecoder) Decode(ctx *RuntimeContext, cursor, depth int64, p unsafe.Pointer) (int64, error) {
+	buf := ctx.Buf
+	cursor = skipWhiteSpace(buf, cursor)
+	if buf[cursor] == 'n' {
+		if err := validateNull(buf, cursor); err != nil {
+			return 0, err
+		}
+		if p != nil {
+			*(*unsafe.Pointer)(p) = nil
+		}
+		cursor += 4
+		return cursor, nil
+	}
+	var newptr unsafe.Pointer
+	if *(*unsafe.Pointer)(p) == nil {
+		newptr = unsafe_New(d.typ)
+		*(*unsafe.Pointer)(p) = newptr
+	} else {
+		newptr = *(*unsafe.Pointer)(p)
+	}
+	c, err := d.dec.Decode(ctx, cursor, depth, newptr)
+	if err != nil {
+		return 0, err
+	}
+	cursor = c
+	return cursor, nil
+}
+
+func (d *ptrDecoder) DecodePath(ctx *RuntimeContext, cursor, depth int64) ([][]byte, int64, error) {
+	return nil, 0, fmt.Errorf("json: ptr decoder does not support decode path")
+}
diff --git a/vendor/github.com/goccy/go-json/internal/decoder/slice.go b/vendor/github.com/goccy/go-json/internal/decoder/slice.go
new file mode 100644
index 000000000..30a23e4b5
--- /dev/null
+++ b/vendor/github.com/goccy/go-json/internal/decoder/slice.go
@@ -0,0 +1,380 @@
+package decoder
+
+import (
+	"reflect"
+	"sync"
+	"unsafe"
+
+	"github.com/goccy/go-json/internal/errors"
+	"github.com/goccy/go-json/internal/runtime"
+)
+
+var (
+	sliceType = runtime.Type2RType(
+		reflect.TypeOf((*sliceHeader)(nil)).Elem(),
+	)
+	nilSlice = unsafe.Pointer(&sliceHeader{})
+)
+
+type sliceDecoder struct {
+	elemType          *runtime.Type
+	isElemPointerType bool
+	valueDecoder      Decoder
+	size              uintptr
+	arrayPool         sync.Pool
+	structName        string
+	fieldName         string
+}
+
+// If use reflect.SliceHeader, data type is uintptr.
+// In this case, Go compiler cannot trace reference created by newArray().
+// So, define using unsafe.Pointer as data type
+type sliceHeader struct {
+	data unsafe.Pointer
+	len  int
+	cap  int
+}
+
+const (
+	defaultSliceCapacity = 2
+)
+
+func newSliceDecoder(dec Decoder, elemType *runtime.Type, size uintptr, structName, fieldName string) *sliceDecoder {
+	return &sliceDecoder{
+		valueDecoder:      dec,
+		elemType:          elemType,
+		isElemPointerType: elemType.Kind() == reflect.Ptr || elemType.Kind() == reflect.Map,
+		size:              size,
+		arrayPool: sync.Pool{
+			New: func() interface{} {
+				return &sliceHeader{
+					data: newArray(elemType, defaultSliceCapacity),
+					len:  0,
+					cap:  defaultSliceCapacity,
+				}
+			},
+		},
+		structName: structName,
+		fieldName:  fieldName,
+	}
+}
+
+func (d *sliceDecoder) newSlice(src *sliceHeader) *sliceHeader {
+	slice := d.arrayPool.Get().(*sliceHeader)
+	if src.len > 0 {
+		// copy original elem
+		if slice.cap < src.cap {
+			data := newArray(d.elemType, src.cap)
+			slice = &sliceHeader{data: data, len: src.len, cap: src.cap}
+		} else {
+			slice.len = src.len
+		}
+		copySlice(d.elemType, *slice, *src)
+	} else {
+		slice.len = 0
+	}
+	return slice
+}
+
+func (d *sliceDecoder) releaseSlice(p *sliceHeader) {
+	d.arrayPool.Put(p)
+}
+
+//go:linkname copySlice reflect.typedslicecopy
+func copySlice(elemType *runtime.Type, dst, src sliceHeader) int
+
+//go:linkname newArray reflect.unsafe_NewArray
+func newArray(*runtime.Type, int) unsafe.Pointer
+
+//go:linkname typedmemmove reflect.typedmemmove
+func typedmemmove(t *runtime.Type, dst, src unsafe.Pointer)
+
+func (d *sliceDecoder) errNumber(offset int64) *errors.UnmarshalTypeError {
+	return &errors.UnmarshalTypeError{
+		Value:  "number",
+		Type:   reflect.SliceOf(runtime.RType2Type(d.elemType)),
+		Struct: d.structName,
+		Field:  d.fieldName,
+		Offset: offset,
+	}
+}
+
+func (d *sliceDecoder) DecodeStream(s *Stream, depth int64, p unsafe.Pointer) error {
+	depth++
+	if depth > maxDecodeNestingDepth {
+		return errors.ErrExceededMaxDepth(s.char(), s.cursor)
+	}
+
+	for {
+		switch s.char() {
+		case ' ', '\n', '\t', '\r':
+			s.cursor++
+			continue
+		case 'n':
+			if err := nullBytes(s); err != nil {
+				return err
+			}
+			typedmemmove(sliceType, p, nilSlice)
+			return nil
+		case '[':
+			s.cursor++
+			if s.skipWhiteSpace() == ']' {
+				dst := (*sliceHeader)(p)
+				if dst.data == nil {
+					dst.data = newArray(d.elemType, 0)
+				} else {
+					dst.len = 0
+				}
+				s.cursor++
+				return nil
+			}
+			idx := 0
+			slice := d.newSlice((*sliceHeader)(p))
+			srcLen := slice.len
+			capacity := slice.cap
+			data := slice.data
+			for {
+				if capacity <= idx {
+					src := sliceHeader{data: data, len: idx, cap: capacity}
+					capacity *= 2
+					data = newArray(d.elemType, capacity)
+					dst := sliceHeader{data: data, len: idx, cap: capacity}
+					copySlice(d.elemType, dst, src)
+				}
+				ep := unsafe.Pointer(uintptr(data) + uintptr(idx)*d.size)
+
+				// if srcLen is greater than idx, keep the original reference
+				if srcLen <= idx {
+					if d.isElemPointerType {
+						**(**unsafe.Pointer)(unsafe.Pointer(&ep)) = nil // initialize elem pointer
+					} else {
+						// assign new element to the slice
+						typedmemmove(d.elemType, ep, unsafe_New(d.elemType))
+					}
+				}
+
+				if err := d.valueDecoder.DecodeStream(s, depth, ep); err != nil {
+					return err
+				}
+				s.skipWhiteSpace()
+			RETRY:
+				switch s.char() {
+				case ']':
+					slice.cap = capacity
+					slice.len = idx + 1
+					slice.data = data
+					dst := (*sliceHeader)(p)
+					dst.len = idx + 1
+					if dst.len > dst.cap {
+						dst.data = newArray(d.elemType, dst.len)
+						dst.cap = dst.len
+					}
+					copySlice(d.elemType, *dst, *slice)
+					d.releaseSlice(slice)
+					s.cursor++
+					return nil
+				case ',':
+					idx++
+				case nul:
+					if s.read() {
+						goto RETRY
+					}
+					slice.cap = capacity
+					slice.data = data
+					d.releaseSlice(slice)
+					goto ERROR
+				default:
+					slice.cap = capacity
+					slice.data = data
+					d.releaseSlice(slice)
+					goto ERROR
+				}
+				s.cursor++
+			}
+		case '-', '0', '1', '2', '3', '4', '5', '6', '7', '8', '9':
+			return d.errNumber(s.totalOffset())
+		case nul:
+			if s.read() {
+				continue
+			}
+			goto ERROR
+		default:
+			goto ERROR
+		}
+	}
+ERROR:
+	return errors.ErrUnexpectedEndOfJSON("slice", s.totalOffset())
+}
+
+func (d *sliceDecoder) Decode(ctx *RuntimeContext, cursor, depth int64, p unsafe.Pointer) (int64, error) {
+	buf := ctx.Buf
+	depth++
+	if depth > maxDecodeNestingDepth {
+		return 0, errors.ErrExceededMaxDepth(buf[cursor], cursor)
+	}
+
+	for {
+		switch buf[cursor] {
+		case ' ', '\n', '\t', '\r':
+			cursor++
+			continue
+		case 'n':
+			if err := validateNull(buf, cursor); err != nil {
+				return 0, err
+			}
+			cursor += 4
+			typedmemmove(sliceType, p, nilSlice)
+			return cursor, nil
+		case '[':
+			cursor++
+			cursor = skipWhiteSpace(buf, cursor)
+			if buf[cursor] == ']' {
+				dst := (*sliceHeader)(p)
+				if dst.data == nil {
+					dst.data = newArray(d.elemType, 0)
+				} else {
+					dst.len = 0
+				}
+				cursor++
+				return cursor, nil
+			}
+			idx := 0
+			slice := d.newSlice((*sliceHeader)(p))
+			srcLen := slice.len
+			capacity := slice.cap
+			data := slice.data
+			for {
+				if capacity <= idx {
+					src := sliceHeader{data: data, len: idx, cap: capacity}
+					capacity *= 2
+					data = newArray(d.elemType, capacity)
+					dst := sliceHeader{data: data, len: idx, cap: capacity}
+					copySlice(d.elemType, dst, src)
+				}
+				ep := unsafe.Pointer(uintptr(data) + uintptr(idx)*d.size)
+				// if srcLen is greater than idx, keep the original reference
+				if srcLen <= idx {
+					if d.isElemPointerType {
+						**(**unsafe.Pointer)(unsafe.Pointer(&ep)) = nil // initialize elem pointer
+					} else {
+						// assign new element to the slice
+						typedmemmove(d.elemType, ep, unsafe_New(d.elemType))
+					}
+				}
+				c, err := d.valueDecoder.Decode(ctx, cursor, depth, ep)
+				if err != nil {
+					return 0, err
+				}
+				cursor = c
+				cursor = skipWhiteSpace(buf, cursor)
+				switch buf[cursor] {
+				case ']':
+					slice.cap = capacity
+					slice.len = idx + 1
+					slice.data = data
+					dst := (*sliceHeader)(p)
+					dst.len = idx + 1
+					if dst.len > dst.cap {
+						dst.data = newArray(d.elemType, dst.len)
+						dst.cap = dst.len
+					}
+					copySlice(d.elemType, *dst, *slice)
+					d.releaseSlice(slice)
+					cursor++
+					return cursor, nil
+				case ',':
+					idx++
+				default:
+					slice.cap = capacity
+					slice.data = data
+					d.releaseSlice(slice)
+					return 0, errors.ErrInvalidCharacter(buf[cursor], "slice", cursor)
+				}
+				cursor++
+			}
+		case '-', '0', '1', '2', '3', '4', '5', '6', '7', '8', '9':
+			return 0, d.errNumber(cursor)
+		default:
+			return 0, errors.ErrUnexpectedEndOfJSON("slice", cursor)
+		}
+	}
+}
+
+func (d *sliceDecoder) DecodePath(ctx *RuntimeContext, cursor, depth int64) ([][]byte, int64, error) {
+	buf := ctx.Buf
+	depth++
+	if depth > maxDecodeNestingDepth {
+		return nil, 0, errors.ErrExceededMaxDepth(buf[cursor], cursor)
+	}
+
+	ret := [][]byte{}
+	for {
+		switch buf[cursor] {
+		case ' ', '\n', '\t', '\r':
+			cursor++
+			continue
+		case 'n':
+			if err := validateNull(buf, cursor); err != nil {
+				return nil, 0, err
+			}
+			cursor += 4
+			return [][]byte{nullbytes}, cursor, nil
+		case '[':
+			cursor++
+			cursor = skipWhiteSpace(buf, cursor)
+			if buf[cursor] == ']' {
+				cursor++
+				return ret, cursor, nil
+			}
+			idx := 0
+			for {
+				child, found, err := ctx.Option.Path.node.Index(idx)
+				if err != nil {
+					return nil, 0, err
+				}
+				if found {
+					if child != nil {
+						oldPath := ctx.Option.Path.node
+						ctx.Option.Path.node = child
+						paths, c, err := d.valueDecoder.DecodePath(ctx, cursor, depth)
+						if err != nil {
+							return nil, 0, err
+						}
+						ctx.Option.Path.node = oldPath
+						ret = append(ret, paths...)
+						cursor = c
+					} else {
+						start := cursor
+						end, err := skipValue(buf, cursor, depth)
+						if err != nil {
+							return nil, 0, err
+						}
+						ret = append(ret, buf[start:end])
+						cursor = end
+					}
+				} else {
+					c, err := skipValue(buf, cursor, depth)
+					if err != nil {
+						return nil, 0, err
+					}
+					cursor = c
+				}
+				cursor = skipWhiteSpace(buf, cursor)
+				switch buf[cursor] {
+				case ']':
+					cursor++
+					return ret, cursor, nil
+				case ',':
+					idx++
+				default:
+					return nil, 0, errors.ErrInvalidCharacter(buf[cursor], "slice", cursor)
+				}
+				cursor++
+			}
+		case '-', '0', '1', '2', '3', '4', '5', '6', '7', '8', '9':
+			return nil, 0, d.errNumber(cursor)
+		default:
+			return nil, 0, errors.ErrUnexpectedEndOfJSON("slice", cursor)
+		}
+	}
+}
diff --git a/vendor/github.com/goccy/go-json/internal/decoder/stream.go b/vendor/github.com/goccy/go-json/internal/decoder/stream.go
new file mode 100644
index 000000000..a383f7259
--- /dev/null
+++ b/vendor/github.com/goccy/go-json/internal/decoder/stream.go
@@ -0,0 +1,556 @@
+package decoder
+
+import (
+	"bytes"
+	"encoding/json"
+	"io"
+	"strconv"
+	"unsafe"
+
+	"github.com/goccy/go-json/internal/errors"
+)
+
+const (
+	initBufSize = 512
+)
+
+type Stream struct {
+	buf                   []byte
+	bufSize               int64
+	length                int64
+	r                     io.Reader
+	offset                int64
+	cursor                int64
+	filledBuffer          bool
+	allRead               bool
+	UseNumber             bool
+	DisallowUnknownFields bool
+	Option                *Option
+}
+
+func NewStream(r io.Reader) *Stream {
+	return &Stream{
+		r:       r,
+		bufSize: initBufSize,
+		buf:     make([]byte, initBufSize),
+		Option:  &Option{},
+	}
+}
+
+func (s *Stream) TotalOffset() int64 {
+	return s.totalOffset()
+}
+
+func (s *Stream) Buffered() io.Reader {
+	buflen := int64(len(s.buf))
+	for i := s.cursor; i < buflen; i++ {
+		if s.buf[i] == nul {
+			return bytes.NewReader(s.buf[s.cursor:i])
+		}
+	}
+	return bytes.NewReader(s.buf[s.cursor:])
+}
+
+func (s *Stream) PrepareForDecode() error {
+	for {
+		switch s.char() {
+		case ' ', '\t', '\r', '\n':
+			s.cursor++
+			continue
+		case ',', ':':
+			s.cursor++
+			return nil
+		case nul:
+			if s.read() {
+				continue
+			}
+			return io.EOF
+		}
+		break
+	}
+	return nil
+}
+
+func (s *Stream) totalOffset() int64 {
+	return s.offset + s.cursor
+}
+
+func (s *Stream) char() byte {
+	return s.buf[s.cursor]
+}
+
+func (s *Stream) equalChar(c byte) bool {
+	cur := s.buf[s.cursor]
+	if cur == nul {
+		s.read()
+		cur = s.buf[s.cursor]
+	}
+	return cur == c
+}
+
+func (s *Stream) stat() ([]byte, int64, unsafe.Pointer) {
+	return s.buf, s.cursor, (*sliceHeader)(unsafe.Pointer(&s.buf)).data
+}
+
+func (s *Stream) bufptr() unsafe.Pointer {
+	return (*sliceHeader)(unsafe.Pointer(&s.buf)).data
+}
+
+func (s *Stream) statForRetry() ([]byte, int64, unsafe.Pointer) {
+	s.cursor-- // for retry ( because caller progress cursor position in each loop )
+	return s.buf, s.cursor, (*sliceHeader)(unsafe.Pointer(&s.buf)).data
+}
+
+func (s *Stream) Reset() {
+	s.reset()
+	s.bufSize = int64(len(s.buf))
+}
+
+func (s *Stream) More() bool {
+	for {
+		switch s.char() {
+		case ' ', '\n', '\r', '\t':
+			s.cursor++
+			continue
+		case '}', ']':
+			return false
+		case nul:
+			if s.read() {
+				continue
+			}
+			return false
+		}
+		break
+	}
+	return true
+}
+
+func (s *Stream) Token() (interface{}, error) {
+	for {
+		c := s.char()
+		switch c {
+		case ' ', '\n', '\r', '\t':
+			s.cursor++
+		case '{', '[', ']', '}':
+			s.cursor++
+			return json.Delim(c), nil
+		case ',', ':':
+			s.cursor++
+		case '-', '0', '1', '2', '3', '4', '5', '6', '7', '8', '9':
+			bytes := floatBytes(s)
+			str := *(*string)(unsafe.Pointer(&bytes))
+			if s.UseNumber {
+				return json.Number(str), nil
+			}
+			f64, err := strconv.ParseFloat(str, 64)
+			if err != nil {
+				return nil, err
+			}
+			return f64, nil
+		case '"':
+			bytes, err := stringBytes(s)
+			if err != nil {
+				return nil, err
+			}
+			return string(bytes), nil
+		case 't':
+			if err := trueBytes(s); err != nil {
+				return nil, err
+			}
+			return true, nil
+		case 'f':
+			if err := falseBytes(s); err != nil {
+				return nil, err
+			}
+			return false, nil
+		case 'n':
+			if err := nullBytes(s); err != nil {
+				return nil, err
+			}
+			return nil, nil
+		case nul:
+			if s.read() {
+				continue
+			}
+			goto END
+		default:
+			return nil, errors.ErrInvalidCharacter(s.char(), "token", s.totalOffset())
+		}
+	}
+END:
+	return nil, io.EOF
+}
+
+func (s *Stream) reset() {
+	s.offset += s.cursor
+	s.buf = s.buf[s.cursor:]
+	s.length -= s.cursor
+	s.cursor = 0
+}
+
+func (s *Stream) readBuf() []byte {
+	if s.filledBuffer {
+		s.bufSize *= 2
+		remainBuf := s.buf
+		s.buf = make([]byte, s.bufSize)
+		copy(s.buf, remainBuf)
+	}
+	remainLen := s.length - s.cursor
+	remainNotNulCharNum := int64(0)
+	for i := int64(0); i < remainLen; i++ {
+		if s.buf[s.cursor+i] == nul {
+			break
+		}
+		remainNotNulCharNum++
+	}
+	s.length = s.cursor + remainNotNulCharNum
+	return s.buf[s.cursor+remainNotNulCharNum:]
+}
+
+func (s *Stream) read() bool {
+	if s.allRead {
+		return false
+	}
+	buf := s.readBuf()
+	last := len(buf) - 1
+	buf[last] = nul
+	n, err := s.r.Read(buf[:last])
+	s.length += int64(n)
+	if n == last {
+		s.filledBuffer = true
+	} else {
+		s.filledBuffer = false
+	}
+	if err == io.EOF {
+		s.allRead = true
+	} else if err != nil {
+		return false
+	}
+	return true
+}
+
+func (s *Stream) skipWhiteSpace() byte {
+	p := s.bufptr()
+LOOP:
+	c := char(p, s.cursor)
+	switch c {
+	case ' ', '\n', '\t', '\r':
+		s.cursor++
+		goto LOOP
+	case nul:
+		if s.read() {
+			p = s.bufptr()
+			goto LOOP
+		}
+	}
+	return c
+}
+
+func (s *Stream) skipObject(depth int64) error {
+	braceCount := 1
+	_, cursor, p := s.stat()
+	for {
+		switch char(p, cursor) {
+		case '{':
+			braceCount++
+			depth++
+			if depth > maxDecodeNestingDepth {
+				return errors.ErrExceededMaxDepth(s.char(), s.cursor)
+			}
+		case '}':
+			braceCount--
+			depth--
+			if braceCount == 0 {
+				s.cursor = cursor + 1
+				return nil
+			}
+		case '[':
+			depth++
+			if depth > maxDecodeNestingDepth {
+				return errors.ErrExceededMaxDepth(s.char(), s.cursor)
+			}
+		case ']':
+			depth--
+		case '"':
+			for {
+				cursor++
+				switch char(p, cursor) {
+				case '\\':
+					cursor++
+					if char(p, cursor) == nul {
+						s.cursor = cursor
+						if s.read() {
+							_, cursor, p = s.stat()
+							continue
+						}
+						return errors.ErrUnexpectedEndOfJSON("string of object", cursor)
+					}
+				case '"':
+					goto SWITCH_OUT
+				case nul:
+					s.cursor = cursor
+					if s.read() {
+						_, cursor, p = s.statForRetry()
+						continue
+					}
+					return errors.ErrUnexpectedEndOfJSON("string of object", cursor)
+				}
+			}
+		case nul:
+			s.cursor = cursor
+			if s.read() {
+				_, cursor, p = s.stat()
+				continue
+			}
+			return errors.ErrUnexpectedEndOfJSON("object of object", cursor)
+		}
+	SWITCH_OUT:
+		cursor++
+	}
+}
+
+func (s *Stream) skipArray(depth int64) error {
+	bracketCount := 1
+	_, cursor, p := s.stat()
+	for {
+		switch char(p, cursor) {
+		case '[':
+			bracketCount++
+			depth++
+			if depth > maxDecodeNestingDepth {
+				return errors.ErrExceededMaxDepth(s.char(), s.cursor)
+			}
+		case ']':
+			bracketCount--
+			depth--
+			if bracketCount == 0 {
+				s.cursor = cursor + 1
+				return nil
+			}
+		case '{':
+			depth++
+			if depth > maxDecodeNestingDepth {
+				return errors.ErrExceededMaxDepth(s.char(), s.cursor)
+			}
+		case '}':
+			depth--
+		case '"':
+			for {
+				cursor++
+				switch char(p, cursor) {
+				case '\\':
+					cursor++
+					if char(p, cursor) == nul {
+						s.cursor = cursor
+						if s.read() {
+							_, cursor, p = s.stat()
+							continue
+						}
+						return errors.ErrUnexpectedEndOfJSON("string of object", cursor)
+					}
+				case '"':
+					goto SWITCH_OUT
+				case nul:
+					s.cursor = cursor
+					if s.read() {
+						_, cursor, p = s.statForRetry()
+						continue
+					}
+					return errors.ErrUnexpectedEndOfJSON("string of object", cursor)
+				}
+			}
+		case nul:
+			s.cursor = cursor
+			if s.read() {
+				_, cursor, p = s.stat()
+				continue
+			}
+			return errors.ErrUnexpectedEndOfJSON("array of object", cursor)
+		}
+	SWITCH_OUT:
+		cursor++
+	}
+}
+
+func (s *Stream) skipValue(depth int64) error {
+	_, cursor, p := s.stat()
+	for {
+		switch char(p, cursor) {
+		case ' ', '\n', '\t', '\r':
+			cursor++
+			continue
+		case nul:
+			s.cursor = cursor
+			if s.read() {
+				_, cursor, p = s.stat()
+				continue
+			}
+			return errors.ErrUnexpectedEndOfJSON("value of object", s.totalOffset())
+		case '{':
+			s.cursor = cursor + 1
+			return s.skipObject(depth + 1)
+		case '[':
+			s.cursor = cursor + 1
+			return s.skipArray(depth + 1)
+		case '"':
+			for {
+				cursor++
+				switch char(p, cursor) {
+				case '\\':
+					cursor++
+					if char(p, cursor) == nul {
+						s.cursor = cursor
+						if s.read() {
+							_, cursor, p = s.stat()
+							continue
+						}
+						return errors.ErrUnexpectedEndOfJSON("value of string", s.totalOffset())
+					}
+				case '"':
+					s.cursor = cursor + 1
+					return nil
+				case nul:
+					s.cursor = cursor
+					if s.read() {
+						_, cursor, p = s.statForRetry()
+						continue
+					}
+					return errors.ErrUnexpectedEndOfJSON("value of string", s.totalOffset())
+				}
+			}
+		case '-', '0', '1', '2', '3', '4', '5', '6', '7', '8', '9':
+			for {
+				cursor++
+				c := char(p, cursor)
+				if floatTable[c] {
+					continue
+				} else if c == nul {
+					if s.read() {
+						_, cursor, p = s.stat()
+						continue
+					}
+				}
+				s.cursor = cursor
+				return nil
+			}
+		case 't':
+			s.cursor = cursor
+			if err := trueBytes(s); err != nil {
+				return err
+			}
+			return nil
+		case 'f':
+			s.cursor = cursor
+			if err := falseBytes(s); err != nil {
+				return err
+			}
+			return nil
+		case 'n':
+			s.cursor = cursor
+			if err := nullBytes(s); err != nil {
+				return err
+			}
+			return nil
+		}
+		cursor++
+	}
+}
+
+func nullBytes(s *Stream) error {
+	// current cursor's character is 'n'
+	s.cursor++
+	if s.char() != 'u' {
+		if err := retryReadNull(s); err != nil {
+			return err
+		}
+	}
+	s.cursor++
+	if s.char() != 'l' {
+		if err := retryReadNull(s); err != nil {
+			return err
+		}
+	}
+	s.cursor++
+	if s.char() != 'l' {
+		if err := retryReadNull(s); err != nil {
+			return err
+		}
+	}
+	s.cursor++
+	return nil
+}
+
+func retryReadNull(s *Stream) error {
+	if s.char() == nul && s.read() {
+		return nil
+	}
+	return errors.ErrInvalidCharacter(s.char(), "null", s.totalOffset())
+}
+
+func trueBytes(s *Stream) error {
+	// current cursor's character is 't'
+	s.cursor++
+	if s.char() != 'r' {
+		if err := retryReadTrue(s); err != nil {
+			return err
+		}
+	}
+	s.cursor++
+	if s.char() != 'u' {
+		if err := retryReadTrue(s); err != nil {
+			return err
+		}
+	}
+	s.cursor++
+	if s.char() != 'e' {
+		if err := retryReadTrue(s); err != nil {
+			return err
+		}
+	}
+	s.cursor++
+	return nil
+}
+
+func retryReadTrue(s *Stream) error {
+	if s.char() == nul && s.read() {
+		return nil
+	}
+	return errors.ErrInvalidCharacter(s.char(), "bool(true)", s.totalOffset())
+}
+
+func falseBytes(s *Stream) error {
+	// current cursor's character is 'f'
+	s.cursor++
+	if s.char() != 'a' {
+		if err := retryReadFalse(s); err != nil {
+			return err
+		}
+	}
+	s.cursor++
+	if s.char() != 'l' {
+		if err := retryReadFalse(s); err != nil {
+			return err
+		}
+	}
+	s.cursor++
+	if s.char() != 's' {
+		if err := retryReadFalse(s); err != nil {
+			return err
+		}
+	}
+	s.cursor++
+	if s.char() != 'e' {
+		if err := retryReadFalse(s); err != nil {
+			return err
+		}
+	}
+	s.cursor++
+	return nil
+}
+
+func retryReadFalse(s *Stream) error {
+	if s.char() == nul && s.read() {
+		return nil
+	}
+	return errors.ErrInvalidCharacter(s.char(), "bool(false)", s.totalOffset())
+}
diff --git a/vendor/github.com/goccy/go-json/internal/decoder/string.go b/vendor/github.com/goccy/go-json/internal/decoder/string.go
new file mode 100644
index 000000000..32602c908
--- /dev/null
+++ b/vendor/github.com/goccy/go-json/internal/decoder/string.go
@@ -0,0 +1,452 @@
+package decoder
+
+import (
+	"bytes"
+	"fmt"
+	"reflect"
+	"unicode"
+	"unicode/utf16"
+	"unicode/utf8"
+	"unsafe"
+
+	"github.com/goccy/go-json/internal/errors"
+)
+
+type stringDecoder struct {
+	structName string
+	fieldName  string
+}
+
+func newStringDecoder(structName, fieldName string) *stringDecoder {
+	return &stringDecoder{
+		structName: structName,
+		fieldName:  fieldName,
+	}
+}
+
+func (d *stringDecoder) errUnmarshalType(typeName string, offset int64) *errors.UnmarshalTypeError {
+	return &errors.UnmarshalTypeError{
+		Value:  typeName,
+		Type:   reflect.TypeOf(""),
+		Offset: offset,
+		Struct: d.structName,
+		Field:  d.fieldName,
+	}
+}
+
+func (d *stringDecoder) DecodeStream(s *Stream, depth int64, p unsafe.Pointer) error {
+	bytes, err := d.decodeStreamByte(s)
+	if err != nil {
+		return err
+	}
+	if bytes == nil {
+		return nil
+	}
+	**(**string)(unsafe.Pointer(&p)) = *(*string)(unsafe.Pointer(&bytes))
+	s.reset()
+	return nil
+}
+
+func (d *stringDecoder) Decode(ctx *RuntimeContext, cursor, depth int64, p unsafe.Pointer) (int64, error) {
+	bytes, c, err := d.decodeByte(ctx.Buf, cursor)
+	if err != nil {
+		return 0, err
+	}
+	if bytes == nil {
+		return c, nil
+	}
+	cursor = c
+	**(**string)(unsafe.Pointer(&p)) = *(*string)(unsafe.Pointer(&bytes))
+	return cursor, nil
+}
+
+func (d *stringDecoder) DecodePath(ctx *RuntimeContext, cursor, depth int64) ([][]byte, int64, error) {
+	bytes, c, err := d.decodeByte(ctx.Buf, cursor)
+	if err != nil {
+		return nil, 0, err
+	}
+	if bytes == nil {
+		return [][]byte{nullbytes}, c, nil
+	}
+	return [][]byte{bytes}, c, nil
+}
+
+var (
+	hexToInt = [256]int{
+		'0': 0,
+		'1': 1,
+		'2': 2,
+		'3': 3,
+		'4': 4,
+		'5': 5,
+		'6': 6,
+		'7': 7,
+		'8': 8,
+		'9': 9,
+		'A': 10,
+		'B': 11,
+		'C': 12,
+		'D': 13,
+		'E': 14,
+		'F': 15,
+		'a': 10,
+		'b': 11,
+		'c': 12,
+		'd': 13,
+		'e': 14,
+		'f': 15,
+	}
+)
+
+func unicodeToRune(code []byte) rune {
+	var r rune
+	for i := 0; i < len(code); i++ {
+		r = r*16 + rune(hexToInt[code[i]])
+	}
+	return r
+}
+
+func readAtLeast(s *Stream, n int64, p *unsafe.Pointer) bool {
+	for s.cursor+n >= s.length {
+		if !s.read() {
+			return false
+		}
+		*p = s.bufptr()
+	}
+	return true
+}
+
+func decodeUnicodeRune(s *Stream, p unsafe.Pointer) (rune, int64, unsafe.Pointer, error) {
+	const defaultOffset = 5
+	const surrogateOffset = 11
+
+	if !readAtLeast(s, defaultOffset, &p) {
+		return rune(0), 0, nil, errors.ErrInvalidCharacter(s.char(), "escaped string", s.totalOffset())
+	}
+
+	r := unicodeToRune(s.buf[s.cursor+1 : s.cursor+defaultOffset])
+	if utf16.IsSurrogate(r) {
+		if !readAtLeast(s, surrogateOffset, &p) {
+			return unicode.ReplacementChar, defaultOffset, p, nil
+		}
+		if s.buf[s.cursor+defaultOffset] != '\\' || s.buf[s.cursor+defaultOffset+1] != 'u' {
+			return unicode.ReplacementChar, defaultOffset, p, nil
+		}
+		r2 := unicodeToRune(s.buf[s.cursor+defaultOffset+2 : s.cursor+surrogateOffset])
+		if r := utf16.DecodeRune(r, r2); r != unicode.ReplacementChar {
+			return r, surrogateOffset, p, nil
+		}
+	}
+	return r, defaultOffset, p, nil
+}
+
+func decodeUnicode(s *Stream, p unsafe.Pointer) (unsafe.Pointer, error) {
+	const backSlashAndULen = 2 // length of \u
+
+	r, offset, pp, err := decodeUnicodeRune(s, p)
+	if err != nil {
+		return nil, err
+	}
+	unicode := []byte(string(r))
+	unicodeLen := int64(len(unicode))
+	s.buf = append(append(s.buf[:s.cursor-1], unicode...), s.buf[s.cursor+offset:]...)
+	unicodeOrgLen := offset - 1
+	s.length = s.length - (backSlashAndULen + (unicodeOrgLen - unicodeLen))
+	s.cursor = s.cursor - backSlashAndULen + unicodeLen
+	return pp, nil
+}
+
+func decodeEscapeString(s *Stream, p unsafe.Pointer) (unsafe.Pointer, error) {
+	s.cursor++
+RETRY:
+	switch s.buf[s.cursor] {
+	case '"':
+		s.buf[s.cursor] = '"'
+	case '\\':
+		s.buf[s.cursor] = '\\'
+	case '/':
+		s.buf[s.cursor] = '/'
+	case 'b':
+		s.buf[s.cursor] = '\b'
+	case 'f':
+		s.buf[s.cursor] = '\f'
+	case 'n':
+		s.buf[s.cursor] = '\n'
+	case 'r':
+		s.buf[s.cursor] = '\r'
+	case 't':
+		s.buf[s.cursor] = '\t'
+	case 'u':
+		return decodeUnicode(s, p)
+	case nul:
+		if !s.read() {
+			return nil, errors.ErrInvalidCharacter(s.char(), "escaped string", s.totalOffset())
+		}
+		p = s.bufptr()
+		goto RETRY
+	default:
+		return nil, errors.ErrUnexpectedEndOfJSON("string", s.totalOffset())
+	}
+	s.buf = append(s.buf[:s.cursor-1], s.buf[s.cursor:]...)
+	s.length--
+	s.cursor--
+	p = s.bufptr()
+	return p, nil
+}
+
+var (
+	runeErrBytes    = []byte(string(utf8.RuneError))
+	runeErrBytesLen = int64(len(runeErrBytes))
+)
+
+func stringBytes(s *Stream) ([]byte, error) {
+	_, cursor, p := s.stat()
+	cursor++ // skip double quote char
+	start := cursor
+	for {
+		switch char(p, cursor) {
+		case '\\':
+			s.cursor = cursor
+			pp, err := decodeEscapeString(s, p)
+			if err != nil {
+				return nil, err
+			}
+			p = pp
+			cursor = s.cursor
+		case '"':
+			literal := s.buf[start:cursor]
+			cursor++
+			s.cursor = cursor
+			return literal, nil
+		case
+			// 0x00 is nul, 0x5c is '\\', 0x22 is '"' .
+			0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, // 0x00-0x0F
+			0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, // 0x10-0x1F
+			0x20, 0x21 /*0x22,*/, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, 0x2D, 0x2E, 0x2F, // 0x20-0x2F
+			0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x3B, 0x3C, 0x3D, 0x3E, 0x3F, // 0x30-0x3F
+			0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48, 0x49, 0x4A, 0x4B, 0x4C, 0x4D, 0x4E, 0x4F, // 0x40-0x4F
+			0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, 0x58, 0x59, 0x5A, 0x5B /*0x5C,*/, 0x5D, 0x5E, 0x5F, // 0x50-0x5F
+			0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6A, 0x6B, 0x6C, 0x6D, 0x6E, 0x6F, // 0x60-0x6F
+			0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7A, 0x7B, 0x7C, 0x7D, 0x7E, 0x7F: // 0x70-0x7F
+			// character is ASCII. skip to next char
+		case
+			0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8A, 0x8B, 0x8C, 0x8D, 0x8E, 0x8F, // 0x80-0x8F
+			0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, 0x98, 0x99, 0x9A, 0x9B, 0x9C, 0x9D, 0x9E, 0x9F, // 0x90-0x9F
+			0xA0, 0xA1, 0xA2, 0xA3, 0xA4, 0xA5, 0xA6, 0xA7, 0xA8, 0xA9, 0xAA, 0xAB, 0xAC, 0xAD, 0xAE, 0xAF, // 0xA0-0xAF
+			0xB0, 0xB1, 0xB2, 0xB3, 0xB4, 0xB5, 0xB6, 0xB7, 0xB8, 0xB9, 0xBA, 0xBB, 0xBC, 0xBD, 0xBE, 0xBF, // 0xB0-0xBF
+			0xC0, 0xC1, // 0xC0-0xC1
+			0xF5, 0xF6, 0xF7, 0xF8, 0xF9, 0xFA, 0xFB, 0xFC, 0xFD, 0xFE, 0xFF: // 0xF5-0xFE
+			// character is invalid
+			s.buf = append(append(append([]byte{}, s.buf[:cursor]...), runeErrBytes...), s.buf[cursor+1:]...)
+			_, _, p = s.stat()
+			cursor += runeErrBytesLen
+			s.length += runeErrBytesLen
+			continue
+		case nul:
+			s.cursor = cursor
+			if s.read() {
+				_, cursor, p = s.stat()
+				continue
+			}
+			goto ERROR
+		case 0xEF:
+			// RuneError is {0xEF, 0xBF, 0xBD}
+			if s.buf[cursor+1] == 0xBF && s.buf[cursor+2] == 0xBD {
+				// found RuneError: skip
+				cursor += 2
+				break
+			}
+			fallthrough
+		default:
+			// multi bytes character
+			if !utf8.FullRune(s.buf[cursor : len(s.buf)-1]) {
+				s.cursor = cursor
+				if s.read() {
+					_, cursor, p = s.stat()
+					continue
+				}
+				goto ERROR
+			}
+			r, size := utf8.DecodeRune(s.buf[cursor:])
+			if r == utf8.RuneError {
+				s.buf = append(append(append([]byte{}, s.buf[:cursor]...), runeErrBytes...), s.buf[cursor+1:]...)
+				cursor += runeErrBytesLen
+				s.length += runeErrBytesLen
+				_, _, p = s.stat()
+			} else {
+				cursor += int64(size)
+			}
+			continue
+		}
+		cursor++
+	}
+ERROR:
+	return nil, errors.ErrUnexpectedEndOfJSON("string", s.totalOffset())
+}
+
+func (d *stringDecoder) decodeStreamByte(s *Stream) ([]byte, error) {
+	for {
+		switch s.char() {
+		case ' ', '\n', '\t', '\r':
+			s.cursor++
+			continue
+		case '[':
+			return nil, d.errUnmarshalType("array", s.totalOffset())
+		case '{':
+			return nil, d.errUnmarshalType("object", s.totalOffset())
+		case '-', '0', '1', '2', '3', '4', '5', '6', '7', '8', '9':
+			return nil, d.errUnmarshalType("number", s.totalOffset())
+		case '"':
+			return stringBytes(s)
+		case 'n':
+			if err := nullBytes(s); err != nil {
+				return nil, err
+			}
+			return nil, nil
+		case nul:
+			if s.read() {
+				continue
+			}
+		}
+		break
+	}
+	return nil, errors.ErrInvalidBeginningOfValue(s.char(), s.totalOffset())
+}
+
+func (d *stringDecoder) decodeByte(buf []byte, cursor int64) ([]byte, int64, error) {
+	for {
+		switch buf[cursor] {
+		case ' ', '\n', '\t', '\r':
+			cursor++
+		case '[':
+			return nil, 0, d.errUnmarshalType("array", cursor)
+		case '{':
+			return nil, 0, d.errUnmarshalType("object", cursor)
+		case '-', '0', '1', '2', '3', '4', '5', '6', '7', '8', '9':
+			return nil, 0, d.errUnmarshalType("number", cursor)
+		case '"':
+			cursor++
+			start := cursor
+			b := (*sliceHeader)(unsafe.Pointer(&buf)).data
+			escaped := 0
+			for {
+				switch char(b, cursor) {
+				case '\\':
+					escaped++
+					cursor++
+					switch char(b, cursor) {
+					case '"', '\\', '/', 'b', 'f', 'n', 'r', 't':
+						cursor++
+					case 'u':
+						buflen := int64(len(buf))
+						if cursor+5 >= buflen {
+							return nil, 0, errors.ErrUnexpectedEndOfJSON("escaped string", cursor)
+						}
+						for i := int64(1); i <= 4; i++ {
+							c := char(b, cursor+i)
+							if !(('0' <= c && c <= '9') || ('a' <= c && c <= 'f') || ('A' <= c && c <= 'F')) {
+								return nil, 0, errors.ErrSyntax(fmt.Sprintf("json: invalid character %c in \\u hexadecimal character escape", c), cursor+i)
+							}
+						}
+						cursor += 5
+					default:
+						return nil, 0, errors.ErrUnexpectedEndOfJSON("escaped string", cursor)
+					}
+					continue
+				case '"':
+					literal := buf[start:cursor]
+					if escaped > 0 {
+						literal = literal[:unescapeString(literal)]
+					}
+					cursor++
+					return literal, cursor, nil
+				case nul:
+					return nil, 0, errors.ErrUnexpectedEndOfJSON("string", cursor)
+				}
+				cursor++
+			}
+		case 'n':
+			if err := validateNull(buf, cursor); err != nil {
+				return nil, 0, err
+			}
+			cursor += 4
+			return nil, cursor, nil
+		default:
+			return nil, 0, errors.ErrInvalidBeginningOfValue(buf[cursor], cursor)
+		}
+	}
+}
+
+var unescapeMap = [256]byte{
+	'"':  '"',
+	'\\': '\\',
+	'/':  '/',
+	'b':  '\b',
+	'f':  '\f',
+	'n':  '\n',
+	'r':  '\r',
+	't':  '\t',
+}
+
+func unsafeAdd(ptr unsafe.Pointer, offset int) unsafe.Pointer {
+	return unsafe.Pointer(uintptr(ptr) + uintptr(offset))
+}
+
+func unescapeString(buf []byte) int {
+	p := (*sliceHeader)(unsafe.Pointer(&buf)).data
+	end := unsafeAdd(p, len(buf))
+	src := unsafeAdd(p, bytes.IndexByte(buf, '\\'))
+	dst := src
+	for src != end {
+		c := char(src, 0)
+		if c == '\\' {
+			escapeChar := char(src, 1)
+			if escapeChar != 'u' {
+				*(*byte)(dst) = unescapeMap[escapeChar]
+				src = unsafeAdd(src, 2)
+				dst = unsafeAdd(dst, 1)
+			} else {
+				v1 := hexToInt[char(src, 2)]
+				v2 := hexToInt[char(src, 3)]
+				v3 := hexToInt[char(src, 4)]
+				v4 := hexToInt[char(src, 5)]
+				code := rune((v1 << 12) | (v2 << 8) | (v3 << 4) | v4)
+				if code >= 0xd800 && code < 0xdc00 && uintptr(unsafeAdd(src, 11)) < uintptr(end) {
+					if char(src, 6) == '\\' && char(src, 7) == 'u' {
+						v1 := hexToInt[char(src, 8)]
+						v2 := hexToInt[char(src, 9)]
+						v3 := hexToInt[char(src, 10)]
+						v4 := hexToInt[char(src, 11)]
+						lo := rune((v1 << 12) | (v2 << 8) | (v3 << 4) | v4)
+						if lo >= 0xdc00 && lo < 0xe000 {
+							code = (code-0xd800)<<10 | (lo - 0xdc00) + 0x10000
+							src = unsafeAdd(src, 6)
+						}
+					}
+				}
+				var b [utf8.UTFMax]byte
+				n := utf8.EncodeRune(b[:], code)
+				switch n {
+				case 4:
+					*(*byte)(unsafeAdd(dst, 3)) = b[3]
+					fallthrough
+				case 3:
+					*(*byte)(unsafeAdd(dst, 2)) = b[2]
+					fallthrough
+				case 2:
+					*(*byte)(unsafeAdd(dst, 1)) = b[1]
+					fallthrough
+				case 1:
+					*(*byte)(unsafeAdd(dst, 0)) = b[0]
+				}
+				src = unsafeAdd(src, 6)
+				dst = unsafeAdd(dst, n)
+			}
+		} else {
+			*(*byte)(dst) = c
+			src = unsafeAdd(src, 1)
+			dst = unsafeAdd(dst, 1)
+		}
+	}
+	return int(uintptr(dst) - uintptr(p))
+}
diff --git a/vendor/github.com/goccy/go-json/internal/decoder/struct.go b/vendor/github.com/goccy/go-json/internal/decoder/struct.go
new file mode 100644
index 000000000..313da153b
--- /dev/null
+++ b/vendor/github.com/goccy/go-json/internal/decoder/struct.go
@@ -0,0 +1,845 @@
+package decoder
+
+import (
+	"fmt"
+	"math"
+	"math/bits"
+	"sort"
+	"strings"
+	"unicode"
+	"unicode/utf16"
+	"unsafe"
+
+	"github.com/goccy/go-json/internal/errors"
+)
+
+type structFieldSet struct {
+	dec         Decoder
+	offset      uintptr
+	isTaggedKey bool
+	fieldIdx    int
+	key         string
+	keyLen      int64
+	err         error
+}
+
+type structDecoder struct {
+	fieldMap           map[string]*structFieldSet
+	fieldUniqueNameNum int
+	stringDecoder      *stringDecoder
+	structName         string
+	fieldName          string
+	isTriedOptimize    bool
+	keyBitmapUint8     [][256]uint8
+	keyBitmapUint16    [][256]uint16
+	sortedFieldSets    []*structFieldSet
+	keyDecoder         func(*structDecoder, []byte, int64) (int64, *structFieldSet, error)
+	keyStreamDecoder   func(*structDecoder, *Stream) (*structFieldSet, string, error)
+}
+
+var (
+	largeToSmallTable [256]byte
+)
+
+func init() {
+	for i := 0; i < 256; i++ {
+		c := i
+		if 'A' <= c && c <= 'Z' {
+			c += 'a' - 'A'
+		}
+		largeToSmallTable[i] = byte(c)
+	}
+}
+
+func toASCIILower(s string) string {
+	b := []byte(s)
+	for i := range b {
+		b[i] = largeToSmallTable[b[i]]
+	}
+	return string(b)
+}
+
+func newStructDecoder(structName, fieldName string, fieldMap map[string]*structFieldSet) *structDecoder {
+	return &structDecoder{
+		fieldMap:         fieldMap,
+		stringDecoder:    newStringDecoder(structName, fieldName),
+		structName:       structName,
+		fieldName:        fieldName,
+		keyDecoder:       decodeKey,
+		keyStreamDecoder: decodeKeyStream,
+	}
+}
+
+const (
+	allowOptimizeMaxKeyLen   = 64
+	allowOptimizeMaxFieldLen = 16
+)
+
+func (d *structDecoder) tryOptimize() {
+	fieldUniqueNameMap := map[string]int{}
+	fieldIdx := -1
+	for k, v := range d.fieldMap {
+		lower := strings.ToLower(k)
+		idx, exists := fieldUniqueNameMap[lower]
+		if exists {
+			v.fieldIdx = idx
+		} else {
+			fieldIdx++
+			v.fieldIdx = fieldIdx
+		}
+		fieldUniqueNameMap[lower] = fieldIdx
+	}
+	d.fieldUniqueNameNum = len(fieldUniqueNameMap)
+
+	if d.isTriedOptimize {
+		return
+	}
+	fieldMap := map[string]*structFieldSet{}
+	conflicted := map[string]struct{}{}
+	for k, v := range d.fieldMap {
+		key := strings.ToLower(k)
+		if key != k {
+			if key != toASCIILower(k) {
+				d.isTriedOptimize = true
+				return
+			}
+			// already exists same key (e.g. Hello and HELLO has same lower case key
+			if _, exists := conflicted[key]; exists {
+				d.isTriedOptimize = true
+				return
+			}
+			conflicted[key] = struct{}{}
+		}
+		if field, exists := fieldMap[key]; exists {
+			if field != v {
+				d.isTriedOptimize = true
+				return
+			}
+		}
+		fieldMap[key] = v
+	}
+
+	if len(fieldMap) > allowOptimizeMaxFieldLen {
+		d.isTriedOptimize = true
+		return
+	}
+
+	var maxKeyLen int
+	sortedKeys := []string{}
+	for key := range fieldMap {
+		keyLen := len(key)
+		if keyLen > allowOptimizeMaxKeyLen {
+			d.isTriedOptimize = true
+			return
+		}
+		if maxKeyLen < keyLen {
+			maxKeyLen = keyLen
+		}
+		sortedKeys = append(sortedKeys, key)
+	}
+	sort.Strings(sortedKeys)
+
+	// By allocating one extra capacity than `maxKeyLen`,
+	// it is possible to avoid the process of comparing the index of the key with the length of the bitmap each time.
+	bitmapLen := maxKeyLen + 1
+	if len(sortedKeys) <= 8 {
+		keyBitmap := make([][256]uint8, bitmapLen)
+		for i, key := range sortedKeys {
+			for j := 0; j < len(key); j++ {
+				c := key[j]
+				keyBitmap[j][c] |= (1 << uint(i))
+			}
+			d.sortedFieldSets = append(d.sortedFieldSets, fieldMap[key])
+		}
+		d.keyBitmapUint8 = keyBitmap
+		d.keyDecoder = decodeKeyByBitmapUint8
+		d.keyStreamDecoder = decodeKeyByBitmapUint8Stream
+	} else {
+		keyBitmap := make([][256]uint16, bitmapLen)
+		for i, key := range sortedKeys {
+			for j := 0; j < len(key); j++ {
+				c := key[j]
+				keyBitmap[j][c] |= (1 << uint(i))
+			}
+			d.sortedFieldSets = append(d.sortedFieldSets, fieldMap[key])
+		}
+		d.keyBitmapUint16 = keyBitmap
+		d.keyDecoder = decodeKeyByBitmapUint16
+		d.keyStreamDecoder = decodeKeyByBitmapUint16Stream
+	}
+}
+
+// decode from '\uXXXX'
+func decodeKeyCharByUnicodeRune(buf []byte, cursor int64) ([]byte, int64, error) {
+	const defaultOffset = 4
+	const surrogateOffset = 6
+
+	if cursor+defaultOffset >= int64(len(buf)) {
+		return nil, 0, errors.ErrUnexpectedEndOfJSON("escaped string", cursor)
+	}
+
+	r := unicodeToRune(buf[cursor : cursor+defaultOffset])
+	if utf16.IsSurrogate(r) {
+		cursor += defaultOffset
+		if cursor+surrogateOffset >= int64(len(buf)) || buf[cursor] != '\\' || buf[cursor+1] != 'u' {
+			return []byte(string(unicode.ReplacementChar)), cursor + defaultOffset - 1, nil
+		}
+		cursor += 2
+		r2 := unicodeToRune(buf[cursor : cursor+defaultOffset])
+		if r := utf16.DecodeRune(r, r2); r != unicode.ReplacementChar {
+			return []byte(string(r)), cursor + defaultOffset - 1, nil
+		}
+	}
+	return []byte(string(r)), cursor + defaultOffset - 1, nil
+}
+
+func decodeKeyCharByEscapedChar(buf []byte, cursor int64) ([]byte, int64, error) {
+	c := buf[cursor]
+	cursor++
+	switch c {
+	case '"':
+		return []byte{'"'}, cursor, nil
+	case '\\':
+		return []byte{'\\'}, cursor, nil
+	case '/':
+		return []byte{'/'}, cursor, nil
+	case 'b':
+		return []byte{'\b'}, cursor, nil
+	case 'f':
+		return []byte{'\f'}, cursor, nil
+	case 'n':
+		return []byte{'\n'}, cursor, nil
+	case 'r':
+		return []byte{'\r'}, cursor, nil
+	case 't':
+		return []byte{'\t'}, cursor, nil
+	case 'u':
+		return decodeKeyCharByUnicodeRune(buf, cursor)
+	}
+	return nil, cursor, nil
+}
+
+func decodeKeyByBitmapUint8(d *structDecoder, buf []byte, cursor int64) (int64, *structFieldSet, error) {
+	var (
+		curBit uint8 = math.MaxUint8
+	)
+	b := (*sliceHeader)(unsafe.Pointer(&buf)).data
+	for {
+		switch char(b, cursor) {
+		case ' ', '\n', '\t', '\r':
+			cursor++
+		case '"':
+			cursor++
+			c := char(b, cursor)
+			switch c {
+			case '"':
+				cursor++
+				return cursor, nil, nil
+			case nul:
+				return 0, nil, errors.ErrUnexpectedEndOfJSON("string", cursor)
+			}
+			keyIdx := 0
+			bitmap := d.keyBitmapUint8
+			start := cursor
+			for {
+				c := char(b, cursor)
+				switch c {
+				case '"':
+					fieldSetIndex := bits.TrailingZeros8(curBit)
+					field := d.sortedFieldSets[fieldSetIndex]
+					keyLen := cursor - start
+					cursor++
+					if keyLen < field.keyLen {
+						// early match
+						return cursor, nil, nil
+					}
+					return cursor, field, nil
+				case nul:
+					return 0, nil, errors.ErrUnexpectedEndOfJSON("string", cursor)
+				case '\\':
+					cursor++
+					chars, nextCursor, err := decodeKeyCharByEscapedChar(buf, cursor)
+					if err != nil {
+						return 0, nil, err
+					}
+					for _, c := range chars {
+						curBit &= bitmap[keyIdx][largeToSmallTable[c]]
+						if curBit == 0 {
+							return decodeKeyNotFound(b, cursor)
+						}
+						keyIdx++
+					}
+					cursor = nextCursor
+				default:
+					curBit &= bitmap[keyIdx][largeToSmallTable[c]]
+					if curBit == 0 {
+						return decodeKeyNotFound(b, cursor)
+					}
+					keyIdx++
+				}
+				cursor++
+			}
+		default:
+			return cursor, nil, errors.ErrInvalidBeginningOfValue(char(b, cursor), cursor)
+		}
+	}
+}
+
+func decodeKeyByBitmapUint16(d *structDecoder, buf []byte, cursor int64) (int64, *structFieldSet, error) {
+	var (
+		curBit uint16 = math.MaxUint16
+	)
+	b := (*sliceHeader)(unsafe.Pointer(&buf)).data
+	for {
+		switch char(b, cursor) {
+		case ' ', '\n', '\t', '\r':
+			cursor++
+		case '"':
+			cursor++
+			c := char(b, cursor)
+			switch c {
+			case '"':
+				cursor++
+				return cursor, nil, nil
+			case nul:
+				return 0, nil, errors.ErrUnexpectedEndOfJSON("string", cursor)
+			}
+			keyIdx := 0
+			bitmap := d.keyBitmapUint16
+			start := cursor
+			for {
+				c := char(b, cursor)
+				switch c {
+				case '"':
+					fieldSetIndex := bits.TrailingZeros16(curBit)
+					field := d.sortedFieldSets[fieldSetIndex]
+					keyLen := cursor - start
+					cursor++
+					if keyLen < field.keyLen {
+						// early match
+						return cursor, nil, nil
+					}
+					return cursor, field, nil
+				case nul:
+					return 0, nil, errors.ErrUnexpectedEndOfJSON("string", cursor)
+				case '\\':
+					cursor++
+					chars, nextCursor, err := decodeKeyCharByEscapedChar(buf, cursor)
+					if err != nil {
+						return 0, nil, err
+					}
+					for _, c := range chars {
+						curBit &= bitmap[keyIdx][largeToSmallTable[c]]
+						if curBit == 0 {
+							return decodeKeyNotFound(b, cursor)
+						}
+						keyIdx++
+					}
+					cursor = nextCursor
+				default:
+					curBit &= bitmap[keyIdx][largeToSmallTable[c]]
+					if curBit == 0 {
+						return decodeKeyNotFound(b, cursor)
+					}
+					keyIdx++
+				}
+				cursor++
+			}
+		default:
+			return cursor, nil, errors.ErrInvalidBeginningOfValue(char(b, cursor), cursor)
+		}
+	}
+}
+
+func decodeKeyNotFound(b unsafe.Pointer, cursor int64) (int64, *structFieldSet, error) {
+	for {
+		cursor++
+		switch char(b, cursor) {
+		case '"':
+			cursor++
+			return cursor, nil, nil
+		case '\\':
+			cursor++
+			if char(b, cursor) == nul {
+				return 0, nil, errors.ErrUnexpectedEndOfJSON("string", cursor)
+			}
+		case nul:
+			return 0, nil, errors.ErrUnexpectedEndOfJSON("string", cursor)
+		}
+	}
+}
+
+func decodeKey(d *structDecoder, buf []byte, cursor int64) (int64, *structFieldSet, error) {
+	key, c, err := d.stringDecoder.decodeByte(buf, cursor)
+	if err != nil {
+		return 0, nil, err
+	}
+	cursor = c
+	k := *(*string)(unsafe.Pointer(&key))
+	field, exists := d.fieldMap[k]
+	if !exists {
+		return cursor, nil, nil
+	}
+	return cursor, field, nil
+}
+
+func decodeKeyByBitmapUint8Stream(d *structDecoder, s *Stream) (*structFieldSet, string, error) {
+	var (
+		curBit uint8 = math.MaxUint8
+	)
+	_, cursor, p := s.stat()
+	for {
+		switch char(p, cursor) {
+		case ' ', '\n', '\t', '\r':
+			cursor++
+		case nul:
+			s.cursor = cursor
+			if s.read() {
+				_, cursor, p = s.stat()
+				continue
+			}
+			return nil, "", errors.ErrInvalidBeginningOfValue(char(p, cursor), s.totalOffset())
+		case '"':
+			cursor++
+		FIRST_CHAR:
+			start := cursor
+			switch char(p, cursor) {
+			case '"':
+				cursor++
+				s.cursor = cursor
+				return nil, "", nil
+			case nul:
+				s.cursor = cursor
+				if s.read() {
+					_, cursor, p = s.stat()
+					goto FIRST_CHAR
+				}
+				return nil, "", errors.ErrUnexpectedEndOfJSON("string", s.totalOffset())
+			}
+			keyIdx := 0
+			bitmap := d.keyBitmapUint8
+			for {
+				c := char(p, cursor)
+				switch c {
+				case '"':
+					fieldSetIndex := bits.TrailingZeros8(curBit)
+					field := d.sortedFieldSets[fieldSetIndex]
+					keyLen := cursor - start
+					cursor++
+					s.cursor = cursor
+					if keyLen < field.keyLen {
+						// early match
+						return nil, field.key, nil
+					}
+					return field, field.key, nil
+				case nul:
+					s.cursor = cursor
+					if s.read() {
+						_, cursor, p = s.stat()
+						continue
+					}
+					return nil, "", errors.ErrUnexpectedEndOfJSON("string", s.totalOffset())
+				case '\\':
+					s.cursor = cursor + 1 // skip '\' char
+					chars, err := decodeKeyCharByEscapeCharStream(s)
+					if err != nil {
+						return nil, "", err
+					}
+					cursor = s.cursor
+					for _, c := range chars {
+						curBit &= bitmap[keyIdx][largeToSmallTable[c]]
+						if curBit == 0 {
+							s.cursor = cursor
+							return decodeKeyNotFoundStream(s, start)
+						}
+						keyIdx++
+					}
+				default:
+					curBit &= bitmap[keyIdx][largeToSmallTable[c]]
+					if curBit == 0 {
+						s.cursor = cursor
+						return decodeKeyNotFoundStream(s, start)
+					}
+					keyIdx++
+				}
+				cursor++
+			}
+		default:
+			return nil, "", errors.ErrInvalidBeginningOfValue(char(p, cursor), s.totalOffset())
+		}
+	}
+}
+
+func decodeKeyByBitmapUint16Stream(d *structDecoder, s *Stream) (*structFieldSet, string, error) {
+	var (
+		curBit uint16 = math.MaxUint16
+	)
+	_, cursor, p := s.stat()
+	for {
+		switch char(p, cursor) {
+		case ' ', '\n', '\t', '\r':
+			cursor++
+		case nul:
+			s.cursor = cursor
+			if s.read() {
+				_, cursor, p = s.stat()
+				continue
+			}
+			return nil, "", errors.ErrInvalidBeginningOfValue(char(p, cursor), s.totalOffset())
+		case '"':
+			cursor++
+		FIRST_CHAR:
+			start := cursor
+			switch char(p, cursor) {
+			case '"':
+				cursor++
+				s.cursor = cursor
+				return nil, "", nil
+			case nul:
+				s.cursor = cursor
+				if s.read() {
+					_, cursor, p = s.stat()
+					goto FIRST_CHAR
+				}
+				return nil, "", errors.ErrUnexpectedEndOfJSON("string", s.totalOffset())
+			}
+			keyIdx := 0
+			bitmap := d.keyBitmapUint16
+			for {
+				c := char(p, cursor)
+				switch c {
+				case '"':
+					fieldSetIndex := bits.TrailingZeros16(curBit)
+					field := d.sortedFieldSets[fieldSetIndex]
+					keyLen := cursor - start
+					cursor++
+					s.cursor = cursor
+					if keyLen < field.keyLen {
+						// early match
+						return nil, field.key, nil
+					}
+					return field, field.key, nil
+				case nul:
+					s.cursor = cursor
+					if s.read() {
+						_, cursor, p = s.stat()
+						continue
+					}
+					return nil, "", errors.ErrUnexpectedEndOfJSON("string", s.totalOffset())
+				case '\\':
+					s.cursor = cursor + 1 // skip '\' char
+					chars, err := decodeKeyCharByEscapeCharStream(s)
+					if err != nil {
+						return nil, "", err
+					}
+					cursor = s.cursor
+					for _, c := range chars {
+						curBit &= bitmap[keyIdx][largeToSmallTable[c]]
+						if curBit == 0 {
+							s.cursor = cursor
+							return decodeKeyNotFoundStream(s, start)
+						}
+						keyIdx++
+					}
+				default:
+					curBit &= bitmap[keyIdx][largeToSmallTable[c]]
+					if curBit == 0 {
+						s.cursor = cursor
+						return decodeKeyNotFoundStream(s, start)
+					}
+					keyIdx++
+				}
+				cursor++
+			}
+		default:
+			return nil, "", errors.ErrInvalidBeginningOfValue(char(p, cursor), s.totalOffset())
+		}
+	}
+}
+
+// decode from '\uXXXX'
+func decodeKeyCharByUnicodeRuneStream(s *Stream) ([]byte, error) {
+	const defaultOffset = 4
+	const surrogateOffset = 6
+
+	if s.cursor+defaultOffset >= s.length {
+		if !s.read() {
+			return nil, errors.ErrInvalidCharacter(s.char(), "escaped unicode char", s.totalOffset())
+		}
+	}
+
+	r := unicodeToRune(s.buf[s.cursor : s.cursor+defaultOffset])
+	if utf16.IsSurrogate(r) {
+		s.cursor += defaultOffset
+		if s.cursor+surrogateOffset >= s.length {
+			s.read()
+		}
+		if s.cursor+surrogateOffset >= s.length || s.buf[s.cursor] != '\\' || s.buf[s.cursor+1] != 'u' {
+			s.cursor += defaultOffset - 1
+			return []byte(string(unicode.ReplacementChar)), nil
+		}
+		r2 := unicodeToRune(s.buf[s.cursor+defaultOffset+2 : s.cursor+surrogateOffset])
+		if r := utf16.DecodeRune(r, r2); r != unicode.ReplacementChar {
+			s.cursor += defaultOffset - 1
+			return []byte(string(r)), nil
+		}
+	}
+	s.cursor += defaultOffset - 1
+	return []byte(string(r)), nil
+}
+
+func decodeKeyCharByEscapeCharStream(s *Stream) ([]byte, error) {
+	c := s.buf[s.cursor]
+	s.cursor++
+RETRY:
+	switch c {
+	case '"':
+		return []byte{'"'}, nil
+	case '\\':
+		return []byte{'\\'}, nil
+	case '/':
+		return []byte{'/'}, nil
+	case 'b':
+		return []byte{'\b'}, nil
+	case 'f':
+		return []byte{'\f'}, nil
+	case 'n':
+		return []byte{'\n'}, nil
+	case 'r':
+		return []byte{'\r'}, nil
+	case 't':
+		return []byte{'\t'}, nil
+	case 'u':
+		return decodeKeyCharByUnicodeRuneStream(s)
+	case nul:
+		if !s.read() {
+			return nil, errors.ErrInvalidCharacter(s.char(), "escaped char", s.totalOffset())
+		}
+		goto RETRY
+	default:
+		return nil, errors.ErrUnexpectedEndOfJSON("struct field", s.totalOffset())
+	}
+}
+
+func decodeKeyNotFoundStream(s *Stream, start int64) (*structFieldSet, string, error) {
+	buf, cursor, p := s.stat()
+	for {
+		cursor++
+		switch char(p, cursor) {
+		case '"':
+			b := buf[start:cursor]
+			key := *(*string)(unsafe.Pointer(&b))
+			cursor++
+			s.cursor = cursor
+			return nil, key, nil
+		case '\\':
+			cursor++
+			if char(p, cursor) == nul {
+				s.cursor = cursor
+				if !s.read() {
+					return nil, "", errors.ErrUnexpectedEndOfJSON("string", s.totalOffset())
+				}
+				buf, cursor, p = s.statForRetry()
+			}
+		case nul:
+			s.cursor = cursor
+			if !s.read() {
+				return nil, "", errors.ErrUnexpectedEndOfJSON("string", s.totalOffset())
+			}
+			buf, cursor, p = s.statForRetry()
+		}
+	}
+}
+
+func decodeKeyStream(d *structDecoder, s *Stream) (*structFieldSet, string, error) {
+	key, err := d.stringDecoder.decodeStreamByte(s)
+	if err != nil {
+		return nil, "", err
+	}
+	k := *(*string)(unsafe.Pointer(&key))
+	return d.fieldMap[k], k, nil
+}
+
+func (d *structDecoder) DecodeStream(s *Stream, depth int64, p unsafe.Pointer) error {
+	depth++
+	if depth > maxDecodeNestingDepth {
+		return errors.ErrExceededMaxDepth(s.char(), s.cursor)
+	}
+
+	c := s.skipWhiteSpace()
+	switch c {
+	case 'n':
+		if err := nullBytes(s); err != nil {
+			return err
+		}
+		return nil
+	default:
+		if s.char() != '{' {
+			return errors.ErrInvalidBeginningOfValue(s.char(), s.totalOffset())
+		}
+	}
+	s.cursor++
+	if s.skipWhiteSpace() == '}' {
+		s.cursor++
+		return nil
+	}
+	var (
+		seenFields   map[int]struct{}
+		seenFieldNum int
+	)
+	firstWin := (s.Option.Flags & FirstWinOption) != 0
+	if firstWin {
+		seenFields = make(map[int]struct{}, d.fieldUniqueNameNum)
+	}
+	for {
+		s.reset()
+		field, key, err := d.keyStreamDecoder(d, s)
+		if err != nil {
+			return err
+		}
+		if s.skipWhiteSpace() != ':' {
+			return errors.ErrExpected("colon after object key", s.totalOffset())
+		}
+		s.cursor++
+		if field != nil {
+			if field.err != nil {
+				return field.err
+			}
+			if firstWin {
+				if _, exists := seenFields[field.fieldIdx]; exists {
+					if err := s.skipValue(depth); err != nil {
+						return err
+					}
+				} else {
+					if err := field.dec.DecodeStream(s, depth, unsafe.Pointer(uintptr(p)+field.offset)); err != nil {
+						return err
+					}
+					seenFieldNum++
+					if d.fieldUniqueNameNum <= seenFieldNum {
+						return s.skipObject(depth)
+					}
+					seenFields[field.fieldIdx] = struct{}{}
+				}
+			} else {
+				if err := field.dec.DecodeStream(s, depth, unsafe.Pointer(uintptr(p)+field.offset)); err != nil {
+					return err
+				}
+			}
+		} else if s.DisallowUnknownFields {
+			return fmt.Errorf("json: unknown field %q", key)
+		} else {
+			if err := s.skipValue(depth); err != nil {
+				return err
+			}
+		}
+		c := s.skipWhiteSpace()
+		if c == '}' {
+			s.cursor++
+			return nil
+		}
+		if c != ',' {
+			return errors.ErrExpected("comma after object element", s.totalOffset())
+		}
+		s.cursor++
+	}
+}
+
+func (d *structDecoder) Decode(ctx *RuntimeContext, cursor, depth int64, p unsafe.Pointer) (int64, error) {
+	buf := ctx.Buf
+	depth++
+	if depth > maxDecodeNestingDepth {
+		return 0, errors.ErrExceededMaxDepth(buf[cursor], cursor)
+	}
+	buflen := int64(len(buf))
+	cursor = skipWhiteSpace(buf, cursor)
+	b := (*sliceHeader)(unsafe.Pointer(&buf)).data
+	switch char(b, cursor) {
+	case 'n':
+		if err := validateNull(buf, cursor); err != nil {
+			return 0, err
+		}
+		cursor += 4
+		return cursor, nil
+	case '{':
+	default:
+		return 0, errors.ErrInvalidBeginningOfValue(char(b, cursor), cursor)
+	}
+	cursor++
+	cursor = skipWhiteSpace(buf, cursor)
+	if buf[cursor] == '}' {
+		cursor++
+		return cursor, nil
+	}
+	var (
+		seenFields   map[int]struct{}
+		seenFieldNum int
+	)
+	firstWin := (ctx.Option.Flags & FirstWinOption) != 0
+	if firstWin {
+		seenFields = make(map[int]struct{}, d.fieldUniqueNameNum)
+	}
+	for {
+		c, field, err := d.keyDecoder(d, buf, cursor)
+		if err != nil {
+			return 0, err
+		}
+		cursor = skipWhiteSpace(buf, c)
+		if char(b, cursor) != ':' {
+			return 0, errors.ErrExpected("colon after object key", cursor)
+		}
+		cursor++
+		if cursor >= buflen {
+			return 0, errors.ErrExpected("object value after colon", cursor)
+		}
+		if field != nil {
+			if field.err != nil {
+				return 0, field.err
+			}
+			if firstWin {
+				if _, exists := seenFields[field.fieldIdx]; exists {
+					c, err := skipValue(buf, cursor, depth)
+					if err != nil {
+						return 0, err
+					}
+					cursor = c
+				} else {
+					c, err := field.dec.Decode(ctx, cursor, depth, unsafe.Pointer(uintptr(p)+field.offset))
+					if err != nil {
+						return 0, err
+					}
+					cursor = c
+					seenFieldNum++
+					if d.fieldUniqueNameNum <= seenFieldNum {
+						return skipObject(buf, cursor, depth)
+					}
+					seenFields[field.fieldIdx] = struct{}{}
+				}
+			} else {
+				c, err := field.dec.Decode(ctx, cursor, depth, unsafe.Pointer(uintptr(p)+field.offset))
+				if err != nil {
+					return 0, err
+				}
+				cursor = c
+			}
+		} else {
+			c, err := skipValue(buf, cursor, depth)
+			if err != nil {
+				return 0, err
+			}
+			cursor = c
+		}
+		cursor = skipWhiteSpace(buf, cursor)
+		if char(b, cursor) == '}' {
+			cursor++
+			return cursor, nil
+		}
+		if char(b, cursor) != ',' {
+			return 0, errors.ErrExpected("comma after object element", cursor)
+		}
+		cursor++
+	}
+}
+
+func (d *structDecoder) DecodePath(ctx *RuntimeContext, cursor, depth int64) ([][]byte, int64, error) {
+	return nil, 0, fmt.Errorf("json: struct decoder does not support decode path")
+}
diff --git a/vendor/github.com/goccy/go-json/internal/decoder/type.go b/vendor/github.com/goccy/go-json/internal/decoder/type.go
new file mode 100644
index 000000000..beaf3ab86
--- /dev/null
+++ b/vendor/github.com/goccy/go-json/internal/decoder/type.go
@@ -0,0 +1,30 @@
+package decoder
+
+import (
+	"context"
+	"encoding"
+	"encoding/json"
+	"reflect"
+	"unsafe"
+)
+
+type Decoder interface {
+	Decode(*RuntimeContext, int64, int64, unsafe.Pointer) (int64, error)
+	DecodePath(*RuntimeContext, int64, int64) ([][]byte, int64, error)
+	DecodeStream(*Stream, int64, unsafe.Pointer) error
+}
+
+const (
+	nul                   = '\000'
+	maxDecodeNestingDepth = 10000
+)
+
+type unmarshalerContext interface {
+	UnmarshalJSON(context.Context, []byte) error
+}
+
+var (
+	unmarshalJSONType        = reflect.TypeOf((*json.Unmarshaler)(nil)).Elem()
+	unmarshalJSONContextType = reflect.TypeOf((*unmarshalerContext)(nil)).Elem()
+	unmarshalTextType        = reflect.TypeOf((*encoding.TextUnmarshaler)(nil)).Elem()
+)
diff --git a/vendor/github.com/goccy/go-json/internal/decoder/uint.go b/vendor/github.com/goccy/go-json/internal/decoder/uint.go
new file mode 100644
index 000000000..4131731b8
--- /dev/null
+++ b/vendor/github.com/goccy/go-json/internal/decoder/uint.go
@@ -0,0 +1,194 @@
+package decoder
+
+import (
+	"fmt"
+	"reflect"
+	"unsafe"
+
+	"github.com/goccy/go-json/internal/errors"
+	"github.com/goccy/go-json/internal/runtime"
+)
+
+type uintDecoder struct {
+	typ        *runtime.Type
+	kind       reflect.Kind
+	op         func(unsafe.Pointer, uint64)
+	structName string
+	fieldName  string
+}
+
+func newUintDecoder(typ *runtime.Type, structName, fieldName string, op func(unsafe.Pointer, uint64)) *uintDecoder {
+	return &uintDecoder{
+		typ:        typ,
+		kind:       typ.Kind(),
+		op:         op,
+		structName: structName,
+		fieldName:  fieldName,
+	}
+}
+
+func (d *uintDecoder) typeError(buf []byte, offset int64) *errors.UnmarshalTypeError {
+	return &errors.UnmarshalTypeError{
+		Value:  fmt.Sprintf("number %s", string(buf)),
+		Type:   runtime.RType2Type(d.typ),
+		Offset: offset,
+	}
+}
+
+var (
+	pow10u64 = [...]uint64{
+		1e00, 1e01, 1e02, 1e03, 1e04, 1e05, 1e06, 1e07, 1e08, 1e09,
+		1e10, 1e11, 1e12, 1e13, 1e14, 1e15, 1e16, 1e17, 1e18, 1e19,
+	}
+	pow10u64Len = len(pow10u64)
+)
+
+func (d *uintDecoder) parseUint(b []byte) (uint64, error) {
+	maxDigit := len(b)
+	if maxDigit > pow10u64Len {
+		return 0, fmt.Errorf("invalid length of number")
+	}
+	sum := uint64(0)
+	for i := 0; i < maxDigit; i++ {
+		c := uint64(b[i]) - 48
+		digitValue := pow10u64[maxDigit-i-1]
+		sum += c * digitValue
+	}
+	return sum, nil
+}
+
+func (d *uintDecoder) decodeStreamByte(s *Stream) ([]byte, error) {
+	for {
+		switch s.char() {
+		case ' ', '\n', '\t', '\r':
+			s.cursor++
+			continue
+		case '0':
+			s.cursor++
+			return numZeroBuf, nil
+		case '1', '2', '3', '4', '5', '6', '7', '8', '9':
+			start := s.cursor
+			for {
+				s.cursor++
+				if numTable[s.char()] {
+					continue
+				} else if s.char() == nul {
+					if s.read() {
+						s.cursor-- // for retry current character
+						continue
+					}
+				}
+				break
+			}
+			num := s.buf[start:s.cursor]
+			return num, nil
+		case 'n':
+			if err := nullBytes(s); err != nil {
+				return nil, err
+			}
+			return nil, nil
+		case nul:
+			if s.read() {
+				continue
+			}
+		default:
+			return nil, d.typeError([]byte{s.char()}, s.totalOffset())
+		}
+		break
+	}
+	return nil, errors.ErrUnexpectedEndOfJSON("number(unsigned integer)", s.totalOffset())
+}
+
+func (d *uintDecoder) decodeByte(buf []byte, cursor int64) ([]byte, int64, error) {
+	for {
+		switch buf[cursor] {
+		case ' ', '\n', '\t', '\r':
+			cursor++
+			continue
+		case '0':
+			cursor++
+			return numZeroBuf, cursor, nil
+		case '1', '2', '3', '4', '5', '6', '7', '8', '9':
+			start := cursor
+			cursor++
+			for numTable[buf[cursor]] {
+				cursor++
+			}
+			num := buf[start:cursor]
+			return num, cursor, nil
+		case 'n':
+			if err := validateNull(buf, cursor); err != nil {
+				return nil, 0, err
+			}
+			cursor += 4
+			return nil, cursor, nil
+		default:
+			return nil, 0, d.typeError([]byte{buf[cursor]}, cursor)
+		}
+	}
+}
+
+func (d *uintDecoder) DecodeStream(s *Stream, depth int64, p unsafe.Pointer) error {
+	bytes, err := d.decodeStreamByte(s)
+	if err != nil {
+		return err
+	}
+	if bytes == nil {
+		return nil
+	}
+	u64, err := d.parseUint(bytes)
+	if err != nil {
+		return d.typeError(bytes, s.totalOffset())
+	}
+	switch d.kind {
+	case reflect.Uint8:
+		if (1 << 8) <= u64 {
+			return d.typeError(bytes, s.totalOffset())
+		}
+	case reflect.Uint16:
+		if (1 << 16) <= u64 {
+			return d.typeError(bytes, s.totalOffset())
+		}
+	case reflect.Uint32:
+		if (1 << 32) <= u64 {
+			return d.typeError(bytes, s.totalOffset())
+		}
+	}
+	d.op(p, u64)
+	return nil
+}
+
+func (d *uintDecoder) Decode(ctx *RuntimeContext, cursor, depth int64, p unsafe.Pointer) (int64, error) {
+	bytes, c, err := d.decodeByte(ctx.Buf, cursor)
+	if err != nil {
+		return 0, err
+	}
+	if bytes == nil {
+		return c, nil
+	}
+	cursor = c
+	u64, err := d.parseUint(bytes)
+	if err != nil {
+		return 0, d.typeError(bytes, cursor)
+	}
+	switch d.kind {
+	case reflect.Uint8:
+		if (1 << 8) <= u64 {
+			return 0, d.typeError(bytes, cursor)
+		}
+	case reflect.Uint16:
+		if (1 << 16) <= u64 {
+			return 0, d.typeError(bytes, cursor)
+		}
+	case reflect.Uint32:
+		if (1 << 32) <= u64 {
+			return 0, d.typeError(bytes, cursor)
+		}
+	}
+	d.op(p, u64)
+	return cursor, nil
+}
+
+func (d *uintDecoder) DecodePath(ctx *RuntimeContext, cursor, depth int64) ([][]byte, int64, error) {
+	return nil, 0, fmt.Errorf("json: uint decoder does not support decode path")
+}
diff --git a/vendor/github.com/goccy/go-json/internal/decoder/unmarshal_json.go b/vendor/github.com/goccy/go-json/internal/decoder/unmarshal_json.go
new file mode 100644
index 000000000..4cd6dbd57
--- /dev/null
+++ b/vendor/github.com/goccy/go-json/internal/decoder/unmarshal_json.go
@@ -0,0 +1,104 @@
+package decoder
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"unsafe"
+
+	"github.com/goccy/go-json/internal/errors"
+	"github.com/goccy/go-json/internal/runtime"
+)
+
+type unmarshalJSONDecoder struct {
+	typ        *runtime.Type
+	structName string
+	fieldName  string
+}
+
+func newUnmarshalJSONDecoder(typ *runtime.Type, structName, fieldName string) *unmarshalJSONDecoder {
+	return &unmarshalJSONDecoder{
+		typ:        typ,
+		structName: structName,
+		fieldName:  fieldName,
+	}
+}
+
+func (d *unmarshalJSONDecoder) annotateError(cursor int64, err error) {
+	switch e := err.(type) {
+	case *errors.UnmarshalTypeError:
+		e.Struct = d.structName
+		e.Field = d.fieldName
+	case *errors.SyntaxError:
+		e.Offset = cursor
+	}
+}
+
+func (d *unmarshalJSONDecoder) DecodeStream(s *Stream, depth int64, p unsafe.Pointer) error {
+	s.skipWhiteSpace()
+	start := s.cursor
+	if err := s.skipValue(depth); err != nil {
+		return err
+	}
+	src := s.buf[start:s.cursor]
+	dst := make([]byte, len(src))
+	copy(dst, src)
+
+	v := *(*interface{})(unsafe.Pointer(&emptyInterface{
+		typ: d.typ,
+		ptr: p,
+	}))
+	switch v := v.(type) {
+	case unmarshalerContext:
+		var ctx context.Context
+		if (s.Option.Flags & ContextOption) != 0 {
+			ctx = s.Option.Context
+		} else {
+			ctx = context.Background()
+		}
+		if err := v.UnmarshalJSON(ctx, dst); err != nil {
+			d.annotateError(s.cursor, err)
+			return err
+		}
+	case json.Unmarshaler:
+		if err := v.UnmarshalJSON(dst); err != nil {
+			d.annotateError(s.cursor, err)
+			return err
+		}
+	}
+	return nil
+}
+
+func (d *unmarshalJSONDecoder) Decode(ctx *RuntimeContext, cursor, depth int64, p unsafe.Pointer) (int64, error) {
+	buf := ctx.Buf
+	cursor = skipWhiteSpace(buf, cursor)
+	start := cursor
+	end, err := skipValue(buf, cursor, depth)
+	if err != nil {
+		return 0, err
+	}
+	src := buf[start:end]
+	dst := make([]byte, len(src))
+	copy(dst, src)
+
+	v := *(*interface{})(unsafe.Pointer(&emptyInterface{
+		typ: d.typ,
+		ptr: p,
+	}))
+	if (ctx.Option.Flags & ContextOption) != 0 {
+		if err := v.(unmarshalerContext).UnmarshalJSON(ctx.Option.Context, dst); err != nil {
+			d.annotateError(cursor, err)
+			return 0, err
+		}
+	} else {
+		if err := v.(json.Unmarshaler).UnmarshalJSON(dst); err != nil {
+			d.annotateError(cursor, err)
+			return 0, err
+		}
+	}
+	return end, nil
+}
+
+func (d *unmarshalJSONDecoder) DecodePath(ctx *RuntimeContext, cursor, depth int64) ([][]byte, int64, error) {
+	return nil, 0, fmt.Errorf("json: unmarshal json decoder does not support decode path")
+}
diff --git a/vendor/github.com/goccy/go-json/internal/decoder/unmarshal_text.go b/vendor/github.com/goccy/go-json/internal/decoder/unmarshal_text.go
new file mode 100644
index 000000000..6d37993f0
--- /dev/null
+++ b/vendor/github.com/goccy/go-json/internal/decoder/unmarshal_text.go
@@ -0,0 +1,285 @@
+package decoder
+
+import (
+	"bytes"
+	"encoding"
+	"fmt"
+	"unicode"
+	"unicode/utf16"
+	"unicode/utf8"
+	"unsafe"
+
+	"github.com/goccy/go-json/internal/errors"
+	"github.com/goccy/go-json/internal/runtime"
+)
+
+type unmarshalTextDecoder struct {
+	typ        *runtime.Type
+	structName string
+	fieldName  string
+}
+
+func newUnmarshalTextDecoder(typ *runtime.Type, structName, fieldName string) *unmarshalTextDecoder {
+	return &unmarshalTextDecoder{
+		typ:        typ,
+		structName: structName,
+		fieldName:  fieldName,
+	}
+}
+
+func (d *unmarshalTextDecoder) annotateError(cursor int64, err error) {
+	switch e := err.(type) {
+	case *errors.UnmarshalTypeError:
+		e.Struct = d.structName
+		e.Field = d.fieldName
+	case *errors.SyntaxError:
+		e.Offset = cursor
+	}
+}
+
+var (
+	nullbytes = []byte(`null`)
+)
+
+func (d *unmarshalTextDecoder) DecodeStream(s *Stream, depth int64, p unsafe.Pointer) error {
+	s.skipWhiteSpace()
+	start := s.cursor
+	if err := s.skipValue(depth); err != nil {
+		return err
+	}
+	src := s.buf[start:s.cursor]
+	if len(src) > 0 {
+		switch src[0] {
+		case '[':
+			return &errors.UnmarshalTypeError{
+				Value:  "array",
+				Type:   runtime.RType2Type(d.typ),
+				Offset: s.totalOffset(),
+			}
+		case '{':
+			return &errors.UnmarshalTypeError{
+				Value:  "object",
+				Type:   runtime.RType2Type(d.typ),
+				Offset: s.totalOffset(),
+			}
+		case '-', '0', '1', '2', '3', '4', '5', '6', '7', '8', '9':
+			return &errors.UnmarshalTypeError{
+				Value:  "number",
+				Type:   runtime.RType2Type(d.typ),
+				Offset: s.totalOffset(),
+			}
+		case 'n':
+			if bytes.Equal(src, nullbytes) {
+				*(*unsafe.Pointer)(p) = nil
+				return nil
+			}
+		}
+	}
+	dst := make([]byte, len(src))
+	copy(dst, src)
+
+	if b, ok := unquoteBytes(dst); ok {
+		dst = b
+	}
+	v := *(*interface{})(unsafe.Pointer(&emptyInterface{
+		typ: d.typ,
+		ptr: p,
+	}))
+	if err := v.(encoding.TextUnmarshaler).UnmarshalText(dst); err != nil {
+		d.annotateError(s.cursor, err)
+		return err
+	}
+	return nil
+}
+
+func (d *unmarshalTextDecoder) Decode(ctx *RuntimeContext, cursor, depth int64, p unsafe.Pointer) (int64, error) {
+	buf := ctx.Buf
+	cursor = skipWhiteSpace(buf, cursor)
+	start := cursor
+	end, err := skipValue(buf, cursor, depth)
+	if err != nil {
+		return 0, err
+	}
+	src := buf[start:end]
+	if len(src) > 0 {
+		switch src[0] {
+		case '[':
+			return 0, &errors.UnmarshalTypeError{
+				Value:  "array",
+				Type:   runtime.RType2Type(d.typ),
+				Offset: start,
+			}
+		case '{':
+			return 0, &errors.UnmarshalTypeError{
+				Value:  "object",
+				Type:   runtime.RType2Type(d.typ),
+				Offset: start,
+			}
+		case '-', '0', '1', '2', '3', '4', '5', '6', '7', '8', '9':
+			return 0, &errors.UnmarshalTypeError{
+				Value:  "number",
+				Type:   runtime.RType2Type(d.typ),
+				Offset: start,
+			}
+		case 'n':
+			if bytes.Equal(src, nullbytes) {
+				*(*unsafe.Pointer)(p) = nil
+				return end, nil
+			}
+		}
+	}
+
+	if s, ok := unquoteBytes(src); ok {
+		src = s
+	}
+	v := *(*interface{})(unsafe.Pointer(&emptyInterface{
+		typ: d.typ,
+		ptr: *(*unsafe.Pointer)(unsafe.Pointer(&p)),
+	}))
+	if err := v.(encoding.TextUnmarshaler).UnmarshalText(src); err != nil {
+		d.annotateError(cursor, err)
+		return 0, err
+	}
+	return end, nil
+}
+
+func (d *unmarshalTextDecoder) DecodePath(ctx *RuntimeContext, cursor, depth int64) ([][]byte, int64, error) {
+	return nil, 0, fmt.Errorf("json: unmarshal text decoder does not support decode path")
+}
+
+func unquoteBytes(s []byte) (t []byte, ok bool) {
+	length := len(s)
+	if length < 2 || s[0] != '"' || s[length-1] != '"' {
+		return
+	}
+	s = s[1 : length-1]
+	length -= 2
+
+	// Check for unusual characters. If there are none,
+	// then no unquoting is needed, so return a slice of the
+	// original bytes.
+	r := 0
+	for r < length {
+		c := s[r]
+		if c == '\\' || c == '"' || c < ' ' {
+			break
+		}
+		if c < utf8.RuneSelf {
+			r++
+			continue
+		}
+		rr, size := utf8.DecodeRune(s[r:])
+		if rr == utf8.RuneError && size == 1 {
+			break
+		}
+		r += size
+	}
+	if r == length {
+		return s, true
+	}
+
+	b := make([]byte, length+2*utf8.UTFMax)
+	w := copy(b, s[0:r])
+	for r < length {
+		// Out of room? Can only happen if s is full of
+		// malformed UTF-8 and we're replacing each
+		// byte with RuneError.
+		if w >= len(b)-2*utf8.UTFMax {
+			nb := make([]byte, (len(b)+utf8.UTFMax)*2)
+			copy(nb, b[0:w])
+			b = nb
+		}
+		switch c := s[r]; {
+		case c == '\\':
+			r++
+			if r >= length {
+				return
+			}
+			switch s[r] {
+			default:
+				return
+			case '"', '\\', '/', '\'':
+				b[w] = s[r]
+				r++
+				w++
+			case 'b':
+				b[w] = '\b'
+				r++
+				w++
+			case 'f':
+				b[w] = '\f'
+				r++
+				w++
+			case 'n':
+				b[w] = '\n'
+				r++
+				w++
+			case 'r':
+				b[w] = '\r'
+				r++
+				w++
+			case 't':
+				b[w] = '\t'
+				r++
+				w++
+			case 'u':
+				r--
+				rr := getu4(s[r:])
+				if rr < 0 {
+					return
+				}
+				r += 6
+				if utf16.IsSurrogate(rr) {
+					rr1 := getu4(s[r:])
+					if dec := utf16.DecodeRune(rr, rr1); dec != unicode.ReplacementChar {
+						// A valid pair; consume.
+						r += 6
+						w += utf8.EncodeRune(b[w:], dec)
+						break
+					}
+					// Invalid surrogate; fall back to replacement rune.
+					rr = unicode.ReplacementChar
+				}
+				w += utf8.EncodeRune(b[w:], rr)
+			}
+
+		// Quote, control characters are invalid.
+		case c == '"', c < ' ':
+			return
+
+		// ASCII
+		case c < utf8.RuneSelf:
+			b[w] = c
+			r++
+			w++
+
+		// Coerce to well-formed UTF-8.
+		default:
+			rr, size := utf8.DecodeRune(s[r:])
+			r += size
+			w += utf8.EncodeRune(b[w:], rr)
+		}
+	}
+	return b[0:w], true
+}
+
+func getu4(s []byte) rune {
+	if len(s) < 6 || s[0] != '\\' || s[1] != 'u' {
+		return -1
+	}
+	var r rune
+	for _, c := range s[2:6] {
+		switch {
+		case '0' <= c && c <= '9':
+			c = c - '0'
+		case 'a' <= c && c <= 'f':
+			c = c - 'a' + 10
+		case 'A' <= c && c <= 'F':
+			c = c - 'A' + 10
+		default:
+			return -1
+		}
+		r = r*16 + rune(c)
+	}
+	return r
+}
diff --git a/vendor/github.com/goccy/go-json/internal/decoder/wrapped_string.go b/vendor/github.com/goccy/go-json/internal/decoder/wrapped_string.go
new file mode 100644
index 000000000..0c4e2e6ea
--- /dev/null
+++ b/vendor/github.com/goccy/go-json/internal/decoder/wrapped_string.go
@@ -0,0 +1,73 @@
+package decoder
+
+import (
+	"fmt"
+	"reflect"
+	"unsafe"
+
+	"github.com/goccy/go-json/internal/runtime"
+)
+
+type wrappedStringDecoder struct {
+	typ           *runtime.Type
+	dec           Decoder
+	stringDecoder *stringDecoder
+	structName    string
+	fieldName     string
+	isPtrType     bool
+}
+
+func newWrappedStringDecoder(typ *runtime.Type, dec Decoder, structName, fieldName string) *wrappedStringDecoder {
+	return &wrappedStringDecoder{
+		typ:           typ,
+		dec:           dec,
+		stringDecoder: newStringDecoder(structName, fieldName),
+		structName:    structName,
+		fieldName:     fieldName,
+		isPtrType:     typ.Kind() == reflect.Ptr,
+	}
+}
+
+func (d *wrappedStringDecoder) DecodeStream(s *Stream, depth int64, p unsafe.Pointer) error {
+	bytes, err := d.stringDecoder.decodeStreamByte(s)
+	if err != nil {
+		return err
+	}
+	if bytes == nil {
+		if d.isPtrType {
+			*(*unsafe.Pointer)(p) = nil
+		}
+		return nil
+	}
+	b := make([]byte, len(bytes)+1)
+	copy(b, bytes)
+	if _, err := d.dec.Decode(&RuntimeContext{Buf: b}, 0, depth, p); err != nil {
+		return err
+	}
+	return nil
+}
+
+func (d *wrappedStringDecoder) Decode(ctx *RuntimeContext, cursor, depth int64, p unsafe.Pointer) (int64, error) {
+	bytes, c, err := d.stringDecoder.decodeByte(ctx.Buf, cursor)
+	if err != nil {
+		return 0, err
+	}
+	if bytes == nil {
+		if d.isPtrType {
+			*(*unsafe.Pointer)(p) = nil
+		}
+		return c, nil
+	}
+	bytes = append(bytes, nul)
+	oldBuf := ctx.Buf
+	ctx.Buf = bytes
+	if _, err := d.dec.Decode(ctx, 0, depth, p); err != nil {
+		return 0, err
+	}
+	ctx.Buf = oldBuf
+	return c, nil
+}
+
+func (d *wrappedStringDecoder) DecodePath(ctx *RuntimeContext, cursor, depth int64) ([][]byte, int64, error) {
+	return nil, 0, fmt.Errorf("json: wrapped string decoder does not support decode path")
+}
diff --git a/vendor/github.com/goccy/go-json/internal/encoder/code.go b/vendor/github.com/goccy/go-json/internal/encoder/code.go
new file mode 100644
index 000000000..5b08faefc
--- /dev/null
+++ b/vendor/github.com/goccy/go-json/internal/encoder/code.go
@@ -0,0 +1,1023 @@
+package encoder
+
+import (
+	"fmt"
+	"reflect"
+	"unsafe"
+
+	"github.com/goccy/go-json/internal/runtime"
+)
+
+type Code interface {
+	Kind() CodeKind
+	ToOpcode(*compileContext) Opcodes
+	Filter(*FieldQuery) Code
+}
+
+type AnonymousCode interface {
+	ToAnonymousOpcode(*compileContext) Opcodes
+}
+
+type Opcodes []*Opcode
+
+func (o Opcodes) First() *Opcode {
+	if len(o) == 0 {
+		return nil
+	}
+	return o[0]
+}
+
+func (o Opcodes) Last() *Opcode {
+	if len(o) == 0 {
+		return nil
+	}
+	return o[len(o)-1]
+}
+
+func (o Opcodes) Add(codes ...*Opcode) Opcodes {
+	return append(o, codes...)
+}
+
+type CodeKind int
+
+const (
+	CodeKindInterface CodeKind = iota
+	CodeKindPtr
+	CodeKindInt
+	CodeKindUint
+	CodeKindFloat
+	CodeKindString
+	CodeKindBool
+	CodeKindStruct
+	CodeKindMap
+	CodeKindSlice
+	CodeKindArray
+	CodeKindBytes
+	CodeKindMarshalJSON
+	CodeKindMarshalText
+	CodeKindRecursive
+)
+
+type IntCode struct {
+	typ      *runtime.Type
+	bitSize  uint8
+	isString bool
+	isPtr    bool
+}
+
+func (c *IntCode) Kind() CodeKind {
+	return CodeKindInt
+}
+
+func (c *IntCode) ToOpcode(ctx *compileContext) Opcodes {
+	var code *Opcode
+	switch {
+	case c.isPtr:
+		code = newOpCode(ctx, c.typ, OpIntPtr)
+	case c.isString:
+		code = newOpCode(ctx, c.typ, OpIntString)
+	default:
+		code = newOpCode(ctx, c.typ, OpInt)
+	}
+	code.NumBitSize = c.bitSize
+	ctx.incIndex()
+	return Opcodes{code}
+}
+
+func (c *IntCode) Filter(_ *FieldQuery) Code {
+	return c
+}
+
+type UintCode struct {
+	typ      *runtime.Type
+	bitSize  uint8
+	isString bool
+	isPtr    bool
+}
+
+func (c *UintCode) Kind() CodeKind {
+	return CodeKindUint
+}
+
+func (c *UintCode) ToOpcode(ctx *compileContext) Opcodes {
+	var code *Opcode
+	switch {
+	case c.isPtr:
+		code = newOpCode(ctx, c.typ, OpUintPtr)
+	case c.isString:
+		code = newOpCode(ctx, c.typ, OpUintString)
+	default:
+		code = newOpCode(ctx, c.typ, OpUint)
+	}
+	code.NumBitSize = c.bitSize
+	ctx.incIndex()
+	return Opcodes{code}
+}
+
+func (c *UintCode) Filter(_ *FieldQuery) Code {
+	return c
+}
+
+type FloatCode struct {
+	typ     *runtime.Type
+	bitSize uint8
+	isPtr   bool
+}
+
+func (c *FloatCode) Kind() CodeKind {
+	return CodeKindFloat
+}
+
+func (c *FloatCode) ToOpcode(ctx *compileContext) Opcodes {
+	var code *Opcode
+	switch {
+	case c.isPtr:
+		switch c.bitSize {
+		case 32:
+			code = newOpCode(ctx, c.typ, OpFloat32Ptr)
+		default:
+			code = newOpCode(ctx, c.typ, OpFloat64Ptr)
+		}
+	default:
+		switch c.bitSize {
+		case 32:
+			code = newOpCode(ctx, c.typ, OpFloat32)
+		default:
+			code = newOpCode(ctx, c.typ, OpFloat64)
+		}
+	}
+	ctx.incIndex()
+	return Opcodes{code}
+}
+
+func (c *FloatCode) Filter(_ *FieldQuery) Code {
+	return c
+}
+
+type StringCode struct {
+	typ   *runtime.Type
+	isPtr bool
+}
+
+func (c *StringCode) Kind() CodeKind {
+	return CodeKindString
+}
+
+func (c *StringCode) ToOpcode(ctx *compileContext) Opcodes {
+	isJSONNumberType := c.typ == runtime.Type2RType(jsonNumberType)
+	var code *Opcode
+	if c.isPtr {
+		if isJSONNumberType {
+			code = newOpCode(ctx, c.typ, OpNumberPtr)
+		} else {
+			code = newOpCode(ctx, c.typ, OpStringPtr)
+		}
+	} else {
+		if isJSONNumberType {
+			code = newOpCode(ctx, c.typ, OpNumber)
+		} else {
+			code = newOpCode(ctx, c.typ, OpString)
+		}
+	}
+	ctx.incIndex()
+	return Opcodes{code}
+}
+
+func (c *StringCode) Filter(_ *FieldQuery) Code {
+	return c
+}
+
+type BoolCode struct {
+	typ   *runtime.Type
+	isPtr bool
+}
+
+func (c *BoolCode) Kind() CodeKind {
+	return CodeKindBool
+}
+
+func (c *BoolCode) ToOpcode(ctx *compileContext) Opcodes {
+	var code *Opcode
+	switch {
+	case c.isPtr:
+		code = newOpCode(ctx, c.typ, OpBoolPtr)
+	default:
+		code = newOpCode(ctx, c.typ, OpBool)
+	}
+	ctx.incIndex()
+	return Opcodes{code}
+}
+
+func (c *BoolCode) Filter(_ *FieldQuery) Code {
+	return c
+}
+
+type BytesCode struct {
+	typ   *runtime.Type
+	isPtr bool
+}
+
+func (c *BytesCode) Kind() CodeKind {
+	return CodeKindBytes
+}
+
+func (c *BytesCode) ToOpcode(ctx *compileContext) Opcodes {
+	var code *Opcode
+	switch {
+	case c.isPtr:
+		code = newOpCode(ctx, c.typ, OpBytesPtr)
+	default:
+		code = newOpCode(ctx, c.typ, OpBytes)
+	}
+	ctx.incIndex()
+	return Opcodes{code}
+}
+
+func (c *BytesCode) Filter(_ *FieldQuery) Code {
+	return c
+}
+
+type SliceCode struct {
+	typ   *runtime.Type
+	value Code
+}
+
+func (c *SliceCode) Kind() CodeKind {
+	return CodeKindSlice
+}
+
+func (c *SliceCode) ToOpcode(ctx *compileContext) Opcodes {
+	// header => opcode => elem => end
+	//             ^        |
+	//             |________|
+	size := c.typ.Elem().Size()
+	header := newSliceHeaderCode(ctx, c.typ)
+	ctx.incIndex()
+
+	ctx.incIndent()
+	codes := c.value.ToOpcode(ctx)
+	ctx.decIndent()
+
+	codes.First().Flags |= IndirectFlags
+	elemCode := newSliceElemCode(ctx, c.typ.Elem(), header, size)
+	ctx.incIndex()
+	end := newOpCode(ctx, c.typ, OpSliceEnd)
+	ctx.incIndex()
+	header.End = end
+	header.Next = codes.First()
+	codes.Last().Next = elemCode
+	elemCode.Next = codes.First()
+	elemCode.End = end
+	return Opcodes{header}.Add(codes...).Add(elemCode).Add(end)
+}
+
+func (c *SliceCode) Filter(_ *FieldQuery) Code {
+	return c
+}
+
+type ArrayCode struct {
+	typ   *runtime.Type
+	value Code
+}
+
+func (c *ArrayCode) Kind() CodeKind {
+	return CodeKindArray
+}
+
+func (c *ArrayCode) ToOpcode(ctx *compileContext) Opcodes {
+	// header => opcode => elem => end
+	//             ^        |
+	//             |________|
+	elem := c.typ.Elem()
+	alen := c.typ.Len()
+	size := elem.Size()
+
+	header := newArrayHeaderCode(ctx, c.typ, alen)
+	ctx.incIndex()
+
+	ctx.incIndent()
+	codes := c.value.ToOpcode(ctx)
+	ctx.decIndent()
+
+	codes.First().Flags |= IndirectFlags
+
+	elemCode := newArrayElemCode(ctx, elem, header, alen, size)
+	ctx.incIndex()
+
+	end := newOpCode(ctx, c.typ, OpArrayEnd)
+	ctx.incIndex()
+
+	header.End = end
+	header.Next = codes.First()
+	codes.Last().Next = elemCode
+	elemCode.Next = codes.First()
+	elemCode.End = end
+
+	return Opcodes{header}.Add(codes...).Add(elemCode).Add(end)
+}
+
+func (c *ArrayCode) Filter(_ *FieldQuery) Code {
+	return c
+}
+
+type MapCode struct {
+	typ   *runtime.Type
+	key   Code
+	value Code
+}
+
+func (c *MapCode) Kind() CodeKind {
+	return CodeKindMap
+}
+
+func (c *MapCode) ToOpcode(ctx *compileContext) Opcodes {
+	// header => code => value => code => key => code => value => code => end
+	//                                     ^                       |
+	//                                     |_______________________|
+	header := newMapHeaderCode(ctx, c.typ)
+	ctx.incIndex()
+
+	keyCodes := c.key.ToOpcode(ctx)
+
+	value := newMapValueCode(ctx, c.typ.Elem(), header)
+	ctx.incIndex()
+
+	ctx.incIndent()
+	valueCodes := c.value.ToOpcode(ctx)
+	ctx.decIndent()
+
+	valueCodes.First().Flags |= IndirectFlags
+
+	key := newMapKeyCode(ctx, c.typ.Key(), header)
+	ctx.incIndex()
+
+	end := newMapEndCode(ctx, c.typ, header)
+	ctx.incIndex()
+
+	header.Next = keyCodes.First()
+	keyCodes.Last().Next = value
+	value.Next = valueCodes.First()
+	valueCodes.Last().Next = key
+	key.Next = keyCodes.First()
+
+	header.End = end
+	key.End = end
+	value.End = end
+	return Opcodes{header}.Add(keyCodes...).Add(value).Add(valueCodes...).Add(key).Add(end)
+}
+
+func (c *MapCode) Filter(_ *FieldQuery) Code {
+	return c
+}
+
+type StructCode struct {
+	typ                       *runtime.Type
+	fields                    []*StructFieldCode
+	isPtr                     bool
+	disableIndirectConversion bool
+	isIndirect                bool
+	isRecursive               bool
+}
+
+func (c *StructCode) Kind() CodeKind {
+	return CodeKindStruct
+}
+
+func (c *StructCode) lastFieldCode(field *StructFieldCode, firstField *Opcode) *Opcode {
+	if isEmbeddedStruct(field) {
+		return c.lastAnonymousFieldCode(firstField)
+	}
+	lastField := firstField
+	for lastField.NextField != nil {
+		lastField = lastField.NextField
+	}
+	return lastField
+}
+
+func (c *StructCode) lastAnonymousFieldCode(firstField *Opcode) *Opcode {
+	// firstField is special StructHead operation for anonymous structure.
+	// So, StructHead's next operation is truly struct head operation.
+	for firstField.Op == OpStructHead || firstField.Op == OpStructField {
+		firstField = firstField.Next
+	}
+	lastField := firstField
+	for lastField.NextField != nil {
+		lastField = lastField.NextField
+	}
+	return lastField
+}
+
+func (c *StructCode) ToOpcode(ctx *compileContext) Opcodes {
+	// header => code => structField => code => end
+	//                        ^          |
+	//                        |__________|
+	if c.isRecursive {
+		recursive := newRecursiveCode(ctx, c.typ, &CompiledCode{})
+		recursive.Type = c.typ
+		ctx.incIndex()
+		*ctx.recursiveCodes = append(*ctx.recursiveCodes, recursive)
+		return Opcodes{recursive}
+	}
+	codes := Opcodes{}
+	var prevField *Opcode
+	ctx.incIndent()
+	for idx, field := range c.fields {
+		isFirstField := idx == 0
+		isEndField := idx == len(c.fields)-1
+		fieldCodes := field.ToOpcode(ctx, isFirstField, isEndField)
+		for _, code := range fieldCodes {
+			if c.isIndirect {
+				code.Flags |= IndirectFlags
+			}
+		}
+		firstField := fieldCodes.First()
+		if len(codes) > 0 {
+			codes.Last().Next = firstField
+			firstField.Idx = codes.First().Idx
+		}
+		if prevField != nil {
+			prevField.NextField = firstField
+		}
+		if isEndField {
+			endField := fieldCodes.Last()
+			if len(codes) > 0 {
+				codes.First().End = endField
+			} else {
+				firstField.End = endField
+			}
+			codes = codes.Add(fieldCodes...)
+			break
+		}
+		prevField = c.lastFieldCode(field, firstField)
+		codes = codes.Add(fieldCodes...)
+	}
+	if len(codes) == 0 {
+		head := &Opcode{
+			Op:         OpStructHead,
+			Idx:        opcodeOffset(ctx.ptrIndex),
+			Type:       c.typ,
+			DisplayIdx: ctx.opcodeIndex,
+			Indent:     ctx.indent,
+		}
+		ctx.incOpcodeIndex()
+		end := &Opcode{
+			Op:         OpStructEnd,
+			Idx:        opcodeOffset(ctx.ptrIndex),
+			DisplayIdx: ctx.opcodeIndex,
+			Indent:     ctx.indent,
+		}
+		head.NextField = end
+		head.Next = end
+		head.End = end
+		codes = codes.Add(head, end)
+		ctx.incIndex()
+	}
+	ctx.decIndent()
+	ctx.structTypeToCodes[uintptr(unsafe.Pointer(c.typ))] = codes
+	return codes
+}
+
+func (c *StructCode) ToAnonymousOpcode(ctx *compileContext) Opcodes {
+	// header => code => structField => code => end
+	//                        ^          |
+	//                        |__________|
+	if c.isRecursive {
+		recursive := newRecursiveCode(ctx, c.typ, &CompiledCode{})
+		recursive.Type = c.typ
+		ctx.incIndex()
+		*ctx.recursiveCodes = append(*ctx.recursiveCodes, recursive)
+		return Opcodes{recursive}
+	}
+	codes := Opcodes{}
+	var prevField *Opcode
+	for idx, field := range c.fields {
+		isFirstField := idx == 0
+		isEndField := idx == len(c.fields)-1
+		fieldCodes := field.ToAnonymousOpcode(ctx, isFirstField, isEndField)
+		for _, code := range fieldCodes {
+			if c.isIndirect {
+				code.Flags |= IndirectFlags
+			}
+		}
+		firstField := fieldCodes.First()
+		if len(codes) > 0 {
+			codes.Last().Next = firstField
+			firstField.Idx = codes.First().Idx
+		}
+		if prevField != nil {
+			prevField.NextField = firstField
+		}
+		if isEndField {
+			lastField := fieldCodes.Last()
+			if len(codes) > 0 {
+				codes.First().End = lastField
+			} else {
+				firstField.End = lastField
+			}
+		}
+		prevField = firstField
+		codes = codes.Add(fieldCodes...)
+	}
+	return codes
+}
+
+func (c *StructCode) removeFieldsByTags(tags runtime.StructTags) {
+	fields := make([]*StructFieldCode, 0, len(c.fields))
+	for _, field := range c.fields {
+		if field.isAnonymous {
+			structCode := field.getAnonymousStruct()
+			if structCode != nil && !structCode.isRecursive {
+				structCode.removeFieldsByTags(tags)
+				if len(structCode.fields) > 0 {
+					fields = append(fields, field)
+				}
+				continue
+			}
+		}
+		if tags.ExistsKey(field.key) {
+			continue
+		}
+		fields = append(fields, field)
+	}
+	c.fields = fields
+}
+
+func (c *StructCode) enableIndirect() {
+	if c.isIndirect {
+		return
+	}
+	c.isIndirect = true
+	if len(c.fields) == 0 {
+		return
+	}
+	structCode := c.fields[0].getStruct()
+	if structCode == nil {
+		return
+	}
+	structCode.enableIndirect()
+}
+
+func (c *StructCode) Filter(query *FieldQuery) Code {
+	fieldMap := map[string]*FieldQuery{}
+	for _, field := range query.Fields {
+		fieldMap[field.Name] = field
+	}
+	fields := make([]*StructFieldCode, 0, len(c.fields))
+	for _, field := range c.fields {
+		query, exists := fieldMap[field.key]
+		if !exists {
+			continue
+		}
+		fieldCode := &StructFieldCode{
+			typ:                field.typ,
+			key:                field.key,
+			tag:                field.tag,
+			value:              field.value,
+			offset:             field.offset,
+			isAnonymous:        field.isAnonymous,
+			isTaggedKey:        field.isTaggedKey,
+			isNilableType:      field.isNilableType,
+			isNilCheck:         field.isNilCheck,
+			isAddrForMarshaler: field.isAddrForMarshaler,
+			isNextOpPtrType:    field.isNextOpPtrType,
+		}
+		if len(query.Fields) > 0 {
+			fieldCode.value = fieldCode.value.Filter(query)
+		}
+		fields = append(fields, fieldCode)
+	}
+	return &StructCode{
+		typ:                       c.typ,
+		fields:                    fields,
+		isPtr:                     c.isPtr,
+		disableIndirectConversion: c.disableIndirectConversion,
+		isIndirect:                c.isIndirect,
+		isRecursive:               c.isRecursive,
+	}
+}
+
+type StructFieldCode struct {
+	typ                *runtime.Type
+	key                string
+	tag                *runtime.StructTag
+	value              Code
+	offset             uintptr
+	isAnonymous        bool
+	isTaggedKey        bool
+	isNilableType      bool
+	isNilCheck         bool
+	isAddrForMarshaler bool
+	isNextOpPtrType    bool
+	isMarshalerContext bool
+}
+
+func (c *StructFieldCode) getStruct() *StructCode {
+	value := c.value
+	ptr, ok := value.(*PtrCode)
+	if ok {
+		value = ptr.value
+	}
+	structCode, ok := value.(*StructCode)
+	if ok {
+		return structCode
+	}
+	return nil
+}
+
+func (c *StructFieldCode) getAnonymousStruct() *StructCode {
+	if !c.isAnonymous {
+		return nil
+	}
+	return c.getStruct()
+}
+
+func optimizeStructHeader(code *Opcode, tag *runtime.StructTag) OpType {
+	headType := code.ToHeaderType(tag.IsString)
+	if tag.IsOmitEmpty {
+		headType = headType.HeadToOmitEmptyHead()
+	}
+	return headType
+}
+
+func optimizeStructField(code *Opcode, tag *runtime.StructTag) OpType {
+	fieldType := code.ToFieldType(tag.IsString)
+	if tag.IsOmitEmpty {
+		fieldType = fieldType.FieldToOmitEmptyField()
+	}
+	return fieldType
+}
+
+func (c *StructFieldCode) headerOpcodes(ctx *compileContext, field *Opcode, valueCodes Opcodes) Opcodes {
+	value := valueCodes.First()
+	op := optimizeStructHeader(value, c.tag)
+	field.Op = op
+	if value.Flags&MarshalerContextFlags != 0 {
+		field.Flags |= MarshalerContextFlags
+	}
+	field.NumBitSize = value.NumBitSize
+	field.PtrNum = value.PtrNum
+	field.FieldQuery = value.FieldQuery
+	fieldCodes := Opcodes{field}
+	if op.IsMultipleOpHead() {
+		field.Next = value
+		fieldCodes = fieldCodes.Add(valueCodes...)
+	} else {
+		ctx.decIndex()
+	}
+	return fieldCodes
+}
+
+func (c *StructFieldCode) fieldOpcodes(ctx *compileContext, field *Opcode, valueCodes Opcodes) Opcodes {
+	value := valueCodes.First()
+	op := optimizeStructField(value, c.tag)
+	field.Op = op
+	if value.Flags&MarshalerContextFlags != 0 {
+		field.Flags |= MarshalerContextFlags
+	}
+	field.NumBitSize = value.NumBitSize
+	field.PtrNum = value.PtrNum
+	field.FieldQuery = value.FieldQuery
+
+	fieldCodes := Opcodes{field}
+	if op.IsMultipleOpField() {
+		field.Next = value
+		fieldCodes = fieldCodes.Add(valueCodes...)
+	} else {
+		ctx.decIndex()
+	}
+	return fieldCodes
+}
+
+func (c *StructFieldCode) addStructEndCode(ctx *compileContext, codes Opcodes) Opcodes {
+	end := &Opcode{
+		Op:         OpStructEnd,
+		Idx:        opcodeOffset(ctx.ptrIndex),
+		DisplayIdx: ctx.opcodeIndex,
+		Indent:     ctx.indent,
+	}
+	codes.Last().Next = end
+	code := codes.First()
+	for code.Op == OpStructField || code.Op == OpStructHead {
+		code = code.Next
+	}
+	for code.NextField != nil {
+		code = code.NextField
+	}
+	code.NextField = end
+
+	codes = codes.Add(end)
+	ctx.incOpcodeIndex()
+	return codes
+}
+
+func (c *StructFieldCode) structKey(ctx *compileContext) string {
+	if ctx.escapeKey {
+		rctx := &RuntimeContext{Option: &Option{Flag: HTMLEscapeOption}}
+		return fmt.Sprintf(`%s:`, string(AppendString(rctx, []byte{}, c.key)))
+	}
+	return fmt.Sprintf(`"%s":`, c.key)
+}
+
+func (c *StructFieldCode) flags() OpFlags {
+	var flags OpFlags
+	if c.isTaggedKey {
+		flags |= IsTaggedKeyFlags
+	}
+	if c.isNilableType {
+		flags |= IsNilableTypeFlags
+	}
+	if c.isNilCheck {
+		flags |= NilCheckFlags
+	}
+	if c.isAddrForMarshaler {
+		flags |= AddrForMarshalerFlags
+	}
+	if c.isNextOpPtrType {
+		flags |= IsNextOpPtrTypeFlags
+	}
+	if c.isAnonymous {
+		flags |= AnonymousKeyFlags
+	}
+	if c.isMarshalerContext {
+		flags |= MarshalerContextFlags
+	}
+	return flags
+}
+
+func (c *StructFieldCode) toValueOpcodes(ctx *compileContext) Opcodes {
+	if c.isAnonymous {
+		anonymCode, ok := c.value.(AnonymousCode)
+		if ok {
+			return anonymCode.ToAnonymousOpcode(ctx)
+		}
+	}
+	return c.value.ToOpcode(ctx)
+}
+
+func (c *StructFieldCode) ToOpcode(ctx *compileContext, isFirstField, isEndField bool) Opcodes {
+	field := &Opcode{
+		Idx:        opcodeOffset(ctx.ptrIndex),
+		Flags:      c.flags(),
+		Key:        c.structKey(ctx),
+		Offset:     uint32(c.offset),
+		Type:       c.typ,
+		DisplayIdx: ctx.opcodeIndex,
+		Indent:     ctx.indent,
+		DisplayKey: c.key,
+	}
+	ctx.incIndex()
+	valueCodes := c.toValueOpcodes(ctx)
+	if isFirstField {
+		codes := c.headerOpcodes(ctx, field, valueCodes)
+		if isEndField {
+			codes = c.addStructEndCode(ctx, codes)
+		}
+		return codes
+	}
+	codes := c.fieldOpcodes(ctx, field, valueCodes)
+	if isEndField {
+		if isEnableStructEndOptimization(c.value) {
+			field.Op = field.Op.FieldToEnd()
+		} else {
+			codes = c.addStructEndCode(ctx, codes)
+		}
+	}
+	return codes
+}
+
+func (c *StructFieldCode) ToAnonymousOpcode(ctx *compileContext, isFirstField, isEndField bool) Opcodes {
+	field := &Opcode{
+		Idx:        opcodeOffset(ctx.ptrIndex),
+		Flags:      c.flags() | AnonymousHeadFlags,
+		Key:        c.structKey(ctx),
+		Offset:     uint32(c.offset),
+		Type:       c.typ,
+		DisplayIdx: ctx.opcodeIndex,
+		Indent:     ctx.indent,
+		DisplayKey: c.key,
+	}
+	ctx.incIndex()
+	valueCodes := c.toValueOpcodes(ctx)
+	if isFirstField {
+		return c.headerOpcodes(ctx, field, valueCodes)
+	}
+	return c.fieldOpcodes(ctx, field, valueCodes)
+}
+
+func isEnableStructEndOptimization(value Code) bool {
+	switch value.Kind() {
+	case CodeKindInt,
+		CodeKindUint,
+		CodeKindFloat,
+		CodeKindString,
+		CodeKindBool,
+		CodeKindBytes:
+		return true
+	case CodeKindPtr:
+		return isEnableStructEndOptimization(value.(*PtrCode).value)
+	default:
+		return false
+	}
+}
+
+type InterfaceCode struct {
+	typ        *runtime.Type
+	fieldQuery *FieldQuery
+	isPtr      bool
+}
+
+func (c *InterfaceCode) Kind() CodeKind {
+	return CodeKindInterface
+}
+
+func (c *InterfaceCode) ToOpcode(ctx *compileContext) Opcodes {
+	var code *Opcode
+	switch {
+	case c.isPtr:
+		code = newOpCode(ctx, c.typ, OpInterfacePtr)
+	default:
+		code = newOpCode(ctx, c.typ, OpInterface)
+	}
+	code.FieldQuery = c.fieldQuery
+	if c.typ.NumMethod() > 0 {
+		code.Flags |= NonEmptyInterfaceFlags
+	}
+	ctx.incIndex()
+	return Opcodes{code}
+}
+
+func (c *InterfaceCode) Filter(query *FieldQuery) Code {
+	return &InterfaceCode{
+		typ:        c.typ,
+		fieldQuery: query,
+		isPtr:      c.isPtr,
+	}
+}
+
+type MarshalJSONCode struct {
+	typ                *runtime.Type
+	fieldQuery         *FieldQuery
+	isAddrForMarshaler bool
+	isNilableType      bool
+	isMarshalerContext bool
+}
+
+func (c *MarshalJSONCode) Kind() CodeKind {
+	return CodeKindMarshalJSON
+}
+
+func (c *MarshalJSONCode) ToOpcode(ctx *compileContext) Opcodes {
+	code := newOpCode(ctx, c.typ, OpMarshalJSON)
+	code.FieldQuery = c.fieldQuery
+	if c.isAddrForMarshaler {
+		code.Flags |= AddrForMarshalerFlags
+	}
+	if c.isMarshalerContext {
+		code.Flags |= MarshalerContextFlags
+	}
+	if c.isNilableType {
+		code.Flags |= IsNilableTypeFlags
+	} else {
+		code.Flags &= ^IsNilableTypeFlags
+	}
+	ctx.incIndex()
+	return Opcodes{code}
+}
+
+func (c *MarshalJSONCode) Filter(query *FieldQuery) Code {
+	return &MarshalJSONCode{
+		typ:                c.typ,
+		fieldQuery:         query,
+		isAddrForMarshaler: c.isAddrForMarshaler,
+		isNilableType:      c.isNilableType,
+		isMarshalerContext: c.isMarshalerContext,
+	}
+}
+
+type MarshalTextCode struct {
+	typ                *runtime.Type
+	fieldQuery         *FieldQuery
+	isAddrForMarshaler bool
+	isNilableType      bool
+}
+
+func (c *MarshalTextCode) Kind() CodeKind {
+	return CodeKindMarshalText
+}
+
+func (c *MarshalTextCode) ToOpcode(ctx *compileContext) Opcodes {
+	code := newOpCode(ctx, c.typ, OpMarshalText)
+	code.FieldQuery = c.fieldQuery
+	if c.isAddrForMarshaler {
+		code.Flags |= AddrForMarshalerFlags
+	}
+	if c.isNilableType {
+		code.Flags |= IsNilableTypeFlags
+	} else {
+		code.Flags &= ^IsNilableTypeFlags
+	}
+	ctx.incIndex()
+	return Opcodes{code}
+}
+
+func (c *MarshalTextCode) Filter(query *FieldQuery) Code {
+	return &MarshalTextCode{
+		typ:                c.typ,
+		fieldQuery:         query,
+		isAddrForMarshaler: c.isAddrForMarshaler,
+		isNilableType:      c.isNilableType,
+	}
+}
+
+type PtrCode struct {
+	typ    *runtime.Type
+	value  Code
+	ptrNum uint8
+}
+
+func (c *PtrCode) Kind() CodeKind {
+	return CodeKindPtr
+}
+
+func (c *PtrCode) ToOpcode(ctx *compileContext) Opcodes {
+	codes := c.value.ToOpcode(ctx)
+	codes.First().Op = convertPtrOp(codes.First())
+	codes.First().PtrNum = c.ptrNum
+	return codes
+}
+
+func (c *PtrCode) ToAnonymousOpcode(ctx *compileContext) Opcodes {
+	var codes Opcodes
+	anonymCode, ok := c.value.(AnonymousCode)
+	if ok {
+		codes = anonymCode.ToAnonymousOpcode(ctx)
+	} else {
+		codes = c.value.ToOpcode(ctx)
+	}
+	codes.First().Op = convertPtrOp(codes.First())
+	codes.First().PtrNum = c.ptrNum
+	return codes
+}
+
+func (c *PtrCode) Filter(query *FieldQuery) Code {
+	return &PtrCode{
+		typ:    c.typ,
+		value:  c.value.Filter(query),
+		ptrNum: c.ptrNum,
+	}
+}
+
+func convertPtrOp(code *Opcode) OpType {
+	ptrHeadOp := code.Op.HeadToPtrHead()
+	if code.Op != ptrHeadOp {
+		if code.PtrNum > 0 {
+			// ptr field and ptr head
+			code.PtrNum--
+		}
+		return ptrHeadOp
+	}
+	switch code.Op {
+	case OpInt:
+		return OpIntPtr
+	case OpUint:
+		return OpUintPtr
+	case OpFloat32:
+		return OpFloat32Ptr
+	case OpFloat64:
+		return OpFloat64Ptr
+	case OpString:
+		return OpStringPtr
+	case OpBool:
+		return OpBoolPtr
+	case OpBytes:
+		return OpBytesPtr
+	case OpNumber:
+		return OpNumberPtr
+	case OpArray:
+		return OpArrayPtr
+	case OpSlice:
+		return OpSlicePtr
+	case OpMap:
+		return OpMapPtr
+	case OpMarshalJSON:
+		return OpMarshalJSONPtr
+	case OpMarshalText:
+		return OpMarshalTextPtr
+	case OpInterface:
+		return OpInterfacePtr
+	case OpRecursive:
+		return OpRecursivePtr
+	}
+	return code.Op
+}
+
+func isEmbeddedStruct(field *StructFieldCode) bool {
+	if !field.isAnonymous {
+		return false
+	}
+	t := field.typ
+	if t.Kind() == reflect.Ptr {
+		t = t.Elem()
+	}
+	return t.Kind() == reflect.Struct
+}
diff --git a/vendor/github.com/goccy/go-json/internal/encoder/compact.go b/vendor/github.com/goccy/go-json/internal/encoder/compact.go
new file mode 100644
index 000000000..0eb9545d8
--- /dev/null
+++ b/vendor/github.com/goccy/go-json/internal/encoder/compact.go
@@ -0,0 +1,286 @@
+package encoder
+
+import (
+	"bytes"
+	"fmt"
+	"strconv"
+	"unsafe"
+
+	"github.com/goccy/go-json/internal/errors"
+)
+
+var (
+	isWhiteSpace = [256]bool{
+		' ':  true,
+		'\n': true,
+		'\t': true,
+		'\r': true,
+	}
+	isHTMLEscapeChar = [256]bool{
+		'<': true,
+		'>': true,
+		'&': true,
+	}
+	nul = byte('\000')
+)
+
+func Compact(buf *bytes.Buffer, src []byte, escape bool) error {
+	if len(src) == 0 {
+		return errors.ErrUnexpectedEndOfJSON("", 0)
+	}
+	buf.Grow(len(src))
+	dst := buf.Bytes()
+
+	ctx := TakeRuntimeContext()
+	ctxBuf := ctx.Buf[:0]
+	ctxBuf = append(append(ctxBuf, src...), nul)
+	ctx.Buf = ctxBuf
+
+	if err := compactAndWrite(buf, dst, ctxBuf, escape); err != nil {
+		ReleaseRuntimeContext(ctx)
+		return err
+	}
+	ReleaseRuntimeContext(ctx)
+	return nil
+}
+
+func compactAndWrite(buf *bytes.Buffer, dst []byte, src []byte, escape bool) error {
+	dst, err := compact(dst, src, escape)
+	if err != nil {
+		return err
+	}
+	if _, err := buf.Write(dst); err != nil {
+		return err
+	}
+	return nil
+}
+
+func compact(dst, src []byte, escape bool) ([]byte, error) {
+	buf, cursor, err := compactValue(dst, src, 0, escape)
+	if err != nil {
+		return nil, err
+	}
+	if err := validateEndBuf(src, cursor); err != nil {
+		return nil, err
+	}
+	return buf, nil
+}
+
+func validateEndBuf(src []byte, cursor int64) error {
+	for {
+		switch src[cursor] {
+		case ' ', '\t', '\n', '\r':
+			cursor++
+			continue
+		case nul:
+			return nil
+		}
+		return errors.ErrSyntax(
+			fmt.Sprintf("invalid character '%c' after top-level value", src[cursor]),
+			cursor+1,
+		)
+	}
+}
+
+func skipWhiteSpace(buf []byte, cursor int64) int64 {
+LOOP:
+	if isWhiteSpace[buf[cursor]] {
+		cursor++
+		goto LOOP
+	}
+	return cursor
+}
+
+func compactValue(dst, src []byte, cursor int64, escape bool) ([]byte, int64, error) {
+	for {
+		switch src[cursor] {
+		case ' ', '\t', '\n', '\r':
+			cursor++
+			continue
+		case '{':
+			return compactObject(dst, src, cursor, escape)
+		case '}':
+			return nil, 0, errors.ErrSyntax("unexpected character '}'", cursor)
+		case '[':
+			return compactArray(dst, src, cursor, escape)
+		case ']':
+			return nil, 0, errors.ErrSyntax("unexpected character ']'", cursor)
+		case '"':
+			return compactString(dst, src, cursor, escape)
+		case '-', '0', '1', '2', '3', '4', '5', '6', '7', '8', '9':
+			return compactNumber(dst, src, cursor)
+		case 't':
+			return compactTrue(dst, src, cursor)
+		case 'f':
+			return compactFalse(dst, src, cursor)
+		case 'n':
+			return compactNull(dst, src, cursor)
+		default:
+			return nil, 0, errors.ErrSyntax(fmt.Sprintf("unexpected character '%c'", src[cursor]), cursor)
+		}
+	}
+}
+
+func compactObject(dst, src []byte, cursor int64, escape bool) ([]byte, int64, error) {
+	if src[cursor] == '{' {
+		dst = append(dst, '{')
+	} else {
+		return nil, 0, errors.ErrExpected("expected { character for object value", cursor)
+	}
+	cursor = skipWhiteSpace(src, cursor+1)
+	if src[cursor] == '}' {
+		dst = append(dst, '}')
+		return dst, cursor + 1, nil
+	}
+	var err error
+	for {
+		cursor = skipWhiteSpace(src, cursor)
+		dst, cursor, err = compactString(dst, src, cursor, escape)
+		if err != nil {
+			return nil, 0, err
+		}
+		cursor = skipWhiteSpace(src, cursor)
+		if src[cursor] != ':' {
+			return nil, 0, errors.ErrExpected("colon after object key", cursor)
+		}
+		dst = append(dst, ':')
+		dst, cursor, err = compactValue(dst, src, cursor+1, escape)
+		if err != nil {
+			return nil, 0, err
+		}
+		cursor = skipWhiteSpace(src, cursor)
+		switch src[cursor] {
+		case '}':
+			dst = append(dst, '}')
+			cursor++
+			return dst, cursor, nil
+		case ',':
+			dst = append(dst, ',')
+		default:
+			return nil, 0, errors.ErrExpected("comma after object value", cursor)
+		}
+		cursor++
+	}
+}
+
+func compactArray(dst, src []byte, cursor int64, escape bool) ([]byte, int64, error) {
+	if src[cursor] == '[' {
+		dst = append(dst, '[')
+	} else {
+		return nil, 0, errors.ErrExpected("expected [ character for array value", cursor)
+	}
+	cursor = skipWhiteSpace(src, cursor+1)
+	if src[cursor] == ']' {
+		dst = append(dst, ']')
+		return dst, cursor + 1, nil
+	}
+	var err error
+	for {
+		dst, cursor, err = compactValue(dst, src, cursor, escape)
+		if err != nil {
+			return nil, 0, err
+		}
+		cursor = skipWhiteSpace(src, cursor)
+		switch src[cursor] {
+		case ']':
+			dst = append(dst, ']')
+			cursor++
+			return dst, cursor, nil
+		case ',':
+			dst = append(dst, ',')
+		default:
+			return nil, 0, errors.ErrExpected("comma after array value", cursor)
+		}
+		cursor++
+	}
+}
+
+func compactString(dst, src []byte, cursor int64, escape bool) ([]byte, int64, error) {
+	if src[cursor] != '"' {
+		return nil, 0, errors.ErrInvalidCharacter(src[cursor], "string", cursor)
+	}
+	start := cursor
+	for {
+		cursor++
+		c := src[cursor]
+		if escape {
+			if isHTMLEscapeChar[c] {
+				dst = append(dst, src[start:cursor]...)
+				dst = append(dst, `\u00`...)
+				dst = append(dst, hex[c>>4], hex[c&0xF])
+				start = cursor + 1
+			} else if c == 0xE2 && cursor+2 < int64(len(src)) && src[cursor+1] == 0x80 && src[cursor+2]&^1 == 0xA8 {
+				dst = append(dst, src[start:cursor]...)
+				dst = append(dst, `\u202`...)
+				dst = append(dst, hex[src[cursor+2]&0xF])
+				cursor += 2
+				start = cursor + 3
+			}
+		}
+		switch c {
+		case '\\':
+			cursor++
+			if src[cursor] == nul {
+				return nil, 0, errors.ErrUnexpectedEndOfJSON("string", int64(len(src)))
+			}
+		case '"':
+			cursor++
+			return append(dst, src[start:cursor]...), cursor, nil
+		case nul:
+			return nil, 0, errors.ErrUnexpectedEndOfJSON("string", int64(len(src)))
+		}
+	}
+}
+
+func compactNumber(dst, src []byte, cursor int64) ([]byte, int64, error) {
+	start := cursor
+	for {
+		cursor++
+		if floatTable[src[cursor]] {
+			continue
+		}
+		break
+	}
+	num := src[start:cursor]
+	if _, err := strconv.ParseFloat(*(*string)(unsafe.Pointer(&num)), 64); err != nil {
+		return nil, 0, err
+	}
+	dst = append(dst, num...)
+	return dst, cursor, nil
+}
+
+func compactTrue(dst, src []byte, cursor int64) ([]byte, int64, error) {
+	if cursor+3 >= int64(len(src)) {
+		return nil, 0, errors.ErrUnexpectedEndOfJSON("true", cursor)
+	}
+	if !bytes.Equal(src[cursor:cursor+4], []byte(`true`)) {
+		return nil, 0, errors.ErrInvalidCharacter(src[cursor], "true", cursor)
+	}
+	dst = append(dst, "true"...)
+	cursor += 4
+	return dst, cursor, nil
+}
+
+func compactFalse(dst, src []byte, cursor int64) ([]byte, int64, error) {
+	if cursor+4 >= int64(len(src)) {
+		return nil, 0, errors.ErrUnexpectedEndOfJSON("false", cursor)
+	}
+	if !bytes.Equal(src[cursor:cursor+5], []byte(`false`)) {
+		return nil, 0, errors.ErrInvalidCharacter(src[cursor], "false", cursor)
+	}
+	dst = append(dst, "false"...)
+	cursor += 5
+	return dst, cursor, nil
+}
+
+func compactNull(dst, src []byte, cursor int64) ([]byte, int64, error) {
+	if cursor+3 >= int64(len(src)) {
+		return nil, 0, errors.ErrUnexpectedEndOfJSON("null", cursor)
+	}
+	if !bytes.Equal(src[cursor:cursor+4], []byte(`null`)) {
+		return nil, 0, errors.ErrInvalidCharacter(src[cursor], "null", cursor)
+	}
+	dst = append(dst, "null"...)
+	cursor += 4
+	return dst, cursor, nil
+}
diff --git a/vendor/github.com/goccy/go-json/internal/encoder/compiler.go b/vendor/github.com/goccy/go-json/internal/encoder/compiler.go
new file mode 100644
index 000000000..3ae39ba8c
--- /dev/null
+++ b/vendor/github.com/goccy/go-json/internal/encoder/compiler.go
@@ -0,0 +1,935 @@
+package encoder
+
+import (
+	"context"
+	"encoding"
+	"encoding/json"
+	"reflect"
+	"sync/atomic"
+	"unsafe"
+
+	"github.com/goccy/go-json/internal/errors"
+	"github.com/goccy/go-json/internal/runtime"
+)
+
+type marshalerContext interface {
+	MarshalJSON(context.Context) ([]byte, error)
+}
+
+var (
+	marshalJSONType        = reflect.TypeOf((*json.Marshaler)(nil)).Elem()
+	marshalJSONContextType = reflect.TypeOf((*marshalerContext)(nil)).Elem()
+	marshalTextType        = reflect.TypeOf((*encoding.TextMarshaler)(nil)).Elem()
+	jsonNumberType         = reflect.TypeOf(json.Number(""))
+	cachedOpcodeSets       []*OpcodeSet
+	cachedOpcodeMap        unsafe.Pointer // map[uintptr]*OpcodeSet
+	typeAddr               *runtime.TypeAddr
+)
+
+func init() {
+	typeAddr = runtime.AnalyzeTypeAddr()
+	if typeAddr == nil {
+		typeAddr = &runtime.TypeAddr{}
+	}
+	cachedOpcodeSets = make([]*OpcodeSet, typeAddr.AddrRange>>typeAddr.AddrShift+1)
+}
+
+func loadOpcodeMap() map[uintptr]*OpcodeSet {
+	p := atomic.LoadPointer(&cachedOpcodeMap)
+	return *(*map[uintptr]*OpcodeSet)(unsafe.Pointer(&p))
+}
+
+func storeOpcodeSet(typ uintptr, set *OpcodeSet, m map[uintptr]*OpcodeSet) {
+	newOpcodeMap := make(map[uintptr]*OpcodeSet, len(m)+1)
+	newOpcodeMap[typ] = set
+
+	for k, v := range m {
+		newOpcodeMap[k] = v
+	}
+
+	atomic.StorePointer(&cachedOpcodeMap, *(*unsafe.Pointer)(unsafe.Pointer(&newOpcodeMap)))
+}
+
+func compileToGetCodeSetSlowPath(typeptr uintptr) (*OpcodeSet, error) {
+	opcodeMap := loadOpcodeMap()
+	if codeSet, exists := opcodeMap[typeptr]; exists {
+		return codeSet, nil
+	}
+	codeSet, err := newCompiler().compile(typeptr)
+	if err != nil {
+		return nil, err
+	}
+	storeOpcodeSet(typeptr, codeSet, opcodeMap)
+	return codeSet, nil
+}
+
+func getFilteredCodeSetIfNeeded(ctx *RuntimeContext, codeSet *OpcodeSet) (*OpcodeSet, error) {
+	if (ctx.Option.Flag & ContextOption) == 0 {
+		return codeSet, nil
+	}
+	query := FieldQueryFromContext(ctx.Option.Context)
+	if query == nil {
+		return codeSet, nil
+	}
+	ctx.Option.Flag |= FieldQueryOption
+	cacheCodeSet := codeSet.getQueryCache(query.Hash())
+	if cacheCodeSet != nil {
+		return cacheCodeSet, nil
+	}
+	queryCodeSet, err := newCompiler().codeToOpcodeSet(codeSet.Type, codeSet.Code.Filter(query))
+	if err != nil {
+		return nil, err
+	}
+	codeSet.setQueryCache(query.Hash(), queryCodeSet)
+	return queryCodeSet, nil
+}
+
+type Compiler struct {
+	structTypeToCode map[uintptr]*StructCode
+}
+
+func newCompiler() *Compiler {
+	return &Compiler{
+		structTypeToCode: map[uintptr]*StructCode{},
+	}
+}
+
+func (c *Compiler) compile(typeptr uintptr) (*OpcodeSet, error) {
+	// noescape trick for header.typ ( reflect.*rtype )
+	typ := *(**runtime.Type)(unsafe.Pointer(&typeptr))
+	code, err := c.typeToCode(typ)
+	if err != nil {
+		return nil, err
+	}
+	return c.codeToOpcodeSet(typ, code)
+}
+
+func (c *Compiler) codeToOpcodeSet(typ *runtime.Type, code Code) (*OpcodeSet, error) {
+	noescapeKeyCode := c.codeToOpcode(&compileContext{
+		structTypeToCodes: map[uintptr]Opcodes{},
+		recursiveCodes:    &Opcodes{},
+	}, typ, code)
+	if err := noescapeKeyCode.Validate(); err != nil {
+		return nil, err
+	}
+	escapeKeyCode := c.codeToOpcode(&compileContext{
+		structTypeToCodes: map[uintptr]Opcodes{},
+		recursiveCodes:    &Opcodes{},
+		escapeKey:         true,
+	}, typ, code)
+	noescapeKeyCode = copyOpcode(noescapeKeyCode)
+	escapeKeyCode = copyOpcode(escapeKeyCode)
+	setTotalLengthToInterfaceOp(noescapeKeyCode)
+	setTotalLengthToInterfaceOp(escapeKeyCode)
+	interfaceNoescapeKeyCode := copyToInterfaceOpcode(noescapeKeyCode)
+	interfaceEscapeKeyCode := copyToInterfaceOpcode(escapeKeyCode)
+	codeLength := noescapeKeyCode.TotalLength()
+	return &OpcodeSet{
+		Type:                     typ,
+		NoescapeKeyCode:          noescapeKeyCode,
+		EscapeKeyCode:            escapeKeyCode,
+		InterfaceNoescapeKeyCode: interfaceNoescapeKeyCode,
+		InterfaceEscapeKeyCode:   interfaceEscapeKeyCode,
+		CodeLength:               codeLength,
+		EndCode:                  ToEndCode(interfaceNoescapeKeyCode),
+		Code:                     code,
+		QueryCache:               map[string]*OpcodeSet{},
+	}, nil
+}
+
+func (c *Compiler) typeToCode(typ *runtime.Type) (Code, error) {
+	switch {
+	case c.implementsMarshalJSON(typ):
+		return c.marshalJSONCode(typ)
+	case c.implementsMarshalText(typ):
+		return c.marshalTextCode(typ)
+	}
+
+	isPtr := false
+	orgType := typ
+	if typ.Kind() == reflect.Ptr {
+		typ = typ.Elem()
+		isPtr = true
+	}
+	switch {
+	case c.implementsMarshalJSON(typ):
+		return c.marshalJSONCode(orgType)
+	case c.implementsMarshalText(typ):
+		return c.marshalTextCode(orgType)
+	}
+	switch typ.Kind() {
+	case reflect.Slice:
+		elem := typ.Elem()
+		if elem.Kind() == reflect.Uint8 {
+			p := runtime.PtrTo(elem)
+			if !c.implementsMarshalJSONType(p) && !p.Implements(marshalTextType) {
+				return c.bytesCode(typ, isPtr)
+			}
+		}
+		return c.sliceCode(typ)
+	case reflect.Map:
+		if isPtr {
+			return c.ptrCode(runtime.PtrTo(typ))
+		}
+		return c.mapCode(typ)
+	case reflect.Struct:
+		return c.structCode(typ, isPtr)
+	case reflect.Int:
+		return c.intCode(typ, isPtr)
+	case reflect.Int8:
+		return c.int8Code(typ, isPtr)
+	case reflect.Int16:
+		return c.int16Code(typ, isPtr)
+	case reflect.Int32:
+		return c.int32Code(typ, isPtr)
+	case reflect.Int64:
+		return c.int64Code(typ, isPtr)
+	case reflect.Uint, reflect.Uintptr:
+		return c.uintCode(typ, isPtr)
+	case reflect.Uint8:
+		return c.uint8Code(typ, isPtr)
+	case reflect.Uint16:
+		return c.uint16Code(typ, isPtr)
+	case reflect.Uint32:
+		return c.uint32Code(typ, isPtr)
+	case reflect.Uint64:
+		return c.uint64Code(typ, isPtr)
+	case reflect.Float32:
+		return c.float32Code(typ, isPtr)
+	case reflect.Float64:
+		return c.float64Code(typ, isPtr)
+	case reflect.String:
+		return c.stringCode(typ, isPtr)
+	case reflect.Bool:
+		return c.boolCode(typ, isPtr)
+	case reflect.Interface:
+		return c.interfaceCode(typ, isPtr)
+	default:
+		if isPtr && typ.Implements(marshalTextType) {
+			typ = orgType
+		}
+		return c.typeToCodeWithPtr(typ, isPtr)
+	}
+}
+
+func (c *Compiler) typeToCodeWithPtr(typ *runtime.Type, isPtr bool) (Code, error) {
+	switch {
+	case c.implementsMarshalJSON(typ):
+		return c.marshalJSONCode(typ)
+	case c.implementsMarshalText(typ):
+		return c.marshalTextCode(typ)
+	}
+	switch typ.Kind() {
+	case reflect.Ptr:
+		return c.ptrCode(typ)
+	case reflect.Slice:
+		elem := typ.Elem()
+		if elem.Kind() == reflect.Uint8 {
+			p := runtime.PtrTo(elem)
+			if !c.implementsMarshalJSONType(p) && !p.Implements(marshalTextType) {
+				return c.bytesCode(typ, false)
+			}
+		}
+		return c.sliceCode(typ)
+	case reflect.Array:
+		return c.arrayCode(typ)
+	case reflect.Map:
+		return c.mapCode(typ)
+	case reflect.Struct:
+		return c.structCode(typ, isPtr)
+	case reflect.Interface:
+		return c.interfaceCode(typ, false)
+	case reflect.Int:
+		return c.intCode(typ, false)
+	case reflect.Int8:
+		return c.int8Code(typ, false)
+	case reflect.Int16:
+		return c.int16Code(typ, false)
+	case reflect.Int32:
+		return c.int32Code(typ, false)
+	case reflect.Int64:
+		return c.int64Code(typ, false)
+	case reflect.Uint:
+		return c.uintCode(typ, false)
+	case reflect.Uint8:
+		return c.uint8Code(typ, false)
+	case reflect.Uint16:
+		return c.uint16Code(typ, false)
+	case reflect.Uint32:
+		return c.uint32Code(typ, false)
+	case reflect.Uint64:
+		return c.uint64Code(typ, false)
+	case reflect.Uintptr:
+		return c.uintCode(typ, false)
+	case reflect.Float32:
+		return c.float32Code(typ, false)
+	case reflect.Float64:
+		return c.float64Code(typ, false)
+	case reflect.String:
+		return c.stringCode(typ, false)
+	case reflect.Bool:
+		return c.boolCode(typ, false)
+	}
+	return nil, &errors.UnsupportedTypeError{Type: runtime.RType2Type(typ)}
+}
+
+const intSize = 32 << (^uint(0) >> 63)
+
+//nolint:unparam
+func (c *Compiler) intCode(typ *runtime.Type, isPtr bool) (*IntCode, error) {
+	return &IntCode{typ: typ, bitSize: intSize, isPtr: isPtr}, nil
+}
+
+//nolint:unparam
+func (c *Compiler) int8Code(typ *runtime.Type, isPtr bool) (*IntCode, error) {
+	return &IntCode{typ: typ, bitSize: 8, isPtr: isPtr}, nil
+}
+
+//nolint:unparam
+func (c *Compiler) int16Code(typ *runtime.Type, isPtr bool) (*IntCode, error) {
+	return &IntCode{typ: typ, bitSize: 16, isPtr: isPtr}, nil
+}
+
+//nolint:unparam
+func (c *Compiler) int32Code(typ *runtime.Type, isPtr bool) (*IntCode, error) {
+	return &IntCode{typ: typ, bitSize: 32, isPtr: isPtr}, nil
+}
+
+//nolint:unparam
+func (c *Compiler) int64Code(typ *runtime.Type, isPtr bool) (*IntCode, error) {
+	return &IntCode{typ: typ, bitSize: 64, isPtr: isPtr}, nil
+}
+
+//nolint:unparam
+func (c *Compiler) uintCode(typ *runtime.Type, isPtr bool) (*UintCode, error) {
+	return &UintCode{typ: typ, bitSize: intSize, isPtr: isPtr}, nil
+}
+
+//nolint:unparam
+func (c *Compiler) uint8Code(typ *runtime.Type, isPtr bool) (*UintCode, error) {
+	return &UintCode{typ: typ, bitSize: 8, isPtr: isPtr}, nil
+}
+
+//nolint:unparam
+func (c *Compiler) uint16Code(typ *runtime.Type, isPtr bool) (*UintCode, error) {
+	return &UintCode{typ: typ, bitSize: 16, isPtr: isPtr}, nil
+}
+
+//nolint:unparam
+func (c *Compiler) uint32Code(typ *runtime.Type, isPtr bool) (*UintCode, error) {
+	return &UintCode{typ: typ, bitSize: 32, isPtr: isPtr}, nil
+}
+
+//nolint:unparam
+func (c *Compiler) uint64Code(typ *runtime.Type, isPtr bool) (*UintCode, error) {
+	return &UintCode{typ: typ, bitSize: 64, isPtr: isPtr}, nil
+}
+
+//nolint:unparam
+func (c *Compiler) float32Code(typ *runtime.Type, isPtr bool) (*FloatCode, error) {
+	return &FloatCode{typ: typ, bitSize: 32, isPtr: isPtr}, nil
+}
+
+//nolint:unparam
+func (c *Compiler) float64Code(typ *runtime.Type, isPtr bool) (*FloatCode, error) {
+	return &FloatCode{typ: typ, bitSize: 64, isPtr: isPtr}, nil
+}
+
+//nolint:unparam
+func (c *Compiler) stringCode(typ *runtime.Type, isPtr bool) (*StringCode, error) {
+	return &StringCode{typ: typ, isPtr: isPtr}, nil
+}
+
+//nolint:unparam
+func (c *Compiler) boolCode(typ *runtime.Type, isPtr bool) (*BoolCode, error) {
+	return &BoolCode{typ: typ, isPtr: isPtr}, nil
+}
+
+//nolint:unparam
+func (c *Compiler) intStringCode(typ *runtime.Type) (*IntCode, error) {
+	return &IntCode{typ: typ, bitSize: intSize, isString: true}, nil
+}
+
+//nolint:unparam
+func (c *Compiler) int8StringCode(typ *runtime.Type) (*IntCode, error) {
+	return &IntCode{typ: typ, bitSize: 8, isString: true}, nil
+}
+
+//nolint:unparam
+func (c *Compiler) int16StringCode(typ *runtime.Type) (*IntCode, error) {
+	return &IntCode{typ: typ, bitSize: 16, isString: true}, nil
+}
+
+//nolint:unparam
+func (c *Compiler) int32StringCode(typ *runtime.Type) (*IntCode, error) {
+	return &IntCode{typ: typ, bitSize: 32, isString: true}, nil
+}
+
+//nolint:unparam
+func (c *Compiler) int64StringCode(typ *runtime.Type) (*IntCode, error) {
+	return &IntCode{typ: typ, bitSize: 64, isString: true}, nil
+}
+
+//nolint:unparam
+func (c *Compiler) uintStringCode(typ *runtime.Type) (*UintCode, error) {
+	return &UintCode{typ: typ, bitSize: intSize, isString: true}, nil
+}
+
+//nolint:unparam
+func (c *Compiler) uint8StringCode(typ *runtime.Type) (*UintCode, error) {
+	return &UintCode{typ: typ, bitSize: 8, isString: true}, nil
+}
+
+//nolint:unparam
+func (c *Compiler) uint16StringCode(typ *runtime.Type) (*UintCode, error) {
+	return &UintCode{typ: typ, bitSize: 16, isString: true}, nil
+}
+
+//nolint:unparam
+func (c *Compiler) uint32StringCode(typ *runtime.Type) (*UintCode, error) {
+	return &UintCode{typ: typ, bitSize: 32, isString: true}, nil
+}
+
+//nolint:unparam
+func (c *Compiler) uint64StringCode(typ *runtime.Type) (*UintCode, error) {
+	return &UintCode{typ: typ, bitSize: 64, isString: true}, nil
+}
+
+//nolint:unparam
+func (c *Compiler) bytesCode(typ *runtime.Type, isPtr bool) (*BytesCode, error) {
+	return &BytesCode{typ: typ, isPtr: isPtr}, nil
+}
+
+//nolint:unparam
+func (c *Compiler) interfaceCode(typ *runtime.Type, isPtr bool) (*InterfaceCode, error) {
+	return &InterfaceCode{typ: typ, isPtr: isPtr}, nil
+}
+
+//nolint:unparam
+func (c *Compiler) marshalJSONCode(typ *runtime.Type) (*MarshalJSONCode, error) {
+	return &MarshalJSONCode{
+		typ:                typ,
+		isAddrForMarshaler: c.isPtrMarshalJSONType(typ),
+		isNilableType:      c.isNilableType(typ),
+		isMarshalerContext: typ.Implements(marshalJSONContextType) || runtime.PtrTo(typ).Implements(marshalJSONContextType),
+	}, nil
+}
+
+//nolint:unparam
+func (c *Compiler) marshalTextCode(typ *runtime.Type) (*MarshalTextCode, error) {
+	return &MarshalTextCode{
+		typ:                typ,
+		isAddrForMarshaler: c.isPtrMarshalTextType(typ),
+		isNilableType:      c.isNilableType(typ),
+	}, nil
+}
+
+func (c *Compiler) ptrCode(typ *runtime.Type) (*PtrCode, error) {
+	code, err := c.typeToCodeWithPtr(typ.Elem(), true)
+	if err != nil {
+		return nil, err
+	}
+	ptr, ok := code.(*PtrCode)
+	if ok {
+		return &PtrCode{typ: typ, value: ptr.value, ptrNum: ptr.ptrNum + 1}, nil
+	}
+	return &PtrCode{typ: typ, value: code, ptrNum: 1}, nil
+}
+
+func (c *Compiler) sliceCode(typ *runtime.Type) (*SliceCode, error) {
+	elem := typ.Elem()
+	code, err := c.listElemCode(elem)
+	if err != nil {
+		return nil, err
+	}
+	if code.Kind() == CodeKindStruct {
+		structCode := code.(*StructCode)
+		structCode.enableIndirect()
+	}
+	return &SliceCode{typ: typ, value: code}, nil
+}
+
+func (c *Compiler) arrayCode(typ *runtime.Type) (*ArrayCode, error) {
+	elem := typ.Elem()
+	code, err := c.listElemCode(elem)
+	if err != nil {
+		return nil, err
+	}
+	if code.Kind() == CodeKindStruct {
+		structCode := code.(*StructCode)
+		structCode.enableIndirect()
+	}
+	return &ArrayCode{typ: typ, value: code}, nil
+}
+
+func (c *Compiler) mapCode(typ *runtime.Type) (*MapCode, error) {
+	keyCode, err := c.mapKeyCode(typ.Key())
+	if err != nil {
+		return nil, err
+	}
+	valueCode, err := c.mapValueCode(typ.Elem())
+	if err != nil {
+		return nil, err
+	}
+	if valueCode.Kind() == CodeKindStruct {
+		structCode := valueCode.(*StructCode)
+		structCode.enableIndirect()
+	}
+	return &MapCode{typ: typ, key: keyCode, value: valueCode}, nil
+}
+
+func (c *Compiler) listElemCode(typ *runtime.Type) (Code, error) {
+	switch {
+	case c.isPtrMarshalJSONType(typ):
+		return c.marshalJSONCode(typ)
+	case !typ.Implements(marshalTextType) && runtime.PtrTo(typ).Implements(marshalTextType):
+		return c.marshalTextCode(typ)
+	case typ.Kind() == reflect.Map:
+		return c.ptrCode(runtime.PtrTo(typ))
+	default:
+		// isPtr was originally used to indicate whether the type of top level is pointer.
+		// However, since the slice/array element is a specification that can get the pointer address, explicitly set isPtr to true.
+		// See here for related issues: https://github.com/goccy/go-json/issues/370
+		code, err := c.typeToCodeWithPtr(typ, true)
+		if err != nil {
+			return nil, err
+		}
+		ptr, ok := code.(*PtrCode)
+		if ok {
+			if ptr.value.Kind() == CodeKindMap {
+				ptr.ptrNum++
+			}
+		}
+		return code, nil
+	}
+}
+
+func (c *Compiler) mapKeyCode(typ *runtime.Type) (Code, error) {
+	switch {
+	case c.implementsMarshalText(typ):
+		return c.marshalTextCode(typ)
+	}
+	switch typ.Kind() {
+	case reflect.Ptr:
+		return c.ptrCode(typ)
+	case reflect.String:
+		return c.stringCode(typ, false)
+	case reflect.Int:
+		return c.intStringCode(typ)
+	case reflect.Int8:
+		return c.int8StringCode(typ)
+	case reflect.Int16:
+		return c.int16StringCode(typ)
+	case reflect.Int32:
+		return c.int32StringCode(typ)
+	case reflect.Int64:
+		return c.int64StringCode(typ)
+	case reflect.Uint:
+		return c.uintStringCode(typ)
+	case reflect.Uint8:
+		return c.uint8StringCode(typ)
+	case reflect.Uint16:
+		return c.uint16StringCode(typ)
+	case reflect.Uint32:
+		return c.uint32StringCode(typ)
+	case reflect.Uint64:
+		return c.uint64StringCode(typ)
+	case reflect.Uintptr:
+		return c.uintStringCode(typ)
+	}
+	return nil, &errors.UnsupportedTypeError{Type: runtime.RType2Type(typ)}
+}
+
+func (c *Compiler) mapValueCode(typ *runtime.Type) (Code, error) {
+	switch typ.Kind() {
+	case reflect.Map:
+		return c.ptrCode(runtime.PtrTo(typ))
+	default:
+		code, err := c.typeToCodeWithPtr(typ, false)
+		if err != nil {
+			return nil, err
+		}
+		ptr, ok := code.(*PtrCode)
+		if ok {
+			if ptr.value.Kind() == CodeKindMap {
+				ptr.ptrNum++
+			}
+		}
+		return code, nil
+	}
+}
+
+func (c *Compiler) structCode(typ *runtime.Type, isPtr bool) (*StructCode, error) {
+	typeptr := uintptr(unsafe.Pointer(typ))
+	if code, exists := c.structTypeToCode[typeptr]; exists {
+		derefCode := *code
+		derefCode.isRecursive = true
+		return &derefCode, nil
+	}
+	indirect := runtime.IfaceIndir(typ)
+	code := &StructCode{typ: typ, isPtr: isPtr, isIndirect: indirect}
+	c.structTypeToCode[typeptr] = code
+
+	fieldNum := typ.NumField()
+	tags := c.typeToStructTags(typ)
+	fields := []*StructFieldCode{}
+	for i, tag := range tags {
+		isOnlyOneFirstField := i == 0 && fieldNum == 1
+		field, err := c.structFieldCode(code, tag, isPtr, isOnlyOneFirstField)
+		if err != nil {
+			return nil, err
+		}
+		if field.isAnonymous {
+			structCode := field.getAnonymousStruct()
+			if structCode != nil {
+				structCode.removeFieldsByTags(tags)
+				if c.isAssignableIndirect(field, isPtr) {
+					if indirect {
+						structCode.isIndirect = true
+					} else {
+						structCode.isIndirect = false
+					}
+				}
+			}
+		} else {
+			structCode := field.getStruct()
+			if structCode != nil {
+				if indirect {
+					// if parent is indirect type, set child indirect property to true
+					structCode.isIndirect = true
+				} else {
+					// if parent is not indirect type, set child indirect property to false.
+					// but if parent's indirect is false and isPtr is true, then indirect must be true.
+					// Do this only if indirectConversion is enabled at the end of compileStruct.
+					structCode.isIndirect = false
+				}
+			}
+		}
+		fields = append(fields, field)
+	}
+	fieldMap := c.getFieldMap(fields)
+	duplicatedFieldMap := c.getDuplicatedFieldMap(fieldMap)
+	code.fields = c.filteredDuplicatedFields(fields, duplicatedFieldMap)
+	if !code.disableIndirectConversion && !indirect && isPtr {
+		code.enableIndirect()
+	}
+	delete(c.structTypeToCode, typeptr)
+	return code, nil
+}
+
+func toElemType(t *runtime.Type) *runtime.Type {
+	for t.Kind() == reflect.Ptr {
+		t = t.Elem()
+	}
+	return t
+}
+
+func (c *Compiler) structFieldCode(structCode *StructCode, tag *runtime.StructTag, isPtr, isOnlyOneFirstField bool) (*StructFieldCode, error) {
+	field := tag.Field
+	fieldType := runtime.Type2RType(field.Type)
+	isIndirectSpecialCase := isPtr && isOnlyOneFirstField
+	fieldCode := &StructFieldCode{
+		typ:           fieldType,
+		key:           tag.Key,
+		tag:           tag,
+		offset:        field.Offset,
+		isAnonymous:   field.Anonymous && !tag.IsTaggedKey && toElemType(fieldType).Kind() == reflect.Struct,
+		isTaggedKey:   tag.IsTaggedKey,
+		isNilableType: c.isNilableType(fieldType),
+		isNilCheck:    true,
+	}
+	switch {
+	case c.isMovePointerPositionFromHeadToFirstMarshalJSONFieldCase(fieldType, isIndirectSpecialCase):
+		code, err := c.marshalJSONCode(fieldType)
+		if err != nil {
+			return nil, err
+		}
+		fieldCode.value = code
+		fieldCode.isAddrForMarshaler = true
+		fieldCode.isNilCheck = false
+		structCode.isIndirect = false
+		structCode.disableIndirectConversion = true
+	case c.isMovePointerPositionFromHeadToFirstMarshalTextFieldCase(fieldType, isIndirectSpecialCase):
+		code, err := c.marshalTextCode(fieldType)
+		if err != nil {
+			return nil, err
+		}
+		fieldCode.value = code
+		fieldCode.isAddrForMarshaler = true
+		fieldCode.isNilCheck = false
+		structCode.isIndirect = false
+		structCode.disableIndirectConversion = true
+	case isPtr && c.isPtrMarshalJSONType(fieldType):
+		// *struct{ field T }
+		// func (*T) MarshalJSON() ([]byte, error)
+		code, err := c.marshalJSONCode(fieldType)
+		if err != nil {
+			return nil, err
+		}
+		fieldCode.value = code
+		fieldCode.isAddrForMarshaler = true
+		fieldCode.isNilCheck = false
+	case isPtr && c.isPtrMarshalTextType(fieldType):
+		// *struct{ field T }
+		// func (*T) MarshalText() ([]byte, error)
+		code, err := c.marshalTextCode(fieldType)
+		if err != nil {
+			return nil, err
+		}
+		fieldCode.value = code
+		fieldCode.isAddrForMarshaler = true
+		fieldCode.isNilCheck = false
+	default:
+		code, err := c.typeToCodeWithPtr(fieldType, isPtr)
+		if err != nil {
+			return nil, err
+		}
+		switch code.Kind() {
+		case CodeKindPtr, CodeKindInterface:
+			fieldCode.isNextOpPtrType = true
+		}
+		fieldCode.value = code
+	}
+	return fieldCode, nil
+}
+
+func (c *Compiler) isAssignableIndirect(fieldCode *StructFieldCode, isPtr bool) bool {
+	if isPtr {
+		return false
+	}
+	codeType := fieldCode.value.Kind()
+	if codeType == CodeKindMarshalJSON {
+		return false
+	}
+	if codeType == CodeKindMarshalText {
+		return false
+	}
+	return true
+}
+
+func (c *Compiler) getFieldMap(fields []*StructFieldCode) map[string][]*StructFieldCode {
+	fieldMap := map[string][]*StructFieldCode{}
+	for _, field := range fields {
+		if field.isAnonymous {
+			for k, v := range c.getAnonymousFieldMap(field) {
+				fieldMap[k] = append(fieldMap[k], v...)
+			}
+			continue
+		}
+		fieldMap[field.key] = append(fieldMap[field.key], field)
+	}
+	return fieldMap
+}
+
+func (c *Compiler) getAnonymousFieldMap(field *StructFieldCode) map[string][]*StructFieldCode {
+	fieldMap := map[string][]*StructFieldCode{}
+	structCode := field.getAnonymousStruct()
+	if structCode == nil || structCode.isRecursive {
+		fieldMap[field.key] = append(fieldMap[field.key], field)
+		return fieldMap
+	}
+	for k, v := range c.getFieldMapFromAnonymousParent(structCode.fields) {
+		fieldMap[k] = append(fieldMap[k], v...)
+	}
+	return fieldMap
+}
+
+func (c *Compiler) getFieldMapFromAnonymousParent(fields []*StructFieldCode) map[string][]*StructFieldCode {
+	fieldMap := map[string][]*StructFieldCode{}
+	for _, field := range fields {
+		if field.isAnonymous {
+			for k, v := range c.getAnonymousFieldMap(field) {
+				// Do not handle tagged key when embedding more than once
+				for _, vv := range v {
+					vv.isTaggedKey = false
+				}
+				fieldMap[k] = append(fieldMap[k], v...)
+			}
+			continue
+		}
+		fieldMap[field.key] = append(fieldMap[field.key], field)
+	}
+	return fieldMap
+}
+
+func (c *Compiler) getDuplicatedFieldMap(fieldMap map[string][]*StructFieldCode) map[*StructFieldCode]struct{} {
+	duplicatedFieldMap := map[*StructFieldCode]struct{}{}
+	for _, fields := range fieldMap {
+		if len(fields) == 1 {
+			continue
+		}
+		if c.isTaggedKeyOnly(fields) {
+			for _, field := range fields {
+				if field.isTaggedKey {
+					continue
+				}
+				duplicatedFieldMap[field] = struct{}{}
+			}
+		} else {
+			for _, field := range fields {
+				duplicatedFieldMap[field] = struct{}{}
+			}
+		}
+	}
+	return duplicatedFieldMap
+}
+
+func (c *Compiler) filteredDuplicatedFields(fields []*StructFieldCode, duplicatedFieldMap map[*StructFieldCode]struct{}) []*StructFieldCode {
+	filteredFields := make([]*StructFieldCode, 0, len(fields))
+	for _, field := range fields {
+		if field.isAnonymous {
+			structCode := field.getAnonymousStruct()
+			if structCode != nil && !structCode.isRecursive {
+				structCode.fields = c.filteredDuplicatedFields(structCode.fields, duplicatedFieldMap)
+				if len(structCode.fields) > 0 {
+					filteredFields = append(filteredFields, field)
+				}
+				continue
+			}
+		}
+		if _, exists := duplicatedFieldMap[field]; exists {
+			continue
+		}
+		filteredFields = append(filteredFields, field)
+	}
+	return filteredFields
+}
+
+func (c *Compiler) isTaggedKeyOnly(fields []*StructFieldCode) bool {
+	var taggedKeyFieldCount int
+	for _, field := range fields {
+		if field.isTaggedKey {
+			taggedKeyFieldCount++
+		}
+	}
+	return taggedKeyFieldCount == 1
+}
+
+func (c *Compiler) typeToStructTags(typ *runtime.Type) runtime.StructTags {
+	tags := runtime.StructTags{}
+	fieldNum := typ.NumField()
+	for i := 0; i < fieldNum; i++ {
+		field := typ.Field(i)
+		if runtime.IsIgnoredStructField(field) {
+			continue
+		}
+		tags = append(tags, runtime.StructTagFromField(field))
+	}
+	return tags
+}
+
+// *struct{ field T } => struct { field *T }
+// func (*T) MarshalJSON() ([]byte, error)
+func (c *Compiler) isMovePointerPositionFromHeadToFirstMarshalJSONFieldCase(typ *runtime.Type, isIndirectSpecialCase bool) bool {
+	return isIndirectSpecialCase && !c.isNilableType(typ) && c.isPtrMarshalJSONType(typ)
+}
+
+// *struct{ field T } => struct { field *T }
+// func (*T) MarshalText() ([]byte, error)
+func (c *Compiler) isMovePointerPositionFromHeadToFirstMarshalTextFieldCase(typ *runtime.Type, isIndirectSpecialCase bool) bool {
+	return isIndirectSpecialCase && !c.isNilableType(typ) && c.isPtrMarshalTextType(typ)
+}
+
+func (c *Compiler) implementsMarshalJSON(typ *runtime.Type) bool {
+	if !c.implementsMarshalJSONType(typ) {
+		return false
+	}
+	if typ.Kind() != reflect.Ptr {
+		return true
+	}
+	// type kind is reflect.Ptr
+	if !c.implementsMarshalJSONType(typ.Elem()) {
+		return true
+	}
+	// needs to dereference
+	return false
+}
+
+func (c *Compiler) implementsMarshalText(typ *runtime.Type) bool {
+	if !typ.Implements(marshalTextType) {
+		return false
+	}
+	if typ.Kind() != reflect.Ptr {
+		return true
+	}
+	// type kind is reflect.Ptr
+	if !typ.Elem().Implements(marshalTextType) {
+		return true
+	}
+	// needs to dereference
+	return false
+}
+
+func (c *Compiler) isNilableType(typ *runtime.Type) bool {
+	if !runtime.IfaceIndir(typ) {
+		return true
+	}
+	switch typ.Kind() {
+	case reflect.Ptr:
+		return true
+	case reflect.Map:
+		return true
+	case reflect.Func:
+		return true
+	default:
+		return false
+	}
+}
+
+func (c *Compiler) implementsMarshalJSONType(typ *runtime.Type) bool {
+	return typ.Implements(marshalJSONType) || typ.Implements(marshalJSONContextType)
+}
+
+func (c *Compiler) isPtrMarshalJSONType(typ *runtime.Type) bool {
+	return !c.implementsMarshalJSONType(typ) && c.implementsMarshalJSONType(runtime.PtrTo(typ))
+}
+
+func (c *Compiler) isPtrMarshalTextType(typ *runtime.Type) bool {
+	return !typ.Implements(marshalTextType) && runtime.PtrTo(typ).Implements(marshalTextType)
+}
+
+func (c *Compiler) codeToOpcode(ctx *compileContext, typ *runtime.Type, code Code) *Opcode {
+	codes := code.ToOpcode(ctx)
+	codes.Last().Next = newEndOp(ctx, typ)
+	c.linkRecursiveCode(ctx)
+	return codes.First()
+}
+
+func (c *Compiler) linkRecursiveCode(ctx *compileContext) {
+	recursiveCodes := map[uintptr]*CompiledCode{}
+	for _, recursive := range *ctx.recursiveCodes {
+		typeptr := uintptr(unsafe.Pointer(recursive.Type))
+		codes := ctx.structTypeToCodes[typeptr]
+		if recursiveCode, ok := recursiveCodes[typeptr]; ok {
+			*recursive.Jmp = *recursiveCode
+			continue
+		}
+
+		code := copyOpcode(codes.First())
+		code.Op = code.Op.PtrHeadToHead()
+		lastCode := newEndOp(&compileContext{}, recursive.Type)
+		lastCode.Op = OpRecursiveEnd
+
+		// OpRecursiveEnd must set before call TotalLength
+		code.End.Next = lastCode
+
+		totalLength := code.TotalLength()
+
+		// Idx, ElemIdx, Length must set after call TotalLength
+		lastCode.Idx = uint32((totalLength + 1) * uintptrSize)
+		lastCode.ElemIdx = lastCode.Idx + uintptrSize
+		lastCode.Length = lastCode.Idx + 2*uintptrSize
+
+		// extend length to alloc slot for elemIdx + length
+		curTotalLength := uintptr(recursive.TotalLength()) + 3
+		nextTotalLength := uintptr(totalLength) + 3
+
+		compiled := recursive.Jmp
+		compiled.Code = code
+		compiled.CurLen = curTotalLength
+		compiled.NextLen = nextTotalLength
+		compiled.Linked = true
+
+		recursiveCodes[typeptr] = compiled
+	}
+}
diff --git a/vendor/github.com/goccy/go-json/internal/encoder/compiler_norace.go b/vendor/github.com/goccy/go-json/internal/encoder/compiler_norace.go
new file mode 100644
index 000000000..20c93cbf7
--- /dev/null
+++ b/vendor/github.com/goccy/go-json/internal/encoder/compiler_norace.go
@@ -0,0 +1,32 @@
+//go:build !race
+// +build !race
+
+package encoder
+
+func CompileToGetCodeSet(ctx *RuntimeContext, typeptr uintptr) (*OpcodeSet, error) {
+	if typeptr > typeAddr.MaxTypeAddr || typeptr < typeAddr.BaseTypeAddr {
+		codeSet, err := compileToGetCodeSetSlowPath(typeptr)
+		if err != nil {
+			return nil, err
+		}
+		return getFilteredCodeSetIfNeeded(ctx, codeSet)
+	}
+	index := (typeptr - typeAddr.BaseTypeAddr) >> typeAddr.AddrShift
+	if codeSet := cachedOpcodeSets[index]; codeSet != nil {
+		filtered, err := getFilteredCodeSetIfNeeded(ctx, codeSet)
+		if err != nil {
+			return nil, err
+		}
+		return filtered, nil
+	}
+	codeSet, err := newCompiler().compile(typeptr)
+	if err != nil {
+		return nil, err
+	}
+	filtered, err := getFilteredCodeSetIfNeeded(ctx, codeSet)
+	if err != nil {
+		return nil, err
+	}
+	cachedOpcodeSets[index] = codeSet
+	return filtered, nil
+}
diff --git a/vendor/github.com/goccy/go-json/internal/encoder/compiler_race.go b/vendor/github.com/goccy/go-json/internal/encoder/compiler_race.go
new file mode 100644
index 000000000..13ba23fdf
--- /dev/null
+++ b/vendor/github.com/goccy/go-json/internal/encoder/compiler_race.go
@@ -0,0 +1,45 @@
+//go:build race
+// +build race
+
+package encoder
+
+import (
+	"sync"
+)
+
+var setsMu sync.RWMutex
+
+func CompileToGetCodeSet(ctx *RuntimeContext, typeptr uintptr) (*OpcodeSet, error) {
+	if typeptr > typeAddr.MaxTypeAddr || typeptr < typeAddr.BaseTypeAddr {
+		codeSet, err := compileToGetCodeSetSlowPath(typeptr)
+		if err != nil {
+			return nil, err
+		}
+		return getFilteredCodeSetIfNeeded(ctx, codeSet)
+	}
+	index := (typeptr - typeAddr.BaseTypeAddr) >> typeAddr.AddrShift
+	setsMu.RLock()
+	if codeSet := cachedOpcodeSets[index]; codeSet != nil {
+		filtered, err := getFilteredCodeSetIfNeeded(ctx, codeSet)
+		if err != nil {
+			setsMu.RUnlock()
+			return nil, err
+		}
+		setsMu.RUnlock()
+		return filtered, nil
+	}
+	setsMu.RUnlock()
+
+	codeSet, err := newCompiler().compile(typeptr)
+	if err != nil {
+		return nil, err
+	}
+	filtered, err := getFilteredCodeSetIfNeeded(ctx, codeSet)
+	if err != nil {
+		return nil, err
+	}
+	setsMu.Lock()
+	cachedOpcodeSets[index] = codeSet
+	setsMu.Unlock()
+	return filtered, nil
+}
diff --git a/vendor/github.com/goccy/go-json/internal/encoder/context.go b/vendor/github.com/goccy/go-json/internal/encoder/context.go
new file mode 100644
index 000000000..3833d0c86
--- /dev/null
+++ b/vendor/github.com/goccy/go-json/internal/encoder/context.go
@@ -0,0 +1,105 @@
+package encoder
+
+import (
+	"context"
+	"sync"
+	"unsafe"
+
+	"github.com/goccy/go-json/internal/runtime"
+)
+
+type compileContext struct {
+	opcodeIndex       uint32
+	ptrIndex          int
+	indent            uint32
+	escapeKey         bool
+	structTypeToCodes map[uintptr]Opcodes
+	recursiveCodes    *Opcodes
+}
+
+func (c *compileContext) incIndent() {
+	c.indent++
+}
+
+func (c *compileContext) decIndent() {
+	c.indent--
+}
+
+func (c *compileContext) incIndex() {
+	c.incOpcodeIndex()
+	c.incPtrIndex()
+}
+
+func (c *compileContext) decIndex() {
+	c.decOpcodeIndex()
+	c.decPtrIndex()
+}
+
+func (c *compileContext) incOpcodeIndex() {
+	c.opcodeIndex++
+}
+
+func (c *compileContext) decOpcodeIndex() {
+	c.opcodeIndex--
+}
+
+func (c *compileContext) incPtrIndex() {
+	c.ptrIndex++
+}
+
+func (c *compileContext) decPtrIndex() {
+	c.ptrIndex--
+}
+
+const (
+	bufSize = 1024
+)
+
+var (
+	runtimeContextPool = sync.Pool{
+		New: func() interface{} {
+			return &RuntimeContext{
+				Buf:      make([]byte, 0, bufSize),
+				Ptrs:     make([]uintptr, 128),
+				KeepRefs: make([]unsafe.Pointer, 0, 8),
+				Option:   &Option{},
+			}
+		},
+	}
+)
+
+type RuntimeContext struct {
+	Context    context.Context
+	Buf        []byte
+	MarshalBuf []byte
+	Ptrs       []uintptr
+	KeepRefs   []unsafe.Pointer
+	SeenPtr    []uintptr
+	BaseIndent uint32
+	Prefix     []byte
+	IndentStr  []byte
+	Option     *Option
+}
+
+func (c *RuntimeContext) Init(p uintptr, codelen int) {
+	if len(c.Ptrs) < codelen {
+		c.Ptrs = make([]uintptr, codelen)
+	}
+	c.Ptrs[0] = p
+	c.KeepRefs = c.KeepRefs[:0]
+	c.SeenPtr = c.SeenPtr[:0]
+	c.BaseIndent = 0
+}
+
+func (c *RuntimeContext) Ptr() uintptr {
+	header := (*runtime.SliceHeader)(unsafe.Pointer(&c.Ptrs))
+	return uintptr(header.Data)
+}
+
+func TakeRuntimeContext() *RuntimeContext {
+	return runtimeContextPool.Get().(*RuntimeContext)
+}
+
+func ReleaseRuntimeContext(ctx *RuntimeContext) {
+	runtimeContextPool.Put(ctx)
+}
diff --git a/vendor/github.com/goccy/go-json/internal/encoder/decode_rune.go b/vendor/github.com/goccy/go-json/internal/encoder/decode_rune.go
new file mode 100644
index 000000000..35c959d48
--- /dev/null
+++ b/vendor/github.com/goccy/go-json/internal/encoder/decode_rune.go
@@ -0,0 +1,126 @@
+package encoder
+
+import "unicode/utf8"
+
+const (
+	// The default lowest and highest continuation byte.
+	locb = 128 //0b10000000
+	hicb = 191 //0b10111111
+
+	// These names of these constants are chosen to give nice alignment in the
+	// table below. The first nibble is an index into acceptRanges or F for
+	// special one-byte cases. The second nibble is the Rune length or the
+	// Status for the special one-byte case.
+	xx = 0xF1 // invalid: size 1
+	as = 0xF0 // ASCII: size 1
+	s1 = 0x02 // accept 0, size 2
+	s2 = 0x13 // accept 1, size 3
+	s3 = 0x03 // accept 0, size 3
+	s4 = 0x23 // accept 2, size 3
+	s5 = 0x34 // accept 3, size 4
+	s6 = 0x04 // accept 0, size 4
+	s7 = 0x44 // accept 4, size 4
+)
+
+// first is information about the first byte in a UTF-8 sequence.
+var first = [256]uint8{
+	//   1   2   3   4   5   6   7   8   9   A   B   C   D   E   F
+	as, as, as, as, as, as, as, as, as, as, as, as, as, as, as, as, // 0x00-0x0F
+	as, as, as, as, as, as, as, as, as, as, as, as, as, as, as, as, // 0x10-0x1F
+	as, as, as, as, as, as, as, as, as, as, as, as, as, as, as, as, // 0x20-0x2F
+	as, as, as, as, as, as, as, as, as, as, as, as, as, as, as, as, // 0x30-0x3F
+	as, as, as, as, as, as, as, as, as, as, as, as, as, as, as, as, // 0x40-0x4F
+	as, as, as, as, as, as, as, as, as, as, as, as, as, as, as, as, // 0x50-0x5F
+	as, as, as, as, as, as, as, as, as, as, as, as, as, as, as, as, // 0x60-0x6F
+	as, as, as, as, as, as, as, as, as, as, as, as, as, as, as, as, // 0x70-0x7F
+	//   1   2   3   4   5   6   7   8   9   A   B   C   D   E   F
+	xx, xx, xx, xx, xx, xx, xx, xx, xx, xx, xx, xx, xx, xx, xx, xx, // 0x80-0x8F
+	xx, xx, xx, xx, xx, xx, xx, xx, xx, xx, xx, xx, xx, xx, xx, xx, // 0x90-0x9F
+	xx, xx, xx, xx, xx, xx, xx, xx, xx, xx, xx, xx, xx, xx, xx, xx, // 0xA0-0xAF
+	xx, xx, xx, xx, xx, xx, xx, xx, xx, xx, xx, xx, xx, xx, xx, xx, // 0xB0-0xBF
+	xx, xx, s1, s1, s1, s1, s1, s1, s1, s1, s1, s1, s1, s1, s1, s1, // 0xC0-0xCF
+	s1, s1, s1, s1, s1, s1, s1, s1, s1, s1, s1, s1, s1, s1, s1, s1, // 0xD0-0xDF
+	s2, s3, s3, s3, s3, s3, s3, s3, s3, s3, s3, s3, s3, s4, s3, s3, // 0xE0-0xEF
+	s5, s6, s6, s6, s7, xx, xx, xx, xx, xx, xx, xx, xx, xx, xx, xx, // 0xF0-0xFF
+}
+
+const (
+	lineSep      = byte(168) //'\u2028'
+	paragraphSep = byte(169) //'\u2029'
+)
+
+type decodeRuneState int
+
+const (
+	validUTF8State decodeRuneState = iota
+	runeErrorState
+	lineSepState
+	paragraphSepState
+)
+
+func decodeRuneInString(s string) (decodeRuneState, int) {
+	n := len(s)
+	s0 := s[0]
+	x := first[s0]
+	if x >= as {
+		// The following code simulates an additional check for x == xx and
+		// handling the ASCII and invalid cases accordingly. This mask-and-or
+		// approach prevents an additional branch.
+		mask := rune(x) << 31 >> 31 // Create 0x0000 or 0xFFFF.
+		if rune(s[0])&^mask|utf8.RuneError&mask == utf8.RuneError {
+			return runeErrorState, 1
+		}
+		return validUTF8State, 1
+	}
+	sz := int(x & 7)
+	if n < sz {
+		return runeErrorState, 1
+	}
+	s1 := s[1]
+	switch x >> 4 {
+	case 0:
+		if s1 < locb || hicb < s1 {
+			return runeErrorState, 1
+		}
+	case 1:
+		if s1 < 0xA0 || hicb < s1 {
+			return runeErrorState, 1
+		}
+	case 2:
+		if s1 < locb || 0x9F < s1 {
+			return runeErrorState, 1
+		}
+	case 3:
+		if s1 < 0x90 || hicb < s1 {
+			return runeErrorState, 1
+		}
+	case 4:
+		if s1 < locb || 0x8F < s1 {
+			return runeErrorState, 1
+		}
+	}
+	if sz <= 2 {
+		return validUTF8State, 2
+	}
+	s2 := s[2]
+	if s2 < locb || hicb < s2 {
+		return runeErrorState, 1
+	}
+	if sz <= 3 {
+		// separator character prefixes: [2]byte{226, 128}
+		if s0 == 226 && s1 == 128 {
+			switch s2 {
+			case lineSep:
+				return lineSepState, 3
+			case paragraphSep:
+				return paragraphSepState, 3
+			}
+		}
+		return validUTF8State, 3
+	}
+	s3 := s[3]
+	if s3 < locb || hicb < s3 {
+		return runeErrorState, 1
+	}
+	return validUTF8State, 4
+}
diff --git a/vendor/github.com/goccy/go-json/internal/encoder/encoder.go b/vendor/github.com/goccy/go-json/internal/encoder/encoder.go
new file mode 100644
index 000000000..14eb6a0d6
--- /dev/null
+++ b/vendor/github.com/goccy/go-json/internal/encoder/encoder.go
@@ -0,0 +1,596 @@
+package encoder
+
+import (
+	"bytes"
+	"encoding"
+	"encoding/base64"
+	"encoding/json"
+	"fmt"
+	"math"
+	"reflect"
+	"strconv"
+	"strings"
+	"sync"
+	"unsafe"
+
+	"github.com/goccy/go-json/internal/errors"
+	"github.com/goccy/go-json/internal/runtime"
+)
+
+func (t OpType) IsMultipleOpHead() bool {
+	switch t {
+	case OpStructHead:
+		return true
+	case OpStructHeadSlice:
+		return true
+	case OpStructHeadArray:
+		return true
+	case OpStructHeadMap:
+		return true
+	case OpStructHeadStruct:
+		return true
+	case OpStructHeadOmitEmpty:
+		return true
+	case OpStructHeadOmitEmptySlice:
+		return true
+	case OpStructHeadOmitEmptyArray:
+		return true
+	case OpStructHeadOmitEmptyMap:
+		return true
+	case OpStructHeadOmitEmptyStruct:
+		return true
+	case OpStructHeadSlicePtr:
+		return true
+	case OpStructHeadOmitEmptySlicePtr:
+		return true
+	case OpStructHeadArrayPtr:
+		return true
+	case OpStructHeadOmitEmptyArrayPtr:
+		return true
+	case OpStructHeadMapPtr:
+		return true
+	case OpStructHeadOmitEmptyMapPtr:
+		return true
+	}
+	return false
+}
+
+func (t OpType) IsMultipleOpField() bool {
+	switch t {
+	case OpStructField:
+		return true
+	case OpStructFieldSlice:
+		return true
+	case OpStructFieldArray:
+		return true
+	case OpStructFieldMap:
+		return true
+	case OpStructFieldStruct:
+		return true
+	case OpStructFieldOmitEmpty:
+		return true
+	case OpStructFieldOmitEmptySlice:
+		return true
+	case OpStructFieldOmitEmptyArray:
+		return true
+	case OpStructFieldOmitEmptyMap:
+		return true
+	case OpStructFieldOmitEmptyStruct:
+		return true
+	case OpStructFieldSlicePtr:
+		return true
+	case OpStructFieldOmitEmptySlicePtr:
+		return true
+	case OpStructFieldArrayPtr:
+		return true
+	case OpStructFieldOmitEmptyArrayPtr:
+		return true
+	case OpStructFieldMapPtr:
+		return true
+	case OpStructFieldOmitEmptyMapPtr:
+		return true
+	}
+	return false
+}
+
+type OpcodeSet struct {
+	Type                     *runtime.Type
+	NoescapeKeyCode          *Opcode
+	EscapeKeyCode            *Opcode
+	InterfaceNoescapeKeyCode *Opcode
+	InterfaceEscapeKeyCode   *Opcode
+	CodeLength               int
+	EndCode                  *Opcode
+	Code                     Code
+	QueryCache               map[string]*OpcodeSet
+	cacheMu                  sync.RWMutex
+}
+
+func (s *OpcodeSet) getQueryCache(hash string) *OpcodeSet {
+	s.cacheMu.RLock()
+	codeSet := s.QueryCache[hash]
+	s.cacheMu.RUnlock()
+	return codeSet
+}
+
+func (s *OpcodeSet) setQueryCache(hash string, codeSet *OpcodeSet) {
+	s.cacheMu.Lock()
+	s.QueryCache[hash] = codeSet
+	s.cacheMu.Unlock()
+}
+
+type CompiledCode struct {
+	Code    *Opcode
+	Linked  bool // whether recursive code already have linked
+	CurLen  uintptr
+	NextLen uintptr
+}
+
+const StartDetectingCyclesAfter = 1000
+
+func Load(base uintptr, idx uintptr) uintptr {
+	addr := base + idx
+	return **(**uintptr)(unsafe.Pointer(&addr))
+}
+
+func Store(base uintptr, idx uintptr, p uintptr) {
+	addr := base + idx
+	**(**uintptr)(unsafe.Pointer(&addr)) = p
+}
+
+func LoadNPtr(base uintptr, idx uintptr, ptrNum int) uintptr {
+	addr := base + idx
+	p := **(**uintptr)(unsafe.Pointer(&addr))
+	if p == 0 {
+		return 0
+	}
+	return PtrToPtr(p)
+	/*
+		for i := 0; i < ptrNum; i++ {
+			if p == 0 {
+				return p
+			}
+			p = PtrToPtr(p)
+		}
+		return p
+	*/
+}
+
+func PtrToUint64(p uintptr) uint64              { return **(**uint64)(unsafe.Pointer(&p)) }
+func PtrToFloat32(p uintptr) float32            { return **(**float32)(unsafe.Pointer(&p)) }
+func PtrToFloat64(p uintptr) float64            { return **(**float64)(unsafe.Pointer(&p)) }
+func PtrToBool(p uintptr) bool                  { return **(**bool)(unsafe.Pointer(&p)) }
+func PtrToBytes(p uintptr) []byte               { return **(**[]byte)(unsafe.Pointer(&p)) }
+func PtrToNumber(p uintptr) json.Number         { return **(**json.Number)(unsafe.Pointer(&p)) }
+func PtrToString(p uintptr) string              { return **(**string)(unsafe.Pointer(&p)) }
+func PtrToSlice(p uintptr) *runtime.SliceHeader { return *(**runtime.SliceHeader)(unsafe.Pointer(&p)) }
+func PtrToPtr(p uintptr) uintptr {
+	return uintptr(**(**unsafe.Pointer)(unsafe.Pointer(&p)))
+}
+func PtrToNPtr(p uintptr, ptrNum int) uintptr {
+	for i := 0; i < ptrNum; i++ {
+		if p == 0 {
+			return 0
+		}
+		p = PtrToPtr(p)
+	}
+	return p
+}
+
+func PtrToUnsafePtr(p uintptr) unsafe.Pointer {
+	return *(*unsafe.Pointer)(unsafe.Pointer(&p))
+}
+func PtrToInterface(code *Opcode, p uintptr) interface{} {
+	return *(*interface{})(unsafe.Pointer(&emptyInterface{
+		typ: code.Type,
+		ptr: *(*unsafe.Pointer)(unsafe.Pointer(&p)),
+	}))
+}
+
+func ErrUnsupportedValue(code *Opcode, ptr uintptr) *errors.UnsupportedValueError {
+	v := *(*interface{})(unsafe.Pointer(&emptyInterface{
+		typ: code.Type,
+		ptr: *(*unsafe.Pointer)(unsafe.Pointer(&ptr)),
+	}))
+	return &errors.UnsupportedValueError{
+		Value: reflect.ValueOf(v),
+		Str:   fmt.Sprintf("encountered a cycle via %s", code.Type),
+	}
+}
+
+func ErrUnsupportedFloat(v float64) *errors.UnsupportedValueError {
+	return &errors.UnsupportedValueError{
+		Value: reflect.ValueOf(v),
+		Str:   strconv.FormatFloat(v, 'g', -1, 64),
+	}
+}
+
+func ErrMarshalerWithCode(code *Opcode, err error) *errors.MarshalerError {
+	return &errors.MarshalerError{
+		Type: runtime.RType2Type(code.Type),
+		Err:  err,
+	}
+}
+
+type emptyInterface struct {
+	typ *runtime.Type
+	ptr unsafe.Pointer
+}
+
+type MapItem struct {
+	Key   []byte
+	Value []byte
+}
+
+type Mapslice struct {
+	Items []MapItem
+}
+
+func (m *Mapslice) Len() int {
+	return len(m.Items)
+}
+
+func (m *Mapslice) Less(i, j int) bool {
+	return bytes.Compare(m.Items[i].Key, m.Items[j].Key) < 0
+}
+
+func (m *Mapslice) Swap(i, j int) {
+	m.Items[i], m.Items[j] = m.Items[j], m.Items[i]
+}
+
+//nolint:structcheck,unused
+type mapIter struct {
+	key         unsafe.Pointer
+	elem        unsafe.Pointer
+	t           unsafe.Pointer
+	h           unsafe.Pointer
+	buckets     unsafe.Pointer
+	bptr        unsafe.Pointer
+	overflow    unsafe.Pointer
+	oldoverflow unsafe.Pointer
+	startBucket uintptr
+	offset      uint8
+	wrapped     bool
+	B           uint8
+	i           uint8
+	bucket      uintptr
+	checkBucket uintptr
+}
+
+type MapContext struct {
+	Start int
+	First int
+	Idx   int
+	Slice *Mapslice
+	Buf   []byte
+	Len   int
+	Iter  mapIter
+}
+
+var mapContextPool = sync.Pool{
+	New: func() interface{} {
+		return &MapContext{
+			Slice: &Mapslice{},
+		}
+	},
+}
+
+func NewMapContext(mapLen int, unorderedMap bool) *MapContext {
+	ctx := mapContextPool.Get().(*MapContext)
+	if !unorderedMap {
+		if len(ctx.Slice.Items) < mapLen {
+			ctx.Slice.Items = make([]MapItem, mapLen)
+		} else {
+			ctx.Slice.Items = ctx.Slice.Items[:mapLen]
+		}
+	}
+	ctx.Buf = ctx.Buf[:0]
+	ctx.Iter = mapIter{}
+	ctx.Idx = 0
+	ctx.Len = mapLen
+	return ctx
+}
+
+func ReleaseMapContext(c *MapContext) {
+	mapContextPool.Put(c)
+}
+
+//go:linkname MapIterInit runtime.mapiterinit
+//go:noescape
+func MapIterInit(mapType *runtime.Type, m unsafe.Pointer, it *mapIter)
+
+//go:linkname MapIterKey reflect.mapiterkey
+//go:noescape
+func MapIterKey(it *mapIter) unsafe.Pointer
+
+//go:linkname MapIterNext reflect.mapiternext
+//go:noescape
+func MapIterNext(it *mapIter)
+
+//go:linkname MapLen reflect.maplen
+//go:noescape
+func MapLen(m unsafe.Pointer) int
+
+func AppendByteSlice(_ *RuntimeContext, b []byte, src []byte) []byte {
+	if src == nil {
+		return append(b, `null`...)
+	}
+	encodedLen := base64.StdEncoding.EncodedLen(len(src))
+	b = append(b, '"')
+	pos := len(b)
+	remainLen := cap(b[pos:])
+	var buf []byte
+	if remainLen > encodedLen {
+		buf = b[pos : pos+encodedLen]
+	} else {
+		buf = make([]byte, encodedLen)
+	}
+	base64.StdEncoding.Encode(buf, src)
+	return append(append(b, buf...), '"')
+}
+
+func AppendFloat32(_ *RuntimeContext, b []byte, v float32) []byte {
+	f64 := float64(v)
+	abs := math.Abs(f64)
+	fmt := byte('f')
+	// Note: Must use float32 comparisons for underlying float32 value to get precise cutoffs right.
+	if abs != 0 {
+		f32 := float32(abs)
+		if f32 < 1e-6 || f32 >= 1e21 {
+			fmt = 'e'
+		}
+	}
+	return strconv.AppendFloat(b, f64, fmt, -1, 32)
+}
+
+func AppendFloat64(_ *RuntimeContext, b []byte, v float64) []byte {
+	abs := math.Abs(v)
+	fmt := byte('f')
+	// Note: Must use float32 comparisons for underlying float32 value to get precise cutoffs right.
+	if abs != 0 {
+		if abs < 1e-6 || abs >= 1e21 {
+			fmt = 'e'
+		}
+	}
+	return strconv.AppendFloat(b, v, fmt, -1, 64)
+}
+
+func AppendBool(_ *RuntimeContext, b []byte, v bool) []byte {
+	if v {
+		return append(b, "true"...)
+	}
+	return append(b, "false"...)
+}
+
+var (
+	floatTable = [256]bool{
+		'0': true,
+		'1': true,
+		'2': true,
+		'3': true,
+		'4': true,
+		'5': true,
+		'6': true,
+		'7': true,
+		'8': true,
+		'9': true,
+		'.': true,
+		'e': true,
+		'E': true,
+		'+': true,
+		'-': true,
+	}
+)
+
+func AppendNumber(_ *RuntimeContext, b []byte, n json.Number) ([]byte, error) {
+	if len(n) == 0 {
+		return append(b, '0'), nil
+	}
+	for i := 0; i < len(n); i++ {
+		if !floatTable[n[i]] {
+			return nil, fmt.Errorf("json: invalid number literal %q", n)
+		}
+	}
+	b = append(b, n...)
+	return b, nil
+}
+
+func AppendMarshalJSON(ctx *RuntimeContext, code *Opcode, b []byte, v interface{}) ([]byte, error) {
+	rv := reflect.ValueOf(v) // convert by dynamic interface type
+	if (code.Flags & AddrForMarshalerFlags) != 0 {
+		if rv.CanAddr() {
+			rv = rv.Addr()
+		} else {
+			newV := reflect.New(rv.Type())
+			newV.Elem().Set(rv)
+			rv = newV
+		}
+	}
+	v = rv.Interface()
+	var bb []byte
+	if (code.Flags & MarshalerContextFlags) != 0 {
+		marshaler, ok := v.(marshalerContext)
+		if !ok {
+			return AppendNull(ctx, b), nil
+		}
+		stdctx := ctx.Option.Context
+		if ctx.Option.Flag&FieldQueryOption != 0 {
+			stdctx = SetFieldQueryToContext(stdctx, code.FieldQuery)
+		}
+		b, err := marshaler.MarshalJSON(stdctx)
+		if err != nil {
+			return nil, &errors.MarshalerError{Type: reflect.TypeOf(v), Err: err}
+		}
+		bb = b
+	} else {
+		marshaler, ok := v.(json.Marshaler)
+		if !ok {
+			return AppendNull(ctx, b), nil
+		}
+		b, err := marshaler.MarshalJSON()
+		if err != nil {
+			return nil, &errors.MarshalerError{Type: reflect.TypeOf(v), Err: err}
+		}
+		bb = b
+	}
+	marshalBuf := ctx.MarshalBuf[:0]
+	marshalBuf = append(append(marshalBuf, bb...), nul)
+	compactedBuf, err := compact(b, marshalBuf, (ctx.Option.Flag&HTMLEscapeOption) != 0)
+	if err != nil {
+		return nil, &errors.MarshalerError{Type: reflect.TypeOf(v), Err: err}
+	}
+	ctx.MarshalBuf = marshalBuf
+	return compactedBuf, nil
+}
+
+func AppendMarshalJSONIndent(ctx *RuntimeContext, code *Opcode, b []byte, v interface{}) ([]byte, error) {
+	rv := reflect.ValueOf(v) // convert by dynamic interface type
+	if (code.Flags & AddrForMarshalerFlags) != 0 {
+		if rv.CanAddr() {
+			rv = rv.Addr()
+		} else {
+			newV := reflect.New(rv.Type())
+			newV.Elem().Set(rv)
+			rv = newV
+		}
+	}
+	v = rv.Interface()
+	var bb []byte
+	if (code.Flags & MarshalerContextFlags) != 0 {
+		marshaler, ok := v.(marshalerContext)
+		if !ok {
+			return AppendNull(ctx, b), nil
+		}
+		b, err := marshaler.MarshalJSON(ctx.Option.Context)
+		if err != nil {
+			return nil, &errors.MarshalerError{Type: reflect.TypeOf(v), Err: err}
+		}
+		bb = b
+	} else {
+		marshaler, ok := v.(json.Marshaler)
+		if !ok {
+			return AppendNull(ctx, b), nil
+		}
+		b, err := marshaler.MarshalJSON()
+		if err != nil {
+			return nil, &errors.MarshalerError{Type: reflect.TypeOf(v), Err: err}
+		}
+		bb = b
+	}
+	marshalBuf := ctx.MarshalBuf[:0]
+	marshalBuf = append(append(marshalBuf, bb...), nul)
+	indentedBuf, err := doIndent(
+		b,
+		marshalBuf,
+		string(ctx.Prefix)+strings.Repeat(string(ctx.IndentStr), int(ctx.BaseIndent+code.Indent)),
+		string(ctx.IndentStr),
+		(ctx.Option.Flag&HTMLEscapeOption) != 0,
+	)
+	if err != nil {
+		return nil, &errors.MarshalerError{Type: reflect.TypeOf(v), Err: err}
+	}
+	ctx.MarshalBuf = marshalBuf
+	return indentedBuf, nil
+}
+
+func AppendMarshalText(ctx *RuntimeContext, code *Opcode, b []byte, v interface{}) ([]byte, error) {
+	rv := reflect.ValueOf(v) // convert by dynamic interface type
+	if (code.Flags & AddrForMarshalerFlags) != 0 {
+		if rv.CanAddr() {
+			rv = rv.Addr()
+		} else {
+			newV := reflect.New(rv.Type())
+			newV.Elem().Set(rv)
+			rv = newV
+		}
+	}
+	v = rv.Interface()
+	marshaler, ok := v.(encoding.TextMarshaler)
+	if !ok {
+		return AppendNull(ctx, b), nil
+	}
+	bytes, err := marshaler.MarshalText()
+	if err != nil {
+		return nil, &errors.MarshalerError{Type: reflect.TypeOf(v), Err: err}
+	}
+	return AppendString(ctx, b, *(*string)(unsafe.Pointer(&bytes))), nil
+}
+
+func AppendMarshalTextIndent(ctx *RuntimeContext, code *Opcode, b []byte, v interface{}) ([]byte, error) {
+	rv := reflect.ValueOf(v) // convert by dynamic interface type
+	if (code.Flags & AddrForMarshalerFlags) != 0 {
+		if rv.CanAddr() {
+			rv = rv.Addr()
+		} else {
+			newV := reflect.New(rv.Type())
+			newV.Elem().Set(rv)
+			rv = newV
+		}
+	}
+	v = rv.Interface()
+	marshaler, ok := v.(encoding.TextMarshaler)
+	if !ok {
+		return AppendNull(ctx, b), nil
+	}
+	bytes, err := marshaler.MarshalText()
+	if err != nil {
+		return nil, &errors.MarshalerError{Type: reflect.TypeOf(v), Err: err}
+	}
+	return AppendString(ctx, b, *(*string)(unsafe.Pointer(&bytes))), nil
+}
+
+func AppendNull(_ *RuntimeContext, b []byte) []byte {
+	return append(b, "null"...)
+}
+
+func AppendComma(_ *RuntimeContext, b []byte) []byte {
+	return append(b, ',')
+}
+
+func AppendCommaIndent(_ *RuntimeContext, b []byte) []byte {
+	return append(b, ',', '\n')
+}
+
+func AppendStructEnd(_ *RuntimeContext, b []byte) []byte {
+	return append(b, '}', ',')
+}
+
+func AppendStructEndIndent(ctx *RuntimeContext, code *Opcode, b []byte) []byte {
+	b = append(b, '\n')
+	b = append(b, ctx.Prefix...)
+	indentNum := ctx.BaseIndent + code.Indent - 1
+	for i := uint32(0); i < indentNum; i++ {
+		b = append(b, ctx.IndentStr...)
+	}
+	return append(b, '}', ',', '\n')
+}
+
+func AppendIndent(ctx *RuntimeContext, b []byte, indent uint32) []byte {
+	b = append(b, ctx.Prefix...)
+	indentNum := ctx.BaseIndent + indent
+	for i := uint32(0); i < indentNum; i++ {
+		b = append(b, ctx.IndentStr...)
+	}
+	return b
+}
+
+func IsNilForMarshaler(v interface{}) bool {
+	rv := reflect.ValueOf(v)
+	switch rv.Kind() {
+	case reflect.Bool:
+		return !rv.Bool()
+	case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64:
+		return rv.Int() == 0
+	case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr:
+		return rv.Uint() == 0
+	case reflect.Float32, reflect.Float64:
+		return math.Float64bits(rv.Float()) == 0
+	case reflect.Interface, reflect.Map, reflect.Ptr, reflect.Func:
+		return rv.IsNil()
+	case reflect.Slice:
+		return rv.IsNil() || rv.Len() == 0
+	case reflect.String:
+		return rv.Len() == 0
+	}
+	return false
+}
diff --git a/vendor/github.com/goccy/go-json/internal/encoder/indent.go b/vendor/github.com/goccy/go-json/internal/encoder/indent.go
new file mode 100644
index 000000000..dfe04b5e3
--- /dev/null
+++ b/vendor/github.com/goccy/go-json/internal/encoder/indent.go
@@ -0,0 +1,211 @@
+package encoder
+
+import (
+	"bytes"
+	"fmt"
+
+	"github.com/goccy/go-json/internal/errors"
+)
+
+func takeIndentSrcRuntimeContext(src []byte) (*RuntimeContext, []byte) {
+	ctx := TakeRuntimeContext()
+	buf := ctx.Buf[:0]
+	buf = append(append(buf, src...), nul)
+	ctx.Buf = buf
+	return ctx, buf
+}
+
+func Indent(buf *bytes.Buffer, src []byte, prefix, indentStr string) error {
+	if len(src) == 0 {
+		return errors.ErrUnexpectedEndOfJSON("", 0)
+	}
+
+	srcCtx, srcBuf := takeIndentSrcRuntimeContext(src)
+	dstCtx := TakeRuntimeContext()
+	dst := dstCtx.Buf[:0]
+
+	dst, err := indentAndWrite(buf, dst, srcBuf, prefix, indentStr)
+	if err != nil {
+		ReleaseRuntimeContext(srcCtx)
+		ReleaseRuntimeContext(dstCtx)
+		return err
+	}
+	dstCtx.Buf = dst
+	ReleaseRuntimeContext(srcCtx)
+	ReleaseRuntimeContext(dstCtx)
+	return nil
+}
+
+func indentAndWrite(buf *bytes.Buffer, dst []byte, src []byte, prefix, indentStr string) ([]byte, error) {
+	dst, err := doIndent(dst, src, prefix, indentStr, false)
+	if err != nil {
+		return nil, err
+	}
+	if _, err := buf.Write(dst); err != nil {
+		return nil, err
+	}
+	return dst, nil
+}
+
+func doIndent(dst, src []byte, prefix, indentStr string, escape bool) ([]byte, error) {
+	buf, cursor, err := indentValue(dst, src, 0, 0, []byte(prefix), []byte(indentStr), escape)
+	if err != nil {
+		return nil, err
+	}
+	if err := validateEndBuf(src, cursor); err != nil {
+		return nil, err
+	}
+	return buf, nil
+}
+
+func indentValue(
+	dst []byte,
+	src []byte,
+	indentNum int,
+	cursor int64,
+	prefix []byte,
+	indentBytes []byte,
+	escape bool) ([]byte, int64, error) {
+	for {
+		switch src[cursor] {
+		case ' ', '\t', '\n', '\r':
+			cursor++
+			continue
+		case '{':
+			return indentObject(dst, src, indentNum, cursor, prefix, indentBytes, escape)
+		case '}':
+			return nil, 0, errors.ErrSyntax("unexpected character '}'", cursor)
+		case '[':
+			return indentArray(dst, src, indentNum, cursor, prefix, indentBytes, escape)
+		case ']':
+			return nil, 0, errors.ErrSyntax("unexpected character ']'", cursor)
+		case '"':
+			return compactString(dst, src, cursor, escape)
+		case '-', '0', '1', '2', '3', '4', '5', '6', '7', '8', '9':
+			return compactNumber(dst, src, cursor)
+		case 't':
+			return compactTrue(dst, src, cursor)
+		case 'f':
+			return compactFalse(dst, src, cursor)
+		case 'n':
+			return compactNull(dst, src, cursor)
+		default:
+			return nil, 0, errors.ErrSyntax(fmt.Sprintf("unexpected character '%c'", src[cursor]), cursor)
+		}
+	}
+}
+
+func indentObject(
+	dst []byte,
+	src []byte,
+	indentNum int,
+	cursor int64,
+	prefix []byte,
+	indentBytes []byte,
+	escape bool) ([]byte, int64, error) {
+	if src[cursor] == '{' {
+		dst = append(dst, '{')
+	} else {
+		return nil, 0, errors.ErrExpected("expected { character for object value", cursor)
+	}
+	cursor = skipWhiteSpace(src, cursor+1)
+	if src[cursor] == '}' {
+		dst = append(dst, '}')
+		return dst, cursor + 1, nil
+	}
+	indentNum++
+	var err error
+	for {
+		dst = append(append(dst, '\n'), prefix...)
+		for i := 0; i < indentNum; i++ {
+			dst = append(dst, indentBytes...)
+		}
+		cursor = skipWhiteSpace(src, cursor)
+		dst, cursor, err = compactString(dst, src, cursor, escape)
+		if err != nil {
+			return nil, 0, err
+		}
+		cursor = skipWhiteSpace(src, cursor)
+		if src[cursor] != ':' {
+			return nil, 0, errors.ErrSyntax(
+				fmt.Sprintf("invalid character '%c' after object key", src[cursor]),
+				cursor+1,
+			)
+		}
+		dst = append(dst, ':', ' ')
+		dst, cursor, err = indentValue(dst, src, indentNum, cursor+1, prefix, indentBytes, escape)
+		if err != nil {
+			return nil, 0, err
+		}
+		cursor = skipWhiteSpace(src, cursor)
+		switch src[cursor] {
+		case '}':
+			dst = append(append(dst, '\n'), prefix...)
+			for i := 0; i < indentNum-1; i++ {
+				dst = append(dst, indentBytes...)
+			}
+			dst = append(dst, '}')
+			cursor++
+			return dst, cursor, nil
+		case ',':
+			dst = append(dst, ',')
+		default:
+			return nil, 0, errors.ErrSyntax(
+				fmt.Sprintf("invalid character '%c' after object key:value pair", src[cursor]),
+				cursor+1,
+			)
+		}
+		cursor++
+	}
+}
+
+func indentArray(
+	dst []byte,
+	src []byte,
+	indentNum int,
+	cursor int64,
+	prefix []byte,
+	indentBytes []byte,
+	escape bool) ([]byte, int64, error) {
+	if src[cursor] == '[' {
+		dst = append(dst, '[')
+	} else {
+		return nil, 0, errors.ErrExpected("expected [ character for array value", cursor)
+	}
+	cursor = skipWhiteSpace(src, cursor+1)
+	if src[cursor] == ']' {
+		dst = append(dst, ']')
+		return dst, cursor + 1, nil
+	}
+	indentNum++
+	var err error
+	for {
+		dst = append(append(dst, '\n'), prefix...)
+		for i := 0; i < indentNum; i++ {
+			dst = append(dst, indentBytes...)
+		}
+		dst, cursor, err = indentValue(dst, src, indentNum, cursor, prefix, indentBytes, escape)
+		if err != nil {
+			return nil, 0, err
+		}
+		cursor = skipWhiteSpace(src, cursor)
+		switch src[cursor] {
+		case ']':
+			dst = append(append(dst, '\n'), prefix...)
+			for i := 0; i < indentNum-1; i++ {
+				dst = append(dst, indentBytes...)
+			}
+			dst = append(dst, ']')
+			cursor++
+			return dst, cursor, nil
+		case ',':
+			dst = append(dst, ',')
+		default:
+			return nil, 0, errors.ErrSyntax(
+				fmt.Sprintf("invalid character '%c' after array value", src[cursor]),
+				cursor+1,
+			)
+		}
+		cursor++
+	}
+}
diff --git a/vendor/github.com/goccy/go-json/internal/encoder/int.go b/vendor/github.com/goccy/go-json/internal/encoder/int.go
new file mode 100644
index 000000000..85f079609
--- /dev/null
+++ b/vendor/github.com/goccy/go-json/internal/encoder/int.go
@@ -0,0 +1,152 @@
+package encoder
+
+import (
+	"unsafe"
+)
+
+var endianness int
+
+func init() {
+	var b [2]byte
+	*(*uint16)(unsafe.Pointer(&b)) = uint16(0xABCD)
+
+	switch b[0] {
+	case 0xCD:
+		endianness = 0 // LE
+	case 0xAB:
+		endianness = 1 // BE
+	default:
+		panic("could not determine endianness")
+	}
+}
+
+// "00010203...96979899" cast to []uint16
+var intLELookup = [100]uint16{
+	0x3030, 0x3130, 0x3230, 0x3330, 0x3430, 0x3530, 0x3630, 0x3730, 0x3830, 0x3930,
+	0x3031, 0x3131, 0x3231, 0x3331, 0x3431, 0x3531, 0x3631, 0x3731, 0x3831, 0x3931,
+	0x3032, 0x3132, 0x3232, 0x3332, 0x3432, 0x3532, 0x3632, 0x3732, 0x3832, 0x3932,
+	0x3033, 0x3133, 0x3233, 0x3333, 0x3433, 0x3533, 0x3633, 0x3733, 0x3833, 0x3933,
+	0x3034, 0x3134, 0x3234, 0x3334, 0x3434, 0x3534, 0x3634, 0x3734, 0x3834, 0x3934,
+	0x3035, 0x3135, 0x3235, 0x3335, 0x3435, 0x3535, 0x3635, 0x3735, 0x3835, 0x3935,
+	0x3036, 0x3136, 0x3236, 0x3336, 0x3436, 0x3536, 0x3636, 0x3736, 0x3836, 0x3936,
+	0x3037, 0x3137, 0x3237, 0x3337, 0x3437, 0x3537, 0x3637, 0x3737, 0x3837, 0x3937,
+	0x3038, 0x3138, 0x3238, 0x3338, 0x3438, 0x3538, 0x3638, 0x3738, 0x3838, 0x3938,
+	0x3039, 0x3139, 0x3239, 0x3339, 0x3439, 0x3539, 0x3639, 0x3739, 0x3839, 0x3939,
+}
+
+var intBELookup = [100]uint16{
+	0x3030, 0x3031, 0x3032, 0x3033, 0x3034, 0x3035, 0x3036, 0x3037, 0x3038, 0x3039,
+	0x3130, 0x3131, 0x3132, 0x3133, 0x3134, 0x3135, 0x3136, 0x3137, 0x3138, 0x3139,
+	0x3230, 0x3231, 0x3232, 0x3233, 0x3234, 0x3235, 0x3236, 0x3237, 0x3238, 0x3239,
+	0x3330, 0x3331, 0x3332, 0x3333, 0x3334, 0x3335, 0x3336, 0x3337, 0x3338, 0x3339,
+	0x3430, 0x3431, 0x3432, 0x3433, 0x3434, 0x3435, 0x3436, 0x3437, 0x3438, 0x3439,
+	0x3530, 0x3531, 0x3532, 0x3533, 0x3534, 0x3535, 0x3536, 0x3537, 0x3538, 0x3539,
+	0x3630, 0x3631, 0x3632, 0x3633, 0x3634, 0x3635, 0x3636, 0x3637, 0x3638, 0x3639,
+	0x3730, 0x3731, 0x3732, 0x3733, 0x3734, 0x3735, 0x3736, 0x3737, 0x3738, 0x3739,
+	0x3830, 0x3831, 0x3832, 0x3833, 0x3834, 0x3835, 0x3836, 0x3837, 0x3838, 0x3839,
+	0x3930, 0x3931, 0x3932, 0x3933, 0x3934, 0x3935, 0x3936, 0x3937, 0x3938, 0x3939,
+}
+
+var intLookup = [2]*[100]uint16{&intLELookup, &intBELookup}
+
+func numMask(numBitSize uint8) uint64 {
+	return 1<<numBitSize - 1
+}
+
+func AppendInt(_ *RuntimeContext, out []byte, p uintptr, code *Opcode) []byte {
+	var u64 uint64
+	switch code.NumBitSize {
+	case 8:
+		u64 = (uint64)(**(**uint8)(unsafe.Pointer(&p)))
+	case 16:
+		u64 = (uint64)(**(**uint16)(unsafe.Pointer(&p)))
+	case 32:
+		u64 = (uint64)(**(**uint32)(unsafe.Pointer(&p)))
+	case 64:
+		u64 = **(**uint64)(unsafe.Pointer(&p))
+	}
+	mask := numMask(code.NumBitSize)
+	n := u64 & mask
+	negative := (u64>>(code.NumBitSize-1))&1 == 1
+	if !negative {
+		if n < 10 {
+			return append(out, byte(n+'0'))
+		} else if n < 100 {
+			u := intLELookup[n]
+			return append(out, byte(u), byte(u>>8))
+		}
+	} else {
+		n = -n & mask
+	}
+
+	lookup := intLookup[endianness]
+
+	var b [22]byte
+	u := (*[11]uint16)(unsafe.Pointer(&b))
+	i := 11
+
+	for n >= 100 {
+		j := n % 100
+		n /= 100
+		i--
+		u[i] = lookup[j]
+	}
+
+	i--
+	u[i] = lookup[n]
+
+	i *= 2 // convert to byte index
+	if n < 10 {
+		i++ // remove leading zero
+	}
+	if negative {
+		i--
+		b[i] = '-'
+	}
+
+	return append(out, b[i:]...)
+}
+
+func AppendUint(_ *RuntimeContext, out []byte, p uintptr, code *Opcode) []byte {
+	var u64 uint64
+	switch code.NumBitSize {
+	case 8:
+		u64 = (uint64)(**(**uint8)(unsafe.Pointer(&p)))
+	case 16:
+		u64 = (uint64)(**(**uint16)(unsafe.Pointer(&p)))
+	case 32:
+		u64 = (uint64)(**(**uint32)(unsafe.Pointer(&p)))
+	case 64:
+		u64 = **(**uint64)(unsafe.Pointer(&p))
+	}
+	mask := numMask(code.NumBitSize)
+	n := u64 & mask
+	if n < 10 {
+		return append(out, byte(n+'0'))
+	} else if n < 100 {
+		u := intLELookup[n]
+		return append(out, byte(u), byte(u>>8))
+	}
+
+	lookup := intLookup[endianness]
+
+	var b [22]byte
+	u := (*[11]uint16)(unsafe.Pointer(&b))
+	i := 11
+
+	for n >= 100 {
+		j := n % 100
+		n /= 100
+		i--
+		u[i] = lookup[j]
+	}
+
+	i--
+	u[i] = lookup[n]
+
+	i *= 2 // convert to byte index
+	if n < 10 {
+		i++ // remove leading zero
+	}
+	return append(out, b[i:]...)
+}
diff --git a/vendor/github.com/goccy/go-json/internal/encoder/map112.go b/vendor/github.com/goccy/go-json/internal/encoder/map112.go
new file mode 100644
index 000000000..e96ffadf7
--- /dev/null
+++ b/vendor/github.com/goccy/go-json/internal/encoder/map112.go
@@ -0,0 +1,9 @@
+//go:build !go1.13
+// +build !go1.13
+
+package encoder
+
+import "unsafe"
+
+//go:linkname MapIterValue reflect.mapitervalue
+func MapIterValue(it *mapIter) unsafe.Pointer
diff --git a/vendor/github.com/goccy/go-json/internal/encoder/map113.go b/vendor/github.com/goccy/go-json/internal/encoder/map113.go
new file mode 100644
index 000000000..9b69dcc36
--- /dev/null
+++ b/vendor/github.com/goccy/go-json/internal/encoder/map113.go
@@ -0,0 +1,9 @@
+//go:build go1.13
+// +build go1.13
+
+package encoder
+
+import "unsafe"
+
+//go:linkname MapIterValue reflect.mapiterelem
+func MapIterValue(it *mapIter) unsafe.Pointer
diff --git a/vendor/github.com/goccy/go-json/internal/encoder/opcode.go b/vendor/github.com/goccy/go-json/internal/encoder/opcode.go
new file mode 100644
index 000000000..df22f5542
--- /dev/null
+++ b/vendor/github.com/goccy/go-json/internal/encoder/opcode.go
@@ -0,0 +1,752 @@
+package encoder
+
+import (
+	"bytes"
+	"fmt"
+	"sort"
+	"strings"
+	"unsafe"
+
+	"github.com/goccy/go-json/internal/runtime"
+)
+
+const uintptrSize = 4 << (^uintptr(0) >> 63)
+
+type OpFlags uint16
+
+const (
+	AnonymousHeadFlags     OpFlags = 1 << 0
+	AnonymousKeyFlags      OpFlags = 1 << 1
+	IndirectFlags          OpFlags = 1 << 2
+	IsTaggedKeyFlags       OpFlags = 1 << 3
+	NilCheckFlags          OpFlags = 1 << 4
+	AddrForMarshalerFlags  OpFlags = 1 << 5
+	IsNextOpPtrTypeFlags   OpFlags = 1 << 6
+	IsNilableTypeFlags     OpFlags = 1 << 7
+	MarshalerContextFlags  OpFlags = 1 << 8
+	NonEmptyInterfaceFlags OpFlags = 1 << 9
+)
+
+type Opcode struct {
+	Op         OpType  // operation type
+	Idx        uint32  // offset to access ptr
+	Next       *Opcode // next opcode
+	End        *Opcode // array/slice/struct/map end
+	NextField  *Opcode // next struct field
+	Key        string  // struct field key
+	Offset     uint32  // offset size from struct header
+	PtrNum     uint8   // pointer number: e.g. double pointer is 2.
+	NumBitSize uint8
+	Flags      OpFlags
+
+	Type       *runtime.Type // go type
+	Jmp        *CompiledCode // for recursive call
+	FieldQuery *FieldQuery   // field query for Interface / MarshalJSON / MarshalText
+	ElemIdx    uint32        // offset to access array/slice elem
+	Length     uint32        // offset to access slice length or array length
+	Indent     uint32        // indent number
+	Size       uint32        // array/slice elem size
+	DisplayIdx uint32        // opcode index
+	DisplayKey string        // key text to display
+}
+
+func (c *Opcode) Validate() error {
+	var prevIdx uint32
+	for code := c; !code.IsEnd(); {
+		if prevIdx != 0 {
+			if code.DisplayIdx != prevIdx+1 {
+				return fmt.Errorf(
+					"invalid index. previous display index is %d but next is %d. dump = %s",
+					prevIdx, code.DisplayIdx, c.Dump(),
+				)
+			}
+		}
+		prevIdx = code.DisplayIdx
+		code = code.IterNext()
+	}
+	return nil
+}
+
+func (c *Opcode) IterNext() *Opcode {
+	if c == nil {
+		return nil
+	}
+	switch c.Op.CodeType() {
+	case CodeArrayElem, CodeSliceElem, CodeMapKey:
+		return c.End
+	default:
+		return c.Next
+	}
+}
+
+func (c *Opcode) IsEnd() bool {
+	if c == nil {
+		return true
+	}
+	return c.Op == OpEnd || c.Op == OpInterfaceEnd || c.Op == OpRecursiveEnd
+}
+
+func (c *Opcode) MaxIdx() uint32 {
+	max := uint32(0)
+	for _, value := range []uint32{
+		c.Idx,
+		c.ElemIdx,
+		c.Length,
+		c.Size,
+	} {
+		if max < value {
+			max = value
+		}
+	}
+	return max
+}
+
+func (c *Opcode) ToHeaderType(isString bool) OpType {
+	switch c.Op {
+	case OpInt:
+		if isString {
+			return OpStructHeadIntString
+		}
+		return OpStructHeadInt
+	case OpIntPtr:
+		if isString {
+			return OpStructHeadIntPtrString
+		}
+		return OpStructHeadIntPtr
+	case OpUint:
+		if isString {
+			return OpStructHeadUintString
+		}
+		return OpStructHeadUint
+	case OpUintPtr:
+		if isString {
+			return OpStructHeadUintPtrString
+		}
+		return OpStructHeadUintPtr
+	case OpFloat32:
+		if isString {
+			return OpStructHeadFloat32String
+		}
+		return OpStructHeadFloat32
+	case OpFloat32Ptr:
+		if isString {
+			return OpStructHeadFloat32PtrString
+		}
+		return OpStructHeadFloat32Ptr
+	case OpFloat64:
+		if isString {
+			return OpStructHeadFloat64String
+		}
+		return OpStructHeadFloat64
+	case OpFloat64Ptr:
+		if isString {
+			return OpStructHeadFloat64PtrString
+		}
+		return OpStructHeadFloat64Ptr
+	case OpString:
+		if isString {
+			return OpStructHeadStringString
+		}
+		return OpStructHeadString
+	case OpStringPtr:
+		if isString {
+			return OpStructHeadStringPtrString
+		}
+		return OpStructHeadStringPtr
+	case OpNumber:
+		if isString {
+			return OpStructHeadNumberString
+		}
+		return OpStructHeadNumber
+	case OpNumberPtr:
+		if isString {
+			return OpStructHeadNumberPtrString
+		}
+		return OpStructHeadNumberPtr
+	case OpBool:
+		if isString {
+			return OpStructHeadBoolString
+		}
+		return OpStructHeadBool
+	case OpBoolPtr:
+		if isString {
+			return OpStructHeadBoolPtrString
+		}
+		return OpStructHeadBoolPtr
+	case OpBytes:
+		return OpStructHeadBytes
+	case OpBytesPtr:
+		return OpStructHeadBytesPtr
+	case OpMap:
+		return OpStructHeadMap
+	case OpMapPtr:
+		c.Op = OpMap
+		return OpStructHeadMapPtr
+	case OpArray:
+		return OpStructHeadArray
+	case OpArrayPtr:
+		c.Op = OpArray
+		return OpStructHeadArrayPtr
+	case OpSlice:
+		return OpStructHeadSlice
+	case OpSlicePtr:
+		c.Op = OpSlice
+		return OpStructHeadSlicePtr
+	case OpMarshalJSON:
+		return OpStructHeadMarshalJSON
+	case OpMarshalJSONPtr:
+		return OpStructHeadMarshalJSONPtr
+	case OpMarshalText:
+		return OpStructHeadMarshalText
+	case OpMarshalTextPtr:
+		return OpStructHeadMarshalTextPtr
+	}
+	return OpStructHead
+}
+
+func (c *Opcode) ToFieldType(isString bool) OpType {
+	switch c.Op {
+	case OpInt:
+		if isString {
+			return OpStructFieldIntString
+		}
+		return OpStructFieldInt
+	case OpIntPtr:
+		if isString {
+			return OpStructFieldIntPtrString
+		}
+		return OpStructFieldIntPtr
+	case OpUint:
+		if isString {
+			return OpStructFieldUintString
+		}
+		return OpStructFieldUint
+	case OpUintPtr:
+		if isString {
+			return OpStructFieldUintPtrString
+		}
+		return OpStructFieldUintPtr
+	case OpFloat32:
+		if isString {
+			return OpStructFieldFloat32String
+		}
+		return OpStructFieldFloat32
+	case OpFloat32Ptr:
+		if isString {
+			return OpStructFieldFloat32PtrString
+		}
+		return OpStructFieldFloat32Ptr
+	case OpFloat64:
+		if isString {
+			return OpStructFieldFloat64String
+		}
+		return OpStructFieldFloat64
+	case OpFloat64Ptr:
+		if isString {
+			return OpStructFieldFloat64PtrString
+		}
+		return OpStructFieldFloat64Ptr
+	case OpString:
+		if isString {
+			return OpStructFieldStringString
+		}
+		return OpStructFieldString
+	case OpStringPtr:
+		if isString {
+			return OpStructFieldStringPtrString
+		}
+		return OpStructFieldStringPtr
+	case OpNumber:
+		if isString {
+			return OpStructFieldNumberString
+		}
+		return OpStructFieldNumber
+	case OpNumberPtr:
+		if isString {
+			return OpStructFieldNumberPtrString
+		}
+		return OpStructFieldNumberPtr
+	case OpBool:
+		if isString {
+			return OpStructFieldBoolString
+		}
+		return OpStructFieldBool
+	case OpBoolPtr:
+		if isString {
+			return OpStructFieldBoolPtrString
+		}
+		return OpStructFieldBoolPtr
+	case OpBytes:
+		return OpStructFieldBytes
+	case OpBytesPtr:
+		return OpStructFieldBytesPtr
+	case OpMap:
+		return OpStructFieldMap
+	case OpMapPtr:
+		c.Op = OpMap
+		return OpStructFieldMapPtr
+	case OpArray:
+		return OpStructFieldArray
+	case OpArrayPtr:
+		c.Op = OpArray
+		return OpStructFieldArrayPtr
+	case OpSlice:
+		return OpStructFieldSlice
+	case OpSlicePtr:
+		c.Op = OpSlice
+		return OpStructFieldSlicePtr
+	case OpMarshalJSON:
+		return OpStructFieldMarshalJSON
+	case OpMarshalJSONPtr:
+		return OpStructFieldMarshalJSONPtr
+	case OpMarshalText:
+		return OpStructFieldMarshalText
+	case OpMarshalTextPtr:
+		return OpStructFieldMarshalTextPtr
+	}
+	return OpStructField
+}
+
+func newOpCode(ctx *compileContext, typ *runtime.Type, op OpType) *Opcode {
+	return newOpCodeWithNext(ctx, typ, op, newEndOp(ctx, typ))
+}
+
+func opcodeOffset(idx int) uint32 {
+	return uint32(idx) * uintptrSize
+}
+
+func getCodeAddrByIdx(head *Opcode, idx uint32) *Opcode {
+	addr := uintptr(unsafe.Pointer(head)) + uintptr(idx)*unsafe.Sizeof(Opcode{})
+	return *(**Opcode)(unsafe.Pointer(&addr))
+}
+
+func copyOpcode(code *Opcode) *Opcode {
+	codeNum := ToEndCode(code).DisplayIdx + 1
+	codeSlice := make([]Opcode, codeNum)
+	head := (*Opcode)((*runtime.SliceHeader)(unsafe.Pointer(&codeSlice)).Data)
+	ptr := head
+	c := code
+	for {
+		*ptr = Opcode{
+			Op:         c.Op,
+			Key:        c.Key,
+			PtrNum:     c.PtrNum,
+			NumBitSize: c.NumBitSize,
+			Flags:      c.Flags,
+			Idx:        c.Idx,
+			Offset:     c.Offset,
+			Type:       c.Type,
+			FieldQuery: c.FieldQuery,
+			DisplayIdx: c.DisplayIdx,
+			DisplayKey: c.DisplayKey,
+			ElemIdx:    c.ElemIdx,
+			Length:     c.Length,
+			Size:       c.Size,
+			Indent:     c.Indent,
+			Jmp:        c.Jmp,
+		}
+		if c.End != nil {
+			ptr.End = getCodeAddrByIdx(head, c.End.DisplayIdx)
+		}
+		if c.NextField != nil {
+			ptr.NextField = getCodeAddrByIdx(head, c.NextField.DisplayIdx)
+		}
+		if c.Next != nil {
+			ptr.Next = getCodeAddrByIdx(head, c.Next.DisplayIdx)
+		}
+		if c.IsEnd() {
+			break
+		}
+		ptr = getCodeAddrByIdx(head, c.DisplayIdx+1)
+		c = c.IterNext()
+	}
+	return head
+}
+
+func setTotalLengthToInterfaceOp(code *Opcode) {
+	for c := code; !c.IsEnd(); {
+		if c.Op == OpInterface || c.Op == OpInterfacePtr {
+			c.Length = uint32(code.TotalLength())
+		}
+		c = c.IterNext()
+	}
+}
+
+func ToEndCode(code *Opcode) *Opcode {
+	c := code
+	for !c.IsEnd() {
+		c = c.IterNext()
+	}
+	return c
+}
+
+func copyToInterfaceOpcode(code *Opcode) *Opcode {
+	copied := copyOpcode(code)
+	c := copied
+	c = ToEndCode(c)
+	c.Idx += uintptrSize
+	c.ElemIdx = c.Idx + uintptrSize
+	c.Length = c.Idx + 2*uintptrSize
+	c.Op = OpInterfaceEnd
+	return copied
+}
+
+func newOpCodeWithNext(ctx *compileContext, typ *runtime.Type, op OpType, next *Opcode) *Opcode {
+	return &Opcode{
+		Op:         op,
+		Idx:        opcodeOffset(ctx.ptrIndex),
+		Next:       next,
+		Type:       typ,
+		DisplayIdx: ctx.opcodeIndex,
+		Indent:     ctx.indent,
+	}
+}
+
+func newEndOp(ctx *compileContext, typ *runtime.Type) *Opcode {
+	return newOpCodeWithNext(ctx, typ, OpEnd, nil)
+}
+
+func (c *Opcode) TotalLength() int {
+	var idx int
+	code := c
+	for !code.IsEnd() {
+		maxIdx := int(code.MaxIdx() / uintptrSize)
+		if idx < maxIdx {
+			idx = maxIdx
+		}
+		if code.Op == OpRecursiveEnd {
+			break
+		}
+		code = code.IterNext()
+	}
+	maxIdx := int(code.MaxIdx() / uintptrSize)
+	if idx < maxIdx {
+		idx = maxIdx
+	}
+	return idx + 1
+}
+
+func (c *Opcode) dumpHead(code *Opcode) string {
+	var length uint32
+	if code.Op.CodeType() == CodeArrayHead {
+		length = code.Length
+	} else {
+		length = code.Length / uintptrSize
+	}
+	return fmt.Sprintf(
+		`[%03d]%s%s ([idx:%d][elemIdx:%d][length:%d])`,
+		code.DisplayIdx,
+		strings.Repeat("-", int(code.Indent)),
+		code.Op,
+		code.Idx/uintptrSize,
+		code.ElemIdx/uintptrSize,
+		length,
+	)
+}
+
+func (c *Opcode) dumpMapHead(code *Opcode) string {
+	return fmt.Sprintf(
+		`[%03d]%s%s ([idx:%d])`,
+		code.DisplayIdx,
+		strings.Repeat("-", int(code.Indent)),
+		code.Op,
+		code.Idx/uintptrSize,
+	)
+}
+
+func (c *Opcode) dumpMapEnd(code *Opcode) string {
+	return fmt.Sprintf(
+		`[%03d]%s%s ([idx:%d])`,
+		code.DisplayIdx,
+		strings.Repeat("-", int(code.Indent)),
+		code.Op,
+		code.Idx/uintptrSize,
+	)
+}
+
+func (c *Opcode) dumpElem(code *Opcode) string {
+	var length uint32
+	if code.Op.CodeType() == CodeArrayElem {
+		length = code.Length
+	} else {
+		length = code.Length / uintptrSize
+	}
+	return fmt.Sprintf(
+		`[%03d]%s%s ([idx:%d][elemIdx:%d][length:%d][size:%d])`,
+		code.DisplayIdx,
+		strings.Repeat("-", int(code.Indent)),
+		code.Op,
+		code.Idx/uintptrSize,
+		code.ElemIdx/uintptrSize,
+		length,
+		code.Size,
+	)
+}
+
+func (c *Opcode) dumpField(code *Opcode) string {
+	return fmt.Sprintf(
+		`[%03d]%s%s ([idx:%d][key:%s][offset:%d])`,
+		code.DisplayIdx,
+		strings.Repeat("-", int(code.Indent)),
+		code.Op,
+		code.Idx/uintptrSize,
+		code.DisplayKey,
+		code.Offset,
+	)
+}
+
+func (c *Opcode) dumpKey(code *Opcode) string {
+	return fmt.Sprintf(
+		`[%03d]%s%s ([idx:%d])`,
+		code.DisplayIdx,
+		strings.Repeat("-", int(code.Indent)),
+		code.Op,
+		code.Idx/uintptrSize,
+	)
+}
+
+func (c *Opcode) dumpValue(code *Opcode) string {
+	return fmt.Sprintf(
+		`[%03d]%s%s ([idx:%d])`,
+		code.DisplayIdx,
+		strings.Repeat("-", int(code.Indent)),
+		code.Op,
+		code.Idx/uintptrSize,
+	)
+}
+
+func (c *Opcode) Dump() string {
+	codes := []string{}
+	for code := c; !code.IsEnd(); {
+		switch code.Op.CodeType() {
+		case CodeSliceHead:
+			codes = append(codes, c.dumpHead(code))
+			code = code.Next
+		case CodeMapHead:
+			codes = append(codes, c.dumpMapHead(code))
+			code = code.Next
+		case CodeArrayElem, CodeSliceElem:
+			codes = append(codes, c.dumpElem(code))
+			code = code.End
+		case CodeMapKey:
+			codes = append(codes, c.dumpKey(code))
+			code = code.End
+		case CodeMapValue:
+			codes = append(codes, c.dumpValue(code))
+			code = code.Next
+		case CodeMapEnd:
+			codes = append(codes, c.dumpMapEnd(code))
+			code = code.Next
+		case CodeStructField:
+			codes = append(codes, c.dumpField(code))
+			code = code.Next
+		case CodeStructEnd:
+			codes = append(codes, c.dumpField(code))
+			code = code.Next
+		default:
+			codes = append(codes, fmt.Sprintf(
+				"[%03d]%s%s ([idx:%d])",
+				code.DisplayIdx,
+				strings.Repeat("-", int(code.Indent)),
+				code.Op,
+				code.Idx/uintptrSize,
+			))
+			code = code.Next
+		}
+	}
+	return strings.Join(codes, "\n")
+}
+
+func (c *Opcode) DumpDOT() string {
+	type edge struct {
+		from, to *Opcode
+		label    string
+		weight   int
+	}
+	var edges []edge
+
+	b := &bytes.Buffer{}
+	fmt.Fprintf(b, "digraph \"%p\" {\n", c.Type)
+	fmt.Fprintln(b, "mclimit=1.5;\nrankdir=TD;\nordering=out;\nnode[shape=box];")
+	for code := c; !code.IsEnd(); {
+		label := code.Op.String()
+		fmt.Fprintf(b, "\"%p\" [label=%q];\n", code, label)
+		if p := code.Next; p != nil {
+			edges = append(edges, edge{
+				from:   code,
+				to:     p,
+				label:  "Next",
+				weight: 10,
+			})
+		}
+		if p := code.NextField; p != nil {
+			edges = append(edges, edge{
+				from:   code,
+				to:     p,
+				label:  "NextField",
+				weight: 2,
+			})
+		}
+		if p := code.End; p != nil {
+			edges = append(edges, edge{
+				from:   code,
+				to:     p,
+				label:  "End",
+				weight: 1,
+			})
+		}
+		if p := code.Jmp; p != nil {
+			edges = append(edges, edge{
+				from:   code,
+				to:     p.Code,
+				label:  "Jmp",
+				weight: 1,
+			})
+		}
+
+		switch code.Op.CodeType() {
+		case CodeSliceHead:
+			code = code.Next
+		case CodeMapHead:
+			code = code.Next
+		case CodeArrayElem, CodeSliceElem:
+			code = code.End
+		case CodeMapKey:
+			code = code.End
+		case CodeMapValue:
+			code = code.Next
+		case CodeMapEnd:
+			code = code.Next
+		case CodeStructField:
+			code = code.Next
+		case CodeStructEnd:
+			code = code.Next
+		default:
+			code = code.Next
+		}
+		if code.IsEnd() {
+			fmt.Fprintf(b, "\"%p\" [label=%q];\n", code, code.Op.String())
+		}
+	}
+	sort.Slice(edges, func(i, j int) bool {
+		return edges[i].to.DisplayIdx < edges[j].to.DisplayIdx
+	})
+	for _, e := range edges {
+		fmt.Fprintf(b, "\"%p\" -> \"%p\" [label=%q][weight=%d];\n", e.from, e.to, e.label, e.weight)
+	}
+	fmt.Fprint(b, "}")
+	return b.String()
+}
+
+func newSliceHeaderCode(ctx *compileContext, typ *runtime.Type) *Opcode {
+	idx := opcodeOffset(ctx.ptrIndex)
+	ctx.incPtrIndex()
+	elemIdx := opcodeOffset(ctx.ptrIndex)
+	ctx.incPtrIndex()
+	length := opcodeOffset(ctx.ptrIndex)
+	return &Opcode{
+		Op:         OpSlice,
+		Type:       typ,
+		Idx:        idx,
+		DisplayIdx: ctx.opcodeIndex,
+		ElemIdx:    elemIdx,
+		Length:     length,
+		Indent:     ctx.indent,
+	}
+}
+
+func newSliceElemCode(ctx *compileContext, typ *runtime.Type, head *Opcode, size uintptr) *Opcode {
+	return &Opcode{
+		Op:         OpSliceElem,
+		Type:       typ,
+		Idx:        head.Idx,
+		DisplayIdx: ctx.opcodeIndex,
+		ElemIdx:    head.ElemIdx,
+		Length:     head.Length,
+		Indent:     ctx.indent,
+		Size:       uint32(size),
+	}
+}
+
+func newArrayHeaderCode(ctx *compileContext, typ *runtime.Type, alen int) *Opcode {
+	idx := opcodeOffset(ctx.ptrIndex)
+	ctx.incPtrIndex()
+	elemIdx := opcodeOffset(ctx.ptrIndex)
+	return &Opcode{
+		Op:         OpArray,
+		Type:       typ,
+		Idx:        idx,
+		DisplayIdx: ctx.opcodeIndex,
+		ElemIdx:    elemIdx,
+		Indent:     ctx.indent,
+		Length:     uint32(alen),
+	}
+}
+
+func newArrayElemCode(ctx *compileContext, typ *runtime.Type, head *Opcode, length int, size uintptr) *Opcode {
+	return &Opcode{
+		Op:         OpArrayElem,
+		Type:       typ,
+		Idx:        head.Idx,
+		DisplayIdx: ctx.opcodeIndex,
+		ElemIdx:    head.ElemIdx,
+		Length:     uint32(length),
+		Indent:     ctx.indent,
+		Size:       uint32(size),
+	}
+}
+
+func newMapHeaderCode(ctx *compileContext, typ *runtime.Type) *Opcode {
+	idx := opcodeOffset(ctx.ptrIndex)
+	ctx.incPtrIndex()
+	return &Opcode{
+		Op:         OpMap,
+		Type:       typ,
+		Idx:        idx,
+		DisplayIdx: ctx.opcodeIndex,
+		Indent:     ctx.indent,
+	}
+}
+
+func newMapKeyCode(ctx *compileContext, typ *runtime.Type, head *Opcode) *Opcode {
+	return &Opcode{
+		Op:         OpMapKey,
+		Type:       typ,
+		Idx:        head.Idx,
+		DisplayIdx: ctx.opcodeIndex,
+		Indent:     ctx.indent,
+	}
+}
+
+func newMapValueCode(ctx *compileContext, typ *runtime.Type, head *Opcode) *Opcode {
+	return &Opcode{
+		Op:         OpMapValue,
+		Type:       typ,
+		Idx:        head.Idx,
+		DisplayIdx: ctx.opcodeIndex,
+		Indent:     ctx.indent,
+	}
+}
+
+func newMapEndCode(ctx *compileContext, typ *runtime.Type, head *Opcode) *Opcode {
+	return &Opcode{
+		Op:         OpMapEnd,
+		Type:       typ,
+		Idx:        head.Idx,
+		DisplayIdx: ctx.opcodeIndex,
+		Indent:     ctx.indent,
+		Next:       newEndOp(ctx, typ),
+	}
+}
+
+func newRecursiveCode(ctx *compileContext, typ *runtime.Type, jmp *CompiledCode) *Opcode {
+	return &Opcode{
+		Op:         OpRecursive,
+		Type:       typ,
+		Idx:        opcodeOffset(ctx.ptrIndex),
+		Next:       newEndOp(ctx, typ),
+		DisplayIdx: ctx.opcodeIndex,
+		Indent:     ctx.indent,
+		Jmp:        jmp,
+	}
+}
diff --git a/vendor/github.com/goccy/go-json/internal/encoder/option.go b/vendor/github.com/goccy/go-json/internal/encoder/option.go
new file mode 100644
index 000000000..12c58e46c
--- /dev/null
+++ b/vendor/github.com/goccy/go-json/internal/encoder/option.go
@@ -0,0 +1,48 @@
+package encoder
+
+import (
+	"context"
+	"io"
+)
+
+type OptionFlag uint8
+
+const (
+	HTMLEscapeOption OptionFlag = 1 << iota
+	IndentOption
+	UnorderedMapOption
+	DebugOption
+	ColorizeOption
+	ContextOption
+	NormalizeUTF8Option
+	FieldQueryOption
+)
+
+type Option struct {
+	Flag        OptionFlag
+	ColorScheme *ColorScheme
+	Context     context.Context
+	DebugOut    io.Writer
+	DebugDOTOut io.WriteCloser
+}
+
+type EncodeFormat struct {
+	Header string
+	Footer string
+}
+
+type EncodeFormatScheme struct {
+	Int       EncodeFormat
+	Uint      EncodeFormat
+	Float     EncodeFormat
+	Bool      EncodeFormat
+	String    EncodeFormat
+	Binary    EncodeFormat
+	ObjectKey EncodeFormat
+	Null      EncodeFormat
+}
+
+type (
+	ColorScheme = EncodeFormatScheme
+	ColorFormat = EncodeFormat
+)
diff --git a/vendor/github.com/goccy/go-json/internal/encoder/optype.go b/vendor/github.com/goccy/go-json/internal/encoder/optype.go
new file mode 100644
index 000000000..5c1241b47
--- /dev/null
+++ b/vendor/github.com/goccy/go-json/internal/encoder/optype.go
@@ -0,0 +1,932 @@
+// Code generated by internal/cmd/generator. DO NOT EDIT!
+package encoder
+
+import (
+	"strings"
+)
+
+type CodeType int
+
+const (
+	CodeOp          CodeType = 0
+	CodeArrayHead   CodeType = 1
+	CodeArrayElem   CodeType = 2
+	CodeSliceHead   CodeType = 3
+	CodeSliceElem   CodeType = 4
+	CodeMapHead     CodeType = 5
+	CodeMapKey      CodeType = 6
+	CodeMapValue    CodeType = 7
+	CodeMapEnd      CodeType = 8
+	CodeRecursive   CodeType = 9
+	CodeStructField CodeType = 10
+	CodeStructEnd   CodeType = 11
+)
+
+var opTypeStrings = [400]string{
+	"End",
+	"Interface",
+	"Ptr",
+	"SliceElem",
+	"SliceEnd",
+	"ArrayElem",
+	"ArrayEnd",
+	"MapKey",
+	"MapValue",
+	"MapEnd",
+	"Recursive",
+	"RecursivePtr",
+	"RecursiveEnd",
+	"InterfaceEnd",
+	"Int",
+	"Uint",
+	"Float32",
+	"Float64",
+	"Bool",
+	"String",
+	"Bytes",
+	"Number",
+	"Array",
+	"Map",
+	"Slice",
+	"Struct",
+	"MarshalJSON",
+	"MarshalText",
+	"IntString",
+	"UintString",
+	"Float32String",
+	"Float64String",
+	"BoolString",
+	"StringString",
+	"NumberString",
+	"IntPtr",
+	"UintPtr",
+	"Float32Ptr",
+	"Float64Ptr",
+	"BoolPtr",
+	"StringPtr",
+	"BytesPtr",
+	"NumberPtr",
+	"ArrayPtr",
+	"MapPtr",
+	"SlicePtr",
+	"MarshalJSONPtr",
+	"MarshalTextPtr",
+	"InterfacePtr",
+	"IntPtrString",
+	"UintPtrString",
+	"Float32PtrString",
+	"Float64PtrString",
+	"BoolPtrString",
+	"StringPtrString",
+	"NumberPtrString",
+	"StructHeadInt",
+	"StructHeadOmitEmptyInt",
+	"StructPtrHeadInt",
+	"StructPtrHeadOmitEmptyInt",
+	"StructHeadUint",
+	"StructHeadOmitEmptyUint",
+	"StructPtrHeadUint",
+	"StructPtrHeadOmitEmptyUint",
+	"StructHeadFloat32",
+	"StructHeadOmitEmptyFloat32",
+	"StructPtrHeadFloat32",
+	"StructPtrHeadOmitEmptyFloat32",
+	"StructHeadFloat64",
+	"StructHeadOmitEmptyFloat64",
+	"StructPtrHeadFloat64",
+	"StructPtrHeadOmitEmptyFloat64",
+	"StructHeadBool",
+	"StructHeadOmitEmptyBool",
+	"StructPtrHeadBool",
+	"StructPtrHeadOmitEmptyBool",
+	"StructHeadString",
+	"StructHeadOmitEmptyString",
+	"StructPtrHeadString",
+	"StructPtrHeadOmitEmptyString",
+	"StructHeadBytes",
+	"StructHeadOmitEmptyBytes",
+	"StructPtrHeadBytes",
+	"StructPtrHeadOmitEmptyBytes",
+	"StructHeadNumber",
+	"StructHeadOmitEmptyNumber",
+	"StructPtrHeadNumber",
+	"StructPtrHeadOmitEmptyNumber",
+	"StructHeadArray",
+	"StructHeadOmitEmptyArray",
+	"StructPtrHeadArray",
+	"StructPtrHeadOmitEmptyArray",
+	"StructHeadMap",
+	"StructHeadOmitEmptyMap",
+	"StructPtrHeadMap",
+	"StructPtrHeadOmitEmptyMap",
+	"StructHeadSlice",
+	"StructHeadOmitEmptySlice",
+	"StructPtrHeadSlice",
+	"StructPtrHeadOmitEmptySlice",
+	"StructHeadStruct",
+	"StructHeadOmitEmptyStruct",
+	"StructPtrHeadStruct",
+	"StructPtrHeadOmitEmptyStruct",
+	"StructHeadMarshalJSON",
+	"StructHeadOmitEmptyMarshalJSON",
+	"StructPtrHeadMarshalJSON",
+	"StructPtrHeadOmitEmptyMarshalJSON",
+	"StructHeadMarshalText",
+	"StructHeadOmitEmptyMarshalText",
+	"StructPtrHeadMarshalText",
+	"StructPtrHeadOmitEmptyMarshalText",
+	"StructHeadIntString",
+	"StructHeadOmitEmptyIntString",
+	"StructPtrHeadIntString",
+	"StructPtrHeadOmitEmptyIntString",
+	"StructHeadUintString",
+	"StructHeadOmitEmptyUintString",
+	"StructPtrHeadUintString",
+	"StructPtrHeadOmitEmptyUintString",
+	"StructHeadFloat32String",
+	"StructHeadOmitEmptyFloat32String",
+	"StructPtrHeadFloat32String",
+	"StructPtrHeadOmitEmptyFloat32String",
+	"StructHeadFloat64String",
+	"StructHeadOmitEmptyFloat64String",
+	"StructPtrHeadFloat64String",
+	"StructPtrHeadOmitEmptyFloat64String",
+	"StructHeadBoolString",
+	"StructHeadOmitEmptyBoolString",
+	"StructPtrHeadBoolString",
+	"StructPtrHeadOmitEmptyBoolString",
+	"StructHeadStringString",
+	"StructHeadOmitEmptyStringString",
+	"StructPtrHeadStringString",
+	"StructPtrHeadOmitEmptyStringString",
+	"StructHeadNumberString",
+	"StructHeadOmitEmptyNumberString",
+	"StructPtrHeadNumberString",
+	"StructPtrHeadOmitEmptyNumberString",
+	"StructHeadIntPtr",
+	"StructHeadOmitEmptyIntPtr",
+	"StructPtrHeadIntPtr",
+	"StructPtrHeadOmitEmptyIntPtr",
+	"StructHeadUintPtr",
+	"StructHeadOmitEmptyUintPtr",
+	"StructPtrHeadUintPtr",
+	"StructPtrHeadOmitEmptyUintPtr",
+	"StructHeadFloat32Ptr",
+	"StructHeadOmitEmptyFloat32Ptr",
+	"StructPtrHeadFloat32Ptr",
+	"StructPtrHeadOmitEmptyFloat32Ptr",
+	"StructHeadFloat64Ptr",
+	"StructHeadOmitEmptyFloat64Ptr",
+	"StructPtrHeadFloat64Ptr",
+	"StructPtrHeadOmitEmptyFloat64Ptr",
+	"StructHeadBoolPtr",
+	"StructHeadOmitEmptyBoolPtr",
+	"StructPtrHeadBoolPtr",
+	"StructPtrHeadOmitEmptyBoolPtr",
+	"StructHeadStringPtr",
+	"StructHeadOmitEmptyStringPtr",
+	"StructPtrHeadStringPtr",
+	"StructPtrHeadOmitEmptyStringPtr",
+	"StructHeadBytesPtr",
+	"StructHeadOmitEmptyBytesPtr",
+	"StructPtrHeadBytesPtr",
+	"StructPtrHeadOmitEmptyBytesPtr",
+	"StructHeadNumberPtr",
+	"StructHeadOmitEmptyNumberPtr",
+	"StructPtrHeadNumberPtr",
+	"StructPtrHeadOmitEmptyNumberPtr",
+	"StructHeadArrayPtr",
+	"StructHeadOmitEmptyArrayPtr",
+	"StructPtrHeadArrayPtr",
+	"StructPtrHeadOmitEmptyArrayPtr",
+	"StructHeadMapPtr",
+	"StructHeadOmitEmptyMapPtr",
+	"StructPtrHeadMapPtr",
+	"StructPtrHeadOmitEmptyMapPtr",
+	"StructHeadSlicePtr",
+	"StructHeadOmitEmptySlicePtr",
+	"StructPtrHeadSlicePtr",
+	"StructPtrHeadOmitEmptySlicePtr",
+	"StructHeadMarshalJSONPtr",
+	"StructHeadOmitEmptyMarshalJSONPtr",
+	"StructPtrHeadMarshalJSONPtr",
+	"StructPtrHeadOmitEmptyMarshalJSONPtr",
+	"StructHeadMarshalTextPtr",
+	"StructHeadOmitEmptyMarshalTextPtr",
+	"StructPtrHeadMarshalTextPtr",
+	"StructPtrHeadOmitEmptyMarshalTextPtr",
+	"StructHeadInterfacePtr",
+	"StructHeadOmitEmptyInterfacePtr",
+	"StructPtrHeadInterfacePtr",
+	"StructPtrHeadOmitEmptyInterfacePtr",
+	"StructHeadIntPtrString",
+	"StructHeadOmitEmptyIntPtrString",
+	"StructPtrHeadIntPtrString",
+	"StructPtrHeadOmitEmptyIntPtrString",
+	"StructHeadUintPtrString",
+	"StructHeadOmitEmptyUintPtrString",
+	"StructPtrHeadUintPtrString",
+	"StructPtrHeadOmitEmptyUintPtrString",
+	"StructHeadFloat32PtrString",
+	"StructHeadOmitEmptyFloat32PtrString",
+	"StructPtrHeadFloat32PtrString",
+	"StructPtrHeadOmitEmptyFloat32PtrString",
+	"StructHeadFloat64PtrString",
+	"StructHeadOmitEmptyFloat64PtrString",
+	"StructPtrHeadFloat64PtrString",
+	"StructPtrHeadOmitEmptyFloat64PtrString",
+	"StructHeadBoolPtrString",
+	"StructHeadOmitEmptyBoolPtrString",
+	"StructPtrHeadBoolPtrString",
+	"StructPtrHeadOmitEmptyBoolPtrString",
+	"StructHeadStringPtrString",
+	"StructHeadOmitEmptyStringPtrString",
+	"StructPtrHeadStringPtrString",
+	"StructPtrHeadOmitEmptyStringPtrString",
+	"StructHeadNumberPtrString",
+	"StructHeadOmitEmptyNumberPtrString",
+	"StructPtrHeadNumberPtrString",
+	"StructPtrHeadOmitEmptyNumberPtrString",
+	"StructHead",
+	"StructHeadOmitEmpty",
+	"StructPtrHead",
+	"StructPtrHeadOmitEmpty",
+	"StructFieldInt",
+	"StructFieldOmitEmptyInt",
+	"StructEndInt",
+	"StructEndOmitEmptyInt",
+	"StructFieldUint",
+	"StructFieldOmitEmptyUint",
+	"StructEndUint",
+	"StructEndOmitEmptyUint",
+	"StructFieldFloat32",
+	"StructFieldOmitEmptyFloat32",
+	"StructEndFloat32",
+	"StructEndOmitEmptyFloat32",
+	"StructFieldFloat64",
+	"StructFieldOmitEmptyFloat64",
+	"StructEndFloat64",
+	"StructEndOmitEmptyFloat64",
+	"StructFieldBool",
+	"StructFieldOmitEmptyBool",
+	"StructEndBool",
+	"StructEndOmitEmptyBool",
+	"StructFieldString",
+	"StructFieldOmitEmptyString",
+	"StructEndString",
+	"StructEndOmitEmptyString",
+	"StructFieldBytes",
+	"StructFieldOmitEmptyBytes",
+	"StructEndBytes",
+	"StructEndOmitEmptyBytes",
+	"StructFieldNumber",
+	"StructFieldOmitEmptyNumber",
+	"StructEndNumber",
+	"StructEndOmitEmptyNumber",
+	"StructFieldArray",
+	"StructFieldOmitEmptyArray",
+	"StructEndArray",
+	"StructEndOmitEmptyArray",
+	"StructFieldMap",
+	"StructFieldOmitEmptyMap",
+	"StructEndMap",
+	"StructEndOmitEmptyMap",
+	"StructFieldSlice",
+	"StructFieldOmitEmptySlice",
+	"StructEndSlice",
+	"StructEndOmitEmptySlice",
+	"StructFieldStruct",
+	"StructFieldOmitEmptyStruct",
+	"StructEndStruct",
+	"StructEndOmitEmptyStruct",
+	"StructFieldMarshalJSON",
+	"StructFieldOmitEmptyMarshalJSON",
+	"StructEndMarshalJSON",
+	"StructEndOmitEmptyMarshalJSON",
+	"StructFieldMarshalText",
+	"StructFieldOmitEmptyMarshalText",
+	"StructEndMarshalText",
+	"StructEndOmitEmptyMarshalText",
+	"StructFieldIntString",
+	"StructFieldOmitEmptyIntString",
+	"StructEndIntString",
+	"StructEndOmitEmptyIntString",
+	"StructFieldUintString",
+	"StructFieldOmitEmptyUintString",
+	"StructEndUintString",
+	"StructEndOmitEmptyUintString",
+	"StructFieldFloat32String",
+	"StructFieldOmitEmptyFloat32String",
+	"StructEndFloat32String",
+	"StructEndOmitEmptyFloat32String",
+	"StructFieldFloat64String",
+	"StructFieldOmitEmptyFloat64String",
+	"StructEndFloat64String",
+	"StructEndOmitEmptyFloat64String",
+	"StructFieldBoolString",
+	"StructFieldOmitEmptyBoolString",
+	"StructEndBoolString",
+	"StructEndOmitEmptyBoolString",
+	"StructFieldStringString",
+	"StructFieldOmitEmptyStringString",
+	"StructEndStringString",
+	"StructEndOmitEmptyStringString",
+	"StructFieldNumberString",
+	"StructFieldOmitEmptyNumberString",
+	"StructEndNumberString",
+	"StructEndOmitEmptyNumberString",
+	"StructFieldIntPtr",
+	"StructFieldOmitEmptyIntPtr",
+	"StructEndIntPtr",
+	"StructEndOmitEmptyIntPtr",
+	"StructFieldUintPtr",
+	"StructFieldOmitEmptyUintPtr",
+	"StructEndUintPtr",
+	"StructEndOmitEmptyUintPtr",
+	"StructFieldFloat32Ptr",
+	"StructFieldOmitEmptyFloat32Ptr",
+	"StructEndFloat32Ptr",
+	"StructEndOmitEmptyFloat32Ptr",
+	"StructFieldFloat64Ptr",
+	"StructFieldOmitEmptyFloat64Ptr",
+	"StructEndFloat64Ptr",
+	"StructEndOmitEmptyFloat64Ptr",
+	"StructFieldBoolPtr",
+	"StructFieldOmitEmptyBoolPtr",
+	"StructEndBoolPtr",
+	"StructEndOmitEmptyBoolPtr",
+	"StructFieldStringPtr",
+	"StructFieldOmitEmptyStringPtr",
+	"StructEndStringPtr",
+	"StructEndOmitEmptyStringPtr",
+	"StructFieldBytesPtr",
+	"StructFieldOmitEmptyBytesPtr",
+	"StructEndBytesPtr",
+	"StructEndOmitEmptyBytesPtr",
+	"StructFieldNumberPtr",
+	"StructFieldOmitEmptyNumberPtr",
+	"StructEndNumberPtr",
+	"StructEndOmitEmptyNumberPtr",
+	"StructFieldArrayPtr",
+	"StructFieldOmitEmptyArrayPtr",
+	"StructEndArrayPtr",
+	"StructEndOmitEmptyArrayPtr",
+	"StructFieldMapPtr",
+	"StructFieldOmitEmptyMapPtr",
+	"StructEndMapPtr",
+	"StructEndOmitEmptyMapPtr",
+	"StructFieldSlicePtr",
+	"StructFieldOmitEmptySlicePtr",
+	"StructEndSlicePtr",
+	"StructEndOmitEmptySlicePtr",
+	"StructFieldMarshalJSONPtr",
+	"StructFieldOmitEmptyMarshalJSONPtr",
+	"StructEndMarshalJSONPtr",
+	"StructEndOmitEmptyMarshalJSONPtr",
+	"StructFieldMarshalTextPtr",
+	"StructFieldOmitEmptyMarshalTextPtr",
+	"StructEndMarshalTextPtr",
+	"StructEndOmitEmptyMarshalTextPtr",
+	"StructFieldInterfacePtr",
+	"StructFieldOmitEmptyInterfacePtr",
+	"StructEndInterfacePtr",
+	"StructEndOmitEmptyInterfacePtr",
+	"StructFieldIntPtrString",
+	"StructFieldOmitEmptyIntPtrString",
+	"StructEndIntPtrString",
+	"StructEndOmitEmptyIntPtrString",
+	"StructFieldUintPtrString",
+	"StructFieldOmitEmptyUintPtrString",
+	"StructEndUintPtrString",
+	"StructEndOmitEmptyUintPtrString",
+	"StructFieldFloat32PtrString",
+	"StructFieldOmitEmptyFloat32PtrString",
+	"StructEndFloat32PtrString",
+	"StructEndOmitEmptyFloat32PtrString",
+	"StructFieldFloat64PtrString",
+	"StructFieldOmitEmptyFloat64PtrString",
+	"StructEndFloat64PtrString",
+	"StructEndOmitEmptyFloat64PtrString",
+	"StructFieldBoolPtrString",
+	"StructFieldOmitEmptyBoolPtrString",
+	"StructEndBoolPtrString",
+	"StructEndOmitEmptyBoolPtrString",
+	"StructFieldStringPtrString",
+	"StructFieldOmitEmptyStringPtrString",
+	"StructEndStringPtrString",
+	"StructEndOmitEmptyStringPtrString",
+	"StructFieldNumberPtrString",
+	"StructFieldOmitEmptyNumberPtrString",
+	"StructEndNumberPtrString",
+	"StructEndOmitEmptyNumberPtrString",
+	"StructField",
+	"StructFieldOmitEmpty",
+	"StructEnd",
+	"StructEndOmitEmpty",
+}
+
+type OpType uint16
+
+const (
+	OpEnd                                    OpType = 0
+	OpInterface                              OpType = 1
+	OpPtr                                    OpType = 2
+	OpSliceElem                              OpType = 3
+	OpSliceEnd                               OpType = 4
+	OpArrayElem                              OpType = 5
+	OpArrayEnd                               OpType = 6
+	OpMapKey                                 OpType = 7
+	OpMapValue                               OpType = 8
+	OpMapEnd                                 OpType = 9
+	OpRecursive                              OpType = 10
+	OpRecursivePtr                           OpType = 11
+	OpRecursiveEnd                           OpType = 12
+	OpInterfaceEnd                           OpType = 13
+	OpInt                                    OpType = 14
+	OpUint                                   OpType = 15
+	OpFloat32                                OpType = 16
+	OpFloat64                                OpType = 17
+	OpBool                                   OpType = 18
+	OpString                                 OpType = 19
+	OpBytes                                  OpType = 20
+	OpNumber                                 OpType = 21
+	OpArray                                  OpType = 22
+	OpMap                                    OpType = 23
+	OpSlice                                  OpType = 24
+	OpStruct                                 OpType = 25
+	OpMarshalJSON                            OpType = 26
+	OpMarshalText                            OpType = 27
+	OpIntString                              OpType = 28
+	OpUintString                             OpType = 29
+	OpFloat32String                          OpType = 30
+	OpFloat64String                          OpType = 31
+	OpBoolString                             OpType = 32
+	OpStringString                           OpType = 33
+	OpNumberString                           OpType = 34
+	OpIntPtr                                 OpType = 35
+	OpUintPtr                                OpType = 36
+	OpFloat32Ptr                             OpType = 37
+	OpFloat64Ptr                             OpType = 38
+	OpBoolPtr                                OpType = 39
+	OpStringPtr                              OpType = 40
+	OpBytesPtr                               OpType = 41
+	OpNumberPtr                              OpType = 42
+	OpArrayPtr                               OpType = 43
+	OpMapPtr                                 OpType = 44
+	OpSlicePtr                               OpType = 45
+	OpMarshalJSONPtr                         OpType = 46
+	OpMarshalTextPtr                         OpType = 47
+	OpInterfacePtr                           OpType = 48
+	OpIntPtrString                           OpType = 49
+	OpUintPtrString                          OpType = 50
+	OpFloat32PtrString                       OpType = 51
+	OpFloat64PtrString                       OpType = 52
+	OpBoolPtrString                          OpType = 53
+	OpStringPtrString                        OpType = 54
+	OpNumberPtrString                        OpType = 55
+	OpStructHeadInt                          OpType = 56
+	OpStructHeadOmitEmptyInt                 OpType = 57
+	OpStructPtrHeadInt                       OpType = 58
+	OpStructPtrHeadOmitEmptyInt              OpType = 59
+	OpStructHeadUint                         OpType = 60
+	OpStructHeadOmitEmptyUint                OpType = 61
+	OpStructPtrHeadUint                      OpType = 62
+	OpStructPtrHeadOmitEmptyUint             OpType = 63
+	OpStructHeadFloat32                      OpType = 64
+	OpStructHeadOmitEmptyFloat32             OpType = 65
+	OpStructPtrHeadFloat32                   OpType = 66
+	OpStructPtrHeadOmitEmptyFloat32          OpType = 67
+	OpStructHeadFloat64                      OpType = 68
+	OpStructHeadOmitEmptyFloat64             OpType = 69
+	OpStructPtrHeadFloat64                   OpType = 70
+	OpStructPtrHeadOmitEmptyFloat64          OpType = 71
+	OpStructHeadBool                         OpType = 72
+	OpStructHeadOmitEmptyBool                OpType = 73
+	OpStructPtrHeadBool                      OpType = 74
+	OpStructPtrHeadOmitEmptyBool             OpType = 75
+	OpStructHeadString                       OpType = 76
+	OpStructHeadOmitEmptyString              OpType = 77
+	OpStructPtrHeadString                    OpType = 78
+	OpStructPtrHeadOmitEmptyString           OpType = 79
+	OpStructHeadBytes                        OpType = 80
+	OpStructHeadOmitEmptyBytes               OpType = 81
+	OpStructPtrHeadBytes                     OpType = 82
+	OpStructPtrHeadOmitEmptyBytes            OpType = 83
+	OpStructHeadNumber                       OpType = 84
+	OpStructHeadOmitEmptyNumber              OpType = 85
+	OpStructPtrHeadNumber                    OpType = 86
+	OpStructPtrHeadOmitEmptyNumber           OpType = 87
+	OpStructHeadArray                        OpType = 88
+	OpStructHeadOmitEmptyArray               OpType = 89
+	OpStructPtrHeadArray                     OpType = 90
+	OpStructPtrHeadOmitEmptyArray            OpType = 91
+	OpStructHeadMap                          OpType = 92
+	OpStructHeadOmitEmptyMap                 OpType = 93
+	OpStructPtrHeadMap                       OpType = 94
+	OpStructPtrHeadOmitEmptyMap              OpType = 95
+	OpStructHeadSlice                        OpType = 96
+	OpStructHeadOmitEmptySlice               OpType = 97
+	OpStructPtrHeadSlice                     OpType = 98
+	OpStructPtrHeadOmitEmptySlice            OpType = 99
+	OpStructHeadStruct                       OpType = 100
+	OpStructHeadOmitEmptyStruct              OpType = 101
+	OpStructPtrHeadStruct                    OpType = 102
+	OpStructPtrHeadOmitEmptyStruct           OpType = 103
+	OpStructHeadMarshalJSON                  OpType = 104
+	OpStructHeadOmitEmptyMarshalJSON         OpType = 105
+	OpStructPtrHeadMarshalJSON               OpType = 106
+	OpStructPtrHeadOmitEmptyMarshalJSON      OpType = 107
+	OpStructHeadMarshalText                  OpType = 108
+	OpStructHeadOmitEmptyMarshalText         OpType = 109
+	OpStructPtrHeadMarshalText               OpType = 110
+	OpStructPtrHeadOmitEmptyMarshalText      OpType = 111
+	OpStructHeadIntString                    OpType = 112
+	OpStructHeadOmitEmptyIntString           OpType = 113
+	OpStructPtrHeadIntString                 OpType = 114
+	OpStructPtrHeadOmitEmptyIntString        OpType = 115
+	OpStructHeadUintString                   OpType = 116
+	OpStructHeadOmitEmptyUintString          OpType = 117
+	OpStructPtrHeadUintString                OpType = 118
+	OpStructPtrHeadOmitEmptyUintString       OpType = 119
+	OpStructHeadFloat32String                OpType = 120
+	OpStructHeadOmitEmptyFloat32String       OpType = 121
+	OpStructPtrHeadFloat32String             OpType = 122
+	OpStructPtrHeadOmitEmptyFloat32String    OpType = 123
+	OpStructHeadFloat64String                OpType = 124
+	OpStructHeadOmitEmptyFloat64String       OpType = 125
+	OpStructPtrHeadFloat64String             OpType = 126
+	OpStructPtrHeadOmitEmptyFloat64String    OpType = 127
+	OpStructHeadBoolString                   OpType = 128
+	OpStructHeadOmitEmptyBoolString          OpType = 129
+	OpStructPtrHeadBoolString                OpType = 130
+	OpStructPtrHeadOmitEmptyBoolString       OpType = 131
+	OpStructHeadStringString                 OpType = 132
+	OpStructHeadOmitEmptyStringString        OpType = 133
+	OpStructPtrHeadStringString              OpType = 134
+	OpStructPtrHeadOmitEmptyStringString     OpType = 135
+	OpStructHeadNumberString                 OpType = 136
+	OpStructHeadOmitEmptyNumberString        OpType = 137
+	OpStructPtrHeadNumberString              OpType = 138
+	OpStructPtrHeadOmitEmptyNumberString     OpType = 139
+	OpStructHeadIntPtr                       OpType = 140
+	OpStructHeadOmitEmptyIntPtr              OpType = 141
+	OpStructPtrHeadIntPtr                    OpType = 142
+	OpStructPtrHeadOmitEmptyIntPtr           OpType = 143
+	OpStructHeadUintPtr                      OpType = 144
+	OpStructHeadOmitEmptyUintPtr             OpType = 145
+	OpStructPtrHeadUintPtr                   OpType = 146
+	OpStructPtrHeadOmitEmptyUintPtr          OpType = 147
+	OpStructHeadFloat32Ptr                   OpType = 148
+	OpStructHeadOmitEmptyFloat32Ptr          OpType = 149
+	OpStructPtrHeadFloat32Ptr                OpType = 150
+	OpStructPtrHeadOmitEmptyFloat32Ptr       OpType = 151
+	OpStructHeadFloat64Ptr                   OpType = 152
+	OpStructHeadOmitEmptyFloat64Ptr          OpType = 153
+	OpStructPtrHeadFloat64Ptr                OpType = 154
+	OpStructPtrHeadOmitEmptyFloat64Ptr       OpType = 155
+	OpStructHeadBoolPtr                      OpType = 156
+	OpStructHeadOmitEmptyBoolPtr             OpType = 157
+	OpStructPtrHeadBoolPtr                   OpType = 158
+	OpStructPtrHeadOmitEmptyBoolPtr          OpType = 159
+	OpStructHeadStringPtr                    OpType = 160
+	OpStructHeadOmitEmptyStringPtr           OpType = 161
+	OpStructPtrHeadStringPtr                 OpType = 162
+	OpStructPtrHeadOmitEmptyStringPtr        OpType = 163
+	OpStructHeadBytesPtr                     OpType = 164
+	OpStructHeadOmitEmptyBytesPtr            OpType = 165
+	OpStructPtrHeadBytesPtr                  OpType = 166
+	OpStructPtrHeadOmitEmptyBytesPtr         OpType = 167
+	OpStructHeadNumberPtr                    OpType = 168
+	OpStructHeadOmitEmptyNumberPtr           OpType = 169
+	OpStructPtrHeadNumberPtr                 OpType = 170
+	OpStructPtrHeadOmitEmptyNumberPtr        OpType = 171
+	OpStructHeadArrayPtr                     OpType = 172
+	OpStructHeadOmitEmptyArrayPtr            OpType = 173
+	OpStructPtrHeadArrayPtr                  OpType = 174
+	OpStructPtrHeadOmitEmptyArrayPtr         OpType = 175
+	OpStructHeadMapPtr                       OpType = 176
+	OpStructHeadOmitEmptyMapPtr              OpType = 177
+	OpStructPtrHeadMapPtr                    OpType = 178
+	OpStructPtrHeadOmitEmptyMapPtr           OpType = 179
+	OpStructHeadSlicePtr                     OpType = 180
+	OpStructHeadOmitEmptySlicePtr            OpType = 181
+	OpStructPtrHeadSlicePtr                  OpType = 182
+	OpStructPtrHeadOmitEmptySlicePtr         OpType = 183
+	OpStructHeadMarshalJSONPtr               OpType = 184
+	OpStructHeadOmitEmptyMarshalJSONPtr      OpType = 185
+	OpStructPtrHeadMarshalJSONPtr            OpType = 186
+	OpStructPtrHeadOmitEmptyMarshalJSONPtr   OpType = 187
+	OpStructHeadMarshalTextPtr               OpType = 188
+	OpStructHeadOmitEmptyMarshalTextPtr      OpType = 189
+	OpStructPtrHeadMarshalTextPtr            OpType = 190
+	OpStructPtrHeadOmitEmptyMarshalTextPtr   OpType = 191
+	OpStructHeadInterfacePtr                 OpType = 192
+	OpStructHeadOmitEmptyInterfacePtr        OpType = 193
+	OpStructPtrHeadInterfacePtr              OpType = 194
+	OpStructPtrHeadOmitEmptyInterfacePtr     OpType = 195
+	OpStructHeadIntPtrString                 OpType = 196
+	OpStructHeadOmitEmptyIntPtrString        OpType = 197
+	OpStructPtrHeadIntPtrString              OpType = 198
+	OpStructPtrHeadOmitEmptyIntPtrString     OpType = 199
+	OpStructHeadUintPtrString                OpType = 200
+	OpStructHeadOmitEmptyUintPtrString       OpType = 201
+	OpStructPtrHeadUintPtrString             OpType = 202
+	OpStructPtrHeadOmitEmptyUintPtrString    OpType = 203
+	OpStructHeadFloat32PtrString             OpType = 204
+	OpStructHeadOmitEmptyFloat32PtrString    OpType = 205
+	OpStructPtrHeadFloat32PtrString          OpType = 206
+	OpStructPtrHeadOmitEmptyFloat32PtrString OpType = 207
+	OpStructHeadFloat64PtrString             OpType = 208
+	OpStructHeadOmitEmptyFloat64PtrString    OpType = 209
+	OpStructPtrHeadFloat64PtrString          OpType = 210
+	OpStructPtrHeadOmitEmptyFloat64PtrString OpType = 211
+	OpStructHeadBoolPtrString                OpType = 212
+	OpStructHeadOmitEmptyBoolPtrString       OpType = 213
+	OpStructPtrHeadBoolPtrString             OpType = 214
+	OpStructPtrHeadOmitEmptyBoolPtrString    OpType = 215
+	OpStructHeadStringPtrString              OpType = 216
+	OpStructHeadOmitEmptyStringPtrString     OpType = 217
+	OpStructPtrHeadStringPtrString           OpType = 218
+	OpStructPtrHeadOmitEmptyStringPtrString  OpType = 219
+	OpStructHeadNumberPtrString              OpType = 220
+	OpStructHeadOmitEmptyNumberPtrString     OpType = 221
+	OpStructPtrHeadNumberPtrString           OpType = 222
+	OpStructPtrHeadOmitEmptyNumberPtrString  OpType = 223
+	OpStructHead                             OpType = 224
+	OpStructHeadOmitEmpty                    OpType = 225
+	OpStructPtrHead                          OpType = 226
+	OpStructPtrHeadOmitEmpty                 OpType = 227
+	OpStructFieldInt                         OpType = 228
+	OpStructFieldOmitEmptyInt                OpType = 229
+	OpStructEndInt                           OpType = 230
+	OpStructEndOmitEmptyInt                  OpType = 231
+	OpStructFieldUint                        OpType = 232
+	OpStructFieldOmitEmptyUint               OpType = 233
+	OpStructEndUint                          OpType = 234
+	OpStructEndOmitEmptyUint                 OpType = 235
+	OpStructFieldFloat32                     OpType = 236
+	OpStructFieldOmitEmptyFloat32            OpType = 237
+	OpStructEndFloat32                       OpType = 238
+	OpStructEndOmitEmptyFloat32              OpType = 239
+	OpStructFieldFloat64                     OpType = 240
+	OpStructFieldOmitEmptyFloat64            OpType = 241
+	OpStructEndFloat64                       OpType = 242
+	OpStructEndOmitEmptyFloat64              OpType = 243
+	OpStructFieldBool                        OpType = 244
+	OpStructFieldOmitEmptyBool               OpType = 245
+	OpStructEndBool                          OpType = 246
+	OpStructEndOmitEmptyBool                 OpType = 247
+	OpStructFieldString                      OpType = 248
+	OpStructFieldOmitEmptyString             OpType = 249
+	OpStructEndString                        OpType = 250
+	OpStructEndOmitEmptyString               OpType = 251
+	OpStructFieldBytes                       OpType = 252
+	OpStructFieldOmitEmptyBytes              OpType = 253
+	OpStructEndBytes                         OpType = 254
+	OpStructEndOmitEmptyBytes                OpType = 255
+	OpStructFieldNumber                      OpType = 256
+	OpStructFieldOmitEmptyNumber             OpType = 257
+	OpStructEndNumber                        OpType = 258
+	OpStructEndOmitEmptyNumber               OpType = 259
+	OpStructFieldArray                       OpType = 260
+	OpStructFieldOmitEmptyArray              OpType = 261
+	OpStructEndArray                         OpType = 262
+	OpStructEndOmitEmptyArray                OpType = 263
+	OpStructFieldMap                         OpType = 264
+	OpStructFieldOmitEmptyMap                OpType = 265
+	OpStructEndMap                           OpType = 266
+	OpStructEndOmitEmptyMap                  OpType = 267
+	OpStructFieldSlice                       OpType = 268
+	OpStructFieldOmitEmptySlice              OpType = 269
+	OpStructEndSlice                         OpType = 270
+	OpStructEndOmitEmptySlice                OpType = 271
+	OpStructFieldStruct                      OpType = 272
+	OpStructFieldOmitEmptyStruct             OpType = 273
+	OpStructEndStruct                        OpType = 274
+	OpStructEndOmitEmptyStruct               OpType = 275
+	OpStructFieldMarshalJSON                 OpType = 276
+	OpStructFieldOmitEmptyMarshalJSON        OpType = 277
+	OpStructEndMarshalJSON                   OpType = 278
+	OpStructEndOmitEmptyMarshalJSON          OpType = 279
+	OpStructFieldMarshalText                 OpType = 280
+	OpStructFieldOmitEmptyMarshalText        OpType = 281
+	OpStructEndMarshalText                   OpType = 282
+	OpStructEndOmitEmptyMarshalText          OpType = 283
+	OpStructFieldIntString                   OpType = 284
+	OpStructFieldOmitEmptyIntString          OpType = 285
+	OpStructEndIntString                     OpType = 286
+	OpStructEndOmitEmptyIntString            OpType = 287
+	OpStructFieldUintString                  OpType = 288
+	OpStructFieldOmitEmptyUintString         OpType = 289
+	OpStructEndUintString                    OpType = 290
+	OpStructEndOmitEmptyUintString           OpType = 291
+	OpStructFieldFloat32String               OpType = 292
+	OpStructFieldOmitEmptyFloat32String      OpType = 293
+	OpStructEndFloat32String                 OpType = 294
+	OpStructEndOmitEmptyFloat32String        OpType = 295
+	OpStructFieldFloat64String               OpType = 296
+	OpStructFieldOmitEmptyFloat64String      OpType = 297
+	OpStructEndFloat64String                 OpType = 298
+	OpStructEndOmitEmptyFloat64String        OpType = 299
+	OpStructFieldBoolString                  OpType = 300
+	OpStructFieldOmitEmptyBoolString         OpType = 301
+	OpStructEndBoolString                    OpType = 302
+	OpStructEndOmitEmptyBoolString           OpType = 303
+	OpStructFieldStringString                OpType = 304
+	OpStructFieldOmitEmptyStringString       OpType = 305
+	OpStructEndStringString                  OpType = 306
+	OpStructEndOmitEmptyStringString         OpType = 307
+	OpStructFieldNumberString                OpType = 308
+	OpStructFieldOmitEmptyNumberString       OpType = 309
+	OpStructEndNumberString                  OpType = 310
+	OpStructEndOmitEmptyNumberString         OpType = 311
+	OpStructFieldIntPtr                      OpType = 312
+	OpStructFieldOmitEmptyIntPtr             OpType = 313
+	OpStructEndIntPtr                        OpType = 314
+	OpStructEndOmitEmptyIntPtr               OpType = 315
+	OpStructFieldUintPtr                     OpType = 316
+	OpStructFieldOmitEmptyUintPtr            OpType = 317
+	OpStructEndUintPtr                       OpType = 318
+	OpStructEndOmitEmptyUintPtr              OpType = 319
+	OpStructFieldFloat32Ptr                  OpType = 320
+	OpStructFieldOmitEmptyFloat32Ptr         OpType = 321
+	OpStructEndFloat32Ptr                    OpType = 322
+	OpStructEndOmitEmptyFloat32Ptr           OpType = 323
+	OpStructFieldFloat64Ptr                  OpType = 324
+	OpStructFieldOmitEmptyFloat64Ptr         OpType = 325
+	OpStructEndFloat64Ptr                    OpType = 326
+	OpStructEndOmitEmptyFloat64Ptr           OpType = 327
+	OpStructFieldBoolPtr                     OpType = 328
+	OpStructFieldOmitEmptyBoolPtr            OpType = 329
+	OpStructEndBoolPtr                       OpType = 330
+	OpStructEndOmitEmptyBoolPtr              OpType = 331
+	OpStructFieldStringPtr                   OpType = 332
+	OpStructFieldOmitEmptyStringPtr          OpType = 333
+	OpStructEndStringPtr                     OpType = 334
+	OpStructEndOmitEmptyStringPtr            OpType = 335
+	OpStructFieldBytesPtr                    OpType = 336
+	OpStructFieldOmitEmptyBytesPtr           OpType = 337
+	OpStructEndBytesPtr                      OpType = 338
+	OpStructEndOmitEmptyBytesPtr             OpType = 339
+	OpStructFieldNumberPtr                   OpType = 340
+	OpStructFieldOmitEmptyNumberPtr          OpType = 341
+	OpStructEndNumberPtr                     OpType = 342
+	OpStructEndOmitEmptyNumberPtr            OpType = 343
+	OpStructFieldArrayPtr                    OpType = 344
+	OpStructFieldOmitEmptyArrayPtr           OpType = 345
+	OpStructEndArrayPtr                      OpType = 346
+	OpStructEndOmitEmptyArrayPtr             OpType = 347
+	OpStructFieldMapPtr                      OpType = 348
+	OpStructFieldOmitEmptyMapPtr             OpType = 349
+	OpStructEndMapPtr                        OpType = 350
+	OpStructEndOmitEmptyMapPtr               OpType = 351
+	OpStructFieldSlicePtr                    OpType = 352
+	OpStructFieldOmitEmptySlicePtr           OpType = 353
+	OpStructEndSlicePtr                      OpType = 354
+	OpStructEndOmitEmptySlicePtr             OpType = 355
+	OpStructFieldMarshalJSONPtr              OpType = 356
+	OpStructFieldOmitEmptyMarshalJSONPtr     OpType = 357
+	OpStructEndMarshalJSONPtr                OpType = 358
+	OpStructEndOmitEmptyMarshalJSONPtr       OpType = 359
+	OpStructFieldMarshalTextPtr              OpType = 360
+	OpStructFieldOmitEmptyMarshalTextPtr     OpType = 361
+	OpStructEndMarshalTextPtr                OpType = 362
+	OpStructEndOmitEmptyMarshalTextPtr       OpType = 363
+	OpStructFieldInterfacePtr                OpType = 364
+	OpStructFieldOmitEmptyInterfacePtr       OpType = 365
+	OpStructEndInterfacePtr                  OpType = 366
+	OpStructEndOmitEmptyInterfacePtr         OpType = 367
+	OpStructFieldIntPtrString                OpType = 368
+	OpStructFieldOmitEmptyIntPtrString       OpType = 369
+	OpStructEndIntPtrString                  OpType = 370
+	OpStructEndOmitEmptyIntPtrString         OpType = 371
+	OpStructFieldUintPtrString               OpType = 372
+	OpStructFieldOmitEmptyUintPtrString      OpType = 373
+	OpStructEndUintPtrString                 OpType = 374
+	OpStructEndOmitEmptyUintPtrString        OpType = 375
+	OpStructFieldFloat32PtrString            OpType = 376
+	OpStructFieldOmitEmptyFloat32PtrString   OpType = 377
+	OpStructEndFloat32PtrString              OpType = 378
+	OpStructEndOmitEmptyFloat32PtrString     OpType = 379
+	OpStructFieldFloat64PtrString            OpType = 380
+	OpStructFieldOmitEmptyFloat64PtrString   OpType = 381
+	OpStructEndFloat64PtrString              OpType = 382
+	OpStructEndOmitEmptyFloat64PtrString     OpType = 383
+	OpStructFieldBoolPtrString               OpType = 384
+	OpStructFieldOmitEmptyBoolPtrString      OpType = 385
+	OpStructEndBoolPtrString                 OpType = 386
+	OpStructEndOmitEmptyBoolPtrString        OpType = 387
+	OpStructFieldStringPtrString             OpType = 388
+	OpStructFieldOmitEmptyStringPtrString    OpType = 389
+	OpStructEndStringPtrString               OpType = 390
+	OpStructEndOmitEmptyStringPtrString      OpType = 391
+	OpStructFieldNumberPtrString             OpType = 392
+	OpStructFieldOmitEmptyNumberPtrString    OpType = 393
+	OpStructEndNumberPtrString               OpType = 394
+	OpStructEndOmitEmptyNumberPtrString      OpType = 395
+	OpStructField                            OpType = 396
+	OpStructFieldOmitEmpty                   OpType = 397
+	OpStructEnd                              OpType = 398
+	OpStructEndOmitEmpty                     OpType = 399
+)
+
+func (t OpType) String() string {
+	if int(t) >= 400 {
+		return ""
+	}
+	return opTypeStrings[int(t)]
+}
+
+func (t OpType) CodeType() CodeType {
+	if strings.Contains(t.String(), "Struct") {
+		if strings.Contains(t.String(), "End") {
+			return CodeStructEnd
+		}
+		return CodeStructField
+	}
+	switch t {
+	case OpArray, OpArrayPtr:
+		return CodeArrayHead
+	case OpArrayElem:
+		return CodeArrayElem
+	case OpSlice, OpSlicePtr:
+		return CodeSliceHead
+	case OpSliceElem:
+		return CodeSliceElem
+	case OpMap, OpMapPtr:
+		return CodeMapHead
+	case OpMapKey:
+		return CodeMapKey
+	case OpMapValue:
+		return CodeMapValue
+	case OpMapEnd:
+		return CodeMapEnd
+	}
+
+	return CodeOp
+}
+
+func (t OpType) HeadToPtrHead() OpType {
+	if strings.Index(t.String(), "PtrHead") > 0 {
+		return t
+	}
+
+	idx := strings.Index(t.String(), "Head")
+	if idx == -1 {
+		return t
+	}
+	suffix := "PtrHead" + t.String()[idx+len("Head"):]
+
+	const toPtrOffset = 2
+	if strings.Contains(OpType(int(t)+toPtrOffset).String(), suffix) {
+		return OpType(int(t) + toPtrOffset)
+	}
+	return t
+}
+
+func (t OpType) HeadToOmitEmptyHead() OpType {
+	const toOmitEmptyOffset = 1
+	if strings.Contains(OpType(int(t)+toOmitEmptyOffset).String(), "OmitEmpty") {
+		return OpType(int(t) + toOmitEmptyOffset)
+	}
+
+	return t
+}
+
+func (t OpType) PtrHeadToHead() OpType {
+	idx := strings.Index(t.String(), "PtrHead")
+	if idx == -1 {
+		return t
+	}
+	suffix := t.String()[idx+len("Ptr"):]
+
+	const toPtrOffset = 2
+	if strings.Contains(OpType(int(t)-toPtrOffset).String(), suffix) {
+		return OpType(int(t) - toPtrOffset)
+	}
+	return t
+}
+
+func (t OpType) FieldToEnd() OpType {
+	idx := strings.Index(t.String(), "Field")
+	if idx == -1 {
+		return t
+	}
+	suffix := t.String()[idx+len("Field"):]
+	if suffix == "" || suffix == "OmitEmpty" {
+		return t
+	}
+	const toEndOffset = 2
+	if strings.Contains(OpType(int(t)+toEndOffset).String(), "End"+suffix) {
+		return OpType(int(t) + toEndOffset)
+	}
+	return t
+}
+
+func (t OpType) FieldToOmitEmptyField() OpType {
+	const toOmitEmptyOffset = 1
+	if strings.Contains(OpType(int(t)+toOmitEmptyOffset).String(), "OmitEmpty") {
+		return OpType(int(t) + toOmitEmptyOffset)
+	}
+	return t
+}
diff --git a/vendor/github.com/goccy/go-json/internal/encoder/query.go b/vendor/github.com/goccy/go-json/internal/encoder/query.go
new file mode 100644
index 000000000..1e1850cc1
--- /dev/null
+++ b/vendor/github.com/goccy/go-json/internal/encoder/query.go
@@ -0,0 +1,135 @@
+package encoder
+
+import (
+	"context"
+	"fmt"
+	"reflect"
+)
+
+var (
+	Marshal   func(interface{}) ([]byte, error)
+	Unmarshal func([]byte, interface{}) error
+)
+
+type FieldQuery struct {
+	Name   string
+	Fields []*FieldQuery
+	hash   string
+}
+
+func (q *FieldQuery) Hash() string {
+	if q.hash != "" {
+		return q.hash
+	}
+	b, _ := Marshal(q)
+	q.hash = string(b)
+	return q.hash
+}
+
+func (q *FieldQuery) MarshalJSON() ([]byte, error) {
+	if q.Name != "" {
+		if len(q.Fields) > 0 {
+			return Marshal(map[string][]*FieldQuery{q.Name: q.Fields})
+		}
+		return Marshal(q.Name)
+	}
+	return Marshal(q.Fields)
+}
+
+func (q *FieldQuery) QueryString() (FieldQueryString, error) {
+	b, err := Marshal(q)
+	if err != nil {
+		return "", err
+	}
+	return FieldQueryString(b), nil
+}
+
+type FieldQueryString string
+
+func (s FieldQueryString) Build() (*FieldQuery, error) {
+	var query interface{}
+	if err := Unmarshal([]byte(s), &query); err != nil {
+		return nil, err
+	}
+	return s.build(reflect.ValueOf(query))
+}
+
+func (s FieldQueryString) build(v reflect.Value) (*FieldQuery, error) {
+	switch v.Type().Kind() {
+	case reflect.String:
+		return s.buildString(v)
+	case reflect.Map:
+		return s.buildMap(v)
+	case reflect.Slice:
+		return s.buildSlice(v)
+	case reflect.Interface:
+		return s.build(reflect.ValueOf(v.Interface()))
+	}
+	return nil, fmt.Errorf("failed to build field query")
+}
+
+func (s FieldQueryString) buildString(v reflect.Value) (*FieldQuery, error) {
+	b := []byte(v.String())
+	switch b[0] {
+	case '[', '{':
+		var query interface{}
+		if err := Unmarshal(b, &query); err != nil {
+			return nil, err
+		}
+		if str, ok := query.(string); ok {
+			return &FieldQuery{Name: str}, nil
+		}
+		return s.build(reflect.ValueOf(query))
+	}
+	return &FieldQuery{Name: string(b)}, nil
+}
+
+func (s FieldQueryString) buildSlice(v reflect.Value) (*FieldQuery, error) {
+	fields := make([]*FieldQuery, 0, v.Len())
+	for i := 0; i < v.Len(); i++ {
+		def, err := s.build(v.Index(i))
+		if err != nil {
+			return nil, err
+		}
+		fields = append(fields, def)
+	}
+	return &FieldQuery{Fields: fields}, nil
+}
+
+func (s FieldQueryString) buildMap(v reflect.Value) (*FieldQuery, error) {
+	keys := v.MapKeys()
+	if len(keys) != 1 {
+		return nil, fmt.Errorf("failed to build field query object")
+	}
+	key := keys[0]
+	if key.Type().Kind() != reflect.String {
+		return nil, fmt.Errorf("failed to build field query. invalid object key type")
+	}
+	name := key.String()
+	def, err := s.build(v.MapIndex(key))
+	if err != nil {
+		return nil, err
+	}
+	return &FieldQuery{
+		Name:   name,
+		Fields: def.Fields,
+	}, nil
+}
+
+type queryKey struct{}
+
+func FieldQueryFromContext(ctx context.Context) *FieldQuery {
+	query := ctx.Value(queryKey{})
+	if query == nil {
+		return nil
+	}
+	q, ok := query.(*FieldQuery)
+	if !ok {
+		return nil
+	}
+	return q
+}
+
+func SetFieldQueryToContext(ctx context.Context, query *FieldQuery) context.Context {
+	return context.WithValue(ctx, queryKey{}, query)
+}
diff --git a/vendor/github.com/goccy/go-json/internal/encoder/string.go b/vendor/github.com/goccy/go-json/internal/encoder/string.go
new file mode 100644
index 000000000..e4152b27c
--- /dev/null
+++ b/vendor/github.com/goccy/go-json/internal/encoder/string.go
@@ -0,0 +1,459 @@
+package encoder
+
+import (
+	"math/bits"
+	"reflect"
+	"unsafe"
+)
+
+const (
+	lsb = 0x0101010101010101
+	msb = 0x8080808080808080
+)
+
+var hex = "0123456789abcdef"
+
+//nolint:govet
+func stringToUint64Slice(s string) []uint64 {
+	return *(*[]uint64)(unsafe.Pointer(&reflect.SliceHeader{
+		Data: ((*reflect.StringHeader)(unsafe.Pointer(&s))).Data,
+		Len:  len(s) / 8,
+		Cap:  len(s) / 8,
+	}))
+}
+
+func AppendString(ctx *RuntimeContext, buf []byte, s string) []byte {
+	if ctx.Option.Flag&HTMLEscapeOption != 0 {
+		if ctx.Option.Flag&NormalizeUTF8Option != 0 {
+			return appendNormalizedHTMLString(buf, s)
+		}
+		return appendHTMLString(buf, s)
+	}
+	if ctx.Option.Flag&NormalizeUTF8Option != 0 {
+		return appendNormalizedString(buf, s)
+	}
+	return appendString(buf, s)
+}
+
+func appendNormalizedHTMLString(buf []byte, s string) []byte {
+	valLen := len(s)
+	if valLen == 0 {
+		return append(buf, `""`...)
+	}
+	buf = append(buf, '"')
+	var (
+		i, j int
+	)
+	if valLen >= 8 {
+		chunks := stringToUint64Slice(s)
+		for _, n := range chunks {
+			// combine masks before checking for the MSB of each byte. We include
+			// `n` in the mask to check whether any of the *input* byte MSBs were
+			// set (i.e. the byte was outside the ASCII range).
+			mask := n | (n - (lsb * 0x20)) |
+				((n ^ (lsb * '"')) - lsb) |
+				((n ^ (lsb * '\\')) - lsb) |
+				((n ^ (lsb * '<')) - lsb) |
+				((n ^ (lsb * '>')) - lsb) |
+				((n ^ (lsb * '&')) - lsb)
+			if (mask & msb) != 0 {
+				j = bits.TrailingZeros64(mask&msb) / 8
+				goto ESCAPE_END
+			}
+		}
+		for i := len(chunks) * 8; i < valLen; i++ {
+			if needEscapeHTMLNormalizeUTF8[s[i]] {
+				j = i
+				goto ESCAPE_END
+			}
+		}
+		// no found any escape characters.
+		return append(append(buf, s...), '"')
+	}
+ESCAPE_END:
+	for j < valLen {
+		c := s[j]
+
+		if !needEscapeHTMLNormalizeUTF8[c] {
+			// fast path: most of the time, printable ascii characters are used
+			j++
+			continue
+		}
+
+		switch c {
+		case '\\', '"':
+			buf = append(buf, s[i:j]...)
+			buf = append(buf, '\\', c)
+			i = j + 1
+			j = j + 1
+			continue
+
+		case '\n':
+			buf = append(buf, s[i:j]...)
+			buf = append(buf, '\\', 'n')
+			i = j + 1
+			j = j + 1
+			continue
+
+		case '\r':
+			buf = append(buf, s[i:j]...)
+			buf = append(buf, '\\', 'r')
+			i = j + 1
+			j = j + 1
+			continue
+
+		case '\t':
+			buf = append(buf, s[i:j]...)
+			buf = append(buf, '\\', 't')
+			i = j + 1
+			j = j + 1
+			continue
+
+		case '<', '>', '&':
+			buf = append(buf, s[i:j]...)
+			buf = append(buf, `\u00`...)
+			buf = append(buf, hex[c>>4], hex[c&0xF])
+			i = j + 1
+			j = j + 1
+			continue
+
+		case 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x0B, 0x0C, 0x0E, 0x0F, // 0x00-0x0F
+			0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F: // 0x10-0x1F
+			buf = append(buf, s[i:j]...)
+			buf = append(buf, `\u00`...)
+			buf = append(buf, hex[c>>4], hex[c&0xF])
+			i = j + 1
+			j = j + 1
+			continue
+		}
+		state, size := decodeRuneInString(s[j:])
+		switch state {
+		case runeErrorState:
+			buf = append(buf, s[i:j]...)
+			buf = append(buf, `\ufffd`...)
+			i = j + 1
+			j = j + 1
+			continue
+			// U+2028 is LINE SEPARATOR.
+			// U+2029 is PARAGRAPH SEPARATOR.
+			// They are both technically valid characters in JSON strings,
+			// but don't work in JSONP, which has to be evaluated as JavaScript,
+			// and can lead to security holes there. It is valid JSON to
+			// escape them, so we do so unconditionally.
+			// See http://timelessrepo.com/json-isnt-a-javascript-subset for discussion.
+		case lineSepState:
+			buf = append(buf, s[i:j]...)
+			buf = append(buf, `\u2028`...)
+			i = j + 3
+			j = j + 3
+			continue
+		case paragraphSepState:
+			buf = append(buf, s[i:j]...)
+			buf = append(buf, `\u2029`...)
+			i = j + 3
+			j = j + 3
+			continue
+		}
+		j += size
+	}
+
+	return append(append(buf, s[i:]...), '"')
+}
+
+func appendHTMLString(buf []byte, s string) []byte {
+	valLen := len(s)
+	if valLen == 0 {
+		return append(buf, `""`...)
+	}
+	buf = append(buf, '"')
+	var (
+		i, j int
+	)
+	if valLen >= 8 {
+		chunks := stringToUint64Slice(s)
+		for _, n := range chunks {
+			// combine masks before checking for the MSB of each byte. We include
+			// `n` in the mask to check whether any of the *input* byte MSBs were
+			// set (i.e. the byte was outside the ASCII range).
+			mask := n | (n - (lsb * 0x20)) |
+				((n ^ (lsb * '"')) - lsb) |
+				((n ^ (lsb * '\\')) - lsb) |
+				((n ^ (lsb * '<')) - lsb) |
+				((n ^ (lsb * '>')) - lsb) |
+				((n ^ (lsb * '&')) - lsb)
+			if (mask & msb) != 0 {
+				j = bits.TrailingZeros64(mask&msb) / 8
+				goto ESCAPE_END
+			}
+		}
+		for i := len(chunks) * 8; i < valLen; i++ {
+			if needEscapeHTML[s[i]] {
+				j = i
+				goto ESCAPE_END
+			}
+		}
+		// no found any escape characters.
+		return append(append(buf, s...), '"')
+	}
+ESCAPE_END:
+	for j < valLen {
+		c := s[j]
+
+		if !needEscapeHTML[c] {
+			// fast path: most of the time, printable ascii characters are used
+			j++
+			continue
+		}
+
+		switch c {
+		case '\\', '"':
+			buf = append(buf, s[i:j]...)
+			buf = append(buf, '\\', c)
+			i = j + 1
+			j = j + 1
+			continue
+
+		case '\n':
+			buf = append(buf, s[i:j]...)
+			buf = append(buf, '\\', 'n')
+			i = j + 1
+			j = j + 1
+			continue
+
+		case '\r':
+			buf = append(buf, s[i:j]...)
+			buf = append(buf, '\\', 'r')
+			i = j + 1
+			j = j + 1
+			continue
+
+		case '\t':
+			buf = append(buf, s[i:j]...)
+			buf = append(buf, '\\', 't')
+			i = j + 1
+			j = j + 1
+			continue
+
+		case '<', '>', '&':
+			buf = append(buf, s[i:j]...)
+			buf = append(buf, `\u00`...)
+			buf = append(buf, hex[c>>4], hex[c&0xF])
+			i = j + 1
+			j = j + 1
+			continue
+
+		case 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x0B, 0x0C, 0x0E, 0x0F, // 0x00-0x0F
+			0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F: // 0x10-0x1F
+			buf = append(buf, s[i:j]...)
+			buf = append(buf, `\u00`...)
+			buf = append(buf, hex[c>>4], hex[c&0xF])
+			i = j + 1
+			j = j + 1
+			continue
+		}
+		j++
+	}
+
+	return append(append(buf, s[i:]...), '"')
+}
+
+func appendNormalizedString(buf []byte, s string) []byte {
+	valLen := len(s)
+	if valLen == 0 {
+		return append(buf, `""`...)
+	}
+	buf = append(buf, '"')
+	var (
+		i, j int
+	)
+	if valLen >= 8 {
+		chunks := stringToUint64Slice(s)
+		for _, n := range chunks {
+			// combine masks before checking for the MSB of each byte. We include
+			// `n` in the mask to check whether any of the *input* byte MSBs were
+			// set (i.e. the byte was outside the ASCII range).
+			mask := n | (n - (lsb * 0x20)) |
+				((n ^ (lsb * '"')) - lsb) |
+				((n ^ (lsb * '\\')) - lsb)
+			if (mask & msb) != 0 {
+				j = bits.TrailingZeros64(mask&msb) / 8
+				goto ESCAPE_END
+			}
+		}
+		valLen := len(s)
+		for i := len(chunks) * 8; i < valLen; i++ {
+			if needEscapeNormalizeUTF8[s[i]] {
+				j = i
+				goto ESCAPE_END
+			}
+		}
+		return append(append(buf, s...), '"')
+	}
+ESCAPE_END:
+	for j < valLen {
+		c := s[j]
+
+		if !needEscapeNormalizeUTF8[c] {
+			// fast path: most of the time, printable ascii characters are used
+			j++
+			continue
+		}
+
+		switch c {
+		case '\\', '"':
+			buf = append(buf, s[i:j]...)
+			buf = append(buf, '\\', c)
+			i = j + 1
+			j = j + 1
+			continue
+
+		case '\n':
+			buf = append(buf, s[i:j]...)
+			buf = append(buf, '\\', 'n')
+			i = j + 1
+			j = j + 1
+			continue
+
+		case '\r':
+			buf = append(buf, s[i:j]...)
+			buf = append(buf, '\\', 'r')
+			i = j + 1
+			j = j + 1
+			continue
+
+		case '\t':
+			buf = append(buf, s[i:j]...)
+			buf = append(buf, '\\', 't')
+			i = j + 1
+			j = j + 1
+			continue
+
+		case 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x0B, 0x0C, 0x0E, 0x0F, // 0x00-0x0F
+			0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F: // 0x10-0x1F
+			buf = append(buf, s[i:j]...)
+			buf = append(buf, `\u00`...)
+			buf = append(buf, hex[c>>4], hex[c&0xF])
+			i = j + 1
+			j = j + 1
+			continue
+		}
+
+		state, size := decodeRuneInString(s[j:])
+		switch state {
+		case runeErrorState:
+			buf = append(buf, s[i:j]...)
+			buf = append(buf, `\ufffd`...)
+			i = j + 1
+			j = j + 1
+			continue
+			// U+2028 is LINE SEPARATOR.
+			// U+2029 is PARAGRAPH SEPARATOR.
+			// They are both technically valid characters in JSON strings,
+			// but don't work in JSONP, which has to be evaluated as JavaScript,
+			// and can lead to security holes there. It is valid JSON to
+			// escape them, so we do so unconditionally.
+			// See http://timelessrepo.com/json-isnt-a-javascript-subset for discussion.
+		case lineSepState:
+			buf = append(buf, s[i:j]...)
+			buf = append(buf, `\u2028`...)
+			i = j + 3
+			j = j + 3
+			continue
+		case paragraphSepState:
+			buf = append(buf, s[i:j]...)
+			buf = append(buf, `\u2029`...)
+			i = j + 3
+			j = j + 3
+			continue
+		}
+		j += size
+	}
+
+	return append(append(buf, s[i:]...), '"')
+}
+
+func appendString(buf []byte, s string) []byte {
+	valLen := len(s)
+	if valLen == 0 {
+		return append(buf, `""`...)
+	}
+	buf = append(buf, '"')
+	var (
+		i, j int
+	)
+	if valLen >= 8 {
+		chunks := stringToUint64Slice(s)
+		for _, n := range chunks {
+			// combine masks before checking for the MSB of each byte. We include
+			// `n` in the mask to check whether any of the *input* byte MSBs were
+			// set (i.e. the byte was outside the ASCII range).
+			mask := n | (n - (lsb * 0x20)) |
+				((n ^ (lsb * '"')) - lsb) |
+				((n ^ (lsb * '\\')) - lsb)
+			if (mask & msb) != 0 {
+				j = bits.TrailingZeros64(mask&msb) / 8
+				goto ESCAPE_END
+			}
+		}
+		valLen := len(s)
+		for i := len(chunks) * 8; i < valLen; i++ {
+			if needEscape[s[i]] {
+				j = i
+				goto ESCAPE_END
+			}
+		}
+		return append(append(buf, s...), '"')
+	}
+ESCAPE_END:
+	for j < valLen {
+		c := s[j]
+
+		if !needEscape[c] {
+			// fast path: most of the time, printable ascii characters are used
+			j++
+			continue
+		}
+
+		switch c {
+		case '\\', '"':
+			buf = append(buf, s[i:j]...)
+			buf = append(buf, '\\', c)
+			i = j + 1
+			j = j + 1
+			continue
+
+		case '\n':
+			buf = append(buf, s[i:j]...)
+			buf = append(buf, '\\', 'n')
+			i = j + 1
+			j = j + 1
+			continue
+
+		case '\r':
+			buf = append(buf, s[i:j]...)
+			buf = append(buf, '\\', 'r')
+			i = j + 1
+			j = j + 1
+			continue
+
+		case '\t':
+			buf = append(buf, s[i:j]...)
+			buf = append(buf, '\\', 't')
+			i = j + 1
+			j = j + 1
+			continue
+
+		case 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x0B, 0x0C, 0x0E, 0x0F, // 0x00-0x0F
+			0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F: // 0x10-0x1F
+			buf = append(buf, s[i:j]...)
+			buf = append(buf, `\u00`...)
+			buf = append(buf, hex[c>>4], hex[c&0xF])
+			i = j + 1
+			j = j + 1
+			continue
+		}
+		j++
+	}
+
+	return append(append(buf, s[i:]...), '"')
+}
diff --git a/vendor/github.com/goccy/go-json/internal/encoder/string_table.go b/vendor/github.com/goccy/go-json/internal/encoder/string_table.go
new file mode 100644
index 000000000..ebe42c92d
--- /dev/null
+++ b/vendor/github.com/goccy/go-json/internal/encoder/string_table.go
@@ -0,0 +1,415 @@
+package encoder
+
+var needEscapeHTMLNormalizeUTF8 = [256]bool{
+	'"':  true,
+	'&':  true,
+	'<':  true,
+	'>':  true,
+	'\\': true,
+	0x00: true,
+	0x01: true,
+	0x02: true,
+	0x03: true,
+	0x04: true,
+	0x05: true,
+	0x06: true,
+	0x07: true,
+	0x08: true,
+	0x09: true,
+	0x0a: true,
+	0x0b: true,
+	0x0c: true,
+	0x0d: true,
+	0x0e: true,
+	0x0f: true,
+	0x10: true,
+	0x11: true,
+	0x12: true,
+	0x13: true,
+	0x14: true,
+	0x15: true,
+	0x16: true,
+	0x17: true,
+	0x18: true,
+	0x19: true,
+	0x1a: true,
+	0x1b: true,
+	0x1c: true,
+	0x1d: true,
+	0x1e: true,
+	0x1f: true,
+	/* 0x20 - 0x7f */
+	0x80: true,
+	0x81: true,
+	0x82: true,
+	0x83: true,
+	0x84: true,
+	0x85: true,
+	0x86: true,
+	0x87: true,
+	0x88: true,
+	0x89: true,
+	0x8a: true,
+	0x8b: true,
+	0x8c: true,
+	0x8d: true,
+	0x8e: true,
+	0x8f: true,
+	0x90: true,
+	0x91: true,
+	0x92: true,
+	0x93: true,
+	0x94: true,
+	0x95: true,
+	0x96: true,
+	0x97: true,
+	0x98: true,
+	0x99: true,
+	0x9a: true,
+	0x9b: true,
+	0x9c: true,
+	0x9d: true,
+	0x9e: true,
+	0x9f: true,
+	0xa0: true,
+	0xa1: true,
+	0xa2: true,
+	0xa3: true,
+	0xa4: true,
+	0xa5: true,
+	0xa6: true,
+	0xa7: true,
+	0xa8: true,
+	0xa9: true,
+	0xaa: true,
+	0xab: true,
+	0xac: true,
+	0xad: true,
+	0xae: true,
+	0xaf: true,
+	0xb0: true,
+	0xb1: true,
+	0xb2: true,
+	0xb3: true,
+	0xb4: true,
+	0xb5: true,
+	0xb6: true,
+	0xb7: true,
+	0xb8: true,
+	0xb9: true,
+	0xba: true,
+	0xbb: true,
+	0xbc: true,
+	0xbd: true,
+	0xbe: true,
+	0xbf: true,
+	0xc0: true,
+	0xc1: true,
+	0xc2: true,
+	0xc3: true,
+	0xc4: true,
+	0xc5: true,
+	0xc6: true,
+	0xc7: true,
+	0xc8: true,
+	0xc9: true,
+	0xca: true,
+	0xcb: true,
+	0xcc: true,
+	0xcd: true,
+	0xce: true,
+	0xcf: true,
+	0xd0: true,
+	0xd1: true,
+	0xd2: true,
+	0xd3: true,
+	0xd4: true,
+	0xd5: true,
+	0xd6: true,
+	0xd7: true,
+	0xd8: true,
+	0xd9: true,
+	0xda: true,
+	0xdb: true,
+	0xdc: true,
+	0xdd: true,
+	0xde: true,
+	0xdf: true,
+	0xe0: true,
+	0xe1: true,
+	0xe2: true,
+	0xe3: true,
+	0xe4: true,
+	0xe5: true,
+	0xe6: true,
+	0xe7: true,
+	0xe8: true,
+	0xe9: true,
+	0xea: true,
+	0xeb: true,
+	0xec: true,
+	0xed: true,
+	0xee: true,
+	0xef: true,
+	0xf0: true,
+	0xf1: true,
+	0xf2: true,
+	0xf3: true,
+	0xf4: true,
+	0xf5: true,
+	0xf6: true,
+	0xf7: true,
+	0xf8: true,
+	0xf9: true,
+	0xfa: true,
+	0xfb: true,
+	0xfc: true,
+	0xfd: true,
+	0xfe: true,
+	0xff: true,
+}
+
+var needEscapeNormalizeUTF8 = [256]bool{
+	'"':  true,
+	'\\': true,
+	0x00: true,
+	0x01: true,
+	0x02: true,
+	0x03: true,
+	0x04: true,
+	0x05: true,
+	0x06: true,
+	0x07: true,
+	0x08: true,
+	0x09: true,
+	0x0a: true,
+	0x0b: true,
+	0x0c: true,
+	0x0d: true,
+	0x0e: true,
+	0x0f: true,
+	0x10: true,
+	0x11: true,
+	0x12: true,
+	0x13: true,
+	0x14: true,
+	0x15: true,
+	0x16: true,
+	0x17: true,
+	0x18: true,
+	0x19: true,
+	0x1a: true,
+	0x1b: true,
+	0x1c: true,
+	0x1d: true,
+	0x1e: true,
+	0x1f: true,
+	/* 0x20 - 0x7f */
+	0x80: true,
+	0x81: true,
+	0x82: true,
+	0x83: true,
+	0x84: true,
+	0x85: true,
+	0x86: true,
+	0x87: true,
+	0x88: true,
+	0x89: true,
+	0x8a: true,
+	0x8b: true,
+	0x8c: true,
+	0x8d: true,
+	0x8e: true,
+	0x8f: true,
+	0x90: true,
+	0x91: true,
+	0x92: true,
+	0x93: true,
+	0x94: true,
+	0x95: true,
+	0x96: true,
+	0x97: true,
+	0x98: true,
+	0x99: true,
+	0x9a: true,
+	0x9b: true,
+	0x9c: true,
+	0x9d: true,
+	0x9e: true,
+	0x9f: true,
+	0xa0: true,
+	0xa1: true,
+	0xa2: true,
+	0xa3: true,
+	0xa4: true,
+	0xa5: true,
+	0xa6: true,
+	0xa7: true,
+	0xa8: true,
+	0xa9: true,
+	0xaa: true,
+	0xab: true,
+	0xac: true,
+	0xad: true,
+	0xae: true,
+	0xaf: true,
+	0xb0: true,
+	0xb1: true,
+	0xb2: true,
+	0xb3: true,
+	0xb4: true,
+	0xb5: true,
+	0xb6: true,
+	0xb7: true,
+	0xb8: true,
+	0xb9: true,
+	0xba: true,
+	0xbb: true,
+	0xbc: true,
+	0xbd: true,
+	0xbe: true,
+	0xbf: true,
+	0xc0: true,
+	0xc1: true,
+	0xc2: true,
+	0xc3: true,
+	0xc4: true,
+	0xc5: true,
+	0xc6: true,
+	0xc7: true,
+	0xc8: true,
+	0xc9: true,
+	0xca: true,
+	0xcb: true,
+	0xcc: true,
+	0xcd: true,
+	0xce: true,
+	0xcf: true,
+	0xd0: true,
+	0xd1: true,
+	0xd2: true,
+	0xd3: true,
+	0xd4: true,
+	0xd5: true,
+	0xd6: true,
+	0xd7: true,
+	0xd8: true,
+	0xd9: true,
+	0xda: true,
+	0xdb: true,
+	0xdc: true,
+	0xdd: true,
+	0xde: true,
+	0xdf: true,
+	0xe0: true,
+	0xe1: true,
+	0xe2: true,
+	0xe3: true,
+	0xe4: true,
+	0xe5: true,
+	0xe6: true,
+	0xe7: true,
+	0xe8: true,
+	0xe9: true,
+	0xea: true,
+	0xeb: true,
+	0xec: true,
+	0xed: true,
+	0xee: true,
+	0xef: true,
+	0xf0: true,
+	0xf1: true,
+	0xf2: true,
+	0xf3: true,
+	0xf4: true,
+	0xf5: true,
+	0xf6: true,
+	0xf7: true,
+	0xf8: true,
+	0xf9: true,
+	0xfa: true,
+	0xfb: true,
+	0xfc: true,
+	0xfd: true,
+	0xfe: true,
+	0xff: true,
+}
+
+var needEscapeHTML = [256]bool{
+	'"':  true,
+	'&':  true,
+	'<':  true,
+	'>':  true,
+	'\\': true,
+	0x00: true,
+	0x01: true,
+	0x02: true,
+	0x03: true,
+	0x04: true,
+	0x05: true,
+	0x06: true,
+	0x07: true,
+	0x08: true,
+	0x09: true,
+	0x0a: true,
+	0x0b: true,
+	0x0c: true,
+	0x0d: true,
+	0x0e: true,
+	0x0f: true,
+	0x10: true,
+	0x11: true,
+	0x12: true,
+	0x13: true,
+	0x14: true,
+	0x15: true,
+	0x16: true,
+	0x17: true,
+	0x18: true,
+	0x19: true,
+	0x1a: true,
+	0x1b: true,
+	0x1c: true,
+	0x1d: true,
+	0x1e: true,
+	0x1f: true,
+	/* 0x20 - 0xff */
+}
+
+var needEscape = [256]bool{
+	'"':  true,
+	'\\': true,
+	0x00: true,
+	0x01: true,
+	0x02: true,
+	0x03: true,
+	0x04: true,
+	0x05: true,
+	0x06: true,
+	0x07: true,
+	0x08: true,
+	0x09: true,
+	0x0a: true,
+	0x0b: true,
+	0x0c: true,
+	0x0d: true,
+	0x0e: true,
+	0x0f: true,
+	0x10: true,
+	0x11: true,
+	0x12: true,
+	0x13: true,
+	0x14: true,
+	0x15: true,
+	0x16: true,
+	0x17: true,
+	0x18: true,
+	0x19: true,
+	0x1a: true,
+	0x1b: true,
+	0x1c: true,
+	0x1d: true,
+	0x1e: true,
+	0x1f: true,
+	/* 0x20 - 0xff */
+}
diff --git a/vendor/github.com/goccy/go-json/internal/encoder/vm/debug_vm.go b/vendor/github.com/goccy/go-json/internal/encoder/vm/debug_vm.go
new file mode 100644
index 000000000..82b6dd47f
--- /dev/null
+++ b/vendor/github.com/goccy/go-json/internal/encoder/vm/debug_vm.go
@@ -0,0 +1,41 @@
+package vm
+
+import (
+	"fmt"
+	"io"
+
+	"github.com/goccy/go-json/internal/encoder"
+)
+
+func DebugRun(ctx *encoder.RuntimeContext, b []byte, codeSet *encoder.OpcodeSet) ([]byte, error) {
+	defer func() {
+		var code *encoder.Opcode
+		if (ctx.Option.Flag & encoder.HTMLEscapeOption) != 0 {
+			code = codeSet.EscapeKeyCode
+		} else {
+			code = codeSet.NoescapeKeyCode
+		}
+		if wc := ctx.Option.DebugDOTOut; wc != nil {
+			_, _ = io.WriteString(wc, code.DumpDOT())
+			wc.Close()
+			ctx.Option.DebugDOTOut = nil
+		}
+
+		if err := recover(); err != nil {
+			w := ctx.Option.DebugOut
+			fmt.Fprintln(w, "=============[DEBUG]===============")
+			fmt.Fprintln(w, "* [TYPE]")
+			fmt.Fprintln(w, codeSet.Type)
+			fmt.Fprintf(w, "\n")
+			fmt.Fprintln(w, "* [ALL OPCODE]")
+			fmt.Fprintln(w, code.Dump())
+			fmt.Fprintf(w, "\n")
+			fmt.Fprintln(w, "* [CONTEXT]")
+			fmt.Fprintf(w, "%+v\n", ctx)
+			fmt.Fprintln(w, "===================================")
+			panic(err)
+		}
+	}()
+
+	return Run(ctx, b, codeSet)
+}
diff --git a/vendor/github.com/goccy/go-json/internal/encoder/vm/hack.go b/vendor/github.com/goccy/go-json/internal/encoder/vm/hack.go
new file mode 100644
index 000000000..65252b4a5
--- /dev/null
+++ b/vendor/github.com/goccy/go-json/internal/encoder/vm/hack.go
@@ -0,0 +1,9 @@
+package vm
+
+import (
+	// HACK: compile order
+	// `vm`, `vm_indent`, `vm_color`, `vm_color_indent` packages uses a lot of memory to compile,
+	// so forcibly make dependencies and avoid compiling in concurrent.
+	// dependency order: vm => vm_indent => vm_color => vm_color_indent
+	_ "github.com/goccy/go-json/internal/encoder/vm_indent"
+)
diff --git a/vendor/github.com/goccy/go-json/internal/encoder/vm/util.go b/vendor/github.com/goccy/go-json/internal/encoder/vm/util.go
new file mode 100644
index 000000000..86291d7bb
--- /dev/null
+++ b/vendor/github.com/goccy/go-json/internal/encoder/vm/util.go
@@ -0,0 +1,207 @@
+package vm
+
+import (
+	"encoding/json"
+	"fmt"
+	"unsafe"
+
+	"github.com/goccy/go-json/internal/encoder"
+	"github.com/goccy/go-json/internal/runtime"
+)
+
+const uintptrSize = 4 << (^uintptr(0) >> 63)
+
+var (
+	appendInt           = encoder.AppendInt
+	appendUint          = encoder.AppendUint
+	appendFloat32       = encoder.AppendFloat32
+	appendFloat64       = encoder.AppendFloat64
+	appendString        = encoder.AppendString
+	appendByteSlice     = encoder.AppendByteSlice
+	appendNumber        = encoder.AppendNumber
+	errUnsupportedValue = encoder.ErrUnsupportedValue
+	errUnsupportedFloat = encoder.ErrUnsupportedFloat
+	mapiterinit         = encoder.MapIterInit
+	mapiterkey          = encoder.MapIterKey
+	mapitervalue        = encoder.MapIterValue
+	mapiternext         = encoder.MapIterNext
+	maplen              = encoder.MapLen
+)
+
+type emptyInterface struct {
+	typ *runtime.Type
+	ptr unsafe.Pointer
+}
+
+type nonEmptyInterface struct {
+	itab *struct {
+		ityp *runtime.Type // static interface type
+		typ  *runtime.Type // dynamic concrete type
+		// unused fields...
+	}
+	ptr unsafe.Pointer
+}
+
+func errUnimplementedOp(op encoder.OpType) error {
+	return fmt.Errorf("encoder: opcode %s has not been implemented", op)
+}
+
+func load(base uintptr, idx uint32) uintptr {
+	addr := base + uintptr(idx)
+	return **(**uintptr)(unsafe.Pointer(&addr))
+}
+
+func store(base uintptr, idx uint32, p uintptr) {
+	addr := base + uintptr(idx)
+	**(**uintptr)(unsafe.Pointer(&addr)) = p
+}
+
+func loadNPtr(base uintptr, idx uint32, ptrNum uint8) uintptr {
+	addr := base + uintptr(idx)
+	p := **(**uintptr)(unsafe.Pointer(&addr))
+	for i := uint8(0); i < ptrNum; i++ {
+		if p == 0 {
+			return 0
+		}
+		p = ptrToPtr(p)
+	}
+	return p
+}
+
+func ptrToUint64(p uintptr, bitSize uint8) uint64 {
+	switch bitSize {
+	case 8:
+		return (uint64)(**(**uint8)(unsafe.Pointer(&p)))
+	case 16:
+		return (uint64)(**(**uint16)(unsafe.Pointer(&p)))
+	case 32:
+		return (uint64)(**(**uint32)(unsafe.Pointer(&p)))
+	case 64:
+		return **(**uint64)(unsafe.Pointer(&p))
+	}
+	return 0
+}
+func ptrToFloat32(p uintptr) float32            { return **(**float32)(unsafe.Pointer(&p)) }
+func ptrToFloat64(p uintptr) float64            { return **(**float64)(unsafe.Pointer(&p)) }
+func ptrToBool(p uintptr) bool                  { return **(**bool)(unsafe.Pointer(&p)) }
+func ptrToBytes(p uintptr) []byte               { return **(**[]byte)(unsafe.Pointer(&p)) }
+func ptrToNumber(p uintptr) json.Number         { return **(**json.Number)(unsafe.Pointer(&p)) }
+func ptrToString(p uintptr) string              { return **(**string)(unsafe.Pointer(&p)) }
+func ptrToSlice(p uintptr) *runtime.SliceHeader { return *(**runtime.SliceHeader)(unsafe.Pointer(&p)) }
+func ptrToPtr(p uintptr) uintptr {
+	return uintptr(**(**unsafe.Pointer)(unsafe.Pointer(&p)))
+}
+func ptrToNPtr(p uintptr, ptrNum uint8) uintptr {
+	for i := uint8(0); i < ptrNum; i++ {
+		if p == 0 {
+			return 0
+		}
+		p = ptrToPtr(p)
+	}
+	return p
+}
+
+func ptrToUnsafePtr(p uintptr) unsafe.Pointer {
+	return *(*unsafe.Pointer)(unsafe.Pointer(&p))
+}
+func ptrToInterface(code *encoder.Opcode, p uintptr) interface{} {
+	return *(*interface{})(unsafe.Pointer(&emptyInterface{
+		typ: code.Type,
+		ptr: *(*unsafe.Pointer)(unsafe.Pointer(&p)),
+	}))
+}
+
+func appendBool(_ *encoder.RuntimeContext, b []byte, v bool) []byte {
+	if v {
+		return append(b, "true"...)
+	}
+	return append(b, "false"...)
+}
+
+func appendNull(_ *encoder.RuntimeContext, b []byte) []byte {
+	return append(b, "null"...)
+}
+
+func appendComma(_ *encoder.RuntimeContext, b []byte) []byte {
+	return append(b, ',')
+}
+
+func appendNullComma(_ *encoder.RuntimeContext, b []byte) []byte {
+	return append(b, "null,"...)
+}
+
+func appendColon(_ *encoder.RuntimeContext, b []byte) []byte {
+	last := len(b) - 1
+	b[last] = ':'
+	return b
+}
+
+func appendMapKeyValue(_ *encoder.RuntimeContext, _ *encoder.Opcode, b, key, value []byte) []byte {
+	b = append(b, key...)
+	b[len(b)-1] = ':'
+	return append(b, value...)
+}
+
+func appendMapEnd(_ *encoder.RuntimeContext, _ *encoder.Opcode, b []byte) []byte {
+	b[len(b)-1] = '}'
+	b = append(b, ',')
+	return b
+}
+
+func appendMarshalJSON(ctx *encoder.RuntimeContext, code *encoder.Opcode, b []byte, v interface{}) ([]byte, error) {
+	return encoder.AppendMarshalJSON(ctx, code, b, v)
+}
+
+func appendMarshalText(ctx *encoder.RuntimeContext, code *encoder.Opcode, b []byte, v interface{}) ([]byte, error) {
+	return encoder.AppendMarshalText(ctx, code, b, v)
+}
+
+func appendArrayHead(_ *encoder.RuntimeContext, _ *encoder.Opcode, b []byte) []byte {
+	return append(b, '[')
+}
+
+func appendArrayEnd(_ *encoder.RuntimeContext, _ *encoder.Opcode, b []byte) []byte {
+	last := len(b) - 1
+	b[last] = ']'
+	return append(b, ',')
+}
+
+func appendEmptyArray(_ *encoder.RuntimeContext, b []byte) []byte {
+	return append(b, '[', ']', ',')
+}
+
+func appendEmptyObject(_ *encoder.RuntimeContext, b []byte) []byte {
+	return append(b, '{', '}', ',')
+}
+
+func appendObjectEnd(_ *encoder.RuntimeContext, _ *encoder.Opcode, b []byte) []byte {
+	last := len(b) - 1
+	b[last] = '}'
+	return append(b, ',')
+}
+
+func appendStructHead(_ *encoder.RuntimeContext, b []byte) []byte {
+	return append(b, '{')
+}
+
+func appendStructKey(_ *encoder.RuntimeContext, code *encoder.Opcode, b []byte) []byte {
+	return append(b, code.Key...)
+}
+
+func appendStructEnd(_ *encoder.RuntimeContext, _ *encoder.Opcode, b []byte) []byte {
+	return append(b, '}', ',')
+}
+
+func appendStructEndSkipLast(ctx *encoder.RuntimeContext, code *encoder.Opcode, b []byte) []byte {
+	last := len(b) - 1
+	if b[last] == ',' {
+		b[last] = '}'
+		return appendComma(ctx, b)
+	}
+	return appendStructEnd(ctx, code, b)
+}
+
+func restoreIndent(_ *encoder.RuntimeContext, _ *encoder.Opcode, _ uintptr)               {}
+func storeIndent(_ uintptr, _ *encoder.Opcode, _ uintptr)                                 {}
+func appendMapKeyIndent(_ *encoder.RuntimeContext, _ *encoder.Opcode, b []byte) []byte    { return b }
+func appendArrayElemIndent(_ *encoder.RuntimeContext, _ *encoder.Opcode, b []byte) []byte { return b }
diff --git a/vendor/github.com/goccy/go-json/internal/encoder/vm/vm.go b/vendor/github.com/goccy/go-json/internal/encoder/vm/vm.go
new file mode 100644
index 000000000..645d20f9f
--- /dev/null
+++ b/vendor/github.com/goccy/go-json/internal/encoder/vm/vm.go
@@ -0,0 +1,4859 @@
+// Code generated by internal/cmd/generator. DO NOT EDIT!
+package vm
+
+import (
+	"math"
+	"reflect"
+	"sort"
+	"unsafe"
+
+	"github.com/goccy/go-json/internal/encoder"
+	"github.com/goccy/go-json/internal/runtime"
+)
+
+func Run(ctx *encoder.RuntimeContext, b []byte, codeSet *encoder.OpcodeSet) ([]byte, error) {
+	recursiveLevel := 0
+	ptrOffset := uintptr(0)
+	ctxptr := ctx.Ptr()
+	var code *encoder.Opcode
+	if (ctx.Option.Flag & encoder.HTMLEscapeOption) != 0 {
+		code = codeSet.EscapeKeyCode
+	} else {
+		code = codeSet.NoescapeKeyCode
+	}
+
+	for {
+		switch code.Op {
+		default:
+			return nil, errUnimplementedOp(code.Op)
+		case encoder.OpPtr:
+			p := load(ctxptr, code.Idx)
+			code = code.Next
+			store(ctxptr, code.Idx, ptrToPtr(p))
+		case encoder.OpIntPtr:
+			p := loadNPtr(ctxptr, code.Idx, code.PtrNum)
+			if p == 0 {
+				b = appendNullComma(ctx, b)
+				code = code.Next
+				break
+			}
+			store(ctxptr, code.Idx, p)
+			fallthrough
+		case encoder.OpInt:
+			b = appendInt(ctx, b, load(ctxptr, code.Idx), code)
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpUintPtr:
+			p := loadNPtr(ctxptr, code.Idx, code.PtrNum)
+			if p == 0 {
+				b = appendNullComma(ctx, b)
+				code = code.Next
+				break
+			}
+			store(ctxptr, code.Idx, p)
+			fallthrough
+		case encoder.OpUint:
+			b = appendUint(ctx, b, load(ctxptr, code.Idx), code)
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpIntString:
+			b = append(b, '"')
+			b = appendInt(ctx, b, load(ctxptr, code.Idx), code)
+			b = append(b, '"')
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpUintString:
+			b = append(b, '"')
+			b = appendUint(ctx, b, load(ctxptr, code.Idx), code)
+			b = append(b, '"')
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpFloat32Ptr:
+			p := loadNPtr(ctxptr, code.Idx, code.PtrNum)
+			if p == 0 {
+				b = appendNull(ctx, b)
+				b = appendComma(ctx, b)
+				code = code.Next
+				break
+			}
+			store(ctxptr, code.Idx, p)
+			fallthrough
+		case encoder.OpFloat32:
+			b = appendFloat32(ctx, b, ptrToFloat32(load(ctxptr, code.Idx)))
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpFloat64Ptr:
+			p := loadNPtr(ctxptr, code.Idx, code.PtrNum)
+			if p == 0 {
+				b = appendNullComma(ctx, b)
+				code = code.Next
+				break
+			}
+			store(ctxptr, code.Idx, p)
+			fallthrough
+		case encoder.OpFloat64:
+			v := ptrToFloat64(load(ctxptr, code.Idx))
+			if math.IsInf(v, 0) || math.IsNaN(v) {
+				return nil, errUnsupportedFloat(v)
+			}
+			b = appendFloat64(ctx, b, v)
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStringPtr:
+			p := loadNPtr(ctxptr, code.Idx, code.PtrNum)
+			if p == 0 {
+				b = appendNullComma(ctx, b)
+				code = code.Next
+				break
+			}
+			store(ctxptr, code.Idx, p)
+			fallthrough
+		case encoder.OpString:
+			b = appendString(ctx, b, ptrToString(load(ctxptr, code.Idx)))
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpBoolPtr:
+			p := loadNPtr(ctxptr, code.Idx, code.PtrNum)
+			if p == 0 {
+				b = appendNullComma(ctx, b)
+				code = code.Next
+				break
+			}
+			store(ctxptr, code.Idx, p)
+			fallthrough
+		case encoder.OpBool:
+			b = appendBool(ctx, b, ptrToBool(load(ctxptr, code.Idx)))
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpBytesPtr:
+			p := loadNPtr(ctxptr, code.Idx, code.PtrNum)
+			if p == 0 {
+				b = appendNullComma(ctx, b)
+				code = code.Next
+				break
+			}
+			store(ctxptr, code.Idx, p)
+			fallthrough
+		case encoder.OpBytes:
+			b = appendByteSlice(ctx, b, ptrToBytes(load(ctxptr, code.Idx)))
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpNumberPtr:
+			p := loadNPtr(ctxptr, code.Idx, code.PtrNum)
+			if p == 0 {
+				b = appendNullComma(ctx, b)
+				code = code.Next
+				break
+			}
+			store(ctxptr, code.Idx, p)
+			fallthrough
+		case encoder.OpNumber:
+			bb, err := appendNumber(ctx, b, ptrToNumber(load(ctxptr, code.Idx)))
+			if err != nil {
+				return nil, err
+			}
+			b = appendComma(ctx, bb)
+			code = code.Next
+		case encoder.OpInterfacePtr:
+			p := loadNPtr(ctxptr, code.Idx, code.PtrNum)
+			if p == 0 {
+				b = appendNullComma(ctx, b)
+				code = code.Next
+				break
+			}
+			store(ctxptr, code.Idx, p)
+			fallthrough
+		case encoder.OpInterface:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				b = appendNullComma(ctx, b)
+				code = code.Next
+				break
+			}
+			if recursiveLevel > encoder.StartDetectingCyclesAfter {
+				for _, seen := range ctx.SeenPtr {
+					if p == seen {
+						return nil, errUnsupportedValue(code, p)
+					}
+				}
+			}
+			ctx.SeenPtr = append(ctx.SeenPtr, p)
+			var (
+				typ      *runtime.Type
+				ifacePtr unsafe.Pointer
+			)
+			up := ptrToUnsafePtr(p)
+			if code.Flags&encoder.NonEmptyInterfaceFlags != 0 {
+				iface := (*nonEmptyInterface)(up)
+				ifacePtr = iface.ptr
+				if iface.itab != nil {
+					typ = iface.itab.typ
+				}
+			} else {
+				iface := (*emptyInterface)(up)
+				ifacePtr = iface.ptr
+				typ = iface.typ
+			}
+			if ifacePtr == nil {
+				isDirectedNil := typ != nil && typ.Kind() == reflect.Struct && !runtime.IfaceIndir(typ)
+				if !isDirectedNil {
+					b = appendNullComma(ctx, b)
+					code = code.Next
+					break
+				}
+			}
+			ctx.KeepRefs = append(ctx.KeepRefs, up)
+			ifaceCodeSet, err := encoder.CompileToGetCodeSet(ctx, uintptr(unsafe.Pointer(typ)))
+			if err != nil {
+				return nil, err
+			}
+
+			totalLength := uintptr(code.Length) + 3
+			nextTotalLength := uintptr(ifaceCodeSet.CodeLength) + 3
+
+			var c *encoder.Opcode
+			if (ctx.Option.Flag & encoder.HTMLEscapeOption) != 0 {
+				c = ifaceCodeSet.InterfaceEscapeKeyCode
+			} else {
+				c = ifaceCodeSet.InterfaceNoescapeKeyCode
+			}
+			curlen := uintptr(len(ctx.Ptrs))
+			offsetNum := ptrOffset / uintptrSize
+			oldOffset := ptrOffset
+			ptrOffset += totalLength * uintptrSize
+			oldBaseIndent := ctx.BaseIndent
+			ctx.BaseIndent += code.Indent
+
+			newLen := offsetNum + totalLength + nextTotalLength
+			if curlen < newLen {
+				ctx.Ptrs = append(ctx.Ptrs, make([]uintptr, newLen-curlen)...)
+			}
+			ctxptr = ctx.Ptr() + ptrOffset // assign new ctxptr
+
+			end := ifaceCodeSet.EndCode
+			store(ctxptr, c.Idx, uintptr(ifacePtr))
+			store(ctxptr, end.Idx, oldOffset)
+			store(ctxptr, end.ElemIdx, uintptr(unsafe.Pointer(code.Next)))
+			storeIndent(ctxptr, end, uintptr(oldBaseIndent))
+			code = c
+			recursiveLevel++
+		case encoder.OpInterfaceEnd:
+			recursiveLevel--
+
+			// restore ctxptr
+			offset := load(ctxptr, code.Idx)
+			restoreIndent(ctx, code, ctxptr)
+			ctx.SeenPtr = ctx.SeenPtr[:len(ctx.SeenPtr)-1]
+
+			codePtr := load(ctxptr, code.ElemIdx)
+			code = (*encoder.Opcode)(ptrToUnsafePtr(codePtr))
+			ctxptr = ctx.Ptr() + offset
+			ptrOffset = offset
+		case encoder.OpMarshalJSONPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				b = appendNullComma(ctx, b)
+				code = code.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToPtr(p))
+			fallthrough
+		case encoder.OpMarshalJSON:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				b = appendNullComma(ctx, b)
+				code = code.Next
+				break
+			}
+			if (code.Flags&encoder.IsNilableTypeFlags) != 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				p = ptrToPtr(p)
+			}
+			bb, err := appendMarshalJSON(ctx, code, b, ptrToInterface(code, p))
+			if err != nil {
+				return nil, err
+			}
+			b = appendComma(ctx, bb)
+			code = code.Next
+		case encoder.OpMarshalTextPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				b = appendNullComma(ctx, b)
+				code = code.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToPtr(p))
+			fallthrough
+		case encoder.OpMarshalText:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				b = append(b, `""`...)
+				b = appendComma(ctx, b)
+				code = code.Next
+				break
+			}
+			if (code.Flags&encoder.IsNilableTypeFlags) != 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				p = ptrToPtr(p)
+			}
+			bb, err := appendMarshalText(ctx, code, b, ptrToInterface(code, p))
+			if err != nil {
+				return nil, err
+			}
+			b = appendComma(ctx, bb)
+			code = code.Next
+		case encoder.OpSlicePtr:
+			p := loadNPtr(ctxptr, code.Idx, code.PtrNum)
+			if p == 0 {
+				b = appendNullComma(ctx, b)
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, p)
+			fallthrough
+		case encoder.OpSlice:
+			p := load(ctxptr, code.Idx)
+			slice := ptrToSlice(p)
+			if p == 0 || slice.Data == nil {
+				b = appendNullComma(ctx, b)
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.ElemIdx, 0)
+			store(ctxptr, code.Length, uintptr(slice.Len))
+			store(ctxptr, code.Idx, uintptr(slice.Data))
+			if slice.Len > 0 {
+				b = appendArrayHead(ctx, code, b)
+				code = code.Next
+				store(ctxptr, code.Idx, uintptr(slice.Data))
+			} else {
+				b = appendEmptyArray(ctx, b)
+				code = code.End.Next
+			}
+		case encoder.OpSliceElem:
+			idx := load(ctxptr, code.ElemIdx)
+			length := load(ctxptr, code.Length)
+			idx++
+			if idx < length {
+				b = appendArrayElemIndent(ctx, code, b)
+				store(ctxptr, code.ElemIdx, idx)
+				data := load(ctxptr, code.Idx)
+				size := uintptr(code.Size)
+				code = code.Next
+				store(ctxptr, code.Idx, data+idx*size)
+			} else {
+				b = appendArrayEnd(ctx, code, b)
+				code = code.End.Next
+			}
+		case encoder.OpArrayPtr:
+			p := loadNPtr(ctxptr, code.Idx, code.PtrNum)
+			if p == 0 {
+				b = appendNullComma(ctx, b)
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, p)
+			fallthrough
+		case encoder.OpArray:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				b = appendNullComma(ctx, b)
+				code = code.End.Next
+				break
+			}
+			if code.Length > 0 {
+				b = appendArrayHead(ctx, code, b)
+				store(ctxptr, code.ElemIdx, 0)
+				code = code.Next
+				store(ctxptr, code.Idx, p)
+			} else {
+				b = appendEmptyArray(ctx, b)
+				code = code.End.Next
+			}
+		case encoder.OpArrayElem:
+			idx := load(ctxptr, code.ElemIdx)
+			idx++
+			if idx < uintptr(code.Length) {
+				b = appendArrayElemIndent(ctx, code, b)
+				store(ctxptr, code.ElemIdx, idx)
+				p := load(ctxptr, code.Idx)
+				size := uintptr(code.Size)
+				code = code.Next
+				store(ctxptr, code.Idx, p+idx*size)
+			} else {
+				b = appendArrayEnd(ctx, code, b)
+				code = code.End.Next
+			}
+		case encoder.OpMapPtr:
+			p := loadNPtr(ctxptr, code.Idx, code.PtrNum)
+			if p == 0 {
+				b = appendNullComma(ctx, b)
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, p)
+			fallthrough
+		case encoder.OpMap:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				b = appendNullComma(ctx, b)
+				code = code.End.Next
+				break
+			}
+			uptr := ptrToUnsafePtr(p)
+			mlen := maplen(uptr)
+			if mlen <= 0 {
+				b = appendEmptyObject(ctx, b)
+				code = code.End.Next
+				break
+			}
+			b = appendStructHead(ctx, b)
+			unorderedMap := (ctx.Option.Flag & encoder.UnorderedMapOption) != 0
+			mapCtx := encoder.NewMapContext(mlen, unorderedMap)
+			mapiterinit(code.Type, uptr, &mapCtx.Iter)
+			store(ctxptr, code.Idx, uintptr(unsafe.Pointer(mapCtx)))
+			ctx.KeepRefs = append(ctx.KeepRefs, unsafe.Pointer(mapCtx))
+			if unorderedMap {
+				b = appendMapKeyIndent(ctx, code.Next, b)
+			} else {
+				mapCtx.Start = len(b)
+				mapCtx.First = len(b)
+			}
+			key := mapiterkey(&mapCtx.Iter)
+			store(ctxptr, code.Next.Idx, uintptr(key))
+			code = code.Next
+		case encoder.OpMapKey:
+			mapCtx := (*encoder.MapContext)(ptrToUnsafePtr(load(ctxptr, code.Idx)))
+			idx := mapCtx.Idx
+			idx++
+			if (ctx.Option.Flag & encoder.UnorderedMapOption) != 0 {
+				if idx < mapCtx.Len {
+					b = appendMapKeyIndent(ctx, code, b)
+					mapCtx.Idx = int(idx)
+					key := mapiterkey(&mapCtx.Iter)
+					store(ctxptr, code.Next.Idx, uintptr(key))
+					code = code.Next
+				} else {
+					b = appendObjectEnd(ctx, code, b)
+					encoder.ReleaseMapContext(mapCtx)
+					code = code.End.Next
+				}
+			} else {
+				mapCtx.Slice.Items[mapCtx.Idx].Value = b[mapCtx.Start:len(b)]
+				if idx < mapCtx.Len {
+					mapCtx.Idx = int(idx)
+					mapCtx.Start = len(b)
+					key := mapiterkey(&mapCtx.Iter)
+					store(ctxptr, code.Next.Idx, uintptr(key))
+					code = code.Next
+				} else {
+					code = code.End
+				}
+			}
+		case encoder.OpMapValue:
+			mapCtx := (*encoder.MapContext)(ptrToUnsafePtr(load(ctxptr, code.Idx)))
+			if (ctx.Option.Flag & encoder.UnorderedMapOption) != 0 {
+				b = appendColon(ctx, b)
+			} else {
+				mapCtx.Slice.Items[mapCtx.Idx].Key = b[mapCtx.Start:len(b)]
+				mapCtx.Start = len(b)
+			}
+			value := mapitervalue(&mapCtx.Iter)
+			store(ctxptr, code.Next.Idx, uintptr(value))
+			mapiternext(&mapCtx.Iter)
+			code = code.Next
+		case encoder.OpMapEnd:
+			// this operation only used by sorted map.
+			mapCtx := (*encoder.MapContext)(ptrToUnsafePtr(load(ctxptr, code.Idx)))
+			sort.Sort(mapCtx.Slice)
+			buf := mapCtx.Buf
+			for _, item := range mapCtx.Slice.Items {
+				buf = appendMapKeyValue(ctx, code, buf, item.Key, item.Value)
+			}
+			buf = appendMapEnd(ctx, code, buf)
+			b = b[:mapCtx.First]
+			b = append(b, buf...)
+			mapCtx.Buf = buf
+			encoder.ReleaseMapContext(mapCtx)
+			code = code.Next
+		case encoder.OpRecursivePtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				code = code.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpRecursive:
+			ptr := load(ctxptr, code.Idx)
+			if ptr != 0 {
+				if recursiveLevel > encoder.StartDetectingCyclesAfter {
+					for _, seen := range ctx.SeenPtr {
+						if ptr == seen {
+							return nil, errUnsupportedValue(code, ptr)
+						}
+					}
+				}
+			}
+			ctx.SeenPtr = append(ctx.SeenPtr, ptr)
+			c := code.Jmp.Code
+			curlen := uintptr(len(ctx.Ptrs))
+			offsetNum := ptrOffset / uintptrSize
+			oldOffset := ptrOffset
+			ptrOffset += code.Jmp.CurLen * uintptrSize
+			oldBaseIndent := ctx.BaseIndent
+			indentDiffFromTop := c.Indent - 1
+			ctx.BaseIndent += code.Indent - indentDiffFromTop
+
+			newLen := offsetNum + code.Jmp.CurLen + code.Jmp.NextLen
+			if curlen < newLen {
+				ctx.Ptrs = append(ctx.Ptrs, make([]uintptr, newLen-curlen)...)
+			}
+			ctxptr = ctx.Ptr() + ptrOffset // assign new ctxptr
+
+			store(ctxptr, c.Idx, ptr)
+			store(ctxptr, c.End.Next.Idx, oldOffset)
+			store(ctxptr, c.End.Next.ElemIdx, uintptr(unsafe.Pointer(code.Next)))
+			storeIndent(ctxptr, c.End.Next, uintptr(oldBaseIndent))
+			code = c
+			recursiveLevel++
+		case encoder.OpRecursiveEnd:
+			recursiveLevel--
+
+			// restore ctxptr
+			restoreIndent(ctx, code, ctxptr)
+			offset := load(ctxptr, code.Idx)
+			ctx.SeenPtr = ctx.SeenPtr[:len(ctx.SeenPtr)-1]
+
+			codePtr := load(ctxptr, code.ElemIdx)
+			code = (*encoder.Opcode)(ptrToUnsafePtr(codePtr))
+			ctxptr = ctx.Ptr() + offset
+			ptrOffset = offset
+		case encoder.OpStructPtrHead:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHead:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && ((code.Flags&encoder.IndirectFlags) != 0 || code.Next.Op == encoder.OpStructEnd) {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			if len(code.Key) > 0 {
+				if (code.Flags&encoder.IsTaggedKeyFlags) != 0 || code.Flags&encoder.AnonymousKeyFlags == 0 {
+					b = appendStructKey(ctx, code, b)
+				}
+			}
+			p += uintptr(code.Offset)
+			code = code.Next
+			store(ctxptr, code.Idx, p)
+		case encoder.OpStructPtrHeadOmitEmpty:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadOmitEmpty:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && ((code.Flags&encoder.IndirectFlags) != 0 || code.Next.Op == encoder.OpStructEnd) {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			p += uintptr(code.Offset)
+			if p == 0 || (ptrToPtr(p) == 0 && (code.Flags&encoder.IsNextOpPtrTypeFlags) != 0) {
+				code = code.NextField
+			} else {
+				b = appendStructKey(ctx, code, b)
+				code = code.Next
+				store(ctxptr, code.Idx, p)
+			}
+		case encoder.OpStructPtrHeadInt:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadInt:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			b = appendInt(ctx, b, p+uintptr(code.Offset), code)
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyInt:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyInt:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			u64 := ptrToUint64(p+uintptr(code.Offset), code.NumBitSize)
+			v := u64 & ((1 << code.NumBitSize) - 1)
+			if v == 0 {
+				code = code.NextField
+			} else {
+				b = appendStructKey(ctx, code, b)
+				b = appendInt(ctx, b, p+uintptr(code.Offset), code)
+				b = appendComma(ctx, b)
+				code = code.Next
+			}
+		case encoder.OpStructPtrHeadIntString:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadIntString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			b = append(b, '"')
+			b = appendInt(ctx, b, p+uintptr(code.Offset), code)
+			b = append(b, '"')
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyIntString:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyIntString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			p += uintptr(code.Offset)
+			u64 := ptrToUint64(p, code.NumBitSize)
+			v := u64 & ((1 << code.NumBitSize) - 1)
+			if v == 0 {
+				code = code.NextField
+			} else {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				b = appendInt(ctx, b, p, code)
+				b = append(b, '"')
+				b = appendComma(ctx, b)
+				code = code.Next
+			}
+		case encoder.OpStructPtrHeadIntPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadIntPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = appendInt(ctx, b, p, code)
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyIntPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyIntPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = appendInt(ctx, b, p, code)
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructPtrHeadIntPtrString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadIntPtrString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = append(b, '"')
+				b = appendInt(ctx, b, p, code)
+				b = append(b, '"')
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyIntPtrString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyIntPtrString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				b = appendInt(ctx, b, p, code)
+				b = append(b, '"')
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructPtrHeadUint:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadUint:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			b = appendUint(ctx, b, p+uintptr(code.Offset), code)
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyUint:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyUint:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			u64 := ptrToUint64(p+uintptr(code.Offset), code.NumBitSize)
+			v := u64 & ((1 << code.NumBitSize) - 1)
+			if v == 0 {
+				code = code.NextField
+			} else {
+				b = appendStructKey(ctx, code, b)
+				b = appendUint(ctx, b, p+uintptr(code.Offset), code)
+				b = appendComma(ctx, b)
+				code = code.Next
+			}
+		case encoder.OpStructPtrHeadUintString:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadUintString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			b = append(b, '"')
+			b = appendUint(ctx, b, p+uintptr(code.Offset), code)
+			b = append(b, '"')
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyUintString:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyUintString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			u64 := ptrToUint64(p+uintptr(code.Offset), code.NumBitSize)
+			v := u64 & ((1 << code.NumBitSize) - 1)
+			if v == 0 {
+				code = code.NextField
+			} else {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				b = appendUint(ctx, b, p+uintptr(code.Offset), code)
+				b = append(b, '"')
+				b = appendComma(ctx, b)
+				code = code.Next
+			}
+		case encoder.OpStructPtrHeadUintPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadUintPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = appendUint(ctx, b, p, code)
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyUintPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyUintPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = appendUint(ctx, b, p, code)
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructPtrHeadUintPtrString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadUintPtrString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = append(b, '"')
+				b = appendUint(ctx, b, p, code)
+				b = append(b, '"')
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyUintPtrString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyUintPtrString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				b = appendUint(ctx, b, p, code)
+				b = append(b, '"')
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructPtrHeadFloat32:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadFloat32:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			b = appendFloat32(ctx, b, ptrToFloat32(p+uintptr(code.Offset)))
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyFloat32:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyFloat32:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			v := ptrToFloat32(p + uintptr(code.Offset))
+			if v == 0 {
+				code = code.NextField
+			} else {
+				b = appendStructKey(ctx, code, b)
+				b = appendFloat32(ctx, b, v)
+				b = appendComma(ctx, b)
+				code = code.Next
+			}
+		case encoder.OpStructPtrHeadFloat32String:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadFloat32String:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			b = append(b, '"')
+			b = appendFloat32(ctx, b, ptrToFloat32(p+uintptr(code.Offset)))
+			b = append(b, '"')
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyFloat32String:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyFloat32String:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			v := ptrToFloat32(p + uintptr(code.Offset))
+			if v == 0 {
+				code = code.NextField
+			} else {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				b = appendFloat32(ctx, b, v)
+				b = append(b, '"')
+				b = appendComma(ctx, b)
+				code = code.Next
+			}
+		case encoder.OpStructPtrHeadFloat32Ptr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadFloat32Ptr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = appendFloat32(ctx, b, ptrToFloat32(p))
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyFloat32Ptr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyFloat32Ptr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = appendFloat32(ctx, b, ptrToFloat32(p))
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructPtrHeadFloat32PtrString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadFloat32PtrString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = append(b, '"')
+				b = appendFloat32(ctx, b, ptrToFloat32(p))
+				b = append(b, '"')
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyFloat32PtrString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyFloat32PtrString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				b = appendFloat32(ctx, b, ptrToFloat32(p))
+				b = append(b, '"')
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructPtrHeadFloat64:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadFloat64:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			v := ptrToFloat64(p + uintptr(code.Offset))
+			if math.IsInf(v, 0) || math.IsNaN(v) {
+				return nil, errUnsupportedFloat(v)
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			b = appendFloat64(ctx, b, v)
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyFloat64:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyFloat64:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			v := ptrToFloat64(p + uintptr(code.Offset))
+			if v == 0 {
+				code = code.NextField
+			} else {
+				if math.IsInf(v, 0) || math.IsNaN(v) {
+					return nil, errUnsupportedFloat(v)
+				}
+				b = appendStructKey(ctx, code, b)
+				b = appendFloat64(ctx, b, v)
+				b = appendComma(ctx, b)
+				code = code.Next
+			}
+		case encoder.OpStructPtrHeadFloat64String:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadFloat64String:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			v := ptrToFloat64(p + uintptr(code.Offset))
+			if math.IsInf(v, 0) || math.IsNaN(v) {
+				return nil, errUnsupportedFloat(v)
+			}
+			b = appendStructKey(ctx, code, b)
+			b = append(b, '"')
+			b = appendFloat64(ctx, b, v)
+			b = append(b, '"')
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyFloat64String:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyFloat64String:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			v := ptrToFloat64(p + uintptr(code.Offset))
+			if v == 0 {
+				code = code.NextField
+			} else {
+				if math.IsInf(v, 0) || math.IsNaN(v) {
+					return nil, errUnsupportedFloat(v)
+				}
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				b = appendFloat64(ctx, b, v)
+				b = append(b, '"')
+				b = appendComma(ctx, b)
+				code = code.Next
+			}
+		case encoder.OpStructPtrHeadFloat64Ptr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadFloat64Ptr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				v := ptrToFloat64(p)
+				if math.IsInf(v, 0) || math.IsNaN(v) {
+					return nil, errUnsupportedFloat(v)
+				}
+				b = appendFloat64(ctx, b, v)
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyFloat64Ptr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyFloat64Ptr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				v := ptrToFloat64(p)
+				if math.IsInf(v, 0) || math.IsNaN(v) {
+					return nil, errUnsupportedFloat(v)
+				}
+				b = appendFloat64(ctx, b, v)
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructPtrHeadFloat64PtrString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadFloat64PtrString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = append(b, '"')
+				v := ptrToFloat64(p)
+				if math.IsInf(v, 0) || math.IsNaN(v) {
+					return nil, errUnsupportedFloat(v)
+				}
+				b = appendFloat64(ctx, b, v)
+				b = append(b, '"')
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyFloat64PtrString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyFloat64PtrString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				v := ptrToFloat64(p)
+				if math.IsInf(v, 0) || math.IsNaN(v) {
+					return nil, errUnsupportedFloat(v)
+				}
+				b = appendFloat64(ctx, b, v)
+				b = append(b, '"')
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructPtrHeadString:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNull(ctx, b)
+					b = appendComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			b = appendString(ctx, b, ptrToString(p+uintptr(code.Offset)))
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyString:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			v := ptrToString(p + uintptr(code.Offset))
+			if v == "" {
+				code = code.NextField
+			} else {
+				b = appendStructKey(ctx, code, b)
+				b = appendString(ctx, b, v)
+				b = appendComma(ctx, b)
+				code = code.Next
+			}
+		case encoder.OpStructPtrHeadStringString:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadStringString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			b = appendString(ctx, b, string(appendString(ctx, []byte{}, ptrToString(p+uintptr(code.Offset)))))
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyStringString:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyStringString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			v := ptrToString(p + uintptr(code.Offset))
+			if v == "" {
+				code = code.NextField
+			} else {
+				b = appendStructKey(ctx, code, b)
+				b = appendString(ctx, b, string(appendString(ctx, []byte{}, v)))
+				b = appendComma(ctx, b)
+				code = code.Next
+			}
+		case encoder.OpStructPtrHeadStringPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadStringPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = appendString(ctx, b, ptrToString(p))
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyStringPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyStringPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = appendString(ctx, b, ptrToString(p))
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructPtrHeadStringPtrString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadStringPtrString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = appendString(ctx, b, string(appendString(ctx, []byte{}, ptrToString(p))))
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyStringPtrString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyStringPtrString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = appendString(ctx, b, string(appendString(ctx, []byte{}, ptrToString(p))))
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructPtrHeadBool:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadBool:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			b = appendBool(ctx, b, ptrToBool(p+uintptr(code.Offset)))
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyBool:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyBool:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			v := ptrToBool(p + uintptr(code.Offset))
+			if v {
+				b = appendStructKey(ctx, code, b)
+				b = appendBool(ctx, b, v)
+				b = appendComma(ctx, b)
+				code = code.Next
+			} else {
+				code = code.NextField
+			}
+		case encoder.OpStructPtrHeadBoolString:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadBoolString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			b = append(b, '"')
+			b = appendBool(ctx, b, ptrToBool(p+uintptr(code.Offset)))
+			b = append(b, '"')
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyBoolString:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyBoolString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			v := ptrToBool(p + uintptr(code.Offset))
+			if v {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				b = appendBool(ctx, b, v)
+				b = append(b, '"')
+				b = appendComma(ctx, b)
+				code = code.Next
+			} else {
+				code = code.NextField
+			}
+		case encoder.OpStructPtrHeadBoolPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadBoolPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = appendBool(ctx, b, ptrToBool(p))
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyBoolPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyBoolPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = appendBool(ctx, b, ptrToBool(p))
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructPtrHeadBoolPtrString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadBoolPtrString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = append(b, '"')
+				b = appendBool(ctx, b, ptrToBool(p))
+				b = append(b, '"')
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyBoolPtrString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyBoolPtrString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				b = appendBool(ctx, b, ptrToBool(p))
+				b = append(b, '"')
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructPtrHeadBytes:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadBytes:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			b = appendByteSlice(ctx, b, ptrToBytes(p+uintptr(code.Offset)))
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyBytes:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyBytes:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			v := ptrToBytes(p + uintptr(code.Offset))
+			if len(v) == 0 {
+				code = code.NextField
+			} else {
+				b = appendStructKey(ctx, code, b)
+				b = appendByteSlice(ctx, b, v)
+				b = appendComma(ctx, b)
+				code = code.Next
+			}
+		case encoder.OpStructPtrHeadBytesPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadBytesPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = appendByteSlice(ctx, b, ptrToBytes(p))
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyBytesPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyBytesPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = appendByteSlice(ctx, b, ptrToBytes(p))
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructPtrHeadNumber:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadNumber:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			bb, err := appendNumber(ctx, b, ptrToNumber(p+uintptr(code.Offset)))
+			if err != nil {
+				return nil, err
+			}
+			b = appendComma(ctx, bb)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyNumber:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyNumber:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			v := ptrToNumber(p + uintptr(code.Offset))
+			if v == "" {
+				code = code.NextField
+			} else {
+				b = appendStructKey(ctx, code, b)
+				bb, err := appendNumber(ctx, b, v)
+				if err != nil {
+					return nil, err
+				}
+				b = appendComma(ctx, bb)
+				code = code.Next
+			}
+		case encoder.OpStructPtrHeadNumberString:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadNumberString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			b = append(b, '"')
+			bb, err := appendNumber(ctx, b, ptrToNumber(p+uintptr(code.Offset)))
+			if err != nil {
+				return nil, err
+			}
+			b = append(bb, '"')
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyNumberString:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyNumberString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			v := ptrToNumber(p + uintptr(code.Offset))
+			if v == "" {
+				code = code.NextField
+			} else {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				bb, err := appendNumber(ctx, b, v)
+				if err != nil {
+					return nil, err
+				}
+				b = append(bb, '"')
+				b = appendComma(ctx, b)
+				code = code.Next
+			}
+		case encoder.OpStructPtrHeadNumberPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadNumberPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				bb, err := appendNumber(ctx, b, ptrToNumber(p))
+				if err != nil {
+					return nil, err
+				}
+				b = bb
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyNumberPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyNumberPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				bb, err := appendNumber(ctx, b, ptrToNumber(p))
+				if err != nil {
+					return nil, err
+				}
+				b = appendComma(ctx, bb)
+			}
+			code = code.Next
+		case encoder.OpStructPtrHeadNumberPtrString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadNumberPtrString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = append(b, '"')
+				bb, err := appendNumber(ctx, b, ptrToNumber(p))
+				if err != nil {
+					return nil, err
+				}
+				b = append(bb, '"')
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyNumberPtrString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyNumberPtrString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				bb, err := appendNumber(ctx, b, ptrToNumber(p))
+				if err != nil {
+					return nil, err
+				}
+				b = append(bb, '"')
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructPtrHeadArray, encoder.OpStructPtrHeadSlice:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadArray, encoder.OpStructHeadSlice:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			p += uintptr(code.Offset)
+			code = code.Next
+			store(ctxptr, code.Idx, p)
+		case encoder.OpStructPtrHeadOmitEmptyArray:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyArray:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			p += uintptr(code.Offset)
+			b = appendStructKey(ctx, code, b)
+			code = code.Next
+			store(ctxptr, code.Idx, p)
+		case encoder.OpStructPtrHeadOmitEmptySlice:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadOmitEmptySlice:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			p += uintptr(code.Offset)
+			slice := ptrToSlice(p)
+			if slice.Len == 0 {
+				code = code.NextField
+			} else {
+				b = appendStructKey(ctx, code, b)
+				code = code.Next
+				store(ctxptr, code.Idx, p)
+			}
+		case encoder.OpStructPtrHeadArrayPtr, encoder.OpStructPtrHeadSlicePtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadArrayPtr, encoder.OpStructHeadSlicePtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p == 0 {
+				b = appendNullComma(ctx, b)
+				code = code.NextField
+			} else {
+				code = code.Next
+				store(ctxptr, code.Idx, p)
+			}
+		case encoder.OpStructPtrHeadOmitEmptyArrayPtr, encoder.OpStructPtrHeadOmitEmptySlicePtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyArrayPtr, encoder.OpStructHeadOmitEmptySlicePtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p == 0 {
+				code = code.NextField
+			} else {
+				b = appendStructKey(ctx, code, b)
+				code = code.Next
+				store(ctxptr, code.Idx, p)
+			}
+		case encoder.OpStructPtrHeadMap:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadMap:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			if p != 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				p = ptrToPtr(p + uintptr(code.Offset))
+			}
+			code = code.Next
+			store(ctxptr, code.Idx, p)
+		case encoder.OpStructPtrHeadOmitEmptyMap:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyMap:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			if p != 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				p = ptrToPtr(p + uintptr(code.Offset))
+			}
+			if maplen(ptrToUnsafePtr(p)) == 0 {
+				code = code.NextField
+			} else {
+				b = appendStructKey(ctx, code, b)
+				code = code.Next
+				store(ctxptr, code.Idx, p)
+			}
+		case encoder.OpStructPtrHeadMapPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadMapPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			if p == 0 {
+				b = appendNullComma(ctx, b)
+				code = code.NextField
+				break
+			}
+			p = ptrToPtr(p + uintptr(code.Offset))
+			if p == 0 {
+				b = appendNullComma(ctx, b)
+				code = code.NextField
+			} else {
+				if (code.Flags & encoder.IndirectFlags) != 0 {
+					p = ptrToNPtr(p, code.PtrNum)
+				}
+				code = code.Next
+				store(ctxptr, code.Idx, p)
+			}
+		case encoder.OpStructPtrHeadOmitEmptyMapPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyMapPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			if p == 0 {
+				code = code.NextField
+				break
+			}
+			p = ptrToPtr(p + uintptr(code.Offset))
+			if p == 0 {
+				code = code.NextField
+			} else {
+				if (code.Flags & encoder.IndirectFlags) != 0 {
+					p = ptrToNPtr(p, code.PtrNum)
+				}
+				b = appendStructKey(ctx, code, b)
+				code = code.Next
+				store(ctxptr, code.Idx, p)
+			}
+		case encoder.OpStructPtrHeadMarshalJSON:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadMarshalJSON:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			p += uintptr(code.Offset)
+			if (code.Flags & encoder.IsNilableTypeFlags) != 0 {
+				if (code.Flags&encoder.IndirectFlags) != 0 || code.Op == encoder.OpStructPtrHeadMarshalJSON {
+					p = ptrToPtr(p)
+				}
+			}
+			if p == 0 && (code.Flags&encoder.NilCheckFlags) != 0 {
+				b = appendNull(ctx, b)
+			} else {
+				bb, err := appendMarshalJSON(ctx, code, b, ptrToInterface(code, p))
+				if err != nil {
+					return nil, err
+				}
+				b = bb
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyMarshalJSON:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyMarshalJSON:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			p += uintptr(code.Offset)
+			if (code.Flags & encoder.IsNilableTypeFlags) != 0 {
+				if (code.Flags&encoder.IndirectFlags) != 0 || code.Op == encoder.OpStructPtrHeadOmitEmptyMarshalJSON {
+					p = ptrToPtr(p)
+				}
+			}
+			iface := ptrToInterface(code, p)
+			if (code.Flags&encoder.NilCheckFlags) != 0 && encoder.IsNilForMarshaler(iface) {
+				code = code.NextField
+			} else {
+				b = appendStructKey(ctx, code, b)
+				bb, err := appendMarshalJSON(ctx, code, b, iface)
+				if err != nil {
+					return nil, err
+				}
+				b = bb
+				b = appendComma(ctx, b)
+				code = code.Next
+			}
+		case encoder.OpStructPtrHeadMarshalJSONPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadMarshalJSONPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				bb, err := appendMarshalJSON(ctx, code, b, ptrToInterface(code, p))
+				if err != nil {
+					return nil, err
+				}
+				b = bb
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyMarshalJSONPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyMarshalJSONPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			if p == 0 {
+				code = code.NextField
+			} else {
+				b = appendStructKey(ctx, code, b)
+				bb, err := appendMarshalJSON(ctx, code, b, ptrToInterface(code, p))
+				if err != nil {
+					return nil, err
+				}
+				b = bb
+				b = appendComma(ctx, b)
+				code = code.Next
+			}
+		case encoder.OpStructPtrHeadMarshalText:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadMarshalText:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			p += uintptr(code.Offset)
+			if (code.Flags & encoder.IsNilableTypeFlags) != 0 {
+				if (code.Flags&encoder.IndirectFlags) != 0 || code.Op == encoder.OpStructPtrHeadMarshalText {
+					p = ptrToPtr(p)
+				}
+			}
+			if p == 0 && (code.Flags&encoder.NilCheckFlags) != 0 {
+				b = appendNull(ctx, b)
+			} else {
+				bb, err := appendMarshalText(ctx, code, b, ptrToInterface(code, p))
+				if err != nil {
+					return nil, err
+				}
+				b = bb
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyMarshalText:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyMarshalText:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			p += uintptr(code.Offset)
+			if (code.Flags & encoder.IsNilableTypeFlags) != 0 {
+				if (code.Flags&encoder.IndirectFlags) != 0 || code.Op == encoder.OpStructPtrHeadOmitEmptyMarshalText {
+					p = ptrToPtr(p)
+				}
+			}
+			if p == 0 && (code.Flags&encoder.NilCheckFlags) != 0 {
+				code = code.NextField
+			} else {
+				b = appendStructKey(ctx, code, b)
+				bb, err := appendMarshalText(ctx, code, b, ptrToInterface(code, p))
+				if err != nil {
+					return nil, err
+				}
+				b = bb
+				b = appendComma(ctx, b)
+				code = code.Next
+			}
+		case encoder.OpStructPtrHeadMarshalTextPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadMarshalTextPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				bb, err := appendMarshalText(ctx, code, b, ptrToInterface(code, p))
+				if err != nil {
+					return nil, err
+				}
+				b = bb
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyMarshalTextPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyMarshalTextPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			if p == 0 {
+				code = code.NextField
+			} else {
+				b = appendStructKey(ctx, code, b)
+				bb, err := appendMarshalText(ctx, code, b, ptrToInterface(code, p))
+				if err != nil {
+					return nil, err
+				}
+				b = bb
+				b = appendComma(ctx, b)
+				code = code.Next
+			}
+		case encoder.OpStructField:
+			if code.Flags&encoder.IsTaggedKeyFlags != 0 || code.Flags&encoder.AnonymousKeyFlags == 0 {
+				b = appendStructKey(ctx, code, b)
+			}
+			p := load(ctxptr, code.Idx) + uintptr(code.Offset)
+			code = code.Next
+			store(ctxptr, code.Idx, p)
+		case encoder.OpStructFieldOmitEmpty:
+			p := load(ctxptr, code.Idx)
+			p += uintptr(code.Offset)
+			if ptrToPtr(p) == 0 && (code.Flags&encoder.IsNextOpPtrTypeFlags) != 0 {
+				code = code.NextField
+			} else {
+				b = appendStructKey(ctx, code, b)
+				code = code.Next
+				store(ctxptr, code.Idx, p)
+			}
+		case encoder.OpStructFieldInt:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			b = appendInt(ctx, b, p+uintptr(code.Offset), code)
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyInt:
+			p := load(ctxptr, code.Idx)
+			u64 := ptrToUint64(p+uintptr(code.Offset), code.NumBitSize)
+			v := u64 & ((1 << code.NumBitSize) - 1)
+			if v != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = appendInt(ctx, b, p+uintptr(code.Offset), code)
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructFieldIntString:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			b = append(b, '"')
+			b = appendInt(ctx, b, p+uintptr(code.Offset), code)
+			b = append(b, '"')
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyIntString:
+			p := load(ctxptr, code.Idx)
+			u64 := ptrToUint64(p+uintptr(code.Offset), code.NumBitSize)
+			v := u64 & ((1 << code.NumBitSize) - 1)
+			if v != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				b = appendInt(ctx, b, p+uintptr(code.Offset), code)
+				b = append(b, '"')
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructFieldIntPtr:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			b = appendStructKey(ctx, code, b)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = appendInt(ctx, b, p, code)
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyIntPtr:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = appendInt(ctx, b, p, code)
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructFieldIntPtrString:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			b = appendStructKey(ctx, code, b)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = append(b, '"')
+				b = appendInt(ctx, b, p, code)
+				b = append(b, '"')
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyIntPtrString:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				b = appendInt(ctx, b, p, code)
+				b = append(b, '"')
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructFieldUint:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			b = appendUint(ctx, b, p+uintptr(code.Offset), code)
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyUint:
+			p := load(ctxptr, code.Idx)
+			u64 := ptrToUint64(p+uintptr(code.Offset), code.NumBitSize)
+			v := u64 & ((1 << code.NumBitSize) - 1)
+			if v != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = appendUint(ctx, b, p+uintptr(code.Offset), code)
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructFieldUintString:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			b = append(b, '"')
+			b = appendUint(ctx, b, p+uintptr(code.Offset), code)
+			b = append(b, '"')
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyUintString:
+			p := load(ctxptr, code.Idx)
+			u64 := ptrToUint64(p+uintptr(code.Offset), code.NumBitSize)
+			v := u64 & ((1 << code.NumBitSize) - 1)
+			if v != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				b = appendUint(ctx, b, p+uintptr(code.Offset), code)
+				b = append(b, '"')
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructFieldUintPtr:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			b = appendStructKey(ctx, code, b)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = appendUint(ctx, b, p, code)
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyUintPtr:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = appendUint(ctx, b, p, code)
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructFieldUintPtrString:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			b = appendStructKey(ctx, code, b)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = append(b, '"')
+				b = appendUint(ctx, b, p, code)
+				b = append(b, '"')
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyUintPtrString:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				b = appendUint(ctx, b, p, code)
+				b = append(b, '"')
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructFieldFloat32:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			b = appendFloat32(ctx, b, ptrToFloat32(p+uintptr(code.Offset)))
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyFloat32:
+			p := load(ctxptr, code.Idx)
+			v := ptrToFloat32(p + uintptr(code.Offset))
+			if v != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = appendFloat32(ctx, b, v)
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructFieldFloat32String:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			b = append(b, '"')
+			b = appendFloat32(ctx, b, ptrToFloat32(p+uintptr(code.Offset)))
+			b = append(b, '"')
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyFloat32String:
+			p := load(ctxptr, code.Idx)
+			v := ptrToFloat32(p + uintptr(code.Offset))
+			if v != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				b = appendFloat32(ctx, b, v)
+				b = append(b, '"')
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructFieldFloat32Ptr:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			b = appendStructKey(ctx, code, b)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = appendFloat32(ctx, b, ptrToFloat32(p))
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyFloat32Ptr:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = appendFloat32(ctx, b, ptrToFloat32(p))
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructFieldFloat32PtrString:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			b = appendStructKey(ctx, code, b)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = append(b, '"')
+				b = appendFloat32(ctx, b, ptrToFloat32(p))
+				b = append(b, '"')
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyFloat32PtrString:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				b = appendFloat32(ctx, b, ptrToFloat32(p))
+				b = append(b, '"')
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructFieldFloat64:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			v := ptrToFloat64(p + uintptr(code.Offset))
+			if math.IsInf(v, 0) || math.IsNaN(v) {
+				return nil, errUnsupportedFloat(v)
+			}
+			b = appendFloat64(ctx, b, v)
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyFloat64:
+			p := load(ctxptr, code.Idx)
+			v := ptrToFloat64(p + uintptr(code.Offset))
+			if v != 0 {
+				if math.IsInf(v, 0) || math.IsNaN(v) {
+					return nil, errUnsupportedFloat(v)
+				}
+				b = appendStructKey(ctx, code, b)
+				b = appendFloat64(ctx, b, v)
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructFieldFloat64String:
+			p := load(ctxptr, code.Idx)
+			v := ptrToFloat64(p + uintptr(code.Offset))
+			if math.IsInf(v, 0) || math.IsNaN(v) {
+				return nil, errUnsupportedFloat(v)
+			}
+			b = appendStructKey(ctx, code, b)
+			b = append(b, '"')
+			b = appendFloat64(ctx, b, v)
+			b = append(b, '"')
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyFloat64String:
+			p := load(ctxptr, code.Idx)
+			v := ptrToFloat64(p + uintptr(code.Offset))
+			if v != 0 {
+				if math.IsInf(v, 0) || math.IsNaN(v) {
+					return nil, errUnsupportedFloat(v)
+				}
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				b = appendFloat64(ctx, b, v)
+				b = append(b, '"')
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructFieldFloat64Ptr:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			b = appendStructKey(ctx, code, b)
+			if p == 0 {
+				b = appendNullComma(ctx, b)
+				code = code.Next
+				break
+			}
+			v := ptrToFloat64(p)
+			if math.IsInf(v, 0) || math.IsNaN(v) {
+				return nil, errUnsupportedFloat(v)
+			}
+			b = appendFloat64(ctx, b, v)
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyFloat64Ptr:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				v := ptrToFloat64(p)
+				if math.IsInf(v, 0) || math.IsNaN(v) {
+					return nil, errUnsupportedFloat(v)
+				}
+				b = appendFloat64(ctx, b, v)
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructFieldFloat64PtrString:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			b = appendStructKey(ctx, code, b)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				v := ptrToFloat64(p)
+				if math.IsInf(v, 0) || math.IsNaN(v) {
+					return nil, errUnsupportedFloat(v)
+				}
+				b = append(b, '"')
+				b = appendFloat64(ctx, b, v)
+				b = append(b, '"')
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyFloat64PtrString:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				v := ptrToFloat64(p)
+				if math.IsInf(v, 0) || math.IsNaN(v) {
+					return nil, errUnsupportedFloat(v)
+				}
+				b = appendFloat64(ctx, b, v)
+				b = append(b, '"')
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructFieldString:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			b = appendString(ctx, b, ptrToString(p+uintptr(code.Offset)))
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyString:
+			p := load(ctxptr, code.Idx)
+			v := ptrToString(p + uintptr(code.Offset))
+			if v != "" {
+				b = appendStructKey(ctx, code, b)
+				b = appendString(ctx, b, v)
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructFieldStringString:
+			p := load(ctxptr, code.Idx)
+			s := ptrToString(p + uintptr(code.Offset))
+			b = appendStructKey(ctx, code, b)
+			b = appendString(ctx, b, string(appendString(ctx, []byte{}, s)))
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyStringString:
+			p := load(ctxptr, code.Idx)
+			v := ptrToString(p + uintptr(code.Offset))
+			if v != "" {
+				b = appendStructKey(ctx, code, b)
+				b = appendString(ctx, b, string(appendString(ctx, []byte{}, v)))
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructFieldStringPtr:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			b = appendStructKey(ctx, code, b)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = appendString(ctx, b, ptrToString(p))
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyStringPtr:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = appendString(ctx, b, ptrToString(p))
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructFieldStringPtrString:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			b = appendStructKey(ctx, code, b)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = appendString(ctx, b, string(appendString(ctx, []byte{}, ptrToString(p))))
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyStringPtrString:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = appendString(ctx, b, string(appendString(ctx, []byte{}, ptrToString(p))))
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructFieldBool:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			b = appendBool(ctx, b, ptrToBool(p+uintptr(code.Offset)))
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyBool:
+			p := load(ctxptr, code.Idx)
+			v := ptrToBool(p + uintptr(code.Offset))
+			if v {
+				b = appendStructKey(ctx, code, b)
+				b = appendBool(ctx, b, v)
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructFieldBoolString:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			b = append(b, '"')
+			b = appendBool(ctx, b, ptrToBool(p+uintptr(code.Offset)))
+			b = append(b, '"')
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyBoolString:
+			p := load(ctxptr, code.Idx)
+			v := ptrToBool(p + uintptr(code.Offset))
+			if v {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				b = appendBool(ctx, b, v)
+				b = append(b, '"')
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructFieldBoolPtr:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			b = appendStructKey(ctx, code, b)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = appendBool(ctx, b, ptrToBool(p))
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyBoolPtr:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = appendBool(ctx, b, ptrToBool(p))
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructFieldBoolPtrString:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			b = appendStructKey(ctx, code, b)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = append(b, '"')
+				b = appendBool(ctx, b, ptrToBool(p))
+				b = append(b, '"')
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyBoolPtrString:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				b = appendBool(ctx, b, ptrToBool(p))
+				b = append(b, '"')
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructFieldBytes:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			b = appendByteSlice(ctx, b, ptrToBytes(p+uintptr(code.Offset)))
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyBytes:
+			p := load(ctxptr, code.Idx)
+			v := ptrToBytes(p + uintptr(code.Offset))
+			if len(v) > 0 {
+				b = appendStructKey(ctx, code, b)
+				b = appendByteSlice(ctx, b, v)
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructFieldBytesPtr:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			b = appendStructKey(ctx, code, b)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = appendByteSlice(ctx, b, ptrToBytes(p))
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyBytesPtr:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = appendByteSlice(ctx, b, ptrToBytes(p))
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructFieldNumber:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			bb, err := appendNumber(ctx, b, ptrToNumber(p+uintptr(code.Offset)))
+			if err != nil {
+				return nil, err
+			}
+			b = appendComma(ctx, bb)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyNumber:
+			p := load(ctxptr, code.Idx)
+			v := ptrToNumber(p + uintptr(code.Offset))
+			if v != "" {
+				b = appendStructKey(ctx, code, b)
+				bb, err := appendNumber(ctx, b, v)
+				if err != nil {
+					return nil, err
+				}
+				b = appendComma(ctx, bb)
+			}
+			code = code.Next
+		case encoder.OpStructFieldNumberString:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			b = append(b, '"')
+			bb, err := appendNumber(ctx, b, ptrToNumber(p+uintptr(code.Offset)))
+			if err != nil {
+				return nil, err
+			}
+			b = append(bb, '"')
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyNumberString:
+			p := load(ctxptr, code.Idx)
+			v := ptrToNumber(p + uintptr(code.Offset))
+			if v != "" {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				bb, err := appendNumber(ctx, b, v)
+				if err != nil {
+					return nil, err
+				}
+				b = append(bb, '"')
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructFieldNumberPtr:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			b = appendStructKey(ctx, code, b)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				bb, err := appendNumber(ctx, b, ptrToNumber(p))
+				if err != nil {
+					return nil, err
+				}
+				b = bb
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyNumberPtr:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				bb, err := appendNumber(ctx, b, ptrToNumber(p))
+				if err != nil {
+					return nil, err
+				}
+				b = appendComma(ctx, bb)
+			}
+			code = code.Next
+		case encoder.OpStructFieldNumberPtrString:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			b = appendStructKey(ctx, code, b)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = append(b, '"')
+				bb, err := appendNumber(ctx, b, ptrToNumber(p))
+				if err != nil {
+					return nil, err
+				}
+				b = append(bb, '"')
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyNumberPtrString:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				bb, err := appendNumber(ctx, b, ptrToNumber(p))
+				if err != nil {
+					return nil, err
+				}
+				b = append(bb, '"')
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructFieldMarshalJSON:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			p += uintptr(code.Offset)
+			if (code.Flags & encoder.IsNilableTypeFlags) != 0 {
+				p = ptrToPtr(p)
+			}
+			if p == 0 && (code.Flags&encoder.NilCheckFlags) != 0 {
+				b = appendNull(ctx, b)
+			} else {
+				bb, err := appendMarshalJSON(ctx, code, b, ptrToInterface(code, p))
+				if err != nil {
+					return nil, err
+				}
+				b = bb
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyMarshalJSON:
+			p := load(ctxptr, code.Idx)
+			p += uintptr(code.Offset)
+			if (code.Flags & encoder.IsNilableTypeFlags) != 0 {
+				p = ptrToPtr(p)
+			}
+			if p == 0 && (code.Flags&encoder.NilCheckFlags) != 0 {
+				code = code.NextField
+				break
+			}
+			iface := ptrToInterface(code, p)
+			if (code.Flags&encoder.NilCheckFlags) != 0 && encoder.IsNilForMarshaler(iface) {
+				code = code.NextField
+				break
+			}
+			b = appendStructKey(ctx, code, b)
+			bb, err := appendMarshalJSON(ctx, code, b, iface)
+			if err != nil {
+				return nil, err
+			}
+			b = appendComma(ctx, bb)
+			code = code.Next
+		case encoder.OpStructFieldMarshalJSONPtr:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				bb, err := appendMarshalJSON(ctx, code, b, ptrToInterface(code, p))
+				if err != nil {
+					return nil, err
+				}
+				b = bb
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyMarshalJSONPtr:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				bb, err := appendMarshalJSON(ctx, code, b, ptrToInterface(code, p))
+				if err != nil {
+					return nil, err
+				}
+				b = appendComma(ctx, bb)
+			}
+			code = code.Next
+		case encoder.OpStructFieldMarshalText:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			p += uintptr(code.Offset)
+			if (code.Flags & encoder.IsNilableTypeFlags) != 0 {
+				p = ptrToPtr(p)
+			}
+			if p == 0 && (code.Flags&encoder.NilCheckFlags) != 0 {
+				b = appendNull(ctx, b)
+			} else {
+				bb, err := appendMarshalText(ctx, code, b, ptrToInterface(code, p))
+				if err != nil {
+					return nil, err
+				}
+				b = bb
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyMarshalText:
+			p := load(ctxptr, code.Idx)
+			p += uintptr(code.Offset)
+			if (code.Flags & encoder.IsNilableTypeFlags) != 0 {
+				p = ptrToPtr(p)
+			}
+			if p == 0 && (code.Flags&encoder.NilCheckFlags) != 0 {
+				code = code.NextField
+				break
+			}
+			b = appendStructKey(ctx, code, b)
+			bb, err := appendMarshalText(ctx, code, b, ptrToInterface(code, p))
+			if err != nil {
+				return nil, err
+			}
+			b = appendComma(ctx, bb)
+			code = code.Next
+		case encoder.OpStructFieldMarshalTextPtr:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				bb, err := appendMarshalText(ctx, code, b, ptrToInterface(code, p))
+				if err != nil {
+					return nil, err
+				}
+				b = bb
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyMarshalTextPtr:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				bb, err := appendMarshalText(ctx, code, b, ptrToInterface(code, p))
+				if err != nil {
+					return nil, err
+				}
+				b = appendComma(ctx, bb)
+			}
+			code = code.Next
+		case encoder.OpStructFieldArray:
+			b = appendStructKey(ctx, code, b)
+			p := load(ctxptr, code.Idx)
+			p += uintptr(code.Offset)
+			code = code.Next
+			store(ctxptr, code.Idx, p)
+		case encoder.OpStructFieldOmitEmptyArray:
+			b = appendStructKey(ctx, code, b)
+			p := load(ctxptr, code.Idx)
+			p += uintptr(code.Offset)
+			code = code.Next
+			store(ctxptr, code.Idx, p)
+		case encoder.OpStructFieldArrayPtr:
+			b = appendStructKey(ctx, code, b)
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			code = code.Next
+			store(ctxptr, code.Idx, p)
+		case encoder.OpStructFieldOmitEmptyArrayPtr:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				code = code.Next
+				store(ctxptr, code.Idx, p)
+			} else {
+				code = code.NextField
+			}
+		case encoder.OpStructFieldSlice:
+			b = appendStructKey(ctx, code, b)
+			p := load(ctxptr, code.Idx)
+			p += uintptr(code.Offset)
+			code = code.Next
+			store(ctxptr, code.Idx, p)
+		case encoder.OpStructFieldOmitEmptySlice:
+			p := load(ctxptr, code.Idx)
+			p += uintptr(code.Offset)
+			slice := ptrToSlice(p)
+			if slice.Len == 0 {
+				code = code.NextField
+			} else {
+				b = appendStructKey(ctx, code, b)
+				code = code.Next
+				store(ctxptr, code.Idx, p)
+			}
+		case encoder.OpStructFieldSlicePtr:
+			b = appendStructKey(ctx, code, b)
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			code = code.Next
+			store(ctxptr, code.Idx, p)
+		case encoder.OpStructFieldOmitEmptySlicePtr:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				code = code.Next
+				store(ctxptr, code.Idx, p)
+			} else {
+				code = code.NextField
+			}
+		case encoder.OpStructFieldMap:
+			b = appendStructKey(ctx, code, b)
+			p := load(ctxptr, code.Idx)
+			p = ptrToPtr(p + uintptr(code.Offset))
+			code = code.Next
+			store(ctxptr, code.Idx, p)
+		case encoder.OpStructFieldOmitEmptyMap:
+			p := load(ctxptr, code.Idx)
+			p = ptrToPtr(p + uintptr(code.Offset))
+			if p == 0 || maplen(ptrToUnsafePtr(p)) == 0 {
+				code = code.NextField
+			} else {
+				b = appendStructKey(ctx, code, b)
+				code = code.Next
+				store(ctxptr, code.Idx, p)
+			}
+		case encoder.OpStructFieldMapPtr:
+			b = appendStructKey(ctx, code, b)
+			p := load(ctxptr, code.Idx)
+			p = ptrToPtr(p + uintptr(code.Offset))
+			if p != 0 {
+				p = ptrToNPtr(p, code.PtrNum)
+			}
+			code = code.Next
+			store(ctxptr, code.Idx, p)
+		case encoder.OpStructFieldOmitEmptyMapPtr:
+			p := load(ctxptr, code.Idx)
+			p = ptrToPtr(p + uintptr(code.Offset))
+			if p != 0 {
+				p = ptrToNPtr(p, code.PtrNum)
+			}
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				code = code.Next
+				store(ctxptr, code.Idx, p)
+			} else {
+				code = code.NextField
+			}
+		case encoder.OpStructFieldStruct:
+			b = appendStructKey(ctx, code, b)
+			p := load(ctxptr, code.Idx)
+			p += uintptr(code.Offset)
+			code = code.Next
+			store(ctxptr, code.Idx, p)
+		case encoder.OpStructFieldOmitEmptyStruct:
+			p := load(ctxptr, code.Idx)
+			p += uintptr(code.Offset)
+			if ptrToPtr(p) == 0 && (code.Flags&encoder.IsNextOpPtrTypeFlags) != 0 {
+				code = code.NextField
+			} else {
+				b = appendStructKey(ctx, code, b)
+				code = code.Next
+				store(ctxptr, code.Idx, p)
+			}
+		case encoder.OpStructEnd:
+			b = appendStructEndSkipLast(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndInt:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			b = appendInt(ctx, b, p+uintptr(code.Offset), code)
+			b = appendStructEnd(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyInt:
+			p := load(ctxptr, code.Idx)
+			u64 := ptrToUint64(p+uintptr(code.Offset), code.NumBitSize)
+			v := u64 & ((1 << code.NumBitSize) - 1)
+			if v != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = appendInt(ctx, b, p+uintptr(code.Offset), code)
+				b = appendStructEnd(ctx, code, b)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpStructEndIntString:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			b = append(b, '"')
+			b = appendInt(ctx, b, p+uintptr(code.Offset), code)
+			b = append(b, '"')
+			b = appendStructEnd(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyIntString:
+			p := load(ctxptr, code.Idx)
+			u64 := ptrToUint64(p+uintptr(code.Offset), code.NumBitSize)
+			v := u64 & ((1 << code.NumBitSize) - 1)
+			if v != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				b = appendInt(ctx, b, p+uintptr(code.Offset), code)
+				b = append(b, '"')
+				b = appendStructEnd(ctx, code, b)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpStructEndIntPtr:
+			b = appendStructKey(ctx, code, b)
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = appendInt(ctx, b, p, code)
+			}
+			b = appendStructEnd(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyIntPtr:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = appendInt(ctx, b, p, code)
+				b = appendStructEnd(ctx, code, b)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpStructEndIntPtrString:
+			b = appendStructKey(ctx, code, b)
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = append(b, '"')
+				b = appendInt(ctx, b, p, code)
+				b = append(b, '"')
+			}
+			b = appendStructEnd(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyIntPtrString:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				b = appendInt(ctx, b, p, code)
+				b = append(b, '"')
+				b = appendStructEnd(ctx, code, b)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpStructEndUint:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			b = appendUint(ctx, b, p+uintptr(code.Offset), code)
+			b = appendStructEnd(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyUint:
+			p := load(ctxptr, code.Idx)
+			u64 := ptrToUint64(p+uintptr(code.Offset), code.NumBitSize)
+			v := u64 & ((1 << code.NumBitSize) - 1)
+			if v != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = appendUint(ctx, b, p+uintptr(code.Offset), code)
+				b = appendStructEnd(ctx, code, b)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpStructEndUintString:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			b = append(b, '"')
+			b = appendUint(ctx, b, p+uintptr(code.Offset), code)
+			b = append(b, '"')
+			b = appendStructEnd(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyUintString:
+			p := load(ctxptr, code.Idx)
+			u64 := ptrToUint64(p+uintptr(code.Offset), code.NumBitSize)
+			v := u64 & ((1 << code.NumBitSize) - 1)
+			if v != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				b = appendUint(ctx, b, p+uintptr(code.Offset), code)
+				b = append(b, '"')
+				b = appendStructEnd(ctx, code, b)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpStructEndUintPtr:
+			b = appendStructKey(ctx, code, b)
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = appendUint(ctx, b, p, code)
+			}
+			b = appendStructEnd(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyUintPtr:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = appendUint(ctx, b, p, code)
+				b = appendStructEnd(ctx, code, b)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpStructEndUintPtrString:
+			b = appendStructKey(ctx, code, b)
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = append(b, '"')
+				b = appendUint(ctx, b, p, code)
+				b = append(b, '"')
+			}
+			b = appendStructEnd(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyUintPtrString:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				b = appendUint(ctx, b, p, code)
+				b = append(b, '"')
+				b = appendStructEnd(ctx, code, b)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpStructEndFloat32:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			b = appendFloat32(ctx, b, ptrToFloat32(p+uintptr(code.Offset)))
+			b = appendStructEnd(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyFloat32:
+			p := load(ctxptr, code.Idx)
+			v := ptrToFloat32(p + uintptr(code.Offset))
+			if v != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = appendFloat32(ctx, b, v)
+				b = appendStructEnd(ctx, code, b)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpStructEndFloat32String:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			b = append(b, '"')
+			b = appendFloat32(ctx, b, ptrToFloat32(p+uintptr(code.Offset)))
+			b = append(b, '"')
+			b = appendStructEnd(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyFloat32String:
+			p := load(ctxptr, code.Idx)
+			v := ptrToFloat32(p + uintptr(code.Offset))
+			if v != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				b = appendFloat32(ctx, b, v)
+				b = append(b, '"')
+				b = appendStructEnd(ctx, code, b)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpStructEndFloat32Ptr:
+			b = appendStructKey(ctx, code, b)
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = appendFloat32(ctx, b, ptrToFloat32(p))
+			}
+			b = appendStructEnd(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyFloat32Ptr:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = appendFloat32(ctx, b, ptrToFloat32(p))
+				b = appendStructEnd(ctx, code, b)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpStructEndFloat32PtrString:
+			b = appendStructKey(ctx, code, b)
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = append(b, '"')
+				b = appendFloat32(ctx, b, ptrToFloat32(p))
+				b = append(b, '"')
+			}
+			b = appendStructEnd(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyFloat32PtrString:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				b = appendFloat32(ctx, b, ptrToFloat32(p))
+				b = append(b, '"')
+				b = appendStructEnd(ctx, code, b)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpStructEndFloat64:
+			p := load(ctxptr, code.Idx)
+			v := ptrToFloat64(p + uintptr(code.Offset))
+			if math.IsInf(v, 0) || math.IsNaN(v) {
+				return nil, errUnsupportedFloat(v)
+			}
+			b = appendStructKey(ctx, code, b)
+			b = appendFloat64(ctx, b, v)
+			b = appendStructEnd(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyFloat64:
+			p := load(ctxptr, code.Idx)
+			v := ptrToFloat64(p + uintptr(code.Offset))
+			if v != 0 {
+				if math.IsInf(v, 0) || math.IsNaN(v) {
+					return nil, errUnsupportedFloat(v)
+				}
+				b = appendStructKey(ctx, code, b)
+				b = appendFloat64(ctx, b, v)
+				b = appendStructEnd(ctx, code, b)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpStructEndFloat64String:
+			p := load(ctxptr, code.Idx)
+			v := ptrToFloat64(p + uintptr(code.Offset))
+			if math.IsInf(v, 0) || math.IsNaN(v) {
+				return nil, errUnsupportedFloat(v)
+			}
+			b = appendStructKey(ctx, code, b)
+			b = append(b, '"')
+			b = appendFloat64(ctx, b, v)
+			b = append(b, '"')
+			b = appendStructEnd(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyFloat64String:
+			p := load(ctxptr, code.Idx)
+			v := ptrToFloat64(p + uintptr(code.Offset))
+			if v != 0 {
+				if math.IsInf(v, 0) || math.IsNaN(v) {
+					return nil, errUnsupportedFloat(v)
+				}
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				b = appendFloat64(ctx, b, v)
+				b = append(b, '"')
+				b = appendStructEnd(ctx, code, b)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpStructEndFloat64Ptr:
+			b = appendStructKey(ctx, code, b)
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p == 0 {
+				b = appendNull(ctx, b)
+				b = appendStructEnd(ctx, code, b)
+				code = code.Next
+				break
+			}
+			v := ptrToFloat64(p)
+			if math.IsInf(v, 0) || math.IsNaN(v) {
+				return nil, errUnsupportedFloat(v)
+			}
+			b = appendFloat64(ctx, b, v)
+			b = appendStructEnd(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyFloat64Ptr:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				v := ptrToFloat64(p)
+				if math.IsInf(v, 0) || math.IsNaN(v) {
+					return nil, errUnsupportedFloat(v)
+				}
+				b = appendFloat64(ctx, b, v)
+				b = appendStructEnd(ctx, code, b)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpStructEndFloat64PtrString:
+			b = appendStructKey(ctx, code, b)
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = append(b, '"')
+				v := ptrToFloat64(p)
+				if math.IsInf(v, 0) || math.IsNaN(v) {
+					return nil, errUnsupportedFloat(v)
+				}
+				b = appendFloat64(ctx, b, v)
+				b = append(b, '"')
+			}
+			b = appendStructEnd(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyFloat64PtrString:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				v := ptrToFloat64(p)
+				if math.IsInf(v, 0) || math.IsNaN(v) {
+					return nil, errUnsupportedFloat(v)
+				}
+				b = append(b, '"')
+				b = appendFloat64(ctx, b, v)
+				b = append(b, '"')
+				b = appendStructEnd(ctx, code, b)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpStructEndString:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			b = appendString(ctx, b, ptrToString(p+uintptr(code.Offset)))
+			b = appendStructEnd(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyString:
+			p := load(ctxptr, code.Idx)
+			v := ptrToString(p + uintptr(code.Offset))
+			if v != "" {
+				b = appendStructKey(ctx, code, b)
+				b = appendString(ctx, b, v)
+				b = appendStructEnd(ctx, code, b)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpStructEndStringString:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			s := ptrToString(p + uintptr(code.Offset))
+			b = appendString(ctx, b, string(appendString(ctx, []byte{}, s)))
+			b = appendStructEnd(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyStringString:
+			p := load(ctxptr, code.Idx)
+			v := ptrToString(p + uintptr(code.Offset))
+			if v != "" {
+				b = appendStructKey(ctx, code, b)
+				b = appendString(ctx, b, string(appendString(ctx, []byte{}, v)))
+				b = appendStructEnd(ctx, code, b)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpStructEndStringPtr:
+			b = appendStructKey(ctx, code, b)
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = appendString(ctx, b, ptrToString(p))
+			}
+			b = appendStructEnd(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyStringPtr:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = appendString(ctx, b, ptrToString(p))
+				b = appendStructEnd(ctx, code, b)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpStructEndStringPtrString:
+			b = appendStructKey(ctx, code, b)
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = appendString(ctx, b, string(appendString(ctx, []byte{}, ptrToString(p))))
+			}
+			b = appendStructEnd(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyStringPtrString:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = appendString(ctx, b, string(appendString(ctx, []byte{}, ptrToString(p))))
+				b = appendStructEnd(ctx, code, b)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpStructEndBool:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			b = appendBool(ctx, b, ptrToBool(p+uintptr(code.Offset)))
+			b = appendStructEnd(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyBool:
+			p := load(ctxptr, code.Idx)
+			v := ptrToBool(p + uintptr(code.Offset))
+			if v {
+				b = appendStructKey(ctx, code, b)
+				b = appendBool(ctx, b, v)
+				b = appendStructEnd(ctx, code, b)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpStructEndBoolString:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			b = append(b, '"')
+			b = appendBool(ctx, b, ptrToBool(p+uintptr(code.Offset)))
+			b = append(b, '"')
+			b = appendStructEnd(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyBoolString:
+			p := load(ctxptr, code.Idx)
+			v := ptrToBool(p + uintptr(code.Offset))
+			if v {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				b = appendBool(ctx, b, v)
+				b = append(b, '"')
+				b = appendStructEnd(ctx, code, b)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpStructEndBoolPtr:
+			b = appendStructKey(ctx, code, b)
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = appendBool(ctx, b, ptrToBool(p))
+			}
+			b = appendStructEnd(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyBoolPtr:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = appendBool(ctx, b, ptrToBool(p))
+				b = appendStructEnd(ctx, code, b)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpStructEndBoolPtrString:
+			b = appendStructKey(ctx, code, b)
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = append(b, '"')
+				b = appendBool(ctx, b, ptrToBool(p))
+				b = append(b, '"')
+			}
+			b = appendStructEnd(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyBoolPtrString:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				b = appendBool(ctx, b, ptrToBool(p))
+				b = append(b, '"')
+				b = appendStructEnd(ctx, code, b)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpStructEndBytes:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			b = appendByteSlice(ctx, b, ptrToBytes(p+uintptr(code.Offset)))
+			b = appendStructEnd(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyBytes:
+			p := load(ctxptr, code.Idx)
+			v := ptrToBytes(p + uintptr(code.Offset))
+			if len(v) > 0 {
+				b = appendStructKey(ctx, code, b)
+				b = appendByteSlice(ctx, b, v)
+				b = appendStructEnd(ctx, code, b)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpStructEndBytesPtr:
+			b = appendStructKey(ctx, code, b)
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = appendByteSlice(ctx, b, ptrToBytes(p))
+			}
+			b = appendStructEnd(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyBytesPtr:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = appendByteSlice(ctx, b, ptrToBytes(p))
+				b = appendStructEnd(ctx, code, b)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpStructEndNumber:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			bb, err := appendNumber(ctx, b, ptrToNumber(p+uintptr(code.Offset)))
+			if err != nil {
+				return nil, err
+			}
+			b = appendStructEnd(ctx, code, bb)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyNumber:
+			p := load(ctxptr, code.Idx)
+			v := ptrToNumber(p + uintptr(code.Offset))
+			if v != "" {
+				b = appendStructKey(ctx, code, b)
+				bb, err := appendNumber(ctx, b, v)
+				if err != nil {
+					return nil, err
+				}
+				b = appendStructEnd(ctx, code, bb)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpStructEndNumberString:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			b = append(b, '"')
+			bb, err := appendNumber(ctx, b, ptrToNumber(p+uintptr(code.Offset)))
+			if err != nil {
+				return nil, err
+			}
+			b = append(bb, '"')
+			b = appendStructEnd(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyNumberString:
+			p := load(ctxptr, code.Idx)
+			v := ptrToNumber(p + uintptr(code.Offset))
+			if v != "" {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				bb, err := appendNumber(ctx, b, v)
+				if err != nil {
+					return nil, err
+				}
+				b = append(bb, '"')
+				b = appendStructEnd(ctx, code, b)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpStructEndNumberPtr:
+			b = appendStructKey(ctx, code, b)
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				bb, err := appendNumber(ctx, b, ptrToNumber(p))
+				if err != nil {
+					return nil, err
+				}
+				b = bb
+			}
+			b = appendStructEnd(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyNumberPtr:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				bb, err := appendNumber(ctx, b, ptrToNumber(p))
+				if err != nil {
+					return nil, err
+				}
+				b = appendStructEnd(ctx, code, bb)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpStructEndNumberPtrString:
+			b = appendStructKey(ctx, code, b)
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = append(b, '"')
+				bb, err := appendNumber(ctx, b, ptrToNumber(p))
+				if err != nil {
+					return nil, err
+				}
+				b = append(bb, '"')
+			}
+			b = appendStructEnd(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyNumberPtrString:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				bb, err := appendNumber(ctx, b, ptrToNumber(p))
+				if err != nil {
+					return nil, err
+				}
+				b = append(bb, '"')
+				b = appendStructEnd(ctx, code, b)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpEnd:
+			goto END
+		}
+	}
+END:
+	return b, nil
+}
diff --git a/vendor/github.com/goccy/go-json/internal/encoder/vm_color/debug_vm.go b/vendor/github.com/goccy/go-json/internal/encoder/vm_color/debug_vm.go
new file mode 100644
index 000000000..925f61ed8
--- /dev/null
+++ b/vendor/github.com/goccy/go-json/internal/encoder/vm_color/debug_vm.go
@@ -0,0 +1,35 @@
+package vm_color
+
+import (
+	"fmt"
+
+	"github.com/goccy/go-json/internal/encoder"
+)
+
+func DebugRun(ctx *encoder.RuntimeContext, b []byte, codeSet *encoder.OpcodeSet) ([]byte, error) {
+	var code *encoder.Opcode
+	if (ctx.Option.Flag & encoder.HTMLEscapeOption) != 0 {
+		code = codeSet.EscapeKeyCode
+	} else {
+		code = codeSet.NoescapeKeyCode
+	}
+
+	defer func() {
+		if err := recover(); err != nil {
+			w := ctx.Option.DebugOut
+			fmt.Fprintln(w, "=============[DEBUG]===============")
+			fmt.Fprintln(w, "* [TYPE]")
+			fmt.Fprintln(w, codeSet.Type)
+			fmt.Fprintf(w, "\n")
+			fmt.Fprintln(w, "* [ALL OPCODE]")
+			fmt.Fprintln(w, code.Dump())
+			fmt.Fprintf(w, "\n")
+			fmt.Fprintln(w, "* [CONTEXT]")
+			fmt.Fprintf(w, "%+v\n", ctx)
+			fmt.Fprintln(w, "===================================")
+			panic(err)
+		}
+	}()
+
+	return Run(ctx, b, codeSet)
+}
diff --git a/vendor/github.com/goccy/go-json/internal/encoder/vm_color/hack.go b/vendor/github.com/goccy/go-json/internal/encoder/vm_color/hack.go
new file mode 100644
index 000000000..12ec56c5b
--- /dev/null
+++ b/vendor/github.com/goccy/go-json/internal/encoder/vm_color/hack.go
@@ -0,0 +1,9 @@
+package vm_color
+
+import (
+	// HACK: compile order
+	// `vm`, `vm_indent`, `vm_color`, `vm_color_indent` packages uses a lot of memory to compile,
+	// so forcibly make dependencies and avoid compiling in concurrent.
+	// dependency order: vm => vm_indent => vm_color => vm_color_indent
+	_ "github.com/goccy/go-json/internal/encoder/vm_color_indent"
+)
diff --git a/vendor/github.com/goccy/go-json/internal/encoder/vm_color/util.go b/vendor/github.com/goccy/go-json/internal/encoder/vm_color/util.go
new file mode 100644
index 000000000..33f29aee4
--- /dev/null
+++ b/vendor/github.com/goccy/go-json/internal/encoder/vm_color/util.go
@@ -0,0 +1,274 @@
+package vm_color
+
+import (
+	"encoding/json"
+	"fmt"
+	"unsafe"
+
+	"github.com/goccy/go-json/internal/encoder"
+	"github.com/goccy/go-json/internal/runtime"
+)
+
+const uintptrSize = 4 << (^uintptr(0) >> 63)
+
+var (
+	errUnsupportedValue = encoder.ErrUnsupportedValue
+	errUnsupportedFloat = encoder.ErrUnsupportedFloat
+	mapiterinit         = encoder.MapIterInit
+	mapiterkey          = encoder.MapIterKey
+	mapitervalue        = encoder.MapIterValue
+	mapiternext         = encoder.MapIterNext
+	maplen              = encoder.MapLen
+)
+
+type emptyInterface struct {
+	typ *runtime.Type
+	ptr unsafe.Pointer
+}
+
+type nonEmptyInterface struct {
+	itab *struct {
+		ityp *runtime.Type // static interface type
+		typ  *runtime.Type // dynamic concrete type
+		// unused fields...
+	}
+	ptr unsafe.Pointer
+}
+
+func errUnimplementedOp(op encoder.OpType) error {
+	return fmt.Errorf("encoder: opcode %s has not been implemented", op)
+}
+
+func load(base uintptr, idx uint32) uintptr {
+	addr := base + uintptr(idx)
+	return **(**uintptr)(unsafe.Pointer(&addr))
+}
+
+func store(base uintptr, idx uint32, p uintptr) {
+	addr := base + uintptr(idx)
+	**(**uintptr)(unsafe.Pointer(&addr)) = p
+}
+
+func loadNPtr(base uintptr, idx uint32, ptrNum uint8) uintptr {
+	addr := base + uintptr(idx)
+	p := **(**uintptr)(unsafe.Pointer(&addr))
+	for i := uint8(0); i < ptrNum; i++ {
+		if p == 0 {
+			return 0
+		}
+		p = ptrToPtr(p)
+	}
+	return p
+}
+
+func ptrToUint64(p uintptr, bitSize uint8) uint64 {
+	switch bitSize {
+	case 8:
+		return (uint64)(**(**uint8)(unsafe.Pointer(&p)))
+	case 16:
+		return (uint64)(**(**uint16)(unsafe.Pointer(&p)))
+	case 32:
+		return (uint64)(**(**uint32)(unsafe.Pointer(&p)))
+	case 64:
+		return **(**uint64)(unsafe.Pointer(&p))
+	}
+	return 0
+}
+func ptrToFloat32(p uintptr) float32            { return **(**float32)(unsafe.Pointer(&p)) }
+func ptrToFloat64(p uintptr) float64            { return **(**float64)(unsafe.Pointer(&p)) }
+func ptrToBool(p uintptr) bool                  { return **(**bool)(unsafe.Pointer(&p)) }
+func ptrToBytes(p uintptr) []byte               { return **(**[]byte)(unsafe.Pointer(&p)) }
+func ptrToNumber(p uintptr) json.Number         { return **(**json.Number)(unsafe.Pointer(&p)) }
+func ptrToString(p uintptr) string              { return **(**string)(unsafe.Pointer(&p)) }
+func ptrToSlice(p uintptr) *runtime.SliceHeader { return *(**runtime.SliceHeader)(unsafe.Pointer(&p)) }
+func ptrToPtr(p uintptr) uintptr {
+	return uintptr(**(**unsafe.Pointer)(unsafe.Pointer(&p)))
+}
+func ptrToNPtr(p uintptr, ptrNum uint8) uintptr {
+	for i := uint8(0); i < ptrNum; i++ {
+		if p == 0 {
+			return 0
+		}
+		p = ptrToPtr(p)
+	}
+	return p
+}
+
+func ptrToUnsafePtr(p uintptr) unsafe.Pointer {
+	return *(*unsafe.Pointer)(unsafe.Pointer(&p))
+}
+func ptrToInterface(code *encoder.Opcode, p uintptr) interface{} {
+	return *(*interface{})(unsafe.Pointer(&emptyInterface{
+		typ: code.Type,
+		ptr: *(*unsafe.Pointer)(unsafe.Pointer(&p)),
+	}))
+}
+
+func appendInt(ctx *encoder.RuntimeContext, b []byte, p uintptr, code *encoder.Opcode) []byte {
+	format := ctx.Option.ColorScheme.Int
+	b = append(b, format.Header...)
+	b = encoder.AppendInt(ctx, b, p, code)
+	return append(b, format.Footer...)
+}
+
+func appendUint(ctx *encoder.RuntimeContext, b []byte, p uintptr, code *encoder.Opcode) []byte {
+	format := ctx.Option.ColorScheme.Uint
+	b = append(b, format.Header...)
+	b = encoder.AppendUint(ctx, b, p, code)
+	return append(b, format.Footer...)
+}
+
+func appendFloat32(ctx *encoder.RuntimeContext, b []byte, v float32) []byte {
+	format := ctx.Option.ColorScheme.Float
+	b = append(b, format.Header...)
+	b = encoder.AppendFloat32(ctx, b, v)
+	return append(b, format.Footer...)
+}
+
+func appendFloat64(ctx *encoder.RuntimeContext, b []byte, v float64) []byte {
+	format := ctx.Option.ColorScheme.Float
+	b = append(b, format.Header...)
+	b = encoder.AppendFloat64(ctx, b, v)
+	return append(b, format.Footer...)
+}
+
+func appendString(ctx *encoder.RuntimeContext, b []byte, v string) []byte {
+	format := ctx.Option.ColorScheme.String
+	b = append(b, format.Header...)
+	b = encoder.AppendString(ctx, b, v)
+	return append(b, format.Footer...)
+}
+
+func appendByteSlice(ctx *encoder.RuntimeContext, b []byte, src []byte) []byte {
+	format := ctx.Option.ColorScheme.Binary
+	b = append(b, format.Header...)
+	b = encoder.AppendByteSlice(ctx, b, src)
+	return append(b, format.Footer...)
+}
+
+func appendNumber(ctx *encoder.RuntimeContext, b []byte, n json.Number) ([]byte, error) {
+	format := ctx.Option.ColorScheme.Int
+	b = append(b, format.Header...)
+	bb, err := encoder.AppendNumber(ctx, b, n)
+	if err != nil {
+		return nil, err
+	}
+	return append(bb, format.Footer...), nil
+}
+
+func appendBool(ctx *encoder.RuntimeContext, b []byte, v bool) []byte {
+	format := ctx.Option.ColorScheme.Bool
+	b = append(b, format.Header...)
+	if v {
+		b = append(b, "true"...)
+	} else {
+		b = append(b, "false"...)
+	}
+	return append(b, format.Footer...)
+}
+
+func appendNull(ctx *encoder.RuntimeContext, b []byte) []byte {
+	format := ctx.Option.ColorScheme.Null
+	b = append(b, format.Header...)
+	b = append(b, "null"...)
+	return append(b, format.Footer...)
+}
+
+func appendComma(_ *encoder.RuntimeContext, b []byte) []byte {
+	return append(b, ',')
+}
+
+func appendNullComma(ctx *encoder.RuntimeContext, b []byte) []byte {
+	format := ctx.Option.ColorScheme.Null
+	b = append(b, format.Header...)
+	b = append(b, "null"...)
+	return append(append(b, format.Footer...), ',')
+}
+
+func appendColon(_ *encoder.RuntimeContext, b []byte) []byte {
+	last := len(b) - 1
+	b[last] = ':'
+	return b
+}
+
+func appendMapKeyValue(_ *encoder.RuntimeContext, _ *encoder.Opcode, b, key, value []byte) []byte {
+	b = append(b, key[:len(key)-1]...)
+	b = append(b, ':')
+	return append(b, value...)
+}
+
+func appendMapEnd(_ *encoder.RuntimeContext, _ *encoder.Opcode, b []byte) []byte {
+	last := len(b) - 1
+	b[last] = '}'
+	b = append(b, ',')
+	return b
+}
+
+func appendMarshalJSON(ctx *encoder.RuntimeContext, code *encoder.Opcode, b []byte, v interface{}) ([]byte, error) {
+	return encoder.AppendMarshalJSON(ctx, code, b, v)
+}
+
+func appendMarshalText(ctx *encoder.RuntimeContext, code *encoder.Opcode, b []byte, v interface{}) ([]byte, error) {
+	format := ctx.Option.ColorScheme.String
+	b = append(b, format.Header...)
+	bb, err := encoder.AppendMarshalText(ctx, code, b, v)
+	if err != nil {
+		return nil, err
+	}
+	return append(bb, format.Footer...), nil
+}
+
+func appendArrayHead(_ *encoder.RuntimeContext, _ *encoder.Opcode, b []byte) []byte {
+	return append(b, '[')
+}
+
+func appendArrayEnd(_ *encoder.RuntimeContext, _ *encoder.Opcode, b []byte) []byte {
+	last := len(b) - 1
+	b[last] = ']'
+	return append(b, ',')
+}
+
+func appendEmptyArray(_ *encoder.RuntimeContext, b []byte) []byte {
+	return append(b, '[', ']', ',')
+}
+
+func appendEmptyObject(_ *encoder.RuntimeContext, b []byte) []byte {
+	return append(b, '{', '}', ',')
+}
+
+func appendObjectEnd(_ *encoder.RuntimeContext, _ *encoder.Opcode, b []byte) []byte {
+	last := len(b) - 1
+	b[last] = '}'
+	return append(b, ',')
+}
+
+func appendStructHead(_ *encoder.RuntimeContext, b []byte) []byte {
+	return append(b, '{')
+}
+
+func appendStructKey(ctx *encoder.RuntimeContext, code *encoder.Opcode, b []byte) []byte {
+	format := ctx.Option.ColorScheme.ObjectKey
+	b = append(b, format.Header...)
+	b = append(b, code.Key[:len(code.Key)-1]...)
+	b = append(b, format.Footer...)
+
+	return append(b, ':')
+}
+
+func appendStructEnd(_ *encoder.RuntimeContext, _ *encoder.Opcode, b []byte) []byte {
+	return append(b, '}', ',')
+}
+
+func appendStructEndSkipLast(ctx *encoder.RuntimeContext, code *encoder.Opcode, b []byte) []byte {
+	last := len(b) - 1
+	if b[last] == ',' {
+		b[last] = '}'
+		return appendComma(ctx, b)
+	}
+	return appendStructEnd(ctx, code, b)
+}
+
+func restoreIndent(_ *encoder.RuntimeContext, _ *encoder.Opcode, _ uintptr)               {}
+func storeIndent(_ uintptr, _ *encoder.Opcode, _ uintptr)                                 {}
+func appendMapKeyIndent(_ *encoder.RuntimeContext, _ *encoder.Opcode, b []byte) []byte    { return b }
+func appendArrayElemIndent(_ *encoder.RuntimeContext, _ *encoder.Opcode, b []byte) []byte { return b }
diff --git a/vendor/github.com/goccy/go-json/internal/encoder/vm_color/vm.go b/vendor/github.com/goccy/go-json/internal/encoder/vm_color/vm.go
new file mode 100644
index 000000000..a63e83e55
--- /dev/null
+++ b/vendor/github.com/goccy/go-json/internal/encoder/vm_color/vm.go
@@ -0,0 +1,4859 @@
+// Code generated by internal/cmd/generator. DO NOT EDIT!
+package vm_color
+
+import (
+	"math"
+	"reflect"
+	"sort"
+	"unsafe"
+
+	"github.com/goccy/go-json/internal/encoder"
+	"github.com/goccy/go-json/internal/runtime"
+)
+
+func Run(ctx *encoder.RuntimeContext, b []byte, codeSet *encoder.OpcodeSet) ([]byte, error) {
+	recursiveLevel := 0
+	ptrOffset := uintptr(0)
+	ctxptr := ctx.Ptr()
+	var code *encoder.Opcode
+	if (ctx.Option.Flag & encoder.HTMLEscapeOption) != 0 {
+		code = codeSet.EscapeKeyCode
+	} else {
+		code = codeSet.NoescapeKeyCode
+	}
+
+	for {
+		switch code.Op {
+		default:
+			return nil, errUnimplementedOp(code.Op)
+		case encoder.OpPtr:
+			p := load(ctxptr, code.Idx)
+			code = code.Next
+			store(ctxptr, code.Idx, ptrToPtr(p))
+		case encoder.OpIntPtr:
+			p := loadNPtr(ctxptr, code.Idx, code.PtrNum)
+			if p == 0 {
+				b = appendNullComma(ctx, b)
+				code = code.Next
+				break
+			}
+			store(ctxptr, code.Idx, p)
+			fallthrough
+		case encoder.OpInt:
+			b = appendInt(ctx, b, load(ctxptr, code.Idx), code)
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpUintPtr:
+			p := loadNPtr(ctxptr, code.Idx, code.PtrNum)
+			if p == 0 {
+				b = appendNullComma(ctx, b)
+				code = code.Next
+				break
+			}
+			store(ctxptr, code.Idx, p)
+			fallthrough
+		case encoder.OpUint:
+			b = appendUint(ctx, b, load(ctxptr, code.Idx), code)
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpIntString:
+			b = append(b, '"')
+			b = appendInt(ctx, b, load(ctxptr, code.Idx), code)
+			b = append(b, '"')
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpUintString:
+			b = append(b, '"')
+			b = appendUint(ctx, b, load(ctxptr, code.Idx), code)
+			b = append(b, '"')
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpFloat32Ptr:
+			p := loadNPtr(ctxptr, code.Idx, code.PtrNum)
+			if p == 0 {
+				b = appendNull(ctx, b)
+				b = appendComma(ctx, b)
+				code = code.Next
+				break
+			}
+			store(ctxptr, code.Idx, p)
+			fallthrough
+		case encoder.OpFloat32:
+			b = appendFloat32(ctx, b, ptrToFloat32(load(ctxptr, code.Idx)))
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpFloat64Ptr:
+			p := loadNPtr(ctxptr, code.Idx, code.PtrNum)
+			if p == 0 {
+				b = appendNullComma(ctx, b)
+				code = code.Next
+				break
+			}
+			store(ctxptr, code.Idx, p)
+			fallthrough
+		case encoder.OpFloat64:
+			v := ptrToFloat64(load(ctxptr, code.Idx))
+			if math.IsInf(v, 0) || math.IsNaN(v) {
+				return nil, errUnsupportedFloat(v)
+			}
+			b = appendFloat64(ctx, b, v)
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStringPtr:
+			p := loadNPtr(ctxptr, code.Idx, code.PtrNum)
+			if p == 0 {
+				b = appendNullComma(ctx, b)
+				code = code.Next
+				break
+			}
+			store(ctxptr, code.Idx, p)
+			fallthrough
+		case encoder.OpString:
+			b = appendString(ctx, b, ptrToString(load(ctxptr, code.Idx)))
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpBoolPtr:
+			p := loadNPtr(ctxptr, code.Idx, code.PtrNum)
+			if p == 0 {
+				b = appendNullComma(ctx, b)
+				code = code.Next
+				break
+			}
+			store(ctxptr, code.Idx, p)
+			fallthrough
+		case encoder.OpBool:
+			b = appendBool(ctx, b, ptrToBool(load(ctxptr, code.Idx)))
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpBytesPtr:
+			p := loadNPtr(ctxptr, code.Idx, code.PtrNum)
+			if p == 0 {
+				b = appendNullComma(ctx, b)
+				code = code.Next
+				break
+			}
+			store(ctxptr, code.Idx, p)
+			fallthrough
+		case encoder.OpBytes:
+			b = appendByteSlice(ctx, b, ptrToBytes(load(ctxptr, code.Idx)))
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpNumberPtr:
+			p := loadNPtr(ctxptr, code.Idx, code.PtrNum)
+			if p == 0 {
+				b = appendNullComma(ctx, b)
+				code = code.Next
+				break
+			}
+			store(ctxptr, code.Idx, p)
+			fallthrough
+		case encoder.OpNumber:
+			bb, err := appendNumber(ctx, b, ptrToNumber(load(ctxptr, code.Idx)))
+			if err != nil {
+				return nil, err
+			}
+			b = appendComma(ctx, bb)
+			code = code.Next
+		case encoder.OpInterfacePtr:
+			p := loadNPtr(ctxptr, code.Idx, code.PtrNum)
+			if p == 0 {
+				b = appendNullComma(ctx, b)
+				code = code.Next
+				break
+			}
+			store(ctxptr, code.Idx, p)
+			fallthrough
+		case encoder.OpInterface:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				b = appendNullComma(ctx, b)
+				code = code.Next
+				break
+			}
+			if recursiveLevel > encoder.StartDetectingCyclesAfter {
+				for _, seen := range ctx.SeenPtr {
+					if p == seen {
+						return nil, errUnsupportedValue(code, p)
+					}
+				}
+			}
+			ctx.SeenPtr = append(ctx.SeenPtr, p)
+			var (
+				typ      *runtime.Type
+				ifacePtr unsafe.Pointer
+			)
+			up := ptrToUnsafePtr(p)
+			if code.Flags&encoder.NonEmptyInterfaceFlags != 0 {
+				iface := (*nonEmptyInterface)(up)
+				ifacePtr = iface.ptr
+				if iface.itab != nil {
+					typ = iface.itab.typ
+				}
+			} else {
+				iface := (*emptyInterface)(up)
+				ifacePtr = iface.ptr
+				typ = iface.typ
+			}
+			if ifacePtr == nil {
+				isDirectedNil := typ != nil && typ.Kind() == reflect.Struct && !runtime.IfaceIndir(typ)
+				if !isDirectedNil {
+					b = appendNullComma(ctx, b)
+					code = code.Next
+					break
+				}
+			}
+			ctx.KeepRefs = append(ctx.KeepRefs, up)
+			ifaceCodeSet, err := encoder.CompileToGetCodeSet(ctx, uintptr(unsafe.Pointer(typ)))
+			if err != nil {
+				return nil, err
+			}
+
+			totalLength := uintptr(code.Length) + 3
+			nextTotalLength := uintptr(ifaceCodeSet.CodeLength) + 3
+
+			var c *encoder.Opcode
+			if (ctx.Option.Flag & encoder.HTMLEscapeOption) != 0 {
+				c = ifaceCodeSet.InterfaceEscapeKeyCode
+			} else {
+				c = ifaceCodeSet.InterfaceNoescapeKeyCode
+			}
+			curlen := uintptr(len(ctx.Ptrs))
+			offsetNum := ptrOffset / uintptrSize
+			oldOffset := ptrOffset
+			ptrOffset += totalLength * uintptrSize
+			oldBaseIndent := ctx.BaseIndent
+			ctx.BaseIndent += code.Indent
+
+			newLen := offsetNum + totalLength + nextTotalLength
+			if curlen < newLen {
+				ctx.Ptrs = append(ctx.Ptrs, make([]uintptr, newLen-curlen)...)
+			}
+			ctxptr = ctx.Ptr() + ptrOffset // assign new ctxptr
+
+			end := ifaceCodeSet.EndCode
+			store(ctxptr, c.Idx, uintptr(ifacePtr))
+			store(ctxptr, end.Idx, oldOffset)
+			store(ctxptr, end.ElemIdx, uintptr(unsafe.Pointer(code.Next)))
+			storeIndent(ctxptr, end, uintptr(oldBaseIndent))
+			code = c
+			recursiveLevel++
+		case encoder.OpInterfaceEnd:
+			recursiveLevel--
+
+			// restore ctxptr
+			offset := load(ctxptr, code.Idx)
+			restoreIndent(ctx, code, ctxptr)
+			ctx.SeenPtr = ctx.SeenPtr[:len(ctx.SeenPtr)-1]
+
+			codePtr := load(ctxptr, code.ElemIdx)
+			code = (*encoder.Opcode)(ptrToUnsafePtr(codePtr))
+			ctxptr = ctx.Ptr() + offset
+			ptrOffset = offset
+		case encoder.OpMarshalJSONPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				b = appendNullComma(ctx, b)
+				code = code.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToPtr(p))
+			fallthrough
+		case encoder.OpMarshalJSON:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				b = appendNullComma(ctx, b)
+				code = code.Next
+				break
+			}
+			if (code.Flags&encoder.IsNilableTypeFlags) != 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				p = ptrToPtr(p)
+			}
+			bb, err := appendMarshalJSON(ctx, code, b, ptrToInterface(code, p))
+			if err != nil {
+				return nil, err
+			}
+			b = appendComma(ctx, bb)
+			code = code.Next
+		case encoder.OpMarshalTextPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				b = appendNullComma(ctx, b)
+				code = code.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToPtr(p))
+			fallthrough
+		case encoder.OpMarshalText:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				b = append(b, `""`...)
+				b = appendComma(ctx, b)
+				code = code.Next
+				break
+			}
+			if (code.Flags&encoder.IsNilableTypeFlags) != 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				p = ptrToPtr(p)
+			}
+			bb, err := appendMarshalText(ctx, code, b, ptrToInterface(code, p))
+			if err != nil {
+				return nil, err
+			}
+			b = appendComma(ctx, bb)
+			code = code.Next
+		case encoder.OpSlicePtr:
+			p := loadNPtr(ctxptr, code.Idx, code.PtrNum)
+			if p == 0 {
+				b = appendNullComma(ctx, b)
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, p)
+			fallthrough
+		case encoder.OpSlice:
+			p := load(ctxptr, code.Idx)
+			slice := ptrToSlice(p)
+			if p == 0 || slice.Data == nil {
+				b = appendNullComma(ctx, b)
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.ElemIdx, 0)
+			store(ctxptr, code.Length, uintptr(slice.Len))
+			store(ctxptr, code.Idx, uintptr(slice.Data))
+			if slice.Len > 0 {
+				b = appendArrayHead(ctx, code, b)
+				code = code.Next
+				store(ctxptr, code.Idx, uintptr(slice.Data))
+			} else {
+				b = appendEmptyArray(ctx, b)
+				code = code.End.Next
+			}
+		case encoder.OpSliceElem:
+			idx := load(ctxptr, code.ElemIdx)
+			length := load(ctxptr, code.Length)
+			idx++
+			if idx < length {
+				b = appendArrayElemIndent(ctx, code, b)
+				store(ctxptr, code.ElemIdx, idx)
+				data := load(ctxptr, code.Idx)
+				size := uintptr(code.Size)
+				code = code.Next
+				store(ctxptr, code.Idx, data+idx*size)
+			} else {
+				b = appendArrayEnd(ctx, code, b)
+				code = code.End.Next
+			}
+		case encoder.OpArrayPtr:
+			p := loadNPtr(ctxptr, code.Idx, code.PtrNum)
+			if p == 0 {
+				b = appendNullComma(ctx, b)
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, p)
+			fallthrough
+		case encoder.OpArray:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				b = appendNullComma(ctx, b)
+				code = code.End.Next
+				break
+			}
+			if code.Length > 0 {
+				b = appendArrayHead(ctx, code, b)
+				store(ctxptr, code.ElemIdx, 0)
+				code = code.Next
+				store(ctxptr, code.Idx, p)
+			} else {
+				b = appendEmptyArray(ctx, b)
+				code = code.End.Next
+			}
+		case encoder.OpArrayElem:
+			idx := load(ctxptr, code.ElemIdx)
+			idx++
+			if idx < uintptr(code.Length) {
+				b = appendArrayElemIndent(ctx, code, b)
+				store(ctxptr, code.ElemIdx, idx)
+				p := load(ctxptr, code.Idx)
+				size := uintptr(code.Size)
+				code = code.Next
+				store(ctxptr, code.Idx, p+idx*size)
+			} else {
+				b = appendArrayEnd(ctx, code, b)
+				code = code.End.Next
+			}
+		case encoder.OpMapPtr:
+			p := loadNPtr(ctxptr, code.Idx, code.PtrNum)
+			if p == 0 {
+				b = appendNullComma(ctx, b)
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, p)
+			fallthrough
+		case encoder.OpMap:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				b = appendNullComma(ctx, b)
+				code = code.End.Next
+				break
+			}
+			uptr := ptrToUnsafePtr(p)
+			mlen := maplen(uptr)
+			if mlen <= 0 {
+				b = appendEmptyObject(ctx, b)
+				code = code.End.Next
+				break
+			}
+			b = appendStructHead(ctx, b)
+			unorderedMap := (ctx.Option.Flag & encoder.UnorderedMapOption) != 0
+			mapCtx := encoder.NewMapContext(mlen, unorderedMap)
+			mapiterinit(code.Type, uptr, &mapCtx.Iter)
+			store(ctxptr, code.Idx, uintptr(unsafe.Pointer(mapCtx)))
+			ctx.KeepRefs = append(ctx.KeepRefs, unsafe.Pointer(mapCtx))
+			if unorderedMap {
+				b = appendMapKeyIndent(ctx, code.Next, b)
+			} else {
+				mapCtx.Start = len(b)
+				mapCtx.First = len(b)
+			}
+			key := mapiterkey(&mapCtx.Iter)
+			store(ctxptr, code.Next.Idx, uintptr(key))
+			code = code.Next
+		case encoder.OpMapKey:
+			mapCtx := (*encoder.MapContext)(ptrToUnsafePtr(load(ctxptr, code.Idx)))
+			idx := mapCtx.Idx
+			idx++
+			if (ctx.Option.Flag & encoder.UnorderedMapOption) != 0 {
+				if idx < mapCtx.Len {
+					b = appendMapKeyIndent(ctx, code, b)
+					mapCtx.Idx = int(idx)
+					key := mapiterkey(&mapCtx.Iter)
+					store(ctxptr, code.Next.Idx, uintptr(key))
+					code = code.Next
+				} else {
+					b = appendObjectEnd(ctx, code, b)
+					encoder.ReleaseMapContext(mapCtx)
+					code = code.End.Next
+				}
+			} else {
+				mapCtx.Slice.Items[mapCtx.Idx].Value = b[mapCtx.Start:len(b)]
+				if idx < mapCtx.Len {
+					mapCtx.Idx = int(idx)
+					mapCtx.Start = len(b)
+					key := mapiterkey(&mapCtx.Iter)
+					store(ctxptr, code.Next.Idx, uintptr(key))
+					code = code.Next
+				} else {
+					code = code.End
+				}
+			}
+		case encoder.OpMapValue:
+			mapCtx := (*encoder.MapContext)(ptrToUnsafePtr(load(ctxptr, code.Idx)))
+			if (ctx.Option.Flag & encoder.UnorderedMapOption) != 0 {
+				b = appendColon(ctx, b)
+			} else {
+				mapCtx.Slice.Items[mapCtx.Idx].Key = b[mapCtx.Start:len(b)]
+				mapCtx.Start = len(b)
+			}
+			value := mapitervalue(&mapCtx.Iter)
+			store(ctxptr, code.Next.Idx, uintptr(value))
+			mapiternext(&mapCtx.Iter)
+			code = code.Next
+		case encoder.OpMapEnd:
+			// this operation only used by sorted map.
+			mapCtx := (*encoder.MapContext)(ptrToUnsafePtr(load(ctxptr, code.Idx)))
+			sort.Sort(mapCtx.Slice)
+			buf := mapCtx.Buf
+			for _, item := range mapCtx.Slice.Items {
+				buf = appendMapKeyValue(ctx, code, buf, item.Key, item.Value)
+			}
+			buf = appendMapEnd(ctx, code, buf)
+			b = b[:mapCtx.First]
+			b = append(b, buf...)
+			mapCtx.Buf = buf
+			encoder.ReleaseMapContext(mapCtx)
+			code = code.Next
+		case encoder.OpRecursivePtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				code = code.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpRecursive:
+			ptr := load(ctxptr, code.Idx)
+			if ptr != 0 {
+				if recursiveLevel > encoder.StartDetectingCyclesAfter {
+					for _, seen := range ctx.SeenPtr {
+						if ptr == seen {
+							return nil, errUnsupportedValue(code, ptr)
+						}
+					}
+				}
+			}
+			ctx.SeenPtr = append(ctx.SeenPtr, ptr)
+			c := code.Jmp.Code
+			curlen := uintptr(len(ctx.Ptrs))
+			offsetNum := ptrOffset / uintptrSize
+			oldOffset := ptrOffset
+			ptrOffset += code.Jmp.CurLen * uintptrSize
+			oldBaseIndent := ctx.BaseIndent
+			indentDiffFromTop := c.Indent - 1
+			ctx.BaseIndent += code.Indent - indentDiffFromTop
+
+			newLen := offsetNum + code.Jmp.CurLen + code.Jmp.NextLen
+			if curlen < newLen {
+				ctx.Ptrs = append(ctx.Ptrs, make([]uintptr, newLen-curlen)...)
+			}
+			ctxptr = ctx.Ptr() + ptrOffset // assign new ctxptr
+
+			store(ctxptr, c.Idx, ptr)
+			store(ctxptr, c.End.Next.Idx, oldOffset)
+			store(ctxptr, c.End.Next.ElemIdx, uintptr(unsafe.Pointer(code.Next)))
+			storeIndent(ctxptr, c.End.Next, uintptr(oldBaseIndent))
+			code = c
+			recursiveLevel++
+		case encoder.OpRecursiveEnd:
+			recursiveLevel--
+
+			// restore ctxptr
+			restoreIndent(ctx, code, ctxptr)
+			offset := load(ctxptr, code.Idx)
+			ctx.SeenPtr = ctx.SeenPtr[:len(ctx.SeenPtr)-1]
+
+			codePtr := load(ctxptr, code.ElemIdx)
+			code = (*encoder.Opcode)(ptrToUnsafePtr(codePtr))
+			ctxptr = ctx.Ptr() + offset
+			ptrOffset = offset
+		case encoder.OpStructPtrHead:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHead:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && ((code.Flags&encoder.IndirectFlags) != 0 || code.Next.Op == encoder.OpStructEnd) {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			if len(code.Key) > 0 {
+				if (code.Flags&encoder.IsTaggedKeyFlags) != 0 || code.Flags&encoder.AnonymousKeyFlags == 0 {
+					b = appendStructKey(ctx, code, b)
+				}
+			}
+			p += uintptr(code.Offset)
+			code = code.Next
+			store(ctxptr, code.Idx, p)
+		case encoder.OpStructPtrHeadOmitEmpty:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadOmitEmpty:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && ((code.Flags&encoder.IndirectFlags) != 0 || code.Next.Op == encoder.OpStructEnd) {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			p += uintptr(code.Offset)
+			if p == 0 || (ptrToPtr(p) == 0 && (code.Flags&encoder.IsNextOpPtrTypeFlags) != 0) {
+				code = code.NextField
+			} else {
+				b = appendStructKey(ctx, code, b)
+				code = code.Next
+				store(ctxptr, code.Idx, p)
+			}
+		case encoder.OpStructPtrHeadInt:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadInt:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			b = appendInt(ctx, b, p+uintptr(code.Offset), code)
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyInt:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyInt:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			u64 := ptrToUint64(p+uintptr(code.Offset), code.NumBitSize)
+			v := u64 & ((1 << code.NumBitSize) - 1)
+			if v == 0 {
+				code = code.NextField
+			} else {
+				b = appendStructKey(ctx, code, b)
+				b = appendInt(ctx, b, p+uintptr(code.Offset), code)
+				b = appendComma(ctx, b)
+				code = code.Next
+			}
+		case encoder.OpStructPtrHeadIntString:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadIntString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			b = append(b, '"')
+			b = appendInt(ctx, b, p+uintptr(code.Offset), code)
+			b = append(b, '"')
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyIntString:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyIntString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			p += uintptr(code.Offset)
+			u64 := ptrToUint64(p, code.NumBitSize)
+			v := u64 & ((1 << code.NumBitSize) - 1)
+			if v == 0 {
+				code = code.NextField
+			} else {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				b = appendInt(ctx, b, p, code)
+				b = append(b, '"')
+				b = appendComma(ctx, b)
+				code = code.Next
+			}
+		case encoder.OpStructPtrHeadIntPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadIntPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = appendInt(ctx, b, p, code)
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyIntPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyIntPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = appendInt(ctx, b, p, code)
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructPtrHeadIntPtrString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadIntPtrString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = append(b, '"')
+				b = appendInt(ctx, b, p, code)
+				b = append(b, '"')
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyIntPtrString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyIntPtrString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				b = appendInt(ctx, b, p, code)
+				b = append(b, '"')
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructPtrHeadUint:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadUint:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			b = appendUint(ctx, b, p+uintptr(code.Offset), code)
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyUint:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyUint:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			u64 := ptrToUint64(p+uintptr(code.Offset), code.NumBitSize)
+			v := u64 & ((1 << code.NumBitSize) - 1)
+			if v == 0 {
+				code = code.NextField
+			} else {
+				b = appendStructKey(ctx, code, b)
+				b = appendUint(ctx, b, p+uintptr(code.Offset), code)
+				b = appendComma(ctx, b)
+				code = code.Next
+			}
+		case encoder.OpStructPtrHeadUintString:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadUintString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			b = append(b, '"')
+			b = appendUint(ctx, b, p+uintptr(code.Offset), code)
+			b = append(b, '"')
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyUintString:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyUintString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			u64 := ptrToUint64(p+uintptr(code.Offset), code.NumBitSize)
+			v := u64 & ((1 << code.NumBitSize) - 1)
+			if v == 0 {
+				code = code.NextField
+			} else {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				b = appendUint(ctx, b, p+uintptr(code.Offset), code)
+				b = append(b, '"')
+				b = appendComma(ctx, b)
+				code = code.Next
+			}
+		case encoder.OpStructPtrHeadUintPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadUintPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = appendUint(ctx, b, p, code)
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyUintPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyUintPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = appendUint(ctx, b, p, code)
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructPtrHeadUintPtrString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadUintPtrString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = append(b, '"')
+				b = appendUint(ctx, b, p, code)
+				b = append(b, '"')
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyUintPtrString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyUintPtrString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				b = appendUint(ctx, b, p, code)
+				b = append(b, '"')
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructPtrHeadFloat32:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadFloat32:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			b = appendFloat32(ctx, b, ptrToFloat32(p+uintptr(code.Offset)))
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyFloat32:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyFloat32:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			v := ptrToFloat32(p + uintptr(code.Offset))
+			if v == 0 {
+				code = code.NextField
+			} else {
+				b = appendStructKey(ctx, code, b)
+				b = appendFloat32(ctx, b, v)
+				b = appendComma(ctx, b)
+				code = code.Next
+			}
+		case encoder.OpStructPtrHeadFloat32String:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadFloat32String:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			b = append(b, '"')
+			b = appendFloat32(ctx, b, ptrToFloat32(p+uintptr(code.Offset)))
+			b = append(b, '"')
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyFloat32String:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyFloat32String:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			v := ptrToFloat32(p + uintptr(code.Offset))
+			if v == 0 {
+				code = code.NextField
+			} else {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				b = appendFloat32(ctx, b, v)
+				b = append(b, '"')
+				b = appendComma(ctx, b)
+				code = code.Next
+			}
+		case encoder.OpStructPtrHeadFloat32Ptr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadFloat32Ptr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = appendFloat32(ctx, b, ptrToFloat32(p))
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyFloat32Ptr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyFloat32Ptr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = appendFloat32(ctx, b, ptrToFloat32(p))
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructPtrHeadFloat32PtrString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadFloat32PtrString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = append(b, '"')
+				b = appendFloat32(ctx, b, ptrToFloat32(p))
+				b = append(b, '"')
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyFloat32PtrString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyFloat32PtrString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				b = appendFloat32(ctx, b, ptrToFloat32(p))
+				b = append(b, '"')
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructPtrHeadFloat64:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadFloat64:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			v := ptrToFloat64(p + uintptr(code.Offset))
+			if math.IsInf(v, 0) || math.IsNaN(v) {
+				return nil, errUnsupportedFloat(v)
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			b = appendFloat64(ctx, b, v)
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyFloat64:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyFloat64:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			v := ptrToFloat64(p + uintptr(code.Offset))
+			if v == 0 {
+				code = code.NextField
+			} else {
+				if math.IsInf(v, 0) || math.IsNaN(v) {
+					return nil, errUnsupportedFloat(v)
+				}
+				b = appendStructKey(ctx, code, b)
+				b = appendFloat64(ctx, b, v)
+				b = appendComma(ctx, b)
+				code = code.Next
+			}
+		case encoder.OpStructPtrHeadFloat64String:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadFloat64String:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			v := ptrToFloat64(p + uintptr(code.Offset))
+			if math.IsInf(v, 0) || math.IsNaN(v) {
+				return nil, errUnsupportedFloat(v)
+			}
+			b = appendStructKey(ctx, code, b)
+			b = append(b, '"')
+			b = appendFloat64(ctx, b, v)
+			b = append(b, '"')
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyFloat64String:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyFloat64String:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			v := ptrToFloat64(p + uintptr(code.Offset))
+			if v == 0 {
+				code = code.NextField
+			} else {
+				if math.IsInf(v, 0) || math.IsNaN(v) {
+					return nil, errUnsupportedFloat(v)
+				}
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				b = appendFloat64(ctx, b, v)
+				b = append(b, '"')
+				b = appendComma(ctx, b)
+				code = code.Next
+			}
+		case encoder.OpStructPtrHeadFloat64Ptr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadFloat64Ptr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				v := ptrToFloat64(p)
+				if math.IsInf(v, 0) || math.IsNaN(v) {
+					return nil, errUnsupportedFloat(v)
+				}
+				b = appendFloat64(ctx, b, v)
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyFloat64Ptr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyFloat64Ptr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				v := ptrToFloat64(p)
+				if math.IsInf(v, 0) || math.IsNaN(v) {
+					return nil, errUnsupportedFloat(v)
+				}
+				b = appendFloat64(ctx, b, v)
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructPtrHeadFloat64PtrString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadFloat64PtrString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = append(b, '"')
+				v := ptrToFloat64(p)
+				if math.IsInf(v, 0) || math.IsNaN(v) {
+					return nil, errUnsupportedFloat(v)
+				}
+				b = appendFloat64(ctx, b, v)
+				b = append(b, '"')
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyFloat64PtrString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyFloat64PtrString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				v := ptrToFloat64(p)
+				if math.IsInf(v, 0) || math.IsNaN(v) {
+					return nil, errUnsupportedFloat(v)
+				}
+				b = appendFloat64(ctx, b, v)
+				b = append(b, '"')
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructPtrHeadString:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNull(ctx, b)
+					b = appendComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			b = appendString(ctx, b, ptrToString(p+uintptr(code.Offset)))
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyString:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			v := ptrToString(p + uintptr(code.Offset))
+			if v == "" {
+				code = code.NextField
+			} else {
+				b = appendStructKey(ctx, code, b)
+				b = appendString(ctx, b, v)
+				b = appendComma(ctx, b)
+				code = code.Next
+			}
+		case encoder.OpStructPtrHeadStringString:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadStringString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			b = appendString(ctx, b, string(appendString(ctx, []byte{}, ptrToString(p+uintptr(code.Offset)))))
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyStringString:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyStringString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			v := ptrToString(p + uintptr(code.Offset))
+			if v == "" {
+				code = code.NextField
+			} else {
+				b = appendStructKey(ctx, code, b)
+				b = appendString(ctx, b, string(appendString(ctx, []byte{}, v)))
+				b = appendComma(ctx, b)
+				code = code.Next
+			}
+		case encoder.OpStructPtrHeadStringPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadStringPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = appendString(ctx, b, ptrToString(p))
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyStringPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyStringPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = appendString(ctx, b, ptrToString(p))
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructPtrHeadStringPtrString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadStringPtrString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = appendString(ctx, b, string(appendString(ctx, []byte{}, ptrToString(p))))
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyStringPtrString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyStringPtrString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = appendString(ctx, b, string(appendString(ctx, []byte{}, ptrToString(p))))
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructPtrHeadBool:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadBool:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			b = appendBool(ctx, b, ptrToBool(p+uintptr(code.Offset)))
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyBool:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyBool:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			v := ptrToBool(p + uintptr(code.Offset))
+			if v {
+				b = appendStructKey(ctx, code, b)
+				b = appendBool(ctx, b, v)
+				b = appendComma(ctx, b)
+				code = code.Next
+			} else {
+				code = code.NextField
+			}
+		case encoder.OpStructPtrHeadBoolString:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadBoolString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			b = append(b, '"')
+			b = appendBool(ctx, b, ptrToBool(p+uintptr(code.Offset)))
+			b = append(b, '"')
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyBoolString:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyBoolString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			v := ptrToBool(p + uintptr(code.Offset))
+			if v {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				b = appendBool(ctx, b, v)
+				b = append(b, '"')
+				b = appendComma(ctx, b)
+				code = code.Next
+			} else {
+				code = code.NextField
+			}
+		case encoder.OpStructPtrHeadBoolPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadBoolPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = appendBool(ctx, b, ptrToBool(p))
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyBoolPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyBoolPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = appendBool(ctx, b, ptrToBool(p))
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructPtrHeadBoolPtrString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadBoolPtrString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = append(b, '"')
+				b = appendBool(ctx, b, ptrToBool(p))
+				b = append(b, '"')
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyBoolPtrString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyBoolPtrString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				b = appendBool(ctx, b, ptrToBool(p))
+				b = append(b, '"')
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructPtrHeadBytes:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadBytes:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			b = appendByteSlice(ctx, b, ptrToBytes(p+uintptr(code.Offset)))
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyBytes:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyBytes:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			v := ptrToBytes(p + uintptr(code.Offset))
+			if len(v) == 0 {
+				code = code.NextField
+			} else {
+				b = appendStructKey(ctx, code, b)
+				b = appendByteSlice(ctx, b, v)
+				b = appendComma(ctx, b)
+				code = code.Next
+			}
+		case encoder.OpStructPtrHeadBytesPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadBytesPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = appendByteSlice(ctx, b, ptrToBytes(p))
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyBytesPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyBytesPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = appendByteSlice(ctx, b, ptrToBytes(p))
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructPtrHeadNumber:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadNumber:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			bb, err := appendNumber(ctx, b, ptrToNumber(p+uintptr(code.Offset)))
+			if err != nil {
+				return nil, err
+			}
+			b = appendComma(ctx, bb)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyNumber:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyNumber:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			v := ptrToNumber(p + uintptr(code.Offset))
+			if v == "" {
+				code = code.NextField
+			} else {
+				b = appendStructKey(ctx, code, b)
+				bb, err := appendNumber(ctx, b, v)
+				if err != nil {
+					return nil, err
+				}
+				b = appendComma(ctx, bb)
+				code = code.Next
+			}
+		case encoder.OpStructPtrHeadNumberString:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadNumberString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			b = append(b, '"')
+			bb, err := appendNumber(ctx, b, ptrToNumber(p+uintptr(code.Offset)))
+			if err != nil {
+				return nil, err
+			}
+			b = append(bb, '"')
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyNumberString:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyNumberString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			v := ptrToNumber(p + uintptr(code.Offset))
+			if v == "" {
+				code = code.NextField
+			} else {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				bb, err := appendNumber(ctx, b, v)
+				if err != nil {
+					return nil, err
+				}
+				b = append(bb, '"')
+				b = appendComma(ctx, b)
+				code = code.Next
+			}
+		case encoder.OpStructPtrHeadNumberPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadNumberPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				bb, err := appendNumber(ctx, b, ptrToNumber(p))
+				if err != nil {
+					return nil, err
+				}
+				b = bb
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyNumberPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyNumberPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				bb, err := appendNumber(ctx, b, ptrToNumber(p))
+				if err != nil {
+					return nil, err
+				}
+				b = appendComma(ctx, bb)
+			}
+			code = code.Next
+		case encoder.OpStructPtrHeadNumberPtrString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadNumberPtrString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = append(b, '"')
+				bb, err := appendNumber(ctx, b, ptrToNumber(p))
+				if err != nil {
+					return nil, err
+				}
+				b = append(bb, '"')
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyNumberPtrString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyNumberPtrString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				bb, err := appendNumber(ctx, b, ptrToNumber(p))
+				if err != nil {
+					return nil, err
+				}
+				b = append(bb, '"')
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructPtrHeadArray, encoder.OpStructPtrHeadSlice:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadArray, encoder.OpStructHeadSlice:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			p += uintptr(code.Offset)
+			code = code.Next
+			store(ctxptr, code.Idx, p)
+		case encoder.OpStructPtrHeadOmitEmptyArray:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyArray:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			p += uintptr(code.Offset)
+			b = appendStructKey(ctx, code, b)
+			code = code.Next
+			store(ctxptr, code.Idx, p)
+		case encoder.OpStructPtrHeadOmitEmptySlice:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadOmitEmptySlice:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			p += uintptr(code.Offset)
+			slice := ptrToSlice(p)
+			if slice.Len == 0 {
+				code = code.NextField
+			} else {
+				b = appendStructKey(ctx, code, b)
+				code = code.Next
+				store(ctxptr, code.Idx, p)
+			}
+		case encoder.OpStructPtrHeadArrayPtr, encoder.OpStructPtrHeadSlicePtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadArrayPtr, encoder.OpStructHeadSlicePtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p == 0 {
+				b = appendNullComma(ctx, b)
+				code = code.NextField
+			} else {
+				code = code.Next
+				store(ctxptr, code.Idx, p)
+			}
+		case encoder.OpStructPtrHeadOmitEmptyArrayPtr, encoder.OpStructPtrHeadOmitEmptySlicePtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyArrayPtr, encoder.OpStructHeadOmitEmptySlicePtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p == 0 {
+				code = code.NextField
+			} else {
+				b = appendStructKey(ctx, code, b)
+				code = code.Next
+				store(ctxptr, code.Idx, p)
+			}
+		case encoder.OpStructPtrHeadMap:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadMap:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			if p != 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				p = ptrToPtr(p + uintptr(code.Offset))
+			}
+			code = code.Next
+			store(ctxptr, code.Idx, p)
+		case encoder.OpStructPtrHeadOmitEmptyMap:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyMap:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			if p != 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				p = ptrToPtr(p + uintptr(code.Offset))
+			}
+			if maplen(ptrToUnsafePtr(p)) == 0 {
+				code = code.NextField
+			} else {
+				b = appendStructKey(ctx, code, b)
+				code = code.Next
+				store(ctxptr, code.Idx, p)
+			}
+		case encoder.OpStructPtrHeadMapPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadMapPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			if p == 0 {
+				b = appendNullComma(ctx, b)
+				code = code.NextField
+				break
+			}
+			p = ptrToPtr(p + uintptr(code.Offset))
+			if p == 0 {
+				b = appendNullComma(ctx, b)
+				code = code.NextField
+			} else {
+				if (code.Flags & encoder.IndirectFlags) != 0 {
+					p = ptrToNPtr(p, code.PtrNum)
+				}
+				code = code.Next
+				store(ctxptr, code.Idx, p)
+			}
+		case encoder.OpStructPtrHeadOmitEmptyMapPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyMapPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			if p == 0 {
+				code = code.NextField
+				break
+			}
+			p = ptrToPtr(p + uintptr(code.Offset))
+			if p == 0 {
+				code = code.NextField
+			} else {
+				if (code.Flags & encoder.IndirectFlags) != 0 {
+					p = ptrToNPtr(p, code.PtrNum)
+				}
+				b = appendStructKey(ctx, code, b)
+				code = code.Next
+				store(ctxptr, code.Idx, p)
+			}
+		case encoder.OpStructPtrHeadMarshalJSON:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadMarshalJSON:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			p += uintptr(code.Offset)
+			if (code.Flags & encoder.IsNilableTypeFlags) != 0 {
+				if (code.Flags&encoder.IndirectFlags) != 0 || code.Op == encoder.OpStructPtrHeadMarshalJSON {
+					p = ptrToPtr(p)
+				}
+			}
+			if p == 0 && (code.Flags&encoder.NilCheckFlags) != 0 {
+				b = appendNull(ctx, b)
+			} else {
+				bb, err := appendMarshalJSON(ctx, code, b, ptrToInterface(code, p))
+				if err != nil {
+					return nil, err
+				}
+				b = bb
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyMarshalJSON:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyMarshalJSON:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			p += uintptr(code.Offset)
+			if (code.Flags & encoder.IsNilableTypeFlags) != 0 {
+				if (code.Flags&encoder.IndirectFlags) != 0 || code.Op == encoder.OpStructPtrHeadOmitEmptyMarshalJSON {
+					p = ptrToPtr(p)
+				}
+			}
+			iface := ptrToInterface(code, p)
+			if (code.Flags&encoder.NilCheckFlags) != 0 && encoder.IsNilForMarshaler(iface) {
+				code = code.NextField
+			} else {
+				b = appendStructKey(ctx, code, b)
+				bb, err := appendMarshalJSON(ctx, code, b, iface)
+				if err != nil {
+					return nil, err
+				}
+				b = bb
+				b = appendComma(ctx, b)
+				code = code.Next
+			}
+		case encoder.OpStructPtrHeadMarshalJSONPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadMarshalJSONPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				bb, err := appendMarshalJSON(ctx, code, b, ptrToInterface(code, p))
+				if err != nil {
+					return nil, err
+				}
+				b = bb
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyMarshalJSONPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyMarshalJSONPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			if p == 0 {
+				code = code.NextField
+			} else {
+				b = appendStructKey(ctx, code, b)
+				bb, err := appendMarshalJSON(ctx, code, b, ptrToInterface(code, p))
+				if err != nil {
+					return nil, err
+				}
+				b = bb
+				b = appendComma(ctx, b)
+				code = code.Next
+			}
+		case encoder.OpStructPtrHeadMarshalText:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadMarshalText:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			p += uintptr(code.Offset)
+			if (code.Flags & encoder.IsNilableTypeFlags) != 0 {
+				if (code.Flags&encoder.IndirectFlags) != 0 || code.Op == encoder.OpStructPtrHeadMarshalText {
+					p = ptrToPtr(p)
+				}
+			}
+			if p == 0 && (code.Flags&encoder.NilCheckFlags) != 0 {
+				b = appendNull(ctx, b)
+			} else {
+				bb, err := appendMarshalText(ctx, code, b, ptrToInterface(code, p))
+				if err != nil {
+					return nil, err
+				}
+				b = bb
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyMarshalText:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyMarshalText:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			p += uintptr(code.Offset)
+			if (code.Flags & encoder.IsNilableTypeFlags) != 0 {
+				if (code.Flags&encoder.IndirectFlags) != 0 || code.Op == encoder.OpStructPtrHeadOmitEmptyMarshalText {
+					p = ptrToPtr(p)
+				}
+			}
+			if p == 0 && (code.Flags&encoder.NilCheckFlags) != 0 {
+				code = code.NextField
+			} else {
+				b = appendStructKey(ctx, code, b)
+				bb, err := appendMarshalText(ctx, code, b, ptrToInterface(code, p))
+				if err != nil {
+					return nil, err
+				}
+				b = bb
+				b = appendComma(ctx, b)
+				code = code.Next
+			}
+		case encoder.OpStructPtrHeadMarshalTextPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadMarshalTextPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				bb, err := appendMarshalText(ctx, code, b, ptrToInterface(code, p))
+				if err != nil {
+					return nil, err
+				}
+				b = bb
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyMarshalTextPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyMarshalTextPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			if p == 0 {
+				code = code.NextField
+			} else {
+				b = appendStructKey(ctx, code, b)
+				bb, err := appendMarshalText(ctx, code, b, ptrToInterface(code, p))
+				if err != nil {
+					return nil, err
+				}
+				b = bb
+				b = appendComma(ctx, b)
+				code = code.Next
+			}
+		case encoder.OpStructField:
+			if code.Flags&encoder.IsTaggedKeyFlags != 0 || code.Flags&encoder.AnonymousKeyFlags == 0 {
+				b = appendStructKey(ctx, code, b)
+			}
+			p := load(ctxptr, code.Idx) + uintptr(code.Offset)
+			code = code.Next
+			store(ctxptr, code.Idx, p)
+		case encoder.OpStructFieldOmitEmpty:
+			p := load(ctxptr, code.Idx)
+			p += uintptr(code.Offset)
+			if ptrToPtr(p) == 0 && (code.Flags&encoder.IsNextOpPtrTypeFlags) != 0 {
+				code = code.NextField
+			} else {
+				b = appendStructKey(ctx, code, b)
+				code = code.Next
+				store(ctxptr, code.Idx, p)
+			}
+		case encoder.OpStructFieldInt:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			b = appendInt(ctx, b, p+uintptr(code.Offset), code)
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyInt:
+			p := load(ctxptr, code.Idx)
+			u64 := ptrToUint64(p+uintptr(code.Offset), code.NumBitSize)
+			v := u64 & ((1 << code.NumBitSize) - 1)
+			if v != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = appendInt(ctx, b, p+uintptr(code.Offset), code)
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructFieldIntString:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			b = append(b, '"')
+			b = appendInt(ctx, b, p+uintptr(code.Offset), code)
+			b = append(b, '"')
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyIntString:
+			p := load(ctxptr, code.Idx)
+			u64 := ptrToUint64(p+uintptr(code.Offset), code.NumBitSize)
+			v := u64 & ((1 << code.NumBitSize) - 1)
+			if v != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				b = appendInt(ctx, b, p+uintptr(code.Offset), code)
+				b = append(b, '"')
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructFieldIntPtr:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			b = appendStructKey(ctx, code, b)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = appendInt(ctx, b, p, code)
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyIntPtr:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = appendInt(ctx, b, p, code)
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructFieldIntPtrString:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			b = appendStructKey(ctx, code, b)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = append(b, '"')
+				b = appendInt(ctx, b, p, code)
+				b = append(b, '"')
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyIntPtrString:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				b = appendInt(ctx, b, p, code)
+				b = append(b, '"')
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructFieldUint:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			b = appendUint(ctx, b, p+uintptr(code.Offset), code)
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyUint:
+			p := load(ctxptr, code.Idx)
+			u64 := ptrToUint64(p+uintptr(code.Offset), code.NumBitSize)
+			v := u64 & ((1 << code.NumBitSize) - 1)
+			if v != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = appendUint(ctx, b, p+uintptr(code.Offset), code)
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructFieldUintString:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			b = append(b, '"')
+			b = appendUint(ctx, b, p+uintptr(code.Offset), code)
+			b = append(b, '"')
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyUintString:
+			p := load(ctxptr, code.Idx)
+			u64 := ptrToUint64(p+uintptr(code.Offset), code.NumBitSize)
+			v := u64 & ((1 << code.NumBitSize) - 1)
+			if v != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				b = appendUint(ctx, b, p+uintptr(code.Offset), code)
+				b = append(b, '"')
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructFieldUintPtr:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			b = appendStructKey(ctx, code, b)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = appendUint(ctx, b, p, code)
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyUintPtr:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = appendUint(ctx, b, p, code)
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructFieldUintPtrString:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			b = appendStructKey(ctx, code, b)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = append(b, '"')
+				b = appendUint(ctx, b, p, code)
+				b = append(b, '"')
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyUintPtrString:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				b = appendUint(ctx, b, p, code)
+				b = append(b, '"')
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructFieldFloat32:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			b = appendFloat32(ctx, b, ptrToFloat32(p+uintptr(code.Offset)))
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyFloat32:
+			p := load(ctxptr, code.Idx)
+			v := ptrToFloat32(p + uintptr(code.Offset))
+			if v != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = appendFloat32(ctx, b, v)
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructFieldFloat32String:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			b = append(b, '"')
+			b = appendFloat32(ctx, b, ptrToFloat32(p+uintptr(code.Offset)))
+			b = append(b, '"')
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyFloat32String:
+			p := load(ctxptr, code.Idx)
+			v := ptrToFloat32(p + uintptr(code.Offset))
+			if v != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				b = appendFloat32(ctx, b, v)
+				b = append(b, '"')
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructFieldFloat32Ptr:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			b = appendStructKey(ctx, code, b)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = appendFloat32(ctx, b, ptrToFloat32(p))
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyFloat32Ptr:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = appendFloat32(ctx, b, ptrToFloat32(p))
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructFieldFloat32PtrString:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			b = appendStructKey(ctx, code, b)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = append(b, '"')
+				b = appendFloat32(ctx, b, ptrToFloat32(p))
+				b = append(b, '"')
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyFloat32PtrString:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				b = appendFloat32(ctx, b, ptrToFloat32(p))
+				b = append(b, '"')
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructFieldFloat64:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			v := ptrToFloat64(p + uintptr(code.Offset))
+			if math.IsInf(v, 0) || math.IsNaN(v) {
+				return nil, errUnsupportedFloat(v)
+			}
+			b = appendFloat64(ctx, b, v)
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyFloat64:
+			p := load(ctxptr, code.Idx)
+			v := ptrToFloat64(p + uintptr(code.Offset))
+			if v != 0 {
+				if math.IsInf(v, 0) || math.IsNaN(v) {
+					return nil, errUnsupportedFloat(v)
+				}
+				b = appendStructKey(ctx, code, b)
+				b = appendFloat64(ctx, b, v)
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructFieldFloat64String:
+			p := load(ctxptr, code.Idx)
+			v := ptrToFloat64(p + uintptr(code.Offset))
+			if math.IsInf(v, 0) || math.IsNaN(v) {
+				return nil, errUnsupportedFloat(v)
+			}
+			b = appendStructKey(ctx, code, b)
+			b = append(b, '"')
+			b = appendFloat64(ctx, b, v)
+			b = append(b, '"')
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyFloat64String:
+			p := load(ctxptr, code.Idx)
+			v := ptrToFloat64(p + uintptr(code.Offset))
+			if v != 0 {
+				if math.IsInf(v, 0) || math.IsNaN(v) {
+					return nil, errUnsupportedFloat(v)
+				}
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				b = appendFloat64(ctx, b, v)
+				b = append(b, '"')
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructFieldFloat64Ptr:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			b = appendStructKey(ctx, code, b)
+			if p == 0 {
+				b = appendNullComma(ctx, b)
+				code = code.Next
+				break
+			}
+			v := ptrToFloat64(p)
+			if math.IsInf(v, 0) || math.IsNaN(v) {
+				return nil, errUnsupportedFloat(v)
+			}
+			b = appendFloat64(ctx, b, v)
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyFloat64Ptr:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				v := ptrToFloat64(p)
+				if math.IsInf(v, 0) || math.IsNaN(v) {
+					return nil, errUnsupportedFloat(v)
+				}
+				b = appendFloat64(ctx, b, v)
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructFieldFloat64PtrString:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			b = appendStructKey(ctx, code, b)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				v := ptrToFloat64(p)
+				if math.IsInf(v, 0) || math.IsNaN(v) {
+					return nil, errUnsupportedFloat(v)
+				}
+				b = append(b, '"')
+				b = appendFloat64(ctx, b, v)
+				b = append(b, '"')
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyFloat64PtrString:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				v := ptrToFloat64(p)
+				if math.IsInf(v, 0) || math.IsNaN(v) {
+					return nil, errUnsupportedFloat(v)
+				}
+				b = appendFloat64(ctx, b, v)
+				b = append(b, '"')
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructFieldString:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			b = appendString(ctx, b, ptrToString(p+uintptr(code.Offset)))
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyString:
+			p := load(ctxptr, code.Idx)
+			v := ptrToString(p + uintptr(code.Offset))
+			if v != "" {
+				b = appendStructKey(ctx, code, b)
+				b = appendString(ctx, b, v)
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructFieldStringString:
+			p := load(ctxptr, code.Idx)
+			s := ptrToString(p + uintptr(code.Offset))
+			b = appendStructKey(ctx, code, b)
+			b = appendString(ctx, b, string(appendString(ctx, []byte{}, s)))
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyStringString:
+			p := load(ctxptr, code.Idx)
+			v := ptrToString(p + uintptr(code.Offset))
+			if v != "" {
+				b = appendStructKey(ctx, code, b)
+				b = appendString(ctx, b, string(appendString(ctx, []byte{}, v)))
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructFieldStringPtr:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			b = appendStructKey(ctx, code, b)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = appendString(ctx, b, ptrToString(p))
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyStringPtr:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = appendString(ctx, b, ptrToString(p))
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructFieldStringPtrString:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			b = appendStructKey(ctx, code, b)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = appendString(ctx, b, string(appendString(ctx, []byte{}, ptrToString(p))))
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyStringPtrString:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = appendString(ctx, b, string(appendString(ctx, []byte{}, ptrToString(p))))
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructFieldBool:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			b = appendBool(ctx, b, ptrToBool(p+uintptr(code.Offset)))
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyBool:
+			p := load(ctxptr, code.Idx)
+			v := ptrToBool(p + uintptr(code.Offset))
+			if v {
+				b = appendStructKey(ctx, code, b)
+				b = appendBool(ctx, b, v)
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructFieldBoolString:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			b = append(b, '"')
+			b = appendBool(ctx, b, ptrToBool(p+uintptr(code.Offset)))
+			b = append(b, '"')
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyBoolString:
+			p := load(ctxptr, code.Idx)
+			v := ptrToBool(p + uintptr(code.Offset))
+			if v {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				b = appendBool(ctx, b, v)
+				b = append(b, '"')
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructFieldBoolPtr:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			b = appendStructKey(ctx, code, b)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = appendBool(ctx, b, ptrToBool(p))
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyBoolPtr:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = appendBool(ctx, b, ptrToBool(p))
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructFieldBoolPtrString:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			b = appendStructKey(ctx, code, b)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = append(b, '"')
+				b = appendBool(ctx, b, ptrToBool(p))
+				b = append(b, '"')
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyBoolPtrString:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				b = appendBool(ctx, b, ptrToBool(p))
+				b = append(b, '"')
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructFieldBytes:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			b = appendByteSlice(ctx, b, ptrToBytes(p+uintptr(code.Offset)))
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyBytes:
+			p := load(ctxptr, code.Idx)
+			v := ptrToBytes(p + uintptr(code.Offset))
+			if len(v) > 0 {
+				b = appendStructKey(ctx, code, b)
+				b = appendByteSlice(ctx, b, v)
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructFieldBytesPtr:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			b = appendStructKey(ctx, code, b)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = appendByteSlice(ctx, b, ptrToBytes(p))
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyBytesPtr:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = appendByteSlice(ctx, b, ptrToBytes(p))
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructFieldNumber:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			bb, err := appendNumber(ctx, b, ptrToNumber(p+uintptr(code.Offset)))
+			if err != nil {
+				return nil, err
+			}
+			b = appendComma(ctx, bb)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyNumber:
+			p := load(ctxptr, code.Idx)
+			v := ptrToNumber(p + uintptr(code.Offset))
+			if v != "" {
+				b = appendStructKey(ctx, code, b)
+				bb, err := appendNumber(ctx, b, v)
+				if err != nil {
+					return nil, err
+				}
+				b = appendComma(ctx, bb)
+			}
+			code = code.Next
+		case encoder.OpStructFieldNumberString:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			b = append(b, '"')
+			bb, err := appendNumber(ctx, b, ptrToNumber(p+uintptr(code.Offset)))
+			if err != nil {
+				return nil, err
+			}
+			b = append(bb, '"')
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyNumberString:
+			p := load(ctxptr, code.Idx)
+			v := ptrToNumber(p + uintptr(code.Offset))
+			if v != "" {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				bb, err := appendNumber(ctx, b, v)
+				if err != nil {
+					return nil, err
+				}
+				b = append(bb, '"')
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructFieldNumberPtr:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			b = appendStructKey(ctx, code, b)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				bb, err := appendNumber(ctx, b, ptrToNumber(p))
+				if err != nil {
+					return nil, err
+				}
+				b = bb
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyNumberPtr:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				bb, err := appendNumber(ctx, b, ptrToNumber(p))
+				if err != nil {
+					return nil, err
+				}
+				b = appendComma(ctx, bb)
+			}
+			code = code.Next
+		case encoder.OpStructFieldNumberPtrString:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			b = appendStructKey(ctx, code, b)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = append(b, '"')
+				bb, err := appendNumber(ctx, b, ptrToNumber(p))
+				if err != nil {
+					return nil, err
+				}
+				b = append(bb, '"')
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyNumberPtrString:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				bb, err := appendNumber(ctx, b, ptrToNumber(p))
+				if err != nil {
+					return nil, err
+				}
+				b = append(bb, '"')
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructFieldMarshalJSON:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			p += uintptr(code.Offset)
+			if (code.Flags & encoder.IsNilableTypeFlags) != 0 {
+				p = ptrToPtr(p)
+			}
+			if p == 0 && (code.Flags&encoder.NilCheckFlags) != 0 {
+				b = appendNull(ctx, b)
+			} else {
+				bb, err := appendMarshalJSON(ctx, code, b, ptrToInterface(code, p))
+				if err != nil {
+					return nil, err
+				}
+				b = bb
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyMarshalJSON:
+			p := load(ctxptr, code.Idx)
+			p += uintptr(code.Offset)
+			if (code.Flags & encoder.IsNilableTypeFlags) != 0 {
+				p = ptrToPtr(p)
+			}
+			if p == 0 && (code.Flags&encoder.NilCheckFlags) != 0 {
+				code = code.NextField
+				break
+			}
+			iface := ptrToInterface(code, p)
+			if (code.Flags&encoder.NilCheckFlags) != 0 && encoder.IsNilForMarshaler(iface) {
+				code = code.NextField
+				break
+			}
+			b = appendStructKey(ctx, code, b)
+			bb, err := appendMarshalJSON(ctx, code, b, iface)
+			if err != nil {
+				return nil, err
+			}
+			b = appendComma(ctx, bb)
+			code = code.Next
+		case encoder.OpStructFieldMarshalJSONPtr:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				bb, err := appendMarshalJSON(ctx, code, b, ptrToInterface(code, p))
+				if err != nil {
+					return nil, err
+				}
+				b = bb
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyMarshalJSONPtr:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				bb, err := appendMarshalJSON(ctx, code, b, ptrToInterface(code, p))
+				if err != nil {
+					return nil, err
+				}
+				b = appendComma(ctx, bb)
+			}
+			code = code.Next
+		case encoder.OpStructFieldMarshalText:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			p += uintptr(code.Offset)
+			if (code.Flags & encoder.IsNilableTypeFlags) != 0 {
+				p = ptrToPtr(p)
+			}
+			if p == 0 && (code.Flags&encoder.NilCheckFlags) != 0 {
+				b = appendNull(ctx, b)
+			} else {
+				bb, err := appendMarshalText(ctx, code, b, ptrToInterface(code, p))
+				if err != nil {
+					return nil, err
+				}
+				b = bb
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyMarshalText:
+			p := load(ctxptr, code.Idx)
+			p += uintptr(code.Offset)
+			if (code.Flags & encoder.IsNilableTypeFlags) != 0 {
+				p = ptrToPtr(p)
+			}
+			if p == 0 && (code.Flags&encoder.NilCheckFlags) != 0 {
+				code = code.NextField
+				break
+			}
+			b = appendStructKey(ctx, code, b)
+			bb, err := appendMarshalText(ctx, code, b, ptrToInterface(code, p))
+			if err != nil {
+				return nil, err
+			}
+			b = appendComma(ctx, bb)
+			code = code.Next
+		case encoder.OpStructFieldMarshalTextPtr:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				bb, err := appendMarshalText(ctx, code, b, ptrToInterface(code, p))
+				if err != nil {
+					return nil, err
+				}
+				b = bb
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyMarshalTextPtr:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				bb, err := appendMarshalText(ctx, code, b, ptrToInterface(code, p))
+				if err != nil {
+					return nil, err
+				}
+				b = appendComma(ctx, bb)
+			}
+			code = code.Next
+		case encoder.OpStructFieldArray:
+			b = appendStructKey(ctx, code, b)
+			p := load(ctxptr, code.Idx)
+			p += uintptr(code.Offset)
+			code = code.Next
+			store(ctxptr, code.Idx, p)
+		case encoder.OpStructFieldOmitEmptyArray:
+			b = appendStructKey(ctx, code, b)
+			p := load(ctxptr, code.Idx)
+			p += uintptr(code.Offset)
+			code = code.Next
+			store(ctxptr, code.Idx, p)
+		case encoder.OpStructFieldArrayPtr:
+			b = appendStructKey(ctx, code, b)
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			code = code.Next
+			store(ctxptr, code.Idx, p)
+		case encoder.OpStructFieldOmitEmptyArrayPtr:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				code = code.Next
+				store(ctxptr, code.Idx, p)
+			} else {
+				code = code.NextField
+			}
+		case encoder.OpStructFieldSlice:
+			b = appendStructKey(ctx, code, b)
+			p := load(ctxptr, code.Idx)
+			p += uintptr(code.Offset)
+			code = code.Next
+			store(ctxptr, code.Idx, p)
+		case encoder.OpStructFieldOmitEmptySlice:
+			p := load(ctxptr, code.Idx)
+			p += uintptr(code.Offset)
+			slice := ptrToSlice(p)
+			if slice.Len == 0 {
+				code = code.NextField
+			} else {
+				b = appendStructKey(ctx, code, b)
+				code = code.Next
+				store(ctxptr, code.Idx, p)
+			}
+		case encoder.OpStructFieldSlicePtr:
+			b = appendStructKey(ctx, code, b)
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			code = code.Next
+			store(ctxptr, code.Idx, p)
+		case encoder.OpStructFieldOmitEmptySlicePtr:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				code = code.Next
+				store(ctxptr, code.Idx, p)
+			} else {
+				code = code.NextField
+			}
+		case encoder.OpStructFieldMap:
+			b = appendStructKey(ctx, code, b)
+			p := load(ctxptr, code.Idx)
+			p = ptrToPtr(p + uintptr(code.Offset))
+			code = code.Next
+			store(ctxptr, code.Idx, p)
+		case encoder.OpStructFieldOmitEmptyMap:
+			p := load(ctxptr, code.Idx)
+			p = ptrToPtr(p + uintptr(code.Offset))
+			if p == 0 || maplen(ptrToUnsafePtr(p)) == 0 {
+				code = code.NextField
+			} else {
+				b = appendStructKey(ctx, code, b)
+				code = code.Next
+				store(ctxptr, code.Idx, p)
+			}
+		case encoder.OpStructFieldMapPtr:
+			b = appendStructKey(ctx, code, b)
+			p := load(ctxptr, code.Idx)
+			p = ptrToPtr(p + uintptr(code.Offset))
+			if p != 0 {
+				p = ptrToNPtr(p, code.PtrNum)
+			}
+			code = code.Next
+			store(ctxptr, code.Idx, p)
+		case encoder.OpStructFieldOmitEmptyMapPtr:
+			p := load(ctxptr, code.Idx)
+			p = ptrToPtr(p + uintptr(code.Offset))
+			if p != 0 {
+				p = ptrToNPtr(p, code.PtrNum)
+			}
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				code = code.Next
+				store(ctxptr, code.Idx, p)
+			} else {
+				code = code.NextField
+			}
+		case encoder.OpStructFieldStruct:
+			b = appendStructKey(ctx, code, b)
+			p := load(ctxptr, code.Idx)
+			p += uintptr(code.Offset)
+			code = code.Next
+			store(ctxptr, code.Idx, p)
+		case encoder.OpStructFieldOmitEmptyStruct:
+			p := load(ctxptr, code.Idx)
+			p += uintptr(code.Offset)
+			if ptrToPtr(p) == 0 && (code.Flags&encoder.IsNextOpPtrTypeFlags) != 0 {
+				code = code.NextField
+			} else {
+				b = appendStructKey(ctx, code, b)
+				code = code.Next
+				store(ctxptr, code.Idx, p)
+			}
+		case encoder.OpStructEnd:
+			b = appendStructEndSkipLast(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndInt:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			b = appendInt(ctx, b, p+uintptr(code.Offset), code)
+			b = appendStructEnd(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyInt:
+			p := load(ctxptr, code.Idx)
+			u64 := ptrToUint64(p+uintptr(code.Offset), code.NumBitSize)
+			v := u64 & ((1 << code.NumBitSize) - 1)
+			if v != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = appendInt(ctx, b, p+uintptr(code.Offset), code)
+				b = appendStructEnd(ctx, code, b)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpStructEndIntString:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			b = append(b, '"')
+			b = appendInt(ctx, b, p+uintptr(code.Offset), code)
+			b = append(b, '"')
+			b = appendStructEnd(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyIntString:
+			p := load(ctxptr, code.Idx)
+			u64 := ptrToUint64(p+uintptr(code.Offset), code.NumBitSize)
+			v := u64 & ((1 << code.NumBitSize) - 1)
+			if v != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				b = appendInt(ctx, b, p+uintptr(code.Offset), code)
+				b = append(b, '"')
+				b = appendStructEnd(ctx, code, b)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpStructEndIntPtr:
+			b = appendStructKey(ctx, code, b)
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = appendInt(ctx, b, p, code)
+			}
+			b = appendStructEnd(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyIntPtr:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = appendInt(ctx, b, p, code)
+				b = appendStructEnd(ctx, code, b)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpStructEndIntPtrString:
+			b = appendStructKey(ctx, code, b)
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = append(b, '"')
+				b = appendInt(ctx, b, p, code)
+				b = append(b, '"')
+			}
+			b = appendStructEnd(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyIntPtrString:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				b = appendInt(ctx, b, p, code)
+				b = append(b, '"')
+				b = appendStructEnd(ctx, code, b)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpStructEndUint:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			b = appendUint(ctx, b, p+uintptr(code.Offset), code)
+			b = appendStructEnd(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyUint:
+			p := load(ctxptr, code.Idx)
+			u64 := ptrToUint64(p+uintptr(code.Offset), code.NumBitSize)
+			v := u64 & ((1 << code.NumBitSize) - 1)
+			if v != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = appendUint(ctx, b, p+uintptr(code.Offset), code)
+				b = appendStructEnd(ctx, code, b)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpStructEndUintString:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			b = append(b, '"')
+			b = appendUint(ctx, b, p+uintptr(code.Offset), code)
+			b = append(b, '"')
+			b = appendStructEnd(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyUintString:
+			p := load(ctxptr, code.Idx)
+			u64 := ptrToUint64(p+uintptr(code.Offset), code.NumBitSize)
+			v := u64 & ((1 << code.NumBitSize) - 1)
+			if v != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				b = appendUint(ctx, b, p+uintptr(code.Offset), code)
+				b = append(b, '"')
+				b = appendStructEnd(ctx, code, b)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpStructEndUintPtr:
+			b = appendStructKey(ctx, code, b)
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = appendUint(ctx, b, p, code)
+			}
+			b = appendStructEnd(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyUintPtr:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = appendUint(ctx, b, p, code)
+				b = appendStructEnd(ctx, code, b)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpStructEndUintPtrString:
+			b = appendStructKey(ctx, code, b)
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = append(b, '"')
+				b = appendUint(ctx, b, p, code)
+				b = append(b, '"')
+			}
+			b = appendStructEnd(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyUintPtrString:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				b = appendUint(ctx, b, p, code)
+				b = append(b, '"')
+				b = appendStructEnd(ctx, code, b)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpStructEndFloat32:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			b = appendFloat32(ctx, b, ptrToFloat32(p+uintptr(code.Offset)))
+			b = appendStructEnd(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyFloat32:
+			p := load(ctxptr, code.Idx)
+			v := ptrToFloat32(p + uintptr(code.Offset))
+			if v != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = appendFloat32(ctx, b, v)
+				b = appendStructEnd(ctx, code, b)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpStructEndFloat32String:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			b = append(b, '"')
+			b = appendFloat32(ctx, b, ptrToFloat32(p+uintptr(code.Offset)))
+			b = append(b, '"')
+			b = appendStructEnd(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyFloat32String:
+			p := load(ctxptr, code.Idx)
+			v := ptrToFloat32(p + uintptr(code.Offset))
+			if v != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				b = appendFloat32(ctx, b, v)
+				b = append(b, '"')
+				b = appendStructEnd(ctx, code, b)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpStructEndFloat32Ptr:
+			b = appendStructKey(ctx, code, b)
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = appendFloat32(ctx, b, ptrToFloat32(p))
+			}
+			b = appendStructEnd(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyFloat32Ptr:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = appendFloat32(ctx, b, ptrToFloat32(p))
+				b = appendStructEnd(ctx, code, b)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpStructEndFloat32PtrString:
+			b = appendStructKey(ctx, code, b)
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = append(b, '"')
+				b = appendFloat32(ctx, b, ptrToFloat32(p))
+				b = append(b, '"')
+			}
+			b = appendStructEnd(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyFloat32PtrString:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				b = appendFloat32(ctx, b, ptrToFloat32(p))
+				b = append(b, '"')
+				b = appendStructEnd(ctx, code, b)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpStructEndFloat64:
+			p := load(ctxptr, code.Idx)
+			v := ptrToFloat64(p + uintptr(code.Offset))
+			if math.IsInf(v, 0) || math.IsNaN(v) {
+				return nil, errUnsupportedFloat(v)
+			}
+			b = appendStructKey(ctx, code, b)
+			b = appendFloat64(ctx, b, v)
+			b = appendStructEnd(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyFloat64:
+			p := load(ctxptr, code.Idx)
+			v := ptrToFloat64(p + uintptr(code.Offset))
+			if v != 0 {
+				if math.IsInf(v, 0) || math.IsNaN(v) {
+					return nil, errUnsupportedFloat(v)
+				}
+				b = appendStructKey(ctx, code, b)
+				b = appendFloat64(ctx, b, v)
+				b = appendStructEnd(ctx, code, b)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpStructEndFloat64String:
+			p := load(ctxptr, code.Idx)
+			v := ptrToFloat64(p + uintptr(code.Offset))
+			if math.IsInf(v, 0) || math.IsNaN(v) {
+				return nil, errUnsupportedFloat(v)
+			}
+			b = appendStructKey(ctx, code, b)
+			b = append(b, '"')
+			b = appendFloat64(ctx, b, v)
+			b = append(b, '"')
+			b = appendStructEnd(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyFloat64String:
+			p := load(ctxptr, code.Idx)
+			v := ptrToFloat64(p + uintptr(code.Offset))
+			if v != 0 {
+				if math.IsInf(v, 0) || math.IsNaN(v) {
+					return nil, errUnsupportedFloat(v)
+				}
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				b = appendFloat64(ctx, b, v)
+				b = append(b, '"')
+				b = appendStructEnd(ctx, code, b)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpStructEndFloat64Ptr:
+			b = appendStructKey(ctx, code, b)
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p == 0 {
+				b = appendNull(ctx, b)
+				b = appendStructEnd(ctx, code, b)
+				code = code.Next
+				break
+			}
+			v := ptrToFloat64(p)
+			if math.IsInf(v, 0) || math.IsNaN(v) {
+				return nil, errUnsupportedFloat(v)
+			}
+			b = appendFloat64(ctx, b, v)
+			b = appendStructEnd(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyFloat64Ptr:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				v := ptrToFloat64(p)
+				if math.IsInf(v, 0) || math.IsNaN(v) {
+					return nil, errUnsupportedFloat(v)
+				}
+				b = appendFloat64(ctx, b, v)
+				b = appendStructEnd(ctx, code, b)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpStructEndFloat64PtrString:
+			b = appendStructKey(ctx, code, b)
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = append(b, '"')
+				v := ptrToFloat64(p)
+				if math.IsInf(v, 0) || math.IsNaN(v) {
+					return nil, errUnsupportedFloat(v)
+				}
+				b = appendFloat64(ctx, b, v)
+				b = append(b, '"')
+			}
+			b = appendStructEnd(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyFloat64PtrString:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				v := ptrToFloat64(p)
+				if math.IsInf(v, 0) || math.IsNaN(v) {
+					return nil, errUnsupportedFloat(v)
+				}
+				b = append(b, '"')
+				b = appendFloat64(ctx, b, v)
+				b = append(b, '"')
+				b = appendStructEnd(ctx, code, b)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpStructEndString:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			b = appendString(ctx, b, ptrToString(p+uintptr(code.Offset)))
+			b = appendStructEnd(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyString:
+			p := load(ctxptr, code.Idx)
+			v := ptrToString(p + uintptr(code.Offset))
+			if v != "" {
+				b = appendStructKey(ctx, code, b)
+				b = appendString(ctx, b, v)
+				b = appendStructEnd(ctx, code, b)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpStructEndStringString:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			s := ptrToString(p + uintptr(code.Offset))
+			b = appendString(ctx, b, string(appendString(ctx, []byte{}, s)))
+			b = appendStructEnd(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyStringString:
+			p := load(ctxptr, code.Idx)
+			v := ptrToString(p + uintptr(code.Offset))
+			if v != "" {
+				b = appendStructKey(ctx, code, b)
+				b = appendString(ctx, b, string(appendString(ctx, []byte{}, v)))
+				b = appendStructEnd(ctx, code, b)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpStructEndStringPtr:
+			b = appendStructKey(ctx, code, b)
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = appendString(ctx, b, ptrToString(p))
+			}
+			b = appendStructEnd(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyStringPtr:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = appendString(ctx, b, ptrToString(p))
+				b = appendStructEnd(ctx, code, b)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpStructEndStringPtrString:
+			b = appendStructKey(ctx, code, b)
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = appendString(ctx, b, string(appendString(ctx, []byte{}, ptrToString(p))))
+			}
+			b = appendStructEnd(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyStringPtrString:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = appendString(ctx, b, string(appendString(ctx, []byte{}, ptrToString(p))))
+				b = appendStructEnd(ctx, code, b)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpStructEndBool:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			b = appendBool(ctx, b, ptrToBool(p+uintptr(code.Offset)))
+			b = appendStructEnd(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyBool:
+			p := load(ctxptr, code.Idx)
+			v := ptrToBool(p + uintptr(code.Offset))
+			if v {
+				b = appendStructKey(ctx, code, b)
+				b = appendBool(ctx, b, v)
+				b = appendStructEnd(ctx, code, b)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpStructEndBoolString:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			b = append(b, '"')
+			b = appendBool(ctx, b, ptrToBool(p+uintptr(code.Offset)))
+			b = append(b, '"')
+			b = appendStructEnd(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyBoolString:
+			p := load(ctxptr, code.Idx)
+			v := ptrToBool(p + uintptr(code.Offset))
+			if v {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				b = appendBool(ctx, b, v)
+				b = append(b, '"')
+				b = appendStructEnd(ctx, code, b)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpStructEndBoolPtr:
+			b = appendStructKey(ctx, code, b)
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = appendBool(ctx, b, ptrToBool(p))
+			}
+			b = appendStructEnd(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyBoolPtr:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = appendBool(ctx, b, ptrToBool(p))
+				b = appendStructEnd(ctx, code, b)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpStructEndBoolPtrString:
+			b = appendStructKey(ctx, code, b)
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = append(b, '"')
+				b = appendBool(ctx, b, ptrToBool(p))
+				b = append(b, '"')
+			}
+			b = appendStructEnd(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyBoolPtrString:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				b = appendBool(ctx, b, ptrToBool(p))
+				b = append(b, '"')
+				b = appendStructEnd(ctx, code, b)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpStructEndBytes:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			b = appendByteSlice(ctx, b, ptrToBytes(p+uintptr(code.Offset)))
+			b = appendStructEnd(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyBytes:
+			p := load(ctxptr, code.Idx)
+			v := ptrToBytes(p + uintptr(code.Offset))
+			if len(v) > 0 {
+				b = appendStructKey(ctx, code, b)
+				b = appendByteSlice(ctx, b, v)
+				b = appendStructEnd(ctx, code, b)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpStructEndBytesPtr:
+			b = appendStructKey(ctx, code, b)
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = appendByteSlice(ctx, b, ptrToBytes(p))
+			}
+			b = appendStructEnd(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyBytesPtr:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = appendByteSlice(ctx, b, ptrToBytes(p))
+				b = appendStructEnd(ctx, code, b)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpStructEndNumber:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			bb, err := appendNumber(ctx, b, ptrToNumber(p+uintptr(code.Offset)))
+			if err != nil {
+				return nil, err
+			}
+			b = appendStructEnd(ctx, code, bb)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyNumber:
+			p := load(ctxptr, code.Idx)
+			v := ptrToNumber(p + uintptr(code.Offset))
+			if v != "" {
+				b = appendStructKey(ctx, code, b)
+				bb, err := appendNumber(ctx, b, v)
+				if err != nil {
+					return nil, err
+				}
+				b = appendStructEnd(ctx, code, bb)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpStructEndNumberString:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			b = append(b, '"')
+			bb, err := appendNumber(ctx, b, ptrToNumber(p+uintptr(code.Offset)))
+			if err != nil {
+				return nil, err
+			}
+			b = append(bb, '"')
+			b = appendStructEnd(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyNumberString:
+			p := load(ctxptr, code.Idx)
+			v := ptrToNumber(p + uintptr(code.Offset))
+			if v != "" {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				bb, err := appendNumber(ctx, b, v)
+				if err != nil {
+					return nil, err
+				}
+				b = append(bb, '"')
+				b = appendStructEnd(ctx, code, b)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpStructEndNumberPtr:
+			b = appendStructKey(ctx, code, b)
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				bb, err := appendNumber(ctx, b, ptrToNumber(p))
+				if err != nil {
+					return nil, err
+				}
+				b = bb
+			}
+			b = appendStructEnd(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyNumberPtr:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				bb, err := appendNumber(ctx, b, ptrToNumber(p))
+				if err != nil {
+					return nil, err
+				}
+				b = appendStructEnd(ctx, code, bb)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpStructEndNumberPtrString:
+			b = appendStructKey(ctx, code, b)
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = append(b, '"')
+				bb, err := appendNumber(ctx, b, ptrToNumber(p))
+				if err != nil {
+					return nil, err
+				}
+				b = append(bb, '"')
+			}
+			b = appendStructEnd(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyNumberPtrString:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				bb, err := appendNumber(ctx, b, ptrToNumber(p))
+				if err != nil {
+					return nil, err
+				}
+				b = append(bb, '"')
+				b = appendStructEnd(ctx, code, b)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpEnd:
+			goto END
+		}
+	}
+END:
+	return b, nil
+}
diff --git a/vendor/github.com/goccy/go-json/internal/encoder/vm_color_indent/debug_vm.go b/vendor/github.com/goccy/go-json/internal/encoder/vm_color_indent/debug_vm.go
new file mode 100644
index 000000000..dd4cd489e
--- /dev/null
+++ b/vendor/github.com/goccy/go-json/internal/encoder/vm_color_indent/debug_vm.go
@@ -0,0 +1,35 @@
+package vm_color_indent
+
+import (
+	"fmt"
+
+	"github.com/goccy/go-json/internal/encoder"
+)
+
+func DebugRun(ctx *encoder.RuntimeContext, b []byte, codeSet *encoder.OpcodeSet) ([]byte, error) {
+	var code *encoder.Opcode
+	if (ctx.Option.Flag & encoder.HTMLEscapeOption) != 0 {
+		code = codeSet.EscapeKeyCode
+	} else {
+		code = codeSet.NoescapeKeyCode
+	}
+
+	defer func() {
+		if err := recover(); err != nil {
+			w := ctx.Option.DebugOut
+			fmt.Fprintln(w, "=============[DEBUG]===============")
+			fmt.Fprintln(w, "* [TYPE]")
+			fmt.Fprintln(w, codeSet.Type)
+			fmt.Fprintf(w, "\n")
+			fmt.Fprintln(w, "* [ALL OPCODE]")
+			fmt.Fprintln(w, code.Dump())
+			fmt.Fprintf(w, "\n")
+			fmt.Fprintln(w, "* [CONTEXT]")
+			fmt.Fprintf(w, "%+v\n", ctx)
+			fmt.Fprintln(w, "===================================")
+			panic(err)
+		}
+	}()
+
+	return Run(ctx, b, codeSet)
+}
diff --git a/vendor/github.com/goccy/go-json/internal/encoder/vm_color_indent/util.go b/vendor/github.com/goccy/go-json/internal/encoder/vm_color_indent/util.go
new file mode 100644
index 000000000..2395abec9
--- /dev/null
+++ b/vendor/github.com/goccy/go-json/internal/encoder/vm_color_indent/util.go
@@ -0,0 +1,297 @@
+package vm_color_indent
+
+import (
+	"encoding/json"
+	"fmt"
+	"unsafe"
+
+	"github.com/goccy/go-json/internal/encoder"
+	"github.com/goccy/go-json/internal/runtime"
+)
+
+const uintptrSize = 4 << (^uintptr(0) >> 63)
+
+var (
+	appendIndent        = encoder.AppendIndent
+	appendStructEnd     = encoder.AppendStructEndIndent
+	errUnsupportedValue = encoder.ErrUnsupportedValue
+	errUnsupportedFloat = encoder.ErrUnsupportedFloat
+	mapiterinit         = encoder.MapIterInit
+	mapiterkey          = encoder.MapIterKey
+	mapitervalue        = encoder.MapIterValue
+	mapiternext         = encoder.MapIterNext
+	maplen              = encoder.MapLen
+)
+
+type emptyInterface struct {
+	typ *runtime.Type
+	ptr unsafe.Pointer
+}
+
+type nonEmptyInterface struct {
+	itab *struct {
+		ityp *runtime.Type // static interface type
+		typ  *runtime.Type // dynamic concrete type
+		// unused fields...
+	}
+	ptr unsafe.Pointer
+}
+
+func errUnimplementedOp(op encoder.OpType) error {
+	return fmt.Errorf("encoder (indent): opcode %s has not been implemented", op)
+}
+
+func load(base uintptr, idx uint32) uintptr {
+	addr := base + uintptr(idx)
+	return **(**uintptr)(unsafe.Pointer(&addr))
+}
+
+func store(base uintptr, idx uint32, p uintptr) {
+	addr := base + uintptr(idx)
+	**(**uintptr)(unsafe.Pointer(&addr)) = p
+}
+
+func loadNPtr(base uintptr, idx uint32, ptrNum uint8) uintptr {
+	addr := base + uintptr(idx)
+	p := **(**uintptr)(unsafe.Pointer(&addr))
+	for i := uint8(0); i < ptrNum; i++ {
+		if p == 0 {
+			return 0
+		}
+		p = ptrToPtr(p)
+	}
+	return p
+}
+
+func ptrToUint64(p uintptr, bitSize uint8) uint64 {
+	switch bitSize {
+	case 8:
+		return (uint64)(**(**uint8)(unsafe.Pointer(&p)))
+	case 16:
+		return (uint64)(**(**uint16)(unsafe.Pointer(&p)))
+	case 32:
+		return (uint64)(**(**uint32)(unsafe.Pointer(&p)))
+	case 64:
+		return **(**uint64)(unsafe.Pointer(&p))
+	}
+	return 0
+}
+
+func ptrToFloat32(p uintptr) float32            { return **(**float32)(unsafe.Pointer(&p)) }
+func ptrToFloat64(p uintptr) float64            { return **(**float64)(unsafe.Pointer(&p)) }
+func ptrToBool(p uintptr) bool                  { return **(**bool)(unsafe.Pointer(&p)) }
+func ptrToBytes(p uintptr) []byte               { return **(**[]byte)(unsafe.Pointer(&p)) }
+func ptrToNumber(p uintptr) json.Number         { return **(**json.Number)(unsafe.Pointer(&p)) }
+func ptrToString(p uintptr) string              { return **(**string)(unsafe.Pointer(&p)) }
+func ptrToSlice(p uintptr) *runtime.SliceHeader { return *(**runtime.SliceHeader)(unsafe.Pointer(&p)) }
+func ptrToPtr(p uintptr) uintptr {
+	return uintptr(**(**unsafe.Pointer)(unsafe.Pointer(&p)))
+}
+func ptrToNPtr(p uintptr, ptrNum uint8) uintptr {
+	for i := uint8(0); i < ptrNum; i++ {
+		if p == 0 {
+			return 0
+		}
+		p = ptrToPtr(p)
+	}
+	return p
+}
+
+func ptrToUnsafePtr(p uintptr) unsafe.Pointer {
+	return *(*unsafe.Pointer)(unsafe.Pointer(&p))
+}
+func ptrToInterface(code *encoder.Opcode, p uintptr) interface{} {
+	return *(*interface{})(unsafe.Pointer(&emptyInterface{
+		typ: code.Type,
+		ptr: *(*unsafe.Pointer)(unsafe.Pointer(&p)),
+	}))
+}
+
+func appendInt(ctx *encoder.RuntimeContext, b []byte, p uintptr, code *encoder.Opcode) []byte {
+	format := ctx.Option.ColorScheme.Int
+	b = append(b, format.Header...)
+	b = encoder.AppendInt(ctx, b, p, code)
+	return append(b, format.Footer...)
+}
+
+func appendUint(ctx *encoder.RuntimeContext, b []byte, p uintptr, code *encoder.Opcode) []byte {
+	format := ctx.Option.ColorScheme.Uint
+	b = append(b, format.Header...)
+	b = encoder.AppendUint(ctx, b, p, code)
+	return append(b, format.Footer...)
+}
+
+func appendFloat32(ctx *encoder.RuntimeContext, b []byte, v float32) []byte {
+	format := ctx.Option.ColorScheme.Float
+	b = append(b, format.Header...)
+	b = encoder.AppendFloat32(ctx, b, v)
+	return append(b, format.Footer...)
+}
+
+func appendFloat64(ctx *encoder.RuntimeContext, b []byte, v float64) []byte {
+	format := ctx.Option.ColorScheme.Float
+	b = append(b, format.Header...)
+	b = encoder.AppendFloat64(ctx, b, v)
+	return append(b, format.Footer...)
+}
+
+func appendString(ctx *encoder.RuntimeContext, b []byte, v string) []byte {
+	format := ctx.Option.ColorScheme.String
+	b = append(b, format.Header...)
+	b = encoder.AppendString(ctx, b, v)
+	return append(b, format.Footer...)
+}
+
+func appendByteSlice(ctx *encoder.RuntimeContext, b []byte, src []byte) []byte {
+	format := ctx.Option.ColorScheme.Binary
+	b = append(b, format.Header...)
+	b = encoder.AppendByteSlice(ctx, b, src)
+	return append(b, format.Footer...)
+}
+
+func appendNumber(ctx *encoder.RuntimeContext, b []byte, n json.Number) ([]byte, error) {
+	format := ctx.Option.ColorScheme.Int
+	b = append(b, format.Header...)
+	bb, err := encoder.AppendNumber(ctx, b, n)
+	if err != nil {
+		return nil, err
+	}
+	return append(bb, format.Footer...), nil
+}
+
+func appendBool(ctx *encoder.RuntimeContext, b []byte, v bool) []byte {
+	format := ctx.Option.ColorScheme.Bool
+	b = append(b, format.Header...)
+	if v {
+		b = append(b, "true"...)
+	} else {
+		b = append(b, "false"...)
+	}
+	return append(b, format.Footer...)
+}
+
+func appendNull(ctx *encoder.RuntimeContext, b []byte) []byte {
+	format := ctx.Option.ColorScheme.Null
+	b = append(b, format.Header...)
+	b = append(b, "null"...)
+	return append(b, format.Footer...)
+}
+
+func appendComma(_ *encoder.RuntimeContext, b []byte) []byte {
+	return append(b, ',', '\n')
+}
+
+func appendNullComma(ctx *encoder.RuntimeContext, b []byte) []byte {
+	format := ctx.Option.ColorScheme.Null
+	b = append(b, format.Header...)
+	b = append(b, "null"...)
+	return append(append(b, format.Footer...), ',', '\n')
+}
+
+func appendColon(_ *encoder.RuntimeContext, b []byte) []byte {
+	return append(b[:len(b)-2], ':', ' ')
+}
+
+func appendMapKeyValue(ctx *encoder.RuntimeContext, code *encoder.Opcode, b, key, value []byte) []byte {
+	b = appendIndent(ctx, b, code.Indent+1)
+	b = append(b, key...)
+	b[len(b)-2] = ':'
+	b[len(b)-1] = ' '
+	return append(b, value...)
+}
+
+func appendMapEnd(ctx *encoder.RuntimeContext, code *encoder.Opcode, b []byte) []byte {
+	b = b[:len(b)-2]
+	b = append(b, '\n')
+	b = appendIndent(ctx, b, code.Indent)
+	return append(b, '}', ',', '\n')
+}
+
+func appendArrayHead(ctx *encoder.RuntimeContext, code *encoder.Opcode, b []byte) []byte {
+	b = append(b, '[', '\n')
+	return appendIndent(ctx, b, code.Indent+1)
+}
+
+func appendArrayEnd(ctx *encoder.RuntimeContext, code *encoder.Opcode, b []byte) []byte {
+	b = b[:len(b)-2]
+	b = append(b, '\n')
+	b = appendIndent(ctx, b, code.Indent)
+	return append(b, ']', ',', '\n')
+}
+
+func appendEmptyArray(_ *encoder.RuntimeContext, b []byte) []byte {
+	return append(b, '[', ']', ',', '\n')
+}
+
+func appendEmptyObject(_ *encoder.RuntimeContext, b []byte) []byte {
+	return append(b, '{', '}', ',', '\n')
+}
+
+func appendObjectEnd(ctx *encoder.RuntimeContext, code *encoder.Opcode, b []byte) []byte {
+	last := len(b) - 1
+	// replace comma to newline
+	b[last-1] = '\n'
+	b = appendIndent(ctx, b[:last], code.Indent)
+	return append(b, '}', ',', '\n')
+}
+
+func appendMarshalJSON(ctx *encoder.RuntimeContext, code *encoder.Opcode, b []byte, v interface{}) ([]byte, error) {
+	return encoder.AppendMarshalJSONIndent(ctx, code, b, v)
+}
+
+func appendMarshalText(ctx *encoder.RuntimeContext, code *encoder.Opcode, b []byte, v interface{}) ([]byte, error) {
+	format := ctx.Option.ColorScheme.String
+	b = append(b, format.Header...)
+	bb, err := encoder.AppendMarshalTextIndent(ctx, code, b, v)
+	if err != nil {
+		return nil, err
+	}
+	return append(bb, format.Footer...), nil
+}
+
+func appendStructHead(_ *encoder.RuntimeContext, b []byte) []byte {
+	return append(b, '{', '\n')
+}
+
+func appendStructKey(ctx *encoder.RuntimeContext, code *encoder.Opcode, b []byte) []byte {
+	b = appendIndent(ctx, b, code.Indent)
+
+	format := ctx.Option.ColorScheme.ObjectKey
+	b = append(b, format.Header...)
+	b = append(b, code.Key[:len(code.Key)-1]...)
+	b = append(b, format.Footer...)
+
+	return append(b, ':', ' ')
+}
+
+func appendStructEndSkipLast(ctx *encoder.RuntimeContext, code *encoder.Opcode, b []byte) []byte {
+	last := len(b) - 1
+	if b[last-1] == '{' {
+		b[last] = '}'
+	} else {
+		if b[last] == '\n' {
+			// to remove ',' and '\n' characters
+			b = b[:len(b)-2]
+		}
+		b = append(b, '\n')
+		b = appendIndent(ctx, b, code.Indent-1)
+		b = append(b, '}')
+	}
+	return appendComma(ctx, b)
+}
+
+func restoreIndent(ctx *encoder.RuntimeContext, code *encoder.Opcode, ctxptr uintptr) {
+	ctx.BaseIndent = uint32(load(ctxptr, code.Length))
+}
+
+func storeIndent(ctxptr uintptr, code *encoder.Opcode, indent uintptr) {
+	store(ctxptr, code.Length, indent)
+}
+
+func appendArrayElemIndent(ctx *encoder.RuntimeContext, code *encoder.Opcode, b []byte) []byte {
+	return appendIndent(ctx, b, code.Indent+1)
+}
+
+func appendMapKeyIndent(ctx *encoder.RuntimeContext, code *encoder.Opcode, b []byte) []byte {
+	return appendIndent(ctx, b, code.Indent)
+}
diff --git a/vendor/github.com/goccy/go-json/internal/encoder/vm_color_indent/vm.go b/vendor/github.com/goccy/go-json/internal/encoder/vm_color_indent/vm.go
new file mode 100644
index 000000000..3b4e22e5d
--- /dev/null
+++ b/vendor/github.com/goccy/go-json/internal/encoder/vm_color_indent/vm.go
@@ -0,0 +1,4859 @@
+// Code generated by internal/cmd/generator. DO NOT EDIT!
+package vm_color_indent
+
+import (
+	"math"
+	"reflect"
+	"sort"
+	"unsafe"
+
+	"github.com/goccy/go-json/internal/encoder"
+	"github.com/goccy/go-json/internal/runtime"
+)
+
+func Run(ctx *encoder.RuntimeContext, b []byte, codeSet *encoder.OpcodeSet) ([]byte, error) {
+	recursiveLevel := 0
+	ptrOffset := uintptr(0)
+	ctxptr := ctx.Ptr()
+	var code *encoder.Opcode
+	if (ctx.Option.Flag & encoder.HTMLEscapeOption) != 0 {
+		code = codeSet.EscapeKeyCode
+	} else {
+		code = codeSet.NoescapeKeyCode
+	}
+
+	for {
+		switch code.Op {
+		default:
+			return nil, errUnimplementedOp(code.Op)
+		case encoder.OpPtr:
+			p := load(ctxptr, code.Idx)
+			code = code.Next
+			store(ctxptr, code.Idx, ptrToPtr(p))
+		case encoder.OpIntPtr:
+			p := loadNPtr(ctxptr, code.Idx, code.PtrNum)
+			if p == 0 {
+				b = appendNullComma(ctx, b)
+				code = code.Next
+				break
+			}
+			store(ctxptr, code.Idx, p)
+			fallthrough
+		case encoder.OpInt:
+			b = appendInt(ctx, b, load(ctxptr, code.Idx), code)
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpUintPtr:
+			p := loadNPtr(ctxptr, code.Idx, code.PtrNum)
+			if p == 0 {
+				b = appendNullComma(ctx, b)
+				code = code.Next
+				break
+			}
+			store(ctxptr, code.Idx, p)
+			fallthrough
+		case encoder.OpUint:
+			b = appendUint(ctx, b, load(ctxptr, code.Idx), code)
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpIntString:
+			b = append(b, '"')
+			b = appendInt(ctx, b, load(ctxptr, code.Idx), code)
+			b = append(b, '"')
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpUintString:
+			b = append(b, '"')
+			b = appendUint(ctx, b, load(ctxptr, code.Idx), code)
+			b = append(b, '"')
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpFloat32Ptr:
+			p := loadNPtr(ctxptr, code.Idx, code.PtrNum)
+			if p == 0 {
+				b = appendNull(ctx, b)
+				b = appendComma(ctx, b)
+				code = code.Next
+				break
+			}
+			store(ctxptr, code.Idx, p)
+			fallthrough
+		case encoder.OpFloat32:
+			b = appendFloat32(ctx, b, ptrToFloat32(load(ctxptr, code.Idx)))
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpFloat64Ptr:
+			p := loadNPtr(ctxptr, code.Idx, code.PtrNum)
+			if p == 0 {
+				b = appendNullComma(ctx, b)
+				code = code.Next
+				break
+			}
+			store(ctxptr, code.Idx, p)
+			fallthrough
+		case encoder.OpFloat64:
+			v := ptrToFloat64(load(ctxptr, code.Idx))
+			if math.IsInf(v, 0) || math.IsNaN(v) {
+				return nil, errUnsupportedFloat(v)
+			}
+			b = appendFloat64(ctx, b, v)
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStringPtr:
+			p := loadNPtr(ctxptr, code.Idx, code.PtrNum)
+			if p == 0 {
+				b = appendNullComma(ctx, b)
+				code = code.Next
+				break
+			}
+			store(ctxptr, code.Idx, p)
+			fallthrough
+		case encoder.OpString:
+			b = appendString(ctx, b, ptrToString(load(ctxptr, code.Idx)))
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpBoolPtr:
+			p := loadNPtr(ctxptr, code.Idx, code.PtrNum)
+			if p == 0 {
+				b = appendNullComma(ctx, b)
+				code = code.Next
+				break
+			}
+			store(ctxptr, code.Idx, p)
+			fallthrough
+		case encoder.OpBool:
+			b = appendBool(ctx, b, ptrToBool(load(ctxptr, code.Idx)))
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpBytesPtr:
+			p := loadNPtr(ctxptr, code.Idx, code.PtrNum)
+			if p == 0 {
+				b = appendNullComma(ctx, b)
+				code = code.Next
+				break
+			}
+			store(ctxptr, code.Idx, p)
+			fallthrough
+		case encoder.OpBytes:
+			b = appendByteSlice(ctx, b, ptrToBytes(load(ctxptr, code.Idx)))
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpNumberPtr:
+			p := loadNPtr(ctxptr, code.Idx, code.PtrNum)
+			if p == 0 {
+				b = appendNullComma(ctx, b)
+				code = code.Next
+				break
+			}
+			store(ctxptr, code.Idx, p)
+			fallthrough
+		case encoder.OpNumber:
+			bb, err := appendNumber(ctx, b, ptrToNumber(load(ctxptr, code.Idx)))
+			if err != nil {
+				return nil, err
+			}
+			b = appendComma(ctx, bb)
+			code = code.Next
+		case encoder.OpInterfacePtr:
+			p := loadNPtr(ctxptr, code.Idx, code.PtrNum)
+			if p == 0 {
+				b = appendNullComma(ctx, b)
+				code = code.Next
+				break
+			}
+			store(ctxptr, code.Idx, p)
+			fallthrough
+		case encoder.OpInterface:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				b = appendNullComma(ctx, b)
+				code = code.Next
+				break
+			}
+			if recursiveLevel > encoder.StartDetectingCyclesAfter {
+				for _, seen := range ctx.SeenPtr {
+					if p == seen {
+						return nil, errUnsupportedValue(code, p)
+					}
+				}
+			}
+			ctx.SeenPtr = append(ctx.SeenPtr, p)
+			var (
+				typ      *runtime.Type
+				ifacePtr unsafe.Pointer
+			)
+			up := ptrToUnsafePtr(p)
+			if code.Flags&encoder.NonEmptyInterfaceFlags != 0 {
+				iface := (*nonEmptyInterface)(up)
+				ifacePtr = iface.ptr
+				if iface.itab != nil {
+					typ = iface.itab.typ
+				}
+			} else {
+				iface := (*emptyInterface)(up)
+				ifacePtr = iface.ptr
+				typ = iface.typ
+			}
+			if ifacePtr == nil {
+				isDirectedNil := typ != nil && typ.Kind() == reflect.Struct && !runtime.IfaceIndir(typ)
+				if !isDirectedNil {
+					b = appendNullComma(ctx, b)
+					code = code.Next
+					break
+				}
+			}
+			ctx.KeepRefs = append(ctx.KeepRefs, up)
+			ifaceCodeSet, err := encoder.CompileToGetCodeSet(ctx, uintptr(unsafe.Pointer(typ)))
+			if err != nil {
+				return nil, err
+			}
+
+			totalLength := uintptr(code.Length) + 3
+			nextTotalLength := uintptr(ifaceCodeSet.CodeLength) + 3
+
+			var c *encoder.Opcode
+			if (ctx.Option.Flag & encoder.HTMLEscapeOption) != 0 {
+				c = ifaceCodeSet.InterfaceEscapeKeyCode
+			} else {
+				c = ifaceCodeSet.InterfaceNoescapeKeyCode
+			}
+			curlen := uintptr(len(ctx.Ptrs))
+			offsetNum := ptrOffset / uintptrSize
+			oldOffset := ptrOffset
+			ptrOffset += totalLength * uintptrSize
+			oldBaseIndent := ctx.BaseIndent
+			ctx.BaseIndent += code.Indent
+
+			newLen := offsetNum + totalLength + nextTotalLength
+			if curlen < newLen {
+				ctx.Ptrs = append(ctx.Ptrs, make([]uintptr, newLen-curlen)...)
+			}
+			ctxptr = ctx.Ptr() + ptrOffset // assign new ctxptr
+
+			end := ifaceCodeSet.EndCode
+			store(ctxptr, c.Idx, uintptr(ifacePtr))
+			store(ctxptr, end.Idx, oldOffset)
+			store(ctxptr, end.ElemIdx, uintptr(unsafe.Pointer(code.Next)))
+			storeIndent(ctxptr, end, uintptr(oldBaseIndent))
+			code = c
+			recursiveLevel++
+		case encoder.OpInterfaceEnd:
+			recursiveLevel--
+
+			// restore ctxptr
+			offset := load(ctxptr, code.Idx)
+			restoreIndent(ctx, code, ctxptr)
+			ctx.SeenPtr = ctx.SeenPtr[:len(ctx.SeenPtr)-1]
+
+			codePtr := load(ctxptr, code.ElemIdx)
+			code = (*encoder.Opcode)(ptrToUnsafePtr(codePtr))
+			ctxptr = ctx.Ptr() + offset
+			ptrOffset = offset
+		case encoder.OpMarshalJSONPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				b = appendNullComma(ctx, b)
+				code = code.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToPtr(p))
+			fallthrough
+		case encoder.OpMarshalJSON:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				b = appendNullComma(ctx, b)
+				code = code.Next
+				break
+			}
+			if (code.Flags&encoder.IsNilableTypeFlags) != 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				p = ptrToPtr(p)
+			}
+			bb, err := appendMarshalJSON(ctx, code, b, ptrToInterface(code, p))
+			if err != nil {
+				return nil, err
+			}
+			b = appendComma(ctx, bb)
+			code = code.Next
+		case encoder.OpMarshalTextPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				b = appendNullComma(ctx, b)
+				code = code.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToPtr(p))
+			fallthrough
+		case encoder.OpMarshalText:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				b = append(b, `""`...)
+				b = appendComma(ctx, b)
+				code = code.Next
+				break
+			}
+			if (code.Flags&encoder.IsNilableTypeFlags) != 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				p = ptrToPtr(p)
+			}
+			bb, err := appendMarshalText(ctx, code, b, ptrToInterface(code, p))
+			if err != nil {
+				return nil, err
+			}
+			b = appendComma(ctx, bb)
+			code = code.Next
+		case encoder.OpSlicePtr:
+			p := loadNPtr(ctxptr, code.Idx, code.PtrNum)
+			if p == 0 {
+				b = appendNullComma(ctx, b)
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, p)
+			fallthrough
+		case encoder.OpSlice:
+			p := load(ctxptr, code.Idx)
+			slice := ptrToSlice(p)
+			if p == 0 || slice.Data == nil {
+				b = appendNullComma(ctx, b)
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.ElemIdx, 0)
+			store(ctxptr, code.Length, uintptr(slice.Len))
+			store(ctxptr, code.Idx, uintptr(slice.Data))
+			if slice.Len > 0 {
+				b = appendArrayHead(ctx, code, b)
+				code = code.Next
+				store(ctxptr, code.Idx, uintptr(slice.Data))
+			} else {
+				b = appendEmptyArray(ctx, b)
+				code = code.End.Next
+			}
+		case encoder.OpSliceElem:
+			idx := load(ctxptr, code.ElemIdx)
+			length := load(ctxptr, code.Length)
+			idx++
+			if idx < length {
+				b = appendArrayElemIndent(ctx, code, b)
+				store(ctxptr, code.ElemIdx, idx)
+				data := load(ctxptr, code.Idx)
+				size := uintptr(code.Size)
+				code = code.Next
+				store(ctxptr, code.Idx, data+idx*size)
+			} else {
+				b = appendArrayEnd(ctx, code, b)
+				code = code.End.Next
+			}
+		case encoder.OpArrayPtr:
+			p := loadNPtr(ctxptr, code.Idx, code.PtrNum)
+			if p == 0 {
+				b = appendNullComma(ctx, b)
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, p)
+			fallthrough
+		case encoder.OpArray:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				b = appendNullComma(ctx, b)
+				code = code.End.Next
+				break
+			}
+			if code.Length > 0 {
+				b = appendArrayHead(ctx, code, b)
+				store(ctxptr, code.ElemIdx, 0)
+				code = code.Next
+				store(ctxptr, code.Idx, p)
+			} else {
+				b = appendEmptyArray(ctx, b)
+				code = code.End.Next
+			}
+		case encoder.OpArrayElem:
+			idx := load(ctxptr, code.ElemIdx)
+			idx++
+			if idx < uintptr(code.Length) {
+				b = appendArrayElemIndent(ctx, code, b)
+				store(ctxptr, code.ElemIdx, idx)
+				p := load(ctxptr, code.Idx)
+				size := uintptr(code.Size)
+				code = code.Next
+				store(ctxptr, code.Idx, p+idx*size)
+			} else {
+				b = appendArrayEnd(ctx, code, b)
+				code = code.End.Next
+			}
+		case encoder.OpMapPtr:
+			p := loadNPtr(ctxptr, code.Idx, code.PtrNum)
+			if p == 0 {
+				b = appendNullComma(ctx, b)
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, p)
+			fallthrough
+		case encoder.OpMap:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				b = appendNullComma(ctx, b)
+				code = code.End.Next
+				break
+			}
+			uptr := ptrToUnsafePtr(p)
+			mlen := maplen(uptr)
+			if mlen <= 0 {
+				b = appendEmptyObject(ctx, b)
+				code = code.End.Next
+				break
+			}
+			b = appendStructHead(ctx, b)
+			unorderedMap := (ctx.Option.Flag & encoder.UnorderedMapOption) != 0
+			mapCtx := encoder.NewMapContext(mlen, unorderedMap)
+			mapiterinit(code.Type, uptr, &mapCtx.Iter)
+			store(ctxptr, code.Idx, uintptr(unsafe.Pointer(mapCtx)))
+			ctx.KeepRefs = append(ctx.KeepRefs, unsafe.Pointer(mapCtx))
+			if unorderedMap {
+				b = appendMapKeyIndent(ctx, code.Next, b)
+			} else {
+				mapCtx.Start = len(b)
+				mapCtx.First = len(b)
+			}
+			key := mapiterkey(&mapCtx.Iter)
+			store(ctxptr, code.Next.Idx, uintptr(key))
+			code = code.Next
+		case encoder.OpMapKey:
+			mapCtx := (*encoder.MapContext)(ptrToUnsafePtr(load(ctxptr, code.Idx)))
+			idx := mapCtx.Idx
+			idx++
+			if (ctx.Option.Flag & encoder.UnorderedMapOption) != 0 {
+				if idx < mapCtx.Len {
+					b = appendMapKeyIndent(ctx, code, b)
+					mapCtx.Idx = int(idx)
+					key := mapiterkey(&mapCtx.Iter)
+					store(ctxptr, code.Next.Idx, uintptr(key))
+					code = code.Next
+				} else {
+					b = appendObjectEnd(ctx, code, b)
+					encoder.ReleaseMapContext(mapCtx)
+					code = code.End.Next
+				}
+			} else {
+				mapCtx.Slice.Items[mapCtx.Idx].Value = b[mapCtx.Start:len(b)]
+				if idx < mapCtx.Len {
+					mapCtx.Idx = int(idx)
+					mapCtx.Start = len(b)
+					key := mapiterkey(&mapCtx.Iter)
+					store(ctxptr, code.Next.Idx, uintptr(key))
+					code = code.Next
+				} else {
+					code = code.End
+				}
+			}
+		case encoder.OpMapValue:
+			mapCtx := (*encoder.MapContext)(ptrToUnsafePtr(load(ctxptr, code.Idx)))
+			if (ctx.Option.Flag & encoder.UnorderedMapOption) != 0 {
+				b = appendColon(ctx, b)
+			} else {
+				mapCtx.Slice.Items[mapCtx.Idx].Key = b[mapCtx.Start:len(b)]
+				mapCtx.Start = len(b)
+			}
+			value := mapitervalue(&mapCtx.Iter)
+			store(ctxptr, code.Next.Idx, uintptr(value))
+			mapiternext(&mapCtx.Iter)
+			code = code.Next
+		case encoder.OpMapEnd:
+			// this operation only used by sorted map.
+			mapCtx := (*encoder.MapContext)(ptrToUnsafePtr(load(ctxptr, code.Idx)))
+			sort.Sort(mapCtx.Slice)
+			buf := mapCtx.Buf
+			for _, item := range mapCtx.Slice.Items {
+				buf = appendMapKeyValue(ctx, code, buf, item.Key, item.Value)
+			}
+			buf = appendMapEnd(ctx, code, buf)
+			b = b[:mapCtx.First]
+			b = append(b, buf...)
+			mapCtx.Buf = buf
+			encoder.ReleaseMapContext(mapCtx)
+			code = code.Next
+		case encoder.OpRecursivePtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				code = code.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpRecursive:
+			ptr := load(ctxptr, code.Idx)
+			if ptr != 0 {
+				if recursiveLevel > encoder.StartDetectingCyclesAfter {
+					for _, seen := range ctx.SeenPtr {
+						if ptr == seen {
+							return nil, errUnsupportedValue(code, ptr)
+						}
+					}
+				}
+			}
+			ctx.SeenPtr = append(ctx.SeenPtr, ptr)
+			c := code.Jmp.Code
+			curlen := uintptr(len(ctx.Ptrs))
+			offsetNum := ptrOffset / uintptrSize
+			oldOffset := ptrOffset
+			ptrOffset += code.Jmp.CurLen * uintptrSize
+			oldBaseIndent := ctx.BaseIndent
+			indentDiffFromTop := c.Indent - 1
+			ctx.BaseIndent += code.Indent - indentDiffFromTop
+
+			newLen := offsetNum + code.Jmp.CurLen + code.Jmp.NextLen
+			if curlen < newLen {
+				ctx.Ptrs = append(ctx.Ptrs, make([]uintptr, newLen-curlen)...)
+			}
+			ctxptr = ctx.Ptr() + ptrOffset // assign new ctxptr
+
+			store(ctxptr, c.Idx, ptr)
+			store(ctxptr, c.End.Next.Idx, oldOffset)
+			store(ctxptr, c.End.Next.ElemIdx, uintptr(unsafe.Pointer(code.Next)))
+			storeIndent(ctxptr, c.End.Next, uintptr(oldBaseIndent))
+			code = c
+			recursiveLevel++
+		case encoder.OpRecursiveEnd:
+			recursiveLevel--
+
+			// restore ctxptr
+			restoreIndent(ctx, code, ctxptr)
+			offset := load(ctxptr, code.Idx)
+			ctx.SeenPtr = ctx.SeenPtr[:len(ctx.SeenPtr)-1]
+
+			codePtr := load(ctxptr, code.ElemIdx)
+			code = (*encoder.Opcode)(ptrToUnsafePtr(codePtr))
+			ctxptr = ctx.Ptr() + offset
+			ptrOffset = offset
+		case encoder.OpStructPtrHead:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHead:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && ((code.Flags&encoder.IndirectFlags) != 0 || code.Next.Op == encoder.OpStructEnd) {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			if len(code.Key) > 0 {
+				if (code.Flags&encoder.IsTaggedKeyFlags) != 0 || code.Flags&encoder.AnonymousKeyFlags == 0 {
+					b = appendStructKey(ctx, code, b)
+				}
+			}
+			p += uintptr(code.Offset)
+			code = code.Next
+			store(ctxptr, code.Idx, p)
+		case encoder.OpStructPtrHeadOmitEmpty:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadOmitEmpty:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && ((code.Flags&encoder.IndirectFlags) != 0 || code.Next.Op == encoder.OpStructEnd) {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			p += uintptr(code.Offset)
+			if p == 0 || (ptrToPtr(p) == 0 && (code.Flags&encoder.IsNextOpPtrTypeFlags) != 0) {
+				code = code.NextField
+			} else {
+				b = appendStructKey(ctx, code, b)
+				code = code.Next
+				store(ctxptr, code.Idx, p)
+			}
+		case encoder.OpStructPtrHeadInt:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadInt:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			b = appendInt(ctx, b, p+uintptr(code.Offset), code)
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyInt:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyInt:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			u64 := ptrToUint64(p+uintptr(code.Offset), code.NumBitSize)
+			v := u64 & ((1 << code.NumBitSize) - 1)
+			if v == 0 {
+				code = code.NextField
+			} else {
+				b = appendStructKey(ctx, code, b)
+				b = appendInt(ctx, b, p+uintptr(code.Offset), code)
+				b = appendComma(ctx, b)
+				code = code.Next
+			}
+		case encoder.OpStructPtrHeadIntString:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadIntString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			b = append(b, '"')
+			b = appendInt(ctx, b, p+uintptr(code.Offset), code)
+			b = append(b, '"')
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyIntString:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyIntString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			p += uintptr(code.Offset)
+			u64 := ptrToUint64(p, code.NumBitSize)
+			v := u64 & ((1 << code.NumBitSize) - 1)
+			if v == 0 {
+				code = code.NextField
+			} else {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				b = appendInt(ctx, b, p, code)
+				b = append(b, '"')
+				b = appendComma(ctx, b)
+				code = code.Next
+			}
+		case encoder.OpStructPtrHeadIntPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadIntPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = appendInt(ctx, b, p, code)
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyIntPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyIntPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = appendInt(ctx, b, p, code)
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructPtrHeadIntPtrString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadIntPtrString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = append(b, '"')
+				b = appendInt(ctx, b, p, code)
+				b = append(b, '"')
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyIntPtrString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyIntPtrString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				b = appendInt(ctx, b, p, code)
+				b = append(b, '"')
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructPtrHeadUint:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadUint:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			b = appendUint(ctx, b, p+uintptr(code.Offset), code)
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyUint:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyUint:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			u64 := ptrToUint64(p+uintptr(code.Offset), code.NumBitSize)
+			v := u64 & ((1 << code.NumBitSize) - 1)
+			if v == 0 {
+				code = code.NextField
+			} else {
+				b = appendStructKey(ctx, code, b)
+				b = appendUint(ctx, b, p+uintptr(code.Offset), code)
+				b = appendComma(ctx, b)
+				code = code.Next
+			}
+		case encoder.OpStructPtrHeadUintString:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadUintString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			b = append(b, '"')
+			b = appendUint(ctx, b, p+uintptr(code.Offset), code)
+			b = append(b, '"')
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyUintString:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyUintString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			u64 := ptrToUint64(p+uintptr(code.Offset), code.NumBitSize)
+			v := u64 & ((1 << code.NumBitSize) - 1)
+			if v == 0 {
+				code = code.NextField
+			} else {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				b = appendUint(ctx, b, p+uintptr(code.Offset), code)
+				b = append(b, '"')
+				b = appendComma(ctx, b)
+				code = code.Next
+			}
+		case encoder.OpStructPtrHeadUintPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadUintPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = appendUint(ctx, b, p, code)
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyUintPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyUintPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = appendUint(ctx, b, p, code)
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructPtrHeadUintPtrString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadUintPtrString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = append(b, '"')
+				b = appendUint(ctx, b, p, code)
+				b = append(b, '"')
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyUintPtrString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyUintPtrString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				b = appendUint(ctx, b, p, code)
+				b = append(b, '"')
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructPtrHeadFloat32:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadFloat32:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			b = appendFloat32(ctx, b, ptrToFloat32(p+uintptr(code.Offset)))
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyFloat32:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyFloat32:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			v := ptrToFloat32(p + uintptr(code.Offset))
+			if v == 0 {
+				code = code.NextField
+			} else {
+				b = appendStructKey(ctx, code, b)
+				b = appendFloat32(ctx, b, v)
+				b = appendComma(ctx, b)
+				code = code.Next
+			}
+		case encoder.OpStructPtrHeadFloat32String:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadFloat32String:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			b = append(b, '"')
+			b = appendFloat32(ctx, b, ptrToFloat32(p+uintptr(code.Offset)))
+			b = append(b, '"')
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyFloat32String:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyFloat32String:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			v := ptrToFloat32(p + uintptr(code.Offset))
+			if v == 0 {
+				code = code.NextField
+			} else {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				b = appendFloat32(ctx, b, v)
+				b = append(b, '"')
+				b = appendComma(ctx, b)
+				code = code.Next
+			}
+		case encoder.OpStructPtrHeadFloat32Ptr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadFloat32Ptr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = appendFloat32(ctx, b, ptrToFloat32(p))
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyFloat32Ptr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyFloat32Ptr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = appendFloat32(ctx, b, ptrToFloat32(p))
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructPtrHeadFloat32PtrString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadFloat32PtrString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = append(b, '"')
+				b = appendFloat32(ctx, b, ptrToFloat32(p))
+				b = append(b, '"')
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyFloat32PtrString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyFloat32PtrString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				b = appendFloat32(ctx, b, ptrToFloat32(p))
+				b = append(b, '"')
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructPtrHeadFloat64:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadFloat64:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			v := ptrToFloat64(p + uintptr(code.Offset))
+			if math.IsInf(v, 0) || math.IsNaN(v) {
+				return nil, errUnsupportedFloat(v)
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			b = appendFloat64(ctx, b, v)
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyFloat64:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyFloat64:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			v := ptrToFloat64(p + uintptr(code.Offset))
+			if v == 0 {
+				code = code.NextField
+			} else {
+				if math.IsInf(v, 0) || math.IsNaN(v) {
+					return nil, errUnsupportedFloat(v)
+				}
+				b = appendStructKey(ctx, code, b)
+				b = appendFloat64(ctx, b, v)
+				b = appendComma(ctx, b)
+				code = code.Next
+			}
+		case encoder.OpStructPtrHeadFloat64String:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadFloat64String:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			v := ptrToFloat64(p + uintptr(code.Offset))
+			if math.IsInf(v, 0) || math.IsNaN(v) {
+				return nil, errUnsupportedFloat(v)
+			}
+			b = appendStructKey(ctx, code, b)
+			b = append(b, '"')
+			b = appendFloat64(ctx, b, v)
+			b = append(b, '"')
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyFloat64String:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyFloat64String:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			v := ptrToFloat64(p + uintptr(code.Offset))
+			if v == 0 {
+				code = code.NextField
+			} else {
+				if math.IsInf(v, 0) || math.IsNaN(v) {
+					return nil, errUnsupportedFloat(v)
+				}
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				b = appendFloat64(ctx, b, v)
+				b = append(b, '"')
+				b = appendComma(ctx, b)
+				code = code.Next
+			}
+		case encoder.OpStructPtrHeadFloat64Ptr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadFloat64Ptr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				v := ptrToFloat64(p)
+				if math.IsInf(v, 0) || math.IsNaN(v) {
+					return nil, errUnsupportedFloat(v)
+				}
+				b = appendFloat64(ctx, b, v)
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyFloat64Ptr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyFloat64Ptr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				v := ptrToFloat64(p)
+				if math.IsInf(v, 0) || math.IsNaN(v) {
+					return nil, errUnsupportedFloat(v)
+				}
+				b = appendFloat64(ctx, b, v)
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructPtrHeadFloat64PtrString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadFloat64PtrString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = append(b, '"')
+				v := ptrToFloat64(p)
+				if math.IsInf(v, 0) || math.IsNaN(v) {
+					return nil, errUnsupportedFloat(v)
+				}
+				b = appendFloat64(ctx, b, v)
+				b = append(b, '"')
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyFloat64PtrString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyFloat64PtrString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				v := ptrToFloat64(p)
+				if math.IsInf(v, 0) || math.IsNaN(v) {
+					return nil, errUnsupportedFloat(v)
+				}
+				b = appendFloat64(ctx, b, v)
+				b = append(b, '"')
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructPtrHeadString:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNull(ctx, b)
+					b = appendComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			b = appendString(ctx, b, ptrToString(p+uintptr(code.Offset)))
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyString:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			v := ptrToString(p + uintptr(code.Offset))
+			if v == "" {
+				code = code.NextField
+			} else {
+				b = appendStructKey(ctx, code, b)
+				b = appendString(ctx, b, v)
+				b = appendComma(ctx, b)
+				code = code.Next
+			}
+		case encoder.OpStructPtrHeadStringString:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadStringString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			b = appendString(ctx, b, string(appendString(ctx, []byte{}, ptrToString(p+uintptr(code.Offset)))))
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyStringString:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyStringString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			v := ptrToString(p + uintptr(code.Offset))
+			if v == "" {
+				code = code.NextField
+			} else {
+				b = appendStructKey(ctx, code, b)
+				b = appendString(ctx, b, string(appendString(ctx, []byte{}, v)))
+				b = appendComma(ctx, b)
+				code = code.Next
+			}
+		case encoder.OpStructPtrHeadStringPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadStringPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = appendString(ctx, b, ptrToString(p))
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyStringPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyStringPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = appendString(ctx, b, ptrToString(p))
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructPtrHeadStringPtrString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadStringPtrString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = appendString(ctx, b, string(appendString(ctx, []byte{}, ptrToString(p))))
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyStringPtrString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyStringPtrString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = appendString(ctx, b, string(appendString(ctx, []byte{}, ptrToString(p))))
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructPtrHeadBool:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadBool:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			b = appendBool(ctx, b, ptrToBool(p+uintptr(code.Offset)))
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyBool:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyBool:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			v := ptrToBool(p + uintptr(code.Offset))
+			if v {
+				b = appendStructKey(ctx, code, b)
+				b = appendBool(ctx, b, v)
+				b = appendComma(ctx, b)
+				code = code.Next
+			} else {
+				code = code.NextField
+			}
+		case encoder.OpStructPtrHeadBoolString:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadBoolString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			b = append(b, '"')
+			b = appendBool(ctx, b, ptrToBool(p+uintptr(code.Offset)))
+			b = append(b, '"')
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyBoolString:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyBoolString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			v := ptrToBool(p + uintptr(code.Offset))
+			if v {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				b = appendBool(ctx, b, v)
+				b = append(b, '"')
+				b = appendComma(ctx, b)
+				code = code.Next
+			} else {
+				code = code.NextField
+			}
+		case encoder.OpStructPtrHeadBoolPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadBoolPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = appendBool(ctx, b, ptrToBool(p))
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyBoolPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyBoolPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = appendBool(ctx, b, ptrToBool(p))
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructPtrHeadBoolPtrString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadBoolPtrString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = append(b, '"')
+				b = appendBool(ctx, b, ptrToBool(p))
+				b = append(b, '"')
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyBoolPtrString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyBoolPtrString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				b = appendBool(ctx, b, ptrToBool(p))
+				b = append(b, '"')
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructPtrHeadBytes:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadBytes:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			b = appendByteSlice(ctx, b, ptrToBytes(p+uintptr(code.Offset)))
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyBytes:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyBytes:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			v := ptrToBytes(p + uintptr(code.Offset))
+			if len(v) == 0 {
+				code = code.NextField
+			} else {
+				b = appendStructKey(ctx, code, b)
+				b = appendByteSlice(ctx, b, v)
+				b = appendComma(ctx, b)
+				code = code.Next
+			}
+		case encoder.OpStructPtrHeadBytesPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadBytesPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = appendByteSlice(ctx, b, ptrToBytes(p))
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyBytesPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyBytesPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = appendByteSlice(ctx, b, ptrToBytes(p))
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructPtrHeadNumber:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadNumber:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			bb, err := appendNumber(ctx, b, ptrToNumber(p+uintptr(code.Offset)))
+			if err != nil {
+				return nil, err
+			}
+			b = appendComma(ctx, bb)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyNumber:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyNumber:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			v := ptrToNumber(p + uintptr(code.Offset))
+			if v == "" {
+				code = code.NextField
+			} else {
+				b = appendStructKey(ctx, code, b)
+				bb, err := appendNumber(ctx, b, v)
+				if err != nil {
+					return nil, err
+				}
+				b = appendComma(ctx, bb)
+				code = code.Next
+			}
+		case encoder.OpStructPtrHeadNumberString:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadNumberString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			b = append(b, '"')
+			bb, err := appendNumber(ctx, b, ptrToNumber(p+uintptr(code.Offset)))
+			if err != nil {
+				return nil, err
+			}
+			b = append(bb, '"')
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyNumberString:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyNumberString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			v := ptrToNumber(p + uintptr(code.Offset))
+			if v == "" {
+				code = code.NextField
+			} else {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				bb, err := appendNumber(ctx, b, v)
+				if err != nil {
+					return nil, err
+				}
+				b = append(bb, '"')
+				b = appendComma(ctx, b)
+				code = code.Next
+			}
+		case encoder.OpStructPtrHeadNumberPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadNumberPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				bb, err := appendNumber(ctx, b, ptrToNumber(p))
+				if err != nil {
+					return nil, err
+				}
+				b = bb
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyNumberPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyNumberPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				bb, err := appendNumber(ctx, b, ptrToNumber(p))
+				if err != nil {
+					return nil, err
+				}
+				b = appendComma(ctx, bb)
+			}
+			code = code.Next
+		case encoder.OpStructPtrHeadNumberPtrString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadNumberPtrString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = append(b, '"')
+				bb, err := appendNumber(ctx, b, ptrToNumber(p))
+				if err != nil {
+					return nil, err
+				}
+				b = append(bb, '"')
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyNumberPtrString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyNumberPtrString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				bb, err := appendNumber(ctx, b, ptrToNumber(p))
+				if err != nil {
+					return nil, err
+				}
+				b = append(bb, '"')
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructPtrHeadArray, encoder.OpStructPtrHeadSlice:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadArray, encoder.OpStructHeadSlice:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			p += uintptr(code.Offset)
+			code = code.Next
+			store(ctxptr, code.Idx, p)
+		case encoder.OpStructPtrHeadOmitEmptyArray:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyArray:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			p += uintptr(code.Offset)
+			b = appendStructKey(ctx, code, b)
+			code = code.Next
+			store(ctxptr, code.Idx, p)
+		case encoder.OpStructPtrHeadOmitEmptySlice:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadOmitEmptySlice:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			p += uintptr(code.Offset)
+			slice := ptrToSlice(p)
+			if slice.Len == 0 {
+				code = code.NextField
+			} else {
+				b = appendStructKey(ctx, code, b)
+				code = code.Next
+				store(ctxptr, code.Idx, p)
+			}
+		case encoder.OpStructPtrHeadArrayPtr, encoder.OpStructPtrHeadSlicePtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadArrayPtr, encoder.OpStructHeadSlicePtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p == 0 {
+				b = appendNullComma(ctx, b)
+				code = code.NextField
+			} else {
+				code = code.Next
+				store(ctxptr, code.Idx, p)
+			}
+		case encoder.OpStructPtrHeadOmitEmptyArrayPtr, encoder.OpStructPtrHeadOmitEmptySlicePtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyArrayPtr, encoder.OpStructHeadOmitEmptySlicePtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p == 0 {
+				code = code.NextField
+			} else {
+				b = appendStructKey(ctx, code, b)
+				code = code.Next
+				store(ctxptr, code.Idx, p)
+			}
+		case encoder.OpStructPtrHeadMap:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadMap:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			if p != 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				p = ptrToPtr(p + uintptr(code.Offset))
+			}
+			code = code.Next
+			store(ctxptr, code.Idx, p)
+		case encoder.OpStructPtrHeadOmitEmptyMap:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyMap:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			if p != 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				p = ptrToPtr(p + uintptr(code.Offset))
+			}
+			if maplen(ptrToUnsafePtr(p)) == 0 {
+				code = code.NextField
+			} else {
+				b = appendStructKey(ctx, code, b)
+				code = code.Next
+				store(ctxptr, code.Idx, p)
+			}
+		case encoder.OpStructPtrHeadMapPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadMapPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			if p == 0 {
+				b = appendNullComma(ctx, b)
+				code = code.NextField
+				break
+			}
+			p = ptrToPtr(p + uintptr(code.Offset))
+			if p == 0 {
+				b = appendNullComma(ctx, b)
+				code = code.NextField
+			} else {
+				if (code.Flags & encoder.IndirectFlags) != 0 {
+					p = ptrToNPtr(p, code.PtrNum)
+				}
+				code = code.Next
+				store(ctxptr, code.Idx, p)
+			}
+		case encoder.OpStructPtrHeadOmitEmptyMapPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyMapPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			if p == 0 {
+				code = code.NextField
+				break
+			}
+			p = ptrToPtr(p + uintptr(code.Offset))
+			if p == 0 {
+				code = code.NextField
+			} else {
+				if (code.Flags & encoder.IndirectFlags) != 0 {
+					p = ptrToNPtr(p, code.PtrNum)
+				}
+				b = appendStructKey(ctx, code, b)
+				code = code.Next
+				store(ctxptr, code.Idx, p)
+			}
+		case encoder.OpStructPtrHeadMarshalJSON:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadMarshalJSON:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			p += uintptr(code.Offset)
+			if (code.Flags & encoder.IsNilableTypeFlags) != 0 {
+				if (code.Flags&encoder.IndirectFlags) != 0 || code.Op == encoder.OpStructPtrHeadMarshalJSON {
+					p = ptrToPtr(p)
+				}
+			}
+			if p == 0 && (code.Flags&encoder.NilCheckFlags) != 0 {
+				b = appendNull(ctx, b)
+			} else {
+				bb, err := appendMarshalJSON(ctx, code, b, ptrToInterface(code, p))
+				if err != nil {
+					return nil, err
+				}
+				b = bb
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyMarshalJSON:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyMarshalJSON:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			p += uintptr(code.Offset)
+			if (code.Flags & encoder.IsNilableTypeFlags) != 0 {
+				if (code.Flags&encoder.IndirectFlags) != 0 || code.Op == encoder.OpStructPtrHeadOmitEmptyMarshalJSON {
+					p = ptrToPtr(p)
+				}
+			}
+			iface := ptrToInterface(code, p)
+			if (code.Flags&encoder.NilCheckFlags) != 0 && encoder.IsNilForMarshaler(iface) {
+				code = code.NextField
+			} else {
+				b = appendStructKey(ctx, code, b)
+				bb, err := appendMarshalJSON(ctx, code, b, iface)
+				if err != nil {
+					return nil, err
+				}
+				b = bb
+				b = appendComma(ctx, b)
+				code = code.Next
+			}
+		case encoder.OpStructPtrHeadMarshalJSONPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadMarshalJSONPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				bb, err := appendMarshalJSON(ctx, code, b, ptrToInterface(code, p))
+				if err != nil {
+					return nil, err
+				}
+				b = bb
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyMarshalJSONPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyMarshalJSONPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			if p == 0 {
+				code = code.NextField
+			} else {
+				b = appendStructKey(ctx, code, b)
+				bb, err := appendMarshalJSON(ctx, code, b, ptrToInterface(code, p))
+				if err != nil {
+					return nil, err
+				}
+				b = bb
+				b = appendComma(ctx, b)
+				code = code.Next
+			}
+		case encoder.OpStructPtrHeadMarshalText:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadMarshalText:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			p += uintptr(code.Offset)
+			if (code.Flags & encoder.IsNilableTypeFlags) != 0 {
+				if (code.Flags&encoder.IndirectFlags) != 0 || code.Op == encoder.OpStructPtrHeadMarshalText {
+					p = ptrToPtr(p)
+				}
+			}
+			if p == 0 && (code.Flags&encoder.NilCheckFlags) != 0 {
+				b = appendNull(ctx, b)
+			} else {
+				bb, err := appendMarshalText(ctx, code, b, ptrToInterface(code, p))
+				if err != nil {
+					return nil, err
+				}
+				b = bb
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyMarshalText:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyMarshalText:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			p += uintptr(code.Offset)
+			if (code.Flags & encoder.IsNilableTypeFlags) != 0 {
+				if (code.Flags&encoder.IndirectFlags) != 0 || code.Op == encoder.OpStructPtrHeadOmitEmptyMarshalText {
+					p = ptrToPtr(p)
+				}
+			}
+			if p == 0 && (code.Flags&encoder.NilCheckFlags) != 0 {
+				code = code.NextField
+			} else {
+				b = appendStructKey(ctx, code, b)
+				bb, err := appendMarshalText(ctx, code, b, ptrToInterface(code, p))
+				if err != nil {
+					return nil, err
+				}
+				b = bb
+				b = appendComma(ctx, b)
+				code = code.Next
+			}
+		case encoder.OpStructPtrHeadMarshalTextPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadMarshalTextPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				bb, err := appendMarshalText(ctx, code, b, ptrToInterface(code, p))
+				if err != nil {
+					return nil, err
+				}
+				b = bb
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyMarshalTextPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyMarshalTextPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			if p == 0 {
+				code = code.NextField
+			} else {
+				b = appendStructKey(ctx, code, b)
+				bb, err := appendMarshalText(ctx, code, b, ptrToInterface(code, p))
+				if err != nil {
+					return nil, err
+				}
+				b = bb
+				b = appendComma(ctx, b)
+				code = code.Next
+			}
+		case encoder.OpStructField:
+			if code.Flags&encoder.IsTaggedKeyFlags != 0 || code.Flags&encoder.AnonymousKeyFlags == 0 {
+				b = appendStructKey(ctx, code, b)
+			}
+			p := load(ctxptr, code.Idx) + uintptr(code.Offset)
+			code = code.Next
+			store(ctxptr, code.Idx, p)
+		case encoder.OpStructFieldOmitEmpty:
+			p := load(ctxptr, code.Idx)
+			p += uintptr(code.Offset)
+			if ptrToPtr(p) == 0 && (code.Flags&encoder.IsNextOpPtrTypeFlags) != 0 {
+				code = code.NextField
+			} else {
+				b = appendStructKey(ctx, code, b)
+				code = code.Next
+				store(ctxptr, code.Idx, p)
+			}
+		case encoder.OpStructFieldInt:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			b = appendInt(ctx, b, p+uintptr(code.Offset), code)
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyInt:
+			p := load(ctxptr, code.Idx)
+			u64 := ptrToUint64(p+uintptr(code.Offset), code.NumBitSize)
+			v := u64 & ((1 << code.NumBitSize) - 1)
+			if v != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = appendInt(ctx, b, p+uintptr(code.Offset), code)
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructFieldIntString:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			b = append(b, '"')
+			b = appendInt(ctx, b, p+uintptr(code.Offset), code)
+			b = append(b, '"')
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyIntString:
+			p := load(ctxptr, code.Idx)
+			u64 := ptrToUint64(p+uintptr(code.Offset), code.NumBitSize)
+			v := u64 & ((1 << code.NumBitSize) - 1)
+			if v != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				b = appendInt(ctx, b, p+uintptr(code.Offset), code)
+				b = append(b, '"')
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructFieldIntPtr:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			b = appendStructKey(ctx, code, b)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = appendInt(ctx, b, p, code)
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyIntPtr:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = appendInt(ctx, b, p, code)
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructFieldIntPtrString:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			b = appendStructKey(ctx, code, b)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = append(b, '"')
+				b = appendInt(ctx, b, p, code)
+				b = append(b, '"')
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyIntPtrString:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				b = appendInt(ctx, b, p, code)
+				b = append(b, '"')
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructFieldUint:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			b = appendUint(ctx, b, p+uintptr(code.Offset), code)
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyUint:
+			p := load(ctxptr, code.Idx)
+			u64 := ptrToUint64(p+uintptr(code.Offset), code.NumBitSize)
+			v := u64 & ((1 << code.NumBitSize) - 1)
+			if v != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = appendUint(ctx, b, p+uintptr(code.Offset), code)
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructFieldUintString:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			b = append(b, '"')
+			b = appendUint(ctx, b, p+uintptr(code.Offset), code)
+			b = append(b, '"')
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyUintString:
+			p := load(ctxptr, code.Idx)
+			u64 := ptrToUint64(p+uintptr(code.Offset), code.NumBitSize)
+			v := u64 & ((1 << code.NumBitSize) - 1)
+			if v != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				b = appendUint(ctx, b, p+uintptr(code.Offset), code)
+				b = append(b, '"')
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructFieldUintPtr:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			b = appendStructKey(ctx, code, b)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = appendUint(ctx, b, p, code)
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyUintPtr:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = appendUint(ctx, b, p, code)
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructFieldUintPtrString:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			b = appendStructKey(ctx, code, b)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = append(b, '"')
+				b = appendUint(ctx, b, p, code)
+				b = append(b, '"')
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyUintPtrString:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				b = appendUint(ctx, b, p, code)
+				b = append(b, '"')
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructFieldFloat32:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			b = appendFloat32(ctx, b, ptrToFloat32(p+uintptr(code.Offset)))
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyFloat32:
+			p := load(ctxptr, code.Idx)
+			v := ptrToFloat32(p + uintptr(code.Offset))
+			if v != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = appendFloat32(ctx, b, v)
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructFieldFloat32String:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			b = append(b, '"')
+			b = appendFloat32(ctx, b, ptrToFloat32(p+uintptr(code.Offset)))
+			b = append(b, '"')
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyFloat32String:
+			p := load(ctxptr, code.Idx)
+			v := ptrToFloat32(p + uintptr(code.Offset))
+			if v != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				b = appendFloat32(ctx, b, v)
+				b = append(b, '"')
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructFieldFloat32Ptr:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			b = appendStructKey(ctx, code, b)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = appendFloat32(ctx, b, ptrToFloat32(p))
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyFloat32Ptr:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = appendFloat32(ctx, b, ptrToFloat32(p))
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructFieldFloat32PtrString:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			b = appendStructKey(ctx, code, b)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = append(b, '"')
+				b = appendFloat32(ctx, b, ptrToFloat32(p))
+				b = append(b, '"')
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyFloat32PtrString:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				b = appendFloat32(ctx, b, ptrToFloat32(p))
+				b = append(b, '"')
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructFieldFloat64:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			v := ptrToFloat64(p + uintptr(code.Offset))
+			if math.IsInf(v, 0) || math.IsNaN(v) {
+				return nil, errUnsupportedFloat(v)
+			}
+			b = appendFloat64(ctx, b, v)
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyFloat64:
+			p := load(ctxptr, code.Idx)
+			v := ptrToFloat64(p + uintptr(code.Offset))
+			if v != 0 {
+				if math.IsInf(v, 0) || math.IsNaN(v) {
+					return nil, errUnsupportedFloat(v)
+				}
+				b = appendStructKey(ctx, code, b)
+				b = appendFloat64(ctx, b, v)
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructFieldFloat64String:
+			p := load(ctxptr, code.Idx)
+			v := ptrToFloat64(p + uintptr(code.Offset))
+			if math.IsInf(v, 0) || math.IsNaN(v) {
+				return nil, errUnsupportedFloat(v)
+			}
+			b = appendStructKey(ctx, code, b)
+			b = append(b, '"')
+			b = appendFloat64(ctx, b, v)
+			b = append(b, '"')
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyFloat64String:
+			p := load(ctxptr, code.Idx)
+			v := ptrToFloat64(p + uintptr(code.Offset))
+			if v != 0 {
+				if math.IsInf(v, 0) || math.IsNaN(v) {
+					return nil, errUnsupportedFloat(v)
+				}
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				b = appendFloat64(ctx, b, v)
+				b = append(b, '"')
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructFieldFloat64Ptr:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			b = appendStructKey(ctx, code, b)
+			if p == 0 {
+				b = appendNullComma(ctx, b)
+				code = code.Next
+				break
+			}
+			v := ptrToFloat64(p)
+			if math.IsInf(v, 0) || math.IsNaN(v) {
+				return nil, errUnsupportedFloat(v)
+			}
+			b = appendFloat64(ctx, b, v)
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyFloat64Ptr:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				v := ptrToFloat64(p)
+				if math.IsInf(v, 0) || math.IsNaN(v) {
+					return nil, errUnsupportedFloat(v)
+				}
+				b = appendFloat64(ctx, b, v)
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructFieldFloat64PtrString:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			b = appendStructKey(ctx, code, b)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				v := ptrToFloat64(p)
+				if math.IsInf(v, 0) || math.IsNaN(v) {
+					return nil, errUnsupportedFloat(v)
+				}
+				b = append(b, '"')
+				b = appendFloat64(ctx, b, v)
+				b = append(b, '"')
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyFloat64PtrString:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				v := ptrToFloat64(p)
+				if math.IsInf(v, 0) || math.IsNaN(v) {
+					return nil, errUnsupportedFloat(v)
+				}
+				b = appendFloat64(ctx, b, v)
+				b = append(b, '"')
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructFieldString:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			b = appendString(ctx, b, ptrToString(p+uintptr(code.Offset)))
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyString:
+			p := load(ctxptr, code.Idx)
+			v := ptrToString(p + uintptr(code.Offset))
+			if v != "" {
+				b = appendStructKey(ctx, code, b)
+				b = appendString(ctx, b, v)
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructFieldStringString:
+			p := load(ctxptr, code.Idx)
+			s := ptrToString(p + uintptr(code.Offset))
+			b = appendStructKey(ctx, code, b)
+			b = appendString(ctx, b, string(appendString(ctx, []byte{}, s)))
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyStringString:
+			p := load(ctxptr, code.Idx)
+			v := ptrToString(p + uintptr(code.Offset))
+			if v != "" {
+				b = appendStructKey(ctx, code, b)
+				b = appendString(ctx, b, string(appendString(ctx, []byte{}, v)))
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructFieldStringPtr:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			b = appendStructKey(ctx, code, b)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = appendString(ctx, b, ptrToString(p))
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyStringPtr:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = appendString(ctx, b, ptrToString(p))
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructFieldStringPtrString:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			b = appendStructKey(ctx, code, b)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = appendString(ctx, b, string(appendString(ctx, []byte{}, ptrToString(p))))
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyStringPtrString:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = appendString(ctx, b, string(appendString(ctx, []byte{}, ptrToString(p))))
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructFieldBool:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			b = appendBool(ctx, b, ptrToBool(p+uintptr(code.Offset)))
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyBool:
+			p := load(ctxptr, code.Idx)
+			v := ptrToBool(p + uintptr(code.Offset))
+			if v {
+				b = appendStructKey(ctx, code, b)
+				b = appendBool(ctx, b, v)
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructFieldBoolString:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			b = append(b, '"')
+			b = appendBool(ctx, b, ptrToBool(p+uintptr(code.Offset)))
+			b = append(b, '"')
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyBoolString:
+			p := load(ctxptr, code.Idx)
+			v := ptrToBool(p + uintptr(code.Offset))
+			if v {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				b = appendBool(ctx, b, v)
+				b = append(b, '"')
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructFieldBoolPtr:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			b = appendStructKey(ctx, code, b)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = appendBool(ctx, b, ptrToBool(p))
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyBoolPtr:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = appendBool(ctx, b, ptrToBool(p))
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructFieldBoolPtrString:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			b = appendStructKey(ctx, code, b)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = append(b, '"')
+				b = appendBool(ctx, b, ptrToBool(p))
+				b = append(b, '"')
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyBoolPtrString:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				b = appendBool(ctx, b, ptrToBool(p))
+				b = append(b, '"')
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructFieldBytes:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			b = appendByteSlice(ctx, b, ptrToBytes(p+uintptr(code.Offset)))
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyBytes:
+			p := load(ctxptr, code.Idx)
+			v := ptrToBytes(p + uintptr(code.Offset))
+			if len(v) > 0 {
+				b = appendStructKey(ctx, code, b)
+				b = appendByteSlice(ctx, b, v)
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructFieldBytesPtr:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			b = appendStructKey(ctx, code, b)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = appendByteSlice(ctx, b, ptrToBytes(p))
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyBytesPtr:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = appendByteSlice(ctx, b, ptrToBytes(p))
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructFieldNumber:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			bb, err := appendNumber(ctx, b, ptrToNumber(p+uintptr(code.Offset)))
+			if err != nil {
+				return nil, err
+			}
+			b = appendComma(ctx, bb)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyNumber:
+			p := load(ctxptr, code.Idx)
+			v := ptrToNumber(p + uintptr(code.Offset))
+			if v != "" {
+				b = appendStructKey(ctx, code, b)
+				bb, err := appendNumber(ctx, b, v)
+				if err != nil {
+					return nil, err
+				}
+				b = appendComma(ctx, bb)
+			}
+			code = code.Next
+		case encoder.OpStructFieldNumberString:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			b = append(b, '"')
+			bb, err := appendNumber(ctx, b, ptrToNumber(p+uintptr(code.Offset)))
+			if err != nil {
+				return nil, err
+			}
+			b = append(bb, '"')
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyNumberString:
+			p := load(ctxptr, code.Idx)
+			v := ptrToNumber(p + uintptr(code.Offset))
+			if v != "" {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				bb, err := appendNumber(ctx, b, v)
+				if err != nil {
+					return nil, err
+				}
+				b = append(bb, '"')
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructFieldNumberPtr:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			b = appendStructKey(ctx, code, b)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				bb, err := appendNumber(ctx, b, ptrToNumber(p))
+				if err != nil {
+					return nil, err
+				}
+				b = bb
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyNumberPtr:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				bb, err := appendNumber(ctx, b, ptrToNumber(p))
+				if err != nil {
+					return nil, err
+				}
+				b = appendComma(ctx, bb)
+			}
+			code = code.Next
+		case encoder.OpStructFieldNumberPtrString:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			b = appendStructKey(ctx, code, b)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = append(b, '"')
+				bb, err := appendNumber(ctx, b, ptrToNumber(p))
+				if err != nil {
+					return nil, err
+				}
+				b = append(bb, '"')
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyNumberPtrString:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				bb, err := appendNumber(ctx, b, ptrToNumber(p))
+				if err != nil {
+					return nil, err
+				}
+				b = append(bb, '"')
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructFieldMarshalJSON:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			p += uintptr(code.Offset)
+			if (code.Flags & encoder.IsNilableTypeFlags) != 0 {
+				p = ptrToPtr(p)
+			}
+			if p == 0 && (code.Flags&encoder.NilCheckFlags) != 0 {
+				b = appendNull(ctx, b)
+			} else {
+				bb, err := appendMarshalJSON(ctx, code, b, ptrToInterface(code, p))
+				if err != nil {
+					return nil, err
+				}
+				b = bb
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyMarshalJSON:
+			p := load(ctxptr, code.Idx)
+			p += uintptr(code.Offset)
+			if (code.Flags & encoder.IsNilableTypeFlags) != 0 {
+				p = ptrToPtr(p)
+			}
+			if p == 0 && (code.Flags&encoder.NilCheckFlags) != 0 {
+				code = code.NextField
+				break
+			}
+			iface := ptrToInterface(code, p)
+			if (code.Flags&encoder.NilCheckFlags) != 0 && encoder.IsNilForMarshaler(iface) {
+				code = code.NextField
+				break
+			}
+			b = appendStructKey(ctx, code, b)
+			bb, err := appendMarshalJSON(ctx, code, b, iface)
+			if err != nil {
+				return nil, err
+			}
+			b = appendComma(ctx, bb)
+			code = code.Next
+		case encoder.OpStructFieldMarshalJSONPtr:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				bb, err := appendMarshalJSON(ctx, code, b, ptrToInterface(code, p))
+				if err != nil {
+					return nil, err
+				}
+				b = bb
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyMarshalJSONPtr:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				bb, err := appendMarshalJSON(ctx, code, b, ptrToInterface(code, p))
+				if err != nil {
+					return nil, err
+				}
+				b = appendComma(ctx, bb)
+			}
+			code = code.Next
+		case encoder.OpStructFieldMarshalText:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			p += uintptr(code.Offset)
+			if (code.Flags & encoder.IsNilableTypeFlags) != 0 {
+				p = ptrToPtr(p)
+			}
+			if p == 0 && (code.Flags&encoder.NilCheckFlags) != 0 {
+				b = appendNull(ctx, b)
+			} else {
+				bb, err := appendMarshalText(ctx, code, b, ptrToInterface(code, p))
+				if err != nil {
+					return nil, err
+				}
+				b = bb
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyMarshalText:
+			p := load(ctxptr, code.Idx)
+			p += uintptr(code.Offset)
+			if (code.Flags & encoder.IsNilableTypeFlags) != 0 {
+				p = ptrToPtr(p)
+			}
+			if p == 0 && (code.Flags&encoder.NilCheckFlags) != 0 {
+				code = code.NextField
+				break
+			}
+			b = appendStructKey(ctx, code, b)
+			bb, err := appendMarshalText(ctx, code, b, ptrToInterface(code, p))
+			if err != nil {
+				return nil, err
+			}
+			b = appendComma(ctx, bb)
+			code = code.Next
+		case encoder.OpStructFieldMarshalTextPtr:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				bb, err := appendMarshalText(ctx, code, b, ptrToInterface(code, p))
+				if err != nil {
+					return nil, err
+				}
+				b = bb
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyMarshalTextPtr:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				bb, err := appendMarshalText(ctx, code, b, ptrToInterface(code, p))
+				if err != nil {
+					return nil, err
+				}
+				b = appendComma(ctx, bb)
+			}
+			code = code.Next
+		case encoder.OpStructFieldArray:
+			b = appendStructKey(ctx, code, b)
+			p := load(ctxptr, code.Idx)
+			p += uintptr(code.Offset)
+			code = code.Next
+			store(ctxptr, code.Idx, p)
+		case encoder.OpStructFieldOmitEmptyArray:
+			b = appendStructKey(ctx, code, b)
+			p := load(ctxptr, code.Idx)
+			p += uintptr(code.Offset)
+			code = code.Next
+			store(ctxptr, code.Idx, p)
+		case encoder.OpStructFieldArrayPtr:
+			b = appendStructKey(ctx, code, b)
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			code = code.Next
+			store(ctxptr, code.Idx, p)
+		case encoder.OpStructFieldOmitEmptyArrayPtr:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				code = code.Next
+				store(ctxptr, code.Idx, p)
+			} else {
+				code = code.NextField
+			}
+		case encoder.OpStructFieldSlice:
+			b = appendStructKey(ctx, code, b)
+			p := load(ctxptr, code.Idx)
+			p += uintptr(code.Offset)
+			code = code.Next
+			store(ctxptr, code.Idx, p)
+		case encoder.OpStructFieldOmitEmptySlice:
+			p := load(ctxptr, code.Idx)
+			p += uintptr(code.Offset)
+			slice := ptrToSlice(p)
+			if slice.Len == 0 {
+				code = code.NextField
+			} else {
+				b = appendStructKey(ctx, code, b)
+				code = code.Next
+				store(ctxptr, code.Idx, p)
+			}
+		case encoder.OpStructFieldSlicePtr:
+			b = appendStructKey(ctx, code, b)
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			code = code.Next
+			store(ctxptr, code.Idx, p)
+		case encoder.OpStructFieldOmitEmptySlicePtr:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				code = code.Next
+				store(ctxptr, code.Idx, p)
+			} else {
+				code = code.NextField
+			}
+		case encoder.OpStructFieldMap:
+			b = appendStructKey(ctx, code, b)
+			p := load(ctxptr, code.Idx)
+			p = ptrToPtr(p + uintptr(code.Offset))
+			code = code.Next
+			store(ctxptr, code.Idx, p)
+		case encoder.OpStructFieldOmitEmptyMap:
+			p := load(ctxptr, code.Idx)
+			p = ptrToPtr(p + uintptr(code.Offset))
+			if p == 0 || maplen(ptrToUnsafePtr(p)) == 0 {
+				code = code.NextField
+			} else {
+				b = appendStructKey(ctx, code, b)
+				code = code.Next
+				store(ctxptr, code.Idx, p)
+			}
+		case encoder.OpStructFieldMapPtr:
+			b = appendStructKey(ctx, code, b)
+			p := load(ctxptr, code.Idx)
+			p = ptrToPtr(p + uintptr(code.Offset))
+			if p != 0 {
+				p = ptrToNPtr(p, code.PtrNum)
+			}
+			code = code.Next
+			store(ctxptr, code.Idx, p)
+		case encoder.OpStructFieldOmitEmptyMapPtr:
+			p := load(ctxptr, code.Idx)
+			p = ptrToPtr(p + uintptr(code.Offset))
+			if p != 0 {
+				p = ptrToNPtr(p, code.PtrNum)
+			}
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				code = code.Next
+				store(ctxptr, code.Idx, p)
+			} else {
+				code = code.NextField
+			}
+		case encoder.OpStructFieldStruct:
+			b = appendStructKey(ctx, code, b)
+			p := load(ctxptr, code.Idx)
+			p += uintptr(code.Offset)
+			code = code.Next
+			store(ctxptr, code.Idx, p)
+		case encoder.OpStructFieldOmitEmptyStruct:
+			p := load(ctxptr, code.Idx)
+			p += uintptr(code.Offset)
+			if ptrToPtr(p) == 0 && (code.Flags&encoder.IsNextOpPtrTypeFlags) != 0 {
+				code = code.NextField
+			} else {
+				b = appendStructKey(ctx, code, b)
+				code = code.Next
+				store(ctxptr, code.Idx, p)
+			}
+		case encoder.OpStructEnd:
+			b = appendStructEndSkipLast(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndInt:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			b = appendInt(ctx, b, p+uintptr(code.Offset), code)
+			b = appendStructEnd(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyInt:
+			p := load(ctxptr, code.Idx)
+			u64 := ptrToUint64(p+uintptr(code.Offset), code.NumBitSize)
+			v := u64 & ((1 << code.NumBitSize) - 1)
+			if v != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = appendInt(ctx, b, p+uintptr(code.Offset), code)
+				b = appendStructEnd(ctx, code, b)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpStructEndIntString:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			b = append(b, '"')
+			b = appendInt(ctx, b, p+uintptr(code.Offset), code)
+			b = append(b, '"')
+			b = appendStructEnd(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyIntString:
+			p := load(ctxptr, code.Idx)
+			u64 := ptrToUint64(p+uintptr(code.Offset), code.NumBitSize)
+			v := u64 & ((1 << code.NumBitSize) - 1)
+			if v != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				b = appendInt(ctx, b, p+uintptr(code.Offset), code)
+				b = append(b, '"')
+				b = appendStructEnd(ctx, code, b)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpStructEndIntPtr:
+			b = appendStructKey(ctx, code, b)
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = appendInt(ctx, b, p, code)
+			}
+			b = appendStructEnd(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyIntPtr:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = appendInt(ctx, b, p, code)
+				b = appendStructEnd(ctx, code, b)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpStructEndIntPtrString:
+			b = appendStructKey(ctx, code, b)
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = append(b, '"')
+				b = appendInt(ctx, b, p, code)
+				b = append(b, '"')
+			}
+			b = appendStructEnd(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyIntPtrString:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				b = appendInt(ctx, b, p, code)
+				b = append(b, '"')
+				b = appendStructEnd(ctx, code, b)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpStructEndUint:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			b = appendUint(ctx, b, p+uintptr(code.Offset), code)
+			b = appendStructEnd(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyUint:
+			p := load(ctxptr, code.Idx)
+			u64 := ptrToUint64(p+uintptr(code.Offset), code.NumBitSize)
+			v := u64 & ((1 << code.NumBitSize) - 1)
+			if v != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = appendUint(ctx, b, p+uintptr(code.Offset), code)
+				b = appendStructEnd(ctx, code, b)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpStructEndUintString:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			b = append(b, '"')
+			b = appendUint(ctx, b, p+uintptr(code.Offset), code)
+			b = append(b, '"')
+			b = appendStructEnd(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyUintString:
+			p := load(ctxptr, code.Idx)
+			u64 := ptrToUint64(p+uintptr(code.Offset), code.NumBitSize)
+			v := u64 & ((1 << code.NumBitSize) - 1)
+			if v != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				b = appendUint(ctx, b, p+uintptr(code.Offset), code)
+				b = append(b, '"')
+				b = appendStructEnd(ctx, code, b)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpStructEndUintPtr:
+			b = appendStructKey(ctx, code, b)
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = appendUint(ctx, b, p, code)
+			}
+			b = appendStructEnd(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyUintPtr:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = appendUint(ctx, b, p, code)
+				b = appendStructEnd(ctx, code, b)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpStructEndUintPtrString:
+			b = appendStructKey(ctx, code, b)
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = append(b, '"')
+				b = appendUint(ctx, b, p, code)
+				b = append(b, '"')
+			}
+			b = appendStructEnd(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyUintPtrString:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				b = appendUint(ctx, b, p, code)
+				b = append(b, '"')
+				b = appendStructEnd(ctx, code, b)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpStructEndFloat32:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			b = appendFloat32(ctx, b, ptrToFloat32(p+uintptr(code.Offset)))
+			b = appendStructEnd(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyFloat32:
+			p := load(ctxptr, code.Idx)
+			v := ptrToFloat32(p + uintptr(code.Offset))
+			if v != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = appendFloat32(ctx, b, v)
+				b = appendStructEnd(ctx, code, b)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpStructEndFloat32String:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			b = append(b, '"')
+			b = appendFloat32(ctx, b, ptrToFloat32(p+uintptr(code.Offset)))
+			b = append(b, '"')
+			b = appendStructEnd(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyFloat32String:
+			p := load(ctxptr, code.Idx)
+			v := ptrToFloat32(p + uintptr(code.Offset))
+			if v != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				b = appendFloat32(ctx, b, v)
+				b = append(b, '"')
+				b = appendStructEnd(ctx, code, b)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpStructEndFloat32Ptr:
+			b = appendStructKey(ctx, code, b)
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = appendFloat32(ctx, b, ptrToFloat32(p))
+			}
+			b = appendStructEnd(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyFloat32Ptr:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = appendFloat32(ctx, b, ptrToFloat32(p))
+				b = appendStructEnd(ctx, code, b)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpStructEndFloat32PtrString:
+			b = appendStructKey(ctx, code, b)
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = append(b, '"')
+				b = appendFloat32(ctx, b, ptrToFloat32(p))
+				b = append(b, '"')
+			}
+			b = appendStructEnd(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyFloat32PtrString:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				b = appendFloat32(ctx, b, ptrToFloat32(p))
+				b = append(b, '"')
+				b = appendStructEnd(ctx, code, b)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpStructEndFloat64:
+			p := load(ctxptr, code.Idx)
+			v := ptrToFloat64(p + uintptr(code.Offset))
+			if math.IsInf(v, 0) || math.IsNaN(v) {
+				return nil, errUnsupportedFloat(v)
+			}
+			b = appendStructKey(ctx, code, b)
+			b = appendFloat64(ctx, b, v)
+			b = appendStructEnd(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyFloat64:
+			p := load(ctxptr, code.Idx)
+			v := ptrToFloat64(p + uintptr(code.Offset))
+			if v != 0 {
+				if math.IsInf(v, 0) || math.IsNaN(v) {
+					return nil, errUnsupportedFloat(v)
+				}
+				b = appendStructKey(ctx, code, b)
+				b = appendFloat64(ctx, b, v)
+				b = appendStructEnd(ctx, code, b)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpStructEndFloat64String:
+			p := load(ctxptr, code.Idx)
+			v := ptrToFloat64(p + uintptr(code.Offset))
+			if math.IsInf(v, 0) || math.IsNaN(v) {
+				return nil, errUnsupportedFloat(v)
+			}
+			b = appendStructKey(ctx, code, b)
+			b = append(b, '"')
+			b = appendFloat64(ctx, b, v)
+			b = append(b, '"')
+			b = appendStructEnd(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyFloat64String:
+			p := load(ctxptr, code.Idx)
+			v := ptrToFloat64(p + uintptr(code.Offset))
+			if v != 0 {
+				if math.IsInf(v, 0) || math.IsNaN(v) {
+					return nil, errUnsupportedFloat(v)
+				}
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				b = appendFloat64(ctx, b, v)
+				b = append(b, '"')
+				b = appendStructEnd(ctx, code, b)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpStructEndFloat64Ptr:
+			b = appendStructKey(ctx, code, b)
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p == 0 {
+				b = appendNull(ctx, b)
+				b = appendStructEnd(ctx, code, b)
+				code = code.Next
+				break
+			}
+			v := ptrToFloat64(p)
+			if math.IsInf(v, 0) || math.IsNaN(v) {
+				return nil, errUnsupportedFloat(v)
+			}
+			b = appendFloat64(ctx, b, v)
+			b = appendStructEnd(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyFloat64Ptr:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				v := ptrToFloat64(p)
+				if math.IsInf(v, 0) || math.IsNaN(v) {
+					return nil, errUnsupportedFloat(v)
+				}
+				b = appendFloat64(ctx, b, v)
+				b = appendStructEnd(ctx, code, b)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpStructEndFloat64PtrString:
+			b = appendStructKey(ctx, code, b)
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = append(b, '"')
+				v := ptrToFloat64(p)
+				if math.IsInf(v, 0) || math.IsNaN(v) {
+					return nil, errUnsupportedFloat(v)
+				}
+				b = appendFloat64(ctx, b, v)
+				b = append(b, '"')
+			}
+			b = appendStructEnd(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyFloat64PtrString:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				v := ptrToFloat64(p)
+				if math.IsInf(v, 0) || math.IsNaN(v) {
+					return nil, errUnsupportedFloat(v)
+				}
+				b = append(b, '"')
+				b = appendFloat64(ctx, b, v)
+				b = append(b, '"')
+				b = appendStructEnd(ctx, code, b)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpStructEndString:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			b = appendString(ctx, b, ptrToString(p+uintptr(code.Offset)))
+			b = appendStructEnd(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyString:
+			p := load(ctxptr, code.Idx)
+			v := ptrToString(p + uintptr(code.Offset))
+			if v != "" {
+				b = appendStructKey(ctx, code, b)
+				b = appendString(ctx, b, v)
+				b = appendStructEnd(ctx, code, b)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpStructEndStringString:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			s := ptrToString(p + uintptr(code.Offset))
+			b = appendString(ctx, b, string(appendString(ctx, []byte{}, s)))
+			b = appendStructEnd(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyStringString:
+			p := load(ctxptr, code.Idx)
+			v := ptrToString(p + uintptr(code.Offset))
+			if v != "" {
+				b = appendStructKey(ctx, code, b)
+				b = appendString(ctx, b, string(appendString(ctx, []byte{}, v)))
+				b = appendStructEnd(ctx, code, b)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpStructEndStringPtr:
+			b = appendStructKey(ctx, code, b)
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = appendString(ctx, b, ptrToString(p))
+			}
+			b = appendStructEnd(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyStringPtr:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = appendString(ctx, b, ptrToString(p))
+				b = appendStructEnd(ctx, code, b)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpStructEndStringPtrString:
+			b = appendStructKey(ctx, code, b)
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = appendString(ctx, b, string(appendString(ctx, []byte{}, ptrToString(p))))
+			}
+			b = appendStructEnd(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyStringPtrString:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = appendString(ctx, b, string(appendString(ctx, []byte{}, ptrToString(p))))
+				b = appendStructEnd(ctx, code, b)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpStructEndBool:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			b = appendBool(ctx, b, ptrToBool(p+uintptr(code.Offset)))
+			b = appendStructEnd(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyBool:
+			p := load(ctxptr, code.Idx)
+			v := ptrToBool(p + uintptr(code.Offset))
+			if v {
+				b = appendStructKey(ctx, code, b)
+				b = appendBool(ctx, b, v)
+				b = appendStructEnd(ctx, code, b)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpStructEndBoolString:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			b = append(b, '"')
+			b = appendBool(ctx, b, ptrToBool(p+uintptr(code.Offset)))
+			b = append(b, '"')
+			b = appendStructEnd(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyBoolString:
+			p := load(ctxptr, code.Idx)
+			v := ptrToBool(p + uintptr(code.Offset))
+			if v {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				b = appendBool(ctx, b, v)
+				b = append(b, '"')
+				b = appendStructEnd(ctx, code, b)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpStructEndBoolPtr:
+			b = appendStructKey(ctx, code, b)
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = appendBool(ctx, b, ptrToBool(p))
+			}
+			b = appendStructEnd(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyBoolPtr:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = appendBool(ctx, b, ptrToBool(p))
+				b = appendStructEnd(ctx, code, b)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpStructEndBoolPtrString:
+			b = appendStructKey(ctx, code, b)
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = append(b, '"')
+				b = appendBool(ctx, b, ptrToBool(p))
+				b = append(b, '"')
+			}
+			b = appendStructEnd(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyBoolPtrString:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				b = appendBool(ctx, b, ptrToBool(p))
+				b = append(b, '"')
+				b = appendStructEnd(ctx, code, b)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpStructEndBytes:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			b = appendByteSlice(ctx, b, ptrToBytes(p+uintptr(code.Offset)))
+			b = appendStructEnd(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyBytes:
+			p := load(ctxptr, code.Idx)
+			v := ptrToBytes(p + uintptr(code.Offset))
+			if len(v) > 0 {
+				b = appendStructKey(ctx, code, b)
+				b = appendByteSlice(ctx, b, v)
+				b = appendStructEnd(ctx, code, b)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpStructEndBytesPtr:
+			b = appendStructKey(ctx, code, b)
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = appendByteSlice(ctx, b, ptrToBytes(p))
+			}
+			b = appendStructEnd(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyBytesPtr:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = appendByteSlice(ctx, b, ptrToBytes(p))
+				b = appendStructEnd(ctx, code, b)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpStructEndNumber:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			bb, err := appendNumber(ctx, b, ptrToNumber(p+uintptr(code.Offset)))
+			if err != nil {
+				return nil, err
+			}
+			b = appendStructEnd(ctx, code, bb)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyNumber:
+			p := load(ctxptr, code.Idx)
+			v := ptrToNumber(p + uintptr(code.Offset))
+			if v != "" {
+				b = appendStructKey(ctx, code, b)
+				bb, err := appendNumber(ctx, b, v)
+				if err != nil {
+					return nil, err
+				}
+				b = appendStructEnd(ctx, code, bb)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpStructEndNumberString:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			b = append(b, '"')
+			bb, err := appendNumber(ctx, b, ptrToNumber(p+uintptr(code.Offset)))
+			if err != nil {
+				return nil, err
+			}
+			b = append(bb, '"')
+			b = appendStructEnd(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyNumberString:
+			p := load(ctxptr, code.Idx)
+			v := ptrToNumber(p + uintptr(code.Offset))
+			if v != "" {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				bb, err := appendNumber(ctx, b, v)
+				if err != nil {
+					return nil, err
+				}
+				b = append(bb, '"')
+				b = appendStructEnd(ctx, code, b)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpStructEndNumberPtr:
+			b = appendStructKey(ctx, code, b)
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				bb, err := appendNumber(ctx, b, ptrToNumber(p))
+				if err != nil {
+					return nil, err
+				}
+				b = bb
+			}
+			b = appendStructEnd(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyNumberPtr:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				bb, err := appendNumber(ctx, b, ptrToNumber(p))
+				if err != nil {
+					return nil, err
+				}
+				b = appendStructEnd(ctx, code, bb)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpStructEndNumberPtrString:
+			b = appendStructKey(ctx, code, b)
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = append(b, '"')
+				bb, err := appendNumber(ctx, b, ptrToNumber(p))
+				if err != nil {
+					return nil, err
+				}
+				b = append(bb, '"')
+			}
+			b = appendStructEnd(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyNumberPtrString:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				bb, err := appendNumber(ctx, b, ptrToNumber(p))
+				if err != nil {
+					return nil, err
+				}
+				b = append(bb, '"')
+				b = appendStructEnd(ctx, code, b)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpEnd:
+			goto END
+		}
+	}
+END:
+	return b, nil
+}
diff --git a/vendor/github.com/goccy/go-json/internal/encoder/vm_indent/debug_vm.go b/vendor/github.com/goccy/go-json/internal/encoder/vm_indent/debug_vm.go
new file mode 100644
index 000000000..99395388c
--- /dev/null
+++ b/vendor/github.com/goccy/go-json/internal/encoder/vm_indent/debug_vm.go
@@ -0,0 +1,35 @@
+package vm_indent
+
+import (
+	"fmt"
+
+	"github.com/goccy/go-json/internal/encoder"
+)
+
+func DebugRun(ctx *encoder.RuntimeContext, b []byte, codeSet *encoder.OpcodeSet) ([]byte, error) {
+	var code *encoder.Opcode
+	if (ctx.Option.Flag & encoder.HTMLEscapeOption) != 0 {
+		code = codeSet.EscapeKeyCode
+	} else {
+		code = codeSet.NoescapeKeyCode
+	}
+
+	defer func() {
+		if err := recover(); err != nil {
+			w := ctx.Option.DebugOut
+			fmt.Fprintln(w, "=============[DEBUG]===============")
+			fmt.Fprintln(w, "* [TYPE]")
+			fmt.Fprintln(w, codeSet.Type)
+			fmt.Fprintf(w, "\n")
+			fmt.Fprintln(w, "* [ALL OPCODE]")
+			fmt.Fprintln(w, code.Dump())
+			fmt.Fprintf(w, "\n")
+			fmt.Fprintln(w, "* [CONTEXT]")
+			fmt.Fprintf(w, "%+v\n", ctx)
+			fmt.Fprintln(w, "===================================")
+			panic(err)
+		}
+	}()
+
+	return Run(ctx, b, codeSet)
+}
diff --git a/vendor/github.com/goccy/go-json/internal/encoder/vm_indent/hack.go b/vendor/github.com/goccy/go-json/internal/encoder/vm_indent/hack.go
new file mode 100644
index 000000000..9e245bfe5
--- /dev/null
+++ b/vendor/github.com/goccy/go-json/internal/encoder/vm_indent/hack.go
@@ -0,0 +1,9 @@
+package vm_indent
+
+import (
+	// HACK: compile order
+	// `vm`, `vm_indent`, `vm_color`, `vm_color_indent` packages uses a lot of memory to compile,
+	// so forcibly make dependencies and avoid compiling in concurrent.
+	// dependency order: vm => vm_indent => vm_color => vm_color_indent
+	_ "github.com/goccy/go-json/internal/encoder/vm_color"
+)
diff --git a/vendor/github.com/goccy/go-json/internal/encoder/vm_indent/util.go b/vendor/github.com/goccy/go-json/internal/encoder/vm_indent/util.go
new file mode 100644
index 000000000..6cb745e39
--- /dev/null
+++ b/vendor/github.com/goccy/go-json/internal/encoder/vm_indent/util.go
@@ -0,0 +1,230 @@
+package vm_indent
+
+import (
+	"encoding/json"
+	"fmt"
+	"unsafe"
+
+	"github.com/goccy/go-json/internal/encoder"
+	"github.com/goccy/go-json/internal/runtime"
+)
+
+const uintptrSize = 4 << (^uintptr(0) >> 63)
+
+var (
+	appendInt           = encoder.AppendInt
+	appendUint          = encoder.AppendUint
+	appendFloat32       = encoder.AppendFloat32
+	appendFloat64       = encoder.AppendFloat64
+	appendString        = encoder.AppendString
+	appendByteSlice     = encoder.AppendByteSlice
+	appendNumber        = encoder.AppendNumber
+	appendStructEnd     = encoder.AppendStructEndIndent
+	appendIndent        = encoder.AppendIndent
+	errUnsupportedValue = encoder.ErrUnsupportedValue
+	errUnsupportedFloat = encoder.ErrUnsupportedFloat
+	mapiterinit         = encoder.MapIterInit
+	mapiterkey          = encoder.MapIterKey
+	mapitervalue        = encoder.MapIterValue
+	mapiternext         = encoder.MapIterNext
+	maplen              = encoder.MapLen
+)
+
+type emptyInterface struct {
+	typ *runtime.Type
+	ptr unsafe.Pointer
+}
+
+type nonEmptyInterface struct {
+	itab *struct {
+		ityp *runtime.Type // static interface type
+		typ  *runtime.Type // dynamic concrete type
+		// unused fields...
+	}
+	ptr unsafe.Pointer
+}
+
+func errUnimplementedOp(op encoder.OpType) error {
+	return fmt.Errorf("encoder (indent): opcode %s has not been implemented", op)
+}
+
+func load(base uintptr, idx uint32) uintptr {
+	addr := base + uintptr(idx)
+	return **(**uintptr)(unsafe.Pointer(&addr))
+}
+
+func store(base uintptr, idx uint32, p uintptr) {
+	addr := base + uintptr(idx)
+	**(**uintptr)(unsafe.Pointer(&addr)) = p
+}
+
+func loadNPtr(base uintptr, idx uint32, ptrNum uint8) uintptr {
+	addr := base + uintptr(idx)
+	p := **(**uintptr)(unsafe.Pointer(&addr))
+	for i := uint8(0); i < ptrNum; i++ {
+		if p == 0 {
+			return 0
+		}
+		p = ptrToPtr(p)
+	}
+	return p
+}
+
+func ptrToUint64(p uintptr, bitSize uint8) uint64 {
+	switch bitSize {
+	case 8:
+		return (uint64)(**(**uint8)(unsafe.Pointer(&p)))
+	case 16:
+		return (uint64)(**(**uint16)(unsafe.Pointer(&p)))
+	case 32:
+		return (uint64)(**(**uint32)(unsafe.Pointer(&p)))
+	case 64:
+		return **(**uint64)(unsafe.Pointer(&p))
+	}
+	return 0
+}
+func ptrToFloat32(p uintptr) float32            { return **(**float32)(unsafe.Pointer(&p)) }
+func ptrToFloat64(p uintptr) float64            { return **(**float64)(unsafe.Pointer(&p)) }
+func ptrToBool(p uintptr) bool                  { return **(**bool)(unsafe.Pointer(&p)) }
+func ptrToBytes(p uintptr) []byte               { return **(**[]byte)(unsafe.Pointer(&p)) }
+func ptrToNumber(p uintptr) json.Number         { return **(**json.Number)(unsafe.Pointer(&p)) }
+func ptrToString(p uintptr) string              { return **(**string)(unsafe.Pointer(&p)) }
+func ptrToSlice(p uintptr) *runtime.SliceHeader { return *(**runtime.SliceHeader)(unsafe.Pointer(&p)) }
+func ptrToPtr(p uintptr) uintptr {
+	return uintptr(**(**unsafe.Pointer)(unsafe.Pointer(&p)))
+}
+func ptrToNPtr(p uintptr, ptrNum uint8) uintptr {
+	for i := uint8(0); i < ptrNum; i++ {
+		if p == 0 {
+			return 0
+		}
+		p = ptrToPtr(p)
+	}
+	return p
+}
+
+func ptrToUnsafePtr(p uintptr) unsafe.Pointer {
+	return *(*unsafe.Pointer)(unsafe.Pointer(&p))
+}
+func ptrToInterface(code *encoder.Opcode, p uintptr) interface{} {
+	return *(*interface{})(unsafe.Pointer(&emptyInterface{
+		typ: code.Type,
+		ptr: *(*unsafe.Pointer)(unsafe.Pointer(&p)),
+	}))
+}
+
+func appendBool(_ *encoder.RuntimeContext, b []byte, v bool) []byte {
+	if v {
+		return append(b, "true"...)
+	}
+	return append(b, "false"...)
+}
+
+func appendNull(_ *encoder.RuntimeContext, b []byte) []byte {
+	return append(b, "null"...)
+}
+
+func appendComma(_ *encoder.RuntimeContext, b []byte) []byte {
+	return append(b, ',', '\n')
+}
+
+func appendNullComma(_ *encoder.RuntimeContext, b []byte) []byte {
+	return append(b, "null,\n"...)
+}
+
+func appendColon(_ *encoder.RuntimeContext, b []byte) []byte {
+	return append(b[:len(b)-2], ':', ' ')
+}
+
+func appendMapKeyValue(ctx *encoder.RuntimeContext, code *encoder.Opcode, b, key, value []byte) []byte {
+	b = appendIndent(ctx, b, code.Indent+1)
+	b = append(b, key...)
+	b[len(b)-2] = ':'
+	b[len(b)-1] = ' '
+	return append(b, value...)
+}
+
+func appendMapEnd(ctx *encoder.RuntimeContext, code *encoder.Opcode, b []byte) []byte {
+	b = b[:len(b)-2]
+	b = append(b, '\n')
+	b = appendIndent(ctx, b, code.Indent)
+	return append(b, '}', ',', '\n')
+}
+
+func appendArrayHead(ctx *encoder.RuntimeContext, code *encoder.Opcode, b []byte) []byte {
+	b = append(b, '[', '\n')
+	return appendIndent(ctx, b, code.Indent+1)
+}
+
+func appendArrayEnd(ctx *encoder.RuntimeContext, code *encoder.Opcode, b []byte) []byte {
+	b = b[:len(b)-2]
+	b = append(b, '\n')
+	b = appendIndent(ctx, b, code.Indent)
+	return append(b, ']', ',', '\n')
+}
+
+func appendEmptyArray(_ *encoder.RuntimeContext, b []byte) []byte {
+	return append(b, '[', ']', ',', '\n')
+}
+
+func appendEmptyObject(_ *encoder.RuntimeContext, b []byte) []byte {
+	return append(b, '{', '}', ',', '\n')
+}
+
+func appendObjectEnd(ctx *encoder.RuntimeContext, code *encoder.Opcode, b []byte) []byte {
+	last := len(b) - 1
+	// replace comma to newline
+	b[last-1] = '\n'
+	b = appendIndent(ctx, b[:last], code.Indent)
+	return append(b, '}', ',', '\n')
+}
+
+func appendMarshalJSON(ctx *encoder.RuntimeContext, code *encoder.Opcode, b []byte, v interface{}) ([]byte, error) {
+	return encoder.AppendMarshalJSONIndent(ctx, code, b, v)
+}
+
+func appendMarshalText(ctx *encoder.RuntimeContext, code *encoder.Opcode, b []byte, v interface{}) ([]byte, error) {
+	return encoder.AppendMarshalTextIndent(ctx, code, b, v)
+}
+
+func appendStructHead(_ *encoder.RuntimeContext, b []byte) []byte {
+	return append(b, '{', '\n')
+}
+
+func appendStructKey(ctx *encoder.RuntimeContext, code *encoder.Opcode, b []byte) []byte {
+	b = appendIndent(ctx, b, code.Indent)
+	b = append(b, code.Key...)
+	return append(b, ' ')
+}
+
+func appendStructEndSkipLast(ctx *encoder.RuntimeContext, code *encoder.Opcode, b []byte) []byte {
+	last := len(b) - 1
+	if b[last-1] == '{' {
+		b[last] = '}'
+	} else {
+		if b[last] == '\n' {
+			// to remove ',' and '\n' characters
+			b = b[:len(b)-2]
+		}
+		b = append(b, '\n')
+		b = appendIndent(ctx, b, code.Indent-1)
+		b = append(b, '}')
+	}
+	return appendComma(ctx, b)
+}
+
+func restoreIndent(ctx *encoder.RuntimeContext, code *encoder.Opcode, ctxptr uintptr) {
+	ctx.BaseIndent = uint32(load(ctxptr, code.Length))
+}
+
+func storeIndent(ctxptr uintptr, code *encoder.Opcode, indent uintptr) {
+	store(ctxptr, code.Length, indent)
+}
+
+func appendArrayElemIndent(ctx *encoder.RuntimeContext, code *encoder.Opcode, b []byte) []byte {
+	return appendIndent(ctx, b, code.Indent+1)
+}
+
+func appendMapKeyIndent(ctx *encoder.RuntimeContext, code *encoder.Opcode, b []byte) []byte {
+	return appendIndent(ctx, b, code.Indent)
+}
diff --git a/vendor/github.com/goccy/go-json/internal/encoder/vm_indent/vm.go b/vendor/github.com/goccy/go-json/internal/encoder/vm_indent/vm.go
new file mode 100644
index 000000000..836c5c8a8
--- /dev/null
+++ b/vendor/github.com/goccy/go-json/internal/encoder/vm_indent/vm.go
@@ -0,0 +1,4859 @@
+// Code generated by internal/cmd/generator. DO NOT EDIT!
+package vm_indent
+
+import (
+	"math"
+	"reflect"
+	"sort"
+	"unsafe"
+
+	"github.com/goccy/go-json/internal/encoder"
+	"github.com/goccy/go-json/internal/runtime"
+)
+
+func Run(ctx *encoder.RuntimeContext, b []byte, codeSet *encoder.OpcodeSet) ([]byte, error) {
+	recursiveLevel := 0
+	ptrOffset := uintptr(0)
+	ctxptr := ctx.Ptr()
+	var code *encoder.Opcode
+	if (ctx.Option.Flag & encoder.HTMLEscapeOption) != 0 {
+		code = codeSet.EscapeKeyCode
+	} else {
+		code = codeSet.NoescapeKeyCode
+	}
+
+	for {
+		switch code.Op {
+		default:
+			return nil, errUnimplementedOp(code.Op)
+		case encoder.OpPtr:
+			p := load(ctxptr, code.Idx)
+			code = code.Next
+			store(ctxptr, code.Idx, ptrToPtr(p))
+		case encoder.OpIntPtr:
+			p := loadNPtr(ctxptr, code.Idx, code.PtrNum)
+			if p == 0 {
+				b = appendNullComma(ctx, b)
+				code = code.Next
+				break
+			}
+			store(ctxptr, code.Idx, p)
+			fallthrough
+		case encoder.OpInt:
+			b = appendInt(ctx, b, load(ctxptr, code.Idx), code)
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpUintPtr:
+			p := loadNPtr(ctxptr, code.Idx, code.PtrNum)
+			if p == 0 {
+				b = appendNullComma(ctx, b)
+				code = code.Next
+				break
+			}
+			store(ctxptr, code.Idx, p)
+			fallthrough
+		case encoder.OpUint:
+			b = appendUint(ctx, b, load(ctxptr, code.Idx), code)
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpIntString:
+			b = append(b, '"')
+			b = appendInt(ctx, b, load(ctxptr, code.Idx), code)
+			b = append(b, '"')
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpUintString:
+			b = append(b, '"')
+			b = appendUint(ctx, b, load(ctxptr, code.Idx), code)
+			b = append(b, '"')
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpFloat32Ptr:
+			p := loadNPtr(ctxptr, code.Idx, code.PtrNum)
+			if p == 0 {
+				b = appendNull(ctx, b)
+				b = appendComma(ctx, b)
+				code = code.Next
+				break
+			}
+			store(ctxptr, code.Idx, p)
+			fallthrough
+		case encoder.OpFloat32:
+			b = appendFloat32(ctx, b, ptrToFloat32(load(ctxptr, code.Idx)))
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpFloat64Ptr:
+			p := loadNPtr(ctxptr, code.Idx, code.PtrNum)
+			if p == 0 {
+				b = appendNullComma(ctx, b)
+				code = code.Next
+				break
+			}
+			store(ctxptr, code.Idx, p)
+			fallthrough
+		case encoder.OpFloat64:
+			v := ptrToFloat64(load(ctxptr, code.Idx))
+			if math.IsInf(v, 0) || math.IsNaN(v) {
+				return nil, errUnsupportedFloat(v)
+			}
+			b = appendFloat64(ctx, b, v)
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStringPtr:
+			p := loadNPtr(ctxptr, code.Idx, code.PtrNum)
+			if p == 0 {
+				b = appendNullComma(ctx, b)
+				code = code.Next
+				break
+			}
+			store(ctxptr, code.Idx, p)
+			fallthrough
+		case encoder.OpString:
+			b = appendString(ctx, b, ptrToString(load(ctxptr, code.Idx)))
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpBoolPtr:
+			p := loadNPtr(ctxptr, code.Idx, code.PtrNum)
+			if p == 0 {
+				b = appendNullComma(ctx, b)
+				code = code.Next
+				break
+			}
+			store(ctxptr, code.Idx, p)
+			fallthrough
+		case encoder.OpBool:
+			b = appendBool(ctx, b, ptrToBool(load(ctxptr, code.Idx)))
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpBytesPtr:
+			p := loadNPtr(ctxptr, code.Idx, code.PtrNum)
+			if p == 0 {
+				b = appendNullComma(ctx, b)
+				code = code.Next
+				break
+			}
+			store(ctxptr, code.Idx, p)
+			fallthrough
+		case encoder.OpBytes:
+			b = appendByteSlice(ctx, b, ptrToBytes(load(ctxptr, code.Idx)))
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpNumberPtr:
+			p := loadNPtr(ctxptr, code.Idx, code.PtrNum)
+			if p == 0 {
+				b = appendNullComma(ctx, b)
+				code = code.Next
+				break
+			}
+			store(ctxptr, code.Idx, p)
+			fallthrough
+		case encoder.OpNumber:
+			bb, err := appendNumber(ctx, b, ptrToNumber(load(ctxptr, code.Idx)))
+			if err != nil {
+				return nil, err
+			}
+			b = appendComma(ctx, bb)
+			code = code.Next
+		case encoder.OpInterfacePtr:
+			p := loadNPtr(ctxptr, code.Idx, code.PtrNum)
+			if p == 0 {
+				b = appendNullComma(ctx, b)
+				code = code.Next
+				break
+			}
+			store(ctxptr, code.Idx, p)
+			fallthrough
+		case encoder.OpInterface:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				b = appendNullComma(ctx, b)
+				code = code.Next
+				break
+			}
+			if recursiveLevel > encoder.StartDetectingCyclesAfter {
+				for _, seen := range ctx.SeenPtr {
+					if p == seen {
+						return nil, errUnsupportedValue(code, p)
+					}
+				}
+			}
+			ctx.SeenPtr = append(ctx.SeenPtr, p)
+			var (
+				typ      *runtime.Type
+				ifacePtr unsafe.Pointer
+			)
+			up := ptrToUnsafePtr(p)
+			if code.Flags&encoder.NonEmptyInterfaceFlags != 0 {
+				iface := (*nonEmptyInterface)(up)
+				ifacePtr = iface.ptr
+				if iface.itab != nil {
+					typ = iface.itab.typ
+				}
+			} else {
+				iface := (*emptyInterface)(up)
+				ifacePtr = iface.ptr
+				typ = iface.typ
+			}
+			if ifacePtr == nil {
+				isDirectedNil := typ != nil && typ.Kind() == reflect.Struct && !runtime.IfaceIndir(typ)
+				if !isDirectedNil {
+					b = appendNullComma(ctx, b)
+					code = code.Next
+					break
+				}
+			}
+			ctx.KeepRefs = append(ctx.KeepRefs, up)
+			ifaceCodeSet, err := encoder.CompileToGetCodeSet(ctx, uintptr(unsafe.Pointer(typ)))
+			if err != nil {
+				return nil, err
+			}
+
+			totalLength := uintptr(code.Length) + 3
+			nextTotalLength := uintptr(ifaceCodeSet.CodeLength) + 3
+
+			var c *encoder.Opcode
+			if (ctx.Option.Flag & encoder.HTMLEscapeOption) != 0 {
+				c = ifaceCodeSet.InterfaceEscapeKeyCode
+			} else {
+				c = ifaceCodeSet.InterfaceNoescapeKeyCode
+			}
+			curlen := uintptr(len(ctx.Ptrs))
+			offsetNum := ptrOffset / uintptrSize
+			oldOffset := ptrOffset
+			ptrOffset += totalLength * uintptrSize
+			oldBaseIndent := ctx.BaseIndent
+			ctx.BaseIndent += code.Indent
+
+			newLen := offsetNum + totalLength + nextTotalLength
+			if curlen < newLen {
+				ctx.Ptrs = append(ctx.Ptrs, make([]uintptr, newLen-curlen)...)
+			}
+			ctxptr = ctx.Ptr() + ptrOffset // assign new ctxptr
+
+			end := ifaceCodeSet.EndCode
+			store(ctxptr, c.Idx, uintptr(ifacePtr))
+			store(ctxptr, end.Idx, oldOffset)
+			store(ctxptr, end.ElemIdx, uintptr(unsafe.Pointer(code.Next)))
+			storeIndent(ctxptr, end, uintptr(oldBaseIndent))
+			code = c
+			recursiveLevel++
+		case encoder.OpInterfaceEnd:
+			recursiveLevel--
+
+			// restore ctxptr
+			offset := load(ctxptr, code.Idx)
+			restoreIndent(ctx, code, ctxptr)
+			ctx.SeenPtr = ctx.SeenPtr[:len(ctx.SeenPtr)-1]
+
+			codePtr := load(ctxptr, code.ElemIdx)
+			code = (*encoder.Opcode)(ptrToUnsafePtr(codePtr))
+			ctxptr = ctx.Ptr() + offset
+			ptrOffset = offset
+		case encoder.OpMarshalJSONPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				b = appendNullComma(ctx, b)
+				code = code.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToPtr(p))
+			fallthrough
+		case encoder.OpMarshalJSON:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				b = appendNullComma(ctx, b)
+				code = code.Next
+				break
+			}
+			if (code.Flags&encoder.IsNilableTypeFlags) != 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				p = ptrToPtr(p)
+			}
+			bb, err := appendMarshalJSON(ctx, code, b, ptrToInterface(code, p))
+			if err != nil {
+				return nil, err
+			}
+			b = appendComma(ctx, bb)
+			code = code.Next
+		case encoder.OpMarshalTextPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				b = appendNullComma(ctx, b)
+				code = code.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToPtr(p))
+			fallthrough
+		case encoder.OpMarshalText:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				b = append(b, `""`...)
+				b = appendComma(ctx, b)
+				code = code.Next
+				break
+			}
+			if (code.Flags&encoder.IsNilableTypeFlags) != 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				p = ptrToPtr(p)
+			}
+			bb, err := appendMarshalText(ctx, code, b, ptrToInterface(code, p))
+			if err != nil {
+				return nil, err
+			}
+			b = appendComma(ctx, bb)
+			code = code.Next
+		case encoder.OpSlicePtr:
+			p := loadNPtr(ctxptr, code.Idx, code.PtrNum)
+			if p == 0 {
+				b = appendNullComma(ctx, b)
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, p)
+			fallthrough
+		case encoder.OpSlice:
+			p := load(ctxptr, code.Idx)
+			slice := ptrToSlice(p)
+			if p == 0 || slice.Data == nil {
+				b = appendNullComma(ctx, b)
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.ElemIdx, 0)
+			store(ctxptr, code.Length, uintptr(slice.Len))
+			store(ctxptr, code.Idx, uintptr(slice.Data))
+			if slice.Len > 0 {
+				b = appendArrayHead(ctx, code, b)
+				code = code.Next
+				store(ctxptr, code.Idx, uintptr(slice.Data))
+			} else {
+				b = appendEmptyArray(ctx, b)
+				code = code.End.Next
+			}
+		case encoder.OpSliceElem:
+			idx := load(ctxptr, code.ElemIdx)
+			length := load(ctxptr, code.Length)
+			idx++
+			if idx < length {
+				b = appendArrayElemIndent(ctx, code, b)
+				store(ctxptr, code.ElemIdx, idx)
+				data := load(ctxptr, code.Idx)
+				size := uintptr(code.Size)
+				code = code.Next
+				store(ctxptr, code.Idx, data+idx*size)
+			} else {
+				b = appendArrayEnd(ctx, code, b)
+				code = code.End.Next
+			}
+		case encoder.OpArrayPtr:
+			p := loadNPtr(ctxptr, code.Idx, code.PtrNum)
+			if p == 0 {
+				b = appendNullComma(ctx, b)
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, p)
+			fallthrough
+		case encoder.OpArray:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				b = appendNullComma(ctx, b)
+				code = code.End.Next
+				break
+			}
+			if code.Length > 0 {
+				b = appendArrayHead(ctx, code, b)
+				store(ctxptr, code.ElemIdx, 0)
+				code = code.Next
+				store(ctxptr, code.Idx, p)
+			} else {
+				b = appendEmptyArray(ctx, b)
+				code = code.End.Next
+			}
+		case encoder.OpArrayElem:
+			idx := load(ctxptr, code.ElemIdx)
+			idx++
+			if idx < uintptr(code.Length) {
+				b = appendArrayElemIndent(ctx, code, b)
+				store(ctxptr, code.ElemIdx, idx)
+				p := load(ctxptr, code.Idx)
+				size := uintptr(code.Size)
+				code = code.Next
+				store(ctxptr, code.Idx, p+idx*size)
+			} else {
+				b = appendArrayEnd(ctx, code, b)
+				code = code.End.Next
+			}
+		case encoder.OpMapPtr:
+			p := loadNPtr(ctxptr, code.Idx, code.PtrNum)
+			if p == 0 {
+				b = appendNullComma(ctx, b)
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, p)
+			fallthrough
+		case encoder.OpMap:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				b = appendNullComma(ctx, b)
+				code = code.End.Next
+				break
+			}
+			uptr := ptrToUnsafePtr(p)
+			mlen := maplen(uptr)
+			if mlen <= 0 {
+				b = appendEmptyObject(ctx, b)
+				code = code.End.Next
+				break
+			}
+			b = appendStructHead(ctx, b)
+			unorderedMap := (ctx.Option.Flag & encoder.UnorderedMapOption) != 0
+			mapCtx := encoder.NewMapContext(mlen, unorderedMap)
+			mapiterinit(code.Type, uptr, &mapCtx.Iter)
+			store(ctxptr, code.Idx, uintptr(unsafe.Pointer(mapCtx)))
+			ctx.KeepRefs = append(ctx.KeepRefs, unsafe.Pointer(mapCtx))
+			if unorderedMap {
+				b = appendMapKeyIndent(ctx, code.Next, b)
+			} else {
+				mapCtx.Start = len(b)
+				mapCtx.First = len(b)
+			}
+			key := mapiterkey(&mapCtx.Iter)
+			store(ctxptr, code.Next.Idx, uintptr(key))
+			code = code.Next
+		case encoder.OpMapKey:
+			mapCtx := (*encoder.MapContext)(ptrToUnsafePtr(load(ctxptr, code.Idx)))
+			idx := mapCtx.Idx
+			idx++
+			if (ctx.Option.Flag & encoder.UnorderedMapOption) != 0 {
+				if idx < mapCtx.Len {
+					b = appendMapKeyIndent(ctx, code, b)
+					mapCtx.Idx = int(idx)
+					key := mapiterkey(&mapCtx.Iter)
+					store(ctxptr, code.Next.Idx, uintptr(key))
+					code = code.Next
+				} else {
+					b = appendObjectEnd(ctx, code, b)
+					encoder.ReleaseMapContext(mapCtx)
+					code = code.End.Next
+				}
+			} else {
+				mapCtx.Slice.Items[mapCtx.Idx].Value = b[mapCtx.Start:len(b)]
+				if idx < mapCtx.Len {
+					mapCtx.Idx = int(idx)
+					mapCtx.Start = len(b)
+					key := mapiterkey(&mapCtx.Iter)
+					store(ctxptr, code.Next.Idx, uintptr(key))
+					code = code.Next
+				} else {
+					code = code.End
+				}
+			}
+		case encoder.OpMapValue:
+			mapCtx := (*encoder.MapContext)(ptrToUnsafePtr(load(ctxptr, code.Idx)))
+			if (ctx.Option.Flag & encoder.UnorderedMapOption) != 0 {
+				b = appendColon(ctx, b)
+			} else {
+				mapCtx.Slice.Items[mapCtx.Idx].Key = b[mapCtx.Start:len(b)]
+				mapCtx.Start = len(b)
+			}
+			value := mapitervalue(&mapCtx.Iter)
+			store(ctxptr, code.Next.Idx, uintptr(value))
+			mapiternext(&mapCtx.Iter)
+			code = code.Next
+		case encoder.OpMapEnd:
+			// this operation only used by sorted map.
+			mapCtx := (*encoder.MapContext)(ptrToUnsafePtr(load(ctxptr, code.Idx)))
+			sort.Sort(mapCtx.Slice)
+			buf := mapCtx.Buf
+			for _, item := range mapCtx.Slice.Items {
+				buf = appendMapKeyValue(ctx, code, buf, item.Key, item.Value)
+			}
+			buf = appendMapEnd(ctx, code, buf)
+			b = b[:mapCtx.First]
+			b = append(b, buf...)
+			mapCtx.Buf = buf
+			encoder.ReleaseMapContext(mapCtx)
+			code = code.Next
+		case encoder.OpRecursivePtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				code = code.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpRecursive:
+			ptr := load(ctxptr, code.Idx)
+			if ptr != 0 {
+				if recursiveLevel > encoder.StartDetectingCyclesAfter {
+					for _, seen := range ctx.SeenPtr {
+						if ptr == seen {
+							return nil, errUnsupportedValue(code, ptr)
+						}
+					}
+				}
+			}
+			ctx.SeenPtr = append(ctx.SeenPtr, ptr)
+			c := code.Jmp.Code
+			curlen := uintptr(len(ctx.Ptrs))
+			offsetNum := ptrOffset / uintptrSize
+			oldOffset := ptrOffset
+			ptrOffset += code.Jmp.CurLen * uintptrSize
+			oldBaseIndent := ctx.BaseIndent
+			indentDiffFromTop := c.Indent - 1
+			ctx.BaseIndent += code.Indent - indentDiffFromTop
+
+			newLen := offsetNum + code.Jmp.CurLen + code.Jmp.NextLen
+			if curlen < newLen {
+				ctx.Ptrs = append(ctx.Ptrs, make([]uintptr, newLen-curlen)...)
+			}
+			ctxptr = ctx.Ptr() + ptrOffset // assign new ctxptr
+
+			store(ctxptr, c.Idx, ptr)
+			store(ctxptr, c.End.Next.Idx, oldOffset)
+			store(ctxptr, c.End.Next.ElemIdx, uintptr(unsafe.Pointer(code.Next)))
+			storeIndent(ctxptr, c.End.Next, uintptr(oldBaseIndent))
+			code = c
+			recursiveLevel++
+		case encoder.OpRecursiveEnd:
+			recursiveLevel--
+
+			// restore ctxptr
+			restoreIndent(ctx, code, ctxptr)
+			offset := load(ctxptr, code.Idx)
+			ctx.SeenPtr = ctx.SeenPtr[:len(ctx.SeenPtr)-1]
+
+			codePtr := load(ctxptr, code.ElemIdx)
+			code = (*encoder.Opcode)(ptrToUnsafePtr(codePtr))
+			ctxptr = ctx.Ptr() + offset
+			ptrOffset = offset
+		case encoder.OpStructPtrHead:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHead:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && ((code.Flags&encoder.IndirectFlags) != 0 || code.Next.Op == encoder.OpStructEnd) {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			if len(code.Key) > 0 {
+				if (code.Flags&encoder.IsTaggedKeyFlags) != 0 || code.Flags&encoder.AnonymousKeyFlags == 0 {
+					b = appendStructKey(ctx, code, b)
+				}
+			}
+			p += uintptr(code.Offset)
+			code = code.Next
+			store(ctxptr, code.Idx, p)
+		case encoder.OpStructPtrHeadOmitEmpty:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadOmitEmpty:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && ((code.Flags&encoder.IndirectFlags) != 0 || code.Next.Op == encoder.OpStructEnd) {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			p += uintptr(code.Offset)
+			if p == 0 || (ptrToPtr(p) == 0 && (code.Flags&encoder.IsNextOpPtrTypeFlags) != 0) {
+				code = code.NextField
+			} else {
+				b = appendStructKey(ctx, code, b)
+				code = code.Next
+				store(ctxptr, code.Idx, p)
+			}
+		case encoder.OpStructPtrHeadInt:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadInt:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			b = appendInt(ctx, b, p+uintptr(code.Offset), code)
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyInt:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyInt:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			u64 := ptrToUint64(p+uintptr(code.Offset), code.NumBitSize)
+			v := u64 & ((1 << code.NumBitSize) - 1)
+			if v == 0 {
+				code = code.NextField
+			} else {
+				b = appendStructKey(ctx, code, b)
+				b = appendInt(ctx, b, p+uintptr(code.Offset), code)
+				b = appendComma(ctx, b)
+				code = code.Next
+			}
+		case encoder.OpStructPtrHeadIntString:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadIntString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			b = append(b, '"')
+			b = appendInt(ctx, b, p+uintptr(code.Offset), code)
+			b = append(b, '"')
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyIntString:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyIntString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			p += uintptr(code.Offset)
+			u64 := ptrToUint64(p, code.NumBitSize)
+			v := u64 & ((1 << code.NumBitSize) - 1)
+			if v == 0 {
+				code = code.NextField
+			} else {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				b = appendInt(ctx, b, p, code)
+				b = append(b, '"')
+				b = appendComma(ctx, b)
+				code = code.Next
+			}
+		case encoder.OpStructPtrHeadIntPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadIntPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = appendInt(ctx, b, p, code)
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyIntPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyIntPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = appendInt(ctx, b, p, code)
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructPtrHeadIntPtrString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadIntPtrString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = append(b, '"')
+				b = appendInt(ctx, b, p, code)
+				b = append(b, '"')
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyIntPtrString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyIntPtrString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				b = appendInt(ctx, b, p, code)
+				b = append(b, '"')
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructPtrHeadUint:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadUint:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			b = appendUint(ctx, b, p+uintptr(code.Offset), code)
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyUint:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyUint:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			u64 := ptrToUint64(p+uintptr(code.Offset), code.NumBitSize)
+			v := u64 & ((1 << code.NumBitSize) - 1)
+			if v == 0 {
+				code = code.NextField
+			} else {
+				b = appendStructKey(ctx, code, b)
+				b = appendUint(ctx, b, p+uintptr(code.Offset), code)
+				b = appendComma(ctx, b)
+				code = code.Next
+			}
+		case encoder.OpStructPtrHeadUintString:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadUintString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			b = append(b, '"')
+			b = appendUint(ctx, b, p+uintptr(code.Offset), code)
+			b = append(b, '"')
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyUintString:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyUintString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			u64 := ptrToUint64(p+uintptr(code.Offset), code.NumBitSize)
+			v := u64 & ((1 << code.NumBitSize) - 1)
+			if v == 0 {
+				code = code.NextField
+			} else {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				b = appendUint(ctx, b, p+uintptr(code.Offset), code)
+				b = append(b, '"')
+				b = appendComma(ctx, b)
+				code = code.Next
+			}
+		case encoder.OpStructPtrHeadUintPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadUintPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = appendUint(ctx, b, p, code)
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyUintPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyUintPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = appendUint(ctx, b, p, code)
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructPtrHeadUintPtrString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadUintPtrString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = append(b, '"')
+				b = appendUint(ctx, b, p, code)
+				b = append(b, '"')
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyUintPtrString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyUintPtrString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				b = appendUint(ctx, b, p, code)
+				b = append(b, '"')
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructPtrHeadFloat32:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadFloat32:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			b = appendFloat32(ctx, b, ptrToFloat32(p+uintptr(code.Offset)))
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyFloat32:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyFloat32:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			v := ptrToFloat32(p + uintptr(code.Offset))
+			if v == 0 {
+				code = code.NextField
+			} else {
+				b = appendStructKey(ctx, code, b)
+				b = appendFloat32(ctx, b, v)
+				b = appendComma(ctx, b)
+				code = code.Next
+			}
+		case encoder.OpStructPtrHeadFloat32String:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadFloat32String:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			b = append(b, '"')
+			b = appendFloat32(ctx, b, ptrToFloat32(p+uintptr(code.Offset)))
+			b = append(b, '"')
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyFloat32String:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyFloat32String:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			v := ptrToFloat32(p + uintptr(code.Offset))
+			if v == 0 {
+				code = code.NextField
+			} else {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				b = appendFloat32(ctx, b, v)
+				b = append(b, '"')
+				b = appendComma(ctx, b)
+				code = code.Next
+			}
+		case encoder.OpStructPtrHeadFloat32Ptr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadFloat32Ptr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = appendFloat32(ctx, b, ptrToFloat32(p))
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyFloat32Ptr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyFloat32Ptr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = appendFloat32(ctx, b, ptrToFloat32(p))
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructPtrHeadFloat32PtrString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadFloat32PtrString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = append(b, '"')
+				b = appendFloat32(ctx, b, ptrToFloat32(p))
+				b = append(b, '"')
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyFloat32PtrString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyFloat32PtrString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				b = appendFloat32(ctx, b, ptrToFloat32(p))
+				b = append(b, '"')
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructPtrHeadFloat64:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadFloat64:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			v := ptrToFloat64(p + uintptr(code.Offset))
+			if math.IsInf(v, 0) || math.IsNaN(v) {
+				return nil, errUnsupportedFloat(v)
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			b = appendFloat64(ctx, b, v)
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyFloat64:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyFloat64:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			v := ptrToFloat64(p + uintptr(code.Offset))
+			if v == 0 {
+				code = code.NextField
+			} else {
+				if math.IsInf(v, 0) || math.IsNaN(v) {
+					return nil, errUnsupportedFloat(v)
+				}
+				b = appendStructKey(ctx, code, b)
+				b = appendFloat64(ctx, b, v)
+				b = appendComma(ctx, b)
+				code = code.Next
+			}
+		case encoder.OpStructPtrHeadFloat64String:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadFloat64String:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			v := ptrToFloat64(p + uintptr(code.Offset))
+			if math.IsInf(v, 0) || math.IsNaN(v) {
+				return nil, errUnsupportedFloat(v)
+			}
+			b = appendStructKey(ctx, code, b)
+			b = append(b, '"')
+			b = appendFloat64(ctx, b, v)
+			b = append(b, '"')
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyFloat64String:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyFloat64String:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			v := ptrToFloat64(p + uintptr(code.Offset))
+			if v == 0 {
+				code = code.NextField
+			} else {
+				if math.IsInf(v, 0) || math.IsNaN(v) {
+					return nil, errUnsupportedFloat(v)
+				}
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				b = appendFloat64(ctx, b, v)
+				b = append(b, '"')
+				b = appendComma(ctx, b)
+				code = code.Next
+			}
+		case encoder.OpStructPtrHeadFloat64Ptr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadFloat64Ptr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				v := ptrToFloat64(p)
+				if math.IsInf(v, 0) || math.IsNaN(v) {
+					return nil, errUnsupportedFloat(v)
+				}
+				b = appendFloat64(ctx, b, v)
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyFloat64Ptr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyFloat64Ptr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				v := ptrToFloat64(p)
+				if math.IsInf(v, 0) || math.IsNaN(v) {
+					return nil, errUnsupportedFloat(v)
+				}
+				b = appendFloat64(ctx, b, v)
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructPtrHeadFloat64PtrString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadFloat64PtrString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = append(b, '"')
+				v := ptrToFloat64(p)
+				if math.IsInf(v, 0) || math.IsNaN(v) {
+					return nil, errUnsupportedFloat(v)
+				}
+				b = appendFloat64(ctx, b, v)
+				b = append(b, '"')
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyFloat64PtrString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyFloat64PtrString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				v := ptrToFloat64(p)
+				if math.IsInf(v, 0) || math.IsNaN(v) {
+					return nil, errUnsupportedFloat(v)
+				}
+				b = appendFloat64(ctx, b, v)
+				b = append(b, '"')
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructPtrHeadString:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNull(ctx, b)
+					b = appendComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			b = appendString(ctx, b, ptrToString(p+uintptr(code.Offset)))
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyString:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			v := ptrToString(p + uintptr(code.Offset))
+			if v == "" {
+				code = code.NextField
+			} else {
+				b = appendStructKey(ctx, code, b)
+				b = appendString(ctx, b, v)
+				b = appendComma(ctx, b)
+				code = code.Next
+			}
+		case encoder.OpStructPtrHeadStringString:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadStringString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			b = appendString(ctx, b, string(appendString(ctx, []byte{}, ptrToString(p+uintptr(code.Offset)))))
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyStringString:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyStringString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			v := ptrToString(p + uintptr(code.Offset))
+			if v == "" {
+				code = code.NextField
+			} else {
+				b = appendStructKey(ctx, code, b)
+				b = appendString(ctx, b, string(appendString(ctx, []byte{}, v)))
+				b = appendComma(ctx, b)
+				code = code.Next
+			}
+		case encoder.OpStructPtrHeadStringPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadStringPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = appendString(ctx, b, ptrToString(p))
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyStringPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyStringPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = appendString(ctx, b, ptrToString(p))
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructPtrHeadStringPtrString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadStringPtrString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = appendString(ctx, b, string(appendString(ctx, []byte{}, ptrToString(p))))
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyStringPtrString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyStringPtrString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = appendString(ctx, b, string(appendString(ctx, []byte{}, ptrToString(p))))
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructPtrHeadBool:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadBool:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			b = appendBool(ctx, b, ptrToBool(p+uintptr(code.Offset)))
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyBool:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyBool:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			v := ptrToBool(p + uintptr(code.Offset))
+			if v {
+				b = appendStructKey(ctx, code, b)
+				b = appendBool(ctx, b, v)
+				b = appendComma(ctx, b)
+				code = code.Next
+			} else {
+				code = code.NextField
+			}
+		case encoder.OpStructPtrHeadBoolString:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadBoolString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			b = append(b, '"')
+			b = appendBool(ctx, b, ptrToBool(p+uintptr(code.Offset)))
+			b = append(b, '"')
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyBoolString:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyBoolString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			v := ptrToBool(p + uintptr(code.Offset))
+			if v {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				b = appendBool(ctx, b, v)
+				b = append(b, '"')
+				b = appendComma(ctx, b)
+				code = code.Next
+			} else {
+				code = code.NextField
+			}
+		case encoder.OpStructPtrHeadBoolPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadBoolPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = appendBool(ctx, b, ptrToBool(p))
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyBoolPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyBoolPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = appendBool(ctx, b, ptrToBool(p))
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructPtrHeadBoolPtrString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadBoolPtrString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = append(b, '"')
+				b = appendBool(ctx, b, ptrToBool(p))
+				b = append(b, '"')
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyBoolPtrString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyBoolPtrString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				b = appendBool(ctx, b, ptrToBool(p))
+				b = append(b, '"')
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructPtrHeadBytes:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadBytes:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			b = appendByteSlice(ctx, b, ptrToBytes(p+uintptr(code.Offset)))
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyBytes:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyBytes:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			v := ptrToBytes(p + uintptr(code.Offset))
+			if len(v) == 0 {
+				code = code.NextField
+			} else {
+				b = appendStructKey(ctx, code, b)
+				b = appendByteSlice(ctx, b, v)
+				b = appendComma(ctx, b)
+				code = code.Next
+			}
+		case encoder.OpStructPtrHeadBytesPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadBytesPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = appendByteSlice(ctx, b, ptrToBytes(p))
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyBytesPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyBytesPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = appendByteSlice(ctx, b, ptrToBytes(p))
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructPtrHeadNumber:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadNumber:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			bb, err := appendNumber(ctx, b, ptrToNumber(p+uintptr(code.Offset)))
+			if err != nil {
+				return nil, err
+			}
+			b = appendComma(ctx, bb)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyNumber:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyNumber:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			v := ptrToNumber(p + uintptr(code.Offset))
+			if v == "" {
+				code = code.NextField
+			} else {
+				b = appendStructKey(ctx, code, b)
+				bb, err := appendNumber(ctx, b, v)
+				if err != nil {
+					return nil, err
+				}
+				b = appendComma(ctx, bb)
+				code = code.Next
+			}
+		case encoder.OpStructPtrHeadNumberString:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadNumberString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			b = append(b, '"')
+			bb, err := appendNumber(ctx, b, ptrToNumber(p+uintptr(code.Offset)))
+			if err != nil {
+				return nil, err
+			}
+			b = append(bb, '"')
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyNumberString:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyNumberString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			v := ptrToNumber(p + uintptr(code.Offset))
+			if v == "" {
+				code = code.NextField
+			} else {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				bb, err := appendNumber(ctx, b, v)
+				if err != nil {
+					return nil, err
+				}
+				b = append(bb, '"')
+				b = appendComma(ctx, b)
+				code = code.Next
+			}
+		case encoder.OpStructPtrHeadNumberPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadNumberPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				bb, err := appendNumber(ctx, b, ptrToNumber(p))
+				if err != nil {
+					return nil, err
+				}
+				b = bb
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyNumberPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyNumberPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				bb, err := appendNumber(ctx, b, ptrToNumber(p))
+				if err != nil {
+					return nil, err
+				}
+				b = appendComma(ctx, bb)
+			}
+			code = code.Next
+		case encoder.OpStructPtrHeadNumberPtrString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadNumberPtrString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = append(b, '"')
+				bb, err := appendNumber(ctx, b, ptrToNumber(p))
+				if err != nil {
+					return nil, err
+				}
+				b = append(bb, '"')
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyNumberPtrString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyNumberPtrString:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				bb, err := appendNumber(ctx, b, ptrToNumber(p))
+				if err != nil {
+					return nil, err
+				}
+				b = append(bb, '"')
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructPtrHeadArray, encoder.OpStructPtrHeadSlice:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadArray, encoder.OpStructHeadSlice:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			p += uintptr(code.Offset)
+			code = code.Next
+			store(ctxptr, code.Idx, p)
+		case encoder.OpStructPtrHeadOmitEmptyArray:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyArray:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			p += uintptr(code.Offset)
+			b = appendStructKey(ctx, code, b)
+			code = code.Next
+			store(ctxptr, code.Idx, p)
+		case encoder.OpStructPtrHeadOmitEmptySlice:
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p := load(ctxptr, code.Idx)
+				if p == 0 {
+					if code.Flags&encoder.AnonymousHeadFlags == 0 {
+						b = appendNullComma(ctx, b)
+					}
+					code = code.End.Next
+					break
+				}
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadOmitEmptySlice:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			p += uintptr(code.Offset)
+			slice := ptrToSlice(p)
+			if slice.Len == 0 {
+				code = code.NextField
+			} else {
+				b = appendStructKey(ctx, code, b)
+				code = code.Next
+				store(ctxptr, code.Idx, p)
+			}
+		case encoder.OpStructPtrHeadArrayPtr, encoder.OpStructPtrHeadSlicePtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadArrayPtr, encoder.OpStructHeadSlicePtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p == 0 {
+				b = appendNullComma(ctx, b)
+				code = code.NextField
+			} else {
+				code = code.Next
+				store(ctxptr, code.Idx, p)
+			}
+		case encoder.OpStructPtrHeadOmitEmptyArrayPtr, encoder.OpStructPtrHeadOmitEmptySlicePtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyArrayPtr, encoder.OpStructHeadOmitEmptySlicePtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p == 0 {
+				code = code.NextField
+			} else {
+				b = appendStructKey(ctx, code, b)
+				code = code.Next
+				store(ctxptr, code.Idx, p)
+			}
+		case encoder.OpStructPtrHeadMap:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadMap:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			if p != 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				p = ptrToPtr(p + uintptr(code.Offset))
+			}
+			code = code.Next
+			store(ctxptr, code.Idx, p)
+		case encoder.OpStructPtrHeadOmitEmptyMap:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyMap:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			if p != 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				p = ptrToPtr(p + uintptr(code.Offset))
+			}
+			if maplen(ptrToUnsafePtr(p)) == 0 {
+				code = code.NextField
+			} else {
+				b = appendStructKey(ctx, code, b)
+				code = code.Next
+				store(ctxptr, code.Idx, p)
+			}
+		case encoder.OpStructPtrHeadMapPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadMapPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			if p == 0 {
+				b = appendNullComma(ctx, b)
+				code = code.NextField
+				break
+			}
+			p = ptrToPtr(p + uintptr(code.Offset))
+			if p == 0 {
+				b = appendNullComma(ctx, b)
+				code = code.NextField
+			} else {
+				if (code.Flags & encoder.IndirectFlags) != 0 {
+					p = ptrToNPtr(p, code.PtrNum)
+				}
+				code = code.Next
+				store(ctxptr, code.Idx, p)
+			}
+		case encoder.OpStructPtrHeadOmitEmptyMapPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyMapPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			if p == 0 {
+				code = code.NextField
+				break
+			}
+			p = ptrToPtr(p + uintptr(code.Offset))
+			if p == 0 {
+				code = code.NextField
+			} else {
+				if (code.Flags & encoder.IndirectFlags) != 0 {
+					p = ptrToNPtr(p, code.PtrNum)
+				}
+				b = appendStructKey(ctx, code, b)
+				code = code.Next
+				store(ctxptr, code.Idx, p)
+			}
+		case encoder.OpStructPtrHeadMarshalJSON:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadMarshalJSON:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			p += uintptr(code.Offset)
+			if (code.Flags & encoder.IsNilableTypeFlags) != 0 {
+				if (code.Flags&encoder.IndirectFlags) != 0 || code.Op == encoder.OpStructPtrHeadMarshalJSON {
+					p = ptrToPtr(p)
+				}
+			}
+			if p == 0 && (code.Flags&encoder.NilCheckFlags) != 0 {
+				b = appendNull(ctx, b)
+			} else {
+				bb, err := appendMarshalJSON(ctx, code, b, ptrToInterface(code, p))
+				if err != nil {
+					return nil, err
+				}
+				b = bb
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyMarshalJSON:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyMarshalJSON:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			p += uintptr(code.Offset)
+			if (code.Flags & encoder.IsNilableTypeFlags) != 0 {
+				if (code.Flags&encoder.IndirectFlags) != 0 || code.Op == encoder.OpStructPtrHeadOmitEmptyMarshalJSON {
+					p = ptrToPtr(p)
+				}
+			}
+			iface := ptrToInterface(code, p)
+			if (code.Flags&encoder.NilCheckFlags) != 0 && encoder.IsNilForMarshaler(iface) {
+				code = code.NextField
+			} else {
+				b = appendStructKey(ctx, code, b)
+				bb, err := appendMarshalJSON(ctx, code, b, iface)
+				if err != nil {
+					return nil, err
+				}
+				b = bb
+				b = appendComma(ctx, b)
+				code = code.Next
+			}
+		case encoder.OpStructPtrHeadMarshalJSONPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadMarshalJSONPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				bb, err := appendMarshalJSON(ctx, code, b, ptrToInterface(code, p))
+				if err != nil {
+					return nil, err
+				}
+				b = bb
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyMarshalJSONPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyMarshalJSONPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			if p == 0 {
+				code = code.NextField
+			} else {
+				b = appendStructKey(ctx, code, b)
+				bb, err := appendMarshalJSON(ctx, code, b, ptrToInterface(code, p))
+				if err != nil {
+					return nil, err
+				}
+				b = bb
+				b = appendComma(ctx, b)
+				code = code.Next
+			}
+		case encoder.OpStructPtrHeadMarshalText:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadMarshalText:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			p += uintptr(code.Offset)
+			if (code.Flags & encoder.IsNilableTypeFlags) != 0 {
+				if (code.Flags&encoder.IndirectFlags) != 0 || code.Op == encoder.OpStructPtrHeadMarshalText {
+					p = ptrToPtr(p)
+				}
+			}
+			if p == 0 && (code.Flags&encoder.NilCheckFlags) != 0 {
+				b = appendNull(ctx, b)
+			} else {
+				bb, err := appendMarshalText(ctx, code, b, ptrToInterface(code, p))
+				if err != nil {
+					return nil, err
+				}
+				b = bb
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyMarshalText:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			}
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyMarshalText:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			p += uintptr(code.Offset)
+			if (code.Flags & encoder.IsNilableTypeFlags) != 0 {
+				if (code.Flags&encoder.IndirectFlags) != 0 || code.Op == encoder.OpStructPtrHeadOmitEmptyMarshalText {
+					p = ptrToPtr(p)
+				}
+			}
+			if p == 0 && (code.Flags&encoder.NilCheckFlags) != 0 {
+				code = code.NextField
+			} else {
+				b = appendStructKey(ctx, code, b)
+				bb, err := appendMarshalText(ctx, code, b, ptrToInterface(code, p))
+				if err != nil {
+					return nil, err
+				}
+				b = bb
+				b = appendComma(ctx, b)
+				code = code.Next
+			}
+		case encoder.OpStructPtrHeadMarshalTextPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadMarshalTextPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			b = appendStructKey(ctx, code, b)
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				bb, err := appendMarshalText(ctx, code, b, ptrToInterface(code, p))
+				if err != nil {
+					return nil, err
+				}
+				b = bb
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructPtrHeadOmitEmptyMarshalTextPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			store(ctxptr, code.Idx, ptrToNPtr(p, code.PtrNum))
+			fallthrough
+		case encoder.OpStructHeadOmitEmptyMarshalTextPtr:
+			p := load(ctxptr, code.Idx)
+			if p == 0 && (code.Flags&encoder.IndirectFlags) != 0 {
+				if code.Flags&encoder.AnonymousHeadFlags == 0 {
+					b = appendNullComma(ctx, b)
+				}
+				code = code.End.Next
+				break
+			}
+			if (code.Flags & encoder.IndirectFlags) != 0 {
+				p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			}
+			if code.Flags&encoder.AnonymousHeadFlags == 0 {
+				b = appendStructHead(ctx, b)
+			}
+			if p == 0 {
+				code = code.NextField
+			} else {
+				b = appendStructKey(ctx, code, b)
+				bb, err := appendMarshalText(ctx, code, b, ptrToInterface(code, p))
+				if err != nil {
+					return nil, err
+				}
+				b = bb
+				b = appendComma(ctx, b)
+				code = code.Next
+			}
+		case encoder.OpStructField:
+			if code.Flags&encoder.IsTaggedKeyFlags != 0 || code.Flags&encoder.AnonymousKeyFlags == 0 {
+				b = appendStructKey(ctx, code, b)
+			}
+			p := load(ctxptr, code.Idx) + uintptr(code.Offset)
+			code = code.Next
+			store(ctxptr, code.Idx, p)
+		case encoder.OpStructFieldOmitEmpty:
+			p := load(ctxptr, code.Idx)
+			p += uintptr(code.Offset)
+			if ptrToPtr(p) == 0 && (code.Flags&encoder.IsNextOpPtrTypeFlags) != 0 {
+				code = code.NextField
+			} else {
+				b = appendStructKey(ctx, code, b)
+				code = code.Next
+				store(ctxptr, code.Idx, p)
+			}
+		case encoder.OpStructFieldInt:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			b = appendInt(ctx, b, p+uintptr(code.Offset), code)
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyInt:
+			p := load(ctxptr, code.Idx)
+			u64 := ptrToUint64(p+uintptr(code.Offset), code.NumBitSize)
+			v := u64 & ((1 << code.NumBitSize) - 1)
+			if v != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = appendInt(ctx, b, p+uintptr(code.Offset), code)
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructFieldIntString:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			b = append(b, '"')
+			b = appendInt(ctx, b, p+uintptr(code.Offset), code)
+			b = append(b, '"')
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyIntString:
+			p := load(ctxptr, code.Idx)
+			u64 := ptrToUint64(p+uintptr(code.Offset), code.NumBitSize)
+			v := u64 & ((1 << code.NumBitSize) - 1)
+			if v != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				b = appendInt(ctx, b, p+uintptr(code.Offset), code)
+				b = append(b, '"')
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructFieldIntPtr:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			b = appendStructKey(ctx, code, b)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = appendInt(ctx, b, p, code)
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyIntPtr:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = appendInt(ctx, b, p, code)
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructFieldIntPtrString:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			b = appendStructKey(ctx, code, b)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = append(b, '"')
+				b = appendInt(ctx, b, p, code)
+				b = append(b, '"')
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyIntPtrString:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				b = appendInt(ctx, b, p, code)
+				b = append(b, '"')
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructFieldUint:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			b = appendUint(ctx, b, p+uintptr(code.Offset), code)
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyUint:
+			p := load(ctxptr, code.Idx)
+			u64 := ptrToUint64(p+uintptr(code.Offset), code.NumBitSize)
+			v := u64 & ((1 << code.NumBitSize) - 1)
+			if v != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = appendUint(ctx, b, p+uintptr(code.Offset), code)
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructFieldUintString:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			b = append(b, '"')
+			b = appendUint(ctx, b, p+uintptr(code.Offset), code)
+			b = append(b, '"')
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyUintString:
+			p := load(ctxptr, code.Idx)
+			u64 := ptrToUint64(p+uintptr(code.Offset), code.NumBitSize)
+			v := u64 & ((1 << code.NumBitSize) - 1)
+			if v != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				b = appendUint(ctx, b, p+uintptr(code.Offset), code)
+				b = append(b, '"')
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructFieldUintPtr:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			b = appendStructKey(ctx, code, b)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = appendUint(ctx, b, p, code)
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyUintPtr:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = appendUint(ctx, b, p, code)
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructFieldUintPtrString:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			b = appendStructKey(ctx, code, b)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = append(b, '"')
+				b = appendUint(ctx, b, p, code)
+				b = append(b, '"')
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyUintPtrString:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				b = appendUint(ctx, b, p, code)
+				b = append(b, '"')
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructFieldFloat32:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			b = appendFloat32(ctx, b, ptrToFloat32(p+uintptr(code.Offset)))
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyFloat32:
+			p := load(ctxptr, code.Idx)
+			v := ptrToFloat32(p + uintptr(code.Offset))
+			if v != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = appendFloat32(ctx, b, v)
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructFieldFloat32String:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			b = append(b, '"')
+			b = appendFloat32(ctx, b, ptrToFloat32(p+uintptr(code.Offset)))
+			b = append(b, '"')
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyFloat32String:
+			p := load(ctxptr, code.Idx)
+			v := ptrToFloat32(p + uintptr(code.Offset))
+			if v != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				b = appendFloat32(ctx, b, v)
+				b = append(b, '"')
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructFieldFloat32Ptr:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			b = appendStructKey(ctx, code, b)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = appendFloat32(ctx, b, ptrToFloat32(p))
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyFloat32Ptr:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = appendFloat32(ctx, b, ptrToFloat32(p))
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructFieldFloat32PtrString:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			b = appendStructKey(ctx, code, b)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = append(b, '"')
+				b = appendFloat32(ctx, b, ptrToFloat32(p))
+				b = append(b, '"')
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyFloat32PtrString:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				b = appendFloat32(ctx, b, ptrToFloat32(p))
+				b = append(b, '"')
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructFieldFloat64:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			v := ptrToFloat64(p + uintptr(code.Offset))
+			if math.IsInf(v, 0) || math.IsNaN(v) {
+				return nil, errUnsupportedFloat(v)
+			}
+			b = appendFloat64(ctx, b, v)
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyFloat64:
+			p := load(ctxptr, code.Idx)
+			v := ptrToFloat64(p + uintptr(code.Offset))
+			if v != 0 {
+				if math.IsInf(v, 0) || math.IsNaN(v) {
+					return nil, errUnsupportedFloat(v)
+				}
+				b = appendStructKey(ctx, code, b)
+				b = appendFloat64(ctx, b, v)
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructFieldFloat64String:
+			p := load(ctxptr, code.Idx)
+			v := ptrToFloat64(p + uintptr(code.Offset))
+			if math.IsInf(v, 0) || math.IsNaN(v) {
+				return nil, errUnsupportedFloat(v)
+			}
+			b = appendStructKey(ctx, code, b)
+			b = append(b, '"')
+			b = appendFloat64(ctx, b, v)
+			b = append(b, '"')
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyFloat64String:
+			p := load(ctxptr, code.Idx)
+			v := ptrToFloat64(p + uintptr(code.Offset))
+			if v != 0 {
+				if math.IsInf(v, 0) || math.IsNaN(v) {
+					return nil, errUnsupportedFloat(v)
+				}
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				b = appendFloat64(ctx, b, v)
+				b = append(b, '"')
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructFieldFloat64Ptr:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			b = appendStructKey(ctx, code, b)
+			if p == 0 {
+				b = appendNullComma(ctx, b)
+				code = code.Next
+				break
+			}
+			v := ptrToFloat64(p)
+			if math.IsInf(v, 0) || math.IsNaN(v) {
+				return nil, errUnsupportedFloat(v)
+			}
+			b = appendFloat64(ctx, b, v)
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyFloat64Ptr:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				v := ptrToFloat64(p)
+				if math.IsInf(v, 0) || math.IsNaN(v) {
+					return nil, errUnsupportedFloat(v)
+				}
+				b = appendFloat64(ctx, b, v)
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructFieldFloat64PtrString:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			b = appendStructKey(ctx, code, b)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				v := ptrToFloat64(p)
+				if math.IsInf(v, 0) || math.IsNaN(v) {
+					return nil, errUnsupportedFloat(v)
+				}
+				b = append(b, '"')
+				b = appendFloat64(ctx, b, v)
+				b = append(b, '"')
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyFloat64PtrString:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				v := ptrToFloat64(p)
+				if math.IsInf(v, 0) || math.IsNaN(v) {
+					return nil, errUnsupportedFloat(v)
+				}
+				b = appendFloat64(ctx, b, v)
+				b = append(b, '"')
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructFieldString:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			b = appendString(ctx, b, ptrToString(p+uintptr(code.Offset)))
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyString:
+			p := load(ctxptr, code.Idx)
+			v := ptrToString(p + uintptr(code.Offset))
+			if v != "" {
+				b = appendStructKey(ctx, code, b)
+				b = appendString(ctx, b, v)
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructFieldStringString:
+			p := load(ctxptr, code.Idx)
+			s := ptrToString(p + uintptr(code.Offset))
+			b = appendStructKey(ctx, code, b)
+			b = appendString(ctx, b, string(appendString(ctx, []byte{}, s)))
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyStringString:
+			p := load(ctxptr, code.Idx)
+			v := ptrToString(p + uintptr(code.Offset))
+			if v != "" {
+				b = appendStructKey(ctx, code, b)
+				b = appendString(ctx, b, string(appendString(ctx, []byte{}, v)))
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructFieldStringPtr:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			b = appendStructKey(ctx, code, b)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = appendString(ctx, b, ptrToString(p))
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyStringPtr:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = appendString(ctx, b, ptrToString(p))
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructFieldStringPtrString:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			b = appendStructKey(ctx, code, b)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = appendString(ctx, b, string(appendString(ctx, []byte{}, ptrToString(p))))
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyStringPtrString:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = appendString(ctx, b, string(appendString(ctx, []byte{}, ptrToString(p))))
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructFieldBool:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			b = appendBool(ctx, b, ptrToBool(p+uintptr(code.Offset)))
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyBool:
+			p := load(ctxptr, code.Idx)
+			v := ptrToBool(p + uintptr(code.Offset))
+			if v {
+				b = appendStructKey(ctx, code, b)
+				b = appendBool(ctx, b, v)
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructFieldBoolString:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			b = append(b, '"')
+			b = appendBool(ctx, b, ptrToBool(p+uintptr(code.Offset)))
+			b = append(b, '"')
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyBoolString:
+			p := load(ctxptr, code.Idx)
+			v := ptrToBool(p + uintptr(code.Offset))
+			if v {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				b = appendBool(ctx, b, v)
+				b = append(b, '"')
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructFieldBoolPtr:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			b = appendStructKey(ctx, code, b)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = appendBool(ctx, b, ptrToBool(p))
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyBoolPtr:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = appendBool(ctx, b, ptrToBool(p))
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructFieldBoolPtrString:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			b = appendStructKey(ctx, code, b)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = append(b, '"')
+				b = appendBool(ctx, b, ptrToBool(p))
+				b = append(b, '"')
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyBoolPtrString:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				b = appendBool(ctx, b, ptrToBool(p))
+				b = append(b, '"')
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructFieldBytes:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			b = appendByteSlice(ctx, b, ptrToBytes(p+uintptr(code.Offset)))
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyBytes:
+			p := load(ctxptr, code.Idx)
+			v := ptrToBytes(p + uintptr(code.Offset))
+			if len(v) > 0 {
+				b = appendStructKey(ctx, code, b)
+				b = appendByteSlice(ctx, b, v)
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructFieldBytesPtr:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			b = appendStructKey(ctx, code, b)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = appendByteSlice(ctx, b, ptrToBytes(p))
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyBytesPtr:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = appendByteSlice(ctx, b, ptrToBytes(p))
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructFieldNumber:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			bb, err := appendNumber(ctx, b, ptrToNumber(p+uintptr(code.Offset)))
+			if err != nil {
+				return nil, err
+			}
+			b = appendComma(ctx, bb)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyNumber:
+			p := load(ctxptr, code.Idx)
+			v := ptrToNumber(p + uintptr(code.Offset))
+			if v != "" {
+				b = appendStructKey(ctx, code, b)
+				bb, err := appendNumber(ctx, b, v)
+				if err != nil {
+					return nil, err
+				}
+				b = appendComma(ctx, bb)
+			}
+			code = code.Next
+		case encoder.OpStructFieldNumberString:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			b = append(b, '"')
+			bb, err := appendNumber(ctx, b, ptrToNumber(p+uintptr(code.Offset)))
+			if err != nil {
+				return nil, err
+			}
+			b = append(bb, '"')
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyNumberString:
+			p := load(ctxptr, code.Idx)
+			v := ptrToNumber(p + uintptr(code.Offset))
+			if v != "" {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				bb, err := appendNumber(ctx, b, v)
+				if err != nil {
+					return nil, err
+				}
+				b = append(bb, '"')
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructFieldNumberPtr:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			b = appendStructKey(ctx, code, b)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				bb, err := appendNumber(ctx, b, ptrToNumber(p))
+				if err != nil {
+					return nil, err
+				}
+				b = bb
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyNumberPtr:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				bb, err := appendNumber(ctx, b, ptrToNumber(p))
+				if err != nil {
+					return nil, err
+				}
+				b = appendComma(ctx, bb)
+			}
+			code = code.Next
+		case encoder.OpStructFieldNumberPtrString:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			b = appendStructKey(ctx, code, b)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = append(b, '"')
+				bb, err := appendNumber(ctx, b, ptrToNumber(p))
+				if err != nil {
+					return nil, err
+				}
+				b = append(bb, '"')
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyNumberPtrString:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				bb, err := appendNumber(ctx, b, ptrToNumber(p))
+				if err != nil {
+					return nil, err
+				}
+				b = append(bb, '"')
+				b = appendComma(ctx, b)
+			}
+			code = code.Next
+		case encoder.OpStructFieldMarshalJSON:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			p += uintptr(code.Offset)
+			if (code.Flags & encoder.IsNilableTypeFlags) != 0 {
+				p = ptrToPtr(p)
+			}
+			if p == 0 && (code.Flags&encoder.NilCheckFlags) != 0 {
+				b = appendNull(ctx, b)
+			} else {
+				bb, err := appendMarshalJSON(ctx, code, b, ptrToInterface(code, p))
+				if err != nil {
+					return nil, err
+				}
+				b = bb
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyMarshalJSON:
+			p := load(ctxptr, code.Idx)
+			p += uintptr(code.Offset)
+			if (code.Flags & encoder.IsNilableTypeFlags) != 0 {
+				p = ptrToPtr(p)
+			}
+			if p == 0 && (code.Flags&encoder.NilCheckFlags) != 0 {
+				code = code.NextField
+				break
+			}
+			iface := ptrToInterface(code, p)
+			if (code.Flags&encoder.NilCheckFlags) != 0 && encoder.IsNilForMarshaler(iface) {
+				code = code.NextField
+				break
+			}
+			b = appendStructKey(ctx, code, b)
+			bb, err := appendMarshalJSON(ctx, code, b, iface)
+			if err != nil {
+				return nil, err
+			}
+			b = appendComma(ctx, bb)
+			code = code.Next
+		case encoder.OpStructFieldMarshalJSONPtr:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				bb, err := appendMarshalJSON(ctx, code, b, ptrToInterface(code, p))
+				if err != nil {
+					return nil, err
+				}
+				b = bb
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyMarshalJSONPtr:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				bb, err := appendMarshalJSON(ctx, code, b, ptrToInterface(code, p))
+				if err != nil {
+					return nil, err
+				}
+				b = appendComma(ctx, bb)
+			}
+			code = code.Next
+		case encoder.OpStructFieldMarshalText:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			p += uintptr(code.Offset)
+			if (code.Flags & encoder.IsNilableTypeFlags) != 0 {
+				p = ptrToPtr(p)
+			}
+			if p == 0 && (code.Flags&encoder.NilCheckFlags) != 0 {
+				b = appendNull(ctx, b)
+			} else {
+				bb, err := appendMarshalText(ctx, code, b, ptrToInterface(code, p))
+				if err != nil {
+					return nil, err
+				}
+				b = bb
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyMarshalText:
+			p := load(ctxptr, code.Idx)
+			p += uintptr(code.Offset)
+			if (code.Flags & encoder.IsNilableTypeFlags) != 0 {
+				p = ptrToPtr(p)
+			}
+			if p == 0 && (code.Flags&encoder.NilCheckFlags) != 0 {
+				code = code.NextField
+				break
+			}
+			b = appendStructKey(ctx, code, b)
+			bb, err := appendMarshalText(ctx, code, b, ptrToInterface(code, p))
+			if err != nil {
+				return nil, err
+			}
+			b = appendComma(ctx, bb)
+			code = code.Next
+		case encoder.OpStructFieldMarshalTextPtr:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				bb, err := appendMarshalText(ctx, code, b, ptrToInterface(code, p))
+				if err != nil {
+					return nil, err
+				}
+				b = bb
+			}
+			b = appendComma(ctx, b)
+			code = code.Next
+		case encoder.OpStructFieldOmitEmptyMarshalTextPtr:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				bb, err := appendMarshalText(ctx, code, b, ptrToInterface(code, p))
+				if err != nil {
+					return nil, err
+				}
+				b = appendComma(ctx, bb)
+			}
+			code = code.Next
+		case encoder.OpStructFieldArray:
+			b = appendStructKey(ctx, code, b)
+			p := load(ctxptr, code.Idx)
+			p += uintptr(code.Offset)
+			code = code.Next
+			store(ctxptr, code.Idx, p)
+		case encoder.OpStructFieldOmitEmptyArray:
+			b = appendStructKey(ctx, code, b)
+			p := load(ctxptr, code.Idx)
+			p += uintptr(code.Offset)
+			code = code.Next
+			store(ctxptr, code.Idx, p)
+		case encoder.OpStructFieldArrayPtr:
+			b = appendStructKey(ctx, code, b)
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			code = code.Next
+			store(ctxptr, code.Idx, p)
+		case encoder.OpStructFieldOmitEmptyArrayPtr:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				code = code.Next
+				store(ctxptr, code.Idx, p)
+			} else {
+				code = code.NextField
+			}
+		case encoder.OpStructFieldSlice:
+			b = appendStructKey(ctx, code, b)
+			p := load(ctxptr, code.Idx)
+			p += uintptr(code.Offset)
+			code = code.Next
+			store(ctxptr, code.Idx, p)
+		case encoder.OpStructFieldOmitEmptySlice:
+			p := load(ctxptr, code.Idx)
+			p += uintptr(code.Offset)
+			slice := ptrToSlice(p)
+			if slice.Len == 0 {
+				code = code.NextField
+			} else {
+				b = appendStructKey(ctx, code, b)
+				code = code.Next
+				store(ctxptr, code.Idx, p)
+			}
+		case encoder.OpStructFieldSlicePtr:
+			b = appendStructKey(ctx, code, b)
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			code = code.Next
+			store(ctxptr, code.Idx, p)
+		case encoder.OpStructFieldOmitEmptySlicePtr:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				code = code.Next
+				store(ctxptr, code.Idx, p)
+			} else {
+				code = code.NextField
+			}
+		case encoder.OpStructFieldMap:
+			b = appendStructKey(ctx, code, b)
+			p := load(ctxptr, code.Idx)
+			p = ptrToPtr(p + uintptr(code.Offset))
+			code = code.Next
+			store(ctxptr, code.Idx, p)
+		case encoder.OpStructFieldOmitEmptyMap:
+			p := load(ctxptr, code.Idx)
+			p = ptrToPtr(p + uintptr(code.Offset))
+			if p == 0 || maplen(ptrToUnsafePtr(p)) == 0 {
+				code = code.NextField
+			} else {
+				b = appendStructKey(ctx, code, b)
+				code = code.Next
+				store(ctxptr, code.Idx, p)
+			}
+		case encoder.OpStructFieldMapPtr:
+			b = appendStructKey(ctx, code, b)
+			p := load(ctxptr, code.Idx)
+			p = ptrToPtr(p + uintptr(code.Offset))
+			if p != 0 {
+				p = ptrToNPtr(p, code.PtrNum)
+			}
+			code = code.Next
+			store(ctxptr, code.Idx, p)
+		case encoder.OpStructFieldOmitEmptyMapPtr:
+			p := load(ctxptr, code.Idx)
+			p = ptrToPtr(p + uintptr(code.Offset))
+			if p != 0 {
+				p = ptrToNPtr(p, code.PtrNum)
+			}
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				code = code.Next
+				store(ctxptr, code.Idx, p)
+			} else {
+				code = code.NextField
+			}
+		case encoder.OpStructFieldStruct:
+			b = appendStructKey(ctx, code, b)
+			p := load(ctxptr, code.Idx)
+			p += uintptr(code.Offset)
+			code = code.Next
+			store(ctxptr, code.Idx, p)
+		case encoder.OpStructFieldOmitEmptyStruct:
+			p := load(ctxptr, code.Idx)
+			p += uintptr(code.Offset)
+			if ptrToPtr(p) == 0 && (code.Flags&encoder.IsNextOpPtrTypeFlags) != 0 {
+				code = code.NextField
+			} else {
+				b = appendStructKey(ctx, code, b)
+				code = code.Next
+				store(ctxptr, code.Idx, p)
+			}
+		case encoder.OpStructEnd:
+			b = appendStructEndSkipLast(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndInt:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			b = appendInt(ctx, b, p+uintptr(code.Offset), code)
+			b = appendStructEnd(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyInt:
+			p := load(ctxptr, code.Idx)
+			u64 := ptrToUint64(p+uintptr(code.Offset), code.NumBitSize)
+			v := u64 & ((1 << code.NumBitSize) - 1)
+			if v != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = appendInt(ctx, b, p+uintptr(code.Offset), code)
+				b = appendStructEnd(ctx, code, b)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpStructEndIntString:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			b = append(b, '"')
+			b = appendInt(ctx, b, p+uintptr(code.Offset), code)
+			b = append(b, '"')
+			b = appendStructEnd(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyIntString:
+			p := load(ctxptr, code.Idx)
+			u64 := ptrToUint64(p+uintptr(code.Offset), code.NumBitSize)
+			v := u64 & ((1 << code.NumBitSize) - 1)
+			if v != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				b = appendInt(ctx, b, p+uintptr(code.Offset), code)
+				b = append(b, '"')
+				b = appendStructEnd(ctx, code, b)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpStructEndIntPtr:
+			b = appendStructKey(ctx, code, b)
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = appendInt(ctx, b, p, code)
+			}
+			b = appendStructEnd(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyIntPtr:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = appendInt(ctx, b, p, code)
+				b = appendStructEnd(ctx, code, b)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpStructEndIntPtrString:
+			b = appendStructKey(ctx, code, b)
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = append(b, '"')
+				b = appendInt(ctx, b, p, code)
+				b = append(b, '"')
+			}
+			b = appendStructEnd(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyIntPtrString:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				b = appendInt(ctx, b, p, code)
+				b = append(b, '"')
+				b = appendStructEnd(ctx, code, b)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpStructEndUint:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			b = appendUint(ctx, b, p+uintptr(code.Offset), code)
+			b = appendStructEnd(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyUint:
+			p := load(ctxptr, code.Idx)
+			u64 := ptrToUint64(p+uintptr(code.Offset), code.NumBitSize)
+			v := u64 & ((1 << code.NumBitSize) - 1)
+			if v != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = appendUint(ctx, b, p+uintptr(code.Offset), code)
+				b = appendStructEnd(ctx, code, b)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpStructEndUintString:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			b = append(b, '"')
+			b = appendUint(ctx, b, p+uintptr(code.Offset), code)
+			b = append(b, '"')
+			b = appendStructEnd(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyUintString:
+			p := load(ctxptr, code.Idx)
+			u64 := ptrToUint64(p+uintptr(code.Offset), code.NumBitSize)
+			v := u64 & ((1 << code.NumBitSize) - 1)
+			if v != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				b = appendUint(ctx, b, p+uintptr(code.Offset), code)
+				b = append(b, '"')
+				b = appendStructEnd(ctx, code, b)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpStructEndUintPtr:
+			b = appendStructKey(ctx, code, b)
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = appendUint(ctx, b, p, code)
+			}
+			b = appendStructEnd(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyUintPtr:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = appendUint(ctx, b, p, code)
+				b = appendStructEnd(ctx, code, b)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpStructEndUintPtrString:
+			b = appendStructKey(ctx, code, b)
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = append(b, '"')
+				b = appendUint(ctx, b, p, code)
+				b = append(b, '"')
+			}
+			b = appendStructEnd(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyUintPtrString:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				b = appendUint(ctx, b, p, code)
+				b = append(b, '"')
+				b = appendStructEnd(ctx, code, b)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpStructEndFloat32:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			b = appendFloat32(ctx, b, ptrToFloat32(p+uintptr(code.Offset)))
+			b = appendStructEnd(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyFloat32:
+			p := load(ctxptr, code.Idx)
+			v := ptrToFloat32(p + uintptr(code.Offset))
+			if v != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = appendFloat32(ctx, b, v)
+				b = appendStructEnd(ctx, code, b)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpStructEndFloat32String:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			b = append(b, '"')
+			b = appendFloat32(ctx, b, ptrToFloat32(p+uintptr(code.Offset)))
+			b = append(b, '"')
+			b = appendStructEnd(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyFloat32String:
+			p := load(ctxptr, code.Idx)
+			v := ptrToFloat32(p + uintptr(code.Offset))
+			if v != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				b = appendFloat32(ctx, b, v)
+				b = append(b, '"')
+				b = appendStructEnd(ctx, code, b)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpStructEndFloat32Ptr:
+			b = appendStructKey(ctx, code, b)
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = appendFloat32(ctx, b, ptrToFloat32(p))
+			}
+			b = appendStructEnd(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyFloat32Ptr:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = appendFloat32(ctx, b, ptrToFloat32(p))
+				b = appendStructEnd(ctx, code, b)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpStructEndFloat32PtrString:
+			b = appendStructKey(ctx, code, b)
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = append(b, '"')
+				b = appendFloat32(ctx, b, ptrToFloat32(p))
+				b = append(b, '"')
+			}
+			b = appendStructEnd(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyFloat32PtrString:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				b = appendFloat32(ctx, b, ptrToFloat32(p))
+				b = append(b, '"')
+				b = appendStructEnd(ctx, code, b)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpStructEndFloat64:
+			p := load(ctxptr, code.Idx)
+			v := ptrToFloat64(p + uintptr(code.Offset))
+			if math.IsInf(v, 0) || math.IsNaN(v) {
+				return nil, errUnsupportedFloat(v)
+			}
+			b = appendStructKey(ctx, code, b)
+			b = appendFloat64(ctx, b, v)
+			b = appendStructEnd(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyFloat64:
+			p := load(ctxptr, code.Idx)
+			v := ptrToFloat64(p + uintptr(code.Offset))
+			if v != 0 {
+				if math.IsInf(v, 0) || math.IsNaN(v) {
+					return nil, errUnsupportedFloat(v)
+				}
+				b = appendStructKey(ctx, code, b)
+				b = appendFloat64(ctx, b, v)
+				b = appendStructEnd(ctx, code, b)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpStructEndFloat64String:
+			p := load(ctxptr, code.Idx)
+			v := ptrToFloat64(p + uintptr(code.Offset))
+			if math.IsInf(v, 0) || math.IsNaN(v) {
+				return nil, errUnsupportedFloat(v)
+			}
+			b = appendStructKey(ctx, code, b)
+			b = append(b, '"')
+			b = appendFloat64(ctx, b, v)
+			b = append(b, '"')
+			b = appendStructEnd(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyFloat64String:
+			p := load(ctxptr, code.Idx)
+			v := ptrToFloat64(p + uintptr(code.Offset))
+			if v != 0 {
+				if math.IsInf(v, 0) || math.IsNaN(v) {
+					return nil, errUnsupportedFloat(v)
+				}
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				b = appendFloat64(ctx, b, v)
+				b = append(b, '"')
+				b = appendStructEnd(ctx, code, b)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpStructEndFloat64Ptr:
+			b = appendStructKey(ctx, code, b)
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p == 0 {
+				b = appendNull(ctx, b)
+				b = appendStructEnd(ctx, code, b)
+				code = code.Next
+				break
+			}
+			v := ptrToFloat64(p)
+			if math.IsInf(v, 0) || math.IsNaN(v) {
+				return nil, errUnsupportedFloat(v)
+			}
+			b = appendFloat64(ctx, b, v)
+			b = appendStructEnd(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyFloat64Ptr:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				v := ptrToFloat64(p)
+				if math.IsInf(v, 0) || math.IsNaN(v) {
+					return nil, errUnsupportedFloat(v)
+				}
+				b = appendFloat64(ctx, b, v)
+				b = appendStructEnd(ctx, code, b)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpStructEndFloat64PtrString:
+			b = appendStructKey(ctx, code, b)
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = append(b, '"')
+				v := ptrToFloat64(p)
+				if math.IsInf(v, 0) || math.IsNaN(v) {
+					return nil, errUnsupportedFloat(v)
+				}
+				b = appendFloat64(ctx, b, v)
+				b = append(b, '"')
+			}
+			b = appendStructEnd(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyFloat64PtrString:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				v := ptrToFloat64(p)
+				if math.IsInf(v, 0) || math.IsNaN(v) {
+					return nil, errUnsupportedFloat(v)
+				}
+				b = append(b, '"')
+				b = appendFloat64(ctx, b, v)
+				b = append(b, '"')
+				b = appendStructEnd(ctx, code, b)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpStructEndString:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			b = appendString(ctx, b, ptrToString(p+uintptr(code.Offset)))
+			b = appendStructEnd(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyString:
+			p := load(ctxptr, code.Idx)
+			v := ptrToString(p + uintptr(code.Offset))
+			if v != "" {
+				b = appendStructKey(ctx, code, b)
+				b = appendString(ctx, b, v)
+				b = appendStructEnd(ctx, code, b)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpStructEndStringString:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			s := ptrToString(p + uintptr(code.Offset))
+			b = appendString(ctx, b, string(appendString(ctx, []byte{}, s)))
+			b = appendStructEnd(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyStringString:
+			p := load(ctxptr, code.Idx)
+			v := ptrToString(p + uintptr(code.Offset))
+			if v != "" {
+				b = appendStructKey(ctx, code, b)
+				b = appendString(ctx, b, string(appendString(ctx, []byte{}, v)))
+				b = appendStructEnd(ctx, code, b)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpStructEndStringPtr:
+			b = appendStructKey(ctx, code, b)
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = appendString(ctx, b, ptrToString(p))
+			}
+			b = appendStructEnd(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyStringPtr:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = appendString(ctx, b, ptrToString(p))
+				b = appendStructEnd(ctx, code, b)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpStructEndStringPtrString:
+			b = appendStructKey(ctx, code, b)
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = appendString(ctx, b, string(appendString(ctx, []byte{}, ptrToString(p))))
+			}
+			b = appendStructEnd(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyStringPtrString:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = appendString(ctx, b, string(appendString(ctx, []byte{}, ptrToString(p))))
+				b = appendStructEnd(ctx, code, b)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpStructEndBool:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			b = appendBool(ctx, b, ptrToBool(p+uintptr(code.Offset)))
+			b = appendStructEnd(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyBool:
+			p := load(ctxptr, code.Idx)
+			v := ptrToBool(p + uintptr(code.Offset))
+			if v {
+				b = appendStructKey(ctx, code, b)
+				b = appendBool(ctx, b, v)
+				b = appendStructEnd(ctx, code, b)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpStructEndBoolString:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			b = append(b, '"')
+			b = appendBool(ctx, b, ptrToBool(p+uintptr(code.Offset)))
+			b = append(b, '"')
+			b = appendStructEnd(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyBoolString:
+			p := load(ctxptr, code.Idx)
+			v := ptrToBool(p + uintptr(code.Offset))
+			if v {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				b = appendBool(ctx, b, v)
+				b = append(b, '"')
+				b = appendStructEnd(ctx, code, b)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpStructEndBoolPtr:
+			b = appendStructKey(ctx, code, b)
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = appendBool(ctx, b, ptrToBool(p))
+			}
+			b = appendStructEnd(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyBoolPtr:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = appendBool(ctx, b, ptrToBool(p))
+				b = appendStructEnd(ctx, code, b)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpStructEndBoolPtrString:
+			b = appendStructKey(ctx, code, b)
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = append(b, '"')
+				b = appendBool(ctx, b, ptrToBool(p))
+				b = append(b, '"')
+			}
+			b = appendStructEnd(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyBoolPtrString:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				b = appendBool(ctx, b, ptrToBool(p))
+				b = append(b, '"')
+				b = appendStructEnd(ctx, code, b)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpStructEndBytes:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			b = appendByteSlice(ctx, b, ptrToBytes(p+uintptr(code.Offset)))
+			b = appendStructEnd(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyBytes:
+			p := load(ctxptr, code.Idx)
+			v := ptrToBytes(p + uintptr(code.Offset))
+			if len(v) > 0 {
+				b = appendStructKey(ctx, code, b)
+				b = appendByteSlice(ctx, b, v)
+				b = appendStructEnd(ctx, code, b)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpStructEndBytesPtr:
+			b = appendStructKey(ctx, code, b)
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = appendByteSlice(ctx, b, ptrToBytes(p))
+			}
+			b = appendStructEnd(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyBytesPtr:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = appendByteSlice(ctx, b, ptrToBytes(p))
+				b = appendStructEnd(ctx, code, b)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpStructEndNumber:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			bb, err := appendNumber(ctx, b, ptrToNumber(p+uintptr(code.Offset)))
+			if err != nil {
+				return nil, err
+			}
+			b = appendStructEnd(ctx, code, bb)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyNumber:
+			p := load(ctxptr, code.Idx)
+			v := ptrToNumber(p + uintptr(code.Offset))
+			if v != "" {
+				b = appendStructKey(ctx, code, b)
+				bb, err := appendNumber(ctx, b, v)
+				if err != nil {
+					return nil, err
+				}
+				b = appendStructEnd(ctx, code, bb)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpStructEndNumberString:
+			p := load(ctxptr, code.Idx)
+			b = appendStructKey(ctx, code, b)
+			b = append(b, '"')
+			bb, err := appendNumber(ctx, b, ptrToNumber(p+uintptr(code.Offset)))
+			if err != nil {
+				return nil, err
+			}
+			b = append(bb, '"')
+			b = appendStructEnd(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyNumberString:
+			p := load(ctxptr, code.Idx)
+			v := ptrToNumber(p + uintptr(code.Offset))
+			if v != "" {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				bb, err := appendNumber(ctx, b, v)
+				if err != nil {
+					return nil, err
+				}
+				b = append(bb, '"')
+				b = appendStructEnd(ctx, code, b)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpStructEndNumberPtr:
+			b = appendStructKey(ctx, code, b)
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				bb, err := appendNumber(ctx, b, ptrToNumber(p))
+				if err != nil {
+					return nil, err
+				}
+				b = bb
+			}
+			b = appendStructEnd(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyNumberPtr:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				bb, err := appendNumber(ctx, b, ptrToNumber(p))
+				if err != nil {
+					return nil, err
+				}
+				b = appendStructEnd(ctx, code, bb)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpStructEndNumberPtrString:
+			b = appendStructKey(ctx, code, b)
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p == 0 {
+				b = appendNull(ctx, b)
+			} else {
+				b = append(b, '"')
+				bb, err := appendNumber(ctx, b, ptrToNumber(p))
+				if err != nil {
+					return nil, err
+				}
+				b = append(bb, '"')
+			}
+			b = appendStructEnd(ctx, code, b)
+			code = code.Next
+		case encoder.OpStructEndOmitEmptyNumberPtrString:
+			p := load(ctxptr, code.Idx)
+			p = ptrToNPtr(p+uintptr(code.Offset), code.PtrNum)
+			if p != 0 {
+				b = appendStructKey(ctx, code, b)
+				b = append(b, '"')
+				bb, err := appendNumber(ctx, b, ptrToNumber(p))
+				if err != nil {
+					return nil, err
+				}
+				b = append(bb, '"')
+				b = appendStructEnd(ctx, code, b)
+			} else {
+				b = appendStructEndSkipLast(ctx, code, b)
+			}
+			code = code.Next
+		case encoder.OpEnd:
+			goto END
+		}
+	}
+END:
+	return b, nil
+}
diff --git a/vendor/github.com/goccy/go-json/internal/errors/error.go b/vendor/github.com/goccy/go-json/internal/errors/error.go
new file mode 100644
index 000000000..9207d0ff2
--- /dev/null
+++ b/vendor/github.com/goccy/go-json/internal/errors/error.go
@@ -0,0 +1,183 @@
+package errors
+
+import (
+	"fmt"
+	"reflect"
+	"strconv"
+)
+
+type InvalidUTF8Error struct {
+	S string // the whole string value that caused the error
+}
+
+func (e *InvalidUTF8Error) Error() string {
+	return fmt.Sprintf("json: invalid UTF-8 in string: %s", strconv.Quote(e.S))
+}
+
+type InvalidUnmarshalError struct {
+	Type reflect.Type
+}
+
+func (e *InvalidUnmarshalError) Error() string {
+	if e.Type == nil {
+		return "json: Unmarshal(nil)"
+	}
+
+	if e.Type.Kind() != reflect.Ptr {
+		return fmt.Sprintf("json: Unmarshal(non-pointer %s)", e.Type)
+	}
+	return fmt.Sprintf("json: Unmarshal(nil %s)", e.Type)
+}
+
+// A MarshalerError represents an error from calling a MarshalJSON or MarshalText method.
+type MarshalerError struct {
+	Type       reflect.Type
+	Err        error
+	sourceFunc string
+}
+
+func (e *MarshalerError) Error() string {
+	srcFunc := e.sourceFunc
+	if srcFunc == "" {
+		srcFunc = "MarshalJSON"
+	}
+	return fmt.Sprintf("json: error calling %s for type %s: %s", srcFunc, e.Type, e.Err.Error())
+}
+
+// Unwrap returns the underlying error.
+func (e *MarshalerError) Unwrap() error { return e.Err }
+
+// A SyntaxError is a description of a JSON syntax error.
+type SyntaxError struct {
+	msg    string // description of error
+	Offset int64  // error occurred after reading Offset bytes
+}
+
+func (e *SyntaxError) Error() string { return e.msg }
+
+// An UnmarshalFieldError describes a JSON object key that
+// led to an unexported (and therefore unwritable) struct field.
+//
+// Deprecated: No longer used; kept for compatibility.
+type UnmarshalFieldError struct {
+	Key   string
+	Type  reflect.Type
+	Field reflect.StructField
+}
+
+func (e *UnmarshalFieldError) Error() string {
+	return fmt.Sprintf("json: cannot unmarshal object key %s into unexported field %s of type %s",
+		strconv.Quote(e.Key), e.Field.Name, e.Type.String(),
+	)
+}
+
+// An UnmarshalTypeError describes a JSON value that was
+// not appropriate for a value of a specific Go type.
+type UnmarshalTypeError struct {
+	Value  string       // description of JSON value - "bool", "array", "number -5"
+	Type   reflect.Type // type of Go value it could not be assigned to
+	Offset int64        // error occurred after reading Offset bytes
+	Struct string       // name of the struct type containing the field
+	Field  string       // the full path from root node to the field
+}
+
+func (e *UnmarshalTypeError) Error() string {
+	if e.Struct != "" || e.Field != "" {
+		return fmt.Sprintf("json: cannot unmarshal %s into Go struct field %s.%s of type %s",
+			e.Value, e.Struct, e.Field, e.Type,
+		)
+	}
+	return fmt.Sprintf("json: cannot unmarshal %s into Go value of type %s", e.Value, e.Type)
+}
+
+// An UnsupportedTypeError is returned by Marshal when attempting
+// to encode an unsupported value type.
+type UnsupportedTypeError struct {
+	Type reflect.Type
+}
+
+func (e *UnsupportedTypeError) Error() string {
+	return fmt.Sprintf("json: unsupported type: %s", e.Type)
+}
+
+type UnsupportedValueError struct {
+	Value reflect.Value
+	Str   string
+}
+
+func (e *UnsupportedValueError) Error() string {
+	return fmt.Sprintf("json: unsupported value: %s", e.Str)
+}
+
+func ErrSyntax(msg string, offset int64) *SyntaxError {
+	return &SyntaxError{msg: msg, Offset: offset}
+}
+
+func ErrMarshaler(typ reflect.Type, err error, msg string) *MarshalerError {
+	return &MarshalerError{
+		Type:       typ,
+		Err:        err,
+		sourceFunc: msg,
+	}
+}
+
+func ErrExceededMaxDepth(c byte, cursor int64) *SyntaxError {
+	return &SyntaxError{
+		msg:    fmt.Sprintf(`invalid character "%c" exceeded max depth`, c),
+		Offset: cursor,
+	}
+}
+
+func ErrNotAtBeginningOfValue(cursor int64) *SyntaxError {
+	return &SyntaxError{msg: "not at beginning of value", Offset: cursor}
+}
+
+func ErrUnexpectedEndOfJSON(msg string, cursor int64) *SyntaxError {
+	return &SyntaxError{
+		msg:    fmt.Sprintf("json: %s unexpected end of JSON input", msg),
+		Offset: cursor,
+	}
+}
+
+func ErrExpected(msg string, cursor int64) *SyntaxError {
+	return &SyntaxError{msg: fmt.Sprintf("expected %s", msg), Offset: cursor}
+}
+
+func ErrInvalidCharacter(c byte, context string, cursor int64) *SyntaxError {
+	if c == 0 {
+		return &SyntaxError{
+			msg:    fmt.Sprintf("json: invalid character as %s", context),
+			Offset: cursor,
+		}
+	}
+	return &SyntaxError{
+		msg:    fmt.Sprintf("json: invalid character %c as %s", c, context),
+		Offset: cursor,
+	}
+}
+
+func ErrInvalidBeginningOfValue(c byte, cursor int64) *SyntaxError {
+	return &SyntaxError{
+		msg:    fmt.Sprintf("invalid character '%c' looking for beginning of value", c),
+		Offset: cursor,
+	}
+}
+
+type PathError struct {
+	msg string
+}
+
+func (e *PathError) Error() string {
+	return fmt.Sprintf("json: invalid path format: %s", e.msg)
+}
+
+func ErrInvalidPath(msg string, args ...interface{}) *PathError {
+	if len(args) != 0 {
+		return &PathError{msg: fmt.Sprintf(msg, args...)}
+	}
+	return &PathError{msg: msg}
+}
+
+func ErrEmptyPath() *PathError {
+	return &PathError{msg: "path is empty"}
+}
diff --git a/vendor/github.com/goccy/go-json/internal/runtime/rtype.go b/vendor/github.com/goccy/go-json/internal/runtime/rtype.go
new file mode 100644
index 000000000..4db10debe
--- /dev/null
+++ b/vendor/github.com/goccy/go-json/internal/runtime/rtype.go
@@ -0,0 +1,263 @@
+package runtime
+
+import (
+	"reflect"
+	"unsafe"
+)
+
+// Type representing reflect.rtype for noescape trick
+type Type struct{}
+
+//go:linkname rtype_Align reflect.(*rtype).Align
+//go:noescape
+func rtype_Align(*Type) int
+
+func (t *Type) Align() int {
+	return rtype_Align(t)
+}
+
+//go:linkname rtype_FieldAlign reflect.(*rtype).FieldAlign
+//go:noescape
+func rtype_FieldAlign(*Type) int
+
+func (t *Type) FieldAlign() int {
+	return rtype_FieldAlign(t)
+}
+
+//go:linkname rtype_Method reflect.(*rtype).Method
+//go:noescape
+func rtype_Method(*Type, int) reflect.Method
+
+func (t *Type) Method(a0 int) reflect.Method {
+	return rtype_Method(t, a0)
+}
+
+//go:linkname rtype_MethodByName reflect.(*rtype).MethodByName
+//go:noescape
+func rtype_MethodByName(*Type, string) (reflect.Method, bool)
+
+func (t *Type) MethodByName(a0 string) (reflect.Method, bool) {
+	return rtype_MethodByName(t, a0)
+}
+
+//go:linkname rtype_NumMethod reflect.(*rtype).NumMethod
+//go:noescape
+func rtype_NumMethod(*Type) int
+
+func (t *Type) NumMethod() int {
+	return rtype_NumMethod(t)
+}
+
+//go:linkname rtype_Name reflect.(*rtype).Name
+//go:noescape
+func rtype_Name(*Type) string
+
+func (t *Type) Name() string {
+	return rtype_Name(t)
+}
+
+//go:linkname rtype_PkgPath reflect.(*rtype).PkgPath
+//go:noescape
+func rtype_PkgPath(*Type) string
+
+func (t *Type) PkgPath() string {
+	return rtype_PkgPath(t)
+}
+
+//go:linkname rtype_Size reflect.(*rtype).Size
+//go:noescape
+func rtype_Size(*Type) uintptr
+
+func (t *Type) Size() uintptr {
+	return rtype_Size(t)
+}
+
+//go:linkname rtype_String reflect.(*rtype).String
+//go:noescape
+func rtype_String(*Type) string
+
+func (t *Type) String() string {
+	return rtype_String(t)
+}
+
+//go:linkname rtype_Kind reflect.(*rtype).Kind
+//go:noescape
+func rtype_Kind(*Type) reflect.Kind
+
+func (t *Type) Kind() reflect.Kind {
+	return rtype_Kind(t)
+}
+
+//go:linkname rtype_Implements reflect.(*rtype).Implements
+//go:noescape
+func rtype_Implements(*Type, reflect.Type) bool
+
+func (t *Type) Implements(u reflect.Type) bool {
+	return rtype_Implements(t, u)
+}
+
+//go:linkname rtype_AssignableTo reflect.(*rtype).AssignableTo
+//go:noescape
+func rtype_AssignableTo(*Type, reflect.Type) bool
+
+func (t *Type) AssignableTo(u reflect.Type) bool {
+	return rtype_AssignableTo(t, u)
+}
+
+//go:linkname rtype_ConvertibleTo reflect.(*rtype).ConvertibleTo
+//go:noescape
+func rtype_ConvertibleTo(*Type, reflect.Type) bool
+
+func (t *Type) ConvertibleTo(u reflect.Type) bool {
+	return rtype_ConvertibleTo(t, u)
+}
+
+//go:linkname rtype_Comparable reflect.(*rtype).Comparable
+//go:noescape
+func rtype_Comparable(*Type) bool
+
+func (t *Type) Comparable() bool {
+	return rtype_Comparable(t)
+}
+
+//go:linkname rtype_Bits reflect.(*rtype).Bits
+//go:noescape
+func rtype_Bits(*Type) int
+
+func (t *Type) Bits() int {
+	return rtype_Bits(t)
+}
+
+//go:linkname rtype_ChanDir reflect.(*rtype).ChanDir
+//go:noescape
+func rtype_ChanDir(*Type) reflect.ChanDir
+
+func (t *Type) ChanDir() reflect.ChanDir {
+	return rtype_ChanDir(t)
+}
+
+//go:linkname rtype_IsVariadic reflect.(*rtype).IsVariadic
+//go:noescape
+func rtype_IsVariadic(*Type) bool
+
+func (t *Type) IsVariadic() bool {
+	return rtype_IsVariadic(t)
+}
+
+//go:linkname rtype_Elem reflect.(*rtype).Elem
+//go:noescape
+func rtype_Elem(*Type) reflect.Type
+
+func (t *Type) Elem() *Type {
+	return Type2RType(rtype_Elem(t))
+}
+
+//go:linkname rtype_Field reflect.(*rtype).Field
+//go:noescape
+func rtype_Field(*Type, int) reflect.StructField
+
+func (t *Type) Field(i int) reflect.StructField {
+	return rtype_Field(t, i)
+}
+
+//go:linkname rtype_FieldByIndex reflect.(*rtype).FieldByIndex
+//go:noescape
+func rtype_FieldByIndex(*Type, []int) reflect.StructField
+
+func (t *Type) FieldByIndex(index []int) reflect.StructField {
+	return rtype_FieldByIndex(t, index)
+}
+
+//go:linkname rtype_FieldByName reflect.(*rtype).FieldByName
+//go:noescape
+func rtype_FieldByName(*Type, string) (reflect.StructField, bool)
+
+func (t *Type) FieldByName(name string) (reflect.StructField, bool) {
+	return rtype_FieldByName(t, name)
+}
+
+//go:linkname rtype_FieldByNameFunc reflect.(*rtype).FieldByNameFunc
+//go:noescape
+func rtype_FieldByNameFunc(*Type, func(string) bool) (reflect.StructField, bool)
+
+func (t *Type) FieldByNameFunc(match func(string) bool) (reflect.StructField, bool) {
+	return rtype_FieldByNameFunc(t, match)
+}
+
+//go:linkname rtype_In reflect.(*rtype).In
+//go:noescape
+func rtype_In(*Type, int) reflect.Type
+
+func (t *Type) In(i int) reflect.Type {
+	return rtype_In(t, i)
+}
+
+//go:linkname rtype_Key reflect.(*rtype).Key
+//go:noescape
+func rtype_Key(*Type) reflect.Type
+
+func (t *Type) Key() *Type {
+	return Type2RType(rtype_Key(t))
+}
+
+//go:linkname rtype_Len reflect.(*rtype).Len
+//go:noescape
+func rtype_Len(*Type) int
+
+func (t *Type) Len() int {
+	return rtype_Len(t)
+}
+
+//go:linkname rtype_NumField reflect.(*rtype).NumField
+//go:noescape
+func rtype_NumField(*Type) int
+
+func (t *Type) NumField() int {
+	return rtype_NumField(t)
+}
+
+//go:linkname rtype_NumIn reflect.(*rtype).NumIn
+//go:noescape
+func rtype_NumIn(*Type) int
+
+func (t *Type) NumIn() int {
+	return rtype_NumIn(t)
+}
+
+//go:linkname rtype_NumOut reflect.(*rtype).NumOut
+//go:noescape
+func rtype_NumOut(*Type) int
+
+func (t *Type) NumOut() int {
+	return rtype_NumOut(t)
+}
+
+//go:linkname rtype_Out reflect.(*rtype).Out
+//go:noescape
+func rtype_Out(*Type, int) reflect.Type
+
+//go:linkname PtrTo reflect.(*rtype).ptrTo
+//go:noescape
+func PtrTo(*Type) *Type
+
+func (t *Type) Out(i int) reflect.Type {
+	return rtype_Out(t, i)
+}
+
+//go:linkname IfaceIndir reflect.ifaceIndir
+//go:noescape
+func IfaceIndir(*Type) bool
+
+//go:linkname RType2Type reflect.toType
+//go:noescape
+func RType2Type(t *Type) reflect.Type
+
+//go:nolint structcheck
+type emptyInterface struct {
+	_   *Type
+	ptr unsafe.Pointer
+}
+
+func Type2RType(t reflect.Type) *Type {
+	return (*Type)(((*emptyInterface)(unsafe.Pointer(&t))).ptr)
+}
diff --git a/vendor/github.com/goccy/go-json/internal/runtime/struct_field.go b/vendor/github.com/goccy/go-json/internal/runtime/struct_field.go
new file mode 100644
index 000000000..baab0c597
--- /dev/null
+++ b/vendor/github.com/goccy/go-json/internal/runtime/struct_field.go
@@ -0,0 +1,91 @@
+package runtime
+
+import (
+	"reflect"
+	"strings"
+	"unicode"
+)
+
+func getTag(field reflect.StructField) string {
+	return field.Tag.Get("json")
+}
+
+func IsIgnoredStructField(field reflect.StructField) bool {
+	if field.PkgPath != "" {
+		if field.Anonymous {
+			t := field.Type
+			if t.Kind() == reflect.Ptr {
+				t = t.Elem()
+			}
+			if t.Kind() != reflect.Struct {
+				return true
+			}
+		} else {
+			// private field
+			return true
+		}
+	}
+	tag := getTag(field)
+	return tag == "-"
+}
+
+type StructTag struct {
+	Key         string
+	IsTaggedKey bool
+	IsOmitEmpty bool
+	IsString    bool
+	Field       reflect.StructField
+}
+
+type StructTags []*StructTag
+
+func (t StructTags) ExistsKey(key string) bool {
+	for _, tt := range t {
+		if tt.Key == key {
+			return true
+		}
+	}
+	return false
+}
+
+func isValidTag(s string) bool {
+	if s == "" {
+		return false
+	}
+	for _, c := range s {
+		switch {
+		case strings.ContainsRune("!#$%&()*+-./:<=>?@[]^_{|}~ ", c):
+			// Backslash and quote chars are reserved, but
+			// otherwise any punctuation chars are allowed
+			// in a tag name.
+		case !unicode.IsLetter(c) && !unicode.IsDigit(c):
+			return false
+		}
+	}
+	return true
+}
+
+func StructTagFromField(field reflect.StructField) *StructTag {
+	keyName := field.Name
+	tag := getTag(field)
+	st := &StructTag{Field: field}
+	opts := strings.Split(tag, ",")
+	if len(opts) > 0 {
+		if opts[0] != "" && isValidTag(opts[0]) {
+			keyName = opts[0]
+			st.IsTaggedKey = true
+		}
+	}
+	st.Key = keyName
+	if len(opts) > 1 {
+		for _, opt := range opts[1:] {
+			switch opt {
+			case "omitempty":
+				st.IsOmitEmpty = true
+			case "string":
+				st.IsString = true
+			}
+		}
+	}
+	return st
+}
diff --git a/vendor/github.com/goccy/go-json/internal/runtime/type.go b/vendor/github.com/goccy/go-json/internal/runtime/type.go
new file mode 100644
index 000000000..0167cd2c0
--- /dev/null
+++ b/vendor/github.com/goccy/go-json/internal/runtime/type.go
@@ -0,0 +1,100 @@
+package runtime
+
+import (
+	"reflect"
+	"unsafe"
+)
+
+type SliceHeader struct {
+	Data unsafe.Pointer
+	Len  int
+	Cap  int
+}
+
+const (
+	maxAcceptableTypeAddrRange = 1024 * 1024 * 2 // 2 Mib
+)
+
+type TypeAddr struct {
+	BaseTypeAddr uintptr
+	MaxTypeAddr  uintptr
+	AddrRange    uintptr
+	AddrShift    uintptr
+}
+
+var (
+	typeAddr        *TypeAddr
+	alreadyAnalyzed bool
+)
+
+//go:linkname typelinks reflect.typelinks
+func typelinks() ([]unsafe.Pointer, [][]int32)
+
+//go:linkname rtypeOff reflect.rtypeOff
+func rtypeOff(unsafe.Pointer, int32) unsafe.Pointer
+
+func AnalyzeTypeAddr() *TypeAddr {
+	defer func() {
+		alreadyAnalyzed = true
+	}()
+	if alreadyAnalyzed {
+		return typeAddr
+	}
+	sections, offsets := typelinks()
+	if len(sections) != 1 {
+		return nil
+	}
+	if len(offsets) != 1 {
+		return nil
+	}
+	section := sections[0]
+	offset := offsets[0]
+	var (
+		min         uintptr = uintptr(^uint(0))
+		max         uintptr = 0
+		isAligned64         = true
+		isAligned32         = true
+	)
+	for i := 0; i < len(offset); i++ {
+		typ := (*Type)(rtypeOff(section, offset[i]))
+		addr := uintptr(unsafe.Pointer(typ))
+		if min > addr {
+			min = addr
+		}
+		if max < addr {
+			max = addr
+		}
+		if typ.Kind() == reflect.Ptr {
+			addr = uintptr(unsafe.Pointer(typ.Elem()))
+			if min > addr {
+				min = addr
+			}
+			if max < addr {
+				max = addr
+			}
+		}
+		isAligned64 = isAligned64 && (addr-min)&63 == 0
+		isAligned32 = isAligned32 && (addr-min)&31 == 0
+	}
+	addrRange := max - min
+	if addrRange == 0 {
+		return nil
+	}
+	var addrShift uintptr
+	if isAligned64 {
+		addrShift = 6
+	} else if isAligned32 {
+		addrShift = 5
+	}
+	cacheSize := addrRange >> addrShift
+	if cacheSize > maxAcceptableTypeAddrRange {
+		return nil
+	}
+	typeAddr = &TypeAddr{
+		BaseTypeAddr: min,
+		MaxTypeAddr:  max,
+		AddrRange:    addrRange,
+		AddrShift:    addrShift,
+	}
+	return typeAddr
+}
diff --git a/vendor/github.com/goccy/go-json/json.go b/vendor/github.com/goccy/go-json/json.go
new file mode 100644
index 000000000..413cb20bf
--- /dev/null
+++ b/vendor/github.com/goccy/go-json/json.go
@@ -0,0 +1,371 @@
+package json
+
+import (
+	"bytes"
+	"context"
+	"encoding/json"
+
+	"github.com/goccy/go-json/internal/encoder"
+)
+
+// Marshaler is the interface implemented by types that
+// can marshal themselves into valid JSON.
+type Marshaler interface {
+	MarshalJSON() ([]byte, error)
+}
+
+// MarshalerContext is the interface implemented by types that
+// can marshal themselves into valid JSON with context.Context.
+type MarshalerContext interface {
+	MarshalJSON(context.Context) ([]byte, error)
+}
+
+// Unmarshaler is the interface implemented by types
+// that can unmarshal a JSON description of themselves.
+// The input can be assumed to be a valid encoding of
+// a JSON value. UnmarshalJSON must copy the JSON data
+// if it wishes to retain the data after returning.
+//
+// By convention, to approximate the behavior of Unmarshal itself,
+// Unmarshalers implement UnmarshalJSON([]byte("null")) as a no-op.
+type Unmarshaler interface {
+	UnmarshalJSON([]byte) error
+}
+
+// UnmarshalerContext is the interface implemented by types
+// that can unmarshal with context.Context a JSON description of themselves.
+type UnmarshalerContext interface {
+	UnmarshalJSON(context.Context, []byte) error
+}
+
+// Marshal returns the JSON encoding of v.
+//
+// Marshal traverses the value v recursively.
+// If an encountered value implements the Marshaler interface
+// and is not a nil pointer, Marshal calls its MarshalJSON method
+// to produce JSON. If no MarshalJSON method is present but the
+// value implements encoding.TextMarshaler instead, Marshal calls
+// its MarshalText method and encodes the result as a JSON string.
+// The nil pointer exception is not strictly necessary
+// but mimics a similar, necessary exception in the behavior of
+// UnmarshalJSON.
+//
+// Otherwise, Marshal uses the following type-dependent default encodings:
+//
+// Boolean values encode as JSON booleans.
+//
+// Floating point, integer, and Number values encode as JSON numbers.
+//
+// String values encode as JSON strings coerced to valid UTF-8,
+// replacing invalid bytes with the Unicode replacement rune.
+// The angle brackets "<" and ">" are escaped to "\u003c" and "\u003e"
+// to keep some browsers from misinterpreting JSON output as HTML.
+// Ampersand "&" is also escaped to "\u0026" for the same reason.
+// This escaping can be disabled using an Encoder that had SetEscapeHTML(false)
+// called on it.
+//
+// Array and slice values encode as JSON arrays, except that
+// []byte encodes as a base64-encoded string, and a nil slice
+// encodes as the null JSON value.
+//
+// Struct values encode as JSON objects.
+// Each exported struct field becomes a member of the object, using the
+// field name as the object key, unless the field is omitted for one of the
+// reasons given below.
+//
+// The encoding of each struct field can be customized by the format string
+// stored under the "json" key in the struct field's tag.
+// The format string gives the name of the field, possibly followed by a
+// comma-separated list of options. The name may be empty in order to
+// specify options without overriding the default field name.
+//
+// The "omitempty" option specifies that the field should be omitted
+// from the encoding if the field has an empty value, defined as
+// false, 0, a nil pointer, a nil interface value, and any empty array,
+// slice, map, or string.
+//
+// As a special case, if the field tag is "-", the field is always omitted.
+// Note that a field with name "-" can still be generated using the tag "-,".
+//
+// Examples of struct field tags and their meanings:
+//
+//   // Field appears in JSON as key "myName".
+//   Field int `json:"myName"`
+//
+//   // Field appears in JSON as key "myName" and
+//   // the field is omitted from the object if its value is empty,
+//   // as defined above.
+//   Field int `json:"myName,omitempty"`
+//
+//   // Field appears in JSON as key "Field" (the default), but
+//   // the field is skipped if empty.
+//   // Note the leading comma.
+//   Field int `json:",omitempty"`
+//
+//   // Field is ignored by this package.
+//   Field int `json:"-"`
+//
+//   // Field appears in JSON as key "-".
+//   Field int `json:"-,"`
+//
+// The "string" option signals that a field is stored as JSON inside a
+// JSON-encoded string. It applies only to fields of string, floating point,
+// integer, or boolean types. This extra level of encoding is sometimes used
+// when communicating with JavaScript programs:
+//
+//    Int64String int64 `json:",string"`
+//
+// The key name will be used if it's a non-empty string consisting of
+// only Unicode letters, digits, and ASCII punctuation except quotation
+// marks, backslash, and comma.
+//
+// Anonymous struct fields are usually marshaled as if their inner exported fields
+// were fields in the outer struct, subject to the usual Go visibility rules amended
+// as described in the next paragraph.
+// An anonymous struct field with a name given in its JSON tag is treated as
+// having that name, rather than being anonymous.
+// An anonymous struct field of interface type is treated the same as having
+// that type as its name, rather than being anonymous.
+//
+// The Go visibility rules for struct fields are amended for JSON when
+// deciding which field to marshal or unmarshal. If there are
+// multiple fields at the same level, and that level is the least
+// nested (and would therefore be the nesting level selected by the
+// usual Go rules), the following extra rules apply:
+//
+// 1) Of those fields, if any are JSON-tagged, only tagged fields are considered,
+// even if there are multiple untagged fields that would otherwise conflict.
+//
+// 2) If there is exactly one field (tagged or not according to the first rule), that is selected.
+//
+// 3) Otherwise there are multiple fields, and all are ignored; no error occurs.
+//
+// Handling of anonymous struct fields is new in Go 1.1.
+// Prior to Go 1.1, anonymous struct fields were ignored. To force ignoring of
+// an anonymous struct field in both current and earlier versions, give the field
+// a JSON tag of "-".
+//
+// Map values encode as JSON objects. The map's key type must either be a
+// string, an integer type, or implement encoding.TextMarshaler. The map keys
+// are sorted and used as JSON object keys by applying the following rules,
+// subject to the UTF-8 coercion described for string values above:
+//   - string keys are used directly
+//   - encoding.TextMarshalers are marshaled
+//   - integer keys are converted to strings
+//
+// Pointer values encode as the value pointed to.
+// A nil pointer encodes as the null JSON value.
+//
+// Interface values encode as the value contained in the interface.
+// A nil interface value encodes as the null JSON value.
+//
+// Channel, complex, and function values cannot be encoded in JSON.
+// Attempting to encode such a value causes Marshal to return
+// an UnsupportedTypeError.
+//
+// JSON cannot represent cyclic data structures and Marshal does not
+// handle them. Passing cyclic structures to Marshal will result in
+// an infinite recursion.
+//
+func Marshal(v interface{}) ([]byte, error) {
+	return MarshalWithOption(v)
+}
+
+// MarshalNoEscape returns the JSON encoding of v and doesn't escape v.
+func MarshalNoEscape(v interface{}) ([]byte, error) {
+	return marshalNoEscape(v)
+}
+
+// MarshalContext returns the JSON encoding of v with context.Context and EncodeOption.
+func MarshalContext(ctx context.Context, v interface{}, optFuncs ...EncodeOptionFunc) ([]byte, error) {
+	return marshalContext(ctx, v, optFuncs...)
+}
+
+// MarshalWithOption returns the JSON encoding of v with EncodeOption.
+func MarshalWithOption(v interface{}, optFuncs ...EncodeOptionFunc) ([]byte, error) {
+	return marshal(v, optFuncs...)
+}
+
+// MarshalIndent is like Marshal but applies Indent to format the output.
+// Each JSON element in the output will begin on a new line beginning with prefix
+// followed by one or more copies of indent according to the indentation nesting.
+func MarshalIndent(v interface{}, prefix, indent string) ([]byte, error) {
+	return MarshalIndentWithOption(v, prefix, indent)
+}
+
+// MarshalIndentWithOption is like Marshal but applies Indent to format the output with EncodeOption.
+func MarshalIndentWithOption(v interface{}, prefix, indent string, optFuncs ...EncodeOptionFunc) ([]byte, error) {
+	return marshalIndent(v, prefix, indent, optFuncs...)
+}
+
+// Unmarshal parses the JSON-encoded data and stores the result
+// in the value pointed to by v. If v is nil or not a pointer,
+// Unmarshal returns an InvalidUnmarshalError.
+//
+// Unmarshal uses the inverse of the encodings that
+// Marshal uses, allocating maps, slices, and pointers as necessary,
+// with the following additional rules:
+//
+// To unmarshal JSON into a pointer, Unmarshal first handles the case of
+// the JSON being the JSON literal null. In that case, Unmarshal sets
+// the pointer to nil. Otherwise, Unmarshal unmarshals the JSON into
+// the value pointed at by the pointer. If the pointer is nil, Unmarshal
+// allocates a new value for it to point to.
+//
+// To unmarshal JSON into a value implementing the Unmarshaler interface,
+// Unmarshal calls that value's UnmarshalJSON method, including
+// when the input is a JSON null.
+// Otherwise, if the value implements encoding.TextUnmarshaler
+// and the input is a JSON quoted string, Unmarshal calls that value's
+// UnmarshalText method with the unquoted form of the string.
+//
+// To unmarshal JSON into a struct, Unmarshal matches incoming object
+// keys to the keys used by Marshal (either the struct field name or its tag),
+// preferring an exact match but also accepting a case-insensitive match. By
+// default, object keys which don't have a corresponding struct field are
+// ignored (see Decoder.DisallowUnknownFields for an alternative).
+//
+// To unmarshal JSON into an interface value,
+// Unmarshal stores one of these in the interface value:
+//
+//	bool, for JSON booleans
+//	float64, for JSON numbers
+//	string, for JSON strings
+//	[]interface{}, for JSON arrays
+//	map[string]interface{}, for JSON objects
+//	nil for JSON null
+//
+// To unmarshal a JSON array into a slice, Unmarshal resets the slice length
+// to zero and then appends each element to the slice.
+// As a special case, to unmarshal an empty JSON array into a slice,
+// Unmarshal replaces the slice with a new empty slice.
+//
+// To unmarshal a JSON array into a Go array, Unmarshal decodes
+// JSON array elements into corresponding Go array elements.
+// If the Go array is smaller than the JSON array,
+// the additional JSON array elements are discarded.
+// If the JSON array is smaller than the Go array,
+// the additional Go array elements are set to zero values.
+//
+// To unmarshal a JSON object into a map, Unmarshal first establishes a map to
+// use. If the map is nil, Unmarshal allocates a new map. Otherwise Unmarshal
+// reuses the existing map, keeping existing entries. Unmarshal then stores
+// key-value pairs from the JSON object into the map. The map's key type must
+// either be any string type, an integer, implement json.Unmarshaler, or
+// implement encoding.TextUnmarshaler.
+//
+// If a JSON value is not appropriate for a given target type,
+// or if a JSON number overflows the target type, Unmarshal
+// skips that field and completes the unmarshaling as best it can.
+// If no more serious errors are encountered, Unmarshal returns
+// an UnmarshalTypeError describing the earliest such error. In any
+// case, it's not guaranteed that all the remaining fields following
+// the problematic one will be unmarshaled into the target object.
+//
+// The JSON null value unmarshals into an interface, map, pointer, or slice
+// by setting that Go value to nil. Because null is often used in JSON to mean
+// ``not present,'' unmarshaling a JSON null into any other Go type has no effect
+// on the value and produces no error.
+//
+// When unmarshaling quoted strings, invalid UTF-8 or
+// invalid UTF-16 surrogate pairs are not treated as an error.
+// Instead, they are replaced by the Unicode replacement
+// character U+FFFD.
+//
+func Unmarshal(data []byte, v interface{}) error {
+	return unmarshal(data, v)
+}
+
+// UnmarshalContext parses the JSON-encoded data and stores the result
+// in the value pointed to by v. If you implement the UnmarshalerContext interface,
+// call it with ctx as an argument.
+func UnmarshalContext(ctx context.Context, data []byte, v interface{}, optFuncs ...DecodeOptionFunc) error {
+	return unmarshalContext(ctx, data, v)
+}
+
+func UnmarshalWithOption(data []byte, v interface{}, optFuncs ...DecodeOptionFunc) error {
+	return unmarshal(data, v, optFuncs...)
+}
+
+func UnmarshalNoEscape(data []byte, v interface{}, optFuncs ...DecodeOptionFunc) error {
+	return unmarshalNoEscape(data, v, optFuncs...)
+}
+
+// A Token holds a value of one of these types:
+//
+//	Delim, for the four JSON delimiters [ ] { }
+//	bool, for JSON booleans
+//	float64, for JSON numbers
+//	Number, for JSON numbers
+//	string, for JSON string literals
+//	nil, for JSON null
+//
+type Token = json.Token
+
+// A Number represents a JSON number literal.
+type Number = json.Number
+
+// RawMessage is a raw encoded JSON value.
+// It implements Marshaler and Unmarshaler and can
+// be used to delay JSON decoding or precompute a JSON encoding.
+type RawMessage = json.RawMessage
+
+// A Delim is a JSON array or object delimiter, one of [ ] { or }.
+type Delim = json.Delim
+
+// Compact appends to dst the JSON-encoded src with
+// insignificant space characters elided.
+func Compact(dst *bytes.Buffer, src []byte) error {
+	return encoder.Compact(dst, src, false)
+}
+
+// Indent appends to dst an indented form of the JSON-encoded src.
+// Each element in a JSON object or array begins on a new,
+// indented line beginning with prefix followed by one or more
+// copies of indent according to the indentation nesting.
+// The data appended to dst does not begin with the prefix nor
+// any indentation, to make it easier to embed inside other formatted JSON data.
+// Although leading space characters (space, tab, carriage return, newline)
+// at the beginning of src are dropped, trailing space characters
+// at the end of src are preserved and copied to dst.
+// For example, if src has no trailing spaces, neither will dst;
+// if src ends in a trailing newline, so will dst.
+func Indent(dst *bytes.Buffer, src []byte, prefix, indent string) error {
+	return encoder.Indent(dst, src, prefix, indent)
+}
+
+// HTMLEscape appends to dst the JSON-encoded src with <, >, &, U+2028 and U+2029
+// characters inside string literals changed to \u003c, \u003e, \u0026, \u2028, \u2029
+// so that the JSON will be safe to embed inside HTML <script> tags.
+// For historical reasons, web browsers don't honor standard HTML
+// escaping within <script> tags, so an alternative JSON encoding must
+// be used.
+func HTMLEscape(dst *bytes.Buffer, src []byte) {
+	var v interface{}
+	dec := NewDecoder(bytes.NewBuffer(src))
+	dec.UseNumber()
+	if err := dec.Decode(&v); err != nil {
+		return
+	}
+	buf, _ := marshal(v)
+	dst.Write(buf)
+}
+
+// Valid reports whether data is a valid JSON encoding.
+func Valid(data []byte) bool {
+	var v interface{}
+	decoder := NewDecoder(bytes.NewReader(data))
+	err := decoder.Decode(&v)
+	if err != nil {
+		return false
+	}
+	if !decoder.More() {
+		return true
+	}
+	return decoder.InputOffset() >= int64(len(data))
+}
+
+func init() {
+	encoder.Marshal = Marshal
+	encoder.Unmarshal = Unmarshal
+}
diff --git a/vendor/github.com/goccy/go-json/option.go b/vendor/github.com/goccy/go-json/option.go
new file mode 100644
index 000000000..378031a08
--- /dev/null
+++ b/vendor/github.com/goccy/go-json/option.go
@@ -0,0 +1,79 @@
+package json
+
+import (
+	"io"
+
+	"github.com/goccy/go-json/internal/decoder"
+	"github.com/goccy/go-json/internal/encoder"
+)
+
+type EncodeOption = encoder.Option
+type EncodeOptionFunc func(*EncodeOption)
+
+// UnorderedMap doesn't sort when encoding map type.
+func UnorderedMap() EncodeOptionFunc {
+	return func(opt *EncodeOption) {
+		opt.Flag |= encoder.UnorderedMapOption
+	}
+}
+
+// DisableHTMLEscape disables escaping of HTML characters ( '&', '<', '>' ) when encoding string.
+func DisableHTMLEscape() EncodeOptionFunc {
+	return func(opt *EncodeOption) {
+		opt.Flag &= ^encoder.HTMLEscapeOption
+	}
+}
+
+// DisableNormalizeUTF8
+// By default, when encoding string, UTF8 characters in the range of 0x80 - 0xFF are processed by applying \ufffd for invalid code and escaping for \u2028 and \u2029.
+// This option disables this behaviour. You can expect faster speeds by applying this option, but be careful.
+// encoding/json implements here: https://github.com/golang/go/blob/6178d25fc0b28724b1b5aec2b1b74fc06d9294c7/src/encoding/json/encode.go#L1067-L1093.
+func DisableNormalizeUTF8() EncodeOptionFunc {
+	return func(opt *EncodeOption) {
+		opt.Flag &= ^encoder.NormalizeUTF8Option
+	}
+}
+
+// Debug outputs debug information when panic occurs during encoding.
+func Debug() EncodeOptionFunc {
+	return func(opt *EncodeOption) {
+		opt.Flag |= encoder.DebugOption
+	}
+}
+
+// DebugWith sets the destination to write debug messages.
+func DebugWith(w io.Writer) EncodeOptionFunc {
+	return func(opt *EncodeOption) {
+		opt.DebugOut = w
+	}
+}
+
+// DebugDOT sets the destination to write opcodes graph.
+func DebugDOT(w io.WriteCloser) EncodeOptionFunc {
+	return func(opt *EncodeOption) {
+		opt.DebugDOTOut = w
+	}
+}
+
+// Colorize add an identifier for coloring to the string of the encoded result.
+func Colorize(scheme *ColorScheme) EncodeOptionFunc {
+	return func(opt *EncodeOption) {
+		opt.Flag |= encoder.ColorizeOption
+		opt.ColorScheme = scheme
+	}
+}
+
+type DecodeOption = decoder.Option
+type DecodeOptionFunc func(*DecodeOption)
+
+// DecodeFieldPriorityFirstWin
+// in the default behavior, go-json, like encoding/json,
+// will reflect the result of the last evaluation when a field with the same name exists.
+// This option allow you to change this behavior.
+// this option reflects the result of the first evaluation if a field with the same name exists.
+// This behavior has a performance advantage as it allows the subsequent strings to be skipped if all fields have been evaluated.
+func DecodeFieldPriorityFirstWin() DecodeOptionFunc {
+	return func(opt *DecodeOption) {
+		opt.Flags |= decoder.FirstWinOption
+	}
+}
diff --git a/vendor/github.com/goccy/go-json/path.go b/vendor/github.com/goccy/go-json/path.go
new file mode 100644
index 000000000..38abce78f
--- /dev/null
+++ b/vendor/github.com/goccy/go-json/path.go
@@ -0,0 +1,84 @@
+package json
+
+import (
+	"reflect"
+
+	"github.com/goccy/go-json/internal/decoder"
+)
+
+// CreatePath creates JSON Path.
+//
+// JSON Path rule
+// $   : root object or element. The JSON Path format must start with this operator, which refers to the outermost level of the JSON-formatted string.
+// .   : child operator. You can identify child values using dot-notation.
+// ..  : recursive descent.
+// []  : subscript operator. If the JSON object is an array, you can use brackets to specify the array index.
+// [*] : all objects/elements for array.
+//
+// Reserved words must be properly escaped when included in Path.
+//
+// Escape Rule
+// single quote style escape: e.g.) `$['a.b'].c`
+// double quote style escape: e.g.) `$."a.b".c`
+func CreatePath(p string) (*Path, error) {
+	path, err := decoder.PathString(p).Build()
+	if err != nil {
+		return nil, err
+	}
+	return &Path{path: path}, nil
+}
+
+// Path represents JSON Path.
+type Path struct {
+	path *decoder.Path
+}
+
+// RootSelectorOnly whether only the root selector ($) is used.
+func (p *Path) RootSelectorOnly() bool {
+	return p.path.RootSelectorOnly
+}
+
+// UsedSingleQuotePathSelector whether single quote-based escaping was done when building the JSON Path.
+func (p *Path) UsedSingleQuotePathSelector() bool {
+	return p.path.SingleQuotePathSelector
+}
+
+// UsedSingleQuotePathSelector whether double quote-based escaping was done when building the JSON Path.
+func (p *Path) UsedDoubleQuotePathSelector() bool {
+	return p.path.DoubleQuotePathSelector
+}
+
+// Extract extracts a specific JSON string.
+func (p *Path) Extract(data []byte, optFuncs ...DecodeOptionFunc) ([][]byte, error) {
+	return extractFromPath(p, data, optFuncs...)
+}
+
+// PathString returns original JSON Path string.
+func (p *Path) PathString() string {
+	return p.path.String()
+}
+
+// Unmarshal extract and decode the value of the part corresponding to JSON Path from the input data.
+func (p *Path) Unmarshal(data []byte, v interface{}, optFuncs ...DecodeOptionFunc) error {
+	contents, err := extractFromPath(p, data, optFuncs...)
+	if err != nil {
+		return err
+	}
+	results := make([]interface{}, 0, len(contents))
+	for _, content := range contents {
+		var result interface{}
+		if err := Unmarshal(content, &result); err != nil {
+			return err
+		}
+		results = append(results, result)
+	}
+	if err := decoder.AssignValue(reflect.ValueOf(results), reflect.ValueOf(v)); err != nil {
+		return err
+	}
+	return nil
+}
+
+// Get extract and substitute the value of the part corresponding to JSON Path from the input value.
+func (p *Path) Get(src, dst interface{}) error {
+	return p.path.Get(reflect.ValueOf(src), reflect.ValueOf(dst))
+}
diff --git a/vendor/github.com/goccy/go-json/query.go b/vendor/github.com/goccy/go-json/query.go
new file mode 100644
index 000000000..4b11cf20d
--- /dev/null
+++ b/vendor/github.com/goccy/go-json/query.go
@@ -0,0 +1,47 @@
+package json
+
+import (
+	"github.com/goccy/go-json/internal/encoder"
+)
+
+type (
+	// FieldQuery you can dynamically filter the fields in the structure by creating a FieldQuery,
+	// adding it to context.Context using SetFieldQueryToContext and then passing it to MarshalContext.
+	// This is a type-safe operation, so it is faster than filtering using map[string]interface{}.
+	FieldQuery       = encoder.FieldQuery
+	FieldQueryString = encoder.FieldQueryString
+)
+
+var (
+	// FieldQueryFromContext get current FieldQuery from context.Context.
+	FieldQueryFromContext = encoder.FieldQueryFromContext
+	// SetFieldQueryToContext set current FieldQuery to context.Context.
+	SetFieldQueryToContext = encoder.SetFieldQueryToContext
+)
+
+// BuildFieldQuery builds FieldQuery by fieldName or sub field query.
+// First, specify the field name that you want to keep in structure type.
+// If the field you want to keep is a structure type, by creating a sub field query using BuildSubFieldQuery,
+// you can select the fields you want to keep in the structure.
+// This description can be written recursively.
+func BuildFieldQuery(fields ...FieldQueryString) (*FieldQuery, error) {
+	query, err := Marshal(fields)
+	if err != nil {
+		return nil, err
+	}
+	return FieldQueryString(query).Build()
+}
+
+// BuildSubFieldQuery builds sub field query.
+func BuildSubFieldQuery(name string) *SubFieldQuery {
+	return &SubFieldQuery{name: name}
+}
+
+type SubFieldQuery struct {
+	name string
+}
+
+func (q *SubFieldQuery) Fields(fields ...FieldQueryString) FieldQueryString {
+	query, _ := Marshal(map[string][]FieldQueryString{q.name: fields})
+	return FieldQueryString(query)
+}
diff --git a/vendor/github.com/google/certificate-transparency-go/CHANGELOG.md b/vendor/github.com/google/certificate-transparency-go/CHANGELOG.md
index 4bff3ed0f..3c56553dc 100644
--- a/vendor/github.com/google/certificate-transparency-go/CHANGELOG.md
+++ b/vendor/github.com/google/certificate-transparency-go/CHANGELOG.md
@@ -2,12 +2,143 @@
 
 ## HEAD
 
+## v1.1.7
+
+* Recommended Go version for development: 1.20
+  * This is the version used by the Cloud Build presubmits. Using a different version can lead to presubmits failing due to unexpected diffs.
+
+* Bump golangci-lint from 1.51.1 to 1.55.1 (developers should update to this version).
+
+### Add support for WASI port
+
+* Add build tags for wasip1 GOOS by @flavio in https://github.com/google/certificate-transparency-go/pull/1089
+
+### Add support for IBM Z operating system z/OS
+
+* Add build tags for zOS by @onlywork1984 in https://github.com/google/certificate-transparency-go/pull/1088
+
+### Log List
+
+* Add support for "is_all_logs" field in loglist3 by @phbnf in https://github.com/google/certificate-transparency-go/pull/1095
+
+### Documentation
+
+* Improve Dockerized Test Deployment documentation by @roger2hk in https://github.com/google/certificate-transparency-go/pull/1179
+
+### Misc
+
+* Escape forward slashes in certificate Subject names when used as user quota id strings by @robstradling in https://github.com/google/certificate-transparency-go/pull/1059
+* Search whole chain looking for issuer match by @mhutchinson in https://github.com/google/certificate-transparency-go/pull/1112
+* Use proper check per @AGWA instead of buggy check introduced in #1112 by @mhutchinson in https://github.com/google/certificate-transparency-go/pull/1114
+* Build the ctfe/ct_server binary without depending on glibc by @roger2hk in https://github.com/google/certificate-transparency-go/pull/1119
+* Migrate CTFE Ingress manifest to support GKE version 1.23 by @roger2hk in https://github.com/google/certificate-transparency-go/pull/1086
+* Remove Dependabot ignore configuration by @roger2hk in https://github.com/google/certificate-transparency-go/pull/1097
+* Add "github-actions" and "docker" Dependabot config by @roger2hk in https://github.com/google/certificate-transparency-go/pull/1101
+* Add top level permission in CodeQL workflow by @roger2hk in https://github.com/google/certificate-transparency-go/pull/1102
+* Pin Docker image dependencies by @roger2hk in https://github.com/google/certificate-transparency-go/pull/1110
+* Remove GO111MODULE from Dockerfile and Cloud Build yaml files by @roger2hk in https://github.com/google/certificate-transparency-go/pull/1113
+* Add docker Dependabot config by @roger2hk in https://github.com/google/certificate-transparency-go/pull/1126
+* Export is_mirror = 0.0 for non mirror instead of nothing by @phbnf in https://github.com/google/certificate-transparency-go/pull/1133
+* Add govulncheck GitHub action by @roger2hk in https://github.com/google/certificate-transparency-go/pull/1145
+* Spelling by @jsoref in https://github.com/google/certificate-transparency-go/pull/1144
+
+### Dependency update
+
+* Bump Go from 1.19 to 1.20 by @roger2hk in https://github.com/google/certificate-transparency-go/pull/1146
+* Bump golangci-lint from 1.51.1 to 1.55.1 by @roger2hk in https://github.com/google/certificate-transparency-go/pull/1214
+* Bump go.etcd.io/etcd/v3 from 3.5.8 to 3.5.9 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1083
+* Bump golang.org/x/crypto from 0.8.0 to 0.9.0 by @dependabot in https://github.com/google/certificate-transparency-go/pull/108
+* Bump github.com/mattn/go-sqlite3 from 1.14.16 to 1.14.17 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1092
+* Bump golang.org/x/net from 0.10.0 to 0.11.0 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1094
+* Bump github.com/prometheus/client_golang from 1.15.1 to 1.16.0 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1098
+* Bump google.golang.org/protobuf from 1.30.0 to 1.31.0 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1099
+* Bump golang.org/x/net from 0.11.0 to 0.12.0 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1108
+* Bump actions/checkout from 3.1.0 to 3.5.3 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1103
+* Bump github/codeql-action from 2.1.27 to 2.20.3 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1104
+* Bump ossf/scorecard-action from 2.0.6 to 2.2.0 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1105
+* Bump actions/upload-artifact from 3.1.0 to 3.1.2 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1106
+* Bump github/codeql-action from 2.20.3 to 2.20.4 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1115
+* Bump github/codeql-action from 2.20.4 to 2.21.0 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1117
+* Bump golang.org/x/net from 0.12.0 to 0.14.0 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1124
+* Bump github/codeql-action from 2.21.0 to 2.21.2 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1121
+* Bump github/codeql-action from 2.21.2 to 2.21.4 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1125
+* Bump golang from `fd9306e` to `eb3f9ac` in /integration by @dependabot in https://github.com/google/certificate-transparency-go/pull/1127
+* Bump alpine from 3.8 to 3.18 in /trillian/examples/deployment/docker/envsubst by @dependabot in https://github.com/google/certificate-transparency-go/pull/1129
+* Bump golang from `fd9306e` to `eb3f9ac` in /trillian/examples/deployment/docker/ctfe by @dependabot in https://github.com/google/certificate-transparency-go/pull/1128
+* Bump alpine from `82d1e9d` to `7144f7b` in /internal/witness/cmd/feeder by @dependabot in https://github.com/google/certificate-transparency-go/pull/1130
+* Bump golang from `fd9306e` to `eb3f9ac` in /internal/witness/cmd/witness by @dependabot in https://github.com/google/certificate-transparency-go/pull/1131
+* Bump golang from 1.19-alpine to 1.21-alpine in /internal/witness/cmd/feeder by @dependabot in https://github.com/google/certificate-transparency-go/pull/1132
+* Bump actions/checkout from 3.5.3 to 3.6.0 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1134
+* Bump github/codeql-action from 2.21.4 to 2.21.5 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1135
+* Bump distroless/base from `73deaaf` to `46c5b9b` in /trillian/examples/deployment/docker/ctfe by @dependabot in https://github.com/google/certificate-transparency-go/pull/1136
+* Bump actions/checkout from 3.6.0 to 4.0.0 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1137
+* Bump golang.org/x/net from 0.14.0 to 0.15.0 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1139
+* Bump github.com/rs/cors from 1.9.0 to 1.10.0 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1140
+* Bump actions/upload-artifact from 3.1.2 to 3.1.3 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1141
+* Bump golang from `445f340` to `96634e5` in /internal/witness/cmd/feeder by @dependabot in https://github.com/google/certificate-transparency-go/pull/1142
+* Bump github/codeql-action from 2.21.5 to 2.21.6 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1149
+* Bump Docker golang base images to 1.21.1 by @roger2hk in https://github.com/google/certificate-transparency-go/pull/1147
+* Bump github/codeql-action from 2.21.6 to 2.21.7 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1150
+* Bump github/codeql-action from 2.21.7 to 2.21.8 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1152
+* Bump golang from `d3114db` to `a0b3bc4` in /internal/witness/cmd/feeder by @dependabot in https://github.com/google/certificate-transparency-go/pull/1155
+* Bump golang from `d3114db` to `a0b3bc4` in /internal/witness/cmd/witness by @dependabot in https://github.com/google/certificate-transparency-go/pull/1157
+* Bump golang from `d3114db` to `a0b3bc4` in /integration by @dependabot in https://github.com/google/certificate-transparency-go/pull/1156
+* Bump golang from `d3114db` to `a0b3bc4` in /trillian/examples/deployment/docker/ctfe by @dependabot in https://github.com/google/certificate-transparency-go/pull/1158
+* Bump golang from `e06b3a4` to `114b9cc` in /integration by @dependabot in https://github.com/google/certificate-transparency-go/pull/1159
+* Bump golang from `a0b3bc4` to `114b9cc` in /internal/witness/cmd/feeder by @dependabot in https://github.com/google/certificate-transparency-go/pull/1160
+* Bump golang from `a0b3bc4` to `114b9cc` in /internal/witness/cmd/witness by @dependabot in https://github.com/google/certificate-transparency-go/pull/1161
+* Bump actions/checkout from 4.0.0 to 4.1.0 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1162
+* Bump golang from `114b9cc` to `9c7ea4a` in /internal/witness/cmd/feeder by @dependabot in https://github.com/google/certificate-transparency-go/pull/1163
+* Bump golang from `114b9cc` to `9c7ea4a` in /integration by @dependabot in https://github.com/google/certificate-transparency-go/pull/1166
+* Bump golang from `114b9cc` to `9c7ea4a` in /trillian/examples/deployment/docker/ctfe by @dependabot in https://github.com/google/certificate-transparency-go/pull/1165
+* Bump golang from `114b9cc` to `9c7ea4a` in /internal/witness/cmd/witness by @dependabot in https://github.com/google/certificate-transparency-go/pull/1164
+* Bump github/codeql-action from 2.21.8 to 2.21.9 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1169
+* Bump golang from `9c7ea4a` to `61f84bc` in /integration by @dependabot in https://github.com/google/certificate-transparency-go/pull/1168
+* Bump github.com/prometheus/client_golang from 1.16.0 to 1.17.0 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1172
+* Bump golang from `9c7ea4a` to `61f84bc` in /trillian/examples/deployment/docker/ctfe by @dependabot in https://github.com/google/certificate-transparency-go/pull/1170
+* Bump github.com/rs/cors from 1.10.0 to 1.10.1 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1176
+* Bump alpine from `7144f7b` to `eece025` in /trillian/examples/deployment/docker/envsubst by @dependabot in https://github.com/google/certificate-transparency-go/pull/1174
+* Bump alpine from `7144f7b` to `eece025` in /internal/witness/cmd/feeder by @dependabot in https://github.com/google/certificate-transparency-go/pull/1175
+* Bump golang from `9c7ea4a` to `61f84bc` in /internal/witness/cmd/witness by @dependabot in https://github.com/google/certificate-transparency-go/pull/1171
+* Bump golang from `9c7ea4a` to `61f84bc` in /internal/witness/cmd/feeder by @dependabot in https://github.com/google/certificate-transparency-go/pull/1173
+* Bump distroless/base from `46c5b9b` to `a35b652` in /trillian/examples/deployment/docker/ctfe by @dependabot in https://github.com/google/certificate-transparency-go/pull/1177
+* Bump golang.org/x/crypto from 0.13.0 to 0.14.0 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1178
+* Bump github/codeql-action from 2.21.9 to 2.22.0 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1180
+* Bump golang from 1.21.1-bookworm to 1.21.2-bookworm in /integration by @dependabot in https://github.com/google/certificate-transparency-go/pull/1181
+* Bump golang.org/x/net from 0.15.0 to 0.16.0 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1184
+* Bump golang from 1.21.1-bookworm to 1.21.2-bookworm in /internal/witness/cmd/witness by @dependabot in https://github.com/google/certificate-transparency-go/pull/1182
+* Bump golang from 1.21.1-bookworm to 1.21.2-bookworm in /internal/witness/cmd/feeder by @dependabot in https://github.com/google/certificate-transparency-go/pull/1185
+* Bump golang from 1.21.1-bookworm to 1.21.2-bookworm in /trillian/examples/deployment/docker/ctfe by @dependabot in https://github.com/google/certificate-transparency-go/pull/1183
+* Bump github/codeql-action from 2.22.0 to 2.22.1 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1186
+* Bump distroless/base from `a35b652` to `b31a6e0` in /trillian/examples/deployment/docker/ctfe by @dependabot in https://github.com/google/certificate-transparency-go/pull/1188
+* Bump ossf/scorecard-action from 2.2.0 to 2.3.0 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1187
+* Bump github.com/google/go-cmp from 0.5.9 to 0.6.0 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1189
+* Bump golang.org/x/net from 0.16.0 to 0.17.0 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1190
+* Bump go-version-input from 1.20.8 to 1.20.10 in govulncheck by @roger2hk in https://github.com/google/certificate-transparency-go/pull/1195
+* Bump golang from 1.21.2-bookworm to 1.21.3-bookworm in /internal/witness/cmd/witness by @dependabot in https://github.com/google/certificate-transparency-go/pull/1193
+* Bump golang from 1.21.2-bookworm to 1.21.3-bookworm in /internal/witness/cmd/feeder by @dependabot in https://github.com/google/certificate-transparency-go/pull/1191
+* Bump golang from 1.21.2-bookworm to 1.21.3-bookworm in /integration by @dependabot in https://github.com/google/certificate-transparency-go/pull/1194
+* Bump golang from 1.21.2-bookworm to 1.21.3-bookworm in /trillian/examples/deployment/docker/ctfe by @dependabot in https://github.com/google/certificate-transparency-go/pull/1192
+* Bump golang from `a94b089` to `8f9a1ec` in /internal/witness/cmd/feeder by @dependabot in https://github.com/google/certificate-transparency-go/pull/1196
+* Bump github/codeql-action from 2.22.1 to 2.22.2 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1197
+* Bump golang from `a94b089` to `5cc7ddc` in /integration by @dependabot in https://github.com/google/certificate-transparency-go/pull/1200
+* Bump golang from `a94b089` to `5cc7ddc` in /internal/witness/cmd/witness by @dependabot in https://github.com/google/certificate-transparency-go/pull/1199
+* Bump github/codeql-action from 2.22.2 to 2.22.3 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1202
+* Bump golang from `5cc7ddc` to `20f9ab5` in /integration by @dependabot in https://github.com/google/certificate-transparency-go/pull/1203
+* Bump golang from `a94b089` to `20f9ab5` in /trillian/examples/deployment/docker/ctfe by @dependabot in https://github.com/google/certificate-transparency-go/pull/1198
+* Bump golang from `8f9a1ec` to `20f9ab5` in /internal/witness/cmd/feeder by @dependabot in https://github.com/google/certificate-transparency-go/pull/1201
+* Bump actions/checkout from 4.1.0 to 4.1.1 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1204
+* Bump github/codeql-action from 2.22.3 to 2.22.4 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1206
+* Bump ossf/scorecard-action from 2.3.0 to 2.3.1 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1207
+* Bump github/codeql-action from 2.22.4 to 2.22.5 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1209
+* Bump multiple Go module dependencies by @roger2hk in https://github.com/google/certificate-transparency-go/pull/1213
+
 ## v1.1.6
 
-## Dependency update
+### Dependency update
 
- * Bump Trillian to v1.5.2
- * Bump Prometheus to v0.43.1
+* Bump Trillian to v1.5.2
+* Bump Prometheus to v0.43.1
 
 ## v1.1.5
 
@@ -20,7 +151,7 @@
 
  * Remove v2 log list package files.
 
- ### Misc
+### Misc
 
  * Updated golangci-lint to v1.51.1 (developers should update to this version).
  * Bump Go version from 1.17 to 1.19.
@@ -146,7 +277,7 @@ entries whose `start` parameter does not fall on a multiple of the maximum
 permitted number of entries, will have their responses truncated such that
 subsequent requests will align with this boundary.
 This is intended to coerce callers of `get-entries` into all using the same
-`start` and `end` parameters and thereby increase the cachability of
+`start` and `end` parameters and thereby increase the cacheability of
 these requests.
 
 e.g.:
@@ -582,7 +713,7 @@ Commit [3955e4a00c42e83ff17ce25003976159c5d0f0f9](https://api.github.com/repos/g
 
 Published 2018-06-01 14:02:58 +0000 UTC
 
-This release is mostly fixes to the `x509` and `asn1` packages. Some command line utilties were also updated.
+This release is mostly fixes to the `x509` and `asn1` packages. Some command line utilities were also updated.
 
 Commit [ae40d07cce12f1227c6e658e61c9dddb7646f97b](https://api.github.com/repos/google/certificate-transparency-go/commits/ae40d07cce12f1227c6e658e61c9dddb7646f97b) Download [zip](https://api.github.com/repos/google/certificate-transparency-go/zipball/v1.0.5)
 
diff --git a/vendor/github.com/google/certificate-transparency-go/README.md b/vendor/github.com/google/certificate-transparency-go/README.md
index fc015ed70..a7b9ccea5 100644
--- a/vendor/github.com/google/certificate-transparency-go/README.md
+++ b/vendor/github.com/google/certificate-transparency-go/README.md
@@ -6,7 +6,7 @@
 
 This repository holds Go code related to
 [Certificate Transparency](https://www.certificate-transparency.org/) (CT).  The
-repository requires Go version 1.19.
+repository requires Go version 1.20.
 
  - [Repository Structure](#repository-structure)
  - [Trillian CT Personality](#trillian-ct-personality)
@@ -81,7 +81,7 @@ pull requests for review.
 
 ```bash
 # Install golangci-lint
-go install github.com/golangci/golangci-lint/cmd/golangci-lint@v1.51.1
+go install github.com/golangci/golangci-lint/cmd/golangci-lint@v1.55.1
 
 # Run code generation, build, test and linters
 ./scripts/presubmit.sh
diff --git a/vendor/github.com/google/certificate-transparency-go/cloudbuild.yaml b/vendor/github.com/google/certificate-transparency-go/cloudbuild.yaml
index 93888a209..1c3ee20bf 100644
--- a/vendor/github.com/google/certificate-transparency-go/cloudbuild.yaml
+++ b/vendor/github.com/google/certificate-transparency-go/cloudbuild.yaml
@@ -14,7 +14,6 @@ options:
   - name: go-modules
     path: /go
   env:
-  - GO111MODULE=on
   - GOPROXY=https://proxy.golang.org
   - PROJECT_ROOT=github.com/google/certificate-transparency-go
   - GOPATH=/go
diff --git a/vendor/github.com/google/certificate-transparency-go/cloudbuild_master.yaml b/vendor/github.com/google/certificate-transparency-go/cloudbuild_master.yaml
index 238c8eda4..9cb105e57 100644
--- a/vendor/github.com/google/certificate-transparency-go/cloudbuild_master.yaml
+++ b/vendor/github.com/google/certificate-transparency-go/cloudbuild_master.yaml
@@ -14,7 +14,6 @@ options:
   - name: go-modules
     path: /go
   env:
-  - GO111MODULE=on
   - GOPROXY=https://proxy.golang.org
   - PROJECT_ROOT=github.com/google/certificate-transparency-go
   - GOPATH=/go
diff --git a/vendor/github.com/google/certificate-transparency-go/cloudbuild_tag.yaml b/vendor/github.com/google/certificate-transparency-go/cloudbuild_tag.yaml
index f1182ecd9..2cd19f910 100644
--- a/vendor/github.com/google/certificate-transparency-go/cloudbuild_tag.yaml
+++ b/vendor/github.com/google/certificate-transparency-go/cloudbuild_tag.yaml
@@ -14,7 +14,6 @@ options:
   - name: go-modules
     path: /go
   env:
-  - GO111MODULE=on
   - GOPROXY=https://proxy.golang.org
   - PROJECT_ROOT=github.com/google/certificate-transparency-go
   - GOPATH=/go
diff --git a/vendor/github.com/google/certificate-transparency-go/tls/tls.go b/vendor/github.com/google/certificate-transparency-go/tls/tls.go
index 030074c19..a48c998f4 100644
--- a/vendor/github.com/google/certificate-transparency-go/tls/tls.go
+++ b/vendor/github.com/google/certificate-transparency-go/tls/tls.go
@@ -638,7 +638,7 @@ func marshalField(out *bytes.Buffer, v reflect.Value, info *fieldInfo) error {
 			}
 		}
 		// Now we have seen all fields in the structure, check that all select(Enum) {..} selector
-		// fields found a source field get get their data from.
+		// fields found a source field to get their data from.
 		for selector, seen := range selectorSeen {
 			if !seen {
 				return syntaxError{info.fieldName(), selector + ": unhandled value for selector"}
diff --git a/vendor/github.com/google/certificate-transparency-go/types.go b/vendor/github.com/google/certificate-transparency-go/types.go
index c797d9ceb..b6af606bf 100644
--- a/vendor/github.com/google/certificate-transparency-go/types.go
+++ b/vendor/github.com/google/certificate-transparency-go/types.go
@@ -555,7 +555,7 @@ type LeafEntry struct {
 	ExtraData []byte `json:"extra_data"`
 }
 
-// GetEntriesResponse respresents the JSON response to the get-entries GET method
+// GetEntriesResponse represents the JSON response to the get-entries GET method
 // from section 4.6.
 type GetEntriesResponse struct {
 	Entries []LeafEntry `json:"entries"` // the list of returned entries
diff --git a/vendor/github.com/google/certificate-transparency-go/x509/root_unix.go b/vendor/github.com/google/certificate-transparency-go/x509/root_unix.go
index d00842a81..8f2821b1d 100644
--- a/vendor/github.com/google/certificate-transparency-go/x509/root_unix.go
+++ b/vendor/github.com/google/certificate-transparency-go/x509/root_unix.go
@@ -2,8 +2,8 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-//go:build dragonfly || freebsd || linux || netbsd || openbsd || solaris
-// +build dragonfly freebsd linux netbsd openbsd solaris
+//go:build dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos
+// +build dragonfly freebsd linux netbsd openbsd solaris zos
 
 package x509
 
diff --git a/vendor/github.com/google/certificate-transparency-go/x509/root_wasip1.go b/vendor/github.com/google/certificate-transparency-go/x509/root_wasip1.go
new file mode 100644
index 000000000..e5cf98e0a
--- /dev/null
+++ b/vendor/github.com/google/certificate-transparency-go/x509/root_wasip1.go
@@ -0,0 +1,19 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build wasip1
+// +build wasip1
+
+package x509
+
+// Possible certificate files; stop after finding one.
+var certFiles = []string{}
+
+func loadSystemRoots() (*CertPool, error) {
+	return NewCertPool(), nil
+}
+
+func (c *Certificate) systemVerify(opts *VerifyOptions) (chains [][]*Certificate, err error) {
+	return nil, nil
+}
diff --git a/vendor/github.com/google/certificate-transparency-go/x509/root_zos.go b/vendor/github.com/google/certificate-transparency-go/x509/root_zos.go
new file mode 100644
index 000000000..54f240af0
--- /dev/null
+++ b/vendor/github.com/google/certificate-transparency-go/x509/root_zos.go
@@ -0,0 +1,13 @@
+// Copyright 2015 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build zos
+// +build zos
+
+package x509
+
+// Possible certificate files; stop after finding one.
+var certFiles = []string{
+	"/etc/cacert.pem", // IBM zOS default
+}
diff --git a/vendor/github.com/google/gnostic-models/LICENSE b/vendor/github.com/google/gnostic-models/LICENSE
new file mode 100644
index 000000000..6b0b1270f
--- /dev/null
+++ b/vendor/github.com/google/gnostic-models/LICENSE
@@ -0,0 +1,203 @@
+
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright [yyyy] [name of copyright owner]
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+
diff --git a/vendor/github.com/google/gnostic-models/compiler/README.md b/vendor/github.com/google/gnostic-models/compiler/README.md
new file mode 100644
index 000000000..ee9783d23
--- /dev/null
+++ b/vendor/github.com/google/gnostic-models/compiler/README.md
@@ -0,0 +1,4 @@
+# Compiler support code
+
+This directory contains compiler support code used by Gnostic and Gnostic
+extensions.
diff --git a/vendor/github.com/google/gnostic-models/compiler/context.go b/vendor/github.com/google/gnostic-models/compiler/context.go
new file mode 100644
index 000000000..1bfe96121
--- /dev/null
+++ b/vendor/github.com/google/gnostic-models/compiler/context.go
@@ -0,0 +1,49 @@
+// Copyright 2017 Google LLC. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package compiler
+
+import (
+	yaml "gopkg.in/yaml.v3"
+)
+
+// Context contains state of the compiler as it traverses a document.
+type Context struct {
+	Parent            *Context
+	Name              string
+	Node              *yaml.Node
+	ExtensionHandlers *[]ExtensionHandler
+}
+
+// NewContextWithExtensions returns a new object representing the compiler state
+func NewContextWithExtensions(name string, node *yaml.Node, parent *Context, extensionHandlers *[]ExtensionHandler) *Context {
+	return &Context{Name: name, Node: node, Parent: parent, ExtensionHandlers: extensionHandlers}
+}
+
+// NewContext returns a new object representing the compiler state
+func NewContext(name string, node *yaml.Node, parent *Context) *Context {
+	if parent != nil {
+		return &Context{Name: name, Node: node, Parent: parent, ExtensionHandlers: parent.ExtensionHandlers}
+	}
+	return &Context{Name: name, Parent: parent, ExtensionHandlers: nil}
+}
+
+// Description returns a text description of the compiler state
+func (context *Context) Description() string {
+	name := context.Name
+	if context.Parent != nil {
+		name = context.Parent.Description() + "." + name
+	}
+	return name
+}
diff --git a/vendor/github.com/google/gnostic-models/compiler/error.go b/vendor/github.com/google/gnostic-models/compiler/error.go
new file mode 100644
index 000000000..6f40515d6
--- /dev/null
+++ b/vendor/github.com/google/gnostic-models/compiler/error.go
@@ -0,0 +1,70 @@
+// Copyright 2017 Google LLC. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package compiler
+
+import "fmt"
+
+// Error represents compiler errors and their location in the document.
+type Error struct {
+	Context *Context
+	Message string
+}
+
+// NewError creates an Error.
+func NewError(context *Context, message string) *Error {
+	return &Error{Context: context, Message: message}
+}
+
+func (err *Error) locationDescription() string {
+	if err.Context.Node != nil {
+		return fmt.Sprintf("[%d,%d] %s", err.Context.Node.Line, err.Context.Node.Column, err.Context.Description())
+	}
+	return err.Context.Description()
+}
+
+// Error returns the string value of an Error.
+func (err *Error) Error() string {
+	if err.Context == nil {
+		return err.Message
+	}
+	return err.locationDescription() + " " + err.Message
+}
+
+// ErrorGroup is a container for groups of Error values.
+type ErrorGroup struct {
+	Errors []error
+}
+
+// NewErrorGroupOrNil returns a new ErrorGroup for a slice of errors or nil if the slice is empty.
+func NewErrorGroupOrNil(errors []error) error {
+	if len(errors) == 0 {
+		return nil
+	} else if len(errors) == 1 {
+		return errors[0]
+	} else {
+		return &ErrorGroup{Errors: errors}
+	}
+}
+
+func (group *ErrorGroup) Error() string {
+	result := ""
+	for i, err := range group.Errors {
+		if i > 0 {
+			result += "\n"
+		}
+		result += err.Error()
+	}
+	return result
+}
diff --git a/vendor/github.com/google/gnostic-models/compiler/extensions.go b/vendor/github.com/google/gnostic-models/compiler/extensions.go
new file mode 100644
index 000000000..16ae66faa
--- /dev/null
+++ b/vendor/github.com/google/gnostic-models/compiler/extensions.go
@@ -0,0 +1,86 @@
+// Copyright 2017 Google LLC. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package compiler
+
+import (
+	"bytes"
+	"fmt"
+	"os/exec"
+	"strings"
+
+	"google.golang.org/protobuf/proto"
+	"google.golang.org/protobuf/types/known/anypb"
+	yaml "gopkg.in/yaml.v3"
+
+	extensions "github.com/google/gnostic-models/extensions"
+)
+
+// ExtensionHandler describes a binary that is called by the compiler to handle specification extensions.
+type ExtensionHandler struct {
+	Name string
+}
+
+// CallExtension calls a binary extension handler.
+func CallExtension(context *Context, in *yaml.Node, extensionName string) (handled bool, response *anypb.Any, err error) {
+	if context == nil || context.ExtensionHandlers == nil {
+		return false, nil, nil
+	}
+	handled = false
+	for _, handler := range *(context.ExtensionHandlers) {
+		response, err = handler.handle(in, extensionName)
+		if response == nil {
+			continue
+		} else {
+			handled = true
+			break
+		}
+	}
+	return handled, response, err
+}
+
+func (extensionHandlers *ExtensionHandler) handle(in *yaml.Node, extensionName string) (*anypb.Any, error) {
+	if extensionHandlers.Name != "" {
+		yamlData, _ := yaml.Marshal(in)
+		request := &extensions.ExtensionHandlerRequest{
+			CompilerVersion: &extensions.Version{
+				Major: 0,
+				Minor: 1,
+				Patch: 0,
+			},
+			Wrapper: &extensions.Wrapper{
+				Version:       "unknown", // TODO: set this to the type/version of spec being parsed.
+				Yaml:          string(yamlData),
+				ExtensionName: extensionName,
+			},
+		}
+		requestBytes, _ := proto.Marshal(request)
+		cmd := exec.Command(extensionHandlers.Name)
+		cmd.Stdin = bytes.NewReader(requestBytes)
+		output, err := cmd.Output()
+		if err != nil {
+			return nil, err
+		}
+		response := &extensions.ExtensionHandlerResponse{}
+		err = proto.Unmarshal(output, response)
+		if err != nil || !response.Handled {
+			return nil, err
+		}
+		if len(response.Errors) != 0 {
+			return nil, fmt.Errorf("Errors when parsing: %+v for field %s by vendor extension handler %s. Details %+v", in, extensionName, extensionHandlers.Name, strings.Join(response.Errors, ","))
+		}
+		return response.Value, nil
+	}
+	return nil, nil
+}
diff --git a/vendor/github.com/google/gnostic-models/compiler/helpers.go b/vendor/github.com/google/gnostic-models/compiler/helpers.go
new file mode 100644
index 000000000..975d65e8f
--- /dev/null
+++ b/vendor/github.com/google/gnostic-models/compiler/helpers.go
@@ -0,0 +1,397 @@
+// Copyright 2017 Google LLC. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package compiler
+
+import (
+	"fmt"
+	"regexp"
+	"sort"
+	"strconv"
+
+	"gopkg.in/yaml.v3"
+
+	"github.com/google/gnostic-models/jsonschema"
+)
+
+// compiler helper functions, usually called from generated code
+
+// UnpackMap gets a *yaml.Node if possible.
+func UnpackMap(in *yaml.Node) (*yaml.Node, bool) {
+	if in == nil {
+		return nil, false
+	}
+	return in, true
+}
+
+// SortedKeysForMap returns the sorted keys of a yamlv2.MapSlice.
+func SortedKeysForMap(m *yaml.Node) []string {
+	keys := make([]string, 0)
+	if m.Kind == yaml.MappingNode {
+		for i := 0; i < len(m.Content); i += 2 {
+			keys = append(keys, m.Content[i].Value)
+		}
+	}
+	sort.Strings(keys)
+	return keys
+}
+
+// MapHasKey returns true if a yamlv2.MapSlice contains a specified key.
+func MapHasKey(m *yaml.Node, key string) bool {
+	if m == nil {
+		return false
+	}
+	if m.Kind == yaml.MappingNode {
+		for i := 0; i < len(m.Content); i += 2 {
+			itemKey := m.Content[i].Value
+			if key == itemKey {
+				return true
+			}
+		}
+	}
+	return false
+}
+
+// MapValueForKey gets the value of a map value for a specified key.
+func MapValueForKey(m *yaml.Node, key string) *yaml.Node {
+	if m == nil {
+		return nil
+	}
+	if m.Kind == yaml.MappingNode {
+		for i := 0; i < len(m.Content); i += 2 {
+			itemKey := m.Content[i].Value
+			if key == itemKey {
+				return m.Content[i+1]
+			}
+		}
+	}
+	return nil
+}
+
+// ConvertInterfaceArrayToStringArray converts an array of interfaces to an array of strings, if possible.
+func ConvertInterfaceArrayToStringArray(interfaceArray []interface{}) []string {
+	stringArray := make([]string, 0)
+	for _, item := range interfaceArray {
+		v, ok := item.(string)
+		if ok {
+			stringArray = append(stringArray, v)
+		}
+	}
+	return stringArray
+}
+
+// SequenceNodeForNode returns a node if it is a SequenceNode.
+func SequenceNodeForNode(node *yaml.Node) (*yaml.Node, bool) {
+	if node.Kind != yaml.SequenceNode {
+		return nil, false
+	}
+	return node, true
+}
+
+// BoolForScalarNode returns the bool value of a node.
+func BoolForScalarNode(node *yaml.Node) (bool, bool) {
+	if node == nil {
+		return false, false
+	}
+	if node.Kind == yaml.DocumentNode {
+		return BoolForScalarNode(node.Content[0])
+	}
+	if node.Kind != yaml.ScalarNode {
+		return false, false
+	}
+	if node.Tag != "!!bool" {
+		return false, false
+	}
+	v, err := strconv.ParseBool(node.Value)
+	if err != nil {
+		return false, false
+	}
+	return v, true
+}
+
+// IntForScalarNode returns the integer value of a node.
+func IntForScalarNode(node *yaml.Node) (int64, bool) {
+	if node == nil {
+		return 0, false
+	}
+	if node.Kind == yaml.DocumentNode {
+		return IntForScalarNode(node.Content[0])
+	}
+	if node.Kind != yaml.ScalarNode {
+		return 0, false
+	}
+	if node.Tag != "!!int" {
+		return 0, false
+	}
+	v, err := strconv.ParseInt(node.Value, 10, 64)
+	if err != nil {
+		return 0, false
+	}
+	return v, true
+}
+
+// FloatForScalarNode returns the float value of a node.
+func FloatForScalarNode(node *yaml.Node) (float64, bool) {
+	if node == nil {
+		return 0.0, false
+	}
+	if node.Kind == yaml.DocumentNode {
+		return FloatForScalarNode(node.Content[0])
+	}
+	if node.Kind != yaml.ScalarNode {
+		return 0.0, false
+	}
+	if (node.Tag != "!!int") && (node.Tag != "!!float") {
+		return 0.0, false
+	}
+	v, err := strconv.ParseFloat(node.Value, 64)
+	if err != nil {
+		return 0.0, false
+	}
+	return v, true
+}
+
+// StringForScalarNode returns the string value of a node.
+func StringForScalarNode(node *yaml.Node) (string, bool) {
+	if node == nil {
+		return "", false
+	}
+	if node.Kind == yaml.DocumentNode {
+		return StringForScalarNode(node.Content[0])
+	}
+	switch node.Kind {
+	case yaml.ScalarNode:
+		switch node.Tag {
+		case "!!int":
+			return node.Value, true
+		case "!!str":
+			return node.Value, true
+		case "!!timestamp":
+			return node.Value, true
+		case "!!null":
+			return "", true
+		default:
+			return "", false
+		}
+	default:
+		return "", false
+	}
+}
+
+// StringArrayForSequenceNode converts a sequence node to an array of strings, if possible.
+func StringArrayForSequenceNode(node *yaml.Node) []string {
+	stringArray := make([]string, 0)
+	for _, item := range node.Content {
+		v, ok := StringForScalarNode(item)
+		if ok {
+			stringArray = append(stringArray, v)
+		}
+	}
+	return stringArray
+}
+
+// MissingKeysInMap identifies which keys from a list of required keys are not in a map.
+func MissingKeysInMap(m *yaml.Node, requiredKeys []string) []string {
+	missingKeys := make([]string, 0)
+	for _, k := range requiredKeys {
+		if !MapHasKey(m, k) {
+			missingKeys = append(missingKeys, k)
+		}
+	}
+	return missingKeys
+}
+
+// InvalidKeysInMap returns keys in a map that don't match a list of allowed keys and patterns.
+func InvalidKeysInMap(m *yaml.Node, allowedKeys []string, allowedPatterns []*regexp.Regexp) []string {
+	invalidKeys := make([]string, 0)
+	if m == nil || m.Kind != yaml.MappingNode {
+		return invalidKeys
+	}
+	for i := 0; i < len(m.Content); i += 2 {
+		key := m.Content[i].Value
+		found := false
+		// does the key match an allowed key?
+		for _, allowedKey := range allowedKeys {
+			if key == allowedKey {
+				found = true
+				break
+			}
+		}
+		if !found {
+			// does the key match an allowed pattern?
+			for _, allowedPattern := range allowedPatterns {
+				if allowedPattern.MatchString(key) {
+					found = true
+					break
+				}
+			}
+			if !found {
+				invalidKeys = append(invalidKeys, key)
+			}
+		}
+	}
+	return invalidKeys
+}
+
+// NewNullNode creates a new Null node.
+func NewNullNode() *yaml.Node {
+	node := &yaml.Node{
+		Kind: yaml.ScalarNode,
+		Tag:  "!!null",
+	}
+	return node
+}
+
+// NewMappingNode creates a new Mapping node.
+func NewMappingNode() *yaml.Node {
+	return &yaml.Node{
+		Kind:    yaml.MappingNode,
+		Content: make([]*yaml.Node, 0),
+	}
+}
+
+// NewSequenceNode creates a new Sequence node.
+func NewSequenceNode() *yaml.Node {
+	node := &yaml.Node{
+		Kind:    yaml.SequenceNode,
+		Content: make([]*yaml.Node, 0),
+	}
+	return node
+}
+
+// NewScalarNodeForString creates a new node to hold a string.
+func NewScalarNodeForString(s string) *yaml.Node {
+	return &yaml.Node{
+		Kind:  yaml.ScalarNode,
+		Tag:   "!!str",
+		Value: s,
+	}
+}
+
+// NewSequenceNodeForStringArray creates a new node to hold an array of strings.
+func NewSequenceNodeForStringArray(strings []string) *yaml.Node {
+	node := &yaml.Node{
+		Kind:    yaml.SequenceNode,
+		Content: make([]*yaml.Node, 0),
+	}
+	for _, s := range strings {
+		node.Content = append(node.Content, NewScalarNodeForString(s))
+	}
+	return node
+}
+
+// NewScalarNodeForBool creates a new node to hold a bool.
+func NewScalarNodeForBool(b bool) *yaml.Node {
+	return &yaml.Node{
+		Kind:  yaml.ScalarNode,
+		Tag:   "!!bool",
+		Value: fmt.Sprintf("%t", b),
+	}
+}
+
+// NewScalarNodeForFloat creates a new node to hold a float.
+func NewScalarNodeForFloat(f float64) *yaml.Node {
+	return &yaml.Node{
+		Kind:  yaml.ScalarNode,
+		Tag:   "!!float",
+		Value: fmt.Sprintf("%g", f),
+	}
+}
+
+// NewScalarNodeForInt creates a new node to hold an integer.
+func NewScalarNodeForInt(i int64) *yaml.Node {
+	return &yaml.Node{
+		Kind:  yaml.ScalarNode,
+		Tag:   "!!int",
+		Value: fmt.Sprintf("%d", i),
+	}
+}
+
+// PluralProperties returns the string "properties" pluralized.
+func PluralProperties(count int) string {
+	if count == 1 {
+		return "property"
+	}
+	return "properties"
+}
+
+// StringArrayContainsValue returns true if a string array contains a specified value.
+func StringArrayContainsValue(array []string, value string) bool {
+	for _, item := range array {
+		if item == value {
+			return true
+		}
+	}
+	return false
+}
+
+// StringArrayContainsValues returns true if a string array contains all of a list of specified values.
+func StringArrayContainsValues(array []string, values []string) bool {
+	for _, value := range values {
+		if !StringArrayContainsValue(array, value) {
+			return false
+		}
+	}
+	return true
+}
+
+// StringValue returns the string value of an item.
+func StringValue(item interface{}) (value string, ok bool) {
+	value, ok = item.(string)
+	if ok {
+		return value, ok
+	}
+	intValue, ok := item.(int)
+	if ok {
+		return strconv.Itoa(intValue), true
+	}
+	return "", false
+}
+
+// Description returns a human-readable represention of an item.
+func Description(item interface{}) string {
+	value, ok := item.(*yaml.Node)
+	if ok {
+		return jsonschema.Render(value)
+	}
+	return fmt.Sprintf("%+v", item)
+}
+
+// Display returns a description of a node for use in error messages.
+func Display(node *yaml.Node) string {
+	switch node.Kind {
+	case yaml.ScalarNode:
+		switch node.Tag {
+		case "!!str":
+			return fmt.Sprintf("%s (string)", node.Value)
+		}
+	}
+	return fmt.Sprintf("%+v (%T)", node, node)
+}
+
+// Marshal creates a yaml version of a structure in our preferred style
+func Marshal(in *yaml.Node) []byte {
+	clearStyle(in)
+	//bytes, _ := yaml.Marshal(&yaml.Node{Kind: yaml.DocumentNode, Content: []*yaml.Node{in}})
+	bytes, _ := yaml.Marshal(in)
+
+	return bytes
+}
+
+func clearStyle(node *yaml.Node) {
+	node.Style = 0
+	for _, c := range node.Content {
+		clearStyle(c)
+	}
+}
diff --git a/vendor/github.com/google/gnostic-models/compiler/main.go b/vendor/github.com/google/gnostic-models/compiler/main.go
new file mode 100644
index 000000000..ce9fcc456
--- /dev/null
+++ b/vendor/github.com/google/gnostic-models/compiler/main.go
@@ -0,0 +1,16 @@
+// Copyright 2017 Google LLC. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Package compiler provides support functions to generated compiler code.
+package compiler
diff --git a/vendor/github.com/google/gnostic-models/compiler/reader.go b/vendor/github.com/google/gnostic-models/compiler/reader.go
new file mode 100644
index 000000000..be0e8b40c
--- /dev/null
+++ b/vendor/github.com/google/gnostic-models/compiler/reader.go
@@ -0,0 +1,307 @@
+// Copyright 2017 Google LLC. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package compiler
+
+import (
+	"fmt"
+	"io/ioutil"
+	"log"
+	"net/http"
+	"net/url"
+	"path/filepath"
+	"strings"
+	"sync"
+
+	yaml "gopkg.in/yaml.v3"
+)
+
+var verboseReader = false
+
+var fileCache map[string][]byte
+var infoCache map[string]*yaml.Node
+
+var fileCacheEnable = true
+var infoCacheEnable = true
+
+// These locks are used to synchronize accesses to the fileCache and infoCache
+// maps (above). They are global state and can throw thread-related errors
+// when modified from separate goroutines. The general strategy is to protect
+// all public functions in this file with mutex Lock() calls. As a result, to
+// avoid deadlock, these public functions should not call other public
+// functions, so some public functions have private equivalents.
+// In the future, we might consider replacing the maps with sync.Map and
+// eliminating these mutexes.
+var fileCacheMutex sync.Mutex
+var infoCacheMutex sync.Mutex
+
+func initializeFileCache() {
+	if fileCache == nil {
+		fileCache = make(map[string][]byte, 0)
+	}
+}
+
+func initializeInfoCache() {
+	if infoCache == nil {
+		infoCache = make(map[string]*yaml.Node, 0)
+	}
+}
+
+// EnableFileCache turns on file caching.
+func EnableFileCache() {
+	fileCacheMutex.Lock()
+	defer fileCacheMutex.Unlock()
+	fileCacheEnable = true
+}
+
+// EnableInfoCache turns on parsed info caching.
+func EnableInfoCache() {
+	infoCacheMutex.Lock()
+	defer infoCacheMutex.Unlock()
+	infoCacheEnable = true
+}
+
+// DisableFileCache turns off file caching.
+func DisableFileCache() {
+	fileCacheMutex.Lock()
+	defer fileCacheMutex.Unlock()
+	fileCacheEnable = false
+}
+
+// DisableInfoCache turns off parsed info caching.
+func DisableInfoCache() {
+	infoCacheMutex.Lock()
+	defer infoCacheMutex.Unlock()
+	infoCacheEnable = false
+}
+
+// RemoveFromFileCache removes an entry from the file cache.
+func RemoveFromFileCache(fileurl string) {
+	fileCacheMutex.Lock()
+	defer fileCacheMutex.Unlock()
+	if !fileCacheEnable {
+		return
+	}
+	initializeFileCache()
+	delete(fileCache, fileurl)
+}
+
+// RemoveFromInfoCache removes an entry from the info cache.
+func RemoveFromInfoCache(filename string) {
+	infoCacheMutex.Lock()
+	defer infoCacheMutex.Unlock()
+	if !infoCacheEnable {
+		return
+	}
+	initializeInfoCache()
+	delete(infoCache, filename)
+}
+
+// GetInfoCache returns the info cache map.
+func GetInfoCache() map[string]*yaml.Node {
+	infoCacheMutex.Lock()
+	defer infoCacheMutex.Unlock()
+	if infoCache == nil {
+		initializeInfoCache()
+	}
+	return infoCache
+}
+
+// ClearFileCache clears the file cache.
+func ClearFileCache() {
+	fileCacheMutex.Lock()
+	defer fileCacheMutex.Unlock()
+	fileCache = make(map[string][]byte, 0)
+}
+
+// ClearInfoCache clears the info cache.
+func ClearInfoCache() {
+	infoCacheMutex.Lock()
+	defer infoCacheMutex.Unlock()
+	infoCache = make(map[string]*yaml.Node)
+}
+
+// ClearCaches clears all caches.
+func ClearCaches() {
+	ClearFileCache()
+	ClearInfoCache()
+}
+
+// FetchFile gets a specified file from the local filesystem or a remote location.
+func FetchFile(fileurl string) ([]byte, error) {
+	fileCacheMutex.Lock()
+	defer fileCacheMutex.Unlock()
+	return fetchFile(fileurl)
+}
+
+func fetchFile(fileurl string) ([]byte, error) {
+	var bytes []byte
+	initializeFileCache()
+	if fileCacheEnable {
+		bytes, ok := fileCache[fileurl]
+		if ok {
+			if verboseReader {
+				log.Printf("Cache hit %s", fileurl)
+			}
+			return bytes, nil
+		}
+		if verboseReader {
+			log.Printf("Fetching %s", fileurl)
+		}
+	}
+	response, err := http.Get(fileurl)
+	if err != nil {
+		return nil, err
+	}
+	defer response.Body.Close()
+	if response.StatusCode != 200 {
+		return nil, fmt.Errorf("Error downloading %s: %s", fileurl, response.Status)
+	}
+	bytes, err = ioutil.ReadAll(response.Body)
+	if fileCacheEnable && err == nil {
+		fileCache[fileurl] = bytes
+	}
+	return bytes, err
+}
+
+// ReadBytesForFile reads the bytes of a file.
+func ReadBytesForFile(filename string) ([]byte, error) {
+	fileCacheMutex.Lock()
+	defer fileCacheMutex.Unlock()
+	return readBytesForFile(filename)
+}
+
+func readBytesForFile(filename string) ([]byte, error) {
+	// is the filename a url?
+	fileurl, _ := url.Parse(filename)
+	if fileurl.Scheme != "" {
+		// yes, fetch it
+		bytes, err := fetchFile(filename)
+		if err != nil {
+			return nil, err
+		}
+		return bytes, nil
+	}
+	// no, it's a local filename
+	bytes, err := ioutil.ReadFile(filename)
+	if err != nil {
+		return nil, err
+	}
+	return bytes, nil
+}
+
+// ReadInfoFromBytes unmarshals a file as a *yaml.Node.
+func ReadInfoFromBytes(filename string, bytes []byte) (*yaml.Node, error) {
+	infoCacheMutex.Lock()
+	defer infoCacheMutex.Unlock()
+	return readInfoFromBytes(filename, bytes)
+}
+
+func readInfoFromBytes(filename string, bytes []byte) (*yaml.Node, error) {
+	initializeInfoCache()
+	if infoCacheEnable {
+		cachedInfo, ok := infoCache[filename]
+		if ok {
+			if verboseReader {
+				log.Printf("Cache hit info for file %s", filename)
+			}
+			return cachedInfo, nil
+		}
+		if verboseReader {
+			log.Printf("Reading info for file %s", filename)
+		}
+	}
+	var info yaml.Node
+	err := yaml.Unmarshal(bytes, &info)
+	if err != nil {
+		return nil, err
+	}
+	if infoCacheEnable && len(filename) > 0 {
+		infoCache[filename] = &info
+	}
+	return &info, nil
+}
+
+// ReadInfoForRef reads a file and return the fragment needed to resolve a $ref.
+func ReadInfoForRef(basefile string, ref string) (*yaml.Node, error) {
+	fileCacheMutex.Lock()
+	defer fileCacheMutex.Unlock()
+	infoCacheMutex.Lock()
+	defer infoCacheMutex.Unlock()
+	initializeInfoCache()
+	if infoCacheEnable {
+		info, ok := infoCache[ref]
+		if ok {
+			if verboseReader {
+				log.Printf("Cache hit for ref %s#%s", basefile, ref)
+			}
+			return info, nil
+		}
+		if verboseReader {
+			log.Printf("Reading info for ref %s#%s", basefile, ref)
+		}
+	}
+	basedir, _ := filepath.Split(basefile)
+	parts := strings.Split(ref, "#")
+	var filename string
+	if parts[0] != "" {
+		filename = parts[0]
+		if _, err := url.ParseRequestURI(parts[0]); err != nil {
+			// It is not an URL, so the file is local
+			filename = basedir + parts[0]
+		}
+	} else {
+		filename = basefile
+	}
+	bytes, err := readBytesForFile(filename)
+	if err != nil {
+		return nil, err
+	}
+	info, err := readInfoFromBytes(filename, bytes)
+	if info != nil && info.Kind == yaml.DocumentNode {
+		info = info.Content[0]
+	}
+	if err != nil {
+		log.Printf("File error: %v\n", err)
+	} else {
+		if info == nil {
+			return nil, NewError(nil, fmt.Sprintf("could not resolve %s", ref))
+		}
+		if len(parts) > 1 {
+			path := strings.Split(parts[1], "/")
+			for i, key := range path {
+				if i > 0 {
+					m := info
+					if true {
+						found := false
+						for i := 0; i < len(m.Content); i += 2 {
+							if m.Content[i].Value == key {
+								info = m.Content[i+1]
+								found = true
+							}
+						}
+						if !found {
+							infoCache[ref] = nil
+							return nil, NewError(nil, fmt.Sprintf("could not resolve %s", ref))
+						}
+					}
+				}
+			}
+		}
+	}
+	if infoCacheEnable {
+		infoCache[ref] = info
+	}
+	return info, nil
+}
diff --git a/vendor/github.com/google/gnostic-models/extensions/README.md b/vendor/github.com/google/gnostic-models/extensions/README.md
new file mode 100644
index 000000000..4b5d63e58
--- /dev/null
+++ b/vendor/github.com/google/gnostic-models/extensions/README.md
@@ -0,0 +1,13 @@
+# Extensions
+
+**Extension Support is experimental.**
+
+This directory contains support code for building Gnostic extensio handlers and
+associated examples.
+
+Extension handlers can be used to compile vendor or specification extensions
+into protocol buffer structures.
+
+Like plugins, extension handlers are built as separate executables. Extension
+bodies are written to extension handlers as serialized
+ExtensionHandlerRequests.
diff --git a/vendor/github.com/google/gnostic-models/extensions/extension.pb.go b/vendor/github.com/google/gnostic-models/extensions/extension.pb.go
new file mode 100644
index 000000000..a71df8abe
--- /dev/null
+++ b/vendor/github.com/google/gnostic-models/extensions/extension.pb.go
@@ -0,0 +1,461 @@
+// Copyright 2017 Google LLC. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// 	protoc-gen-go v1.27.1
+// 	protoc        v3.19.3
+// source: extensions/extension.proto
+
+package gnostic_extension_v1
+
+import (
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+	anypb "google.golang.org/protobuf/types/known/anypb"
+	reflect "reflect"
+	sync "sync"
+)
+
+const (
+	// Verify that this generated code is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+	// Verify that runtime/protoimpl is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+// The version number of Gnostic.
+type Version struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	Major int32 `protobuf:"varint,1,opt,name=major,proto3" json:"major,omitempty"`
+	Minor int32 `protobuf:"varint,2,opt,name=minor,proto3" json:"minor,omitempty"`
+	Patch int32 `protobuf:"varint,3,opt,name=patch,proto3" json:"patch,omitempty"`
+	// A suffix for alpha, beta or rc release, e.g., "alpha-1", "rc2". It should
+	// be empty for mainline stable releases.
+	Suffix string `protobuf:"bytes,4,opt,name=suffix,proto3" json:"suffix,omitempty"`
+}
+
+func (x *Version) Reset() {
+	*x = Version{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_extensions_extension_proto_msgTypes[0]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *Version) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*Version) ProtoMessage() {}
+
+func (x *Version) ProtoReflect() protoreflect.Message {
+	mi := &file_extensions_extension_proto_msgTypes[0]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use Version.ProtoReflect.Descriptor instead.
+func (*Version) Descriptor() ([]byte, []int) {
+	return file_extensions_extension_proto_rawDescGZIP(), []int{0}
+}
+
+func (x *Version) GetMajor() int32 {
+	if x != nil {
+		return x.Major
+	}
+	return 0
+}
+
+func (x *Version) GetMinor() int32 {
+	if x != nil {
+		return x.Minor
+	}
+	return 0
+}
+
+func (x *Version) GetPatch() int32 {
+	if x != nil {
+		return x.Patch
+	}
+	return 0
+}
+
+func (x *Version) GetSuffix() string {
+	if x != nil {
+		return x.Suffix
+	}
+	return ""
+}
+
+// An encoded Request is written to the ExtensionHandler's stdin.
+type ExtensionHandlerRequest struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// The extension to process.
+	Wrapper *Wrapper `protobuf:"bytes,1,opt,name=wrapper,proto3" json:"wrapper,omitempty"`
+	// The version number of Gnostic.
+	CompilerVersion *Version `protobuf:"bytes,2,opt,name=compiler_version,json=compilerVersion,proto3" json:"compiler_version,omitempty"`
+}
+
+func (x *ExtensionHandlerRequest) Reset() {
+	*x = ExtensionHandlerRequest{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_extensions_extension_proto_msgTypes[1]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *ExtensionHandlerRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ExtensionHandlerRequest) ProtoMessage() {}
+
+func (x *ExtensionHandlerRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_extensions_extension_proto_msgTypes[1]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ExtensionHandlerRequest.ProtoReflect.Descriptor instead.
+func (*ExtensionHandlerRequest) Descriptor() ([]byte, []int) {
+	return file_extensions_extension_proto_rawDescGZIP(), []int{1}
+}
+
+func (x *ExtensionHandlerRequest) GetWrapper() *Wrapper {
+	if x != nil {
+		return x.Wrapper
+	}
+	return nil
+}
+
+func (x *ExtensionHandlerRequest) GetCompilerVersion() *Version {
+	if x != nil {
+		return x.CompilerVersion
+	}
+	return nil
+}
+
+// The extensions writes an encoded ExtensionHandlerResponse to stdout.
+type ExtensionHandlerResponse struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// true if the extension is handled by the extension handler; false otherwise
+	Handled bool `protobuf:"varint,1,opt,name=handled,proto3" json:"handled,omitempty"`
+	// Error message(s).  If non-empty, the extension handling failed.
+	// The extension handler process should exit with status code zero
+	// even if it reports an error in this way.
+	//
+	// This should be used to indicate errors which prevent the extension from
+	// operating as intended.  Errors which indicate a problem in gnostic
+	// itself -- such as the input Document being unparseable -- should be
+	// reported by writing a message to stderr and exiting with a non-zero
+	// status code.
+	Errors []string `protobuf:"bytes,2,rep,name=errors,proto3" json:"errors,omitempty"`
+	// text output
+	Value *anypb.Any `protobuf:"bytes,3,opt,name=value,proto3" json:"value,omitempty"`
+}
+
+func (x *ExtensionHandlerResponse) Reset() {
+	*x = ExtensionHandlerResponse{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_extensions_extension_proto_msgTypes[2]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *ExtensionHandlerResponse) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ExtensionHandlerResponse) ProtoMessage() {}
+
+func (x *ExtensionHandlerResponse) ProtoReflect() protoreflect.Message {
+	mi := &file_extensions_extension_proto_msgTypes[2]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ExtensionHandlerResponse.ProtoReflect.Descriptor instead.
+func (*ExtensionHandlerResponse) Descriptor() ([]byte, []int) {
+	return file_extensions_extension_proto_rawDescGZIP(), []int{2}
+}
+
+func (x *ExtensionHandlerResponse) GetHandled() bool {
+	if x != nil {
+		return x.Handled
+	}
+	return false
+}
+
+func (x *ExtensionHandlerResponse) GetErrors() []string {
+	if x != nil {
+		return x.Errors
+	}
+	return nil
+}
+
+func (x *ExtensionHandlerResponse) GetValue() *anypb.Any {
+	if x != nil {
+		return x.Value
+	}
+	return nil
+}
+
+type Wrapper struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// version of the OpenAPI specification in which this extension was written.
+	Version string `protobuf:"bytes,1,opt,name=version,proto3" json:"version,omitempty"`
+	// Name of the extension.
+	ExtensionName string `protobuf:"bytes,2,opt,name=extension_name,json=extensionName,proto3" json:"extension_name,omitempty"`
+	// YAML-formatted extension value.
+	Yaml string `protobuf:"bytes,3,opt,name=yaml,proto3" json:"yaml,omitempty"`
+}
+
+func (x *Wrapper) Reset() {
+	*x = Wrapper{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_extensions_extension_proto_msgTypes[3]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *Wrapper) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*Wrapper) ProtoMessage() {}
+
+func (x *Wrapper) ProtoReflect() protoreflect.Message {
+	mi := &file_extensions_extension_proto_msgTypes[3]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use Wrapper.ProtoReflect.Descriptor instead.
+func (*Wrapper) Descriptor() ([]byte, []int) {
+	return file_extensions_extension_proto_rawDescGZIP(), []int{3}
+}
+
+func (x *Wrapper) GetVersion() string {
+	if x != nil {
+		return x.Version
+	}
+	return ""
+}
+
+func (x *Wrapper) GetExtensionName() string {
+	if x != nil {
+		return x.ExtensionName
+	}
+	return ""
+}
+
+func (x *Wrapper) GetYaml() string {
+	if x != nil {
+		return x.Yaml
+	}
+	return ""
+}
+
+var File_extensions_extension_proto protoreflect.FileDescriptor
+
+var file_extensions_extension_proto_rawDesc = []byte{
+	0x0a, 0x1a, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x2f, 0x65, 0x78, 0x74,
+	0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x14, 0x67, 0x6e,
+	0x6f, 0x73, 0x74, 0x69, 0x63, 0x2e, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x2e,
+	0x76, 0x31, 0x1a, 0x19, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f,
+	0x62, 0x75, 0x66, 0x2f, 0x61, 0x6e, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x63, 0x0a,
+	0x07, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x14, 0x0a, 0x05, 0x6d, 0x61, 0x6a, 0x6f,
+	0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x05, 0x6d, 0x61, 0x6a, 0x6f, 0x72, 0x12, 0x14,
+	0x0a, 0x05, 0x6d, 0x69, 0x6e, 0x6f, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x05, 0x6d,
+	0x69, 0x6e, 0x6f, 0x72, 0x12, 0x14, 0x0a, 0x05, 0x70, 0x61, 0x74, 0x63, 0x68, 0x18, 0x03, 0x20,
+	0x01, 0x28, 0x05, 0x52, 0x05, 0x70, 0x61, 0x74, 0x63, 0x68, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x75,
+	0x66, 0x66, 0x69, 0x78, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x75, 0x66, 0x66,
+	0x69, 0x78, 0x22, 0x9c, 0x01, 0x0a, 0x17, 0x45, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e,
+	0x48, 0x61, 0x6e, 0x64, 0x6c, 0x65, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x37,
+	0x0a, 0x07, 0x77, 0x72, 0x61, 0x70, 0x70, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32,
+	0x1d, 0x2e, 0x67, 0x6e, 0x6f, 0x73, 0x74, 0x69, 0x63, 0x2e, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x73,
+	0x69, 0x6f, 0x6e, 0x2e, 0x76, 0x31, 0x2e, 0x57, 0x72, 0x61, 0x70, 0x70, 0x65, 0x72, 0x52, 0x07,
+	0x77, 0x72, 0x61, 0x70, 0x70, 0x65, 0x72, 0x12, 0x48, 0x0a, 0x10, 0x63, 0x6f, 0x6d, 0x70, 0x69,
+	0x6c, 0x65, 0x72, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28,
+	0x0b, 0x32, 0x1d, 0x2e, 0x67, 0x6e, 0x6f, 0x73, 0x74, 0x69, 0x63, 0x2e, 0x65, 0x78, 0x74, 0x65,
+	0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x2e, 0x76, 0x31, 0x2e, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e,
+	0x52, 0x0f, 0x63, 0x6f, 0x6d, 0x70, 0x69, 0x6c, 0x65, 0x72, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f,
+	0x6e, 0x22, 0x78, 0x0a, 0x18, 0x45, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x48, 0x61,
+	0x6e, 0x64, 0x6c, 0x65, 0x72, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x18, 0x0a,
+	0x07, 0x68, 0x61, 0x6e, 0x64, 0x6c, 0x65, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07,
+	0x68, 0x61, 0x6e, 0x64, 0x6c, 0x65, 0x64, 0x12, 0x16, 0x0a, 0x06, 0x65, 0x72, 0x72, 0x6f, 0x72,
+	0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x06, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x73, 0x12,
+	0x2a, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x14,
+	0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66,
+	0x2e, 0x41, 0x6e, 0x79, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x22, 0x5e, 0x0a, 0x07, 0x57,
+	0x72, 0x61, 0x70, 0x70, 0x65, 0x72, 0x12, 0x18, 0x0a, 0x07, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f,
+	0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e,
+	0x12, 0x25, 0x0a, 0x0e, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x5f, 0x6e, 0x61,
+	0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x73,
+	0x69, 0x6f, 0x6e, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x79, 0x61, 0x6d, 0x6c, 0x18,
+	0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x79, 0x61, 0x6d, 0x6c, 0x42, 0x4d, 0x0a, 0x0e, 0x6f,
+	0x72, 0x67, 0x2e, 0x67, 0x6e, 0x6f, 0x73, 0x74, 0x69, 0x63, 0x2e, 0x76, 0x31, 0x42, 0x10, 0x47,
+	0x6e, 0x6f, 0x73, 0x74, 0x69, 0x63, 0x45, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x50,
+	0x01, 0x5a, 0x21, 0x2e, 0x2f, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x3b,
+	0x67, 0x6e, 0x6f, 0x73, 0x74, 0x69, 0x63, 0x5f, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f,
+	0x6e, 0x5f, 0x76, 0x31, 0xa2, 0x02, 0x03, 0x47, 0x4e, 0x58, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74,
+	0x6f, 0x33,
+}
+
+var (
+	file_extensions_extension_proto_rawDescOnce sync.Once
+	file_extensions_extension_proto_rawDescData = file_extensions_extension_proto_rawDesc
+)
+
+func file_extensions_extension_proto_rawDescGZIP() []byte {
+	file_extensions_extension_proto_rawDescOnce.Do(func() {
+		file_extensions_extension_proto_rawDescData = protoimpl.X.CompressGZIP(file_extensions_extension_proto_rawDescData)
+	})
+	return file_extensions_extension_proto_rawDescData
+}
+
+var file_extensions_extension_proto_msgTypes = make([]protoimpl.MessageInfo, 4)
+var file_extensions_extension_proto_goTypes = []interface{}{
+	(*Version)(nil),                  // 0: gnostic.extension.v1.Version
+	(*ExtensionHandlerRequest)(nil),  // 1: gnostic.extension.v1.ExtensionHandlerRequest
+	(*ExtensionHandlerResponse)(nil), // 2: gnostic.extension.v1.ExtensionHandlerResponse
+	(*Wrapper)(nil),                  // 3: gnostic.extension.v1.Wrapper
+	(*anypb.Any)(nil),                // 4: google.protobuf.Any
+}
+var file_extensions_extension_proto_depIdxs = []int32{
+	3, // 0: gnostic.extension.v1.ExtensionHandlerRequest.wrapper:type_name -> gnostic.extension.v1.Wrapper
+	0, // 1: gnostic.extension.v1.ExtensionHandlerRequest.compiler_version:type_name -> gnostic.extension.v1.Version
+	4, // 2: gnostic.extension.v1.ExtensionHandlerResponse.value:type_name -> google.protobuf.Any
+	3, // [3:3] is the sub-list for method output_type
+	3, // [3:3] is the sub-list for method input_type
+	3, // [3:3] is the sub-list for extension type_name
+	3, // [3:3] is the sub-list for extension extendee
+	0, // [0:3] is the sub-list for field type_name
+}
+
+func init() { file_extensions_extension_proto_init() }
+func file_extensions_extension_proto_init() {
+	if File_extensions_extension_proto != nil {
+		return
+	}
+	if !protoimpl.UnsafeEnabled {
+		file_extensions_extension_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*Version); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_extensions_extension_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*ExtensionHandlerRequest); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_extensions_extension_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*ExtensionHandlerResponse); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_extensions_extension_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*Wrapper); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+	}
+	type x struct{}
+	out := protoimpl.TypeBuilder{
+		File: protoimpl.DescBuilder{
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+			RawDescriptor: file_extensions_extension_proto_rawDesc,
+			NumEnums:      0,
+			NumMessages:   4,
+			NumExtensions: 0,
+			NumServices:   0,
+		},
+		GoTypes:           file_extensions_extension_proto_goTypes,
+		DependencyIndexes: file_extensions_extension_proto_depIdxs,
+		MessageInfos:      file_extensions_extension_proto_msgTypes,
+	}.Build()
+	File_extensions_extension_proto = out.File
+	file_extensions_extension_proto_rawDesc = nil
+	file_extensions_extension_proto_goTypes = nil
+	file_extensions_extension_proto_depIdxs = nil
+}
diff --git a/vendor/github.com/google/gnostic-models/extensions/extension.proto b/vendor/github.com/google/gnostic-models/extensions/extension.proto
new file mode 100644
index 000000000..875137c1a
--- /dev/null
+++ b/vendor/github.com/google/gnostic-models/extensions/extension.proto
@@ -0,0 +1,97 @@
+// Copyright 2017 Google LLC. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+syntax = "proto3";
+
+package gnostic.extension.v1;
+
+import "google/protobuf/any.proto";
+
+// This option lets the proto compiler generate Java code inside the package
+// name (see below) instead of inside an outer class. It creates a simpler
+// developer experience by reducing one-level of name nesting and be
+// consistent with most programming languages that don't support outer classes.
+option java_multiple_files = true;
+
+// The Java outer classname should be the filename in UpperCamelCase. This
+// class is only used to hold proto descriptor, so developers don't need to
+// work with it directly.
+option java_outer_classname = "GnosticExtension";
+
+// The Java package name must be proto package name with proper prefix.
+option java_package = "org.gnostic.v1";
+
+// A reasonable prefix for the Objective-C symbols generated from the package.
+// It should at a minimum be 3 characters long, all uppercase, and convention
+// is to use an abbreviation of the package name. Something short, but
+// hopefully unique enough to not conflict with things that may come along in
+// the future. 'GPB' is reserved for the protocol buffer implementation itself.
+//
+// "Gnostic Extension"
+option objc_class_prefix = "GNX";
+
+// The Go package name.
+option go_package = "./extensions;gnostic_extension_v1";
+
+// The version number of Gnostic.
+message Version {
+  int32 major = 1;
+  int32 minor = 2;
+  int32 patch = 3;
+  // A suffix for alpha, beta or rc release, e.g., "alpha-1", "rc2". It should
+  // be empty for mainline stable releases.
+  string suffix = 4;
+}
+
+// An encoded Request is written to the ExtensionHandler's stdin.
+message ExtensionHandlerRequest {
+
+  // The extension to process.
+  Wrapper wrapper = 1;
+
+  // The version number of Gnostic.
+  Version compiler_version = 2;
+}
+
+// The extensions writes an encoded ExtensionHandlerResponse to stdout.
+message ExtensionHandlerResponse {
+
+  // true if the extension is handled by the extension handler; false otherwise
+  bool handled = 1;
+
+  // Error message(s).  If non-empty, the extension handling failed.
+  // The extension handler process should exit with status code zero
+  // even if it reports an error in this way.
+  //
+  // This should be used to indicate errors which prevent the extension from
+  // operating as intended.  Errors which indicate a problem in gnostic
+  // itself -- such as the input Document being unparseable -- should be
+  // reported by writing a message to stderr and exiting with a non-zero
+  // status code.
+  repeated string errors = 2;
+
+  // text output
+  google.protobuf.Any value = 3;
+}
+
+message Wrapper {
+  // version of the OpenAPI specification in which this extension was written.
+  string version = 1;
+
+  // Name of the extension.
+  string extension_name = 2;
+
+  // YAML-formatted extension value.
+  string yaml = 3;
+}
diff --git a/vendor/github.com/google/gnostic-models/extensions/extensions.go b/vendor/github.com/google/gnostic-models/extensions/extensions.go
new file mode 100644
index 000000000..0768163e5
--- /dev/null
+++ b/vendor/github.com/google/gnostic-models/extensions/extensions.go
@@ -0,0 +1,64 @@
+// Copyright 2017 Google LLC. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package gnostic_extension_v1
+
+import (
+	"io/ioutil"
+	"log"
+	"os"
+
+	"google.golang.org/protobuf/proto"
+	"google.golang.org/protobuf/types/known/anypb"
+)
+
+type extensionHandler func(name string, yamlInput string) (bool, proto.Message, error)
+
+// Main implements the main program of an extension handler.
+func Main(handler extensionHandler) {
+	// unpack the request
+	data, err := ioutil.ReadAll(os.Stdin)
+	if err != nil {
+		log.Println("File error:", err.Error())
+		os.Exit(1)
+	}
+	if len(data) == 0 {
+		log.Println("No input data.")
+		os.Exit(1)
+	}
+	request := &ExtensionHandlerRequest{}
+	err = proto.Unmarshal(data, request)
+	if err != nil {
+		log.Println("Input error:", err.Error())
+		os.Exit(1)
+	}
+	// call the handler
+	handled, output, err := handler(request.Wrapper.ExtensionName, request.Wrapper.Yaml)
+	// respond with the output of the handler
+	response := &ExtensionHandlerResponse{
+		Handled: false, // default assumption
+		Errors:  make([]string, 0),
+	}
+	if err != nil {
+		response.Errors = append(response.Errors, err.Error())
+	} else if handled {
+		response.Handled = true
+		response.Value, err = anypb.New(output)
+		if err != nil {
+			response.Errors = append(response.Errors, err.Error())
+		}
+	}
+	responseBytes, _ := proto.Marshal(response)
+	os.Stdout.Write(responseBytes)
+}
diff --git a/vendor/github.com/google/gnostic-models/jsonschema/README.md b/vendor/github.com/google/gnostic-models/jsonschema/README.md
new file mode 100644
index 000000000..6793c5179
--- /dev/null
+++ b/vendor/github.com/google/gnostic-models/jsonschema/README.md
@@ -0,0 +1,4 @@
+# jsonschema
+
+This directory contains code for reading, writing, and manipulating JSON
+schemas.
diff --git a/vendor/github.com/google/gnostic-models/jsonschema/base.go b/vendor/github.com/google/gnostic-models/jsonschema/base.go
new file mode 100644
index 000000000..5fcc4885a
--- /dev/null
+++ b/vendor/github.com/google/gnostic-models/jsonschema/base.go
@@ -0,0 +1,97 @@
+// Copyright 2017 Google LLC. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// THIS FILE IS AUTOMATICALLY GENERATED.
+
+package jsonschema
+
+import (
+	"encoding/base64"
+)
+
+func baseSchemaBytes() ([]byte, error){
+	return base64.StdEncoding.DecodeString(
+`ewogICAgImlkIjogImh0dHA6Ly9qc29uLXNjaGVtYS5vcmcvZHJhZnQtMDQvc2NoZW1hIyIsCiAgICAi
+JHNjaGVtYSI6ICJodHRwOi8vanNvbi1zY2hlbWEub3JnL2RyYWZ0LTA0L3NjaGVtYSMiLAogICAgImRl
+c2NyaXB0aW9uIjogIkNvcmUgc2NoZW1hIG1ldGEtc2NoZW1hIiwKICAgICJkZWZpbml0aW9ucyI6IHsK
+ICAgICAgICAic2NoZW1hQXJyYXkiOiB7CiAgICAgICAgICAgICJ0eXBlIjogImFycmF5IiwKICAgICAg
+ICAgICAgIm1pbkl0ZW1zIjogMSwKICAgICAgICAgICAgIml0ZW1zIjogeyAiJHJlZiI6ICIjIiB9CiAg
+ICAgICAgfSwKICAgICAgICAicG9zaXRpdmVJbnRlZ2VyIjogewogICAgICAgICAgICAidHlwZSI6ICJp
+bnRlZ2VyIiwKICAgICAgICAgICAgIm1pbmltdW0iOiAwCiAgICAgICAgfSwKICAgICAgICAicG9zaXRp
+dmVJbnRlZ2VyRGVmYXVsdDAiOiB7CiAgICAgICAgICAgICJhbGxPZiI6IFsgeyAiJHJlZiI6ICIjL2Rl
+ZmluaXRpb25zL3Bvc2l0aXZlSW50ZWdlciIgfSwgeyAiZGVmYXVsdCI6IDAgfSBdCiAgICAgICAgfSwK
+ICAgICAgICAic2ltcGxlVHlwZXMiOiB7CiAgICAgICAgICAgICJlbnVtIjogWyAiYXJyYXkiLCAiYm9v
+bGVhbiIsICJpbnRlZ2VyIiwgIm51bGwiLCAibnVtYmVyIiwgIm9iamVjdCIsICJzdHJpbmciIF0KICAg
+ICAgICB9LAogICAgICAgICJzdHJpbmdBcnJheSI6IHsKICAgICAgICAgICAgInR5cGUiOiAiYXJyYXki
+LAogICAgICAgICAgICAiaXRlbXMiOiB7ICJ0eXBlIjogInN0cmluZyIgfSwKICAgICAgICAgICAgIm1p
+bkl0ZW1zIjogMSwKICAgICAgICAgICAgInVuaXF1ZUl0ZW1zIjogdHJ1ZQogICAgICAgIH0KICAgIH0s
+CiAgICAidHlwZSI6ICJvYmplY3QiLAogICAgInByb3BlcnRpZXMiOiB7CiAgICAgICAgImlkIjogewog
+ICAgICAgICAgICAidHlwZSI6ICJzdHJpbmciLAogICAgICAgICAgICAiZm9ybWF0IjogInVyaSIKICAg
+ICAgICB9LAogICAgICAgICIkc2NoZW1hIjogewogICAgICAgICAgICAidHlwZSI6ICJzdHJpbmciLAog
+ICAgICAgICAgICAiZm9ybWF0IjogInVyaSIKICAgICAgICB9LAogICAgICAgICJ0aXRsZSI6IHsKICAg
+ICAgICAgICAgInR5cGUiOiAic3RyaW5nIgogICAgICAgIH0sCiAgICAgICAgImRlc2NyaXB0aW9uIjog
+ewogICAgICAgICAgICAidHlwZSI6ICJzdHJpbmciCiAgICAgICAgfSwKICAgICAgICAiZGVmYXVsdCI6
+IHt9LAogICAgICAgICJtdWx0aXBsZU9mIjogewogICAgICAgICAgICAidHlwZSI6ICJudW1iZXIiLAog
+ICAgICAgICAgICAibWluaW11bSI6IDAsCiAgICAgICAgICAgICJleGNsdXNpdmVNaW5pbXVtIjogdHJ1
+ZQogICAgICAgIH0sCiAgICAgICAgIm1heGltdW0iOiB7CiAgICAgICAgICAgICJ0eXBlIjogIm51bWJl
+ciIKICAgICAgICB9LAogICAgICAgICJleGNsdXNpdmVNYXhpbXVtIjogewogICAgICAgICAgICAidHlw
+ZSI6ICJib29sZWFuIiwKICAgICAgICAgICAgImRlZmF1bHQiOiBmYWxzZQogICAgICAgIH0sCiAgICAg
+ICAgIm1pbmltdW0iOiB7CiAgICAgICAgICAgICJ0eXBlIjogIm51bWJlciIKICAgICAgICB9LAogICAg
+ICAgICJleGNsdXNpdmVNaW5pbXVtIjogewogICAgICAgICAgICAidHlwZSI6ICJib29sZWFuIiwKICAg
+ICAgICAgICAgImRlZmF1bHQiOiBmYWxzZQogICAgICAgIH0sCiAgICAgICAgIm1heExlbmd0aCI6IHsg
+IiRyZWYiOiAiIy9kZWZpbml0aW9ucy9wb3NpdGl2ZUludGVnZXIiIH0sCiAgICAgICAgIm1pbkxlbmd0
+aCI6IHsgIiRyZWYiOiAiIy9kZWZpbml0aW9ucy9wb3NpdGl2ZUludGVnZXJEZWZhdWx0MCIgfSwKICAg
+ICAgICAicGF0dGVybiI6IHsKICAgICAgICAgICAgInR5cGUiOiAic3RyaW5nIiwKICAgICAgICAgICAg
+ImZvcm1hdCI6ICJyZWdleCIKICAgICAgICB9LAogICAgICAgICJhZGRpdGlvbmFsSXRlbXMiOiB7CiAg
+ICAgICAgICAgICJhbnlPZiI6IFsKICAgICAgICAgICAgICAgIHsgInR5cGUiOiAiYm9vbGVhbiIgfSwK
+ICAgICAgICAgICAgICAgIHsgIiRyZWYiOiAiIyIgfQogICAgICAgICAgICBdLAogICAgICAgICAgICAi
+ZGVmYXVsdCI6IHt9CiAgICAgICAgfSwKICAgICAgICAiaXRlbXMiOiB7CiAgICAgICAgICAgICJhbnlP
+ZiI6IFsKICAgICAgICAgICAgICAgIHsgIiRyZWYiOiAiIyIgfSwKICAgICAgICAgICAgICAgIHsgIiRy
+ZWYiOiAiIy9kZWZpbml0aW9ucy9zY2hlbWFBcnJheSIgfQogICAgICAgICAgICBdLAogICAgICAgICAg
+ICAiZGVmYXVsdCI6IHt9CiAgICAgICAgfSwKICAgICAgICAibWF4SXRlbXMiOiB7ICIkcmVmIjogIiMv
+ZGVmaW5pdGlvbnMvcG9zaXRpdmVJbnRlZ2VyIiB9LAogICAgICAgICJtaW5JdGVtcyI6IHsgIiRyZWYi
+OiAiIy9kZWZpbml0aW9ucy9wb3NpdGl2ZUludGVnZXJEZWZhdWx0MCIgfSwKICAgICAgICAidW5pcXVl
+SXRlbXMiOiB7CiAgICAgICAgICAgICJ0eXBlIjogImJvb2xlYW4iLAogICAgICAgICAgICAiZGVmYXVs
+dCI6IGZhbHNlCiAgICAgICAgfSwKICAgICAgICAibWF4UHJvcGVydGllcyI6IHsgIiRyZWYiOiAiIy9k
+ZWZpbml0aW9ucy9wb3NpdGl2ZUludGVnZXIiIH0sCiAgICAgICAgIm1pblByb3BlcnRpZXMiOiB7ICIk
+cmVmIjogIiMvZGVmaW5pdGlvbnMvcG9zaXRpdmVJbnRlZ2VyRGVmYXVsdDAiIH0sCiAgICAgICAgInJl
+cXVpcmVkIjogeyAiJHJlZiI6ICIjL2RlZmluaXRpb25zL3N0cmluZ0FycmF5IiB9LAogICAgICAgICJh
+ZGRpdGlvbmFsUHJvcGVydGllcyI6IHsKICAgICAgICAgICAgImFueU9mIjogWwogICAgICAgICAgICAg
+ICAgeyAidHlwZSI6ICJib29sZWFuIiB9LAogICAgICAgICAgICAgICAgeyAiJHJlZiI6ICIjIiB9CiAg
+ICAgICAgICAgIF0sCiAgICAgICAgICAgICJkZWZhdWx0Ijoge30KICAgICAgICB9LAogICAgICAgICJk
+ZWZpbml0aW9ucyI6IHsKICAgICAgICAgICAgInR5cGUiOiAib2JqZWN0IiwKICAgICAgICAgICAgImFk
+ZGl0aW9uYWxQcm9wZXJ0aWVzIjogeyAiJHJlZiI6ICIjIiB9LAogICAgICAgICAgICAiZGVmYXVsdCI6
+IHt9CiAgICAgICAgfSwKICAgICAgICAicHJvcGVydGllcyI6IHsKICAgICAgICAgICAgInR5cGUiOiAi
+b2JqZWN0IiwKICAgICAgICAgICAgImFkZGl0aW9uYWxQcm9wZXJ0aWVzIjogeyAiJHJlZiI6ICIjIiB9
+LAogICAgICAgICAgICAiZGVmYXVsdCI6IHt9CiAgICAgICAgfSwKICAgICAgICAicGF0dGVyblByb3Bl
+cnRpZXMiOiB7CiAgICAgICAgICAgICJ0eXBlIjogIm9iamVjdCIsCiAgICAgICAgICAgICJhZGRpdGlv
+bmFsUHJvcGVydGllcyI6IHsgIiRyZWYiOiAiIyIgfSwKICAgICAgICAgICAgImRlZmF1bHQiOiB7fQog
+ICAgICAgIH0sCiAgICAgICAgImRlcGVuZGVuY2llcyI6IHsKICAgICAgICAgICAgInR5cGUiOiAib2Jq
+ZWN0IiwKICAgICAgICAgICAgImFkZGl0aW9uYWxQcm9wZXJ0aWVzIjogewogICAgICAgICAgICAgICAg
+ImFueU9mIjogWwogICAgICAgICAgICAgICAgICAgIHsgIiRyZWYiOiAiIyIgfSwKICAgICAgICAgICAg
+ICAgICAgICB7ICIkcmVmIjogIiMvZGVmaW5pdGlvbnMvc3RyaW5nQXJyYXkiIH0KICAgICAgICAgICAg
+ICAgIF0KICAgICAgICAgICAgfQogICAgICAgIH0sCiAgICAgICAgImVudW0iOiB7CiAgICAgICAgICAg
+ICJ0eXBlIjogImFycmF5IiwKICAgICAgICAgICAgIm1pbkl0ZW1zIjogMSwKICAgICAgICAgICAgInVu
+aXF1ZUl0ZW1zIjogdHJ1ZQogICAgICAgIH0sCiAgICAgICAgInR5cGUiOiB7CiAgICAgICAgICAgICJh
+bnlPZiI6IFsKICAgICAgICAgICAgICAgIHsgIiRyZWYiOiAiIy9kZWZpbml0aW9ucy9zaW1wbGVUeXBl
+cyIgfSwKICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICAidHlwZSI6ICJhcnJheSIs
+CiAgICAgICAgICAgICAgICAgICAgIml0ZW1zIjogeyAiJHJlZiI6ICIjL2RlZmluaXRpb25zL3NpbXBs
+ZVR5cGVzIiB9LAogICAgICAgICAgICAgICAgICAgICJtaW5JdGVtcyI6IDEsCiAgICAgICAgICAgICAg
+ICAgICAgInVuaXF1ZUl0ZW1zIjogdHJ1ZQogICAgICAgICAgICAgICAgfQogICAgICAgICAgICBdCiAg
+ICAgICAgfSwKICAgICAgICAiYWxsT2YiOiB7ICIkcmVmIjogIiMvZGVmaW5pdGlvbnMvc2NoZW1hQXJy
+YXkiIH0sCiAgICAgICAgImFueU9mIjogeyAiJHJlZiI6ICIjL2RlZmluaXRpb25zL3NjaGVtYUFycmF5
+IiB9LAogICAgICAgICJvbmVPZiI6IHsgIiRyZWYiOiAiIy9kZWZpbml0aW9ucy9zY2hlbWFBcnJheSIg
+fSwKICAgICAgICAibm90IjogeyAiJHJlZiI6ICIjIiB9CiAgICB9LAogICAgImRlcGVuZGVuY2llcyI6
+IHsKICAgICAgICAiZXhjbHVzaXZlTWF4aW11bSI6IFsgIm1heGltdW0iIF0sCiAgICAgICAgImV4Y2x1
+c2l2ZU1pbmltdW0iOiBbICJtaW5pbXVtIiBdCiAgICB9LAogICAgImRlZmF1bHQiOiB7fQp9Cg==`)}
diff --git a/vendor/github.com/google/gnostic-models/jsonschema/display.go b/vendor/github.com/google/gnostic-models/jsonschema/display.go
new file mode 100644
index 000000000..028a760a9
--- /dev/null
+++ b/vendor/github.com/google/gnostic-models/jsonschema/display.go
@@ -0,0 +1,229 @@
+// Copyright 2017 Google LLC. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package jsonschema
+
+import (
+	"fmt"
+	"strings"
+)
+
+//
+// DISPLAY
+// The following methods display Schemas.
+//
+
+// Description returns a string representation of a string or string array.
+func (s *StringOrStringArray) Description() string {
+	if s.String != nil {
+		return *s.String
+	}
+	if s.StringArray != nil {
+		return strings.Join(*s.StringArray, ", ")
+	}
+	return ""
+}
+
+// Returns a string representation of a Schema.
+func (schema *Schema) String() string {
+	return schema.describeSchema("")
+}
+
+// Helper: Returns a string representation of a Schema indented by a specified string.
+func (schema *Schema) describeSchema(indent string) string {
+	result := ""
+	if schema.Schema != nil {
+		result += indent + "$schema: " + *(schema.Schema) + "\n"
+	}
+	if schema.ID != nil {
+		result += indent + "id: " + *(schema.ID) + "\n"
+	}
+	if schema.MultipleOf != nil {
+		result += indent + fmt.Sprintf("multipleOf: %+v\n", *(schema.MultipleOf))
+	}
+	if schema.Maximum != nil {
+		result += indent + fmt.Sprintf("maximum: %+v\n", *(schema.Maximum))
+	}
+	if schema.ExclusiveMaximum != nil {
+		result += indent + fmt.Sprintf("exclusiveMaximum: %+v\n", *(schema.ExclusiveMaximum))
+	}
+	if schema.Minimum != nil {
+		result += indent + fmt.Sprintf("minimum: %+v\n", *(schema.Minimum))
+	}
+	if schema.ExclusiveMinimum != nil {
+		result += indent + fmt.Sprintf("exclusiveMinimum: %+v\n", *(schema.ExclusiveMinimum))
+	}
+	if schema.MaxLength != nil {
+		result += indent + fmt.Sprintf("maxLength: %+v\n", *(schema.MaxLength))
+	}
+	if schema.MinLength != nil {
+		result += indent + fmt.Sprintf("minLength: %+v\n", *(schema.MinLength))
+	}
+	if schema.Pattern != nil {
+		result += indent + fmt.Sprintf("pattern: %+v\n", *(schema.Pattern))
+	}
+	if schema.AdditionalItems != nil {
+		s := schema.AdditionalItems.Schema
+		if s != nil {
+			result += indent + "additionalItems:\n"
+			result += s.describeSchema(indent + "  ")
+		} else {
+			b := *(schema.AdditionalItems.Boolean)
+			result += indent + fmt.Sprintf("additionalItems: %+v\n", b)
+		}
+	}
+	if schema.Items != nil {
+		result += indent + "items:\n"
+		items := schema.Items
+		if items.SchemaArray != nil {
+			for i, s := range *(items.SchemaArray) {
+				result += indent + "  " + fmt.Sprintf("%d", i) + ":\n"
+				result += s.describeSchema(indent + "  " + "  ")
+			}
+		} else if items.Schema != nil {
+			result += items.Schema.describeSchema(indent + "  " + "  ")
+		}
+	}
+	if schema.MaxItems != nil {
+		result += indent + fmt.Sprintf("maxItems: %+v\n", *(schema.MaxItems))
+	}
+	if schema.MinItems != nil {
+		result += indent + fmt.Sprintf("minItems: %+v\n", *(schema.MinItems))
+	}
+	if schema.UniqueItems != nil {
+		result += indent + fmt.Sprintf("uniqueItems: %+v\n", *(schema.UniqueItems))
+	}
+	if schema.MaxProperties != nil {
+		result += indent + fmt.Sprintf("maxProperties: %+v\n", *(schema.MaxProperties))
+	}
+	if schema.MinProperties != nil {
+		result += indent + fmt.Sprintf("minProperties: %+v\n", *(schema.MinProperties))
+	}
+	if schema.Required != nil {
+		result += indent + fmt.Sprintf("required: %+v\n", *(schema.Required))
+	}
+	if schema.AdditionalProperties != nil {
+		s := schema.AdditionalProperties.Schema
+		if s != nil {
+			result += indent + "additionalProperties:\n"
+			result += s.describeSchema(indent + "  ")
+		} else {
+			b := *(schema.AdditionalProperties.Boolean)
+			result += indent + fmt.Sprintf("additionalProperties: %+v\n", b)
+		}
+	}
+	if schema.Properties != nil {
+		result += indent + "properties:\n"
+		for _, pair := range *(schema.Properties) {
+			name := pair.Name
+			s := pair.Value
+			result += indent + "  " + name + ":\n"
+			result += s.describeSchema(indent + "  " + "  ")
+		}
+	}
+	if schema.PatternProperties != nil {
+		result += indent + "patternProperties:\n"
+		for _, pair := range *(schema.PatternProperties) {
+			name := pair.Name
+			s := pair.Value
+			result += indent + "  " + name + ":\n"
+			result += s.describeSchema(indent + "  " + "  ")
+		}
+	}
+	if schema.Dependencies != nil {
+		result += indent + "dependencies:\n"
+		for _, pair := range *(schema.Dependencies) {
+			name := pair.Name
+			schemaOrStringArray := pair.Value
+			s := schemaOrStringArray.Schema
+			if s != nil {
+				result += indent + "  " + name + ":\n"
+				result += s.describeSchema(indent + "  " + "  ")
+			} else {
+				a := schemaOrStringArray.StringArray
+				if a != nil {
+					result += indent + "  " + name + ":\n"
+					for _, s2 := range *a {
+						result += indent + "  " + "  " + s2 + "\n"
+					}
+				}
+			}
+
+		}
+	}
+	if schema.Enumeration != nil {
+		result += indent + "enumeration:\n"
+		for _, value := range *(schema.Enumeration) {
+			if value.String != nil {
+				result += indent + "  " + fmt.Sprintf("%+v\n", *value.String)
+			} else {
+				result += indent + "  " + fmt.Sprintf("%+v\n", *value.Bool)
+			}
+		}
+	}
+	if schema.Type != nil {
+		result += indent + fmt.Sprintf("type: %+v\n", schema.Type.Description())
+	}
+	if schema.AllOf != nil {
+		result += indent + "allOf:\n"
+		for _, s := range *(schema.AllOf) {
+			result += s.describeSchema(indent + "  ")
+			result += indent + "-\n"
+		}
+	}
+	if schema.AnyOf != nil {
+		result += indent + "anyOf:\n"
+		for _, s := range *(schema.AnyOf) {
+			result += s.describeSchema(indent + "  ")
+			result += indent + "-\n"
+		}
+	}
+	if schema.OneOf != nil {
+		result += indent + "oneOf:\n"
+		for _, s := range *(schema.OneOf) {
+			result += s.describeSchema(indent + "  ")
+			result += indent + "-\n"
+		}
+	}
+	if schema.Not != nil {
+		result += indent + "not:\n"
+		result += schema.Not.describeSchema(indent + "  ")
+	}
+	if schema.Definitions != nil {
+		result += indent + "definitions:\n"
+		for _, pair := range *(schema.Definitions) {
+			name := pair.Name
+			s := pair.Value
+			result += indent + "  " + name + ":\n"
+			result += s.describeSchema(indent + "  " + "  ")
+		}
+	}
+	if schema.Title != nil {
+		result += indent + "title: " + *(schema.Title) + "\n"
+	}
+	if schema.Description != nil {
+		result += indent + "description: " + *(schema.Description) + "\n"
+	}
+	if schema.Default != nil {
+		result += indent + "default:\n"
+		result += indent + fmt.Sprintf("  %+v\n", *(schema.Default))
+	}
+	if schema.Format != nil {
+		result += indent + "format: " + *(schema.Format) + "\n"
+	}
+	if schema.Ref != nil {
+		result += indent + "$ref: " + *(schema.Ref) + "\n"
+	}
+	return result
+}
diff --git a/vendor/github.com/google/gnostic-models/jsonschema/models.go b/vendor/github.com/google/gnostic-models/jsonschema/models.go
new file mode 100644
index 000000000..4781bdc5f
--- /dev/null
+++ b/vendor/github.com/google/gnostic-models/jsonschema/models.go
@@ -0,0 +1,228 @@
+// Copyright 2017 Google LLC. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Package jsonschema supports the reading, writing, and manipulation
+// of JSON Schemas.
+package jsonschema
+
+import "gopkg.in/yaml.v3"
+
+// The Schema struct models a JSON Schema and, because schemas are
+// defined hierarchically, contains many references to itself.
+// All fields are pointers and are nil if the associated values
+// are not specified.
+type Schema struct {
+	Schema *string // $schema
+	ID     *string // id keyword used for $ref resolution scope
+	Ref    *string // $ref, i.e. JSON Pointers
+
+	// http://json-schema.org/latest/json-schema-validation.html
+	// 5.1.  Validation keywords for numeric instances (number and integer)
+	MultipleOf       *SchemaNumber
+	Maximum          *SchemaNumber
+	ExclusiveMaximum *bool
+	Minimum          *SchemaNumber
+	ExclusiveMinimum *bool
+
+	// 5.2.  Validation keywords for strings
+	MaxLength *int64
+	MinLength *int64
+	Pattern   *string
+
+	// 5.3.  Validation keywords for arrays
+	AdditionalItems *SchemaOrBoolean
+	Items           *SchemaOrSchemaArray
+	MaxItems        *int64
+	MinItems        *int64
+	UniqueItems     *bool
+
+	// 5.4.  Validation keywords for objects
+	MaxProperties        *int64
+	MinProperties        *int64
+	Required             *[]string
+	AdditionalProperties *SchemaOrBoolean
+	Properties           *[]*NamedSchema
+	PatternProperties    *[]*NamedSchema
+	Dependencies         *[]*NamedSchemaOrStringArray
+
+	// 5.5.  Validation keywords for any instance type
+	Enumeration *[]SchemaEnumValue
+	Type        *StringOrStringArray
+	AllOf       *[]*Schema
+	AnyOf       *[]*Schema
+	OneOf       *[]*Schema
+	Not         *Schema
+	Definitions *[]*NamedSchema
+
+	// 6.  Metadata keywords
+	Title       *string
+	Description *string
+	Default     *yaml.Node
+
+	// 7.  Semantic validation with "format"
+	Format *string
+}
+
+// These helper structs represent "combination" types that generally can
+// have values of one type or another. All are used to represent parts
+// of Schemas.
+
+// SchemaNumber represents a value that can be either an Integer or a Float.
+type SchemaNumber struct {
+	Integer *int64
+	Float   *float64
+}
+
+// NewSchemaNumberWithInteger creates and returns a new object
+func NewSchemaNumberWithInteger(i int64) *SchemaNumber {
+	result := &SchemaNumber{}
+	result.Integer = &i
+	return result
+}
+
+// NewSchemaNumberWithFloat creates and returns a new object
+func NewSchemaNumberWithFloat(f float64) *SchemaNumber {
+	result := &SchemaNumber{}
+	result.Float = &f
+	return result
+}
+
+// SchemaOrBoolean represents a value that can be either a Schema or a Boolean.
+type SchemaOrBoolean struct {
+	Schema  *Schema
+	Boolean *bool
+}
+
+// NewSchemaOrBooleanWithSchema creates and returns a new object
+func NewSchemaOrBooleanWithSchema(s *Schema) *SchemaOrBoolean {
+	result := &SchemaOrBoolean{}
+	result.Schema = s
+	return result
+}
+
+// NewSchemaOrBooleanWithBoolean creates and returns a new object
+func NewSchemaOrBooleanWithBoolean(b bool) *SchemaOrBoolean {
+	result := &SchemaOrBoolean{}
+	result.Boolean = &b
+	return result
+}
+
+// StringOrStringArray represents a value that can be either
+// a String or an Array of Strings.
+type StringOrStringArray struct {
+	String      *string
+	StringArray *[]string
+}
+
+// NewStringOrStringArrayWithString creates and returns a new object
+func NewStringOrStringArrayWithString(s string) *StringOrStringArray {
+	result := &StringOrStringArray{}
+	result.String = &s
+	return result
+}
+
+// NewStringOrStringArrayWithStringArray creates and returns a new object
+func NewStringOrStringArrayWithStringArray(a []string) *StringOrStringArray {
+	result := &StringOrStringArray{}
+	result.StringArray = &a
+	return result
+}
+
+// SchemaOrStringArray represents a value that can be either
+// a Schema or an Array of Strings.
+type SchemaOrStringArray struct {
+	Schema      *Schema
+	StringArray *[]string
+}
+
+// SchemaOrSchemaArray represents a value that can be either
+// a Schema or an Array of Schemas.
+type SchemaOrSchemaArray struct {
+	Schema      *Schema
+	SchemaArray *[]*Schema
+}
+
+// NewSchemaOrSchemaArrayWithSchema creates and returns a new object
+func NewSchemaOrSchemaArrayWithSchema(s *Schema) *SchemaOrSchemaArray {
+	result := &SchemaOrSchemaArray{}
+	result.Schema = s
+	return result
+}
+
+// NewSchemaOrSchemaArrayWithSchemaArray creates and returns a new object
+func NewSchemaOrSchemaArrayWithSchemaArray(a []*Schema) *SchemaOrSchemaArray {
+	result := &SchemaOrSchemaArray{}
+	result.SchemaArray = &a
+	return result
+}
+
+// SchemaEnumValue represents a value that can be part of an
+// enumeration in a Schema.
+type SchemaEnumValue struct {
+	String *string
+	Bool   *bool
+}
+
+// NamedSchema is a name-value pair that is used to emulate maps
+// with ordered keys.
+type NamedSchema struct {
+	Name  string
+	Value *Schema
+}
+
+// NewNamedSchema creates and returns a new object
+func NewNamedSchema(name string, value *Schema) *NamedSchema {
+	return &NamedSchema{Name: name, Value: value}
+}
+
+// NamedSchemaOrStringArray is a name-value pair that is used
+// to emulate maps with ordered keys.
+type NamedSchemaOrStringArray struct {
+	Name  string
+	Value *SchemaOrStringArray
+}
+
+// Access named subschemas by name
+
+func namedSchemaArrayElementWithName(array *[]*NamedSchema, name string) *Schema {
+	if array == nil {
+		return nil
+	}
+	for _, pair := range *array {
+		if pair.Name == name {
+			return pair.Value
+		}
+	}
+	return nil
+}
+
+// PropertyWithName returns the selected element.
+func (s *Schema) PropertyWithName(name string) *Schema {
+	return namedSchemaArrayElementWithName(s.Properties, name)
+}
+
+// PatternPropertyWithName returns the selected element.
+func (s *Schema) PatternPropertyWithName(name string) *Schema {
+	return namedSchemaArrayElementWithName(s.PatternProperties, name)
+}
+
+// DefinitionWithName returns the selected element.
+func (s *Schema) DefinitionWithName(name string) *Schema {
+	return namedSchemaArrayElementWithName(s.Definitions, name)
+}
+
+// AddProperty adds a named property.
+func (s *Schema) AddProperty(name string, property *Schema) {
+	*s.Properties = append(*s.Properties, NewNamedSchema(name, property))
+}
diff --git a/vendor/github.com/google/gnostic-models/jsonschema/operations.go b/vendor/github.com/google/gnostic-models/jsonschema/operations.go
new file mode 100644
index 000000000..ba8dd4a91
--- /dev/null
+++ b/vendor/github.com/google/gnostic-models/jsonschema/operations.go
@@ -0,0 +1,394 @@
+// Copyright 2017 Google LLC. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package jsonschema
+
+import (
+	"fmt"
+	"log"
+	"strings"
+)
+
+//
+// OPERATIONS
+// The following methods perform operations on Schemas.
+//
+
+// IsEmpty returns true if no members of the Schema are specified.
+func (schema *Schema) IsEmpty() bool {
+	return (schema.Schema == nil) &&
+		(schema.ID == nil) &&
+		(schema.MultipleOf == nil) &&
+		(schema.Maximum == nil) &&
+		(schema.ExclusiveMaximum == nil) &&
+		(schema.Minimum == nil) &&
+		(schema.ExclusiveMinimum == nil) &&
+		(schema.MaxLength == nil) &&
+		(schema.MinLength == nil) &&
+		(schema.Pattern == nil) &&
+		(schema.AdditionalItems == nil) &&
+		(schema.Items == nil) &&
+		(schema.MaxItems == nil) &&
+		(schema.MinItems == nil) &&
+		(schema.UniqueItems == nil) &&
+		(schema.MaxProperties == nil) &&
+		(schema.MinProperties == nil) &&
+		(schema.Required == nil) &&
+		(schema.AdditionalProperties == nil) &&
+		(schema.Properties == nil) &&
+		(schema.PatternProperties == nil) &&
+		(schema.Dependencies == nil) &&
+		(schema.Enumeration == nil) &&
+		(schema.Type == nil) &&
+		(schema.AllOf == nil) &&
+		(schema.AnyOf == nil) &&
+		(schema.OneOf == nil) &&
+		(schema.Not == nil) &&
+		(schema.Definitions == nil) &&
+		(schema.Title == nil) &&
+		(schema.Description == nil) &&
+		(schema.Default == nil) &&
+		(schema.Format == nil) &&
+		(schema.Ref == nil)
+}
+
+// IsEqual returns true if two schemas are equal.
+func (schema *Schema) IsEqual(schema2 *Schema) bool {
+	return schema.String() == schema2.String()
+}
+
+// SchemaOperation represents a function that can be applied to a Schema.
+type SchemaOperation func(schema *Schema, context string)
+
+// Applies a specified function to a Schema and all of the Schemas that it contains.
+func (schema *Schema) applyToSchemas(operation SchemaOperation, context string) {
+
+	if schema.AdditionalItems != nil {
+		s := schema.AdditionalItems.Schema
+		if s != nil {
+			s.applyToSchemas(operation, "AdditionalItems")
+		}
+	}
+
+	if schema.Items != nil {
+		if schema.Items.SchemaArray != nil {
+			for _, s := range *(schema.Items.SchemaArray) {
+				s.applyToSchemas(operation, "Items.SchemaArray")
+			}
+		} else if schema.Items.Schema != nil {
+			schema.Items.Schema.applyToSchemas(operation, "Items.Schema")
+		}
+	}
+
+	if schema.AdditionalProperties != nil {
+		s := schema.AdditionalProperties.Schema
+		if s != nil {
+			s.applyToSchemas(operation, "AdditionalProperties")
+		}
+	}
+
+	if schema.Properties != nil {
+		for _, pair := range *(schema.Properties) {
+			s := pair.Value
+			s.applyToSchemas(operation, "Properties")
+		}
+	}
+	if schema.PatternProperties != nil {
+		for _, pair := range *(schema.PatternProperties) {
+			s := pair.Value
+			s.applyToSchemas(operation, "PatternProperties")
+		}
+	}
+
+	if schema.Dependencies != nil {
+		for _, pair := range *(schema.Dependencies) {
+			schemaOrStringArray := pair.Value
+			s := schemaOrStringArray.Schema
+			if s != nil {
+				s.applyToSchemas(operation, "Dependencies")
+			}
+		}
+	}
+
+	if schema.AllOf != nil {
+		for _, s := range *(schema.AllOf) {
+			s.applyToSchemas(operation, "AllOf")
+		}
+	}
+	if schema.AnyOf != nil {
+		for _, s := range *(schema.AnyOf) {
+			s.applyToSchemas(operation, "AnyOf")
+		}
+	}
+	if schema.OneOf != nil {
+		for _, s := range *(schema.OneOf) {
+			s.applyToSchemas(operation, "OneOf")
+		}
+	}
+	if schema.Not != nil {
+		schema.Not.applyToSchemas(operation, "Not")
+	}
+
+	if schema.Definitions != nil {
+		for _, pair := range *(schema.Definitions) {
+			s := pair.Value
+			s.applyToSchemas(operation, "Definitions")
+		}
+	}
+
+	operation(schema, context)
+}
+
+// CopyProperties copies all non-nil properties from the source Schema to the schema Schema.
+func (schema *Schema) CopyProperties(source *Schema) {
+	if source.Schema != nil {
+		schema.Schema = source.Schema
+	}
+	if source.ID != nil {
+		schema.ID = source.ID
+	}
+	if source.MultipleOf != nil {
+		schema.MultipleOf = source.MultipleOf
+	}
+	if source.Maximum != nil {
+		schema.Maximum = source.Maximum
+	}
+	if source.ExclusiveMaximum != nil {
+		schema.ExclusiveMaximum = source.ExclusiveMaximum
+	}
+	if source.Minimum != nil {
+		schema.Minimum = source.Minimum
+	}
+	if source.ExclusiveMinimum != nil {
+		schema.ExclusiveMinimum = source.ExclusiveMinimum
+	}
+	if source.MaxLength != nil {
+		schema.MaxLength = source.MaxLength
+	}
+	if source.MinLength != nil {
+		schema.MinLength = source.MinLength
+	}
+	if source.Pattern != nil {
+		schema.Pattern = source.Pattern
+	}
+	if source.AdditionalItems != nil {
+		schema.AdditionalItems = source.AdditionalItems
+	}
+	if source.Items != nil {
+		schema.Items = source.Items
+	}
+	if source.MaxItems != nil {
+		schema.MaxItems = source.MaxItems
+	}
+	if source.MinItems != nil {
+		schema.MinItems = source.MinItems
+	}
+	if source.UniqueItems != nil {
+		schema.UniqueItems = source.UniqueItems
+	}
+	if source.MaxProperties != nil {
+		schema.MaxProperties = source.MaxProperties
+	}
+	if source.MinProperties != nil {
+		schema.MinProperties = source.MinProperties
+	}
+	if source.Required != nil {
+		schema.Required = source.Required
+	}
+	if source.AdditionalProperties != nil {
+		schema.AdditionalProperties = source.AdditionalProperties
+	}
+	if source.Properties != nil {
+		schema.Properties = source.Properties
+	}
+	if source.PatternProperties != nil {
+		schema.PatternProperties = source.PatternProperties
+	}
+	if source.Dependencies != nil {
+		schema.Dependencies = source.Dependencies
+	}
+	if source.Enumeration != nil {
+		schema.Enumeration = source.Enumeration
+	}
+	if source.Type != nil {
+		schema.Type = source.Type
+	}
+	if source.AllOf != nil {
+		schema.AllOf = source.AllOf
+	}
+	if source.AnyOf != nil {
+		schema.AnyOf = source.AnyOf
+	}
+	if source.OneOf != nil {
+		schema.OneOf = source.OneOf
+	}
+	if source.Not != nil {
+		schema.Not = source.Not
+	}
+	if source.Definitions != nil {
+		schema.Definitions = source.Definitions
+	}
+	if source.Title != nil {
+		schema.Title = source.Title
+	}
+	if source.Description != nil {
+		schema.Description = source.Description
+	}
+	if source.Default != nil {
+		schema.Default = source.Default
+	}
+	if source.Format != nil {
+		schema.Format = source.Format
+	}
+	if source.Ref != nil {
+		schema.Ref = source.Ref
+	}
+}
+
+// TypeIs returns true if the Type of a Schema includes the specified type
+func (schema *Schema) TypeIs(typeName string) bool {
+	if schema.Type != nil {
+		// the schema Type is either a string or an array of strings
+		if schema.Type.String != nil {
+			return (*(schema.Type.String) == typeName)
+		} else if schema.Type.StringArray != nil {
+			for _, n := range *(schema.Type.StringArray) {
+				if n == typeName {
+					return true
+				}
+			}
+		}
+	}
+	return false
+}
+
+// ResolveRefs resolves "$ref" elements in a Schema and its children.
+// But if a reference refers to an object type, is inside a oneOf, or contains a oneOf,
+// the reference is kept and we expect downstream tools to separately model these
+// referenced schemas.
+func (schema *Schema) ResolveRefs() {
+	rootSchema := schema
+	count := 1
+	for count > 0 {
+		count = 0
+		schema.applyToSchemas(
+			func(schema *Schema, context string) {
+				if schema.Ref != nil {
+					resolvedRef, err := rootSchema.resolveJSONPointer(*(schema.Ref))
+					if err != nil {
+						log.Printf("%+v", err)
+					} else if resolvedRef.TypeIs("object") {
+						// don't substitute for objects, we'll model the referenced schema with a class
+					} else if context == "OneOf" {
+						// don't substitute for references inside oneOf declarations
+					} else if resolvedRef.OneOf != nil {
+						// don't substitute for references that contain oneOf declarations
+					} else if resolvedRef.AdditionalProperties != nil {
+						// don't substitute for references that look like objects
+					} else {
+						schema.Ref = nil
+						schema.CopyProperties(resolvedRef)
+						count++
+					}
+				}
+			}, "")
+	}
+}
+
+// resolveJSONPointer resolves JSON pointers.
+// This current implementation is very crude and custom for OpenAPI 2.0 schemas.
+// It panics for any pointer that it is unable to resolve.
+func (schema *Schema) resolveJSONPointer(ref string) (result *Schema, err error) {
+	parts := strings.Split(ref, "#")
+	if len(parts) == 2 {
+		documentName := parts[0] + "#"
+		if documentName == "#" && schema.ID != nil {
+			documentName = *(schema.ID)
+		}
+		path := parts[1]
+		document := schemas[documentName]
+		pathParts := strings.Split(path, "/")
+
+		// we currently do a very limited (hard-coded) resolution of certain paths and log errors for missed cases
+		if len(pathParts) == 1 {
+			return document, nil
+		} else if len(pathParts) == 3 {
+			switch pathParts[1] {
+			case "definitions":
+				dictionary := document.Definitions
+				for _, pair := range *dictionary {
+					if pair.Name == pathParts[2] {
+						result = pair.Value
+					}
+				}
+			case "properties":
+				dictionary := document.Properties
+				for _, pair := range *dictionary {
+					if pair.Name == pathParts[2] {
+						result = pair.Value
+					}
+				}
+			default:
+				break
+			}
+		}
+	}
+	if result == nil {
+		return nil, fmt.Errorf("unresolved pointer: %+v", ref)
+	}
+	return result, nil
+}
+
+// ResolveAllOfs replaces "allOf" elements by merging their properties into the parent Schema.
+func (schema *Schema) ResolveAllOfs() {
+	schema.applyToSchemas(
+		func(schema *Schema, context string) {
+			if schema.AllOf != nil {
+				for _, allOf := range *(schema.AllOf) {
+					schema.CopyProperties(allOf)
+				}
+				schema.AllOf = nil
+			}
+		}, "resolveAllOfs")
+}
+
+// ResolveAnyOfs replaces all "anyOf" elements with "oneOf".
+func (schema *Schema) ResolveAnyOfs() {
+	schema.applyToSchemas(
+		func(schema *Schema, context string) {
+			if schema.AnyOf != nil {
+				schema.OneOf = schema.AnyOf
+				schema.AnyOf = nil
+			}
+		}, "resolveAnyOfs")
+}
+
+// return a pointer to a copy of a passed-in string
+func stringptr(input string) (output *string) {
+	return &input
+}
+
+// CopyOfficialSchemaProperty copies a named property from the official JSON Schema definition
+func (schema *Schema) CopyOfficialSchemaProperty(name string) {
+	*schema.Properties = append(*schema.Properties,
+		NewNamedSchema(name,
+			&Schema{Ref: stringptr("http://json-schema.org/draft-04/schema#/properties/" + name)}))
+}
+
+// CopyOfficialSchemaProperties copies named properties from the official JSON Schema definition
+func (schema *Schema) CopyOfficialSchemaProperties(names []string) {
+	for _, name := range names {
+		schema.CopyOfficialSchemaProperty(name)
+	}
+}
diff --git a/vendor/github.com/google/gnostic-models/jsonschema/reader.go b/vendor/github.com/google/gnostic-models/jsonschema/reader.go
new file mode 100644
index 000000000..b8583d466
--- /dev/null
+++ b/vendor/github.com/google/gnostic-models/jsonschema/reader.go
@@ -0,0 +1,442 @@
+// Copyright 2017 Google LLC. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+//go:generate go run generate-base.go
+
+package jsonschema
+
+import (
+	"fmt"
+	"io/ioutil"
+	"strconv"
+
+	"gopkg.in/yaml.v3"
+)
+
+// This is a global map of all known Schemas.
+// It is initialized when the first Schema is created and inserted.
+var schemas map[string]*Schema
+
+// NewBaseSchema builds a schema object from an embedded json representation.
+func NewBaseSchema() (schema *Schema, err error) {
+	b, err := baseSchemaBytes()
+	if err != nil {
+		return nil, err
+	}
+	var node yaml.Node
+	err = yaml.Unmarshal(b, &node)
+	if err != nil {
+		return nil, err
+	}
+	return NewSchemaFromObject(&node), nil
+}
+
+// NewSchemaFromFile reads a schema from a file.
+// Currently this assumes that schemas are stored in the source distribution of this project.
+func NewSchemaFromFile(filename string) (schema *Schema, err error) {
+	file, err := ioutil.ReadFile(filename)
+	if err != nil {
+		return nil, err
+	}
+	var node yaml.Node
+	err = yaml.Unmarshal(file, &node)
+	if err != nil {
+		return nil, err
+	}
+	return NewSchemaFromObject(&node), nil
+}
+
+// NewSchemaFromObject constructs a schema from a parsed JSON object.
+// Due to the complexity of the schema representation, this is a
+// custom reader and not the standard Go JSON reader (encoding/json).
+func NewSchemaFromObject(jsonData *yaml.Node) *Schema {
+	switch jsonData.Kind {
+	case yaml.DocumentNode:
+		return NewSchemaFromObject(jsonData.Content[0])
+	case yaml.MappingNode:
+		schema := &Schema{}
+
+		for i := 0; i < len(jsonData.Content); i += 2 {
+			k := jsonData.Content[i].Value
+			v := jsonData.Content[i+1]
+
+			switch k {
+			case "$schema":
+				schema.Schema = schema.stringValue(v)
+			case "id":
+				schema.ID = schema.stringValue(v)
+
+			case "multipleOf":
+				schema.MultipleOf = schema.numberValue(v)
+			case "maximum":
+				schema.Maximum = schema.numberValue(v)
+			case "exclusiveMaximum":
+				schema.ExclusiveMaximum = schema.boolValue(v)
+			case "minimum":
+				schema.Minimum = schema.numberValue(v)
+			case "exclusiveMinimum":
+				schema.ExclusiveMinimum = schema.boolValue(v)
+
+			case "maxLength":
+				schema.MaxLength = schema.intValue(v)
+			case "minLength":
+				schema.MinLength = schema.intValue(v)
+			case "pattern":
+				schema.Pattern = schema.stringValue(v)
+
+			case "additionalItems":
+				schema.AdditionalItems = schema.schemaOrBooleanValue(v)
+			case "items":
+				schema.Items = schema.schemaOrSchemaArrayValue(v)
+			case "maxItems":
+				schema.MaxItems = schema.intValue(v)
+			case "minItems":
+				schema.MinItems = schema.intValue(v)
+			case "uniqueItems":
+				schema.UniqueItems = schema.boolValue(v)
+
+			case "maxProperties":
+				schema.MaxProperties = schema.intValue(v)
+			case "minProperties":
+				schema.MinProperties = schema.intValue(v)
+			case "required":
+				schema.Required = schema.arrayOfStringsValue(v)
+			case "additionalProperties":
+				schema.AdditionalProperties = schema.schemaOrBooleanValue(v)
+			case "properties":
+				schema.Properties = schema.mapOfSchemasValue(v)
+			case "patternProperties":
+				schema.PatternProperties = schema.mapOfSchemasValue(v)
+			case "dependencies":
+				schema.Dependencies = schema.mapOfSchemasOrStringArraysValue(v)
+
+			case "enum":
+				schema.Enumeration = schema.arrayOfEnumValuesValue(v)
+
+			case "type":
+				schema.Type = schema.stringOrStringArrayValue(v)
+			case "allOf":
+				schema.AllOf = schema.arrayOfSchemasValue(v)
+			case "anyOf":
+				schema.AnyOf = schema.arrayOfSchemasValue(v)
+			case "oneOf":
+				schema.OneOf = schema.arrayOfSchemasValue(v)
+			case "not":
+				schema.Not = NewSchemaFromObject(v)
+			case "definitions":
+				schema.Definitions = schema.mapOfSchemasValue(v)
+
+			case "title":
+				schema.Title = schema.stringValue(v)
+			case "description":
+				schema.Description = schema.stringValue(v)
+
+			case "default":
+				schema.Default = v
+
+			case "format":
+				schema.Format = schema.stringValue(v)
+			case "$ref":
+				schema.Ref = schema.stringValue(v)
+			default:
+				fmt.Printf("UNSUPPORTED (%s)\n", k)
+			}
+		}
+
+		// insert schema in global map
+		if schema.ID != nil {
+			if schemas == nil {
+				schemas = make(map[string]*Schema, 0)
+			}
+			schemas[*(schema.ID)] = schema
+		}
+		return schema
+
+	default:
+		fmt.Printf("schemaValue: unexpected node %+v\n", jsonData)
+		return nil
+	}
+
+	return nil
+}
+
+//
+// BUILDERS
+// The following methods build elements of Schemas from interface{} values.
+// Each returns nil if it is unable to build the desired element.
+//
+
+// Gets the string value of an interface{} value if possible.
+func (schema *Schema) stringValue(v *yaml.Node) *string {
+	switch v.Kind {
+	case yaml.ScalarNode:
+		return &v.Value
+	default:
+		fmt.Printf("stringValue: unexpected node %+v\n", v)
+	}
+	return nil
+}
+
+// Gets the numeric value of an interface{} value if possible.
+func (schema *Schema) numberValue(v *yaml.Node) *SchemaNumber {
+	number := &SchemaNumber{}
+	switch v.Kind {
+	case yaml.ScalarNode:
+		switch v.Tag {
+		case "!!float":
+			v2, _ := strconv.ParseFloat(v.Value, 64)
+			number.Float = &v2
+			return number
+		case "!!int":
+			v2, _ := strconv.ParseInt(v.Value, 10, 64)
+			number.Integer = &v2
+			return number
+		default:
+			fmt.Printf("stringValue: unexpected node %+v\n", v)
+		}
+	default:
+		fmt.Printf("stringValue: unexpected node %+v\n", v)
+	}
+	return nil
+}
+
+// Gets the integer value of an interface{} value if possible.
+func (schema *Schema) intValue(v *yaml.Node) *int64 {
+	switch v.Kind {
+	case yaml.ScalarNode:
+		switch v.Tag {
+		case "!!float":
+			v2, _ := strconv.ParseFloat(v.Value, 64)
+			v3 := int64(v2)
+			return &v3
+		case "!!int":
+			v2, _ := strconv.ParseInt(v.Value, 10, 64)
+			return &v2
+		default:
+			fmt.Printf("intValue: unexpected node %+v\n", v)
+		}
+	default:
+		fmt.Printf("intValue: unexpected node %+v\n", v)
+	}
+	return nil
+}
+
+// Gets the bool value of an interface{} value if possible.
+func (schema *Schema) boolValue(v *yaml.Node) *bool {
+	switch v.Kind {
+	case yaml.ScalarNode:
+		switch v.Tag {
+		case "!!bool":
+			v2, _ := strconv.ParseBool(v.Value)
+			return &v2
+		default:
+			fmt.Printf("boolValue: unexpected node %+v\n", v)
+		}
+	default:
+		fmt.Printf("boolValue: unexpected node %+v\n", v)
+	}
+	return nil
+}
+
+// Gets a map of Schemas from an interface{} value if possible.
+func (schema *Schema) mapOfSchemasValue(v *yaml.Node) *[]*NamedSchema {
+	switch v.Kind {
+	case yaml.MappingNode:
+		m := make([]*NamedSchema, 0)
+		for i := 0; i < len(v.Content); i += 2 {
+			k2 := v.Content[i].Value
+			v2 := v.Content[i+1]
+			pair := &NamedSchema{Name: k2, Value: NewSchemaFromObject(v2)}
+			m = append(m, pair)
+		}
+		return &m
+	default:
+		fmt.Printf("mapOfSchemasValue: unexpected node %+v\n", v)
+	}
+	return nil
+}
+
+// Gets an array of Schemas from an interface{} value if possible.
+func (schema *Schema) arrayOfSchemasValue(v *yaml.Node) *[]*Schema {
+	switch v.Kind {
+	case yaml.SequenceNode:
+		m := make([]*Schema, 0)
+		for _, v2 := range v.Content {
+			switch v2.Kind {
+			case yaml.MappingNode:
+				s := NewSchemaFromObject(v2)
+				m = append(m, s)
+			default:
+				fmt.Printf("arrayOfSchemasValue: unexpected node %+v\n", v2)
+			}
+		}
+		return &m
+	case yaml.MappingNode:
+		m := make([]*Schema, 0)
+		s := NewSchemaFromObject(v)
+		m = append(m, s)
+		return &m
+	default:
+		fmt.Printf("arrayOfSchemasValue: unexpected node %+v\n", v)
+	}
+	return nil
+}
+
+// Gets a Schema or an array of Schemas from an interface{} value if possible.
+func (schema *Schema) schemaOrSchemaArrayValue(v *yaml.Node) *SchemaOrSchemaArray {
+	switch v.Kind {
+	case yaml.SequenceNode:
+		m := make([]*Schema, 0)
+		for _, v2 := range v.Content {
+			switch v2.Kind {
+			case yaml.MappingNode:
+				s := NewSchemaFromObject(v2)
+				m = append(m, s)
+			default:
+				fmt.Printf("schemaOrSchemaArrayValue: unexpected node %+v\n", v2)
+			}
+		}
+		return &SchemaOrSchemaArray{SchemaArray: &m}
+	case yaml.MappingNode:
+		s := NewSchemaFromObject(v)
+		return &SchemaOrSchemaArray{Schema: s}
+	default:
+		fmt.Printf("schemaOrSchemaArrayValue: unexpected node %+v\n", v)
+	}
+	return nil
+}
+
+// Gets an array of strings from an interface{} value if possible.
+func (schema *Schema) arrayOfStringsValue(v *yaml.Node) *[]string {
+	switch v.Kind {
+	case yaml.ScalarNode:
+		a := []string{v.Value}
+		return &a
+	case yaml.SequenceNode:
+		a := make([]string, 0)
+		for _, v2 := range v.Content {
+			switch v2.Kind {
+			case yaml.ScalarNode:
+				a = append(a, v2.Value)
+			default:
+				fmt.Printf("arrayOfStringsValue: unexpected node %+v\n", v2)
+			}
+		}
+		return &a
+	default:
+		fmt.Printf("arrayOfStringsValue: unexpected node %+v\n", v)
+	}
+	return nil
+}
+
+// Gets a string or an array of strings from an interface{} value if possible.
+func (schema *Schema) stringOrStringArrayValue(v *yaml.Node) *StringOrStringArray {
+	switch v.Kind {
+	case yaml.ScalarNode:
+		s := &StringOrStringArray{}
+		s.String = &v.Value
+		return s
+	case yaml.SequenceNode:
+		a := make([]string, 0)
+		for _, v2 := range v.Content {
+			switch v2.Kind {
+			case yaml.ScalarNode:
+				a = append(a, v2.Value)
+			default:
+				fmt.Printf("arrayOfStringsValue: unexpected node %+v\n", v2)
+			}
+		}
+		s := &StringOrStringArray{}
+		s.StringArray = &a
+		return s
+	default:
+		fmt.Printf("arrayOfStringsValue: unexpected node %+v\n", v)
+	}
+	return nil
+}
+
+// Gets an array of enum values from an interface{} value if possible.
+func (schema *Schema) arrayOfEnumValuesValue(v *yaml.Node) *[]SchemaEnumValue {
+	a := make([]SchemaEnumValue, 0)
+	switch v.Kind {
+	case yaml.SequenceNode:
+		for _, v2 := range v.Content {
+			switch v2.Kind {
+			case yaml.ScalarNode:
+				switch v2.Tag {
+				case "!!str":
+					a = append(a, SchemaEnumValue{String: &v2.Value})
+				case "!!bool":
+					v3, _ := strconv.ParseBool(v2.Value)
+					a = append(a, SchemaEnumValue{Bool: &v3})
+				default:
+					fmt.Printf("arrayOfEnumValuesValue: unexpected type %s\n", v2.Tag)
+				}
+			default:
+				fmt.Printf("arrayOfEnumValuesValue: unexpected node %+v\n", v2)
+			}
+		}
+	default:
+		fmt.Printf("arrayOfEnumValuesValue: unexpected node %+v\n", v)
+	}
+	return &a
+}
+
+// Gets a map of schemas or string arrays from an interface{} value if possible.
+func (schema *Schema) mapOfSchemasOrStringArraysValue(v *yaml.Node) *[]*NamedSchemaOrStringArray {
+	m := make([]*NamedSchemaOrStringArray, 0)
+	switch v.Kind {
+	case yaml.MappingNode:
+		for i := 0; i < len(v.Content); i += 2 {
+			k2 := v.Content[i].Value
+			v2 := v.Content[i+1]
+			switch v2.Kind {
+			case yaml.SequenceNode:
+				a := make([]string, 0)
+				for _, v3 := range v2.Content {
+					switch v3.Kind {
+					case yaml.ScalarNode:
+						a = append(a, v3.Value)
+					default:
+						fmt.Printf("mapOfSchemasOrStringArraysValue: unexpected node %+v\n", v3)
+					}
+				}
+				s := &SchemaOrStringArray{}
+				s.StringArray = &a
+				pair := &NamedSchemaOrStringArray{Name: k2, Value: s}
+				m = append(m, pair)
+			default:
+				fmt.Printf("mapOfSchemasOrStringArraysValue: unexpected node %+v\n", v2)
+			}
+		}
+	default:
+		fmt.Printf("mapOfSchemasOrStringArraysValue: unexpected node %+v\n", v)
+	}
+	return &m
+}
+
+// Gets a schema or a boolean value from an interface{} value if possible.
+func (schema *Schema) schemaOrBooleanValue(v *yaml.Node) *SchemaOrBoolean {
+	schemaOrBoolean := &SchemaOrBoolean{}
+	switch v.Kind {
+	case yaml.ScalarNode:
+		v2, _ := strconv.ParseBool(v.Value)
+		schemaOrBoolean.Boolean = &v2
+	case yaml.MappingNode:
+		schemaOrBoolean.Schema = NewSchemaFromObject(v)
+	default:
+		fmt.Printf("schemaOrBooleanValue: unexpected node %+v\n", v)
+	}
+	return schemaOrBoolean
+}
diff --git a/vendor/github.com/google/gnostic-models/jsonschema/schema.json b/vendor/github.com/google/gnostic-models/jsonschema/schema.json
new file mode 100644
index 000000000..85eb502a6
--- /dev/null
+++ b/vendor/github.com/google/gnostic-models/jsonschema/schema.json
@@ -0,0 +1,150 @@
+{
+    "id": "http://json-schema.org/draft-04/schema#",
+    "$schema": "http://json-schema.org/draft-04/schema#",
+    "description": "Core schema meta-schema",
+    "definitions": {
+        "schemaArray": {
+            "type": "array",
+            "minItems": 1,
+            "items": { "$ref": "#" }
+        },
+        "positiveInteger": {
+            "type": "integer",
+            "minimum": 0
+        },
+        "positiveIntegerDefault0": {
+            "allOf": [ { "$ref": "#/definitions/positiveInteger" }, { "default": 0 } ]
+        },
+        "simpleTypes": {
+            "enum": [ "array", "boolean", "integer", "null", "number", "object", "string" ]
+        },
+        "stringArray": {
+            "type": "array",
+            "items": { "type": "string" },
+            "minItems": 1,
+            "uniqueItems": true
+        }
+    },
+    "type": "object",
+    "properties": {
+        "id": {
+            "type": "string",
+            "format": "uri"
+        },
+        "$schema": {
+            "type": "string",
+            "format": "uri"
+        },
+        "title": {
+            "type": "string"
+        },
+        "description": {
+            "type": "string"
+        },
+        "default": {},
+        "multipleOf": {
+            "type": "number",
+            "minimum": 0,
+            "exclusiveMinimum": true
+        },
+        "maximum": {
+            "type": "number"
+        },
+        "exclusiveMaximum": {
+            "type": "boolean",
+            "default": false
+        },
+        "minimum": {
+            "type": "number"
+        },
+        "exclusiveMinimum": {
+            "type": "boolean",
+            "default": false
+        },
+        "maxLength": { "$ref": "#/definitions/positiveInteger" },
+        "minLength": { "$ref": "#/definitions/positiveIntegerDefault0" },
+        "pattern": {
+            "type": "string",
+            "format": "regex"
+        },
+        "additionalItems": {
+            "anyOf": [
+                { "type": "boolean" },
+                { "$ref": "#" }
+            ],
+            "default": {}
+        },
+        "items": {
+            "anyOf": [
+                { "$ref": "#" },
+                { "$ref": "#/definitions/schemaArray" }
+            ],
+            "default": {}
+        },
+        "maxItems": { "$ref": "#/definitions/positiveInteger" },
+        "minItems": { "$ref": "#/definitions/positiveIntegerDefault0" },
+        "uniqueItems": {
+            "type": "boolean",
+            "default": false
+        },
+        "maxProperties": { "$ref": "#/definitions/positiveInteger" },
+        "minProperties": { "$ref": "#/definitions/positiveIntegerDefault0" },
+        "required": { "$ref": "#/definitions/stringArray" },
+        "additionalProperties": {
+            "anyOf": [
+                { "type": "boolean" },
+                { "$ref": "#" }
+            ],
+            "default": {}
+        },
+        "definitions": {
+            "type": "object",
+            "additionalProperties": { "$ref": "#" },
+            "default": {}
+        },
+        "properties": {
+            "type": "object",
+            "additionalProperties": { "$ref": "#" },
+            "default": {}
+        },
+        "patternProperties": {
+            "type": "object",
+            "additionalProperties": { "$ref": "#" },
+            "default": {}
+        },
+        "dependencies": {
+            "type": "object",
+            "additionalProperties": {
+                "anyOf": [
+                    { "$ref": "#" },
+                    { "$ref": "#/definitions/stringArray" }
+                ]
+            }
+        },
+        "enum": {
+            "type": "array",
+            "minItems": 1,
+            "uniqueItems": true
+        },
+        "type": {
+            "anyOf": [
+                { "$ref": "#/definitions/simpleTypes" },
+                {
+                    "type": "array",
+                    "items": { "$ref": "#/definitions/simpleTypes" },
+                    "minItems": 1,
+                    "uniqueItems": true
+                }
+            ]
+        },
+        "allOf": { "$ref": "#/definitions/schemaArray" },
+        "anyOf": { "$ref": "#/definitions/schemaArray" },
+        "oneOf": { "$ref": "#/definitions/schemaArray" },
+        "not": { "$ref": "#" }
+    },
+    "dependencies": {
+        "exclusiveMaximum": [ "maximum" ],
+        "exclusiveMinimum": [ "minimum" ]
+    },
+    "default": {}
+}
diff --git a/vendor/github.com/google/gnostic-models/jsonschema/writer.go b/vendor/github.com/google/gnostic-models/jsonschema/writer.go
new file mode 100644
index 000000000..340dc5f93
--- /dev/null
+++ b/vendor/github.com/google/gnostic-models/jsonschema/writer.go
@@ -0,0 +1,369 @@
+// Copyright 2017 Google LLC. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package jsonschema
+
+import (
+	"fmt"
+
+	"gopkg.in/yaml.v3"
+)
+
+const indentation = "  "
+
+func renderMappingNode(node *yaml.Node, indent string) (result string) {
+	result = "{\n"
+	innerIndent := indent + indentation
+	for i := 0; i < len(node.Content); i += 2 {
+		// first print the key
+		key := node.Content[i].Value
+		result += fmt.Sprintf("%s\"%+v\": ", innerIndent, key)
+		// then the value
+		value := node.Content[i+1]
+		switch value.Kind {
+		case yaml.ScalarNode:
+			result += "\"" + value.Value + "\""
+		case yaml.MappingNode:
+			result += renderMappingNode(value, innerIndent)
+		case yaml.SequenceNode:
+			result += renderSequenceNode(value, innerIndent)
+		default:
+			result += fmt.Sprintf("???MapItem(Key:%+v, Value:%T)", value, value)
+		}
+		if i < len(node.Content)-2 {
+			result += ","
+		}
+		result += "\n"
+	}
+
+	result += indent + "}"
+	return result
+}
+
+func renderSequenceNode(node *yaml.Node, indent string) (result string) {
+	result = "[\n"
+	innerIndent := indent + indentation
+	for i := 0; i < len(node.Content); i++ {
+		item := node.Content[i]
+		switch item.Kind {
+		case yaml.ScalarNode:
+			result += innerIndent + "\"" + item.Value + "\""
+		case yaml.MappingNode:
+			result += innerIndent + renderMappingNode(item, innerIndent) + ""
+		default:
+			result += innerIndent + fmt.Sprintf("???ArrayItem(%+v)", item)
+		}
+		if i < len(node.Content)-1 {
+			result += ","
+		}
+		result += "\n"
+	}
+	result += indent + "]"
+	return result
+}
+
+func renderStringArray(array []string, indent string) (result string) {
+	result = "[\n"
+	innerIndent := indent + indentation
+	for i, item := range array {
+		result += innerIndent + "\"" + item + "\""
+		if i < len(array)-1 {
+			result += ","
+		}
+		result += "\n"
+	}
+	result += indent + "]"
+	return result
+}
+
+// Render renders a yaml.Node as JSON
+func Render(node *yaml.Node) string {
+	if node.Kind == yaml.DocumentNode {
+		if len(node.Content) == 1 {
+			return Render(node.Content[0])
+		}
+	} else if node.Kind == yaml.MappingNode {
+		return renderMappingNode(node, "") + "\n"
+	} else if node.Kind == yaml.SequenceNode {
+		return renderSequenceNode(node, "") + "\n"
+	}
+	return ""
+}
+
+func (object *SchemaNumber) nodeValue() *yaml.Node {
+	if object.Integer != nil {
+		return nodeForInt64(*object.Integer)
+	} else if object.Float != nil {
+		return nodeForFloat64(*object.Float)
+	} else {
+		return nil
+	}
+}
+
+func (object *SchemaOrBoolean) nodeValue() *yaml.Node {
+	if object.Schema != nil {
+		return object.Schema.nodeValue()
+	} else if object.Boolean != nil {
+		return nodeForBoolean(*object.Boolean)
+	} else {
+		return nil
+	}
+}
+
+func nodeForStringArray(array []string) *yaml.Node {
+	content := make([]*yaml.Node, 0)
+	for _, item := range array {
+		content = append(content, nodeForString(item))
+	}
+	return nodeForSequence(content)
+}
+
+func nodeForSchemaArray(array []*Schema) *yaml.Node {
+	content := make([]*yaml.Node, 0)
+	for _, item := range array {
+		content = append(content, item.nodeValue())
+	}
+	return nodeForSequence(content)
+}
+
+func (object *StringOrStringArray) nodeValue() *yaml.Node {
+	if object.String != nil {
+		return nodeForString(*object.String)
+	} else if object.StringArray != nil {
+		return nodeForStringArray(*(object.StringArray))
+	} else {
+		return nil
+	}
+}
+
+func (object *SchemaOrStringArray) nodeValue() *yaml.Node {
+	if object.Schema != nil {
+		return object.Schema.nodeValue()
+	} else if object.StringArray != nil {
+		return nodeForStringArray(*(object.StringArray))
+	} else {
+		return nil
+	}
+}
+
+func (object *SchemaOrSchemaArray) nodeValue() *yaml.Node {
+	if object.Schema != nil {
+		return object.Schema.nodeValue()
+	} else if object.SchemaArray != nil {
+		return nodeForSchemaArray(*(object.SchemaArray))
+	} else {
+		return nil
+	}
+}
+
+func (object *SchemaEnumValue) nodeValue() *yaml.Node {
+	if object.String != nil {
+		return nodeForString(*object.String)
+	} else if object.Bool != nil {
+		return nodeForBoolean(*object.Bool)
+	} else {
+		return nil
+	}
+}
+
+func nodeForNamedSchemaArray(array *[]*NamedSchema) *yaml.Node {
+	content := make([]*yaml.Node, 0)
+	for _, pair := range *(array) {
+		content = appendPair(content, pair.Name, pair.Value.nodeValue())
+	}
+	return nodeForMapping(content)
+}
+
+func nodeForNamedSchemaOrStringArray(array *[]*NamedSchemaOrStringArray) *yaml.Node {
+	content := make([]*yaml.Node, 0)
+	for _, pair := range *(array) {
+		content = appendPair(content, pair.Name, pair.Value.nodeValue())
+	}
+	return nodeForMapping(content)
+}
+
+func nodeForSchemaEnumArray(array *[]SchemaEnumValue) *yaml.Node {
+	content := make([]*yaml.Node, 0)
+	for _, item := range *array {
+		content = append(content, item.nodeValue())
+	}
+	return nodeForSequence(content)
+}
+
+func nodeForMapping(content []*yaml.Node) *yaml.Node {
+	return &yaml.Node{
+		Kind:    yaml.MappingNode,
+		Content: content,
+	}
+}
+
+func nodeForSequence(content []*yaml.Node) *yaml.Node {
+	return &yaml.Node{
+		Kind:    yaml.SequenceNode,
+		Content: content,
+	}
+}
+
+func nodeForString(value string) *yaml.Node {
+	return &yaml.Node{
+		Kind:  yaml.ScalarNode,
+		Tag:   "!!str",
+		Value: value,
+	}
+}
+
+func nodeForBoolean(value bool) *yaml.Node {
+	return &yaml.Node{
+		Kind:  yaml.ScalarNode,
+		Tag:   "!!bool",
+		Value: fmt.Sprintf("%t", value),
+	}
+}
+
+func nodeForInt64(value int64) *yaml.Node {
+	return &yaml.Node{
+		Kind:  yaml.ScalarNode,
+		Tag:   "!!int",
+		Value: fmt.Sprintf("%d", value),
+	}
+}
+
+func nodeForFloat64(value float64) *yaml.Node {
+	return &yaml.Node{
+		Kind:  yaml.ScalarNode,
+		Tag:   "!!float",
+		Value: fmt.Sprintf("%f", value),
+	}
+}
+
+func appendPair(nodes []*yaml.Node, name string, value *yaml.Node) []*yaml.Node {
+	nodes = append(nodes, nodeForString(name))
+	nodes = append(nodes, value)
+	return nodes
+}
+
+func (schema *Schema) nodeValue() *yaml.Node {
+	n := &yaml.Node{Kind: yaml.MappingNode}
+	content := make([]*yaml.Node, 0)
+	if schema.Title != nil {
+		content = appendPair(content, "title", nodeForString(*schema.Title))
+	}
+	if schema.ID != nil {
+		content = appendPair(content, "id", nodeForString(*schema.ID))
+	}
+	if schema.Schema != nil {
+		content = appendPair(content, "$schema", nodeForString(*schema.Schema))
+	}
+	if schema.Type != nil {
+		content = appendPair(content, "type", schema.Type.nodeValue())
+	}
+	if schema.Items != nil {
+		content = appendPair(content, "items", schema.Items.nodeValue())
+	}
+	if schema.Description != nil {
+		content = appendPair(content, "description", nodeForString(*schema.Description))
+	}
+	if schema.Required != nil {
+		content = appendPair(content, "required", nodeForStringArray(*schema.Required))
+	}
+	if schema.AdditionalProperties != nil {
+		content = appendPair(content, "additionalProperties", schema.AdditionalProperties.nodeValue())
+	}
+	if schema.PatternProperties != nil {
+		content = appendPair(content, "patternProperties", nodeForNamedSchemaArray(schema.PatternProperties))
+	}
+	if schema.Properties != nil {
+		content = appendPair(content, "properties", nodeForNamedSchemaArray(schema.Properties))
+	}
+	if schema.Dependencies != nil {
+		content = appendPair(content, "dependencies", nodeForNamedSchemaOrStringArray(schema.Dependencies))
+	}
+	if schema.Ref != nil {
+		content = appendPair(content, "$ref", nodeForString(*schema.Ref))
+	}
+	if schema.MultipleOf != nil {
+		content = appendPair(content, "multipleOf", schema.MultipleOf.nodeValue())
+	}
+	if schema.Maximum != nil {
+		content = appendPair(content, "maximum", schema.Maximum.nodeValue())
+	}
+	if schema.ExclusiveMaximum != nil {
+		content = appendPair(content, "exclusiveMaximum", nodeForBoolean(*schema.ExclusiveMaximum))
+	}
+	if schema.Minimum != nil {
+		content = appendPair(content, "minimum", schema.Minimum.nodeValue())
+	}
+	if schema.ExclusiveMinimum != nil {
+		content = appendPair(content, "exclusiveMinimum", nodeForBoolean(*schema.ExclusiveMinimum))
+	}
+	if schema.MaxLength != nil {
+		content = appendPair(content, "maxLength", nodeForInt64(*schema.MaxLength))
+	}
+	if schema.MinLength != nil {
+		content = appendPair(content, "minLength", nodeForInt64(*schema.MinLength))
+	}
+	if schema.Pattern != nil {
+		content = appendPair(content, "pattern", nodeForString(*schema.Pattern))
+	}
+	if schema.AdditionalItems != nil {
+		content = appendPair(content, "additionalItems", schema.AdditionalItems.nodeValue())
+	}
+	if schema.MaxItems != nil {
+		content = appendPair(content, "maxItems", nodeForInt64(*schema.MaxItems))
+	}
+	if schema.MinItems != nil {
+		content = appendPair(content, "minItems", nodeForInt64(*schema.MinItems))
+	}
+	if schema.UniqueItems != nil {
+		content = appendPair(content, "uniqueItems", nodeForBoolean(*schema.UniqueItems))
+	}
+	if schema.MaxProperties != nil {
+		content = appendPair(content, "maxProperties", nodeForInt64(*schema.MaxProperties))
+	}
+	if schema.MinProperties != nil {
+		content = appendPair(content, "minProperties", nodeForInt64(*schema.MinProperties))
+	}
+	if schema.Enumeration != nil {
+		content = appendPair(content, "enum", nodeForSchemaEnumArray(schema.Enumeration))
+	}
+	if schema.AllOf != nil {
+		content = appendPair(content, "allOf", nodeForSchemaArray(*schema.AllOf))
+	}
+	if schema.AnyOf != nil {
+		content = appendPair(content, "anyOf", nodeForSchemaArray(*schema.AnyOf))
+	}
+	if schema.OneOf != nil {
+		content = appendPair(content, "oneOf", nodeForSchemaArray(*schema.OneOf))
+	}
+	if schema.Not != nil {
+		content = appendPair(content, "not", schema.Not.nodeValue())
+	}
+	if schema.Definitions != nil {
+		content = appendPair(content, "definitions", nodeForNamedSchemaArray(schema.Definitions))
+	}
+	if schema.Default != nil {
+		// m = append(m, yaml.MapItem{Key: "default", Value: *schema.Default})
+	}
+	if schema.Format != nil {
+		content = appendPair(content, "format", nodeForString(*schema.Format))
+	}
+	n.Content = content
+	return n
+}
+
+// JSONString returns a json representation of a schema.
+func (schema *Schema) JSONString() string {
+	node := schema.nodeValue()
+	return Render(node)
+}
diff --git a/vendor/github.com/google/gnostic-models/openapiv2/OpenAPIv2.go b/vendor/github.com/google/gnostic-models/openapiv2/OpenAPIv2.go
new file mode 100644
index 000000000..d71fe6d54
--- /dev/null
+++ b/vendor/github.com/google/gnostic-models/openapiv2/OpenAPIv2.go
@@ -0,0 +1,8820 @@
+// Copyright 2020 Google LLC. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// THIS FILE IS AUTOMATICALLY GENERATED.
+
+package openapi_v2
+
+import (
+	"fmt"
+	"regexp"
+	"strings"
+
+	"gopkg.in/yaml.v3"
+
+	"github.com/google/gnostic-models/compiler"
+)
+
+// Version returns the package name (and OpenAPI version).
+func Version() string {
+	return "openapi_v2"
+}
+
+// NewAdditionalPropertiesItem creates an object of type AdditionalPropertiesItem if possible, returning an error if not.
+func NewAdditionalPropertiesItem(in *yaml.Node, context *compiler.Context) (*AdditionalPropertiesItem, error) {
+	errors := make([]error, 0)
+	x := &AdditionalPropertiesItem{}
+	matched := false
+	// Schema schema = 1;
+	{
+		m, ok := compiler.UnpackMap(in)
+		if ok {
+			// errors might be ok here, they mean we just don't have the right subtype
+			t, matchingError := NewSchema(m, compiler.NewContext("schema", m, context))
+			if matchingError == nil {
+				x.Oneof = &AdditionalPropertiesItem_Schema{Schema: t}
+				matched = true
+			} else {
+				errors = append(errors, matchingError)
+			}
+		}
+	}
+	// bool boolean = 2;
+	boolValue, ok := compiler.BoolForScalarNode(in)
+	if ok {
+		x.Oneof = &AdditionalPropertiesItem_Boolean{Boolean: boolValue}
+		matched = true
+	}
+	if matched {
+		// since the oneof matched one of its possibilities, discard any matching errors
+		errors = make([]error, 0)
+	} else {
+		message := fmt.Sprintf("contains an invalid AdditionalPropertiesItem")
+		err := compiler.NewError(context, message)
+		errors = []error{err}
+	}
+	return x, compiler.NewErrorGroupOrNil(errors)
+}
+
+// NewAny creates an object of type Any if possible, returning an error if not.
+func NewAny(in *yaml.Node, context *compiler.Context) (*Any, error) {
+	errors := make([]error, 0)
+	x := &Any{}
+	bytes := compiler.Marshal(in)
+	x.Yaml = string(bytes)
+	return x, compiler.NewErrorGroupOrNil(errors)
+}
+
+// NewApiKeySecurity creates an object of type ApiKeySecurity if possible, returning an error if not.
+func NewApiKeySecurity(in *yaml.Node, context *compiler.Context) (*ApiKeySecurity, error) {
+	errors := make([]error, 0)
+	x := &ApiKeySecurity{}
+	m, ok := compiler.UnpackMap(in)
+	if !ok {
+		message := fmt.Sprintf("has unexpected value: %+v (%T)", in, in)
+		errors = append(errors, compiler.NewError(context, message))
+	} else {
+		requiredKeys := []string{"in", "name", "type"}
+		missingKeys := compiler.MissingKeysInMap(m, requiredKeys)
+		if len(missingKeys) > 0 {
+			message := fmt.Sprintf("is missing required %s: %+v", compiler.PluralProperties(len(missingKeys)), strings.Join(missingKeys, ", "))
+			errors = append(errors, compiler.NewError(context, message))
+		}
+		allowedKeys := []string{"description", "in", "name", "type"}
+		allowedPatterns := []*regexp.Regexp{pattern0}
+		invalidKeys := compiler.InvalidKeysInMap(m, allowedKeys, allowedPatterns)
+		if len(invalidKeys) > 0 {
+			message := fmt.Sprintf("has invalid %s: %+v", compiler.PluralProperties(len(invalidKeys)), strings.Join(invalidKeys, ", "))
+			errors = append(errors, compiler.NewError(context, message))
+		}
+		// string type = 1;
+		v1 := compiler.MapValueForKey(m, "type")
+		if v1 != nil {
+			x.Type, ok = compiler.StringForScalarNode(v1)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for type: %s", compiler.Display(v1))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+			// check for valid enum values
+			// [apiKey]
+			if ok && !compiler.StringArrayContainsValue([]string{"apiKey"}, x.Type) {
+				message := fmt.Sprintf("has unexpected value for type: %s", compiler.Display(v1))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// string name = 2;
+		v2 := compiler.MapValueForKey(m, "name")
+		if v2 != nil {
+			x.Name, ok = compiler.StringForScalarNode(v2)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for name: %s", compiler.Display(v2))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// string in = 3;
+		v3 := compiler.MapValueForKey(m, "in")
+		if v3 != nil {
+			x.In, ok = compiler.StringForScalarNode(v3)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for in: %s", compiler.Display(v3))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+			// check for valid enum values
+			// [header query]
+			if ok && !compiler.StringArrayContainsValue([]string{"header", "query"}, x.In) {
+				message := fmt.Sprintf("has unexpected value for in: %s", compiler.Display(v3))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// string description = 4;
+		v4 := compiler.MapValueForKey(m, "description")
+		if v4 != nil {
+			x.Description, ok = compiler.StringForScalarNode(v4)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for description: %s", compiler.Display(v4))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// repeated NamedAny vendor_extension = 5;
+		// MAP: Any ^x-
+		x.VendorExtension = make([]*NamedAny, 0)
+		for i := 0; i < len(m.Content); i += 2 {
+			k, ok := compiler.StringForScalarNode(m.Content[i])
+			if ok {
+				v := m.Content[i+1]
+				if strings.HasPrefix(k, "x-") {
+					pair := &NamedAny{}
+					pair.Name = k
+					result := &Any{}
+					handled, resultFromExt, err := compiler.CallExtension(context, v, k)
+					if handled {
+						if err != nil {
+							errors = append(errors, err)
+						} else {
+							bytes := compiler.Marshal(v)
+							result.Yaml = string(bytes)
+							result.Value = resultFromExt
+							pair.Value = result
+						}
+					} else {
+						pair.Value, err = NewAny(v, compiler.NewContext(k, v, context))
+						if err != nil {
+							errors = append(errors, err)
+						}
+					}
+					x.VendorExtension = append(x.VendorExtension, pair)
+				}
+			}
+		}
+	}
+	return x, compiler.NewErrorGroupOrNil(errors)
+}
+
+// NewBasicAuthenticationSecurity creates an object of type BasicAuthenticationSecurity if possible, returning an error if not.
+func NewBasicAuthenticationSecurity(in *yaml.Node, context *compiler.Context) (*BasicAuthenticationSecurity, error) {
+	errors := make([]error, 0)
+	x := &BasicAuthenticationSecurity{}
+	m, ok := compiler.UnpackMap(in)
+	if !ok {
+		message := fmt.Sprintf("has unexpected value: %+v (%T)", in, in)
+		errors = append(errors, compiler.NewError(context, message))
+	} else {
+		requiredKeys := []string{"type"}
+		missingKeys := compiler.MissingKeysInMap(m, requiredKeys)
+		if len(missingKeys) > 0 {
+			message := fmt.Sprintf("is missing required %s: %+v", compiler.PluralProperties(len(missingKeys)), strings.Join(missingKeys, ", "))
+			errors = append(errors, compiler.NewError(context, message))
+		}
+		allowedKeys := []string{"description", "type"}
+		allowedPatterns := []*regexp.Regexp{pattern0}
+		invalidKeys := compiler.InvalidKeysInMap(m, allowedKeys, allowedPatterns)
+		if len(invalidKeys) > 0 {
+			message := fmt.Sprintf("has invalid %s: %+v", compiler.PluralProperties(len(invalidKeys)), strings.Join(invalidKeys, ", "))
+			errors = append(errors, compiler.NewError(context, message))
+		}
+		// string type = 1;
+		v1 := compiler.MapValueForKey(m, "type")
+		if v1 != nil {
+			x.Type, ok = compiler.StringForScalarNode(v1)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for type: %s", compiler.Display(v1))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+			// check for valid enum values
+			// [basic]
+			if ok && !compiler.StringArrayContainsValue([]string{"basic"}, x.Type) {
+				message := fmt.Sprintf("has unexpected value for type: %s", compiler.Display(v1))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// string description = 2;
+		v2 := compiler.MapValueForKey(m, "description")
+		if v2 != nil {
+			x.Description, ok = compiler.StringForScalarNode(v2)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for description: %s", compiler.Display(v2))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// repeated NamedAny vendor_extension = 3;
+		// MAP: Any ^x-
+		x.VendorExtension = make([]*NamedAny, 0)
+		for i := 0; i < len(m.Content); i += 2 {
+			k, ok := compiler.StringForScalarNode(m.Content[i])
+			if ok {
+				v := m.Content[i+1]
+				if strings.HasPrefix(k, "x-") {
+					pair := &NamedAny{}
+					pair.Name = k
+					result := &Any{}
+					handled, resultFromExt, err := compiler.CallExtension(context, v, k)
+					if handled {
+						if err != nil {
+							errors = append(errors, err)
+						} else {
+							bytes := compiler.Marshal(v)
+							result.Yaml = string(bytes)
+							result.Value = resultFromExt
+							pair.Value = result
+						}
+					} else {
+						pair.Value, err = NewAny(v, compiler.NewContext(k, v, context))
+						if err != nil {
+							errors = append(errors, err)
+						}
+					}
+					x.VendorExtension = append(x.VendorExtension, pair)
+				}
+			}
+		}
+	}
+	return x, compiler.NewErrorGroupOrNil(errors)
+}
+
+// NewBodyParameter creates an object of type BodyParameter if possible, returning an error if not.
+func NewBodyParameter(in *yaml.Node, context *compiler.Context) (*BodyParameter, error) {
+	errors := make([]error, 0)
+	x := &BodyParameter{}
+	m, ok := compiler.UnpackMap(in)
+	if !ok {
+		message := fmt.Sprintf("has unexpected value: %+v (%T)", in, in)
+		errors = append(errors, compiler.NewError(context, message))
+	} else {
+		requiredKeys := []string{"in", "name", "schema"}
+		missingKeys := compiler.MissingKeysInMap(m, requiredKeys)
+		if len(missingKeys) > 0 {
+			message := fmt.Sprintf("is missing required %s: %+v", compiler.PluralProperties(len(missingKeys)), strings.Join(missingKeys, ", "))
+			errors = append(errors, compiler.NewError(context, message))
+		}
+		allowedKeys := []string{"description", "in", "name", "required", "schema"}
+		allowedPatterns := []*regexp.Regexp{pattern0}
+		invalidKeys := compiler.InvalidKeysInMap(m, allowedKeys, allowedPatterns)
+		if len(invalidKeys) > 0 {
+			message := fmt.Sprintf("has invalid %s: %+v", compiler.PluralProperties(len(invalidKeys)), strings.Join(invalidKeys, ", "))
+			errors = append(errors, compiler.NewError(context, message))
+		}
+		// string description = 1;
+		v1 := compiler.MapValueForKey(m, "description")
+		if v1 != nil {
+			x.Description, ok = compiler.StringForScalarNode(v1)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for description: %s", compiler.Display(v1))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// string name = 2;
+		v2 := compiler.MapValueForKey(m, "name")
+		if v2 != nil {
+			x.Name, ok = compiler.StringForScalarNode(v2)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for name: %s", compiler.Display(v2))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// string in = 3;
+		v3 := compiler.MapValueForKey(m, "in")
+		if v3 != nil {
+			x.In, ok = compiler.StringForScalarNode(v3)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for in: %s", compiler.Display(v3))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+			// check for valid enum values
+			// [body]
+			if ok && !compiler.StringArrayContainsValue([]string{"body"}, x.In) {
+				message := fmt.Sprintf("has unexpected value for in: %s", compiler.Display(v3))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// bool required = 4;
+		v4 := compiler.MapValueForKey(m, "required")
+		if v4 != nil {
+			x.Required, ok = compiler.BoolForScalarNode(v4)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for required: %s", compiler.Display(v4))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// Schema schema = 5;
+		v5 := compiler.MapValueForKey(m, "schema")
+		if v5 != nil {
+			var err error
+			x.Schema, err = NewSchema(v5, compiler.NewContext("schema", v5, context))
+			if err != nil {
+				errors = append(errors, err)
+			}
+		}
+		// repeated NamedAny vendor_extension = 6;
+		// MAP: Any ^x-
+		x.VendorExtension = make([]*NamedAny, 0)
+		for i := 0; i < len(m.Content); i += 2 {
+			k, ok := compiler.StringForScalarNode(m.Content[i])
+			if ok {
+				v := m.Content[i+1]
+				if strings.HasPrefix(k, "x-") {
+					pair := &NamedAny{}
+					pair.Name = k
+					result := &Any{}
+					handled, resultFromExt, err := compiler.CallExtension(context, v, k)
+					if handled {
+						if err != nil {
+							errors = append(errors, err)
+						} else {
+							bytes := compiler.Marshal(v)
+							result.Yaml = string(bytes)
+							result.Value = resultFromExt
+							pair.Value = result
+						}
+					} else {
+						pair.Value, err = NewAny(v, compiler.NewContext(k, v, context))
+						if err != nil {
+							errors = append(errors, err)
+						}
+					}
+					x.VendorExtension = append(x.VendorExtension, pair)
+				}
+			}
+		}
+	}
+	return x, compiler.NewErrorGroupOrNil(errors)
+}
+
+// NewContact creates an object of type Contact if possible, returning an error if not.
+func NewContact(in *yaml.Node, context *compiler.Context) (*Contact, error) {
+	errors := make([]error, 0)
+	x := &Contact{}
+	m, ok := compiler.UnpackMap(in)
+	if !ok {
+		message := fmt.Sprintf("has unexpected value: %+v (%T)", in, in)
+		errors = append(errors, compiler.NewError(context, message))
+	} else {
+		allowedKeys := []string{"email", "name", "url"}
+		allowedPatterns := []*regexp.Regexp{pattern0}
+		invalidKeys := compiler.InvalidKeysInMap(m, allowedKeys, allowedPatterns)
+		if len(invalidKeys) > 0 {
+			message := fmt.Sprintf("has invalid %s: %+v", compiler.PluralProperties(len(invalidKeys)), strings.Join(invalidKeys, ", "))
+			errors = append(errors, compiler.NewError(context, message))
+		}
+		// string name = 1;
+		v1 := compiler.MapValueForKey(m, "name")
+		if v1 != nil {
+			x.Name, ok = compiler.StringForScalarNode(v1)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for name: %s", compiler.Display(v1))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// string url = 2;
+		v2 := compiler.MapValueForKey(m, "url")
+		if v2 != nil {
+			x.Url, ok = compiler.StringForScalarNode(v2)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for url: %s", compiler.Display(v2))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// string email = 3;
+		v3 := compiler.MapValueForKey(m, "email")
+		if v3 != nil {
+			x.Email, ok = compiler.StringForScalarNode(v3)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for email: %s", compiler.Display(v3))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// repeated NamedAny vendor_extension = 4;
+		// MAP: Any ^x-
+		x.VendorExtension = make([]*NamedAny, 0)
+		for i := 0; i < len(m.Content); i += 2 {
+			k, ok := compiler.StringForScalarNode(m.Content[i])
+			if ok {
+				v := m.Content[i+1]
+				if strings.HasPrefix(k, "x-") {
+					pair := &NamedAny{}
+					pair.Name = k
+					result := &Any{}
+					handled, resultFromExt, err := compiler.CallExtension(context, v, k)
+					if handled {
+						if err != nil {
+							errors = append(errors, err)
+						} else {
+							bytes := compiler.Marshal(v)
+							result.Yaml = string(bytes)
+							result.Value = resultFromExt
+							pair.Value = result
+						}
+					} else {
+						pair.Value, err = NewAny(v, compiler.NewContext(k, v, context))
+						if err != nil {
+							errors = append(errors, err)
+						}
+					}
+					x.VendorExtension = append(x.VendorExtension, pair)
+				}
+			}
+		}
+	}
+	return x, compiler.NewErrorGroupOrNil(errors)
+}
+
+// NewDefault creates an object of type Default if possible, returning an error if not.
+func NewDefault(in *yaml.Node, context *compiler.Context) (*Default, error) {
+	errors := make([]error, 0)
+	x := &Default{}
+	m, ok := compiler.UnpackMap(in)
+	if !ok {
+		message := fmt.Sprintf("has unexpected value: %+v (%T)", in, in)
+		errors = append(errors, compiler.NewError(context, message))
+	} else {
+		// repeated NamedAny additional_properties = 1;
+		// MAP: Any
+		x.AdditionalProperties = make([]*NamedAny, 0)
+		for i := 0; i < len(m.Content); i += 2 {
+			k, ok := compiler.StringForScalarNode(m.Content[i])
+			if ok {
+				v := m.Content[i+1]
+				pair := &NamedAny{}
+				pair.Name = k
+				result := &Any{}
+				handled, resultFromExt, err := compiler.CallExtension(context, v, k)
+				if handled {
+					if err != nil {
+						errors = append(errors, err)
+					} else {
+						bytes := compiler.Marshal(v)
+						result.Yaml = string(bytes)
+						result.Value = resultFromExt
+						pair.Value = result
+					}
+				} else {
+					pair.Value, err = NewAny(v, compiler.NewContext(k, v, context))
+					if err != nil {
+						errors = append(errors, err)
+					}
+				}
+				x.AdditionalProperties = append(x.AdditionalProperties, pair)
+			}
+		}
+	}
+	return x, compiler.NewErrorGroupOrNil(errors)
+}
+
+// NewDefinitions creates an object of type Definitions if possible, returning an error if not.
+func NewDefinitions(in *yaml.Node, context *compiler.Context) (*Definitions, error) {
+	errors := make([]error, 0)
+	x := &Definitions{}
+	m, ok := compiler.UnpackMap(in)
+	if !ok {
+		message := fmt.Sprintf("has unexpected value: %+v (%T)", in, in)
+		errors = append(errors, compiler.NewError(context, message))
+	} else {
+		// repeated NamedSchema additional_properties = 1;
+		// MAP: Schema
+		x.AdditionalProperties = make([]*NamedSchema, 0)
+		for i := 0; i < len(m.Content); i += 2 {
+			k, ok := compiler.StringForScalarNode(m.Content[i])
+			if ok {
+				v := m.Content[i+1]
+				pair := &NamedSchema{}
+				pair.Name = k
+				var err error
+				pair.Value, err = NewSchema(v, compiler.NewContext(k, v, context))
+				if err != nil {
+					errors = append(errors, err)
+				}
+				x.AdditionalProperties = append(x.AdditionalProperties, pair)
+			}
+		}
+	}
+	return x, compiler.NewErrorGroupOrNil(errors)
+}
+
+// NewDocument creates an object of type Document if possible, returning an error if not.
+func NewDocument(in *yaml.Node, context *compiler.Context) (*Document, error) {
+	errors := make([]error, 0)
+	x := &Document{}
+	m, ok := compiler.UnpackMap(in)
+	if !ok {
+		message := fmt.Sprintf("has unexpected value: %+v (%T)", in, in)
+		errors = append(errors, compiler.NewError(context, message))
+	} else {
+		requiredKeys := []string{"info", "paths", "swagger"}
+		missingKeys := compiler.MissingKeysInMap(m, requiredKeys)
+		if len(missingKeys) > 0 {
+			message := fmt.Sprintf("is missing required %s: %+v", compiler.PluralProperties(len(missingKeys)), strings.Join(missingKeys, ", "))
+			errors = append(errors, compiler.NewError(context, message))
+		}
+		allowedKeys := []string{"basePath", "consumes", "definitions", "externalDocs", "host", "info", "parameters", "paths", "produces", "responses", "schemes", "security", "securityDefinitions", "swagger", "tags"}
+		allowedPatterns := []*regexp.Regexp{pattern0}
+		invalidKeys := compiler.InvalidKeysInMap(m, allowedKeys, allowedPatterns)
+		if len(invalidKeys) > 0 {
+			message := fmt.Sprintf("has invalid %s: %+v", compiler.PluralProperties(len(invalidKeys)), strings.Join(invalidKeys, ", "))
+			errors = append(errors, compiler.NewError(context, message))
+		}
+		// string swagger = 1;
+		v1 := compiler.MapValueForKey(m, "swagger")
+		if v1 != nil {
+			x.Swagger, ok = compiler.StringForScalarNode(v1)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for swagger: %s", compiler.Display(v1))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+			// check for valid enum values
+			// [2.0]
+			if ok && !compiler.StringArrayContainsValue([]string{"2.0"}, x.Swagger) {
+				message := fmt.Sprintf("has unexpected value for swagger: %s", compiler.Display(v1))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// Info info = 2;
+		v2 := compiler.MapValueForKey(m, "info")
+		if v2 != nil {
+			var err error
+			x.Info, err = NewInfo(v2, compiler.NewContext("info", v2, context))
+			if err != nil {
+				errors = append(errors, err)
+			}
+		}
+		// string host = 3;
+		v3 := compiler.MapValueForKey(m, "host")
+		if v3 != nil {
+			x.Host, ok = compiler.StringForScalarNode(v3)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for host: %s", compiler.Display(v3))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// string base_path = 4;
+		v4 := compiler.MapValueForKey(m, "basePath")
+		if v4 != nil {
+			x.BasePath, ok = compiler.StringForScalarNode(v4)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for basePath: %s", compiler.Display(v4))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// repeated string schemes = 5;
+		v5 := compiler.MapValueForKey(m, "schemes")
+		if v5 != nil {
+			v, ok := compiler.SequenceNodeForNode(v5)
+			if ok {
+				x.Schemes = compiler.StringArrayForSequenceNode(v)
+			} else {
+				message := fmt.Sprintf("has unexpected value for schemes: %s", compiler.Display(v5))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+			// check for valid enum values
+			// [http https ws wss]
+			if ok && !compiler.StringArrayContainsValues([]string{"http", "https", "ws", "wss"}, x.Schemes) {
+				message := fmt.Sprintf("has unexpected value for schemes: %s", compiler.Display(v5))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// repeated string consumes = 6;
+		v6 := compiler.MapValueForKey(m, "consumes")
+		if v6 != nil {
+			v, ok := compiler.SequenceNodeForNode(v6)
+			if ok {
+				x.Consumes = compiler.StringArrayForSequenceNode(v)
+			} else {
+				message := fmt.Sprintf("has unexpected value for consumes: %s", compiler.Display(v6))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// repeated string produces = 7;
+		v7 := compiler.MapValueForKey(m, "produces")
+		if v7 != nil {
+			v, ok := compiler.SequenceNodeForNode(v7)
+			if ok {
+				x.Produces = compiler.StringArrayForSequenceNode(v)
+			} else {
+				message := fmt.Sprintf("has unexpected value for produces: %s", compiler.Display(v7))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// Paths paths = 8;
+		v8 := compiler.MapValueForKey(m, "paths")
+		if v8 != nil {
+			var err error
+			x.Paths, err = NewPaths(v8, compiler.NewContext("paths", v8, context))
+			if err != nil {
+				errors = append(errors, err)
+			}
+		}
+		// Definitions definitions = 9;
+		v9 := compiler.MapValueForKey(m, "definitions")
+		if v9 != nil {
+			var err error
+			x.Definitions, err = NewDefinitions(v9, compiler.NewContext("definitions", v9, context))
+			if err != nil {
+				errors = append(errors, err)
+			}
+		}
+		// ParameterDefinitions parameters = 10;
+		v10 := compiler.MapValueForKey(m, "parameters")
+		if v10 != nil {
+			var err error
+			x.Parameters, err = NewParameterDefinitions(v10, compiler.NewContext("parameters", v10, context))
+			if err != nil {
+				errors = append(errors, err)
+			}
+		}
+		// ResponseDefinitions responses = 11;
+		v11 := compiler.MapValueForKey(m, "responses")
+		if v11 != nil {
+			var err error
+			x.Responses, err = NewResponseDefinitions(v11, compiler.NewContext("responses", v11, context))
+			if err != nil {
+				errors = append(errors, err)
+			}
+		}
+		// repeated SecurityRequirement security = 12;
+		v12 := compiler.MapValueForKey(m, "security")
+		if v12 != nil {
+			// repeated SecurityRequirement
+			x.Security = make([]*SecurityRequirement, 0)
+			a, ok := compiler.SequenceNodeForNode(v12)
+			if ok {
+				for _, item := range a.Content {
+					y, err := NewSecurityRequirement(item, compiler.NewContext("security", item, context))
+					if err != nil {
+						errors = append(errors, err)
+					}
+					x.Security = append(x.Security, y)
+				}
+			}
+		}
+		// SecurityDefinitions security_definitions = 13;
+		v13 := compiler.MapValueForKey(m, "securityDefinitions")
+		if v13 != nil {
+			var err error
+			x.SecurityDefinitions, err = NewSecurityDefinitions(v13, compiler.NewContext("securityDefinitions", v13, context))
+			if err != nil {
+				errors = append(errors, err)
+			}
+		}
+		// repeated Tag tags = 14;
+		v14 := compiler.MapValueForKey(m, "tags")
+		if v14 != nil {
+			// repeated Tag
+			x.Tags = make([]*Tag, 0)
+			a, ok := compiler.SequenceNodeForNode(v14)
+			if ok {
+				for _, item := range a.Content {
+					y, err := NewTag(item, compiler.NewContext("tags", item, context))
+					if err != nil {
+						errors = append(errors, err)
+					}
+					x.Tags = append(x.Tags, y)
+				}
+			}
+		}
+		// ExternalDocs external_docs = 15;
+		v15 := compiler.MapValueForKey(m, "externalDocs")
+		if v15 != nil {
+			var err error
+			x.ExternalDocs, err = NewExternalDocs(v15, compiler.NewContext("externalDocs", v15, context))
+			if err != nil {
+				errors = append(errors, err)
+			}
+		}
+		// repeated NamedAny vendor_extension = 16;
+		// MAP: Any ^x-
+		x.VendorExtension = make([]*NamedAny, 0)
+		for i := 0; i < len(m.Content); i += 2 {
+			k, ok := compiler.StringForScalarNode(m.Content[i])
+			if ok {
+				v := m.Content[i+1]
+				if strings.HasPrefix(k, "x-") {
+					pair := &NamedAny{}
+					pair.Name = k
+					result := &Any{}
+					handled, resultFromExt, err := compiler.CallExtension(context, v, k)
+					if handled {
+						if err != nil {
+							errors = append(errors, err)
+						} else {
+							bytes := compiler.Marshal(v)
+							result.Yaml = string(bytes)
+							result.Value = resultFromExt
+							pair.Value = result
+						}
+					} else {
+						pair.Value, err = NewAny(v, compiler.NewContext(k, v, context))
+						if err != nil {
+							errors = append(errors, err)
+						}
+					}
+					x.VendorExtension = append(x.VendorExtension, pair)
+				}
+			}
+		}
+	}
+	return x, compiler.NewErrorGroupOrNil(errors)
+}
+
+// NewExamples creates an object of type Examples if possible, returning an error if not.
+func NewExamples(in *yaml.Node, context *compiler.Context) (*Examples, error) {
+	errors := make([]error, 0)
+	x := &Examples{}
+	m, ok := compiler.UnpackMap(in)
+	if !ok {
+		message := fmt.Sprintf("has unexpected value: %+v (%T)", in, in)
+		errors = append(errors, compiler.NewError(context, message))
+	} else {
+		// repeated NamedAny additional_properties = 1;
+		// MAP: Any
+		x.AdditionalProperties = make([]*NamedAny, 0)
+		for i := 0; i < len(m.Content); i += 2 {
+			k, ok := compiler.StringForScalarNode(m.Content[i])
+			if ok {
+				v := m.Content[i+1]
+				pair := &NamedAny{}
+				pair.Name = k
+				result := &Any{}
+				handled, resultFromExt, err := compiler.CallExtension(context, v, k)
+				if handled {
+					if err != nil {
+						errors = append(errors, err)
+					} else {
+						bytes := compiler.Marshal(v)
+						result.Yaml = string(bytes)
+						result.Value = resultFromExt
+						pair.Value = result
+					}
+				} else {
+					pair.Value, err = NewAny(v, compiler.NewContext(k, v, context))
+					if err != nil {
+						errors = append(errors, err)
+					}
+				}
+				x.AdditionalProperties = append(x.AdditionalProperties, pair)
+			}
+		}
+	}
+	return x, compiler.NewErrorGroupOrNil(errors)
+}
+
+// NewExternalDocs creates an object of type ExternalDocs if possible, returning an error if not.
+func NewExternalDocs(in *yaml.Node, context *compiler.Context) (*ExternalDocs, error) {
+	errors := make([]error, 0)
+	x := &ExternalDocs{}
+	m, ok := compiler.UnpackMap(in)
+	if !ok {
+		message := fmt.Sprintf("has unexpected value: %+v (%T)", in, in)
+		errors = append(errors, compiler.NewError(context, message))
+	} else {
+		requiredKeys := []string{"url"}
+		missingKeys := compiler.MissingKeysInMap(m, requiredKeys)
+		if len(missingKeys) > 0 {
+			message := fmt.Sprintf("is missing required %s: %+v", compiler.PluralProperties(len(missingKeys)), strings.Join(missingKeys, ", "))
+			errors = append(errors, compiler.NewError(context, message))
+		}
+		allowedKeys := []string{"description", "url"}
+		allowedPatterns := []*regexp.Regexp{pattern0}
+		invalidKeys := compiler.InvalidKeysInMap(m, allowedKeys, allowedPatterns)
+		if len(invalidKeys) > 0 {
+			message := fmt.Sprintf("has invalid %s: %+v", compiler.PluralProperties(len(invalidKeys)), strings.Join(invalidKeys, ", "))
+			errors = append(errors, compiler.NewError(context, message))
+		}
+		// string description = 1;
+		v1 := compiler.MapValueForKey(m, "description")
+		if v1 != nil {
+			x.Description, ok = compiler.StringForScalarNode(v1)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for description: %s", compiler.Display(v1))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// string url = 2;
+		v2 := compiler.MapValueForKey(m, "url")
+		if v2 != nil {
+			x.Url, ok = compiler.StringForScalarNode(v2)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for url: %s", compiler.Display(v2))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// repeated NamedAny vendor_extension = 3;
+		// MAP: Any ^x-
+		x.VendorExtension = make([]*NamedAny, 0)
+		for i := 0; i < len(m.Content); i += 2 {
+			k, ok := compiler.StringForScalarNode(m.Content[i])
+			if ok {
+				v := m.Content[i+1]
+				if strings.HasPrefix(k, "x-") {
+					pair := &NamedAny{}
+					pair.Name = k
+					result := &Any{}
+					handled, resultFromExt, err := compiler.CallExtension(context, v, k)
+					if handled {
+						if err != nil {
+							errors = append(errors, err)
+						} else {
+							bytes := compiler.Marshal(v)
+							result.Yaml = string(bytes)
+							result.Value = resultFromExt
+							pair.Value = result
+						}
+					} else {
+						pair.Value, err = NewAny(v, compiler.NewContext(k, v, context))
+						if err != nil {
+							errors = append(errors, err)
+						}
+					}
+					x.VendorExtension = append(x.VendorExtension, pair)
+				}
+			}
+		}
+	}
+	return x, compiler.NewErrorGroupOrNil(errors)
+}
+
+// NewFileSchema creates an object of type FileSchema if possible, returning an error if not.
+func NewFileSchema(in *yaml.Node, context *compiler.Context) (*FileSchema, error) {
+	errors := make([]error, 0)
+	x := &FileSchema{}
+	m, ok := compiler.UnpackMap(in)
+	if !ok {
+		message := fmt.Sprintf("has unexpected value: %+v (%T)", in, in)
+		errors = append(errors, compiler.NewError(context, message))
+	} else {
+		requiredKeys := []string{"type"}
+		missingKeys := compiler.MissingKeysInMap(m, requiredKeys)
+		if len(missingKeys) > 0 {
+			message := fmt.Sprintf("is missing required %s: %+v", compiler.PluralProperties(len(missingKeys)), strings.Join(missingKeys, ", "))
+			errors = append(errors, compiler.NewError(context, message))
+		}
+		allowedKeys := []string{"default", "description", "example", "externalDocs", "format", "readOnly", "required", "title", "type"}
+		allowedPatterns := []*regexp.Regexp{pattern0}
+		invalidKeys := compiler.InvalidKeysInMap(m, allowedKeys, allowedPatterns)
+		if len(invalidKeys) > 0 {
+			message := fmt.Sprintf("has invalid %s: %+v", compiler.PluralProperties(len(invalidKeys)), strings.Join(invalidKeys, ", "))
+			errors = append(errors, compiler.NewError(context, message))
+		}
+		// string format = 1;
+		v1 := compiler.MapValueForKey(m, "format")
+		if v1 != nil {
+			x.Format, ok = compiler.StringForScalarNode(v1)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for format: %s", compiler.Display(v1))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// string title = 2;
+		v2 := compiler.MapValueForKey(m, "title")
+		if v2 != nil {
+			x.Title, ok = compiler.StringForScalarNode(v2)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for title: %s", compiler.Display(v2))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// string description = 3;
+		v3 := compiler.MapValueForKey(m, "description")
+		if v3 != nil {
+			x.Description, ok = compiler.StringForScalarNode(v3)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for description: %s", compiler.Display(v3))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// Any default = 4;
+		v4 := compiler.MapValueForKey(m, "default")
+		if v4 != nil {
+			var err error
+			x.Default, err = NewAny(v4, compiler.NewContext("default", v4, context))
+			if err != nil {
+				errors = append(errors, err)
+			}
+		}
+		// repeated string required = 5;
+		v5 := compiler.MapValueForKey(m, "required")
+		if v5 != nil {
+			v, ok := compiler.SequenceNodeForNode(v5)
+			if ok {
+				x.Required = compiler.StringArrayForSequenceNode(v)
+			} else {
+				message := fmt.Sprintf("has unexpected value for required: %s", compiler.Display(v5))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// string type = 6;
+		v6 := compiler.MapValueForKey(m, "type")
+		if v6 != nil {
+			x.Type, ok = compiler.StringForScalarNode(v6)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for type: %s", compiler.Display(v6))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+			// check for valid enum values
+			// [file]
+			if ok && !compiler.StringArrayContainsValue([]string{"file"}, x.Type) {
+				message := fmt.Sprintf("has unexpected value for type: %s", compiler.Display(v6))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// bool read_only = 7;
+		v7 := compiler.MapValueForKey(m, "readOnly")
+		if v7 != nil {
+			x.ReadOnly, ok = compiler.BoolForScalarNode(v7)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for readOnly: %s", compiler.Display(v7))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// ExternalDocs external_docs = 8;
+		v8 := compiler.MapValueForKey(m, "externalDocs")
+		if v8 != nil {
+			var err error
+			x.ExternalDocs, err = NewExternalDocs(v8, compiler.NewContext("externalDocs", v8, context))
+			if err != nil {
+				errors = append(errors, err)
+			}
+		}
+		// Any example = 9;
+		v9 := compiler.MapValueForKey(m, "example")
+		if v9 != nil {
+			var err error
+			x.Example, err = NewAny(v9, compiler.NewContext("example", v9, context))
+			if err != nil {
+				errors = append(errors, err)
+			}
+		}
+		// repeated NamedAny vendor_extension = 10;
+		// MAP: Any ^x-
+		x.VendorExtension = make([]*NamedAny, 0)
+		for i := 0; i < len(m.Content); i += 2 {
+			k, ok := compiler.StringForScalarNode(m.Content[i])
+			if ok {
+				v := m.Content[i+1]
+				if strings.HasPrefix(k, "x-") {
+					pair := &NamedAny{}
+					pair.Name = k
+					result := &Any{}
+					handled, resultFromExt, err := compiler.CallExtension(context, v, k)
+					if handled {
+						if err != nil {
+							errors = append(errors, err)
+						} else {
+							bytes := compiler.Marshal(v)
+							result.Yaml = string(bytes)
+							result.Value = resultFromExt
+							pair.Value = result
+						}
+					} else {
+						pair.Value, err = NewAny(v, compiler.NewContext(k, v, context))
+						if err != nil {
+							errors = append(errors, err)
+						}
+					}
+					x.VendorExtension = append(x.VendorExtension, pair)
+				}
+			}
+		}
+	}
+	return x, compiler.NewErrorGroupOrNil(errors)
+}
+
+// NewFormDataParameterSubSchema creates an object of type FormDataParameterSubSchema if possible, returning an error if not.
+func NewFormDataParameterSubSchema(in *yaml.Node, context *compiler.Context) (*FormDataParameterSubSchema, error) {
+	errors := make([]error, 0)
+	x := &FormDataParameterSubSchema{}
+	m, ok := compiler.UnpackMap(in)
+	if !ok {
+		message := fmt.Sprintf("has unexpected value: %+v (%T)", in, in)
+		errors = append(errors, compiler.NewError(context, message))
+	} else {
+		allowedKeys := []string{"allowEmptyValue", "collectionFormat", "default", "description", "enum", "exclusiveMaximum", "exclusiveMinimum", "format", "in", "items", "maxItems", "maxLength", "maximum", "minItems", "minLength", "minimum", "multipleOf", "name", "pattern", "required", "type", "uniqueItems"}
+		allowedPatterns := []*regexp.Regexp{pattern0}
+		invalidKeys := compiler.InvalidKeysInMap(m, allowedKeys, allowedPatterns)
+		if len(invalidKeys) > 0 {
+			message := fmt.Sprintf("has invalid %s: %+v", compiler.PluralProperties(len(invalidKeys)), strings.Join(invalidKeys, ", "))
+			errors = append(errors, compiler.NewError(context, message))
+		}
+		// bool required = 1;
+		v1 := compiler.MapValueForKey(m, "required")
+		if v1 != nil {
+			x.Required, ok = compiler.BoolForScalarNode(v1)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for required: %s", compiler.Display(v1))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// string in = 2;
+		v2 := compiler.MapValueForKey(m, "in")
+		if v2 != nil {
+			x.In, ok = compiler.StringForScalarNode(v2)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for in: %s", compiler.Display(v2))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+			// check for valid enum values
+			// [formData]
+			if ok && !compiler.StringArrayContainsValue([]string{"formData"}, x.In) {
+				message := fmt.Sprintf("has unexpected value for in: %s", compiler.Display(v2))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// string description = 3;
+		v3 := compiler.MapValueForKey(m, "description")
+		if v3 != nil {
+			x.Description, ok = compiler.StringForScalarNode(v3)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for description: %s", compiler.Display(v3))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// string name = 4;
+		v4 := compiler.MapValueForKey(m, "name")
+		if v4 != nil {
+			x.Name, ok = compiler.StringForScalarNode(v4)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for name: %s", compiler.Display(v4))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// bool allow_empty_value = 5;
+		v5 := compiler.MapValueForKey(m, "allowEmptyValue")
+		if v5 != nil {
+			x.AllowEmptyValue, ok = compiler.BoolForScalarNode(v5)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for allowEmptyValue: %s", compiler.Display(v5))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// string type = 6;
+		v6 := compiler.MapValueForKey(m, "type")
+		if v6 != nil {
+			x.Type, ok = compiler.StringForScalarNode(v6)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for type: %s", compiler.Display(v6))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+			// check for valid enum values
+			// [string number boolean integer array file]
+			if ok && !compiler.StringArrayContainsValue([]string{"string", "number", "boolean", "integer", "array", "file"}, x.Type) {
+				message := fmt.Sprintf("has unexpected value for type: %s", compiler.Display(v6))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// string format = 7;
+		v7 := compiler.MapValueForKey(m, "format")
+		if v7 != nil {
+			x.Format, ok = compiler.StringForScalarNode(v7)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for format: %s", compiler.Display(v7))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// PrimitivesItems items = 8;
+		v8 := compiler.MapValueForKey(m, "items")
+		if v8 != nil {
+			var err error
+			x.Items, err = NewPrimitivesItems(v8, compiler.NewContext("items", v8, context))
+			if err != nil {
+				errors = append(errors, err)
+			}
+		}
+		// string collection_format = 9;
+		v9 := compiler.MapValueForKey(m, "collectionFormat")
+		if v9 != nil {
+			x.CollectionFormat, ok = compiler.StringForScalarNode(v9)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for collectionFormat: %s", compiler.Display(v9))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+			// check for valid enum values
+			// [csv ssv tsv pipes multi]
+			if ok && !compiler.StringArrayContainsValue([]string{"csv", "ssv", "tsv", "pipes", "multi"}, x.CollectionFormat) {
+				message := fmt.Sprintf("has unexpected value for collectionFormat: %s", compiler.Display(v9))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// Any default = 10;
+		v10 := compiler.MapValueForKey(m, "default")
+		if v10 != nil {
+			var err error
+			x.Default, err = NewAny(v10, compiler.NewContext("default", v10, context))
+			if err != nil {
+				errors = append(errors, err)
+			}
+		}
+		// float maximum = 11;
+		v11 := compiler.MapValueForKey(m, "maximum")
+		if v11 != nil {
+			v, ok := compiler.FloatForScalarNode(v11)
+			if ok {
+				x.Maximum = v
+			} else {
+				message := fmt.Sprintf("has unexpected value for maximum: %s", compiler.Display(v11))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// bool exclusive_maximum = 12;
+		v12 := compiler.MapValueForKey(m, "exclusiveMaximum")
+		if v12 != nil {
+			x.ExclusiveMaximum, ok = compiler.BoolForScalarNode(v12)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for exclusiveMaximum: %s", compiler.Display(v12))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// float minimum = 13;
+		v13 := compiler.MapValueForKey(m, "minimum")
+		if v13 != nil {
+			v, ok := compiler.FloatForScalarNode(v13)
+			if ok {
+				x.Minimum = v
+			} else {
+				message := fmt.Sprintf("has unexpected value for minimum: %s", compiler.Display(v13))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// bool exclusive_minimum = 14;
+		v14 := compiler.MapValueForKey(m, "exclusiveMinimum")
+		if v14 != nil {
+			x.ExclusiveMinimum, ok = compiler.BoolForScalarNode(v14)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for exclusiveMinimum: %s", compiler.Display(v14))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// int64 max_length = 15;
+		v15 := compiler.MapValueForKey(m, "maxLength")
+		if v15 != nil {
+			t, ok := compiler.IntForScalarNode(v15)
+			if ok {
+				x.MaxLength = int64(t)
+			} else {
+				message := fmt.Sprintf("has unexpected value for maxLength: %s", compiler.Display(v15))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// int64 min_length = 16;
+		v16 := compiler.MapValueForKey(m, "minLength")
+		if v16 != nil {
+			t, ok := compiler.IntForScalarNode(v16)
+			if ok {
+				x.MinLength = int64(t)
+			} else {
+				message := fmt.Sprintf("has unexpected value for minLength: %s", compiler.Display(v16))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// string pattern = 17;
+		v17 := compiler.MapValueForKey(m, "pattern")
+		if v17 != nil {
+			x.Pattern, ok = compiler.StringForScalarNode(v17)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for pattern: %s", compiler.Display(v17))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// int64 max_items = 18;
+		v18 := compiler.MapValueForKey(m, "maxItems")
+		if v18 != nil {
+			t, ok := compiler.IntForScalarNode(v18)
+			if ok {
+				x.MaxItems = int64(t)
+			} else {
+				message := fmt.Sprintf("has unexpected value for maxItems: %s", compiler.Display(v18))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// int64 min_items = 19;
+		v19 := compiler.MapValueForKey(m, "minItems")
+		if v19 != nil {
+			t, ok := compiler.IntForScalarNode(v19)
+			if ok {
+				x.MinItems = int64(t)
+			} else {
+				message := fmt.Sprintf("has unexpected value for minItems: %s", compiler.Display(v19))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// bool unique_items = 20;
+		v20 := compiler.MapValueForKey(m, "uniqueItems")
+		if v20 != nil {
+			x.UniqueItems, ok = compiler.BoolForScalarNode(v20)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for uniqueItems: %s", compiler.Display(v20))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// repeated Any enum = 21;
+		v21 := compiler.MapValueForKey(m, "enum")
+		if v21 != nil {
+			// repeated Any
+			x.Enum = make([]*Any, 0)
+			a, ok := compiler.SequenceNodeForNode(v21)
+			if ok {
+				for _, item := range a.Content {
+					y, err := NewAny(item, compiler.NewContext("enum", item, context))
+					if err != nil {
+						errors = append(errors, err)
+					}
+					x.Enum = append(x.Enum, y)
+				}
+			}
+		}
+		// float multiple_of = 22;
+		v22 := compiler.MapValueForKey(m, "multipleOf")
+		if v22 != nil {
+			v, ok := compiler.FloatForScalarNode(v22)
+			if ok {
+				x.MultipleOf = v
+			} else {
+				message := fmt.Sprintf("has unexpected value for multipleOf: %s", compiler.Display(v22))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// repeated NamedAny vendor_extension = 23;
+		// MAP: Any ^x-
+		x.VendorExtension = make([]*NamedAny, 0)
+		for i := 0; i < len(m.Content); i += 2 {
+			k, ok := compiler.StringForScalarNode(m.Content[i])
+			if ok {
+				v := m.Content[i+1]
+				if strings.HasPrefix(k, "x-") {
+					pair := &NamedAny{}
+					pair.Name = k
+					result := &Any{}
+					handled, resultFromExt, err := compiler.CallExtension(context, v, k)
+					if handled {
+						if err != nil {
+							errors = append(errors, err)
+						} else {
+							bytes := compiler.Marshal(v)
+							result.Yaml = string(bytes)
+							result.Value = resultFromExt
+							pair.Value = result
+						}
+					} else {
+						pair.Value, err = NewAny(v, compiler.NewContext(k, v, context))
+						if err != nil {
+							errors = append(errors, err)
+						}
+					}
+					x.VendorExtension = append(x.VendorExtension, pair)
+				}
+			}
+		}
+	}
+	return x, compiler.NewErrorGroupOrNil(errors)
+}
+
+// NewHeader creates an object of type Header if possible, returning an error if not.
+func NewHeader(in *yaml.Node, context *compiler.Context) (*Header, error) {
+	errors := make([]error, 0)
+	x := &Header{}
+	m, ok := compiler.UnpackMap(in)
+	if !ok {
+		message := fmt.Sprintf("has unexpected value: %+v (%T)", in, in)
+		errors = append(errors, compiler.NewError(context, message))
+	} else {
+		requiredKeys := []string{"type"}
+		missingKeys := compiler.MissingKeysInMap(m, requiredKeys)
+		if len(missingKeys) > 0 {
+			message := fmt.Sprintf("is missing required %s: %+v", compiler.PluralProperties(len(missingKeys)), strings.Join(missingKeys, ", "))
+			errors = append(errors, compiler.NewError(context, message))
+		}
+		allowedKeys := []string{"collectionFormat", "default", "description", "enum", "exclusiveMaximum", "exclusiveMinimum", "format", "items", "maxItems", "maxLength", "maximum", "minItems", "minLength", "minimum", "multipleOf", "pattern", "type", "uniqueItems"}
+		allowedPatterns := []*regexp.Regexp{pattern0}
+		invalidKeys := compiler.InvalidKeysInMap(m, allowedKeys, allowedPatterns)
+		if len(invalidKeys) > 0 {
+			message := fmt.Sprintf("has invalid %s: %+v", compiler.PluralProperties(len(invalidKeys)), strings.Join(invalidKeys, ", "))
+			errors = append(errors, compiler.NewError(context, message))
+		}
+		// string type = 1;
+		v1 := compiler.MapValueForKey(m, "type")
+		if v1 != nil {
+			x.Type, ok = compiler.StringForScalarNode(v1)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for type: %s", compiler.Display(v1))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+			// check for valid enum values
+			// [string number integer boolean array]
+			if ok && !compiler.StringArrayContainsValue([]string{"string", "number", "integer", "boolean", "array"}, x.Type) {
+				message := fmt.Sprintf("has unexpected value for type: %s", compiler.Display(v1))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// string format = 2;
+		v2 := compiler.MapValueForKey(m, "format")
+		if v2 != nil {
+			x.Format, ok = compiler.StringForScalarNode(v2)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for format: %s", compiler.Display(v2))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// PrimitivesItems items = 3;
+		v3 := compiler.MapValueForKey(m, "items")
+		if v3 != nil {
+			var err error
+			x.Items, err = NewPrimitivesItems(v3, compiler.NewContext("items", v3, context))
+			if err != nil {
+				errors = append(errors, err)
+			}
+		}
+		// string collection_format = 4;
+		v4 := compiler.MapValueForKey(m, "collectionFormat")
+		if v4 != nil {
+			x.CollectionFormat, ok = compiler.StringForScalarNode(v4)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for collectionFormat: %s", compiler.Display(v4))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+			// check for valid enum values
+			// [csv ssv tsv pipes]
+			if ok && !compiler.StringArrayContainsValue([]string{"csv", "ssv", "tsv", "pipes"}, x.CollectionFormat) {
+				message := fmt.Sprintf("has unexpected value for collectionFormat: %s", compiler.Display(v4))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// Any default = 5;
+		v5 := compiler.MapValueForKey(m, "default")
+		if v5 != nil {
+			var err error
+			x.Default, err = NewAny(v5, compiler.NewContext("default", v5, context))
+			if err != nil {
+				errors = append(errors, err)
+			}
+		}
+		// float maximum = 6;
+		v6 := compiler.MapValueForKey(m, "maximum")
+		if v6 != nil {
+			v, ok := compiler.FloatForScalarNode(v6)
+			if ok {
+				x.Maximum = v
+			} else {
+				message := fmt.Sprintf("has unexpected value for maximum: %s", compiler.Display(v6))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// bool exclusive_maximum = 7;
+		v7 := compiler.MapValueForKey(m, "exclusiveMaximum")
+		if v7 != nil {
+			x.ExclusiveMaximum, ok = compiler.BoolForScalarNode(v7)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for exclusiveMaximum: %s", compiler.Display(v7))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// float minimum = 8;
+		v8 := compiler.MapValueForKey(m, "minimum")
+		if v8 != nil {
+			v, ok := compiler.FloatForScalarNode(v8)
+			if ok {
+				x.Minimum = v
+			} else {
+				message := fmt.Sprintf("has unexpected value for minimum: %s", compiler.Display(v8))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// bool exclusive_minimum = 9;
+		v9 := compiler.MapValueForKey(m, "exclusiveMinimum")
+		if v9 != nil {
+			x.ExclusiveMinimum, ok = compiler.BoolForScalarNode(v9)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for exclusiveMinimum: %s", compiler.Display(v9))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// int64 max_length = 10;
+		v10 := compiler.MapValueForKey(m, "maxLength")
+		if v10 != nil {
+			t, ok := compiler.IntForScalarNode(v10)
+			if ok {
+				x.MaxLength = int64(t)
+			} else {
+				message := fmt.Sprintf("has unexpected value for maxLength: %s", compiler.Display(v10))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// int64 min_length = 11;
+		v11 := compiler.MapValueForKey(m, "minLength")
+		if v11 != nil {
+			t, ok := compiler.IntForScalarNode(v11)
+			if ok {
+				x.MinLength = int64(t)
+			} else {
+				message := fmt.Sprintf("has unexpected value for minLength: %s", compiler.Display(v11))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// string pattern = 12;
+		v12 := compiler.MapValueForKey(m, "pattern")
+		if v12 != nil {
+			x.Pattern, ok = compiler.StringForScalarNode(v12)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for pattern: %s", compiler.Display(v12))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// int64 max_items = 13;
+		v13 := compiler.MapValueForKey(m, "maxItems")
+		if v13 != nil {
+			t, ok := compiler.IntForScalarNode(v13)
+			if ok {
+				x.MaxItems = int64(t)
+			} else {
+				message := fmt.Sprintf("has unexpected value for maxItems: %s", compiler.Display(v13))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// int64 min_items = 14;
+		v14 := compiler.MapValueForKey(m, "minItems")
+		if v14 != nil {
+			t, ok := compiler.IntForScalarNode(v14)
+			if ok {
+				x.MinItems = int64(t)
+			} else {
+				message := fmt.Sprintf("has unexpected value for minItems: %s", compiler.Display(v14))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// bool unique_items = 15;
+		v15 := compiler.MapValueForKey(m, "uniqueItems")
+		if v15 != nil {
+			x.UniqueItems, ok = compiler.BoolForScalarNode(v15)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for uniqueItems: %s", compiler.Display(v15))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// repeated Any enum = 16;
+		v16 := compiler.MapValueForKey(m, "enum")
+		if v16 != nil {
+			// repeated Any
+			x.Enum = make([]*Any, 0)
+			a, ok := compiler.SequenceNodeForNode(v16)
+			if ok {
+				for _, item := range a.Content {
+					y, err := NewAny(item, compiler.NewContext("enum", item, context))
+					if err != nil {
+						errors = append(errors, err)
+					}
+					x.Enum = append(x.Enum, y)
+				}
+			}
+		}
+		// float multiple_of = 17;
+		v17 := compiler.MapValueForKey(m, "multipleOf")
+		if v17 != nil {
+			v, ok := compiler.FloatForScalarNode(v17)
+			if ok {
+				x.MultipleOf = v
+			} else {
+				message := fmt.Sprintf("has unexpected value for multipleOf: %s", compiler.Display(v17))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// string description = 18;
+		v18 := compiler.MapValueForKey(m, "description")
+		if v18 != nil {
+			x.Description, ok = compiler.StringForScalarNode(v18)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for description: %s", compiler.Display(v18))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// repeated NamedAny vendor_extension = 19;
+		// MAP: Any ^x-
+		x.VendorExtension = make([]*NamedAny, 0)
+		for i := 0; i < len(m.Content); i += 2 {
+			k, ok := compiler.StringForScalarNode(m.Content[i])
+			if ok {
+				v := m.Content[i+1]
+				if strings.HasPrefix(k, "x-") {
+					pair := &NamedAny{}
+					pair.Name = k
+					result := &Any{}
+					handled, resultFromExt, err := compiler.CallExtension(context, v, k)
+					if handled {
+						if err != nil {
+							errors = append(errors, err)
+						} else {
+							bytes := compiler.Marshal(v)
+							result.Yaml = string(bytes)
+							result.Value = resultFromExt
+							pair.Value = result
+						}
+					} else {
+						pair.Value, err = NewAny(v, compiler.NewContext(k, v, context))
+						if err != nil {
+							errors = append(errors, err)
+						}
+					}
+					x.VendorExtension = append(x.VendorExtension, pair)
+				}
+			}
+		}
+	}
+	return x, compiler.NewErrorGroupOrNil(errors)
+}
+
+// NewHeaderParameterSubSchema creates an object of type HeaderParameterSubSchema if possible, returning an error if not.
+func NewHeaderParameterSubSchema(in *yaml.Node, context *compiler.Context) (*HeaderParameterSubSchema, error) {
+	errors := make([]error, 0)
+	x := &HeaderParameterSubSchema{}
+	m, ok := compiler.UnpackMap(in)
+	if !ok {
+		message := fmt.Sprintf("has unexpected value: %+v (%T)", in, in)
+		errors = append(errors, compiler.NewError(context, message))
+	} else {
+		allowedKeys := []string{"collectionFormat", "default", "description", "enum", "exclusiveMaximum", "exclusiveMinimum", "format", "in", "items", "maxItems", "maxLength", "maximum", "minItems", "minLength", "minimum", "multipleOf", "name", "pattern", "required", "type", "uniqueItems"}
+		allowedPatterns := []*regexp.Regexp{pattern0}
+		invalidKeys := compiler.InvalidKeysInMap(m, allowedKeys, allowedPatterns)
+		if len(invalidKeys) > 0 {
+			message := fmt.Sprintf("has invalid %s: %+v", compiler.PluralProperties(len(invalidKeys)), strings.Join(invalidKeys, ", "))
+			errors = append(errors, compiler.NewError(context, message))
+		}
+		// bool required = 1;
+		v1 := compiler.MapValueForKey(m, "required")
+		if v1 != nil {
+			x.Required, ok = compiler.BoolForScalarNode(v1)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for required: %s", compiler.Display(v1))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// string in = 2;
+		v2 := compiler.MapValueForKey(m, "in")
+		if v2 != nil {
+			x.In, ok = compiler.StringForScalarNode(v2)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for in: %s", compiler.Display(v2))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+			// check for valid enum values
+			// [header]
+			if ok && !compiler.StringArrayContainsValue([]string{"header"}, x.In) {
+				message := fmt.Sprintf("has unexpected value for in: %s", compiler.Display(v2))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// string description = 3;
+		v3 := compiler.MapValueForKey(m, "description")
+		if v3 != nil {
+			x.Description, ok = compiler.StringForScalarNode(v3)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for description: %s", compiler.Display(v3))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// string name = 4;
+		v4 := compiler.MapValueForKey(m, "name")
+		if v4 != nil {
+			x.Name, ok = compiler.StringForScalarNode(v4)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for name: %s", compiler.Display(v4))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// string type = 5;
+		v5 := compiler.MapValueForKey(m, "type")
+		if v5 != nil {
+			x.Type, ok = compiler.StringForScalarNode(v5)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for type: %s", compiler.Display(v5))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+			// check for valid enum values
+			// [string number boolean integer array]
+			if ok && !compiler.StringArrayContainsValue([]string{"string", "number", "boolean", "integer", "array"}, x.Type) {
+				message := fmt.Sprintf("has unexpected value for type: %s", compiler.Display(v5))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// string format = 6;
+		v6 := compiler.MapValueForKey(m, "format")
+		if v6 != nil {
+			x.Format, ok = compiler.StringForScalarNode(v6)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for format: %s", compiler.Display(v6))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// PrimitivesItems items = 7;
+		v7 := compiler.MapValueForKey(m, "items")
+		if v7 != nil {
+			var err error
+			x.Items, err = NewPrimitivesItems(v7, compiler.NewContext("items", v7, context))
+			if err != nil {
+				errors = append(errors, err)
+			}
+		}
+		// string collection_format = 8;
+		v8 := compiler.MapValueForKey(m, "collectionFormat")
+		if v8 != nil {
+			x.CollectionFormat, ok = compiler.StringForScalarNode(v8)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for collectionFormat: %s", compiler.Display(v8))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+			// check for valid enum values
+			// [csv ssv tsv pipes]
+			if ok && !compiler.StringArrayContainsValue([]string{"csv", "ssv", "tsv", "pipes"}, x.CollectionFormat) {
+				message := fmt.Sprintf("has unexpected value for collectionFormat: %s", compiler.Display(v8))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// Any default = 9;
+		v9 := compiler.MapValueForKey(m, "default")
+		if v9 != nil {
+			var err error
+			x.Default, err = NewAny(v9, compiler.NewContext("default", v9, context))
+			if err != nil {
+				errors = append(errors, err)
+			}
+		}
+		// float maximum = 10;
+		v10 := compiler.MapValueForKey(m, "maximum")
+		if v10 != nil {
+			v, ok := compiler.FloatForScalarNode(v10)
+			if ok {
+				x.Maximum = v
+			} else {
+				message := fmt.Sprintf("has unexpected value for maximum: %s", compiler.Display(v10))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// bool exclusive_maximum = 11;
+		v11 := compiler.MapValueForKey(m, "exclusiveMaximum")
+		if v11 != nil {
+			x.ExclusiveMaximum, ok = compiler.BoolForScalarNode(v11)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for exclusiveMaximum: %s", compiler.Display(v11))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// float minimum = 12;
+		v12 := compiler.MapValueForKey(m, "minimum")
+		if v12 != nil {
+			v, ok := compiler.FloatForScalarNode(v12)
+			if ok {
+				x.Minimum = v
+			} else {
+				message := fmt.Sprintf("has unexpected value for minimum: %s", compiler.Display(v12))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// bool exclusive_minimum = 13;
+		v13 := compiler.MapValueForKey(m, "exclusiveMinimum")
+		if v13 != nil {
+			x.ExclusiveMinimum, ok = compiler.BoolForScalarNode(v13)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for exclusiveMinimum: %s", compiler.Display(v13))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// int64 max_length = 14;
+		v14 := compiler.MapValueForKey(m, "maxLength")
+		if v14 != nil {
+			t, ok := compiler.IntForScalarNode(v14)
+			if ok {
+				x.MaxLength = int64(t)
+			} else {
+				message := fmt.Sprintf("has unexpected value for maxLength: %s", compiler.Display(v14))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// int64 min_length = 15;
+		v15 := compiler.MapValueForKey(m, "minLength")
+		if v15 != nil {
+			t, ok := compiler.IntForScalarNode(v15)
+			if ok {
+				x.MinLength = int64(t)
+			} else {
+				message := fmt.Sprintf("has unexpected value for minLength: %s", compiler.Display(v15))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// string pattern = 16;
+		v16 := compiler.MapValueForKey(m, "pattern")
+		if v16 != nil {
+			x.Pattern, ok = compiler.StringForScalarNode(v16)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for pattern: %s", compiler.Display(v16))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// int64 max_items = 17;
+		v17 := compiler.MapValueForKey(m, "maxItems")
+		if v17 != nil {
+			t, ok := compiler.IntForScalarNode(v17)
+			if ok {
+				x.MaxItems = int64(t)
+			} else {
+				message := fmt.Sprintf("has unexpected value for maxItems: %s", compiler.Display(v17))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// int64 min_items = 18;
+		v18 := compiler.MapValueForKey(m, "minItems")
+		if v18 != nil {
+			t, ok := compiler.IntForScalarNode(v18)
+			if ok {
+				x.MinItems = int64(t)
+			} else {
+				message := fmt.Sprintf("has unexpected value for minItems: %s", compiler.Display(v18))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// bool unique_items = 19;
+		v19 := compiler.MapValueForKey(m, "uniqueItems")
+		if v19 != nil {
+			x.UniqueItems, ok = compiler.BoolForScalarNode(v19)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for uniqueItems: %s", compiler.Display(v19))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// repeated Any enum = 20;
+		v20 := compiler.MapValueForKey(m, "enum")
+		if v20 != nil {
+			// repeated Any
+			x.Enum = make([]*Any, 0)
+			a, ok := compiler.SequenceNodeForNode(v20)
+			if ok {
+				for _, item := range a.Content {
+					y, err := NewAny(item, compiler.NewContext("enum", item, context))
+					if err != nil {
+						errors = append(errors, err)
+					}
+					x.Enum = append(x.Enum, y)
+				}
+			}
+		}
+		// float multiple_of = 21;
+		v21 := compiler.MapValueForKey(m, "multipleOf")
+		if v21 != nil {
+			v, ok := compiler.FloatForScalarNode(v21)
+			if ok {
+				x.MultipleOf = v
+			} else {
+				message := fmt.Sprintf("has unexpected value for multipleOf: %s", compiler.Display(v21))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// repeated NamedAny vendor_extension = 22;
+		// MAP: Any ^x-
+		x.VendorExtension = make([]*NamedAny, 0)
+		for i := 0; i < len(m.Content); i += 2 {
+			k, ok := compiler.StringForScalarNode(m.Content[i])
+			if ok {
+				v := m.Content[i+1]
+				if strings.HasPrefix(k, "x-") {
+					pair := &NamedAny{}
+					pair.Name = k
+					result := &Any{}
+					handled, resultFromExt, err := compiler.CallExtension(context, v, k)
+					if handled {
+						if err != nil {
+							errors = append(errors, err)
+						} else {
+							bytes := compiler.Marshal(v)
+							result.Yaml = string(bytes)
+							result.Value = resultFromExt
+							pair.Value = result
+						}
+					} else {
+						pair.Value, err = NewAny(v, compiler.NewContext(k, v, context))
+						if err != nil {
+							errors = append(errors, err)
+						}
+					}
+					x.VendorExtension = append(x.VendorExtension, pair)
+				}
+			}
+		}
+	}
+	return x, compiler.NewErrorGroupOrNil(errors)
+}
+
+// NewHeaders creates an object of type Headers if possible, returning an error if not.
+func NewHeaders(in *yaml.Node, context *compiler.Context) (*Headers, error) {
+	errors := make([]error, 0)
+	x := &Headers{}
+	m, ok := compiler.UnpackMap(in)
+	if !ok {
+		message := fmt.Sprintf("has unexpected value: %+v (%T)", in, in)
+		errors = append(errors, compiler.NewError(context, message))
+	} else {
+		// repeated NamedHeader additional_properties = 1;
+		// MAP: Header
+		x.AdditionalProperties = make([]*NamedHeader, 0)
+		for i := 0; i < len(m.Content); i += 2 {
+			k, ok := compiler.StringForScalarNode(m.Content[i])
+			if ok {
+				v := m.Content[i+1]
+				pair := &NamedHeader{}
+				pair.Name = k
+				var err error
+				pair.Value, err = NewHeader(v, compiler.NewContext(k, v, context))
+				if err != nil {
+					errors = append(errors, err)
+				}
+				x.AdditionalProperties = append(x.AdditionalProperties, pair)
+			}
+		}
+	}
+	return x, compiler.NewErrorGroupOrNil(errors)
+}
+
+// NewInfo creates an object of type Info if possible, returning an error if not.
+func NewInfo(in *yaml.Node, context *compiler.Context) (*Info, error) {
+	errors := make([]error, 0)
+	x := &Info{}
+	m, ok := compiler.UnpackMap(in)
+	if !ok {
+		message := fmt.Sprintf("has unexpected value: %+v (%T)", in, in)
+		errors = append(errors, compiler.NewError(context, message))
+	} else {
+		requiredKeys := []string{"title", "version"}
+		missingKeys := compiler.MissingKeysInMap(m, requiredKeys)
+		if len(missingKeys) > 0 {
+			message := fmt.Sprintf("is missing required %s: %+v", compiler.PluralProperties(len(missingKeys)), strings.Join(missingKeys, ", "))
+			errors = append(errors, compiler.NewError(context, message))
+		}
+		allowedKeys := []string{"contact", "description", "license", "termsOfService", "title", "version"}
+		allowedPatterns := []*regexp.Regexp{pattern0}
+		invalidKeys := compiler.InvalidKeysInMap(m, allowedKeys, allowedPatterns)
+		if len(invalidKeys) > 0 {
+			message := fmt.Sprintf("has invalid %s: %+v", compiler.PluralProperties(len(invalidKeys)), strings.Join(invalidKeys, ", "))
+			errors = append(errors, compiler.NewError(context, message))
+		}
+		// string title = 1;
+		v1 := compiler.MapValueForKey(m, "title")
+		if v1 != nil {
+			x.Title, ok = compiler.StringForScalarNode(v1)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for title: %s", compiler.Display(v1))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// string version = 2;
+		v2 := compiler.MapValueForKey(m, "version")
+		if v2 != nil {
+			x.Version, ok = compiler.StringForScalarNode(v2)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for version: %s", compiler.Display(v2))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// string description = 3;
+		v3 := compiler.MapValueForKey(m, "description")
+		if v3 != nil {
+			x.Description, ok = compiler.StringForScalarNode(v3)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for description: %s", compiler.Display(v3))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// string terms_of_service = 4;
+		v4 := compiler.MapValueForKey(m, "termsOfService")
+		if v4 != nil {
+			x.TermsOfService, ok = compiler.StringForScalarNode(v4)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for termsOfService: %s", compiler.Display(v4))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// Contact contact = 5;
+		v5 := compiler.MapValueForKey(m, "contact")
+		if v5 != nil {
+			var err error
+			x.Contact, err = NewContact(v5, compiler.NewContext("contact", v5, context))
+			if err != nil {
+				errors = append(errors, err)
+			}
+		}
+		// License license = 6;
+		v6 := compiler.MapValueForKey(m, "license")
+		if v6 != nil {
+			var err error
+			x.License, err = NewLicense(v6, compiler.NewContext("license", v6, context))
+			if err != nil {
+				errors = append(errors, err)
+			}
+		}
+		// repeated NamedAny vendor_extension = 7;
+		// MAP: Any ^x-
+		x.VendorExtension = make([]*NamedAny, 0)
+		for i := 0; i < len(m.Content); i += 2 {
+			k, ok := compiler.StringForScalarNode(m.Content[i])
+			if ok {
+				v := m.Content[i+1]
+				if strings.HasPrefix(k, "x-") {
+					pair := &NamedAny{}
+					pair.Name = k
+					result := &Any{}
+					handled, resultFromExt, err := compiler.CallExtension(context, v, k)
+					if handled {
+						if err != nil {
+							errors = append(errors, err)
+						} else {
+							bytes := compiler.Marshal(v)
+							result.Yaml = string(bytes)
+							result.Value = resultFromExt
+							pair.Value = result
+						}
+					} else {
+						pair.Value, err = NewAny(v, compiler.NewContext(k, v, context))
+						if err != nil {
+							errors = append(errors, err)
+						}
+					}
+					x.VendorExtension = append(x.VendorExtension, pair)
+				}
+			}
+		}
+	}
+	return x, compiler.NewErrorGroupOrNil(errors)
+}
+
+// NewItemsItem creates an object of type ItemsItem if possible, returning an error if not.
+func NewItemsItem(in *yaml.Node, context *compiler.Context) (*ItemsItem, error) {
+	errors := make([]error, 0)
+	x := &ItemsItem{}
+	m, ok := compiler.UnpackMap(in)
+	if !ok {
+		message := fmt.Sprintf("has unexpected value for item array: %+v (%T)", in, in)
+		errors = append(errors, compiler.NewError(context, message))
+	} else {
+		x.Schema = make([]*Schema, 0)
+		y, err := NewSchema(m, compiler.NewContext("<array>", m, context))
+		if err != nil {
+			return nil, err
+		}
+		x.Schema = append(x.Schema, y)
+	}
+	return x, compiler.NewErrorGroupOrNil(errors)
+}
+
+// NewJsonReference creates an object of type JsonReference if possible, returning an error if not.
+func NewJsonReference(in *yaml.Node, context *compiler.Context) (*JsonReference, error) {
+	errors := make([]error, 0)
+	x := &JsonReference{}
+	m, ok := compiler.UnpackMap(in)
+	if !ok {
+		message := fmt.Sprintf("has unexpected value: %+v (%T)", in, in)
+		errors = append(errors, compiler.NewError(context, message))
+	} else {
+		requiredKeys := []string{"$ref"}
+		missingKeys := compiler.MissingKeysInMap(m, requiredKeys)
+		if len(missingKeys) > 0 {
+			message := fmt.Sprintf("is missing required %s: %+v", compiler.PluralProperties(len(missingKeys)), strings.Join(missingKeys, ", "))
+			errors = append(errors, compiler.NewError(context, message))
+		}
+		// string _ref = 1;
+		v1 := compiler.MapValueForKey(m, "$ref")
+		if v1 != nil {
+			x.XRef, ok = compiler.StringForScalarNode(v1)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for $ref: %s", compiler.Display(v1))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// string description = 2;
+		v2 := compiler.MapValueForKey(m, "description")
+		if v2 != nil {
+			x.Description, ok = compiler.StringForScalarNode(v2)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for description: %s", compiler.Display(v2))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+	}
+	return x, compiler.NewErrorGroupOrNil(errors)
+}
+
+// NewLicense creates an object of type License if possible, returning an error if not.
+func NewLicense(in *yaml.Node, context *compiler.Context) (*License, error) {
+	errors := make([]error, 0)
+	x := &License{}
+	m, ok := compiler.UnpackMap(in)
+	if !ok {
+		message := fmt.Sprintf("has unexpected value: %+v (%T)", in, in)
+		errors = append(errors, compiler.NewError(context, message))
+	} else {
+		requiredKeys := []string{"name"}
+		missingKeys := compiler.MissingKeysInMap(m, requiredKeys)
+		if len(missingKeys) > 0 {
+			message := fmt.Sprintf("is missing required %s: %+v", compiler.PluralProperties(len(missingKeys)), strings.Join(missingKeys, ", "))
+			errors = append(errors, compiler.NewError(context, message))
+		}
+		allowedKeys := []string{"name", "url"}
+		allowedPatterns := []*regexp.Regexp{pattern0}
+		invalidKeys := compiler.InvalidKeysInMap(m, allowedKeys, allowedPatterns)
+		if len(invalidKeys) > 0 {
+			message := fmt.Sprintf("has invalid %s: %+v", compiler.PluralProperties(len(invalidKeys)), strings.Join(invalidKeys, ", "))
+			errors = append(errors, compiler.NewError(context, message))
+		}
+		// string name = 1;
+		v1 := compiler.MapValueForKey(m, "name")
+		if v1 != nil {
+			x.Name, ok = compiler.StringForScalarNode(v1)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for name: %s", compiler.Display(v1))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// string url = 2;
+		v2 := compiler.MapValueForKey(m, "url")
+		if v2 != nil {
+			x.Url, ok = compiler.StringForScalarNode(v2)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for url: %s", compiler.Display(v2))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// repeated NamedAny vendor_extension = 3;
+		// MAP: Any ^x-
+		x.VendorExtension = make([]*NamedAny, 0)
+		for i := 0; i < len(m.Content); i += 2 {
+			k, ok := compiler.StringForScalarNode(m.Content[i])
+			if ok {
+				v := m.Content[i+1]
+				if strings.HasPrefix(k, "x-") {
+					pair := &NamedAny{}
+					pair.Name = k
+					result := &Any{}
+					handled, resultFromExt, err := compiler.CallExtension(context, v, k)
+					if handled {
+						if err != nil {
+							errors = append(errors, err)
+						} else {
+							bytes := compiler.Marshal(v)
+							result.Yaml = string(bytes)
+							result.Value = resultFromExt
+							pair.Value = result
+						}
+					} else {
+						pair.Value, err = NewAny(v, compiler.NewContext(k, v, context))
+						if err != nil {
+							errors = append(errors, err)
+						}
+					}
+					x.VendorExtension = append(x.VendorExtension, pair)
+				}
+			}
+		}
+	}
+	return x, compiler.NewErrorGroupOrNil(errors)
+}
+
+// NewNamedAny creates an object of type NamedAny if possible, returning an error if not.
+func NewNamedAny(in *yaml.Node, context *compiler.Context) (*NamedAny, error) {
+	errors := make([]error, 0)
+	x := &NamedAny{}
+	m, ok := compiler.UnpackMap(in)
+	if !ok {
+		message := fmt.Sprintf("has unexpected value: %+v (%T)", in, in)
+		errors = append(errors, compiler.NewError(context, message))
+	} else {
+		allowedKeys := []string{"name", "value"}
+		var allowedPatterns []*regexp.Regexp
+		invalidKeys := compiler.InvalidKeysInMap(m, allowedKeys, allowedPatterns)
+		if len(invalidKeys) > 0 {
+			message := fmt.Sprintf("has invalid %s: %+v", compiler.PluralProperties(len(invalidKeys)), strings.Join(invalidKeys, ", "))
+			errors = append(errors, compiler.NewError(context, message))
+		}
+		// string name = 1;
+		v1 := compiler.MapValueForKey(m, "name")
+		if v1 != nil {
+			x.Name, ok = compiler.StringForScalarNode(v1)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for name: %s", compiler.Display(v1))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// Any value = 2;
+		v2 := compiler.MapValueForKey(m, "value")
+		if v2 != nil {
+			var err error
+			x.Value, err = NewAny(v2, compiler.NewContext("value", v2, context))
+			if err != nil {
+				errors = append(errors, err)
+			}
+		}
+	}
+	return x, compiler.NewErrorGroupOrNil(errors)
+}
+
+// NewNamedHeader creates an object of type NamedHeader if possible, returning an error if not.
+func NewNamedHeader(in *yaml.Node, context *compiler.Context) (*NamedHeader, error) {
+	errors := make([]error, 0)
+	x := &NamedHeader{}
+	m, ok := compiler.UnpackMap(in)
+	if !ok {
+		message := fmt.Sprintf("has unexpected value: %+v (%T)", in, in)
+		errors = append(errors, compiler.NewError(context, message))
+	} else {
+		allowedKeys := []string{"name", "value"}
+		var allowedPatterns []*regexp.Regexp
+		invalidKeys := compiler.InvalidKeysInMap(m, allowedKeys, allowedPatterns)
+		if len(invalidKeys) > 0 {
+			message := fmt.Sprintf("has invalid %s: %+v", compiler.PluralProperties(len(invalidKeys)), strings.Join(invalidKeys, ", "))
+			errors = append(errors, compiler.NewError(context, message))
+		}
+		// string name = 1;
+		v1 := compiler.MapValueForKey(m, "name")
+		if v1 != nil {
+			x.Name, ok = compiler.StringForScalarNode(v1)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for name: %s", compiler.Display(v1))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// Header value = 2;
+		v2 := compiler.MapValueForKey(m, "value")
+		if v2 != nil {
+			var err error
+			x.Value, err = NewHeader(v2, compiler.NewContext("value", v2, context))
+			if err != nil {
+				errors = append(errors, err)
+			}
+		}
+	}
+	return x, compiler.NewErrorGroupOrNil(errors)
+}
+
+// NewNamedParameter creates an object of type NamedParameter if possible, returning an error if not.
+func NewNamedParameter(in *yaml.Node, context *compiler.Context) (*NamedParameter, error) {
+	errors := make([]error, 0)
+	x := &NamedParameter{}
+	m, ok := compiler.UnpackMap(in)
+	if !ok {
+		message := fmt.Sprintf("has unexpected value: %+v (%T)", in, in)
+		errors = append(errors, compiler.NewError(context, message))
+	} else {
+		allowedKeys := []string{"name", "value"}
+		var allowedPatterns []*regexp.Regexp
+		invalidKeys := compiler.InvalidKeysInMap(m, allowedKeys, allowedPatterns)
+		if len(invalidKeys) > 0 {
+			message := fmt.Sprintf("has invalid %s: %+v", compiler.PluralProperties(len(invalidKeys)), strings.Join(invalidKeys, ", "))
+			errors = append(errors, compiler.NewError(context, message))
+		}
+		// string name = 1;
+		v1 := compiler.MapValueForKey(m, "name")
+		if v1 != nil {
+			x.Name, ok = compiler.StringForScalarNode(v1)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for name: %s", compiler.Display(v1))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// Parameter value = 2;
+		v2 := compiler.MapValueForKey(m, "value")
+		if v2 != nil {
+			var err error
+			x.Value, err = NewParameter(v2, compiler.NewContext("value", v2, context))
+			if err != nil {
+				errors = append(errors, err)
+			}
+		}
+	}
+	return x, compiler.NewErrorGroupOrNil(errors)
+}
+
+// NewNamedPathItem creates an object of type NamedPathItem if possible, returning an error if not.
+func NewNamedPathItem(in *yaml.Node, context *compiler.Context) (*NamedPathItem, error) {
+	errors := make([]error, 0)
+	x := &NamedPathItem{}
+	m, ok := compiler.UnpackMap(in)
+	if !ok {
+		message := fmt.Sprintf("has unexpected value: %+v (%T)", in, in)
+		errors = append(errors, compiler.NewError(context, message))
+	} else {
+		allowedKeys := []string{"name", "value"}
+		var allowedPatterns []*regexp.Regexp
+		invalidKeys := compiler.InvalidKeysInMap(m, allowedKeys, allowedPatterns)
+		if len(invalidKeys) > 0 {
+			message := fmt.Sprintf("has invalid %s: %+v", compiler.PluralProperties(len(invalidKeys)), strings.Join(invalidKeys, ", "))
+			errors = append(errors, compiler.NewError(context, message))
+		}
+		// string name = 1;
+		v1 := compiler.MapValueForKey(m, "name")
+		if v1 != nil {
+			x.Name, ok = compiler.StringForScalarNode(v1)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for name: %s", compiler.Display(v1))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// PathItem value = 2;
+		v2 := compiler.MapValueForKey(m, "value")
+		if v2 != nil {
+			var err error
+			x.Value, err = NewPathItem(v2, compiler.NewContext("value", v2, context))
+			if err != nil {
+				errors = append(errors, err)
+			}
+		}
+	}
+	return x, compiler.NewErrorGroupOrNil(errors)
+}
+
+// NewNamedResponse creates an object of type NamedResponse if possible, returning an error if not.
+func NewNamedResponse(in *yaml.Node, context *compiler.Context) (*NamedResponse, error) {
+	errors := make([]error, 0)
+	x := &NamedResponse{}
+	m, ok := compiler.UnpackMap(in)
+	if !ok {
+		message := fmt.Sprintf("has unexpected value: %+v (%T)", in, in)
+		errors = append(errors, compiler.NewError(context, message))
+	} else {
+		allowedKeys := []string{"name", "value"}
+		var allowedPatterns []*regexp.Regexp
+		invalidKeys := compiler.InvalidKeysInMap(m, allowedKeys, allowedPatterns)
+		if len(invalidKeys) > 0 {
+			message := fmt.Sprintf("has invalid %s: %+v", compiler.PluralProperties(len(invalidKeys)), strings.Join(invalidKeys, ", "))
+			errors = append(errors, compiler.NewError(context, message))
+		}
+		// string name = 1;
+		v1 := compiler.MapValueForKey(m, "name")
+		if v1 != nil {
+			x.Name, ok = compiler.StringForScalarNode(v1)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for name: %s", compiler.Display(v1))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// Response value = 2;
+		v2 := compiler.MapValueForKey(m, "value")
+		if v2 != nil {
+			var err error
+			x.Value, err = NewResponse(v2, compiler.NewContext("value", v2, context))
+			if err != nil {
+				errors = append(errors, err)
+			}
+		}
+	}
+	return x, compiler.NewErrorGroupOrNil(errors)
+}
+
+// NewNamedResponseValue creates an object of type NamedResponseValue if possible, returning an error if not.
+func NewNamedResponseValue(in *yaml.Node, context *compiler.Context) (*NamedResponseValue, error) {
+	errors := make([]error, 0)
+	x := &NamedResponseValue{}
+	m, ok := compiler.UnpackMap(in)
+	if !ok {
+		message := fmt.Sprintf("has unexpected value: %+v (%T)", in, in)
+		errors = append(errors, compiler.NewError(context, message))
+	} else {
+		allowedKeys := []string{"name", "value"}
+		var allowedPatterns []*regexp.Regexp
+		invalidKeys := compiler.InvalidKeysInMap(m, allowedKeys, allowedPatterns)
+		if len(invalidKeys) > 0 {
+			message := fmt.Sprintf("has invalid %s: %+v", compiler.PluralProperties(len(invalidKeys)), strings.Join(invalidKeys, ", "))
+			errors = append(errors, compiler.NewError(context, message))
+		}
+		// string name = 1;
+		v1 := compiler.MapValueForKey(m, "name")
+		if v1 != nil {
+			x.Name, ok = compiler.StringForScalarNode(v1)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for name: %s", compiler.Display(v1))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// ResponseValue value = 2;
+		v2 := compiler.MapValueForKey(m, "value")
+		if v2 != nil {
+			var err error
+			x.Value, err = NewResponseValue(v2, compiler.NewContext("value", v2, context))
+			if err != nil {
+				errors = append(errors, err)
+			}
+		}
+	}
+	return x, compiler.NewErrorGroupOrNil(errors)
+}
+
+// NewNamedSchema creates an object of type NamedSchema if possible, returning an error if not.
+func NewNamedSchema(in *yaml.Node, context *compiler.Context) (*NamedSchema, error) {
+	errors := make([]error, 0)
+	x := &NamedSchema{}
+	m, ok := compiler.UnpackMap(in)
+	if !ok {
+		message := fmt.Sprintf("has unexpected value: %+v (%T)", in, in)
+		errors = append(errors, compiler.NewError(context, message))
+	} else {
+		allowedKeys := []string{"name", "value"}
+		var allowedPatterns []*regexp.Regexp
+		invalidKeys := compiler.InvalidKeysInMap(m, allowedKeys, allowedPatterns)
+		if len(invalidKeys) > 0 {
+			message := fmt.Sprintf("has invalid %s: %+v", compiler.PluralProperties(len(invalidKeys)), strings.Join(invalidKeys, ", "))
+			errors = append(errors, compiler.NewError(context, message))
+		}
+		// string name = 1;
+		v1 := compiler.MapValueForKey(m, "name")
+		if v1 != nil {
+			x.Name, ok = compiler.StringForScalarNode(v1)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for name: %s", compiler.Display(v1))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// Schema value = 2;
+		v2 := compiler.MapValueForKey(m, "value")
+		if v2 != nil {
+			var err error
+			x.Value, err = NewSchema(v2, compiler.NewContext("value", v2, context))
+			if err != nil {
+				errors = append(errors, err)
+			}
+		}
+	}
+	return x, compiler.NewErrorGroupOrNil(errors)
+}
+
+// NewNamedSecurityDefinitionsItem creates an object of type NamedSecurityDefinitionsItem if possible, returning an error if not.
+func NewNamedSecurityDefinitionsItem(in *yaml.Node, context *compiler.Context) (*NamedSecurityDefinitionsItem, error) {
+	errors := make([]error, 0)
+	x := &NamedSecurityDefinitionsItem{}
+	m, ok := compiler.UnpackMap(in)
+	if !ok {
+		message := fmt.Sprintf("has unexpected value: %+v (%T)", in, in)
+		errors = append(errors, compiler.NewError(context, message))
+	} else {
+		allowedKeys := []string{"name", "value"}
+		var allowedPatterns []*regexp.Regexp
+		invalidKeys := compiler.InvalidKeysInMap(m, allowedKeys, allowedPatterns)
+		if len(invalidKeys) > 0 {
+			message := fmt.Sprintf("has invalid %s: %+v", compiler.PluralProperties(len(invalidKeys)), strings.Join(invalidKeys, ", "))
+			errors = append(errors, compiler.NewError(context, message))
+		}
+		// string name = 1;
+		v1 := compiler.MapValueForKey(m, "name")
+		if v1 != nil {
+			x.Name, ok = compiler.StringForScalarNode(v1)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for name: %s", compiler.Display(v1))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// SecurityDefinitionsItem value = 2;
+		v2 := compiler.MapValueForKey(m, "value")
+		if v2 != nil {
+			var err error
+			x.Value, err = NewSecurityDefinitionsItem(v2, compiler.NewContext("value", v2, context))
+			if err != nil {
+				errors = append(errors, err)
+			}
+		}
+	}
+	return x, compiler.NewErrorGroupOrNil(errors)
+}
+
+// NewNamedString creates an object of type NamedString if possible, returning an error if not.
+func NewNamedString(in *yaml.Node, context *compiler.Context) (*NamedString, error) {
+	errors := make([]error, 0)
+	x := &NamedString{}
+	m, ok := compiler.UnpackMap(in)
+	if !ok {
+		message := fmt.Sprintf("has unexpected value: %+v (%T)", in, in)
+		errors = append(errors, compiler.NewError(context, message))
+	} else {
+		allowedKeys := []string{"name", "value"}
+		var allowedPatterns []*regexp.Regexp
+		invalidKeys := compiler.InvalidKeysInMap(m, allowedKeys, allowedPatterns)
+		if len(invalidKeys) > 0 {
+			message := fmt.Sprintf("has invalid %s: %+v", compiler.PluralProperties(len(invalidKeys)), strings.Join(invalidKeys, ", "))
+			errors = append(errors, compiler.NewError(context, message))
+		}
+		// string name = 1;
+		v1 := compiler.MapValueForKey(m, "name")
+		if v1 != nil {
+			x.Name, ok = compiler.StringForScalarNode(v1)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for name: %s", compiler.Display(v1))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// string value = 2;
+		v2 := compiler.MapValueForKey(m, "value")
+		if v2 != nil {
+			x.Value, ok = compiler.StringForScalarNode(v2)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for value: %s", compiler.Display(v2))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+	}
+	return x, compiler.NewErrorGroupOrNil(errors)
+}
+
+// NewNamedStringArray creates an object of type NamedStringArray if possible, returning an error if not.
+func NewNamedStringArray(in *yaml.Node, context *compiler.Context) (*NamedStringArray, error) {
+	errors := make([]error, 0)
+	x := &NamedStringArray{}
+	m, ok := compiler.UnpackMap(in)
+	if !ok {
+		message := fmt.Sprintf("has unexpected value: %+v (%T)", in, in)
+		errors = append(errors, compiler.NewError(context, message))
+	} else {
+		allowedKeys := []string{"name", "value"}
+		var allowedPatterns []*regexp.Regexp
+		invalidKeys := compiler.InvalidKeysInMap(m, allowedKeys, allowedPatterns)
+		if len(invalidKeys) > 0 {
+			message := fmt.Sprintf("has invalid %s: %+v", compiler.PluralProperties(len(invalidKeys)), strings.Join(invalidKeys, ", "))
+			errors = append(errors, compiler.NewError(context, message))
+		}
+		// string name = 1;
+		v1 := compiler.MapValueForKey(m, "name")
+		if v1 != nil {
+			x.Name, ok = compiler.StringForScalarNode(v1)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for name: %s", compiler.Display(v1))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// StringArray value = 2;
+		v2 := compiler.MapValueForKey(m, "value")
+		if v2 != nil {
+			var err error
+			x.Value, err = NewStringArray(v2, compiler.NewContext("value", v2, context))
+			if err != nil {
+				errors = append(errors, err)
+			}
+		}
+	}
+	return x, compiler.NewErrorGroupOrNil(errors)
+}
+
+// NewNonBodyParameter creates an object of type NonBodyParameter if possible, returning an error if not.
+func NewNonBodyParameter(in *yaml.Node, context *compiler.Context) (*NonBodyParameter, error) {
+	errors := make([]error, 0)
+	x := &NonBodyParameter{}
+	matched := false
+	m, ok := compiler.UnpackMap(in)
+	if !ok {
+		message := fmt.Sprintf("has unexpected value: %+v (%T)", in, in)
+		errors = append(errors, compiler.NewError(context, message))
+	} else {
+		requiredKeys := []string{"in", "name", "type"}
+		missingKeys := compiler.MissingKeysInMap(m, requiredKeys)
+		if len(missingKeys) > 0 {
+			message := fmt.Sprintf("is missing required %s: %+v", compiler.PluralProperties(len(missingKeys)), strings.Join(missingKeys, ", "))
+			errors = append(errors, compiler.NewError(context, message))
+		}
+		// HeaderParameterSubSchema header_parameter_sub_schema = 1;
+		{
+			// errors might be ok here, they mean we just don't have the right subtype
+			t, matchingError := NewHeaderParameterSubSchema(m, compiler.NewContext("headerParameterSubSchema", m, context))
+			if matchingError == nil {
+				x.Oneof = &NonBodyParameter_HeaderParameterSubSchema{HeaderParameterSubSchema: t}
+				matched = true
+			} else {
+				errors = append(errors, matchingError)
+			}
+		}
+		// FormDataParameterSubSchema form_data_parameter_sub_schema = 2;
+		{
+			// errors might be ok here, they mean we just don't have the right subtype
+			t, matchingError := NewFormDataParameterSubSchema(m, compiler.NewContext("formDataParameterSubSchema", m, context))
+			if matchingError == nil {
+				x.Oneof = &NonBodyParameter_FormDataParameterSubSchema{FormDataParameterSubSchema: t}
+				matched = true
+			} else {
+				errors = append(errors, matchingError)
+			}
+		}
+		// QueryParameterSubSchema query_parameter_sub_schema = 3;
+		{
+			// errors might be ok here, they mean we just don't have the right subtype
+			t, matchingError := NewQueryParameterSubSchema(m, compiler.NewContext("queryParameterSubSchema", m, context))
+			if matchingError == nil {
+				x.Oneof = &NonBodyParameter_QueryParameterSubSchema{QueryParameterSubSchema: t}
+				matched = true
+			} else {
+				errors = append(errors, matchingError)
+			}
+		}
+		// PathParameterSubSchema path_parameter_sub_schema = 4;
+		{
+			// errors might be ok here, they mean we just don't have the right subtype
+			t, matchingError := NewPathParameterSubSchema(m, compiler.NewContext("pathParameterSubSchema", m, context))
+			if matchingError == nil {
+				x.Oneof = &NonBodyParameter_PathParameterSubSchema{PathParameterSubSchema: t}
+				matched = true
+			} else {
+				errors = append(errors, matchingError)
+			}
+		}
+	}
+	if matched {
+		// since the oneof matched one of its possibilities, discard any matching errors
+		errors = make([]error, 0)
+	} else {
+		message := fmt.Sprintf("contains an invalid NonBodyParameter")
+		err := compiler.NewError(context, message)
+		errors = []error{err}
+	}
+	return x, compiler.NewErrorGroupOrNil(errors)
+}
+
+// NewOauth2AccessCodeSecurity creates an object of type Oauth2AccessCodeSecurity if possible, returning an error if not.
+func NewOauth2AccessCodeSecurity(in *yaml.Node, context *compiler.Context) (*Oauth2AccessCodeSecurity, error) {
+	errors := make([]error, 0)
+	x := &Oauth2AccessCodeSecurity{}
+	m, ok := compiler.UnpackMap(in)
+	if !ok {
+		message := fmt.Sprintf("has unexpected value: %+v (%T)", in, in)
+		errors = append(errors, compiler.NewError(context, message))
+	} else {
+		requiredKeys := []string{"authorizationUrl", "flow", "tokenUrl", "type"}
+		missingKeys := compiler.MissingKeysInMap(m, requiredKeys)
+		if len(missingKeys) > 0 {
+			message := fmt.Sprintf("is missing required %s: %+v", compiler.PluralProperties(len(missingKeys)), strings.Join(missingKeys, ", "))
+			errors = append(errors, compiler.NewError(context, message))
+		}
+		allowedKeys := []string{"authorizationUrl", "description", "flow", "scopes", "tokenUrl", "type"}
+		allowedPatterns := []*regexp.Regexp{pattern0}
+		invalidKeys := compiler.InvalidKeysInMap(m, allowedKeys, allowedPatterns)
+		if len(invalidKeys) > 0 {
+			message := fmt.Sprintf("has invalid %s: %+v", compiler.PluralProperties(len(invalidKeys)), strings.Join(invalidKeys, ", "))
+			errors = append(errors, compiler.NewError(context, message))
+		}
+		// string type = 1;
+		v1 := compiler.MapValueForKey(m, "type")
+		if v1 != nil {
+			x.Type, ok = compiler.StringForScalarNode(v1)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for type: %s", compiler.Display(v1))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+			// check for valid enum values
+			// [oauth2]
+			if ok && !compiler.StringArrayContainsValue([]string{"oauth2"}, x.Type) {
+				message := fmt.Sprintf("has unexpected value for type: %s", compiler.Display(v1))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// string flow = 2;
+		v2 := compiler.MapValueForKey(m, "flow")
+		if v2 != nil {
+			x.Flow, ok = compiler.StringForScalarNode(v2)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for flow: %s", compiler.Display(v2))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+			// check for valid enum values
+			// [accessCode]
+			if ok && !compiler.StringArrayContainsValue([]string{"accessCode"}, x.Flow) {
+				message := fmt.Sprintf("has unexpected value for flow: %s", compiler.Display(v2))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// Oauth2Scopes scopes = 3;
+		v3 := compiler.MapValueForKey(m, "scopes")
+		if v3 != nil {
+			var err error
+			x.Scopes, err = NewOauth2Scopes(v3, compiler.NewContext("scopes", v3, context))
+			if err != nil {
+				errors = append(errors, err)
+			}
+		}
+		// string authorization_url = 4;
+		v4 := compiler.MapValueForKey(m, "authorizationUrl")
+		if v4 != nil {
+			x.AuthorizationUrl, ok = compiler.StringForScalarNode(v4)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for authorizationUrl: %s", compiler.Display(v4))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// string token_url = 5;
+		v5 := compiler.MapValueForKey(m, "tokenUrl")
+		if v5 != nil {
+			x.TokenUrl, ok = compiler.StringForScalarNode(v5)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for tokenUrl: %s", compiler.Display(v5))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// string description = 6;
+		v6 := compiler.MapValueForKey(m, "description")
+		if v6 != nil {
+			x.Description, ok = compiler.StringForScalarNode(v6)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for description: %s", compiler.Display(v6))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// repeated NamedAny vendor_extension = 7;
+		// MAP: Any ^x-
+		x.VendorExtension = make([]*NamedAny, 0)
+		for i := 0; i < len(m.Content); i += 2 {
+			k, ok := compiler.StringForScalarNode(m.Content[i])
+			if ok {
+				v := m.Content[i+1]
+				if strings.HasPrefix(k, "x-") {
+					pair := &NamedAny{}
+					pair.Name = k
+					result := &Any{}
+					handled, resultFromExt, err := compiler.CallExtension(context, v, k)
+					if handled {
+						if err != nil {
+							errors = append(errors, err)
+						} else {
+							bytes := compiler.Marshal(v)
+							result.Yaml = string(bytes)
+							result.Value = resultFromExt
+							pair.Value = result
+						}
+					} else {
+						pair.Value, err = NewAny(v, compiler.NewContext(k, v, context))
+						if err != nil {
+							errors = append(errors, err)
+						}
+					}
+					x.VendorExtension = append(x.VendorExtension, pair)
+				}
+			}
+		}
+	}
+	return x, compiler.NewErrorGroupOrNil(errors)
+}
+
+// NewOauth2ApplicationSecurity creates an object of type Oauth2ApplicationSecurity if possible, returning an error if not.
+func NewOauth2ApplicationSecurity(in *yaml.Node, context *compiler.Context) (*Oauth2ApplicationSecurity, error) {
+	errors := make([]error, 0)
+	x := &Oauth2ApplicationSecurity{}
+	m, ok := compiler.UnpackMap(in)
+	if !ok {
+		message := fmt.Sprintf("has unexpected value: %+v (%T)", in, in)
+		errors = append(errors, compiler.NewError(context, message))
+	} else {
+		requiredKeys := []string{"flow", "tokenUrl", "type"}
+		missingKeys := compiler.MissingKeysInMap(m, requiredKeys)
+		if len(missingKeys) > 0 {
+			message := fmt.Sprintf("is missing required %s: %+v", compiler.PluralProperties(len(missingKeys)), strings.Join(missingKeys, ", "))
+			errors = append(errors, compiler.NewError(context, message))
+		}
+		allowedKeys := []string{"description", "flow", "scopes", "tokenUrl", "type"}
+		allowedPatterns := []*regexp.Regexp{pattern0}
+		invalidKeys := compiler.InvalidKeysInMap(m, allowedKeys, allowedPatterns)
+		if len(invalidKeys) > 0 {
+			message := fmt.Sprintf("has invalid %s: %+v", compiler.PluralProperties(len(invalidKeys)), strings.Join(invalidKeys, ", "))
+			errors = append(errors, compiler.NewError(context, message))
+		}
+		// string type = 1;
+		v1 := compiler.MapValueForKey(m, "type")
+		if v1 != nil {
+			x.Type, ok = compiler.StringForScalarNode(v1)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for type: %s", compiler.Display(v1))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+			// check for valid enum values
+			// [oauth2]
+			if ok && !compiler.StringArrayContainsValue([]string{"oauth2"}, x.Type) {
+				message := fmt.Sprintf("has unexpected value for type: %s", compiler.Display(v1))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// string flow = 2;
+		v2 := compiler.MapValueForKey(m, "flow")
+		if v2 != nil {
+			x.Flow, ok = compiler.StringForScalarNode(v2)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for flow: %s", compiler.Display(v2))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+			// check for valid enum values
+			// [application]
+			if ok && !compiler.StringArrayContainsValue([]string{"application"}, x.Flow) {
+				message := fmt.Sprintf("has unexpected value for flow: %s", compiler.Display(v2))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// Oauth2Scopes scopes = 3;
+		v3 := compiler.MapValueForKey(m, "scopes")
+		if v3 != nil {
+			var err error
+			x.Scopes, err = NewOauth2Scopes(v3, compiler.NewContext("scopes", v3, context))
+			if err != nil {
+				errors = append(errors, err)
+			}
+		}
+		// string token_url = 4;
+		v4 := compiler.MapValueForKey(m, "tokenUrl")
+		if v4 != nil {
+			x.TokenUrl, ok = compiler.StringForScalarNode(v4)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for tokenUrl: %s", compiler.Display(v4))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// string description = 5;
+		v5 := compiler.MapValueForKey(m, "description")
+		if v5 != nil {
+			x.Description, ok = compiler.StringForScalarNode(v5)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for description: %s", compiler.Display(v5))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// repeated NamedAny vendor_extension = 6;
+		// MAP: Any ^x-
+		x.VendorExtension = make([]*NamedAny, 0)
+		for i := 0; i < len(m.Content); i += 2 {
+			k, ok := compiler.StringForScalarNode(m.Content[i])
+			if ok {
+				v := m.Content[i+1]
+				if strings.HasPrefix(k, "x-") {
+					pair := &NamedAny{}
+					pair.Name = k
+					result := &Any{}
+					handled, resultFromExt, err := compiler.CallExtension(context, v, k)
+					if handled {
+						if err != nil {
+							errors = append(errors, err)
+						} else {
+							bytes := compiler.Marshal(v)
+							result.Yaml = string(bytes)
+							result.Value = resultFromExt
+							pair.Value = result
+						}
+					} else {
+						pair.Value, err = NewAny(v, compiler.NewContext(k, v, context))
+						if err != nil {
+							errors = append(errors, err)
+						}
+					}
+					x.VendorExtension = append(x.VendorExtension, pair)
+				}
+			}
+		}
+	}
+	return x, compiler.NewErrorGroupOrNil(errors)
+}
+
+// NewOauth2ImplicitSecurity creates an object of type Oauth2ImplicitSecurity if possible, returning an error if not.
+func NewOauth2ImplicitSecurity(in *yaml.Node, context *compiler.Context) (*Oauth2ImplicitSecurity, error) {
+	errors := make([]error, 0)
+	x := &Oauth2ImplicitSecurity{}
+	m, ok := compiler.UnpackMap(in)
+	if !ok {
+		message := fmt.Sprintf("has unexpected value: %+v (%T)", in, in)
+		errors = append(errors, compiler.NewError(context, message))
+	} else {
+		requiredKeys := []string{"authorizationUrl", "flow", "type"}
+		missingKeys := compiler.MissingKeysInMap(m, requiredKeys)
+		if len(missingKeys) > 0 {
+			message := fmt.Sprintf("is missing required %s: %+v", compiler.PluralProperties(len(missingKeys)), strings.Join(missingKeys, ", "))
+			errors = append(errors, compiler.NewError(context, message))
+		}
+		allowedKeys := []string{"authorizationUrl", "description", "flow", "scopes", "type"}
+		allowedPatterns := []*regexp.Regexp{pattern0}
+		invalidKeys := compiler.InvalidKeysInMap(m, allowedKeys, allowedPatterns)
+		if len(invalidKeys) > 0 {
+			message := fmt.Sprintf("has invalid %s: %+v", compiler.PluralProperties(len(invalidKeys)), strings.Join(invalidKeys, ", "))
+			errors = append(errors, compiler.NewError(context, message))
+		}
+		// string type = 1;
+		v1 := compiler.MapValueForKey(m, "type")
+		if v1 != nil {
+			x.Type, ok = compiler.StringForScalarNode(v1)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for type: %s", compiler.Display(v1))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+			// check for valid enum values
+			// [oauth2]
+			if ok && !compiler.StringArrayContainsValue([]string{"oauth2"}, x.Type) {
+				message := fmt.Sprintf("has unexpected value for type: %s", compiler.Display(v1))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// string flow = 2;
+		v2 := compiler.MapValueForKey(m, "flow")
+		if v2 != nil {
+			x.Flow, ok = compiler.StringForScalarNode(v2)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for flow: %s", compiler.Display(v2))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+			// check for valid enum values
+			// [implicit]
+			if ok && !compiler.StringArrayContainsValue([]string{"implicit"}, x.Flow) {
+				message := fmt.Sprintf("has unexpected value for flow: %s", compiler.Display(v2))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// Oauth2Scopes scopes = 3;
+		v3 := compiler.MapValueForKey(m, "scopes")
+		if v3 != nil {
+			var err error
+			x.Scopes, err = NewOauth2Scopes(v3, compiler.NewContext("scopes", v3, context))
+			if err != nil {
+				errors = append(errors, err)
+			}
+		}
+		// string authorization_url = 4;
+		v4 := compiler.MapValueForKey(m, "authorizationUrl")
+		if v4 != nil {
+			x.AuthorizationUrl, ok = compiler.StringForScalarNode(v4)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for authorizationUrl: %s", compiler.Display(v4))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// string description = 5;
+		v5 := compiler.MapValueForKey(m, "description")
+		if v5 != nil {
+			x.Description, ok = compiler.StringForScalarNode(v5)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for description: %s", compiler.Display(v5))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// repeated NamedAny vendor_extension = 6;
+		// MAP: Any ^x-
+		x.VendorExtension = make([]*NamedAny, 0)
+		for i := 0; i < len(m.Content); i += 2 {
+			k, ok := compiler.StringForScalarNode(m.Content[i])
+			if ok {
+				v := m.Content[i+1]
+				if strings.HasPrefix(k, "x-") {
+					pair := &NamedAny{}
+					pair.Name = k
+					result := &Any{}
+					handled, resultFromExt, err := compiler.CallExtension(context, v, k)
+					if handled {
+						if err != nil {
+							errors = append(errors, err)
+						} else {
+							bytes := compiler.Marshal(v)
+							result.Yaml = string(bytes)
+							result.Value = resultFromExt
+							pair.Value = result
+						}
+					} else {
+						pair.Value, err = NewAny(v, compiler.NewContext(k, v, context))
+						if err != nil {
+							errors = append(errors, err)
+						}
+					}
+					x.VendorExtension = append(x.VendorExtension, pair)
+				}
+			}
+		}
+	}
+	return x, compiler.NewErrorGroupOrNil(errors)
+}
+
+// NewOauth2PasswordSecurity creates an object of type Oauth2PasswordSecurity if possible, returning an error if not.
+func NewOauth2PasswordSecurity(in *yaml.Node, context *compiler.Context) (*Oauth2PasswordSecurity, error) {
+	errors := make([]error, 0)
+	x := &Oauth2PasswordSecurity{}
+	m, ok := compiler.UnpackMap(in)
+	if !ok {
+		message := fmt.Sprintf("has unexpected value: %+v (%T)", in, in)
+		errors = append(errors, compiler.NewError(context, message))
+	} else {
+		requiredKeys := []string{"flow", "tokenUrl", "type"}
+		missingKeys := compiler.MissingKeysInMap(m, requiredKeys)
+		if len(missingKeys) > 0 {
+			message := fmt.Sprintf("is missing required %s: %+v", compiler.PluralProperties(len(missingKeys)), strings.Join(missingKeys, ", "))
+			errors = append(errors, compiler.NewError(context, message))
+		}
+		allowedKeys := []string{"description", "flow", "scopes", "tokenUrl", "type"}
+		allowedPatterns := []*regexp.Regexp{pattern0}
+		invalidKeys := compiler.InvalidKeysInMap(m, allowedKeys, allowedPatterns)
+		if len(invalidKeys) > 0 {
+			message := fmt.Sprintf("has invalid %s: %+v", compiler.PluralProperties(len(invalidKeys)), strings.Join(invalidKeys, ", "))
+			errors = append(errors, compiler.NewError(context, message))
+		}
+		// string type = 1;
+		v1 := compiler.MapValueForKey(m, "type")
+		if v1 != nil {
+			x.Type, ok = compiler.StringForScalarNode(v1)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for type: %s", compiler.Display(v1))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+			// check for valid enum values
+			// [oauth2]
+			if ok && !compiler.StringArrayContainsValue([]string{"oauth2"}, x.Type) {
+				message := fmt.Sprintf("has unexpected value for type: %s", compiler.Display(v1))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// string flow = 2;
+		v2 := compiler.MapValueForKey(m, "flow")
+		if v2 != nil {
+			x.Flow, ok = compiler.StringForScalarNode(v2)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for flow: %s", compiler.Display(v2))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+			// check for valid enum values
+			// [password]
+			if ok && !compiler.StringArrayContainsValue([]string{"password"}, x.Flow) {
+				message := fmt.Sprintf("has unexpected value for flow: %s", compiler.Display(v2))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// Oauth2Scopes scopes = 3;
+		v3 := compiler.MapValueForKey(m, "scopes")
+		if v3 != nil {
+			var err error
+			x.Scopes, err = NewOauth2Scopes(v3, compiler.NewContext("scopes", v3, context))
+			if err != nil {
+				errors = append(errors, err)
+			}
+		}
+		// string token_url = 4;
+		v4 := compiler.MapValueForKey(m, "tokenUrl")
+		if v4 != nil {
+			x.TokenUrl, ok = compiler.StringForScalarNode(v4)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for tokenUrl: %s", compiler.Display(v4))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// string description = 5;
+		v5 := compiler.MapValueForKey(m, "description")
+		if v5 != nil {
+			x.Description, ok = compiler.StringForScalarNode(v5)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for description: %s", compiler.Display(v5))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// repeated NamedAny vendor_extension = 6;
+		// MAP: Any ^x-
+		x.VendorExtension = make([]*NamedAny, 0)
+		for i := 0; i < len(m.Content); i += 2 {
+			k, ok := compiler.StringForScalarNode(m.Content[i])
+			if ok {
+				v := m.Content[i+1]
+				if strings.HasPrefix(k, "x-") {
+					pair := &NamedAny{}
+					pair.Name = k
+					result := &Any{}
+					handled, resultFromExt, err := compiler.CallExtension(context, v, k)
+					if handled {
+						if err != nil {
+							errors = append(errors, err)
+						} else {
+							bytes := compiler.Marshal(v)
+							result.Yaml = string(bytes)
+							result.Value = resultFromExt
+							pair.Value = result
+						}
+					} else {
+						pair.Value, err = NewAny(v, compiler.NewContext(k, v, context))
+						if err != nil {
+							errors = append(errors, err)
+						}
+					}
+					x.VendorExtension = append(x.VendorExtension, pair)
+				}
+			}
+		}
+	}
+	return x, compiler.NewErrorGroupOrNil(errors)
+}
+
+// NewOauth2Scopes creates an object of type Oauth2Scopes if possible, returning an error if not.
+func NewOauth2Scopes(in *yaml.Node, context *compiler.Context) (*Oauth2Scopes, error) {
+	errors := make([]error, 0)
+	x := &Oauth2Scopes{}
+	m, ok := compiler.UnpackMap(in)
+	if !ok {
+		message := fmt.Sprintf("has unexpected value: %+v (%T)", in, in)
+		errors = append(errors, compiler.NewError(context, message))
+	} else {
+		// repeated NamedString additional_properties = 1;
+		// MAP: string
+		x.AdditionalProperties = make([]*NamedString, 0)
+		for i := 0; i < len(m.Content); i += 2 {
+			k, ok := compiler.StringForScalarNode(m.Content[i])
+			if ok {
+				v := m.Content[i+1]
+				pair := &NamedString{}
+				pair.Name = k
+				pair.Value, _ = compiler.StringForScalarNode(v)
+				x.AdditionalProperties = append(x.AdditionalProperties, pair)
+			}
+		}
+	}
+	return x, compiler.NewErrorGroupOrNil(errors)
+}
+
+// NewOperation creates an object of type Operation if possible, returning an error if not.
+func NewOperation(in *yaml.Node, context *compiler.Context) (*Operation, error) {
+	errors := make([]error, 0)
+	x := &Operation{}
+	m, ok := compiler.UnpackMap(in)
+	if !ok {
+		message := fmt.Sprintf("has unexpected value: %+v (%T)", in, in)
+		errors = append(errors, compiler.NewError(context, message))
+	} else {
+		requiredKeys := []string{"responses"}
+		missingKeys := compiler.MissingKeysInMap(m, requiredKeys)
+		if len(missingKeys) > 0 {
+			message := fmt.Sprintf("is missing required %s: %+v", compiler.PluralProperties(len(missingKeys)), strings.Join(missingKeys, ", "))
+			errors = append(errors, compiler.NewError(context, message))
+		}
+		allowedKeys := []string{"consumes", "deprecated", "description", "externalDocs", "operationId", "parameters", "produces", "responses", "schemes", "security", "summary", "tags"}
+		allowedPatterns := []*regexp.Regexp{pattern0}
+		invalidKeys := compiler.InvalidKeysInMap(m, allowedKeys, allowedPatterns)
+		if len(invalidKeys) > 0 {
+			message := fmt.Sprintf("has invalid %s: %+v", compiler.PluralProperties(len(invalidKeys)), strings.Join(invalidKeys, ", "))
+			errors = append(errors, compiler.NewError(context, message))
+		}
+		// repeated string tags = 1;
+		v1 := compiler.MapValueForKey(m, "tags")
+		if v1 != nil {
+			v, ok := compiler.SequenceNodeForNode(v1)
+			if ok {
+				x.Tags = compiler.StringArrayForSequenceNode(v)
+			} else {
+				message := fmt.Sprintf("has unexpected value for tags: %s", compiler.Display(v1))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// string summary = 2;
+		v2 := compiler.MapValueForKey(m, "summary")
+		if v2 != nil {
+			x.Summary, ok = compiler.StringForScalarNode(v2)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for summary: %s", compiler.Display(v2))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// string description = 3;
+		v3 := compiler.MapValueForKey(m, "description")
+		if v3 != nil {
+			x.Description, ok = compiler.StringForScalarNode(v3)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for description: %s", compiler.Display(v3))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// ExternalDocs external_docs = 4;
+		v4 := compiler.MapValueForKey(m, "externalDocs")
+		if v4 != nil {
+			var err error
+			x.ExternalDocs, err = NewExternalDocs(v4, compiler.NewContext("externalDocs", v4, context))
+			if err != nil {
+				errors = append(errors, err)
+			}
+		}
+		// string operation_id = 5;
+		v5 := compiler.MapValueForKey(m, "operationId")
+		if v5 != nil {
+			x.OperationId, ok = compiler.StringForScalarNode(v5)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for operationId: %s", compiler.Display(v5))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// repeated string produces = 6;
+		v6 := compiler.MapValueForKey(m, "produces")
+		if v6 != nil {
+			v, ok := compiler.SequenceNodeForNode(v6)
+			if ok {
+				x.Produces = compiler.StringArrayForSequenceNode(v)
+			} else {
+				message := fmt.Sprintf("has unexpected value for produces: %s", compiler.Display(v6))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// repeated string consumes = 7;
+		v7 := compiler.MapValueForKey(m, "consumes")
+		if v7 != nil {
+			v, ok := compiler.SequenceNodeForNode(v7)
+			if ok {
+				x.Consumes = compiler.StringArrayForSequenceNode(v)
+			} else {
+				message := fmt.Sprintf("has unexpected value for consumes: %s", compiler.Display(v7))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// repeated ParametersItem parameters = 8;
+		v8 := compiler.MapValueForKey(m, "parameters")
+		if v8 != nil {
+			// repeated ParametersItem
+			x.Parameters = make([]*ParametersItem, 0)
+			a, ok := compiler.SequenceNodeForNode(v8)
+			if ok {
+				for _, item := range a.Content {
+					y, err := NewParametersItem(item, compiler.NewContext("parameters", item, context))
+					if err != nil {
+						errors = append(errors, err)
+					}
+					x.Parameters = append(x.Parameters, y)
+				}
+			}
+		}
+		// Responses responses = 9;
+		v9 := compiler.MapValueForKey(m, "responses")
+		if v9 != nil {
+			var err error
+			x.Responses, err = NewResponses(v9, compiler.NewContext("responses", v9, context))
+			if err != nil {
+				errors = append(errors, err)
+			}
+		}
+		// repeated string schemes = 10;
+		v10 := compiler.MapValueForKey(m, "schemes")
+		if v10 != nil {
+			v, ok := compiler.SequenceNodeForNode(v10)
+			if ok {
+				x.Schemes = compiler.StringArrayForSequenceNode(v)
+			} else {
+				message := fmt.Sprintf("has unexpected value for schemes: %s", compiler.Display(v10))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+			// check for valid enum values
+			// [http https ws wss]
+			if ok && !compiler.StringArrayContainsValues([]string{"http", "https", "ws", "wss"}, x.Schemes) {
+				message := fmt.Sprintf("has unexpected value for schemes: %s", compiler.Display(v10))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// bool deprecated = 11;
+		v11 := compiler.MapValueForKey(m, "deprecated")
+		if v11 != nil {
+			x.Deprecated, ok = compiler.BoolForScalarNode(v11)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for deprecated: %s", compiler.Display(v11))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// repeated SecurityRequirement security = 12;
+		v12 := compiler.MapValueForKey(m, "security")
+		if v12 != nil {
+			// repeated SecurityRequirement
+			x.Security = make([]*SecurityRequirement, 0)
+			a, ok := compiler.SequenceNodeForNode(v12)
+			if ok {
+				for _, item := range a.Content {
+					y, err := NewSecurityRequirement(item, compiler.NewContext("security", item, context))
+					if err != nil {
+						errors = append(errors, err)
+					}
+					x.Security = append(x.Security, y)
+				}
+			}
+		}
+		// repeated NamedAny vendor_extension = 13;
+		// MAP: Any ^x-
+		x.VendorExtension = make([]*NamedAny, 0)
+		for i := 0; i < len(m.Content); i += 2 {
+			k, ok := compiler.StringForScalarNode(m.Content[i])
+			if ok {
+				v := m.Content[i+1]
+				if strings.HasPrefix(k, "x-") {
+					pair := &NamedAny{}
+					pair.Name = k
+					result := &Any{}
+					handled, resultFromExt, err := compiler.CallExtension(context, v, k)
+					if handled {
+						if err != nil {
+							errors = append(errors, err)
+						} else {
+							bytes := compiler.Marshal(v)
+							result.Yaml = string(bytes)
+							result.Value = resultFromExt
+							pair.Value = result
+						}
+					} else {
+						pair.Value, err = NewAny(v, compiler.NewContext(k, v, context))
+						if err != nil {
+							errors = append(errors, err)
+						}
+					}
+					x.VendorExtension = append(x.VendorExtension, pair)
+				}
+			}
+		}
+	}
+	return x, compiler.NewErrorGroupOrNil(errors)
+}
+
+// NewParameter creates an object of type Parameter if possible, returning an error if not.
+func NewParameter(in *yaml.Node, context *compiler.Context) (*Parameter, error) {
+	errors := make([]error, 0)
+	x := &Parameter{}
+	matched := false
+	// BodyParameter body_parameter = 1;
+	{
+		m, ok := compiler.UnpackMap(in)
+		if ok {
+			// errors might be ok here, they mean we just don't have the right subtype
+			t, matchingError := NewBodyParameter(m, compiler.NewContext("bodyParameter", m, context))
+			if matchingError == nil {
+				x.Oneof = &Parameter_BodyParameter{BodyParameter: t}
+				matched = true
+			} else {
+				errors = append(errors, matchingError)
+			}
+		}
+	}
+	// NonBodyParameter non_body_parameter = 2;
+	{
+		m, ok := compiler.UnpackMap(in)
+		if ok {
+			// errors might be ok here, they mean we just don't have the right subtype
+			t, matchingError := NewNonBodyParameter(m, compiler.NewContext("nonBodyParameter", m, context))
+			if matchingError == nil {
+				x.Oneof = &Parameter_NonBodyParameter{NonBodyParameter: t}
+				matched = true
+			} else {
+				errors = append(errors, matchingError)
+			}
+		}
+	}
+	if matched {
+		// since the oneof matched one of its possibilities, discard any matching errors
+		errors = make([]error, 0)
+	} else {
+		message := fmt.Sprintf("contains an invalid Parameter")
+		err := compiler.NewError(context, message)
+		errors = []error{err}
+	}
+	return x, compiler.NewErrorGroupOrNil(errors)
+}
+
+// NewParameterDefinitions creates an object of type ParameterDefinitions if possible, returning an error if not.
+func NewParameterDefinitions(in *yaml.Node, context *compiler.Context) (*ParameterDefinitions, error) {
+	errors := make([]error, 0)
+	x := &ParameterDefinitions{}
+	m, ok := compiler.UnpackMap(in)
+	if !ok {
+		message := fmt.Sprintf("has unexpected value: %+v (%T)", in, in)
+		errors = append(errors, compiler.NewError(context, message))
+	} else {
+		// repeated NamedParameter additional_properties = 1;
+		// MAP: Parameter
+		x.AdditionalProperties = make([]*NamedParameter, 0)
+		for i := 0; i < len(m.Content); i += 2 {
+			k, ok := compiler.StringForScalarNode(m.Content[i])
+			if ok {
+				v := m.Content[i+1]
+				pair := &NamedParameter{}
+				pair.Name = k
+				var err error
+				pair.Value, err = NewParameter(v, compiler.NewContext(k, v, context))
+				if err != nil {
+					errors = append(errors, err)
+				}
+				x.AdditionalProperties = append(x.AdditionalProperties, pair)
+			}
+		}
+	}
+	return x, compiler.NewErrorGroupOrNil(errors)
+}
+
+// NewParametersItem creates an object of type ParametersItem if possible, returning an error if not.
+func NewParametersItem(in *yaml.Node, context *compiler.Context) (*ParametersItem, error) {
+	errors := make([]error, 0)
+	x := &ParametersItem{}
+	matched := false
+	// Parameter parameter = 1;
+	{
+		m, ok := compiler.UnpackMap(in)
+		if ok {
+			// errors might be ok here, they mean we just don't have the right subtype
+			t, matchingError := NewParameter(m, compiler.NewContext("parameter", m, context))
+			if matchingError == nil {
+				x.Oneof = &ParametersItem_Parameter{Parameter: t}
+				matched = true
+			} else {
+				errors = append(errors, matchingError)
+			}
+		}
+	}
+	// JsonReference json_reference = 2;
+	{
+		m, ok := compiler.UnpackMap(in)
+		if ok {
+			// errors might be ok here, they mean we just don't have the right subtype
+			t, matchingError := NewJsonReference(m, compiler.NewContext("jsonReference", m, context))
+			if matchingError == nil {
+				x.Oneof = &ParametersItem_JsonReference{JsonReference: t}
+				matched = true
+			} else {
+				errors = append(errors, matchingError)
+			}
+		}
+	}
+	if matched {
+		// since the oneof matched one of its possibilities, discard any matching errors
+		errors = make([]error, 0)
+	} else {
+		message := fmt.Sprintf("contains an invalid ParametersItem")
+		err := compiler.NewError(context, message)
+		errors = []error{err}
+	}
+	return x, compiler.NewErrorGroupOrNil(errors)
+}
+
+// NewPathItem creates an object of type PathItem if possible, returning an error if not.
+func NewPathItem(in *yaml.Node, context *compiler.Context) (*PathItem, error) {
+	errors := make([]error, 0)
+	x := &PathItem{}
+	m, ok := compiler.UnpackMap(in)
+	if !ok {
+		message := fmt.Sprintf("has unexpected value: %+v (%T)", in, in)
+		errors = append(errors, compiler.NewError(context, message))
+	} else {
+		allowedKeys := []string{"$ref", "delete", "get", "head", "options", "parameters", "patch", "post", "put"}
+		allowedPatterns := []*regexp.Regexp{pattern0}
+		invalidKeys := compiler.InvalidKeysInMap(m, allowedKeys, allowedPatterns)
+		if len(invalidKeys) > 0 {
+			message := fmt.Sprintf("has invalid %s: %+v", compiler.PluralProperties(len(invalidKeys)), strings.Join(invalidKeys, ", "))
+			errors = append(errors, compiler.NewError(context, message))
+		}
+		// string _ref = 1;
+		v1 := compiler.MapValueForKey(m, "$ref")
+		if v1 != nil {
+			x.XRef, ok = compiler.StringForScalarNode(v1)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for $ref: %s", compiler.Display(v1))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// Operation get = 2;
+		v2 := compiler.MapValueForKey(m, "get")
+		if v2 != nil {
+			var err error
+			x.Get, err = NewOperation(v2, compiler.NewContext("get", v2, context))
+			if err != nil {
+				errors = append(errors, err)
+			}
+		}
+		// Operation put = 3;
+		v3 := compiler.MapValueForKey(m, "put")
+		if v3 != nil {
+			var err error
+			x.Put, err = NewOperation(v3, compiler.NewContext("put", v3, context))
+			if err != nil {
+				errors = append(errors, err)
+			}
+		}
+		// Operation post = 4;
+		v4 := compiler.MapValueForKey(m, "post")
+		if v4 != nil {
+			var err error
+			x.Post, err = NewOperation(v4, compiler.NewContext("post", v4, context))
+			if err != nil {
+				errors = append(errors, err)
+			}
+		}
+		// Operation delete = 5;
+		v5 := compiler.MapValueForKey(m, "delete")
+		if v5 != nil {
+			var err error
+			x.Delete, err = NewOperation(v5, compiler.NewContext("delete", v5, context))
+			if err != nil {
+				errors = append(errors, err)
+			}
+		}
+		// Operation options = 6;
+		v6 := compiler.MapValueForKey(m, "options")
+		if v6 != nil {
+			var err error
+			x.Options, err = NewOperation(v6, compiler.NewContext("options", v6, context))
+			if err != nil {
+				errors = append(errors, err)
+			}
+		}
+		// Operation head = 7;
+		v7 := compiler.MapValueForKey(m, "head")
+		if v7 != nil {
+			var err error
+			x.Head, err = NewOperation(v7, compiler.NewContext("head", v7, context))
+			if err != nil {
+				errors = append(errors, err)
+			}
+		}
+		// Operation patch = 8;
+		v8 := compiler.MapValueForKey(m, "patch")
+		if v8 != nil {
+			var err error
+			x.Patch, err = NewOperation(v8, compiler.NewContext("patch", v8, context))
+			if err != nil {
+				errors = append(errors, err)
+			}
+		}
+		// repeated ParametersItem parameters = 9;
+		v9 := compiler.MapValueForKey(m, "parameters")
+		if v9 != nil {
+			// repeated ParametersItem
+			x.Parameters = make([]*ParametersItem, 0)
+			a, ok := compiler.SequenceNodeForNode(v9)
+			if ok {
+				for _, item := range a.Content {
+					y, err := NewParametersItem(item, compiler.NewContext("parameters", item, context))
+					if err != nil {
+						errors = append(errors, err)
+					}
+					x.Parameters = append(x.Parameters, y)
+				}
+			}
+		}
+		// repeated NamedAny vendor_extension = 10;
+		// MAP: Any ^x-
+		x.VendorExtension = make([]*NamedAny, 0)
+		for i := 0; i < len(m.Content); i += 2 {
+			k, ok := compiler.StringForScalarNode(m.Content[i])
+			if ok {
+				v := m.Content[i+1]
+				if strings.HasPrefix(k, "x-") {
+					pair := &NamedAny{}
+					pair.Name = k
+					result := &Any{}
+					handled, resultFromExt, err := compiler.CallExtension(context, v, k)
+					if handled {
+						if err != nil {
+							errors = append(errors, err)
+						} else {
+							bytes := compiler.Marshal(v)
+							result.Yaml = string(bytes)
+							result.Value = resultFromExt
+							pair.Value = result
+						}
+					} else {
+						pair.Value, err = NewAny(v, compiler.NewContext(k, v, context))
+						if err != nil {
+							errors = append(errors, err)
+						}
+					}
+					x.VendorExtension = append(x.VendorExtension, pair)
+				}
+			}
+		}
+	}
+	return x, compiler.NewErrorGroupOrNil(errors)
+}
+
+// NewPathParameterSubSchema creates an object of type PathParameterSubSchema if possible, returning an error if not.
+func NewPathParameterSubSchema(in *yaml.Node, context *compiler.Context) (*PathParameterSubSchema, error) {
+	errors := make([]error, 0)
+	x := &PathParameterSubSchema{}
+	m, ok := compiler.UnpackMap(in)
+	if !ok {
+		message := fmt.Sprintf("has unexpected value: %+v (%T)", in, in)
+		errors = append(errors, compiler.NewError(context, message))
+	} else {
+		requiredKeys := []string{"required"}
+		missingKeys := compiler.MissingKeysInMap(m, requiredKeys)
+		if len(missingKeys) > 0 {
+			message := fmt.Sprintf("is missing required %s: %+v", compiler.PluralProperties(len(missingKeys)), strings.Join(missingKeys, ", "))
+			errors = append(errors, compiler.NewError(context, message))
+		}
+		allowedKeys := []string{"collectionFormat", "default", "description", "enum", "exclusiveMaximum", "exclusiveMinimum", "format", "in", "items", "maxItems", "maxLength", "maximum", "minItems", "minLength", "minimum", "multipleOf", "name", "pattern", "required", "type", "uniqueItems"}
+		allowedPatterns := []*regexp.Regexp{pattern0}
+		invalidKeys := compiler.InvalidKeysInMap(m, allowedKeys, allowedPatterns)
+		if len(invalidKeys) > 0 {
+			message := fmt.Sprintf("has invalid %s: %+v", compiler.PluralProperties(len(invalidKeys)), strings.Join(invalidKeys, ", "))
+			errors = append(errors, compiler.NewError(context, message))
+		}
+		// bool required = 1;
+		v1 := compiler.MapValueForKey(m, "required")
+		if v1 != nil {
+			x.Required, ok = compiler.BoolForScalarNode(v1)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for required: %s", compiler.Display(v1))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// string in = 2;
+		v2 := compiler.MapValueForKey(m, "in")
+		if v2 != nil {
+			x.In, ok = compiler.StringForScalarNode(v2)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for in: %s", compiler.Display(v2))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+			// check for valid enum values
+			// [path]
+			if ok && !compiler.StringArrayContainsValue([]string{"path"}, x.In) {
+				message := fmt.Sprintf("has unexpected value for in: %s", compiler.Display(v2))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// string description = 3;
+		v3 := compiler.MapValueForKey(m, "description")
+		if v3 != nil {
+			x.Description, ok = compiler.StringForScalarNode(v3)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for description: %s", compiler.Display(v3))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// string name = 4;
+		v4 := compiler.MapValueForKey(m, "name")
+		if v4 != nil {
+			x.Name, ok = compiler.StringForScalarNode(v4)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for name: %s", compiler.Display(v4))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// string type = 5;
+		v5 := compiler.MapValueForKey(m, "type")
+		if v5 != nil {
+			x.Type, ok = compiler.StringForScalarNode(v5)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for type: %s", compiler.Display(v5))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+			// check for valid enum values
+			// [string number boolean integer array]
+			if ok && !compiler.StringArrayContainsValue([]string{"string", "number", "boolean", "integer", "array"}, x.Type) {
+				message := fmt.Sprintf("has unexpected value for type: %s", compiler.Display(v5))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// string format = 6;
+		v6 := compiler.MapValueForKey(m, "format")
+		if v6 != nil {
+			x.Format, ok = compiler.StringForScalarNode(v6)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for format: %s", compiler.Display(v6))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// PrimitivesItems items = 7;
+		v7 := compiler.MapValueForKey(m, "items")
+		if v7 != nil {
+			var err error
+			x.Items, err = NewPrimitivesItems(v7, compiler.NewContext("items", v7, context))
+			if err != nil {
+				errors = append(errors, err)
+			}
+		}
+		// string collection_format = 8;
+		v8 := compiler.MapValueForKey(m, "collectionFormat")
+		if v8 != nil {
+			x.CollectionFormat, ok = compiler.StringForScalarNode(v8)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for collectionFormat: %s", compiler.Display(v8))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+			// check for valid enum values
+			// [csv ssv tsv pipes]
+			if ok && !compiler.StringArrayContainsValue([]string{"csv", "ssv", "tsv", "pipes"}, x.CollectionFormat) {
+				message := fmt.Sprintf("has unexpected value for collectionFormat: %s", compiler.Display(v8))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// Any default = 9;
+		v9 := compiler.MapValueForKey(m, "default")
+		if v9 != nil {
+			var err error
+			x.Default, err = NewAny(v9, compiler.NewContext("default", v9, context))
+			if err != nil {
+				errors = append(errors, err)
+			}
+		}
+		// float maximum = 10;
+		v10 := compiler.MapValueForKey(m, "maximum")
+		if v10 != nil {
+			v, ok := compiler.FloatForScalarNode(v10)
+			if ok {
+				x.Maximum = v
+			} else {
+				message := fmt.Sprintf("has unexpected value for maximum: %s", compiler.Display(v10))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// bool exclusive_maximum = 11;
+		v11 := compiler.MapValueForKey(m, "exclusiveMaximum")
+		if v11 != nil {
+			x.ExclusiveMaximum, ok = compiler.BoolForScalarNode(v11)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for exclusiveMaximum: %s", compiler.Display(v11))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// float minimum = 12;
+		v12 := compiler.MapValueForKey(m, "minimum")
+		if v12 != nil {
+			v, ok := compiler.FloatForScalarNode(v12)
+			if ok {
+				x.Minimum = v
+			} else {
+				message := fmt.Sprintf("has unexpected value for minimum: %s", compiler.Display(v12))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// bool exclusive_minimum = 13;
+		v13 := compiler.MapValueForKey(m, "exclusiveMinimum")
+		if v13 != nil {
+			x.ExclusiveMinimum, ok = compiler.BoolForScalarNode(v13)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for exclusiveMinimum: %s", compiler.Display(v13))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// int64 max_length = 14;
+		v14 := compiler.MapValueForKey(m, "maxLength")
+		if v14 != nil {
+			t, ok := compiler.IntForScalarNode(v14)
+			if ok {
+				x.MaxLength = int64(t)
+			} else {
+				message := fmt.Sprintf("has unexpected value for maxLength: %s", compiler.Display(v14))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// int64 min_length = 15;
+		v15 := compiler.MapValueForKey(m, "minLength")
+		if v15 != nil {
+			t, ok := compiler.IntForScalarNode(v15)
+			if ok {
+				x.MinLength = int64(t)
+			} else {
+				message := fmt.Sprintf("has unexpected value for minLength: %s", compiler.Display(v15))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// string pattern = 16;
+		v16 := compiler.MapValueForKey(m, "pattern")
+		if v16 != nil {
+			x.Pattern, ok = compiler.StringForScalarNode(v16)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for pattern: %s", compiler.Display(v16))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// int64 max_items = 17;
+		v17 := compiler.MapValueForKey(m, "maxItems")
+		if v17 != nil {
+			t, ok := compiler.IntForScalarNode(v17)
+			if ok {
+				x.MaxItems = int64(t)
+			} else {
+				message := fmt.Sprintf("has unexpected value for maxItems: %s", compiler.Display(v17))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// int64 min_items = 18;
+		v18 := compiler.MapValueForKey(m, "minItems")
+		if v18 != nil {
+			t, ok := compiler.IntForScalarNode(v18)
+			if ok {
+				x.MinItems = int64(t)
+			} else {
+				message := fmt.Sprintf("has unexpected value for minItems: %s", compiler.Display(v18))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// bool unique_items = 19;
+		v19 := compiler.MapValueForKey(m, "uniqueItems")
+		if v19 != nil {
+			x.UniqueItems, ok = compiler.BoolForScalarNode(v19)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for uniqueItems: %s", compiler.Display(v19))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// repeated Any enum = 20;
+		v20 := compiler.MapValueForKey(m, "enum")
+		if v20 != nil {
+			// repeated Any
+			x.Enum = make([]*Any, 0)
+			a, ok := compiler.SequenceNodeForNode(v20)
+			if ok {
+				for _, item := range a.Content {
+					y, err := NewAny(item, compiler.NewContext("enum", item, context))
+					if err != nil {
+						errors = append(errors, err)
+					}
+					x.Enum = append(x.Enum, y)
+				}
+			}
+		}
+		// float multiple_of = 21;
+		v21 := compiler.MapValueForKey(m, "multipleOf")
+		if v21 != nil {
+			v, ok := compiler.FloatForScalarNode(v21)
+			if ok {
+				x.MultipleOf = v
+			} else {
+				message := fmt.Sprintf("has unexpected value for multipleOf: %s", compiler.Display(v21))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// repeated NamedAny vendor_extension = 22;
+		// MAP: Any ^x-
+		x.VendorExtension = make([]*NamedAny, 0)
+		for i := 0; i < len(m.Content); i += 2 {
+			k, ok := compiler.StringForScalarNode(m.Content[i])
+			if ok {
+				v := m.Content[i+1]
+				if strings.HasPrefix(k, "x-") {
+					pair := &NamedAny{}
+					pair.Name = k
+					result := &Any{}
+					handled, resultFromExt, err := compiler.CallExtension(context, v, k)
+					if handled {
+						if err != nil {
+							errors = append(errors, err)
+						} else {
+							bytes := compiler.Marshal(v)
+							result.Yaml = string(bytes)
+							result.Value = resultFromExt
+							pair.Value = result
+						}
+					} else {
+						pair.Value, err = NewAny(v, compiler.NewContext(k, v, context))
+						if err != nil {
+							errors = append(errors, err)
+						}
+					}
+					x.VendorExtension = append(x.VendorExtension, pair)
+				}
+			}
+		}
+	}
+	return x, compiler.NewErrorGroupOrNil(errors)
+}
+
+// NewPaths creates an object of type Paths if possible, returning an error if not.
+func NewPaths(in *yaml.Node, context *compiler.Context) (*Paths, error) {
+	errors := make([]error, 0)
+	x := &Paths{}
+	m, ok := compiler.UnpackMap(in)
+	if !ok {
+		message := fmt.Sprintf("has unexpected value: %+v (%T)", in, in)
+		errors = append(errors, compiler.NewError(context, message))
+	} else {
+		allowedKeys := []string{}
+		allowedPatterns := []*regexp.Regexp{pattern0, pattern1}
+		invalidKeys := compiler.InvalidKeysInMap(m, allowedKeys, allowedPatterns)
+		if len(invalidKeys) > 0 {
+			message := fmt.Sprintf("has invalid %s: %+v", compiler.PluralProperties(len(invalidKeys)), strings.Join(invalidKeys, ", "))
+			errors = append(errors, compiler.NewError(context, message))
+		}
+		// repeated NamedAny vendor_extension = 1;
+		// MAP: Any ^x-
+		x.VendorExtension = make([]*NamedAny, 0)
+		for i := 0; i < len(m.Content); i += 2 {
+			k, ok := compiler.StringForScalarNode(m.Content[i])
+			if ok {
+				v := m.Content[i+1]
+				if strings.HasPrefix(k, "x-") {
+					pair := &NamedAny{}
+					pair.Name = k
+					result := &Any{}
+					handled, resultFromExt, err := compiler.CallExtension(context, v, k)
+					if handled {
+						if err != nil {
+							errors = append(errors, err)
+						} else {
+							bytes := compiler.Marshal(v)
+							result.Yaml = string(bytes)
+							result.Value = resultFromExt
+							pair.Value = result
+						}
+					} else {
+						pair.Value, err = NewAny(v, compiler.NewContext(k, v, context))
+						if err != nil {
+							errors = append(errors, err)
+						}
+					}
+					x.VendorExtension = append(x.VendorExtension, pair)
+				}
+			}
+		}
+		// repeated NamedPathItem path = 2;
+		// MAP: PathItem ^/
+		x.Path = make([]*NamedPathItem, 0)
+		for i := 0; i < len(m.Content); i += 2 {
+			k, ok := compiler.StringForScalarNode(m.Content[i])
+			if ok {
+				v := m.Content[i+1]
+				if strings.HasPrefix(k, "/") {
+					pair := &NamedPathItem{}
+					pair.Name = k
+					var err error
+					pair.Value, err = NewPathItem(v, compiler.NewContext(k, v, context))
+					if err != nil {
+						errors = append(errors, err)
+					}
+					x.Path = append(x.Path, pair)
+				}
+			}
+		}
+	}
+	return x, compiler.NewErrorGroupOrNil(errors)
+}
+
+// NewPrimitivesItems creates an object of type PrimitivesItems if possible, returning an error if not.
+func NewPrimitivesItems(in *yaml.Node, context *compiler.Context) (*PrimitivesItems, error) {
+	errors := make([]error, 0)
+	x := &PrimitivesItems{}
+	m, ok := compiler.UnpackMap(in)
+	if !ok {
+		message := fmt.Sprintf("has unexpected value: %+v (%T)", in, in)
+		errors = append(errors, compiler.NewError(context, message))
+	} else {
+		allowedKeys := []string{"collectionFormat", "default", "enum", "exclusiveMaximum", "exclusiveMinimum", "format", "items", "maxItems", "maxLength", "maximum", "minItems", "minLength", "minimum", "multipleOf", "pattern", "type", "uniqueItems"}
+		allowedPatterns := []*regexp.Regexp{pattern0}
+		invalidKeys := compiler.InvalidKeysInMap(m, allowedKeys, allowedPatterns)
+		if len(invalidKeys) > 0 {
+			message := fmt.Sprintf("has invalid %s: %+v", compiler.PluralProperties(len(invalidKeys)), strings.Join(invalidKeys, ", "))
+			errors = append(errors, compiler.NewError(context, message))
+		}
+		// string type = 1;
+		v1 := compiler.MapValueForKey(m, "type")
+		if v1 != nil {
+			x.Type, ok = compiler.StringForScalarNode(v1)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for type: %s", compiler.Display(v1))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+			// check for valid enum values
+			// [string number integer boolean array]
+			if ok && !compiler.StringArrayContainsValue([]string{"string", "number", "integer", "boolean", "array"}, x.Type) {
+				message := fmt.Sprintf("has unexpected value for type: %s", compiler.Display(v1))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// string format = 2;
+		v2 := compiler.MapValueForKey(m, "format")
+		if v2 != nil {
+			x.Format, ok = compiler.StringForScalarNode(v2)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for format: %s", compiler.Display(v2))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// PrimitivesItems items = 3;
+		v3 := compiler.MapValueForKey(m, "items")
+		if v3 != nil {
+			var err error
+			x.Items, err = NewPrimitivesItems(v3, compiler.NewContext("items", v3, context))
+			if err != nil {
+				errors = append(errors, err)
+			}
+		}
+		// string collection_format = 4;
+		v4 := compiler.MapValueForKey(m, "collectionFormat")
+		if v4 != nil {
+			x.CollectionFormat, ok = compiler.StringForScalarNode(v4)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for collectionFormat: %s", compiler.Display(v4))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+			// check for valid enum values
+			// [csv ssv tsv pipes]
+			if ok && !compiler.StringArrayContainsValue([]string{"csv", "ssv", "tsv", "pipes"}, x.CollectionFormat) {
+				message := fmt.Sprintf("has unexpected value for collectionFormat: %s", compiler.Display(v4))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// Any default = 5;
+		v5 := compiler.MapValueForKey(m, "default")
+		if v5 != nil {
+			var err error
+			x.Default, err = NewAny(v5, compiler.NewContext("default", v5, context))
+			if err != nil {
+				errors = append(errors, err)
+			}
+		}
+		// float maximum = 6;
+		v6 := compiler.MapValueForKey(m, "maximum")
+		if v6 != nil {
+			v, ok := compiler.FloatForScalarNode(v6)
+			if ok {
+				x.Maximum = v
+			} else {
+				message := fmt.Sprintf("has unexpected value for maximum: %s", compiler.Display(v6))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// bool exclusive_maximum = 7;
+		v7 := compiler.MapValueForKey(m, "exclusiveMaximum")
+		if v7 != nil {
+			x.ExclusiveMaximum, ok = compiler.BoolForScalarNode(v7)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for exclusiveMaximum: %s", compiler.Display(v7))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// float minimum = 8;
+		v8 := compiler.MapValueForKey(m, "minimum")
+		if v8 != nil {
+			v, ok := compiler.FloatForScalarNode(v8)
+			if ok {
+				x.Minimum = v
+			} else {
+				message := fmt.Sprintf("has unexpected value for minimum: %s", compiler.Display(v8))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// bool exclusive_minimum = 9;
+		v9 := compiler.MapValueForKey(m, "exclusiveMinimum")
+		if v9 != nil {
+			x.ExclusiveMinimum, ok = compiler.BoolForScalarNode(v9)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for exclusiveMinimum: %s", compiler.Display(v9))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// int64 max_length = 10;
+		v10 := compiler.MapValueForKey(m, "maxLength")
+		if v10 != nil {
+			t, ok := compiler.IntForScalarNode(v10)
+			if ok {
+				x.MaxLength = int64(t)
+			} else {
+				message := fmt.Sprintf("has unexpected value for maxLength: %s", compiler.Display(v10))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// int64 min_length = 11;
+		v11 := compiler.MapValueForKey(m, "minLength")
+		if v11 != nil {
+			t, ok := compiler.IntForScalarNode(v11)
+			if ok {
+				x.MinLength = int64(t)
+			} else {
+				message := fmt.Sprintf("has unexpected value for minLength: %s", compiler.Display(v11))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// string pattern = 12;
+		v12 := compiler.MapValueForKey(m, "pattern")
+		if v12 != nil {
+			x.Pattern, ok = compiler.StringForScalarNode(v12)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for pattern: %s", compiler.Display(v12))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// int64 max_items = 13;
+		v13 := compiler.MapValueForKey(m, "maxItems")
+		if v13 != nil {
+			t, ok := compiler.IntForScalarNode(v13)
+			if ok {
+				x.MaxItems = int64(t)
+			} else {
+				message := fmt.Sprintf("has unexpected value for maxItems: %s", compiler.Display(v13))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// int64 min_items = 14;
+		v14 := compiler.MapValueForKey(m, "minItems")
+		if v14 != nil {
+			t, ok := compiler.IntForScalarNode(v14)
+			if ok {
+				x.MinItems = int64(t)
+			} else {
+				message := fmt.Sprintf("has unexpected value for minItems: %s", compiler.Display(v14))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// bool unique_items = 15;
+		v15 := compiler.MapValueForKey(m, "uniqueItems")
+		if v15 != nil {
+			x.UniqueItems, ok = compiler.BoolForScalarNode(v15)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for uniqueItems: %s", compiler.Display(v15))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// repeated Any enum = 16;
+		v16 := compiler.MapValueForKey(m, "enum")
+		if v16 != nil {
+			// repeated Any
+			x.Enum = make([]*Any, 0)
+			a, ok := compiler.SequenceNodeForNode(v16)
+			if ok {
+				for _, item := range a.Content {
+					y, err := NewAny(item, compiler.NewContext("enum", item, context))
+					if err != nil {
+						errors = append(errors, err)
+					}
+					x.Enum = append(x.Enum, y)
+				}
+			}
+		}
+		// float multiple_of = 17;
+		v17 := compiler.MapValueForKey(m, "multipleOf")
+		if v17 != nil {
+			v, ok := compiler.FloatForScalarNode(v17)
+			if ok {
+				x.MultipleOf = v
+			} else {
+				message := fmt.Sprintf("has unexpected value for multipleOf: %s", compiler.Display(v17))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// repeated NamedAny vendor_extension = 18;
+		// MAP: Any ^x-
+		x.VendorExtension = make([]*NamedAny, 0)
+		for i := 0; i < len(m.Content); i += 2 {
+			k, ok := compiler.StringForScalarNode(m.Content[i])
+			if ok {
+				v := m.Content[i+1]
+				if strings.HasPrefix(k, "x-") {
+					pair := &NamedAny{}
+					pair.Name = k
+					result := &Any{}
+					handled, resultFromExt, err := compiler.CallExtension(context, v, k)
+					if handled {
+						if err != nil {
+							errors = append(errors, err)
+						} else {
+							bytes := compiler.Marshal(v)
+							result.Yaml = string(bytes)
+							result.Value = resultFromExt
+							pair.Value = result
+						}
+					} else {
+						pair.Value, err = NewAny(v, compiler.NewContext(k, v, context))
+						if err != nil {
+							errors = append(errors, err)
+						}
+					}
+					x.VendorExtension = append(x.VendorExtension, pair)
+				}
+			}
+		}
+	}
+	return x, compiler.NewErrorGroupOrNil(errors)
+}
+
+// NewProperties creates an object of type Properties if possible, returning an error if not.
+func NewProperties(in *yaml.Node, context *compiler.Context) (*Properties, error) {
+	errors := make([]error, 0)
+	x := &Properties{}
+	m, ok := compiler.UnpackMap(in)
+	if !ok {
+		message := fmt.Sprintf("has unexpected value: %+v (%T)", in, in)
+		errors = append(errors, compiler.NewError(context, message))
+	} else {
+		// repeated NamedSchema additional_properties = 1;
+		// MAP: Schema
+		x.AdditionalProperties = make([]*NamedSchema, 0)
+		for i := 0; i < len(m.Content); i += 2 {
+			k, ok := compiler.StringForScalarNode(m.Content[i])
+			if ok {
+				v := m.Content[i+1]
+				pair := &NamedSchema{}
+				pair.Name = k
+				var err error
+				pair.Value, err = NewSchema(v, compiler.NewContext(k, v, context))
+				if err != nil {
+					errors = append(errors, err)
+				}
+				x.AdditionalProperties = append(x.AdditionalProperties, pair)
+			}
+		}
+	}
+	return x, compiler.NewErrorGroupOrNil(errors)
+}
+
+// NewQueryParameterSubSchema creates an object of type QueryParameterSubSchema if possible, returning an error if not.
+func NewQueryParameterSubSchema(in *yaml.Node, context *compiler.Context) (*QueryParameterSubSchema, error) {
+	errors := make([]error, 0)
+	x := &QueryParameterSubSchema{}
+	m, ok := compiler.UnpackMap(in)
+	if !ok {
+		message := fmt.Sprintf("has unexpected value: %+v (%T)", in, in)
+		errors = append(errors, compiler.NewError(context, message))
+	} else {
+		allowedKeys := []string{"allowEmptyValue", "collectionFormat", "default", "description", "enum", "exclusiveMaximum", "exclusiveMinimum", "format", "in", "items", "maxItems", "maxLength", "maximum", "minItems", "minLength", "minimum", "multipleOf", "name", "pattern", "required", "type", "uniqueItems"}
+		allowedPatterns := []*regexp.Regexp{pattern0}
+		invalidKeys := compiler.InvalidKeysInMap(m, allowedKeys, allowedPatterns)
+		if len(invalidKeys) > 0 {
+			message := fmt.Sprintf("has invalid %s: %+v", compiler.PluralProperties(len(invalidKeys)), strings.Join(invalidKeys, ", "))
+			errors = append(errors, compiler.NewError(context, message))
+		}
+		// bool required = 1;
+		v1 := compiler.MapValueForKey(m, "required")
+		if v1 != nil {
+			x.Required, ok = compiler.BoolForScalarNode(v1)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for required: %s", compiler.Display(v1))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// string in = 2;
+		v2 := compiler.MapValueForKey(m, "in")
+		if v2 != nil {
+			x.In, ok = compiler.StringForScalarNode(v2)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for in: %s", compiler.Display(v2))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+			// check for valid enum values
+			// [query]
+			if ok && !compiler.StringArrayContainsValue([]string{"query"}, x.In) {
+				message := fmt.Sprintf("has unexpected value for in: %s", compiler.Display(v2))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// string description = 3;
+		v3 := compiler.MapValueForKey(m, "description")
+		if v3 != nil {
+			x.Description, ok = compiler.StringForScalarNode(v3)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for description: %s", compiler.Display(v3))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// string name = 4;
+		v4 := compiler.MapValueForKey(m, "name")
+		if v4 != nil {
+			x.Name, ok = compiler.StringForScalarNode(v4)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for name: %s", compiler.Display(v4))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// bool allow_empty_value = 5;
+		v5 := compiler.MapValueForKey(m, "allowEmptyValue")
+		if v5 != nil {
+			x.AllowEmptyValue, ok = compiler.BoolForScalarNode(v5)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for allowEmptyValue: %s", compiler.Display(v5))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// string type = 6;
+		v6 := compiler.MapValueForKey(m, "type")
+		if v6 != nil {
+			x.Type, ok = compiler.StringForScalarNode(v6)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for type: %s", compiler.Display(v6))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+			// check for valid enum values
+			// [string number boolean integer array]
+			if ok && !compiler.StringArrayContainsValue([]string{"string", "number", "boolean", "integer", "array"}, x.Type) {
+				message := fmt.Sprintf("has unexpected value for type: %s", compiler.Display(v6))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// string format = 7;
+		v7 := compiler.MapValueForKey(m, "format")
+		if v7 != nil {
+			x.Format, ok = compiler.StringForScalarNode(v7)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for format: %s", compiler.Display(v7))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// PrimitivesItems items = 8;
+		v8 := compiler.MapValueForKey(m, "items")
+		if v8 != nil {
+			var err error
+			x.Items, err = NewPrimitivesItems(v8, compiler.NewContext("items", v8, context))
+			if err != nil {
+				errors = append(errors, err)
+			}
+		}
+		// string collection_format = 9;
+		v9 := compiler.MapValueForKey(m, "collectionFormat")
+		if v9 != nil {
+			x.CollectionFormat, ok = compiler.StringForScalarNode(v9)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for collectionFormat: %s", compiler.Display(v9))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+			// check for valid enum values
+			// [csv ssv tsv pipes multi]
+			if ok && !compiler.StringArrayContainsValue([]string{"csv", "ssv", "tsv", "pipes", "multi"}, x.CollectionFormat) {
+				message := fmt.Sprintf("has unexpected value for collectionFormat: %s", compiler.Display(v9))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// Any default = 10;
+		v10 := compiler.MapValueForKey(m, "default")
+		if v10 != nil {
+			var err error
+			x.Default, err = NewAny(v10, compiler.NewContext("default", v10, context))
+			if err != nil {
+				errors = append(errors, err)
+			}
+		}
+		// float maximum = 11;
+		v11 := compiler.MapValueForKey(m, "maximum")
+		if v11 != nil {
+			v, ok := compiler.FloatForScalarNode(v11)
+			if ok {
+				x.Maximum = v
+			} else {
+				message := fmt.Sprintf("has unexpected value for maximum: %s", compiler.Display(v11))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// bool exclusive_maximum = 12;
+		v12 := compiler.MapValueForKey(m, "exclusiveMaximum")
+		if v12 != nil {
+			x.ExclusiveMaximum, ok = compiler.BoolForScalarNode(v12)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for exclusiveMaximum: %s", compiler.Display(v12))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// float minimum = 13;
+		v13 := compiler.MapValueForKey(m, "minimum")
+		if v13 != nil {
+			v, ok := compiler.FloatForScalarNode(v13)
+			if ok {
+				x.Minimum = v
+			} else {
+				message := fmt.Sprintf("has unexpected value for minimum: %s", compiler.Display(v13))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// bool exclusive_minimum = 14;
+		v14 := compiler.MapValueForKey(m, "exclusiveMinimum")
+		if v14 != nil {
+			x.ExclusiveMinimum, ok = compiler.BoolForScalarNode(v14)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for exclusiveMinimum: %s", compiler.Display(v14))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// int64 max_length = 15;
+		v15 := compiler.MapValueForKey(m, "maxLength")
+		if v15 != nil {
+			t, ok := compiler.IntForScalarNode(v15)
+			if ok {
+				x.MaxLength = int64(t)
+			} else {
+				message := fmt.Sprintf("has unexpected value for maxLength: %s", compiler.Display(v15))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// int64 min_length = 16;
+		v16 := compiler.MapValueForKey(m, "minLength")
+		if v16 != nil {
+			t, ok := compiler.IntForScalarNode(v16)
+			if ok {
+				x.MinLength = int64(t)
+			} else {
+				message := fmt.Sprintf("has unexpected value for minLength: %s", compiler.Display(v16))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// string pattern = 17;
+		v17 := compiler.MapValueForKey(m, "pattern")
+		if v17 != nil {
+			x.Pattern, ok = compiler.StringForScalarNode(v17)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for pattern: %s", compiler.Display(v17))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// int64 max_items = 18;
+		v18 := compiler.MapValueForKey(m, "maxItems")
+		if v18 != nil {
+			t, ok := compiler.IntForScalarNode(v18)
+			if ok {
+				x.MaxItems = int64(t)
+			} else {
+				message := fmt.Sprintf("has unexpected value for maxItems: %s", compiler.Display(v18))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// int64 min_items = 19;
+		v19 := compiler.MapValueForKey(m, "minItems")
+		if v19 != nil {
+			t, ok := compiler.IntForScalarNode(v19)
+			if ok {
+				x.MinItems = int64(t)
+			} else {
+				message := fmt.Sprintf("has unexpected value for minItems: %s", compiler.Display(v19))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// bool unique_items = 20;
+		v20 := compiler.MapValueForKey(m, "uniqueItems")
+		if v20 != nil {
+			x.UniqueItems, ok = compiler.BoolForScalarNode(v20)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for uniqueItems: %s", compiler.Display(v20))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// repeated Any enum = 21;
+		v21 := compiler.MapValueForKey(m, "enum")
+		if v21 != nil {
+			// repeated Any
+			x.Enum = make([]*Any, 0)
+			a, ok := compiler.SequenceNodeForNode(v21)
+			if ok {
+				for _, item := range a.Content {
+					y, err := NewAny(item, compiler.NewContext("enum", item, context))
+					if err != nil {
+						errors = append(errors, err)
+					}
+					x.Enum = append(x.Enum, y)
+				}
+			}
+		}
+		// float multiple_of = 22;
+		v22 := compiler.MapValueForKey(m, "multipleOf")
+		if v22 != nil {
+			v, ok := compiler.FloatForScalarNode(v22)
+			if ok {
+				x.MultipleOf = v
+			} else {
+				message := fmt.Sprintf("has unexpected value for multipleOf: %s", compiler.Display(v22))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// repeated NamedAny vendor_extension = 23;
+		// MAP: Any ^x-
+		x.VendorExtension = make([]*NamedAny, 0)
+		for i := 0; i < len(m.Content); i += 2 {
+			k, ok := compiler.StringForScalarNode(m.Content[i])
+			if ok {
+				v := m.Content[i+1]
+				if strings.HasPrefix(k, "x-") {
+					pair := &NamedAny{}
+					pair.Name = k
+					result := &Any{}
+					handled, resultFromExt, err := compiler.CallExtension(context, v, k)
+					if handled {
+						if err != nil {
+							errors = append(errors, err)
+						} else {
+							bytes := compiler.Marshal(v)
+							result.Yaml = string(bytes)
+							result.Value = resultFromExt
+							pair.Value = result
+						}
+					} else {
+						pair.Value, err = NewAny(v, compiler.NewContext(k, v, context))
+						if err != nil {
+							errors = append(errors, err)
+						}
+					}
+					x.VendorExtension = append(x.VendorExtension, pair)
+				}
+			}
+		}
+	}
+	return x, compiler.NewErrorGroupOrNil(errors)
+}
+
+// NewResponse creates an object of type Response if possible, returning an error if not.
+func NewResponse(in *yaml.Node, context *compiler.Context) (*Response, error) {
+	errors := make([]error, 0)
+	x := &Response{}
+	m, ok := compiler.UnpackMap(in)
+	if !ok {
+		message := fmt.Sprintf("has unexpected value: %+v (%T)", in, in)
+		errors = append(errors, compiler.NewError(context, message))
+	} else {
+		requiredKeys := []string{"description"}
+		missingKeys := compiler.MissingKeysInMap(m, requiredKeys)
+		if len(missingKeys) > 0 {
+			message := fmt.Sprintf("is missing required %s: %+v", compiler.PluralProperties(len(missingKeys)), strings.Join(missingKeys, ", "))
+			errors = append(errors, compiler.NewError(context, message))
+		}
+		allowedKeys := []string{"description", "examples", "headers", "schema"}
+		allowedPatterns := []*regexp.Regexp{pattern0}
+		invalidKeys := compiler.InvalidKeysInMap(m, allowedKeys, allowedPatterns)
+		if len(invalidKeys) > 0 {
+			message := fmt.Sprintf("has invalid %s: %+v", compiler.PluralProperties(len(invalidKeys)), strings.Join(invalidKeys, ", "))
+			errors = append(errors, compiler.NewError(context, message))
+		}
+		// string description = 1;
+		v1 := compiler.MapValueForKey(m, "description")
+		if v1 != nil {
+			x.Description, ok = compiler.StringForScalarNode(v1)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for description: %s", compiler.Display(v1))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// SchemaItem schema = 2;
+		v2 := compiler.MapValueForKey(m, "schema")
+		if v2 != nil {
+			var err error
+			x.Schema, err = NewSchemaItem(v2, compiler.NewContext("schema", v2, context))
+			if err != nil {
+				errors = append(errors, err)
+			}
+		}
+		// Headers headers = 3;
+		v3 := compiler.MapValueForKey(m, "headers")
+		if v3 != nil {
+			var err error
+			x.Headers, err = NewHeaders(v3, compiler.NewContext("headers", v3, context))
+			if err != nil {
+				errors = append(errors, err)
+			}
+		}
+		// Examples examples = 4;
+		v4 := compiler.MapValueForKey(m, "examples")
+		if v4 != nil {
+			var err error
+			x.Examples, err = NewExamples(v4, compiler.NewContext("examples", v4, context))
+			if err != nil {
+				errors = append(errors, err)
+			}
+		}
+		// repeated NamedAny vendor_extension = 5;
+		// MAP: Any ^x-
+		x.VendorExtension = make([]*NamedAny, 0)
+		for i := 0; i < len(m.Content); i += 2 {
+			k, ok := compiler.StringForScalarNode(m.Content[i])
+			if ok {
+				v := m.Content[i+1]
+				if strings.HasPrefix(k, "x-") {
+					pair := &NamedAny{}
+					pair.Name = k
+					result := &Any{}
+					handled, resultFromExt, err := compiler.CallExtension(context, v, k)
+					if handled {
+						if err != nil {
+							errors = append(errors, err)
+						} else {
+							bytes := compiler.Marshal(v)
+							result.Yaml = string(bytes)
+							result.Value = resultFromExt
+							pair.Value = result
+						}
+					} else {
+						pair.Value, err = NewAny(v, compiler.NewContext(k, v, context))
+						if err != nil {
+							errors = append(errors, err)
+						}
+					}
+					x.VendorExtension = append(x.VendorExtension, pair)
+				}
+			}
+		}
+	}
+	return x, compiler.NewErrorGroupOrNil(errors)
+}
+
+// NewResponseDefinitions creates an object of type ResponseDefinitions if possible, returning an error if not.
+func NewResponseDefinitions(in *yaml.Node, context *compiler.Context) (*ResponseDefinitions, error) {
+	errors := make([]error, 0)
+	x := &ResponseDefinitions{}
+	m, ok := compiler.UnpackMap(in)
+	if !ok {
+		message := fmt.Sprintf("has unexpected value: %+v (%T)", in, in)
+		errors = append(errors, compiler.NewError(context, message))
+	} else {
+		// repeated NamedResponse additional_properties = 1;
+		// MAP: Response
+		x.AdditionalProperties = make([]*NamedResponse, 0)
+		for i := 0; i < len(m.Content); i += 2 {
+			k, ok := compiler.StringForScalarNode(m.Content[i])
+			if ok {
+				v := m.Content[i+1]
+				pair := &NamedResponse{}
+				pair.Name = k
+				var err error
+				pair.Value, err = NewResponse(v, compiler.NewContext(k, v, context))
+				if err != nil {
+					errors = append(errors, err)
+				}
+				x.AdditionalProperties = append(x.AdditionalProperties, pair)
+			}
+		}
+	}
+	return x, compiler.NewErrorGroupOrNil(errors)
+}
+
+// NewResponseValue creates an object of type ResponseValue if possible, returning an error if not.
+func NewResponseValue(in *yaml.Node, context *compiler.Context) (*ResponseValue, error) {
+	errors := make([]error, 0)
+	x := &ResponseValue{}
+	matched := false
+	// Response response = 1;
+	{
+		m, ok := compiler.UnpackMap(in)
+		if ok {
+			// errors might be ok here, they mean we just don't have the right subtype
+			t, matchingError := NewResponse(m, compiler.NewContext("response", m, context))
+			if matchingError == nil {
+				x.Oneof = &ResponseValue_Response{Response: t}
+				matched = true
+			} else {
+				errors = append(errors, matchingError)
+			}
+		}
+	}
+	// JsonReference json_reference = 2;
+	{
+		m, ok := compiler.UnpackMap(in)
+		if ok {
+			// errors might be ok here, they mean we just don't have the right subtype
+			t, matchingError := NewJsonReference(m, compiler.NewContext("jsonReference", m, context))
+			if matchingError == nil {
+				x.Oneof = &ResponseValue_JsonReference{JsonReference: t}
+				matched = true
+			} else {
+				errors = append(errors, matchingError)
+			}
+		}
+	}
+	if matched {
+		// since the oneof matched one of its possibilities, discard any matching errors
+		errors = make([]error, 0)
+	} else {
+		message := fmt.Sprintf("contains an invalid ResponseValue")
+		err := compiler.NewError(context, message)
+		errors = []error{err}
+	}
+	return x, compiler.NewErrorGroupOrNil(errors)
+}
+
+// NewResponses creates an object of type Responses if possible, returning an error if not.
+func NewResponses(in *yaml.Node, context *compiler.Context) (*Responses, error) {
+	errors := make([]error, 0)
+	x := &Responses{}
+	m, ok := compiler.UnpackMap(in)
+	if !ok {
+		message := fmt.Sprintf("has unexpected value: %+v (%T)", in, in)
+		errors = append(errors, compiler.NewError(context, message))
+	} else {
+		allowedKeys := []string{}
+		allowedPatterns := []*regexp.Regexp{pattern2, pattern0}
+		invalidKeys := compiler.InvalidKeysInMap(m, allowedKeys, allowedPatterns)
+		if len(invalidKeys) > 0 {
+			message := fmt.Sprintf("has invalid %s: %+v", compiler.PluralProperties(len(invalidKeys)), strings.Join(invalidKeys, ", "))
+			errors = append(errors, compiler.NewError(context, message))
+		}
+		// repeated NamedResponseValue response_code = 1;
+		// MAP: ResponseValue ^([0-9]{3})$|^(default)$
+		x.ResponseCode = make([]*NamedResponseValue, 0)
+		for i := 0; i < len(m.Content); i += 2 {
+			k, ok := compiler.StringForScalarNode(m.Content[i])
+			if ok {
+				v := m.Content[i+1]
+				if pattern2.MatchString(k) {
+					pair := &NamedResponseValue{}
+					pair.Name = k
+					var err error
+					pair.Value, err = NewResponseValue(v, compiler.NewContext(k, v, context))
+					if err != nil {
+						errors = append(errors, err)
+					}
+					x.ResponseCode = append(x.ResponseCode, pair)
+				}
+			}
+		}
+		// repeated NamedAny vendor_extension = 2;
+		// MAP: Any ^x-
+		x.VendorExtension = make([]*NamedAny, 0)
+		for i := 0; i < len(m.Content); i += 2 {
+			k, ok := compiler.StringForScalarNode(m.Content[i])
+			if ok {
+				v := m.Content[i+1]
+				if strings.HasPrefix(k, "x-") {
+					pair := &NamedAny{}
+					pair.Name = k
+					result := &Any{}
+					handled, resultFromExt, err := compiler.CallExtension(context, v, k)
+					if handled {
+						if err != nil {
+							errors = append(errors, err)
+						} else {
+							bytes := compiler.Marshal(v)
+							result.Yaml = string(bytes)
+							result.Value = resultFromExt
+							pair.Value = result
+						}
+					} else {
+						pair.Value, err = NewAny(v, compiler.NewContext(k, v, context))
+						if err != nil {
+							errors = append(errors, err)
+						}
+					}
+					x.VendorExtension = append(x.VendorExtension, pair)
+				}
+			}
+		}
+	}
+	return x, compiler.NewErrorGroupOrNil(errors)
+}
+
+// NewSchema creates an object of type Schema if possible, returning an error if not.
+func NewSchema(in *yaml.Node, context *compiler.Context) (*Schema, error) {
+	errors := make([]error, 0)
+	x := &Schema{}
+	m, ok := compiler.UnpackMap(in)
+	if !ok {
+		message := fmt.Sprintf("has unexpected value: %+v (%T)", in, in)
+		errors = append(errors, compiler.NewError(context, message))
+	} else {
+		allowedKeys := []string{"$ref", "additionalProperties", "allOf", "default", "description", "discriminator", "enum", "example", "exclusiveMaximum", "exclusiveMinimum", "externalDocs", "format", "items", "maxItems", "maxLength", "maxProperties", "maximum", "minItems", "minLength", "minProperties", "minimum", "multipleOf", "pattern", "properties", "readOnly", "required", "title", "type", "uniqueItems", "xml"}
+		allowedPatterns := []*regexp.Regexp{pattern0}
+		invalidKeys := compiler.InvalidKeysInMap(m, allowedKeys, allowedPatterns)
+		if len(invalidKeys) > 0 {
+			message := fmt.Sprintf("has invalid %s: %+v", compiler.PluralProperties(len(invalidKeys)), strings.Join(invalidKeys, ", "))
+			errors = append(errors, compiler.NewError(context, message))
+		}
+		// string _ref = 1;
+		v1 := compiler.MapValueForKey(m, "$ref")
+		if v1 != nil {
+			x.XRef, ok = compiler.StringForScalarNode(v1)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for $ref: %s", compiler.Display(v1))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// string format = 2;
+		v2 := compiler.MapValueForKey(m, "format")
+		if v2 != nil {
+			x.Format, ok = compiler.StringForScalarNode(v2)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for format: %s", compiler.Display(v2))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// string title = 3;
+		v3 := compiler.MapValueForKey(m, "title")
+		if v3 != nil {
+			x.Title, ok = compiler.StringForScalarNode(v3)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for title: %s", compiler.Display(v3))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// string description = 4;
+		v4 := compiler.MapValueForKey(m, "description")
+		if v4 != nil {
+			x.Description, ok = compiler.StringForScalarNode(v4)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for description: %s", compiler.Display(v4))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// Any default = 5;
+		v5 := compiler.MapValueForKey(m, "default")
+		if v5 != nil {
+			var err error
+			x.Default, err = NewAny(v5, compiler.NewContext("default", v5, context))
+			if err != nil {
+				errors = append(errors, err)
+			}
+		}
+		// float multiple_of = 6;
+		v6 := compiler.MapValueForKey(m, "multipleOf")
+		if v6 != nil {
+			v, ok := compiler.FloatForScalarNode(v6)
+			if ok {
+				x.MultipleOf = v
+			} else {
+				message := fmt.Sprintf("has unexpected value for multipleOf: %s", compiler.Display(v6))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// float maximum = 7;
+		v7 := compiler.MapValueForKey(m, "maximum")
+		if v7 != nil {
+			v, ok := compiler.FloatForScalarNode(v7)
+			if ok {
+				x.Maximum = v
+			} else {
+				message := fmt.Sprintf("has unexpected value for maximum: %s", compiler.Display(v7))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// bool exclusive_maximum = 8;
+		v8 := compiler.MapValueForKey(m, "exclusiveMaximum")
+		if v8 != nil {
+			x.ExclusiveMaximum, ok = compiler.BoolForScalarNode(v8)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for exclusiveMaximum: %s", compiler.Display(v8))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// float minimum = 9;
+		v9 := compiler.MapValueForKey(m, "minimum")
+		if v9 != nil {
+			v, ok := compiler.FloatForScalarNode(v9)
+			if ok {
+				x.Minimum = v
+			} else {
+				message := fmt.Sprintf("has unexpected value for minimum: %s", compiler.Display(v9))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// bool exclusive_minimum = 10;
+		v10 := compiler.MapValueForKey(m, "exclusiveMinimum")
+		if v10 != nil {
+			x.ExclusiveMinimum, ok = compiler.BoolForScalarNode(v10)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for exclusiveMinimum: %s", compiler.Display(v10))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// int64 max_length = 11;
+		v11 := compiler.MapValueForKey(m, "maxLength")
+		if v11 != nil {
+			t, ok := compiler.IntForScalarNode(v11)
+			if ok {
+				x.MaxLength = int64(t)
+			} else {
+				message := fmt.Sprintf("has unexpected value for maxLength: %s", compiler.Display(v11))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// int64 min_length = 12;
+		v12 := compiler.MapValueForKey(m, "minLength")
+		if v12 != nil {
+			t, ok := compiler.IntForScalarNode(v12)
+			if ok {
+				x.MinLength = int64(t)
+			} else {
+				message := fmt.Sprintf("has unexpected value for minLength: %s", compiler.Display(v12))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// string pattern = 13;
+		v13 := compiler.MapValueForKey(m, "pattern")
+		if v13 != nil {
+			x.Pattern, ok = compiler.StringForScalarNode(v13)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for pattern: %s", compiler.Display(v13))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// int64 max_items = 14;
+		v14 := compiler.MapValueForKey(m, "maxItems")
+		if v14 != nil {
+			t, ok := compiler.IntForScalarNode(v14)
+			if ok {
+				x.MaxItems = int64(t)
+			} else {
+				message := fmt.Sprintf("has unexpected value for maxItems: %s", compiler.Display(v14))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// int64 min_items = 15;
+		v15 := compiler.MapValueForKey(m, "minItems")
+		if v15 != nil {
+			t, ok := compiler.IntForScalarNode(v15)
+			if ok {
+				x.MinItems = int64(t)
+			} else {
+				message := fmt.Sprintf("has unexpected value for minItems: %s", compiler.Display(v15))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// bool unique_items = 16;
+		v16 := compiler.MapValueForKey(m, "uniqueItems")
+		if v16 != nil {
+			x.UniqueItems, ok = compiler.BoolForScalarNode(v16)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for uniqueItems: %s", compiler.Display(v16))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// int64 max_properties = 17;
+		v17 := compiler.MapValueForKey(m, "maxProperties")
+		if v17 != nil {
+			t, ok := compiler.IntForScalarNode(v17)
+			if ok {
+				x.MaxProperties = int64(t)
+			} else {
+				message := fmt.Sprintf("has unexpected value for maxProperties: %s", compiler.Display(v17))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// int64 min_properties = 18;
+		v18 := compiler.MapValueForKey(m, "minProperties")
+		if v18 != nil {
+			t, ok := compiler.IntForScalarNode(v18)
+			if ok {
+				x.MinProperties = int64(t)
+			} else {
+				message := fmt.Sprintf("has unexpected value for minProperties: %s", compiler.Display(v18))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// repeated string required = 19;
+		v19 := compiler.MapValueForKey(m, "required")
+		if v19 != nil {
+			v, ok := compiler.SequenceNodeForNode(v19)
+			if ok {
+				x.Required = compiler.StringArrayForSequenceNode(v)
+			} else {
+				message := fmt.Sprintf("has unexpected value for required: %s", compiler.Display(v19))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// repeated Any enum = 20;
+		v20 := compiler.MapValueForKey(m, "enum")
+		if v20 != nil {
+			// repeated Any
+			x.Enum = make([]*Any, 0)
+			a, ok := compiler.SequenceNodeForNode(v20)
+			if ok {
+				for _, item := range a.Content {
+					y, err := NewAny(item, compiler.NewContext("enum", item, context))
+					if err != nil {
+						errors = append(errors, err)
+					}
+					x.Enum = append(x.Enum, y)
+				}
+			}
+		}
+		// AdditionalPropertiesItem additional_properties = 21;
+		v21 := compiler.MapValueForKey(m, "additionalProperties")
+		if v21 != nil {
+			var err error
+			x.AdditionalProperties, err = NewAdditionalPropertiesItem(v21, compiler.NewContext("additionalProperties", v21, context))
+			if err != nil {
+				errors = append(errors, err)
+			}
+		}
+		// TypeItem type = 22;
+		v22 := compiler.MapValueForKey(m, "type")
+		if v22 != nil {
+			var err error
+			x.Type, err = NewTypeItem(v22, compiler.NewContext("type", v22, context))
+			if err != nil {
+				errors = append(errors, err)
+			}
+		}
+		// ItemsItem items = 23;
+		v23 := compiler.MapValueForKey(m, "items")
+		if v23 != nil {
+			var err error
+			x.Items, err = NewItemsItem(v23, compiler.NewContext("items", v23, context))
+			if err != nil {
+				errors = append(errors, err)
+			}
+		}
+		// repeated Schema all_of = 24;
+		v24 := compiler.MapValueForKey(m, "allOf")
+		if v24 != nil {
+			// repeated Schema
+			x.AllOf = make([]*Schema, 0)
+			a, ok := compiler.SequenceNodeForNode(v24)
+			if ok {
+				for _, item := range a.Content {
+					y, err := NewSchema(item, compiler.NewContext("allOf", item, context))
+					if err != nil {
+						errors = append(errors, err)
+					}
+					x.AllOf = append(x.AllOf, y)
+				}
+			}
+		}
+		// Properties properties = 25;
+		v25 := compiler.MapValueForKey(m, "properties")
+		if v25 != nil {
+			var err error
+			x.Properties, err = NewProperties(v25, compiler.NewContext("properties", v25, context))
+			if err != nil {
+				errors = append(errors, err)
+			}
+		}
+		// string discriminator = 26;
+		v26 := compiler.MapValueForKey(m, "discriminator")
+		if v26 != nil {
+			x.Discriminator, ok = compiler.StringForScalarNode(v26)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for discriminator: %s", compiler.Display(v26))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// bool read_only = 27;
+		v27 := compiler.MapValueForKey(m, "readOnly")
+		if v27 != nil {
+			x.ReadOnly, ok = compiler.BoolForScalarNode(v27)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for readOnly: %s", compiler.Display(v27))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// Xml xml = 28;
+		v28 := compiler.MapValueForKey(m, "xml")
+		if v28 != nil {
+			var err error
+			x.Xml, err = NewXml(v28, compiler.NewContext("xml", v28, context))
+			if err != nil {
+				errors = append(errors, err)
+			}
+		}
+		// ExternalDocs external_docs = 29;
+		v29 := compiler.MapValueForKey(m, "externalDocs")
+		if v29 != nil {
+			var err error
+			x.ExternalDocs, err = NewExternalDocs(v29, compiler.NewContext("externalDocs", v29, context))
+			if err != nil {
+				errors = append(errors, err)
+			}
+		}
+		// Any example = 30;
+		v30 := compiler.MapValueForKey(m, "example")
+		if v30 != nil {
+			var err error
+			x.Example, err = NewAny(v30, compiler.NewContext("example", v30, context))
+			if err != nil {
+				errors = append(errors, err)
+			}
+		}
+		// repeated NamedAny vendor_extension = 31;
+		// MAP: Any ^x-
+		x.VendorExtension = make([]*NamedAny, 0)
+		for i := 0; i < len(m.Content); i += 2 {
+			k, ok := compiler.StringForScalarNode(m.Content[i])
+			if ok {
+				v := m.Content[i+1]
+				if strings.HasPrefix(k, "x-") {
+					pair := &NamedAny{}
+					pair.Name = k
+					result := &Any{}
+					handled, resultFromExt, err := compiler.CallExtension(context, v, k)
+					if handled {
+						if err != nil {
+							errors = append(errors, err)
+						} else {
+							bytes := compiler.Marshal(v)
+							result.Yaml = string(bytes)
+							result.Value = resultFromExt
+							pair.Value = result
+						}
+					} else {
+						pair.Value, err = NewAny(v, compiler.NewContext(k, v, context))
+						if err != nil {
+							errors = append(errors, err)
+						}
+					}
+					x.VendorExtension = append(x.VendorExtension, pair)
+				}
+			}
+		}
+	}
+	return x, compiler.NewErrorGroupOrNil(errors)
+}
+
+// NewSchemaItem creates an object of type SchemaItem if possible, returning an error if not.
+func NewSchemaItem(in *yaml.Node, context *compiler.Context) (*SchemaItem, error) {
+	errors := make([]error, 0)
+	x := &SchemaItem{}
+	matched := false
+	// Schema schema = 1;
+	{
+		m, ok := compiler.UnpackMap(in)
+		if ok {
+			// errors might be ok here, they mean we just don't have the right subtype
+			t, matchingError := NewSchema(m, compiler.NewContext("schema", m, context))
+			if matchingError == nil {
+				x.Oneof = &SchemaItem_Schema{Schema: t}
+				matched = true
+			} else {
+				errors = append(errors, matchingError)
+			}
+		}
+	}
+	// FileSchema file_schema = 2;
+	{
+		m, ok := compiler.UnpackMap(in)
+		if ok {
+			// errors might be ok here, they mean we just don't have the right subtype
+			t, matchingError := NewFileSchema(m, compiler.NewContext("fileSchema", m, context))
+			if matchingError == nil {
+				x.Oneof = &SchemaItem_FileSchema{FileSchema: t}
+				matched = true
+			} else {
+				errors = append(errors, matchingError)
+			}
+		}
+	}
+	if matched {
+		// since the oneof matched one of its possibilities, discard any matching errors
+		errors = make([]error, 0)
+	} else {
+		message := fmt.Sprintf("contains an invalid SchemaItem")
+		err := compiler.NewError(context, message)
+		errors = []error{err}
+	}
+	return x, compiler.NewErrorGroupOrNil(errors)
+}
+
+// NewSecurityDefinitions creates an object of type SecurityDefinitions if possible, returning an error if not.
+func NewSecurityDefinitions(in *yaml.Node, context *compiler.Context) (*SecurityDefinitions, error) {
+	errors := make([]error, 0)
+	x := &SecurityDefinitions{}
+	m, ok := compiler.UnpackMap(in)
+	if !ok {
+		message := fmt.Sprintf("has unexpected value: %+v (%T)", in, in)
+		errors = append(errors, compiler.NewError(context, message))
+	} else {
+		// repeated NamedSecurityDefinitionsItem additional_properties = 1;
+		// MAP: SecurityDefinitionsItem
+		x.AdditionalProperties = make([]*NamedSecurityDefinitionsItem, 0)
+		for i := 0; i < len(m.Content); i += 2 {
+			k, ok := compiler.StringForScalarNode(m.Content[i])
+			if ok {
+				v := m.Content[i+1]
+				pair := &NamedSecurityDefinitionsItem{}
+				pair.Name = k
+				var err error
+				pair.Value, err = NewSecurityDefinitionsItem(v, compiler.NewContext(k, v, context))
+				if err != nil {
+					errors = append(errors, err)
+				}
+				x.AdditionalProperties = append(x.AdditionalProperties, pair)
+			}
+		}
+	}
+	return x, compiler.NewErrorGroupOrNil(errors)
+}
+
+// NewSecurityDefinitionsItem creates an object of type SecurityDefinitionsItem if possible, returning an error if not.
+func NewSecurityDefinitionsItem(in *yaml.Node, context *compiler.Context) (*SecurityDefinitionsItem, error) {
+	errors := make([]error, 0)
+	x := &SecurityDefinitionsItem{}
+	matched := false
+	// BasicAuthenticationSecurity basic_authentication_security = 1;
+	{
+		m, ok := compiler.UnpackMap(in)
+		if ok {
+			// errors might be ok here, they mean we just don't have the right subtype
+			t, matchingError := NewBasicAuthenticationSecurity(m, compiler.NewContext("basicAuthenticationSecurity", m, context))
+			if matchingError == nil {
+				x.Oneof = &SecurityDefinitionsItem_BasicAuthenticationSecurity{BasicAuthenticationSecurity: t}
+				matched = true
+			} else {
+				errors = append(errors, matchingError)
+			}
+		}
+	}
+	// ApiKeySecurity api_key_security = 2;
+	{
+		m, ok := compiler.UnpackMap(in)
+		if ok {
+			// errors might be ok here, they mean we just don't have the right subtype
+			t, matchingError := NewApiKeySecurity(m, compiler.NewContext("apiKeySecurity", m, context))
+			if matchingError == nil {
+				x.Oneof = &SecurityDefinitionsItem_ApiKeySecurity{ApiKeySecurity: t}
+				matched = true
+			} else {
+				errors = append(errors, matchingError)
+			}
+		}
+	}
+	// Oauth2ImplicitSecurity oauth2_implicit_security = 3;
+	{
+		m, ok := compiler.UnpackMap(in)
+		if ok {
+			// errors might be ok here, they mean we just don't have the right subtype
+			t, matchingError := NewOauth2ImplicitSecurity(m, compiler.NewContext("oauth2ImplicitSecurity", m, context))
+			if matchingError == nil {
+				x.Oneof = &SecurityDefinitionsItem_Oauth2ImplicitSecurity{Oauth2ImplicitSecurity: t}
+				matched = true
+			} else {
+				errors = append(errors, matchingError)
+			}
+		}
+	}
+	// Oauth2PasswordSecurity oauth2_password_security = 4;
+	{
+		m, ok := compiler.UnpackMap(in)
+		if ok {
+			// errors might be ok here, they mean we just don't have the right subtype
+			t, matchingError := NewOauth2PasswordSecurity(m, compiler.NewContext("oauth2PasswordSecurity", m, context))
+			if matchingError == nil {
+				x.Oneof = &SecurityDefinitionsItem_Oauth2PasswordSecurity{Oauth2PasswordSecurity: t}
+				matched = true
+			} else {
+				errors = append(errors, matchingError)
+			}
+		}
+	}
+	// Oauth2ApplicationSecurity oauth2_application_security = 5;
+	{
+		m, ok := compiler.UnpackMap(in)
+		if ok {
+			// errors might be ok here, they mean we just don't have the right subtype
+			t, matchingError := NewOauth2ApplicationSecurity(m, compiler.NewContext("oauth2ApplicationSecurity", m, context))
+			if matchingError == nil {
+				x.Oneof = &SecurityDefinitionsItem_Oauth2ApplicationSecurity{Oauth2ApplicationSecurity: t}
+				matched = true
+			} else {
+				errors = append(errors, matchingError)
+			}
+		}
+	}
+	// Oauth2AccessCodeSecurity oauth2_access_code_security = 6;
+	{
+		m, ok := compiler.UnpackMap(in)
+		if ok {
+			// errors might be ok here, they mean we just don't have the right subtype
+			t, matchingError := NewOauth2AccessCodeSecurity(m, compiler.NewContext("oauth2AccessCodeSecurity", m, context))
+			if matchingError == nil {
+				x.Oneof = &SecurityDefinitionsItem_Oauth2AccessCodeSecurity{Oauth2AccessCodeSecurity: t}
+				matched = true
+			} else {
+				errors = append(errors, matchingError)
+			}
+		}
+	}
+	if matched {
+		// since the oneof matched one of its possibilities, discard any matching errors
+		errors = make([]error, 0)
+	} else {
+		message := fmt.Sprintf("contains an invalid SecurityDefinitionsItem")
+		err := compiler.NewError(context, message)
+		errors = []error{err}
+	}
+	return x, compiler.NewErrorGroupOrNil(errors)
+}
+
+// NewSecurityRequirement creates an object of type SecurityRequirement if possible, returning an error if not.
+func NewSecurityRequirement(in *yaml.Node, context *compiler.Context) (*SecurityRequirement, error) {
+	errors := make([]error, 0)
+	x := &SecurityRequirement{}
+	m, ok := compiler.UnpackMap(in)
+	if !ok {
+		message := fmt.Sprintf("has unexpected value: %+v (%T)", in, in)
+		errors = append(errors, compiler.NewError(context, message))
+	} else {
+		// repeated NamedStringArray additional_properties = 1;
+		// MAP: StringArray
+		x.AdditionalProperties = make([]*NamedStringArray, 0)
+		for i := 0; i < len(m.Content); i += 2 {
+			k, ok := compiler.StringForScalarNode(m.Content[i])
+			if ok {
+				v := m.Content[i+1]
+				pair := &NamedStringArray{}
+				pair.Name = k
+				var err error
+				pair.Value, err = NewStringArray(v, compiler.NewContext(k, v, context))
+				if err != nil {
+					errors = append(errors, err)
+				}
+				x.AdditionalProperties = append(x.AdditionalProperties, pair)
+			}
+		}
+	}
+	return x, compiler.NewErrorGroupOrNil(errors)
+}
+
+// NewStringArray creates an object of type StringArray if possible, returning an error if not.
+func NewStringArray(in *yaml.Node, context *compiler.Context) (*StringArray, error) {
+	errors := make([]error, 0)
+	x := &StringArray{}
+	x.Value = make([]string, 0)
+	for _, node := range in.Content {
+		s, _ := compiler.StringForScalarNode(node)
+		x.Value = append(x.Value, s)
+	}
+	return x, compiler.NewErrorGroupOrNil(errors)
+}
+
+// NewTag creates an object of type Tag if possible, returning an error if not.
+func NewTag(in *yaml.Node, context *compiler.Context) (*Tag, error) {
+	errors := make([]error, 0)
+	x := &Tag{}
+	m, ok := compiler.UnpackMap(in)
+	if !ok {
+		message := fmt.Sprintf("has unexpected value: %+v (%T)", in, in)
+		errors = append(errors, compiler.NewError(context, message))
+	} else {
+		requiredKeys := []string{"name"}
+		missingKeys := compiler.MissingKeysInMap(m, requiredKeys)
+		if len(missingKeys) > 0 {
+			message := fmt.Sprintf("is missing required %s: %+v", compiler.PluralProperties(len(missingKeys)), strings.Join(missingKeys, ", "))
+			errors = append(errors, compiler.NewError(context, message))
+		}
+		allowedKeys := []string{"description", "externalDocs", "name"}
+		allowedPatterns := []*regexp.Regexp{pattern0}
+		invalidKeys := compiler.InvalidKeysInMap(m, allowedKeys, allowedPatterns)
+		if len(invalidKeys) > 0 {
+			message := fmt.Sprintf("has invalid %s: %+v", compiler.PluralProperties(len(invalidKeys)), strings.Join(invalidKeys, ", "))
+			errors = append(errors, compiler.NewError(context, message))
+		}
+		// string name = 1;
+		v1 := compiler.MapValueForKey(m, "name")
+		if v1 != nil {
+			x.Name, ok = compiler.StringForScalarNode(v1)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for name: %s", compiler.Display(v1))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// string description = 2;
+		v2 := compiler.MapValueForKey(m, "description")
+		if v2 != nil {
+			x.Description, ok = compiler.StringForScalarNode(v2)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for description: %s", compiler.Display(v2))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// ExternalDocs external_docs = 3;
+		v3 := compiler.MapValueForKey(m, "externalDocs")
+		if v3 != nil {
+			var err error
+			x.ExternalDocs, err = NewExternalDocs(v3, compiler.NewContext("externalDocs", v3, context))
+			if err != nil {
+				errors = append(errors, err)
+			}
+		}
+		// repeated NamedAny vendor_extension = 4;
+		// MAP: Any ^x-
+		x.VendorExtension = make([]*NamedAny, 0)
+		for i := 0; i < len(m.Content); i += 2 {
+			k, ok := compiler.StringForScalarNode(m.Content[i])
+			if ok {
+				v := m.Content[i+1]
+				if strings.HasPrefix(k, "x-") {
+					pair := &NamedAny{}
+					pair.Name = k
+					result := &Any{}
+					handled, resultFromExt, err := compiler.CallExtension(context, v, k)
+					if handled {
+						if err != nil {
+							errors = append(errors, err)
+						} else {
+							bytes := compiler.Marshal(v)
+							result.Yaml = string(bytes)
+							result.Value = resultFromExt
+							pair.Value = result
+						}
+					} else {
+						pair.Value, err = NewAny(v, compiler.NewContext(k, v, context))
+						if err != nil {
+							errors = append(errors, err)
+						}
+					}
+					x.VendorExtension = append(x.VendorExtension, pair)
+				}
+			}
+		}
+	}
+	return x, compiler.NewErrorGroupOrNil(errors)
+}
+
+// NewTypeItem creates an object of type TypeItem if possible, returning an error if not.
+func NewTypeItem(in *yaml.Node, context *compiler.Context) (*TypeItem, error) {
+	errors := make([]error, 0)
+	x := &TypeItem{}
+	v1 := in
+	switch v1.Kind {
+	case yaml.ScalarNode:
+		x.Value = make([]string, 0)
+		x.Value = append(x.Value, v1.Value)
+	case yaml.SequenceNode:
+		x.Value = make([]string, 0)
+		for _, v := range v1.Content {
+			value := v.Value
+			ok := v.Kind == yaml.ScalarNode
+			if ok {
+				x.Value = append(x.Value, value)
+			} else {
+				message := fmt.Sprintf("has unexpected value for string array element: %+v (%T)", value, value)
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+	default:
+		message := fmt.Sprintf("has unexpected value for string array: %+v (%T)", in, in)
+		errors = append(errors, compiler.NewError(context, message))
+	}
+	return x, compiler.NewErrorGroupOrNil(errors)
+}
+
+// NewVendorExtension creates an object of type VendorExtension if possible, returning an error if not.
+func NewVendorExtension(in *yaml.Node, context *compiler.Context) (*VendorExtension, error) {
+	errors := make([]error, 0)
+	x := &VendorExtension{}
+	m, ok := compiler.UnpackMap(in)
+	if !ok {
+		message := fmt.Sprintf("has unexpected value: %+v (%T)", in, in)
+		errors = append(errors, compiler.NewError(context, message))
+	} else {
+		// repeated NamedAny additional_properties = 1;
+		// MAP: Any
+		x.AdditionalProperties = make([]*NamedAny, 0)
+		for i := 0; i < len(m.Content); i += 2 {
+			k, ok := compiler.StringForScalarNode(m.Content[i])
+			if ok {
+				v := m.Content[i+1]
+				pair := &NamedAny{}
+				pair.Name = k
+				result := &Any{}
+				handled, resultFromExt, err := compiler.CallExtension(context, v, k)
+				if handled {
+					if err != nil {
+						errors = append(errors, err)
+					} else {
+						bytes := compiler.Marshal(v)
+						result.Yaml = string(bytes)
+						result.Value = resultFromExt
+						pair.Value = result
+					}
+				} else {
+					pair.Value, err = NewAny(v, compiler.NewContext(k, v, context))
+					if err != nil {
+						errors = append(errors, err)
+					}
+				}
+				x.AdditionalProperties = append(x.AdditionalProperties, pair)
+			}
+		}
+	}
+	return x, compiler.NewErrorGroupOrNil(errors)
+}
+
+// NewXml creates an object of type Xml if possible, returning an error if not.
+func NewXml(in *yaml.Node, context *compiler.Context) (*Xml, error) {
+	errors := make([]error, 0)
+	x := &Xml{}
+	m, ok := compiler.UnpackMap(in)
+	if !ok {
+		message := fmt.Sprintf("has unexpected value: %+v (%T)", in, in)
+		errors = append(errors, compiler.NewError(context, message))
+	} else {
+		allowedKeys := []string{"attribute", "name", "namespace", "prefix", "wrapped"}
+		allowedPatterns := []*regexp.Regexp{pattern0}
+		invalidKeys := compiler.InvalidKeysInMap(m, allowedKeys, allowedPatterns)
+		if len(invalidKeys) > 0 {
+			message := fmt.Sprintf("has invalid %s: %+v", compiler.PluralProperties(len(invalidKeys)), strings.Join(invalidKeys, ", "))
+			errors = append(errors, compiler.NewError(context, message))
+		}
+		// string name = 1;
+		v1 := compiler.MapValueForKey(m, "name")
+		if v1 != nil {
+			x.Name, ok = compiler.StringForScalarNode(v1)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for name: %s", compiler.Display(v1))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// string namespace = 2;
+		v2 := compiler.MapValueForKey(m, "namespace")
+		if v2 != nil {
+			x.Namespace, ok = compiler.StringForScalarNode(v2)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for namespace: %s", compiler.Display(v2))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// string prefix = 3;
+		v3 := compiler.MapValueForKey(m, "prefix")
+		if v3 != nil {
+			x.Prefix, ok = compiler.StringForScalarNode(v3)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for prefix: %s", compiler.Display(v3))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// bool attribute = 4;
+		v4 := compiler.MapValueForKey(m, "attribute")
+		if v4 != nil {
+			x.Attribute, ok = compiler.BoolForScalarNode(v4)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for attribute: %s", compiler.Display(v4))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// bool wrapped = 5;
+		v5 := compiler.MapValueForKey(m, "wrapped")
+		if v5 != nil {
+			x.Wrapped, ok = compiler.BoolForScalarNode(v5)
+			if !ok {
+				message := fmt.Sprintf("has unexpected value for wrapped: %s", compiler.Display(v5))
+				errors = append(errors, compiler.NewError(context, message))
+			}
+		}
+		// repeated NamedAny vendor_extension = 6;
+		// MAP: Any ^x-
+		x.VendorExtension = make([]*NamedAny, 0)
+		for i := 0; i < len(m.Content); i += 2 {
+			k, ok := compiler.StringForScalarNode(m.Content[i])
+			if ok {
+				v := m.Content[i+1]
+				if strings.HasPrefix(k, "x-") {
+					pair := &NamedAny{}
+					pair.Name = k
+					result := &Any{}
+					handled, resultFromExt, err := compiler.CallExtension(context, v, k)
+					if handled {
+						if err != nil {
+							errors = append(errors, err)
+						} else {
+							bytes := compiler.Marshal(v)
+							result.Yaml = string(bytes)
+							result.Value = resultFromExt
+							pair.Value = result
+						}
+					} else {
+						pair.Value, err = NewAny(v, compiler.NewContext(k, v, context))
+						if err != nil {
+							errors = append(errors, err)
+						}
+					}
+					x.VendorExtension = append(x.VendorExtension, pair)
+				}
+			}
+		}
+	}
+	return x, compiler.NewErrorGroupOrNil(errors)
+}
+
+// ResolveReferences resolves references found inside AdditionalPropertiesItem objects.
+func (m *AdditionalPropertiesItem) ResolveReferences(root string) (*yaml.Node, error) {
+	errors := make([]error, 0)
+	{
+		p, ok := m.Oneof.(*AdditionalPropertiesItem_Schema)
+		if ok {
+			_, err := p.Schema.ResolveReferences(root)
+			if err != nil {
+				return nil, err
+			}
+		}
+	}
+	return nil, compiler.NewErrorGroupOrNil(errors)
+}
+
+// ResolveReferences resolves references found inside Any objects.
+func (m *Any) ResolveReferences(root string) (*yaml.Node, error) {
+	errors := make([]error, 0)
+	return nil, compiler.NewErrorGroupOrNil(errors)
+}
+
+// ResolveReferences resolves references found inside ApiKeySecurity objects.
+func (m *ApiKeySecurity) ResolveReferences(root string) (*yaml.Node, error) {
+	errors := make([]error, 0)
+	for _, item := range m.VendorExtension {
+		if item != nil {
+			_, err := item.ResolveReferences(root)
+			if err != nil {
+				errors = append(errors, err)
+			}
+		}
+	}
+	return nil, compiler.NewErrorGroupOrNil(errors)
+}
+
+// ResolveReferences resolves references found inside BasicAuthenticationSecurity objects.
+func (m *BasicAuthenticationSecurity) ResolveReferences(root string) (*yaml.Node, error) {
+	errors := make([]error, 0)
+	for _, item := range m.VendorExtension {
+		if item != nil {
+			_, err := item.ResolveReferences(root)
+			if err != nil {
+				errors = append(errors, err)
+			}
+		}
+	}
+	return nil, compiler.NewErrorGroupOrNil(errors)
+}
+
+// ResolveReferences resolves references found inside BodyParameter objects.
+func (m *BodyParameter) ResolveReferences(root string) (*yaml.Node, error) {
+	errors := make([]error, 0)
+	if m.Schema != nil {
+		_, err := m.Schema.ResolveReferences(root)
+		if err != nil {
+			errors = append(errors, err)
+		}
+	}
+	for _, item := range m.VendorExtension {
+		if item != nil {
+			_, err := item.ResolveReferences(root)
+			if err != nil {
+				errors = append(errors, err)
+			}
+		}
+	}
+	return nil, compiler.NewErrorGroupOrNil(errors)
+}
+
+// ResolveReferences resolves references found inside Contact objects.
+func (m *Contact) ResolveReferences(root string) (*yaml.Node, error) {
+	errors := make([]error, 0)
+	for _, item := range m.VendorExtension {
+		if item != nil {
+			_, err := item.ResolveReferences(root)
+			if err != nil {
+				errors = append(errors, err)
+			}
+		}
+	}
+	return nil, compiler.NewErrorGroupOrNil(errors)
+}
+
+// ResolveReferences resolves references found inside Default objects.
+func (m *Default) ResolveReferences(root string) (*yaml.Node, error) {
+	errors := make([]error, 0)
+	for _, item := range m.AdditionalProperties {
+		if item != nil {
+			_, err := item.ResolveReferences(root)
+			if err != nil {
+				errors = append(errors, err)
+			}
+		}
+	}
+	return nil, compiler.NewErrorGroupOrNil(errors)
+}
+
+// ResolveReferences resolves references found inside Definitions objects.
+func (m *Definitions) ResolveReferences(root string) (*yaml.Node, error) {
+	errors := make([]error, 0)
+	for _, item := range m.AdditionalProperties {
+		if item != nil {
+			_, err := item.ResolveReferences(root)
+			if err != nil {
+				errors = append(errors, err)
+			}
+		}
+	}
+	return nil, compiler.NewErrorGroupOrNil(errors)
+}
+
+// ResolveReferences resolves references found inside Document objects.
+func (m *Document) ResolveReferences(root string) (*yaml.Node, error) {
+	errors := make([]error, 0)
+	if m.Info != nil {
+		_, err := m.Info.ResolveReferences(root)
+		if err != nil {
+			errors = append(errors, err)
+		}
+	}
+	if m.Paths != nil {
+		_, err := m.Paths.ResolveReferences(root)
+		if err != nil {
+			errors = append(errors, err)
+		}
+	}
+	if m.Definitions != nil {
+		_, err := m.Definitions.ResolveReferences(root)
+		if err != nil {
+			errors = append(errors, err)
+		}
+	}
+	if m.Parameters != nil {
+		_, err := m.Parameters.ResolveReferences(root)
+		if err != nil {
+			errors = append(errors, err)
+		}
+	}
+	if m.Responses != nil {
+		_, err := m.Responses.ResolveReferences(root)
+		if err != nil {
+			errors = append(errors, err)
+		}
+	}
+	for _, item := range m.Security {
+		if item != nil {
+			_, err := item.ResolveReferences(root)
+			if err != nil {
+				errors = append(errors, err)
+			}
+		}
+	}
+	if m.SecurityDefinitions != nil {
+		_, err := m.SecurityDefinitions.ResolveReferences(root)
+		if err != nil {
+			errors = append(errors, err)
+		}
+	}
+	for _, item := range m.Tags {
+		if item != nil {
+			_, err := item.ResolveReferences(root)
+			if err != nil {
+				errors = append(errors, err)
+			}
+		}
+	}
+	if m.ExternalDocs != nil {
+		_, err := m.ExternalDocs.ResolveReferences(root)
+		if err != nil {
+			errors = append(errors, err)
+		}
+	}
+	for _, item := range m.VendorExtension {
+		if item != nil {
+			_, err := item.ResolveReferences(root)
+			if err != nil {
+				errors = append(errors, err)
+			}
+		}
+	}
+	return nil, compiler.NewErrorGroupOrNil(errors)
+}
+
+// ResolveReferences resolves references found inside Examples objects.
+func (m *Examples) ResolveReferences(root string) (*yaml.Node, error) {
+	errors := make([]error, 0)
+	for _, item := range m.AdditionalProperties {
+		if item != nil {
+			_, err := item.ResolveReferences(root)
+			if err != nil {
+				errors = append(errors, err)
+			}
+		}
+	}
+	return nil, compiler.NewErrorGroupOrNil(errors)
+}
+
+// ResolveReferences resolves references found inside ExternalDocs objects.
+func (m *ExternalDocs) ResolveReferences(root string) (*yaml.Node, error) {
+	errors := make([]error, 0)
+	for _, item := range m.VendorExtension {
+		if item != nil {
+			_, err := item.ResolveReferences(root)
+			if err != nil {
+				errors = append(errors, err)
+			}
+		}
+	}
+	return nil, compiler.NewErrorGroupOrNil(errors)
+}
+
+// ResolveReferences resolves references found inside FileSchema objects.
+func (m *FileSchema) ResolveReferences(root string) (*yaml.Node, error) {
+	errors := make([]error, 0)
+	if m.Default != nil {
+		_, err := m.Default.ResolveReferences(root)
+		if err != nil {
+			errors = append(errors, err)
+		}
+	}
+	if m.ExternalDocs != nil {
+		_, err := m.ExternalDocs.ResolveReferences(root)
+		if err != nil {
+			errors = append(errors, err)
+		}
+	}
+	if m.Example != nil {
+		_, err := m.Example.ResolveReferences(root)
+		if err != nil {
+			errors = append(errors, err)
+		}
+	}
+	for _, item := range m.VendorExtension {
+		if item != nil {
+			_, err := item.ResolveReferences(root)
+			if err != nil {
+				errors = append(errors, err)
+			}
+		}
+	}
+	return nil, compiler.NewErrorGroupOrNil(errors)
+}
+
+// ResolveReferences resolves references found inside FormDataParameterSubSchema objects.
+func (m *FormDataParameterSubSchema) ResolveReferences(root string) (*yaml.Node, error) {
+	errors := make([]error, 0)
+	if m.Items != nil {
+		_, err := m.Items.ResolveReferences(root)
+		if err != nil {
+			errors = append(errors, err)
+		}
+	}
+	if m.Default != nil {
+		_, err := m.Default.ResolveReferences(root)
+		if err != nil {
+			errors = append(errors, err)
+		}
+	}
+	for _, item := range m.Enum {
+		if item != nil {
+			_, err := item.ResolveReferences(root)
+			if err != nil {
+				errors = append(errors, err)
+			}
+		}
+	}
+	for _, item := range m.VendorExtension {
+		if item != nil {
+			_, err := item.ResolveReferences(root)
+			if err != nil {
+				errors = append(errors, err)
+			}
+		}
+	}
+	return nil, compiler.NewErrorGroupOrNil(errors)
+}
+
+// ResolveReferences resolves references found inside Header objects.
+func (m *Header) ResolveReferences(root string) (*yaml.Node, error) {
+	errors := make([]error, 0)
+	if m.Items != nil {
+		_, err := m.Items.ResolveReferences(root)
+		if err != nil {
+			errors = append(errors, err)
+		}
+	}
+	if m.Default != nil {
+		_, err := m.Default.ResolveReferences(root)
+		if err != nil {
+			errors = append(errors, err)
+		}
+	}
+	for _, item := range m.Enum {
+		if item != nil {
+			_, err := item.ResolveReferences(root)
+			if err != nil {
+				errors = append(errors, err)
+			}
+		}
+	}
+	for _, item := range m.VendorExtension {
+		if item != nil {
+			_, err := item.ResolveReferences(root)
+			if err != nil {
+				errors = append(errors, err)
+			}
+		}
+	}
+	return nil, compiler.NewErrorGroupOrNil(errors)
+}
+
+// ResolveReferences resolves references found inside HeaderParameterSubSchema objects.
+func (m *HeaderParameterSubSchema) ResolveReferences(root string) (*yaml.Node, error) {
+	errors := make([]error, 0)
+	if m.Items != nil {
+		_, err := m.Items.ResolveReferences(root)
+		if err != nil {
+			errors = append(errors, err)
+		}
+	}
+	if m.Default != nil {
+		_, err := m.Default.ResolveReferences(root)
+		if err != nil {
+			errors = append(errors, err)
+		}
+	}
+	for _, item := range m.Enum {
+		if item != nil {
+			_, err := item.ResolveReferences(root)
+			if err != nil {
+				errors = append(errors, err)
+			}
+		}
+	}
+	for _, item := range m.VendorExtension {
+		if item != nil {
+			_, err := item.ResolveReferences(root)
+			if err != nil {
+				errors = append(errors, err)
+			}
+		}
+	}
+	return nil, compiler.NewErrorGroupOrNil(errors)
+}
+
+// ResolveReferences resolves references found inside Headers objects.
+func (m *Headers) ResolveReferences(root string) (*yaml.Node, error) {
+	errors := make([]error, 0)
+	for _, item := range m.AdditionalProperties {
+		if item != nil {
+			_, err := item.ResolveReferences(root)
+			if err != nil {
+				errors = append(errors, err)
+			}
+		}
+	}
+	return nil, compiler.NewErrorGroupOrNil(errors)
+}
+
+// ResolveReferences resolves references found inside Info objects.
+func (m *Info) ResolveReferences(root string) (*yaml.Node, error) {
+	errors := make([]error, 0)
+	if m.Contact != nil {
+		_, err := m.Contact.ResolveReferences(root)
+		if err != nil {
+			errors = append(errors, err)
+		}
+	}
+	if m.License != nil {
+		_, err := m.License.ResolveReferences(root)
+		if err != nil {
+			errors = append(errors, err)
+		}
+	}
+	for _, item := range m.VendorExtension {
+		if item != nil {
+			_, err := item.ResolveReferences(root)
+			if err != nil {
+				errors = append(errors, err)
+			}
+		}
+	}
+	return nil, compiler.NewErrorGroupOrNil(errors)
+}
+
+// ResolveReferences resolves references found inside ItemsItem objects.
+func (m *ItemsItem) ResolveReferences(root string) (*yaml.Node, error) {
+	errors := make([]error, 0)
+	for _, item := range m.Schema {
+		if item != nil {
+			_, err := item.ResolveReferences(root)
+			if err != nil {
+				errors = append(errors, err)
+			}
+		}
+	}
+	return nil, compiler.NewErrorGroupOrNil(errors)
+}
+
+// ResolveReferences resolves references found inside JsonReference objects.
+func (m *JsonReference) ResolveReferences(root string) (*yaml.Node, error) {
+	errors := make([]error, 0)
+	if m.XRef != "" {
+		info, err := compiler.ReadInfoForRef(root, m.XRef)
+		if err != nil {
+			return nil, err
+		}
+		if info != nil {
+			replacement, err := NewJsonReference(info, nil)
+			if err == nil {
+				*m = *replacement
+				return m.ResolveReferences(root)
+			}
+		}
+		return info, nil
+	}
+	return nil, compiler.NewErrorGroupOrNil(errors)
+}
+
+// ResolveReferences resolves references found inside License objects.
+func (m *License) ResolveReferences(root string) (*yaml.Node, error) {
+	errors := make([]error, 0)
+	for _, item := range m.VendorExtension {
+		if item != nil {
+			_, err := item.ResolveReferences(root)
+			if err != nil {
+				errors = append(errors, err)
+			}
+		}
+	}
+	return nil, compiler.NewErrorGroupOrNil(errors)
+}
+
+// ResolveReferences resolves references found inside NamedAny objects.
+func (m *NamedAny) ResolveReferences(root string) (*yaml.Node, error) {
+	errors := make([]error, 0)
+	if m.Value != nil {
+		_, err := m.Value.ResolveReferences(root)
+		if err != nil {
+			errors = append(errors, err)
+		}
+	}
+	return nil, compiler.NewErrorGroupOrNil(errors)
+}
+
+// ResolveReferences resolves references found inside NamedHeader objects.
+func (m *NamedHeader) ResolveReferences(root string) (*yaml.Node, error) {
+	errors := make([]error, 0)
+	if m.Value != nil {
+		_, err := m.Value.ResolveReferences(root)
+		if err != nil {
+			errors = append(errors, err)
+		}
+	}
+	return nil, compiler.NewErrorGroupOrNil(errors)
+}
+
+// ResolveReferences resolves references found inside NamedParameter objects.
+func (m *NamedParameter) ResolveReferences(root string) (*yaml.Node, error) {
+	errors := make([]error, 0)
+	if m.Value != nil {
+		_, err := m.Value.ResolveReferences(root)
+		if err != nil {
+			errors = append(errors, err)
+		}
+	}
+	return nil, compiler.NewErrorGroupOrNil(errors)
+}
+
+// ResolveReferences resolves references found inside NamedPathItem objects.
+func (m *NamedPathItem) ResolveReferences(root string) (*yaml.Node, error) {
+	errors := make([]error, 0)
+	if m.Value != nil {
+		_, err := m.Value.ResolveReferences(root)
+		if err != nil {
+			errors = append(errors, err)
+		}
+	}
+	return nil, compiler.NewErrorGroupOrNil(errors)
+}
+
+// ResolveReferences resolves references found inside NamedResponse objects.
+func (m *NamedResponse) ResolveReferences(root string) (*yaml.Node, error) {
+	errors := make([]error, 0)
+	if m.Value != nil {
+		_, err := m.Value.ResolveReferences(root)
+		if err != nil {
+			errors = append(errors, err)
+		}
+	}
+	return nil, compiler.NewErrorGroupOrNil(errors)
+}
+
+// ResolveReferences resolves references found inside NamedResponseValue objects.
+func (m *NamedResponseValue) ResolveReferences(root string) (*yaml.Node, error) {
+	errors := make([]error, 0)
+	if m.Value != nil {
+		_, err := m.Value.ResolveReferences(root)
+		if err != nil {
+			errors = append(errors, err)
+		}
+	}
+	return nil, compiler.NewErrorGroupOrNil(errors)
+}
+
+// ResolveReferences resolves references found inside NamedSchema objects.
+func (m *NamedSchema) ResolveReferences(root string) (*yaml.Node, error) {
+	errors := make([]error, 0)
+	if m.Value != nil {
+		_, err := m.Value.ResolveReferences(root)
+		if err != nil {
+			errors = append(errors, err)
+		}
+	}
+	return nil, compiler.NewErrorGroupOrNil(errors)
+}
+
+// ResolveReferences resolves references found inside NamedSecurityDefinitionsItem objects.
+func (m *NamedSecurityDefinitionsItem) ResolveReferences(root string) (*yaml.Node, error) {
+	errors := make([]error, 0)
+	if m.Value != nil {
+		_, err := m.Value.ResolveReferences(root)
+		if err != nil {
+			errors = append(errors, err)
+		}
+	}
+	return nil, compiler.NewErrorGroupOrNil(errors)
+}
+
+// ResolveReferences resolves references found inside NamedString objects.
+func (m *NamedString) ResolveReferences(root string) (*yaml.Node, error) {
+	errors := make([]error, 0)
+	return nil, compiler.NewErrorGroupOrNil(errors)
+}
+
+// ResolveReferences resolves references found inside NamedStringArray objects.
+func (m *NamedStringArray) ResolveReferences(root string) (*yaml.Node, error) {
+	errors := make([]error, 0)
+	if m.Value != nil {
+		_, err := m.Value.ResolveReferences(root)
+		if err != nil {
+			errors = append(errors, err)
+		}
+	}
+	return nil, compiler.NewErrorGroupOrNil(errors)
+}
+
+// ResolveReferences resolves references found inside NonBodyParameter objects.
+func (m *NonBodyParameter) ResolveReferences(root string) (*yaml.Node, error) {
+	errors := make([]error, 0)
+	{
+		p, ok := m.Oneof.(*NonBodyParameter_HeaderParameterSubSchema)
+		if ok {
+			_, err := p.HeaderParameterSubSchema.ResolveReferences(root)
+			if err != nil {
+				return nil, err
+			}
+		}
+	}
+	{
+		p, ok := m.Oneof.(*NonBodyParameter_FormDataParameterSubSchema)
+		if ok {
+			_, err := p.FormDataParameterSubSchema.ResolveReferences(root)
+			if err != nil {
+				return nil, err
+			}
+		}
+	}
+	{
+		p, ok := m.Oneof.(*NonBodyParameter_QueryParameterSubSchema)
+		if ok {
+			_, err := p.QueryParameterSubSchema.ResolveReferences(root)
+			if err != nil {
+				return nil, err
+			}
+		}
+	}
+	{
+		p, ok := m.Oneof.(*NonBodyParameter_PathParameterSubSchema)
+		if ok {
+			_, err := p.PathParameterSubSchema.ResolveReferences(root)
+			if err != nil {
+				return nil, err
+			}
+		}
+	}
+	return nil, compiler.NewErrorGroupOrNil(errors)
+}
+
+// ResolveReferences resolves references found inside Oauth2AccessCodeSecurity objects.
+func (m *Oauth2AccessCodeSecurity) ResolveReferences(root string) (*yaml.Node, error) {
+	errors := make([]error, 0)
+	if m.Scopes != nil {
+		_, err := m.Scopes.ResolveReferences(root)
+		if err != nil {
+			errors = append(errors, err)
+		}
+	}
+	for _, item := range m.VendorExtension {
+		if item != nil {
+			_, err := item.ResolveReferences(root)
+			if err != nil {
+				errors = append(errors, err)
+			}
+		}
+	}
+	return nil, compiler.NewErrorGroupOrNil(errors)
+}
+
+// ResolveReferences resolves references found inside Oauth2ApplicationSecurity objects.
+func (m *Oauth2ApplicationSecurity) ResolveReferences(root string) (*yaml.Node, error) {
+	errors := make([]error, 0)
+	if m.Scopes != nil {
+		_, err := m.Scopes.ResolveReferences(root)
+		if err != nil {
+			errors = append(errors, err)
+		}
+	}
+	for _, item := range m.VendorExtension {
+		if item != nil {
+			_, err := item.ResolveReferences(root)
+			if err != nil {
+				errors = append(errors, err)
+			}
+		}
+	}
+	return nil, compiler.NewErrorGroupOrNil(errors)
+}
+
+// ResolveReferences resolves references found inside Oauth2ImplicitSecurity objects.
+func (m *Oauth2ImplicitSecurity) ResolveReferences(root string) (*yaml.Node, error) {
+	errors := make([]error, 0)
+	if m.Scopes != nil {
+		_, err := m.Scopes.ResolveReferences(root)
+		if err != nil {
+			errors = append(errors, err)
+		}
+	}
+	for _, item := range m.VendorExtension {
+		if item != nil {
+			_, err := item.ResolveReferences(root)
+			if err != nil {
+				errors = append(errors, err)
+			}
+		}
+	}
+	return nil, compiler.NewErrorGroupOrNil(errors)
+}
+
+// ResolveReferences resolves references found inside Oauth2PasswordSecurity objects.
+func (m *Oauth2PasswordSecurity) ResolveReferences(root string) (*yaml.Node, error) {
+	errors := make([]error, 0)
+	if m.Scopes != nil {
+		_, err := m.Scopes.ResolveReferences(root)
+		if err != nil {
+			errors = append(errors, err)
+		}
+	}
+	for _, item := range m.VendorExtension {
+		if item != nil {
+			_, err := item.ResolveReferences(root)
+			if err != nil {
+				errors = append(errors, err)
+			}
+		}
+	}
+	return nil, compiler.NewErrorGroupOrNil(errors)
+}
+
+// ResolveReferences resolves references found inside Oauth2Scopes objects.
+func (m *Oauth2Scopes) ResolveReferences(root string) (*yaml.Node, error) {
+	errors := make([]error, 0)
+	for _, item := range m.AdditionalProperties {
+		if item != nil {
+			_, err := item.ResolveReferences(root)
+			if err != nil {
+				errors = append(errors, err)
+			}
+		}
+	}
+	return nil, compiler.NewErrorGroupOrNil(errors)
+}
+
+// ResolveReferences resolves references found inside Operation objects.
+func (m *Operation) ResolveReferences(root string) (*yaml.Node, error) {
+	errors := make([]error, 0)
+	if m.ExternalDocs != nil {
+		_, err := m.ExternalDocs.ResolveReferences(root)
+		if err != nil {
+			errors = append(errors, err)
+		}
+	}
+	for _, item := range m.Parameters {
+		if item != nil {
+			_, err := item.ResolveReferences(root)
+			if err != nil {
+				errors = append(errors, err)
+			}
+		}
+	}
+	if m.Responses != nil {
+		_, err := m.Responses.ResolveReferences(root)
+		if err != nil {
+			errors = append(errors, err)
+		}
+	}
+	for _, item := range m.Security {
+		if item != nil {
+			_, err := item.ResolveReferences(root)
+			if err != nil {
+				errors = append(errors, err)
+			}
+		}
+	}
+	for _, item := range m.VendorExtension {
+		if item != nil {
+			_, err := item.ResolveReferences(root)
+			if err != nil {
+				errors = append(errors, err)
+			}
+		}
+	}
+	return nil, compiler.NewErrorGroupOrNil(errors)
+}
+
+// ResolveReferences resolves references found inside Parameter objects.
+func (m *Parameter) ResolveReferences(root string) (*yaml.Node, error) {
+	errors := make([]error, 0)
+	{
+		p, ok := m.Oneof.(*Parameter_BodyParameter)
+		if ok {
+			_, err := p.BodyParameter.ResolveReferences(root)
+			if err != nil {
+				return nil, err
+			}
+		}
+	}
+	{
+		p, ok := m.Oneof.(*Parameter_NonBodyParameter)
+		if ok {
+			_, err := p.NonBodyParameter.ResolveReferences(root)
+			if err != nil {
+				return nil, err
+			}
+		}
+	}
+	return nil, compiler.NewErrorGroupOrNil(errors)
+}
+
+// ResolveReferences resolves references found inside ParameterDefinitions objects.
+func (m *ParameterDefinitions) ResolveReferences(root string) (*yaml.Node, error) {
+	errors := make([]error, 0)
+	for _, item := range m.AdditionalProperties {
+		if item != nil {
+			_, err := item.ResolveReferences(root)
+			if err != nil {
+				errors = append(errors, err)
+			}
+		}
+	}
+	return nil, compiler.NewErrorGroupOrNil(errors)
+}
+
+// ResolveReferences resolves references found inside ParametersItem objects.
+func (m *ParametersItem) ResolveReferences(root string) (*yaml.Node, error) {
+	errors := make([]error, 0)
+	{
+		p, ok := m.Oneof.(*ParametersItem_Parameter)
+		if ok {
+			_, err := p.Parameter.ResolveReferences(root)
+			if err != nil {
+				return nil, err
+			}
+		}
+	}
+	{
+		p, ok := m.Oneof.(*ParametersItem_JsonReference)
+		if ok {
+			info, err := p.JsonReference.ResolveReferences(root)
+			if err != nil {
+				return nil, err
+			} else if info != nil {
+				n, err := NewParametersItem(info, nil)
+				if err != nil {
+					return nil, err
+				} else if n != nil {
+					*m = *n
+					return nil, nil
+				}
+			}
+		}
+	}
+	return nil, compiler.NewErrorGroupOrNil(errors)
+}
+
+// ResolveReferences resolves references found inside PathItem objects.
+func (m *PathItem) ResolveReferences(root string) (*yaml.Node, error) {
+	errors := make([]error, 0)
+	if m.XRef != "" {
+		info, err := compiler.ReadInfoForRef(root, m.XRef)
+		if err != nil {
+			return nil, err
+		}
+		if info != nil {
+			replacement, err := NewPathItem(info, nil)
+			if err == nil {
+				*m = *replacement
+				return m.ResolveReferences(root)
+			}
+		}
+		return info, nil
+	}
+	if m.Get != nil {
+		_, err := m.Get.ResolveReferences(root)
+		if err != nil {
+			errors = append(errors, err)
+		}
+	}
+	if m.Put != nil {
+		_, err := m.Put.ResolveReferences(root)
+		if err != nil {
+			errors = append(errors, err)
+		}
+	}
+	if m.Post != nil {
+		_, err := m.Post.ResolveReferences(root)
+		if err != nil {
+			errors = append(errors, err)
+		}
+	}
+	if m.Delete != nil {
+		_, err := m.Delete.ResolveReferences(root)
+		if err != nil {
+			errors = append(errors, err)
+		}
+	}
+	if m.Options != nil {
+		_, err := m.Options.ResolveReferences(root)
+		if err != nil {
+			errors = append(errors, err)
+		}
+	}
+	if m.Head != nil {
+		_, err := m.Head.ResolveReferences(root)
+		if err != nil {
+			errors = append(errors, err)
+		}
+	}
+	if m.Patch != nil {
+		_, err := m.Patch.ResolveReferences(root)
+		if err != nil {
+			errors = append(errors, err)
+		}
+	}
+	for _, item := range m.Parameters {
+		if item != nil {
+			_, err := item.ResolveReferences(root)
+			if err != nil {
+				errors = append(errors, err)
+			}
+		}
+	}
+	for _, item := range m.VendorExtension {
+		if item != nil {
+			_, err := item.ResolveReferences(root)
+			if err != nil {
+				errors = append(errors, err)
+			}
+		}
+	}
+	return nil, compiler.NewErrorGroupOrNil(errors)
+}
+
+// ResolveReferences resolves references found inside PathParameterSubSchema objects.
+func (m *PathParameterSubSchema) ResolveReferences(root string) (*yaml.Node, error) {
+	errors := make([]error, 0)
+	if m.Items != nil {
+		_, err := m.Items.ResolveReferences(root)
+		if err != nil {
+			errors = append(errors, err)
+		}
+	}
+	if m.Default != nil {
+		_, err := m.Default.ResolveReferences(root)
+		if err != nil {
+			errors = append(errors, err)
+		}
+	}
+	for _, item := range m.Enum {
+		if item != nil {
+			_, err := item.ResolveReferences(root)
+			if err != nil {
+				errors = append(errors, err)
+			}
+		}
+	}
+	for _, item := range m.VendorExtension {
+		if item != nil {
+			_, err := item.ResolveReferences(root)
+			if err != nil {
+				errors = append(errors, err)
+			}
+		}
+	}
+	return nil, compiler.NewErrorGroupOrNil(errors)
+}
+
+// ResolveReferences resolves references found inside Paths objects.
+func (m *Paths) ResolveReferences(root string) (*yaml.Node, error) {
+	errors := make([]error, 0)
+	for _, item := range m.VendorExtension {
+		if item != nil {
+			_, err := item.ResolveReferences(root)
+			if err != nil {
+				errors = append(errors, err)
+			}
+		}
+	}
+	for _, item := range m.Path {
+		if item != nil {
+			_, err := item.ResolveReferences(root)
+			if err != nil {
+				errors = append(errors, err)
+			}
+		}
+	}
+	return nil, compiler.NewErrorGroupOrNil(errors)
+}
+
+// ResolveReferences resolves references found inside PrimitivesItems objects.
+func (m *PrimitivesItems) ResolveReferences(root string) (*yaml.Node, error) {
+	errors := make([]error, 0)
+	if m.Items != nil {
+		_, err := m.Items.ResolveReferences(root)
+		if err != nil {
+			errors = append(errors, err)
+		}
+	}
+	if m.Default != nil {
+		_, err := m.Default.ResolveReferences(root)
+		if err != nil {
+			errors = append(errors, err)
+		}
+	}
+	for _, item := range m.Enum {
+		if item != nil {
+			_, err := item.ResolveReferences(root)
+			if err != nil {
+				errors = append(errors, err)
+			}
+		}
+	}
+	for _, item := range m.VendorExtension {
+		if item != nil {
+			_, err := item.ResolveReferences(root)
+			if err != nil {
+				errors = append(errors, err)
+			}
+		}
+	}
+	return nil, compiler.NewErrorGroupOrNil(errors)
+}
+
+// ResolveReferences resolves references found inside Properties objects.
+func (m *Properties) ResolveReferences(root string) (*yaml.Node, error) {
+	errors := make([]error, 0)
+	for _, item := range m.AdditionalProperties {
+		if item != nil {
+			_, err := item.ResolveReferences(root)
+			if err != nil {
+				errors = append(errors, err)
+			}
+		}
+	}
+	return nil, compiler.NewErrorGroupOrNil(errors)
+}
+
+// ResolveReferences resolves references found inside QueryParameterSubSchema objects.
+func (m *QueryParameterSubSchema) ResolveReferences(root string) (*yaml.Node, error) {
+	errors := make([]error, 0)
+	if m.Items != nil {
+		_, err := m.Items.ResolveReferences(root)
+		if err != nil {
+			errors = append(errors, err)
+		}
+	}
+	if m.Default != nil {
+		_, err := m.Default.ResolveReferences(root)
+		if err != nil {
+			errors = append(errors, err)
+		}
+	}
+	for _, item := range m.Enum {
+		if item != nil {
+			_, err := item.ResolveReferences(root)
+			if err != nil {
+				errors = append(errors, err)
+			}
+		}
+	}
+	for _, item := range m.VendorExtension {
+		if item != nil {
+			_, err := item.ResolveReferences(root)
+			if err != nil {
+				errors = append(errors, err)
+			}
+		}
+	}
+	return nil, compiler.NewErrorGroupOrNil(errors)
+}
+
+// ResolveReferences resolves references found inside Response objects.
+func (m *Response) ResolveReferences(root string) (*yaml.Node, error) {
+	errors := make([]error, 0)
+	if m.Schema != nil {
+		_, err := m.Schema.ResolveReferences(root)
+		if err != nil {
+			errors = append(errors, err)
+		}
+	}
+	if m.Headers != nil {
+		_, err := m.Headers.ResolveReferences(root)
+		if err != nil {
+			errors = append(errors, err)
+		}
+	}
+	if m.Examples != nil {
+		_, err := m.Examples.ResolveReferences(root)
+		if err != nil {
+			errors = append(errors, err)
+		}
+	}
+	for _, item := range m.VendorExtension {
+		if item != nil {
+			_, err := item.ResolveReferences(root)
+			if err != nil {
+				errors = append(errors, err)
+			}
+		}
+	}
+	return nil, compiler.NewErrorGroupOrNil(errors)
+}
+
+// ResolveReferences resolves references found inside ResponseDefinitions objects.
+func (m *ResponseDefinitions) ResolveReferences(root string) (*yaml.Node, error) {
+	errors := make([]error, 0)
+	for _, item := range m.AdditionalProperties {
+		if item != nil {
+			_, err := item.ResolveReferences(root)
+			if err != nil {
+				errors = append(errors, err)
+			}
+		}
+	}
+	return nil, compiler.NewErrorGroupOrNil(errors)
+}
+
+// ResolveReferences resolves references found inside ResponseValue objects.
+func (m *ResponseValue) ResolveReferences(root string) (*yaml.Node, error) {
+	errors := make([]error, 0)
+	{
+		p, ok := m.Oneof.(*ResponseValue_Response)
+		if ok {
+			_, err := p.Response.ResolveReferences(root)
+			if err != nil {
+				return nil, err
+			}
+		}
+	}
+	{
+		p, ok := m.Oneof.(*ResponseValue_JsonReference)
+		if ok {
+			info, err := p.JsonReference.ResolveReferences(root)
+			if err != nil {
+				return nil, err
+			} else if info != nil {
+				n, err := NewResponseValue(info, nil)
+				if err != nil {
+					return nil, err
+				} else if n != nil {
+					*m = *n
+					return nil, nil
+				}
+			}
+		}
+	}
+	return nil, compiler.NewErrorGroupOrNil(errors)
+}
+
+// ResolveReferences resolves references found inside Responses objects.
+func (m *Responses) ResolveReferences(root string) (*yaml.Node, error) {
+	errors := make([]error, 0)
+	for _, item := range m.ResponseCode {
+		if item != nil {
+			_, err := item.ResolveReferences(root)
+			if err != nil {
+				errors = append(errors, err)
+			}
+		}
+	}
+	for _, item := range m.VendorExtension {
+		if item != nil {
+			_, err := item.ResolveReferences(root)
+			if err != nil {
+				errors = append(errors, err)
+			}
+		}
+	}
+	return nil, compiler.NewErrorGroupOrNil(errors)
+}
+
+// ResolveReferences resolves references found inside Schema objects.
+func (m *Schema) ResolveReferences(root string) (*yaml.Node, error) {
+	errors := make([]error, 0)
+	if m.XRef != "" {
+		info, err := compiler.ReadInfoForRef(root, m.XRef)
+		if err != nil {
+			return nil, err
+		}
+		if info != nil {
+			replacement, err := NewSchema(info, nil)
+			if err == nil {
+				*m = *replacement
+				return m.ResolveReferences(root)
+			}
+		}
+		return info, nil
+	}
+	if m.Default != nil {
+		_, err := m.Default.ResolveReferences(root)
+		if err != nil {
+			errors = append(errors, err)
+		}
+	}
+	for _, item := range m.Enum {
+		if item != nil {
+			_, err := item.ResolveReferences(root)
+			if err != nil {
+				errors = append(errors, err)
+			}
+		}
+	}
+	if m.AdditionalProperties != nil {
+		_, err := m.AdditionalProperties.ResolveReferences(root)
+		if err != nil {
+			errors = append(errors, err)
+		}
+	}
+	if m.Type != nil {
+		_, err := m.Type.ResolveReferences(root)
+		if err != nil {
+			errors = append(errors, err)
+		}
+	}
+	if m.Items != nil {
+		_, err := m.Items.ResolveReferences(root)
+		if err != nil {
+			errors = append(errors, err)
+		}
+	}
+	for _, item := range m.AllOf {
+		if item != nil {
+			_, err := item.ResolveReferences(root)
+			if err != nil {
+				errors = append(errors, err)
+			}
+		}
+	}
+	if m.Properties != nil {
+		_, err := m.Properties.ResolveReferences(root)
+		if err != nil {
+			errors = append(errors, err)
+		}
+	}
+	if m.Xml != nil {
+		_, err := m.Xml.ResolveReferences(root)
+		if err != nil {
+			errors = append(errors, err)
+		}
+	}
+	if m.ExternalDocs != nil {
+		_, err := m.ExternalDocs.ResolveReferences(root)
+		if err != nil {
+			errors = append(errors, err)
+		}
+	}
+	if m.Example != nil {
+		_, err := m.Example.ResolveReferences(root)
+		if err != nil {
+			errors = append(errors, err)
+		}
+	}
+	for _, item := range m.VendorExtension {
+		if item != nil {
+			_, err := item.ResolveReferences(root)
+			if err != nil {
+				errors = append(errors, err)
+			}
+		}
+	}
+	return nil, compiler.NewErrorGroupOrNil(errors)
+}
+
+// ResolveReferences resolves references found inside SchemaItem objects.
+func (m *SchemaItem) ResolveReferences(root string) (*yaml.Node, error) {
+	errors := make([]error, 0)
+	{
+		p, ok := m.Oneof.(*SchemaItem_Schema)
+		if ok {
+			_, err := p.Schema.ResolveReferences(root)
+			if err != nil {
+				return nil, err
+			}
+		}
+	}
+	{
+		p, ok := m.Oneof.(*SchemaItem_FileSchema)
+		if ok {
+			_, err := p.FileSchema.ResolveReferences(root)
+			if err != nil {
+				return nil, err
+			}
+		}
+	}
+	return nil, compiler.NewErrorGroupOrNil(errors)
+}
+
+// ResolveReferences resolves references found inside SecurityDefinitions objects.
+func (m *SecurityDefinitions) ResolveReferences(root string) (*yaml.Node, error) {
+	errors := make([]error, 0)
+	for _, item := range m.AdditionalProperties {
+		if item != nil {
+			_, err := item.ResolveReferences(root)
+			if err != nil {
+				errors = append(errors, err)
+			}
+		}
+	}
+	return nil, compiler.NewErrorGroupOrNil(errors)
+}
+
+// ResolveReferences resolves references found inside SecurityDefinitionsItem objects.
+func (m *SecurityDefinitionsItem) ResolveReferences(root string) (*yaml.Node, error) {
+	errors := make([]error, 0)
+	{
+		p, ok := m.Oneof.(*SecurityDefinitionsItem_BasicAuthenticationSecurity)
+		if ok {
+			_, err := p.BasicAuthenticationSecurity.ResolveReferences(root)
+			if err != nil {
+				return nil, err
+			}
+		}
+	}
+	{
+		p, ok := m.Oneof.(*SecurityDefinitionsItem_ApiKeySecurity)
+		if ok {
+			_, err := p.ApiKeySecurity.ResolveReferences(root)
+			if err != nil {
+				return nil, err
+			}
+		}
+	}
+	{
+		p, ok := m.Oneof.(*SecurityDefinitionsItem_Oauth2ImplicitSecurity)
+		if ok {
+			_, err := p.Oauth2ImplicitSecurity.ResolveReferences(root)
+			if err != nil {
+				return nil, err
+			}
+		}
+	}
+	{
+		p, ok := m.Oneof.(*SecurityDefinitionsItem_Oauth2PasswordSecurity)
+		if ok {
+			_, err := p.Oauth2PasswordSecurity.ResolveReferences(root)
+			if err != nil {
+				return nil, err
+			}
+		}
+	}
+	{
+		p, ok := m.Oneof.(*SecurityDefinitionsItem_Oauth2ApplicationSecurity)
+		if ok {
+			_, err := p.Oauth2ApplicationSecurity.ResolveReferences(root)
+			if err != nil {
+				return nil, err
+			}
+		}
+	}
+	{
+		p, ok := m.Oneof.(*SecurityDefinitionsItem_Oauth2AccessCodeSecurity)
+		if ok {
+			_, err := p.Oauth2AccessCodeSecurity.ResolveReferences(root)
+			if err != nil {
+				return nil, err
+			}
+		}
+	}
+	return nil, compiler.NewErrorGroupOrNil(errors)
+}
+
+// ResolveReferences resolves references found inside SecurityRequirement objects.
+func (m *SecurityRequirement) ResolveReferences(root string) (*yaml.Node, error) {
+	errors := make([]error, 0)
+	for _, item := range m.AdditionalProperties {
+		if item != nil {
+			_, err := item.ResolveReferences(root)
+			if err != nil {
+				errors = append(errors, err)
+			}
+		}
+	}
+	return nil, compiler.NewErrorGroupOrNil(errors)
+}
+
+// ResolveReferences resolves references found inside StringArray objects.
+func (m *StringArray) ResolveReferences(root string) (*yaml.Node, error) {
+	errors := make([]error, 0)
+	return nil, compiler.NewErrorGroupOrNil(errors)
+}
+
+// ResolveReferences resolves references found inside Tag objects.
+func (m *Tag) ResolveReferences(root string) (*yaml.Node, error) {
+	errors := make([]error, 0)
+	if m.ExternalDocs != nil {
+		_, err := m.ExternalDocs.ResolveReferences(root)
+		if err != nil {
+			errors = append(errors, err)
+		}
+	}
+	for _, item := range m.VendorExtension {
+		if item != nil {
+			_, err := item.ResolveReferences(root)
+			if err != nil {
+				errors = append(errors, err)
+			}
+		}
+	}
+	return nil, compiler.NewErrorGroupOrNil(errors)
+}
+
+// ResolveReferences resolves references found inside TypeItem objects.
+func (m *TypeItem) ResolveReferences(root string) (*yaml.Node, error) {
+	errors := make([]error, 0)
+	return nil, compiler.NewErrorGroupOrNil(errors)
+}
+
+// ResolveReferences resolves references found inside VendorExtension objects.
+func (m *VendorExtension) ResolveReferences(root string) (*yaml.Node, error) {
+	errors := make([]error, 0)
+	for _, item := range m.AdditionalProperties {
+		if item != nil {
+			_, err := item.ResolveReferences(root)
+			if err != nil {
+				errors = append(errors, err)
+			}
+		}
+	}
+	return nil, compiler.NewErrorGroupOrNil(errors)
+}
+
+// ResolveReferences resolves references found inside Xml objects.
+func (m *Xml) ResolveReferences(root string) (*yaml.Node, error) {
+	errors := make([]error, 0)
+	for _, item := range m.VendorExtension {
+		if item != nil {
+			_, err := item.ResolveReferences(root)
+			if err != nil {
+				errors = append(errors, err)
+			}
+		}
+	}
+	return nil, compiler.NewErrorGroupOrNil(errors)
+}
+
+// ToRawInfo returns a description of AdditionalPropertiesItem suitable for JSON or YAML export.
+func (m *AdditionalPropertiesItem) ToRawInfo() *yaml.Node {
+	// ONE OF WRAPPER
+	// AdditionalPropertiesItem
+	// {Name:schema Type:Schema StringEnumValues:[] MapType: Repeated:false Pattern: Implicit:false Description:}
+	v0 := m.GetSchema()
+	if v0 != nil {
+		return v0.ToRawInfo()
+	}
+	// {Name:boolean Type:bool StringEnumValues:[] MapType: Repeated:false Pattern: Implicit:false Description:}
+	if v1, ok := m.GetOneof().(*AdditionalPropertiesItem_Boolean); ok {
+		return compiler.NewScalarNodeForBool(v1.Boolean)
+	}
+	return compiler.NewNullNode()
+}
+
+// ToRawInfo returns a description of Any suitable for JSON or YAML export.
+func (m *Any) ToRawInfo() *yaml.Node {
+	var err error
+	var node yaml.Node
+	err = yaml.Unmarshal([]byte(m.Yaml), &node)
+	if err == nil {
+		if node.Kind == yaml.DocumentNode {
+			return node.Content[0]
+		}
+		return &node
+	}
+	return compiler.NewNullNode()
+}
+
+// ToRawInfo returns a description of ApiKeySecurity suitable for JSON or YAML export.
+func (m *ApiKeySecurity) ToRawInfo() *yaml.Node {
+	info := compiler.NewMappingNode()
+	if m == nil {
+		return info
+	}
+	// always include this required field.
+	info.Content = append(info.Content, compiler.NewScalarNodeForString("type"))
+	info.Content = append(info.Content, compiler.NewScalarNodeForString(m.Type))
+	// always include this required field.
+	info.Content = append(info.Content, compiler.NewScalarNodeForString("name"))
+	info.Content = append(info.Content, compiler.NewScalarNodeForString(m.Name))
+	// always include this required field.
+	info.Content = append(info.Content, compiler.NewScalarNodeForString("in"))
+	info.Content = append(info.Content, compiler.NewScalarNodeForString(m.In))
+	if m.Description != "" {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("description"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForString(m.Description))
+	}
+	if m.VendorExtension != nil {
+		for _, item := range m.VendorExtension {
+			info.Content = append(info.Content, compiler.NewScalarNodeForString(item.Name))
+			info.Content = append(info.Content, item.Value.ToRawInfo())
+		}
+	}
+	return info
+}
+
+// ToRawInfo returns a description of BasicAuthenticationSecurity suitable for JSON or YAML export.
+func (m *BasicAuthenticationSecurity) ToRawInfo() *yaml.Node {
+	info := compiler.NewMappingNode()
+	if m == nil {
+		return info
+	}
+	// always include this required field.
+	info.Content = append(info.Content, compiler.NewScalarNodeForString("type"))
+	info.Content = append(info.Content, compiler.NewScalarNodeForString(m.Type))
+	if m.Description != "" {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("description"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForString(m.Description))
+	}
+	if m.VendorExtension != nil {
+		for _, item := range m.VendorExtension {
+			info.Content = append(info.Content, compiler.NewScalarNodeForString(item.Name))
+			info.Content = append(info.Content, item.Value.ToRawInfo())
+		}
+	}
+	return info
+}
+
+// ToRawInfo returns a description of BodyParameter suitable for JSON or YAML export.
+func (m *BodyParameter) ToRawInfo() *yaml.Node {
+	info := compiler.NewMappingNode()
+	if m == nil {
+		return info
+	}
+	if m.Description != "" {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("description"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForString(m.Description))
+	}
+	// always include this required field.
+	info.Content = append(info.Content, compiler.NewScalarNodeForString("name"))
+	info.Content = append(info.Content, compiler.NewScalarNodeForString(m.Name))
+	// always include this required field.
+	info.Content = append(info.Content, compiler.NewScalarNodeForString("in"))
+	info.Content = append(info.Content, compiler.NewScalarNodeForString(m.In))
+	if m.Required != false {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("required"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForBool(m.Required))
+	}
+	// always include this required field.
+	info.Content = append(info.Content, compiler.NewScalarNodeForString("schema"))
+	info.Content = append(info.Content, m.Schema.ToRawInfo())
+	if m.VendorExtension != nil {
+		for _, item := range m.VendorExtension {
+			info.Content = append(info.Content, compiler.NewScalarNodeForString(item.Name))
+			info.Content = append(info.Content, item.Value.ToRawInfo())
+		}
+	}
+	return info
+}
+
+// ToRawInfo returns a description of Contact suitable for JSON or YAML export.
+func (m *Contact) ToRawInfo() *yaml.Node {
+	info := compiler.NewMappingNode()
+	if m == nil {
+		return info
+	}
+	if m.Name != "" {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("name"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForString(m.Name))
+	}
+	if m.Url != "" {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("url"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForString(m.Url))
+	}
+	if m.Email != "" {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("email"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForString(m.Email))
+	}
+	if m.VendorExtension != nil {
+		for _, item := range m.VendorExtension {
+			info.Content = append(info.Content, compiler.NewScalarNodeForString(item.Name))
+			info.Content = append(info.Content, item.Value.ToRawInfo())
+		}
+	}
+	return info
+}
+
+// ToRawInfo returns a description of Default suitable for JSON or YAML export.
+func (m *Default) ToRawInfo() *yaml.Node {
+	info := compiler.NewMappingNode()
+	if m == nil {
+		return info
+	}
+	if m.AdditionalProperties != nil {
+		for _, item := range m.AdditionalProperties {
+			info.Content = append(info.Content, compiler.NewScalarNodeForString(item.Name))
+			info.Content = append(info.Content, item.Value.ToRawInfo())
+		}
+	}
+	return info
+}
+
+// ToRawInfo returns a description of Definitions suitable for JSON or YAML export.
+func (m *Definitions) ToRawInfo() *yaml.Node {
+	info := compiler.NewMappingNode()
+	if m == nil {
+		return info
+	}
+	if m.AdditionalProperties != nil {
+		for _, item := range m.AdditionalProperties {
+			info.Content = append(info.Content, compiler.NewScalarNodeForString(item.Name))
+			info.Content = append(info.Content, item.Value.ToRawInfo())
+		}
+	}
+	return info
+}
+
+// ToRawInfo returns a description of Document suitable for JSON or YAML export.
+func (m *Document) ToRawInfo() *yaml.Node {
+	info := compiler.NewMappingNode()
+	if m == nil {
+		return info
+	}
+	// always include this required field.
+	info.Content = append(info.Content, compiler.NewScalarNodeForString("swagger"))
+	info.Content = append(info.Content, compiler.NewScalarNodeForString(m.Swagger))
+	// always include this required field.
+	info.Content = append(info.Content, compiler.NewScalarNodeForString("info"))
+	info.Content = append(info.Content, m.Info.ToRawInfo())
+	if m.Host != "" {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("host"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForString(m.Host))
+	}
+	if m.BasePath != "" {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("basePath"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForString(m.BasePath))
+	}
+	if len(m.Schemes) != 0 {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("schemes"))
+		info.Content = append(info.Content, compiler.NewSequenceNodeForStringArray(m.Schemes))
+	}
+	if len(m.Consumes) != 0 {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("consumes"))
+		info.Content = append(info.Content, compiler.NewSequenceNodeForStringArray(m.Consumes))
+	}
+	if len(m.Produces) != 0 {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("produces"))
+		info.Content = append(info.Content, compiler.NewSequenceNodeForStringArray(m.Produces))
+	}
+	// always include this required field.
+	info.Content = append(info.Content, compiler.NewScalarNodeForString("paths"))
+	info.Content = append(info.Content, m.Paths.ToRawInfo())
+	if m.Definitions != nil {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("definitions"))
+		info.Content = append(info.Content, m.Definitions.ToRawInfo())
+	}
+	if m.Parameters != nil {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("parameters"))
+		info.Content = append(info.Content, m.Parameters.ToRawInfo())
+	}
+	if m.Responses != nil {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("responses"))
+		info.Content = append(info.Content, m.Responses.ToRawInfo())
+	}
+	if len(m.Security) != 0 {
+		items := compiler.NewSequenceNode()
+		for _, item := range m.Security {
+			items.Content = append(items.Content, item.ToRawInfo())
+		}
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("security"))
+		info.Content = append(info.Content, items)
+	}
+	if m.SecurityDefinitions != nil {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("securityDefinitions"))
+		info.Content = append(info.Content, m.SecurityDefinitions.ToRawInfo())
+	}
+	if len(m.Tags) != 0 {
+		items := compiler.NewSequenceNode()
+		for _, item := range m.Tags {
+			items.Content = append(items.Content, item.ToRawInfo())
+		}
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("tags"))
+		info.Content = append(info.Content, items)
+	}
+	if m.ExternalDocs != nil {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("externalDocs"))
+		info.Content = append(info.Content, m.ExternalDocs.ToRawInfo())
+	}
+	if m.VendorExtension != nil {
+		for _, item := range m.VendorExtension {
+			info.Content = append(info.Content, compiler.NewScalarNodeForString(item.Name))
+			info.Content = append(info.Content, item.Value.ToRawInfo())
+		}
+	}
+	return info
+}
+
+// ToRawInfo returns a description of Examples suitable for JSON or YAML export.
+func (m *Examples) ToRawInfo() *yaml.Node {
+	info := compiler.NewMappingNode()
+	if m == nil {
+		return info
+	}
+	if m.AdditionalProperties != nil {
+		for _, item := range m.AdditionalProperties {
+			info.Content = append(info.Content, compiler.NewScalarNodeForString(item.Name))
+			info.Content = append(info.Content, item.Value.ToRawInfo())
+		}
+	}
+	return info
+}
+
+// ToRawInfo returns a description of ExternalDocs suitable for JSON or YAML export.
+func (m *ExternalDocs) ToRawInfo() *yaml.Node {
+	info := compiler.NewMappingNode()
+	if m == nil {
+		return info
+	}
+	if m.Description != "" {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("description"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForString(m.Description))
+	}
+	// always include this required field.
+	info.Content = append(info.Content, compiler.NewScalarNodeForString("url"))
+	info.Content = append(info.Content, compiler.NewScalarNodeForString(m.Url))
+	if m.VendorExtension != nil {
+		for _, item := range m.VendorExtension {
+			info.Content = append(info.Content, compiler.NewScalarNodeForString(item.Name))
+			info.Content = append(info.Content, item.Value.ToRawInfo())
+		}
+	}
+	return info
+}
+
+// ToRawInfo returns a description of FileSchema suitable for JSON or YAML export.
+func (m *FileSchema) ToRawInfo() *yaml.Node {
+	info := compiler.NewMappingNode()
+	if m == nil {
+		return info
+	}
+	if m.Format != "" {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("format"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForString(m.Format))
+	}
+	if m.Title != "" {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("title"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForString(m.Title))
+	}
+	if m.Description != "" {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("description"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForString(m.Description))
+	}
+	if m.Default != nil {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("default"))
+		info.Content = append(info.Content, m.Default.ToRawInfo())
+	}
+	if len(m.Required) != 0 {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("required"))
+		info.Content = append(info.Content, compiler.NewSequenceNodeForStringArray(m.Required))
+	}
+	// always include this required field.
+	info.Content = append(info.Content, compiler.NewScalarNodeForString("type"))
+	info.Content = append(info.Content, compiler.NewScalarNodeForString(m.Type))
+	if m.ReadOnly != false {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("readOnly"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForBool(m.ReadOnly))
+	}
+	if m.ExternalDocs != nil {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("externalDocs"))
+		info.Content = append(info.Content, m.ExternalDocs.ToRawInfo())
+	}
+	if m.Example != nil {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("example"))
+		info.Content = append(info.Content, m.Example.ToRawInfo())
+	}
+	if m.VendorExtension != nil {
+		for _, item := range m.VendorExtension {
+			info.Content = append(info.Content, compiler.NewScalarNodeForString(item.Name))
+			info.Content = append(info.Content, item.Value.ToRawInfo())
+		}
+	}
+	return info
+}
+
+// ToRawInfo returns a description of FormDataParameterSubSchema suitable for JSON or YAML export.
+func (m *FormDataParameterSubSchema) ToRawInfo() *yaml.Node {
+	info := compiler.NewMappingNode()
+	if m == nil {
+		return info
+	}
+	if m.Required != false {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("required"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForBool(m.Required))
+	}
+	if m.In != "" {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("in"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForString(m.In))
+	}
+	if m.Description != "" {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("description"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForString(m.Description))
+	}
+	if m.Name != "" {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("name"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForString(m.Name))
+	}
+	if m.AllowEmptyValue != false {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("allowEmptyValue"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForBool(m.AllowEmptyValue))
+	}
+	if m.Type != "" {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("type"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForString(m.Type))
+	}
+	if m.Format != "" {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("format"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForString(m.Format))
+	}
+	if m.Items != nil {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("items"))
+		info.Content = append(info.Content, m.Items.ToRawInfo())
+	}
+	if m.CollectionFormat != "" {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("collectionFormat"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForString(m.CollectionFormat))
+	}
+	if m.Default != nil {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("default"))
+		info.Content = append(info.Content, m.Default.ToRawInfo())
+	}
+	if m.Maximum != 0.0 {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("maximum"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForFloat(m.Maximum))
+	}
+	if m.ExclusiveMaximum != false {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("exclusiveMaximum"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForBool(m.ExclusiveMaximum))
+	}
+	if m.Minimum != 0.0 {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("minimum"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForFloat(m.Minimum))
+	}
+	if m.ExclusiveMinimum != false {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("exclusiveMinimum"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForBool(m.ExclusiveMinimum))
+	}
+	if m.MaxLength != 0 {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("maxLength"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForInt(m.MaxLength))
+	}
+	if m.MinLength != 0 {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("minLength"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForInt(m.MinLength))
+	}
+	if m.Pattern != "" {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("pattern"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForString(m.Pattern))
+	}
+	if m.MaxItems != 0 {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("maxItems"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForInt(m.MaxItems))
+	}
+	if m.MinItems != 0 {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("minItems"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForInt(m.MinItems))
+	}
+	if m.UniqueItems != false {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("uniqueItems"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForBool(m.UniqueItems))
+	}
+	if len(m.Enum) != 0 {
+		items := compiler.NewSequenceNode()
+		for _, item := range m.Enum {
+			items.Content = append(items.Content, item.ToRawInfo())
+		}
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("enum"))
+		info.Content = append(info.Content, items)
+	}
+	if m.MultipleOf != 0.0 {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("multipleOf"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForFloat(m.MultipleOf))
+	}
+	if m.VendorExtension != nil {
+		for _, item := range m.VendorExtension {
+			info.Content = append(info.Content, compiler.NewScalarNodeForString(item.Name))
+			info.Content = append(info.Content, item.Value.ToRawInfo())
+		}
+	}
+	return info
+}
+
+// ToRawInfo returns a description of Header suitable for JSON or YAML export.
+func (m *Header) ToRawInfo() *yaml.Node {
+	info := compiler.NewMappingNode()
+	if m == nil {
+		return info
+	}
+	// always include this required field.
+	info.Content = append(info.Content, compiler.NewScalarNodeForString("type"))
+	info.Content = append(info.Content, compiler.NewScalarNodeForString(m.Type))
+	if m.Format != "" {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("format"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForString(m.Format))
+	}
+	if m.Items != nil {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("items"))
+		info.Content = append(info.Content, m.Items.ToRawInfo())
+	}
+	if m.CollectionFormat != "" {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("collectionFormat"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForString(m.CollectionFormat))
+	}
+	if m.Default != nil {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("default"))
+		info.Content = append(info.Content, m.Default.ToRawInfo())
+	}
+	if m.Maximum != 0.0 {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("maximum"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForFloat(m.Maximum))
+	}
+	if m.ExclusiveMaximum != false {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("exclusiveMaximum"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForBool(m.ExclusiveMaximum))
+	}
+	if m.Minimum != 0.0 {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("minimum"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForFloat(m.Minimum))
+	}
+	if m.ExclusiveMinimum != false {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("exclusiveMinimum"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForBool(m.ExclusiveMinimum))
+	}
+	if m.MaxLength != 0 {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("maxLength"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForInt(m.MaxLength))
+	}
+	if m.MinLength != 0 {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("minLength"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForInt(m.MinLength))
+	}
+	if m.Pattern != "" {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("pattern"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForString(m.Pattern))
+	}
+	if m.MaxItems != 0 {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("maxItems"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForInt(m.MaxItems))
+	}
+	if m.MinItems != 0 {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("minItems"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForInt(m.MinItems))
+	}
+	if m.UniqueItems != false {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("uniqueItems"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForBool(m.UniqueItems))
+	}
+	if len(m.Enum) != 0 {
+		items := compiler.NewSequenceNode()
+		for _, item := range m.Enum {
+			items.Content = append(items.Content, item.ToRawInfo())
+		}
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("enum"))
+		info.Content = append(info.Content, items)
+	}
+	if m.MultipleOf != 0.0 {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("multipleOf"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForFloat(m.MultipleOf))
+	}
+	if m.Description != "" {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("description"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForString(m.Description))
+	}
+	if m.VendorExtension != nil {
+		for _, item := range m.VendorExtension {
+			info.Content = append(info.Content, compiler.NewScalarNodeForString(item.Name))
+			info.Content = append(info.Content, item.Value.ToRawInfo())
+		}
+	}
+	return info
+}
+
+// ToRawInfo returns a description of HeaderParameterSubSchema suitable for JSON or YAML export.
+func (m *HeaderParameterSubSchema) ToRawInfo() *yaml.Node {
+	info := compiler.NewMappingNode()
+	if m == nil {
+		return info
+	}
+	if m.Required != false {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("required"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForBool(m.Required))
+	}
+	if m.In != "" {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("in"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForString(m.In))
+	}
+	if m.Description != "" {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("description"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForString(m.Description))
+	}
+	if m.Name != "" {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("name"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForString(m.Name))
+	}
+	if m.Type != "" {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("type"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForString(m.Type))
+	}
+	if m.Format != "" {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("format"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForString(m.Format))
+	}
+	if m.Items != nil {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("items"))
+		info.Content = append(info.Content, m.Items.ToRawInfo())
+	}
+	if m.CollectionFormat != "" {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("collectionFormat"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForString(m.CollectionFormat))
+	}
+	if m.Default != nil {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("default"))
+		info.Content = append(info.Content, m.Default.ToRawInfo())
+	}
+	if m.Maximum != 0.0 {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("maximum"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForFloat(m.Maximum))
+	}
+	if m.ExclusiveMaximum != false {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("exclusiveMaximum"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForBool(m.ExclusiveMaximum))
+	}
+	if m.Minimum != 0.0 {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("minimum"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForFloat(m.Minimum))
+	}
+	if m.ExclusiveMinimum != false {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("exclusiveMinimum"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForBool(m.ExclusiveMinimum))
+	}
+	if m.MaxLength != 0 {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("maxLength"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForInt(m.MaxLength))
+	}
+	if m.MinLength != 0 {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("minLength"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForInt(m.MinLength))
+	}
+	if m.Pattern != "" {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("pattern"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForString(m.Pattern))
+	}
+	if m.MaxItems != 0 {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("maxItems"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForInt(m.MaxItems))
+	}
+	if m.MinItems != 0 {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("minItems"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForInt(m.MinItems))
+	}
+	if m.UniqueItems != false {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("uniqueItems"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForBool(m.UniqueItems))
+	}
+	if len(m.Enum) != 0 {
+		items := compiler.NewSequenceNode()
+		for _, item := range m.Enum {
+			items.Content = append(items.Content, item.ToRawInfo())
+		}
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("enum"))
+		info.Content = append(info.Content, items)
+	}
+	if m.MultipleOf != 0.0 {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("multipleOf"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForFloat(m.MultipleOf))
+	}
+	if m.VendorExtension != nil {
+		for _, item := range m.VendorExtension {
+			info.Content = append(info.Content, compiler.NewScalarNodeForString(item.Name))
+			info.Content = append(info.Content, item.Value.ToRawInfo())
+		}
+	}
+	return info
+}
+
+// ToRawInfo returns a description of Headers suitable for JSON or YAML export.
+func (m *Headers) ToRawInfo() *yaml.Node {
+	info := compiler.NewMappingNode()
+	if m == nil {
+		return info
+	}
+	if m.AdditionalProperties != nil {
+		for _, item := range m.AdditionalProperties {
+			info.Content = append(info.Content, compiler.NewScalarNodeForString(item.Name))
+			info.Content = append(info.Content, item.Value.ToRawInfo())
+		}
+	}
+	return info
+}
+
+// ToRawInfo returns a description of Info suitable for JSON or YAML export.
+func (m *Info) ToRawInfo() *yaml.Node {
+	info := compiler.NewMappingNode()
+	if m == nil {
+		return info
+	}
+	// always include this required field.
+	info.Content = append(info.Content, compiler.NewScalarNodeForString("title"))
+	info.Content = append(info.Content, compiler.NewScalarNodeForString(m.Title))
+	// always include this required field.
+	info.Content = append(info.Content, compiler.NewScalarNodeForString("version"))
+	info.Content = append(info.Content, compiler.NewScalarNodeForString(m.Version))
+	if m.Description != "" {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("description"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForString(m.Description))
+	}
+	if m.TermsOfService != "" {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("termsOfService"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForString(m.TermsOfService))
+	}
+	if m.Contact != nil {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("contact"))
+		info.Content = append(info.Content, m.Contact.ToRawInfo())
+	}
+	if m.License != nil {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("license"))
+		info.Content = append(info.Content, m.License.ToRawInfo())
+	}
+	if m.VendorExtension != nil {
+		for _, item := range m.VendorExtension {
+			info.Content = append(info.Content, compiler.NewScalarNodeForString(item.Name))
+			info.Content = append(info.Content, item.Value.ToRawInfo())
+		}
+	}
+	return info
+}
+
+// ToRawInfo returns a description of ItemsItem suitable for JSON or YAML export.
+func (m *ItemsItem) ToRawInfo() *yaml.Node {
+	info := compiler.NewMappingNode()
+	if m == nil {
+		return info
+	}
+	if len(m.Schema) != 0 {
+		items := compiler.NewSequenceNode()
+		for _, item := range m.Schema {
+			items.Content = append(items.Content, item.ToRawInfo())
+		}
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("schema"))
+		info.Content = append(info.Content, items)
+	}
+	return info
+}
+
+// ToRawInfo returns a description of JsonReference suitable for JSON or YAML export.
+func (m *JsonReference) ToRawInfo() *yaml.Node {
+	info := compiler.NewMappingNode()
+	if m == nil {
+		return info
+	}
+	// always include this required field.
+	info.Content = append(info.Content, compiler.NewScalarNodeForString("$ref"))
+	info.Content = append(info.Content, compiler.NewScalarNodeForString(m.XRef))
+	if m.Description != "" {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("description"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForString(m.Description))
+	}
+	return info
+}
+
+// ToRawInfo returns a description of License suitable for JSON or YAML export.
+func (m *License) ToRawInfo() *yaml.Node {
+	info := compiler.NewMappingNode()
+	if m == nil {
+		return info
+	}
+	// always include this required field.
+	info.Content = append(info.Content, compiler.NewScalarNodeForString("name"))
+	info.Content = append(info.Content, compiler.NewScalarNodeForString(m.Name))
+	if m.Url != "" {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("url"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForString(m.Url))
+	}
+	if m.VendorExtension != nil {
+		for _, item := range m.VendorExtension {
+			info.Content = append(info.Content, compiler.NewScalarNodeForString(item.Name))
+			info.Content = append(info.Content, item.Value.ToRawInfo())
+		}
+	}
+	return info
+}
+
+// ToRawInfo returns a description of NamedAny suitable for JSON or YAML export.
+func (m *NamedAny) ToRawInfo() *yaml.Node {
+	info := compiler.NewMappingNode()
+	if m == nil {
+		return info
+	}
+	if m.Name != "" {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("name"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForString(m.Name))
+	}
+	if m.Value != nil {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("value"))
+		info.Content = append(info.Content, m.Value.ToRawInfo())
+	}
+	return info
+}
+
+// ToRawInfo returns a description of NamedHeader suitable for JSON or YAML export.
+func (m *NamedHeader) ToRawInfo() *yaml.Node {
+	info := compiler.NewMappingNode()
+	if m == nil {
+		return info
+	}
+	if m.Name != "" {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("name"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForString(m.Name))
+	}
+	// &{Name:value Type:Header StringEnumValues:[] MapType: Repeated:false Pattern: Implicit:false Description:Mapped value}
+	return info
+}
+
+// ToRawInfo returns a description of NamedParameter suitable for JSON or YAML export.
+func (m *NamedParameter) ToRawInfo() *yaml.Node {
+	info := compiler.NewMappingNode()
+	if m == nil {
+		return info
+	}
+	if m.Name != "" {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("name"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForString(m.Name))
+	}
+	// &{Name:value Type:Parameter StringEnumValues:[] MapType: Repeated:false Pattern: Implicit:false Description:Mapped value}
+	return info
+}
+
+// ToRawInfo returns a description of NamedPathItem suitable for JSON or YAML export.
+func (m *NamedPathItem) ToRawInfo() *yaml.Node {
+	info := compiler.NewMappingNode()
+	if m == nil {
+		return info
+	}
+	if m.Name != "" {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("name"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForString(m.Name))
+	}
+	// &{Name:value Type:PathItem StringEnumValues:[] MapType: Repeated:false Pattern: Implicit:false Description:Mapped value}
+	return info
+}
+
+// ToRawInfo returns a description of NamedResponse suitable for JSON or YAML export.
+func (m *NamedResponse) ToRawInfo() *yaml.Node {
+	info := compiler.NewMappingNode()
+	if m == nil {
+		return info
+	}
+	if m.Name != "" {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("name"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForString(m.Name))
+	}
+	// &{Name:value Type:Response StringEnumValues:[] MapType: Repeated:false Pattern: Implicit:false Description:Mapped value}
+	return info
+}
+
+// ToRawInfo returns a description of NamedResponseValue suitable for JSON or YAML export.
+func (m *NamedResponseValue) ToRawInfo() *yaml.Node {
+	info := compiler.NewMappingNode()
+	if m == nil {
+		return info
+	}
+	if m.Name != "" {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("name"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForString(m.Name))
+	}
+	// &{Name:value Type:ResponseValue StringEnumValues:[] MapType: Repeated:false Pattern: Implicit:false Description:Mapped value}
+	return info
+}
+
+// ToRawInfo returns a description of NamedSchema suitable for JSON or YAML export.
+func (m *NamedSchema) ToRawInfo() *yaml.Node {
+	info := compiler.NewMappingNode()
+	if m == nil {
+		return info
+	}
+	if m.Name != "" {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("name"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForString(m.Name))
+	}
+	// &{Name:value Type:Schema StringEnumValues:[] MapType: Repeated:false Pattern: Implicit:false Description:Mapped value}
+	return info
+}
+
+// ToRawInfo returns a description of NamedSecurityDefinitionsItem suitable for JSON or YAML export.
+func (m *NamedSecurityDefinitionsItem) ToRawInfo() *yaml.Node {
+	info := compiler.NewMappingNode()
+	if m == nil {
+		return info
+	}
+	if m.Name != "" {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("name"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForString(m.Name))
+	}
+	// &{Name:value Type:SecurityDefinitionsItem StringEnumValues:[] MapType: Repeated:false Pattern: Implicit:false Description:Mapped value}
+	return info
+}
+
+// ToRawInfo returns a description of NamedString suitable for JSON or YAML export.
+func (m *NamedString) ToRawInfo() *yaml.Node {
+	info := compiler.NewMappingNode()
+	if m == nil {
+		return info
+	}
+	if m.Name != "" {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("name"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForString(m.Name))
+	}
+	if m.Value != "" {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("value"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForString(m.Value))
+	}
+	return info
+}
+
+// ToRawInfo returns a description of NamedStringArray suitable for JSON or YAML export.
+func (m *NamedStringArray) ToRawInfo() *yaml.Node {
+	info := compiler.NewMappingNode()
+	if m == nil {
+		return info
+	}
+	if m.Name != "" {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("name"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForString(m.Name))
+	}
+	// &{Name:value Type:StringArray StringEnumValues:[] MapType: Repeated:false Pattern: Implicit:false Description:Mapped value}
+	return info
+}
+
+// ToRawInfo returns a description of NonBodyParameter suitable for JSON or YAML export.
+func (m *NonBodyParameter) ToRawInfo() *yaml.Node {
+	// ONE OF WRAPPER
+	// NonBodyParameter
+	// {Name:headerParameterSubSchema Type:HeaderParameterSubSchema StringEnumValues:[] MapType: Repeated:false Pattern: Implicit:false Description:}
+	v0 := m.GetHeaderParameterSubSchema()
+	if v0 != nil {
+		return v0.ToRawInfo()
+	}
+	// {Name:formDataParameterSubSchema Type:FormDataParameterSubSchema StringEnumValues:[] MapType: Repeated:false Pattern: Implicit:false Description:}
+	v1 := m.GetFormDataParameterSubSchema()
+	if v1 != nil {
+		return v1.ToRawInfo()
+	}
+	// {Name:queryParameterSubSchema Type:QueryParameterSubSchema StringEnumValues:[] MapType: Repeated:false Pattern: Implicit:false Description:}
+	v2 := m.GetQueryParameterSubSchema()
+	if v2 != nil {
+		return v2.ToRawInfo()
+	}
+	// {Name:pathParameterSubSchema Type:PathParameterSubSchema StringEnumValues:[] MapType: Repeated:false Pattern: Implicit:false Description:}
+	v3 := m.GetPathParameterSubSchema()
+	if v3 != nil {
+		return v3.ToRawInfo()
+	}
+	return compiler.NewNullNode()
+}
+
+// ToRawInfo returns a description of Oauth2AccessCodeSecurity suitable for JSON or YAML export.
+func (m *Oauth2AccessCodeSecurity) ToRawInfo() *yaml.Node {
+	info := compiler.NewMappingNode()
+	if m == nil {
+		return info
+	}
+	// always include this required field.
+	info.Content = append(info.Content, compiler.NewScalarNodeForString("type"))
+	info.Content = append(info.Content, compiler.NewScalarNodeForString(m.Type))
+	// always include this required field.
+	info.Content = append(info.Content, compiler.NewScalarNodeForString("flow"))
+	info.Content = append(info.Content, compiler.NewScalarNodeForString(m.Flow))
+	if m.Scopes != nil {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("scopes"))
+		info.Content = append(info.Content, m.Scopes.ToRawInfo())
+	}
+	// always include this required field.
+	info.Content = append(info.Content, compiler.NewScalarNodeForString("authorizationUrl"))
+	info.Content = append(info.Content, compiler.NewScalarNodeForString(m.AuthorizationUrl))
+	// always include this required field.
+	info.Content = append(info.Content, compiler.NewScalarNodeForString("tokenUrl"))
+	info.Content = append(info.Content, compiler.NewScalarNodeForString(m.TokenUrl))
+	if m.Description != "" {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("description"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForString(m.Description))
+	}
+	if m.VendorExtension != nil {
+		for _, item := range m.VendorExtension {
+			info.Content = append(info.Content, compiler.NewScalarNodeForString(item.Name))
+			info.Content = append(info.Content, item.Value.ToRawInfo())
+		}
+	}
+	return info
+}
+
+// ToRawInfo returns a description of Oauth2ApplicationSecurity suitable for JSON or YAML export.
+func (m *Oauth2ApplicationSecurity) ToRawInfo() *yaml.Node {
+	info := compiler.NewMappingNode()
+	if m == nil {
+		return info
+	}
+	// always include this required field.
+	info.Content = append(info.Content, compiler.NewScalarNodeForString("type"))
+	info.Content = append(info.Content, compiler.NewScalarNodeForString(m.Type))
+	// always include this required field.
+	info.Content = append(info.Content, compiler.NewScalarNodeForString("flow"))
+	info.Content = append(info.Content, compiler.NewScalarNodeForString(m.Flow))
+	if m.Scopes != nil {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("scopes"))
+		info.Content = append(info.Content, m.Scopes.ToRawInfo())
+	}
+	// always include this required field.
+	info.Content = append(info.Content, compiler.NewScalarNodeForString("tokenUrl"))
+	info.Content = append(info.Content, compiler.NewScalarNodeForString(m.TokenUrl))
+	if m.Description != "" {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("description"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForString(m.Description))
+	}
+	if m.VendorExtension != nil {
+		for _, item := range m.VendorExtension {
+			info.Content = append(info.Content, compiler.NewScalarNodeForString(item.Name))
+			info.Content = append(info.Content, item.Value.ToRawInfo())
+		}
+	}
+	return info
+}
+
+// ToRawInfo returns a description of Oauth2ImplicitSecurity suitable for JSON or YAML export.
+func (m *Oauth2ImplicitSecurity) ToRawInfo() *yaml.Node {
+	info := compiler.NewMappingNode()
+	if m == nil {
+		return info
+	}
+	// always include this required field.
+	info.Content = append(info.Content, compiler.NewScalarNodeForString("type"))
+	info.Content = append(info.Content, compiler.NewScalarNodeForString(m.Type))
+	// always include this required field.
+	info.Content = append(info.Content, compiler.NewScalarNodeForString("flow"))
+	info.Content = append(info.Content, compiler.NewScalarNodeForString(m.Flow))
+	if m.Scopes != nil {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("scopes"))
+		info.Content = append(info.Content, m.Scopes.ToRawInfo())
+	}
+	// always include this required field.
+	info.Content = append(info.Content, compiler.NewScalarNodeForString("authorizationUrl"))
+	info.Content = append(info.Content, compiler.NewScalarNodeForString(m.AuthorizationUrl))
+	if m.Description != "" {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("description"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForString(m.Description))
+	}
+	if m.VendorExtension != nil {
+		for _, item := range m.VendorExtension {
+			info.Content = append(info.Content, compiler.NewScalarNodeForString(item.Name))
+			info.Content = append(info.Content, item.Value.ToRawInfo())
+		}
+	}
+	return info
+}
+
+// ToRawInfo returns a description of Oauth2PasswordSecurity suitable for JSON or YAML export.
+func (m *Oauth2PasswordSecurity) ToRawInfo() *yaml.Node {
+	info := compiler.NewMappingNode()
+	if m == nil {
+		return info
+	}
+	// always include this required field.
+	info.Content = append(info.Content, compiler.NewScalarNodeForString("type"))
+	info.Content = append(info.Content, compiler.NewScalarNodeForString(m.Type))
+	// always include this required field.
+	info.Content = append(info.Content, compiler.NewScalarNodeForString("flow"))
+	info.Content = append(info.Content, compiler.NewScalarNodeForString(m.Flow))
+	if m.Scopes != nil {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("scopes"))
+		info.Content = append(info.Content, m.Scopes.ToRawInfo())
+	}
+	// always include this required field.
+	info.Content = append(info.Content, compiler.NewScalarNodeForString("tokenUrl"))
+	info.Content = append(info.Content, compiler.NewScalarNodeForString(m.TokenUrl))
+	if m.Description != "" {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("description"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForString(m.Description))
+	}
+	if m.VendorExtension != nil {
+		for _, item := range m.VendorExtension {
+			info.Content = append(info.Content, compiler.NewScalarNodeForString(item.Name))
+			info.Content = append(info.Content, item.Value.ToRawInfo())
+		}
+	}
+	return info
+}
+
+// ToRawInfo returns a description of Oauth2Scopes suitable for JSON or YAML export.
+func (m *Oauth2Scopes) ToRawInfo() *yaml.Node {
+	info := compiler.NewMappingNode()
+	if m == nil {
+		return info
+	}
+	// &{Name:additionalProperties Type:NamedString StringEnumValues:[] MapType:string Repeated:true Pattern: Implicit:true Description:}
+	return info
+}
+
+// ToRawInfo returns a description of Operation suitable for JSON or YAML export.
+func (m *Operation) ToRawInfo() *yaml.Node {
+	info := compiler.NewMappingNode()
+	if m == nil {
+		return info
+	}
+	if len(m.Tags) != 0 {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("tags"))
+		info.Content = append(info.Content, compiler.NewSequenceNodeForStringArray(m.Tags))
+	}
+	if m.Summary != "" {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("summary"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForString(m.Summary))
+	}
+	if m.Description != "" {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("description"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForString(m.Description))
+	}
+	if m.ExternalDocs != nil {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("externalDocs"))
+		info.Content = append(info.Content, m.ExternalDocs.ToRawInfo())
+	}
+	if m.OperationId != "" {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("operationId"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForString(m.OperationId))
+	}
+	if len(m.Produces) != 0 {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("produces"))
+		info.Content = append(info.Content, compiler.NewSequenceNodeForStringArray(m.Produces))
+	}
+	if len(m.Consumes) != 0 {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("consumes"))
+		info.Content = append(info.Content, compiler.NewSequenceNodeForStringArray(m.Consumes))
+	}
+	if len(m.Parameters) != 0 {
+		items := compiler.NewSequenceNode()
+		for _, item := range m.Parameters {
+			items.Content = append(items.Content, item.ToRawInfo())
+		}
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("parameters"))
+		info.Content = append(info.Content, items)
+	}
+	// always include this required field.
+	info.Content = append(info.Content, compiler.NewScalarNodeForString("responses"))
+	info.Content = append(info.Content, m.Responses.ToRawInfo())
+	if len(m.Schemes) != 0 {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("schemes"))
+		info.Content = append(info.Content, compiler.NewSequenceNodeForStringArray(m.Schemes))
+	}
+	if m.Deprecated != false {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("deprecated"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForBool(m.Deprecated))
+	}
+	if len(m.Security) != 0 {
+		items := compiler.NewSequenceNode()
+		for _, item := range m.Security {
+			items.Content = append(items.Content, item.ToRawInfo())
+		}
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("security"))
+		info.Content = append(info.Content, items)
+	}
+	if m.VendorExtension != nil {
+		for _, item := range m.VendorExtension {
+			info.Content = append(info.Content, compiler.NewScalarNodeForString(item.Name))
+			info.Content = append(info.Content, item.Value.ToRawInfo())
+		}
+	}
+	return info
+}
+
+// ToRawInfo returns a description of Parameter suitable for JSON or YAML export.
+func (m *Parameter) ToRawInfo() *yaml.Node {
+	// ONE OF WRAPPER
+	// Parameter
+	// {Name:bodyParameter Type:BodyParameter StringEnumValues:[] MapType: Repeated:false Pattern: Implicit:false Description:}
+	v0 := m.GetBodyParameter()
+	if v0 != nil {
+		return v0.ToRawInfo()
+	}
+	// {Name:nonBodyParameter Type:NonBodyParameter StringEnumValues:[] MapType: Repeated:false Pattern: Implicit:false Description:}
+	v1 := m.GetNonBodyParameter()
+	if v1 != nil {
+		return v1.ToRawInfo()
+	}
+	return compiler.NewNullNode()
+}
+
+// ToRawInfo returns a description of ParameterDefinitions suitable for JSON or YAML export.
+func (m *ParameterDefinitions) ToRawInfo() *yaml.Node {
+	info := compiler.NewMappingNode()
+	if m == nil {
+		return info
+	}
+	if m.AdditionalProperties != nil {
+		for _, item := range m.AdditionalProperties {
+			info.Content = append(info.Content, compiler.NewScalarNodeForString(item.Name))
+			info.Content = append(info.Content, item.Value.ToRawInfo())
+		}
+	}
+	return info
+}
+
+// ToRawInfo returns a description of ParametersItem suitable for JSON or YAML export.
+func (m *ParametersItem) ToRawInfo() *yaml.Node {
+	// ONE OF WRAPPER
+	// ParametersItem
+	// {Name:parameter Type:Parameter StringEnumValues:[] MapType: Repeated:false Pattern: Implicit:false Description:}
+	v0 := m.GetParameter()
+	if v0 != nil {
+		return v0.ToRawInfo()
+	}
+	// {Name:jsonReference Type:JsonReference StringEnumValues:[] MapType: Repeated:false Pattern: Implicit:false Description:}
+	v1 := m.GetJsonReference()
+	if v1 != nil {
+		return v1.ToRawInfo()
+	}
+	return compiler.NewNullNode()
+}
+
+// ToRawInfo returns a description of PathItem suitable for JSON or YAML export.
+func (m *PathItem) ToRawInfo() *yaml.Node {
+	info := compiler.NewMappingNode()
+	if m == nil {
+		return info
+	}
+	if m.XRef != "" {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("$ref"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForString(m.XRef))
+	}
+	if m.Get != nil {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("get"))
+		info.Content = append(info.Content, m.Get.ToRawInfo())
+	}
+	if m.Put != nil {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("put"))
+		info.Content = append(info.Content, m.Put.ToRawInfo())
+	}
+	if m.Post != nil {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("post"))
+		info.Content = append(info.Content, m.Post.ToRawInfo())
+	}
+	if m.Delete != nil {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("delete"))
+		info.Content = append(info.Content, m.Delete.ToRawInfo())
+	}
+	if m.Options != nil {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("options"))
+		info.Content = append(info.Content, m.Options.ToRawInfo())
+	}
+	if m.Head != nil {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("head"))
+		info.Content = append(info.Content, m.Head.ToRawInfo())
+	}
+	if m.Patch != nil {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("patch"))
+		info.Content = append(info.Content, m.Patch.ToRawInfo())
+	}
+	if len(m.Parameters) != 0 {
+		items := compiler.NewSequenceNode()
+		for _, item := range m.Parameters {
+			items.Content = append(items.Content, item.ToRawInfo())
+		}
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("parameters"))
+		info.Content = append(info.Content, items)
+	}
+	if m.VendorExtension != nil {
+		for _, item := range m.VendorExtension {
+			info.Content = append(info.Content, compiler.NewScalarNodeForString(item.Name))
+			info.Content = append(info.Content, item.Value.ToRawInfo())
+		}
+	}
+	return info
+}
+
+// ToRawInfo returns a description of PathParameterSubSchema suitable for JSON or YAML export.
+func (m *PathParameterSubSchema) ToRawInfo() *yaml.Node {
+	info := compiler.NewMappingNode()
+	if m == nil {
+		return info
+	}
+	// always include this required field.
+	info.Content = append(info.Content, compiler.NewScalarNodeForString("required"))
+	info.Content = append(info.Content, compiler.NewScalarNodeForBool(m.Required))
+	if m.In != "" {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("in"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForString(m.In))
+	}
+	if m.Description != "" {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("description"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForString(m.Description))
+	}
+	if m.Name != "" {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("name"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForString(m.Name))
+	}
+	if m.Type != "" {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("type"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForString(m.Type))
+	}
+	if m.Format != "" {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("format"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForString(m.Format))
+	}
+	if m.Items != nil {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("items"))
+		info.Content = append(info.Content, m.Items.ToRawInfo())
+	}
+	if m.CollectionFormat != "" {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("collectionFormat"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForString(m.CollectionFormat))
+	}
+	if m.Default != nil {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("default"))
+		info.Content = append(info.Content, m.Default.ToRawInfo())
+	}
+	if m.Maximum != 0.0 {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("maximum"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForFloat(m.Maximum))
+	}
+	if m.ExclusiveMaximum != false {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("exclusiveMaximum"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForBool(m.ExclusiveMaximum))
+	}
+	if m.Minimum != 0.0 {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("minimum"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForFloat(m.Minimum))
+	}
+	if m.ExclusiveMinimum != false {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("exclusiveMinimum"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForBool(m.ExclusiveMinimum))
+	}
+	if m.MaxLength != 0 {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("maxLength"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForInt(m.MaxLength))
+	}
+	if m.MinLength != 0 {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("minLength"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForInt(m.MinLength))
+	}
+	if m.Pattern != "" {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("pattern"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForString(m.Pattern))
+	}
+	if m.MaxItems != 0 {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("maxItems"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForInt(m.MaxItems))
+	}
+	if m.MinItems != 0 {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("minItems"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForInt(m.MinItems))
+	}
+	if m.UniqueItems != false {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("uniqueItems"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForBool(m.UniqueItems))
+	}
+	if len(m.Enum) != 0 {
+		items := compiler.NewSequenceNode()
+		for _, item := range m.Enum {
+			items.Content = append(items.Content, item.ToRawInfo())
+		}
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("enum"))
+		info.Content = append(info.Content, items)
+	}
+	if m.MultipleOf != 0.0 {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("multipleOf"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForFloat(m.MultipleOf))
+	}
+	if m.VendorExtension != nil {
+		for _, item := range m.VendorExtension {
+			info.Content = append(info.Content, compiler.NewScalarNodeForString(item.Name))
+			info.Content = append(info.Content, item.Value.ToRawInfo())
+		}
+	}
+	return info
+}
+
+// ToRawInfo returns a description of Paths suitable for JSON or YAML export.
+func (m *Paths) ToRawInfo() *yaml.Node {
+	info := compiler.NewMappingNode()
+	if m == nil {
+		return info
+	}
+	if m.VendorExtension != nil {
+		for _, item := range m.VendorExtension {
+			info.Content = append(info.Content, compiler.NewScalarNodeForString(item.Name))
+			info.Content = append(info.Content, item.Value.ToRawInfo())
+		}
+	}
+	if m.Path != nil {
+		for _, item := range m.Path {
+			info.Content = append(info.Content, compiler.NewScalarNodeForString(item.Name))
+			info.Content = append(info.Content, item.Value.ToRawInfo())
+		}
+	}
+	return info
+}
+
+// ToRawInfo returns a description of PrimitivesItems suitable for JSON or YAML export.
+func (m *PrimitivesItems) ToRawInfo() *yaml.Node {
+	info := compiler.NewMappingNode()
+	if m == nil {
+		return info
+	}
+	if m.Type != "" {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("type"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForString(m.Type))
+	}
+	if m.Format != "" {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("format"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForString(m.Format))
+	}
+	if m.Items != nil {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("items"))
+		info.Content = append(info.Content, m.Items.ToRawInfo())
+	}
+	if m.CollectionFormat != "" {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("collectionFormat"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForString(m.CollectionFormat))
+	}
+	if m.Default != nil {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("default"))
+		info.Content = append(info.Content, m.Default.ToRawInfo())
+	}
+	if m.Maximum != 0.0 {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("maximum"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForFloat(m.Maximum))
+	}
+	if m.ExclusiveMaximum != false {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("exclusiveMaximum"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForBool(m.ExclusiveMaximum))
+	}
+	if m.Minimum != 0.0 {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("minimum"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForFloat(m.Minimum))
+	}
+	if m.ExclusiveMinimum != false {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("exclusiveMinimum"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForBool(m.ExclusiveMinimum))
+	}
+	if m.MaxLength != 0 {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("maxLength"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForInt(m.MaxLength))
+	}
+	if m.MinLength != 0 {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("minLength"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForInt(m.MinLength))
+	}
+	if m.Pattern != "" {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("pattern"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForString(m.Pattern))
+	}
+	if m.MaxItems != 0 {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("maxItems"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForInt(m.MaxItems))
+	}
+	if m.MinItems != 0 {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("minItems"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForInt(m.MinItems))
+	}
+	if m.UniqueItems != false {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("uniqueItems"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForBool(m.UniqueItems))
+	}
+	if len(m.Enum) != 0 {
+		items := compiler.NewSequenceNode()
+		for _, item := range m.Enum {
+			items.Content = append(items.Content, item.ToRawInfo())
+		}
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("enum"))
+		info.Content = append(info.Content, items)
+	}
+	if m.MultipleOf != 0.0 {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("multipleOf"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForFloat(m.MultipleOf))
+	}
+	if m.VendorExtension != nil {
+		for _, item := range m.VendorExtension {
+			info.Content = append(info.Content, compiler.NewScalarNodeForString(item.Name))
+			info.Content = append(info.Content, item.Value.ToRawInfo())
+		}
+	}
+	return info
+}
+
+// ToRawInfo returns a description of Properties suitable for JSON or YAML export.
+func (m *Properties) ToRawInfo() *yaml.Node {
+	info := compiler.NewMappingNode()
+	if m == nil {
+		return info
+	}
+	if m.AdditionalProperties != nil {
+		for _, item := range m.AdditionalProperties {
+			info.Content = append(info.Content, compiler.NewScalarNodeForString(item.Name))
+			info.Content = append(info.Content, item.Value.ToRawInfo())
+		}
+	}
+	return info
+}
+
+// ToRawInfo returns a description of QueryParameterSubSchema suitable for JSON or YAML export.
+func (m *QueryParameterSubSchema) ToRawInfo() *yaml.Node {
+	info := compiler.NewMappingNode()
+	if m == nil {
+		return info
+	}
+	if m.Required != false {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("required"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForBool(m.Required))
+	}
+	if m.In != "" {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("in"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForString(m.In))
+	}
+	if m.Description != "" {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("description"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForString(m.Description))
+	}
+	if m.Name != "" {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("name"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForString(m.Name))
+	}
+	if m.AllowEmptyValue != false {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("allowEmptyValue"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForBool(m.AllowEmptyValue))
+	}
+	if m.Type != "" {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("type"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForString(m.Type))
+	}
+	if m.Format != "" {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("format"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForString(m.Format))
+	}
+	if m.Items != nil {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("items"))
+		info.Content = append(info.Content, m.Items.ToRawInfo())
+	}
+	if m.CollectionFormat != "" {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("collectionFormat"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForString(m.CollectionFormat))
+	}
+	if m.Default != nil {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("default"))
+		info.Content = append(info.Content, m.Default.ToRawInfo())
+	}
+	if m.Maximum != 0.0 {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("maximum"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForFloat(m.Maximum))
+	}
+	if m.ExclusiveMaximum != false {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("exclusiveMaximum"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForBool(m.ExclusiveMaximum))
+	}
+	if m.Minimum != 0.0 {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("minimum"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForFloat(m.Minimum))
+	}
+	if m.ExclusiveMinimum != false {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("exclusiveMinimum"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForBool(m.ExclusiveMinimum))
+	}
+	if m.MaxLength != 0 {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("maxLength"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForInt(m.MaxLength))
+	}
+	if m.MinLength != 0 {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("minLength"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForInt(m.MinLength))
+	}
+	if m.Pattern != "" {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("pattern"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForString(m.Pattern))
+	}
+	if m.MaxItems != 0 {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("maxItems"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForInt(m.MaxItems))
+	}
+	if m.MinItems != 0 {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("minItems"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForInt(m.MinItems))
+	}
+	if m.UniqueItems != false {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("uniqueItems"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForBool(m.UniqueItems))
+	}
+	if len(m.Enum) != 0 {
+		items := compiler.NewSequenceNode()
+		for _, item := range m.Enum {
+			items.Content = append(items.Content, item.ToRawInfo())
+		}
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("enum"))
+		info.Content = append(info.Content, items)
+	}
+	if m.MultipleOf != 0.0 {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("multipleOf"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForFloat(m.MultipleOf))
+	}
+	if m.VendorExtension != nil {
+		for _, item := range m.VendorExtension {
+			info.Content = append(info.Content, compiler.NewScalarNodeForString(item.Name))
+			info.Content = append(info.Content, item.Value.ToRawInfo())
+		}
+	}
+	return info
+}
+
+// ToRawInfo returns a description of Response suitable for JSON or YAML export.
+func (m *Response) ToRawInfo() *yaml.Node {
+	info := compiler.NewMappingNode()
+	if m == nil {
+		return info
+	}
+	// always include this required field.
+	info.Content = append(info.Content, compiler.NewScalarNodeForString("description"))
+	info.Content = append(info.Content, compiler.NewScalarNodeForString(m.Description))
+	if m.Schema != nil {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("schema"))
+		info.Content = append(info.Content, m.Schema.ToRawInfo())
+	}
+	if m.Headers != nil {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("headers"))
+		info.Content = append(info.Content, m.Headers.ToRawInfo())
+	}
+	if m.Examples != nil {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("examples"))
+		info.Content = append(info.Content, m.Examples.ToRawInfo())
+	}
+	if m.VendorExtension != nil {
+		for _, item := range m.VendorExtension {
+			info.Content = append(info.Content, compiler.NewScalarNodeForString(item.Name))
+			info.Content = append(info.Content, item.Value.ToRawInfo())
+		}
+	}
+	return info
+}
+
+// ToRawInfo returns a description of ResponseDefinitions suitable for JSON or YAML export.
+func (m *ResponseDefinitions) ToRawInfo() *yaml.Node {
+	info := compiler.NewMappingNode()
+	if m == nil {
+		return info
+	}
+	if m.AdditionalProperties != nil {
+		for _, item := range m.AdditionalProperties {
+			info.Content = append(info.Content, compiler.NewScalarNodeForString(item.Name))
+			info.Content = append(info.Content, item.Value.ToRawInfo())
+		}
+	}
+	return info
+}
+
+// ToRawInfo returns a description of ResponseValue suitable for JSON or YAML export.
+func (m *ResponseValue) ToRawInfo() *yaml.Node {
+	// ONE OF WRAPPER
+	// ResponseValue
+	// {Name:response Type:Response StringEnumValues:[] MapType: Repeated:false Pattern: Implicit:false Description:}
+	v0 := m.GetResponse()
+	if v0 != nil {
+		return v0.ToRawInfo()
+	}
+	// {Name:jsonReference Type:JsonReference StringEnumValues:[] MapType: Repeated:false Pattern: Implicit:false Description:}
+	v1 := m.GetJsonReference()
+	if v1 != nil {
+		return v1.ToRawInfo()
+	}
+	return compiler.NewNullNode()
+}
+
+// ToRawInfo returns a description of Responses suitable for JSON or YAML export.
+func (m *Responses) ToRawInfo() *yaml.Node {
+	info := compiler.NewMappingNode()
+	if m == nil {
+		return info
+	}
+	if m.ResponseCode != nil {
+		for _, item := range m.ResponseCode {
+			info.Content = append(info.Content, compiler.NewScalarNodeForString(item.Name))
+			info.Content = append(info.Content, item.Value.ToRawInfo())
+		}
+	}
+	if m.VendorExtension != nil {
+		for _, item := range m.VendorExtension {
+			info.Content = append(info.Content, compiler.NewScalarNodeForString(item.Name))
+			info.Content = append(info.Content, item.Value.ToRawInfo())
+		}
+	}
+	return info
+}
+
+// ToRawInfo returns a description of Schema suitable for JSON or YAML export.
+func (m *Schema) ToRawInfo() *yaml.Node {
+	info := compiler.NewMappingNode()
+	if m == nil {
+		return info
+	}
+	if m.XRef != "" {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("$ref"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForString(m.XRef))
+	}
+	if m.Format != "" {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("format"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForString(m.Format))
+	}
+	if m.Title != "" {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("title"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForString(m.Title))
+	}
+	if m.Description != "" {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("description"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForString(m.Description))
+	}
+	if m.Default != nil {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("default"))
+		info.Content = append(info.Content, m.Default.ToRawInfo())
+	}
+	if m.MultipleOf != 0.0 {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("multipleOf"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForFloat(m.MultipleOf))
+	}
+	if m.Maximum != 0.0 {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("maximum"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForFloat(m.Maximum))
+	}
+	if m.ExclusiveMaximum != false {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("exclusiveMaximum"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForBool(m.ExclusiveMaximum))
+	}
+	if m.Minimum != 0.0 {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("minimum"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForFloat(m.Minimum))
+	}
+	if m.ExclusiveMinimum != false {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("exclusiveMinimum"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForBool(m.ExclusiveMinimum))
+	}
+	if m.MaxLength != 0 {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("maxLength"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForInt(m.MaxLength))
+	}
+	if m.MinLength != 0 {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("minLength"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForInt(m.MinLength))
+	}
+	if m.Pattern != "" {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("pattern"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForString(m.Pattern))
+	}
+	if m.MaxItems != 0 {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("maxItems"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForInt(m.MaxItems))
+	}
+	if m.MinItems != 0 {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("minItems"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForInt(m.MinItems))
+	}
+	if m.UniqueItems != false {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("uniqueItems"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForBool(m.UniqueItems))
+	}
+	if m.MaxProperties != 0 {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("maxProperties"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForInt(m.MaxProperties))
+	}
+	if m.MinProperties != 0 {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("minProperties"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForInt(m.MinProperties))
+	}
+	if len(m.Required) != 0 {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("required"))
+		info.Content = append(info.Content, compiler.NewSequenceNodeForStringArray(m.Required))
+	}
+	if len(m.Enum) != 0 {
+		items := compiler.NewSequenceNode()
+		for _, item := range m.Enum {
+			items.Content = append(items.Content, item.ToRawInfo())
+		}
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("enum"))
+		info.Content = append(info.Content, items)
+	}
+	if m.AdditionalProperties != nil {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("additionalProperties"))
+		info.Content = append(info.Content, m.AdditionalProperties.ToRawInfo())
+	}
+	if m.Type != nil {
+		if len(m.Type.Value) == 1 {
+			info.Content = append(info.Content, compiler.NewScalarNodeForString("type"))
+			info.Content = append(info.Content, compiler.NewScalarNodeForString(m.Type.Value[0]))
+		} else {
+			info.Content = append(info.Content, compiler.NewScalarNodeForString("type"))
+			info.Content = append(info.Content, compiler.NewSequenceNodeForStringArray(m.Type.Value))
+		}
+	}
+	if m.Items != nil {
+		items := compiler.NewSequenceNode()
+		for _, item := range m.Items.Schema {
+			items.Content = append(items.Content, item.ToRawInfo())
+		}
+		if len(items.Content) == 1 {
+			items = items.Content[0]
+		}
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("items"))
+		info.Content = append(info.Content, items)
+	}
+	if len(m.AllOf) != 0 {
+		items := compiler.NewSequenceNode()
+		for _, item := range m.AllOf {
+			items.Content = append(items.Content, item.ToRawInfo())
+		}
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("allOf"))
+		info.Content = append(info.Content, items)
+	}
+	if m.Properties != nil {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("properties"))
+		info.Content = append(info.Content, m.Properties.ToRawInfo())
+	}
+	if m.Discriminator != "" {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("discriminator"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForString(m.Discriminator))
+	}
+	if m.ReadOnly != false {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("readOnly"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForBool(m.ReadOnly))
+	}
+	if m.Xml != nil {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("xml"))
+		info.Content = append(info.Content, m.Xml.ToRawInfo())
+	}
+	if m.ExternalDocs != nil {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("externalDocs"))
+		info.Content = append(info.Content, m.ExternalDocs.ToRawInfo())
+	}
+	if m.Example != nil {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("example"))
+		info.Content = append(info.Content, m.Example.ToRawInfo())
+	}
+	if m.VendorExtension != nil {
+		for _, item := range m.VendorExtension {
+			info.Content = append(info.Content, compiler.NewScalarNodeForString(item.Name))
+			info.Content = append(info.Content, item.Value.ToRawInfo())
+		}
+	}
+	return info
+}
+
+// ToRawInfo returns a description of SchemaItem suitable for JSON or YAML export.
+func (m *SchemaItem) ToRawInfo() *yaml.Node {
+	// ONE OF WRAPPER
+	// SchemaItem
+	// {Name:schema Type:Schema StringEnumValues:[] MapType: Repeated:false Pattern: Implicit:false Description:}
+	v0 := m.GetSchema()
+	if v0 != nil {
+		return v0.ToRawInfo()
+	}
+	// {Name:fileSchema Type:FileSchema StringEnumValues:[] MapType: Repeated:false Pattern: Implicit:false Description:}
+	v1 := m.GetFileSchema()
+	if v1 != nil {
+		return v1.ToRawInfo()
+	}
+	return compiler.NewNullNode()
+}
+
+// ToRawInfo returns a description of SecurityDefinitions suitable for JSON or YAML export.
+func (m *SecurityDefinitions) ToRawInfo() *yaml.Node {
+	info := compiler.NewMappingNode()
+	if m == nil {
+		return info
+	}
+	if m.AdditionalProperties != nil {
+		for _, item := range m.AdditionalProperties {
+			info.Content = append(info.Content, compiler.NewScalarNodeForString(item.Name))
+			info.Content = append(info.Content, item.Value.ToRawInfo())
+		}
+	}
+	return info
+}
+
+// ToRawInfo returns a description of SecurityDefinitionsItem suitable for JSON or YAML export.
+func (m *SecurityDefinitionsItem) ToRawInfo() *yaml.Node {
+	// ONE OF WRAPPER
+	// SecurityDefinitionsItem
+	// {Name:basicAuthenticationSecurity Type:BasicAuthenticationSecurity StringEnumValues:[] MapType: Repeated:false Pattern: Implicit:false Description:}
+	v0 := m.GetBasicAuthenticationSecurity()
+	if v0 != nil {
+		return v0.ToRawInfo()
+	}
+	// {Name:apiKeySecurity Type:ApiKeySecurity StringEnumValues:[] MapType: Repeated:false Pattern: Implicit:false Description:}
+	v1 := m.GetApiKeySecurity()
+	if v1 != nil {
+		return v1.ToRawInfo()
+	}
+	// {Name:oauth2ImplicitSecurity Type:Oauth2ImplicitSecurity StringEnumValues:[] MapType: Repeated:false Pattern: Implicit:false Description:}
+	v2 := m.GetOauth2ImplicitSecurity()
+	if v2 != nil {
+		return v2.ToRawInfo()
+	}
+	// {Name:oauth2PasswordSecurity Type:Oauth2PasswordSecurity StringEnumValues:[] MapType: Repeated:false Pattern: Implicit:false Description:}
+	v3 := m.GetOauth2PasswordSecurity()
+	if v3 != nil {
+		return v3.ToRawInfo()
+	}
+	// {Name:oauth2ApplicationSecurity Type:Oauth2ApplicationSecurity StringEnumValues:[] MapType: Repeated:false Pattern: Implicit:false Description:}
+	v4 := m.GetOauth2ApplicationSecurity()
+	if v4 != nil {
+		return v4.ToRawInfo()
+	}
+	// {Name:oauth2AccessCodeSecurity Type:Oauth2AccessCodeSecurity StringEnumValues:[] MapType: Repeated:false Pattern: Implicit:false Description:}
+	v5 := m.GetOauth2AccessCodeSecurity()
+	if v5 != nil {
+		return v5.ToRawInfo()
+	}
+	return compiler.NewNullNode()
+}
+
+// ToRawInfo returns a description of SecurityRequirement suitable for JSON or YAML export.
+func (m *SecurityRequirement) ToRawInfo() *yaml.Node {
+	info := compiler.NewMappingNode()
+	if m == nil {
+		return info
+	}
+	if m.AdditionalProperties != nil {
+		for _, item := range m.AdditionalProperties {
+			info.Content = append(info.Content, compiler.NewScalarNodeForString(item.Name))
+			info.Content = append(info.Content, item.Value.ToRawInfo())
+		}
+	}
+	return info
+}
+
+// ToRawInfo returns a description of StringArray suitable for JSON or YAML export.
+func (m *StringArray) ToRawInfo() *yaml.Node {
+	return compiler.NewSequenceNodeForStringArray(m.Value)
+}
+
+// ToRawInfo returns a description of Tag suitable for JSON or YAML export.
+func (m *Tag) ToRawInfo() *yaml.Node {
+	info := compiler.NewMappingNode()
+	if m == nil {
+		return info
+	}
+	// always include this required field.
+	info.Content = append(info.Content, compiler.NewScalarNodeForString("name"))
+	info.Content = append(info.Content, compiler.NewScalarNodeForString(m.Name))
+	if m.Description != "" {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("description"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForString(m.Description))
+	}
+	if m.ExternalDocs != nil {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("externalDocs"))
+		info.Content = append(info.Content, m.ExternalDocs.ToRawInfo())
+	}
+	if m.VendorExtension != nil {
+		for _, item := range m.VendorExtension {
+			info.Content = append(info.Content, compiler.NewScalarNodeForString(item.Name))
+			info.Content = append(info.Content, item.Value.ToRawInfo())
+		}
+	}
+	return info
+}
+
+// ToRawInfo returns a description of TypeItem suitable for JSON or YAML export.
+func (m *TypeItem) ToRawInfo() *yaml.Node {
+	info := compiler.NewMappingNode()
+	if m == nil {
+		return info
+	}
+	if len(m.Value) != 0 {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("value"))
+		info.Content = append(info.Content, compiler.NewSequenceNodeForStringArray(m.Value))
+	}
+	return info
+}
+
+// ToRawInfo returns a description of VendorExtension suitable for JSON or YAML export.
+func (m *VendorExtension) ToRawInfo() *yaml.Node {
+	info := compiler.NewMappingNode()
+	if m == nil {
+		return info
+	}
+	if m.AdditionalProperties != nil {
+		for _, item := range m.AdditionalProperties {
+			info.Content = append(info.Content, compiler.NewScalarNodeForString(item.Name))
+			info.Content = append(info.Content, item.Value.ToRawInfo())
+		}
+	}
+	return info
+}
+
+// ToRawInfo returns a description of Xml suitable for JSON or YAML export.
+func (m *Xml) ToRawInfo() *yaml.Node {
+	info := compiler.NewMappingNode()
+	if m == nil {
+		return info
+	}
+	if m.Name != "" {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("name"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForString(m.Name))
+	}
+	if m.Namespace != "" {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("namespace"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForString(m.Namespace))
+	}
+	if m.Prefix != "" {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("prefix"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForString(m.Prefix))
+	}
+	if m.Attribute != false {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("attribute"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForBool(m.Attribute))
+	}
+	if m.Wrapped != false {
+		info.Content = append(info.Content, compiler.NewScalarNodeForString("wrapped"))
+		info.Content = append(info.Content, compiler.NewScalarNodeForBool(m.Wrapped))
+	}
+	if m.VendorExtension != nil {
+		for _, item := range m.VendorExtension {
+			info.Content = append(info.Content, compiler.NewScalarNodeForString(item.Name))
+			info.Content = append(info.Content, item.Value.ToRawInfo())
+		}
+	}
+	return info
+}
+
+var (
+	pattern0 = regexp.MustCompile("^x-")
+	pattern1 = regexp.MustCompile("^/")
+	pattern2 = regexp.MustCompile("^([0-9]{3})$|^(default)$")
+)
diff --git a/vendor/github.com/google/gnostic-models/openapiv2/OpenAPIv2.pb.go b/vendor/github.com/google/gnostic-models/openapiv2/OpenAPIv2.pb.go
new file mode 100644
index 000000000..65c4c913c
--- /dev/null
+++ b/vendor/github.com/google/gnostic-models/openapiv2/OpenAPIv2.pb.go
@@ -0,0 +1,7342 @@
+// Copyright 2020 Google LLC. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// THIS FILE IS AUTOMATICALLY GENERATED.
+
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// 	protoc-gen-go v1.27.1
+// 	protoc        v3.19.3
+// source: openapiv2/OpenAPIv2.proto
+
+package openapi_v2
+
+import (
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+	anypb "google.golang.org/protobuf/types/known/anypb"
+	reflect "reflect"
+	sync "sync"
+)
+
+const (
+	// Verify that this generated code is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+	// Verify that runtime/protoimpl is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+type AdditionalPropertiesItem struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// Types that are assignable to Oneof:
+	//	*AdditionalPropertiesItem_Schema
+	//	*AdditionalPropertiesItem_Boolean
+	Oneof isAdditionalPropertiesItem_Oneof `protobuf_oneof:"oneof"`
+}
+
+func (x *AdditionalPropertiesItem) Reset() {
+	*x = AdditionalPropertiesItem{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[0]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *AdditionalPropertiesItem) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*AdditionalPropertiesItem) ProtoMessage() {}
+
+func (x *AdditionalPropertiesItem) ProtoReflect() protoreflect.Message {
+	mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[0]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use AdditionalPropertiesItem.ProtoReflect.Descriptor instead.
+func (*AdditionalPropertiesItem) Descriptor() ([]byte, []int) {
+	return file_openapiv2_OpenAPIv2_proto_rawDescGZIP(), []int{0}
+}
+
+func (m *AdditionalPropertiesItem) GetOneof() isAdditionalPropertiesItem_Oneof {
+	if m != nil {
+		return m.Oneof
+	}
+	return nil
+}
+
+func (x *AdditionalPropertiesItem) GetSchema() *Schema {
+	if x, ok := x.GetOneof().(*AdditionalPropertiesItem_Schema); ok {
+		return x.Schema
+	}
+	return nil
+}
+
+func (x *AdditionalPropertiesItem) GetBoolean() bool {
+	if x, ok := x.GetOneof().(*AdditionalPropertiesItem_Boolean); ok {
+		return x.Boolean
+	}
+	return false
+}
+
+type isAdditionalPropertiesItem_Oneof interface {
+	isAdditionalPropertiesItem_Oneof()
+}
+
+type AdditionalPropertiesItem_Schema struct {
+	Schema *Schema `protobuf:"bytes,1,opt,name=schema,proto3,oneof"`
+}
+
+type AdditionalPropertiesItem_Boolean struct {
+	Boolean bool `protobuf:"varint,2,opt,name=boolean,proto3,oneof"`
+}
+
+func (*AdditionalPropertiesItem_Schema) isAdditionalPropertiesItem_Oneof() {}
+
+func (*AdditionalPropertiesItem_Boolean) isAdditionalPropertiesItem_Oneof() {}
+
+type Any struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	Value *anypb.Any `protobuf:"bytes,1,opt,name=value,proto3" json:"value,omitempty"`
+	Yaml  string     `protobuf:"bytes,2,opt,name=yaml,proto3" json:"yaml,omitempty"`
+}
+
+func (x *Any) Reset() {
+	*x = Any{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[1]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *Any) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*Any) ProtoMessage() {}
+
+func (x *Any) ProtoReflect() protoreflect.Message {
+	mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[1]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use Any.ProtoReflect.Descriptor instead.
+func (*Any) Descriptor() ([]byte, []int) {
+	return file_openapiv2_OpenAPIv2_proto_rawDescGZIP(), []int{1}
+}
+
+func (x *Any) GetValue() *anypb.Any {
+	if x != nil {
+		return x.Value
+	}
+	return nil
+}
+
+func (x *Any) GetYaml() string {
+	if x != nil {
+		return x.Yaml
+	}
+	return ""
+}
+
+type ApiKeySecurity struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	Type            string      `protobuf:"bytes,1,opt,name=type,proto3" json:"type,omitempty"`
+	Name            string      `protobuf:"bytes,2,opt,name=name,proto3" json:"name,omitempty"`
+	In              string      `protobuf:"bytes,3,opt,name=in,proto3" json:"in,omitempty"`
+	Description     string      `protobuf:"bytes,4,opt,name=description,proto3" json:"description,omitempty"`
+	VendorExtension []*NamedAny `protobuf:"bytes,5,rep,name=vendor_extension,json=vendorExtension,proto3" json:"vendor_extension,omitempty"`
+}
+
+func (x *ApiKeySecurity) Reset() {
+	*x = ApiKeySecurity{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[2]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *ApiKeySecurity) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ApiKeySecurity) ProtoMessage() {}
+
+func (x *ApiKeySecurity) ProtoReflect() protoreflect.Message {
+	mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[2]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ApiKeySecurity.ProtoReflect.Descriptor instead.
+func (*ApiKeySecurity) Descriptor() ([]byte, []int) {
+	return file_openapiv2_OpenAPIv2_proto_rawDescGZIP(), []int{2}
+}
+
+func (x *ApiKeySecurity) GetType() string {
+	if x != nil {
+		return x.Type
+	}
+	return ""
+}
+
+func (x *ApiKeySecurity) GetName() string {
+	if x != nil {
+		return x.Name
+	}
+	return ""
+}
+
+func (x *ApiKeySecurity) GetIn() string {
+	if x != nil {
+		return x.In
+	}
+	return ""
+}
+
+func (x *ApiKeySecurity) GetDescription() string {
+	if x != nil {
+		return x.Description
+	}
+	return ""
+}
+
+func (x *ApiKeySecurity) GetVendorExtension() []*NamedAny {
+	if x != nil {
+		return x.VendorExtension
+	}
+	return nil
+}
+
+type BasicAuthenticationSecurity struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	Type            string      `protobuf:"bytes,1,opt,name=type,proto3" json:"type,omitempty"`
+	Description     string      `protobuf:"bytes,2,opt,name=description,proto3" json:"description,omitempty"`
+	VendorExtension []*NamedAny `protobuf:"bytes,3,rep,name=vendor_extension,json=vendorExtension,proto3" json:"vendor_extension,omitempty"`
+}
+
+func (x *BasicAuthenticationSecurity) Reset() {
+	*x = BasicAuthenticationSecurity{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[3]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *BasicAuthenticationSecurity) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*BasicAuthenticationSecurity) ProtoMessage() {}
+
+func (x *BasicAuthenticationSecurity) ProtoReflect() protoreflect.Message {
+	mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[3]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use BasicAuthenticationSecurity.ProtoReflect.Descriptor instead.
+func (*BasicAuthenticationSecurity) Descriptor() ([]byte, []int) {
+	return file_openapiv2_OpenAPIv2_proto_rawDescGZIP(), []int{3}
+}
+
+func (x *BasicAuthenticationSecurity) GetType() string {
+	if x != nil {
+		return x.Type
+	}
+	return ""
+}
+
+func (x *BasicAuthenticationSecurity) GetDescription() string {
+	if x != nil {
+		return x.Description
+	}
+	return ""
+}
+
+func (x *BasicAuthenticationSecurity) GetVendorExtension() []*NamedAny {
+	if x != nil {
+		return x.VendorExtension
+	}
+	return nil
+}
+
+type BodyParameter struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// A brief description of the parameter. This could contain examples of use.  GitHub Flavored Markdown is allowed.
+	Description string `protobuf:"bytes,1,opt,name=description,proto3" json:"description,omitempty"`
+	// The name of the parameter.
+	Name string `protobuf:"bytes,2,opt,name=name,proto3" json:"name,omitempty"`
+	// Determines the location of the parameter.
+	In string `protobuf:"bytes,3,opt,name=in,proto3" json:"in,omitempty"`
+	// Determines whether or not this parameter is required or optional.
+	Required        bool        `protobuf:"varint,4,opt,name=required,proto3" json:"required,omitempty"`
+	Schema          *Schema     `protobuf:"bytes,5,opt,name=schema,proto3" json:"schema,omitempty"`
+	VendorExtension []*NamedAny `protobuf:"bytes,6,rep,name=vendor_extension,json=vendorExtension,proto3" json:"vendor_extension,omitempty"`
+}
+
+func (x *BodyParameter) Reset() {
+	*x = BodyParameter{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[4]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *BodyParameter) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*BodyParameter) ProtoMessage() {}
+
+func (x *BodyParameter) ProtoReflect() protoreflect.Message {
+	mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[4]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use BodyParameter.ProtoReflect.Descriptor instead.
+func (*BodyParameter) Descriptor() ([]byte, []int) {
+	return file_openapiv2_OpenAPIv2_proto_rawDescGZIP(), []int{4}
+}
+
+func (x *BodyParameter) GetDescription() string {
+	if x != nil {
+		return x.Description
+	}
+	return ""
+}
+
+func (x *BodyParameter) GetName() string {
+	if x != nil {
+		return x.Name
+	}
+	return ""
+}
+
+func (x *BodyParameter) GetIn() string {
+	if x != nil {
+		return x.In
+	}
+	return ""
+}
+
+func (x *BodyParameter) GetRequired() bool {
+	if x != nil {
+		return x.Required
+	}
+	return false
+}
+
+func (x *BodyParameter) GetSchema() *Schema {
+	if x != nil {
+		return x.Schema
+	}
+	return nil
+}
+
+func (x *BodyParameter) GetVendorExtension() []*NamedAny {
+	if x != nil {
+		return x.VendorExtension
+	}
+	return nil
+}
+
+// Contact information for the owners of the API.
+type Contact struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// The identifying name of the contact person/organization.
+	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
+	// The URL pointing to the contact information.
+	Url string `protobuf:"bytes,2,opt,name=url,proto3" json:"url,omitempty"`
+	// The email address of the contact person/organization.
+	Email           string      `protobuf:"bytes,3,opt,name=email,proto3" json:"email,omitempty"`
+	VendorExtension []*NamedAny `protobuf:"bytes,4,rep,name=vendor_extension,json=vendorExtension,proto3" json:"vendor_extension,omitempty"`
+}
+
+func (x *Contact) Reset() {
+	*x = Contact{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[5]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *Contact) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*Contact) ProtoMessage() {}
+
+func (x *Contact) ProtoReflect() protoreflect.Message {
+	mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[5]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use Contact.ProtoReflect.Descriptor instead.
+func (*Contact) Descriptor() ([]byte, []int) {
+	return file_openapiv2_OpenAPIv2_proto_rawDescGZIP(), []int{5}
+}
+
+func (x *Contact) GetName() string {
+	if x != nil {
+		return x.Name
+	}
+	return ""
+}
+
+func (x *Contact) GetUrl() string {
+	if x != nil {
+		return x.Url
+	}
+	return ""
+}
+
+func (x *Contact) GetEmail() string {
+	if x != nil {
+		return x.Email
+	}
+	return ""
+}
+
+func (x *Contact) GetVendorExtension() []*NamedAny {
+	if x != nil {
+		return x.VendorExtension
+	}
+	return nil
+}
+
+type Default struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	AdditionalProperties []*NamedAny `protobuf:"bytes,1,rep,name=additional_properties,json=additionalProperties,proto3" json:"additional_properties,omitempty"`
+}
+
+func (x *Default) Reset() {
+	*x = Default{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[6]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *Default) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*Default) ProtoMessage() {}
+
+func (x *Default) ProtoReflect() protoreflect.Message {
+	mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[6]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use Default.ProtoReflect.Descriptor instead.
+func (*Default) Descriptor() ([]byte, []int) {
+	return file_openapiv2_OpenAPIv2_proto_rawDescGZIP(), []int{6}
+}
+
+func (x *Default) GetAdditionalProperties() []*NamedAny {
+	if x != nil {
+		return x.AdditionalProperties
+	}
+	return nil
+}
+
+// One or more JSON objects describing the schemas being consumed and produced by the API.
+type Definitions struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	AdditionalProperties []*NamedSchema `protobuf:"bytes,1,rep,name=additional_properties,json=additionalProperties,proto3" json:"additional_properties,omitempty"`
+}
+
+func (x *Definitions) Reset() {
+	*x = Definitions{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[7]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *Definitions) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*Definitions) ProtoMessage() {}
+
+func (x *Definitions) ProtoReflect() protoreflect.Message {
+	mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[7]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use Definitions.ProtoReflect.Descriptor instead.
+func (*Definitions) Descriptor() ([]byte, []int) {
+	return file_openapiv2_OpenAPIv2_proto_rawDescGZIP(), []int{7}
+}
+
+func (x *Definitions) GetAdditionalProperties() []*NamedSchema {
+	if x != nil {
+		return x.AdditionalProperties
+	}
+	return nil
+}
+
+type Document struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// The Swagger version of this document.
+	Swagger string `protobuf:"bytes,1,opt,name=swagger,proto3" json:"swagger,omitempty"`
+	Info    *Info  `protobuf:"bytes,2,opt,name=info,proto3" json:"info,omitempty"`
+	// The host (name or ip) of the API. Example: 'swagger.io'
+	Host string `protobuf:"bytes,3,opt,name=host,proto3" json:"host,omitempty"`
+	// The base path to the API. Example: '/api'.
+	BasePath string `protobuf:"bytes,4,opt,name=base_path,json=basePath,proto3" json:"base_path,omitempty"`
+	// The transfer protocol of the API.
+	Schemes []string `protobuf:"bytes,5,rep,name=schemes,proto3" json:"schemes,omitempty"`
+	// A list of MIME types accepted by the API.
+	Consumes []string `protobuf:"bytes,6,rep,name=consumes,proto3" json:"consumes,omitempty"`
+	// A list of MIME types the API can produce.
+	Produces            []string               `protobuf:"bytes,7,rep,name=produces,proto3" json:"produces,omitempty"`
+	Paths               *Paths                 `protobuf:"bytes,8,opt,name=paths,proto3" json:"paths,omitempty"`
+	Definitions         *Definitions           `protobuf:"bytes,9,opt,name=definitions,proto3" json:"definitions,omitempty"`
+	Parameters          *ParameterDefinitions  `protobuf:"bytes,10,opt,name=parameters,proto3" json:"parameters,omitempty"`
+	Responses           *ResponseDefinitions   `protobuf:"bytes,11,opt,name=responses,proto3" json:"responses,omitempty"`
+	Security            []*SecurityRequirement `protobuf:"bytes,12,rep,name=security,proto3" json:"security,omitempty"`
+	SecurityDefinitions *SecurityDefinitions   `protobuf:"bytes,13,opt,name=security_definitions,json=securityDefinitions,proto3" json:"security_definitions,omitempty"`
+	Tags                []*Tag                 `protobuf:"bytes,14,rep,name=tags,proto3" json:"tags,omitempty"`
+	ExternalDocs        *ExternalDocs          `protobuf:"bytes,15,opt,name=external_docs,json=externalDocs,proto3" json:"external_docs,omitempty"`
+	VendorExtension     []*NamedAny            `protobuf:"bytes,16,rep,name=vendor_extension,json=vendorExtension,proto3" json:"vendor_extension,omitempty"`
+}
+
+func (x *Document) Reset() {
+	*x = Document{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[8]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *Document) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*Document) ProtoMessage() {}
+
+func (x *Document) ProtoReflect() protoreflect.Message {
+	mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[8]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use Document.ProtoReflect.Descriptor instead.
+func (*Document) Descriptor() ([]byte, []int) {
+	return file_openapiv2_OpenAPIv2_proto_rawDescGZIP(), []int{8}
+}
+
+func (x *Document) GetSwagger() string {
+	if x != nil {
+		return x.Swagger
+	}
+	return ""
+}
+
+func (x *Document) GetInfo() *Info {
+	if x != nil {
+		return x.Info
+	}
+	return nil
+}
+
+func (x *Document) GetHost() string {
+	if x != nil {
+		return x.Host
+	}
+	return ""
+}
+
+func (x *Document) GetBasePath() string {
+	if x != nil {
+		return x.BasePath
+	}
+	return ""
+}
+
+func (x *Document) GetSchemes() []string {
+	if x != nil {
+		return x.Schemes
+	}
+	return nil
+}
+
+func (x *Document) GetConsumes() []string {
+	if x != nil {
+		return x.Consumes
+	}
+	return nil
+}
+
+func (x *Document) GetProduces() []string {
+	if x != nil {
+		return x.Produces
+	}
+	return nil
+}
+
+func (x *Document) GetPaths() *Paths {
+	if x != nil {
+		return x.Paths
+	}
+	return nil
+}
+
+func (x *Document) GetDefinitions() *Definitions {
+	if x != nil {
+		return x.Definitions
+	}
+	return nil
+}
+
+func (x *Document) GetParameters() *ParameterDefinitions {
+	if x != nil {
+		return x.Parameters
+	}
+	return nil
+}
+
+func (x *Document) GetResponses() *ResponseDefinitions {
+	if x != nil {
+		return x.Responses
+	}
+	return nil
+}
+
+func (x *Document) GetSecurity() []*SecurityRequirement {
+	if x != nil {
+		return x.Security
+	}
+	return nil
+}
+
+func (x *Document) GetSecurityDefinitions() *SecurityDefinitions {
+	if x != nil {
+		return x.SecurityDefinitions
+	}
+	return nil
+}
+
+func (x *Document) GetTags() []*Tag {
+	if x != nil {
+		return x.Tags
+	}
+	return nil
+}
+
+func (x *Document) GetExternalDocs() *ExternalDocs {
+	if x != nil {
+		return x.ExternalDocs
+	}
+	return nil
+}
+
+func (x *Document) GetVendorExtension() []*NamedAny {
+	if x != nil {
+		return x.VendorExtension
+	}
+	return nil
+}
+
+type Examples struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	AdditionalProperties []*NamedAny `protobuf:"bytes,1,rep,name=additional_properties,json=additionalProperties,proto3" json:"additional_properties,omitempty"`
+}
+
+func (x *Examples) Reset() {
+	*x = Examples{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[9]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *Examples) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*Examples) ProtoMessage() {}
+
+func (x *Examples) ProtoReflect() protoreflect.Message {
+	mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[9]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use Examples.ProtoReflect.Descriptor instead.
+func (*Examples) Descriptor() ([]byte, []int) {
+	return file_openapiv2_OpenAPIv2_proto_rawDescGZIP(), []int{9}
+}
+
+func (x *Examples) GetAdditionalProperties() []*NamedAny {
+	if x != nil {
+		return x.AdditionalProperties
+	}
+	return nil
+}
+
+// information about external documentation
+type ExternalDocs struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	Description     string      `protobuf:"bytes,1,opt,name=description,proto3" json:"description,omitempty"`
+	Url             string      `protobuf:"bytes,2,opt,name=url,proto3" json:"url,omitempty"`
+	VendorExtension []*NamedAny `protobuf:"bytes,3,rep,name=vendor_extension,json=vendorExtension,proto3" json:"vendor_extension,omitempty"`
+}
+
+func (x *ExternalDocs) Reset() {
+	*x = ExternalDocs{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[10]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *ExternalDocs) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ExternalDocs) ProtoMessage() {}
+
+func (x *ExternalDocs) ProtoReflect() protoreflect.Message {
+	mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[10]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ExternalDocs.ProtoReflect.Descriptor instead.
+func (*ExternalDocs) Descriptor() ([]byte, []int) {
+	return file_openapiv2_OpenAPIv2_proto_rawDescGZIP(), []int{10}
+}
+
+func (x *ExternalDocs) GetDescription() string {
+	if x != nil {
+		return x.Description
+	}
+	return ""
+}
+
+func (x *ExternalDocs) GetUrl() string {
+	if x != nil {
+		return x.Url
+	}
+	return ""
+}
+
+func (x *ExternalDocs) GetVendorExtension() []*NamedAny {
+	if x != nil {
+		return x.VendorExtension
+	}
+	return nil
+}
+
+// A deterministic version of a JSON Schema object.
+type FileSchema struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	Format          string        `protobuf:"bytes,1,opt,name=format,proto3" json:"format,omitempty"`
+	Title           string        `protobuf:"bytes,2,opt,name=title,proto3" json:"title,omitempty"`
+	Description     string        `protobuf:"bytes,3,opt,name=description,proto3" json:"description,omitempty"`
+	Default         *Any          `protobuf:"bytes,4,opt,name=default,proto3" json:"default,omitempty"`
+	Required        []string      `protobuf:"bytes,5,rep,name=required,proto3" json:"required,omitempty"`
+	Type            string        `protobuf:"bytes,6,opt,name=type,proto3" json:"type,omitempty"`
+	ReadOnly        bool          `protobuf:"varint,7,opt,name=read_only,json=readOnly,proto3" json:"read_only,omitempty"`
+	ExternalDocs    *ExternalDocs `protobuf:"bytes,8,opt,name=external_docs,json=externalDocs,proto3" json:"external_docs,omitempty"`
+	Example         *Any          `protobuf:"bytes,9,opt,name=example,proto3" json:"example,omitempty"`
+	VendorExtension []*NamedAny   `protobuf:"bytes,10,rep,name=vendor_extension,json=vendorExtension,proto3" json:"vendor_extension,omitempty"`
+}
+
+func (x *FileSchema) Reset() {
+	*x = FileSchema{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[11]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *FileSchema) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*FileSchema) ProtoMessage() {}
+
+func (x *FileSchema) ProtoReflect() protoreflect.Message {
+	mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[11]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use FileSchema.ProtoReflect.Descriptor instead.
+func (*FileSchema) Descriptor() ([]byte, []int) {
+	return file_openapiv2_OpenAPIv2_proto_rawDescGZIP(), []int{11}
+}
+
+func (x *FileSchema) GetFormat() string {
+	if x != nil {
+		return x.Format
+	}
+	return ""
+}
+
+func (x *FileSchema) GetTitle() string {
+	if x != nil {
+		return x.Title
+	}
+	return ""
+}
+
+func (x *FileSchema) GetDescription() string {
+	if x != nil {
+		return x.Description
+	}
+	return ""
+}
+
+func (x *FileSchema) GetDefault() *Any {
+	if x != nil {
+		return x.Default
+	}
+	return nil
+}
+
+func (x *FileSchema) GetRequired() []string {
+	if x != nil {
+		return x.Required
+	}
+	return nil
+}
+
+func (x *FileSchema) GetType() string {
+	if x != nil {
+		return x.Type
+	}
+	return ""
+}
+
+func (x *FileSchema) GetReadOnly() bool {
+	if x != nil {
+		return x.ReadOnly
+	}
+	return false
+}
+
+func (x *FileSchema) GetExternalDocs() *ExternalDocs {
+	if x != nil {
+		return x.ExternalDocs
+	}
+	return nil
+}
+
+func (x *FileSchema) GetExample() *Any {
+	if x != nil {
+		return x.Example
+	}
+	return nil
+}
+
+func (x *FileSchema) GetVendorExtension() []*NamedAny {
+	if x != nil {
+		return x.VendorExtension
+	}
+	return nil
+}
+
+type FormDataParameterSubSchema struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// Determines whether or not this parameter is required or optional.
+	Required bool `protobuf:"varint,1,opt,name=required,proto3" json:"required,omitempty"`
+	// Determines the location of the parameter.
+	In string `protobuf:"bytes,2,opt,name=in,proto3" json:"in,omitempty"`
+	// A brief description of the parameter. This could contain examples of use.  GitHub Flavored Markdown is allowed.
+	Description string `protobuf:"bytes,3,opt,name=description,proto3" json:"description,omitempty"`
+	// The name of the parameter.
+	Name string `protobuf:"bytes,4,opt,name=name,proto3" json:"name,omitempty"`
+	// allows sending a parameter by name only or with an empty value.
+	AllowEmptyValue  bool             `protobuf:"varint,5,opt,name=allow_empty_value,json=allowEmptyValue,proto3" json:"allow_empty_value,omitempty"`
+	Type             string           `protobuf:"bytes,6,opt,name=type,proto3" json:"type,omitempty"`
+	Format           string           `protobuf:"bytes,7,opt,name=format,proto3" json:"format,omitempty"`
+	Items            *PrimitivesItems `protobuf:"bytes,8,opt,name=items,proto3" json:"items,omitempty"`
+	CollectionFormat string           `protobuf:"bytes,9,opt,name=collection_format,json=collectionFormat,proto3" json:"collection_format,omitempty"`
+	Default          *Any             `protobuf:"bytes,10,opt,name=default,proto3" json:"default,omitempty"`
+	Maximum          float64          `protobuf:"fixed64,11,opt,name=maximum,proto3" json:"maximum,omitempty"`
+	ExclusiveMaximum bool             `protobuf:"varint,12,opt,name=exclusive_maximum,json=exclusiveMaximum,proto3" json:"exclusive_maximum,omitempty"`
+	Minimum          float64          `protobuf:"fixed64,13,opt,name=minimum,proto3" json:"minimum,omitempty"`
+	ExclusiveMinimum bool             `protobuf:"varint,14,opt,name=exclusive_minimum,json=exclusiveMinimum,proto3" json:"exclusive_minimum,omitempty"`
+	MaxLength        int64            `protobuf:"varint,15,opt,name=max_length,json=maxLength,proto3" json:"max_length,omitempty"`
+	MinLength        int64            `protobuf:"varint,16,opt,name=min_length,json=minLength,proto3" json:"min_length,omitempty"`
+	Pattern          string           `protobuf:"bytes,17,opt,name=pattern,proto3" json:"pattern,omitempty"`
+	MaxItems         int64            `protobuf:"varint,18,opt,name=max_items,json=maxItems,proto3" json:"max_items,omitempty"`
+	MinItems         int64            `protobuf:"varint,19,opt,name=min_items,json=minItems,proto3" json:"min_items,omitempty"`
+	UniqueItems      bool             `protobuf:"varint,20,opt,name=unique_items,json=uniqueItems,proto3" json:"unique_items,omitempty"`
+	Enum             []*Any           `protobuf:"bytes,21,rep,name=enum,proto3" json:"enum,omitempty"`
+	MultipleOf       float64          `protobuf:"fixed64,22,opt,name=multiple_of,json=multipleOf,proto3" json:"multiple_of,omitempty"`
+	VendorExtension  []*NamedAny      `protobuf:"bytes,23,rep,name=vendor_extension,json=vendorExtension,proto3" json:"vendor_extension,omitempty"`
+}
+
+func (x *FormDataParameterSubSchema) Reset() {
+	*x = FormDataParameterSubSchema{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[12]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *FormDataParameterSubSchema) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*FormDataParameterSubSchema) ProtoMessage() {}
+
+func (x *FormDataParameterSubSchema) ProtoReflect() protoreflect.Message {
+	mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[12]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use FormDataParameterSubSchema.ProtoReflect.Descriptor instead.
+func (*FormDataParameterSubSchema) Descriptor() ([]byte, []int) {
+	return file_openapiv2_OpenAPIv2_proto_rawDescGZIP(), []int{12}
+}
+
+func (x *FormDataParameterSubSchema) GetRequired() bool {
+	if x != nil {
+		return x.Required
+	}
+	return false
+}
+
+func (x *FormDataParameterSubSchema) GetIn() string {
+	if x != nil {
+		return x.In
+	}
+	return ""
+}
+
+func (x *FormDataParameterSubSchema) GetDescription() string {
+	if x != nil {
+		return x.Description
+	}
+	return ""
+}
+
+func (x *FormDataParameterSubSchema) GetName() string {
+	if x != nil {
+		return x.Name
+	}
+	return ""
+}
+
+func (x *FormDataParameterSubSchema) GetAllowEmptyValue() bool {
+	if x != nil {
+		return x.AllowEmptyValue
+	}
+	return false
+}
+
+func (x *FormDataParameterSubSchema) GetType() string {
+	if x != nil {
+		return x.Type
+	}
+	return ""
+}
+
+func (x *FormDataParameterSubSchema) GetFormat() string {
+	if x != nil {
+		return x.Format
+	}
+	return ""
+}
+
+func (x *FormDataParameterSubSchema) GetItems() *PrimitivesItems {
+	if x != nil {
+		return x.Items
+	}
+	return nil
+}
+
+func (x *FormDataParameterSubSchema) GetCollectionFormat() string {
+	if x != nil {
+		return x.CollectionFormat
+	}
+	return ""
+}
+
+func (x *FormDataParameterSubSchema) GetDefault() *Any {
+	if x != nil {
+		return x.Default
+	}
+	return nil
+}
+
+func (x *FormDataParameterSubSchema) GetMaximum() float64 {
+	if x != nil {
+		return x.Maximum
+	}
+	return 0
+}
+
+func (x *FormDataParameterSubSchema) GetExclusiveMaximum() bool {
+	if x != nil {
+		return x.ExclusiveMaximum
+	}
+	return false
+}
+
+func (x *FormDataParameterSubSchema) GetMinimum() float64 {
+	if x != nil {
+		return x.Minimum
+	}
+	return 0
+}
+
+func (x *FormDataParameterSubSchema) GetExclusiveMinimum() bool {
+	if x != nil {
+		return x.ExclusiveMinimum
+	}
+	return false
+}
+
+func (x *FormDataParameterSubSchema) GetMaxLength() int64 {
+	if x != nil {
+		return x.MaxLength
+	}
+	return 0
+}
+
+func (x *FormDataParameterSubSchema) GetMinLength() int64 {
+	if x != nil {
+		return x.MinLength
+	}
+	return 0
+}
+
+func (x *FormDataParameterSubSchema) GetPattern() string {
+	if x != nil {
+		return x.Pattern
+	}
+	return ""
+}
+
+func (x *FormDataParameterSubSchema) GetMaxItems() int64 {
+	if x != nil {
+		return x.MaxItems
+	}
+	return 0
+}
+
+func (x *FormDataParameterSubSchema) GetMinItems() int64 {
+	if x != nil {
+		return x.MinItems
+	}
+	return 0
+}
+
+func (x *FormDataParameterSubSchema) GetUniqueItems() bool {
+	if x != nil {
+		return x.UniqueItems
+	}
+	return false
+}
+
+func (x *FormDataParameterSubSchema) GetEnum() []*Any {
+	if x != nil {
+		return x.Enum
+	}
+	return nil
+}
+
+func (x *FormDataParameterSubSchema) GetMultipleOf() float64 {
+	if x != nil {
+		return x.MultipleOf
+	}
+	return 0
+}
+
+func (x *FormDataParameterSubSchema) GetVendorExtension() []*NamedAny {
+	if x != nil {
+		return x.VendorExtension
+	}
+	return nil
+}
+
+type Header struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	Type             string           `protobuf:"bytes,1,opt,name=type,proto3" json:"type,omitempty"`
+	Format           string           `protobuf:"bytes,2,opt,name=format,proto3" json:"format,omitempty"`
+	Items            *PrimitivesItems `protobuf:"bytes,3,opt,name=items,proto3" json:"items,omitempty"`
+	CollectionFormat string           `protobuf:"bytes,4,opt,name=collection_format,json=collectionFormat,proto3" json:"collection_format,omitempty"`
+	Default          *Any             `protobuf:"bytes,5,opt,name=default,proto3" json:"default,omitempty"`
+	Maximum          float64          `protobuf:"fixed64,6,opt,name=maximum,proto3" json:"maximum,omitempty"`
+	ExclusiveMaximum bool             `protobuf:"varint,7,opt,name=exclusive_maximum,json=exclusiveMaximum,proto3" json:"exclusive_maximum,omitempty"`
+	Minimum          float64          `protobuf:"fixed64,8,opt,name=minimum,proto3" json:"minimum,omitempty"`
+	ExclusiveMinimum bool             `protobuf:"varint,9,opt,name=exclusive_minimum,json=exclusiveMinimum,proto3" json:"exclusive_minimum,omitempty"`
+	MaxLength        int64            `protobuf:"varint,10,opt,name=max_length,json=maxLength,proto3" json:"max_length,omitempty"`
+	MinLength        int64            `protobuf:"varint,11,opt,name=min_length,json=minLength,proto3" json:"min_length,omitempty"`
+	Pattern          string           `protobuf:"bytes,12,opt,name=pattern,proto3" json:"pattern,omitempty"`
+	MaxItems         int64            `protobuf:"varint,13,opt,name=max_items,json=maxItems,proto3" json:"max_items,omitempty"`
+	MinItems         int64            `protobuf:"varint,14,opt,name=min_items,json=minItems,proto3" json:"min_items,omitempty"`
+	UniqueItems      bool             `protobuf:"varint,15,opt,name=unique_items,json=uniqueItems,proto3" json:"unique_items,omitempty"`
+	Enum             []*Any           `protobuf:"bytes,16,rep,name=enum,proto3" json:"enum,omitempty"`
+	MultipleOf       float64          `protobuf:"fixed64,17,opt,name=multiple_of,json=multipleOf,proto3" json:"multiple_of,omitempty"`
+	Description      string           `protobuf:"bytes,18,opt,name=description,proto3" json:"description,omitempty"`
+	VendorExtension  []*NamedAny      `protobuf:"bytes,19,rep,name=vendor_extension,json=vendorExtension,proto3" json:"vendor_extension,omitempty"`
+}
+
+func (x *Header) Reset() {
+	*x = Header{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[13]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *Header) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*Header) ProtoMessage() {}
+
+func (x *Header) ProtoReflect() protoreflect.Message {
+	mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[13]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use Header.ProtoReflect.Descriptor instead.
+func (*Header) Descriptor() ([]byte, []int) {
+	return file_openapiv2_OpenAPIv2_proto_rawDescGZIP(), []int{13}
+}
+
+func (x *Header) GetType() string {
+	if x != nil {
+		return x.Type
+	}
+	return ""
+}
+
+func (x *Header) GetFormat() string {
+	if x != nil {
+		return x.Format
+	}
+	return ""
+}
+
+func (x *Header) GetItems() *PrimitivesItems {
+	if x != nil {
+		return x.Items
+	}
+	return nil
+}
+
+func (x *Header) GetCollectionFormat() string {
+	if x != nil {
+		return x.CollectionFormat
+	}
+	return ""
+}
+
+func (x *Header) GetDefault() *Any {
+	if x != nil {
+		return x.Default
+	}
+	return nil
+}
+
+func (x *Header) GetMaximum() float64 {
+	if x != nil {
+		return x.Maximum
+	}
+	return 0
+}
+
+func (x *Header) GetExclusiveMaximum() bool {
+	if x != nil {
+		return x.ExclusiveMaximum
+	}
+	return false
+}
+
+func (x *Header) GetMinimum() float64 {
+	if x != nil {
+		return x.Minimum
+	}
+	return 0
+}
+
+func (x *Header) GetExclusiveMinimum() bool {
+	if x != nil {
+		return x.ExclusiveMinimum
+	}
+	return false
+}
+
+func (x *Header) GetMaxLength() int64 {
+	if x != nil {
+		return x.MaxLength
+	}
+	return 0
+}
+
+func (x *Header) GetMinLength() int64 {
+	if x != nil {
+		return x.MinLength
+	}
+	return 0
+}
+
+func (x *Header) GetPattern() string {
+	if x != nil {
+		return x.Pattern
+	}
+	return ""
+}
+
+func (x *Header) GetMaxItems() int64 {
+	if x != nil {
+		return x.MaxItems
+	}
+	return 0
+}
+
+func (x *Header) GetMinItems() int64 {
+	if x != nil {
+		return x.MinItems
+	}
+	return 0
+}
+
+func (x *Header) GetUniqueItems() bool {
+	if x != nil {
+		return x.UniqueItems
+	}
+	return false
+}
+
+func (x *Header) GetEnum() []*Any {
+	if x != nil {
+		return x.Enum
+	}
+	return nil
+}
+
+func (x *Header) GetMultipleOf() float64 {
+	if x != nil {
+		return x.MultipleOf
+	}
+	return 0
+}
+
+func (x *Header) GetDescription() string {
+	if x != nil {
+		return x.Description
+	}
+	return ""
+}
+
+func (x *Header) GetVendorExtension() []*NamedAny {
+	if x != nil {
+		return x.VendorExtension
+	}
+	return nil
+}
+
+type HeaderParameterSubSchema struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// Determines whether or not this parameter is required or optional.
+	Required bool `protobuf:"varint,1,opt,name=required,proto3" json:"required,omitempty"`
+	// Determines the location of the parameter.
+	In string `protobuf:"bytes,2,opt,name=in,proto3" json:"in,omitempty"`
+	// A brief description of the parameter. This could contain examples of use.  GitHub Flavored Markdown is allowed.
+	Description string `protobuf:"bytes,3,opt,name=description,proto3" json:"description,omitempty"`
+	// The name of the parameter.
+	Name             string           `protobuf:"bytes,4,opt,name=name,proto3" json:"name,omitempty"`
+	Type             string           `protobuf:"bytes,5,opt,name=type,proto3" json:"type,omitempty"`
+	Format           string           `protobuf:"bytes,6,opt,name=format,proto3" json:"format,omitempty"`
+	Items            *PrimitivesItems `protobuf:"bytes,7,opt,name=items,proto3" json:"items,omitempty"`
+	CollectionFormat string           `protobuf:"bytes,8,opt,name=collection_format,json=collectionFormat,proto3" json:"collection_format,omitempty"`
+	Default          *Any             `protobuf:"bytes,9,opt,name=default,proto3" json:"default,omitempty"`
+	Maximum          float64          `protobuf:"fixed64,10,opt,name=maximum,proto3" json:"maximum,omitempty"`
+	ExclusiveMaximum bool             `protobuf:"varint,11,opt,name=exclusive_maximum,json=exclusiveMaximum,proto3" json:"exclusive_maximum,omitempty"`
+	Minimum          float64          `protobuf:"fixed64,12,opt,name=minimum,proto3" json:"minimum,omitempty"`
+	ExclusiveMinimum bool             `protobuf:"varint,13,opt,name=exclusive_minimum,json=exclusiveMinimum,proto3" json:"exclusive_minimum,omitempty"`
+	MaxLength        int64            `protobuf:"varint,14,opt,name=max_length,json=maxLength,proto3" json:"max_length,omitempty"`
+	MinLength        int64            `protobuf:"varint,15,opt,name=min_length,json=minLength,proto3" json:"min_length,omitempty"`
+	Pattern          string           `protobuf:"bytes,16,opt,name=pattern,proto3" json:"pattern,omitempty"`
+	MaxItems         int64            `protobuf:"varint,17,opt,name=max_items,json=maxItems,proto3" json:"max_items,omitempty"`
+	MinItems         int64            `protobuf:"varint,18,opt,name=min_items,json=minItems,proto3" json:"min_items,omitempty"`
+	UniqueItems      bool             `protobuf:"varint,19,opt,name=unique_items,json=uniqueItems,proto3" json:"unique_items,omitempty"`
+	Enum             []*Any           `protobuf:"bytes,20,rep,name=enum,proto3" json:"enum,omitempty"`
+	MultipleOf       float64          `protobuf:"fixed64,21,opt,name=multiple_of,json=multipleOf,proto3" json:"multiple_of,omitempty"`
+	VendorExtension  []*NamedAny      `protobuf:"bytes,22,rep,name=vendor_extension,json=vendorExtension,proto3" json:"vendor_extension,omitempty"`
+}
+
+func (x *HeaderParameterSubSchema) Reset() {
+	*x = HeaderParameterSubSchema{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[14]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *HeaderParameterSubSchema) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*HeaderParameterSubSchema) ProtoMessage() {}
+
+func (x *HeaderParameterSubSchema) ProtoReflect() protoreflect.Message {
+	mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[14]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use HeaderParameterSubSchema.ProtoReflect.Descriptor instead.
+func (*HeaderParameterSubSchema) Descriptor() ([]byte, []int) {
+	return file_openapiv2_OpenAPIv2_proto_rawDescGZIP(), []int{14}
+}
+
+func (x *HeaderParameterSubSchema) GetRequired() bool {
+	if x != nil {
+		return x.Required
+	}
+	return false
+}
+
+func (x *HeaderParameterSubSchema) GetIn() string {
+	if x != nil {
+		return x.In
+	}
+	return ""
+}
+
+func (x *HeaderParameterSubSchema) GetDescription() string {
+	if x != nil {
+		return x.Description
+	}
+	return ""
+}
+
+func (x *HeaderParameterSubSchema) GetName() string {
+	if x != nil {
+		return x.Name
+	}
+	return ""
+}
+
+func (x *HeaderParameterSubSchema) GetType() string {
+	if x != nil {
+		return x.Type
+	}
+	return ""
+}
+
+func (x *HeaderParameterSubSchema) GetFormat() string {
+	if x != nil {
+		return x.Format
+	}
+	return ""
+}
+
+func (x *HeaderParameterSubSchema) GetItems() *PrimitivesItems {
+	if x != nil {
+		return x.Items
+	}
+	return nil
+}
+
+func (x *HeaderParameterSubSchema) GetCollectionFormat() string {
+	if x != nil {
+		return x.CollectionFormat
+	}
+	return ""
+}
+
+func (x *HeaderParameterSubSchema) GetDefault() *Any {
+	if x != nil {
+		return x.Default
+	}
+	return nil
+}
+
+func (x *HeaderParameterSubSchema) GetMaximum() float64 {
+	if x != nil {
+		return x.Maximum
+	}
+	return 0
+}
+
+func (x *HeaderParameterSubSchema) GetExclusiveMaximum() bool {
+	if x != nil {
+		return x.ExclusiveMaximum
+	}
+	return false
+}
+
+func (x *HeaderParameterSubSchema) GetMinimum() float64 {
+	if x != nil {
+		return x.Minimum
+	}
+	return 0
+}
+
+func (x *HeaderParameterSubSchema) GetExclusiveMinimum() bool {
+	if x != nil {
+		return x.ExclusiveMinimum
+	}
+	return false
+}
+
+func (x *HeaderParameterSubSchema) GetMaxLength() int64 {
+	if x != nil {
+		return x.MaxLength
+	}
+	return 0
+}
+
+func (x *HeaderParameterSubSchema) GetMinLength() int64 {
+	if x != nil {
+		return x.MinLength
+	}
+	return 0
+}
+
+func (x *HeaderParameterSubSchema) GetPattern() string {
+	if x != nil {
+		return x.Pattern
+	}
+	return ""
+}
+
+func (x *HeaderParameterSubSchema) GetMaxItems() int64 {
+	if x != nil {
+		return x.MaxItems
+	}
+	return 0
+}
+
+func (x *HeaderParameterSubSchema) GetMinItems() int64 {
+	if x != nil {
+		return x.MinItems
+	}
+	return 0
+}
+
+func (x *HeaderParameterSubSchema) GetUniqueItems() bool {
+	if x != nil {
+		return x.UniqueItems
+	}
+	return false
+}
+
+func (x *HeaderParameterSubSchema) GetEnum() []*Any {
+	if x != nil {
+		return x.Enum
+	}
+	return nil
+}
+
+func (x *HeaderParameterSubSchema) GetMultipleOf() float64 {
+	if x != nil {
+		return x.MultipleOf
+	}
+	return 0
+}
+
+func (x *HeaderParameterSubSchema) GetVendorExtension() []*NamedAny {
+	if x != nil {
+		return x.VendorExtension
+	}
+	return nil
+}
+
+type Headers struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	AdditionalProperties []*NamedHeader `protobuf:"bytes,1,rep,name=additional_properties,json=additionalProperties,proto3" json:"additional_properties,omitempty"`
+}
+
+func (x *Headers) Reset() {
+	*x = Headers{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[15]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *Headers) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*Headers) ProtoMessage() {}
+
+func (x *Headers) ProtoReflect() protoreflect.Message {
+	mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[15]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use Headers.ProtoReflect.Descriptor instead.
+func (*Headers) Descriptor() ([]byte, []int) {
+	return file_openapiv2_OpenAPIv2_proto_rawDescGZIP(), []int{15}
+}
+
+func (x *Headers) GetAdditionalProperties() []*NamedHeader {
+	if x != nil {
+		return x.AdditionalProperties
+	}
+	return nil
+}
+
+// General information about the API.
+type Info struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// A unique and precise title of the API.
+	Title string `protobuf:"bytes,1,opt,name=title,proto3" json:"title,omitempty"`
+	// A semantic version number of the API.
+	Version string `protobuf:"bytes,2,opt,name=version,proto3" json:"version,omitempty"`
+	// A longer description of the API. Should be different from the title.  GitHub Flavored Markdown is allowed.
+	Description string `protobuf:"bytes,3,opt,name=description,proto3" json:"description,omitempty"`
+	// The terms of service for the API.
+	TermsOfService  string      `protobuf:"bytes,4,opt,name=terms_of_service,json=termsOfService,proto3" json:"terms_of_service,omitempty"`
+	Contact         *Contact    `protobuf:"bytes,5,opt,name=contact,proto3" json:"contact,omitempty"`
+	License         *License    `protobuf:"bytes,6,opt,name=license,proto3" json:"license,omitempty"`
+	VendorExtension []*NamedAny `protobuf:"bytes,7,rep,name=vendor_extension,json=vendorExtension,proto3" json:"vendor_extension,omitempty"`
+}
+
+func (x *Info) Reset() {
+	*x = Info{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[16]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *Info) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*Info) ProtoMessage() {}
+
+func (x *Info) ProtoReflect() protoreflect.Message {
+	mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[16]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use Info.ProtoReflect.Descriptor instead.
+func (*Info) Descriptor() ([]byte, []int) {
+	return file_openapiv2_OpenAPIv2_proto_rawDescGZIP(), []int{16}
+}
+
+func (x *Info) GetTitle() string {
+	if x != nil {
+		return x.Title
+	}
+	return ""
+}
+
+func (x *Info) GetVersion() string {
+	if x != nil {
+		return x.Version
+	}
+	return ""
+}
+
+func (x *Info) GetDescription() string {
+	if x != nil {
+		return x.Description
+	}
+	return ""
+}
+
+func (x *Info) GetTermsOfService() string {
+	if x != nil {
+		return x.TermsOfService
+	}
+	return ""
+}
+
+func (x *Info) GetContact() *Contact {
+	if x != nil {
+		return x.Contact
+	}
+	return nil
+}
+
+func (x *Info) GetLicense() *License {
+	if x != nil {
+		return x.License
+	}
+	return nil
+}
+
+func (x *Info) GetVendorExtension() []*NamedAny {
+	if x != nil {
+		return x.VendorExtension
+	}
+	return nil
+}
+
+type ItemsItem struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	Schema []*Schema `protobuf:"bytes,1,rep,name=schema,proto3" json:"schema,omitempty"`
+}
+
+func (x *ItemsItem) Reset() {
+	*x = ItemsItem{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[17]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *ItemsItem) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ItemsItem) ProtoMessage() {}
+
+func (x *ItemsItem) ProtoReflect() protoreflect.Message {
+	mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[17]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ItemsItem.ProtoReflect.Descriptor instead.
+func (*ItemsItem) Descriptor() ([]byte, []int) {
+	return file_openapiv2_OpenAPIv2_proto_rawDescGZIP(), []int{17}
+}
+
+func (x *ItemsItem) GetSchema() []*Schema {
+	if x != nil {
+		return x.Schema
+	}
+	return nil
+}
+
+type JsonReference struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	XRef        string `protobuf:"bytes,1,opt,name=_ref,json=Ref,proto3" json:"_ref,omitempty"`
+	Description string `protobuf:"bytes,2,opt,name=description,proto3" json:"description,omitempty"`
+}
+
+func (x *JsonReference) Reset() {
+	*x = JsonReference{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[18]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *JsonReference) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*JsonReference) ProtoMessage() {}
+
+func (x *JsonReference) ProtoReflect() protoreflect.Message {
+	mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[18]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use JsonReference.ProtoReflect.Descriptor instead.
+func (*JsonReference) Descriptor() ([]byte, []int) {
+	return file_openapiv2_OpenAPIv2_proto_rawDescGZIP(), []int{18}
+}
+
+func (x *JsonReference) GetXRef() string {
+	if x != nil {
+		return x.XRef
+	}
+	return ""
+}
+
+func (x *JsonReference) GetDescription() string {
+	if x != nil {
+		return x.Description
+	}
+	return ""
+}
+
+type License struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// The name of the license type. It's encouraged to use an OSI compatible license.
+	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
+	// The URL pointing to the license.
+	Url             string      `protobuf:"bytes,2,opt,name=url,proto3" json:"url,omitempty"`
+	VendorExtension []*NamedAny `protobuf:"bytes,3,rep,name=vendor_extension,json=vendorExtension,proto3" json:"vendor_extension,omitempty"`
+}
+
+func (x *License) Reset() {
+	*x = License{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[19]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *License) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*License) ProtoMessage() {}
+
+func (x *License) ProtoReflect() protoreflect.Message {
+	mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[19]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use License.ProtoReflect.Descriptor instead.
+func (*License) Descriptor() ([]byte, []int) {
+	return file_openapiv2_OpenAPIv2_proto_rawDescGZIP(), []int{19}
+}
+
+func (x *License) GetName() string {
+	if x != nil {
+		return x.Name
+	}
+	return ""
+}
+
+func (x *License) GetUrl() string {
+	if x != nil {
+		return x.Url
+	}
+	return ""
+}
+
+func (x *License) GetVendorExtension() []*NamedAny {
+	if x != nil {
+		return x.VendorExtension
+	}
+	return nil
+}
+
+// Automatically-generated message used to represent maps of Any as ordered (name,value) pairs.
+type NamedAny struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// Map key
+	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
+	// Mapped value
+	Value *Any `protobuf:"bytes,2,opt,name=value,proto3" json:"value,omitempty"`
+}
+
+func (x *NamedAny) Reset() {
+	*x = NamedAny{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[20]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *NamedAny) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*NamedAny) ProtoMessage() {}
+
+func (x *NamedAny) ProtoReflect() protoreflect.Message {
+	mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[20]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use NamedAny.ProtoReflect.Descriptor instead.
+func (*NamedAny) Descriptor() ([]byte, []int) {
+	return file_openapiv2_OpenAPIv2_proto_rawDescGZIP(), []int{20}
+}
+
+func (x *NamedAny) GetName() string {
+	if x != nil {
+		return x.Name
+	}
+	return ""
+}
+
+func (x *NamedAny) GetValue() *Any {
+	if x != nil {
+		return x.Value
+	}
+	return nil
+}
+
+// Automatically-generated message used to represent maps of Header as ordered (name,value) pairs.
+type NamedHeader struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// Map key
+	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
+	// Mapped value
+	Value *Header `protobuf:"bytes,2,opt,name=value,proto3" json:"value,omitempty"`
+}
+
+func (x *NamedHeader) Reset() {
+	*x = NamedHeader{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[21]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *NamedHeader) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*NamedHeader) ProtoMessage() {}
+
+func (x *NamedHeader) ProtoReflect() protoreflect.Message {
+	mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[21]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use NamedHeader.ProtoReflect.Descriptor instead.
+func (*NamedHeader) Descriptor() ([]byte, []int) {
+	return file_openapiv2_OpenAPIv2_proto_rawDescGZIP(), []int{21}
+}
+
+func (x *NamedHeader) GetName() string {
+	if x != nil {
+		return x.Name
+	}
+	return ""
+}
+
+func (x *NamedHeader) GetValue() *Header {
+	if x != nil {
+		return x.Value
+	}
+	return nil
+}
+
+// Automatically-generated message used to represent maps of Parameter as ordered (name,value) pairs.
+type NamedParameter struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// Map key
+	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
+	// Mapped value
+	Value *Parameter `protobuf:"bytes,2,opt,name=value,proto3" json:"value,omitempty"`
+}
+
+func (x *NamedParameter) Reset() {
+	*x = NamedParameter{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[22]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *NamedParameter) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*NamedParameter) ProtoMessage() {}
+
+func (x *NamedParameter) ProtoReflect() protoreflect.Message {
+	mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[22]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use NamedParameter.ProtoReflect.Descriptor instead.
+func (*NamedParameter) Descriptor() ([]byte, []int) {
+	return file_openapiv2_OpenAPIv2_proto_rawDescGZIP(), []int{22}
+}
+
+func (x *NamedParameter) GetName() string {
+	if x != nil {
+		return x.Name
+	}
+	return ""
+}
+
+func (x *NamedParameter) GetValue() *Parameter {
+	if x != nil {
+		return x.Value
+	}
+	return nil
+}
+
+// Automatically-generated message used to represent maps of PathItem as ordered (name,value) pairs.
+type NamedPathItem struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// Map key
+	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
+	// Mapped value
+	Value *PathItem `protobuf:"bytes,2,opt,name=value,proto3" json:"value,omitempty"`
+}
+
+func (x *NamedPathItem) Reset() {
+	*x = NamedPathItem{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[23]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *NamedPathItem) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*NamedPathItem) ProtoMessage() {}
+
+func (x *NamedPathItem) ProtoReflect() protoreflect.Message {
+	mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[23]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use NamedPathItem.ProtoReflect.Descriptor instead.
+func (*NamedPathItem) Descriptor() ([]byte, []int) {
+	return file_openapiv2_OpenAPIv2_proto_rawDescGZIP(), []int{23}
+}
+
+func (x *NamedPathItem) GetName() string {
+	if x != nil {
+		return x.Name
+	}
+	return ""
+}
+
+func (x *NamedPathItem) GetValue() *PathItem {
+	if x != nil {
+		return x.Value
+	}
+	return nil
+}
+
+// Automatically-generated message used to represent maps of Response as ordered (name,value) pairs.
+type NamedResponse struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// Map key
+	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
+	// Mapped value
+	Value *Response `protobuf:"bytes,2,opt,name=value,proto3" json:"value,omitempty"`
+}
+
+func (x *NamedResponse) Reset() {
+	*x = NamedResponse{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[24]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *NamedResponse) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*NamedResponse) ProtoMessage() {}
+
+func (x *NamedResponse) ProtoReflect() protoreflect.Message {
+	mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[24]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use NamedResponse.ProtoReflect.Descriptor instead.
+func (*NamedResponse) Descriptor() ([]byte, []int) {
+	return file_openapiv2_OpenAPIv2_proto_rawDescGZIP(), []int{24}
+}
+
+func (x *NamedResponse) GetName() string {
+	if x != nil {
+		return x.Name
+	}
+	return ""
+}
+
+func (x *NamedResponse) GetValue() *Response {
+	if x != nil {
+		return x.Value
+	}
+	return nil
+}
+
+// Automatically-generated message used to represent maps of ResponseValue as ordered (name,value) pairs.
+type NamedResponseValue struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// Map key
+	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
+	// Mapped value
+	Value *ResponseValue `protobuf:"bytes,2,opt,name=value,proto3" json:"value,omitempty"`
+}
+
+func (x *NamedResponseValue) Reset() {
+	*x = NamedResponseValue{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[25]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *NamedResponseValue) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*NamedResponseValue) ProtoMessage() {}
+
+func (x *NamedResponseValue) ProtoReflect() protoreflect.Message {
+	mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[25]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use NamedResponseValue.ProtoReflect.Descriptor instead.
+func (*NamedResponseValue) Descriptor() ([]byte, []int) {
+	return file_openapiv2_OpenAPIv2_proto_rawDescGZIP(), []int{25}
+}
+
+func (x *NamedResponseValue) GetName() string {
+	if x != nil {
+		return x.Name
+	}
+	return ""
+}
+
+func (x *NamedResponseValue) GetValue() *ResponseValue {
+	if x != nil {
+		return x.Value
+	}
+	return nil
+}
+
+// Automatically-generated message used to represent maps of Schema as ordered (name,value) pairs.
+type NamedSchema struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// Map key
+	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
+	// Mapped value
+	Value *Schema `protobuf:"bytes,2,opt,name=value,proto3" json:"value,omitempty"`
+}
+
+func (x *NamedSchema) Reset() {
+	*x = NamedSchema{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[26]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *NamedSchema) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*NamedSchema) ProtoMessage() {}
+
+func (x *NamedSchema) ProtoReflect() protoreflect.Message {
+	mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[26]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use NamedSchema.ProtoReflect.Descriptor instead.
+func (*NamedSchema) Descriptor() ([]byte, []int) {
+	return file_openapiv2_OpenAPIv2_proto_rawDescGZIP(), []int{26}
+}
+
+func (x *NamedSchema) GetName() string {
+	if x != nil {
+		return x.Name
+	}
+	return ""
+}
+
+func (x *NamedSchema) GetValue() *Schema {
+	if x != nil {
+		return x.Value
+	}
+	return nil
+}
+
+// Automatically-generated message used to represent maps of SecurityDefinitionsItem as ordered (name,value) pairs.
+type NamedSecurityDefinitionsItem struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// Map key
+	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
+	// Mapped value
+	Value *SecurityDefinitionsItem `protobuf:"bytes,2,opt,name=value,proto3" json:"value,omitempty"`
+}
+
+func (x *NamedSecurityDefinitionsItem) Reset() {
+	*x = NamedSecurityDefinitionsItem{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[27]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *NamedSecurityDefinitionsItem) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*NamedSecurityDefinitionsItem) ProtoMessage() {}
+
+func (x *NamedSecurityDefinitionsItem) ProtoReflect() protoreflect.Message {
+	mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[27]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use NamedSecurityDefinitionsItem.ProtoReflect.Descriptor instead.
+func (*NamedSecurityDefinitionsItem) Descriptor() ([]byte, []int) {
+	return file_openapiv2_OpenAPIv2_proto_rawDescGZIP(), []int{27}
+}
+
+func (x *NamedSecurityDefinitionsItem) GetName() string {
+	if x != nil {
+		return x.Name
+	}
+	return ""
+}
+
+func (x *NamedSecurityDefinitionsItem) GetValue() *SecurityDefinitionsItem {
+	if x != nil {
+		return x.Value
+	}
+	return nil
+}
+
+// Automatically-generated message used to represent maps of string as ordered (name,value) pairs.
+type NamedString struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// Map key
+	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
+	// Mapped value
+	Value string `protobuf:"bytes,2,opt,name=value,proto3" json:"value,omitempty"`
+}
+
+func (x *NamedString) Reset() {
+	*x = NamedString{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[28]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *NamedString) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*NamedString) ProtoMessage() {}
+
+func (x *NamedString) ProtoReflect() protoreflect.Message {
+	mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[28]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use NamedString.ProtoReflect.Descriptor instead.
+func (*NamedString) Descriptor() ([]byte, []int) {
+	return file_openapiv2_OpenAPIv2_proto_rawDescGZIP(), []int{28}
+}
+
+func (x *NamedString) GetName() string {
+	if x != nil {
+		return x.Name
+	}
+	return ""
+}
+
+func (x *NamedString) GetValue() string {
+	if x != nil {
+		return x.Value
+	}
+	return ""
+}
+
+// Automatically-generated message used to represent maps of StringArray as ordered (name,value) pairs.
+type NamedStringArray struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// Map key
+	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
+	// Mapped value
+	Value *StringArray `protobuf:"bytes,2,opt,name=value,proto3" json:"value,omitempty"`
+}
+
+func (x *NamedStringArray) Reset() {
+	*x = NamedStringArray{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[29]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *NamedStringArray) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*NamedStringArray) ProtoMessage() {}
+
+func (x *NamedStringArray) ProtoReflect() protoreflect.Message {
+	mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[29]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use NamedStringArray.ProtoReflect.Descriptor instead.
+func (*NamedStringArray) Descriptor() ([]byte, []int) {
+	return file_openapiv2_OpenAPIv2_proto_rawDescGZIP(), []int{29}
+}
+
+func (x *NamedStringArray) GetName() string {
+	if x != nil {
+		return x.Name
+	}
+	return ""
+}
+
+func (x *NamedStringArray) GetValue() *StringArray {
+	if x != nil {
+		return x.Value
+	}
+	return nil
+}
+
+type NonBodyParameter struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// Types that are assignable to Oneof:
+	//	*NonBodyParameter_HeaderParameterSubSchema
+	//	*NonBodyParameter_FormDataParameterSubSchema
+	//	*NonBodyParameter_QueryParameterSubSchema
+	//	*NonBodyParameter_PathParameterSubSchema
+	Oneof isNonBodyParameter_Oneof `protobuf_oneof:"oneof"`
+}
+
+func (x *NonBodyParameter) Reset() {
+	*x = NonBodyParameter{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[30]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *NonBodyParameter) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*NonBodyParameter) ProtoMessage() {}
+
+func (x *NonBodyParameter) ProtoReflect() protoreflect.Message {
+	mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[30]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use NonBodyParameter.ProtoReflect.Descriptor instead.
+func (*NonBodyParameter) Descriptor() ([]byte, []int) {
+	return file_openapiv2_OpenAPIv2_proto_rawDescGZIP(), []int{30}
+}
+
+func (m *NonBodyParameter) GetOneof() isNonBodyParameter_Oneof {
+	if m != nil {
+		return m.Oneof
+	}
+	return nil
+}
+
+func (x *NonBodyParameter) GetHeaderParameterSubSchema() *HeaderParameterSubSchema {
+	if x, ok := x.GetOneof().(*NonBodyParameter_HeaderParameterSubSchema); ok {
+		return x.HeaderParameterSubSchema
+	}
+	return nil
+}
+
+func (x *NonBodyParameter) GetFormDataParameterSubSchema() *FormDataParameterSubSchema {
+	if x, ok := x.GetOneof().(*NonBodyParameter_FormDataParameterSubSchema); ok {
+		return x.FormDataParameterSubSchema
+	}
+	return nil
+}
+
+func (x *NonBodyParameter) GetQueryParameterSubSchema() *QueryParameterSubSchema {
+	if x, ok := x.GetOneof().(*NonBodyParameter_QueryParameterSubSchema); ok {
+		return x.QueryParameterSubSchema
+	}
+	return nil
+}
+
+func (x *NonBodyParameter) GetPathParameterSubSchema() *PathParameterSubSchema {
+	if x, ok := x.GetOneof().(*NonBodyParameter_PathParameterSubSchema); ok {
+		return x.PathParameterSubSchema
+	}
+	return nil
+}
+
+type isNonBodyParameter_Oneof interface {
+	isNonBodyParameter_Oneof()
+}
+
+type NonBodyParameter_HeaderParameterSubSchema struct {
+	HeaderParameterSubSchema *HeaderParameterSubSchema `protobuf:"bytes,1,opt,name=header_parameter_sub_schema,json=headerParameterSubSchema,proto3,oneof"`
+}
+
+type NonBodyParameter_FormDataParameterSubSchema struct {
+	FormDataParameterSubSchema *FormDataParameterSubSchema `protobuf:"bytes,2,opt,name=form_data_parameter_sub_schema,json=formDataParameterSubSchema,proto3,oneof"`
+}
+
+type NonBodyParameter_QueryParameterSubSchema struct {
+	QueryParameterSubSchema *QueryParameterSubSchema `protobuf:"bytes,3,opt,name=query_parameter_sub_schema,json=queryParameterSubSchema,proto3,oneof"`
+}
+
+type NonBodyParameter_PathParameterSubSchema struct {
+	PathParameterSubSchema *PathParameterSubSchema `protobuf:"bytes,4,opt,name=path_parameter_sub_schema,json=pathParameterSubSchema,proto3,oneof"`
+}
+
+func (*NonBodyParameter_HeaderParameterSubSchema) isNonBodyParameter_Oneof() {}
+
+func (*NonBodyParameter_FormDataParameterSubSchema) isNonBodyParameter_Oneof() {}
+
+func (*NonBodyParameter_QueryParameterSubSchema) isNonBodyParameter_Oneof() {}
+
+func (*NonBodyParameter_PathParameterSubSchema) isNonBodyParameter_Oneof() {}
+
+type Oauth2AccessCodeSecurity struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	Type             string        `protobuf:"bytes,1,opt,name=type,proto3" json:"type,omitempty"`
+	Flow             string        `protobuf:"bytes,2,opt,name=flow,proto3" json:"flow,omitempty"`
+	Scopes           *Oauth2Scopes `protobuf:"bytes,3,opt,name=scopes,proto3" json:"scopes,omitempty"`
+	AuthorizationUrl string        `protobuf:"bytes,4,opt,name=authorization_url,json=authorizationUrl,proto3" json:"authorization_url,omitempty"`
+	TokenUrl         string        `protobuf:"bytes,5,opt,name=token_url,json=tokenUrl,proto3" json:"token_url,omitempty"`
+	Description      string        `protobuf:"bytes,6,opt,name=description,proto3" json:"description,omitempty"`
+	VendorExtension  []*NamedAny   `protobuf:"bytes,7,rep,name=vendor_extension,json=vendorExtension,proto3" json:"vendor_extension,omitempty"`
+}
+
+func (x *Oauth2AccessCodeSecurity) Reset() {
+	*x = Oauth2AccessCodeSecurity{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[31]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *Oauth2AccessCodeSecurity) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*Oauth2AccessCodeSecurity) ProtoMessage() {}
+
+func (x *Oauth2AccessCodeSecurity) ProtoReflect() protoreflect.Message {
+	mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[31]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use Oauth2AccessCodeSecurity.ProtoReflect.Descriptor instead.
+func (*Oauth2AccessCodeSecurity) Descriptor() ([]byte, []int) {
+	return file_openapiv2_OpenAPIv2_proto_rawDescGZIP(), []int{31}
+}
+
+func (x *Oauth2AccessCodeSecurity) GetType() string {
+	if x != nil {
+		return x.Type
+	}
+	return ""
+}
+
+func (x *Oauth2AccessCodeSecurity) GetFlow() string {
+	if x != nil {
+		return x.Flow
+	}
+	return ""
+}
+
+func (x *Oauth2AccessCodeSecurity) GetScopes() *Oauth2Scopes {
+	if x != nil {
+		return x.Scopes
+	}
+	return nil
+}
+
+func (x *Oauth2AccessCodeSecurity) GetAuthorizationUrl() string {
+	if x != nil {
+		return x.AuthorizationUrl
+	}
+	return ""
+}
+
+func (x *Oauth2AccessCodeSecurity) GetTokenUrl() string {
+	if x != nil {
+		return x.TokenUrl
+	}
+	return ""
+}
+
+func (x *Oauth2AccessCodeSecurity) GetDescription() string {
+	if x != nil {
+		return x.Description
+	}
+	return ""
+}
+
+func (x *Oauth2AccessCodeSecurity) GetVendorExtension() []*NamedAny {
+	if x != nil {
+		return x.VendorExtension
+	}
+	return nil
+}
+
+type Oauth2ApplicationSecurity struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	Type            string        `protobuf:"bytes,1,opt,name=type,proto3" json:"type,omitempty"`
+	Flow            string        `protobuf:"bytes,2,opt,name=flow,proto3" json:"flow,omitempty"`
+	Scopes          *Oauth2Scopes `protobuf:"bytes,3,opt,name=scopes,proto3" json:"scopes,omitempty"`
+	TokenUrl        string        `protobuf:"bytes,4,opt,name=token_url,json=tokenUrl,proto3" json:"token_url,omitempty"`
+	Description     string        `protobuf:"bytes,5,opt,name=description,proto3" json:"description,omitempty"`
+	VendorExtension []*NamedAny   `protobuf:"bytes,6,rep,name=vendor_extension,json=vendorExtension,proto3" json:"vendor_extension,omitempty"`
+}
+
+func (x *Oauth2ApplicationSecurity) Reset() {
+	*x = Oauth2ApplicationSecurity{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[32]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *Oauth2ApplicationSecurity) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*Oauth2ApplicationSecurity) ProtoMessage() {}
+
+func (x *Oauth2ApplicationSecurity) ProtoReflect() protoreflect.Message {
+	mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[32]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use Oauth2ApplicationSecurity.ProtoReflect.Descriptor instead.
+func (*Oauth2ApplicationSecurity) Descriptor() ([]byte, []int) {
+	return file_openapiv2_OpenAPIv2_proto_rawDescGZIP(), []int{32}
+}
+
+func (x *Oauth2ApplicationSecurity) GetType() string {
+	if x != nil {
+		return x.Type
+	}
+	return ""
+}
+
+func (x *Oauth2ApplicationSecurity) GetFlow() string {
+	if x != nil {
+		return x.Flow
+	}
+	return ""
+}
+
+func (x *Oauth2ApplicationSecurity) GetScopes() *Oauth2Scopes {
+	if x != nil {
+		return x.Scopes
+	}
+	return nil
+}
+
+func (x *Oauth2ApplicationSecurity) GetTokenUrl() string {
+	if x != nil {
+		return x.TokenUrl
+	}
+	return ""
+}
+
+func (x *Oauth2ApplicationSecurity) GetDescription() string {
+	if x != nil {
+		return x.Description
+	}
+	return ""
+}
+
+func (x *Oauth2ApplicationSecurity) GetVendorExtension() []*NamedAny {
+	if x != nil {
+		return x.VendorExtension
+	}
+	return nil
+}
+
+type Oauth2ImplicitSecurity struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	Type             string        `protobuf:"bytes,1,opt,name=type,proto3" json:"type,omitempty"`
+	Flow             string        `protobuf:"bytes,2,opt,name=flow,proto3" json:"flow,omitempty"`
+	Scopes           *Oauth2Scopes `protobuf:"bytes,3,opt,name=scopes,proto3" json:"scopes,omitempty"`
+	AuthorizationUrl string        `protobuf:"bytes,4,opt,name=authorization_url,json=authorizationUrl,proto3" json:"authorization_url,omitempty"`
+	Description      string        `protobuf:"bytes,5,opt,name=description,proto3" json:"description,omitempty"`
+	VendorExtension  []*NamedAny   `protobuf:"bytes,6,rep,name=vendor_extension,json=vendorExtension,proto3" json:"vendor_extension,omitempty"`
+}
+
+func (x *Oauth2ImplicitSecurity) Reset() {
+	*x = Oauth2ImplicitSecurity{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[33]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *Oauth2ImplicitSecurity) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*Oauth2ImplicitSecurity) ProtoMessage() {}
+
+func (x *Oauth2ImplicitSecurity) ProtoReflect() protoreflect.Message {
+	mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[33]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use Oauth2ImplicitSecurity.ProtoReflect.Descriptor instead.
+func (*Oauth2ImplicitSecurity) Descriptor() ([]byte, []int) {
+	return file_openapiv2_OpenAPIv2_proto_rawDescGZIP(), []int{33}
+}
+
+func (x *Oauth2ImplicitSecurity) GetType() string {
+	if x != nil {
+		return x.Type
+	}
+	return ""
+}
+
+func (x *Oauth2ImplicitSecurity) GetFlow() string {
+	if x != nil {
+		return x.Flow
+	}
+	return ""
+}
+
+func (x *Oauth2ImplicitSecurity) GetScopes() *Oauth2Scopes {
+	if x != nil {
+		return x.Scopes
+	}
+	return nil
+}
+
+func (x *Oauth2ImplicitSecurity) GetAuthorizationUrl() string {
+	if x != nil {
+		return x.AuthorizationUrl
+	}
+	return ""
+}
+
+func (x *Oauth2ImplicitSecurity) GetDescription() string {
+	if x != nil {
+		return x.Description
+	}
+	return ""
+}
+
+func (x *Oauth2ImplicitSecurity) GetVendorExtension() []*NamedAny {
+	if x != nil {
+		return x.VendorExtension
+	}
+	return nil
+}
+
+type Oauth2PasswordSecurity struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	Type            string        `protobuf:"bytes,1,opt,name=type,proto3" json:"type,omitempty"`
+	Flow            string        `protobuf:"bytes,2,opt,name=flow,proto3" json:"flow,omitempty"`
+	Scopes          *Oauth2Scopes `protobuf:"bytes,3,opt,name=scopes,proto3" json:"scopes,omitempty"`
+	TokenUrl        string        `protobuf:"bytes,4,opt,name=token_url,json=tokenUrl,proto3" json:"token_url,omitempty"`
+	Description     string        `protobuf:"bytes,5,opt,name=description,proto3" json:"description,omitempty"`
+	VendorExtension []*NamedAny   `protobuf:"bytes,6,rep,name=vendor_extension,json=vendorExtension,proto3" json:"vendor_extension,omitempty"`
+}
+
+func (x *Oauth2PasswordSecurity) Reset() {
+	*x = Oauth2PasswordSecurity{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[34]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *Oauth2PasswordSecurity) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*Oauth2PasswordSecurity) ProtoMessage() {}
+
+func (x *Oauth2PasswordSecurity) ProtoReflect() protoreflect.Message {
+	mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[34]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use Oauth2PasswordSecurity.ProtoReflect.Descriptor instead.
+func (*Oauth2PasswordSecurity) Descriptor() ([]byte, []int) {
+	return file_openapiv2_OpenAPIv2_proto_rawDescGZIP(), []int{34}
+}
+
+func (x *Oauth2PasswordSecurity) GetType() string {
+	if x != nil {
+		return x.Type
+	}
+	return ""
+}
+
+func (x *Oauth2PasswordSecurity) GetFlow() string {
+	if x != nil {
+		return x.Flow
+	}
+	return ""
+}
+
+func (x *Oauth2PasswordSecurity) GetScopes() *Oauth2Scopes {
+	if x != nil {
+		return x.Scopes
+	}
+	return nil
+}
+
+func (x *Oauth2PasswordSecurity) GetTokenUrl() string {
+	if x != nil {
+		return x.TokenUrl
+	}
+	return ""
+}
+
+func (x *Oauth2PasswordSecurity) GetDescription() string {
+	if x != nil {
+		return x.Description
+	}
+	return ""
+}
+
+func (x *Oauth2PasswordSecurity) GetVendorExtension() []*NamedAny {
+	if x != nil {
+		return x.VendorExtension
+	}
+	return nil
+}
+
+type Oauth2Scopes struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	AdditionalProperties []*NamedString `protobuf:"bytes,1,rep,name=additional_properties,json=additionalProperties,proto3" json:"additional_properties,omitempty"`
+}
+
+func (x *Oauth2Scopes) Reset() {
+	*x = Oauth2Scopes{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[35]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *Oauth2Scopes) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*Oauth2Scopes) ProtoMessage() {}
+
+func (x *Oauth2Scopes) ProtoReflect() protoreflect.Message {
+	mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[35]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use Oauth2Scopes.ProtoReflect.Descriptor instead.
+func (*Oauth2Scopes) Descriptor() ([]byte, []int) {
+	return file_openapiv2_OpenAPIv2_proto_rawDescGZIP(), []int{35}
+}
+
+func (x *Oauth2Scopes) GetAdditionalProperties() []*NamedString {
+	if x != nil {
+		return x.AdditionalProperties
+	}
+	return nil
+}
+
+type Operation struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	Tags []string `protobuf:"bytes,1,rep,name=tags,proto3" json:"tags,omitempty"`
+	// A brief summary of the operation.
+	Summary string `protobuf:"bytes,2,opt,name=summary,proto3" json:"summary,omitempty"`
+	// A longer description of the operation, GitHub Flavored Markdown is allowed.
+	Description  string        `protobuf:"bytes,3,opt,name=description,proto3" json:"description,omitempty"`
+	ExternalDocs *ExternalDocs `protobuf:"bytes,4,opt,name=external_docs,json=externalDocs,proto3" json:"external_docs,omitempty"`
+	// A unique identifier of the operation.
+	OperationId string `protobuf:"bytes,5,opt,name=operation_id,json=operationId,proto3" json:"operation_id,omitempty"`
+	// A list of MIME types the API can produce.
+	Produces []string `protobuf:"bytes,6,rep,name=produces,proto3" json:"produces,omitempty"`
+	// A list of MIME types the API can consume.
+	Consumes []string `protobuf:"bytes,7,rep,name=consumes,proto3" json:"consumes,omitempty"`
+	// The parameters needed to send a valid API call.
+	Parameters []*ParametersItem `protobuf:"bytes,8,rep,name=parameters,proto3" json:"parameters,omitempty"`
+	Responses  *Responses        `protobuf:"bytes,9,opt,name=responses,proto3" json:"responses,omitempty"`
+	// The transfer protocol of the API.
+	Schemes         []string               `protobuf:"bytes,10,rep,name=schemes,proto3" json:"schemes,omitempty"`
+	Deprecated      bool                   `protobuf:"varint,11,opt,name=deprecated,proto3" json:"deprecated,omitempty"`
+	Security        []*SecurityRequirement `protobuf:"bytes,12,rep,name=security,proto3" json:"security,omitempty"`
+	VendorExtension []*NamedAny            `protobuf:"bytes,13,rep,name=vendor_extension,json=vendorExtension,proto3" json:"vendor_extension,omitempty"`
+}
+
+func (x *Operation) Reset() {
+	*x = Operation{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[36]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *Operation) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*Operation) ProtoMessage() {}
+
+func (x *Operation) ProtoReflect() protoreflect.Message {
+	mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[36]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use Operation.ProtoReflect.Descriptor instead.
+func (*Operation) Descriptor() ([]byte, []int) {
+	return file_openapiv2_OpenAPIv2_proto_rawDescGZIP(), []int{36}
+}
+
+func (x *Operation) GetTags() []string {
+	if x != nil {
+		return x.Tags
+	}
+	return nil
+}
+
+func (x *Operation) GetSummary() string {
+	if x != nil {
+		return x.Summary
+	}
+	return ""
+}
+
+func (x *Operation) GetDescription() string {
+	if x != nil {
+		return x.Description
+	}
+	return ""
+}
+
+func (x *Operation) GetExternalDocs() *ExternalDocs {
+	if x != nil {
+		return x.ExternalDocs
+	}
+	return nil
+}
+
+func (x *Operation) GetOperationId() string {
+	if x != nil {
+		return x.OperationId
+	}
+	return ""
+}
+
+func (x *Operation) GetProduces() []string {
+	if x != nil {
+		return x.Produces
+	}
+	return nil
+}
+
+func (x *Operation) GetConsumes() []string {
+	if x != nil {
+		return x.Consumes
+	}
+	return nil
+}
+
+func (x *Operation) GetParameters() []*ParametersItem {
+	if x != nil {
+		return x.Parameters
+	}
+	return nil
+}
+
+func (x *Operation) GetResponses() *Responses {
+	if x != nil {
+		return x.Responses
+	}
+	return nil
+}
+
+func (x *Operation) GetSchemes() []string {
+	if x != nil {
+		return x.Schemes
+	}
+	return nil
+}
+
+func (x *Operation) GetDeprecated() bool {
+	if x != nil {
+		return x.Deprecated
+	}
+	return false
+}
+
+func (x *Operation) GetSecurity() []*SecurityRequirement {
+	if x != nil {
+		return x.Security
+	}
+	return nil
+}
+
+func (x *Operation) GetVendorExtension() []*NamedAny {
+	if x != nil {
+		return x.VendorExtension
+	}
+	return nil
+}
+
+type Parameter struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// Types that are assignable to Oneof:
+	//	*Parameter_BodyParameter
+	//	*Parameter_NonBodyParameter
+	Oneof isParameter_Oneof `protobuf_oneof:"oneof"`
+}
+
+func (x *Parameter) Reset() {
+	*x = Parameter{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[37]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *Parameter) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*Parameter) ProtoMessage() {}
+
+func (x *Parameter) ProtoReflect() protoreflect.Message {
+	mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[37]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use Parameter.ProtoReflect.Descriptor instead.
+func (*Parameter) Descriptor() ([]byte, []int) {
+	return file_openapiv2_OpenAPIv2_proto_rawDescGZIP(), []int{37}
+}
+
+func (m *Parameter) GetOneof() isParameter_Oneof {
+	if m != nil {
+		return m.Oneof
+	}
+	return nil
+}
+
+func (x *Parameter) GetBodyParameter() *BodyParameter {
+	if x, ok := x.GetOneof().(*Parameter_BodyParameter); ok {
+		return x.BodyParameter
+	}
+	return nil
+}
+
+func (x *Parameter) GetNonBodyParameter() *NonBodyParameter {
+	if x, ok := x.GetOneof().(*Parameter_NonBodyParameter); ok {
+		return x.NonBodyParameter
+	}
+	return nil
+}
+
+type isParameter_Oneof interface {
+	isParameter_Oneof()
+}
+
+type Parameter_BodyParameter struct {
+	BodyParameter *BodyParameter `protobuf:"bytes,1,opt,name=body_parameter,json=bodyParameter,proto3,oneof"`
+}
+
+type Parameter_NonBodyParameter struct {
+	NonBodyParameter *NonBodyParameter `protobuf:"bytes,2,opt,name=non_body_parameter,json=nonBodyParameter,proto3,oneof"`
+}
+
+func (*Parameter_BodyParameter) isParameter_Oneof() {}
+
+func (*Parameter_NonBodyParameter) isParameter_Oneof() {}
+
+// One or more JSON representations for parameters
+type ParameterDefinitions struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	AdditionalProperties []*NamedParameter `protobuf:"bytes,1,rep,name=additional_properties,json=additionalProperties,proto3" json:"additional_properties,omitempty"`
+}
+
+func (x *ParameterDefinitions) Reset() {
+	*x = ParameterDefinitions{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[38]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *ParameterDefinitions) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ParameterDefinitions) ProtoMessage() {}
+
+func (x *ParameterDefinitions) ProtoReflect() protoreflect.Message {
+	mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[38]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ParameterDefinitions.ProtoReflect.Descriptor instead.
+func (*ParameterDefinitions) Descriptor() ([]byte, []int) {
+	return file_openapiv2_OpenAPIv2_proto_rawDescGZIP(), []int{38}
+}
+
+func (x *ParameterDefinitions) GetAdditionalProperties() []*NamedParameter {
+	if x != nil {
+		return x.AdditionalProperties
+	}
+	return nil
+}
+
+type ParametersItem struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// Types that are assignable to Oneof:
+	//	*ParametersItem_Parameter
+	//	*ParametersItem_JsonReference
+	Oneof isParametersItem_Oneof `protobuf_oneof:"oneof"`
+}
+
+func (x *ParametersItem) Reset() {
+	*x = ParametersItem{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[39]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *ParametersItem) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ParametersItem) ProtoMessage() {}
+
+func (x *ParametersItem) ProtoReflect() protoreflect.Message {
+	mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[39]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ParametersItem.ProtoReflect.Descriptor instead.
+func (*ParametersItem) Descriptor() ([]byte, []int) {
+	return file_openapiv2_OpenAPIv2_proto_rawDescGZIP(), []int{39}
+}
+
+func (m *ParametersItem) GetOneof() isParametersItem_Oneof {
+	if m != nil {
+		return m.Oneof
+	}
+	return nil
+}
+
+func (x *ParametersItem) GetParameter() *Parameter {
+	if x, ok := x.GetOneof().(*ParametersItem_Parameter); ok {
+		return x.Parameter
+	}
+	return nil
+}
+
+func (x *ParametersItem) GetJsonReference() *JsonReference {
+	if x, ok := x.GetOneof().(*ParametersItem_JsonReference); ok {
+		return x.JsonReference
+	}
+	return nil
+}
+
+type isParametersItem_Oneof interface {
+	isParametersItem_Oneof()
+}
+
+type ParametersItem_Parameter struct {
+	Parameter *Parameter `protobuf:"bytes,1,opt,name=parameter,proto3,oneof"`
+}
+
+type ParametersItem_JsonReference struct {
+	JsonReference *JsonReference `protobuf:"bytes,2,opt,name=json_reference,json=jsonReference,proto3,oneof"`
+}
+
+func (*ParametersItem_Parameter) isParametersItem_Oneof() {}
+
+func (*ParametersItem_JsonReference) isParametersItem_Oneof() {}
+
+type PathItem struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	XRef    string     `protobuf:"bytes,1,opt,name=_ref,json=Ref,proto3" json:"_ref,omitempty"`
+	Get     *Operation `protobuf:"bytes,2,opt,name=get,proto3" json:"get,omitempty"`
+	Put     *Operation `protobuf:"bytes,3,opt,name=put,proto3" json:"put,omitempty"`
+	Post    *Operation `protobuf:"bytes,4,opt,name=post,proto3" json:"post,omitempty"`
+	Delete  *Operation `protobuf:"bytes,5,opt,name=delete,proto3" json:"delete,omitempty"`
+	Options *Operation `protobuf:"bytes,6,opt,name=options,proto3" json:"options,omitempty"`
+	Head    *Operation `protobuf:"bytes,7,opt,name=head,proto3" json:"head,omitempty"`
+	Patch   *Operation `protobuf:"bytes,8,opt,name=patch,proto3" json:"patch,omitempty"`
+	// The parameters needed to send a valid API call.
+	Parameters      []*ParametersItem `protobuf:"bytes,9,rep,name=parameters,proto3" json:"parameters,omitempty"`
+	VendorExtension []*NamedAny       `protobuf:"bytes,10,rep,name=vendor_extension,json=vendorExtension,proto3" json:"vendor_extension,omitempty"`
+}
+
+func (x *PathItem) Reset() {
+	*x = PathItem{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[40]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *PathItem) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*PathItem) ProtoMessage() {}
+
+func (x *PathItem) ProtoReflect() protoreflect.Message {
+	mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[40]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use PathItem.ProtoReflect.Descriptor instead.
+func (*PathItem) Descriptor() ([]byte, []int) {
+	return file_openapiv2_OpenAPIv2_proto_rawDescGZIP(), []int{40}
+}
+
+func (x *PathItem) GetXRef() string {
+	if x != nil {
+		return x.XRef
+	}
+	return ""
+}
+
+func (x *PathItem) GetGet() *Operation {
+	if x != nil {
+		return x.Get
+	}
+	return nil
+}
+
+func (x *PathItem) GetPut() *Operation {
+	if x != nil {
+		return x.Put
+	}
+	return nil
+}
+
+func (x *PathItem) GetPost() *Operation {
+	if x != nil {
+		return x.Post
+	}
+	return nil
+}
+
+func (x *PathItem) GetDelete() *Operation {
+	if x != nil {
+		return x.Delete
+	}
+	return nil
+}
+
+func (x *PathItem) GetOptions() *Operation {
+	if x != nil {
+		return x.Options
+	}
+	return nil
+}
+
+func (x *PathItem) GetHead() *Operation {
+	if x != nil {
+		return x.Head
+	}
+	return nil
+}
+
+func (x *PathItem) GetPatch() *Operation {
+	if x != nil {
+		return x.Patch
+	}
+	return nil
+}
+
+func (x *PathItem) GetParameters() []*ParametersItem {
+	if x != nil {
+		return x.Parameters
+	}
+	return nil
+}
+
+func (x *PathItem) GetVendorExtension() []*NamedAny {
+	if x != nil {
+		return x.VendorExtension
+	}
+	return nil
+}
+
+type PathParameterSubSchema struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// Determines whether or not this parameter is required or optional.
+	Required bool `protobuf:"varint,1,opt,name=required,proto3" json:"required,omitempty"`
+	// Determines the location of the parameter.
+	In string `protobuf:"bytes,2,opt,name=in,proto3" json:"in,omitempty"`
+	// A brief description of the parameter. This could contain examples of use.  GitHub Flavored Markdown is allowed.
+	Description string `protobuf:"bytes,3,opt,name=description,proto3" json:"description,omitempty"`
+	// The name of the parameter.
+	Name             string           `protobuf:"bytes,4,opt,name=name,proto3" json:"name,omitempty"`
+	Type             string           `protobuf:"bytes,5,opt,name=type,proto3" json:"type,omitempty"`
+	Format           string           `protobuf:"bytes,6,opt,name=format,proto3" json:"format,omitempty"`
+	Items            *PrimitivesItems `protobuf:"bytes,7,opt,name=items,proto3" json:"items,omitempty"`
+	CollectionFormat string           `protobuf:"bytes,8,opt,name=collection_format,json=collectionFormat,proto3" json:"collection_format,omitempty"`
+	Default          *Any             `protobuf:"bytes,9,opt,name=default,proto3" json:"default,omitempty"`
+	Maximum          float64          `protobuf:"fixed64,10,opt,name=maximum,proto3" json:"maximum,omitempty"`
+	ExclusiveMaximum bool             `protobuf:"varint,11,opt,name=exclusive_maximum,json=exclusiveMaximum,proto3" json:"exclusive_maximum,omitempty"`
+	Minimum          float64          `protobuf:"fixed64,12,opt,name=minimum,proto3" json:"minimum,omitempty"`
+	ExclusiveMinimum bool             `protobuf:"varint,13,opt,name=exclusive_minimum,json=exclusiveMinimum,proto3" json:"exclusive_minimum,omitempty"`
+	MaxLength        int64            `protobuf:"varint,14,opt,name=max_length,json=maxLength,proto3" json:"max_length,omitempty"`
+	MinLength        int64            `protobuf:"varint,15,opt,name=min_length,json=minLength,proto3" json:"min_length,omitempty"`
+	Pattern          string           `protobuf:"bytes,16,opt,name=pattern,proto3" json:"pattern,omitempty"`
+	MaxItems         int64            `protobuf:"varint,17,opt,name=max_items,json=maxItems,proto3" json:"max_items,omitempty"`
+	MinItems         int64            `protobuf:"varint,18,opt,name=min_items,json=minItems,proto3" json:"min_items,omitempty"`
+	UniqueItems      bool             `protobuf:"varint,19,opt,name=unique_items,json=uniqueItems,proto3" json:"unique_items,omitempty"`
+	Enum             []*Any           `protobuf:"bytes,20,rep,name=enum,proto3" json:"enum,omitempty"`
+	MultipleOf       float64          `protobuf:"fixed64,21,opt,name=multiple_of,json=multipleOf,proto3" json:"multiple_of,omitempty"`
+	VendorExtension  []*NamedAny      `protobuf:"bytes,22,rep,name=vendor_extension,json=vendorExtension,proto3" json:"vendor_extension,omitempty"`
+}
+
+func (x *PathParameterSubSchema) Reset() {
+	*x = PathParameterSubSchema{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[41]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *PathParameterSubSchema) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*PathParameterSubSchema) ProtoMessage() {}
+
+func (x *PathParameterSubSchema) ProtoReflect() protoreflect.Message {
+	mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[41]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use PathParameterSubSchema.ProtoReflect.Descriptor instead.
+func (*PathParameterSubSchema) Descriptor() ([]byte, []int) {
+	return file_openapiv2_OpenAPIv2_proto_rawDescGZIP(), []int{41}
+}
+
+func (x *PathParameterSubSchema) GetRequired() bool {
+	if x != nil {
+		return x.Required
+	}
+	return false
+}
+
+func (x *PathParameterSubSchema) GetIn() string {
+	if x != nil {
+		return x.In
+	}
+	return ""
+}
+
+func (x *PathParameterSubSchema) GetDescription() string {
+	if x != nil {
+		return x.Description
+	}
+	return ""
+}
+
+func (x *PathParameterSubSchema) GetName() string {
+	if x != nil {
+		return x.Name
+	}
+	return ""
+}
+
+func (x *PathParameterSubSchema) GetType() string {
+	if x != nil {
+		return x.Type
+	}
+	return ""
+}
+
+func (x *PathParameterSubSchema) GetFormat() string {
+	if x != nil {
+		return x.Format
+	}
+	return ""
+}
+
+func (x *PathParameterSubSchema) GetItems() *PrimitivesItems {
+	if x != nil {
+		return x.Items
+	}
+	return nil
+}
+
+func (x *PathParameterSubSchema) GetCollectionFormat() string {
+	if x != nil {
+		return x.CollectionFormat
+	}
+	return ""
+}
+
+func (x *PathParameterSubSchema) GetDefault() *Any {
+	if x != nil {
+		return x.Default
+	}
+	return nil
+}
+
+func (x *PathParameterSubSchema) GetMaximum() float64 {
+	if x != nil {
+		return x.Maximum
+	}
+	return 0
+}
+
+func (x *PathParameterSubSchema) GetExclusiveMaximum() bool {
+	if x != nil {
+		return x.ExclusiveMaximum
+	}
+	return false
+}
+
+func (x *PathParameterSubSchema) GetMinimum() float64 {
+	if x != nil {
+		return x.Minimum
+	}
+	return 0
+}
+
+func (x *PathParameterSubSchema) GetExclusiveMinimum() bool {
+	if x != nil {
+		return x.ExclusiveMinimum
+	}
+	return false
+}
+
+func (x *PathParameterSubSchema) GetMaxLength() int64 {
+	if x != nil {
+		return x.MaxLength
+	}
+	return 0
+}
+
+func (x *PathParameterSubSchema) GetMinLength() int64 {
+	if x != nil {
+		return x.MinLength
+	}
+	return 0
+}
+
+func (x *PathParameterSubSchema) GetPattern() string {
+	if x != nil {
+		return x.Pattern
+	}
+	return ""
+}
+
+func (x *PathParameterSubSchema) GetMaxItems() int64 {
+	if x != nil {
+		return x.MaxItems
+	}
+	return 0
+}
+
+func (x *PathParameterSubSchema) GetMinItems() int64 {
+	if x != nil {
+		return x.MinItems
+	}
+	return 0
+}
+
+func (x *PathParameterSubSchema) GetUniqueItems() bool {
+	if x != nil {
+		return x.UniqueItems
+	}
+	return false
+}
+
+func (x *PathParameterSubSchema) GetEnum() []*Any {
+	if x != nil {
+		return x.Enum
+	}
+	return nil
+}
+
+func (x *PathParameterSubSchema) GetMultipleOf() float64 {
+	if x != nil {
+		return x.MultipleOf
+	}
+	return 0
+}
+
+func (x *PathParameterSubSchema) GetVendorExtension() []*NamedAny {
+	if x != nil {
+		return x.VendorExtension
+	}
+	return nil
+}
+
+// Relative paths to the individual endpoints. They must be relative to the 'basePath'.
+type Paths struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	VendorExtension []*NamedAny      `protobuf:"bytes,1,rep,name=vendor_extension,json=vendorExtension,proto3" json:"vendor_extension,omitempty"`
+	Path            []*NamedPathItem `protobuf:"bytes,2,rep,name=path,proto3" json:"path,omitempty"`
+}
+
+func (x *Paths) Reset() {
+	*x = Paths{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[42]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *Paths) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*Paths) ProtoMessage() {}
+
+func (x *Paths) ProtoReflect() protoreflect.Message {
+	mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[42]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use Paths.ProtoReflect.Descriptor instead.
+func (*Paths) Descriptor() ([]byte, []int) {
+	return file_openapiv2_OpenAPIv2_proto_rawDescGZIP(), []int{42}
+}
+
+func (x *Paths) GetVendorExtension() []*NamedAny {
+	if x != nil {
+		return x.VendorExtension
+	}
+	return nil
+}
+
+func (x *Paths) GetPath() []*NamedPathItem {
+	if x != nil {
+		return x.Path
+	}
+	return nil
+}
+
+type PrimitivesItems struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	Type             string           `protobuf:"bytes,1,opt,name=type,proto3" json:"type,omitempty"`
+	Format           string           `protobuf:"bytes,2,opt,name=format,proto3" json:"format,omitempty"`
+	Items            *PrimitivesItems `protobuf:"bytes,3,opt,name=items,proto3" json:"items,omitempty"`
+	CollectionFormat string           `protobuf:"bytes,4,opt,name=collection_format,json=collectionFormat,proto3" json:"collection_format,omitempty"`
+	Default          *Any             `protobuf:"bytes,5,opt,name=default,proto3" json:"default,omitempty"`
+	Maximum          float64          `protobuf:"fixed64,6,opt,name=maximum,proto3" json:"maximum,omitempty"`
+	ExclusiveMaximum bool             `protobuf:"varint,7,opt,name=exclusive_maximum,json=exclusiveMaximum,proto3" json:"exclusive_maximum,omitempty"`
+	Minimum          float64          `protobuf:"fixed64,8,opt,name=minimum,proto3" json:"minimum,omitempty"`
+	ExclusiveMinimum bool             `protobuf:"varint,9,opt,name=exclusive_minimum,json=exclusiveMinimum,proto3" json:"exclusive_minimum,omitempty"`
+	MaxLength        int64            `protobuf:"varint,10,opt,name=max_length,json=maxLength,proto3" json:"max_length,omitempty"`
+	MinLength        int64            `protobuf:"varint,11,opt,name=min_length,json=minLength,proto3" json:"min_length,omitempty"`
+	Pattern          string           `protobuf:"bytes,12,opt,name=pattern,proto3" json:"pattern,omitempty"`
+	MaxItems         int64            `protobuf:"varint,13,opt,name=max_items,json=maxItems,proto3" json:"max_items,omitempty"`
+	MinItems         int64            `protobuf:"varint,14,opt,name=min_items,json=minItems,proto3" json:"min_items,omitempty"`
+	UniqueItems      bool             `protobuf:"varint,15,opt,name=unique_items,json=uniqueItems,proto3" json:"unique_items,omitempty"`
+	Enum             []*Any           `protobuf:"bytes,16,rep,name=enum,proto3" json:"enum,omitempty"`
+	MultipleOf       float64          `protobuf:"fixed64,17,opt,name=multiple_of,json=multipleOf,proto3" json:"multiple_of,omitempty"`
+	VendorExtension  []*NamedAny      `protobuf:"bytes,18,rep,name=vendor_extension,json=vendorExtension,proto3" json:"vendor_extension,omitempty"`
+}
+
+func (x *PrimitivesItems) Reset() {
+	*x = PrimitivesItems{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[43]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *PrimitivesItems) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*PrimitivesItems) ProtoMessage() {}
+
+func (x *PrimitivesItems) ProtoReflect() protoreflect.Message {
+	mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[43]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use PrimitivesItems.ProtoReflect.Descriptor instead.
+func (*PrimitivesItems) Descriptor() ([]byte, []int) {
+	return file_openapiv2_OpenAPIv2_proto_rawDescGZIP(), []int{43}
+}
+
+func (x *PrimitivesItems) GetType() string {
+	if x != nil {
+		return x.Type
+	}
+	return ""
+}
+
+func (x *PrimitivesItems) GetFormat() string {
+	if x != nil {
+		return x.Format
+	}
+	return ""
+}
+
+func (x *PrimitivesItems) GetItems() *PrimitivesItems {
+	if x != nil {
+		return x.Items
+	}
+	return nil
+}
+
+func (x *PrimitivesItems) GetCollectionFormat() string {
+	if x != nil {
+		return x.CollectionFormat
+	}
+	return ""
+}
+
+func (x *PrimitivesItems) GetDefault() *Any {
+	if x != nil {
+		return x.Default
+	}
+	return nil
+}
+
+func (x *PrimitivesItems) GetMaximum() float64 {
+	if x != nil {
+		return x.Maximum
+	}
+	return 0
+}
+
+func (x *PrimitivesItems) GetExclusiveMaximum() bool {
+	if x != nil {
+		return x.ExclusiveMaximum
+	}
+	return false
+}
+
+func (x *PrimitivesItems) GetMinimum() float64 {
+	if x != nil {
+		return x.Minimum
+	}
+	return 0
+}
+
+func (x *PrimitivesItems) GetExclusiveMinimum() bool {
+	if x != nil {
+		return x.ExclusiveMinimum
+	}
+	return false
+}
+
+func (x *PrimitivesItems) GetMaxLength() int64 {
+	if x != nil {
+		return x.MaxLength
+	}
+	return 0
+}
+
+func (x *PrimitivesItems) GetMinLength() int64 {
+	if x != nil {
+		return x.MinLength
+	}
+	return 0
+}
+
+func (x *PrimitivesItems) GetPattern() string {
+	if x != nil {
+		return x.Pattern
+	}
+	return ""
+}
+
+func (x *PrimitivesItems) GetMaxItems() int64 {
+	if x != nil {
+		return x.MaxItems
+	}
+	return 0
+}
+
+func (x *PrimitivesItems) GetMinItems() int64 {
+	if x != nil {
+		return x.MinItems
+	}
+	return 0
+}
+
+func (x *PrimitivesItems) GetUniqueItems() bool {
+	if x != nil {
+		return x.UniqueItems
+	}
+	return false
+}
+
+func (x *PrimitivesItems) GetEnum() []*Any {
+	if x != nil {
+		return x.Enum
+	}
+	return nil
+}
+
+func (x *PrimitivesItems) GetMultipleOf() float64 {
+	if x != nil {
+		return x.MultipleOf
+	}
+	return 0
+}
+
+func (x *PrimitivesItems) GetVendorExtension() []*NamedAny {
+	if x != nil {
+		return x.VendorExtension
+	}
+	return nil
+}
+
+type Properties struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	AdditionalProperties []*NamedSchema `protobuf:"bytes,1,rep,name=additional_properties,json=additionalProperties,proto3" json:"additional_properties,omitempty"`
+}
+
+func (x *Properties) Reset() {
+	*x = Properties{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[44]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *Properties) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*Properties) ProtoMessage() {}
+
+func (x *Properties) ProtoReflect() protoreflect.Message {
+	mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[44]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use Properties.ProtoReflect.Descriptor instead.
+func (*Properties) Descriptor() ([]byte, []int) {
+	return file_openapiv2_OpenAPIv2_proto_rawDescGZIP(), []int{44}
+}
+
+func (x *Properties) GetAdditionalProperties() []*NamedSchema {
+	if x != nil {
+		return x.AdditionalProperties
+	}
+	return nil
+}
+
+type QueryParameterSubSchema struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// Determines whether or not this parameter is required or optional.
+	Required bool `protobuf:"varint,1,opt,name=required,proto3" json:"required,omitempty"`
+	// Determines the location of the parameter.
+	In string `protobuf:"bytes,2,opt,name=in,proto3" json:"in,omitempty"`
+	// A brief description of the parameter. This could contain examples of use.  GitHub Flavored Markdown is allowed.
+	Description string `protobuf:"bytes,3,opt,name=description,proto3" json:"description,omitempty"`
+	// The name of the parameter.
+	Name string `protobuf:"bytes,4,opt,name=name,proto3" json:"name,omitempty"`
+	// allows sending a parameter by name only or with an empty value.
+	AllowEmptyValue  bool             `protobuf:"varint,5,opt,name=allow_empty_value,json=allowEmptyValue,proto3" json:"allow_empty_value,omitempty"`
+	Type             string           `protobuf:"bytes,6,opt,name=type,proto3" json:"type,omitempty"`
+	Format           string           `protobuf:"bytes,7,opt,name=format,proto3" json:"format,omitempty"`
+	Items            *PrimitivesItems `protobuf:"bytes,8,opt,name=items,proto3" json:"items,omitempty"`
+	CollectionFormat string           `protobuf:"bytes,9,opt,name=collection_format,json=collectionFormat,proto3" json:"collection_format,omitempty"`
+	Default          *Any             `protobuf:"bytes,10,opt,name=default,proto3" json:"default,omitempty"`
+	Maximum          float64          `protobuf:"fixed64,11,opt,name=maximum,proto3" json:"maximum,omitempty"`
+	ExclusiveMaximum bool             `protobuf:"varint,12,opt,name=exclusive_maximum,json=exclusiveMaximum,proto3" json:"exclusive_maximum,omitempty"`
+	Minimum          float64          `protobuf:"fixed64,13,opt,name=minimum,proto3" json:"minimum,omitempty"`
+	ExclusiveMinimum bool             `protobuf:"varint,14,opt,name=exclusive_minimum,json=exclusiveMinimum,proto3" json:"exclusive_minimum,omitempty"`
+	MaxLength        int64            `protobuf:"varint,15,opt,name=max_length,json=maxLength,proto3" json:"max_length,omitempty"`
+	MinLength        int64            `protobuf:"varint,16,opt,name=min_length,json=minLength,proto3" json:"min_length,omitempty"`
+	Pattern          string           `protobuf:"bytes,17,opt,name=pattern,proto3" json:"pattern,omitempty"`
+	MaxItems         int64            `protobuf:"varint,18,opt,name=max_items,json=maxItems,proto3" json:"max_items,omitempty"`
+	MinItems         int64            `protobuf:"varint,19,opt,name=min_items,json=minItems,proto3" json:"min_items,omitempty"`
+	UniqueItems      bool             `protobuf:"varint,20,opt,name=unique_items,json=uniqueItems,proto3" json:"unique_items,omitempty"`
+	Enum             []*Any           `protobuf:"bytes,21,rep,name=enum,proto3" json:"enum,omitempty"`
+	MultipleOf       float64          `protobuf:"fixed64,22,opt,name=multiple_of,json=multipleOf,proto3" json:"multiple_of,omitempty"`
+	VendorExtension  []*NamedAny      `protobuf:"bytes,23,rep,name=vendor_extension,json=vendorExtension,proto3" json:"vendor_extension,omitempty"`
+}
+
+func (x *QueryParameterSubSchema) Reset() {
+	*x = QueryParameterSubSchema{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[45]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *QueryParameterSubSchema) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*QueryParameterSubSchema) ProtoMessage() {}
+
+func (x *QueryParameterSubSchema) ProtoReflect() protoreflect.Message {
+	mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[45]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use QueryParameterSubSchema.ProtoReflect.Descriptor instead.
+func (*QueryParameterSubSchema) Descriptor() ([]byte, []int) {
+	return file_openapiv2_OpenAPIv2_proto_rawDescGZIP(), []int{45}
+}
+
+func (x *QueryParameterSubSchema) GetRequired() bool {
+	if x != nil {
+		return x.Required
+	}
+	return false
+}
+
+func (x *QueryParameterSubSchema) GetIn() string {
+	if x != nil {
+		return x.In
+	}
+	return ""
+}
+
+func (x *QueryParameterSubSchema) GetDescription() string {
+	if x != nil {
+		return x.Description
+	}
+	return ""
+}
+
+func (x *QueryParameterSubSchema) GetName() string {
+	if x != nil {
+		return x.Name
+	}
+	return ""
+}
+
+func (x *QueryParameterSubSchema) GetAllowEmptyValue() bool {
+	if x != nil {
+		return x.AllowEmptyValue
+	}
+	return false
+}
+
+func (x *QueryParameterSubSchema) GetType() string {
+	if x != nil {
+		return x.Type
+	}
+	return ""
+}
+
+func (x *QueryParameterSubSchema) GetFormat() string {
+	if x != nil {
+		return x.Format
+	}
+	return ""
+}
+
+func (x *QueryParameterSubSchema) GetItems() *PrimitivesItems {
+	if x != nil {
+		return x.Items
+	}
+	return nil
+}
+
+func (x *QueryParameterSubSchema) GetCollectionFormat() string {
+	if x != nil {
+		return x.CollectionFormat
+	}
+	return ""
+}
+
+func (x *QueryParameterSubSchema) GetDefault() *Any {
+	if x != nil {
+		return x.Default
+	}
+	return nil
+}
+
+func (x *QueryParameterSubSchema) GetMaximum() float64 {
+	if x != nil {
+		return x.Maximum
+	}
+	return 0
+}
+
+func (x *QueryParameterSubSchema) GetExclusiveMaximum() bool {
+	if x != nil {
+		return x.ExclusiveMaximum
+	}
+	return false
+}
+
+func (x *QueryParameterSubSchema) GetMinimum() float64 {
+	if x != nil {
+		return x.Minimum
+	}
+	return 0
+}
+
+func (x *QueryParameterSubSchema) GetExclusiveMinimum() bool {
+	if x != nil {
+		return x.ExclusiveMinimum
+	}
+	return false
+}
+
+func (x *QueryParameterSubSchema) GetMaxLength() int64 {
+	if x != nil {
+		return x.MaxLength
+	}
+	return 0
+}
+
+func (x *QueryParameterSubSchema) GetMinLength() int64 {
+	if x != nil {
+		return x.MinLength
+	}
+	return 0
+}
+
+func (x *QueryParameterSubSchema) GetPattern() string {
+	if x != nil {
+		return x.Pattern
+	}
+	return ""
+}
+
+func (x *QueryParameterSubSchema) GetMaxItems() int64 {
+	if x != nil {
+		return x.MaxItems
+	}
+	return 0
+}
+
+func (x *QueryParameterSubSchema) GetMinItems() int64 {
+	if x != nil {
+		return x.MinItems
+	}
+	return 0
+}
+
+func (x *QueryParameterSubSchema) GetUniqueItems() bool {
+	if x != nil {
+		return x.UniqueItems
+	}
+	return false
+}
+
+func (x *QueryParameterSubSchema) GetEnum() []*Any {
+	if x != nil {
+		return x.Enum
+	}
+	return nil
+}
+
+func (x *QueryParameterSubSchema) GetMultipleOf() float64 {
+	if x != nil {
+		return x.MultipleOf
+	}
+	return 0
+}
+
+func (x *QueryParameterSubSchema) GetVendorExtension() []*NamedAny {
+	if x != nil {
+		return x.VendorExtension
+	}
+	return nil
+}
+
+type Response struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	Description     string      `protobuf:"bytes,1,opt,name=description,proto3" json:"description,omitempty"`
+	Schema          *SchemaItem `protobuf:"bytes,2,opt,name=schema,proto3" json:"schema,omitempty"`
+	Headers         *Headers    `protobuf:"bytes,3,opt,name=headers,proto3" json:"headers,omitempty"`
+	Examples        *Examples   `protobuf:"bytes,4,opt,name=examples,proto3" json:"examples,omitempty"`
+	VendorExtension []*NamedAny `protobuf:"bytes,5,rep,name=vendor_extension,json=vendorExtension,proto3" json:"vendor_extension,omitempty"`
+}
+
+func (x *Response) Reset() {
+	*x = Response{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[46]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *Response) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*Response) ProtoMessage() {}
+
+func (x *Response) ProtoReflect() protoreflect.Message {
+	mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[46]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use Response.ProtoReflect.Descriptor instead.
+func (*Response) Descriptor() ([]byte, []int) {
+	return file_openapiv2_OpenAPIv2_proto_rawDescGZIP(), []int{46}
+}
+
+func (x *Response) GetDescription() string {
+	if x != nil {
+		return x.Description
+	}
+	return ""
+}
+
+func (x *Response) GetSchema() *SchemaItem {
+	if x != nil {
+		return x.Schema
+	}
+	return nil
+}
+
+func (x *Response) GetHeaders() *Headers {
+	if x != nil {
+		return x.Headers
+	}
+	return nil
+}
+
+func (x *Response) GetExamples() *Examples {
+	if x != nil {
+		return x.Examples
+	}
+	return nil
+}
+
+func (x *Response) GetVendorExtension() []*NamedAny {
+	if x != nil {
+		return x.VendorExtension
+	}
+	return nil
+}
+
+// One or more JSON representations for responses
+type ResponseDefinitions struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	AdditionalProperties []*NamedResponse `protobuf:"bytes,1,rep,name=additional_properties,json=additionalProperties,proto3" json:"additional_properties,omitempty"`
+}
+
+func (x *ResponseDefinitions) Reset() {
+	*x = ResponseDefinitions{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[47]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *ResponseDefinitions) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ResponseDefinitions) ProtoMessage() {}
+
+func (x *ResponseDefinitions) ProtoReflect() protoreflect.Message {
+	mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[47]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ResponseDefinitions.ProtoReflect.Descriptor instead.
+func (*ResponseDefinitions) Descriptor() ([]byte, []int) {
+	return file_openapiv2_OpenAPIv2_proto_rawDescGZIP(), []int{47}
+}
+
+func (x *ResponseDefinitions) GetAdditionalProperties() []*NamedResponse {
+	if x != nil {
+		return x.AdditionalProperties
+	}
+	return nil
+}
+
+type ResponseValue struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// Types that are assignable to Oneof:
+	//	*ResponseValue_Response
+	//	*ResponseValue_JsonReference
+	Oneof isResponseValue_Oneof `protobuf_oneof:"oneof"`
+}
+
+func (x *ResponseValue) Reset() {
+	*x = ResponseValue{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[48]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *ResponseValue) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ResponseValue) ProtoMessage() {}
+
+func (x *ResponseValue) ProtoReflect() protoreflect.Message {
+	mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[48]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ResponseValue.ProtoReflect.Descriptor instead.
+func (*ResponseValue) Descriptor() ([]byte, []int) {
+	return file_openapiv2_OpenAPIv2_proto_rawDescGZIP(), []int{48}
+}
+
+func (m *ResponseValue) GetOneof() isResponseValue_Oneof {
+	if m != nil {
+		return m.Oneof
+	}
+	return nil
+}
+
+func (x *ResponseValue) GetResponse() *Response {
+	if x, ok := x.GetOneof().(*ResponseValue_Response); ok {
+		return x.Response
+	}
+	return nil
+}
+
+func (x *ResponseValue) GetJsonReference() *JsonReference {
+	if x, ok := x.GetOneof().(*ResponseValue_JsonReference); ok {
+		return x.JsonReference
+	}
+	return nil
+}
+
+type isResponseValue_Oneof interface {
+	isResponseValue_Oneof()
+}
+
+type ResponseValue_Response struct {
+	Response *Response `protobuf:"bytes,1,opt,name=response,proto3,oneof"`
+}
+
+type ResponseValue_JsonReference struct {
+	JsonReference *JsonReference `protobuf:"bytes,2,opt,name=json_reference,json=jsonReference,proto3,oneof"`
+}
+
+func (*ResponseValue_Response) isResponseValue_Oneof() {}
+
+func (*ResponseValue_JsonReference) isResponseValue_Oneof() {}
+
+// Response objects names can either be any valid HTTP status code or 'default'.
+type Responses struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	ResponseCode    []*NamedResponseValue `protobuf:"bytes,1,rep,name=response_code,json=responseCode,proto3" json:"response_code,omitempty"`
+	VendorExtension []*NamedAny           `protobuf:"bytes,2,rep,name=vendor_extension,json=vendorExtension,proto3" json:"vendor_extension,omitempty"`
+}
+
+func (x *Responses) Reset() {
+	*x = Responses{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[49]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *Responses) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*Responses) ProtoMessage() {}
+
+func (x *Responses) ProtoReflect() protoreflect.Message {
+	mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[49]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use Responses.ProtoReflect.Descriptor instead.
+func (*Responses) Descriptor() ([]byte, []int) {
+	return file_openapiv2_OpenAPIv2_proto_rawDescGZIP(), []int{49}
+}
+
+func (x *Responses) GetResponseCode() []*NamedResponseValue {
+	if x != nil {
+		return x.ResponseCode
+	}
+	return nil
+}
+
+func (x *Responses) GetVendorExtension() []*NamedAny {
+	if x != nil {
+		return x.VendorExtension
+	}
+	return nil
+}
+
+// A deterministic version of a JSON Schema object.
+type Schema struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	XRef                 string                    `protobuf:"bytes,1,opt,name=_ref,json=Ref,proto3" json:"_ref,omitempty"`
+	Format               string                    `protobuf:"bytes,2,opt,name=format,proto3" json:"format,omitempty"`
+	Title                string                    `protobuf:"bytes,3,opt,name=title,proto3" json:"title,omitempty"`
+	Description          string                    `protobuf:"bytes,4,opt,name=description,proto3" json:"description,omitempty"`
+	Default              *Any                      `protobuf:"bytes,5,opt,name=default,proto3" json:"default,omitempty"`
+	MultipleOf           float64                   `protobuf:"fixed64,6,opt,name=multiple_of,json=multipleOf,proto3" json:"multiple_of,omitempty"`
+	Maximum              float64                   `protobuf:"fixed64,7,opt,name=maximum,proto3" json:"maximum,omitempty"`
+	ExclusiveMaximum     bool                      `protobuf:"varint,8,opt,name=exclusive_maximum,json=exclusiveMaximum,proto3" json:"exclusive_maximum,omitempty"`
+	Minimum              float64                   `protobuf:"fixed64,9,opt,name=minimum,proto3" json:"minimum,omitempty"`
+	ExclusiveMinimum     bool                      `protobuf:"varint,10,opt,name=exclusive_minimum,json=exclusiveMinimum,proto3" json:"exclusive_minimum,omitempty"`
+	MaxLength            int64                     `protobuf:"varint,11,opt,name=max_length,json=maxLength,proto3" json:"max_length,omitempty"`
+	MinLength            int64                     `protobuf:"varint,12,opt,name=min_length,json=minLength,proto3" json:"min_length,omitempty"`
+	Pattern              string                    `protobuf:"bytes,13,opt,name=pattern,proto3" json:"pattern,omitempty"`
+	MaxItems             int64                     `protobuf:"varint,14,opt,name=max_items,json=maxItems,proto3" json:"max_items,omitempty"`
+	MinItems             int64                     `protobuf:"varint,15,opt,name=min_items,json=minItems,proto3" json:"min_items,omitempty"`
+	UniqueItems          bool                      `protobuf:"varint,16,opt,name=unique_items,json=uniqueItems,proto3" json:"unique_items,omitempty"`
+	MaxProperties        int64                     `protobuf:"varint,17,opt,name=max_properties,json=maxProperties,proto3" json:"max_properties,omitempty"`
+	MinProperties        int64                     `protobuf:"varint,18,opt,name=min_properties,json=minProperties,proto3" json:"min_properties,omitempty"`
+	Required             []string                  `protobuf:"bytes,19,rep,name=required,proto3" json:"required,omitempty"`
+	Enum                 []*Any                    `protobuf:"bytes,20,rep,name=enum,proto3" json:"enum,omitempty"`
+	AdditionalProperties *AdditionalPropertiesItem `protobuf:"bytes,21,opt,name=additional_properties,json=additionalProperties,proto3" json:"additional_properties,omitempty"`
+	Type                 *TypeItem                 `protobuf:"bytes,22,opt,name=type,proto3" json:"type,omitempty"`
+	Items                *ItemsItem                `protobuf:"bytes,23,opt,name=items,proto3" json:"items,omitempty"`
+	AllOf                []*Schema                 `protobuf:"bytes,24,rep,name=all_of,json=allOf,proto3" json:"all_of,omitempty"`
+	Properties           *Properties               `protobuf:"bytes,25,opt,name=properties,proto3" json:"properties,omitempty"`
+	Discriminator        string                    `protobuf:"bytes,26,opt,name=discriminator,proto3" json:"discriminator,omitempty"`
+	ReadOnly             bool                      `protobuf:"varint,27,opt,name=read_only,json=readOnly,proto3" json:"read_only,omitempty"`
+	Xml                  *Xml                      `protobuf:"bytes,28,opt,name=xml,proto3" json:"xml,omitempty"`
+	ExternalDocs         *ExternalDocs             `protobuf:"bytes,29,opt,name=external_docs,json=externalDocs,proto3" json:"external_docs,omitempty"`
+	Example              *Any                      `protobuf:"bytes,30,opt,name=example,proto3" json:"example,omitempty"`
+	VendorExtension      []*NamedAny               `protobuf:"bytes,31,rep,name=vendor_extension,json=vendorExtension,proto3" json:"vendor_extension,omitempty"`
+}
+
+func (x *Schema) Reset() {
+	*x = Schema{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[50]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *Schema) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*Schema) ProtoMessage() {}
+
+func (x *Schema) ProtoReflect() protoreflect.Message {
+	mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[50]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use Schema.ProtoReflect.Descriptor instead.
+func (*Schema) Descriptor() ([]byte, []int) {
+	return file_openapiv2_OpenAPIv2_proto_rawDescGZIP(), []int{50}
+}
+
+func (x *Schema) GetXRef() string {
+	if x != nil {
+		return x.XRef
+	}
+	return ""
+}
+
+func (x *Schema) GetFormat() string {
+	if x != nil {
+		return x.Format
+	}
+	return ""
+}
+
+func (x *Schema) GetTitle() string {
+	if x != nil {
+		return x.Title
+	}
+	return ""
+}
+
+func (x *Schema) GetDescription() string {
+	if x != nil {
+		return x.Description
+	}
+	return ""
+}
+
+func (x *Schema) GetDefault() *Any {
+	if x != nil {
+		return x.Default
+	}
+	return nil
+}
+
+func (x *Schema) GetMultipleOf() float64 {
+	if x != nil {
+		return x.MultipleOf
+	}
+	return 0
+}
+
+func (x *Schema) GetMaximum() float64 {
+	if x != nil {
+		return x.Maximum
+	}
+	return 0
+}
+
+func (x *Schema) GetExclusiveMaximum() bool {
+	if x != nil {
+		return x.ExclusiveMaximum
+	}
+	return false
+}
+
+func (x *Schema) GetMinimum() float64 {
+	if x != nil {
+		return x.Minimum
+	}
+	return 0
+}
+
+func (x *Schema) GetExclusiveMinimum() bool {
+	if x != nil {
+		return x.ExclusiveMinimum
+	}
+	return false
+}
+
+func (x *Schema) GetMaxLength() int64 {
+	if x != nil {
+		return x.MaxLength
+	}
+	return 0
+}
+
+func (x *Schema) GetMinLength() int64 {
+	if x != nil {
+		return x.MinLength
+	}
+	return 0
+}
+
+func (x *Schema) GetPattern() string {
+	if x != nil {
+		return x.Pattern
+	}
+	return ""
+}
+
+func (x *Schema) GetMaxItems() int64 {
+	if x != nil {
+		return x.MaxItems
+	}
+	return 0
+}
+
+func (x *Schema) GetMinItems() int64 {
+	if x != nil {
+		return x.MinItems
+	}
+	return 0
+}
+
+func (x *Schema) GetUniqueItems() bool {
+	if x != nil {
+		return x.UniqueItems
+	}
+	return false
+}
+
+func (x *Schema) GetMaxProperties() int64 {
+	if x != nil {
+		return x.MaxProperties
+	}
+	return 0
+}
+
+func (x *Schema) GetMinProperties() int64 {
+	if x != nil {
+		return x.MinProperties
+	}
+	return 0
+}
+
+func (x *Schema) GetRequired() []string {
+	if x != nil {
+		return x.Required
+	}
+	return nil
+}
+
+func (x *Schema) GetEnum() []*Any {
+	if x != nil {
+		return x.Enum
+	}
+	return nil
+}
+
+func (x *Schema) GetAdditionalProperties() *AdditionalPropertiesItem {
+	if x != nil {
+		return x.AdditionalProperties
+	}
+	return nil
+}
+
+func (x *Schema) GetType() *TypeItem {
+	if x != nil {
+		return x.Type
+	}
+	return nil
+}
+
+func (x *Schema) GetItems() *ItemsItem {
+	if x != nil {
+		return x.Items
+	}
+	return nil
+}
+
+func (x *Schema) GetAllOf() []*Schema {
+	if x != nil {
+		return x.AllOf
+	}
+	return nil
+}
+
+func (x *Schema) GetProperties() *Properties {
+	if x != nil {
+		return x.Properties
+	}
+	return nil
+}
+
+func (x *Schema) GetDiscriminator() string {
+	if x != nil {
+		return x.Discriminator
+	}
+	return ""
+}
+
+func (x *Schema) GetReadOnly() bool {
+	if x != nil {
+		return x.ReadOnly
+	}
+	return false
+}
+
+func (x *Schema) GetXml() *Xml {
+	if x != nil {
+		return x.Xml
+	}
+	return nil
+}
+
+func (x *Schema) GetExternalDocs() *ExternalDocs {
+	if x != nil {
+		return x.ExternalDocs
+	}
+	return nil
+}
+
+func (x *Schema) GetExample() *Any {
+	if x != nil {
+		return x.Example
+	}
+	return nil
+}
+
+func (x *Schema) GetVendorExtension() []*NamedAny {
+	if x != nil {
+		return x.VendorExtension
+	}
+	return nil
+}
+
+type SchemaItem struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// Types that are assignable to Oneof:
+	//	*SchemaItem_Schema
+	//	*SchemaItem_FileSchema
+	Oneof isSchemaItem_Oneof `protobuf_oneof:"oneof"`
+}
+
+func (x *SchemaItem) Reset() {
+	*x = SchemaItem{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[51]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *SchemaItem) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*SchemaItem) ProtoMessage() {}
+
+func (x *SchemaItem) ProtoReflect() protoreflect.Message {
+	mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[51]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use SchemaItem.ProtoReflect.Descriptor instead.
+func (*SchemaItem) Descriptor() ([]byte, []int) {
+	return file_openapiv2_OpenAPIv2_proto_rawDescGZIP(), []int{51}
+}
+
+func (m *SchemaItem) GetOneof() isSchemaItem_Oneof {
+	if m != nil {
+		return m.Oneof
+	}
+	return nil
+}
+
+func (x *SchemaItem) GetSchema() *Schema {
+	if x, ok := x.GetOneof().(*SchemaItem_Schema); ok {
+		return x.Schema
+	}
+	return nil
+}
+
+func (x *SchemaItem) GetFileSchema() *FileSchema {
+	if x, ok := x.GetOneof().(*SchemaItem_FileSchema); ok {
+		return x.FileSchema
+	}
+	return nil
+}
+
+type isSchemaItem_Oneof interface {
+	isSchemaItem_Oneof()
+}
+
+type SchemaItem_Schema struct {
+	Schema *Schema `protobuf:"bytes,1,opt,name=schema,proto3,oneof"`
+}
+
+type SchemaItem_FileSchema struct {
+	FileSchema *FileSchema `protobuf:"bytes,2,opt,name=file_schema,json=fileSchema,proto3,oneof"`
+}
+
+func (*SchemaItem_Schema) isSchemaItem_Oneof() {}
+
+func (*SchemaItem_FileSchema) isSchemaItem_Oneof() {}
+
+type SecurityDefinitions struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	AdditionalProperties []*NamedSecurityDefinitionsItem `protobuf:"bytes,1,rep,name=additional_properties,json=additionalProperties,proto3" json:"additional_properties,omitempty"`
+}
+
+func (x *SecurityDefinitions) Reset() {
+	*x = SecurityDefinitions{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[52]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *SecurityDefinitions) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*SecurityDefinitions) ProtoMessage() {}
+
+func (x *SecurityDefinitions) ProtoReflect() protoreflect.Message {
+	mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[52]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use SecurityDefinitions.ProtoReflect.Descriptor instead.
+func (*SecurityDefinitions) Descriptor() ([]byte, []int) {
+	return file_openapiv2_OpenAPIv2_proto_rawDescGZIP(), []int{52}
+}
+
+func (x *SecurityDefinitions) GetAdditionalProperties() []*NamedSecurityDefinitionsItem {
+	if x != nil {
+		return x.AdditionalProperties
+	}
+	return nil
+}
+
+type SecurityDefinitionsItem struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// Types that are assignable to Oneof:
+	//	*SecurityDefinitionsItem_BasicAuthenticationSecurity
+	//	*SecurityDefinitionsItem_ApiKeySecurity
+	//	*SecurityDefinitionsItem_Oauth2ImplicitSecurity
+	//	*SecurityDefinitionsItem_Oauth2PasswordSecurity
+	//	*SecurityDefinitionsItem_Oauth2ApplicationSecurity
+	//	*SecurityDefinitionsItem_Oauth2AccessCodeSecurity
+	Oneof isSecurityDefinitionsItem_Oneof `protobuf_oneof:"oneof"`
+}
+
+func (x *SecurityDefinitionsItem) Reset() {
+	*x = SecurityDefinitionsItem{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[53]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *SecurityDefinitionsItem) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*SecurityDefinitionsItem) ProtoMessage() {}
+
+func (x *SecurityDefinitionsItem) ProtoReflect() protoreflect.Message {
+	mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[53]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use SecurityDefinitionsItem.ProtoReflect.Descriptor instead.
+func (*SecurityDefinitionsItem) Descriptor() ([]byte, []int) {
+	return file_openapiv2_OpenAPIv2_proto_rawDescGZIP(), []int{53}
+}
+
+func (m *SecurityDefinitionsItem) GetOneof() isSecurityDefinitionsItem_Oneof {
+	if m != nil {
+		return m.Oneof
+	}
+	return nil
+}
+
+func (x *SecurityDefinitionsItem) GetBasicAuthenticationSecurity() *BasicAuthenticationSecurity {
+	if x, ok := x.GetOneof().(*SecurityDefinitionsItem_BasicAuthenticationSecurity); ok {
+		return x.BasicAuthenticationSecurity
+	}
+	return nil
+}
+
+func (x *SecurityDefinitionsItem) GetApiKeySecurity() *ApiKeySecurity {
+	if x, ok := x.GetOneof().(*SecurityDefinitionsItem_ApiKeySecurity); ok {
+		return x.ApiKeySecurity
+	}
+	return nil
+}
+
+func (x *SecurityDefinitionsItem) GetOauth2ImplicitSecurity() *Oauth2ImplicitSecurity {
+	if x, ok := x.GetOneof().(*SecurityDefinitionsItem_Oauth2ImplicitSecurity); ok {
+		return x.Oauth2ImplicitSecurity
+	}
+	return nil
+}
+
+func (x *SecurityDefinitionsItem) GetOauth2PasswordSecurity() *Oauth2PasswordSecurity {
+	if x, ok := x.GetOneof().(*SecurityDefinitionsItem_Oauth2PasswordSecurity); ok {
+		return x.Oauth2PasswordSecurity
+	}
+	return nil
+}
+
+func (x *SecurityDefinitionsItem) GetOauth2ApplicationSecurity() *Oauth2ApplicationSecurity {
+	if x, ok := x.GetOneof().(*SecurityDefinitionsItem_Oauth2ApplicationSecurity); ok {
+		return x.Oauth2ApplicationSecurity
+	}
+	return nil
+}
+
+func (x *SecurityDefinitionsItem) GetOauth2AccessCodeSecurity() *Oauth2AccessCodeSecurity {
+	if x, ok := x.GetOneof().(*SecurityDefinitionsItem_Oauth2AccessCodeSecurity); ok {
+		return x.Oauth2AccessCodeSecurity
+	}
+	return nil
+}
+
+type isSecurityDefinitionsItem_Oneof interface {
+	isSecurityDefinitionsItem_Oneof()
+}
+
+type SecurityDefinitionsItem_BasicAuthenticationSecurity struct {
+	BasicAuthenticationSecurity *BasicAuthenticationSecurity `protobuf:"bytes,1,opt,name=basic_authentication_security,json=basicAuthenticationSecurity,proto3,oneof"`
+}
+
+type SecurityDefinitionsItem_ApiKeySecurity struct {
+	ApiKeySecurity *ApiKeySecurity `protobuf:"bytes,2,opt,name=api_key_security,json=apiKeySecurity,proto3,oneof"`
+}
+
+type SecurityDefinitionsItem_Oauth2ImplicitSecurity struct {
+	Oauth2ImplicitSecurity *Oauth2ImplicitSecurity `protobuf:"bytes,3,opt,name=oauth2_implicit_security,json=oauth2ImplicitSecurity,proto3,oneof"`
+}
+
+type SecurityDefinitionsItem_Oauth2PasswordSecurity struct {
+	Oauth2PasswordSecurity *Oauth2PasswordSecurity `protobuf:"bytes,4,opt,name=oauth2_password_security,json=oauth2PasswordSecurity,proto3,oneof"`
+}
+
+type SecurityDefinitionsItem_Oauth2ApplicationSecurity struct {
+	Oauth2ApplicationSecurity *Oauth2ApplicationSecurity `protobuf:"bytes,5,opt,name=oauth2_application_security,json=oauth2ApplicationSecurity,proto3,oneof"`
+}
+
+type SecurityDefinitionsItem_Oauth2AccessCodeSecurity struct {
+	Oauth2AccessCodeSecurity *Oauth2AccessCodeSecurity `protobuf:"bytes,6,opt,name=oauth2_access_code_security,json=oauth2AccessCodeSecurity,proto3,oneof"`
+}
+
+func (*SecurityDefinitionsItem_BasicAuthenticationSecurity) isSecurityDefinitionsItem_Oneof() {}
+
+func (*SecurityDefinitionsItem_ApiKeySecurity) isSecurityDefinitionsItem_Oneof() {}
+
+func (*SecurityDefinitionsItem_Oauth2ImplicitSecurity) isSecurityDefinitionsItem_Oneof() {}
+
+func (*SecurityDefinitionsItem_Oauth2PasswordSecurity) isSecurityDefinitionsItem_Oneof() {}
+
+func (*SecurityDefinitionsItem_Oauth2ApplicationSecurity) isSecurityDefinitionsItem_Oneof() {}
+
+func (*SecurityDefinitionsItem_Oauth2AccessCodeSecurity) isSecurityDefinitionsItem_Oneof() {}
+
+type SecurityRequirement struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	AdditionalProperties []*NamedStringArray `protobuf:"bytes,1,rep,name=additional_properties,json=additionalProperties,proto3" json:"additional_properties,omitempty"`
+}
+
+func (x *SecurityRequirement) Reset() {
+	*x = SecurityRequirement{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[54]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *SecurityRequirement) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*SecurityRequirement) ProtoMessage() {}
+
+func (x *SecurityRequirement) ProtoReflect() protoreflect.Message {
+	mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[54]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use SecurityRequirement.ProtoReflect.Descriptor instead.
+func (*SecurityRequirement) Descriptor() ([]byte, []int) {
+	return file_openapiv2_OpenAPIv2_proto_rawDescGZIP(), []int{54}
+}
+
+func (x *SecurityRequirement) GetAdditionalProperties() []*NamedStringArray {
+	if x != nil {
+		return x.AdditionalProperties
+	}
+	return nil
+}
+
+type StringArray struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	Value []string `protobuf:"bytes,1,rep,name=value,proto3" json:"value,omitempty"`
+}
+
+func (x *StringArray) Reset() {
+	*x = StringArray{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[55]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *StringArray) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*StringArray) ProtoMessage() {}
+
+func (x *StringArray) ProtoReflect() protoreflect.Message {
+	mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[55]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use StringArray.ProtoReflect.Descriptor instead.
+func (*StringArray) Descriptor() ([]byte, []int) {
+	return file_openapiv2_OpenAPIv2_proto_rawDescGZIP(), []int{55}
+}
+
+func (x *StringArray) GetValue() []string {
+	if x != nil {
+		return x.Value
+	}
+	return nil
+}
+
+type Tag struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	Name            string        `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
+	Description     string        `protobuf:"bytes,2,opt,name=description,proto3" json:"description,omitempty"`
+	ExternalDocs    *ExternalDocs `protobuf:"bytes,3,opt,name=external_docs,json=externalDocs,proto3" json:"external_docs,omitempty"`
+	VendorExtension []*NamedAny   `protobuf:"bytes,4,rep,name=vendor_extension,json=vendorExtension,proto3" json:"vendor_extension,omitempty"`
+}
+
+func (x *Tag) Reset() {
+	*x = Tag{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[56]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *Tag) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*Tag) ProtoMessage() {}
+
+func (x *Tag) ProtoReflect() protoreflect.Message {
+	mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[56]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use Tag.ProtoReflect.Descriptor instead.
+func (*Tag) Descriptor() ([]byte, []int) {
+	return file_openapiv2_OpenAPIv2_proto_rawDescGZIP(), []int{56}
+}
+
+func (x *Tag) GetName() string {
+	if x != nil {
+		return x.Name
+	}
+	return ""
+}
+
+func (x *Tag) GetDescription() string {
+	if x != nil {
+		return x.Description
+	}
+	return ""
+}
+
+func (x *Tag) GetExternalDocs() *ExternalDocs {
+	if x != nil {
+		return x.ExternalDocs
+	}
+	return nil
+}
+
+func (x *Tag) GetVendorExtension() []*NamedAny {
+	if x != nil {
+		return x.VendorExtension
+	}
+	return nil
+}
+
+type TypeItem struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	Value []string `protobuf:"bytes,1,rep,name=value,proto3" json:"value,omitempty"`
+}
+
+func (x *TypeItem) Reset() {
+	*x = TypeItem{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[57]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *TypeItem) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*TypeItem) ProtoMessage() {}
+
+func (x *TypeItem) ProtoReflect() protoreflect.Message {
+	mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[57]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use TypeItem.ProtoReflect.Descriptor instead.
+func (*TypeItem) Descriptor() ([]byte, []int) {
+	return file_openapiv2_OpenAPIv2_proto_rawDescGZIP(), []int{57}
+}
+
+func (x *TypeItem) GetValue() []string {
+	if x != nil {
+		return x.Value
+	}
+	return nil
+}
+
+// Any property starting with x- is valid.
+type VendorExtension struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	AdditionalProperties []*NamedAny `protobuf:"bytes,1,rep,name=additional_properties,json=additionalProperties,proto3" json:"additional_properties,omitempty"`
+}
+
+func (x *VendorExtension) Reset() {
+	*x = VendorExtension{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[58]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *VendorExtension) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*VendorExtension) ProtoMessage() {}
+
+func (x *VendorExtension) ProtoReflect() protoreflect.Message {
+	mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[58]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use VendorExtension.ProtoReflect.Descriptor instead.
+func (*VendorExtension) Descriptor() ([]byte, []int) {
+	return file_openapiv2_OpenAPIv2_proto_rawDescGZIP(), []int{58}
+}
+
+func (x *VendorExtension) GetAdditionalProperties() []*NamedAny {
+	if x != nil {
+		return x.AdditionalProperties
+	}
+	return nil
+}
+
+type Xml struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	Name            string      `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
+	Namespace       string      `protobuf:"bytes,2,opt,name=namespace,proto3" json:"namespace,omitempty"`
+	Prefix          string      `protobuf:"bytes,3,opt,name=prefix,proto3" json:"prefix,omitempty"`
+	Attribute       bool        `protobuf:"varint,4,opt,name=attribute,proto3" json:"attribute,omitempty"`
+	Wrapped         bool        `protobuf:"varint,5,opt,name=wrapped,proto3" json:"wrapped,omitempty"`
+	VendorExtension []*NamedAny `protobuf:"bytes,6,rep,name=vendor_extension,json=vendorExtension,proto3" json:"vendor_extension,omitempty"`
+}
+
+func (x *Xml) Reset() {
+	*x = Xml{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[59]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *Xml) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*Xml) ProtoMessage() {}
+
+func (x *Xml) ProtoReflect() protoreflect.Message {
+	mi := &file_openapiv2_OpenAPIv2_proto_msgTypes[59]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use Xml.ProtoReflect.Descriptor instead.
+func (*Xml) Descriptor() ([]byte, []int) {
+	return file_openapiv2_OpenAPIv2_proto_rawDescGZIP(), []int{59}
+}
+
+func (x *Xml) GetName() string {
+	if x != nil {
+		return x.Name
+	}
+	return ""
+}
+
+func (x *Xml) GetNamespace() string {
+	if x != nil {
+		return x.Namespace
+	}
+	return ""
+}
+
+func (x *Xml) GetPrefix() string {
+	if x != nil {
+		return x.Prefix
+	}
+	return ""
+}
+
+func (x *Xml) GetAttribute() bool {
+	if x != nil {
+		return x.Attribute
+	}
+	return false
+}
+
+func (x *Xml) GetWrapped() bool {
+	if x != nil {
+		return x.Wrapped
+	}
+	return false
+}
+
+func (x *Xml) GetVendorExtension() []*NamedAny {
+	if x != nil {
+		return x.VendorExtension
+	}
+	return nil
+}
+
+var File_openapiv2_OpenAPIv2_proto protoreflect.FileDescriptor
+
+var file_openapiv2_OpenAPIv2_proto_rawDesc = []byte{
+	0x0a, 0x19, 0x6f, 0x70, 0x65, 0x6e, 0x61, 0x70, 0x69, 0x76, 0x32, 0x2f, 0x4f, 0x70, 0x65, 0x6e,
+	0x41, 0x50, 0x49, 0x76, 0x32, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x0a, 0x6f, 0x70, 0x65,
+	0x6e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x1a, 0x19, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f,
+	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x61, 0x6e, 0x79, 0x2e, 0x70, 0x72, 0x6f,
+	0x74, 0x6f, 0x22, 0x6d, 0x0a, 0x18, 0x41, 0x64, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c,
+	0x50, 0x72, 0x6f, 0x70, 0x65, 0x72, 0x74, 0x69, 0x65, 0x73, 0x49, 0x74, 0x65, 0x6d, 0x12, 0x2c,
+	0x0a, 0x06, 0x73, 0x63, 0x68, 0x65, 0x6d, 0x61, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x12,
+	0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x53, 0x63, 0x68, 0x65,
+	0x6d, 0x61, 0x48, 0x00, 0x52, 0x06, 0x73, 0x63, 0x68, 0x65, 0x6d, 0x61, 0x12, 0x1a, 0x0a, 0x07,
+	0x62, 0x6f, 0x6f, 0x6c, 0x65, 0x61, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x48, 0x00, 0x52,
+	0x07, 0x62, 0x6f, 0x6f, 0x6c, 0x65, 0x61, 0x6e, 0x42, 0x07, 0x0a, 0x05, 0x6f, 0x6e, 0x65, 0x6f,
+	0x66, 0x22, 0x45, 0x0a, 0x03, 0x41, 0x6e, 0x79, 0x12, 0x2a, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75,
+	0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
+	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x41, 0x6e, 0x79, 0x52, 0x05, 0x76,
+	0x61, 0x6c, 0x75, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x79, 0x61, 0x6d, 0x6c, 0x18, 0x02, 0x20, 0x01,
+	0x28, 0x09, 0x52, 0x04, 0x79, 0x61, 0x6d, 0x6c, 0x22, 0xab, 0x01, 0x0a, 0x0e, 0x41, 0x70, 0x69,
+	0x4b, 0x65, 0x79, 0x53, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x12, 0x12, 0x0a, 0x04, 0x74,
+	0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12,
+	0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e,
+	0x61, 0x6d, 0x65, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52,
+	0x02, 0x69, 0x6e, 0x12, 0x20, 0x0a, 0x0b, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x69,
+	0x6f, 0x6e, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69,
+	0x70, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x3f, 0x0a, 0x10, 0x76, 0x65, 0x6e, 0x64, 0x6f, 0x72, 0x5f,
+	0x65, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x05, 0x20, 0x03, 0x28, 0x0b, 0x32,
+	0x14, 0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x4e, 0x61, 0x6d,
+	0x65, 0x64, 0x41, 0x6e, 0x79, 0x52, 0x0f, 0x76, 0x65, 0x6e, 0x64, 0x6f, 0x72, 0x45, 0x78, 0x74,
+	0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x22, 0x94, 0x01, 0x0a, 0x1b, 0x42, 0x61, 0x73, 0x69, 0x63,
+	0x41, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x65,
+	0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x12, 0x12, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01,
+	0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x20, 0x0a, 0x0b, 0x64, 0x65,
+	0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52,
+	0x0b, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x3f, 0x0a, 0x10,
+	0x76, 0x65, 0x6e, 0x64, 0x6f, 0x72, 0x5f, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e,
+	0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x61, 0x70, 0x69,
+	0x2e, 0x76, 0x32, 0x2e, 0x4e, 0x61, 0x6d, 0x65, 0x64, 0x41, 0x6e, 0x79, 0x52, 0x0f, 0x76, 0x65,
+	0x6e, 0x64, 0x6f, 0x72, 0x45, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x22, 0xde, 0x01,
+	0x0a, 0x0d, 0x42, 0x6f, 0x64, 0x79, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x12,
+	0x20, 0x0a, 0x0b, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x01,
+	0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x69, 0x6f,
+	0x6e, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52,
+	0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28,
+	0x09, 0x52, 0x02, 0x69, 0x6e, 0x12, 0x1a, 0x0a, 0x08, 0x72, 0x65, 0x71, 0x75, 0x69, 0x72, 0x65,
+	0x64, 0x18, 0x04, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x72, 0x65, 0x71, 0x75, 0x69, 0x72, 0x65,
+	0x64, 0x12, 0x2a, 0x0a, 0x06, 0x73, 0x63, 0x68, 0x65, 0x6d, 0x61, 0x18, 0x05, 0x20, 0x01, 0x28,
+	0x0b, 0x32, 0x12, 0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x53,
+	0x63, 0x68, 0x65, 0x6d, 0x61, 0x52, 0x06, 0x73, 0x63, 0x68, 0x65, 0x6d, 0x61, 0x12, 0x3f, 0x0a,
+	0x10, 0x76, 0x65, 0x6e, 0x64, 0x6f, 0x72, 0x5f, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f,
+	0x6e, 0x18, 0x06, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x61, 0x70,
+	0x69, 0x2e, 0x76, 0x32, 0x2e, 0x4e, 0x61, 0x6d, 0x65, 0x64, 0x41, 0x6e, 0x79, 0x52, 0x0f, 0x76,
+	0x65, 0x6e, 0x64, 0x6f, 0x72, 0x45, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x22, 0x86,
+	0x01, 0x0a, 0x07, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x63, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61,
+	0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x10,
+	0x0a, 0x03, 0x75, 0x72, 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x75, 0x72, 0x6c,
+	0x12, 0x14, 0x0a, 0x05, 0x65, 0x6d, 0x61, 0x69, 0x6c, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52,
+	0x05, 0x65, 0x6d, 0x61, 0x69, 0x6c, 0x12, 0x3f, 0x0a, 0x10, 0x76, 0x65, 0x6e, 0x64, 0x6f, 0x72,
+	0x5f, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b,
+	0x32, 0x14, 0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x4e, 0x61,
+	0x6d, 0x65, 0x64, 0x41, 0x6e, 0x79, 0x52, 0x0f, 0x76, 0x65, 0x6e, 0x64, 0x6f, 0x72, 0x45, 0x78,
+	0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x22, 0x54, 0x0a, 0x07, 0x44, 0x65, 0x66, 0x61, 0x75,
+	0x6c, 0x74, 0x12, 0x49, 0x0a, 0x15, 0x61, 0x64, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c,
+	0x5f, 0x70, 0x72, 0x6f, 0x70, 0x65, 0x72, 0x74, 0x69, 0x65, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28,
+	0x0b, 0x32, 0x14, 0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x4e,
+	0x61, 0x6d, 0x65, 0x64, 0x41, 0x6e, 0x79, 0x52, 0x14, 0x61, 0x64, 0x64, 0x69, 0x74, 0x69, 0x6f,
+	0x6e, 0x61, 0x6c, 0x50, 0x72, 0x6f, 0x70, 0x65, 0x72, 0x74, 0x69, 0x65, 0x73, 0x22, 0x5b, 0x0a,
+	0x0b, 0x44, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x4c, 0x0a, 0x15,
+	0x61, 0x64, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x5f, 0x70, 0x72, 0x6f, 0x70, 0x65,
+	0x72, 0x74, 0x69, 0x65, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x6f, 0x70,
+	0x65, 0x6e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x4e, 0x61, 0x6d, 0x65, 0x64, 0x53, 0x63,
+	0x68, 0x65, 0x6d, 0x61, 0x52, 0x14, 0x61, 0x64, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c,
+	0x50, 0x72, 0x6f, 0x70, 0x65, 0x72, 0x74, 0x69, 0x65, 0x73, 0x22, 0xe8, 0x05, 0x0a, 0x08, 0x44,
+	0x6f, 0x63, 0x75, 0x6d, 0x65, 0x6e, 0x74, 0x12, 0x18, 0x0a, 0x07, 0x73, 0x77, 0x61, 0x67, 0x67,
+	0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x73, 0x77, 0x61, 0x67, 0x67, 0x65,
+	0x72, 0x12, 0x24, 0x0a, 0x04, 0x69, 0x6e, 0x66, 0x6f, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32,
+	0x10, 0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x49, 0x6e, 0x66,
+	0x6f, 0x52, 0x04, 0x69, 0x6e, 0x66, 0x6f, 0x12, 0x12, 0x0a, 0x04, 0x68, 0x6f, 0x73, 0x74, 0x18,
+	0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x68, 0x6f, 0x73, 0x74, 0x12, 0x1b, 0x0a, 0x09, 0x62,
+	0x61, 0x73, 0x65, 0x5f, 0x70, 0x61, 0x74, 0x68, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08,
+	0x62, 0x61, 0x73, 0x65, 0x50, 0x61, 0x74, 0x68, 0x12, 0x18, 0x0a, 0x07, 0x73, 0x63, 0x68, 0x65,
+	0x6d, 0x65, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x09, 0x52, 0x07, 0x73, 0x63, 0x68, 0x65, 0x6d,
+	0x65, 0x73, 0x12, 0x1a, 0x0a, 0x08, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6d, 0x65, 0x73, 0x18, 0x06,
+	0x20, 0x03, 0x28, 0x09, 0x52, 0x08, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6d, 0x65, 0x73, 0x12, 0x1a,
+	0x0a, 0x08, 0x70, 0x72, 0x6f, 0x64, 0x75, 0x63, 0x65, 0x73, 0x18, 0x07, 0x20, 0x03, 0x28, 0x09,
+	0x52, 0x08, 0x70, 0x72, 0x6f, 0x64, 0x75, 0x63, 0x65, 0x73, 0x12, 0x27, 0x0a, 0x05, 0x70, 0x61,
+	0x74, 0x68, 0x73, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x11, 0x2e, 0x6f, 0x70, 0x65, 0x6e,
+	0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x50, 0x61, 0x74, 0x68, 0x73, 0x52, 0x05, 0x70, 0x61,
+	0x74, 0x68, 0x73, 0x12, 0x39, 0x0a, 0x0b, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f,
+	0x6e, 0x73, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x61,
+	0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x44, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e,
+	0x73, 0x52, 0x0b, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x40,
+	0x0a, 0x0a, 0x70, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x73, 0x18, 0x0a, 0x20, 0x01,
+	0x28, 0x0b, 0x32, 0x20, 0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e,
+	0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x44, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74,
+	0x69, 0x6f, 0x6e, 0x73, 0x52, 0x0a, 0x70, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x73,
+	0x12, 0x3d, 0x0a, 0x09, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x73, 0x18, 0x0b, 0x20,
+	0x01, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x32,
+	0x2e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x44, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74,
+	0x69, 0x6f, 0x6e, 0x73, 0x52, 0x09, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x73, 0x12,
+	0x3b, 0x0a, 0x08, 0x73, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x18, 0x0c, 0x20, 0x03, 0x28,
+	0x0b, 0x32, 0x1f, 0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x53,
+	0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x52, 0x65, 0x71, 0x75, 0x69, 0x72, 0x65, 0x6d, 0x65,
+	0x6e, 0x74, 0x52, 0x08, 0x73, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x12, 0x52, 0x0a, 0x14,
+	0x73, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x5f, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74,
+	0x69, 0x6f, 0x6e, 0x73, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x6f, 0x70, 0x65,
+	0x6e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x53, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79,
+	0x44, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x13, 0x73, 0x65, 0x63,
+	0x75, 0x72, 0x69, 0x74, 0x79, 0x44, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73,
+	0x12, 0x23, 0x0a, 0x04, 0x74, 0x61, 0x67, 0x73, 0x18, 0x0e, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x0f,
+	0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x54, 0x61, 0x67, 0x52,
+	0x04, 0x74, 0x61, 0x67, 0x73, 0x12, 0x3d, 0x0a, 0x0d, 0x65, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61,
+	0x6c, 0x5f, 0x64, 0x6f, 0x63, 0x73, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x18, 0x2e, 0x6f,
+	0x70, 0x65, 0x6e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x45, 0x78, 0x74, 0x65, 0x72, 0x6e,
+	0x61, 0x6c, 0x44, 0x6f, 0x63, 0x73, 0x52, 0x0c, 0x65, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c,
+	0x44, 0x6f, 0x63, 0x73, 0x12, 0x3f, 0x0a, 0x10, 0x76, 0x65, 0x6e, 0x64, 0x6f, 0x72, 0x5f, 0x65,
+	0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x10, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x14,
+	0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x4e, 0x61, 0x6d, 0x65,
+	0x64, 0x41, 0x6e, 0x79, 0x52, 0x0f, 0x76, 0x65, 0x6e, 0x64, 0x6f, 0x72, 0x45, 0x78, 0x74, 0x65,
+	0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x22, 0x55, 0x0a, 0x08, 0x45, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65,
+	0x73, 0x12, 0x49, 0x0a, 0x15, 0x61, 0x64, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x5f,
+	0x70, 0x72, 0x6f, 0x70, 0x65, 0x72, 0x74, 0x69, 0x65, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b,
+	0x32, 0x14, 0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x4e, 0x61,
+	0x6d, 0x65, 0x64, 0x41, 0x6e, 0x79, 0x52, 0x14, 0x61, 0x64, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e,
+	0x61, 0x6c, 0x50, 0x72, 0x6f, 0x70, 0x65, 0x72, 0x74, 0x69, 0x65, 0x73, 0x22, 0x83, 0x01, 0x0a,
+	0x0c, 0x45, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x44, 0x6f, 0x63, 0x73, 0x12, 0x20, 0x0a,
+	0x0b, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01,
+	0x28, 0x09, 0x52, 0x0b, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x12,
+	0x10, 0x0a, 0x03, 0x75, 0x72, 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x75, 0x72,
+	0x6c, 0x12, 0x3f, 0x0a, 0x10, 0x76, 0x65, 0x6e, 0x64, 0x6f, 0x72, 0x5f, 0x65, 0x78, 0x74, 0x65,
+	0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x6f, 0x70,
+	0x65, 0x6e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x4e, 0x61, 0x6d, 0x65, 0x64, 0x41, 0x6e,
+	0x79, 0x52, 0x0f, 0x76, 0x65, 0x6e, 0x64, 0x6f, 0x72, 0x45, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69,
+	0x6f, 0x6e, 0x22, 0xff, 0x02, 0x0a, 0x0a, 0x46, 0x69, 0x6c, 0x65, 0x53, 0x63, 0x68, 0x65, 0x6d,
+	0x61, 0x12, 0x16, 0x0a, 0x06, 0x66, 0x6f, 0x72, 0x6d, 0x61, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28,
+	0x09, 0x52, 0x06, 0x66, 0x6f, 0x72, 0x6d, 0x61, 0x74, 0x12, 0x14, 0x0a, 0x05, 0x74, 0x69, 0x74,
+	0x6c, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x74, 0x69, 0x74, 0x6c, 0x65, 0x12,
+	0x20, 0x0a, 0x0b, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x03,
+	0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x69, 0x6f,
+	0x6e, 0x12, 0x29, 0x0a, 0x07, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x18, 0x04, 0x20, 0x01,
+	0x28, 0x0b, 0x32, 0x0f, 0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e,
+	0x41, 0x6e, 0x79, 0x52, 0x07, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x12, 0x1a, 0x0a, 0x08,
+	0x72, 0x65, 0x71, 0x75, 0x69, 0x72, 0x65, 0x64, 0x18, 0x05, 0x20, 0x03, 0x28, 0x09, 0x52, 0x08,
+	0x72, 0x65, 0x71, 0x75, 0x69, 0x72, 0x65, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65,
+	0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x1b, 0x0a, 0x09,
+	0x72, 0x65, 0x61, 0x64, 0x5f, 0x6f, 0x6e, 0x6c, 0x79, 0x18, 0x07, 0x20, 0x01, 0x28, 0x08, 0x52,
+	0x08, 0x72, 0x65, 0x61, 0x64, 0x4f, 0x6e, 0x6c, 0x79, 0x12, 0x3d, 0x0a, 0x0d, 0x65, 0x78, 0x74,
+	0x65, 0x72, 0x6e, 0x61, 0x6c, 0x5f, 0x64, 0x6f, 0x63, 0x73, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b,
+	0x32, 0x18, 0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x45, 0x78,
+	0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x44, 0x6f, 0x63, 0x73, 0x52, 0x0c, 0x65, 0x78, 0x74, 0x65,
+	0x72, 0x6e, 0x61, 0x6c, 0x44, 0x6f, 0x63, 0x73, 0x12, 0x29, 0x0a, 0x07, 0x65, 0x78, 0x61, 0x6d,
+	0x70, 0x6c, 0x65, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0f, 0x2e, 0x6f, 0x70, 0x65, 0x6e,
+	0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x41, 0x6e, 0x79, 0x52, 0x07, 0x65, 0x78, 0x61, 0x6d,
+	0x70, 0x6c, 0x65, 0x12, 0x3f, 0x0a, 0x10, 0x76, 0x65, 0x6e, 0x64, 0x6f, 0x72, 0x5f, 0x65, 0x78,
+	0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x0a, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x14, 0x2e,
+	0x6f, 0x70, 0x65, 0x6e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x4e, 0x61, 0x6d, 0x65, 0x64,
+	0x41, 0x6e, 0x79, 0x52, 0x0f, 0x76, 0x65, 0x6e, 0x64, 0x6f, 0x72, 0x45, 0x78, 0x74, 0x65, 0x6e,
+	0x73, 0x69, 0x6f, 0x6e, 0x22, 0xab, 0x06, 0x0a, 0x1a, 0x46, 0x6f, 0x72, 0x6d, 0x44, 0x61, 0x74,
+	0x61, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x53, 0x75, 0x62, 0x53, 0x63, 0x68,
+	0x65, 0x6d, 0x61, 0x12, 0x1a, 0x0a, 0x08, 0x72, 0x65, 0x71, 0x75, 0x69, 0x72, 0x65, 0x64, 0x18,
+	0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x72, 0x65, 0x71, 0x75, 0x69, 0x72, 0x65, 0x64, 0x12,
+	0x0e, 0x0a, 0x02, 0x69, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x69, 0x6e, 0x12,
+	0x20, 0x0a, 0x0b, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x03,
+	0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x69, 0x6f,
+	0x6e, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52,
+	0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x2a, 0x0a, 0x11, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x5f, 0x65,
+	0x6d, 0x70, 0x74, 0x79, 0x5f, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x08,
+	0x52, 0x0f, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x56, 0x61, 0x6c, 0x75,
+	0x65, 0x12, 0x12, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52,
+	0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x66, 0x6f, 0x72, 0x6d, 0x61, 0x74, 0x18,
+	0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x66, 0x6f, 0x72, 0x6d, 0x61, 0x74, 0x12, 0x31, 0x0a,
+	0x05, 0x69, 0x74, 0x65, 0x6d, 0x73, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x6f,
+	0x70, 0x65, 0x6e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x50, 0x72, 0x69, 0x6d, 0x69, 0x74,
+	0x69, 0x76, 0x65, 0x73, 0x49, 0x74, 0x65, 0x6d, 0x73, 0x52, 0x05, 0x69, 0x74, 0x65, 0x6d, 0x73,
+	0x12, 0x2b, 0x0a, 0x11, 0x63, 0x6f, 0x6c, 0x6c, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x66,
+	0x6f, 0x72, 0x6d, 0x61, 0x74, 0x18, 0x09, 0x20, 0x01, 0x28, 0x09, 0x52, 0x10, 0x63, 0x6f, 0x6c,
+	0x6c, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x46, 0x6f, 0x72, 0x6d, 0x61, 0x74, 0x12, 0x29, 0x0a,
+	0x07, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0f,
+	0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x41, 0x6e, 0x79, 0x52,
+	0x07, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x12, 0x18, 0x0a, 0x07, 0x6d, 0x61, 0x78, 0x69,
+	0x6d, 0x75, 0x6d, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x01, 0x52, 0x07, 0x6d, 0x61, 0x78, 0x69, 0x6d,
+	0x75, 0x6d, 0x12, 0x2b, 0x0a, 0x11, 0x65, 0x78, 0x63, 0x6c, 0x75, 0x73, 0x69, 0x76, 0x65, 0x5f,
+	0x6d, 0x61, 0x78, 0x69, 0x6d, 0x75, 0x6d, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x08, 0x52, 0x10, 0x65,
+	0x78, 0x63, 0x6c, 0x75, 0x73, 0x69, 0x76, 0x65, 0x4d, 0x61, 0x78, 0x69, 0x6d, 0x75, 0x6d, 0x12,
+	0x18, 0x0a, 0x07, 0x6d, 0x69, 0x6e, 0x69, 0x6d, 0x75, 0x6d, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x01,
+	0x52, 0x07, 0x6d, 0x69, 0x6e, 0x69, 0x6d, 0x75, 0x6d, 0x12, 0x2b, 0x0a, 0x11, 0x65, 0x78, 0x63,
+	0x6c, 0x75, 0x73, 0x69, 0x76, 0x65, 0x5f, 0x6d, 0x69, 0x6e, 0x69, 0x6d, 0x75, 0x6d, 0x18, 0x0e,
+	0x20, 0x01, 0x28, 0x08, 0x52, 0x10, 0x65, 0x78, 0x63, 0x6c, 0x75, 0x73, 0x69, 0x76, 0x65, 0x4d,
+	0x69, 0x6e, 0x69, 0x6d, 0x75, 0x6d, 0x12, 0x1d, 0x0a, 0x0a, 0x6d, 0x61, 0x78, 0x5f, 0x6c, 0x65,
+	0x6e, 0x67, 0x74, 0x68, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x03, 0x52, 0x09, 0x6d, 0x61, 0x78, 0x4c,
+	0x65, 0x6e, 0x67, 0x74, 0x68, 0x12, 0x1d, 0x0a, 0x0a, 0x6d, 0x69, 0x6e, 0x5f, 0x6c, 0x65, 0x6e,
+	0x67, 0x74, 0x68, 0x18, 0x10, 0x20, 0x01, 0x28, 0x03, 0x52, 0x09, 0x6d, 0x69, 0x6e, 0x4c, 0x65,
+	0x6e, 0x67, 0x74, 0x68, 0x12, 0x18, 0x0a, 0x07, 0x70, 0x61, 0x74, 0x74, 0x65, 0x72, 0x6e, 0x18,
+	0x11, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x70, 0x61, 0x74, 0x74, 0x65, 0x72, 0x6e, 0x12, 0x1b,
+	0x0a, 0x09, 0x6d, 0x61, 0x78, 0x5f, 0x69, 0x74, 0x65, 0x6d, 0x73, 0x18, 0x12, 0x20, 0x01, 0x28,
+	0x03, 0x52, 0x08, 0x6d, 0x61, 0x78, 0x49, 0x74, 0x65, 0x6d, 0x73, 0x12, 0x1b, 0x0a, 0x09, 0x6d,
+	0x69, 0x6e, 0x5f, 0x69, 0x74, 0x65, 0x6d, 0x73, 0x18, 0x13, 0x20, 0x01, 0x28, 0x03, 0x52, 0x08,
+	0x6d, 0x69, 0x6e, 0x49, 0x74, 0x65, 0x6d, 0x73, 0x12, 0x21, 0x0a, 0x0c, 0x75, 0x6e, 0x69, 0x71,
+	0x75, 0x65, 0x5f, 0x69, 0x74, 0x65, 0x6d, 0x73, 0x18, 0x14, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0b,
+	0x75, 0x6e, 0x69, 0x71, 0x75, 0x65, 0x49, 0x74, 0x65, 0x6d, 0x73, 0x12, 0x23, 0x0a, 0x04, 0x65,
+	0x6e, 0x75, 0x6d, 0x18, 0x15, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x0f, 0x2e, 0x6f, 0x70, 0x65, 0x6e,
+	0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x41, 0x6e, 0x79, 0x52, 0x04, 0x65, 0x6e, 0x75, 0x6d,
+	0x12, 0x1f, 0x0a, 0x0b, 0x6d, 0x75, 0x6c, 0x74, 0x69, 0x70, 0x6c, 0x65, 0x5f, 0x6f, 0x66, 0x18,
+	0x16, 0x20, 0x01, 0x28, 0x01, 0x52, 0x0a, 0x6d, 0x75, 0x6c, 0x74, 0x69, 0x70, 0x6c, 0x65, 0x4f,
+	0x66, 0x12, 0x3f, 0x0a, 0x10, 0x76, 0x65, 0x6e, 0x64, 0x6f, 0x72, 0x5f, 0x65, 0x78, 0x74, 0x65,
+	0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x17, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x6f, 0x70,
+	0x65, 0x6e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x4e, 0x61, 0x6d, 0x65, 0x64, 0x41, 0x6e,
+	0x79, 0x52, 0x0f, 0x76, 0x65, 0x6e, 0x64, 0x6f, 0x72, 0x45, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69,
+	0x6f, 0x6e, 0x22, 0xab, 0x05, 0x0a, 0x06, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x12, 0x12, 0x0a,
+	0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x74, 0x79, 0x70,
+	0x65, 0x12, 0x16, 0x0a, 0x06, 0x66, 0x6f, 0x72, 0x6d, 0x61, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28,
+	0x09, 0x52, 0x06, 0x66, 0x6f, 0x72, 0x6d, 0x61, 0x74, 0x12, 0x31, 0x0a, 0x05, 0x69, 0x74, 0x65,
+	0x6d, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x61,
+	0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x50, 0x72, 0x69, 0x6d, 0x69, 0x74, 0x69, 0x76, 0x65, 0x73,
+	0x49, 0x74, 0x65, 0x6d, 0x73, 0x52, 0x05, 0x69, 0x74, 0x65, 0x6d, 0x73, 0x12, 0x2b, 0x0a, 0x11,
+	0x63, 0x6f, 0x6c, 0x6c, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x66, 0x6f, 0x72, 0x6d, 0x61,
+	0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x10, 0x63, 0x6f, 0x6c, 0x6c, 0x65, 0x63, 0x74,
+	0x69, 0x6f, 0x6e, 0x46, 0x6f, 0x72, 0x6d, 0x61, 0x74, 0x12, 0x29, 0x0a, 0x07, 0x64, 0x65, 0x66,
+	0x61, 0x75, 0x6c, 0x74, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0f, 0x2e, 0x6f, 0x70, 0x65,
+	0x6e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x41, 0x6e, 0x79, 0x52, 0x07, 0x64, 0x65, 0x66,
+	0x61, 0x75, 0x6c, 0x74, 0x12, 0x18, 0x0a, 0x07, 0x6d, 0x61, 0x78, 0x69, 0x6d, 0x75, 0x6d, 0x18,
+	0x06, 0x20, 0x01, 0x28, 0x01, 0x52, 0x07, 0x6d, 0x61, 0x78, 0x69, 0x6d, 0x75, 0x6d, 0x12, 0x2b,
+	0x0a, 0x11, 0x65, 0x78, 0x63, 0x6c, 0x75, 0x73, 0x69, 0x76, 0x65, 0x5f, 0x6d, 0x61, 0x78, 0x69,
+	0x6d, 0x75, 0x6d, 0x18, 0x07, 0x20, 0x01, 0x28, 0x08, 0x52, 0x10, 0x65, 0x78, 0x63, 0x6c, 0x75,
+	0x73, 0x69, 0x76, 0x65, 0x4d, 0x61, 0x78, 0x69, 0x6d, 0x75, 0x6d, 0x12, 0x18, 0x0a, 0x07, 0x6d,
+	0x69, 0x6e, 0x69, 0x6d, 0x75, 0x6d, 0x18, 0x08, 0x20, 0x01, 0x28, 0x01, 0x52, 0x07, 0x6d, 0x69,
+	0x6e, 0x69, 0x6d, 0x75, 0x6d, 0x12, 0x2b, 0x0a, 0x11, 0x65, 0x78, 0x63, 0x6c, 0x75, 0x73, 0x69,
+	0x76, 0x65, 0x5f, 0x6d, 0x69, 0x6e, 0x69, 0x6d, 0x75, 0x6d, 0x18, 0x09, 0x20, 0x01, 0x28, 0x08,
+	0x52, 0x10, 0x65, 0x78, 0x63, 0x6c, 0x75, 0x73, 0x69, 0x76, 0x65, 0x4d, 0x69, 0x6e, 0x69, 0x6d,
+	0x75, 0x6d, 0x12, 0x1d, 0x0a, 0x0a, 0x6d, 0x61, 0x78, 0x5f, 0x6c, 0x65, 0x6e, 0x67, 0x74, 0x68,
+	0x18, 0x0a, 0x20, 0x01, 0x28, 0x03, 0x52, 0x09, 0x6d, 0x61, 0x78, 0x4c, 0x65, 0x6e, 0x67, 0x74,
+	0x68, 0x12, 0x1d, 0x0a, 0x0a, 0x6d, 0x69, 0x6e, 0x5f, 0x6c, 0x65, 0x6e, 0x67, 0x74, 0x68, 0x18,
+	0x0b, 0x20, 0x01, 0x28, 0x03, 0x52, 0x09, 0x6d, 0x69, 0x6e, 0x4c, 0x65, 0x6e, 0x67, 0x74, 0x68,
+	0x12, 0x18, 0x0a, 0x07, 0x70, 0x61, 0x74, 0x74, 0x65, 0x72, 0x6e, 0x18, 0x0c, 0x20, 0x01, 0x28,
+	0x09, 0x52, 0x07, 0x70, 0x61, 0x74, 0x74, 0x65, 0x72, 0x6e, 0x12, 0x1b, 0x0a, 0x09, 0x6d, 0x61,
+	0x78, 0x5f, 0x69, 0x74, 0x65, 0x6d, 0x73, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x03, 0x52, 0x08, 0x6d,
+	0x61, 0x78, 0x49, 0x74, 0x65, 0x6d, 0x73, 0x12, 0x1b, 0x0a, 0x09, 0x6d, 0x69, 0x6e, 0x5f, 0x69,
+	0x74, 0x65, 0x6d, 0x73, 0x18, 0x0e, 0x20, 0x01, 0x28, 0x03, 0x52, 0x08, 0x6d, 0x69, 0x6e, 0x49,
+	0x74, 0x65, 0x6d, 0x73, 0x12, 0x21, 0x0a, 0x0c, 0x75, 0x6e, 0x69, 0x71, 0x75, 0x65, 0x5f, 0x69,
+	0x74, 0x65, 0x6d, 0x73, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0b, 0x75, 0x6e, 0x69, 0x71,
+	0x75, 0x65, 0x49, 0x74, 0x65, 0x6d, 0x73, 0x12, 0x23, 0x0a, 0x04, 0x65, 0x6e, 0x75, 0x6d, 0x18,
+	0x10, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x0f, 0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x61, 0x70, 0x69, 0x2e,
+	0x76, 0x32, 0x2e, 0x41, 0x6e, 0x79, 0x52, 0x04, 0x65, 0x6e, 0x75, 0x6d, 0x12, 0x1f, 0x0a, 0x0b,
+	0x6d, 0x75, 0x6c, 0x74, 0x69, 0x70, 0x6c, 0x65, 0x5f, 0x6f, 0x66, 0x18, 0x11, 0x20, 0x01, 0x28,
+	0x01, 0x52, 0x0a, 0x6d, 0x75, 0x6c, 0x74, 0x69, 0x70, 0x6c, 0x65, 0x4f, 0x66, 0x12, 0x20, 0x0a,
+	0x0b, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x12, 0x20, 0x01,
+	0x28, 0x09, 0x52, 0x0b, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x12,
+	0x3f, 0x0a, 0x10, 0x76, 0x65, 0x6e, 0x64, 0x6f, 0x72, 0x5f, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x73,
+	0x69, 0x6f, 0x6e, 0x18, 0x13, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x6f, 0x70, 0x65, 0x6e,
+	0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x4e, 0x61, 0x6d, 0x65, 0x64, 0x41, 0x6e, 0x79, 0x52,
+	0x0f, 0x76, 0x65, 0x6e, 0x64, 0x6f, 0x72, 0x45, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e,
+	0x22, 0xfd, 0x05, 0x0a, 0x18, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x50, 0x61, 0x72, 0x61, 0x6d,
+	0x65, 0x74, 0x65, 0x72, 0x53, 0x75, 0x62, 0x53, 0x63, 0x68, 0x65, 0x6d, 0x61, 0x12, 0x1a, 0x0a,
+	0x08, 0x72, 0x65, 0x71, 0x75, 0x69, 0x72, 0x65, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52,
+	0x08, 0x72, 0x65, 0x71, 0x75, 0x69, 0x72, 0x65, 0x64, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x6e, 0x18,
+	0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x69, 0x6e, 0x12, 0x20, 0x0a, 0x0b, 0x64, 0x65, 0x73,
+	0x63, 0x72, 0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b,
+	0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x12, 0x0a, 0x04, 0x6e,
+	0x61, 0x6d, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12,
+	0x12, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x74,
+	0x79, 0x70, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x66, 0x6f, 0x72, 0x6d, 0x61, 0x74, 0x18, 0x06, 0x20,
+	0x01, 0x28, 0x09, 0x52, 0x06, 0x66, 0x6f, 0x72, 0x6d, 0x61, 0x74, 0x12, 0x31, 0x0a, 0x05, 0x69,
+	0x74, 0x65, 0x6d, 0x73, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x6f, 0x70, 0x65,
+	0x6e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x50, 0x72, 0x69, 0x6d, 0x69, 0x74, 0x69, 0x76,
+	0x65, 0x73, 0x49, 0x74, 0x65, 0x6d, 0x73, 0x52, 0x05, 0x69, 0x74, 0x65, 0x6d, 0x73, 0x12, 0x2b,
+	0x0a, 0x11, 0x63, 0x6f, 0x6c, 0x6c, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x66, 0x6f, 0x72,
+	0x6d, 0x61, 0x74, 0x18, 0x08, 0x20, 0x01, 0x28, 0x09, 0x52, 0x10, 0x63, 0x6f, 0x6c, 0x6c, 0x65,
+	0x63, 0x74, 0x69, 0x6f, 0x6e, 0x46, 0x6f, 0x72, 0x6d, 0x61, 0x74, 0x12, 0x29, 0x0a, 0x07, 0x64,
+	0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0f, 0x2e, 0x6f,
+	0x70, 0x65, 0x6e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x41, 0x6e, 0x79, 0x52, 0x07, 0x64,
+	0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x12, 0x18, 0x0a, 0x07, 0x6d, 0x61, 0x78, 0x69, 0x6d, 0x75,
+	0x6d, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x01, 0x52, 0x07, 0x6d, 0x61, 0x78, 0x69, 0x6d, 0x75, 0x6d,
+	0x12, 0x2b, 0x0a, 0x11, 0x65, 0x78, 0x63, 0x6c, 0x75, 0x73, 0x69, 0x76, 0x65, 0x5f, 0x6d, 0x61,
+	0x78, 0x69, 0x6d, 0x75, 0x6d, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x08, 0x52, 0x10, 0x65, 0x78, 0x63,
+	0x6c, 0x75, 0x73, 0x69, 0x76, 0x65, 0x4d, 0x61, 0x78, 0x69, 0x6d, 0x75, 0x6d, 0x12, 0x18, 0x0a,
+	0x07, 0x6d, 0x69, 0x6e, 0x69, 0x6d, 0x75, 0x6d, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x01, 0x52, 0x07,
+	0x6d, 0x69, 0x6e, 0x69, 0x6d, 0x75, 0x6d, 0x12, 0x2b, 0x0a, 0x11, 0x65, 0x78, 0x63, 0x6c, 0x75,
+	0x73, 0x69, 0x76, 0x65, 0x5f, 0x6d, 0x69, 0x6e, 0x69, 0x6d, 0x75, 0x6d, 0x18, 0x0d, 0x20, 0x01,
+	0x28, 0x08, 0x52, 0x10, 0x65, 0x78, 0x63, 0x6c, 0x75, 0x73, 0x69, 0x76, 0x65, 0x4d, 0x69, 0x6e,
+	0x69, 0x6d, 0x75, 0x6d, 0x12, 0x1d, 0x0a, 0x0a, 0x6d, 0x61, 0x78, 0x5f, 0x6c, 0x65, 0x6e, 0x67,
+	0x74, 0x68, 0x18, 0x0e, 0x20, 0x01, 0x28, 0x03, 0x52, 0x09, 0x6d, 0x61, 0x78, 0x4c, 0x65, 0x6e,
+	0x67, 0x74, 0x68, 0x12, 0x1d, 0x0a, 0x0a, 0x6d, 0x69, 0x6e, 0x5f, 0x6c, 0x65, 0x6e, 0x67, 0x74,
+	0x68, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x03, 0x52, 0x09, 0x6d, 0x69, 0x6e, 0x4c, 0x65, 0x6e, 0x67,
+	0x74, 0x68, 0x12, 0x18, 0x0a, 0x07, 0x70, 0x61, 0x74, 0x74, 0x65, 0x72, 0x6e, 0x18, 0x10, 0x20,
+	0x01, 0x28, 0x09, 0x52, 0x07, 0x70, 0x61, 0x74, 0x74, 0x65, 0x72, 0x6e, 0x12, 0x1b, 0x0a, 0x09,
+	0x6d, 0x61, 0x78, 0x5f, 0x69, 0x74, 0x65, 0x6d, 0x73, 0x18, 0x11, 0x20, 0x01, 0x28, 0x03, 0x52,
+	0x08, 0x6d, 0x61, 0x78, 0x49, 0x74, 0x65, 0x6d, 0x73, 0x12, 0x1b, 0x0a, 0x09, 0x6d, 0x69, 0x6e,
+	0x5f, 0x69, 0x74, 0x65, 0x6d, 0x73, 0x18, 0x12, 0x20, 0x01, 0x28, 0x03, 0x52, 0x08, 0x6d, 0x69,
+	0x6e, 0x49, 0x74, 0x65, 0x6d, 0x73, 0x12, 0x21, 0x0a, 0x0c, 0x75, 0x6e, 0x69, 0x71, 0x75, 0x65,
+	0x5f, 0x69, 0x74, 0x65, 0x6d, 0x73, 0x18, 0x13, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0b, 0x75, 0x6e,
+	0x69, 0x71, 0x75, 0x65, 0x49, 0x74, 0x65, 0x6d, 0x73, 0x12, 0x23, 0x0a, 0x04, 0x65, 0x6e, 0x75,
+	0x6d, 0x18, 0x14, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x0f, 0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x61, 0x70,
+	0x69, 0x2e, 0x76, 0x32, 0x2e, 0x41, 0x6e, 0x79, 0x52, 0x04, 0x65, 0x6e, 0x75, 0x6d, 0x12, 0x1f,
+	0x0a, 0x0b, 0x6d, 0x75, 0x6c, 0x74, 0x69, 0x70, 0x6c, 0x65, 0x5f, 0x6f, 0x66, 0x18, 0x15, 0x20,
+	0x01, 0x28, 0x01, 0x52, 0x0a, 0x6d, 0x75, 0x6c, 0x74, 0x69, 0x70, 0x6c, 0x65, 0x4f, 0x66, 0x12,
+	0x3f, 0x0a, 0x10, 0x76, 0x65, 0x6e, 0x64, 0x6f, 0x72, 0x5f, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x73,
+	0x69, 0x6f, 0x6e, 0x18, 0x16, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x6f, 0x70, 0x65, 0x6e,
+	0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x4e, 0x61, 0x6d, 0x65, 0x64, 0x41, 0x6e, 0x79, 0x52,
+	0x0f, 0x76, 0x65, 0x6e, 0x64, 0x6f, 0x72, 0x45, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e,
+	0x22, 0x57, 0x0a, 0x07, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x12, 0x4c, 0x0a, 0x15, 0x61,
+	0x64, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x5f, 0x70, 0x72, 0x6f, 0x70, 0x65, 0x72,
+	0x74, 0x69, 0x65, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x6f, 0x70, 0x65,
+	0x6e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x4e, 0x61, 0x6d, 0x65, 0x64, 0x48, 0x65, 0x61,
+	0x64, 0x65, 0x72, 0x52, 0x14, 0x61, 0x64, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x50,
+	0x72, 0x6f, 0x70, 0x65, 0x72, 0x74, 0x69, 0x65, 0x73, 0x22, 0xa1, 0x02, 0x0a, 0x04, 0x49, 0x6e,
+	0x66, 0x6f, 0x12, 0x14, 0x0a, 0x05, 0x74, 0x69, 0x74, 0x6c, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28,
+	0x09, 0x52, 0x05, 0x74, 0x69, 0x74, 0x6c, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x76, 0x65, 0x72, 0x73,
+	0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x76, 0x65, 0x72, 0x73, 0x69,
+	0x6f, 0x6e, 0x12, 0x20, 0x0a, 0x0b, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x69, 0x6f,
+	0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70,
+	0x74, 0x69, 0x6f, 0x6e, 0x12, 0x28, 0x0a, 0x10, 0x74, 0x65, 0x72, 0x6d, 0x73, 0x5f, 0x6f, 0x66,
+	0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e,
+	0x74, 0x65, 0x72, 0x6d, 0x73, 0x4f, 0x66, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x2d,
+	0x0a, 0x07, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x63, 0x74, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32,
+	0x13, 0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x43, 0x6f, 0x6e,
+	0x74, 0x61, 0x63, 0x74, 0x52, 0x07, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x63, 0x74, 0x12, 0x2d, 0x0a,
+	0x07, 0x6c, 0x69, 0x63, 0x65, 0x6e, 0x73, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x13,
+	0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x4c, 0x69, 0x63, 0x65,
+	0x6e, 0x73, 0x65, 0x52, 0x07, 0x6c, 0x69, 0x63, 0x65, 0x6e, 0x73, 0x65, 0x12, 0x3f, 0x0a, 0x10,
+	0x76, 0x65, 0x6e, 0x64, 0x6f, 0x72, 0x5f, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e,
+	0x18, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x61, 0x70, 0x69,
+	0x2e, 0x76, 0x32, 0x2e, 0x4e, 0x61, 0x6d, 0x65, 0x64, 0x41, 0x6e, 0x79, 0x52, 0x0f, 0x76, 0x65,
+	0x6e, 0x64, 0x6f, 0x72, 0x45, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x22, 0x37, 0x0a,
+	0x09, 0x49, 0x74, 0x65, 0x6d, 0x73, 0x49, 0x74, 0x65, 0x6d, 0x12, 0x2a, 0x0a, 0x06, 0x73, 0x63,
+	0x68, 0x65, 0x6d, 0x61, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x12, 0x2e, 0x6f, 0x70, 0x65,
+	0x6e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x53, 0x63, 0x68, 0x65, 0x6d, 0x61, 0x52, 0x06,
+	0x73, 0x63, 0x68, 0x65, 0x6d, 0x61, 0x22, 0x44, 0x0a, 0x0d, 0x4a, 0x73, 0x6f, 0x6e, 0x52, 0x65,
+	0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x12, 0x11, 0x0a, 0x04, 0x5f, 0x72, 0x65, 0x66, 0x18,
+	0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x52, 0x65, 0x66, 0x12, 0x20, 0x0a, 0x0b, 0x64, 0x65,
+	0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52,
+	0x0b, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x70, 0x0a, 0x07,
+	0x4c, 0x69, 0x63, 0x65, 0x6e, 0x73, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18,
+	0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x75,
+	0x72, 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x75, 0x72, 0x6c, 0x12, 0x3f, 0x0a,
+	0x10, 0x76, 0x65, 0x6e, 0x64, 0x6f, 0x72, 0x5f, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f,
+	0x6e, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x61, 0x70,
+	0x69, 0x2e, 0x76, 0x32, 0x2e, 0x4e, 0x61, 0x6d, 0x65, 0x64, 0x41, 0x6e, 0x79, 0x52, 0x0f, 0x76,
+	0x65, 0x6e, 0x64, 0x6f, 0x72, 0x45, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x22, 0x45,
+	0x0a, 0x08, 0x4e, 0x61, 0x6d, 0x65, 0x64, 0x41, 0x6e, 0x79, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61,
+	0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x25,
+	0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0f, 0x2e,
+	0x6f, 0x70, 0x65, 0x6e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x41, 0x6e, 0x79, 0x52, 0x05,
+	0x76, 0x61, 0x6c, 0x75, 0x65, 0x22, 0x4b, 0x0a, 0x0b, 0x4e, 0x61, 0x6d, 0x65, 0x64, 0x48, 0x65,
+	0x61, 0x64, 0x65, 0x72, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01,
+	0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x28, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75,
+	0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x12, 0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x61, 0x70,
+	0x69, 0x2e, 0x76, 0x32, 0x2e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x52, 0x05, 0x76, 0x61, 0x6c,
+	0x75, 0x65, 0x22, 0x51, 0x0a, 0x0e, 0x4e, 0x61, 0x6d, 0x65, 0x64, 0x50, 0x61, 0x72, 0x61, 0x6d,
+	0x65, 0x74, 0x65, 0x72, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01,
+	0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x2b, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75,
+	0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x15, 0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x61, 0x70,
+	0x69, 0x2e, 0x76, 0x32, 0x2e, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x52, 0x05,
+	0x76, 0x61, 0x6c, 0x75, 0x65, 0x22, 0x4f, 0x0a, 0x0d, 0x4e, 0x61, 0x6d, 0x65, 0x64, 0x50, 0x61,
+	0x74, 0x68, 0x49, 0x74, 0x65, 0x6d, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01,
+	0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x2a, 0x0a, 0x05, 0x76, 0x61,
+	0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x6f, 0x70, 0x65, 0x6e,
+	0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x50, 0x61, 0x74, 0x68, 0x49, 0x74, 0x65, 0x6d, 0x52,
+	0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x22, 0x4f, 0x0a, 0x0d, 0x4e, 0x61, 0x6d, 0x65, 0x64, 0x52,
+	0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18,
+	0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x2a, 0x0a, 0x05, 0x76,
+	0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x6f, 0x70, 0x65,
+	0x6e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65,
+	0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x22, 0x59, 0x0a, 0x12, 0x4e, 0x61, 0x6d, 0x65, 0x64,
+	0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x12, 0x0a,
+	0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d,
+	0x65, 0x12, 0x2f, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b,
+	0x32, 0x19, 0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x52, 0x65,
+	0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x05, 0x76, 0x61, 0x6c,
+	0x75, 0x65, 0x22, 0x4b, 0x0a, 0x0b, 0x4e, 0x61, 0x6d, 0x65, 0x64, 0x53, 0x63, 0x68, 0x65, 0x6d,
+	0x61, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52,
+	0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x28, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02,
+	0x20, 0x01, 0x28, 0x0b, 0x32, 0x12, 0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x61, 0x70, 0x69, 0x2e, 0x76,
+	0x32, 0x2e, 0x53, 0x63, 0x68, 0x65, 0x6d, 0x61, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x22,
+	0x6d, 0x0a, 0x1c, 0x4e, 0x61, 0x6d, 0x65, 0x64, 0x53, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79,
+	0x44, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x49, 0x74, 0x65, 0x6d, 0x12,
+	0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e,
+	0x61, 0x6d, 0x65, 0x12, 0x39, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01,
+	0x28, 0x0b, 0x32, 0x23, 0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e,
+	0x53, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x44, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69,
+	0x6f, 0x6e, 0x73, 0x49, 0x74, 0x65, 0x6d, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x22, 0x37,
+	0x0a, 0x0b, 0x4e, 0x61, 0x6d, 0x65, 0x64, 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x12, 0x12, 0x0a,
+	0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d,
+	0x65, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09,
+	0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x22, 0x55, 0x0a, 0x10, 0x4e, 0x61, 0x6d, 0x65, 0x64,
+	0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x41, 0x72, 0x72, 0x61, 0x79, 0x12, 0x12, 0x0a, 0x04, 0x6e,
+	0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12,
+	0x2d, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17,
+	0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x53, 0x74, 0x72, 0x69,
+	0x6e, 0x67, 0x41, 0x72, 0x72, 0x61, 0x79, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x22, 0xb5,
+	0x03, 0x0a, 0x10, 0x4e, 0x6f, 0x6e, 0x42, 0x6f, 0x64, 0x79, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65,
+	0x74, 0x65, 0x72, 0x12, 0x65, 0x0a, 0x1b, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x5f, 0x70, 0x61,
+	0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x5f, 0x73, 0x75, 0x62, 0x5f, 0x73, 0x63, 0x68, 0x65,
+	0x6d, 0x61, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x61,
+	0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x50, 0x61, 0x72, 0x61,
+	0x6d, 0x65, 0x74, 0x65, 0x72, 0x53, 0x75, 0x62, 0x53, 0x63, 0x68, 0x65, 0x6d, 0x61, 0x48, 0x00,
+	0x52, 0x18, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65,
+	0x72, 0x53, 0x75, 0x62, 0x53, 0x63, 0x68, 0x65, 0x6d, 0x61, 0x12, 0x6c, 0x0a, 0x1e, 0x66, 0x6f,
+	0x72, 0x6d, 0x5f, 0x64, 0x61, 0x74, 0x61, 0x5f, 0x70, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65,
+	0x72, 0x5f, 0x73, 0x75, 0x62, 0x5f, 0x73, 0x63, 0x68, 0x65, 0x6d, 0x61, 0x18, 0x02, 0x20, 0x01,
+	0x28, 0x0b, 0x32, 0x26, 0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e,
+	0x46, 0x6f, 0x72, 0x6d, 0x44, 0x61, 0x74, 0x61, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65,
+	0x72, 0x53, 0x75, 0x62, 0x53, 0x63, 0x68, 0x65, 0x6d, 0x61, 0x48, 0x00, 0x52, 0x1a, 0x66, 0x6f,
+	0x72, 0x6d, 0x44, 0x61, 0x74, 0x61, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x53,
+	0x75, 0x62, 0x53, 0x63, 0x68, 0x65, 0x6d, 0x61, 0x12, 0x62, 0x0a, 0x1a, 0x71, 0x75, 0x65, 0x72,
+	0x79, 0x5f, 0x70, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x5f, 0x73, 0x75, 0x62, 0x5f,
+	0x73, 0x63, 0x68, 0x65, 0x6d, 0x61, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x23, 0x2e, 0x6f,
+	0x70, 0x65, 0x6e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x51, 0x75, 0x65, 0x72, 0x79, 0x50,
+	0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x53, 0x75, 0x62, 0x53, 0x63, 0x68, 0x65, 0x6d,
+	0x61, 0x48, 0x00, 0x52, 0x17, 0x71, 0x75, 0x65, 0x72, 0x79, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65,
+	0x74, 0x65, 0x72, 0x53, 0x75, 0x62, 0x53, 0x63, 0x68, 0x65, 0x6d, 0x61, 0x12, 0x5f, 0x0a, 0x19,
+	0x70, 0x61, 0x74, 0x68, 0x5f, 0x70, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x5f, 0x73,
+	0x75, 0x62, 0x5f, 0x73, 0x63, 0x68, 0x65, 0x6d, 0x61, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32,
+	0x22, 0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x50, 0x61, 0x74,
+	0x68, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x53, 0x75, 0x62, 0x53, 0x63, 0x68,
+	0x65, 0x6d, 0x61, 0x48, 0x00, 0x52, 0x16, 0x70, 0x61, 0x74, 0x68, 0x50, 0x61, 0x72, 0x61, 0x6d,
+	0x65, 0x74, 0x65, 0x72, 0x53, 0x75, 0x62, 0x53, 0x63, 0x68, 0x65, 0x6d, 0x61, 0x42, 0x07, 0x0a,
+	0x05, 0x6f, 0x6e, 0x65, 0x6f, 0x66, 0x22, 0xa1, 0x02, 0x0a, 0x18, 0x4f, 0x61, 0x75, 0x74, 0x68,
+	0x32, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x43, 0x6f, 0x64, 0x65, 0x53, 0x65, 0x63, 0x75, 0x72,
+	0x69, 0x74, 0x79, 0x12, 0x12, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28,
+	0x09, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x66, 0x6c, 0x6f, 0x77, 0x18,
+	0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x66, 0x6c, 0x6f, 0x77, 0x12, 0x30, 0x0a, 0x06, 0x73,
+	0x63, 0x6f, 0x70, 0x65, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x18, 0x2e, 0x6f, 0x70,
+	0x65, 0x6e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x4f, 0x61, 0x75, 0x74, 0x68, 0x32, 0x53,
+	0x63, 0x6f, 0x70, 0x65, 0x73, 0x52, 0x06, 0x73, 0x63, 0x6f, 0x70, 0x65, 0x73, 0x12, 0x2b, 0x0a,
+	0x11, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x75,
+	0x72, 0x6c, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x10, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72,
+	0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x55, 0x72, 0x6c, 0x12, 0x1b, 0x0a, 0x09, 0x74, 0x6f,
+	0x6b, 0x65, 0x6e, 0x5f, 0x75, 0x72, 0x6c, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x74,
+	0x6f, 0x6b, 0x65, 0x6e, 0x55, 0x72, 0x6c, 0x12, 0x20, 0x0a, 0x0b, 0x64, 0x65, 0x73, 0x63, 0x72,
+	0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x64, 0x65,
+	0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x3f, 0x0a, 0x10, 0x76, 0x65, 0x6e,
+	0x64, 0x6f, 0x72, 0x5f, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x07, 0x20,
+	0x03, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x32,
+	0x2e, 0x4e, 0x61, 0x6d, 0x65, 0x64, 0x41, 0x6e, 0x79, 0x52, 0x0f, 0x76, 0x65, 0x6e, 0x64, 0x6f,
+	0x72, 0x45, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x22, 0xf5, 0x01, 0x0a, 0x19, 0x4f,
+	0x61, 0x75, 0x74, 0x68, 0x32, 0x41, 0x70, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e,
+	0x53, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x12, 0x12, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65,
+	0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x12, 0x0a, 0x04,
+	0x66, 0x6c, 0x6f, 0x77, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x66, 0x6c, 0x6f, 0x77,
+	0x12, 0x30, 0x0a, 0x06, 0x73, 0x63, 0x6f, 0x70, 0x65, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b,
+	0x32, 0x18, 0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x4f, 0x61,
+	0x75, 0x74, 0x68, 0x32, 0x53, 0x63, 0x6f, 0x70, 0x65, 0x73, 0x52, 0x06, 0x73, 0x63, 0x6f, 0x70,
+	0x65, 0x73, 0x12, 0x1b, 0x0a, 0x09, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x5f, 0x75, 0x72, 0x6c, 0x18,
+	0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x55, 0x72, 0x6c, 0x12,
+	0x20, 0x0a, 0x0b, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x05,
+	0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x69, 0x6f,
+	0x6e, 0x12, 0x3f, 0x0a, 0x10, 0x76, 0x65, 0x6e, 0x64, 0x6f, 0x72, 0x5f, 0x65, 0x78, 0x74, 0x65,
+	0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x06, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x6f, 0x70,
+	0x65, 0x6e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x4e, 0x61, 0x6d, 0x65, 0x64, 0x41, 0x6e,
+	0x79, 0x52, 0x0f, 0x76, 0x65, 0x6e, 0x64, 0x6f, 0x72, 0x45, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69,
+	0x6f, 0x6e, 0x22, 0x82, 0x02, 0x0a, 0x16, 0x4f, 0x61, 0x75, 0x74, 0x68, 0x32, 0x49, 0x6d, 0x70,
+	0x6c, 0x69, 0x63, 0x69, 0x74, 0x53, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x12, 0x12, 0x0a,
+	0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x74, 0x79, 0x70,
+	0x65, 0x12, 0x12, 0x0a, 0x04, 0x66, 0x6c, 0x6f, 0x77, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52,
+	0x04, 0x66, 0x6c, 0x6f, 0x77, 0x12, 0x30, 0x0a, 0x06, 0x73, 0x63, 0x6f, 0x70, 0x65, 0x73, 0x18,
+	0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x18, 0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x61, 0x70, 0x69, 0x2e,
+	0x76, 0x32, 0x2e, 0x4f, 0x61, 0x75, 0x74, 0x68, 0x32, 0x53, 0x63, 0x6f, 0x70, 0x65, 0x73, 0x52,
+	0x06, 0x73, 0x63, 0x6f, 0x70, 0x65, 0x73, 0x12, 0x2b, 0x0a, 0x11, 0x61, 0x75, 0x74, 0x68, 0x6f,
+	0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x75, 0x72, 0x6c, 0x18, 0x04, 0x20, 0x01,
+	0x28, 0x09, 0x52, 0x10, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f,
+	0x6e, 0x55, 0x72, 0x6c, 0x12, 0x20, 0x0a, 0x0b, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74,
+	0x69, 0x6f, 0x6e, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x64, 0x65, 0x73, 0x63, 0x72,
+	0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x3f, 0x0a, 0x10, 0x76, 0x65, 0x6e, 0x64, 0x6f, 0x72,
+	0x5f, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x06, 0x20, 0x03, 0x28, 0x0b,
+	0x32, 0x14, 0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x4e, 0x61,
+	0x6d, 0x65, 0x64, 0x41, 0x6e, 0x79, 0x52, 0x0f, 0x76, 0x65, 0x6e, 0x64, 0x6f, 0x72, 0x45, 0x78,
+	0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x22, 0xf2, 0x01, 0x0a, 0x16, 0x4f, 0x61, 0x75, 0x74,
+	0x68, 0x32, 0x50, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x53, 0x65, 0x63, 0x75, 0x72, 0x69,
+	0x74, 0x79, 0x12, 0x12, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09,
+	0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x66, 0x6c, 0x6f, 0x77, 0x18, 0x02,
+	0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x66, 0x6c, 0x6f, 0x77, 0x12, 0x30, 0x0a, 0x06, 0x73, 0x63,
+	0x6f, 0x70, 0x65, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x18, 0x2e, 0x6f, 0x70, 0x65,
+	0x6e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x4f, 0x61, 0x75, 0x74, 0x68, 0x32, 0x53, 0x63,
+	0x6f, 0x70, 0x65, 0x73, 0x52, 0x06, 0x73, 0x63, 0x6f, 0x70, 0x65, 0x73, 0x12, 0x1b, 0x0a, 0x09,
+	0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x5f, 0x75, 0x72, 0x6c, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52,
+	0x08, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x55, 0x72, 0x6c, 0x12, 0x20, 0x0a, 0x0b, 0x64, 0x65, 0x73,
+	0x63, 0x72, 0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b,
+	0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x3f, 0x0a, 0x10, 0x76,
+	0x65, 0x6e, 0x64, 0x6f, 0x72, 0x5f, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x18,
+	0x06, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x61, 0x70, 0x69, 0x2e,
+	0x76, 0x32, 0x2e, 0x4e, 0x61, 0x6d, 0x65, 0x64, 0x41, 0x6e, 0x79, 0x52, 0x0f, 0x76, 0x65, 0x6e,
+	0x64, 0x6f, 0x72, 0x45, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x22, 0x5c, 0x0a, 0x0c,
+	0x4f, 0x61, 0x75, 0x74, 0x68, 0x32, 0x53, 0x63, 0x6f, 0x70, 0x65, 0x73, 0x12, 0x4c, 0x0a, 0x15,
+	0x61, 0x64, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x5f, 0x70, 0x72, 0x6f, 0x70, 0x65,
+	0x72, 0x74, 0x69, 0x65, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x6f, 0x70,
+	0x65, 0x6e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x4e, 0x61, 0x6d, 0x65, 0x64, 0x53, 0x74,
+	0x72, 0x69, 0x6e, 0x67, 0x52, 0x14, 0x61, 0x64, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c,
+	0x50, 0x72, 0x6f, 0x70, 0x65, 0x72, 0x74, 0x69, 0x65, 0x73, 0x22, 0x9e, 0x04, 0x0a, 0x09, 0x4f,
+	0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x12, 0x0a, 0x04, 0x74, 0x61, 0x67, 0x73,
+	0x18, 0x01, 0x20, 0x03, 0x28, 0x09, 0x52, 0x04, 0x74, 0x61, 0x67, 0x73, 0x12, 0x18, 0x0a, 0x07,
+	0x73, 0x75, 0x6d, 0x6d, 0x61, 0x72, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x73,
+	0x75, 0x6d, 0x6d, 0x61, 0x72, 0x79, 0x12, 0x20, 0x0a, 0x0b, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69,
+	0x70, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x64, 0x65, 0x73,
+	0x63, 0x72, 0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x3d, 0x0a, 0x0d, 0x65, 0x78, 0x74, 0x65,
+	0x72, 0x6e, 0x61, 0x6c, 0x5f, 0x64, 0x6f, 0x63, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32,
+	0x18, 0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x45, 0x78, 0x74,
+	0x65, 0x72, 0x6e, 0x61, 0x6c, 0x44, 0x6f, 0x63, 0x73, 0x52, 0x0c, 0x65, 0x78, 0x74, 0x65, 0x72,
+	0x6e, 0x61, 0x6c, 0x44, 0x6f, 0x63, 0x73, 0x12, 0x21, 0x0a, 0x0c, 0x6f, 0x70, 0x65, 0x72, 0x61,
+	0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x69, 0x64, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x6f,
+	0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x64, 0x12, 0x1a, 0x0a, 0x08, 0x70, 0x72,
+	0x6f, 0x64, 0x75, 0x63, 0x65, 0x73, 0x18, 0x06, 0x20, 0x03, 0x28, 0x09, 0x52, 0x08, 0x70, 0x72,
+	0x6f, 0x64, 0x75, 0x63, 0x65, 0x73, 0x12, 0x1a, 0x0a, 0x08, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6d,
+	0x65, 0x73, 0x18, 0x07, 0x20, 0x03, 0x28, 0x09, 0x52, 0x08, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6d,
+	0x65, 0x73, 0x12, 0x3a, 0x0a, 0x0a, 0x70, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x73,
+	0x18, 0x08, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x61, 0x70, 0x69,
+	0x2e, 0x76, 0x32, 0x2e, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x73, 0x49, 0x74,
+	0x65, 0x6d, 0x52, 0x0a, 0x70, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x73, 0x12, 0x33,
+	0x0a, 0x09, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x73, 0x18, 0x09, 0x20, 0x01, 0x28,
+	0x0b, 0x32, 0x15, 0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x52,
+	0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x73, 0x52, 0x09, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e,
+	0x73, 0x65, 0x73, 0x12, 0x18, 0x0a, 0x07, 0x73, 0x63, 0x68, 0x65, 0x6d, 0x65, 0x73, 0x18, 0x0a,
+	0x20, 0x03, 0x28, 0x09, 0x52, 0x07, 0x73, 0x63, 0x68, 0x65, 0x6d, 0x65, 0x73, 0x12, 0x1e, 0x0a,
+	0x0a, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x18, 0x0b, 0x20, 0x01, 0x28,
+	0x08, 0x52, 0x0a, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x12, 0x3b, 0x0a,
+	0x08, 0x73, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x18, 0x0c, 0x20, 0x03, 0x28, 0x0b, 0x32,
+	0x1f, 0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x53, 0x65, 0x63,
+	0x75, 0x72, 0x69, 0x74, 0x79, 0x52, 0x65, 0x71, 0x75, 0x69, 0x72, 0x65, 0x6d, 0x65, 0x6e, 0x74,
+	0x52, 0x08, 0x73, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x12, 0x3f, 0x0a, 0x10, 0x76, 0x65,
+	0x6e, 0x64, 0x6f, 0x72, 0x5f, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x0d,
+	0x20, 0x03, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x61, 0x70, 0x69, 0x2e, 0x76,
+	0x32, 0x2e, 0x4e, 0x61, 0x6d, 0x65, 0x64, 0x41, 0x6e, 0x79, 0x52, 0x0f, 0x76, 0x65, 0x6e, 0x64,
+	0x6f, 0x72, 0x45, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x22, 0xa6, 0x01, 0x0a, 0x09,
+	0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x12, 0x42, 0x0a, 0x0e, 0x62, 0x6f, 0x64,
+	0x79, 0x5f, 0x70, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28,
+	0x0b, 0x32, 0x19, 0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x42,
+	0x6f, 0x64, 0x79, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x48, 0x00, 0x52, 0x0d,
+	0x62, 0x6f, 0x64, 0x79, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x12, 0x4c, 0x0a,
+	0x12, 0x6e, 0x6f, 0x6e, 0x5f, 0x62, 0x6f, 0x64, 0x79, 0x5f, 0x70, 0x61, 0x72, 0x61, 0x6d, 0x65,
+	0x74, 0x65, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x6f, 0x70, 0x65, 0x6e,
+	0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x4e, 0x6f, 0x6e, 0x42, 0x6f, 0x64, 0x79, 0x50, 0x61,
+	0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x48, 0x00, 0x52, 0x10, 0x6e, 0x6f, 0x6e, 0x42, 0x6f,
+	0x64, 0x79, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x42, 0x07, 0x0a, 0x05, 0x6f,
+	0x6e, 0x65, 0x6f, 0x66, 0x22, 0x67, 0x0a, 0x14, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65,
+	0x72, 0x44, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x4f, 0x0a, 0x15,
+	0x61, 0x64, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x5f, 0x70, 0x72, 0x6f, 0x70, 0x65,
+	0x72, 0x74, 0x69, 0x65, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x6f, 0x70,
+	0x65, 0x6e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x4e, 0x61, 0x6d, 0x65, 0x64, 0x50, 0x61,
+	0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x52, 0x14, 0x61, 0x64, 0x64, 0x69, 0x74, 0x69, 0x6f,
+	0x6e, 0x61, 0x6c, 0x50, 0x72, 0x6f, 0x70, 0x65, 0x72, 0x74, 0x69, 0x65, 0x73, 0x22, 0x94, 0x01,
+	0x0a, 0x0e, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x73, 0x49, 0x74, 0x65, 0x6d,
+	0x12, 0x35, 0x0a, 0x09, 0x70, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x18, 0x01, 0x20,
+	0x01, 0x28, 0x0b, 0x32, 0x15, 0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x32,
+	0x2e, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x48, 0x00, 0x52, 0x09, 0x70, 0x61,
+	0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x12, 0x42, 0x0a, 0x0e, 0x6a, 0x73, 0x6f, 0x6e, 0x5f,
+	0x72, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32,
+	0x19, 0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x4a, 0x73, 0x6f,
+	0x6e, 0x52, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x48, 0x00, 0x52, 0x0d, 0x6a, 0x73,
+	0x6f, 0x6e, 0x52, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x42, 0x07, 0x0a, 0x05, 0x6f,
+	0x6e, 0x65, 0x6f, 0x66, 0x22, 0xcf, 0x03, 0x0a, 0x08, 0x50, 0x61, 0x74, 0x68, 0x49, 0x74, 0x65,
+	0x6d, 0x12, 0x11, 0x0a, 0x04, 0x5f, 0x72, 0x65, 0x66, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52,
+	0x03, 0x52, 0x65, 0x66, 0x12, 0x27, 0x0a, 0x03, 0x67, 0x65, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28,
+	0x0b, 0x32, 0x15, 0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x4f,
+	0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x03, 0x67, 0x65, 0x74, 0x12, 0x27, 0x0a,
+	0x03, 0x70, 0x75, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x15, 0x2e, 0x6f, 0x70, 0x65,
+	0x6e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f,
+	0x6e, 0x52, 0x03, 0x70, 0x75, 0x74, 0x12, 0x29, 0x0a, 0x04, 0x70, 0x6f, 0x73, 0x74, 0x18, 0x04,
+	0x20, 0x01, 0x28, 0x0b, 0x32, 0x15, 0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x61, 0x70, 0x69, 0x2e, 0x76,
+	0x32, 0x2e, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x04, 0x70, 0x6f, 0x73,
+	0x74, 0x12, 0x2d, 0x0a, 0x06, 0x64, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28,
+	0x0b, 0x32, 0x15, 0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x4f,
+	0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x06, 0x64, 0x65, 0x6c, 0x65, 0x74, 0x65,
+	0x12, 0x2f, 0x0a, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x06, 0x20, 0x01, 0x28,
+	0x0b, 0x32, 0x15, 0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x4f,
+	0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e,
+	0x73, 0x12, 0x29, 0x0a, 0x04, 0x68, 0x65, 0x61, 0x64, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32,
+	0x15, 0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x4f, 0x70, 0x65,
+	0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x04, 0x68, 0x65, 0x61, 0x64, 0x12, 0x2b, 0x0a, 0x05,
+	0x70, 0x61, 0x74, 0x63, 0x68, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x15, 0x2e, 0x6f, 0x70,
+	0x65, 0x6e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69,
+	0x6f, 0x6e, 0x52, 0x05, 0x70, 0x61, 0x74, 0x63, 0x68, 0x12, 0x3a, 0x0a, 0x0a, 0x70, 0x61, 0x72,
+	0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x73, 0x18, 0x09, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1a, 0x2e,
+	0x6f, 0x70, 0x65, 0x6e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x50, 0x61, 0x72, 0x61, 0x6d,
+	0x65, 0x74, 0x65, 0x72, 0x73, 0x49, 0x74, 0x65, 0x6d, 0x52, 0x0a, 0x70, 0x61, 0x72, 0x61, 0x6d,
+	0x65, 0x74, 0x65, 0x72, 0x73, 0x12, 0x3f, 0x0a, 0x10, 0x76, 0x65, 0x6e, 0x64, 0x6f, 0x72, 0x5f,
+	0x65, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x0a, 0x20, 0x03, 0x28, 0x0b, 0x32,
+	0x14, 0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x4e, 0x61, 0x6d,
+	0x65, 0x64, 0x41, 0x6e, 0x79, 0x52, 0x0f, 0x76, 0x65, 0x6e, 0x64, 0x6f, 0x72, 0x45, 0x78, 0x74,
+	0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x22, 0xfb, 0x05, 0x0a, 0x16, 0x50, 0x61, 0x74, 0x68, 0x50,
+	0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x53, 0x75, 0x62, 0x53, 0x63, 0x68, 0x65, 0x6d,
+	0x61, 0x12, 0x1a, 0x0a, 0x08, 0x72, 0x65, 0x71, 0x75, 0x69, 0x72, 0x65, 0x64, 0x18, 0x01, 0x20,
+	0x01, 0x28, 0x08, 0x52, 0x08, 0x72, 0x65, 0x71, 0x75, 0x69, 0x72, 0x65, 0x64, 0x12, 0x0e, 0x0a,
+	0x02, 0x69, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x69, 0x6e, 0x12, 0x20, 0x0a,
+	0x0b, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01,
+	0x28, 0x09, 0x52, 0x0b, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x12,
+	0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e,
+	0x61, 0x6d, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28,
+	0x09, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x66, 0x6f, 0x72, 0x6d, 0x61,
+	0x74, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x66, 0x6f, 0x72, 0x6d, 0x61, 0x74, 0x12,
+	0x31, 0x0a, 0x05, 0x69, 0x74, 0x65, 0x6d, 0x73, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b,
+	0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x50, 0x72, 0x69, 0x6d,
+	0x69, 0x74, 0x69, 0x76, 0x65, 0x73, 0x49, 0x74, 0x65, 0x6d, 0x73, 0x52, 0x05, 0x69, 0x74, 0x65,
+	0x6d, 0x73, 0x12, 0x2b, 0x0a, 0x11, 0x63, 0x6f, 0x6c, 0x6c, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e,
+	0x5f, 0x66, 0x6f, 0x72, 0x6d, 0x61, 0x74, 0x18, 0x08, 0x20, 0x01, 0x28, 0x09, 0x52, 0x10, 0x63,
+	0x6f, 0x6c, 0x6c, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x46, 0x6f, 0x72, 0x6d, 0x61, 0x74, 0x12,
+	0x29, 0x0a, 0x07, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0b,
+	0x32, 0x0f, 0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x41, 0x6e,
+	0x79, 0x52, 0x07, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x12, 0x18, 0x0a, 0x07, 0x6d, 0x61,
+	0x78, 0x69, 0x6d, 0x75, 0x6d, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x01, 0x52, 0x07, 0x6d, 0x61, 0x78,
+	0x69, 0x6d, 0x75, 0x6d, 0x12, 0x2b, 0x0a, 0x11, 0x65, 0x78, 0x63, 0x6c, 0x75, 0x73, 0x69, 0x76,
+	0x65, 0x5f, 0x6d, 0x61, 0x78, 0x69, 0x6d, 0x75, 0x6d, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x08, 0x52,
+	0x10, 0x65, 0x78, 0x63, 0x6c, 0x75, 0x73, 0x69, 0x76, 0x65, 0x4d, 0x61, 0x78, 0x69, 0x6d, 0x75,
+	0x6d, 0x12, 0x18, 0x0a, 0x07, 0x6d, 0x69, 0x6e, 0x69, 0x6d, 0x75, 0x6d, 0x18, 0x0c, 0x20, 0x01,
+	0x28, 0x01, 0x52, 0x07, 0x6d, 0x69, 0x6e, 0x69, 0x6d, 0x75, 0x6d, 0x12, 0x2b, 0x0a, 0x11, 0x65,
+	0x78, 0x63, 0x6c, 0x75, 0x73, 0x69, 0x76, 0x65, 0x5f, 0x6d, 0x69, 0x6e, 0x69, 0x6d, 0x75, 0x6d,
+	0x18, 0x0d, 0x20, 0x01, 0x28, 0x08, 0x52, 0x10, 0x65, 0x78, 0x63, 0x6c, 0x75, 0x73, 0x69, 0x76,
+	0x65, 0x4d, 0x69, 0x6e, 0x69, 0x6d, 0x75, 0x6d, 0x12, 0x1d, 0x0a, 0x0a, 0x6d, 0x61, 0x78, 0x5f,
+	0x6c, 0x65, 0x6e, 0x67, 0x74, 0x68, 0x18, 0x0e, 0x20, 0x01, 0x28, 0x03, 0x52, 0x09, 0x6d, 0x61,
+	0x78, 0x4c, 0x65, 0x6e, 0x67, 0x74, 0x68, 0x12, 0x1d, 0x0a, 0x0a, 0x6d, 0x69, 0x6e, 0x5f, 0x6c,
+	0x65, 0x6e, 0x67, 0x74, 0x68, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x03, 0x52, 0x09, 0x6d, 0x69, 0x6e,
+	0x4c, 0x65, 0x6e, 0x67, 0x74, 0x68, 0x12, 0x18, 0x0a, 0x07, 0x70, 0x61, 0x74, 0x74, 0x65, 0x72,
+	0x6e, 0x18, 0x10, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x70, 0x61, 0x74, 0x74, 0x65, 0x72, 0x6e,
+	0x12, 0x1b, 0x0a, 0x09, 0x6d, 0x61, 0x78, 0x5f, 0x69, 0x74, 0x65, 0x6d, 0x73, 0x18, 0x11, 0x20,
+	0x01, 0x28, 0x03, 0x52, 0x08, 0x6d, 0x61, 0x78, 0x49, 0x74, 0x65, 0x6d, 0x73, 0x12, 0x1b, 0x0a,
+	0x09, 0x6d, 0x69, 0x6e, 0x5f, 0x69, 0x74, 0x65, 0x6d, 0x73, 0x18, 0x12, 0x20, 0x01, 0x28, 0x03,
+	0x52, 0x08, 0x6d, 0x69, 0x6e, 0x49, 0x74, 0x65, 0x6d, 0x73, 0x12, 0x21, 0x0a, 0x0c, 0x75, 0x6e,
+	0x69, 0x71, 0x75, 0x65, 0x5f, 0x69, 0x74, 0x65, 0x6d, 0x73, 0x18, 0x13, 0x20, 0x01, 0x28, 0x08,
+	0x52, 0x0b, 0x75, 0x6e, 0x69, 0x71, 0x75, 0x65, 0x49, 0x74, 0x65, 0x6d, 0x73, 0x12, 0x23, 0x0a,
+	0x04, 0x65, 0x6e, 0x75, 0x6d, 0x18, 0x14, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x0f, 0x2e, 0x6f, 0x70,
+	0x65, 0x6e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x41, 0x6e, 0x79, 0x52, 0x04, 0x65, 0x6e,
+	0x75, 0x6d, 0x12, 0x1f, 0x0a, 0x0b, 0x6d, 0x75, 0x6c, 0x74, 0x69, 0x70, 0x6c, 0x65, 0x5f, 0x6f,
+	0x66, 0x18, 0x15, 0x20, 0x01, 0x28, 0x01, 0x52, 0x0a, 0x6d, 0x75, 0x6c, 0x74, 0x69, 0x70, 0x6c,
+	0x65, 0x4f, 0x66, 0x12, 0x3f, 0x0a, 0x10, 0x76, 0x65, 0x6e, 0x64, 0x6f, 0x72, 0x5f, 0x65, 0x78,
+	0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x16, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x14, 0x2e,
+	0x6f, 0x70, 0x65, 0x6e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x4e, 0x61, 0x6d, 0x65, 0x64,
+	0x41, 0x6e, 0x79, 0x52, 0x0f, 0x76, 0x65, 0x6e, 0x64, 0x6f, 0x72, 0x45, 0x78, 0x74, 0x65, 0x6e,
+	0x73, 0x69, 0x6f, 0x6e, 0x22, 0x77, 0x0a, 0x05, 0x50, 0x61, 0x74, 0x68, 0x73, 0x12, 0x3f, 0x0a,
+	0x10, 0x76, 0x65, 0x6e, 0x64, 0x6f, 0x72, 0x5f, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f,
+	0x6e, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x61, 0x70,
+	0x69, 0x2e, 0x76, 0x32, 0x2e, 0x4e, 0x61, 0x6d, 0x65, 0x64, 0x41, 0x6e, 0x79, 0x52, 0x0f, 0x76,
+	0x65, 0x6e, 0x64, 0x6f, 0x72, 0x45, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x2d,
+	0x0a, 0x04, 0x70, 0x61, 0x74, 0x68, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x6f,
+	0x70, 0x65, 0x6e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x4e, 0x61, 0x6d, 0x65, 0x64, 0x50,
+	0x61, 0x74, 0x68, 0x49, 0x74, 0x65, 0x6d, 0x52, 0x04, 0x70, 0x61, 0x74, 0x68, 0x22, 0x92, 0x05,
+	0x0a, 0x0f, 0x50, 0x72, 0x69, 0x6d, 0x69, 0x74, 0x69, 0x76, 0x65, 0x73, 0x49, 0x74, 0x65, 0x6d,
+	0x73, 0x12, 0x12, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52,
+	0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x66, 0x6f, 0x72, 0x6d, 0x61, 0x74, 0x18,
+	0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x66, 0x6f, 0x72, 0x6d, 0x61, 0x74, 0x12, 0x31, 0x0a,
+	0x05, 0x69, 0x74, 0x65, 0x6d, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x6f,
+	0x70, 0x65, 0x6e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x50, 0x72, 0x69, 0x6d, 0x69, 0x74,
+	0x69, 0x76, 0x65, 0x73, 0x49, 0x74, 0x65, 0x6d, 0x73, 0x52, 0x05, 0x69, 0x74, 0x65, 0x6d, 0x73,
+	0x12, 0x2b, 0x0a, 0x11, 0x63, 0x6f, 0x6c, 0x6c, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x66,
+	0x6f, 0x72, 0x6d, 0x61, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x10, 0x63, 0x6f, 0x6c,
+	0x6c, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x46, 0x6f, 0x72, 0x6d, 0x61, 0x74, 0x12, 0x29, 0x0a,
+	0x07, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0f,
+	0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x41, 0x6e, 0x79, 0x52,
+	0x07, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x12, 0x18, 0x0a, 0x07, 0x6d, 0x61, 0x78, 0x69,
+	0x6d, 0x75, 0x6d, 0x18, 0x06, 0x20, 0x01, 0x28, 0x01, 0x52, 0x07, 0x6d, 0x61, 0x78, 0x69, 0x6d,
+	0x75, 0x6d, 0x12, 0x2b, 0x0a, 0x11, 0x65, 0x78, 0x63, 0x6c, 0x75, 0x73, 0x69, 0x76, 0x65, 0x5f,
+	0x6d, 0x61, 0x78, 0x69, 0x6d, 0x75, 0x6d, 0x18, 0x07, 0x20, 0x01, 0x28, 0x08, 0x52, 0x10, 0x65,
+	0x78, 0x63, 0x6c, 0x75, 0x73, 0x69, 0x76, 0x65, 0x4d, 0x61, 0x78, 0x69, 0x6d, 0x75, 0x6d, 0x12,
+	0x18, 0x0a, 0x07, 0x6d, 0x69, 0x6e, 0x69, 0x6d, 0x75, 0x6d, 0x18, 0x08, 0x20, 0x01, 0x28, 0x01,
+	0x52, 0x07, 0x6d, 0x69, 0x6e, 0x69, 0x6d, 0x75, 0x6d, 0x12, 0x2b, 0x0a, 0x11, 0x65, 0x78, 0x63,
+	0x6c, 0x75, 0x73, 0x69, 0x76, 0x65, 0x5f, 0x6d, 0x69, 0x6e, 0x69, 0x6d, 0x75, 0x6d, 0x18, 0x09,
+	0x20, 0x01, 0x28, 0x08, 0x52, 0x10, 0x65, 0x78, 0x63, 0x6c, 0x75, 0x73, 0x69, 0x76, 0x65, 0x4d,
+	0x69, 0x6e, 0x69, 0x6d, 0x75, 0x6d, 0x12, 0x1d, 0x0a, 0x0a, 0x6d, 0x61, 0x78, 0x5f, 0x6c, 0x65,
+	0x6e, 0x67, 0x74, 0x68, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x03, 0x52, 0x09, 0x6d, 0x61, 0x78, 0x4c,
+	0x65, 0x6e, 0x67, 0x74, 0x68, 0x12, 0x1d, 0x0a, 0x0a, 0x6d, 0x69, 0x6e, 0x5f, 0x6c, 0x65, 0x6e,
+	0x67, 0x74, 0x68, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x03, 0x52, 0x09, 0x6d, 0x69, 0x6e, 0x4c, 0x65,
+	0x6e, 0x67, 0x74, 0x68, 0x12, 0x18, 0x0a, 0x07, 0x70, 0x61, 0x74, 0x74, 0x65, 0x72, 0x6e, 0x18,
+	0x0c, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x70, 0x61, 0x74, 0x74, 0x65, 0x72, 0x6e, 0x12, 0x1b,
+	0x0a, 0x09, 0x6d, 0x61, 0x78, 0x5f, 0x69, 0x74, 0x65, 0x6d, 0x73, 0x18, 0x0d, 0x20, 0x01, 0x28,
+	0x03, 0x52, 0x08, 0x6d, 0x61, 0x78, 0x49, 0x74, 0x65, 0x6d, 0x73, 0x12, 0x1b, 0x0a, 0x09, 0x6d,
+	0x69, 0x6e, 0x5f, 0x69, 0x74, 0x65, 0x6d, 0x73, 0x18, 0x0e, 0x20, 0x01, 0x28, 0x03, 0x52, 0x08,
+	0x6d, 0x69, 0x6e, 0x49, 0x74, 0x65, 0x6d, 0x73, 0x12, 0x21, 0x0a, 0x0c, 0x75, 0x6e, 0x69, 0x71,
+	0x75, 0x65, 0x5f, 0x69, 0x74, 0x65, 0x6d, 0x73, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0b,
+	0x75, 0x6e, 0x69, 0x71, 0x75, 0x65, 0x49, 0x74, 0x65, 0x6d, 0x73, 0x12, 0x23, 0x0a, 0x04, 0x65,
+	0x6e, 0x75, 0x6d, 0x18, 0x10, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x0f, 0x2e, 0x6f, 0x70, 0x65, 0x6e,
+	0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x41, 0x6e, 0x79, 0x52, 0x04, 0x65, 0x6e, 0x75, 0x6d,
+	0x12, 0x1f, 0x0a, 0x0b, 0x6d, 0x75, 0x6c, 0x74, 0x69, 0x70, 0x6c, 0x65, 0x5f, 0x6f, 0x66, 0x18,
+	0x11, 0x20, 0x01, 0x28, 0x01, 0x52, 0x0a, 0x6d, 0x75, 0x6c, 0x74, 0x69, 0x70, 0x6c, 0x65, 0x4f,
+	0x66, 0x12, 0x3f, 0x0a, 0x10, 0x76, 0x65, 0x6e, 0x64, 0x6f, 0x72, 0x5f, 0x65, 0x78, 0x74, 0x65,
+	0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x12, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x6f, 0x70,
+	0x65, 0x6e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x4e, 0x61, 0x6d, 0x65, 0x64, 0x41, 0x6e,
+	0x79, 0x52, 0x0f, 0x76, 0x65, 0x6e, 0x64, 0x6f, 0x72, 0x45, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69,
+	0x6f, 0x6e, 0x22, 0x5a, 0x0a, 0x0a, 0x50, 0x72, 0x6f, 0x70, 0x65, 0x72, 0x74, 0x69, 0x65, 0x73,
+	0x12, 0x4c, 0x0a, 0x15, 0x61, 0x64, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x5f, 0x70,
+	0x72, 0x6f, 0x70, 0x65, 0x72, 0x74, 0x69, 0x65, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32,
+	0x17, 0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x4e, 0x61, 0x6d,
+	0x65, 0x64, 0x53, 0x63, 0x68, 0x65, 0x6d, 0x61, 0x52, 0x14, 0x61, 0x64, 0x64, 0x69, 0x74, 0x69,
+	0x6f, 0x6e, 0x61, 0x6c, 0x50, 0x72, 0x6f, 0x70, 0x65, 0x72, 0x74, 0x69, 0x65, 0x73, 0x22, 0xa8,
+	0x06, 0x0a, 0x17, 0x51, 0x75, 0x65, 0x72, 0x79, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65,
+	0x72, 0x53, 0x75, 0x62, 0x53, 0x63, 0x68, 0x65, 0x6d, 0x61, 0x12, 0x1a, 0x0a, 0x08, 0x72, 0x65,
+	0x71, 0x75, 0x69, 0x72, 0x65, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x72, 0x65,
+	0x71, 0x75, 0x69, 0x72, 0x65, 0x64, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x6e, 0x18, 0x02, 0x20, 0x01,
+	0x28, 0x09, 0x52, 0x02, 0x69, 0x6e, 0x12, 0x20, 0x0a, 0x0b, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69,
+	0x70, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x64, 0x65, 0x73,
+	0x63, 0x72, 0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65,
+	0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x2a, 0x0a, 0x11,
+	0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x5f, 0x65, 0x6d, 0x70, 0x74, 0x79, 0x5f, 0x76, 0x61, 0x6c, 0x75,
+	0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0f, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x45, 0x6d,
+	0x70, 0x74, 0x79, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65,
+	0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x16, 0x0a, 0x06,
+	0x66, 0x6f, 0x72, 0x6d, 0x61, 0x74, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x66, 0x6f,
+	0x72, 0x6d, 0x61, 0x74, 0x12, 0x31, 0x0a, 0x05, 0x69, 0x74, 0x65, 0x6d, 0x73, 0x18, 0x08, 0x20,
+	0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x32,
+	0x2e, 0x50, 0x72, 0x69, 0x6d, 0x69, 0x74, 0x69, 0x76, 0x65, 0x73, 0x49, 0x74, 0x65, 0x6d, 0x73,
+	0x52, 0x05, 0x69, 0x74, 0x65, 0x6d, 0x73, 0x12, 0x2b, 0x0a, 0x11, 0x63, 0x6f, 0x6c, 0x6c, 0x65,
+	0x63, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x66, 0x6f, 0x72, 0x6d, 0x61, 0x74, 0x18, 0x09, 0x20, 0x01,
+	0x28, 0x09, 0x52, 0x10, 0x63, 0x6f, 0x6c, 0x6c, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x46, 0x6f,
+	0x72, 0x6d, 0x61, 0x74, 0x12, 0x29, 0x0a, 0x07, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x18,
+	0x0a, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0f, 0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x61, 0x70, 0x69, 0x2e,
+	0x76, 0x32, 0x2e, 0x41, 0x6e, 0x79, 0x52, 0x07, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x12,
+	0x18, 0x0a, 0x07, 0x6d, 0x61, 0x78, 0x69, 0x6d, 0x75, 0x6d, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x01,
+	0x52, 0x07, 0x6d, 0x61, 0x78, 0x69, 0x6d, 0x75, 0x6d, 0x12, 0x2b, 0x0a, 0x11, 0x65, 0x78, 0x63,
+	0x6c, 0x75, 0x73, 0x69, 0x76, 0x65, 0x5f, 0x6d, 0x61, 0x78, 0x69, 0x6d, 0x75, 0x6d, 0x18, 0x0c,
+	0x20, 0x01, 0x28, 0x08, 0x52, 0x10, 0x65, 0x78, 0x63, 0x6c, 0x75, 0x73, 0x69, 0x76, 0x65, 0x4d,
+	0x61, 0x78, 0x69, 0x6d, 0x75, 0x6d, 0x12, 0x18, 0x0a, 0x07, 0x6d, 0x69, 0x6e, 0x69, 0x6d, 0x75,
+	0x6d, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x01, 0x52, 0x07, 0x6d, 0x69, 0x6e, 0x69, 0x6d, 0x75, 0x6d,
+	0x12, 0x2b, 0x0a, 0x11, 0x65, 0x78, 0x63, 0x6c, 0x75, 0x73, 0x69, 0x76, 0x65, 0x5f, 0x6d, 0x69,
+	0x6e, 0x69, 0x6d, 0x75, 0x6d, 0x18, 0x0e, 0x20, 0x01, 0x28, 0x08, 0x52, 0x10, 0x65, 0x78, 0x63,
+	0x6c, 0x75, 0x73, 0x69, 0x76, 0x65, 0x4d, 0x69, 0x6e, 0x69, 0x6d, 0x75, 0x6d, 0x12, 0x1d, 0x0a,
+	0x0a, 0x6d, 0x61, 0x78, 0x5f, 0x6c, 0x65, 0x6e, 0x67, 0x74, 0x68, 0x18, 0x0f, 0x20, 0x01, 0x28,
+	0x03, 0x52, 0x09, 0x6d, 0x61, 0x78, 0x4c, 0x65, 0x6e, 0x67, 0x74, 0x68, 0x12, 0x1d, 0x0a, 0x0a,
+	0x6d, 0x69, 0x6e, 0x5f, 0x6c, 0x65, 0x6e, 0x67, 0x74, 0x68, 0x18, 0x10, 0x20, 0x01, 0x28, 0x03,
+	0x52, 0x09, 0x6d, 0x69, 0x6e, 0x4c, 0x65, 0x6e, 0x67, 0x74, 0x68, 0x12, 0x18, 0x0a, 0x07, 0x70,
+	0x61, 0x74, 0x74, 0x65, 0x72, 0x6e, 0x18, 0x11, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x70, 0x61,
+	0x74, 0x74, 0x65, 0x72, 0x6e, 0x12, 0x1b, 0x0a, 0x09, 0x6d, 0x61, 0x78, 0x5f, 0x69, 0x74, 0x65,
+	0x6d, 0x73, 0x18, 0x12, 0x20, 0x01, 0x28, 0x03, 0x52, 0x08, 0x6d, 0x61, 0x78, 0x49, 0x74, 0x65,
+	0x6d, 0x73, 0x12, 0x1b, 0x0a, 0x09, 0x6d, 0x69, 0x6e, 0x5f, 0x69, 0x74, 0x65, 0x6d, 0x73, 0x18,
+	0x13, 0x20, 0x01, 0x28, 0x03, 0x52, 0x08, 0x6d, 0x69, 0x6e, 0x49, 0x74, 0x65, 0x6d, 0x73, 0x12,
+	0x21, 0x0a, 0x0c, 0x75, 0x6e, 0x69, 0x71, 0x75, 0x65, 0x5f, 0x69, 0x74, 0x65, 0x6d, 0x73, 0x18,
+	0x14, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0b, 0x75, 0x6e, 0x69, 0x71, 0x75, 0x65, 0x49, 0x74, 0x65,
+	0x6d, 0x73, 0x12, 0x23, 0x0a, 0x04, 0x65, 0x6e, 0x75, 0x6d, 0x18, 0x15, 0x20, 0x03, 0x28, 0x0b,
+	0x32, 0x0f, 0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x41, 0x6e,
+	0x79, 0x52, 0x04, 0x65, 0x6e, 0x75, 0x6d, 0x12, 0x1f, 0x0a, 0x0b, 0x6d, 0x75, 0x6c, 0x74, 0x69,
+	0x70, 0x6c, 0x65, 0x5f, 0x6f, 0x66, 0x18, 0x16, 0x20, 0x01, 0x28, 0x01, 0x52, 0x0a, 0x6d, 0x75,
+	0x6c, 0x74, 0x69, 0x70, 0x6c, 0x65, 0x4f, 0x66, 0x12, 0x3f, 0x0a, 0x10, 0x76, 0x65, 0x6e, 0x64,
+	0x6f, 0x72, 0x5f, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x17, 0x20, 0x03,
+	0x28, 0x0b, 0x32, 0x14, 0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e,
+	0x4e, 0x61, 0x6d, 0x65, 0x64, 0x41, 0x6e, 0x79, 0x52, 0x0f, 0x76, 0x65, 0x6e, 0x64, 0x6f, 0x72,
+	0x45, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x22, 0xfe, 0x01, 0x0a, 0x08, 0x52, 0x65,
+	0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x20, 0x0a, 0x0b, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69,
+	0x70, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x64, 0x65, 0x73,
+	0x63, 0x72, 0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x2e, 0x0a, 0x06, 0x73, 0x63, 0x68, 0x65,
+	0x6d, 0x61, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x61,
+	0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x53, 0x63, 0x68, 0x65, 0x6d, 0x61, 0x49, 0x74, 0x65, 0x6d,
+	0x52, 0x06, 0x73, 0x63, 0x68, 0x65, 0x6d, 0x61, 0x12, 0x2d, 0x0a, 0x07, 0x68, 0x65, 0x61, 0x64,
+	0x65, 0x72, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x6f, 0x70, 0x65, 0x6e,
+	0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x52, 0x07,
+	0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x12, 0x30, 0x0a, 0x08, 0x65, 0x78, 0x61, 0x6d, 0x70,
+	0x6c, 0x65, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x6f, 0x70, 0x65, 0x6e,
+	0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x45, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x73, 0x52,
+	0x08, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x73, 0x12, 0x3f, 0x0a, 0x10, 0x76, 0x65, 0x6e,
+	0x64, 0x6f, 0x72, 0x5f, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x05, 0x20,
+	0x03, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x32,
+	0x2e, 0x4e, 0x61, 0x6d, 0x65, 0x64, 0x41, 0x6e, 0x79, 0x52, 0x0f, 0x76, 0x65, 0x6e, 0x64, 0x6f,
+	0x72, 0x45, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x22, 0x65, 0x0a, 0x13, 0x52, 0x65,
+	0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x44, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e,
+	0x73, 0x12, 0x4e, 0x0a, 0x15, 0x61, 0x64, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x5f,
+	0x70, 0x72, 0x6f, 0x70, 0x65, 0x72, 0x74, 0x69, 0x65, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b,
+	0x32, 0x19, 0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x4e, 0x61,
+	0x6d, 0x65, 0x64, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x52, 0x14, 0x61, 0x64, 0x64,
+	0x69, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x50, 0x72, 0x6f, 0x70, 0x65, 0x72, 0x74, 0x69, 0x65,
+	0x73, 0x22, 0x90, 0x01, 0x0a, 0x0d, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x56, 0x61,
+	0x6c, 0x75, 0x65, 0x12, 0x32, 0x0a, 0x08, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x18,
+	0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x61, 0x70, 0x69, 0x2e,
+	0x76, 0x32, 0x2e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x48, 0x00, 0x52, 0x08, 0x72,
+	0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x42, 0x0a, 0x0e, 0x6a, 0x73, 0x6f, 0x6e, 0x5f,
+	0x72, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32,
+	0x19, 0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x4a, 0x73, 0x6f,
+	0x6e, 0x52, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x48, 0x00, 0x52, 0x0d, 0x6a, 0x73,
+	0x6f, 0x6e, 0x52, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x42, 0x07, 0x0a, 0x05, 0x6f,
+	0x6e, 0x65, 0x6f, 0x66, 0x22, 0x91, 0x01, 0x0a, 0x09, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73,
+	0x65, 0x73, 0x12, 0x43, 0x0a, 0x0d, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x5f, 0x63,
+	0x6f, 0x64, 0x65, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1e, 0x2e, 0x6f, 0x70, 0x65, 0x6e,
+	0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x4e, 0x61, 0x6d, 0x65, 0x64, 0x52, 0x65, 0x73, 0x70,
+	0x6f, 0x6e, 0x73, 0x65, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x0c, 0x72, 0x65, 0x73, 0x70, 0x6f,
+	0x6e, 0x73, 0x65, 0x43, 0x6f, 0x64, 0x65, 0x12, 0x3f, 0x0a, 0x10, 0x76, 0x65, 0x6e, 0x64, 0x6f,
+	0x72, 0x5f, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x03, 0x28,
+	0x0b, 0x32, 0x14, 0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x4e,
+	0x61, 0x6d, 0x65, 0x64, 0x41, 0x6e, 0x79, 0x52, 0x0f, 0x76, 0x65, 0x6e, 0x64, 0x6f, 0x72, 0x45,
+	0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x22, 0xaf, 0x09, 0x0a, 0x06, 0x53, 0x63, 0x68,
+	0x65, 0x6d, 0x61, 0x12, 0x11, 0x0a, 0x04, 0x5f, 0x72, 0x65, 0x66, 0x18, 0x01, 0x20, 0x01, 0x28,
+	0x09, 0x52, 0x03, 0x52, 0x65, 0x66, 0x12, 0x16, 0x0a, 0x06, 0x66, 0x6f, 0x72, 0x6d, 0x61, 0x74,
+	0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x66, 0x6f, 0x72, 0x6d, 0x61, 0x74, 0x12, 0x14,
+	0x0a, 0x05, 0x74, 0x69, 0x74, 0x6c, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x74,
+	0x69, 0x74, 0x6c, 0x65, 0x12, 0x20, 0x0a, 0x0b, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74,
+	0x69, 0x6f, 0x6e, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x64, 0x65, 0x73, 0x63, 0x72,
+	0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x29, 0x0a, 0x07, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c,
+	0x74, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0f, 0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x61, 0x70,
+	0x69, 0x2e, 0x76, 0x32, 0x2e, 0x41, 0x6e, 0x79, 0x52, 0x07, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c,
+	0x74, 0x12, 0x1f, 0x0a, 0x0b, 0x6d, 0x75, 0x6c, 0x74, 0x69, 0x70, 0x6c, 0x65, 0x5f, 0x6f, 0x66,
+	0x18, 0x06, 0x20, 0x01, 0x28, 0x01, 0x52, 0x0a, 0x6d, 0x75, 0x6c, 0x74, 0x69, 0x70, 0x6c, 0x65,
+	0x4f, 0x66, 0x12, 0x18, 0x0a, 0x07, 0x6d, 0x61, 0x78, 0x69, 0x6d, 0x75, 0x6d, 0x18, 0x07, 0x20,
+	0x01, 0x28, 0x01, 0x52, 0x07, 0x6d, 0x61, 0x78, 0x69, 0x6d, 0x75, 0x6d, 0x12, 0x2b, 0x0a, 0x11,
+	0x65, 0x78, 0x63, 0x6c, 0x75, 0x73, 0x69, 0x76, 0x65, 0x5f, 0x6d, 0x61, 0x78, 0x69, 0x6d, 0x75,
+	0x6d, 0x18, 0x08, 0x20, 0x01, 0x28, 0x08, 0x52, 0x10, 0x65, 0x78, 0x63, 0x6c, 0x75, 0x73, 0x69,
+	0x76, 0x65, 0x4d, 0x61, 0x78, 0x69, 0x6d, 0x75, 0x6d, 0x12, 0x18, 0x0a, 0x07, 0x6d, 0x69, 0x6e,
+	0x69, 0x6d, 0x75, 0x6d, 0x18, 0x09, 0x20, 0x01, 0x28, 0x01, 0x52, 0x07, 0x6d, 0x69, 0x6e, 0x69,
+	0x6d, 0x75, 0x6d, 0x12, 0x2b, 0x0a, 0x11, 0x65, 0x78, 0x63, 0x6c, 0x75, 0x73, 0x69, 0x76, 0x65,
+	0x5f, 0x6d, 0x69, 0x6e, 0x69, 0x6d, 0x75, 0x6d, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x08, 0x52, 0x10,
+	0x65, 0x78, 0x63, 0x6c, 0x75, 0x73, 0x69, 0x76, 0x65, 0x4d, 0x69, 0x6e, 0x69, 0x6d, 0x75, 0x6d,
+	0x12, 0x1d, 0x0a, 0x0a, 0x6d, 0x61, 0x78, 0x5f, 0x6c, 0x65, 0x6e, 0x67, 0x74, 0x68, 0x18, 0x0b,
+	0x20, 0x01, 0x28, 0x03, 0x52, 0x09, 0x6d, 0x61, 0x78, 0x4c, 0x65, 0x6e, 0x67, 0x74, 0x68, 0x12,
+	0x1d, 0x0a, 0x0a, 0x6d, 0x69, 0x6e, 0x5f, 0x6c, 0x65, 0x6e, 0x67, 0x74, 0x68, 0x18, 0x0c, 0x20,
+	0x01, 0x28, 0x03, 0x52, 0x09, 0x6d, 0x69, 0x6e, 0x4c, 0x65, 0x6e, 0x67, 0x74, 0x68, 0x12, 0x18,
+	0x0a, 0x07, 0x70, 0x61, 0x74, 0x74, 0x65, 0x72, 0x6e, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x09, 0x52,
+	0x07, 0x70, 0x61, 0x74, 0x74, 0x65, 0x72, 0x6e, 0x12, 0x1b, 0x0a, 0x09, 0x6d, 0x61, 0x78, 0x5f,
+	0x69, 0x74, 0x65, 0x6d, 0x73, 0x18, 0x0e, 0x20, 0x01, 0x28, 0x03, 0x52, 0x08, 0x6d, 0x61, 0x78,
+	0x49, 0x74, 0x65, 0x6d, 0x73, 0x12, 0x1b, 0x0a, 0x09, 0x6d, 0x69, 0x6e, 0x5f, 0x69, 0x74, 0x65,
+	0x6d, 0x73, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x03, 0x52, 0x08, 0x6d, 0x69, 0x6e, 0x49, 0x74, 0x65,
+	0x6d, 0x73, 0x12, 0x21, 0x0a, 0x0c, 0x75, 0x6e, 0x69, 0x71, 0x75, 0x65, 0x5f, 0x69, 0x74, 0x65,
+	0x6d, 0x73, 0x18, 0x10, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0b, 0x75, 0x6e, 0x69, 0x71, 0x75, 0x65,
+	0x49, 0x74, 0x65, 0x6d, 0x73, 0x12, 0x25, 0x0a, 0x0e, 0x6d, 0x61, 0x78, 0x5f, 0x70, 0x72, 0x6f,
+	0x70, 0x65, 0x72, 0x74, 0x69, 0x65, 0x73, 0x18, 0x11, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0d, 0x6d,
+	0x61, 0x78, 0x50, 0x72, 0x6f, 0x70, 0x65, 0x72, 0x74, 0x69, 0x65, 0x73, 0x12, 0x25, 0x0a, 0x0e,
+	0x6d, 0x69, 0x6e, 0x5f, 0x70, 0x72, 0x6f, 0x70, 0x65, 0x72, 0x74, 0x69, 0x65, 0x73, 0x18, 0x12,
+	0x20, 0x01, 0x28, 0x03, 0x52, 0x0d, 0x6d, 0x69, 0x6e, 0x50, 0x72, 0x6f, 0x70, 0x65, 0x72, 0x74,
+	0x69, 0x65, 0x73, 0x12, 0x1a, 0x0a, 0x08, 0x72, 0x65, 0x71, 0x75, 0x69, 0x72, 0x65, 0x64, 0x18,
+	0x13, 0x20, 0x03, 0x28, 0x09, 0x52, 0x08, 0x72, 0x65, 0x71, 0x75, 0x69, 0x72, 0x65, 0x64, 0x12,
+	0x23, 0x0a, 0x04, 0x65, 0x6e, 0x75, 0x6d, 0x18, 0x14, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x0f, 0x2e,
+	0x6f, 0x70, 0x65, 0x6e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x41, 0x6e, 0x79, 0x52, 0x04,
+	0x65, 0x6e, 0x75, 0x6d, 0x12, 0x59, 0x0a, 0x15, 0x61, 0x64, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e,
+	0x61, 0x6c, 0x5f, 0x70, 0x72, 0x6f, 0x70, 0x65, 0x72, 0x74, 0x69, 0x65, 0x73, 0x18, 0x15, 0x20,
+	0x01, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x32,
+	0x2e, 0x41, 0x64, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x50, 0x72, 0x6f, 0x70, 0x65,
+	0x72, 0x74, 0x69, 0x65, 0x73, 0x49, 0x74, 0x65, 0x6d, 0x52, 0x14, 0x61, 0x64, 0x64, 0x69, 0x74,
+	0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x50, 0x72, 0x6f, 0x70, 0x65, 0x72, 0x74, 0x69, 0x65, 0x73, 0x12,
+	0x28, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x16, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x14, 0x2e,
+	0x6f, 0x70, 0x65, 0x6e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x54, 0x79, 0x70, 0x65, 0x49,
+	0x74, 0x65, 0x6d, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x2b, 0x0a, 0x05, 0x69, 0x74, 0x65,
+	0x6d, 0x73, 0x18, 0x17, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x15, 0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x61,
+	0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x49, 0x74, 0x65, 0x6d, 0x73, 0x49, 0x74, 0x65, 0x6d, 0x52,
+	0x05, 0x69, 0x74, 0x65, 0x6d, 0x73, 0x12, 0x29, 0x0a, 0x06, 0x61, 0x6c, 0x6c, 0x5f, 0x6f, 0x66,
+	0x18, 0x18, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x12, 0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x61, 0x70, 0x69,
+	0x2e, 0x76, 0x32, 0x2e, 0x53, 0x63, 0x68, 0x65, 0x6d, 0x61, 0x52, 0x05, 0x61, 0x6c, 0x6c, 0x4f,
+	0x66, 0x12, 0x36, 0x0a, 0x0a, 0x70, 0x72, 0x6f, 0x70, 0x65, 0x72, 0x74, 0x69, 0x65, 0x73, 0x18,
+	0x19, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x61, 0x70, 0x69, 0x2e,
+	0x76, 0x32, 0x2e, 0x50, 0x72, 0x6f, 0x70, 0x65, 0x72, 0x74, 0x69, 0x65, 0x73, 0x52, 0x0a, 0x70,
+	0x72, 0x6f, 0x70, 0x65, 0x72, 0x74, 0x69, 0x65, 0x73, 0x12, 0x24, 0x0a, 0x0d, 0x64, 0x69, 0x73,
+	0x63, 0x72, 0x69, 0x6d, 0x69, 0x6e, 0x61, 0x74, 0x6f, 0x72, 0x18, 0x1a, 0x20, 0x01, 0x28, 0x09,
+	0x52, 0x0d, 0x64, 0x69, 0x73, 0x63, 0x72, 0x69, 0x6d, 0x69, 0x6e, 0x61, 0x74, 0x6f, 0x72, 0x12,
+	0x1b, 0x0a, 0x09, 0x72, 0x65, 0x61, 0x64, 0x5f, 0x6f, 0x6e, 0x6c, 0x79, 0x18, 0x1b, 0x20, 0x01,
+	0x28, 0x08, 0x52, 0x08, 0x72, 0x65, 0x61, 0x64, 0x4f, 0x6e, 0x6c, 0x79, 0x12, 0x21, 0x0a, 0x03,
+	0x78, 0x6d, 0x6c, 0x18, 0x1c, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0f, 0x2e, 0x6f, 0x70, 0x65, 0x6e,
+	0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x58, 0x6d, 0x6c, 0x52, 0x03, 0x78, 0x6d, 0x6c, 0x12,
+	0x3d, 0x0a, 0x0d, 0x65, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x5f, 0x64, 0x6f, 0x63, 0x73,
+	0x18, 0x1d, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x18, 0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x61, 0x70, 0x69,
+	0x2e, 0x76, 0x32, 0x2e, 0x45, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x44, 0x6f, 0x63, 0x73,
+	0x52, 0x0c, 0x65, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x44, 0x6f, 0x63, 0x73, 0x12, 0x29,
+	0x0a, 0x07, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x18, 0x1e, 0x20, 0x01, 0x28, 0x0b, 0x32,
+	0x0f, 0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x41, 0x6e, 0x79,
+	0x52, 0x07, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x12, 0x3f, 0x0a, 0x10, 0x76, 0x65, 0x6e,
+	0x64, 0x6f, 0x72, 0x5f, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x1f, 0x20,
+	0x03, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x32,
+	0x2e, 0x4e, 0x61, 0x6d, 0x65, 0x64, 0x41, 0x6e, 0x79, 0x52, 0x0f, 0x76, 0x65, 0x6e, 0x64, 0x6f,
+	0x72, 0x45, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x22, 0x7e, 0x0a, 0x0a, 0x53, 0x63,
+	0x68, 0x65, 0x6d, 0x61, 0x49, 0x74, 0x65, 0x6d, 0x12, 0x2c, 0x0a, 0x06, 0x73, 0x63, 0x68, 0x65,
+	0x6d, 0x61, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x12, 0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x61,
+	0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x53, 0x63, 0x68, 0x65, 0x6d, 0x61, 0x48, 0x00, 0x52, 0x06,
+	0x73, 0x63, 0x68, 0x65, 0x6d, 0x61, 0x12, 0x39, 0x0a, 0x0b, 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x73,
+	0x63, 0x68, 0x65, 0x6d, 0x61, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x6f, 0x70,
+	0x65, 0x6e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x46, 0x69, 0x6c, 0x65, 0x53, 0x63, 0x68,
+	0x65, 0x6d, 0x61, 0x48, 0x00, 0x52, 0x0a, 0x66, 0x69, 0x6c, 0x65, 0x53, 0x63, 0x68, 0x65, 0x6d,
+	0x61, 0x42, 0x07, 0x0a, 0x05, 0x6f, 0x6e, 0x65, 0x6f, 0x66, 0x22, 0x74, 0x0a, 0x13, 0x53, 0x65,
+	0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x44, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e,
+	0x73, 0x12, 0x5d, 0x0a, 0x15, 0x61, 0x64, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x5f,
+	0x70, 0x72, 0x6f, 0x70, 0x65, 0x72, 0x74, 0x69, 0x65, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b,
+	0x32, 0x28, 0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x4e, 0x61,
+	0x6d, 0x65, 0x64, 0x53, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x44, 0x65, 0x66, 0x69, 0x6e,
+	0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x49, 0x74, 0x65, 0x6d, 0x52, 0x14, 0x61, 0x64, 0x64, 0x69,
+	0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x50, 0x72, 0x6f, 0x70, 0x65, 0x72, 0x74, 0x69, 0x65, 0x73,
+	0x22, 0xe9, 0x04, 0x0a, 0x17, 0x53, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x44, 0x65, 0x66,
+	0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x49, 0x74, 0x65, 0x6d, 0x12, 0x6d, 0x0a, 0x1d,
+	0x62, 0x61, 0x73, 0x69, 0x63, 0x5f, 0x61, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61,
+	0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x73, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x18, 0x01, 0x20,
+	0x01, 0x28, 0x0b, 0x32, 0x27, 0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x32,
+	0x2e, 0x42, 0x61, 0x73, 0x69, 0x63, 0x41, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61,
+	0x74, 0x69, 0x6f, 0x6e, 0x53, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x48, 0x00, 0x52, 0x1b,
+	0x62, 0x61, 0x73, 0x69, 0x63, 0x41, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74,
+	0x69, 0x6f, 0x6e, 0x53, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x12, 0x46, 0x0a, 0x10, 0x61,
+	0x70, 0x69, 0x5f, 0x6b, 0x65, 0x79, 0x5f, 0x73, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x18,
+	0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x61, 0x70, 0x69, 0x2e,
+	0x76, 0x32, 0x2e, 0x41, 0x70, 0x69, 0x4b, 0x65, 0x79, 0x53, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74,
+	0x79, 0x48, 0x00, 0x52, 0x0e, 0x61, 0x70, 0x69, 0x4b, 0x65, 0x79, 0x53, 0x65, 0x63, 0x75, 0x72,
+	0x69, 0x74, 0x79, 0x12, 0x5e, 0x0a, 0x18, 0x6f, 0x61, 0x75, 0x74, 0x68, 0x32, 0x5f, 0x69, 0x6d,
+	0x70, 0x6c, 0x69, 0x63, 0x69, 0x74, 0x5f, 0x73, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x18,
+	0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x61, 0x70, 0x69, 0x2e,
+	0x76, 0x32, 0x2e, 0x4f, 0x61, 0x75, 0x74, 0x68, 0x32, 0x49, 0x6d, 0x70, 0x6c, 0x69, 0x63, 0x69,
+	0x74, 0x53, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x48, 0x00, 0x52, 0x16, 0x6f, 0x61, 0x75,
+	0x74, 0x68, 0x32, 0x49, 0x6d, 0x70, 0x6c, 0x69, 0x63, 0x69, 0x74, 0x53, 0x65, 0x63, 0x75, 0x72,
+	0x69, 0x74, 0x79, 0x12, 0x5e, 0x0a, 0x18, 0x6f, 0x61, 0x75, 0x74, 0x68, 0x32, 0x5f, 0x70, 0x61,
+	0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x5f, 0x73, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x18,
+	0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x61, 0x70, 0x69, 0x2e,
+	0x76, 0x32, 0x2e, 0x4f, 0x61, 0x75, 0x74, 0x68, 0x32, 0x50, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72,
+	0x64, 0x53, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x48, 0x00, 0x52, 0x16, 0x6f, 0x61, 0x75,
+	0x74, 0x68, 0x32, 0x50, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x53, 0x65, 0x63, 0x75, 0x72,
+	0x69, 0x74, 0x79, 0x12, 0x67, 0x0a, 0x1b, 0x6f, 0x61, 0x75, 0x74, 0x68, 0x32, 0x5f, 0x61, 0x70,
+	0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x73, 0x65, 0x63, 0x75, 0x72, 0x69,
+	0x74, 0x79, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x61,
+	0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x4f, 0x61, 0x75, 0x74, 0x68, 0x32, 0x41, 0x70, 0x70, 0x6c,
+	0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x48,
+	0x00, 0x52, 0x19, 0x6f, 0x61, 0x75, 0x74, 0x68, 0x32, 0x41, 0x70, 0x70, 0x6c, 0x69, 0x63, 0x61,
+	0x74, 0x69, 0x6f, 0x6e, 0x53, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x12, 0x65, 0x0a, 0x1b,
+	0x6f, 0x61, 0x75, 0x74, 0x68, 0x32, 0x5f, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x5f, 0x63, 0x6f,
+	0x64, 0x65, 0x5f, 0x73, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x18, 0x06, 0x20, 0x01, 0x28,
+	0x0b, 0x32, 0x24, 0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x4f,
+	0x61, 0x75, 0x74, 0x68, 0x32, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x43, 0x6f, 0x64, 0x65, 0x53,
+	0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x48, 0x00, 0x52, 0x18, 0x6f, 0x61, 0x75, 0x74, 0x68,
+	0x32, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x43, 0x6f, 0x64, 0x65, 0x53, 0x65, 0x63, 0x75, 0x72,
+	0x69, 0x74, 0x79, 0x42, 0x07, 0x0a, 0x05, 0x6f, 0x6e, 0x65, 0x6f, 0x66, 0x22, 0x68, 0x0a, 0x13,
+	0x53, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x52, 0x65, 0x71, 0x75, 0x69, 0x72, 0x65, 0x6d,
+	0x65, 0x6e, 0x74, 0x12, 0x51, 0x0a, 0x15, 0x61, 0x64, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x61,
+	0x6c, 0x5f, 0x70, 0x72, 0x6f, 0x70, 0x65, 0x72, 0x74, 0x69, 0x65, 0x73, 0x18, 0x01, 0x20, 0x03,
+	0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e,
+	0x4e, 0x61, 0x6d, 0x65, 0x64, 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x41, 0x72, 0x72, 0x61, 0x79,
+	0x52, 0x14, 0x61, 0x64, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x50, 0x72, 0x6f, 0x70,
+	0x65, 0x72, 0x74, 0x69, 0x65, 0x73, 0x22, 0x23, 0x0a, 0x0b, 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67,
+	0x41, 0x72, 0x72, 0x61, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x01,
+	0x20, 0x03, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x22, 0xbb, 0x01, 0x0a, 0x03,
+	0x54, 0x61, 0x67, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28,
+	0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x20, 0x0a, 0x0b, 0x64, 0x65, 0x73, 0x63, 0x72,
+	0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x64, 0x65,
+	0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x3d, 0x0a, 0x0d, 0x65, 0x78, 0x74,
+	0x65, 0x72, 0x6e, 0x61, 0x6c, 0x5f, 0x64, 0x6f, 0x63, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b,
+	0x32, 0x18, 0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x45, 0x78,
+	0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x44, 0x6f, 0x63, 0x73, 0x52, 0x0c, 0x65, 0x78, 0x74, 0x65,
+	0x72, 0x6e, 0x61, 0x6c, 0x44, 0x6f, 0x63, 0x73, 0x12, 0x3f, 0x0a, 0x10, 0x76, 0x65, 0x6e, 0x64,
+	0x6f, 0x72, 0x5f, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x04, 0x20, 0x03,
+	0x28, 0x0b, 0x32, 0x14, 0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e,
+	0x4e, 0x61, 0x6d, 0x65, 0x64, 0x41, 0x6e, 0x79, 0x52, 0x0f, 0x76, 0x65, 0x6e, 0x64, 0x6f, 0x72,
+	0x45, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x22, 0x20, 0x0a, 0x08, 0x54, 0x79, 0x70,
+	0x65, 0x49, 0x74, 0x65, 0x6d, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x01,
+	0x20, 0x03, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x22, 0x5c, 0x0a, 0x0f, 0x56,
+	0x65, 0x6e, 0x64, 0x6f, 0x72, 0x45, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x49,
+	0x0a, 0x15, 0x61, 0x64, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x5f, 0x70, 0x72, 0x6f,
+	0x70, 0x65, 0x72, 0x74, 0x69, 0x65, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x14, 0x2e,
+	0x6f, 0x70, 0x65, 0x6e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x4e, 0x61, 0x6d, 0x65, 0x64,
+	0x41, 0x6e, 0x79, 0x52, 0x14, 0x61, 0x64, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x50,
+	0x72, 0x6f, 0x70, 0x65, 0x72, 0x74, 0x69, 0x65, 0x73, 0x22, 0xc8, 0x01, 0x0a, 0x03, 0x58, 0x6d,
+	0x6c, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52,
+	0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61,
+	0x63, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70,
+	0x61, 0x63, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, 0x18, 0x03, 0x20,
+	0x01, 0x28, 0x09, 0x52, 0x06, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, 0x12, 0x1c, 0x0a, 0x09, 0x61,
+	0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x08, 0x52, 0x09,
+	0x61, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x77, 0x72, 0x61,
+	0x70, 0x70, 0x65, 0x64, 0x18, 0x05, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x77, 0x72, 0x61, 0x70,
+	0x70, 0x65, 0x64, 0x12, 0x3f, 0x0a, 0x10, 0x76, 0x65, 0x6e, 0x64, 0x6f, 0x72, 0x5f, 0x65, 0x78,
+	0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x06, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x14, 0x2e,
+	0x6f, 0x70, 0x65, 0x6e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x4e, 0x61, 0x6d, 0x65, 0x64,
+	0x41, 0x6e, 0x79, 0x52, 0x0f, 0x76, 0x65, 0x6e, 0x64, 0x6f, 0x72, 0x45, 0x78, 0x74, 0x65, 0x6e,
+	0x73, 0x69, 0x6f, 0x6e, 0x42, 0x3e, 0x0a, 0x0e, 0x6f, 0x72, 0x67, 0x2e, 0x6f, 0x70, 0x65, 0x6e,
+	0x61, 0x70, 0x69, 0x5f, 0x76, 0x32, 0x42, 0x0c, 0x4f, 0x70, 0x65, 0x6e, 0x41, 0x50, 0x49, 0x50,
+	0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x16, 0x2e, 0x2f, 0x6f, 0x70, 0x65, 0x6e, 0x61, 0x70,
+	0x69, 0x76, 0x32, 0x3b, 0x6f, 0x70, 0x65, 0x6e, 0x61, 0x70, 0x69, 0x5f, 0x76, 0x32, 0xa2, 0x02,
+	0x03, 0x4f, 0x41, 0x53, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+}
+
+var (
+	file_openapiv2_OpenAPIv2_proto_rawDescOnce sync.Once
+	file_openapiv2_OpenAPIv2_proto_rawDescData = file_openapiv2_OpenAPIv2_proto_rawDesc
+)
+
+func file_openapiv2_OpenAPIv2_proto_rawDescGZIP() []byte {
+	file_openapiv2_OpenAPIv2_proto_rawDescOnce.Do(func() {
+		file_openapiv2_OpenAPIv2_proto_rawDescData = protoimpl.X.CompressGZIP(file_openapiv2_OpenAPIv2_proto_rawDescData)
+	})
+	return file_openapiv2_OpenAPIv2_proto_rawDescData
+}
+
+var file_openapiv2_OpenAPIv2_proto_msgTypes = make([]protoimpl.MessageInfo, 60)
+var file_openapiv2_OpenAPIv2_proto_goTypes = []interface{}{
+	(*AdditionalPropertiesItem)(nil),     // 0: openapi.v2.AdditionalPropertiesItem
+	(*Any)(nil),                          // 1: openapi.v2.Any
+	(*ApiKeySecurity)(nil),               // 2: openapi.v2.ApiKeySecurity
+	(*BasicAuthenticationSecurity)(nil),  // 3: openapi.v2.BasicAuthenticationSecurity
+	(*BodyParameter)(nil),                // 4: openapi.v2.BodyParameter
+	(*Contact)(nil),                      // 5: openapi.v2.Contact
+	(*Default)(nil),                      // 6: openapi.v2.Default
+	(*Definitions)(nil),                  // 7: openapi.v2.Definitions
+	(*Document)(nil),                     // 8: openapi.v2.Document
+	(*Examples)(nil),                     // 9: openapi.v2.Examples
+	(*ExternalDocs)(nil),                 // 10: openapi.v2.ExternalDocs
+	(*FileSchema)(nil),                   // 11: openapi.v2.FileSchema
+	(*FormDataParameterSubSchema)(nil),   // 12: openapi.v2.FormDataParameterSubSchema
+	(*Header)(nil),                       // 13: openapi.v2.Header
+	(*HeaderParameterSubSchema)(nil),     // 14: openapi.v2.HeaderParameterSubSchema
+	(*Headers)(nil),                      // 15: openapi.v2.Headers
+	(*Info)(nil),                         // 16: openapi.v2.Info
+	(*ItemsItem)(nil),                    // 17: openapi.v2.ItemsItem
+	(*JsonReference)(nil),                // 18: openapi.v2.JsonReference
+	(*License)(nil),                      // 19: openapi.v2.License
+	(*NamedAny)(nil),                     // 20: openapi.v2.NamedAny
+	(*NamedHeader)(nil),                  // 21: openapi.v2.NamedHeader
+	(*NamedParameter)(nil),               // 22: openapi.v2.NamedParameter
+	(*NamedPathItem)(nil),                // 23: openapi.v2.NamedPathItem
+	(*NamedResponse)(nil),                // 24: openapi.v2.NamedResponse
+	(*NamedResponseValue)(nil),           // 25: openapi.v2.NamedResponseValue
+	(*NamedSchema)(nil),                  // 26: openapi.v2.NamedSchema
+	(*NamedSecurityDefinitionsItem)(nil), // 27: openapi.v2.NamedSecurityDefinitionsItem
+	(*NamedString)(nil),                  // 28: openapi.v2.NamedString
+	(*NamedStringArray)(nil),             // 29: openapi.v2.NamedStringArray
+	(*NonBodyParameter)(nil),             // 30: openapi.v2.NonBodyParameter
+	(*Oauth2AccessCodeSecurity)(nil),     // 31: openapi.v2.Oauth2AccessCodeSecurity
+	(*Oauth2ApplicationSecurity)(nil),    // 32: openapi.v2.Oauth2ApplicationSecurity
+	(*Oauth2ImplicitSecurity)(nil),       // 33: openapi.v2.Oauth2ImplicitSecurity
+	(*Oauth2PasswordSecurity)(nil),       // 34: openapi.v2.Oauth2PasswordSecurity
+	(*Oauth2Scopes)(nil),                 // 35: openapi.v2.Oauth2Scopes
+	(*Operation)(nil),                    // 36: openapi.v2.Operation
+	(*Parameter)(nil),                    // 37: openapi.v2.Parameter
+	(*ParameterDefinitions)(nil),         // 38: openapi.v2.ParameterDefinitions
+	(*ParametersItem)(nil),               // 39: openapi.v2.ParametersItem
+	(*PathItem)(nil),                     // 40: openapi.v2.PathItem
+	(*PathParameterSubSchema)(nil),       // 41: openapi.v2.PathParameterSubSchema
+	(*Paths)(nil),                        // 42: openapi.v2.Paths
+	(*PrimitivesItems)(nil),              // 43: openapi.v2.PrimitivesItems
+	(*Properties)(nil),                   // 44: openapi.v2.Properties
+	(*QueryParameterSubSchema)(nil),      // 45: openapi.v2.QueryParameterSubSchema
+	(*Response)(nil),                     // 46: openapi.v2.Response
+	(*ResponseDefinitions)(nil),          // 47: openapi.v2.ResponseDefinitions
+	(*ResponseValue)(nil),                // 48: openapi.v2.ResponseValue
+	(*Responses)(nil),                    // 49: openapi.v2.Responses
+	(*Schema)(nil),                       // 50: openapi.v2.Schema
+	(*SchemaItem)(nil),                   // 51: openapi.v2.SchemaItem
+	(*SecurityDefinitions)(nil),          // 52: openapi.v2.SecurityDefinitions
+	(*SecurityDefinitionsItem)(nil),      // 53: openapi.v2.SecurityDefinitionsItem
+	(*SecurityRequirement)(nil),          // 54: openapi.v2.SecurityRequirement
+	(*StringArray)(nil),                  // 55: openapi.v2.StringArray
+	(*Tag)(nil),                          // 56: openapi.v2.Tag
+	(*TypeItem)(nil),                     // 57: openapi.v2.TypeItem
+	(*VendorExtension)(nil),              // 58: openapi.v2.VendorExtension
+	(*Xml)(nil),                          // 59: openapi.v2.Xml
+	(*anypb.Any)(nil),                    // 60: google.protobuf.Any
+}
+var file_openapiv2_OpenAPIv2_proto_depIdxs = []int32{
+	50,  // 0: openapi.v2.AdditionalPropertiesItem.schema:type_name -> openapi.v2.Schema
+	60,  // 1: openapi.v2.Any.value:type_name -> google.protobuf.Any
+	20,  // 2: openapi.v2.ApiKeySecurity.vendor_extension:type_name -> openapi.v2.NamedAny
+	20,  // 3: openapi.v2.BasicAuthenticationSecurity.vendor_extension:type_name -> openapi.v2.NamedAny
+	50,  // 4: openapi.v2.BodyParameter.schema:type_name -> openapi.v2.Schema
+	20,  // 5: openapi.v2.BodyParameter.vendor_extension:type_name -> openapi.v2.NamedAny
+	20,  // 6: openapi.v2.Contact.vendor_extension:type_name -> openapi.v2.NamedAny
+	20,  // 7: openapi.v2.Default.additional_properties:type_name -> openapi.v2.NamedAny
+	26,  // 8: openapi.v2.Definitions.additional_properties:type_name -> openapi.v2.NamedSchema
+	16,  // 9: openapi.v2.Document.info:type_name -> openapi.v2.Info
+	42,  // 10: openapi.v2.Document.paths:type_name -> openapi.v2.Paths
+	7,   // 11: openapi.v2.Document.definitions:type_name -> openapi.v2.Definitions
+	38,  // 12: openapi.v2.Document.parameters:type_name -> openapi.v2.ParameterDefinitions
+	47,  // 13: openapi.v2.Document.responses:type_name -> openapi.v2.ResponseDefinitions
+	54,  // 14: openapi.v2.Document.security:type_name -> openapi.v2.SecurityRequirement
+	52,  // 15: openapi.v2.Document.security_definitions:type_name -> openapi.v2.SecurityDefinitions
+	56,  // 16: openapi.v2.Document.tags:type_name -> openapi.v2.Tag
+	10,  // 17: openapi.v2.Document.external_docs:type_name -> openapi.v2.ExternalDocs
+	20,  // 18: openapi.v2.Document.vendor_extension:type_name -> openapi.v2.NamedAny
+	20,  // 19: openapi.v2.Examples.additional_properties:type_name -> openapi.v2.NamedAny
+	20,  // 20: openapi.v2.ExternalDocs.vendor_extension:type_name -> openapi.v2.NamedAny
+	1,   // 21: openapi.v2.FileSchema.default:type_name -> openapi.v2.Any
+	10,  // 22: openapi.v2.FileSchema.external_docs:type_name -> openapi.v2.ExternalDocs
+	1,   // 23: openapi.v2.FileSchema.example:type_name -> openapi.v2.Any
+	20,  // 24: openapi.v2.FileSchema.vendor_extension:type_name -> openapi.v2.NamedAny
+	43,  // 25: openapi.v2.FormDataParameterSubSchema.items:type_name -> openapi.v2.PrimitivesItems
+	1,   // 26: openapi.v2.FormDataParameterSubSchema.default:type_name -> openapi.v2.Any
+	1,   // 27: openapi.v2.FormDataParameterSubSchema.enum:type_name -> openapi.v2.Any
+	20,  // 28: openapi.v2.FormDataParameterSubSchema.vendor_extension:type_name -> openapi.v2.NamedAny
+	43,  // 29: openapi.v2.Header.items:type_name -> openapi.v2.PrimitivesItems
+	1,   // 30: openapi.v2.Header.default:type_name -> openapi.v2.Any
+	1,   // 31: openapi.v2.Header.enum:type_name -> openapi.v2.Any
+	20,  // 32: openapi.v2.Header.vendor_extension:type_name -> openapi.v2.NamedAny
+	43,  // 33: openapi.v2.HeaderParameterSubSchema.items:type_name -> openapi.v2.PrimitivesItems
+	1,   // 34: openapi.v2.HeaderParameterSubSchema.default:type_name -> openapi.v2.Any
+	1,   // 35: openapi.v2.HeaderParameterSubSchema.enum:type_name -> openapi.v2.Any
+	20,  // 36: openapi.v2.HeaderParameterSubSchema.vendor_extension:type_name -> openapi.v2.NamedAny
+	21,  // 37: openapi.v2.Headers.additional_properties:type_name -> openapi.v2.NamedHeader
+	5,   // 38: openapi.v2.Info.contact:type_name -> openapi.v2.Contact
+	19,  // 39: openapi.v2.Info.license:type_name -> openapi.v2.License
+	20,  // 40: openapi.v2.Info.vendor_extension:type_name -> openapi.v2.NamedAny
+	50,  // 41: openapi.v2.ItemsItem.schema:type_name -> openapi.v2.Schema
+	20,  // 42: openapi.v2.License.vendor_extension:type_name -> openapi.v2.NamedAny
+	1,   // 43: openapi.v2.NamedAny.value:type_name -> openapi.v2.Any
+	13,  // 44: openapi.v2.NamedHeader.value:type_name -> openapi.v2.Header
+	37,  // 45: openapi.v2.NamedParameter.value:type_name -> openapi.v2.Parameter
+	40,  // 46: openapi.v2.NamedPathItem.value:type_name -> openapi.v2.PathItem
+	46,  // 47: openapi.v2.NamedResponse.value:type_name -> openapi.v2.Response
+	48,  // 48: openapi.v2.NamedResponseValue.value:type_name -> openapi.v2.ResponseValue
+	50,  // 49: openapi.v2.NamedSchema.value:type_name -> openapi.v2.Schema
+	53,  // 50: openapi.v2.NamedSecurityDefinitionsItem.value:type_name -> openapi.v2.SecurityDefinitionsItem
+	55,  // 51: openapi.v2.NamedStringArray.value:type_name -> openapi.v2.StringArray
+	14,  // 52: openapi.v2.NonBodyParameter.header_parameter_sub_schema:type_name -> openapi.v2.HeaderParameterSubSchema
+	12,  // 53: openapi.v2.NonBodyParameter.form_data_parameter_sub_schema:type_name -> openapi.v2.FormDataParameterSubSchema
+	45,  // 54: openapi.v2.NonBodyParameter.query_parameter_sub_schema:type_name -> openapi.v2.QueryParameterSubSchema
+	41,  // 55: openapi.v2.NonBodyParameter.path_parameter_sub_schema:type_name -> openapi.v2.PathParameterSubSchema
+	35,  // 56: openapi.v2.Oauth2AccessCodeSecurity.scopes:type_name -> openapi.v2.Oauth2Scopes
+	20,  // 57: openapi.v2.Oauth2AccessCodeSecurity.vendor_extension:type_name -> openapi.v2.NamedAny
+	35,  // 58: openapi.v2.Oauth2ApplicationSecurity.scopes:type_name -> openapi.v2.Oauth2Scopes
+	20,  // 59: openapi.v2.Oauth2ApplicationSecurity.vendor_extension:type_name -> openapi.v2.NamedAny
+	35,  // 60: openapi.v2.Oauth2ImplicitSecurity.scopes:type_name -> openapi.v2.Oauth2Scopes
+	20,  // 61: openapi.v2.Oauth2ImplicitSecurity.vendor_extension:type_name -> openapi.v2.NamedAny
+	35,  // 62: openapi.v2.Oauth2PasswordSecurity.scopes:type_name -> openapi.v2.Oauth2Scopes
+	20,  // 63: openapi.v2.Oauth2PasswordSecurity.vendor_extension:type_name -> openapi.v2.NamedAny
+	28,  // 64: openapi.v2.Oauth2Scopes.additional_properties:type_name -> openapi.v2.NamedString
+	10,  // 65: openapi.v2.Operation.external_docs:type_name -> openapi.v2.ExternalDocs
+	39,  // 66: openapi.v2.Operation.parameters:type_name -> openapi.v2.ParametersItem
+	49,  // 67: openapi.v2.Operation.responses:type_name -> openapi.v2.Responses
+	54,  // 68: openapi.v2.Operation.security:type_name -> openapi.v2.SecurityRequirement
+	20,  // 69: openapi.v2.Operation.vendor_extension:type_name -> openapi.v2.NamedAny
+	4,   // 70: openapi.v2.Parameter.body_parameter:type_name -> openapi.v2.BodyParameter
+	30,  // 71: openapi.v2.Parameter.non_body_parameter:type_name -> openapi.v2.NonBodyParameter
+	22,  // 72: openapi.v2.ParameterDefinitions.additional_properties:type_name -> openapi.v2.NamedParameter
+	37,  // 73: openapi.v2.ParametersItem.parameter:type_name -> openapi.v2.Parameter
+	18,  // 74: openapi.v2.ParametersItem.json_reference:type_name -> openapi.v2.JsonReference
+	36,  // 75: openapi.v2.PathItem.get:type_name -> openapi.v2.Operation
+	36,  // 76: openapi.v2.PathItem.put:type_name -> openapi.v2.Operation
+	36,  // 77: openapi.v2.PathItem.post:type_name -> openapi.v2.Operation
+	36,  // 78: openapi.v2.PathItem.delete:type_name -> openapi.v2.Operation
+	36,  // 79: openapi.v2.PathItem.options:type_name -> openapi.v2.Operation
+	36,  // 80: openapi.v2.PathItem.head:type_name -> openapi.v2.Operation
+	36,  // 81: openapi.v2.PathItem.patch:type_name -> openapi.v2.Operation
+	39,  // 82: openapi.v2.PathItem.parameters:type_name -> openapi.v2.ParametersItem
+	20,  // 83: openapi.v2.PathItem.vendor_extension:type_name -> openapi.v2.NamedAny
+	43,  // 84: openapi.v2.PathParameterSubSchema.items:type_name -> openapi.v2.PrimitivesItems
+	1,   // 85: openapi.v2.PathParameterSubSchema.default:type_name -> openapi.v2.Any
+	1,   // 86: openapi.v2.PathParameterSubSchema.enum:type_name -> openapi.v2.Any
+	20,  // 87: openapi.v2.PathParameterSubSchema.vendor_extension:type_name -> openapi.v2.NamedAny
+	20,  // 88: openapi.v2.Paths.vendor_extension:type_name -> openapi.v2.NamedAny
+	23,  // 89: openapi.v2.Paths.path:type_name -> openapi.v2.NamedPathItem
+	43,  // 90: openapi.v2.PrimitivesItems.items:type_name -> openapi.v2.PrimitivesItems
+	1,   // 91: openapi.v2.PrimitivesItems.default:type_name -> openapi.v2.Any
+	1,   // 92: openapi.v2.PrimitivesItems.enum:type_name -> openapi.v2.Any
+	20,  // 93: openapi.v2.PrimitivesItems.vendor_extension:type_name -> openapi.v2.NamedAny
+	26,  // 94: openapi.v2.Properties.additional_properties:type_name -> openapi.v2.NamedSchema
+	43,  // 95: openapi.v2.QueryParameterSubSchema.items:type_name -> openapi.v2.PrimitivesItems
+	1,   // 96: openapi.v2.QueryParameterSubSchema.default:type_name -> openapi.v2.Any
+	1,   // 97: openapi.v2.QueryParameterSubSchema.enum:type_name -> openapi.v2.Any
+	20,  // 98: openapi.v2.QueryParameterSubSchema.vendor_extension:type_name -> openapi.v2.NamedAny
+	51,  // 99: openapi.v2.Response.schema:type_name -> openapi.v2.SchemaItem
+	15,  // 100: openapi.v2.Response.headers:type_name -> openapi.v2.Headers
+	9,   // 101: openapi.v2.Response.examples:type_name -> openapi.v2.Examples
+	20,  // 102: openapi.v2.Response.vendor_extension:type_name -> openapi.v2.NamedAny
+	24,  // 103: openapi.v2.ResponseDefinitions.additional_properties:type_name -> openapi.v2.NamedResponse
+	46,  // 104: openapi.v2.ResponseValue.response:type_name -> openapi.v2.Response
+	18,  // 105: openapi.v2.ResponseValue.json_reference:type_name -> openapi.v2.JsonReference
+	25,  // 106: openapi.v2.Responses.response_code:type_name -> openapi.v2.NamedResponseValue
+	20,  // 107: openapi.v2.Responses.vendor_extension:type_name -> openapi.v2.NamedAny
+	1,   // 108: openapi.v2.Schema.default:type_name -> openapi.v2.Any
+	1,   // 109: openapi.v2.Schema.enum:type_name -> openapi.v2.Any
+	0,   // 110: openapi.v2.Schema.additional_properties:type_name -> openapi.v2.AdditionalPropertiesItem
+	57,  // 111: openapi.v2.Schema.type:type_name -> openapi.v2.TypeItem
+	17,  // 112: openapi.v2.Schema.items:type_name -> openapi.v2.ItemsItem
+	50,  // 113: openapi.v2.Schema.all_of:type_name -> openapi.v2.Schema
+	44,  // 114: openapi.v2.Schema.properties:type_name -> openapi.v2.Properties
+	59,  // 115: openapi.v2.Schema.xml:type_name -> openapi.v2.Xml
+	10,  // 116: openapi.v2.Schema.external_docs:type_name -> openapi.v2.ExternalDocs
+	1,   // 117: openapi.v2.Schema.example:type_name -> openapi.v2.Any
+	20,  // 118: openapi.v2.Schema.vendor_extension:type_name -> openapi.v2.NamedAny
+	50,  // 119: openapi.v2.SchemaItem.schema:type_name -> openapi.v2.Schema
+	11,  // 120: openapi.v2.SchemaItem.file_schema:type_name -> openapi.v2.FileSchema
+	27,  // 121: openapi.v2.SecurityDefinitions.additional_properties:type_name -> openapi.v2.NamedSecurityDefinitionsItem
+	3,   // 122: openapi.v2.SecurityDefinitionsItem.basic_authentication_security:type_name -> openapi.v2.BasicAuthenticationSecurity
+	2,   // 123: openapi.v2.SecurityDefinitionsItem.api_key_security:type_name -> openapi.v2.ApiKeySecurity
+	33,  // 124: openapi.v2.SecurityDefinitionsItem.oauth2_implicit_security:type_name -> openapi.v2.Oauth2ImplicitSecurity
+	34,  // 125: openapi.v2.SecurityDefinitionsItem.oauth2_password_security:type_name -> openapi.v2.Oauth2PasswordSecurity
+	32,  // 126: openapi.v2.SecurityDefinitionsItem.oauth2_application_security:type_name -> openapi.v2.Oauth2ApplicationSecurity
+	31,  // 127: openapi.v2.SecurityDefinitionsItem.oauth2_access_code_security:type_name -> openapi.v2.Oauth2AccessCodeSecurity
+	29,  // 128: openapi.v2.SecurityRequirement.additional_properties:type_name -> openapi.v2.NamedStringArray
+	10,  // 129: openapi.v2.Tag.external_docs:type_name -> openapi.v2.ExternalDocs
+	20,  // 130: openapi.v2.Tag.vendor_extension:type_name -> openapi.v2.NamedAny
+	20,  // 131: openapi.v2.VendorExtension.additional_properties:type_name -> openapi.v2.NamedAny
+	20,  // 132: openapi.v2.Xml.vendor_extension:type_name -> openapi.v2.NamedAny
+	133, // [133:133] is the sub-list for method output_type
+	133, // [133:133] is the sub-list for method input_type
+	133, // [133:133] is the sub-list for extension type_name
+	133, // [133:133] is the sub-list for extension extendee
+	0,   // [0:133] is the sub-list for field type_name
+}
+
+func init() { file_openapiv2_OpenAPIv2_proto_init() }
+func file_openapiv2_OpenAPIv2_proto_init() {
+	if File_openapiv2_OpenAPIv2_proto != nil {
+		return
+	}
+	if !protoimpl.UnsafeEnabled {
+		file_openapiv2_OpenAPIv2_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*AdditionalPropertiesItem); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_openapiv2_OpenAPIv2_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*Any); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_openapiv2_OpenAPIv2_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*ApiKeySecurity); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_openapiv2_OpenAPIv2_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*BasicAuthenticationSecurity); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_openapiv2_OpenAPIv2_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*BodyParameter); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_openapiv2_OpenAPIv2_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*Contact); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_openapiv2_OpenAPIv2_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*Default); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_openapiv2_OpenAPIv2_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*Definitions); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_openapiv2_OpenAPIv2_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*Document); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_openapiv2_OpenAPIv2_proto_msgTypes[9].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*Examples); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_openapiv2_OpenAPIv2_proto_msgTypes[10].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*ExternalDocs); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_openapiv2_OpenAPIv2_proto_msgTypes[11].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*FileSchema); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_openapiv2_OpenAPIv2_proto_msgTypes[12].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*FormDataParameterSubSchema); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_openapiv2_OpenAPIv2_proto_msgTypes[13].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*Header); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_openapiv2_OpenAPIv2_proto_msgTypes[14].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*HeaderParameterSubSchema); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_openapiv2_OpenAPIv2_proto_msgTypes[15].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*Headers); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_openapiv2_OpenAPIv2_proto_msgTypes[16].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*Info); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_openapiv2_OpenAPIv2_proto_msgTypes[17].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*ItemsItem); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_openapiv2_OpenAPIv2_proto_msgTypes[18].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*JsonReference); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_openapiv2_OpenAPIv2_proto_msgTypes[19].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*License); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_openapiv2_OpenAPIv2_proto_msgTypes[20].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*NamedAny); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_openapiv2_OpenAPIv2_proto_msgTypes[21].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*NamedHeader); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_openapiv2_OpenAPIv2_proto_msgTypes[22].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*NamedParameter); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_openapiv2_OpenAPIv2_proto_msgTypes[23].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*NamedPathItem); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_openapiv2_OpenAPIv2_proto_msgTypes[24].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*NamedResponse); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_openapiv2_OpenAPIv2_proto_msgTypes[25].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*NamedResponseValue); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_openapiv2_OpenAPIv2_proto_msgTypes[26].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*NamedSchema); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_openapiv2_OpenAPIv2_proto_msgTypes[27].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*NamedSecurityDefinitionsItem); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_openapiv2_OpenAPIv2_proto_msgTypes[28].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*NamedString); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_openapiv2_OpenAPIv2_proto_msgTypes[29].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*NamedStringArray); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_openapiv2_OpenAPIv2_proto_msgTypes[30].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*NonBodyParameter); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_openapiv2_OpenAPIv2_proto_msgTypes[31].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*Oauth2AccessCodeSecurity); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_openapiv2_OpenAPIv2_proto_msgTypes[32].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*Oauth2ApplicationSecurity); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_openapiv2_OpenAPIv2_proto_msgTypes[33].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*Oauth2ImplicitSecurity); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_openapiv2_OpenAPIv2_proto_msgTypes[34].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*Oauth2PasswordSecurity); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_openapiv2_OpenAPIv2_proto_msgTypes[35].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*Oauth2Scopes); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_openapiv2_OpenAPIv2_proto_msgTypes[36].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*Operation); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_openapiv2_OpenAPIv2_proto_msgTypes[37].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*Parameter); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_openapiv2_OpenAPIv2_proto_msgTypes[38].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*ParameterDefinitions); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_openapiv2_OpenAPIv2_proto_msgTypes[39].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*ParametersItem); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_openapiv2_OpenAPIv2_proto_msgTypes[40].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*PathItem); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_openapiv2_OpenAPIv2_proto_msgTypes[41].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*PathParameterSubSchema); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_openapiv2_OpenAPIv2_proto_msgTypes[42].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*Paths); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_openapiv2_OpenAPIv2_proto_msgTypes[43].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*PrimitivesItems); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_openapiv2_OpenAPIv2_proto_msgTypes[44].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*Properties); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_openapiv2_OpenAPIv2_proto_msgTypes[45].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*QueryParameterSubSchema); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_openapiv2_OpenAPIv2_proto_msgTypes[46].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*Response); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_openapiv2_OpenAPIv2_proto_msgTypes[47].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*ResponseDefinitions); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_openapiv2_OpenAPIv2_proto_msgTypes[48].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*ResponseValue); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_openapiv2_OpenAPIv2_proto_msgTypes[49].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*Responses); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_openapiv2_OpenAPIv2_proto_msgTypes[50].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*Schema); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_openapiv2_OpenAPIv2_proto_msgTypes[51].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*SchemaItem); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_openapiv2_OpenAPIv2_proto_msgTypes[52].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*SecurityDefinitions); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_openapiv2_OpenAPIv2_proto_msgTypes[53].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*SecurityDefinitionsItem); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_openapiv2_OpenAPIv2_proto_msgTypes[54].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*SecurityRequirement); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_openapiv2_OpenAPIv2_proto_msgTypes[55].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*StringArray); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_openapiv2_OpenAPIv2_proto_msgTypes[56].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*Tag); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_openapiv2_OpenAPIv2_proto_msgTypes[57].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*TypeItem); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_openapiv2_OpenAPIv2_proto_msgTypes[58].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*VendorExtension); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_openapiv2_OpenAPIv2_proto_msgTypes[59].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*Xml); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+	}
+	file_openapiv2_OpenAPIv2_proto_msgTypes[0].OneofWrappers = []interface{}{
+		(*AdditionalPropertiesItem_Schema)(nil),
+		(*AdditionalPropertiesItem_Boolean)(nil),
+	}
+	file_openapiv2_OpenAPIv2_proto_msgTypes[30].OneofWrappers = []interface{}{
+		(*NonBodyParameter_HeaderParameterSubSchema)(nil),
+		(*NonBodyParameter_FormDataParameterSubSchema)(nil),
+		(*NonBodyParameter_QueryParameterSubSchema)(nil),
+		(*NonBodyParameter_PathParameterSubSchema)(nil),
+	}
+	file_openapiv2_OpenAPIv2_proto_msgTypes[37].OneofWrappers = []interface{}{
+		(*Parameter_BodyParameter)(nil),
+		(*Parameter_NonBodyParameter)(nil),
+	}
+	file_openapiv2_OpenAPIv2_proto_msgTypes[39].OneofWrappers = []interface{}{
+		(*ParametersItem_Parameter)(nil),
+		(*ParametersItem_JsonReference)(nil),
+	}
+	file_openapiv2_OpenAPIv2_proto_msgTypes[48].OneofWrappers = []interface{}{
+		(*ResponseValue_Response)(nil),
+		(*ResponseValue_JsonReference)(nil),
+	}
+	file_openapiv2_OpenAPIv2_proto_msgTypes[51].OneofWrappers = []interface{}{
+		(*SchemaItem_Schema)(nil),
+		(*SchemaItem_FileSchema)(nil),
+	}
+	file_openapiv2_OpenAPIv2_proto_msgTypes[53].OneofWrappers = []interface{}{
+		(*SecurityDefinitionsItem_BasicAuthenticationSecurity)(nil),
+		(*SecurityDefinitionsItem_ApiKeySecurity)(nil),
+		(*SecurityDefinitionsItem_Oauth2ImplicitSecurity)(nil),
+		(*SecurityDefinitionsItem_Oauth2PasswordSecurity)(nil),
+		(*SecurityDefinitionsItem_Oauth2ApplicationSecurity)(nil),
+		(*SecurityDefinitionsItem_Oauth2AccessCodeSecurity)(nil),
+	}
+	type x struct{}
+	out := protoimpl.TypeBuilder{
+		File: protoimpl.DescBuilder{
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+			RawDescriptor: file_openapiv2_OpenAPIv2_proto_rawDesc,
+			NumEnums:      0,
+			NumMessages:   60,
+			NumExtensions: 0,
+			NumServices:   0,
+		},
+		GoTypes:           file_openapiv2_OpenAPIv2_proto_goTypes,
+		DependencyIndexes: file_openapiv2_OpenAPIv2_proto_depIdxs,
+		MessageInfos:      file_openapiv2_OpenAPIv2_proto_msgTypes,
+	}.Build()
+	File_openapiv2_OpenAPIv2_proto = out.File
+	file_openapiv2_OpenAPIv2_proto_rawDesc = nil
+	file_openapiv2_OpenAPIv2_proto_goTypes = nil
+	file_openapiv2_OpenAPIv2_proto_depIdxs = nil
+}
diff --git a/vendor/github.com/google/gnostic-models/openapiv2/OpenAPIv2.proto b/vendor/github.com/google/gnostic-models/openapiv2/OpenAPIv2.proto
new file mode 100644
index 000000000..1c59b2f4a
--- /dev/null
+++ b/vendor/github.com/google/gnostic-models/openapiv2/OpenAPIv2.proto
@@ -0,0 +1,666 @@
+// Copyright 2020 Google LLC. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// THIS FILE IS AUTOMATICALLY GENERATED.
+
+syntax = "proto3";
+
+package openapi.v2;
+
+import "google/protobuf/any.proto";
+
+// This option lets the proto compiler generate Java code inside the package
+// name (see below) instead of inside an outer class. It creates a simpler
+// developer experience by reducing one-level of name nesting and be
+// consistent with most programming languages that don't support outer classes.
+option java_multiple_files = true;
+
+// The Java outer classname should be the filename in UpperCamelCase. This
+// class is only used to hold proto descriptor, so developers don't need to
+// work with it directly.
+option java_outer_classname = "OpenAPIProto";
+
+// The Java package name must be proto package name with proper prefix.
+option java_package = "org.openapi_v2";
+
+// A reasonable prefix for the Objective-C symbols generated from the package.
+// It should at a minimum be 3 characters long, all uppercase, and convention
+// is to use an abbreviation of the package name. Something short, but
+// hopefully unique enough to not conflict with things that may come along in
+// the future. 'GPB' is reserved for the protocol buffer implementation itself.
+option objc_class_prefix = "OAS";
+
+// The Go package name.
+option go_package = "./openapiv2;openapi_v2";
+
+message AdditionalPropertiesItem {
+  oneof oneof {
+    Schema schema = 1;
+    bool boolean = 2;
+  }
+}
+
+message Any {
+  google.protobuf.Any value = 1;
+  string yaml = 2;
+}
+
+message ApiKeySecurity {
+  string type = 1;
+  string name = 2;
+  string in = 3;
+  string description = 4;
+  repeated NamedAny vendor_extension = 5;
+}
+
+message BasicAuthenticationSecurity {
+  string type = 1;
+  string description = 2;
+  repeated NamedAny vendor_extension = 3;
+}
+
+message BodyParameter {
+  // A brief description of the parameter. This could contain examples of use.  GitHub Flavored Markdown is allowed.
+  string description = 1;
+  // The name of the parameter.
+  string name = 2;
+  // Determines the location of the parameter.
+  string in = 3;
+  // Determines whether or not this parameter is required or optional.
+  bool required = 4;
+  Schema schema = 5;
+  repeated NamedAny vendor_extension = 6;
+}
+
+// Contact information for the owners of the API.
+message Contact {
+  // The identifying name of the contact person/organization.
+  string name = 1;
+  // The URL pointing to the contact information.
+  string url = 2;
+  // The email address of the contact person/organization.
+  string email = 3;
+  repeated NamedAny vendor_extension = 4;
+}
+
+message Default {
+  repeated NamedAny additional_properties = 1;
+}
+
+// One or more JSON objects describing the schemas being consumed and produced by the API.
+message Definitions {
+  repeated NamedSchema additional_properties = 1;
+}
+
+message Document {
+  // The Swagger version of this document.
+  string swagger = 1;
+  Info info = 2;
+  // The host (name or ip) of the API. Example: 'swagger.io'
+  string host = 3;
+  // The base path to the API. Example: '/api'.
+  string base_path = 4;
+  // The transfer protocol of the API.
+  repeated string schemes = 5;
+  // A list of MIME types accepted by the API.
+  repeated string consumes = 6;
+  // A list of MIME types the API can produce.
+  repeated string produces = 7;
+  Paths paths = 8;
+  Definitions definitions = 9;
+  ParameterDefinitions parameters = 10;
+  ResponseDefinitions responses = 11;
+  repeated SecurityRequirement security = 12;
+  SecurityDefinitions security_definitions = 13;
+  repeated Tag tags = 14;
+  ExternalDocs external_docs = 15;
+  repeated NamedAny vendor_extension = 16;
+}
+
+message Examples {
+  repeated NamedAny additional_properties = 1;
+}
+
+// information about external documentation
+message ExternalDocs {
+  string description = 1;
+  string url = 2;
+  repeated NamedAny vendor_extension = 3;
+}
+
+// A deterministic version of a JSON Schema object.
+message FileSchema {
+  string format = 1;
+  string title = 2;
+  string description = 3;
+  Any default = 4;
+  repeated string required = 5;
+  string type = 6;
+  bool read_only = 7;
+  ExternalDocs external_docs = 8;
+  Any example = 9;
+  repeated NamedAny vendor_extension = 10;
+}
+
+message FormDataParameterSubSchema {
+  // Determines whether or not this parameter is required or optional.
+  bool required = 1;
+  // Determines the location of the parameter.
+  string in = 2;
+  // A brief description of the parameter. This could contain examples of use.  GitHub Flavored Markdown is allowed.
+  string description = 3;
+  // The name of the parameter.
+  string name = 4;
+  // allows sending a parameter by name only or with an empty value.
+  bool allow_empty_value = 5;
+  string type = 6;
+  string format = 7;
+  PrimitivesItems items = 8;
+  string collection_format = 9;
+  Any default = 10;
+  double maximum = 11;
+  bool exclusive_maximum = 12;
+  double minimum = 13;
+  bool exclusive_minimum = 14;
+  int64 max_length = 15;
+  int64 min_length = 16;
+  string pattern = 17;
+  int64 max_items = 18;
+  int64 min_items = 19;
+  bool unique_items = 20;
+  repeated Any enum = 21;
+  double multiple_of = 22;
+  repeated NamedAny vendor_extension = 23;
+}
+
+message Header {
+  string type = 1;
+  string format = 2;
+  PrimitivesItems items = 3;
+  string collection_format = 4;
+  Any default = 5;
+  double maximum = 6;
+  bool exclusive_maximum = 7;
+  double minimum = 8;
+  bool exclusive_minimum = 9;
+  int64 max_length = 10;
+  int64 min_length = 11;
+  string pattern = 12;
+  int64 max_items = 13;
+  int64 min_items = 14;
+  bool unique_items = 15;
+  repeated Any enum = 16;
+  double multiple_of = 17;
+  string description = 18;
+  repeated NamedAny vendor_extension = 19;
+}
+
+message HeaderParameterSubSchema {
+  // Determines whether or not this parameter is required or optional.
+  bool required = 1;
+  // Determines the location of the parameter.
+  string in = 2;
+  // A brief description of the parameter. This could contain examples of use.  GitHub Flavored Markdown is allowed.
+  string description = 3;
+  // The name of the parameter.
+  string name = 4;
+  string type = 5;
+  string format = 6;
+  PrimitivesItems items = 7;
+  string collection_format = 8;
+  Any default = 9;
+  double maximum = 10;
+  bool exclusive_maximum = 11;
+  double minimum = 12;
+  bool exclusive_minimum = 13;
+  int64 max_length = 14;
+  int64 min_length = 15;
+  string pattern = 16;
+  int64 max_items = 17;
+  int64 min_items = 18;
+  bool unique_items = 19;
+  repeated Any enum = 20;
+  double multiple_of = 21;
+  repeated NamedAny vendor_extension = 22;
+}
+
+message Headers {
+  repeated NamedHeader additional_properties = 1;
+}
+
+// General information about the API.
+message Info {
+  // A unique and precise title of the API.
+  string title = 1;
+  // A semantic version number of the API.
+  string version = 2;
+  // A longer description of the API. Should be different from the title.  GitHub Flavored Markdown is allowed.
+  string description = 3;
+  // The terms of service for the API.
+  string terms_of_service = 4;
+  Contact contact = 5;
+  License license = 6;
+  repeated NamedAny vendor_extension = 7;
+}
+
+message ItemsItem {
+  repeated Schema schema = 1;
+}
+
+message JsonReference {
+  string _ref = 1;
+  string description = 2;
+}
+
+message License {
+  // The name of the license type. It's encouraged to use an OSI compatible license.
+  string name = 1;
+  // The URL pointing to the license.
+  string url = 2;
+  repeated NamedAny vendor_extension = 3;
+}
+
+// Automatically-generated message used to represent maps of Any as ordered (name,value) pairs.
+message NamedAny {
+  // Map key
+  string name = 1;
+  // Mapped value
+  Any value = 2;
+}
+
+// Automatically-generated message used to represent maps of Header as ordered (name,value) pairs.
+message NamedHeader {
+  // Map key
+  string name = 1;
+  // Mapped value
+  Header value = 2;
+}
+
+// Automatically-generated message used to represent maps of Parameter as ordered (name,value) pairs.
+message NamedParameter {
+  // Map key
+  string name = 1;
+  // Mapped value
+  Parameter value = 2;
+}
+
+// Automatically-generated message used to represent maps of PathItem as ordered (name,value) pairs.
+message NamedPathItem {
+  // Map key
+  string name = 1;
+  // Mapped value
+  PathItem value = 2;
+}
+
+// Automatically-generated message used to represent maps of Response as ordered (name,value) pairs.
+message NamedResponse {
+  // Map key
+  string name = 1;
+  // Mapped value
+  Response value = 2;
+}
+
+// Automatically-generated message used to represent maps of ResponseValue as ordered (name,value) pairs.
+message NamedResponseValue {
+  // Map key
+  string name = 1;
+  // Mapped value
+  ResponseValue value = 2;
+}
+
+// Automatically-generated message used to represent maps of Schema as ordered (name,value) pairs.
+message NamedSchema {
+  // Map key
+  string name = 1;
+  // Mapped value
+  Schema value = 2;
+}
+
+// Automatically-generated message used to represent maps of SecurityDefinitionsItem as ordered (name,value) pairs.
+message NamedSecurityDefinitionsItem {
+  // Map key
+  string name = 1;
+  // Mapped value
+  SecurityDefinitionsItem value = 2;
+}
+
+// Automatically-generated message used to represent maps of string as ordered (name,value) pairs.
+message NamedString {
+  // Map key
+  string name = 1;
+  // Mapped value
+  string value = 2;
+}
+
+// Automatically-generated message used to represent maps of StringArray as ordered (name,value) pairs.
+message NamedStringArray {
+  // Map key
+  string name = 1;
+  // Mapped value
+  StringArray value = 2;
+}
+
+message NonBodyParameter {
+  oneof oneof {
+    HeaderParameterSubSchema header_parameter_sub_schema = 1;
+    FormDataParameterSubSchema form_data_parameter_sub_schema = 2;
+    QueryParameterSubSchema query_parameter_sub_schema = 3;
+    PathParameterSubSchema path_parameter_sub_schema = 4;
+  }
+}
+
+message Oauth2AccessCodeSecurity {
+  string type = 1;
+  string flow = 2;
+  Oauth2Scopes scopes = 3;
+  string authorization_url = 4;
+  string token_url = 5;
+  string description = 6;
+  repeated NamedAny vendor_extension = 7;
+}
+
+message Oauth2ApplicationSecurity {
+  string type = 1;
+  string flow = 2;
+  Oauth2Scopes scopes = 3;
+  string token_url = 4;
+  string description = 5;
+  repeated NamedAny vendor_extension = 6;
+}
+
+message Oauth2ImplicitSecurity {
+  string type = 1;
+  string flow = 2;
+  Oauth2Scopes scopes = 3;
+  string authorization_url = 4;
+  string description = 5;
+  repeated NamedAny vendor_extension = 6;
+}
+
+message Oauth2PasswordSecurity {
+  string type = 1;
+  string flow = 2;
+  Oauth2Scopes scopes = 3;
+  string token_url = 4;
+  string description = 5;
+  repeated NamedAny vendor_extension = 6;
+}
+
+message Oauth2Scopes {
+  repeated NamedString additional_properties = 1;
+}
+
+message Operation {
+  repeated string tags = 1;
+  // A brief summary of the operation.
+  string summary = 2;
+  // A longer description of the operation, GitHub Flavored Markdown is allowed.
+  string description = 3;
+  ExternalDocs external_docs = 4;
+  // A unique identifier of the operation.
+  string operation_id = 5;
+  // A list of MIME types the API can produce.
+  repeated string produces = 6;
+  // A list of MIME types the API can consume.
+  repeated string consumes = 7;
+  // The parameters needed to send a valid API call.
+  repeated ParametersItem parameters = 8;
+  Responses responses = 9;
+  // The transfer protocol of the API.
+  repeated string schemes = 10;
+  bool deprecated = 11;
+  repeated SecurityRequirement security = 12;
+  repeated NamedAny vendor_extension = 13;
+}
+
+message Parameter {
+  oneof oneof {
+    BodyParameter body_parameter = 1;
+    NonBodyParameter non_body_parameter = 2;
+  }
+}
+
+// One or more JSON representations for parameters
+message ParameterDefinitions {
+  repeated NamedParameter additional_properties = 1;
+}
+
+message ParametersItem {
+  oneof oneof {
+    Parameter parameter = 1;
+    JsonReference json_reference = 2;
+  }
+}
+
+message PathItem {
+  string _ref = 1;
+  Operation get = 2;
+  Operation put = 3;
+  Operation post = 4;
+  Operation delete = 5;
+  Operation options = 6;
+  Operation head = 7;
+  Operation patch = 8;
+  // The parameters needed to send a valid API call.
+  repeated ParametersItem parameters = 9;
+  repeated NamedAny vendor_extension = 10;
+}
+
+message PathParameterSubSchema {
+  // Determines whether or not this parameter is required or optional.
+  bool required = 1;
+  // Determines the location of the parameter.
+  string in = 2;
+  // A brief description of the parameter. This could contain examples of use.  GitHub Flavored Markdown is allowed.
+  string description = 3;
+  // The name of the parameter.
+  string name = 4;
+  string type = 5;
+  string format = 6;
+  PrimitivesItems items = 7;
+  string collection_format = 8;
+  Any default = 9;
+  double maximum = 10;
+  bool exclusive_maximum = 11;
+  double minimum = 12;
+  bool exclusive_minimum = 13;
+  int64 max_length = 14;
+  int64 min_length = 15;
+  string pattern = 16;
+  int64 max_items = 17;
+  int64 min_items = 18;
+  bool unique_items = 19;
+  repeated Any enum = 20;
+  double multiple_of = 21;
+  repeated NamedAny vendor_extension = 22;
+}
+
+// Relative paths to the individual endpoints. They must be relative to the 'basePath'.
+message Paths {
+  repeated NamedAny vendor_extension = 1;
+  repeated NamedPathItem path = 2;
+}
+
+message PrimitivesItems {
+  string type = 1;
+  string format = 2;
+  PrimitivesItems items = 3;
+  string collection_format = 4;
+  Any default = 5;
+  double maximum = 6;
+  bool exclusive_maximum = 7;
+  double minimum = 8;
+  bool exclusive_minimum = 9;
+  int64 max_length = 10;
+  int64 min_length = 11;
+  string pattern = 12;
+  int64 max_items = 13;
+  int64 min_items = 14;
+  bool unique_items = 15;
+  repeated Any enum = 16;
+  double multiple_of = 17;
+  repeated NamedAny vendor_extension = 18;
+}
+
+message Properties {
+  repeated NamedSchema additional_properties = 1;
+}
+
+message QueryParameterSubSchema {
+  // Determines whether or not this parameter is required or optional.
+  bool required = 1;
+  // Determines the location of the parameter.
+  string in = 2;
+  // A brief description of the parameter. This could contain examples of use.  GitHub Flavored Markdown is allowed.
+  string description = 3;
+  // The name of the parameter.
+  string name = 4;
+  // allows sending a parameter by name only or with an empty value.
+  bool allow_empty_value = 5;
+  string type = 6;
+  string format = 7;
+  PrimitivesItems items = 8;
+  string collection_format = 9;
+  Any default = 10;
+  double maximum = 11;
+  bool exclusive_maximum = 12;
+  double minimum = 13;
+  bool exclusive_minimum = 14;
+  int64 max_length = 15;
+  int64 min_length = 16;
+  string pattern = 17;
+  int64 max_items = 18;
+  int64 min_items = 19;
+  bool unique_items = 20;
+  repeated Any enum = 21;
+  double multiple_of = 22;
+  repeated NamedAny vendor_extension = 23;
+}
+
+message Response {
+  string description = 1;
+  SchemaItem schema = 2;
+  Headers headers = 3;
+  Examples examples = 4;
+  repeated NamedAny vendor_extension = 5;
+}
+
+// One or more JSON representations for responses
+message ResponseDefinitions {
+  repeated NamedResponse additional_properties = 1;
+}
+
+message ResponseValue {
+  oneof oneof {
+    Response response = 1;
+    JsonReference json_reference = 2;
+  }
+}
+
+// Response objects names can either be any valid HTTP status code or 'default'.
+message Responses {
+  repeated NamedResponseValue response_code = 1;
+  repeated NamedAny vendor_extension = 2;
+}
+
+// A deterministic version of a JSON Schema object.
+message Schema {
+  string _ref = 1;
+  string format = 2;
+  string title = 3;
+  string description = 4;
+  Any default = 5;
+  double multiple_of = 6;
+  double maximum = 7;
+  bool exclusive_maximum = 8;
+  double minimum = 9;
+  bool exclusive_minimum = 10;
+  int64 max_length = 11;
+  int64 min_length = 12;
+  string pattern = 13;
+  int64 max_items = 14;
+  int64 min_items = 15;
+  bool unique_items = 16;
+  int64 max_properties = 17;
+  int64 min_properties = 18;
+  repeated string required = 19;
+  repeated Any enum = 20;
+  AdditionalPropertiesItem additional_properties = 21;
+  TypeItem type = 22;
+  ItemsItem items = 23;
+  repeated Schema all_of = 24;
+  Properties properties = 25;
+  string discriminator = 26;
+  bool read_only = 27;
+  Xml xml = 28;
+  ExternalDocs external_docs = 29;
+  Any example = 30;
+  repeated NamedAny vendor_extension = 31;
+}
+
+message SchemaItem {
+  oneof oneof {
+    Schema schema = 1;
+    FileSchema file_schema = 2;
+  }
+}
+
+message SecurityDefinitions {
+  repeated NamedSecurityDefinitionsItem additional_properties = 1;
+}
+
+message SecurityDefinitionsItem {
+  oneof oneof {
+    BasicAuthenticationSecurity basic_authentication_security = 1;
+    ApiKeySecurity api_key_security = 2;
+    Oauth2ImplicitSecurity oauth2_implicit_security = 3;
+    Oauth2PasswordSecurity oauth2_password_security = 4;
+    Oauth2ApplicationSecurity oauth2_application_security = 5;
+    Oauth2AccessCodeSecurity oauth2_access_code_security = 6;
+  }
+}
+
+message SecurityRequirement {
+  repeated NamedStringArray additional_properties = 1;
+}
+
+message StringArray {
+  repeated string value = 1;
+}
+
+message Tag {
+  string name = 1;
+  string description = 2;
+  ExternalDocs external_docs = 3;
+  repeated NamedAny vendor_extension = 4;
+}
+
+message TypeItem {
+  repeated string value = 1;
+}
+
+// Any property starting with x- is valid.
+message VendorExtension {
+  repeated NamedAny additional_properties = 1;
+}
+
+message Xml {
+  string name = 1;
+  string namespace = 2;
+  string prefix = 3;
+  bool attribute = 4;
+  bool wrapped = 5;
+  repeated NamedAny vendor_extension = 6;
+}
+
diff --git a/vendor/github.com/google/gnostic-models/openapiv2/README.md b/vendor/github.com/google/gnostic-models/openapiv2/README.md
new file mode 100644
index 000000000..5276128d3
--- /dev/null
+++ b/vendor/github.com/google/gnostic-models/openapiv2/README.md
@@ -0,0 +1,14 @@
+# OpenAPI v2 Protocol Buffer Models
+
+This directory contains a Protocol Buffer-language model and related code for
+supporting OpenAPI v2.
+
+Gnostic applications and plugins can use OpenAPIv2.proto to generate Protocol
+Buffer support code for their preferred languages.
+
+OpenAPIv2.go is used by Gnostic to read JSON and YAML OpenAPI descriptions into
+the Protocol Buffer-based datastructures generated from OpenAPIv2.proto.
+
+OpenAPIv2.proto and OpenAPIv2.go are generated by the Gnostic compiler
+generator, and OpenAPIv2.pb.go is generated by protoc, the Protocol Buffer
+compiler, and protoc-gen-go, the Protocol Buffer Go code generation plugin.
diff --git a/vendor/github.com/google/gnostic-models/openapiv2/document.go b/vendor/github.com/google/gnostic-models/openapiv2/document.go
new file mode 100644
index 000000000..e96ac0d6d
--- /dev/null
+++ b/vendor/github.com/google/gnostic-models/openapiv2/document.go
@@ -0,0 +1,42 @@
+// Copyright 2020 Google LLC. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package openapi_v2
+
+import (
+	"gopkg.in/yaml.v3"
+
+	"github.com/google/gnostic-models/compiler"
+)
+
+// ParseDocument reads an OpenAPI v2 description from a YAML/JSON representation.
+func ParseDocument(b []byte) (*Document, error) {
+	info, err := compiler.ReadInfoFromBytes("", b)
+	if err != nil {
+		return nil, err
+	}
+	root := info.Content[0]
+	return NewDocument(root, compiler.NewContextWithExtensions("$root", root, nil, nil))
+}
+
+// YAMLValue produces a serialized YAML representation of the document.
+func (d *Document) YAMLValue(comment string) ([]byte, error) {
+	rawInfo := d.ToRawInfo()
+	rawInfo = &yaml.Node{
+		Kind:        yaml.DocumentNode,
+		Content:     []*yaml.Node{rawInfo},
+		HeadComment: comment,
+	}
+	return yaml.Marshal(rawInfo)
+}
diff --git a/vendor/github.com/google/gnostic-models/openapiv2/openapi-2.0.json b/vendor/github.com/google/gnostic-models/openapiv2/openapi-2.0.json
new file mode 100644
index 000000000..afa12b79b
--- /dev/null
+++ b/vendor/github.com/google/gnostic-models/openapiv2/openapi-2.0.json
@@ -0,0 +1,1610 @@
+{
+  "title": "A JSON Schema for Swagger 2.0 API.",
+  "id": "http://swagger.io/v2/schema.json#",
+  "$schema": "http://json-schema.org/draft-04/schema#",
+  "type": "object",
+  "required": [
+    "swagger",
+    "info",
+    "paths"
+  ],
+  "additionalProperties": false,
+  "patternProperties": {
+    "^x-": {
+      "$ref": "#/definitions/vendorExtension"
+    }
+  },
+  "properties": {
+    "swagger": {
+      "type": "string",
+      "enum": [
+        "2.0"
+      ],
+      "description": "The Swagger version of this document."
+    },
+    "info": {
+      "$ref": "#/definitions/info"
+    },
+    "host": {
+      "type": "string",
+      "pattern": "^[^{}/ :\\\\]+(?::\\d+)?$",
+      "description": "The host (name or ip) of the API. Example: 'swagger.io'"
+    },
+    "basePath": {
+      "type": "string",
+      "pattern": "^/",
+      "description": "The base path to the API. Example: '/api'."
+    },
+    "schemes": {
+      "$ref": "#/definitions/schemesList"
+    },
+    "consumes": {
+      "description": "A list of MIME types accepted by the API.",
+      "allOf": [
+        {
+          "$ref": "#/definitions/mediaTypeList"
+        }
+      ]
+    },
+    "produces": {
+      "description": "A list of MIME types the API can produce.",
+      "allOf": [
+        {
+          "$ref": "#/definitions/mediaTypeList"
+        }
+      ]
+    },
+    "paths": {
+      "$ref": "#/definitions/paths"
+    },
+    "definitions": {
+      "$ref": "#/definitions/definitions"
+    },
+    "parameters": {
+      "$ref": "#/definitions/parameterDefinitions"
+    },
+    "responses": {
+      "$ref": "#/definitions/responseDefinitions"
+    },
+    "security": {
+      "$ref": "#/definitions/security"
+    },
+    "securityDefinitions": {
+      "$ref": "#/definitions/securityDefinitions"
+    },
+    "tags": {
+      "type": "array",
+      "items": {
+        "$ref": "#/definitions/tag"
+      },
+      "uniqueItems": true
+    },
+    "externalDocs": {
+      "$ref": "#/definitions/externalDocs"
+    }
+  },
+  "definitions": {
+    "info": {
+      "type": "object",
+      "description": "General information about the API.",
+      "required": [
+        "version",
+        "title"
+      ],
+      "additionalProperties": false,
+      "patternProperties": {
+        "^x-": {
+          "$ref": "#/definitions/vendorExtension"
+        }
+      },
+      "properties": {
+        "title": {
+          "type": "string",
+          "description": "A unique and precise title of the API."
+        },
+        "version": {
+          "type": "string",
+          "description": "A semantic version number of the API."
+        },
+        "description": {
+          "type": "string",
+          "description": "A longer description of the API. Should be different from the title.  GitHub Flavored Markdown is allowed."
+        },
+        "termsOfService": {
+          "type": "string",
+          "description": "The terms of service for the API."
+        },
+        "contact": {
+          "$ref": "#/definitions/contact"
+        },
+        "license": {
+          "$ref": "#/definitions/license"
+        }
+      }
+    },
+    "contact": {
+      "type": "object",
+      "description": "Contact information for the owners of the API.",
+      "additionalProperties": false,
+      "properties": {
+        "name": {
+          "type": "string",
+          "description": "The identifying name of the contact person/organization."
+        },
+        "url": {
+          "type": "string",
+          "description": "The URL pointing to the contact information.",
+          "format": "uri"
+        },
+        "email": {
+          "type": "string",
+          "description": "The email address of the contact person/organization.",
+          "format": "email"
+        }
+      },
+      "patternProperties": {
+        "^x-": {
+          "$ref": "#/definitions/vendorExtension"
+        }
+      }
+    },
+    "license": {
+      "type": "object",
+      "required": [
+        "name"
+      ],
+      "additionalProperties": false,
+      "properties": {
+        "name": {
+          "type": "string",
+          "description": "The name of the license type. It's encouraged to use an OSI compatible license."
+        },
+        "url": {
+          "type": "string",
+          "description": "The URL pointing to the license.",
+          "format": "uri"
+        }
+      },
+      "patternProperties": {
+        "^x-": {
+          "$ref": "#/definitions/vendorExtension"
+        }
+      }
+    },
+    "paths": {
+      "type": "object",
+      "description": "Relative paths to the individual endpoints. They must be relative to the 'basePath'.",
+      "patternProperties": {
+        "^x-": {
+          "$ref": "#/definitions/vendorExtension"
+        },
+        "^/": {
+          "$ref": "#/definitions/pathItem"
+        }
+      },
+      "additionalProperties": false
+    },
+    "definitions": {
+      "type": "object",
+      "additionalProperties": {
+        "$ref": "#/definitions/schema"
+      },
+      "description": "One or more JSON objects describing the schemas being consumed and produced by the API."
+    },
+    "parameterDefinitions": {
+      "type": "object",
+      "additionalProperties": {
+        "$ref": "#/definitions/parameter"
+      },
+      "description": "One or more JSON representations for parameters"
+    },
+    "responseDefinitions": {
+      "type": "object",
+      "additionalProperties": {
+        "$ref": "#/definitions/response"
+      },
+      "description": "One or more JSON representations for responses"
+    },
+    "externalDocs": {
+      "type": "object",
+      "additionalProperties": false,
+      "description": "information about external documentation",
+      "required": [
+        "url"
+      ],
+      "properties": {
+        "description": {
+          "type": "string"
+        },
+        "url": {
+          "type": "string",
+          "format": "uri"
+        }
+      },
+      "patternProperties": {
+        "^x-": {
+          "$ref": "#/definitions/vendorExtension"
+        }
+      }
+    },
+    "examples": {
+      "type": "object",
+      "additionalProperties": true
+    },
+    "mimeType": {
+      "type": "string",
+      "description": "The MIME type of the HTTP message."
+    },
+    "operation": {
+      "type": "object",
+      "required": [
+        "responses"
+      ],
+      "additionalProperties": false,
+      "patternProperties": {
+        "^x-": {
+          "$ref": "#/definitions/vendorExtension"
+        }
+      },
+      "properties": {
+        "tags": {
+          "type": "array",
+          "items": {
+            "type": "string"
+          },
+          "uniqueItems": true
+        },
+        "summary": {
+          "type": "string",
+          "description": "A brief summary of the operation."
+        },
+        "description": {
+          "type": "string",
+          "description": "A longer description of the operation, GitHub Flavored Markdown is allowed."
+        },
+        "externalDocs": {
+          "$ref": "#/definitions/externalDocs"
+        },
+        "operationId": {
+          "type": "string",
+          "description": "A unique identifier of the operation."
+        },
+        "produces": {
+          "description": "A list of MIME types the API can produce.",
+          "allOf": [
+            {
+              "$ref": "#/definitions/mediaTypeList"
+            }
+          ]
+        },
+        "consumes": {
+          "description": "A list of MIME types the API can consume.",
+          "allOf": [
+            {
+              "$ref": "#/definitions/mediaTypeList"
+            }
+          ]
+        },
+        "parameters": {
+          "$ref": "#/definitions/parametersList"
+        },
+        "responses": {
+          "$ref": "#/definitions/responses"
+        },
+        "schemes": {
+          "$ref": "#/definitions/schemesList"
+        },
+        "deprecated": {
+          "type": "boolean",
+          "default": false
+        },
+        "security": {
+          "$ref": "#/definitions/security"
+        }
+      }
+    },
+    "pathItem": {
+      "type": "object",
+      "additionalProperties": false,
+      "patternProperties": {
+        "^x-": {
+          "$ref": "#/definitions/vendorExtension"
+        }
+      },
+      "properties": {
+        "$ref": {
+          "type": "string"
+        },
+        "get": {
+          "$ref": "#/definitions/operation"
+        },
+        "put": {
+          "$ref": "#/definitions/operation"
+        },
+        "post": {
+          "$ref": "#/definitions/operation"
+        },
+        "delete": {
+          "$ref": "#/definitions/operation"
+        },
+        "options": {
+          "$ref": "#/definitions/operation"
+        },
+        "head": {
+          "$ref": "#/definitions/operation"
+        },
+        "patch": {
+          "$ref": "#/definitions/operation"
+        },
+        "parameters": {
+          "$ref": "#/definitions/parametersList"
+        }
+      }
+    },
+    "responses": {
+      "type": "object",
+      "description": "Response objects names can either be any valid HTTP status code or 'default'.",
+      "minProperties": 1,
+      "additionalProperties": false,
+      "patternProperties": {
+        "^([0-9]{3})$|^(default)$": {
+          "$ref": "#/definitions/responseValue"
+        },
+        "^x-": {
+          "$ref": "#/definitions/vendorExtension"
+        }
+      },
+      "not": {
+        "type": "object",
+        "additionalProperties": false,
+        "patternProperties": {
+          "^x-": {
+            "$ref": "#/definitions/vendorExtension"
+          }
+        }
+      }
+    },
+    "responseValue": {
+      "oneOf": [
+        {
+          "$ref": "#/definitions/response"
+        },
+        {
+          "$ref": "#/definitions/jsonReference"
+        }
+      ]
+    },
+    "response": {
+      "type": "object",
+      "required": [
+        "description"
+      ],
+      "properties": {
+        "description": {
+          "type": "string"
+        },
+        "schema": {
+          "oneOf": [
+            {
+              "$ref": "#/definitions/schema"
+            },
+            {
+              "$ref": "#/definitions/fileSchema"
+            }
+          ]
+        },
+        "headers": {
+          "$ref": "#/definitions/headers"
+        },
+        "examples": {
+          "$ref": "#/definitions/examples"
+        }
+      },
+      "additionalProperties": false,
+      "patternProperties": {
+        "^x-": {
+          "$ref": "#/definitions/vendorExtension"
+        }
+      }
+    },
+    "headers": {
+      "type": "object",
+      "additionalProperties": {
+        "$ref": "#/definitions/header"
+      }
+    },
+    "header": {
+      "type": "object",
+      "additionalProperties": false,
+      "required": [
+        "type"
+      ],
+      "properties": {
+        "type": {
+          "type": "string",
+          "enum": [
+            "string",
+            "number",
+            "integer",
+            "boolean",
+            "array"
+          ]
+        },
+        "format": {
+          "type": "string"
+        },
+        "items": {
+          "$ref": "#/definitions/primitivesItems"
+        },
+        "collectionFormat": {
+          "$ref": "#/definitions/collectionFormat"
+        },
+        "default": {
+          "$ref": "#/definitions/default"
+        },
+        "maximum": {
+          "$ref": "#/definitions/maximum"
+        },
+        "exclusiveMaximum": {
+          "$ref": "#/definitions/exclusiveMaximum"
+        },
+        "minimum": {
+          "$ref": "#/definitions/minimum"
+        },
+        "exclusiveMinimum": {
+          "$ref": "#/definitions/exclusiveMinimum"
+        },
+        "maxLength": {
+          "$ref": "#/definitions/maxLength"
+        },
+        "minLength": {
+          "$ref": "#/definitions/minLength"
+        },
+        "pattern": {
+          "$ref": "#/definitions/pattern"
+        },
+        "maxItems": {
+          "$ref": "#/definitions/maxItems"
+        },
+        "minItems": {
+          "$ref": "#/definitions/minItems"
+        },
+        "uniqueItems": {
+          "$ref": "#/definitions/uniqueItems"
+        },
+        "enum": {
+          "$ref": "#/definitions/enum"
+        },
+        "multipleOf": {
+          "$ref": "#/definitions/multipleOf"
+        },
+        "description": {
+          "type": "string"
+        }
+      },
+      "patternProperties": {
+        "^x-": {
+          "$ref": "#/definitions/vendorExtension"
+        }
+      }
+    },
+    "vendorExtension": {
+      "description": "Any property starting with x- is valid.",
+      "additionalProperties": true,
+      "additionalItems": true
+    },
+    "bodyParameter": {
+      "type": "object",
+      "required": [
+        "name",
+        "in",
+        "schema"
+      ],
+      "patternProperties": {
+        "^x-": {
+          "$ref": "#/definitions/vendorExtension"
+        }
+      },
+      "properties": {
+        "description": {
+          "type": "string",
+          "description": "A brief description of the parameter. This could contain examples of use.  GitHub Flavored Markdown is allowed."
+        },
+        "name": {
+          "type": "string",
+          "description": "The name of the parameter."
+        },
+        "in": {
+          "type": "string",
+          "description": "Determines the location of the parameter.",
+          "enum": [
+            "body"
+          ]
+        },
+        "required": {
+          "type": "boolean",
+          "description": "Determines whether or not this parameter is required or optional.",
+          "default": false
+        },
+        "schema": {
+          "$ref": "#/definitions/schema"
+        }
+      },
+      "additionalProperties": false
+    },
+    "headerParameterSubSchema": {
+      "additionalProperties": false,
+      "patternProperties": {
+        "^x-": {
+          "$ref": "#/definitions/vendorExtension"
+        }
+      },
+      "properties": {
+        "required": {
+          "type": "boolean",
+          "description": "Determines whether or not this parameter is required or optional.",
+          "default": false
+        },
+        "in": {
+          "type": "string",
+          "description": "Determines the location of the parameter.",
+          "enum": [
+            "header"
+          ]
+        },
+        "description": {
+          "type": "string",
+          "description": "A brief description of the parameter. This could contain examples of use.  GitHub Flavored Markdown is allowed."
+        },
+        "name": {
+          "type": "string",
+          "description": "The name of the parameter."
+        },
+        "type": {
+          "type": "string",
+          "enum": [
+            "string",
+            "number",
+            "boolean",
+            "integer",
+            "array"
+          ]
+        },
+        "format": {
+          "type": "string"
+        },
+        "items": {
+          "$ref": "#/definitions/primitivesItems"
+        },
+        "collectionFormat": {
+          "$ref": "#/definitions/collectionFormat"
+        },
+        "default": {
+          "$ref": "#/definitions/default"
+        },
+        "maximum": {
+          "$ref": "#/definitions/maximum"
+        },
+        "exclusiveMaximum": {
+          "$ref": "#/definitions/exclusiveMaximum"
+        },
+        "minimum": {
+          "$ref": "#/definitions/minimum"
+        },
+        "exclusiveMinimum": {
+          "$ref": "#/definitions/exclusiveMinimum"
+        },
+        "maxLength": {
+          "$ref": "#/definitions/maxLength"
+        },
+        "minLength": {
+          "$ref": "#/definitions/minLength"
+        },
+        "pattern": {
+          "$ref": "#/definitions/pattern"
+        },
+        "maxItems": {
+          "$ref": "#/definitions/maxItems"
+        },
+        "minItems": {
+          "$ref": "#/definitions/minItems"
+        },
+        "uniqueItems": {
+          "$ref": "#/definitions/uniqueItems"
+        },
+        "enum": {
+          "$ref": "#/definitions/enum"
+        },
+        "multipleOf": {
+          "$ref": "#/definitions/multipleOf"
+        }
+      }
+    },
+    "queryParameterSubSchema": {
+      "additionalProperties": false,
+      "patternProperties": {
+        "^x-": {
+          "$ref": "#/definitions/vendorExtension"
+        }
+      },
+      "properties": {
+        "required": {
+          "type": "boolean",
+          "description": "Determines whether or not this parameter is required or optional.",
+          "default": false
+        },
+        "in": {
+          "type": "string",
+          "description": "Determines the location of the parameter.",
+          "enum": [
+            "query"
+          ]
+        },
+        "description": {
+          "type": "string",
+          "description": "A brief description of the parameter. This could contain examples of use.  GitHub Flavored Markdown is allowed."
+        },
+        "name": {
+          "type": "string",
+          "description": "The name of the parameter."
+        },
+        "allowEmptyValue": {
+          "type": "boolean",
+          "default": false,
+          "description": "allows sending a parameter by name only or with an empty value."
+        },
+        "type": {
+          "type": "string",
+          "enum": [
+            "string",
+            "number",
+            "boolean",
+            "integer",
+            "array"
+          ]
+        },
+        "format": {
+          "type": "string"
+        },
+        "items": {
+          "$ref": "#/definitions/primitivesItems"
+        },
+        "collectionFormat": {
+          "$ref": "#/definitions/collectionFormatWithMulti"
+        },
+        "default": {
+          "$ref": "#/definitions/default"
+        },
+        "maximum": {
+          "$ref": "#/definitions/maximum"
+        },
+        "exclusiveMaximum": {
+          "$ref": "#/definitions/exclusiveMaximum"
+        },
+        "minimum": {
+          "$ref": "#/definitions/minimum"
+        },
+        "exclusiveMinimum": {
+          "$ref": "#/definitions/exclusiveMinimum"
+        },
+        "maxLength": {
+          "$ref": "#/definitions/maxLength"
+        },
+        "minLength": {
+          "$ref": "#/definitions/minLength"
+        },
+        "pattern": {
+          "$ref": "#/definitions/pattern"
+        },
+        "maxItems": {
+          "$ref": "#/definitions/maxItems"
+        },
+        "minItems": {
+          "$ref": "#/definitions/minItems"
+        },
+        "uniqueItems": {
+          "$ref": "#/definitions/uniqueItems"
+        },
+        "enum": {
+          "$ref": "#/definitions/enum"
+        },
+        "multipleOf": {
+          "$ref": "#/definitions/multipleOf"
+        }
+      }
+    },
+    "formDataParameterSubSchema": {
+      "additionalProperties": false,
+      "patternProperties": {
+        "^x-": {
+          "$ref": "#/definitions/vendorExtension"
+        }
+      },
+      "properties": {
+        "required": {
+          "type": "boolean",
+          "description": "Determines whether or not this parameter is required or optional.",
+          "default": false
+        },
+        "in": {
+          "type": "string",
+          "description": "Determines the location of the parameter.",
+          "enum": [
+            "formData"
+          ]
+        },
+        "description": {
+          "type": "string",
+          "description": "A brief description of the parameter. This could contain examples of use.  GitHub Flavored Markdown is allowed."
+        },
+        "name": {
+          "type": "string",
+          "description": "The name of the parameter."
+        },
+        "allowEmptyValue": {
+          "type": "boolean",
+          "default": false,
+          "description": "allows sending a parameter by name only or with an empty value."
+        },
+        "type": {
+          "type": "string",
+          "enum": [
+            "string",
+            "number",
+            "boolean",
+            "integer",
+            "array",
+            "file"
+          ]
+        },
+        "format": {
+          "type": "string"
+        },
+        "items": {
+          "$ref": "#/definitions/primitivesItems"
+        },
+        "collectionFormat": {
+          "$ref": "#/definitions/collectionFormatWithMulti"
+        },
+        "default": {
+          "$ref": "#/definitions/default"
+        },
+        "maximum": {
+          "$ref": "#/definitions/maximum"
+        },
+        "exclusiveMaximum": {
+          "$ref": "#/definitions/exclusiveMaximum"
+        },
+        "minimum": {
+          "$ref": "#/definitions/minimum"
+        },
+        "exclusiveMinimum": {
+          "$ref": "#/definitions/exclusiveMinimum"
+        },
+        "maxLength": {
+          "$ref": "#/definitions/maxLength"
+        },
+        "minLength": {
+          "$ref": "#/definitions/minLength"
+        },
+        "pattern": {
+          "$ref": "#/definitions/pattern"
+        },
+        "maxItems": {
+          "$ref": "#/definitions/maxItems"
+        },
+        "minItems": {
+          "$ref": "#/definitions/minItems"
+        },
+        "uniqueItems": {
+          "$ref": "#/definitions/uniqueItems"
+        },
+        "enum": {
+          "$ref": "#/definitions/enum"
+        },
+        "multipleOf": {
+          "$ref": "#/definitions/multipleOf"
+        }
+      }
+    },
+    "pathParameterSubSchema": {
+      "additionalProperties": false,
+      "patternProperties": {
+        "^x-": {
+          "$ref": "#/definitions/vendorExtension"
+        }
+      },
+      "required": [
+        "required"
+      ],
+      "properties": {
+        "required": {
+          "type": "boolean",
+          "enum": [
+            true
+          ],
+          "description": "Determines whether or not this parameter is required or optional."
+        },
+        "in": {
+          "type": "string",
+          "description": "Determines the location of the parameter.",
+          "enum": [
+            "path"
+          ]
+        },
+        "description": {
+          "type": "string",
+          "description": "A brief description of the parameter. This could contain examples of use.  GitHub Flavored Markdown is allowed."
+        },
+        "name": {
+          "type": "string",
+          "description": "The name of the parameter."
+        },
+        "type": {
+          "type": "string",
+          "enum": [
+            "string",
+            "number",
+            "boolean",
+            "integer",
+            "array"
+          ]
+        },
+        "format": {
+          "type": "string"
+        },
+        "items": {
+          "$ref": "#/definitions/primitivesItems"
+        },
+        "collectionFormat": {
+          "$ref": "#/definitions/collectionFormat"
+        },
+        "default": {
+          "$ref": "#/definitions/default"
+        },
+        "maximum": {
+          "$ref": "#/definitions/maximum"
+        },
+        "exclusiveMaximum": {
+          "$ref": "#/definitions/exclusiveMaximum"
+        },
+        "minimum": {
+          "$ref": "#/definitions/minimum"
+        },
+        "exclusiveMinimum": {
+          "$ref": "#/definitions/exclusiveMinimum"
+        },
+        "maxLength": {
+          "$ref": "#/definitions/maxLength"
+        },
+        "minLength": {
+          "$ref": "#/definitions/minLength"
+        },
+        "pattern": {
+          "$ref": "#/definitions/pattern"
+        },
+        "maxItems": {
+          "$ref": "#/definitions/maxItems"
+        },
+        "minItems": {
+          "$ref": "#/definitions/minItems"
+        },
+        "uniqueItems": {
+          "$ref": "#/definitions/uniqueItems"
+        },
+        "enum": {
+          "$ref": "#/definitions/enum"
+        },
+        "multipleOf": {
+          "$ref": "#/definitions/multipleOf"
+        }
+      }
+    },
+    "nonBodyParameter": {
+      "type": "object",
+      "required": [
+        "name",
+        "in",
+        "type"
+      ],
+      "oneOf": [
+        {
+          "$ref": "#/definitions/headerParameterSubSchema"
+        },
+        {
+          "$ref": "#/definitions/formDataParameterSubSchema"
+        },
+        {
+          "$ref": "#/definitions/queryParameterSubSchema"
+        },
+        {
+          "$ref": "#/definitions/pathParameterSubSchema"
+        }
+      ]
+    },
+    "parameter": {
+      "oneOf": [
+        {
+          "$ref": "#/definitions/bodyParameter"
+        },
+        {
+          "$ref": "#/definitions/nonBodyParameter"
+        }
+      ]
+    },
+    "schema": {
+      "type": "object",
+      "description": "A deterministic version of a JSON Schema object.",
+      "patternProperties": {
+        "^x-": {
+          "$ref": "#/definitions/vendorExtension"
+        }
+      },
+      "properties": {
+        "$ref": {
+          "type": "string"
+        },
+        "format": {
+          "type": "string"
+        },
+        "title": {
+          "$ref": "http://json-schema.org/draft-04/schema#/properties/title"
+        },
+        "description": {
+          "$ref": "http://json-schema.org/draft-04/schema#/properties/description"
+        },
+        "default": {
+          "$ref": "http://json-schema.org/draft-04/schema#/properties/default"
+        },
+        "multipleOf": {
+          "$ref": "http://json-schema.org/draft-04/schema#/properties/multipleOf"
+        },
+        "maximum": {
+          "$ref": "http://json-schema.org/draft-04/schema#/properties/maximum"
+        },
+        "exclusiveMaximum": {
+          "$ref": "http://json-schema.org/draft-04/schema#/properties/exclusiveMaximum"
+        },
+        "minimum": {
+          "$ref": "http://json-schema.org/draft-04/schema#/properties/minimum"
+        },
+        "exclusiveMinimum": {
+          "$ref": "http://json-schema.org/draft-04/schema#/properties/exclusiveMinimum"
+        },
+        "maxLength": {
+          "$ref": "http://json-schema.org/draft-04/schema#/definitions/positiveInteger"
+        },
+        "minLength": {
+          "$ref": "http://json-schema.org/draft-04/schema#/definitions/positiveIntegerDefault0"
+        },
+        "pattern": {
+          "$ref": "http://json-schema.org/draft-04/schema#/properties/pattern"
+        },
+        "maxItems": {
+          "$ref": "http://json-schema.org/draft-04/schema#/definitions/positiveInteger"
+        },
+        "minItems": {
+          "$ref": "http://json-schema.org/draft-04/schema#/definitions/positiveIntegerDefault0"
+        },
+        "uniqueItems": {
+          "$ref": "http://json-schema.org/draft-04/schema#/properties/uniqueItems"
+        },
+        "maxProperties": {
+          "$ref": "http://json-schema.org/draft-04/schema#/definitions/positiveInteger"
+        },
+        "minProperties": {
+          "$ref": "http://json-schema.org/draft-04/schema#/definitions/positiveIntegerDefault0"
+        },
+        "required": {
+          "$ref": "http://json-schema.org/draft-04/schema#/definitions/stringArray"
+        },
+        "enum": {
+          "$ref": "http://json-schema.org/draft-04/schema#/properties/enum"
+        },
+        "additionalProperties": {
+          "oneOf": [
+            {
+              "$ref": "#/definitions/schema"
+            },
+            {
+              "type": "boolean"
+            }
+          ],
+          "default": {}
+        },
+        "type": {
+          "$ref": "http://json-schema.org/draft-04/schema#/properties/type"
+        },
+        "items": {
+          "anyOf": [
+            {
+              "$ref": "#/definitions/schema"
+            },
+            {
+              "type": "array",
+              "minItems": 1,
+              "items": {
+                "$ref": "#/definitions/schema"
+              }
+            }
+          ],
+          "default": {}
+        },
+        "allOf": {
+          "type": "array",
+          "minItems": 1,
+          "items": {
+            "$ref": "#/definitions/schema"
+          }
+        },
+        "properties": {
+          "type": "object",
+          "additionalProperties": {
+            "$ref": "#/definitions/schema"
+          },
+          "default": {}
+        },
+        "discriminator": {
+          "type": "string"
+        },
+        "readOnly": {
+          "type": "boolean",
+          "default": false
+        },
+        "xml": {
+          "$ref": "#/definitions/xml"
+        },
+        "externalDocs": {
+          "$ref": "#/definitions/externalDocs"
+        },
+        "example": {}
+      },
+      "additionalProperties": false
+    },
+    "fileSchema": {
+      "type": "object",
+      "description": "A deterministic version of a JSON Schema object.",
+      "patternProperties": {
+        "^x-": {
+          "$ref": "#/definitions/vendorExtension"
+        }
+      },
+      "required": [
+        "type"
+      ],
+      "properties": {
+        "format": {
+          "type": "string"
+        },
+        "title": {
+          "$ref": "http://json-schema.org/draft-04/schema#/properties/title"
+        },
+        "description": {
+          "$ref": "http://json-schema.org/draft-04/schema#/properties/description"
+        },
+        "default": {
+          "$ref": "http://json-schema.org/draft-04/schema#/properties/default"
+        },
+        "required": {
+          "$ref": "http://json-schema.org/draft-04/schema#/definitions/stringArray"
+        },
+        "type": {
+          "type": "string",
+          "enum": [
+            "file"
+          ]
+        },
+        "readOnly": {
+          "type": "boolean",
+          "default": false
+        },
+        "externalDocs": {
+          "$ref": "#/definitions/externalDocs"
+        },
+        "example": {}
+      },
+      "additionalProperties": false
+    },
+    "primitivesItems": {
+      "type": "object",
+      "additionalProperties": false,
+      "properties": {
+        "type": {
+          "type": "string",
+          "enum": [
+            "string",
+            "number",
+            "integer",
+            "boolean",
+            "array"
+          ]
+        },
+        "format": {
+          "type": "string"
+        },
+        "items": {
+          "$ref": "#/definitions/primitivesItems"
+        },
+        "collectionFormat": {
+          "$ref": "#/definitions/collectionFormat"
+        },
+        "default": {
+          "$ref": "#/definitions/default"
+        },
+        "maximum": {
+          "$ref": "#/definitions/maximum"
+        },
+        "exclusiveMaximum": {
+          "$ref": "#/definitions/exclusiveMaximum"
+        },
+        "minimum": {
+          "$ref": "#/definitions/minimum"
+        },
+        "exclusiveMinimum": {
+          "$ref": "#/definitions/exclusiveMinimum"
+        },
+        "maxLength": {
+          "$ref": "#/definitions/maxLength"
+        },
+        "minLength": {
+          "$ref": "#/definitions/minLength"
+        },
+        "pattern": {
+          "$ref": "#/definitions/pattern"
+        },
+        "maxItems": {
+          "$ref": "#/definitions/maxItems"
+        },
+        "minItems": {
+          "$ref": "#/definitions/minItems"
+        },
+        "uniqueItems": {
+          "$ref": "#/definitions/uniqueItems"
+        },
+        "enum": {
+          "$ref": "#/definitions/enum"
+        },
+        "multipleOf": {
+          "$ref": "#/definitions/multipleOf"
+        }
+      },
+      "patternProperties": {
+        "^x-": {
+          "$ref": "#/definitions/vendorExtension"
+        }
+      }
+    },
+    "security": {
+      "type": "array",
+      "items": {
+        "$ref": "#/definitions/securityRequirement"
+      },
+      "uniqueItems": true
+    },
+    "securityRequirement": {
+      "type": "object",
+      "additionalProperties": {
+        "type": "array",
+        "items": {
+          "type": "string"
+        },
+        "uniqueItems": true
+      }
+    },
+    "xml": {
+      "type": "object",
+      "additionalProperties": false,
+      "properties": {
+        "name": {
+          "type": "string"
+        },
+        "namespace": {
+          "type": "string"
+        },
+        "prefix": {
+          "type": "string"
+        },
+        "attribute": {
+          "type": "boolean",
+          "default": false
+        },
+        "wrapped": {
+          "type": "boolean",
+          "default": false
+        }
+      },
+      "patternProperties": {
+        "^x-": {
+          "$ref": "#/definitions/vendorExtension"
+        }
+      }
+    },
+    "tag": {
+      "type": "object",
+      "additionalProperties": false,
+      "required": [
+        "name"
+      ],
+      "properties": {
+        "name": {
+          "type": "string"
+        },
+        "description": {
+          "type": "string"
+        },
+        "externalDocs": {
+          "$ref": "#/definitions/externalDocs"
+        }
+      },
+      "patternProperties": {
+        "^x-": {
+          "$ref": "#/definitions/vendorExtension"
+        }
+      }
+    },
+    "securityDefinitions": {
+      "type": "object",
+      "additionalProperties": {
+        "oneOf": [
+          {
+            "$ref": "#/definitions/basicAuthenticationSecurity"
+          },
+          {
+            "$ref": "#/definitions/apiKeySecurity"
+          },
+          {
+            "$ref": "#/definitions/oauth2ImplicitSecurity"
+          },
+          {
+            "$ref": "#/definitions/oauth2PasswordSecurity"
+          },
+          {
+            "$ref": "#/definitions/oauth2ApplicationSecurity"
+          },
+          {
+            "$ref": "#/definitions/oauth2AccessCodeSecurity"
+          }
+        ]
+      }
+    },
+    "basicAuthenticationSecurity": {
+      "type": "object",
+      "additionalProperties": false,
+      "required": [
+        "type"
+      ],
+      "properties": {
+        "type": {
+          "type": "string",
+          "enum": [
+            "basic"
+          ]
+        },
+        "description": {
+          "type": "string"
+        }
+      },
+      "patternProperties": {
+        "^x-": {
+          "$ref": "#/definitions/vendorExtension"
+        }
+      }
+    },
+    "apiKeySecurity": {
+      "type": "object",
+      "additionalProperties": false,
+      "required": [
+        "type",
+        "name",
+        "in"
+      ],
+      "properties": {
+        "type": {
+          "type": "string",
+          "enum": [
+            "apiKey"
+          ]
+        },
+        "name": {
+          "type": "string"
+        },
+        "in": {
+          "type": "string",
+          "enum": [
+            "header",
+            "query"
+          ]
+        },
+        "description": {
+          "type": "string"
+        }
+      },
+      "patternProperties": {
+        "^x-": {
+          "$ref": "#/definitions/vendorExtension"
+        }
+      }
+    },
+    "oauth2ImplicitSecurity": {
+      "type": "object",
+      "additionalProperties": false,
+      "required": [
+        "type",
+        "flow",
+        "authorizationUrl"
+      ],
+      "properties": {
+        "type": {
+          "type": "string",
+          "enum": [
+            "oauth2"
+          ]
+        },
+        "flow": {
+          "type": "string",
+          "enum": [
+            "implicit"
+          ]
+        },
+        "scopes": {
+          "$ref": "#/definitions/oauth2Scopes"
+        },
+        "authorizationUrl": {
+          "type": "string",
+          "format": "uri"
+        },
+        "description": {
+          "type": "string"
+        }
+      },
+      "patternProperties": {
+        "^x-": {
+          "$ref": "#/definitions/vendorExtension"
+        }
+      }
+    },
+    "oauth2PasswordSecurity": {
+      "type": "object",
+      "additionalProperties": false,
+      "required": [
+        "type",
+        "flow",
+        "tokenUrl"
+      ],
+      "properties": {
+        "type": {
+          "type": "string",
+          "enum": [
+            "oauth2"
+          ]
+        },
+        "flow": {
+          "type": "string",
+          "enum": [
+            "password"
+          ]
+        },
+        "scopes": {
+          "$ref": "#/definitions/oauth2Scopes"
+        },
+        "tokenUrl": {
+          "type": "string",
+          "format": "uri"
+        },
+        "description": {
+          "type": "string"
+        }
+      },
+      "patternProperties": {
+        "^x-": {
+          "$ref": "#/definitions/vendorExtension"
+        }
+      }
+    },
+    "oauth2ApplicationSecurity": {
+      "type": "object",
+      "additionalProperties": false,
+      "required": [
+        "type",
+        "flow",
+        "tokenUrl"
+      ],
+      "properties": {
+        "type": {
+          "type": "string",
+          "enum": [
+            "oauth2"
+          ]
+        },
+        "flow": {
+          "type": "string",
+          "enum": [
+            "application"
+          ]
+        },
+        "scopes": {
+          "$ref": "#/definitions/oauth2Scopes"
+        },
+        "tokenUrl": {
+          "type": "string",
+          "format": "uri"
+        },
+        "description": {
+          "type": "string"
+        }
+      },
+      "patternProperties": {
+        "^x-": {
+          "$ref": "#/definitions/vendorExtension"
+        }
+      }
+    },
+    "oauth2AccessCodeSecurity": {
+      "type": "object",
+      "additionalProperties": false,
+      "required": [
+        "type",
+        "flow",
+        "authorizationUrl",
+        "tokenUrl"
+      ],
+      "properties": {
+        "type": {
+          "type": "string",
+          "enum": [
+            "oauth2"
+          ]
+        },
+        "flow": {
+          "type": "string",
+          "enum": [
+            "accessCode"
+          ]
+        },
+        "scopes": {
+          "$ref": "#/definitions/oauth2Scopes"
+        },
+        "authorizationUrl": {
+          "type": "string",
+          "format": "uri"
+        },
+        "tokenUrl": {
+          "type": "string",
+          "format": "uri"
+        },
+        "description": {
+          "type": "string"
+        }
+      },
+      "patternProperties": {
+        "^x-": {
+          "$ref": "#/definitions/vendorExtension"
+        }
+      }
+    },
+    "oauth2Scopes": {
+      "type": "object",
+      "additionalProperties": {
+        "type": "string"
+      }
+    },
+    "mediaTypeList": {
+      "type": "array",
+      "items": {
+        "$ref": "#/definitions/mimeType"
+      },
+      "uniqueItems": true
+    },
+    "parametersList": {
+      "type": "array",
+      "description": "The parameters needed to send a valid API call.",
+      "additionalItems": false,
+      "items": {
+        "oneOf": [
+          {
+            "$ref": "#/definitions/parameter"
+          },
+          {
+            "$ref": "#/definitions/jsonReference"
+          }
+        ]
+      },
+      "uniqueItems": true
+    },
+    "schemesList": {
+      "type": "array",
+      "description": "The transfer protocol of the API.",
+      "items": {
+        "type": "string",
+        "enum": [
+          "http",
+          "https",
+          "ws",
+          "wss"
+        ]
+      },
+      "uniqueItems": true
+    },
+    "collectionFormat": {
+      "type": "string",
+      "enum": [
+        "csv",
+        "ssv",
+        "tsv",
+        "pipes"
+      ],
+      "default": "csv"
+    },
+    "collectionFormatWithMulti": {
+      "type": "string",
+      "enum": [
+        "csv",
+        "ssv",
+        "tsv",
+        "pipes",
+        "multi"
+      ],
+      "default": "csv"
+    },
+    "title": {
+      "$ref": "http://json-schema.org/draft-04/schema#/properties/title"
+    },
+    "description": {
+      "$ref": "http://json-schema.org/draft-04/schema#/properties/description"
+    },
+    "default": {
+      "$ref": "http://json-schema.org/draft-04/schema#/properties/default"
+    },
+    "multipleOf": {
+      "$ref": "http://json-schema.org/draft-04/schema#/properties/multipleOf"
+    },
+    "maximum": {
+      "$ref": "http://json-schema.org/draft-04/schema#/properties/maximum"
+    },
+    "exclusiveMaximum": {
+      "$ref": "http://json-schema.org/draft-04/schema#/properties/exclusiveMaximum"
+    },
+    "minimum": {
+      "$ref": "http://json-schema.org/draft-04/schema#/properties/minimum"
+    },
+    "exclusiveMinimum": {
+      "$ref": "http://json-schema.org/draft-04/schema#/properties/exclusiveMinimum"
+    },
+    "maxLength": {
+      "$ref": "http://json-schema.org/draft-04/schema#/definitions/positiveInteger"
+    },
+    "minLength": {
+      "$ref": "http://json-schema.org/draft-04/schema#/definitions/positiveIntegerDefault0"
+    },
+    "pattern": {
+      "$ref": "http://json-schema.org/draft-04/schema#/properties/pattern"
+    },
+    "maxItems": {
+      "$ref": "http://json-schema.org/draft-04/schema#/definitions/positiveInteger"
+    },
+    "minItems": {
+      "$ref": "http://json-schema.org/draft-04/schema#/definitions/positiveIntegerDefault0"
+    },
+    "uniqueItems": {
+      "$ref": "http://json-schema.org/draft-04/schema#/properties/uniqueItems"
+    },
+    "enum": {
+      "$ref": "http://json-schema.org/draft-04/schema#/properties/enum"
+    },
+    "jsonReference": {
+      "type": "object",
+      "required": [
+        "$ref"
+      ],
+      "additionalProperties": false,
+      "properties": {
+        "$ref": {
+          "type": "string"
+        },
+        "description": {
+          "type": "string"
+        }
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/vendor/github.com/google/gnostic/openapiv3/OpenAPIv3.go b/vendor/github.com/google/gnostic-models/openapiv3/OpenAPIv3.go
similarity index 99%
rename from vendor/github.com/google/gnostic/openapiv3/OpenAPIv3.go
rename to vendor/github.com/google/gnostic-models/openapiv3/OpenAPIv3.go
index d54a84db7..4b1131ce1 100644
--- a/vendor/github.com/google/gnostic/openapiv3/OpenAPIv3.go
+++ b/vendor/github.com/google/gnostic-models/openapiv3/OpenAPIv3.go
@@ -23,7 +23,7 @@ import (
 
 	"gopkg.in/yaml.v3"
 
-	"github.com/google/gnostic/compiler"
+	"github.com/google/gnostic-models/compiler"
 )
 
 // Version returns the package name (and OpenAPI version).
@@ -8560,12 +8560,7 @@ func (m *Strings) ToRawInfo() *yaml.Node {
 	if m == nil {
 		return info
 	}
-	if m.AdditionalProperties != nil {
-		for _, item := range m.AdditionalProperties {
-			info.Content = append(info.Content, compiler.NewScalarNodeForString(item.Name))
-			info.Content = append(info.Content, compiler.NewScalarNodeForString(item.Value))
-		}
-	}
+	// &{Name:additionalProperties Type:NamedString StringEnumValues:[] MapType:string Repeated:true Pattern: Implicit:true Description:}
 	return info
 }
 
diff --git a/vendor/github.com/google/gnostic/openapiv3/OpenAPIv3.pb.go b/vendor/github.com/google/gnostic-models/openapiv3/OpenAPIv3.pb.go
similarity index 99%
rename from vendor/github.com/google/gnostic/openapiv3/OpenAPIv3.pb.go
rename to vendor/github.com/google/gnostic-models/openapiv3/OpenAPIv3.pb.go
index 90a56f552..945b8d11f 100644
--- a/vendor/github.com/google/gnostic/openapiv3/OpenAPIv3.pb.go
+++ b/vendor/github.com/google/gnostic-models/openapiv3/OpenAPIv3.pb.go
@@ -16,8 +16,8 @@
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.28.0
-// 	protoc        v3.19.4
+// 	protoc-gen-go v1.27.1
+// 	protoc        v3.19.3
 // source: openapiv3/OpenAPIv3.proto
 
 package openapi_v3
@@ -6760,13 +6760,12 @@ var file_openapiv3_OpenAPIv3_proto_rawDesc = []byte{
 	0x5f, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x06, 0x20, 0x03, 0x28, 0x0b,
 	0x32, 0x14, 0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x33, 0x2e, 0x4e, 0x61,
 	0x6d, 0x65, 0x64, 0x41, 0x6e, 0x79, 0x52, 0x16, 0x73, 0x70, 0x65, 0x63, 0x69, 0x66, 0x69, 0x63,
-	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x45, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x42, 0x56,
+	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x45, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x42, 0x3e,
 	0x0a, 0x0e, 0x6f, 0x72, 0x67, 0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x61, 0x70, 0x69, 0x5f, 0x76, 0x33,
 	0x42, 0x0c, 0x4f, 0x70, 0x65, 0x6e, 0x41, 0x50, 0x49, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01,
-	0x5a, 0x2e, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x67, 0x6f, 0x6f,
-	0x67, 0x6c, 0x65, 0x2f, 0x67, 0x6e, 0x6f, 0x73, 0x74, 0x69, 0x63, 0x2f, 0x6f, 0x70, 0x65, 0x6e,
-	0x61, 0x70, 0x69, 0x76, 0x33, 0x3b, 0x6f, 0x70, 0x65, 0x6e, 0x61, 0x70, 0x69, 0x5f, 0x76, 0x33,
-	0xa2, 0x02, 0x03, 0x4f, 0x41, 0x53, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+	0x5a, 0x16, 0x2e, 0x2f, 0x6f, 0x70, 0x65, 0x6e, 0x61, 0x70, 0x69, 0x76, 0x33, 0x3b, 0x6f, 0x70,
+	0x65, 0x6e, 0x61, 0x70, 0x69, 0x5f, 0x76, 0x33, 0xa2, 0x02, 0x03, 0x4f, 0x41, 0x53, 0x62, 0x06,
+	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
 }
 
 var (
diff --git a/vendor/github.com/google/gnostic/openapiv3/OpenAPIv3.proto b/vendor/github.com/google/gnostic-models/openapiv3/OpenAPIv3.proto
similarity index 99%
rename from vendor/github.com/google/gnostic/openapiv3/OpenAPIv3.proto
rename to vendor/github.com/google/gnostic-models/openapiv3/OpenAPIv3.proto
index 7aede5ed9..1be335b89 100644
--- a/vendor/github.com/google/gnostic/openapiv3/OpenAPIv3.proto
+++ b/vendor/github.com/google/gnostic-models/openapiv3/OpenAPIv3.proto
@@ -42,7 +42,7 @@ option java_package = "org.openapi_v3";
 option objc_class_prefix = "OAS";
 
 // The Go package name.
-option go_package = "github.com/google/gnostic/openapiv3;openapi_v3";
+option go_package = "./openapiv3;openapi_v3";
 
 message AdditionalPropertiesItem {
   oneof oneof {
diff --git a/vendor/github.com/google/gnostic/openapiv3/README.md b/vendor/github.com/google/gnostic-models/openapiv3/README.md
similarity index 89%
rename from vendor/github.com/google/gnostic/openapiv3/README.md
rename to vendor/github.com/google/gnostic-models/openapiv3/README.md
index 83603b82a..5ee12d92e 100644
--- a/vendor/github.com/google/gnostic/openapiv3/README.md
+++ b/vendor/github.com/google/gnostic-models/openapiv3/README.md
@@ -19,7 +19,3 @@ for OpenAPI.
 
 The schema-generator directory contains support code which generates
 openapi-3.1.json from the OpenAPI 3.1 specification document (Markdown).
-
-### How to rebuild
-
-`protoc -I=. -I=third_party --go_out=. --go_opt=paths=source_relative openapiv3/*.proto`
\ No newline at end of file
diff --git a/vendor/github.com/google/gnostic/openapiv3/annotations.pb.go b/vendor/github.com/google/gnostic-models/openapiv3/annotations.pb.go
similarity index 90%
rename from vendor/github.com/google/gnostic/openapiv3/annotations.pb.go
rename to vendor/github.com/google/gnostic-models/openapiv3/annotations.pb.go
index ae242f304..5c2b63e26 100644
--- a/vendor/github.com/google/gnostic/openapiv3/annotations.pb.go
+++ b/vendor/github.com/google/gnostic-models/openapiv3/annotations.pb.go
@@ -14,8 +14,8 @@
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.28.0
-// 	protoc        v3.19.4
+// 	protoc-gen-go v1.27.1
+// 	protoc        v3.19.3
 // source: openapiv3/annotations.proto
 
 package openapi_v3
@@ -98,10 +98,10 @@ var File_openapiv3_annotations_proto protoreflect.FileDescriptor
 var file_openapiv3_annotations_proto_rawDesc = []byte{
 	0x0a, 0x1b, 0x6f, 0x70, 0x65, 0x6e, 0x61, 0x70, 0x69, 0x76, 0x33, 0x2f, 0x61, 0x6e, 0x6e, 0x6f,
 	0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x0a, 0x6f,
-	0x70, 0x65, 0x6e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x33, 0x1a, 0x19, 0x6f, 0x70, 0x65, 0x6e, 0x61,
-	0x70, 0x69, 0x76, 0x33, 0x2f, 0x4f, 0x70, 0x65, 0x6e, 0x41, 0x50, 0x49, 0x76, 0x33, 0x2e, 0x70,
-	0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x20, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f,
-	0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72,
+	0x70, 0x65, 0x6e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x33, 0x1a, 0x20, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
+	0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x64, 0x65, 0x73, 0x63, 0x72,
+	0x69, 0x70, 0x74, 0x6f, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x19, 0x6f, 0x70, 0x65,
+	0x6e, 0x61, 0x70, 0x69, 0x76, 0x33, 0x2f, 0x4f, 0x70, 0x65, 0x6e, 0x41, 0x50, 0x49, 0x76, 0x33,
 	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x3a, 0x4f, 0x0a, 0x08, 0x64, 0x6f, 0x63, 0x75, 0x6d, 0x65,
 	0x6e, 0x74, 0x12, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74,
 	0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x6c, 0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73,
@@ -122,13 +122,12 @@ var file_openapiv3_annotations_proto_rawDesc = []byte{
 	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x4f,
 	0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0xf7, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x12, 0x2e,
 	0x6f, 0x70, 0x65, 0x6e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x33, 0x2e, 0x53, 0x63, 0x68, 0x65, 0x6d,
-	0x61, 0x52, 0x08, 0x70, 0x72, 0x6f, 0x70, 0x65, 0x72, 0x74, 0x79, 0x42, 0x5a, 0x0a, 0x0e, 0x6f,
+	0x61, 0x52, 0x08, 0x70, 0x72, 0x6f, 0x70, 0x65, 0x72, 0x74, 0x79, 0x42, 0x42, 0x0a, 0x0e, 0x6f,
 	0x72, 0x67, 0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x61, 0x70, 0x69, 0x5f, 0x76, 0x33, 0x42, 0x10, 0x41,
 	0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50,
-	0x01, 0x5a, 0x2e, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x67, 0x6f,
-	0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x67, 0x6e, 0x6f, 0x73, 0x74, 0x69, 0x63, 0x2f, 0x6f, 0x70, 0x65,
-	0x6e, 0x61, 0x70, 0x69, 0x76, 0x33, 0x3b, 0x6f, 0x70, 0x65, 0x6e, 0x61, 0x70, 0x69, 0x5f, 0x76,
-	0x33, 0xa2, 0x02, 0x03, 0x4f, 0x41, 0x53, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+	0x01, 0x5a, 0x16, 0x2e, 0x2f, 0x6f, 0x70, 0x65, 0x6e, 0x61, 0x70, 0x69, 0x76, 0x33, 0x3b, 0x6f,
+	0x70, 0x65, 0x6e, 0x61, 0x70, 0x69, 0x5f, 0x76, 0x33, 0xa2, 0x02, 0x03, 0x4f, 0x41, 0x53, 0x62,
+	0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
 }
 
 var file_openapiv3_annotations_proto_goTypes = []interface{}{
diff --git a/vendor/github.com/google/gnostic/openapiv3/annotations.proto b/vendor/github.com/google/gnostic-models/openapiv3/annotations.proto
similarity index 96%
rename from vendor/github.com/google/gnostic/openapiv3/annotations.proto
rename to vendor/github.com/google/gnostic-models/openapiv3/annotations.proto
index 0bd87810d..09ee0aac5 100644
--- a/vendor/github.com/google/gnostic/openapiv3/annotations.proto
+++ b/vendor/github.com/google/gnostic-models/openapiv3/annotations.proto
@@ -16,23 +16,22 @@ syntax = "proto3";
 
 package openapi.v3;
 
-import "openapiv3/OpenAPIv3.proto";
 import "google/protobuf/descriptor.proto";
+import "openapiv3/OpenAPIv3.proto";
 
+// The Go package name.
+option go_package = "./openapiv3;openapi_v3";
 // This option lets the proto compiler generate Java code inside the package
 // name (see below) instead of inside an outer class. It creates a simpler
 // developer experience by reducing one-level of name nesting and be
 // consistent with most programming languages that don't support outer classes.
 option java_multiple_files = true;
-
 // The Java outer classname should be the filename in UpperCamelCase. This
 // class is only used to hold proto descriptor, so developers don't need to
 // work with it directly.
 option java_outer_classname = "AnnotationsProto";
-
 // The Java package name must be proto package name with proper prefix.
 option java_package = "org.openapi_v3";
-
 // A reasonable prefix for the Objective-C symbols generated from the package.
 // It should at a minimum be 3 characters long, all uppercase, and convention
 // is to use an abbreviation of the package name. Something short, but
@@ -40,9 +39,6 @@ option java_package = "org.openapi_v3";
 // the future. 'GPB' is reserved for the protocol buffer implementation itself.
 option objc_class_prefix = "OAS";
 
-// The Go package name.
-option go_package = "github.com/google/gnostic/openapiv3;openapi_v3";
-
 extend google.protobuf.FileOptions {
   Document document = 1143;
 }
@@ -57,4 +53,4 @@ extend google.protobuf.MessageOptions {
 
 extend google.protobuf.FieldOptions {
   Schema property = 1143;
-}
\ No newline at end of file
+}
diff --git a/vendor/github.com/google/gnostic/openapiv3/document.go b/vendor/github.com/google/gnostic-models/openapiv3/document.go
similarity index 96%
rename from vendor/github.com/google/gnostic/openapiv3/document.go
rename to vendor/github.com/google/gnostic-models/openapiv3/document.go
index ef10d1d90..1cee46773 100644
--- a/vendor/github.com/google/gnostic/openapiv3/document.go
+++ b/vendor/github.com/google/gnostic-models/openapiv3/document.go
@@ -17,7 +17,7 @@ package openapi_v3
 import (
 	"gopkg.in/yaml.v3"
 
-	"github.com/google/gnostic/compiler"
+	"github.com/google/gnostic-models/compiler"
 )
 
 // ParseDocument reads an OpenAPI v3 description from a YAML/JSON representation.
diff --git a/vendor/github.com/google/gnostic/openapiv3/openapi-3.0.json b/vendor/github.com/google/gnostic/openapiv3/openapi-3.0.json
deleted file mode 100644
index d5caed162..000000000
--- a/vendor/github.com/google/gnostic/openapiv3/openapi-3.0.json
+++ /dev/null
@@ -1,1251 +0,0 @@
-{
-  "title": "A JSON Schema for OpenAPI 3.0.",
-  "id": "http://openapis.org/v3/schema.json#",
-  "$schema": "http://json-schema.org/draft-04/schema#",
-  "type": "object",
-  "description": "This is the root document object of the OpenAPI document.",
-  "required": [
-    "openapi",
-    "info",
-    "paths"
-  ],
-  "additionalProperties": false,
-  "patternProperties": {
-    "^x-": {
-      "$ref": "#/definitions/specificationExtension"
-    }
-  },
-  "properties": {
-    "openapi": {
-      "type": "string"
-    },
-    "info": {
-      "$ref": "#/definitions/info"
-    },
-    "servers": {
-      "type": "array",
-      "items": {
-        "$ref": "#/definitions/server"
-      },
-      "uniqueItems": true
-    },
-    "paths": {
-      "$ref": "#/definitions/paths"
-    },
-    "components": {
-      "$ref": "#/definitions/components"
-    },
-    "security": {
-      "type": "array",
-      "items": {
-        "$ref": "#/definitions/securityRequirement"
-      },
-      "uniqueItems": true
-    },
-    "tags": {
-      "type": "array",
-      "items": {
-        "$ref": "#/definitions/tag"
-      },
-      "uniqueItems": true
-    },
-    "externalDocs": {
-      "$ref": "#/definitions/externalDocs"
-    }
-  },
-  "definitions": {
-    "info": {
-      "type": "object",
-      "description": "The object provides metadata about the API. The metadata MAY be used by the clients if needed, and MAY be presented in editing or documentation generation tools for convenience.",
-      "required": [
-        "title",
-        "version"
-      ],
-      "additionalProperties": false,
-      "patternProperties": {
-        "^x-": {
-          "$ref": "#/definitions/specificationExtension"
-        }
-      },
-      "properties": {
-        "title": {
-          "type": "string"
-        },
-        "description": {
-          "type": "string"
-        },
-        "termsOfService": {
-          "type": "string"
-        },
-        "contact": {
-          "$ref": "#/definitions/contact"
-        },
-        "license": {
-          "$ref": "#/definitions/license"
-        },
-        "version": {
-          "type": "string"
-        }
-      }
-    },
-    "contact": {
-      "type": "object",
-      "description": "Contact information for the exposed API.",
-      "additionalProperties": false,
-      "patternProperties": {
-        "^x-": {
-          "$ref": "#/definitions/specificationExtension"
-        }
-      },
-      "properties": {
-        "name": {
-          "type": "string"
-        },
-        "url": {
-          "type": "string",
-          "format": "uri"
-        },
-        "email": {
-          "type": "string",
-          "format": "email"
-        }
-      }
-    },
-    "license": {
-      "type": "object",
-      "description": "License information for the exposed API.",
-      "required": [
-        "name"
-      ],
-      "additionalProperties": false,
-      "patternProperties": {
-        "^x-": {
-          "$ref": "#/definitions/specificationExtension"
-        }
-      },
-      "properties": {
-        "name": {
-          "type": "string"
-        },
-        "url": {
-          "type": "string"
-        }
-      }
-    },
-    "server": {
-      "type": "object",
-      "description": "An object representing a Server.",
-      "required": [
-        "url"
-      ],
-      "additionalProperties": false,
-      "patternProperties": {
-        "^x-": {
-          "$ref": "#/definitions/specificationExtension"
-        }
-      },
-      "properties": {
-        "url": {
-          "type": "string"
-        },
-        "description": {
-          "type": "string"
-        },
-        "variables": {
-          "$ref": "#/definitions/serverVariables"
-        }
-      }
-    },
-    "serverVariable": {
-      "type": "object",
-      "description": "An object representing a Server Variable for server URL template substitution.",
-      "required": [
-        "default"
-      ],
-      "additionalProperties": false,
-      "patternProperties": {
-        "^x-": {
-          "$ref": "#/definitions/specificationExtension"
-        }
-      },
-      "properties": {
-        "enum": {
-          "type": "array",
-          "items": {
-            "type": "string"
-          },
-          "uniqueItems": true
-        },
-        "default": {
-          "type": "string"
-        },
-        "description": {
-          "type": "string"
-        }
-      }
-    },
-    "components": {
-      "type": "object",
-      "description": "Holds a set of reusable objects for different aspects of the OAS. All objects defined within the components object will have no effect on the API unless they are explicitly referenced from properties outside the components object.",
-      "additionalProperties": false,
-      "patternProperties": {
-        "^x-": {
-          "$ref": "#/definitions/specificationExtension"
-        }
-      },
-      "properties": {
-        "schemas": {
-          "$ref": "#/definitions/schemasOrReferences"
-        },
-        "responses": {
-          "$ref": "#/definitions/responsesOrReferences"
-        },
-        "parameters": {
-          "$ref": "#/definitions/parametersOrReferences"
-        },
-        "examples": {
-          "$ref": "#/definitions/examplesOrReferences"
-        },
-        "requestBodies": {
-          "$ref": "#/definitions/requestBodiesOrReferences"
-        },
-        "headers": {
-          "$ref": "#/definitions/headersOrReferences"
-        },
-        "securitySchemes": {
-          "$ref": "#/definitions/securitySchemesOrReferences"
-        },
-        "links": {
-          "$ref": "#/definitions/linksOrReferences"
-        },
-        "callbacks": {
-          "$ref": "#/definitions/callbacksOrReferences"
-        }
-      }
-    },
-    "paths": {
-      "type": "object",
-      "description": "Holds the relative paths to the individual endpoints and their operations. The path is appended to the URL from the `Server Object` in order to construct the full URL.  The Paths MAY be empty, due to ACL constraints.",
-      "additionalProperties": false,
-      "patternProperties": {
-        "^/": {
-          "$ref": "#/definitions/pathItem"
-        },
-        "^x-": {
-          "$ref": "#/definitions/specificationExtension"
-        }
-      }
-    },
-    "pathItem": {
-      "type": "object",
-      "description": "Describes the operations available on a single path. A Path Item MAY be empty, due to ACL constraints. The path itself is still exposed to the documentation viewer but they will not know which operations and parameters are available.",
-      "additionalProperties": false,
-      "patternProperties": {
-        "^x-": {
-          "$ref": "#/definitions/specificationExtension"
-        }
-      },
-      "properties": {
-        "$ref": {
-          "type": "string"
-        },
-        "summary": {
-          "type": "string"
-        },
-        "description": {
-          "type": "string"
-        },
-        "get": {
-          "$ref": "#/definitions/operation"
-        },
-        "put": {
-          "$ref": "#/definitions/operation"
-        },
-        "post": {
-          "$ref": "#/definitions/operation"
-        },
-        "delete": {
-          "$ref": "#/definitions/operation"
-        },
-        "options": {
-          "$ref": "#/definitions/operation"
-        },
-        "head": {
-          "$ref": "#/definitions/operation"
-        },
-        "patch": {
-          "$ref": "#/definitions/operation"
-        },
-        "trace": {
-          "$ref": "#/definitions/operation"
-        },
-        "servers": {
-          "type": "array",
-          "items": {
-            "$ref": "#/definitions/server"
-          },
-          "uniqueItems": true
-        },
-        "parameters": {
-          "type": "array",
-          "items": {
-            "$ref": "#/definitions/parameterOrReference"
-          },
-          "uniqueItems": true
-        }
-      }
-    },
-    "operation": {
-      "type": "object",
-      "description": "Describes a single API operation on a path.",
-      "required": [
-        "responses"
-      ],
-      "additionalProperties": false,
-      "patternProperties": {
-        "^x-": {
-          "$ref": "#/definitions/specificationExtension"
-        }
-      },
-      "properties": {
-        "tags": {
-          "type": "array",
-          "items": {
-            "type": "string"
-          },
-          "uniqueItems": true
-        },
-        "summary": {
-          "type": "string"
-        },
-        "description": {
-          "type": "string"
-        },
-        "externalDocs": {
-          "$ref": "#/definitions/externalDocs"
-        },
-        "operationId": {
-          "type": "string"
-        },
-        "parameters": {
-          "type": "array",
-          "items": {
-            "$ref": "#/definitions/parameterOrReference"
-          },
-          "uniqueItems": true
-        },
-        "requestBody": {
-          "$ref": "#/definitions/requestBodyOrReference"
-        },
-        "responses": {
-          "$ref": "#/definitions/responses"
-        },
-        "callbacks": {
-          "$ref": "#/definitions/callbacksOrReferences"
-        },
-        "deprecated": {
-          "type": "boolean"
-        },
-        "security": {
-          "type": "array",
-          "items": {
-            "$ref": "#/definitions/securityRequirement"
-          },
-          "uniqueItems": true
-        },
-        "servers": {
-          "type": "array",
-          "items": {
-            "$ref": "#/definitions/server"
-          },
-          "uniqueItems": true
-        }
-      }
-    },
-    "externalDocs": {
-      "type": "object",
-      "description": "Allows referencing an external resource for extended documentation.",
-      "required": [
-        "url"
-      ],
-      "additionalProperties": false,
-      "patternProperties": {
-        "^x-": {
-          "$ref": "#/definitions/specificationExtension"
-        }
-      },
-      "properties": {
-        "description": {
-          "type": "string"
-        },
-        "url": {
-          "type": "string"
-        }
-      }
-    },
-    "parameter": {
-      "type": "object",
-      "description": "Describes a single operation parameter.  A unique parameter is defined by a combination of a name and location.",
-      "required": [
-        "name",
-        "in"
-      ],
-      "additionalProperties": false,
-      "patternProperties": {
-        "^x-": {
-          "$ref": "#/definitions/specificationExtension"
-        }
-      },
-      "properties": {
-        "name": {
-          "type": "string"
-        },
-        "in": {
-          "type": "string"
-        },
-        "description": {
-          "type": "string"
-        },
-        "required": {
-          "type": "boolean"
-        },
-        "deprecated": {
-          "type": "boolean"
-        },
-        "allowEmptyValue": {
-          "type": "boolean"
-        },
-        "style": {
-          "type": "string"
-        },
-        "explode": {
-          "type": "boolean"
-        },
-        "allowReserved": {
-          "type": "boolean"
-        },
-        "schema": {
-          "$ref": "#/definitions/schemaOrReference"
-        },
-        "example": {
-          "$ref": "#/definitions/any"
-        },
-        "examples": {
-          "$ref": "#/definitions/examplesOrReferences"
-        },
-        "content": {
-          "$ref": "#/definitions/mediaTypes"
-        }
-      }
-    },
-    "requestBody": {
-      "type": "object",
-      "description": "Describes a single request body.",
-      "required": [
-        "content"
-      ],
-      "additionalProperties": false,
-      "patternProperties": {
-        "^x-": {
-          "$ref": "#/definitions/specificationExtension"
-        }
-      },
-      "properties": {
-        "description": {
-          "type": "string"
-        },
-        "content": {
-          "$ref": "#/definitions/mediaTypes"
-        },
-        "required": {
-          "type": "boolean"
-        }
-      }
-    },
-    "mediaType": {
-      "type": "object",
-      "description": "Each Media Type Object provides schema and examples for the media type identified by its key.",
-      "additionalProperties": false,
-      "patternProperties": {
-        "^x-": {
-          "$ref": "#/definitions/specificationExtension"
-        }
-      },
-      "properties": {
-        "schema": {
-          "$ref": "#/definitions/schemaOrReference"
-        },
-        "example": {
-          "$ref": "#/definitions/any"
-        },
-        "examples": {
-          "$ref": "#/definitions/examplesOrReferences"
-        },
-        "encoding": {
-          "$ref": "#/definitions/encodings"
-        }
-      }
-    },
-    "encoding": {
-      "type": "object",
-      "description": "A single encoding definition applied to a single schema property.",
-      "additionalProperties": false,
-      "patternProperties": {
-        "^x-": {
-          "$ref": "#/definitions/specificationExtension"
-        }
-      },
-      "properties": {
-        "contentType": {
-          "type": "string"
-        },
-        "headers": {
-          "$ref": "#/definitions/headersOrReferences"
-        },
-        "style": {
-          "type": "string"
-        },
-        "explode": {
-          "type": "boolean"
-        },
-        "allowReserved": {
-          "type": "boolean"
-        }
-      }
-    },
-    "responses": {
-      "type": "object",
-      "description": "A container for the expected responses of an operation. The container maps a HTTP response code to the expected response.  The documentation is not necessarily expected to cover all possible HTTP response codes because they may not be known in advance. However, documentation is expected to cover a successful operation response and any known errors.  The `default` MAY be used as a default response object for all HTTP codes  that are not covered individually by the specification.  The `Responses Object` MUST contain at least one response code, and it  SHOULD be the response for a successful operation call.",
-      "additionalProperties": false,
-      "patternProperties": {
-        "^([0-9X]{3})$": {
-          "$ref": "#/definitions/responseOrReference"
-        },
-        "^x-": {
-          "$ref": "#/definitions/specificationExtension"
-        }
-      },
-      "properties": {
-        "default": {
-          "$ref": "#/definitions/responseOrReference"
-        }
-      }
-    },
-    "response": {
-      "type": "object",
-      "description": "Describes a single response from an API Operation, including design-time, static  `links` to operations based on the response.",
-      "required": [
-        "description"
-      ],
-      "additionalProperties": false,
-      "patternProperties": {
-        "^x-": {
-          "$ref": "#/definitions/specificationExtension"
-        }
-      },
-      "properties": {
-        "description": {
-          "type": "string"
-        },
-        "headers": {
-          "$ref": "#/definitions/headersOrReferences"
-        },
-        "content": {
-          "$ref": "#/definitions/mediaTypes"
-        },
-        "links": {
-          "$ref": "#/definitions/linksOrReferences"
-        }
-      }
-    },
-    "callback": {
-      "type": "object",
-      "description": "A map of possible out-of band callbacks related to the parent operation. Each value in the map is a Path Item Object that describes a set of requests that may be initiated by the API provider and the expected responses. The key value used to identify the callback object is an expression, evaluated at runtime, that identifies a URL to use for the callback operation.",
-      "additionalProperties": false,
-      "patternProperties": {
-        "^": {
-          "$ref": "#/definitions/pathItem"
-        },
-        "^x-": {
-          "$ref": "#/definitions/specificationExtension"
-        }
-      }
-    },
-    "example": {
-      "type": "object",
-      "description": "",
-      "additionalProperties": false,
-      "patternProperties": {
-        "^x-": {
-          "$ref": "#/definitions/specificationExtension"
-        }
-      },
-      "properties": {
-        "summary": {
-          "type": "string"
-        },
-        "description": {
-          "type": "string"
-        },
-        "value": {
-          "$ref": "#/definitions/any"
-        },
-        "externalValue": {
-          "type": "string"
-        }
-      }
-    },
-    "link": {
-      "type": "object",
-      "description": "The `Link object` represents a possible design-time link for a response. The presence of a link does not guarantee the caller's ability to successfully invoke it, rather it provides a known relationship and traversal mechanism between responses and other operations.  Unlike _dynamic_ links (i.e. links provided **in** the response payload), the OAS linking mechanism does not require link information in the runtime response.  For computing links, and providing instructions to execute them, a runtime expression is used for accessing values in an operation and using them as parameters while invoking the linked operation.",
-      "additionalProperties": false,
-      "patternProperties": {
-        "^x-": {
-          "$ref": "#/definitions/specificationExtension"
-        }
-      },
-      "properties": {
-        "operationRef": {
-          "type": "string"
-        },
-        "operationId": {
-          "type": "string"
-        },
-        "parameters": {
-          "$ref": "#/definitions/anysOrExpressions"
-        },
-        "requestBody": {
-          "$ref": "#/definitions/anyOrExpression"
-        },
-        "description": {
-          "type": "string"
-        },
-        "server": {
-          "$ref": "#/definitions/server"
-        }
-      }
-    },
-    "header": {
-      "type": "object",
-      "description": "The Header Object follows the structure of the Parameter Object with the following changes:  1. `name` MUST NOT be specified, it is given in the corresponding `headers` map. 1. `in` MUST NOT be specified, it is implicitly in `header`. 1. All traits that are affected by the location MUST be applicable to a location of `header` (for example, `style`).",
-      "additionalProperties": false,
-      "patternProperties": {
-        "^x-": {
-          "$ref": "#/definitions/specificationExtension"
-        }
-      },
-      "properties": {
-        "description": {
-          "type": "string"
-        },
-        "required": {
-          "type": "boolean"
-        },
-        "deprecated": {
-          "type": "boolean"
-        },
-        "allowEmptyValue": {
-          "type": "boolean"
-        },
-        "style": {
-          "type": "string"
-        },
-        "explode": {
-          "type": "boolean"
-        },
-        "allowReserved": {
-          "type": "boolean"
-        },
-        "schema": {
-          "$ref": "#/definitions/schemaOrReference"
-        },
-        "example": {
-          "$ref": "#/definitions/any"
-        },
-        "examples": {
-          "$ref": "#/definitions/examplesOrReferences"
-        },
-        "content": {
-          "$ref": "#/definitions/mediaTypes"
-        }
-      }
-    },
-    "tag": {
-      "type": "object",
-      "description": "Adds metadata to a single tag that is used by the Operation Object. It is not mandatory to have a Tag Object per tag defined in the Operation Object instances.",
-      "required": [
-        "name"
-      ],
-      "additionalProperties": false,
-      "patternProperties": {
-        "^x-": {
-          "$ref": "#/definitions/specificationExtension"
-        }
-      },
-      "properties": {
-        "name": {
-          "type": "string"
-        },
-        "description": {
-          "type": "string"
-        },
-        "externalDocs": {
-          "$ref": "#/definitions/externalDocs"
-        }
-      }
-    },
-    "reference": {
-      "type": "object",
-      "description": "A simple object to allow referencing other components in the specification, internally and externally.  The Reference Object is defined by JSON Reference and follows the same structure, behavior and rules.   For this specification, reference resolution is accomplished as defined by the JSON Reference specification and not by the JSON Schema specification.",
-      "required": [
-        "$ref"
-      ],
-      "additionalProperties": false,
-      "properties": {
-        "$ref": {
-          "type": "string"
-        },
-        "summary": {
-          "type": "string"
-        },
-        "description": {
-          "type": "string"
-        }
-      }
-    },
-    "schema": {
-      "type": "object",
-      "description": "The Schema Object allows the definition of input and output data types. These types can be objects, but also primitives and arrays. This object is an extended subset of the JSON Schema Specification Wright Draft 00.  For more information about the properties, see JSON Schema Core and JSON Schema Validation. Unless stated otherwise, the property definitions follow the JSON Schema.",
-      "additionalProperties": false,
-      "patternProperties": {
-        "^x-": {
-          "$ref": "#/definitions/specificationExtension"
-        }
-      },
-      "properties": {
-        "nullable": {
-          "type": "boolean"
-        },
-        "discriminator": {
-          "$ref": "#/definitions/discriminator"
-        },
-        "readOnly": {
-          "type": "boolean"
-        },
-        "writeOnly": {
-          "type": "boolean"
-        },
-        "xml": {
-          "$ref": "#/definitions/xml"
-        },
-        "externalDocs": {
-          "$ref": "#/definitions/externalDocs"
-        },
-        "example": {
-          "$ref": "#/definitions/any"
-        },
-        "deprecated": {
-          "type": "boolean"
-        },
-        "title": {
-          "$ref": "http://json-schema.org/draft-04/schema#/properties/title"
-        },
-        "multipleOf": {
-          "$ref": "http://json-schema.org/draft-04/schema#/properties/multipleOf"
-        },
-        "maximum": {
-          "$ref": "http://json-schema.org/draft-04/schema#/properties/maximum"
-        },
-        "exclusiveMaximum": {
-          "$ref": "http://json-schema.org/draft-04/schema#/properties/exclusiveMaximum"
-        },
-        "minimum": {
-          "$ref": "http://json-schema.org/draft-04/schema#/properties/minimum"
-        },
-        "exclusiveMinimum": {
-          "$ref": "http://json-schema.org/draft-04/schema#/properties/exclusiveMinimum"
-        },
-        "maxLength": {
-          "$ref": "http://json-schema.org/draft-04/schema#/properties/maxLength"
-        },
-        "minLength": {
-          "$ref": "http://json-schema.org/draft-04/schema#/properties/minLength"
-        },
-        "pattern": {
-          "$ref": "http://json-schema.org/draft-04/schema#/properties/pattern"
-        },
-        "maxItems": {
-          "$ref": "http://json-schema.org/draft-04/schema#/properties/maxItems"
-        },
-        "minItems": {
-          "$ref": "http://json-schema.org/draft-04/schema#/properties/minItems"
-        },
-        "uniqueItems": {
-          "$ref": "http://json-schema.org/draft-04/schema#/properties/uniqueItems"
-        },
-        "maxProperties": {
-          "$ref": "http://json-schema.org/draft-04/schema#/properties/maxProperties"
-        },
-        "minProperties": {
-          "$ref": "http://json-schema.org/draft-04/schema#/properties/minProperties"
-        },
-        "required": {
-          "$ref": "http://json-schema.org/draft-04/schema#/properties/required"
-        },
-        "enum": {
-          "$ref": "http://json-schema.org/draft-04/schema#/properties/enum"
-        },
-        "type": {
-          "type": "string"
-        },
-        "allOf": {
-          "type": "array",
-          "items": {
-            "$ref": "#/definitions/schemaOrReference"
-          },
-          "minItems": 1
-        },
-        "oneOf": {
-          "type": "array",
-          "items": {
-            "$ref": "#/definitions/schemaOrReference"
-          },
-          "minItems": 1
-        },
-        "anyOf": {
-          "type": "array",
-          "items": {
-            "$ref": "#/definitions/schemaOrReference"
-          },
-          "minItems": 1
-        },
-        "not": {
-          "$ref": "#/definitions/schema"
-        },
-        "items": {
-          "anyOf": [
-            {
-              "$ref": "#/definitions/schemaOrReference"
-            },
-            {
-              "type": "array",
-              "items": {
-                "$ref": "#/definitions/schemaOrReference"
-              },
-              "minItems": 1
-            }
-          ]
-        },
-        "properties": {
-          "type": "object",
-          "additionalProperties": {
-            "$ref": "#/definitions/schemaOrReference"
-          }
-        },
-        "additionalProperties": {
-          "oneOf": [
-            {
-              "$ref": "#/definitions/schemaOrReference"
-            },
-            {
-              "type": "boolean"
-            }
-          ]
-        },
-        "default": {
-          "$ref": "#/definitions/defaultType"
-        },
-        "description": {
-          "type": "string"
-        },
-        "format": {
-          "type": "string"
-        }
-      }
-    },
-    "discriminator": {
-      "type": "object",
-      "description": "When request bodies or response payloads may be one of a number of different schemas, a `discriminator` object can be used to aid in serialization, deserialization, and validation.  The discriminator is a specific object in a schema which is used to inform the consumer of the specification of an alternative schema based on the value associated with it.  When using the discriminator, _inline_ schemas will not be considered.",
-      "required": [
-        "propertyName"
-      ],
-      "additionalProperties": false,
-      "properties": {
-        "propertyName": {
-          "type": "string"
-        },
-        "mapping": {
-          "$ref": "#/definitions/strings"
-        }
-      }
-    },
-    "xml": {
-      "type": "object",
-      "description": "A metadata object that allows for more fine-tuned XML model definitions.  When using arrays, XML element names are *not* inferred (for singular/plural forms) and the `name` property SHOULD be used to add that information. See examples for expected behavior.",
-      "additionalProperties": false,
-      "patternProperties": {
-        "^x-": {
-          "$ref": "#/definitions/specificationExtension"
-        }
-      },
-      "properties": {
-        "name": {
-          "type": "string"
-        },
-        "namespace": {
-          "type": "string"
-        },
-        "prefix": {
-          "type": "string"
-        },
-        "attribute": {
-          "type": "boolean"
-        },
-        "wrapped": {
-          "type": "boolean"
-        }
-      }
-    },
-    "securityScheme": {
-      "type": "object",
-      "description": "Defines a security scheme that can be used by the operations. Supported schemes are HTTP authentication, an API key (either as a header or as a query parameter), OAuth2's common flows (implicit, password, application and access code) as defined in RFC6749, and OpenID Connect Discovery.",
-      "required": [
-        "type"
-      ],
-      "additionalProperties": false,
-      "patternProperties": {
-        "^x-": {
-          "$ref": "#/definitions/specificationExtension"
-        }
-      },
-      "properties": {
-        "type": {
-          "type": "string"
-        },
-        "description": {
-          "type": "string"
-        },
-        "name": {
-          "type": "string"
-        },
-        "in": {
-          "type": "string"
-        },
-        "scheme": {
-          "type": "string"
-        },
-        "bearerFormat": {
-          "type": "string"
-        },
-        "flows": {
-          "$ref": "#/definitions/oauthFlows"
-        },
-        "openIdConnectUrl": {
-          "type": "string"
-        }
-      }
-    },
-    "oauthFlows": {
-      "type": "object",
-      "description": "Allows configuration of the supported OAuth Flows.",
-      "additionalProperties": false,
-      "patternProperties": {
-        "^x-": {
-          "$ref": "#/definitions/specificationExtension"
-        }
-      },
-      "properties": {
-        "implicit": {
-          "$ref": "#/definitions/oauthFlow"
-        },
-        "password": {
-          "$ref": "#/definitions/oauthFlow"
-        },
-        "clientCredentials": {
-          "$ref": "#/definitions/oauthFlow"
-        },
-        "authorizationCode": {
-          "$ref": "#/definitions/oauthFlow"
-        }
-      }
-    },
-    "oauthFlow": {
-      "type": "object",
-      "description": "Configuration details for a supported OAuth Flow",
-      "additionalProperties": false,
-      "patternProperties": {
-        "^x-": {
-          "$ref": "#/definitions/specificationExtension"
-        }
-      },
-      "properties": {
-        "authorizationUrl": {
-          "type": "string"
-        },
-        "tokenUrl": {
-          "type": "string"
-        },
-        "refreshUrl": {
-          "type": "string"
-        },
-        "scopes": {
-          "$ref": "#/definitions/strings"
-        }
-      }
-    },
-    "securityRequirement": {
-      "type": "object",
-      "description": "Lists the required security schemes to execute this operation. The name used for each property MUST correspond to a security scheme declared in the Security Schemes under the Components Object.  Security Requirement Objects that contain multiple schemes require that all schemes MUST be satisfied for a request to be authorized. This enables support for scenarios where multiple query parameters or HTTP headers are required to convey security information.  When a list of Security Requirement Objects is defined on the Open API object or Operation Object, only one of Security Requirement Objects in the list needs to be satisfied to authorize the request.",
-      "additionalProperties": false,
-      "patternProperties": {
-        "^[a-zA-Z0-9\\.\\-_]+$": {
-          "type": "array",
-          "items": {
-            "type": "string"
-          },
-          "uniqueItems": true
-        }
-      }
-    },
-    "anyOrExpression": {
-      "oneOf": [
-        {
-          "$ref": "#/definitions/any"
-        },
-        {
-          "$ref": "#/definitions/expression"
-        }
-      ]
-    },
-    "callbackOrReference": {
-      "oneOf": [
-        {
-          "$ref": "#/definitions/callback"
-        },
-        {
-          "$ref": "#/definitions/reference"
-        }
-      ]
-    },
-    "exampleOrReference": {
-      "oneOf": [
-        {
-          "$ref": "#/definitions/example"
-        },
-        {
-          "$ref": "#/definitions/reference"
-        }
-      ]
-    },
-    "headerOrReference": {
-      "oneOf": [
-        {
-          "$ref": "#/definitions/header"
-        },
-        {
-          "$ref": "#/definitions/reference"
-        }
-      ]
-    },
-    "linkOrReference": {
-      "oneOf": [
-        {
-          "$ref": "#/definitions/link"
-        },
-        {
-          "$ref": "#/definitions/reference"
-        }
-      ]
-    },
-    "parameterOrReference": {
-      "oneOf": [
-        {
-          "$ref": "#/definitions/parameter"
-        },
-        {
-          "$ref": "#/definitions/reference"
-        }
-      ]
-    },
-    "requestBodyOrReference": {
-      "oneOf": [
-        {
-          "$ref": "#/definitions/requestBody"
-        },
-        {
-          "$ref": "#/definitions/reference"
-        }
-      ]
-    },
-    "responseOrReference": {
-      "oneOf": [
-        {
-          "$ref": "#/definitions/response"
-        },
-        {
-          "$ref": "#/definitions/reference"
-        }
-      ]
-    },
-    "schemaOrReference": {
-      "oneOf": [
-        {
-          "$ref": "#/definitions/schema"
-        },
-        {
-          "$ref": "#/definitions/reference"
-        }
-      ]
-    },
-    "securitySchemeOrReference": {
-      "oneOf": [
-        {
-          "$ref": "#/definitions/securityScheme"
-        },
-        {
-          "$ref": "#/definitions/reference"
-        }
-      ]
-    },
-    "anysOrExpressions": {
-      "type": "object",
-      "additionalProperties": {
-        "$ref": "#/definitions/anyOrExpression"
-      }
-    },
-    "callbacksOrReferences": {
-      "type": "object",
-      "additionalProperties": {
-        "$ref": "#/definitions/callbackOrReference"
-      }
-    },
-    "encodings": {
-      "type": "object",
-      "additionalProperties": {
-        "$ref": "#/definitions/encoding"
-      }
-    },
-    "examplesOrReferences": {
-      "type": "object",
-      "additionalProperties": {
-        "$ref": "#/definitions/exampleOrReference"
-      }
-    },
-    "headersOrReferences": {
-      "type": "object",
-      "additionalProperties": {
-        "$ref": "#/definitions/headerOrReference"
-      }
-    },
-    "linksOrReferences": {
-      "type": "object",
-      "additionalProperties": {
-        "$ref": "#/definitions/linkOrReference"
-      }
-    },
-    "mediaTypes": {
-      "type": "object",
-      "additionalProperties": {
-        "$ref": "#/definitions/mediaType"
-      }
-    },
-    "parametersOrReferences": {
-      "type": "object",
-      "additionalProperties": {
-        "$ref": "#/definitions/parameterOrReference"
-      }
-    },
-    "requestBodiesOrReferences": {
-      "type": "object",
-      "additionalProperties": {
-        "$ref": "#/definitions/requestBodyOrReference"
-      }
-    },
-    "responsesOrReferences": {
-      "type": "object",
-      "additionalProperties": {
-        "$ref": "#/definitions/responseOrReference"
-      }
-    },
-    "schemasOrReferences": {
-      "type": "object",
-      "additionalProperties": {
-        "$ref": "#/definitions/schemaOrReference"
-      }
-    },
-    "securitySchemesOrReferences": {
-      "type": "object",
-      "additionalProperties": {
-        "$ref": "#/definitions/securitySchemeOrReference"
-      }
-    },
-    "serverVariables": {
-      "type": "object",
-      "additionalProperties": {
-        "$ref": "#/definitions/serverVariable"
-      }
-    },
-    "strings": {
-      "type": "object",
-      "additionalProperties": {
-        "type": "string"
-      }
-    },
-    "object": {
-      "type": "object",
-      "additionalProperties": true
-    },
-    "any": {
-      "additionalProperties": true
-    },
-    "expression": {
-      "type": "object",
-      "additionalProperties": true
-    },
-    "specificationExtension": {
-      "description": "Any property starting with x- is valid.",
-      "oneOf": [
-        {
-          "type": "null"
-        },
-        {
-          "type": "number"
-        },
-        {
-          "type": "boolean"
-        },
-        {
-          "type": "string"
-        },
-        {
-          "type": "object"
-        },
-        {
-          "type": "array"
-        }
-      ]
-    },
-    "defaultType": {
-      "oneOf": [
-        {
-          "type": "null"
-        },
-        {
-          "type": "array"
-        },
-        {
-          "type": "object"
-        },
-        {
-          "type": "number"
-        },
-        {
-          "type": "boolean"
-        },
-        {
-          "type": "string"
-        }
-      ]
-    }
-  }
-}
diff --git a/vendor/github.com/google/gnostic/openapiv3/openapi-3.1.json b/vendor/github.com/google/gnostic/openapiv3/openapi-3.1.json
deleted file mode 100644
index ed0b83adf..000000000
--- a/vendor/github.com/google/gnostic/openapiv3/openapi-3.1.json
+++ /dev/null
@@ -1,1250 +0,0 @@
-{
-  "title": "A JSON Schema for OpenAPI 3.0.",
-  "id": "http://openapis.org/v3/schema.json#",
-  "$schema": "http://json-schema.org/draft-04/schema#",
-  "type": "object",
-  "description": "This is the root document object of the OpenAPI document.",
-  "required": [
-    "openapi",
-    "info",
-    "paths"
-  ],
-  "additionalProperties": false,
-  "patternProperties": {
-    "^x-": {
-      "$ref": "#/definitions/specificationExtension"
-    }
-  },
-  "properties": {
-    "openapi": {
-      "type": "string"
-    },
-    "info": {
-      "$ref": "#/definitions/info"
-    },
-    "servers": {
-      "type": "array",
-      "items": {
-        "$ref": "#/definitions/server"
-      },
-      "uniqueItems": true
-    },
-    "paths": {
-      "$ref": "#/definitions/paths"
-    },
-    "components": {
-      "$ref": "#/definitions/components"
-    },
-    "security": {
-      "type": "array",
-      "items": {
-        "$ref": "#/definitions/securityRequirement"
-      },
-      "uniqueItems": true
-    },
-    "tags": {
-      "type": "array",
-      "items": {
-        "$ref": "#/definitions/tag"
-      },
-      "uniqueItems": true
-    },
-    "externalDocs": {
-      "$ref": "#/definitions/externalDocs"
-    }
-  },
-  "definitions": {
-    "info": {
-      "type": "object",
-      "description": "The object provides metadata about the API. The metadata MAY be used by the clients if needed, and MAY be presented in editing or documentation generation tools for convenience.",
-      "required": [
-        "title",
-        "version"
-      ],
-      "additionalProperties": false,
-      "patternProperties": {
-        "^x-": {
-          "$ref": "#/definitions/specificationExtension"
-        }
-      },
-      "properties": {
-        "title": {
-          "type": "string"
-        },
-        "description": {
-          "type": "string"
-        },
-        "termsOfService": {
-          "type": "string"
-        },
-        "contact": {
-          "$ref": "#/definitions/contact"
-        },
-        "license": {
-          "$ref": "#/definitions/license"
-        },
-        "version": {
-          "type": "string"
-        },
-        "summary": {
-          "type": "string"
-        }
-      }
-    },
-    "contact": {
-      "type": "object",
-      "description": "Contact information for the exposed API.",
-      "additionalProperties": false,
-      "patternProperties": {
-        "^x-": {
-          "$ref": "#/definitions/specificationExtension"
-        }
-      },
-      "properties": {
-        "name": {
-          "type": "string"
-        },
-        "url": {
-          "type": "string",
-          "format": "uri"
-        },
-        "email": {
-          "type": "string",
-          "format": "email"
-        }
-      }
-    },
-    "license": {
-      "type": "object",
-      "description": "License information for the exposed API.",
-      "required": [
-        "name"
-      ],
-      "additionalProperties": false,
-      "patternProperties": {
-        "^x-": {
-          "$ref": "#/definitions/specificationExtension"
-        }
-      },
-      "properties": {
-        "name": {
-          "type": "string"
-        },
-        "url": {
-          "type": "string"
-        }
-      }
-    },
-    "server": {
-      "type": "object",
-      "description": "An object representing a Server.",
-      "required": [
-        "url"
-      ],
-      "additionalProperties": false,
-      "patternProperties": {
-        "^x-": {
-          "$ref": "#/definitions/specificationExtension"
-        }
-      },
-      "properties": {
-        "url": {
-          "type": "string"
-        },
-        "description": {
-          "type": "string"
-        },
-        "variables": {
-          "$ref": "#/definitions/serverVariables"
-        }
-      }
-    },
-    "serverVariable": {
-      "type": "object",
-      "description": "An object representing a Server Variable for server URL template substitution.",
-      "required": [
-        "default"
-      ],
-      "additionalProperties": false,
-      "patternProperties": {
-        "^x-": {
-          "$ref": "#/definitions/specificationExtension"
-        }
-      },
-      "properties": {
-        "enum": {
-          "type": "array",
-          "items": {
-            "type": "string"
-          },
-          "uniqueItems": true
-        },
-        "default": {
-          "type": "string"
-        },
-        "description": {
-          "type": "string"
-        }
-      }
-    },
-    "components": {
-      "type": "object",
-      "description": "Holds a set of reusable objects for different aspects of the OAS. All objects defined within the components object will have no effect on the API unless they are explicitly referenced from properties outside the components object.",
-      "additionalProperties": false,
-      "patternProperties": {
-        "^x-": {
-          "$ref": "#/definitions/specificationExtension"
-        }
-      },
-      "properties": {
-        "schemas": {
-          "$ref": "#/definitions/schemasOrReferences"
-        },
-        "responses": {
-          "$ref": "#/definitions/responsesOrReferences"
-        },
-        "parameters": {
-          "$ref": "#/definitions/parametersOrReferences"
-        },
-        "examples": {
-          "$ref": "#/definitions/examplesOrReferences"
-        },
-        "requestBodies": {
-          "$ref": "#/definitions/requestBodiesOrReferences"
-        },
-        "headers": {
-          "$ref": "#/definitions/headersOrReferences"
-        },
-        "securitySchemes": {
-          "$ref": "#/definitions/securitySchemesOrReferences"
-        },
-        "links": {
-          "$ref": "#/definitions/linksOrReferences"
-        },
-        "callbacks": {
-          "$ref": "#/definitions/callbacksOrReferences"
-        }
-      }
-    },
-    "paths": {
-      "type": "object",
-      "description": "Holds the relative paths to the individual endpoints and their operations. The path is appended to the URL from the `Server Object` in order to construct the full URL.  The Paths MAY be empty, due to ACL constraints.",
-      "additionalProperties": false,
-      "patternProperties": {
-        "^/": {
-          "$ref": "#/definitions/pathItem"
-        },
-        "^x-": {
-          "$ref": "#/definitions/specificationExtension"
-        }
-      }
-    },
-    "pathItem": {
-      "type": "object",
-      "description": "Describes the operations available on a single path. A Path Item MAY be empty, due to ACL constraints. The path itself is still exposed to the documentation viewer but they will not know which operations and parameters are available.",
-      "additionalProperties": false,
-      "patternProperties": {
-        "^x-": {
-          "$ref": "#/definitions/specificationExtension"
-        }
-      },
-      "properties": {
-        "$ref": {
-          "type": "string"
-        },
-        "summary": {
-          "type": "string"
-        },
-        "description": {
-          "type": "string"
-        },
-        "get": {
-          "$ref": "#/definitions/operation"
-        },
-        "put": {
-          "$ref": "#/definitions/operation"
-        },
-        "post": {
-          "$ref": "#/definitions/operation"
-        },
-        "delete": {
-          "$ref": "#/definitions/operation"
-        },
-        "options": {
-          "$ref": "#/definitions/operation"
-        },
-        "head": {
-          "$ref": "#/definitions/operation"
-        },
-        "patch": {
-          "$ref": "#/definitions/operation"
-        },
-        "trace": {
-          "$ref": "#/definitions/operation"
-        },
-        "servers": {
-          "type": "array",
-          "items": {
-            "$ref": "#/definitions/server"
-          },
-          "uniqueItems": true
-        },
-        "parameters": {
-          "type": "array",
-          "items": {
-            "$ref": "#/definitions/parameterOrReference"
-          },
-          "uniqueItems": true
-        }
-      }
-    },
-    "operation": {
-      "type": "object",
-      "description": "Describes a single API operation on a path.",
-      "required": [
-        "responses"
-      ],
-      "additionalProperties": false,
-      "patternProperties": {
-        "^x-": {
-          "$ref": "#/definitions/specificationExtension"
-        }
-      },
-      "properties": {
-        "tags": {
-          "type": "array",
-          "items": {
-            "type": "string"
-          },
-          "uniqueItems": true
-        },
-        "summary": {
-          "type": "string"
-        },
-        "description": {
-          "type": "string"
-        },
-        "externalDocs": {
-          "$ref": "#/definitions/externalDocs"
-        },
-        "operationId": {
-          "type": "string"
-        },
-        "parameters": {
-          "type": "array",
-          "items": {
-            "$ref": "#/definitions/parameterOrReference"
-          },
-          "uniqueItems": true
-        },
-        "requestBody": {
-          "$ref": "#/definitions/requestBodyOrReference"
-        },
-        "responses": {
-          "$ref": "#/definitions/responses"
-        },
-        "callbacks": {
-          "$ref": "#/definitions/callbacksOrReferences"
-        },
-        "deprecated": {
-          "type": "boolean"
-        },
-        "security": {
-          "type": "array",
-          "items": {
-            "$ref": "#/definitions/securityRequirement"
-          },
-          "uniqueItems": true
-        },
-        "servers": {
-          "type": "array",
-          "items": {
-            "$ref": "#/definitions/server"
-          },
-          "uniqueItems": true
-        }
-      }
-    },
-    "externalDocs": {
-      "type": "object",
-      "description": "Allows referencing an external resource for extended documentation.",
-      "required": [
-        "url"
-      ],
-      "additionalProperties": false,
-      "patternProperties": {
-        "^x-": {
-          "$ref": "#/definitions/specificationExtension"
-        }
-      },
-      "properties": {
-        "description": {
-          "type": "string"
-        },
-        "url": {
-          "type": "string"
-        }
-      }
-    },
-    "parameter": {
-      "type": "object",
-      "description": "Describes a single operation parameter.  A unique parameter is defined by a combination of a name and location.",
-      "required": [
-        "name",
-        "in"
-      ],
-      "additionalProperties": false,
-      "patternProperties": {
-        "^x-": {
-          "$ref": "#/definitions/specificationExtension"
-        }
-      },
-      "properties": {
-        "name": {
-          "type": "string"
-        },
-        "in": {
-          "type": "string"
-        },
-        "description": {
-          "type": "string"
-        },
-        "required": {
-          "type": "boolean"
-        },
-        "deprecated": {
-          "type": "boolean"
-        },
-        "allowEmptyValue": {
-          "type": "boolean"
-        },
-        "style": {
-          "type": "string"
-        },
-        "explode": {
-          "type": "boolean"
-        },
-        "allowReserved": {
-          "type": "boolean"
-        },
-        "schema": {
-          "$ref": "#/definitions/schemaOrReference"
-        },
-        "example": {
-          "$ref": "#/definitions/any"
-        },
-        "examples": {
-          "$ref": "#/definitions/examplesOrReferences"
-        },
-        "content": {
-          "$ref": "#/definitions/mediaTypes"
-        }
-      }
-    },
-    "requestBody": {
-      "type": "object",
-      "description": "Describes a single request body.",
-      "required": [
-        "content"
-      ],
-      "additionalProperties": false,
-      "patternProperties": {
-        "^x-": {
-          "$ref": "#/definitions/specificationExtension"
-        }
-      },
-      "properties": {
-        "description": {
-          "type": "string"
-        },
-        "content": {
-          "$ref": "#/definitions/mediaTypes"
-        },
-        "required": {
-          "type": "boolean"
-        }
-      }
-    },
-    "mediaType": {
-      "type": "object",
-      "description": "Each Media Type Object provides schema and examples for the media type identified by its key.",
-      "additionalProperties": false,
-      "patternProperties": {
-        "^x-": {
-          "$ref": "#/definitions/specificationExtension"
-        }
-      },
-      "properties": {
-        "schema": {
-          "$ref": "#/definitions/schemaOrReference"
-        },
-        "example": {
-          "$ref": "#/definitions/any"
-        },
-        "examples": {
-          "$ref": "#/definitions/examplesOrReferences"
-        },
-        "encoding": {
-          "$ref": "#/definitions/encodings"
-        }
-      }
-    },
-    "encoding": {
-      "type": "object",
-      "description": "A single encoding definition applied to a single schema property.",
-      "additionalProperties": false,
-      "patternProperties": {
-        "^x-": {
-          "$ref": "#/definitions/specificationExtension"
-        }
-      },
-      "properties": {
-        "contentType": {
-          "type": "string"
-        },
-        "headers": {
-          "$ref": "#/definitions/headersOrReferences"
-        },
-        "style": {
-          "type": "string"
-        },
-        "explode": {
-          "type": "boolean"
-        },
-        "allowReserved": {
-          "type": "boolean"
-        }
-      }
-    },
-    "responses": {
-      "type": "object",
-      "description": "A container for the expected responses of an operation. The container maps a HTTP response code to the expected response.  The documentation is not necessarily expected to cover all possible HTTP response codes because they may not be known in advance. However, documentation is expected to cover a successful operation response and any known errors.  The `default` MAY be used as a default response object for all HTTP codes  that are not covered individually by the specification.  The `Responses Object` MUST contain at least one response code, and it  SHOULD be the response for a successful operation call.",
-      "additionalProperties": false,
-      "patternProperties": {
-        "^([0-9X]{3})$": {
-          "$ref": "#/definitions/responseOrReference"
-        },
-        "^x-": {
-          "$ref": "#/definitions/specificationExtension"
-        }
-      },
-      "properties": {
-        "default": {
-          "$ref": "#/definitions/responseOrReference"
-        }
-      }
-    },
-    "response": {
-      "type": "object",
-      "description": "Describes a single response from an API Operation, including design-time, static  `links` to operations based on the response.",
-      "required": [
-        "description"
-      ],
-      "additionalProperties": false,
-      "patternProperties": {
-        "^x-": {
-          "$ref": "#/definitions/specificationExtension"
-        }
-      },
-      "properties": {
-        "description": {
-          "type": "string"
-        },
-        "headers": {
-          "$ref": "#/definitions/headersOrReferences"
-        },
-        "content": {
-          "$ref": "#/definitions/mediaTypes"
-        },
-        "links": {
-          "$ref": "#/definitions/linksOrReferences"
-        }
-      }
-    },
-    "callback": {
-      "type": "object",
-      "description": "A map of possible out-of band callbacks related to the parent operation. Each value in the map is a Path Item Object that describes a set of requests that may be initiated by the API provider and the expected responses. The key value used to identify the callback object is an expression, evaluated at runtime, that identifies a URL to use for the callback operation.",
-      "additionalProperties": false,
-      "patternProperties": {
-        "^": {
-          "$ref": "#/definitions/pathItem"
-        },
-        "^x-": {
-          "$ref": "#/definitions/specificationExtension"
-        }
-      }
-    },
-    "example": {
-      "type": "object",
-      "description": "",
-      "additionalProperties": false,
-      "patternProperties": {
-        "^x-": {
-          "$ref": "#/definitions/specificationExtension"
-        }
-      },
-      "properties": {
-        "summary": {
-          "type": "string"
-        },
-        "description": {
-          "type": "string"
-        },
-        "value": {
-          "$ref": "#/definitions/any"
-        },
-        "externalValue": {
-          "type": "string"
-        }
-      }
-    },
-    "link": {
-      "type": "object",
-      "description": "The `Link object` represents a possible design-time link for a response. The presence of a link does not guarantee the caller's ability to successfully invoke it, rather it provides a known relationship and traversal mechanism between responses and other operations.  Unlike _dynamic_ links (i.e. links provided **in** the response payload), the OAS linking mechanism does not require link information in the runtime response.  For computing links, and providing instructions to execute them, a runtime expression is used for accessing values in an operation and using them as parameters while invoking the linked operation.",
-      "additionalProperties": false,
-      "patternProperties": {
-        "^x-": {
-          "$ref": "#/definitions/specificationExtension"
-        }
-      },
-      "properties": {
-        "operationRef": {
-          "type": "string"
-        },
-        "operationId": {
-          "type": "string"
-        },
-        "parameters": {
-          "$ref": "#/definitions/anyOrExpression"
-        },
-        "requestBody": {
-          "$ref": "#/definitions/anyOrExpression"
-        },
-        "description": {
-          "type": "string"
-        },
-        "server": {
-          "$ref": "#/definitions/server"
-        }
-      }
-    },
-    "header": {
-      "type": "object",
-      "description": "The Header Object follows the structure of the Parameter Object with the following changes:  1. `name` MUST NOT be specified, it is given in the corresponding `headers` map. 1. `in` MUST NOT be specified, it is implicitly in `header`. 1. All traits that are affected by the location MUST be applicable to a location of `header` (for example, `style`).",
-      "additionalProperties": false,
-      "patternProperties": {
-        "^x-": {
-          "$ref": "#/definitions/specificationExtension"
-        }
-      },
-      "properties": {
-        "description": {
-          "type": "string"
-        },
-        "required": {
-          "type": "boolean"
-        },
-        "deprecated": {
-          "type": "boolean"
-        },
-        "allowEmptyValue": {
-          "type": "boolean"
-        },
-        "style": {
-          "type": "string"
-        },
-        "explode": {
-          "type": "boolean"
-        },
-        "allowReserved": {
-          "type": "boolean"
-        },
-        "schema": {
-          "$ref": "#/definitions/schemaOrReference"
-        },
-        "example": {
-          "$ref": "#/definitions/any"
-        },
-        "examples": {
-          "$ref": "#/definitions/examplesOrReferences"
-        },
-        "content": {
-          "$ref": "#/definitions/mediaTypes"
-        }
-      }
-    },
-    "tag": {
-      "type": "object",
-      "description": "Adds metadata to a single tag that is used by the Operation Object. It is not mandatory to have a Tag Object per tag defined in the Operation Object instances.",
-      "required": [
-        "name"
-      ],
-      "additionalProperties": false,
-      "patternProperties": {
-        "^x-": {
-          "$ref": "#/definitions/specificationExtension"
-        }
-      },
-      "properties": {
-        "name": {
-          "type": "string"
-        },
-        "description": {
-          "type": "string"
-        },
-        "externalDocs": {
-          "$ref": "#/definitions/externalDocs"
-        }
-      }
-    },
-    "reference": {
-      "type": "object",
-      "description": "A simple object to allow referencing other components in the specification, internally and externally.  The Reference Object is defined by JSON Reference and follows the same structure, behavior and rules.   For this specification, reference resolution is accomplished as defined by the JSON Reference specification and not by the JSON Schema specification.",
-      "required": [
-        "$ref"
-      ],
-      "additionalProperties": false,
-      "properties": {
-        "$ref": {
-          "type": "string"
-        },
-        "summary": {
-          "type": "string"
-        },
-        "description": {
-          "type": "string"
-        }
-      }
-    },
-    "schema": {
-      "type": "object",
-      "description": "The Schema Object allows the definition of input and output data types. These types can be objects, but also primitives and arrays. This object is an extended subset of the JSON Schema Specification Wright Draft 00.  For more information about the properties, see JSON Schema Core and JSON Schema Validation. Unless stated otherwise, the property definitions follow the JSON Schema.",
-      "additionalProperties": false,
-      "patternProperties": {
-        "^x-": {
-          "$ref": "#/definitions/specificationExtension"
-        }
-      },
-      "properties": {
-        "nullable": {
-          "type": "boolean"
-        },
-        "discriminator": {
-          "$ref": "#/definitions/discriminator"
-        },
-        "readOnly": {
-          "type": "boolean"
-        },
-        "writeOnly": {
-          "type": "boolean"
-        },
-        "xml": {
-          "$ref": "#/definitions/xml"
-        },
-        "externalDocs": {
-          "$ref": "#/definitions/externalDocs"
-        },
-        "example": {
-          "$ref": "#/definitions/any"
-        },
-        "deprecated": {
-          "type": "boolean"
-        },
-        "title": {
-          "$ref": "http://json-schema.org/draft-04/schema#/properties/title"
-        },
-        "multipleOf": {
-          "$ref": "http://json-schema.org/draft-04/schema#/properties/multipleOf"
-        },
-        "maximum": {
-          "$ref": "http://json-schema.org/draft-04/schema#/properties/maximum"
-        },
-        "exclusiveMaximum": {
-          "$ref": "http://json-schema.org/draft-04/schema#/properties/exclusiveMaximum"
-        },
-        "minimum": {
-          "$ref": "http://json-schema.org/draft-04/schema#/properties/minimum"
-        },
-        "exclusiveMinimum": {
-          "$ref": "http://json-schema.org/draft-04/schema#/properties/exclusiveMinimum"
-        },
-        "maxLength": {
-          "$ref": "http://json-schema.org/draft-04/schema#/properties/maxLength"
-        },
-        "minLength": {
-          "$ref": "http://json-schema.org/draft-04/schema#/properties/minLength"
-        },
-        "pattern": {
-          "$ref": "http://json-schema.org/draft-04/schema#/properties/pattern"
-        },
-        "maxItems": {
-          "$ref": "http://json-schema.org/draft-04/schema#/properties/maxItems"
-        },
-        "minItems": {
-          "$ref": "http://json-schema.org/draft-04/schema#/properties/minItems"
-        },
-        "uniqueItems": {
-          "$ref": "http://json-schema.org/draft-04/schema#/properties/uniqueItems"
-        },
-        "maxProperties": {
-          "$ref": "http://json-schema.org/draft-04/schema#/properties/maxProperties"
-        },
-        "minProperties": {
-          "$ref": "http://json-schema.org/draft-04/schema#/properties/minProperties"
-        },
-        "required": {
-          "$ref": "http://json-schema.org/draft-04/schema#/properties/required"
-        },
-        "enum": {
-          "$ref": "http://json-schema.org/draft-04/schema#/properties/enum"
-        },
-        "type": {
-          "type": "string"
-        },
-        "allOf": {
-          "type": "array",
-          "items": {
-            "$ref": "#/definitions/schemaOrReference"
-          },
-          "minItems": 1
-        },
-        "oneOf": {
-          "type": "array",
-          "items": {
-            "$ref": "#/definitions/schemaOrReference"
-          },
-          "minItems": 1
-        },
-        "anyOf": {
-          "type": "array",
-          "items": {
-            "$ref": "#/definitions/schemaOrReference"
-          },
-          "minItems": 1
-        },
-        "not": {
-          "$ref": "#/definitions/schema"
-        },
-        "items": {
-          "anyOf": [
-            {
-              "$ref": "#/definitions/schemaOrReference"
-            },
-            {
-              "type": "array",
-              "items": {
-                "$ref": "#/definitions/schemaOrReference"
-              },
-              "minItems": 1
-            }
-          ]
-        },
-        "properties": {
-          "type": "object",
-          "additionalProperties": {
-            "$ref": "#/definitions/schemaOrReference"
-          }
-        },
-        "additionalProperties": {
-          "oneOf": [
-            {
-              "$ref": "#/definitions/schemaOrReference"
-            },
-            {
-              "type": "boolean"
-            }
-          ]
-        },
-        "default": {
-          "$ref": "#/definitions/defaultType"
-        },
-        "description": {
-          "type": "string"
-        },
-        "format": {
-          "type": "string"
-        }
-      }
-    },
-    "discriminator": {
-      "type": "object",
-      "description": "When request bodies or response payloads may be one of a number of different schemas, a `discriminator` object can be used to aid in serialization, deserialization, and validation.  The discriminator is a specific object in a schema which is used to inform the consumer of the specification of an alternative schema based on the value associated with it.  When using the discriminator, _inline_ schemas will not be considered.",
-      "required": [
-        "propertyName"
-      ],
-      "additionalProperties": false,
-      "patternProperties": {
-        "^x-": {
-          "$ref": "#/definitions/specificationExtension"
-        }
-      },
-      "properties": {
-        "propertyName": {
-          "type": "string"
-        },
-        "mapping": {
-          "$ref": "#/definitions/strings"
-        }
-      }
-    },
-    "xml": {
-      "type": "object",
-      "description": "A metadata object that allows for more fine-tuned XML model definitions.  When using arrays, XML element names are *not* inferred (for singular/plural forms) and the `name` property SHOULD be used to add that information. See examples for expected behavior.",
-      "additionalProperties": false,
-      "patternProperties": {
-        "^x-": {
-          "$ref": "#/definitions/specificationExtension"
-        }
-      },
-      "properties": {
-        "name": {
-          "type": "string"
-        },
-        "namespace": {
-          "type": "string"
-        },
-        "prefix": {
-          "type": "string"
-        },
-        "attribute": {
-          "type": "boolean"
-        },
-        "wrapped": {
-          "type": "boolean"
-        }
-      }
-    },
-    "securityScheme": {
-      "type": "object",
-      "description": "Defines a security scheme that can be used by the operations. Supported schemes are HTTP authentication, an API key (either as a header, a cookie parameter or as a query parameter), mutual TLS (use of a client certificate), OAuth2's common flows (implicit, password, application and access code) as defined in RFC6749, and OpenID Connect.   Please note that currently (2019) the implicit flow is about to be deprecated OAuth 2.0 Security Best Current Practice. Recommended for most use case is Authorization Code Grant flow with PKCE.",
-      "required": [
-        "type"
-      ],
-      "additionalProperties": false,
-      "patternProperties": {
-        "^x-": {
-          "$ref": "#/definitions/specificationExtension"
-        }
-      },
-      "properties": {
-        "type": {
-          "type": "string"
-        },
-        "description": {
-          "type": "string"
-        },
-        "name": {
-          "type": "string"
-        },
-        "in": {
-          "type": "string"
-        },
-        "scheme": {
-          "type": "string"
-        },
-        "bearerFormat": {
-          "type": "string"
-        },
-        "flows": {
-          "$ref": "#/definitions/oauthFlows"
-        },
-        "openIdConnectUrl": {
-          "type": "string"
-        }
-      }
-    },
-    "oauthFlows": {
-      "type": "object",
-      "description": "Allows configuration of the supported OAuth Flows.",
-      "additionalProperties": false,
-      "patternProperties": {
-        "^x-": {
-          "$ref": "#/definitions/specificationExtension"
-        }
-      },
-      "properties": {
-        "implicit": {
-          "$ref": "#/definitions/oauthFlow"
-        },
-        "password": {
-          "$ref": "#/definitions/oauthFlow"
-        },
-        "clientCredentials": {
-          "$ref": "#/definitions/oauthFlow"
-        },
-        "authorizationCode": {
-          "$ref": "#/definitions/oauthFlow"
-        }
-      }
-    },
-    "oauthFlow": {
-      "type": "object",
-      "description": "Configuration details for a supported OAuth Flow",
-      "additionalProperties": false,
-      "patternProperties": {
-        "^x-": {
-          "$ref": "#/definitions/specificationExtension"
-        }
-      },
-      "properties": {
-        "authorizationUrl": {
-          "type": "string"
-        },
-        "tokenUrl": {
-          "type": "string"
-        },
-        "refreshUrl": {
-          "type": "string"
-        },
-        "scopes": {
-          "$ref": "#/definitions/strings"
-        }
-      }
-    },
-    "securityRequirement": {
-      "type": "object",
-      "description": "Lists the required security schemes to execute this operation. The name used for each property MUST correspond to a security scheme declared in the Security Schemes under the Components Object.  Security Requirement Objects that contain multiple schemes require that all schemes MUST be satisfied for a request to be authorized. This enables support for scenarios where multiple query parameters or HTTP headers are required to convey security information.  When a list of Security Requirement Objects is defined on the OpenAPI Object or Operation Object, only one of the Security Requirement Objects in the list needs to be satisfied to authorize the request.",
-      "additionalProperties": {
-        "type": "array",
-        "items": {
-          "type": "string"
-        },
-        "uniqueItems": true
-      }
-    },
-    "anyOrExpression": {
-      "oneOf": [
-        {
-          "$ref": "#/definitions/any"
-        },
-        {
-          "$ref": "#/definitions/expression"
-        }
-      ]
-    },
-    "callbackOrReference": {
-      "oneOf": [
-        {
-          "$ref": "#/definitions/callback"
-        },
-        {
-          "$ref": "#/definitions/reference"
-        }
-      ]
-    },
-    "exampleOrReference": {
-      "oneOf": [
-        {
-          "$ref": "#/definitions/example"
-        },
-        {
-          "$ref": "#/definitions/reference"
-        }
-      ]
-    },
-    "headerOrReference": {
-      "oneOf": [
-        {
-          "$ref": "#/definitions/header"
-        },
-        {
-          "$ref": "#/definitions/reference"
-        }
-      ]
-    },
-    "linkOrReference": {
-      "oneOf": [
-        {
-          "$ref": "#/definitions/link"
-        },
-        {
-          "$ref": "#/definitions/reference"
-        }
-      ]
-    },
-    "parameterOrReference": {
-      "oneOf": [
-        {
-          "$ref": "#/definitions/parameter"
-        },
-        {
-          "$ref": "#/definitions/reference"
-        }
-      ]
-    },
-    "requestBodyOrReference": {
-      "oneOf": [
-        {
-          "$ref": "#/definitions/requestBody"
-        },
-        {
-          "$ref": "#/definitions/reference"
-        }
-      ]
-    },
-    "responseOrReference": {
-      "oneOf": [
-        {
-          "$ref": "#/definitions/response"
-        },
-        {
-          "$ref": "#/definitions/reference"
-        }
-      ]
-    },
-    "schemaOrReference": {
-      "oneOf": [
-        {
-          "$ref": "#/definitions/schema"
-        },
-        {
-          "$ref": "#/definitions/reference"
-        }
-      ]
-    },
-    "securitySchemeOrReference": {
-      "oneOf": [
-        {
-          "$ref": "#/definitions/securityScheme"
-        },
-        {
-          "$ref": "#/definitions/reference"
-        }
-      ]
-    },
-    "callbacksOrReferences": {
-      "type": "object",
-      "additionalProperties": {
-        "$ref": "#/definitions/callbackOrReference"
-      }
-    },
-    "encodings": {
-      "type": "object",
-      "additionalProperties": {
-        "$ref": "#/definitions/encoding"
-      }
-    },
-    "examplesOrReferences": {
-      "type": "object",
-      "additionalProperties": {
-        "$ref": "#/definitions/exampleOrReference"
-      }
-    },
-    "headersOrReferences": {
-      "type": "object",
-      "additionalProperties": {
-        "$ref": "#/definitions/headerOrReference"
-      }
-    },
-    "linksOrReferences": {
-      "type": "object",
-      "additionalProperties": {
-        "$ref": "#/definitions/linkOrReference"
-      }
-    },
-    "mediaTypes": {
-      "type": "object",
-      "additionalProperties": {
-        "$ref": "#/definitions/mediaType"
-      }
-    },
-    "parametersOrReferences": {
-      "type": "object",
-      "additionalProperties": {
-        "$ref": "#/definitions/parameterOrReference"
-      }
-    },
-    "requestBodiesOrReferences": {
-      "type": "object",
-      "additionalProperties": {
-        "$ref": "#/definitions/requestBodyOrReference"
-      }
-    },
-    "responsesOrReferences": {
-      "type": "object",
-      "additionalProperties": {
-        "$ref": "#/definitions/responseOrReference"
-      }
-    },
-    "schemasOrReferences": {
-      "type": "object",
-      "additionalProperties": {
-        "$ref": "#/definitions/schemaOrReference"
-      }
-    },
-    "securitySchemesOrReferences": {
-      "type": "object",
-      "additionalProperties": {
-        "$ref": "#/definitions/securitySchemeOrReference"
-      }
-    },
-    "serverVariables": {
-      "type": "object",
-      "additionalProperties": {
-        "$ref": "#/definitions/serverVariable"
-      }
-    },
-    "strings": {
-      "type": "object",
-      "additionalProperties": {
-        "type": "string"
-      }
-    },
-    "object": {
-      "type": "object",
-      "additionalProperties": true
-    },
-    "any": {
-      "additionalProperties": true
-    },
-    "expression": {
-      "type": "object",
-      "additionalProperties": true
-    },
-    "specificationExtension": {
-      "description": "Any property starting with x- is valid.",
-      "oneOf": [
-        {
-          "type": "null"
-        },
-        {
-          "type": "number"
-        },
-        {
-          "type": "boolean"
-        },
-        {
-          "type": "string"
-        },
-        {
-          "type": "object"
-        },
-        {
-          "type": "array"
-        }
-      ]
-    },
-    "defaultType": {
-      "oneOf": [
-        {
-          "type": "null"
-        },
-        {
-          "type": "array"
-        },
-        {
-          "type": "object"
-        },
-        {
-          "type": "number"
-        },
-        {
-          "type": "boolean"
-        },
-        {
-          "type": "string"
-        }
-      ]
-    }
-  }
-}
diff --git a/vendor/github.com/google/go-cmp/cmp/compare.go b/vendor/github.com/google/go-cmp/cmp/compare.go
index 087320da7..0f5b8a48c 100644
--- a/vendor/github.com/google/go-cmp/cmp/compare.go
+++ b/vendor/github.com/google/go-cmp/cmp/compare.go
@@ -5,7 +5,7 @@
 // Package cmp determines equality of values.
 //
 // This package is intended to be a more powerful and safer alternative to
-// reflect.DeepEqual for comparing whether two values are semantically equal.
+// [reflect.DeepEqual] for comparing whether two values are semantically equal.
 // It is intended to only be used in tests, as performance is not a goal and
 // it may panic if it cannot compare the values. Its propensity towards
 // panicking means that its unsuitable for production environments where a
@@ -18,16 +18,17 @@
 //     For example, an equality function may report floats as equal so long as
 //     they are within some tolerance of each other.
 //
-//   - Types with an Equal method may use that method to determine equality.
-//     This allows package authors to determine the equality operation
-//     for the types that they define.
+//   - Types with an Equal method (e.g., [time.Time.Equal]) may use that method
+//     to determine equality. This allows package authors to determine
+//     the equality operation for the types that they define.
 //
 //   - If no custom equality functions are used and no Equal method is defined,
 //     equality is determined by recursively comparing the primitive kinds on
-//     both values, much like reflect.DeepEqual. Unlike reflect.DeepEqual,
+//     both values, much like [reflect.DeepEqual]. Unlike [reflect.DeepEqual],
 //     unexported fields are not compared by default; they result in panics
-//     unless suppressed by using an Ignore option (see cmpopts.IgnoreUnexported)
-//     or explicitly compared using the Exporter option.
+//     unless suppressed by using an [Ignore] option
+//     (see [github.com/google/go-cmp/cmp/cmpopts.IgnoreUnexported])
+//     or explicitly compared using the [Exporter] option.
 package cmp
 
 import (
@@ -45,14 +46,14 @@ import (
 // Equal reports whether x and y are equal by recursively applying the
 // following rules in the given order to x and y and all of their sub-values:
 //
-//   - Let S be the set of all Ignore, Transformer, and Comparer options that
+//   - Let S be the set of all [Ignore], [Transformer], and [Comparer] options that
 //     remain after applying all path filters, value filters, and type filters.
-//     If at least one Ignore exists in S, then the comparison is ignored.
-//     If the number of Transformer and Comparer options in S is non-zero,
+//     If at least one [Ignore] exists in S, then the comparison is ignored.
+//     If the number of [Transformer] and [Comparer] options in S is non-zero,
 //     then Equal panics because it is ambiguous which option to use.
-//     If S contains a single Transformer, then use that to transform
+//     If S contains a single [Transformer], then use that to transform
 //     the current values and recursively call Equal on the output values.
-//     If S contains a single Comparer, then use that to compare the current values.
+//     If S contains a single [Comparer], then use that to compare the current values.
 //     Otherwise, evaluation proceeds to the next rule.
 //
 //   - If the values have an Equal method of the form "(T) Equal(T) bool" or
@@ -66,21 +67,22 @@ import (
 //     Functions are only equal if they are both nil, otherwise they are unequal.
 //
 // Structs are equal if recursively calling Equal on all fields report equal.
-// If a struct contains unexported fields, Equal panics unless an Ignore option
-// (e.g., cmpopts.IgnoreUnexported) ignores that field or the Exporter option
-// explicitly permits comparing the unexported field.
+// If a struct contains unexported fields, Equal panics unless an [Ignore] option
+// (e.g., [github.com/google/go-cmp/cmp/cmpopts.IgnoreUnexported]) ignores that field
+// or the [Exporter] option explicitly permits comparing the unexported field.
 //
 // Slices are equal if they are both nil or both non-nil, where recursively
 // calling Equal on all non-ignored slice or array elements report equal.
 // Empty non-nil slices and nil slices are not equal; to equate empty slices,
-// consider using cmpopts.EquateEmpty.
+// consider using [github.com/google/go-cmp/cmp/cmpopts.EquateEmpty].
 //
 // Maps are equal if they are both nil or both non-nil, where recursively
 // calling Equal on all non-ignored map entries report equal.
 // Map keys are equal according to the == operator.
-// To use custom comparisons for map keys, consider using cmpopts.SortMaps.
+// To use custom comparisons for map keys, consider using
+// [github.com/google/go-cmp/cmp/cmpopts.SortMaps].
 // Empty non-nil maps and nil maps are not equal; to equate empty maps,
-// consider using cmpopts.EquateEmpty.
+// consider using [github.com/google/go-cmp/cmp/cmpopts.EquateEmpty].
 //
 // Pointers and interfaces are equal if they are both nil or both non-nil,
 // where they have the same underlying concrete type and recursively
diff --git a/vendor/github.com/google/go-cmp/cmp/export_unsafe.go b/vendor/github.com/google/go-cmp/cmp/export.go
similarity index 94%
rename from vendor/github.com/google/go-cmp/cmp/export_unsafe.go
rename to vendor/github.com/google/go-cmp/cmp/export.go
index e2c0f74e8..29f82fe6b 100644
--- a/vendor/github.com/google/go-cmp/cmp/export_unsafe.go
+++ b/vendor/github.com/google/go-cmp/cmp/export.go
@@ -2,9 +2,6 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-//go:build !purego
-// +build !purego
-
 package cmp
 
 import (
@@ -12,8 +9,6 @@ import (
 	"unsafe"
 )
 
-const supportExporters = true
-
 // retrieveUnexportedField uses unsafe to forcibly retrieve any field from
 // a struct such that the value has read-write permissions.
 //
diff --git a/vendor/github.com/google/go-cmp/cmp/export_panic.go b/vendor/github.com/google/go-cmp/cmp/export_panic.go
deleted file mode 100644
index ae851fe53..000000000
--- a/vendor/github.com/google/go-cmp/cmp/export_panic.go
+++ /dev/null
@@ -1,16 +0,0 @@
-// Copyright 2017, The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build purego
-// +build purego
-
-package cmp
-
-import "reflect"
-
-const supportExporters = false
-
-func retrieveUnexportedField(reflect.Value, reflect.StructField, bool) reflect.Value {
-	panic("no support for forcibly accessing unexported fields")
-}
diff --git a/vendor/github.com/google/go-cmp/cmp/internal/value/pointer_unsafe.go b/vendor/github.com/google/go-cmp/cmp/internal/value/pointer.go
similarity index 95%
rename from vendor/github.com/google/go-cmp/cmp/internal/value/pointer_unsafe.go
rename to vendor/github.com/google/go-cmp/cmp/internal/value/pointer.go
index 16e6860af..e5dfff69a 100644
--- a/vendor/github.com/google/go-cmp/cmp/internal/value/pointer_unsafe.go
+++ b/vendor/github.com/google/go-cmp/cmp/internal/value/pointer.go
@@ -2,9 +2,6 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-//go:build !purego
-// +build !purego
-
 package value
 
 import (
diff --git a/vendor/github.com/google/go-cmp/cmp/internal/value/pointer_purego.go b/vendor/github.com/google/go-cmp/cmp/internal/value/pointer_purego.go
deleted file mode 100644
index 1a71bfcbd..000000000
--- a/vendor/github.com/google/go-cmp/cmp/internal/value/pointer_purego.go
+++ /dev/null
@@ -1,34 +0,0 @@
-// Copyright 2018, The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build purego
-// +build purego
-
-package value
-
-import "reflect"
-
-// Pointer is an opaque typed pointer and is guaranteed to be comparable.
-type Pointer struct {
-	p uintptr
-	t reflect.Type
-}
-
-// PointerOf returns a Pointer from v, which must be a
-// reflect.Ptr, reflect.Slice, or reflect.Map.
-func PointerOf(v reflect.Value) Pointer {
-	// NOTE: Storing a pointer as an uintptr is technically incorrect as it
-	// assumes that the GC implementation does not use a moving collector.
-	return Pointer{v.Pointer(), v.Type()}
-}
-
-// IsNil reports whether the pointer is nil.
-func (p Pointer) IsNil() bool {
-	return p.p == 0
-}
-
-// Uintptr returns the pointer as a uintptr.
-func (p Pointer) Uintptr() uintptr {
-	return p.p
-}
diff --git a/vendor/github.com/google/go-cmp/cmp/options.go b/vendor/github.com/google/go-cmp/cmp/options.go
index 1f9ca9c48..754496f3b 100644
--- a/vendor/github.com/google/go-cmp/cmp/options.go
+++ b/vendor/github.com/google/go-cmp/cmp/options.go
@@ -13,15 +13,15 @@ import (
 	"github.com/google/go-cmp/cmp/internal/function"
 )
 
-// Option configures for specific behavior of Equal and Diff. In particular,
-// the fundamental Option functions (Ignore, Transformer, and Comparer),
+// Option configures for specific behavior of [Equal] and [Diff]. In particular,
+// the fundamental Option functions ([Ignore], [Transformer], and [Comparer]),
 // configure how equality is determined.
 //
-// The fundamental options may be composed with filters (FilterPath and
-// FilterValues) to control the scope over which they are applied.
+// The fundamental options may be composed with filters ([FilterPath] and
+// [FilterValues]) to control the scope over which they are applied.
 //
-// The cmp/cmpopts package provides helper functions for creating options that
-// may be used with Equal and Diff.
+// The [github.com/google/go-cmp/cmp/cmpopts] package provides helper functions
+// for creating options that may be used with [Equal] and [Diff].
 type Option interface {
 	// filter applies all filters and returns the option that remains.
 	// Each option may only read s.curPath and call s.callTTBFunc.
@@ -56,9 +56,9 @@ type core struct{}
 
 func (core) isCore() {}
 
-// Options is a list of Option values that also satisfies the Option interface.
+// Options is a list of [Option] values that also satisfies the [Option] interface.
 // Helper comparison packages may return an Options value when packing multiple
-// Option values into a single Option. When this package processes an Options,
+// [Option] values into a single [Option]. When this package processes an Options,
 // it will be implicitly expanded into a flat list.
 //
 // Applying a filter on an Options is equivalent to applying that same filter
@@ -105,16 +105,16 @@ func (opts Options) String() string {
 	return fmt.Sprintf("Options{%s}", strings.Join(ss, ", "))
 }
 
-// FilterPath returns a new Option where opt is only evaluated if filter f
-// returns true for the current Path in the value tree.
+// FilterPath returns a new [Option] where opt is only evaluated if filter f
+// returns true for the current [Path] in the value tree.
 //
 // This filter is called even if a slice element or map entry is missing and
 // provides an opportunity to ignore such cases. The filter function must be
 // symmetric such that the filter result is identical regardless of whether the
 // missing value is from x or y.
 //
-// The option passed in may be an Ignore, Transformer, Comparer, Options, or
-// a previously filtered Option.
+// The option passed in may be an [Ignore], [Transformer], [Comparer], [Options], or
+// a previously filtered [Option].
 func FilterPath(f func(Path) bool, opt Option) Option {
 	if f == nil {
 		panic("invalid path filter function")
@@ -142,7 +142,7 @@ func (f pathFilter) String() string {
 	return fmt.Sprintf("FilterPath(%s, %v)", function.NameOf(reflect.ValueOf(f.fnc)), f.opt)
 }
 
-// FilterValues returns a new Option where opt is only evaluated if filter f,
+// FilterValues returns a new [Option] where opt is only evaluated if filter f,
 // which is a function of the form "func(T, T) bool", returns true for the
 // current pair of values being compared. If either value is invalid or
 // the type of the values is not assignable to T, then this filter implicitly
@@ -154,8 +154,8 @@ func (f pathFilter) String() string {
 // If T is an interface, it is possible that f is called with two values with
 // different concrete types that both implement T.
 //
-// The option passed in may be an Ignore, Transformer, Comparer, Options, or
-// a previously filtered Option.
+// The option passed in may be an [Ignore], [Transformer], [Comparer], [Options], or
+// a previously filtered [Option].
 func FilterValues(f interface{}, opt Option) Option {
 	v := reflect.ValueOf(f)
 	if !function.IsType(v.Type(), function.ValueFilter) || v.IsNil() {
@@ -192,9 +192,9 @@ func (f valuesFilter) String() string {
 	return fmt.Sprintf("FilterValues(%s, %v)", function.NameOf(f.fnc), f.opt)
 }
 
-// Ignore is an Option that causes all comparisons to be ignored.
-// This value is intended to be combined with FilterPath or FilterValues.
-// It is an error to pass an unfiltered Ignore option to Equal.
+// Ignore is an [Option] that causes all comparisons to be ignored.
+// This value is intended to be combined with [FilterPath] or [FilterValues].
+// It is an error to pass an unfiltered Ignore option to [Equal].
 func Ignore() Option { return ignore{} }
 
 type ignore struct{ core }
@@ -234,6 +234,8 @@ func (validator) apply(s *state, vx, vy reflect.Value) {
 			name = fmt.Sprintf("%q.%v", t.PkgPath(), t.Name()) // e.g., "path/to/package".MyType
 			if _, ok := reflect.New(t).Interface().(error); ok {
 				help = "consider using cmpopts.EquateErrors to compare error values"
+			} else if t.Comparable() {
+				help = "consider using cmpopts.EquateComparable to compare comparable Go types"
 			}
 		} else {
 			// Unnamed type with unexported fields. Derive PkgPath from field.
@@ -254,7 +256,7 @@ const identRx = `[_\p{L}][_\p{L}\p{N}]*`
 
 var identsRx = regexp.MustCompile(`^` + identRx + `(\.` + identRx + `)*$`)
 
-// Transformer returns an Option that applies a transformation function that
+// Transformer returns an [Option] that applies a transformation function that
 // converts values of a certain type into that of another.
 //
 // The transformer f must be a function "func(T) R" that converts values of
@@ -265,13 +267,14 @@ var identsRx = regexp.MustCompile(`^` + identRx + `(\.` + identRx + `)*$`)
 // same transform to the output of itself (e.g., in the case where the
 // input and output types are the same), an implicit filter is added such that
 // a transformer is applicable only if that exact transformer is not already
-// in the tail of the Path since the last non-Transform step.
+// in the tail of the [Path] since the last non-[Transform] step.
 // For situations where the implicit filter is still insufficient,
-// consider using cmpopts.AcyclicTransformer, which adds a filter
-// to prevent the transformer from being recursively applied upon itself.
+// consider using [github.com/google/go-cmp/cmp/cmpopts.AcyclicTransformer],
+// which adds a filter to prevent the transformer from
+// being recursively applied upon itself.
 //
-// The name is a user provided label that is used as the Transform.Name in the
-// transformation PathStep (and eventually shown in the Diff output).
+// The name is a user provided label that is used as the [Transform.Name] in the
+// transformation [PathStep] (and eventually shown in the [Diff] output).
 // The name must be a valid identifier or qualified identifier in Go syntax.
 // If empty, an arbitrary name is used.
 func Transformer(name string, f interface{}) Option {
@@ -329,7 +332,7 @@ func (tr transformer) String() string {
 	return fmt.Sprintf("Transformer(%s, %s)", tr.name, function.NameOf(tr.fnc))
 }
 
-// Comparer returns an Option that determines whether two values are equal
+// Comparer returns an [Option] that determines whether two values are equal
 // to each other.
 //
 // The comparer f must be a function "func(T, T) bool" and is implicitly
@@ -377,35 +380,32 @@ func (cm comparer) String() string {
 	return fmt.Sprintf("Comparer(%s)", function.NameOf(cm.fnc))
 }
 
-// Exporter returns an Option that specifies whether Equal is allowed to
+// Exporter returns an [Option] that specifies whether [Equal] is allowed to
 // introspect into the unexported fields of certain struct types.
 //
 // Users of this option must understand that comparing on unexported fields
 // from external packages is not safe since changes in the internal
-// implementation of some external package may cause the result of Equal
+// implementation of some external package may cause the result of [Equal]
 // to unexpectedly change. However, it may be valid to use this option on types
 // defined in an internal package where the semantic meaning of an unexported
 // field is in the control of the user.
 //
-// In many cases, a custom Comparer should be used instead that defines
+// In many cases, a custom [Comparer] should be used instead that defines
 // equality as a function of the public API of a type rather than the underlying
 // unexported implementation.
 //
-// For example, the reflect.Type documentation defines equality to be determined
+// For example, the [reflect.Type] documentation defines equality to be determined
 // by the == operator on the interface (essentially performing a shallow pointer
-// comparison) and most attempts to compare *regexp.Regexp types are interested
+// comparison) and most attempts to compare *[regexp.Regexp] types are interested
 // in only checking that the regular expression strings are equal.
-// Both of these are accomplished using Comparers:
+// Both of these are accomplished using [Comparer] options:
 //
 //	Comparer(func(x, y reflect.Type) bool { return x == y })
 //	Comparer(func(x, y *regexp.Regexp) bool { return x.String() == y.String() })
 //
-// In other cases, the cmpopts.IgnoreUnexported option can be used to ignore
-// all unexported fields on specified struct types.
+// In other cases, the [github.com/google/go-cmp/cmp/cmpopts.IgnoreUnexported]
+// option can be used to ignore all unexported fields on specified struct types.
 func Exporter(f func(reflect.Type) bool) Option {
-	if !supportExporters {
-		panic("Exporter is not supported on purego builds")
-	}
 	return exporter(f)
 }
 
@@ -415,10 +415,10 @@ func (exporter) filter(_ *state, _ reflect.Type, _, _ reflect.Value) applicableO
 	panic("not implemented")
 }
 
-// AllowUnexported returns an Options that allows Equal to forcibly introspect
+// AllowUnexported returns an [Option] that allows [Equal] to forcibly introspect
 // unexported fields of the specified struct types.
 //
-// See Exporter for the proper use of this option.
+// See [Exporter] for the proper use of this option.
 func AllowUnexported(types ...interface{}) Option {
 	m := make(map[reflect.Type]bool)
 	for _, typ := range types {
@@ -432,7 +432,7 @@ func AllowUnexported(types ...interface{}) Option {
 }
 
 // Result represents the comparison result for a single node and
-// is provided by cmp when calling Report (see Reporter).
+// is provided by cmp when calling Report (see [Reporter]).
 type Result struct {
 	_     [0]func() // Make Result incomparable
 	flags resultFlags
@@ -445,7 +445,7 @@ func (r Result) Equal() bool {
 }
 
 // ByIgnore reports whether the node is equal because it was ignored.
-// This never reports true if Equal reports false.
+// This never reports true if [Result.Equal] reports false.
 func (r Result) ByIgnore() bool {
 	return r.flags&reportByIgnore != 0
 }
@@ -455,7 +455,7 @@ func (r Result) ByMethod() bool {
 	return r.flags&reportByMethod != 0
 }
 
-// ByFunc reports whether a Comparer function determined equality.
+// ByFunc reports whether a [Comparer] function determined equality.
 func (r Result) ByFunc() bool {
 	return r.flags&reportByFunc != 0
 }
@@ -478,7 +478,7 @@ const (
 	reportByCycle
 )
 
-// Reporter is an Option that can be passed to Equal. When Equal traverses
+// Reporter is an [Option] that can be passed to [Equal]. When [Equal] traverses
 // the value trees, it calls PushStep as it descends into each node in the
 // tree and PopStep as it ascend out of the node. The leaves of the tree are
 // either compared (determined to be equal or not equal) or ignored and reported
diff --git a/vendor/github.com/google/go-cmp/cmp/path.go b/vendor/github.com/google/go-cmp/cmp/path.go
index a0a588502..c3c145642 100644
--- a/vendor/github.com/google/go-cmp/cmp/path.go
+++ b/vendor/github.com/google/go-cmp/cmp/path.go
@@ -14,9 +14,9 @@ import (
 	"github.com/google/go-cmp/cmp/internal/value"
 )
 
-// Path is a list of PathSteps describing the sequence of operations to get
+// Path is a list of [PathStep] describing the sequence of operations to get
 // from some root type to the current position in the value tree.
-// The first Path element is always an operation-less PathStep that exists
+// The first Path element is always an operation-less [PathStep] that exists
 // simply to identify the initial type.
 //
 // When traversing structs with embedded structs, the embedded struct will
@@ -29,8 +29,13 @@ type Path []PathStep
 // a value's tree structure. Users of this package never need to implement
 // these types as values of this type will be returned by this package.
 //
-// Implementations of this interface are
-// StructField, SliceIndex, MapIndex, Indirect, TypeAssertion, and Transform.
+// Implementations of this interface:
+//   - [StructField]
+//   - [SliceIndex]
+//   - [MapIndex]
+//   - [Indirect]
+//   - [TypeAssertion]
+//   - [Transform]
 type PathStep interface {
 	String() string
 
@@ -70,8 +75,9 @@ func (pa *Path) pop() {
 	*pa = (*pa)[:len(*pa)-1]
 }
 
-// Last returns the last PathStep in the Path.
-// If the path is empty, this returns a non-nil PathStep that reports a nil Type.
+// Last returns the last [PathStep] in the Path.
+// If the path is empty, this returns a non-nil [PathStep]
+// that reports a nil [PathStep.Type].
 func (pa Path) Last() PathStep {
 	return pa.Index(-1)
 }
@@ -79,7 +85,8 @@ func (pa Path) Last() PathStep {
 // Index returns the ith step in the Path and supports negative indexing.
 // A negative index starts counting from the tail of the Path such that -1
 // refers to the last step, -2 refers to the second-to-last step, and so on.
-// If index is invalid, this returns a non-nil PathStep that reports a nil Type.
+// If index is invalid, this returns a non-nil [PathStep]
+// that reports a nil [PathStep.Type].
 func (pa Path) Index(i int) PathStep {
 	if i < 0 {
 		i = len(pa) + i
@@ -168,7 +175,8 @@ func (ps pathStep) String() string {
 	return fmt.Sprintf("{%s}", s)
 }
 
-// StructField represents a struct field access on a field called Name.
+// StructField is a [PathStep] that represents a struct field access
+// on a field called [StructField.Name].
 type StructField struct{ *structField }
 type structField struct {
 	pathStep
@@ -204,10 +212,11 @@ func (sf StructField) String() string { return fmt.Sprintf(".%s", sf.name) }
 func (sf StructField) Name() string { return sf.name }
 
 // Index is the index of the field in the parent struct type.
-// See reflect.Type.Field.
+// See [reflect.Type.Field].
 func (sf StructField) Index() int { return sf.idx }
 
-// SliceIndex is an index operation on a slice or array at some index Key.
+// SliceIndex is a [PathStep] that represents an index operation on
+// a slice or array at some index [SliceIndex.Key].
 type SliceIndex struct{ *sliceIndex }
 type sliceIndex struct {
 	pathStep
@@ -247,12 +256,12 @@ func (si SliceIndex) Key() int {
 // all of the indexes to be shifted. If an index is -1, then that
 // indicates that the element does not exist in the associated slice.
 //
-// Key is guaranteed to return -1 if and only if the indexes returned
-// by SplitKeys are not the same. SplitKeys will never return -1 for
+// [SliceIndex.Key] is guaranteed to return -1 if and only if the indexes
+// returned by SplitKeys are not the same. SplitKeys will never return -1 for
 // both indexes.
 func (si SliceIndex) SplitKeys() (ix, iy int) { return si.xkey, si.ykey }
 
-// MapIndex is an index operation on a map at some index Key.
+// MapIndex is a [PathStep] that represents an index operation on a map at some index Key.
 type MapIndex struct{ *mapIndex }
 type mapIndex struct {
 	pathStep
@@ -266,7 +275,7 @@ func (mi MapIndex) String() string                 { return fmt.Sprintf("[%#v]",
 // Key is the value of the map key.
 func (mi MapIndex) Key() reflect.Value { return mi.key }
 
-// Indirect represents pointer indirection on the parent type.
+// Indirect is a [PathStep] that represents pointer indirection on the parent type.
 type Indirect struct{ *indirect }
 type indirect struct {
 	pathStep
@@ -276,7 +285,7 @@ func (in Indirect) Type() reflect.Type             { return in.typ }
 func (in Indirect) Values() (vx, vy reflect.Value) { return in.vx, in.vy }
 func (in Indirect) String() string                 { return "*" }
 
-// TypeAssertion represents a type assertion on an interface.
+// TypeAssertion is a [PathStep] that represents a type assertion on an interface.
 type TypeAssertion struct{ *typeAssertion }
 type typeAssertion struct {
 	pathStep
@@ -286,7 +295,8 @@ func (ta TypeAssertion) Type() reflect.Type             { return ta.typ }
 func (ta TypeAssertion) Values() (vx, vy reflect.Value) { return ta.vx, ta.vy }
 func (ta TypeAssertion) String() string                 { return fmt.Sprintf(".(%v)", value.TypeString(ta.typ, false)) }
 
-// Transform is a transformation from the parent type to the current type.
+// Transform is a [PathStep] that represents a transformation
+// from the parent type to the current type.
 type Transform struct{ *transform }
 type transform struct {
 	pathStep
@@ -297,13 +307,13 @@ func (tf Transform) Type() reflect.Type             { return tf.typ }
 func (tf Transform) Values() (vx, vy reflect.Value) { return tf.vx, tf.vy }
 func (tf Transform) String() string                 { return fmt.Sprintf("%s()", tf.trans.name) }
 
-// Name is the name of the Transformer.
+// Name is the name of the [Transformer].
 func (tf Transform) Name() string { return tf.trans.name }
 
 // Func is the function pointer to the transformer function.
 func (tf Transform) Func() reflect.Value { return tf.trans.fnc }
 
-// Option returns the originally constructed Transformer option.
+// Option returns the originally constructed [Transformer] option.
 // The == operator can be used to detect the exact option used.
 func (tf Transform) Option() Option { return tf.trans }
 
diff --git a/vendor/github.com/google/go-cmp/cmp/report_reflect.go b/vendor/github.com/google/go-cmp/cmp/report_reflect.go
index 2ab41fad3..e39f42284 100644
--- a/vendor/github.com/google/go-cmp/cmp/report_reflect.go
+++ b/vendor/github.com/google/go-cmp/cmp/report_reflect.go
@@ -199,7 +199,7 @@ func (opts formatOptions) FormatValue(v reflect.Value, parentKind reflect.Kind,
 				break
 			}
 			sf := t.Field(i)
-			if supportExporters && !isExported(sf.Name) {
+			if !isExported(sf.Name) {
 				vv = retrieveUnexportedField(v, sf, true)
 			}
 			s := opts.WithTypeMode(autoType).FormatValue(vv, t.Kind(), ptrs)
diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/layout/write.go b/vendor/github.com/google/go-containerregistry/pkg/v1/layout/write.go
index 906b12aec..d6e35c391 100644
--- a/vendor/github.com/google/go-containerregistry/pkg/v1/layout/write.go
+++ b/vendor/github.com/google/go-containerregistry/pkg/v1/layout/write.go
@@ -196,6 +196,7 @@ func (l Path) WriteBlob(hash v1.Hash, r io.ReadCloser) error {
 }
 
 func (l Path) writeBlob(hash v1.Hash, size int64, rc io.ReadCloser, renamer func() (v1.Hash, error)) error {
+	defer rc.Close()
 	if hash.Hex == "" && renamer == nil {
 		panic("writeBlob called an invalid hash and no renamer")
 	}
diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/mutate/mutate.go b/vendor/github.com/google/go-containerregistry/pkg/v1/mutate/mutate.go
index e4a0e5273..1a24b10d7 100644
--- a/vendor/github.com/google/go-containerregistry/pkg/v1/mutate/mutate.go
+++ b/vendor/github.com/google/go-containerregistry/pkg/v1/mutate/mutate.go
@@ -402,7 +402,9 @@ func Time(img v1.Image, t time.Time) (v1.Image, error) {
 			historyIdx++
 			break
 		}
-		addendums[addendumIdx].Layer = newLayer
+		if addendumIdx < len(addendums) {
+			addendums[addendumIdx].Layer = newLayer
+		}
 	}
 
 	// add all leftover History entries
diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/remote/descriptor.go b/vendor/github.com/google/go-containerregistry/pkg/v1/remote/descriptor.go
index 61f28f4c0..fafe910e9 100644
--- a/vendor/github.com/google/go-containerregistry/pkg/v1/remote/descriptor.go
+++ b/vendor/github.com/google/go-containerregistry/pkg/v1/remote/descriptor.go
@@ -16,6 +16,7 @@ package remote
 
 import (
 	"context"
+	"errors"
 	"fmt"
 
 	"github.com/google/go-containerregistry/pkg/logs"
@@ -33,20 +34,11 @@ var allManifestMediaTypes = append(append([]types.MediaType{
 // ErrSchema1 indicates that we received a schema1 manifest from the registry.
 // This library doesn't have plans to support this legacy image format:
 // https://github.com/google/go-containerregistry/issues/377
-type ErrSchema1 struct {
-	schema string
-}
+var ErrSchema1 = errors.New("see https://github.com/google/go-containerregistry/issues/377")
 
 // newErrSchema1 returns an ErrSchema1 with the unexpected MediaType.
 func newErrSchema1(schema types.MediaType) error {
-	return &ErrSchema1{
-		schema: string(schema),
-	}
-}
-
-// Error implements error.
-func (e *ErrSchema1) Error() string {
-	return fmt.Sprintf("unsupported MediaType: %q, see https://github.com/google/go-containerregistry/issues/377", e.schema)
+	return fmt.Errorf("unsupported MediaType: %q, %w", schema, ErrSchema1)
 }
 
 // Descriptor provides access to metadata about remote artifact and accessors
diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/remote/fetcher.go b/vendor/github.com/google/go-containerregistry/pkg/v1/remote/fetcher.go
index b671f836c..4e61002be 100644
--- a/vendor/github.com/google/go-containerregistry/pkg/v1/remote/fetcher.go
+++ b/vendor/github.com/google/go-containerregistry/pkg/v1/remote/fetcher.go
@@ -32,6 +32,12 @@ import (
 	"github.com/google/go-containerregistry/pkg/v1/types"
 )
 
+const (
+	kib           = 1024
+	mib           = 1024 * kib
+	manifestLimit = 100 * mib
+)
+
 // fetcher implements methods for reading from a registry.
 type fetcher struct {
 	target resource
@@ -130,7 +136,7 @@ func (f *fetcher) fetchManifest(ctx context.Context, ref name.Reference, accepta
 		return nil, nil, err
 	}
 
-	manifest, err := io.ReadAll(resp.Body)
+	manifest, err := io.ReadAll(io.LimitReader(resp.Body, manifestLimit))
 	if err != nil {
 		return nil, nil, err
 	}
diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/remote/options.go b/vendor/github.com/google/go-containerregistry/pkg/v1/remote/options.go
index a722c2ca6..99a2bb2eb 100644
--- a/vendor/github.com/google/go-containerregistry/pkg/v1/remote/options.go
+++ b/vendor/github.com/google/go-containerregistry/pkg/v1/remote/options.go
@@ -96,7 +96,8 @@ var defaultRetryStatusCodes = []int{
 	http.StatusBadGateway,
 	http.StatusServiceUnavailable,
 	http.StatusGatewayTimeout,
-	499,
+	499, // nginx-specific, client closed request
+	522, // Cloudflare-specific, connection timeout
 }
 
 const (
diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/bearer.go b/vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/bearer.go
index ea07ff6ab..cb1567496 100644
--- a/vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/bearer.go
+++ b/vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/bearer.go
@@ -32,6 +32,71 @@ import (
 	"github.com/google/go-containerregistry/pkg/name"
 )
 
+type Token struct {
+	Token        string `json:"token"`
+	AccessToken  string `json:"access_token,omitempty"`
+	RefreshToken string `json:"refresh_token"`
+	ExpiresIn    int    `json:"expires_in"`
+}
+
+// Exchange requests a registry Token with the given scopes.
+func Exchange(ctx context.Context, reg name.Registry, auth authn.Authenticator, t http.RoundTripper, scopes []string, pr *Challenge) (*Token, error) {
+	if strings.ToLower(pr.Scheme) != "bearer" {
+		// TODO: Pretend token for basic?
+		return nil, fmt.Errorf("challenge scheme %q is not bearer", pr.Scheme)
+	}
+	bt, err := fromChallenge(reg, auth, t, pr, scopes...)
+	if err != nil {
+		return nil, err
+	}
+	authcfg, err := auth.Authorization()
+	if err != nil {
+		return nil, err
+	}
+	tok, err := bt.Refresh(ctx, authcfg)
+	if err != nil {
+		return nil, err
+	}
+	return tok, nil
+}
+
+// FromToken returns a transport given a Challenge + Token.
+func FromToken(reg name.Registry, auth authn.Authenticator, t http.RoundTripper, pr *Challenge, tok *Token) (http.RoundTripper, error) {
+	if strings.ToLower(pr.Scheme) != "bearer" {
+		return &Wrapper{&basicTransport{inner: t, auth: auth, target: reg.RegistryStr()}}, nil
+	}
+	bt, err := fromChallenge(reg, auth, t, pr)
+	if err != nil {
+		return nil, err
+	}
+	if tok.Token != "" {
+		bt.bearer.RegistryToken = tok.Token
+	}
+	return &Wrapper{bt}, nil
+}
+
+func fromChallenge(reg name.Registry, auth authn.Authenticator, t http.RoundTripper, pr *Challenge, scopes ...string) (*bearerTransport, error) {
+	// We require the realm, which tells us where to send our Basic auth to turn it into Bearer auth.
+	realm, ok := pr.Parameters["realm"]
+	if !ok {
+		return nil, fmt.Errorf("malformed www-authenticate, missing realm: %v", pr.Parameters)
+	}
+	service := pr.Parameters["service"]
+	scheme := "https"
+	if pr.Insecure {
+		scheme = "http"
+	}
+	return &bearerTransport{
+		inner:    t,
+		basic:    auth,
+		realm:    realm,
+		registry: reg,
+		service:  service,
+		scopes:   scopes,
+		scheme:   scheme,
+	}, nil
+}
+
 type bearerTransport struct {
 	// Wrapped by bearerTransport.
 	inner http.RoundTripper
@@ -73,7 +138,7 @@ func (bt *bearerTransport) RoundTrip(in *http.Request) (*http.Response, error) {
 		// we are redirected, only set it when the authorization header matches
 		// the registry with which we are interacting.
 		// In case of redirect http.Client can use an empty Host, check URL too.
-		if matchesHost(bt.registry, in, bt.scheme) {
+		if matchesHost(bt.registry.RegistryStr(), in, bt.scheme) {
 			hdr := fmt.Sprintf("Bearer %s", bt.bearer.RegistryToken)
 			in.Header.Set("Authorization", hdr)
 		}
@@ -135,7 +200,36 @@ func (bt *bearerTransport) refresh(ctx context.Context) error {
 		return nil
 	}
 
-	var content []byte
+	response, err := bt.Refresh(ctx, auth)
+	if err != nil {
+		return err
+	}
+
+	// Some registries set access_token instead of token. See #54.
+	if response.AccessToken != "" {
+		response.Token = response.AccessToken
+	}
+
+	// Find a token to turn into a Bearer authenticator
+	if response.Token != "" {
+		bt.bearer.RegistryToken = response.Token
+	}
+
+	// If we obtained a refresh token from the oauth flow, use that for refresh() now.
+	if response.RefreshToken != "" {
+		bt.basic = authn.FromConfig(authn.AuthConfig{
+			IdentityToken: response.RefreshToken,
+		})
+	}
+
+	return nil
+}
+
+func (bt *bearerTransport) Refresh(ctx context.Context, auth *authn.AuthConfig) (*Token, error) {
+	var (
+		content []byte
+		err     error
+	)
 	if auth.IdentityToken != "" {
 		// If the secret being stored is an identity token,
 		// the Username should be set to <token>, which indicates
@@ -152,48 +246,25 @@ func (bt *bearerTransport) refresh(ctx context.Context) error {
 		content, err = bt.refreshBasic(ctx)
 	}
 	if err != nil {
-		return err
-	}
-
-	// Some registries don't have "token" in the response. See #54.
-	type tokenResponse struct {
-		Token        string `json:"token"`
-		AccessToken  string `json:"access_token"`
-		RefreshToken string `json:"refresh_token"`
-		// TODO: handle expiry?
+		return nil, err
 	}
 
-	var response tokenResponse
+	var response Token
 	if err := json.Unmarshal(content, &response); err != nil {
-		return err
-	}
-
-	// Some registries set access_token instead of token.
-	if response.AccessToken != "" {
-		response.Token = response.AccessToken
-	}
-
-	// Find a token to turn into a Bearer authenticator
-	if response.Token != "" {
-		bt.bearer.RegistryToken = response.Token
-	} else {
-		return fmt.Errorf("no token in bearer response:\n%s", content)
+		return nil, err
 	}
 
-	// If we obtained a refresh token from the oauth flow, use that for refresh() now.
-	if response.RefreshToken != "" {
-		bt.basic = authn.FromConfig(authn.AuthConfig{
-			IdentityToken: response.RefreshToken,
-		})
+	if response.Token == "" && response.AccessToken == "" {
+		return &response, fmt.Errorf("no token in bearer response:\n%s", content)
 	}
 
-	return nil
+	return &response, nil
 }
 
-func matchesHost(reg name.Registry, in *http.Request, scheme string) bool {
+func matchesHost(host string, in *http.Request, scheme string) bool {
 	canonicalHeaderHost := canonicalAddress(in.Host, scheme)
 	canonicalURLHost := canonicalAddress(in.URL.Host, scheme)
-	canonicalRegistryHost := canonicalAddress(reg.RegistryStr(), scheme)
+	canonicalRegistryHost := canonicalAddress(host, scheme)
 	return canonicalHeaderHost == canonicalRegistryHost || canonicalURLHost == canonicalRegistryHost
 }
 
diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/ping.go b/vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/ping.go
index d852ef845..799c7ea08 100644
--- a/vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/ping.go
+++ b/vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/ping.go
@@ -28,33 +28,22 @@ import (
 	"github.com/google/go-containerregistry/pkg/name"
 )
 
-type challenge string
-
-const (
-	anonymous challenge = "anonymous"
-	basic     challenge = "basic"
-	bearer    challenge = "bearer"
-)
-
 // 300ms is the default fallback period for go's DNS dialer but we could make this configurable.
 var fallbackDelay = 300 * time.Millisecond
 
-type pingResp struct {
-	challenge challenge
+type Challenge struct {
+	Scheme string
 
 	// Following the challenge there are often key/value pairs
 	// e.g. Bearer service="gcr.io",realm="https://auth.gcr.io/v36/tokenz"
-	parameters map[string]string
+	Parameters map[string]string
 
-	// The registry's scheme to use. Communicates whether we fell back to http.
-	scheme string
+	// Whether we had to use http to complete the Ping.
+	Insecure bool
 }
 
-func (c challenge) Canonical() challenge {
-	return challenge(strings.ToLower(string(c)))
-}
-
-func ping(ctx context.Context, reg name.Registry, t http.RoundTripper) (*pingResp, error) {
+// Ping does a GET /v2/ against the registry and returns the response.
+func Ping(ctx context.Context, reg name.Registry, t http.RoundTripper) (*Challenge, error) {
 	// This first attempts to use "https" for every request, falling back to http
 	// if the registry matches our localhost heuristic or if it is intentionally
 	// set to insecure via name.NewInsecureRegistry.
@@ -68,9 +57,9 @@ func ping(ctx context.Context, reg name.Registry, t http.RoundTripper) (*pingRes
 	return pingParallel(ctx, reg, t, schemes)
 }
 
-func pingSingle(ctx context.Context, reg name.Registry, t http.RoundTripper, scheme string) (*pingResp, error) {
+func pingSingle(ctx context.Context, reg name.Registry, t http.RoundTripper, scheme string) (*Challenge, error) {
 	client := http.Client{Transport: t}
-	url := fmt.Sprintf("%s://%s/v2/", scheme, reg.Name())
+	url := fmt.Sprintf("%s://%s/v2/", scheme, reg.RegistryStr())
 	req, err := http.NewRequest(http.MethodGet, url, nil)
 	if err != nil {
 		return nil, err
@@ -86,27 +75,28 @@ func pingSingle(ctx context.Context, reg name.Registry, t http.RoundTripper, sch
 		resp.Body.Close()
 	}()
 
+	insecure := scheme == "http"
+
 	switch resp.StatusCode {
 	case http.StatusOK:
 		// If we get a 200, then no authentication is needed.
-		return &pingResp{
-			challenge: anonymous,
-			scheme:    scheme,
+		return &Challenge{
+			Insecure: insecure,
 		}, nil
 	case http.StatusUnauthorized:
 		if challenges := authchallenge.ResponseChallenges(resp); len(challenges) != 0 {
 			// If we hit more than one, let's try to find one that we know how to handle.
 			wac := pickFromMultipleChallenges(challenges)
-			return &pingResp{
-				challenge:  challenge(wac.Scheme).Canonical(),
-				parameters: wac.Parameters,
-				scheme:     scheme,
+			return &Challenge{
+				Scheme:     wac.Scheme,
+				Parameters: wac.Parameters,
+				Insecure:   insecure,
 			}, nil
 		}
 		// Otherwise, just return the challenge without parameters.
-		return &pingResp{
-			challenge: challenge(resp.Header.Get("WWW-Authenticate")).Canonical(),
-			scheme:    scheme,
+		return &Challenge{
+			Scheme:   resp.Header.Get("WWW-Authenticate"),
+			Insecure: insecure,
 		}, nil
 	default:
 		return nil, CheckError(resp, http.StatusOK, http.StatusUnauthorized)
@@ -114,12 +104,12 @@ func pingSingle(ctx context.Context, reg name.Registry, t http.RoundTripper, sch
 }
 
 // Based on the golang happy eyeballs dialParallel impl in net/dial.go.
-func pingParallel(ctx context.Context, reg name.Registry, t http.RoundTripper, schemes []string) (*pingResp, error) {
+func pingParallel(ctx context.Context, reg name.Registry, t http.RoundTripper, schemes []string) (*Challenge, error) {
 	returned := make(chan struct{})
 	defer close(returned)
 
 	type pingResult struct {
-		*pingResp
+		*Challenge
 		error
 		primary bool
 		done    bool
@@ -130,7 +120,7 @@ func pingParallel(ctx context.Context, reg name.Registry, t http.RoundTripper, s
 	startRacer := func(ctx context.Context, scheme string) {
 		pr, err := pingSingle(ctx, reg, t, scheme)
 		select {
-		case results <- pingResult{pingResp: pr, error: err, primary: scheme == "https", done: true}:
+		case results <- pingResult{Challenge: pr, error: err, primary: scheme == "https", done: true}:
 		case <-returned:
 			if pr != nil {
 				logs.Debug.Printf("%s lost race", scheme)
@@ -156,7 +146,7 @@ func pingParallel(ctx context.Context, reg name.Registry, t http.RoundTripper, s
 
 		case res := <-results:
 			if res.error == nil {
-				return res.pingResp, nil
+				return res.Challenge, nil
 			}
 			if res.primary {
 				primary = res
@@ -164,7 +154,7 @@ func pingParallel(ctx context.Context, reg name.Registry, t http.RoundTripper, s
 				fallback = res
 			}
 			if primary.done && fallback.done {
-				return nil, multierrs([]error{primary.error, fallback.error})
+				return nil, multierrs{primary.error, fallback.error}
 			}
 			if res.primary && fallbackTimer.Stop() {
 				// Primary failed and we haven't started the fallback,
diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/schemer.go b/vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/schemer.go
index d70b6a850..05844db13 100644
--- a/vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/schemer.go
+++ b/vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/schemer.go
@@ -37,7 +37,7 @@ func (st *schemeTransport) RoundTrip(in *http.Request) (*http.Response, error) {
 	// based on which scheme was successful. That is only valid for the
 	// registry server and not e.g. a separate token server or blob storage,
 	// so we should only override the scheme if the host is the registry.
-	if matchesHost(st.registry, in, st.scheme) {
+	if matchesHost(st.registry.String(), in, st.scheme) {
 		in.URL.Scheme = st.scheme
 	}
 	return st.inner.RoundTrip(in)
diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/transport.go b/vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/transport.go
index 01fe1fa82..bd539b44f 100644
--- a/vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/transport.go
+++ b/vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/transport.go
@@ -16,8 +16,8 @@ package transport
 
 import (
 	"context"
-	"fmt"
 	"net/http"
+	"strings"
 
 	"github.com/google/go-containerregistry/pkg/authn"
 	"github.com/google/go-containerregistry/pkg/name"
@@ -59,7 +59,7 @@ func NewWithContext(ctx context.Context, reg name.Registry, auth authn.Authentic
 
 	// First we ping the registry to determine the parameters of the authentication handshake
 	// (if one is even necessary).
-	pr, err := ping(ctx, reg, t)
+	pr, err := Ping(ctx, reg, t)
 	if err != nil {
 		return nil, err
 	}
@@ -69,39 +69,32 @@ func NewWithContext(ctx context.Context, reg name.Registry, auth authn.Authentic
 		t = NewUserAgent(t, "")
 	}
 
+	scheme := "https"
+	if pr.Insecure {
+		scheme = "http"
+	}
+
 	// Wrap t in a transport that selects the appropriate scheme based on the ping response.
 	t = &schemeTransport{
-		scheme:   pr.scheme,
+		scheme:   scheme,
 		registry: reg,
 		inner:    t,
 	}
 
-	switch pr.challenge.Canonical() {
-	case anonymous, basic:
+	if strings.ToLower(pr.Scheme) != "bearer" {
 		return &Wrapper{&basicTransport{inner: t, auth: auth, target: reg.RegistryStr()}}, nil
-	case bearer:
-		// We require the realm, which tells us where to send our Basic auth to turn it into Bearer auth.
-		realm, ok := pr.parameters["realm"]
-		if !ok {
-			return nil, fmt.Errorf("malformed www-authenticate, missing realm: %v", pr.parameters)
-		}
-		service := pr.parameters["service"]
-		bt := &bearerTransport{
-			inner:    t,
-			basic:    auth,
-			realm:    realm,
-			registry: reg,
-			service:  service,
-			scopes:   scopes,
-			scheme:   pr.scheme,
-		}
-		if err := bt.refresh(ctx); err != nil {
-			return nil, err
-		}
-		return &Wrapper{bt}, nil
-	default:
-		return nil, fmt.Errorf("unrecognized challenge: %s", pr.challenge)
 	}
+
+	bt, err := fromChallenge(reg, auth, t, pr)
+	if err != nil {
+		return nil, err
+	}
+	bt.scopes = scopes
+
+	if err := bt.refresh(ctx); err != nil {
+		return nil, err
+	}
+	return &Wrapper{bt}, nil
 }
 
 // Wrapper results in *not* wrapping supplied transport with additional logic such as retries, useragent and debug logging
diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/remote/write.go b/vendor/github.com/google/go-containerregistry/pkg/v1/remote/write.go
index f4369e2a0..6bfce75e7 100644
--- a/vendor/github.com/google/go-containerregistry/pkg/v1/remote/write.go
+++ b/vendor/github.com/google/go-containerregistry/pkg/v1/remote/write.go
@@ -210,7 +210,7 @@ func (w *writer) initiateUpload(ctx context.Context, from, mount, origin string)
 	req.Header.Set("Content-Type", "application/json")
 	resp, err := w.client.Do(req.WithContext(ctx))
 	if err != nil {
-		if origin != "" && origin != w.repo.RegistryStr() {
+		if from != "" {
 			// https://github.com/google/go-containerregistry/issues/1679
 			logs.Warn.Printf("retrying without mount: %v", err)
 			return w.initiateUpload(ctx, "", "", "")
@@ -220,7 +220,7 @@ func (w *writer) initiateUpload(ctx context.Context, from, mount, origin string)
 	defer resp.Body.Close()
 
 	if err := transport.CheckError(resp, http.StatusCreated, http.StatusAccepted); err != nil {
-		if origin != "" && origin != w.repo.RegistryStr() {
+		if from != "" {
 			// https://github.com/google/go-containerregistry/issues/1404
 			logs.Warn.Printf("retrying without mount: %v", err)
 			return w.initiateUpload(ctx, "", "", "")
@@ -360,8 +360,16 @@ func (w *writer) uploadOne(ctx context.Context, l v1.Layer) error {
 			if err := w.maybeUpdateScopes(ctx, ml); err != nil {
 				return err
 			}
+
 			from = ml.Reference.Context().RepositoryStr()
 			origin = ml.Reference.Context().RegistryStr()
+
+			// This keeps breaking with DockerHub.
+			// https://github.com/google/go-containerregistry/issues/1741
+			if w.repo.RegistryStr() == name.DefaultRegistry && origin != w.repo.RegistryStr() {
+				from = ""
+				origin = ""
+			}
 		}
 
 		location, mounted, err := w.initiateUpload(ctx, from, mount, origin)
diff --git a/vendor/github.com/google/go-github/v50/github/event.go b/vendor/github.com/google/go-github/v50/github/event.go
deleted file mode 100644
index 1aabf13ba..000000000
--- a/vendor/github.com/google/go-github/v50/github/event.go
+++ /dev/null
@@ -1,163 +0,0 @@
-// Copyright 2018 The go-github AUTHORS. All rights reserved.
-//
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package github
-
-import (
-	"encoding/json"
-)
-
-// Event represents a GitHub event.
-type Event struct {
-	Type       *string          `json:"type,omitempty"`
-	Public     *bool            `json:"public,omitempty"`
-	RawPayload *json.RawMessage `json:"payload,omitempty"`
-	Repo       *Repository      `json:"repo,omitempty"`
-	Actor      *User            `json:"actor,omitempty"`
-	Org        *Organization    `json:"org,omitempty"`
-	CreatedAt  *Timestamp       `json:"created_at,omitempty"`
-	ID         *string          `json:"id,omitempty"`
-}
-
-func (e Event) String() string {
-	return Stringify(e)
-}
-
-// ParsePayload parses the event payload. For recognized event types,
-// a value of the corresponding struct type will be returned.
-func (e *Event) ParsePayload() (payload interface{}, err error) {
-	switch *e.Type {
-	case "BranchProtectionRuleEvent":
-		payload = &BranchProtectionRuleEvent{}
-	case "CheckRunEvent":
-		payload = &CheckRunEvent{}
-	case "CheckSuiteEvent":
-		payload = &CheckSuiteEvent{}
-	case "CodeScanningAlertEvent":
-		payload = &CodeScanningAlertEvent{}
-	case "CommitCommentEvent":
-		payload = &CommitCommentEvent{}
-	case "ContentReferenceEvent":
-		payload = &ContentReferenceEvent{}
-	case "CreateEvent":
-		payload = &CreateEvent{}
-	case "DeleteEvent":
-		payload = &DeleteEvent{}
-	case "DeployKeyEvent":
-		payload = &DeployKeyEvent{}
-	case "DeploymentEvent":
-		payload = &DeploymentEvent{}
-	case "DeploymentStatusEvent":
-		payload = &DeploymentStatusEvent{}
-	case "DiscussionEvent":
-		payload = &DiscussionEvent{}
-	case "DiscussionCommentEvent":
-		payload = &DiscussionCommentEvent{}
-	case "ForkEvent":
-		payload = &ForkEvent{}
-	case "GitHubAppAuthorizationEvent":
-		payload = &GitHubAppAuthorizationEvent{}
-	case "GollumEvent":
-		payload = &GollumEvent{}
-	case "InstallationEvent":
-		payload = &InstallationEvent{}
-	case "InstallationRepositoriesEvent":
-		payload = &InstallationRepositoriesEvent{}
-	case "IssueCommentEvent":
-		payload = &IssueCommentEvent{}
-	case "IssuesEvent":
-		payload = &IssuesEvent{}
-	case "LabelEvent":
-		payload = &LabelEvent{}
-	case "MarketplacePurchaseEvent":
-		payload = &MarketplacePurchaseEvent{}
-	case "MemberEvent":
-		payload = &MemberEvent{}
-	case "MembershipEvent":
-		payload = &MembershipEvent{}
-	case "MergeGroupEvent":
-		payload = &MergeGroupEvent{}
-	case "MetaEvent":
-		payload = &MetaEvent{}
-	case "MilestoneEvent":
-		payload = &MilestoneEvent{}
-	case "OrganizationEvent":
-		payload = &OrganizationEvent{}
-	case "OrgBlockEvent":
-		payload = &OrgBlockEvent{}
-	case "PackageEvent":
-		payload = &PackageEvent{}
-	case "PageBuildEvent":
-		payload = &PageBuildEvent{}
-	case "PingEvent":
-		payload = &PingEvent{}
-	case "ProjectEvent":
-		payload = &ProjectEvent{}
-	case "ProjectCardEvent":
-		payload = &ProjectCardEvent{}
-	case "ProjectColumnEvent":
-		payload = &ProjectColumnEvent{}
-	case "PublicEvent":
-		payload = &PublicEvent{}
-	case "PullRequestEvent":
-		payload = &PullRequestEvent{}
-	case "PullRequestReviewEvent":
-		payload = &PullRequestReviewEvent{}
-	case "PullRequestReviewCommentEvent":
-		payload = &PullRequestReviewCommentEvent{}
-	case "PullRequestReviewThreadEvent":
-		payload = &PullRequestReviewThreadEvent{}
-	case "PullRequestTargetEvent":
-		payload = &PullRequestTargetEvent{}
-	case "PushEvent":
-		payload = &PushEvent{}
-	case "ReleaseEvent":
-		payload = &ReleaseEvent{}
-	case "RepositoryEvent":
-		payload = &RepositoryEvent{}
-	case "RepositoryDispatchEvent":
-		payload = &RepositoryDispatchEvent{}
-	case "RepositoryImportEvent":
-		payload = &RepositoryImportEvent{}
-	case "RepositoryVulnerabilityAlertEvent":
-		payload = &RepositoryVulnerabilityAlertEvent{}
-	case "SecretScanningAlertEvent":
-		payload = &SecretScanningAlertEvent{}
-	case "StarEvent":
-		payload = &StarEvent{}
-	case "StatusEvent":
-		payload = &StatusEvent{}
-	case "TeamEvent":
-		payload = &TeamEvent{}
-	case "TeamAddEvent":
-		payload = &TeamAddEvent{}
-	case "UserEvent":
-		payload = &UserEvent{}
-	case "WatchEvent":
-		payload = &WatchEvent{}
-	case "WorkflowDispatchEvent":
-		payload = &WorkflowDispatchEvent{}
-	case "WorkflowJobEvent":
-		payload = &WorkflowJobEvent{}
-	case "WorkflowRunEvent":
-		payload = &WorkflowRunEvent{}
-	}
-	err = json.Unmarshal(*e.RawPayload, &payload)
-	return payload, err
-}
-
-// Payload returns the parsed event payload. For recognized event types,
-// a value of the corresponding struct type will be returned.
-//
-// Deprecated: Use ParsePayload instead, which returns an error
-// rather than panics if JSON unmarshaling raw payload fails.
-func (e *Event) Payload() (payload interface{}) {
-	var err error
-	payload, err = e.ParsePayload()
-	if err != nil {
-		panic(err)
-	}
-	return payload
-}
diff --git a/vendor/github.com/google/go-github/v50/github/orgs_audit_log.go b/vendor/github.com/google/go-github/v50/github/orgs_audit_log.go
deleted file mode 100644
index 700c233c8..000000000
--- a/vendor/github.com/google/go-github/v50/github/orgs_audit_log.go
+++ /dev/null
@@ -1,119 +0,0 @@
-// Copyright 2021 The go-github AUTHORS. All rights reserved.
-//
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package github
-
-import (
-	"context"
-	"fmt"
-)
-
-// GetAuditLogOptions sets up optional parameters to query audit-log endpoint.
-type GetAuditLogOptions struct {
-	Phrase  *string `url:"phrase,omitempty"`  // A search phrase. (Optional.)
-	Include *string `url:"include,omitempty"` // Event type includes. Can be one of "web", "git", "all". Default: "web". (Optional.)
-	Order   *string `url:"order,omitempty"`   // The order of audit log events. Can be one of "asc" or "desc". Default: "desc". (Optional.)
-
-	ListCursorOptions
-}
-
-// HookConfig describes metadata about a webhook configuration.
-type HookConfig struct {
-	ContentType *string `json:"content_type,omitempty"`
-	InsecureSSL *string `json:"insecure_ssl,omitempty"`
-	URL         *string `json:"url,omitempty"`
-
-	// Secret is returned obfuscated by GitHub, but it can be set for outgoing requests.
-	Secret *string `json:"secret,omitempty"`
-}
-
-// AuditEntry describes the fields that may be represented by various audit-log "action" entries.
-// For a list of actions see - https://docs.github.com/en/github/setting-up-and-managing-organizations-and-teams/reviewing-the-audit-log-for-your-organization#audit-log-actions
-type AuditEntry struct {
-	Action                *string     `json:"action,omitempty"` // The name of the action that was performed, for example `user.login` or `repo.create`.
-	Active                *bool       `json:"active,omitempty"`
-	ActiveWas             *bool       `json:"active_was,omitempty"`
-	Actor                 *string     `json:"actor,omitempty"` // The actor who performed the action.
-	BlockedUser           *string     `json:"blocked_user,omitempty"`
-	Business              *string     `json:"business,omitempty"`
-	CancelledAt           *Timestamp  `json:"cancelled_at,omitempty"`
-	CompletedAt           *Timestamp  `json:"completed_at,omitempty"`
-	Conclusion            *string     `json:"conclusion,omitempty"`
-	Config                *HookConfig `json:"config,omitempty"`
-	ConfigWas             *HookConfig `json:"config_was,omitempty"`
-	ContentType           *string     `json:"content_type,omitempty"`
-	CreatedAt             *Timestamp  `json:"created_at,omitempty"`
-	DeployKeyFingerprint  *string     `json:"deploy_key_fingerprint,omitempty"`
-	DocumentID            *string     `json:"_document_id,omitempty"`
-	Emoji                 *string     `json:"emoji,omitempty"`
-	EnvironmentName       *string     `json:"environment_name,omitempty"`
-	Event                 *string     `json:"event,omitempty"`
-	Events                []string    `json:"events,omitempty"`
-	EventsWere            []string    `json:"events_were,omitempty"`
-	Explanation           *string     `json:"explanation,omitempty"`
-	Fingerprint           *string     `json:"fingerprint,omitempty"`
-	HeadBranch            *string     `json:"head_branch,omitempty"`
-	HeadSHA               *string     `json:"head_sha,omitempty"`
-	HookID                *int64      `json:"hook_id,omitempty"`
-	IsHostedRunner        *bool       `json:"is_hosted_runner,omitempty"`
-	JobName               *string     `json:"job_name,omitempty"`
-	LimitedAvailability   *bool       `json:"limited_availability,omitempty"`
-	Message               *string     `json:"message,omitempty"`
-	Name                  *string     `json:"name,omitempty"`
-	OldUser               *string     `json:"old_user,omitempty"`
-	OldPermission         *string     `json:"old_permission,omitempty"` // The permission level for membership changes, for example `admin` or `read`.
-	OpenSSHPublicKey      *string     `json:"openssh_public_key,omitempty"`
-	Org                   *string     `json:"org,omitempty"`
-	Permission            *string     `json:"permission,omitempty"` // The permission level for membership changes, for example `admin` or `read`.
-	PreviousVisibility    *string     `json:"previous_visibility,omitempty"`
-	ReadOnly              *string     `json:"read_only,omitempty"`
-	Repo                  *string     `json:"repo,omitempty"`
-	Repository            *string     `json:"repository,omitempty"`
-	RepositoryPublic      *bool       `json:"repository_public,omitempty"`
-	RunAttempt            *int64      `json:"run_attempt,omitempty"`
-	RunnerGroupID         *int64      `json:"runner_group_id,omitempty"`
-	RunnerGroupName       *string     `json:"runner_group_name,omitempty"`
-	RunnerID              *int64      `json:"runner_id,omitempty"`
-	RunnerLabels          []string    `json:"runner_labels,omitempty"`
-	RunnerName            *string     `json:"runner_name,omitempty"`
-	SecretsPassed         []string    `json:"secrets_passed,omitempty"`
-	SourceVersion         *string     `json:"source_version,omitempty"`
-	StartedAt             *Timestamp  `json:"started_at,omitempty"`
-	TargetLogin           *string     `json:"target_login,omitempty"`
-	TargetVersion         *string     `json:"target_version,omitempty"`
-	Team                  *string     `json:"team,omitempty"`
-	Timestamp             *Timestamp  `json:"@timestamp,omitempty"`              // The time the audit log event occurred, given as a [Unix timestamp](http://en.wikipedia.org/wiki/Unix_time).
-	TransportProtocolName *string     `json:"transport_protocol_name,omitempty"` // A human readable name for the protocol (for example, HTTP or SSH) used to transfer Git data.
-	TransportProtocol     *int        `json:"transport_protocol,omitempty"`      // The type of protocol (for example, HTTP=1 or SSH=2) used to transfer Git data.
-	TriggerID             *int64      `json:"trigger_id,omitempty"`
-	User                  *string     `json:"user,omitempty"`       // The user that was affected by the action performed (if available).
-	Visibility            *string     `json:"visibility,omitempty"` // The repository visibility, for example `public` or `private`.
-	WorkflowID            *int64      `json:"workflow_id,omitempty"`
-	WorkflowRunID         *int64      `json:"workflow_run_id,omitempty"`
-}
-
-// GetAuditLog gets the audit-log entries for an organization.
-//
-// GitHub API docs: https://docs.github.com/en/rest/orgs/orgs#get-the-audit-log-for-an-organization
-func (s *OrganizationsService) GetAuditLog(ctx context.Context, org string, opts *GetAuditLogOptions) ([]*AuditEntry, *Response, error) {
-	u := fmt.Sprintf("orgs/%v/audit-log", org)
-	u, err := addOptions(u, opts)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	req, err := s.client.NewRequest("GET", u, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var auditEntries []*AuditEntry
-	resp, err := s.client.Do(ctx, req, &auditEntries)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return auditEntries, resp, nil
-}
diff --git a/vendor/github.com/google/go-github/v50/AUTHORS b/vendor/github.com/google/go-github/v55/AUTHORS
similarity index 89%
rename from vendor/github.com/google/go-github/v50/AUTHORS
rename to vendor/github.com/google/go-github/v55/AUTHORS
index 5e40cd1f3..74a21dc60 100644
--- a/vendor/github.com/google/go-github/v50/AUTHORS
+++ b/vendor/github.com/google/go-github/v55/AUTHORS
@@ -11,13 +11,17 @@
 178inaba <masahiro.furudate@gmail.com>
 2BFL <imqksl@gmail.com>
 413x <dedifferentiator@gmail.com>
+6543 <6543@obermui.de>
 Abed Kibbe <abed.kibbe@gmail.com>
 Abhinav Gupta <mail@abhinavg.net>
 Abhishek Veeramalla <abhishek.veeramalla@gmail.com>
 aboy <b1011211@gmail.com>
+Adam Kohring <ajkohring@gmail.com>
 adrienzieba <adrien.zieba@appdirect.com>
 afdesk <work@afdesk.com>
+Ahmad Nurus S <ahmadnurus.sh@gmail.com>
 Ahmed Hagy <a.akram93@gmail.com>
+Aidan <aidan@artificial.com>
 Aidan Steele <aidan.steele@glassechidna.com.au>
 Ainsley Chong <ainsley.chong@gmail.com>
 ajz01 <azdenek@yahoo.com>
@@ -26,6 +30,7 @@ Akhil Mohan <akhilerm@gmail.com>
 Alec Thomas <alec@swapoff.org>
 Aleks Clark <aleks.clark@gmail.com>
 Alex Bramley <a.bramley@gmail.com>
+Alex Ellis <alexellis2@gmail.com>
 Alex Orr <Alexorr.CSE@gmail.com>
 Alex Su <alexsu@17.media>
 Alex Unger <zyxancf@gmail.com>
@@ -51,6 +56,7 @@ Anton Nguyen <afnguyen85@gmail.com>
 Anubha Kushwaha <anubha_bt2k14@dtu.ac.in>
 appilon <apilon@hashicorp.com>
 aprp <doelaudi@gmail.com>
+apurwaj2 <apurwaj2@gmail.com>
 Aravind <aravindkp@outlook.in>
 Arda Kuyumcu <kuyumcuarda@gmail.com>
 Arıl Bozoluk <arilbozoluk@hotmail.com>
@@ -60,12 +66,15 @@ Austin Dizzy <dizzy@wow.com>
 Azuka Okuleye <azuka@zatechcorp.com>
 Ben Batha <bhbatha@gmail.com>
 Benjamen Keroack <benjamen@dollarshaveclub.com>
+Berkay Tacyildiz <berkaytacyildiz@gmail.com>
 Beshr Kayali <beshrkayali@gmail.com>
 Beyang Liu <beyang.liu@gmail.com>
 Billy Keyes <bluekeyes@gmail.com>
 Billy Lynch <wlynch92@gmail.com>
+Bingtan Lu <lubingtan@126.com>
 Bjorn Neergaard <bjorn@neersighted.com>
 Björn Häuser <b.haeuser@rebuy.de>
+Bo Huang <bo.huang@datadoghq.com>
 boljen <bol.christophe@gmail.com>
 Bracken <abdawson@gmail.com>
 Brad Harris <bmharris@gmail.com>
@@ -74,6 +83,7 @@ Bradley Falzon <brad@teambrad.net>
 Bradley McAllister <brad.mcallister@hotmail.com>
 Brandon Butler <b.butler@chia.net>
 Brandon Cook <phylake@gmail.com>
+Brandon Stubbs <brstubbs1@gmail.com>
 Brett Kuhlman <kuhlman-labs@github.com>
 Brett Logan <lindluni@github.com>
 Brian Egizi <brian@mojotech.com>
@@ -96,6 +106,7 @@ Chris Schaefer <chris@dtzq.com>
 chrisforrette <chris@chrisforrette.com>
 Christian Bargmann <chris@cbrgm.net>
 Christian Muehlhaeuser <muesli@gmail.com>
+Christoph Jerolimov <jerolimov@gmail.com>
 Christoph Sassenberg <defsprite@gmail.com>
 CI Monk <ci-monk@protonmail.com>
 Colin Misare <github.com/cmisare>
@@ -125,12 +136,14 @@ Derek Jobst <derekjobst@gmail.com>
 DeviousLab <deviouslab@gmail.com>
 Dhi Aurrahman <diorahman@rockybars.com>
 Diego Lapiduz <diego.lapiduz@cfpb.gov>
+Diogo Vilela <be0x74a@gmail.com>
 Dmitri Shuralyov <shurcooL@gmail.com>
 dmnlk <seikima2demon@gmail.com>
 Don Petersen <don@donpetersen.net>
 Doug Turner <doug.turner@gmail.com>
 Drew Fradette <drew.fradette@gmail.com>
 Dustin Deus <deusdustin@gmail.com>
+Dustin Lish <dustin.lish@onepeloton.com>
 Eivind <eivindkn@gmail.com>
 Eli Uriegas <seemethere101@gmail.com>
 Elliott Beach <elliott2.71828@gmail.com>
@@ -141,10 +154,12 @@ eperm <staffordworrell@gmail.com>
 Erick Fejta <erick@fejta.com>
 Erik Nobel <hendrik.nobel@transferwise.com>
 erwinvaneyk <erwinvaneyk@gmail.com>
+Evan Anderson <evan.k.anderson@gmail.com>
 Evan Elias <evanjelias@gmail.com>
 Fabian Holler <fabian.holler@simplesurance.de>
 Fabrice <fabrice.vaillant@student.ecp.fr>
 Fatema-Moaiyadi <fatema.i.moaiyadi@gmail.com>
+Federico Di Pierro <nierro92@gmail.com>
 Felix Geisendörfer <felix@debuggable.com>
 Filippo Valsorda <hi@filippo.io>
 Florian Forster <ff@octo.it>
@@ -155,6 +170,7 @@ Francisco Guimarães <francisco.cpg@gmail.com>
 François de Metz <francois@2metz.fr>
 Fredrik Jönsson <fredrik.jonsson@izettle.com>
 Gabriel <samfiragabriel@gmail.com>
+Gal Ofri <galmenashofri@gmail.com>
 Garrett Squire <garrettsquire@gmail.com>
 George Kontridze <george.kontridze@gmail.com>
 Georgy Buranov <gburanov@gmail.com>
@@ -163,6 +179,7 @@ Gnahz <p@oath.pl>
 Google Inc.
 Grachev Mikhail <work@mgrachev.com>
 griffin_stewie <panterathefamilyguy@gmail.com>
+guangwu <guoguangwu@magic-shield.com>
 Guillaume Jacquet <guillaume.jacquet@gmail.com>
 Guz Alexander <kalimatas@gmail.com>
 Guðmundur Bjarni Ólafsson <gudmundur@github.com>
@@ -178,6 +195,7 @@ huydx <doxuanhuy@gmail.com>
 i2bskn <i2bskn@gmail.com>
 Iain Steers <iainsteers@gmail.com>
 Ikko Ashimine <eltociear@gmail.com>
+Ilia Choly <ilia.choly@gmail.com>
 Ioannis Georgoulas <igeorgoulas21@gmail.com>
 Isao Jonas <isao.jonas@gmail.com>
 ishan upadhyay <ishanupadhyay412@gmail.com>
@@ -189,11 +207,15 @@ Jameel Haffejee <RC1140@republiccommandos.co.za>
 James Bowes <jbowes@repl.ca>
 James Cockbain <james.cockbain@ibm.com>
 James Loh <github@jloh.co>
+James Maguire <jvm986@gmail.com>
+James Turley <jamesturley1905@googlemail.com>
 Jamie West <jamieianwest@hotmail.com>
 Jan Kosecki <jan.kosecki91@gmail.com>
 Jan Švábík <jansvabik@jansvabik.cz>
+Jason Field <Jason@avon-lea.co.uk>
 Javier Campanini <jcampanini@palantir.com>
 Jef LeCompte <jeffreylec@gmail.com>
+Jeff Wenzbauer <jeff.wenzbauer@niceincontact.com>
 Jens Rantil <jens.rantil@gmail.com>
 Jeremy Morris <jeremylevanmorris@gmail.com>
 Jesse Haka <haka.jesse@gmail.com>
@@ -208,7 +230,9 @@ John Engelman <john.r.engelman@gmail.com>
 John Jones <john@exthilion.org>
 John Liu <john.liu@mongodb.com>
 Jordan Brockopp <jdbro94@gmail.com>
+Jordan Burandt <jordanburandt@gmail.com>
 Jordan Sussman <jordansail22@gmail.com>
+Jorge Gómez Reus <j-g1996@live.com>
 Joshua Bezaleel Abednego <joshua.bezaleel@gmail.com>
 João Cerqueira <joao@cerqueira.io>
 JP Phillips <jonphill9@gmail.com>
@@ -222,14 +246,17 @@ Justin Abrahms <justin@abrah.ms>
 Justin Toh <tohjustin@hotmail.com>
 Jusung Lee <e.jusunglee@gmail.com>
 jzhoucliqr <jzhou@cliqr.com>
+k0ral <mail@cmoreau.info>
 k1rnt <eru08tera15mora@gmail.com>
 kadern0 <kaderno@gmail.com>
+Karthik Sundari <karthiksundari2315@gmail.com>
 Katrina Owen <kytrinyx@github.com>
 Kautilya Tripathi <tripathi.kautilya@gmail.com>
 Keita Urashima <ursm@ursm.jp>
 Kevin Burke <kev@inburke.com>
 Kevin Wang <kwangsan@gmail.com>
 Kevin Zhao <kzhao@lyft.com>
+kgalli <mail@kgalli.de>
 Kirill <g4s8.public@gmail.com>
 Konrad Malawski <konrad.malawski@project13.pl>
 Kookheon Kwon <kucuny@gmail.com>
@@ -239,19 +266,24 @@ Kshitij Saraogi <KshitijSaraogi@gmail.com>
 Kumar Saurabh <itsksaurabh@gmail.com>
 Kyle Kurz <kyle@doublekaudio.com>
 kyokomi <kyoko1220adword@gmail.com>
+Lars Lehtonen <lars.lehtonen@gmail.com>
 Laurent Verdoïa <verdoialaurent@gmail.com>
 leopoldwang <leopold.wang@gmail.com>
 Liam Galvin <liam@liam-galvin.co.uk>
 Lluis Campos <lluis.campos@northern.tech>
 Lovro Mažgon <lovro.mazgon@gmail.com>
+Loïs Postula <lois@postu.la>
 Luca Campese <me@campesel.net>
 Lucas Alcantara <lucasalcantaraf@gmail.com>
+Lucas Martin-King <lmartinking@gmail.com>
 Luis Davim <luis.davim@sendoso.com>
 Luke Evers <me@lukevers.com>
+Luke Hinds <luke@stacklok.com>
 Luke Kysow <lkysow@gmail.com>
 Luke Roberts <email@luke-roberts.co.uk>
 Luke Young <luke@hydrantlabs.org>
 lynn [they] <lynncyrin@gmail.com>
+Magnus Kulke <mkulke@gmail.com>
 Maksim Zhylinski <uzzable@gmail.com>
 Marc Binder <marcandrebinder@gmail.com>
 Marcelo Carlos <marcelo@permutive.com>
@@ -266,9 +298,11 @@ Matija Horvat <horvat2112@gmail.com>
 Matin Rahmanian <itsmatinx@gmail.com>
 Matt <alpmatthew@gmail.com>
 Matt Brender <mjbrender@gmail.com>
+Matt Dainty <matt@bodgit-n-scarper.com>
 Matt Gaunt <matt@gauntface.co.uk>
 Matt Landis <landis.matt@gmail.com>
 Matt Moore <mattmoor@vmware.com>
+Matt Simons <mattsimons@ntlworld.com>
 Maxime Bury <maxime.bury@gmail.com>
 Michael Meng <mmeng@lyft.com>
 Michael Spiegel <michael.m.spiegel@gmail.com>
@@ -277,26 +311,33 @@ Michał Glapa <michal.glapa@gmail.com>
 Michelangelo Morrillo <michelangelo@morrillo.it>
 Miguel Elias dos Santos <migueleliasweb@gmail.com>
 Mike Chen <mchen300@gmail.com>
+mohammad ali <2018cs92@student.uet.edu.pk>
 Mohammed AlDujaili <avainer11@gmail.com>
 Mukundan Senthil <mukundan314@gmail.com>
 Munia Balayil <munia.247@gmail.com>
 Mustafa Abban <mustafaabban@utexas.edu>
 Nadav Kaner <nadavkaner1@gmail.com>
+Naoki Kanatani <k12naoki@gmail.com>
 Nathan VanBenschoten <nvanbenschoten@gmail.com>
 Navaneeth Suresh <navaneeths1998@gmail.com>
+Neal Caffery <neal1991@sina.com>
 Neil O'Toole <neilotoole@apache.org>
 Nick Miyake <nmiyake@palantir.com>
 Nick Platt <hello@nickplatt.co.uk>
 Nick Spragg <nick.spragg@bbc.co.uk>
+Nicolas Chapurlat <nc@coorganix.com>
 Nikhita Raghunath <nikitaraghunath@gmail.com>
 Nilesh Singh <nilesh.singh24@outlook.com>
 Noah Hanjun Lee <noah.lee@buzzvil.com>
 Noah Zoschke <noah+sso2@convox.com>
 ns-cweber <cweber@narrativescience.com>
+nxya <nathacutlan@gmail.com>
 Ole Orhagen <ole.orhagen@northern.tech>
 Oleg Kovalov <iamolegkovalov@gmail.com>
 Ondřej Kupka <ondra.cap@gmail.com>
 Ori Talmor <talmorori@gmail.com>
+Osama Faqhruldin <onfaqhru@gmail.com>
+oslowalk <den.cs@pm.me>
 Pablo Pérez Schröder <pablo.perezschroder@wetransfer.com>
 Palash Nigam <npalash25@gmail.com>
 Panagiotis Moustafellos <pmoust@gmail.com>
@@ -307,6 +348,7 @@ parkhyukjun89 <park.hyukjun89@gmail.com>
 Pat Alwell <pat.alwell@gmail.com>
 Patrick DeVivo <patrick.devivo@gmail.com>
 Patrick Marabeas <patrick@marabeas.io>
+Patrik Nordlén <patriki@gmail.com>
 Pavel Dvoinos <pavel.dvoinos@transferwise.com>
 Pavel Shtanko <pavel.shtanko@gmail.com>
 Pete Wagner <thepwagner@github.com>
@@ -323,6 +365,7 @@ Quinn Slack <qslack@qslack.com>
 Rackspace US, Inc.
 Radek Simko <radek.simko@gmail.com>
 Radliński Ignacy <radlinsk@student.agh.edu.pl>
+Rafael Aramizu Gomes <rafael.aramizu@mercadolivre.com>
 Rajat Jindal <rajatjindal83@gmail.com>
 Rajendra arora <rajendraarora16@yahoo.com>
 Rajkumar <princegosavi12@gmail.com>
@@ -351,6 +394,7 @@ Ryo Nakao <nakabonne@gmail.com>
 Saaarah <sarah.liusy@gmail.com>
 Safwan Olaimat <safwan.olaimat@gmail.com>
 Sahil Dua <sahildua2305@gmail.com>
+Sai Ravi Teja Chintakrindi <srt2712@gmail.com>
 saisi <saisi@users.noreply.github.com>
 Sam Minnée <sam@silverstripe.com>
 Sandeep Sukhani <sandeep.d.sukhani@gmail.com>
@@ -377,6 +421,7 @@ Sho Okada <shokada3@gmail.com>
 Shrikrishna Singh <krishnasingh.ss30@gmail.com>
 Simon Davis <sdavis@hashicorp.com>
 sona-tar <sona.zip@gmail.com>
+soniachikh <sonia.chikh@gmail.com>
 SoundCloud, Ltd.
 Sridhar Mocherla <srmocher@microsoft.com>
 SriVignessh Pss <sriknowledge@gmail.com>
@@ -387,6 +432,7 @@ Suhaib Mujahid <suhaibmujahid@gmail.com>
 sushmita wable <sw09007@gmail.com>
 Szymon Kodrebski <simonkey007@gmail.com>
 Søren Hansen <soren@dinero.dk>
+T.J. Corrigan <tjcorr@github.com>
 Takashi Yoneuchi <takashi.yoneuchi@shift-js.info>
 Takayuki Watanabe <takanabe.w@gmail.com>
 Taketoshi Fujiwara <fujiwara@leapmind.io>
@@ -398,6 +444,7 @@ Theofilos Petsios <theofilos.pe@gmail.com>
 Thomas Aidan Curran <thomas@ory.sh>
 Thomas Bruyelle <thomas.bruyelle@gmail.com>
 Tim Rogers <timrogers@github.com>
+Timothy O'Brien <obrien.timothy.a@gmail.com>
 Timothée Peignier <timothee.peignier@tryphon.org>
 Tingluo Huang <tingluohuang@github.com>
 tkhandel <tarunkhandelwal.iitr@gmail.com>
@@ -410,11 +457,15 @@ Vaibhav Singh <vaibhav.singh.14cse@bml.edu.in>
 Varadarajan Aravamudhan <varadaraajan@gmail.com>
 Victor Castell <victor@victorcastell.com>
 Victor Vrantchan <vrancean+github@gmail.com>
+Victory Osikwemhe <osikwemhev@gmail.com>
 vikkyomkar <vikky.omkar@samsung.com>
+Vivek <y.vivekanand@gmail.com>
 Vlad Ungureanu <vladu@palantir.com>
 Wasim Thabraze <wasim@thabraze.me>
 Weslei Juan Moser Pereira <wesleimsr@gmail.com>
+Wheeler Law <wheeler.law@outlook.com>
 Will Maier <wcmaier@gmail.com>
+Will Norris <will@tailscale.com>
 Willem D'Haeseleer <dhwillem@gmail.com>
 William Bailey <mail@williambailey.org.uk>
 William Cooke <pipeston@gmail.com>
@@ -422,12 +473,15 @@ Xabi <xmartinez1702@gmail.com>
 xibz <impactbchang@gmail.com>
 Yann Malet <yann.malet@gmail.com>
 Yannick Utard <yannickutard@gmail.com>
+Yarden Shoham <git@yardenshoham.com>
 Yicheng Qin <qycqycqycqycqyc@gmail.com>
 Yosuke Akatsuka <yosuke.akatsuka@access-company.com>
 Yumikiyo Osanai <yumios.art@gmail.com>
+Yurii Soldak <ysoldak@gmail.com>
 Yusef Mohamadi <yuseferi@gmail.com>
 Yusuke Kuoka <ykuoka@gmail.com>
 Zach Latta <zach@zachlatta.com>
 zhouhaibing089 <zhouhaibing089@gmail.com>
 六开箱 <lkxed@outlook.com>
 缘生 <i@ysicing.me>
+蒋航 <hang.jiang@daocloud.io>
diff --git a/vendor/github.com/google/go-github/v50/LICENSE b/vendor/github.com/google/go-github/v55/LICENSE
similarity index 100%
rename from vendor/github.com/google/go-github/v50/LICENSE
rename to vendor/github.com/google/go-github/v55/LICENSE
diff --git a/vendor/github.com/google/go-github/v50/github/actions.go b/vendor/github.com/google/go-github/v55/github/actions.go
similarity index 100%
rename from vendor/github.com/google/go-github/v50/github/actions.go
rename to vendor/github.com/google/go-github/v55/github/actions.go
diff --git a/vendor/github.com/google/go-github/v50/github/actions_artifacts.go b/vendor/github.com/google/go-github/v55/github/actions_artifacts.go
similarity index 100%
rename from vendor/github.com/google/go-github/v50/github/actions_artifacts.go
rename to vendor/github.com/google/go-github/v55/github/actions_artifacts.go
diff --git a/vendor/github.com/google/go-github/v50/github/actions_cache.go b/vendor/github.com/google/go-github/v55/github/actions_cache.go
similarity index 100%
rename from vendor/github.com/google/go-github/v50/github/actions_cache.go
rename to vendor/github.com/google/go-github/v55/github/actions_cache.go
diff --git a/vendor/github.com/google/go-github/v50/github/actions_oidc.go b/vendor/github.com/google/go-github/v55/github/actions_oidc.go
similarity index 100%
rename from vendor/github.com/google/go-github/v50/github/actions_oidc.go
rename to vendor/github.com/google/go-github/v55/github/actions_oidc.go
diff --git a/vendor/github.com/google/go-github/v55/github/actions_required_workflows.go b/vendor/github.com/google/go-github/v55/github/actions_required_workflows.go
new file mode 100644
index 000000000..3566eb9d2
--- /dev/null
+++ b/vendor/github.com/google/go-github/v55/github/actions_required_workflows.go
@@ -0,0 +1,247 @@
+// Copyright 2023 The go-github AUTHORS. All rights reserved.
+//
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package github
+
+import (
+	"context"
+	"fmt"
+)
+
+// OrgRequiredWorkflow represents a required workflow object at the org level.
+type OrgRequiredWorkflow struct {
+	ID                      *int64      `json:"id,omitempty"`
+	Name                    *string     `json:"name,omitempty"`
+	Path                    *string     `json:"path,omitempty"`
+	Scope                   *string     `json:"scope,omitempty"`
+	Ref                     *string     `json:"ref,omitempty"`
+	State                   *string     `json:"state,omitempty"`
+	SelectedRepositoriesURL *string     `json:"selected_repositories_url,omitempty"`
+	CreatedAt               *Timestamp  `json:"created_at,omitempty"`
+	UpdatedAt               *Timestamp  `json:"updated_at,omitempty"`
+	Repository              *Repository `json:"repository,omitempty"`
+}
+
+// OrgRequiredWorkflows represents the required workflows for the org.
+type OrgRequiredWorkflows struct {
+	TotalCount        *int                   `json:"total_count,omitempty"`
+	RequiredWorkflows []*OrgRequiredWorkflow `json:"required_workflows,omitempty"`
+}
+
+// CreateUpdateRequiredWorkflowOptions represents the input object used to create or update required workflows.
+type CreateUpdateRequiredWorkflowOptions struct {
+	WorkflowFilePath      *string          `json:"workflow_file_path,omitempty"`
+	RepositoryID          *int64           `json:"repository_id,omitempty"`
+	Scope                 *string          `json:"scope,omitempty"`
+	SelectedRepositoryIDs *SelectedRepoIDs `json:"selected_repository_ids,omitempty"`
+}
+
+// RequiredWorkflowSelectedRepos represents the repos that a required workflow is applied to.
+type RequiredWorkflowSelectedRepos struct {
+	TotalCount   *int          `json:"total_count,omitempty"`
+	Repositories []*Repository `json:"repositories,omitempty"`
+}
+
+// RepoRequiredWorkflow represents a required workflow object at the repo level.
+type RepoRequiredWorkflow struct {
+	ID               *int64      `json:"id,omitempty"`
+	NodeID           *string     `json:"node_id,omitempty"`
+	Name             *string     `json:"name,omitempty"`
+	Path             *string     `json:"path,omitempty"`
+	State            *string     `json:"state,omitempty"`
+	URL              *string     `json:"url,omitempty"`
+	HTMLURL          *string     `json:"html_url,omitempty"`
+	BadgeURL         *string     `json:"badge_url,omitempty"`
+	CreatedAt        *Timestamp  `json:"created_at,omitempty"`
+	UpdatedAt        *Timestamp  `json:"updated_at,omitempty"`
+	SourceRepository *Repository `json:"source_repository,omitempty"`
+}
+
+// RepoRequiredWorkflows represents the required workflows for a repo.
+type RepoRequiredWorkflows struct {
+	TotalCount        *int                    `json:"total_count,omitempty"`
+	RequiredWorkflows []*RepoRequiredWorkflow `json:"required_workflows,omitempty"`
+}
+
+// ListOrgRequiredWorkflows lists the RequiredWorkflows for an org.
+//
+// GitHub API docs: https://docs.github.com/en/rest/actions/required-workflows?apiVersion=2022-11-28#list-required-workflows
+func (s *ActionsService) ListOrgRequiredWorkflows(ctx context.Context, org string, opts *ListOptions) (*OrgRequiredWorkflows, *Response, error) {
+	url := fmt.Sprintf("orgs/%v/actions/required_workflows", org)
+	u, err := addOptions(url, opts)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	req, err := s.client.NewRequest("GET", u, nil)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	requiredWorkflows := new(OrgRequiredWorkflows)
+	resp, err := s.client.Do(ctx, req, &requiredWorkflows)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return requiredWorkflows, resp, nil
+}
+
+// CreateRequiredWorkflow creates the required workflow in an org.
+//
+// GitHub API docs: https://docs.github.com/en/rest/actions/required-workflows?apiVersion=2022-11-28#create-a-required-workflow
+func (s *ActionsService) CreateRequiredWorkflow(ctx context.Context, org string, createRequiredWorkflowOptions *CreateUpdateRequiredWorkflowOptions) (*OrgRequiredWorkflow, *Response, error) {
+	url := fmt.Sprintf("orgs/%v/actions/required_workflows", org)
+	req, err := s.client.NewRequest("POST", url, createRequiredWorkflowOptions)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	orgRequiredWorkflow := new(OrgRequiredWorkflow)
+	resp, err := s.client.Do(ctx, req, orgRequiredWorkflow)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return orgRequiredWorkflow, resp, nil
+}
+
+// GetRequiredWorkflowByID get the RequiredWorkflows for an org by its ID.
+//
+// GitHub API docs: https://docs.github.com/en/rest/actions/required-workflows?apiVersion=2022-11-28#list-required-workflows
+func (s *ActionsService) GetRequiredWorkflowByID(ctx context.Context, owner string, requiredWorkflowID int64) (*OrgRequiredWorkflow, *Response, error) {
+	u := fmt.Sprintf("orgs/%v/actions/required_workflows/%v", owner, requiredWorkflowID)
+
+	req, err := s.client.NewRequest("GET", u, nil)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	requiredWorkflow := new(OrgRequiredWorkflow)
+	resp, err := s.client.Do(ctx, req, &requiredWorkflow)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return requiredWorkflow, resp, nil
+}
+
+// UpdateRequiredWorkflow updates a required workflow in an org.
+//
+// GitHub API docs: https://docs.github.com/en/rest/actions/required-workflows?apiVersion=2022-11-28#update-a-required-workflow
+func (s *ActionsService) UpdateRequiredWorkflow(ctx context.Context, org string, requiredWorkflowID int64, updateRequiredWorkflowOptions *CreateUpdateRequiredWorkflowOptions) (*OrgRequiredWorkflow, *Response, error) {
+	url := fmt.Sprintf("orgs/%v/actions/required_workflows/%v", org, requiredWorkflowID)
+	req, err := s.client.NewRequest("PATCH", url, updateRequiredWorkflowOptions)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	orgRequiredWorkflow := new(OrgRequiredWorkflow)
+	resp, err := s.client.Do(ctx, req, orgRequiredWorkflow)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return orgRequiredWorkflow, resp, nil
+}
+
+// DeleteRequiredWorkflow deletes a required workflow in an org.
+//
+// GitHub API docs: https://docs.github.com/en/rest/actions/required-workflows?apiVersion=2022-11-28#update-a-required-workflow
+func (s *ActionsService) DeleteRequiredWorkflow(ctx context.Context, org string, requiredWorkflowID int64) (*Response, error) {
+	url := fmt.Sprintf("orgs/%v/actions/required_workflows/%v", org, requiredWorkflowID)
+	req, err := s.client.NewRequest("DELETE", url, nil)
+	if err != nil {
+		return nil, err
+	}
+	return s.client.Do(ctx, req, nil)
+}
+
+// ListRequiredWorkflowSelectedRepos lists the Repositories selected for a workflow.
+//
+// GitHub API docs: https://docs.github.com/en/rest/actions/required-workflows?apiVersion=2022-11-28#list-selected-repositories-for-a-required-workflow
+func (s *ActionsService) ListRequiredWorkflowSelectedRepos(ctx context.Context, org string, requiredWorkflowID int64, opts *ListOptions) (*RequiredWorkflowSelectedRepos, *Response, error) {
+	url := fmt.Sprintf("orgs/%v/actions/required_workflows/%v/repositories", org, requiredWorkflowID)
+	u, err := addOptions(url, opts)
+	if err != nil {
+		return nil, nil, err
+	}
+	req, err := s.client.NewRequest("GET", u, nil)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	requiredWorkflowRepos := new(RequiredWorkflowSelectedRepos)
+	resp, err := s.client.Do(ctx, req, &requiredWorkflowRepos)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return requiredWorkflowRepos, resp, nil
+}
+
+// SetRequiredWorkflowSelectedRepos sets the Repositories selected for a workflow.
+//
+// GitHub API docs: https://docs.github.com/en/rest/actions/required-workflows?apiVersion=2022-11-28#sets-repositories-for-a-required-workflow
+func (s *ActionsService) SetRequiredWorkflowSelectedRepos(ctx context.Context, org string, requiredWorkflowID int64, ids SelectedRepoIDs) (*Response, error) {
+	type repoIDs struct {
+		SelectedIDs SelectedRepoIDs `json:"selected_repository_ids"`
+	}
+	url := fmt.Sprintf("orgs/%v/actions/required_workflows/%v/repositories", org, requiredWorkflowID)
+	req, err := s.client.NewRequest("PUT", url, repoIDs{SelectedIDs: ids})
+	if err != nil {
+		return nil, err
+	}
+
+	return s.client.Do(ctx, req, nil)
+}
+
+// AddRepoToRequiredWorkflow adds the Repository to a required workflow.
+//
+// GitHub API docs: https://docs.github.com/en/rest/actions/required-workflows?apiVersion=2022-11-28#add-a-repository-to-a-required-workflow
+func (s *ActionsService) AddRepoToRequiredWorkflow(ctx context.Context, org string, requiredWorkflowID, repoID int64) (*Response, error) {
+	url := fmt.Sprintf("orgs/%v/actions/required_workflows/%v/repositories/%v", org, requiredWorkflowID, repoID)
+	req, err := s.client.NewRequest("PUT", url, nil)
+	if err != nil {
+		return nil, err
+	}
+	return s.client.Do(ctx, req, nil)
+}
+
+// RemoveRepoFromRequiredWorkflow removes the Repository from a required workflow.
+//
+// GitHub API docs: https://docs.github.com/en/rest/actions/required-workflows?apiVersion=2022-11-28#add-a-repository-to-a-required-workflow
+func (s *ActionsService) RemoveRepoFromRequiredWorkflow(ctx context.Context, org string, requiredWorkflowID, repoID int64) (*Response, error) {
+	url := fmt.Sprintf("orgs/%v/actions/required_workflows/%v/repositories/%v", org, requiredWorkflowID, repoID)
+	req, err := s.client.NewRequest("DELETE", url, nil)
+	if err != nil {
+		return nil, err
+	}
+	return s.client.Do(ctx, req, nil)
+}
+
+// ListRepoRequiredWorkflows lists the RequiredWorkflows for a repo.
+//
+// Github API docs:https://docs.github.com/en/rest/actions/required-workflows?apiVersion=2022-11-28#list-repository-required-workflows
+func (s *ActionsService) ListRepoRequiredWorkflows(ctx context.Context, owner, repo string, opts *ListOptions) (*RepoRequiredWorkflows, *Response, error) {
+	url := fmt.Sprintf("repos/%v/%v/actions/required_workflows", owner, repo)
+	u, err := addOptions(url, opts)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	req, err := s.client.NewRequest("GET", u, nil)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	requiredWorkflows := new(RepoRequiredWorkflows)
+	resp, err := s.client.Do(ctx, req, &requiredWorkflows)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return requiredWorkflows, resp, nil
+}
diff --git a/vendor/github.com/google/go-github/v50/github/actions_runner_groups.go b/vendor/github.com/google/go-github/v55/github/actions_runner_groups.go
similarity index 100%
rename from vendor/github.com/google/go-github/v50/github/actions_runner_groups.go
rename to vendor/github.com/google/go-github/v55/github/actions_runner_groups.go
diff --git a/vendor/github.com/google/go-github/v50/github/actions_runners.go b/vendor/github.com/google/go-github/v55/github/actions_runners.go
similarity index 85%
rename from vendor/github.com/google/go-github/v50/github/actions_runners.go
rename to vendor/github.com/google/go-github/v55/github/actions_runners.go
index 40c6be3a9..7427451cc 100644
--- a/vendor/github.com/google/go-github/v50/github/actions_runners.go
+++ b/vendor/github.com/google/go-github/v55/github/actions_runners.go
@@ -45,6 +45,61 @@ func (s *ActionsService) ListRunnerApplicationDownloads(ctx context.Context, own
 	return rads, resp, nil
 }
 
+// GenerateJITConfigRequest specifies body parameters to GenerateRepoJITConfig.
+type GenerateJITConfigRequest struct {
+	Name          string  `json:"name"`
+	RunnerGroupID int64   `json:"runner_group_id"`
+	WorkFolder    *string `json:"work_folder,omitempty"`
+
+	// Labels represents the names of the custom labels to add to the runner.
+	// Minimum items: 1. Maximum items: 100.
+	Labels []string `json:"labels"`
+}
+
+// JITRunnerConfig represents encoded JIT configuration that can be used to bootstrap a self-hosted runner.
+type JITRunnerConfig struct {
+	Runner           *Runner `json:"runner,omitempty"`
+	EncodedJITConfig *string `json:"encoded_jit_config,omitempty"`
+}
+
+// GenerateOrgJITConfig generate a just-in-time configuration for an organization.
+//
+// GitHub API docs: https://docs.github.com/en/rest/actions/self-hosted-runners?apiVersion=2022-11-28#create-configuration-for-a-just-in-time-runner-for-an-organization
+func (s *ActionsService) GenerateOrgJITConfig(ctx context.Context, owner string, request *GenerateJITConfigRequest) (*JITRunnerConfig, *Response, error) {
+	u := fmt.Sprintf("orgs/%v/actions/runners/generate-jitconfig", owner)
+	req, err := s.client.NewRequest("POST", u, request)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	jitConfig := new(JITRunnerConfig)
+	resp, err := s.client.Do(ctx, req, jitConfig)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return jitConfig, resp, nil
+}
+
+// GenerateRepoJITConfig generates a just-in-time configuration for a repository.
+//
+// GitHub API docs: https://docs.github.com/en/rest/actions/self-hosted-runners?apiVersion=2022-11-28#create-configuration-for-a-just-in-time-runner-for-a-repository
+func (s *ActionsService) GenerateRepoJITConfig(ctx context.Context, owner, repo string, request *GenerateJITConfigRequest) (*JITRunnerConfig, *Response, error) {
+	u := fmt.Sprintf("repos/%v/%v/actions/runners/generate-jitconfig", owner, repo)
+	req, err := s.client.NewRequest("POST", u, request)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	jitConfig := new(JITRunnerConfig)
+	resp, err := s.client.Do(ctx, req, jitConfig)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return jitConfig, resp, nil
+}
+
 // RegistrationToken represents a token that can be used to add a self-hosted runner to a repository.
 type RegistrationToken struct {
 	Token     *string    `json:"token,omitempty"`
diff --git a/vendor/github.com/google/go-github/v50/github/actions_secrets.go b/vendor/github.com/google/go-github/v55/github/actions_secrets.go
similarity index 100%
rename from vendor/github.com/google/go-github/v50/github/actions_secrets.go
rename to vendor/github.com/google/go-github/v55/github/actions_secrets.go
diff --git a/vendor/github.com/google/go-github/v50/github/actions_variables.go b/vendor/github.com/google/go-github/v55/github/actions_variables.go
similarity index 100%
rename from vendor/github.com/google/go-github/v50/github/actions_variables.go
rename to vendor/github.com/google/go-github/v55/github/actions_variables.go
diff --git a/vendor/github.com/google/go-github/v50/github/actions_workflow_jobs.go b/vendor/github.com/google/go-github/v55/github/actions_workflow_jobs.go
similarity index 98%
rename from vendor/github.com/google/go-github/v50/github/actions_workflow_jobs.go
rename to vendor/github.com/google/go-github/v55/github/actions_workflow_jobs.go
index b7130916f..1f018b3e4 100644
--- a/vendor/github.com/google/go-github/v50/github/actions_workflow_jobs.go
+++ b/vendor/github.com/google/go-github/v55/github/actions_workflow_jobs.go
@@ -28,6 +28,7 @@ type WorkflowJob struct {
 	RunID       *int64      `json:"run_id,omitempty"`
 	RunURL      *string     `json:"run_url,omitempty"`
 	NodeID      *string     `json:"node_id,omitempty"`
+	HeadBranch  *string     `json:"head_branch,omitempty"`
 	HeadSHA     *string     `json:"head_sha,omitempty"`
 	URL         *string     `json:"url,omitempty"`
 	HTMLURL     *string     `json:"html_url,omitempty"`
diff --git a/vendor/github.com/google/go-github/v50/github/actions_workflow_runs.go b/vendor/github.com/google/go-github/v55/github/actions_workflow_runs.go
similarity index 89%
rename from vendor/github.com/google/go-github/v50/github/actions_workflow_runs.go
rename to vendor/github.com/google/go-github/v55/github/actions_workflow_runs.go
index 0cda90d41..002210861 100644
--- a/vendor/github.com/google/go-github/v50/github/actions_workflow_runs.go
+++ b/vendor/github.com/google/go-github/v55/github/actions_workflow_runs.go
@@ -22,6 +22,7 @@ type WorkflowRun struct {
 	RunNumber          *int           `json:"run_number,omitempty"`
 	RunAttempt         *int           `json:"run_attempt,omitempty"`
 	Event              *string        `json:"event,omitempty"`
+	DisplayTitle       *string        `json:"display_title,omitempty"`
 	Status             *string        `json:"status,omitempty"`
 	Conclusion         *string        `json:"conclusion,omitempty"`
 	WorkflowID         *int64         `json:"workflow_id,omitempty"`
@@ -45,6 +46,7 @@ type WorkflowRun struct {
 	Repository         *Repository    `json:"repository,omitempty"`
 	HeadRepository     *Repository    `json:"head_repository,omitempty"`
 	Actor              *User          `json:"actor,omitempty"`
+	TriggeringActor    *User          `json:"triggering_actor,omitempty"`
 }
 
 // WorkflowRuns represents a slice of repository action workflow run.
@@ -55,12 +57,14 @@ type WorkflowRuns struct {
 
 // ListWorkflowRunsOptions specifies optional parameters to ListWorkflowRuns.
 type ListWorkflowRunsOptions struct {
-	Actor   string `url:"actor,omitempty"`
-	Branch  string `url:"branch,omitempty"`
-	Event   string `url:"event,omitempty"`
-	Status  string `url:"status,omitempty"`
-	Created string `url:"created,omitempty"`
-	HeadSHA string `url:"head_sha,omitempty"`
+	Actor               string `url:"actor,omitempty"`
+	Branch              string `url:"branch,omitempty"`
+	Event               string `url:"event,omitempty"`
+	Status              string `url:"status,omitempty"`
+	Created             string `url:"created,omitempty"`
+	HeadSHA             string `url:"head_sha,omitempty"`
+	ExcludePullRequests bool   `url:"exclude_pull_requests,omitempty"`
+	CheckSuiteID        int64  `url:"check_suite_id,omitempty"`
 	ListOptions
 }
 
@@ -204,6 +208,26 @@ func (s *ActionsService) GetWorkflowRunAttempt(ctx context.Context, owner, repo
 	return run, resp, nil
 }
 
+// GetWorkflowRunAttemptLogs gets a redirect URL to download a plain text file of logs for a workflow run for attempt number.
+//
+// GitHub API docs: https://docs.github.com/en/rest/actions/workflow-runs#download-workflow-run-attempt-logs
+func (s *ActionsService) GetWorkflowRunAttemptLogs(ctx context.Context, owner, repo string, runID int64, attemptNumber int, followRedirects bool) (*url.URL, *Response, error) {
+	u := fmt.Sprintf("repos/%v/%v/actions/runs/%v/attempts/%v/logs", owner, repo, runID, attemptNumber)
+
+	resp, err := s.client.roundTripWithOptionalFollowRedirect(ctx, u, followRedirects)
+	if err != nil {
+		return nil, nil, err
+	}
+	defer resp.Body.Close()
+
+	if resp.StatusCode != http.StatusFound {
+		return nil, newResponse(resp), fmt.Errorf("unexpected status code: %s", resp.Status)
+	}
+
+	parsedURL, err := url.Parse(resp.Header.Get("Location"))
+	return parsedURL, newResponse(resp), err
+}
+
 // RerunWorkflowByID re-runs a workflow by ID.
 //
 // GitHub API docs: https://docs.github.com/en/rest/actions/workflow-runs#re-run-a-workflow
diff --git a/vendor/github.com/google/go-github/v50/github/actions_workflows.go b/vendor/github.com/google/go-github/v55/github/actions_workflows.go
similarity index 100%
rename from vendor/github.com/google/go-github/v50/github/actions_workflows.go
rename to vendor/github.com/google/go-github/v55/github/actions_workflows.go
diff --git a/vendor/github.com/google/go-github/v50/github/activity.go b/vendor/github.com/google/go-github/v55/github/activity.go
similarity index 100%
rename from vendor/github.com/google/go-github/v50/github/activity.go
rename to vendor/github.com/google/go-github/v55/github/activity.go
diff --git a/vendor/github.com/google/go-github/v50/github/activity_events.go b/vendor/github.com/google/go-github/v55/github/activity_events.go
similarity index 100%
rename from vendor/github.com/google/go-github/v50/github/activity_events.go
rename to vendor/github.com/google/go-github/v55/github/activity_events.go
diff --git a/vendor/github.com/google/go-github/v50/github/activity_notifications.go b/vendor/github.com/google/go-github/v55/github/activity_notifications.go
similarity index 100%
rename from vendor/github.com/google/go-github/v50/github/activity_notifications.go
rename to vendor/github.com/google/go-github/v55/github/activity_notifications.go
diff --git a/vendor/github.com/google/go-github/v50/github/activity_star.go b/vendor/github.com/google/go-github/v55/github/activity_star.go
similarity index 100%
rename from vendor/github.com/google/go-github/v50/github/activity_star.go
rename to vendor/github.com/google/go-github/v55/github/activity_star.go
diff --git a/vendor/github.com/google/go-github/v50/github/activity_watching.go b/vendor/github.com/google/go-github/v55/github/activity_watching.go
similarity index 100%
rename from vendor/github.com/google/go-github/v50/github/activity_watching.go
rename to vendor/github.com/google/go-github/v55/github/activity_watching.go
diff --git a/vendor/github.com/google/go-github/v50/github/admin.go b/vendor/github.com/google/go-github/v55/github/admin.go
similarity index 100%
rename from vendor/github.com/google/go-github/v50/github/admin.go
rename to vendor/github.com/google/go-github/v55/github/admin.go
diff --git a/vendor/github.com/google/go-github/v50/github/admin_orgs.go b/vendor/github.com/google/go-github/v55/github/admin_orgs.go
similarity index 100%
rename from vendor/github.com/google/go-github/v50/github/admin_orgs.go
rename to vendor/github.com/google/go-github/v55/github/admin_orgs.go
diff --git a/vendor/github.com/google/go-github/v50/github/admin_stats.go b/vendor/github.com/google/go-github/v55/github/admin_stats.go
similarity index 99%
rename from vendor/github.com/google/go-github/v50/github/admin_stats.go
rename to vendor/github.com/google/go-github/v55/github/admin_stats.go
index ef294f447..17e568f62 100644
--- a/vendor/github.com/google/go-github/v50/github/admin_stats.go
+++ b/vendor/github.com/google/go-github/v55/github/admin_stats.go
@@ -7,7 +7,6 @@ package github
 
 import (
 	"context"
-	"fmt"
 )
 
 // AdminStats represents a variety of stats of a GitHub Enterprise
@@ -155,7 +154,7 @@ func (s RepoStats) String() string {
 //
 // GitHub API docs: https://docs.github.com/en/rest/enterprise-admin/admin_stats/
 func (s *AdminService) GetAdminStats(ctx context.Context) (*AdminStats, *Response, error) {
-	u := fmt.Sprintf("enterprise/stats/all")
+	u := "enterprise/stats/all"
 	req, err := s.client.NewRequest("GET", u, nil)
 	if err != nil {
 		return nil, nil, err
diff --git a/vendor/github.com/google/go-github/v50/github/admin_users.go b/vendor/github.com/google/go-github/v55/github/admin_users.go
similarity index 100%
rename from vendor/github.com/google/go-github/v50/github/admin_users.go
rename to vendor/github.com/google/go-github/v55/github/admin_users.go
diff --git a/vendor/github.com/google/go-github/v50/github/apps.go b/vendor/github.com/google/go-github/v55/github/apps.go
similarity index 93%
rename from vendor/github.com/google/go-github/v50/github/apps.go
rename to vendor/github.com/google/go-github/v55/github/apps.go
index e1d9aadaf..ab83d59ab 100644
--- a/vendor/github.com/google/go-github/v50/github/apps.go
+++ b/vendor/github.com/google/go-github/v55/github/apps.go
@@ -18,18 +18,19 @@ type AppsService service
 
 // App represents a GitHub App.
 type App struct {
-	ID          *int64                   `json:"id,omitempty"`
-	Slug        *string                  `json:"slug,omitempty"`
-	NodeID      *string                  `json:"node_id,omitempty"`
-	Owner       *User                    `json:"owner,omitempty"`
-	Name        *string                  `json:"name,omitempty"`
-	Description *string                  `json:"description,omitempty"`
-	ExternalURL *string                  `json:"external_url,omitempty"`
-	HTMLURL     *string                  `json:"html_url,omitempty"`
-	CreatedAt   *Timestamp               `json:"created_at,omitempty"`
-	UpdatedAt   *Timestamp               `json:"updated_at,omitempty"`
-	Permissions *InstallationPermissions `json:"permissions,omitempty"`
-	Events      []string                 `json:"events,omitempty"`
+	ID                 *int64                   `json:"id,omitempty"`
+	Slug               *string                  `json:"slug,omitempty"`
+	NodeID             *string                  `json:"node_id,omitempty"`
+	Owner              *User                    `json:"owner,omitempty"`
+	Name               *string                  `json:"name,omitempty"`
+	Description        *string                  `json:"description,omitempty"`
+	ExternalURL        *string                  `json:"external_url,omitempty"`
+	HTMLURL            *string                  `json:"html_url,omitempty"`
+	CreatedAt          *Timestamp               `json:"created_at,omitempty"`
+	UpdatedAt          *Timestamp               `json:"updated_at,omitempty"`
+	Permissions        *InstallationPermissions `json:"permissions,omitempty"`
+	Events             []string                 `json:"events,omitempty"`
+	InstallationsCount *int                     `json:"installations_count,omitempty"`
 }
 
 // InstallationToken represents an installation token.
diff --git a/vendor/github.com/google/go-github/v50/github/apps_hooks.go b/vendor/github.com/google/go-github/v55/github/apps_hooks.go
similarity index 100%
rename from vendor/github.com/google/go-github/v50/github/apps_hooks.go
rename to vendor/github.com/google/go-github/v55/github/apps_hooks.go
diff --git a/vendor/github.com/google/go-github/v50/github/apps_hooks_deliveries.go b/vendor/github.com/google/go-github/v55/github/apps_hooks_deliveries.go
similarity index 100%
rename from vendor/github.com/google/go-github/v50/github/apps_hooks_deliveries.go
rename to vendor/github.com/google/go-github/v55/github/apps_hooks_deliveries.go
diff --git a/vendor/github.com/google/go-github/v50/github/apps_installation.go b/vendor/github.com/google/go-github/v55/github/apps_installation.go
similarity index 100%
rename from vendor/github.com/google/go-github/v50/github/apps_installation.go
rename to vendor/github.com/google/go-github/v55/github/apps_installation.go
diff --git a/vendor/github.com/google/go-github/v50/github/apps_manifest.go b/vendor/github.com/google/go-github/v55/github/apps_manifest.go
similarity index 100%
rename from vendor/github.com/google/go-github/v50/github/apps_manifest.go
rename to vendor/github.com/google/go-github/v55/github/apps_manifest.go
diff --git a/vendor/github.com/google/go-github/v50/github/apps_marketplace.go b/vendor/github.com/google/go-github/v55/github/apps_marketplace.go
similarity index 100%
rename from vendor/github.com/google/go-github/v50/github/apps_marketplace.go
rename to vendor/github.com/google/go-github/v55/github/apps_marketplace.go
diff --git a/vendor/github.com/google/go-github/v50/github/authorizations.go b/vendor/github.com/google/go-github/v55/github/authorizations.go
similarity index 100%
rename from vendor/github.com/google/go-github/v50/github/authorizations.go
rename to vendor/github.com/google/go-github/v55/github/authorizations.go
diff --git a/vendor/github.com/google/go-github/v50/github/billing.go b/vendor/github.com/google/go-github/v55/github/billing.go
similarity index 95%
rename from vendor/github.com/google/go-github/v50/github/billing.go
rename to vendor/github.com/google/go-github/v55/github/billing.go
index 2900a0167..7a76bf86f 100644
--- a/vendor/github.com/google/go-github/v50/github/billing.go
+++ b/vendor/github.com/google/go-github/v55/github/billing.go
@@ -120,9 +120,14 @@ func (s *BillingService) GetStorageBillingOrg(ctx context.Context, org string) (
 
 // GetAdvancedSecurityActiveCommittersOrg returns the GitHub Advanced Security active committers for an organization per repository.
 //
-// GitHub API docs: https://docs.github.com/en/rest/billing#get-github-advanced-security-active-committers-for-an-organization
-func (s *BillingService) GetAdvancedSecurityActiveCommittersOrg(ctx context.Context, org string) (*ActiveCommitters, *Response, error) {
+// GitHub API docs: https://docs.github.com/en/enterprise-cloud@latest/rest/billing?apiVersion=2022-11-28#get-github-advanced-security-active-committers-for-an-organization
+func (s *BillingService) GetAdvancedSecurityActiveCommittersOrg(ctx context.Context, org string, opts *ListOptions) (*ActiveCommitters, *Response, error) {
 	u := fmt.Sprintf("orgs/%v/settings/billing/advanced-security", org)
+	u, err := addOptions(u, opts)
+	if err != nil {
+		return nil, nil, err
+	}
+
 	req, err := s.client.NewRequest("GET", u, nil)
 	if err != nil {
 		return nil, nil, err
diff --git a/vendor/github.com/google/go-github/v50/github/checks.go b/vendor/github.com/google/go-github/v55/github/checks.go
similarity index 100%
rename from vendor/github.com/google/go-github/v50/github/checks.go
rename to vendor/github.com/google/go-github/v55/github/checks.go
diff --git a/vendor/github.com/google/go-github/v50/github/code-scanning.go b/vendor/github.com/google/go-github/v55/github/code-scanning.go
similarity index 57%
rename from vendor/github.com/google/go-github/v50/github/code-scanning.go
rename to vendor/github.com/google/go-github/v55/github/code-scanning.go
index 6717348ed..0ae269be6 100644
--- a/vendor/github.com/google/go-github/v50/github/code-scanning.go
+++ b/vendor/github.com/google/go-github/v55/github/code-scanning.go
@@ -48,11 +48,13 @@ type Message struct {
 type MostRecentInstance struct {
 	Ref             *string   `json:"ref,omitempty"`
 	AnalysisKey     *string   `json:"analysis_key,omitempty"`
+	Category        *string   `json:"category,omitempty"`
 	Environment     *string   `json:"environment,omitempty"`
 	State           *string   `json:"state,omitempty"`
 	CommitSHA       *string   `json:"commit_sha,omitempty"`
 	Message         *Message  `json:"message,omitempty"`
 	Location        *Location `json:"location,omitempty"`
+	HTMLURL         *string   `json:"html_url,omitempty"`
 	Classifications []string  `json:"classifications,omitempty"`
 }
 
@@ -113,15 +115,30 @@ func (a *Alert) ID() int64 {
 	return id
 }
 
-// AlertListOptions specifies optional parameters to the CodeScanningService.ListAlerts
-// method.
+// AlertInstancesListOptions specifies optional parameters to the CodeScanningService.ListAlertInstances method.
+type AlertInstancesListOptions struct {
+	// Return code scanning alert instances for a specific branch reference.
+	// The ref can be formatted as refs/heads/<branch name> or simply <branch name>. To reference a pull request use refs/pull/<number>/merge
+	Ref string `url:"ref,omitempty"`
+
+	ListOptions
+}
+
+// AlertListOptions specifies optional parameters to the CodeScanningService.ListAlerts method.
 type AlertListOptions struct {
 	// State of the code scanning alerts to list. Set to closed to list only closed code scanning alerts. Default: open
 	State string `url:"state,omitempty"`
 
-	// Return code scanning alerts for a specific branch reference. The ref must be formatted as heads/<branch name>.
+	// Return code scanning alerts for a specific branch reference.
+	// The ref can be formatted as refs/heads/<branch name> or simply <branch name>. To reference a pull request use refs/pull/<number>/merge
 	Ref string `url:"ref,omitempty"`
 
+	// If specified, only code scanning alerts with this severity will be returned. Possible values are: critical, high, medium, low, warning, note, error.
+	Severity string `url:"severity,omitempty"`
+
+	// The name of a code scanning tool. Only results by this tool will be listed.
+	ToolName string `url:"tool_name,omitempty"`
+
 	ListCursorOptions
 
 	// Add ListOptions so offset pagination with integer type "page" query parameter is accepted
@@ -134,12 +151,28 @@ type AnalysesListOptions struct {
 	// Return code scanning analyses belonging to the same SARIF upload.
 	SarifID *string `url:"sarif_id,omitempty"`
 
-	// Return code scanning analyses for a specific branch reference. The ref can be formatted as refs/heads/<branch name> or simply <branch name>.
+	// Return code scanning analyses for a specific branch reference.
+	// The ref can be formatted as refs/heads/<branch name> or simply <branch name>. To reference a pull request use refs/pull/<number>/merge
 	Ref *string `url:"ref,omitempty"`
 
 	ListOptions
 }
 
+// CodeQLDatabase represents a metadata about the CodeQL database.
+//
+// GitHub API docs: https://docs.github.com/en/rest/code-scanning
+type CodeQLDatabase struct {
+	ID          *int64     `json:"id,omitempty"`
+	Name        *string    `json:"name,omitempty"`
+	Language    *string    `json:"language,omitempty"`
+	Uploader    *User      `json:"uploader,omitempty"`
+	ContentType *string    `json:"content_type,omitempty"`
+	Size        *int64     `json:"size,omitempty"`
+	CreatedAt   *Timestamp `json:"created_at,omitempty"`
+	UpdatedAt   *Timestamp `json:"updated_at,omitempty"`
+	URL         *string    `json:"url,omitempty"`
+}
+
 // ScanningAnalysis represents an individual GitHub Code Scanning ScanningAnalysis on a single repository.
 //
 // GitHub API docs: https://docs.github.com/en/rest/code-scanning
@@ -202,7 +235,7 @@ type SarifID struct {
 // You must use an access token with the security_events scope to use this endpoint. GitHub Apps must have the security_events
 // read permission to use this endpoint.
 //
-// GitHub API docs: https://docs.github.com/en/rest/code-scanning#list-code-scanning-alerts-for-an-organization
+// GitHub API docs: https://docs.github.com/en/rest/code-scanning/code-scanning#list-code-scanning-alerts-for-an-organization
 func (s *CodeScanningService) ListAlertsForOrg(ctx context.Context, org string, opts *AlertListOptions) ([]*Alert, *Response, error) {
 	u := fmt.Sprintf("orgs/%v/code-scanning/alerts", org)
 	u, err := addOptions(u, opts)
@@ -230,7 +263,7 @@ func (s *CodeScanningService) ListAlertsForOrg(ctx context.Context, org string,
 // You must use an access token with the security_events scope to use this endpoint. GitHub Apps must have the security_events
 // read permission to use this endpoint.
 //
-// GitHub API docs: https://docs.github.com/en/rest/code-scanning#list-code-scanning-alerts-for-a-repository
+// GitHub API docs: https://docs.github.com/en/rest/code-scanning/code-scanning#list-code-scanning-alerts-for-a-repository
 func (s *CodeScanningService) ListAlertsForRepo(ctx context.Context, owner, repo string, opts *AlertListOptions) ([]*Alert, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/code-scanning/alerts", owner, repo)
 	u, err := addOptions(u, opts)
@@ -259,7 +292,7 @@ func (s *CodeScanningService) ListAlertsForRepo(ctx context.Context, owner, repo
 //
 // The security alert_id is the number at the end of the security alert's URL.
 //
-// GitHub API docs: https://docs.github.com/en/rest/code-scanning#get-a-code-scanning-alert
+// GitHub API docs: https://docs.github.com/en/rest/code-scanning/code-scanning#get-a-code-scanning-alert
 func (s *CodeScanningService) GetAlert(ctx context.Context, owner, repo string, id int64) (*Alert, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/code-scanning/alerts/%v", owner, repo, id)
 
@@ -302,13 +335,40 @@ func (s *CodeScanningService) UpdateAlert(ctx context.Context, owner, repo strin
 	return a, resp, nil
 }
 
+// ListAlertInstances lists instances of a code scanning alert.
+//
+// You must use an access token with the security_events scope to use this endpoint.
+// GitHub Apps must have the security_events read permission to use this endpoint.
+//
+// GitHub API docs: https://docs.github.com/en/rest/code-scanning/code-scanning#list-instances-of-a-code-scanning-alert
+func (s *CodeScanningService) ListAlertInstances(ctx context.Context, owner, repo string, id int64, opts *AlertInstancesListOptions) ([]*MostRecentInstance, *Response, error) {
+	u := fmt.Sprintf("repos/%v/%v/code-scanning/alerts/%v/instances", owner, repo, id)
+	u, err := addOptions(u, opts)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	req, err := s.client.NewRequest("GET", u, nil)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	var alertInstances []*MostRecentInstance
+	resp, err := s.client.Do(ctx, req, &alertInstances)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return alertInstances, resp, nil
+}
+
 // UploadSarif uploads the result of code scanning job to GitHub.
 //
 // For the parameter sarif, you must first compress your SARIF file using gzip and then translate the contents of the file into a Base64 encoding string.
 // You must use an access token with the security_events scope to use this endpoint. GitHub Apps must have the security_events
 // write permission to use this endpoint.
 //
-// GitHub API docs: https://docs.github.com/en/rest/code-scanning#upload-an-analysis-as-sarif-data
+// GitHub API docs: https://docs.github.com/en/rest/code-scanning/code-scanning#upload-an-analysis-as-sarif-data
 func (s *CodeScanningService) UploadSarif(ctx context.Context, owner, repo string, sarif *SarifAnalysis) (*SarifID, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/code-scanning/sarifs", owner, repo)
 
@@ -326,13 +386,45 @@ func (s *CodeScanningService) UploadSarif(ctx context.Context, owner, repo strin
 	return sarifID, resp, nil
 }
 
+// SARIFUpload represents information about a SARIF upload.
+type SARIFUpload struct {
+	// `pending` files have not yet been processed, while `complete` means results from the SARIF have been stored.
+	// `failed` files have either not been processed at all, or could only be partially processed.
+	ProcessingStatus *string `json:"processing_status,omitempty"`
+	// The REST API URL for getting the analyses associated with the upload.
+	AnalysesURL *string `json:"analyses_url,omitempty"`
+}
+
+// GetSARIF gets information about a SARIF upload.
+//
+// You must use an access token with the security_events scope to use this endpoint.
+// GitHub Apps must have the security_events read permission to use this endpoint.
+//
+// GitHub API docs: https://docs.github.com/en/rest/code-scanning/code-scanning#get-information-about-a-sarif-upload
+func (s *CodeScanningService) GetSARIF(ctx context.Context, owner, repo, sarifID string) (*SARIFUpload, *Response, error) {
+	u := fmt.Sprintf("repos/%v/%v/code-scanning/sarifs/%v", owner, repo, sarifID)
+
+	req, err := s.client.NewRequest("GET", u, nil)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	sarifUpload := new(SARIFUpload)
+	resp, err := s.client.Do(ctx, req, sarifUpload)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return sarifUpload, resp, nil
+}
+
 // ListAnalysesForRepo lists code scanning analyses for a repository.
 //
 // Lists the details of all code scanning analyses for a repository, starting with the most recent.
 // You must use an access token with the security_events scope to use this endpoint.
 // GitHub Apps must have the security_events read permission to use this endpoint.
 //
-// GitHub API docs: https://docs.github.com/en/rest/code-scanning#list-code-scanning-analyses-for-a-repository
+// GitHub API docs: https://docs.github.com/en/rest/code-scanning/code-scanning#list-code-scanning-analyses-for-a-repository
 func (s *CodeScanningService) ListAnalysesForRepo(ctx context.Context, owner, repo string, opts *AnalysesListOptions) ([]*ScanningAnalysis, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/code-scanning/analyses", owner, repo)
 	u, err := addOptions(u, opts)
@@ -361,7 +453,7 @@ func (s *CodeScanningService) ListAnalysesForRepo(ctx context.Context, owner, re
 //
 // The security analysis_id is the ID of the analysis, as returned from the ListAnalysesForRepo operation.
 //
-// GitHub API docs: https://docs.github.com/en/rest/code-scanning#get-a-code-scanning-analysis-for-a-repository
+// GitHub API docs: https://docs.github.com/en/rest/code-scanning/code-scanning#get-a-code-scanning-analysis-for-a-repository
 func (s *CodeScanningService) GetAnalysis(ctx context.Context, owner, repo string, id int64) (*ScanningAnalysis, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/code-scanning/analyses/%v", owner, repo, id)
 
@@ -378,3 +470,155 @@ func (s *CodeScanningService) GetAnalysis(ctx context.Context, owner, repo strin
 
 	return analysis, resp, nil
 }
+
+// DeleteAnalysis represents a successful deletion of a code scanning analysis.
+type DeleteAnalysis struct {
+	// Next deletable analysis in chain, without last analysis deletion confirmation
+	NextAnalysisURL *string `json:"next_analysis_url,omitempty"`
+	// Next deletable analysis in chain, with last analysis deletion confirmation
+	ConfirmDeleteURL *string `json:"confirm_delete_url,omitempty"`
+}
+
+// DeleteAnalysis deletes a single code scanning analysis from a repository.
+//
+// You must use an access token with the repo scope to use this endpoint.
+// GitHub Apps must have the security_events read permission to use this endpoint.
+//
+// The security analysis_id is the ID of the analysis, as returned from the ListAnalysesForRepo operation.
+//
+// GitHub API docs: https://docs.github.com/en/rest/code-scanning/code-scanning#delete-a-code-scanning-analysis-from-a-repository
+func (s *CodeScanningService) DeleteAnalysis(ctx context.Context, owner, repo string, id int64) (*DeleteAnalysis, *Response, error) {
+	u := fmt.Sprintf("repos/%v/%v/code-scanning/analyses/%v", owner, repo, id)
+
+	req, err := s.client.NewRequest("DELETE", u, nil)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	deleteAnalysis := new(DeleteAnalysis)
+	resp, err := s.client.Do(ctx, req, deleteAnalysis)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return deleteAnalysis, resp, nil
+}
+
+// ListCodeQLDatabases lists the CodeQL databases that are available in a repository.
+//
+// You must use an access token with the security_events scope to use this endpoint.
+// GitHub Apps must have the contents read permission to use this endpoint.
+//
+// GitHub API docs: https://docs.github.com/en/rest/code-scanning/code-scanning#list-codeql-databases-for-a-repository
+func (s *CodeScanningService) ListCodeQLDatabases(ctx context.Context, owner, repo string) ([]*CodeQLDatabase, *Response, error) {
+	u := fmt.Sprintf("repos/%v/%v/code-scanning/codeql/databases", owner, repo)
+
+	req, err := s.client.NewRequest("GET", u, nil)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	var codeqlDatabases []*CodeQLDatabase
+	resp, err := s.client.Do(ctx, req, &codeqlDatabases)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return codeqlDatabases, resp, nil
+}
+
+// GetCodeQLDatabase gets a CodeQL database for a language in a repository.
+//
+// You must use an access token with the security_events scope to use this endpoint.
+// GitHub Apps must have the contents read permission to use this endpoint.
+//
+// GitHub API docs: https://docs.github.com/en/rest/code-scanning/code-scanning#get-a-codeql-database-for-a-repository
+func (s *CodeScanningService) GetCodeQLDatabase(ctx context.Context, owner, repo, language string) (*CodeQLDatabase, *Response, error) {
+	u := fmt.Sprintf("repos/%v/%v/code-scanning/codeql/databases/%v", owner, repo, language)
+
+	req, err := s.client.NewRequest("GET", u, nil)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	codeqlDatabase := new(CodeQLDatabase)
+	resp, err := s.client.Do(ctx, req, codeqlDatabase)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return codeqlDatabase, resp, nil
+}
+
+// DefaultSetupConfiguration represents a code scanning default setup configuration.
+type DefaultSetupConfiguration struct {
+	State      *string    `json:"state,omitempty"`
+	Languages  []string   `json:"languages,omitempty"`
+	QuerySuite *string    `json:"query_suite,omitempty"`
+	UpdatedAt  *Timestamp `json:"updated_at,omitempty"`
+}
+
+// GetDefaultSetupConfiguration gets a code scanning default setup configuration.
+//
+// You must use an access token with the repo scope to use this
+// endpoint with private repos or the public_repo scope for public repos. GitHub Apps must have the repo write
+// permission to use this endpoint.
+//
+// GitHub API docs: https://docs.github.com/en/rest/code-scanning/code-scanning#get-a-code-scanning-default-setup-configuration
+func (s *CodeScanningService) GetDefaultSetupConfiguration(ctx context.Context, owner, repo string) (*DefaultSetupConfiguration, *Response, error) {
+	u := fmt.Sprintf("repos/%s/%s/code-scanning/default-setup", owner, repo)
+
+	req, err := s.client.NewRequest("GET", u, nil)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	cfg := new(DefaultSetupConfiguration)
+	resp, err := s.client.Do(ctx, req, cfg)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return cfg, resp, nil
+}
+
+// UpdateDefaultSetupConfigurationOptions specifies parameters to the CodeScanningService.UpdateDefaultSetupConfiguration
+// method.
+type UpdateDefaultSetupConfigurationOptions struct {
+	State      string   `json:"state"`
+	QuerySuite *string  `json:"query_suite,omitempty"`
+	Languages  []string `json:"languages,omitempty"`
+}
+
+// UpdateDefaultSetupConfigurationResponse represents a response from updating a code scanning default setup configuration.
+type UpdateDefaultSetupConfigurationResponse struct {
+	RunID  *int64  `json:"run_id,omitempty"`
+	RunURL *string `json:"run_url,omitempty"`
+}
+
+// UpdateDefaultSetupConfiguration updates a code scanning default setup configuration.
+//
+// You must use an access token with the repo scope to use this
+// endpoint with private repos or the public_repo scope for public repos. GitHub Apps must have the repo write
+// permission to use this endpoint.
+//
+// This method might return an AcceptedError and a status code of 202. This is because this is the status that GitHub
+// returns to signify that it has now scheduled the update of the pull request branch in a background task.
+//
+// GitHub API docs: https://docs.github.com/en/rest/code-scanning/code-scanning#update-a-code-scanning-default-setup-configuration
+func (s *CodeScanningService) UpdateDefaultSetupConfiguration(ctx context.Context, owner, repo string, options *UpdateDefaultSetupConfigurationOptions) (*UpdateDefaultSetupConfigurationResponse, *Response, error) {
+	u := fmt.Sprintf("repos/%s/%s/code-scanning/default-setup", owner, repo)
+
+	req, err := s.client.NewRequest("PATCH", u, options)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	a := new(UpdateDefaultSetupConfigurationResponse)
+	resp, err := s.client.Do(ctx, req, a)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return a, resp, nil
+}
diff --git a/vendor/github.com/google/go-github/v55/github/codespaces.go b/vendor/github.com/google/go-github/v55/github/codespaces.go
new file mode 100644
index 000000000..cd8b0e5be
--- /dev/null
+++ b/vendor/github.com/google/go-github/v55/github/codespaces.go
@@ -0,0 +1,254 @@
+// Copyright 2023 The go-github AUTHORS. All rights reserved.
+//
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package github
+
+import (
+	"context"
+	"fmt"
+)
+
+// CodespacesService handles communication with the Codespaces related
+// methods of the GitHub API.
+//
+// GitHub API docs: https://docs.github.com/en/rest/codespaces/
+type CodespacesService service
+
+// Codespace represents a codespace.
+//
+// GitHub API docs: https://docs.github.com/en/rest/codespaces
+type Codespace struct {
+	ID                             *int64                        `json:"id,omitempty"`
+	Name                           *string                       `json:"name,omitempty"`
+	DisplayName                    *string                       `json:"display_name,omitempty"`
+	EnvironmentID                  *string                       `json:"environment_id,omitempty"`
+	Owner                          *User                         `json:"owner,omitempty"`
+	BillableOwner                  *User                         `json:"billable_owner,omitempty"`
+	Repository                     *Repository                   `json:"repository,omitempty"`
+	Machine                        *CodespacesMachine            `json:"machine,omitempty"`
+	DevcontainerPath               *string                       `json:"devcontainer_path,omitempty"`
+	Prebuild                       *bool                         `json:"prebuild,omitempty"`
+	CreatedAt                      *Timestamp                    `json:"created_at,omitempty"`
+	UpdatedAt                      *Timestamp                    `json:"updated_at,omitempty"`
+	LastUsedAt                     *Timestamp                    `json:"last_used_at,omitempty"`
+	State                          *string                       `json:"state,omitempty"`
+	URL                            *string                       `json:"url,omitempty"`
+	GitStatus                      *CodespacesGitStatus          `json:"git_status,omitempty"`
+	Location                       *string                       `json:"location,omitempty"`
+	IdleTimeoutMinutes             *int                          `json:"idle_timeout_minutes,omitempty"`
+	WebURL                         *string                       `json:"web_url,omitempty"`
+	MachinesURL                    *string                       `json:"machines_url,omitempty"`
+	StartURL                       *string                       `json:"start_url,omitempty"`
+	StopURL                        *string                       `json:"stop_url,omitempty"`
+	PullsURL                       *string                       `json:"pulls_url,omitempty"`
+	RecentFolders                  []string                      `json:"recent_folders,omitempty"`
+	RuntimeConstraints             *CodespacesRuntimeConstraints `json:"runtime_constraints,omitempty"`
+	PendingOperation               *bool                         `json:"pending_operation,omitempty"`
+	PendingOperationDisabledReason *string                       `json:"pending_operation_disabled_reason,omitempty"`
+	IdleTimeoutNotice              *string                       `json:"idle_timeout_notice,omitempty"`
+	RetentionPeriodMinutes         *int                          `json:"retention_period_minutes,omitempty"`
+	RetentionExpiresAt             *Timestamp                    `json:"retention_expires_at,omitempty"`
+	LastKnownStopNotice            *string                       `json:"last_known_stop_notice,omitempty"`
+}
+
+// CodespacesGitStatus represents the git status of a codespace.
+type CodespacesGitStatus struct {
+	Ahead                 *int    `json:"ahead,omitempty"`
+	Behind                *int    `json:"behind,omitempty"`
+	HasUnpushedChanges    *bool   `json:"has_unpushed_changes,omitempty"`
+	HasUncommittedChanges *bool   `json:"has_uncommitted_changes,omitempty"`
+	Ref                   *string `json:"ref,omitempty"`
+}
+
+// CodespacesMachine represents the machine type of a codespace.
+type CodespacesMachine struct {
+	Name                 *string `json:"name,omitempty"`
+	DisplayName          *string `json:"display_name,omitempty"`
+	OperatingSystem      *string `json:"operating_system,omitempty"`
+	StorageInBytes       *int64  `json:"storage_in_bytes,omitempty"`
+	MemoryInBytes        *int64  `json:"memory_in_bytes,omitempty"`
+	CPUs                 *int    `json:"cpus,omitempty"`
+	PrebuildAvailability *string `json:"prebuild_availability,omitempty"`
+}
+
+// CodespacesRuntimeConstraints represents the runtime constraints of a codespace.
+type CodespacesRuntimeConstraints struct {
+	AllowedPortPrivacySettings []string `json:"allowed_port_privacy_settings,omitempty"`
+}
+
+// ListCodespaces represents the response from the list codespaces endpoints.
+type ListCodespaces struct {
+	TotalCount *int         `json:"total_count,omitempty"`
+	Codespaces []*Codespace `json:"codespaces"`
+}
+
+// ListInRepo lists codespaces for a user in a repository.
+//
+// Lists the codespaces associated with a specified repository and the authenticated user.
+// You must authenticate using an access token with the codespace scope to use this endpoint.
+// GitHub Apps must have read access to the codespaces repository permission to use this endpoint.
+//
+// GitHub API docs: https://docs.github.com/en/rest/codespaces/codespaces?apiVersion=2022-11-28#list-codespaces-in-a-repository-for-the-authenticated-user
+func (s *CodespacesService) ListInRepo(ctx context.Context, owner, repo string, opts *ListOptions) (*ListCodespaces, *Response, error) {
+	u := fmt.Sprintf("repos/%v/%v/codespaces", owner, repo)
+	u, err := addOptions(u, opts)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	req, err := s.client.NewRequest("GET", u, nil)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	var codespaces *ListCodespaces
+	resp, err := s.client.Do(ctx, req, &codespaces)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return codespaces, resp, nil
+}
+
+// ListOptions represents the options for listing codespaces for a user.
+type ListCodespacesOptions struct {
+	ListOptions
+	RepositoryID int64 `url:"repository_id,omitempty"`
+}
+
+// List lists codespaces for an authenticated user.
+//
+// Lists the authenticated user's codespaces.
+// You must authenticate using an access token with the codespace scope to use this endpoint.
+// GitHub Apps must have read access to the codespaces repository permission to use this endpoint.
+//
+// GitHub API docs: https://docs.github.com/en/rest/codespaces/codespaces?apiVersion=2022-11-28#list-codespaces-for-the-authenticated-user
+func (s *CodespacesService) List(ctx context.Context, opts *ListCodespacesOptions) (*ListCodespaces, *Response, error) {
+	u := "user/codespaces"
+	u, err := addOptions(u, opts)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	req, err := s.client.NewRequest("GET", u, nil)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	var codespaces *ListCodespaces
+	resp, err := s.client.Do(ctx, req, &codespaces)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return codespaces, resp, nil
+}
+
+// CreateCodespaceOptions represents options for the creation of a codespace in a repository.
+type CreateCodespaceOptions struct {
+	Ref *string `json:"ref,omitempty"`
+	// Geo represents the geographic area for this codespace.
+	// If not specified, the value is assigned by IP.
+	// This property replaces location, which is being deprecated.
+	// Geo can be one of: `EuropeWest`, `SoutheastAsia`, `UsEast`, `UsWest`.
+	Geo                        *string `json:"geo,omitempty"`
+	ClientIP                   *string `json:"client_ip,omitempty"`
+	Machine                    *string `json:"machine,omitempty"`
+	DevcontainerPath           *string `json:"devcontainer_path,omitempty"`
+	MultiRepoPermissionsOptOut *bool   `json:"multi_repo_permissions_opt_out,omitempty"`
+	WorkingDirectory           *string `json:"working_directory,omitempty"`
+	IdleTimeoutMinutes         *int    `json:"idle_timeout_minutes,omitempty"`
+	DisplayName                *string `json:"display_name,omitempty"`
+	// RetentionPeriodMinutes represents the duration in minutes after codespace has gone idle in which it will be deleted.
+	// Must be integer minutes between 0 and 43200 (30 days).
+	RetentionPeriodMinutes *int `json:"retention_period_minutes,omitempty"`
+}
+
+// CreateInRepo creates a codespace in a repository.
+//
+// Creates a codespace owned by the authenticated user in the specified repository.
+// You must authenticate using an access token with the codespace scope to use this endpoint.
+// GitHub Apps must have write access to the codespaces repository permission to use this endpoint.
+//
+// GitHub API docs: https://docs.github.com/en/rest/codespaces/codespaces?apiVersion=2022-11-28#create-a-codespace-in-a-repository
+func (s *CodespacesService) CreateInRepo(ctx context.Context, owner, repo string, request *CreateCodespaceOptions) (*Codespace, *Response, error) {
+	u := fmt.Sprintf("repos/%v/%v/codespaces", owner, repo)
+
+	req, err := s.client.NewRequest("POST", u, request)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	var codespace *Codespace
+	resp, err := s.client.Do(ctx, req, &codespace)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return codespace, resp, nil
+}
+
+// Start starts a codespace.
+//
+// You must authenticate using an access token with the codespace scope to use this endpoint.
+// GitHub Apps must have write access to the codespaces_lifecycle_admin repository permission to use this endpoint.
+//
+// GitHub API docs: https://docs.github.com/en/rest/codespaces/codespaces?apiVersion=2022-11-28#start-a-codespace-for-the-authenticated-user
+func (s *CodespacesService) Start(ctx context.Context, codespaceName string) (*Codespace, *Response, error) {
+	u := fmt.Sprintf("user/codespaces/%v/start", codespaceName)
+
+	req, err := s.client.NewRequest("POST", u, nil)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	var codespace *Codespace
+	resp, err := s.client.Do(ctx, req, &codespace)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return codespace, resp, nil
+}
+
+// Stop stops a codespace.
+//
+// You must authenticate using an access token with the codespace scope to use this endpoint.
+// GitHub Apps must have write access to the codespaces_lifecycle_admin repository permission to use this endpoint.
+//
+// GitHub API docs: https://docs.github.com/en/rest/codespaces/codespaces?apiVersion=2022-11-28#stop-a-codespace-for-the-authenticated-user
+func (s *CodespacesService) Stop(ctx context.Context, codespaceName string) (*Codespace, *Response, error) {
+	u := fmt.Sprintf("user/codespaces/%v/stop", codespaceName)
+
+	req, err := s.client.NewRequest("POST", u, nil)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	var codespace *Codespace
+	resp, err := s.client.Do(ctx, req, &codespace)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return codespace, resp, nil
+}
+
+// Delete deletes a codespace.
+//
+// You must authenticate using an access token with the codespace scope to use this endpoint.
+// GitHub Apps must have write access to the codespaces repository permission to use this endpoint.
+//
+// GitHub API docs: https://docs.github.com/en/rest/codespaces/codespaces?apiVersion=2022-11-28#delete-a-codespace-for-the-authenticated-user
+func (s *CodespacesService) Delete(ctx context.Context, codespaceName string) (*Response, error) {
+	u := fmt.Sprintf("user/codespaces/%v", codespaceName)
+
+	req, err := s.client.NewRequest("DELETE", u, nil)
+	if err != nil {
+		return nil, err
+	}
+
+	return s.client.Do(ctx, req, nil)
+}
diff --git a/vendor/github.com/google/go-github/v55/github/codespaces_secrets.go b/vendor/github.com/google/go-github/v55/github/codespaces_secrets.go
new file mode 100644
index 000000000..e11c679c6
--- /dev/null
+++ b/vendor/github.com/google/go-github/v55/github/codespaces_secrets.go
@@ -0,0 +1,405 @@
+// Copyright 2023 The go-github AUTHORS. All rights reserved.
+//
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package github
+
+import (
+	"context"
+	"fmt"
+)
+
+// ListUserSecrets list all secrets available for a users codespace
+//
+// Lists all secrets available for a user's Codespaces without revealing their encrypted values
+// You must authenticate using an access token with the codespace or codespace:secrets scope to use this endpoint. User must have Codespaces access to use this endpoint
+// GitHub Apps must have read access to the codespaces_user_secrets user permission to use this endpoint.
+//
+// GitHub API docs: https://docs.github.com/en/rest/codespaces/secrets?apiVersion=2022-11-28#list-secrets-for-the-authenticated-user
+func (s *CodespacesService) ListUserSecrets(ctx context.Context, opts *ListOptions) (*Secrets, *Response, error) {
+	u, err := addOptions("user/codespaces/secrets", opts)
+	if err != nil {
+		return nil, nil, err
+	}
+	return s.listSecrets(ctx, u)
+}
+
+// ListOrgSecrets list all secrets available to an org
+//
+// Lists all Codespaces secrets available at the organization-level without revealing their encrypted values. You must authenticate using an access token with the admin:org scope to use this endpoint.
+//
+// GitHub API docs: https://docs.github.com/en/rest/codespaces/organization-secrets?apiVersion=2022-11-28#list-organization-secrets
+func (s *CodespacesService) ListOrgSecrets(ctx context.Context, org string, opts *ListOptions) (*Secrets, *Response, error) {
+	u := fmt.Sprintf("orgs/%v/codespaces/secrets", org)
+	u, err := addOptions(u, opts)
+	if err != nil {
+		return nil, nil, err
+	}
+	return s.listSecrets(ctx, u)
+}
+
+// ListRepoSecrets list all secrets available to a repo
+//
+// Lists all secrets available in a repository without revealing their encrypted values. You must authenticate using an access token with the repo scope to use this endpoint. GitHub Apps must have write access to the codespaces_secrets repository permission to use this endpoint.
+//
+// GitHub API docs: https://docs.github.com/en/rest/codespaces/repository-secrets?apiVersion=2022-11-28#list-repository-secrets
+func (s *CodespacesService) ListRepoSecrets(ctx context.Context, owner, repo string, opts *ListOptions) (*Secrets, *Response, error) {
+	u := fmt.Sprintf("repos/%v/%v/codespaces/secrets", owner, repo)
+	u, err := addOptions(u, opts)
+	if err != nil {
+		return nil, nil, err
+	}
+	return s.listSecrets(ctx, u)
+}
+
+func (s *CodespacesService) listSecrets(ctx context.Context, url string) (*Secrets, *Response, error) {
+	req, err := s.client.NewRequest("GET", url, nil)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	var secrets *Secrets
+	resp, err := s.client.Do(ctx, req, &secrets)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return secrets, resp, nil
+}
+
+// GetUserPublicKey gets the users public key for encrypting codespace secrets
+//
+// Gets your public key, which you need to encrypt secrets. You need to encrypt a secret before you can create or update secrets.
+// You must authenticate using an access token with the codespace or codespace:secrets scope to use this endpoint. User must have Codespaces access to use this endpoint.
+// GitHub Apps must have read access to the codespaces_user_secrets user permission to use this endpoint.
+//
+// GitHub API docs: https://docs.github.com/en/rest/codespaces/secrets?apiVersion=2022-11-28#get-public-key-for-the-authenticated-user
+func (s *CodespacesService) GetUserPublicKey(ctx context.Context) (*PublicKey, *Response, error) {
+	return s.getPublicKey(ctx, "user/codespaces/secrets/public-key")
+}
+
+// GetOrgPublicKey gets the org public key for encrypting codespace secrets
+//
+// Gets a public key for an organization, which is required in order to encrypt secrets. You need to encrypt the value of a secret before you can create or update secrets. You must authenticate using an access token with the admin:org scope to use this endpoint.
+//
+// GitHub API docs: https://docs.github.com/en/rest/codespaces/organization-secrets?apiVersion=2022-11-28#get-an-organization-public-key
+func (s *CodespacesService) GetOrgPublicKey(ctx context.Context, org string) (*PublicKey, *Response, error) {
+	return s.getPublicKey(ctx, fmt.Sprintf("orgs/%v/codespaces/secrets/public-key", org))
+}
+
+// GetRepoPublicKey gets the repo public key for encrypting codespace secrets
+//
+// Gets your public key, which you need to encrypt secrets. You need to encrypt a secret before you can create or update secrets. Anyone with read access to the repository can use this endpoint. If the repository is private you must use an access token with the repo scope. GitHub Apps must have write access to the codespaces_secrets repository permission to use this endpoint.
+//
+// GitHub API docs: https://docs.github.com/en/rest/codespaces/repository-secrets?apiVersion=2022-11-28#get-a-repository-public-key
+func (s *CodespacesService) GetRepoPublicKey(ctx context.Context, owner, repo string) (*PublicKey, *Response, error) {
+	return s.getPublicKey(ctx, fmt.Sprintf("repos/%v/%v/codespaces/secrets/public-key", owner, repo))
+}
+
+func (s *CodespacesService) getPublicKey(ctx context.Context, url string) (*PublicKey, *Response, error) {
+	req, err := s.client.NewRequest("GET", url, nil)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	var publicKey *PublicKey
+	resp, err := s.client.Do(ctx, req, &publicKey)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return publicKey, resp, nil
+}
+
+// GetUserSecret gets a users codespace secret
+//
+// Gets a secret available to a user's codespaces without revealing its encrypted value.
+// You must authenticate using an access token with the codespace or codespace:secrets scope to use this endpoint. User must have Codespaces access to use this endpoint.
+// GitHub Apps must have read access to the codespaces_user_secrets user permission to use this endpoint.
+//
+// GitHub API docs: https://docs.github.com/en/rest/codespaces/secrets?apiVersion=2022-11-28#get-a-secret-for-the-authenticated-user
+func (s *CodespacesService) GetUserSecret(ctx context.Context, name string) (*Secret, *Response, error) {
+	u := fmt.Sprintf("user/codespaces/secrets/%v", name)
+	return s.getSecret(ctx, u)
+}
+
+// GetOrgSecret gets an org codespace secret
+//
+// Gets an organization secret without revealing its encrypted value. You must authenticate using an access token with the admin:org scope to use this endpoint.
+//
+// GitHub API docs: https://docs.github.com/en/rest/codespaces/organization-secrets?apiVersion=2022-11-28#get-an-organization-secret
+func (s *CodespacesService) GetOrgSecret(ctx context.Context, org, name string) (*Secret, *Response, error) {
+	u := fmt.Sprintf("orgs/%v/codespaces/secrets/%v", org, name)
+	return s.getSecret(ctx, u)
+}
+
+// GetRepoSecret gets a repo codespace secret
+//
+// Gets a single repository secret without revealing its encrypted value. You must authenticate using an access token with the repo scope to use this endpoint. GitHub Apps must have write access to the codespaces_secrets repository permission to use this endpoint.
+//
+// GitHub API docs: https://docs.github.com/en/rest/codespaces/repository-secrets?apiVersion=2022-11-28#get-a-repository-secret
+func (s *CodespacesService) GetRepoSecret(ctx context.Context, owner, repo, name string) (*Secret, *Response, error) {
+	u := fmt.Sprintf("repos/%v/%v/codespaces/secrets/%v", owner, repo, name)
+	return s.getSecret(ctx, u)
+}
+
+func (s *CodespacesService) getSecret(ctx context.Context, url string) (*Secret, *Response, error) {
+	req, err := s.client.NewRequest("GET", url, nil)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	var secret *Secret
+	resp, err := s.client.Do(ctx, req, &secret)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return secret, resp, nil
+}
+
+// CreateOrUpdateUserSecret creates or updates a users codespace secret
+//
+// Creates or updates a secret for a user's codespace with an encrypted value. Encrypt your secret using LibSodium.
+// You must authenticate using an access token with the codespace or codespace:secrets scope to use this endpoint. User must also have Codespaces access to use this endpoint.
+// GitHub Apps must have write access to the codespaces_user_secrets user permission and codespaces_secrets repository permission on all referenced repositories to use this endpoint.
+//
+// GitHub API docs: https://docs.github.com/en/rest/codespaces/secrets?apiVersion=2022-11-28#create-or-update-a-secret-for-the-authenticated-user
+func (s *CodespacesService) CreateOrUpdateUserSecret(ctx context.Context, eSecret *EncryptedSecret) (*Response, error) {
+	u := fmt.Sprintf("user/codespaces/secrets/%v", eSecret.Name)
+	return s.createOrUpdateSecret(ctx, u, eSecret)
+}
+
+// CreateOrUpdateOrgSecret creates or updates an orgs codespace secret
+//
+// Creates or updates an organization secret with an encrypted value. Encrypt your secret using LibSodium. You must authenticate using an access token with the admin:org scope to use this endpoint.
+//
+// GitHub API docs: https://docs.github.com/en/rest/codespaces/organization-secrets?apiVersion=2022-11-28#create-or-update-an-organization-secret
+func (s *CodespacesService) CreateOrUpdateOrgSecret(ctx context.Context, org string, eSecret *EncryptedSecret) (*Response, error) {
+	u := fmt.Sprintf("orgs/%v/codespaces/secrets/%v", org, eSecret.Name)
+	return s.createOrUpdateSecret(ctx, u, eSecret)
+}
+
+// CreateOrUpdateRepoSecret creates or updates a repos codespace secret
+//
+// Creates or updates a repository secret with an encrypted value. Encrypt your secret using LibSodium. You must authenticate using an access token with the repo scope to use this endpoint. GitHub Apps must have write access to the codespaces_secrets repository permission to use this endpoint.
+//
+// GitHub API docs: https://docs.github.com/en/rest/codespaces/repository-secrets?apiVersion=2022-11-28#create-or-update-a-repository-secret
+func (s *CodespacesService) CreateOrUpdateRepoSecret(ctx context.Context, owner, repo string, eSecret *EncryptedSecret) (*Response, error) {
+	u := fmt.Sprintf("repos/%v/%v/codespaces/secrets/%v", owner, repo, eSecret.Name)
+	return s.createOrUpdateSecret(ctx, u, eSecret)
+}
+
+func (s *CodespacesService) createOrUpdateSecret(ctx context.Context, url string, eSecret *EncryptedSecret) (*Response, error) {
+	req, err := s.client.NewRequest("PUT", url, eSecret)
+	if err != nil {
+		return nil, err
+	}
+
+	resp, err := s.client.Do(ctx, req, nil)
+	if err != nil {
+		return resp, err
+	}
+
+	return resp, nil
+}
+
+// DeleteUserSecret deletes a users codespace secret
+//
+// Deletes a secret from a user's codespaces using the secret name. Deleting the secret will remove access from all codespaces that were allowed to access the secret.
+// You must authenticate using an access token with the codespace or codespace:secrets scope to use this endpoint. User must have Codespaces access to use this endpoint.
+// GitHub Apps must have write access to the codespaces_user_secrets user permission to use this endpoint.
+//
+// GitHub API docs: https://docs.github.com/en/rest/codespaces/secrets?apiVersion=2022-11-28#delete-a-secret-for-the-authenticated-user
+func (s *CodespacesService) DeleteUserSecret(ctx context.Context, name string) (*Response, error) {
+	u := fmt.Sprintf("user/codespaces/secrets/%v", name)
+	return s.deleteSecret(ctx, u)
+}
+
+// DeleteOrgSecret deletes an orgs codespace secret
+//
+// Deletes an organization secret using the secret name. You must authenticate using an access token with the admin:org scope to use this endpoint.
+//
+// GitHub API docs: https://docs.github.com/en/rest/codespaces/organization-secrets?apiVersion=2022-11-28#delete-an-organization-secret
+func (s *CodespacesService) DeleteOrgSecret(ctx context.Context, org, name string) (*Response, error) {
+	u := fmt.Sprintf("orgs/%v/codespaces/secrets/%v", org, name)
+	return s.deleteSecret(ctx, u)
+}
+
+// DeleteRepoSecret deletes a repos codespace secret
+//
+// Deletes a secret in a repository using the secret name. You must authenticate using an access token with the repo scope to use this endpoint. GitHub Apps must have write access to the codespaces_secrets repository permission to use this endpoint.
+//
+// GitHub API docs: https://docs.github.com/en/rest/codespaces/repository-secrets?apiVersion=2022-11-28#delete-a-repository-secret
+func (s *CodespacesService) DeleteRepoSecret(ctx context.Context, owner, repo, name string) (*Response, error) {
+	u := fmt.Sprintf("repos/%v/%v/codespaces/secrets/%v", owner, repo, name)
+	return s.deleteSecret(ctx, u)
+}
+
+func (s *CodespacesService) deleteSecret(ctx context.Context, url string) (*Response, error) {
+	req, err := s.client.NewRequest("DELETE", url, nil)
+	if err != nil {
+		return nil, err
+	}
+
+	resp, err := s.client.Do(ctx, req, nil)
+	if err != nil {
+		return resp, err
+	}
+
+	return resp, nil
+}
+
+// ListSelectedReposForUserSecret lists the repositories that have been granted the ability to use a user's codespace secret.
+//
+// You must authenticate using an access token with the codespace or codespace:secrets scope to use this endpoint. User must have Codespaces access to use this endpoint.
+// GitHub Apps must have read access to the codespaces_user_secrets user permission and write access to the codespaces_secrets repository permission on all referenced repositories to use this endpoint.
+//
+// GitHub API docs: https://docs.github.com/en/rest/codespaces/secrets?apiVersion=2022-11-28#list-selected-repositories-for-a-user-secret
+func (s *CodespacesService) ListSelectedReposForUserSecret(ctx context.Context, name string, opts *ListOptions) (*SelectedReposList, *Response, error) {
+	u := fmt.Sprintf("user/codespaces/secrets/%v/repositories", name)
+	u, err := addOptions(u, opts)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	return s.listSelectedReposForSecret(ctx, u)
+}
+
+// ListSelectedReposForOrgSecret lists the repositories that have been granted the ability to use an organization's codespace secret.
+//
+// Lists all repositories that have been selected when the visibility for repository access to a secret is set to selected. You must authenticate using an access token with the admin:org scope to use this endpoint.
+//
+// GitHub API docs: https://docs.github.com/en/rest/codespaces/organization-secrets?apiVersion=2022-11-28#list-selected-repositories-for-an-organization-secret
+func (s *CodespacesService) ListSelectedReposForOrgSecret(ctx context.Context, org, name string, opts *ListOptions) (*SelectedReposList, *Response, error) {
+	u := fmt.Sprintf("orgs/%v/codespaces/secrets/%v/repositories", org, name)
+	u, err := addOptions(u, opts)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	return s.listSelectedReposForSecret(ctx, u)
+}
+
+func (s *CodespacesService) listSelectedReposForSecret(ctx context.Context, url string) (*SelectedReposList, *Response, error) {
+	req, err := s.client.NewRequest("GET", url, nil)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	var repositories *SelectedReposList
+	resp, err := s.client.Do(ctx, req, &repositories)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return repositories, resp, nil
+}
+
+// SetSelectedReposForUserSecret sets the repositories that have been granted the ability to use a user's codespace secret.
+//
+// You must authenticate using an access token with the codespace or codespace:secrets scope to use this endpoint. User must have Codespaces access to use this endpoint.
+// GitHub Apps must have write access to the codespaces_user_secrets user permission and write access to the codespaces_secrets repository permission on all referenced repositories to use this endpoint.
+//
+// Github API docs: https://docs.github.com/en/rest/codespaces/secrets?apiVersion=2022-11-28#set-selected-repositories-for-a-user-secret
+func (s *CodespacesService) SetSelectedReposForUserSecret(ctx context.Context, name string, ids SelectedRepoIDs) (*Response, error) {
+	u := fmt.Sprintf("user/codespaces/secrets/%v/repositories", name)
+	return s.setSelectedRepoForSecret(ctx, u, ids)
+}
+
+// SetSelectedReposForOrgSecret sets the repositories that have been granted the ability to use a user's codespace secret.
+//
+// Replaces all repositories for an organization secret when the visibility for repository access is set to selected. The visibility is set when you Create or update an organization secret. You must authenticate using an access token with the admin:org scope to use this endpoint.
+//
+// Github API docs: https://docs.github.com/en/rest/codespaces/secrets?apiVersion=2022-11-28#set-selected-repositories-for-a-user-secret
+func (s *CodespacesService) SetSelectedReposForOrgSecret(ctx context.Context, org, name string, ids SelectedRepoIDs) (*Response, error) {
+	u := fmt.Sprintf("orgs/%v/codespaces/secrets/%v/repositories", org, name)
+	return s.setSelectedRepoForSecret(ctx, u, ids)
+}
+
+func (s *CodespacesService) setSelectedRepoForSecret(ctx context.Context, url string, ids SelectedRepoIDs) (*Response, error) {
+	type repoIDs struct {
+		SelectedIDs SelectedRepoIDs `json:"selected_repository_ids"`
+	}
+
+	req, err := s.client.NewRequest("PUT", url, repoIDs{SelectedIDs: ids})
+	if err != nil {
+		return nil, err
+	}
+
+	resp, err := s.client.Do(ctx, req, nil)
+	if err != nil {
+		return resp, err
+	}
+
+	return resp, nil
+}
+
+// AddSelectedRepoToUserSecret adds a repository to the list of repositories that have been granted the ability to use a user's codespace secret.
+//
+// Adds a repository to the selected repositories for a user's codespace secret. You must authenticate using an access token with the codespace or codespace:secrets scope to use this endpoint. User must have Codespaces access to use this endpoint. GitHub Apps must have write access to the codespaces_user_secrets user permission and write access to the codespaces_secrets repository permission on the referenced repository to use this endpoint.
+//
+// Github API docs: https://docs.github.com/en/rest/codespaces/secrets?apiVersion=2022-11-28#add-a-selected-repository-to-a-user-secret
+func (s *CodespacesService) AddSelectedRepoToUserSecret(ctx context.Context, name string, repo *Repository) (*Response, error) {
+	u := fmt.Sprintf("user/codespaces/secrets/%v/repositories/%v", name, *repo.ID)
+	return s.addSelectedRepoToSecret(ctx, u)
+}
+
+// AddSelectedRepoToOrgSecret adds a repository to the list of repositories that have been granted the ability to use an organization's codespace secret.
+//
+// Adds a repository to an organization secret when the visibility for repository access is set to selected. The visibility is set when you Create or update an organization secret. You must authenticate using an access token with the admin:org scope to use this endpoint.
+//
+// Github API docs: https://docs.github.com/en/rest/codespaces/organization-secrets?apiVersion=2022-11-28#add-selected-repository-to-an-organization-secret
+func (s *CodespacesService) AddSelectedRepoToOrgSecret(ctx context.Context, org, name string, repo *Repository) (*Response, error) {
+	u := fmt.Sprintf("orgs/%v/codespaces/secrets/%v/repositories/%v", org, name, *repo.ID)
+	return s.addSelectedRepoToSecret(ctx, u)
+}
+
+func (s *CodespacesService) addSelectedRepoToSecret(ctx context.Context, url string) (*Response, error) {
+	req, err := s.client.NewRequest("PUT", url, nil)
+	if err != nil {
+		return nil, err
+	}
+
+	resp, err := s.client.Do(ctx, req, nil)
+	if err != nil {
+		return resp, err
+	}
+
+	return resp, nil
+}
+
+// RemoveSelectedRepoFromUserSecret removes a repository from the list of repositories that have been granted the ability to use a user's codespace secret.
+//
+// Removes a repository from the selected repositories for a user's codespace secret. You must authenticate using an access token with the codespace or codespace:secrets scope to use this endpoint. User must have Codespaces access to use this endpoint. GitHub Apps must have write access to the codespaces_user_secrets user permission to use this endpoint.
+//
+// Github API docs: https://docs.github.com/en/rest/codespaces/secrets?apiVersion=2022-11-28#remove-a-selected-repository-from-a-user-secret
+func (s *CodespacesService) RemoveSelectedRepoFromUserSecret(ctx context.Context, name string, repo *Repository) (*Response, error) {
+	u := fmt.Sprintf("user/codespaces/secrets/%v/repositories/%v", name, *repo.ID)
+	return s.removeSelectedRepoFromSecret(ctx, u)
+}
+
+// RemoveSelectedRepoFromOrgSecret removes a repository from the list of repositories that have been granted the ability to use an organization's codespace secret.
+//
+// Removes a repository from an organization secret when the visibility for repository access is set to selected. The visibility is set when you Create or update an organization secret. You must authenticate using an access token with the admin:org scope to use this endpoint.
+//
+// Github API docs: https://docs.github.com/en/rest/codespaces/organization-secrets?apiVersion=2022-11-28#remove-selected-repository-from-an-organization-secret
+func (s *CodespacesService) RemoveSelectedRepoFromOrgSecret(ctx context.Context, org, name string, repo *Repository) (*Response, error) {
+	u := fmt.Sprintf("orgs/%v/codespaces/secrets/%v/repositories/%v", org, name, *repo.ID)
+	return s.removeSelectedRepoFromSecret(ctx, u)
+}
+
+func (s *CodespacesService) removeSelectedRepoFromSecret(ctx context.Context, url string) (*Response, error) {
+	req, err := s.client.NewRequest("DELETE", url, nil)
+	if err != nil {
+		return nil, err
+	}
+
+	resp, err := s.client.Do(ctx, req, nil)
+	if err != nil {
+		return resp, err
+	}
+
+	return resp, nil
+}
diff --git a/vendor/github.com/google/go-github/v50/github/dependabot.go b/vendor/github.com/google/go-github/v55/github/dependabot.go
similarity index 100%
rename from vendor/github.com/google/go-github/v50/github/dependabot.go
rename to vendor/github.com/google/go-github/v55/github/dependabot.go
diff --git a/vendor/github.com/google/go-github/v50/github/dependabot_alerts.go b/vendor/github.com/google/go-github/v55/github/dependabot_alerts.go
similarity index 93%
rename from vendor/github.com/google/go-github/v50/github/dependabot_alerts.go
rename to vendor/github.com/google/go-github/v55/github/dependabot_alerts.go
index e00aebc80..177316b1d 100644
--- a/vendor/github.com/google/go-github/v50/github/dependabot_alerts.go
+++ b/vendor/github.com/google/go-github/v55/github/dependabot_alerts.go
@@ -17,8 +17,8 @@ type Dependency struct {
 	Scope        *string               `json:"scope,omitempty"`
 }
 
-// AdvisoryCVSs represents the advisory pertaining to the Common Vulnerability Scoring System.
-type AdvisoryCVSs struct {
+// AdvisoryCVSS represents the advisory pertaining to the Common Vulnerability Scoring System.
+type AdvisoryCVSS struct {
 	Score        *float64 `json:"score,omitempty"`
 	VectorString *string  `json:"vector_string,omitempty"`
 }
@@ -37,7 +37,7 @@ type DependabotSecurityAdvisory struct {
 	Description     *string                  `json:"description,omitempty"`
 	Vulnerabilities []*AdvisoryVulnerability `json:"vulnerabilities,omitempty"`
 	Severity        *string                  `json:"severity,omitempty"`
-	CVSs            *AdvisoryCVSs            `json:"cvss,omitempty"`
+	CVSS            *AdvisoryCVSS            `json:"cvss,omitempty"`
 	CWEs            []*AdvisoryCWEs          `json:"cwes,omitempty"`
 	Identifiers     []*AdvisoryIdentifier    `json:"identifiers,omitempty"`
 	References      []*AdvisoryReference     `json:"references,omitempty"`
@@ -62,6 +62,9 @@ type DependabotAlert struct {
 	DismissedReason       *string                     `json:"dismissed_reason,omitempty"`
 	DismissedComment      *string                     `json:"dismissed_comment,omitempty"`
 	FixedAt               *Timestamp                  `json:"fixed_at,omitempty"`
+	AutoDismissedAt       *Timestamp                  `json:"auto_dismissed_at,omitempty"`
+	// The repository is always empty for events
+	Repository *Repository `json:"repository,omitempty"`
 }
 
 // ListAlertsOptions specifies the optional parameters to the DependabotService.ListRepoAlerts
@@ -75,6 +78,7 @@ type ListAlertsOptions struct {
 	Sort      *string `url:"sort,omitempty"`
 	Direction *string `url:"direction,omitempty"`
 
+	ListOptions
 	ListCursorOptions
 }
 
diff --git a/vendor/github.com/google/go-github/v50/github/dependabot_secrets.go b/vendor/github.com/google/go-github/v55/github/dependabot_secrets.go
similarity index 94%
rename from vendor/github.com/google/go-github/v50/github/dependabot_secrets.go
rename to vendor/github.com/google/go-github/v55/github/dependabot_secrets.go
index 8318cd812..685f7bea8 100644
--- a/vendor/github.com/google/go-github/v50/github/dependabot_secrets.go
+++ b/vendor/github.com/google/go-github/v55/github/dependabot_secrets.go
@@ -144,8 +144,25 @@ func (s *DependabotService) CreateOrUpdateRepoSecret(ctx context.Context, owner,
 //
 // GitHub API docs: https://docs.github.com/en/rest/dependabot/secrets#create-or-update-an-organization-secret
 func (s *DependabotService) CreateOrUpdateOrgSecret(ctx context.Context, org string, eSecret *DependabotEncryptedSecret) (*Response, error) {
+	repoIDs := make([]string, len(eSecret.SelectedRepositoryIDs))
+	for i, secret := range eSecret.SelectedRepositoryIDs {
+		repoIDs[i] = fmt.Sprintf("%v", secret)
+	}
+	params := struct {
+		*DependabotEncryptedSecret
+		SelectedRepositoryIDs []string `json:"selected_repository_ids,omitempty"`
+	}{
+		DependabotEncryptedSecret: eSecret,
+		SelectedRepositoryIDs:     repoIDs,
+	}
+
 	url := fmt.Sprintf("orgs/%v/dependabot/secrets/%v", org, eSecret.Name)
-	return s.putSecret(ctx, url, eSecret)
+	req, err := s.client.NewRequest("PUT", url, params)
+	if err != nil {
+		return nil, err
+	}
+
+	return s.client.Do(ctx, req, nil)
 }
 
 func (s *DependabotService) deleteSecret(ctx context.Context, url string) (*Response, error) {
@@ -198,7 +215,7 @@ func (s *DependabotService) ListSelectedReposForOrgSecret(ctx context.Context, o
 }
 
 // DependabotSecretsSelectedRepoIDs are the repository IDs that have access to the dependabot secrets.
-type DependabotSecretsSelectedRepoIDs []string
+type DependabotSecretsSelectedRepoIDs []int64
 
 // SetSelectedReposForOrgSecret sets the repositories that have access to a Dependabot secret.
 //
diff --git a/vendor/github.com/google/go-github/v55/github/dependency_graph.go b/vendor/github.com/google/go-github/v55/github/dependency_graph.go
new file mode 100644
index 000000000..e578965cc
--- /dev/null
+++ b/vendor/github.com/google/go-github/v55/github/dependency_graph.go
@@ -0,0 +1,80 @@
+// Copyright 2023 The go-github AUTHORS. All rights reserved.
+//
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package github
+
+import (
+	"context"
+	"fmt"
+)
+
+type DependencyGraphService service
+
+// SBOM represents a software bill of materials, which describes the
+// packages/libraries that a repository depends on.
+type SBOM struct {
+	SBOM *SBOMInfo `json:"sbom,omitempty"`
+}
+
+// CreationInfo represents when the SBOM was created and who created it.
+type CreationInfo struct {
+	Created  *Timestamp `json:"created,omitempty"`
+	Creators []string   `json:"creators,omitempty"`
+}
+
+// RepoDependencies represents the dependencies of a repo.
+type RepoDependencies struct {
+	SPDXID *string `json:"SPDXID,omitempty"`
+	// Package name
+	Name             *string `json:"name,omitempty"`
+	VersionInfo      *string `json:"versionInfo,omitempty"`
+	DownloadLocation *string `json:"downloadLocation,omitempty"`
+	FilesAnalyzed    *bool   `json:"filesAnalyzed,omitempty"`
+	LicenseConcluded *string `json:"licenseConcluded,omitempty"`
+	LicenseDeclared  *string `json:"licenseDeclared,omitempty"`
+}
+
+// SBOMInfo represents a software bill of materials (SBOM) using SPDX.
+// SPDX is an open standard for SBOMs that
+// identifies and catalogs components, licenses, copyrights, security
+// references, and other metadata relating to software.
+type SBOMInfo struct {
+	SPDXID       *string       `json:"SPDXID,omitempty"`
+	SPDXVersion  *string       `json:"spdxVersion,omitempty"`
+	CreationInfo *CreationInfo `json:"creationInfo,omitempty"`
+
+	// Repo name
+	Name              *string  `json:"name,omitempty"`
+	DataLicense       *string  `json:"dataLicense,omitempty"`
+	DocumentDescribes []string `json:"documentDescribes,omitempty"`
+	DocumentNamespace *string  `json:"documentNamespace,omitempty"`
+
+	// List of packages dependencies
+	Packages []*RepoDependencies `json:"packages,omitempty"`
+}
+
+func (s SBOM) String() string {
+	return Stringify(s)
+}
+
+// GetSBOM fetches the software bill of materials for a repository.
+//
+// GitHub API docs: https://docs.github.com/en/rest/dependency-graph/sboms
+func (s *DependencyGraphService) GetSBOM(ctx context.Context, owner, repo string) (*SBOM, *Response, error) {
+	u := fmt.Sprintf("repos/%v/%v/dependency-graph/sbom", owner, repo)
+
+	req, err := s.client.NewRequest("GET", u, nil)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	var sbom *SBOM
+	resp, err := s.client.Do(ctx, req, &sbom)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return sbom, resp, nil
+}
diff --git a/vendor/github.com/google/go-github/v50/github/doc.go b/vendor/github.com/google/go-github/v55/github/doc.go
similarity index 87%
rename from vendor/github.com/google/go-github/v50/github/doc.go
rename to vendor/github.com/google/go-github/v55/github/doc.go
index 9adfea8fe..bace6fb3c 100644
--- a/vendor/github.com/google/go-github/v50/github/doc.go
+++ b/vendor/github.com/google/go-github/v55/github/doc.go
@@ -8,7 +8,7 @@ Package github provides a client for using the GitHub API.
 
 Usage:
 
-	import "github.com/google/go-github/v50/github"	// with go modules enabled (GO111MODULE=on or outside GOPATH)
+	import "github.com/google/go-github/v55/github"	// with go modules enabled (GO111MODULE=on or outside GOPATH)
 	import "github.com/google/go-github/github"     // with go modules disabled
 
 Construct a new GitHub client, then use the various services on the client to
@@ -40,34 +40,16 @@ For more sample code snippets, head over to the https://github.com/google/go-git
 
 # Authentication
 
-The go-github library does not directly handle authentication. Instead, when
-creating a new client, pass an http.Client that can handle authentication for
-you. The easiest and recommended way to do this is using the golang.org/x/oauth2
-library, but you can always use any other library that provides an http.Client.
-If you have an OAuth2 access token (for example, a personal API token), you can
-use it with the oauth2 library using:
+Use Client.WithAuthToken to configure your client to authenticate using an Oauth token
+(for example, a personal access token). This is what is needed for a majority of use cases
+aside from GitHub Apps.
 
-	import "golang.org/x/oauth2"
-
-	func main() {
-		ctx := context.Background()
-		ts := oauth2.StaticTokenSource(
-			&oauth2.Token{AccessToken: "... your access token ..."},
-		)
-		tc := oauth2.NewClient(ctx, ts)
-
-		client := github.NewClient(tc)
-
-		// list all repositories for the authenticated user
-		repos, _, err := client.Repositories.List(ctx, "", nil)
-	}
+	client := github.NewClient(nil).WithAuthToken("... your access token ...")
 
 Note that when using an authenticated Client, all calls made by the client will
 include the specified OAuth token. Therefore, authenticated clients should
 almost never be shared between different users.
 
-See the oauth2 docs for complete instructions on using that library.
-
 For API methods that require HTTP Basic Authentication, use the
 BasicAuthTransport.
 
diff --git a/vendor/github.com/google/go-github/v50/github/enterprise.go b/vendor/github.com/google/go-github/v55/github/enterprise.go
similarity index 100%
rename from vendor/github.com/google/go-github/v50/github/enterprise.go
rename to vendor/github.com/google/go-github/v55/github/enterprise.go
diff --git a/vendor/github.com/google/go-github/v50/github/enterprise_actions_runners.go b/vendor/github.com/google/go-github/v55/github/enterprise_actions_runners.go
similarity index 100%
rename from vendor/github.com/google/go-github/v50/github/enterprise_actions_runners.go
rename to vendor/github.com/google/go-github/v55/github/enterprise_actions_runners.go
diff --git a/vendor/github.com/google/go-github/v50/github/enterprise_audit_log.go b/vendor/github.com/google/go-github/v55/github/enterprise_audit_log.go
similarity index 100%
rename from vendor/github.com/google/go-github/v50/github/enterprise_audit_log.go
rename to vendor/github.com/google/go-github/v55/github/enterprise_audit_log.go
diff --git a/vendor/github.com/google/go-github/v50/github/enterprise_code_security_and_analysis.go b/vendor/github.com/google/go-github/v55/github/enterprise_code_security_and_analysis.go
similarity index 100%
rename from vendor/github.com/google/go-github/v50/github/enterprise_code_security_and_analysis.go
rename to vendor/github.com/google/go-github/v55/github/enterprise_code_security_and_analysis.go
diff --git a/vendor/github.com/google/go-github/v55/github/event.go b/vendor/github.com/google/go-github/v55/github/event.go
new file mode 100644
index 000000000..e98606bce
--- /dev/null
+++ b/vendor/github.com/google/go-github/v55/github/event.go
@@ -0,0 +1,54 @@
+// Copyright 2018 The go-github AUTHORS. All rights reserved.
+//
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package github
+
+import (
+	"encoding/json"
+)
+
+// Event represents a GitHub event.
+type Event struct {
+	Type       *string          `json:"type,omitempty"`
+	Public     *bool            `json:"public,omitempty"`
+	RawPayload *json.RawMessage `json:"payload,omitempty"`
+	Repo       *Repository      `json:"repo,omitempty"`
+	Actor      *User            `json:"actor,omitempty"`
+	Org        *Organization    `json:"org,omitempty"`
+	CreatedAt  *Timestamp       `json:"created_at,omitempty"`
+	ID         *string          `json:"id,omitempty"`
+}
+
+func (e Event) String() string {
+	return Stringify(e)
+}
+
+// ParsePayload parses the event payload. For recognized event types,
+// a value of the corresponding struct type will be returned.
+func (e *Event) ParsePayload() (interface{}, error) {
+	// It would be nice if e.Type were the snake_case name of the event,
+	// but the existing interface uses the struct name instead.
+	payload := EventForType(typeToMessageMapping[e.GetType()])
+
+	if err := json.Unmarshal(e.GetRawPayload(), &payload); err != nil {
+		return nil, err
+	}
+
+	return payload, nil
+}
+
+// Payload returns the parsed event payload. For recognized event types,
+// a value of the corresponding struct type will be returned.
+//
+// Deprecated: Use ParsePayload instead, which returns an error
+// rather than panics if JSON unmarshaling raw payload fails.
+func (e *Event) Payload() (payload interface{}) {
+	var err error
+	payload, err = e.ParsePayload()
+	if err != nil {
+		panic(err)
+	}
+	return payload
+}
diff --git a/vendor/github.com/google/go-github/v50/github/event_types.go b/vendor/github.com/google/go-github/v55/github/event_types.go
similarity index 83%
rename from vendor/github.com/google/go-github/v50/github/event_types.go
rename to vendor/github.com/google/go-github/v55/github/event_types.go
index 598d98d48..1a403da9b 100644
--- a/vendor/github.com/google/go-github/v50/github/event_types.go
+++ b/vendor/github.com/google/go-github/v55/github/event_types.go
@@ -134,6 +134,25 @@ type DeleteEvent struct {
 	Installation *Installation `json:"installation,omitempty"`
 }
 
+// DependabotAlertEvent is triggered when there is activity relating to Dependabot alerts.
+// The Webhook event name is "dependabot_alert".
+//
+// GitHub API docs: https://docs.github.com/en/webhooks-and-events/webhooks/webhook-events-and-payloads#dependabot_alert
+type DependabotAlertEvent struct {
+	Action *string          `json:"action,omitempty"`
+	Alert  *DependabotAlert `json:"alert,omitempty"`
+
+	// The following fields are only populated by Webhook events.
+	Installation *Installation `json:"installation,omitempty"`
+	Enterprise   *Enterprise   `json:"enterprise,omitempty"`
+	Repo         *Repository   `json:"repository,omitempty"`
+	Sender       *User         `json:"sender,omitempty"`
+
+	// The following field is only present when the webhook is triggered on
+	// a repository belonging to an organization.
+	Organization *Organization `json:"organization,omitempty"`
+}
+
 // DeployKeyEvent is triggered when a deploy key is added or removed from a repository.
 // The Webhook event name is "deploy_key".
 //
@@ -165,14 +184,35 @@ type DeployKeyEvent struct {
 //
 // GitHub API docs: https://docs.github.com/en/developers/webhooks-and-events/webhook-events-and-payloads#deployment
 type DeploymentEvent struct {
-	Deployment *Deployment `json:"deployment,omitempty"`
-	Repo       *Repository `json:"repository,omitempty"`
+	Deployment  *Deployment  `json:"deployment,omitempty"`
+	Repo        *Repository  `json:"repository,omitempty"`
+	Workflow    *Workflow    `json:"workflow,omitempty"`
+	WorkflowRun *WorkflowRun `json:"workflow_run,omitempty"`
 
 	// The following fields are only populated by Webhook events.
 	Sender       *User         `json:"sender,omitempty"`
 	Installation *Installation `json:"installation,omitempty"`
 }
 
+// DeploymentProtectionRuleEvent represents a deployment protection rule event.
+// The Webhook event name is "deployment_protection_rule".
+//
+// GitHub API docs: https://docs.github.com/webhooks-and-events/webhooks/webhook-events-and-payloads#deployment_protection_rule
+type DeploymentProtectionRuleEvent struct {
+	Action      *string `json:"action,omitempty"`
+	Environment *string `json:"environment,omitempty"`
+	Event       *string `json:"event,omitempty"`
+
+	// The URL Github provides for a third-party to use in order to pass/fail a deployment gate
+	DeploymentCallbackURL *string        `json:"deployment_callback_url,omitempty"`
+	Deployment            *Deployment    `json:"deployment,omitempty"`
+	Repo                  *Repository    `json:"repository,omitempty"`
+	Organization          *Organization  `json:"organization,omitempty"`
+	PullRequests          []*PullRequest `json:"pull_requests,omitempty"`
+	Sender                *User          `json:"sender,omitempty"`
+	Installation          *Installation  `json:"installation,omitempty"`
+}
+
 // DeploymentStatusEvent represents a deployment status.
 // The Webhook event name is "deployment_status".
 //
@@ -332,6 +372,7 @@ type EditChange struct {
 	Body  *EditBody  `json:"body,omitempty"`
 	Base  *EditBase  `json:"base,omitempty"`
 	Repo  *EditRepo  `json:"repository,omitempty"`
+	Owner *EditOwner `json:"owner,omitempty"`
 }
 
 // EditTitle represents a pull-request title change.
@@ -360,6 +401,17 @@ type EditRepo struct {
 	Name *RepoName `json:"name,omitempty"`
 }
 
+// EditOwner represents a change of repository ownership.
+type EditOwner struct {
+	OwnerInfo *OwnerInfo `json:"from,omitempty"`
+}
+
+// OwnerInfo represents the account info of the owner of the repo (could be User or Organization but both are User structs).
+type OwnerInfo struct {
+	User *User `json:"user,omitempty"`
+	Org  *User `json:"organization,omitempty"`
+}
+
 // RepoName represents a change of repository name.
 type RepoName struct {
 	From *string `json:"from,omitempty"`
@@ -457,7 +509,7 @@ type InstallationEvent struct {
 	Repositories []*Repository `json:"repositories,omitempty"`
 	Sender       *User         `json:"sender,omitempty"`
 	Installation *Installation `json:"installation,omitempty"`
-	// TODO key "requester" is not covered
+	Requester    *User         `json:"requester,omitempty"`
 }
 
 // InstallationRepositoriesEvent is triggered when a repository is added or
@@ -474,6 +526,38 @@ type InstallationRepositoriesEvent struct {
 	Installation        *Installation `json:"installation,omitempty"`
 }
 
+// InstallationLoginChange represents a change in login on an installation.
+type InstallationLoginChange struct {
+	From *string `json:"from,omitempty"`
+}
+
+// InstallationSlugChange represents a change in slug on an installation.
+type InstallationSlugChange struct {
+	From *string `json:"from,omitempty"`
+}
+
+// InstallationChanges represents a change in slug or login on an installation.
+type InstallationChanges struct {
+	Login *InstallationLoginChange `json:"login,omitempty"`
+	Slug  *InstallationSlugChange  `json:"slug,omitempty"`
+}
+
+// InstallationTargetEvent is triggered when there is activity on an installation from a user or organization account.
+// The Webhook event name is "installation_target".
+//
+// GitHub API docs: https://docs.github.com/en/webhooks-and-events/webhooks/webhook-events-and-payloads#installation_target
+type InstallationTargetEvent struct {
+	Account      *User                `json:"account,omitempty"`
+	Action       *string              `json:"action,omitempty"`
+	Changes      *InstallationChanges `json:"changes,omitempty"`
+	Enterprise   *Enterprise          `json:"enterprise,omitempty"`
+	Installation *Installation        `json:"installation,omitempty"`
+	Organization *Organization        `json:"organization,omitempty"`
+	Repository   *Repository          `json:"repository,omitempty"`
+	Sender       *User                `json:"sender,omitempty"`
+	TargetType   *string              `json:"target_type,omitempty"`
+}
+
 // IssueCommentEvent is triggered when an issue comment is created on an issue
 // or pull request.
 // The Webhook event name is "issue_comment".
@@ -743,6 +827,74 @@ type PageBuildEvent struct {
 	Installation *Installation `json:"installation,omitempty"`
 }
 
+// PersonalAccessTokenRequestEvent occurs when there is activity relating to a
+// request for a fine-grained personal access token to access resources that
+// belong to a resource owner that requires approval for token access.
+// The webhook event name is "personal_access_token_request".
+//
+// GitHub API docs: https://docs.github.com/en/webhooks-and-events/webhooks/webhook-events-and-payloads#personal_access_token_request
+type PersonalAccessTokenRequestEvent struct {
+	// Action is the action that was performed. Possible values are:
+	// "approved", "cancelled", "created" or "denied"
+	Action                     *string                     `json:"action,omitempty"`
+	PersonalAccessTokenRequest *PersonalAccessTokenRequest `json:"personal_access_token_request,omitempty"`
+	Org                        *Organization               `json:"organization,omitempty"`
+	Sender                     *User                       `json:"sender,omitempty"`
+	Installation               *Installation               `json:"installation,omitempty"`
+}
+
+// PersonalAccessTokenRequest contains the details of a PersonalAccessTokenRequestEvent.
+type PersonalAccessTokenRequest struct {
+	// Unique identifier of the request for access via fine-grained personal
+	// access token. Used as the pat_request_id parameter in the list and review
+	// API calls.
+	ID    *int64 `json:"id,omitempty"`
+	Owner *User  `json:"owner,omitempty"`
+
+	// New requested permissions, categorized by type of permission.
+	PermissionsAdded *PersonalAccessTokenPermissions `json:"permissions_added,omitempty"`
+
+	// Requested permissions that elevate access for a previously approved
+	// request for access, categorized by type of permission.
+	PermissionsUpgraded *PersonalAccessTokenPermissions `json:"permissions_upgraded,omitempty"`
+
+	// Permissions requested, categorized by type of permission.
+	// This field incorporates permissions_added and permissions_upgraded.
+	PermissionsResult *PersonalAccessTokenPermissions `json:"permissions_result,omitempty"`
+
+	// Type of repository selection requested. Possible values are:
+	// "none", "all" or "subset"
+	RepositorySelection *string `json:"repository_selection,omitempty"`
+
+	// The number of repositories the token is requesting access to.
+	// This field is only populated when repository_selection is subset.
+	RepositoryCount *int64 `json:"repository_count,omitempty"`
+
+	// An array of repository objects the token is requesting access to.
+	// This field is only populated when repository_selection is subset.
+	Repositories []*Repository `json:"repositories,omitempty"`
+
+	// Date and time when the request for access was created.
+	CreatedAt *Timestamp `json:"created_at,omitempty"`
+
+	// Whether the associated fine-grained personal access token has expired.
+	TokenExpired *bool `json:"token_expired,omitempty"`
+
+	// Date and time when the associated fine-grained personal access token expires.
+	TokenExpiresAt *Timestamp `json:"token_expires_at,omitempty"`
+
+	// Date and time when the associated fine-grained personal access token was last used for authentication.
+	TokenLastUsedAt *Timestamp `json:"token_last_used_at,omitempty"`
+}
+
+// PersonalAccessTokenPermissions represents the original or newly requested
+// scope of permissions for a fine-grained personal access token within a PersonalAccessTokenRequest.
+type PersonalAccessTokenPermissions struct {
+	Org   map[string]string `json:"organization,omitempty"`
+	Repo  map[string]string `json:"repository,omitempty"`
+	Other map[string]string `json:"other,omitempty"`
+}
+
 // PingEvent is triggered when a Webhook is added to GitHub.
 //
 // GitHub API docs: https://developer.github.com/webhooks/#ping-event
@@ -811,6 +963,77 @@ type ProjectColumnEvent struct {
 	Installation *Installation `json:"installation,omitempty"`
 }
 
+// ProjectV2Event is triggered when there is activity relating to an organization-level project.
+// The Webhook event name is "projects_v2".
+//
+// GitHub API docs: https://docs.github.com/en/developers/webhooks-and-events/webhooks/webhook-events-and-payloads#projects_v2
+type ProjectV2Event struct {
+	Action     *string     `json:"action,omitempty"`
+	ProjectsV2 *ProjectsV2 `json:"projects_v2,omitempty"`
+
+	// The following fields are only populated by Webhook events.
+	Installation *Installation `json:"installation,omitempty"`
+	Org          *Organization `json:"organization,omitempty"`
+	Sender       *User         `json:"sender,omitempty"`
+}
+
+// ProjectsV2 represents a projects v2 project.
+type ProjectsV2 struct {
+	ID               *int64     `json:"id,omitempty"`
+	NodeID           *string    `json:"node_id,omitempty"`
+	Owner            *User      `json:"owner,omitempty"`
+	Creator          *User      `json:"creator,omitempty"`
+	Title            *string    `json:"title,omitempty"`
+	Description      *string    `json:"description,omitempty"`
+	Public           *bool      `json:"public,omitempty"`
+	ClosedAt         *Timestamp `json:"closed_at,omitempty"`
+	CreatedAt        *Timestamp `json:"created_at,omitempty"`
+	UpdatedAt        *Timestamp `json:"updated_at,omitempty"`
+	DeletedAt        *Timestamp `json:"deleted_at,omitempty"`
+	Number           *int       `json:"number,omitempty"`
+	ShortDescription *string    `json:"short_description,omitempty"`
+	DeletedBy        *User      `json:"deleted_by,omitempty"`
+}
+
+// ProjectV2ItemEvent is triggered when there is activity relating to an item on an organization-level project.
+// The Webhook event name is "projects_v2_item".
+//
+// GitHub API docs: https://docs.github.com/en/developers/webhooks-and-events/webhooks/webhook-events-and-payloads#projects_v2_item
+type ProjectV2ItemEvent struct {
+	Action        *string              `json:"action,omitempty"`
+	Changes       *ProjectV2ItemChange `json:"changes,omitempty"`
+	ProjectV2Item *ProjectV2Item       `json:"projects_v2_item,omitempty"`
+
+	// The following fields are only populated by Webhook events.
+	Installation *Installation `json:"installation,omitempty"`
+	Org          *Organization `json:"organization,omitempty"`
+	Sender       *User         `json:"sender,omitempty"`
+}
+
+// ProjectV2ItemChange represents a project v2 item change.
+type ProjectV2ItemChange struct {
+	ArchivedAt *ArchivedAt `json:"archived_at,omitempty"`
+}
+
+// ArchivedAt represents an archiving date change.
+type ArchivedAt struct {
+	From *Timestamp `json:"from,omitempty"`
+	To   *Timestamp `json:"to,omitempty"`
+}
+
+// ProjectsV2 represents an item belonging to a project.
+type ProjectV2Item struct {
+	ID            *int64     `json:"id,omitempty"`
+	NodeID        *string    `json:"node_id,omitempty"`
+	ProjectNodeID *string    `json:"project_node_id,omitempty"`
+	ContentNodeID *string    `json:"content_node_id,omitempty"`
+	ContentType   *string    `json:"content_type,omitempty"`
+	Creator       *User      `json:"creator,omitempty"`
+	CreatedAt     *Timestamp `json:"created_at,omitempty"`
+	UpdatedAt     *Timestamp `json:"updated_at,omitempty"`
+	ArchivedAt    *Timestamp `json:"archived_at,omitempty"`
+}
+
 // PublicEvent is triggered when a private repository is open sourced.
 // According to GitHub: "Without a doubt: the best GitHub event."
 // The Webhook event name is "public".
@@ -1062,6 +1285,7 @@ type PushEventRepository struct {
 	SSHURL          *string    `json:"ssh_url,omitempty"`
 	CloneURL        *string    `json:"clone_url,omitempty"`
 	SVNURL          *string    `json:"svn_url,omitempty"`
+	Topics          []string   `json:"topics,omitempty"`
 }
 
 // PushEventRepoOwner is a basic representation of user/org in a PushEvent payload.
@@ -1193,6 +1417,31 @@ type SecretScanningAlertEvent struct {
 	Installation *Installation `json:"installation,omitempty"`
 }
 
+// SecurityAndAnalysisEvent is triggered when code security and analysis features
+// are enabled or disabled for a repository.
+//
+// GitHub API docs: https://docs.github.com/en/webhooks-and-events/webhooks/webhook-events-and-payloads#security_and_analysis
+type SecurityAndAnalysisEvent struct {
+	Changes      *SecurityAndAnalysisChange `json:"changes,omitempty"`
+	Enterprise   *Enterprise                `json:"enterprise,omitempty"`
+	Installation *Installation              `json:"installation,omitempty"`
+	Organization *Organization              `json:"organization,omitempty"`
+	Repository   *Repository                `json:"repository,omitempty"`
+	Sender       *User                      `json:"sender,omitempty"`
+}
+
+// SecurityAndAnalysisChange represents the changes when security and analysis
+// features are enabled or disabled for a repository.
+type SecurityAndAnalysisChange struct {
+	From *SecurityAndAnalysisChangeFrom `json:"from,omitempty"`
+}
+
+// SecurityAndAnalysisChangeFrom represents which change was made when security
+// and analysis features are enabled or disabled for a repository.
+type SecurityAndAnalysisChangeFrom struct {
+	SecurityAndAnalysis *SecurityAndAnalysis `json:"security_and_analysis,omitempty"`
+}
+
 // StarEvent is triggered when a star is added or removed from a repository.
 // The Webhook event name is "star".
 //
@@ -1361,6 +1610,8 @@ type WorkflowRunEvent struct {
 //
 // GitHub API docs: https://docs.github.com/en/developers/webhooks-and-events/webhooks/webhook-events-and-payloads#security_advisory
 type SecurityAdvisory struct {
+	CVSS            *AdvisoryCVSS            `json:"cvss,omitempty"`
+	CWEs            []*AdvisoryCWEs          `json:"cwes,omitempty"`
 	GHSAID          *string                  `json:"ghsa_id,omitempty"`
 	Summary         *string                  `json:"summary,omitempty"`
 	Description     *string                  `json:"description,omitempty"`
@@ -1409,6 +1660,13 @@ type FirstPatchedVersion struct {
 type SecurityAdvisoryEvent struct {
 	Action           *string           `json:"action,omitempty"`
 	SecurityAdvisory *SecurityAdvisory `json:"security_advisory,omitempty"`
+
+	// The following fields are only populated by Webhook events.
+	Enterprise   *Enterprise   `json:"enterprise,omitempty"`
+	Installation *Installation `json:"installation,omitempty"`
+	Organization *Organization `json:"organization,omitempty"`
+	Repository   *Repository   `json:"repository,omitempty"`
+	Sender       *User         `json:"sender,omitempty"`
 }
 
 // CodeScanningAlertEvent is triggered when a code scanning finds a potential vulnerability or error in your code.
diff --git a/vendor/github.com/google/go-github/v50/github/gists.go b/vendor/github.com/google/go-github/v55/github/gists.go
similarity index 100%
rename from vendor/github.com/google/go-github/v50/github/gists.go
rename to vendor/github.com/google/go-github/v55/github/gists.go
diff --git a/vendor/github.com/google/go-github/v50/github/gists_comments.go b/vendor/github.com/google/go-github/v55/github/gists_comments.go
similarity index 100%
rename from vendor/github.com/google/go-github/v50/github/gists_comments.go
rename to vendor/github.com/google/go-github/v55/github/gists_comments.go
diff --git a/vendor/github.com/google/go-github/v50/github/git.go b/vendor/github.com/google/go-github/v55/github/git.go
similarity index 100%
rename from vendor/github.com/google/go-github/v50/github/git.go
rename to vendor/github.com/google/go-github/v55/github/git.go
diff --git a/vendor/github.com/google/go-github/v50/github/git_blobs.go b/vendor/github.com/google/go-github/v55/github/git_blobs.go
similarity index 100%
rename from vendor/github.com/google/go-github/v50/github/git_blobs.go
rename to vendor/github.com/google/go-github/v55/github/git_blobs.go
diff --git a/vendor/github.com/google/go-github/v50/github/git_commits.go b/vendor/github.com/google/go-github/v55/github/git_commits.go
similarity index 100%
rename from vendor/github.com/google/go-github/v50/github/git_commits.go
rename to vendor/github.com/google/go-github/v55/github/git_commits.go
diff --git a/vendor/github.com/google/go-github/v50/github/git_refs.go b/vendor/github.com/google/go-github/v55/github/git_refs.go
similarity index 100%
rename from vendor/github.com/google/go-github/v50/github/git_refs.go
rename to vendor/github.com/google/go-github/v55/github/git_refs.go
diff --git a/vendor/github.com/google/go-github/v50/github/git_tags.go b/vendor/github.com/google/go-github/v55/github/git_tags.go
similarity index 100%
rename from vendor/github.com/google/go-github/v50/github/git_tags.go
rename to vendor/github.com/google/go-github/v55/github/git_tags.go
diff --git a/vendor/github.com/google/go-github/v50/github/git_trees.go b/vendor/github.com/google/go-github/v55/github/git_trees.go
similarity index 100%
rename from vendor/github.com/google/go-github/v50/github/git_trees.go
rename to vendor/github.com/google/go-github/v55/github/git_trees.go
diff --git a/vendor/github.com/google/go-github/v50/github/github-accessors.go b/vendor/github.com/google/go-github/v55/github/github-accessors.go
similarity index 88%
rename from vendor/github.com/google/go-github/v50/github/github-accessors.go
rename to vendor/github.com/google/go-github/v55/github/github-accessors.go
index beeb2defc..560e0892e 100644
--- a/vendor/github.com/google/go-github/v50/github/github-accessors.go
+++ b/vendor/github.com/google/go-github/v55/github/github-accessors.go
@@ -214,6 +214,14 @@ func (a *ActionsVariable) GetVisibility() string {
 	return *a.Visibility
 }
 
+// GetCountryCode returns the CountryCode field if it's non-nil, zero value otherwise.
+func (a *ActorLocation) GetCountryCode() string {
+	if a == nil || a.CountryCode == nil {
+		return ""
+	}
+	return *a.CountryCode
+}
+
 // GetFrom returns the From field if it's non-nil, zero value otherwise.
 func (a *AdminEnforcedChanges) GetFrom() bool {
 	if a == nil || a.From == nil {
@@ -335,7 +343,7 @@ func (a *AdvancedSecurityCommittersBreakdown) GetUserLogin() string {
 }
 
 // GetScore returns the Score field.
-func (a *AdvisoryCVSs) GetScore() *float64 {
+func (a *AdvisoryCVSS) GetScore() *float64 {
 	if a == nil {
 		return nil
 	}
@@ -343,7 +351,7 @@ func (a *AdvisoryCVSs) GetScore() *float64 {
 }
 
 // GetVectorString returns the VectorString field if it's non-nil, zero value otherwise.
-func (a *AdvisoryCVSs) GetVectorString() string {
+func (a *AdvisoryCVSS) GetVectorString() string {
 	if a == nil || a.VectorString == nil {
 		return ""
 	}
@@ -678,6 +686,14 @@ func (a *App) GetID() int64 {
 	return *a.ID
 }
 
+// GetInstallationsCount returns the InstallationsCount field if it's non-nil, zero value otherwise.
+func (a *App) GetInstallationsCount() int {
+	if a == nil || a.InstallationsCount == nil {
+		return 0
+	}
+	return *a.InstallationsCount
+}
+
 // GetName returns the Name field if it's non-nil, zero value otherwise.
 func (a *App) GetName() string {
 	if a == nil || a.Name == nil {
@@ -838,6 +854,22 @@ func (a *AppConfig) GetWebhookSecret() string {
 	return *a.WebhookSecret
 }
 
+// GetFrom returns the From field if it's non-nil, zero value otherwise.
+func (a *ArchivedAt) GetFrom() Timestamp {
+	if a == nil || a.From == nil {
+		return Timestamp{}
+	}
+	return *a.From
+}
+
+// GetTo returns the To field if it's non-nil, zero value otherwise.
+func (a *ArchivedAt) GetTo() Timestamp {
+	if a == nil || a.To == nil {
+		return Timestamp{}
+	}
+	return *a.To
+}
+
 // GetArchiveDownloadURL returns the ArchiveDownloadURL field if it's non-nil, zero value otherwise.
 func (a *Artifact) GetArchiveDownloadURL() string {
 	if a == nil || a.ArchiveDownloadURL == nil {
@@ -1030,6 +1062,22 @@ func (a *AuditEntry) GetActor() string {
 	return *a.Actor
 }
 
+// GetActorIP returns the ActorIP field if it's non-nil, zero value otherwise.
+func (a *AuditEntry) GetActorIP() string {
+	if a == nil || a.ActorIP == nil {
+		return ""
+	}
+	return *a.ActorIP
+}
+
+// GetActorLocation returns the ActorLocation field.
+func (a *AuditEntry) GetActorLocation() *ActorLocation {
+	if a == nil {
+		return nil
+	}
+	return a.ActorLocation
+}
+
 // GetBlockedUser returns the BlockedUser field if it's non-nil, zero value otherwise.
 func (a *AuditEntry) GetBlockedUser() string {
 	if a == nil || a.BlockedUser == nil {
@@ -1102,6 +1150,14 @@ func (a *AuditEntry) GetCreatedAt() Timestamp {
 	return *a.CreatedAt
 }
 
+// GetData returns the Data field.
+func (a *AuditEntry) GetData() *AuditEntryData {
+	if a == nil {
+		return nil
+	}
+	return a.Data
+}
+
 // GetDeployKeyFingerprint returns the DeployKeyFingerprint field if it's non-nil, zero value otherwise.
 func (a *AuditEntry) GetDeployKeyFingerprint() string {
 	if a == nil || a.DeployKeyFingerprint == nil {
@@ -1158,6 +1214,14 @@ func (a *AuditEntry) GetFingerprint() string {
 	return *a.Fingerprint
 }
 
+// GetHashedToken returns the HashedToken field if it's non-nil, zero value otherwise.
+func (a *AuditEntry) GetHashedToken() string {
+	if a == nil || a.HashedToken == nil {
+		return ""
+	}
+	return *a.HashedToken
+}
+
 // GetHeadBranch returns the HeadBranch field if it's non-nil, zero value otherwise.
 func (a *AuditEntry) GetHeadBranch() string {
 	if a == nil || a.HeadBranch == nil {
@@ -1198,6 +1262,14 @@ func (a *AuditEntry) GetJobName() string {
 	return *a.JobName
 }
 
+// GetJobWorkflowRef returns the JobWorkflowRef field if it's non-nil, zero value otherwise.
+func (a *AuditEntry) GetJobWorkflowRef() string {
+	if a == nil || a.JobWorkflowRef == nil {
+		return ""
+	}
+	return *a.JobWorkflowRef
+}
+
 // GetLimitedAvailability returns the LimitedAvailability field if it's non-nil, zero value otherwise.
 func (a *AuditEntry) GetLimitedAvailability() bool {
 	if a == nil || a.LimitedAvailability == nil {
@@ -1222,6 +1294,14 @@ func (a *AuditEntry) GetName() string {
 	return *a.Name
 }
 
+// GetOAuthApplicationID returns the OAuthApplicationID field if it's non-nil, zero value otherwise.
+func (a *AuditEntry) GetOAuthApplicationID() int64 {
+	if a == nil || a.OAuthApplicationID == nil {
+		return 0
+	}
+	return *a.OAuthApplicationID
+}
+
 // GetOldPermission returns the OldPermission field if it's non-nil, zero value otherwise.
 func (a *AuditEntry) GetOldPermission() string {
 	if a == nil || a.OldPermission == nil {
@@ -1246,6 +1326,14 @@ func (a *AuditEntry) GetOpenSSHPublicKey() string {
 	return *a.OpenSSHPublicKey
 }
 
+// GetOperationType returns the OperationType field if it's non-nil, zero value otherwise.
+func (a *AuditEntry) GetOperationType() string {
+	if a == nil || a.OperationType == nil {
+		return ""
+	}
+	return *a.OperationType
+}
+
 // GetOrg returns the Org field if it's non-nil, zero value otherwise.
 func (a *AuditEntry) GetOrg() string {
 	if a == nil || a.Org == nil {
@@ -1254,6 +1342,14 @@ func (a *AuditEntry) GetOrg() string {
 	return *a.Org
 }
 
+// GetOrgID returns the OrgID field if it's non-nil, zero value otherwise.
+func (a *AuditEntry) GetOrgID() int64 {
+	if a == nil || a.OrgID == nil {
+		return 0
+	}
+	return *a.OrgID
+}
+
 // GetPermission returns the Permission field if it's non-nil, zero value otherwise.
 func (a *AuditEntry) GetPermission() string {
 	if a == nil || a.Permission == nil {
@@ -1270,6 +1366,38 @@ func (a *AuditEntry) GetPreviousVisibility() string {
 	return *a.PreviousVisibility
 }
 
+// GetProgrammaticAccessType returns the ProgrammaticAccessType field if it's non-nil, zero value otherwise.
+func (a *AuditEntry) GetProgrammaticAccessType() string {
+	if a == nil || a.ProgrammaticAccessType == nil {
+		return ""
+	}
+	return *a.ProgrammaticAccessType
+}
+
+// GetPullRequestID returns the PullRequestID field if it's non-nil, zero value otherwise.
+func (a *AuditEntry) GetPullRequestID() int64 {
+	if a == nil || a.PullRequestID == nil {
+		return 0
+	}
+	return *a.PullRequestID
+}
+
+// GetPullRequestTitle returns the PullRequestTitle field if it's non-nil, zero value otherwise.
+func (a *AuditEntry) GetPullRequestTitle() string {
+	if a == nil || a.PullRequestTitle == nil {
+		return ""
+	}
+	return *a.PullRequestTitle
+}
+
+// GetPullRequestURL returns the PullRequestURL field if it's non-nil, zero value otherwise.
+func (a *AuditEntry) GetPullRequestURL() string {
+	if a == nil || a.PullRequestURL == nil {
+		return ""
+	}
+	return *a.PullRequestURL
+}
+
 // GetReadOnly returns the ReadOnly field if it's non-nil, zero value otherwise.
 func (a *AuditEntry) GetReadOnly() string {
 	if a == nil || a.ReadOnly == nil {
@@ -1342,6 +1470,14 @@ func (a *AuditEntry) GetRunnerName() string {
 	return *a.RunnerName
 }
 
+// GetRunNumber returns the RunNumber field if it's non-nil, zero value otherwise.
+func (a *AuditEntry) GetRunNumber() int64 {
+	if a == nil || a.RunNumber == nil {
+		return 0
+	}
+	return *a.RunNumber
+}
+
 // GetSourceVersion returns the SourceVersion field if it's non-nil, zero value otherwise.
 func (a *AuditEntry) GetSourceVersion() string {
 	if a == nil || a.SourceVersion == nil {
@@ -1390,6 +1526,30 @@ func (a *AuditEntry) GetTimestamp() Timestamp {
 	return *a.Timestamp
 }
 
+// GetTokenID returns the TokenID field if it's non-nil, zero value otherwise.
+func (a *AuditEntry) GetTokenID() int64 {
+	if a == nil || a.TokenID == nil {
+		return 0
+	}
+	return *a.TokenID
+}
+
+// GetTokenScopes returns the TokenScopes field if it's non-nil, zero value otherwise.
+func (a *AuditEntry) GetTokenScopes() string {
+	if a == nil || a.TokenScopes == nil {
+		return ""
+	}
+	return *a.TokenScopes
+}
+
+// GetTopic returns the Topic field if it's non-nil, zero value otherwise.
+func (a *AuditEntry) GetTopic() string {
+	if a == nil || a.Topic == nil {
+		return ""
+	}
+	return *a.Topic
+}
+
 // GetTransportProtocol returns the TransportProtocol field if it's non-nil, zero value otherwise.
 func (a *AuditEntry) GetTransportProtocol() int {
 	if a == nil || a.TransportProtocol == nil {
@@ -1422,6 +1582,14 @@ func (a *AuditEntry) GetUser() string {
 	return *a.User
 }
 
+// GetUserAgent returns the UserAgent field if it's non-nil, zero value otherwise.
+func (a *AuditEntry) GetUserAgent() string {
+	if a == nil || a.UserAgent == nil {
+		return ""
+	}
+	return *a.UserAgent
+}
+
 // GetVisibility returns the Visibility field if it's non-nil, zero value otherwise.
 func (a *AuditEntry) GetVisibility() string {
 	if a == nil || a.Visibility == nil {
@@ -1446,6 +1614,22 @@ func (a *AuditEntry) GetWorkflowRunID() int64 {
 	return *a.WorkflowRunID
 }
 
+// GetOldLogin returns the OldLogin field if it's non-nil, zero value otherwise.
+func (a *AuditEntryData) GetOldLogin() string {
+	if a == nil || a.OldLogin == nil {
+		return ""
+	}
+	return *a.OldLogin
+}
+
+// GetOldName returns the OldName field if it's non-nil, zero value otherwise.
+func (a *AuditEntryData) GetOldName() string {
+	if a == nil || a.OldName == nil {
+		return ""
+	}
+	return *a.OldName
+}
+
 // GetApp returns the App field.
 func (a *Authorization) GetApp() *AuthorizationApp {
 	if a == nil {
@@ -1702,6 +1886,22 @@ func (a *AutolinkOptions) GetURLTemplate() string {
 	return *a.URLTemplate
 }
 
+// GetEnabled returns the Enabled field if it's non-nil, zero value otherwise.
+func (a *AutomatedSecurityFixes) GetEnabled() bool {
+	if a == nil || a.Enabled == nil {
+		return false
+	}
+	return *a.Enabled
+}
+
+// GetPaused returns the Paused field if it's non-nil, zero value otherwise.
+func (a *AutomatedSecurityFixes) GetPaused() bool {
+	if a == nil || a.Paused == nil {
+		return false
+	}
+	return *a.Paused
+}
+
 // GetAppID returns the AppID field if it's non-nil, zero value otherwise.
 func (a *AutoTriggerCheck) GetAppID() int64 {
 	if a == nil || a.AppID == nil {
@@ -2078,6 +2278,30 @@ func (b *BranchProtectionRuleEvent) GetSender() *User {
 	return b.Sender
 }
 
+// GetActorID returns the ActorID field if it's non-nil, zero value otherwise.
+func (b *BypassActor) GetActorID() int64 {
+	if b == nil || b.ActorID == nil {
+		return 0
+	}
+	return *b.ActorID
+}
+
+// GetActorType returns the ActorType field if it's non-nil, zero value otherwise.
+func (b *BypassActor) GetActorType() string {
+	if b == nil || b.ActorType == nil {
+		return ""
+	}
+	return *b.ActorType
+}
+
+// GetBypassMode returns the BypassMode field if it's non-nil, zero value otherwise.
+func (b *BypassActor) GetBypassMode() string {
+	if b == nil || b.BypassMode == nil {
+		return ""
+	}
+	return *b.BypassMode
+}
+
 // GetApp returns the App field.
 func (c *CheckRun) GetApp() *App {
 	if c == nil {
@@ -2606,6 +2830,78 @@ func (c *CodeownersError) GetSuggestion() string {
 	return *c.Suggestion
 }
 
+// GetContentType returns the ContentType field if it's non-nil, zero value otherwise.
+func (c *CodeQLDatabase) GetContentType() string {
+	if c == nil || c.ContentType == nil {
+		return ""
+	}
+	return *c.ContentType
+}
+
+// GetCreatedAt returns the CreatedAt field if it's non-nil, zero value otherwise.
+func (c *CodeQLDatabase) GetCreatedAt() Timestamp {
+	if c == nil || c.CreatedAt == nil {
+		return Timestamp{}
+	}
+	return *c.CreatedAt
+}
+
+// GetID returns the ID field if it's non-nil, zero value otherwise.
+func (c *CodeQLDatabase) GetID() int64 {
+	if c == nil || c.ID == nil {
+		return 0
+	}
+	return *c.ID
+}
+
+// GetLanguage returns the Language field if it's non-nil, zero value otherwise.
+func (c *CodeQLDatabase) GetLanguage() string {
+	if c == nil || c.Language == nil {
+		return ""
+	}
+	return *c.Language
+}
+
+// GetName returns the Name field if it's non-nil, zero value otherwise.
+func (c *CodeQLDatabase) GetName() string {
+	if c == nil || c.Name == nil {
+		return ""
+	}
+	return *c.Name
+}
+
+// GetSize returns the Size field if it's non-nil, zero value otherwise.
+func (c *CodeQLDatabase) GetSize() int64 {
+	if c == nil || c.Size == nil {
+		return 0
+	}
+	return *c.Size
+}
+
+// GetUpdatedAt returns the UpdatedAt field if it's non-nil, zero value otherwise.
+func (c *CodeQLDatabase) GetUpdatedAt() Timestamp {
+	if c == nil || c.UpdatedAt == nil {
+		return Timestamp{}
+	}
+	return *c.UpdatedAt
+}
+
+// GetUploader returns the Uploader field.
+func (c *CodeQLDatabase) GetUploader() *User {
+	if c == nil {
+		return nil
+	}
+	return c.Uploader
+}
+
+// GetURL returns the URL field if it's non-nil, zero value otherwise.
+func (c *CodeQLDatabase) GetURL() string {
+	if c == nil || c.URL == nil {
+		return ""
+	}
+	return *c.URL
+}
+
 // GetHTMLURL returns the HTMLURL field if it's non-nil, zero value otherwise.
 func (c *CodeResult) GetHTMLURL() string {
 	if c == nil || c.HTMLURL == nil {
@@ -2742,113 +3038,449 @@ func (c *CodeSearchResult) GetTotal() int {
 	return *c.Total
 }
 
+// GetBillableOwner returns the BillableOwner field.
+func (c *Codespace) GetBillableOwner() *User {
+	if c == nil {
+		return nil
+	}
+	return c.BillableOwner
+}
+
 // GetCreatedAt returns the CreatedAt field if it's non-nil, zero value otherwise.
-func (c *CollaboratorInvitation) GetCreatedAt() Timestamp {
+func (c *Codespace) GetCreatedAt() Timestamp {
 	if c == nil || c.CreatedAt == nil {
 		return Timestamp{}
 	}
 	return *c.CreatedAt
 }
 
-// GetHTMLURL returns the HTMLURL field if it's non-nil, zero value otherwise.
-func (c *CollaboratorInvitation) GetHTMLURL() string {
-	if c == nil || c.HTMLURL == nil {
+// GetDevcontainerPath returns the DevcontainerPath field if it's non-nil, zero value otherwise.
+func (c *Codespace) GetDevcontainerPath() string {
+	if c == nil || c.DevcontainerPath == nil {
 		return ""
 	}
-	return *c.HTMLURL
+	return *c.DevcontainerPath
 }
 
-// GetID returns the ID field if it's non-nil, zero value otherwise.
-func (c *CollaboratorInvitation) GetID() int64 {
-	if c == nil || c.ID == nil {
-		return 0
+// GetDisplayName returns the DisplayName field if it's non-nil, zero value otherwise.
+func (c *Codespace) GetDisplayName() string {
+	if c == nil || c.DisplayName == nil {
+		return ""
 	}
-	return *c.ID
+	return *c.DisplayName
 }
 
-// GetInvitee returns the Invitee field.
-func (c *CollaboratorInvitation) GetInvitee() *User {
-	if c == nil {
-		return nil
+// GetEnvironmentID returns the EnvironmentID field if it's non-nil, zero value otherwise.
+func (c *Codespace) GetEnvironmentID() string {
+	if c == nil || c.EnvironmentID == nil {
+		return ""
 	}
-	return c.Invitee
+	return *c.EnvironmentID
 }
 
-// GetInviter returns the Inviter field.
-func (c *CollaboratorInvitation) GetInviter() *User {
+// GetGitStatus returns the GitStatus field.
+func (c *Codespace) GetGitStatus() *CodespacesGitStatus {
 	if c == nil {
 		return nil
 	}
-	return c.Inviter
+	return c.GitStatus
 }
 
-// GetPermissions returns the Permissions field if it's non-nil, zero value otherwise.
-func (c *CollaboratorInvitation) GetPermissions() string {
-	if c == nil || c.Permissions == nil {
-		return ""
+// GetID returns the ID field if it's non-nil, zero value otherwise.
+func (c *Codespace) GetID() int64 {
+	if c == nil || c.ID == nil {
+		return 0
 	}
-	return *c.Permissions
+	return *c.ID
 }
 
-// GetRepo returns the Repo field.
-func (c *CollaboratorInvitation) GetRepo() *Repository {
-	if c == nil {
-		return nil
+// GetIdleTimeoutMinutes returns the IdleTimeoutMinutes field if it's non-nil, zero value otherwise.
+func (c *Codespace) GetIdleTimeoutMinutes() int {
+	if c == nil || c.IdleTimeoutMinutes == nil {
+		return 0
 	}
-	return c.Repo
+	return *c.IdleTimeoutMinutes
 }
 
-// GetURL returns the URL field if it's non-nil, zero value otherwise.
-func (c *CollaboratorInvitation) GetURL() string {
-	if c == nil || c.URL == nil {
+// GetIdleTimeoutNotice returns the IdleTimeoutNotice field if it's non-nil, zero value otherwise.
+func (c *Codespace) GetIdleTimeoutNotice() string {
+	if c == nil || c.IdleTimeoutNotice == nil {
 		return ""
 	}
-	return *c.URL
+	return *c.IdleTimeoutNotice
 }
 
-// GetCommitURL returns the CommitURL field if it's non-nil, zero value otherwise.
-func (c *CombinedStatus) GetCommitURL() string {
-	if c == nil || c.CommitURL == nil {
+// GetLastKnownStopNotice returns the LastKnownStopNotice field if it's non-nil, zero value otherwise.
+func (c *Codespace) GetLastKnownStopNotice() string {
+	if c == nil || c.LastKnownStopNotice == nil {
 		return ""
 	}
-	return *c.CommitURL
+	return *c.LastKnownStopNotice
 }
 
-// GetName returns the Name field if it's non-nil, zero value otherwise.
-func (c *CombinedStatus) GetName() string {
-	if c == nil || c.Name == nil {
-		return ""
+// GetLastUsedAt returns the LastUsedAt field if it's non-nil, zero value otherwise.
+func (c *Codespace) GetLastUsedAt() Timestamp {
+	if c == nil || c.LastUsedAt == nil {
+		return Timestamp{}
 	}
-	return *c.Name
+	return *c.LastUsedAt
 }
 
-// GetRepositoryURL returns the RepositoryURL field if it's non-nil, zero value otherwise.
-func (c *CombinedStatus) GetRepositoryURL() string {
-	if c == nil || c.RepositoryURL == nil {
+// GetLocation returns the Location field if it's non-nil, zero value otherwise.
+func (c *Codespace) GetLocation() string {
+	if c == nil || c.Location == nil {
 		return ""
 	}
-	return *c.RepositoryURL
+	return *c.Location
 }
 
-// GetSHA returns the SHA field if it's non-nil, zero value otherwise.
-func (c *CombinedStatus) GetSHA() string {
-	if c == nil || c.SHA == nil {
-		return ""
+// GetMachine returns the Machine field.
+func (c *Codespace) GetMachine() *CodespacesMachine {
+	if c == nil {
+		return nil
 	}
-	return *c.SHA
+	return c.Machine
 }
 
-// GetState returns the State field if it's non-nil, zero value otherwise.
-func (c *CombinedStatus) GetState() string {
-	if c == nil || c.State == nil {
+// GetMachinesURL returns the MachinesURL field if it's non-nil, zero value otherwise.
+func (c *Codespace) GetMachinesURL() string {
+	if c == nil || c.MachinesURL == nil {
 		return ""
 	}
-	return *c.State
+	return *c.MachinesURL
 }
 
-// GetTotalCount returns the TotalCount field if it's non-nil, zero value otherwise.
-func (c *CombinedStatus) GetTotalCount() int {
-	if c == nil || c.TotalCount == nil {
+// GetName returns the Name field if it's non-nil, zero value otherwise.
+func (c *Codespace) GetName() string {
+	if c == nil || c.Name == nil {
+		return ""
+	}
+	return *c.Name
+}
+
+// GetOwner returns the Owner field.
+func (c *Codespace) GetOwner() *User {
+	if c == nil {
+		return nil
+	}
+	return c.Owner
+}
+
+// GetPendingOperation returns the PendingOperation field if it's non-nil, zero value otherwise.
+func (c *Codespace) GetPendingOperation() bool {
+	if c == nil || c.PendingOperation == nil {
+		return false
+	}
+	return *c.PendingOperation
+}
+
+// GetPendingOperationDisabledReason returns the PendingOperationDisabledReason field if it's non-nil, zero value otherwise.
+func (c *Codespace) GetPendingOperationDisabledReason() string {
+	if c == nil || c.PendingOperationDisabledReason == nil {
+		return ""
+	}
+	return *c.PendingOperationDisabledReason
+}
+
+// GetPrebuild returns the Prebuild field if it's non-nil, zero value otherwise.
+func (c *Codespace) GetPrebuild() bool {
+	if c == nil || c.Prebuild == nil {
+		return false
+	}
+	return *c.Prebuild
+}
+
+// GetPullsURL returns the PullsURL field if it's non-nil, zero value otherwise.
+func (c *Codespace) GetPullsURL() string {
+	if c == nil || c.PullsURL == nil {
+		return ""
+	}
+	return *c.PullsURL
+}
+
+// GetRepository returns the Repository field.
+func (c *Codespace) GetRepository() *Repository {
+	if c == nil {
+		return nil
+	}
+	return c.Repository
+}
+
+// GetRetentionExpiresAt returns the RetentionExpiresAt field if it's non-nil, zero value otherwise.
+func (c *Codespace) GetRetentionExpiresAt() Timestamp {
+	if c == nil || c.RetentionExpiresAt == nil {
+		return Timestamp{}
+	}
+	return *c.RetentionExpiresAt
+}
+
+// GetRetentionPeriodMinutes returns the RetentionPeriodMinutes field if it's non-nil, zero value otherwise.
+func (c *Codespace) GetRetentionPeriodMinutes() int {
+	if c == nil || c.RetentionPeriodMinutes == nil {
+		return 0
+	}
+	return *c.RetentionPeriodMinutes
+}
+
+// GetRuntimeConstraints returns the RuntimeConstraints field.
+func (c *Codespace) GetRuntimeConstraints() *CodespacesRuntimeConstraints {
+	if c == nil {
+		return nil
+	}
+	return c.RuntimeConstraints
+}
+
+// GetStartURL returns the StartURL field if it's non-nil, zero value otherwise.
+func (c *Codespace) GetStartURL() string {
+	if c == nil || c.StartURL == nil {
+		return ""
+	}
+	return *c.StartURL
+}
+
+// GetState returns the State field if it's non-nil, zero value otherwise.
+func (c *Codespace) GetState() string {
+	if c == nil || c.State == nil {
+		return ""
+	}
+	return *c.State
+}
+
+// GetStopURL returns the StopURL field if it's non-nil, zero value otherwise.
+func (c *Codespace) GetStopURL() string {
+	if c == nil || c.StopURL == nil {
+		return ""
+	}
+	return *c.StopURL
+}
+
+// GetUpdatedAt returns the UpdatedAt field if it's non-nil, zero value otherwise.
+func (c *Codespace) GetUpdatedAt() Timestamp {
+	if c == nil || c.UpdatedAt == nil {
+		return Timestamp{}
+	}
+	return *c.UpdatedAt
+}
+
+// GetURL returns the URL field if it's non-nil, zero value otherwise.
+func (c *Codespace) GetURL() string {
+	if c == nil || c.URL == nil {
+		return ""
+	}
+	return *c.URL
+}
+
+// GetWebURL returns the WebURL field if it's non-nil, zero value otherwise.
+func (c *Codespace) GetWebURL() string {
+	if c == nil || c.WebURL == nil {
+		return ""
+	}
+	return *c.WebURL
+}
+
+// GetAhead returns the Ahead field if it's non-nil, zero value otherwise.
+func (c *CodespacesGitStatus) GetAhead() int {
+	if c == nil || c.Ahead == nil {
+		return 0
+	}
+	return *c.Ahead
+}
+
+// GetBehind returns the Behind field if it's non-nil, zero value otherwise.
+func (c *CodespacesGitStatus) GetBehind() int {
+	if c == nil || c.Behind == nil {
+		return 0
+	}
+	return *c.Behind
+}
+
+// GetHasUncommittedChanges returns the HasUncommittedChanges field if it's non-nil, zero value otherwise.
+func (c *CodespacesGitStatus) GetHasUncommittedChanges() bool {
+	if c == nil || c.HasUncommittedChanges == nil {
+		return false
+	}
+	return *c.HasUncommittedChanges
+}
+
+// GetHasUnpushedChanges returns the HasUnpushedChanges field if it's non-nil, zero value otherwise.
+func (c *CodespacesGitStatus) GetHasUnpushedChanges() bool {
+	if c == nil || c.HasUnpushedChanges == nil {
+		return false
+	}
+	return *c.HasUnpushedChanges
+}
+
+// GetRef returns the Ref field if it's non-nil, zero value otherwise.
+func (c *CodespacesGitStatus) GetRef() string {
+	if c == nil || c.Ref == nil {
+		return ""
+	}
+	return *c.Ref
+}
+
+// GetCPUs returns the CPUs field if it's non-nil, zero value otherwise.
+func (c *CodespacesMachine) GetCPUs() int {
+	if c == nil || c.CPUs == nil {
+		return 0
+	}
+	return *c.CPUs
+}
+
+// GetDisplayName returns the DisplayName field if it's non-nil, zero value otherwise.
+func (c *CodespacesMachine) GetDisplayName() string {
+	if c == nil || c.DisplayName == nil {
+		return ""
+	}
+	return *c.DisplayName
+}
+
+// GetMemoryInBytes returns the MemoryInBytes field if it's non-nil, zero value otherwise.
+func (c *CodespacesMachine) GetMemoryInBytes() int64 {
+	if c == nil || c.MemoryInBytes == nil {
+		return 0
+	}
+	return *c.MemoryInBytes
+}
+
+// GetName returns the Name field if it's non-nil, zero value otherwise.
+func (c *CodespacesMachine) GetName() string {
+	if c == nil || c.Name == nil {
+		return ""
+	}
+	return *c.Name
+}
+
+// GetOperatingSystem returns the OperatingSystem field if it's non-nil, zero value otherwise.
+func (c *CodespacesMachine) GetOperatingSystem() string {
+	if c == nil || c.OperatingSystem == nil {
+		return ""
+	}
+	return *c.OperatingSystem
+}
+
+// GetPrebuildAvailability returns the PrebuildAvailability field if it's non-nil, zero value otherwise.
+func (c *CodespacesMachine) GetPrebuildAvailability() string {
+	if c == nil || c.PrebuildAvailability == nil {
+		return ""
+	}
+	return *c.PrebuildAvailability
+}
+
+// GetStorageInBytes returns the StorageInBytes field if it's non-nil, zero value otherwise.
+func (c *CodespacesMachine) GetStorageInBytes() int64 {
+	if c == nil || c.StorageInBytes == nil {
+		return 0
+	}
+	return *c.StorageInBytes
+}
+
+// GetCreatedAt returns the CreatedAt field if it's non-nil, zero value otherwise.
+func (c *CollaboratorInvitation) GetCreatedAt() Timestamp {
+	if c == nil || c.CreatedAt == nil {
+		return Timestamp{}
+	}
+	return *c.CreatedAt
+}
+
+// GetHTMLURL returns the HTMLURL field if it's non-nil, zero value otherwise.
+func (c *CollaboratorInvitation) GetHTMLURL() string {
+	if c == nil || c.HTMLURL == nil {
+		return ""
+	}
+	return *c.HTMLURL
+}
+
+// GetID returns the ID field if it's non-nil, zero value otherwise.
+func (c *CollaboratorInvitation) GetID() int64 {
+	if c == nil || c.ID == nil {
+		return 0
+	}
+	return *c.ID
+}
+
+// GetInvitee returns the Invitee field.
+func (c *CollaboratorInvitation) GetInvitee() *User {
+	if c == nil {
+		return nil
+	}
+	return c.Invitee
+}
+
+// GetInviter returns the Inviter field.
+func (c *CollaboratorInvitation) GetInviter() *User {
+	if c == nil {
+		return nil
+	}
+	return c.Inviter
+}
+
+// GetPermissions returns the Permissions field if it's non-nil, zero value otherwise.
+func (c *CollaboratorInvitation) GetPermissions() string {
+	if c == nil || c.Permissions == nil {
+		return ""
+	}
+	return *c.Permissions
+}
+
+// GetRepo returns the Repo field.
+func (c *CollaboratorInvitation) GetRepo() *Repository {
+	if c == nil {
+		return nil
+	}
+	return c.Repo
+}
+
+// GetURL returns the URL field if it's non-nil, zero value otherwise.
+func (c *CollaboratorInvitation) GetURL() string {
+	if c == nil || c.URL == nil {
+		return ""
+	}
+	return *c.URL
+}
+
+// GetCommitURL returns the CommitURL field if it's non-nil, zero value otherwise.
+func (c *CombinedStatus) GetCommitURL() string {
+	if c == nil || c.CommitURL == nil {
+		return ""
+	}
+	return *c.CommitURL
+}
+
+// GetName returns the Name field if it's non-nil, zero value otherwise.
+func (c *CombinedStatus) GetName() string {
+	if c == nil || c.Name == nil {
+		return ""
+	}
+	return *c.Name
+}
+
+// GetRepositoryURL returns the RepositoryURL field if it's non-nil, zero value otherwise.
+func (c *CombinedStatus) GetRepositoryURL() string {
+	if c == nil || c.RepositoryURL == nil {
+		return ""
+	}
+	return *c.RepositoryURL
+}
+
+// GetSHA returns the SHA field if it's non-nil, zero value otherwise.
+func (c *CombinedStatus) GetSHA() string {
+	if c == nil || c.SHA == nil {
+		return ""
+	}
+	return *c.SHA
+}
+
+// GetState returns the State field if it's non-nil, zero value otherwise.
+func (c *CombinedStatus) GetState() string {
+	if c == nil || c.State == nil {
+		return ""
+	}
+	return *c.State
+}
+
+// GetTotalCount returns the TotalCount field if it's non-nil, zero value otherwise.
+func (c *CombinedStatus) GetTotalCount() int {
+	if c == nil || c.TotalCount == nil {
 		return 0
 	}
 	return *c.TotalCount
@@ -3862,23 +4494,103 @@ func (c *CreateCheckSuiteOptions) GetHeadBranch() string {
 	return *c.HeadBranch
 }
 
-// GetDescription returns the Description field if it's non-nil, zero value otherwise.
-func (c *CreateEvent) GetDescription() string {
-	if c == nil || c.Description == nil {
+// GetClientIP returns the ClientIP field if it's non-nil, zero value otherwise.
+func (c *CreateCodespaceOptions) GetClientIP() string {
+	if c == nil || c.ClientIP == nil {
 		return ""
 	}
-	return *c.Description
+	return *c.ClientIP
 }
 
-// GetInstallation returns the Installation field.
-func (c *CreateEvent) GetInstallation() *Installation {
-	if c == nil {
-		return nil
+// GetDevcontainerPath returns the DevcontainerPath field if it's non-nil, zero value otherwise.
+func (c *CreateCodespaceOptions) GetDevcontainerPath() string {
+	if c == nil || c.DevcontainerPath == nil {
+		return ""
 	}
-	return c.Installation
+	return *c.DevcontainerPath
 }
 
-// GetMasterBranch returns the MasterBranch field if it's non-nil, zero value otherwise.
+// GetDisplayName returns the DisplayName field if it's non-nil, zero value otherwise.
+func (c *CreateCodespaceOptions) GetDisplayName() string {
+	if c == nil || c.DisplayName == nil {
+		return ""
+	}
+	return *c.DisplayName
+}
+
+// GetGeo returns the Geo field if it's non-nil, zero value otherwise.
+func (c *CreateCodespaceOptions) GetGeo() string {
+	if c == nil || c.Geo == nil {
+		return ""
+	}
+	return *c.Geo
+}
+
+// GetIdleTimeoutMinutes returns the IdleTimeoutMinutes field if it's non-nil, zero value otherwise.
+func (c *CreateCodespaceOptions) GetIdleTimeoutMinutes() int {
+	if c == nil || c.IdleTimeoutMinutes == nil {
+		return 0
+	}
+	return *c.IdleTimeoutMinutes
+}
+
+// GetMachine returns the Machine field if it's non-nil, zero value otherwise.
+func (c *CreateCodespaceOptions) GetMachine() string {
+	if c == nil || c.Machine == nil {
+		return ""
+	}
+	return *c.Machine
+}
+
+// GetMultiRepoPermissionsOptOut returns the MultiRepoPermissionsOptOut field if it's non-nil, zero value otherwise.
+func (c *CreateCodespaceOptions) GetMultiRepoPermissionsOptOut() bool {
+	if c == nil || c.MultiRepoPermissionsOptOut == nil {
+		return false
+	}
+	return *c.MultiRepoPermissionsOptOut
+}
+
+// GetRef returns the Ref field if it's non-nil, zero value otherwise.
+func (c *CreateCodespaceOptions) GetRef() string {
+	if c == nil || c.Ref == nil {
+		return ""
+	}
+	return *c.Ref
+}
+
+// GetRetentionPeriodMinutes returns the RetentionPeriodMinutes field if it's non-nil, zero value otherwise.
+func (c *CreateCodespaceOptions) GetRetentionPeriodMinutes() int {
+	if c == nil || c.RetentionPeriodMinutes == nil {
+		return 0
+	}
+	return *c.RetentionPeriodMinutes
+}
+
+// GetWorkingDirectory returns the WorkingDirectory field if it's non-nil, zero value otherwise.
+func (c *CreateCodespaceOptions) GetWorkingDirectory() string {
+	if c == nil || c.WorkingDirectory == nil {
+		return ""
+	}
+	return *c.WorkingDirectory
+}
+
+// GetDescription returns the Description field if it's non-nil, zero value otherwise.
+func (c *CreateEvent) GetDescription() string {
+	if c == nil || c.Description == nil {
+		return ""
+	}
+	return *c.Description
+}
+
+// GetInstallation returns the Installation field.
+func (c *CreateEvent) GetInstallation() *Installation {
+	if c == nil {
+		return nil
+	}
+	return c.Installation
+}
+
+// GetMasterBranch returns the MasterBranch field if it's non-nil, zero value otherwise.
 func (c *CreateEvent) GetMasterBranch() string {
 	if c == nil || c.MasterBranch == nil {
 		return ""
@@ -4022,6 +4734,14 @@ func (c *CreateRunnerGroupRequest) GetVisibility() string {
 	return *c.Visibility
 }
 
+// GetCanAdminsBypass returns the CanAdminsBypass field if it's non-nil, zero value otherwise.
+func (c *CreateUpdateEnvironment) GetCanAdminsBypass() bool {
+	if c == nil || c.CanAdminsBypass == nil {
+		return false
+	}
+	return *c.CanAdminsBypass
+}
+
 // GetDeploymentBranchPolicy returns the DeploymentBranchPolicy field.
 func (c *CreateUpdateEnvironment) GetDeploymentBranchPolicy() *BranchPolicy {
 	if c == nil {
@@ -4038,6 +4758,38 @@ func (c *CreateUpdateEnvironment) GetWaitTimer() int {
 	return *c.WaitTimer
 }
 
+// GetRepositoryID returns the RepositoryID field if it's non-nil, zero value otherwise.
+func (c *CreateUpdateRequiredWorkflowOptions) GetRepositoryID() int64 {
+	if c == nil || c.RepositoryID == nil {
+		return 0
+	}
+	return *c.RepositoryID
+}
+
+// GetScope returns the Scope field if it's non-nil, zero value otherwise.
+func (c *CreateUpdateRequiredWorkflowOptions) GetScope() string {
+	if c == nil || c.Scope == nil {
+		return ""
+	}
+	return *c.Scope
+}
+
+// GetSelectedRepositoryIDs returns the SelectedRepositoryIDs field.
+func (c *CreateUpdateRequiredWorkflowOptions) GetSelectedRepositoryIDs() *SelectedRepoIDs {
+	if c == nil {
+		return nil
+	}
+	return c.SelectedRepositoryIDs
+}
+
+// GetWorkflowFilePath returns the WorkflowFilePath field if it's non-nil, zero value otherwise.
+func (c *CreateUpdateRequiredWorkflowOptions) GetWorkflowFilePath() string {
+	if c == nil || c.WorkflowFilePath == nil {
+		return ""
+	}
+	return *c.WorkflowFilePath
+}
+
 // GetBody returns the Body field if it's non-nil, zero value otherwise.
 func (c *CreateUserProjectOptions) GetBody() string {
 	if c == nil || c.Body == nil {
@@ -4046,6 +4798,102 @@ func (c *CreateUserProjectOptions) GetBody() string {
 	return *c.Body
 }
 
+// GetCreated returns the Created field if it's non-nil, zero value otherwise.
+func (c *CreationInfo) GetCreated() Timestamp {
+	if c == nil || c.Created == nil {
+		return Timestamp{}
+	}
+	return *c.Created
+}
+
+// GetAuthorizedCredentialExpiresAt returns the AuthorizedCredentialExpiresAt field if it's non-nil, zero value otherwise.
+func (c *CredentialAuthorization) GetAuthorizedCredentialExpiresAt() Timestamp {
+	if c == nil || c.AuthorizedCredentialExpiresAt == nil {
+		return Timestamp{}
+	}
+	return *c.AuthorizedCredentialExpiresAt
+}
+
+// GetAuthorizedCredentialID returns the AuthorizedCredentialID field if it's non-nil, zero value otherwise.
+func (c *CredentialAuthorization) GetAuthorizedCredentialID() int64 {
+	if c == nil || c.AuthorizedCredentialID == nil {
+		return 0
+	}
+	return *c.AuthorizedCredentialID
+}
+
+// GetAuthorizedCredentialNote returns the AuthorizedCredentialNote field if it's non-nil, zero value otherwise.
+func (c *CredentialAuthorization) GetAuthorizedCredentialNote() string {
+	if c == nil || c.AuthorizedCredentialNote == nil {
+		return ""
+	}
+	return *c.AuthorizedCredentialNote
+}
+
+// GetAuthorizedCredentialTitle returns the AuthorizedCredentialTitle field if it's non-nil, zero value otherwise.
+func (c *CredentialAuthorization) GetAuthorizedCredentialTitle() string {
+	if c == nil || c.AuthorizedCredentialTitle == nil {
+		return ""
+	}
+	return *c.AuthorizedCredentialTitle
+}
+
+// GetCredentialAccessedAt returns the CredentialAccessedAt field if it's non-nil, zero value otherwise.
+func (c *CredentialAuthorization) GetCredentialAccessedAt() Timestamp {
+	if c == nil || c.CredentialAccessedAt == nil {
+		return Timestamp{}
+	}
+	return *c.CredentialAccessedAt
+}
+
+// GetCredentialAuthorizedAt returns the CredentialAuthorizedAt field if it's non-nil, zero value otherwise.
+func (c *CredentialAuthorization) GetCredentialAuthorizedAt() Timestamp {
+	if c == nil || c.CredentialAuthorizedAt == nil {
+		return Timestamp{}
+	}
+	return *c.CredentialAuthorizedAt
+}
+
+// GetCredentialID returns the CredentialID field if it's non-nil, zero value otherwise.
+func (c *CredentialAuthorization) GetCredentialID() int64 {
+	if c == nil || c.CredentialID == nil {
+		return 0
+	}
+	return *c.CredentialID
+}
+
+// GetCredentialType returns the CredentialType field if it's non-nil, zero value otherwise.
+func (c *CredentialAuthorization) GetCredentialType() string {
+	if c == nil || c.CredentialType == nil {
+		return ""
+	}
+	return *c.CredentialType
+}
+
+// GetFingerprint returns the Fingerprint field if it's non-nil, zero value otherwise.
+func (c *CredentialAuthorization) GetFingerprint() string {
+	if c == nil || c.Fingerprint == nil {
+		return ""
+	}
+	return *c.Fingerprint
+}
+
+// GetLogin returns the Login field if it's non-nil, zero value otherwise.
+func (c *CredentialAuthorization) GetLogin() string {
+	if c == nil || c.Login == nil {
+		return ""
+	}
+	return *c.Login
+}
+
+// GetTokenLastEight returns the TokenLastEight field if it's non-nil, zero value otherwise.
+func (c *CredentialAuthorization) GetTokenLastEight() string {
+	if c == nil || c.TokenLastEight == nil {
+		return ""
+	}
+	return *c.TokenLastEight
+}
+
 // GetBaseRole returns the BaseRole field if it's non-nil, zero value otherwise.
 func (c *CustomRepoRoles) GetBaseRole() string {
 	if c == nil || c.BaseRole == nil {
@@ -4078,6 +4926,46 @@ func (c *CustomRepoRoles) GetName() string {
 	return *c.Name
 }
 
+// GetQuerySuite returns the QuerySuite field if it's non-nil, zero value otherwise.
+func (d *DefaultSetupConfiguration) GetQuerySuite() string {
+	if d == nil || d.QuerySuite == nil {
+		return ""
+	}
+	return *d.QuerySuite
+}
+
+// GetState returns the State field if it's non-nil, zero value otherwise.
+func (d *DefaultSetupConfiguration) GetState() string {
+	if d == nil || d.State == nil {
+		return ""
+	}
+	return *d.State
+}
+
+// GetUpdatedAt returns the UpdatedAt field if it's non-nil, zero value otherwise.
+func (d *DefaultSetupConfiguration) GetUpdatedAt() Timestamp {
+	if d == nil || d.UpdatedAt == nil {
+		return Timestamp{}
+	}
+	return *d.UpdatedAt
+}
+
+// GetConfirmDeleteURL returns the ConfirmDeleteURL field if it's non-nil, zero value otherwise.
+func (d *DeleteAnalysis) GetConfirmDeleteURL() string {
+	if d == nil || d.ConfirmDeleteURL == nil {
+		return ""
+	}
+	return *d.ConfirmDeleteURL
+}
+
+// GetNextAnalysisURL returns the NextAnalysisURL field if it's non-nil, zero value otherwise.
+func (d *DeleteAnalysis) GetNextAnalysisURL() string {
+	if d == nil || d.NextAnalysisURL == nil {
+		return ""
+	}
+	return *d.NextAnalysisURL
+}
+
 // GetInstallation returns the Installation field.
 func (d *DeleteEvent) GetInstallation() *Installation {
 	if d == nil {
@@ -4126,6 +5014,14 @@ func (d *DeleteEvent) GetSender() *User {
 	return d.Sender
 }
 
+// GetAutoDismissedAt returns the AutoDismissedAt field if it's non-nil, zero value otherwise.
+func (d *DependabotAlert) GetAutoDismissedAt() Timestamp {
+	if d == nil || d.AutoDismissedAt == nil {
+		return Timestamp{}
+	}
+	return *d.AutoDismissedAt
+}
+
 // GetCreatedAt returns the CreatedAt field if it's non-nil, zero value otherwise.
 func (d *DependabotAlert) GetCreatedAt() Timestamp {
 	if d == nil || d.CreatedAt == nil {
@@ -4198,6 +5094,14 @@ func (d *DependabotAlert) GetNumber() int {
 	return *d.Number
 }
 
+// GetRepository returns the Repository field.
+func (d *DependabotAlert) GetRepository() *Repository {
+	if d == nil {
+		return nil
+	}
+	return d.Repository
+}
+
 // GetSecurityAdvisory returns the SecurityAdvisory field.
 func (d *DependabotAlert) GetSecurityAdvisory() *DependabotSecurityAdvisory {
 	if d == nil {
@@ -4238,6 +5142,62 @@ func (d *DependabotAlert) GetURL() string {
 	return *d.URL
 }
 
+// GetAction returns the Action field if it's non-nil, zero value otherwise.
+func (d *DependabotAlertEvent) GetAction() string {
+	if d == nil || d.Action == nil {
+		return ""
+	}
+	return *d.Action
+}
+
+// GetAlert returns the Alert field.
+func (d *DependabotAlertEvent) GetAlert() *DependabotAlert {
+	if d == nil {
+		return nil
+	}
+	return d.Alert
+}
+
+// GetEnterprise returns the Enterprise field.
+func (d *DependabotAlertEvent) GetEnterprise() *Enterprise {
+	if d == nil {
+		return nil
+	}
+	return d.Enterprise
+}
+
+// GetInstallation returns the Installation field.
+func (d *DependabotAlertEvent) GetInstallation() *Installation {
+	if d == nil {
+		return nil
+	}
+	return d.Installation
+}
+
+// GetOrganization returns the Organization field.
+func (d *DependabotAlertEvent) GetOrganization() *Organization {
+	if d == nil {
+		return nil
+	}
+	return d.Organization
+}
+
+// GetRepo returns the Repo field.
+func (d *DependabotAlertEvent) GetRepo() *Repository {
+	if d == nil {
+		return nil
+	}
+	return d.Repo
+}
+
+// GetSender returns the Sender field.
+func (d *DependabotAlertEvent) GetSender() *User {
+	if d == nil {
+		return nil
+	}
+	return d.Sender
+}
+
 // GetCVEID returns the CVEID field if it's non-nil, zero value otherwise.
 func (d *DependabotSecurityAdvisory) GetCVEID() string {
 	if d == nil || d.CVEID == nil {
@@ -4246,12 +5206,12 @@ func (d *DependabotSecurityAdvisory) GetCVEID() string {
 	return *d.CVEID
 }
 
-// GetCVSs returns the CVSs field.
-func (d *DependabotSecurityAdvisory) GetCVSs() *AdvisoryCVSs {
+// GetCVSS returns the CVSS field.
+func (d *DependabotSecurityAdvisory) GetCVSS() *AdvisoryCVSS {
 	if d == nil {
 		return nil
 	}
-	return d.CVSs
+	return d.CVSS
 }
 
 // GetDescription returns the Description field if it's non-nil, zero value otherwise.
@@ -4310,6 +5270,14 @@ func (d *DependabotSecurityAdvisory) GetWithdrawnAt() Timestamp {
 	return *d.WithdrawnAt
 }
 
+// GetStatus returns the Status field if it's non-nil, zero value otherwise.
+func (d *DependabotSecurityUpdates) GetStatus() string {
+	if d == nil || d.Status == nil {
+		return ""
+	}
+	return *d.Status
+}
+
 // GetManifestPath returns the ManifestPath field if it's non-nil, zero value otherwise.
 func (d *Dependency) GetManifestPath() string {
 	if d == nil || d.ManifestPath == nil {
@@ -4558,6 +5526,94 @@ func (d *DeploymentEvent) GetSender() *User {
 	return d.Sender
 }
 
+// GetWorkflow returns the Workflow field.
+func (d *DeploymentEvent) GetWorkflow() *Workflow {
+	if d == nil {
+		return nil
+	}
+	return d.Workflow
+}
+
+// GetWorkflowRun returns the WorkflowRun field.
+func (d *DeploymentEvent) GetWorkflowRun() *WorkflowRun {
+	if d == nil {
+		return nil
+	}
+	return d.WorkflowRun
+}
+
+// GetAction returns the Action field if it's non-nil, zero value otherwise.
+func (d *DeploymentProtectionRuleEvent) GetAction() string {
+	if d == nil || d.Action == nil {
+		return ""
+	}
+	return *d.Action
+}
+
+// GetDeployment returns the Deployment field.
+func (d *DeploymentProtectionRuleEvent) GetDeployment() *Deployment {
+	if d == nil {
+		return nil
+	}
+	return d.Deployment
+}
+
+// GetDeploymentCallbackURL returns the DeploymentCallbackURL field if it's non-nil, zero value otherwise.
+func (d *DeploymentProtectionRuleEvent) GetDeploymentCallbackURL() string {
+	if d == nil || d.DeploymentCallbackURL == nil {
+		return ""
+	}
+	return *d.DeploymentCallbackURL
+}
+
+// GetEnvironment returns the Environment field if it's non-nil, zero value otherwise.
+func (d *DeploymentProtectionRuleEvent) GetEnvironment() string {
+	if d == nil || d.Environment == nil {
+		return ""
+	}
+	return *d.Environment
+}
+
+// GetEvent returns the Event field if it's non-nil, zero value otherwise.
+func (d *DeploymentProtectionRuleEvent) GetEvent() string {
+	if d == nil || d.Event == nil {
+		return ""
+	}
+	return *d.Event
+}
+
+// GetInstallation returns the Installation field.
+func (d *DeploymentProtectionRuleEvent) GetInstallation() *Installation {
+	if d == nil {
+		return nil
+	}
+	return d.Installation
+}
+
+// GetOrganization returns the Organization field.
+func (d *DeploymentProtectionRuleEvent) GetOrganization() *Organization {
+	if d == nil {
+		return nil
+	}
+	return d.Organization
+}
+
+// GetRepo returns the Repo field.
+func (d *DeploymentProtectionRuleEvent) GetRepo() *Repository {
+	if d == nil {
+		return nil
+	}
+	return d.Repo
+}
+
+// GetSender returns the Sender field.
+func (d *DeploymentProtectionRuleEvent) GetSender() *User {
+	if d == nil {
+		return nil
+	}
+	return d.Sender
+}
+
 // GetAutoMerge returns the AutoMerge field if it's non-nil, zero value otherwise.
 func (d *DeploymentRequest) GetAutoMerge() bool {
 	if d == nil || d.AutoMerge == nil {
@@ -5430,6 +6486,14 @@ func (e *EditChange) GetBody() *EditBody {
 	return e.Body
 }
 
+// GetOwner returns the Owner field.
+func (e *EditChange) GetOwner() *EditOwner {
+	if e == nil {
+		return nil
+	}
+	return e.Owner
+}
+
 // GetRepo returns the Repo field.
 func (e *EditChange) GetRepo() *EditRepo {
 	if e == nil {
@@ -5446,6 +6510,14 @@ func (e *EditChange) GetTitle() *EditTitle {
 	return e.Title
 }
 
+// GetOwnerInfo returns the OwnerInfo field.
+func (e *EditOwner) GetOwnerInfo() *OwnerInfo {
+	if e == nil {
+		return nil
+	}
+	return e.OwnerInfo
+}
+
 // GetFrom returns the From field if it's non-nil, zero value otherwise.
 func (e *EditRef) GetFrom() string {
 	if e == nil || e.From == nil {
@@ -5590,6 +6662,14 @@ func (e *EnterpriseSecurityAnalysisSettings) GetSecretScanningPushProtectionEnab
 	return *e.SecretScanningPushProtectionEnabledForNewRepositories
 }
 
+// GetCanAdminsBypass returns the CanAdminsBypass field if it's non-nil, zero value otherwise.
+func (e *Environment) GetCanAdminsBypass() bool {
+	if e == nil || e.CanAdminsBypass == nil {
+		return false
+	}
+	return *e.CanAdminsBypass
+}
+
 // GetCreatedAt returns the CreatedAt field if it's non-nil, zero value otherwise.
 func (e *Environment) GetCreatedAt() Timestamp {
 	if e == nil || e.CreatedAt == nil {
@@ -6022,6 +7102,14 @@ func (f *ForkEvent) GetSender() *User {
 	return f.Sender
 }
 
+// GetWorkFolder returns the WorkFolder field if it's non-nil, zero value otherwise.
+func (g *GenerateJITConfigRequest) GetWorkFolder() string {
+	if g == nil || g.WorkFolder == nil {
+		return ""
+	}
+	return *g.WorkFolder
+}
+
 // GetPreviousTagName returns the PreviousTagName field if it's non-nil, zero value otherwise.
 func (g *GenerateNotesOptions) GetPreviousTagName() string {
 	if g == nil || g.PreviousTagName == nil {
@@ -7278,6 +8366,22 @@ func (i *Installation) GetUpdatedAt() Timestamp {
 	return *i.UpdatedAt
 }
 
+// GetLogin returns the Login field.
+func (i *InstallationChanges) GetLogin() *InstallationLoginChange {
+	if i == nil {
+		return nil
+	}
+	return i.Login
+}
+
+// GetSlug returns the Slug field.
+func (i *InstallationChanges) GetSlug() *InstallationSlugChange {
+	if i == nil {
+		return nil
+	}
+	return i.Slug
+}
+
 // GetAction returns the Action field if it's non-nil, zero value otherwise.
 func (i *InstallationEvent) GetAction() string {
 	if i == nil || i.Action == nil {
@@ -7294,6 +8398,14 @@ func (i *InstallationEvent) GetInstallation() *Installation {
 	return i.Installation
 }
 
+// GetRequester returns the Requester field.
+func (i *InstallationEvent) GetRequester() *User {
+	if i == nil {
+		return nil
+	}
+	return i.Requester
+}
+
 // GetSender returns the Sender field.
 func (i *InstallationEvent) GetSender() *User {
 	if i == nil {
@@ -7302,6 +8414,14 @@ func (i *InstallationEvent) GetSender() *User {
 	return i.Sender
 }
 
+// GetFrom returns the From field if it's non-nil, zero value otherwise.
+func (i *InstallationLoginChange) GetFrom() string {
+	if i == nil || i.From == nil {
+		return ""
+	}
+	return *i.From
+}
+
 // GetActions returns the Actions field if it's non-nil, zero value otherwise.
 func (i *InstallationPermissions) GetActions() string {
 	if i == nil || i.Actions == nil {
@@ -7630,6 +8750,86 @@ func (i *InstallationRepositoriesEvent) GetSender() *User {
 	return i.Sender
 }
 
+// GetFrom returns the From field if it's non-nil, zero value otherwise.
+func (i *InstallationSlugChange) GetFrom() string {
+	if i == nil || i.From == nil {
+		return ""
+	}
+	return *i.From
+}
+
+// GetAccount returns the Account field.
+func (i *InstallationTargetEvent) GetAccount() *User {
+	if i == nil {
+		return nil
+	}
+	return i.Account
+}
+
+// GetAction returns the Action field if it's non-nil, zero value otherwise.
+func (i *InstallationTargetEvent) GetAction() string {
+	if i == nil || i.Action == nil {
+		return ""
+	}
+	return *i.Action
+}
+
+// GetChanges returns the Changes field.
+func (i *InstallationTargetEvent) GetChanges() *InstallationChanges {
+	if i == nil {
+		return nil
+	}
+	return i.Changes
+}
+
+// GetEnterprise returns the Enterprise field.
+func (i *InstallationTargetEvent) GetEnterprise() *Enterprise {
+	if i == nil {
+		return nil
+	}
+	return i.Enterprise
+}
+
+// GetInstallation returns the Installation field.
+func (i *InstallationTargetEvent) GetInstallation() *Installation {
+	if i == nil {
+		return nil
+	}
+	return i.Installation
+}
+
+// GetOrganization returns the Organization field.
+func (i *InstallationTargetEvent) GetOrganization() *Organization {
+	if i == nil {
+		return nil
+	}
+	return i.Organization
+}
+
+// GetRepository returns the Repository field.
+func (i *InstallationTargetEvent) GetRepository() *Repository {
+	if i == nil {
+		return nil
+	}
+	return i.Repository
+}
+
+// GetSender returns the Sender field.
+func (i *InstallationTargetEvent) GetSender() *User {
+	if i == nil {
+		return nil
+	}
+	return i.Sender
+}
+
+// GetTargetType returns the TargetType field if it's non-nil, zero value otherwise.
+func (i *InstallationTargetEvent) GetTargetType() string {
+	if i == nil || i.TargetType == nil {
+		return ""
+	}
+	return *i.TargetType
+}
+
 // GetExpiresAt returns the ExpiresAt field if it's non-nil, zero value otherwise.
 func (i *InstallationToken) GetExpiresAt() Timestamp {
 	if i == nil || i.ExpiresAt == nil {
@@ -8638,6 +9838,22 @@ func (i *IssueStats) GetTotalIssues() int {
 	return *i.TotalIssues
 }
 
+// GetEncodedJITConfig returns the EncodedJITConfig field if it's non-nil, zero value otherwise.
+func (j *JITRunnerConfig) GetEncodedJITConfig() string {
+	if j == nil || j.EncodedJITConfig == nil {
+		return ""
+	}
+	return *j.EncodedJITConfig
+}
+
+// GetRunner returns the Runner field.
+func (j *JITRunnerConfig) GetRunner() *Runner {
+	if j == nil {
+		return nil
+	}
+	return j.Runner
+}
+
 // GetTotalCount returns the TotalCount field if it's non-nil, zero value otherwise.
 func (j *Jobs) GetTotalCount() int {
 	if j == nil || j.TotalCount == nil {
@@ -8646,6 +9862,14 @@ func (j *Jobs) GetTotalCount() int {
 	return *j.TotalCount
 }
 
+// GetAddedBy returns the AddedBy field if it's non-nil, zero value otherwise.
+func (k *Key) GetAddedBy() string {
+	if k == nil || k.AddedBy == nil {
+		return ""
+	}
+	return *k.AddedBy
+}
+
 // GetCreatedAt returns the CreatedAt field if it's non-nil, zero value otherwise.
 func (k *Key) GetCreatedAt() Timestamp {
 	if k == nil || k.CreatedAt == nil {
@@ -8670,6 +9894,14 @@ func (k *Key) GetKey() string {
 	return *k.Key
 }
 
+// GetLastUsed returns the LastUsed field if it's non-nil, zero value otherwise.
+func (k *Key) GetLastUsed() Timestamp {
+	if k == nil || k.LastUsed == nil {
+		return Timestamp{}
+	}
+	return *k.LastUsed
+}
+
 // GetReadOnly returns the ReadOnly field if it's non-nil, zero value otherwise.
 func (k *Key) GetReadOnly() bool {
 	if k == nil || k.ReadOnly == nil {
@@ -9142,6 +10374,14 @@ func (l *ListCheckSuiteResults) GetTotal() int {
 	return *l.Total
 }
 
+// GetTotalCount returns the TotalCount field if it's non-nil, zero value otherwise.
+func (l *ListCodespaces) GetTotalCount() int {
+	if l == nil || l.TotalCount == nil {
+		return 0
+	}
+	return *l.TotalCount
+}
+
 // GetAffiliation returns the Affiliation field if it's non-nil, zero value otherwise.
 func (l *ListCollaboratorOptions) GetAffiliation() string {
 	if l == nil || l.Affiliation == nil {
@@ -10230,6 +11470,14 @@ func (m *MostRecentInstance) GetAnalysisKey() string {
 	return *m.AnalysisKey
 }
 
+// GetCategory returns the Category field if it's non-nil, zero value otherwise.
+func (m *MostRecentInstance) GetCategory() string {
+	if m == nil || m.Category == nil {
+		return ""
+	}
+	return *m.Category
+}
+
 // GetCommitSHA returns the CommitSHA field if it's non-nil, zero value otherwise.
 func (m *MostRecentInstance) GetCommitSHA() string {
 	if m == nil || m.CommitSHA == nil {
@@ -10246,6 +11494,14 @@ func (m *MostRecentInstance) GetEnvironment() string {
 	return *m.Environment
 }
 
+// GetHTMLURL returns the HTMLURL field if it's non-nil, zero value otherwise.
+func (m *MostRecentInstance) GetHTMLURL() string {
+	if m == nil || m.HTMLURL == nil {
+		return ""
+	}
+	return *m.HTMLURL
+}
+
 // GetLocation returns the Location field.
 func (m *MostRecentInstance) GetLocation() *Location {
 	if m == nil {
@@ -10310,6 +11566,14 @@ func (n *NewPullRequest) GetHead() string {
 	return *n.Head
 }
 
+// GetHeadRepo returns the HeadRepo field if it's non-nil, zero value otherwise.
+func (n *NewPullRequest) GetHeadRepo() string {
+	if n == nil || n.HeadRepo == nil {
+		return ""
+	}
+	return *n.HeadRepo
+}
+
 // GetIssue returns the Issue field if it's non-nil, zero value otherwise.
 func (n *NewPullRequest) GetIssue() int {
 	if n == nil || n.Issue == nil {
@@ -10815,7 +12079,7 @@ func (o *Organization) GetNodeID() string {
 }
 
 // GetOwnedPrivateRepos returns the OwnedPrivateRepos field if it's non-nil, zero value otherwise.
-func (o *Organization) GetOwnedPrivateRepos() int {
+func (o *Organization) GetOwnedPrivateRepos() int64 {
 	if o == nil || o.OwnedPrivateRepos == nil {
 		return 0
 	}
@@ -10887,7 +12151,7 @@ func (o *Organization) GetSecretScanningPushProtectionEnabledForNewRepos() bool
 }
 
 // GetTotalPrivateRepos returns the TotalPrivateRepos field if it's non-nil, zero value otherwise.
-func (o *Organization) GetTotalPrivateRepos() int {
+func (o *Organization) GetTotalPrivateRepos() int64 {
 	if o == nil || o.TotalPrivateRepos == nil {
 		return 0
 	}
@@ -11035,15 +12299,103 @@ func (o *OrgBlockEvent) GetOrganization() *Organization {
 	if o == nil {
 		return nil
 	}
-	return o.Organization
+	return o.Organization
+}
+
+// GetSender returns the Sender field.
+func (o *OrgBlockEvent) GetSender() *User {
+	if o == nil {
+		return nil
+	}
+	return o.Sender
+}
+
+// GetCreatedAt returns the CreatedAt field if it's non-nil, zero value otherwise.
+func (o *OrgRequiredWorkflow) GetCreatedAt() Timestamp {
+	if o == nil || o.CreatedAt == nil {
+		return Timestamp{}
+	}
+	return *o.CreatedAt
+}
+
+// GetID returns the ID field if it's non-nil, zero value otherwise.
+func (o *OrgRequiredWorkflow) GetID() int64 {
+	if o == nil || o.ID == nil {
+		return 0
+	}
+	return *o.ID
+}
+
+// GetName returns the Name field if it's non-nil, zero value otherwise.
+func (o *OrgRequiredWorkflow) GetName() string {
+	if o == nil || o.Name == nil {
+		return ""
+	}
+	return *o.Name
+}
+
+// GetPath returns the Path field if it's non-nil, zero value otherwise.
+func (o *OrgRequiredWorkflow) GetPath() string {
+	if o == nil || o.Path == nil {
+		return ""
+	}
+	return *o.Path
+}
+
+// GetRef returns the Ref field if it's non-nil, zero value otherwise.
+func (o *OrgRequiredWorkflow) GetRef() string {
+	if o == nil || o.Ref == nil {
+		return ""
+	}
+	return *o.Ref
+}
+
+// GetRepository returns the Repository field.
+func (o *OrgRequiredWorkflow) GetRepository() *Repository {
+	if o == nil {
+		return nil
+	}
+	return o.Repository
+}
+
+// GetScope returns the Scope field if it's non-nil, zero value otherwise.
+func (o *OrgRequiredWorkflow) GetScope() string {
+	if o == nil || o.Scope == nil {
+		return ""
+	}
+	return *o.Scope
+}
+
+// GetSelectedRepositoriesURL returns the SelectedRepositoriesURL field if it's non-nil, zero value otherwise.
+func (o *OrgRequiredWorkflow) GetSelectedRepositoriesURL() string {
+	if o == nil || o.SelectedRepositoriesURL == nil {
+		return ""
+	}
+	return *o.SelectedRepositoriesURL
+}
+
+// GetState returns the State field if it's non-nil, zero value otherwise.
+func (o *OrgRequiredWorkflow) GetState() string {
+	if o == nil || o.State == nil {
+		return ""
+	}
+	return *o.State
+}
+
+// GetUpdatedAt returns the UpdatedAt field if it's non-nil, zero value otherwise.
+func (o *OrgRequiredWorkflow) GetUpdatedAt() Timestamp {
+	if o == nil || o.UpdatedAt == nil {
+		return Timestamp{}
+	}
+	return *o.UpdatedAt
 }
 
-// GetSender returns the Sender field.
-func (o *OrgBlockEvent) GetSender() *User {
-	if o == nil {
-		return nil
+// GetTotalCount returns the TotalCount field if it's non-nil, zero value otherwise.
+func (o *OrgRequiredWorkflows) GetTotalCount() int {
+	if o == nil || o.TotalCount == nil {
+		return 0
 	}
-	return o.Sender
+	return *o.TotalCount
 }
 
 // GetDisabledOrgs returns the DisabledOrgs field if it's non-nil, zero value otherwise.
@@ -11078,6 +12430,22 @@ func (o *OrgStats) GetTotalTeams() int {
 	return *o.TotalTeams
 }
 
+// GetOrg returns the Org field.
+func (o *OwnerInfo) GetOrg() *User {
+	if o == nil {
+		return nil
+	}
+	return o.Org
+}
+
+// GetUser returns the User field.
+func (o *OwnerInfo) GetUser() *User {
+	if o == nil {
+		return nil
+	}
+	return o.User
+}
+
 // GetCreatedAt returns the CreatedAt field if it's non-nil, zero value otherwise.
 func (p *Package) GetCreatedAt() Timestamp {
 	if p == nil || p.CreatedAt == nil {
@@ -11750,6 +13118,14 @@ func (p *PageBuildEvent) GetSender() *User {
 	return p.Sender
 }
 
+// GetBuildType returns the BuildType field if it's non-nil, zero value otherwise.
+func (p *Pages) GetBuildType() string {
+	if p == nil || p.BuildType == nil {
+		return ""
+	}
+	return *p.BuildType
+}
+
 // GetCNAME returns the CNAME field if it's non-nil, zero value otherwise.
 func (p *Pages) GetCNAME() string {
 	if p == nil || p.CNAME == nil {
@@ -11886,6 +13262,230 @@ func (p *PagesBuild) GetURL() string {
 	return *p.URL
 }
 
+// GetCAAError returns the CAAError field if it's non-nil, zero value otherwise.
+func (p *PagesDomain) GetCAAError() string {
+	if p == nil || p.CAAError == nil {
+		return ""
+	}
+	return *p.CAAError
+}
+
+// GetDNSResolves returns the DNSResolves field if it's non-nil, zero value otherwise.
+func (p *PagesDomain) GetDNSResolves() bool {
+	if p == nil || p.DNSResolves == nil {
+		return false
+	}
+	return *p.DNSResolves
+}
+
+// GetEnforcesHTTPS returns the EnforcesHTTPS field if it's non-nil, zero value otherwise.
+func (p *PagesDomain) GetEnforcesHTTPS() bool {
+	if p == nil || p.EnforcesHTTPS == nil {
+		return false
+	}
+	return *p.EnforcesHTTPS
+}
+
+// GetHasCNAMERecord returns the HasCNAMERecord field if it's non-nil, zero value otherwise.
+func (p *PagesDomain) GetHasCNAMERecord() bool {
+	if p == nil || p.HasCNAMERecord == nil {
+		return false
+	}
+	return *p.HasCNAMERecord
+}
+
+// GetHasMXRecordsPresent returns the HasMXRecordsPresent field if it's non-nil, zero value otherwise.
+func (p *PagesDomain) GetHasMXRecordsPresent() bool {
+	if p == nil || p.HasMXRecordsPresent == nil {
+		return false
+	}
+	return *p.HasMXRecordsPresent
+}
+
+// GetHost returns the Host field if it's non-nil, zero value otherwise.
+func (p *PagesDomain) GetHost() string {
+	if p == nil || p.Host == nil {
+		return ""
+	}
+	return *p.Host
+}
+
+// GetHTTPSError returns the HTTPSError field if it's non-nil, zero value otherwise.
+func (p *PagesDomain) GetHTTPSError() string {
+	if p == nil || p.HTTPSError == nil {
+		return ""
+	}
+	return *p.HTTPSError
+}
+
+// GetIsApexDomain returns the IsApexDomain field if it's non-nil, zero value otherwise.
+func (p *PagesDomain) GetIsApexDomain() bool {
+	if p == nil || p.IsApexDomain == nil {
+		return false
+	}
+	return *p.IsApexDomain
+}
+
+// GetIsARecord returns the IsARecord field if it's non-nil, zero value otherwise.
+func (p *PagesDomain) GetIsARecord() bool {
+	if p == nil || p.IsARecord == nil {
+		return false
+	}
+	return *p.IsARecord
+}
+
+// GetIsCloudflareIP returns the IsCloudflareIP field if it's non-nil, zero value otherwise.
+func (p *PagesDomain) GetIsCloudflareIP() bool {
+	if p == nil || p.IsCloudflareIP == nil {
+		return false
+	}
+	return *p.IsCloudflareIP
+}
+
+// GetIsCNAMEToFastly returns the IsCNAMEToFastly field if it's non-nil, zero value otherwise.
+func (p *PagesDomain) GetIsCNAMEToFastly() bool {
+	if p == nil || p.IsCNAMEToFastly == nil {
+		return false
+	}
+	return *p.IsCNAMEToFastly
+}
+
+// GetIsCNAMEToGithubUserDomain returns the IsCNAMEToGithubUserDomain field if it's non-nil, zero value otherwise.
+func (p *PagesDomain) GetIsCNAMEToGithubUserDomain() bool {
+	if p == nil || p.IsCNAMEToGithubUserDomain == nil {
+		return false
+	}
+	return *p.IsCNAMEToGithubUserDomain
+}
+
+// GetIsCNAMEToPagesDotGithubDotCom returns the IsCNAMEToPagesDotGithubDotCom field if it's non-nil, zero value otherwise.
+func (p *PagesDomain) GetIsCNAMEToPagesDotGithubDotCom() bool {
+	if p == nil || p.IsCNAMEToPagesDotGithubDotCom == nil {
+		return false
+	}
+	return *p.IsCNAMEToPagesDotGithubDotCom
+}
+
+// GetIsFastlyIP returns the IsFastlyIP field if it's non-nil, zero value otherwise.
+func (p *PagesDomain) GetIsFastlyIP() bool {
+	if p == nil || p.IsFastlyIP == nil {
+		return false
+	}
+	return *p.IsFastlyIP
+}
+
+// GetIsHTTPSEligible returns the IsHTTPSEligible field if it's non-nil, zero value otherwise.
+func (p *PagesDomain) GetIsHTTPSEligible() bool {
+	if p == nil || p.IsHTTPSEligible == nil {
+		return false
+	}
+	return *p.IsHTTPSEligible
+}
+
+// GetIsNonGithubPagesIPPresent returns the IsNonGithubPagesIPPresent field if it's non-nil, zero value otherwise.
+func (p *PagesDomain) GetIsNonGithubPagesIPPresent() bool {
+	if p == nil || p.IsNonGithubPagesIPPresent == nil {
+		return false
+	}
+	return *p.IsNonGithubPagesIPPresent
+}
+
+// GetIsOldIPAddress returns the IsOldIPAddress field if it's non-nil, zero value otherwise.
+func (p *PagesDomain) GetIsOldIPAddress() bool {
+	if p == nil || p.IsOldIPAddress == nil {
+		return false
+	}
+	return *p.IsOldIPAddress
+}
+
+// GetIsPagesDomain returns the IsPagesDomain field if it's non-nil, zero value otherwise.
+func (p *PagesDomain) GetIsPagesDomain() bool {
+	if p == nil || p.IsPagesDomain == nil {
+		return false
+	}
+	return *p.IsPagesDomain
+}
+
+// GetIsPointedToGithubPagesIP returns the IsPointedToGithubPagesIP field if it's non-nil, zero value otherwise.
+func (p *PagesDomain) GetIsPointedToGithubPagesIP() bool {
+	if p == nil || p.IsPointedToGithubPagesIP == nil {
+		return false
+	}
+	return *p.IsPointedToGithubPagesIP
+}
+
+// GetIsProxied returns the IsProxied field if it's non-nil, zero value otherwise.
+func (p *PagesDomain) GetIsProxied() bool {
+	if p == nil || p.IsProxied == nil {
+		return false
+	}
+	return *p.IsProxied
+}
+
+// GetIsServedByPages returns the IsServedByPages field if it's non-nil, zero value otherwise.
+func (p *PagesDomain) GetIsServedByPages() bool {
+	if p == nil || p.IsServedByPages == nil {
+		return false
+	}
+	return *p.IsServedByPages
+}
+
+// GetIsValid returns the IsValid field if it's non-nil, zero value otherwise.
+func (p *PagesDomain) GetIsValid() bool {
+	if p == nil || p.IsValid == nil {
+		return false
+	}
+	return *p.IsValid
+}
+
+// GetIsValidDomain returns the IsValidDomain field if it's non-nil, zero value otherwise.
+func (p *PagesDomain) GetIsValidDomain() bool {
+	if p == nil || p.IsValidDomain == nil {
+		return false
+	}
+	return *p.IsValidDomain
+}
+
+// GetNameservers returns the Nameservers field if it's non-nil, zero value otherwise.
+func (p *PagesDomain) GetNameservers() string {
+	if p == nil || p.Nameservers == nil {
+		return ""
+	}
+	return *p.Nameservers
+}
+
+// GetReason returns the Reason field if it's non-nil, zero value otherwise.
+func (p *PagesDomain) GetReason() string {
+	if p == nil || p.Reason == nil {
+		return ""
+	}
+	return *p.Reason
+}
+
+// GetRespondsToHTTPS returns the RespondsToHTTPS field if it's non-nil, zero value otherwise.
+func (p *PagesDomain) GetRespondsToHTTPS() bool {
+	if p == nil || p.RespondsToHTTPS == nil {
+		return false
+	}
+	return *p.RespondsToHTTPS
+}
+
+// GetShouldBeARecord returns the ShouldBeARecord field if it's non-nil, zero value otherwise.
+func (p *PagesDomain) GetShouldBeARecord() bool {
+	if p == nil || p.ShouldBeARecord == nil {
+		return false
+	}
+	return *p.ShouldBeARecord
+}
+
+// GetURI returns the URI field if it's non-nil, zero value otherwise.
+func (p *PagesDomain) GetURI() string {
+	if p == nil || p.URI == nil {
+		return ""
+	}
+	return *p.URI
+}
+
 // GetMessage returns the Message field if it's non-nil, zero value otherwise.
 func (p *PagesError) GetMessage() string {
 	if p == nil || p.Message == nil {
@@ -11894,6 +13494,22 @@ func (p *PagesError) GetMessage() string {
 	return *p.Message
 }
 
+// GetAltDomain returns the AltDomain field.
+func (p *PagesHealthCheckResponse) GetAltDomain() *PagesDomain {
+	if p == nil {
+		return nil
+	}
+	return p.AltDomain
+}
+
+// GetDomain returns the Domain field.
+func (p *PagesHealthCheckResponse) GetDomain() *PagesDomain {
+	if p == nil {
+		return nil
+	}
+	return p.Domain
+}
+
 // GetDescription returns the Description field if it's non-nil, zero value otherwise.
 func (p *PagesHTTPSCertificate) GetDescription() string {
 	if p == nil || p.Description == nil {
@@ -11942,6 +13558,14 @@ func (p *PageStats) GetTotalPages() int {
 	return *p.TotalPages
 }
 
+// GetBuildType returns the BuildType field if it's non-nil, zero value otherwise.
+func (p *PagesUpdate) GetBuildType() string {
+	if p == nil || p.BuildType == nil {
+		return ""
+	}
+	return *p.BuildType
+}
+
 // GetCNAME returns the CNAME field if it's non-nil, zero value otherwise.
 func (p *PagesUpdate) GetCNAME() string {
 	if p == nil || p.CNAME == nil {
@@ -11963,15 +13587,167 @@ func (p *PagesUpdate) GetPublic() bool {
 	if p == nil || p.Public == nil {
 		return false
 	}
-	return *p.Public
+	return *p.Public
+}
+
+// GetSource returns the Source field.
+func (p *PagesUpdate) GetSource() *PagesSource {
+	if p == nil {
+		return nil
+	}
+	return p.Source
+}
+
+// GetOrg returns the Org map if it's non-nil, an empty map otherwise.
+func (p *PersonalAccessTokenPermissions) GetOrg() map[string]string {
+	if p == nil || p.Org == nil {
+		return map[string]string{}
+	}
+	return p.Org
+}
+
+// GetOther returns the Other map if it's non-nil, an empty map otherwise.
+func (p *PersonalAccessTokenPermissions) GetOther() map[string]string {
+	if p == nil || p.Other == nil {
+		return map[string]string{}
+	}
+	return p.Other
+}
+
+// GetRepo returns the Repo map if it's non-nil, an empty map otherwise.
+func (p *PersonalAccessTokenPermissions) GetRepo() map[string]string {
+	if p == nil || p.Repo == nil {
+		return map[string]string{}
+	}
+	return p.Repo
+}
+
+// GetCreatedAt returns the CreatedAt field if it's non-nil, zero value otherwise.
+func (p *PersonalAccessTokenRequest) GetCreatedAt() Timestamp {
+	if p == nil || p.CreatedAt == nil {
+		return Timestamp{}
+	}
+	return *p.CreatedAt
+}
+
+// GetID returns the ID field if it's non-nil, zero value otherwise.
+func (p *PersonalAccessTokenRequest) GetID() int64 {
+	if p == nil || p.ID == nil {
+		return 0
+	}
+	return *p.ID
+}
+
+// GetOwner returns the Owner field.
+func (p *PersonalAccessTokenRequest) GetOwner() *User {
+	if p == nil {
+		return nil
+	}
+	return p.Owner
+}
+
+// GetPermissionsAdded returns the PermissionsAdded field.
+func (p *PersonalAccessTokenRequest) GetPermissionsAdded() *PersonalAccessTokenPermissions {
+	if p == nil {
+		return nil
+	}
+	return p.PermissionsAdded
+}
+
+// GetPermissionsResult returns the PermissionsResult field.
+func (p *PersonalAccessTokenRequest) GetPermissionsResult() *PersonalAccessTokenPermissions {
+	if p == nil {
+		return nil
+	}
+	return p.PermissionsResult
+}
+
+// GetPermissionsUpgraded returns the PermissionsUpgraded field.
+func (p *PersonalAccessTokenRequest) GetPermissionsUpgraded() *PersonalAccessTokenPermissions {
+	if p == nil {
+		return nil
+	}
+	return p.PermissionsUpgraded
+}
+
+// GetRepositoryCount returns the RepositoryCount field if it's non-nil, zero value otherwise.
+func (p *PersonalAccessTokenRequest) GetRepositoryCount() int64 {
+	if p == nil || p.RepositoryCount == nil {
+		return 0
+	}
+	return *p.RepositoryCount
+}
+
+// GetRepositorySelection returns the RepositorySelection field if it's non-nil, zero value otherwise.
+func (p *PersonalAccessTokenRequest) GetRepositorySelection() string {
+	if p == nil || p.RepositorySelection == nil {
+		return ""
+	}
+	return *p.RepositorySelection
+}
+
+// GetTokenExpired returns the TokenExpired field if it's non-nil, zero value otherwise.
+func (p *PersonalAccessTokenRequest) GetTokenExpired() bool {
+	if p == nil || p.TokenExpired == nil {
+		return false
+	}
+	return *p.TokenExpired
+}
+
+// GetTokenExpiresAt returns the TokenExpiresAt field if it's non-nil, zero value otherwise.
+func (p *PersonalAccessTokenRequest) GetTokenExpiresAt() Timestamp {
+	if p == nil || p.TokenExpiresAt == nil {
+		return Timestamp{}
+	}
+	return *p.TokenExpiresAt
+}
+
+// GetTokenLastUsedAt returns the TokenLastUsedAt field if it's non-nil, zero value otherwise.
+func (p *PersonalAccessTokenRequest) GetTokenLastUsedAt() Timestamp {
+	if p == nil || p.TokenLastUsedAt == nil {
+		return Timestamp{}
+	}
+	return *p.TokenLastUsedAt
+}
+
+// GetAction returns the Action field if it's non-nil, zero value otherwise.
+func (p *PersonalAccessTokenRequestEvent) GetAction() string {
+	if p == nil || p.Action == nil {
+		return ""
+	}
+	return *p.Action
+}
+
+// GetInstallation returns the Installation field.
+func (p *PersonalAccessTokenRequestEvent) GetInstallation() *Installation {
+	if p == nil {
+		return nil
+	}
+	return p.Installation
+}
+
+// GetOrg returns the Org field.
+func (p *PersonalAccessTokenRequestEvent) GetOrg() *Organization {
+	if p == nil {
+		return nil
+	}
+	return p.Org
+}
+
+// GetPersonalAccessTokenRequest returns the PersonalAccessTokenRequest field.
+func (p *PersonalAccessTokenRequestEvent) GetPersonalAccessTokenRequest() *PersonalAccessTokenRequest {
+	if p == nil {
+		return nil
+	}
+	return p.PersonalAccessTokenRequest
 }
 
-// GetSource returns the Source field.
-func (p *PagesUpdate) GetSource() *PagesSource {
+// GetSender returns the Sender field.
+func (p *PersonalAccessTokenRequestEvent) GetSender() *User {
 	if p == nil {
 		return nil
 	}
-	return p.Source
+	return p.Sender
 }
 
 // GetHook returns the Hook field.
@@ -12055,7 +13831,7 @@ func (p *Plan) GetName() string {
 }
 
 // GetPrivateRepos returns the PrivateRepos field if it's non-nil, zero value otherwise.
-func (p *Plan) GetPrivateRepos() int {
+func (p *Plan) GetPrivateRepos() int64 {
 	if p == nil || p.PrivateRepos == nil {
 		return 0
 	}
@@ -12078,6 +13854,22 @@ func (p *Plan) GetSpace() int {
 	return *p.Space
 }
 
+// GetCode returns the Code field if it's non-nil, zero value otherwise.
+func (p *PolicyOverrideReason) GetCode() string {
+	if p == nil || p.Code == nil {
+		return ""
+	}
+	return *p.Code
+}
+
+// GetMessage returns the Message field if it's non-nil, zero value otherwise.
+func (p *PolicyOverrideReason) GetMessage() string {
+	if p == nil || p.Message == nil {
+		return ""
+	}
+	return *p.Message
+}
+
 // GetConfigURL returns the ConfigURL field if it's non-nil, zero value otherwise.
 func (p *PreReceiveHook) GetConfigURL() string {
 	if p == nil || p.ConfigURL == nil {
@@ -12814,6 +14606,286 @@ func (p *ProjectPermissionLevel) GetUser() *User {
 	return p.User
 }
 
+// GetClosedAt returns the ClosedAt field if it's non-nil, zero value otherwise.
+func (p *ProjectsV2) GetClosedAt() Timestamp {
+	if p == nil || p.ClosedAt == nil {
+		return Timestamp{}
+	}
+	return *p.ClosedAt
+}
+
+// GetCreatedAt returns the CreatedAt field if it's non-nil, zero value otherwise.
+func (p *ProjectsV2) GetCreatedAt() Timestamp {
+	if p == nil || p.CreatedAt == nil {
+		return Timestamp{}
+	}
+	return *p.CreatedAt
+}
+
+// GetCreator returns the Creator field.
+func (p *ProjectsV2) GetCreator() *User {
+	if p == nil {
+		return nil
+	}
+	return p.Creator
+}
+
+// GetDeletedAt returns the DeletedAt field if it's non-nil, zero value otherwise.
+func (p *ProjectsV2) GetDeletedAt() Timestamp {
+	if p == nil || p.DeletedAt == nil {
+		return Timestamp{}
+	}
+	return *p.DeletedAt
+}
+
+// GetDeletedBy returns the DeletedBy field.
+func (p *ProjectsV2) GetDeletedBy() *User {
+	if p == nil {
+		return nil
+	}
+	return p.DeletedBy
+}
+
+// GetDescription returns the Description field if it's non-nil, zero value otherwise.
+func (p *ProjectsV2) GetDescription() string {
+	if p == nil || p.Description == nil {
+		return ""
+	}
+	return *p.Description
+}
+
+// GetID returns the ID field if it's non-nil, zero value otherwise.
+func (p *ProjectsV2) GetID() int64 {
+	if p == nil || p.ID == nil {
+		return 0
+	}
+	return *p.ID
+}
+
+// GetNodeID returns the NodeID field if it's non-nil, zero value otherwise.
+func (p *ProjectsV2) GetNodeID() string {
+	if p == nil || p.NodeID == nil {
+		return ""
+	}
+	return *p.NodeID
+}
+
+// GetNumber returns the Number field if it's non-nil, zero value otherwise.
+func (p *ProjectsV2) GetNumber() int {
+	if p == nil || p.Number == nil {
+		return 0
+	}
+	return *p.Number
+}
+
+// GetOwner returns the Owner field.
+func (p *ProjectsV2) GetOwner() *User {
+	if p == nil {
+		return nil
+	}
+	return p.Owner
+}
+
+// GetPublic returns the Public field if it's non-nil, zero value otherwise.
+func (p *ProjectsV2) GetPublic() bool {
+	if p == nil || p.Public == nil {
+		return false
+	}
+	return *p.Public
+}
+
+// GetShortDescription returns the ShortDescription field if it's non-nil, zero value otherwise.
+func (p *ProjectsV2) GetShortDescription() string {
+	if p == nil || p.ShortDescription == nil {
+		return ""
+	}
+	return *p.ShortDescription
+}
+
+// GetTitle returns the Title field if it's non-nil, zero value otherwise.
+func (p *ProjectsV2) GetTitle() string {
+	if p == nil || p.Title == nil {
+		return ""
+	}
+	return *p.Title
+}
+
+// GetUpdatedAt returns the UpdatedAt field if it's non-nil, zero value otherwise.
+func (p *ProjectsV2) GetUpdatedAt() Timestamp {
+	if p == nil || p.UpdatedAt == nil {
+		return Timestamp{}
+	}
+	return *p.UpdatedAt
+}
+
+// GetAction returns the Action field if it's non-nil, zero value otherwise.
+func (p *ProjectV2Event) GetAction() string {
+	if p == nil || p.Action == nil {
+		return ""
+	}
+	return *p.Action
+}
+
+// GetInstallation returns the Installation field.
+func (p *ProjectV2Event) GetInstallation() *Installation {
+	if p == nil {
+		return nil
+	}
+	return p.Installation
+}
+
+// GetOrg returns the Org field.
+func (p *ProjectV2Event) GetOrg() *Organization {
+	if p == nil {
+		return nil
+	}
+	return p.Org
+}
+
+// GetProjectsV2 returns the ProjectsV2 field.
+func (p *ProjectV2Event) GetProjectsV2() *ProjectsV2 {
+	if p == nil {
+		return nil
+	}
+	return p.ProjectsV2
+}
+
+// GetSender returns the Sender field.
+func (p *ProjectV2Event) GetSender() *User {
+	if p == nil {
+		return nil
+	}
+	return p.Sender
+}
+
+// GetArchivedAt returns the ArchivedAt field if it's non-nil, zero value otherwise.
+func (p *ProjectV2Item) GetArchivedAt() Timestamp {
+	if p == nil || p.ArchivedAt == nil {
+		return Timestamp{}
+	}
+	return *p.ArchivedAt
+}
+
+// GetContentNodeID returns the ContentNodeID field if it's non-nil, zero value otherwise.
+func (p *ProjectV2Item) GetContentNodeID() string {
+	if p == nil || p.ContentNodeID == nil {
+		return ""
+	}
+	return *p.ContentNodeID
+}
+
+// GetContentType returns the ContentType field if it's non-nil, zero value otherwise.
+func (p *ProjectV2Item) GetContentType() string {
+	if p == nil || p.ContentType == nil {
+		return ""
+	}
+	return *p.ContentType
+}
+
+// GetCreatedAt returns the CreatedAt field if it's non-nil, zero value otherwise.
+func (p *ProjectV2Item) GetCreatedAt() Timestamp {
+	if p == nil || p.CreatedAt == nil {
+		return Timestamp{}
+	}
+	return *p.CreatedAt
+}
+
+// GetCreator returns the Creator field.
+func (p *ProjectV2Item) GetCreator() *User {
+	if p == nil {
+		return nil
+	}
+	return p.Creator
+}
+
+// GetID returns the ID field if it's non-nil, zero value otherwise.
+func (p *ProjectV2Item) GetID() int64 {
+	if p == nil || p.ID == nil {
+		return 0
+	}
+	return *p.ID
+}
+
+// GetNodeID returns the NodeID field if it's non-nil, zero value otherwise.
+func (p *ProjectV2Item) GetNodeID() string {
+	if p == nil || p.NodeID == nil {
+		return ""
+	}
+	return *p.NodeID
+}
+
+// GetProjectNodeID returns the ProjectNodeID field if it's non-nil, zero value otherwise.
+func (p *ProjectV2Item) GetProjectNodeID() string {
+	if p == nil || p.ProjectNodeID == nil {
+		return ""
+	}
+	return *p.ProjectNodeID
+}
+
+// GetUpdatedAt returns the UpdatedAt field if it's non-nil, zero value otherwise.
+func (p *ProjectV2Item) GetUpdatedAt() Timestamp {
+	if p == nil || p.UpdatedAt == nil {
+		return Timestamp{}
+	}
+	return *p.UpdatedAt
+}
+
+// GetArchivedAt returns the ArchivedAt field.
+func (p *ProjectV2ItemChange) GetArchivedAt() *ArchivedAt {
+	if p == nil {
+		return nil
+	}
+	return p.ArchivedAt
+}
+
+// GetAction returns the Action field if it's non-nil, zero value otherwise.
+func (p *ProjectV2ItemEvent) GetAction() string {
+	if p == nil || p.Action == nil {
+		return ""
+	}
+	return *p.Action
+}
+
+// GetChanges returns the Changes field.
+func (p *ProjectV2ItemEvent) GetChanges() *ProjectV2ItemChange {
+	if p == nil {
+		return nil
+	}
+	return p.Changes
+}
+
+// GetInstallation returns the Installation field.
+func (p *ProjectV2ItemEvent) GetInstallation() *Installation {
+	if p == nil {
+		return nil
+	}
+	return p.Installation
+}
+
+// GetOrg returns the Org field.
+func (p *ProjectV2ItemEvent) GetOrg() *Organization {
+	if p == nil {
+		return nil
+	}
+	return p.Org
+}
+
+// GetProjectV2Item returns the ProjectV2Item field.
+func (p *ProjectV2ItemEvent) GetProjectV2Item() *ProjectV2Item {
+	if p == nil {
+		return nil
+	}
+	return p.ProjectV2Item
+}
+
+// GetSender returns the Sender field.
+func (p *ProjectV2ItemEvent) GetSender() *User {
+	if p == nil {
+		return nil
+	}
+	return p.Sender
+}
+
 // GetAllowDeletions returns the AllowDeletions field.
 func (p *Protection) GetAllowDeletions() *AllowDeletions {
 	if p == nil {
@@ -12878,6 +14950,14 @@ func (p *Protection) GetRequiredPullRequestReviews() *PullRequestReviewsEnforcem
 	return p.RequiredPullRequestReviews
 }
 
+// GetRequiredSignatures returns the RequiredSignatures field.
+func (p *Protection) GetRequiredSignatures() *SignaturesProtectedBranch {
+	if p == nil {
+		return nil
+	}
+	return p.RequiredSignatures
+}
+
 // GetRequiredStatusChecks returns the RequiredStatusChecks field.
 func (p *Protection) GetRequiredStatusChecks() *RequiredStatusChecks {
 	if p == nil {
@@ -12899,7 +14979,15 @@ func (p *Protection) GetRestrictions() *BranchRestrictions {
 	if p == nil {
 		return nil
 	}
-	return p.Restrictions
+	return p.Restrictions
+}
+
+// GetURL returns the URL field if it's non-nil, zero value otherwise.
+func (p *Protection) GetURL() string {
+	if p == nil || p.URL == nil {
+		return ""
+	}
+	return *p.URL
 }
 
 // GetAdminEnforced returns the AdminEnforced field.
@@ -13798,6 +15886,14 @@ func (p *PullRequestComment) GetStartSide() string {
 	return *p.StartSide
 }
 
+// GetSubjectType returns the SubjectType field if it's non-nil, zero value otherwise.
+func (p *PullRequestComment) GetSubjectType() string {
+	if p == nil || p.SubjectType == nil {
+		return ""
+	}
+	return *p.SubjectType
+}
+
 // GetUpdatedAt returns the UpdatedAt field if it's non-nil, zero value otherwise.
 func (p *PullRequestComment) GetUpdatedAt() Timestamp {
 	if p == nil || p.UpdatedAt == nil {
@@ -14574,6 +16670,14 @@ func (p *PushEvent) GetBefore() string {
 	return *p.Before
 }
 
+// GetCommits returns the Commits slice if it's non-nil, nil otherwise.
+func (p *PushEvent) GetCommits() []*HeadCommit {
+	if p == nil || p.Commits == nil {
+		return nil
+	}
+	return p.Commits
+}
+
 // GetCompare returns the Compare field if it's non-nil, zero value otherwise.
 func (p *PushEvent) GetCompare() string {
 	if p == nil || p.Compare == nil {
@@ -15414,6 +17518,62 @@ func (r *RenameOrgResponse) GetURL() string {
 	return *r.URL
 }
 
+// GetDownloadLocation returns the DownloadLocation field if it's non-nil, zero value otherwise.
+func (r *RepoDependencies) GetDownloadLocation() string {
+	if r == nil || r.DownloadLocation == nil {
+		return ""
+	}
+	return *r.DownloadLocation
+}
+
+// GetFilesAnalyzed returns the FilesAnalyzed field if it's non-nil, zero value otherwise.
+func (r *RepoDependencies) GetFilesAnalyzed() bool {
+	if r == nil || r.FilesAnalyzed == nil {
+		return false
+	}
+	return *r.FilesAnalyzed
+}
+
+// GetLicenseConcluded returns the LicenseConcluded field if it's non-nil, zero value otherwise.
+func (r *RepoDependencies) GetLicenseConcluded() string {
+	if r == nil || r.LicenseConcluded == nil {
+		return ""
+	}
+	return *r.LicenseConcluded
+}
+
+// GetLicenseDeclared returns the LicenseDeclared field if it's non-nil, zero value otherwise.
+func (r *RepoDependencies) GetLicenseDeclared() string {
+	if r == nil || r.LicenseDeclared == nil {
+		return ""
+	}
+	return *r.LicenseDeclared
+}
+
+// GetName returns the Name field if it's non-nil, zero value otherwise.
+func (r *RepoDependencies) GetName() string {
+	if r == nil || r.Name == nil {
+		return ""
+	}
+	return *r.Name
+}
+
+// GetSPDXID returns the SPDXID field if it's non-nil, zero value otherwise.
+func (r *RepoDependencies) GetSPDXID() string {
+	if r == nil || r.SPDXID == nil {
+		return ""
+	}
+	return *r.SPDXID
+}
+
+// GetVersionInfo returns the VersionInfo field if it's non-nil, zero value otherwise.
+func (r *RepoDependencies) GetVersionInfo() string {
+	if r == nil || r.VersionInfo == nil {
+		return ""
+	}
+	return *r.VersionInfo
+}
+
 // GetBranch returns the Branch field if it's non-nil, zero value otherwise.
 func (r *RepoMergeUpstreamRequest) GetBranch() string {
 	if r == nil || r.Branch == nil {
@@ -15454,6 +17614,102 @@ func (r *RepoName) GetFrom() string {
 	return *r.From
 }
 
+// GetBadgeURL returns the BadgeURL field if it's non-nil, zero value otherwise.
+func (r *RepoRequiredWorkflow) GetBadgeURL() string {
+	if r == nil || r.BadgeURL == nil {
+		return ""
+	}
+	return *r.BadgeURL
+}
+
+// GetCreatedAt returns the CreatedAt field if it's non-nil, zero value otherwise.
+func (r *RepoRequiredWorkflow) GetCreatedAt() Timestamp {
+	if r == nil || r.CreatedAt == nil {
+		return Timestamp{}
+	}
+	return *r.CreatedAt
+}
+
+// GetHTMLURL returns the HTMLURL field if it's non-nil, zero value otherwise.
+func (r *RepoRequiredWorkflow) GetHTMLURL() string {
+	if r == nil || r.HTMLURL == nil {
+		return ""
+	}
+	return *r.HTMLURL
+}
+
+// GetID returns the ID field if it's non-nil, zero value otherwise.
+func (r *RepoRequiredWorkflow) GetID() int64 {
+	if r == nil || r.ID == nil {
+		return 0
+	}
+	return *r.ID
+}
+
+// GetName returns the Name field if it's non-nil, zero value otherwise.
+func (r *RepoRequiredWorkflow) GetName() string {
+	if r == nil || r.Name == nil {
+		return ""
+	}
+	return *r.Name
+}
+
+// GetNodeID returns the NodeID field if it's non-nil, zero value otherwise.
+func (r *RepoRequiredWorkflow) GetNodeID() string {
+	if r == nil || r.NodeID == nil {
+		return ""
+	}
+	return *r.NodeID
+}
+
+// GetPath returns the Path field if it's non-nil, zero value otherwise.
+func (r *RepoRequiredWorkflow) GetPath() string {
+	if r == nil || r.Path == nil {
+		return ""
+	}
+	return *r.Path
+}
+
+// GetSourceRepository returns the SourceRepository field.
+func (r *RepoRequiredWorkflow) GetSourceRepository() *Repository {
+	if r == nil {
+		return nil
+	}
+	return r.SourceRepository
+}
+
+// GetState returns the State field if it's non-nil, zero value otherwise.
+func (r *RepoRequiredWorkflow) GetState() string {
+	if r == nil || r.State == nil {
+		return ""
+	}
+	return *r.State
+}
+
+// GetUpdatedAt returns the UpdatedAt field if it's non-nil, zero value otherwise.
+func (r *RepoRequiredWorkflow) GetUpdatedAt() Timestamp {
+	if r == nil || r.UpdatedAt == nil {
+		return Timestamp{}
+	}
+	return *r.UpdatedAt
+}
+
+// GetURL returns the URL field if it's non-nil, zero value otherwise.
+func (r *RepoRequiredWorkflow) GetURL() string {
+	if r == nil || r.URL == nil {
+		return ""
+	}
+	return *r.URL
+}
+
+// GetTotalCount returns the TotalCount field if it's non-nil, zero value otherwise.
+func (r *RepoRequiredWorkflows) GetTotalCount() int {
+	if r == nil || r.TotalCount == nil {
+		return 0
+	}
+	return *r.TotalCount
+}
+
 // GetIncompleteResults returns the IncompleteResults field if it's non-nil, zero value otherwise.
 func (r *RepositoriesSearchResult) GetIncompleteResults() bool {
 	if r == nil || r.IncompleteResults == nil {
@@ -16550,6 +18806,14 @@ func (r *RepositoryContent) GetSize() int {
 	return *r.Size
 }
 
+// GetSubmoduleGitURL returns the SubmoduleGitURL field if it's non-nil, zero value otherwise.
+func (r *RepositoryContent) GetSubmoduleGitURL() string {
+	if r == nil || r.SubmoduleGitURL == nil {
+		return ""
+	}
+	return *r.SubmoduleGitURL
+}
+
 // GetTarget returns the Target field if it's non-nil, zero value otherwise.
 func (r *RepositoryContent) GetTarget() string {
 	if r == nil || r.Target == nil {
@@ -17110,6 +19374,14 @@ func (r *RepositoryRelease) GetZipballURL() string {
 	return *r.ZipballURL
 }
 
+// GetParameters returns the Parameters field if it's non-nil, zero value otherwise.
+func (r *RepositoryRule) GetParameters() json.RawMessage {
+	if r == nil || r.Parameters == nil {
+		return json.RawMessage{}
+	}
+	return *r.Parameters
+}
+
 // GetCommit returns the Commit field.
 func (r *RepositoryTag) GetCommit() *Commit {
 	if r == nil {
@@ -17451,87 +19723,239 @@ func (r *RequiredStatusCheck) GetAppID() int64 {
 	if r == nil || r.AppID == nil {
 		return 0
 	}
-	return *r.AppID
+	return *r.AppID
+}
+
+// GetContextsURL returns the ContextsURL field if it's non-nil, zero value otherwise.
+func (r *RequiredStatusChecks) GetContextsURL() string {
+	if r == nil || r.ContextsURL == nil {
+		return ""
+	}
+	return *r.ContextsURL
+}
+
+// GetURL returns the URL field if it's non-nil, zero value otherwise.
+func (r *RequiredStatusChecks) GetURL() string {
+	if r == nil || r.URL == nil {
+		return ""
+	}
+	return *r.URL
+}
+
+// GetFrom returns the From field if it's non-nil, zero value otherwise.
+func (r *RequiredStatusChecksEnforcementLevelChanges) GetFrom() string {
+	if r == nil || r.From == nil {
+		return ""
+	}
+	return *r.From
+}
+
+// GetStrict returns the Strict field if it's non-nil, zero value otherwise.
+func (r *RequiredStatusChecksRequest) GetStrict() bool {
+	if r == nil || r.Strict == nil {
+		return false
+	}
+	return *r.Strict
+}
+
+// GetTotalCount returns the TotalCount field if it's non-nil, zero value otherwise.
+func (r *RequiredWorkflowSelectedRepos) GetTotalCount() int {
+	if r == nil || r.TotalCount == nil {
+		return 0
+	}
+	return *r.TotalCount
+}
+
+// GetNodeID returns the NodeID field if it's non-nil, zero value otherwise.
+func (r *ReviewersRequest) GetNodeID() string {
+	if r == nil || r.NodeID == nil {
+		return ""
+	}
+	return *r.NodeID
+}
+
+// GetReason returns the Reason field if it's non-nil, zero value otherwise.
+func (r *ReviewPersonalAccessTokenRequestOptions) GetReason() string {
+	if r == nil || r.Reason == nil {
+		return ""
+	}
+	return *r.Reason
+}
+
+// GetDescription returns the Description field if it's non-nil, zero value otherwise.
+func (r *Rule) GetDescription() string {
+	if r == nil || r.Description == nil {
+		return ""
+	}
+	return *r.Description
+}
+
+// GetFullDescription returns the FullDescription field if it's non-nil, zero value otherwise.
+func (r *Rule) GetFullDescription() string {
+	if r == nil || r.FullDescription == nil {
+		return ""
+	}
+	return *r.FullDescription
+}
+
+// GetHelp returns the Help field if it's non-nil, zero value otherwise.
+func (r *Rule) GetHelp() string {
+	if r == nil || r.Help == nil {
+		return ""
+	}
+	return *r.Help
+}
+
+// GetID returns the ID field if it's non-nil, zero value otherwise.
+func (r *Rule) GetID() string {
+	if r == nil || r.ID == nil {
+		return ""
+	}
+	return *r.ID
+}
+
+// GetName returns the Name field if it's non-nil, zero value otherwise.
+func (r *Rule) GetName() string {
+	if r == nil || r.Name == nil {
+		return ""
+	}
+	return *r.Name
+}
+
+// GetSecuritySeverityLevel returns the SecuritySeverityLevel field if it's non-nil, zero value otherwise.
+func (r *Rule) GetSecuritySeverityLevel() string {
+	if r == nil || r.SecuritySeverityLevel == nil {
+		return ""
+	}
+	return *r.SecuritySeverityLevel
+}
+
+// GetSeverity returns the Severity field if it's non-nil, zero value otherwise.
+func (r *Rule) GetSeverity() string {
+	if r == nil || r.Severity == nil {
+		return ""
+	}
+	return *r.Severity
+}
+
+// GetName returns the Name field if it's non-nil, zero value otherwise.
+func (r *RulePatternParameters) GetName() string {
+	if r == nil || r.Name == nil {
+		return ""
+	}
+	return *r.Name
+}
+
+// GetNegate returns the Negate field if it's non-nil, zero value otherwise.
+func (r *RulePatternParameters) GetNegate() bool {
+	if r == nil || r.Negate == nil {
+		return false
+	}
+	return *r.Negate
+}
+
+// GetIntegrationID returns the IntegrationID field if it's non-nil, zero value otherwise.
+func (r *RuleRequiredStatusChecks) GetIntegrationID() int64 {
+	if r == nil || r.IntegrationID == nil {
+		return 0
+	}
+	return *r.IntegrationID
+}
+
+// GetConditions returns the Conditions field.
+func (r *Ruleset) GetConditions() *RulesetConditions {
+	if r == nil {
+		return nil
+	}
+	return r.Conditions
 }
 
-// GetFrom returns the From field if it's non-nil, zero value otherwise.
-func (r *RequiredStatusChecksEnforcementLevelChanges) GetFrom() string {
-	if r == nil || r.From == nil {
-		return ""
+// GetID returns the ID field if it's non-nil, zero value otherwise.
+func (r *Ruleset) GetID() int64 {
+	if r == nil || r.ID == nil {
+		return 0
 	}
-	return *r.From
+	return *r.ID
 }
 
-// GetStrict returns the Strict field if it's non-nil, zero value otherwise.
-func (r *RequiredStatusChecksRequest) GetStrict() bool {
-	if r == nil || r.Strict == nil {
-		return false
+// GetLinks returns the Links field.
+func (r *Ruleset) GetLinks() *RulesetLinks {
+	if r == nil {
+		return nil
 	}
-	return *r.Strict
+	return r.Links
 }
 
 // GetNodeID returns the NodeID field if it's non-nil, zero value otherwise.
-func (r *ReviewersRequest) GetNodeID() string {
+func (r *Ruleset) GetNodeID() string {
 	if r == nil || r.NodeID == nil {
 		return ""
 	}
 	return *r.NodeID
 }
 
-// GetDescription returns the Description field if it's non-nil, zero value otherwise.
-func (r *Rule) GetDescription() string {
-	if r == nil || r.Description == nil {
+// GetSourceType returns the SourceType field if it's non-nil, zero value otherwise.
+func (r *Ruleset) GetSourceType() string {
+	if r == nil || r.SourceType == nil {
 		return ""
 	}
-	return *r.Description
+	return *r.SourceType
 }
 
-// GetFullDescription returns the FullDescription field if it's non-nil, zero value otherwise.
-func (r *Rule) GetFullDescription() string {
-	if r == nil || r.FullDescription == nil {
+// GetTarget returns the Target field if it's non-nil, zero value otherwise.
+func (r *Ruleset) GetTarget() string {
+	if r == nil || r.Target == nil {
 		return ""
 	}
-	return *r.FullDescription
+	return *r.Target
 }
 
-// GetHelp returns the Help field if it's non-nil, zero value otherwise.
-func (r *Rule) GetHelp() string {
-	if r == nil || r.Help == nil {
-		return ""
+// GetRefName returns the RefName field.
+func (r *RulesetConditions) GetRefName() *RulesetRefConditionParameters {
+	if r == nil {
+		return nil
 	}
-	return *r.Help
+	return r.RefName
 }
 
-// GetID returns the ID field if it's non-nil, zero value otherwise.
-func (r *Rule) GetID() string {
-	if r == nil || r.ID == nil {
-		return ""
+// GetRepositoryID returns the RepositoryID field.
+func (r *RulesetConditions) GetRepositoryID() *RulesetRepositoryIDsConditionParameters {
+	if r == nil {
+		return nil
 	}
-	return *r.ID
+	return r.RepositoryID
 }
 
-// GetName returns the Name field if it's non-nil, zero value otherwise.
-func (r *Rule) GetName() string {
-	if r == nil || r.Name == nil {
-		return ""
+// GetRepositoryName returns the RepositoryName field.
+func (r *RulesetConditions) GetRepositoryName() *RulesetRepositoryNamesConditionParameters {
+	if r == nil {
+		return nil
 	}
-	return *r.Name
+	return r.RepositoryName
 }
 
-// GetSecuritySeverityLevel returns the SecuritySeverityLevel field if it's non-nil, zero value otherwise.
-func (r *Rule) GetSecuritySeverityLevel() string {
-	if r == nil || r.SecuritySeverityLevel == nil {
+// GetHRef returns the HRef field if it's non-nil, zero value otherwise.
+func (r *RulesetLink) GetHRef() string {
+	if r == nil || r.HRef == nil {
 		return ""
 	}
-	return *r.SecuritySeverityLevel
+	return *r.HRef
 }
 
-// GetSeverity returns the Severity field if it's non-nil, zero value otherwise.
-func (r *Rule) GetSeverity() string {
-	if r == nil || r.Severity == nil {
-		return ""
+// GetSelf returns the Self field.
+func (r *RulesetLinks) GetSelf() *RulesetLink {
+	if r == nil {
+		return nil
 	}
-	return *r.Severity
+	return r.Self
+}
+
+// GetProtected returns the Protected field if it's non-nil, zero value otherwise.
+func (r *RulesetRepositoryNamesConditionParameters) GetProtected() bool {
+	if r == nil || r.Protected == nil {
+		return false
+	}
+	return *r.Protected
 }
 
 // GetBusy returns the Busy field if it's non-nil, zero value otherwise.
@@ -17790,6 +20214,78 @@ func (s *SarifID) GetURL() string {
 	return *s.URL
 }
 
+// GetAnalysesURL returns the AnalysesURL field if it's non-nil, zero value otherwise.
+func (s *SARIFUpload) GetAnalysesURL() string {
+	if s == nil || s.AnalysesURL == nil {
+		return ""
+	}
+	return *s.AnalysesURL
+}
+
+// GetProcessingStatus returns the ProcessingStatus field if it's non-nil, zero value otherwise.
+func (s *SARIFUpload) GetProcessingStatus() string {
+	if s == nil || s.ProcessingStatus == nil {
+		return ""
+	}
+	return *s.ProcessingStatus
+}
+
+// GetSBOM returns the SBOM field.
+func (s *SBOM) GetSBOM() *SBOMInfo {
+	if s == nil {
+		return nil
+	}
+	return s.SBOM
+}
+
+// GetCreationInfo returns the CreationInfo field.
+func (s *SBOMInfo) GetCreationInfo() *CreationInfo {
+	if s == nil {
+		return nil
+	}
+	return s.CreationInfo
+}
+
+// GetDataLicense returns the DataLicense field if it's non-nil, zero value otherwise.
+func (s *SBOMInfo) GetDataLicense() string {
+	if s == nil || s.DataLicense == nil {
+		return ""
+	}
+	return *s.DataLicense
+}
+
+// GetDocumentNamespace returns the DocumentNamespace field if it's non-nil, zero value otherwise.
+func (s *SBOMInfo) GetDocumentNamespace() string {
+	if s == nil || s.DocumentNamespace == nil {
+		return ""
+	}
+	return *s.DocumentNamespace
+}
+
+// GetName returns the Name field if it's non-nil, zero value otherwise.
+func (s *SBOMInfo) GetName() string {
+	if s == nil || s.Name == nil {
+		return ""
+	}
+	return *s.Name
+}
+
+// GetSPDXID returns the SPDXID field if it's non-nil, zero value otherwise.
+func (s *SBOMInfo) GetSPDXID() string {
+	if s == nil || s.SPDXID == nil {
+		return ""
+	}
+	return *s.SPDXID
+}
+
+// GetSPDXVersion returns the SPDXVersion field if it's non-nil, zero value otherwise.
+func (s *SBOMInfo) GetSPDXVersion() string {
+	if s == nil || s.SPDXVersion == nil {
+		return ""
+	}
+	return *s.SPDXVersion
+}
+
 // GetAnalysisKey returns the AnalysisKey field if it's non-nil, zero value otherwise.
 func (s *ScanningAnalysis) GetAnalysisKey() string {
 	if s == nil || s.AnalysisKey == nil {
@@ -18070,6 +20566,14 @@ func (s *SecretScanningAlert) GetNumber() int {
 	return *s.Number
 }
 
+// GetRepository returns the Repository field.
+func (s *SecretScanningAlert) GetRepository() *Repository {
+	if s == nil {
+		return nil
+	}
+	return s.Repository
+}
+
 // GetResolution returns the Resolution field if it's non-nil, zero value otherwise.
 func (s *SecretScanningAlert) GetResolution() string {
 	if s == nil || s.Resolution == nil {
@@ -18110,6 +20614,14 @@ func (s *SecretScanningAlert) GetSecretType() string {
 	return *s.SecretType
 }
 
+// GetSecretTypeDisplayName returns the SecretTypeDisplayName field if it's non-nil, zero value otherwise.
+func (s *SecretScanningAlert) GetSecretTypeDisplayName() string {
+	if s == nil || s.SecretTypeDisplayName == nil {
+		return ""
+	}
+	return *s.SecretTypeDisplayName
+}
+
 // GetState returns the State field if it's non-nil, zero value otherwise.
 func (s *SecretScanningAlert) GetState() string {
 	if s == nil || s.State == nil {
@@ -18302,6 +20814,14 @@ func (s *SecretScanningPushProtection) GetStatus() string {
 	return *s.Status
 }
 
+// GetCVSS returns the CVSS field.
+func (s *SecurityAdvisory) GetCVSS() *AdvisoryCVSS {
+	if s == nil {
+		return nil
+	}
+	return s.CVSS
+}
+
 // GetDescription returns the Description field if it's non-nil, zero value otherwise.
 func (s *SecurityAdvisory) GetDescription() string {
 	if s == nil || s.Description == nil {
@@ -18366,6 +20886,38 @@ func (s *SecurityAdvisoryEvent) GetAction() string {
 	return *s.Action
 }
 
+// GetEnterprise returns the Enterprise field.
+func (s *SecurityAdvisoryEvent) GetEnterprise() *Enterprise {
+	if s == nil {
+		return nil
+	}
+	return s.Enterprise
+}
+
+// GetInstallation returns the Installation field.
+func (s *SecurityAdvisoryEvent) GetInstallation() *Installation {
+	if s == nil {
+		return nil
+	}
+	return s.Installation
+}
+
+// GetOrganization returns the Organization field.
+func (s *SecurityAdvisoryEvent) GetOrganization() *Organization {
+	if s == nil {
+		return nil
+	}
+	return s.Organization
+}
+
+// GetRepository returns the Repository field.
+func (s *SecurityAdvisoryEvent) GetRepository() *Repository {
+	if s == nil {
+		return nil
+	}
+	return s.Repository
+}
+
 // GetSecurityAdvisory returns the SecurityAdvisory field.
 func (s *SecurityAdvisoryEvent) GetSecurityAdvisory() *SecurityAdvisory {
 	if s == nil {
@@ -18374,6 +20926,14 @@ func (s *SecurityAdvisoryEvent) GetSecurityAdvisory() *SecurityAdvisory {
 	return s.SecurityAdvisory
 }
 
+// GetSender returns the Sender field.
+func (s *SecurityAdvisoryEvent) GetSender() *User {
+	if s == nil {
+		return nil
+	}
+	return s.Sender
+}
+
 // GetAdvancedSecurity returns the AdvancedSecurity field.
 func (s *SecurityAndAnalysis) GetAdvancedSecurity() *AdvancedSecurity {
 	if s == nil {
@@ -18382,6 +20942,14 @@ func (s *SecurityAndAnalysis) GetAdvancedSecurity() *AdvancedSecurity {
 	return s.AdvancedSecurity
 }
 
+// GetDependabotSecurityUpdates returns the DependabotSecurityUpdates field.
+func (s *SecurityAndAnalysis) GetDependabotSecurityUpdates() *DependabotSecurityUpdates {
+	if s == nil {
+		return nil
+	}
+	return s.DependabotSecurityUpdates
+}
+
 // GetSecretScanning returns the SecretScanning field.
 func (s *SecurityAndAnalysis) GetSecretScanning() *SecretScanning {
 	if s == nil {
@@ -18398,6 +20966,70 @@ func (s *SecurityAndAnalysis) GetSecretScanningPushProtection() *SecretScanningP
 	return s.SecretScanningPushProtection
 }
 
+// GetFrom returns the From field.
+func (s *SecurityAndAnalysisChange) GetFrom() *SecurityAndAnalysisChangeFrom {
+	if s == nil {
+		return nil
+	}
+	return s.From
+}
+
+// GetSecurityAndAnalysis returns the SecurityAndAnalysis field.
+func (s *SecurityAndAnalysisChangeFrom) GetSecurityAndAnalysis() *SecurityAndAnalysis {
+	if s == nil {
+		return nil
+	}
+	return s.SecurityAndAnalysis
+}
+
+// GetChanges returns the Changes field.
+func (s *SecurityAndAnalysisEvent) GetChanges() *SecurityAndAnalysisChange {
+	if s == nil {
+		return nil
+	}
+	return s.Changes
+}
+
+// GetEnterprise returns the Enterprise field.
+func (s *SecurityAndAnalysisEvent) GetEnterprise() *Enterprise {
+	if s == nil {
+		return nil
+	}
+	return s.Enterprise
+}
+
+// GetInstallation returns the Installation field.
+func (s *SecurityAndAnalysisEvent) GetInstallation() *Installation {
+	if s == nil {
+		return nil
+	}
+	return s.Installation
+}
+
+// GetOrganization returns the Organization field.
+func (s *SecurityAndAnalysisEvent) GetOrganization() *Organization {
+	if s == nil {
+		return nil
+	}
+	return s.Organization
+}
+
+// GetRepository returns the Repository field.
+func (s *SecurityAndAnalysisEvent) GetRepository() *Repository {
+	if s == nil {
+		return nil
+	}
+	return s.Repository
+}
+
+// GetSender returns the Sender field.
+func (s *SecurityAndAnalysisEvent) GetSender() *User {
+	if s == nil {
+		return nil
+	}
+	return s.Sender
+}
+
 // GetTotalCount returns the TotalCount field if it's non-nil, zero value otherwise.
 func (s *SelectedReposList) GetTotalCount() int {
 	if s == nil || s.TotalCount == nil {
@@ -20030,6 +22662,14 @@ func (t *TrafficViews) GetUniques() int {
 	return *t.Uniques
 }
 
+// GetNewName returns the NewName field if it's non-nil, zero value otherwise.
+func (t *TransferRequest) GetNewName() string {
+	if t == nil || t.NewName == nil {
+		return ""
+	}
+	return *t.NewName
+}
+
 // GetSHA returns the SHA field if it's non-nil, zero value otherwise.
 func (t *Tree) GetSHA() string {
 	if t == nil || t.SHA == nil {
@@ -20158,6 +22798,30 @@ func (u *UpdateCheckRunOptions) GetStatus() string {
 	return *u.Status
 }
 
+// GetQuerySuite returns the QuerySuite field if it's non-nil, zero value otherwise.
+func (u *UpdateDefaultSetupConfigurationOptions) GetQuerySuite() string {
+	if u == nil || u.QuerySuite == nil {
+		return ""
+	}
+	return *u.QuerySuite
+}
+
+// GetRunID returns the RunID field if it's non-nil, zero value otherwise.
+func (u *UpdateDefaultSetupConfigurationResponse) GetRunID() int64 {
+	if u == nil || u.RunID == nil {
+		return 0
+	}
+	return *u.RunID
+}
+
+// GetRunURL returns the RunURL field if it's non-nil, zero value otherwise.
+func (u *UpdateDefaultSetupConfigurationResponse) GetRunURL() string {
+	if u == nil || u.RunURL == nil {
+		return ""
+	}
+	return *u.RunURL
+}
+
 // GetAllowsPublicRepositories returns the AllowsPublicRepositories field if it's non-nil, zero value otherwise.
 func (u *UpdateRunnerGroupRequest) GetAllowsPublicRepositories() bool {
 	if u == nil || u.AllowsPublicRepositories == nil {
@@ -20383,7 +23047,7 @@ func (u *User) GetOrganizationsURL() string {
 }
 
 // GetOwnedPrivateRepos returns the OwnedPrivateRepos field if it's non-nil, zero value otherwise.
-func (u *User) GetOwnedPrivateRepos() int {
+func (u *User) GetOwnedPrivateRepos() int64 {
 	if u == nil || u.OwnedPrivateRepos == nil {
 		return 0
 	}
@@ -20487,7 +23151,7 @@ func (u *User) GetSuspendedAt() Timestamp {
 }
 
 // GetTotalPrivateRepos returns the TotalPrivateRepos field if it's non-nil, zero value otherwise.
-func (u *User) GetTotalPrivateRepos() int {
+func (u *User) GetTotalPrivateRepos() int64 {
 	if u == nil || u.TotalPrivateRepos == nil {
 		return 0
 	}
@@ -21222,6 +23886,14 @@ func (w *WorkflowJob) GetCreatedAt() Timestamp {
 	return *w.CreatedAt
 }
 
+// GetHeadBranch returns the HeadBranch field if it's non-nil, zero value otherwise.
+func (w *WorkflowJob) GetHeadBranch() string {
+	if w == nil || w.HeadBranch == nil {
+		return ""
+	}
+	return *w.HeadBranch
+}
+
 // GetHeadSHA returns the HeadSHA field if it's non-nil, zero value otherwise.
 func (w *WorkflowJob) GetHeadSHA() string {
 	if w == nil || w.HeadSHA == nil {
@@ -21462,6 +24134,14 @@ func (w *WorkflowRun) GetCreatedAt() Timestamp {
 	return *w.CreatedAt
 }
 
+// GetDisplayTitle returns the DisplayTitle field if it's non-nil, zero value otherwise.
+func (w *WorkflowRun) GetDisplayTitle() string {
+	if w == nil || w.DisplayTitle == nil {
+		return ""
+	}
+	return *w.DisplayTitle
+}
+
 // GetEvent returns the Event field if it's non-nil, zero value otherwise.
 func (w *WorkflowRun) GetEvent() string {
 	if w == nil || w.Event == nil {
@@ -21606,6 +24286,14 @@ func (w *WorkflowRun) GetStatus() string {
 	return *w.Status
 }
 
+// GetTriggeringActor returns the TriggeringActor field.
+func (w *WorkflowRun) GetTriggeringActor() *User {
+	if w == nil {
+		return nil
+	}
+	return w.TriggeringActor
+}
+
 // GetUpdatedAt returns the UpdatedAt field if it's non-nil, zero value otherwise.
 func (w *WorkflowRun) GetUpdatedAt() Timestamp {
 	if w == nil || w.UpdatedAt == nil {
diff --git a/vendor/github.com/google/go-github/v50/github/github.go b/vendor/github.com/google/go-github/v55/github/github.go
similarity index 88%
rename from vendor/github.com/google/go-github/v50/github/github.go
rename to vendor/github.com/google/go-github/v55/github/github.go
index 4c4827e53..df0114446 100644
--- a/vendor/github.com/google/go-github/v50/github/github.go
+++ b/vendor/github.com/google/go-github/v55/github/github.go
@@ -24,11 +24,10 @@ import (
 	"time"
 
 	"github.com/google/go-querystring/query"
-	"golang.org/x/oauth2"
 )
 
 const (
-	Version = "v50.2.0"
+	Version = "v55.0.0"
 
 	defaultAPIVersion = "2022-11-28"
 	defaultBaseURL    = "https://api.github.com/"
@@ -40,6 +39,7 @@ const (
 	headerRateRemaining = "X-RateLimit-Remaining"
 	headerRateReset     = "X-RateLimit-Reset"
 	headerOTP           = "X-GitHub-OTP"
+	headerRetryAfter    = "Retry-After"
 
 	headerTokenExpiration = "GitHub-Authentication-Token-Expiration"
 
@@ -125,9 +125,6 @@ const (
 	// https://developer.github.com/changes/2019-04-24-vulnerability-alerts/
 	mediaTypeRequiredVulnerabilityAlertsPreview = "application/vnd.github.dorian-preview+json"
 
-	// https://developer.github.com/changes/2019-06-04-automated-security-fixes/
-	mediaTypeRequiredAutomatedSecurityFixesPreview = "application/vnd.github.london-preview+json"
-
 	// https://developer.github.com/changes/2019-05-29-update-branch-api/
 	mediaTypeUpdatePullRequestBranchPreview = "application/vnd.github.lydian-preview+json"
 
@@ -178,35 +175,38 @@ type Client struct {
 	common service // Reuse a single struct instead of allocating one for each service on the heap.
 
 	// Services used for talking to different parts of the GitHub API.
-	Actions        *ActionsService
-	Activity       *ActivityService
-	Admin          *AdminService
-	Apps           *AppsService
-	Authorizations *AuthorizationsService
-	Billing        *BillingService
-	Checks         *ChecksService
-	CodeScanning   *CodeScanningService
-	Dependabot     *DependabotService
-	Enterprise     *EnterpriseService
-	Gists          *GistsService
-	Git            *GitService
-	Gitignores     *GitignoresService
-	Interactions   *InteractionsService
-	IssueImport    *IssueImportService
-	Issues         *IssuesService
-	Licenses       *LicensesService
-	Marketplace    *MarketplaceService
-	Migrations     *MigrationService
-	Organizations  *OrganizationsService
-	Projects       *ProjectsService
-	PullRequests   *PullRequestsService
-	Reactions      *ReactionsService
-	Repositories   *RepositoriesService
-	SCIM           *SCIMService
-	Search         *SearchService
-	SecretScanning *SecretScanningService
-	Teams          *TeamsService
-	Users          *UsersService
+	Actions            *ActionsService
+	Activity           *ActivityService
+	Admin              *AdminService
+	Apps               *AppsService
+	Authorizations     *AuthorizationsService
+	Billing            *BillingService
+	Checks             *ChecksService
+	CodeScanning       *CodeScanningService
+	Codespaces         *CodespacesService
+	Dependabot         *DependabotService
+	DependencyGraph    *DependencyGraphService
+	Enterprise         *EnterpriseService
+	Gists              *GistsService
+	Git                *GitService
+	Gitignores         *GitignoresService
+	Interactions       *InteractionsService
+	IssueImport        *IssueImportService
+	Issues             *IssuesService
+	Licenses           *LicensesService
+	Marketplace        *MarketplaceService
+	Migrations         *MigrationService
+	Organizations      *OrganizationsService
+	Projects           *ProjectsService
+	PullRequests       *PullRequestsService
+	Reactions          *ReactionsService
+	Repositories       *RepositoriesService
+	SCIM               *SCIMService
+	Search             *SearchService
+	SecretScanning     *SecretScanningService
+	SecurityAdvisories *SecurityAdvisoriesService
+	Teams              *TeamsService
+	Users              *UsersService
 }
 
 type service struct {
@@ -305,16 +305,92 @@ func addOptions(s string, opts interface{}) (string, error) {
 
 // NewClient returns a new GitHub API client. If a nil httpClient is
 // provided, a new http.Client will be used. To use API methods which require
-// authentication, provide an http.Client that will perform the authentication
-// for you (such as that provided by the golang.org/x/oauth2 library).
+// authentication, either use Client.WithAuthToken or provide NewClient with
+// an http.Client that will perform the authentication for you (such as that
+// provided by the golang.org/x/oauth2 library).
 func NewClient(httpClient *http.Client) *Client {
-	if httpClient == nil {
-		httpClient = &http.Client{}
+	c := &Client{client: httpClient}
+	c.initialize()
+	return c
+}
+
+// WithAuthToken returns a copy of the client configured to use the provided token for the Authorization header.
+func (c *Client) WithAuthToken(token string) *Client {
+	c2 := c.copy()
+	defer c2.initialize()
+	transport := c2.client.Transport
+	if transport == nil {
+		transport = http.DefaultTransport
+	}
+	c2.client.Transport = roundTripperFunc(
+		func(req *http.Request) (*http.Response, error) {
+			req = req.Clone(req.Context())
+			req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", token))
+			return transport.RoundTrip(req)
+		},
+	)
+	return c2
+}
+
+// WithEnterpriseURLs returns a copy of the client configured to use the provided base and
+// upload URLs. If the base URL does not have the suffix "/api/v3/", it will be added
+// automatically. If the upload URL does not have the suffix "/api/uploads", it will be
+// added automatically.
+//
+// Note that WithEnterpriseURLs is a convenience helper only;
+// its behavior is equivalent to setting the BaseURL and UploadURL fields.
+//
+// Another important thing is that by default, the GitHub Enterprise URL format
+// should be http(s)://[hostname]/api/v3/ or you will always receive the 406 status code.
+// The upload URL format should be http(s)://[hostname]/api/uploads/.
+func (c *Client) WithEnterpriseURLs(baseURL, uploadURL string) (*Client, error) {
+	c2 := c.copy()
+	defer c2.initialize()
+	var err error
+	c2.BaseURL, err = url.Parse(baseURL)
+	if err != nil {
+		return nil, err
+	}
+
+	if !strings.HasSuffix(c2.BaseURL.Path, "/") {
+		c2.BaseURL.Path += "/"
+	}
+	if !strings.HasSuffix(c2.BaseURL.Path, "/api/v3/") &&
+		!strings.HasPrefix(c2.BaseURL.Host, "api.") &&
+		!strings.Contains(c2.BaseURL.Host, ".api.") {
+		c2.BaseURL.Path += "api/v3/"
 	}
-	baseURL, _ := url.Parse(defaultBaseURL)
-	uploadURL, _ := url.Parse(uploadBaseURL)
 
-	c := &Client{client: httpClient, BaseURL: baseURL, UserAgent: defaultUserAgent, UploadURL: uploadURL}
+	c2.UploadURL, err = url.Parse(uploadURL)
+	if err != nil {
+		return nil, err
+	}
+
+	if !strings.HasSuffix(c2.UploadURL.Path, "/") {
+		c2.UploadURL.Path += "/"
+	}
+	if !strings.HasSuffix(c2.UploadURL.Path, "/api/uploads/") &&
+		!strings.HasPrefix(c2.UploadURL.Host, "api.") &&
+		!strings.Contains(c2.UploadURL.Host, ".api.") {
+		c2.UploadURL.Path += "api/uploads/"
+	}
+	return c2, nil
+}
+
+// initialize sets default values and initializes services.
+func (c *Client) initialize() {
+	if c.client == nil {
+		c.client = &http.Client{}
+	}
+	if c.BaseURL == nil {
+		c.BaseURL, _ = url.Parse(defaultBaseURL)
+	}
+	if c.UploadURL == nil {
+		c.UploadURL, _ = url.Parse(uploadBaseURL)
+	}
+	if c.UserAgent == "" {
+		c.UserAgent = defaultUserAgent
+	}
 	c.common.client = c
 	c.Actions = (*ActionsService)(&c.common)
 	c.Activity = (*ActivityService)(&c.common)
@@ -324,7 +400,9 @@ func NewClient(httpClient *http.Client) *Client {
 	c.Billing = (*BillingService)(&c.common)
 	c.Checks = (*ChecksService)(&c.common)
 	c.CodeScanning = (*CodeScanningService)(&c.common)
+	c.Codespaces = (*CodespacesService)(&c.common)
 	c.Dependabot = (*DependabotService)(&c.common)
+	c.DependencyGraph = (*DependencyGraphService)(&c.common)
 	c.Enterprise = (*EnterpriseService)(&c.common)
 	c.Gists = (*GistsService)(&c.common)
 	c.Git = (*GitService)(&c.common)
@@ -343,9 +421,30 @@ func NewClient(httpClient *http.Client) *Client {
 	c.SCIM = (*SCIMService)(&c.common)
 	c.Search = (*SearchService)(&c.common)
 	c.SecretScanning = (*SecretScanningService)(&c.common)
+	c.SecurityAdvisories = (*SecurityAdvisoriesService)(&c.common)
 	c.Teams = (*TeamsService)(&c.common)
 	c.Users = (*UsersService)(&c.common)
-	return c
+}
+
+// copy returns a copy of the current client. It must be initialized before use.
+func (c *Client) copy() *Client {
+	c.clientMu.Lock()
+	// can't use *c here because that would copy mutexes by value.
+	clone := Client{
+		client:                  c.client,
+		UserAgent:               c.UserAgent,
+		BaseURL:                 c.BaseURL,
+		UploadURL:               c.UploadURL,
+		secondaryRateLimitReset: c.secondaryRateLimitReset,
+	}
+	c.clientMu.Unlock()
+	if clone.client == nil {
+		clone.client = &http.Client{}
+	}
+	c.rateMu.Lock()
+	copy(clone.rateLimits[:], c.rateLimits[:])
+	c.rateMu.Unlock()
+	return &clone
 }
 
 // NewClientWithEnvProxy enhances NewClient with the HttpProxy env.
@@ -354,56 +453,18 @@ func NewClientWithEnvProxy() *Client {
 }
 
 // NewTokenClient returns a new GitHub API client authenticated with the provided token.
-func NewTokenClient(ctx context.Context, token string) *Client {
-	return NewClient(oauth2.NewClient(ctx, oauth2.StaticTokenSource(&oauth2.Token{AccessToken: token})))
+// Deprecated: Use NewClient(nil).WithAuthToken(token) instead.
+func NewTokenClient(_ context.Context, token string) *Client {
+	// This always returns a nil error.
+	return NewClient(nil).WithAuthToken(token)
 }
 
 // NewEnterpriseClient returns a new GitHub API client with provided
 // base URL and upload URL (often is your GitHub Enterprise hostname).
-// If the base URL does not have the suffix "/api/v3/", it will be added automatically.
-// If the upload URL does not have the suffix "/api/uploads", it will be added automatically.
-// If a nil httpClient is provided, a new http.Client will be used.
-//
-// Note that NewEnterpriseClient is a convenience helper only;
-// its behavior is equivalent to using NewClient, followed by setting
-// the BaseURL and UploadURL fields.
 //
-// Another important thing is that by default, the GitHub Enterprise URL format
-// should be http(s)://[hostname]/api/v3/ or you will always receive the 406 status code.
-// The upload URL format should be http(s)://[hostname]/api/uploads/.
+// Deprecated: Use NewClient(httpClient).WithOptions(WithEnterpriseURLs(baseURL, uploadURL)) instead.
 func NewEnterpriseClient(baseURL, uploadURL string, httpClient *http.Client) (*Client, error) {
-	baseEndpoint, err := url.Parse(baseURL)
-	if err != nil {
-		return nil, err
-	}
-
-	if !strings.HasSuffix(baseEndpoint.Path, "/") {
-		baseEndpoint.Path += "/"
-	}
-	if !strings.HasSuffix(baseEndpoint.Path, "/api/v3/") &&
-		!strings.HasPrefix(baseEndpoint.Host, "api.") &&
-		!strings.Contains(baseEndpoint.Host, ".api.") {
-		baseEndpoint.Path += "api/v3/"
-	}
-
-	uploadEndpoint, err := url.Parse(uploadURL)
-	if err != nil {
-		return nil, err
-	}
-
-	if !strings.HasSuffix(uploadEndpoint.Path, "/") {
-		uploadEndpoint.Path += "/"
-	}
-	if !strings.HasSuffix(uploadEndpoint.Path, "/api/uploads/") &&
-		!strings.HasPrefix(uploadEndpoint.Host, "api.") &&
-		!strings.Contains(uploadEndpoint.Host, ".api.") {
-		uploadEndpoint.Path += "api/uploads/"
-	}
-
-	c := NewClient(httpClient)
-	c.BaseURL = baseEndpoint
-	c.UploadURL = uploadEndpoint
-	return c, nil
+	return NewClient(httpClient).WithEnterpriseURLs(baseURL, uploadURL)
 }
 
 // RequestOption represents an option that can modify an http.Request.
@@ -677,6 +738,30 @@ func parseRate(r *http.Response) Rate {
 	return rate
 }
 
+// parseSecondaryRate parses the secondary rate related headers,
+// and returns the time to retry after.
+func parseSecondaryRate(r *http.Response) *time.Duration {
+	// According to GitHub support, the "Retry-After" header value will be
+	// an integer which represents the number of seconds that one should
+	// wait before resuming making requests.
+	if v := r.Header.Get(headerRetryAfter); v != "" {
+		retryAfterSeconds, _ := strconv.ParseInt(v, 10, 64) // Error handling is noop.
+		retryAfter := time.Duration(retryAfterSeconds) * time.Second
+		return &retryAfter
+	}
+
+	// According to GitHub support, endpoints might return x-ratelimit-reset instead,
+	// as an integer which represents the number of seconds since epoch UTC,
+	// represting the time to resume making requests.
+	if v := r.Header.Get(headerRateReset); v != "" {
+		secondsSinceEpoch, _ := strconv.ParseInt(v, 10, 64) // Error handling is noop.
+		retryAfter := time.Until(time.Unix(secondsSinceEpoch, 0))
+		return &retryAfter
+	}
+
+	return nil
+}
+
 // parseTokenExpiration parses the TokenExpiration related headers.
 // Returns 0001-01-01 if the header is not defined or could not be parsed.
 func parseTokenExpiration(r *http.Response) Timestamp {
@@ -1025,7 +1110,7 @@ func (ae *AcceptedError) Is(target error) bool {
 	if !ok {
 		return false
 	}
-	return bytes.Compare(ae.Raw, v.Raw) == 0
+	return bytes.Equal(ae.Raw, v.Raw)
 }
 
 // AbuseRateLimitError occurs when GitHub returns 403 Forbidden response with the
@@ -1156,13 +1241,8 @@ func CheckResponse(r *http.Response) error {
 			Response: errorResponse.Response,
 			Message:  errorResponse.Message,
 		}
-		if v := r.Header["Retry-After"]; len(v) > 0 {
-			// According to GitHub support, the "Retry-After" header value will be
-			// an integer which represents the number of seconds that one should
-			// wait before resuming making requests.
-			retryAfterSeconds, _ := strconv.ParseInt(v[0], 10, 64) // Error handling is noop.
-			retryAfter := time.Duration(retryAfterSeconds) * time.Second
-			abuseRateLimitError.RetryAfter = &retryAfter
+		if retryAfter := parseSecondaryRate(r); retryAfter != nil {
+			abuseRateLimitError.RetryAfter = retryAfter
 		}
 		return abuseRateLimitError
 	default:
@@ -1516,3 +1596,10 @@ func Int64(v int64) *int64 { return &v }
 // String is a helper routine that allocates a new string value
 // to store v and returns a pointer to it.
 func String(v string) *string { return &v }
+
+// roundTripperFunc creates a RoundTripper (transport)
+type roundTripperFunc func(*http.Request) (*http.Response, error)
+
+func (fn roundTripperFunc) RoundTrip(r *http.Request) (*http.Response, error) {
+	return fn(r)
+}
diff --git a/vendor/github.com/google/go-github/v50/github/gitignore.go b/vendor/github.com/google/go-github/v55/github/gitignore.go
similarity index 100%
rename from vendor/github.com/google/go-github/v50/github/gitignore.go
rename to vendor/github.com/google/go-github/v55/github/gitignore.go
diff --git a/vendor/github.com/google/go-github/v50/github/interactions.go b/vendor/github.com/google/go-github/v55/github/interactions.go
similarity index 100%
rename from vendor/github.com/google/go-github/v50/github/interactions.go
rename to vendor/github.com/google/go-github/v55/github/interactions.go
diff --git a/vendor/github.com/google/go-github/v50/github/interactions_orgs.go b/vendor/github.com/google/go-github/v55/github/interactions_orgs.go
similarity index 100%
rename from vendor/github.com/google/go-github/v50/github/interactions_orgs.go
rename to vendor/github.com/google/go-github/v55/github/interactions_orgs.go
diff --git a/vendor/github.com/google/go-github/v50/github/interactions_repos.go b/vendor/github.com/google/go-github/v55/github/interactions_repos.go
similarity index 100%
rename from vendor/github.com/google/go-github/v50/github/interactions_repos.go
rename to vendor/github.com/google/go-github/v55/github/interactions_repos.go
diff --git a/vendor/github.com/google/go-github/v50/github/issue_import.go b/vendor/github.com/google/go-github/v55/github/issue_import.go
similarity index 97%
rename from vendor/github.com/google/go-github/v50/github/issue_import.go
rename to vendor/github.com/google/go-github/v55/github/issue_import.go
index 4bc8d5f1d..04899772b 100644
--- a/vendor/github.com/google/go-github/v50/github/issue_import.go
+++ b/vendor/github.com/google/go-github/v55/github/issue_import.go
@@ -86,14 +86,11 @@ func (s *IssueImportService) Create(ctx context.Context, owner, repo string, iss
 	if err != nil {
 		aerr, ok := err.(*AcceptedError)
 		if ok {
-			decErr := json.Unmarshal(aerr.Raw, i)
-			if decErr != nil {
-				err = decErr
+			if err := json.Unmarshal(aerr.Raw, i); err != nil {
+				return i, resp, err
 			}
-
-			return i, resp, nil
+			return i, resp, err
 		}
-
 		return nil, resp, err
 	}
 
diff --git a/vendor/github.com/google/go-github/v50/github/issues.go b/vendor/github.com/google/go-github/v55/github/issues.go
similarity index 100%
rename from vendor/github.com/google/go-github/v50/github/issues.go
rename to vendor/github.com/google/go-github/v55/github/issues.go
diff --git a/vendor/github.com/google/go-github/v50/github/issues_assignees.go b/vendor/github.com/google/go-github/v55/github/issues_assignees.go
similarity index 100%
rename from vendor/github.com/google/go-github/v50/github/issues_assignees.go
rename to vendor/github.com/google/go-github/v55/github/issues_assignees.go
diff --git a/vendor/github.com/google/go-github/v50/github/issues_comments.go b/vendor/github.com/google/go-github/v55/github/issues_comments.go
similarity index 100%
rename from vendor/github.com/google/go-github/v50/github/issues_comments.go
rename to vendor/github.com/google/go-github/v55/github/issues_comments.go
diff --git a/vendor/github.com/google/go-github/v50/github/issues_events.go b/vendor/github.com/google/go-github/v55/github/issues_events.go
similarity index 100%
rename from vendor/github.com/google/go-github/v50/github/issues_events.go
rename to vendor/github.com/google/go-github/v55/github/issues_events.go
diff --git a/vendor/github.com/google/go-github/v50/github/issues_labels.go b/vendor/github.com/google/go-github/v55/github/issues_labels.go
similarity index 100%
rename from vendor/github.com/google/go-github/v50/github/issues_labels.go
rename to vendor/github.com/google/go-github/v55/github/issues_labels.go
diff --git a/vendor/github.com/google/go-github/v50/github/issues_milestones.go b/vendor/github.com/google/go-github/v55/github/issues_milestones.go
similarity index 100%
rename from vendor/github.com/google/go-github/v50/github/issues_milestones.go
rename to vendor/github.com/google/go-github/v55/github/issues_milestones.go
diff --git a/vendor/github.com/google/go-github/v50/github/issues_timeline.go b/vendor/github.com/google/go-github/v55/github/issues_timeline.go
similarity index 100%
rename from vendor/github.com/google/go-github/v50/github/issues_timeline.go
rename to vendor/github.com/google/go-github/v55/github/issues_timeline.go
diff --git a/vendor/github.com/google/go-github/v50/github/licenses.go b/vendor/github.com/google/go-github/v55/github/licenses.go
similarity index 100%
rename from vendor/github.com/google/go-github/v50/github/licenses.go
rename to vendor/github.com/google/go-github/v55/github/licenses.go
diff --git a/vendor/github.com/google/go-github/v50/github/messages.go b/vendor/github.com/google/go-github/v55/github/messages.go
similarity index 59%
rename from vendor/github.com/google/go-github/v50/github/messages.go
rename to vendor/github.com/google/go-github/v55/github/messages.go
index 0943b9e98..c16b60152 100644
--- a/vendor/github.com/google/go-github/v50/github/messages.go
+++ b/vendor/github.com/google/go-github/v55/github/messages.go
@@ -22,6 +22,8 @@ import (
 	"mime"
 	"net/http"
 	"net/url"
+	"reflect"
+	"sort"
 	"strings"
 )
 
@@ -43,67 +45,87 @@ const (
 
 var (
 	// eventTypeMapping maps webhooks types to their corresponding go-github struct types.
-	eventTypeMapping = map[string]string{
-		"branch_protection_rule":         "BranchProtectionRuleEvent",
-		"check_run":                      "CheckRunEvent",
-		"check_suite":                    "CheckSuiteEvent",
-		"code_scanning_alert":            "CodeScanningAlertEvent",
-		"commit_comment":                 "CommitCommentEvent",
-		"content_reference":              "ContentReferenceEvent",
-		"create":                         "CreateEvent",
-		"delete":                         "DeleteEvent",
-		"deploy_key":                     "DeployKeyEvent",
-		"deployment":                     "DeploymentEvent",
-		"deployment_status":              "DeploymentStatusEvent",
-		"discussion":                     "DiscussionEvent",
-		"discussion_comment":             "DiscussionCommentEvent",
-		"fork":                           "ForkEvent",
-		"github_app_authorization":       "GitHubAppAuthorizationEvent",
-		"gollum":                         "GollumEvent",
-		"installation":                   "InstallationEvent",
-		"installation_repositories":      "InstallationRepositoriesEvent",
-		"issue_comment":                  "IssueCommentEvent",
-		"issues":                         "IssuesEvent",
-		"label":                          "LabelEvent",
-		"marketplace_purchase":           "MarketplacePurchaseEvent",
-		"member":                         "MemberEvent",
-		"membership":                     "MembershipEvent",
-		"merge_group":                    "MergeGroupEvent",
-		"meta":                           "MetaEvent",
-		"milestone":                      "MilestoneEvent",
-		"organization":                   "OrganizationEvent",
-		"org_block":                      "OrgBlockEvent",
-		"package":                        "PackageEvent",
-		"page_build":                     "PageBuildEvent",
-		"ping":                           "PingEvent",
-		"project":                        "ProjectEvent",
-		"project_card":                   "ProjectCardEvent",
-		"project_column":                 "ProjectColumnEvent",
-		"public":                         "PublicEvent",
-		"pull_request":                   "PullRequestEvent",
-		"pull_request_review":            "PullRequestReviewEvent",
-		"pull_request_review_comment":    "PullRequestReviewCommentEvent",
-		"pull_request_review_thread":     "PullRequestReviewThreadEvent",
-		"pull_request_target":            "PullRequestTargetEvent",
-		"push":                           "PushEvent",
-		"repository":                     "RepositoryEvent",
-		"repository_dispatch":            "RepositoryDispatchEvent",
-		"repository_import":              "RepositoryImportEvent",
-		"repository_vulnerability_alert": "RepositoryVulnerabilityAlertEvent",
-		"release":                        "ReleaseEvent",
-		"secret_scanning_alert":          "SecretScanningAlertEvent",
-		"star":                           "StarEvent",
-		"status":                         "StatusEvent",
-		"team":                           "TeamEvent",
-		"team_add":                       "TeamAddEvent",
-		"user":                           "UserEvent",
-		"watch":                          "WatchEvent",
-		"workflow_dispatch":              "WorkflowDispatchEvent",
-		"workflow_job":                   "WorkflowJobEvent",
-		"workflow_run":                   "WorkflowRunEvent",
+	eventTypeMapping = map[string]interface{}{
+		"branch_protection_rule":         &BranchProtectionRuleEvent{},
+		"check_run":                      &CheckRunEvent{},
+		"check_suite":                    &CheckSuiteEvent{},
+		"code_scanning_alert":            &CodeScanningAlertEvent{},
+		"commit_comment":                 &CommitCommentEvent{},
+		"content_reference":              &ContentReferenceEvent{},
+		"create":                         &CreateEvent{},
+		"delete":                         &DeleteEvent{},
+		"dependabot_alert":               &DependabotAlertEvent{},
+		"deploy_key":                     &DeployKeyEvent{},
+		"deployment":                     &DeploymentEvent{},
+		"deployment_status":              &DeploymentStatusEvent{},
+		"deployment_protection_rule":     &DeploymentProtectionRuleEvent{},
+		"discussion":                     &DiscussionEvent{},
+		"discussion_comment":             &DiscussionCommentEvent{},
+		"fork":                           &ForkEvent{},
+		"github_app_authorization":       &GitHubAppAuthorizationEvent{},
+		"gollum":                         &GollumEvent{},
+		"installation":                   &InstallationEvent{},
+		"installation_repositories":      &InstallationRepositoriesEvent{},
+		"installation_target":            &InstallationTargetEvent{},
+		"issue_comment":                  &IssueCommentEvent{},
+		"issues":                         &IssuesEvent{},
+		"label":                          &LabelEvent{},
+		"marketplace_purchase":           &MarketplacePurchaseEvent{},
+		"member":                         &MemberEvent{},
+		"membership":                     &MembershipEvent{},
+		"merge_group":                    &MergeGroupEvent{},
+		"meta":                           &MetaEvent{},
+		"milestone":                      &MilestoneEvent{},
+		"organization":                   &OrganizationEvent{},
+		"org_block":                      &OrgBlockEvent{},
+		"package":                        &PackageEvent{},
+		"page_build":                     &PageBuildEvent{},
+		"personal_access_token_request":  &PersonalAccessTokenRequestEvent{},
+		"ping":                           &PingEvent{},
+		"project":                        &ProjectEvent{},
+		"project_card":                   &ProjectCardEvent{},
+		"project_column":                 &ProjectColumnEvent{},
+		"projects_v2":                    &ProjectV2Event{},
+		"projects_v2_item":               &ProjectV2ItemEvent{},
+		"public":                         &PublicEvent{},
+		"pull_request":                   &PullRequestEvent{},
+		"pull_request_review":            &PullRequestReviewEvent{},
+		"pull_request_review_comment":    &PullRequestReviewCommentEvent{},
+		"pull_request_review_thread":     &PullRequestReviewThreadEvent{},
+		"pull_request_target":            &PullRequestTargetEvent{},
+		"push":                           &PushEvent{},
+		"repository":                     &RepositoryEvent{},
+		"repository_dispatch":            &RepositoryDispatchEvent{},
+		"repository_import":              &RepositoryImportEvent{},
+		"repository_vulnerability_alert": &RepositoryVulnerabilityAlertEvent{},
+		"release":                        &ReleaseEvent{},
+		"secret_scanning_alert":          &SecretScanningAlertEvent{},
+		"security_advisory":              &SecurityAdvisoryEvent{},
+		"security_and_analysis":          &SecurityAndAnalysisEvent{},
+		"star":                           &StarEvent{},
+		"status":                         &StatusEvent{},
+		"team":                           &TeamEvent{},
+		"team_add":                       &TeamAddEvent{},
+		"user":                           &UserEvent{},
+		"watch":                          &WatchEvent{},
+		"workflow_dispatch":              &WorkflowDispatchEvent{},
+		"workflow_job":                   &WorkflowJobEvent{},
+		"workflow_run":                   &WorkflowRunEvent{},
 	}
+	// forward mapping of event types to the string names of the structs
+	messageToTypeName = make(map[string]string, len(eventTypeMapping))
+	// Inverse map of the above
+	typeToMessageMapping = make(map[string]string, len(eventTypeMapping))
 )
 
+func init() {
+	for k, v := range eventTypeMapping {
+		typename := reflect.TypeOf(v).Elem().Name()
+		messageToTypeName[k] = typename
+		typeToMessageMapping[typename] = k
+	}
+}
+
 // genMAC generates the HMAC signature for a message provided the secret key
 // and hashFunc.
 func genMAC(message, key []byte, hashFunc func() hash.Hash) []byte {
@@ -148,13 +170,13 @@ func messageMAC(signature string) ([]byte, func() hash.Hash, error) {
 	return buf, hashFunc, nil
 }
 
-// ValidatePayload validates an incoming GitHub Webhook event request body
+// ValidatePayloadFromBody validates an incoming GitHub Webhook event request body
 // and returns the (JSON) payload.
 // The Content-Type header of the payload can be "application/json" or "application/x-www-form-urlencoded".
 // If the Content-Type is neither then an error is returned.
 // secretToken is the GitHub Webhook secret token.
-// If your webhook does not contain a secret token, you can pass nil or an empty slice.
-// This is intended for local development purposes only and all webhooks should ideally set up a secret token.
+// If your webhook does not contain a secret token, you can pass an empty secretToken.
+// Webhooks without a secret token are not secure and should be avoided.
 //
 // Example usage:
 //
@@ -201,9 +223,8 @@ func ValidatePayloadFromBody(contentType string, readable io.Reader, signature s
 		return nil, fmt.Errorf("webhook request has unsupported Content-Type %q", contentType)
 	}
 
-	// Only validate the signature if a secret token exists. This is intended for
-	// local development only and all webhooks should ideally set up a secret token.
-	if len(secretToken) > 0 {
+	// Validate the signature if present or if one is expected (secretToken is non-empty).
+	if len(secretToken) > 0 || len(signature) > 0 {
 		if err := ValidateSignature(signature, body, secretToken); err != nil {
 			return nil, err
 		}
@@ -293,7 +314,7 @@ func DeliveryID(r *http.Request) string {
 //	  }
 //	}
 func ParseWebHook(messageType string, payload []byte) (interface{}, error) {
-	eventType, ok := eventTypeMapping[messageType]
+	eventType, ok := messageToTypeName[messageType]
 	if !ok {
 		return nil, fmt.Errorf("unknown X-Github-Event in message: %v", messageType)
 	}
@@ -304,3 +325,28 @@ func ParseWebHook(messageType string, payload []byte) (interface{}, error) {
 	}
 	return event.ParsePayload()
 }
+
+// WebhookTypes returns a sorted list of all the known GitHub event type strings
+// supported by go-github.
+func MessageTypes() []string {
+	types := make([]string, 0, len(eventTypeMapping))
+	for t := range eventTypeMapping {
+		types = append(types, t)
+	}
+	sort.Strings(types)
+	return types
+}
+
+// EventForType returns an empty struct matching the specified GitHub event type.
+// If messageType does not match any known event types, it returns nil.
+func EventForType(messageType string) interface{} {
+	prototype := eventTypeMapping[messageType]
+	if prototype == nil {
+		return nil
+	}
+	// return a _copy_ of the pointed-to-object.  Unfortunately, for this we
+	// need to use reflection.  If we store the actual objects in the map,
+	// we still need to use reflection to convert from `any` to the actual
+	// type, so this was deemed the lesser of two evils. (#2865)
+	return reflect.New(reflect.TypeOf(prototype).Elem()).Interface()
+}
diff --git a/vendor/github.com/google/go-github/v50/github/migrations.go b/vendor/github.com/google/go-github/v55/github/migrations.go
similarity index 100%
rename from vendor/github.com/google/go-github/v50/github/migrations.go
rename to vendor/github.com/google/go-github/v55/github/migrations.go
diff --git a/vendor/github.com/google/go-github/v50/github/migrations_source_import.go b/vendor/github.com/google/go-github/v55/github/migrations_source_import.go
similarity index 100%
rename from vendor/github.com/google/go-github/v50/github/migrations_source_import.go
rename to vendor/github.com/google/go-github/v55/github/migrations_source_import.go
diff --git a/vendor/github.com/google/go-github/v50/github/migrations_user.go b/vendor/github.com/google/go-github/v55/github/migrations_user.go
similarity index 100%
rename from vendor/github.com/google/go-github/v50/github/migrations_user.go
rename to vendor/github.com/google/go-github/v55/github/migrations_user.go
diff --git a/vendor/github.com/google/go-github/v50/github/misc.go b/vendor/github.com/google/go-github/v55/github/misc.go
similarity index 100%
rename from vendor/github.com/google/go-github/v50/github/misc.go
rename to vendor/github.com/google/go-github/v55/github/misc.go
diff --git a/vendor/github.com/google/go-github/v50/github/orgs.go b/vendor/github.com/google/go-github/v55/github/orgs.go
similarity index 95%
rename from vendor/github.com/google/go-github/v50/github/orgs.go
rename to vendor/github.com/google/go-github/v55/github/orgs.go
index 487405778..0c7e361b3 100644
--- a/vendor/github.com/google/go-github/v50/github/orgs.go
+++ b/vendor/github.com/google/go-github/v55/github/orgs.go
@@ -36,8 +36,8 @@ type Organization struct {
 	Following                   *int       `json:"following,omitempty"`
 	CreatedAt                   *Timestamp `json:"created_at,omitempty"`
 	UpdatedAt                   *Timestamp `json:"updated_at,omitempty"`
-	TotalPrivateRepos           *int       `json:"total_private_repos,omitempty"`
-	OwnedPrivateRepos           *int       `json:"owned_private_repos,omitempty"`
+	TotalPrivateRepos           *int64     `json:"total_private_repos,omitempty"`
+	OwnedPrivateRepos           *int64     `json:"owned_private_repos,omitempty"`
 	PrivateGists                *int       `json:"private_gists,omitempty"`
 	DiskUsage                   *int       `json:"disk_usage,omitempty"`
 	Collaborators               *int       `json:"collaborators,omitempty"`
@@ -121,7 +121,7 @@ type Plan struct {
 	Name          *string `json:"name,omitempty"`
 	Space         *int    `json:"space,omitempty"`
 	Collaborators *int    `json:"collaborators,omitempty"`
-	PrivateRepos  *int    `json:"private_repos,omitempty"`
+	PrivateRepos  *int64  `json:"private_repos,omitempty"`
 	FilledSeats   *int    `json:"filled_seats,omitempty"`
 	Seats         *int    `json:"seats,omitempty"`
 }
@@ -262,6 +262,19 @@ func (s *OrganizationsService) Edit(ctx context.Context, name string, org *Organ
 	return o, resp, nil
 }
 
+// Delete an organization by name.
+//
+// GitHub API docs: https://docs.github.com/en/rest/orgs/orgs#delete-an-organization
+func (s *OrganizationsService) Delete(ctx context.Context, org string) (*Response, error) {
+	u := fmt.Sprintf("orgs/%v", org)
+	req, err := s.client.NewRequest("DELETE", u, nil)
+	if err != nil {
+		return nil, err
+	}
+
+	return s.client.Do(ctx, req, nil)
+}
+
 // ListInstallations lists installations for an organization.
 //
 // GitHub API docs: https://docs.github.com/en/rest/orgs/orgs#list-app-installations-for-an-organization
diff --git a/vendor/github.com/google/go-github/v50/github/orgs_actions_allowed.go b/vendor/github.com/google/go-github/v55/github/orgs_actions_allowed.go
similarity index 100%
rename from vendor/github.com/google/go-github/v50/github/orgs_actions_allowed.go
rename to vendor/github.com/google/go-github/v55/github/orgs_actions_allowed.go
diff --git a/vendor/github.com/google/go-github/v50/github/orgs_actions_permissions.go b/vendor/github.com/google/go-github/v55/github/orgs_actions_permissions.go
similarity index 100%
rename from vendor/github.com/google/go-github/v50/github/orgs_actions_permissions.go
rename to vendor/github.com/google/go-github/v55/github/orgs_actions_permissions.go
diff --git a/vendor/github.com/google/go-github/v55/github/orgs_audit_log.go b/vendor/github.com/google/go-github/v55/github/orgs_audit_log.go
new file mode 100644
index 000000000..4c34445fa
--- /dev/null
+++ b/vendor/github.com/google/go-github/v55/github/orgs_audit_log.go
@@ -0,0 +1,156 @@
+// Copyright 2021 The go-github AUTHORS. All rights reserved.
+//
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package github
+
+import (
+	"context"
+	"fmt"
+)
+
+// GetAuditLogOptions sets up optional parameters to query audit-log endpoint.
+type GetAuditLogOptions struct {
+	Phrase  *string `url:"phrase,omitempty"`  // A search phrase. (Optional.)
+	Include *string `url:"include,omitempty"` // Event type includes. Can be one of "web", "git", "all". Default: "web". (Optional.)
+	Order   *string `url:"order,omitempty"`   // The order of audit log events. Can be one of "asc" or "desc". Default: "desc". (Optional.)
+
+	ListCursorOptions
+}
+
+// HookConfig describes metadata about a webhook configuration.
+type HookConfig struct {
+	ContentType *string `json:"content_type,omitempty"`
+	InsecureSSL *string `json:"insecure_ssl,omitempty"`
+	URL         *string `json:"url,omitempty"`
+
+	// Secret is returned obfuscated by GitHub, but it can be set for outgoing requests.
+	Secret *string `json:"secret,omitempty"`
+}
+
+// ActorLocation contains information about reported location for an actor.
+type ActorLocation struct {
+	CountryCode *string `json:"country_code,omitempty"`
+}
+
+// PolicyOverrideReason contains user-supplied information about why a policy was overridden.
+type PolicyOverrideReason struct {
+	Code    *string `json:"code,omitempty"`
+	Message *string `json:"message,omitempty"`
+}
+
+// AuditEntry describes the fields that may be represented by various audit-log "action" entries.
+// For a list of actions see - https://docs.github.com/en/github/setting-up-and-managing-organizations-and-teams/reviewing-the-audit-log-for-your-organization#audit-log-actions
+type AuditEntry struct {
+	ActorIP                *string                 `json:"actor_ip,omitempty"`
+	Action                 *string                 `json:"action,omitempty"` // The name of the action that was performed, for example `user.login` or `repo.create`.
+	Active                 *bool                   `json:"active,omitempty"`
+	ActiveWas              *bool                   `json:"active_was,omitempty"`
+	Actor                  *string                 `json:"actor,omitempty"` // The actor who performed the action.
+	ActorLocation          *ActorLocation          `json:"actor_location,omitempty"`
+	BlockedUser            *string                 `json:"blocked_user,omitempty"`
+	Business               *string                 `json:"business,omitempty"`
+	CancelledAt            *Timestamp              `json:"cancelled_at,omitempty"`
+	CompletedAt            *Timestamp              `json:"completed_at,omitempty"`
+	Conclusion             *string                 `json:"conclusion,omitempty"`
+	Config                 *HookConfig             `json:"config,omitempty"`
+	ConfigWas              *HookConfig             `json:"config_was,omitempty"`
+	ContentType            *string                 `json:"content_type,omitempty"`
+	CreatedAt              *Timestamp              `json:"created_at,omitempty"`
+	DeployKeyFingerprint   *string                 `json:"deploy_key_fingerprint,omitempty"`
+	DocumentID             *string                 `json:"_document_id,omitempty"`
+	Emoji                  *string                 `json:"emoji,omitempty"`
+	EnvironmentName        *string                 `json:"environment_name,omitempty"`
+	Event                  *string                 `json:"event,omitempty"`
+	Events                 []string                `json:"events,omitempty"`
+	EventsWere             []string                `json:"events_were,omitempty"`
+	Explanation            *string                 `json:"explanation,omitempty"`
+	Fingerprint            *string                 `json:"fingerprint,omitempty"`
+	HashedToken            *string                 `json:"hashed_token,omitempty"`
+	HeadBranch             *string                 `json:"head_branch,omitempty"`
+	HeadSHA                *string                 `json:"head_sha,omitempty"`
+	HookID                 *int64                  `json:"hook_id,omitempty"`
+	IsHostedRunner         *bool                   `json:"is_hosted_runner,omitempty"`
+	JobName                *string                 `json:"job_name,omitempty"`
+	JobWorkflowRef         *string                 `json:"job_workflow_ref,omitempty"`
+	LimitedAvailability    *bool                   `json:"limited_availability,omitempty"`
+	Message                *string                 `json:"message,omitempty"`
+	Name                   *string                 `json:"name,omitempty"`
+	OAuthApplicationID     *int64                  `json:"oauth_application_id,omitempty"`
+	OldUser                *string                 `json:"old_user,omitempty"`
+	OldPermission          *string                 `json:"old_permission,omitempty"` // The permission level for membership changes, for example `admin` or `read`.
+	OpenSSHPublicKey       *string                 `json:"openssh_public_key,omitempty"`
+	OperationType          *string                 `json:"operation_type,omitempty"`
+	Org                    *string                 `json:"org,omitempty"`
+	OrgID                  *int64                  `json:"org_id,omitempty"`
+	OverriddenCodes        []string                `json:"overridden_codes,omitempty"`
+	Permission             *string                 `json:"permission,omitempty"` // The permission level for membership changes, for example `admin` or `read`.
+	PreviousVisibility     *string                 `json:"previous_visibility,omitempty"`
+	ProgrammaticAccessType *string                 `json:"programmatic_access_type,omitempty"`
+	PullRequestID          *int64                  `json:"pull_request_id,omitempty"`
+	PullRequestTitle       *string                 `json:"pull_request_title,omitempty"`
+	PullRequestURL         *string                 `json:"pull_request_url,omitempty"`
+	ReadOnly               *string                 `json:"read_only,omitempty"`
+	Reasons                []*PolicyOverrideReason `json:"reasons,omitempty"`
+	Repo                   *string                 `json:"repo,omitempty"`
+	Repository             *string                 `json:"repository,omitempty"`
+	RepositoryPublic       *bool                   `json:"repository_public,omitempty"`
+	RunAttempt             *int64                  `json:"run_attempt,omitempty"`
+	RunnerGroupID          *int64                  `json:"runner_group_id,omitempty"`
+	RunnerGroupName        *string                 `json:"runner_group_name,omitempty"`
+	RunnerID               *int64                  `json:"runner_id,omitempty"`
+	RunnerLabels           []string                `json:"runner_labels,omitempty"`
+	RunnerName             *string                 `json:"runner_name,omitempty"`
+	RunNumber              *int64                  `json:"run_number,omitempty"`
+	SecretsPassed          []string                `json:"secrets_passed,omitempty"`
+	SourceVersion          *string                 `json:"source_version,omitempty"`
+	StartedAt              *Timestamp              `json:"started_at,omitempty"`
+	TargetLogin            *string                 `json:"target_login,omitempty"`
+	TargetVersion          *string                 `json:"target_version,omitempty"`
+	Team                   *string                 `json:"team,omitempty"`
+	Timestamp              *Timestamp              `json:"@timestamp,omitempty"` // The time the audit log event occurred, given as a [Unix timestamp](http://en.wikipedia.org/wiki/Unix_time).
+	TokenID                *int64                  `json:"token_id,omitempty"`
+	TokenScopes            *string                 `json:"token_scopes,omitempty"`
+	Topic                  *string                 `json:"topic,omitempty"`
+	TransportProtocolName  *string                 `json:"transport_protocol_name,omitempty"` // A human readable name for the protocol (for example, HTTP or SSH) used to transfer Git data.
+	TransportProtocol      *int                    `json:"transport_protocol,omitempty"`      // The type of protocol (for example, HTTP=1 or SSH=2) used to transfer Git data.
+	TriggerID              *int64                  `json:"trigger_id,omitempty"`
+	User                   *string                 `json:"user,omitempty"` // The user that was affected by the action performed (if available).
+	UserAgent              *string                 `json:"user_agent,omitempty"`
+	Visibility             *string                 `json:"visibility,omitempty"` // The repository visibility, for example `public` or `private`.
+	WorkflowID             *int64                  `json:"workflow_id,omitempty"`
+	WorkflowRunID          *int64                  `json:"workflow_run_id,omitempty"`
+
+	Data *AuditEntryData `json:"data,omitempty"`
+}
+
+// AuditEntryData represents additional information stuffed into a `data` field.
+type AuditEntryData struct {
+	OldName  *string `json:"old_name,omitempty"`  // The previous name of the repository, for a name change
+	OldLogin *string `json:"old_login,omitempty"` // The previous name of the organization, for a name change
+}
+
+// GetAuditLog gets the audit-log entries for an organization.
+//
+// GitHub API docs: https://docs.github.com/en/rest/orgs/orgs#get-the-audit-log-for-an-organization
+func (s *OrganizationsService) GetAuditLog(ctx context.Context, org string, opts *GetAuditLogOptions) ([]*AuditEntry, *Response, error) {
+	u := fmt.Sprintf("orgs/%v/audit-log", org)
+	u, err := addOptions(u, opts)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	req, err := s.client.NewRequest("GET", u, nil)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	var auditEntries []*AuditEntry
+	resp, err := s.client.Do(ctx, req, &auditEntries)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return auditEntries, resp, nil
+}
diff --git a/vendor/github.com/google/go-github/v55/github/orgs_credential_authorizations.go b/vendor/github.com/google/go-github/v55/github/orgs_credential_authorizations.go
new file mode 100644
index 000000000..6d56fe8f7
--- /dev/null
+++ b/vendor/github.com/google/go-github/v55/github/orgs_credential_authorizations.go
@@ -0,0 +1,95 @@
+// Copyright 2023 The go-github AUTHORS. All rights reserved.
+//
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package github
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+)
+
+// CredentialAuthorization represents a credential authorized through SAML SSO.
+type CredentialAuthorization struct {
+	// User login that owns the underlying credential.
+	Login *string `json:"login,omitempty"`
+
+	// Unique identifier for the credential.
+	CredentialID *int64 `json:"credential_id,omitempty"`
+
+	// Human-readable description of the credential type.
+	CredentialType *string `json:"credential_type,omitempty"`
+
+	// Last eight characters of the credential.
+	// Only included in responses with credential_type of personal access token.
+	TokenLastEight *string `json:"token_last_eight,omitempty"`
+
+	// Date when the credential was authorized for use.
+	CredentialAuthorizedAt *Timestamp `json:"credential_authorized_at,omitempty"`
+
+	// Date when the credential was last accessed.
+	// May be null if it was never accessed.
+	CredentialAccessedAt *Timestamp `json:"credential_accessed_at,omitempty"`
+
+	// List of oauth scopes the token has been granted.
+	Scopes []string `json:"scopes,omitempty"`
+
+	// Unique string to distinguish the credential.
+	// Only included in responses with credential_type of SSH Key.
+	Fingerprint *string `json:"fingerprint,omitempty"`
+
+	AuthorizedCredentialID *int64 `json:"authorized_credential_id,omitempty"`
+
+	// The title given to the ssh key.
+	// This will only be present when the credential is an ssh key.
+	AuthorizedCredentialTitle *string `json:"authorized_credential_title,omitempty"`
+
+	// The note given to the token.
+	// This will only be present when the credential is a token.
+	AuthorizedCredentialNote *string `json:"authorized_credential_note,omitempty"`
+
+	// The expiry for the token.
+	// This will only be present when the credential is a token.
+	AuthorizedCredentialExpiresAt *Timestamp `json:"authorized_credential_expires_at,omitempty"`
+}
+
+// ListCredentialAuthorizations lists credentials authorized through SAML SSO
+// for a given organization. Only available with GitHub Enterprise Cloud.
+//
+// GitHub API docs: https://docs.github.com/en/enterprise-cloud@latest/rest/orgs/orgs?apiVersion=2022-11-28#list-saml-sso-authorizations-for-an-organization
+func (s *OrganizationsService) ListCredentialAuthorizations(ctx context.Context, org string, opts *ListOptions) ([]*CredentialAuthorization, *Response, error) {
+	u := fmt.Sprintf("orgs/%v/credential-authorizations", org)
+	u, err := addOptions(u, opts)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	req, err := s.client.NewRequest(http.MethodGet, u, nil)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	var creds []*CredentialAuthorization
+	resp, err := s.client.Do(ctx, req, &creds)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return creds, resp, nil
+}
+
+// RemoveCredentialAuthorization revokes the SAML SSO authorization for a given
+// credential within an organization. Only available with GitHub Enterprise Cloud.
+//
+// GitHub API docs: https://docs.github.com/en/enterprise-cloud@latest/rest/orgs/orgs?apiVersion=2022-11-28#remove-a-saml-sso-authorization-for-an-organization
+func (s *OrganizationsService) RemoveCredentialAuthorization(ctx context.Context, org string, credentialID int64) (*Response, error) {
+	u := fmt.Sprintf("orgs/%v/credential-authorizations/%v", org, credentialID)
+	req, err := s.client.NewRequest(http.MethodDelete, u, nil)
+	if err != nil {
+		return nil, err
+	}
+
+	return s.client.Do(ctx, req, nil)
+}
diff --git a/vendor/github.com/google/go-github/v50/github/orgs_custom_roles.go b/vendor/github.com/google/go-github/v55/github/orgs_custom_roles.go
similarity index 100%
rename from vendor/github.com/google/go-github/v50/github/orgs_custom_roles.go
rename to vendor/github.com/google/go-github/v55/github/orgs_custom_roles.go
diff --git a/vendor/github.com/google/go-github/v50/github/orgs_hooks.go b/vendor/github.com/google/go-github/v55/github/orgs_hooks.go
similarity index 100%
rename from vendor/github.com/google/go-github/v50/github/orgs_hooks.go
rename to vendor/github.com/google/go-github/v55/github/orgs_hooks.go
diff --git a/vendor/github.com/google/go-github/v55/github/orgs_hooks_configuration.go b/vendor/github.com/google/go-github/v55/github/orgs_hooks_configuration.go
new file mode 100644
index 000000000..953a2329c
--- /dev/null
+++ b/vendor/github.com/google/go-github/v55/github/orgs_hooks_configuration.go
@@ -0,0 +1,49 @@
+// Copyright 2023 The go-github AUTHORS. All rights reserved.
+//
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package github
+
+import (
+	"context"
+	"fmt"
+)
+
+// GetHookConfiguration returns the configuration for the specified organization webhook.
+//
+// GitHub API docs: https://docs.github.com/en/rest/orgs/webhooks?apiVersion=2022-11-28#get-a-webhook-configuration-for-an-organization
+func (s *OrganizationsService) GetHookConfiguration(ctx context.Context, org string, id int64) (*HookConfig, *Response, error) {
+	u := fmt.Sprintf("orgs/%v/hooks/%v/config", org, id)
+	req, err := s.client.NewRequest("GET", u, nil)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	config := new(HookConfig)
+	resp, err := s.client.Do(ctx, req, config)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return config, resp, nil
+}
+
+// EditHookConfiguration updates the configuration for the specified organization webhook.
+//
+// GitHub API docs: https://docs.github.com/en/rest/orgs/webhooks?apiVersion=2022-11-28#update-a-webhook-configuration-for-an-organization
+func (s *OrganizationsService) EditHookConfiguration(ctx context.Context, org string, id int64, config *HookConfig) (*HookConfig, *Response, error) {
+	u := fmt.Sprintf("orgs/%v/hooks/%v/config", org, id)
+	req, err := s.client.NewRequest("PATCH", u, config)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	c := new(HookConfig)
+	resp, err := s.client.Do(ctx, req, c)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return c, resp, nil
+}
diff --git a/vendor/github.com/google/go-github/v50/github/orgs_hooks_deliveries.go b/vendor/github.com/google/go-github/v55/github/orgs_hooks_deliveries.go
similarity index 100%
rename from vendor/github.com/google/go-github/v50/github/orgs_hooks_deliveries.go
rename to vendor/github.com/google/go-github/v55/github/orgs_hooks_deliveries.go
diff --git a/vendor/github.com/google/go-github/v50/github/orgs_members.go b/vendor/github.com/google/go-github/v55/github/orgs_members.go
similarity index 99%
rename from vendor/github.com/google/go-github/v50/github/orgs_members.go
rename to vendor/github.com/google/go-github/v55/github/orgs_members.go
index 38f43bad5..79f8a6533 100644
--- a/vendor/github.com/google/go-github/v50/github/orgs_members.go
+++ b/vendor/github.com/google/go-github/v55/github/orgs_members.go
@@ -315,8 +315,8 @@ type CreateOrgInvitationOptions struct {
 	// * billing_manager - Non-owner organization members with ability to
 	//   manage the billing settings of your organization.
 	// Default is "direct_member".
-	Role   *string `json:"role"`
-	TeamID []int64 `json:"team_ids"`
+	Role   *string `json:"role,omitempty"`
+	TeamID []int64 `json:"team_ids,omitempty"`
 }
 
 // CreateOrgInvitation invites people to an organization by using their GitHub user ID or their email address.
diff --git a/vendor/github.com/google/go-github/v50/github/orgs_outside_collaborators.go b/vendor/github.com/google/go-github/v55/github/orgs_outside_collaborators.go
similarity index 100%
rename from vendor/github.com/google/go-github/v50/github/orgs_outside_collaborators.go
rename to vendor/github.com/google/go-github/v55/github/orgs_outside_collaborators.go
diff --git a/vendor/github.com/google/go-github/v50/github/orgs_packages.go b/vendor/github.com/google/go-github/v55/github/orgs_packages.go
similarity index 100%
rename from vendor/github.com/google/go-github/v50/github/orgs_packages.go
rename to vendor/github.com/google/go-github/v55/github/orgs_packages.go
diff --git a/vendor/github.com/google/go-github/v55/github/orgs_personal_access_tokens.go b/vendor/github.com/google/go-github/v55/github/orgs_personal_access_tokens.go
new file mode 100644
index 000000000..c30ff2843
--- /dev/null
+++ b/vendor/github.com/google/go-github/v55/github/orgs_personal_access_tokens.go
@@ -0,0 +1,34 @@
+// Copyright 2023 The go-github AUTHORS. All rights reserved.
+//
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package github
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+)
+
+// ReviewPersonalAccessTokenRequestOptions specifies the parameters to the ReviewPersonalAccessTokenRequest method.
+type ReviewPersonalAccessTokenRequestOptions struct {
+	Action string  `json:"action"`
+	Reason *string `json:"reason,omitempty"`
+}
+
+// ReviewPersonalAccessTokenRequest approves or denies a pending request to access organization resources via a fine-grained personal access token.
+// Only GitHub Apps can call this API, using the `organization_personal_access_token_requests: write` permission.
+// `action` can be one of `approve` or `deny`.
+//
+// GitHub API docs: https://docs.github.com/en/rest/orgs/personal-access-tokens?apiVersion=2022-11-28#review-a-request-to-access-organization-resources-with-a-fine-grained-personal-access-token
+func (s *OrganizationsService) ReviewPersonalAccessTokenRequest(ctx context.Context, org string, requestID int64, opts ReviewPersonalAccessTokenRequestOptions) (*Response, error) {
+	u := fmt.Sprintf("orgs/%v/personal-access-token-requests/%v", org, requestID)
+
+	req, err := s.client.NewRequest(http.MethodPost, u, &opts)
+	if err != nil {
+		return nil, err
+	}
+
+	return s.client.Do(ctx, req, nil)
+}
diff --git a/vendor/github.com/google/go-github/v50/github/orgs_projects.go b/vendor/github.com/google/go-github/v55/github/orgs_projects.go
similarity index 100%
rename from vendor/github.com/google/go-github/v50/github/orgs_projects.go
rename to vendor/github.com/google/go-github/v55/github/orgs_projects.go
diff --git a/vendor/github.com/google/go-github/v55/github/orgs_rules.go b/vendor/github.com/google/go-github/v55/github/orgs_rules.go
new file mode 100644
index 000000000..a3905af8f
--- /dev/null
+++ b/vendor/github.com/google/go-github/v55/github/orgs_rules.go
@@ -0,0 +1,105 @@
+// Copyright 2023 The go-github AUTHORS. All rights reserved.
+//
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package github
+
+import (
+	"context"
+	"fmt"
+)
+
+// GetAllOrganizationRulesets gets all the rulesets for the specified organization.
+//
+// GitHub API docs: https://docs.github.com/en/rest/orgs/rules#get-all-organization-repository-rulesets
+func (s *OrganizationsService) GetAllOrganizationRulesets(ctx context.Context, org string) ([]*Ruleset, *Response, error) {
+	u := fmt.Sprintf("orgs/%v/rulesets", org)
+
+	req, err := s.client.NewRequest("GET", u, nil)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	var rulesets []*Ruleset
+	resp, err := s.client.Do(ctx, req, &rulesets)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return rulesets, resp, nil
+}
+
+// CreateOrganizationRuleset creates a ruleset for the specified organization.
+//
+// GitHub API docs: https://docs.github.com/en/rest/orgs/rules#create-an-organization-repository-ruleset
+func (s *OrganizationsService) CreateOrganizationRuleset(ctx context.Context, org string, rs *Ruleset) (*Ruleset, *Response, error) {
+	u := fmt.Sprintf("orgs/%v/rulesets", org)
+
+	req, err := s.client.NewRequest("POST", u, rs)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	var ruleset *Ruleset
+	resp, err := s.client.Do(ctx, req, &ruleset)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return ruleset, resp, nil
+}
+
+// GetOrganizationRuleset gets a ruleset from the specified organization.
+//
+// GitHub API docs: https://docs.github.com/en/rest/orgs/rules#get-an-organization-repository-ruleset
+func (s *OrganizationsService) GetOrganizationRuleset(ctx context.Context, org string, rulesetID int64) (*Ruleset, *Response, error) {
+	u := fmt.Sprintf("orgs/%v/rulesets/%v", org, rulesetID)
+
+	req, err := s.client.NewRequest("GET", u, nil)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	var ruleset *Ruleset
+	resp, err := s.client.Do(ctx, req, &ruleset)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return ruleset, resp, nil
+}
+
+// UpdateOrganizationRuleset updates a ruleset from the specified organization.
+//
+// GitHub API docs: https://docs.github.com/en/rest/orgs/rules#update-an-organization-repository-ruleset
+func (s *OrganizationsService) UpdateOrganizationRuleset(ctx context.Context, org string, rulesetID int64, rs *Ruleset) (*Ruleset, *Response, error) {
+	u := fmt.Sprintf("orgs/%v/rulesets/%v", org, rulesetID)
+
+	req, err := s.client.NewRequest("PUT", u, rs)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	var ruleset *Ruleset
+	resp, err := s.client.Do(ctx, req, &ruleset)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return ruleset, resp, nil
+}
+
+// DeleteOrganizationRuleset deletes a ruleset from the specified organization.
+//
+// GitHub API docs: https://docs.github.com/en/rest/orgs/rules#delete-an-organization-repository-ruleset
+func (s *OrganizationsService) DeleteOrganizationRuleset(ctx context.Context, org string, rulesetID int64) (*Response, error) {
+	u := fmt.Sprintf("orgs/%v/rulesets/%v", org, rulesetID)
+
+	req, err := s.client.NewRequest("DELETE", u, nil)
+	if err != nil {
+		return nil, err
+	}
+
+	return s.client.Do(ctx, req, nil)
+}
diff --git a/vendor/github.com/google/go-github/v50/github/orgs_security_managers.go b/vendor/github.com/google/go-github/v55/github/orgs_security_managers.go
similarity index 100%
rename from vendor/github.com/google/go-github/v50/github/orgs_security_managers.go
rename to vendor/github.com/google/go-github/v55/github/orgs_security_managers.go
diff --git a/vendor/github.com/google/go-github/v50/github/orgs_users_blocking.go b/vendor/github.com/google/go-github/v55/github/orgs_users_blocking.go
similarity index 100%
rename from vendor/github.com/google/go-github/v50/github/orgs_users_blocking.go
rename to vendor/github.com/google/go-github/v55/github/orgs_users_blocking.go
diff --git a/vendor/github.com/google/go-github/v50/github/packages.go b/vendor/github.com/google/go-github/v55/github/packages.go
similarity index 100%
rename from vendor/github.com/google/go-github/v50/github/packages.go
rename to vendor/github.com/google/go-github/v55/github/packages.go
diff --git a/vendor/github.com/google/go-github/v50/github/projects.go b/vendor/github.com/google/go-github/v55/github/projects.go
similarity index 100%
rename from vendor/github.com/google/go-github/v50/github/projects.go
rename to vendor/github.com/google/go-github/v55/github/projects.go
diff --git a/vendor/github.com/google/go-github/v50/github/pulls.go b/vendor/github.com/google/go-github/v55/github/pulls.go
similarity index 99%
rename from vendor/github.com/google/go-github/v50/github/pulls.go
rename to vendor/github.com/google/go-github/v55/github/pulls.go
index 6e49eba2f..29549e24b 100644
--- a/vendor/github.com/google/go-github/v50/github/pulls.go
+++ b/vendor/github.com/google/go-github/v55/github/pulls.go
@@ -170,7 +170,7 @@ func (s *PullRequestsService) List(ctx context.Context, owner string, repo strin
 // By default, the PullRequestListOptions State filters for "open".
 //
 // GitHub API docs: https://docs.github.com/en/rest/commits/commits#list-pull-requests-associated-with-a-commit
-func (s *PullRequestsService) ListPullRequestsWithCommit(ctx context.Context, owner, repo, sha string, opts *PullRequestListOptions) ([]*PullRequest, *Response, error) {
+func (s *PullRequestsService) ListPullRequestsWithCommit(ctx context.Context, owner, repo, sha string, opts *ListOptions) ([]*PullRequest, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/commits/%v/pulls", owner, repo, sha)
 	u, err := addOptions(u, opts)
 	if err != nil {
@@ -244,6 +244,7 @@ func (s *PullRequestsService) GetRaw(ctx context.Context, owner string, repo str
 type NewPullRequest struct {
 	Title               *string `json:"title,omitempty"`
 	Head                *string `json:"head,omitempty"`
+	HeadRepo            *string `json:"head_repo,omitempty"`
 	Base                *string `json:"base,omitempty"`
 	Body                *string `json:"body,omitempty"`
 	Issue               *int    `json:"issue,omitempty"`
diff --git a/vendor/github.com/google/go-github/v50/github/pulls_comments.go b/vendor/github.com/google/go-github/v55/github/pulls_comments.go
similarity index 97%
rename from vendor/github.com/google/go-github/v50/github/pulls_comments.go
rename to vendor/github.com/google/go-github/v55/github/pulls_comments.go
index 1f6b726d8..ea1cf45d1 100644
--- a/vendor/github.com/google/go-github/v50/github/pulls_comments.go
+++ b/vendor/github.com/google/go-github/v55/github/pulls_comments.go
@@ -41,6 +41,8 @@ type PullRequestComment struct {
 	URL               *string `json:"url,omitempty"`
 	HTMLURL           *string `json:"html_url,omitempty"`
 	PullRequestURL    *string `json:"pull_request_url,omitempty"`
+	// Can be one of: LINE, FILE from https://docs.github.com/en/rest/pulls/comments?apiVersion=2022-11-28#create-a-review-comment-for-a-pull-request
+	SubjectType *string `json:"subject_type,omitempty"`
 }
 
 func (p PullRequestComment) String() string {
diff --git a/vendor/github.com/google/go-github/v50/github/pulls_reviewers.go b/vendor/github.com/google/go-github/v55/github/pulls_reviewers.go
similarity index 100%
rename from vendor/github.com/google/go-github/v50/github/pulls_reviewers.go
rename to vendor/github.com/google/go-github/v55/github/pulls_reviewers.go
diff --git a/vendor/github.com/google/go-github/v50/github/pulls_reviews.go b/vendor/github.com/google/go-github/v55/github/pulls_reviews.go
similarity index 100%
rename from vendor/github.com/google/go-github/v50/github/pulls_reviews.go
rename to vendor/github.com/google/go-github/v55/github/pulls_reviews.go
diff --git a/vendor/github.com/google/go-github/v50/github/pulls_threads.go b/vendor/github.com/google/go-github/v55/github/pulls_threads.go
similarity index 100%
rename from vendor/github.com/google/go-github/v50/github/pulls_threads.go
rename to vendor/github.com/google/go-github/v55/github/pulls_threads.go
diff --git a/vendor/github.com/google/go-github/v50/github/reactions.go b/vendor/github.com/google/go-github/v55/github/reactions.go
similarity index 100%
rename from vendor/github.com/google/go-github/v50/github/reactions.go
rename to vendor/github.com/google/go-github/v55/github/reactions.go
diff --git a/vendor/github.com/google/go-github/v50/github/repos.go b/vendor/github.com/google/go-github/v55/github/repos.go
similarity index 96%
rename from vendor/github.com/google/go-github/v50/github/repos.go
rename to vendor/github.com/google/go-github/v55/github/repos.go
index fad152e22..83fc3f8e7 100644
--- a/vendor/github.com/google/go-github/v50/github/repos.go
+++ b/vendor/github.com/google/go-github/v55/github/repos.go
@@ -210,6 +210,7 @@ type SecurityAndAnalysis struct {
 	AdvancedSecurity             *AdvancedSecurity             `json:"advanced_security,omitempty"`
 	SecretScanning               *SecretScanning               `json:"secret_scanning,omitempty"`
 	SecretScanningPushProtection *SecretScanningPushProtection `json:"secret_scanning_push_protection,omitempty"`
+	DependabotSecurityUpdates    *DependabotSecurityUpdates    `json:"dependabot_security_updates,omitempty"`
 }
 
 func (s SecurityAndAnalysis) String() string {
@@ -245,6 +246,21 @@ type SecretScanningPushProtection struct {
 	Status *string `json:"status,omitempty"`
 }
 
+func (s SecretScanningPushProtection) String() string {
+	return Stringify(s)
+}
+
+// DependabotSecurityUpdates specifies the state of Dependabot security updates on a repository.
+//
+// GitHub API docs: https://docs.github.com/en/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates
+type DependabotSecurityUpdates struct {
+	Status *string `json:"status,omitempty"`
+}
+
+func (d DependabotSecurityUpdates) String() string {
+	return Stringify(d)
+}
+
 // List the repositories for a user. Passing the empty string will list
 // repositories for the authenticated user.
 //
@@ -687,6 +703,25 @@ func (s *RepositoriesService) DisableVulnerabilityAlerts(ctx context.Context, ow
 	return s.client.Do(ctx, req, nil)
 }
 
+// GetAutomatedSecurityFixes checks if the automated security fixes for a repository are enabled.
+//
+// GitHub API docs: https://docs.github.com/en/rest/repos/repos?apiVersion=2022-11-28#check-if-automated-security-fixes-are-enabled-for-a-repository
+func (s *RepositoriesService) GetAutomatedSecurityFixes(ctx context.Context, owner, repository string) (*AutomatedSecurityFixes, *Response, error) {
+	u := fmt.Sprintf("repos/%v/%v/automated-security-fixes", owner, repository)
+
+	req, err := s.client.NewRequest("GET", u, nil)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	p := new(AutomatedSecurityFixes)
+	resp, err := s.client.Do(ctx, req, p)
+	if err != nil {
+		return nil, resp, err
+	}
+	return p, resp, nil
+}
+
 // EnableAutomatedSecurityFixes enables the automated security fixes for a repository.
 //
 // GitHub API docs: https://docs.github.com/en/rest/repos/repos#enable-automated-security-fixes
@@ -698,9 +733,6 @@ func (s *RepositoriesService) EnableAutomatedSecurityFixes(ctx context.Context,
 		return nil, err
 	}
 
-	// TODO: remove custom Accept header when this API fully launches
-	req.Header.Set("Accept", mediaTypeRequiredAutomatedSecurityFixesPreview)
-
 	return s.client.Do(ctx, req, nil)
 }
 
@@ -715,9 +747,6 @@ func (s *RepositoriesService) DisableAutomatedSecurityFixes(ctx context.Context,
 		return nil, err
 	}
 
-	// TODO: remove custom Accept header when this API fully launches
-	req.Header.Set("Accept", mediaTypeRequiredAutomatedSecurityFixesPreview)
-
 	return s.client.Do(ctx, req, nil)
 }
 
@@ -847,6 +876,8 @@ type Protection struct {
 	BlockCreations                 *BlockCreations                 `json:"block_creations,omitempty"`
 	LockBranch                     *LockBranch                     `json:"lock_branch,omitempty"`
 	AllowForkSyncing               *AllowForkSyncing               `json:"allow_fork_syncing,omitempty"`
+	RequiredSignatures             *SignaturesProtectedBranch      `json:"required_signatures,omitempty"`
+	URL                            *string                         `json:"url,omitempty"`
 }
 
 // BlockCreations represents whether users can push changes that create branches. If this is true, this
@@ -1023,7 +1054,9 @@ type RequiredStatusChecks struct {
 	Contexts []string `json:"contexts,omitempty"`
 	// The list of status checks to require in order to merge into this
 	// branch.
-	Checks []*RequiredStatusCheck `json:"checks"`
+	Checks      []*RequiredStatusCheck `json:"checks"`
+	ContextsURL *string                `json:"contexts_url,omitempty"`
+	URL         *string                `json:"url,omitempty"`
 }
 
 // RequiredStatusChecksRequest represents a request to edit a protected branch's status checks.
@@ -1208,6 +1241,12 @@ type SignaturesProtectedBranch struct {
 	Enabled *bool `json:"enabled,omitempty"`
 }
 
+// AutomatedSecurityFixes represents their status.
+type AutomatedSecurityFixes struct {
+	Enabled *bool `json:"enabled"`
+	Paused  *bool `json:"paused"`
+}
+
 // ListBranches lists branches for the specified repository.
 //
 // GitHub API docs: https://docs.github.com/en/rest/branches/branches#list-branches
@@ -1965,6 +2004,7 @@ func (s *RepositoriesService) RemoveUserRestrictions(ctx context.Context, owner,
 // TransferRequest represents a request to transfer a repository.
 type TransferRequest struct {
 	NewOwner string  `json:"new_owner"`
+	NewName  *string `json:"new_name,omitempty"`
 	TeamID   []int64 `json:"team_ids,omitempty"`
 }
 
@@ -2029,3 +2069,43 @@ func isBranchNotProtected(err error) bool {
 	errorResponse, ok := err.(*ErrorResponse)
 	return ok && errorResponse.Message == githubBranchNotProtected
 }
+
+// EnablePrivateReporting enables private reporting of vulnerabilities for a
+// repository.
+//
+// GitHub API docs: https://docs.github.com/en/rest/repos/repos#enable-private-vulnerability-reporting-for-a-repository
+func (s *RepositoriesService) EnablePrivateReporting(ctx context.Context, owner, repo string) (*Response, error) {
+	u := fmt.Sprintf("repos/%v/%v/private-vulnerability-reporting", owner, repo)
+
+	req, err := s.client.NewRequest("PUT", u, nil)
+	if err != nil {
+		return nil, err
+	}
+
+	resp, err := s.client.Do(ctx, req, nil)
+	if err != nil {
+		return resp, err
+	}
+
+	return resp, nil
+}
+
+// DisablePrivateReporting disables private reporting of vulnerabilities for a
+// repository.
+//
+// GitHub API docs: https://docs.github.com/en/rest/repos/repos#disable-private-vulnerability-reporting-for-a-repository
+func (s *RepositoriesService) DisablePrivateReporting(ctx context.Context, owner, repo string) (*Response, error) {
+	u := fmt.Sprintf("repos/%v/%v/private-vulnerability-reporting", owner, repo)
+
+	req, err := s.client.NewRequest("DELETE", u, nil)
+	if err != nil {
+		return nil, err
+	}
+
+	resp, err := s.client.Do(ctx, req, nil)
+	if err != nil {
+		return resp, err
+	}
+
+	return resp, nil
+}
diff --git a/vendor/github.com/google/go-github/v50/github/repos_actions_access.go b/vendor/github.com/google/go-github/v55/github/repos_actions_access.go
similarity index 100%
rename from vendor/github.com/google/go-github/v50/github/repos_actions_access.go
rename to vendor/github.com/google/go-github/v55/github/repos_actions_access.go
diff --git a/vendor/github.com/google/go-github/v50/github/repos_actions_allowed.go b/vendor/github.com/google/go-github/v55/github/repos_actions_allowed.go
similarity index 100%
rename from vendor/github.com/google/go-github/v50/github/repos_actions_allowed.go
rename to vendor/github.com/google/go-github/v55/github/repos_actions_allowed.go
diff --git a/vendor/github.com/google/go-github/v50/github/repos_actions_permissions.go b/vendor/github.com/google/go-github/v55/github/repos_actions_permissions.go
similarity index 100%
rename from vendor/github.com/google/go-github/v50/github/repos_actions_permissions.go
rename to vendor/github.com/google/go-github/v55/github/repos_actions_permissions.go
diff --git a/vendor/github.com/google/go-github/v50/github/repos_autolinks.go b/vendor/github.com/google/go-github/v55/github/repos_autolinks.go
similarity index 100%
rename from vendor/github.com/google/go-github/v50/github/repos_autolinks.go
rename to vendor/github.com/google/go-github/v55/github/repos_autolinks.go
diff --git a/vendor/github.com/google/go-github/v50/github/repos_codeowners.go b/vendor/github.com/google/go-github/v55/github/repos_codeowners.go
similarity index 100%
rename from vendor/github.com/google/go-github/v50/github/repos_codeowners.go
rename to vendor/github.com/google/go-github/v55/github/repos_codeowners.go
diff --git a/vendor/github.com/google/go-github/v50/github/repos_collaborators.go b/vendor/github.com/google/go-github/v55/github/repos_collaborators.go
similarity index 100%
rename from vendor/github.com/google/go-github/v50/github/repos_collaborators.go
rename to vendor/github.com/google/go-github/v55/github/repos_collaborators.go
diff --git a/vendor/github.com/google/go-github/v50/github/repos_comments.go b/vendor/github.com/google/go-github/v55/github/repos_comments.go
similarity index 100%
rename from vendor/github.com/google/go-github/v50/github/repos_comments.go
rename to vendor/github.com/google/go-github/v55/github/repos_comments.go
diff --git a/vendor/github.com/google/go-github/v50/github/repos_commits.go b/vendor/github.com/google/go-github/v55/github/repos_commits.go
similarity index 100%
rename from vendor/github.com/google/go-github/v50/github/repos_commits.go
rename to vendor/github.com/google/go-github/v55/github/repos_commits.go
diff --git a/vendor/github.com/google/go-github/v50/github/repos_community_health.go b/vendor/github.com/google/go-github/v55/github/repos_community_health.go
similarity index 100%
rename from vendor/github.com/google/go-github/v50/github/repos_community_health.go
rename to vendor/github.com/google/go-github/v55/github/repos_community_health.go
diff --git a/vendor/github.com/google/go-github/v50/github/repos_contents.go b/vendor/github.com/google/go-github/v55/github/repos_contents.go
similarity index 94%
rename from vendor/github.com/google/go-github/v50/github/repos_contents.go
rename to vendor/github.com/google/go-github/v55/github/repos_contents.go
index be58fd52f..de7a0d5b8 100644
--- a/vendor/github.com/google/go-github/v50/github/repos_contents.go
+++ b/vendor/github.com/google/go-github/v55/github/repos_contents.go
@@ -21,6 +21,8 @@ import (
 	"strings"
 )
 
+var ErrPathForbidden = errors.New("path must not contain '..' due to auth vulnerability issue")
+
 // RepositoryContent represents a file or directory in a github repository.
 type RepositoryContent struct {
 	Type *string `json:"type,omitempty"`
@@ -34,12 +36,13 @@ type RepositoryContent struct {
 	// Content contains the actual file content, which may be encoded.
 	// Callers should call GetContent which will decode the content if
 	// necessary.
-	Content     *string `json:"content,omitempty"`
-	SHA         *string `json:"sha,omitempty"`
-	URL         *string `json:"url,omitempty"`
-	GitURL      *string `json:"git_url,omitempty"`
-	HTMLURL     *string `json:"html_url,omitempty"`
-	DownloadURL *string `json:"download_url,omitempty"`
+	Content         *string `json:"content,omitempty"`
+	SHA             *string `json:"sha,omitempty"`
+	URL             *string `json:"url,omitempty"`
+	GitURL          *string `json:"git_url,omitempty"`
+	HTMLURL         *string `json:"html_url,omitempty"`
+	DownloadURL     *string `json:"download_url,omitempty"`
+	SubmoduleGitURL *string `json:"submodule_git_url,omitempty"`
 }
 
 // RepositoryContentResponse holds the parsed response from CreateFile, UpdateFile, and DeleteFile.
@@ -192,8 +195,15 @@ func (s *RepositoriesService) DownloadContentsWithMeta(ctx context.Context, owne
 // as possible, both result types will be returned but only one will contain a
 // value and the other will be nil.
 //
+// Due to an auth vulnerability issue in the GitHub v3 API, ".." is not allowed
+// to appear anywhere in the "path" or this method will return an error.
+//
 // GitHub API docs: https://docs.github.com/en/rest/repos/contents#get-repository-content
 func (s *RepositoriesService) GetContents(ctx context.Context, owner, repo, path string, opts *RepositoryContentGetOptions) (fileContent *RepositoryContent, directoryContent []*RepositoryContent, resp *Response, err error) {
+	if strings.Contains(path, "..") {
+		return nil, nil, nil, ErrPathForbidden
+	}
+
 	escapedPath := (&url.URL{Path: strings.TrimSuffix(path, "/")}).String()
 	u := fmt.Sprintf("repos/%s/%s/contents/%s", owner, repo, escapedPath)
 	u, err = addOptions(u, opts)
diff --git a/vendor/github.com/google/go-github/v50/github/repos_deployment_branch_policies.go b/vendor/github.com/google/go-github/v55/github/repos_deployment_branch_policies.go
similarity index 100%
rename from vendor/github.com/google/go-github/v50/github/repos_deployment_branch_policies.go
rename to vendor/github.com/google/go-github/v55/github/repos_deployment_branch_policies.go
diff --git a/vendor/github.com/google/go-github/v50/github/repos_deployments.go b/vendor/github.com/google/go-github/v55/github/repos_deployments.go
similarity index 100%
rename from vendor/github.com/google/go-github/v50/github/repos_deployments.go
rename to vendor/github.com/google/go-github/v55/github/repos_deployments.go
diff --git a/vendor/github.com/google/go-github/v50/github/repos_environments.go b/vendor/github.com/google/go-github/v55/github/repos_environments.go
similarity index 96%
rename from vendor/github.com/google/go-github/v50/github/repos_environments.go
rename to vendor/github.com/google/go-github/v55/github/repos_environments.go
index 2e85fdf99..2399a42c7 100644
--- a/vendor/github.com/google/go-github/v50/github/repos_environments.go
+++ b/vendor/github.com/google/go-github/v55/github/repos_environments.go
@@ -28,6 +28,7 @@ type Environment struct {
 	HTMLURL         *string           `json:"html_url,omitempty"`
 	CreatedAt       *Timestamp        `json:"created_at,omitempty"`
 	UpdatedAt       *Timestamp        `json:"updated_at,omitempty"`
+	CanAdminsBypass *bool             `json:"can_admins_bypass,omitempty"`
 	ProtectionRules []*ProtectionRule `json:"protection_rules,omitempty"`
 }
 
@@ -147,11 +148,15 @@ func (s *RepositoriesService) GetEnvironment(ctx context.Context, owner, repo, n
 
 // MarshalJSON implements the json.Marshaler interface.
 // As the only way to clear a WaitTimer is to set it to 0, a missing WaitTimer object should default to 0, not null.
+// As the default value for CanAdminsBypass is true, a nil value here marshals to true.
 func (c *CreateUpdateEnvironment) MarshalJSON() ([]byte, error) {
 	type Alias CreateUpdateEnvironment
 	if c.WaitTimer == nil {
 		c.WaitTimer = Int(0)
 	}
+	if c.CanAdminsBypass == nil {
+		c.CanAdminsBypass = Bool(true)
+	}
 	return json.Marshal(&struct {
 		*Alias
 	}{
@@ -166,6 +171,7 @@ func (c *CreateUpdateEnvironment) MarshalJSON() ([]byte, error) {
 type CreateUpdateEnvironment struct {
 	WaitTimer              *int            `json:"wait_timer"`
 	Reviewers              []*EnvReviewers `json:"reviewers"`
+	CanAdminsBypass        *bool           `json:"can_admins_bypass"`
 	DeploymentBranchPolicy *BranchPolicy   `json:"deployment_branch_policy"`
 }
 
diff --git a/vendor/github.com/google/go-github/v50/github/repos_forks.go b/vendor/github.com/google/go-github/v55/github/repos_forks.go
similarity index 100%
rename from vendor/github.com/google/go-github/v50/github/repos_forks.go
rename to vendor/github.com/google/go-github/v55/github/repos_forks.go
diff --git a/vendor/github.com/google/go-github/v50/github/repos_hooks.go b/vendor/github.com/google/go-github/v55/github/repos_hooks.go
similarity index 100%
rename from vendor/github.com/google/go-github/v50/github/repos_hooks.go
rename to vendor/github.com/google/go-github/v55/github/repos_hooks.go
diff --git a/vendor/github.com/google/go-github/v55/github/repos_hooks_configuration.go b/vendor/github.com/google/go-github/v55/github/repos_hooks_configuration.go
new file mode 100644
index 000000000..5aadfb645
--- /dev/null
+++ b/vendor/github.com/google/go-github/v55/github/repos_hooks_configuration.go
@@ -0,0 +1,49 @@
+// Copyright 2023 The go-github AUTHORS. All rights reserved.
+//
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package github
+
+import (
+	"context"
+	"fmt"
+)
+
+// GetHookConfiguration returns the configuration for the specified repository webhook.
+//
+// GitHub API docs: https://docs.github.com/en/rest/webhooks/repo-config?apiVersion=2022-11-28#get-a-webhook-configuration-for-a-repository
+func (s *RepositoriesService) GetHookConfiguration(ctx context.Context, owner, repo string, id int64) (*HookConfig, *Response, error) {
+	u := fmt.Sprintf("repos/%v/%v/hooks/%v/config", owner, repo, id)
+	req, err := s.client.NewRequest("GET", u, nil)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	config := new(HookConfig)
+	resp, err := s.client.Do(ctx, req, config)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return config, resp, nil
+}
+
+// EditHookConfiguration updates the configuration for the specified repository webhook.
+//
+// GitHub API docs: https://docs.github.com/en/rest/webhooks/repo-config?apiVersion=2022-11-28#update-a-webhook-configuration-for-a-repository
+func (s *RepositoriesService) EditHookConfiguration(ctx context.Context, owner, repo string, id int64, config *HookConfig) (*HookConfig, *Response, error) {
+	u := fmt.Sprintf("repos/%v/%v/hooks/%v/config", owner, repo, id)
+	req, err := s.client.NewRequest("PATCH", u, config)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	c := new(HookConfig)
+	resp, err := s.client.Do(ctx, req, c)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return c, resp, nil
+}
diff --git a/vendor/github.com/google/go-github/v50/github/repos_hooks_deliveries.go b/vendor/github.com/google/go-github/v55/github/repos_hooks_deliveries.go
similarity index 97%
rename from vendor/github.com/google/go-github/v50/github/repos_hooks_deliveries.go
rename to vendor/github.com/google/go-github/v55/github/repos_hooks_deliveries.go
index cbd2d3819..5f2f8807e 100644
--- a/vendor/github.com/google/go-github/v50/github/repos_hooks_deliveries.go
+++ b/vendor/github.com/google/go-github/v55/github/repos_hooks_deliveries.go
@@ -126,9 +126,9 @@ func (s *RepositoriesService) RedeliverHookDelivery(ctx context.Context, owner,
 // ParseRequestPayload parses the request payload. For recognized event types,
 // a value of the corresponding struct type will be returned.
 func (d *HookDelivery) ParseRequestPayload() (interface{}, error) {
-	eType, ok := eventTypeMapping[*d.Event]
+	eType, ok := messageToTypeName[d.GetEvent()]
 	if !ok {
-		return nil, fmt.Errorf("unsupported event type %q", *d.Event)
+		return nil, fmt.Errorf("unsupported event type %q", d.GetEvent())
 	}
 
 	e := &Event{Type: &eType, RawPayload: d.Request.RawPayload}
diff --git a/vendor/github.com/google/go-github/v50/github/repos_invitations.go b/vendor/github.com/google/go-github/v55/github/repos_invitations.go
similarity index 100%
rename from vendor/github.com/google/go-github/v50/github/repos_invitations.go
rename to vendor/github.com/google/go-github/v55/github/repos_invitations.go
diff --git a/vendor/github.com/google/go-github/v50/github/repos_keys.go b/vendor/github.com/google/go-github/v55/github/repos_keys.go
similarity index 100%
rename from vendor/github.com/google/go-github/v50/github/repos_keys.go
rename to vendor/github.com/google/go-github/v55/github/repos_keys.go
diff --git a/vendor/github.com/google/go-github/v50/github/repos_lfs.go b/vendor/github.com/google/go-github/v55/github/repos_lfs.go
similarity index 100%
rename from vendor/github.com/google/go-github/v50/github/repos_lfs.go
rename to vendor/github.com/google/go-github/v55/github/repos_lfs.go
diff --git a/vendor/github.com/google/go-github/v50/github/repos_merging.go b/vendor/github.com/google/go-github/v55/github/repos_merging.go
similarity index 100%
rename from vendor/github.com/google/go-github/v50/github/repos_merging.go
rename to vendor/github.com/google/go-github/v55/github/repos_merging.go
diff --git a/vendor/github.com/google/go-github/v50/github/repos_pages.go b/vendor/github.com/google/go-github/v55/github/repos_pages.go
similarity index 68%
rename from vendor/github.com/google/go-github/v50/github/repos_pages.go
rename to vendor/github.com/google/go-github/v55/github/repos_pages.go
index 737cec0f2..83075dbdd 100644
--- a/vendor/github.com/google/go-github/v50/github/repos_pages.go
+++ b/vendor/github.com/google/go-github/v55/github/repos_pages.go
@@ -17,6 +17,7 @@ type Pages struct {
 	CNAME            *string                `json:"cname,omitempty"`
 	Custom404        *bool                  `json:"custom_404,omitempty"`
 	HTMLURL          *string                `json:"html_url,omitempty"`
+	BuildType        *string                `json:"build_type,omitempty"`
 	Source           *PagesSource           `json:"source,omitempty"`
 	Public           *bool                  `json:"public,omitempty"`
 	HTTPSCertificate *PagesHTTPSCertificate `json:"https_certificate,omitempty"`
@@ -46,6 +47,44 @@ type PagesBuild struct {
 	UpdatedAt *Timestamp  `json:"updated_at,omitempty"`
 }
 
+// PagesDomain represents a domain associated with a GitHub Pages site.
+type PagesDomain struct {
+	Host                          *string `json:"host,omitempty"`
+	URI                           *string `json:"uri,omitempty"`
+	Nameservers                   *string `json:"nameservers,omitempty"`
+	DNSResolves                   *bool   `json:"dns_resolves,omitempty"`
+	IsProxied                     *bool   `json:"is_proxied,omitempty"`
+	IsCloudflareIP                *bool   `json:"is_cloudflare_ip,omitempty"`
+	IsFastlyIP                    *bool   `json:"is_fastly_ip,omitempty"`
+	IsOldIPAddress                *bool   `json:"is_old_ip_address,omitempty"`
+	IsARecord                     *bool   `json:"is_a_record,omitempty"`
+	HasCNAMERecord                *bool   `json:"has_cname_record,omitempty"`
+	HasMXRecordsPresent           *bool   `json:"has_mx_records_present,omitempty"`
+	IsValidDomain                 *bool   `json:"is_valid_domain,omitempty"`
+	IsApexDomain                  *bool   `json:"is_apex_domain,omitempty"`
+	ShouldBeARecord               *bool   `json:"should_be_a_record,omitempty"`
+	IsCNAMEToGithubUserDomain     *bool   `json:"is_cname_to_github_user_domain,omitempty"`
+	IsCNAMEToPagesDotGithubDotCom *bool   `json:"is_cname_to_pages_dot_github_dot_com,omitempty"`
+	IsCNAMEToFastly               *bool   `json:"is_cname_to_fastly,omitempty"`
+	IsPointedToGithubPagesIP      *bool   `json:"is_pointed_to_github_pages_ip,omitempty"`
+	IsNonGithubPagesIPPresent     *bool   `json:"is_non_github_pages_ip_present,omitempty"`
+	IsPagesDomain                 *bool   `json:"is_pages_domain,omitempty"`
+	IsServedByPages               *bool   `json:"is_served_by_pages,omitempty"`
+	IsValid                       *bool   `json:"is_valid,omitempty"`
+	Reason                        *string `json:"reason,omitempty"`
+	RespondsToHTTPS               *bool   `json:"responds_to_https,omitempty"`
+	EnforcesHTTPS                 *bool   `json:"enforces_https,omitempty"`
+	HTTPSError                    *string `json:"https_error,omitempty"`
+	IsHTTPSEligible               *bool   `json:"is_https_eligible,omitempty"`
+	CAAError                      *string `json:"caa_error,omitempty"`
+}
+
+// PagesHealthCheckResponse represents the response given for the health check of a GitHub Pages site.
+type PagesHealthCheckResponse struct {
+	Domain    *PagesDomain `json:"domain,omitempty"`
+	AltDomain *PagesDomain `json:"alt_domain,omitempty"`
+}
+
 // PagesHTTPSCertificate represents the HTTPS Certificate information for a GitHub Pages site.
 type PagesHTTPSCertificate struct {
 	State       *string  `json:"state,omitempty"`
@@ -58,7 +97,8 @@ type PagesHTTPSCertificate struct {
 // createPagesRequest is a subset of Pages and is used internally
 // by EnablePages to pass only the known fields for the endpoint.
 type createPagesRequest struct {
-	Source *PagesSource `json:"source,omitempty"`
+	BuildType *string      `json:"build_type,omitempty"`
+	Source    *PagesSource `json:"source,omitempty"`
 }
 
 // EnablePages enables GitHub Pages for the named repo.
@@ -68,7 +108,8 @@ func (s *RepositoriesService) EnablePages(ctx context.Context, owner, repo strin
 	u := fmt.Sprintf("repos/%v/%v/pages", owner, repo)
 
 	pagesReq := &createPagesRequest{
-		Source: pages.Source,
+		BuildType: pages.BuildType,
+		Source:    pages.Source,
 	}
 
 	req, err := s.client.NewRequest("POST", u, pagesReq)
@@ -92,6 +133,10 @@ type PagesUpdate struct {
 	// CNAME represents a custom domain for the repository.
 	// Leaving CNAME empty will remove the custom domain.
 	CNAME *string `json:"cname"`
+	// BuildType is optional and can either be "legacy" or "workflow".
+	// "workflow" - You are using a github workflow to build your pages.
+	// "legacy"   - You are deploying from a branch.
+	BuildType *string `json:"build_type,omitempty"`
 	// Source must include the branch name, and may optionally specify the subdirectory "/docs".
 	// Possible values for Source.Branch are usually "gh-pages", "main", and "master",
 	// or any other existing branch name.
@@ -240,3 +285,22 @@ func (s *RepositoriesService) RequestPageBuild(ctx context.Context, owner, repo
 
 	return build, resp, nil
 }
+
+// GetPagesHealthCheck gets a DNS health check for the CNAME record configured for a repository's GitHub Pages.
+//
+// GitHub API docs: https://docs.github.com/en/rest/pages#get-a-dns-health-check-for-github-pages
+func (s *RepositoriesService) GetPageHealthCheck(ctx context.Context, owner, repo string) (*PagesHealthCheckResponse, *Response, error) {
+	u := fmt.Sprintf("repos/%v/%v/pages/health", owner, repo)
+	req, err := s.client.NewRequest("GET", u, nil)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	healthCheckResponse := new(PagesHealthCheckResponse)
+	resp, err := s.client.Do(ctx, req, healthCheckResponse)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return healthCheckResponse, resp, nil
+}
diff --git a/vendor/github.com/google/go-github/v50/github/repos_prereceive_hooks.go b/vendor/github.com/google/go-github/v55/github/repos_prereceive_hooks.go
similarity index 100%
rename from vendor/github.com/google/go-github/v50/github/repos_prereceive_hooks.go
rename to vendor/github.com/google/go-github/v55/github/repos_prereceive_hooks.go
diff --git a/vendor/github.com/google/go-github/v50/github/repos_projects.go b/vendor/github.com/google/go-github/v55/github/repos_projects.go
similarity index 100%
rename from vendor/github.com/google/go-github/v50/github/repos_projects.go
rename to vendor/github.com/google/go-github/v55/github/repos_projects.go
diff --git a/vendor/github.com/google/go-github/v50/github/repos_releases.go b/vendor/github.com/google/go-github/v55/github/repos_releases.go
similarity index 100%
rename from vendor/github.com/google/go-github/v50/github/repos_releases.go
rename to vendor/github.com/google/go-github/v55/github/repos_releases.go
diff --git a/vendor/github.com/google/go-github/v55/github/repos_rules.go b/vendor/github.com/google/go-github/v55/github/repos_rules.go
new file mode 100644
index 000000000..7f964fe66
--- /dev/null
+++ b/vendor/github.com/google/go-github/v55/github/repos_rules.go
@@ -0,0 +1,464 @@
+// Copyright 2023 The go-github AUTHORS. All rights reserved.
+//
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package github
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+)
+
+// BypassActor represents the bypass actors from a ruleset.
+type BypassActor struct {
+	ActorID *int64 `json:"actor_id,omitempty"`
+	// Possible values for ActorType are: RepositoryRole, Team, Integration, OrganizationAdmin
+	ActorType *string `json:"actor_type,omitempty"`
+	// Possible values for BypassMode are: always, pull_request
+	BypassMode *string `json:"bypass_mode,omitempty"`
+}
+
+// RulesetLink represents a single link object from GitHub ruleset request _links.
+type RulesetLink struct {
+	HRef *string `json:"href,omitempty"`
+}
+
+// RulesetLinks represents the "_links" object in a Ruleset.
+type RulesetLinks struct {
+	Self *RulesetLink `json:"self,omitempty"`
+}
+
+// RulesetRefConditionParameters represents the conditions object for ref_names.
+type RulesetRefConditionParameters struct {
+	Include []string `json:"include"`
+	Exclude []string `json:"exclude"`
+}
+
+// RulesetRepositoryNamesConditionParameters represents the conditions object for repository_names.
+type RulesetRepositoryNamesConditionParameters struct {
+	Include   []string `json:"include"`
+	Exclude   []string `json:"exclude"`
+	Protected *bool    `json:"protected,omitempty"`
+}
+
+// RulesetRepositoryIDsConditionParameters represents the conditions object for repository_ids.
+type RulesetRepositoryIDsConditionParameters struct {
+	RepositoryIDs []int64 `json:"repository_ids,omitempty"`
+}
+
+// RulesetCondition represents the conditions object in a ruleset.
+// Set either RepositoryName or RepositoryID, not both.
+type RulesetConditions struct {
+	RefName        *RulesetRefConditionParameters             `json:"ref_name,omitempty"`
+	RepositoryName *RulesetRepositoryNamesConditionParameters `json:"repository_name,omitempty"`
+	RepositoryID   *RulesetRepositoryIDsConditionParameters   `json:"repository_id,omitempty"`
+}
+
+// RulePatternParameters represents the rule pattern parameters.
+type RulePatternParameters struct {
+	Name *string `json:"name,omitempty"`
+	// If Negate is true, the rule will fail if the pattern matches.
+	Negate *bool `json:"negate,omitempty"`
+	// Possible values for Operator are: starts_with, ends_with, contains, regex
+	Operator string `json:"operator"`
+	Pattern  string `json:"pattern"`
+}
+
+// UpdateAllowsFetchAndMergeRuleParameters represents the update rule parameters.
+type UpdateAllowsFetchAndMergeRuleParameters struct {
+	UpdateAllowsFetchAndMerge bool `json:"update_allows_fetch_and_merge"`
+}
+
+// RequiredDeploymentEnvironmentsRuleParameters represents the required_deployments rule parameters.
+type RequiredDeploymentEnvironmentsRuleParameters struct {
+	RequiredDeploymentEnvironments []string `json:"required_deployment_environments"`
+}
+
+// PullRequestRuleParameters represents the pull_request rule parameters.
+type PullRequestRuleParameters struct {
+	DismissStaleReviewsOnPush      bool `json:"dismiss_stale_reviews_on_push"`
+	RequireCodeOwnerReview         bool `json:"require_code_owner_review"`
+	RequireLastPushApproval        bool `json:"require_last_push_approval"`
+	RequiredApprovingReviewCount   int  `json:"required_approving_review_count"`
+	RequiredReviewThreadResolution bool `json:"required_review_thread_resolution"`
+}
+
+// RuleRequiredStatusChecks represents the RequiredStatusChecks for the RequiredStatusChecksRuleParameters object.
+type RuleRequiredStatusChecks struct {
+	Context       string `json:"context"`
+	IntegrationID *int64 `json:"integration_id,omitempty"`
+}
+
+// RequiredStatusChecksRuleParameters represents the required_status_checks rule parameters.
+type RequiredStatusChecksRuleParameters struct {
+	RequiredStatusChecks             []RuleRequiredStatusChecks `json:"required_status_checks"`
+	StrictRequiredStatusChecksPolicy bool                       `json:"strict_required_status_checks_policy"`
+}
+
+// RepositoryRule represents a GitHub Rule.
+type RepositoryRule struct {
+	Type       string           `json:"type"`
+	Parameters *json.RawMessage `json:"parameters,omitempty"`
+}
+
+// UnmarshalJSON implements the json.Unmarshaler interface.
+// This helps us handle the fact that RepositoryRule parameter field can be of numerous types.
+func (r *RepositoryRule) UnmarshalJSON(data []byte) error {
+	type rule RepositoryRule
+	var RepositoryRule rule
+	if err := json.Unmarshal(data, &RepositoryRule); err != nil {
+		return err
+	}
+
+	r.Type = RepositoryRule.Type
+
+	switch RepositoryRule.Type {
+	case "creation", "deletion", "required_linear_history", "required_signatures", "non_fast_forward":
+		r.Parameters = nil
+	case "update":
+		if RepositoryRule.Parameters == nil {
+			r.Parameters = nil
+			return nil
+		}
+		params := UpdateAllowsFetchAndMergeRuleParameters{}
+		if err := json.Unmarshal(*RepositoryRule.Parameters, &params); err != nil {
+			return err
+		}
+
+		bytes, _ := json.Marshal(params)
+		rawParams := json.RawMessage(bytes)
+
+		r.Parameters = &rawParams
+
+	case "required_deployments":
+		params := RequiredDeploymentEnvironmentsRuleParameters{}
+		if err := json.Unmarshal(*RepositoryRule.Parameters, &params); err != nil {
+			return err
+		}
+
+		bytes, _ := json.Marshal(params)
+		rawParams := json.RawMessage(bytes)
+
+		r.Parameters = &rawParams
+	case "commit_message_pattern", "commit_author_email_pattern", "committer_email_pattern", "branch_name_pattern", "tag_name_pattern":
+		params := RulePatternParameters{}
+		if err := json.Unmarshal(*RepositoryRule.Parameters, &params); err != nil {
+			return err
+		}
+
+		bytes, _ := json.Marshal(params)
+		rawParams := json.RawMessage(bytes)
+
+		r.Parameters = &rawParams
+	case "pull_request":
+		params := PullRequestRuleParameters{}
+		if err := json.Unmarshal(*RepositoryRule.Parameters, &params); err != nil {
+			return err
+		}
+
+		bytes, _ := json.Marshal(params)
+		rawParams := json.RawMessage(bytes)
+
+		r.Parameters = &rawParams
+	case "required_status_checks":
+		params := RequiredStatusChecksRuleParameters{}
+		if err := json.Unmarshal(*RepositoryRule.Parameters, &params); err != nil {
+			return err
+		}
+
+		bytes, _ := json.Marshal(params)
+		rawParams := json.RawMessage(bytes)
+
+		r.Parameters = &rawParams
+	default:
+		r.Type = ""
+		r.Parameters = nil
+		return fmt.Errorf("RepositoryRule.Type %T is not yet implemented, unable to unmarshal", RepositoryRule.Type)
+	}
+
+	return nil
+}
+
+// NewCreationRule creates a rule to only allow users with bypass permission to create matching refs.
+func NewCreationRule() (rule *RepositoryRule) {
+	return &RepositoryRule{
+		Type: "creation",
+	}
+}
+
+// NewUpdateRule creates a rule to only allow users with bypass permission to update matching refs.
+func NewUpdateRule(params *UpdateAllowsFetchAndMergeRuleParameters) (rule *RepositoryRule) {
+	if params != nil {
+		bytes, _ := json.Marshal(params)
+
+		rawParams := json.RawMessage(bytes)
+
+		return &RepositoryRule{
+			Type:       "update",
+			Parameters: &rawParams,
+		}
+	}
+	return &RepositoryRule{
+		Type: "update",
+	}
+}
+
+// NewDeletionRule creates a rule to only allow users with bypass permissions to delete matching refs.
+func NewDeletionRule() (rule *RepositoryRule) {
+	return &RepositoryRule{
+		Type: "deletion",
+	}
+}
+
+// NewRequiredLinearHistoryRule creates a rule to prevent merge commits from being pushed to matching branches.
+func NewRequiredLinearHistoryRule() (rule *RepositoryRule) {
+	return &RepositoryRule{
+		Type: "required_linear_history",
+	}
+}
+
+// NewRequiredDeploymentsRule creates a rule to require environments to be successfully deployed before they can be merged into the matching branches.
+func NewRequiredDeploymentsRule(params *RequiredDeploymentEnvironmentsRuleParameters) (rule *RepositoryRule) {
+	bytes, _ := json.Marshal(params)
+
+	rawParams := json.RawMessage(bytes)
+
+	return &RepositoryRule{
+		Type:       "required_deployments",
+		Parameters: &rawParams,
+	}
+}
+
+// NewRequiredSignaturesRule creates a rule a to require commits pushed to matching branches to have verified signatures.
+func NewRequiredSignaturesRule() (rule *RepositoryRule) {
+	return &RepositoryRule{
+		Type: "required_signatures",
+	}
+}
+
+// NewPullRequestRule creates a rule to require all commits be made to a non-target branch and submitted via a pull request before they can be merged.
+func NewPullRequestRule(params *PullRequestRuleParameters) (rule *RepositoryRule) {
+	bytes, _ := json.Marshal(params)
+
+	rawParams := json.RawMessage(bytes)
+
+	return &RepositoryRule{
+		Type:       "pull_request",
+		Parameters: &rawParams,
+	}
+}
+
+// NewRequiredStatusChecksRule creates a rule to require which status checks must pass before branches can be merged into a branch rule.
+func NewRequiredStatusChecksRule(params *RequiredStatusChecksRuleParameters) (rule *RepositoryRule) {
+	bytes, _ := json.Marshal(params)
+
+	rawParams := json.RawMessage(bytes)
+
+	return &RepositoryRule{
+		Type:       "required_status_checks",
+		Parameters: &rawParams,
+	}
+}
+
+// NewNonFastForwardRule creates a rule as part to prevent users with push access from force pushing to matching branches.
+func NewNonFastForwardRule() (rule *RepositoryRule) {
+	return &RepositoryRule{
+		Type: "non_fast_forward",
+	}
+}
+
+// NewCommitMessagePatternRule creates a rule to restrict commit message patterns being pushed to matching branches.
+func NewCommitMessagePatternRule(params *RulePatternParameters) (rule *RepositoryRule) {
+	bytes, _ := json.Marshal(params)
+
+	rawParams := json.RawMessage(bytes)
+
+	return &RepositoryRule{
+		Type:       "commit_message_pattern",
+		Parameters: &rawParams,
+	}
+}
+
+// NewCommitAuthorEmailPatternRule creates a rule to restrict commits with author email patterns being merged into matching branches.
+func NewCommitAuthorEmailPatternRule(params *RulePatternParameters) (rule *RepositoryRule) {
+	bytes, _ := json.Marshal(params)
+
+	rawParams := json.RawMessage(bytes)
+
+	return &RepositoryRule{
+		Type:       "commit_author_email_pattern",
+		Parameters: &rawParams,
+	}
+}
+
+// NewCommitterEmailPatternRule creates a rule to restrict commits with committer email patterns being merged into matching branches.
+func NewCommitterEmailPatternRule(params *RulePatternParameters) (rule *RepositoryRule) {
+	bytes, _ := json.Marshal(params)
+
+	rawParams := json.RawMessage(bytes)
+
+	return &RepositoryRule{
+		Type:       "committer_email_pattern",
+		Parameters: &rawParams,
+	}
+}
+
+// NewBranchNamePatternRule creates a rule to restrict branch patterns from being merged into matching branches.
+func NewBranchNamePatternRule(params *RulePatternParameters) (rule *RepositoryRule) {
+	bytes, _ := json.Marshal(params)
+
+	rawParams := json.RawMessage(bytes)
+
+	return &RepositoryRule{
+		Type:       "branch_name_pattern",
+		Parameters: &rawParams,
+	}
+}
+
+// NewTagNamePatternRule creates a rule to restrict tag patterns contained in non-target branches from being merged into matching branches.
+func NewTagNamePatternRule(params *RulePatternParameters) (rule *RepositoryRule) {
+	bytes, _ := json.Marshal(params)
+
+	rawParams := json.RawMessage(bytes)
+
+	return &RepositoryRule{
+		Type:       "tag_name_pattern",
+		Parameters: &rawParams,
+	}
+}
+
+// Ruleset represents a GitHub ruleset object.
+type Ruleset struct {
+	ID   *int64 `json:"id,omitempty"`
+	Name string `json:"name"`
+	// Possible values for Target are branch, tag
+	Target *string `json:"target,omitempty"`
+	// Possible values for SourceType are: Repository, Organization
+	SourceType *string `json:"source_type,omitempty"`
+	Source     string  `json:"source"`
+	// Possible values for Enforcement are: disabled, active, evaluate
+	Enforcement  string             `json:"enforcement"`
+	BypassActors []*BypassActor     `json:"bypass_actors,omitempty"`
+	NodeID       *string            `json:"node_id,omitempty"`
+	Links        *RulesetLinks      `json:"_links,omitempty"`
+	Conditions   *RulesetConditions `json:"conditions,omitempty"`
+	Rules        []*RepositoryRule  `json:"rules,omitempty"`
+}
+
+// GetRulesForBranch gets all the rules that apply to the specified branch.
+//
+// GitHub API docs: https://docs.github.com/en/rest/repos/rules#get-rules-for-a-branch
+func (s *RepositoriesService) GetRulesForBranch(ctx context.Context, owner, repo, branch string) ([]*RepositoryRule, *Response, error) {
+	u := fmt.Sprintf("repos/%v/%v/rules/branches/%v", owner, repo, branch)
+
+	req, err := s.client.NewRequest("GET", u, nil)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	var rules []*RepositoryRule
+	resp, err := s.client.Do(ctx, req, &rules)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return rules, resp, nil
+}
+
+// GetAllRulesets gets all the rules that apply to the specified repository.
+// If includesParents is true, rulesets configured at the organization level that apply to the repository will be returned.
+//
+// GitHub API docs: https://docs.github.com/en/rest/repos/rules#get-all-repository-rulesets
+func (s *RepositoriesService) GetAllRulesets(ctx context.Context, owner, repo string, includesParents bool) ([]*Ruleset, *Response, error) {
+	u := fmt.Sprintf("repos/%v/%v/rulesets?includes_parents=%v", owner, repo, includesParents)
+
+	req, err := s.client.NewRequest("GET", u, nil)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	var ruleset []*Ruleset
+	resp, err := s.client.Do(ctx, req, &ruleset)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return ruleset, resp, nil
+}
+
+// CreateRuleset creates a ruleset for the specified repository.
+//
+// GitHub API docs: https://docs.github.com/en/rest/repos/rules#create-a-repository-ruleset
+func (s *RepositoriesService) CreateRuleset(ctx context.Context, owner, repo string, rs *Ruleset) (*Ruleset, *Response, error) {
+	u := fmt.Sprintf("repos/%v/%v/rulesets", owner, repo)
+
+	req, err := s.client.NewRequest("POST", u, rs)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	var ruleset *Ruleset
+	resp, err := s.client.Do(ctx, req, &ruleset)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return ruleset, resp, nil
+}
+
+// GetRuleset gets a ruleset for the specified repository.
+// If includesParents is true, rulesets configured at the organization level that apply to the repository will be returned.
+//
+// GitHub API docs: https://docs.github.com/en/rest/repos/rules#get-a-repository-ruleset
+func (s *RepositoriesService) GetRuleset(ctx context.Context, owner, repo string, rulesetID int64, includesParents bool) (*Ruleset, *Response, error) {
+	u := fmt.Sprintf("repos/%v/%v/rulesets/%v?includes_parents=%v", owner, repo, rulesetID, includesParents)
+
+	req, err := s.client.NewRequest("GET", u, nil)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	var ruleset *Ruleset
+	resp, err := s.client.Do(ctx, req, &ruleset)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return ruleset, resp, nil
+}
+
+// UpdateRuleset updates a ruleset for the specified repository.
+//
+// GitHub API docs: https://docs.github.com/en/rest/repos/rules#update-a-repository-ruleset
+func (s *RepositoriesService) UpdateRuleset(ctx context.Context, owner, repo string, rulesetID int64, rs *Ruleset) (*Ruleset, *Response, error) {
+	u := fmt.Sprintf("repos/%v/%v/rulesets/%v", owner, repo, rulesetID)
+
+	req, err := s.client.NewRequest("PUT", u, rs)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	var ruleset *Ruleset
+	resp, err := s.client.Do(ctx, req, &ruleset)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return ruleset, resp, nil
+}
+
+// DeleteRuleset deletes a ruleset for the specified repository.
+//
+// GitHub API docs: https://docs.github.com/en/rest/repos/rules#delete-a-repository-ruleset
+func (s *RepositoriesService) DeleteRuleset(ctx context.Context, owner, repo string, rulesetID int64) (*Response, error) {
+	u := fmt.Sprintf("repos/%v/%v/rulesets/%v", owner, repo, rulesetID)
+
+	req, err := s.client.NewRequest("DELETE", u, nil)
+	if err != nil {
+		return nil, err
+	}
+
+	return s.client.Do(ctx, req, nil)
+}
diff --git a/vendor/github.com/google/go-github/v50/github/repos_stats.go b/vendor/github.com/google/go-github/v55/github/repos_stats.go
similarity index 100%
rename from vendor/github.com/google/go-github/v50/github/repos_stats.go
rename to vendor/github.com/google/go-github/v55/github/repos_stats.go
diff --git a/vendor/github.com/google/go-github/v50/github/repos_statuses.go b/vendor/github.com/google/go-github/v55/github/repos_statuses.go
similarity index 100%
rename from vendor/github.com/google/go-github/v50/github/repos_statuses.go
rename to vendor/github.com/google/go-github/v55/github/repos_statuses.go
diff --git a/vendor/github.com/google/go-github/v50/github/repos_tags.go b/vendor/github.com/google/go-github/v55/github/repos_tags.go
similarity index 100%
rename from vendor/github.com/google/go-github/v50/github/repos_tags.go
rename to vendor/github.com/google/go-github/v55/github/repos_tags.go
diff --git a/vendor/github.com/google/go-github/v50/github/repos_traffic.go b/vendor/github.com/google/go-github/v55/github/repos_traffic.go
similarity index 100%
rename from vendor/github.com/google/go-github/v50/github/repos_traffic.go
rename to vendor/github.com/google/go-github/v55/github/repos_traffic.go
diff --git a/vendor/github.com/google/go-github/v50/github/scim.go b/vendor/github.com/google/go-github/v55/github/scim.go
similarity index 100%
rename from vendor/github.com/google/go-github/v50/github/scim.go
rename to vendor/github.com/google/go-github/v55/github/scim.go
diff --git a/vendor/github.com/google/go-github/v50/github/search.go b/vendor/github.com/google/go-github/v55/github/search.go
similarity index 100%
rename from vendor/github.com/google/go-github/v50/github/search.go
rename to vendor/github.com/google/go-github/v55/github/search.go
diff --git a/vendor/github.com/google/go-github/v50/github/secret_scanning.go b/vendor/github.com/google/go-github/v55/github/secret_scanning.go
similarity index 91%
rename from vendor/github.com/google/go-github/v50/github/secret_scanning.go
rename to vendor/github.com/google/go-github/v55/github/secret_scanning.go
index d512560d9..b8295cbf7 100644
--- a/vendor/github.com/google/go-github/v50/github/secret_scanning.go
+++ b/vendor/github.com/google/go-github/v55/github/secret_scanning.go
@@ -16,17 +16,19 @@ type SecretScanningService service
 
 // SecretScanningAlert represents a GitHub secret scanning alert.
 type SecretScanningAlert struct {
-	Number       *int       `json:"number,omitempty"`
-	CreatedAt    *Timestamp `json:"created_at,omitempty"`
-	URL          *string    `json:"url,omitempty"`
-	HTMLURL      *string    `json:"html_url,omitempty"`
-	LocationsURL *string    `json:"locations_url,omitempty"`
-	State        *string    `json:"state,omitempty"`
-	Resolution   *string    `json:"resolution,omitempty"`
-	ResolvedAt   *Timestamp `json:"resolved_at,omitempty"`
-	ResolvedBy   *User      `json:"resolved_by,omitempty"`
-	SecretType   *string    `json:"secret_type,omitempty"`
-	Secret       *string    `json:"secret,omitempty"`
+	Number                *int        `json:"number,omitempty"`
+	CreatedAt             *Timestamp  `json:"created_at,omitempty"`
+	URL                   *string     `json:"url,omitempty"`
+	HTMLURL               *string     `json:"html_url,omitempty"`
+	LocationsURL          *string     `json:"locations_url,omitempty"`
+	State                 *string     `json:"state,omitempty"`
+	Resolution            *string     `json:"resolution,omitempty"`
+	ResolvedAt            *Timestamp  `json:"resolved_at,omitempty"`
+	ResolvedBy            *User       `json:"resolved_by,omitempty"`
+	SecretType            *string     `json:"secret_type,omitempty"`
+	SecretTypeDisplayName *string     `json:"secret_type_display_name,omitempty"`
+	Secret                *string     `json:"secret,omitempty"`
+	Repository            *Repository `json:"repository,omitempty"`
 }
 
 // SecretScanningAlertLocation represents the location for a secret scanning alert.
diff --git a/vendor/github.com/google/go-github/v55/github/security_advisories.go b/vendor/github.com/google/go-github/v55/github/security_advisories.go
new file mode 100644
index 000000000..a75fce54d
--- /dev/null
+++ b/vendor/github.com/google/go-github/v55/github/security_advisories.go
@@ -0,0 +1,37 @@
+// Copyright 2023 The go-github AUTHORS. All rights reserved.
+//
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package github
+
+import (
+	"context"
+	"fmt"
+)
+
+type SecurityAdvisoriesService service
+
+// RequestCVE requests a Common Vulnerabilities and Exposures (CVE) for a repository security advisory.
+// The ghsaID is the GitHub Security Advisory identifier of the advisory.
+//
+// GitHub API docs: https://docs.github.com/en/rest/security-advisories/repository-advisories#request-a-cve-for-a-repository-security-advisory
+func (s *SecurityAdvisoriesService) RequestCVE(ctx context.Context, owner, repo, ghsaID string) (*Response, error) {
+	url := fmt.Sprintf("repos/%v/%v/security-advisories/%v/cve", owner, repo, ghsaID)
+
+	req, err := s.client.NewRequest("POST", url, nil)
+	if err != nil {
+		return nil, err
+	}
+
+	resp, err := s.client.Do(ctx, req, nil)
+	if err != nil {
+		if _, ok := err.(*AcceptedError); ok {
+			return resp, nil
+		}
+
+		return resp, err
+	}
+
+	return resp, nil
+}
diff --git a/vendor/github.com/google/go-github/v50/github/strings.go b/vendor/github.com/google/go-github/v55/github/strings.go
similarity index 100%
rename from vendor/github.com/google/go-github/v50/github/strings.go
rename to vendor/github.com/google/go-github/v55/github/strings.go
diff --git a/vendor/github.com/google/go-github/v50/github/teams.go b/vendor/github.com/google/go-github/v55/github/teams.go
similarity index 100%
rename from vendor/github.com/google/go-github/v50/github/teams.go
rename to vendor/github.com/google/go-github/v55/github/teams.go
diff --git a/vendor/github.com/google/go-github/v50/github/teams_discussion_comments.go b/vendor/github.com/google/go-github/v55/github/teams_discussion_comments.go
similarity index 100%
rename from vendor/github.com/google/go-github/v50/github/teams_discussion_comments.go
rename to vendor/github.com/google/go-github/v55/github/teams_discussion_comments.go
diff --git a/vendor/github.com/google/go-github/v50/github/teams_discussions.go b/vendor/github.com/google/go-github/v55/github/teams_discussions.go
similarity index 100%
rename from vendor/github.com/google/go-github/v50/github/teams_discussions.go
rename to vendor/github.com/google/go-github/v55/github/teams_discussions.go
diff --git a/vendor/github.com/google/go-github/v50/github/teams_members.go b/vendor/github.com/google/go-github/v55/github/teams_members.go
similarity index 100%
rename from vendor/github.com/google/go-github/v50/github/teams_members.go
rename to vendor/github.com/google/go-github/v55/github/teams_members.go
diff --git a/vendor/github.com/google/go-github/v50/github/timestamp.go b/vendor/github.com/google/go-github/v55/github/timestamp.go
similarity index 90%
rename from vendor/github.com/google/go-github/v50/github/timestamp.go
rename to vendor/github.com/google/go-github/v55/github/timestamp.go
index 1061a55e6..00c1235e9 100644
--- a/vendor/github.com/google/go-github/v50/github/timestamp.go
+++ b/vendor/github.com/google/go-github/v55/github/timestamp.go
@@ -22,6 +22,14 @@ func (t Timestamp) String() string {
 	return t.Time.String()
 }
 
+// GetTime returns std time.Time.
+func (t *Timestamp) GetTime() *time.Time {
+	if t == nil {
+		return nil
+	}
+	return &t.Time
+}
+
 // UnmarshalJSON implements the json.Unmarshaler interface.
 // Time is expected in RFC3339 or Unix format.
 func (t *Timestamp) UnmarshalJSON(data []byte) (err error) {
diff --git a/vendor/github.com/google/go-github/v50/github/users.go b/vendor/github.com/google/go-github/v55/github/users.go
similarity index 98%
rename from vendor/github.com/google/go-github/v50/github/users.go
rename to vendor/github.com/google/go-github/v55/github/users.go
index d40d23e90..1b0670103 100644
--- a/vendor/github.com/google/go-github/v50/github/users.go
+++ b/vendor/github.com/google/go-github/v55/github/users.go
@@ -41,8 +41,8 @@ type User struct {
 	SuspendedAt             *Timestamp `json:"suspended_at,omitempty"`
 	Type                    *string    `json:"type,omitempty"`
 	SiteAdmin               *bool      `json:"site_admin,omitempty"`
-	TotalPrivateRepos       *int       `json:"total_private_repos,omitempty"`
-	OwnedPrivateRepos       *int       `json:"owned_private_repos,omitempty"`
+	TotalPrivateRepos       *int64     `json:"total_private_repos,omitempty"`
+	OwnedPrivateRepos       *int64     `json:"owned_private_repos,omitempty"`
 	PrivateGists            *int       `json:"private_gists,omitempty"`
 	DiskUsage               *int       `json:"disk_usage,omitempty"`
 	Collaborators           *int       `json:"collaborators,omitempty"`
diff --git a/vendor/github.com/google/go-github/v50/github/users_administration.go b/vendor/github.com/google/go-github/v55/github/users_administration.go
similarity index 100%
rename from vendor/github.com/google/go-github/v50/github/users_administration.go
rename to vendor/github.com/google/go-github/v55/github/users_administration.go
diff --git a/vendor/github.com/google/go-github/v50/github/users_blocking.go b/vendor/github.com/google/go-github/v55/github/users_blocking.go
similarity index 100%
rename from vendor/github.com/google/go-github/v50/github/users_blocking.go
rename to vendor/github.com/google/go-github/v55/github/users_blocking.go
diff --git a/vendor/github.com/google/go-github/v50/github/users_emails.go b/vendor/github.com/google/go-github/v55/github/users_emails.go
similarity index 73%
rename from vendor/github.com/google/go-github/v50/github/users_emails.go
rename to vendor/github.com/google/go-github/v55/github/users_emails.go
index be7e0f819..67bd210e8 100644
--- a/vendor/github.com/google/go-github/v50/github/users_emails.go
+++ b/vendor/github.com/google/go-github/v55/github/users_emails.go
@@ -70,3 +70,28 @@ func (s *UsersService) DeleteEmails(ctx context.Context, emails []string) (*Resp
 
 	return s.client.Do(ctx, req, nil)
 }
+
+// SetEmailVisibility sets the visibility for the primary email address of the authenticated user.
+// `visibility` can be "private" or "public".
+//
+// GitHub API docs: https://docs.github.com/en/rest/users/emails#set-primary-email-visibility-for-the-authenticated-user
+func (s *UsersService) SetEmailVisibility(ctx context.Context, visibility string) ([]*UserEmail, *Response, error) {
+	u := "user/email/visibility"
+
+	updateVisiblilityReq := &UserEmail{
+		Visibility: &visibility,
+	}
+
+	req, err := s.client.NewRequest("PATCH", u, updateVisiblilityReq)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	var e []*UserEmail
+	resp, err := s.client.Do(ctx, req, &e)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return e, resp, nil
+}
diff --git a/vendor/github.com/google/go-github/v50/github/users_followers.go b/vendor/github.com/google/go-github/v55/github/users_followers.go
similarity index 100%
rename from vendor/github.com/google/go-github/v50/github/users_followers.go
rename to vendor/github.com/google/go-github/v55/github/users_followers.go
diff --git a/vendor/github.com/google/go-github/v50/github/users_gpg_keys.go b/vendor/github.com/google/go-github/v55/github/users_gpg_keys.go
similarity index 100%
rename from vendor/github.com/google/go-github/v50/github/users_gpg_keys.go
rename to vendor/github.com/google/go-github/v55/github/users_gpg_keys.go
diff --git a/vendor/github.com/google/go-github/v50/github/users_keys.go b/vendor/github.com/google/go-github/v55/github/users_keys.go
similarity index 96%
rename from vendor/github.com/google/go-github/v50/github/users_keys.go
rename to vendor/github.com/google/go-github/v55/github/users_keys.go
index 59d26cdef..b49b8e4b4 100644
--- a/vendor/github.com/google/go-github/v50/github/users_keys.go
+++ b/vendor/github.com/google/go-github/v55/github/users_keys.go
@@ -19,6 +19,8 @@ type Key struct {
 	ReadOnly  *bool      `json:"read_only,omitempty"`
 	Verified  *bool      `json:"verified,omitempty"`
 	CreatedAt *Timestamp `json:"created_at,omitempty"`
+	AddedBy   *string    `json:"added_by,omitempty"`
+	LastUsed  *Timestamp `json:"last_used,omitempty"`
 }
 
 func (k Key) String() string {
diff --git a/vendor/github.com/google/go-github/v50/github/users_packages.go b/vendor/github.com/google/go-github/v55/github/users_packages.go
similarity index 100%
rename from vendor/github.com/google/go-github/v50/github/users_packages.go
rename to vendor/github.com/google/go-github/v55/github/users_packages.go
diff --git a/vendor/github.com/google/go-github/v50/github/users_projects.go b/vendor/github.com/google/go-github/v55/github/users_projects.go
similarity index 100%
rename from vendor/github.com/google/go-github/v50/github/users_projects.go
rename to vendor/github.com/google/go-github/v55/github/users_projects.go
diff --git a/vendor/github.com/google/go-github/v50/github/users_ssh_signing_keys.go b/vendor/github.com/google/go-github/v55/github/users_ssh_signing_keys.go
similarity index 100%
rename from vendor/github.com/google/go-github/v50/github/users_ssh_signing_keys.go
rename to vendor/github.com/google/go-github/v55/github/users_ssh_signing_keys.go
diff --git a/vendor/github.com/google/go-github/v50/github/with_appengine.go b/vendor/github.com/google/go-github/v55/github/with_appengine.go
similarity index 100%
rename from vendor/github.com/google/go-github/v50/github/with_appengine.go
rename to vendor/github.com/google/go-github/v55/github/with_appengine.go
diff --git a/vendor/github.com/google/go-github/v50/github/without_appengine.go b/vendor/github.com/google/go-github/v55/github/without_appengine.go
similarity index 100%
rename from vendor/github.com/google/go-github/v50/github/without_appengine.go
rename to vendor/github.com/google/go-github/v55/github/without_appengine.go
diff --git a/vendor/github.com/google/pprof/profile/encode.go b/vendor/github.com/google/pprof/profile/encode.go
index c8a1beb8a..182c926b9 100644
--- a/vendor/github.com/google/pprof/profile/encode.go
+++ b/vendor/github.com/google/pprof/profile/encode.go
@@ -258,10 +258,10 @@ func (p *Profile) postDecode() error {
 		// If this a main linux kernel mapping with a relocation symbol suffix
 		// ("[kernel.kallsyms]_text"), extract said suffix.
 		// It is fairly hacky to handle at this level, but the alternatives appear even worse.
-		if strings.HasPrefix(m.File, "[kernel.kallsyms]") {
-			m.KernelRelocationSymbol = strings.ReplaceAll(m.File, "[kernel.kallsyms]", "")
+		const prefix = "[kernel.kallsyms]"
+		if strings.HasPrefix(m.File, prefix) {
+			m.KernelRelocationSymbol = m.File[len(prefix):]
 		}
-
 	}
 
 	functions := make(map[uint64]*Function, len(p.Function))
diff --git a/vendor/github.com/google/pprof/profile/merge.go b/vendor/github.com/google/pprof/profile/merge.go
index 90c5723d7..4b66282cb 100644
--- a/vendor/github.com/google/pprof/profile/merge.go
+++ b/vendor/github.com/google/pprof/profile/merge.go
@@ -566,3 +566,102 @@ func (lm locationIDMap) set(id uint64, loc *Location) {
 	}
 	lm.sparse[id] = loc
 }
+
+// CompatibilizeSampleTypes makes profiles compatible to be compared/merged. It
+// keeps sample types that appear in all profiles only and drops/reorders the
+// sample types as necessary.
+//
+// In the case of sample types order is not the same for given profiles the
+// order is derived from the first profile.
+//
+// Profiles are modified in-place.
+//
+// It returns an error if the sample type's intersection is empty.
+func CompatibilizeSampleTypes(ps []*Profile) error {
+	sTypes := commonSampleTypes(ps)
+	if len(sTypes) == 0 {
+		return fmt.Errorf("profiles have empty common sample type list")
+	}
+	for _, p := range ps {
+		if err := compatibilizeSampleTypes(p, sTypes); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+// commonSampleTypes returns sample types that appear in all profiles in the
+// order how they ordered in the first profile.
+func commonSampleTypes(ps []*Profile) []string {
+	if len(ps) == 0 {
+		return nil
+	}
+	sTypes := map[string]int{}
+	for _, p := range ps {
+		for _, st := range p.SampleType {
+			sTypes[st.Type]++
+		}
+	}
+	var res []string
+	for _, st := range ps[0].SampleType {
+		if sTypes[st.Type] == len(ps) {
+			res = append(res, st.Type)
+		}
+	}
+	return res
+}
+
+// compatibilizeSampleTypes drops sample types that are not present in sTypes
+// list and reorder them if needed.
+//
+// It sets DefaultSampleType to sType[0] if it is not in sType list.
+//
+// It assumes that all sample types from the sTypes list are present in the
+// given profile otherwise it returns an error.
+func compatibilizeSampleTypes(p *Profile, sTypes []string) error {
+	if len(sTypes) == 0 {
+		return fmt.Errorf("sample type list is empty")
+	}
+	defaultSampleType := sTypes[0]
+	reMap, needToModify := make([]int, len(sTypes)), false
+	for i, st := range sTypes {
+		if st == p.DefaultSampleType {
+			defaultSampleType = p.DefaultSampleType
+		}
+		idx := searchValueType(p.SampleType, st)
+		if idx < 0 {
+			return fmt.Errorf("%q sample type is not found in profile", st)
+		}
+		reMap[i] = idx
+		if idx != i {
+			needToModify = true
+		}
+	}
+	if !needToModify && len(sTypes) == len(p.SampleType) {
+		return nil
+	}
+	p.DefaultSampleType = defaultSampleType
+	oldSampleTypes := p.SampleType
+	p.SampleType = make([]*ValueType, len(sTypes))
+	for i, idx := range reMap {
+		p.SampleType[i] = oldSampleTypes[idx]
+	}
+	values := make([]int64, len(sTypes))
+	for _, s := range p.Sample {
+		for i, idx := range reMap {
+			values[i] = s.Value[idx]
+		}
+		s.Value = s.Value[:len(values)]
+		copy(s.Value, values)
+	}
+	return nil
+}
+
+func searchValueType(vts []*ValueType, s string) int {
+	for i, vt := range vts {
+		if vt.Type == s {
+			return i
+		}
+	}
+	return -1
+}
diff --git a/vendor/github.com/google/pprof/profile/profile.go b/vendor/github.com/google/pprof/profile/profile.go
index 4ec00fe7d..60ef7e926 100644
--- a/vendor/github.com/google/pprof/profile/profile.go
+++ b/vendor/github.com/google/pprof/profile/profile.go
@@ -72,9 +72,23 @@ type ValueType struct {
 type Sample struct {
 	Location []*Location
 	Value    []int64
-	Label    map[string][]string
+	// Label is a per-label-key map to values for string labels.
+	//
+	// In general, having multiple values for the given label key is strongly
+	// discouraged - see docs for the sample label field in profile.proto.  The
+	// main reason this unlikely state is tracked here is to make the
+	// decoding->encoding roundtrip not lossy. But we expect that the value
+	// slices present in this map are always of length 1.
+	Label map[string][]string
+	// NumLabel is a per-label-key map to values for numeric labels. See a note
+	// above on handling multiple values for a label.
 	NumLabel map[string][]int64
-	NumUnit  map[string][]string
+	// NumUnit is a per-label-key map to the unit names of corresponding numeric
+	// label values. The unit info may be missing even if the label is in
+	// NumLabel, see the docs in profile.proto for details. When the value is
+	// slice is present and not nil, its length must be equal to the length of
+	// the corresponding value slice in NumLabel.
+	NumUnit map[string][]string
 
 	locationIDX []uint64
 	labelX      []label
@@ -715,6 +729,35 @@ func (s *Sample) HasLabel(key, value string) bool {
 	return false
 }
 
+// SetNumLabel sets the specified key to the specified value for all samples in the
+// profile. "unit" is a slice that describes the units that each corresponding member
+// of "values" is measured in (e.g. bytes or seconds).  If there is no relevant
+// unit for a given value, that member of "unit" should be the empty string.
+// "unit" must either have the same length as "value", or be nil.
+func (p *Profile) SetNumLabel(key string, value []int64, unit []string) {
+	for _, sample := range p.Sample {
+		if sample.NumLabel == nil {
+			sample.NumLabel = map[string][]int64{key: value}
+		} else {
+			sample.NumLabel[key] = value
+		}
+		if sample.NumUnit == nil {
+			sample.NumUnit = map[string][]string{key: unit}
+		} else {
+			sample.NumUnit[key] = unit
+		}
+	}
+}
+
+// RemoveNumLabel removes all numerical labels associated with the specified key for all
+// samples in the profile.
+func (p *Profile) RemoveNumLabel(key string) {
+	for _, sample := range p.Sample {
+		delete(sample.NumLabel, key)
+		delete(sample.NumUnit, key)
+	}
+}
+
 // DiffBaseSample returns true if a sample belongs to the diff base and false
 // otherwise.
 func (s *Sample) DiffBaseSample() bool {
diff --git a/vendor/github.com/google/s2a-go/README.md b/vendor/github.com/google/s2a-go/README.md
index d566950f3..fe0f5c1da 100644
--- a/vendor/github.com/google/s2a-go/README.md
+++ b/vendor/github.com/google/s2a-go/README.md
@@ -10,8 +10,5 @@ Session Agent during the TLS handshake, and to encrypt traffic to the peer
 after the TLS handshake is complete.
 
 This repository contains the source code for the Secure Session Agent's Go
-client libraries, which allow gRPC-Go applications to use the Secure Session
-Agent. This repository supports the Bazel and Golang build systems.
-
-All code in this repository is experimental and subject to change. We do not
-guarantee API stability at this time.
+client libraries, which allow gRPC and HTTP Go applications to use the Secure Session
+Agent.
diff --git a/vendor/github.com/google/s2a-go/internal/handshaker/service/service.go b/vendor/github.com/google/s2a-go/internal/handshaker/service/service.go
index 49573af88..ed4496537 100644
--- a/vendor/github.com/google/s2a-go/internal/handshaker/service/service.go
+++ b/vendor/github.com/google/s2a-go/internal/handshaker/service/service.go
@@ -21,50 +21,27 @@ package service
 
 import (
 	"context"
-	"net"
-	"os"
-	"strings"
 	"sync"
-	"time"
 
-	"google.golang.org/appengine"
-	"google.golang.org/appengine/socket"
 	grpc "google.golang.org/grpc"
-	"google.golang.org/grpc/grpclog"
+	"google.golang.org/grpc/credentials"
+	"google.golang.org/grpc/credentials/insecure"
 )
 
-// An environment variable, if true, opportunistically use AppEngine-specific dialer to call S2A.
-const enableAppEngineDialerEnv = "S2A_ENABLE_APP_ENGINE_DIALER"
-
 var (
-	// appEngineDialerHook is an AppEngine-specific dial option that is set
-	// during init time. If nil, then the application is not running on Google
-	// AppEngine.
-	appEngineDialerHook func(context.Context) grpc.DialOption
 	// mu guards hsConnMap and hsDialer.
 	mu sync.Mutex
 	// hsConnMap represents a mapping from an S2A handshaker service address
 	// to a corresponding connection to an S2A handshaker service instance.
 	hsConnMap = make(map[string]*grpc.ClientConn)
 	// hsDialer will be reassigned in tests.
-	hsDialer = grpc.Dial
+	hsDialer = grpc.DialContext
 )
 
-func init() {
-	if !appengine.IsAppEngine() && !appengine.IsDevAppServer() {
-		return
-	}
-	appEngineDialerHook = func(ctx context.Context) grpc.DialOption {
-		return grpc.WithDialer(func(addr string, timeout time.Duration) (net.Conn, error) {
-			return socket.DialTimeout(ctx, "tcp", addr, timeout)
-		})
-	}
-}
-
 // Dial dials the S2A handshaker service. If a connection has already been
 // established, this function returns it. Otherwise, a new connection is
 // created.
-func Dial(handshakerServiceAddress string) (*grpc.ClientConn, error) {
+func Dial(ctx context.Context, handshakerServiceAddress string, transportCreds credentials.TransportCredentials) (*grpc.ClientConn, error) {
 	mu.Lock()
 	defer mu.Unlock()
 
@@ -72,17 +49,14 @@ func Dial(handshakerServiceAddress string) (*grpc.ClientConn, error) {
 	if !ok {
 		// Create a new connection to the S2A handshaker service. Note that
 		// this connection stays open until the application is closed.
-		grpcOpts := []grpc.DialOption{
-			grpc.WithInsecure(),
-		}
-		if enableAppEngineDialer() && appEngineDialerHook != nil {
-			if grpclog.V(1) {
-				grpclog.Info("Using AppEngine-specific dialer to talk to S2A.")
-			}
-			grpcOpts = append(grpcOpts, appEngineDialerHook(context.Background()))
+		var grpcOpts []grpc.DialOption
+		if transportCreds != nil {
+			grpcOpts = append(grpcOpts, grpc.WithTransportCredentials(transportCreds))
+		} else {
+			grpcOpts = append(grpcOpts, grpc.WithTransportCredentials(insecure.NewCredentials()))
 		}
 		var err error
-		hsConn, err = hsDialer(handshakerServiceAddress, grpcOpts...)
+		hsConn, err = hsDialer(ctx, handshakerServiceAddress, grpcOpts...)
 		if err != nil {
 			return nil, err
 		}
@@ -90,10 +64,3 @@ func Dial(handshakerServiceAddress string) (*grpc.ClientConn, error) {
 	}
 	return hsConn, nil
 }
-
-func enableAppEngineDialer() bool {
-	if strings.ToLower(os.Getenv(enableAppEngineDialerEnv)) == "true" {
-		return true
-	}
-	return false
-}
diff --git a/vendor/github.com/google/s2a-go/internal/record/ticketsender.go b/vendor/github.com/google/s2a-go/internal/record/ticketsender.go
index 33fa3c55d..e51199ab3 100644
--- a/vendor/github.com/google/s2a-go/internal/record/ticketsender.go
+++ b/vendor/github.com/google/s2a-go/internal/record/ticketsender.go
@@ -83,13 +83,15 @@ func (t *ticketSender) sendTicketsToS2A(sessionTickets [][]byte, callComplete ch
 					t.ensureProcessSessionTickets.Done()
 				}
 			}()
-			hsConn, err := service.Dial(t.hsAddr)
+			ctx, cancel := context.WithTimeout(context.Background(), sessionTimeout)
+			defer cancel()
+			// The transportCreds only needs to be set when talking to S2AV2 and also
+			// if mTLS is required.
+			hsConn, err := service.Dial(ctx, t.hsAddr, nil)
 			if err != nil {
 				return err
 			}
 			client := s2apb.NewS2AServiceClient(hsConn)
-			ctx, cancel := context.WithTimeout(context.Background(), sessionTimeout)
-			defer cancel()
 			session, err := client.SetUpSession(ctx)
 			if err != nil {
 				return err
diff --git a/vendor/github.com/google/s2a-go/internal/v2/s2av2.go b/vendor/github.com/google/s2a-go/internal/v2/s2av2.go
index ff172883f..85a8379d8 100644
--- a/vendor/github.com/google/s2a-go/internal/v2/s2av2.go
+++ b/vendor/github.com/google/s2a-go/internal/v2/s2av2.go
@@ -33,6 +33,7 @@ import (
 	"github.com/google/s2a-go/internal/handshaker/service"
 	"github.com/google/s2a-go/internal/tokenmanager"
 	"github.com/google/s2a-go/internal/v2/tlsconfigstore"
+	"github.com/google/s2a-go/retry"
 	"github.com/google/s2a-go/stream"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/credentials"
@@ -44,18 +45,19 @@ import (
 
 const (
 	s2aSecurityProtocol = "tls"
-	defaultS2ATimeout   = 3 * time.Second
+	defaultS2ATimeout   = 6 * time.Second
 )
 
 // An environment variable, which sets the timeout enforced on the connection to the S2A service for handshake.
 const s2aTimeoutEnv = "S2A_TIMEOUT"
 
 type s2av2TransportCreds struct {
-	info         *credentials.ProtocolInfo
-	isClient     bool
-	serverName   string
-	s2av2Address string
-	tokenManager *tokenmanager.AccessTokenManager
+	info           *credentials.ProtocolInfo
+	isClient       bool
+	serverName     string
+	s2av2Address   string
+	transportCreds credentials.TransportCredentials
+	tokenManager   *tokenmanager.AccessTokenManager
 	// localIdentity should only be used by the client.
 	localIdentity *commonpbv1.Identity
 	// localIdentities should only be used by the server.
@@ -68,7 +70,7 @@ type s2av2TransportCreds struct {
 
 // NewClientCreds returns a client-side transport credentials object that uses
 // the S2Av2 to establish a secure connection with a server.
-func NewClientCreds(s2av2Address string, localIdentity *commonpbv1.Identity, verificationMode s2av2pb.ValidatePeerCertificateChainReq_VerificationMode, fallbackClientHandshakeFunc fallback.ClientHandshake, getS2AStream func(ctx context.Context, s2av2Address string) (stream.S2AStream, error), serverAuthorizationPolicy []byte) (credentials.TransportCredentials, error) {
+func NewClientCreds(s2av2Address string, transportCreds credentials.TransportCredentials, localIdentity *commonpbv1.Identity, verificationMode s2av2pb.ValidatePeerCertificateChainReq_VerificationMode, fallbackClientHandshakeFunc fallback.ClientHandshake, getS2AStream func(ctx context.Context, s2av2Address string) (stream.S2AStream, error), serverAuthorizationPolicy []byte) (credentials.TransportCredentials, error) {
 	// Create an AccessTokenManager instance to use to authenticate to S2Av2.
 	accessTokenManager, err := tokenmanager.NewSingleTokenAccessTokenManager()
 
@@ -79,6 +81,7 @@ func NewClientCreds(s2av2Address string, localIdentity *commonpbv1.Identity, ver
 		isClient:                  true,
 		serverName:                "",
 		s2av2Address:              s2av2Address,
+		transportCreds:            transportCreds,
 		localIdentity:             localIdentity,
 		verificationMode:          verificationMode,
 		fallbackClientHandshake:   fallbackClientHandshakeFunc,
@@ -98,7 +101,7 @@ func NewClientCreds(s2av2Address string, localIdentity *commonpbv1.Identity, ver
 
 // NewServerCreds returns a server-side transport credentials object that uses
 // the S2Av2 to establish a secure connection with a client.
-func NewServerCreds(s2av2Address string, localIdentities []*commonpbv1.Identity, verificationMode s2av2pb.ValidatePeerCertificateChainReq_VerificationMode, getS2AStream func(ctx context.Context, s2av2Address string) (stream.S2AStream, error)) (credentials.TransportCredentials, error) {
+func NewServerCreds(s2av2Address string, transportCreds credentials.TransportCredentials, localIdentities []*commonpbv1.Identity, verificationMode s2av2pb.ValidatePeerCertificateChainReq_VerificationMode, getS2AStream func(ctx context.Context, s2av2Address string) (stream.S2AStream, error)) (credentials.TransportCredentials, error) {
 	// Create an AccessTokenManager instance to use to authenticate to S2Av2.
 	accessTokenManager, err := tokenmanager.NewSingleTokenAccessTokenManager()
 	creds := &s2av2TransportCreds{
@@ -107,6 +110,7 @@ func NewServerCreds(s2av2Address string, localIdentities []*commonpbv1.Identity,
 		},
 		isClient:         false,
 		s2av2Address:     s2av2Address,
+		transportCreds:   transportCreds,
 		localIdentities:  localIdentities,
 		verificationMode: verificationMode,
 		getS2AStream:     getS2AStream,
@@ -131,7 +135,13 @@ func (c *s2av2TransportCreds) ClientHandshake(ctx context.Context, serverAuthori
 	serverName := removeServerNamePort(serverAuthority)
 	timeoutCtx, cancel := context.WithTimeout(ctx, GetS2ATimeout())
 	defer cancel()
-	s2AStream, err := createStream(timeoutCtx, c.s2av2Address, c.getS2AStream)
+	var s2AStream stream.S2AStream
+	var err error
+	retry.Run(timeoutCtx,
+		func() error {
+			s2AStream, err = createStream(timeoutCtx, c.s2av2Address, c.transportCreds, c.getS2AStream)
+			return err
+		})
 	if err != nil {
 		grpclog.Infof("Failed to connect to S2Av2: %v", err)
 		if c.fallbackClientHandshake != nil {
@@ -152,31 +162,34 @@ func (c *s2av2TransportCreds) ClientHandshake(ctx context.Context, serverAuthori
 		tokenManager = *c.tokenManager
 	}
 
-	if c.serverName == "" {
-		config, err = tlsconfigstore.GetTLSConfigurationForClient(serverName, s2AStream, tokenManager, c.localIdentity, c.verificationMode, c.serverAuthorizationPolicy)
-		if err != nil {
-			grpclog.Info("Failed to get client TLS config from S2Av2: %v", err)
-			if c.fallbackClientHandshake != nil {
-				return c.fallbackClientHandshake(ctx, serverAuthority, rawConn, err)
-			}
-			return nil, nil, err
-		}
-	} else {
-		config, err = tlsconfigstore.GetTLSConfigurationForClient(c.serverName, s2AStream, tokenManager, c.localIdentity, c.verificationMode, c.serverAuthorizationPolicy)
-		if err != nil {
-			grpclog.Info("Failed to get client TLS config from S2Av2: %v", err)
-			if c.fallbackClientHandshake != nil {
-				return c.fallbackClientHandshake(ctx, serverAuthority, rawConn, err)
-			}
-			return nil, nil, err
+	sn := serverName
+	if c.serverName != "" {
+		sn = c.serverName
+	}
+	retry.Run(timeoutCtx,
+		func() error {
+			config, err = tlsconfigstore.GetTLSConfigurationForClient(sn, s2AStream, tokenManager, c.localIdentity, c.verificationMode, c.serverAuthorizationPolicy)
+			return err
+		})
+	if err != nil {
+		grpclog.Info("Failed to get client TLS config from S2Av2: %v", err)
+		if c.fallbackClientHandshake != nil {
+			return c.fallbackClientHandshake(ctx, serverAuthority, rawConn, err)
 		}
+		return nil, nil, err
 	}
 	if grpclog.V(1) {
 		grpclog.Infof("Got client TLS config from S2Av2.")
 	}
-	creds := credentials.NewTLS(config)
 
-	conn, authInfo, err := creds.ClientHandshake(ctx, serverName, rawConn)
+	creds := credentials.NewTLS(config)
+	var conn net.Conn
+	var authInfo credentials.AuthInfo
+	retry.Run(timeoutCtx,
+		func() error {
+			conn, authInfo, err = creds.ClientHandshake(timeoutCtx, serverName, rawConn)
+			return err
+		})
 	if err != nil {
 		grpclog.Infof("Failed to do client handshake using S2Av2: %v", err)
 		if c.fallbackClientHandshake != nil {
@@ -196,7 +209,13 @@ func (c *s2av2TransportCreds) ServerHandshake(rawConn net.Conn) (net.Conn, crede
 	}
 	ctx, cancel := context.WithTimeout(context.Background(), GetS2ATimeout())
 	defer cancel()
-	s2AStream, err := createStream(ctx, c.s2av2Address, c.getS2AStream)
+	var s2AStream stream.S2AStream
+	var err error
+	retry.Run(ctx,
+		func() error {
+			s2AStream, err = createStream(ctx, c.s2av2Address, c.transportCreds, c.getS2AStream)
+			return err
+		})
 	if err != nil {
 		grpclog.Infof("Failed to connect to S2Av2: %v", err)
 		return nil, nil, err
@@ -213,7 +232,12 @@ func (c *s2av2TransportCreds) ServerHandshake(rawConn net.Conn) (net.Conn, crede
 		tokenManager = *c.tokenManager
 	}
 
-	config, err := tlsconfigstore.GetTLSConfigurationForServer(s2AStream, tokenManager, c.localIdentities, c.verificationMode)
+	var config *tls.Config
+	retry.Run(ctx,
+		func() error {
+			config, err = tlsconfigstore.GetTLSConfigurationForServer(s2AStream, tokenManager, c.localIdentities, c.verificationMode)
+			return err
+		})
 	if err != nil {
 		grpclog.Infof("Failed to get server TLS config from S2Av2: %v", err)
 		return nil, nil, err
@@ -221,8 +245,20 @@ func (c *s2av2TransportCreds) ServerHandshake(rawConn net.Conn) (net.Conn, crede
 	if grpclog.V(1) {
 		grpclog.Infof("Got server TLS config from S2Av2.")
 	}
+
 	creds := credentials.NewTLS(config)
-	return creds.ServerHandshake(rawConn)
+	var conn net.Conn
+	var authInfo credentials.AuthInfo
+	retry.Run(ctx,
+		func() error {
+			conn, authInfo, err = creds.ServerHandshake(rawConn)
+			return err
+		})
+	if err != nil {
+		grpclog.Infof("Failed to do server handshake using S2Av2: %v", err)
+		return nil, nil, err
+	}
+	return conn, authInfo, err
 }
 
 // Info returns protocol info of s2av2TransportCreds.
@@ -278,11 +314,12 @@ func (c *s2av2TransportCreds) Clone() credentials.TransportCredentials {
 func NewClientTLSConfig(
 	ctx context.Context,
 	s2av2Address string,
+	transportCreds credentials.TransportCredentials,
 	tokenManager tokenmanager.AccessTokenManager,
 	verificationMode s2av2pb.ValidatePeerCertificateChainReq_VerificationMode,
 	serverName string,
 	serverAuthorizationPolicy []byte) (*tls.Config, error) {
-	s2AStream, err := createStream(ctx, s2av2Address, nil)
+	s2AStream, err := createStream(ctx, s2av2Address, transportCreds, nil)
 	if err != nil {
 		grpclog.Infof("Failed to connect to S2Av2: %v", err)
 		return nil, err
@@ -325,12 +362,12 @@ func (x s2AGrpcStream) CloseSend() error {
 	return x.stream.CloseSend()
 }
 
-func createStream(ctx context.Context, s2av2Address string, getS2AStream func(ctx context.Context, s2av2Address string) (stream.S2AStream, error)) (stream.S2AStream, error) {
+func createStream(ctx context.Context, s2av2Address string, transportCreds credentials.TransportCredentials, getS2AStream func(ctx context.Context, s2av2Address string) (stream.S2AStream, error)) (stream.S2AStream, error) {
 	if getS2AStream != nil {
 		return getS2AStream(ctx, s2av2Address)
 	}
 	// TODO(rmehta19): Consider whether to close the connection to S2Av2.
-	conn, err := service.Dial(s2av2Address)
+	conn, err := service.Dial(ctx, s2av2Address, transportCreds)
 	if err != nil {
 		return nil, err
 	}
diff --git a/vendor/github.com/google/s2a-go/retry/retry.go b/vendor/github.com/google/s2a-go/retry/retry.go
new file mode 100644
index 000000000..f7e0a2377
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/retry/retry.go
@@ -0,0 +1,144 @@
+/*
+ *
+ * Copyright 2023 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+// Package retry provides a retry helper for talking to S2A gRPC server.
+// The implementation is modeled after
+// https://github.com/googleapis/google-cloud-go/blob/main/compute/metadata/retry.go
+package retry
+
+import (
+	"context"
+	"math/rand"
+	"time"
+
+	"google.golang.org/grpc/grpclog"
+)
+
+const (
+	maxRetryAttempts = 5
+	maxRetryForLoops = 10
+)
+
+type defaultBackoff struct {
+	max time.Duration
+	mul float64
+	cur time.Duration
+}
+
+// Pause returns a duration, which is used as the backoff wait time
+// before the next retry.
+func (b *defaultBackoff) Pause() time.Duration {
+	d := time.Duration(1 + rand.Int63n(int64(b.cur)))
+	b.cur = time.Duration(float64(b.cur) * b.mul)
+	if b.cur > b.max {
+		b.cur = b.max
+	}
+	return d
+}
+
+// Sleep will wait for the specified duration or return on context
+// expiration.
+func Sleep(ctx context.Context, d time.Duration) error {
+	t := time.NewTimer(d)
+	select {
+	case <-ctx.Done():
+		t.Stop()
+		return ctx.Err()
+	case <-t.C:
+		return nil
+	}
+}
+
+// NewRetryer creates an instance of S2ARetryer using the defaultBackoff
+// implementation.
+var NewRetryer = func() *S2ARetryer {
+	return &S2ARetryer{bo: &defaultBackoff{
+		cur: 100 * time.Millisecond,
+		max: 30 * time.Second,
+		mul: 2,
+	}}
+}
+
+type backoff interface {
+	Pause() time.Duration
+}
+
+// S2ARetryer implements a retry helper for talking to S2A gRPC server.
+type S2ARetryer struct {
+	bo       backoff
+	attempts int
+}
+
+// Attempts return the number of retries attempted.
+func (r *S2ARetryer) Attempts() int {
+	return r.attempts
+}
+
+// Retry returns a boolean indicating whether retry should be performed
+// and the backoff duration.
+func (r *S2ARetryer) Retry(err error) (time.Duration, bool) {
+	if err == nil {
+		return 0, false
+	}
+	if r.attempts >= maxRetryAttempts {
+		return 0, false
+	}
+	r.attempts++
+	return r.bo.Pause(), true
+}
+
+// Run uses S2ARetryer to execute the function passed in, until success or reaching
+// max number of retry attempts.
+func Run(ctx context.Context, f func() error) {
+	retryer := NewRetryer()
+	forLoopCnt := 0
+	var err error
+	for {
+		err = f()
+		if bo, shouldRetry := retryer.Retry(err); shouldRetry {
+			if grpclog.V(1) {
+				grpclog.Infof("will attempt retry: %v", err)
+			}
+			if ctx.Err() != nil {
+				if grpclog.V(1) {
+					grpclog.Infof("exit retry loop due to context error: %v", ctx.Err())
+				}
+				break
+			}
+			if errSleep := Sleep(ctx, bo); errSleep != nil {
+				if grpclog.V(1) {
+					grpclog.Infof("exit retry loop due to sleep error: %v", errSleep)
+				}
+				break
+			}
+			// This shouldn't happen, just make sure we are not stuck in the for loops.
+			forLoopCnt++
+			if forLoopCnt > maxRetryForLoops {
+				if grpclog.V(1) {
+					grpclog.Infof("exit the for loop after too many retries")
+				}
+				break
+			}
+			continue
+		}
+		if grpclog.V(1) {
+			grpclog.Infof("retry conditions not met, exit the loop")
+		}
+		break
+	}
+}
diff --git a/vendor/github.com/google/s2a-go/s2a.go b/vendor/github.com/google/s2a-go/s2a.go
index 1c1349de4..5ecb06f93 100644
--- a/vendor/github.com/google/s2a-go/s2a.go
+++ b/vendor/github.com/google/s2a-go/s2a.go
@@ -35,6 +35,7 @@ import (
 	"github.com/google/s2a-go/internal/handshaker/service"
 	"github.com/google/s2a-go/internal/tokenmanager"
 	"github.com/google/s2a-go/internal/v2"
+	"github.com/google/s2a-go/retry"
 	"google.golang.org/grpc/credentials"
 	"google.golang.org/grpc/grpclog"
 
@@ -111,7 +112,7 @@ func NewClientCreds(opts *ClientOptions) (credentials.TransportCredentials, erro
 	if opts.FallbackOpts != nil && opts.FallbackOpts.FallbackClientHandshakeFunc != nil {
 		fallbackFunc = opts.FallbackOpts.FallbackClientHandshakeFunc
 	}
-	return v2.NewClientCreds(opts.S2AAddress, localIdentity, verificationMode, fallbackFunc, opts.getS2AStream, opts.serverAuthorizationPolicy)
+	return v2.NewClientCreds(opts.S2AAddress, opts.TransportCreds, localIdentity, verificationMode, fallbackFunc, opts.getS2AStream, opts.serverAuthorizationPolicy)
 }
 
 // NewServerCreds returns a server-side transport credentials object that uses
@@ -146,7 +147,7 @@ func NewServerCreds(opts *ServerOptions) (credentials.TransportCredentials, erro
 		}, nil
 	}
 	verificationMode := getVerificationMode(opts.VerificationMode)
-	return v2.NewServerCreds(opts.S2AAddress, localIdentities, verificationMode, opts.getS2AStream)
+	return v2.NewServerCreds(opts.S2AAddress, opts.TransportCreds, localIdentities, verificationMode, opts.getS2AStream)
 }
 
 // ClientHandshake initiates a client-side TLS handshake using the S2A.
@@ -155,17 +156,17 @@ func (c *s2aTransportCreds) ClientHandshake(ctx context.Context, serverAuthority
 		return nil, nil, errors.New("client handshake called using server transport credentials")
 	}
 
+	var cancel context.CancelFunc
+	ctx, cancel = context.WithCancel(ctx)
+	defer cancel()
+
 	// Connect to the S2A.
-	hsConn, err := service.Dial(c.s2aAddr)
+	hsConn, err := service.Dial(ctx, c.s2aAddr, nil)
 	if err != nil {
 		grpclog.Infof("Failed to connect to S2A: %v", err)
 		return nil, nil, err
 	}
 
-	var cancel context.CancelFunc
-	ctx, cancel = context.WithCancel(ctx)
-	defer cancel()
-
 	opts := &handshaker.ClientHandshakerOptions{
 		MinTLSVersion:               c.minTLSVersion,
 		MaxTLSVersion:               c.maxTLSVersion,
@@ -203,16 +204,16 @@ func (c *s2aTransportCreds) ServerHandshake(rawConn net.Conn) (net.Conn, credent
 		return nil, nil, errors.New("server handshake called using client transport credentials")
 	}
 
+	ctx, cancel := context.WithTimeout(context.Background(), defaultTimeout)
+	defer cancel()
+
 	// Connect to the S2A.
-	hsConn, err := service.Dial(c.s2aAddr)
+	hsConn, err := service.Dial(ctx, c.s2aAddr, nil)
 	if err != nil {
 		grpclog.Infof("Failed to connect to S2A: %v", err)
 		return nil, nil, err
 	}
 
-	ctx, cancel := context.WithTimeout(context.Background(), defaultTimeout)
-	defer cancel()
-
 	opts := &handshaker.ServerHandshakerOptions{
 		MinTLSVersion:   c.minTLSVersion,
 		MaxTLSVersion:   c.maxTLSVersion,
@@ -312,6 +313,7 @@ func NewTLSClientConfigFactory(opts *ClientOptions) (TLSClientConfigFactory, err
 		grpclog.Infof("Access token manager not initialized: %v", err)
 		return &s2aTLSClientConfigFactory{
 			s2av2Address:              opts.S2AAddress,
+			transportCreds:            opts.TransportCreds,
 			tokenManager:              nil,
 			verificationMode:          getVerificationMode(opts.VerificationMode),
 			serverAuthorizationPolicy: opts.serverAuthorizationPolicy,
@@ -319,6 +321,7 @@ func NewTLSClientConfigFactory(opts *ClientOptions) (TLSClientConfigFactory, err
 	}
 	return &s2aTLSClientConfigFactory{
 		s2av2Address:              opts.S2AAddress,
+		transportCreds:            opts.TransportCreds,
 		tokenManager:              tokenManager,
 		verificationMode:          getVerificationMode(opts.VerificationMode),
 		serverAuthorizationPolicy: opts.serverAuthorizationPolicy,
@@ -327,6 +330,7 @@ func NewTLSClientConfigFactory(opts *ClientOptions) (TLSClientConfigFactory, err
 
 type s2aTLSClientConfigFactory struct {
 	s2av2Address              string
+	transportCreds            credentials.TransportCredentials
 	tokenManager              tokenmanager.AccessTokenManager
 	verificationMode          s2av2pb.ValidatePeerCertificateChainReq_VerificationMode
 	serverAuthorizationPolicy []byte
@@ -338,7 +342,7 @@ func (f *s2aTLSClientConfigFactory) Build(
 	if opts != nil && opts.ServerName != "" {
 		serverName = opts.ServerName
 	}
-	return v2.NewClientTLSConfig(ctx, f.s2av2Address, f.tokenManager, f.verificationMode, serverName, f.serverAuthorizationPolicy)
+	return v2.NewClientTLSConfig(ctx, f.s2av2Address, f.transportCreds, f.tokenManager, f.verificationMode, serverName, f.serverAuthorizationPolicy)
 }
 
 func getVerificationMode(verificationMode VerificationModeType) s2av2pb.ValidatePeerCertificateChainReq_VerificationMode {
@@ -390,9 +394,15 @@ func NewS2ADialTLSContextFunc(opts *ClientOptions) func(ctx context.Context, net
 		}
 		timeoutCtx, cancel := context.WithTimeout(ctx, v2.GetS2ATimeout())
 		defer cancel()
-		s2aTLSConfig, err := factory.Build(timeoutCtx, &TLSClientConfigOptions{
-			ServerName: serverName,
-		})
+
+		var s2aTLSConfig *tls.Config
+		retry.Run(timeoutCtx,
+			func() error {
+				s2aTLSConfig, err = factory.Build(timeoutCtx, &TLSClientConfigOptions{
+					ServerName: serverName,
+				})
+				return err
+			})
 		if err != nil {
 			grpclog.Infof("error building S2A TLS config: %v", err)
 			return fallback(err)
@@ -401,7 +411,12 @@ func NewS2ADialTLSContextFunc(opts *ClientOptions) func(ctx context.Context, net
 		s2aDialer := &tls.Dialer{
 			Config: s2aTLSConfig,
 		}
-		c, err := s2aDialer.DialContext(ctx, network, addr)
+		var c net.Conn
+		retry.Run(timeoutCtx,
+			func() error {
+				c, err = s2aDialer.DialContext(timeoutCtx, network, addr)
+				return err
+			})
 		if err != nil {
 			grpclog.Infof("error dialing with S2A to %s: %v", addr, err)
 			return fallback(err)
diff --git a/vendor/github.com/google/s2a-go/s2a_options.go b/vendor/github.com/google/s2a-go/s2a_options.go
index 94feafb9c..fcdbc1621 100644
--- a/vendor/github.com/google/s2a-go/s2a_options.go
+++ b/vendor/github.com/google/s2a-go/s2a_options.go
@@ -26,6 +26,7 @@ import (
 
 	"github.com/google/s2a-go/fallback"
 	"github.com/google/s2a-go/stream"
+	"google.golang.org/grpc/credentials"
 
 	s2apb "github.com/google/s2a-go/internal/proto/common_go_proto"
 )
@@ -92,6 +93,9 @@ type ClientOptions struct {
 	LocalIdentity Identity
 	// S2AAddress is the address of the S2A.
 	S2AAddress string
+	// Optional transport credentials.
+	// If set, this will be used for the gRPC connection to the S2A server.
+	TransportCreds credentials.TransportCredentials
 	// EnsureProcessSessionTickets waits for all session tickets to be sent to
 	// S2A before a process completes.
 	//
@@ -173,6 +177,9 @@ type ServerOptions struct {
 	LocalIdentities []Identity
 	// S2AAddress is the address of the S2A.
 	S2AAddress string
+	// Optional transport credentials.
+	// If set, this will be used for the gRPC connection to the S2A server.
+	TransportCreds credentials.TransportCredentials
 	// If true, enables the use of legacy S2Av1.
 	EnableLegacyMode bool
 	// VerificationMode specifies the mode that S2A must use to verify the
diff --git a/vendor/github.com/google/s2a-go/testdata/mds_client_cert.pem b/vendor/github.com/google/s2a-go/testdata/mds_client_cert.pem
new file mode 100644
index 000000000..60c4cf069
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/testdata/mds_client_cert.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDCDCCAfACFFlYsYCFit01ZpYmfjxpo7/6wMEbMA0GCSqGSIb3DQEBCwUAMEgx
+CzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEPMA0GA1UECgwGR29vZ2xlMRswGQYD
+VQQDDBJ0ZXN0LXMyYS1tdGxzLXJvb3QwHhcNMjMwODIyMTY0NTE4WhcNNDMwODIy
+MTY0NTE4WjA5MQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ0ExHTAbBgNVBAMMFHRl
+c3QtczJhLW10bHMtY2xpZW50MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEAqrQQMyxNtmdCB+uY3szgRsfPrKC+TV9Fusnd8PfaCVuGTGcSBKM018nV2TDn
+3IYFQ1HgLpGwGwOFDBb3y0o9i2/l2VJySriX1GSNX6nDmVasQlO1wuOLCP7/LRmO
+7b6Kise5W0IFhYaptKyWnekn2pS0tAjimqpfn2w0U6FDGtQUqg/trQQmGtTSJHjb
+A+OFd0EFC18KGP8Q+jOMaMkJRmpeEiAPyHPDoMhqQNT26RApv9j2Uzo4SuXzHH6T
+cAdm1+zG+EXY/UZKX9oDkSbwIJvN+gCmNyORLalJ12gsGYOCjMd8K0mlXBqrmmbO
+VHVbUm9062lhE7x59AA8DK4DoQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCPOvtL
+dq2hxFHlIy0YUK8jp/DtwJZPwzx1id5FtWwd0CxBS1StIgmkHMxtkJGz1iyQLplI
+je+Msd4sTsb5zZi/8kGKehi8Wj4lghp4oP30cpob41OvM68M9RC/wSOVk9igSww+
+l3zof6wKRIswsi5VHrL16ruIVVoDlyFbKr8yk+cp9OPOV8hNNN7ewY9xC8OgnTt8
+YtdaLe6uTplKBLW+j3GtshigRhyfkGJyPFYL4LAeDJCHlC1qmBnkyP0ijMp6vneM
+E8TLavnMTMcpihWTWpyKeRkO6HDRsP4AofQAp7VAiAdSOplga+w2qgrVICV+m8MK
+BTq2PBvc59T6OFLq
+-----END CERTIFICATE-----
diff --git a/vendor/github.com/google/s2a-go/testdata/mds_client_key.pem b/vendor/github.com/google/s2a-go/testdata/mds_client_key.pem
new file mode 100644
index 000000000..9d112d1e9
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/testdata/mds_client_key.pem
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCqtBAzLE22Z0IH
+65jezOBGx8+soL5NX0W6yd3w99oJW4ZMZxIEozTXydXZMOfchgVDUeAukbAbA4UM
+FvfLSj2Lb+XZUnJKuJfUZI1fqcOZVqxCU7XC44sI/v8tGY7tvoqKx7lbQgWFhqm0
+rJad6SfalLS0COKaql+fbDRToUMa1BSqD+2tBCYa1NIkeNsD44V3QQULXwoY/xD6
+M4xoyQlGal4SIA/Ic8OgyGpA1PbpECm/2PZTOjhK5fMcfpNwB2bX7Mb4Rdj9Rkpf
+2gORJvAgm836AKY3I5EtqUnXaCwZg4KMx3wrSaVcGquaZs5UdVtSb3TraWETvHn0
+ADwMrgOhAgMBAAECggEAUccupZ1ZY4OHTi0PkNk8rpwFwTFGyeFVEf2ofkr24RnA
+NnUAXEllxOUUNlcoFOz9s3kTeavg3qgqgpa0QmdAIb9LMXg+ec6CKkW7trMpGho8
+LxBUWNfSoU4sKEqAvyPT0lWJVo9D/up6/avbAi6TIbOw+Djzel4ZrlHTpabxc3WT
+EilXzn4q54b3MzxCQeQjcnzTieW4Q5semG2kLiXFToHIY2di01P/O8awUjgrD+uW
+/Cb6H49MnHm9VPkqea1iwZeMQd6Gh5FrC7RezsBjdB1JBcfsv6PFt2ySInjB8SF+
+XR5Gr3Cc5sh9s0LfprZ9Dq0rlSWmwasPMI1COK6SswKBgQDczgeWd3erQ1JX9LEI
+wollawqC9y7uJhEsw1hrPqA3uqZYiLUc7Nmi4laZ12mcGoXNDS3R3XmD58qGmGaU
+lxEVTb8KDVWBgw450VoBKzSMQnCP6zn4nZxTYxeqMKjDGf6TRB6TZc843qsG3eRC
+k91yxrCQ/0HV6PT48C+lieDzLwKBgQDF6aNKiyrswr457undBnM1H8q/Y6xC5ZlK
+UtiQdhuyBnicvz0U8WPxBY/8gha0OXWuSnBqq/z77iFVNv/zT6p9K7kM7nBGd8cB
+8KO6FNbyaHWFrhCI5zNzRTH4oha0hfvUOoti09vqavCtWD4L+D/63ba1wNLKPO9o
+4gWbCnUCLwKBgQC/vus372csgrnvR761LLrEJ8BpGt7WUJh5luoht7DKtHvgRleB
+Vu1oVcV+s2Iy/ZVUDC3OIdZ0hcWKPK5YOxfKuEk+IXYvke+4peTTPwHTC59UW6Fs
+FPK8N0FFuhvT0a8RlAY5WiAp8rPysp6WcnHMSl7qi8BQUozp4Sp/RsziYQKBgBXv
+r4mzoy5a53rEYGd/L4XT4EUWZyGDEVqLlDVu4eL5lKTLDZokp08vrqXuRVX0iHap
+CYzJQ2EpI8iuL/BoBB2bmwcz5n3pCMXORld5t9lmeqA2it6hwbIlGUTVsm6P6zm6
+w3hQwy9YaxTLkxUAjxbfPEEo/jQsTNzzMGve3NlBAoGAbgJExpDyMDnaD2Vi5eyr
+63b54BsqeLHqxJmADifyRCj7G1SJMm3zMKkNNOS0vsXgoiId973STFf1XQiojiv8
+Slbxyv5rczcY0n3LOuQYcM5OzsjzpNFZsT2dDnMfNRUF3rx3Geu/FuJ9scF1b00r
+fVMrcL3jSf/W1Xh4TgtyoU8=
+-----END PRIVATE KEY-----
diff --git a/vendor/github.com/google/s2a-go/testdata/mds_root_cert.pem b/vendor/github.com/google/s2a-go/testdata/mds_root_cert.pem
new file mode 100644
index 000000000..44e436f6e
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/testdata/mds_root_cert.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDcTCCAlmgAwIBAgIUDUkgI+2FZtuUHyUUi0ZBH7JvN00wDQYJKoZIhvcNAQEL
+BQAwSDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMQ8wDQYDVQQKDAZHb29nbGUx
+GzAZBgNVBAMMEnRlc3QtczJhLW10bHMtcm9vdDAeFw0yMzA4MjEyMTI5MTVaFw00
+MzA4MjEyMTI5MTVaMEgxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEPMA0GA1UE
+CgwGR29vZ2xlMRswGQYDVQQDDBJ0ZXN0LXMyYS1tdGxzLXJvb3QwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCbFEQfpvla27bATedrN4BAWsI9GSwSnJLW
+QWzXcnAk6cKxQBAhnaKHRxHY8ttLhNTtxQeub894CLzJvHE/0xDhuMzjtCCCZ7i2
+r08tKZ1KcEzPJCPNlxlzAXPA45XU3LRlbGvju/PBPhm6n1hCEKTNI/KETJ5DEaYg
+Cf2LcXVsl/zW20MwDZ+e2w/9a2a6n6DdpW1ekOR550hXAUOIxvmXRBeYeGLFvp1n
+rQgZBhRaxP03UB+PQD2oMi/4mfsS96uGCXdzzX8qV46O8m132HUbnA/wagIwboEe
+d7Bx237dERDyHw5GFnll7orgA0FOtoEufXdeQxWVvTjO0+PVPgsvAgMBAAGjUzBR
+MB0GA1UdDgQWBBRyMtg/yutV8hw8vOq0i8x0eBQi7DAfBgNVHSMEGDAWgBRyMtg/
+yutV8hw8vOq0i8x0eBQi7DAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUA
+A4IBAQArN/gdqWMxd5Rvq2eJMTp6I4RepJOT7Go4sMsRsy1caJqqcoS2EvREDZMN
+XNEBcyQBB5kYd6TCcZGoLnEtWYXQ4jjEiXG1g7/+rWxyqw0ZYuP7FWzuHg3Uor/x
+fApbEKwptP5ywVc+33h4qreGcqXkVCCn+sAcstGgrqubdGZW2T5gazUMyammOOuN
+9IWL1PbvXmgEKD+80NUIrk09zanYyrElGdU/zw/kUbZ3Jf6WUBtJGhTzRQ1qZeKa
+VnpCbLoG3vObEB8mxDUAlIzwAtfvw4U32BVIZA8xrocz6OOoAnSW1bTlo3EOIo/G
+MTV7jmY9TBPtfhRuO/cG650+F+cw
+-----END CERTIFICATE-----
diff --git a/vendor/github.com/google/s2a-go/testdata/mds_server_cert.pem b/vendor/github.com/google/s2a-go/testdata/mds_server_cert.pem
new file mode 100644
index 000000000..68c606134
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/testdata/mds_server_cert.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDbjCCAlagAwIBAgIUbexZ5sZl86Al9dsI2PkOgtqKnkgwDQYJKoZIhvcNAQEL
+BQAwSDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMQ8wDQYDVQQKDAZHb29nbGUx
+GzAZBgNVBAMMEnRlc3QtczJhLW10bHMtcm9vdDAeFw0yMzA4MjIwMDMyMDRaFw00
+MzA4MjIwMDMyMDRaMDkxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEdMBsGA1UE
+AwwUdGVzdC1zMmEtbXRscy1zZXJ2ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQCMEzybsGPqfh92GLwy43mt8kQDF3ztr8y06RwU1hVnY7QqYK4obpvh
+HkJVnTz9gwNBF3n5nUalqRzactlf2PCydN9oSYNCO8svVmo7vw1CleKAKFAiV5Qn
+H76QlqD15oJreh7nSM8R4qj5KukIHvt0cN0gD6CJQzIURDtsKJwkW3yQjYyT/FAK
+GYtFrB6buDn3Eg3Hsw6z7uj7CzLBsSl7BIGrQILbpbI9nFNT3rUTUhXZKY/3UtJA
+Ob66AjTmMbD16RGYZR4JsPx6CstheifJ6YSI79r5KgD37zX0jMXFWimvb2SmZmFe
+LoohtC8K7uTyjm/dROx6nHXdDt5TQYXHAgMBAAGjXzBdMBsGA1UdEQQUMBKHEAAA
+AAAAAAAAAAAAAAAAAAAwHQYDVR0OBBYEFI3i2+tIk6YYn0MIxC0q93jk1VsUMB8G
+A1UdIwQYMBaAFHIy2D/K61XyHDy86rSLzHR4FCLsMA0GCSqGSIb3DQEBCwUAA4IB
+AQAUhk+s/lrIAULBbU7E22C8f93AzTxE1mhyHGNlfPPJP3t1Dl+h4X4WkFpkz5gT
+EcNXB//Vvoq99HbEK5/92sxsIPexKdJBdcggeHXIgLDkOrEZEb0Nnh9eaAuU2QDn
+JW44hMB+aF6mEaJvOHE6DRkQw3hwFYFisFKKHtlQ3TyOhw5CHGzSExPZusdSFNIe
+2E7V/0QzGPJEFnEFUNe9N8nTH2P385Paoi+5+Iizlp/nztVXfzv0Cj/i+qGgtDUs
+HB+gBU2wxMw8eYyuNzACH70wqGR1Parj8/JoyYhx0S4+Gjzy3JH3CcAMaxyfH/dI
+4Wcvfz/isxgmH1UqIt3oc6ad
+-----END CERTIFICATE-----
diff --git a/vendor/github.com/google/s2a-go/testdata/mds_server_key.pem b/vendor/github.com/google/s2a-go/testdata/mds_server_key.pem
new file mode 100644
index 000000000..b14ad0f72
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/testdata/mds_server_key.pem
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCMEzybsGPqfh92
+GLwy43mt8kQDF3ztr8y06RwU1hVnY7QqYK4obpvhHkJVnTz9gwNBF3n5nUalqRza
+ctlf2PCydN9oSYNCO8svVmo7vw1CleKAKFAiV5QnH76QlqD15oJreh7nSM8R4qj5
+KukIHvt0cN0gD6CJQzIURDtsKJwkW3yQjYyT/FAKGYtFrB6buDn3Eg3Hsw6z7uj7
+CzLBsSl7BIGrQILbpbI9nFNT3rUTUhXZKY/3UtJAOb66AjTmMbD16RGYZR4JsPx6
+CstheifJ6YSI79r5KgD37zX0jMXFWimvb2SmZmFeLoohtC8K7uTyjm/dROx6nHXd
+Dt5TQYXHAgMBAAECggEAIB5zGdIG/yh/Z1GBqfuOFaxFGx5iJ5BVlLAVH9P9IXFz
+yPnVRXEjbinFlSMSbqEBeIX9EpcVMXxHIPIP1RIGEy2IYr3kiqXyT771ahDDZh6/
+Spqz0UQatSPqyvW3H9uE0Uc12dvQm23JSCUmPRX5m7gbhDQBIChXzdzdcU4Yi59V
+4xmJUvbsAcLw5CBM6kwV+1NGVH9+3mUdhrr9M6B6+sVB/xnaqMGEDfQGiwL8U7EY
+QOuc46KXu3Pd/qCdVLn60IrdjSzDJKeC5UZZ+ejNAo+DfbtOovBj3qu3OCUg4XVy
+0CDBJ1sTdLvUfF4Gb+crjPsd+qBbXcjVfqdadwhsoQKBgQDBF1Pys/NitW8okJwp
+2fiDIASP3TiI+MthWHGyuoZGPvmXQ3H6iuLSm8c/iYI2WPTf53Xff1VcFm1GmQms
+GCsYM8Ax94zCeO6Ei1sYYxwcBloEZfOeV37MPA4pjJF4Lt+n5nveNxP+lrsjksJz
+wToSEgWPDT1b/xcdt4/5j9J85wKBgQC5tiLx+33mwH4DoaFRmSl0+VuSNYFw6DTQ
+SQ+kWqWGH4NENc9wf4Dj2VUZQhpXNhXVSxj+aP2d/ck1NrTJAWqYEXCDtFQOGSa2
+cGPRr+Fhy5NIEaEvR7IXcMBZzx3koYmWVBHricyrXs5FvHrT3N14mGDUG8n24U3f
+R799bau0IQKBgQC97UM+lHCPJCWNggiJRgSifcje9VtZp1btjoBvq/bNe74nYkjn
+htsrC91Fiu1Qpdlfr50K1IXSyaB886VG6JLjAGxI+dUzqJ38M9LLvxj0G+9JKjsi
+AbAQFfZcOg8QZxLJZPVsE0MQhZTXndC06VhEVAOxvPUg214Sde8hK61/+wKBgCRw
+O10VhnePT2pw/VEgZ0T/ZFtEylgYB7zSiRIrgwzVBBGPKVueePC8BPmGwdpYz2Hh
+cU8B1Ll6QU+Co2hJMdwSl+wPpup5PuJPHRbYlrV0lzpt0x2OyL/WrLcyb2Ab3f40
+EqwPhqwdVwXR3JvTW1U9OMqFhVQ+kuP7lPQMX8NhAoGBAJOgZ7Tokipc4Mi68Olw
+SCaOPvjjy4sW2rTRuKyjc1wTAzy7SJ3vXHfGkkN99nTLJFwAyJhWUpnRdwAXGi+x
+gyOa95ImsEfRSwEjbluWfF8/P0IU8GR+ZTqT4NnNCOsi8T/xst4Szd1ECJNnnZDe
+1ChfPP1AH+/75MJCvu6wQBQv
+-----END PRIVATE KEY-----
diff --git a/vendor/github.com/google/s2a-go/testdata/self_signed_cert.pem b/vendor/github.com/google/s2a-go/testdata/self_signed_cert.pem
new file mode 100644
index 000000000..ad1bad598
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/testdata/self_signed_cert.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDITCCAgkCFBS8mLoytMpMWBwpAtnRaq3eIKnsMA0GCSqGSIb3DQEBCwUAME0x
+CzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTENMAsGA1UECgwEVGVzdDEiMCAGA1UE
+AwwZdGVzdC1zMmEtbXRscy1zZWxmLXNpZ25lZDAeFw0yMzA4MjIyMTE2MDFaFw00
+MzA4MjIyMTE2MDFaME0xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTENMAsGA1UE
+CgwEVGVzdDEiMCAGA1UEAwwZdGVzdC1zMmEtbXRscy1zZWxmLXNpZ25lZDCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKFFPsYasKZeCFLEXl3RpE/ZOXFe
+2lhutIalSpZvCmso+mQGoZ4cHK7At+kDjBi5CrnXkYcw7quQAhHgU0frhWdj7tsW
+HUUtq7T8eaGWKBnVD9fl+MjtAl1BmhXwV9qRBbj4EesSKGDSGpKf66dOtzw83JbB
+cU7XlPAH1c1zo2GXC1himcZ+SVGHVrOjn4NmeFs8g94/Dke8dWkHwv5YTMVugFK4
+5KxKgSOKkr4ka7PCBzgxCnW4wYSZNRHcxrqkiArO2HAQq0ACr7u+fVDYH//9mP2Z
+ADo/zch7O5yhkiNbjXJIRrptDWEuVYMRloYDhT773h7bV/Q0Wo0NQGtasJ8CAwEA
+ATANBgkqhkiG9w0BAQsFAAOCAQEAPjbH0TMyegF/MDvglkc0sXr6DqlmTxDCZZmG
+lYPZ5Xy062+rxIHghMARbvO4BxepiG37KsP2agvOldm4TtU8nQ8LyswmSIFm4BQ+
+XQWwdsWyYyd8l0d5sXAdaN6AXwy50fvqCepmEqyreMY6dtLzlwo9gVCBFB7QuAPt
+Nc14phpEUZt/KPNuY6cUlB7bz3tmnFbwxUrWj1p0KBEYsr7+KEVZxR+z0wtlU7S9
+ZBrmUvx0fq5Ef7JWtHW0w4ofg1op742sdYl+53C26GZ76ts4MmqVz2/94DScgRaU
+gT0GLVuuCZXRDVeTXqTb4mditRCfzFPe9cCegYhGhSqBs8yh5A==
+-----END CERTIFICATE-----
diff --git a/vendor/github.com/google/s2a-go/testdata/self_signed_key.pem b/vendor/github.com/google/s2a-go/testdata/self_signed_key.pem
new file mode 100644
index 000000000..bcf08e4f1
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/testdata/self_signed_key.pem
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQChRT7GGrCmXghS
+xF5d0aRP2TlxXtpYbrSGpUqWbwprKPpkBqGeHByuwLfpA4wYuQq515GHMO6rkAIR
+4FNH64VnY+7bFh1FLau0/HmhligZ1Q/X5fjI7QJdQZoV8FfakQW4+BHrEihg0hqS
+n+unTrc8PNyWwXFO15TwB9XNc6NhlwtYYpnGfklRh1azo5+DZnhbPIPePw5HvHVp
+B8L+WEzFboBSuOSsSoEjipK+JGuzwgc4MQp1uMGEmTUR3Ma6pIgKzthwEKtAAq+7
+vn1Q2B///Zj9mQA6P83IezucoZIjW41ySEa6bQ1hLlWDEZaGA4U++94e21f0NFqN
+DUBrWrCfAgMBAAECggEAR8e8YwyqJ8KezcgdgIC5M9kp2i4v3UCZFX0or8CI0J2S
+pUbWVLuKgLXCpfIwPyjNf15Vpei/spkMcsx4BQDthdFTFSzIpmvni0z9DlD5VFYj
+ESOJElV7wepbHPy2/c+izmuL/ic81aturGiFyRgeMq+cN3WuaztFTXkPTrzzsZGF
+p/Mx3gqm7Hoc3d2xlv+8L5GjCtEJPlQgZJV+s3ennBjOAd8CC7d9qJetE3Er46pn
+r5jedV3bQRZYBzmooYNHjbAs26++wYac/jTE0/U6nKS17eWq4BQZUtlMXUw5N81B
+7LKn7C03rj2KCn+Nf5uin9ALmoy888LXCDdvL/NZkQKBgQDduv1Heu+tOZuNYUdQ
+Hswmd8sVNAAWGZxdxixHMv58zrgbLFXSX6K89X2l5Sj9XON8TH46MuSFdjSwwWw5
+fBrhVEhA5srcqpvVWIBE05yqPpt0s1NQktMWJKELWlG8jOhVKwM5OYDpdxtwehpz
+1g70XJz+nF/LTV8RdTK+OWDDpQKBgQC6MhdbGHUz/56dY3gZpE5TXnN2hkNbZCgk
+emr6z85VHhQflZbedhCzB9PUnZnCKWOGQHQdxRTtRfd46LVboZqCdYO1ZNQv6toP
+ysS7dTpZZFy7CpQaW0Y6/jS65jW6xIDKR1W40vgltZ3sfpG37JaowpzWdw2WuOnw
+Bg0rcJAf8wKBgQCqE+p/z97UwuF8eufWnyj9QNo382E1koOMspv4KTdnyLETtthF
+vDH6O1wbykG8xmmASLRyM+NyNA+KnXNETNvZh2q8zctBpGRQK8iIAsGjHM7ln0AD
+B/x+ea5GJQuZU4RK/+lDFca6TjBwAFkWDVX/PqL18kDQkxKfM4SuwRhmOQKBgDGh
+eoJIsa0LnP787Z2AI3Srf4F/ZmLs/ppCm1OBotEjdF+64v0nYWonUvqgi8SqfaHi
+elEZIGvis4ViGj1zhRjzNAlc+AZRxpBhDzGcnNIJI4Kj3jhsTfsZmXqcNIQ1LtM8
+Uogyi/yZPaA1WKg7Aym2vlGYaGHdplXZdxc2KOSrAoGABRkD9l2OVcwK7RyNgFxo
+mjxx0tfUdDBhHIi2igih1FiHpeP9E+4/kE/K7PnU9DoDrL1jW1MTpXaYV4seOylk
+k9z/9QfcRa9ePD2N4FqbHWSYp5n3aLoIcGq/9jyjTwayZbbIhWO+vNuHE9wIvecZ
+8x3gNkxJRb4NaLIoNzAhCoo=
+-----END PRIVATE KEY-----
diff --git a/vendor/github.com/google/uuid/.travis.yml b/vendor/github.com/google/uuid/.travis.yml
deleted file mode 100644
index d8156a60b..000000000
--- a/vendor/github.com/google/uuid/.travis.yml
+++ /dev/null
@@ -1,9 +0,0 @@
-language: go
-
-go:
-  - 1.4.3
-  - 1.5.3
-  - tip
-
-script:
-  - go test -v ./...
diff --git a/vendor/github.com/google/uuid/CHANGELOG.md b/vendor/github.com/google/uuid/CHANGELOG.md
new file mode 100644
index 000000000..7ed347d3a
--- /dev/null
+++ b/vendor/github.com/google/uuid/CHANGELOG.md
@@ -0,0 +1,21 @@
+# Changelog
+
+## [1.4.0](https://github.com/google/uuid/compare/v1.3.1...v1.4.0) (2023-10-26)
+
+
+### Features
+
+* UUIDs slice type with Strings() convenience method ([#133](https://github.com/google/uuid/issues/133)) ([cd5fbbd](https://github.com/google/uuid/commit/cd5fbbdd02f3e3467ac18940e07e062be1f864b4))
+
+### Fixes
+
+* Clarify that Parse's job is to parse but not necessarily validate strings. (Documents current behavior)
+
+## [1.3.1](https://github.com/google/uuid/compare/v1.3.0...v1.3.1) (2023-08-18)
+
+
+### Bug Fixes
+
+* Use .EqualFold() to parse urn prefixed UUIDs ([#118](https://github.com/google/uuid/issues/118)) ([574e687](https://github.com/google/uuid/commit/574e6874943741fb99d41764c705173ada5293f0))
+
+## Changelog
diff --git a/vendor/github.com/google/uuid/CONTRIBUTING.md b/vendor/github.com/google/uuid/CONTRIBUTING.md
index 04fdf09f1..a502fdc51 100644
--- a/vendor/github.com/google/uuid/CONTRIBUTING.md
+++ b/vendor/github.com/google/uuid/CONTRIBUTING.md
@@ -2,6 +2,22 @@
 
 We definitely welcome patches and contribution to this project!
 
+### Tips
+
+Commits must be formatted according to the [Conventional Commits Specification](https://www.conventionalcommits.org).
+
+Always try to include a test case! If it is not possible or not necessary,
+please explain why in the pull request description.
+
+### Releasing
+
+Commits that would precipitate a SemVer change, as described in the Conventional
+Commits Specification, will trigger [`release-please`](https://github.com/google-github-actions/release-please-action)
+to create a release candidate pull request. Once submitted, `release-please`
+will create a release.
+
+For tips on how to work with `release-please`, see its documentation.
+
 ### Legal requirements
 
 In order to protect both you and ourselves, you will need to sign the
diff --git a/vendor/github.com/google/uuid/README.md b/vendor/github.com/google/uuid/README.md
index f765a46f9..3e9a61889 100644
--- a/vendor/github.com/google/uuid/README.md
+++ b/vendor/github.com/google/uuid/README.md
@@ -1,6 +1,6 @@
-# uuid ![build status](https://travis-ci.org/google/uuid.svg?branch=master)
+# uuid
 The uuid package generates and inspects UUIDs based on
-[RFC 4122](http://tools.ietf.org/html/rfc4122)
+[RFC 4122](https://datatracker.ietf.org/doc/html/rfc4122)
 and DCE 1.1: Authentication and Security Services. 
 
 This package is based on the github.com/pborman/uuid package (previously named
@@ -9,10 +9,12 @@ a UUID is a 16 byte array rather than a byte slice.  One loss due to this
 change is the ability to represent an invalid UUID (vs a NIL UUID).
 
 ###### Install
-`go get github.com/google/uuid`
+```sh
+go get github.com/google/uuid
+```
 
 ###### Documentation 
-[![GoDoc](https://godoc.org/github.com/google/uuid?status.svg)](http://godoc.org/github.com/google/uuid)
+[![Go Reference](https://pkg.go.dev/badge/github.com/google/uuid.svg)](https://pkg.go.dev/github.com/google/uuid)
 
 Full `go doc` style documentation for the package can be viewed online without
 installing this package by using the GoDoc site here: 
diff --git a/vendor/github.com/google/uuid/node_js.go b/vendor/github.com/google/uuid/node_js.go
index 24b78edc9..b2a0bc871 100644
--- a/vendor/github.com/google/uuid/node_js.go
+++ b/vendor/github.com/google/uuid/node_js.go
@@ -7,6 +7,6 @@
 package uuid
 
 // getHardwareInterface returns nil values for the JS version of the code.
-// This remvoves the "net" dependency, because it is not used in the browser.
+// This removes the "net" dependency, because it is not used in the browser.
 // Using the "net" library inflates the size of the transpiled JS code by 673k bytes.
 func getHardwareInterface(name string) (string, []byte) { return "", nil }
diff --git a/vendor/github.com/google/uuid/uuid.go b/vendor/github.com/google/uuid/uuid.go
index a57207aeb..dc75f7d99 100644
--- a/vendor/github.com/google/uuid/uuid.go
+++ b/vendor/github.com/google/uuid/uuid.go
@@ -56,11 +56,15 @@ func IsInvalidLengthError(err error) bool {
 	return ok
 }
 
-// Parse decodes s into a UUID or returns an error.  Both the standard UUID
-// forms of xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx and
-// urn:uuid:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx are decoded as well as the
-// Microsoft encoding {xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx} and the raw hex
-// encoding: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.
+// Parse decodes s into a UUID or returns an error if it cannot be parsed.  Both
+// the standard UUID forms defined in RFC 4122
+// (xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx and
+// urn:uuid:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx) are decoded.  In addition,
+// Parse accepts non-standard strings such as the raw hex encoding
+// xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx and 38 byte "Microsoft style" encodings,
+// e.g.  {xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx}.  Only the middle 36 bytes are
+// examined in the latter case.  Parse should not be used to validate strings as
+// it parses non-standard encodings as indicated above.
 func Parse(s string) (UUID, error) {
 	var uuid UUID
 	switch len(s) {
@@ -69,7 +73,7 @@ func Parse(s string) (UUID, error) {
 
 	// urn:uuid:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
 	case 36 + 9:
-		if strings.ToLower(s[:9]) != "urn:uuid:" {
+		if !strings.EqualFold(s[:9], "urn:uuid:") {
 			return uuid, fmt.Errorf("invalid urn prefix: %q", s[:9])
 		}
 		s = s[9:]
@@ -101,7 +105,8 @@ func Parse(s string) (UUID, error) {
 		9, 11,
 		14, 16,
 		19, 21,
-		24, 26, 28, 30, 32, 34} {
+		24, 26, 28, 30, 32, 34,
+	} {
 		v, ok := xtob(s[x], s[x+1])
 		if !ok {
 			return uuid, errors.New("invalid UUID format")
@@ -117,7 +122,7 @@ func ParseBytes(b []byte) (UUID, error) {
 	switch len(b) {
 	case 36: // xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
 	case 36 + 9: // urn:uuid:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
-		if !bytes.Equal(bytes.ToLower(b[:9]), []byte("urn:uuid:")) {
+		if !bytes.EqualFold(b[:9], []byte("urn:uuid:")) {
 			return uuid, fmt.Errorf("invalid urn prefix: %q", b[:9])
 		}
 		b = b[9:]
@@ -145,7 +150,8 @@ func ParseBytes(b []byte) (UUID, error) {
 		9, 11,
 		14, 16,
 		19, 21,
-		24, 26, 28, 30, 32, 34} {
+		24, 26, 28, 30, 32, 34,
+	} {
 		v, ok := xtob(b[x], b[x+1])
 		if !ok {
 			return uuid, errors.New("invalid UUID format")
@@ -292,3 +298,15 @@ func DisableRandPool() {
 	poolMu.Lock()
 	poolPos = randPoolSize
 }
+
+// UUIDs is a slice of UUID types.
+type UUIDs []UUID
+
+// Strings returns a string slice containing the string form of each UUID in uuids.
+func (uuids UUIDs) Strings() []string {
+	var uuidStrs = make([]string, len(uuids))
+	for i, uuid := range uuids {
+		uuidStrs[i] = uuid.String()
+	}
+	return uuidStrs
+}
diff --git a/vendor/github.com/googleapis/enterprise-certificate-proxy/client/client.go b/vendor/github.com/googleapis/enterprise-certificate-proxy/client/client.go
index b3283b815..ea5beb5aa 100644
--- a/vendor/github.com/googleapis/enterprise-certificate-proxy/client/client.go
+++ b/vendor/github.com/googleapis/enterprise-certificate-proxy/client/client.go
@@ -35,6 +35,8 @@ import (
 const signAPI = "EnterpriseCertSigner.Sign"
 const certificateChainAPI = "EnterpriseCertSigner.CertificateChain"
 const publicKeyAPI = "EnterpriseCertSigner.Public"
+const encryptAPI = "EnterpriseCertSigner.Encrypt"
+const decryptAPI = "EnterpriseCertSigner.Decrypt"
 
 // A Connection wraps a pair of unidirectional streams as an io.ReadWriteCloser.
 type Connection struct {
@@ -54,13 +56,28 @@ func (c *Connection) Close() error {
 
 func init() {
 	gob.Register(crypto.SHA256)
+	gob.Register(crypto.SHA384)
+	gob.Register(crypto.SHA512)
 	gob.Register(&rsa.PSSOptions{})
+	gob.Register(&rsa.OAEPOptions{})
 }
 
-// SignArgs contains arguments to a crypto Signer.Sign method.
+// SignArgs contains arguments for a Sign API call.
 type SignArgs struct {
 	Digest []byte            // The content to sign.
-	Opts   crypto.SignerOpts // Options for signing, such as Hash identifier.
+	Opts   crypto.SignerOpts // Options for signing. Must implement HashFunc().
+}
+
+// EncryptArgs contains arguments for an Encrypt API call.
+type EncryptArgs struct {
+	Plaintext []byte // The plaintext to encrypt.
+	Opts      any    // Options for encryption. Ex: an instance of crypto.Hash.
+}
+
+// DecryptArgs contains arguments to for a Decrypt API call.
+type DecryptArgs struct {
+	Ciphertext []byte               // The ciphertext to decrypt.
+	Opts       crypto.DecrypterOpts // Options for decryption. Ex: an instance of *rsa.OAEPOptions.
 }
 
 // Key implements credential.Credential by holding the executed signer subprocess.
@@ -98,7 +115,7 @@ func (k *Key) Public() crypto.PublicKey {
 	return k.publicKey
 }
 
-// Sign signs a message digest, using the specified signer options.
+// Sign signs a message digest, using the specified signer opts. Implements crypto.Signer interface.
 func (k *Key) Sign(_ io.Reader, digest []byte, opts crypto.SignerOpts) (signed []byte, err error) {
 	if opts != nil && opts.HashFunc() != 0 && len(digest) != opts.HashFunc().Size() {
 		return nil, fmt.Errorf("Digest length of %v bytes does not match Hash function size of %v bytes", len(digest), opts.HashFunc().Size())
@@ -107,6 +124,18 @@ func (k *Key) Sign(_ io.Reader, digest []byte, opts crypto.SignerOpts) (signed [
 	return
 }
 
+// Encrypt encrypts a plaintext msg into ciphertext, using the specified encrypt opts.
+func (k *Key) Encrypt(_ io.Reader, msg []byte, opts any) (ciphertext []byte, err error) {
+	err = k.client.Call(encryptAPI, EncryptArgs{Plaintext: msg, Opts: opts}, &ciphertext)
+	return
+}
+
+// Decrypt decrypts a ciphertext msg into plaintext, using the specified decrypter opts. Implements crypto.Decrypter interface.
+func (k *Key) Decrypt(_ io.Reader, msg []byte, opts crypto.DecrypterOpts) (plaintext []byte, err error) {
+	err = k.client.Call(decryptAPI, DecryptArgs{Ciphertext: msg, Opts: opts}, &plaintext)
+	return
+}
+
 // ErrCredUnavailable is a sentinel error that indicates ECP Cred is unavailable,
 // possibly due to missing config or missing binary path.
 var ErrCredUnavailable = errors.New("Cred is unavailable")
@@ -120,7 +149,12 @@ var ErrCredUnavailable = errors.New("Cred is unavailable")
 // The config file also specifies which certificate the signer should use.
 func Cred(configFilePath string) (*Key, error) {
 	if configFilePath == "" {
-		configFilePath = util.GetDefaultConfigFilePath()
+		envFilePath := util.GetConfigFilePathFromEnv()
+		if envFilePath != "" {
+			configFilePath = envFilePath
+		} else {
+			configFilePath = util.GetDefaultConfigFilePath()
+		}
 	}
 	enterpriseCertSignerPath, err := util.LoadSignerBinaryPath(configFilePath)
 	if err != nil {
diff --git a/vendor/github.com/googleapis/enterprise-certificate-proxy/client/util/util.go b/vendor/github.com/googleapis/enterprise-certificate-proxy/client/util/util.go
index 1640ec1c9..f374a7f55 100644
--- a/vendor/github.com/googleapis/enterprise-certificate-proxy/client/util/util.go
+++ b/vendor/github.com/googleapis/enterprise-certificate-proxy/client/util/util.go
@@ -22,6 +22,7 @@ import (
 	"os/user"
 	"path/filepath"
 	"runtime"
+	"strings"
 )
 
 const configFileName = "certificate_config.json"
@@ -63,6 +64,9 @@ func LoadSignerBinaryPath(configFilePath string) (path string, err error) {
 	if signerBinaryPath == "" {
 		return "", ErrConfigUnavailable
 	}
+
+	signerBinaryPath = strings.ReplaceAll(signerBinaryPath, "~", guessHomeDir())
+	signerBinaryPath = strings.ReplaceAll(signerBinaryPath, "$HOME", guessHomeDir())
 	return signerBinaryPath, nil
 }
 
@@ -89,3 +93,8 @@ func getDefaultConfigFileDirectory() (directory string) {
 func GetDefaultConfigFilePath() (path string) {
 	return filepath.Join(getDefaultConfigFileDirectory(), configFileName)
 }
+
+// GetConfigFilePathFromEnv returns the path associated with environment variable GOOGLE_API_CERTIFICATE_CONFIG
+func GetConfigFilePathFromEnv() (path string) {
+	return os.Getenv("GOOGLE_API_CERTIFICATE_CONFIG")
+}
diff --git a/vendor/github.com/gowebpki/jcs/.gitignore b/vendor/github.com/gowebpki/jcs/.gitignore
new file mode 100644
index 000000000..a692565e1
--- /dev/null
+++ b/vendor/github.com/gowebpki/jcs/.gitignore
@@ -0,0 +1,34 @@
+# Compiled Object files, Static and Dynamic libs (Shared Objects)
+*.o
+*.a
+*.so
+
+# Binaries for programs and plugins
+*.exe
+*.exe~
+*.dll
+*.so
+*.dylib
+
+# Test binary, built with `go test -c`
+*.test
+
+# Output of the go coverage tool, specifically when used with LiteIDE
+*.out
+coverageout
+coverage.html
+goreportcard.db
+
+# Dependency directories (remove the comment below to include it)
+# vendor/
+
+# vscode
+*/.vscode
+*.code-workspace
+
+# sublime text
+*.sublime-workspace
+*.sublime-project
+
+# Mac files
+.DS_Store
diff --git a/vendor/github.com/gowebpki/jcs/LICENSE b/vendor/github.com/gowebpki/jcs/LICENSE
new file mode 100644
index 000000000..d64569567
--- /dev/null
+++ b/vendor/github.com/gowebpki/jcs/LICENSE
@@ -0,0 +1,202 @@
+
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright [yyyy] [name of copyright owner]
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
diff --git a/vendor/github.com/gowebpki/jcs/README.md b/vendor/github.com/gowebpki/jcs/README.md
new file mode 100644
index 000000000..c2c976784
--- /dev/null
+++ b/vendor/github.com/gowebpki/jcs/README.md
@@ -0,0 +1,72 @@
+![JCS](https://cyberphone.github.io/doc/security/jcs.svg)
+
+# JSON Canonicalization
+
+[![Go Report Card](https://goreportcard.com/badge/github.com/gowebpki/jcs)](https://goreportcard.com/report/github.com/gowebpki/jcs) 
+[![godoc](https://img.shields.io/badge/godoc-reference-blue.svg?style=flat)](https://pkg.go.dev/github.com/gowebpki/jcs)
+[![GitHub license](https://img.shields.io/github/license/gowebpki/jcs.svg?style=flat)](https://github.com/gowebpki/jcs/blob/master/LICENSE)
+[![GitHub go.mod Go version of a Go module](https://img.shields.io/github/go-mod/go-version/gowebpki/jcs.svg?style=flat)](https://github.com/gowebpki/jcs)
+
+Cryptographic operations like hashing and signing depend on that the target 
+data does not change during serialization, transport, or parsing. 
+By applying the rules defined by JCS (JSON Canonicalization Scheme), 
+data provided in the JSON [[RFC8259](https://tools.ietf.org/html/rfc8259)]
+format can be exchanged "as is", while still being subject to secure cryptographic operations.
+JCS achieves this by building on the serialization formats for JSON
+primitives as defined by ECMAScript [[ES](https://ecma-international.org/ecma-262/)],
+constraining JSON data to the I-JSON [[RFC7493](https://tools.ietf.org/html//rfc7493)] subset,
+and through a platform independent property sorting scheme.
+
+Public RFC: https://tools.ietf.org/html/rfc8785
+
+The JSON Canonicalization Scheme concept in a nutshell:
+- Serialization of primitive JSON data types using methods compatible with ECMAScript's `JSON.stringify()`
+- Lexicographic sorting of JSON `Object` properties in a *recursive* process
+- JSON `Array` data is also subject to canonicalization, *but element order remains untouched*
+
+### Original Work
+
+This code was originally created by Anders Rundgren aka cyberphone and can be found here: 
+https://github.com/cyberphone/json-canonicalization. This fork and work is done with Anders' 
+permission and is an attempt to clean up the Golang version. 
+
+
+### Sample Input
+```code
+{
+  "numbers": [333333333.33333329, 1E30, 4.50, 2e-3, 0.000000000000000000000000001],
+  "string": "\u20ac$\u000F\u000aA'\u0042\u0022\u005c\\\"\/",
+  "literals": [null, true, false]
+}
+```
+### Expected Output
+```code
+{"literals":[null,true,false],"numbers":[333333333.3333333,1e+30,4.5,0.002,1e-27],"string":"€$\u000f\nA'B\"\\\\\"/"}
+```
+
+Note: for platform interoperable canonicalization, the output must be converted to UTF-8
+as well, here shown in hexadecimal notation:
+
+```code
+7b 22 6c 69 74 65 72 61 6c 73 22 3a 5b 6e 75 6c 6c 2c 74 72 75 65 2c 66 61 6c 73 65 5d 2c 22 6e
+75 6d 62 65 72 73 22 3a 5b 33 33 33 33 33 33 33 33 33 2e 33 33 33 33 33 33 33 2c 31 65 2b 33 30
+2c 34 2e 35 2c 30 2e 30 30 32 2c 31 65 2d 32 37 5d 2c 22 73 74 72 69 6e 67 22 3a 22 e2 82 ac 24
+5c 75 30 30 30 66 5c 6e 41 27 42 5c 22 5c 5c 5c 5c 5c 22 2f 22 7d
+```
+### Combining JCS and JWS (RFC7515)
+[JWS-JCS](https://github.com/cyberphone/jws-jcs#combining-detached-jws-with-jcs-json-canonicalization-scheme)
+
+### On-line Browser JCS Test
+https://cyberphone.github.io/doc/security/browser-json-canonicalization.html
+
+### ECMAScript Proposal: JSON.canonify()
+[JSON.canonify()](https://github.com/cyberphone/json-canonicalization/blob/master/JSON.canonify.md)
+
+### Other Canonicalization Efforts
+https://tools.ietf.org/html/draft-staykov-hu-json-canonical-form-00
+
+http://wiki.laptop.org/go/Canonical_JSON
+
+https://gibson042.github.io/canonicaljson-spec/
+
+https://gist.github.com/mikesamuel/20710f94a53e440691f04bf79bc3d756
diff --git a/vendor/github.com/gowebpki/jcs/es6numfmt.go b/vendor/github.com/gowebpki/jcs/es6numfmt.go
new file mode 100644
index 000000000..011e1df55
--- /dev/null
+++ b/vendor/github.com/gowebpki/jcs/es6numfmt.go
@@ -0,0 +1,59 @@
+// Copyright 2021 Bret Jordan & Benedikt Thoma, All rights reserved.
+// Copyright 2006-2019 WebPKI.org (http://webpki.org).
+//
+// Use of this source code is governed by an Apache 2.0 license that can be
+// found in the LICENSE file in the root of the source tree.
+
+package jcs
+
+import (
+	"errors"
+	"math"
+	"strconv"
+	"strings"
+)
+
+const invalidPattern uint64 = 0x7ff0000000000000
+
+// NumberToJSON converts numbers in IEEE-754 double precision into the
+// format specified for JSON in EcmaScript Version 6 and forward.
+// The core application for this is canonicalization per RFC 8785:
+func NumberToJSON(ieeeF64 float64) (res string, err error) {
+	ieeeU64 := math.Float64bits(ieeeF64)
+
+	// Special case: NaN and Infinity are invalid in JSON
+	if (ieeeU64 & invalidPattern) == invalidPattern {
+		return "null", errors.New("Invalid JSON number: " + strconv.FormatUint(ieeeU64, 16))
+	}
+
+	// Special case: eliminate "-0" as mandated by the ES6-JSON/JCS specifications
+	if ieeeF64 == 0 { // Right, this line takes both -0 and 0
+		return "0", nil
+	}
+
+	// Deal with the sign separately
+	var sign string = ""
+	if ieeeF64 < 0 {
+		ieeeF64 = -ieeeF64
+		sign = "-"
+	}
+
+	// ES6 has a unique "g" format
+	var format byte = 'e'
+	if ieeeF64 < 1e+21 && ieeeF64 >= 1e-6 {
+		format = 'f'
+	}
+
+	// The following should (in "theory") do the trick:
+	es6Formatted := strconv.FormatFloat(ieeeF64, format, -1, 64)
+
+	// Ryu version
+	exponent := strings.IndexByte(es6Formatted, 'e')
+	if exponent > 0 {
+		// Go outputs "1e+09" which must be rewritten as "1e+9"
+		if es6Formatted[exponent+2] == '0' {
+			es6Formatted = es6Formatted[:exponent+2] + es6Formatted[exponent+3:]
+		}
+	}
+	return sign + es6Formatted, nil
+}
diff --git a/vendor/github.com/gowebpki/jcs/jcs.go b/vendor/github.com/gowebpki/jcs/jcs.go
new file mode 100644
index 000000000..f67524c54
--- /dev/null
+++ b/vendor/github.com/gowebpki/jcs/jcs.go
@@ -0,0 +1,489 @@
+// Copyright 2021 Bret Jordan & Benedikt Thoma, All rights reserved.
+// Copyright 2006-2019 WebPKI.org (http://webpki.org).
+//
+// Use of this source code is governed by an Apache 2.0 license that can be
+// found in the LICENSE file in the root of the source tree.
+
+// Package jcs transforms UTF-8 JSON data into a canonicalized version according RFC 8785
+package jcs
+
+import (
+	"container/list"
+	"errors"
+	"fmt"
+	"strconv"
+	"strings"
+	"unicode/utf16"
+)
+
+type nameValueType struct {
+	name    string
+	sortKey []uint16
+	value   string
+}
+
+type jcsData struct {
+	// JSON data MUST be UTF-8 encoded
+	jsonData []byte
+	// Current pointer in jsonData
+	index int
+}
+
+// JSON standard escapes (modulo \u)
+var (
+	asciiEscapes  = []byte{'\\', '"', 'b', 'f', 'n', 'r', 't'}
+	binaryEscapes = []byte{'\\', '"', '\b', '\f', '\n', '\r', '\t'}
+)
+
+// JSON literals
+var literals = []string{"true", "false", "null"}
+
+// Transform converts raw JSON data from a []byte array into a canonicalized version according RFC 8785
+func Transform(jsonData []byte) ([]byte, error) {
+	if jsonData == nil {
+		return nil, errors.New("No JSON data provided")
+	}
+
+	// Create a JCS Data struct to store the JSON Data and the index.
+	var jd jcsData
+	jd.jsonData = jsonData
+	j := &jd
+
+	transformed, err := j.parseEntry()
+	if err != nil {
+		return nil, err
+	}
+
+	for j.index < len(j.jsonData) {
+		if !j.isWhiteSpace(j.jsonData[j.index]) {
+			return nil, errors.New("Improperly terminated JSON object")
+		}
+		j.index++
+	}
+	return []byte(transformed), err
+}
+
+func (j *jcsData) isWhiteSpace(c byte) bool {
+	return c == 0x20 || c == 0x0a || c == 0x0d || c == 0x09
+}
+
+func (j *jcsData) nextChar() (byte, error) {
+	if j.index < len(j.jsonData) {
+		c := j.jsonData[j.index]
+		if c > 0x7f {
+			return 0, errors.New("Unexpected non-ASCII character")
+		}
+		j.index++
+		return c, nil
+	}
+	return 0, errors.New("Unexpected EOF reached")
+}
+
+// scan advances index on jsonData to the first non whitespace character and returns it.
+func (j *jcsData) scan() (byte, error) {
+	for {
+		c, err := j.nextChar()
+		if err != nil {
+			return 0, err
+		}
+
+		if j.isWhiteSpace(c) {
+			continue
+		}
+
+		return c, nil
+	}
+}
+
+func (j *jcsData) scanFor(expected byte) error {
+	c, err := j.scan()
+	if err != nil {
+		return err
+	}
+	if c != expected {
+		return fmt.Errorf("Expected %s but got %s", string(expected), string(c))
+	}
+	return nil
+}
+
+func (j *jcsData) getUEscape() (rune, error) {
+	start := j.index
+	for i := 0; i < 4; i++ {
+		_, err := j.nextChar()
+		if err != nil {
+			return 0, err
+		}
+	}
+
+	u16, err := strconv.ParseUint(string(j.jsonData[start:j.index]), 16, 64)
+	if err != nil {
+		return 0, err
+	}
+	return rune(u16), nil
+}
+
+func (j *jcsData) decorateString(rawUTF8 string) string {
+	var quotedString strings.Builder
+	quotedString.WriteByte('"')
+
+CoreLoop:
+	for _, c := range []byte(rawUTF8) {
+		// Is this within the JSON standard escapes?
+		for i, esc := range binaryEscapes {
+			if esc == c {
+				quotedString.WriteByte('\\')
+				quotedString.WriteByte(asciiEscapes[i])
+
+				continue CoreLoop
+			}
+		}
+		if c < 0x20 {
+			// Other ASCII control characters must be escaped with \uhhhh
+			quotedString.WriteString(fmt.Sprintf("\\u%04x", c))
+		} else {
+			quotedString.WriteByte(c)
+		}
+	}
+	quotedString.WriteByte('"')
+
+	return quotedString.String()
+}
+
+// parseEntry is the entrypoint into the parsing control flow
+func (j *jcsData) parseEntry() (string, error) {
+	c, err := j.scan()
+	if err != nil {
+		return "", err
+	}
+	j.index--
+
+	switch c {
+	case '{', '"', '[':
+		return j.parseElement()
+	default:
+		value, err := parseLiteral(string(j.jsonData))
+		if err != nil {
+			return "", err
+		}
+
+		j.index = len(j.jsonData)
+		return value, nil
+	}
+}
+
+func (j *jcsData) parseQuotedString() (string, error) {
+	var rawString strings.Builder
+
+CoreLoop:
+	for {
+		var c byte
+		if j.index < len(j.jsonData) {
+			c = j.jsonData[j.index]
+			j.index++
+		} else {
+			return "", errors.New("Unexpected EOF reached")
+		}
+
+		if c == '"' {
+			break
+		}
+
+		if c < ' ' {
+			return "", errors.New("Unterminated string literal")
+		} else if c == '\\' {
+			// Escape sequence
+			c, err := j.nextChar()
+			if err != nil {
+				return "", err
+			}
+
+			if c == 'u' {
+				// The \u escape
+				firstUTF16, err := j.getUEscape()
+				if err != nil {
+					return "", err
+				}
+
+				if utf16.IsSurrogate(firstUTF16) {
+					// If the first UTF-16 code unit has a certain value there must be
+					// another succeeding UTF-16 code unit as well
+					backslash, err := j.nextChar()
+					if err != nil {
+						return "", err
+					}
+					u, err := j.nextChar()
+					if err != nil {
+						return "", err
+					}
+
+					if backslash != '\\' || u != 'u' {
+						return "", errors.New("Missing surrogate")
+					}
+
+					// Output the UTF-32 code point as UTF-8
+					uEscape, err := j.getUEscape()
+					if err != nil {
+						return "", err
+					}
+					rawString.WriteRune(utf16.DecodeRune(firstUTF16, uEscape))
+
+				} else {
+					// Single UTF-16 code identical to UTF-32.  Output as UTF-8
+					rawString.WriteRune(firstUTF16)
+				}
+			} else if c == '/' {
+				// Benign but useless escape
+				rawString.WriteByte('/')
+			} else {
+				// The JSON standard escapes
+				for i, esc := range asciiEscapes {
+					if esc == c {
+						rawString.WriteByte(binaryEscapes[i])
+						continue CoreLoop
+					}
+				}
+				return "", fmt.Errorf("Unexpected escape: \\%s", string(c))
+			}
+		} else {
+			// Just an ordinary ASCII character alternatively a UTF-8 byte
+			// outside of ASCII.
+			// Note that properly formatted UTF-8 never clashes with ASCII
+			// making byte per byte search for ASCII break characters work
+			// as expected.
+			rawString.WriteByte(c)
+		}
+	}
+
+	return rawString.String(), nil
+}
+
+func (j *jcsData) parseSimpleType() (string, error) {
+	var token strings.Builder
+
+	j.index--
+
+	// no condition is needed here.
+	// if the buffer reaches EOF scan returns an error, or we terminate because the
+	// json simple type terminates
+	for {
+		c, err := j.scan()
+		if err != nil {
+			return "", err
+		}
+
+		if c == ',' || c == ']' || c == '}' {
+			j.index--
+			break
+		}
+
+		token.WriteByte(c)
+	}
+
+	if token.Len() == 0 {
+		return "", errors.New("Missing argument")
+	}
+
+	return parseLiteral(token.String())
+}
+
+func parseLiteral(value string) (string, error) {
+	// Is it a JSON literal?
+	for _, literal := range literals {
+		if literal == value {
+			return literal, nil
+		}
+	}
+
+	// Apparently not so we assume that it is a I-JSON number
+	ieeeF64, err := strconv.ParseFloat(value, 64)
+	if err != nil {
+		return "", err
+	}
+
+	value, err = NumberToJSON(ieeeF64)
+	if err != nil {
+		return "", err
+	}
+
+	return value, nil
+}
+
+func (j *jcsData) parseElement() (string, error) {
+	c, err := j.scan()
+	if err != nil {
+		return "", err
+	}
+
+	switch c {
+	case '{':
+		return j.parseObject()
+	case '"':
+		str, err := j.parseQuotedString()
+		if err != nil {
+			return "", err
+		}
+		return j.decorateString(str), nil
+	case '[':
+		return j.parseArray()
+	default:
+		return j.parseSimpleType()
+	}
+}
+
+func (j *jcsData) peek() (byte, error) {
+	c, err := j.scan()
+	if err != nil {
+		return 0, err
+	}
+
+	j.index--
+	return c, nil
+}
+
+func (j *jcsData) parseArray() (string, error) {
+	var arrayData strings.Builder
+	var next bool
+
+	arrayData.WriteByte('[')
+
+	for {
+		c, err := j.peek()
+		if err != nil {
+			return "", err
+		}
+
+		if c == ']' {
+			j.index++
+			break
+		}
+
+		if next {
+			err = j.scanFor(',')
+			if err != nil {
+				return "", err
+			}
+			arrayData.WriteByte(',')
+		} else {
+			next = true
+		}
+
+		element, err := j.parseElement()
+		if err != nil {
+			return "", err
+		}
+		arrayData.WriteString(element)
+	}
+
+	arrayData.WriteByte(']')
+	return arrayData.String(), nil
+}
+
+func (j *jcsData) lexicographicallyPrecedes(sortKey []uint16, e *list.Element) (bool, error) {
+	// Find the minimum length of the sortKeys
+	oldSortKey := e.Value.(nameValueType).sortKey
+	minLength := len(oldSortKey)
+	if minLength > len(sortKey) {
+		minLength = len(sortKey)
+	}
+	for q := 0; q < minLength; q++ {
+		diff := int(sortKey[q]) - int(oldSortKey[q])
+		if diff < 0 {
+			// Smaller => Precedes
+			return true, nil
+		} else if diff > 0 {
+			// Bigger => No match
+			return false, nil
+		}
+		// Still equal => Continue
+	}
+	// The sortKeys compared equal up to minLength
+	if len(sortKey) < len(oldSortKey) {
+		// Shorter => Precedes
+		return true, nil
+	}
+	if len(sortKey) == len(oldSortKey) {
+		return false, fmt.Errorf("Duplicate key: %s", e.Value.(nameValueType).name)
+	}
+	// Longer => No match
+	return false, nil
+}
+
+func (j *jcsData) parseObject() (string, error) {
+	nameValueList := list.New()
+	var next bool = false
+CoreLoop:
+	for {
+		c, err := j.peek()
+		if err != nil {
+			return "", err
+		}
+
+		if c == '}' {
+			// advance index because of peeked '}'
+			j.index++
+			break
+		}
+
+		if next {
+			err = j.scanFor(',')
+			if err != nil {
+				return "", err
+			}
+		}
+		next = true
+
+		err = j.scanFor('"')
+		if err != nil {
+			return "", err
+		}
+		rawUTF8, err := j.parseQuotedString()
+		if err != nil {
+			break
+		}
+		// Sort keys on UTF-16 code units
+		// Since UTF-8 doesn't have endianess this is just a value transformation
+		// In the Go case the transformation is UTF-8 => UTF-32 => UTF-16
+		sortKey := utf16.Encode([]rune(rawUTF8))
+		err = j.scanFor(':')
+		if err != nil {
+			return "", err
+		}
+
+		element, err := j.parseElement()
+		if err != nil {
+			return "", err
+		}
+		nameValue := nameValueType{rawUTF8, sortKey, element}
+		for e := nameValueList.Front(); e != nil; e = e.Next() {
+			// Check if the key is smaller than a previous key
+			if precedes, err := j.lexicographicallyPrecedes(sortKey, e); err != nil {
+				return "", err
+			} else if precedes {
+				// Precedes => Insert before and exit sorting
+				nameValueList.InsertBefore(nameValue, e)
+				continue CoreLoop
+			}
+			// Continue searching for a possibly succeeding sortKey
+			// (which is straightforward since the list is ordered)
+		}
+		// The sortKey is either the first or is succeeding all previous sortKeys
+		nameValueList.PushBack(nameValue)
+	}
+
+	// Now everything is sorted so we can properly serialize the object
+	var objectData strings.Builder
+	objectData.WriteByte('{')
+	next = false
+	for e := nameValueList.Front(); e != nil; e = e.Next() {
+		if next {
+			objectData.WriteByte(',')
+		}
+		next = true
+		nameValue := e.Value.(nameValueType)
+		objectData.WriteString(j.decorateString(nameValue.name))
+		objectData.WriteByte(':')
+		objectData.WriteString(nameValue.value)
+	}
+	objectData.WriteByte('}')
+	return objectData.String(), nil
+}
diff --git a/vendor/github.com/hashicorp/go-retryablehttp/CHANGELOG.md b/vendor/github.com/hashicorp/go-retryablehttp/CHANGELOG.md
new file mode 100644
index 000000000..33686e4da
--- /dev/null
+++ b/vendor/github.com/hashicorp/go-retryablehttp/CHANGELOG.md
@@ -0,0 +1,9 @@
+## 0.7.4 (Jun 6, 2023)
+
+BUG FIXES
+
+- client: fixing an issue where the Content-Type header wouldn't be sent with an empty payload when using HTTP/2 [GH-194]
+
+## 0.7.3 (May 15, 2023)
+
+Initial release
diff --git a/vendor/github.com/hashicorp/go-retryablehttp/CODEOWNERS b/vendor/github.com/hashicorp/go-retryablehttp/CODEOWNERS
new file mode 100644
index 000000000..f8389c995
--- /dev/null
+++ b/vendor/github.com/hashicorp/go-retryablehttp/CODEOWNERS
@@ -0,0 +1 @@
+* @hashicorp/release-engineering
\ No newline at end of file
diff --git a/vendor/github.com/hashicorp/go-retryablehttp/LICENSE b/vendor/github.com/hashicorp/go-retryablehttp/LICENSE
index e87a115e4..f4f97ee58 100644
--- a/vendor/github.com/hashicorp/go-retryablehttp/LICENSE
+++ b/vendor/github.com/hashicorp/go-retryablehttp/LICENSE
@@ -1,3 +1,5 @@
+Copyright (c) 2015 HashiCorp, Inc.
+
 Mozilla Public License, version 2.0
 
 1. Definitions
diff --git a/vendor/github.com/hashicorp/go-retryablehttp/client.go b/vendor/github.com/hashicorp/go-retryablehttp/client.go
index f40d2411c..cad96bd97 100644
--- a/vendor/github.com/hashicorp/go-retryablehttp/client.go
+++ b/vendor/github.com/hashicorp/go-retryablehttp/client.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
 // Package retryablehttp provides a familiar HTTP client interface with
 // automatic retries and exponential backoff. It is a thin wrapper over the
 // standard net/http client library and exposes nearly the same public API.
@@ -257,10 +260,17 @@ func getBodyReaderAndContentLength(rawBody interface{}) (ReaderFunc, int64, erro
 		if err != nil {
 			return nil, 0, err
 		}
-		bodyReader = func() (io.Reader, error) {
-			return bytes.NewReader(buf), nil
+		if len(buf) == 0 {
+			bodyReader = func() (io.Reader, error) {
+				return http.NoBody, nil
+			}
+			contentLength = 0
+		} else {
+			bodyReader = func() (io.Reader, error) {
+				return bytes.NewReader(buf), nil
+			}
+			contentLength = int64(len(buf))
 		}
-		contentLength = int64(len(buf))
 
 	// No body provided, nothing to do
 	case nil:
diff --git a/vendor/github.com/hashicorp/go-retryablehttp/roundtripper.go b/vendor/github.com/hashicorp/go-retryablehttp/roundtripper.go
index 8f3ee3584..8c407adb3 100644
--- a/vendor/github.com/hashicorp/go-retryablehttp/roundtripper.go
+++ b/vendor/github.com/hashicorp/go-retryablehttp/roundtripper.go
@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
 package retryablehttp
 
 import (
diff --git a/vendor/github.com/hashicorp/hcl/decoder.go b/vendor/github.com/hashicorp/hcl/decoder.go
index bed9ebbe1..d9a00f21d 100644
--- a/vendor/github.com/hashicorp/hcl/decoder.go
+++ b/vendor/github.com/hashicorp/hcl/decoder.go
@@ -505,7 +505,7 @@ func expandObject(node ast.Node, result reflect.Value) ast.Node {
 	// we need to un-flatten the ast enough to decode
 	newNode := &ast.ObjectItem{
 		Keys: []*ast.ObjectKey{
-			&ast.ObjectKey{
+			{
 				Token: keyToken,
 			},
 		},
@@ -628,6 +628,24 @@ func (d *decoder) decodeStruct(name string, node ast.Node, result reflect.Value)
 	decodedFields := make([]string, 0, len(fields))
 	decodedFieldsVal := make([]reflect.Value, 0)
 	unusedKeysVal := make([]reflect.Value, 0)
+
+	// fill unusedNodeKeys with keys from the AST
+	// a slice because we have to do equals case fold to match Filter
+	unusedNodeKeys := make(map[string][]token.Pos, 0)
+	for i, item := range list.Items {
+		for _, k := range item.Keys {
+			// isNestedJSON returns true for e.g. bar in
+			// { "foo": { "bar": {...} } }
+			// This isn't an unused node key, so we want to skip it
+			isNestedJSON := i > 0 && len(item.Keys) > 1
+			if !isNestedJSON && (k.Token.JSON || k.Token.Type == token.IDENT) {
+				fn := k.Token.Value().(string)
+				sl := unusedNodeKeys[fn]
+				unusedNodeKeys[fn] = append(sl, k.Token.Pos)
+			}
+		}
+	}
+
 	for _, f := range fields {
 		field, fieldValue := f.field, f.val
 		if !fieldValue.IsValid() {
@@ -661,7 +679,7 @@ func (d *decoder) decodeStruct(name string, node ast.Node, result reflect.Value)
 
 				fieldValue.SetString(item.Keys[0].Token.Value().(string))
 				continue
-			case "unusedKeys":
+			case "unusedKeyPositions":
 				unusedKeysVal = append(unusedKeysVal, fieldValue)
 				continue
 			}
@@ -682,8 +700,9 @@ func (d *decoder) decodeStruct(name string, node ast.Node, result reflect.Value)
 			continue
 		}
 
-		// Track the used key
+		// Track the used keys
 		usedKeys[fieldName] = struct{}{}
+		unusedNodeKeys = removeCaseFold(unusedNodeKeys, fieldName)
 
 		// Create the field name and decode. We range over the elements
 		// because we actually want the value.
@@ -716,6 +735,13 @@ func (d *decoder) decodeStruct(name string, node ast.Node, result reflect.Value)
 		}
 	}
 
+	if len(unusedNodeKeys) > 0 {
+		// like decodedFields, populated the unusedKeys field(s)
+		for _, v := range unusedKeysVal {
+			v.Set(reflect.ValueOf(unusedNodeKeys))
+		}
+	}
+
 	return nil
 }
 
@@ -727,3 +753,17 @@ func findNodeType() reflect.Type {
 	value := reflect.ValueOf(nodeContainer).FieldByName("Node")
 	return value.Type()
 }
+
+func removeCaseFold(xs map[string][]token.Pos, y string) map[string][]token.Pos {
+	var toDel []string
+
+	for i := range xs {
+		if strings.EqualFold(i, y) {
+			toDel = append(toDel, i)
+		}
+	}
+	for _, i := range toDel {
+		delete(xs, i)
+	}
+	return xs
+}
diff --git a/vendor/github.com/hashicorp/hcl/hcl/ast/ast.go b/vendor/github.com/hashicorp/hcl/hcl/ast/ast.go
index 6e5ef654b..f5b6b93b9 100644
--- a/vendor/github.com/hashicorp/hcl/hcl/ast/ast.go
+++ b/vendor/github.com/hashicorp/hcl/hcl/ast/ast.go
@@ -25,6 +25,8 @@ func (ObjectType) node()   {}
 func (LiteralType) node()  {}
 func (ListType) node()     {}
 
+var unknownPos token.Pos
+
 // File represents a single HCL file
 type File struct {
 	Node     Node            // usually a *ObjectList
@@ -108,7 +110,12 @@ func (o *ObjectList) Elem() *ObjectList {
 }
 
 func (o *ObjectList) Pos() token.Pos {
-	// always returns the uninitiliazed position
+	// If an Object has no members, it won't have a first item
+	// to use as position
+	if len(o.Items) == 0 {
+		return unknownPos
+	}
+	// Return the uninitialized position
 	return o.Items[0].Pos()
 }
 
@@ -133,10 +140,10 @@ type ObjectItem struct {
 }
 
 func (o *ObjectItem) Pos() token.Pos {
-	// I'm not entirely sure what causes this, but removing this causes
-	// a test failure. We should investigate at some point.
+	// If a parsed object has no keys, there is no position
+	// for its first element.
 	if len(o.Keys) == 0 {
-		return token.Pos{}
+		return unknownPos
 	}
 
 	return o.Keys[0].Pos()
diff --git a/vendor/github.com/imdario/mergo/README.md b/vendor/github.com/imdario/mergo/README.md
index 4f0287498..ffbbb62c7 100644
--- a/vendor/github.com/imdario/mergo/README.md
+++ b/vendor/github.com/imdario/mergo/README.md
@@ -1,17 +1,20 @@
 # Mergo
 
-[![GoDoc][3]][4]
 [![GitHub release][5]][6]
 [![GoCard][7]][8]
-[![Build Status][1]][2]
-[![Coverage Status][9]][10]
+[![Test status][1]][2]
+[![OpenSSF Scorecard][21]][22]
+[![OpenSSF Best Practices][19]][20]
+[![Coverage status][9]][10]
 [![Sourcegraph][11]][12]
-[![FOSSA Status][13]][14]
+[![FOSSA status][13]][14]
+
+[![GoDoc][3]][4]
 [![Become my sponsor][15]][16]
 [![Tidelift][17]][18]
 
-[1]: https://travis-ci.org/imdario/mergo.png
-[2]: https://travis-ci.org/imdario/mergo
+[1]: https://github.com/imdario/mergo/workflows/tests/badge.svg?branch=master
+[2]: https://github.com/imdario/mergo/actions/workflows/tests.yml
 [3]: https://godoc.org/github.com/imdario/mergo?status.svg
 [4]: https://godoc.org/github.com/imdario/mergo
 [5]: https://img.shields.io/github/release/imdario/mergo.svg
@@ -28,6 +31,10 @@
 [16]: https://github.com/sponsors/imdario
 [17]: https://tidelift.com/badges/package/go/github.com%2Fimdario%2Fmergo
 [18]: https://tidelift.com/subscription/pkg/go-github.com-imdario-mergo
+[19]: https://bestpractices.coreinfrastructure.org/projects/7177/badge
+[20]: https://bestpractices.coreinfrastructure.org/projects/7177
+[21]: https://api.securityscorecards.dev/projects/github.com/imdario/mergo/badge
+[22]: https://api.securityscorecards.dev/projects/github.com/imdario/mergo
 
 A helper to merge structs and maps in Golang. Useful for configuration default values, avoiding messy if-statements.
 
@@ -232,5 +239,4 @@ Written by [Dario Castañé](http://dario.im).
 
 [BSD 3-Clause](http://opensource.org/licenses/BSD-3-Clause) license, as [Go language](http://golang.org/LICENSE).
 
-
 [![FOSSA Status](https://app.fossa.io/api/projects/git%2Bgithub.com%2Fimdario%2Fmergo.svg?type=large)](https://app.fossa.io/projects/git%2Bgithub.com%2Fimdario%2Fmergo?ref=badge_large)
diff --git a/vendor/github.com/jedisct1/go-minisign/LICENSE b/vendor/github.com/jedisct1/go-minisign/LICENSE
index 010ad6e7a..06c6cdbb9 100644
--- a/vendor/github.com/jedisct1/go-minisign/LICENSE
+++ b/vendor/github.com/jedisct1/go-minisign/LICENSE
@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2018-2021 Frank Denis
+Copyright (c) 2018-2023 Frank Denis
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
diff --git a/vendor/github.com/klauspost/compress/.goreleaser.yml b/vendor/github.com/klauspost/compress/.goreleaser.yml
index 7a008a4d2..4c28dff46 100644
--- a/vendor/github.com/klauspost/compress/.goreleaser.yml
+++ b/vendor/github.com/klauspost/compress/.goreleaser.yml
@@ -3,7 +3,7 @@
 before:
   hooks:
     - ./gen.sh
-    - go install mvdan.cc/garble@v0.9.3
+    - go install mvdan.cc/garble@v0.10.1
 
 builds:
   -
@@ -92,16 +92,7 @@ builds:
 archives:
   -
     id: s2-binaries
-    name_template: "s2-{{ .Os }}_{{ .Arch }}_{{ .Version }}"
-    replacements:
-      aix: AIX
-      darwin: OSX
-      linux: Linux
-      windows: Windows
-      386: i386
-      amd64: x86_64
-      freebsd: FreeBSD
-      netbsd: NetBSD
+    name_template: "s2-{{ .Os }}_{{ .Arch }}{{ if .Arm }}v{{ .Arm }}{{ end }}"
     format_overrides:
       - goos: windows
         format: zip
@@ -125,7 +116,7 @@ changelog:
 
 nfpms:
   -
-    file_name_template: "s2_package_{{ .Version }}_{{ .Os }}_{{ .Arch }}"
+    file_name_template: "s2_package__{{ .Os }}_{{ .Arch }}{{ if .Arm }}v{{ .Arm }}{{ end }}"
     vendor: Klaus Post
     homepage: https://github.com/klauspost/compress
     maintainer: Klaus Post <klauspost@gmail.com>
@@ -134,8 +125,3 @@ nfpms:
     formats:
       - deb
       - rpm
-    replacements:
-      darwin: Darwin
-      linux: Linux
-      freebsd: FreeBSD
-      amd64: x86_64
diff --git a/vendor/github.com/klauspost/compress/README.md b/vendor/github.com/klauspost/compress/README.md
index efab55e65..43de48677 100644
--- a/vendor/github.com/klauspost/compress/README.md
+++ b/vendor/github.com/klauspost/compress/README.md
@@ -16,6 +16,28 @@ This package provides various compression algorithms.
 
 # changelog
 
+* Sept 19th, 2023 - [v1.17.0](https://github.com/klauspost/compress/releases/tag/v1.17.0)
+	* Add experimental dictionary builder  https://github.com/klauspost/compress/pull/853
+	* Add xerial snappy read/writer https://github.com/klauspost/compress/pull/838
+	* flate: Add limited window compression https://github.com/klauspost/compress/pull/843
+	* s2: Do 2 overlapping match checks https://github.com/klauspost/compress/pull/839
+	* flate: Add amd64 assembly matchlen https://github.com/klauspost/compress/pull/837
+	* gzip: Copy bufio.Reader on Reset by @thatguystone in https://github.com/klauspost/compress/pull/860
+   
+* July 1st, 2023 - [v1.16.7](https://github.com/klauspost/compress/releases/tag/v1.16.7)
+	* zstd: Fix default level first dictionary encode https://github.com/klauspost/compress/pull/829
+	* s2: add GetBufferCapacity() method by @GiedriusS in https://github.com/klauspost/compress/pull/832
+
+* June 13, 2023 - [v1.16.6](https://github.com/klauspost/compress/releases/tag/v1.16.6)
+	* zstd: correctly ignore WithEncoderPadding(1) by @ianlancetaylor in https://github.com/klauspost/compress/pull/806
+	* zstd: Add amd64 match length assembly https://github.com/klauspost/compress/pull/824
+	* gzhttp: Handle informational headers by @rtribotte in https://github.com/klauspost/compress/pull/815
+	* s2: Improve Better compression slightly https://github.com/klauspost/compress/pull/663
+
+* Apr 16, 2023 - [v1.16.5](https://github.com/klauspost/compress/releases/tag/v1.16.5)
+	* zstd: readByte needs to use io.ReadFull by @jnoxon in https://github.com/klauspost/compress/pull/802
+	* gzip: Fix WriterTo after initial read https://github.com/klauspost/compress/pull/804
+
 * Apr 5, 2023 - [v1.16.4](https://github.com/klauspost/compress/releases/tag/v1.16.4)
 	* zstd: Improve zstd best efficiency by @greatroar and @klauspost in https://github.com/klauspost/compress/pull/784
 	* zstd: Respect WithAllLitEntropyCompression https://github.com/klauspost/compress/pull/792
@@ -40,6 +62,9 @@ This package provides various compression algorithms.
 	* s2: Support io.ReaderAt in ReadSeeker. https://github.com/klauspost/compress/pull/747
 	* s2c/s2sx: Use concurrent decoding. https://github.com/klauspost/compress/pull/746
 
+<details>
+	<summary>See changes to v1.15.x</summary>
+	
 * Jan 21st, 2023 (v1.15.15)
 	* deflate: Improve level 7-9 by @klauspost in https://github.com/klauspost/compress/pull/739
 	* zstd: Add delta encoding support by @greatroar in https://github.com/klauspost/compress/pull/728
@@ -166,6 +191,8 @@ Stream decompression is now faster on asynchronous, since the goroutine allocati
 
 While the release has been extensively tested, it is recommended to testing when upgrading.
 
+</details>
+
 <details>
 	<summary>See changes to v1.14.x</summary>
 	
@@ -626,6 +653,8 @@ Here are other packages of good quality and pure Go (no cgo wrappers or autoconv
 * [github.com/dsnet/compress](https://github.com/dsnet/compress) - brotli decompression, bzip2 writer.
 * [github.com/ronanh/intcomp](https://github.com/ronanh/intcomp) - Integer compression.
 * [github.com/spenczar/fpc](https://github.com/spenczar/fpc) - Float compression.
+* [github.com/minio/zipindex](https://github.com/minio/zipindex) - External ZIP directory index.
+* [github.com/ybirader/pzip](https://github.com/ybirader/pzip) - Fast concurrent zip archiver and extractor.
 
 # license
 
diff --git a/vendor/github.com/klauspost/compress/SECURITY.md b/vendor/github.com/klauspost/compress/SECURITY.md
new file mode 100644
index 000000000..ca6685e2b
--- /dev/null
+++ b/vendor/github.com/klauspost/compress/SECURITY.md
@@ -0,0 +1,25 @@
+# Security Policy
+
+## Supported Versions
+
+Security updates are applied only to the latest release.
+
+## Vulnerability Definition
+
+A security vulnerability is a bug that with certain input triggers a crash or an infinite loop. Most calls will have varying execution time and only in rare cases will slow operation be considered a security vulnerability.
+
+Corrupted output generally is not considered a security vulnerability, unless independent operations are able to affect each other. Note that not all functionality is re-entrant and safe to use concurrently.
+
+Out-of-memory crashes only applies if the en/decoder uses an abnormal amount of memory, with appropriate options applied, to limit maximum window size, concurrency, etc. However, if you are in doubt you are welcome to file a security issue.
+
+It is assumed that all callers are trusted, meaning internal data exposed through reflection or inspection of returned data structures is not considered a vulnerability.
+
+Vulnerabilities resulting from compiler/assembler errors should be reported upstream. Depending on the severity this package may or may not implement a workaround.
+
+## Reporting a Vulnerability
+
+If you have discovered a security vulnerability in this project, please report it privately. **Do not disclose it as a public issue.** This gives us time to work with you to fix the issue before public exposure, reducing the chance that the exploit will be used before a patch is released.
+
+Please disclose it at [security advisory](https://github.com/klauspost/compress/security/advisories/new). If possible please provide a minimal reproducer. If the issue only applies to a single platform, it would be helpful to provide access to that.
+
+This project is maintained by a team of volunteers on a reasonable-effort basis. As such, vulnerabilities will be disclosed in a best effort base.
diff --git a/vendor/github.com/klauspost/compress/flate/deflate.go b/vendor/github.com/klauspost/compress/flate/deflate.go
index 82882961a..de912e187 100644
--- a/vendor/github.com/klauspost/compress/flate/deflate.go
+++ b/vendor/github.com/klauspost/compress/flate/deflate.go
@@ -7,6 +7,7 @@ package flate
 
 import (
 	"encoding/binary"
+	"errors"
 	"fmt"
 	"io"
 	"math"
@@ -90,9 +91,8 @@ type advancedState struct {
 	ii uint16 // position of last match, intended to overflow to reset.
 
 	// input window: unprocessed data is window[index:windowEnd]
-	index          int
-	estBitsPerByte int
-	hashMatch      [maxMatchLength + minMatchLength]uint32
+	index     int
+	hashMatch [maxMatchLength + minMatchLength]uint32
 
 	// Input hash chains
 	// hashHead[hashValue] contains the largest inputIndex with the specified hash value
@@ -834,6 +834,12 @@ func (d *compressor) init(w io.Writer, level int) (err error) {
 		d.initDeflate()
 		d.fill = (*compressor).fillDeflate
 		d.step = (*compressor).deflateLazy
+	case -level >= MinCustomWindowSize && -level <= MaxCustomWindowSize:
+		d.w.logNewTablePenalty = 7
+		d.fast = &fastEncL5Window{maxOffset: int32(-level), cur: maxStoreBlockSize}
+		d.window = make([]byte, maxStoreBlockSize)
+		d.fill = (*compressor).fillBlock
+		d.step = (*compressor).storeFast
 	default:
 		return fmt.Errorf("flate: invalid compression level %d: want value in range [-2, 9]", level)
 	}
@@ -930,6 +936,28 @@ func NewWriterDict(w io.Writer, level int, dict []byte) (*Writer, error) {
 	return zw, err
 }
 
+// MinCustomWindowSize is the minimum window size that can be sent to NewWriterWindow.
+const MinCustomWindowSize = 32
+
+// MaxCustomWindowSize is the maximum custom window that can be sent to NewWriterWindow.
+const MaxCustomWindowSize = windowSize
+
+// NewWriterWindow returns a new Writer compressing data with a custom window size.
+// windowSize must be from MinCustomWindowSize to MaxCustomWindowSize.
+func NewWriterWindow(w io.Writer, windowSize int) (*Writer, error) {
+	if windowSize < MinCustomWindowSize {
+		return nil, errors.New("flate: requested window size less than MinWindowSize")
+	}
+	if windowSize > MaxCustomWindowSize {
+		return nil, errors.New("flate: requested window size bigger than MaxCustomWindowSize")
+	}
+	var dw Writer
+	if err := dw.d.init(w, -windowSize); err != nil {
+		return nil, err
+	}
+	return &dw, nil
+}
+
 // A Writer takes data written to it and writes the compressed
 // form of that data to an underlying writer (see NewWriter).
 type Writer struct {
diff --git a/vendor/github.com/klauspost/compress/flate/fast_encoder.go b/vendor/github.com/klauspost/compress/flate/fast_encoder.go
index 24caf5f70..c8124b5c4 100644
--- a/vendor/github.com/klauspost/compress/flate/fast_encoder.go
+++ b/vendor/github.com/klauspost/compress/flate/fast_encoder.go
@@ -8,7 +8,6 @@ package flate
 import (
 	"encoding/binary"
 	"fmt"
-	"math/bits"
 )
 
 type fastEnc interface {
@@ -192,25 +191,3 @@ func (e *fastGen) Reset() {
 	}
 	e.hist = e.hist[:0]
 }
-
-// matchLen returns the maximum length.
-// 'a' must be the shortest of the two.
-func matchLen(a, b []byte) int {
-	var checked int
-
-	for len(a) >= 8 {
-		if diff := binary.LittleEndian.Uint64(a) ^ binary.LittleEndian.Uint64(b); diff != 0 {
-			return checked + (bits.TrailingZeros64(diff) >> 3)
-		}
-		checked += 8
-		a = a[8:]
-		b = b[8:]
-	}
-	b = b[:len(a)]
-	for i := range a {
-		if a[i] != b[i] {
-			return i + checked
-		}
-	}
-	return len(a) + checked
-}
diff --git a/vendor/github.com/klauspost/compress/flate/huffman_bit_writer.go b/vendor/github.com/klauspost/compress/flate/huffman_bit_writer.go
index 89a5dd89f..f70594c34 100644
--- a/vendor/github.com/klauspost/compress/flate/huffman_bit_writer.go
+++ b/vendor/github.com/klauspost/compress/flate/huffman_bit_writer.go
@@ -34,11 +34,6 @@ const (
 	// Should preferably be a multiple of 6, since
 	// we accumulate 6 bytes between writes to the buffer.
 	bufferFlushSize = 246
-
-	// bufferSize is the actual output byte buffer size.
-	// It must have additional headroom for a flush
-	// which can contain up to 8 bytes.
-	bufferSize = bufferFlushSize + 8
 )
 
 // Minimum length code that emits bits.
diff --git a/vendor/github.com/klauspost/compress/flate/huffman_sortByFreq.go b/vendor/github.com/klauspost/compress/flate/huffman_sortByFreq.go
index 207780299..6c05ba8c1 100644
--- a/vendor/github.com/klauspost/compress/flate/huffman_sortByFreq.go
+++ b/vendor/github.com/klauspost/compress/flate/huffman_sortByFreq.go
@@ -42,25 +42,6 @@ func quickSortByFreq(data []literalNode, a, b, maxDepth int) {
 	}
 }
 
-// siftDownByFreq implements the heap property on data[lo, hi).
-// first is an offset into the array where the root of the heap lies.
-func siftDownByFreq(data []literalNode, lo, hi, first int) {
-	root := lo
-	for {
-		child := 2*root + 1
-		if child >= hi {
-			break
-		}
-		if child+1 < hi && (data[first+child].freq == data[first+child+1].freq && data[first+child].literal < data[first+child+1].literal || data[first+child].freq < data[first+child+1].freq) {
-			child++
-		}
-		if data[first+root].freq == data[first+child].freq && data[first+root].literal > data[first+child].literal || data[first+root].freq > data[first+child].freq {
-			return
-		}
-		data[first+root], data[first+child] = data[first+child], data[first+root]
-		root = child
-	}
-}
 func doPivotByFreq(data []literalNode, lo, hi int) (midlo, midhi int) {
 	m := int(uint(lo+hi) >> 1) // Written like this to avoid integer overflow.
 	if hi-lo > 40 {
diff --git a/vendor/github.com/klauspost/compress/flate/inflate.go b/vendor/github.com/klauspost/compress/flate/inflate.go
index 414c0bea9..2f410d64f 100644
--- a/vendor/github.com/klauspost/compress/flate/inflate.go
+++ b/vendor/github.com/klauspost/compress/flate/inflate.go
@@ -120,8 +120,9 @@ func (h *huffmanDecoder) init(lengths []int) bool {
 	const sanity = false
 
 	if h.chunks == nil {
-		h.chunks = &[huffmanNumChunks]uint16{}
+		h.chunks = new([huffmanNumChunks]uint16)
 	}
+
 	if h.maxRead != 0 {
 		*h = huffmanDecoder{chunks: h.chunks, links: h.links}
 	}
@@ -175,6 +176,7 @@ func (h *huffmanDecoder) init(lengths []int) bool {
 	}
 
 	h.maxRead = min
+
 	chunks := h.chunks[:]
 	for i := range chunks {
 		chunks[i] = 0
@@ -202,8 +204,7 @@ func (h *huffmanDecoder) init(lengths []int) bool {
 			if cap(h.links[off]) < numLinks {
 				h.links[off] = make([]uint16, numLinks)
 			} else {
-				links := h.links[off][:0]
-				h.links[off] = links[:numLinks]
+				h.links[off] = h.links[off][:numLinks]
 			}
 		}
 	} else {
@@ -277,7 +278,7 @@ func (h *huffmanDecoder) init(lengths []int) bool {
 	return true
 }
 
-// The actual read interface needed by NewReader.
+// Reader is the actual read interface needed by NewReader.
 // If the passed in io.Reader does not also have ReadByte,
 // the NewReader will introduce its own buffering.
 type Reader interface {
@@ -285,6 +286,18 @@ type Reader interface {
 	io.ByteReader
 }
 
+type step uint8
+
+const (
+	copyData step = iota + 1
+	nextBlock
+	huffmanBytesBuffer
+	huffmanBytesReader
+	huffmanBufioReader
+	huffmanStringsReader
+	huffmanGenericReader
+)
+
 // Decompress state.
 type decompressor struct {
 	// Input source.
@@ -303,7 +316,7 @@ type decompressor struct {
 
 	// Next step in the decompression,
 	// and decompression state.
-	step      func(*decompressor)
+	step      step
 	stepState int
 	err       error
 	toRead    []byte
@@ -342,7 +355,7 @@ func (f *decompressor) nextBlock() {
 		// compressed, fixed Huffman tables
 		f.hl = &fixedHuffmanDecoder
 		f.hd = nil
-		f.huffmanBlockDecoder()()
+		f.huffmanBlockDecoder()
 		if debugDecode {
 			fmt.Println("predefinied huffman block")
 		}
@@ -353,7 +366,7 @@ func (f *decompressor) nextBlock() {
 		}
 		f.hl = &f.h1
 		f.hd = &f.h2
-		f.huffmanBlockDecoder()()
+		f.huffmanBlockDecoder()
 		if debugDecode {
 			fmt.Println("dynamic huffman block")
 		}
@@ -379,14 +392,16 @@ func (f *decompressor) Read(b []byte) (int, error) {
 		if f.err != nil {
 			return 0, f.err
 		}
-		f.step(f)
+
+		f.doStep()
+
 		if f.err != nil && len(f.toRead) == 0 {
 			f.toRead = f.dict.readFlush() // Flush what's left in case of error
 		}
 	}
 }
 
-// Support the io.WriteTo interface for io.Copy and friends.
+// WriteTo implements the io.WriteTo interface for io.Copy and friends.
 func (f *decompressor) WriteTo(w io.Writer) (int64, error) {
 	total := int64(0)
 	flushed := false
@@ -410,7 +425,7 @@ func (f *decompressor) WriteTo(w io.Writer) (int64, error) {
 			return total, f.err
 		}
 		if f.err == nil {
-			f.step(f)
+			f.doStep()
 		}
 		if len(f.toRead) == 0 && f.err != nil && !flushed {
 			f.toRead = f.dict.readFlush() // Flush what's left in case of error
@@ -631,7 +646,7 @@ func (f *decompressor) copyData() {
 
 	if f.dict.availWrite() == 0 || f.copyLen > 0 {
 		f.toRead = f.dict.readFlush()
-		f.step = (*decompressor).copyData
+		f.step = copyData
 		return
 	}
 	f.finishBlock()
@@ -644,7 +659,28 @@ func (f *decompressor) finishBlock() {
 		}
 		f.err = io.EOF
 	}
-	f.step = (*decompressor).nextBlock
+	f.step = nextBlock
+}
+
+func (f *decompressor) doStep() {
+	switch f.step {
+	case copyData:
+		f.copyData()
+	case nextBlock:
+		f.nextBlock()
+	case huffmanBytesBuffer:
+		f.huffmanBytesBuffer()
+	case huffmanBytesReader:
+		f.huffmanBytesReader()
+	case huffmanBufioReader:
+		f.huffmanBufioReader()
+	case huffmanStringsReader:
+		f.huffmanStringsReader()
+	case huffmanGenericReader:
+		f.huffmanGenericReader()
+	default:
+		panic("BUG: unexpected step state")
+	}
 }
 
 // noEOF returns err, unless err == io.EOF, in which case it returns io.ErrUnexpectedEOF.
@@ -747,7 +783,7 @@ func (f *decompressor) Reset(r io.Reader, dict []byte) error {
 		h1:       f.h1,
 		h2:       f.h2,
 		dict:     f.dict,
-		step:     (*decompressor).nextBlock,
+		step:     nextBlock,
 	}
 	f.dict.init(maxMatchOffset, dict)
 	return nil
@@ -768,7 +804,7 @@ func NewReader(r io.Reader) io.ReadCloser {
 	f.r = makeReader(r)
 	f.bits = new([maxNumLit + maxNumDist]int)
 	f.codebits = new([numCodes]int)
-	f.step = (*decompressor).nextBlock
+	f.step = nextBlock
 	f.dict.init(maxMatchOffset, nil)
 	return &f
 }
@@ -787,7 +823,7 @@ func NewReaderDict(r io.Reader, dict []byte) io.ReadCloser {
 	f.r = makeReader(r)
 	f.bits = new([maxNumLit + maxNumDist]int)
 	f.codebits = new([numCodes]int)
-	f.step = (*decompressor).nextBlock
+	f.step = nextBlock
 	f.dict.init(maxMatchOffset, dict)
 	return &f
 }
diff --git a/vendor/github.com/klauspost/compress/flate/inflate_gen.go b/vendor/github.com/klauspost/compress/flate/inflate_gen.go
index 61342b6b8..2b2f993f7 100644
--- a/vendor/github.com/klauspost/compress/flate/inflate_gen.go
+++ b/vendor/github.com/klauspost/compress/flate/inflate_gen.go
@@ -85,7 +85,7 @@ readLiteral:
 			dict.writeByte(byte(v))
 			if dict.availWrite() == 0 {
 				f.toRead = dict.readFlush()
-				f.step = (*decompressor).huffmanBytesBuffer
+				f.step = huffmanBytesBuffer
 				f.stepState = stateInit
 				f.b, f.nb = fb, fnb
 				return
@@ -251,7 +251,7 @@ copyHistory:
 
 		if dict.availWrite() == 0 || f.copyLen > 0 {
 			f.toRead = dict.readFlush()
-			f.step = (*decompressor).huffmanBytesBuffer // We need to continue this work
+			f.step = huffmanBytesBuffer // We need to continue this work
 			f.stepState = stateDict
 			f.b, f.nb = fb, fnb
 			return
@@ -336,7 +336,7 @@ readLiteral:
 			dict.writeByte(byte(v))
 			if dict.availWrite() == 0 {
 				f.toRead = dict.readFlush()
-				f.step = (*decompressor).huffmanBytesReader
+				f.step = huffmanBytesReader
 				f.stepState = stateInit
 				f.b, f.nb = fb, fnb
 				return
@@ -502,7 +502,7 @@ copyHistory:
 
 		if dict.availWrite() == 0 || f.copyLen > 0 {
 			f.toRead = dict.readFlush()
-			f.step = (*decompressor).huffmanBytesReader // We need to continue this work
+			f.step = huffmanBytesReader // We need to continue this work
 			f.stepState = stateDict
 			f.b, f.nb = fb, fnb
 			return
@@ -587,7 +587,7 @@ readLiteral:
 			dict.writeByte(byte(v))
 			if dict.availWrite() == 0 {
 				f.toRead = dict.readFlush()
-				f.step = (*decompressor).huffmanBufioReader
+				f.step = huffmanBufioReader
 				f.stepState = stateInit
 				f.b, f.nb = fb, fnb
 				return
@@ -753,7 +753,7 @@ copyHistory:
 
 		if dict.availWrite() == 0 || f.copyLen > 0 {
 			f.toRead = dict.readFlush()
-			f.step = (*decompressor).huffmanBufioReader // We need to continue this work
+			f.step = huffmanBufioReader // We need to continue this work
 			f.stepState = stateDict
 			f.b, f.nb = fb, fnb
 			return
@@ -838,7 +838,7 @@ readLiteral:
 			dict.writeByte(byte(v))
 			if dict.availWrite() == 0 {
 				f.toRead = dict.readFlush()
-				f.step = (*decompressor).huffmanStringsReader
+				f.step = huffmanStringsReader
 				f.stepState = stateInit
 				f.b, f.nb = fb, fnb
 				return
@@ -1004,7 +1004,7 @@ copyHistory:
 
 		if dict.availWrite() == 0 || f.copyLen > 0 {
 			f.toRead = dict.readFlush()
-			f.step = (*decompressor).huffmanStringsReader // We need to continue this work
+			f.step = huffmanStringsReader // We need to continue this work
 			f.stepState = stateDict
 			f.b, f.nb = fb, fnb
 			return
@@ -1089,7 +1089,7 @@ readLiteral:
 			dict.writeByte(byte(v))
 			if dict.availWrite() == 0 {
 				f.toRead = dict.readFlush()
-				f.step = (*decompressor).huffmanGenericReader
+				f.step = huffmanGenericReader
 				f.stepState = stateInit
 				f.b, f.nb = fb, fnb
 				return
@@ -1255,7 +1255,7 @@ copyHistory:
 
 		if dict.availWrite() == 0 || f.copyLen > 0 {
 			f.toRead = dict.readFlush()
-			f.step = (*decompressor).huffmanGenericReader // We need to continue this work
+			f.step = huffmanGenericReader // We need to continue this work
 			f.stepState = stateDict
 			f.b, f.nb = fb, fnb
 			return
@@ -1265,19 +1265,19 @@ copyHistory:
 	// Not reached
 }
 
-func (f *decompressor) huffmanBlockDecoder() func() {
+func (f *decompressor) huffmanBlockDecoder() {
 	switch f.r.(type) {
 	case *bytes.Buffer:
-		return f.huffmanBytesBuffer
+		f.huffmanBytesBuffer()
 	case *bytes.Reader:
-		return f.huffmanBytesReader
+		f.huffmanBytesReader()
 	case *bufio.Reader:
-		return f.huffmanBufioReader
+		f.huffmanBufioReader()
 	case *strings.Reader:
-		return f.huffmanStringsReader
+		f.huffmanStringsReader()
 	case Reader:
-		return f.huffmanGenericReader
+		f.huffmanGenericReader()
 	default:
-		return f.huffmanGenericReader
+		f.huffmanGenericReader()
 	}
 }
diff --git a/vendor/github.com/klauspost/compress/flate/level5.go b/vendor/github.com/klauspost/compress/flate/level5.go
index 83ef50ba4..1f61ec182 100644
--- a/vendor/github.com/klauspost/compress/flate/level5.go
+++ b/vendor/github.com/klauspost/compress/flate/level5.go
@@ -308,3 +308,401 @@ emitRemainder:
 		emitLiteral(dst, src[nextEmit:])
 	}
 }
+
+// fastEncL5Window is a level 5 encoder,
+// but with a custom window size.
+type fastEncL5Window struct {
+	hist      []byte
+	cur       int32
+	maxOffset int32
+	table     [tableSize]tableEntry
+	bTable    [tableSize]tableEntryPrev
+}
+
+func (e *fastEncL5Window) Encode(dst *tokens, src []byte) {
+	const (
+		inputMargin            = 12 - 1
+		minNonLiteralBlockSize = 1 + 1 + inputMargin
+		hashShortBytes         = 4
+	)
+	maxMatchOffset := e.maxOffset
+	if debugDeflate && e.cur < 0 {
+		panic(fmt.Sprint("e.cur < 0: ", e.cur))
+	}
+
+	// Protect against e.cur wraparound.
+	for e.cur >= bufferReset {
+		if len(e.hist) == 0 {
+			for i := range e.table[:] {
+				e.table[i] = tableEntry{}
+			}
+			for i := range e.bTable[:] {
+				e.bTable[i] = tableEntryPrev{}
+			}
+			e.cur = maxMatchOffset
+			break
+		}
+		// Shift down everything in the table that isn't already too far away.
+		minOff := e.cur + int32(len(e.hist)) - maxMatchOffset
+		for i := range e.table[:] {
+			v := e.table[i].offset
+			if v <= minOff {
+				v = 0
+			} else {
+				v = v - e.cur + maxMatchOffset
+			}
+			e.table[i].offset = v
+		}
+		for i := range e.bTable[:] {
+			v := e.bTable[i]
+			if v.Cur.offset <= minOff {
+				v.Cur.offset = 0
+				v.Prev.offset = 0
+			} else {
+				v.Cur.offset = v.Cur.offset - e.cur + maxMatchOffset
+				if v.Prev.offset <= minOff {
+					v.Prev.offset = 0
+				} else {
+					v.Prev.offset = v.Prev.offset - e.cur + maxMatchOffset
+				}
+			}
+			e.bTable[i] = v
+		}
+		e.cur = maxMatchOffset
+	}
+
+	s := e.addBlock(src)
+
+	// This check isn't in the Snappy implementation, but there, the caller
+	// instead of the callee handles this case.
+	if len(src) < minNonLiteralBlockSize {
+		// We do not fill the token table.
+		// This will be picked up by caller.
+		dst.n = uint16(len(src))
+		return
+	}
+
+	// Override src
+	src = e.hist
+	nextEmit := s
+
+	// sLimit is when to stop looking for offset/length copies. The inputMargin
+	// lets us use a fast path for emitLiteral in the main loop, while we are
+	// looking for copies.
+	sLimit := int32(len(src) - inputMargin)
+
+	// nextEmit is where in src the next emitLiteral should start from.
+	cv := load6432(src, s)
+	for {
+		const skipLog = 6
+		const doEvery = 1
+
+		nextS := s
+		var l int32
+		var t int32
+		for {
+			nextHashS := hashLen(cv, tableBits, hashShortBytes)
+			nextHashL := hash7(cv, tableBits)
+
+			s = nextS
+			nextS = s + doEvery + (s-nextEmit)>>skipLog
+			if nextS > sLimit {
+				goto emitRemainder
+			}
+			// Fetch a short+long candidate
+			sCandidate := e.table[nextHashS]
+			lCandidate := e.bTable[nextHashL]
+			next := load6432(src, nextS)
+			entry := tableEntry{offset: s + e.cur}
+			e.table[nextHashS] = entry
+			eLong := &e.bTable[nextHashL]
+			eLong.Cur, eLong.Prev = entry, eLong.Cur
+
+			nextHashS = hashLen(next, tableBits, hashShortBytes)
+			nextHashL = hash7(next, tableBits)
+
+			t = lCandidate.Cur.offset - e.cur
+			if s-t < maxMatchOffset {
+				if uint32(cv) == load3232(src, lCandidate.Cur.offset-e.cur) {
+					// Store the next match
+					e.table[nextHashS] = tableEntry{offset: nextS + e.cur}
+					eLong := &e.bTable[nextHashL]
+					eLong.Cur, eLong.Prev = tableEntry{offset: nextS + e.cur}, eLong.Cur
+
+					t2 := lCandidate.Prev.offset - e.cur
+					if s-t2 < maxMatchOffset && uint32(cv) == load3232(src, lCandidate.Prev.offset-e.cur) {
+						l = e.matchlen(s+4, t+4, src) + 4
+						ml1 := e.matchlen(s+4, t2+4, src) + 4
+						if ml1 > l {
+							t = t2
+							l = ml1
+							break
+						}
+					}
+					break
+				}
+				t = lCandidate.Prev.offset - e.cur
+				if s-t < maxMatchOffset && uint32(cv) == load3232(src, lCandidate.Prev.offset-e.cur) {
+					// Store the next match
+					e.table[nextHashS] = tableEntry{offset: nextS + e.cur}
+					eLong := &e.bTable[nextHashL]
+					eLong.Cur, eLong.Prev = tableEntry{offset: nextS + e.cur}, eLong.Cur
+					break
+				}
+			}
+
+			t = sCandidate.offset - e.cur
+			if s-t < maxMatchOffset && uint32(cv) == load3232(src, sCandidate.offset-e.cur) {
+				// Found a 4 match...
+				l = e.matchlen(s+4, t+4, src) + 4
+				lCandidate = e.bTable[nextHashL]
+				// Store the next match
+
+				e.table[nextHashS] = tableEntry{offset: nextS + e.cur}
+				eLong := &e.bTable[nextHashL]
+				eLong.Cur, eLong.Prev = tableEntry{offset: nextS + e.cur}, eLong.Cur
+
+				// If the next long is a candidate, use that...
+				t2 := lCandidate.Cur.offset - e.cur
+				if nextS-t2 < maxMatchOffset {
+					if load3232(src, lCandidate.Cur.offset-e.cur) == uint32(next) {
+						ml := e.matchlen(nextS+4, t2+4, src) + 4
+						if ml > l {
+							t = t2
+							s = nextS
+							l = ml
+							break
+						}
+					}
+					// If the previous long is a candidate, use that...
+					t2 = lCandidate.Prev.offset - e.cur
+					if nextS-t2 < maxMatchOffset && load3232(src, lCandidate.Prev.offset-e.cur) == uint32(next) {
+						ml := e.matchlen(nextS+4, t2+4, src) + 4
+						if ml > l {
+							t = t2
+							s = nextS
+							l = ml
+							break
+						}
+					}
+				}
+				break
+			}
+			cv = next
+		}
+
+		// A 4-byte match has been found. We'll later see if more than 4 bytes
+		// match. But, prior to the match, src[nextEmit:s] are unmatched. Emit
+		// them as literal bytes.
+
+		if l == 0 {
+			// Extend the 4-byte match as long as possible.
+			l = e.matchlenLong(s+4, t+4, src) + 4
+		} else if l == maxMatchLength {
+			l += e.matchlenLong(s+l, t+l, src)
+		}
+
+		// Try to locate a better match by checking the end of best match...
+		if sAt := s + l; l < 30 && sAt < sLimit {
+			// Allow some bytes at the beginning to mismatch.
+			// Sweet spot is 2/3 bytes depending on input.
+			// 3 is only a little better when it is but sometimes a lot worse.
+			// The skipped bytes are tested in Extend backwards,
+			// and still picked up as part of the match if they do.
+			const skipBeginning = 2
+			eLong := e.bTable[hash7(load6432(src, sAt), tableBits)].Cur.offset
+			t2 := eLong - e.cur - l + skipBeginning
+			s2 := s + skipBeginning
+			off := s2 - t2
+			if t2 >= 0 && off < maxMatchOffset && off > 0 {
+				if l2 := e.matchlenLong(s2, t2, src); l2 > l {
+					t = t2
+					l = l2
+					s = s2
+				}
+			}
+		}
+
+		// Extend backwards
+		for t > 0 && s > nextEmit && src[t-1] == src[s-1] {
+			s--
+			t--
+			l++
+		}
+		if nextEmit < s {
+			if false {
+				emitLiteral(dst, src[nextEmit:s])
+			} else {
+				for _, v := range src[nextEmit:s] {
+					dst.tokens[dst.n] = token(v)
+					dst.litHist[v]++
+					dst.n++
+				}
+			}
+		}
+		if debugDeflate {
+			if t >= s {
+				panic(fmt.Sprintln("s-t", s, t))
+			}
+			if (s - t) > maxMatchOffset {
+				panic(fmt.Sprintln("mmo", s-t))
+			}
+			if l < baseMatchLength {
+				panic("bml")
+			}
+		}
+
+		dst.AddMatchLong(l, uint32(s-t-baseMatchOffset))
+		s += l
+		nextEmit = s
+		if nextS >= s {
+			s = nextS + 1
+		}
+
+		if s >= sLimit {
+			goto emitRemainder
+		}
+
+		// Store every 3rd hash in-between.
+		if true {
+			const hashEvery = 3
+			i := s - l + 1
+			if i < s-1 {
+				cv := load6432(src, i)
+				t := tableEntry{offset: i + e.cur}
+				e.table[hashLen(cv, tableBits, hashShortBytes)] = t
+				eLong := &e.bTable[hash7(cv, tableBits)]
+				eLong.Cur, eLong.Prev = t, eLong.Cur
+
+				// Do an long at i+1
+				cv >>= 8
+				t = tableEntry{offset: t.offset + 1}
+				eLong = &e.bTable[hash7(cv, tableBits)]
+				eLong.Cur, eLong.Prev = t, eLong.Cur
+
+				// We only have enough bits for a short entry at i+2
+				cv >>= 8
+				t = tableEntry{offset: t.offset + 1}
+				e.table[hashLen(cv, tableBits, hashShortBytes)] = t
+
+				// Skip one - otherwise we risk hitting 's'
+				i += 4
+				for ; i < s-1; i += hashEvery {
+					cv := load6432(src, i)
+					t := tableEntry{offset: i + e.cur}
+					t2 := tableEntry{offset: t.offset + 1}
+					eLong := &e.bTable[hash7(cv, tableBits)]
+					eLong.Cur, eLong.Prev = t, eLong.Cur
+					e.table[hashLen(cv>>8, tableBits, hashShortBytes)] = t2
+				}
+			}
+		}
+
+		// We could immediately start working at s now, but to improve
+		// compression we first update the hash table at s-1 and at s.
+		x := load6432(src, s-1)
+		o := e.cur + s - 1
+		prevHashS := hashLen(x, tableBits, hashShortBytes)
+		prevHashL := hash7(x, tableBits)
+		e.table[prevHashS] = tableEntry{offset: o}
+		eLong := &e.bTable[prevHashL]
+		eLong.Cur, eLong.Prev = tableEntry{offset: o}, eLong.Cur
+		cv = x >> 8
+	}
+
+emitRemainder:
+	if int(nextEmit) < len(src) {
+		// If nothing was added, don't encode literals.
+		if dst.n == 0 {
+			return
+		}
+
+		emitLiteral(dst, src[nextEmit:])
+	}
+}
+
+// Reset the encoding table.
+func (e *fastEncL5Window) Reset() {
+	// We keep the same allocs, since we are compressing the same block sizes.
+	if cap(e.hist) < allocHistory {
+		e.hist = make([]byte, 0, allocHistory)
+	}
+
+	// We offset current position so everything will be out of reach.
+	// If we are above the buffer reset it will be cleared anyway since len(hist) == 0.
+	if e.cur <= int32(bufferReset) {
+		e.cur += e.maxOffset + int32(len(e.hist))
+	}
+	e.hist = e.hist[:0]
+}
+
+func (e *fastEncL5Window) addBlock(src []byte) int32 {
+	// check if we have space already
+	maxMatchOffset := e.maxOffset
+
+	if len(e.hist)+len(src) > cap(e.hist) {
+		if cap(e.hist) == 0 {
+			e.hist = make([]byte, 0, allocHistory)
+		} else {
+			if cap(e.hist) < int(maxMatchOffset*2) {
+				panic("unexpected buffer size")
+			}
+			// Move down
+			offset := int32(len(e.hist)) - maxMatchOffset
+			copy(e.hist[0:maxMatchOffset], e.hist[offset:])
+			e.cur += offset
+			e.hist = e.hist[:maxMatchOffset]
+		}
+	}
+	s := int32(len(e.hist))
+	e.hist = append(e.hist, src...)
+	return s
+}
+
+// matchlen will return the match length between offsets and t in src.
+// The maximum length returned is maxMatchLength - 4.
+// It is assumed that s > t, that t >=0 and s < len(src).
+func (e *fastEncL5Window) matchlen(s, t int32, src []byte) int32 {
+	if debugDecode {
+		if t >= s {
+			panic(fmt.Sprint("t >=s:", t, s))
+		}
+		if int(s) >= len(src) {
+			panic(fmt.Sprint("s >= len(src):", s, len(src)))
+		}
+		if t < 0 {
+			panic(fmt.Sprint("t < 0:", t))
+		}
+		if s-t > e.maxOffset {
+			panic(fmt.Sprint(s, "-", t, "(", s-t, ") > maxMatchLength (", maxMatchOffset, ")"))
+		}
+	}
+	s1 := int(s) + maxMatchLength - 4
+	if s1 > len(src) {
+		s1 = len(src)
+	}
+
+	// Extend the match to be as long as possible.
+	return int32(matchLen(src[s:s1], src[t:]))
+}
+
+// matchlenLong will return the match length between offsets and t in src.
+// It is assumed that s > t, that t >=0 and s < len(src).
+func (e *fastEncL5Window) matchlenLong(s, t int32, src []byte) int32 {
+	if debugDeflate {
+		if t >= s {
+			panic(fmt.Sprint("t >=s:", t, s))
+		}
+		if int(s) >= len(src) {
+			panic(fmt.Sprint("s >= len(src):", s, len(src)))
+		}
+		if t < 0 {
+			panic(fmt.Sprint("t < 0:", t))
+		}
+		if s-t > e.maxOffset {
+			panic(fmt.Sprint(s, "-", t, "(", s-t, ") > maxMatchLength (", maxMatchOffset, ")"))
+		}
+	}
+	// Extend the match to be as long as possible.
+	return int32(matchLen(src[s:], src[t:]))
+}
diff --git a/vendor/github.com/klauspost/compress/flate/matchlen_amd64.go b/vendor/github.com/klauspost/compress/flate/matchlen_amd64.go
new file mode 100644
index 000000000..4bd388584
--- /dev/null
+++ b/vendor/github.com/klauspost/compress/flate/matchlen_amd64.go
@@ -0,0 +1,16 @@
+//go:build amd64 && !appengine && !noasm && gc
+// +build amd64,!appengine,!noasm,gc
+
+// Copyright 2019+ Klaus Post. All rights reserved.
+// License information can be found in the LICENSE file.
+
+package flate
+
+// matchLen returns how many bytes match in a and b
+//
+// It assumes that:
+//
+//	len(a) <= len(b) and len(a) > 0
+//
+//go:noescape
+func matchLen(a []byte, b []byte) int
diff --git a/vendor/github.com/klauspost/compress/flate/matchlen_amd64.s b/vendor/github.com/klauspost/compress/flate/matchlen_amd64.s
new file mode 100644
index 000000000..9a7655c0f
--- /dev/null
+++ b/vendor/github.com/klauspost/compress/flate/matchlen_amd64.s
@@ -0,0 +1,68 @@
+// Copied from S2 implementation.
+
+//go:build !appengine && !noasm && gc && !noasm
+
+#include "textflag.h"
+
+// func matchLen(a []byte, b []byte) int
+// Requires: BMI
+TEXT ·matchLen(SB), NOSPLIT, $0-56
+	MOVQ a_base+0(FP), AX
+	MOVQ b_base+24(FP), CX
+	MOVQ a_len+8(FP), DX
+
+	// matchLen
+	XORL SI, SI
+	CMPL DX, $0x08
+	JB   matchlen_match4_standalone
+
+matchlen_loopback_standalone:
+	MOVQ  (AX)(SI*1), BX
+	XORQ  (CX)(SI*1), BX
+	TESTQ BX, BX
+	JZ    matchlen_loop_standalone
+
+#ifdef GOAMD64_v3
+	TZCNTQ BX, BX
+#else
+	BSFQ BX, BX
+#endif
+	SARQ $0x03, BX
+	LEAL (SI)(BX*1), SI
+	JMP  gen_match_len_end
+
+matchlen_loop_standalone:
+	LEAL -8(DX), DX
+	LEAL 8(SI), SI
+	CMPL DX, $0x08
+	JAE  matchlen_loopback_standalone
+
+matchlen_match4_standalone:
+	CMPL DX, $0x04
+	JB   matchlen_match2_standalone
+	MOVL (AX)(SI*1), BX
+	CMPL (CX)(SI*1), BX
+	JNE  matchlen_match2_standalone
+	LEAL -4(DX), DX
+	LEAL 4(SI), SI
+
+matchlen_match2_standalone:
+	CMPL DX, $0x02
+	JB   matchlen_match1_standalone
+	MOVW (AX)(SI*1), BX
+	CMPW (CX)(SI*1), BX
+	JNE  matchlen_match1_standalone
+	LEAL -2(DX), DX
+	LEAL 2(SI), SI
+
+matchlen_match1_standalone:
+	CMPL DX, $0x01
+	JB   gen_match_len_end
+	MOVB (AX)(SI*1), BL
+	CMPB (CX)(SI*1), BL
+	JNE  gen_match_len_end
+	INCL SI
+
+gen_match_len_end:
+	MOVQ SI, ret+48(FP)
+	RET
diff --git a/vendor/github.com/klauspost/compress/flate/matchlen_generic.go b/vendor/github.com/klauspost/compress/flate/matchlen_generic.go
new file mode 100644
index 000000000..ad5cd814b
--- /dev/null
+++ b/vendor/github.com/klauspost/compress/flate/matchlen_generic.go
@@ -0,0 +1,33 @@
+//go:build !amd64 || appengine || !gc || noasm
+// +build !amd64 appengine !gc noasm
+
+// Copyright 2019+ Klaus Post. All rights reserved.
+// License information can be found in the LICENSE file.
+
+package flate
+
+import (
+	"encoding/binary"
+	"math/bits"
+)
+
+// matchLen returns the maximum common prefix length of a and b.
+// a must be the shortest of the two.
+func matchLen(a, b []byte) (n int) {
+	for ; len(a) >= 8 && len(b) >= 8; a, b = a[8:], b[8:] {
+		diff := binary.LittleEndian.Uint64(a) ^ binary.LittleEndian.Uint64(b)
+		if diff != 0 {
+			return n + bits.TrailingZeros64(diff)>>3
+		}
+		n += 8
+	}
+
+	for i := range a {
+		if a[i] != b[i] {
+			break
+		}
+		n++
+	}
+	return n
+
+}
diff --git a/vendor/github.com/klauspost/compress/fse/bitwriter.go b/vendor/github.com/klauspost/compress/fse/bitwriter.go
index 43e463611..e82fa3bb7 100644
--- a/vendor/github.com/klauspost/compress/fse/bitwriter.go
+++ b/vendor/github.com/klauspost/compress/fse/bitwriter.go
@@ -152,12 +152,11 @@ func (b *bitWriter) flushAlign() {
 
 // close will write the alignment bit and write the final byte(s)
 // to the output.
-func (b *bitWriter) close() error {
+func (b *bitWriter) close() {
 	// End mark
 	b.addBits16Clean(1, 1)
 	// flush until next byte.
 	b.flushAlign()
-	return nil
 }
 
 // reset and continue writing by appending to out.
diff --git a/vendor/github.com/klauspost/compress/fse/compress.go b/vendor/github.com/klauspost/compress/fse/compress.go
index dac97e58a..65d777357 100644
--- a/vendor/github.com/klauspost/compress/fse/compress.go
+++ b/vendor/github.com/klauspost/compress/fse/compress.go
@@ -199,7 +199,8 @@ func (s *Scratch) compress(src []byte) error {
 	c2.flush(s.actualTableLog)
 	c1.flush(s.actualTableLog)
 
-	return s.bw.close()
+	s.bw.close()
+	return nil
 }
 
 // writeCount will write the normalized histogram count to header.
diff --git a/vendor/github.com/klauspost/compress/huff0/bitwriter.go b/vendor/github.com/klauspost/compress/huff0/bitwriter.go
index aed2347ce..0ebc9aaac 100644
--- a/vendor/github.com/klauspost/compress/huff0/bitwriter.go
+++ b/vendor/github.com/klauspost/compress/huff0/bitwriter.go
@@ -13,14 +13,6 @@ type bitWriter struct {
 	out          []byte
 }
 
-// bitMask16 is bitmasks. Has extra to avoid bounds check.
-var bitMask16 = [32]uint16{
-	0, 1, 3, 7, 0xF, 0x1F,
-	0x3F, 0x7F, 0xFF, 0x1FF, 0x3FF, 0x7FF,
-	0xFFF, 0x1FFF, 0x3FFF, 0x7FFF, 0xFFFF, 0xFFFF,
-	0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF,
-	0xFFFF, 0xFFFF} /* up to 16 bits */
-
 // addBits16Clean will add up to 16 bits. value may not contain more set bits than indicated.
 // It will not check if there is space for them, so the caller must ensure that it has flushed recently.
 func (b *bitWriter) addBits16Clean(value uint16, bits uint8) {
@@ -102,10 +94,9 @@ func (b *bitWriter) flushAlign() {
 
 // close will write the alignment bit and write the final byte(s)
 // to the output.
-func (b *bitWriter) close() error {
+func (b *bitWriter) close() {
 	// End mark
 	b.addBits16Clean(1, 1)
 	// flush until next byte.
 	b.flushAlign()
-	return nil
 }
diff --git a/vendor/github.com/klauspost/compress/huff0/compress.go b/vendor/github.com/klauspost/compress/huff0/compress.go
index 4ee4fa18d..518436cf3 100644
--- a/vendor/github.com/klauspost/compress/huff0/compress.go
+++ b/vendor/github.com/klauspost/compress/huff0/compress.go
@@ -227,10 +227,10 @@ func EstimateSizes(in []byte, s *Scratch) (tableSz, dataSz, reuseSz int, err err
 }
 
 func (s *Scratch) compress1X(src []byte) ([]byte, error) {
-	return s.compress1xDo(s.Out, src)
+	return s.compress1xDo(s.Out, src), nil
 }
 
-func (s *Scratch) compress1xDo(dst, src []byte) ([]byte, error) {
+func (s *Scratch) compress1xDo(dst, src []byte) []byte {
 	var bw = bitWriter{out: dst}
 
 	// N is length divisible by 4.
@@ -260,8 +260,8 @@ func (s *Scratch) compress1xDo(dst, src []byte) ([]byte, error) {
 			bw.encTwoSymbols(cTable, tmp[1], tmp[0])
 		}
 	}
-	err := bw.close()
-	return bw.out, err
+	bw.close()
+	return bw.out
 }
 
 var sixZeros [6]byte
@@ -283,12 +283,8 @@ func (s *Scratch) compress4X(src []byte) ([]byte, error) {
 		}
 		src = src[len(toDo):]
 
-		var err error
 		idx := len(s.Out)
-		s.Out, err = s.compress1xDo(s.Out, toDo)
-		if err != nil {
-			return nil, err
-		}
+		s.Out = s.compress1xDo(s.Out, toDo)
 		if len(s.Out)-idx > math.MaxUint16 {
 			// We cannot store the size in the jump table
 			return nil, ErrIncompressible
@@ -315,7 +311,6 @@ func (s *Scratch) compress4Xp(src []byte) ([]byte, error) {
 
 	segmentSize := (len(src) + 3) / 4
 	var wg sync.WaitGroup
-	var errs [4]error
 	wg.Add(4)
 	for i := 0; i < 4; i++ {
 		toDo := src
@@ -326,15 +321,12 @@ func (s *Scratch) compress4Xp(src []byte) ([]byte, error) {
 
 		// Separate goroutine for each block.
 		go func(i int) {
-			s.tmpOut[i], errs[i] = s.compress1xDo(s.tmpOut[i][:0], toDo)
+			s.tmpOut[i] = s.compress1xDo(s.tmpOut[i][:0], toDo)
 			wg.Done()
 		}(i)
 	}
 	wg.Wait()
 	for i := 0; i < 4; i++ {
-		if errs[i] != nil {
-			return nil, errs[i]
-		}
 		o := s.tmpOut[i]
 		if len(o) > math.MaxUint16 {
 			// We cannot store the size in the jump table
diff --git a/vendor/github.com/klauspost/compress/huff0/decompress.go b/vendor/github.com/klauspost/compress/huff0/decompress.go
index 3c0b398c7..54bd08b25 100644
--- a/vendor/github.com/klauspost/compress/huff0/decompress.go
+++ b/vendor/github.com/klauspost/compress/huff0/decompress.go
@@ -253,7 +253,7 @@ func (d *Decoder) decompress1X8Bit(dst, src []byte) ([]byte, error) {
 
 	switch d.actualTableLog {
 	case 8:
-		const shift = 8 - 8
+		const shift = 0
 		for br.off >= 4 {
 			br.fillFast()
 			v := dt[uint8(br.value>>(56+shift))]
diff --git a/vendor/github.com/klauspost/compress/internal/snapref/encode_other.go b/vendor/github.com/klauspost/compress/internal/snapref/encode_other.go
index 05db94d39..2aa6a95a0 100644
--- a/vendor/github.com/klauspost/compress/internal/snapref/encode_other.go
+++ b/vendor/github.com/klauspost/compress/internal/snapref/encode_other.go
@@ -87,18 +87,6 @@ func emitCopy(dst []byte, offset, length int) int {
 	return i + 2
 }
 
-// extendMatch returns the largest k such that k <= len(src) and that
-// src[i:i+k-j] and src[j:k] have the same contents.
-//
-// It assumes that:
-//
-//	0 <= i && i < j && j <= len(src)
-func extendMatch(src []byte, i, j int) int {
-	for ; j < len(src) && src[i] == src[j]; i, j = i+1, j+1 {
-	}
-	return j
-}
-
 func hash(u, shift uint32) uint32 {
 	return (u * 0x1e35a7bd) >> shift
 }
diff --git a/vendor/github.com/klauspost/compress/zstd/README.md b/vendor/github.com/klauspost/compress/zstd/README.md
index 65b38abed..bdd49c8b2 100644
--- a/vendor/github.com/klauspost/compress/zstd/README.md
+++ b/vendor/github.com/klauspost/compress/zstd/README.md
@@ -304,7 +304,7 @@ import "github.com/klauspost/compress/zstd"
 
 // Create a reader that caches decompressors.
 // For this operation type we supply a nil Reader.
-var decoder, _ = zstd.NewReader(nil, WithDecoderConcurrency(0))
+var decoder, _ = zstd.NewReader(nil, zstd.WithDecoderConcurrency(0))
 
 // Decompress a buffer. We don't supply a destination buffer,
 // so it will be allocated by the decoder.
diff --git a/vendor/github.com/klauspost/compress/zstd/bitreader.go b/vendor/github.com/klauspost/compress/zstd/bitreader.go
index 97299d499..25ca98394 100644
--- a/vendor/github.com/klauspost/compress/zstd/bitreader.go
+++ b/vendor/github.com/klauspost/compress/zstd/bitreader.go
@@ -17,7 +17,6 @@ import (
 // for aligning the input.
 type bitReader struct {
 	in       []byte
-	off      uint   // next byte to read is at in[off - 1]
 	value    uint64 // Maybe use [16]byte, but shifting is awkward.
 	bitsRead uint8
 }
@@ -28,7 +27,6 @@ func (b *bitReader) init(in []byte) error {
 		return errors.New("corrupt stream: too short")
 	}
 	b.in = in
-	b.off = uint(len(in))
 	// The highest bit of the last byte indicates where to start
 	v := in[len(in)-1]
 	if v == 0 {
@@ -69,21 +67,19 @@ func (b *bitReader) fillFast() {
 	if b.bitsRead < 32 {
 		return
 	}
-	// 2 bounds checks.
-	v := b.in[b.off-4:]
-	v = v[:4]
+	v := b.in[len(b.in)-4:]
+	b.in = b.in[:len(b.in)-4]
 	low := (uint32(v[0])) | (uint32(v[1]) << 8) | (uint32(v[2]) << 16) | (uint32(v[3]) << 24)
 	b.value = (b.value << 32) | uint64(low)
 	b.bitsRead -= 32
-	b.off -= 4
 }
 
 // fillFastStart() assumes the bitreader is empty and there is at least 8 bytes to read.
 func (b *bitReader) fillFastStart() {
-	// Do single re-slice to avoid bounds checks.
-	b.value = binary.LittleEndian.Uint64(b.in[b.off-8:])
+	v := b.in[len(b.in)-8:]
+	b.in = b.in[:len(b.in)-8]
+	b.value = binary.LittleEndian.Uint64(v)
 	b.bitsRead = 0
-	b.off -= 8
 }
 
 // fill() will make sure at least 32 bits are available.
@@ -91,25 +87,25 @@ func (b *bitReader) fill() {
 	if b.bitsRead < 32 {
 		return
 	}
-	if b.off >= 4 {
-		v := b.in[b.off-4:]
-		v = v[:4]
+	if len(b.in) >= 4 {
+		v := b.in[len(b.in)-4:]
+		b.in = b.in[:len(b.in)-4]
 		low := (uint32(v[0])) | (uint32(v[1]) << 8) | (uint32(v[2]) << 16) | (uint32(v[3]) << 24)
 		b.value = (b.value << 32) | uint64(low)
 		b.bitsRead -= 32
-		b.off -= 4
 		return
 	}
-	for b.off > 0 {
-		b.value = (b.value << 8) | uint64(b.in[b.off-1])
-		b.bitsRead -= 8
-		b.off--
+
+	b.bitsRead -= uint8(8 * len(b.in))
+	for len(b.in) > 0 {
+		b.value = (b.value << 8) | uint64(b.in[len(b.in)-1])
+		b.in = b.in[:len(b.in)-1]
 	}
 }
 
 // finished returns true if all bits have been read from the bit stream.
 func (b *bitReader) finished() bool {
-	return b.off == 0 && b.bitsRead >= 64
+	return len(b.in) == 0 && b.bitsRead >= 64
 }
 
 // overread returns true if more bits have been requested than is on the stream.
@@ -119,7 +115,7 @@ func (b *bitReader) overread() bool {
 
 // remain returns the number of bits remaining.
 func (b *bitReader) remain() uint {
-	return b.off*8 + 64 - uint(b.bitsRead)
+	return 8*uint(len(b.in)) + 64 - uint(b.bitsRead)
 }
 
 // close the bitstream and returns an error if out-of-buffer reads occurred.
diff --git a/vendor/github.com/klauspost/compress/zstd/bitwriter.go b/vendor/github.com/klauspost/compress/zstd/bitwriter.go
index 78b3c61be..1952f175b 100644
--- a/vendor/github.com/klauspost/compress/zstd/bitwriter.go
+++ b/vendor/github.com/klauspost/compress/zstd/bitwriter.go
@@ -97,12 +97,11 @@ func (b *bitWriter) flushAlign() {
 
 // close will write the alignment bit and write the final byte(s)
 // to the output.
-func (b *bitWriter) close() error {
+func (b *bitWriter) close() {
 	// End mark
 	b.addBits16Clean(1, 1)
 	// flush until next byte.
 	b.flushAlign()
-	return nil
 }
 
 // reset and continue writing by appending to out.
diff --git a/vendor/github.com/klauspost/compress/zstd/blockdec.go b/vendor/github.com/klauspost/compress/zstd/blockdec.go
index 5f272d87f..9f17ce601 100644
--- a/vendor/github.com/klauspost/compress/zstd/blockdec.go
+++ b/vendor/github.com/klauspost/compress/zstd/blockdec.go
@@ -592,7 +592,7 @@ func (b *blockDec) prepareSequences(in []byte, hist *history) (err error) {
 				}
 				seq.fse.setRLE(symb)
 				if debugDecoder {
-					printf("RLE set to %+v, code: %v", symb, v)
+					printf("RLE set to 0x%x, code: %v", symb, v)
 				}
 			case compModeFSE:
 				println("Reading table for", tableIndex(i))
diff --git a/vendor/github.com/klauspost/compress/zstd/blockenc.go b/vendor/github.com/klauspost/compress/zstd/blockenc.go
index fd4a36f73..2cfe925ad 100644
--- a/vendor/github.com/klauspost/compress/zstd/blockenc.go
+++ b/vendor/github.com/klauspost/compress/zstd/blockenc.go
@@ -361,14 +361,21 @@ func (b *blockEnc) encodeLits(lits []byte, raw bool) error {
 	if len(lits) >= 1024 {
 		// Use 4 Streams.
 		out, reUsed, err = huff0.Compress4X(lits, b.litEnc)
-	} else if len(lits) > 32 {
+	} else if len(lits) > 16 {
 		// Use 1 stream
 		single = true
 		out, reUsed, err = huff0.Compress1X(lits, b.litEnc)
 	} else {
 		err = huff0.ErrIncompressible
 	}
-
+	if err == nil && len(out)+5 > len(lits) {
+		// If we are close, we may still be worse or equal to raw.
+		var lh literalsHeader
+		lh.setSizes(len(out), len(lits), single)
+		if len(out)+lh.size() >= len(lits) {
+			err = huff0.ErrIncompressible
+		}
+	}
 	switch err {
 	case huff0.ErrIncompressible:
 		if debugEncoder {
@@ -503,7 +510,7 @@ func (b *blockEnc) encode(org []byte, raw, rawAllLits bool) error {
 	if len(b.literals) >= 1024 && !raw {
 		// Use 4 Streams.
 		out, reUsed, err = huff0.Compress4X(b.literals, b.litEnc)
-	} else if len(b.literals) > 32 && !raw {
+	} else if len(b.literals) > 16 && !raw {
 		// Use 1 stream
 		single = true
 		out, reUsed, err = huff0.Compress1X(b.literals, b.litEnc)
@@ -511,6 +518,17 @@ func (b *blockEnc) encode(org []byte, raw, rawAllLits bool) error {
 		err = huff0.ErrIncompressible
 	}
 
+	if err == nil && len(out)+5 > len(b.literals) {
+		// If we are close, we may still be worse or equal to raw.
+		var lh literalsHeader
+		lh.setSize(len(b.literals))
+		szRaw := lh.size()
+		lh.setSizes(len(out), len(b.literals), single)
+		szComp := lh.size()
+		if len(out)+szComp >= len(b.literals)+szRaw {
+			err = huff0.ErrIncompressible
+		}
+	}
 	switch err {
 	case huff0.ErrIncompressible:
 		lh.setType(literalsBlockRaw)
@@ -773,10 +791,7 @@ func (b *blockEnc) encode(org []byte, raw, rawAllLits bool) error {
 	ml.flush(mlEnc.actualTableLog)
 	of.flush(ofEnc.actualTableLog)
 	ll.flush(llEnc.actualTableLog)
-	err = wr.close()
-	if err != nil {
-		return err
-	}
+	wr.close()
 	b.output = wr.out
 
 	// Maybe even add a bigger margin.
diff --git a/vendor/github.com/klauspost/compress/zstd/decoder_options.go b/vendor/github.com/klauspost/compress/zstd/decoder_options.go
index 07a90dd7a..774c5f00f 100644
--- a/vendor/github.com/klauspost/compress/zstd/decoder_options.go
+++ b/vendor/github.com/klauspost/compress/zstd/decoder_options.go
@@ -107,7 +107,7 @@ func WithDecoderDicts(dicts ...[]byte) DOption {
 	}
 }
 
-// WithEncoderDictRaw registers a dictionary that may be used by the decoder.
+// WithDecoderDictRaw registers a dictionary that may be used by the decoder.
 // The slice content can be arbitrary data.
 func WithDecoderDictRaw(id uint32, content []byte) DOption {
 	return func(o *decoderOptions) error {
diff --git a/vendor/github.com/klauspost/compress/zstd/dict.go b/vendor/github.com/klauspost/compress/zstd/dict.go
index ca0951452..8d5567fe6 100644
--- a/vendor/github.com/klauspost/compress/zstd/dict.go
+++ b/vendor/github.com/klauspost/compress/zstd/dict.go
@@ -1,10 +1,13 @@
 package zstd
 
 import (
+	"bytes"
 	"encoding/binary"
 	"errors"
 	"fmt"
 	"io"
+	"math"
+	"sort"
 
 	"github.com/klauspost/compress/huff0"
 )
@@ -14,9 +17,8 @@ type dict struct {
 
 	litEnc              *huff0.Scratch
 	llDec, ofDec, mlDec sequenceDec
-	//llEnc, ofEnc, mlEnc []*fseEncoder
-	offsets [3]int
-	content []byte
+	offsets             [3]int
+	content             []byte
 }
 
 const dictMagic = "\x37\xa4\x30\xec"
@@ -159,3 +161,374 @@ func InspectDictionary(b []byte) (interface {
 	d, err := loadDict(b)
 	return d, err
 }
+
+type BuildDictOptions struct {
+	// Dictionary ID.
+	ID uint32
+
+	// Content to use to create dictionary tables.
+	Contents [][]byte
+
+	// History to use for all blocks.
+	History []byte
+
+	// Offsets to use.
+	Offsets [3]int
+
+	// CompatV155 will make the dictionary compatible with Zstd v1.5.5 and earlier.
+	// See https://github.com/facebook/zstd/issues/3724
+	CompatV155 bool
+
+	// Use the specified encoder level.
+	// The dictionary will be built using the specified encoder level,
+	// which will reflect speed and make the dictionary tailored for that level.
+	// If not set SpeedBestCompression will be used.
+	Level EncoderLevel
+
+	// DebugOut will write stats and other details here if set.
+	DebugOut io.Writer
+}
+
+func BuildDict(o BuildDictOptions) ([]byte, error) {
+	initPredefined()
+	hist := o.History
+	contents := o.Contents
+	debug := o.DebugOut != nil
+	println := func(args ...interface{}) {
+		if o.DebugOut != nil {
+			fmt.Fprintln(o.DebugOut, args...)
+		}
+	}
+	printf := func(s string, args ...interface{}) {
+		if o.DebugOut != nil {
+			fmt.Fprintf(o.DebugOut, s, args...)
+		}
+	}
+	print := func(args ...interface{}) {
+		if o.DebugOut != nil {
+			fmt.Fprint(o.DebugOut, args...)
+		}
+	}
+
+	if int64(len(hist)) > dictMaxLength {
+		return nil, fmt.Errorf("dictionary of size %d > %d", len(hist), int64(dictMaxLength))
+	}
+	if len(hist) < 8 {
+		return nil, fmt.Errorf("dictionary of size %d < %d", len(hist), 8)
+	}
+	if len(contents) == 0 {
+		return nil, errors.New("no content provided")
+	}
+	d := dict{
+		id:      o.ID,
+		litEnc:  nil,
+		llDec:   sequenceDec{},
+		ofDec:   sequenceDec{},
+		mlDec:   sequenceDec{},
+		offsets: o.Offsets,
+		content: hist,
+	}
+	block := blockEnc{lowMem: false}
+	block.init()
+	enc := encoder(&bestFastEncoder{fastBase: fastBase{maxMatchOff: int32(maxMatchLen), bufferReset: math.MaxInt32 - int32(maxMatchLen*2), lowMem: false}})
+	if o.Level != 0 {
+		eOpts := encoderOptions{
+			level:      o.Level,
+			blockSize:  maxMatchLen,
+			windowSize: maxMatchLen,
+			dict:       &d,
+			lowMem:     false,
+		}
+		enc = eOpts.encoder()
+	} else {
+		o.Level = SpeedBestCompression
+	}
+	var (
+		remain [256]int
+		ll     [256]int
+		ml     [256]int
+		of     [256]int
+	)
+	addValues := func(dst *[256]int, src []byte) {
+		for _, v := range src {
+			dst[v]++
+		}
+	}
+	addHist := func(dst *[256]int, src *[256]uint32) {
+		for i, v := range src {
+			dst[i] += int(v)
+		}
+	}
+	seqs := 0
+	nUsed := 0
+	litTotal := 0
+	newOffsets := make(map[uint32]int, 1000)
+	for _, b := range contents {
+		block.reset(nil)
+		if len(b) < 8 {
+			continue
+		}
+		nUsed++
+		enc.Reset(&d, true)
+		enc.Encode(&block, b)
+		addValues(&remain, block.literals)
+		litTotal += len(block.literals)
+		seqs += len(block.sequences)
+		block.genCodes()
+		addHist(&ll, block.coders.llEnc.Histogram())
+		addHist(&ml, block.coders.mlEnc.Histogram())
+		addHist(&of, block.coders.ofEnc.Histogram())
+		for i, seq := range block.sequences {
+			if i > 3 {
+				break
+			}
+			offset := seq.offset
+			if offset == 0 {
+				continue
+			}
+			if offset > 3 {
+				newOffsets[offset-3]++
+			} else {
+				newOffsets[uint32(o.Offsets[offset-1])]++
+			}
+		}
+	}
+	// Find most used offsets.
+	var sortedOffsets []uint32
+	for k := range newOffsets {
+		sortedOffsets = append(sortedOffsets, k)
+	}
+	sort.Slice(sortedOffsets, func(i, j int) bool {
+		a, b := sortedOffsets[i], sortedOffsets[j]
+		if a == b {
+			// Prefer the longer offset
+			return sortedOffsets[i] > sortedOffsets[j]
+		}
+		return newOffsets[sortedOffsets[i]] > newOffsets[sortedOffsets[j]]
+	})
+	if len(sortedOffsets) > 3 {
+		if debug {
+			print("Offsets:")
+			for i, v := range sortedOffsets {
+				if i > 20 {
+					break
+				}
+				printf("[%d: %d],", v, newOffsets[v])
+			}
+			println("")
+		}
+
+		sortedOffsets = sortedOffsets[:3]
+	}
+	for i, v := range sortedOffsets {
+		o.Offsets[i] = int(v)
+	}
+	if debug {
+		println("New repeat offsets", o.Offsets)
+	}
+
+	if nUsed == 0 || seqs == 0 {
+		return nil, fmt.Errorf("%d blocks, %d sequences found", nUsed, seqs)
+	}
+	if debug {
+		println("Sequences:", seqs, "Blocks:", nUsed, "Literals:", litTotal)
+	}
+	if seqs/nUsed < 512 {
+		// Use 512 as minimum.
+		nUsed = seqs / 512
+	}
+	copyHist := func(dst *fseEncoder, src *[256]int) ([]byte, error) {
+		hist := dst.Histogram()
+		var maxSym uint8
+		var maxCount int
+		var fakeLength int
+		for i, v := range src {
+			if v > 0 {
+				v = v / nUsed
+				if v == 0 {
+					v = 1
+				}
+			}
+			if v > maxCount {
+				maxCount = v
+			}
+			if v != 0 {
+				maxSym = uint8(i)
+			}
+			fakeLength += v
+			hist[i] = uint32(v)
+		}
+		dst.HistogramFinished(maxSym, maxCount)
+		dst.reUsed = false
+		dst.useRLE = false
+		err := dst.normalizeCount(fakeLength)
+		if err != nil {
+			return nil, err
+		}
+		if debug {
+			println("RAW:", dst.count[:maxSym+1], "NORM:", dst.norm[:maxSym+1], "LEN:", fakeLength)
+		}
+		return dst.writeCount(nil)
+	}
+	if debug {
+		print("Literal lengths: ")
+	}
+	llTable, err := copyHist(block.coders.llEnc, &ll)
+	if err != nil {
+		return nil, err
+	}
+	if debug {
+		print("Match lengths: ")
+	}
+	mlTable, err := copyHist(block.coders.mlEnc, &ml)
+	if err != nil {
+		return nil, err
+	}
+	if debug {
+		print("Offsets: ")
+	}
+	ofTable, err := copyHist(block.coders.ofEnc, &of)
+	if err != nil {
+		return nil, err
+	}
+
+	// Literal table
+	avgSize := litTotal
+	if avgSize > huff0.BlockSizeMax/2 {
+		avgSize = huff0.BlockSizeMax / 2
+	}
+	huffBuff := make([]byte, 0, avgSize)
+	// Target size
+	div := litTotal / avgSize
+	if div < 1 {
+		div = 1
+	}
+	if debug {
+		println("Huffman weights:")
+	}
+	for i, n := range remain[:] {
+		if n > 0 {
+			n = n / div
+			// Allow all entries to be represented.
+			if n == 0 {
+				n = 1
+			}
+			huffBuff = append(huffBuff, bytes.Repeat([]byte{byte(i)}, n)...)
+			if debug {
+				printf("[%d: %d], ", i, n)
+			}
+		}
+	}
+	if o.CompatV155 && remain[255]/div == 0 {
+		huffBuff = append(huffBuff, 255)
+	}
+	scratch := &huff0.Scratch{TableLog: 11}
+	for tries := 0; tries < 255; tries++ {
+		scratch = &huff0.Scratch{TableLog: 11}
+		_, _, err = huff0.Compress1X(huffBuff, scratch)
+		if err == nil {
+			break
+		}
+		if debug {
+			printf("Try %d: Huffman error: %v\n", tries+1, err)
+		}
+		huffBuff = huffBuff[:0]
+		if tries == 250 {
+			if debug {
+				println("Huffman: Bailing out with predefined table")
+			}
+
+			// Bail out.... Just generate something
+			huffBuff = append(huffBuff, bytes.Repeat([]byte{255}, 10000)...)
+			for i := 0; i < 128; i++ {
+				huffBuff = append(huffBuff, byte(i))
+			}
+			continue
+		}
+		if errors.Is(err, huff0.ErrIncompressible) {
+			// Try truncating least common.
+			for i, n := range remain[:] {
+				if n > 0 {
+					n = n / (div * (i + 1))
+					if n > 0 {
+						huffBuff = append(huffBuff, bytes.Repeat([]byte{byte(i)}, n)...)
+					}
+				}
+			}
+			if o.CompatV155 && len(huffBuff) > 0 && huffBuff[len(huffBuff)-1] != 255 {
+				huffBuff = append(huffBuff, 255)
+			}
+			if len(huffBuff) == 0 {
+				huffBuff = append(huffBuff, 0, 255)
+			}
+		}
+		if errors.Is(err, huff0.ErrUseRLE) {
+			for i, n := range remain[:] {
+				n = n / (div * (i + 1))
+				// Allow all entries to be represented.
+				if n == 0 {
+					n = 1
+				}
+				huffBuff = append(huffBuff, bytes.Repeat([]byte{byte(i)}, n)...)
+			}
+		}
+	}
+
+	var out bytes.Buffer
+	out.Write([]byte(dictMagic))
+	out.Write(binary.LittleEndian.AppendUint32(nil, o.ID))
+	out.Write(scratch.OutTable)
+	if debug {
+		println("huff table:", len(scratch.OutTable), "bytes")
+		println("of table:", len(ofTable), "bytes")
+		println("ml table:", len(mlTable), "bytes")
+		println("ll table:", len(llTable), "bytes")
+	}
+	out.Write(ofTable)
+	out.Write(mlTable)
+	out.Write(llTable)
+	out.Write(binary.LittleEndian.AppendUint32(nil, uint32(o.Offsets[0])))
+	out.Write(binary.LittleEndian.AppendUint32(nil, uint32(o.Offsets[1])))
+	out.Write(binary.LittleEndian.AppendUint32(nil, uint32(o.Offsets[2])))
+	out.Write(hist)
+	if debug {
+		_, err := loadDict(out.Bytes())
+		if err != nil {
+			panic(err)
+		}
+		i, err := InspectDictionary(out.Bytes())
+		if err != nil {
+			panic(err)
+		}
+		println("ID:", i.ID())
+		println("Content size:", i.ContentSize())
+		println("Encoder:", i.LitEncoder() != nil)
+		println("Offsets:", i.Offsets())
+		var totalSize int
+		for _, b := range contents {
+			totalSize += len(b)
+		}
+
+		encWith := func(opts ...EOption) int {
+			enc, err := NewWriter(nil, opts...)
+			if err != nil {
+				panic(err)
+			}
+			defer enc.Close()
+			var dst []byte
+			var totalSize int
+			for _, b := range contents {
+				dst = enc.EncodeAll(b, dst[:0])
+				totalSize += len(dst)
+			}
+			return totalSize
+		}
+		plain := encWith(WithEncoderLevel(o.Level))
+		withDict := encWith(WithEncoderLevel(o.Level), WithEncoderDict(out.Bytes()))
+		println("Input size:", totalSize)
+		println("Plain Compressed:", plain)
+		println("Dict Compressed:", withDict)
+		println("Saved:", plain-withDict, (plain-withDict)/len(contents), "bytes per input (rounded down)")
+	}
+	return out.Bytes(), nil
+}
diff --git a/vendor/github.com/klauspost/compress/zstd/enc_base.go b/vendor/github.com/klauspost/compress/zstd/enc_base.go
index e008b9929..5ca46038a 100644
--- a/vendor/github.com/klauspost/compress/zstd/enc_base.go
+++ b/vendor/github.com/klauspost/compress/zstd/enc_base.go
@@ -144,6 +144,7 @@ func (e *fastBase) resetBase(d *dict, singleBlock bool) {
 	} else {
 		e.crc.Reset()
 	}
+	e.blk.dictLitEnc = nil
 	if d != nil {
 		low := e.lowMem
 		if singleBlock {
diff --git a/vendor/github.com/klauspost/compress/zstd/enc_best.go b/vendor/github.com/klauspost/compress/zstd/enc_best.go
index 9819d4145..858f8f43a 100644
--- a/vendor/github.com/klauspost/compress/zstd/enc_best.go
+++ b/vendor/github.com/klauspost/compress/zstd/enc_best.go
@@ -197,12 +197,13 @@ encodeLoop:
 
 		// Set m to a match at offset if it looks like that will improve compression.
 		improve := func(m *match, offset int32, s int32, first uint32, rep int32) {
-			if s-offset >= e.maxMatchOff || load3232(src, offset) != first {
+			delta := s - offset
+			if delta >= e.maxMatchOff || delta <= 0 || load3232(src, offset) != first {
 				return
 			}
 			if debugAsserts {
-				if offset <= 0 {
-					panic(offset)
+				if offset >= s {
+					panic(fmt.Sprintf("offset: %d - s:%d - rep: %d - cur :%d - max: %d", offset, s, rep, e.cur, e.maxMatchOff))
 				}
 				if !bytes.Equal(src[s:s+4], src[offset:offset+4]) {
 					panic(fmt.Sprintf("first match mismatch: %v != %v, first: %08x", src[s:s+4], src[offset:offset+4], first))
@@ -343,8 +344,8 @@ encodeLoop:
 		if best.rep > 0 {
 			var seq seq
 			seq.matchLen = uint32(best.length - zstdMinMatch)
-			if debugAsserts && s <= nextEmit {
-				panic("s <= nextEmit")
+			if debugAsserts && s < nextEmit {
+				panic("s < nextEmit")
 			}
 			addLiterals(&seq, best.s)
 
diff --git a/vendor/github.com/klauspost/compress/zstd/enc_dfast.go b/vendor/github.com/klauspost/compress/zstd/enc_dfast.go
index 7d425109a..a154c18f7 100644
--- a/vendor/github.com/klauspost/compress/zstd/enc_dfast.go
+++ b/vendor/github.com/klauspost/compress/zstd/enc_dfast.go
@@ -1084,7 +1084,7 @@ func (e *doubleFastEncoderDict) Reset(d *dict, singleBlock bool) {
 			}
 		}
 		e.lastDictID = d.id
-		e.allDirty = true
+		allDirty = true
 	}
 	// Reset table to initial state
 	e.cur = e.maxMatchOff
diff --git a/vendor/github.com/klauspost/compress/zstd/enc_fast.go b/vendor/github.com/klauspost/compress/zstd/enc_fast.go
index 315b1a8f2..f45a3da7d 100644
--- a/vendor/github.com/klauspost/compress/zstd/enc_fast.go
+++ b/vendor/github.com/klauspost/compress/zstd/enc_fast.go
@@ -133,8 +133,7 @@ encodeLoop:
 			if canRepeat && repIndex >= 0 && load3232(src, repIndex) == uint32(cv>>16) {
 				// Consider history as well.
 				var seq seq
-				var length int32
-				length = 4 + e.matchlen(s+6, repIndex+4, src)
+				length := 4 + e.matchlen(s+6, repIndex+4, src)
 				seq.matchLen = uint32(length - zstdMinMatch)
 
 				// We might be able to match backwards.
@@ -645,8 +644,7 @@ encodeLoop:
 			if canRepeat && repIndex >= 0 && load3232(src, repIndex) == uint32(cv>>16) {
 				// Consider history as well.
 				var seq seq
-				var length int32
-				length = 4 + e.matchlen(s+6, repIndex+4, src)
+				length := 4 + e.matchlen(s+6, repIndex+4, src)
 
 				seq.matchLen = uint32(length - zstdMinMatch)
 
@@ -831,13 +829,12 @@ func (e *fastEncoderDict) Reset(d *dict, singleBlock bool) {
 		}
 		if true {
 			end := e.maxMatchOff + int32(len(d.content)) - 8
-			for i := e.maxMatchOff; i < end; i += 3 {
+			for i := e.maxMatchOff; i < end; i += 2 {
 				const hashLog = tableBits
 
 				cv := load6432(d.content, i-e.maxMatchOff)
-				nextHash := hashLen(cv, hashLog, tableFastHashLen)      // 0 -> 5
-				nextHash1 := hashLen(cv>>8, hashLog, tableFastHashLen)  // 1 -> 6
-				nextHash2 := hashLen(cv>>16, hashLog, tableFastHashLen) // 2 -> 7
+				nextHash := hashLen(cv, hashLog, tableFastHashLen)     // 0 -> 6
+				nextHash1 := hashLen(cv>>8, hashLog, tableFastHashLen) // 1 -> 7
 				e.dictTable[nextHash] = tableEntry{
 					val:    uint32(cv),
 					offset: i,
@@ -846,10 +843,6 @@ func (e *fastEncoderDict) Reset(d *dict, singleBlock bool) {
 					val:    uint32(cv >> 8),
 					offset: i + 1,
 				}
-				e.dictTable[nextHash2] = tableEntry{
-					val:    uint32(cv >> 16),
-					offset: i + 2,
-				}
 			}
 		}
 		e.lastDictID = d.id
diff --git a/vendor/github.com/klauspost/compress/zstd/encoder.go b/vendor/github.com/klauspost/compress/zstd/encoder.go
index 4de0aed0d..72af7ef0f 100644
--- a/vendor/github.com/klauspost/compress/zstd/encoder.go
+++ b/vendor/github.com/klauspost/compress/zstd/encoder.go
@@ -227,10 +227,7 @@ func (e *Encoder) nextBlock(final bool) error {
 			DictID:        e.o.dict.ID(),
 		}
 
-		dst, err := fh.appendTo(tmp[:0])
-		if err != nil {
-			return err
-		}
+		dst := fh.appendTo(tmp[:0])
 		s.headerWritten = true
 		s.wWg.Wait()
 		var n2 int
@@ -483,7 +480,7 @@ func (e *Encoder) EncodeAll(src, dst []byte) []byte {
 				Checksum: false,
 				DictID:   0,
 			}
-			dst, _ = fh.appendTo(dst)
+			dst = fh.appendTo(dst)
 
 			// Write raw block as last one only.
 			var blk blockHeader
@@ -518,10 +515,7 @@ func (e *Encoder) EncodeAll(src, dst []byte) []byte {
 	if len(dst) == 0 && cap(dst) == 0 && len(src) < 1<<20 && !e.o.lowMem {
 		dst = make([]byte, 0, len(src))
 	}
-	dst, err := fh.appendTo(dst)
-	if err != nil {
-		panic(err)
-	}
+	dst = fh.appendTo(dst)
 
 	// If we can do everything in one block, prefer that.
 	if len(src) <= e.o.blockSize {
@@ -581,6 +575,7 @@ func (e *Encoder) EncodeAll(src, dst []byte) []byte {
 	// Add padding with content from crypto/rand.Reader
 	if e.o.pad > 0 {
 		add := calcSkippableFrame(int64(len(dst)), int64(e.o.pad))
+		var err error
 		dst, err = skippableFrame(dst, add, rand.Reader)
 		if err != nil {
 			panic(err)
diff --git a/vendor/github.com/klauspost/compress/zstd/encoder_options.go b/vendor/github.com/klauspost/compress/zstd/encoder_options.go
index 50f70533b..faaf81921 100644
--- a/vendor/github.com/klauspost/compress/zstd/encoder_options.go
+++ b/vendor/github.com/klauspost/compress/zstd/encoder_options.go
@@ -129,7 +129,7 @@ func WithEncoderPadding(n int) EOption {
 		}
 		// No need to waste our time.
 		if n == 1 {
-			o.pad = 0
+			n = 0
 		}
 		if n > 1<<30 {
 			return fmt.Errorf("padding must less than 1GB (1<<30 bytes) ")
diff --git a/vendor/github.com/klauspost/compress/zstd/framedec.go b/vendor/github.com/klauspost/compress/zstd/framedec.go
index cc0aa2274..53e160f7e 100644
--- a/vendor/github.com/klauspost/compress/zstd/framedec.go
+++ b/vendor/github.com/klauspost/compress/zstd/framedec.go
@@ -73,20 +73,20 @@ func (d *frameDec) reset(br byteBuffer) error {
 		switch err {
 		case io.EOF, io.ErrUnexpectedEOF:
 			return io.EOF
-		default:
-			return err
 		case nil:
 			signature[0] = b[0]
+		default:
+			return err
 		}
 		// Read the rest, don't allow io.ErrUnexpectedEOF
 		b, err = br.readSmall(3)
 		switch err {
 		case io.EOF:
 			return io.EOF
-		default:
-			return err
 		case nil:
 			copy(signature[1:], b)
+		default:
+			return err
 		}
 
 		if string(signature[1:4]) != skippableFrameMagic || signature[0]&0xf0 != 0x50 {
diff --git a/vendor/github.com/klauspost/compress/zstd/frameenc.go b/vendor/github.com/klauspost/compress/zstd/frameenc.go
index 4ef7f5a3e..2f5d5ed45 100644
--- a/vendor/github.com/klauspost/compress/zstd/frameenc.go
+++ b/vendor/github.com/klauspost/compress/zstd/frameenc.go
@@ -22,7 +22,7 @@ type frameHeader struct {
 
 const maxHeaderSize = 14
 
-func (f frameHeader) appendTo(dst []byte) ([]byte, error) {
+func (f frameHeader) appendTo(dst []byte) []byte {
 	dst = append(dst, frameMagic...)
 	var fhd uint8
 	if f.Checksum {
@@ -88,7 +88,7 @@ func (f frameHeader) appendTo(dst []byte) ([]byte, error) {
 	default:
 		panic("invalid fcs")
 	}
-	return dst, nil
+	return dst
 }
 
 const skippableFrameHeader = 4 + 4
diff --git a/vendor/github.com/klauspost/compress/zstd/matchlen_amd64.go b/vendor/github.com/klauspost/compress/zstd/matchlen_amd64.go
new file mode 100644
index 000000000..f41932b7a
--- /dev/null
+++ b/vendor/github.com/klauspost/compress/zstd/matchlen_amd64.go
@@ -0,0 +1,16 @@
+//go:build amd64 && !appengine && !noasm && gc
+// +build amd64,!appengine,!noasm,gc
+
+// Copyright 2019+ Klaus Post. All rights reserved.
+// License information can be found in the LICENSE file.
+
+package zstd
+
+// matchLen returns how many bytes match in a and b
+//
+// It assumes that:
+//
+//	len(a) <= len(b) and len(a) > 0
+//
+//go:noescape
+func matchLen(a []byte, b []byte) int
diff --git a/vendor/github.com/klauspost/compress/zstd/matchlen_amd64.s b/vendor/github.com/klauspost/compress/zstd/matchlen_amd64.s
new file mode 100644
index 000000000..9a7655c0f
--- /dev/null
+++ b/vendor/github.com/klauspost/compress/zstd/matchlen_amd64.s
@@ -0,0 +1,68 @@
+// Copied from S2 implementation.
+
+//go:build !appengine && !noasm && gc && !noasm
+
+#include "textflag.h"
+
+// func matchLen(a []byte, b []byte) int
+// Requires: BMI
+TEXT ·matchLen(SB), NOSPLIT, $0-56
+	MOVQ a_base+0(FP), AX
+	MOVQ b_base+24(FP), CX
+	MOVQ a_len+8(FP), DX
+
+	// matchLen
+	XORL SI, SI
+	CMPL DX, $0x08
+	JB   matchlen_match4_standalone
+
+matchlen_loopback_standalone:
+	MOVQ  (AX)(SI*1), BX
+	XORQ  (CX)(SI*1), BX
+	TESTQ BX, BX
+	JZ    matchlen_loop_standalone
+
+#ifdef GOAMD64_v3
+	TZCNTQ BX, BX
+#else
+	BSFQ BX, BX
+#endif
+	SARQ $0x03, BX
+	LEAL (SI)(BX*1), SI
+	JMP  gen_match_len_end
+
+matchlen_loop_standalone:
+	LEAL -8(DX), DX
+	LEAL 8(SI), SI
+	CMPL DX, $0x08
+	JAE  matchlen_loopback_standalone
+
+matchlen_match4_standalone:
+	CMPL DX, $0x04
+	JB   matchlen_match2_standalone
+	MOVL (AX)(SI*1), BX
+	CMPL (CX)(SI*1), BX
+	JNE  matchlen_match2_standalone
+	LEAL -4(DX), DX
+	LEAL 4(SI), SI
+
+matchlen_match2_standalone:
+	CMPL DX, $0x02
+	JB   matchlen_match1_standalone
+	MOVW (AX)(SI*1), BX
+	CMPW (CX)(SI*1), BX
+	JNE  matchlen_match1_standalone
+	LEAL -2(DX), DX
+	LEAL 2(SI), SI
+
+matchlen_match1_standalone:
+	CMPL DX, $0x01
+	JB   gen_match_len_end
+	MOVB (AX)(SI*1), BL
+	CMPB (CX)(SI*1), BL
+	JNE  gen_match_len_end
+	INCL SI
+
+gen_match_len_end:
+	MOVQ SI, ret+48(FP)
+	RET
diff --git a/vendor/github.com/klauspost/compress/zstd/matchlen_generic.go b/vendor/github.com/klauspost/compress/zstd/matchlen_generic.go
new file mode 100644
index 000000000..57b9c31c0
--- /dev/null
+++ b/vendor/github.com/klauspost/compress/zstd/matchlen_generic.go
@@ -0,0 +1,33 @@
+//go:build !amd64 || appengine || !gc || noasm
+// +build !amd64 appengine !gc noasm
+
+// Copyright 2019+ Klaus Post. All rights reserved.
+// License information can be found in the LICENSE file.
+
+package zstd
+
+import (
+	"encoding/binary"
+	"math/bits"
+)
+
+// matchLen returns the maximum common prefix length of a and b.
+// a must be the shortest of the two.
+func matchLen(a, b []byte) (n int) {
+	for ; len(a) >= 8 && len(b) >= 8; a, b = a[8:], b[8:] {
+		diff := binary.LittleEndian.Uint64(a) ^ binary.LittleEndian.Uint64(b)
+		if diff != 0 {
+			return n + bits.TrailingZeros64(diff)>>3
+		}
+		n += 8
+	}
+
+	for i := range a {
+		if a[i] != b[i] {
+			break
+		}
+		n++
+	}
+	return n
+
+}
diff --git a/vendor/github.com/klauspost/compress/zstd/seqdec.go b/vendor/github.com/klauspost/compress/zstd/seqdec.go
index 9405fcf10..d7fe6d82d 100644
--- a/vendor/github.com/klauspost/compress/zstd/seqdec.go
+++ b/vendor/github.com/klauspost/compress/zstd/seqdec.go
@@ -245,7 +245,7 @@ func (s *sequenceDecs) decodeSync(hist []byte) error {
 			return io.ErrUnexpectedEOF
 		}
 		var ll, mo, ml int
-		if br.off > 4+((maxOffsetBits+16+16)>>3) {
+		if len(br.in) > 4+((maxOffsetBits+16+16)>>3) {
 			// inlined function:
 			// ll, mo, ml = s.nextFast(br, llState, mlState, ofState)
 
@@ -452,18 +452,13 @@ func (s *sequenceDecs) next(br *bitReader, llState, mlState, ofState decSymbol)
 
 	// extra bits are stored in reverse order.
 	br.fill()
-	if s.maxBits <= 32 {
-		mo += br.getBits(moB)
-		ml += br.getBits(mlB)
-		ll += br.getBits(llB)
-	} else {
-		mo += br.getBits(moB)
+	mo += br.getBits(moB)
+	if s.maxBits > 32 {
 		br.fill()
-		// matchlength+literal length, max 32 bits
-		ml += br.getBits(mlB)
-		ll += br.getBits(llB)
-
 	}
+	// matchlength+literal length, max 32 bits
+	ml += br.getBits(mlB)
+	ll += br.getBits(llB)
 	mo = s.adjustOffset(mo, ll, moB)
 	return
 }
diff --git a/vendor/github.com/klauspost/compress/zstd/seqdec_amd64.s b/vendor/github.com/klauspost/compress/zstd/seqdec_amd64.s
index b6f4ba6fc..974b99725 100644
--- a/vendor/github.com/klauspost/compress/zstd/seqdec_amd64.s
+++ b/vendor/github.com/klauspost/compress/zstd/seqdec_amd64.s
@@ -5,11 +5,11 @@
 // func sequenceDecs_decode_amd64(s *sequenceDecs, br *bitReader, ctx *decodeAsmContext) int
 // Requires: CMOV
 TEXT ·sequenceDecs_decode_amd64(SB), $8-32
-	MOVQ    br+8(FP), AX
-	MOVQ    32(AX), DX
-	MOVBQZX 40(AX), BX
-	MOVQ    24(AX), SI
-	MOVQ    (AX), AX
+	MOVQ    br+8(FP), CX
+	MOVQ    24(CX), DX
+	MOVBQZX 32(CX), BX
+	MOVQ    (CX), AX
+	MOVQ    8(CX), SI
 	ADDQ    SI, AX
 	MOVQ    AX, (SP)
 	MOVQ    ctx+16(FP), AX
@@ -301,9 +301,9 @@ sequenceDecs_decode_amd64_match_len_ofs_ok:
 	MOVQ R12, 152(AX)
 	MOVQ R13, 160(AX)
 	MOVQ br+8(FP), AX
-	MOVQ DX, 32(AX)
-	MOVB BL, 40(AX)
-	MOVQ SI, 24(AX)
+	MOVQ DX, 24(AX)
+	MOVB BL, 32(AX)
+	MOVQ SI, 8(AX)
 
 	// Return success
 	MOVQ $0x00000000, ret+24(FP)
@@ -336,11 +336,11 @@ error_overread:
 // func sequenceDecs_decode_56_amd64(s *sequenceDecs, br *bitReader, ctx *decodeAsmContext) int
 // Requires: CMOV
 TEXT ·sequenceDecs_decode_56_amd64(SB), $8-32
-	MOVQ    br+8(FP), AX
-	MOVQ    32(AX), DX
-	MOVBQZX 40(AX), BX
-	MOVQ    24(AX), SI
-	MOVQ    (AX), AX
+	MOVQ    br+8(FP), CX
+	MOVQ    24(CX), DX
+	MOVBQZX 32(CX), BX
+	MOVQ    (CX), AX
+	MOVQ    8(CX), SI
 	ADDQ    SI, AX
 	MOVQ    AX, (SP)
 	MOVQ    ctx+16(FP), AX
@@ -603,9 +603,9 @@ sequenceDecs_decode_56_amd64_match_len_ofs_ok:
 	MOVQ R12, 152(AX)
 	MOVQ R13, 160(AX)
 	MOVQ br+8(FP), AX
-	MOVQ DX, 32(AX)
-	MOVB BL, 40(AX)
-	MOVQ SI, 24(AX)
+	MOVQ DX, 24(AX)
+	MOVB BL, 32(AX)
+	MOVQ SI, 8(AX)
 
 	// Return success
 	MOVQ $0x00000000, ret+24(FP)
@@ -638,11 +638,11 @@ error_overread:
 // func sequenceDecs_decode_bmi2(s *sequenceDecs, br *bitReader, ctx *decodeAsmContext) int
 // Requires: BMI, BMI2, CMOV
 TEXT ·sequenceDecs_decode_bmi2(SB), $8-32
-	MOVQ    br+8(FP), CX
-	MOVQ    32(CX), AX
-	MOVBQZX 40(CX), DX
-	MOVQ    24(CX), BX
-	MOVQ    (CX), CX
+	MOVQ    br+8(FP), BX
+	MOVQ    24(BX), AX
+	MOVBQZX 32(BX), DX
+	MOVQ    (BX), CX
+	MOVQ    8(BX), BX
 	ADDQ    BX, CX
 	MOVQ    CX, (SP)
 	MOVQ    ctx+16(FP), CX
@@ -892,9 +892,9 @@ sequenceDecs_decode_bmi2_match_len_ofs_ok:
 	MOVQ R11, 152(CX)
 	MOVQ R12, 160(CX)
 	MOVQ br+8(FP), CX
-	MOVQ AX, 32(CX)
-	MOVB DL, 40(CX)
-	MOVQ BX, 24(CX)
+	MOVQ AX, 24(CX)
+	MOVB DL, 32(CX)
+	MOVQ BX, 8(CX)
 
 	// Return success
 	MOVQ $0x00000000, ret+24(FP)
@@ -927,11 +927,11 @@ error_overread:
 // func sequenceDecs_decode_56_bmi2(s *sequenceDecs, br *bitReader, ctx *decodeAsmContext) int
 // Requires: BMI, BMI2, CMOV
 TEXT ·sequenceDecs_decode_56_bmi2(SB), $8-32
-	MOVQ    br+8(FP), CX
-	MOVQ    32(CX), AX
-	MOVBQZX 40(CX), DX
-	MOVQ    24(CX), BX
-	MOVQ    (CX), CX
+	MOVQ    br+8(FP), BX
+	MOVQ    24(BX), AX
+	MOVBQZX 32(BX), DX
+	MOVQ    (BX), CX
+	MOVQ    8(BX), BX
 	ADDQ    BX, CX
 	MOVQ    CX, (SP)
 	MOVQ    ctx+16(FP), CX
@@ -1152,9 +1152,9 @@ sequenceDecs_decode_56_bmi2_match_len_ofs_ok:
 	MOVQ R11, 152(CX)
 	MOVQ R12, 160(CX)
 	MOVQ br+8(FP), CX
-	MOVQ AX, 32(CX)
-	MOVB DL, 40(CX)
-	MOVQ BX, 24(CX)
+	MOVQ AX, 24(CX)
+	MOVB DL, 32(CX)
+	MOVQ BX, 8(CX)
 
 	// Return success
 	MOVQ $0x00000000, ret+24(FP)
@@ -1797,11 +1797,11 @@ empty_seqs:
 // func sequenceDecs_decodeSync_amd64(s *sequenceDecs, br *bitReader, ctx *decodeSyncAsmContext) int
 // Requires: CMOV, SSE
 TEXT ·sequenceDecs_decodeSync_amd64(SB), $64-32
-	MOVQ    br+8(FP), AX
-	MOVQ    32(AX), DX
-	MOVBQZX 40(AX), BX
-	MOVQ    24(AX), SI
-	MOVQ    (AX), AX
+	MOVQ    br+8(FP), CX
+	MOVQ    24(CX), DX
+	MOVBQZX 32(CX), BX
+	MOVQ    (CX), AX
+	MOVQ    8(CX), SI
 	ADDQ    SI, AX
 	MOVQ    AX, (SP)
 	MOVQ    ctx+16(FP), AX
@@ -2295,9 +2295,9 @@ handle_loop:
 
 loop_finished:
 	MOVQ br+8(FP), AX
-	MOVQ DX, 32(AX)
-	MOVB BL, 40(AX)
-	MOVQ SI, 24(AX)
+	MOVQ DX, 24(AX)
+	MOVB BL, 32(AX)
+	MOVQ SI, 8(AX)
 
 	// Update the context
 	MOVQ ctx+16(FP), AX
@@ -2362,11 +2362,11 @@ error_not_enough_space:
 // func sequenceDecs_decodeSync_bmi2(s *sequenceDecs, br *bitReader, ctx *decodeSyncAsmContext) int
 // Requires: BMI, BMI2, CMOV, SSE
 TEXT ·sequenceDecs_decodeSync_bmi2(SB), $64-32
-	MOVQ    br+8(FP), CX
-	MOVQ    32(CX), AX
-	MOVBQZX 40(CX), DX
-	MOVQ    24(CX), BX
-	MOVQ    (CX), CX
+	MOVQ    br+8(FP), BX
+	MOVQ    24(BX), AX
+	MOVBQZX 32(BX), DX
+	MOVQ    (BX), CX
+	MOVQ    8(BX), BX
 	ADDQ    BX, CX
 	MOVQ    CX, (SP)
 	MOVQ    ctx+16(FP), CX
@@ -2818,9 +2818,9 @@ handle_loop:
 
 loop_finished:
 	MOVQ br+8(FP), CX
-	MOVQ AX, 32(CX)
-	MOVB DL, 40(CX)
-	MOVQ BX, 24(CX)
+	MOVQ AX, 24(CX)
+	MOVB DL, 32(CX)
+	MOVQ BX, 8(CX)
 
 	// Update the context
 	MOVQ ctx+16(FP), AX
@@ -2885,11 +2885,11 @@ error_not_enough_space:
 // func sequenceDecs_decodeSync_safe_amd64(s *sequenceDecs, br *bitReader, ctx *decodeSyncAsmContext) int
 // Requires: CMOV, SSE
 TEXT ·sequenceDecs_decodeSync_safe_amd64(SB), $64-32
-	MOVQ    br+8(FP), AX
-	MOVQ    32(AX), DX
-	MOVBQZX 40(AX), BX
-	MOVQ    24(AX), SI
-	MOVQ    (AX), AX
+	MOVQ    br+8(FP), CX
+	MOVQ    24(CX), DX
+	MOVBQZX 32(CX), BX
+	MOVQ    (CX), AX
+	MOVQ    8(CX), SI
 	ADDQ    SI, AX
 	MOVQ    AX, (SP)
 	MOVQ    ctx+16(FP), AX
@@ -3485,9 +3485,9 @@ handle_loop:
 
 loop_finished:
 	MOVQ br+8(FP), AX
-	MOVQ DX, 32(AX)
-	MOVB BL, 40(AX)
-	MOVQ SI, 24(AX)
+	MOVQ DX, 24(AX)
+	MOVB BL, 32(AX)
+	MOVQ SI, 8(AX)
 
 	// Update the context
 	MOVQ ctx+16(FP), AX
@@ -3552,11 +3552,11 @@ error_not_enough_space:
 // func sequenceDecs_decodeSync_safe_bmi2(s *sequenceDecs, br *bitReader, ctx *decodeSyncAsmContext) int
 // Requires: BMI, BMI2, CMOV, SSE
 TEXT ·sequenceDecs_decodeSync_safe_bmi2(SB), $64-32
-	MOVQ    br+8(FP), CX
-	MOVQ    32(CX), AX
-	MOVBQZX 40(CX), DX
-	MOVQ    24(CX), BX
-	MOVQ    (CX), CX
+	MOVQ    br+8(FP), BX
+	MOVQ    24(BX), AX
+	MOVBQZX 32(BX), DX
+	MOVQ    (BX), CX
+	MOVQ    8(BX), BX
 	ADDQ    BX, CX
 	MOVQ    CX, (SP)
 	MOVQ    ctx+16(FP), CX
@@ -4110,9 +4110,9 @@ handle_loop:
 
 loop_finished:
 	MOVQ br+8(FP), CX
-	MOVQ AX, 32(CX)
-	MOVB DL, 40(CX)
-	MOVQ BX, 24(CX)
+	MOVQ AX, 24(CX)
+	MOVB DL, 32(CX)
+	MOVQ BX, 8(CX)
 
 	// Update the context
 	MOVQ ctx+16(FP), AX
diff --git a/vendor/github.com/klauspost/compress/zstd/seqdec_generic.go b/vendor/github.com/klauspost/compress/zstd/seqdec_generic.go
index ac2a80d29..2fb35b788 100644
--- a/vendor/github.com/klauspost/compress/zstd/seqdec_generic.go
+++ b/vendor/github.com/klauspost/compress/zstd/seqdec_generic.go
@@ -29,7 +29,7 @@ func (s *sequenceDecs) decode(seqs []seqVals) error {
 	}
 	for i := range seqs {
 		var ll, mo, ml int
-		if br.off > 4+((maxOffsetBits+16+16)>>3) {
+		if len(br.in) > 4+((maxOffsetBits+16+16)>>3) {
 			// inlined function:
 			// ll, mo, ml = s.nextFast(br, llState, mlState, ofState)
 
diff --git a/vendor/github.com/klauspost/compress/zstd/snappy.go b/vendor/github.com/klauspost/compress/zstd/snappy.go
index 9e1baad73..ec13594e8 100644
--- a/vendor/github.com/klauspost/compress/zstd/snappy.go
+++ b/vendor/github.com/klauspost/compress/zstd/snappy.go
@@ -95,10 +95,9 @@ func (r *SnappyConverter) Convert(in io.Reader, w io.Writer) (int64, error) {
 	var written int64
 	var readHeader bool
 	{
-		var header []byte
-		var n int
-		header, r.err = frameHeader{WindowSize: snappyMaxBlockSize}.appendTo(r.buf[:0])
+		header := frameHeader{WindowSize: snappyMaxBlockSize}.appendTo(r.buf[:0])
 
+		var n int
 		n, r.err = w.Write(header)
 		if r.err != nil {
 			return written, r.err
diff --git a/vendor/github.com/klauspost/compress/zstd/zstd.go b/vendor/github.com/klauspost/compress/zstd/zstd.go
index 89396673d..4be7cc736 100644
--- a/vendor/github.com/klauspost/compress/zstd/zstd.go
+++ b/vendor/github.com/klauspost/compress/zstd/zstd.go
@@ -9,7 +9,6 @@ import (
 	"errors"
 	"log"
 	"math"
-	"math/bits"
 )
 
 // enable debug printing
@@ -106,27 +105,6 @@ func printf(format string, a ...interface{}) {
 	}
 }
 
-// matchLen returns the maximum common prefix length of a and b.
-// a must be the shortest of the two.
-func matchLen(a, b []byte) (n int) {
-	for ; len(a) >= 8 && len(b) >= 8; a, b = a[8:], b[8:] {
-		diff := binary.LittleEndian.Uint64(a) ^ binary.LittleEndian.Uint64(b)
-		if diff != 0 {
-			return n + bits.TrailingZeros64(diff)>>3
-		}
-		n += 8
-	}
-
-	for i := range a {
-		if a[i] != b[i] {
-			break
-		}
-		n++
-	}
-	return n
-
-}
-
 func load3232(b []byte, i int32) uint32 {
 	return binary.LittleEndian.Uint32(b[:len(b):len(b)][i:])
 }
diff --git a/vendor/github.com/klauspost/pgzip/.travis.yml b/vendor/github.com/klauspost/pgzip/.travis.yml
index acfec4bb0..34704000e 100644
--- a/vendor/github.com/klauspost/pgzip/.travis.yml
+++ b/vendor/github.com/klauspost/pgzip/.travis.yml
@@ -1,3 +1,7 @@
+
+arch:
+  - amd64
+  - ppc64le
 language: go
 
 os:
diff --git a/vendor/github.com/klauspost/pgzip/LICENSE b/vendor/github.com/klauspost/pgzip/LICENSE
index 3909da410..2bdc0d751 100644
--- a/vendor/github.com/klauspost/pgzip/LICENSE
+++ b/vendor/github.com/klauspost/pgzip/LICENSE
@@ -1,4 +1,4 @@
-MIT License
+The MIT License (MIT)
 
 Copyright (c) 2014 Klaus Post
 
@@ -19,3 +19,4 @@ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 SOFTWARE.
+
diff --git a/vendor/github.com/klauspost/pgzip/README.md b/vendor/github.com/klauspost/pgzip/README.md
index 171b978fd..ecc8726fa 100644
--- a/vendor/github.com/klauspost/pgzip/README.md
+++ b/vendor/github.com/klauspost/pgzip/README.md
@@ -104,13 +104,12 @@ Content is [Matt Mahoneys 10GB corpus](http://mattmahoney.net/dc/10gb.html). Com
 
 Compressor  | MB/sec   | speedup | size | size overhead (lower=better)
 ------------|----------|---------|------|---------
-[gzip](http://golang.org/pkg/compress/gzip) (golang) | 15.44MB/s (1 thread) | 1.0x | 4781329307 | 0%
-[gzip](http://github.com/klauspost/compress/gzip) (klauspost) | 135.04MB/s (1 thread) | 8.74x | 4894858258 | +2.37%
-[pgzip](https://github.com/klauspost/pgzip) (klauspost) | 1573.23MB/s| 101.9x | 4902285651 | +2.53%
-[bgzf](https://godoc.org/github.com/biogo/hts/bgzf) (biogo) | 361.40MB/s | 23.4x | 4869686090 | +1.85%
-[pargzip](https://godoc.org/github.com/golang/build/pargzip) (builder) | 306.01MB/s | 19.8x | 4786890417 | +0.12%
+[gzip](http://golang.org/pkg/compress/gzip) (golang) | 16.91MB/s (1 thread) | 1.0x | 4781329307 | 0%
+[gzip](http://github.com/klauspost/compress/gzip) (klauspost) | 127.10MB/s (1 thread) | 7.52x | 4885366806 | +2.17%
+[pgzip](https://github.com/klauspost/pgzip) (klauspost) | 2085.35MB/s|  123.34x | 4886132566 | +2.19%
+[pargzip](https://godoc.org/github.com/golang/build/pargzip) (builder) | 334.04MB/s | 19.76x | 4786890417 | +0.12%
 
-pgzip also contains a [linear time compression](https://github.com/klauspost/compress#linear-time-compression-huffman-only) mode, that will allow compression at ~250MB per core per second, independent of the content.
+pgzip also contains a [huffman only compression](https://github.com/klauspost/compress#linear-time-compression-huffman-only) mode, that will allow compression at ~450MB per core per second, largely independent of the content.
 
 See the [complete sheet](https://docs.google.com/spreadsheets/d/1nuNE2nPfuINCZJRMt6wFWhKpToF95I47XjSsc-1rbPQ/edit?usp=sharing) for different content types and compression settings.
 
@@ -123,7 +122,7 @@ In the example above, the numbers are as follows on a 4 CPU machine:
 Decompressor | Time | Speedup
 -------------|------|--------
 [gzip](http://golang.org/pkg/compress/gzip) (golang) | 1m28.85s | 0%
-[pgzip](https://github.com/klauspost/pgzip) (golang) | 43.48s | 104%
+[pgzip](https://github.com/klauspost/pgzip) (klauspost) | 43.48s | 104%
 
 But wait, since gzip decompression is inherently singlethreaded (aside from CRC calculation) how can it be more than 100% faster?  Because pgzip due to its design also acts as a buffer. When using unbuffered gzip, you are also waiting for io when you are decompressing. If the gzip decoder can keep up, it will always have data ready for your reader, and you will not be waiting for input to the gzip decompressor to complete.
 
diff --git a/vendor/github.com/klauspost/pgzip/gunzip.go b/vendor/github.com/klauspost/pgzip/gunzip.go
index d1ae730b2..3c4b32f16 100644
--- a/vendor/github.com/klauspost/pgzip/gunzip.go
+++ b/vendor/github.com/klauspost/pgzip/gunzip.go
@@ -513,6 +513,19 @@ func (z *Reader) Read(p []byte) (n int, err error) {
 
 func (z *Reader) WriteTo(w io.Writer) (n int64, err error) {
 	total := int64(0)
+	avail := z.current[z.roff:]
+	if len(avail) != 0 {
+		n, err := w.Write(avail)
+		if n != len(avail) {
+			return total, io.ErrShortWrite
+		}
+		total += int64(n)
+		if err != nil {
+			return total, err
+		}
+		z.blockPool <- z.current
+		z.current = nil
+	}
 	for {
 		if z.err != nil {
 			return total, z.err
diff --git a/vendor/github.com/lestrrat-go/blackmagic/.gitignore b/vendor/github.com/lestrrat-go/blackmagic/.gitignore
new file mode 100644
index 000000000..66fd13c90
--- /dev/null
+++ b/vendor/github.com/lestrrat-go/blackmagic/.gitignore
@@ -0,0 +1,15 @@
+# Binaries for programs and plugins
+*.exe
+*.exe~
+*.dll
+*.so
+*.dylib
+
+# Test binary, built with `go test -c`
+*.test
+
+# Output of the go coverage tool, specifically when used with LiteIDE
+*.out
+
+# Dependency directories (remove the comment below to include it)
+# vendor/
diff --git a/vendor/github.com/lestrrat-go/blackmagic/LICENSE b/vendor/github.com/lestrrat-go/blackmagic/LICENSE
new file mode 100644
index 000000000..188ea7685
--- /dev/null
+++ b/vendor/github.com/lestrrat-go/blackmagic/LICENSE
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2021 lestrrat-go
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/vendor/github.com/lestrrat-go/blackmagic/README.md b/vendor/github.com/lestrrat-go/blackmagic/README.md
new file mode 100644
index 000000000..0356f8a72
--- /dev/null
+++ b/vendor/github.com/lestrrat-go/blackmagic/README.md
@@ -0,0 +1,3 @@
+# blackmagic
+
+Reflect-based black magic. YMMV, and use with caution
diff --git a/vendor/github.com/lestrrat-go/blackmagic/blackmagic.go b/vendor/github.com/lestrrat-go/blackmagic/blackmagic.go
new file mode 100644
index 000000000..aa5704a21
--- /dev/null
+++ b/vendor/github.com/lestrrat-go/blackmagic/blackmagic.go
@@ -0,0 +1,90 @@
+package blackmagic
+
+import (
+	"fmt"
+	"reflect"
+)
+
+// AssignField is a convenience function to assign a value to
+// an optional struct field. In Go, an optional struct field is
+// usually denoted by a pointer to T instead of T:
+//
+//	type Object struct {
+//	  Optional *T
+//	}
+//
+// This gets a bit cumbersome when you want to assign literals
+// or you do not want to worry about taking the address of a
+// variable.
+//
+//	Object.Optional = &"foo" // doesn't compile!
+//
+// Instead you can use this function to do it in one line:
+//
+//	blackmagic.AssignOptionalField(&Object.Optionl, "foo")
+func AssignOptionalField(dst, src interface{}) error {
+	dstRV := reflect.ValueOf(dst)
+	srcRV := reflect.ValueOf(src)
+	if dstRV.Kind() != reflect.Pointer || dstRV.Elem().Kind() != reflect.Pointer {
+		return fmt.Errorf(`dst must be a pointer to a field that is turn a pointer of src (%T)`, src)
+	}
+
+	if !dstRV.Elem().CanSet() {
+		return fmt.Errorf(`dst (%T) is not assignable`, dstRV.Elem().Interface())
+	}
+	if !reflect.PtrTo(srcRV.Type()).AssignableTo(dstRV.Elem().Type()) {
+		return fmt.Errorf(`cannot assign src (%T) to dst (%T)`, src, dst)
+	}
+
+	ptr := reflect.New(srcRV.Type())
+	ptr.Elem().Set(srcRV)
+	dstRV.Elem().Set(ptr)
+	return nil
+}
+
+// AssignIfCompatible is a convenience function to safely
+// assign arbitrary values. dst must be a pointer to an
+// empty interface, or it must be a pointer to a compatible
+// variable type that can hold src.
+func AssignIfCompatible(dst, src interface{}) error {
+	orv := reflect.ValueOf(src) // save this value for error reporting
+	result := orv
+
+	// t can be a pointer or a slice, and the code will slightly change
+	// depending on this
+	var isPtr bool
+	var isSlice bool
+	switch result.Kind() {
+	case reflect.Ptr:
+		isPtr = true
+	case reflect.Slice:
+		isSlice = true
+	}
+
+	rv := reflect.ValueOf(dst)
+	if rv.Kind() != reflect.Ptr {
+		return fmt.Errorf(`destination argument to AssignIfCompatible() must be a pointer: %T`, dst)
+	}
+
+	actualDst := rv.Elem()
+	switch actualDst.Kind() {
+	case reflect.Interface:
+		// If it's an interface, we can just assign the pointer to the interface{}
+	default:
+		// If it's a pointer to the struct we're looking for, we need to set
+		// the de-referenced struct
+		if !isSlice && isPtr {
+			result = result.Elem()
+		}
+	}
+	if !result.Type().AssignableTo(actualDst.Type()) {
+		return fmt.Errorf(`argument to AssignIfCompatible() must be compatible with %T (was %T)`, orv.Interface(), dst)
+	}
+
+	if !actualDst.CanSet() {
+		return fmt.Errorf(`argument to AssignIfCompatible() must be settable`)
+	}
+	actualDst.Set(result)
+
+	return nil
+}
diff --git a/vendor/github.com/lestrrat-go/httpcc/.gitignore b/vendor/github.com/lestrrat-go/httpcc/.gitignore
new file mode 100644
index 000000000..66fd13c90
--- /dev/null
+++ b/vendor/github.com/lestrrat-go/httpcc/.gitignore
@@ -0,0 +1,15 @@
+# Binaries for programs and plugins
+*.exe
+*.exe~
+*.dll
+*.so
+*.dylib
+
+# Test binary, built with `go test -c`
+*.test
+
+# Output of the go coverage tool, specifically when used with LiteIDE
+*.out
+
+# Dependency directories (remove the comment below to include it)
+# vendor/
diff --git a/vendor/github.com/lestrrat-go/httpcc/LICENSE b/vendor/github.com/lestrrat-go/httpcc/LICENSE
new file mode 100644
index 000000000..963209bfb
--- /dev/null
+++ b/vendor/github.com/lestrrat-go/httpcc/LICENSE
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2020 lestrrat-go
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/vendor/github.com/lestrrat-go/httpcc/README.md b/vendor/github.com/lestrrat-go/httpcc/README.md
new file mode 100644
index 000000000..cf2dcb327
--- /dev/null
+++ b/vendor/github.com/lestrrat-go/httpcc/README.md
@@ -0,0 +1,35 @@
+httpcc
+======
+
+Parses HTTP/1.1 Cache-Control header, and returns a struct that is convenient
+for the end-user to do what they will with.
+
+# Parsing the HTTP Request
+
+```go
+dir, err := httpcc.ParseRequest(req.Header.Get(`Cache-Control`))
+// dir.MaxAge()       uint64, bool
+// dir.MaxStale()     uint64, bool
+// dir.MinFresh()     uint64, bool
+// dir.NoCache()      bool
+// dir.NoStore()      bool
+// dir.NoTransform()  bool
+// dir.OnlyIfCached() bool
+// dir.Extensions()   map[string]string
+```
+
+# Parsing the HTTP Response
+
+```go
+directives, err := httpcc.ParseResponse(res.Header.Get(`Cache-Control`))
+// dir.MaxAge()         uint64, bool
+// dir.MustRevalidate() bool
+// dir.NoCache()        []string
+// dir.NoStore()        bool
+// dir.NoTransform()    bool
+// dir.Public()         bool
+// dir.Private()        bool
+// dir.SMaxAge()        uint64, bool
+// dir.Extensions()     map[string]string
+```
+
diff --git a/vendor/github.com/lestrrat-go/httpcc/directives.go b/vendor/github.com/lestrrat-go/httpcc/directives.go
new file mode 100644
index 000000000..86cbbf0b9
--- /dev/null
+++ b/vendor/github.com/lestrrat-go/httpcc/directives.go
@@ -0,0 +1,117 @@
+package httpcc
+
+type RequestDirective struct {
+	maxAge       *uint64
+	maxStale     *uint64
+	minFresh     *uint64
+	noCache      bool
+	noStore      bool
+	noTransform  bool
+	onlyIfCached bool
+	extensions   map[string]string
+}
+
+func (d *RequestDirective) MaxAge() (uint64, bool) {
+	if v := d.maxAge; v != nil {
+		return *v, true
+	}
+	return 0, false
+}
+
+func (d *RequestDirective) MaxStale() (uint64, bool) {
+	if v := d.maxStale; v != nil {
+		return *v, true
+	}
+	return 0, false
+}
+
+func (d *RequestDirective) MinFresh() (uint64, bool) {
+	if v := d.minFresh; v != nil {
+		return *v, true
+	}
+	return 0, false
+}
+
+func (d *RequestDirective) NoCache() bool {
+	return d.noCache
+}
+
+func (d *RequestDirective) NoStore() bool {
+	return d.noStore
+}
+
+func (d *RequestDirective) NoTransform() bool {
+	return d.noTransform
+}
+
+func (d *RequestDirective) OnlyIfCached() bool {
+	return d.onlyIfCached
+}
+
+func (d *RequestDirective) Extensions() map[string]string {
+	return d.extensions
+}
+
+func (d *RequestDirective) Extension(s string) string {
+	return d.extensions[s]
+}
+
+type ResponseDirective struct {
+	maxAge          *uint64
+	noCache         []string
+	noStore         bool
+	noTransform     bool
+	public          bool
+	private         []string
+	proxyRevalidate bool
+	sMaxAge         *uint64
+	extensions      map[string]string
+}
+
+func (d *ResponseDirective) MaxAge() (uint64, bool) {
+	if v := d.maxAge; v != nil {
+		return *v, true
+	}
+	return 0, false
+}
+
+func (d *ResponseDirective) NoCache() []string {
+	return d.noCache
+}
+
+func (d *ResponseDirective) NoStore() bool {
+	return d.noStore
+}
+
+func (d *ResponseDirective) NoTransform() bool {
+	return d.noTransform
+}
+
+func (d *ResponseDirective) Public() bool {
+	return d.public
+}
+
+func (d *ResponseDirective) Private() []string {
+	return d.private
+}
+
+func (d *ResponseDirective) ProxyRevalidate() bool {
+	return d.proxyRevalidate
+}
+
+func (d *ResponseDirective) SMaxAge() (uint64, bool) {
+	if v := d.sMaxAge; v != nil {
+		return *v, true
+	}
+	return 0, false
+}
+
+func (d *ResponseDirective) Extensions() map[string]string {
+	return d.extensions
+}
+
+func (d *ResponseDirective) Extension(s string) string {
+	return d.extensions[s]
+}
+
+
diff --git a/vendor/github.com/lestrrat-go/httpcc/httpcc.go b/vendor/github.com/lestrrat-go/httpcc/httpcc.go
new file mode 100644
index 000000000..14679f9b1
--- /dev/null
+++ b/vendor/github.com/lestrrat-go/httpcc/httpcc.go
@@ -0,0 +1,310 @@
+package httpcc
+
+import (
+	"bufio"
+	"fmt"
+	"strconv"
+	"strings"
+	"unicode/utf8"
+)
+
+const (
+	// Request Cache-Control directives
+	MaxAge       = "max-age" // used in response as well
+	MaxStale     = "max-stale"
+	MinFresh     = "min-fresh"
+	NoCache      = "no-cache"     // used in response as well
+	NoStore      = "no-store"     // used in response as well
+	NoTransform  = "no-transform" // used in response as well
+	OnlyIfCached = "only-if-cached"
+
+	// Response Cache-Control directive
+	MustRevalidate  = "must-revalidate"
+	Public          = "public"
+	Private         = "private"
+	ProxyRevalidate = "proxy-revalidate"
+	SMaxAge         = "s-maxage"
+)
+
+type TokenPair struct {
+	Name  string
+	Value string
+}
+
+type TokenValuePolicy int
+
+const (
+	NoArgument TokenValuePolicy = iota
+	TokenOnly
+	QuotedStringOnly
+	AnyTokenValue
+)
+
+type directiveValidator interface {
+	Validate(string) TokenValuePolicy
+}
+type directiveValidatorFn func(string) TokenValuePolicy
+
+func (fn directiveValidatorFn) Validate(ccd string) TokenValuePolicy {
+	return fn(ccd)
+}
+
+func responseDirectiveValidator(s string) TokenValuePolicy {
+	switch s {
+	case MustRevalidate, NoStore, NoTransform, Public, ProxyRevalidate:
+		return NoArgument
+	case NoCache, Private:
+		return QuotedStringOnly
+	case MaxAge, SMaxAge:
+		return TokenOnly
+	default:
+		return AnyTokenValue
+	}
+}
+
+func requestDirectiveValidator(s string) TokenValuePolicy {
+	switch s {
+	case MaxAge, MaxStale, MinFresh:
+		return TokenOnly
+	case NoCache, NoStore, NoTransform, OnlyIfCached:
+		return NoArgument
+	default:
+		return AnyTokenValue
+	}
+}
+
+// ParseRequestDirective parses a single token.
+func ParseRequestDirective(s string) (*TokenPair, error) {
+	return parseDirective(s, directiveValidatorFn(requestDirectiveValidator))
+}
+
+func ParseResponseDirective(s string) (*TokenPair, error) {
+	return parseDirective(s, directiveValidatorFn(responseDirectiveValidator))
+}
+
+func parseDirective(s string, ccd directiveValidator) (*TokenPair, error) {
+	s = strings.TrimSpace(s)
+
+	i := strings.IndexByte(s, '=')
+	if i == -1 {
+		return &TokenPair{Name: s}, nil
+	}
+
+	pair := &TokenPair{Name: strings.TrimSpace(s[:i])}
+
+	if len(s) <= i {
+		// `key=` feels like it's a parse error, but it's HTTP...
+		// for now, return as if nothing happened.
+		return pair, nil
+	}
+
+	v := strings.TrimSpace(s[i+1:])
+	switch ccd.Validate(pair.Name) {
+	case TokenOnly:
+		if v[0] == '"' {
+			return nil, fmt.Errorf(`invalid value for %s (quoted string not allowed)`, pair.Name)
+		}
+	case QuotedStringOnly: // quoted-string only
+		if v[0] != '"' {
+			return nil, fmt.Errorf(`invalid value for %s (bare token not allowed)`, pair.Name)
+		}
+		tmp, err := strconv.Unquote(v)
+		if err != nil {
+			return nil, fmt.Errorf(`malformed quoted string in token`)
+		}
+		v = tmp
+	case AnyTokenValue:
+		if v[0] == '"' {
+			tmp, err := strconv.Unquote(v)
+			if err != nil {
+				return nil, fmt.Errorf(`malformed quoted string in token`)
+			}
+			v = tmp
+		}
+	case NoArgument:
+		if len(v) > 0 {
+			return nil, fmt.Errorf(`received argument to directive %s`, pair.Name)
+		}
+	}
+
+	pair.Value = v
+	return pair, nil
+}
+
+func ParseResponseDirectives(s string) ([]*TokenPair, error) {
+	return parseDirectives(s, ParseResponseDirective)
+}
+
+func ParseRequestDirectives(s string) ([]*TokenPair, error) {
+	return parseDirectives(s, ParseRequestDirective)
+}
+
+func parseDirectives(s string, p func(string) (*TokenPair, error)) ([]*TokenPair, error) {
+	scanner := bufio.NewScanner(strings.NewReader(s))
+	scanner.Split(scanCommaSeparatedWords)
+
+	var tokens []*TokenPair
+	for scanner.Scan() {
+		tok, err := p(scanner.Text())
+		if err != nil {
+			return nil, fmt.Errorf(`failed to parse token #%d: %w`, len(tokens)+1, err)
+		}
+		tokens = append(tokens, tok)
+	}
+	return tokens, nil
+}
+
+// isSpace reports whether the character is a Unicode white space character.
+// We avoid dependency on the unicode package, but check validity of the implementation
+// in the tests.
+func isSpace(r rune) bool {
+	if r <= '\u00FF' {
+		// Obvious ASCII ones: \t through \r plus space. Plus two Latin-1 oddballs.
+		switch r {
+		case ' ', '\t', '\n', '\v', '\f', '\r':
+			return true
+		case '\u0085', '\u00A0':
+			return true
+		}
+		return false
+	}
+	// High-valued ones.
+	if '\u2000' <= r && r <= '\u200a' {
+		return true
+	}
+	switch r {
+	case '\u1680', '\u2028', '\u2029', '\u202f', '\u205f', '\u3000':
+		return true
+	}
+	return false
+}
+
+func scanCommaSeparatedWords(data []byte, atEOF bool) (advance int, token []byte, err error) {
+	// Skip leading spaces.
+	start := 0
+	for width := 0; start < len(data); start += width {
+		var r rune
+		r, width = utf8.DecodeRune(data[start:])
+		if !isSpace(r) {
+			break
+		}
+	}
+	// Scan until we find a comma. Keep track of consecutive whitespaces
+	// so we remove them from the end result
+	var ws int
+	for width, i := 0, start; i < len(data); i += width {
+		var r rune
+		r, width = utf8.DecodeRune(data[i:])
+		switch {
+		case isSpace(r):
+			ws++
+		case r == ',':
+			return i + width, data[start : i-ws], nil
+		default:
+			ws = 0
+		}
+	}
+
+	// If we're at EOF, we have a final, non-empty, non-terminated word. Return it.
+	if atEOF && len(data) > start {
+		return len(data), data[start : len(data)-ws], nil
+	}
+
+	// Request more data.
+	return start, nil, nil
+}
+
+// ParseRequest parses the content of `Cache-Control` header of an HTTP Request.
+func ParseRequest(v string) (*RequestDirective, error) {
+	var dir RequestDirective
+	tokens, err := ParseRequestDirectives(v)
+	if err != nil {
+		return nil, fmt.Errorf(`failed to parse tokens: %w`, err)
+	}
+
+	for _, token := range tokens {
+		name := strings.ToLower(token.Name)
+		switch name {
+		case MaxAge:
+			iv, err := strconv.ParseUint(token.Value, 10, 64)
+			if err != nil {
+				return nil, fmt.Errorf(`failed to parse max-age: %w`, err)
+			}
+			dir.maxAge = &iv
+		case MaxStale:
+			iv, err := strconv.ParseUint(token.Value, 10, 64)
+			if err != nil {
+				return nil, fmt.Errorf(`failed to parse max-stale: %w`, err)
+			}
+			dir.maxStale = &iv
+		case MinFresh:
+			iv, err := strconv.ParseUint(token.Value, 10, 64)
+			if err != nil {
+				return nil, fmt.Errorf(`failed to parse min-fresh: %w`, err)
+			}
+			dir.minFresh = &iv
+		case NoCache:
+			dir.noCache = true
+		case NoStore:
+			dir.noStore = true
+		case NoTransform:
+			dir.noTransform = true
+		case OnlyIfCached:
+			dir.onlyIfCached = true
+		default:
+			dir.extensions[token.Name] = token.Value
+		}
+	}
+	return &dir, nil
+}
+
+// ParseResponse parses the content of `Cache-Control` header of an HTTP Response.
+func ParseResponse(v string) (*ResponseDirective, error) {
+	tokens, err := ParseResponseDirectives(v)
+	if err != nil {
+		return nil, fmt.Errorf(`failed to parse tokens: %w`, err)
+	}
+
+	var dir ResponseDirective
+	dir.extensions = make(map[string]string)
+	for _, token := range tokens {
+		name := strings.ToLower(token.Name)
+		switch name {
+		case MaxAge:
+			iv, err := strconv.ParseUint(token.Value, 10, 64)
+			if err != nil {
+				return nil, fmt.Errorf(`failed to parse max-age: %w`, err)
+			}
+			dir.maxAge = &iv
+		case NoCache:
+			scanner := bufio.NewScanner(strings.NewReader(token.Value))
+			scanner.Split(scanCommaSeparatedWords)
+			for scanner.Scan() {
+				dir.noCache = append(dir.noCache, scanner.Text())
+			}
+		case NoStore:
+			dir.noStore = true
+		case NoTransform:
+			dir.noTransform = true
+		case Public:
+			dir.public = true
+		case Private:
+			scanner := bufio.NewScanner(strings.NewReader(token.Value))
+			scanner.Split(scanCommaSeparatedWords)
+			for scanner.Scan() {
+				dir.private = append(dir.private, scanner.Text())
+			}
+		case ProxyRevalidate:
+			dir.proxyRevalidate = true
+		case SMaxAge:
+			iv, err := strconv.ParseUint(token.Value, 10, 64)
+			if err != nil {
+				return nil, fmt.Errorf(`failed to parse s-maxage: %w`, err)
+			}
+			dir.sMaxAge = &iv
+		default:
+			dir.extensions[token.Name] = token.Value
+		}
+	}
+	return &dir, nil
+}
diff --git a/vendor/github.com/lestrrat-go/httprc/.gitignore b/vendor/github.com/lestrrat-go/httprc/.gitignore
new file mode 100644
index 000000000..66fd13c90
--- /dev/null
+++ b/vendor/github.com/lestrrat-go/httprc/.gitignore
@@ -0,0 +1,15 @@
+# Binaries for programs and plugins
+*.exe
+*.exe~
+*.dll
+*.so
+*.dylib
+
+# Test binary, built with `go test -c`
+*.test
+
+# Output of the go coverage tool, specifically when used with LiteIDE
+*.out
+
+# Dependency directories (remove the comment below to include it)
+# vendor/
diff --git a/vendor/github.com/lestrrat-go/httprc/.golangci.yml b/vendor/github.com/lestrrat-go/httprc/.golangci.yml
new file mode 100644
index 000000000..864243216
--- /dev/null
+++ b/vendor/github.com/lestrrat-go/httprc/.golangci.yml
@@ -0,0 +1,84 @@
+run:
+
+linters-settings:
+  govet:
+    enable-all: true
+    disable:
+      - shadow
+      - fieldalignment
+
+linters:
+  enable-all: true
+  disable:
+    - cyclop
+    - dupl
+    - exhaustive
+    - exhaustivestruct
+    - errorlint
+    - funlen
+    - gci
+    - gochecknoglobals
+    - gochecknoinits
+    - gocognit
+    - gocritic
+    - gocyclo
+    - godot
+    - godox
+    - goerr113
+    - gofumpt
+    - golint #deprecated
+    - gomnd
+    - gosec
+    - govet
+    - interfacer # deprecated
+    - ifshort
+    - ireturn # No, I _LIKE_ returning interfaces
+    - lll
+    - maligned # deprecated
+    - makezero
+    - nakedret
+    - nestif
+    - nlreturn
+    - paralleltest
+    - scopelint # deprecated
+    - tagliatelle
+    - testpackage
+    - thelper
+    - varnamelen # short names are ok
+    - wrapcheck
+    - wsl
+
+issues:
+  exclude-rules:
+    # not needed
+    - path: /*.go
+      text: "ST1003: should not use underscores in package names"
+      linters:
+        - stylecheck
+    - path: /*.go
+      text: "don't use an underscore in package name"
+      linters:
+        - revive
+    - path: /main.go
+      linters:
+        - errcheck
+    - path: internal/codegen/codegen.go
+      linters:
+        - errcheck
+    - path: /*_test.go
+      linters:
+        - errcheck
+        - forcetypeassert
+    - path: /*_example_test.go
+      linters:
+        - forbidigo
+    - path: cmd/jwx/jwx.go
+      linters:
+        - forbidigo
+
+  # Maximum issues count per one linter. Set to 0 to disable. Default is 50.
+  max-issues-per-linter: 0
+
+  # Maximum count of issues with the same text. Set to 0 to disable. Default is 3.
+  max-same-issues: 0
+
diff --git a/vendor/github.com/lestrrat-go/httprc/Changes b/vendor/github.com/lestrrat-go/httprc/Changes
new file mode 100644
index 000000000..e2629fdd7
--- /dev/null
+++ b/vendor/github.com/lestrrat-go/httprc/Changes
@@ -0,0 +1,17 @@
+Changes
+=======
+
+v1.0.4 19 Jul 2022
+  * Fix sloppy API breakage
+
+v1.0.3 19 Jul 2022
+  * Fix queue insertion in the middle of the queue (#7)
+
+v1.0.2 13 Jun 2022
+  * Properly release a lock when the fetch fails (#5)
+
+v1.0.1 29 Mar 2022
+  * Bump dependency for github.com/lestrrat-go/httpcc to v1.0.1
+
+v1.0.0 29 Mar 2022
+  * Initial release, refactored out of github.com/lestrrat-go/jwx
diff --git a/vendor/github.com/lestrrat-go/httprc/LICENSE b/vendor/github.com/lestrrat-go/httprc/LICENSE
new file mode 100644
index 000000000..3e196892c
--- /dev/null
+++ b/vendor/github.com/lestrrat-go/httprc/LICENSE
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2022 lestrrat
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/vendor/github.com/lestrrat-go/httprc/README.md b/vendor/github.com/lestrrat-go/httprc/README.md
new file mode 100644
index 000000000..158380652
--- /dev/null
+++ b/vendor/github.com/lestrrat-go/httprc/README.md
@@ -0,0 +1,130 @@
+# httprc
+
+`httprc` is a HTTP "Refresh" Cache. Its aim is to cache a remote resource that
+can be fetched via HTTP, but keep the cached content up-to-date based on periodic
+refreshing.
+
+# SYNOPSIS
+
+<!-- INCLUDE(httprc_example_test.go) -->
+```go
+package httprc_test
+
+import (
+  "context"
+  "fmt"
+  "net/http"
+  "net/http/httptest"
+  "sync"
+  "time"
+
+  "github.com/lestrrat-go/httprc"
+)
+
+const (
+  helloWorld   = `Hello World!`
+  goodbyeWorld = `Goodbye World!`
+)
+
+func ExampleCache() {
+  var mu sync.RWMutex
+
+  msg := helloWorld
+
+  srv := httptest.NewTLSServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+    w.Header().Set(`Cache-Control`, fmt.Sprintf(`max-age=%d`, 2))
+    w.WriteHeader(http.StatusOK)
+    mu.RLock()
+    fmt.Fprint(w, msg)
+    mu.RUnlock()
+  }))
+  defer srv.Close()
+
+  ctx, cancel := context.WithCancel(context.Background())
+  defer cancel()
+
+  errSink := httprc.ErrSinkFunc(func(err error) {
+    fmt.Printf("%s\n", err)
+  })
+
+  c := httprc.NewCache(ctx,
+    httprc.WithErrSink(errSink),
+    httprc.WithRefreshWindow(time.Second), // force checks every second
+  )
+
+  c.Register(srv.URL,
+    httprc.WithHTTPClient(srv.Client()),        // we need client with TLS settings
+    httprc.WithMinRefreshInterval(time.Second), // allow max-age=1 (smallest)
+  )
+
+  payload, err := c.Get(ctx, srv.URL)
+  if err != nil {
+    fmt.Printf("%s\n", err)
+    return
+  }
+
+  if string(payload.([]byte)) != helloWorld {
+    fmt.Printf("payload mismatch: %s\n", payload)
+    return
+  }
+
+  mu.Lock()
+  msg = goodbyeWorld
+  mu.Unlock()
+
+  time.Sleep(4 * time.Second)
+
+  payload, err = c.Get(ctx, srv.URL)
+  if err != nil {
+    fmt.Printf("%s\n", err)
+    return
+  }
+
+  if string(payload.([]byte)) != goodbyeWorld {
+    fmt.Printf("payload mismatch: %s\n", payload)
+    return
+  }
+
+  cancel()
+
+  // OUTPUT:
+}
+```
+source: [httprc_example_test.go](https://github.com/lestrrat-go/jwx/blob/main/httprc_example_test.go)
+<!-- END INCLUDE -->
+
+# Sequence Diagram
+
+```mermaid
+sequenceDiagram
+  autonumber
+  actor User
+  participant httprc.Cache
+  participant httprc.Storage
+  User->>httprc.Cache: Fetch URL `u`
+  activate httprc.Storage
+  httprc.Cache->>httprc.Storage: Fetch local cache for `u`
+  alt Cache exists
+    httprc.Storage-->httprc.Cache: Return local cache
+    httprc.Cache-->>User: Return data
+    Note over httprc.Storage: If the cache exists, there's nothing more to do.<br />The cached content will be updated periodically in httprc.Refresher
+    deactivate httprc.Storage
+  else Cache does not exist
+    activate httprc.Fetcher
+    httprc.Cache->>httprc.Fetcher: Fetch remote resource `u`
+    httprc.Fetcher-->>httprc.Cache: Return fetched data
+    deactivate httprc.Fetcher
+    httprc.Cache-->>User: Return data
+    httprc.Cache-)httprc.Refresher: Enqueue into auto-refresh queue
+    activate httprc.Refresher
+    loop Refresh Loop
+      Note over httprc.Storage,httprc.Fetcher: Cached contents are updated synchronously
+      httprc.Refresher->>httprc.Refresher: Wait until next refresh
+      httprc.Refresher-->>httprc.Fetcher: Request fetch
+      httprc.Fetcher->>httprc.Refresher: Return fetched data
+      httprc.Refresher-->>httprc.Storage: Store new version in cache
+      httprc.Refresher->>httprc.Refresher: Enqueue into auto-refresh queue (again)
+    end
+    deactivate httprc.Refresher
+  end
+```
diff --git a/vendor/github.com/lestrrat-go/httprc/cache.go b/vendor/github.com/lestrrat-go/httprc/cache.go
new file mode 100644
index 000000000..505e5ae44
--- /dev/null
+++ b/vendor/github.com/lestrrat-go/httprc/cache.go
@@ -0,0 +1,172 @@
+package httprc
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"sync"
+	"time"
+)
+
+// ErrSink is an abstraction that allows users to consume errors
+// produced while the cache queue is running.
+type HTTPClient interface {
+	Get(string) (*http.Response, error)
+}
+
+// Cache represents a cache that stores resources locally, while
+// periodically refreshing the contents based on HTTP header values
+// and/or user-supplied hints.
+//
+// Refresh is performed _periodically_, and therefore the contents
+// are not kept up-to-date in real time. The interval between checks
+// for refreshes is called the refresh window.
+//
+// The default refresh window is 15 minutes. This means that if a
+// resource is fetched is at time T, and it is supposed to be
+// refreshed in 20 minutes, the next refresh for this resource will
+// happen at T+30 minutes (15+15 minutes).
+type Cache struct {
+	mu    sync.RWMutex
+	queue *queue
+	wl    Whitelist
+}
+
+const defaultRefreshWindow = 15 * time.Minute
+
+// New creates a new Cache object.
+//
+// The context object in the argument controls the life-cycle of the
+// auto-refresh worker. If you cancel the `ctx`, then the automatic
+// refresh will stop working.
+//
+// Refresh will only be performed periodically where the interval between
+// refreshes are controlled by the `refresh window` variable. For example,
+// if the refresh window is every 5 minutes and the resource was queued
+// to be refreshed at 7 minutes, the resource will be refreshed after 10
+// minutes (in 2 refresh window time).
+//
+// The refresh window can be configured by using `httprc.WithRefreshWindow`
+// option. If you want refreshes to be performed more often, provide a smaller
+// refresh window. If you specify a refresh window that is smaller than 1
+// second, it will automatically be set to the default value, which is 15
+// minutes.
+//
+// Internally the HTTP fetching is done using a pool of HTTP fetch
+// workers. The default number of workers is 3. You may change this
+// number by specifying the `httprc.WithFetcherWorkerCount`
+func NewCache(ctx context.Context, options ...CacheOption) *Cache {
+	var refreshWindow time.Duration
+	var errSink ErrSink
+	var wl Whitelist
+	var fetcherOptions []FetcherOption
+	for _, option := range options {
+		//nolint:forcetypeassert
+		switch option.Ident() {
+		case identRefreshWindow{}:
+			refreshWindow = option.Value().(time.Duration)
+		case identFetcherWorkerCount{}, identWhitelist{}:
+			fetcherOptions = append(fetcherOptions, option)
+		case identErrSink{}:
+			errSink = option.Value().(ErrSink)
+		}
+	}
+
+	if refreshWindow < time.Second {
+		refreshWindow = defaultRefreshWindow
+	}
+
+	fetch := NewFetcher(ctx, fetcherOptions...)
+	queue := newQueue(ctx, refreshWindow, fetch, errSink)
+
+	return &Cache{
+		queue: queue,
+		wl:    wl,
+	}
+}
+
+// Register configures a URL to be stored in the cache.
+//
+// For any given URL, the URL must be registered _BEFORE_ it is
+// accessed using `Get()` method.
+func (c *Cache) Register(u string, options ...RegisterOption) error {
+	c.mu.Lock()
+	defer c.mu.Unlock()
+
+	if wl := c.wl; wl != nil {
+		if !wl.IsAllowed(u) {
+			return fmt.Errorf(`httprc.Cache: url %q has been rejected by whitelist`, u)
+		}
+	}
+
+	return c.queue.Register(u, options...)
+}
+
+// Unregister removes the given URL `u` from the cache.
+//
+// Subsequent calls to `Get()` will fail until `u` is registered again.
+func (c *Cache) Unregister(u string) error {
+	c.mu.Lock()
+	defer c.mu.Unlock()
+	return c.queue.Unregister(u)
+}
+
+// IsRegistered returns true if the given URL `u` has already been
+// registered in the cache.
+func (c *Cache) IsRegistered(u string) bool {
+	c.mu.RLock()
+	defer c.mu.RUnlock()
+	return c.queue.IsRegistered(u)
+}
+
+// Refresh is identical to Get(), except it always fetches the
+// specified resource anew, and updates the cached content
+func (c *Cache) Refresh(ctx context.Context, u string) (interface{}, error) {
+	return c.getOrFetch(ctx, u, true)
+}
+
+// Get returns the cached object.
+//
+// The context.Context argument is used to control the timeout for
+// synchronous fetches, when they need to happen. Synchronous fetches
+// will be performed when the cache does not contain the specified
+// resource.
+func (c *Cache) Get(ctx context.Context, u string) (interface{}, error) {
+	return c.getOrFetch(ctx, u, false)
+}
+
+func (c *Cache) getOrFetch(ctx context.Context, u string, forceRefresh bool) (interface{}, error) {
+	c.mu.RLock()
+	e, ok := c.queue.getRegistered(u)
+	if !ok {
+		c.mu.RUnlock()
+		return nil, fmt.Errorf(`url %q is not registered (did you make sure to call Register() first?)`, u)
+	}
+	c.mu.RUnlock()
+
+	// Only one goroutine may enter this section.
+	e.acquireSem()
+
+	// has this entry been fetched? (but ignore and do a fetch
+	// if forceRefresh is true)
+	if forceRefresh || !e.hasBeenFetched() {
+		if err := c.queue.fetchAndStore(ctx, e); err != nil {
+			e.releaseSem()
+			return nil, fmt.Errorf(`failed to fetch %q: %w`, u, err)
+		}
+	}
+
+	e.releaseSem()
+
+	e.mu.RLock()
+	data := e.data
+	e.mu.RUnlock()
+
+	return data, nil
+}
+
+func (c *Cache) Snapshot() *Snapshot {
+	c.mu.RLock()
+	defer c.mu.RUnlock()
+	return c.queue.snapshot()
+}
diff --git a/vendor/github.com/lestrrat-go/httprc/fetcher.go b/vendor/github.com/lestrrat-go/httprc/fetcher.go
new file mode 100644
index 000000000..0bce87a01
--- /dev/null
+++ b/vendor/github.com/lestrrat-go/httprc/fetcher.go
@@ -0,0 +1,182 @@
+package httprc
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"sync"
+)
+
+type fetchRequest struct {
+	mu sync.RWMutex
+
+	// client contains the HTTP Client that can be used to make a
+	// request. By setting a custom *http.Client, you can for example
+	// provide a custom http.Transport
+	//
+	// If not specified, http.DefaultClient will be used.
+	client HTTPClient
+
+	wl Whitelist
+
+	// u contains the URL to be fetched
+	url string
+
+	// reply is a field that is only used by the internals of the fetcher
+	// it is used to return the result of fetching
+	reply chan *fetchResult
+}
+
+type fetchResult struct {
+	mu  sync.RWMutex
+	res *http.Response
+	err error
+}
+
+func (fr *fetchResult) reply(ctx context.Context, reply chan *fetchResult) error {
+	select {
+	case <-ctx.Done():
+		return ctx.Err()
+	case reply <- fr:
+	}
+
+	close(reply)
+	return nil
+}
+
+type fetcher struct {
+	requests chan *fetchRequest
+}
+
+type Fetcher interface {
+	Fetch(context.Context, string, ...FetchOption) (*http.Response, error)
+	fetch(context.Context, *fetchRequest) (*http.Response, error)
+}
+
+func NewFetcher(ctx context.Context, options ...FetcherOption) Fetcher {
+	var nworkers int
+	var wl Whitelist
+	for _, option := range options {
+		//nolint:forcetypeassert
+		switch option.Ident() {
+		case identFetcherWorkerCount{}:
+			nworkers = option.Value().(int)
+		case identWhitelist{}:
+			wl = option.Value().(Whitelist)
+		}
+	}
+
+	if nworkers < 1 {
+		nworkers = 3
+	}
+
+	incoming := make(chan *fetchRequest)
+	for i := 0; i < nworkers; i++ {
+		go runFetchWorker(ctx, incoming, wl)
+	}
+	return &fetcher{
+		requests: incoming,
+	}
+}
+
+func (f *fetcher) Fetch(ctx context.Context, u string, options ...FetchOption) (*http.Response, error) {
+	var client HTTPClient
+	var wl Whitelist
+	for _, option := range options {
+		//nolint:forcetypeassert
+		switch option.Ident() {
+		case identHTTPClient{}:
+			client = option.Value().(HTTPClient)
+		case identWhitelist{}:
+			wl = option.Value().(Whitelist)
+		}
+	}
+
+	req := fetchRequest{
+		client: client,
+		url:    u,
+		wl:     wl,
+	}
+
+	return f.fetch(ctx, &req)
+}
+
+// fetch (unexported) is the main fetching implemntation.
+// it allows the caller to reuse the same *fetchRequest object
+func (f *fetcher) fetch(ctx context.Context, req *fetchRequest) (*http.Response, error) {
+	reply := make(chan *fetchResult, 1)
+	req.mu.Lock()
+	req.reply = reply
+	req.mu.Unlock()
+
+	// Send a request to the backend
+	select {
+	case <-ctx.Done():
+		return nil, ctx.Err()
+	case f.requests <- req:
+	}
+
+	// wait until we get a reply
+	select {
+	case <-ctx.Done():
+		return nil, ctx.Err()
+	case fr := <-reply:
+		fr.mu.RLock()
+		res := fr.res
+		err := fr.err
+		fr.mu.RUnlock()
+		return res, err
+	}
+}
+
+func runFetchWorker(ctx context.Context, incoming chan *fetchRequest, wl Whitelist) {
+LOOP:
+	for {
+		select {
+		case <-ctx.Done():
+			break LOOP
+		case req := <-incoming:
+			req.mu.RLock()
+			reply := req.reply
+			client := req.client
+			if client == nil {
+				client = http.DefaultClient
+			}
+			url := req.url
+			reqwl := req.wl
+			req.mu.RUnlock()
+
+			var wls []Whitelist
+			for _, v := range []Whitelist{wl, reqwl} {
+				if v != nil {
+					wls = append(wls, v)
+				}
+			}
+
+			if len(wls) > 0 {
+				for _, wl := range wls {
+					if !wl.IsAllowed(url) {
+						r := &fetchResult{
+							err: fmt.Errorf(`fetching url %q rejected by whitelist`, url),
+						}
+						if err := r.reply(ctx, reply); err != nil {
+							break LOOP
+						}
+						continue LOOP
+					}
+				}
+			}
+
+			// The body is handled by the consumer of the fetcher
+			//nolint:bodyclose
+			res, err := client.Get(url)
+			r := &fetchResult{
+				res: res,
+				err: err,
+			}
+			if err := r.reply(ctx, reply); err != nil {
+				break LOOP
+			}
+		}
+	}
+}
diff --git a/vendor/github.com/lestrrat-go/httprc/httprc.go b/vendor/github.com/lestrrat-go/httprc/httprc.go
new file mode 100644
index 000000000..8ae056a7e
--- /dev/null
+++ b/vendor/github.com/lestrrat-go/httprc/httprc.go
@@ -0,0 +1,22 @@
+//go:generate tools/genoptions.sh
+
+// Package httprc implements a cache for resources available
+// over http(s). Its aim is not only to cache these resources so
+// that it saves on HTTP roundtrips, but it also periodically
+// attempts to auto-refresh these resources once they are cached
+// based on the user-specified intervals and HTTP `Expires` and
+// `Cache-Control` headers, thus keeping the entries _relatively_ fresh.
+package httprc
+
+import "fmt"
+
+// RefreshError is the underlying error type that is sent to
+// the `httprc.ErrSink` objects
+type RefreshError struct {
+	URL string
+	Err error
+}
+
+func (re *RefreshError) Error() string {
+	return fmt.Sprintf(`refresh error (%q): %s`, re.URL, re.Err)
+}
diff --git a/vendor/github.com/lestrrat-go/httprc/options.yaml b/vendor/github.com/lestrrat-go/httprc/options.yaml
new file mode 100644
index 000000000..5a5139cb8
--- /dev/null
+++ b/vendor/github.com/lestrrat-go/httprc/options.yaml
@@ -0,0 +1,119 @@
+package_name: httprc
+output: options_gen.go
+interfaces:
+  - name: RegisterOption
+    comment: |
+      RegisterOption desribes options that can be passed to `(httprc.Cache).Register()`
+  - name: CacheOption
+    comment: |
+      CacheOption desribes options that can be passed to `New()`
+  - name: FetcherOption
+    methods:
+      - cacheOption
+    comment: |
+      FetcherOption describes options that can be passed to `(httprc.Fetcher).NewFetcher()`
+  - name: FetchOption
+    comment: |
+      FetchOption describes options that can be passed to `(httprc.Fetcher).Fetch()`
+  - name: FetchRegisterOption
+    methods:
+      - fetchOption
+      - registerOption
+  - name: FetchFetcherRegisterOption
+    methods:
+      - fetchOption
+      - fetcherOption
+      - registerOption
+options:
+  - ident: FetcherWorkerCount
+    interface: FetcherOption
+    argument_type: int
+    comment: |
+      WithFetchWorkerCount specifies the number of HTTP fetch workers that are spawned
+      in the backend. By default 3 workers are spawned.
+  - ident: Whitelist
+    interface: FetchFetcherRegisterOption
+    argument_type: Whitelist
+    comment: |
+      WithWhitelist specifies the Whitelist object that can control which URLs are
+      allowed to be processed.
+
+      It can be passed to `httprc.NewCache` as a whitelist applied to all
+      URLs that are fetched by the cache, or it can be passed on a per-URL
+      basis using `(httprc.Cache).Register()`. If both are specified,
+      the url must fulfill _both_ the cache-wide whitelist and the per-URL
+      whitelist.
+  - ident: Transformer
+    interface: RegisterOption
+    argument_type: Transformer
+    comment: |
+      WithTransformer specifies the `httprc.Transformer` object that should be applied
+      to the fetched resource. The `Transform()` method is only called if the HTTP request
+      returns a `200 OK` status.
+  - ident: HTTPClient
+    interface: FetchRegisterOption
+    argument_type: HTTPClient
+    comment: |
+      WithHTTPClient specififes the HTTP Client object that should be used to fetch
+      the resource. For example, if you need an `*http.Client` instance that requires
+      special TLS or Authorization setup, you might want to pass it using this option.
+  - ident: MinRefreshInterval
+    interface: RegisterOption
+    argument_type: time.Duration
+    comment: |
+      WithMinRefreshInterval specifies the minimum refresh interval to be used.
+
+      When we fetch the key from a remote URL, we first look at the `max-age`
+      directive from `Cache-Control` response header. If this value is present,
+      we compare the `max-age` value and the value specified by this option
+      and take the larger one (e.g. if `max-age` = 5 minutes and `min refresh` = 10
+      minutes, then next fetch will happen in 10 minutes)
+
+      Next we check for the `Expires` header, and similarly if the header is
+      present, we compare it against the value specified by this option,
+      and take the larger one.
+
+      Finally, if neither of the above headers are present, we use the
+      value specified by this option as the interval until the next refresh.
+
+      If unspecified, the minimum refresh interval is 1 hour.
+
+      This value and the header values are ignored if `WithRefreshInterval` is specified.
+  - ident: RefreshInterval
+    interface: RegisterOption
+    argument_type: time.Duration
+    comment: |
+      WithRefreshInterval specifies the static interval between refreshes
+      of resources controlled by `httprc.Cache`.
+
+      Providing this option overrides the adaptive token refreshing based
+      on Cache-Control/Expires header (and `httprc.WithMinRefreshInterval`),
+      and refreshes will *always* happen in this interval.
+
+      You generally do not want to make this value too small, as it can easily
+      be considered a DoS attack, and there is no backoff mechanism for failed
+      attempts.
+  - ident: RefreshWindow
+    interface: CacheOption
+    argument_type: time.Duration
+    comment: |
+      WithRefreshWindow specifies the interval between checks for refreshes.
+      `httprc.Cache` does not check for refreshes in exact intervals. Instead,
+      it wakes up at every tick that occurs in the interval specified by
+      `WithRefreshWindow` option, and refreshes all entries that need to be
+      refreshed within this window.
+
+      The default value is 15 minutes.
+
+      You generally do not want to make this value too small, as it can easily
+      be considered a DoS attack, and there is no backoff mechanism for failed
+      attempts.
+  - ident: ErrSink
+    interface: CacheOption
+    argument_type: ErrSink
+    comment: |
+      WithErrSink specifies the `httprc.ErrSink` object that handles errors
+      that occurred during the cache's execution. For example, you will be
+      able to intercept errors that occurred during the execution of Transformers.
+
+
diff --git a/vendor/github.com/lestrrat-go/httprc/options_gen.go b/vendor/github.com/lestrrat-go/httprc/options_gen.go
new file mode 100644
index 000000000..daaf65f95
--- /dev/null
+++ b/vendor/github.com/lestrrat-go/httprc/options_gen.go
@@ -0,0 +1,221 @@
+// This file is auto-generated by github.com/lestrrat-go/option/cmd/genoptions. DO NOT EDIT
+
+package httprc
+
+import (
+	"time"
+
+	"github.com/lestrrat-go/option"
+)
+
+type Option = option.Interface
+
+// CacheOption desribes options that can be passed to `New()`
+type CacheOption interface {
+	Option
+	cacheOption()
+}
+
+type cacheOption struct {
+	Option
+}
+
+func (*cacheOption) cacheOption() {}
+
+type FetchFetcherRegisterOption interface {
+	Option
+	fetchOption()
+	fetcherOption()
+	registerOption()
+}
+
+type fetchFetcherRegisterOption struct {
+	Option
+}
+
+func (*fetchFetcherRegisterOption) fetchOption() {}
+
+func (*fetchFetcherRegisterOption) fetcherOption() {}
+
+func (*fetchFetcherRegisterOption) registerOption() {}
+
+// FetchOption describes options that can be passed to `(httprc.Fetcher).Fetch()`
+type FetchOption interface {
+	Option
+	fetchOption()
+}
+
+type fetchOption struct {
+	Option
+}
+
+func (*fetchOption) fetchOption() {}
+
+type FetchRegisterOption interface {
+	Option
+	fetchOption()
+	registerOption()
+}
+
+type fetchRegisterOption struct {
+	Option
+}
+
+func (*fetchRegisterOption) fetchOption() {}
+
+func (*fetchRegisterOption) registerOption() {}
+
+// FetcherOption describes options that can be passed to `(httprc.Fetcher).NewFetcher()`
+type FetcherOption interface {
+	Option
+	cacheOption()
+}
+
+type fetcherOption struct {
+	Option
+}
+
+func (*fetcherOption) cacheOption() {}
+
+// RegisterOption desribes options that can be passed to `(httprc.Cache).Register()`
+type RegisterOption interface {
+	Option
+	registerOption()
+}
+
+type registerOption struct {
+	Option
+}
+
+func (*registerOption) registerOption() {}
+
+type identErrSink struct{}
+type identFetcherWorkerCount struct{}
+type identHTTPClient struct{}
+type identMinRefreshInterval struct{}
+type identRefreshInterval struct{}
+type identRefreshWindow struct{}
+type identTransformer struct{}
+type identWhitelist struct{}
+
+func (identErrSink) String() string {
+	return "WithErrSink"
+}
+
+func (identFetcherWorkerCount) String() string {
+	return "WithFetcherWorkerCount"
+}
+
+func (identHTTPClient) String() string {
+	return "WithHTTPClient"
+}
+
+func (identMinRefreshInterval) String() string {
+	return "WithMinRefreshInterval"
+}
+
+func (identRefreshInterval) String() string {
+	return "WithRefreshInterval"
+}
+
+func (identRefreshWindow) String() string {
+	return "WithRefreshWindow"
+}
+
+func (identTransformer) String() string {
+	return "WithTransformer"
+}
+
+func (identWhitelist) String() string {
+	return "WithWhitelist"
+}
+
+// WithErrSink specifies the `httprc.ErrSink` object that handles errors
+// that occurred during the cache's execution. For example, you will be
+// able to intercept errors that occurred during the execution of Transformers.
+func WithErrSink(v ErrSink) CacheOption {
+	return &cacheOption{option.New(identErrSink{}, v)}
+}
+
+// WithFetchWorkerCount specifies the number of HTTP fetch workers that are spawned
+// in the backend. By default 3 workers are spawned.
+func WithFetcherWorkerCount(v int) FetcherOption {
+	return &fetcherOption{option.New(identFetcherWorkerCount{}, v)}
+}
+
+// WithHTTPClient specififes the HTTP Client object that should be used to fetch
+// the resource. For example, if you need an `*http.Client` instance that requires
+// special TLS or Authorization setup, you might want to pass it using this option.
+func WithHTTPClient(v HTTPClient) FetchRegisterOption {
+	return &fetchRegisterOption{option.New(identHTTPClient{}, v)}
+}
+
+// WithMinRefreshInterval specifies the minimum refresh interval to be used.
+//
+// When we fetch the key from a remote URL, we first look at the `max-age`
+// directive from `Cache-Control` response header. If this value is present,
+// we compare the `max-age` value and the value specified by this option
+// and take the larger one (e.g. if `max-age` = 5 minutes and `min refresh` = 10
+// minutes, then next fetch will happen in 10 minutes)
+//
+// Next we check for the `Expires` header, and similarly if the header is
+// present, we compare it against the value specified by this option,
+// and take the larger one.
+//
+// Finally, if neither of the above headers are present, we use the
+// value specified by this option as the interval until the next refresh.
+//
+// If unspecified, the minimum refresh interval is 1 hour.
+//
+// This value and the header values are ignored if `WithRefreshInterval` is specified.
+func WithMinRefreshInterval(v time.Duration) RegisterOption {
+	return &registerOption{option.New(identMinRefreshInterval{}, v)}
+}
+
+// WithRefreshInterval specifies the static interval between refreshes
+// of resources controlled by `httprc.Cache`.
+//
+// Providing this option overrides the adaptive token refreshing based
+// on Cache-Control/Expires header (and `httprc.WithMinRefreshInterval`),
+// and refreshes will *always* happen in this interval.
+//
+// You generally do not want to make this value too small, as it can easily
+// be considered a DoS attack, and there is no backoff mechanism for failed
+// attempts.
+func WithRefreshInterval(v time.Duration) RegisterOption {
+	return &registerOption{option.New(identRefreshInterval{}, v)}
+}
+
+// WithRefreshWindow specifies the interval between checks for refreshes.
+// `httprc.Cache` does not check for refreshes in exact intervals. Instead,
+// it wakes up at every tick that occurs in the interval specified by
+// `WithRefreshWindow` option, and refreshes all entries that need to be
+// refreshed within this window.
+//
+// The default value is 15 minutes.
+//
+// You generally do not want to make this value too small, as it can easily
+// be considered a DoS attack, and there is no backoff mechanism for failed
+// attempts.
+func WithRefreshWindow(v time.Duration) CacheOption {
+	return &cacheOption{option.New(identRefreshWindow{}, v)}
+}
+
+// WithTransformer specifies the `httprc.Transformer` object that should be applied
+// to the fetched resource. The `Transform()` method is only called if the HTTP request
+// returns a `200 OK` status.
+func WithTransformer(v Transformer) RegisterOption {
+	return &registerOption{option.New(identTransformer{}, v)}
+}
+
+// WithWhitelist specifies the Whitelist object that can control which URLs are
+// allowed to be processed.
+//
+// It can be passed to `httprc.NewCache` as a whitelist applied to all
+// URLs that are fetched by the cache, or it can be passed on a per-URL
+// basis using `(httprc.Cache).Register()`. If both are specified,
+// the url must fulfill _both_ the cache-wide whitelist and the per-URL
+// whitelist.
+func WithWhitelist(v Whitelist) FetchFetcherRegisterOption {
+	return &fetchFetcherRegisterOption{option.New(identWhitelist{}, v)}
+}
diff --git a/vendor/github.com/lestrrat-go/httprc/queue.go b/vendor/github.com/lestrrat-go/httprc/queue.go
new file mode 100644
index 000000000..897207b7d
--- /dev/null
+++ b/vendor/github.com/lestrrat-go/httprc/queue.go
@@ -0,0 +1,459 @@
+package httprc
+
+import (
+	"bytes"
+	"context"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"sync"
+	"time"
+
+	"github.com/lestrrat-go/httpcc"
+)
+
+// ErrSink is an abstraction that allows users to consume errors
+// produced while the cache queue is running.
+type ErrSink interface {
+	// Error accepts errors produced during the cache queue's execution.
+	// The method should never block, otherwise the fetch loop may be
+	// paused for a prolonged amount of time.
+	Error(error)
+}
+
+type ErrSinkFunc func(err error)
+
+func (f ErrSinkFunc) Error(err error) {
+	f(err)
+}
+
+// Transformer is responsible for converting an HTTP response
+// into an appropriate form of your choosing.
+type Transformer interface {
+	// Transform receives an HTTP response object, and should
+	// return an appropriate object that suits your needs.
+	//
+	// If you happen to use the response body, you are responsible
+	// for closing the body
+	Transform(string, *http.Response) (interface{}, error)
+}
+
+type TransformFunc func(string, *http.Response) (interface{}, error)
+
+func (f TransformFunc) Transform(u string, res *http.Response) (interface{}, error) {
+	return f(u, res)
+}
+
+// BodyBytes is the default Transformer applied to all resources.
+// It takes an *http.Response object and extracts the body
+// of the response as `[]byte`
+type BodyBytes struct{}
+
+func (BodyBytes) Transform(_ string, res *http.Response) (interface{}, error) {
+	buf, err := ioutil.ReadAll(res.Body)
+	defer res.Body.Close()
+	if err != nil {
+		return nil, fmt.Errorf(`failed to read response body: %w`, err)
+	}
+
+	return buf, nil
+}
+
+type rqentry struct {
+	fireAt time.Time
+	url    string
+}
+
+// entry represents a resource to be fetched over HTTP,
+// long with optional specifications such as the *http.Client
+// object to use.
+type entry struct {
+	mu  sync.RWMutex
+	sem chan struct{}
+
+	lastFetch time.Time
+
+	// Interval between refreshes are calculated two ways.
+	// 1) You can set an explicit refresh interval by using WithRefreshInterval().
+	//    In this mode, it doesn't matter what the HTTP response says in its
+	//    Cache-Control or Expires headers
+	// 2) You can let us calculate the time-to-refresh based on the key's
+	//    Cache-Control or Expires headers.
+	//    First, the user provides us the absolute minimum interval before
+	//    refreshes. We will never check for refreshes before this specified
+	//    amount of time.
+	//
+	//    Next, max-age directive in the Cache-Control header is consulted.
+	//    If `max-age` is not present, we skip the following section, and
+	//    proceed to the next option.
+	//    If `max-age > user-supplied minimum interval`, then we use the max-age,
+	//    otherwise the user-supplied minimum interval is used.
+	//
+	//    Next, the value specified in Expires header is consulted.
+	//    If the header is not present, we skip the following seciont and
+	//    proceed to the next option.
+	//    We take the time until expiration `expires - time.Now()`, and
+	//    if `time-until-expiration > user-supplied minimum interval`, then
+	//    we use the expires value, otherwise the user-supplied minimum interval is used.
+	//
+	//    If all of the above fails, we used the user-supplied minimum interval
+	refreshInterval    time.Duration
+	minRefreshInterval time.Duration
+
+	request *fetchRequest
+
+	transform Transformer
+	data      interface{}
+}
+
+func (e *entry) acquireSem() {
+	e.sem <- struct{}{}
+}
+
+func (e *entry) releaseSem() {
+	<-e.sem
+}
+
+func (e *entry) hasBeenFetched() bool {
+	e.mu.RLock()
+	defer e.mu.RUnlock()
+	return !e.lastFetch.IsZero()
+}
+
+// queue is responsible for updating the contents of the storage
+type queue struct {
+	mu         sync.RWMutex
+	registry   map[string]*entry
+	windowSize time.Duration
+	fetch      Fetcher
+	fetchCond  *sync.Cond
+	fetchQueue []*rqentry
+
+	// list is a sorted list of urls to their expected fire time
+	// when we get a new tick in the RQ loop, we process everything
+	// that can be fired up to the point the tick was called
+	list []*rqentry
+
+	// clock is really only used by testing
+	clock interface {
+		Now() time.Time
+	}
+}
+
+type clockFunc func() time.Time
+
+func (cf clockFunc) Now() time.Time {
+	return cf()
+}
+
+func newQueue(ctx context.Context, window time.Duration, fetch Fetcher, errSink ErrSink) *queue {
+	fetchLocker := &sync.Mutex{}
+	rq := &queue{
+		windowSize: window,
+		fetch:      fetch,
+		fetchCond:  sync.NewCond(fetchLocker),
+		registry:   make(map[string]*entry),
+		clock:      clockFunc(time.Now),
+	}
+
+	go rq.refreshLoop(ctx, errSink)
+
+	return rq
+}
+
+func (q *queue) Register(u string, options ...RegisterOption) error {
+	var refreshInterval time.Duration
+	var client HTTPClient
+	var wl Whitelist
+	var transform Transformer = BodyBytes{}
+
+	minRefreshInterval := 15 * time.Minute
+	for _, option := range options {
+		//nolint:forcetypeassert
+		switch option.Ident() {
+		case identHTTPClient{}:
+			client = option.Value().(HTTPClient)
+		case identRefreshInterval{}:
+			refreshInterval = option.Value().(time.Duration)
+		case identMinRefreshInterval{}:
+			minRefreshInterval = option.Value().(time.Duration)
+		case identTransformer{}:
+			transform = option.Value().(Transformer)
+		case identWhitelist{}:
+			wl = option.Value().(Whitelist)
+		}
+	}
+
+	q.mu.RLock()
+	rWindow := q.windowSize
+	q.mu.RUnlock()
+
+	if refreshInterval > 0 && refreshInterval < rWindow {
+		return fmt.Errorf(`refresh interval (%s) is smaller than refresh window (%s): this will not as expected`, refreshInterval, rWindow)
+	}
+
+	e := entry{
+		sem:                make(chan struct{}, 1),
+		minRefreshInterval: minRefreshInterval,
+		transform:          transform,
+		refreshInterval:    refreshInterval,
+		request: &fetchRequest{
+			client: client,
+			url:    u,
+			wl:     wl,
+		},
+	}
+	q.mu.Lock()
+	q.registry[u] = &e
+	q.mu.Unlock()
+	return nil
+}
+
+func (q *queue) Unregister(u string) error {
+	q.mu.Lock()
+	defer q.mu.Unlock()
+	_, ok := q.registry[u]
+	if !ok {
+		return fmt.Errorf(`url %q has not been registered`, u)
+	}
+	delete(q.registry, u)
+	return nil
+}
+
+func (q *queue) getRegistered(u string) (*entry, bool) {
+	q.mu.RLock()
+	e, ok := q.registry[u]
+	q.mu.RUnlock()
+
+	return e, ok
+}
+
+func (q *queue) IsRegistered(u string) bool {
+	_, ok := q.getRegistered(u)
+	return ok
+}
+
+func (q *queue) fetchLoop(ctx context.Context, errSink ErrSink) {
+	for {
+		q.fetchCond.L.Lock()
+		for len(q.fetchQueue) <= 0 {
+			select {
+			case <-ctx.Done():
+				return
+			default:
+				q.fetchCond.Wait()
+			}
+		}
+		list := make([]*rqentry, len(q.fetchQueue))
+		copy(list, q.fetchQueue)
+		q.fetchQueue = q.fetchQueue[:0]
+		q.fetchCond.L.Unlock()
+
+		for _, rq := range list {
+			select {
+			case <-ctx.Done():
+				return
+			default:
+			}
+
+			e, ok := q.getRegistered(rq.url)
+			if !ok {
+				continue
+			}
+			if err := q.fetchAndStore(ctx, e); err != nil {
+				if errSink != nil {
+					errSink.Error(&RefreshError{
+						URL: rq.url,
+						Err: err,
+					})
+				}
+			}
+		}
+	}
+}
+
+// This loop is responsible for periodically updating the cached content
+func (q *queue) refreshLoop(ctx context.Context, errSink ErrSink) {
+	// Tick every q.windowSize duration.
+	ticker := time.NewTicker(q.windowSize)
+
+	go q.fetchLoop(ctx, errSink)
+	defer q.fetchCond.Signal()
+
+	for {
+		select {
+		case <-ctx.Done():
+			return
+		case t := <-ticker.C:
+			t = t.Round(time.Second)
+			// To avoid getting stuck here, we just copy the relevant
+			// items, and release the lock within this critical section
+			var list []*rqentry
+			q.mu.Lock()
+			var max int
+			for i, r := range q.list {
+				if r.fireAt.Before(t) || r.fireAt.Equal(t) {
+					max = i
+					list = append(list, r)
+					continue
+				}
+				break
+			}
+
+			if len(list) > 0 {
+				q.list = q.list[max+1:]
+			}
+			q.mu.Unlock() // release lock
+
+			if len(list) > 0 {
+				// Now we need to fetch these, but do this elsewhere so
+				// that we don't block this main loop
+				q.fetchCond.L.Lock()
+				q.fetchQueue = append(q.fetchQueue, list...)
+				q.fetchCond.L.Unlock()
+				q.fetchCond.Signal()
+			}
+		}
+	}
+}
+
+func (q *queue) fetchAndStore(ctx context.Context, e *entry) error {
+	e.mu.Lock()
+	defer e.mu.Unlock()
+
+	// synchronously go fetch
+	e.lastFetch = time.Now()
+	res, err := q.fetch.fetch(ctx, e.request)
+	if err != nil {
+		// Even if the request failed, we need to queue the next fetch
+		q.enqueueNextFetch(nil, e)
+		return fmt.Errorf(`failed to fetch %q: %w`, e.request.url, err)
+	}
+
+	q.enqueueNextFetch(res, e)
+
+	data, err := e.transform.Transform(e.request.url, res)
+	if err != nil {
+		return fmt.Errorf(`failed to transform HTTP response for %q: %w`, e.request.url, err)
+	}
+	e.data = data
+
+	return nil
+}
+
+func (q *queue) Enqueue(u string, interval time.Duration) error {
+	fireAt := q.clock.Now().Add(interval).Round(time.Second)
+
+	q.mu.Lock()
+	defer q.mu.Unlock()
+
+	list := q.list
+
+	ll := len(list)
+	if ll == 0 || list[ll-1].fireAt.Before(fireAt) {
+		list = append(list, &rqentry{
+			fireAt: fireAt,
+			url:    u,
+		})
+	} else {
+		for i := 0; i < ll; i++ {
+			if i == ll-1 || list[i].fireAt.After(fireAt) {
+				// insert here
+				list = append(list[:i+1], list[i:]...)
+				list[i] = &rqentry{fireAt: fireAt, url: u}
+				break
+			}
+		}
+	}
+
+	q.list = list
+	return nil
+}
+
+func (q *queue) MarshalJSON() ([]byte, error) {
+	var buf bytes.Buffer
+	buf.WriteString(`{"list":[`)
+	q.mu.RLock()
+	for i, e := range q.list {
+		if i > 0 {
+			buf.WriteByte(',')
+		}
+		fmt.Fprintf(&buf, `{"fire_at":%q,"url":%q}`, e.fireAt.Format(time.RFC3339), e.url)
+	}
+	q.mu.RUnlock()
+	buf.WriteString(`]}`)
+	return buf.Bytes(), nil
+}
+
+func (q *queue) enqueueNextFetch(res *http.Response, e *entry) {
+	dur := calculateRefreshDuration(res, e)
+	// TODO send to error sink
+	_ = q.Enqueue(e.request.url, dur)
+}
+
+func calculateRefreshDuration(res *http.Response, e *entry) time.Duration {
+	if e.refreshInterval > 0 {
+		return e.refreshInterval
+	}
+
+	if res != nil {
+		if v := res.Header.Get(`Cache-Control`); v != "" {
+			dir, err := httpcc.ParseResponse(v)
+			if err == nil {
+				maxAge, ok := dir.MaxAge()
+				if ok {
+					resDuration := time.Duration(maxAge) * time.Second
+					if resDuration > e.minRefreshInterval {
+						return resDuration
+					}
+					return e.minRefreshInterval
+				}
+				// fallthrough
+			}
+			// fallthrough
+		}
+
+		if v := res.Header.Get(`Expires`); v != "" {
+			expires, err := http.ParseTime(v)
+			if err == nil {
+				resDuration := time.Until(expires)
+				if resDuration > e.minRefreshInterval {
+					return resDuration
+				}
+				return e.minRefreshInterval
+			}
+			// fallthrough
+		}
+	}
+
+	// Previous fallthroughs are a little redandunt, but hey, it's all good.
+	return e.minRefreshInterval
+}
+
+type SnapshotEntry struct {
+	URL         string      `json:"url"`
+	Data        interface{} `json:"data"`
+	LastFetched time.Time   `json:"last_fetched"`
+}
+type Snapshot struct {
+	Entries []SnapshotEntry `json:"entries"`
+}
+
+// Snapshot returns the contents of the cache at the given moment.
+func (q *queue) snapshot() *Snapshot {
+	q.mu.RLock()
+	list := make([]SnapshotEntry, 0, len(q.registry))
+
+	for url, e := range q.registry {
+		list = append(list, SnapshotEntry{
+			URL:         url,
+			LastFetched: e.lastFetch,
+			Data:        e.data,
+		})
+	}
+	q.mu.RUnlock()
+
+	return &Snapshot{
+		Entries: list,
+	}
+}
diff --git a/vendor/github.com/lestrrat-go/httprc/whitelist.go b/vendor/github.com/lestrrat-go/httprc/whitelist.go
new file mode 100644
index 000000000..b80332a6c
--- /dev/null
+++ b/vendor/github.com/lestrrat-go/httprc/whitelist.go
@@ -0,0 +1,73 @@
+package httprc
+
+import "regexp"
+
+// Whitelist is an interface for a set of URL whitelists. When provided
+// to fetching operations, urls are checked against this object, and
+// the object must return true for urls to be fetched.
+type Whitelist interface {
+	IsAllowed(string) bool
+}
+
+// InsecureWhitelist allows any URLs to be fetched.
+type InsecureWhitelist struct{}
+
+func (InsecureWhitelist) IsAllowed(string) bool {
+	return true
+}
+
+// RegexpWhitelist is a httprc.Whitelist object comprised of a list of *regexp.Regexp
+// objects. All entries in the list are tried until one matches. If none of the
+// *regexp.Regexp objects match, then the URL is deemed unallowed.
+type RegexpWhitelist struct {
+	patterns []*regexp.Regexp
+}
+
+func NewRegexpWhitelist() *RegexpWhitelist {
+	return &RegexpWhitelist{}
+}
+
+func (w *RegexpWhitelist) Add(pat *regexp.Regexp) *RegexpWhitelist {
+	w.patterns = append(w.patterns, pat)
+	return w
+}
+
+// IsAlloed returns true if any of the patterns in the whitelist
+// returns true.
+func (w *RegexpWhitelist) IsAllowed(u string) bool {
+	for _, pat := range w.patterns {
+		if pat.MatchString(u) {
+			return true
+		}
+	}
+	return false
+}
+
+// MapWhitelist is a httprc.Whitelist object comprised of a map of strings.
+// If the URL exists in the map, then the URL is allowed to be fetched.
+type MapWhitelist struct {
+	store map[string]struct{}
+}
+
+func NewMapWhitelist() *MapWhitelist {
+	return &MapWhitelist{store: make(map[string]struct{})}
+}
+
+func (w *MapWhitelist) Add(pat string) *MapWhitelist {
+	w.store[pat] = struct{}{}
+	return w
+}
+
+func (w *MapWhitelist) IsAllowed(u string) bool {
+	_, b := w.store[u]
+	return b
+}
+
+// WhitelistFunc is a httprc.Whitelist object based on a function.
+// You can perform any sort of check against the given URL to determine
+// if it can be fetched or not.
+type WhitelistFunc func(string) bool
+
+func (w WhitelistFunc) IsAllowed(u string) bool {
+	return w(u)
+}
diff --git a/vendor/github.com/lestrrat-go/iter/LICENSE b/vendor/github.com/lestrrat-go/iter/LICENSE
new file mode 100644
index 000000000..963209bfb
--- /dev/null
+++ b/vendor/github.com/lestrrat-go/iter/LICENSE
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2020 lestrrat-go
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/vendor/github.com/lestrrat-go/iter/arrayiter/arrayiter.go b/vendor/github.com/lestrrat-go/iter/arrayiter/arrayiter.go
new file mode 100644
index 000000000..b531e769e
--- /dev/null
+++ b/vendor/github.com/lestrrat-go/iter/arrayiter/arrayiter.go
@@ -0,0 +1,192 @@
+package arrayiter
+
+import (
+	"context"
+	"fmt"
+	"reflect"
+	"sync"
+)
+
+func Iterate(ctx context.Context, a interface{}) (Iterator, error) {
+	arv := reflect.ValueOf(a)
+
+	switch arv.Kind() {
+	case reflect.Array, reflect.Slice:
+	default:
+		return nil, fmt.Errorf(`argument must be an array/slice (%s)`, arv.Type())
+	}
+
+	ch := make(chan *Pair)
+	go func(ctx context.Context, ch chan *Pair, arv reflect.Value) {
+		defer close(ch)
+
+		for i := 0; i < arv.Len(); i++ {
+			value := arv.Index(i)
+			pair := &Pair{
+				Index: i,
+				Value: value.Interface(),
+			}
+			select {
+			case <-ctx.Done():
+				return
+			case ch <- pair:
+			}
+		}
+	}(ctx, ch, arv)
+
+	return New(ch), nil
+}
+
+// Source represents a array that knows how to create an iterator
+type Source interface {
+	Iterate(context.Context) Iterator
+}
+
+// Pair represents a single pair of key and value from a array
+type Pair struct {
+	Index int
+	Value interface{}
+}
+
+// Iterator iterates through keys and values of a array
+type Iterator interface {
+	Next(context.Context) bool
+	Pair() *Pair
+}
+
+type iter struct {
+	ch   chan *Pair
+	mu   sync.RWMutex
+	next *Pair
+}
+
+// Visitor represents an object that handles each pair in a array
+type Visitor interface {
+	Visit(int, interface{}) error
+}
+
+// VisitorFunc is a type of Visitor based on a function
+type VisitorFunc func(int, interface{}) error
+
+func (fn VisitorFunc) Visit(s int, v interface{}) error {
+	return fn(s, v)
+}
+
+func New(ch chan *Pair) Iterator {
+	return &iter{
+		ch: ch,
+	}
+}
+
+// Next returns true if there are more items to read from the iterator
+func (i *iter) Next(ctx context.Context) bool {
+	i.mu.RLock()
+	if i.ch == nil {
+		i.mu.RUnlock()
+		return false
+	}
+	i.mu.RUnlock()
+
+	i.mu.Lock()
+	defer i.mu.Unlock()
+	select {
+	case <-ctx.Done():
+		i.ch = nil
+		return false
+	case v, ok := <-i.ch:
+		if !ok {
+			i.ch = nil
+			return false
+		}
+		i.next = v
+		return true
+	}
+
+	//nolint:govet
+	return false // never reached
+}
+
+// Pair returns the currently buffered Pair. Calling Next() will reset its value
+func (i *iter) Pair() *Pair {
+	i.mu.RLock()
+	defer i.mu.RUnlock()
+	return i.next
+}
+
+// Walk walks through each element in the array
+func Walk(ctx context.Context, s Source, v Visitor) error {
+	for i := s.Iterate(ctx); i.Next(ctx); {
+		pair := i.Pair()
+		if err := v.Visit(pair.Index, pair.Value); err != nil {
+			return fmt.Errorf(`failed to visit index %d: %w`, pair.Index, err)
+		}
+	}
+	return nil
+}
+
+func AsArray(ctx context.Context, s interface{}, v interface{}) error {
+	var iter Iterator
+	switch reflect.ValueOf(s).Kind() {
+	case reflect.Array, reflect.Slice:
+		x, err := Iterate(ctx, s)
+		if err != nil {
+			return fmt.Errorf(`failed to iterate over array/slice type: %w`, err)
+		}
+		iter = x
+	default:
+		ssrc, ok := s.(Source)
+		if !ok {
+			return fmt.Errorf(`cannot iterate over %T: not a arrayiter.Source type`, s)
+		}
+		iter = ssrc.Iterate(ctx)
+	}
+
+	dst := reflect.ValueOf(v)
+
+	// dst MUST be a pointer to a array type
+	if kind := dst.Kind(); kind != reflect.Ptr {
+		return fmt.Errorf(`dst must be a pointer to a array (%s)`, dst.Type())
+	}
+
+	dst = dst.Elem()
+	switch dst.Kind() {
+	case reflect.Array, reflect.Slice:
+	default:
+		return fmt.Errorf(`dst must be a pointer to an array or slice (%s)`, dst.Type())
+	}
+
+	var pairs []*Pair
+	for iter.Next(ctx) {
+		pair := iter.Pair()
+		pairs = append(pairs, pair)
+	}
+
+	switch dst.Kind() {
+	case reflect.Array:
+		if len(pairs) < dst.Len() {
+			return fmt.Errorf(`dst array does not have enough space for elements (%d, want %d)`, dst.Len(), len(pairs))
+		}
+	case reflect.Slice:
+		if dst.IsNil() {
+			dst.Set(reflect.MakeSlice(dst.Type(), len(pairs), len(pairs)))
+		}
+	}
+
+	// dst must be assignable
+	if !dst.CanSet() {
+		return fmt.Errorf(`dst is not writeable`)
+	}
+
+	elemtyp := dst.Type().Elem()
+	for _, pair := range pairs {
+		rvvalue := reflect.ValueOf(pair.Value)
+
+		if !rvvalue.Type().AssignableTo(elemtyp) {
+			return fmt.Errorf(`cannot assign key of type %s to map key of type %s`, rvvalue.Type(), elemtyp)
+		}
+
+		dst.Index(pair.Index).Set(rvvalue)
+	}
+
+	return nil
+}
diff --git a/vendor/github.com/lestrrat-go/iter/mapiter/mapiter.go b/vendor/github.com/lestrrat-go/iter/mapiter/mapiter.go
new file mode 100644
index 000000000..ec332855e
--- /dev/null
+++ b/vendor/github.com/lestrrat-go/iter/mapiter/mapiter.go
@@ -0,0 +1,195 @@
+package mapiter
+
+import (
+	"context"
+	"fmt"
+	"reflect"
+	"sync"
+)
+
+// Iterate creates an iterator from arbitrary map types. This is not
+// the most efficient tool, but it's the quickest way to create an
+// iterator for maps.
+// Also, note that you cannot make any assumptions on the order of
+// pairs being returned.
+func Iterate(ctx context.Context, m interface{}) (Iterator, error) {
+	mrv := reflect.ValueOf(m)
+
+	if mrv.Kind() != reflect.Map {
+		return nil, fmt.Errorf(`argument must be a map (%s)`, mrv.Type())
+	}
+
+	ch := make(chan *Pair)
+	go func(ctx context.Context, ch chan *Pair, mrv reflect.Value) {
+		defer close(ch)
+		for _, key := range mrv.MapKeys() {
+			value := mrv.MapIndex(key)
+			pair := &Pair{
+				Key:   key.Interface(),
+				Value: value.Interface(),
+			}
+			select {
+			case <-ctx.Done():
+				return
+			case ch <- pair:
+			}
+		}
+	}(ctx, ch, mrv)
+
+	return New(ch), nil
+}
+
+// Source represents a map that knows how to create an iterator
+type Source interface {
+	Iterate(context.Context) Iterator
+}
+
+// Pair represents a single pair of key and value from a map
+type Pair struct {
+	Key   interface{}
+	Value interface{}
+}
+
+// Iterator iterates through keys and values of a map
+type Iterator interface {
+	Next(context.Context) bool
+	Pair() *Pair
+}
+
+type iter struct {
+	ch   chan *Pair
+	mu   sync.RWMutex
+	next *Pair
+}
+
+// Visitor represents an object that handles each pair in a map
+type Visitor interface {
+	Visit(interface{}, interface{}) error
+}
+
+// VisitorFunc is a type of Visitor based on a function
+type VisitorFunc func(interface{}, interface{}) error
+
+func (fn VisitorFunc) Visit(s interface{}, v interface{}) error {
+	return fn(s, v)
+}
+
+func New(ch chan *Pair) Iterator {
+	return &iter{
+		ch: ch,
+	}
+}
+
+// Next returns true if there are more items to read from the iterator
+func (i *iter) Next(ctx context.Context) bool {
+	i.mu.RLock()
+	if i.ch == nil {
+		i.mu.RUnlock()
+		return false
+	}
+	i.mu.RUnlock()
+
+	i.mu.Lock()
+	defer i.mu.Unlock()
+	select {
+	case <-ctx.Done():
+		i.ch = nil
+		return false
+	case v, ok := <-i.ch:
+		if !ok {
+			i.ch = nil
+			return false
+		}
+		i.next = v
+		return true
+	}
+
+	//nolint:govet
+	return false // never reached
+}
+
+// Pair returns the currently buffered Pair. Calling Next() will reset its value
+func (i *iter) Pair() *Pair {
+	i.mu.RLock()
+	defer i.mu.RUnlock()
+	return i.next
+}
+
+// Walk walks through each element in the map
+func Walk(ctx context.Context, s Source, v Visitor) error {
+	for i := s.Iterate(ctx); i.Next(ctx); {
+		pair := i.Pair()
+		if err := v.Visit(pair.Key, pair.Value); err != nil {
+			return fmt.Errorf(`failed to visit key %s: %w`, pair.Key, err)
+		}
+	}
+	return nil
+}
+
+// AsMap returns the values obtained from the source as a map
+func AsMap(ctx context.Context, s interface{}, v interface{}) error {
+	var iter Iterator
+	switch reflect.ValueOf(s).Kind() {
+	case reflect.Map:
+		x, err := Iterate(ctx, s)
+		if err != nil {
+			return fmt.Errorf(`failed to iterate over map type: %w`, err)
+		}
+		iter = x
+	default:
+		ssrc, ok := s.(Source)
+		if !ok {
+			return fmt.Errorf(`cannot iterate over %T: not a mapiter.Source type`, s)
+		}
+		iter = ssrc.Iterate(ctx)
+	}
+
+	dst := reflect.ValueOf(v)
+
+	// dst MUST be a pointer to a map type
+	if kind := dst.Kind(); kind != reflect.Ptr {
+		return fmt.Errorf(`dst must be a pointer to a map (%s)`, dst.Type())
+	}
+
+	dst = dst.Elem()
+	if dst.Kind() != reflect.Map {
+		return fmt.Errorf(`dst must be a pointer to a map (%s)`, dst.Type())
+	}
+
+	if dst.IsNil() {
+		dst.Set(reflect.MakeMap(dst.Type()))
+	}
+
+	// dst must be assignable
+	if !dst.CanSet() {
+		return fmt.Errorf(`dst is not writeable`)
+	}
+
+	keytyp := dst.Type().Key()
+	valtyp := dst.Type().Elem()
+
+	for iter.Next(ctx) {
+		pair := iter.Pair()
+
+		rvkey := reflect.ValueOf(pair.Key)
+		rvvalue := reflect.ValueOf(pair.Value)
+
+		if !rvkey.Type().AssignableTo(keytyp) {
+			return fmt.Errorf(`cannot assign key of type %s to map key of type %s`, rvkey.Type(), keytyp)
+		}
+
+		switch rvvalue.Kind() {
+		// we can only check if we can assign to rvvalue to valtyp if it's non-nil
+		case reflect.Invalid:
+			rvvalue = reflect.New(valtyp).Elem()
+		default:
+			if !rvvalue.Type().AssignableTo(valtyp) {
+				return fmt.Errorf(`cannot assign value of type %s to map value of type %s`, rvvalue.Type(), valtyp)
+			}
+		}
+
+		dst.SetMapIndex(rvkey, rvvalue)
+	}
+
+	return nil
+}
diff --git a/vendor/github.com/spf13/jwalterweatherman/LICENSE b/vendor/github.com/lestrrat-go/jwx/v2/LICENSE
similarity index 96%
rename from vendor/github.com/spf13/jwalterweatherman/LICENSE
rename to vendor/github.com/lestrrat-go/jwx/v2/LICENSE
index 4527efb9c..205e33a7f 100644
--- a/vendor/github.com/spf13/jwalterweatherman/LICENSE
+++ b/vendor/github.com/lestrrat-go/jwx/v2/LICENSE
@@ -1,6 +1,6 @@
 The MIT License (MIT)
 
-Copyright (c) 2014 Steve Francia
+Copyright (c) 2015 lestrrat
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
@@ -18,4 +18,5 @@ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.
\ No newline at end of file
+SOFTWARE.
+
diff --git a/vendor/github.com/lestrrat-go/jwx/v2/cert/BUILD.bazel b/vendor/github.com/lestrrat-go/jwx/v2/cert/BUILD.bazel
new file mode 100644
index 000000000..7b2617e55
--- /dev/null
+++ b/vendor/github.com/lestrrat-go/jwx/v2/cert/BUILD.bazel
@@ -0,0 +1,32 @@
+load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test")
+
+go_library(
+    name = "cert",
+    srcs = [
+        "cert.go",
+        "chain.go",
+    ],
+    importpath = "github.com/lestrrat-go/jwx/v2/cert",
+    visibility = ["//visibility:public"],
+    deps = ["//internal/base64"],
+)
+
+go_test(
+    name = "cert_test",
+    srcs = [
+        "cert_test.go",
+        "chain_test.go",
+    ],
+    deps = [
+        ":cert",
+        "//internal/jwxtest",
+        "@com_github_stretchr_testify//assert",
+        "@com_github_stretchr_testify//require",
+    ],
+)
+
+alias(
+    name = "go_default_library",
+    actual = ":cert",
+    visibility = ["//visibility:public"],
+)
diff --git a/vendor/github.com/lestrrat-go/jwx/v2/cert/cert.go b/vendor/github.com/lestrrat-go/jwx/v2/cert/cert.go
new file mode 100644
index 000000000..1dfdec65a
--- /dev/null
+++ b/vendor/github.com/lestrrat-go/jwx/v2/cert/cert.go
@@ -0,0 +1,48 @@
+package cert
+
+import (
+	"crypto/x509"
+	stdlibb64 "encoding/base64"
+	"fmt"
+	"io"
+
+	"github.com/lestrrat-go/jwx/v2/internal/base64"
+)
+
+// Create is a wrapper around x509.CreateCertificate, but it additionally
+// encodes it in base64 so that it can be easily added to `x5c` fields
+func Create(rand io.Reader, template, parent *x509.Certificate, pub, priv interface{}) ([]byte, error) {
+	der, err := x509.CreateCertificate(rand, template, parent, pub, priv)
+	if err != nil {
+		return nil, fmt.Errorf(`failed to create x509 certificate: %w`, err)
+	}
+	return EncodeBase64(der)
+}
+
+// EncodeBase64 is a utility function to encode ASN.1 DER certificates
+// using base64 encoding. This operation is normally done by `pem.Encode`
+// but since PEM would include the markers (`-----BEGIN`, and the like)
+// while `x5c` fields do not need this, this function can be used to
+// shave off a few lines
+func EncodeBase64(der []byte) ([]byte, error) {
+	enc := stdlibb64.StdEncoding
+	dst := make([]byte, enc.EncodedLen(len(der)))
+	enc.Encode(dst, der)
+	return dst, nil
+}
+
+// Parse is a utility function to decode a base64 encoded
+// ASN.1 DER format certificate, and to parse the byte sequence.
+// The certificate must be in PKIX format, and it must not contain PEM markers
+func Parse(src []byte) (*x509.Certificate, error) {
+	dst, err := base64.Decode(src)
+	if err != nil {
+		return nil, fmt.Errorf(`failed to base64 decode the certificate: %w`, err)
+	}
+
+	cert, err := x509.ParseCertificate(dst)
+	if err != nil {
+		return nil, fmt.Errorf(`failed to parse x509 certificate: %w`, err)
+	}
+	return cert, nil
+}
diff --git a/vendor/github.com/lestrrat-go/jwx/v2/cert/chain.go b/vendor/github.com/lestrrat-go/jwx/v2/cert/chain.go
new file mode 100644
index 000000000..0c4746fb2
--- /dev/null
+++ b/vendor/github.com/lestrrat-go/jwx/v2/cert/chain.go
@@ -0,0 +1,78 @@
+package cert
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+)
+
+// Chain represents a certificate chain as used in the `x5c` field of
+// various objects within JOSE.
+//
+// It stores the certificates as a list of base64 encoded []byte
+// sequence. By definition these values must PKIX encoded.
+type Chain struct {
+	certificates [][]byte
+}
+
+func (cc Chain) MarshalJSON() ([]byte, error) {
+	var buf bytes.Buffer
+	buf.WriteByte('[')
+	for i, cert := range cc.certificates {
+		if i > 0 {
+			buf.WriteByte(',')
+		}
+		buf.WriteByte('"')
+		buf.Write(cert)
+		buf.WriteByte('"')
+	}
+	buf.WriteByte(']')
+	return buf.Bytes(), nil
+}
+
+func (cc *Chain) UnmarshalJSON(data []byte) error {
+	var tmp []string
+	if err := json.Unmarshal(data, &tmp); err != nil {
+		return fmt.Errorf(`failed to unmarshal certificate chain: %w`, err)
+	}
+
+	certs := make([][]byte, len(tmp))
+	for i, cert := range tmp {
+		certs[i] = []byte(cert)
+	}
+	cc.certificates = certs
+	return nil
+}
+
+// Get returns the n-th ASN.1 DER + base64 encoded certificate
+// stored. `false` will be returned in the second argument if
+// the corresponding index is out of range.
+func (cc *Chain) Get(index int) ([]byte, bool) {
+	if index < 0 || index >= len(cc.certificates) {
+		return nil, false
+	}
+
+	return cc.certificates[index], true
+}
+
+// Len returns the number of certificates stored in this Chain
+func (cc *Chain) Len() int {
+	return len(cc.certificates)
+}
+
+var pemStart = []byte("----- BEGIN CERTIFICATE -----")
+var pemEnd = []byte("----- END CERTIFICATE -----")
+
+func (cc *Chain) AddString(der string) error {
+	return cc.Add([]byte(der))
+}
+
+func (cc *Chain) Add(der []byte) error {
+	// We're going to be nice and remove marker lines if they
+	// give it to us
+	der = bytes.TrimPrefix(der, pemStart)
+	der = bytes.TrimSuffix(der, pemEnd)
+	der = bytes.TrimSpace(der)
+	cc.certificates = append(cc.certificates, der)
+	return nil
+}
diff --git a/vendor/github.com/lestrrat-go/jwx/v2/internal/base64/BUILD.bazel b/vendor/github.com/lestrrat-go/jwx/v2/internal/base64/BUILD.bazel
new file mode 100644
index 000000000..688265f6b
--- /dev/null
+++ b/vendor/github.com/lestrrat-go/jwx/v2/internal/base64/BUILD.bazel
@@ -0,0 +1,21 @@
+load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test")
+
+go_library(
+    name = "base64",
+    srcs = ["base64.go"],
+    importpath = "github.com/lestrrat-go/jwx/v2/internal/base64",
+    visibility = ["//:__subpackages__"],
+)
+
+go_test(
+    name = "base64_test",
+    srcs = ["base64_test.go"],
+    embed = [":base64"],
+    deps = ["@com_github_stretchr_testify//assert"],
+)
+
+alias(
+    name = "go_default_library",
+    actual = ":base64",
+    visibility = ["//:__subpackages__"],
+)
diff --git a/vendor/github.com/lestrrat-go/jwx/v2/internal/base64/asmbase64.go b/vendor/github.com/lestrrat-go/jwx/v2/internal/base64/asmbase64.go
new file mode 100644
index 000000000..b151b229f
--- /dev/null
+++ b/vendor/github.com/lestrrat-go/jwx/v2/internal/base64/asmbase64.go
@@ -0,0 +1,39 @@
+//go:build jwx_asmbase64
+
+package base64
+
+import (
+	"fmt"
+
+	asmbase64 "github.com/segmentio/asm/base64"
+)
+
+func init() {
+	SetEncoder(asmbase64.RawURLEncoding)
+	SetDecoder(asmDecoder{})
+}
+
+type asmDecoder struct{}
+
+func (d asmDecoder) Decode(src []byte) ([]byte, error) {
+	var enc *asmbase64.Encoding
+	switch Guess(src) {
+	case Std:
+		enc = asmbase64.StdEncoding
+	case RawStd:
+		enc = asmbase64.RawStdEncoding
+	case URL:
+		enc = asmbase64.URLEncoding
+	case RawURL:
+		enc = asmbase64.RawURLEncoding
+	default:
+		return nil, fmt.Errorf(`invalid encoding`)
+	}
+
+	dst := make([]byte, enc.DecodedLen(len(src)))
+	n, err := enc.Decode(dst, src)
+	if err != nil {
+		return nil, fmt.Errorf(`failed to decode source: %w`, err)
+	}
+	return dst[:n], nil
+}
diff --git a/vendor/github.com/lestrrat-go/jwx/v2/internal/base64/base64.go b/vendor/github.com/lestrrat-go/jwx/v2/internal/base64/base64.go
new file mode 100644
index 000000000..b227bc91d
--- /dev/null
+++ b/vendor/github.com/lestrrat-go/jwx/v2/internal/base64/base64.go
@@ -0,0 +1,134 @@
+package base64
+
+import (
+	"bytes"
+	"encoding/base64"
+	"encoding/binary"
+	"fmt"
+	"sync"
+)
+
+type Decoder interface {
+	Decode([]byte) ([]byte, error)
+}
+
+type Encoder interface {
+	Encode([]byte, []byte)
+	EncodedLen(int) int
+	EncodeToString([]byte) string
+}
+
+var muEncoder sync.RWMutex
+var encoder Encoder = base64.RawURLEncoding
+var muDecoder sync.RWMutex
+var decoder Decoder = defaultDecoder{}
+
+func SetEncoder(enc Encoder) {
+	muEncoder.Lock()
+	defer muEncoder.Unlock()
+	encoder = enc
+}
+
+func getEncoder() Encoder {
+	muEncoder.RLock()
+	defer muEncoder.RUnlock()
+	return encoder
+}
+
+func SetDecoder(dec Decoder) {
+	muDecoder.Lock()
+	defer muDecoder.Unlock()
+	decoder = dec
+}
+
+func getDecoder() Decoder {
+	muDecoder.RLock()
+	defer muDecoder.RUnlock()
+	return decoder
+}
+
+func Encode(src []byte) []byte {
+	encoder := getEncoder()
+	dst := make([]byte, encoder.EncodedLen(len(src)))
+	encoder.Encode(dst, src)
+	return dst
+}
+
+func EncodeToString(src []byte) string {
+	return getEncoder().EncodeToString(src)
+}
+
+func EncodeUint64ToString(v uint64) string {
+	data := make([]byte, 8)
+	binary.BigEndian.PutUint64(data, v)
+
+	i := 0
+	for ; i < len(data); i++ {
+		if data[i] != 0x0 {
+			break
+		}
+	}
+
+	return EncodeToString(data[i:])
+}
+
+const (
+	InvalidEncoding = iota
+	Std
+	URL
+	RawStd
+	RawURL
+)
+
+func Guess(src []byte) int {
+	var isRaw = !bytes.HasSuffix(src, []byte{'='})
+	var isURL = !bytes.ContainsAny(src, "+/")
+	switch {
+	case isRaw && isURL:
+		return RawURL
+	case isURL:
+		return URL
+	case isRaw:
+		return RawStd
+	default:
+		return Std
+	}
+}
+
+// defaultDecoder is a Decoder that detects the encoding of the source and
+// decodes it accordingly. This shouldn't really be required per the spec, but
+// it exist because we have seen in the wild JWTs that are encoded using
+// various versions of the base64 encoding.
+type defaultDecoder struct{}
+
+func (defaultDecoder) Decode(src []byte) ([]byte, error) {
+	var enc *base64.Encoding
+
+	switch Guess(src) {
+	case RawURL:
+		enc = base64.RawURLEncoding
+	case URL:
+		enc = base64.URLEncoding
+	case RawStd:
+		enc = base64.RawStdEncoding
+	case Std:
+		enc = base64.StdEncoding
+	default:
+		return nil, fmt.Errorf(`invalid encoding`)
+	}
+
+	dst := make([]byte, enc.DecodedLen(len(src)))
+	n, err := enc.Decode(dst, src)
+	if err != nil {
+		return nil, fmt.Errorf(`failed to decode source: %w`, err)
+	}
+	return dst[:n], nil
+}
+
+func Decode(src []byte) ([]byte, error) {
+	return getDecoder().Decode(src)
+}
+
+func DecodeString(src string) ([]byte, error) {
+	return getDecoder().Decode([]byte(src))
+}
diff --git a/vendor/github.com/lestrrat-go/jwx/v2/internal/ecutil/BUILD.bazel b/vendor/github.com/lestrrat-go/jwx/v2/internal/ecutil/BUILD.bazel
new file mode 100644
index 000000000..3d5987ded
--- /dev/null
+++ b/vendor/github.com/lestrrat-go/jwx/v2/internal/ecutil/BUILD.bazel
@@ -0,0 +1,15 @@
+load("@io_bazel_rules_go//go:def.bzl", "go_library")
+
+go_library(
+    name = "ecutil",
+    srcs = ["ecutil.go"],
+    importpath = "github.com/lestrrat-go/jwx/v2/internal/ecutil",
+    visibility = ["//:__subpackages__"],
+    deps = ["//jwa"],
+)
+
+alias(
+    name = "go_default_library",
+    actual = ":ecutil",
+    visibility = ["//:__subpackages__"],
+)
diff --git a/vendor/github.com/lestrrat-go/jwx/v2/internal/ecutil/ecutil.go b/vendor/github.com/lestrrat-go/jwx/v2/internal/ecutil/ecutil.go
new file mode 100644
index 000000000..348636f67
--- /dev/null
+++ b/vendor/github.com/lestrrat-go/jwx/v2/internal/ecutil/ecutil.go
@@ -0,0 +1,114 @@
+// Package ecutil defines tools that help with elliptic curve related
+// computation
+package ecutil
+
+import (
+	"crypto/elliptic"
+	"math/big"
+	"sync"
+
+	"github.com/lestrrat-go/jwx/v2/jwa"
+)
+
+// data for available curves. Some algorithms may be compiled in/out
+var curveToAlg = map[elliptic.Curve]jwa.EllipticCurveAlgorithm{}
+var algToCurve = map[jwa.EllipticCurveAlgorithm]elliptic.Curve{}
+var availableAlgs []jwa.EllipticCurveAlgorithm
+var availableCrvs []elliptic.Curve
+
+func RegisterCurve(crv elliptic.Curve, alg jwa.EllipticCurveAlgorithm) {
+	curveToAlg[crv] = alg
+	algToCurve[alg] = crv
+	availableAlgs = append(availableAlgs, alg)
+	availableCrvs = append(availableCrvs, crv)
+}
+
+func IsAvailable(alg jwa.EllipticCurveAlgorithm) bool {
+	_, ok := algToCurve[alg]
+	return ok
+}
+
+func AvailableAlgorithms() []jwa.EllipticCurveAlgorithm {
+	return availableAlgs
+}
+
+func AvailableCurves() []elliptic.Curve {
+	return availableCrvs
+}
+
+func AlgorithmForCurve(crv elliptic.Curve) (jwa.EllipticCurveAlgorithm, bool) {
+	v, ok := curveToAlg[crv]
+	return v, ok
+}
+
+func CurveForAlgorithm(alg jwa.EllipticCurveAlgorithm) (elliptic.Curve, bool) {
+	v, ok := algToCurve[alg]
+	return v, ok
+}
+
+const (
+	// size of buffer that needs to be allocated for EC521 curve
+	ec521BufferSize = 66 // (521 / 8) + 1
+)
+
+var ecpointBufferPool = sync.Pool{
+	New: func() interface{} {
+		// In most cases the curve bit size will be less than this length
+		// so allocate the maximum, and keep reusing
+		buf := make([]byte, 0, ec521BufferSize)
+		return &buf
+	},
+}
+
+func getCrvFixedBuffer(size int) []byte {
+	//nolint:forcetypeassert
+	buf := *(ecpointBufferPool.Get().(*[]byte))
+	if size > ec521BufferSize && cap(buf) < size {
+		buf = append(buf, make([]byte, size-cap(buf))...)
+	}
+	return buf[:size]
+}
+
+// ReleaseECPointBuffer releases the []byte buffer allocated.
+func ReleaseECPointBuffer(buf []byte) {
+	buf = buf[:cap(buf)]
+	buf[0] = 0x0
+	for i := 1; i < len(buf); i *= 2 {
+		copy(buf[i:], buf[:i])
+	}
+	buf = buf[:0]
+	ecpointBufferPool.Put(&buf)
+}
+
+func CalculateKeySize(crv elliptic.Curve) int {
+	// We need to create a buffer that fits the entire curve.
+	// If the curve size is 66, that fits in 9 bytes. If the curve
+	// size is 64, it fits in 8 bytes.
+	bits := crv.Params().BitSize
+
+	// For most common cases we know before hand what the byte length
+	// is going to be. optimize
+	var inBytes int
+	switch bits {
+	case 224, 256, 384: // TODO: use constant?
+		inBytes = bits / 8
+	case 521:
+		inBytes = ec521BufferSize
+	default:
+		inBytes = bits / 8
+		if (bits % 8) != 0 {
+			inBytes++
+		}
+	}
+
+	return inBytes
+}
+
+// AllocECPointBuffer allocates a buffer for the given point in the given
+// curve. This buffer should be released using the ReleaseECPointBuffer
+// function.
+func AllocECPointBuffer(v *big.Int, crv elliptic.Curve) []byte {
+	buf := getCrvFixedBuffer(CalculateKeySize(crv))
+	v.FillBytes(buf)
+	return buf
+}
diff --git a/vendor/github.com/lestrrat-go/jwx/v2/internal/iter/BUILD.bazel b/vendor/github.com/lestrrat-go/jwx/v2/internal/iter/BUILD.bazel
new file mode 100644
index 000000000..5d7b3d95d
--- /dev/null
+++ b/vendor/github.com/lestrrat-go/jwx/v2/internal/iter/BUILD.bazel
@@ -0,0 +1,15 @@
+load("@io_bazel_rules_go//go:def.bzl", "go_library")
+
+go_library(
+    name = "iter",
+    srcs = ["mapiter.go"],
+    importpath = "github.com/lestrrat-go/jwx/v2/internal/iter",
+    visibility = ["//:__subpackages__"],
+    deps = ["@com_github_lestrrat_go_iter//mapiter:go_default_library"],
+)
+
+alias(
+    name = "go_default_library",
+    actual = ":iter",
+    visibility = ["//:__subpackages__"],
+)
diff --git a/vendor/github.com/lestrrat-go/jwx/v2/internal/iter/mapiter.go b/vendor/github.com/lestrrat-go/jwx/v2/internal/iter/mapiter.go
new file mode 100644
index 000000000..c98fd46c3
--- /dev/null
+++ b/vendor/github.com/lestrrat-go/jwx/v2/internal/iter/mapiter.go
@@ -0,0 +1,36 @@
+package iter
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/lestrrat-go/iter/mapiter"
+)
+
+// MapVisitor is a specialized visitor for our purposes.
+// Whereas mapiter.Visitor supports any type of key, this
+// visitor assumes the key is a string
+type MapVisitor interface {
+	Visit(string, interface{}) error
+}
+
+type MapVisitorFunc func(string, interface{}) error
+
+func (fn MapVisitorFunc) Visit(s string, v interface{}) error {
+	return fn(s, v)
+}
+
+func WalkMap(ctx context.Context, src mapiter.Source, visitor MapVisitor) error {
+	return mapiter.Walk(ctx, src, mapiter.VisitorFunc(func(k, v interface{}) error {
+		//nolint:forcetypeassert
+		return visitor.Visit(k.(string), v)
+	}))
+}
+
+func AsMap(ctx context.Context, src mapiter.Source) (map[string]interface{}, error) {
+	var m map[string]interface{}
+	if err := mapiter.AsMap(ctx, src, &m); err != nil {
+		return nil, fmt.Errorf(`mapiter.AsMap failed: %w`, err)
+	}
+	return m, nil
+}
diff --git a/vendor/github.com/lestrrat-go/jwx/v2/internal/json/BUILD.bazel b/vendor/github.com/lestrrat-go/jwx/v2/internal/json/BUILD.bazel
new file mode 100644
index 000000000..f3dba9710
--- /dev/null
+++ b/vendor/github.com/lestrrat-go/jwx/v2/internal/json/BUILD.bazel
@@ -0,0 +1,19 @@
+load("@io_bazel_rules_go//go:def.bzl", "go_library")
+
+go_library(
+    name = "json",
+    srcs = [
+        "json.go",
+        "registry.go",
+        "stdlib.go",
+    ],
+    importpath = "github.com/lestrrat-go/jwx/v2/internal/json",
+    visibility = ["//:__subpackages__"],
+    deps = ["//internal/base64"],
+)
+
+alias(
+    name = "go_default_library",
+    actual = ":json",
+    visibility = ["//:__subpackages__"],
+)
diff --git a/vendor/github.com/lestrrat-go/jwx/v2/internal/json/goccy.go b/vendor/github.com/lestrrat-go/jwx/v2/internal/json/goccy.go
new file mode 100644
index 000000000..59682104b
--- /dev/null
+++ b/vendor/github.com/lestrrat-go/jwx/v2/internal/json/goccy.go
@@ -0,0 +1,51 @@
+//go:build jwx_goccy
+// +build jwx_goccy
+
+package json
+
+import (
+	"io"
+
+	"github.com/goccy/go-json"
+)
+
+type Decoder = json.Decoder
+type Delim = json.Delim
+type Encoder = json.Encoder
+type Marshaler = json.Marshaler
+type Number = json.Number
+type RawMessage = json.RawMessage
+type Unmarshaler = json.Unmarshaler
+
+func Engine() string {
+	return "github.com/goccy/go-json"
+}
+
+// NewDecoder respects the values specified in DecoderSettings,
+// and creates a Decoder that has certain features turned on/off
+func NewDecoder(r io.Reader) *json.Decoder {
+	dec := json.NewDecoder(r)
+
+	muGlobalConfig.RLock()
+	if useNumber {
+		dec.UseNumber()
+	}
+	muGlobalConfig.RUnlock()
+
+	return dec
+}
+
+// NewEncoder is just a proxy for "encoding/json".NewEncoder
+func NewEncoder(w io.Writer) *json.Encoder {
+	return json.NewEncoder(w)
+}
+
+// Marshal is just a proxy for "encoding/json".Marshal
+func Marshal(v interface{}) ([]byte, error) {
+	return json.Marshal(v)
+}
+
+// MarshalIndent is just a proxy for "encoding/json".MarshalIndent
+func MarshalIndent(v interface{}, prefix, indent string) ([]byte, error) {
+	return json.MarshalIndent(v, prefix, indent)
+}
diff --git a/vendor/github.com/lestrrat-go/jwx/v2/internal/json/json.go b/vendor/github.com/lestrrat-go/jwx/v2/internal/json/json.go
new file mode 100644
index 000000000..a4f1026a5
--- /dev/null
+++ b/vendor/github.com/lestrrat-go/jwx/v2/internal/json/json.go
@@ -0,0 +1,112 @@
+package json
+
+import (
+	"bytes"
+	"fmt"
+	"os"
+	"sync"
+
+	"github.com/lestrrat-go/jwx/v2/internal/base64"
+)
+
+var muGlobalConfig sync.RWMutex
+var useNumber bool
+
+// Sets the global configuration for json decoding
+func DecoderSettings(inUseNumber bool) {
+	muGlobalConfig.Lock()
+	useNumber = inUseNumber
+	muGlobalConfig.Unlock()
+}
+
+// Unmarshal respects the values specified in DecoderSettings,
+// and uses a Decoder that has certain features turned on/off
+func Unmarshal(b []byte, v interface{}) error {
+	dec := NewDecoder(bytes.NewReader(b))
+	return dec.Decode(v)
+}
+
+func AssignNextBytesToken(dst *[]byte, dec *Decoder) error {
+	var val string
+	if err := dec.Decode(&val); err != nil {
+		return fmt.Errorf(`error reading next value: %w`, err)
+	}
+
+	buf, err := base64.DecodeString(val)
+	if err != nil {
+		return fmt.Errorf(`expected base64 encoded []byte (%T)`, val)
+	}
+	*dst = buf
+	return nil
+}
+
+func ReadNextStringToken(dec *Decoder) (string, error) {
+	var val string
+	if err := dec.Decode(&val); err != nil {
+		return "", fmt.Errorf(`error reading next value: %w`, err)
+	}
+	return val, nil
+}
+
+func AssignNextStringToken(dst **string, dec *Decoder) error {
+	val, err := ReadNextStringToken(dec)
+	if err != nil {
+		return err
+	}
+	*dst = &val
+	return nil
+}
+
+// FlattenAudience is a flag to specify if we should flatten the "aud"
+// entry to a string when there's only one entry.
+// In jwx < 1.1.8 we just dumped everything as an array of strings,
+// but apparently AWS Cognito doesn't handle this well.
+//
+// So now we have the ability to dump "aud" as a string if there's
+// only one entry, but we need to retain the old behavior so that
+// we don't accidentally break somebody else's code. (e.g. messing
+// up how signatures are calculated)
+var FlattenAudience uint32
+
+func EncodeAudience(enc *Encoder, aud []string, flatten bool) error {
+	var val interface{}
+	if len(aud) == 1 && flatten {
+		val = aud[0]
+	} else {
+		val = aud
+	}
+	return enc.Encode(val)
+}
+
+// DecodeCtx is an interface for objects that needs that extra something
+// when decoding JSON into an object.
+type DecodeCtx interface {
+	Registry() *Registry
+}
+
+// DecodeCtxContainer is used to differentiate objects that can carry extra
+// decoding hints and those who can't.
+type DecodeCtxContainer interface {
+	DecodeCtx() DecodeCtx
+	SetDecodeCtx(DecodeCtx)
+}
+
+// stock decodeCtx. should cover 80% of the cases
+type decodeCtx struct {
+	registry *Registry
+}
+
+func NewDecodeCtx(r *Registry) DecodeCtx {
+	return &decodeCtx{registry: r}
+}
+
+func (dc *decodeCtx) Registry() *Registry {
+	return dc.registry
+}
+
+func Dump(v interface{}) {
+	enc := NewEncoder(os.Stdout)
+	enc.SetIndent("", "  ")
+	//nolint:errchkjson
+	_ = enc.Encode(v)
+}
diff --git a/vendor/github.com/lestrrat-go/jwx/v2/internal/json/registry.go b/vendor/github.com/lestrrat-go/jwx/v2/internal/json/registry.go
new file mode 100644
index 000000000..4830e86de
--- /dev/null
+++ b/vendor/github.com/lestrrat-go/jwx/v2/internal/json/registry.go
@@ -0,0 +1,52 @@
+package json
+
+import (
+	"fmt"
+	"reflect"
+	"sync"
+)
+
+type Registry struct {
+	mu   *sync.RWMutex
+	data map[string]reflect.Type
+}
+
+func NewRegistry() *Registry {
+	return &Registry{
+		mu:   &sync.RWMutex{},
+		data: make(map[string]reflect.Type),
+	}
+}
+
+func (r *Registry) Register(name string, object interface{}) {
+	if object == nil {
+		r.mu.Lock()
+		defer r.mu.Unlock()
+		delete(r.data, name)
+		return
+	}
+
+	typ := reflect.TypeOf(object)
+	r.mu.Lock()
+	defer r.mu.Unlock()
+	r.data[name] = typ
+}
+
+func (r *Registry) Decode(dec *Decoder, name string) (interface{}, error) {
+	r.mu.RLock()
+	defer r.mu.RUnlock()
+
+	if typ, ok := r.data[name]; ok {
+		ptr := reflect.New(typ).Interface()
+		if err := dec.Decode(ptr); err != nil {
+			return nil, fmt.Errorf(`failed to decode field %s: %w`, name, err)
+		}
+		return reflect.ValueOf(ptr).Elem().Interface(), nil
+	}
+
+	var decoded interface{}
+	if err := dec.Decode(&decoded); err != nil {
+		return nil, fmt.Errorf(`failed to decode field %s: %w`, name, err)
+	}
+	return decoded, nil
+}
diff --git a/vendor/github.com/lestrrat-go/jwx/v2/internal/json/stdlib.go b/vendor/github.com/lestrrat-go/jwx/v2/internal/json/stdlib.go
new file mode 100644
index 000000000..62b1a5ff5
--- /dev/null
+++ b/vendor/github.com/lestrrat-go/jwx/v2/internal/json/stdlib.go
@@ -0,0 +1,49 @@
+//go:build !jwx_goccy
+// +build !jwx_goccy
+
+package json
+
+import (
+	"encoding/json"
+	"io"
+)
+
+type Decoder = json.Decoder
+type Delim = json.Delim
+type Encoder = json.Encoder
+type Marshaler = json.Marshaler
+type Number = json.Number
+type RawMessage = json.RawMessage
+type Unmarshaler = json.Unmarshaler
+
+func Engine() string {
+	return "encoding/json"
+}
+
+// NewDecoder respects the values specified in DecoderSettings,
+// and creates a Decoder that has certain features turned on/off
+func NewDecoder(r io.Reader) *json.Decoder {
+	dec := json.NewDecoder(r)
+
+	muGlobalConfig.RLock()
+	if useNumber {
+		dec.UseNumber()
+	}
+	muGlobalConfig.RUnlock()
+
+	return dec
+}
+
+func NewEncoder(w io.Writer) *json.Encoder {
+	return json.NewEncoder(w)
+}
+
+// Marshal is just a proxy for "encoding/json".Marshal
+func Marshal(v interface{}) ([]byte, error) {
+	return json.Marshal(v)
+}
+
+// MarshalIndent is just a proxy for "encoding/json".MarshalIndent
+func MarshalIndent(v interface{}, prefix, indent string) ([]byte, error) {
+	return json.MarshalIndent(v, prefix, indent)
+}
diff --git a/vendor/github.com/lestrrat-go/jwx/v2/internal/keyconv/BUILD.bazel b/vendor/github.com/lestrrat-go/jwx/v2/internal/keyconv/BUILD.bazel
new file mode 100644
index 000000000..246dfb864
--- /dev/null
+++ b/vendor/github.com/lestrrat-go/jwx/v2/internal/keyconv/BUILD.bazel
@@ -0,0 +1,31 @@
+load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test")
+
+go_library(
+    name = "keyconv",
+    srcs = ["keyconv.go"],
+    importpath = "github.com/lestrrat-go/jwx/v2/internal/keyconv",
+    visibility = ["//:__subpackages__"],
+    deps = [
+        "//jwk",
+        "@com_github_lestrrat_go_blackmagic//:go_default_library",
+        "@org_golang_x_crypto//ed25519",
+    ],
+)
+
+go_test(
+    name = "keyconv_test",
+    srcs = ["keyconv_test.go"],
+    deps = [
+        ":keyconv",
+        "//internal/jwxtest",
+        "//jwa",
+        "//jwk",
+        "@com_github_stretchr_testify//assert",
+    ],
+)
+
+alias(
+    name = "go_default_library",
+    actual = ":keyconv",
+    visibility = ["//:__subpackages__"],
+)
diff --git a/vendor/github.com/lestrrat-go/jwx/v2/internal/keyconv/keyconv.go b/vendor/github.com/lestrrat-go/jwx/v2/internal/keyconv/keyconv.go
new file mode 100644
index 000000000..807da1dee
--- /dev/null
+++ b/vendor/github.com/lestrrat-go/jwx/v2/internal/keyconv/keyconv.go
@@ -0,0 +1,177 @@
+package keyconv
+
+import (
+	"crypto"
+	"crypto/ecdsa"
+	"crypto/rsa"
+	"fmt"
+
+	"github.com/lestrrat-go/blackmagic"
+	"github.com/lestrrat-go/jwx/v2/jwk"
+	"golang.org/x/crypto/ed25519"
+)
+
+// RSAPrivateKey assigns src to dst.
+// `dst` should be a pointer to a rsa.PrivateKey.
+// `src` may be rsa.PrivateKey, *rsa.PrivateKey, or a jwk.Key
+func RSAPrivateKey(dst, src interface{}) error {
+	if jwkKey, ok := src.(jwk.Key); ok {
+		var raw rsa.PrivateKey
+		if err := jwkKey.Raw(&raw); err != nil {
+			return fmt.Errorf(`failed to produce rsa.PrivateKey from %T: %w`, src, err)
+		}
+		src = &raw
+	}
+
+	var ptr *rsa.PrivateKey
+	switch src := src.(type) {
+	case rsa.PrivateKey:
+		ptr = &src
+	case *rsa.PrivateKey:
+		ptr = src
+	default:
+		return fmt.Errorf(`expected rsa.PrivateKey or *rsa.PrivateKey, got %T`, src)
+	}
+
+	return blackmagic.AssignIfCompatible(dst, ptr)
+}
+
+// RSAPublicKey assigns src to dst
+// `dst` should be a pointer to a non-zero rsa.PublicKey.
+// `src` may be rsa.PublicKey, *rsa.PublicKey, or a jwk.Key
+func RSAPublicKey(dst, src interface{}) error {
+	if jwkKey, ok := src.(jwk.Key); ok {
+		var raw rsa.PublicKey
+		if err := jwkKey.Raw(&raw); err != nil {
+			return fmt.Errorf(`failed to produce rsa.PublicKey from %T: %w`, src, err)
+		}
+		src = &raw
+	}
+
+	var ptr *rsa.PublicKey
+	switch src := src.(type) {
+	case rsa.PublicKey:
+		ptr = &src
+	case *rsa.PublicKey:
+		ptr = src
+	default:
+		return fmt.Errorf(`expected rsa.PublicKey or *rsa.PublicKey, got %T`, src)
+	}
+
+	return blackmagic.AssignIfCompatible(dst, ptr)
+}
+
+// ECDSAPrivateKey assigns src to dst, converting its type from a
+// non-pointer to a pointer
+func ECDSAPrivateKey(dst, src interface{}) error {
+	if jwkKey, ok := src.(jwk.Key); ok {
+		var raw ecdsa.PrivateKey
+		if err := jwkKey.Raw(&raw); err != nil {
+			return fmt.Errorf(`failed to produce ecdsa.PrivateKey from %T: %w`, src, err)
+		}
+		src = &raw
+	}
+
+	var ptr *ecdsa.PrivateKey
+	switch src := src.(type) {
+	case ecdsa.PrivateKey:
+		ptr = &src
+	case *ecdsa.PrivateKey:
+		ptr = src
+	default:
+		return fmt.Errorf(`expected ecdsa.PrivateKey or *ecdsa.PrivateKey, got %T`, src)
+	}
+	return blackmagic.AssignIfCompatible(dst, ptr)
+}
+
+// ECDSAPublicKey assigns src to dst, converting its type from a
+// non-pointer to a pointer
+func ECDSAPublicKey(dst, src interface{}) error {
+	if jwkKey, ok := src.(jwk.Key); ok {
+		var raw ecdsa.PublicKey
+		if err := jwkKey.Raw(&raw); err != nil {
+			return fmt.Errorf(`failed to produce ecdsa.PublicKey from %T: %w`, src, err)
+		}
+		src = &raw
+	}
+
+	var ptr *ecdsa.PublicKey
+	switch src := src.(type) {
+	case ecdsa.PublicKey:
+		ptr = &src
+	case *ecdsa.PublicKey:
+		ptr = src
+	default:
+		return fmt.Errorf(`expected ecdsa.PublicKey or *ecdsa.PublicKey, got %T`, src)
+	}
+	return blackmagic.AssignIfCompatible(dst, ptr)
+}
+
+func ByteSliceKey(dst, src interface{}) error {
+	if jwkKey, ok := src.(jwk.Key); ok {
+		var raw []byte
+		if err := jwkKey.Raw(&raw); err != nil {
+			return fmt.Errorf(`failed to produce []byte from %T: %w`, src, err)
+		}
+		src = raw
+	}
+
+	if _, ok := src.([]byte); !ok {
+		return fmt.Errorf(`expected []byte, got %T`, src)
+	}
+	return blackmagic.AssignIfCompatible(dst, src)
+}
+
+func Ed25519PrivateKey(dst, src interface{}) error {
+	if jwkKey, ok := src.(jwk.Key); ok {
+		var raw ed25519.PrivateKey
+		if err := jwkKey.Raw(&raw); err != nil {
+			return fmt.Errorf(`failed to produce ed25519.PrivateKey from %T: %w`, src, err)
+		}
+		src = &raw
+	}
+
+	var ptr *ed25519.PrivateKey
+	switch src := src.(type) {
+	case ed25519.PrivateKey:
+		ptr = &src
+	case *ed25519.PrivateKey:
+		ptr = src
+	default:
+		return fmt.Errorf(`expected ed25519.PrivateKey or *ed25519.PrivateKey, got %T`, src)
+	}
+	return blackmagic.AssignIfCompatible(dst, ptr)
+}
+
+func Ed25519PublicKey(dst, src interface{}) error {
+	if jwkKey, ok := src.(jwk.Key); ok {
+		var raw ed25519.PublicKey
+		if err := jwkKey.Raw(&raw); err != nil {
+			return fmt.Errorf(`failed to produce ed25519.PublicKey from %T: %w`, src, err)
+		}
+		src = &raw
+	}
+
+	var ptr *ed25519.PublicKey
+	switch src := src.(type) {
+	case ed25519.PublicKey:
+		ptr = &src
+	case *ed25519.PublicKey:
+		ptr = src
+	case *crypto.PublicKey:
+		tmp, ok := (*src).(ed25519.PublicKey)
+		if !ok {
+			return fmt.Errorf(`failed to retrieve ed25519.PublicKey out of *crypto.PublicKey`)
+		}
+		ptr = &tmp
+	case crypto.PublicKey:
+		tmp, ok := src.(ed25519.PublicKey)
+		if !ok {
+			return fmt.Errorf(`failed to retrieve ed25519.PublicKey out of crypto.PublicKey`)
+		}
+		ptr = &tmp
+	default:
+		return fmt.Errorf(`expected ed25519.PublicKey or *ed25519.PublicKey, got %T`, src)
+	}
+	return blackmagic.AssignIfCompatible(dst, ptr)
+}
diff --git a/vendor/github.com/lestrrat-go/jwx/v2/internal/pool/BUILD.bazel b/vendor/github.com/lestrrat-go/jwx/v2/internal/pool/BUILD.bazel
new file mode 100644
index 000000000..bab9745cb
--- /dev/null
+++ b/vendor/github.com/lestrrat-go/jwx/v2/internal/pool/BUILD.bazel
@@ -0,0 +1,14 @@
+load("@io_bazel_rules_go//go:def.bzl", "go_library")
+
+go_library(
+    name = "pool",
+    srcs = ["pool.go"],
+    importpath = "github.com/lestrrat-go/jwx/v2/internal/pool",
+    visibility = ["//:__subpackages__"],
+)
+
+alias(
+    name = "go_default_library",
+    actual = ":pool",
+    visibility = ["//:__subpackages__"],
+)
diff --git a/vendor/github.com/lestrrat-go/jwx/v2/internal/pool/pool.go b/vendor/github.com/lestrrat-go/jwx/v2/internal/pool/pool.go
new file mode 100644
index 000000000..fae560b7c
--- /dev/null
+++ b/vendor/github.com/lestrrat-go/jwx/v2/internal/pool/pool.go
@@ -0,0 +1,61 @@
+package pool
+
+import (
+	"bytes"
+	"math/big"
+	"sync"
+)
+
+var bytesBufferPool = sync.Pool{
+	New: allocBytesBuffer,
+}
+
+func allocBytesBuffer() interface{} {
+	return &bytes.Buffer{}
+}
+
+func GetBytesBuffer() *bytes.Buffer {
+	//nolint:forcetypeassert
+	return bytesBufferPool.Get().(*bytes.Buffer)
+}
+
+func ReleaseBytesBuffer(b *bytes.Buffer) {
+	b.Reset()
+	bytesBufferPool.Put(b)
+}
+
+var bigIntPool = sync.Pool{
+	New: allocBigInt,
+}
+
+func allocBigInt() interface{} {
+	return &big.Int{}
+}
+
+func GetBigInt() *big.Int {
+	//nolint:forcetypeassert
+	return bigIntPool.Get().(*big.Int)
+}
+
+func ReleaseBigInt(i *big.Int) {
+	bigIntPool.Put(i.SetInt64(0))
+}
+
+var keyToErrorMapPool = sync.Pool{
+	New: allocKeyToErrorMap,
+}
+
+func allocKeyToErrorMap() interface{} {
+	return make(map[string]error)
+}
+
+func GetKeyToErrorMap() map[string]error {
+	//nolint:forcetypeassert
+	return keyToErrorMapPool.Get().(map[string]error)
+}
+
+func ReleaseKeyToErrorMap(m map[string]error) {
+	for key := range m {
+		delete(m, key)
+	}
+}
diff --git a/vendor/github.com/lestrrat-go/jwx/v2/jwa/BUILD.bazel b/vendor/github.com/lestrrat-go/jwx/v2/jwa/BUILD.bazel
new file mode 100644
index 000000000..63fffcf90
--- /dev/null
+++ b/vendor/github.com/lestrrat-go/jwx/v2/jwa/BUILD.bazel
@@ -0,0 +1,39 @@
+load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test")
+
+go_library(
+    name = "jwa",
+    srcs = [
+        "compression_gen.go",
+        "content_encryption_gen.go",
+        "elliptic_gen.go",
+        "jwa.go",
+        "key_encryption_gen.go",
+        "key_type_gen.go",
+        "signature_gen.go",
+    ],
+    importpath = "github.com/lestrrat-go/jwx/v2/jwa",
+    visibility = ["//visibility:public"],
+)
+
+go_test(
+    name = "jwa_test",
+    srcs = [
+        "compression_gen_test.go",
+        "content_encryption_gen_test.go",
+        "elliptic_gen_test.go",
+        "jwa_test.go",
+        "key_encryption_gen_test.go",
+        "key_type_gen_test.go",
+        "signature_gen_test.go",
+    ],
+    deps = [
+        ":jwa",
+        "@com_github_stretchr_testify//assert",
+    ],
+)
+
+alias(
+    name = "go_default_library",
+    actual = ":jwa",
+    visibility = ["//visibility:public"],
+)
diff --git a/vendor/github.com/lestrrat-go/jwx/v2/jwa/README.md b/vendor/github.com/lestrrat-go/jwx/v2/jwa/README.md
new file mode 100644
index 000000000..d62f29276
--- /dev/null
+++ b/vendor/github.com/lestrrat-go/jwx/v2/jwa/README.md
@@ -0,0 +1,3 @@
+# JWA [![Go Reference](https://pkg.go.dev/badge/github.com/lestrrat-go/jwx/v2/jwa.svg)](https://pkg.go.dev/github.com/lestrrat-go/jwx/v2/jwa)
+
+Package [github.com/lestrrat-go/jwx/v2/jwa](./jwa) defines the various algorithm described in [RFC7518](https://tools.ietf.org/html/rfc7518)
diff --git a/vendor/github.com/lestrrat-go/jwx/v2/jwa/compression_gen.go b/vendor/github.com/lestrrat-go/jwx/v2/jwa/compression_gen.go
new file mode 100644
index 000000000..9fb65220d
--- /dev/null
+++ b/vendor/github.com/lestrrat-go/jwx/v2/jwa/compression_gen.go
@@ -0,0 +1,101 @@
+// Code generated by tools/cmd/genjwa/main.go. DO NOT EDIT.
+
+package jwa
+
+import (
+	"fmt"
+	"sort"
+	"sync"
+)
+
+// CompressionAlgorithm represents the compression algorithms as described in https://tools.ietf.org/html/rfc7518#section-7.3
+type CompressionAlgorithm string
+
+// Supported values for CompressionAlgorithm
+const (
+	Deflate    CompressionAlgorithm = "DEF" // DEFLATE (RFC 1951)
+	NoCompress CompressionAlgorithm = ""    // No compression
+)
+
+var muCompressionAlgorithms sync.RWMutex
+var allCompressionAlgorithms map[CompressionAlgorithm]struct{}
+var listCompressionAlgorithm []CompressionAlgorithm
+
+func init() {
+	muCompressionAlgorithms.Lock()
+	defer muCompressionAlgorithms.Unlock()
+	allCompressionAlgorithms = make(map[CompressionAlgorithm]struct{})
+	allCompressionAlgorithms[Deflate] = struct{}{}
+	allCompressionAlgorithms[NoCompress] = struct{}{}
+	rebuildCompressionAlgorithm()
+}
+
+// RegisterCompressionAlgorithm registers a new CompressionAlgorithm so that the jwx can properly handle the new value.
+// Duplicates will silently be ignored
+func RegisterCompressionAlgorithm(v CompressionAlgorithm) {
+	muCompressionAlgorithms.Lock()
+	defer muCompressionAlgorithms.Unlock()
+	if _, ok := allCompressionAlgorithms[v]; !ok {
+		allCompressionAlgorithms[v] = struct{}{}
+		rebuildCompressionAlgorithm()
+	}
+}
+
+// UnregisterCompressionAlgorithm unregisters a CompressionAlgorithm from its known database.
+// Non-existentn entries will silently be ignored
+func UnregisterCompressionAlgorithm(v CompressionAlgorithm) {
+	muCompressionAlgorithms.Lock()
+	defer muCompressionAlgorithms.Unlock()
+	if _, ok := allCompressionAlgorithms[v]; ok {
+		delete(allCompressionAlgorithms, v)
+		rebuildCompressionAlgorithm()
+	}
+}
+
+func rebuildCompressionAlgorithm() {
+	listCompressionAlgorithm = make([]CompressionAlgorithm, 0, len(allCompressionAlgorithms))
+	for v := range allCompressionAlgorithms {
+		listCompressionAlgorithm = append(listCompressionAlgorithm, v)
+	}
+	sort.Slice(listCompressionAlgorithm, func(i, j int) bool {
+		return string(listCompressionAlgorithm[i]) < string(listCompressionAlgorithm[j])
+	})
+}
+
+// CompressionAlgorithms returns a list of all available values for CompressionAlgorithm
+func CompressionAlgorithms() []CompressionAlgorithm {
+	muCompressionAlgorithms.RLock()
+	defer muCompressionAlgorithms.RUnlock()
+	return listCompressionAlgorithm
+}
+
+// Accept is used when conversion from values given by
+// outside sources (such as JSON payloads) is required
+func (v *CompressionAlgorithm) Accept(value interface{}) error {
+	var tmp CompressionAlgorithm
+	if x, ok := value.(CompressionAlgorithm); ok {
+		tmp = x
+	} else {
+		var s string
+		switch x := value.(type) {
+		case fmt.Stringer:
+			s = x.String()
+		case string:
+			s = x
+		default:
+			return fmt.Errorf(`invalid type for jwa.CompressionAlgorithm: %T`, value)
+		}
+		tmp = CompressionAlgorithm(s)
+	}
+	if _, ok := allCompressionAlgorithms[tmp]; !ok {
+		return fmt.Errorf(`invalid jwa.CompressionAlgorithm value`)
+	}
+
+	*v = tmp
+	return nil
+}
+
+// String returns the string representation of a CompressionAlgorithm
+func (v CompressionAlgorithm) String() string {
+	return string(v)
+}
diff --git a/vendor/github.com/lestrrat-go/jwx/v2/jwa/content_encryption_gen.go b/vendor/github.com/lestrrat-go/jwx/v2/jwa/content_encryption_gen.go
new file mode 100644
index 000000000..115fa18e0
--- /dev/null
+++ b/vendor/github.com/lestrrat-go/jwx/v2/jwa/content_encryption_gen.go
@@ -0,0 +1,109 @@
+// Code generated by tools/cmd/genjwa/main.go. DO NOT EDIT.
+
+package jwa
+
+import (
+	"fmt"
+	"sort"
+	"sync"
+)
+
+// ContentEncryptionAlgorithm represents the various encryption algorithms as described in https://tools.ietf.org/html/rfc7518#section-5
+type ContentEncryptionAlgorithm string
+
+// Supported values for ContentEncryptionAlgorithm
+const (
+	A128CBC_HS256 ContentEncryptionAlgorithm = "A128CBC-HS256" // AES-CBC + HMAC-SHA256 (128)
+	A128GCM       ContentEncryptionAlgorithm = "A128GCM"       // AES-GCM (128)
+	A192CBC_HS384 ContentEncryptionAlgorithm = "A192CBC-HS384" // AES-CBC + HMAC-SHA384 (192)
+	A192GCM       ContentEncryptionAlgorithm = "A192GCM"       // AES-GCM (192)
+	A256CBC_HS512 ContentEncryptionAlgorithm = "A256CBC-HS512" // AES-CBC + HMAC-SHA512 (256)
+	A256GCM       ContentEncryptionAlgorithm = "A256GCM"       // AES-GCM (256)
+)
+
+var muContentEncryptionAlgorithms sync.RWMutex
+var allContentEncryptionAlgorithms map[ContentEncryptionAlgorithm]struct{}
+var listContentEncryptionAlgorithm []ContentEncryptionAlgorithm
+
+func init() {
+	muContentEncryptionAlgorithms.Lock()
+	defer muContentEncryptionAlgorithms.Unlock()
+	allContentEncryptionAlgorithms = make(map[ContentEncryptionAlgorithm]struct{})
+	allContentEncryptionAlgorithms[A128CBC_HS256] = struct{}{}
+	allContentEncryptionAlgorithms[A128GCM] = struct{}{}
+	allContentEncryptionAlgorithms[A192CBC_HS384] = struct{}{}
+	allContentEncryptionAlgorithms[A192GCM] = struct{}{}
+	allContentEncryptionAlgorithms[A256CBC_HS512] = struct{}{}
+	allContentEncryptionAlgorithms[A256GCM] = struct{}{}
+	rebuildContentEncryptionAlgorithm()
+}
+
+// RegisterContentEncryptionAlgorithm registers a new ContentEncryptionAlgorithm so that the jwx can properly handle the new value.
+// Duplicates will silently be ignored
+func RegisterContentEncryptionAlgorithm(v ContentEncryptionAlgorithm) {
+	muContentEncryptionAlgorithms.Lock()
+	defer muContentEncryptionAlgorithms.Unlock()
+	if _, ok := allContentEncryptionAlgorithms[v]; !ok {
+		allContentEncryptionAlgorithms[v] = struct{}{}
+		rebuildContentEncryptionAlgorithm()
+	}
+}
+
+// UnregisterContentEncryptionAlgorithm unregisters a ContentEncryptionAlgorithm from its known database.
+// Non-existentn entries will silently be ignored
+func UnregisterContentEncryptionAlgorithm(v ContentEncryptionAlgorithm) {
+	muContentEncryptionAlgorithms.Lock()
+	defer muContentEncryptionAlgorithms.Unlock()
+	if _, ok := allContentEncryptionAlgorithms[v]; ok {
+		delete(allContentEncryptionAlgorithms, v)
+		rebuildContentEncryptionAlgorithm()
+	}
+}
+
+func rebuildContentEncryptionAlgorithm() {
+	listContentEncryptionAlgorithm = make([]ContentEncryptionAlgorithm, 0, len(allContentEncryptionAlgorithms))
+	for v := range allContentEncryptionAlgorithms {
+		listContentEncryptionAlgorithm = append(listContentEncryptionAlgorithm, v)
+	}
+	sort.Slice(listContentEncryptionAlgorithm, func(i, j int) bool {
+		return string(listContentEncryptionAlgorithm[i]) < string(listContentEncryptionAlgorithm[j])
+	})
+}
+
+// ContentEncryptionAlgorithms returns a list of all available values for ContentEncryptionAlgorithm
+func ContentEncryptionAlgorithms() []ContentEncryptionAlgorithm {
+	muContentEncryptionAlgorithms.RLock()
+	defer muContentEncryptionAlgorithms.RUnlock()
+	return listContentEncryptionAlgorithm
+}
+
+// Accept is used when conversion from values given by
+// outside sources (such as JSON payloads) is required
+func (v *ContentEncryptionAlgorithm) Accept(value interface{}) error {
+	var tmp ContentEncryptionAlgorithm
+	if x, ok := value.(ContentEncryptionAlgorithm); ok {
+		tmp = x
+	} else {
+		var s string
+		switch x := value.(type) {
+		case fmt.Stringer:
+			s = x.String()
+		case string:
+			s = x
+		default:
+			return fmt.Errorf(`invalid type for jwa.ContentEncryptionAlgorithm: %T`, value)
+		}
+		tmp = ContentEncryptionAlgorithm(s)
+	}
+	if _, ok := allContentEncryptionAlgorithms[tmp]; !ok {
+		return fmt.Errorf(`invalid jwa.ContentEncryptionAlgorithm value`)
+	}
+
+	*v = tmp
+	return nil
+}
+
+// String returns the string representation of a ContentEncryptionAlgorithm
+func (v ContentEncryptionAlgorithm) String() string {
+	return string(v)
+}
diff --git a/vendor/github.com/lestrrat-go/jwx/v2/jwa/elliptic_gen.go b/vendor/github.com/lestrrat-go/jwx/v2/jwa/elliptic_gen.go
new file mode 100644
index 000000000..fbfe466aa
--- /dev/null
+++ b/vendor/github.com/lestrrat-go/jwx/v2/jwa/elliptic_gen.go
@@ -0,0 +1,112 @@
+// Code generated by tools/cmd/genjwa/main.go. DO NOT EDIT.
+
+package jwa
+
+import (
+	"fmt"
+	"sort"
+	"sync"
+)
+
+// EllipticCurveAlgorithm represents the algorithms used for EC keys
+type EllipticCurveAlgorithm string
+
+// Supported values for EllipticCurveAlgorithm
+const (
+	Ed25519              EllipticCurveAlgorithm = "Ed25519"
+	Ed448                EllipticCurveAlgorithm = "Ed448"
+	InvalidEllipticCurve EllipticCurveAlgorithm = "P-invalid"
+	P256                 EllipticCurveAlgorithm = "P-256"
+	P384                 EllipticCurveAlgorithm = "P-384"
+	P521                 EllipticCurveAlgorithm = "P-521"
+	X25519               EllipticCurveAlgorithm = "X25519"
+	X448                 EllipticCurveAlgorithm = "X448"
+)
+
+var muEllipticCurveAlgorithms sync.RWMutex
+var allEllipticCurveAlgorithms map[EllipticCurveAlgorithm]struct{}
+var listEllipticCurveAlgorithm []EllipticCurveAlgorithm
+
+func init() {
+	muEllipticCurveAlgorithms.Lock()
+	defer muEllipticCurveAlgorithms.Unlock()
+	allEllipticCurveAlgorithms = make(map[EllipticCurveAlgorithm]struct{})
+	allEllipticCurveAlgorithms[Ed25519] = struct{}{}
+	allEllipticCurveAlgorithms[Ed448] = struct{}{}
+	allEllipticCurveAlgorithms[P256] = struct{}{}
+	allEllipticCurveAlgorithms[P384] = struct{}{}
+	allEllipticCurveAlgorithms[P521] = struct{}{}
+	allEllipticCurveAlgorithms[X25519] = struct{}{}
+	allEllipticCurveAlgorithms[X448] = struct{}{}
+	rebuildEllipticCurveAlgorithm()
+}
+
+// RegisterEllipticCurveAlgorithm registers a new EllipticCurveAlgorithm so that the jwx can properly handle the new value.
+// Duplicates will silently be ignored
+func RegisterEllipticCurveAlgorithm(v EllipticCurveAlgorithm) {
+	muEllipticCurveAlgorithms.Lock()
+	defer muEllipticCurveAlgorithms.Unlock()
+	if _, ok := allEllipticCurveAlgorithms[v]; !ok {
+		allEllipticCurveAlgorithms[v] = struct{}{}
+		rebuildEllipticCurveAlgorithm()
+	}
+}
+
+// UnregisterEllipticCurveAlgorithm unregisters a EllipticCurveAlgorithm from its known database.
+// Non-existentn entries will silently be ignored
+func UnregisterEllipticCurveAlgorithm(v EllipticCurveAlgorithm) {
+	muEllipticCurveAlgorithms.Lock()
+	defer muEllipticCurveAlgorithms.Unlock()
+	if _, ok := allEllipticCurveAlgorithms[v]; ok {
+		delete(allEllipticCurveAlgorithms, v)
+		rebuildEllipticCurveAlgorithm()
+	}
+}
+
+func rebuildEllipticCurveAlgorithm() {
+	listEllipticCurveAlgorithm = make([]EllipticCurveAlgorithm, 0, len(allEllipticCurveAlgorithms))
+	for v := range allEllipticCurveAlgorithms {
+		listEllipticCurveAlgorithm = append(listEllipticCurveAlgorithm, v)
+	}
+	sort.Slice(listEllipticCurveAlgorithm, func(i, j int) bool {
+		return string(listEllipticCurveAlgorithm[i]) < string(listEllipticCurveAlgorithm[j])
+	})
+}
+
+// EllipticCurveAlgorithms returns a list of all available values for EllipticCurveAlgorithm
+func EllipticCurveAlgorithms() []EllipticCurveAlgorithm {
+	muEllipticCurveAlgorithms.RLock()
+	defer muEllipticCurveAlgorithms.RUnlock()
+	return listEllipticCurveAlgorithm
+}
+
+// Accept is used when conversion from values given by
+// outside sources (such as JSON payloads) is required
+func (v *EllipticCurveAlgorithm) Accept(value interface{}) error {
+	var tmp EllipticCurveAlgorithm
+	if x, ok := value.(EllipticCurveAlgorithm); ok {
+		tmp = x
+	} else {
+		var s string
+		switch x := value.(type) {
+		case fmt.Stringer:
+			s = x.String()
+		case string:
+			s = x
+		default:
+			return fmt.Errorf(`invalid type for jwa.EllipticCurveAlgorithm: %T`, value)
+		}
+		tmp = EllipticCurveAlgorithm(s)
+	}
+	if _, ok := allEllipticCurveAlgorithms[tmp]; !ok {
+		return fmt.Errorf(`invalid jwa.EllipticCurveAlgorithm value`)
+	}
+
+	*v = tmp
+	return nil
+}
+
+// String returns the string representation of a EllipticCurveAlgorithm
+func (v EllipticCurveAlgorithm) String() string {
+	return string(v)
+}
diff --git a/vendor/github.com/lestrrat-go/jwx/v2/jwa/jwa.go b/vendor/github.com/lestrrat-go/jwx/v2/jwa/jwa.go
new file mode 100644
index 000000000..f9ce38e04
--- /dev/null
+++ b/vendor/github.com/lestrrat-go/jwx/v2/jwa/jwa.go
@@ -0,0 +1,61 @@
+//go:generate ../tools/cmd/genjwa.sh
+
+// Package jwa defines the various algorithm described in https://tools.ietf.org/html/rfc7518
+package jwa
+
+import "fmt"
+
+// KeyAlgorithm is a workaround for jwk.Key being able to contain different
+// types of algorithms in its `alg` field.
+//
+// Previously the storage for the `alg` field was represented as a string,
+// but this caused some users to wonder why the field was not typed appropriately
+// like other fields.
+//
+// Ideally we would like to keep track of Signature Algorithms and
+// Content Encryption Algorithms separately, and force the APIs to
+// type-check at compile time, but this allows users to pass a value from a
+// jwk.Key directly
+type KeyAlgorithm interface {
+	String() string
+}
+
+// InvalidKeyAlgorithm represents an algorithm that the library is not aware of.
+type InvalidKeyAlgorithm string
+
+func (s InvalidKeyAlgorithm) String() string {
+	return string(s)
+}
+
+func (InvalidKeyAlgorithm) Accept(_ interface{}) error {
+	return fmt.Errorf(`jwa.InvalidKeyAlgorithm does not support Accept() method calls`)
+}
+
+// KeyAlgorithmFrom takes either a string, `jwa.SignatureAlgorithm` or `jwa.KeyEncryptionAlgorithm`
+// and returns a `jwa.KeyAlgorithm`.
+//
+// If the value cannot be handled, it returns an `jwa.InvalidKeyAlgorithm`
+// object instead of returning an error. This design choice was made to allow
+// users to directly pass the return value to functions such as `jws.Sign()`
+func KeyAlgorithmFrom(v interface{}) KeyAlgorithm {
+	switch v := v.(type) {
+	case SignatureAlgorithm:
+		return v
+	case KeyEncryptionAlgorithm:
+		return v
+	case string:
+		var salg SignatureAlgorithm
+		if err := salg.Accept(v); err == nil {
+			return salg
+		}
+
+		var kealg KeyEncryptionAlgorithm
+		if err := kealg.Accept(v); err == nil {
+			return kealg
+		}
+
+		return InvalidKeyAlgorithm(v)
+	default:
+		return InvalidKeyAlgorithm(fmt.Sprintf("%s", v))
+	}
+}
diff --git a/vendor/github.com/lestrrat-go/jwx/v2/jwa/key_encryption_gen.go b/vendor/github.com/lestrrat-go/jwx/v2/jwa/key_encryption_gen.go
new file mode 100644
index 000000000..49ed1f678
--- /dev/null
+++ b/vendor/github.com/lestrrat-go/jwx/v2/jwa/key_encryption_gen.go
@@ -0,0 +1,140 @@
+// Code generated by tools/cmd/genjwa/main.go. DO NOT EDIT.
+
+package jwa
+
+import (
+	"fmt"
+	"sort"
+	"sync"
+)
+
+// KeyEncryptionAlgorithm represents the various encryption algorithms as described in https://tools.ietf.org/html/rfc7518#section-4.1
+type KeyEncryptionAlgorithm string
+
+// Supported values for KeyEncryptionAlgorithm
+const (
+	A128GCMKW          KeyEncryptionAlgorithm = "A128GCMKW"          // AES-GCM key wrap (128)
+	A128KW             KeyEncryptionAlgorithm = "A128KW"             // AES key wrap (128)
+	A192GCMKW          KeyEncryptionAlgorithm = "A192GCMKW"          // AES-GCM key wrap (192)
+	A192KW             KeyEncryptionAlgorithm = "A192KW"             // AES key wrap (192)
+	A256GCMKW          KeyEncryptionAlgorithm = "A256GCMKW"          // AES-GCM key wrap (256)
+	A256KW             KeyEncryptionAlgorithm = "A256KW"             // AES key wrap (256)
+	DIRECT             KeyEncryptionAlgorithm = "dir"                // Direct encryption
+	ECDH_ES            KeyEncryptionAlgorithm = "ECDH-ES"            // ECDH-ES
+	ECDH_ES_A128KW     KeyEncryptionAlgorithm = "ECDH-ES+A128KW"     // ECDH-ES + AES key wrap (128)
+	ECDH_ES_A192KW     KeyEncryptionAlgorithm = "ECDH-ES+A192KW"     // ECDH-ES + AES key wrap (192)
+	ECDH_ES_A256KW     KeyEncryptionAlgorithm = "ECDH-ES+A256KW"     // ECDH-ES + AES key wrap (256)
+	PBES2_HS256_A128KW KeyEncryptionAlgorithm = "PBES2-HS256+A128KW" // PBES2 + HMAC-SHA256 + AES key wrap (128)
+	PBES2_HS384_A192KW KeyEncryptionAlgorithm = "PBES2-HS384+A192KW" // PBES2 + HMAC-SHA384 + AES key wrap (192)
+	PBES2_HS512_A256KW KeyEncryptionAlgorithm = "PBES2-HS512+A256KW" // PBES2 + HMAC-SHA512 + AES key wrap (256)
+	RSA1_5             KeyEncryptionAlgorithm = "RSA1_5"             // RSA-PKCS1v1.5
+	RSA_OAEP           KeyEncryptionAlgorithm = "RSA-OAEP"           // RSA-OAEP-SHA1
+	RSA_OAEP_256       KeyEncryptionAlgorithm = "RSA-OAEP-256"       // RSA-OAEP-SHA256
+)
+
+var muKeyEncryptionAlgorithms sync.RWMutex
+var allKeyEncryptionAlgorithms map[KeyEncryptionAlgorithm]struct{}
+var listKeyEncryptionAlgorithm []KeyEncryptionAlgorithm
+
+func init() {
+	muKeyEncryptionAlgorithms.Lock()
+	defer muKeyEncryptionAlgorithms.Unlock()
+	allKeyEncryptionAlgorithms = make(map[KeyEncryptionAlgorithm]struct{})
+	allKeyEncryptionAlgorithms[A128GCMKW] = struct{}{}
+	allKeyEncryptionAlgorithms[A128KW] = struct{}{}
+	allKeyEncryptionAlgorithms[A192GCMKW] = struct{}{}
+	allKeyEncryptionAlgorithms[A192KW] = struct{}{}
+	allKeyEncryptionAlgorithms[A256GCMKW] = struct{}{}
+	allKeyEncryptionAlgorithms[A256KW] = struct{}{}
+	allKeyEncryptionAlgorithms[DIRECT] = struct{}{}
+	allKeyEncryptionAlgorithms[ECDH_ES] = struct{}{}
+	allKeyEncryptionAlgorithms[ECDH_ES_A128KW] = struct{}{}
+	allKeyEncryptionAlgorithms[ECDH_ES_A192KW] = struct{}{}
+	allKeyEncryptionAlgorithms[ECDH_ES_A256KW] = struct{}{}
+	allKeyEncryptionAlgorithms[PBES2_HS256_A128KW] = struct{}{}
+	allKeyEncryptionAlgorithms[PBES2_HS384_A192KW] = struct{}{}
+	allKeyEncryptionAlgorithms[PBES2_HS512_A256KW] = struct{}{}
+	allKeyEncryptionAlgorithms[RSA1_5] = struct{}{}
+	allKeyEncryptionAlgorithms[RSA_OAEP] = struct{}{}
+	allKeyEncryptionAlgorithms[RSA_OAEP_256] = struct{}{}
+	rebuildKeyEncryptionAlgorithm()
+}
+
+// RegisterKeyEncryptionAlgorithm registers a new KeyEncryptionAlgorithm so that the jwx can properly handle the new value.
+// Duplicates will silently be ignored
+func RegisterKeyEncryptionAlgorithm(v KeyEncryptionAlgorithm) {
+	muKeyEncryptionAlgorithms.Lock()
+	defer muKeyEncryptionAlgorithms.Unlock()
+	if _, ok := allKeyEncryptionAlgorithms[v]; !ok {
+		allKeyEncryptionAlgorithms[v] = struct{}{}
+		rebuildKeyEncryptionAlgorithm()
+	}
+}
+
+// UnregisterKeyEncryptionAlgorithm unregisters a KeyEncryptionAlgorithm from its known database.
+// Non-existentn entries will silently be ignored
+func UnregisterKeyEncryptionAlgorithm(v KeyEncryptionAlgorithm) {
+	muKeyEncryptionAlgorithms.Lock()
+	defer muKeyEncryptionAlgorithms.Unlock()
+	if _, ok := allKeyEncryptionAlgorithms[v]; ok {
+		delete(allKeyEncryptionAlgorithms, v)
+		rebuildKeyEncryptionAlgorithm()
+	}
+}
+
+func rebuildKeyEncryptionAlgorithm() {
+	listKeyEncryptionAlgorithm = make([]KeyEncryptionAlgorithm, 0, len(allKeyEncryptionAlgorithms))
+	for v := range allKeyEncryptionAlgorithms {
+		listKeyEncryptionAlgorithm = append(listKeyEncryptionAlgorithm, v)
+	}
+	sort.Slice(listKeyEncryptionAlgorithm, func(i, j int) bool {
+		return string(listKeyEncryptionAlgorithm[i]) < string(listKeyEncryptionAlgorithm[j])
+	})
+}
+
+// KeyEncryptionAlgorithms returns a list of all available values for KeyEncryptionAlgorithm
+func KeyEncryptionAlgorithms() []KeyEncryptionAlgorithm {
+	muKeyEncryptionAlgorithms.RLock()
+	defer muKeyEncryptionAlgorithms.RUnlock()
+	return listKeyEncryptionAlgorithm
+}
+
+// Accept is used when conversion from values given by
+// outside sources (such as JSON payloads) is required
+func (v *KeyEncryptionAlgorithm) Accept(value interface{}) error {
+	var tmp KeyEncryptionAlgorithm
+	if x, ok := value.(KeyEncryptionAlgorithm); ok {
+		tmp = x
+	} else {
+		var s string
+		switch x := value.(type) {
+		case fmt.Stringer:
+			s = x.String()
+		case string:
+			s = x
+		default:
+			return fmt.Errorf(`invalid type for jwa.KeyEncryptionAlgorithm: %T`, value)
+		}
+		tmp = KeyEncryptionAlgorithm(s)
+	}
+	if _, ok := allKeyEncryptionAlgorithms[tmp]; !ok {
+		return fmt.Errorf(`invalid jwa.KeyEncryptionAlgorithm value`)
+	}
+
+	*v = tmp
+	return nil
+}
+
+// String returns the string representation of a KeyEncryptionAlgorithm
+func (v KeyEncryptionAlgorithm) String() string {
+	return string(v)
+}
+
+// IsSymmetric returns true if the algorithm is a symmetric type
+func (v KeyEncryptionAlgorithm) IsSymmetric() bool {
+	switch v {
+	case A128GCMKW, A128KW, A192GCMKW, A192KW, A256GCMKW, A256KW, DIRECT, PBES2_HS256_A128KW, PBES2_HS384_A192KW, PBES2_HS512_A256KW:
+		return true
+	}
+	return false
+}
diff --git a/vendor/github.com/lestrrat-go/jwx/v2/jwa/key_type_gen.go b/vendor/github.com/lestrrat-go/jwx/v2/jwa/key_type_gen.go
new file mode 100644
index 000000000..e1f9e3896
--- /dev/null
+++ b/vendor/github.com/lestrrat-go/jwx/v2/jwa/key_type_gen.go
@@ -0,0 +1,106 @@
+// Code generated by tools/cmd/genjwa/main.go. DO NOT EDIT.
+
+package jwa
+
+import (
+	"fmt"
+	"sort"
+	"sync"
+)
+
+// KeyType represents the key type ("kty") that are supported
+type KeyType string
+
+// Supported values for KeyType
+const (
+	EC             KeyType = "EC"  // Elliptic Curve
+	InvalidKeyType KeyType = ""    // Invalid KeyType
+	OKP            KeyType = "OKP" // Octet string key pairs
+	OctetSeq       KeyType = "oct" // Octet sequence (used to represent symmetric keys)
+	RSA            KeyType = "RSA" // RSA
+)
+
+var muKeyTypes sync.RWMutex
+var allKeyTypes map[KeyType]struct{}
+var listKeyType []KeyType
+
+func init() {
+	muKeyTypes.Lock()
+	defer muKeyTypes.Unlock()
+	allKeyTypes = make(map[KeyType]struct{})
+	allKeyTypes[EC] = struct{}{}
+	allKeyTypes[OKP] = struct{}{}
+	allKeyTypes[OctetSeq] = struct{}{}
+	allKeyTypes[RSA] = struct{}{}
+	rebuildKeyType()
+}
+
+// RegisterKeyType registers a new KeyType so that the jwx can properly handle the new value.
+// Duplicates will silently be ignored
+func RegisterKeyType(v KeyType) {
+	muKeyTypes.Lock()
+	defer muKeyTypes.Unlock()
+	if _, ok := allKeyTypes[v]; !ok {
+		allKeyTypes[v] = struct{}{}
+		rebuildKeyType()
+	}
+}
+
+// UnregisterKeyType unregisters a KeyType from its known database.
+// Non-existentn entries will silently be ignored
+func UnregisterKeyType(v KeyType) {
+	muKeyTypes.Lock()
+	defer muKeyTypes.Unlock()
+	if _, ok := allKeyTypes[v]; ok {
+		delete(allKeyTypes, v)
+		rebuildKeyType()
+	}
+}
+
+func rebuildKeyType() {
+	listKeyType = make([]KeyType, 0, len(allKeyTypes))
+	for v := range allKeyTypes {
+		listKeyType = append(listKeyType, v)
+	}
+	sort.Slice(listKeyType, func(i, j int) bool {
+		return string(listKeyType[i]) < string(listKeyType[j])
+	})
+}
+
+// KeyTypes returns a list of all available values for KeyType
+func KeyTypes() []KeyType {
+	muKeyTypes.RLock()
+	defer muKeyTypes.RUnlock()
+	return listKeyType
+}
+
+// Accept is used when conversion from values given by
+// outside sources (such as JSON payloads) is required
+func (v *KeyType) Accept(value interface{}) error {
+	var tmp KeyType
+	if x, ok := value.(KeyType); ok {
+		tmp = x
+	} else {
+		var s string
+		switch x := value.(type) {
+		case fmt.Stringer:
+			s = x.String()
+		case string:
+			s = x
+		default:
+			return fmt.Errorf(`invalid type for jwa.KeyType: %T`, value)
+		}
+		tmp = KeyType(s)
+	}
+	if _, ok := allKeyTypes[tmp]; !ok {
+		return fmt.Errorf(`invalid jwa.KeyType value`)
+	}
+
+	*v = tmp
+	return nil
+}
+
+// String returns the string representation of a KeyType
+func (v KeyType) String() string {
+	return string(v)
+}
diff --git a/vendor/github.com/lestrrat-go/jwx/v2/jwa/secp2561k.go b/vendor/github.com/lestrrat-go/jwx/v2/jwa/secp2561k.go
new file mode 100644
index 000000000..a6da0dde9
--- /dev/null
+++ b/vendor/github.com/lestrrat-go/jwx/v2/jwa/secp2561k.go
@@ -0,0 +1,11 @@
+//go:build jwx_es256k
+// +build jwx_es256k
+
+package jwa
+
+// This constant is only available if compiled with jwx_es256k build tag
+const Secp256k1 EllipticCurveAlgorithm = "secp256k1"
+
+func init() {
+	allEllipticCurveAlgorithms[Secp256k1] = struct{}{}
+}
diff --git a/vendor/github.com/lestrrat-go/jwx/v2/jwa/signature_gen.go b/vendor/github.com/lestrrat-go/jwx/v2/jwa/signature_gen.go
new file mode 100644
index 000000000..eaa2f8662
--- /dev/null
+++ b/vendor/github.com/lestrrat-go/jwx/v2/jwa/signature_gen.go
@@ -0,0 +1,127 @@
+// Code generated by tools/cmd/genjwa/main.go. DO NOT EDIT.
+
+package jwa
+
+import (
+	"fmt"
+	"sort"
+	"sync"
+)
+
+// SignatureAlgorithm represents the various signature algorithms as described in https://tools.ietf.org/html/rfc7518#section-3.1
+type SignatureAlgorithm string
+
+// Supported values for SignatureAlgorithm
+const (
+	ES256       SignatureAlgorithm = "ES256"  // ECDSA using P-256 and SHA-256
+	ES256K      SignatureAlgorithm = "ES256K" // ECDSA using secp256k1 and SHA-256
+	ES384       SignatureAlgorithm = "ES384"  // ECDSA using P-384 and SHA-384
+	ES512       SignatureAlgorithm = "ES512"  // ECDSA using P-521 and SHA-512
+	EdDSA       SignatureAlgorithm = "EdDSA"  // EdDSA signature algorithms
+	HS256       SignatureAlgorithm = "HS256"  // HMAC using SHA-256
+	HS384       SignatureAlgorithm = "HS384"  // HMAC using SHA-384
+	HS512       SignatureAlgorithm = "HS512"  // HMAC using SHA-512
+	NoSignature SignatureAlgorithm = "none"
+	PS256       SignatureAlgorithm = "PS256" // RSASSA-PSS using SHA256 and MGF1-SHA256
+	PS384       SignatureAlgorithm = "PS384" // RSASSA-PSS using SHA384 and MGF1-SHA384
+	PS512       SignatureAlgorithm = "PS512" // RSASSA-PSS using SHA512 and MGF1-SHA512
+	RS256       SignatureAlgorithm = "RS256" // RSASSA-PKCS-v1.5 using SHA-256
+	RS384       SignatureAlgorithm = "RS384" // RSASSA-PKCS-v1.5 using SHA-384
+	RS512       SignatureAlgorithm = "RS512" // RSASSA-PKCS-v1.5 using SHA-512
+)
+
+var muSignatureAlgorithms sync.RWMutex
+var allSignatureAlgorithms map[SignatureAlgorithm]struct{}
+var listSignatureAlgorithm []SignatureAlgorithm
+
+func init() {
+	muSignatureAlgorithms.Lock()
+	defer muSignatureAlgorithms.Unlock()
+	allSignatureAlgorithms = make(map[SignatureAlgorithm]struct{})
+	allSignatureAlgorithms[ES256] = struct{}{}
+	allSignatureAlgorithms[ES256K] = struct{}{}
+	allSignatureAlgorithms[ES384] = struct{}{}
+	allSignatureAlgorithms[ES512] = struct{}{}
+	allSignatureAlgorithms[EdDSA] = struct{}{}
+	allSignatureAlgorithms[HS256] = struct{}{}
+	allSignatureAlgorithms[HS384] = struct{}{}
+	allSignatureAlgorithms[HS512] = struct{}{}
+	allSignatureAlgorithms[NoSignature] = struct{}{}
+	allSignatureAlgorithms[PS256] = struct{}{}
+	allSignatureAlgorithms[PS384] = struct{}{}
+	allSignatureAlgorithms[PS512] = struct{}{}
+	allSignatureAlgorithms[RS256] = struct{}{}
+	allSignatureAlgorithms[RS384] = struct{}{}
+	allSignatureAlgorithms[RS512] = struct{}{}
+	rebuildSignatureAlgorithm()
+}
+
+// RegisterSignatureAlgorithm registers a new SignatureAlgorithm so that the jwx can properly handle the new value.
+// Duplicates will silently be ignored
+func RegisterSignatureAlgorithm(v SignatureAlgorithm) {
+	muSignatureAlgorithms.Lock()
+	defer muSignatureAlgorithms.Unlock()
+	if _, ok := allSignatureAlgorithms[v]; !ok {
+		allSignatureAlgorithms[v] = struct{}{}
+		rebuildSignatureAlgorithm()
+	}
+}
+
+// UnregisterSignatureAlgorithm unregisters a SignatureAlgorithm from its known database.
+// Non-existentn entries will silently be ignored
+func UnregisterSignatureAlgorithm(v SignatureAlgorithm) {
+	muSignatureAlgorithms.Lock()
+	defer muSignatureAlgorithms.Unlock()
+	if _, ok := allSignatureAlgorithms[v]; ok {
+		delete(allSignatureAlgorithms, v)
+		rebuildSignatureAlgorithm()
+	}
+}
+
+func rebuildSignatureAlgorithm() {
+	listSignatureAlgorithm = make([]SignatureAlgorithm, 0, len(allSignatureAlgorithms))
+	for v := range allSignatureAlgorithms {
+		listSignatureAlgorithm = append(listSignatureAlgorithm, v)
+	}
+	sort.Slice(listSignatureAlgorithm, func(i, j int) bool {
+		return string(listSignatureAlgorithm[i]) < string(listSignatureAlgorithm[j])
+	})
+}
+
+// SignatureAlgorithms returns a list of all available values for SignatureAlgorithm
+func SignatureAlgorithms() []SignatureAlgorithm {
+	muSignatureAlgorithms.RLock()
+	defer muSignatureAlgorithms.RUnlock()
+	return listSignatureAlgorithm
+}
+
+// Accept is used when conversion from values given by
+// outside sources (such as JSON payloads) is required
+func (v *SignatureAlgorithm) Accept(value interface{}) error {
+	var tmp SignatureAlgorithm
+	if x, ok := value.(SignatureAlgorithm); ok {
+		tmp = x
+	} else {
+		var s string
+		switch x := value.(type) {
+		case fmt.Stringer:
+			s = x.String()
+		case string:
+			s = x
+		default:
+			return fmt.Errorf(`invalid type for jwa.SignatureAlgorithm: %T`, value)
+		}
+		tmp = SignatureAlgorithm(s)
+	}
+	if _, ok := allSignatureAlgorithms[tmp]; !ok {
+		return fmt.Errorf(`invalid jwa.SignatureAlgorithm value`)
+	}
+
+	*v = tmp
+	return nil
+}
+
+// String returns the string representation of a SignatureAlgorithm
+func (v SignatureAlgorithm) String() string {
+	return string(v)
+}
diff --git a/vendor/github.com/lestrrat-go/jwx/v2/jwk/BUILD.bazel b/vendor/github.com/lestrrat-go/jwx/v2/jwk/BUILD.bazel
new file mode 100644
index 000000000..a61a919f5
--- /dev/null
+++ b/vendor/github.com/lestrrat-go/jwx/v2/jwk/BUILD.bazel
@@ -0,0 +1,78 @@
+load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test")
+
+go_library(
+    name = "jwk",
+    srcs = [
+        "cache.go",
+        "ecdsa.go",
+        "ecdsa_gen.go",
+        "fetch.go",
+        "interface.go",
+        "interface_gen.go",
+        "io.go",
+        "jwk.go",
+        "key_ops.go",
+        "okp.go",
+        "okp_gen.go",
+        "options.go",
+        "options_gen.go",
+        "rsa.go",
+        "rsa_gen.go",
+        "set.go",
+        "symmetric.go",
+        "symmetric_gen.go",
+        "usage.go",
+        "whitelist.go",
+    ],
+    importpath = "github.com/lestrrat-go/jwx/v2/jwk",
+    visibility = ["//visibility:public"],
+    deps = [
+        "//cert",
+        "//internal/base64",
+        "//internal/ecutil",
+        "//internal/iter",
+        "//internal/json",
+        "//internal/pool",
+        "//jwa",
+        "//x25519",
+        "@com_github_lestrrat_go_blackmagic//:go_default_library",
+        "@com_github_lestrrat_go_httprc//:go_default_library",
+        "@com_github_lestrrat_go_iter//arrayiter:go_default_library",
+        "@com_github_lestrrat_go_iter//mapiter:go_default_library",
+        "@com_github_lestrrat_go_option//:option",
+    ],
+)
+
+go_test(
+    name = "jwk_test",
+    srcs = [
+        "headers_test.go",
+        "jwk_internal_test.go",
+        "jwk_test.go",
+        "options_gen_test.go",
+        "refresh_test.go",
+        "set_test.go",
+        "x5c_test.go",
+    ],
+    data = glob(["testdata/**"]),
+    embed = [":jwk"],
+    deps = [
+        "//cert",
+        "//internal/base64",
+        "//internal/ecutil",
+        "//internal/jose",
+        "//internal/json",
+        "//internal/jwxtest",
+        "//jwa",
+        "//jws",
+        "//x25519",
+        "@com_github_stretchr_testify//assert",
+        "@com_github_stretchr_testify//require",
+    ],
+)
+
+alias(
+    name = "go_default_library",
+    actual = ":jwk",
+    visibility = ["//visibility:public"],
+)
diff --git a/vendor/github.com/lestrrat-go/jwx/v2/jwk/README.md b/vendor/github.com/lestrrat-go/jwx/v2/jwk/README.md
new file mode 100644
index 000000000..611585787
--- /dev/null
+++ b/vendor/github.com/lestrrat-go/jwx/v2/jwk/README.md
@@ -0,0 +1,217 @@
+# JWK [![Go Reference](https://pkg.go.dev/badge/github.com/lestrrat-go/jwx/v2/jwk.svg)](https://pkg.go.dev/github.com/lestrrat-go/jwx/v2/jwk)
+
+Package jwk implements JWK as described in [RFC7517](https://tools.ietf.org/html/rfc7517).
+If you are looking to use JWT wit JWKs, look no further than [github.com/lestrrat-go/jwx](../jwt).
+
+* Parse and work with RSA/EC/Symmetric/OKP JWK types
+  * Convert to and from JSON
+  * Convert to and from raw key types (e.g. *rsa.PrivateKey)
+* Ability to keep a JWKS fresh using *jwk.AutoRefersh
+
+## Supported key types:
+
+| kty | Curve                   | Go Key Type                                   |
+|:----|:------------------------|:----------------------------------------------|
+| RSA | N/A                     | rsa.PrivateKey / rsa.PublicKey (2)            |
+| EC  | P-256<br>P-384<br>P-521<br>secp256k1 (1) | ecdsa.PrivateKey / ecdsa.PublicKey (2)        |
+| oct | N/A                     | []byte                                        |
+| OKP | Ed25519 (1)             | ed25519.PrivateKey / ed25519.PublicKey (2)    |
+|     | X25519 (1)              | (jwx/)x25519.PrivateKey / x25519.PublicKey (2)|
+
+* Note 1: Experimental
+* Note 2: Either value or pointers accepted (e.g. rsa.PrivateKey or *rsa.PrivateKey)
+
+# Documentation
+
+Please read the [API reference](https://pkg.go.dev/github.com/lestrrat-go/jwx/v2/jwk), or
+the how-to style documentation on how to use JWK can be found in the [docs directory](../docs/04-jwk.md).
+
+# Auto-Refresh a key during a long running process
+
+<!-- INCLUDE(examples/jwk_cache_example_test.go) -->
+```go
+package examples_test
+
+import (
+  "context"
+  "fmt"
+  "time"
+
+  "github.com/lestrrat-go/jwx/v2/jwk"
+)
+
+func ExampleJWK_Cache() {
+  ctx, cancel := context.WithCancel(context.Background())
+
+  const googleCerts = `https://www.googleapis.com/oauth2/v3/certs`
+
+  // First, set up the `jwk.Cache` object. You need to pass it a
+  // `context.Context` object to control the lifecycle of the background fetching goroutine.
+  //
+  // Note that by default refreshes only happen very 15 minutes at the
+  // earliest. If you need to control this, use `jwk.WithRefreshWindow()`
+  c := jwk.NewCache(ctx)
+
+  // Tell *jwk.Cache that we only want to refresh this JWKS
+  // when it needs to (based on Cache-Control or Expires header from
+  // the HTTP response). If the calculated minimum refresh interval is less
+  // than 15 minutes, don't go refreshing any earlier than 15 minutes.
+  c.Register(googleCerts, jwk.WithMinRefreshInterval(15*time.Minute))
+
+  // Refresh the JWKS once before getting into the main loop.
+  // This allows you to check if the JWKS is available before we start
+  // a long-running program
+  _, err := c.Refresh(ctx, googleCerts)
+  if err != nil {
+    fmt.Printf("failed to refresh google JWKS: %s\n", err)
+    return
+  }
+
+  // Pretend that this is your program's main loop
+MAIN:
+  for {
+    select {
+    case <-ctx.Done():
+      break MAIN
+    default:
+    }
+    keyset, err := c.Get(ctx, googleCerts)
+    if err != nil {
+      fmt.Printf("failed to fetch google JWKS: %s\n", err)
+      return
+    }
+    _ = keyset
+    // The returned `keyset` will always be "reasonably" new.
+    //
+    // By "reasonably" we mean that we cannot guarantee that the keys will be refreshed
+    // immediately after it has been rotated in the remote source. But it should be close\
+    // enough, and should you need to forcefully refresh the token using the `(jwk.Cache).Refresh()` method.
+    //
+    // If re-fetching the keyset fails, a cached version will be returned from the previous successful
+    // fetch upon calling `(jwk.Cache).Fetch()`.
+
+    // Do interesting stuff with the keyset... but here, we just
+    // sleep for a bit
+    time.Sleep(time.Second)
+
+    // Because we're a dummy program, we just cancel the loop now.
+    // If this were a real program, you prosumably loop forever
+    cancel()
+  }
+  // OUTPUT:
+}
+```
+source: [examples/jwk_cache_example_test.go](https://github.com/lestrrat-go/jwx/blob/v2/examples/jwk_cache_example_test.go)
+<!-- END INCLUDE -->
+
+Parse and use a JWK key:
+
+<!-- INCLUDE(examples/jwk_example_test.go) -->
+```go
+package examples_test
+
+import (
+  "context"
+  "fmt"
+  "log"
+
+  "github.com/lestrrat-go/jwx/v2/internal/json"
+  "github.com/lestrrat-go/jwx/v2/jwk"
+)
+
+func ExampleJWK_Usage() {
+  // Use jwk.Cache if you intend to keep reuse the JWKS over and over
+  set, err := jwk.Fetch(context.Background(), "https://www.googleapis.com/oauth2/v3/certs")
+  if err != nil {
+    log.Printf("failed to parse JWK: %s", err)
+    return
+  }
+
+  // Key sets can be serialized back to JSON
+  {
+    jsonbuf, err := json.Marshal(set)
+    if err != nil {
+      log.Printf("failed to marshal key set into JSON: %s", err)
+      return
+    }
+    log.Printf("%s", jsonbuf)
+  }
+
+  for it := set.Keys(context.Background()); it.Next(context.Background()); {
+    pair := it.Pair()
+    key := pair.Value.(jwk.Key)
+
+    var rawkey interface{} // This is the raw key, like *rsa.PrivateKey or *ecdsa.PrivateKey
+    if err := key.Raw(&rawkey); err != nil {
+      log.Printf("failed to create public key: %s", err)
+      return
+    }
+    // Use rawkey for jws.Verify() or whatever.
+    _ = rawkey
+
+    // You can create jwk.Key from a raw key, too
+    fromRawKey, err := jwk.FromRaw(rawkey)
+    if err != nil {
+      log.Printf("failed to acquire raw key from jwk.Key: %s", err)
+      return
+    }
+
+    // Keys can be serialized back to JSON
+    jsonbuf, err := json.Marshal(key)
+    if err != nil {
+      log.Printf("failed to marshal key into JSON: %s", err)
+      return
+    }
+
+    fromJSONKey, err := jwk.Parse(jsonbuf)
+    if err != nil {
+      log.Printf("failed to parse json: %s", err)
+      return
+    }
+    _ = fromJSONKey
+    _ = fromRawKey
+  }
+  // OUTPUT:
+}
+
+//nolint:govet
+func ExampleJWK_MarshalJSON() {
+  // JWKs that inherently involve randomness such as RSA and EC keys are
+  // not used in this example, because they may produce different results
+  // depending on the environment.
+  //
+  // (In fact, even if you use a static source of randomness, tests may fail
+  // because of internal changes in the Go runtime).
+
+  raw := []byte("01234567890123456789012345678901234567890123456789ABCDEF")
+
+  // This would create a symmetric key
+  key, err := jwk.FromRaw(raw)
+  if err != nil {
+    fmt.Printf("failed to create symmetric key: %s\n", err)
+    return
+  }
+  if _, ok := key.(jwk.SymmetricKey); !ok {
+    fmt.Printf("expected jwk.SymmetricKey, got %T\n", key)
+    return
+  }
+
+  key.Set(jwk.KeyIDKey, "mykey")
+
+  buf, err := json.MarshalIndent(key, "", "  ")
+  if err != nil {
+    fmt.Printf("failed to marshal key into JSON: %s\n", err)
+    return
+  }
+  fmt.Printf("%s\n", buf)
+
+  // OUTPUT:
+  // {
+  //   "k": "MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODlBQkNERUY",
+  //   "kid": "mykey",
+  //   "kty": "oct"
+  // }
+}
+```
+source: [examples/jwk_example_test.go](https://github.com/lestrrat-go/jwx/blob/v2/examples/jwk_example_test.go)
+<!-- END INCLUDE -->
diff --git a/vendor/github.com/lestrrat-go/jwx/v2/jwk/cache.go b/vendor/github.com/lestrrat-go/jwx/v2/jwk/cache.go
new file mode 100644
index 000000000..5d5b6b90b
--- /dev/null
+++ b/vendor/github.com/lestrrat-go/jwx/v2/jwk/cache.go
@@ -0,0 +1,410 @@
+package jwk
+
+import (
+	"context"
+	"fmt"
+	"io"
+	"net/http"
+	"time"
+
+	"github.com/lestrrat-go/httprc"
+	"github.com/lestrrat-go/iter/arrayiter"
+	"github.com/lestrrat-go/iter/mapiter"
+)
+
+type Transformer = httprc.Transformer
+type HTTPClient = httprc.HTTPClient
+type ErrSink = httprc.ErrSink
+
+// Whitelist describes a set of rules that allows users to access
+// a particular URL. By default all URLs are blocked for security
+// reasons. You will HAVE to provide some sort of whitelist. See
+// the documentation for github.com/lestrrat-go/httprc for more details.
+type Whitelist = httprc.Whitelist
+
+// Cache is a container that keeps track of Set object by their source URLs.
+// The Set objects are stored in memory, and are refreshed automatically
+// behind the scenes.
+//
+// Before retrieving the Set objects, the user must pre-register the
+// URLs they intend to use by calling `Register()`
+//
+//	c := jwk.NewCache(ctx)
+//	c.Register(url, options...)
+//
+// Once registered, you can call `Get()` to retrieve the Set object.
+//
+// All JWKS objects that are retrieved via this mechanism should be
+// treated read-only, as they are shared among all consumers, as well
+// as the `jwk.Cache` object.
+//
+// There are cases where `jwk.Cache` and `jwk.CachedSet` should and
+// should not be used.
+//
+// First and foremost, do NOT use a cache for those JWKS objects that
+// need constant checking. For example, unreliable or user-provided JWKS (i.e. those
+// JWKS that are not from a well-known provider) should not be fetched
+// through a `jwk.Cache` or `jwk.CachedSet`.
+//
+// For example, if you have a flaky JWKS server for development
+// that can go down often, you should consider alternatives such as
+// providing `http.Client` with a caching `http.RoundTripper` configured
+// (see `jwk.WithHTTPClient`), setting up a reverse proxy, etc.
+// These techniques allow you to setup a more robust way to both cache
+// and report precise causes of the problems than using `jwk.Cache` or
+// `jwk.CachedSet`. If you handle the caching at the HTTP level like this,
+// you will be able to use a simple `jwk.Fetch` call and not worry about the cache.
+//
+// User-provided JWKS objects may also be problematic, as it may go down
+// unexpectedly (and frequently!), and it will be hard to detect when
+// the URLs or its contents are swapped.
+//
+// A good use-case for `jwk.Cache` and `jwk.CachedSet` are for "stable"
+// JWKS objects.
+//
+// When we say "stable", we are thinking of JWKS that should mostly be
+// ALWAYS available. A good example are those JWKS objects provided by
+// major cloud providers such as Google Cloud, AWS, or Azure.
+// Stable JWKS may still experience intermittent network connectivity problems,
+// but you can expect that they will eventually recover in relatively
+// short period of time. They rarely change URLs, and the contents are
+// expected to be valid or otherwise it would cause havoc to those providers
+//
+// We also know that these stable JWKS objects are rotated periodically,
+// which is a perfect use for `jwk.Cache` and `jwk.CachedSet`. The caches
+// can be configured to perodically refresh the JWKS thereby keeping them
+// fresh without extra intervention from the developer.
+//
+// Notice that for these recommended use-cases the requirement to check
+// the validity or the availability of the JWKS objects are non-existent,
+// as it is expected that they will be available and will be valid. The
+// caching mechanism can hide intermittent connectivity problems as well
+// as keep the objects mostly fresh.
+type Cache struct {
+	cache *httprc.Cache
+}
+
+// PostFetcher is an interface for objects that want to perform
+// operations on the `Set` that was fetched.
+type PostFetcher interface {
+	// PostFetch revceives the URL and the JWKS, after a successful
+	// fetch and parse.
+	//
+	// It should return a `Set`, optionally modified, to be stored
+	// in the cache for subsequent use
+	PostFetch(string, Set) (Set, error)
+}
+
+// PostFetchFunc is a PostFetcher based on a functon.
+type PostFetchFunc func(string, Set) (Set, error)
+
+func (f PostFetchFunc) PostFetch(u string, set Set) (Set, error) {
+	return f(u, set)
+}
+
+// httprc.Transofmer that transforms the response into a JWKS
+type jwksTransform struct {
+	postFetch    PostFetcher
+	parseOptions []ParseOption
+}
+
+// Default transform has no postFetch. This can be shared
+// by multiple fetchers
+var defaultTransform = &jwksTransform{}
+
+func (t *jwksTransform) Transform(u string, res *http.Response) (interface{}, error) {
+	if res.StatusCode != http.StatusOK {
+		return nil, fmt.Errorf(`failed to process response: non-200 response code %q`, res.Status)
+	}
+	buf, err := io.ReadAll(res.Body)
+	if err != nil {
+		return nil, fmt.Errorf(`failed to read response body status: %w`, err)
+	}
+
+	set, err := Parse(buf, t.parseOptions...)
+	if err != nil {
+		return nil, fmt.Errorf(`failed to parse JWK set at %q: %w`, u, err)
+	}
+
+	if pf := t.postFetch; pf != nil {
+		v, err := pf.PostFetch(u, set)
+		if err != nil {
+			return nil, fmt.Errorf(`failed to execute PostFetch: %w`, err)
+		}
+		set = v
+	}
+
+	return set, nil
+}
+
+// NewCache creates a new `jwk.Cache` object.
+//
+// Please refer to the documentation for `httprc.New` for more
+// details.
+func NewCache(ctx context.Context, options ...CacheOption) *Cache {
+	var hrcopts []httprc.CacheOption
+	for _, option := range options {
+		//nolint:forcetypeassert
+		switch option.Ident() {
+		case identRefreshWindow{}:
+			hrcopts = append(hrcopts, httprc.WithRefreshWindow(option.Value().(time.Duration)))
+		case identErrSink{}:
+			hrcopts = append(hrcopts, httprc.WithErrSink(option.Value().(ErrSink)))
+		}
+	}
+
+	return &Cache{
+		cache: httprc.NewCache(ctx, hrcopts...),
+	}
+}
+
+// Register registers a URL to be managed by the cache. URLs must
+// be registered before issuing `Get`
+//
+// This method is almost identical to `(httprc.Cache).Register`, except
+// it accepts some extra options.
+//
+// Use `jwk.WithParser` to configure how the JWKS should be parsed,
+// such as passing it extra options.
+//
+// Please refer to the documentation for `(httprc.Cache).Register` for more
+// details.
+//
+// Register does not check for the validity of the url being registered.
+// If you need to make sure that a url is valid before entering your main
+// loop, call `Refresh` once to make sure the JWKS is available.
+//
+//	_ = cache.Register(url)
+//	if _, err := cache.Refresh(ctx, url); err != nil {
+//	  // url is not a valid JWKS
+//	  panic(err)
+//	}
+func (c *Cache) Register(u string, options ...RegisterOption) error {
+	var hrropts []httprc.RegisterOption
+	var pf PostFetcher
+	var parseOptions []ParseOption
+
+	// Note: we do NOT accept Transform option
+	for _, option := range options {
+		if parseOpt, ok := option.(ParseOption); ok {
+			parseOptions = append(parseOptions, parseOpt)
+			continue
+		}
+
+		//nolint:forcetypeassert
+		switch option.Ident() {
+		case identHTTPClient{}:
+			hrropts = append(hrropts, httprc.WithHTTPClient(option.Value().(HTTPClient)))
+		case identRefreshInterval{}:
+			hrropts = append(hrropts, httprc.WithRefreshInterval(option.Value().(time.Duration)))
+		case identMinRefreshInterval{}:
+			hrropts = append(hrropts, httprc.WithMinRefreshInterval(option.Value().(time.Duration)))
+		case identFetchWhitelist{}:
+			hrropts = append(hrropts, httprc.WithWhitelist(option.Value().(httprc.Whitelist)))
+		case identPostFetcher{}:
+			pf = option.Value().(PostFetcher)
+		}
+	}
+
+	var t *jwksTransform
+	if pf == nil && len(parseOptions) == 0 {
+		t = defaultTransform
+	} else {
+		// User-supplied PostFetcher is attached to the transformer
+		t = &jwksTransform{
+			postFetch:    pf,
+			parseOptions: parseOptions,
+		}
+	}
+
+	// Set the transfomer at the end so that nobody can override it
+	hrropts = append(hrropts, httprc.WithTransformer(t))
+	return c.cache.Register(u, hrropts...)
+}
+
+// Get returns the stored JWK set (`Set`) from the cache.
+//
+// Please refer to the documentation for `(httprc.Cache).Get` for more
+// details.
+func (c *Cache) Get(ctx context.Context, u string) (Set, error) {
+	v, err := c.cache.Get(ctx, u)
+	if err != nil {
+		return nil, err
+	}
+
+	set, ok := v.(Set)
+	if !ok {
+		return nil, fmt.Errorf(`cached object is not a Set (was %T)`, v)
+	}
+	return set, nil
+}
+
+// Refresh is identical to Get(), except it always fetches the
+// specified resource anew, and updates the cached content
+//
+// Please refer to the documentation for `(httprc.Cache).Refresh` for
+// more details
+func (c *Cache) Refresh(ctx context.Context, u string) (Set, error) {
+	v, err := c.cache.Refresh(ctx, u)
+	if err != nil {
+		return nil, err
+	}
+
+	set, ok := v.(Set)
+	if !ok {
+		return nil, fmt.Errorf(`cached object is not a Set (was %T)`, v)
+	}
+	return set, nil
+}
+
+// IsRegistered returns true if the given URL `u` has already been registered
+// in the cache.
+//
+// Please refer to the documentation for `(httprc.Cache).IsRegistered` for more
+// details.
+func (c *Cache) IsRegistered(u string) bool {
+	return c.cache.IsRegistered(u)
+}
+
+// Unregister removes the given URL `u` from the cache.
+//
+// Please refer to the documentation for `(httprc.Cache).Unregister` for more
+// details.
+func (c *Cache) Unregister(u string) error {
+	return c.cache.Unregister(u)
+}
+
+func (c *Cache) Snapshot() *httprc.Snapshot {
+	return c.cache.Snapshot()
+}
+
+// CachedSet is a thin shim over jwk.Cache that allows the user to cloack
+// jwk.Cache as if it's a `jwk.Set`. Behind the scenes, the `jwk.Set` is
+// retrieved from the `jwk.Cache` for every operation.
+//
+// Since `jwk.CachedSet` always deals with a cached version of the `jwk.Set`,
+// all operations that mutate the object (such as AddKey(), RemoveKey(), et. al)
+// are no-ops and return an error.
+//
+// Note that since this is a utility shim over `jwk.Cache`, you _will_ lose
+// the ability to control the finer details (such as controlling how long to
+// wait for in case of a fetch failure using `context.Context`)
+//
+// Make sure that you read the documentation for `jwk.Cache` as well.
+type CachedSet struct {
+	cache *Cache
+	url   string
+}
+
+var _ Set = &CachedSet{}
+
+func NewCachedSet(cache *Cache, url string) Set {
+	return &CachedSet{
+		cache: cache,
+		url:   url,
+	}
+}
+
+func (cs *CachedSet) cached() (Set, error) {
+	return cs.cache.Get(context.Background(), cs.url)
+}
+
+// Add is a no-op for `jwk.CachedSet`, as the `jwk.Set` should be treated read-only
+func (*CachedSet) AddKey(_ Key) error {
+	return fmt.Errorf(`(jwk.Cachedset).AddKey: jwk.CachedSet is immutable`)
+}
+
+// Clear is a no-op for `jwk.CachedSet`, as the `jwk.Set` should be treated read-only
+func (*CachedSet) Clear() error {
+	return fmt.Errorf(`(jwk.CachedSet).Clear: jwk.CachedSet is immutable`)
+}
+
+// Set is a no-op for `jwk.CachedSet`, as the `jwk.Set` should be treated read-only
+func (*CachedSet) Set(_ string, _ interface{}) error {
+	return fmt.Errorf(`(jwk.CachedSet).Set: jwk.CachedSet is immutable`)
+}
+
+// Remove is a no-op for `jwk.CachedSet`, as the `jwk.Set` should be treated read-only
+func (*CachedSet) Remove(_ string) error {
+	// TODO: Remove() should be renamed to Remove(string) error
+	return fmt.Errorf(`(jwk.CachedSet).Remove: jwk.CachedSet is immutable`)
+}
+
+// RemoveKey is a no-op for `jwk.CachedSet`, as the `jwk.Set` should be treated read-only
+func (*CachedSet) RemoveKey(_ Key) error {
+	return fmt.Errorf(`(jwk.CachedSet).RemoveKey: jwk.CachedSet is immutable`)
+}
+
+func (cs *CachedSet) Clone() (Set, error) {
+	set, err := cs.cached()
+	if err != nil {
+		return nil, fmt.Errorf(`failed to get cached jwk.Set: %w`, err)
+	}
+
+	return set.Clone()
+}
+
+// Get returns the value of non-Key field stored in the jwk.Set
+func (cs *CachedSet) Get(name string) (interface{}, bool) {
+	set, err := cs.cached()
+	if err != nil {
+		return nil, false
+	}
+
+	return set.Get(name)
+}
+
+// Key returns the Key at the specified index
+func (cs *CachedSet) Key(idx int) (Key, bool) {
+	set, err := cs.cached()
+	if err != nil {
+		return nil, false
+	}
+
+	return set.Key(idx)
+}
+
+func (cs *CachedSet) Index(key Key) int {
+	set, err := cs.cached()
+	if err != nil {
+		return -1
+	}
+
+	return set.Index(key)
+}
+
+func (cs *CachedSet) Keys(ctx context.Context) KeyIterator {
+	set, err := cs.cached()
+	if err != nil {
+		return arrayiter.New(nil)
+	}
+
+	return set.Keys(ctx)
+}
+
+func (cs *CachedSet) Iterate(ctx context.Context) HeaderIterator {
+	set, err := cs.cached()
+	if err != nil {
+		return mapiter.New(nil)
+	}
+
+	return set.Iterate(ctx)
+}
+
+func (cs *CachedSet) Len() int {
+	set, err := cs.cached()
+	if err != nil {
+		return -1
+	}
+
+	return set.Len()
+}
+
+func (cs *CachedSet) LookupKeyID(kid string) (Key, bool) {
+	set, err := cs.cached()
+	if err != nil {
+		return nil, false
+	}
+
+	return set.LookupKeyID(kid)
+}
diff --git a/vendor/github.com/lestrrat-go/jwx/v2/jwk/ecdsa.go b/vendor/github.com/lestrrat-go/jwx/v2/jwk/ecdsa.go
new file mode 100644
index 000000000..dcbe2ca6c
--- /dev/null
+++ b/vendor/github.com/lestrrat-go/jwx/v2/jwk/ecdsa.go
@@ -0,0 +1,273 @@
+package jwk
+
+import (
+	"crypto"
+	"crypto/ecdsa"
+	"crypto/elliptic"
+	"fmt"
+	"math/big"
+
+	"github.com/lestrrat-go/blackmagic"
+	"github.com/lestrrat-go/jwx/v2/internal/base64"
+	"github.com/lestrrat-go/jwx/v2/internal/ecutil"
+	"github.com/lestrrat-go/jwx/v2/jwa"
+)
+
+func init() {
+	ecutil.RegisterCurve(elliptic.P256(), jwa.P256)
+	ecutil.RegisterCurve(elliptic.P384(), jwa.P384)
+	ecutil.RegisterCurve(elliptic.P521(), jwa.P521)
+}
+
+func (k *ecdsaPublicKey) FromRaw(rawKey *ecdsa.PublicKey) error {
+	k.mu.Lock()
+	defer k.mu.Unlock()
+
+	if rawKey.X == nil {
+		return fmt.Errorf(`invalid ecdsa.PublicKey`)
+	}
+
+	if rawKey.Y == nil {
+		return fmt.Errorf(`invalid ecdsa.PublicKey`)
+	}
+
+	xbuf := ecutil.AllocECPointBuffer(rawKey.X, rawKey.Curve)
+	ybuf := ecutil.AllocECPointBuffer(rawKey.Y, rawKey.Curve)
+	defer ecutil.ReleaseECPointBuffer(xbuf)
+	defer ecutil.ReleaseECPointBuffer(ybuf)
+
+	k.x = make([]byte, len(xbuf))
+	copy(k.x, xbuf)
+	k.y = make([]byte, len(ybuf))
+	copy(k.y, ybuf)
+
+	var crv jwa.EllipticCurveAlgorithm
+	if tmp, ok := ecutil.AlgorithmForCurve(rawKey.Curve); ok {
+		crv = tmp
+	} else {
+		return fmt.Errorf(`invalid elliptic curve %s`, rawKey.Curve)
+	}
+	k.crv = &crv
+
+	return nil
+}
+
+func (k *ecdsaPrivateKey) FromRaw(rawKey *ecdsa.PrivateKey) error {
+	k.mu.Lock()
+	defer k.mu.Unlock()
+
+	if rawKey.PublicKey.X == nil {
+		return fmt.Errorf(`invalid ecdsa.PrivateKey`)
+	}
+	if rawKey.PublicKey.Y == nil {
+		return fmt.Errorf(`invalid ecdsa.PrivateKey`)
+	}
+	if rawKey.D == nil {
+		return fmt.Errorf(`invalid ecdsa.PrivateKey`)
+	}
+
+	xbuf := ecutil.AllocECPointBuffer(rawKey.PublicKey.X, rawKey.Curve)
+	ybuf := ecutil.AllocECPointBuffer(rawKey.PublicKey.Y, rawKey.Curve)
+	dbuf := ecutil.AllocECPointBuffer(rawKey.D, rawKey.Curve)
+	defer ecutil.ReleaseECPointBuffer(xbuf)
+	defer ecutil.ReleaseECPointBuffer(ybuf)
+	defer ecutil.ReleaseECPointBuffer(dbuf)
+
+	k.x = make([]byte, len(xbuf))
+	copy(k.x, xbuf)
+	k.y = make([]byte, len(ybuf))
+	copy(k.y, ybuf)
+	k.d = make([]byte, len(dbuf))
+	copy(k.d, dbuf)
+
+	var crv jwa.EllipticCurveAlgorithm
+	if tmp, ok := ecutil.AlgorithmForCurve(rawKey.Curve); ok {
+		crv = tmp
+	} else {
+		return fmt.Errorf(`invalid elliptic curve %s`, rawKey.Curve)
+	}
+	k.crv = &crv
+
+	return nil
+}
+
+func buildECDSAPublicKey(alg jwa.EllipticCurveAlgorithm, xbuf, ybuf []byte) (*ecdsa.PublicKey, error) {
+	var crv elliptic.Curve
+	if tmp, ok := ecutil.CurveForAlgorithm(alg); ok {
+		crv = tmp
+	} else {
+		return nil, fmt.Errorf(`invalid curve algorithm %s`, alg)
+	}
+
+	var x, y big.Int
+	x.SetBytes(xbuf)
+	y.SetBytes(ybuf)
+
+	return &ecdsa.PublicKey{Curve: crv, X: &x, Y: &y}, nil
+}
+
+// Raw returns the EC-DSA public key represented by this JWK
+func (k *ecdsaPublicKey) Raw(v interface{}) error {
+	k.mu.RLock()
+	defer k.mu.RUnlock()
+
+	pubk, err := buildECDSAPublicKey(k.Crv(), k.x, k.y)
+	if err != nil {
+		return fmt.Errorf(`failed to build public key: %w`, err)
+	}
+
+	return blackmagic.AssignIfCompatible(v, pubk)
+}
+
+func (k *ecdsaPrivateKey) Raw(v interface{}) error {
+	k.mu.RLock()
+	defer k.mu.RUnlock()
+
+	pubk, err := buildECDSAPublicKey(k.Crv(), k.x, k.y)
+	if err != nil {
+		return fmt.Errorf(`failed to build public key: %w`, err)
+	}
+
+	var key ecdsa.PrivateKey
+	var d big.Int
+	d.SetBytes(k.d)
+	key.D = &d
+	key.PublicKey = *pubk
+
+	return blackmagic.AssignIfCompatible(v, &key)
+}
+
+func makeECDSAPublicKey(v interface {
+	makePairs() []*HeaderPair
+}) (Key, error) {
+	newKey := newECDSAPublicKey()
+
+	// Iterate and copy everything except for the bits that should not be in the public key
+	for _, pair := range v.makePairs() {
+		switch pair.Key {
+		case ECDSADKey:
+			continue
+		default:
+			//nolint:forcetypeassert
+			key := pair.Key.(string)
+			if err := newKey.Set(key, pair.Value); err != nil {
+				return nil, fmt.Errorf(`failed to set field %q: %w`, key, err)
+			}
+		}
+	}
+
+	return newKey, nil
+}
+
+func (k *ecdsaPrivateKey) PublicKey() (Key, error) {
+	return makeECDSAPublicKey(k)
+}
+
+func (k *ecdsaPublicKey) PublicKey() (Key, error) {
+	return makeECDSAPublicKey(k)
+}
+
+func ecdsaThumbprint(hash crypto.Hash, crv, x, y string) []byte {
+	h := hash.New()
+	fmt.Fprint(h, `{"crv":"`)
+	fmt.Fprint(h, crv)
+	fmt.Fprint(h, `","kty":"EC","x":"`)
+	fmt.Fprint(h, x)
+	fmt.Fprint(h, `","y":"`)
+	fmt.Fprint(h, y)
+	fmt.Fprint(h, `"}`)
+	return h.Sum(nil)
+}
+
+// Thumbprint returns the JWK thumbprint using the indicated
+// hashing algorithm, according to RFC 7638
+func (k ecdsaPublicKey) Thumbprint(hash crypto.Hash) ([]byte, error) {
+	k.mu.RLock()
+	defer k.mu.RUnlock()
+
+	var key ecdsa.PublicKey
+	if err := k.Raw(&key); err != nil {
+		return nil, fmt.Errorf(`failed to materialize ecdsa.PublicKey for thumbprint generation: %w`, err)
+	}
+
+	xbuf := ecutil.AllocECPointBuffer(key.X, key.Curve)
+	ybuf := ecutil.AllocECPointBuffer(key.Y, key.Curve)
+	defer ecutil.ReleaseECPointBuffer(xbuf)
+	defer ecutil.ReleaseECPointBuffer(ybuf)
+
+	return ecdsaThumbprint(
+		hash,
+		key.Curve.Params().Name,
+		base64.EncodeToString(xbuf),
+		base64.EncodeToString(ybuf),
+	), nil
+}
+
+// Thumbprint returns the JWK thumbprint using the indicated
+// hashing algorithm, according to RFC 7638
+func (k ecdsaPrivateKey) Thumbprint(hash crypto.Hash) ([]byte, error) {
+	k.mu.RLock()
+	defer k.mu.RUnlock()
+
+	var key ecdsa.PrivateKey
+	if err := k.Raw(&key); err != nil {
+		return nil, fmt.Errorf(`failed to materialize ecdsa.PrivateKey for thumbprint generation: %w`, err)
+	}
+
+	xbuf := ecutil.AllocECPointBuffer(key.X, key.Curve)
+	ybuf := ecutil.AllocECPointBuffer(key.Y, key.Curve)
+	defer ecutil.ReleaseECPointBuffer(xbuf)
+	defer ecutil.ReleaseECPointBuffer(ybuf)
+
+	return ecdsaThumbprint(
+		hash,
+		key.Curve.Params().Name,
+		base64.EncodeToString(xbuf),
+		base64.EncodeToString(ybuf),
+	), nil
+}
+
+func ecdsaValidateKey(k interface {
+	Crv() jwa.EllipticCurveAlgorithm
+	X() []byte
+	Y() []byte
+}, checkPrivate bool) error {
+	crv, ok := ecutil.CurveForAlgorithm(k.Crv())
+	if !ok {
+		return fmt.Errorf(`invalid curve algorithm %q`, k.Crv())
+	}
+
+	keySize := ecutil.CalculateKeySize(crv)
+	if x := k.X(); len(x) != keySize {
+		return fmt.Errorf(`invalid "x" length (%d) for curve %q`, len(x), crv.Params().Name)
+	}
+
+	if y := k.Y(); len(y) != keySize {
+		return fmt.Errorf(`invalid "y" length (%d) for curve %q`, len(y), crv.Params().Name)
+	}
+
+	if checkPrivate {
+		if priv, ok := k.(interface{ D() []byte }); ok {
+			if len(priv.D()) != keySize {
+				return fmt.Errorf(`invalid "d" length (%d) for curve %q`, len(priv.D()), crv.Params().Name)
+			}
+		} else {
+			return fmt.Errorf(`missing "d" value`)
+		}
+	}
+	return nil
+}
+
+func (k *ecdsaPrivateKey) Validate() error {
+	if err := ecdsaValidateKey(k, true); err != nil {
+		return NewKeyValidationError(fmt.Errorf(`jwk.ECDSAPrivateKey: %w`, err))
+	}
+	return nil
+}
+
+func (k *ecdsaPublicKey) Validate() error {
+	if err := ecdsaValidateKey(k, false); err != nil {
+		return NewKeyValidationError(fmt.Errorf(`jwk.ECDSAPublicKey: %w`, err))
+	}
+	return nil
+}
diff --git a/vendor/github.com/lestrrat-go/jwx/v2/jwk/ecdsa_gen.go b/vendor/github.com/lestrrat-go/jwx/v2/jwk/ecdsa_gen.go
new file mode 100644
index 000000000..537ee24cf
--- /dev/null
+++ b/vendor/github.com/lestrrat-go/jwx/v2/jwk/ecdsa_gen.go
@@ -0,0 +1,1189 @@
+// Code generated by tools/cmd/genjwk/main.go. DO NOT EDIT.
+
+package jwk
+
+import (
+	"bytes"
+	"context"
+	"crypto/ecdsa"
+	"fmt"
+	"sort"
+	"sync"
+
+	"github.com/lestrrat-go/iter/mapiter"
+	"github.com/lestrrat-go/jwx/v2/cert"
+	"github.com/lestrrat-go/jwx/v2/internal/base64"
+	"github.com/lestrrat-go/jwx/v2/internal/iter"
+	"github.com/lestrrat-go/jwx/v2/internal/json"
+	"github.com/lestrrat-go/jwx/v2/internal/pool"
+	"github.com/lestrrat-go/jwx/v2/jwa"
+)
+
+const (
+	ECDSACrvKey = "crv"
+	ECDSADKey   = "d"
+	ECDSAXKey   = "x"
+	ECDSAYKey   = "y"
+)
+
+type ECDSAPublicKey interface {
+	Key
+	FromRaw(*ecdsa.PublicKey) error
+	Crv() jwa.EllipticCurveAlgorithm
+	X() []byte
+	Y() []byte
+}
+
+type ecdsaPublicKey struct {
+	algorithm              *jwa.KeyAlgorithm // https://tools.ietf.org/html/rfc7517#section-4.4
+	crv                    *jwa.EllipticCurveAlgorithm
+	keyID                  *string           // https://tools.ietf.org/html/rfc7515#section-4.1.4
+	keyOps                 *KeyOperationList // https://tools.ietf.org/html/rfc7517#section-4.3
+	keyUsage               *string           // https://tools.ietf.org/html/rfc7517#section-4.2
+	x                      []byte
+	x509CertChain          *cert.Chain // https://tools.ietf.org/html/rfc7515#section-4.1.6
+	x509CertThumbprint     *string     // https://tools.ietf.org/html/rfc7515#section-4.1.7
+	x509CertThumbprintS256 *string     // https://tools.ietf.org/html/rfc7515#section-4.1.8
+	x509URL                *string     // https://tools.ietf.org/html/rfc7515#section-4.1.5
+	y                      []byte
+	privateParams          map[string]interface{}
+	mu                     *sync.RWMutex
+	dc                     json.DecodeCtx
+}
+
+var _ ECDSAPublicKey = &ecdsaPublicKey{}
+var _ Key = &ecdsaPublicKey{}
+
+func newECDSAPublicKey() *ecdsaPublicKey {
+	return &ecdsaPublicKey{
+		mu:            &sync.RWMutex{},
+		privateParams: make(map[string]interface{}),
+	}
+}
+
+func (h ecdsaPublicKey) KeyType() jwa.KeyType {
+	return jwa.EC
+}
+
+func (h ecdsaPublicKey) IsPrivate() bool {
+	return false
+}
+
+func (h *ecdsaPublicKey) Algorithm() jwa.KeyAlgorithm {
+	if h.algorithm != nil {
+		return *(h.algorithm)
+	}
+	return jwa.InvalidKeyAlgorithm("")
+}
+
+func (h *ecdsaPublicKey) Crv() jwa.EllipticCurveAlgorithm {
+	if h.crv != nil {
+		return *(h.crv)
+	}
+	return jwa.InvalidEllipticCurve
+}
+
+func (h *ecdsaPublicKey) KeyID() string {
+	if h.keyID != nil {
+		return *(h.keyID)
+	}
+	return ""
+}
+
+func (h *ecdsaPublicKey) KeyOps() KeyOperationList {
+	if h.keyOps != nil {
+		return *(h.keyOps)
+	}
+	return nil
+}
+
+func (h *ecdsaPublicKey) KeyUsage() string {
+	if h.keyUsage != nil {
+		return *(h.keyUsage)
+	}
+	return ""
+}
+
+func (h *ecdsaPublicKey) X() []byte {
+	return h.x
+}
+
+func (h *ecdsaPublicKey) X509CertChain() *cert.Chain {
+	return h.x509CertChain
+}
+
+func (h *ecdsaPublicKey) X509CertThumbprint() string {
+	if h.x509CertThumbprint != nil {
+		return *(h.x509CertThumbprint)
+	}
+	return ""
+}
+
+func (h *ecdsaPublicKey) X509CertThumbprintS256() string {
+	if h.x509CertThumbprintS256 != nil {
+		return *(h.x509CertThumbprintS256)
+	}
+	return ""
+}
+
+func (h *ecdsaPublicKey) X509URL() string {
+	if h.x509URL != nil {
+		return *(h.x509URL)
+	}
+	return ""
+}
+
+func (h *ecdsaPublicKey) Y() []byte {
+	return h.y
+}
+
+func (h *ecdsaPublicKey) makePairs() []*HeaderPair {
+	h.mu.RLock()
+	defer h.mu.RUnlock()
+
+	var pairs []*HeaderPair
+	pairs = append(pairs, &HeaderPair{Key: "kty", Value: jwa.EC})
+	if h.algorithm != nil {
+		pairs = append(pairs, &HeaderPair{Key: AlgorithmKey, Value: *(h.algorithm)})
+	}
+	if h.crv != nil {
+		pairs = append(pairs, &HeaderPair{Key: ECDSACrvKey, Value: *(h.crv)})
+	}
+	if h.keyID != nil {
+		pairs = append(pairs, &HeaderPair{Key: KeyIDKey, Value: *(h.keyID)})
+	}
+	if h.keyOps != nil {
+		pairs = append(pairs, &HeaderPair{Key: KeyOpsKey, Value: *(h.keyOps)})
+	}
+	if h.keyUsage != nil {
+		pairs = append(pairs, &HeaderPair{Key: KeyUsageKey, Value: *(h.keyUsage)})
+	}
+	if h.x != nil {
+		pairs = append(pairs, &HeaderPair{Key: ECDSAXKey, Value: h.x})
+	}
+	if h.x509CertChain != nil {
+		pairs = append(pairs, &HeaderPair{Key: X509CertChainKey, Value: h.x509CertChain})
+	}
+	if h.x509CertThumbprint != nil {
+		pairs = append(pairs, &HeaderPair{Key: X509CertThumbprintKey, Value: *(h.x509CertThumbprint)})
+	}
+	if h.x509CertThumbprintS256 != nil {
+		pairs = append(pairs, &HeaderPair{Key: X509CertThumbprintS256Key, Value: *(h.x509CertThumbprintS256)})
+	}
+	if h.x509URL != nil {
+		pairs = append(pairs, &HeaderPair{Key: X509URLKey, Value: *(h.x509URL)})
+	}
+	if h.y != nil {
+		pairs = append(pairs, &HeaderPair{Key: ECDSAYKey, Value: h.y})
+	}
+	for k, v := range h.privateParams {
+		pairs = append(pairs, &HeaderPair{Key: k, Value: v})
+	}
+	return pairs
+}
+
+func (h *ecdsaPublicKey) PrivateParams() map[string]interface{} {
+	return h.privateParams
+}
+
+func (h *ecdsaPublicKey) Get(name string) (interface{}, bool) {
+	h.mu.RLock()
+	defer h.mu.RUnlock()
+	switch name {
+	case KeyTypeKey:
+		return h.KeyType(), true
+	case AlgorithmKey:
+		if h.algorithm == nil {
+			return nil, false
+		}
+		return *(h.algorithm), true
+	case ECDSACrvKey:
+		if h.crv == nil {
+			return nil, false
+		}
+		return *(h.crv), true
+	case KeyIDKey:
+		if h.keyID == nil {
+			return nil, false
+		}
+		return *(h.keyID), true
+	case KeyOpsKey:
+		if h.keyOps == nil {
+			return nil, false
+		}
+		return *(h.keyOps), true
+	case KeyUsageKey:
+		if h.keyUsage == nil {
+			return nil, false
+		}
+		return *(h.keyUsage), true
+	case ECDSAXKey:
+		if h.x == nil {
+			return nil, false
+		}
+		return h.x, true
+	case X509CertChainKey:
+		if h.x509CertChain == nil {
+			return nil, false
+		}
+		return h.x509CertChain, true
+	case X509CertThumbprintKey:
+		if h.x509CertThumbprint == nil {
+			return nil, false
+		}
+		return *(h.x509CertThumbprint), true
+	case X509CertThumbprintS256Key:
+		if h.x509CertThumbprintS256 == nil {
+			return nil, false
+		}
+		return *(h.x509CertThumbprintS256), true
+	case X509URLKey:
+		if h.x509URL == nil {
+			return nil, false
+		}
+		return *(h.x509URL), true
+	case ECDSAYKey:
+		if h.y == nil {
+			return nil, false
+		}
+		return h.y, true
+	default:
+		v, ok := h.privateParams[name]
+		return v, ok
+	}
+}
+
+func (h *ecdsaPublicKey) Set(name string, value interface{}) error {
+	h.mu.Lock()
+	defer h.mu.Unlock()
+	return h.setNoLock(name, value)
+}
+
+func (h *ecdsaPublicKey) setNoLock(name string, value interface{}) error {
+	switch name {
+	case "kty":
+		return nil
+	case AlgorithmKey:
+		switch v := value.(type) {
+		case string, jwa.SignatureAlgorithm, jwa.ContentEncryptionAlgorithm:
+			var tmp = jwa.KeyAlgorithmFrom(v)
+			h.algorithm = &tmp
+		case fmt.Stringer:
+			s := v.String()
+			var tmp = jwa.KeyAlgorithmFrom(s)
+			h.algorithm = &tmp
+		default:
+			return fmt.Errorf(`invalid type for %s key: %T`, AlgorithmKey, value)
+		}
+		return nil
+	case ECDSACrvKey:
+		if v, ok := value.(jwa.EllipticCurveAlgorithm); ok {
+			h.crv = &v
+			return nil
+		}
+		return fmt.Errorf(`invalid value for %s key: %T`, ECDSACrvKey, value)
+	case KeyIDKey:
+		if v, ok := value.(string); ok {
+			h.keyID = &v
+			return nil
+		}
+		return fmt.Errorf(`invalid value for %s key: %T`, KeyIDKey, value)
+	case KeyOpsKey:
+		var acceptor KeyOperationList
+		if err := acceptor.Accept(value); err != nil {
+			return fmt.Errorf(`invalid value for %s key: %w`, KeyOpsKey, err)
+		}
+		h.keyOps = &acceptor
+		return nil
+	case KeyUsageKey:
+		switch v := value.(type) {
+		case KeyUsageType:
+			switch v {
+			case ForSignature, ForEncryption:
+				tmp := v.String()
+				h.keyUsage = &tmp
+			default:
+				return fmt.Errorf(`invalid key usage type %s`, v)
+			}
+		case string:
+			h.keyUsage = &v
+		default:
+			return fmt.Errorf(`invalid key usage type %s`, v)
+		}
+	case ECDSAXKey:
+		if v, ok := value.([]byte); ok {
+			h.x = v
+			return nil
+		}
+		return fmt.Errorf(`invalid value for %s key: %T`, ECDSAXKey, value)
+	case X509CertChainKey:
+		if v, ok := value.(*cert.Chain); ok {
+			h.x509CertChain = v
+			return nil
+		}
+		return fmt.Errorf(`invalid value for %s key: %T`, X509CertChainKey, value)
+	case X509CertThumbprintKey:
+		if v, ok := value.(string); ok {
+			h.x509CertThumbprint = &v
+			return nil
+		}
+		return fmt.Errorf(`invalid value for %s key: %T`, X509CertThumbprintKey, value)
+	case X509CertThumbprintS256Key:
+		if v, ok := value.(string); ok {
+			h.x509CertThumbprintS256 = &v
+			return nil
+		}
+		return fmt.Errorf(`invalid value for %s key: %T`, X509CertThumbprintS256Key, value)
+	case X509URLKey:
+		if v, ok := value.(string); ok {
+			h.x509URL = &v
+			return nil
+		}
+		return fmt.Errorf(`invalid value for %s key: %T`, X509URLKey, value)
+	case ECDSAYKey:
+		if v, ok := value.([]byte); ok {
+			h.y = v
+			return nil
+		}
+		return fmt.Errorf(`invalid value for %s key: %T`, ECDSAYKey, value)
+	default:
+		if h.privateParams == nil {
+			h.privateParams = map[string]interface{}{}
+		}
+		h.privateParams[name] = value
+	}
+	return nil
+}
+
+func (k *ecdsaPublicKey) Remove(key string) error {
+	k.mu.Lock()
+	defer k.mu.Unlock()
+	switch key {
+	case AlgorithmKey:
+		k.algorithm = nil
+	case ECDSACrvKey:
+		k.crv = nil
+	case KeyIDKey:
+		k.keyID = nil
+	case KeyOpsKey:
+		k.keyOps = nil
+	case KeyUsageKey:
+		k.keyUsage = nil
+	case ECDSAXKey:
+		k.x = nil
+	case X509CertChainKey:
+		k.x509CertChain = nil
+	case X509CertThumbprintKey:
+		k.x509CertThumbprint = nil
+	case X509CertThumbprintS256Key:
+		k.x509CertThumbprintS256 = nil
+	case X509URLKey:
+		k.x509URL = nil
+	case ECDSAYKey:
+		k.y = nil
+	default:
+		delete(k.privateParams, key)
+	}
+	return nil
+}
+
+func (k *ecdsaPublicKey) Clone() (Key, error) {
+	return cloneKey(k)
+}
+
+func (k *ecdsaPublicKey) DecodeCtx() json.DecodeCtx {
+	k.mu.RLock()
+	defer k.mu.RUnlock()
+	return k.dc
+}
+
+func (k *ecdsaPublicKey) SetDecodeCtx(dc json.DecodeCtx) {
+	k.mu.Lock()
+	defer k.mu.Unlock()
+	k.dc = dc
+}
+
+func (h *ecdsaPublicKey) UnmarshalJSON(buf []byte) error {
+	h.mu.Lock()
+	defer h.mu.Unlock()
+	h.algorithm = nil
+	h.crv = nil
+	h.keyID = nil
+	h.keyOps = nil
+	h.keyUsage = nil
+	h.x = nil
+	h.x509CertChain = nil
+	h.x509CertThumbprint = nil
+	h.x509CertThumbprintS256 = nil
+	h.x509URL = nil
+	h.y = nil
+	dec := json.NewDecoder(bytes.NewReader(buf))
+LOOP:
+	for {
+		tok, err := dec.Token()
+		if err != nil {
+			return fmt.Errorf(`error reading token: %w`, err)
+		}
+		switch tok := tok.(type) {
+		case json.Delim:
+			// Assuming we're doing everything correctly, we should ONLY
+			// get either '{' or '}' here.
+			if tok == '}' { // End of object
+				break LOOP
+			} else if tok != '{' {
+				return fmt.Errorf(`expected '{', but got '%c'`, tok)
+			}
+		case string: // Objects can only have string keys
+			switch tok {
+			case KeyTypeKey:
+				val, err := json.ReadNextStringToken(dec)
+				if err != nil {
+					return fmt.Errorf(`error reading token: %w`, err)
+				}
+				if val != jwa.EC.String() {
+					return fmt.Errorf(`invalid kty value for RSAPublicKey (%s)`, val)
+				}
+			case AlgorithmKey:
+				var s string
+				if err := dec.Decode(&s); err != nil {
+					return fmt.Errorf(`failed to decode value for key %s: %w`, AlgorithmKey, err)
+				}
+				alg := jwa.KeyAlgorithmFrom(s)
+				h.algorithm = &alg
+			case ECDSACrvKey:
+				var decoded jwa.EllipticCurveAlgorithm
+				if err := dec.Decode(&decoded); err != nil {
+					return fmt.Errorf(`failed to decode value for key %s: %w`, ECDSACrvKey, err)
+				}
+				h.crv = &decoded
+			case KeyIDKey:
+				if err := json.AssignNextStringToken(&h.keyID, dec); err != nil {
+					return fmt.Errorf(`failed to decode value for key %s: %w`, KeyIDKey, err)
+				}
+			case KeyOpsKey:
+				var decoded KeyOperationList
+				if err := dec.Decode(&decoded); err != nil {
+					return fmt.Errorf(`failed to decode value for key %s: %w`, KeyOpsKey, err)
+				}
+				h.keyOps = &decoded
+			case KeyUsageKey:
+				if err := json.AssignNextStringToken(&h.keyUsage, dec); err != nil {
+					return fmt.Errorf(`failed to decode value for key %s: %w`, KeyUsageKey, err)
+				}
+			case ECDSAXKey:
+				if err := json.AssignNextBytesToken(&h.x, dec); err != nil {
+					return fmt.Errorf(`failed to decode value for key %s: %w`, ECDSAXKey, err)
+				}
+			case X509CertChainKey:
+				var decoded cert.Chain
+				if err := dec.Decode(&decoded); err != nil {
+					return fmt.Errorf(`failed to decode value for key %s: %w`, X509CertChainKey, err)
+				}
+				h.x509CertChain = &decoded
+			case X509CertThumbprintKey:
+				if err := json.AssignNextStringToken(&h.x509CertThumbprint, dec); err != nil {
+					return fmt.Errorf(`failed to decode value for key %s: %w`, X509CertThumbprintKey, err)
+				}
+			case X509CertThumbprintS256Key:
+				if err := json.AssignNextStringToken(&h.x509CertThumbprintS256, dec); err != nil {
+					return fmt.Errorf(`failed to decode value for key %s: %w`, X509CertThumbprintS256Key, err)
+				}
+			case X509URLKey:
+				if err := json.AssignNextStringToken(&h.x509URL, dec); err != nil {
+					return fmt.Errorf(`failed to decode value for key %s: %w`, X509URLKey, err)
+				}
+			case ECDSAYKey:
+				if err := json.AssignNextBytesToken(&h.y, dec); err != nil {
+					return fmt.Errorf(`failed to decode value for key %s: %w`, ECDSAYKey, err)
+				}
+			default:
+				if dc := h.dc; dc != nil {
+					if localReg := dc.Registry(); localReg != nil {
+						decoded, err := localReg.Decode(dec, tok)
+						if err == nil {
+							h.setNoLock(tok, decoded)
+							continue
+						}
+					}
+				}
+				decoded, err := registry.Decode(dec, tok)
+				if err == nil {
+					h.setNoLock(tok, decoded)
+					continue
+				}
+				return fmt.Errorf(`could not decode field %s: %w`, tok, err)
+			}
+		default:
+			return fmt.Errorf(`invalid token %T`, tok)
+		}
+	}
+	if h.crv == nil {
+		return fmt.Errorf(`required field crv is missing`)
+	}
+	if h.x == nil {
+		return fmt.Errorf(`required field x is missing`)
+	}
+	if h.y == nil {
+		return fmt.Errorf(`required field y is missing`)
+	}
+	return nil
+}
+
+func (h ecdsaPublicKey) MarshalJSON() ([]byte, error) {
+	data := make(map[string]interface{})
+	fields := make([]string, 0, 11)
+	for _, pair := range h.makePairs() {
+		fields = append(fields, pair.Key.(string))
+		data[pair.Key.(string)] = pair.Value
+	}
+
+	sort.Strings(fields)
+	buf := pool.GetBytesBuffer()
+	defer pool.ReleaseBytesBuffer(buf)
+	buf.WriteByte('{')
+	enc := json.NewEncoder(buf)
+	for i, f := range fields {
+		if i > 0 {
+			buf.WriteRune(',')
+		}
+		buf.WriteRune('"')
+		buf.WriteString(f)
+		buf.WriteString(`":`)
+		v := data[f]
+		switch v := v.(type) {
+		case []byte:
+			buf.WriteRune('"')
+			buf.WriteString(base64.EncodeToString(v))
+			buf.WriteRune('"')
+		default:
+			if err := enc.Encode(v); err != nil {
+				return nil, fmt.Errorf(`failed to encode value for field %s: %w`, f, err)
+			}
+			buf.Truncate(buf.Len() - 1)
+		}
+	}
+	buf.WriteByte('}')
+	ret := make([]byte, buf.Len())
+	copy(ret, buf.Bytes())
+	return ret, nil
+}
+
+func (h *ecdsaPublicKey) Iterate(ctx context.Context) HeaderIterator {
+	pairs := h.makePairs()
+	ch := make(chan *HeaderPair, len(pairs))
+	go func(ctx context.Context, ch chan *HeaderPair, pairs []*HeaderPair) {
+		defer close(ch)
+		for _, pair := range pairs {
+			select {
+			case <-ctx.Done():
+				return
+			case ch <- pair:
+			}
+		}
+	}(ctx, ch, pairs)
+	return mapiter.New(ch)
+}
+
+func (h *ecdsaPublicKey) Walk(ctx context.Context, visitor HeaderVisitor) error {
+	return iter.WalkMap(ctx, h, visitor)
+}
+
+func (h *ecdsaPublicKey) AsMap(ctx context.Context) (map[string]interface{}, error) {
+	return iter.AsMap(ctx, h)
+}
+
+type ECDSAPrivateKey interface {
+	Key
+	FromRaw(*ecdsa.PrivateKey) error
+	Crv() jwa.EllipticCurveAlgorithm
+	D() []byte
+	X() []byte
+	Y() []byte
+}
+
+type ecdsaPrivateKey struct {
+	algorithm              *jwa.KeyAlgorithm // https://tools.ietf.org/html/rfc7517#section-4.4
+	crv                    *jwa.EllipticCurveAlgorithm
+	d                      []byte
+	keyID                  *string           // https://tools.ietf.org/html/rfc7515#section-4.1.4
+	keyOps                 *KeyOperationList // https://tools.ietf.org/html/rfc7517#section-4.3
+	keyUsage               *string           // https://tools.ietf.org/html/rfc7517#section-4.2
+	x                      []byte
+	x509CertChain          *cert.Chain // https://tools.ietf.org/html/rfc7515#section-4.1.6
+	x509CertThumbprint     *string     // https://tools.ietf.org/html/rfc7515#section-4.1.7
+	x509CertThumbprintS256 *string     // https://tools.ietf.org/html/rfc7515#section-4.1.8
+	x509URL                *string     // https://tools.ietf.org/html/rfc7515#section-4.1.5
+	y                      []byte
+	privateParams          map[string]interface{}
+	mu                     *sync.RWMutex
+	dc                     json.DecodeCtx
+}
+
+var _ ECDSAPrivateKey = &ecdsaPrivateKey{}
+var _ Key = &ecdsaPrivateKey{}
+
+func newECDSAPrivateKey() *ecdsaPrivateKey {
+	return &ecdsaPrivateKey{
+		mu:            &sync.RWMutex{},
+		privateParams: make(map[string]interface{}),
+	}
+}
+
+func (h ecdsaPrivateKey) KeyType() jwa.KeyType {
+	return jwa.EC
+}
+
+func (h ecdsaPrivateKey) IsPrivate() bool {
+	return true
+}
+
+func (h *ecdsaPrivateKey) Algorithm() jwa.KeyAlgorithm {
+	if h.algorithm != nil {
+		return *(h.algorithm)
+	}
+	return jwa.InvalidKeyAlgorithm("")
+}
+
+func (h *ecdsaPrivateKey) Crv() jwa.EllipticCurveAlgorithm {
+	if h.crv != nil {
+		return *(h.crv)
+	}
+	return jwa.InvalidEllipticCurve
+}
+
+func (h *ecdsaPrivateKey) D() []byte {
+	return h.d
+}
+
+func (h *ecdsaPrivateKey) KeyID() string {
+	if h.keyID != nil {
+		return *(h.keyID)
+	}
+	return ""
+}
+
+func (h *ecdsaPrivateKey) KeyOps() KeyOperationList {
+	if h.keyOps != nil {
+		return *(h.keyOps)
+	}
+	return nil
+}
+
+func (h *ecdsaPrivateKey) KeyUsage() string {
+	if h.keyUsage != nil {
+		return *(h.keyUsage)
+	}
+	return ""
+}
+
+func (h *ecdsaPrivateKey) X() []byte {
+	return h.x
+}
+
+func (h *ecdsaPrivateKey) X509CertChain() *cert.Chain {
+	return h.x509CertChain
+}
+
+func (h *ecdsaPrivateKey) X509CertThumbprint() string {
+	if h.x509CertThumbprint != nil {
+		return *(h.x509CertThumbprint)
+	}
+	return ""
+}
+
+func (h *ecdsaPrivateKey) X509CertThumbprintS256() string {
+	if h.x509CertThumbprintS256 != nil {
+		return *(h.x509CertThumbprintS256)
+	}
+	return ""
+}
+
+func (h *ecdsaPrivateKey) X509URL() string {
+	if h.x509URL != nil {
+		return *(h.x509URL)
+	}
+	return ""
+}
+
+func (h *ecdsaPrivateKey) Y() []byte {
+	return h.y
+}
+
+func (h *ecdsaPrivateKey) makePairs() []*HeaderPair {
+	h.mu.RLock()
+	defer h.mu.RUnlock()
+
+	var pairs []*HeaderPair
+	pairs = append(pairs, &HeaderPair{Key: "kty", Value: jwa.EC})
+	if h.algorithm != nil {
+		pairs = append(pairs, &HeaderPair{Key: AlgorithmKey, Value: *(h.algorithm)})
+	}
+	if h.crv != nil {
+		pairs = append(pairs, &HeaderPair{Key: ECDSACrvKey, Value: *(h.crv)})
+	}
+	if h.d != nil {
+		pairs = append(pairs, &HeaderPair{Key: ECDSADKey, Value: h.d})
+	}
+	if h.keyID != nil {
+		pairs = append(pairs, &HeaderPair{Key: KeyIDKey, Value: *(h.keyID)})
+	}
+	if h.keyOps != nil {
+		pairs = append(pairs, &HeaderPair{Key: KeyOpsKey, Value: *(h.keyOps)})
+	}
+	if h.keyUsage != nil {
+		pairs = append(pairs, &HeaderPair{Key: KeyUsageKey, Value: *(h.keyUsage)})
+	}
+	if h.x != nil {
+		pairs = append(pairs, &HeaderPair{Key: ECDSAXKey, Value: h.x})
+	}
+	if h.x509CertChain != nil {
+		pairs = append(pairs, &HeaderPair{Key: X509CertChainKey, Value: h.x509CertChain})
+	}
+	if h.x509CertThumbprint != nil {
+		pairs = append(pairs, &HeaderPair{Key: X509CertThumbprintKey, Value: *(h.x509CertThumbprint)})
+	}
+	if h.x509CertThumbprintS256 != nil {
+		pairs = append(pairs, &HeaderPair{Key: X509CertThumbprintS256Key, Value: *(h.x509CertThumbprintS256)})
+	}
+	if h.x509URL != nil {
+		pairs = append(pairs, &HeaderPair{Key: X509URLKey, Value: *(h.x509URL)})
+	}
+	if h.y != nil {
+		pairs = append(pairs, &HeaderPair{Key: ECDSAYKey, Value: h.y})
+	}
+	for k, v := range h.privateParams {
+		pairs = append(pairs, &HeaderPair{Key: k, Value: v})
+	}
+	return pairs
+}
+
+func (h *ecdsaPrivateKey) PrivateParams() map[string]interface{} {
+	return h.privateParams
+}
+
+func (h *ecdsaPrivateKey) Get(name string) (interface{}, bool) {
+	h.mu.RLock()
+	defer h.mu.RUnlock()
+	switch name {
+	case KeyTypeKey:
+		return h.KeyType(), true
+	case AlgorithmKey:
+		if h.algorithm == nil {
+			return nil, false
+		}
+		return *(h.algorithm), true
+	case ECDSACrvKey:
+		if h.crv == nil {
+			return nil, false
+		}
+		return *(h.crv), true
+	case ECDSADKey:
+		if h.d == nil {
+			return nil, false
+		}
+		return h.d, true
+	case KeyIDKey:
+		if h.keyID == nil {
+			return nil, false
+		}
+		return *(h.keyID), true
+	case KeyOpsKey:
+		if h.keyOps == nil {
+			return nil, false
+		}
+		return *(h.keyOps), true
+	case KeyUsageKey:
+		if h.keyUsage == nil {
+			return nil, false
+		}
+		return *(h.keyUsage), true
+	case ECDSAXKey:
+		if h.x == nil {
+			return nil, false
+		}
+		return h.x, true
+	case X509CertChainKey:
+		if h.x509CertChain == nil {
+			return nil, false
+		}
+		return h.x509CertChain, true
+	case X509CertThumbprintKey:
+		if h.x509CertThumbprint == nil {
+			return nil, false
+		}
+		return *(h.x509CertThumbprint), true
+	case X509CertThumbprintS256Key:
+		if h.x509CertThumbprintS256 == nil {
+			return nil, false
+		}
+		return *(h.x509CertThumbprintS256), true
+	case X509URLKey:
+		if h.x509URL == nil {
+			return nil, false
+		}
+		return *(h.x509URL), true
+	case ECDSAYKey:
+		if h.y == nil {
+			return nil, false
+		}
+		return h.y, true
+	default:
+		v, ok := h.privateParams[name]
+		return v, ok
+	}
+}
+
+func (h *ecdsaPrivateKey) Set(name string, value interface{}) error {
+	h.mu.Lock()
+	defer h.mu.Unlock()
+	return h.setNoLock(name, value)
+}
+
+func (h *ecdsaPrivateKey) setNoLock(name string, value interface{}) error {
+	switch name {
+	case "kty":
+		return nil
+	case AlgorithmKey:
+		switch v := value.(type) {
+		case string, jwa.SignatureAlgorithm, jwa.ContentEncryptionAlgorithm:
+			var tmp = jwa.KeyAlgorithmFrom(v)
+			h.algorithm = &tmp
+		case fmt.Stringer:
+			s := v.String()
+			var tmp = jwa.KeyAlgorithmFrom(s)
+			h.algorithm = &tmp
+		default:
+			return fmt.Errorf(`invalid type for %s key: %T`, AlgorithmKey, value)
+		}
+		return nil
+	case ECDSACrvKey:
+		if v, ok := value.(jwa.EllipticCurveAlgorithm); ok {
+			h.crv = &v
+			return nil
+		}
+		return fmt.Errorf(`invalid value for %s key: %T`, ECDSACrvKey, value)
+	case ECDSADKey:
+		if v, ok := value.([]byte); ok {
+			h.d = v
+			return nil
+		}
+		return fmt.Errorf(`invalid value for %s key: %T`, ECDSADKey, value)
+	case KeyIDKey:
+		if v, ok := value.(string); ok {
+			h.keyID = &v
+			return nil
+		}
+		return fmt.Errorf(`invalid value for %s key: %T`, KeyIDKey, value)
+	case KeyOpsKey:
+		var acceptor KeyOperationList
+		if err := acceptor.Accept(value); err != nil {
+			return fmt.Errorf(`invalid value for %s key: %w`, KeyOpsKey, err)
+		}
+		h.keyOps = &acceptor
+		return nil
+	case KeyUsageKey:
+		switch v := value.(type) {
+		case KeyUsageType:
+			switch v {
+			case ForSignature, ForEncryption:
+				tmp := v.String()
+				h.keyUsage = &tmp
+			default:
+				return fmt.Errorf(`invalid key usage type %s`, v)
+			}
+		case string:
+			h.keyUsage = &v
+		default:
+			return fmt.Errorf(`invalid key usage type %s`, v)
+		}
+	case ECDSAXKey:
+		if v, ok := value.([]byte); ok {
+			h.x = v
+			return nil
+		}
+		return fmt.Errorf(`invalid value for %s key: %T`, ECDSAXKey, value)
+	case X509CertChainKey:
+		if v, ok := value.(*cert.Chain); ok {
+			h.x509CertChain = v
+			return nil
+		}
+		return fmt.Errorf(`invalid value for %s key: %T`, X509CertChainKey, value)
+	case X509CertThumbprintKey:
+		if v, ok := value.(string); ok {
+			h.x509CertThumbprint = &v
+			return nil
+		}
+		return fmt.Errorf(`invalid value for %s key: %T`, X509CertThumbprintKey, value)
+	case X509CertThumbprintS256Key:
+		if v, ok := value.(string); ok {
+			h.x509CertThumbprintS256 = &v
+			return nil
+		}
+		return fmt.Errorf(`invalid value for %s key: %T`, X509CertThumbprintS256Key, value)
+	case X509URLKey:
+		if v, ok := value.(string); ok {
+			h.x509URL = &v
+			return nil
+		}
+		return fmt.Errorf(`invalid value for %s key: %T`, X509URLKey, value)
+	case ECDSAYKey:
+		if v, ok := value.([]byte); ok {
+			h.y = v
+			return nil
+		}
+		return fmt.Errorf(`invalid value for %s key: %T`, ECDSAYKey, value)
+	default:
+		if h.privateParams == nil {
+			h.privateParams = map[string]interface{}{}
+		}
+		h.privateParams[name] = value
+	}
+	return nil
+}
+
+func (k *ecdsaPrivateKey) Remove(key string) error {
+	k.mu.Lock()
+	defer k.mu.Unlock()
+	switch key {
+	case AlgorithmKey:
+		k.algorithm = nil
+	case ECDSACrvKey:
+		k.crv = nil
+	case ECDSADKey:
+		k.d = nil
+	case KeyIDKey:
+		k.keyID = nil
+	case KeyOpsKey:
+		k.keyOps = nil
+	case KeyUsageKey:
+		k.keyUsage = nil
+	case ECDSAXKey:
+		k.x = nil
+	case X509CertChainKey:
+		k.x509CertChain = nil
+	case X509CertThumbprintKey:
+		k.x509CertThumbprint = nil
+	case X509CertThumbprintS256Key:
+		k.x509CertThumbprintS256 = nil
+	case X509URLKey:
+		k.x509URL = nil
+	case ECDSAYKey:
+		k.y = nil
+	default:
+		delete(k.privateParams, key)
+	}
+	return nil
+}
+
+func (k *ecdsaPrivateKey) Clone() (Key, error) {
+	return cloneKey(k)
+}
+
+func (k *ecdsaPrivateKey) DecodeCtx() json.DecodeCtx {
+	k.mu.RLock()
+	defer k.mu.RUnlock()
+	return k.dc
+}
+
+func (k *ecdsaPrivateKey) SetDecodeCtx(dc json.DecodeCtx) {
+	k.mu.Lock()
+	defer k.mu.Unlock()
+	k.dc = dc
+}
+
+func (h *ecdsaPrivateKey) UnmarshalJSON(buf []byte) error {
+	h.mu.Lock()
+	defer h.mu.Unlock()
+	h.algorithm = nil
+	h.crv = nil
+	h.d = nil
+	h.keyID = nil
+	h.keyOps = nil
+	h.keyUsage = nil
+	h.x = nil
+	h.x509CertChain = nil
+	h.x509CertThumbprint = nil
+	h.x509CertThumbprintS256 = nil
+	h.x509URL = nil
+	h.y = nil
+	dec := json.NewDecoder(bytes.NewReader(buf))
+LOOP:
+	for {
+		tok, err := dec.Token()
+		if err != nil {
+			return fmt.Errorf(`error reading token: %w`, err)
+		}
+		switch tok := tok.(type) {
+		case json.Delim:
+			// Assuming we're doing everything correctly, we should ONLY
+			// get either '{' or '}' here.
+			if tok == '}' { // End of object
+				break LOOP
+			} else if tok != '{' {
+				return fmt.Errorf(`expected '{', but got '%c'`, tok)
+			}
+		case string: // Objects can only have string keys
+			switch tok {
+			case KeyTypeKey:
+				val, err := json.ReadNextStringToken(dec)
+				if err != nil {
+					return fmt.Errorf(`error reading token: %w`, err)
+				}
+				if val != jwa.EC.String() {
+					return fmt.Errorf(`invalid kty value for RSAPublicKey (%s)`, val)
+				}
+			case AlgorithmKey:
+				var s string
+				if err := dec.Decode(&s); err != nil {
+					return fmt.Errorf(`failed to decode value for key %s: %w`, AlgorithmKey, err)
+				}
+				alg := jwa.KeyAlgorithmFrom(s)
+				h.algorithm = &alg
+			case ECDSACrvKey:
+				var decoded jwa.EllipticCurveAlgorithm
+				if err := dec.Decode(&decoded); err != nil {
+					return fmt.Errorf(`failed to decode value for key %s: %w`, ECDSACrvKey, err)
+				}
+				h.crv = &decoded
+			case ECDSADKey:
+				if err := json.AssignNextBytesToken(&h.d, dec); err != nil {
+					return fmt.Errorf(`failed to decode value for key %s: %w`, ECDSADKey, err)
+				}
+			case KeyIDKey:
+				if err := json.AssignNextStringToken(&h.keyID, dec); err != nil {
+					return fmt.Errorf(`failed to decode value for key %s: %w`, KeyIDKey, err)
+				}
+			case KeyOpsKey:
+				var decoded KeyOperationList
+				if err := dec.Decode(&decoded); err != nil {
+					return fmt.Errorf(`failed to decode value for key %s: %w`, KeyOpsKey, err)
+				}
+				h.keyOps = &decoded
+			case KeyUsageKey:
+				if err := json.AssignNextStringToken(&h.keyUsage, dec); err != nil {
+					return fmt.Errorf(`failed to decode value for key %s: %w`, KeyUsageKey, err)
+				}
+			case ECDSAXKey:
+				if err := json.AssignNextBytesToken(&h.x, dec); err != nil {
+					return fmt.Errorf(`failed to decode value for key %s: %w`, ECDSAXKey, err)
+				}
+			case X509CertChainKey:
+				var decoded cert.Chain
+				if err := dec.Decode(&decoded); err != nil {
+					return fmt.Errorf(`failed to decode value for key %s: %w`, X509CertChainKey, err)
+				}
+				h.x509CertChain = &decoded
+			case X509CertThumbprintKey:
+				if err := json.AssignNextStringToken(&h.x509CertThumbprint, dec); err != nil {
+					return fmt.Errorf(`failed to decode value for key %s: %w`, X509CertThumbprintKey, err)
+				}
+			case X509CertThumbprintS256Key:
+				if err := json.AssignNextStringToken(&h.x509CertThumbprintS256, dec); err != nil {
+					return fmt.Errorf(`failed to decode value for key %s: %w`, X509CertThumbprintS256Key, err)
+				}
+			case X509URLKey:
+				if err := json.AssignNextStringToken(&h.x509URL, dec); err != nil {
+					return fmt.Errorf(`failed to decode value for key %s: %w`, X509URLKey, err)
+				}
+			case ECDSAYKey:
+				if err := json.AssignNextBytesToken(&h.y, dec); err != nil {
+					return fmt.Errorf(`failed to decode value for key %s: %w`, ECDSAYKey, err)
+				}
+			default:
+				if dc := h.dc; dc != nil {
+					if localReg := dc.Registry(); localReg != nil {
+						decoded, err := localReg.Decode(dec, tok)
+						if err == nil {
+							h.setNoLock(tok, decoded)
+							continue
+						}
+					}
+				}
+				decoded, err := registry.Decode(dec, tok)
+				if err == nil {
+					h.setNoLock(tok, decoded)
+					continue
+				}
+				return fmt.Errorf(`could not decode field %s: %w`, tok, err)
+			}
+		default:
+			return fmt.Errorf(`invalid token %T`, tok)
+		}
+	}
+	if h.crv == nil {
+		return fmt.Errorf(`required field crv is missing`)
+	}
+	if h.d == nil {
+		return fmt.Errorf(`required field d is missing`)
+	}
+	if h.x == nil {
+		return fmt.Errorf(`required field x is missing`)
+	}
+	if h.y == nil {
+		return fmt.Errorf(`required field y is missing`)
+	}
+	return nil
+}
+
+func (h ecdsaPrivateKey) MarshalJSON() ([]byte, error) {
+	data := make(map[string]interface{})
+	fields := make([]string, 0, 12)
+	for _, pair := range h.makePairs() {
+		fields = append(fields, pair.Key.(string))
+		data[pair.Key.(string)] = pair.Value
+	}
+
+	sort.Strings(fields)
+	buf := pool.GetBytesBuffer()
+	defer pool.ReleaseBytesBuffer(buf)
+	buf.WriteByte('{')
+	enc := json.NewEncoder(buf)
+	for i, f := range fields {
+		if i > 0 {
+			buf.WriteRune(',')
+		}
+		buf.WriteRune('"')
+		buf.WriteString(f)
+		buf.WriteString(`":`)
+		v := data[f]
+		switch v := v.(type) {
+		case []byte:
+			buf.WriteRune('"')
+			buf.WriteString(base64.EncodeToString(v))
+			buf.WriteRune('"')
+		default:
+			if err := enc.Encode(v); err != nil {
+				return nil, fmt.Errorf(`failed to encode value for field %s: %w`, f, err)
+			}
+			buf.Truncate(buf.Len() - 1)
+		}
+	}
+	buf.WriteByte('}')
+	ret := make([]byte, buf.Len())
+	copy(ret, buf.Bytes())
+	return ret, nil
+}
+
+func (h *ecdsaPrivateKey) Iterate(ctx context.Context) HeaderIterator {
+	pairs := h.makePairs()
+	ch := make(chan *HeaderPair, len(pairs))
+	go func(ctx context.Context, ch chan *HeaderPair, pairs []*HeaderPair) {
+		defer close(ch)
+		for _, pair := range pairs {
+			select {
+			case <-ctx.Done():
+				return
+			case ch <- pair:
+			}
+		}
+	}(ctx, ch, pairs)
+	return mapiter.New(ch)
+}
+
+func (h *ecdsaPrivateKey) Walk(ctx context.Context, visitor HeaderVisitor) error {
+	return iter.WalkMap(ctx, h, visitor)
+}
+
+func (h *ecdsaPrivateKey) AsMap(ctx context.Context) (map[string]interface{}, error) {
+	return iter.AsMap(ctx, h)
+}
diff --git a/vendor/github.com/lestrrat-go/jwx/v2/jwk/es256k.go b/vendor/github.com/lestrrat-go/jwx/v2/jwk/es256k.go
new file mode 100644
index 000000000..1a9d2346a
--- /dev/null
+++ b/vendor/github.com/lestrrat-go/jwx/v2/jwk/es256k.go
@@ -0,0 +1,14 @@
+//go:build jwx_es256k
+// +build jwx_es256k
+
+package jwk
+
+import (
+	"github.com/decred/dcrd/dcrec/secp256k1/v4"
+	"github.com/lestrrat-go/jwx/v2/internal/ecutil"
+	"github.com/lestrrat-go/jwx/v2/jwa"
+)
+
+func init() {
+	ecutil.RegisterCurve(secp256k1.S256(), jwa.Secp256k1)
+}
diff --git a/vendor/github.com/lestrrat-go/jwx/v2/jwk/fetch.go b/vendor/github.com/lestrrat-go/jwx/v2/jwk/fetch.go
new file mode 100644
index 000000000..a4315a562
--- /dev/null
+++ b/vendor/github.com/lestrrat-go/jwx/v2/jwk/fetch.go
@@ -0,0 +1,134 @@
+package jwk
+
+import (
+	"context"
+	"fmt"
+	"io"
+	"math"
+	"os"
+	"strconv"
+	"sync"
+	"sync/atomic"
+
+	"github.com/lestrrat-go/httprc"
+)
+
+type Fetcher interface {
+	Fetch(context.Context, string, ...FetchOption) (Set, error)
+}
+
+type FetchFunc func(context.Context, string, ...FetchOption) (Set, error)
+
+func (f FetchFunc) Fetch(ctx context.Context, u string, options ...FetchOption) (Set, error) {
+	return f(ctx, u, options...)
+}
+
+var globalFetcher httprc.Fetcher
+var muGlobalFetcher sync.Mutex
+var fetcherChanged uint32
+
+func init() {
+	atomic.StoreUint32(&fetcherChanged, 1)
+}
+
+func getGlobalFetcher() httprc.Fetcher {
+	if v := atomic.LoadUint32(&fetcherChanged); v == 0 {
+		return globalFetcher
+	}
+
+	muGlobalFetcher.Lock()
+	defer muGlobalFetcher.Unlock()
+	if globalFetcher == nil {
+		var nworkers int
+		v := os.Getenv(`JWK_FETCHER_WORKER_COUNT`)
+		if c, err := strconv.ParseInt(v, 10, 64); err == nil {
+			if c > math.MaxInt {
+				nworkers = math.MaxInt
+			} else {
+				nworkers = int(c)
+			}
+		}
+		if nworkers < 1 {
+			nworkers = 3
+		}
+
+		globalFetcher = httprc.NewFetcher(context.Background(), httprc.WithFetcherWorkerCount(nworkers))
+	}
+
+	atomic.StoreUint32(&fetcherChanged, 0)
+	return globalFetcher
+}
+
+// SetGlobalFetcher allows users to specify a custom global fetcher,
+// which is used by the `Fetch` function. Assigning `nil` forces
+// the default fetcher to be (re)created when the next call to
+// `jwk.Fetch` occurs
+//
+// You only need to call this function when you want to
+// either change the fetching behavior (for example, you want to change
+// how the default whitelist is handled), or when you want to control
+// the lifetime of the global fetcher, for example for tests
+// that require a clean shutdown.
+//
+// If you do use this function to set a custom fetcher and you
+// control its termination, make sure that you call `jwk.SetGlobalFetcher()`
+// one more time (possibly with `nil`) to assign a valid fetcher.
+// Otherwise, once the fetcher is invalidated, subsequent calls to `jwk.Fetch`
+// may hang, causing very hard to debug problems.
+//
+// If you are sure you no longer need `jwk.Fetch` after terminating the
+// fetcher, then you the above caution is not necessary.
+func SetGlobalFetcher(f httprc.Fetcher) {
+	muGlobalFetcher.Lock()
+	globalFetcher = f
+	muGlobalFetcher.Unlock()
+	atomic.StoreUint32(&fetcherChanged, 1)
+}
+
+// Fetch fetches a JWK resource specified by a URL. The url must be
+// pointing to a resource that is supported by `net/http`.
+//
+// If you are using the same `jwk.Set` for long periods of time during
+// the lifecycle of your program, and would like to periodically refresh the
+// contents of the object with the data at the remote resource,
+// consider using `jwk.Cache`, which automatically refreshes
+// jwk.Set objects asynchronously.
+//
+// Please note that underneath the `jwk.Fetch` function, it uses a global
+// object that spawns goroutines that are present until the go runtime
+// exits. Initially this global variable is uninitialized, but upon
+// calling `jwk.Fetch` once, it is initialized and goroutines are spawned.
+// If you want to control the lifetime of these goroutines, you can
+// call `jwk.SetGlobalFetcher` with a custom fetcher which is tied to
+// a `context.Context` object that you can control.
+func Fetch(ctx context.Context, u string, options ...FetchOption) (Set, error) {
+	var hrfopts []httprc.FetchOption
+	var parseOptions []ParseOption
+	for _, option := range options {
+		if parseOpt, ok := option.(ParseOption); ok {
+			parseOptions = append(parseOptions, parseOpt)
+			continue
+		}
+
+		//nolint:forcetypeassert
+		switch option.Ident() {
+		case identHTTPClient{}:
+			hrfopts = append(hrfopts, httprc.WithHTTPClient(option.Value().(HTTPClient)))
+		case identFetchWhitelist{}:
+			hrfopts = append(hrfopts, httprc.WithWhitelist(option.Value().(httprc.Whitelist)))
+		}
+	}
+
+	res, err := getGlobalFetcher().Fetch(ctx, u, hrfopts...)
+	if err != nil {
+		return nil, fmt.Errorf(`failed to fetch %q: %w`, u, err)
+	}
+
+	buf, err := io.ReadAll(res.Body)
+	defer res.Body.Close()
+	if err != nil {
+		return nil, fmt.Errorf(`failed to read response body for %q: %w`, u, err)
+	}
+
+	return Parse(buf, parseOptions...)
+}
diff --git a/vendor/github.com/lestrrat-go/jwx/v2/jwk/interface.go b/vendor/github.com/lestrrat-go/jwx/v2/jwk/interface.go
new file mode 100644
index 000000000..1b9598a44
--- /dev/null
+++ b/vendor/github.com/lestrrat-go/jwx/v2/jwk/interface.go
@@ -0,0 +1,144 @@
+package jwk
+
+import (
+	"context"
+	"sync"
+
+	"github.com/lestrrat-go/iter/arrayiter"
+	"github.com/lestrrat-go/iter/mapiter"
+	"github.com/lestrrat-go/jwx/v2/internal/iter"
+	"github.com/lestrrat-go/jwx/v2/internal/json"
+)
+
+// AsymmetricKey describes a Key that represents an key in an asymmetric key pair,
+// which in turn can be either a private or a public key. This interface
+// allows those keys to be queried if they are one or the other.
+type AsymmetricKey interface {
+	IsPrivate() bool
+}
+
+// KeyUsageType is used to denote what this key should be used for
+type KeyUsageType string
+
+const (
+	// ForSignature is the value used in the headers to indicate that
+	// this key should be used for signatures
+	ForSignature KeyUsageType = "sig"
+	// ForEncryption is the value used in the headers to indicate that
+	// this key should be used for encrypting
+	ForEncryption KeyUsageType = "enc"
+)
+
+type KeyOperation string
+type KeyOperationList []KeyOperation
+
+const (
+	KeyOpSign       KeyOperation = "sign"       // (compute digital signature or MAC)
+	KeyOpVerify     KeyOperation = "verify"     // (verify digital signature or MAC)
+	KeyOpEncrypt    KeyOperation = "encrypt"    // (encrypt content)
+	KeyOpDecrypt    KeyOperation = "decrypt"    // (decrypt content and validate decryption, if applicable)
+	KeyOpWrapKey    KeyOperation = "wrapKey"    // (encrypt key)
+	KeyOpUnwrapKey  KeyOperation = "unwrapKey"  // (decrypt key and validate decryption, if applicable)
+	KeyOpDeriveKey  KeyOperation = "deriveKey"  // (derive key)
+	KeyOpDeriveBits KeyOperation = "deriveBits" // (derive bits not to be used as a key)
+)
+
+// Set represents JWKS object, a collection of jwk.Key objects.
+//
+// Sets can be safely converted to and from JSON using the standard
+// `"encoding/json".Marshal` and `"encoding/json".Unmarshal`. However,
+// if you do not know if the payload contains a single JWK or a JWK set,
+// consider using `jwk.Parse()` to always get a `jwk.Set` out of it.
+//
+// Since v1.2.12, JWK sets with private parameters can be parsed as well.
+// Such private parameters can be accessed via the `Field()` method.
+// If a resource contains a single JWK instead of a JWK set, private parameters
+// are stored in _both_ the resulting `jwk.Set` object and the `jwk.Key` object .
+//
+//nolint:interfacebloat
+type Set interface {
+	// AddKey adds the specified key. If the key already exists in the set,
+	// an error is returned.
+	AddKey(Key) error
+
+	// Clear resets the list of keys associated with this set, emptying the
+	// internal list of `jwk.Key`s, as well as clearing any other non-key
+	// fields
+	Clear() error
+
+	// Get returns the key at index `idx`. If the index is out of range,
+	// then the second return value is false.
+	Key(int) (Key, bool)
+
+	// Get returns the value of a private field in the key set.
+	//
+	// For the purposes of a key set, any field other than the "keys" field is
+	// considered to be a private field. In other words, you cannot use this
+	// method to directly access the list of keys in the set
+	Get(string) (interface{}, bool)
+
+	// Set sets the value of a single field.
+	//
+	// This method, which takes an `interface{}`, exists because
+	// these objects can contain extra _arbitrary_ fields that users can
+	// specify, and there is no way of knowing what type they could be.
+	Set(string, interface{}) error
+
+	// RemoveKey removes the specified non-key field from the set.
+	// Keys may not be removed using this method.
+	Remove(string) error
+
+	// Index returns the index where the given key exists, -1 otherwise
+	Index(Key) int
+
+	// Len returns the number of keys in the set
+	Len() int
+
+	// LookupKeyID returns the first key matching the given key id.
+	// The second return value is false if there are no keys matching the key id.
+	// The set *may* contain multiple keys with the same key id. If you
+	// need all of them, use `Iterate()`
+	LookupKeyID(string) (Key, bool)
+
+	// RemoveKey removes the key from the set.
+	RemoveKey(Key) error
+
+	// Keys creates an iterator to iterate through all keys in the set.
+	Keys(context.Context) KeyIterator
+
+	// Iterate creates an iterator to iterate through all fields other than the keys
+	Iterate(context.Context) HeaderIterator
+
+	// Clone create a new set with identical keys. Keys themselves are not cloned.
+	Clone() (Set, error)
+}
+
+type set struct {
+	keys          []Key
+	mu            sync.RWMutex
+	dc            DecodeCtx
+	privateParams map[string]interface{}
+}
+
+type HeaderVisitor = iter.MapVisitor
+type HeaderVisitorFunc = iter.MapVisitorFunc
+type HeaderPair = mapiter.Pair
+type HeaderIterator = mapiter.Iterator
+type KeyPair = arrayiter.Pair
+type KeyIterator = arrayiter.Iterator
+
+type PublicKeyer interface {
+	// PublicKey creates the corresponding PublicKey type for this object.
+	// All fields are copied onto the new public key, except for those that are not allowed.
+	// Returned value must not be the receiver itself.
+	PublicKey() (Key, error)
+}
+
+type DecodeCtx interface {
+	json.DecodeCtx
+	IgnoreParseError() bool
+}
+type KeyWithDecodeCtx interface {
+	SetDecodeCtx(DecodeCtx)
+	DecodeCtx() DecodeCtx
+}
diff --git a/vendor/github.com/lestrrat-go/jwx/v2/jwk/interface_gen.go b/vendor/github.com/lestrrat-go/jwx/v2/jwk/interface_gen.go
new file mode 100644
index 000000000..9ee50516c
--- /dev/null
+++ b/vendor/github.com/lestrrat-go/jwx/v2/jwk/interface_gen.go
@@ -0,0 +1,130 @@
+// Code generated by tools/cmd/genjwk/main.go. DO NOT EDIT.
+
+package jwk
+
+import (
+	"context"
+	"crypto"
+
+	"github.com/lestrrat-go/jwx/v2/cert"
+	"github.com/lestrrat-go/jwx/v2/jwa"
+)
+
+const (
+	KeyTypeKey                = "kty"
+	KeyUsageKey               = "use"
+	KeyOpsKey                 = "key_ops"
+	AlgorithmKey              = "alg"
+	KeyIDKey                  = "kid"
+	X509URLKey                = "x5u"
+	X509CertChainKey          = "x5c"
+	X509CertThumbprintKey     = "x5t"
+	X509CertThumbprintS256Key = "x5t#S256"
+)
+
+// Key defines the minimal interface for each of the
+// key types. Their use and implementation differ significantly
+// between each key types, so you should use type assertions
+// to perform more specific tasks with each key
+type Key interface {
+	// Get returns the value of a single field. The second boolean return value
+	// will be false if the field is not stored in the source
+	//
+	// This method, which returns an `interface{}`, exists because
+	// these objects can contain extra _arbitrary_ fields that users can
+	// specify, and there is no way of knowing what type they could be
+	Get(string) (interface{}, bool)
+
+	// Set sets the value of a single field. Note that certain fields,
+	// notably "kty", cannot be altered, but will not return an error
+	//
+	// This method, which takes an `interface{}`, exists because
+	// these objects can contain extra _arbitrary_ fields that users can
+	// specify, and there is no way of knowing what type they could be
+	Set(string, interface{}) error
+
+	// Remove removes the field associated with the specified key.
+	// There is no way to remove the `kty` (key type). You will ALWAYS be left with one field in a jwk.Key.
+	Remove(string) error
+	// Validate performs _minimal_ checks if the data stored in the key are valid.
+	// By minimal, we mean that it does not check if the key is valid for use in
+	// cryptographic operations. For example, it does not check if an RSA key's
+	// `e` field is a valid exponent, or if the `n` field is a valid modulus.
+	// Instead, it checks for things such as the _presence_ of some required fields,
+	// or if certain keys' values are of particular length.
+	//
+	// Note that depending on th underlying key type, use of this method requires
+	// that multiple fields in the key are properly populated. For example, an EC
+	// key's "x", "y" fields cannot be validated unless the "crv" field is populated first.
+	//
+	// Validate is never called by `UnmarshalJSON()` or `Set`. It must explicitly be
+	// called by the user
+	Validate() error
+
+	// Raw creates the corresponding raw key. For example,
+	// EC types would create *ecdsa.PublicKey or *ecdsa.PrivateKey,
+	// and OctetSeq types create a []byte key.
+	//
+	// If you do not know the exact type of a jwk.Key before attempting
+	// to obtain the raw key, you can simply pass a pointer to an
+	// empty interface as the first argument.
+	//
+	// If you already know the exact type, it is recommended that you
+	// pass a pointer to the zero value of the actual key type (e.g. &rsa.PrivateKey)
+	// for efficiency.
+	Raw(interface{}) error
+
+	// Thumbprint returns the JWK thumbprint using the indicated
+	// hashing algorithm, according to RFC 7638
+	Thumbprint(crypto.Hash) ([]byte, error)
+
+	// Iterate returns an iterator that returns all keys and values.
+	// See github.com/lestrrat-go/iter for a description of the iterator.
+	Iterate(ctx context.Context) HeaderIterator
+
+	// Walk is a utility tool that allows a visitor to iterate all keys and values
+	Walk(context.Context, HeaderVisitor) error
+
+	// AsMap is a utility tool that returns a new map that contains the same fields as the source
+	AsMap(context.Context) (map[string]interface{}, error)
+
+	// PrivateParams returns the non-standard elements in the source structure
+	// WARNING: DO NOT USE PrivateParams() IF YOU HAVE CONCURRENT CODE ACCESSING THEM.
+	// Use `AsMap()` to get a copy of the entire header, or use `Iterate()` instead
+	PrivateParams() map[string]interface{}
+
+	// Clone creates a new instance of the same type
+	Clone() (Key, error)
+
+	// PublicKey creates the corresponding PublicKey type for this object.
+	// All fields are copied onto the new public key, except for those that are not allowed.
+	//
+	// If the key is already a public key, it returns a new copy minus the disallowed fields as above.
+	PublicKey() (Key, error)
+
+	// KeyType returns the `kty` of a JWK
+	KeyType() jwa.KeyType
+	// KeyUsage returns `use` of a JWK
+	KeyUsage() string
+	// KeyOps returns `key_ops` of a JWK
+	KeyOps() KeyOperationList
+	// Algorithm returns `alg` of a JWK
+
+	// Algorithm returns the value of the `alg` field
+	//
+	// This field may contain either `jwk.SignatureAlgorithm` or `jwk.KeyEncryptionAlgorithm`.
+	// This is why there exists a `jwa.KeyAlgorithm` type that encompases both types.
+	Algorithm() jwa.KeyAlgorithm
+	// KeyID returns `kid` of a JWK
+	KeyID() string
+	// X509URL returns `x5u` of a JWK
+	X509URL() string
+	// X509CertChain returns `x5c` of a JWK
+	X509CertChain() *cert.Chain
+	// X509CertThumbprint returns `x5t` of a JWK
+	X509CertThumbprint() string
+	// X509CertThumbprintS256 returns `x5t#S256` of a JWK
+	X509CertThumbprintS256() string
+
+	makePairs() []*HeaderPair
+}
diff --git a/vendor/github.com/lestrrat-go/jwx/v2/jwk/io.go b/vendor/github.com/lestrrat-go/jwx/v2/jwk/io.go
new file mode 100644
index 000000000..2dc097e2f
--- /dev/null
+++ b/vendor/github.com/lestrrat-go/jwx/v2/jwk/io.go
@@ -0,0 +1,39 @@
+// Code generated by tools/cmd/genreadfile/main.go. DO NOT EDIT.
+
+package jwk
+
+import (
+	"io/fs"
+	"os"
+)
+
+type sysFS struct{}
+
+func (sysFS) Open(path string) (fs.File, error) {
+	return os.Open(path)
+}
+
+func ReadFile(path string, options ...ReadFileOption) (Set, error) {
+	var parseOptions []ParseOption
+	for _, option := range options {
+		if po, ok := option.(ParseOption); ok {
+			parseOptions = append(parseOptions, po)
+		}
+	}
+
+	var srcFS fs.FS = sysFS{}
+	for _, option := range options {
+		switch option.Ident() {
+		case identFS{}:
+			srcFS = option.Value().(fs.FS)
+		}
+	}
+
+	f, err := srcFS.Open(path)
+	if err != nil {
+		return nil, err
+	}
+
+	defer f.Close()
+	return ParseReader(f, parseOptions...)
+}
diff --git a/vendor/github.com/lestrrat-go/jwx/v2/jwk/jwk.go b/vendor/github.com/lestrrat-go/jwx/v2/jwk/jwk.go
new file mode 100644
index 000000000..bf129e8c6
--- /dev/null
+++ b/vendor/github.com/lestrrat-go/jwx/v2/jwk/jwk.go
@@ -0,0 +1,789 @@
+//go:generate ../tools/cmd/genjwk.sh
+
+// Package jwk implements JWK as described in https://tools.ietf.org/html/rfc7517
+package jwk
+
+import (
+	"bytes"
+	"crypto"
+	"crypto/ecdsa"
+	"crypto/ed25519"
+	"crypto/elliptic"
+	"crypto/rsa"
+	"crypto/x509"
+	"encoding/pem"
+	"errors"
+	"fmt"
+	"io"
+	"math/big"
+
+	"github.com/lestrrat-go/jwx/v2/internal/base64"
+	"github.com/lestrrat-go/jwx/v2/internal/ecutil"
+	"github.com/lestrrat-go/jwx/v2/internal/json"
+	"github.com/lestrrat-go/jwx/v2/jwa"
+	"github.com/lestrrat-go/jwx/v2/x25519"
+)
+
+var registry = json.NewRegistry()
+
+func bigIntToBytes(n *big.Int) ([]byte, error) {
+	if n == nil {
+		return nil, fmt.Errorf(`invalid *big.Int value`)
+	}
+	return n.Bytes(), nil
+}
+
+// FromRaw creates a jwk.Key from the given key (RSA/ECDSA/symmetric keys).
+//
+// The constructor auto-detects the type of key to be instantiated
+// based on the input type:
+//
+//   - "crypto/rsa".PrivateKey and "crypto/rsa".PublicKey creates an RSA based key
+//   - "crypto/ecdsa".PrivateKey and "crypto/ecdsa".PublicKey creates an EC based key
+//   - "crypto/ed25519".PrivateKey and "crypto/ed25519".PublicKey creates an OKP based key
+//   - []byte creates a symmetric key
+func FromRaw(key interface{}) (Key, error) {
+	if key == nil {
+		return nil, fmt.Errorf(`jwk.FromRaw requires a non-nil key`)
+	}
+
+	var ptr interface{}
+	switch v := key.(type) {
+	case rsa.PrivateKey:
+		ptr = &v
+	case rsa.PublicKey:
+		ptr = &v
+	case ecdsa.PrivateKey:
+		ptr = &v
+	case ecdsa.PublicKey:
+		ptr = &v
+	default:
+		ptr = v
+	}
+
+	switch rawKey := ptr.(type) {
+	case *rsa.PrivateKey:
+		k := newRSAPrivateKey()
+		if err := k.FromRaw(rawKey); err != nil {
+			return nil, fmt.Errorf(`failed to initialize %T from %T: %w`, k, rawKey, err)
+		}
+		return k, nil
+	case *rsa.PublicKey:
+		k := newRSAPublicKey()
+		if err := k.FromRaw(rawKey); err != nil {
+			return nil, fmt.Errorf(`failed to initialize %T from %T: %w`, k, rawKey, err)
+		}
+		return k, nil
+	case *ecdsa.PrivateKey:
+		k := newECDSAPrivateKey()
+		if err := k.FromRaw(rawKey); err != nil {
+			return nil, fmt.Errorf(`failed to initialize %T from %T: %w`, k, rawKey, err)
+		}
+		return k, nil
+	case *ecdsa.PublicKey:
+		k := newECDSAPublicKey()
+		if err := k.FromRaw(rawKey); err != nil {
+			return nil, fmt.Errorf(`failed to initialize %T from %T: %w`, k, rawKey, err)
+		}
+		return k, nil
+	case ed25519.PrivateKey:
+		k := newOKPPrivateKey()
+		if err := k.FromRaw(rawKey); err != nil {
+			return nil, fmt.Errorf(`failed to initialize %T from %T: %w`, k, rawKey, err)
+		}
+		return k, nil
+	case ed25519.PublicKey:
+		k := newOKPPublicKey()
+		if err := k.FromRaw(rawKey); err != nil {
+			return nil, fmt.Errorf(`failed to initialize %T from %T: %w`, k, rawKey, err)
+		}
+		return k, nil
+	case x25519.PrivateKey:
+		k := newOKPPrivateKey()
+		if err := k.FromRaw(rawKey); err != nil {
+			return nil, fmt.Errorf(`failed to initialize %T from %T: %w`, k, rawKey, err)
+		}
+		return k, nil
+	case x25519.PublicKey:
+		k := newOKPPublicKey()
+		if err := k.FromRaw(rawKey); err != nil {
+			return nil, fmt.Errorf(`failed to initialize %T from %T: %w`, k, rawKey, err)
+		}
+		return k, nil
+	case []byte:
+		k := newSymmetricKey()
+		if err := k.FromRaw(rawKey); err != nil {
+			return nil, fmt.Errorf(`failed to initialize %T from %T: %w`, k, rawKey, err)
+		}
+		return k, nil
+	default:
+		return nil, fmt.Errorf(`invalid key type '%T' for jwk.New`, key)
+	}
+}
+
+// PublicSetOf returns a new jwk.Set consisting of
+// public keys of the keys contained in the set.
+//
+// This is useful when you are generating a set of private keys, and
+// you want to generate the corresponding public versions for the
+// users to verify with.
+//
+// Be aware that all fields will be copied onto the new public key. It is the caller's
+// responsibility to remove any fields, if necessary.
+func PublicSetOf(v Set) (Set, error) {
+	newSet := NewSet()
+
+	n := v.Len()
+	for i := 0; i < n; i++ {
+		k, ok := v.Key(i)
+		if !ok {
+			return nil, fmt.Errorf(`key not found`)
+		}
+		pubKey, err := PublicKeyOf(k)
+		if err != nil {
+			return nil, fmt.Errorf(`failed to get public key of %T: %w`, k, err)
+		}
+		if err := newSet.AddKey(pubKey); err != nil {
+			return nil, fmt.Errorf(`failed to add key to public key set: %w`, err)
+		}
+	}
+
+	return newSet, nil
+}
+
+// PublicKeyOf returns the corresponding public version of the jwk.Key.
+// If `v` is a SymmetricKey, then the same value is returned.
+// If `v` is already a public key, the key itself is returned.
+//
+// If `v` is a private key type that has a `PublicKey()` method, be aware
+// that all fields will be copied onto the new public key. It is the caller's
+// responsibility to remove any fields, if necessary
+//
+// If `v` is a raw key, the key is first converted to a `jwk.Key`
+func PublicKeyOf(v interface{}) (Key, error) {
+	// This should catch all jwk.Key instances
+	if pk, ok := v.(PublicKeyer); ok {
+		return pk.PublicKey()
+	}
+
+	jk, err := FromRaw(v)
+	if err != nil {
+		return nil, fmt.Errorf(`failed to convert key into JWK: %w`, err)
+	}
+
+	return jk.PublicKey()
+}
+
+// PublicRawKeyOf returns the corresponding public key of the given
+// value `v` (e.g. given *rsa.PrivateKey, *rsa.PublicKey is returned)
+// If `v` is already a public key, the key itself is returned.
+//
+// The returned value will always be a pointer to the public key,
+// except when a []byte (e.g. symmetric key, ed25519 key) is passed to `v`.
+// In this case, the same []byte value is returned.
+func PublicRawKeyOf(v interface{}) (interface{}, error) {
+	if pk, ok := v.(PublicKeyer); ok {
+		pubk, err := pk.PublicKey()
+		if err != nil {
+			return nil, fmt.Errorf(`failed to obtain public key from %T: %w`, v, err)
+		}
+
+		var raw interface{}
+		if err := pubk.Raw(&raw); err != nil {
+			return nil, fmt.Errorf(`failed to obtain raw key from %T: %w`, pubk, err)
+		}
+		return raw, nil
+	}
+
+	// This may be a silly idea, but if the user gave us a non-pointer value...
+	var ptr interface{}
+	switch v := v.(type) {
+	case rsa.PrivateKey:
+		ptr = &v
+	case rsa.PublicKey:
+		ptr = &v
+	case ecdsa.PrivateKey:
+		ptr = &v
+	case ecdsa.PublicKey:
+		ptr = &v
+	default:
+		ptr = v
+	}
+
+	switch x := ptr.(type) {
+	case *rsa.PrivateKey:
+		return &x.PublicKey, nil
+	case *rsa.PublicKey:
+		return x, nil
+	case *ecdsa.PrivateKey:
+		return &x.PublicKey, nil
+	case *ecdsa.PublicKey:
+		return x, nil
+	case ed25519.PrivateKey:
+		return x.Public(), nil
+	case ed25519.PublicKey:
+		return x, nil
+	case x25519.PrivateKey:
+		return x.Public(), nil
+	case x25519.PublicKey:
+		return x, nil
+	case []byte:
+		return x, nil
+	default:
+		return nil, fmt.Errorf(`invalid key type passed to PublicKeyOf (%T)`, v)
+	}
+}
+
+const (
+	pmPrivateKey    = `PRIVATE KEY`
+	pmPublicKey     = `PUBLIC KEY`
+	pmECPrivateKey  = `EC PRIVATE KEY`
+	pmRSAPublicKey  = `RSA PUBLIC KEY`
+	pmRSAPrivateKey = `RSA PRIVATE KEY`
+)
+
+// EncodeX509 encodes the key into a byte sequence in ASN.1 DER format
+// suitable for to be PEM encoded. The key can be a jwk.Key or a raw key
+// instance, but it must be one of the types supported by `x509` package.
+//
+// This function will try to do the right thing depending on the key type
+// (i.e. switch between `x509.MarshalPKCS1PRivateKey` and `x509.MarshalECPrivateKey`),
+// but for public keys, it will always use `x509.MarshalPKIXPublicKey`.
+// Please manually perform the encoding if you need more fine grained control
+//
+// The first return value is the name that can be used for `(pem.Block).Type`.
+// The second return value is the encoded byte sequence.
+func EncodeX509(v interface{}) (string, []byte, error) {
+	// we can't import jwk, so just use the interface
+	if key, ok := v.(interface{ Raw(interface{}) error }); ok {
+		var raw interface{}
+		if err := key.Raw(&raw); err != nil {
+			return "", nil, fmt.Errorf(`failed to get raw key out of %T: %w`, key, err)
+		}
+
+		v = raw
+	}
+
+	// Try to convert it into a certificate
+	switch v := v.(type) {
+	case *rsa.PrivateKey:
+		return pmRSAPrivateKey, x509.MarshalPKCS1PrivateKey(v), nil
+	case *ecdsa.PrivateKey:
+		marshaled, err := x509.MarshalECPrivateKey(v)
+		if err != nil {
+			return "", nil, err
+		}
+		return pmECPrivateKey, marshaled, nil
+	case ed25519.PrivateKey:
+		marshaled, err := x509.MarshalPKCS8PrivateKey(v)
+		if err != nil {
+			return "", nil, err
+		}
+		return pmPrivateKey, marshaled, nil
+	case *rsa.PublicKey, *ecdsa.PublicKey, ed25519.PublicKey:
+		marshaled, err := x509.MarshalPKIXPublicKey(v)
+		if err != nil {
+			return "", nil, err
+		}
+		return pmPublicKey, marshaled, nil
+	default:
+		return "", nil, fmt.Errorf(`unsupported type %T for ASN.1 DER encoding`, v)
+	}
+}
+
+// EncodePEM encodes the key into a PEM encoded ASN.1 DER format.
+// The key can be a jwk.Key or a raw key instance, but it must be one of
+// the types supported by `x509` package.
+//
+// Internally, it uses the same routine as `jwk.EncodeX509()`, and therefore
+// the same caveats apply
+func EncodePEM(v interface{}) ([]byte, error) {
+	typ, marshaled, err := EncodeX509(v)
+	if err != nil {
+		return nil, fmt.Errorf(`failed to encode key in x509: %w`, err)
+	}
+
+	block := &pem.Block{
+		Type:  typ,
+		Bytes: marshaled,
+	}
+	return pem.EncodeToMemory(block), nil
+}
+
+// DecodePEM decodes a key in PEM encoded ASN.1 DER format.
+// and returns a raw key
+func DecodePEM(src []byte) (interface{}, []byte, error) {
+	block, rest := pem.Decode(src)
+	if block == nil {
+		return nil, nil, fmt.Errorf(`failed to decode PEM data`)
+	}
+
+	switch block.Type {
+	// Handle the semi-obvious cases
+	case pmRSAPrivateKey:
+		key, err := x509.ParsePKCS1PrivateKey(block.Bytes)
+		if err != nil {
+			return nil, nil, fmt.Errorf(`failed to parse PKCS1 private key: %w`, err)
+		}
+		return key, rest, nil
+	case pmRSAPublicKey:
+		key, err := x509.ParsePKCS1PublicKey(block.Bytes)
+		if err != nil {
+			return nil, nil, fmt.Errorf(`failed to parse PKCS1 public key: %w`, err)
+		}
+		return key, rest, nil
+	case pmECPrivateKey:
+		key, err := x509.ParseECPrivateKey(block.Bytes)
+		if err != nil {
+			return nil, nil, fmt.Errorf(`failed to parse EC private key: %w`, err)
+		}
+		return key, rest, nil
+	case pmPublicKey:
+		// XXX *could* return dsa.PublicKey
+		key, err := x509.ParsePKIXPublicKey(block.Bytes)
+		if err != nil {
+			return nil, nil, fmt.Errorf(`failed to parse PKIX public key: %w`, err)
+		}
+		return key, rest, nil
+	case pmPrivateKey:
+		key, err := x509.ParsePKCS8PrivateKey(block.Bytes)
+		if err != nil {
+			return nil, nil, fmt.Errorf(`failed to parse PKCS8 private key: %w`, err)
+		}
+		return key, rest, nil
+	case "CERTIFICATE":
+		cert, err := x509.ParseCertificate(block.Bytes)
+		if err != nil {
+			return nil, nil, fmt.Errorf(`failed to parse certificate: %w`, err)
+		}
+		return cert.PublicKey, rest, nil
+	default:
+		return nil, nil, fmt.Errorf(`invalid PEM block type %s`, block.Type)
+	}
+}
+
+// ParseRawKey is a combination of ParseKey and Raw. It parses a single JWK key,
+// and assigns the "raw" key to the given parameter. The key must either be
+// a pointer to an empty interface, or a pointer to the actual raw key type
+// such as *rsa.PrivateKey, *ecdsa.PublicKey, *[]byte, etc.
+func ParseRawKey(data []byte, rawkey interface{}) error {
+	key, err := ParseKey(data)
+	if err != nil {
+		return fmt.Errorf(`failed to parse key: %w`, err)
+	}
+
+	if err := key.Raw(rawkey); err != nil {
+		return fmt.Errorf(`failed to assign to raw key variable: %w`, err)
+	}
+
+	return nil
+}
+
+type setDecodeCtx struct {
+	json.DecodeCtx
+	ignoreParseError bool
+}
+
+func (ctx *setDecodeCtx) IgnoreParseError() bool {
+	return ctx.ignoreParseError
+}
+
+// ParseKey parses a single key JWK. Unlike `jwk.Parse` this method will
+// report failure if you attempt to pass a JWK set. Only use this function
+// when you know that the data is a single JWK.
+//
+// Given a WithPEM(true) option, this function assumes that the given input
+// is PEM encoded ASN.1 DER format key.
+//
+// Note that a successful parsing of any type of key does NOT necessarily
+// guarantee a valid key. For example, no checks against expiration dates
+// are performed for certificate expiration, no checks against missing
+// parameters are performed, etc.
+func ParseKey(data []byte, options ...ParseOption) (Key, error) {
+	var parsePEM bool
+	var localReg *json.Registry
+	for _, option := range options {
+		//nolint:forcetypeassert
+		switch option.Ident() {
+		case identPEM{}:
+			parsePEM = option.Value().(bool)
+		case identLocalRegistry{}:
+			// in reality you can only pass either withLocalRegistry or
+			// WithTypedField, but since withLocalRegistry is used only by us,
+			// we skip checking
+			localReg = option.Value().(*json.Registry)
+		case identTypedField{}:
+			pair := option.Value().(typedFieldPair)
+			if localReg == nil {
+				localReg = json.NewRegistry()
+			}
+			localReg.Register(pair.Name, pair.Value)
+		case identIgnoreParseError{}:
+			return nil, fmt.Errorf(`jwk.WithIgnoreParseError() cannot be used for ParseKey()`)
+		}
+	}
+
+	if parsePEM {
+		raw, _, err := DecodePEM(data)
+		if err != nil {
+			return nil, fmt.Errorf(`failed to parse PEM encoded key: %w`, err)
+		}
+		return FromRaw(raw)
+	}
+
+	var hint struct {
+		Kty string          `json:"kty"`
+		D   json.RawMessage `json:"d"`
+	}
+
+	if err := json.Unmarshal(data, &hint); err != nil {
+		return nil, fmt.Errorf(`failed to unmarshal JSON into key hint: %w`, err)
+	}
+
+	var key Key
+	switch jwa.KeyType(hint.Kty) {
+	case jwa.RSA:
+		if len(hint.D) > 0 {
+			key = newRSAPrivateKey()
+		} else {
+			key = newRSAPublicKey()
+		}
+	case jwa.EC:
+		if len(hint.D) > 0 {
+			key = newECDSAPrivateKey()
+		} else {
+			key = newECDSAPublicKey()
+		}
+	case jwa.OctetSeq:
+		key = newSymmetricKey()
+	case jwa.OKP:
+		if len(hint.D) > 0 {
+			key = newOKPPrivateKey()
+		} else {
+			key = newOKPPublicKey()
+		}
+	default:
+		return nil, fmt.Errorf(`invalid key type from JSON (%s)`, hint.Kty)
+	}
+
+	if localReg != nil {
+		dcKey, ok := key.(json.DecodeCtxContainer)
+		if !ok {
+			return nil, fmt.Errorf(`typed field was requested, but the key (%T) does not support DecodeCtx`, key)
+		}
+		dc := json.NewDecodeCtx(localReg)
+		dcKey.SetDecodeCtx(dc)
+		defer func() { dcKey.SetDecodeCtx(nil) }()
+	}
+
+	if err := json.Unmarshal(data, key); err != nil {
+		return nil, fmt.Errorf(`failed to unmarshal JSON into key (%T): %w`, key, err)
+	}
+
+	return key, nil
+}
+
+// Parse parses JWK from the incoming []byte.
+//
+// For JWK sets, this is a convenience function. You could just as well
+// call `json.Unmarshal` against an empty set created by `jwk.NewSet()`
+// to parse a JSON buffer into a `jwk.Set`.
+//
+// This function exists because many times the user does not know before hand
+// if a JWK(s) resource at a remote location contains a single JWK key or
+// a JWK set, and `jwk.Parse()` can handle either case, returning a JWK Set
+// even if the data only contains a single JWK key
+//
+// If you are looking for more information on how JWKs are parsed, or if
+// you know for sure that you have a single key, please see the documentation
+// for `jwk.ParseKey()`.
+func Parse(src []byte, options ...ParseOption) (Set, error) {
+	var parsePEM bool
+	var localReg *json.Registry
+	var ignoreParseError bool
+	for _, option := range options {
+		//nolint:forcetypeassert
+		switch option.Ident() {
+		case identPEM{}:
+			parsePEM = option.Value().(bool)
+		case identIgnoreParseError{}:
+			ignoreParseError = option.Value().(bool)
+		case identTypedField{}:
+			pair := option.Value().(typedFieldPair)
+			if localReg == nil {
+				localReg = json.NewRegistry()
+			}
+			localReg.Register(pair.Name, pair.Value)
+		}
+	}
+
+	s := NewSet()
+
+	if parsePEM {
+		src = bytes.TrimSpace(src)
+		for len(src) > 0 {
+			raw, rest, err := DecodePEM(src)
+			if err != nil {
+				return nil, fmt.Errorf(`failed to parse PEM encoded key: %w`, err)
+			}
+			key, err := FromRaw(raw)
+			if err != nil {
+				return nil, fmt.Errorf(`failed to create jwk.Key from %T: %w`, raw, err)
+			}
+			if err := s.AddKey(key); err != nil {
+				return nil, fmt.Errorf(`failed to add jwk.Key to set: %w`, err)
+			}
+			src = bytes.TrimSpace(rest)
+		}
+		return s, nil
+	}
+
+	if localReg != nil || ignoreParseError {
+		dcKs, ok := s.(KeyWithDecodeCtx)
+		if !ok {
+			return nil, fmt.Errorf(`typed field was requested, but the key set (%T) does not support DecodeCtx`, s)
+		}
+		dc := &setDecodeCtx{
+			DecodeCtx:        json.NewDecodeCtx(localReg),
+			ignoreParseError: ignoreParseError,
+		}
+		dcKs.SetDecodeCtx(dc)
+		defer func() { dcKs.SetDecodeCtx(nil) }()
+	}
+
+	if err := json.Unmarshal(src, s); err != nil {
+		return nil, fmt.Errorf(`failed to unmarshal JWK set: %w`, err)
+	}
+
+	return s, nil
+}
+
+// ParseReader parses a JWK set from the incoming byte buffer.
+func ParseReader(src io.Reader, options ...ParseOption) (Set, error) {
+	// meh, there's no way to tell if a stream has "ended" a single
+	// JWKs except when we encounter an EOF, so just... ReadAll
+	buf, err := io.ReadAll(src)
+	if err != nil {
+		return nil, fmt.Errorf(`failed to read from io.Reader: %w`, err)
+	}
+
+	return Parse(buf, options...)
+}
+
+// ParseString parses a JWK set from the incoming string.
+func ParseString(s string, options ...ParseOption) (Set, error) {
+	return Parse([]byte(s), options...)
+}
+
+// AssignKeyID is a convenience function to automatically assign the "kid"
+// section of the key, if it already doesn't have one. It uses Key.Thumbprint
+// method with crypto.SHA256 as the default hashing algorithm
+func AssignKeyID(key Key, options ...AssignKeyIDOption) error {
+	if _, ok := key.Get(KeyIDKey); ok {
+		return nil
+	}
+
+	hash := crypto.SHA256
+	for _, option := range options {
+		//nolint:forcetypeassert
+		switch option.Ident() {
+		case identThumbprintHash{}:
+			hash = option.Value().(crypto.Hash)
+		}
+	}
+
+	h, err := key.Thumbprint(hash)
+	if err != nil {
+		return fmt.Errorf(`failed to generate thumbprint: %w`, err)
+	}
+
+	if err := key.Set(KeyIDKey, base64.EncodeToString(h)); err != nil {
+		return fmt.Errorf(`failed to set "kid": %w`, err)
+	}
+
+	return nil
+}
+
+func cloneKey(src Key) (Key, error) {
+	var dst Key
+	switch src.(type) {
+	case RSAPrivateKey:
+		dst = newRSAPrivateKey()
+	case RSAPublicKey:
+		dst = newRSAPublicKey()
+	case ECDSAPrivateKey:
+		dst = newECDSAPrivateKey()
+	case ECDSAPublicKey:
+		dst = newECDSAPublicKey()
+	case OKPPrivateKey:
+		dst = newOKPPrivateKey()
+	case OKPPublicKey:
+		dst = newOKPPublicKey()
+	case SymmetricKey:
+		dst = newSymmetricKey()
+	default:
+		return nil, fmt.Errorf(`unknown key type %T`, src)
+	}
+
+	for _, pair := range src.makePairs() {
+		//nolint:forcetypeassert
+		key := pair.Key.(string)
+		if err := dst.Set(key, pair.Value); err != nil {
+			return nil, fmt.Errorf(`failed to set %q: %w`, key, err)
+		}
+	}
+	return dst, nil
+}
+
+// Pem serializes the given jwk.Key in PEM encoded ASN.1 DER format,
+// using either PKCS8 for private keys and PKIX for public keys.
+// If you need to encode using PKCS1 or SEC1, you must do it yourself.
+//
+// # Argument must be of type jwk.Key or jwk.Set
+//
+// Currently only EC (including Ed25519) and RSA keys (and jwk.Set
+// comprised of these key types) are supported.
+func Pem(v interface{}) ([]byte, error) {
+	var set Set
+	switch v := v.(type) {
+	case Key:
+		set = NewSet()
+		if err := set.AddKey(v); err != nil {
+			return nil, fmt.Errorf(`failed to add key to set: %w`, err)
+		}
+	case Set:
+		set = v
+	default:
+		return nil, fmt.Errorf(`argument to Pem must be either jwk.Key or jwk.Set: %T`, v)
+	}
+
+	var ret []byte
+	for i := 0; i < set.Len(); i++ {
+		key, _ := set.Key(i)
+		typ, buf, err := asnEncode(key)
+		if err != nil {
+			return nil, fmt.Errorf(`failed to encode content for key #%d: %w`, i, err)
+		}
+
+		var block pem.Block
+		block.Type = typ
+		block.Bytes = buf
+		ret = append(ret, pem.EncodeToMemory(&block)...)
+	}
+	return ret, nil
+}
+
+func asnEncode(key Key) (string, []byte, error) {
+	switch key := key.(type) {
+	case RSAPrivateKey, ECDSAPrivateKey, OKPPrivateKey:
+		var rawkey interface{}
+		if err := key.Raw(&rawkey); err != nil {
+			return "", nil, fmt.Errorf(`failed to get raw key from jwk.Key: %w`, err)
+		}
+		buf, err := x509.MarshalPKCS8PrivateKey(rawkey)
+		if err != nil {
+			return "", nil, fmt.Errorf(`failed to marshal PKCS8: %w`, err)
+		}
+		return pmPrivateKey, buf, nil
+	case RSAPublicKey, ECDSAPublicKey, OKPPublicKey:
+		var rawkey interface{}
+		if err := key.Raw(&rawkey); err != nil {
+			return "", nil, fmt.Errorf(`failed to get raw key from jwk.Key: %w`, err)
+		}
+		buf, err := x509.MarshalPKIXPublicKey(rawkey)
+		if err != nil {
+			return "", nil, fmt.Errorf(`failed to marshal PKIX: %w`, err)
+		}
+		return pmPublicKey, buf, nil
+	default:
+		return "", nil, fmt.Errorf(`unsupported key type %T`, key)
+	}
+}
+
+// RegisterCustomField allows users to specify that a private field
+// be decoded as an instance of the specified type. This option has
+// a global effect.
+//
+// For example, suppose you have a custom field `x-birthday`, which
+// you want to represent as a string formatted in RFC3339 in JSON,
+// but want it back as `time.Time`.
+//
+// In that case you would register a custom field as follows
+//
+//	jwk.RegisterCustomField(`x-birthday`, timeT)
+//
+// Then `key.Get("x-birthday")` will still return an `interface{}`,
+// but you can convert its type to `time.Time`
+//
+//	bdayif, _ := key.Get(`x-birthday`)
+//	bday := bdayif.(time.Time)
+func RegisterCustomField(name string, object interface{}) {
+	registry.Register(name, object)
+}
+
+func AvailableCurves() []elliptic.Curve {
+	return ecutil.AvailableCurves()
+}
+
+func CurveForAlgorithm(alg jwa.EllipticCurveAlgorithm) (elliptic.Curve, bool) {
+	return ecutil.CurveForAlgorithm(alg)
+}
+
+// Equal compares two keys and returns true if they are equal. The comparison
+// is solely done against the thumbprints of k1 and k2. It is possible for keys
+// that have, for example, different key IDs, key usage, etc, to be considered equal.
+func Equal(k1, k2 Key) bool {
+	h := crypto.SHA256
+	tp1, err := k1.Thumbprint(h)
+	if err != nil {
+		return false // can't report error
+	}
+	tp2, err := k2.Thumbprint(h)
+	if err != nil {
+		return false // can't report error
+	}
+
+	return bytes.Equal(tp1, tp2)
+}
+
+// IsPrivateKey returns true if the supplied key is a private key of an
+// asymmetric key pair. The argument `k` must implement the `AsymmetricKey`
+// interface.
+//
+// An error is returned if the supplied key is not an `AsymmetricKey`.
+func IsPrivateKey(k Key) (bool, error) {
+	asymmetric, ok := k.(AsymmetricKey)
+	if ok {
+		return asymmetric.IsPrivate(), nil
+	}
+	return false, fmt.Errorf("jwk.IsPrivateKey: %T is not an asymmetric key", k)
+}
+
+type keyValidationError struct {
+	err error
+}
+
+func (e *keyValidationError) Error() string {
+	return fmt.Sprintf(`key validation failed: %s`, e.err)
+}
+
+func (e *keyValidationError) Unwrap() error {
+	return e.err
+}
+
+func (e *keyValidationError) Is(target error) bool {
+	_, ok := target.(*keyValidationError)
+	return ok
+}
+
+// NewKeyValidationError wraps the given error with an error that denotes
+// `key.Validate()` has failed. This error type should ONLY be used as
+// return value from the `Validate()` method.
+func NewKeyValidationError(err error) error {
+	return &keyValidationError{err: err}
+}
+
+func IsKeyValidationError(err error) bool {
+	var kve keyValidationError
+	return errors.Is(err, &kve)
+}
diff --git a/vendor/github.com/lestrrat-go/jwx/v2/jwk/key_ops.go b/vendor/github.com/lestrrat-go/jwx/v2/jwk/key_ops.go
new file mode 100644
index 000000000..26fc2f28c
--- /dev/null
+++ b/vendor/github.com/lestrrat-go/jwx/v2/jwk/key_ops.go
@@ -0,0 +1,58 @@
+package jwk
+
+import "fmt"
+
+func (ops *KeyOperationList) Get() KeyOperationList {
+	if ops == nil {
+		return nil
+	}
+	return *ops
+}
+
+func (ops *KeyOperationList) Accept(v interface{}) error {
+	switch x := v.(type) {
+	case string:
+		return ops.Accept([]string{x})
+	case []interface{}:
+		l := make([]string, len(x))
+		for i, e := range x {
+			if es, ok := e.(string); ok {
+				l[i] = es
+			} else {
+				return fmt.Errorf(`invalid list element type: expected string, got %T`, v)
+			}
+		}
+		return ops.Accept(l)
+	case []string:
+		list := make(KeyOperationList, len(x))
+		for i, e := range x {
+			switch e := KeyOperation(e); e {
+			case KeyOpSign, KeyOpVerify, KeyOpEncrypt, KeyOpDecrypt, KeyOpWrapKey, KeyOpUnwrapKey, KeyOpDeriveKey, KeyOpDeriveBits:
+				list[i] = e
+			default:
+				return fmt.Errorf(`invalid keyoperation %v`, e)
+			}
+		}
+
+		*ops = list
+		return nil
+	case []KeyOperation:
+		list := make(KeyOperationList, len(x))
+		for i, e := range x {
+			switch e {
+			case KeyOpSign, KeyOpVerify, KeyOpEncrypt, KeyOpDecrypt, KeyOpWrapKey, KeyOpUnwrapKey, KeyOpDeriveKey, KeyOpDeriveBits:
+				list[i] = e
+			default:
+				return fmt.Errorf(`invalid keyoperation %v`, e)
+			}
+		}
+
+		*ops = list
+		return nil
+	case KeyOperationList:
+		*ops = x
+		return nil
+	default:
+		return fmt.Errorf(`invalid value %T`, v)
+	}
+}
diff --git a/vendor/github.com/lestrrat-go/jwx/v2/jwk/okp.go b/vendor/github.com/lestrrat-go/jwx/v2/jwk/okp.go
new file mode 100644
index 000000000..7754bf2a0
--- /dev/null
+++ b/vendor/github.com/lestrrat-go/jwx/v2/jwk/okp.go
@@ -0,0 +1,227 @@
+package jwk
+
+import (
+	"bytes"
+	"crypto"
+	"crypto/ed25519"
+	"fmt"
+
+	"github.com/lestrrat-go/blackmagic"
+	"github.com/lestrrat-go/jwx/v2/internal/base64"
+	"github.com/lestrrat-go/jwx/v2/jwa"
+	"github.com/lestrrat-go/jwx/v2/x25519"
+)
+
+func (k *okpPublicKey) FromRaw(rawKeyIf interface{}) error {
+	k.mu.Lock()
+	defer k.mu.Unlock()
+
+	var crv jwa.EllipticCurveAlgorithm
+	switch rawKey := rawKeyIf.(type) {
+	case ed25519.PublicKey:
+		k.x = rawKey
+		crv = jwa.Ed25519
+		k.crv = &crv
+	case x25519.PublicKey:
+		k.x = rawKey
+		crv = jwa.X25519
+		k.crv = &crv
+	default:
+		return fmt.Errorf(`unknown key type %T`, rawKeyIf)
+	}
+
+	return nil
+}
+
+func (k *okpPrivateKey) FromRaw(rawKeyIf interface{}) error {
+	k.mu.Lock()
+	defer k.mu.Unlock()
+
+	var crv jwa.EllipticCurveAlgorithm
+	switch rawKey := rawKeyIf.(type) {
+	case ed25519.PrivateKey:
+		k.d = rawKey.Seed()
+		k.x = rawKey.Public().(ed25519.PublicKey) //nolint:forcetypeassert
+		crv = jwa.Ed25519
+		k.crv = &crv
+	case x25519.PrivateKey:
+		k.d = rawKey.Seed()
+		k.x = rawKey.Public().(x25519.PublicKey) //nolint:forcetypeassert
+		crv = jwa.X25519
+		k.crv = &crv
+	default:
+		return fmt.Errorf(`unknown key type %T`, rawKeyIf)
+	}
+
+	return nil
+}
+
+func buildOKPPublicKey(alg jwa.EllipticCurveAlgorithm, xbuf []byte) (interface{}, error) {
+	switch alg {
+	case jwa.Ed25519:
+		return ed25519.PublicKey(xbuf), nil
+	case jwa.X25519:
+		return x25519.PublicKey(xbuf), nil
+	default:
+		return nil, fmt.Errorf(`invalid curve algorithm %s`, alg)
+	}
+}
+
+// Raw returns the EC-DSA public key represented by this JWK
+func (k *okpPublicKey) Raw(v interface{}) error {
+	k.mu.RLock()
+	defer k.mu.RUnlock()
+
+	pubk, err := buildOKPPublicKey(k.Crv(), k.x)
+	if err != nil {
+		return fmt.Errorf(`failed to build public key: %w`, err)
+	}
+
+	return blackmagic.AssignIfCompatible(v, pubk)
+}
+
+func buildOKPPrivateKey(alg jwa.EllipticCurveAlgorithm, xbuf []byte, dbuf []byte) (interface{}, error) {
+	if len(dbuf) == 0 {
+		return nil, fmt.Errorf(`cannot use empty seed`)
+	}
+	switch alg {
+	case jwa.Ed25519:
+		if len(dbuf) != ed25519.SeedSize {
+			return nil, fmt.Errorf(`wrong private key size`)
+		}
+		ret := ed25519.NewKeyFromSeed(dbuf)
+		//nolint:forcetypeassert
+		if !bytes.Equal(xbuf, ret.Public().(ed25519.PublicKey)) {
+			return nil, fmt.Errorf(`invalid x value given d value`)
+		}
+		return ret, nil
+	case jwa.X25519:
+		ret, err := x25519.NewKeyFromSeed(dbuf)
+		if err != nil {
+			return nil, fmt.Errorf(`unable to construct x25519 private key from seed: %w`, err)
+		}
+		//nolint:forcetypeassert
+		if !bytes.Equal(xbuf, ret.Public().(x25519.PublicKey)) {
+			return nil, fmt.Errorf(`invalid x value given d value`)
+		}
+		return ret, nil
+	default:
+		return nil, fmt.Errorf(`invalid curve algorithm %s`, alg)
+	}
+}
+
+func (k *okpPrivateKey) Raw(v interface{}) error {
+	k.mu.RLock()
+	defer k.mu.RUnlock()
+
+	privk, err := buildOKPPrivateKey(k.Crv(), k.x, k.d)
+	if err != nil {
+		return fmt.Errorf(`failed to build public key: %w`, err)
+	}
+
+	return blackmagic.AssignIfCompatible(v, privk)
+}
+
+func makeOKPPublicKey(v interface {
+	makePairs() []*HeaderPair
+}) (Key, error) {
+	newKey := newOKPPublicKey()
+
+	// Iterate and copy everything except for the bits that should not be in the public key
+	for _, pair := range v.makePairs() {
+		switch pair.Key {
+		case OKPDKey:
+			continue
+		default:
+			//nolint:forcetypeassert
+			key := pair.Key.(string)
+			if err := newKey.Set(key, pair.Value); err != nil {
+				return nil, fmt.Errorf(`failed to set field %q: %w`, key, err)
+			}
+		}
+	}
+
+	return newKey, nil
+}
+
+func (k *okpPrivateKey) PublicKey() (Key, error) {
+	return makeOKPPublicKey(k)
+}
+
+func (k *okpPublicKey) PublicKey() (Key, error) {
+	return makeOKPPublicKey(k)
+}
+
+func okpThumbprint(hash crypto.Hash, crv, x string) []byte {
+	h := hash.New()
+	fmt.Fprint(h, `{"crv":"`)
+	fmt.Fprint(h, crv)
+	fmt.Fprint(h, `","kty":"OKP","x":"`)
+	fmt.Fprint(h, x)
+	fmt.Fprint(h, `"}`)
+	return h.Sum(nil)
+}
+
+// Thumbprint returns the JWK thumbprint using the indicated
+// hashing algorithm, according to RFC 7638 / 8037
+func (k okpPublicKey) Thumbprint(hash crypto.Hash) ([]byte, error) {
+	k.mu.RLock()
+	defer k.mu.RUnlock()
+
+	return okpThumbprint(
+		hash,
+		k.Crv().String(),
+		base64.EncodeToString(k.x),
+	), nil
+}
+
+// Thumbprint returns the JWK thumbprint using the indicated
+// hashing algorithm, according to RFC 7638 / 8037
+func (k okpPrivateKey) Thumbprint(hash crypto.Hash) ([]byte, error) {
+	k.mu.RLock()
+	defer k.mu.RUnlock()
+
+	return okpThumbprint(
+		hash,
+		k.Crv().String(),
+		base64.EncodeToString(k.x),
+	), nil
+}
+
+func validateOKPKey(key interface {
+	Crv() jwa.EllipticCurveAlgorithm
+	X() []byte
+}) error {
+	if key.Crv() == jwa.InvalidEllipticCurve {
+		return fmt.Errorf(`invalid curve algorithm`)
+	}
+
+	if len(key.X()) == 0 {
+		return fmt.Errorf(`missing "x" field`)
+	}
+
+	if priv, ok := key.(interface{ D() []byte }); ok {
+		if len(priv.D()) == 0 {
+			return fmt.Errorf(`missing "d" field`)
+		}
+	}
+	return nil
+}
+
+func (k *okpPublicKey) Validate() error {
+	k.mu.RLock()
+	defer k.mu.RUnlock()
+	if err := validateOKPKey(k); err != nil {
+		return NewKeyValidationError(fmt.Errorf(`jwk.OKPPublicKey: %w`, err))
+	}
+	return nil
+}
+
+func (k *okpPrivateKey) Validate() error {
+	k.mu.RLock()
+	defer k.mu.RUnlock()
+	if err := validateOKPKey(k); err != nil {
+		return NewKeyValidationError(fmt.Errorf(`jwk.OKPPrivateKey: %w`, err))
+	}
+	return nil
+}
diff --git a/vendor/github.com/lestrrat-go/jwx/v2/jwk/okp_gen.go b/vendor/github.com/lestrrat-go/jwx/v2/jwk/okp_gen.go
new file mode 100644
index 000000000..72cdf57a1
--- /dev/null
+++ b/vendor/github.com/lestrrat-go/jwx/v2/jwk/okp_gen.go
@@ -0,0 +1,1127 @@
+// Code generated by tools/cmd/genjwk/main.go. DO NOT EDIT.
+
+package jwk
+
+import (
+	"bytes"
+	"context"
+	"fmt"
+	"sort"
+	"sync"
+
+	"github.com/lestrrat-go/iter/mapiter"
+	"github.com/lestrrat-go/jwx/v2/cert"
+	"github.com/lestrrat-go/jwx/v2/internal/base64"
+	"github.com/lestrrat-go/jwx/v2/internal/iter"
+	"github.com/lestrrat-go/jwx/v2/internal/json"
+	"github.com/lestrrat-go/jwx/v2/internal/pool"
+	"github.com/lestrrat-go/jwx/v2/jwa"
+)
+
+const (
+	OKPCrvKey = "crv"
+	OKPDKey   = "d"
+	OKPXKey   = "x"
+)
+
+type OKPPublicKey interface {
+	Key
+	FromRaw(interface{}) error
+	Crv() jwa.EllipticCurveAlgorithm
+	X() []byte
+}
+
+type okpPublicKey struct {
+	algorithm              *jwa.KeyAlgorithm // https://tools.ietf.org/html/rfc7517#section-4.4
+	crv                    *jwa.EllipticCurveAlgorithm
+	keyID                  *string           // https://tools.ietf.org/html/rfc7515#section-4.1.4
+	keyOps                 *KeyOperationList // https://tools.ietf.org/html/rfc7517#section-4.3
+	keyUsage               *string           // https://tools.ietf.org/html/rfc7517#section-4.2
+	x                      []byte
+	x509CertChain          *cert.Chain // https://tools.ietf.org/html/rfc7515#section-4.1.6
+	x509CertThumbprint     *string     // https://tools.ietf.org/html/rfc7515#section-4.1.7
+	x509CertThumbprintS256 *string     // https://tools.ietf.org/html/rfc7515#section-4.1.8
+	x509URL                *string     // https://tools.ietf.org/html/rfc7515#section-4.1.5
+	privateParams          map[string]interface{}
+	mu                     *sync.RWMutex
+	dc                     json.DecodeCtx
+}
+
+var _ OKPPublicKey = &okpPublicKey{}
+var _ Key = &okpPublicKey{}
+
+func newOKPPublicKey() *okpPublicKey {
+	return &okpPublicKey{
+		mu:            &sync.RWMutex{},
+		privateParams: make(map[string]interface{}),
+	}
+}
+
+func (h okpPublicKey) KeyType() jwa.KeyType {
+	return jwa.OKP
+}
+
+func (h okpPublicKey) IsPrivate() bool {
+	return false
+}
+
+func (h *okpPublicKey) Algorithm() jwa.KeyAlgorithm {
+	if h.algorithm != nil {
+		return *(h.algorithm)
+	}
+	return jwa.InvalidKeyAlgorithm("")
+}
+
+func (h *okpPublicKey) Crv() jwa.EllipticCurveAlgorithm {
+	if h.crv != nil {
+		return *(h.crv)
+	}
+	return jwa.InvalidEllipticCurve
+}
+
+func (h *okpPublicKey) KeyID() string {
+	if h.keyID != nil {
+		return *(h.keyID)
+	}
+	return ""
+}
+
+func (h *okpPublicKey) KeyOps() KeyOperationList {
+	if h.keyOps != nil {
+		return *(h.keyOps)
+	}
+	return nil
+}
+
+func (h *okpPublicKey) KeyUsage() string {
+	if h.keyUsage != nil {
+		return *(h.keyUsage)
+	}
+	return ""
+}
+
+func (h *okpPublicKey) X() []byte {
+	return h.x
+}
+
+func (h *okpPublicKey) X509CertChain() *cert.Chain {
+	return h.x509CertChain
+}
+
+func (h *okpPublicKey) X509CertThumbprint() string {
+	if h.x509CertThumbprint != nil {
+		return *(h.x509CertThumbprint)
+	}
+	return ""
+}
+
+func (h *okpPublicKey) X509CertThumbprintS256() string {
+	if h.x509CertThumbprintS256 != nil {
+		return *(h.x509CertThumbprintS256)
+	}
+	return ""
+}
+
+func (h *okpPublicKey) X509URL() string {
+	if h.x509URL != nil {
+		return *(h.x509URL)
+	}
+	return ""
+}
+
+func (h *okpPublicKey) makePairs() []*HeaderPair {
+	h.mu.RLock()
+	defer h.mu.RUnlock()
+
+	var pairs []*HeaderPair
+	pairs = append(pairs, &HeaderPair{Key: "kty", Value: jwa.OKP})
+	if h.algorithm != nil {
+		pairs = append(pairs, &HeaderPair{Key: AlgorithmKey, Value: *(h.algorithm)})
+	}
+	if h.crv != nil {
+		pairs = append(pairs, &HeaderPair{Key: OKPCrvKey, Value: *(h.crv)})
+	}
+	if h.keyID != nil {
+		pairs = append(pairs, &HeaderPair{Key: KeyIDKey, Value: *(h.keyID)})
+	}
+	if h.keyOps != nil {
+		pairs = append(pairs, &HeaderPair{Key: KeyOpsKey, Value: *(h.keyOps)})
+	}
+	if h.keyUsage != nil {
+		pairs = append(pairs, &HeaderPair{Key: KeyUsageKey, Value: *(h.keyUsage)})
+	}
+	if h.x != nil {
+		pairs = append(pairs, &HeaderPair{Key: OKPXKey, Value: h.x})
+	}
+	if h.x509CertChain != nil {
+		pairs = append(pairs, &HeaderPair{Key: X509CertChainKey, Value: h.x509CertChain})
+	}
+	if h.x509CertThumbprint != nil {
+		pairs = append(pairs, &HeaderPair{Key: X509CertThumbprintKey, Value: *(h.x509CertThumbprint)})
+	}
+	if h.x509CertThumbprintS256 != nil {
+		pairs = append(pairs, &HeaderPair{Key: X509CertThumbprintS256Key, Value: *(h.x509CertThumbprintS256)})
+	}
+	if h.x509URL != nil {
+		pairs = append(pairs, &HeaderPair{Key: X509URLKey, Value: *(h.x509URL)})
+	}
+	for k, v := range h.privateParams {
+		pairs = append(pairs, &HeaderPair{Key: k, Value: v})
+	}
+	return pairs
+}
+
+func (h *okpPublicKey) PrivateParams() map[string]interface{} {
+	return h.privateParams
+}
+
+func (h *okpPublicKey) Get(name string) (interface{}, bool) {
+	h.mu.RLock()
+	defer h.mu.RUnlock()
+	switch name {
+	case KeyTypeKey:
+		return h.KeyType(), true
+	case AlgorithmKey:
+		if h.algorithm == nil {
+			return nil, false
+		}
+		return *(h.algorithm), true
+	case OKPCrvKey:
+		if h.crv == nil {
+			return nil, false
+		}
+		return *(h.crv), true
+	case KeyIDKey:
+		if h.keyID == nil {
+			return nil, false
+		}
+		return *(h.keyID), true
+	case KeyOpsKey:
+		if h.keyOps == nil {
+			return nil, false
+		}
+		return *(h.keyOps), true
+	case KeyUsageKey:
+		if h.keyUsage == nil {
+			return nil, false
+		}
+		return *(h.keyUsage), true
+	case OKPXKey:
+		if h.x == nil {
+			return nil, false
+		}
+		return h.x, true
+	case X509CertChainKey:
+		if h.x509CertChain == nil {
+			return nil, false
+		}
+		return h.x509CertChain, true
+	case X509CertThumbprintKey:
+		if h.x509CertThumbprint == nil {
+			return nil, false
+		}
+		return *(h.x509CertThumbprint), true
+	case X509CertThumbprintS256Key:
+		if h.x509CertThumbprintS256 == nil {
+			return nil, false
+		}
+		return *(h.x509CertThumbprintS256), true
+	case X509URLKey:
+		if h.x509URL == nil {
+			return nil, false
+		}
+		return *(h.x509URL), true
+	default:
+		v, ok := h.privateParams[name]
+		return v, ok
+	}
+}
+
+func (h *okpPublicKey) Set(name string, value interface{}) error {
+	h.mu.Lock()
+	defer h.mu.Unlock()
+	return h.setNoLock(name, value)
+}
+
+func (h *okpPublicKey) setNoLock(name string, value interface{}) error {
+	switch name {
+	case "kty":
+		return nil
+	case AlgorithmKey:
+		switch v := value.(type) {
+		case string, jwa.SignatureAlgorithm, jwa.ContentEncryptionAlgorithm:
+			var tmp = jwa.KeyAlgorithmFrom(v)
+			h.algorithm = &tmp
+		case fmt.Stringer:
+			s := v.String()
+			var tmp = jwa.KeyAlgorithmFrom(s)
+			h.algorithm = &tmp
+		default:
+			return fmt.Errorf(`invalid type for %s key: %T`, AlgorithmKey, value)
+		}
+		return nil
+	case OKPCrvKey:
+		if v, ok := value.(jwa.EllipticCurveAlgorithm); ok {
+			h.crv = &v
+			return nil
+		}
+		return fmt.Errorf(`invalid value for %s key: %T`, OKPCrvKey, value)
+	case KeyIDKey:
+		if v, ok := value.(string); ok {
+			h.keyID = &v
+			return nil
+		}
+		return fmt.Errorf(`invalid value for %s key: %T`, KeyIDKey, value)
+	case KeyOpsKey:
+		var acceptor KeyOperationList
+		if err := acceptor.Accept(value); err != nil {
+			return fmt.Errorf(`invalid value for %s key: %w`, KeyOpsKey, err)
+		}
+		h.keyOps = &acceptor
+		return nil
+	case KeyUsageKey:
+		switch v := value.(type) {
+		case KeyUsageType:
+			switch v {
+			case ForSignature, ForEncryption:
+				tmp := v.String()
+				h.keyUsage = &tmp
+			default:
+				return fmt.Errorf(`invalid key usage type %s`, v)
+			}
+		case string:
+			h.keyUsage = &v
+		default:
+			return fmt.Errorf(`invalid key usage type %s`, v)
+		}
+	case OKPXKey:
+		if v, ok := value.([]byte); ok {
+			h.x = v
+			return nil
+		}
+		return fmt.Errorf(`invalid value for %s key: %T`, OKPXKey, value)
+	case X509CertChainKey:
+		if v, ok := value.(*cert.Chain); ok {
+			h.x509CertChain = v
+			return nil
+		}
+		return fmt.Errorf(`invalid value for %s key: %T`, X509CertChainKey, value)
+	case X509CertThumbprintKey:
+		if v, ok := value.(string); ok {
+			h.x509CertThumbprint = &v
+			return nil
+		}
+		return fmt.Errorf(`invalid value for %s key: %T`, X509CertThumbprintKey, value)
+	case X509CertThumbprintS256Key:
+		if v, ok := value.(string); ok {
+			h.x509CertThumbprintS256 = &v
+			return nil
+		}
+		return fmt.Errorf(`invalid value for %s key: %T`, X509CertThumbprintS256Key, value)
+	case X509URLKey:
+		if v, ok := value.(string); ok {
+			h.x509URL = &v
+			return nil
+		}
+		return fmt.Errorf(`invalid value for %s key: %T`, X509URLKey, value)
+	default:
+		if h.privateParams == nil {
+			h.privateParams = map[string]interface{}{}
+		}
+		h.privateParams[name] = value
+	}
+	return nil
+}
+
+func (k *okpPublicKey) Remove(key string) error {
+	k.mu.Lock()
+	defer k.mu.Unlock()
+	switch key {
+	case AlgorithmKey:
+		k.algorithm = nil
+	case OKPCrvKey:
+		k.crv = nil
+	case KeyIDKey:
+		k.keyID = nil
+	case KeyOpsKey:
+		k.keyOps = nil
+	case KeyUsageKey:
+		k.keyUsage = nil
+	case OKPXKey:
+		k.x = nil
+	case X509CertChainKey:
+		k.x509CertChain = nil
+	case X509CertThumbprintKey:
+		k.x509CertThumbprint = nil
+	case X509CertThumbprintS256Key:
+		k.x509CertThumbprintS256 = nil
+	case X509URLKey:
+		k.x509URL = nil
+	default:
+		delete(k.privateParams, key)
+	}
+	return nil
+}
+
+func (k *okpPublicKey) Clone() (Key, error) {
+	return cloneKey(k)
+}
+
+func (k *okpPublicKey) DecodeCtx() json.DecodeCtx {
+	k.mu.RLock()
+	defer k.mu.RUnlock()
+	return k.dc
+}
+
+func (k *okpPublicKey) SetDecodeCtx(dc json.DecodeCtx) {
+	k.mu.Lock()
+	defer k.mu.Unlock()
+	k.dc = dc
+}
+
+func (h *okpPublicKey) UnmarshalJSON(buf []byte) error {
+	h.mu.Lock()
+	defer h.mu.Unlock()
+	h.algorithm = nil
+	h.crv = nil
+	h.keyID = nil
+	h.keyOps = nil
+	h.keyUsage = nil
+	h.x = nil
+	h.x509CertChain = nil
+	h.x509CertThumbprint = nil
+	h.x509CertThumbprintS256 = nil
+	h.x509URL = nil
+	dec := json.NewDecoder(bytes.NewReader(buf))
+LOOP:
+	for {
+		tok, err := dec.Token()
+		if err != nil {
+			return fmt.Errorf(`error reading token: %w`, err)
+		}
+		switch tok := tok.(type) {
+		case json.Delim:
+			// Assuming we're doing everything correctly, we should ONLY
+			// get either '{' or '}' here.
+			if tok == '}' { // End of object
+				break LOOP
+			} else if tok != '{' {
+				return fmt.Errorf(`expected '{', but got '%c'`, tok)
+			}
+		case string: // Objects can only have string keys
+			switch tok {
+			case KeyTypeKey:
+				val, err := json.ReadNextStringToken(dec)
+				if err != nil {
+					return fmt.Errorf(`error reading token: %w`, err)
+				}
+				if val != jwa.OKP.String() {
+					return fmt.Errorf(`invalid kty value for RSAPublicKey (%s)`, val)
+				}
+			case AlgorithmKey:
+				var s string
+				if err := dec.Decode(&s); err != nil {
+					return fmt.Errorf(`failed to decode value for key %s: %w`, AlgorithmKey, err)
+				}
+				alg := jwa.KeyAlgorithmFrom(s)
+				h.algorithm = &alg
+			case OKPCrvKey:
+				var decoded jwa.EllipticCurveAlgorithm
+				if err := dec.Decode(&decoded); err != nil {
+					return fmt.Errorf(`failed to decode value for key %s: %w`, OKPCrvKey, err)
+				}
+				h.crv = &decoded
+			case KeyIDKey:
+				if err := json.AssignNextStringToken(&h.keyID, dec); err != nil {
+					return fmt.Errorf(`failed to decode value for key %s: %w`, KeyIDKey, err)
+				}
+			case KeyOpsKey:
+				var decoded KeyOperationList
+				if err := dec.Decode(&decoded); err != nil {
+					return fmt.Errorf(`failed to decode value for key %s: %w`, KeyOpsKey, err)
+				}
+				h.keyOps = &decoded
+			case KeyUsageKey:
+				if err := json.AssignNextStringToken(&h.keyUsage, dec); err != nil {
+					return fmt.Errorf(`failed to decode value for key %s: %w`, KeyUsageKey, err)
+				}
+			case OKPXKey:
+				if err := json.AssignNextBytesToken(&h.x, dec); err != nil {
+					return fmt.Errorf(`failed to decode value for key %s: %w`, OKPXKey, err)
+				}
+			case X509CertChainKey:
+				var decoded cert.Chain
+				if err := dec.Decode(&decoded); err != nil {
+					return fmt.Errorf(`failed to decode value for key %s: %w`, X509CertChainKey, err)
+				}
+				h.x509CertChain = &decoded
+			case X509CertThumbprintKey:
+				if err := json.AssignNextStringToken(&h.x509CertThumbprint, dec); err != nil {
+					return fmt.Errorf(`failed to decode value for key %s: %w`, X509CertThumbprintKey, err)
+				}
+			case X509CertThumbprintS256Key:
+				if err := json.AssignNextStringToken(&h.x509CertThumbprintS256, dec); err != nil {
+					return fmt.Errorf(`failed to decode value for key %s: %w`, X509CertThumbprintS256Key, err)
+				}
+			case X509URLKey:
+				if err := json.AssignNextStringToken(&h.x509URL, dec); err != nil {
+					return fmt.Errorf(`failed to decode value for key %s: %w`, X509URLKey, err)
+				}
+			default:
+				if dc := h.dc; dc != nil {
+					if localReg := dc.Registry(); localReg != nil {
+						decoded, err := localReg.Decode(dec, tok)
+						if err == nil {
+							h.setNoLock(tok, decoded)
+							continue
+						}
+					}
+				}
+				decoded, err := registry.Decode(dec, tok)
+				if err == nil {
+					h.setNoLock(tok, decoded)
+					continue
+				}
+				return fmt.Errorf(`could not decode field %s: %w`, tok, err)
+			}
+		default:
+			return fmt.Errorf(`invalid token %T`, tok)
+		}
+	}
+	if h.crv == nil {
+		return fmt.Errorf(`required field crv is missing`)
+	}
+	if h.x == nil {
+		return fmt.Errorf(`required field x is missing`)
+	}
+	return nil
+}
+
+func (h okpPublicKey) MarshalJSON() ([]byte, error) {
+	data := make(map[string]interface{})
+	fields := make([]string, 0, 10)
+	for _, pair := range h.makePairs() {
+		fields = append(fields, pair.Key.(string))
+		data[pair.Key.(string)] = pair.Value
+	}
+
+	sort.Strings(fields)
+	buf := pool.GetBytesBuffer()
+	defer pool.ReleaseBytesBuffer(buf)
+	buf.WriteByte('{')
+	enc := json.NewEncoder(buf)
+	for i, f := range fields {
+		if i > 0 {
+			buf.WriteRune(',')
+		}
+		buf.WriteRune('"')
+		buf.WriteString(f)
+		buf.WriteString(`":`)
+		v := data[f]
+		switch v := v.(type) {
+		case []byte:
+			buf.WriteRune('"')
+			buf.WriteString(base64.EncodeToString(v))
+			buf.WriteRune('"')
+		default:
+			if err := enc.Encode(v); err != nil {
+				return nil, fmt.Errorf(`failed to encode value for field %s: %w`, f, err)
+			}
+			buf.Truncate(buf.Len() - 1)
+		}
+	}
+	buf.WriteByte('}')
+	ret := make([]byte, buf.Len())
+	copy(ret, buf.Bytes())
+	return ret, nil
+}
+
+func (h *okpPublicKey) Iterate(ctx context.Context) HeaderIterator {
+	pairs := h.makePairs()
+	ch := make(chan *HeaderPair, len(pairs))
+	go func(ctx context.Context, ch chan *HeaderPair, pairs []*HeaderPair) {
+		defer close(ch)
+		for _, pair := range pairs {
+			select {
+			case <-ctx.Done():
+				return
+			case ch <- pair:
+			}
+		}
+	}(ctx, ch, pairs)
+	return mapiter.New(ch)
+}
+
+func (h *okpPublicKey) Walk(ctx context.Context, visitor HeaderVisitor) error {
+	return iter.WalkMap(ctx, h, visitor)
+}
+
+func (h *okpPublicKey) AsMap(ctx context.Context) (map[string]interface{}, error) {
+	return iter.AsMap(ctx, h)
+}
+
+type OKPPrivateKey interface {
+	Key
+	FromRaw(interface{}) error
+	Crv() jwa.EllipticCurveAlgorithm
+	D() []byte
+	X() []byte
+}
+
+type okpPrivateKey struct {
+	algorithm              *jwa.KeyAlgorithm // https://tools.ietf.org/html/rfc7517#section-4.4
+	crv                    *jwa.EllipticCurveAlgorithm
+	d                      []byte
+	keyID                  *string           // https://tools.ietf.org/html/rfc7515#section-4.1.4
+	keyOps                 *KeyOperationList // https://tools.ietf.org/html/rfc7517#section-4.3
+	keyUsage               *string           // https://tools.ietf.org/html/rfc7517#section-4.2
+	x                      []byte
+	x509CertChain          *cert.Chain // https://tools.ietf.org/html/rfc7515#section-4.1.6
+	x509CertThumbprint     *string     // https://tools.ietf.org/html/rfc7515#section-4.1.7
+	x509CertThumbprintS256 *string     // https://tools.ietf.org/html/rfc7515#section-4.1.8
+	x509URL                *string     // https://tools.ietf.org/html/rfc7515#section-4.1.5
+	privateParams          map[string]interface{}
+	mu                     *sync.RWMutex
+	dc                     json.DecodeCtx
+}
+
+var _ OKPPrivateKey = &okpPrivateKey{}
+var _ Key = &okpPrivateKey{}
+
+func newOKPPrivateKey() *okpPrivateKey {
+	return &okpPrivateKey{
+		mu:            &sync.RWMutex{},
+		privateParams: make(map[string]interface{}),
+	}
+}
+
+func (h okpPrivateKey) KeyType() jwa.KeyType {
+	return jwa.OKP
+}
+
+func (h okpPrivateKey) IsPrivate() bool {
+	return true
+}
+
+func (h *okpPrivateKey) Algorithm() jwa.KeyAlgorithm {
+	if h.algorithm != nil {
+		return *(h.algorithm)
+	}
+	return jwa.InvalidKeyAlgorithm("")
+}
+
+func (h *okpPrivateKey) Crv() jwa.EllipticCurveAlgorithm {
+	if h.crv != nil {
+		return *(h.crv)
+	}
+	return jwa.InvalidEllipticCurve
+}
+
+func (h *okpPrivateKey) D() []byte {
+	return h.d
+}
+
+func (h *okpPrivateKey) KeyID() string {
+	if h.keyID != nil {
+		return *(h.keyID)
+	}
+	return ""
+}
+
+func (h *okpPrivateKey) KeyOps() KeyOperationList {
+	if h.keyOps != nil {
+		return *(h.keyOps)
+	}
+	return nil
+}
+
+func (h *okpPrivateKey) KeyUsage() string {
+	if h.keyUsage != nil {
+		return *(h.keyUsage)
+	}
+	return ""
+}
+
+func (h *okpPrivateKey) X() []byte {
+	return h.x
+}
+
+func (h *okpPrivateKey) X509CertChain() *cert.Chain {
+	return h.x509CertChain
+}
+
+func (h *okpPrivateKey) X509CertThumbprint() string {
+	if h.x509CertThumbprint != nil {
+		return *(h.x509CertThumbprint)
+	}
+	return ""
+}
+
+func (h *okpPrivateKey) X509CertThumbprintS256() string {
+	if h.x509CertThumbprintS256 != nil {
+		return *(h.x509CertThumbprintS256)
+	}
+	return ""
+}
+
+func (h *okpPrivateKey) X509URL() string {
+	if h.x509URL != nil {
+		return *(h.x509URL)
+	}
+	return ""
+}
+
+func (h *okpPrivateKey) makePairs() []*HeaderPair {
+	h.mu.RLock()
+	defer h.mu.RUnlock()
+
+	var pairs []*HeaderPair
+	pairs = append(pairs, &HeaderPair{Key: "kty", Value: jwa.OKP})
+	if h.algorithm != nil {
+		pairs = append(pairs, &HeaderPair{Key: AlgorithmKey, Value: *(h.algorithm)})
+	}
+	if h.crv != nil {
+		pairs = append(pairs, &HeaderPair{Key: OKPCrvKey, Value: *(h.crv)})
+	}
+	if h.d != nil {
+		pairs = append(pairs, &HeaderPair{Key: OKPDKey, Value: h.d})
+	}
+	if h.keyID != nil {
+		pairs = append(pairs, &HeaderPair{Key: KeyIDKey, Value: *(h.keyID)})
+	}
+	if h.keyOps != nil {
+		pairs = append(pairs, &HeaderPair{Key: KeyOpsKey, Value: *(h.keyOps)})
+	}
+	if h.keyUsage != nil {
+		pairs = append(pairs, &HeaderPair{Key: KeyUsageKey, Value: *(h.keyUsage)})
+	}
+	if h.x != nil {
+		pairs = append(pairs, &HeaderPair{Key: OKPXKey, Value: h.x})
+	}
+	if h.x509CertChain != nil {
+		pairs = append(pairs, &HeaderPair{Key: X509CertChainKey, Value: h.x509CertChain})
+	}
+	if h.x509CertThumbprint != nil {
+		pairs = append(pairs, &HeaderPair{Key: X509CertThumbprintKey, Value: *(h.x509CertThumbprint)})
+	}
+	if h.x509CertThumbprintS256 != nil {
+		pairs = append(pairs, &HeaderPair{Key: X509CertThumbprintS256Key, Value: *(h.x509CertThumbprintS256)})
+	}
+	if h.x509URL != nil {
+		pairs = append(pairs, &HeaderPair{Key: X509URLKey, Value: *(h.x509URL)})
+	}
+	for k, v := range h.privateParams {
+		pairs = append(pairs, &HeaderPair{Key: k, Value: v})
+	}
+	return pairs
+}
+
+func (h *okpPrivateKey) PrivateParams() map[string]interface{} {
+	return h.privateParams
+}
+
+func (h *okpPrivateKey) Get(name string) (interface{}, bool) {
+	h.mu.RLock()
+	defer h.mu.RUnlock()
+	switch name {
+	case KeyTypeKey:
+		return h.KeyType(), true
+	case AlgorithmKey:
+		if h.algorithm == nil {
+			return nil, false
+		}
+		return *(h.algorithm), true
+	case OKPCrvKey:
+		if h.crv == nil {
+			return nil, false
+		}
+		return *(h.crv), true
+	case OKPDKey:
+		if h.d == nil {
+			return nil, false
+		}
+		return h.d, true
+	case KeyIDKey:
+		if h.keyID == nil {
+			return nil, false
+		}
+		return *(h.keyID), true
+	case KeyOpsKey:
+		if h.keyOps == nil {
+			return nil, false
+		}
+		return *(h.keyOps), true
+	case KeyUsageKey:
+		if h.keyUsage == nil {
+			return nil, false
+		}
+		return *(h.keyUsage), true
+	case OKPXKey:
+		if h.x == nil {
+			return nil, false
+		}
+		return h.x, true
+	case X509CertChainKey:
+		if h.x509CertChain == nil {
+			return nil, false
+		}
+		return h.x509CertChain, true
+	case X509CertThumbprintKey:
+		if h.x509CertThumbprint == nil {
+			return nil, false
+		}
+		return *(h.x509CertThumbprint), true
+	case X509CertThumbprintS256Key:
+		if h.x509CertThumbprintS256 == nil {
+			return nil, false
+		}
+		return *(h.x509CertThumbprintS256), true
+	case X509URLKey:
+		if h.x509URL == nil {
+			return nil, false
+		}
+		return *(h.x509URL), true
+	default:
+		v, ok := h.privateParams[name]
+		return v, ok
+	}
+}
+
+func (h *okpPrivateKey) Set(name string, value interface{}) error {
+	h.mu.Lock()
+	defer h.mu.Unlock()
+	return h.setNoLock(name, value)
+}
+
+func (h *okpPrivateKey) setNoLock(name string, value interface{}) error {
+	switch name {
+	case "kty":
+		return nil
+	case AlgorithmKey:
+		switch v := value.(type) {
+		case string, jwa.SignatureAlgorithm, jwa.ContentEncryptionAlgorithm:
+			var tmp = jwa.KeyAlgorithmFrom(v)
+			h.algorithm = &tmp
+		case fmt.Stringer:
+			s := v.String()
+			var tmp = jwa.KeyAlgorithmFrom(s)
+			h.algorithm = &tmp
+		default:
+			return fmt.Errorf(`invalid type for %s key: %T`, AlgorithmKey, value)
+		}
+		return nil
+	case OKPCrvKey:
+		if v, ok := value.(jwa.EllipticCurveAlgorithm); ok {
+			h.crv = &v
+			return nil
+		}
+		return fmt.Errorf(`invalid value for %s key: %T`, OKPCrvKey, value)
+	case OKPDKey:
+		if v, ok := value.([]byte); ok {
+			h.d = v
+			return nil
+		}
+		return fmt.Errorf(`invalid value for %s key: %T`, OKPDKey, value)
+	case KeyIDKey:
+		if v, ok := value.(string); ok {
+			h.keyID = &v
+			return nil
+		}
+		return fmt.Errorf(`invalid value for %s key: %T`, KeyIDKey, value)
+	case KeyOpsKey:
+		var acceptor KeyOperationList
+		if err := acceptor.Accept(value); err != nil {
+			return fmt.Errorf(`invalid value for %s key: %w`, KeyOpsKey, err)
+		}
+		h.keyOps = &acceptor
+		return nil
+	case KeyUsageKey:
+		switch v := value.(type) {
+		case KeyUsageType:
+			switch v {
+			case ForSignature, ForEncryption:
+				tmp := v.String()
+				h.keyUsage = &tmp
+			default:
+				return fmt.Errorf(`invalid key usage type %s`, v)
+			}
+		case string:
+			h.keyUsage = &v
+		default:
+			return fmt.Errorf(`invalid key usage type %s`, v)
+		}
+	case OKPXKey:
+		if v, ok := value.([]byte); ok {
+			h.x = v
+			return nil
+		}
+		return fmt.Errorf(`invalid value for %s key: %T`, OKPXKey, value)
+	case X509CertChainKey:
+		if v, ok := value.(*cert.Chain); ok {
+			h.x509CertChain = v
+			return nil
+		}
+		return fmt.Errorf(`invalid value for %s key: %T`, X509CertChainKey, value)
+	case X509CertThumbprintKey:
+		if v, ok := value.(string); ok {
+			h.x509CertThumbprint = &v
+			return nil
+		}
+		return fmt.Errorf(`invalid value for %s key: %T`, X509CertThumbprintKey, value)
+	case X509CertThumbprintS256Key:
+		if v, ok := value.(string); ok {
+			h.x509CertThumbprintS256 = &v
+			return nil
+		}
+		return fmt.Errorf(`invalid value for %s key: %T`, X509CertThumbprintS256Key, value)
+	case X509URLKey:
+		if v, ok := value.(string); ok {
+			h.x509URL = &v
+			return nil
+		}
+		return fmt.Errorf(`invalid value for %s key: %T`, X509URLKey, value)
+	default:
+		if h.privateParams == nil {
+			h.privateParams = map[string]interface{}{}
+		}
+		h.privateParams[name] = value
+	}
+	return nil
+}
+
+func (k *okpPrivateKey) Remove(key string) error {
+	k.mu.Lock()
+	defer k.mu.Unlock()
+	switch key {
+	case AlgorithmKey:
+		k.algorithm = nil
+	case OKPCrvKey:
+		k.crv = nil
+	case OKPDKey:
+		k.d = nil
+	case KeyIDKey:
+		k.keyID = nil
+	case KeyOpsKey:
+		k.keyOps = nil
+	case KeyUsageKey:
+		k.keyUsage = nil
+	case OKPXKey:
+		k.x = nil
+	case X509CertChainKey:
+		k.x509CertChain = nil
+	case X509CertThumbprintKey:
+		k.x509CertThumbprint = nil
+	case X509CertThumbprintS256Key:
+		k.x509CertThumbprintS256 = nil
+	case X509URLKey:
+		k.x509URL = nil
+	default:
+		delete(k.privateParams, key)
+	}
+	return nil
+}
+
+func (k *okpPrivateKey) Clone() (Key, error) {
+	return cloneKey(k)
+}
+
+func (k *okpPrivateKey) DecodeCtx() json.DecodeCtx {
+	k.mu.RLock()
+	defer k.mu.RUnlock()
+	return k.dc
+}
+
+func (k *okpPrivateKey) SetDecodeCtx(dc json.DecodeCtx) {
+	k.mu.Lock()
+	defer k.mu.Unlock()
+	k.dc = dc
+}
+
+func (h *okpPrivateKey) UnmarshalJSON(buf []byte) error {
+	h.mu.Lock()
+	defer h.mu.Unlock()
+	h.algorithm = nil
+	h.crv = nil
+	h.d = nil
+	h.keyID = nil
+	h.keyOps = nil
+	h.keyUsage = nil
+	h.x = nil
+	h.x509CertChain = nil
+	h.x509CertThumbprint = nil
+	h.x509CertThumbprintS256 = nil
+	h.x509URL = nil
+	dec := json.NewDecoder(bytes.NewReader(buf))
+LOOP:
+	for {
+		tok, err := dec.Token()
+		if err != nil {
+			return fmt.Errorf(`error reading token: %w`, err)
+		}
+		switch tok := tok.(type) {
+		case json.Delim:
+			// Assuming we're doing everything correctly, we should ONLY
+			// get either '{' or '}' here.
+			if tok == '}' { // End of object
+				break LOOP
+			} else if tok != '{' {
+				return fmt.Errorf(`expected '{', but got '%c'`, tok)
+			}
+		case string: // Objects can only have string keys
+			switch tok {
+			case KeyTypeKey:
+				val, err := json.ReadNextStringToken(dec)
+				if err != nil {
+					return fmt.Errorf(`error reading token: %w`, err)
+				}
+				if val != jwa.OKP.String() {
+					return fmt.Errorf(`invalid kty value for RSAPublicKey (%s)`, val)
+				}
+			case AlgorithmKey:
+				var s string
+				if err := dec.Decode(&s); err != nil {
+					return fmt.Errorf(`failed to decode value for key %s: %w`, AlgorithmKey, err)
+				}
+				alg := jwa.KeyAlgorithmFrom(s)
+				h.algorithm = &alg
+			case OKPCrvKey:
+				var decoded jwa.EllipticCurveAlgorithm
+				if err := dec.Decode(&decoded); err != nil {
+					return fmt.Errorf(`failed to decode value for key %s: %w`, OKPCrvKey, err)
+				}
+				h.crv = &decoded
+			case OKPDKey:
+				if err := json.AssignNextBytesToken(&h.d, dec); err != nil {
+					return fmt.Errorf(`failed to decode value for key %s: %w`, OKPDKey, err)
+				}
+			case KeyIDKey:
+				if err := json.AssignNextStringToken(&h.keyID, dec); err != nil {
+					return fmt.Errorf(`failed to decode value for key %s: %w`, KeyIDKey, err)
+				}
+			case KeyOpsKey:
+				var decoded KeyOperationList
+				if err := dec.Decode(&decoded); err != nil {
+					return fmt.Errorf(`failed to decode value for key %s: %w`, KeyOpsKey, err)
+				}
+				h.keyOps = &decoded
+			case KeyUsageKey:
+				if err := json.AssignNextStringToken(&h.keyUsage, dec); err != nil {
+					return fmt.Errorf(`failed to decode value for key %s: %w`, KeyUsageKey, err)
+				}
+			case OKPXKey:
+				if err := json.AssignNextBytesToken(&h.x, dec); err != nil {
+					return fmt.Errorf(`failed to decode value for key %s: %w`, OKPXKey, err)
+				}
+			case X509CertChainKey:
+				var decoded cert.Chain
+				if err := dec.Decode(&decoded); err != nil {
+					return fmt.Errorf(`failed to decode value for key %s: %w`, X509CertChainKey, err)
+				}
+				h.x509CertChain = &decoded
+			case X509CertThumbprintKey:
+				if err := json.AssignNextStringToken(&h.x509CertThumbprint, dec); err != nil {
+					return fmt.Errorf(`failed to decode value for key %s: %w`, X509CertThumbprintKey, err)
+				}
+			case X509CertThumbprintS256Key:
+				if err := json.AssignNextStringToken(&h.x509CertThumbprintS256, dec); err != nil {
+					return fmt.Errorf(`failed to decode value for key %s: %w`, X509CertThumbprintS256Key, err)
+				}
+			case X509URLKey:
+				if err := json.AssignNextStringToken(&h.x509URL, dec); err != nil {
+					return fmt.Errorf(`failed to decode value for key %s: %w`, X509URLKey, err)
+				}
+			default:
+				if dc := h.dc; dc != nil {
+					if localReg := dc.Registry(); localReg != nil {
+						decoded, err := localReg.Decode(dec, tok)
+						if err == nil {
+							h.setNoLock(tok, decoded)
+							continue
+						}
+					}
+				}
+				decoded, err := registry.Decode(dec, tok)
+				if err == nil {
+					h.setNoLock(tok, decoded)
+					continue
+				}
+				return fmt.Errorf(`could not decode field %s: %w`, tok, err)
+			}
+		default:
+			return fmt.Errorf(`invalid token %T`, tok)
+		}
+	}
+	if h.crv == nil {
+		return fmt.Errorf(`required field crv is missing`)
+	}
+	if h.d == nil {
+		return fmt.Errorf(`required field d is missing`)
+	}
+	if h.x == nil {
+		return fmt.Errorf(`required field x is missing`)
+	}
+	return nil
+}
+
+func (h okpPrivateKey) MarshalJSON() ([]byte, error) {
+	data := make(map[string]interface{})
+	fields := make([]string, 0, 11)
+	for _, pair := range h.makePairs() {
+		fields = append(fields, pair.Key.(string))
+		data[pair.Key.(string)] = pair.Value
+	}
+
+	sort.Strings(fields)
+	buf := pool.GetBytesBuffer()
+	defer pool.ReleaseBytesBuffer(buf)
+	buf.WriteByte('{')
+	enc := json.NewEncoder(buf)
+	for i, f := range fields {
+		if i > 0 {
+			buf.WriteRune(',')
+		}
+		buf.WriteRune('"')
+		buf.WriteString(f)
+		buf.WriteString(`":`)
+		v := data[f]
+		switch v := v.(type) {
+		case []byte:
+			buf.WriteRune('"')
+			buf.WriteString(base64.EncodeToString(v))
+			buf.WriteRune('"')
+		default:
+			if err := enc.Encode(v); err != nil {
+				return nil, fmt.Errorf(`failed to encode value for field %s: %w`, f, err)
+			}
+			buf.Truncate(buf.Len() - 1)
+		}
+	}
+	buf.WriteByte('}')
+	ret := make([]byte, buf.Len())
+	copy(ret, buf.Bytes())
+	return ret, nil
+}
+
+func (h *okpPrivateKey) Iterate(ctx context.Context) HeaderIterator {
+	pairs := h.makePairs()
+	ch := make(chan *HeaderPair, len(pairs))
+	go func(ctx context.Context, ch chan *HeaderPair, pairs []*HeaderPair) {
+		defer close(ch)
+		for _, pair := range pairs {
+			select {
+			case <-ctx.Done():
+				return
+			case ch <- pair:
+			}
+		}
+	}(ctx, ch, pairs)
+	return mapiter.New(ch)
+}
+
+func (h *okpPrivateKey) Walk(ctx context.Context, visitor HeaderVisitor) error {
+	return iter.WalkMap(ctx, h, visitor)
+}
+
+func (h *okpPrivateKey) AsMap(ctx context.Context) (map[string]interface{}, error) {
+	return iter.AsMap(ctx, h)
+}
diff --git a/vendor/github.com/lestrrat-go/jwx/v2/jwk/options.go b/vendor/github.com/lestrrat-go/jwx/v2/jwk/options.go
new file mode 100644
index 000000000..98fcc4097
--- /dev/null
+++ b/vendor/github.com/lestrrat-go/jwx/v2/jwk/options.go
@@ -0,0 +1,38 @@
+package jwk
+
+import (
+	"github.com/lestrrat-go/option"
+)
+
+type identTypedField struct{}
+
+type typedFieldPair struct {
+	Name  string
+	Value interface{}
+}
+
+// WithTypedField allows a private field to be parsed into the object type of
+// your choice. It works much like the RegisterCustomField, but the effect
+// is only applicable to the jwt.Parse function call which receives this option.
+//
+// While this can be extremely useful, this option should be used with caution:
+// There are many caveats that your entire team/user-base needs to be aware of,
+// and therefore in general its use is discouraged. Only use it when you know
+// what you are doing, and you document its use clearly for others.
+//
+// First and foremost, this is a "per-object" option. Meaning that given the same
+// serialized format, it is possible to generate two objects whose internal
+// representations may differ. That is, if you parse one _WITH_ the option,
+// and the other _WITHOUT_, their internal representation may completely differ.
+// This could potentially lead to problems.
+//
+// Second, specifying this option will slightly slow down the decoding process
+// as it needs to consult multiple definitions sources (global and local), so
+// be careful if you are decoding a large number of tokens, as the effects will stack up.
+func WithTypedField(name string, object interface{}) ParseOption {
+	return &parseOption{
+		option.New(identTypedField{},
+			typedFieldPair{Name: name, Value: object},
+		),
+	}
+}
diff --git a/vendor/github.com/lestrrat-go/jwx/v2/jwk/options.yaml b/vendor/github.com/lestrrat-go/jwx/v2/jwk/options.yaml
new file mode 100644
index 000000000..6dfbded42
--- /dev/null
+++ b/vendor/github.com/lestrrat-go/jwx/v2/jwk/options.yaml
@@ -0,0 +1,142 @@
+package_name: jwk
+output: jwk/options_gen.go
+interfaces:
+  - name: CacheOption
+    comment: |
+      CacheOption is a type of Option that can be passed to the
+      the `jwk.NewCache()` function.
+  - name: AssignKeyIDOption
+  - name: FetchOption
+    methods:
+      - fetchOption
+      - parseOption
+      - registerOption
+    comment: |
+      FetchOption is a type of Option that can be passed to `jwk.Fetch()`
+      FetchOption also implements the `RegisterOption`, and thus can
+      safely be passed to `(*jwk.Cache).Register()`
+  - name: ParseOption
+    methods:
+      - fetchOption
+      - registerOption
+      - readFileOption
+    comment: |
+      ParseOption is a type of Option that can be passed to `jwk.Parse()`
+      ParseOption also implmentsthe `ReadFileOption` and `CacheOption`,
+      and thus safely be passed to `jwk.ReadFile` and `(*jwk.Cache).Configure()`
+  - name: ReadFileOption
+    comment: |
+      ReadFileOption is a type of `Option` that can be passed to `jwk.ReadFile`
+  - name: RegisterOption
+    comment: |
+      RegisterOption desribes options that can be passed to `(jwk.Cache).Register()`
+options:
+  - ident: HTTPClient
+    interface: FetchOption
+    argument_type: HTTPClient
+    comment: |
+      WithHTTPClient allows users to specify the "net/http".Client object that
+      is used when fetching jwk.Set objects.
+  - ident: ThumbprintHash
+    interface: AssignKeyIDOption
+    argument_type: crypto.Hash
+  - ident: RefreshInterval
+    interface: RegisterOption
+    argument_type: time.Duration
+    comment: |
+      WithRefreshInterval specifies the static interval between refreshes
+      of jwk.Set objects controlled by jwk.Cache.
+      
+      Providing this option overrides the adaptive token refreshing based
+      on Cache-Control/Expires header (and jwk.WithMinRefreshInterval),
+      and refreshes will *always* happen in this interval.
+  - ident: MinRefreshInterval
+    interface: RegisterOption
+    argument_type: time.Duration
+    comment: |
+      WithMinRefreshInterval specifies the minimum refresh interval to be used
+      when using `jwk.Cache`. This value is ONLY used if you did not specify
+      a user-supplied static refresh interval via `WithRefreshInterval`.
+      
+      This value is used as a fallback value when tokens are refreshed.
+      
+      When we fetch the key from a remote URL, we first look at the max-age
+      directive from Cache-Control response header. If this value is present,
+      we compare the max-age value and the value specified by this option
+      and take the larger one.
+      
+      Next we check for the Expires header, and similarly if the header is
+      present, we compare it against the value specified by this option,
+      and take the larger one.
+      
+      Finally, if neither of the above headers are present, we use the
+      value specified by this option as the next refresh timing
+      
+      If unspecified, the minimum refresh interval is 1 hour
+  - ident: LocalRegistry
+    option_name: withLocalRegistry
+    interface: ParseOption
+    argument_type: '*json.Registry'
+    comment: This option is only available for internal code. Users don't get to play with it
+  - ident: PEM
+    interface: ParseOption
+    argument_type: bool
+    comment: WithPEM specifies that the input to `Parse()` is a PEM encoded key.
+  - ident: FetchWhitelist
+    interface: FetchOption
+    argument_type: Whitelist
+    comment: |
+      WithFetchWhitelist specifies the Whitelist object to use when
+      fetching JWKs from a remote source. This option can be passed
+      to both `jwk.Fetch()`, `jwk.NewCache()`, and `(*jwk.Cache).Configure()`
+  - ident: IgnoreParseError
+    interface: ParseOption
+    argument_type: bool
+    comment: |
+      WithIgnoreParseError is only applicable when used with `jwk.Parse()`
+      (i.e. to parse JWK sets). If passed to `jwk.ParseKey()`, the function
+      will return an error no matter what the input is.
+      
+      DO NOT USE WITHOUT EXHAUSTING ALL OTHER ROUTES FIRST.
+      
+      The option specifies that errors found during parsing of individual
+      keys are ignored. For example, if you had keys A, B, C where B is
+      invalid (e.g. it does not contain the required fields), then the
+      resulting JWKS will contain keys A and C only.
+      
+      This options exists as an escape hatch for those times when a
+      key in a JWKS that is irrelevant for your use case is causing
+      your JWKS parsing to fail, and you want to get to the rest of the
+      keys in the JWKS.
+      
+      Again, DO NOT USE unless you have exhausted all other routes.
+      When you use this option, you will not be able to tell if you are
+      using a faulty JWKS, except for when there are JSON syntax errors.
+  - ident: FS
+    interface: ReadFileOption
+    argument_type: fs.FS
+    comment: |
+      WithFS specifies the source `fs.FS` object to read the file from.
+  - ident: PostFetcher
+    interface: RegisterOption
+    argument_type: PostFetcher
+    comment: |
+      WithPostFetcher specifies the PostFetcher object to be used on the
+      jwk.Set object obtained in `jwk.Cache`. This option can be used
+      to, for example, modify the jwk.Set to give it key IDs or algorithm
+      names after it has been fetched and parsed, but before it is cached.
+  - ident: RefreshWindow
+    interface: CacheOption
+    argument_type: time.Duration
+    comment: |
+      WithRefreshWindow specifies the interval between checks for refreshes.
+
+      See the documentation in `httprc.WithRefreshWindow` for more details.
+  - ident: ErrSink
+    interface: CacheOption
+    argument_type: ErrSink
+    comment: |
+      WithErrSink specifies the `httprc.ErrSink` object that handles errors
+      that occurred during the cache's execution.
+
+      See the documentation in `httprc.WithErrSink` for more details.
diff --git a/vendor/github.com/lestrrat-go/jwx/v2/jwk/options_gen.go b/vendor/github.com/lestrrat-go/jwx/v2/jwk/options_gen.go
new file mode 100644
index 000000000..2aac86fc6
--- /dev/null
+++ b/vendor/github.com/lestrrat-go/jwx/v2/jwk/options_gen.go
@@ -0,0 +1,274 @@
+// Code generated by tools/cmd/genoptions/main.go. DO NOT EDIT.
+
+package jwk
+
+import (
+	"crypto"
+	"io/fs"
+	"time"
+
+	"github.com/lestrrat-go/jwx/v2/internal/json"
+	"github.com/lestrrat-go/option"
+)
+
+type Option = option.Interface
+
+type AssignKeyIDOption interface {
+	Option
+	assignKeyIDOption()
+}
+
+type assignKeyIDOption struct {
+	Option
+}
+
+func (*assignKeyIDOption) assignKeyIDOption() {}
+
+// CacheOption is a type of Option that can be passed to the
+// the `jwk.NewCache()` function.
+type CacheOption interface {
+	Option
+	cacheOption()
+}
+
+type cacheOption struct {
+	Option
+}
+
+func (*cacheOption) cacheOption() {}
+
+// FetchOption is a type of Option that can be passed to `jwk.Fetch()`
+// FetchOption also implements the `RegisterOption`, and thus can
+// safely be passed to `(*jwk.Cache).Register()`
+type FetchOption interface {
+	Option
+	fetchOption()
+	parseOption()
+	registerOption()
+}
+
+type fetchOption struct {
+	Option
+}
+
+func (*fetchOption) fetchOption() {}
+
+func (*fetchOption) parseOption() {}
+
+func (*fetchOption) registerOption() {}
+
+// ParseOption is a type of Option that can be passed to `jwk.Parse()`
+// ParseOption also implmentsthe `ReadFileOption` and `CacheOption`,
+// and thus safely be passed to `jwk.ReadFile` and `(*jwk.Cache).Configure()`
+type ParseOption interface {
+	Option
+	fetchOption()
+	registerOption()
+	readFileOption()
+}
+
+type parseOption struct {
+	Option
+}
+
+func (*parseOption) fetchOption() {}
+
+func (*parseOption) registerOption() {}
+
+func (*parseOption) readFileOption() {}
+
+// ReadFileOption is a type of `Option` that can be passed to `jwk.ReadFile`
+type ReadFileOption interface {
+	Option
+	readFileOption()
+}
+
+type readFileOption struct {
+	Option
+}
+
+func (*readFileOption) readFileOption() {}
+
+// RegisterOption desribes options that can be passed to `(jwk.Cache).Register()`
+type RegisterOption interface {
+	Option
+	registerOption()
+}
+
+type registerOption struct {
+	Option
+}
+
+func (*registerOption) registerOption() {}
+
+type identErrSink struct{}
+type identFS struct{}
+type identFetchWhitelist struct{}
+type identHTTPClient struct{}
+type identIgnoreParseError struct{}
+type identLocalRegistry struct{}
+type identMinRefreshInterval struct{}
+type identPEM struct{}
+type identPostFetcher struct{}
+type identRefreshInterval struct{}
+type identRefreshWindow struct{}
+type identThumbprintHash struct{}
+
+func (identErrSink) String() string {
+	return "WithErrSink"
+}
+
+func (identFS) String() string {
+	return "WithFS"
+}
+
+func (identFetchWhitelist) String() string {
+	return "WithFetchWhitelist"
+}
+
+func (identHTTPClient) String() string {
+	return "WithHTTPClient"
+}
+
+func (identIgnoreParseError) String() string {
+	return "WithIgnoreParseError"
+}
+
+func (identLocalRegistry) String() string {
+	return "withLocalRegistry"
+}
+
+func (identMinRefreshInterval) String() string {
+	return "WithMinRefreshInterval"
+}
+
+func (identPEM) String() string {
+	return "WithPEM"
+}
+
+func (identPostFetcher) String() string {
+	return "WithPostFetcher"
+}
+
+func (identRefreshInterval) String() string {
+	return "WithRefreshInterval"
+}
+
+func (identRefreshWindow) String() string {
+	return "WithRefreshWindow"
+}
+
+func (identThumbprintHash) String() string {
+	return "WithThumbprintHash"
+}
+
+// WithErrSink specifies the `httprc.ErrSink` object that handles errors
+// that occurred during the cache's execution.
+//
+// See the documentation in `httprc.WithErrSink` for more details.
+func WithErrSink(v ErrSink) CacheOption {
+	return &cacheOption{option.New(identErrSink{}, v)}
+}
+
+// WithFS specifies the source `fs.FS` object to read the file from.
+func WithFS(v fs.FS) ReadFileOption {
+	return &readFileOption{option.New(identFS{}, v)}
+}
+
+// WithFetchWhitelist specifies the Whitelist object to use when
+// fetching JWKs from a remote source. This option can be passed
+// to both `jwk.Fetch()`, `jwk.NewCache()`, and `(*jwk.Cache).Configure()`
+func WithFetchWhitelist(v Whitelist) FetchOption {
+	return &fetchOption{option.New(identFetchWhitelist{}, v)}
+}
+
+// WithHTTPClient allows users to specify the "net/http".Client object that
+// is used when fetching jwk.Set objects.
+func WithHTTPClient(v HTTPClient) FetchOption {
+	return &fetchOption{option.New(identHTTPClient{}, v)}
+}
+
+// WithIgnoreParseError is only applicable when used with `jwk.Parse()`
+// (i.e. to parse JWK sets). If passed to `jwk.ParseKey()`, the function
+// will return an error no matter what the input is.
+//
+// DO NOT USE WITHOUT EXHAUSTING ALL OTHER ROUTES FIRST.
+//
+// The option specifies that errors found during parsing of individual
+// keys are ignored. For example, if you had keys A, B, C where B is
+// invalid (e.g. it does not contain the required fields), then the
+// resulting JWKS will contain keys A and C only.
+//
+// This options exists as an escape hatch for those times when a
+// key in a JWKS that is irrelevant for your use case is causing
+// your JWKS parsing to fail, and you want to get to the rest of the
+// keys in the JWKS.
+//
+// Again, DO NOT USE unless you have exhausted all other routes.
+// When you use this option, you will not be able to tell if you are
+// using a faulty JWKS, except for when there are JSON syntax errors.
+func WithIgnoreParseError(v bool) ParseOption {
+	return &parseOption{option.New(identIgnoreParseError{}, v)}
+}
+
+// This option is only available for internal code. Users don't get to play with it
+func withLocalRegistry(v *json.Registry) ParseOption {
+	return &parseOption{option.New(identLocalRegistry{}, v)}
+}
+
+// WithMinRefreshInterval specifies the minimum refresh interval to be used
+// when using `jwk.Cache`. This value is ONLY used if you did not specify
+// a user-supplied static refresh interval via `WithRefreshInterval`.
+//
+// This value is used as a fallback value when tokens are refreshed.
+//
+// When we fetch the key from a remote URL, we first look at the max-age
+// directive from Cache-Control response header. If this value is present,
+// we compare the max-age value and the value specified by this option
+// and take the larger one.
+//
+// Next we check for the Expires header, and similarly if the header is
+// present, we compare it against the value specified by this option,
+// and take the larger one.
+//
+// Finally, if neither of the above headers are present, we use the
+// value specified by this option as the next refresh timing
+//
+// If unspecified, the minimum refresh interval is 1 hour
+func WithMinRefreshInterval(v time.Duration) RegisterOption {
+	return &registerOption{option.New(identMinRefreshInterval{}, v)}
+}
+
+// WithPEM specifies that the input to `Parse()` is a PEM encoded key.
+func WithPEM(v bool) ParseOption {
+	return &parseOption{option.New(identPEM{}, v)}
+}
+
+// WithPostFetcher specifies the PostFetcher object to be used on the
+// jwk.Set object obtained in `jwk.Cache`. This option can be used
+// to, for example, modify the jwk.Set to give it key IDs or algorithm
+// names after it has been fetched and parsed, but before it is cached.
+func WithPostFetcher(v PostFetcher) RegisterOption {
+	return &registerOption{option.New(identPostFetcher{}, v)}
+}
+
+// WithRefreshInterval specifies the static interval between refreshes
+// of jwk.Set objects controlled by jwk.Cache.
+//
+// Providing this option overrides the adaptive token refreshing based
+// on Cache-Control/Expires header (and jwk.WithMinRefreshInterval),
+// and refreshes will *always* happen in this interval.
+func WithRefreshInterval(v time.Duration) RegisterOption {
+	return &registerOption{option.New(identRefreshInterval{}, v)}
+}
+
+// WithRefreshWindow specifies the interval between checks for refreshes.
+//
+// See the documentation in `httprc.WithRefreshWindow` for more details.
+func WithRefreshWindow(v time.Duration) CacheOption {
+	return &cacheOption{option.New(identRefreshWindow{}, v)}
+}
+
+func WithThumbprintHash(v crypto.Hash) AssignKeyIDOption {
+	return &assignKeyIDOption{option.New(identThumbprintHash{}, v)}
+}
diff --git a/vendor/github.com/lestrrat-go/jwx/v2/jwk/rsa.go b/vendor/github.com/lestrrat-go/jwx/v2/jwk/rsa.go
new file mode 100644
index 000000000..89c1a534e
--- /dev/null
+++ b/vendor/github.com/lestrrat-go/jwx/v2/jwk/rsa.go
@@ -0,0 +1,283 @@
+package jwk
+
+import (
+	"crypto"
+	"crypto/rsa"
+	"encoding/binary"
+	"fmt"
+	"math/big"
+
+	"github.com/lestrrat-go/blackmagic"
+	"github.com/lestrrat-go/jwx/v2/internal/base64"
+	"github.com/lestrrat-go/jwx/v2/internal/pool"
+)
+
+func (k *rsaPrivateKey) FromRaw(rawKey *rsa.PrivateKey) error {
+	k.mu.Lock()
+	defer k.mu.Unlock()
+
+	d, err := bigIntToBytes(rawKey.D)
+	if err != nil {
+		return fmt.Errorf(`invalid rsa.PrivateKey: %w`, err)
+	}
+	k.d = d
+
+	l := len(rawKey.Primes)
+
+	if l < 0 /* I know, I'm being paranoid */ || l > 2 {
+		return fmt.Errorf(`invalid number of primes in rsa.PrivateKey: need 0 to 2, but got %d`, len(rawKey.Primes))
+	}
+
+	if l > 0 {
+		p, err := bigIntToBytes(rawKey.Primes[0])
+		if err != nil {
+			return fmt.Errorf(`invalid rsa.PrivateKey: %w`, err)
+		}
+		k.p = p
+	}
+
+	if l > 1 {
+		q, err := bigIntToBytes(rawKey.Primes[1])
+		if err != nil {
+			return fmt.Errorf(`invalid rsa.PrivateKey: %w`, err)
+		}
+		k.q = q
+	}
+
+	// dp, dq, qi are optional values
+	if v, err := bigIntToBytes(rawKey.Precomputed.Dp); err == nil {
+		k.dp = v
+	}
+	if v, err := bigIntToBytes(rawKey.Precomputed.Dq); err == nil {
+		k.dq = v
+	}
+	if v, err := bigIntToBytes(rawKey.Precomputed.Qinv); err == nil {
+		k.qi = v
+	}
+
+	// public key part
+	n, e, err := rsaPublicKeyByteValuesFromRaw(&rawKey.PublicKey)
+	if err != nil {
+		return fmt.Errorf(`invalid rsa.PrivateKey: %w`, err)
+	}
+	k.n = n
+	k.e = e
+
+	return nil
+}
+
+func rsaPublicKeyByteValuesFromRaw(rawKey *rsa.PublicKey) ([]byte, []byte, error) {
+	n, err := bigIntToBytes(rawKey.N)
+	if err != nil {
+		return nil, nil, fmt.Errorf(`invalid rsa.PublicKey: %w`, err)
+	}
+
+	data := make([]byte, 8)
+	binary.BigEndian.PutUint64(data, uint64(rawKey.E))
+	i := 0
+	for ; i < len(data); i++ {
+		if data[i] != 0x0 {
+			break
+		}
+	}
+	return n, data[i:], nil
+}
+
+func (k *rsaPublicKey) FromRaw(rawKey *rsa.PublicKey) error {
+	k.mu.Lock()
+	defer k.mu.Unlock()
+
+	n, e, err := rsaPublicKeyByteValuesFromRaw(rawKey)
+	if err != nil {
+		return fmt.Errorf(`invalid rsa.PrivateKey: %w`, err)
+	}
+	k.n = n
+	k.e = e
+
+	return nil
+}
+
+func (k *rsaPrivateKey) Raw(v interface{}) error {
+	k.mu.RLock()
+	defer k.mu.RUnlock()
+
+	var d, q, p big.Int // note: do not use from sync.Pool
+
+	d.SetBytes(k.d)
+	q.SetBytes(k.q)
+	p.SetBytes(k.p)
+
+	// optional fields
+	var dp, dq, qi *big.Int
+	if len(k.dp) > 0 {
+		dp = &big.Int{} // note: do not use from sync.Pool
+		dp.SetBytes(k.dp)
+	}
+
+	if len(k.dq) > 0 {
+		dq = &big.Int{} // note: do not use from sync.Pool
+		dq.SetBytes(k.dq)
+	}
+
+	if len(k.qi) > 0 {
+		qi = &big.Int{} // note: do not use from sync.Pool
+		qi.SetBytes(k.qi)
+	}
+
+	var key rsa.PrivateKey
+
+	pubk := newRSAPublicKey()
+	pubk.n = k.n
+	pubk.e = k.e
+	if err := pubk.Raw(&key.PublicKey); err != nil {
+		return fmt.Errorf(`failed to materialize RSA public key: %w`, err)
+	}
+
+	key.D = &d
+	key.Primes = []*big.Int{&p, &q}
+
+	if dp != nil {
+		key.Precomputed.Dp = dp
+	}
+	if dq != nil {
+		key.Precomputed.Dq = dq
+	}
+	if qi != nil {
+		key.Precomputed.Qinv = qi
+	}
+	key.Precomputed.CRTValues = []rsa.CRTValue{}
+
+	return blackmagic.AssignIfCompatible(v, &key)
+}
+
+// Raw takes the values stored in the Key object, and creates the
+// corresponding *rsa.PublicKey object.
+func (k *rsaPublicKey) Raw(v interface{}) error {
+	k.mu.RLock()
+	defer k.mu.RUnlock()
+
+	var key rsa.PublicKey
+
+	n := pool.GetBigInt()
+	e := pool.GetBigInt()
+	defer pool.ReleaseBigInt(e)
+
+	n.SetBytes(k.n)
+	e.SetBytes(k.e)
+
+	key.N = n
+	key.E = int(e.Int64())
+
+	return blackmagic.AssignIfCompatible(v, &key)
+}
+
+func makeRSAPublicKey(v interface {
+	makePairs() []*HeaderPair
+}) (Key, error) {
+	newKey := newRSAPublicKey()
+
+	// Iterate and copy everything except for the bits that should not be in the public key
+	for _, pair := range v.makePairs() {
+		switch pair.Key {
+		case RSADKey, RSADPKey, RSADQKey, RSAPKey, RSAQKey, RSAQIKey:
+			continue
+		default:
+			//nolint:forcetypeassert
+			key := pair.Key.(string)
+			if err := newKey.Set(key, pair.Value); err != nil {
+				return nil, fmt.Errorf(`failed to set field %q: %w`, key, err)
+			}
+		}
+	}
+
+	return newKey, nil
+}
+
+func (k *rsaPrivateKey) PublicKey() (Key, error) {
+	return makeRSAPublicKey(k)
+}
+
+func (k *rsaPublicKey) PublicKey() (Key, error) {
+	return makeRSAPublicKey(k)
+}
+
+// Thumbprint returns the JWK thumbprint using the indicated
+// hashing algorithm, according to RFC 7638
+func (k rsaPrivateKey) Thumbprint(hash crypto.Hash) ([]byte, error) {
+	k.mu.RLock()
+	defer k.mu.RUnlock()
+
+	var key rsa.PrivateKey
+	if err := k.Raw(&key); err != nil {
+		return nil, fmt.Errorf(`failed to materialize RSA private key: %w`, err)
+	}
+	return rsaThumbprint(hash, &key.PublicKey)
+}
+
+func (k rsaPublicKey) Thumbprint(hash crypto.Hash) ([]byte, error) {
+	k.mu.RLock()
+	defer k.mu.RUnlock()
+
+	var key rsa.PublicKey
+	if err := k.Raw(&key); err != nil {
+		return nil, fmt.Errorf(`failed to materialize RSA public key: %w`, err)
+	}
+	return rsaThumbprint(hash, &key)
+}
+
+func rsaThumbprint(hash crypto.Hash, key *rsa.PublicKey) ([]byte, error) {
+	buf := pool.GetBytesBuffer()
+	defer pool.ReleaseBytesBuffer(buf)
+
+	buf.WriteString(`{"e":"`)
+	buf.WriteString(base64.EncodeUint64ToString(uint64(key.E)))
+	buf.WriteString(`","kty":"RSA","n":"`)
+	buf.WriteString(base64.EncodeToString(key.N.Bytes()))
+	buf.WriteString(`"}`)
+
+	h := hash.New()
+	if _, err := buf.WriteTo(h); err != nil {
+		return nil, fmt.Errorf(`failed to write rsaThumbprint: %w`, err)
+	}
+	return h.Sum(nil), nil
+}
+
+func validateRSAKey(key interface {
+	N() []byte
+	E() []byte
+}, checkPrivate bool) error {
+	if len(key.N()) == 0 {
+		// Ideally we would like to check for the actual length, but unlike
+		// EC keys, we have nothing in the key itself that will tell us
+		// how many bits this key should have.
+		return fmt.Errorf(`missing "n" value`)
+	}
+	if len(key.E()) == 0 {
+		return fmt.Errorf(`missing "e" value`)
+	}
+	if checkPrivate {
+		if priv, ok := key.(interface{ D() []byte }); ok {
+			if len(priv.D()) == 0 {
+				return fmt.Errorf(`missing "d" value`)
+			}
+		} else {
+			return fmt.Errorf(`missing "d" value`)
+		}
+	}
+
+	return nil
+}
+
+func (k *rsaPrivateKey) Validate() error {
+	if err := validateRSAKey(k, true); err != nil {
+		return NewKeyValidationError(fmt.Errorf(`jwk.RSAPrivateKey: %w`, err))
+	}
+	return nil
+}
+
+func (k *rsaPublicKey) Validate() error {
+	if err := validateRSAKey(k, false); err != nil {
+		return NewKeyValidationError(fmt.Errorf(`jwk.RSAPublicKey: %w`, err))
+	}
+	return nil
+}
diff --git a/vendor/github.com/lestrrat-go/jwx/v2/jwk/rsa_gen.go b/vendor/github.com/lestrrat-go/jwx/v2/jwk/rsa_gen.go
new file mode 100644
index 000000000..633b30103
--- /dev/null
+++ b/vendor/github.com/lestrrat-go/jwx/v2/jwk/rsa_gen.go
@@ -0,0 +1,1258 @@
+// Code generated by tools/cmd/genjwk/main.go. DO NOT EDIT.
+
+package jwk
+
+import (
+	"bytes"
+	"context"
+	"crypto/rsa"
+	"fmt"
+	"sort"
+	"sync"
+
+	"github.com/lestrrat-go/iter/mapiter"
+	"github.com/lestrrat-go/jwx/v2/cert"
+	"github.com/lestrrat-go/jwx/v2/internal/base64"
+	"github.com/lestrrat-go/jwx/v2/internal/iter"
+	"github.com/lestrrat-go/jwx/v2/internal/json"
+	"github.com/lestrrat-go/jwx/v2/internal/pool"
+	"github.com/lestrrat-go/jwx/v2/jwa"
+)
+
+const (
+	RSADKey  = "d"
+	RSADPKey = "dp"
+	RSADQKey = "dq"
+	RSAEKey  = "e"
+	RSANKey  = "n"
+	RSAPKey  = "p"
+	RSAQIKey = "qi"
+	RSAQKey  = "q"
+)
+
+type RSAPublicKey interface {
+	Key
+	FromRaw(*rsa.PublicKey) error
+	E() []byte
+	N() []byte
+}
+
+type rsaPublicKey struct {
+	algorithm              *jwa.KeyAlgorithm // https://tools.ietf.org/html/rfc7517#section-4.4
+	e                      []byte
+	keyID                  *string           // https://tools.ietf.org/html/rfc7515#section-4.1.4
+	keyOps                 *KeyOperationList // https://tools.ietf.org/html/rfc7517#section-4.3
+	keyUsage               *string           // https://tools.ietf.org/html/rfc7517#section-4.2
+	n                      []byte
+	x509CertChain          *cert.Chain // https://tools.ietf.org/html/rfc7515#section-4.1.6
+	x509CertThumbprint     *string     // https://tools.ietf.org/html/rfc7515#section-4.1.7
+	x509CertThumbprintS256 *string     // https://tools.ietf.org/html/rfc7515#section-4.1.8
+	x509URL                *string     // https://tools.ietf.org/html/rfc7515#section-4.1.5
+	privateParams          map[string]interface{}
+	mu                     *sync.RWMutex
+	dc                     json.DecodeCtx
+}
+
+var _ RSAPublicKey = &rsaPublicKey{}
+var _ Key = &rsaPublicKey{}
+
+func newRSAPublicKey() *rsaPublicKey {
+	return &rsaPublicKey{
+		mu:            &sync.RWMutex{},
+		privateParams: make(map[string]interface{}),
+	}
+}
+
+func (h rsaPublicKey) KeyType() jwa.KeyType {
+	return jwa.RSA
+}
+
+func (h rsaPublicKey) IsPrivate() bool {
+	return false
+}
+
+func (h *rsaPublicKey) Algorithm() jwa.KeyAlgorithm {
+	if h.algorithm != nil {
+		return *(h.algorithm)
+	}
+	return jwa.InvalidKeyAlgorithm("")
+}
+
+func (h *rsaPublicKey) E() []byte {
+	return h.e
+}
+
+func (h *rsaPublicKey) KeyID() string {
+	if h.keyID != nil {
+		return *(h.keyID)
+	}
+	return ""
+}
+
+func (h *rsaPublicKey) KeyOps() KeyOperationList {
+	if h.keyOps != nil {
+		return *(h.keyOps)
+	}
+	return nil
+}
+
+func (h *rsaPublicKey) KeyUsage() string {
+	if h.keyUsage != nil {
+		return *(h.keyUsage)
+	}
+	return ""
+}
+
+func (h *rsaPublicKey) N() []byte {
+	return h.n
+}
+
+func (h *rsaPublicKey) X509CertChain() *cert.Chain {
+	return h.x509CertChain
+}
+
+func (h *rsaPublicKey) X509CertThumbprint() string {
+	if h.x509CertThumbprint != nil {
+		return *(h.x509CertThumbprint)
+	}
+	return ""
+}
+
+func (h *rsaPublicKey) X509CertThumbprintS256() string {
+	if h.x509CertThumbprintS256 != nil {
+		return *(h.x509CertThumbprintS256)
+	}
+	return ""
+}
+
+func (h *rsaPublicKey) X509URL() string {
+	if h.x509URL != nil {
+		return *(h.x509URL)
+	}
+	return ""
+}
+
+func (h *rsaPublicKey) makePairs() []*HeaderPair {
+	h.mu.RLock()
+	defer h.mu.RUnlock()
+
+	var pairs []*HeaderPair
+	pairs = append(pairs, &HeaderPair{Key: "kty", Value: jwa.RSA})
+	if h.algorithm != nil {
+		pairs = append(pairs, &HeaderPair{Key: AlgorithmKey, Value: *(h.algorithm)})
+	}
+	if h.e != nil {
+		pairs = append(pairs, &HeaderPair{Key: RSAEKey, Value: h.e})
+	}
+	if h.keyID != nil {
+		pairs = append(pairs, &HeaderPair{Key: KeyIDKey, Value: *(h.keyID)})
+	}
+	if h.keyOps != nil {
+		pairs = append(pairs, &HeaderPair{Key: KeyOpsKey, Value: *(h.keyOps)})
+	}
+	if h.keyUsage != nil {
+		pairs = append(pairs, &HeaderPair{Key: KeyUsageKey, Value: *(h.keyUsage)})
+	}
+	if h.n != nil {
+		pairs = append(pairs, &HeaderPair{Key: RSANKey, Value: h.n})
+	}
+	if h.x509CertChain != nil {
+		pairs = append(pairs, &HeaderPair{Key: X509CertChainKey, Value: h.x509CertChain})
+	}
+	if h.x509CertThumbprint != nil {
+		pairs = append(pairs, &HeaderPair{Key: X509CertThumbprintKey, Value: *(h.x509CertThumbprint)})
+	}
+	if h.x509CertThumbprintS256 != nil {
+		pairs = append(pairs, &HeaderPair{Key: X509CertThumbprintS256Key, Value: *(h.x509CertThumbprintS256)})
+	}
+	if h.x509URL != nil {
+		pairs = append(pairs, &HeaderPair{Key: X509URLKey, Value: *(h.x509URL)})
+	}
+	for k, v := range h.privateParams {
+		pairs = append(pairs, &HeaderPair{Key: k, Value: v})
+	}
+	return pairs
+}
+
+func (h *rsaPublicKey) PrivateParams() map[string]interface{} {
+	return h.privateParams
+}
+
+func (h *rsaPublicKey) Get(name string) (interface{}, bool) {
+	h.mu.RLock()
+	defer h.mu.RUnlock()
+	switch name {
+	case KeyTypeKey:
+		return h.KeyType(), true
+	case AlgorithmKey:
+		if h.algorithm == nil {
+			return nil, false
+		}
+		return *(h.algorithm), true
+	case RSAEKey:
+		if h.e == nil {
+			return nil, false
+		}
+		return h.e, true
+	case KeyIDKey:
+		if h.keyID == nil {
+			return nil, false
+		}
+		return *(h.keyID), true
+	case KeyOpsKey:
+		if h.keyOps == nil {
+			return nil, false
+		}
+		return *(h.keyOps), true
+	case KeyUsageKey:
+		if h.keyUsage == nil {
+			return nil, false
+		}
+		return *(h.keyUsage), true
+	case RSANKey:
+		if h.n == nil {
+			return nil, false
+		}
+		return h.n, true
+	case X509CertChainKey:
+		if h.x509CertChain == nil {
+			return nil, false
+		}
+		return h.x509CertChain, true
+	case X509CertThumbprintKey:
+		if h.x509CertThumbprint == nil {
+			return nil, false
+		}
+		return *(h.x509CertThumbprint), true
+	case X509CertThumbprintS256Key:
+		if h.x509CertThumbprintS256 == nil {
+			return nil, false
+		}
+		return *(h.x509CertThumbprintS256), true
+	case X509URLKey:
+		if h.x509URL == nil {
+			return nil, false
+		}
+		return *(h.x509URL), true
+	default:
+		v, ok := h.privateParams[name]
+		return v, ok
+	}
+}
+
+func (h *rsaPublicKey) Set(name string, value interface{}) error {
+	h.mu.Lock()
+	defer h.mu.Unlock()
+	return h.setNoLock(name, value)
+}
+
+func (h *rsaPublicKey) setNoLock(name string, value interface{}) error {
+	switch name {
+	case "kty":
+		return nil
+	case AlgorithmKey:
+		switch v := value.(type) {
+		case string, jwa.SignatureAlgorithm, jwa.ContentEncryptionAlgorithm:
+			var tmp = jwa.KeyAlgorithmFrom(v)
+			h.algorithm = &tmp
+		case fmt.Stringer:
+			s := v.String()
+			var tmp = jwa.KeyAlgorithmFrom(s)
+			h.algorithm = &tmp
+		default:
+			return fmt.Errorf(`invalid type for %s key: %T`, AlgorithmKey, value)
+		}
+		return nil
+	case RSAEKey:
+		if v, ok := value.([]byte); ok {
+			h.e = v
+			return nil
+		}
+		return fmt.Errorf(`invalid value for %s key: %T`, RSAEKey, value)
+	case KeyIDKey:
+		if v, ok := value.(string); ok {
+			h.keyID = &v
+			return nil
+		}
+		return fmt.Errorf(`invalid value for %s key: %T`, KeyIDKey, value)
+	case KeyOpsKey:
+		var acceptor KeyOperationList
+		if err := acceptor.Accept(value); err != nil {
+			return fmt.Errorf(`invalid value for %s key: %w`, KeyOpsKey, err)
+		}
+		h.keyOps = &acceptor
+		return nil
+	case KeyUsageKey:
+		switch v := value.(type) {
+		case KeyUsageType:
+			switch v {
+			case ForSignature, ForEncryption:
+				tmp := v.String()
+				h.keyUsage = &tmp
+			default:
+				return fmt.Errorf(`invalid key usage type %s`, v)
+			}
+		case string:
+			h.keyUsage = &v
+		default:
+			return fmt.Errorf(`invalid key usage type %s`, v)
+		}
+	case RSANKey:
+		if v, ok := value.([]byte); ok {
+			h.n = v
+			return nil
+		}
+		return fmt.Errorf(`invalid value for %s key: %T`, RSANKey, value)
+	case X509CertChainKey:
+		if v, ok := value.(*cert.Chain); ok {
+			h.x509CertChain = v
+			return nil
+		}
+		return fmt.Errorf(`invalid value for %s key: %T`, X509CertChainKey, value)
+	case X509CertThumbprintKey:
+		if v, ok := value.(string); ok {
+			h.x509CertThumbprint = &v
+			return nil
+		}
+		return fmt.Errorf(`invalid value for %s key: %T`, X509CertThumbprintKey, value)
+	case X509CertThumbprintS256Key:
+		if v, ok := value.(string); ok {
+			h.x509CertThumbprintS256 = &v
+			return nil
+		}
+		return fmt.Errorf(`invalid value for %s key: %T`, X509CertThumbprintS256Key, value)
+	case X509URLKey:
+		if v, ok := value.(string); ok {
+			h.x509URL = &v
+			return nil
+		}
+		return fmt.Errorf(`invalid value for %s key: %T`, X509URLKey, value)
+	default:
+		if h.privateParams == nil {
+			h.privateParams = map[string]interface{}{}
+		}
+		h.privateParams[name] = value
+	}
+	return nil
+}
+
+func (k *rsaPublicKey) Remove(key string) error {
+	k.mu.Lock()
+	defer k.mu.Unlock()
+	switch key {
+	case AlgorithmKey:
+		k.algorithm = nil
+	case RSAEKey:
+		k.e = nil
+	case KeyIDKey:
+		k.keyID = nil
+	case KeyOpsKey:
+		k.keyOps = nil
+	case KeyUsageKey:
+		k.keyUsage = nil
+	case RSANKey:
+		k.n = nil
+	case X509CertChainKey:
+		k.x509CertChain = nil
+	case X509CertThumbprintKey:
+		k.x509CertThumbprint = nil
+	case X509CertThumbprintS256Key:
+		k.x509CertThumbprintS256 = nil
+	case X509URLKey:
+		k.x509URL = nil
+	default:
+		delete(k.privateParams, key)
+	}
+	return nil
+}
+
+func (k *rsaPublicKey) Clone() (Key, error) {
+	return cloneKey(k)
+}
+
+func (k *rsaPublicKey) DecodeCtx() json.DecodeCtx {
+	k.mu.RLock()
+	defer k.mu.RUnlock()
+	return k.dc
+}
+
+func (k *rsaPublicKey) SetDecodeCtx(dc json.DecodeCtx) {
+	k.mu.Lock()
+	defer k.mu.Unlock()
+	k.dc = dc
+}
+
+func (h *rsaPublicKey) UnmarshalJSON(buf []byte) error {
+	h.mu.Lock()
+	defer h.mu.Unlock()
+	h.algorithm = nil
+	h.e = nil
+	h.keyID = nil
+	h.keyOps = nil
+	h.keyUsage = nil
+	h.n = nil
+	h.x509CertChain = nil
+	h.x509CertThumbprint = nil
+	h.x509CertThumbprintS256 = nil
+	h.x509URL = nil
+	dec := json.NewDecoder(bytes.NewReader(buf))
+LOOP:
+	for {
+		tok, err := dec.Token()
+		if err != nil {
+			return fmt.Errorf(`error reading token: %w`, err)
+		}
+		switch tok := tok.(type) {
+		case json.Delim:
+			// Assuming we're doing everything correctly, we should ONLY
+			// get either '{' or '}' here.
+			if tok == '}' { // End of object
+				break LOOP
+			} else if tok != '{' {
+				return fmt.Errorf(`expected '{', but got '%c'`, tok)
+			}
+		case string: // Objects can only have string keys
+			switch tok {
+			case KeyTypeKey:
+				val, err := json.ReadNextStringToken(dec)
+				if err != nil {
+					return fmt.Errorf(`error reading token: %w`, err)
+				}
+				if val != jwa.RSA.String() {
+					return fmt.Errorf(`invalid kty value for RSAPublicKey (%s)`, val)
+				}
+			case AlgorithmKey:
+				var s string
+				if err := dec.Decode(&s); err != nil {
+					return fmt.Errorf(`failed to decode value for key %s: %w`, AlgorithmKey, err)
+				}
+				alg := jwa.KeyAlgorithmFrom(s)
+				h.algorithm = &alg
+			case RSAEKey:
+				if err := json.AssignNextBytesToken(&h.e, dec); err != nil {
+					return fmt.Errorf(`failed to decode value for key %s: %w`, RSAEKey, err)
+				}
+			case KeyIDKey:
+				if err := json.AssignNextStringToken(&h.keyID, dec); err != nil {
+					return fmt.Errorf(`failed to decode value for key %s: %w`, KeyIDKey, err)
+				}
+			case KeyOpsKey:
+				var decoded KeyOperationList
+				if err := dec.Decode(&decoded); err != nil {
+					return fmt.Errorf(`failed to decode value for key %s: %w`, KeyOpsKey, err)
+				}
+				h.keyOps = &decoded
+			case KeyUsageKey:
+				if err := json.AssignNextStringToken(&h.keyUsage, dec); err != nil {
+					return fmt.Errorf(`failed to decode value for key %s: %w`, KeyUsageKey, err)
+				}
+			case RSANKey:
+				if err := json.AssignNextBytesToken(&h.n, dec); err != nil {
+					return fmt.Errorf(`failed to decode value for key %s: %w`, RSANKey, err)
+				}
+			case X509CertChainKey:
+				var decoded cert.Chain
+				if err := dec.Decode(&decoded); err != nil {
+					return fmt.Errorf(`failed to decode value for key %s: %w`, X509CertChainKey, err)
+				}
+				h.x509CertChain = &decoded
+			case X509CertThumbprintKey:
+				if err := json.AssignNextStringToken(&h.x509CertThumbprint, dec); err != nil {
+					return fmt.Errorf(`failed to decode value for key %s: %w`, X509CertThumbprintKey, err)
+				}
+			case X509CertThumbprintS256Key:
+				if err := json.AssignNextStringToken(&h.x509CertThumbprintS256, dec); err != nil {
+					return fmt.Errorf(`failed to decode value for key %s: %w`, X509CertThumbprintS256Key, err)
+				}
+			case X509URLKey:
+				if err := json.AssignNextStringToken(&h.x509URL, dec); err != nil {
+					return fmt.Errorf(`failed to decode value for key %s: %w`, X509URLKey, err)
+				}
+			default:
+				if dc := h.dc; dc != nil {
+					if localReg := dc.Registry(); localReg != nil {
+						decoded, err := localReg.Decode(dec, tok)
+						if err == nil {
+							h.setNoLock(tok, decoded)
+							continue
+						}
+					}
+				}
+				decoded, err := registry.Decode(dec, tok)
+				if err == nil {
+					h.setNoLock(tok, decoded)
+					continue
+				}
+				return fmt.Errorf(`could not decode field %s: %w`, tok, err)
+			}
+		default:
+			return fmt.Errorf(`invalid token %T`, tok)
+		}
+	}
+	if h.e == nil {
+		return fmt.Errorf(`required field e is missing`)
+	}
+	if h.n == nil {
+		return fmt.Errorf(`required field n is missing`)
+	}
+	return nil
+}
+
+func (h rsaPublicKey) MarshalJSON() ([]byte, error) {
+	data := make(map[string]interface{})
+	fields := make([]string, 0, 10)
+	for _, pair := range h.makePairs() {
+		fields = append(fields, pair.Key.(string))
+		data[pair.Key.(string)] = pair.Value
+	}
+
+	sort.Strings(fields)
+	buf := pool.GetBytesBuffer()
+	defer pool.ReleaseBytesBuffer(buf)
+	buf.WriteByte('{')
+	enc := json.NewEncoder(buf)
+	for i, f := range fields {
+		if i > 0 {
+			buf.WriteRune(',')
+		}
+		buf.WriteRune('"')
+		buf.WriteString(f)
+		buf.WriteString(`":`)
+		v := data[f]
+		switch v := v.(type) {
+		case []byte:
+			buf.WriteRune('"')
+			buf.WriteString(base64.EncodeToString(v))
+			buf.WriteRune('"')
+		default:
+			if err := enc.Encode(v); err != nil {
+				return nil, fmt.Errorf(`failed to encode value for field %s: %w`, f, err)
+			}
+			buf.Truncate(buf.Len() - 1)
+		}
+	}
+	buf.WriteByte('}')
+	ret := make([]byte, buf.Len())
+	copy(ret, buf.Bytes())
+	return ret, nil
+}
+
+func (h *rsaPublicKey) Iterate(ctx context.Context) HeaderIterator {
+	pairs := h.makePairs()
+	ch := make(chan *HeaderPair, len(pairs))
+	go func(ctx context.Context, ch chan *HeaderPair, pairs []*HeaderPair) {
+		defer close(ch)
+		for _, pair := range pairs {
+			select {
+			case <-ctx.Done():
+				return
+			case ch <- pair:
+			}
+		}
+	}(ctx, ch, pairs)
+	return mapiter.New(ch)
+}
+
+func (h *rsaPublicKey) Walk(ctx context.Context, visitor HeaderVisitor) error {
+	return iter.WalkMap(ctx, h, visitor)
+}
+
+func (h *rsaPublicKey) AsMap(ctx context.Context) (map[string]interface{}, error) {
+	return iter.AsMap(ctx, h)
+}
+
+type RSAPrivateKey interface {
+	Key
+	FromRaw(*rsa.PrivateKey) error
+	D() []byte
+	DP() []byte
+	DQ() []byte
+	E() []byte
+	N() []byte
+	P() []byte
+	Q() []byte
+	QI() []byte
+}
+
+type rsaPrivateKey struct {
+	algorithm              *jwa.KeyAlgorithm // https://tools.ietf.org/html/rfc7517#section-4.4
+	d                      []byte
+	dp                     []byte
+	dq                     []byte
+	e                      []byte
+	keyID                  *string           // https://tools.ietf.org/html/rfc7515#section-4.1.4
+	keyOps                 *KeyOperationList // https://tools.ietf.org/html/rfc7517#section-4.3
+	keyUsage               *string           // https://tools.ietf.org/html/rfc7517#section-4.2
+	n                      []byte
+	p                      []byte
+	q                      []byte
+	qi                     []byte
+	x509CertChain          *cert.Chain // https://tools.ietf.org/html/rfc7515#section-4.1.6
+	x509CertThumbprint     *string     // https://tools.ietf.org/html/rfc7515#section-4.1.7
+	x509CertThumbprintS256 *string     // https://tools.ietf.org/html/rfc7515#section-4.1.8
+	x509URL                *string     // https://tools.ietf.org/html/rfc7515#section-4.1.5
+	privateParams          map[string]interface{}
+	mu                     *sync.RWMutex
+	dc                     json.DecodeCtx
+}
+
+var _ RSAPrivateKey = &rsaPrivateKey{}
+var _ Key = &rsaPrivateKey{}
+
+func newRSAPrivateKey() *rsaPrivateKey {
+	return &rsaPrivateKey{
+		mu:            &sync.RWMutex{},
+		privateParams: make(map[string]interface{}),
+	}
+}
+
+func (h rsaPrivateKey) KeyType() jwa.KeyType {
+	return jwa.RSA
+}
+
+func (h rsaPrivateKey) IsPrivate() bool {
+	return true
+}
+
+func (h *rsaPrivateKey) Algorithm() jwa.KeyAlgorithm {
+	if h.algorithm != nil {
+		return *(h.algorithm)
+	}
+	return jwa.InvalidKeyAlgorithm("")
+}
+
+func (h *rsaPrivateKey) D() []byte {
+	return h.d
+}
+
+func (h *rsaPrivateKey) DP() []byte {
+	return h.dp
+}
+
+func (h *rsaPrivateKey) DQ() []byte {
+	return h.dq
+}
+
+func (h *rsaPrivateKey) E() []byte {
+	return h.e
+}
+
+func (h *rsaPrivateKey) KeyID() string {
+	if h.keyID != nil {
+		return *(h.keyID)
+	}
+	return ""
+}
+
+func (h *rsaPrivateKey) KeyOps() KeyOperationList {
+	if h.keyOps != nil {
+		return *(h.keyOps)
+	}
+	return nil
+}
+
+func (h *rsaPrivateKey) KeyUsage() string {
+	if h.keyUsage != nil {
+		return *(h.keyUsage)
+	}
+	return ""
+}
+
+func (h *rsaPrivateKey) N() []byte {
+	return h.n
+}
+
+func (h *rsaPrivateKey) P() []byte {
+	return h.p
+}
+
+func (h *rsaPrivateKey) Q() []byte {
+	return h.q
+}
+
+func (h *rsaPrivateKey) QI() []byte {
+	return h.qi
+}
+
+func (h *rsaPrivateKey) X509CertChain() *cert.Chain {
+	return h.x509CertChain
+}
+
+func (h *rsaPrivateKey) X509CertThumbprint() string {
+	if h.x509CertThumbprint != nil {
+		return *(h.x509CertThumbprint)
+	}
+	return ""
+}
+
+func (h *rsaPrivateKey) X509CertThumbprintS256() string {
+	if h.x509CertThumbprintS256 != nil {
+		return *(h.x509CertThumbprintS256)
+	}
+	return ""
+}
+
+func (h *rsaPrivateKey) X509URL() string {
+	if h.x509URL != nil {
+		return *(h.x509URL)
+	}
+	return ""
+}
+
+func (h *rsaPrivateKey) makePairs() []*HeaderPair {
+	h.mu.RLock()
+	defer h.mu.RUnlock()
+
+	var pairs []*HeaderPair
+	pairs = append(pairs, &HeaderPair{Key: "kty", Value: jwa.RSA})
+	if h.algorithm != nil {
+		pairs = append(pairs, &HeaderPair{Key: AlgorithmKey, Value: *(h.algorithm)})
+	}
+	if h.d != nil {
+		pairs = append(pairs, &HeaderPair{Key: RSADKey, Value: h.d})
+	}
+	if h.dp != nil {
+		pairs = append(pairs, &HeaderPair{Key: RSADPKey, Value: h.dp})
+	}
+	if h.dq != nil {
+		pairs = append(pairs, &HeaderPair{Key: RSADQKey, Value: h.dq})
+	}
+	if h.e != nil {
+		pairs = append(pairs, &HeaderPair{Key: RSAEKey, Value: h.e})
+	}
+	if h.keyID != nil {
+		pairs = append(pairs, &HeaderPair{Key: KeyIDKey, Value: *(h.keyID)})
+	}
+	if h.keyOps != nil {
+		pairs = append(pairs, &HeaderPair{Key: KeyOpsKey, Value: *(h.keyOps)})
+	}
+	if h.keyUsage != nil {
+		pairs = append(pairs, &HeaderPair{Key: KeyUsageKey, Value: *(h.keyUsage)})
+	}
+	if h.n != nil {
+		pairs = append(pairs, &HeaderPair{Key: RSANKey, Value: h.n})
+	}
+	if h.p != nil {
+		pairs = append(pairs, &HeaderPair{Key: RSAPKey, Value: h.p})
+	}
+	if h.q != nil {
+		pairs = append(pairs, &HeaderPair{Key: RSAQKey, Value: h.q})
+	}
+	if h.qi != nil {
+		pairs = append(pairs, &HeaderPair{Key: RSAQIKey, Value: h.qi})
+	}
+	if h.x509CertChain != nil {
+		pairs = append(pairs, &HeaderPair{Key: X509CertChainKey, Value: h.x509CertChain})
+	}
+	if h.x509CertThumbprint != nil {
+		pairs = append(pairs, &HeaderPair{Key: X509CertThumbprintKey, Value: *(h.x509CertThumbprint)})
+	}
+	if h.x509CertThumbprintS256 != nil {
+		pairs = append(pairs, &HeaderPair{Key: X509CertThumbprintS256Key, Value: *(h.x509CertThumbprintS256)})
+	}
+	if h.x509URL != nil {
+		pairs = append(pairs, &HeaderPair{Key: X509URLKey, Value: *(h.x509URL)})
+	}
+	for k, v := range h.privateParams {
+		pairs = append(pairs, &HeaderPair{Key: k, Value: v})
+	}
+	return pairs
+}
+
+func (h *rsaPrivateKey) PrivateParams() map[string]interface{} {
+	return h.privateParams
+}
+
+func (h *rsaPrivateKey) Get(name string) (interface{}, bool) {
+	h.mu.RLock()
+	defer h.mu.RUnlock()
+	switch name {
+	case KeyTypeKey:
+		return h.KeyType(), true
+	case AlgorithmKey:
+		if h.algorithm == nil {
+			return nil, false
+		}
+		return *(h.algorithm), true
+	case RSADKey:
+		if h.d == nil {
+			return nil, false
+		}
+		return h.d, true
+	case RSADPKey:
+		if h.dp == nil {
+			return nil, false
+		}
+		return h.dp, true
+	case RSADQKey:
+		if h.dq == nil {
+			return nil, false
+		}
+		return h.dq, true
+	case RSAEKey:
+		if h.e == nil {
+			return nil, false
+		}
+		return h.e, true
+	case KeyIDKey:
+		if h.keyID == nil {
+			return nil, false
+		}
+		return *(h.keyID), true
+	case KeyOpsKey:
+		if h.keyOps == nil {
+			return nil, false
+		}
+		return *(h.keyOps), true
+	case KeyUsageKey:
+		if h.keyUsage == nil {
+			return nil, false
+		}
+		return *(h.keyUsage), true
+	case RSANKey:
+		if h.n == nil {
+			return nil, false
+		}
+		return h.n, true
+	case RSAPKey:
+		if h.p == nil {
+			return nil, false
+		}
+		return h.p, true
+	case RSAQKey:
+		if h.q == nil {
+			return nil, false
+		}
+		return h.q, true
+	case RSAQIKey:
+		if h.qi == nil {
+			return nil, false
+		}
+		return h.qi, true
+	case X509CertChainKey:
+		if h.x509CertChain == nil {
+			return nil, false
+		}
+		return h.x509CertChain, true
+	case X509CertThumbprintKey:
+		if h.x509CertThumbprint == nil {
+			return nil, false
+		}
+		return *(h.x509CertThumbprint), true
+	case X509CertThumbprintS256Key:
+		if h.x509CertThumbprintS256 == nil {
+			return nil, false
+		}
+		return *(h.x509CertThumbprintS256), true
+	case X509URLKey:
+		if h.x509URL == nil {
+			return nil, false
+		}
+		return *(h.x509URL), true
+	default:
+		v, ok := h.privateParams[name]
+		return v, ok
+	}
+}
+
+func (h *rsaPrivateKey) Set(name string, value interface{}) error {
+	h.mu.Lock()
+	defer h.mu.Unlock()
+	return h.setNoLock(name, value)
+}
+
+func (h *rsaPrivateKey) setNoLock(name string, value interface{}) error {
+	switch name {
+	case "kty":
+		return nil
+	case AlgorithmKey:
+		switch v := value.(type) {
+		case string, jwa.SignatureAlgorithm, jwa.ContentEncryptionAlgorithm:
+			var tmp = jwa.KeyAlgorithmFrom(v)
+			h.algorithm = &tmp
+		case fmt.Stringer:
+			s := v.String()
+			var tmp = jwa.KeyAlgorithmFrom(s)
+			h.algorithm = &tmp
+		default:
+			return fmt.Errorf(`invalid type for %s key: %T`, AlgorithmKey, value)
+		}
+		return nil
+	case RSADKey:
+		if v, ok := value.([]byte); ok {
+			h.d = v
+			return nil
+		}
+		return fmt.Errorf(`invalid value for %s key: %T`, RSADKey, value)
+	case RSADPKey:
+		if v, ok := value.([]byte); ok {
+			h.dp = v
+			return nil
+		}
+		return fmt.Errorf(`invalid value for %s key: %T`, RSADPKey, value)
+	case RSADQKey:
+		if v, ok := value.([]byte); ok {
+			h.dq = v
+			return nil
+		}
+		return fmt.Errorf(`invalid value for %s key: %T`, RSADQKey, value)
+	case RSAEKey:
+		if v, ok := value.([]byte); ok {
+			h.e = v
+			return nil
+		}
+		return fmt.Errorf(`invalid value for %s key: %T`, RSAEKey, value)
+	case KeyIDKey:
+		if v, ok := value.(string); ok {
+			h.keyID = &v
+			return nil
+		}
+		return fmt.Errorf(`invalid value for %s key: %T`, KeyIDKey, value)
+	case KeyOpsKey:
+		var acceptor KeyOperationList
+		if err := acceptor.Accept(value); err != nil {
+			return fmt.Errorf(`invalid value for %s key: %w`, KeyOpsKey, err)
+		}
+		h.keyOps = &acceptor
+		return nil
+	case KeyUsageKey:
+		switch v := value.(type) {
+		case KeyUsageType:
+			switch v {
+			case ForSignature, ForEncryption:
+				tmp := v.String()
+				h.keyUsage = &tmp
+			default:
+				return fmt.Errorf(`invalid key usage type %s`, v)
+			}
+		case string:
+			h.keyUsage = &v
+		default:
+			return fmt.Errorf(`invalid key usage type %s`, v)
+		}
+	case RSANKey:
+		if v, ok := value.([]byte); ok {
+			h.n = v
+			return nil
+		}
+		return fmt.Errorf(`invalid value for %s key: %T`, RSANKey, value)
+	case RSAPKey:
+		if v, ok := value.([]byte); ok {
+			h.p = v
+			return nil
+		}
+		return fmt.Errorf(`invalid value for %s key: %T`, RSAPKey, value)
+	case RSAQKey:
+		if v, ok := value.([]byte); ok {
+			h.q = v
+			return nil
+		}
+		return fmt.Errorf(`invalid value for %s key: %T`, RSAQKey, value)
+	case RSAQIKey:
+		if v, ok := value.([]byte); ok {
+			h.qi = v
+			return nil
+		}
+		return fmt.Errorf(`invalid value for %s key: %T`, RSAQIKey, value)
+	case X509CertChainKey:
+		if v, ok := value.(*cert.Chain); ok {
+			h.x509CertChain = v
+			return nil
+		}
+		return fmt.Errorf(`invalid value for %s key: %T`, X509CertChainKey, value)
+	case X509CertThumbprintKey:
+		if v, ok := value.(string); ok {
+			h.x509CertThumbprint = &v
+			return nil
+		}
+		return fmt.Errorf(`invalid value for %s key: %T`, X509CertThumbprintKey, value)
+	case X509CertThumbprintS256Key:
+		if v, ok := value.(string); ok {
+			h.x509CertThumbprintS256 = &v
+			return nil
+		}
+		return fmt.Errorf(`invalid value for %s key: %T`, X509CertThumbprintS256Key, value)
+	case X509URLKey:
+		if v, ok := value.(string); ok {
+			h.x509URL = &v
+			return nil
+		}
+		return fmt.Errorf(`invalid value for %s key: %T`, X509URLKey, value)
+	default:
+		if h.privateParams == nil {
+			h.privateParams = map[string]interface{}{}
+		}
+		h.privateParams[name] = value
+	}
+	return nil
+}
+
+func (k *rsaPrivateKey) Remove(key string) error {
+	k.mu.Lock()
+	defer k.mu.Unlock()
+	switch key {
+	case AlgorithmKey:
+		k.algorithm = nil
+	case RSADKey:
+		k.d = nil
+	case RSADPKey:
+		k.dp = nil
+	case RSADQKey:
+		k.dq = nil
+	case RSAEKey:
+		k.e = nil
+	case KeyIDKey:
+		k.keyID = nil
+	case KeyOpsKey:
+		k.keyOps = nil
+	case KeyUsageKey:
+		k.keyUsage = nil
+	case RSANKey:
+		k.n = nil
+	case RSAPKey:
+		k.p = nil
+	case RSAQKey:
+		k.q = nil
+	case RSAQIKey:
+		k.qi = nil
+	case X509CertChainKey:
+		k.x509CertChain = nil
+	case X509CertThumbprintKey:
+		k.x509CertThumbprint = nil
+	case X509CertThumbprintS256Key:
+		k.x509CertThumbprintS256 = nil
+	case X509URLKey:
+		k.x509URL = nil
+	default:
+		delete(k.privateParams, key)
+	}
+	return nil
+}
+
+func (k *rsaPrivateKey) Clone() (Key, error) {
+	return cloneKey(k)
+}
+
+func (k *rsaPrivateKey) DecodeCtx() json.DecodeCtx {
+	k.mu.RLock()
+	defer k.mu.RUnlock()
+	return k.dc
+}
+
+func (k *rsaPrivateKey) SetDecodeCtx(dc json.DecodeCtx) {
+	k.mu.Lock()
+	defer k.mu.Unlock()
+	k.dc = dc
+}
+
+func (h *rsaPrivateKey) UnmarshalJSON(buf []byte) error {
+	h.mu.Lock()
+	defer h.mu.Unlock()
+	h.algorithm = nil
+	h.d = nil
+	h.dp = nil
+	h.dq = nil
+	h.e = nil
+	h.keyID = nil
+	h.keyOps = nil
+	h.keyUsage = nil
+	h.n = nil
+	h.p = nil
+	h.q = nil
+	h.qi = nil
+	h.x509CertChain = nil
+	h.x509CertThumbprint = nil
+	h.x509CertThumbprintS256 = nil
+	h.x509URL = nil
+	dec := json.NewDecoder(bytes.NewReader(buf))
+LOOP:
+	for {
+		tok, err := dec.Token()
+		if err != nil {
+			return fmt.Errorf(`error reading token: %w`, err)
+		}
+		switch tok := tok.(type) {
+		case json.Delim:
+			// Assuming we're doing everything correctly, we should ONLY
+			// get either '{' or '}' here.
+			if tok == '}' { // End of object
+				break LOOP
+			} else if tok != '{' {
+				return fmt.Errorf(`expected '{', but got '%c'`, tok)
+			}
+		case string: // Objects can only have string keys
+			switch tok {
+			case KeyTypeKey:
+				val, err := json.ReadNextStringToken(dec)
+				if err != nil {
+					return fmt.Errorf(`error reading token: %w`, err)
+				}
+				if val != jwa.RSA.String() {
+					return fmt.Errorf(`invalid kty value for RSAPublicKey (%s)`, val)
+				}
+			case AlgorithmKey:
+				var s string
+				if err := dec.Decode(&s); err != nil {
+					return fmt.Errorf(`failed to decode value for key %s: %w`, AlgorithmKey, err)
+				}
+				alg := jwa.KeyAlgorithmFrom(s)
+				h.algorithm = &alg
+			case RSADKey:
+				if err := json.AssignNextBytesToken(&h.d, dec); err != nil {
+					return fmt.Errorf(`failed to decode value for key %s: %w`, RSADKey, err)
+				}
+			case RSADPKey:
+				if err := json.AssignNextBytesToken(&h.dp, dec); err != nil {
+					return fmt.Errorf(`failed to decode value for key %s: %w`, RSADPKey, err)
+				}
+			case RSADQKey:
+				if err := json.AssignNextBytesToken(&h.dq, dec); err != nil {
+					return fmt.Errorf(`failed to decode value for key %s: %w`, RSADQKey, err)
+				}
+			case RSAEKey:
+				if err := json.AssignNextBytesToken(&h.e, dec); err != nil {
+					return fmt.Errorf(`failed to decode value for key %s: %w`, RSAEKey, err)
+				}
+			case KeyIDKey:
+				if err := json.AssignNextStringToken(&h.keyID, dec); err != nil {
+					return fmt.Errorf(`failed to decode value for key %s: %w`, KeyIDKey, err)
+				}
+			case KeyOpsKey:
+				var decoded KeyOperationList
+				if err := dec.Decode(&decoded); err != nil {
+					return fmt.Errorf(`failed to decode value for key %s: %w`, KeyOpsKey, err)
+				}
+				h.keyOps = &decoded
+			case KeyUsageKey:
+				if err := json.AssignNextStringToken(&h.keyUsage, dec); err != nil {
+					return fmt.Errorf(`failed to decode value for key %s: %w`, KeyUsageKey, err)
+				}
+			case RSANKey:
+				if err := json.AssignNextBytesToken(&h.n, dec); err != nil {
+					return fmt.Errorf(`failed to decode value for key %s: %w`, RSANKey, err)
+				}
+			case RSAPKey:
+				if err := json.AssignNextBytesToken(&h.p, dec); err != nil {
+					return fmt.Errorf(`failed to decode value for key %s: %w`, RSAPKey, err)
+				}
+			case RSAQKey:
+				if err := json.AssignNextBytesToken(&h.q, dec); err != nil {
+					return fmt.Errorf(`failed to decode value for key %s: %w`, RSAQKey, err)
+				}
+			case RSAQIKey:
+				if err := json.AssignNextBytesToken(&h.qi, dec); err != nil {
+					return fmt.Errorf(`failed to decode value for key %s: %w`, RSAQIKey, err)
+				}
+			case X509CertChainKey:
+				var decoded cert.Chain
+				if err := dec.Decode(&decoded); err != nil {
+					return fmt.Errorf(`failed to decode value for key %s: %w`, X509CertChainKey, err)
+				}
+				h.x509CertChain = &decoded
+			case X509CertThumbprintKey:
+				if err := json.AssignNextStringToken(&h.x509CertThumbprint, dec); err != nil {
+					return fmt.Errorf(`failed to decode value for key %s: %w`, X509CertThumbprintKey, err)
+				}
+			case X509CertThumbprintS256Key:
+				if err := json.AssignNextStringToken(&h.x509CertThumbprintS256, dec); err != nil {
+					return fmt.Errorf(`failed to decode value for key %s: %w`, X509CertThumbprintS256Key, err)
+				}
+			case X509URLKey:
+				if err := json.AssignNextStringToken(&h.x509URL, dec); err != nil {
+					return fmt.Errorf(`failed to decode value for key %s: %w`, X509URLKey, err)
+				}
+			default:
+				if dc := h.dc; dc != nil {
+					if localReg := dc.Registry(); localReg != nil {
+						decoded, err := localReg.Decode(dec, tok)
+						if err == nil {
+							h.setNoLock(tok, decoded)
+							continue
+						}
+					}
+				}
+				decoded, err := registry.Decode(dec, tok)
+				if err == nil {
+					h.setNoLock(tok, decoded)
+					continue
+				}
+				return fmt.Errorf(`could not decode field %s: %w`, tok, err)
+			}
+		default:
+			return fmt.Errorf(`invalid token %T`, tok)
+		}
+	}
+	if h.d == nil {
+		return fmt.Errorf(`required field d is missing`)
+	}
+	if h.e == nil {
+		return fmt.Errorf(`required field e is missing`)
+	}
+	if h.n == nil {
+		return fmt.Errorf(`required field n is missing`)
+	}
+	return nil
+}
+
+func (h rsaPrivateKey) MarshalJSON() ([]byte, error) {
+	data := make(map[string]interface{})
+	fields := make([]string, 0, 16)
+	for _, pair := range h.makePairs() {
+		fields = append(fields, pair.Key.(string))
+		data[pair.Key.(string)] = pair.Value
+	}
+
+	sort.Strings(fields)
+	buf := pool.GetBytesBuffer()
+	defer pool.ReleaseBytesBuffer(buf)
+	buf.WriteByte('{')
+	enc := json.NewEncoder(buf)
+	for i, f := range fields {
+		if i > 0 {
+			buf.WriteRune(',')
+		}
+		buf.WriteRune('"')
+		buf.WriteString(f)
+		buf.WriteString(`":`)
+		v := data[f]
+		switch v := v.(type) {
+		case []byte:
+			buf.WriteRune('"')
+			buf.WriteString(base64.EncodeToString(v))
+			buf.WriteRune('"')
+		default:
+			if err := enc.Encode(v); err != nil {
+				return nil, fmt.Errorf(`failed to encode value for field %s: %w`, f, err)
+			}
+			buf.Truncate(buf.Len() - 1)
+		}
+	}
+	buf.WriteByte('}')
+	ret := make([]byte, buf.Len())
+	copy(ret, buf.Bytes())
+	return ret, nil
+}
+
+func (h *rsaPrivateKey) Iterate(ctx context.Context) HeaderIterator {
+	pairs := h.makePairs()
+	ch := make(chan *HeaderPair, len(pairs))
+	go func(ctx context.Context, ch chan *HeaderPair, pairs []*HeaderPair) {
+		defer close(ch)
+		for _, pair := range pairs {
+			select {
+			case <-ctx.Done():
+				return
+			case ch <- pair:
+			}
+		}
+	}(ctx, ch, pairs)
+	return mapiter.New(ch)
+}
+
+func (h *rsaPrivateKey) Walk(ctx context.Context, visitor HeaderVisitor) error {
+	return iter.WalkMap(ctx, h, visitor)
+}
+
+func (h *rsaPrivateKey) AsMap(ctx context.Context) (map[string]interface{}, error) {
+	return iter.AsMap(ctx, h)
+}
diff --git a/vendor/github.com/lestrrat-go/jwx/v2/jwk/set.go b/vendor/github.com/lestrrat-go/jwx/v2/jwk/set.go
new file mode 100644
index 000000000..ab535104d
--- /dev/null
+++ b/vendor/github.com/lestrrat-go/jwx/v2/jwk/set.go
@@ -0,0 +1,338 @@
+package jwk
+
+import (
+	"bytes"
+	"context"
+	"fmt"
+	"sort"
+
+	"github.com/lestrrat-go/iter/arrayiter"
+	"github.com/lestrrat-go/iter/mapiter"
+	"github.com/lestrrat-go/jwx/v2/internal/json"
+	"github.com/lestrrat-go/jwx/v2/internal/pool"
+)
+
+const keysKey = `keys` // appease linter
+
+// NewSet creates and empty `jwk.Set` object
+func NewSet() Set {
+	return &set{
+		privateParams: make(map[string]interface{}),
+	}
+}
+
+func (s *set) Set(n string, v interface{}) error {
+	s.mu.RLock()
+	defer s.mu.RUnlock()
+
+	if n == keysKey {
+		vl, ok := v.([]Key)
+		if !ok {
+			return fmt.Errorf(`value for field "keys" must be []jwk.Key`)
+		}
+		s.keys = vl
+		return nil
+	}
+
+	s.privateParams[n] = v
+	return nil
+}
+
+func (s *set) Get(n string) (interface{}, bool) {
+	s.mu.RLock()
+	defer s.mu.RUnlock()
+
+	v, ok := s.privateParams[n]
+	return v, ok
+}
+
+func (s *set) Key(idx int) (Key, bool) {
+	s.mu.RLock()
+	defer s.mu.RUnlock()
+
+	if idx >= 0 && idx < len(s.keys) {
+		return s.keys[idx], true
+	}
+	return nil, false
+}
+
+func (s *set) Len() int {
+	s.mu.RLock()
+	defer s.mu.RUnlock()
+
+	return len(s.keys)
+}
+
+// indexNL is Index(), but without the locking
+func (s *set) indexNL(key Key) int {
+	for i, k := range s.keys {
+		if k == key {
+			return i
+		}
+	}
+	return -1
+}
+
+func (s *set) Index(key Key) int {
+	s.mu.RLock()
+	defer s.mu.RUnlock()
+
+	return s.indexNL(key)
+}
+
+func (s *set) AddKey(key Key) error {
+	s.mu.Lock()
+	defer s.mu.Unlock()
+
+	if i := s.indexNL(key); i > -1 {
+		return fmt.Errorf(`(jwk.Set).AddKey: key already exists`)
+	}
+	s.keys = append(s.keys, key)
+	return nil
+}
+
+func (s *set) Remove(name string) error {
+	s.mu.Lock()
+	defer s.mu.Unlock()
+
+	delete(s.privateParams, name)
+	return nil
+}
+
+func (s *set) RemoveKey(key Key) error {
+	s.mu.Lock()
+	defer s.mu.Unlock()
+
+	for i, k := range s.keys {
+		if k == key {
+			switch i {
+			case 0:
+				s.keys = s.keys[1:]
+			case len(s.keys) - 1:
+				s.keys = s.keys[:i]
+			default:
+				s.keys = append(s.keys[:i], s.keys[i+1:]...)
+			}
+			return nil
+		}
+	}
+	return fmt.Errorf(`(jwk.Set).RemoveKey: specified key does not exist in set`)
+}
+
+func (s *set) Clear() error {
+	s.mu.Lock()
+	defer s.mu.Unlock()
+
+	s.keys = nil
+	s.privateParams = make(map[string]interface{})
+	return nil
+}
+
+func (s *set) Keys(ctx context.Context) KeyIterator {
+	ch := make(chan *KeyPair, s.Len())
+	go iterate(ctx, s.keys, ch)
+	return arrayiter.New(ch)
+}
+
+func iterate(ctx context.Context, keys []Key, ch chan *KeyPair) {
+	defer close(ch)
+
+	for i, key := range keys {
+		pair := &KeyPair{Index: i, Value: key}
+		select {
+		case <-ctx.Done():
+			return
+		case ch <- pair:
+		}
+	}
+}
+
+func (s *set) MarshalJSON() ([]byte, error) {
+	s.mu.RLock()
+	defer s.mu.RUnlock()
+
+	buf := pool.GetBytesBuffer()
+	defer pool.ReleaseBytesBuffer(buf)
+	enc := json.NewEncoder(buf)
+
+	fields := []string{keysKey}
+	for k := range s.privateParams {
+		fields = append(fields, k)
+	}
+	sort.Strings(fields)
+
+	buf.WriteByte('{')
+	for i, field := range fields {
+		if i > 0 {
+			buf.WriteByte(',')
+		}
+		fmt.Fprintf(buf, `%q:`, field)
+		if field != keysKey {
+			if err := enc.Encode(s.privateParams[field]); err != nil {
+				return nil, fmt.Errorf(`failed to marshal field %q: %w`, field, err)
+			}
+		} else {
+			buf.WriteByte('[')
+			for j, k := range s.keys {
+				if j > 0 {
+					buf.WriteByte(',')
+				}
+				if err := enc.Encode(k); err != nil {
+					return nil, fmt.Errorf(`failed to marshal key #%d: %w`, i, err)
+				}
+			}
+			buf.WriteByte(']')
+		}
+	}
+	buf.WriteByte('}')
+
+	ret := make([]byte, buf.Len())
+	copy(ret, buf.Bytes())
+	return ret, nil
+}
+
+func (s *set) UnmarshalJSON(data []byte) error {
+	s.mu.Lock()
+	defer s.mu.Unlock()
+
+	s.privateParams = make(map[string]interface{})
+	s.keys = nil
+
+	var options []ParseOption
+	var ignoreParseError bool
+	if dc := s.dc; dc != nil {
+		if localReg := dc.Registry(); localReg != nil {
+			options = append(options, withLocalRegistry(localReg))
+		}
+		ignoreParseError = dc.IgnoreParseError()
+	}
+
+	var sawKeysField bool
+	dec := json.NewDecoder(bytes.NewReader(data))
+LOOP:
+	for {
+		tok, err := dec.Token()
+		if err != nil {
+			return fmt.Errorf(`error reading token: %w`, err)
+		}
+
+		switch tok := tok.(type) {
+		case json.Delim:
+			// Assuming we're doing everything correctly, we should ONLY
+			// get either '{' or '}' here.
+			if tok == '}' { // End of object
+				break LOOP
+			} else if tok != '{' {
+				return fmt.Errorf(`expected '{', but got '%c'`, tok)
+			}
+		case string:
+			switch tok {
+			case "keys":
+				sawKeysField = true
+				var list []json.RawMessage
+				if err := dec.Decode(&list); err != nil {
+					return fmt.Errorf(`failed to decode "keys": %w`, err)
+				}
+
+				for i, keysrc := range list {
+					key, err := ParseKey(keysrc, options...)
+					if err != nil {
+						if !ignoreParseError {
+							return fmt.Errorf(`failed to decode key #%d in "keys": %w`, i, err)
+						}
+						continue
+					}
+					s.keys = append(s.keys, key)
+				}
+			default:
+				var v interface{}
+				if err := dec.Decode(&v); err != nil {
+					return fmt.Errorf(`failed to decode value for key %q: %w`, tok, err)
+				}
+				s.privateParams[tok] = v
+			}
+		}
+	}
+
+	// This is really silly, but we can only detect the
+	// lack of the "keys" field after going through the
+	// entire object once
+	// Not checking for len(s.keys) == 0, because it could be
+	// an empty key set
+	if !sawKeysField {
+		key, err := ParseKey(data, options...)
+		if err != nil {
+			return fmt.Errorf(`failed to parse sole key in key set`)
+		}
+		s.keys = append(s.keys, key)
+	}
+	return nil
+}
+
+func (s *set) LookupKeyID(kid string) (Key, bool) {
+	s.mu.RLock()
+	defer s.mu.RUnlock()
+
+	n := s.Len()
+	for i := 0; i < n; i++ {
+		key, ok := s.Key(i)
+		if !ok {
+			return nil, false
+		}
+		if key.KeyID() == kid {
+			return key, true
+		}
+	}
+	return nil, false
+}
+
+func (s *set) DecodeCtx() DecodeCtx {
+	s.mu.RLock()
+	defer s.mu.RUnlock()
+	return s.dc
+}
+
+func (s *set) SetDecodeCtx(dc DecodeCtx) {
+	s.mu.Lock()
+	defer s.mu.Unlock()
+	s.dc = dc
+}
+
+func (s *set) Clone() (Set, error) {
+	s2 := &set{}
+
+	s.mu.RLock()
+	defer s.mu.RUnlock()
+
+	s2.keys = make([]Key, len(s.keys))
+	copy(s2.keys, s.keys)
+	return s2, nil
+}
+
+func (s *set) makePairs() []*HeaderPair {
+	pairs := make([]*HeaderPair, 0, len(s.privateParams))
+	for k, v := range s.privateParams {
+		pairs = append(pairs, &HeaderPair{Key: k, Value: v})
+	}
+	sort.Slice(pairs, func(i, j int) bool {
+		//nolint:forcetypeassert
+		return pairs[i].Key.(string) < pairs[j].Key.(string)
+	})
+	return pairs
+}
+
+func (s *set) Iterate(ctx context.Context) HeaderIterator {
+	pairs := s.makePairs()
+	ch := make(chan *HeaderPair, len(pairs))
+	go func(ctx context.Context, ch chan *HeaderPair, pairs []*HeaderPair) {
+		defer close(ch)
+		for _, pair := range pairs {
+			select {
+			case <-ctx.Done():
+				return
+			case ch <- pair:
+			}
+		}
+	}(ctx, ch, pairs)
+	return mapiter.New(ch)
+}
diff --git a/vendor/github.com/lestrrat-go/jwx/v2/jwk/symmetric.go b/vendor/github.com/lestrrat-go/jwx/v2/jwk/symmetric.go
new file mode 100644
index 000000000..378f9c738
--- /dev/null
+++ b/vendor/github.com/lestrrat-go/jwx/v2/jwk/symmetric.go
@@ -0,0 +1,67 @@
+package jwk
+
+import (
+	"crypto"
+	"fmt"
+
+	"github.com/lestrrat-go/blackmagic"
+	"github.com/lestrrat-go/jwx/v2/internal/base64"
+)
+
+func (k *symmetricKey) FromRaw(rawKey []byte) error {
+	k.mu.Lock()
+	defer k.mu.Unlock()
+
+	if len(rawKey) == 0 {
+		return fmt.Errorf(`non-empty []byte key required`)
+	}
+
+	k.octets = rawKey
+
+	return nil
+}
+
+// Raw returns the octets for this symmetric key.
+// Since this is a symmetric key, this just calls Octets
+func (k *symmetricKey) Raw(v interface{}) error {
+	k.mu.RLock()
+	defer k.mu.RUnlock()
+	return blackmagic.AssignIfCompatible(v, k.octets)
+}
+
+// Thumbprint returns the JWK thumbprint using the indicated
+// hashing algorithm, according to RFC 7638
+func (k *symmetricKey) Thumbprint(hash crypto.Hash) ([]byte, error) {
+	k.mu.RLock()
+	defer k.mu.RUnlock()
+	var octets []byte
+	if err := k.Raw(&octets); err != nil {
+		return nil, fmt.Errorf(`failed to materialize symmetric key: %w`, err)
+	}
+
+	h := hash.New()
+	fmt.Fprint(h, `{"k":"`)
+	fmt.Fprint(h, base64.EncodeToString(octets))
+	fmt.Fprint(h, `","kty":"oct"}`)
+	return h.Sum(nil), nil
+}
+
+func (k *symmetricKey) PublicKey() (Key, error) {
+	newKey := newSymmetricKey()
+
+	for _, pair := range k.makePairs() {
+		//nolint:forcetypeassert
+		key := pair.Key.(string)
+		if err := newKey.Set(key, pair.Value); err != nil {
+			return nil, fmt.Errorf(`failed to set field %q: %w`, key, err)
+		}
+	}
+	return newKey, nil
+}
+
+func (k *symmetricKey) Validate() error {
+	if len(k.Octets()) == 0 {
+		return NewKeyValidationError(fmt.Errorf(`jwk.SymmetricKey: missing "k" field`))
+	}
+	return nil
+}
diff --git a/vendor/github.com/lestrrat-go/jwx/v2/jwk/symmetric_gen.go b/vendor/github.com/lestrrat-go/jwx/v2/jwk/symmetric_gen.go
new file mode 100644
index 000000000..fc96c78d7
--- /dev/null
+++ b/vendor/github.com/lestrrat-go/jwx/v2/jwk/symmetric_gen.go
@@ -0,0 +1,520 @@
+// Code generated by tools/cmd/genjwk/main.go. DO NOT EDIT.
+
+package jwk
+
+import (
+	"bytes"
+	"context"
+	"fmt"
+	"sort"
+	"sync"
+
+	"github.com/lestrrat-go/iter/mapiter"
+	"github.com/lestrrat-go/jwx/v2/cert"
+	"github.com/lestrrat-go/jwx/v2/internal/base64"
+	"github.com/lestrrat-go/jwx/v2/internal/iter"
+	"github.com/lestrrat-go/jwx/v2/internal/json"
+	"github.com/lestrrat-go/jwx/v2/internal/pool"
+	"github.com/lestrrat-go/jwx/v2/jwa"
+)
+
+const (
+	SymmetricOctetsKey = "k"
+)
+
+type SymmetricKey interface {
+	Key
+	FromRaw([]byte) error
+	Octets() []byte
+}
+
+type symmetricKey struct {
+	algorithm              *jwa.KeyAlgorithm // https://tools.ietf.org/html/rfc7517#section-4.4
+	keyID                  *string           // https://tools.ietf.org/html/rfc7515#section-4.1.4
+	keyOps                 *KeyOperationList // https://tools.ietf.org/html/rfc7517#section-4.3
+	keyUsage               *string           // https://tools.ietf.org/html/rfc7517#section-4.2
+	octets                 []byte
+	x509CertChain          *cert.Chain // https://tools.ietf.org/html/rfc7515#section-4.1.6
+	x509CertThumbprint     *string     // https://tools.ietf.org/html/rfc7515#section-4.1.7
+	x509CertThumbprintS256 *string     // https://tools.ietf.org/html/rfc7515#section-4.1.8
+	x509URL                *string     // https://tools.ietf.org/html/rfc7515#section-4.1.5
+	privateParams          map[string]interface{}
+	mu                     *sync.RWMutex
+	dc                     json.DecodeCtx
+}
+
+var _ SymmetricKey = &symmetricKey{}
+var _ Key = &symmetricKey{}
+
+func newSymmetricKey() *symmetricKey {
+	return &symmetricKey{
+		mu:            &sync.RWMutex{},
+		privateParams: make(map[string]interface{}),
+	}
+}
+
+func (h symmetricKey) KeyType() jwa.KeyType {
+	return jwa.OctetSeq
+}
+
+func (h *symmetricKey) Algorithm() jwa.KeyAlgorithm {
+	if h.algorithm != nil {
+		return *(h.algorithm)
+	}
+	return jwa.InvalidKeyAlgorithm("")
+}
+
+func (h *symmetricKey) KeyID() string {
+	if h.keyID != nil {
+		return *(h.keyID)
+	}
+	return ""
+}
+
+func (h *symmetricKey) KeyOps() KeyOperationList {
+	if h.keyOps != nil {
+		return *(h.keyOps)
+	}
+	return nil
+}
+
+func (h *symmetricKey) KeyUsage() string {
+	if h.keyUsage != nil {
+		return *(h.keyUsage)
+	}
+	return ""
+}
+
+func (h *symmetricKey) Octets() []byte {
+	return h.octets
+}
+
+func (h *symmetricKey) X509CertChain() *cert.Chain {
+	return h.x509CertChain
+}
+
+func (h *symmetricKey) X509CertThumbprint() string {
+	if h.x509CertThumbprint != nil {
+		return *(h.x509CertThumbprint)
+	}
+	return ""
+}
+
+func (h *symmetricKey) X509CertThumbprintS256() string {
+	if h.x509CertThumbprintS256 != nil {
+		return *(h.x509CertThumbprintS256)
+	}
+	return ""
+}
+
+func (h *symmetricKey) X509URL() string {
+	if h.x509URL != nil {
+		return *(h.x509URL)
+	}
+	return ""
+}
+
+func (h *symmetricKey) makePairs() []*HeaderPair {
+	h.mu.RLock()
+	defer h.mu.RUnlock()
+
+	var pairs []*HeaderPair
+	pairs = append(pairs, &HeaderPair{Key: "kty", Value: jwa.OctetSeq})
+	if h.algorithm != nil {
+		pairs = append(pairs, &HeaderPair{Key: AlgorithmKey, Value: *(h.algorithm)})
+	}
+	if h.keyID != nil {
+		pairs = append(pairs, &HeaderPair{Key: KeyIDKey, Value: *(h.keyID)})
+	}
+	if h.keyOps != nil {
+		pairs = append(pairs, &HeaderPair{Key: KeyOpsKey, Value: *(h.keyOps)})
+	}
+	if h.keyUsage != nil {
+		pairs = append(pairs, &HeaderPair{Key: KeyUsageKey, Value: *(h.keyUsage)})
+	}
+	if h.octets != nil {
+		pairs = append(pairs, &HeaderPair{Key: SymmetricOctetsKey, Value: h.octets})
+	}
+	if h.x509CertChain != nil {
+		pairs = append(pairs, &HeaderPair{Key: X509CertChainKey, Value: h.x509CertChain})
+	}
+	if h.x509CertThumbprint != nil {
+		pairs = append(pairs, &HeaderPair{Key: X509CertThumbprintKey, Value: *(h.x509CertThumbprint)})
+	}
+	if h.x509CertThumbprintS256 != nil {
+		pairs = append(pairs, &HeaderPair{Key: X509CertThumbprintS256Key, Value: *(h.x509CertThumbprintS256)})
+	}
+	if h.x509URL != nil {
+		pairs = append(pairs, &HeaderPair{Key: X509URLKey, Value: *(h.x509URL)})
+	}
+	for k, v := range h.privateParams {
+		pairs = append(pairs, &HeaderPair{Key: k, Value: v})
+	}
+	return pairs
+}
+
+func (h *symmetricKey) PrivateParams() map[string]interface{} {
+	return h.privateParams
+}
+
+func (h *symmetricKey) Get(name string) (interface{}, bool) {
+	h.mu.RLock()
+	defer h.mu.RUnlock()
+	switch name {
+	case KeyTypeKey:
+		return h.KeyType(), true
+	case AlgorithmKey:
+		if h.algorithm == nil {
+			return nil, false
+		}
+		return *(h.algorithm), true
+	case KeyIDKey:
+		if h.keyID == nil {
+			return nil, false
+		}
+		return *(h.keyID), true
+	case KeyOpsKey:
+		if h.keyOps == nil {
+			return nil, false
+		}
+		return *(h.keyOps), true
+	case KeyUsageKey:
+		if h.keyUsage == nil {
+			return nil, false
+		}
+		return *(h.keyUsage), true
+	case SymmetricOctetsKey:
+		if h.octets == nil {
+			return nil, false
+		}
+		return h.octets, true
+	case X509CertChainKey:
+		if h.x509CertChain == nil {
+			return nil, false
+		}
+		return h.x509CertChain, true
+	case X509CertThumbprintKey:
+		if h.x509CertThumbprint == nil {
+			return nil, false
+		}
+		return *(h.x509CertThumbprint), true
+	case X509CertThumbprintS256Key:
+		if h.x509CertThumbprintS256 == nil {
+			return nil, false
+		}
+		return *(h.x509CertThumbprintS256), true
+	case X509URLKey:
+		if h.x509URL == nil {
+			return nil, false
+		}
+		return *(h.x509URL), true
+	default:
+		v, ok := h.privateParams[name]
+		return v, ok
+	}
+}
+
+func (h *symmetricKey) Set(name string, value interface{}) error {
+	h.mu.Lock()
+	defer h.mu.Unlock()
+	return h.setNoLock(name, value)
+}
+
+func (h *symmetricKey) setNoLock(name string, value interface{}) error {
+	switch name {
+	case "kty":
+		return nil
+	case AlgorithmKey:
+		switch v := value.(type) {
+		case string, jwa.SignatureAlgorithm, jwa.ContentEncryptionAlgorithm:
+			var tmp = jwa.KeyAlgorithmFrom(v)
+			h.algorithm = &tmp
+		case fmt.Stringer:
+			s := v.String()
+			var tmp = jwa.KeyAlgorithmFrom(s)
+			h.algorithm = &tmp
+		default:
+			return fmt.Errorf(`invalid type for %s key: %T`, AlgorithmKey, value)
+		}
+		return nil
+	case KeyIDKey:
+		if v, ok := value.(string); ok {
+			h.keyID = &v
+			return nil
+		}
+		return fmt.Errorf(`invalid value for %s key: %T`, KeyIDKey, value)
+	case KeyOpsKey:
+		var acceptor KeyOperationList
+		if err := acceptor.Accept(value); err != nil {
+			return fmt.Errorf(`invalid value for %s key: %w`, KeyOpsKey, err)
+		}
+		h.keyOps = &acceptor
+		return nil
+	case KeyUsageKey:
+		switch v := value.(type) {
+		case KeyUsageType:
+			switch v {
+			case ForSignature, ForEncryption:
+				tmp := v.String()
+				h.keyUsage = &tmp
+			default:
+				return fmt.Errorf(`invalid key usage type %s`, v)
+			}
+		case string:
+			h.keyUsage = &v
+		default:
+			return fmt.Errorf(`invalid key usage type %s`, v)
+		}
+	case SymmetricOctetsKey:
+		if v, ok := value.([]byte); ok {
+			h.octets = v
+			return nil
+		}
+		return fmt.Errorf(`invalid value for %s key: %T`, SymmetricOctetsKey, value)
+	case X509CertChainKey:
+		if v, ok := value.(*cert.Chain); ok {
+			h.x509CertChain = v
+			return nil
+		}
+		return fmt.Errorf(`invalid value for %s key: %T`, X509CertChainKey, value)
+	case X509CertThumbprintKey:
+		if v, ok := value.(string); ok {
+			h.x509CertThumbprint = &v
+			return nil
+		}
+		return fmt.Errorf(`invalid value for %s key: %T`, X509CertThumbprintKey, value)
+	case X509CertThumbprintS256Key:
+		if v, ok := value.(string); ok {
+			h.x509CertThumbprintS256 = &v
+			return nil
+		}
+		return fmt.Errorf(`invalid value for %s key: %T`, X509CertThumbprintS256Key, value)
+	case X509URLKey:
+		if v, ok := value.(string); ok {
+			h.x509URL = &v
+			return nil
+		}
+		return fmt.Errorf(`invalid value for %s key: %T`, X509URLKey, value)
+	default:
+		if h.privateParams == nil {
+			h.privateParams = map[string]interface{}{}
+		}
+		h.privateParams[name] = value
+	}
+	return nil
+}
+
+func (k *symmetricKey) Remove(key string) error {
+	k.mu.Lock()
+	defer k.mu.Unlock()
+	switch key {
+	case AlgorithmKey:
+		k.algorithm = nil
+	case KeyIDKey:
+		k.keyID = nil
+	case KeyOpsKey:
+		k.keyOps = nil
+	case KeyUsageKey:
+		k.keyUsage = nil
+	case SymmetricOctetsKey:
+		k.octets = nil
+	case X509CertChainKey:
+		k.x509CertChain = nil
+	case X509CertThumbprintKey:
+		k.x509CertThumbprint = nil
+	case X509CertThumbprintS256Key:
+		k.x509CertThumbprintS256 = nil
+	case X509URLKey:
+		k.x509URL = nil
+	default:
+		delete(k.privateParams, key)
+	}
+	return nil
+}
+
+func (k *symmetricKey) Clone() (Key, error) {
+	return cloneKey(k)
+}
+
+func (k *symmetricKey) DecodeCtx() json.DecodeCtx {
+	k.mu.RLock()
+	defer k.mu.RUnlock()
+	return k.dc
+}
+
+func (k *symmetricKey) SetDecodeCtx(dc json.DecodeCtx) {
+	k.mu.Lock()
+	defer k.mu.Unlock()
+	k.dc = dc
+}
+
+func (h *symmetricKey) UnmarshalJSON(buf []byte) error {
+	h.mu.Lock()
+	defer h.mu.Unlock()
+	h.algorithm = nil
+	h.keyID = nil
+	h.keyOps = nil
+	h.keyUsage = nil
+	h.octets = nil
+	h.x509CertChain = nil
+	h.x509CertThumbprint = nil
+	h.x509CertThumbprintS256 = nil
+	h.x509URL = nil
+	dec := json.NewDecoder(bytes.NewReader(buf))
+LOOP:
+	for {
+		tok, err := dec.Token()
+		if err != nil {
+			return fmt.Errorf(`error reading token: %w`, err)
+		}
+		switch tok := tok.(type) {
+		case json.Delim:
+			// Assuming we're doing everything correctly, we should ONLY
+			// get either '{' or '}' here.
+			if tok == '}' { // End of object
+				break LOOP
+			} else if tok != '{' {
+				return fmt.Errorf(`expected '{', but got '%c'`, tok)
+			}
+		case string: // Objects can only have string keys
+			switch tok {
+			case KeyTypeKey:
+				val, err := json.ReadNextStringToken(dec)
+				if err != nil {
+					return fmt.Errorf(`error reading token: %w`, err)
+				}
+				if val != jwa.OctetSeq.String() {
+					return fmt.Errorf(`invalid kty value for RSAPublicKey (%s)`, val)
+				}
+			case AlgorithmKey:
+				var s string
+				if err := dec.Decode(&s); err != nil {
+					return fmt.Errorf(`failed to decode value for key %s: %w`, AlgorithmKey, err)
+				}
+				alg := jwa.KeyAlgorithmFrom(s)
+				h.algorithm = &alg
+			case KeyIDKey:
+				if err := json.AssignNextStringToken(&h.keyID, dec); err != nil {
+					return fmt.Errorf(`failed to decode value for key %s: %w`, KeyIDKey, err)
+				}
+			case KeyOpsKey:
+				var decoded KeyOperationList
+				if err := dec.Decode(&decoded); err != nil {
+					return fmt.Errorf(`failed to decode value for key %s: %w`, KeyOpsKey, err)
+				}
+				h.keyOps = &decoded
+			case KeyUsageKey:
+				if err := json.AssignNextStringToken(&h.keyUsage, dec); err != nil {
+					return fmt.Errorf(`failed to decode value for key %s: %w`, KeyUsageKey, err)
+				}
+			case SymmetricOctetsKey:
+				if err := json.AssignNextBytesToken(&h.octets, dec); err != nil {
+					return fmt.Errorf(`failed to decode value for key %s: %w`, SymmetricOctetsKey, err)
+				}
+			case X509CertChainKey:
+				var decoded cert.Chain
+				if err := dec.Decode(&decoded); err != nil {
+					return fmt.Errorf(`failed to decode value for key %s: %w`, X509CertChainKey, err)
+				}
+				h.x509CertChain = &decoded
+			case X509CertThumbprintKey:
+				if err := json.AssignNextStringToken(&h.x509CertThumbprint, dec); err != nil {
+					return fmt.Errorf(`failed to decode value for key %s: %w`, X509CertThumbprintKey, err)
+				}
+			case X509CertThumbprintS256Key:
+				if err := json.AssignNextStringToken(&h.x509CertThumbprintS256, dec); err != nil {
+					return fmt.Errorf(`failed to decode value for key %s: %w`, X509CertThumbprintS256Key, err)
+				}
+			case X509URLKey:
+				if err := json.AssignNextStringToken(&h.x509URL, dec); err != nil {
+					return fmt.Errorf(`failed to decode value for key %s: %w`, X509URLKey, err)
+				}
+			default:
+				if dc := h.dc; dc != nil {
+					if localReg := dc.Registry(); localReg != nil {
+						decoded, err := localReg.Decode(dec, tok)
+						if err == nil {
+							h.setNoLock(tok, decoded)
+							continue
+						}
+					}
+				}
+				decoded, err := registry.Decode(dec, tok)
+				if err == nil {
+					h.setNoLock(tok, decoded)
+					continue
+				}
+				return fmt.Errorf(`could not decode field %s: %w`, tok, err)
+			}
+		default:
+			return fmt.Errorf(`invalid token %T`, tok)
+		}
+	}
+	if h.octets == nil {
+		return fmt.Errorf(`required field k is missing`)
+	}
+	return nil
+}
+
+func (h symmetricKey) MarshalJSON() ([]byte, error) {
+	data := make(map[string]interface{})
+	fields := make([]string, 0, 9)
+	for _, pair := range h.makePairs() {
+		fields = append(fields, pair.Key.(string))
+		data[pair.Key.(string)] = pair.Value
+	}
+
+	sort.Strings(fields)
+	buf := pool.GetBytesBuffer()
+	defer pool.ReleaseBytesBuffer(buf)
+	buf.WriteByte('{')
+	enc := json.NewEncoder(buf)
+	for i, f := range fields {
+		if i > 0 {
+			buf.WriteRune(',')
+		}
+		buf.WriteRune('"')
+		buf.WriteString(f)
+		buf.WriteString(`":`)
+		v := data[f]
+		switch v := v.(type) {
+		case []byte:
+			buf.WriteRune('"')
+			buf.WriteString(base64.EncodeToString(v))
+			buf.WriteRune('"')
+		default:
+			if err := enc.Encode(v); err != nil {
+				return nil, fmt.Errorf(`failed to encode value for field %s: %w`, f, err)
+			}
+			buf.Truncate(buf.Len() - 1)
+		}
+	}
+	buf.WriteByte('}')
+	ret := make([]byte, buf.Len())
+	copy(ret, buf.Bytes())
+	return ret, nil
+}
+
+func (h *symmetricKey) Iterate(ctx context.Context) HeaderIterator {
+	pairs := h.makePairs()
+	ch := make(chan *HeaderPair, len(pairs))
+	go func(ctx context.Context, ch chan *HeaderPair, pairs []*HeaderPair) {
+		defer close(ch)
+		for _, pair := range pairs {
+			select {
+			case <-ctx.Done():
+				return
+			case ch <- pair:
+			}
+		}
+	}(ctx, ch, pairs)
+	return mapiter.New(ch)
+}
+
+func (h *symmetricKey) Walk(ctx context.Context, visitor HeaderVisitor) error {
+	return iter.WalkMap(ctx, h, visitor)
+}
+
+func (h *symmetricKey) AsMap(ctx context.Context) (map[string]interface{}, error) {
+	return iter.AsMap(ctx, h)
+}
diff --git a/vendor/github.com/lestrrat-go/jwx/v2/jwk/usage.go b/vendor/github.com/lestrrat-go/jwx/v2/jwk/usage.go
new file mode 100644
index 000000000..c21892395
--- /dev/null
+++ b/vendor/github.com/lestrrat-go/jwx/v2/jwk/usage.go
@@ -0,0 +1,30 @@
+package jwk
+
+import "fmt"
+
+func (k KeyUsageType) String() string {
+	return string(k)
+}
+
+func (k *KeyUsageType) Accept(v interface{}) error {
+	switch v := v.(type) {
+	case KeyUsageType:
+		switch v {
+		case ForSignature, ForEncryption:
+			*k = v
+			return nil
+		default:
+			return fmt.Errorf("invalid key usage type %s", v)
+		}
+	case string:
+		switch v {
+		case ForSignature.String(), ForEncryption.String():
+			*k = KeyUsageType(v)
+			return nil
+		default:
+			return fmt.Errorf("invalid key usage type %s", v)
+		}
+	}
+
+	return fmt.Errorf("invalid value for key usage type %s", v)
+}
diff --git a/vendor/github.com/lestrrat-go/jwx/v2/jwk/whitelist.go b/vendor/github.com/lestrrat-go/jwx/v2/jwk/whitelist.go
new file mode 100644
index 000000000..6b0180d30
--- /dev/null
+++ b/vendor/github.com/lestrrat-go/jwx/v2/jwk/whitelist.go
@@ -0,0 +1,69 @@
+package jwk
+
+import "regexp"
+
+// InsecureWhitelist allows any URLs to be fetched. This is the default
+// behavior of `jwk.Fetch()`, but this exists to allow other libraries
+// (such as jws, via jws.VerifyAuto) and users to be able to explicitly
+// state that they intend to not check the URLs that are being fetched
+type InsecureWhitelist struct{}
+
+func (InsecureWhitelist) IsAllowed(string) bool {
+	return true
+}
+
+// RegexpWhitelist is a jwk.Whitelist object comprised of a list of *regexp.Regexp
+// objects. All entries in the list are tried until one matches. If none of the
+// *regexp.Regexp objects match, then the URL is deemed unallowed.
+type RegexpWhitelist struct {
+	patterns []*regexp.Regexp
+}
+
+func NewRegexpWhitelist() *RegexpWhitelist {
+	return &RegexpWhitelist{}
+}
+
+func (w *RegexpWhitelist) Add(pat *regexp.Regexp) *RegexpWhitelist {
+	w.patterns = append(w.patterns, pat)
+	return w
+}
+
+// IsAlloed returns true if any of the patterns in the whitelist
+// returns true.
+func (w *RegexpWhitelist) IsAllowed(u string) bool {
+	for _, pat := range w.patterns {
+		if pat.MatchString(u) {
+			return true
+		}
+	}
+	return false
+}
+
+// MapWhitelist is a jwk.Whitelist object comprised of a map of strings.
+// If the URL exists in the map, then the URL is allowed to be fetched.
+type MapWhitelist struct {
+	store map[string]struct{}
+}
+
+func NewMapWhitelist() *MapWhitelist {
+	return &MapWhitelist{store: make(map[string]struct{})}
+}
+
+func (w *MapWhitelist) Add(pat string) *MapWhitelist {
+	w.store[pat] = struct{}{}
+	return w
+}
+
+func (w *MapWhitelist) IsAllowed(u string) bool {
+	_, b := w.store[u]
+	return b
+}
+
+// WhitelistFunc is a jwk.Whitelist object based on a function.
+// You can perform any sort of check against the given URL to determine
+// if it can be fetched or not.
+type WhitelistFunc func(string) bool
+
+func (w WhitelistFunc) IsAllowed(u string) bool {
+	return w(u)
+}
diff --git a/vendor/github.com/lestrrat-go/jwx/v2/jws/BUILD.bazel b/vendor/github.com/lestrrat-go/jwx/v2/jws/BUILD.bazel
new file mode 100644
index 000000000..00e8c1398
--- /dev/null
+++ b/vendor/github.com/lestrrat-go/jwx/v2/jws/BUILD.bazel
@@ -0,0 +1,71 @@
+load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test")
+
+go_library(
+    name = "jws",
+    srcs = [
+        "ecdsa.go",
+        "eddsa.go",
+        "headers.go",
+        "headers_gen.go",
+        "hmac.go",
+        "interface.go",
+        "io.go",
+        "jws.go",
+        "key_provider.go",
+        "message.go",
+        "options.go",
+        "options_gen.go",
+        "rsa.go",
+        "signer.go",
+        "verifier.go",
+    ],
+    importpath = "github.com/lestrrat-go/jwx/v2/jws",
+    visibility = ["//visibility:public"],
+    deps = [
+        "//cert",
+        "//internal/base64",
+        "//internal/ecutil",
+        "//internal/iter",
+        "//internal/json",
+        "//internal/keyconv",
+        "//internal/pool",
+        "//jwa",
+        "//jwk",
+        "//x25519",
+        "@com_github_lestrrat_go_blackmagic//:go_default_library",
+        "@com_github_lestrrat_go_iter//mapiter:go_default_library",
+        "@com_github_lestrrat_go_option//:option",
+    ],
+)
+
+go_test(
+    name = "jws_test",
+    srcs = [
+        "headers_test.go",
+        "jws_test.go",
+        "message_test.go",
+        "options_gen_test.go",
+        "signer_test.go",
+    ],
+    embed = [":jws"],
+    deps = [
+        "//cert",
+        "//internal/base64",
+        "//internal/ecutil",
+        "//internal/json",
+        "//internal/jwxtest",
+        "//jwa",
+        "//jwk",
+        "//jwt",
+        "//x25519",
+        "@com_github_lestrrat_go_httprc//:go_default_library",
+        "@com_github_stretchr_testify//assert",
+        "@com_github_stretchr_testify//require",
+    ],
+)
+
+alias(
+    name = "go_default_library",
+    actual = ":jws",
+    visibility = ["//visibility:public"],
+)
diff --git a/vendor/github.com/lestrrat-go/jwx/v2/jws/README.md b/vendor/github.com/lestrrat-go/jwx/v2/jws/README.md
new file mode 100644
index 000000000..470842ef3
--- /dev/null
+++ b/vendor/github.com/lestrrat-go/jwx/v2/jws/README.md
@@ -0,0 +1,111 @@
+# JWS [![Go Reference](https://pkg.go.dev/badge/github.com/lestrrat-go/jwx/v2/jws.svg)](https://pkg.go.dev/github.com/lestrrat-go/jwx/v2/jws)
+
+Package jws implements JWS as described in [RFC7515](https://tools.ietf.org/html/rfc7515) and [RFC7797](https://tools.ietf.org/html/rfc7797)
+
+* Parse and generate compact or JSON serializations
+* Sign and verify arbitrary payload
+* Use any of the keys supported in [github.com/lestrrat-go/jwx/v2/jwk](../jwk)
+* Add arbitrary fields in the JWS object
+* Ability to add/replace existing signature methods
+* Respect "b64" settings for RFC7797
+
+How-to style documentation can be found in the [docs directory](../docs).
+
+Examples are located in the examples directory ([jws_example_test.go](../examples/jws_example_test.go))
+
+Supported signature algorithms:
+
+| Algorithm                               | Supported? | Constant in [jwa](../jwa) |
+|:----------------------------------------|:-----------|:-------------------------|
+| HMAC using SHA-256                      | YES        | jwa.HS256                |
+| HMAC using SHA-384                      | YES        | jwa.HS384                |
+| HMAC using SHA-512                      | YES        | jwa.HS512                |
+| RSASSA-PKCS-v1.5 using SHA-256          | YES        | jwa.RS256                |
+| RSASSA-PKCS-v1.5 using SHA-384          | YES        | jwa.RS384                |
+| RSASSA-PKCS-v1.5 using SHA-512          | YES        | jwa.RS512                |
+| ECDSA using P-256 and SHA-256           | YES        | jwa.ES256                |
+| ECDSA using P-384 and SHA-384           | YES        | jwa.ES384                |
+| ECDSA using P-521 and SHA-512           | YES        | jwa.ES512                |
+| ECDSA using secp256k1 and SHA-256 (2)   | YES        | jwa.ES256K               |
+| RSASSA-PSS using SHA256 and MGF1-SHA256 | YES        | jwa.PS256                |
+| RSASSA-PSS using SHA384 and MGF1-SHA384 | YES        | jwa.PS384                |
+| RSASSA-PSS using SHA512 and MGF1-SHA512 | YES        | jwa.PS512                |
+| EdDSA (1)                               | YES        | jwa.EdDSA                |
+
+* Note 1: Experimental
+* Note 2: Experimental, and must be toggled using `-tags jwx_es256k` build tag
+
+# SYNOPSIS
+
+## Sign and verify arbitrary data
+
+```go
+import(
+  "crypto/rand"
+  "crypto/rsa"
+  "log"
+
+  "github.com/lestrrat-go/jwx/v2/jwa"
+  "github.com/lestrrat-go/jwx/v2/jws"
+)
+
+func main() {
+  privkey, err := rsa.GenerateKey(rand.Reader, 2048)
+  if err != nil {
+    log.Printf("failed to generate private key: %s", err)
+    return
+  }
+
+  buf, err := jws.Sign([]byte("Lorem ipsum"), jws.WithKey(jwa.RS256, privkey))
+  if err != nil {
+    log.Printf("failed to created JWS message: %s", err)
+    return
+  }
+
+  // When you receive a JWS message, you can verify the signature
+  // and grab the payload sent in the message in one go:
+  verified, err := jws.Verify(buf, jws.WithKey(jwa.RS256, &privkey.PublicKey))
+  if err != nil {
+    log.Printf("failed to verify message: %s", err)
+    return
+  }
+
+  log.Printf("signed message verified! -> %s", verified)
+}
+```
+
+## Programatically manipulate `jws.Message`
+
+```go
+func ExampleMessage() {
+  // initialization for the following variables have been omitted.
+  // please see jws_example_test.go for details
+  var decodedPayload, decodedSig1, decodedSig2 []byte
+  var public1, protected1, public2, protected2 jws.Header
+
+  // Construct a message. DO NOT use values that are base64 encoded
+  m := jws.NewMessage().
+    SetPayload(decodedPayload).
+    AppendSignature(
+      jws.NewSignature().
+        SetSignature(decodedSig1).
+        SetProtectedHeaders(public1).
+        SetPublicHeaders(protected1),
+    ).
+    AppendSignature(
+      jws.NewSignature().
+        SetSignature(decodedSig2).
+        SetProtectedHeaders(public2).
+        SetPublicHeaders(protected2),
+    )
+
+  buf, err := json.MarshalIndent(m, "", "  ")
+  if err != nil {
+    fmt.Printf("%s\n", err)
+    return
+  }
+
+  _ = buf
+}
+```
+
diff --git a/vendor/github.com/lestrrat-go/jwx/v2/jws/ecdsa.go b/vendor/github.com/lestrrat-go/jwx/v2/jws/ecdsa.go
new file mode 100644
index 000000000..8edf23ab0
--- /dev/null
+++ b/vendor/github.com/lestrrat-go/jwx/v2/jws/ecdsa.go
@@ -0,0 +1,206 @@
+package jws
+
+import (
+	"crypto"
+	"crypto/ecdsa"
+	"crypto/rand"
+	"encoding/asn1"
+	"fmt"
+	"math/big"
+
+	"github.com/lestrrat-go/jwx/v2/internal/ecutil"
+	"github.com/lestrrat-go/jwx/v2/internal/keyconv"
+	"github.com/lestrrat-go/jwx/v2/internal/pool"
+	"github.com/lestrrat-go/jwx/v2/jwa"
+)
+
+var ecdsaSigners map[jwa.SignatureAlgorithm]*ecdsaSigner
+var ecdsaVerifiers map[jwa.SignatureAlgorithm]*ecdsaVerifier
+
+func init() {
+	algs := map[jwa.SignatureAlgorithm]crypto.Hash{
+		jwa.ES256:  crypto.SHA256,
+		jwa.ES384:  crypto.SHA384,
+		jwa.ES512:  crypto.SHA512,
+		jwa.ES256K: crypto.SHA256,
+	}
+	ecdsaSigners = make(map[jwa.SignatureAlgorithm]*ecdsaSigner)
+	ecdsaVerifiers = make(map[jwa.SignatureAlgorithm]*ecdsaVerifier)
+
+	for alg, hash := range algs {
+		ecdsaSigners[alg] = &ecdsaSigner{
+			alg:  alg,
+			hash: hash,
+		}
+		ecdsaVerifiers[alg] = &ecdsaVerifier{
+			alg:  alg,
+			hash: hash,
+		}
+	}
+}
+
+func newECDSASigner(alg jwa.SignatureAlgorithm) Signer {
+	return ecdsaSigners[alg]
+}
+
+// ecdsaSigners are immutable.
+type ecdsaSigner struct {
+	alg  jwa.SignatureAlgorithm
+	hash crypto.Hash
+}
+
+func (es ecdsaSigner) Algorithm() jwa.SignatureAlgorithm {
+	return es.alg
+}
+
+func (es *ecdsaSigner) Sign(payload []byte, key interface{}) ([]byte, error) {
+	if key == nil {
+		return nil, fmt.Errorf(`missing private key while signing payload`)
+	}
+
+	h := es.hash.New()
+	if _, err := h.Write(payload); err != nil {
+		return nil, fmt.Errorf(`failed to write payload using ecdsa: %w`, err)
+	}
+
+	signer, ok := key.(crypto.Signer)
+	if ok {
+		if !isValidECDSAKey(key) {
+			return nil, fmt.Errorf(`cannot use key of type %T to generate ECDSA based signatures`, key)
+		}
+		switch key.(type) {
+		case ecdsa.PrivateKey, *ecdsa.PrivateKey:
+			// if it's a ecdsa.PrivateKey, it's more efficient to
+			// go through the non-crypto.Signer route. Set ok to false
+			ok = false
+		}
+	}
+
+	var r, s *big.Int
+	var curveBits int
+	if ok {
+		signed, err := signer.Sign(rand.Reader, h.Sum(nil), es.hash)
+		if err != nil {
+			return nil, err
+		}
+
+		var p struct {
+			R *big.Int
+			S *big.Int
+		}
+		if _, err := asn1.Unmarshal(signed, &p); err != nil {
+			return nil, fmt.Errorf(`failed to unmarshal ASN1 encoded signature: %w`, err)
+		}
+
+		// Okay, this is silly, but hear me out. When we use the
+		// crypto.Signer interface, the PrivateKey is hidden.
+		// But we need some information about the key (it's bit size).
+		//
+		// So while silly, we're going to have to make another call
+		// here and fetch the Public key.
+		// This probably means that this should be cached some where.
+		cpub := signer.Public()
+		pubkey, ok := cpub.(*ecdsa.PublicKey)
+		if !ok {
+			return nil, fmt.Errorf(`expected *ecdsa.PublicKey, got %T`, pubkey)
+		}
+		curveBits = pubkey.Curve.Params().BitSize
+
+		r = p.R
+		s = p.S
+	} else {
+		var privkey ecdsa.PrivateKey
+		if err := keyconv.ECDSAPrivateKey(&privkey, key); err != nil {
+			return nil, fmt.Errorf(`failed to retrieve ecdsa.PrivateKey out of %T: %w`, key, err)
+		}
+		curveBits = privkey.Curve.Params().BitSize
+		rtmp, stmp, err := ecdsa.Sign(rand.Reader, &privkey, h.Sum(nil))
+		if err != nil {
+			return nil, fmt.Errorf(`failed to sign payload using ecdsa: %w`, err)
+		}
+		r = rtmp
+		s = stmp
+	}
+
+	keyBytes := curveBits / 8
+	// Curve bits do not need to be a multiple of 8.
+	if curveBits%8 > 0 {
+		keyBytes++
+	}
+
+	rBytes := r.Bytes()
+	rBytesPadded := make([]byte, keyBytes)
+	copy(rBytesPadded[keyBytes-len(rBytes):], rBytes)
+
+	sBytes := s.Bytes()
+	sBytesPadded := make([]byte, keyBytes)
+	copy(sBytesPadded[keyBytes-len(sBytes):], sBytes)
+
+	out := append(rBytesPadded, sBytesPadded...)
+
+	return out, nil
+}
+
+// ecdsaVerifiers are immutable.
+type ecdsaVerifier struct {
+	alg  jwa.SignatureAlgorithm
+	hash crypto.Hash
+}
+
+func newECDSAVerifier(alg jwa.SignatureAlgorithm) Verifier {
+	return ecdsaVerifiers[alg]
+}
+
+func (v ecdsaVerifier) Algorithm() jwa.SignatureAlgorithm {
+	return v.alg
+}
+
+func (v *ecdsaVerifier) Verify(payload []byte, signature []byte, key interface{}) error {
+	if key == nil {
+		return fmt.Errorf(`missing public key while verifying payload`)
+	}
+
+	var pubkey ecdsa.PublicKey
+	if cs, ok := key.(crypto.Signer); ok {
+		cpub := cs.Public()
+		switch cpub := cpub.(type) {
+		case ecdsa.PublicKey:
+			pubkey = cpub
+		case *ecdsa.PublicKey:
+			pubkey = *cpub
+		default:
+			return fmt.Errorf(`failed to retrieve ecdsa.PublicKey out of crypto.Signer %T`, key)
+		}
+	} else {
+		if err := keyconv.ECDSAPublicKey(&pubkey, key); err != nil {
+			return fmt.Errorf(`failed to retrieve ecdsa.PublicKey out of %T: %w`, key, err)
+		}
+	}
+
+	if !pubkey.Curve.IsOnCurve(pubkey.X, pubkey.Y) {
+		return fmt.Errorf(`public key used does not contain a point (X,Y) on the curve`)
+	}
+
+	r := pool.GetBigInt()
+	s := pool.GetBigInt()
+	defer pool.ReleaseBigInt(r)
+	defer pool.ReleaseBigInt(s)
+
+	keySize := ecutil.CalculateKeySize(pubkey.Curve)
+	if len(signature) != keySize*2 {
+		return fmt.Errorf(`invalid signature length for curve %q`, pubkey.Curve.Params().Name)
+	}
+
+	r.SetBytes(signature[:keySize])
+	s.SetBytes(signature[keySize:])
+
+	h := v.hash.New()
+	if _, err := h.Write(payload); err != nil {
+		return fmt.Errorf(`failed to write payload using ecdsa: %w`, err)
+	}
+
+	if !ecdsa.Verify(&pubkey, h.Sum(nil), r, s) {
+		return fmt.Errorf(`failed to verify signature using ecdsa`)
+	}
+	return nil
+}
diff --git a/vendor/github.com/lestrrat-go/jwx/v2/jws/eddsa.go b/vendor/github.com/lestrrat-go/jwx/v2/jws/eddsa.go
new file mode 100644
index 000000000..643698701
--- /dev/null
+++ b/vendor/github.com/lestrrat-go/jwx/v2/jws/eddsa.go
@@ -0,0 +1,77 @@
+package jws
+
+import (
+	"crypto"
+	"crypto/ed25519"
+	"crypto/rand"
+	"fmt"
+
+	"github.com/lestrrat-go/jwx/v2/internal/keyconv"
+	"github.com/lestrrat-go/jwx/v2/jwa"
+)
+
+type eddsaSigner struct{}
+
+func newEdDSASigner() Signer {
+	return &eddsaSigner{}
+}
+
+func (s eddsaSigner) Algorithm() jwa.SignatureAlgorithm {
+	return jwa.EdDSA
+}
+
+func (s eddsaSigner) Sign(payload []byte, key interface{}) ([]byte, error) {
+	if key == nil {
+		return nil, fmt.Errorf(`missing private key while signing payload`)
+	}
+
+	// The ed25519.PrivateKey object implements crypto.Signer, so we should
+	// simply accept a crypto.Signer here.
+	signer, ok := key.(crypto.Signer)
+	if ok {
+		if !isValidEDDSAKey(key) {
+			return nil, fmt.Errorf(`cannot use key of type %T to generate EdDSA based signatures`, key)
+		}
+	} else {
+		// This fallback exists for cases when jwk.Key was passed, or
+		// users gave us a pointer instead of non-pointer, etc.
+		var privkey ed25519.PrivateKey
+		if err := keyconv.Ed25519PrivateKey(&privkey, key); err != nil {
+			return nil, fmt.Errorf(`failed to retrieve ed25519.PrivateKey out of %T: %w`, key, err)
+		}
+		signer = privkey
+	}
+	return signer.Sign(rand.Reader, payload, crypto.Hash(0))
+}
+
+type eddsaVerifier struct{}
+
+func newEdDSAVerifier() Verifier {
+	return &eddsaVerifier{}
+}
+
+func (v eddsaVerifier) Verify(payload, signature []byte, key interface{}) (err error) {
+	if key == nil {
+		return fmt.Errorf(`missing public key while verifying payload`)
+	}
+
+	var pubkey ed25519.PublicKey
+	signer, ok := key.(crypto.Signer)
+	if ok {
+		v := signer.Public()
+		pubkey, ok = v.(ed25519.PublicKey)
+		if !ok {
+			return fmt.Errorf(`expected crypto.Signer.Public() to return ed25519.PublicKey, but got %T`, v)
+		}
+	} else {
+		if err := keyconv.Ed25519PublicKey(&pubkey, key); err != nil {
+			return fmt.Errorf(`failed to retrieve ed25519.PublicKey out of %T: %w`, key, err)
+		}
+	}
+
+	if !ed25519.Verify(pubkey, payload, signature) {
+		return fmt.Errorf(`failed to match EdDSA signature`)
+	}
+
+	return nil
+}
diff --git a/vendor/github.com/lestrrat-go/jwx/v2/jws/es256k.go b/vendor/github.com/lestrrat-go/jwx/v2/jws/es256k.go
new file mode 100644
index 000000000..c5043805a
--- /dev/null
+++ b/vendor/github.com/lestrrat-go/jwx/v2/jws/es256k.go
@@ -0,0 +1,12 @@
+//go:build jwx_es256k
+// +build jwx_es256k
+
+package jws
+
+import (
+	"github.com/lestrrat-go/jwx/v2/jwa"
+)
+
+func init() {
+	addAlgorithmForKeyType(jwa.EC, jwa.ES256K)
+}
diff --git a/vendor/github.com/lestrrat-go/jwx/v2/jws/headers.go b/vendor/github.com/lestrrat-go/jwx/v2/jws/headers.go
new file mode 100644
index 000000000..36251259e
--- /dev/null
+++ b/vendor/github.com/lestrrat-go/jwx/v2/jws/headers.go
@@ -0,0 +1,71 @@
+package jws
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/lestrrat-go/iter/mapiter"
+	"github.com/lestrrat-go/jwx/v2/internal/iter"
+)
+
+// Iterate returns a channel that successively returns all the
+// header name and values.
+func (h *stdHeaders) Iterate(ctx context.Context) Iterator {
+	pairs := h.makePairs()
+	ch := make(chan *HeaderPair, len(pairs))
+	go func(ctx context.Context, ch chan *HeaderPair, pairs []*HeaderPair) {
+		defer close(ch)
+		for _, pair := range pairs {
+			select {
+			case <-ctx.Done():
+				return
+			case ch <- pair:
+			}
+		}
+	}(ctx, ch, pairs)
+	return mapiter.New(ch)
+}
+
+func (h *stdHeaders) Walk(ctx context.Context, visitor Visitor) error {
+	return iter.WalkMap(ctx, h, visitor)
+}
+
+func (h *stdHeaders) AsMap(ctx context.Context) (map[string]interface{}, error) {
+	return iter.AsMap(ctx, h)
+}
+
+func (h *stdHeaders) Copy(_ context.Context, dst Headers) error {
+	for _, pair := range h.makePairs() {
+		//nolint:forcetypeassert
+		key := pair.Key.(string)
+		if err := dst.Set(key, pair.Value); err != nil {
+			return fmt.Errorf(`failed to set header %q: %w`, key, err)
+		}
+	}
+	return nil
+}
+
+// mergeHeaders merges two headers, and works even if the first Header
+// object is nil. This is not exported because ATM it felt like this
+// function is not frequently used, and MergeHeaders seemed a clunky name
+func mergeHeaders(ctx context.Context, h1, h2 Headers) (Headers, error) {
+	h3 := NewHeaders()
+
+	if h1 != nil {
+		if err := h1.Copy(ctx, h3); err != nil {
+			return nil, fmt.Errorf(`failed to copy headers from first Header: %w`, err)
+		}
+	}
+
+	if h2 != nil {
+		if err := h2.Copy(ctx, h3); err != nil {
+			return nil, fmt.Errorf(`failed to copy headers from second Header: %w`, err)
+		}
+	}
+
+	return h3, nil
+}
+
+func (h *stdHeaders) Merge(ctx context.Context, h2 Headers) (Headers, error) {
+	return mergeHeaders(ctx, h, h2)
+}
diff --git a/vendor/github.com/lestrrat-go/jwx/v2/jws/headers_gen.go b/vendor/github.com/lestrrat-go/jwx/v2/jws/headers_gen.go
new file mode 100644
index 000000000..8855d0675
--- /dev/null
+++ b/vendor/github.com/lestrrat-go/jwx/v2/jws/headers_gen.go
@@ -0,0 +1,565 @@
+// Code generated by tools/cmd/genjws/main.go. DO NOT EDIT.
+
+package jws
+
+import (
+	"bytes"
+	"context"
+	"fmt"
+	"sort"
+	"sync"
+
+	"github.com/lestrrat-go/jwx/v2/cert"
+	"github.com/lestrrat-go/jwx/v2/internal/base64"
+	"github.com/lestrrat-go/jwx/v2/internal/json"
+	"github.com/lestrrat-go/jwx/v2/internal/pool"
+	"github.com/lestrrat-go/jwx/v2/jwa"
+	"github.com/lestrrat-go/jwx/v2/jwk"
+)
+
+const (
+	AlgorithmKey              = "alg"
+	ContentTypeKey            = "cty"
+	CriticalKey               = "crit"
+	JWKKey                    = "jwk"
+	JWKSetURLKey              = "jku"
+	KeyIDKey                  = "kid"
+	TypeKey                   = "typ"
+	X509CertChainKey          = "x5c"
+	X509CertThumbprintKey     = "x5t"
+	X509CertThumbprintS256Key = "x5t#S256"
+	X509URLKey                = "x5u"
+)
+
+// Headers describe a standard Header set.
+type Headers interface {
+	json.Marshaler
+	json.Unmarshaler
+	Algorithm() jwa.SignatureAlgorithm
+	ContentType() string
+	Critical() []string
+	JWK() jwk.Key
+	JWKSetURL() string
+	KeyID() string
+	Type() string
+	X509CertChain() *cert.Chain
+	X509CertThumbprint() string
+	X509CertThumbprintS256() string
+	X509URL() string
+	Iterate(ctx context.Context) Iterator
+	Walk(context.Context, Visitor) error
+	AsMap(context.Context) (map[string]interface{}, error)
+	Copy(context.Context, Headers) error
+	Merge(context.Context, Headers) (Headers, error)
+	Get(string) (interface{}, bool)
+	Set(string, interface{}) error
+	Remove(string) error
+
+	// PrivateParams returns the non-standard elements in the source structure
+	// WARNING: DO NOT USE PrivateParams() IF YOU HAVE CONCURRENT CODE ACCESSING THEM.
+	// Use AsMap() to get a copy of the entire header instead
+	PrivateParams() map[string]interface{}
+}
+
+type stdHeaders struct {
+	algorithm              *jwa.SignatureAlgorithm // https://tools.ietf.org/html/rfc7515#section-4.1.1
+	contentType            *string                 // https://tools.ietf.org/html/rfc7515#section-4.1.10
+	critical               []string                // https://tools.ietf.org/html/rfc7515#section-4.1.11
+	jwk                    jwk.Key                 // https://tools.ietf.org/html/rfc7515#section-4.1.3
+	jwkSetURL              *string                 // https://tools.ietf.org/html/rfc7515#section-4.1.2
+	keyID                  *string                 // https://tools.ietf.org/html/rfc7515#section-4.1.4
+	typ                    *string                 // https://tools.ietf.org/html/rfc7515#section-4.1.9
+	x509CertChain          *cert.Chain             // https://tools.ietf.org/html/rfc7515#section-4.1.6
+	x509CertThumbprint     *string                 // https://tools.ietf.org/html/rfc7515#section-4.1.7
+	x509CertThumbprintS256 *string                 // https://tools.ietf.org/html/rfc7515#section-4.1.8
+	x509URL                *string                 // https://tools.ietf.org/html/rfc7515#section-4.1.5
+	privateParams          map[string]interface{}
+	mu                     *sync.RWMutex
+	dc                     DecodeCtx
+	raw                    []byte // stores the raw version of the header so it can be used later
+}
+
+func NewHeaders() Headers {
+	return &stdHeaders{
+		mu: &sync.RWMutex{},
+	}
+}
+
+func (h *stdHeaders) Algorithm() jwa.SignatureAlgorithm {
+	h.mu.RLock()
+	defer h.mu.RUnlock()
+	if h.algorithm == nil {
+		return ""
+	}
+	return *(h.algorithm)
+}
+
+func (h *stdHeaders) ContentType() string {
+	h.mu.RLock()
+	defer h.mu.RUnlock()
+	if h.contentType == nil {
+		return ""
+	}
+	return *(h.contentType)
+}
+
+func (h *stdHeaders) Critical() []string {
+	h.mu.RLock()
+	defer h.mu.RUnlock()
+	return h.critical
+}
+
+func (h *stdHeaders) JWK() jwk.Key {
+	h.mu.RLock()
+	defer h.mu.RUnlock()
+	return h.jwk
+}
+
+func (h *stdHeaders) JWKSetURL() string {
+	h.mu.RLock()
+	defer h.mu.RUnlock()
+	if h.jwkSetURL == nil {
+		return ""
+	}
+	return *(h.jwkSetURL)
+}
+
+func (h *stdHeaders) KeyID() string {
+	h.mu.RLock()
+	defer h.mu.RUnlock()
+	if h.keyID == nil {
+		return ""
+	}
+	return *(h.keyID)
+}
+
+func (h *stdHeaders) Type() string {
+	h.mu.RLock()
+	defer h.mu.RUnlock()
+	if h.typ == nil {
+		return ""
+	}
+	return *(h.typ)
+}
+
+func (h *stdHeaders) X509CertChain() *cert.Chain {
+	h.mu.RLock()
+	defer h.mu.RUnlock()
+	return h.x509CertChain
+}
+
+func (h *stdHeaders) X509CertThumbprint() string {
+	h.mu.RLock()
+	defer h.mu.RUnlock()
+	if h.x509CertThumbprint == nil {
+		return ""
+	}
+	return *(h.x509CertThumbprint)
+}
+
+func (h *stdHeaders) X509CertThumbprintS256() string {
+	h.mu.RLock()
+	defer h.mu.RUnlock()
+	if h.x509CertThumbprintS256 == nil {
+		return ""
+	}
+	return *(h.x509CertThumbprintS256)
+}
+
+func (h *stdHeaders) X509URL() string {
+	h.mu.RLock()
+	defer h.mu.RUnlock()
+	if h.x509URL == nil {
+		return ""
+	}
+	return *(h.x509URL)
+}
+
+func (h *stdHeaders) clear() {
+	h.algorithm = nil
+	h.contentType = nil
+	h.critical = nil
+	h.jwk = nil
+	h.jwkSetURL = nil
+	h.keyID = nil
+	h.typ = nil
+	h.x509CertChain = nil
+	h.x509CertThumbprint = nil
+	h.x509CertThumbprintS256 = nil
+	h.x509URL = nil
+	h.privateParams = nil
+	h.raw = nil
+}
+
+func (h *stdHeaders) DecodeCtx() DecodeCtx {
+	h.mu.RLock()
+	defer h.mu.RUnlock()
+	return h.dc
+}
+
+func (h *stdHeaders) SetDecodeCtx(dc DecodeCtx) {
+	h.mu.Lock()
+	defer h.mu.Unlock()
+	h.dc = dc
+}
+
+func (h *stdHeaders) rawBuffer() []byte {
+	return h.raw
+}
+
+func (h *stdHeaders) makePairs() []*HeaderPair {
+	h.mu.RLock()
+	defer h.mu.RUnlock()
+	var pairs []*HeaderPair
+	if h.algorithm != nil {
+		pairs = append(pairs, &HeaderPair{Key: AlgorithmKey, Value: *(h.algorithm)})
+	}
+	if h.contentType != nil {
+		pairs = append(pairs, &HeaderPair{Key: ContentTypeKey, Value: *(h.contentType)})
+	}
+	if h.critical != nil {
+		pairs = append(pairs, &HeaderPair{Key: CriticalKey, Value: h.critical})
+	}
+	if h.jwk != nil {
+		pairs = append(pairs, &HeaderPair{Key: JWKKey, Value: h.jwk})
+	}
+	if h.jwkSetURL != nil {
+		pairs = append(pairs, &HeaderPair{Key: JWKSetURLKey, Value: *(h.jwkSetURL)})
+	}
+	if h.keyID != nil {
+		pairs = append(pairs, &HeaderPair{Key: KeyIDKey, Value: *(h.keyID)})
+	}
+	if h.typ != nil {
+		pairs = append(pairs, &HeaderPair{Key: TypeKey, Value: *(h.typ)})
+	}
+	if h.x509CertChain != nil {
+		pairs = append(pairs, &HeaderPair{Key: X509CertChainKey, Value: h.x509CertChain})
+	}
+	if h.x509CertThumbprint != nil {
+		pairs = append(pairs, &HeaderPair{Key: X509CertThumbprintKey, Value: *(h.x509CertThumbprint)})
+	}
+	if h.x509CertThumbprintS256 != nil {
+		pairs = append(pairs, &HeaderPair{Key: X509CertThumbprintS256Key, Value: *(h.x509CertThumbprintS256)})
+	}
+	if h.x509URL != nil {
+		pairs = append(pairs, &HeaderPair{Key: X509URLKey, Value: *(h.x509URL)})
+	}
+	for k, v := range h.privateParams {
+		pairs = append(pairs, &HeaderPair{Key: k, Value: v})
+	}
+	sort.Slice(pairs, func(i, j int) bool {
+		return pairs[i].Key.(string) < pairs[j].Key.(string)
+	})
+	return pairs
+}
+
+func (h *stdHeaders) PrivateParams() map[string]interface{} {
+	h.mu.RLock()
+	defer h.mu.RUnlock()
+	return h.privateParams
+}
+
+func (h *stdHeaders) Get(name string) (interface{}, bool) {
+	h.mu.RLock()
+	defer h.mu.RUnlock()
+	switch name {
+	case AlgorithmKey:
+		if h.algorithm == nil {
+			return nil, false
+		}
+		return *(h.algorithm), true
+	case ContentTypeKey:
+		if h.contentType == nil {
+			return nil, false
+		}
+		return *(h.contentType), true
+	case CriticalKey:
+		if h.critical == nil {
+			return nil, false
+		}
+		return h.critical, true
+	case JWKKey:
+		if h.jwk == nil {
+			return nil, false
+		}
+		return h.jwk, true
+	case JWKSetURLKey:
+		if h.jwkSetURL == nil {
+			return nil, false
+		}
+		return *(h.jwkSetURL), true
+	case KeyIDKey:
+		if h.keyID == nil {
+			return nil, false
+		}
+		return *(h.keyID), true
+	case TypeKey:
+		if h.typ == nil {
+			return nil, false
+		}
+		return *(h.typ), true
+	case X509CertChainKey:
+		if h.x509CertChain == nil {
+			return nil, false
+		}
+		return h.x509CertChain, true
+	case X509CertThumbprintKey:
+		if h.x509CertThumbprint == nil {
+			return nil, false
+		}
+		return *(h.x509CertThumbprint), true
+	case X509CertThumbprintS256Key:
+		if h.x509CertThumbprintS256 == nil {
+			return nil, false
+		}
+		return *(h.x509CertThumbprintS256), true
+	case X509URLKey:
+		if h.x509URL == nil {
+			return nil, false
+		}
+		return *(h.x509URL), true
+	default:
+		v, ok := h.privateParams[name]
+		return v, ok
+	}
+}
+
+func (h *stdHeaders) Set(name string, value interface{}) error {
+	h.mu.Lock()
+	defer h.mu.Unlock()
+	return h.setNoLock(name, value)
+}
+
+func (h *stdHeaders) setNoLock(name string, value interface{}) error {
+	switch name {
+	case AlgorithmKey:
+		var acceptor jwa.SignatureAlgorithm
+		if err := acceptor.Accept(value); err != nil {
+			return fmt.Errorf(`invalid value for %s key: %w`, AlgorithmKey, err)
+		}
+		h.algorithm = &acceptor
+		return nil
+	case ContentTypeKey:
+		if v, ok := value.(string); ok {
+			h.contentType = &v
+			return nil
+		}
+		return fmt.Errorf(`invalid value for %s key: %T`, ContentTypeKey, value)
+	case CriticalKey:
+		if v, ok := value.([]string); ok {
+			h.critical = v
+			return nil
+		}
+		return fmt.Errorf(`invalid value for %s key: %T`, CriticalKey, value)
+	case JWKKey:
+		if v, ok := value.(jwk.Key); ok {
+			h.jwk = v
+			return nil
+		}
+		return fmt.Errorf(`invalid value for %s key: %T`, JWKKey, value)
+	case JWKSetURLKey:
+		if v, ok := value.(string); ok {
+			h.jwkSetURL = &v
+			return nil
+		}
+		return fmt.Errorf(`invalid value for %s key: %T`, JWKSetURLKey, value)
+	case KeyIDKey:
+		if v, ok := value.(string); ok {
+			h.keyID = &v
+			return nil
+		}
+		return fmt.Errorf(`invalid value for %s key: %T`, KeyIDKey, value)
+	case TypeKey:
+		if v, ok := value.(string); ok {
+			h.typ = &v
+			return nil
+		}
+		return fmt.Errorf(`invalid value for %s key: %T`, TypeKey, value)
+	case X509CertChainKey:
+		if v, ok := value.(*cert.Chain); ok {
+			h.x509CertChain = v
+			return nil
+		}
+		return fmt.Errorf(`invalid value for %s key: %T`, X509CertChainKey, value)
+	case X509CertThumbprintKey:
+		if v, ok := value.(string); ok {
+			h.x509CertThumbprint = &v
+			return nil
+		}
+		return fmt.Errorf(`invalid value for %s key: %T`, X509CertThumbprintKey, value)
+	case X509CertThumbprintS256Key:
+		if v, ok := value.(string); ok {
+			h.x509CertThumbprintS256 = &v
+			return nil
+		}
+		return fmt.Errorf(`invalid value for %s key: %T`, X509CertThumbprintS256Key, value)
+	case X509URLKey:
+		if v, ok := value.(string); ok {
+			h.x509URL = &v
+			return nil
+		}
+		return fmt.Errorf(`invalid value for %s key: %T`, X509URLKey, value)
+	default:
+		if h.privateParams == nil {
+			h.privateParams = map[string]interface{}{}
+		}
+		h.privateParams[name] = value
+	}
+	return nil
+}
+
+func (h *stdHeaders) Remove(key string) error {
+	h.mu.Lock()
+	defer h.mu.Unlock()
+	switch key {
+	case AlgorithmKey:
+		h.algorithm = nil
+	case ContentTypeKey:
+		h.contentType = nil
+	case CriticalKey:
+		h.critical = nil
+	case JWKKey:
+		h.jwk = nil
+	case JWKSetURLKey:
+		h.jwkSetURL = nil
+	case KeyIDKey:
+		h.keyID = nil
+	case TypeKey:
+		h.typ = nil
+	case X509CertChainKey:
+		h.x509CertChain = nil
+	case X509CertThumbprintKey:
+		h.x509CertThumbprint = nil
+	case X509CertThumbprintS256Key:
+		h.x509CertThumbprintS256 = nil
+	case X509URLKey:
+		h.x509URL = nil
+	default:
+		delete(h.privateParams, key)
+	}
+	return nil
+}
+
+func (h *stdHeaders) UnmarshalJSON(buf []byte) error {
+	h.mu.Lock()
+	defer h.mu.Unlock()
+	h.clear()
+	dec := json.NewDecoder(bytes.NewReader(buf))
+LOOP:
+	for {
+		tok, err := dec.Token()
+		if err != nil {
+			return fmt.Errorf(`error reading token: %w`, err)
+		}
+		switch tok := tok.(type) {
+		case json.Delim:
+			// Assuming we're doing everything correctly, we should ONLY
+			// get either '{' or '}' here.
+			if tok == '}' { // End of object
+				break LOOP
+			} else if tok != '{' {
+				return fmt.Errorf(`expected '{', but got '%c'`, tok)
+			}
+		case string: // Objects can only have string keys
+			switch tok {
+			case AlgorithmKey:
+				var decoded jwa.SignatureAlgorithm
+				if err := dec.Decode(&decoded); err != nil {
+					return fmt.Errorf(`failed to decode value for key %s: %w`, AlgorithmKey, err)
+				}
+				h.algorithm = &decoded
+			case ContentTypeKey:
+				if err := json.AssignNextStringToken(&h.contentType, dec); err != nil {
+					return fmt.Errorf(`failed to decode value for key %s: %w`, ContentTypeKey, err)
+				}
+			case CriticalKey:
+				var decoded []string
+				if err := dec.Decode(&decoded); err != nil {
+					return fmt.Errorf(`failed to decode value for key %s: %w`, CriticalKey, err)
+				}
+				h.critical = decoded
+			case JWKKey:
+				var buf json.RawMessage
+				if err := dec.Decode(&buf); err != nil {
+					return fmt.Errorf(`failed to decode value for key %s: %w`, JWKKey, err)
+				}
+				key, err := jwk.ParseKey(buf)
+				if err != nil {
+					return fmt.Errorf(`failed to parse JWK for key %s: %w`, JWKKey, err)
+				}
+				h.jwk = key
+			case JWKSetURLKey:
+				if err := json.AssignNextStringToken(&h.jwkSetURL, dec); err != nil {
+					return fmt.Errorf(`failed to decode value for key %s: %w`, JWKSetURLKey, err)
+				}
+			case KeyIDKey:
+				if err := json.AssignNextStringToken(&h.keyID, dec); err != nil {
+					return fmt.Errorf(`failed to decode value for key %s: %w`, KeyIDKey, err)
+				}
+			case TypeKey:
+				if err := json.AssignNextStringToken(&h.typ, dec); err != nil {
+					return fmt.Errorf(`failed to decode value for key %s: %w`, TypeKey, err)
+				}
+			case X509CertChainKey:
+				var decoded cert.Chain
+				if err := dec.Decode(&decoded); err != nil {
+					return fmt.Errorf(`failed to decode value for key %s: %w`, X509CertChainKey, err)
+				}
+				h.x509CertChain = &decoded
+			case X509CertThumbprintKey:
+				if err := json.AssignNextStringToken(&h.x509CertThumbprint, dec); err != nil {
+					return fmt.Errorf(`failed to decode value for key %s: %w`, X509CertThumbprintKey, err)
+				}
+			case X509CertThumbprintS256Key:
+				if err := json.AssignNextStringToken(&h.x509CertThumbprintS256, dec); err != nil {
+					return fmt.Errorf(`failed to decode value for key %s: %w`, X509CertThumbprintS256Key, err)
+				}
+			case X509URLKey:
+				if err := json.AssignNextStringToken(&h.x509URL, dec); err != nil {
+					return fmt.Errorf(`failed to decode value for key %s: %w`, X509URLKey, err)
+				}
+			default:
+				decoded, err := registry.Decode(dec, tok)
+				if err != nil {
+					return err
+				}
+				h.setNoLock(tok, decoded)
+			}
+		default:
+			return fmt.Errorf(`invalid token %T`, tok)
+		}
+	}
+	h.raw = buf
+	return nil
+}
+
+func (h stdHeaders) MarshalJSON() ([]byte, error) {
+	buf := pool.GetBytesBuffer()
+	defer pool.ReleaseBytesBuffer(buf)
+	buf.WriteByte('{')
+	enc := json.NewEncoder(buf)
+	for i, p := range h.makePairs() {
+		if i > 0 {
+			buf.WriteRune(',')
+		}
+		buf.WriteRune('"')
+		buf.WriteString(p.Key.(string))
+		buf.WriteString(`":`)
+		v := p.Value
+		switch v := v.(type) {
+		case []byte:
+			buf.WriteRune('"')
+			buf.WriteString(base64.EncodeToString(v))
+			buf.WriteRune('"')
+		default:
+			if err := enc.Encode(v); err != nil {
+				return nil, fmt.Errorf(`failed to encode value for field %s: %w`, p.Key, err)
+			}
+			buf.Truncate(buf.Len() - 1)
+		}
+	}
+	buf.WriteByte('}')
+	ret := make([]byte, buf.Len())
+	copy(ret, buf.Bytes())
+	return ret, nil
+}
diff --git a/vendor/github.com/lestrrat-go/jwx/v2/jws/hmac.go b/vendor/github.com/lestrrat-go/jwx/v2/jws/hmac.go
new file mode 100644
index 000000000..247ebc76d
--- /dev/null
+++ b/vendor/github.com/lestrrat-go/jwx/v2/jws/hmac.go
@@ -0,0 +1,77 @@
+package jws
+
+import (
+	"crypto/hmac"
+	"crypto/sha256"
+	"crypto/sha512"
+	"fmt"
+	"hash"
+
+	"github.com/lestrrat-go/jwx/v2/internal/keyconv"
+	"github.com/lestrrat-go/jwx/v2/jwa"
+)
+
+var hmacSignFuncs = map[jwa.SignatureAlgorithm]hmacSignFunc{}
+
+func init() {
+	algs := map[jwa.SignatureAlgorithm]func() hash.Hash{
+		jwa.HS256: sha256.New,
+		jwa.HS384: sha512.New384,
+		jwa.HS512: sha512.New,
+	}
+
+	for alg, h := range algs {
+		hmacSignFuncs[alg] = makeHMACSignFunc(h)
+	}
+}
+
+func newHMACSigner(alg jwa.SignatureAlgorithm) Signer {
+	return &HMACSigner{
+		alg:  alg,
+		sign: hmacSignFuncs[alg], // we know this will succeed
+	}
+}
+
+func makeHMACSignFunc(hfunc func() hash.Hash) hmacSignFunc {
+	return func(payload []byte, key []byte) ([]byte, error) {
+		h := hmac.New(hfunc, key)
+		if _, err := h.Write(payload); err != nil {
+			return nil, fmt.Errorf(`failed to write payload using hmac: %w`, err)
+		}
+		return h.Sum(nil), nil
+	}
+}
+
+func (s HMACSigner) Algorithm() jwa.SignatureAlgorithm {
+	return s.alg
+}
+
+func (s HMACSigner) Sign(payload []byte, key interface{}) ([]byte, error) {
+	var hmackey []byte
+	if err := keyconv.ByteSliceKey(&hmackey, key); err != nil {
+		return nil, fmt.Errorf(`invalid key type %T. []byte is required: %w`, key, err)
+	}
+
+	if len(hmackey) == 0 {
+		return nil, fmt.Errorf(`missing key while signing payload`)
+	}
+
+	return s.sign(payload, hmackey)
+}
+
+func newHMACVerifier(alg jwa.SignatureAlgorithm) Verifier {
+	s := newHMACSigner(alg)
+	return &HMACVerifier{signer: s}
+}
+
+func (v HMACVerifier) Verify(payload, signature []byte, key interface{}) (err error) {
+	expected, err := v.signer.Sign(payload, key)
+	if err != nil {
+		return fmt.Errorf(`failed to generated signature: %w`, err)
+	}
+
+	if !hmac.Equal(signature, expected) {
+		return fmt.Errorf(`failed to match hmac signature`)
+	}
+	return nil
+}
diff --git a/vendor/github.com/lestrrat-go/jwx/v2/jws/interface.go b/vendor/github.com/lestrrat-go/jwx/v2/jws/interface.go
new file mode 100644
index 000000000..9df909a7d
--- /dev/null
+++ b/vendor/github.com/lestrrat-go/jwx/v2/jws/interface.go
@@ -0,0 +1,106 @@
+package jws
+
+import (
+	"github.com/lestrrat-go/iter/mapiter"
+	"github.com/lestrrat-go/jwx/v2/internal/iter"
+	"github.com/lestrrat-go/jwx/v2/jwa"
+)
+
+type DecodeCtx interface {
+	CollectRaw() bool
+}
+
+// Message represents a full JWS encoded message. Flattened serialization
+// is not supported as a struct, but rather it's represented as a
+// Message struct with only one `signature` element.
+//
+// Do not expect to use the Message object to verify or construct a
+// signed payload with. You should only use this when you want to actually
+// programmatically view the contents of the full JWS payload.
+//
+// As of this version, there is one big incompatibility when using Message
+// objects to convert between compact and JSON representations.
+// The protected header is sometimes encoded differently from the original
+// message and the JSON serialization that we use in Go.
+//
+// For example, the protected header `eyJ0eXAiOiJKV1QiLA0KICJhbGciOiJIUzI1NiJ9`
+// decodes to
+//
+//	{"typ":"JWT",
+//	  "alg":"HS256"}
+//
+// However, when we parse this into a message, we create a jws.Header object,
+// which, when we marshal into a JSON object again, becomes
+//
+//	{"typ":"JWT","alg":"HS256"}
+//
+// Notice that serialization lacks a line break and a space between `"JWT",`
+// and `"alg"`. This causes a problem when verifying the signatures AFTER
+// a compact JWS message has been unmarshaled into a jws.Message.
+//
+// jws.Verify() doesn't go through this step, and therefore this does not
+// manifest itself. However, you may see this discrepancy when you manually
+// go through these conversions, and/or use the `jwx` tool like so:
+//
+//	jwx jws parse message.jws | jwx jws verify --key somekey.jwk --stdin
+//
+// In this scenario, the first `jwx jws parse` outputs a parsed jws.Message
+// which is marshaled into JSON. At this point the message's protected
+// headers and the signatures don't match.
+//
+// To sign and verify, use the appropriate `Sign()` and `Verify()` functions.
+type Message struct {
+	dc         DecodeCtx
+	payload    []byte
+	signatures []*Signature
+	b64        bool // true if payload should be base64 encoded
+}
+
+type Signature struct {
+	dc        DecodeCtx
+	headers   Headers // Unprotected Headers
+	protected Headers // Protected Headers
+	signature []byte  // Signature
+	detached  bool
+}
+
+type Visitor = iter.MapVisitor
+type VisitorFunc = iter.MapVisitorFunc
+type HeaderPair = mapiter.Pair
+type Iterator = mapiter.Iterator
+
+// Signer generates the signature for a given payload.
+type Signer interface {
+	// Sign creates a signature for the given payload.
+	// The second argument is the key used for signing the payload, and is usually
+	// the private key type associated with the signature method. For example,
+	// for `jwa.RSXXX` and `jwa.PSXXX` types, you need to pass the
+	// `*"crypto/rsa".PrivateKey` type.
+	// Check the documentation for each signer for details
+	Sign([]byte, interface{}) ([]byte, error)
+
+	Algorithm() jwa.SignatureAlgorithm
+}
+
+type hmacSignFunc func([]byte, []byte) ([]byte, error)
+
+// HMACSigner uses crypto/hmac to sign the payloads.
+type HMACSigner struct {
+	alg  jwa.SignatureAlgorithm
+	sign hmacSignFunc
+}
+
+type Verifier interface {
+	// Verify checks whether the payload and signature are valid for
+	// the given key.
+	// `key` is the key used for verifying the payload, and is usually
+	// the public key associated with the signature method. For example,
+	// for `jwa.RSXXX` and `jwa.PSXXX` types, you need to pass the
+	// `*"crypto/rsa".PublicKey` type.
+	// Check the documentation for each verifier for details
+	Verify(payload []byte, signature []byte, key interface{}) error
+}
+
+type HMACVerifier struct {
+	signer Signer
+}
diff --git a/vendor/github.com/lestrrat-go/jwx/v2/jws/io.go b/vendor/github.com/lestrrat-go/jwx/v2/jws/io.go
new file mode 100644
index 000000000..0d9dbd6cc
--- /dev/null
+++ b/vendor/github.com/lestrrat-go/jwx/v2/jws/io.go
@@ -0,0 +1,33 @@
+// Code generated by tools/cmd/genreadfile/main.go. DO NOT EDIT.
+
+package jws
+
+import (
+	"io/fs"
+	"os"
+)
+
+type sysFS struct{}
+
+func (sysFS) Open(path string) (fs.File, error) {
+	return os.Open(path)
+}
+
+func ReadFile(path string, options ...ReadFileOption) (*Message, error) {
+
+	var srcFS fs.FS = sysFS{}
+	for _, option := range options {
+		switch option.Ident() {
+		case identFS{}:
+			srcFS = option.Value().(fs.FS)
+		}
+	}
+
+	f, err := srcFS.Open(path)
+	if err != nil {
+		return nil, err
+	}
+
+	defer f.Close()
+	return ParseReader(f)
+}
diff --git a/vendor/github.com/lestrrat-go/jwx/v2/jws/jws.go b/vendor/github.com/lestrrat-go/jwx/v2/jws/jws.go
new file mode 100644
index 000000000..a348c6186
--- /dev/null
+++ b/vendor/github.com/lestrrat-go/jwx/v2/jws/jws.go
@@ -0,0 +1,856 @@
+//go:generate ../tools/cmd/genjws.sh
+
+// Package jws implements the digital signature on JSON based data
+// structures as described in https://tools.ietf.org/html/rfc7515
+//
+// If you do not care about the details, the only things that you
+// would need to use are the following functions:
+//
+//	jws.Sign(payload, jws.WithKey(algorithm, key))
+//	jws.Verify(serialized, jws.WithKey(algorithm, key))
+//
+// To sign, simply use `jws.Sign`. `payload` is a []byte buffer that
+// contains whatever data you want to sign. `alg` is one of the
+// jwa.SignatureAlgorithm constants from package jwa. For RSA and
+// ECDSA family of algorithms, you will need to prepare a private key.
+// For HMAC family, you just need a []byte value. The `jws.Sign`
+// function will return the encoded JWS message on success.
+//
+// To verify, use `jws.Verify`. It will parse the `encodedjws` buffer
+// and verify the result using `algorithm` and `key`. Upon successful
+// verification, the original payload is returned, so you can work on it.
+package jws
+
+import (
+	"bufio"
+	"bytes"
+	"context"
+	"crypto/ecdsa"
+	"crypto/ed25519"
+	"crypto/rsa"
+	"errors"
+	"fmt"
+	"io"
+	"reflect"
+	"strings"
+	"sync"
+	"unicode"
+	"unicode/utf8"
+
+	"github.com/lestrrat-go/blackmagic"
+	"github.com/lestrrat-go/jwx/v2/internal/base64"
+	"github.com/lestrrat-go/jwx/v2/internal/json"
+	"github.com/lestrrat-go/jwx/v2/internal/pool"
+	"github.com/lestrrat-go/jwx/v2/jwa"
+	"github.com/lestrrat-go/jwx/v2/jwk"
+	"github.com/lestrrat-go/jwx/v2/x25519"
+)
+
+var registry = json.NewRegistry()
+
+type payloadSigner struct {
+	signer    Signer
+	key       interface{}
+	protected Headers
+	public    Headers
+}
+
+func (s *payloadSigner) Sign(payload []byte) ([]byte, error) {
+	return s.signer.Sign(payload, s.key)
+}
+
+func (s *payloadSigner) Algorithm() jwa.SignatureAlgorithm {
+	return s.signer.Algorithm()
+}
+
+func (s *payloadSigner) ProtectedHeader() Headers {
+	return s.protected
+}
+
+func (s *payloadSigner) PublicHeader() Headers {
+	return s.public
+}
+
+var signers = make(map[jwa.SignatureAlgorithm]Signer)
+var muSigner = &sync.Mutex{}
+
+func makeSigner(alg jwa.SignatureAlgorithm, key interface{}, public, protected Headers) (*payloadSigner, error) {
+	muSigner.Lock()
+	signer, ok := signers[alg]
+	if !ok {
+		v, err := NewSigner(alg)
+		if err != nil {
+			muSigner.Unlock()
+			return nil, fmt.Errorf(`failed to create payload signer: %w`, err)
+		}
+		signers[alg] = v
+		signer = v
+	}
+	muSigner.Unlock()
+
+	return &payloadSigner{
+		signer:    signer,
+		key:       key,
+		public:    public,
+		protected: protected,
+	}, nil
+}
+
+const (
+	fmtInvalid = iota
+	fmtCompact
+	fmtJSON
+	fmtJSONPretty
+	fmtMax
+)
+
+// silence linters
+var _ = fmtInvalid
+var _ = fmtMax
+
+func validateKeyBeforeUse(key interface{}) error {
+	jwkKey, ok := key.(jwk.Key)
+	if !ok {
+		converted, err := jwk.FromRaw(key)
+		if err != nil {
+			return fmt.Errorf(`could not convert key of type %T to jwk.Key for validation: %w`, key, err)
+		}
+		jwkKey = converted
+	}
+	return jwkKey.Validate()
+}
+
+// Sign generates a JWS message for the given payload and returns
+// it in serialized form, which can be in either compact or
+// JSON format. Default is compact.
+//
+// You must pass at least one key to `jws.Sign()` by using `jws.WithKey()`
+// option.
+//
+//	jws.Sign(payload, jws.WithKey(alg, key))
+//	jws.Sign(payload, jws.WithJSON(), jws.WithKey(alg1, key1), jws.WithKey(alg2, key2))
+//
+// Note that in the second example the `jws.WithJSON()` option is
+// specified as well. This is because the compact serialization
+// format does not support multiple signatures, and users must
+// specifically ask for the JSON serialization format.
+//
+// Read the documentation for `jws.WithKey()` to learn more about the
+// possible values that can be used for `alg` and `key`.
+//
+// You may create JWS messages with the "none" (jwa.NoSignature) algorithm
+// if you use the `jws.WithInsecureNoSignature()` option. This option
+// can be combined with one or more signature keys, as well as the
+// `jws.WithJSON()` option to generate multiple signatures (though
+// the usefulness of such constructs is highly debatable)
+//
+// Note that this library does not allow you to successfully call `jws.Verify()` on
+// signatures with the "none" algorithm. To parse these, use `jws.Parse()` instead.
+//
+// If you want to use a detached payload, use `jws.WithDetachedPayload()` as
+// one of the options. When you use this option, you must always set the
+// first parameter (`payload`) to `nil`, or the function will return an error
+//
+// You may also want to look at how to pass protected headers to the
+// signing process, as you will likely be required to set the `b64` field
+// when using detached payload.
+//
+// Look for options that return `jws.SignOption` or `jws.SignVerifyOption`
+// for a complete list of options that can be passed to this function.
+func Sign(payload []byte, options ...SignOption) ([]byte, error) {
+	format := fmtCompact
+	var signers []*payloadSigner
+	var detached bool
+	var noneSignature *payloadSigner
+	var validateKey bool
+	for _, option := range options {
+		//nolint:forcetypeassert
+		switch option.Ident() {
+		case identSerialization{}:
+			format = option.Value().(int)
+		case identInsecureNoSignature{}:
+			data := option.Value().(*withInsecureNoSignature)
+			// only the last one is used (we overwrite previous values)
+			noneSignature = &payloadSigner{
+				signer:    noneSigner{},
+				protected: data.protected,
+			}
+		case identKey{}:
+			data := option.Value().(*withKey)
+
+			alg, ok := data.alg.(jwa.SignatureAlgorithm)
+			if !ok {
+				return nil, fmt.Errorf(`jws.Sign: expected algorithm to be of type jwa.SignatureAlgorithm but got (%[1]q, %[1]T)`, data.alg)
+			}
+
+			// No, we don't accept "none" here.
+			if alg == jwa.NoSignature {
+				return nil, fmt.Errorf(`jws.Sign: "none" (jwa.NoSignature) cannot be used with jws.WithKey`)
+			}
+
+			signer, err := makeSigner(alg, data.key, data.public, data.protected)
+			if err != nil {
+				return nil, fmt.Errorf(`jws.Sign: failed to create signer: %w`, err)
+			}
+			signers = append(signers, signer)
+		case identDetachedPayload{}:
+			detached = true
+			if payload != nil {
+				return nil, fmt.Errorf(`jws.Sign: payload must be nil when jws.WithDetachedPayload() is specified`)
+			}
+			payload = option.Value().([]byte)
+		case identValidateKey{}:
+			validateKey = option.Value().(bool)
+		}
+	}
+
+	if noneSignature != nil {
+		signers = append(signers, noneSignature)
+	}
+
+	lsigner := len(signers)
+	if lsigner == 0 {
+		return nil, fmt.Errorf(`jws.Sign: no signers available. Specify an alogirthm and akey using jws.WithKey()`)
+	}
+
+	// Design note: while we could have easily set format = fmtJSON when
+	// lsigner > 1, I believe the decision to change serialization formats
+	// must be explicitly stated by the caller. Otherwise I'm pretty sure
+	// there would be people filing issues saying "I get JSON when I expcted
+	// compact serialization".
+	//
+	// Therefore, instead of making implicit format conversions, we force the
+	// user to spell it out as `jws.Sign(..., jws.WithJSON(), jws.WithKey(...), jws.WithKey(...))`
+	if format == fmtCompact && lsigner != 1 {
+		return nil, fmt.Errorf(`jws.Sign: cannot have multiple signers (keys) specified for compact serialization. Use only one jws.WithKey()`)
+	}
+
+	// Create a Message object with all the bits and bobs, and we'll
+	// serialize it in the end
+	var result Message
+
+	result.payload = payload
+
+	result.signatures = make([]*Signature, 0, len(signers))
+	for i, signer := range signers {
+		protected := signer.ProtectedHeader()
+		if protected == nil {
+			protected = NewHeaders()
+		}
+
+		if err := protected.Set(AlgorithmKey, signer.Algorithm()); err != nil {
+			return nil, fmt.Errorf(`failed to set "alg" header: %w`, err)
+		}
+
+		if key, ok := signer.key.(jwk.Key); ok {
+			if kid := key.KeyID(); kid != "" {
+				if err := protected.Set(KeyIDKey, kid); err != nil {
+					return nil, fmt.Errorf(`failed to set "kid" header: %w`, err)
+				}
+			}
+		}
+		sig := &Signature{
+			headers:   signer.PublicHeader(),
+			protected: protected,
+			// cheat. FIXXXXXXMEEEEEE
+			detached: detached,
+		}
+
+		if validateKey {
+			if err := validateKeyBeforeUse(signer.key); err != nil {
+				return nil, fmt.Errorf(`jws.Verify: %w`, err)
+			}
+		}
+		_, _, err := sig.Sign(payload, signer.signer, signer.key)
+		if err != nil {
+			return nil, fmt.Errorf(`failed to generate signature for signer #%d (alg=%s): %w`, i, signer.Algorithm(), err)
+		}
+
+		result.signatures = append(result.signatures, sig)
+	}
+
+	switch format {
+	case fmtJSON:
+		return json.Marshal(result)
+	case fmtJSONPretty:
+		return json.MarshalIndent(result, "", "  ")
+	case fmtCompact:
+		// Take the only signature object, and convert it into a Compact
+		// serialization format
+		var compactOpts []CompactOption
+		if detached {
+			compactOpts = append(compactOpts, WithDetached(detached))
+		}
+		return Compact(&result, compactOpts...)
+	default:
+		return nil, fmt.Errorf(`jws.Sign: invalid serialization format`)
+	}
+}
+
+var allowNoneWhitelist = jwk.WhitelistFunc(func(string) bool {
+	return false
+})
+
+// Verify checks if the given JWS message is verifiable using `alg` and `key`.
+// `key` may be a "raw" key (e.g. rsa.PublicKey) or a jwk.Key
+//
+// If the verification is successful, `err` is nil, and the content of the
+// payload that was signed is returned. If you need more fine-grained
+// control of the verification process, manually generate a
+// `Verifier` in `verify` subpackage, and call `Verify` method on it.
+// If you need to access signatures and JOSE headers in a JWS message,
+// use `Parse` function to get `Message` object.
+//
+// Because the use of "none" (jwa.NoSignature) algorithm is strongly discouraged,
+// this function DOES NOT consider it a success when `{"alg":"none"}` is
+// encountered in the message (it would also be counter intuitive when the code says
+// you _verified_ something when in fact it did no such thing). If you want to
+// accept messages with "none" signature algorithm, use `jws.Parse` to get the
+// raw JWS message.
+func Verify(buf []byte, options ...VerifyOption) ([]byte, error) {
+	var dst *Message
+	var detachedPayload []byte
+	var keyProviders []KeyProvider
+	var keyUsed interface{}
+	var validateKey bool
+
+	ctx := context.Background()
+
+	//nolint:forcetypeassert
+	for _, option := range options {
+		switch option.Ident() {
+		case identMessage{}:
+			dst = option.Value().(*Message)
+		case identDetachedPayload{}:
+			detachedPayload = option.Value().([]byte)
+		case identKey{}:
+			pair := option.Value().(*withKey)
+			alg, ok := pair.alg.(jwa.SignatureAlgorithm)
+			if !ok {
+				return nil, fmt.Errorf(`WithKey() option must be specified using jwa.SignatureAlgorithm (got %T)`, pair.alg)
+			}
+			keyProviders = append(keyProviders, &staticKeyProvider{
+				alg: alg,
+				key: pair.key,
+			})
+		case identKeyProvider{}:
+			keyProviders = append(keyProviders, option.Value().(KeyProvider))
+		case identKeyUsed{}:
+			keyUsed = option.Value()
+		case identContext{}:
+			ctx = option.Value().(context.Context)
+		case identValidateKey{}:
+			validateKey = option.Value().(bool)
+		default:
+			return nil, fmt.Errorf(`invalid jws.VerifyOption %q passed`, `With`+strings.TrimPrefix(fmt.Sprintf(`%T`, option.Ident()), `jws.ident`))
+		}
+	}
+
+	if len(keyProviders) < 1 {
+		return nil, fmt.Errorf(`jws.Verify: no key providers have been provided (see jws.WithKey(), jws.WithKeySet(), jws.WithVerifyAuto(), and jws.WithKeyProvider()`)
+	}
+
+	msg, err := Parse(buf)
+	if err != nil {
+		return nil, fmt.Errorf(`failed to parse jws: %w`, err)
+	}
+	defer msg.clearRaw()
+
+	if detachedPayload != nil {
+		if len(msg.payload) != 0 {
+			return nil, fmt.Errorf(`can't specify detached payload for JWS with payload`)
+		}
+
+		msg.payload = detachedPayload
+	}
+
+	// Pre-compute the base64 encoded version of payload
+	var payload string
+	if msg.b64 {
+		payload = base64.EncodeToString(msg.payload)
+	} else {
+		payload = string(msg.payload)
+	}
+
+	verifyBuf := pool.GetBytesBuffer()
+	defer pool.ReleaseBytesBuffer(verifyBuf)
+
+	var errs []error
+	for i, sig := range msg.signatures {
+		verifyBuf.Reset()
+
+		var encodedProtectedHeader string
+		if rbp, ok := sig.protected.(interface{ rawBuffer() []byte }); ok {
+			if raw := rbp.rawBuffer(); raw != nil {
+				encodedProtectedHeader = base64.EncodeToString(raw)
+			}
+		}
+
+		if encodedProtectedHeader == "" {
+			protected, err := json.Marshal(sig.protected)
+			if err != nil {
+				return nil, fmt.Errorf(`failed to marshal "protected" for signature #%d: %w`, i+1, err)
+			}
+
+			encodedProtectedHeader = base64.EncodeToString(protected)
+		}
+
+		verifyBuf.WriteString(encodedProtectedHeader)
+		verifyBuf.WriteByte('.')
+		verifyBuf.WriteString(payload)
+
+		for i, kp := range keyProviders {
+			var sink algKeySink
+			if err := kp.FetchKeys(ctx, &sink, sig, msg); err != nil {
+				return nil, fmt.Errorf(`key provider %d failed: %w`, i, err)
+			}
+
+			for _, pair := range sink.list {
+				// alg is converted here because pair.alg is of type jwa.KeyAlgorithm.
+				// this may seem ugly, but we're trying to avoid declaring separate
+				// structs for `alg jwa.KeyAlgorithm` and `alg jwa.SignatureAlgorithm`
+				//nolint:forcetypeassert
+				alg := pair.alg.(jwa.SignatureAlgorithm)
+				key := pair.key
+
+				if validateKey {
+					if err := validateKeyBeforeUse(key); err != nil {
+						return nil, fmt.Errorf(`jws.Verify: %w`, err)
+					}
+				}
+				verifier, err := NewVerifier(alg)
+				if err != nil {
+					return nil, fmt.Errorf(`failed to create verifier for algorithm %q: %w`, alg, err)
+				}
+
+				if err := verifier.Verify(verifyBuf.Bytes(), sig.signature, key); err != nil {
+					errs = append(errs, err)
+					continue
+				}
+
+				if keyUsed != nil {
+					if err := blackmagic.AssignIfCompatible(keyUsed, key); err != nil {
+						return nil, fmt.Errorf(`failed to assign used key (%T) to %T: %w`, key, keyUsed, err)
+					}
+				}
+
+				if dst != nil {
+					*(dst) = *msg
+				}
+
+				return msg.payload, nil
+			}
+		}
+	}
+	return nil, &verifyError{errs: errs}
+}
+
+type verifyError struct {
+	// Note: when/if we can ditch Go < 1.20, we can change this to a simple
+	// `err error`, where the value is the result of `errors.Join()`
+	//
+	// We also need to implement Unwrap:
+	// func (e *verifyError) Unwrap() error {
+	//	return e.err
+	//}
+	//
+	// And finally, As() can go away
+	errs []error
+}
+
+func (e *verifyError) Error() string {
+	return `could not verify message using any of the signatures or keys`
+}
+
+func (e *verifyError) As(target interface{}) bool {
+	for _, err := range e.errs {
+		if errors.As(err, target) {
+			return true
+		}
+	}
+	return false
+}
+
+// get the value of b64 header field.
+// If the field does not exist, returns true (default)
+// Otherwise return the value specified by the header field.
+func getB64Value(hdr Headers) bool {
+	b64raw, ok := hdr.Get("b64")
+	if !ok {
+		return true // default
+	}
+
+	b64, ok := b64raw.(bool) // default
+	if !ok {
+		return false
+	}
+	return b64
+}
+
+// This is an "optimized" io.ReadAll(). It will attempt to read
+// all of the contents from the reader IF the reader is of a certain
+// concrete type.
+func readAll(rdr io.Reader) ([]byte, bool) {
+	switch rdr.(type) {
+	case *bytes.Reader, *bytes.Buffer, *strings.Reader:
+		data, err := io.ReadAll(rdr)
+		if err != nil {
+			return nil, false
+		}
+		return data, true
+	default:
+		return nil, false
+	}
+}
+
+// Parse parses contents from the given source and creates a jws.Message
+// struct. The input can be in either compact or full JSON serialization.
+//
+// Parse() currently does not take any options, but the API accepts it
+// in anticipation of future addition.
+func Parse(src []byte, _ ...ParseOption) (*Message, error) {
+	for i := 0; i < len(src); i++ {
+		r := rune(src[i])
+		if r >= utf8.RuneSelf {
+			r, _ = utf8.DecodeRune(src)
+		}
+		if !unicode.IsSpace(r) {
+			if r == '{' {
+				return parseJSON(src)
+			}
+			return parseCompact(src)
+		}
+	}
+	return nil, fmt.Errorf(`invalid byte sequence`)
+}
+
+// Parse parses contents from the given source and creates a jws.Message
+// struct. The input can be in either compact or full JSON serialization.
+func ParseString(src string) (*Message, error) {
+	return Parse([]byte(src))
+}
+
+// Parse parses contents from the given source and creates a jws.Message
+// struct. The input can be in either compact or full JSON serialization.
+func ParseReader(src io.Reader) (*Message, error) {
+	if data, ok := readAll(src); ok {
+		return Parse(data)
+	}
+
+	rdr := bufio.NewReader(src)
+	var first rune
+	for {
+		r, _, err := rdr.ReadRune()
+		if err != nil {
+			return nil, fmt.Errorf(`failed to read rune: %w`, err)
+		}
+		if !unicode.IsSpace(r) {
+			first = r
+			if err := rdr.UnreadRune(); err != nil {
+				return nil, fmt.Errorf(`failed to unread rune: %w`, err)
+			}
+
+			break
+		}
+	}
+
+	var parser func(io.Reader) (*Message, error)
+	if first == '{' {
+		parser = parseJSONReader
+	} else {
+		parser = parseCompactReader
+	}
+
+	m, err := parser(rdr)
+	if err != nil {
+		return nil, fmt.Errorf(`failed to parse jws message: %w`, err)
+	}
+
+	return m, nil
+}
+
+func parseJSONReader(src io.Reader) (result *Message, err error) {
+	var m Message
+	if err := json.NewDecoder(src).Decode(&m); err != nil {
+		return nil, fmt.Errorf(`failed to unmarshal jws message: %w`, err)
+	}
+	return &m, nil
+}
+
+func parseJSON(data []byte) (result *Message, err error) {
+	var m Message
+	if err := json.Unmarshal(data, &m); err != nil {
+		return nil, fmt.Errorf(`failed to unmarshal jws message: %w`, err)
+	}
+	return &m, nil
+}
+
+// SplitCompact splits a JWT and returns its three parts
+// separately: protected headers, payload and signature.
+func SplitCompact(src []byte) ([]byte, []byte, []byte, error) {
+	parts := bytes.Split(src, []byte("."))
+	if len(parts) < 3 {
+		return nil, nil, nil, fmt.Errorf(`invalid number of segments`)
+	}
+	return parts[0], parts[1], parts[2], nil
+}
+
+// SplitCompactString splits a JWT and returns its three parts
+// separately: protected headers, payload and signature.
+func SplitCompactString(src string) ([]byte, []byte, []byte, error) {
+	parts := strings.Split(src, ".")
+	if len(parts) < 3 {
+		return nil, nil, nil, fmt.Errorf(`invalid number of segments`)
+	}
+	return []byte(parts[0]), []byte(parts[1]), []byte(parts[2]), nil
+}
+
+// SplitCompactReader splits a JWT and returns its three parts
+// separately: protected headers, payload and signature.
+func SplitCompactReader(rdr io.Reader) ([]byte, []byte, []byte, error) {
+	if data, ok := readAll(rdr); ok {
+		return SplitCompact(data)
+	}
+
+	var protected []byte
+	var payload []byte
+	var signature []byte
+	var periods int
+	var state int
+
+	buf := make([]byte, 4096)
+	var sofar []byte
+
+	for {
+		// read next bytes
+		n, err := rdr.Read(buf)
+		// return on unexpected read error
+		if err != nil && err != io.EOF {
+			return nil, nil, nil, fmt.Errorf(`unexpected end of input: %w`, err)
+		}
+
+		// append to current buffer
+		sofar = append(sofar, buf[:n]...)
+		// loop to capture multiple '.' in current buffer
+		for loop := true; loop; {
+			var i = bytes.IndexByte(sofar, '.')
+			if i == -1 && err != io.EOF {
+				// no '.' found -> exit and read next bytes (outer loop)
+				loop = false
+				continue
+			} else if i == -1 && err == io.EOF {
+				// no '.' found -> process rest and exit
+				i = len(sofar)
+				loop = false
+			} else {
+				// '.' found
+				periods++
+			}
+
+			// Reaching this point means we have found a '.' or EOF and process the rest of the buffer
+			switch state {
+			case 0:
+				protected = sofar[:i]
+				state++
+			case 1:
+				payload = sofar[:i]
+				state++
+			case 2:
+				signature = sofar[:i]
+			}
+			// Shorten current buffer
+			if len(sofar) > i {
+				sofar = sofar[i+1:]
+			}
+		}
+		// Exit on EOF
+		if err == io.EOF {
+			break
+		}
+	}
+	if periods != 2 {
+		return nil, nil, nil, fmt.Errorf(`invalid number of segments`)
+	}
+
+	return protected, payload, signature, nil
+}
+
+// parseCompactReader parses a JWS value serialized via compact serialization.
+func parseCompactReader(rdr io.Reader) (m *Message, err error) {
+	protected, payload, signature, err := SplitCompactReader(rdr)
+	if err != nil {
+		return nil, fmt.Errorf(`invalid compact serialization format: %w`, err)
+	}
+	return parse(protected, payload, signature)
+}
+
+func parseCompact(data []byte) (m *Message, err error) {
+	protected, payload, signature, err := SplitCompact(data)
+	if err != nil {
+		return nil, fmt.Errorf(`invalid compact serialization format: %w`, err)
+	}
+	return parse(protected, payload, signature)
+}
+
+func parse(protected, payload, signature []byte) (*Message, error) {
+	decodedHeader, err := base64.Decode(protected)
+	if err != nil {
+		return nil, fmt.Errorf(`failed to decode protected headers: %w`, err)
+	}
+
+	hdr := NewHeaders()
+	if err := json.Unmarshal(decodedHeader, hdr); err != nil {
+		return nil, fmt.Errorf(`failed to parse JOSE headers: %w`, err)
+	}
+
+	var decodedPayload []byte
+	b64 := getB64Value(hdr)
+	if !b64 {
+		decodedPayload = payload
+	} else {
+		v, err := base64.Decode(payload)
+		if err != nil {
+			return nil, fmt.Errorf(`failed to decode payload: %w`, err)
+		}
+		decodedPayload = v
+	}
+
+	decodedSignature, err := base64.Decode(signature)
+	if err != nil {
+		return nil, fmt.Errorf(`failed to decode signature: %w`, err)
+	}
+
+	var msg Message
+	msg.payload = decodedPayload
+	msg.signatures = append(msg.signatures, &Signature{
+		protected: hdr,
+		signature: decodedSignature,
+	})
+	msg.b64 = b64
+	return &msg, nil
+}
+
+// RegisterCustomField allows users to specify that a private field
+// be decoded as an instance of the specified type. This option has
+// a global effect.
+//
+// For example, suppose you have a custom field `x-birthday`, which
+// you want to represent as a string formatted in RFC3339 in JSON,
+// but want it back as `time.Time`.
+//
+// In that case you would register a custom field as follows
+//
+//	jwe.RegisterCustomField(`x-birthday`, timeT)
+//
+// Then `hdr.Get("x-birthday")` will still return an `interface{}`,
+// but you can convert its type to `time.Time`
+//
+//	bdayif, _ := hdr.Get(`x-birthday`)
+//	bday := bdayif.(time.Time)
+func RegisterCustomField(name string, object interface{}) {
+	registry.Register(name, object)
+}
+
+// Helpers for signature verification
+var rawKeyToKeyType = make(map[reflect.Type]jwa.KeyType)
+var keyTypeToAlgorithms = make(map[jwa.KeyType][]jwa.SignatureAlgorithm)
+
+func init() {
+	rawKeyToKeyType[reflect.TypeOf([]byte(nil))] = jwa.OctetSeq
+	rawKeyToKeyType[reflect.TypeOf(ed25519.PublicKey(nil))] = jwa.OKP
+	rawKeyToKeyType[reflect.TypeOf(rsa.PublicKey{})] = jwa.RSA
+	rawKeyToKeyType[reflect.TypeOf((*rsa.PublicKey)(nil))] = jwa.RSA
+	rawKeyToKeyType[reflect.TypeOf(ecdsa.PublicKey{})] = jwa.EC
+	rawKeyToKeyType[reflect.TypeOf((*ecdsa.PublicKey)(nil))] = jwa.EC
+
+	addAlgorithmForKeyType(jwa.OKP, jwa.EdDSA)
+	for _, alg := range []jwa.SignatureAlgorithm{jwa.HS256, jwa.HS384, jwa.HS512} {
+		addAlgorithmForKeyType(jwa.OctetSeq, alg)
+	}
+	for _, alg := range []jwa.SignatureAlgorithm{jwa.RS256, jwa.RS384, jwa.RS512, jwa.PS256, jwa.PS384, jwa.PS512} {
+		addAlgorithmForKeyType(jwa.RSA, alg)
+	}
+	for _, alg := range []jwa.SignatureAlgorithm{jwa.ES256, jwa.ES384, jwa.ES512} {
+		addAlgorithmForKeyType(jwa.EC, alg)
+	}
+}
+
+func addAlgorithmForKeyType(kty jwa.KeyType, alg jwa.SignatureAlgorithm) {
+	keyTypeToAlgorithms[kty] = append(keyTypeToAlgorithms[kty], alg)
+}
+
+// AlgorithmsForKey returns the possible signature algorithms that can
+// be used for a given key. It only takes in consideration keys/algorithms
+// for verification purposes, as this is the only usage where one may need
+// dynamically figure out which method to use.
+func AlgorithmsForKey(key interface{}) ([]jwa.SignatureAlgorithm, error) {
+	var kty jwa.KeyType
+	switch key := key.(type) {
+	case jwk.Key:
+		kty = key.KeyType()
+	case rsa.PublicKey, *rsa.PublicKey, rsa.PrivateKey, *rsa.PrivateKey:
+		kty = jwa.RSA
+	case ecdsa.PublicKey, *ecdsa.PublicKey, ecdsa.PrivateKey, *ecdsa.PrivateKey:
+		kty = jwa.EC
+	case ed25519.PublicKey, ed25519.PrivateKey, x25519.PublicKey, x25519.PrivateKey:
+		kty = jwa.OKP
+	case []byte:
+		kty = jwa.OctetSeq
+	default:
+		return nil, fmt.Errorf(`invalid key %T`, key)
+	}
+
+	algs, ok := keyTypeToAlgorithms[kty]
+	if !ok {
+		return nil, fmt.Errorf(`invalid key type %q`, kty)
+	}
+	return algs, nil
+}
+
+// Because the keys defined in github.com/lestrrat-go/jwx/jwk may also implement
+// crypto.Signer, it would be possible for to mix up key types when signing/verifying
+// for example, when we specify jws.WithKey(jwa.RSA256, cryptoSigner), the cryptoSigner
+// can be for RSA, or any other type that implements crypto.Signer... even if it's for the
+// wrong algorithm.
+//
+// These functions are there to differentiate between the valid KNOWN key types.
+// For any other key type that is outside of the Go std library and our own code,
+// we must rely on the user to be vigilant.
+//
+// Notes: symmetric keys are obviously not part of this. for v2 OKP keys,
+// x25519 does not implement Sign()
+func isValidRSAKey(key interface{}) bool {
+	switch key.(type) {
+	case
+		ecdsa.PrivateKey, *ecdsa.PrivateKey,
+		ed25519.PrivateKey,
+		jwk.ECDSAPrivateKey, jwk.OKPPrivateKey:
+		// these are NOT ok
+		return false
+	}
+	return true
+}
+
+func isValidECDSAKey(key interface{}) bool {
+	switch key.(type) {
+	case
+		ed25519.PrivateKey,
+		rsa.PrivateKey, *rsa.PrivateKey,
+		jwk.RSAPrivateKey, jwk.OKPPrivateKey:
+		// these are NOT ok
+		return false
+	}
+	return true
+}
+
+func isValidEDDSAKey(key interface{}) bool {
+	switch key.(type) {
+	case
+		ecdsa.PrivateKey, *ecdsa.PrivateKey,
+		rsa.PrivateKey, *rsa.PrivateKey,
+		jwk.RSAPrivateKey, jwk.ECDSAPrivateKey:
+		// these are NOT ok
+		return false
+	}
+	return true
+}
diff --git a/vendor/github.com/lestrrat-go/jwx/v2/jws/key_provider.go b/vendor/github.com/lestrrat-go/jwx/v2/jws/key_provider.go
new file mode 100644
index 000000000..7d7518af1
--- /dev/null
+++ b/vendor/github.com/lestrrat-go/jwx/v2/jws/key_provider.go
@@ -0,0 +1,276 @@
+package jws
+
+import (
+	"context"
+	"fmt"
+	"net/url"
+	"sync"
+
+	"github.com/lestrrat-go/jwx/v2/jwa"
+	"github.com/lestrrat-go/jwx/v2/jwk"
+)
+
+// KeyProvider is responsible for providing key(s) to sign or verify a payload.
+// Multiple `jws.KeyProvider`s can be passed to `jws.Verify()` or `jws.Sign()`
+//
+// `jws.Sign()` can only accept static key providers via `jws.WithKey()`,
+// while `jws.Verify()` can accept `jws.WithKey()`, `jws.WithKeySet()`,
+// `jws.WithVerifyAuto()`, and `jws.WithKeyProvider()`.
+//
+// Understanding how this works is crucial to learn how this package works.
+//
+// `jws.Sign()` is straightforward: signatures are created for each
+// provided key.
+//
+// `jws.Verify()` is a bit more involved, because there are cases you
+// will want to compute/deduce/guess the keys that you would like to
+// use for verification.
+//
+// The first thing that `jws.Verify()` does is to collect the
+// KeyProviders from the option list that the user provided (presented in pseudocode):
+//
+//	keyProviders := filterKeyProviders(options)
+//
+// Then, remember that a JWS message may contain multiple signatures in the
+// message. For each signature, we call on the KeyProviders to give us
+// the key(s) to use on this signature:
+//
+//	for sig in msg.Signatures {
+//	  for kp in keyProviders {
+//	    kp.FetcKeys(ctx, sink, sig, msg)
+//	    ...
+//	  }
+//	}
+//
+// The `sink` argument passed to the KeyProvider is a temporary storage
+// for the keys (either a jwk.Key or a "raw" key). The `KeyProvider`
+// is responsible for sending keys into the `sink`.
+//
+// When called, the `KeyProvider` created by `jws.WithKey()` sends the same key,
+// `jws.WithKeySet()` sends keys that matches a particular `kid` and `alg`,
+// `jws.WithVerifyAuto()` fetchs a JWK from the `jku` URL,
+// and finally `jws.WithKeyProvider()` allows you to execute arbitrary
+// logic to provide keys. If you are providing a custom `KeyProvider`,
+// you should execute the necessary checks or retrieval of keys, and
+// then send the key(s) to the sink:
+//
+//	sink.Key(alg, key)
+//
+// These keys are then retrieved and tried for each signature, until
+// a match is found:
+//
+//	keys := sink.Keys()
+//	for key in keys {
+//	  if givenSignature == makeSignatre(key, payload, ...)) {
+//	    return OK
+//	  }
+//	}
+type KeyProvider interface {
+	FetchKeys(context.Context, KeySink, *Signature, *Message) error
+}
+
+// KeySink is a data storage where `jws.KeyProvider` objects should
+// send their keys to.
+type KeySink interface {
+	Key(jwa.SignatureAlgorithm, interface{})
+}
+
+type algKeyPair struct {
+	alg jwa.KeyAlgorithm
+	key interface{}
+}
+
+type algKeySink struct {
+	mu   sync.Mutex
+	list []algKeyPair
+}
+
+func (s *algKeySink) Key(alg jwa.SignatureAlgorithm, key interface{}) {
+	s.mu.Lock()
+	s.list = append(s.list, algKeyPair{alg, key})
+	s.mu.Unlock()
+}
+
+type staticKeyProvider struct {
+	alg jwa.SignatureAlgorithm
+	key interface{}
+}
+
+func (kp *staticKeyProvider) FetchKeys(_ context.Context, sink KeySink, _ *Signature, _ *Message) error {
+	sink.Key(kp.alg, kp.key)
+	return nil
+}
+
+type keySetProvider struct {
+	set                  jwk.Set
+	requireKid           bool // true if `kid` must be specified
+	useDefault           bool // true if the first key should be used iff there's exactly one key in set
+	inferAlgorithm       bool // true if the algorithm should be inferred from key type
+	multipleKeysPerKeyID bool // true if we should attempt to match multiple keys per key ID. if false we assume that only one key exists for a given key ID
+}
+
+func (kp *keySetProvider) selectKey(sink KeySink, key jwk.Key, sig *Signature, _ *Message) error {
+	if usage := key.KeyUsage(); usage != "" && usage != jwk.ForSignature.String() {
+		return nil
+	}
+
+	if v := key.Algorithm(); v.String() != "" {
+		var alg jwa.SignatureAlgorithm
+		if err := alg.Accept(v); err != nil {
+			return fmt.Errorf(`invalid signature algorithm %s: %w`, key.Algorithm(), err)
+		}
+
+		sink.Key(alg, key)
+		return nil
+	}
+
+	if kp.inferAlgorithm {
+		algs, err := AlgorithmsForKey(key)
+		if err != nil {
+			return fmt.Errorf(`failed to get a list of signature methods for key type %s: %w`, key.KeyType(), err)
+		}
+
+		// bail out if the JWT has a `alg` field, and it doesn't match
+		if tokAlg := sig.ProtectedHeaders().Algorithm(); tokAlg != "" {
+			for _, alg := range algs {
+				if tokAlg == alg {
+					sink.Key(alg, key)
+					return nil
+				}
+			}
+			return fmt.Errorf(`algorithm in the message does not match any of the inferred algorithms`)
+		}
+
+		// Yes, you get to try them all!!!!!!!
+		for _, alg := range algs {
+			sink.Key(alg, key)
+		}
+		return nil
+	}
+	return nil
+}
+
+func (kp *keySetProvider) FetchKeys(_ context.Context, sink KeySink, sig *Signature, msg *Message) error {
+	if kp.requireKid {
+		wantedKid := sig.ProtectedHeaders().KeyID()
+		if wantedKid == "" {
+			// If the kid is NOT specified... kp.useDefault needs to be true, and the
+			// JWKs must have exactly one key in it
+			if !kp.useDefault {
+				return fmt.Errorf(`failed to find matching key: no key ID ("kid") specified in token`)
+			} else if kp.useDefault && kp.set.Len() > 1 {
+				return fmt.Errorf(`failed to find matching key: no key ID ("kid") specified in token but multiple keys available in key set`)
+			}
+
+			// if we got here, then useDefault == true AND there is exactly
+			// one key in the set.
+			key, _ := kp.set.Key(0)
+			return kp.selectKey(sink, key, sig, msg)
+		}
+
+		// Otherwise we better be able to look up the key.
+		// <= v2.0.3 backwards compatible case: only match a single key
+		// whose key ID matches `wantedKid`
+		if !kp.multipleKeysPerKeyID {
+			key, ok := kp.set.LookupKeyID(wantedKid)
+			if !ok {
+				return fmt.Errorf(`failed to find key with key ID %q in key set`, wantedKid)
+			}
+			return kp.selectKey(sink, key, sig, msg)
+		}
+
+		// if multipleKeysPerKeyID is true, we attempt all keys whose key ID matches
+		// the wantedKey
+		var ok bool
+		for i := 0; i < kp.set.Len(); i++ {
+			key, _ := kp.set.Key(i)
+			if key.KeyID() != wantedKid {
+				continue
+			}
+
+			if err := kp.selectKey(sink, key, sig, msg); err != nil {
+				continue
+			}
+			ok = true
+			// continue processing so that we try all keys with the same key ID
+		}
+		if !ok {
+			return fmt.Errorf(`failed to find key with key ID %q in key set`, wantedKid)
+		}
+		return nil
+	}
+
+	// Otherwise just try all keys
+	for i := 0; i < kp.set.Len(); i++ {
+		key, _ := kp.set.Key(i)
+		if err := kp.selectKey(sink, key, sig, msg); err != nil {
+			continue
+		}
+	}
+	return nil
+}
+
+type jkuProvider struct {
+	fetcher jwk.Fetcher
+	options []jwk.FetchOption
+}
+
+func (kp jkuProvider) FetchKeys(ctx context.Context, sink KeySink, sig *Signature, _ *Message) error {
+	kid := sig.ProtectedHeaders().KeyID()
+	if kid == "" {
+		return fmt.Errorf(`use of "jku" requires that the payload contain a "kid" field in the protected header`)
+	}
+
+	// errors here can't be reliablly passed to the consumers.
+	// it's unfortunate, but if you need this control, you are
+	// going to have to write your own fetcher
+	u := sig.ProtectedHeaders().JWKSetURL()
+	if u == "" {
+		return fmt.Errorf(`use of "jku" field specified, but the field is empty`)
+	}
+	uo, err := url.Parse(u)
+	if err != nil {
+		return fmt.Errorf(`failed to parse "jku": %w`, err)
+	}
+	if uo.Scheme != "https" {
+		return fmt.Errorf(`url in "jku" must be HTTPS`)
+	}
+
+	set, err := kp.fetcher.Fetch(ctx, u, kp.options...)
+	if err != nil {
+		return fmt.Errorf(`failed to fetch %q: %w`, u, err)
+	}
+
+	key, ok := set.LookupKeyID(kid)
+	if !ok {
+		// It is not an error if the key with the kid doesn't exist
+		return nil
+	}
+
+	algs, err := AlgorithmsForKey(key)
+	if err != nil {
+		return fmt.Errorf(`failed to get a list of signature methods for key type %s: %w`, key.KeyType(), err)
+	}
+
+	hdrAlg := sig.ProtectedHeaders().Algorithm()
+	for _, alg := range algs {
+		// if we have a "alg" field in the JWS, we can only proceed if
+		// the inferred algorithm matches
+		if hdrAlg != "" && hdrAlg != alg {
+			continue
+		}
+
+		sink.Key(alg, key)
+		break
+	}
+	return nil
+}
+
+// KeyProviderFunc is a type of KeyProvider that is implemented by
+// a single function. You can use this to create ad-hoc `KeyProvider`
+// instances.
+type KeyProviderFunc func(context.Context, KeySink, *Signature, *Message) error
+
+func (kp KeyProviderFunc) FetchKeys(ctx context.Context, sink KeySink, sig *Signature, msg *Message) error {
+	return kp(ctx, sink, sig, msg)
+}
diff --git a/vendor/github.com/lestrrat-go/jwx/v2/jws/message.go b/vendor/github.com/lestrrat-go/jwx/v2/jws/message.go
new file mode 100644
index 000000000..adec8445c
--- /dev/null
+++ b/vendor/github.com/lestrrat-go/jwx/v2/jws/message.go
@@ -0,0 +1,503 @@
+package jws
+
+import (
+	"bytes"
+	"context"
+	"fmt"
+
+	"github.com/lestrrat-go/jwx/v2/internal/base64"
+	"github.com/lestrrat-go/jwx/v2/internal/json"
+	"github.com/lestrrat-go/jwx/v2/internal/pool"
+	"github.com/lestrrat-go/jwx/v2/jwk"
+)
+
+func NewSignature() *Signature {
+	return &Signature{}
+}
+
+func (s *Signature) DecodeCtx() DecodeCtx {
+	return s.dc
+}
+
+func (s *Signature) SetDecodeCtx(dc DecodeCtx) {
+	s.dc = dc
+}
+
+func (s Signature) PublicHeaders() Headers {
+	return s.headers
+}
+
+func (s *Signature) SetPublicHeaders(v Headers) *Signature {
+	s.headers = v
+	return s
+}
+
+func (s Signature) ProtectedHeaders() Headers {
+	return s.protected
+}
+
+func (s *Signature) SetProtectedHeaders(v Headers) *Signature {
+	s.protected = v
+	return s
+}
+
+func (s Signature) Signature() []byte {
+	return s.signature
+}
+
+func (s *Signature) SetSignature(v []byte) *Signature {
+	s.signature = v
+	return s
+}
+
+type signatureUnmarshalProbe struct {
+	Header    Headers `json:"header,omitempty"`
+	Protected *string `json:"protected,omitempty"`
+	Signature *string `json:"signature,omitempty"`
+}
+
+func (s *Signature) UnmarshalJSON(data []byte) error {
+	var sup signatureUnmarshalProbe
+	sup.Header = NewHeaders()
+	if err := json.Unmarshal(data, &sup); err != nil {
+		return fmt.Errorf(`failed to unmarshal signature into temporary struct: %w`, err)
+	}
+
+	s.headers = sup.Header
+	if buf := sup.Protected; buf != nil {
+		src := []byte(*buf)
+		if !bytes.HasPrefix(src, []byte{'{'}) {
+			decoded, err := base64.Decode(src)
+			if err != nil {
+				return fmt.Errorf(`failed to base64 decode protected headers: %w`, err)
+			}
+			src = decoded
+		}
+
+		prt := NewHeaders()
+		//nolint:forcetypeassert
+		prt.(*stdHeaders).SetDecodeCtx(s.DecodeCtx())
+		if err := json.Unmarshal(src, prt); err != nil {
+			return fmt.Errorf(`failed to unmarshal protected headers: %w`, err)
+		}
+		//nolint:forcetypeassert
+		prt.(*stdHeaders).SetDecodeCtx(nil)
+		s.protected = prt
+	}
+
+	if sup.Signature != nil {
+		decoded, err := base64.DecodeString(*sup.Signature)
+		if err != nil {
+			return fmt.Errorf(`failed to base decode signature: %w`, err)
+		}
+		s.signature = decoded
+	}
+	return nil
+}
+
+// Sign populates the signature field, with a signature generated by
+// given the signer object and payload.
+//
+// The first return value is the raw signature in binary format.
+// The second return value s the full three-segment signature
+// (e.g. "eyXXXX.XXXXX.XXXX")
+func (s *Signature) Sign(payload []byte, signer Signer, key interface{}) ([]byte, []byte, error) {
+	ctx, cancel := context.WithCancel(context.Background())
+	defer cancel()
+
+	hdrs, err := mergeHeaders(ctx, s.headers, s.protected)
+	if err != nil {
+		return nil, nil, fmt.Errorf(`failed to merge headers: %w`, err)
+	}
+
+	if err := hdrs.Set(AlgorithmKey, signer.Algorithm()); err != nil {
+		return nil, nil, fmt.Errorf(`failed to set "alg": %w`, err)
+	}
+
+	// If the key is a jwk.Key instance, obtain the raw key
+	if jwkKey, ok := key.(jwk.Key); ok {
+		// If we have a key ID specified by this jwk.Key, use that in the header
+		if kid := jwkKey.KeyID(); kid != "" {
+			if err := hdrs.Set(jwk.KeyIDKey, kid); err != nil {
+				return nil, nil, fmt.Errorf(`set key ID from jwk.Key: %w`, err)
+			}
+		}
+	}
+	hdrbuf, err := json.Marshal(hdrs)
+	if err != nil {
+		return nil, nil, fmt.Errorf(`failed to marshal headers: %w`, err)
+	}
+
+	buf := pool.GetBytesBuffer()
+	defer pool.ReleaseBytesBuffer(buf)
+
+	buf.WriteString(base64.EncodeToString(hdrbuf))
+	buf.WriteByte('.')
+
+	var plen int
+	b64 := getB64Value(hdrs)
+	if b64 {
+		encoded := base64.EncodeToString(payload)
+		plen = len(encoded)
+		buf.WriteString(encoded)
+	} else {
+		if !s.detached {
+			if bytes.Contains(payload, []byte{'.'}) {
+				return nil, nil, fmt.Errorf(`payload must not contain a "."`)
+			}
+		}
+		plen = len(payload)
+		buf.Write(payload)
+	}
+
+	signature, err := signer.Sign(buf.Bytes(), key)
+	if err != nil {
+		return nil, nil, fmt.Errorf(`failed to sign payload: %w`, err)
+	}
+	s.signature = signature
+
+	// Detached payload, this should be removed from the end result
+	if s.detached {
+		buf.Truncate(buf.Len() - plen)
+	}
+
+	buf.WriteByte('.')
+	buf.WriteString(base64.EncodeToString(signature))
+	ret := make([]byte, buf.Len())
+	copy(ret, buf.Bytes())
+
+	return signature, ret, nil
+}
+
+func NewMessage() *Message {
+	return &Message{}
+}
+
+// Clears the internal raw buffer that was accumulated during
+// the verify phase
+func (m *Message) clearRaw() {
+	for _, sig := range m.signatures {
+		if protected := sig.protected; protected != nil {
+			if cr, ok := protected.(*stdHeaders); ok {
+				cr.raw = nil
+			}
+		}
+	}
+}
+
+func (m *Message) SetDecodeCtx(dc DecodeCtx) {
+	m.dc = dc
+}
+
+func (m *Message) DecodeCtx() DecodeCtx {
+	return m.dc
+}
+
+// Payload returns the decoded payload
+func (m Message) Payload() []byte {
+	return m.payload
+}
+
+func (m *Message) SetPayload(v []byte) *Message {
+	m.payload = v
+	return m
+}
+
+func (m Message) Signatures() []*Signature {
+	return m.signatures
+}
+
+func (m *Message) AppendSignature(v *Signature) *Message {
+	m.signatures = append(m.signatures, v)
+	return m
+}
+
+func (m *Message) ClearSignatures() *Message {
+	m.signatures = nil
+	return m
+}
+
+// LookupSignature looks up a particular signature entry using
+// the `kid` value
+func (m Message) LookupSignature(kid string) []*Signature {
+	var sigs []*Signature
+	for _, sig := range m.signatures {
+		if hdr := sig.PublicHeaders(); hdr != nil {
+			hdrKeyID := hdr.KeyID()
+			if hdrKeyID == kid {
+				sigs = append(sigs, sig)
+				continue
+			}
+		}
+
+		if hdr := sig.ProtectedHeaders(); hdr != nil {
+			hdrKeyID := hdr.KeyID()
+			if hdrKeyID == kid {
+				sigs = append(sigs, sig)
+				continue
+			}
+		}
+	}
+	return sigs
+}
+
+// This struct is used to first probe for the structure of the
+// incoming JSON object. We then decide how to parse it
+// from the fields that are populated.
+type messageUnmarshalProbe struct {
+	Payload    *string           `json:"payload"`
+	Signatures []json.RawMessage `json:"signatures,omitempty"`
+	Header     Headers           `json:"header,omitempty"`
+	Protected  *string           `json:"protected,omitempty"`
+	Signature  *string           `json:"signature,omitempty"`
+}
+
+func (m *Message) UnmarshalJSON(buf []byte) error {
+	m.payload = nil
+	m.signatures = nil
+	m.b64 = true
+
+	var mup messageUnmarshalProbe
+	mup.Header = NewHeaders()
+	if err := json.Unmarshal(buf, &mup); err != nil {
+		return fmt.Errorf(`failed to unmarshal into temporary structure: %w`, err)
+	}
+
+	b64 := true
+	if mup.Signature == nil { // flattened signature is NOT present
+		if len(mup.Signatures) == 0 {
+			return fmt.Errorf(`required field "signatures" not present`)
+		}
+
+		m.signatures = make([]*Signature, 0, len(mup.Signatures))
+		for i, rawsig := range mup.Signatures {
+			var sig Signature
+			sig.SetDecodeCtx(m.DecodeCtx())
+			if err := json.Unmarshal(rawsig, &sig); err != nil {
+				return fmt.Errorf(`failed to unmarshal signature #%d: %w`, i+1, err)
+			}
+			sig.SetDecodeCtx(nil)
+
+			if i == 0 {
+				if !getB64Value(sig.protected) {
+					b64 = false
+				}
+			} else {
+				if b64 != getB64Value(sig.protected) {
+					return fmt.Errorf(`b64 value must be the same for all signatures`)
+				}
+			}
+
+			m.signatures = append(m.signatures, &sig)
+		}
+	} else { // .signature is present, it's a flattened structure
+		if len(mup.Signatures) != 0 {
+			return fmt.Errorf(`invalid format ("signatures" and "signature" keys cannot both be present)`)
+		}
+
+		var sig Signature
+		sig.headers = mup.Header
+		if src := mup.Protected; src != nil {
+			decoded, err := base64.DecodeString(*src)
+			if err != nil {
+				return fmt.Errorf(`failed to base64 decode flattened protected headers: %w`, err)
+			}
+			prt := NewHeaders()
+			//nolint:forcetypeassert
+			prt.(*stdHeaders).SetDecodeCtx(m.DecodeCtx())
+			if err := json.Unmarshal(decoded, prt); err != nil {
+				return fmt.Errorf(`failed to unmarshal flattened protected headers: %w`, err)
+			}
+			//nolint:forcetypeassert
+			prt.(*stdHeaders).SetDecodeCtx(nil)
+			sig.protected = prt
+		}
+
+		decoded, err := base64.DecodeString(*mup.Signature)
+		if err != nil {
+			return fmt.Errorf(`failed to base64 decode flattened signature: %w`, err)
+		}
+		sig.signature = decoded
+
+		m.signatures = []*Signature{&sig}
+		b64 = getB64Value(sig.protected)
+	}
+
+	if mup.Payload != nil {
+		if !b64 { // NOT base64 encoded
+			m.payload = []byte(*mup.Payload)
+		} else {
+			decoded, err := base64.DecodeString(*mup.Payload)
+			if err != nil {
+				return fmt.Errorf(`failed to base64 decode payload: %w`, err)
+			}
+			m.payload = decoded
+		}
+	}
+	m.b64 = b64
+	return nil
+}
+
+func (m Message) MarshalJSON() ([]byte, error) {
+	if len(m.signatures) == 1 {
+		return m.marshalFlattened()
+	}
+	return m.marshalFull()
+}
+
+func (m Message) marshalFlattened() ([]byte, error) {
+	buf := pool.GetBytesBuffer()
+	defer pool.ReleaseBytesBuffer(buf)
+
+	sig := m.signatures[0]
+
+	buf.WriteRune('{')
+	var wrote bool
+
+	if hdr := sig.headers; hdr != nil {
+		hdrjs, err := hdr.MarshalJSON()
+		if err != nil {
+			return nil, fmt.Errorf(`failed to marshal "header" (flattened format): %w`, err)
+		}
+		buf.WriteString(`"header":`)
+		buf.Write(hdrjs)
+		wrote = true
+	}
+
+	if wrote {
+		buf.WriteRune(',')
+	}
+	buf.WriteString(`"payload":"`)
+	buf.WriteString(base64.EncodeToString(m.payload))
+	buf.WriteRune('"')
+
+	if protected := sig.protected; protected != nil {
+		protectedbuf, err := protected.MarshalJSON()
+		if err != nil {
+			return nil, fmt.Errorf(`failed to marshal "protected" (flattened format): %w`, err)
+		}
+		buf.WriteString(`,"protected":"`)
+		buf.WriteString(base64.EncodeToString(protectedbuf))
+		buf.WriteRune('"')
+	}
+
+	buf.WriteString(`,"signature":"`)
+	buf.WriteString(base64.EncodeToString(sig.signature))
+	buf.WriteRune('"')
+	buf.WriteRune('}')
+
+	ret := make([]byte, buf.Len())
+	copy(ret, buf.Bytes())
+	return ret, nil
+}
+
+func (m Message) marshalFull() ([]byte, error) {
+	buf := pool.GetBytesBuffer()
+	defer pool.ReleaseBytesBuffer(buf)
+
+	buf.WriteString(`{"payload":"`)
+	buf.WriteString(base64.EncodeToString(m.payload))
+	buf.WriteString(`","signatures":[`)
+	for i, sig := range m.signatures {
+		if i > 0 {
+			buf.WriteRune(',')
+		}
+
+		buf.WriteRune('{')
+		var wrote bool
+		if hdr := sig.headers; hdr != nil {
+			hdrbuf, err := hdr.MarshalJSON()
+			if err != nil {
+				return nil, fmt.Errorf(`failed to marshal "header" for signature #%d: %w`, i+1, err)
+			}
+			buf.WriteString(`"header":`)
+			buf.Write(hdrbuf)
+			wrote = true
+		}
+
+		if protected := sig.protected; protected != nil {
+			protectedbuf, err := protected.MarshalJSON()
+			if err != nil {
+				return nil, fmt.Errorf(`failed to marshal "protected" for signature #%d: %w`, i+1, err)
+			}
+			if wrote {
+				buf.WriteRune(',')
+			}
+			buf.WriteString(`"protected":"`)
+			buf.WriteString(base64.EncodeToString(protectedbuf))
+			buf.WriteRune('"')
+			wrote = true
+		}
+
+		if len(sig.signature) > 0 {
+			// If InsecureNoSignature is enabled, signature may not exist
+			if wrote {
+				buf.WriteRune(',')
+			}
+			buf.WriteString(`"signature":"`)
+			buf.WriteString(base64.EncodeToString(sig.signature))
+			buf.WriteString(`"`)
+		}
+		buf.WriteString(`}`)
+	}
+	buf.WriteString(`]}`)
+
+	ret := make([]byte, buf.Len())
+	copy(ret, buf.Bytes())
+	return ret, nil
+}
+
+// Compact generates a JWS message in compact serialization format from
+// `*jws.Message` object. The object contain exactly one signature, or
+// an error is returned.
+//
+// If using a detached payload, the payload must already be stored in
+// the `*jws.Message` object, and the `jws.WithDetached()` option
+// must be passed to the function.
+func Compact(msg *Message, options ...CompactOption) ([]byte, error) {
+	if l := len(msg.signatures); l != 1 {
+		return nil, fmt.Errorf(`jws.Compact: cannot serialize message with %d signatures (must be one)`, l)
+	}
+
+	var detached bool
+	for _, option := range options {
+		//nolint:forcetypeassert
+		switch option.Ident() {
+		case identDetached{}:
+			detached = option.Value().(bool)
+		}
+	}
+
+	s := msg.signatures[0]
+	// XXX check if this is correct
+	hdrs := s.ProtectedHeaders()
+
+	hdrbuf, err := json.Marshal(hdrs)
+	if err != nil {
+		return nil, fmt.Errorf(`jws.Compress: failed to marshal headers: %w`, err)
+	}
+
+	buf := pool.GetBytesBuffer()
+	defer pool.ReleaseBytesBuffer(buf)
+
+	buf.WriteString(base64.EncodeToString(hdrbuf))
+	buf.WriteByte('.')
+
+	if !detached {
+		if getB64Value(hdrs) {
+			encoded := base64.EncodeToString(msg.payload)
+			buf.WriteString(encoded)
+		} else {
+			if bytes.Contains(msg.payload, []byte{'.'}) {
+				return nil, fmt.Errorf(`jws.Compress: payload must not contain a "."`)
+			}
+			buf.Write(msg.payload)
+		}
+	}
+
+	buf.WriteByte('.')
+	buf.WriteString(base64.EncodeToString(s.signature))
+	ret := make([]byte, buf.Len())
+	copy(ret, buf.Bytes())
+	return ret, nil
+}
diff --git a/vendor/github.com/lestrrat-go/jwx/v2/jws/options.go b/vendor/github.com/lestrrat-go/jwx/v2/jws/options.go
new file mode 100644
index 000000000..e374a85d0
--- /dev/null
+++ b/vendor/github.com/lestrrat-go/jwx/v2/jws/options.go
@@ -0,0 +1,226 @@
+package jws
+
+import (
+	"github.com/lestrrat-go/jwx/v2/jwa"
+	"github.com/lestrrat-go/jwx/v2/jwk"
+	"github.com/lestrrat-go/option"
+)
+
+type identHeaders struct{}
+type identInsecureNoSignature struct{}
+
+// WithHeaders allows you to specify extra header values to include in the
+// final JWS message
+func WithHeaders(h Headers) SignOption {
+	return &signOption{option.New(identHeaders{}, h)}
+}
+
+// WithJSON specifies that the result of `jws.Sign()` is serialized in
+// JSON format.
+//
+// If you pass multiple keys to `jws.Sign()`, it will fail unless
+// you also pass this option.
+func WithJSON(options ...WithJSONSuboption) SignOption {
+	var pretty bool
+	for _, option := range options {
+		//nolint:forcetypeassert
+		switch option.Ident() {
+		case identPretty{}:
+			pretty = option.Value().(bool)
+		}
+	}
+
+	format := fmtJSON
+	if pretty {
+		format = fmtJSONPretty
+	}
+	return &signOption{option.New(identSerialization{}, format)}
+}
+
+type withKey struct {
+	alg       jwa.KeyAlgorithm
+	key       interface{}
+	protected Headers
+	public    Headers
+}
+
+// This exist as escape hatches to modify the header values after the fact
+func (w *withKey) Protected(v Headers) Headers {
+	if w.protected == nil && v != nil {
+		w.protected = v
+	}
+	return w.protected
+}
+
+// WithKey is used to pass a static algorithm/key pair to either `jws.Sign()` or `jws.Verify()`.
+//
+// The `alg` parameter is the identifier for the signature algorithm that should be used.
+// It is of type `jwa.KeyAlgorithm` but in reality you can only pass `jwa.SignatureAlgorithm`
+// types. It is this way so that the value in `(jwk.Key).Algorithm()` can be directly
+// passed to the option. If you specify other algorithm types such as `jwa.ContentEncryptionAlgorithm`,
+// then you will get an error when `jws.Sign()` or `jws.Verify()` is executed.
+//
+// The `alg` parameter cannot be "none" (jwa.NoSignature) for security reasons.
+// You will have to use a separate, more explicit option to allow the use of "none"
+// algorithm.
+//
+// The algorithm specified in the `alg` parameter MUST be able to support
+// the type of key you provided, otherwise an error is returned.
+//
+// Any of the followin is accepted for the `key` parameter:
+// * A "raw" key (e.g. rsa.PrivateKey, ecdsa.PrivateKey, etc)
+// * A crypto.Signer
+// * A jwk.Key
+//
+// Note that due to technical reasons, this library is NOT able to differentiate
+// between a valid/invalid key for given algorithm if the key implements crypto.Signer
+// and the key is from an external library. For example, while we can tell that it is
+// invalid to use `jwk.WithKey(jwa.RSA256, ecdsaPrivateKey)` because the key is
+// presumably from `crypto/ecdsa` or this library, if you use a KMS wrapper
+// that implements crypto.Signer that is outside of the go standard library or this
+// library, we will not be able to properly catch the misuse of such keys --
+// the output will happily generate an ECDSA signature even in the presence of
+// `jwa.RSA256`
+//
+// A `crypto.Signer` is used when the private part of a key is
+// kept in an inaccessible location, such as hardware.
+// `crypto.Signer` is currently supported for RSA, ECDSA, and EdDSA
+// family of algorithms. You may consider using `github.com/jwx-go/crypto-signer`
+// if you would like to use keys stored in GCP/AWS KMS services.
+//
+// If the key is a jwk.Key and the key contains a key ID (`kid` field),
+// then it is added to the protected header generated by the signature.
+//
+// `jws.WithKey()` can furher accept suboptions to change signing behavior
+// when used with `jws.Sign()`. `jws.WithProtected()` and `jws.WithPublic()`
+// can be passed to specify JWS headers that should be used whe signing.
+//
+// If the protected headers contain "b64" field, then the boolean value for the field
+// is respected when serializing. That is, if you specify a header with
+// `{"b64": false}`, then the payload is not base64 encoded.
+//
+// These suboptions are ignored when the `jws.WithKey()` option is used with `jws.Verify()`.
+func WithKey(alg jwa.KeyAlgorithm, key interface{}, options ...WithKeySuboption) SignVerifyOption {
+	// Implementation note: this option is shared between Sign() and
+	// Verify(). As such we don't create a KeyProvider here because
+	// if used in Sign() we would be doing something else.
+	var protected, public Headers
+	for _, option := range options {
+		//nolint:forcetypeassert
+		switch option.Ident() {
+		case identProtectedHeaders{}:
+			protected = option.Value().(Headers)
+		case identPublicHeaders{}:
+			public = option.Value().(Headers)
+		}
+	}
+
+	return &signVerifyOption{
+		option.New(identKey{}, &withKey{
+			alg:       alg,
+			key:       key,
+			protected: protected,
+			public:    public,
+		}),
+	}
+}
+
+// WithKeySet specifies a JWKS (jwk.Set) to use for verification.
+//
+// Because a JWKS can contain multiple keys and this library cannot tell
+// which one of the keys should be used for verification, we by default
+// require that both `alg` and `kid` fields in the JWS _and_ the
+// key match before a key is considered to be used.
+//
+// There are ways to override this behavior, but they must be explicitly
+// specified by the caller.
+//
+// To work with keys/JWS messages not having a `kid` field, you may specify
+// the suboption `WithKeySetRequired` via `jws.WithKeySetSuboption(jws.WithKeySetRequireKid(false))`.
+// This will allow the library to proceed without having to match the `kid` field.
+//
+// However, it will still check if the `alg` fields in the JWS message and the key(s)
+// match. If you must work with JWS messages that do not have an `alg` field,
+// you will need to use `jws.WithKeySetSuboption(jws.WithInferAlgorithm(true))`.
+//
+// See the documentation for `WithInferAlgorithm()` for more details.
+func WithKeySet(set jwk.Set, options ...WithKeySetSuboption) VerifyOption {
+	requireKid := true
+	var useDefault, inferAlgorithm, multipleKeysPerKeyID bool
+	for _, option := range options {
+		//nolint:forcetypeassert
+		switch option.Ident() {
+		case identRequireKid{}:
+			requireKid = option.Value().(bool)
+		case identUseDefault{}:
+			useDefault = option.Value().(bool)
+		case identMultipleKeysPerKeyID{}:
+			multipleKeysPerKeyID = option.Value().(bool)
+		case identInferAlgorithmFromKey{}:
+			inferAlgorithm = option.Value().(bool)
+		}
+	}
+
+	return WithKeyProvider(&keySetProvider{
+		set:                  set,
+		requireKid:           requireKid,
+		useDefault:           useDefault,
+		multipleKeysPerKeyID: multipleKeysPerKeyID,
+		inferAlgorithm:       inferAlgorithm,
+	})
+}
+
+func WithVerifyAuto(f jwk.Fetcher, options ...jwk.FetchOption) VerifyOption {
+	if f == nil {
+		f = jwk.FetchFunc(jwk.Fetch)
+	}
+
+	// the option MUST start with a "disallow no whitelist" to force
+	// users provide a whitelist
+	options = append(append([]jwk.FetchOption(nil), jwk.WithFetchWhitelist(allowNoneWhitelist)), options...)
+
+	return WithKeyProvider(jkuProvider{
+		fetcher: f,
+		options: options,
+	})
+}
+
+type withInsecureNoSignature struct {
+	protected Headers
+}
+
+// This exist as escape hatches to modify the header values after the fact
+func (w *withInsecureNoSignature) Protected(v Headers) Headers {
+	if w.protected == nil && v != nil {
+		w.protected = v
+	}
+	return w.protected
+}
+
+// WithInsecureNoSignature creates an option that allows the user to use the
+// "none" signature algorithm.
+//
+// Please note that this is insecure, and should never be used in production
+// (this is exactly why specifying "none"/jwa.NoSignature to `jws.WithKey()`
+// results in an error when `jws.Sign()` is called -- we do not allow using
+// "none" by accident)
+//
+// TODO: create specific sub-option set for this option
+func WithInsecureNoSignature(options ...WithKeySuboption) SignOption {
+	var protected Headers
+	for _, option := range options {
+		//nolint:forcetypeassert
+		switch option.Ident() {
+		case identProtectedHeaders{}:
+			protected = option.Value().(Headers)
+		}
+	}
+
+	return &signOption{
+		option.New(identInsecureNoSignature{},
+			&withInsecureNoSignature{
+				protected: protected,
+			},
+		),
+	}
+}
diff --git a/vendor/github.com/lestrrat-go/jwx/v2/jws/options.yaml b/vendor/github.com/lestrrat-go/jwx/v2/jws/options.yaml
new file mode 100644
index 000000000..65b5352c1
--- /dev/null
+++ b/vendor/github.com/lestrrat-go/jwx/v2/jws/options.yaml
@@ -0,0 +1,193 @@
+package_name: jws
+output: jws/options_gen.go
+interfaces:
+  - name: CompactOption
+    comment: |
+      CompactOption describes options that can be passed to `jws.Compact`
+  - name: VerifyOption
+    comment: |
+      VerifyOption describes options that can be passed to `jws.Verify`
+  - name: SignOption
+    comment: |
+      SignOption describes options that can be passed to `jws.Sign`
+  - name: SignVerifyOption
+    methods:
+      - signOption
+      - verifyOption
+    comment: |
+      SignVerifyOption describes options that can be passed to either `jws.Verify` or `jws.Sign`
+  - name: WithJSONSuboption
+    concrete_type: withJSONSuboption
+    comment: |
+      JSONSuboption describes suboptions that can be passed to `jws.WithJSON()` option
+  - name: WithKeySuboption
+    comment: |
+      WithKeySuboption describes option types that can be passed to the `jws.WithKey()`
+      option.
+  - name: WithKeySetSuboption
+    comment: |
+      WithKeySetSuboption is a suboption passed to the `jws.WithKeySet()` option
+  - name: ParseOption
+    methods:
+      - readFileOption
+    comment: |
+      ReadFileOption is a type of `Option` that can be passed to `jwe.Parse`
+  - name: ReadFileOption
+    comment: |
+      ReadFileOption is a type of `Option` that can be passed to `jws.ReadFile`
+options:
+  - ident: Key
+    skip_option: true
+  - ident: Serialization
+    skip_option: true
+  - ident: Serialization
+    option_name: WithCompact
+    interface: SignOption
+    constant_value: fmtCompact
+    comment: |
+      WithCompact specifies that the result of `jws.Sign()` is serialized in
+      compact format.
+      
+      By default `jws.Sign()` will opt to use compact format, so you usually
+      do not need to specify this option other than to be explicit about it
+  - ident: Detached
+    interface: CompactOption
+    argument_type: bool
+    comment: |
+      WithDetached specifies that the `jws.Message` should be serialized in
+      JWS compact serialization with detached payload. The resulting octet
+      sequence will not contain the payload section.
+  - ident: DetachedPayload
+    interface: SignVerifyOption
+    argument_type: '[]byte'
+    comment: |
+       WithDetachedPayload can be used to both sign or verify a JWS message with a
+       detached payload.
+       
+       When this option is used for `jws.Sign()`, the first parameter (normally the payload)
+       must be set to `nil`.
+       
+       If you have to verify using this option, you should know exactly how and why this works.
+  - ident: Message
+    interface: VerifyOption
+    argument_type: '*Message'
+    comment: |
+      WithMessage can be passed to Verify() to obtain the jws.Message upon
+      a successful verification.
+  - ident: KeyUsed
+    interface: VerifyOption
+    argument_type: 'interface{}'
+    comment: |
+      WithKeyUsed allows you to specify the `jws.Verify()` function to
+      return the key used for verification. This may be useful when
+      you specify multiple key sources or if you pass a `jwk.Set`
+      and you want to know which key was successful at verifying the
+      signature.
+      
+      `v` must be a pointer to an empty `interface{}`. Do not use
+      `jwk.Key` here unless you are 100% sure that all keys that you
+      have provided are instances of `jwk.Key` (remember that the
+      jwx API allows users to specify a raw key such as *rsa.PublicKey)
+  - ident: ValidateKey
+    interface: SignVerifyOption
+    argument_type: bool
+    comment: |
+      WithValidateKey specifies whether the key used for signing or verification
+      should be validated before using. Note that this means calling
+      `key.Validate()` on the key, which in turn means that your key
+      must be a `jwk.Key` instance, or a key that can be converted to
+      a `jwk.Key` by calling `jwk.FromRaw()`. This means that your
+      custom hardware-backed keys will probably not work.
+
+      You can directly call `key.Validate()` yourself if you need to
+      mix keys that cannot be converted to `jwk.Key`.
+
+      Please also note that use of this option will also result in
+      one extra conversion of raw keys to a `jwk.Key` instance. If you
+      care about shaving off as much as possible, consider using a
+      pre-validated key instead of using this option to validate
+      the key on-demand each time.
+
+      By default, the key is not validated.
+  - ident: InferAlgorithmFromKey
+    interface: WithKeySetSuboption
+    argument_type: bool
+    comment: |
+      WithInferAlgorithmFromKey specifies whether the JWS signing algorithm name
+      should be inferred by looking at the provided key, in case the JWS
+      message or the key does not have a proper `alg` header.
+
+      When this option is set to true, a list of algorithm(s) that is compatible
+      with the key type will be enumerated, and _ALL_ of them will be tried
+      against the key/message pair. If any of them succeeds, the verification
+      will be considered successful.
+
+      Compared to providing explicit `alg` from the key this is slower, and 
+      verification may fail to verify if somehow our heuristics are wrong
+      or outdated.
+      
+      Also, automatic detection of signature verification methods are always
+      more vulnerable for potential attack vectors.
+      
+      It is highly recommended that you fix your key to contain a proper `alg`
+      header field instead of resorting to using this option, but sometimes
+      it just needs to happen.
+  - ident: UseDefault
+    interface: WithKeySetSuboption
+    argument_type: bool
+    comment: |
+      WithUseDefault specifies that if and only if a jwk.Key contains
+      exactly one jwk.Key, that tkey should be used.
+      (I think this should be removed)
+  - ident: RequireKid
+    interface: WithKeySetSuboption
+    argument_type: bool
+    comment: |
+      WithRequiredKid specifies whether the keys in the jwk.Set should
+      only be matched if the target JWS message's Key ID and the Key ID
+      in the given key matches.
+  - ident: MultipleKeysPerKeyID
+    interface: WithKeySetSuboption
+    argument_type: bool
+    comment: |
+      WithMultipleKeysPerKeyID specifies if we should expect multiple keys
+      to match against a key ID. By default it is assumed that key IDs are
+      unique, i.e. for a given key ID, the key set only contains a single
+      key that has the matching ID. When this option is set to true,
+      multiple keys that match the same key ID in the set can be tried.
+  - ident: Pretty
+    interface: WithJSONSuboption
+    argument_type: bool
+    comment: |
+      WithPretty specifies whether the JSON output should be formatted and
+      indented
+  - ident: KeyProvider
+    interface: VerifyOption
+    argument_type: KeyProvider
+  - ident: Context
+    interface: VerifyOption
+    argument_type: context.Context
+  - ident: ProtectedHeaders
+    interface: WithKeySuboption
+    argument_type: Headers
+    comment: |
+      WithProtected is used with `jws.WithKey()` option when used with `jws.Sign()`
+      to specify a protected header to be attached to the JWS signature.
+      
+      It has no effect if used when `jws.WithKey()` is passed to `jws.Verify()`
+  - ident: PublicHeaders
+    interface: WithKeySuboption
+    argument_type: Headers
+    comment: |
+      WithPublic is used with `jws.WithKey()` option when used with `jws.Sign()`
+      to specify a public header to be attached to the JWS signature.
+      
+      It has no effect if used when `jws.WithKey()` is passed to `jws.Verify()`
+      
+      `jws.Sign()` will result in an error if `jws.WithPublic()` is used
+      and the serialization format is compact serialization.
+  - ident: FS
+    interface: ReadFileOption
+    argument_type: fs.FS
+    comment: |
+      WithFS specifies the source `fs.FS` object to read the file from.
diff --git a/vendor/github.com/lestrrat-go/jwx/v2/jws/options_gen.go b/vendor/github.com/lestrrat-go/jwx/v2/jws/options_gen.go
new file mode 100644
index 000000000..ca834e103
--- /dev/null
+++ b/vendor/github.com/lestrrat-go/jwx/v2/jws/options_gen.go
@@ -0,0 +1,362 @@
+// Code generated by tools/cmd/genoptions/main.go. DO NOT EDIT.
+
+package jws
+
+import (
+	"context"
+	"io/fs"
+
+	"github.com/lestrrat-go/option"
+)
+
+type Option = option.Interface
+
+// CompactOption describes options that can be passed to `jws.Compact`
+type CompactOption interface {
+	Option
+	compactOption()
+}
+
+type compactOption struct {
+	Option
+}
+
+func (*compactOption) compactOption() {}
+
+// ReadFileOption is a type of `Option` that can be passed to `jwe.Parse`
+type ParseOption interface {
+	Option
+	readFileOption()
+}
+
+type parseOption struct {
+	Option
+}
+
+func (*parseOption) readFileOption() {}
+
+// ReadFileOption is a type of `Option` that can be passed to `jws.ReadFile`
+type ReadFileOption interface {
+	Option
+	readFileOption()
+}
+
+type readFileOption struct {
+	Option
+}
+
+func (*readFileOption) readFileOption() {}
+
+// SignOption describes options that can be passed to `jws.Sign`
+type SignOption interface {
+	Option
+	signOption()
+}
+
+type signOption struct {
+	Option
+}
+
+func (*signOption) signOption() {}
+
+// SignVerifyOption describes options that can be passed to either `jws.Verify` or `jws.Sign`
+type SignVerifyOption interface {
+	Option
+	signOption()
+	verifyOption()
+}
+
+type signVerifyOption struct {
+	Option
+}
+
+func (*signVerifyOption) signOption() {}
+
+func (*signVerifyOption) verifyOption() {}
+
+// VerifyOption describes options that can be passed to `jws.Verify`
+type VerifyOption interface {
+	Option
+	verifyOption()
+}
+
+type verifyOption struct {
+	Option
+}
+
+func (*verifyOption) verifyOption() {}
+
+// JSONSuboption describes suboptions that can be passed to `jws.WithJSON()` option
+type WithJSONSuboption interface {
+	Option
+	withJSONSuboption()
+}
+
+type withJSONSuboption struct {
+	Option
+}
+
+func (*withJSONSuboption) withJSONSuboption() {}
+
+// WithKeySetSuboption is a suboption passed to the `jws.WithKeySet()` option
+type WithKeySetSuboption interface {
+	Option
+	withKeySetSuboption()
+}
+
+type withKeySetSuboption struct {
+	Option
+}
+
+func (*withKeySetSuboption) withKeySetSuboption() {}
+
+// WithKeySuboption describes option types that can be passed to the `jws.WithKey()`
+// option.
+type WithKeySuboption interface {
+	Option
+	withKeySuboption()
+}
+
+type withKeySuboption struct {
+	Option
+}
+
+func (*withKeySuboption) withKeySuboption() {}
+
+type identContext struct{}
+type identDetached struct{}
+type identDetachedPayload struct{}
+type identFS struct{}
+type identInferAlgorithmFromKey struct{}
+type identKey struct{}
+type identKeyProvider struct{}
+type identKeyUsed struct{}
+type identMessage struct{}
+type identMultipleKeysPerKeyID struct{}
+type identPretty struct{}
+type identProtectedHeaders struct{}
+type identPublicHeaders struct{}
+type identRequireKid struct{}
+type identSerialization struct{}
+type identUseDefault struct{}
+type identValidateKey struct{}
+
+func (identContext) String() string {
+	return "WithContext"
+}
+
+func (identDetached) String() string {
+	return "WithDetached"
+}
+
+func (identDetachedPayload) String() string {
+	return "WithDetachedPayload"
+}
+
+func (identFS) String() string {
+	return "WithFS"
+}
+
+func (identInferAlgorithmFromKey) String() string {
+	return "WithInferAlgorithmFromKey"
+}
+
+func (identKey) String() string {
+	return "WithKey"
+}
+
+func (identKeyProvider) String() string {
+	return "WithKeyProvider"
+}
+
+func (identKeyUsed) String() string {
+	return "WithKeyUsed"
+}
+
+func (identMessage) String() string {
+	return "WithMessage"
+}
+
+func (identMultipleKeysPerKeyID) String() string {
+	return "WithMultipleKeysPerKeyID"
+}
+
+func (identPretty) String() string {
+	return "WithPretty"
+}
+
+func (identProtectedHeaders) String() string {
+	return "WithProtectedHeaders"
+}
+
+func (identPublicHeaders) String() string {
+	return "WithPublicHeaders"
+}
+
+func (identRequireKid) String() string {
+	return "WithRequireKid"
+}
+
+func (identSerialization) String() string {
+	return "WithSerialization"
+}
+
+func (identUseDefault) String() string {
+	return "WithUseDefault"
+}
+
+func (identValidateKey) String() string {
+	return "WithValidateKey"
+}
+
+func WithContext(v context.Context) VerifyOption {
+	return &verifyOption{option.New(identContext{}, v)}
+}
+
+// WithDetached specifies that the `jws.Message` should be serialized in
+// JWS compact serialization with detached payload. The resulting octet
+// sequence will not contain the payload section.
+func WithDetached(v bool) CompactOption {
+	return &compactOption{option.New(identDetached{}, v)}
+}
+
+// WithDetachedPayload can be used to both sign or verify a JWS message with a
+// detached payload.
+//
+// When this option is used for `jws.Sign()`, the first parameter (normally the payload)
+// must be set to `nil`.
+//
+// If you have to verify using this option, you should know exactly how and why this works.
+func WithDetachedPayload(v []byte) SignVerifyOption {
+	return &signVerifyOption{option.New(identDetachedPayload{}, v)}
+}
+
+// WithFS specifies the source `fs.FS` object to read the file from.
+func WithFS(v fs.FS) ReadFileOption {
+	return &readFileOption{option.New(identFS{}, v)}
+}
+
+// WithInferAlgorithmFromKey specifies whether the JWS signing algorithm name
+// should be inferred by looking at the provided key, in case the JWS
+// message or the key does not have a proper `alg` header.
+//
+// When this option is set to true, a list of algorithm(s) that is compatible
+// with the key type will be enumerated, and _ALL_ of them will be tried
+// against the key/message pair. If any of them succeeds, the verification
+// will be considered successful.
+//
+// Compared to providing explicit `alg` from the key this is slower, and
+// verification may fail to verify if somehow our heuristics are wrong
+// or outdated.
+//
+// Also, automatic detection of signature verification methods are always
+// more vulnerable for potential attack vectors.
+//
+// It is highly recommended that you fix your key to contain a proper `alg`
+// header field instead of resorting to using this option, but sometimes
+// it just needs to happen.
+func WithInferAlgorithmFromKey(v bool) WithKeySetSuboption {
+	return &withKeySetSuboption{option.New(identInferAlgorithmFromKey{}, v)}
+}
+
+func WithKeyProvider(v KeyProvider) VerifyOption {
+	return &verifyOption{option.New(identKeyProvider{}, v)}
+}
+
+// WithKeyUsed allows you to specify the `jws.Verify()` function to
+// return the key used for verification. This may be useful when
+// you specify multiple key sources or if you pass a `jwk.Set`
+// and you want to know which key was successful at verifying the
+// signature.
+//
+// `v` must be a pointer to an empty `interface{}`. Do not use
+// `jwk.Key` here unless you are 100% sure that all keys that you
+// have provided are instances of `jwk.Key` (remember that the
+// jwx API allows users to specify a raw key such as *rsa.PublicKey)
+func WithKeyUsed(v interface{}) VerifyOption {
+	return &verifyOption{option.New(identKeyUsed{}, v)}
+}
+
+// WithMessage can be passed to Verify() to obtain the jws.Message upon
+// a successful verification.
+func WithMessage(v *Message) VerifyOption {
+	return &verifyOption{option.New(identMessage{}, v)}
+}
+
+// WithMultipleKeysPerKeyID specifies if we should expect multiple keys
+// to match against a key ID. By default it is assumed that key IDs are
+// unique, i.e. for a given key ID, the key set only contains a single
+// key that has the matching ID. When this option is set to true,
+// multiple keys that match the same key ID in the set can be tried.
+func WithMultipleKeysPerKeyID(v bool) WithKeySetSuboption {
+	return &withKeySetSuboption{option.New(identMultipleKeysPerKeyID{}, v)}
+}
+
+// WithPretty specifies whether the JSON output should be formatted and
+// indented
+func WithPretty(v bool) WithJSONSuboption {
+	return &withJSONSuboption{option.New(identPretty{}, v)}
+}
+
+// WithProtected is used with `jws.WithKey()` option when used with `jws.Sign()`
+// to specify a protected header to be attached to the JWS signature.
+//
+// It has no effect if used when `jws.WithKey()` is passed to `jws.Verify()`
+func WithProtectedHeaders(v Headers) WithKeySuboption {
+	return &withKeySuboption{option.New(identProtectedHeaders{}, v)}
+}
+
+// WithPublic is used with `jws.WithKey()` option when used with `jws.Sign()`
+// to specify a public header to be attached to the JWS signature.
+//
+// It has no effect if used when `jws.WithKey()` is passed to `jws.Verify()`
+//
+// `jws.Sign()` will result in an error if `jws.WithPublic()` is used
+// and the serialization format is compact serialization.
+func WithPublicHeaders(v Headers) WithKeySuboption {
+	return &withKeySuboption{option.New(identPublicHeaders{}, v)}
+}
+
+// WithRequiredKid specifies whether the keys in the jwk.Set should
+// only be matched if the target JWS message's Key ID and the Key ID
+// in the given key matches.
+func WithRequireKid(v bool) WithKeySetSuboption {
+	return &withKeySetSuboption{option.New(identRequireKid{}, v)}
+}
+
+// WithCompact specifies that the result of `jws.Sign()` is serialized in
+// compact format.
+//
+// By default `jws.Sign()` will opt to use compact format, so you usually
+// do not need to specify this option other than to be explicit about it
+func WithCompact() SignOption {
+	return &signOption{option.New(identSerialization{}, fmtCompact)}
+}
+
+// WithUseDefault specifies that if and only if a jwk.Key contains
+// exactly one jwk.Key, that tkey should be used.
+// (I think this should be removed)
+func WithUseDefault(v bool) WithKeySetSuboption {
+	return &withKeySetSuboption{option.New(identUseDefault{}, v)}
+}
+
+// WithValidateKey specifies whether the key used for signing or verification
+// should be validated before using. Note that this means calling
+// `key.Validate()` on the key, which in turn means that your key
+// must be a `jwk.Key` instance, or a key that can be converted to
+// a `jwk.Key` by calling `jwk.FromRaw()`. This means that your
+// custom hardware-backed keys will probably not work.
+//
+// You can directly call `key.Validate()` yourself if you need to
+// mix keys that cannot be converted to `jwk.Key`.
+//
+// Please also note that use of this option will also result in
+// one extra conversion of raw keys to a `jwk.Key` instance. If you
+// care about shaving off as much as possible, consider using a
+// pre-validated key instead of using this option to validate
+// the key on-demand each time.
+//
+// By default, the key is not validated.
+func WithValidateKey(v bool) SignVerifyOption {
+	return &signVerifyOption{option.New(identValidateKey{}, v)}
+}
diff --git a/vendor/github.com/lestrrat-go/jwx/v2/jws/rsa.go b/vendor/github.com/lestrrat-go/jwx/v2/jws/rsa.go
new file mode 100644
index 000000000..35c450184
--- /dev/null
+++ b/vendor/github.com/lestrrat-go/jwx/v2/jws/rsa.go
@@ -0,0 +1,146 @@
+package jws
+
+import (
+	"crypto"
+	"crypto/rand"
+	"crypto/rsa"
+	"fmt"
+
+	"github.com/lestrrat-go/jwx/v2/internal/keyconv"
+	"github.com/lestrrat-go/jwx/v2/jwa"
+)
+
+var rsaSigners map[jwa.SignatureAlgorithm]*rsaSigner
+var rsaVerifiers map[jwa.SignatureAlgorithm]*rsaVerifier
+
+func init() {
+	algs := map[jwa.SignatureAlgorithm]struct {
+		Hash crypto.Hash
+		PSS  bool
+	}{
+		jwa.RS256: {
+			Hash: crypto.SHA256,
+		},
+		jwa.RS384: {
+			Hash: crypto.SHA384,
+		},
+		jwa.RS512: {
+			Hash: crypto.SHA512,
+		},
+		jwa.PS256: {
+			Hash: crypto.SHA256,
+			PSS:  true,
+		},
+		jwa.PS384: {
+			Hash: crypto.SHA384,
+			PSS:  true,
+		},
+		jwa.PS512: {
+			Hash: crypto.SHA512,
+			PSS:  true,
+		},
+	}
+
+	rsaSigners = make(map[jwa.SignatureAlgorithm]*rsaSigner)
+	rsaVerifiers = make(map[jwa.SignatureAlgorithm]*rsaVerifier)
+	for alg, item := range algs {
+		rsaSigners[alg] = &rsaSigner{
+			alg:  alg,
+			hash: item.Hash,
+			pss:  item.PSS,
+		}
+		rsaVerifiers[alg] = &rsaVerifier{
+			alg:  alg,
+			hash: item.Hash,
+			pss:  item.PSS,
+		}
+	}
+}
+
+type rsaSigner struct {
+	alg  jwa.SignatureAlgorithm
+	hash crypto.Hash
+	pss  bool
+}
+
+func newRSASigner(alg jwa.SignatureAlgorithm) Signer {
+	return rsaSigners[alg]
+}
+
+func (rs *rsaSigner) Algorithm() jwa.SignatureAlgorithm {
+	return rs.alg
+}
+
+func (rs *rsaSigner) Sign(payload []byte, key interface{}) ([]byte, error) {
+	if key == nil {
+		return nil, fmt.Errorf(`missing private key while signing payload`)
+	}
+
+	signer, ok := key.(crypto.Signer)
+	if ok {
+		if !isValidRSAKey(key) {
+			return nil, fmt.Errorf(`cannot use key of type %T to generate RSA based signatures`, key)
+		}
+	} else {
+		var privkey rsa.PrivateKey
+		if err := keyconv.RSAPrivateKey(&privkey, key); err != nil {
+			return nil, fmt.Errorf(`failed to retrieve rsa.PrivateKey out of %T: %w`, key, err)
+		}
+		signer = &privkey
+	}
+
+	h := rs.hash.New()
+	if _, err := h.Write(payload); err != nil {
+		return nil, fmt.Errorf(`failed to write payload to hash: %w`, err)
+	}
+	if rs.pss {
+		return signer.Sign(rand.Reader, h.Sum(nil), &rsa.PSSOptions{
+			Hash:       rs.hash,
+			SaltLength: rsa.PSSSaltLengthEqualsHash,
+		})
+	}
+	return signer.Sign(rand.Reader, h.Sum(nil), rs.hash)
+}
+
+type rsaVerifier struct {
+	alg  jwa.SignatureAlgorithm
+	hash crypto.Hash
+	pss  bool
+}
+
+func newRSAVerifier(alg jwa.SignatureAlgorithm) Verifier {
+	return rsaVerifiers[alg]
+}
+
+func (rv *rsaVerifier) Verify(payload, signature []byte, key interface{}) error {
+	if key == nil {
+		return fmt.Errorf(`missing public key while verifying payload`)
+	}
+
+	var pubkey rsa.PublicKey
+	if cs, ok := key.(crypto.Signer); ok {
+		cpub := cs.Public()
+		switch cpub := cpub.(type) {
+		case rsa.PublicKey:
+			pubkey = cpub
+		case *rsa.PublicKey:
+			pubkey = *cpub
+		default:
+			return fmt.Errorf(`failed to retrieve rsa.PublicKey out of crypto.Signer %T`, key)
+		}
+	} else {
+		if err := keyconv.RSAPublicKey(&pubkey, key); err != nil {
+			return fmt.Errorf(`failed to retrieve rsa.PublicKey out of %T: %w`, key, err)
+		}
+	}
+
+	h := rv.hash.New()
+	if _, err := h.Write(payload); err != nil {
+		return fmt.Errorf(`failed to write payload to hash: %w`, err)
+	}
+
+	if rv.pss {
+		return rsa.VerifyPSS(&pubkey, rv.hash, h.Sum(nil), signature, nil)
+	}
+	return rsa.VerifyPKCS1v15(&pubkey, rv.hash, h.Sum(nil), signature)
+}
diff --git a/vendor/github.com/lestrrat-go/jwx/v2/jws/signer.go b/vendor/github.com/lestrrat-go/jwx/v2/jws/signer.go
new file mode 100644
index 000000000..44c8bfb76
--- /dev/null
+++ b/vendor/github.com/lestrrat-go/jwx/v2/jws/signer.go
@@ -0,0 +1,106 @@
+package jws
+
+import (
+	"fmt"
+	"sync"
+
+	"github.com/lestrrat-go/jwx/v2/jwa"
+)
+
+type SignerFactory interface {
+	Create() (Signer, error)
+}
+type SignerFactoryFn func() (Signer, error)
+
+func (fn SignerFactoryFn) Create() (Signer, error) {
+	return fn()
+}
+
+var muSignerDB sync.RWMutex
+var signerDB map[jwa.SignatureAlgorithm]SignerFactory
+
+// RegisterSigner is used to register a factory object that creates
+// Signer objects based on the given algorithm.
+//
+// For example, if you would like to provide a custom signer for
+// jwa.EdDSA, use this function to register a `SignerFactory`
+// (probably in your `init()`)
+//
+// Unlike the `UnregisterSigner` function, this function automatically
+// calls `jwa.RegisterSignatureAlgorithm` to register the algorithm
+// in the known algorithms database.
+func RegisterSigner(alg jwa.SignatureAlgorithm, f SignerFactory) {
+	jwa.RegisterSignatureAlgorithm(alg)
+	muSignerDB.Lock()
+	signerDB[alg] = f
+	muSignerDB.Unlock()
+}
+
+// UnregisterSigner removes the signer factory associated with
+// the given algorithm.
+//
+// Note that when you call this function, the algorithm itself is
+// not automatically unregistered from the known algorithms database.
+// This is because the algorithm may still be required for verification or
+// some other operation (however unlikely, it is still possible).
+// Therefore, in order to completely remove the algorithm, you must
+// call `jwa.UnregisterSignatureAlgorithm` yourself.
+func UnregisterSigner(alg jwa.SignatureAlgorithm) {
+	muSignerDB.Lock()
+	delete(signerDB, alg)
+	muSignerDB.Unlock()
+}
+
+func init() {
+	signerDB = make(map[jwa.SignatureAlgorithm]SignerFactory)
+
+	for _, alg := range []jwa.SignatureAlgorithm{jwa.RS256, jwa.RS384, jwa.RS512, jwa.PS256, jwa.PS384, jwa.PS512} {
+		RegisterSigner(alg, func(alg jwa.SignatureAlgorithm) SignerFactory {
+			return SignerFactoryFn(func() (Signer, error) {
+				return newRSASigner(alg), nil
+			})
+		}(alg))
+	}
+
+	for _, alg := range []jwa.SignatureAlgorithm{jwa.ES256, jwa.ES384, jwa.ES512, jwa.ES256K} {
+		RegisterSigner(alg, func(alg jwa.SignatureAlgorithm) SignerFactory {
+			return SignerFactoryFn(func() (Signer, error) {
+				return newECDSASigner(alg), nil
+			})
+		}(alg))
+	}
+
+	for _, alg := range []jwa.SignatureAlgorithm{jwa.HS256, jwa.HS384, jwa.HS512} {
+		RegisterSigner(alg, func(alg jwa.SignatureAlgorithm) SignerFactory {
+			return SignerFactoryFn(func() (Signer, error) {
+				return newHMACSigner(alg), nil
+			})
+		}(alg))
+	}
+
+	RegisterSigner(jwa.EdDSA, SignerFactoryFn(func() (Signer, error) {
+		return newEdDSASigner(), nil
+	}))
+}
+
+// NewSigner creates a signer that signs payloads using the given signature algorithm.
+func NewSigner(alg jwa.SignatureAlgorithm) (Signer, error) {
+	muSignerDB.RLock()
+	f, ok := signerDB[alg]
+	muSignerDB.RUnlock()
+
+	if ok {
+		return f.Create()
+	}
+	return nil, fmt.Errorf(`unsupported signature algorithm "%s"`, alg)
+}
+
+type noneSigner struct{}
+
+func (noneSigner) Algorithm() jwa.SignatureAlgorithm {
+	return jwa.NoSignature
+}
+
+func (noneSigner) Sign([]byte, interface{}) ([]byte, error) {
+	return nil, nil
+}
diff --git a/vendor/github.com/lestrrat-go/jwx/v2/jws/verifier.go b/vendor/github.com/lestrrat-go/jwx/v2/jws/verifier.go
new file mode 100644
index 000000000..2dd29c848
--- /dev/null
+++ b/vendor/github.com/lestrrat-go/jwx/v2/jws/verifier.go
@@ -0,0 +1,96 @@
+package jws
+
+import (
+	"fmt"
+	"sync"
+
+	"github.com/lestrrat-go/jwx/v2/jwa"
+)
+
+type VerifierFactory interface {
+	Create() (Verifier, error)
+}
+type VerifierFactoryFn func() (Verifier, error)
+
+func (fn VerifierFactoryFn) Create() (Verifier, error) {
+	return fn()
+}
+
+var muVerifierDB sync.RWMutex
+var verifierDB map[jwa.SignatureAlgorithm]VerifierFactory
+
+// RegisterVerifier is used to register a factory object that creates
+// Verifier objects based on the given algorithm.
+//
+// For example, if you would like to provide a custom verifier for
+// jwa.EdDSA, use this function to register a `VerifierFactory`
+// (probably in your `init()`)
+//
+// Unlike the `UnregisterVerifier` function, this function automatically
+// calls `jwa.RegisterSignatureAlgorithm` to register the algorithm
+// in the known algorithms database.
+func RegisterVerifier(alg jwa.SignatureAlgorithm, f VerifierFactory) {
+	jwa.RegisterSignatureAlgorithm(alg)
+	muVerifierDB.Lock()
+	verifierDB[alg] = f
+	muVerifierDB.Unlock()
+}
+
+// UnregisterVerifier removes the signer factory associated with
+// the given algorithm.
+//
+// Note that when you call this function, the algorithm itself is
+// not automatically unregistered from the known algorithms database.
+// This is because the algorithm may still be required for signing or
+// some other operation (however unlikely, it is still possible).
+// Therefore, in order to completely remove the algorithm, you must
+// call `jwa.UnregisterSignatureAlgorithm` yourself.
+func UnregisterVerifier(alg jwa.SignatureAlgorithm) {
+	muVerifierDB.Lock()
+	delete(verifierDB, alg)
+	muVerifierDB.Unlock()
+}
+
+func init() {
+	verifierDB = make(map[jwa.SignatureAlgorithm]VerifierFactory)
+
+	for _, alg := range []jwa.SignatureAlgorithm{jwa.RS256, jwa.RS384, jwa.RS512, jwa.PS256, jwa.PS384, jwa.PS512} {
+		RegisterVerifier(alg, func(alg jwa.SignatureAlgorithm) VerifierFactory {
+			return VerifierFactoryFn(func() (Verifier, error) {
+				return newRSAVerifier(alg), nil
+			})
+		}(alg))
+	}
+
+	for _, alg := range []jwa.SignatureAlgorithm{jwa.ES256, jwa.ES384, jwa.ES512, jwa.ES256K} {
+		RegisterVerifier(alg, func(alg jwa.SignatureAlgorithm) VerifierFactory {
+			return VerifierFactoryFn(func() (Verifier, error) {
+				return newECDSAVerifier(alg), nil
+			})
+		}(alg))
+	}
+
+	for _, alg := range []jwa.SignatureAlgorithm{jwa.HS256, jwa.HS384, jwa.HS512} {
+		RegisterVerifier(alg, func(alg jwa.SignatureAlgorithm) VerifierFactory {
+			return VerifierFactoryFn(func() (Verifier, error) {
+				return newHMACVerifier(alg), nil
+			})
+		}(alg))
+	}
+
+	RegisterVerifier(jwa.EdDSA, VerifierFactoryFn(func() (Verifier, error) {
+		return newEdDSAVerifier(), nil
+	}))
+}
+
+// NewVerifier creates a verifier that signs payloads using the given signature algorithm.
+func NewVerifier(alg jwa.SignatureAlgorithm) (Verifier, error) {
+	muVerifierDB.RLock()
+	f, ok := verifierDB[alg]
+	muVerifierDB.RUnlock()
+
+	if ok {
+		return f.Create()
+	}
+	return nil, fmt.Errorf(`unsupported signature algorithm "%s"`, alg)
+}
diff --git a/vendor/github.com/lestrrat-go/jwx/v2/x25519/BUILD.bazel b/vendor/github.com/lestrrat-go/jwx/v2/x25519/BUILD.bazel
new file mode 100644
index 000000000..bfcc136bf
--- /dev/null
+++ b/vendor/github.com/lestrrat-go/jwx/v2/x25519/BUILD.bazel
@@ -0,0 +1,24 @@
+load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test")
+
+go_library(
+    name = "x25519",
+    srcs = ["x25519.go"],
+    importpath = "github.com/lestrrat-go/jwx/v2/x25519",
+    visibility = ["//visibility:public"],
+    deps = ["@org_golang_x_crypto//curve25519"],
+)
+
+go_test(
+    name = "x25519_test",
+    srcs = ["x25519_test.go"],
+    deps = [
+        ":x25519",
+        "@com_github_stretchr_testify//assert",
+    ],
+)
+
+alias(
+    name = "go_default_library",
+    actual = ":x25519",
+    visibility = ["//visibility:public"],
+)
diff --git a/vendor/github.com/lestrrat-go/jwx/v2/x25519/x25519.go b/vendor/github.com/lestrrat-go/jwx/v2/x25519/x25519.go
new file mode 100644
index 000000000..0f9e32cbc
--- /dev/null
+++ b/vendor/github.com/lestrrat-go/jwx/v2/x25519/x25519.go
@@ -0,0 +1,115 @@
+package x25519
+
+import (
+	"bytes"
+	"crypto"
+	cryptorand "crypto/rand"
+	"fmt"
+	"io"
+
+	"golang.org/x/crypto/curve25519"
+)
+
+// This mirrors ed25519's structure for private/public "keys". jwx
+// requires dedicated types for these as they drive
+// serialization/deserialization logic, as well as encryption types.
+//
+// Note that with the x25519 scheme, the private key is a sequence of
+// 32 bytes, while the public key is the result of X25519(private,
+// basepoint).
+//
+// Portions of this file are from Go's ed25519.go, which is
+// Copyright 2016 The Go Authors. All rights reserved.
+
+const (
+	// PublicKeySize is the size, in bytes, of public keys as used in this package.
+	PublicKeySize = 32
+	// PrivateKeySize is the size, in bytes, of private keys as used in this package.
+	PrivateKeySize = 64
+	// SeedSize is the size, in bytes, of private key seeds. These are the private key representations used by RFC 8032.
+	SeedSize = 32
+)
+
+// PublicKey is the type of X25519 public keys
+type PublicKey []byte
+
+// Any methods implemented on PublicKey might need to also be implemented on
+// PrivateKey, as the latter embeds the former and will expose its methods.
+
+// Equal reports whether pub and x have the same value.
+func (pub PublicKey) Equal(x crypto.PublicKey) bool {
+	xx, ok := x.(PublicKey)
+	if !ok {
+		return false
+	}
+	return bytes.Equal(pub, xx)
+}
+
+// PrivateKey is the type of X25519 private key
+type PrivateKey []byte
+
+// Public returns the PublicKey corresponding to priv.
+func (priv PrivateKey) Public() crypto.PublicKey {
+	publicKey := make([]byte, PublicKeySize)
+	copy(publicKey, priv[SeedSize:])
+	return PublicKey(publicKey)
+}
+
+// Equal reports whether priv and x have the same value.
+func (priv PrivateKey) Equal(x crypto.PrivateKey) bool {
+	xx, ok := x.(PrivateKey)
+	if !ok {
+		return false
+	}
+	return bytes.Equal(priv, xx)
+}
+
+// Seed returns the private key seed corresponding to priv. It is provided for
+// interoperability with RFC 7748. RFC 7748's private keys correspond to seeds
+// in this package.
+func (priv PrivateKey) Seed() []byte {
+	seed := make([]byte, SeedSize)
+	copy(seed, priv[:SeedSize])
+	return seed
+}
+
+// NewKeyFromSeed calculates a private key from a seed. It will return
+// an error if len(seed) is not SeedSize. This function is provided
+// for interoperability with RFC 7748. RFC 7748's private keys
+// correspond to seeds in this package.
+func NewKeyFromSeed(seed []byte) (PrivateKey, error) {
+	privateKey := make([]byte, PrivateKeySize)
+	if len(seed) != SeedSize {
+		return nil, fmt.Errorf("unexpected seed size: %d", len(seed))
+	}
+	copy(privateKey, seed)
+	public, err := curve25519.X25519(seed, curve25519.Basepoint)
+	if err != nil {
+		return nil, fmt.Errorf(`failed to compute public key: %w`, err)
+	}
+	copy(privateKey[SeedSize:], public)
+
+	return privateKey, nil
+}
+
+// GenerateKey generates a public/private key pair using entropy from rand.
+// If rand is nil, crypto/rand.Reader will be used.
+func GenerateKey(rand io.Reader) (PublicKey, PrivateKey, error) {
+	if rand == nil {
+		rand = cryptorand.Reader
+	}
+
+	seed := make([]byte, SeedSize)
+	if _, err := io.ReadFull(rand, seed); err != nil {
+		return nil, nil, err
+	}
+
+	privateKey, err := NewKeyFromSeed(seed)
+	if err != nil {
+		return nil, nil, err
+	}
+	publicKey := make([]byte, PublicKeySize)
+	copy(publicKey, privateKey[SeedSize:])
+
+	return publicKey, privateKey, nil
+}
diff --git a/vendor/github.com/lestrrat-go/option/.gitignore b/vendor/github.com/lestrrat-go/option/.gitignore
new file mode 100644
index 000000000..66fd13c90
--- /dev/null
+++ b/vendor/github.com/lestrrat-go/option/.gitignore
@@ -0,0 +1,15 @@
+# Binaries for programs and plugins
+*.exe
+*.exe~
+*.dll
+*.so
+*.dylib
+
+# Test binary, built with `go test -c`
+*.test
+
+# Output of the go coverage tool, specifically when used with LiteIDE
+*.out
+
+# Dependency directories (remove the comment below to include it)
+# vendor/
diff --git a/vendor/github.com/lestrrat-go/option/LICENSE b/vendor/github.com/lestrrat-go/option/LICENSE
new file mode 100644
index 000000000..188ea7685
--- /dev/null
+++ b/vendor/github.com/lestrrat-go/option/LICENSE
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2021 lestrrat-go
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/vendor/github.com/lestrrat-go/option/README.md b/vendor/github.com/lestrrat-go/option/README.md
new file mode 100644
index 000000000..cab0044ed
--- /dev/null
+++ b/vendor/github.com/lestrrat-go/option/README.md
@@ -0,0 +1,245 @@
+# option
+
+Base object for the "Optional Parameters Pattern".
+
+# DESCRIPTION
+
+The beauty of this pattern is that you can achieve a method that can
+take the following simple calling style
+
+```go
+obj.Method(mandatory1, mandatory2)
+```
+
+or the following, if you want to modify its behavior with optional parameters
+
+```go
+obj.Method(mandatory1, mandatory2, optional1, optional2, optional3)
+```
+
+Instead of the more clunky zero value for optionals style
+
+```go
+obj.Method(mandatory1, mandatory2, nil, "", 0)
+```
+
+or the equally clunky config object style, which requires you to create a
+struct with `NamesThatLookReallyLongBecauseItNeedsToIncludeMethodNamesConfig	
+
+```go
+cfg := &ConfigForMethod{
+ Optional1: ...,
+ Optional2: ...,
+ Optional3: ...,
+}
+obj.Method(mandatory1, mandatory2, &cfg)
+```
+
+# SYNOPSIS 
+
+Create an "identifier" for the option. We recommend using an unexported empty struct,
+because
+
+1. It is uniquely identifiable globally
+1. Takes minimal space
+1. Since it's unexported, you do not have to worry about it leaking elsewhere or having it changed by consumers
+
+```go
+// an unexported empty struct
+type identFeatureX struct{} 
+```
+
+Then define a method to create an option using this identifier. Here we assume
+that the option will be a boolean option.
+
+```go
+// this is optional, but for readability we usually use a wrapper
+// around option.Interface, or a type alias.
+type Option
+func WithFeatureX(v bool) Option {
+  // use the constructor to create a new option
+  return option.New(identFeatureX{}, v)
+}
+```
+
+Now you can create an option, which essentially a two element tuple consisting
+of an identifier and its associated value.
+
+To consume this, you will need to create a function with variadic parameters,
+and iterate over the list looking for a particular identifier:
+
+```go
+func MyAwesomeFunc( /* mandatory parameters omitted */, options ...[]Option) {
+  var enableFeatureX bool
+  // The nolint directive is recommended if you are using linters such
+  // as golangci-lint
+  //nolint:forcetypeassert 
+  for _, option := range options {
+    switch option.Ident() {
+    case identFeatureX{}:
+      enableFeatureX = option.Value().(bool)
+    // other cases omitted
+    }
+  }
+  if enableFeatureX {
+    ....
+  }
+}
+```
+
+# Option objects
+
+Option objects take two arguments, its identifier and the value it contains.
+
+The identifier can be anything, but it's usually better to use a an unexported
+empty struct so that only you have the ability to generate said option:
+
+```go
+type identOptionalParamOne struct{}
+type identOptionalParamTwo struct{}
+type identOptionalParamThree struct{}
+
+func WithOptionOne(v ...) Option {
+	return option.New(identOptionalParamOne{}, v)
+}
+```
+
+Then you can call the method we described above as
+
+```go
+obj.Method(m1, m2, WithOptionOne(...), WithOptionTwo(...), WithOptionThree(...))
+```
+
+Options should be parsed in a code that looks somewhat like this
+
+```go
+func (obj *Object) Method(m1 Type1, m2 Type2, options ...Option) {
+  paramOne := defaultValueParamOne
+  for _, option := range options {
+    switch option.Ident() {
+    case identOptionalParamOne{}:
+      paramOne = option.Value().(...)
+    }
+  }
+  ...
+}
+```
+
+The loop requires a bit of boilerplate, and admittedly, this is the main downside
+of this module. However, if you think you want use the Option as a Function pattern,
+please check the FAQ below for rationale.
+
+# Simple usage
+
+Most of the times all you need to do is to declare the Option type as an alias
+in your code:
+
+```go
+package myawesomepkg
+
+import "github.com/lestrrat-go/option"
+
+type Option = option.Interface
+```
+
+Then you can start defining options like they are described in the SYNOPSIS section.
+
+# Differentiating Options
+
+When you have multiple methods and options, and those options can only be passed to
+each one the methods, it's hard to see which options should be passed to which method.
+
+```go
+func WithX() Option { ... }
+func WithY() Option { ... }
+
+// Now, which of WithX/WithY go to which method?
+func (*Obj) Method1(options ...Option) {}
+func (*Obj) Method2(options ...Option) {}
+```
+
+In this case the easiest way to make it obvious is to put an extra layer around
+the options so that they have different types
+
+```go
+type Method1Option interface {
+  Option
+  method1Option()
+}
+
+type method1Option struct { Option }
+func (*method1Option) method1Option() {}
+
+func WithX() Method1Option {
+  return &methodOption{option.New(...)}
+}
+
+func (*Obj) Method1(options ...Method1Option) {}
+```
+
+This way the compiler knows if an option can be passed to a given method.
+
+# FAQ
+
+## Why aren't these function-based?
+
+Using a base option type like `type Option func(ctx interface{})` is certainly one way to achieve the same goal. In this case, you are giving the option itself the ability to "configure" the main object. For example:
+
+```go
+type Foo struct {
+  optionaValue bool
+}
+
+type Option func(*Foo) error
+
+func WithOptionalValue(v bool) Option {
+  return Option(func(f *Foo) error {
+    f.optionalValue = v
+    return nil
+  })
+}
+
+func NewFoo(options ...Option) (*Foo, error) {
+  var f Foo
+  for _, o := range options {
+    if err := o(&f); err != nil {
+      return nil, err
+    }
+  }
+  return &f
+}
+```
+
+This in itself is fine, but we think there are a few problems:
+
+### 1. It's hard to create a reusable "Option" type
+
+We create many libraries using this optional pattern. We would like to provide a default base object. However, this function based approach is not reusuable because each "Option" type requires that it has a context-specific input type. For example, if the "Option" type in the previous example was `func(interface{}) error`, then its usability will significantly decrease because of the type conversion.
+
+This is not to say that this library's approach is better as it also requires type conversion to convert the _value_ of the option. However, part of the beauty of the original function based approach was the ease of its use, and we claim that this significantly decreases the merits of the function based approach.
+
+### 2. The receiver requires exported fields
+
+Part of the appeal for a function-based option pattern is by giving the option itself the ability to do what it wants, you open up the possibility of allowing third-parties to create options that do things that the library authors did not think about.
+
+```go
+package thirdparty
+, but when I read drum sheet music, I kind of get thrown off b/c many times it says to hit the bass drum where I feel like it's a snare hit.
+func WithMyAwesomeOption( ... ) mypkg.Option  {
+  return mypkg.Option(func(f *mypkg) error {
+    f.X = ...
+    f.Y = ...
+    f.Z = ...
+    return nil
+  })
+}
+```
+
+However, for any third party code to access and set field values, these fields (`X`, `Y`, `Z`) must be exported. Basically you will need an "open" struct.
+
+Exported fields are absolutely no problem when you have a struct that represents data alone (i.e., API calls that refer or change state information) happen, but we think that casually expose fields for a library struct is a sure way to maintenance hell in the future. What happens when you want to change the API? What happens when you realize that you want to use the field as state (i.e. use it for more than configuration)? What if they kept referring to that field, and then you have concurrent code accessing it?
+
+Giving third parties complete access to exported fields is like handing out a loaded weapon to the users, and you are at their mercy.
+
+Of course, providing public APIs for everything so you can validate and control concurrency is an option, but then ... it's a lot of work, and you may have to provide APIs _only_ so that users can refer it in the option-configuration phase. That sounds like a lot of extra work.
+
diff --git a/vendor/github.com/lestrrat-go/option/option.go b/vendor/github.com/lestrrat-go/option/option.go
new file mode 100644
index 000000000..bfdbb118c
--- /dev/null
+++ b/vendor/github.com/lestrrat-go/option/option.go
@@ -0,0 +1,38 @@
+package option
+
+import "fmt"
+
+// Interface defines the minimum interface that an option must fulfill
+type Interface interface {
+	// Ident returns the "identity" of this option, a unique identifier that
+	// can be used to differentiate between options
+	Ident() interface{}
+
+	// Value returns the corresponding value.
+	Value() interface{}
+}
+
+type pair struct {
+	ident interface{}
+	value interface{}
+}
+
+// New creates a new Option
+func New(ident, value interface{}) Interface {
+	return &pair{
+		ident: ident,
+		value: value,
+	}
+}
+
+func (p *pair) Ident() interface{} {
+	return p.ident
+}
+
+func (p *pair) Value() interface{} {
+	return p.value
+}
+
+func (p *pair) String() string {
+	return fmt.Sprintf(`%v(%v)`, p.ident, p.value)
+}
diff --git a/vendor/github.com/letsencrypt/boulder/core/challenges.go b/vendor/github.com/letsencrypt/boulder/core/challenges.go
index 4b4a67c48..1d7e2408d 100644
--- a/vendor/github.com/letsencrypt/boulder/core/challenges.go
+++ b/vendor/github.com/letsencrypt/boulder/core/challenges.go
@@ -1,5 +1,7 @@
 package core
 
+import "fmt"
+
 func newChallenge(challengeType AcmeChallenge, token string) Challenge {
 	return Challenge{
 		Type:   challengeType,
@@ -25,3 +27,19 @@ func DNSChallenge01(token string) Challenge {
 func TLSALPNChallenge01(token string) Challenge {
 	return newChallenge(ChallengeTypeTLSALPN01, token)
 }
+
+// NewChallenge constructs a random challenge of the given kind. It returns an
+// error if the challenge type is unrecognized. If token is empty a random token
+// will be generated, otherwise the provided token is used.
+func NewChallenge(kind AcmeChallenge, token string) (Challenge, error) {
+	switch kind {
+	case ChallengeTypeHTTP01:
+		return HTTPChallenge01(token), nil
+	case ChallengeTypeDNS01:
+		return DNSChallenge01(token), nil
+	case ChallengeTypeTLSALPN01:
+		return TLSALPNChallenge01(token), nil
+	default:
+		return Challenge{}, fmt.Errorf("unrecognized challenge type %q", kind)
+	}
+}
diff --git a/vendor/github.com/letsencrypt/boulder/core/interfaces.go b/vendor/github.com/letsencrypt/boulder/core/interfaces.go
index 6846bf888..003329c3f 100644
--- a/vendor/github.com/letsencrypt/boulder/core/interfaces.go
+++ b/vendor/github.com/letsencrypt/boulder/core/interfaces.go
@@ -7,7 +7,8 @@ import (
 // PolicyAuthority defines the public interface for the Boulder PA
 // TODO(#5891): Move this interface to a more appropriate location.
 type PolicyAuthority interface {
-	WillingToIssueWildcards(identifiers []identifier.ACMEIdentifier) error
-	ChallengesFor(domain identifier.ACMEIdentifier) ([]Challenge, error)
-	ChallengeTypeEnabled(t AcmeChallenge) bool
+	WillingToIssueWildcards([]identifier.ACMEIdentifier) error
+	ChallengesFor(identifier.ACMEIdentifier) ([]Challenge, error)
+	ChallengeTypeEnabled(AcmeChallenge) bool
+	CheckAuthz(*Authorization) error
 }
diff --git a/vendor/github.com/letsencrypt/boulder/core/objects.go b/vendor/github.com/letsencrypt/boulder/core/objects.go
index 47ba4b70c..b52f0f5e0 100644
--- a/vendor/github.com/letsencrypt/boulder/core/objects.go
+++ b/vendor/github.com/letsencrypt/boulder/core/objects.go
@@ -2,7 +2,6 @@ package core
 
 import (
 	"crypto"
-	"crypto/x509"
 	"encoding/base64"
 	"encoding/json"
 	"fmt"
@@ -12,7 +11,7 @@ import (
 	"time"
 
 	"golang.org/x/crypto/ocsp"
-	"gopkg.in/square/go-jose.v2"
+	"gopkg.in/go-jose/go-jose.v2"
 
 	"github.com/letsencrypt/boulder/identifier"
 	"github.com/letsencrypt/boulder/probs"
@@ -53,7 +52,6 @@ const (
 type AcmeChallenge string
 
 // These types are the available challenges
-// TODO(#5009): Make this a custom type as well.
 const (
 	ChallengeTypeHTTP01    = AcmeChallenge("http-01")
 	ChallengeTypeDNS01     = AcmeChallenge("dns-01")
@@ -77,54 +75,25 @@ type OCSPStatus string
 const (
 	OCSPStatusGood    = OCSPStatus("good")
 	OCSPStatusRevoked = OCSPStatus("revoked")
+	// Not a real OCSP status. This is a placeholder we write before the
+	// actual precertificate is issued, to ensure we never return "good" before
+	// issuance succeeds, for BR compliance reasons.
+	OCSPStatusNotReady = OCSPStatus("wait")
 )
 
 var OCSPStatusToInt = map[OCSPStatus]int{
-	OCSPStatusGood:    ocsp.Good,
-	OCSPStatusRevoked: ocsp.Revoked,
+	OCSPStatusGood:     ocsp.Good,
+	OCSPStatusRevoked:  ocsp.Revoked,
+	OCSPStatusNotReady: -1,
 }
 
 // DNSPrefix is attached to DNS names in DNS challenges
 const DNSPrefix = "_acme-challenge"
 
-// CertificateRequest is just a CSR
-//
-// This data is unmarshalled from JSON by way of RawCertificateRequest, which
-// represents the actual structure received from the client.
-type CertificateRequest struct {
-	CSR   *x509.CertificateRequest // The CSR
-	Bytes []byte                   // The original bytes of the CSR, for logging.
-}
-
 type RawCertificateRequest struct {
 	CSR JSONBuffer `json:"csr"` // The encoded CSR
 }
 
-// UnmarshalJSON provides an implementation for decoding CertificateRequest objects.
-func (cr *CertificateRequest) UnmarshalJSON(data []byte) error {
-	var raw RawCertificateRequest
-	err := json.Unmarshal(data, &raw)
-	if err != nil {
-		return err
-	}
-
-	csr, err := x509.ParseCertificateRequest(raw.CSR)
-	if err != nil {
-		return err
-	}
-
-	cr.CSR = csr
-	cr.Bytes = raw.CSR
-	return nil
-}
-
-// MarshalJSON provides an implementation for encoding CertificateRequest objects.
-func (cr CertificateRequest) MarshalJSON() ([]byte, error) {
-	return json.Marshal(RawCertificateRequest{
-		CSR: cr.CSR.Raw,
-	})
-}
-
 // Registration objects represent non-public metadata attached
 // to account keys.
 type Registration struct {
@@ -156,7 +125,7 @@ type ValidationRecord struct {
 	URL string `json:"url,omitempty"`
 
 	// Shared
-	Hostname          string   `json:"hostname"`
+	Hostname          string   `json:"hostname,omitempty"`
 	Port              string   `json:"port,omitempty"`
 	AddressesResolved []net.IP `json:"addressesResolved,omitempty"`
 	AddressUsed       net.IP   `json:"addressUsed,omitempty"`
@@ -373,14 +342,18 @@ type Authorization struct {
 	// slice and the order of these challenges may not be predictable.
 	Challenges []Challenge `json:"challenges,omitempty" db:"-"`
 
-	// This field is deprecated. It's filled in by WFE for the ACMEv1 API.
-	Combinations [][]int `json:"combinations,omitempty" db:"combinations"`
-
-	// Wildcard is a Boulder-specific Authorization field that indicates the
-	// authorization was created as a result of an order containing a name with
-	// a `*.`wildcard prefix. This will help convey to users that an
-	// Authorization with the identifier `example.com` and one DNS-01 challenge
-	// corresponds to a name `*.example.com` from an associated order.
+	// https://datatracker.ietf.org/doc/html/rfc8555#page-29
+	//
+	// wildcard (optional, boolean):  This field MUST be present and true
+	//   for authorizations created as a result of a newOrder request
+	//   containing a DNS identifier with a value that was a wildcard
+	//   domain name.  For other authorizations, it MUST be absent.
+	//   Wildcard domain names are described in Section 7.1.3.
+	//
+	// This is not represented in the database because we calculate it from
+	// the identifier stored in the database. Unlike the identifier returned
+	// as part of the authorization, the identifier we store in the database
+	// can contain an asterisk.
 	Wildcard bool `json:"wildcard,omitempty" db:"-"`
 }
 
@@ -399,38 +372,25 @@ func (authz *Authorization) FindChallengeByStringID(id string) int {
 // SolvedBy will look through the Authorizations challenges, returning the type
 // of the *first* challenge it finds with Status: valid, or an error if no
 // challenge is valid.
-func (authz *Authorization) SolvedBy() (*AcmeChallenge, error) {
+func (authz *Authorization) SolvedBy() (AcmeChallenge, error) {
 	if len(authz.Challenges) == 0 {
-		return nil, fmt.Errorf("Authorization has no challenges")
+		return "", fmt.Errorf("Authorization has no challenges")
 	}
 	for _, chal := range authz.Challenges {
 		if chal.Status == StatusValid {
-			return &chal.Type, nil
+			return chal.Type, nil
 		}
 	}
-	return nil, fmt.Errorf("Authorization not solved by any challenge")
+	return "", fmt.Errorf("Authorization not solved by any challenge")
 }
 
 // JSONBuffer fields get encoded and decoded JOSE-style, in base64url encoding
 // with stripped padding.
 type JSONBuffer []byte
 
-// URL-safe base64 encode that strips padding
-func base64URLEncode(data []byte) string {
-	var result = base64.URLEncoding.EncodeToString(data)
-	return strings.TrimRight(result, "=")
-}
-
-// URL-safe base64 decoder that adds padding
-func base64URLDecode(data string) ([]byte, error) {
-	var missing = (4 - len(data)%4) % 4
-	data += strings.Repeat("=", missing)
-	return base64.URLEncoding.DecodeString(data)
-}
-
 // MarshalJSON encodes a JSONBuffer for transmission.
 func (jb JSONBuffer) MarshalJSON() (result []byte, err error) {
-	return json.Marshal(base64URLEncode(jb))
+	return json.Marshal(base64.RawURLEncoding.EncodeToString(jb))
 }
 
 // UnmarshalJSON decodes a JSONBuffer to an object.
@@ -440,7 +400,7 @@ func (jb *JSONBuffer) UnmarshalJSON(data []byte) (err error) {
 	if err != nil {
 		return err
 	}
-	*jb, err = base64URLDecode(str)
+	*jb, err = base64.RawURLEncoding.DecodeString(strings.TrimRight(str, "="))
 	return
 }
 
@@ -458,53 +418,46 @@ type Certificate struct {
 }
 
 // CertificateStatus structs are internal to the server. They represent the
-// latest data about the status of the certificate, required for OCSP updating
-// and for validating that the subscriber has accepted the certificate.
+// latest data about the status of the certificate, required for generating new
+// OCSP responses and determining if a certificate has been revoked.
 type CertificateStatus struct {
 	ID int64 `db:"id"`
 
 	Serial string `db:"serial"`
 
 	// status: 'good' or 'revoked'. Note that good, expired certificates remain
-	//   with status 'good' but don't necessarily get fresh OCSP responses.
+	// with status 'good' but don't necessarily get fresh OCSP responses.
 	Status OCSPStatus `db:"status"`
 
 	// ocspLastUpdated: The date and time of the last time we generated an OCSP
-	//   response. If we have never generated one, this has the zero value of
-	//   time.Time, i.e. Jan 1 1970.
+	// response. If we have never generated one, this has the zero value of
+	// time.Time, i.e. Jan 1 1970.
 	OCSPLastUpdated time.Time `db:"ocspLastUpdated"`
 
 	// revokedDate: If status is 'revoked', this is the date and time it was
-	//   revoked. Otherwise it has the zero value of time.Time, i.e. Jan 1 1970.
+	// revoked. Otherwise it has the zero value of time.Time, i.e. Jan 1 1970.
 	RevokedDate time.Time `db:"revokedDate"`
 
 	// revokedReason: If status is 'revoked', this is the reason code for the
-	//   revocation. Otherwise it is zero (which happens to be the reason
-	//   code for 'unspecified').
+	// revocation. Otherwise it is zero (which happens to be the reason
+	// code for 'unspecified').
 	RevokedReason revocation.Reason `db:"revokedReason"`
 
 	LastExpirationNagSent time.Time `db:"lastExpirationNagSent"`
 
-	// The encoded and signed OCSP response.
-	OCSPResponse []byte `db:"ocspResponse"`
-
-	// For performance reasons[0] we duplicate the `Expires` field of the
-	// `Certificates` object/table in `CertificateStatus` to avoid a costly `JOIN`
-	// later on just to retrieve this `Time` value. This helps both the OCSP
-	// updater and the expiration-mailer stay performant.
-	//
-	// Similarly, we add an explicit `IsExpired` boolean to `CertificateStatus`
-	// table that the OCSP updater so that the database can create a meaningful
-	// index on `(isExpired, ocspLastUpdated)` without a `JOIN` on `certificates`.
-	// For more detail see Boulder #1864[0].
-	//
-	// [0]: https://github.com/letsencrypt/boulder/issues/1864
+	// NotAfter and IsExpired are convenience columns which allow expensive
+	// queries to quickly filter out certificates that we don't need to care about
+	// anymore. These are particularly useful for the expiration mailer and CRL
+	// updater. See https://github.com/letsencrypt/boulder/issues/1864.
 	NotAfter  time.Time `db:"notAfter"`
 	IsExpired bool      `db:"isExpired"`
 
-	// TODO(#5152): Change this to an issuance.Issuer(Name)ID after it no longer
-	// has to support both IssuerNameIDs and IssuerIDs.
-	IssuerID int64
+	// Note: this is not an issuance.IssuerNameID because that would create an
+	// import cycle between core and issuance.
+	// Note2: This field used to be called `issuerID`. We keep the old name in
+	// the DB, but update the Go field name to be clear which type of ID this
+	// is.
+	IssuerNameID int64 `db:"issuerID"`
 }
 
 // FQDNSet contains the SHA256 hash of the lowercased, comma joined dNSNames
@@ -553,7 +506,7 @@ func RenewalInfoSimple(issued time.Time, expires time.Time) RenewalInfo {
 }
 
 // RenewalInfoImmediate constructs a `RenewalInfo` object with a suggested
-// window in the past. Per the draft-ietf-acme-ari-00 spec, clients should
+// window in the past. Per the draft-ietf-acme-ari-01 spec, clients should
 // attempt to renew immediately if the suggested window is in the past. The
 // passed `now` is assumed to be a timestamp representing the current moment in
 // time.
diff --git a/vendor/github.com/letsencrypt/boulder/core/proto/core.pb.go b/vendor/github.com/letsencrypt/boulder/core/proto/core.pb.go
deleted file mode 100644
index 02b3515bd..000000000
--- a/vendor/github.com/letsencrypt/boulder/core/proto/core.pb.go
+++ /dev/null
@@ -1,1182 +0,0 @@
-// Code generated by protoc-gen-go. DO NOT EDIT.
-// versions:
-// 	protoc-gen-go v1.28.0
-// 	protoc        v3.20.1
-// source: core.proto
-
-package proto
-
-import (
-	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
-	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
-	reflect "reflect"
-	sync "sync"
-)
-
-const (
-	// Verify that this generated code is sufficiently up-to-date.
-	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
-	// Verify that runtime/protoimpl is sufficiently up-to-date.
-	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
-)
-
-type Challenge struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Id                int64               `protobuf:"varint,1,opt,name=id,proto3" json:"id,omitempty"`
-	Type              string              `protobuf:"bytes,2,opt,name=type,proto3" json:"type,omitempty"`
-	Status            string              `protobuf:"bytes,6,opt,name=status,proto3" json:"status,omitempty"`
-	Uri               string              `protobuf:"bytes,9,opt,name=uri,proto3" json:"uri,omitempty"`
-	Token             string              `protobuf:"bytes,3,opt,name=token,proto3" json:"token,omitempty"`
-	KeyAuthorization  string              `protobuf:"bytes,5,opt,name=keyAuthorization,proto3" json:"keyAuthorization,omitempty"`
-	Validationrecords []*ValidationRecord `protobuf:"bytes,10,rep,name=validationrecords,proto3" json:"validationrecords,omitempty"`
-	Error             *ProblemDetails     `protobuf:"bytes,7,opt,name=error,proto3" json:"error,omitempty"`
-	Validated         int64               `protobuf:"varint,11,opt,name=validated,proto3" json:"validated,omitempty"`
-}
-
-func (x *Challenge) Reset() {
-	*x = Challenge{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_core_proto_msgTypes[0]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *Challenge) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*Challenge) ProtoMessage() {}
-
-func (x *Challenge) ProtoReflect() protoreflect.Message {
-	mi := &file_core_proto_msgTypes[0]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use Challenge.ProtoReflect.Descriptor instead.
-func (*Challenge) Descriptor() ([]byte, []int) {
-	return file_core_proto_rawDescGZIP(), []int{0}
-}
-
-func (x *Challenge) GetId() int64 {
-	if x != nil {
-		return x.Id
-	}
-	return 0
-}
-
-func (x *Challenge) GetType() string {
-	if x != nil {
-		return x.Type
-	}
-	return ""
-}
-
-func (x *Challenge) GetStatus() string {
-	if x != nil {
-		return x.Status
-	}
-	return ""
-}
-
-func (x *Challenge) GetUri() string {
-	if x != nil {
-		return x.Uri
-	}
-	return ""
-}
-
-func (x *Challenge) GetToken() string {
-	if x != nil {
-		return x.Token
-	}
-	return ""
-}
-
-func (x *Challenge) GetKeyAuthorization() string {
-	if x != nil {
-		return x.KeyAuthorization
-	}
-	return ""
-}
-
-func (x *Challenge) GetValidationrecords() []*ValidationRecord {
-	if x != nil {
-		return x.Validationrecords
-	}
-	return nil
-}
-
-func (x *Challenge) GetError() *ProblemDetails {
-	if x != nil {
-		return x.Error
-	}
-	return nil
-}
-
-func (x *Challenge) GetValidated() int64 {
-	if x != nil {
-		return x.Validated
-	}
-	return 0
-}
-
-type ValidationRecord struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Hostname          string   `protobuf:"bytes,1,opt,name=hostname,proto3" json:"hostname,omitempty"`
-	Port              string   `protobuf:"bytes,2,opt,name=port,proto3" json:"port,omitempty"`
-	AddressesResolved [][]byte `protobuf:"bytes,3,rep,name=addressesResolved,proto3" json:"addressesResolved,omitempty"` // net.IP.MarshalText()
-	AddressUsed       []byte   `protobuf:"bytes,4,opt,name=addressUsed,proto3" json:"addressUsed,omitempty"`             // net.IP.MarshalText()
-	Authorities       []string `protobuf:"bytes,5,rep,name=authorities,proto3" json:"authorities,omitempty"`
-	Url               string   `protobuf:"bytes,6,opt,name=url,proto3" json:"url,omitempty"`
-	// A list of addresses tried before the address used (see
-	// core/objects.go and the comment on the ValidationRecord structure
-	// definition for more information.
-	AddressesTried [][]byte `protobuf:"bytes,7,rep,name=addressesTried,proto3" json:"addressesTried,omitempty"` // net.IP.MarshalText()
-}
-
-func (x *ValidationRecord) Reset() {
-	*x = ValidationRecord{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_core_proto_msgTypes[1]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *ValidationRecord) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*ValidationRecord) ProtoMessage() {}
-
-func (x *ValidationRecord) ProtoReflect() protoreflect.Message {
-	mi := &file_core_proto_msgTypes[1]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use ValidationRecord.ProtoReflect.Descriptor instead.
-func (*ValidationRecord) Descriptor() ([]byte, []int) {
-	return file_core_proto_rawDescGZIP(), []int{1}
-}
-
-func (x *ValidationRecord) GetHostname() string {
-	if x != nil {
-		return x.Hostname
-	}
-	return ""
-}
-
-func (x *ValidationRecord) GetPort() string {
-	if x != nil {
-		return x.Port
-	}
-	return ""
-}
-
-func (x *ValidationRecord) GetAddressesResolved() [][]byte {
-	if x != nil {
-		return x.AddressesResolved
-	}
-	return nil
-}
-
-func (x *ValidationRecord) GetAddressUsed() []byte {
-	if x != nil {
-		return x.AddressUsed
-	}
-	return nil
-}
-
-func (x *ValidationRecord) GetAuthorities() []string {
-	if x != nil {
-		return x.Authorities
-	}
-	return nil
-}
-
-func (x *ValidationRecord) GetUrl() string {
-	if x != nil {
-		return x.Url
-	}
-	return ""
-}
-
-func (x *ValidationRecord) GetAddressesTried() [][]byte {
-	if x != nil {
-		return x.AddressesTried
-	}
-	return nil
-}
-
-type ProblemDetails struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	ProblemType string `protobuf:"bytes,1,opt,name=problemType,proto3" json:"problemType,omitempty"`
-	Detail      string `protobuf:"bytes,2,opt,name=detail,proto3" json:"detail,omitempty"`
-	HttpStatus  int32  `protobuf:"varint,3,opt,name=httpStatus,proto3" json:"httpStatus,omitempty"`
-}
-
-func (x *ProblemDetails) Reset() {
-	*x = ProblemDetails{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_core_proto_msgTypes[2]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *ProblemDetails) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*ProblemDetails) ProtoMessage() {}
-
-func (x *ProblemDetails) ProtoReflect() protoreflect.Message {
-	mi := &file_core_proto_msgTypes[2]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use ProblemDetails.ProtoReflect.Descriptor instead.
-func (*ProblemDetails) Descriptor() ([]byte, []int) {
-	return file_core_proto_rawDescGZIP(), []int{2}
-}
-
-func (x *ProblemDetails) GetProblemType() string {
-	if x != nil {
-		return x.ProblemType
-	}
-	return ""
-}
-
-func (x *ProblemDetails) GetDetail() string {
-	if x != nil {
-		return x.Detail
-	}
-	return ""
-}
-
-func (x *ProblemDetails) GetHttpStatus() int32 {
-	if x != nil {
-		return x.HttpStatus
-	}
-	return 0
-}
-
-type Certificate struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	RegistrationID int64  `protobuf:"varint,1,opt,name=registrationID,proto3" json:"registrationID,omitempty"`
-	Serial         string `protobuf:"bytes,2,opt,name=serial,proto3" json:"serial,omitempty"`
-	Digest         string `protobuf:"bytes,3,opt,name=digest,proto3" json:"digest,omitempty"`
-	Der            []byte `protobuf:"bytes,4,opt,name=der,proto3" json:"der,omitempty"`
-	Issued         int64  `protobuf:"varint,5,opt,name=issued,proto3" json:"issued,omitempty"`   // Unix timestamp (nanoseconds)
-	Expires        int64  `protobuf:"varint,6,opt,name=expires,proto3" json:"expires,omitempty"` // Unix timestamp (nanoseconds)
-}
-
-func (x *Certificate) Reset() {
-	*x = Certificate{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_core_proto_msgTypes[3]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *Certificate) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*Certificate) ProtoMessage() {}
-
-func (x *Certificate) ProtoReflect() protoreflect.Message {
-	mi := &file_core_proto_msgTypes[3]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use Certificate.ProtoReflect.Descriptor instead.
-func (*Certificate) Descriptor() ([]byte, []int) {
-	return file_core_proto_rawDescGZIP(), []int{3}
-}
-
-func (x *Certificate) GetRegistrationID() int64 {
-	if x != nil {
-		return x.RegistrationID
-	}
-	return 0
-}
-
-func (x *Certificate) GetSerial() string {
-	if x != nil {
-		return x.Serial
-	}
-	return ""
-}
-
-func (x *Certificate) GetDigest() string {
-	if x != nil {
-		return x.Digest
-	}
-	return ""
-}
-
-func (x *Certificate) GetDer() []byte {
-	if x != nil {
-		return x.Der
-	}
-	return nil
-}
-
-func (x *Certificate) GetIssued() int64 {
-	if x != nil {
-		return x.Issued
-	}
-	return 0
-}
-
-func (x *Certificate) GetExpires() int64 {
-	if x != nil {
-		return x.Expires
-	}
-	return 0
-}
-
-type CertificateStatus struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Serial                string `protobuf:"bytes,1,opt,name=serial,proto3" json:"serial,omitempty"`
-	Status                string `protobuf:"bytes,3,opt,name=status,proto3" json:"status,omitempty"`
-	OcspLastUpdated       int64  `protobuf:"varint,4,opt,name=ocspLastUpdated,proto3" json:"ocspLastUpdated,omitempty"`
-	RevokedDate           int64  `protobuf:"varint,5,opt,name=revokedDate,proto3" json:"revokedDate,omitempty"`
-	RevokedReason         int64  `protobuf:"varint,6,opt,name=revokedReason,proto3" json:"revokedReason,omitempty"`
-	LastExpirationNagSent int64  `protobuf:"varint,7,opt,name=lastExpirationNagSent,proto3" json:"lastExpirationNagSent,omitempty"`
-	OcspResponse          []byte `protobuf:"bytes,8,opt,name=ocspResponse,proto3" json:"ocspResponse,omitempty"`
-	NotAfter              int64  `protobuf:"varint,9,opt,name=notAfter,proto3" json:"notAfter,omitempty"`
-	IsExpired             bool   `protobuf:"varint,10,opt,name=isExpired,proto3" json:"isExpired,omitempty"`
-	IssuerID              int64  `protobuf:"varint,11,opt,name=issuerID,proto3" json:"issuerID,omitempty"`
-}
-
-func (x *CertificateStatus) Reset() {
-	*x = CertificateStatus{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_core_proto_msgTypes[4]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *CertificateStatus) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*CertificateStatus) ProtoMessage() {}
-
-func (x *CertificateStatus) ProtoReflect() protoreflect.Message {
-	mi := &file_core_proto_msgTypes[4]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use CertificateStatus.ProtoReflect.Descriptor instead.
-func (*CertificateStatus) Descriptor() ([]byte, []int) {
-	return file_core_proto_rawDescGZIP(), []int{4}
-}
-
-func (x *CertificateStatus) GetSerial() string {
-	if x != nil {
-		return x.Serial
-	}
-	return ""
-}
-
-func (x *CertificateStatus) GetStatus() string {
-	if x != nil {
-		return x.Status
-	}
-	return ""
-}
-
-func (x *CertificateStatus) GetOcspLastUpdated() int64 {
-	if x != nil {
-		return x.OcspLastUpdated
-	}
-	return 0
-}
-
-func (x *CertificateStatus) GetRevokedDate() int64 {
-	if x != nil {
-		return x.RevokedDate
-	}
-	return 0
-}
-
-func (x *CertificateStatus) GetRevokedReason() int64 {
-	if x != nil {
-		return x.RevokedReason
-	}
-	return 0
-}
-
-func (x *CertificateStatus) GetLastExpirationNagSent() int64 {
-	if x != nil {
-		return x.LastExpirationNagSent
-	}
-	return 0
-}
-
-func (x *CertificateStatus) GetOcspResponse() []byte {
-	if x != nil {
-		return x.OcspResponse
-	}
-	return nil
-}
-
-func (x *CertificateStatus) GetNotAfter() int64 {
-	if x != nil {
-		return x.NotAfter
-	}
-	return 0
-}
-
-func (x *CertificateStatus) GetIsExpired() bool {
-	if x != nil {
-		return x.IsExpired
-	}
-	return false
-}
-
-func (x *CertificateStatus) GetIssuerID() int64 {
-	if x != nil {
-		return x.IssuerID
-	}
-	return 0
-}
-
-type Registration struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Id              int64    `protobuf:"varint,1,opt,name=id,proto3" json:"id,omitempty"`
-	Key             []byte   `protobuf:"bytes,2,opt,name=key,proto3" json:"key,omitempty"`
-	Contact         []string `protobuf:"bytes,3,rep,name=contact,proto3" json:"contact,omitempty"`
-	ContactsPresent bool     `protobuf:"varint,4,opt,name=contactsPresent,proto3" json:"contactsPresent,omitempty"`
-	Agreement       string   `protobuf:"bytes,5,opt,name=agreement,proto3" json:"agreement,omitempty"`
-	InitialIP       []byte   `protobuf:"bytes,6,opt,name=initialIP,proto3" json:"initialIP,omitempty"`
-	CreatedAt       int64    `protobuf:"varint,7,opt,name=createdAt,proto3" json:"createdAt,omitempty"` // Unix timestamp (nanoseconds)
-	Status          string   `protobuf:"bytes,8,opt,name=status,proto3" json:"status,omitempty"`
-}
-
-func (x *Registration) Reset() {
-	*x = Registration{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_core_proto_msgTypes[5]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *Registration) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*Registration) ProtoMessage() {}
-
-func (x *Registration) ProtoReflect() protoreflect.Message {
-	mi := &file_core_proto_msgTypes[5]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use Registration.ProtoReflect.Descriptor instead.
-func (*Registration) Descriptor() ([]byte, []int) {
-	return file_core_proto_rawDescGZIP(), []int{5}
-}
-
-func (x *Registration) GetId() int64 {
-	if x != nil {
-		return x.Id
-	}
-	return 0
-}
-
-func (x *Registration) GetKey() []byte {
-	if x != nil {
-		return x.Key
-	}
-	return nil
-}
-
-func (x *Registration) GetContact() []string {
-	if x != nil {
-		return x.Contact
-	}
-	return nil
-}
-
-func (x *Registration) GetContactsPresent() bool {
-	if x != nil {
-		return x.ContactsPresent
-	}
-	return false
-}
-
-func (x *Registration) GetAgreement() string {
-	if x != nil {
-		return x.Agreement
-	}
-	return ""
-}
-
-func (x *Registration) GetInitialIP() []byte {
-	if x != nil {
-		return x.InitialIP
-	}
-	return nil
-}
-
-func (x *Registration) GetCreatedAt() int64 {
-	if x != nil {
-		return x.CreatedAt
-	}
-	return 0
-}
-
-func (x *Registration) GetStatus() string {
-	if x != nil {
-		return x.Status
-	}
-	return ""
-}
-
-type Authorization struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Id             string       `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
-	Identifier     string       `protobuf:"bytes,2,opt,name=identifier,proto3" json:"identifier,omitempty"`
-	RegistrationID int64        `protobuf:"varint,3,opt,name=registrationID,proto3" json:"registrationID,omitempty"`
-	Status         string       `protobuf:"bytes,4,opt,name=status,proto3" json:"status,omitempty"`
-	Expires        int64        `protobuf:"varint,5,opt,name=expires,proto3" json:"expires,omitempty"` // Unix timestamp (nanoseconds)
-	Challenges     []*Challenge `protobuf:"bytes,6,rep,name=challenges,proto3" json:"challenges,omitempty"`
-}
-
-func (x *Authorization) Reset() {
-	*x = Authorization{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_core_proto_msgTypes[6]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *Authorization) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*Authorization) ProtoMessage() {}
-
-func (x *Authorization) ProtoReflect() protoreflect.Message {
-	mi := &file_core_proto_msgTypes[6]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use Authorization.ProtoReflect.Descriptor instead.
-func (*Authorization) Descriptor() ([]byte, []int) {
-	return file_core_proto_rawDescGZIP(), []int{6}
-}
-
-func (x *Authorization) GetId() string {
-	if x != nil {
-		return x.Id
-	}
-	return ""
-}
-
-func (x *Authorization) GetIdentifier() string {
-	if x != nil {
-		return x.Identifier
-	}
-	return ""
-}
-
-func (x *Authorization) GetRegistrationID() int64 {
-	if x != nil {
-		return x.RegistrationID
-	}
-	return 0
-}
-
-func (x *Authorization) GetStatus() string {
-	if x != nil {
-		return x.Status
-	}
-	return ""
-}
-
-func (x *Authorization) GetExpires() int64 {
-	if x != nil {
-		return x.Expires
-	}
-	return 0
-}
-
-func (x *Authorization) GetChallenges() []*Challenge {
-	if x != nil {
-		return x.Challenges
-	}
-	return nil
-}
-
-type Order struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Id                int64           `protobuf:"varint,1,opt,name=id,proto3" json:"id,omitempty"`
-	RegistrationID    int64           `protobuf:"varint,2,opt,name=registrationID,proto3" json:"registrationID,omitempty"`
-	Expires           int64           `protobuf:"varint,3,opt,name=expires,proto3" json:"expires,omitempty"`
-	Error             *ProblemDetails `protobuf:"bytes,4,opt,name=error,proto3" json:"error,omitempty"`
-	CertificateSerial string          `protobuf:"bytes,5,opt,name=certificateSerial,proto3" json:"certificateSerial,omitempty"`
-	Status            string          `protobuf:"bytes,7,opt,name=status,proto3" json:"status,omitempty"`
-	Names             []string        `protobuf:"bytes,8,rep,name=names,proto3" json:"names,omitempty"`
-	BeganProcessing   bool            `protobuf:"varint,9,opt,name=beganProcessing,proto3" json:"beganProcessing,omitempty"`
-	Created           int64           `protobuf:"varint,10,opt,name=created,proto3" json:"created,omitempty"`
-	V2Authorizations  []int64         `protobuf:"varint,11,rep,packed,name=v2Authorizations,proto3" json:"v2Authorizations,omitempty"`
-}
-
-func (x *Order) Reset() {
-	*x = Order{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_core_proto_msgTypes[7]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *Order) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*Order) ProtoMessage() {}
-
-func (x *Order) ProtoReflect() protoreflect.Message {
-	mi := &file_core_proto_msgTypes[7]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use Order.ProtoReflect.Descriptor instead.
-func (*Order) Descriptor() ([]byte, []int) {
-	return file_core_proto_rawDescGZIP(), []int{7}
-}
-
-func (x *Order) GetId() int64 {
-	if x != nil {
-		return x.Id
-	}
-	return 0
-}
-
-func (x *Order) GetRegistrationID() int64 {
-	if x != nil {
-		return x.RegistrationID
-	}
-	return 0
-}
-
-func (x *Order) GetExpires() int64 {
-	if x != nil {
-		return x.Expires
-	}
-	return 0
-}
-
-func (x *Order) GetError() *ProblemDetails {
-	if x != nil {
-		return x.Error
-	}
-	return nil
-}
-
-func (x *Order) GetCertificateSerial() string {
-	if x != nil {
-		return x.CertificateSerial
-	}
-	return ""
-}
-
-func (x *Order) GetStatus() string {
-	if x != nil {
-		return x.Status
-	}
-	return ""
-}
-
-func (x *Order) GetNames() []string {
-	if x != nil {
-		return x.Names
-	}
-	return nil
-}
-
-func (x *Order) GetBeganProcessing() bool {
-	if x != nil {
-		return x.BeganProcessing
-	}
-	return false
-}
-
-func (x *Order) GetCreated() int64 {
-	if x != nil {
-		return x.Created
-	}
-	return 0
-}
-
-func (x *Order) GetV2Authorizations() []int64 {
-	if x != nil {
-		return x.V2Authorizations
-	}
-	return nil
-}
-
-type CRLEntry struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Serial    string `protobuf:"bytes,1,opt,name=serial,proto3" json:"serial,omitempty"`
-	Reason    int32  `protobuf:"varint,2,opt,name=reason,proto3" json:"reason,omitempty"`
-	RevokedAt int64  `protobuf:"varint,3,opt,name=revokedAt,proto3" json:"revokedAt,omitempty"` // Unix timestamp (nanoseconds)
-}
-
-func (x *CRLEntry) Reset() {
-	*x = CRLEntry{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_core_proto_msgTypes[8]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *CRLEntry) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*CRLEntry) ProtoMessage() {}
-
-func (x *CRLEntry) ProtoReflect() protoreflect.Message {
-	mi := &file_core_proto_msgTypes[8]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use CRLEntry.ProtoReflect.Descriptor instead.
-func (*CRLEntry) Descriptor() ([]byte, []int) {
-	return file_core_proto_rawDescGZIP(), []int{8}
-}
-
-func (x *CRLEntry) GetSerial() string {
-	if x != nil {
-		return x.Serial
-	}
-	return ""
-}
-
-func (x *CRLEntry) GetReason() int32 {
-	if x != nil {
-		return x.Reason
-	}
-	return 0
-}
-
-func (x *CRLEntry) GetRevokedAt() int64 {
-	if x != nil {
-		return x.RevokedAt
-	}
-	return 0
-}
-
-var File_core_proto protoreflect.FileDescriptor
-
-var file_core_proto_rawDesc = []byte{
-	0x0a, 0x0a, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x04, 0x63, 0x6f,
-	0x72, 0x65, 0x22, 0xab, 0x02, 0x0a, 0x09, 0x43, 0x68, 0x61, 0x6c, 0x6c, 0x65, 0x6e, 0x67, 0x65,
-	0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x02, 0x69, 0x64,
-	0x12, 0x12, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04,
-	0x74, 0x79, 0x70, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x06,
-	0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x10, 0x0a, 0x03,
-	0x75, 0x72, 0x69, 0x18, 0x09, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x75, 0x72, 0x69, 0x12, 0x14,
-	0x0a, 0x05, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x74,
-	0x6f, 0x6b, 0x65, 0x6e, 0x12, 0x2a, 0x0a, 0x10, 0x6b, 0x65, 0x79, 0x41, 0x75, 0x74, 0x68, 0x6f,
-	0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x10,
-	0x6b, 0x65, 0x79, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e,
-	0x12, 0x44, 0x0a, 0x11, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x72, 0x65,
-	0x63, 0x6f, 0x72, 0x64, 0x73, 0x18, 0x0a, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x63, 0x6f,
-	0x72, 0x65, 0x2e, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x63,
-	0x6f, 0x72, 0x64, 0x52, 0x11, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x72,
-	0x65, 0x63, 0x6f, 0x72, 0x64, 0x73, 0x12, 0x2a, 0x0a, 0x05, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x18,
-	0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x50, 0x72, 0x6f,
-	0x62, 0x6c, 0x65, 0x6d, 0x44, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x52, 0x05, 0x65, 0x72, 0x72,
-	0x6f, 0x72, 0x12, 0x1c, 0x0a, 0x09, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x65, 0x64, 0x18,
-	0x0b, 0x20, 0x01, 0x28, 0x03, 0x52, 0x09, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x65, 0x64,
-	0x22, 0xee, 0x01, 0x0a, 0x10, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52,
-	0x65, 0x63, 0x6f, 0x72, 0x64, 0x12, 0x1a, 0x0a, 0x08, 0x68, 0x6f, 0x73, 0x74, 0x6e, 0x61, 0x6d,
-	0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x68, 0x6f, 0x73, 0x74, 0x6e, 0x61, 0x6d,
-	0x65, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52,
-	0x04, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x2c, 0x0a, 0x11, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73,
-	0x65, 0x73, 0x52, 0x65, 0x73, 0x6f, 0x6c, 0x76, 0x65, 0x64, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0c,
-	0x52, 0x11, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x65, 0x73, 0x52, 0x65, 0x73, 0x6f, 0x6c,
-	0x76, 0x65, 0x64, 0x12, 0x20, 0x0a, 0x0b, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x55, 0x73,
-	0x65, 0x64, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x0b, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73,
-	0x73, 0x55, 0x73, 0x65, 0x64, 0x12, 0x20, 0x0a, 0x0b, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69,
-	0x74, 0x69, 0x65, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0b, 0x61, 0x75, 0x74, 0x68,
-	0x6f, 0x72, 0x69, 0x74, 0x69, 0x65, 0x73, 0x12, 0x10, 0x0a, 0x03, 0x75, 0x72, 0x6c, 0x18, 0x06,
-	0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x75, 0x72, 0x6c, 0x12, 0x26, 0x0a, 0x0e, 0x61, 0x64, 0x64,
-	0x72, 0x65, 0x73, 0x73, 0x65, 0x73, 0x54, 0x72, 0x69, 0x65, 0x64, 0x18, 0x07, 0x20, 0x03, 0x28,
-	0x0c, 0x52, 0x0e, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x65, 0x73, 0x54, 0x72, 0x69, 0x65,
-	0x64, 0x22, 0x6a, 0x0a, 0x0e, 0x50, 0x72, 0x6f, 0x62, 0x6c, 0x65, 0x6d, 0x44, 0x65, 0x74, 0x61,
-	0x69, 0x6c, 0x73, 0x12, 0x20, 0x0a, 0x0b, 0x70, 0x72, 0x6f, 0x62, 0x6c, 0x65, 0x6d, 0x54, 0x79,
-	0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x70, 0x72, 0x6f, 0x62, 0x6c, 0x65,
-	0x6d, 0x54, 0x79, 0x70, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x64, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x18,
-	0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x64, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x12, 0x1e, 0x0a,
-	0x0a, 0x68, 0x74, 0x74, 0x70, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28,
-	0x05, 0x52, 0x0a, 0x68, 0x74, 0x74, 0x70, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x22, 0xa9, 0x01,
-	0x0a, 0x0b, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x26, 0x0a,
-	0x0e, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x18,
-	0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0e, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74,
-	0x69, 0x6f, 0x6e, 0x49, 0x44, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x18,
-	0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x12, 0x16, 0x0a,
-	0x06, 0x64, 0x69, 0x67, 0x65, 0x73, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x64,
-	0x69, 0x67, 0x65, 0x73, 0x74, 0x12, 0x10, 0x0a, 0x03, 0x64, 0x65, 0x72, 0x18, 0x04, 0x20, 0x01,
-	0x28, 0x0c, 0x52, 0x03, 0x64, 0x65, 0x72, 0x12, 0x16, 0x0a, 0x06, 0x69, 0x73, 0x73, 0x75, 0x65,
-	0x64, 0x18, 0x05, 0x20, 0x01, 0x28, 0x03, 0x52, 0x06, 0x69, 0x73, 0x73, 0x75, 0x65, 0x64, 0x12,
-	0x18, 0x0a, 0x07, 0x65, 0x78, 0x70, 0x69, 0x72, 0x65, 0x73, 0x18, 0x06, 0x20, 0x01, 0x28, 0x03,
-	0x52, 0x07, 0x65, 0x78, 0x70, 0x69, 0x72, 0x65, 0x73, 0x22, 0xeb, 0x02, 0x0a, 0x11, 0x43, 0x65,
-	0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12,
-	0x16, 0x0a, 0x06, 0x73, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52,
-	0x06, 0x73, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75,
-	0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12,
-	0x28, 0x0a, 0x0f, 0x6f, 0x63, 0x73, 0x70, 0x4c, 0x61, 0x73, 0x74, 0x55, 0x70, 0x64, 0x61, 0x74,
-	0x65, 0x64, 0x18, 0x04, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0f, 0x6f, 0x63, 0x73, 0x70, 0x4c, 0x61,
-	0x73, 0x74, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x64, 0x12, 0x20, 0x0a, 0x0b, 0x72, 0x65, 0x76,
-	0x6f, 0x6b, 0x65, 0x64, 0x44, 0x61, 0x74, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0b,
-	0x72, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x64, 0x44, 0x61, 0x74, 0x65, 0x12, 0x24, 0x0a, 0x0d, 0x72,
-	0x65, 0x76, 0x6f, 0x6b, 0x65, 0x64, 0x52, 0x65, 0x61, 0x73, 0x6f, 0x6e, 0x18, 0x06, 0x20, 0x01,
-	0x28, 0x03, 0x52, 0x0d, 0x72, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x64, 0x52, 0x65, 0x61, 0x73, 0x6f,
-	0x6e, 0x12, 0x34, 0x0a, 0x15, 0x6c, 0x61, 0x73, 0x74, 0x45, 0x78, 0x70, 0x69, 0x72, 0x61, 0x74,
-	0x69, 0x6f, 0x6e, 0x4e, 0x61, 0x67, 0x53, 0x65, 0x6e, 0x74, 0x18, 0x07, 0x20, 0x01, 0x28, 0x03,
-	0x52, 0x15, 0x6c, 0x61, 0x73, 0x74, 0x45, 0x78, 0x70, 0x69, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e,
-	0x4e, 0x61, 0x67, 0x53, 0x65, 0x6e, 0x74, 0x12, 0x22, 0x0a, 0x0c, 0x6f, 0x63, 0x73, 0x70, 0x52,
-	0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x0c, 0x6f,
-	0x63, 0x73, 0x70, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x6e,
-	0x6f, 0x74, 0x41, 0x66, 0x74, 0x65, 0x72, 0x18, 0x09, 0x20, 0x01, 0x28, 0x03, 0x52, 0x08, 0x6e,
-	0x6f, 0x74, 0x41, 0x66, 0x74, 0x65, 0x72, 0x12, 0x1c, 0x0a, 0x09, 0x69, 0x73, 0x45, 0x78, 0x70,
-	0x69, 0x72, 0x65, 0x64, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x08, 0x52, 0x09, 0x69, 0x73, 0x45, 0x78,
-	0x70, 0x69, 0x72, 0x65, 0x64, 0x12, 0x1a, 0x0a, 0x08, 0x69, 0x73, 0x73, 0x75, 0x65, 0x72, 0x49,
-	0x44, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x03, 0x52, 0x08, 0x69, 0x73, 0x73, 0x75, 0x65, 0x72, 0x49,
-	0x44, 0x4a, 0x04, 0x08, 0x02, 0x10, 0x03, 0x22, 0xe6, 0x01, 0x0a, 0x0c, 0x52, 0x65, 0x67, 0x69,
-	0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01,
-	0x20, 0x01, 0x28, 0x03, 0x52, 0x02, 0x69, 0x64, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18,
-	0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x18, 0x0a, 0x07, 0x63, 0x6f,
-	0x6e, 0x74, 0x61, 0x63, 0x74, 0x18, 0x03, 0x20, 0x03, 0x28, 0x09, 0x52, 0x07, 0x63, 0x6f, 0x6e,
-	0x74, 0x61, 0x63, 0x74, 0x12, 0x28, 0x0a, 0x0f, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x63, 0x74, 0x73,
-	0x50, 0x72, 0x65, 0x73, 0x65, 0x6e, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0f, 0x63,
-	0x6f, 0x6e, 0x74, 0x61, 0x63, 0x74, 0x73, 0x50, 0x72, 0x65, 0x73, 0x65, 0x6e, 0x74, 0x12, 0x1c,
-	0x0a, 0x09, 0x61, 0x67, 0x72, 0x65, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x18, 0x05, 0x20, 0x01, 0x28,
-	0x09, 0x52, 0x09, 0x61, 0x67, 0x72, 0x65, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x12, 0x1c, 0x0a, 0x09,
-	0x69, 0x6e, 0x69, 0x74, 0x69, 0x61, 0x6c, 0x49, 0x50, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0c, 0x52,
-	0x09, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x61, 0x6c, 0x49, 0x50, 0x12, 0x1c, 0x0a, 0x09, 0x63, 0x72,
-	0x65, 0x61, 0x74, 0x65, 0x64, 0x41, 0x74, 0x18, 0x07, 0x20, 0x01, 0x28, 0x03, 0x52, 0x09, 0x63,
-	0x72, 0x65, 0x61, 0x74, 0x65, 0x64, 0x41, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x74, 0x61, 0x74,
-	0x75, 0x73, 0x18, 0x08, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73,
-	0x22, 0xd6, 0x01, 0x0a, 0x0d, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69,
-	0x6f, 0x6e, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02,
-	0x69, 0x64, 0x12, 0x1e, 0x0a, 0x0a, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72,
-	0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x66, 0x69,
-	0x65, 0x72, 0x12, 0x26, 0x0a, 0x0e, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69,
-	0x6f, 0x6e, 0x49, 0x44, 0x18, 0x03, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0e, 0x72, 0x65, 0x67, 0x69,
-	0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x74,
-	0x61, 0x74, 0x75, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x74, 0x61, 0x74,
-	0x75, 0x73, 0x12, 0x18, 0x0a, 0x07, 0x65, 0x78, 0x70, 0x69, 0x72, 0x65, 0x73, 0x18, 0x05, 0x20,
-	0x01, 0x28, 0x03, 0x52, 0x07, 0x65, 0x78, 0x70, 0x69, 0x72, 0x65, 0x73, 0x12, 0x2f, 0x0a, 0x0a,
-	0x63, 0x68, 0x61, 0x6c, 0x6c, 0x65, 0x6e, 0x67, 0x65, 0x73, 0x18, 0x06, 0x20, 0x03, 0x28, 0x0b,
-	0x32, 0x0f, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x43, 0x68, 0x61, 0x6c, 0x6c, 0x65, 0x6e, 0x67,
-	0x65, 0x52, 0x0a, 0x63, 0x68, 0x61, 0x6c, 0x6c, 0x65, 0x6e, 0x67, 0x65, 0x73, 0x4a, 0x04, 0x08,
-	0x07, 0x10, 0x08, 0x4a, 0x04, 0x08, 0x08, 0x10, 0x09, 0x22, 0xd7, 0x02, 0x0a, 0x05, 0x4f, 0x72,
-	0x64, 0x65, 0x72, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52,
-	0x02, 0x69, 0x64, 0x12, 0x26, 0x0a, 0x0e, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74,
-	0x69, 0x6f, 0x6e, 0x49, 0x44, 0x18, 0x02, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0e, 0x72, 0x65, 0x67,
-	0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x12, 0x18, 0x0a, 0x07, 0x65,
-	0x78, 0x70, 0x69, 0x72, 0x65, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x03, 0x52, 0x07, 0x65, 0x78,
-	0x70, 0x69, 0x72, 0x65, 0x73, 0x12, 0x2a, 0x0a, 0x05, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x18, 0x04,
-	0x20, 0x01, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x50, 0x72, 0x6f, 0x62,
-	0x6c, 0x65, 0x6d, 0x44, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x52, 0x05, 0x65, 0x72, 0x72, 0x6f,
-	0x72, 0x12, 0x2c, 0x0a, 0x11, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65,
-	0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x11, 0x63, 0x65,
-	0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x12,
-	0x16, 0x0a, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52,
-	0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x14, 0x0a, 0x05, 0x6e, 0x61, 0x6d, 0x65, 0x73,
-	0x18, 0x08, 0x20, 0x03, 0x28, 0x09, 0x52, 0x05, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x12, 0x28, 0x0a,
-	0x0f, 0x62, 0x65, 0x67, 0x61, 0x6e, 0x50, 0x72, 0x6f, 0x63, 0x65, 0x73, 0x73, 0x69, 0x6e, 0x67,
-	0x18, 0x09, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0f, 0x62, 0x65, 0x67, 0x61, 0x6e, 0x50, 0x72, 0x6f,
-	0x63, 0x65, 0x73, 0x73, 0x69, 0x6e, 0x67, 0x12, 0x18, 0x0a, 0x07, 0x63, 0x72, 0x65, 0x61, 0x74,
-	0x65, 0x64, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x03, 0x52, 0x07, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65,
-	0x64, 0x12, 0x2a, 0x0a, 0x10, 0x76, 0x32, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61,
-	0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x0b, 0x20, 0x03, 0x28, 0x03, 0x52, 0x10, 0x76, 0x32, 0x41,
-	0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x4a, 0x04, 0x08,
-	0x06, 0x10, 0x07, 0x22, 0x58, 0x0a, 0x08, 0x43, 0x52, 0x4c, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12,
-	0x16, 0x0a, 0x06, 0x73, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52,
-	0x06, 0x73, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x12, 0x16, 0x0a, 0x06, 0x72, 0x65, 0x61, 0x73, 0x6f,
-	0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x06, 0x72, 0x65, 0x61, 0x73, 0x6f, 0x6e, 0x12,
-	0x1c, 0x0a, 0x09, 0x72, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x64, 0x41, 0x74, 0x18, 0x03, 0x20, 0x01,
-	0x28, 0x03, 0x52, 0x09, 0x72, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x64, 0x41, 0x74, 0x42, 0x2b, 0x5a,
-	0x29, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6c, 0x65, 0x74, 0x73,
-	0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x2f, 0x62, 0x6f, 0x75, 0x6c, 0x64, 0x65, 0x72, 0x2f,
-	0x63, 0x6f, 0x72, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74,
-	0x6f, 0x33,
-}
-
-var (
-	file_core_proto_rawDescOnce sync.Once
-	file_core_proto_rawDescData = file_core_proto_rawDesc
-)
-
-func file_core_proto_rawDescGZIP() []byte {
-	file_core_proto_rawDescOnce.Do(func() {
-		file_core_proto_rawDescData = protoimpl.X.CompressGZIP(file_core_proto_rawDescData)
-	})
-	return file_core_proto_rawDescData
-}
-
-var file_core_proto_msgTypes = make([]protoimpl.MessageInfo, 9)
-var file_core_proto_goTypes = []interface{}{
-	(*Challenge)(nil),         // 0: core.Challenge
-	(*ValidationRecord)(nil),  // 1: core.ValidationRecord
-	(*ProblemDetails)(nil),    // 2: core.ProblemDetails
-	(*Certificate)(nil),       // 3: core.Certificate
-	(*CertificateStatus)(nil), // 4: core.CertificateStatus
-	(*Registration)(nil),      // 5: core.Registration
-	(*Authorization)(nil),     // 6: core.Authorization
-	(*Order)(nil),             // 7: core.Order
-	(*CRLEntry)(nil),          // 8: core.CRLEntry
-}
-var file_core_proto_depIdxs = []int32{
-	1, // 0: core.Challenge.validationrecords:type_name -> core.ValidationRecord
-	2, // 1: core.Challenge.error:type_name -> core.ProblemDetails
-	0, // 2: core.Authorization.challenges:type_name -> core.Challenge
-	2, // 3: core.Order.error:type_name -> core.ProblemDetails
-	4, // [4:4] is the sub-list for method output_type
-	4, // [4:4] is the sub-list for method input_type
-	4, // [4:4] is the sub-list for extension type_name
-	4, // [4:4] is the sub-list for extension extendee
-	0, // [0:4] is the sub-list for field type_name
-}
-
-func init() { file_core_proto_init() }
-func file_core_proto_init() {
-	if File_core_proto != nil {
-		return
-	}
-	if !protoimpl.UnsafeEnabled {
-		file_core_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*Challenge); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_core_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*ValidationRecord); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_core_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*ProblemDetails); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_core_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*Certificate); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_core_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*CertificateStatus); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_core_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*Registration); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_core_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*Authorization); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_core_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*Order); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_core_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*CRLEntry); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-	}
-	type x struct{}
-	out := protoimpl.TypeBuilder{
-		File: protoimpl.DescBuilder{
-			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
-			RawDescriptor: file_core_proto_rawDesc,
-			NumEnums:      0,
-			NumMessages:   9,
-			NumExtensions: 0,
-			NumServices:   0,
-		},
-		GoTypes:           file_core_proto_goTypes,
-		DependencyIndexes: file_core_proto_depIdxs,
-		MessageInfos:      file_core_proto_msgTypes,
-	}.Build()
-	File_core_proto = out.File
-	file_core_proto_rawDesc = nil
-	file_core_proto_goTypes = nil
-	file_core_proto_depIdxs = nil
-}
diff --git a/vendor/github.com/letsencrypt/boulder/core/proto/core.proto b/vendor/github.com/letsencrypt/boulder/core/proto/core.proto
deleted file mode 100644
index 946bb16c8..000000000
--- a/vendor/github.com/letsencrypt/boulder/core/proto/core.proto
+++ /dev/null
@@ -1,101 +0,0 @@
-syntax = "proto3";
-
-package core;
-option go_package = "github.com/letsencrypt/boulder/core/proto";
-
-message Challenge {
-  int64 id = 1;
-  string type = 2;
-  string status = 6;
-  string uri = 9;
-  string token = 3;
-  string keyAuthorization = 5;
-  repeated ValidationRecord validationrecords = 10;
-  ProblemDetails error = 7;
-  int64 validated = 11;
-}
-
-message ValidationRecord {
-  string hostname = 1;
-  string port = 2;
-  repeated bytes addressesResolved = 3; // net.IP.MarshalText()
-  bytes addressUsed = 4; // net.IP.MarshalText()
-
-  repeated string authorities = 5;
-  string url = 6;
-  // A list of addresses tried before the address used (see
-  // core/objects.go and the comment on the ValidationRecord structure
-  // definition for more information.
-  repeated bytes addressesTried = 7; // net.IP.MarshalText()
-}
-
-message ProblemDetails {
-  string problemType = 1;
-  string detail = 2;
-  int32 httpStatus = 3;
-}
-
-message Certificate {
-  int64 registrationID = 1;
-  string serial = 2;
-  string digest = 3;
-  bytes der = 4;
-  int64 issued = 5;  // Unix timestamp (nanoseconds)
-  int64 expires = 6; // Unix timestamp (nanoseconds)
-}
-
-message CertificateStatus {
-  string serial = 1;
-  reserved 2; // previously subscriberApproved
-  string status = 3;
-  int64 ocspLastUpdated = 4;
-  int64 revokedDate = 5;
-  int64 revokedReason = 6;
-  int64 lastExpirationNagSent = 7;
-  bytes ocspResponse = 8;
-  int64 notAfter = 9;
-  bool isExpired = 10;
-  int64 issuerID = 11;
-}
-
-message Registration {
-  int64 id = 1;
-  bytes key = 2;
-  repeated string contact = 3;
-  bool contactsPresent = 4;
-  string agreement = 5;
-  bytes initialIP = 6;
-  int64 createdAt = 7; // Unix timestamp (nanoseconds)
-  string status = 8;
-}
-
-message Authorization {
-  string id = 1;
-  string identifier = 2;
-  int64 registrationID = 3;
-  string status = 4;
-  int64 expires = 5; // Unix timestamp (nanoseconds)
-  repeated core.Challenge challenges = 6;
-  reserved 7; // previously combinations
-  reserved 8; // previously v2
-}
-
-message Order {
-  int64 id = 1;
-  int64 registrationID = 2;
-  int64 expires = 3;
-  ProblemDetails error = 4;
-  string certificateSerial = 5;
-  reserved 6; // previously authorizations, deprecated in favor of v2Authorizations
-  string status = 7;
-  repeated string names = 8;
-  bool beganProcessing = 9;
-  int64 created = 10;
-  repeated int64 v2Authorizations = 11;
-}
-
-message CRLEntry {
-  string serial = 1;
-  int32 reason = 2;
-  int64 revokedAt = 3; // Unix timestamp (nanoseconds)
-}
diff --git a/vendor/github.com/letsencrypt/boulder/core/util.go b/vendor/github.com/letsencrypt/boulder/core/util.go
index b9ac7047a..d7fe02668 100644
--- a/vendor/github.com/letsencrypt/boulder/core/util.go
+++ b/vendor/github.com/letsencrypt/boulder/core/util.go
@@ -1,9 +1,10 @@
 package core
 
 import (
-	"bytes"
 	"crypto"
+	"crypto/ecdsa"
 	"crypto/rand"
+	"crypto/rsa"
 	"crypto/sha256"
 	"crypto/x509"
 	"encoding/base64"
@@ -16,6 +17,7 @@ import (
 	"math/big"
 	mrand "math/rand"
 	"os"
+	"path"
 	"reflect"
 	"regexp"
 	"sort"
@@ -23,7 +25,7 @@ import (
 	"time"
 	"unicode"
 
-	jose "gopkg.in/square/go-jose.v2"
+	"gopkg.in/go-jose/go-jose.v2"
 )
 
 const Unspecified = "Unspecified"
@@ -96,7 +98,7 @@ func KeyDigest(key crypto.PublicKey) (Sha256Digest, error) {
 	switch t := key.(type) {
 	case *jose.JSONWebKey:
 		if t == nil {
-			return Sha256Digest{}, fmt.Errorf("Cannot compute digest of nil key")
+			return Sha256Digest{}, errors.New("cannot compute digest of nil key")
 		}
 		return KeyDigest(t.Key)
 	case jose.JSONWebKey:
@@ -132,21 +134,16 @@ func KeyDigestEquals(j, k crypto.PublicKey) bool {
 	return digestJ == digestK
 }
 
-// PublicKeysEqual determines whether two public keys have the same marshalled
-// bytes as one another
-func PublicKeysEqual(a, b interface{}) (bool, error) {
-	if a == nil || b == nil {
-		return false, errors.New("One or more nil arguments to PublicKeysEqual")
-	}
-	aBytes, err := x509.MarshalPKIXPublicKey(a)
-	if err != nil {
-		return false, err
-	}
-	bBytes, err := x509.MarshalPKIXPublicKey(b)
-	if err != nil {
-		return false, err
+// PublicKeysEqual determines whether two public keys are identical.
+func PublicKeysEqual(a, b crypto.PublicKey) (bool, error) {
+	switch ak := a.(type) {
+	case *rsa.PublicKey:
+		return ak.Equal(b), nil
+	case *ecdsa.PublicKey:
+		return ak.Equal(b), nil
+	default:
+		return false, fmt.Errorf("unsupported public key type %T", ak)
 	}
-	return bytes.Equal(aBytes, bBytes), nil
 }
 
 // SerialToString converts a certificate serial number (big.Int) to a String
@@ -160,7 +157,7 @@ func SerialToString(serial *big.Int) string {
 func StringToSerial(serial string) (*big.Int, error) {
 	var serialNum big.Int
 	if !ValidSerial(serial) {
-		return &serialNum, errors.New("Invalid serial number")
+		return &serialNum, fmt.Errorf("invalid serial number %q", serial)
 	}
 	_, err := fmt.Sscanf(serial, "%036x", &serialNum)
 	return &serialNum, err
@@ -245,6 +242,14 @@ func UniqueLowerNames(names []string) (unique []string) {
 	return
 }
 
+// HashNames returns a hash of the names requested. This is intended for use
+// when interacting with the orderFqdnSets table and rate limiting.
+func HashNames(names []string) []byte {
+	names = UniqueLowerNames(names)
+	hash := sha256.Sum256([]byte(strings.Join(names, ",")))
+	return hash[:]
+}
+
 // LoadCert loads a PEM certificate specified by filename or returns an error
 func LoadCert(filename string) (*x509.Certificate, error) {
 	certPEM, err := os.ReadFile(filename)
@@ -253,7 +258,7 @@ func LoadCert(filename string) (*x509.Certificate, error) {
 	}
 	block, _ := pem.Decode(certPEM)
 	if block == nil {
-		return nil, fmt.Errorf("No data in cert PEM file %s", filename)
+		return nil, fmt.Errorf("no data in cert PEM file %q", filename)
 	}
 	cert, err := x509.ParseCertificate(block.Bytes)
 	if err != nil {
@@ -298,3 +303,7 @@ func IsASCII(str string) bool {
 	}
 	return true
 }
+
+func Command() string {
+	return path.Base(os.Args[0])
+}
diff --git a/vendor/github.com/letsencrypt/boulder/errors/errors.go b/vendor/github.com/letsencrypt/boulder/errors/errors.go
deleted file mode 100644
index 50be1087a..000000000
--- a/vendor/github.com/letsencrypt/boulder/errors/errors.go
+++ /dev/null
@@ -1,194 +0,0 @@
-// Package errors provides internal-facing error types for use in Boulder. Many
-// of these are transformed directly into Problem Details documents by the WFE.
-// Some, like NotFound, may be handled internally. We avoid using Problem
-// Details documents as part of our internal error system to avoid layering
-// confusions.
-//
-// These errors are specifically for use in errors that cross RPC boundaries.
-// An error type that does not need to be passed through an RPC can use a plain
-// Go type locally. Our gRPC code is aware of these error types and will
-// serialize and deserialize them automatically.
-package errors
-
-import (
-	"fmt"
-	"time"
-
-	"github.com/letsencrypt/boulder/identifier"
-)
-
-// ErrorType provides a coarse category for BoulderErrors.
-// Objects of type ErrorType should never be directly returned by other
-// functions; instead use the methods below to create an appropriate
-// BoulderError wrapping one of these types.
-type ErrorType int
-
-// These numeric constants are used when sending berrors through gRPC.
-const (
-	// InternalServer is deprecated. Instead, pass a plain Go error. That will get
-	// turned into a probs.InternalServerError by the WFE.
-	InternalServer ErrorType = iota
-	_
-	Malformed
-	Unauthorized
-	NotFound
-	RateLimit
-	RejectedIdentifier
-	InvalidEmail
-	ConnectionFailure
-	_ // Reserved, previously WrongAuthorizationState
-	CAA
-	MissingSCTs
-	Duplicate
-	OrderNotReady
-	DNS
-	BadPublicKey
-	BadCSR
-	AlreadyRevoked
-	BadRevocationReason
-)
-
-func (ErrorType) Error() string {
-	return "urn:ietf:params:acme:error"
-}
-
-// BoulderError represents internal Boulder errors
-type BoulderError struct {
-	Type      ErrorType
-	Detail    string
-	SubErrors []SubBoulderError
-
-	// RetryAfter the duration a client should wait before retrying the request
-	// which resulted in this error.
-	RetryAfter time.Duration
-}
-
-// SubBoulderError represents sub-errors specific to an identifier that are
-// related to a top-level internal Boulder error.
-type SubBoulderError struct {
-	*BoulderError
-	Identifier identifier.ACMEIdentifier
-}
-
-func (be *BoulderError) Error() string {
-	return be.Detail
-}
-
-func (be *BoulderError) Unwrap() error {
-	return be.Type
-}
-
-// WithSubErrors returns a new BoulderError instance created by adding the
-// provided subErrs to the existing BoulderError.
-func (be *BoulderError) WithSubErrors(subErrs []SubBoulderError) *BoulderError {
-	return &BoulderError{
-		Type:       be.Type,
-		Detail:     be.Detail,
-		SubErrors:  append(be.SubErrors, subErrs...),
-		RetryAfter: be.RetryAfter,
-	}
-}
-
-// New is a convenience function for creating a new BoulderError
-func New(errType ErrorType, msg string, args ...interface{}) error {
-	return &BoulderError{
-		Type:   errType,
-		Detail: fmt.Sprintf(msg, args...),
-	}
-}
-
-func InternalServerError(msg string, args ...interface{}) error {
-	return New(InternalServer, msg, args...)
-}
-
-func MalformedError(msg string, args ...interface{}) error {
-	return New(Malformed, msg, args...)
-}
-
-func UnauthorizedError(msg string, args ...interface{}) error {
-	return New(Unauthorized, msg, args...)
-}
-
-func NotFoundError(msg string, args ...interface{}) error {
-	return New(NotFound, msg, args...)
-}
-
-func RateLimitError(retryAfter time.Duration, msg string, args ...interface{}) error {
-	return &BoulderError{
-		Type:       RateLimit,
-		Detail:     fmt.Sprintf(msg+": see https://letsencrypt.org/docs/rate-limits/", args...),
-		RetryAfter: retryAfter,
-	}
-}
-
-func DuplicateCertificateError(retryAfter time.Duration, msg string, args ...interface{}) error {
-	return &BoulderError{
-		Type:       RateLimit,
-		Detail:     fmt.Sprintf(msg+": see https://letsencrypt.org/docs/duplicate-certificate-limit/", args...),
-		RetryAfter: retryAfter,
-	}
-}
-
-func FailedValidationError(retryAfter time.Duration, msg string, args ...interface{}) error {
-	return &BoulderError{
-		Type:       RateLimit,
-		Detail:     fmt.Sprintf(msg+": see https://letsencrypt.org/docs/failed-validation-limit/", args...),
-		RetryAfter: retryAfter,
-	}
-}
-
-func RegistrationsPerIPError(retryAfter time.Duration, msg string, args ...interface{}) error {
-	return &BoulderError{
-		Type:       RateLimit,
-		Detail:     fmt.Sprintf(msg+": see https://letsencrypt.org/docs/too-many-registrations-for-this-ip/", args...),
-		RetryAfter: retryAfter,
-	}
-}
-
-func RejectedIdentifierError(msg string, args ...interface{}) error {
-	return New(RejectedIdentifier, msg, args...)
-}
-
-func InvalidEmailError(msg string, args ...interface{}) error {
-	return New(InvalidEmail, msg, args...)
-}
-
-func ConnectionFailureError(msg string, args ...interface{}) error {
-	return New(ConnectionFailure, msg, args...)
-}
-
-func CAAError(msg string, args ...interface{}) error {
-	return New(CAA, msg, args...)
-}
-
-func MissingSCTsError(msg string, args ...interface{}) error {
-	return New(MissingSCTs, msg, args...)
-}
-
-func DuplicateError(msg string, args ...interface{}) error {
-	return New(Duplicate, msg, args...)
-}
-
-func OrderNotReadyError(msg string, args ...interface{}) error {
-	return New(OrderNotReady, msg, args...)
-}
-
-func DNSError(msg string, args ...interface{}) error {
-	return New(DNS, msg, args...)
-}
-
-func BadPublicKeyError(msg string, args ...interface{}) error {
-	return New(BadPublicKey, msg, args...)
-}
-
-func BadCSRError(msg string, args ...interface{}) error {
-	return New(BadCSR, msg, args...)
-}
-
-func AlreadyRevokedError(msg string, args ...interface{}) error {
-	return New(AlreadyRevoked, msg, args...)
-}
-
-func BadRevocationReasonError(reason int64) error {
-	return New(BadRevocationReason, "disallowed revocation reason: %d", reason)
-}
diff --git a/vendor/github.com/letsencrypt/boulder/features/featureflag_string.go b/vendor/github.com/letsencrypt/boulder/features/featureflag_string.go
deleted file mode 100644
index 7eadc1f9b..000000000
--- a/vendor/github.com/letsencrypt/boulder/features/featureflag_string.go
+++ /dev/null
@@ -1,56 +0,0 @@
-// Code generated by "stringer -type=FeatureFlag"; DO NOT EDIT.
-
-package features
-
-import "strconv"
-
-func _() {
-	// An "invalid array index" compiler error signifies that the constant values have changed.
-	// Re-run the stringer command to generate them again.
-	var x [1]struct{}
-	_ = x[unused-0]
-	_ = x[PrecertificateRevocation-1]
-	_ = x[StripDefaultSchemePort-2]
-	_ = x[NonCFSSLSigner-3]
-	_ = x[StoreIssuerInfo-4]
-	_ = x[StreamlineOrderAndAuthzs-5]
-	_ = x[V1DisableNewValidations-6]
-	_ = x[ExpirationMailerDontLookTwice-7]
-	_ = x[OldTLSInbound-8]
-	_ = x[OldTLSOutbound-9]
-	_ = x[ROCSPStage1-10]
-	_ = x[ROCSPStage2-11]
-	_ = x[ROCSPStage3-12]
-	_ = x[CAAValidationMethods-13]
-	_ = x[CAAAccountURI-14]
-	_ = x[EnforceMultiVA-15]
-	_ = x[MultiVAFullResults-16]
-	_ = x[MandatoryPOSTAsGET-17]
-	_ = x[AllowV1Registration-18]
-	_ = x[StoreRevokerInfo-19]
-	_ = x[RestrictRSAKeySizes-20]
-	_ = x[FasterNewOrdersRateLimit-21]
-	_ = x[ECDSAForAll-22]
-	_ = x[ServeRenewalInfo-23]
-	_ = x[GetAuthzReadOnly-24]
-	_ = x[GetAuthzUseIndex-25]
-	_ = x[CheckFailedAuthorizationsFirst-26]
-	_ = x[AllowReRevocation-27]
-	_ = x[MozRevocationReasons-28]
-	_ = x[SHA1CSRs-29]
-	_ = x[AllowUnrecognizedFeatures-30]
-	_ = x[RejectDuplicateCSRExtensions-31]
-	_ = x[ROCSPStage6-32]
-	_ = x[ROCSPStage7-33]
-}
-
-const _FeatureFlag_name = "unusedPrecertificateRevocationStripDefaultSchemePortNonCFSSLSignerStoreIssuerInfoStreamlineOrderAndAuthzsV1DisableNewValidationsExpirationMailerDontLookTwiceOldTLSInboundOldTLSOutboundROCSPStage1ROCSPStage2ROCSPStage3CAAValidationMethodsCAAAccountURIEnforceMultiVAMultiVAFullResultsMandatoryPOSTAsGETAllowV1RegistrationStoreRevokerInfoRestrictRSAKeySizesFasterNewOrdersRateLimitECDSAForAllServeRenewalInfoGetAuthzReadOnlyGetAuthzUseIndexCheckFailedAuthorizationsFirstAllowReRevocationMozRevocationReasonsSHA1CSRsAllowUnrecognizedFeaturesRejectDuplicateCSRExtensionsROCSPStage6ROCSPStage7"
-
-var _FeatureFlag_index = [...]uint16{0, 6, 30, 52, 66, 81, 105, 128, 157, 170, 184, 195, 206, 217, 237, 250, 264, 282, 300, 319, 335, 354, 378, 389, 405, 421, 437, 467, 484, 504, 512, 537, 565, 576, 587}
-
-func (i FeatureFlag) String() string {
-	if i < 0 || i >= FeatureFlag(len(_FeatureFlag_index)-1) {
-		return "FeatureFlag(" + strconv.FormatInt(int64(i), 10) + ")"
-	}
-	return _FeatureFlag_name[_FeatureFlag_index[i]:_FeatureFlag_index[i+1]]
-}
diff --git a/vendor/github.com/letsencrypt/boulder/features/features.go b/vendor/github.com/letsencrypt/boulder/features/features.go
deleted file mode 100644
index 6db20d7de..000000000
--- a/vendor/github.com/letsencrypt/boulder/features/features.go
+++ /dev/null
@@ -1,203 +0,0 @@
-//go:generate stringer -type=FeatureFlag
-
-package features
-
-import (
-	"fmt"
-	"strings"
-	"sync"
-)
-
-type FeatureFlag int
-
-const (
-	unused FeatureFlag = iota // unused is used for testing
-	//   Deprecated features, these can be removed once stripped from production configs
-	PrecertificateRevocation
-	StripDefaultSchemePort
-	NonCFSSLSigner
-	StoreIssuerInfo
-	StreamlineOrderAndAuthzs
-	V1DisableNewValidations
-	ExpirationMailerDontLookTwice
-	OldTLSInbound
-	OldTLSOutbound
-	ROCSPStage1
-	ROCSPStage2
-	ROCSPStage3
-
-	//   Currently in-use features
-	// Check CAA and respect validationmethods parameter.
-	CAAValidationMethods
-	// Check CAA and respect accounturi parameter.
-	CAAAccountURI
-	// EnforceMultiVA causes the VA to block on remote VA PerformValidation
-	// requests in order to make a valid/invalid decision with the results.
-	EnforceMultiVA
-	// MultiVAFullResults will cause the main VA to wait for all of the remote VA
-	// results, not just the threshold required to make a decision.
-	MultiVAFullResults
-	// MandatoryPOSTAsGET forbids legacy unauthenticated GET requests for ACME
-	// resources.
-	MandatoryPOSTAsGET
-	// Allow creation of new registrations in ACMEv1.
-	AllowV1Registration
-	// StoreRevokerInfo enables storage of the revoker and a bool indicating if the row
-	// was checked for extant unrevoked certificates in the blockedKeys table.
-	StoreRevokerInfo
-	// RestrictRSAKeySizes enables restriction of acceptable RSA public key moduli to
-	// the common sizes (2048, 3072, and 4096 bits).
-	RestrictRSAKeySizes
-	// FasterNewOrdersRateLimit enables use of a separate table for counting the
-	// new orders rate limit.
-	FasterNewOrdersRateLimit
-	// ECDSAForAll enables all accounts, regardless of their presence in the CA's
-	// ecdsaAllowedAccounts config value, to get issuance from ECDSA issuers.
-	ECDSAForAll
-	// ServeRenewalInfo exposes the renewalInfo endpoint in the directory and for
-	// GET requests. WARNING: This feature is a draft and highly unstable.
-	ServeRenewalInfo
-	// GetAuthzReadOnly causes the SA to use its read-only database connection
-	// (which is generally pointed at a replica rather than the primary db) when
-	// querying the authz2 table.
-	GetAuthzReadOnly
-	// GetAuthzUseIndex causes the SA to use to add a USE INDEX hint when it
-	// queries the authz2 table.
-	GetAuthzUseIndex
-	// Check the failed authorization limit before doing authz reuse.
-	CheckFailedAuthorizationsFirst
-	// AllowReRevocation causes the RA to allow the revocation reason of an
-	// already-revoked certificate to be updated to `keyCompromise` from any
-	// other reason if that compromise is demonstrated by making the second
-	// revocation request signed by the certificate keypair.
-	AllowReRevocation
-	// MozRevocationReasons causes the RA to enforce the following upcoming
-	// Mozilla policies regarding revocation:
-	// - A subscriber can request that their certificate be revoked with reason
-	//   keyCompromise, even without demonstrating that compromise at the time.
-	//   However, the cert's pubkey will not be added to the blocked keys list.
-	// - When an applicant other than the original subscriber requests that a
-	//   certificate be revoked (by demonstrating control over all names in it),
-	//   the cert will be revoked with reason cessationOfOperation, regardless of
-	//   what revocation reason they request.
-	// - When anyone requests that a certificate be revoked by signing the request
-	//   with the certificate's keypair, the cert will be revoked with reason
-	//   keyCompromise, regardless of what revocation reason they request.
-	MozRevocationReasons
-	// SHA1CSRs controls whether the /acme/finalize endpoint rejects CSRs that
-	// are self-signed using SHA1.
-	SHA1CSRs
-	// AllowUnrecognizedFeatures is internal to the features package: if true,
-	// skip error when unrecognized feature flag names are passed.
-	AllowUnrecognizedFeatures
-	// RejectDuplicateCSRExtensions enables verification that submitted CSRs do
-	// not contain duplicate extensions. This behavior will be on by default in
-	// go1.19.
-	RejectDuplicateCSRExtensions
-
-	// ROCSPStage6 disables writing full OCSP Responses to MariaDB during
-	// (pre)certificate issuance and during revocation. Because Stage 4 involved
-	// disabling ocsp-updater, this means that no ocsp response bytes will be
-	// written to the database anymore.
-	ROCSPStage6
-	// ROCSPStage7 disables generating OCSP responses during issuance and
-	// revocation. This affects codepaths in both the RA (revocation) and the CA
-	// (precert "birth certificates").
-	ROCSPStage7
-)
-
-// List of features and their default value, protected by fMu
-var features = map[FeatureFlag]bool{
-	unused:                         false,
-	CAAValidationMethods:           false,
-	CAAAccountURI:                  false,
-	EnforceMultiVA:                 false,
-	MultiVAFullResults:             false,
-	MandatoryPOSTAsGET:             false,
-	AllowV1Registration:            true,
-	V1DisableNewValidations:        false,
-	PrecertificateRevocation:       false,
-	StripDefaultSchemePort:         false,
-	StoreIssuerInfo:                false,
-	StoreRevokerInfo:               false,
-	RestrictRSAKeySizes:            false,
-	FasterNewOrdersRateLimit:       false,
-	NonCFSSLSigner:                 false,
-	ECDSAForAll:                    false,
-	StreamlineOrderAndAuthzs:       false,
-	ServeRenewalInfo:               false,
-	GetAuthzReadOnly:               false,
-	GetAuthzUseIndex:               false,
-	CheckFailedAuthorizationsFirst: false,
-	AllowReRevocation:              false,
-	MozRevocationReasons:           false,
-	OldTLSOutbound:                 true,
-	OldTLSInbound:                  true,
-	SHA1CSRs:                       true,
-	AllowUnrecognizedFeatures:      false,
-	ExpirationMailerDontLookTwice:  false,
-	RejectDuplicateCSRExtensions:   false,
-	ROCSPStage1:                    false,
-	ROCSPStage2:                    false,
-	ROCSPStage3:                    false,
-	ROCSPStage6:                    false,
-	ROCSPStage7:                    false,
-}
-
-var fMu = new(sync.RWMutex)
-
-var initial = map[FeatureFlag]bool{}
-
-var nameToFeature = make(map[string]FeatureFlag, len(features))
-
-func init() {
-	for f, v := range features {
-		nameToFeature[f.String()] = f
-		initial[f] = v
-	}
-}
-
-// Set accepts a list of features and whether they should
-// be enabled or disabled. In the presence of unrecognized
-// flags, it will return an error or not depending on the
-// value of AllowUnrecognizedFeatures.
-func Set(featureSet map[string]bool) error {
-	fMu.Lock()
-	defer fMu.Unlock()
-	var unknown []string
-	for n, v := range featureSet {
-		f, present := nameToFeature[n]
-		if present {
-			features[f] = v
-		} else {
-			unknown = append(unknown, n)
-		}
-	}
-	if len(unknown) > 0 && !features[AllowUnrecognizedFeatures] {
-		return fmt.Errorf("unrecognized feature flag names: %s",
-			strings.Join(unknown, ", "))
-	}
-	return nil
-}
-
-// Enabled returns true if the feature is enabled or false
-// if it isn't, it will panic if passed a feature that it
-// doesn't know.
-func Enabled(n FeatureFlag) bool {
-	fMu.RLock()
-	defer fMu.RUnlock()
-	v, present := features[n]
-	if !present {
-		panic(fmt.Sprintf("feature '%s' doesn't exist", n.String()))
-	}
-	return v
-}
-
-// Reset resets the features to their initial state
-func Reset() {
-	fMu.Lock()
-	defer fMu.Unlock()
-	for k, v := range initial {
-		features[k] = v
-	}
-}
diff --git a/vendor/github.com/letsencrypt/boulder/goodkey/blocked.go b/vendor/github.com/letsencrypt/boulder/goodkey/blocked.go
index fdcfe9a18..198c09db4 100644
--- a/vendor/github.com/letsencrypt/boulder/goodkey/blocked.go
+++ b/vendor/github.com/letsencrypt/boulder/goodkey/blocked.go
@@ -9,8 +9,7 @@ import (
 	"os"
 
 	"github.com/letsencrypt/boulder/core"
-
-	yaml "gopkg.in/yaml.v3"
+	"github.com/letsencrypt/boulder/strictyaml"
 )
 
 // blockedKeys is a type for maintaining a map of SHA256 hashes
@@ -58,7 +57,7 @@ func loadBlockedKeysList(filename string) (*blockedKeys, error) {
 		BlockedHashes    []string `yaml:"blocked"`
 		BlockedHashesHex []string `yaml:"blockedHashesHex"`
 	}
-	err = yaml.Unmarshal(yamlBytes, &list)
+	err = strictyaml.Unmarshal(yamlBytes, &list)
 	if err != nil {
 		return nil, err
 	}
diff --git a/vendor/github.com/letsencrypt/boulder/goodkey/good_key.go b/vendor/github.com/letsencrypt/boulder/goodkey/good_key.go
index b751c376c..087a01812 100644
--- a/vendor/github.com/letsencrypt/boulder/goodkey/good_key.go
+++ b/vendor/github.com/letsencrypt/boulder/goodkey/good_key.go
@@ -12,10 +12,6 @@ import (
 	"sync"
 
 	"github.com/letsencrypt/boulder/core"
-	berrors "github.com/letsencrypt/boulder/errors"
-	"github.com/letsencrypt/boulder/features"
-	sapb "github.com/letsencrypt/boulder/sa/proto"
-	"google.golang.org/grpc"
 
 	"github.com/titanous/rocacheck"
 )
@@ -68,10 +64,12 @@ func badKey(msg string, args ...interface{}) error {
 	return fmt.Errorf("%w%s", ErrBadKey, fmt.Errorf(msg, args...))
 }
 
-// BlockedKeyCheckFunc is used to pass in the sa.BlockedKey method to KeyPolicy,
-// rather than storing a full sa.SQLStorageAuthority. This makes testing
+// BlockedKeyCheckFunc is used to pass in the sa.BlockedKey functionality to KeyPolicy,
+// rather than storing a full sa.SQLStorageAuthority. This allows external
+// users who don’t want to import all of boulder/sa, and makes testing
 // significantly simpler.
-type BlockedKeyCheckFunc func(context.Context, *sapb.KeyBlockedRequest, ...grpc.CallOption) (*sapb.Exists, error)
+// On success, the function returns a boolean which is true if the key is blocked.
+type BlockedKeyCheckFunc func(ctx context.Context, keyHash []byte) (bool, error)
 
 // KeyPolicy determines which types of key may be used with various boulder
 // operations.
@@ -82,7 +80,7 @@ type KeyPolicy struct {
 	weakRSAList        *WeakRSAKeys
 	blockedList        *blockedKeys
 	fermatRounds       int
-	dbCheck            BlockedKeyCheckFunc
+	blockedCheck       BlockedKeyCheckFunc
 }
 
 // NewKeyPolicy returns a KeyPolicy that allows RSA, ECDSA256 and ECDSA384.
@@ -97,7 +95,7 @@ func NewKeyPolicy(config *Config, bkc BlockedKeyCheckFunc) (KeyPolicy, error) {
 		AllowRSA:           true,
 		AllowECDSANISTP256: true,
 		AllowECDSANISTP384: true,
-		dbCheck:            bkc,
+		blockedCheck:       bkc,
 	}
 	if config.WeakKeyFile != "" {
 		keyList, err := LoadWeakRSASuffixes(config.WeakKeyFile)
@@ -137,20 +135,20 @@ func (policy *KeyPolicy) GoodKey(ctx context.Context, key crypto.PublicKey) erro
 	// that has been administratively blocked.
 	if policy.blockedList != nil {
 		if blocked, err := policy.blockedList.blocked(key); err != nil {
-			return berrors.InternalServerError("error checking blocklist for key: %v", key)
+			return fmt.Errorf("error checking blocklist for key: %v", key)
 		} else if blocked {
 			return badKey("public key is forbidden")
 		}
 	}
-	if policy.dbCheck != nil {
+	if policy.blockedCheck != nil {
 		digest, err := core.KeyDigest(key)
 		if err != nil {
 			return badKey("%w", err)
 		}
-		exists, err := policy.dbCheck(ctx, &sapb.KeyBlockedRequest{KeyHash: digest[:]})
+		exists, err := policy.blockedCheck(ctx, digest[:])
 		if err != nil {
 			return err
-		} else if exists.Exists {
+		} else if exists {
 			return badKey("public key is forbidden")
 		}
 	}
@@ -275,6 +273,12 @@ func (policy *KeyPolicy) goodCurve(c elliptic.Curve) (err error) {
 	}
 }
 
+// Baseline Requirements, Section 6.1.5 requires key size >= 2048 and a multiple
+// of 8 bits: https://github.com/cabforum/servercert/blob/main/docs/BR.md#615-key-sizes
+// Baseline Requirements, Section 6.1.1.3 requires that we reject any keys which
+// have a known method to easily compute their private key, such as Debian Weak
+// Keys. Our enforcement mechanism relies on enumerating all Debian Weak Keys at
+// common key sizes, so we restrict all issuance to those common key sizes.
 var acceptableRSAKeySizes = map[int]bool{
 	2048: true,
 	3072: true,
@@ -290,27 +294,12 @@ func (policy *KeyPolicy) goodKeyRSA(key *rsa.PublicKey) (err error) {
 		return badKey("key is on a known weak RSA key list")
 	}
 
-	// Baseline Requirements Appendix A
-	// Modulus must be >= 2048 bits and <= 4096 bits
 	modulus := key.N
+
+	// See comment on acceptableRSAKeySizes above.
 	modulusBitLen := modulus.BitLen()
-	if features.Enabled(features.RestrictRSAKeySizes) {
-		if !acceptableRSAKeySizes[modulusBitLen] {
-			return badKey("key size not supported: %d", modulusBitLen)
-		}
-	} else {
-		const maxKeySize = 4096
-		if modulusBitLen < 2048 {
-			return badKey("key too small: %d", modulusBitLen)
-		}
-		if modulusBitLen > maxKeySize {
-			return badKey("key too large: %d > %d", modulusBitLen, maxKeySize)
-		}
-		// Bit lengths that are not a multiple of 8 may cause problems on some
-		// client implementations.
-		if modulusBitLen%8 != 0 {
-			return badKey("key length wasn't a multiple of 8: %d", modulusBitLen)
-		}
+	if !acceptableRSAKeySizes[modulusBitLen] {
+		return badKey("key size not supported: %d", modulusBitLen)
 	}
 
 	// Rather than support arbitrary exponents, which significantly increases
diff --git a/vendor/github.com/letsencrypt/boulder/probs/probs.go b/vendor/github.com/letsencrypt/boulder/probs/probs.go
index 3736e8d39..2cc766237 100644
--- a/vendor/github.com/letsencrypt/boulder/probs/probs.go
+++ b/vendor/github.com/letsencrypt/boulder/probs/probs.go
@@ -7,29 +7,33 @@ import (
 	"github.com/letsencrypt/boulder/identifier"
 )
 
-// Error types that can be used in ACME payloads
 const (
+	// Error types that can be used in ACME payloads. These are sorted in the
+	// same order as they are defined in RFC8555 Section 6.7. We do not implement
+	// the `compound`, `externalAccountRequired`, or `userActionRequired` errors,
+	// because we have no path that would return them.
+	AccountDoesNotExistProblem   = ProblemType("accountDoesNotExist")
+	AlreadyRevokedProblem        = ProblemType("alreadyRevoked")
+	BadCSRProblem                = ProblemType("badCSR")
+	BadNonceProblem              = ProblemType("badNonce")
+	BadPublicKeyProblem          = ProblemType("badPublicKey")
+	BadRevocationReasonProblem   = ProblemType("badRevocationReason")
+	BadSignatureAlgorithmProblem = ProblemType("badSignatureAlgorithm")
+	CAAProblem                   = ProblemType("caa")
 	ConnectionProblem            = ProblemType("connection")
+	DNSProblem                   = ProblemType("dns")
+	InvalidContactProblem        = ProblemType("invalidContact")
 	MalformedProblem             = ProblemType("malformed")
+	OrderNotReadyProblem         = ProblemType("orderNotReady")
+	RateLimitedProblem           = ProblemType("rateLimited")
+	RejectedIdentifierProblem    = ProblemType("rejectedIdentifier")
 	ServerInternalProblem        = ProblemType("serverInternal")
 	TLSProblem                   = ProblemType("tls")
 	UnauthorizedProblem          = ProblemType("unauthorized")
-	RateLimitedProblem           = ProblemType("rateLimited")
-	BadNonceProblem              = ProblemType("badNonce")
-	InvalidEmailProblem          = ProblemType("invalidEmail")
-	RejectedIdentifierProblem    = ProblemType("rejectedIdentifier")
-	AccountDoesNotExistProblem   = ProblemType("accountDoesNotExist")
-	CAAProblem                   = ProblemType("caa")
-	DNSProblem                   = ProblemType("dns")
-	AlreadyRevokedProblem        = ProblemType("alreadyRevoked")
-	OrderNotReadyProblem         = ProblemType("orderNotReady")
-	BadSignatureAlgorithmProblem = ProblemType("badSignatureAlgorithm")
-	BadPublicKeyProblem          = ProblemType("badPublicKey")
-	BadRevocationReasonProblem   = ProblemType("badRevocationReason")
-	BadCSRProblem                = ProblemType("badCSR")
+	UnsupportedContactProblem    = ProblemType("unsupportedContact")
+	UnsupportedIdentifierProblem = ProblemType("unsupportedIdentifier")
 
-	V1ErrorNS = "urn:acme:error:"
-	V2ErrorNS = "urn:ietf:params:acme:error:"
+	ErrorNS = "urn:ietf:params:acme:error:"
 )
 
 // ProblemType defines the error types in the ACME protocol
@@ -71,112 +75,71 @@ func (pd *ProblemDetails) WithSubProblems(subProbs []SubProblemDetails) *Problem
 	}
 }
 
-// statusTooManyRequests is the HTTP status code meant for rate limiting
-// errors. It's not currently in the net/http library so we add it here.
-const statusTooManyRequests = 429
+// Helper functions which construct the basic RFC8555 Problem Documents, with
+// the Type already set and the Details supplied by the caller.
 
-// ProblemDetailsToStatusCode inspects the given ProblemDetails to figure out
-// what HTTP status code it should represent. It should only be used by the WFE
-// but is included in this package because of its reliance on ProblemTypes.
-func ProblemDetailsToStatusCode(prob *ProblemDetails) int {
-	if prob.HTTPStatus != 0 {
-		return prob.HTTPStatus
-	}
-	switch prob.Type {
-	case
-		ConnectionProblem,
-		MalformedProblem,
-		BadSignatureAlgorithmProblem,
-		BadPublicKeyProblem,
-		TLSProblem,
-		BadNonceProblem,
-		InvalidEmailProblem,
-		RejectedIdentifierProblem,
-		AccountDoesNotExistProblem,
-		BadRevocationReasonProblem:
-		return http.StatusBadRequest
-	case ServerInternalProblem:
-		return http.StatusInternalServerError
-	case
-		UnauthorizedProblem,
-		CAAProblem:
-		return http.StatusForbidden
-	case RateLimitedProblem:
-		return statusTooManyRequests
-	default:
-		return http.StatusInternalServerError
-	}
-}
-
-// BadNonce returns a ProblemDetails with a BadNonceProblem and a 400 Bad
-// Request status code.
-func BadNonce(detail string) *ProblemDetails {
+// AccountDoesNotExist returns a ProblemDetails representing an
+// AccountDoesNotExistProblem error
+func AccountDoesNotExist(detail string) *ProblemDetails {
 	return &ProblemDetails{
-		Type:       BadNonceProblem,
+		Type:       AccountDoesNotExistProblem,
 		Detail:     detail,
 		HTTPStatus: http.StatusBadRequest,
 	}
 }
 
-// RejectedIdentifier returns a ProblemDetails with a RejectedIdentifierProblem and a 400 Bad
+// AlreadyRevoked returns a ProblemDetails with a AlreadyRevokedProblem and a 400 Bad
 // Request status code.
-func RejectedIdentifier(detail string) *ProblemDetails {
+func AlreadyRevoked(detail string, a ...any) *ProblemDetails {
 	return &ProblemDetails{
-		Type:       RejectedIdentifierProblem,
-		Detail:     detail,
+		Type:       AlreadyRevokedProblem,
+		Detail:     fmt.Sprintf(detail, a...),
 		HTTPStatus: http.StatusBadRequest,
 	}
 }
 
-// Conflict returns a ProblemDetails with a MalformedProblem and a 409 Conflict
-// status code.
-func Conflict(detail string) *ProblemDetails {
+// BadCSR returns a ProblemDetails representing a BadCSRProblem.
+func BadCSR(detail string, a ...any) *ProblemDetails {
 	return &ProblemDetails{
-		Type:       MalformedProblem,
-		Detail:     detail,
-		HTTPStatus: http.StatusConflict,
+		Type:       BadCSRProblem,
+		Detail:     fmt.Sprintf(detail, a...),
+		HTTPStatus: http.StatusBadRequest,
 	}
 }
 
-// AlreadyRevoked returns a ProblemDetails with a AlreadyRevokedProblem and a 400 Bad
+// BadNonce returns a ProblemDetails with a BadNonceProblem and a 400 Bad
 // Request status code.
-func AlreadyRevoked(detail string, a ...interface{}) *ProblemDetails {
+func BadNonce(detail string) *ProblemDetails {
 	return &ProblemDetails{
-		Type:       AlreadyRevokedProblem,
-		Detail:     fmt.Sprintf(detail, a...),
+		Type:       BadNonceProblem,
+		Detail:     detail,
 		HTTPStatus: http.StatusBadRequest,
 	}
 }
 
-// Malformed returns a ProblemDetails with a MalformedProblem and a 400 Bad
+// BadPublicKey returns a ProblemDetails with a BadPublicKeyProblem and a 400 Bad
 // Request status code.
-func Malformed(detail string, args ...interface{}) *ProblemDetails {
-	if len(args) > 0 {
-		detail = fmt.Sprintf(detail, args...)
-	}
+func BadPublicKey(detail string, a ...any) *ProblemDetails {
 	return &ProblemDetails{
-		Type:       MalformedProblem,
-		Detail:     detail,
+		Type:       BadPublicKeyProblem,
+		Detail:     fmt.Sprintf(detail, a...),
 		HTTPStatus: http.StatusBadRequest,
 	}
 }
 
-// Canceled returns a ProblemDetails with a MalformedProblem and a 408 Request
-// Timeout status code.
-func Canceled(detail string, args ...interface{}) *ProblemDetails {
-	if len(args) > 0 {
-		detail = fmt.Sprintf(detail, args...)
-	}
+// BadRevocationReason returns a ProblemDetails representing
+// a BadRevocationReasonProblem
+func BadRevocationReason(detail string, a ...any) *ProblemDetails {
 	return &ProblemDetails{
-		Type:       MalformedProblem,
-		Detail:     detail,
-		HTTPStatus: http.StatusRequestTimeout,
+		Type:       BadRevocationReasonProblem,
+		Detail:     fmt.Sprintf(detail, a...),
+		HTTPStatus: http.StatusBadRequest,
 	}
 }
 
 // BadSignatureAlgorithm returns a ProblemDetails with a BadSignatureAlgorithmProblem
 // and a 400 Bad Request status code.
-func BadSignatureAlgorithm(detail string, a ...interface{}) *ProblemDetails {
+func BadSignatureAlgorithm(detail string, a ...any) *ProblemDetails {
 	return &ProblemDetails{
 		Type:       BadSignatureAlgorithmProblem,
 		Detail:     fmt.Sprintf(detail, a...),
@@ -184,166 +147,195 @@ func BadSignatureAlgorithm(detail string, a ...interface{}) *ProblemDetails {
 	}
 }
 
-// BadPublicKey returns a ProblemDetails with a BadPublicKeyProblem and a 400 Bad
-// Request status code.
-func BadPublicKey(detail string, a ...interface{}) *ProblemDetails {
+// CAA returns a ProblemDetails representing a CAAProblem
+func CAA(detail string) *ProblemDetails {
 	return &ProblemDetails{
-		Type:       BadPublicKeyProblem,
-		Detail:     fmt.Sprintf(detail, a...),
-		HTTPStatus: http.StatusBadRequest,
+		Type:       CAAProblem,
+		Detail:     detail,
+		HTTPStatus: http.StatusForbidden,
 	}
 }
 
-// NotFound returns a ProblemDetails with a MalformedProblem and a 404 Not Found
-// status code.
-func NotFound(detail string) *ProblemDetails {
+// Connection returns a ProblemDetails representing a ConnectionProblem
+// error
+func Connection(detail string) *ProblemDetails {
 	return &ProblemDetails{
-		Type:       MalformedProblem,
+		Type:       ConnectionProblem,
 		Detail:     detail,
-		HTTPStatus: http.StatusNotFound,
+		HTTPStatus: http.StatusBadRequest,
 	}
 }
 
-// ServerInternal returns a ProblemDetails with a ServerInternalProblem and a
-// 500 Internal Server Failure status code.
-func ServerInternal(detail string) *ProblemDetails {
+// DNS returns a ProblemDetails representing a DNSProblem
+func DNS(detail string) *ProblemDetails {
 	return &ProblemDetails{
-		Type:       ServerInternalProblem,
+		Type:       DNSProblem,
 		Detail:     detail,
-		HTTPStatus: http.StatusInternalServerError,
+		HTTPStatus: http.StatusBadRequest,
 	}
 }
 
-// Unauthorized returns a ProblemDetails with an UnauthorizedProblem and a 403
-// Forbidden status code.
-func Unauthorized(detail string) *ProblemDetails {
+// InvalidContact returns a ProblemDetails representing an InvalidContactProblem.
+func InvalidContact(detail string) *ProblemDetails {
 	return &ProblemDetails{
-		Type:       UnauthorizedProblem,
+		Type:       InvalidContactProblem,
 		Detail:     detail,
-		HTTPStatus: http.StatusForbidden,
+		HTTPStatus: http.StatusBadRequest,
 	}
 }
 
-// MethodNotAllowed returns a ProblemDetails representing a disallowed HTTP
-// method error.
-func MethodNotAllowed() *ProblemDetails {
+// Malformed returns a ProblemDetails with a MalformedProblem and a 400 Bad
+// Request status code.
+func Malformed(detail string, a ...any) *ProblemDetails {
+	if len(a) > 0 {
+		detail = fmt.Sprintf(detail, a...)
+	}
 	return &ProblemDetails{
 		Type:       MalformedProblem,
-		Detail:     "Method not allowed",
-		HTTPStatus: http.StatusMethodNotAllowed,
+		Detail:     detail,
+		HTTPStatus: http.StatusBadRequest,
 	}
 }
 
-// ContentLengthRequired returns a ProblemDetails representing a missing
-// Content-Length header error
-func ContentLengthRequired() *ProblemDetails {
+// OrderNotReady returns a ProblemDetails representing a OrderNotReadyProblem
+func OrderNotReady(detail string, a ...any) *ProblemDetails {
 	return &ProblemDetails{
-		Type:       MalformedProblem,
-		Detail:     "missing Content-Length header",
-		HTTPStatus: http.StatusLengthRequired,
+		Type:       OrderNotReadyProblem,
+		Detail:     fmt.Sprintf(detail, a...),
+		HTTPStatus: http.StatusForbidden,
 	}
 }
 
-// InvalidContentType returns a ProblemDetails suitable for a missing
-// ContentType header, or an incorrect ContentType header
-func InvalidContentType(detail string) *ProblemDetails {
+// RateLimited returns a ProblemDetails representing a RateLimitedProblem error
+func RateLimited(detail string) *ProblemDetails {
 	return &ProblemDetails{
-		Type:       MalformedProblem,
+		Type:       RateLimitedProblem,
 		Detail:     detail,
-		HTTPStatus: http.StatusUnsupportedMediaType,
+		HTTPStatus: http.StatusTooManyRequests,
 	}
 }
 
-// InvalidEmail returns a ProblemDetails representing an invalid email address
-// error
-func InvalidEmail(detail string) *ProblemDetails {
+// RejectedIdentifier returns a ProblemDetails with a RejectedIdentifierProblem and a 400 Bad
+// Request status code.
+func RejectedIdentifier(detail string) *ProblemDetails {
 	return &ProblemDetails{
-		Type:       InvalidEmailProblem,
+		Type:       RejectedIdentifierProblem,
 		Detail:     detail,
 		HTTPStatus: http.StatusBadRequest,
 	}
 }
 
-// ConnectionFailure returns a ProblemDetails representing a ConnectionProblem
-// error
-func ConnectionFailure(detail string) *ProblemDetails {
+// ServerInternal returns a ProblemDetails with a ServerInternalProblem and a
+// 500 Internal Server Failure status code.
+func ServerInternal(detail string) *ProblemDetails {
 	return &ProblemDetails{
-		Type:       ConnectionProblem,
+		Type:       ServerInternalProblem,
+		Detail:     detail,
+		HTTPStatus: http.StatusInternalServerError,
+	}
+}
+
+// TLS returns a ProblemDetails representing a TLSProblem error
+func TLS(detail string) *ProblemDetails {
+	return &ProblemDetails{
+		Type:       TLSProblem,
 		Detail:     detail,
 		HTTPStatus: http.StatusBadRequest,
 	}
 }
 
-// RateLimited returns a ProblemDetails representing a RateLimitedProblem error
-func RateLimited(detail string) *ProblemDetails {
+// Unauthorized returns a ProblemDetails with an UnauthorizedProblem and a 403
+// Forbidden status code.
+func Unauthorized(detail string) *ProblemDetails {
 	return &ProblemDetails{
-		Type:       RateLimitedProblem,
+		Type:       UnauthorizedProblem,
 		Detail:     detail,
-		HTTPStatus: statusTooManyRequests,
+		HTTPStatus: http.StatusForbidden,
 	}
 }
 
-// TLSError returns a ProblemDetails representing a TLSProblem error
-func TLSError(detail string) *ProblemDetails {
+// UnsupportedContact returns a ProblemDetails representing an
+// UnsupportedContactProblem
+func UnsupportedContact(detail string) *ProblemDetails {
 	return &ProblemDetails{
-		Type:       TLSProblem,
+		Type:       UnsupportedContactProblem,
 		Detail:     detail,
 		HTTPStatus: http.StatusBadRequest,
 	}
 }
 
-// AccountDoesNotExist returns a ProblemDetails representing an
-// AccountDoesNotExistProblem error
-func AccountDoesNotExist(detail string) *ProblemDetails {
+// UnsupportedIdentifier returns a ProblemDetails representing an
+// UnsupportedIdentifierProblem
+func UnsupportedIdentifier(detail string, a ...any) *ProblemDetails {
 	return &ProblemDetails{
-		Type:       AccountDoesNotExistProblem,
-		Detail:     detail,
+		Type:       UnsupportedIdentifierProblem,
+		Detail:     fmt.Sprintf(detail, a...),
 		HTTPStatus: http.StatusBadRequest,
 	}
 }
 
-// CAA returns a ProblemDetails representing a CAAProblem
-func CAA(detail string) *ProblemDetails {
+// Additional helper functions that return variations on MalformedProblem with
+// different HTTP status codes set.
+
+// Canceled returns a ProblemDetails with a MalformedProblem and a 408 Request
+// Timeout status code.
+func Canceled(detail string, a ...any) *ProblemDetails {
+	if len(a) > 0 {
+		detail = fmt.Sprintf(detail, a...)
+	}
 	return &ProblemDetails{
-		Type:       CAAProblem,
+		Type:       MalformedProblem,
 		Detail:     detail,
-		HTTPStatus: http.StatusForbidden,
+		HTTPStatus: http.StatusRequestTimeout,
 	}
 }
 
-// DNS returns a ProblemDetails representing a DNSProblem
-func DNS(detail string) *ProblemDetails {
+// Conflict returns a ProblemDetails with a MalformedProblem and a 409 Conflict
+// status code.
+func Conflict(detail string) *ProblemDetails {
 	return &ProblemDetails{
-		Type:       DNSProblem,
+		Type:       MalformedProblem,
 		Detail:     detail,
-		HTTPStatus: http.StatusBadRequest,
+		HTTPStatus: http.StatusConflict,
 	}
 }
 
-// OrderNotReady returns a ProblemDetails representing a OrderNotReadyProblem
-func OrderNotReady(detail string, a ...interface{}) *ProblemDetails {
+// ContentLengthRequired returns a ProblemDetails representing a missing
+// Content-Length header error
+func ContentLengthRequired() *ProblemDetails {
 	return &ProblemDetails{
-		Type:       OrderNotReadyProblem,
-		Detail:     fmt.Sprintf(detail, a...),
-		HTTPStatus: http.StatusForbidden,
+		Type:       MalformedProblem,
+		Detail:     "missing Content-Length header",
+		HTTPStatus: http.StatusLengthRequired,
 	}
 }
 
-// BadRevocationReason returns a ProblemDetails representing
-// a BadRevocationReasonProblem
-func BadRevocationReason(detail string, a ...interface{}) *ProblemDetails {
+// InvalidContentType returns a ProblemDetails suitable for a missing
+// ContentType header, or an incorrect ContentType header
+func InvalidContentType(detail string) *ProblemDetails {
 	return &ProblemDetails{
-		Type:       BadRevocationReasonProblem,
-		Detail:     fmt.Sprintf(detail, a...),
-		HTTPStatus: http.StatusBadRequest,
+		Type:       MalformedProblem,
+		Detail:     detail,
+		HTTPStatus: http.StatusUnsupportedMediaType,
 	}
 }
 
-// BadCSR returns a ProblemDetails representing a BadCSRProblem.
-func BadCSR(detail string, a ...interface{}) *ProblemDetails {
+// MethodNotAllowed returns a ProblemDetails representing a disallowed HTTP
+// method error.
+func MethodNotAllowed() *ProblemDetails {
 	return &ProblemDetails{
-		Type:       BadCSRProblem,
-		Detail:     fmt.Sprintf(detail, a...),
-		HTTPStatus: http.StatusBadRequest,
+		Type:       MalformedProblem,
+		Detail:     "Method not allowed",
+		HTTPStatus: http.StatusMethodNotAllowed,
+	}
+}
+
+// NotFound returns a ProblemDetails with a MalformedProblem and a 404 Not Found
+// status code.
+func NotFound(detail string) *ProblemDetails {
+	return &ProblemDetails{
+		Type:       MalformedProblem,
+		Detail:     detail,
+		HTTPStatus: http.StatusNotFound,
 	}
 }
diff --git a/vendor/github.com/letsencrypt/boulder/sa/proto/sa.pb.go b/vendor/github.com/letsencrypt/boulder/sa/proto/sa.pb.go
deleted file mode 100644
index 27c5d18b0..000000000
--- a/vendor/github.com/letsencrypt/boulder/sa/proto/sa.pb.go
+++ /dev/null
@@ -1,4261 +0,0 @@
-// Code generated by protoc-gen-go. DO NOT EDIT.
-// versions:
-// 	protoc-gen-go v1.28.0
-// 	protoc        v3.20.1
-// source: sa.proto
-
-package proto
-
-import (
-	proto "github.com/letsencrypt/boulder/core/proto"
-	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
-	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
-	emptypb "google.golang.org/protobuf/types/known/emptypb"
-	timestamppb "google.golang.org/protobuf/types/known/timestamppb"
-	reflect "reflect"
-	sync "sync"
-)
-
-const (
-	// Verify that this generated code is sufficiently up-to-date.
-	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
-	// Verify that runtime/protoimpl is sufficiently up-to-date.
-	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
-)
-
-type RegistrationID struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Id int64 `protobuf:"varint,1,opt,name=id,proto3" json:"id,omitempty"`
-}
-
-func (x *RegistrationID) Reset() {
-	*x = RegistrationID{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[0]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *RegistrationID) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*RegistrationID) ProtoMessage() {}
-
-func (x *RegistrationID) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[0]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use RegistrationID.ProtoReflect.Descriptor instead.
-func (*RegistrationID) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{0}
-}
-
-func (x *RegistrationID) GetId() int64 {
-	if x != nil {
-		return x.Id
-	}
-	return 0
-}
-
-type JSONWebKey struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Jwk []byte `protobuf:"bytes,1,opt,name=jwk,proto3" json:"jwk,omitempty"`
-}
-
-func (x *JSONWebKey) Reset() {
-	*x = JSONWebKey{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[1]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *JSONWebKey) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*JSONWebKey) ProtoMessage() {}
-
-func (x *JSONWebKey) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[1]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use JSONWebKey.ProtoReflect.Descriptor instead.
-func (*JSONWebKey) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{1}
-}
-
-func (x *JSONWebKey) GetJwk() []byte {
-	if x != nil {
-		return x.Jwk
-	}
-	return nil
-}
-
-type AuthorizationID struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
-}
-
-func (x *AuthorizationID) Reset() {
-	*x = AuthorizationID{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[2]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *AuthorizationID) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*AuthorizationID) ProtoMessage() {}
-
-func (x *AuthorizationID) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[2]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use AuthorizationID.ProtoReflect.Descriptor instead.
-func (*AuthorizationID) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{2}
-}
-
-func (x *AuthorizationID) GetId() string {
-	if x != nil {
-		return x.Id
-	}
-	return ""
-}
-
-type GetPendingAuthorizationRequest struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	RegistrationID  int64  `protobuf:"varint,1,opt,name=registrationID,proto3" json:"registrationID,omitempty"`
-	IdentifierType  string `protobuf:"bytes,2,opt,name=identifierType,proto3" json:"identifierType,omitempty"`
-	IdentifierValue string `protobuf:"bytes,3,opt,name=identifierValue,proto3" json:"identifierValue,omitempty"`
-	// Result must be valid until at least this Unix timestamp (nanos)
-	ValidUntil int64 `protobuf:"varint,4,opt,name=validUntil,proto3" json:"validUntil,omitempty"`
-}
-
-func (x *GetPendingAuthorizationRequest) Reset() {
-	*x = GetPendingAuthorizationRequest{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[3]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *GetPendingAuthorizationRequest) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*GetPendingAuthorizationRequest) ProtoMessage() {}
-
-func (x *GetPendingAuthorizationRequest) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[3]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use GetPendingAuthorizationRequest.ProtoReflect.Descriptor instead.
-func (*GetPendingAuthorizationRequest) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{3}
-}
-
-func (x *GetPendingAuthorizationRequest) GetRegistrationID() int64 {
-	if x != nil {
-		return x.RegistrationID
-	}
-	return 0
-}
-
-func (x *GetPendingAuthorizationRequest) GetIdentifierType() string {
-	if x != nil {
-		return x.IdentifierType
-	}
-	return ""
-}
-
-func (x *GetPendingAuthorizationRequest) GetIdentifierValue() string {
-	if x != nil {
-		return x.IdentifierValue
-	}
-	return ""
-}
-
-func (x *GetPendingAuthorizationRequest) GetValidUntil() int64 {
-	if x != nil {
-		return x.ValidUntil
-	}
-	return 0
-}
-
-type GetValidAuthorizationsRequest struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	RegistrationID int64    `protobuf:"varint,1,opt,name=registrationID,proto3" json:"registrationID,omitempty"`
-	Domains        []string `protobuf:"bytes,2,rep,name=domains,proto3" json:"domains,omitempty"`
-	Now            int64    `protobuf:"varint,3,opt,name=now,proto3" json:"now,omitempty"` // Unix timestamp (nanoseconds)
-}
-
-func (x *GetValidAuthorizationsRequest) Reset() {
-	*x = GetValidAuthorizationsRequest{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[4]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *GetValidAuthorizationsRequest) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*GetValidAuthorizationsRequest) ProtoMessage() {}
-
-func (x *GetValidAuthorizationsRequest) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[4]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use GetValidAuthorizationsRequest.ProtoReflect.Descriptor instead.
-func (*GetValidAuthorizationsRequest) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{4}
-}
-
-func (x *GetValidAuthorizationsRequest) GetRegistrationID() int64 {
-	if x != nil {
-		return x.RegistrationID
-	}
-	return 0
-}
-
-func (x *GetValidAuthorizationsRequest) GetDomains() []string {
-	if x != nil {
-		return x.Domains
-	}
-	return nil
-}
-
-func (x *GetValidAuthorizationsRequest) GetNow() int64 {
-	if x != nil {
-		return x.Now
-	}
-	return 0
-}
-
-type ValidAuthorizations struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Valid []*ValidAuthorizations_MapElement `protobuf:"bytes,1,rep,name=valid,proto3" json:"valid,omitempty"`
-}
-
-func (x *ValidAuthorizations) Reset() {
-	*x = ValidAuthorizations{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[5]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *ValidAuthorizations) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*ValidAuthorizations) ProtoMessage() {}
-
-func (x *ValidAuthorizations) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[5]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use ValidAuthorizations.ProtoReflect.Descriptor instead.
-func (*ValidAuthorizations) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{5}
-}
-
-func (x *ValidAuthorizations) GetValid() []*ValidAuthorizations_MapElement {
-	if x != nil {
-		return x.Valid
-	}
-	return nil
-}
-
-type Serial struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Serial string `protobuf:"bytes,1,opt,name=serial,proto3" json:"serial,omitempty"`
-}
-
-func (x *Serial) Reset() {
-	*x = Serial{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[6]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *Serial) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*Serial) ProtoMessage() {}
-
-func (x *Serial) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[6]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use Serial.ProtoReflect.Descriptor instead.
-func (*Serial) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{6}
-}
-
-func (x *Serial) GetSerial() string {
-	if x != nil {
-		return x.Serial
-	}
-	return ""
-}
-
-type SerialMetadata struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Serial         string `protobuf:"bytes,1,opt,name=serial,proto3" json:"serial,omitempty"`
-	RegistrationID int64  `protobuf:"varint,2,opt,name=registrationID,proto3" json:"registrationID,omitempty"`
-	Created        int64  `protobuf:"varint,3,opt,name=created,proto3" json:"created,omitempty"` // Unix timestamp (nanoseconds)
-	Expires        int64  `protobuf:"varint,4,opt,name=expires,proto3" json:"expires,omitempty"` // Unix timestamp (nanoseconds)
-}
-
-func (x *SerialMetadata) Reset() {
-	*x = SerialMetadata{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[7]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *SerialMetadata) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*SerialMetadata) ProtoMessage() {}
-
-func (x *SerialMetadata) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[7]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use SerialMetadata.ProtoReflect.Descriptor instead.
-func (*SerialMetadata) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{7}
-}
-
-func (x *SerialMetadata) GetSerial() string {
-	if x != nil {
-		return x.Serial
-	}
-	return ""
-}
-
-func (x *SerialMetadata) GetRegistrationID() int64 {
-	if x != nil {
-		return x.RegistrationID
-	}
-	return 0
-}
-
-func (x *SerialMetadata) GetCreated() int64 {
-	if x != nil {
-		return x.Created
-	}
-	return 0
-}
-
-func (x *SerialMetadata) GetExpires() int64 {
-	if x != nil {
-		return x.Expires
-	}
-	return 0
-}
-
-type Range struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Earliest int64 `protobuf:"varint,1,opt,name=earliest,proto3" json:"earliest,omitempty"` // Unix timestamp (nanoseconds)
-	Latest   int64 `protobuf:"varint,2,opt,name=latest,proto3" json:"latest,omitempty"`     // Unix timestamp (nanoseconds)
-}
-
-func (x *Range) Reset() {
-	*x = Range{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[8]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *Range) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*Range) ProtoMessage() {}
-
-func (x *Range) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[8]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use Range.ProtoReflect.Descriptor instead.
-func (*Range) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{8}
-}
-
-func (x *Range) GetEarliest() int64 {
-	if x != nil {
-		return x.Earliest
-	}
-	return 0
-}
-
-func (x *Range) GetLatest() int64 {
-	if x != nil {
-		return x.Latest
-	}
-	return 0
-}
-
-type Count struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Count int64 `protobuf:"varint,1,opt,name=count,proto3" json:"count,omitempty"`
-}
-
-func (x *Count) Reset() {
-	*x = Count{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[9]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *Count) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*Count) ProtoMessage() {}
-
-func (x *Count) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[9]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use Count.ProtoReflect.Descriptor instead.
-func (*Count) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{9}
-}
-
-func (x *Count) GetCount() int64 {
-	if x != nil {
-		return x.Count
-	}
-	return 0
-}
-
-type Timestamps struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Timestamps []int64 `protobuf:"varint,1,rep,packed,name=timestamps,proto3" json:"timestamps,omitempty"` // Unix timestamp (nanoseconds)
-}
-
-func (x *Timestamps) Reset() {
-	*x = Timestamps{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[10]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *Timestamps) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*Timestamps) ProtoMessage() {}
-
-func (x *Timestamps) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[10]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use Timestamps.ProtoReflect.Descriptor instead.
-func (*Timestamps) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{10}
-}
-
-func (x *Timestamps) GetTimestamps() []int64 {
-	if x != nil {
-		return x.Timestamps
-	}
-	return nil
-}
-
-type CountCertificatesByNamesRequest struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Range *Range   `protobuf:"bytes,1,opt,name=range,proto3" json:"range,omitempty"`
-	Names []string `protobuf:"bytes,2,rep,name=names,proto3" json:"names,omitempty"`
-}
-
-func (x *CountCertificatesByNamesRequest) Reset() {
-	*x = CountCertificatesByNamesRequest{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[11]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *CountCertificatesByNamesRequest) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*CountCertificatesByNamesRequest) ProtoMessage() {}
-
-func (x *CountCertificatesByNamesRequest) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[11]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use CountCertificatesByNamesRequest.ProtoReflect.Descriptor instead.
-func (*CountCertificatesByNamesRequest) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{11}
-}
-
-func (x *CountCertificatesByNamesRequest) GetRange() *Range {
-	if x != nil {
-		return x.Range
-	}
-	return nil
-}
-
-func (x *CountCertificatesByNamesRequest) GetNames() []string {
-	if x != nil {
-		return x.Names
-	}
-	return nil
-}
-
-type CountByNames struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Counts   map[string]int64       `protobuf:"bytes,1,rep,name=counts,proto3" json:"counts,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"varint,2,opt,name=value,proto3"`
-	Earliest *timestamppb.Timestamp `protobuf:"bytes,2,opt,name=earliest,proto3" json:"earliest,omitempty"` // Unix timestamp (nanoseconds)
-}
-
-func (x *CountByNames) Reset() {
-	*x = CountByNames{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[12]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *CountByNames) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*CountByNames) ProtoMessage() {}
-
-func (x *CountByNames) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[12]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use CountByNames.ProtoReflect.Descriptor instead.
-func (*CountByNames) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{12}
-}
-
-func (x *CountByNames) GetCounts() map[string]int64 {
-	if x != nil {
-		return x.Counts
-	}
-	return nil
-}
-
-func (x *CountByNames) GetEarliest() *timestamppb.Timestamp {
-	if x != nil {
-		return x.Earliest
-	}
-	return nil
-}
-
-type CountRegistrationsByIPRequest struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Ip    []byte `protobuf:"bytes,1,opt,name=ip,proto3" json:"ip,omitempty"`
-	Range *Range `protobuf:"bytes,2,opt,name=range,proto3" json:"range,omitempty"`
-}
-
-func (x *CountRegistrationsByIPRequest) Reset() {
-	*x = CountRegistrationsByIPRequest{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[13]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *CountRegistrationsByIPRequest) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*CountRegistrationsByIPRequest) ProtoMessage() {}
-
-func (x *CountRegistrationsByIPRequest) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[13]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use CountRegistrationsByIPRequest.ProtoReflect.Descriptor instead.
-func (*CountRegistrationsByIPRequest) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{13}
-}
-
-func (x *CountRegistrationsByIPRequest) GetIp() []byte {
-	if x != nil {
-		return x.Ip
-	}
-	return nil
-}
-
-func (x *CountRegistrationsByIPRequest) GetRange() *Range {
-	if x != nil {
-		return x.Range
-	}
-	return nil
-}
-
-type CountInvalidAuthorizationsRequest struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	RegistrationID int64  `protobuf:"varint,1,opt,name=registrationID,proto3" json:"registrationID,omitempty"`
-	Hostname       string `protobuf:"bytes,2,opt,name=hostname,proto3" json:"hostname,omitempty"`
-	// Count authorizations that expire in this range.
-	Range *Range `protobuf:"bytes,3,opt,name=range,proto3" json:"range,omitempty"`
-}
-
-func (x *CountInvalidAuthorizationsRequest) Reset() {
-	*x = CountInvalidAuthorizationsRequest{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[14]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *CountInvalidAuthorizationsRequest) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*CountInvalidAuthorizationsRequest) ProtoMessage() {}
-
-func (x *CountInvalidAuthorizationsRequest) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[14]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use CountInvalidAuthorizationsRequest.ProtoReflect.Descriptor instead.
-func (*CountInvalidAuthorizationsRequest) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{14}
-}
-
-func (x *CountInvalidAuthorizationsRequest) GetRegistrationID() int64 {
-	if x != nil {
-		return x.RegistrationID
-	}
-	return 0
-}
-
-func (x *CountInvalidAuthorizationsRequest) GetHostname() string {
-	if x != nil {
-		return x.Hostname
-	}
-	return ""
-}
-
-func (x *CountInvalidAuthorizationsRequest) GetRange() *Range {
-	if x != nil {
-		return x.Range
-	}
-	return nil
-}
-
-type CountOrdersRequest struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	AccountID int64  `protobuf:"varint,1,opt,name=accountID,proto3" json:"accountID,omitempty"`
-	Range     *Range `protobuf:"bytes,2,opt,name=range,proto3" json:"range,omitempty"`
-}
-
-func (x *CountOrdersRequest) Reset() {
-	*x = CountOrdersRequest{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[15]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *CountOrdersRequest) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*CountOrdersRequest) ProtoMessage() {}
-
-func (x *CountOrdersRequest) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[15]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use CountOrdersRequest.ProtoReflect.Descriptor instead.
-func (*CountOrdersRequest) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{15}
-}
-
-func (x *CountOrdersRequest) GetAccountID() int64 {
-	if x != nil {
-		return x.AccountID
-	}
-	return 0
-}
-
-func (x *CountOrdersRequest) GetRange() *Range {
-	if x != nil {
-		return x.Range
-	}
-	return nil
-}
-
-type CountFQDNSetsRequest struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Window  int64    `protobuf:"varint,1,opt,name=window,proto3" json:"window,omitempty"`
-	Domains []string `protobuf:"bytes,2,rep,name=domains,proto3" json:"domains,omitempty"`
-}
-
-func (x *CountFQDNSetsRequest) Reset() {
-	*x = CountFQDNSetsRequest{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[16]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *CountFQDNSetsRequest) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*CountFQDNSetsRequest) ProtoMessage() {}
-
-func (x *CountFQDNSetsRequest) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[16]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use CountFQDNSetsRequest.ProtoReflect.Descriptor instead.
-func (*CountFQDNSetsRequest) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{16}
-}
-
-func (x *CountFQDNSetsRequest) GetWindow() int64 {
-	if x != nil {
-		return x.Window
-	}
-	return 0
-}
-
-func (x *CountFQDNSetsRequest) GetDomains() []string {
-	if x != nil {
-		return x.Domains
-	}
-	return nil
-}
-
-type FQDNSetExistsRequest struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Domains []string `protobuf:"bytes,1,rep,name=domains,proto3" json:"domains,omitempty"`
-}
-
-func (x *FQDNSetExistsRequest) Reset() {
-	*x = FQDNSetExistsRequest{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[17]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *FQDNSetExistsRequest) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*FQDNSetExistsRequest) ProtoMessage() {}
-
-func (x *FQDNSetExistsRequest) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[17]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use FQDNSetExistsRequest.ProtoReflect.Descriptor instead.
-func (*FQDNSetExistsRequest) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{17}
-}
-
-func (x *FQDNSetExistsRequest) GetDomains() []string {
-	if x != nil {
-		return x.Domains
-	}
-	return nil
-}
-
-type PreviousCertificateExistsRequest struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Domain string `protobuf:"bytes,1,opt,name=domain,proto3" json:"domain,omitempty"`
-	RegID  int64  `protobuf:"varint,2,opt,name=regID,proto3" json:"regID,omitempty"`
-}
-
-func (x *PreviousCertificateExistsRequest) Reset() {
-	*x = PreviousCertificateExistsRequest{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[18]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *PreviousCertificateExistsRequest) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*PreviousCertificateExistsRequest) ProtoMessage() {}
-
-func (x *PreviousCertificateExistsRequest) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[18]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use PreviousCertificateExistsRequest.ProtoReflect.Descriptor instead.
-func (*PreviousCertificateExistsRequest) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{18}
-}
-
-func (x *PreviousCertificateExistsRequest) GetDomain() string {
-	if x != nil {
-		return x.Domain
-	}
-	return ""
-}
-
-func (x *PreviousCertificateExistsRequest) GetRegID() int64 {
-	if x != nil {
-		return x.RegID
-	}
-	return 0
-}
-
-type Exists struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Exists bool `protobuf:"varint,1,opt,name=exists,proto3" json:"exists,omitempty"`
-}
-
-func (x *Exists) Reset() {
-	*x = Exists{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[19]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *Exists) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*Exists) ProtoMessage() {}
-
-func (x *Exists) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[19]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use Exists.ProtoReflect.Descriptor instead.
-func (*Exists) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{19}
-}
-
-func (x *Exists) GetExists() bool {
-	if x != nil {
-		return x.Exists
-	}
-	return false
-}
-
-type AddSerialRequest struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	RegID   int64  `protobuf:"varint,1,opt,name=regID,proto3" json:"regID,omitempty"`
-	Serial  string `protobuf:"bytes,2,opt,name=serial,proto3" json:"serial,omitempty"`
-	Created int64  `protobuf:"varint,3,opt,name=created,proto3" json:"created,omitempty"` // Unix timestamp (nanoseconds)
-	Expires int64  `protobuf:"varint,4,opt,name=expires,proto3" json:"expires,omitempty"` // Unix timestamp (nanoseconds)
-}
-
-func (x *AddSerialRequest) Reset() {
-	*x = AddSerialRequest{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[20]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *AddSerialRequest) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*AddSerialRequest) ProtoMessage() {}
-
-func (x *AddSerialRequest) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[20]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use AddSerialRequest.ProtoReflect.Descriptor instead.
-func (*AddSerialRequest) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{20}
-}
-
-func (x *AddSerialRequest) GetRegID() int64 {
-	if x != nil {
-		return x.RegID
-	}
-	return 0
-}
-
-func (x *AddSerialRequest) GetSerial() string {
-	if x != nil {
-		return x.Serial
-	}
-	return ""
-}
-
-func (x *AddSerialRequest) GetCreated() int64 {
-	if x != nil {
-		return x.Created
-	}
-	return 0
-}
-
-func (x *AddSerialRequest) GetExpires() int64 {
-	if x != nil {
-		return x.Expires
-	}
-	return 0
-}
-
-type AddCertificateRequest struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Der   []byte `protobuf:"bytes,1,opt,name=der,proto3" json:"der,omitempty"`
-	RegID int64  `protobuf:"varint,2,opt,name=regID,proto3" json:"regID,omitempty"`
-	// A signed OCSP response for the certificate contained in "der".
-	// Note: The certificate status in the OCSP response is assumed to be 0 (good).
-	Ocsp []byte `protobuf:"bytes,3,opt,name=ocsp,proto3" json:"ocsp,omitempty"`
-	// An issued time. When not present the SA defaults to using
-	// the current time. The orphan-finder uses this parameter to add
-	// certificates with the correct historic issued date
-	Issued   int64 `protobuf:"varint,4,opt,name=issued,proto3" json:"issued,omitempty"`
-	IssuerID int64 `protobuf:"varint,5,opt,name=issuerID,proto3" json:"issuerID,omitempty"`
-}
-
-func (x *AddCertificateRequest) Reset() {
-	*x = AddCertificateRequest{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[21]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *AddCertificateRequest) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*AddCertificateRequest) ProtoMessage() {}
-
-func (x *AddCertificateRequest) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[21]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use AddCertificateRequest.ProtoReflect.Descriptor instead.
-func (*AddCertificateRequest) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{21}
-}
-
-func (x *AddCertificateRequest) GetDer() []byte {
-	if x != nil {
-		return x.Der
-	}
-	return nil
-}
-
-func (x *AddCertificateRequest) GetRegID() int64 {
-	if x != nil {
-		return x.RegID
-	}
-	return 0
-}
-
-func (x *AddCertificateRequest) GetOcsp() []byte {
-	if x != nil {
-		return x.Ocsp
-	}
-	return nil
-}
-
-func (x *AddCertificateRequest) GetIssued() int64 {
-	if x != nil {
-		return x.Issued
-	}
-	return 0
-}
-
-func (x *AddCertificateRequest) GetIssuerID() int64 {
-	if x != nil {
-		return x.IssuerID
-	}
-	return 0
-}
-
-type AddCertificateResponse struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Digest string `protobuf:"bytes,1,opt,name=digest,proto3" json:"digest,omitempty"`
-}
-
-func (x *AddCertificateResponse) Reset() {
-	*x = AddCertificateResponse{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[22]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *AddCertificateResponse) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*AddCertificateResponse) ProtoMessage() {}
-
-func (x *AddCertificateResponse) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[22]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use AddCertificateResponse.ProtoReflect.Descriptor instead.
-func (*AddCertificateResponse) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{22}
-}
-
-func (x *AddCertificateResponse) GetDigest() string {
-	if x != nil {
-		return x.Digest
-	}
-	return ""
-}
-
-type OrderRequest struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Id int64 `protobuf:"varint,1,opt,name=id,proto3" json:"id,omitempty"`
-}
-
-func (x *OrderRequest) Reset() {
-	*x = OrderRequest{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[23]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *OrderRequest) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*OrderRequest) ProtoMessage() {}
-
-func (x *OrderRequest) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[23]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use OrderRequest.ProtoReflect.Descriptor instead.
-func (*OrderRequest) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{23}
-}
-
-func (x *OrderRequest) GetId() int64 {
-	if x != nil {
-		return x.Id
-	}
-	return 0
-}
-
-type NewOrderRequest struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	RegistrationID   int64    `protobuf:"varint,1,opt,name=registrationID,proto3" json:"registrationID,omitempty"`
-	Expires          int64    `protobuf:"varint,2,opt,name=expires,proto3" json:"expires,omitempty"`
-	Names            []string `protobuf:"bytes,3,rep,name=names,proto3" json:"names,omitempty"`
-	V2Authorizations []int64  `protobuf:"varint,4,rep,packed,name=v2Authorizations,proto3" json:"v2Authorizations,omitempty"`
-}
-
-func (x *NewOrderRequest) Reset() {
-	*x = NewOrderRequest{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[24]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *NewOrderRequest) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*NewOrderRequest) ProtoMessage() {}
-
-func (x *NewOrderRequest) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[24]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use NewOrderRequest.ProtoReflect.Descriptor instead.
-func (*NewOrderRequest) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{24}
-}
-
-func (x *NewOrderRequest) GetRegistrationID() int64 {
-	if x != nil {
-		return x.RegistrationID
-	}
-	return 0
-}
-
-func (x *NewOrderRequest) GetExpires() int64 {
-	if x != nil {
-		return x.Expires
-	}
-	return 0
-}
-
-func (x *NewOrderRequest) GetNames() []string {
-	if x != nil {
-		return x.Names
-	}
-	return nil
-}
-
-func (x *NewOrderRequest) GetV2Authorizations() []int64 {
-	if x != nil {
-		return x.V2Authorizations
-	}
-	return nil
-}
-
-type NewOrderAndAuthzsRequest struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	NewOrder  *NewOrderRequest       `protobuf:"bytes,1,opt,name=newOrder,proto3" json:"newOrder,omitempty"`
-	NewAuthzs []*proto.Authorization `protobuf:"bytes,2,rep,name=newAuthzs,proto3" json:"newAuthzs,omitempty"`
-}
-
-func (x *NewOrderAndAuthzsRequest) Reset() {
-	*x = NewOrderAndAuthzsRequest{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[25]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *NewOrderAndAuthzsRequest) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*NewOrderAndAuthzsRequest) ProtoMessage() {}
-
-func (x *NewOrderAndAuthzsRequest) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[25]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use NewOrderAndAuthzsRequest.ProtoReflect.Descriptor instead.
-func (*NewOrderAndAuthzsRequest) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{25}
-}
-
-func (x *NewOrderAndAuthzsRequest) GetNewOrder() *NewOrderRequest {
-	if x != nil {
-		return x.NewOrder
-	}
-	return nil
-}
-
-func (x *NewOrderAndAuthzsRequest) GetNewAuthzs() []*proto.Authorization {
-	if x != nil {
-		return x.NewAuthzs
-	}
-	return nil
-}
-
-type SetOrderErrorRequest struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Id    int64                 `protobuf:"varint,1,opt,name=id,proto3" json:"id,omitempty"`
-	Error *proto.ProblemDetails `protobuf:"bytes,2,opt,name=error,proto3" json:"error,omitempty"`
-}
-
-func (x *SetOrderErrorRequest) Reset() {
-	*x = SetOrderErrorRequest{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[26]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *SetOrderErrorRequest) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*SetOrderErrorRequest) ProtoMessage() {}
-
-func (x *SetOrderErrorRequest) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[26]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use SetOrderErrorRequest.ProtoReflect.Descriptor instead.
-func (*SetOrderErrorRequest) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{26}
-}
-
-func (x *SetOrderErrorRequest) GetId() int64 {
-	if x != nil {
-		return x.Id
-	}
-	return 0
-}
-
-func (x *SetOrderErrorRequest) GetError() *proto.ProblemDetails {
-	if x != nil {
-		return x.Error
-	}
-	return nil
-}
-
-type GetValidOrderAuthorizationsRequest struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Id     int64 `protobuf:"varint,1,opt,name=id,proto3" json:"id,omitempty"`
-	AcctID int64 `protobuf:"varint,2,opt,name=acctID,proto3" json:"acctID,omitempty"`
-}
-
-func (x *GetValidOrderAuthorizationsRequest) Reset() {
-	*x = GetValidOrderAuthorizationsRequest{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[27]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *GetValidOrderAuthorizationsRequest) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*GetValidOrderAuthorizationsRequest) ProtoMessage() {}
-
-func (x *GetValidOrderAuthorizationsRequest) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[27]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use GetValidOrderAuthorizationsRequest.ProtoReflect.Descriptor instead.
-func (*GetValidOrderAuthorizationsRequest) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{27}
-}
-
-func (x *GetValidOrderAuthorizationsRequest) GetId() int64 {
-	if x != nil {
-		return x.Id
-	}
-	return 0
-}
-
-func (x *GetValidOrderAuthorizationsRequest) GetAcctID() int64 {
-	if x != nil {
-		return x.AcctID
-	}
-	return 0
-}
-
-type GetOrderForNamesRequest struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	AcctID int64    `protobuf:"varint,1,opt,name=acctID,proto3" json:"acctID,omitempty"`
-	Names  []string `protobuf:"bytes,2,rep,name=names,proto3" json:"names,omitempty"`
-}
-
-func (x *GetOrderForNamesRequest) Reset() {
-	*x = GetOrderForNamesRequest{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[28]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *GetOrderForNamesRequest) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*GetOrderForNamesRequest) ProtoMessage() {}
-
-func (x *GetOrderForNamesRequest) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[28]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use GetOrderForNamesRequest.ProtoReflect.Descriptor instead.
-func (*GetOrderForNamesRequest) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{28}
-}
-
-func (x *GetOrderForNamesRequest) GetAcctID() int64 {
-	if x != nil {
-		return x.AcctID
-	}
-	return 0
-}
-
-func (x *GetOrderForNamesRequest) GetNames() []string {
-	if x != nil {
-		return x.Names
-	}
-	return nil
-}
-
-type FinalizeOrderRequest struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Id                int64  `protobuf:"varint,1,opt,name=id,proto3" json:"id,omitempty"`
-	CertificateSerial string `protobuf:"bytes,2,opt,name=certificateSerial,proto3" json:"certificateSerial,omitempty"`
-}
-
-func (x *FinalizeOrderRequest) Reset() {
-	*x = FinalizeOrderRequest{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[29]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *FinalizeOrderRequest) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*FinalizeOrderRequest) ProtoMessage() {}
-
-func (x *FinalizeOrderRequest) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[29]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use FinalizeOrderRequest.ProtoReflect.Descriptor instead.
-func (*FinalizeOrderRequest) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{29}
-}
-
-func (x *FinalizeOrderRequest) GetId() int64 {
-	if x != nil {
-		return x.Id
-	}
-	return 0
-}
-
-func (x *FinalizeOrderRequest) GetCertificateSerial() string {
-	if x != nil {
-		return x.CertificateSerial
-	}
-	return ""
-}
-
-type GetAuthorizationsRequest struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	RegistrationID int64    `protobuf:"varint,1,opt,name=registrationID,proto3" json:"registrationID,omitempty"`
-	Domains        []string `protobuf:"bytes,2,rep,name=domains,proto3" json:"domains,omitempty"`
-	Now            int64    `protobuf:"varint,3,opt,name=now,proto3" json:"now,omitempty"` // Unix timestamp (nanoseconds)
-}
-
-func (x *GetAuthorizationsRequest) Reset() {
-	*x = GetAuthorizationsRequest{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[30]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *GetAuthorizationsRequest) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*GetAuthorizationsRequest) ProtoMessage() {}
-
-func (x *GetAuthorizationsRequest) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[30]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use GetAuthorizationsRequest.ProtoReflect.Descriptor instead.
-func (*GetAuthorizationsRequest) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{30}
-}
-
-func (x *GetAuthorizationsRequest) GetRegistrationID() int64 {
-	if x != nil {
-		return x.RegistrationID
-	}
-	return 0
-}
-
-func (x *GetAuthorizationsRequest) GetDomains() []string {
-	if x != nil {
-		return x.Domains
-	}
-	return nil
-}
-
-func (x *GetAuthorizationsRequest) GetNow() int64 {
-	if x != nil {
-		return x.Now
-	}
-	return 0
-}
-
-type Authorizations struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Authz []*Authorizations_MapElement `protobuf:"bytes,1,rep,name=authz,proto3" json:"authz,omitempty"`
-}
-
-func (x *Authorizations) Reset() {
-	*x = Authorizations{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[31]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *Authorizations) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*Authorizations) ProtoMessage() {}
-
-func (x *Authorizations) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[31]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use Authorizations.ProtoReflect.Descriptor instead.
-func (*Authorizations) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{31}
-}
-
-func (x *Authorizations) GetAuthz() []*Authorizations_MapElement {
-	if x != nil {
-		return x.Authz
-	}
-	return nil
-}
-
-type AddPendingAuthorizationsRequest struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Authz []*proto.Authorization `protobuf:"bytes,1,rep,name=authz,proto3" json:"authz,omitempty"`
-}
-
-func (x *AddPendingAuthorizationsRequest) Reset() {
-	*x = AddPendingAuthorizationsRequest{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[32]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *AddPendingAuthorizationsRequest) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*AddPendingAuthorizationsRequest) ProtoMessage() {}
-
-func (x *AddPendingAuthorizationsRequest) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[32]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use AddPendingAuthorizationsRequest.ProtoReflect.Descriptor instead.
-func (*AddPendingAuthorizationsRequest) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{32}
-}
-
-func (x *AddPendingAuthorizationsRequest) GetAuthz() []*proto.Authorization {
-	if x != nil {
-		return x.Authz
-	}
-	return nil
-}
-
-type AuthorizationIDs struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Ids []string `protobuf:"bytes,1,rep,name=ids,proto3" json:"ids,omitempty"`
-}
-
-func (x *AuthorizationIDs) Reset() {
-	*x = AuthorizationIDs{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[33]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *AuthorizationIDs) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*AuthorizationIDs) ProtoMessage() {}
-
-func (x *AuthorizationIDs) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[33]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use AuthorizationIDs.ProtoReflect.Descriptor instead.
-func (*AuthorizationIDs) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{33}
-}
-
-func (x *AuthorizationIDs) GetIds() []string {
-	if x != nil {
-		return x.Ids
-	}
-	return nil
-}
-
-type AuthorizationID2 struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Id int64 `protobuf:"varint,1,opt,name=id,proto3" json:"id,omitempty"`
-}
-
-func (x *AuthorizationID2) Reset() {
-	*x = AuthorizationID2{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[34]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *AuthorizationID2) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*AuthorizationID2) ProtoMessage() {}
-
-func (x *AuthorizationID2) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[34]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use AuthorizationID2.ProtoReflect.Descriptor instead.
-func (*AuthorizationID2) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{34}
-}
-
-func (x *AuthorizationID2) GetId() int64 {
-	if x != nil {
-		return x.Id
-	}
-	return 0
-}
-
-type Authorization2IDs struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Ids []int64 `protobuf:"varint,1,rep,packed,name=ids,proto3" json:"ids,omitempty"`
-}
-
-func (x *Authorization2IDs) Reset() {
-	*x = Authorization2IDs{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[35]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *Authorization2IDs) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*Authorization2IDs) ProtoMessage() {}
-
-func (x *Authorization2IDs) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[35]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use Authorization2IDs.ProtoReflect.Descriptor instead.
-func (*Authorization2IDs) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{35}
-}
-
-func (x *Authorization2IDs) GetIds() []int64 {
-	if x != nil {
-		return x.Ids
-	}
-	return nil
-}
-
-type RevokeCertificateRequest struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Serial   string `protobuf:"bytes,1,opt,name=serial,proto3" json:"serial,omitempty"`
-	Reason   int64  `protobuf:"varint,2,opt,name=reason,proto3" json:"reason,omitempty"`
-	Date     int64  `protobuf:"varint,3,opt,name=date,proto3" json:"date,omitempty"`         // Unix timestamp (nanoseconds)
-	Backdate int64  `protobuf:"varint,5,opt,name=backdate,proto3" json:"backdate,omitempty"` // Unix timestamp (nanoseconds)
-	Response []byte `protobuf:"bytes,4,opt,name=response,proto3" json:"response,omitempty"`
-	IssuerID int64  `protobuf:"varint,6,opt,name=issuerID,proto3" json:"issuerID,omitempty"`
-}
-
-func (x *RevokeCertificateRequest) Reset() {
-	*x = RevokeCertificateRequest{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[36]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *RevokeCertificateRequest) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*RevokeCertificateRequest) ProtoMessage() {}
-
-func (x *RevokeCertificateRequest) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[36]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use RevokeCertificateRequest.ProtoReflect.Descriptor instead.
-func (*RevokeCertificateRequest) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{36}
-}
-
-func (x *RevokeCertificateRequest) GetSerial() string {
-	if x != nil {
-		return x.Serial
-	}
-	return ""
-}
-
-func (x *RevokeCertificateRequest) GetReason() int64 {
-	if x != nil {
-		return x.Reason
-	}
-	return 0
-}
-
-func (x *RevokeCertificateRequest) GetDate() int64 {
-	if x != nil {
-		return x.Date
-	}
-	return 0
-}
-
-func (x *RevokeCertificateRequest) GetBackdate() int64 {
-	if x != nil {
-		return x.Backdate
-	}
-	return 0
-}
-
-func (x *RevokeCertificateRequest) GetResponse() []byte {
-	if x != nil {
-		return x.Response
-	}
-	return nil
-}
-
-func (x *RevokeCertificateRequest) GetIssuerID() int64 {
-	if x != nil {
-		return x.IssuerID
-	}
-	return 0
-}
-
-type FinalizeAuthorizationRequest struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Id                int64                     `protobuf:"varint,1,opt,name=id,proto3" json:"id,omitempty"`
-	Status            string                    `protobuf:"bytes,2,opt,name=status,proto3" json:"status,omitempty"`
-	Expires           int64                     `protobuf:"varint,3,opt,name=expires,proto3" json:"expires,omitempty"` // Unix timestamp (nanoseconds)
-	Attempted         string                    `protobuf:"bytes,4,opt,name=attempted,proto3" json:"attempted,omitempty"`
-	ValidationRecords []*proto.ValidationRecord `protobuf:"bytes,5,rep,name=validationRecords,proto3" json:"validationRecords,omitempty"`
-	ValidationError   *proto.ProblemDetails     `protobuf:"bytes,6,opt,name=validationError,proto3" json:"validationError,omitempty"`
-	AttemptedAt       int64                     `protobuf:"varint,7,opt,name=attemptedAt,proto3" json:"attemptedAt,omitempty"` // Unix timestamp (nanoseconds)
-}
-
-func (x *FinalizeAuthorizationRequest) Reset() {
-	*x = FinalizeAuthorizationRequest{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[37]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *FinalizeAuthorizationRequest) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*FinalizeAuthorizationRequest) ProtoMessage() {}
-
-func (x *FinalizeAuthorizationRequest) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[37]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use FinalizeAuthorizationRequest.ProtoReflect.Descriptor instead.
-func (*FinalizeAuthorizationRequest) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{37}
-}
-
-func (x *FinalizeAuthorizationRequest) GetId() int64 {
-	if x != nil {
-		return x.Id
-	}
-	return 0
-}
-
-func (x *FinalizeAuthorizationRequest) GetStatus() string {
-	if x != nil {
-		return x.Status
-	}
-	return ""
-}
-
-func (x *FinalizeAuthorizationRequest) GetExpires() int64 {
-	if x != nil {
-		return x.Expires
-	}
-	return 0
-}
-
-func (x *FinalizeAuthorizationRequest) GetAttempted() string {
-	if x != nil {
-		return x.Attempted
-	}
-	return ""
-}
-
-func (x *FinalizeAuthorizationRequest) GetValidationRecords() []*proto.ValidationRecord {
-	if x != nil {
-		return x.ValidationRecords
-	}
-	return nil
-}
-
-func (x *FinalizeAuthorizationRequest) GetValidationError() *proto.ProblemDetails {
-	if x != nil {
-		return x.ValidationError
-	}
-	return nil
-}
-
-func (x *FinalizeAuthorizationRequest) GetAttemptedAt() int64 {
-	if x != nil {
-		return x.AttemptedAt
-	}
-	return 0
-}
-
-type AddBlockedKeyRequest struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	KeyHash   []byte `protobuf:"bytes,1,opt,name=keyHash,proto3" json:"keyHash,omitempty"`
-	Added     int64  `protobuf:"varint,2,opt,name=added,proto3" json:"added,omitempty"` // Unix timestamp (nanoseconds)
-	Source    string `protobuf:"bytes,3,opt,name=source,proto3" json:"source,omitempty"`
-	Comment   string `protobuf:"bytes,4,opt,name=comment,proto3" json:"comment,omitempty"`
-	RevokedBy int64  `protobuf:"varint,5,opt,name=revokedBy,proto3" json:"revokedBy,omitempty"`
-}
-
-func (x *AddBlockedKeyRequest) Reset() {
-	*x = AddBlockedKeyRequest{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[38]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *AddBlockedKeyRequest) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*AddBlockedKeyRequest) ProtoMessage() {}
-
-func (x *AddBlockedKeyRequest) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[38]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use AddBlockedKeyRequest.ProtoReflect.Descriptor instead.
-func (*AddBlockedKeyRequest) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{38}
-}
-
-func (x *AddBlockedKeyRequest) GetKeyHash() []byte {
-	if x != nil {
-		return x.KeyHash
-	}
-	return nil
-}
-
-func (x *AddBlockedKeyRequest) GetAdded() int64 {
-	if x != nil {
-		return x.Added
-	}
-	return 0
-}
-
-func (x *AddBlockedKeyRequest) GetSource() string {
-	if x != nil {
-		return x.Source
-	}
-	return ""
-}
-
-func (x *AddBlockedKeyRequest) GetComment() string {
-	if x != nil {
-		return x.Comment
-	}
-	return ""
-}
-
-func (x *AddBlockedKeyRequest) GetRevokedBy() int64 {
-	if x != nil {
-		return x.RevokedBy
-	}
-	return 0
-}
-
-type KeyBlockedRequest struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	KeyHash []byte `protobuf:"bytes,1,opt,name=keyHash,proto3" json:"keyHash,omitempty"`
-}
-
-func (x *KeyBlockedRequest) Reset() {
-	*x = KeyBlockedRequest{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[39]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *KeyBlockedRequest) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*KeyBlockedRequest) ProtoMessage() {}
-
-func (x *KeyBlockedRequest) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[39]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use KeyBlockedRequest.ProtoReflect.Descriptor instead.
-func (*KeyBlockedRequest) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{39}
-}
-
-func (x *KeyBlockedRequest) GetKeyHash() []byte {
-	if x != nil {
-		return x.KeyHash
-	}
-	return nil
-}
-
-type Incident struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Id          int64  `protobuf:"varint,1,opt,name=id,proto3" json:"id,omitempty"`
-	SerialTable string `protobuf:"bytes,2,opt,name=serialTable,proto3" json:"serialTable,omitempty"`
-	Url         string `protobuf:"bytes,3,opt,name=url,proto3" json:"url,omitempty"`
-	RenewBy     int64  `protobuf:"varint,4,opt,name=renewBy,proto3" json:"renewBy,omitempty"` // Unix timestamp (nanoseconds)
-	Enabled     bool   `protobuf:"varint,5,opt,name=enabled,proto3" json:"enabled,omitempty"`
-}
-
-func (x *Incident) Reset() {
-	*x = Incident{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[40]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *Incident) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*Incident) ProtoMessage() {}
-
-func (x *Incident) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[40]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use Incident.ProtoReflect.Descriptor instead.
-func (*Incident) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{40}
-}
-
-func (x *Incident) GetId() int64 {
-	if x != nil {
-		return x.Id
-	}
-	return 0
-}
-
-func (x *Incident) GetSerialTable() string {
-	if x != nil {
-		return x.SerialTable
-	}
-	return ""
-}
-
-func (x *Incident) GetUrl() string {
-	if x != nil {
-		return x.Url
-	}
-	return ""
-}
-
-func (x *Incident) GetRenewBy() int64 {
-	if x != nil {
-		return x.RenewBy
-	}
-	return 0
-}
-
-func (x *Incident) GetEnabled() bool {
-	if x != nil {
-		return x.Enabled
-	}
-	return false
-}
-
-type Incidents struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Incidents []*Incident `protobuf:"bytes,1,rep,name=incidents,proto3" json:"incidents,omitempty"`
-}
-
-func (x *Incidents) Reset() {
-	*x = Incidents{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[41]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *Incidents) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*Incidents) ProtoMessage() {}
-
-func (x *Incidents) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[41]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use Incidents.ProtoReflect.Descriptor instead.
-func (*Incidents) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{41}
-}
-
-func (x *Incidents) GetIncidents() []*Incident {
-	if x != nil {
-		return x.Incidents
-	}
-	return nil
-}
-
-type SerialsForIncidentRequest struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	IncidentTable string `protobuf:"bytes,1,opt,name=incidentTable,proto3" json:"incidentTable,omitempty"`
-}
-
-func (x *SerialsForIncidentRequest) Reset() {
-	*x = SerialsForIncidentRequest{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[42]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *SerialsForIncidentRequest) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*SerialsForIncidentRequest) ProtoMessage() {}
-
-func (x *SerialsForIncidentRequest) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[42]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use SerialsForIncidentRequest.ProtoReflect.Descriptor instead.
-func (*SerialsForIncidentRequest) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{42}
-}
-
-func (x *SerialsForIncidentRequest) GetIncidentTable() string {
-	if x != nil {
-		return x.IncidentTable
-	}
-	return ""
-}
-
-type IncidentSerial struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Serial         string `protobuf:"bytes,1,opt,name=serial,proto3" json:"serial,omitempty"`
-	RegistrationID int64  `protobuf:"varint,2,opt,name=registrationID,proto3" json:"registrationID,omitempty"`
-	OrderID        int64  `protobuf:"varint,3,opt,name=orderID,proto3" json:"orderID,omitempty"`
-	LastNoticeSent int64  `protobuf:"varint,4,opt,name=lastNoticeSent,proto3" json:"lastNoticeSent,omitempty"` // Unix timestamp (nanoseconds)
-}
-
-func (x *IncidentSerial) Reset() {
-	*x = IncidentSerial{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[43]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *IncidentSerial) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*IncidentSerial) ProtoMessage() {}
-
-func (x *IncidentSerial) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[43]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use IncidentSerial.ProtoReflect.Descriptor instead.
-func (*IncidentSerial) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{43}
-}
-
-func (x *IncidentSerial) GetSerial() string {
-	if x != nil {
-		return x.Serial
-	}
-	return ""
-}
-
-func (x *IncidentSerial) GetRegistrationID() int64 {
-	if x != nil {
-		return x.RegistrationID
-	}
-	return 0
-}
-
-func (x *IncidentSerial) GetOrderID() int64 {
-	if x != nil {
-		return x.OrderID
-	}
-	return 0
-}
-
-func (x *IncidentSerial) GetLastNoticeSent() int64 {
-	if x != nil {
-		return x.LastNoticeSent
-	}
-	return 0
-}
-
-type GetRevokedCertsRequest struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	IssuerNameID  int64 `protobuf:"varint,1,opt,name=issuerNameID,proto3" json:"issuerNameID,omitempty"`
-	ExpiresAfter  int64 `protobuf:"varint,2,opt,name=expiresAfter,proto3" json:"expiresAfter,omitempty"`   // Unix timestamp (nanoseconds), inclusive
-	ExpiresBefore int64 `protobuf:"varint,3,opt,name=expiresBefore,proto3" json:"expiresBefore,omitempty"` // Unix timestamp (nanoseconds), exclusive
-	RevokedBefore int64 `protobuf:"varint,4,opt,name=revokedBefore,proto3" json:"revokedBefore,omitempty"` // Unix timestamp (nanoseconds)
-}
-
-func (x *GetRevokedCertsRequest) Reset() {
-	*x = GetRevokedCertsRequest{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[44]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *GetRevokedCertsRequest) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*GetRevokedCertsRequest) ProtoMessage() {}
-
-func (x *GetRevokedCertsRequest) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[44]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use GetRevokedCertsRequest.ProtoReflect.Descriptor instead.
-func (*GetRevokedCertsRequest) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{44}
-}
-
-func (x *GetRevokedCertsRequest) GetIssuerNameID() int64 {
-	if x != nil {
-		return x.IssuerNameID
-	}
-	return 0
-}
-
-func (x *GetRevokedCertsRequest) GetExpiresAfter() int64 {
-	if x != nil {
-		return x.ExpiresAfter
-	}
-	return 0
-}
-
-func (x *GetRevokedCertsRequest) GetExpiresBefore() int64 {
-	if x != nil {
-		return x.ExpiresBefore
-	}
-	return 0
-}
-
-func (x *GetRevokedCertsRequest) GetRevokedBefore() int64 {
-	if x != nil {
-		return x.RevokedBefore
-	}
-	return 0
-}
-
-type RevocationStatus struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Status        int64                  `protobuf:"varint,1,opt,name=status,proto3" json:"status,omitempty"`
-	RevokedReason int64                  `protobuf:"varint,2,opt,name=revokedReason,proto3" json:"revokedReason,omitempty"`
-	RevokedDate   *timestamppb.Timestamp `protobuf:"bytes,3,opt,name=revokedDate,proto3" json:"revokedDate,omitempty"` // Unix timestamp (nanoseconds)
-}
-
-func (x *RevocationStatus) Reset() {
-	*x = RevocationStatus{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[45]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *RevocationStatus) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*RevocationStatus) ProtoMessage() {}
-
-func (x *RevocationStatus) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[45]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use RevocationStatus.ProtoReflect.Descriptor instead.
-func (*RevocationStatus) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{45}
-}
-
-func (x *RevocationStatus) GetStatus() int64 {
-	if x != nil {
-		return x.Status
-	}
-	return 0
-}
-
-func (x *RevocationStatus) GetRevokedReason() int64 {
-	if x != nil {
-		return x.RevokedReason
-	}
-	return 0
-}
-
-func (x *RevocationStatus) GetRevokedDate() *timestamppb.Timestamp {
-	if x != nil {
-		return x.RevokedDate
-	}
-	return nil
-}
-
-type ValidAuthorizations_MapElement struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Domain string               `protobuf:"bytes,1,opt,name=domain,proto3" json:"domain,omitempty"`
-	Authz  *proto.Authorization `protobuf:"bytes,2,opt,name=authz,proto3" json:"authz,omitempty"`
-}
-
-func (x *ValidAuthorizations_MapElement) Reset() {
-	*x = ValidAuthorizations_MapElement{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[46]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *ValidAuthorizations_MapElement) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*ValidAuthorizations_MapElement) ProtoMessage() {}
-
-func (x *ValidAuthorizations_MapElement) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[46]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use ValidAuthorizations_MapElement.ProtoReflect.Descriptor instead.
-func (*ValidAuthorizations_MapElement) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{5, 0}
-}
-
-func (x *ValidAuthorizations_MapElement) GetDomain() string {
-	if x != nil {
-		return x.Domain
-	}
-	return ""
-}
-
-func (x *ValidAuthorizations_MapElement) GetAuthz() *proto.Authorization {
-	if x != nil {
-		return x.Authz
-	}
-	return nil
-}
-
-type Authorizations_MapElement struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Domain string               `protobuf:"bytes,1,opt,name=domain,proto3" json:"domain,omitempty"`
-	Authz  *proto.Authorization `protobuf:"bytes,2,opt,name=authz,proto3" json:"authz,omitempty"`
-}
-
-func (x *Authorizations_MapElement) Reset() {
-	*x = Authorizations_MapElement{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[48]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *Authorizations_MapElement) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*Authorizations_MapElement) ProtoMessage() {}
-
-func (x *Authorizations_MapElement) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[48]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use Authorizations_MapElement.ProtoReflect.Descriptor instead.
-func (*Authorizations_MapElement) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{31, 0}
-}
-
-func (x *Authorizations_MapElement) GetDomain() string {
-	if x != nil {
-		return x.Domain
-	}
-	return ""
-}
-
-func (x *Authorizations_MapElement) GetAuthz() *proto.Authorization {
-	if x != nil {
-		return x.Authz
-	}
-	return nil
-}
-
-var File_sa_proto protoreflect.FileDescriptor
-
-var file_sa_proto_rawDesc = []byte{
-	0x0a, 0x08, 0x73, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x02, 0x73, 0x61, 0x1a, 0x15,
-	0x63, 0x6f, 0x72, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x63, 0x6f, 0x72, 0x65, 0x2e,
-	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1b, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72,
-	0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x65, 0x6d, 0x70, 0x74, 0x79, 0x2e, 0x70, 0x72, 0x6f,
-	0x74, 0x6f, 0x1a, 0x1f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f,
-	0x62, 0x75, 0x66, 0x2f, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x2e, 0x70, 0x72,
-	0x6f, 0x74, 0x6f, 0x22, 0x20, 0x0a, 0x0e, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74,
-	0x69, 0x6f, 0x6e, 0x49, 0x44, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28,
-	0x03, 0x52, 0x02, 0x69, 0x64, 0x22, 0x1e, 0x0a, 0x0a, 0x4a, 0x53, 0x4f, 0x4e, 0x57, 0x65, 0x62,
-	0x4b, 0x65, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6a, 0x77, 0x6b, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c,
-	0x52, 0x03, 0x6a, 0x77, 0x6b, 0x22, 0x21, 0x0a, 0x0f, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69,
-	0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01,
-	0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x69, 0x64, 0x22, 0xba, 0x01, 0x0a, 0x1e, 0x47, 0x65, 0x74,
-	0x50, 0x65, 0x6e, 0x64, 0x69, 0x6e, 0x67, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61,
-	0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x26, 0x0a, 0x0e, 0x72,
-	0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x18, 0x01, 0x20,
-	0x01, 0x28, 0x03, 0x52, 0x0e, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f,
-	0x6e, 0x49, 0x44, 0x12, 0x26, 0x0a, 0x0e, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x66, 0x69, 0x65,
-	0x72, 0x54, 0x79, 0x70, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x69, 0x64, 0x65,
-	0x6e, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x54, 0x79, 0x70, 0x65, 0x12, 0x28, 0x0a, 0x0f, 0x69,
-	0x64, 0x65, 0x6e, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x03,
-	0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72,
-	0x56, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x1e, 0x0a, 0x0a, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x55, 0x6e,
-	0x74, 0x69, 0x6c, 0x18, 0x04, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0a, 0x76, 0x61, 0x6c, 0x69, 0x64,
-	0x55, 0x6e, 0x74, 0x69, 0x6c, 0x22, 0x73, 0x0a, 0x1d, 0x47, 0x65, 0x74, 0x56, 0x61, 0x6c, 0x69,
-	0x64, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52,
-	0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x26, 0x0a, 0x0e, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74,
-	0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0e,
-	0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x12, 0x18,
-	0x0a, 0x07, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52,
-	0x07, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x73, 0x12, 0x10, 0x0a, 0x03, 0x6e, 0x6f, 0x77, 0x18,
-	0x03, 0x20, 0x01, 0x28, 0x03, 0x52, 0x03, 0x6e, 0x6f, 0x77, 0x22, 0xa0, 0x01, 0x0a, 0x13, 0x56,
-	0x61, 0x6c, 0x69, 0x64, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f,
-	0x6e, 0x73, 0x12, 0x38, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x18, 0x01, 0x20, 0x03, 0x28,
-	0x0b, 0x32, 0x22, 0x2e, 0x73, 0x61, 0x2e, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x41, 0x75, 0x74, 0x68,
-	0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x4d, 0x61, 0x70, 0x45, 0x6c,
-	0x65, 0x6d, 0x65, 0x6e, 0x74, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x1a, 0x4f, 0x0a, 0x0a,
-	0x4d, 0x61, 0x70, 0x45, 0x6c, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x64, 0x6f,
-	0x6d, 0x61, 0x69, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x64, 0x6f, 0x6d, 0x61,
-	0x69, 0x6e, 0x12, 0x29, 0x0a, 0x05, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x18, 0x02, 0x20, 0x01, 0x28,
-	0x0b, 0x32, 0x13, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69,
-	0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x05, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x22, 0x20, 0x0a,
-	0x06, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x65, 0x72, 0x69, 0x61,
-	0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x22,
-	0x84, 0x01, 0x0a, 0x0e, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61,
-	0x74, 0x61, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x18, 0x01, 0x20, 0x01,
-	0x28, 0x09, 0x52, 0x06, 0x73, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x12, 0x26, 0x0a, 0x0e, 0x72, 0x65,
-	0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x18, 0x02, 0x20, 0x01,
-	0x28, 0x03, 0x52, 0x0e, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e,
-	0x49, 0x44, 0x12, 0x18, 0x0a, 0x07, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x64, 0x18, 0x03, 0x20,
-	0x01, 0x28, 0x03, 0x52, 0x07, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x64, 0x12, 0x18, 0x0a, 0x07,
-	0x65, 0x78, 0x70, 0x69, 0x72, 0x65, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x03, 0x52, 0x07, 0x65,
-	0x78, 0x70, 0x69, 0x72, 0x65, 0x73, 0x22, 0x3b, 0x0a, 0x05, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x12,
-	0x1a, 0x0a, 0x08, 0x65, 0x61, 0x72, 0x6c, 0x69, 0x65, 0x73, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28,
-	0x03, 0x52, 0x08, 0x65, 0x61, 0x72, 0x6c, 0x69, 0x65, 0x73, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x6c,
-	0x61, 0x74, 0x65, 0x73, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x03, 0x52, 0x06, 0x6c, 0x61, 0x74,
-	0x65, 0x73, 0x74, 0x22, 0x1d, 0x0a, 0x05, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x12, 0x14, 0x0a, 0x05,
-	0x63, 0x6f, 0x75, 0x6e, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x05, 0x63, 0x6f, 0x75,
-	0x6e, 0x74, 0x22, 0x2c, 0x0a, 0x0a, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x73,
-	0x12, 0x1e, 0x0a, 0x0a, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x73, 0x18, 0x01,
-	0x20, 0x03, 0x28, 0x03, 0x52, 0x0a, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x73,
-	0x22, 0x58, 0x0a, 0x1f, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69,
-	0x63, 0x61, 0x74, 0x65, 0x73, 0x42, 0x79, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75,
-	0x65, 0x73, 0x74, 0x12, 0x1f, 0x0a, 0x05, 0x72, 0x61, 0x6e, 0x67, 0x65, 0x18, 0x01, 0x20, 0x01,
-	0x28, 0x0b, 0x32, 0x09, 0x2e, 0x73, 0x61, 0x2e, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x52, 0x05, 0x72,
-	0x61, 0x6e, 0x67, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x18, 0x02, 0x20,
-	0x03, 0x28, 0x09, 0x52, 0x05, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x22, 0xb7, 0x01, 0x0a, 0x0c, 0x43,
-	0x6f, 0x75, 0x6e, 0x74, 0x42, 0x79, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x12, 0x34, 0x0a, 0x06, 0x63,
-	0x6f, 0x75, 0x6e, 0x74, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x73, 0x61,
-	0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x42, 0x79, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x2e, 0x43, 0x6f,
-	0x75, 0x6e, 0x74, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x06, 0x63, 0x6f, 0x75, 0x6e, 0x74,
-	0x73, 0x12, 0x36, 0x0a, 0x08, 0x65, 0x61, 0x72, 0x6c, 0x69, 0x65, 0x73, 0x74, 0x18, 0x02, 0x20,
-	0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f,
-	0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52,
-	0x08, 0x65, 0x61, 0x72, 0x6c, 0x69, 0x65, 0x73, 0x74, 0x1a, 0x39, 0x0a, 0x0b, 0x43, 0x6f, 0x75,
-	0x6e, 0x74, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18,
-	0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61,
-	0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x03, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65,
-	0x3a, 0x02, 0x38, 0x01, 0x22, 0x50, 0x0a, 0x1d, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x52, 0x65, 0x67,
-	0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x42, 0x79, 0x49, 0x50, 0x52, 0x65,
-	0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x70, 0x18, 0x01, 0x20, 0x01, 0x28,
-	0x0c, 0x52, 0x02, 0x69, 0x70, 0x12, 0x1f, 0x0a, 0x05, 0x72, 0x61, 0x6e, 0x67, 0x65, 0x18, 0x02,
-	0x20, 0x01, 0x28, 0x0b, 0x32, 0x09, 0x2e, 0x73, 0x61, 0x2e, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x52,
-	0x05, 0x72, 0x61, 0x6e, 0x67, 0x65, 0x22, 0x88, 0x01, 0x0a, 0x21, 0x43, 0x6f, 0x75, 0x6e, 0x74,
-	0x49, 0x6e, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61,
-	0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x26, 0x0a, 0x0e,
-	0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x18, 0x01,
-	0x20, 0x01, 0x28, 0x03, 0x52, 0x0e, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69,
-	0x6f, 0x6e, 0x49, 0x44, 0x12, 0x1a, 0x0a, 0x08, 0x68, 0x6f, 0x73, 0x74, 0x6e, 0x61, 0x6d, 0x65,
-	0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x68, 0x6f, 0x73, 0x74, 0x6e, 0x61, 0x6d, 0x65,
-	0x12, 0x1f, 0x0a, 0x05, 0x72, 0x61, 0x6e, 0x67, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32,
-	0x09, 0x2e, 0x73, 0x61, 0x2e, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x52, 0x05, 0x72, 0x61, 0x6e, 0x67,
-	0x65, 0x22, 0x53, 0x0a, 0x12, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x73,
-	0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x1c, 0x0a, 0x09, 0x61, 0x63, 0x63, 0x6f, 0x75,
-	0x6e, 0x74, 0x49, 0x44, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x09, 0x61, 0x63, 0x63, 0x6f,
-	0x75, 0x6e, 0x74, 0x49, 0x44, 0x12, 0x1f, 0x0a, 0x05, 0x72, 0x61, 0x6e, 0x67, 0x65, 0x18, 0x02,
-	0x20, 0x01, 0x28, 0x0b, 0x32, 0x09, 0x2e, 0x73, 0x61, 0x2e, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x52,
-	0x05, 0x72, 0x61, 0x6e, 0x67, 0x65, 0x22, 0x48, 0x0a, 0x14, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x46,
-	0x51, 0x44, 0x4e, 0x53, 0x65, 0x74, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x16,
-	0x0a, 0x06, 0x77, 0x69, 0x6e, 0x64, 0x6f, 0x77, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x06,
-	0x77, 0x69, 0x6e, 0x64, 0x6f, 0x77, 0x12, 0x18, 0x0a, 0x07, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e,
-	0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x07, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x73,
-	0x22, 0x30, 0x0a, 0x14, 0x46, 0x51, 0x44, 0x4e, 0x53, 0x65, 0x74, 0x45, 0x78, 0x69, 0x73, 0x74,
-	0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x18, 0x0a, 0x07, 0x64, 0x6f, 0x6d, 0x61,
-	0x69, 0x6e, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x09, 0x52, 0x07, 0x64, 0x6f, 0x6d, 0x61, 0x69,
-	0x6e, 0x73, 0x22, 0x50, 0x0a, 0x20, 0x50, 0x72, 0x65, 0x76, 0x69, 0x6f, 0x75, 0x73, 0x43, 0x65,
-	0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x45, 0x78, 0x69, 0x73, 0x74, 0x73, 0x52,
-	0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e,
-	0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x12, 0x14,
-	0x0a, 0x05, 0x72, 0x65, 0x67, 0x49, 0x44, 0x18, 0x02, 0x20, 0x01, 0x28, 0x03, 0x52, 0x05, 0x72,
-	0x65, 0x67, 0x49, 0x44, 0x22, 0x20, 0x0a, 0x06, 0x45, 0x78, 0x69, 0x73, 0x74, 0x73, 0x12, 0x16,
-	0x0a, 0x06, 0x65, 0x78, 0x69, 0x73, 0x74, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x06,
-	0x65, 0x78, 0x69, 0x73, 0x74, 0x73, 0x22, 0x74, 0x0a, 0x10, 0x41, 0x64, 0x64, 0x53, 0x65, 0x72,
-	0x69, 0x61, 0x6c, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x14, 0x0a, 0x05, 0x72, 0x65,
-	0x67, 0x49, 0x44, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x05, 0x72, 0x65, 0x67, 0x49, 0x44,
-	0x12, 0x16, 0x0a, 0x06, 0x73, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09,
-	0x52, 0x06, 0x73, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x12, 0x18, 0x0a, 0x07, 0x63, 0x72, 0x65, 0x61,
-	0x74, 0x65, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x03, 0x52, 0x07, 0x63, 0x72, 0x65, 0x61, 0x74,
-	0x65, 0x64, 0x12, 0x18, 0x0a, 0x07, 0x65, 0x78, 0x70, 0x69, 0x72, 0x65, 0x73, 0x18, 0x04, 0x20,
-	0x01, 0x28, 0x03, 0x52, 0x07, 0x65, 0x78, 0x70, 0x69, 0x72, 0x65, 0x73, 0x22, 0x87, 0x01, 0x0a,
-	0x15, 0x41, 0x64, 0x64, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x52,
-	0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x10, 0x0a, 0x03, 0x64, 0x65, 0x72, 0x18, 0x01, 0x20,
-	0x01, 0x28, 0x0c, 0x52, 0x03, 0x64, 0x65, 0x72, 0x12, 0x14, 0x0a, 0x05, 0x72, 0x65, 0x67, 0x49,
-	0x44, 0x18, 0x02, 0x20, 0x01, 0x28, 0x03, 0x52, 0x05, 0x72, 0x65, 0x67, 0x49, 0x44, 0x12, 0x12,
-	0x0a, 0x04, 0x6f, 0x63, 0x73, 0x70, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x04, 0x6f, 0x63,
-	0x73, 0x70, 0x12, 0x16, 0x0a, 0x06, 0x69, 0x73, 0x73, 0x75, 0x65, 0x64, 0x18, 0x04, 0x20, 0x01,
-	0x28, 0x03, 0x52, 0x06, 0x69, 0x73, 0x73, 0x75, 0x65, 0x64, 0x12, 0x1a, 0x0a, 0x08, 0x69, 0x73,
-	0x73, 0x75, 0x65, 0x72, 0x49, 0x44, 0x18, 0x05, 0x20, 0x01, 0x28, 0x03, 0x52, 0x08, 0x69, 0x73,
-	0x73, 0x75, 0x65, 0x72, 0x49, 0x44, 0x22, 0x30, 0x0a, 0x16, 0x41, 0x64, 0x64, 0x43, 0x65, 0x72,
-	0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65,
-	0x12, 0x16, 0x0a, 0x06, 0x64, 0x69, 0x67, 0x65, 0x73, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09,
-	0x52, 0x06, 0x64, 0x69, 0x67, 0x65, 0x73, 0x74, 0x22, 0x1e, 0x0a, 0x0c, 0x4f, 0x72, 0x64, 0x65,
-	0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01,
-	0x20, 0x01, 0x28, 0x03, 0x52, 0x02, 0x69, 0x64, 0x22, 0x95, 0x01, 0x0a, 0x0f, 0x4e, 0x65, 0x77,
-	0x4f, 0x72, 0x64, 0x65, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x26, 0x0a, 0x0e,
-	0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x18, 0x01,
-	0x20, 0x01, 0x28, 0x03, 0x52, 0x0e, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69,
-	0x6f, 0x6e, 0x49, 0x44, 0x12, 0x18, 0x0a, 0x07, 0x65, 0x78, 0x70, 0x69, 0x72, 0x65, 0x73, 0x18,
-	0x02, 0x20, 0x01, 0x28, 0x03, 0x52, 0x07, 0x65, 0x78, 0x70, 0x69, 0x72, 0x65, 0x73, 0x12, 0x14,
-	0x0a, 0x05, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x09, 0x52, 0x05, 0x6e,
-	0x61, 0x6d, 0x65, 0x73, 0x12, 0x2a, 0x0a, 0x10, 0x76, 0x32, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72,
-	0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x03, 0x52, 0x10,
-	0x76, 0x32, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73,
-	0x22, 0x7e, 0x0a, 0x18, 0x4e, 0x65, 0x77, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x41, 0x6e, 0x64, 0x41,
-	0x75, 0x74, 0x68, 0x7a, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x2f, 0x0a, 0x08,
-	0x6e, 0x65, 0x77, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x13,
-	0x2e, 0x73, 0x61, 0x2e, 0x4e, 0x65, 0x77, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x52, 0x65, 0x71, 0x75,
-	0x65, 0x73, 0x74, 0x52, 0x08, 0x6e, 0x65, 0x77, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x12, 0x31, 0x0a,
-	0x09, 0x6e, 0x65, 0x77, 0x41, 0x75, 0x74, 0x68, 0x7a, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b,
-	0x32, 0x13, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a,
-	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x09, 0x6e, 0x65, 0x77, 0x41, 0x75, 0x74, 0x68, 0x7a, 0x73,
-	0x22, 0x52, 0x0a, 0x14, 0x53, 0x65, 0x74, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x45, 0x72, 0x72, 0x6f,
-	0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01,
-	0x20, 0x01, 0x28, 0x03, 0x52, 0x02, 0x69, 0x64, 0x12, 0x2a, 0x0a, 0x05, 0x65, 0x72, 0x72, 0x6f,
-	0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x50,
-	0x72, 0x6f, 0x62, 0x6c, 0x65, 0x6d, 0x44, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x52, 0x05, 0x65,
-	0x72, 0x72, 0x6f, 0x72, 0x22, 0x4c, 0x0a, 0x22, 0x47, 0x65, 0x74, 0x56, 0x61, 0x6c, 0x69, 0x64,
-	0x4f, 0x72, 0x64, 0x65, 0x72, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69,
-	0x6f, 0x6e, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64,
-	0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x02, 0x69, 0x64, 0x12, 0x16, 0x0a, 0x06, 0x61, 0x63,
-	0x63, 0x74, 0x49, 0x44, 0x18, 0x02, 0x20, 0x01, 0x28, 0x03, 0x52, 0x06, 0x61, 0x63, 0x63, 0x74,
-	0x49, 0x44, 0x22, 0x47, 0x0a, 0x17, 0x47, 0x65, 0x74, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x46, 0x6f,
-	0x72, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x16, 0x0a,
-	0x06, 0x61, 0x63, 0x63, 0x74, 0x49, 0x44, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x06, 0x61,
-	0x63, 0x63, 0x74, 0x49, 0x44, 0x12, 0x14, 0x0a, 0x05, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x18, 0x02,
-	0x20, 0x03, 0x28, 0x09, 0x52, 0x05, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x22, 0x54, 0x0a, 0x14, 0x46,
-	0x69, 0x6e, 0x61, 0x6c, 0x69, 0x7a, 0x65, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x52, 0x65, 0x71, 0x75,
-	0x65, 0x73, 0x74, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52,
-	0x02, 0x69, 0x64, 0x12, 0x2c, 0x0a, 0x11, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61,
-	0x74, 0x65, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x11,
-	0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x53, 0x65, 0x72, 0x69, 0x61,
-	0x6c, 0x22, 0x6e, 0x0a, 0x18, 0x47, 0x65, 0x74, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a,
-	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x26, 0x0a,
-	0x0e, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x18,
-	0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0e, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74,
-	0x69, 0x6f, 0x6e, 0x49, 0x44, 0x12, 0x18, 0x0a, 0x07, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x73,
-	0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x07, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x73, 0x12,
-	0x10, 0x0a, 0x03, 0x6e, 0x6f, 0x77, 0x18, 0x03, 0x20, 0x01, 0x28, 0x03, 0x52, 0x03, 0x6e, 0x6f,
-	0x77, 0x22, 0x96, 0x01, 0x0a, 0x0e, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74,
-	0x69, 0x6f, 0x6e, 0x73, 0x12, 0x33, 0x0a, 0x05, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x18, 0x01, 0x20,
-	0x03, 0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x73, 0x61, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69,
-	0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x4d, 0x61, 0x70, 0x45, 0x6c, 0x65, 0x6d, 0x65,
-	0x6e, 0x74, 0x52, 0x05, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x1a, 0x4f, 0x0a, 0x0a, 0x4d, 0x61, 0x70,
-	0x45, 0x6c, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x64, 0x6f, 0x6d, 0x61, 0x69,
-	0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x12,
-	0x29, 0x0a, 0x05, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x13,
-	0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74,
-	0x69, 0x6f, 0x6e, 0x52, 0x05, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x22, 0x4c, 0x0a, 0x1f, 0x41, 0x64,
-	0x64, 0x50, 0x65, 0x6e, 0x64, 0x69, 0x6e, 0x67, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a,
-	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x29, 0x0a,
-	0x05, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x63,
-	0x6f, 0x72, 0x65, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f,
-	0x6e, 0x52, 0x05, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x22, 0x24, 0x0a, 0x10, 0x41, 0x75, 0x74, 0x68,
-	0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x73, 0x12, 0x10, 0x0a, 0x03,
-	0x69, 0x64, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x09, 0x52, 0x03, 0x69, 0x64, 0x73, 0x22, 0x22,
-	0x0a, 0x10, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49,
-	0x44, 0x32, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x02,
-	0x69, 0x64, 0x22, 0x25, 0x0a, 0x11, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74,
-	0x69, 0x6f, 0x6e, 0x32, 0x49, 0x44, 0x73, 0x12, 0x10, 0x0a, 0x03, 0x69, 0x64, 0x73, 0x18, 0x01,
-	0x20, 0x03, 0x28, 0x03, 0x52, 0x03, 0x69, 0x64, 0x73, 0x22, 0xb2, 0x01, 0x0a, 0x18, 0x52, 0x65,
-	0x76, 0x6f, 0x6b, 0x65, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x52,
-	0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x65, 0x72, 0x69, 0x61, 0x6c,
-	0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x12, 0x16,
-	0x0a, 0x06, 0x72, 0x65, 0x61, 0x73, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x03, 0x52, 0x06,
-	0x72, 0x65, 0x61, 0x73, 0x6f, 0x6e, 0x12, 0x12, 0x0a, 0x04, 0x64, 0x61, 0x74, 0x65, 0x18, 0x03,
-	0x20, 0x01, 0x28, 0x03, 0x52, 0x04, 0x64, 0x61, 0x74, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x62, 0x61,
-	0x63, 0x6b, 0x64, 0x61, 0x74, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x03, 0x52, 0x08, 0x62, 0x61,
-	0x63, 0x6b, 0x64, 0x61, 0x74, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e,
-	0x73, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x08, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e,
-	0x73, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x69, 0x73, 0x73, 0x75, 0x65, 0x72, 0x49, 0x44, 0x18, 0x06,
-	0x20, 0x01, 0x28, 0x03, 0x52, 0x08, 0x69, 0x73, 0x73, 0x75, 0x65, 0x72, 0x49, 0x44, 0x22, 0xa6,
-	0x02, 0x0a, 0x1c, 0x46, 0x69, 0x6e, 0x61, 0x6c, 0x69, 0x7a, 0x65, 0x41, 0x75, 0x74, 0x68, 0x6f,
-	0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12,
-	0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x02, 0x69, 0x64, 0x12,
-	0x16, 0x0a, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52,
-	0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x18, 0x0a, 0x07, 0x65, 0x78, 0x70, 0x69, 0x72,
-	0x65, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x03, 0x52, 0x07, 0x65, 0x78, 0x70, 0x69, 0x72, 0x65,
-	0x73, 0x12, 0x1c, 0x0a, 0x09, 0x61, 0x74, 0x74, 0x65, 0x6d, 0x70, 0x74, 0x65, 0x64, 0x18, 0x04,
-	0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x61, 0x74, 0x74, 0x65, 0x6d, 0x70, 0x74, 0x65, 0x64, 0x12,
-	0x44, 0x0a, 0x11, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x63,
-	0x6f, 0x72, 0x64, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x63, 0x6f, 0x72,
-	0x65, 0x2e, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x63, 0x6f,
-	0x72, 0x64, 0x52, 0x11, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65,
-	0x63, 0x6f, 0x72, 0x64, 0x73, 0x12, 0x3e, 0x0a, 0x0f, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74,
-	0x69, 0x6f, 0x6e, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x14,
-	0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x50, 0x72, 0x6f, 0x62, 0x6c, 0x65, 0x6d, 0x44, 0x65, 0x74,
-	0x61, 0x69, 0x6c, 0x73, 0x52, 0x0f, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e,
-	0x45, 0x72, 0x72, 0x6f, 0x72, 0x12, 0x20, 0x0a, 0x0b, 0x61, 0x74, 0x74, 0x65, 0x6d, 0x70, 0x74,
-	0x65, 0x64, 0x41, 0x74, 0x18, 0x07, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0b, 0x61, 0x74, 0x74, 0x65,
-	0x6d, 0x70, 0x74, 0x65, 0x64, 0x41, 0x74, 0x22, 0x96, 0x01, 0x0a, 0x14, 0x41, 0x64, 0x64, 0x42,
-	0x6c, 0x6f, 0x63, 0x6b, 0x65, 0x64, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74,
-	0x12, 0x18, 0x0a, 0x07, 0x6b, 0x65, 0x79, 0x48, 0x61, 0x73, 0x68, 0x18, 0x01, 0x20, 0x01, 0x28,
-	0x0c, 0x52, 0x07, 0x6b, 0x65, 0x79, 0x48, 0x61, 0x73, 0x68, 0x12, 0x14, 0x0a, 0x05, 0x61, 0x64,
-	0x64, 0x65, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x03, 0x52, 0x05, 0x61, 0x64, 0x64, 0x65, 0x64,
-	0x12, 0x16, 0x0a, 0x06, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09,
-	0x52, 0x06, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x63, 0x6f, 0x6d, 0x6d,
-	0x65, 0x6e, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x63, 0x6f, 0x6d, 0x6d, 0x65,
-	0x6e, 0x74, 0x12, 0x1c, 0x0a, 0x09, 0x72, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x64, 0x42, 0x79, 0x18,
-	0x05, 0x20, 0x01, 0x28, 0x03, 0x52, 0x09, 0x72, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x64, 0x42, 0x79,
-	0x22, 0x2d, 0x0a, 0x11, 0x4b, 0x65, 0x79, 0x42, 0x6c, 0x6f, 0x63, 0x6b, 0x65, 0x64, 0x52, 0x65,
-	0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x18, 0x0a, 0x07, 0x6b, 0x65, 0x79, 0x48, 0x61, 0x73, 0x68,
-	0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x07, 0x6b, 0x65, 0x79, 0x48, 0x61, 0x73, 0x68, 0x22,
-	0x82, 0x01, 0x0a, 0x08, 0x49, 0x6e, 0x63, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x12, 0x0e, 0x0a, 0x02,
-	0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x02, 0x69, 0x64, 0x12, 0x20, 0x0a, 0x0b,
-	0x73, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x54, 0x61, 0x62, 0x6c, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28,
-	0x09, 0x52, 0x0b, 0x73, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x54, 0x61, 0x62, 0x6c, 0x65, 0x12, 0x10,
-	0x0a, 0x03, 0x75, 0x72, 0x6c, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x75, 0x72, 0x6c,
-	0x12, 0x18, 0x0a, 0x07, 0x72, 0x65, 0x6e, 0x65, 0x77, 0x42, 0x79, 0x18, 0x04, 0x20, 0x01, 0x28,
-	0x03, 0x52, 0x07, 0x72, 0x65, 0x6e, 0x65, 0x77, 0x42, 0x79, 0x12, 0x18, 0x0a, 0x07, 0x65, 0x6e,
-	0x61, 0x62, 0x6c, 0x65, 0x64, 0x18, 0x05, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x65, 0x6e, 0x61,
-	0x62, 0x6c, 0x65, 0x64, 0x22, 0x37, 0x0a, 0x09, 0x49, 0x6e, 0x63, 0x69, 0x64, 0x65, 0x6e, 0x74,
-	0x73, 0x12, 0x2a, 0x0a, 0x09, 0x69, 0x6e, 0x63, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x73, 0x18, 0x01,
-	0x20, 0x03, 0x28, 0x0b, 0x32, 0x0c, 0x2e, 0x73, 0x61, 0x2e, 0x49, 0x6e, 0x63, 0x69, 0x64, 0x65,
-	0x6e, 0x74, 0x52, 0x09, 0x69, 0x6e, 0x63, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x73, 0x22, 0x41, 0x0a,
-	0x19, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x73, 0x46, 0x6f, 0x72, 0x49, 0x6e, 0x63, 0x69, 0x64,
-	0x65, 0x6e, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x24, 0x0a, 0x0d, 0x69, 0x6e,
-	0x63, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x54, 0x61, 0x62, 0x6c, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28,
-	0x09, 0x52, 0x0d, 0x69, 0x6e, 0x63, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x54, 0x61, 0x62, 0x6c, 0x65,
-	0x22, 0x92, 0x01, 0x0a, 0x0e, 0x49, 0x6e, 0x63, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x53, 0x65, 0x72,
-	0x69, 0x61, 0x6c, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x18, 0x01, 0x20,
-	0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x12, 0x26, 0x0a, 0x0e, 0x72,
-	0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x18, 0x02, 0x20,
-	0x01, 0x28, 0x03, 0x52, 0x0e, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f,
-	0x6e, 0x49, 0x44, 0x12, 0x18, 0x0a, 0x07, 0x6f, 0x72, 0x64, 0x65, 0x72, 0x49, 0x44, 0x18, 0x03,
-	0x20, 0x01, 0x28, 0x03, 0x52, 0x07, 0x6f, 0x72, 0x64, 0x65, 0x72, 0x49, 0x44, 0x12, 0x26, 0x0a,
-	0x0e, 0x6c, 0x61, 0x73, 0x74, 0x4e, 0x6f, 0x74, 0x69, 0x63, 0x65, 0x53, 0x65, 0x6e, 0x74, 0x18,
-	0x04, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0e, 0x6c, 0x61, 0x73, 0x74, 0x4e, 0x6f, 0x74, 0x69, 0x63,
-	0x65, 0x53, 0x65, 0x6e, 0x74, 0x22, 0xac, 0x01, 0x0a, 0x16, 0x47, 0x65, 0x74, 0x52, 0x65, 0x76,
-	0x6f, 0x6b, 0x65, 0x64, 0x43, 0x65, 0x72, 0x74, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74,
-	0x12, 0x22, 0x0a, 0x0c, 0x69, 0x73, 0x73, 0x75, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x49, 0x44,
-	0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0c, 0x69, 0x73, 0x73, 0x75, 0x65, 0x72, 0x4e, 0x61,
-	0x6d, 0x65, 0x49, 0x44, 0x12, 0x22, 0x0a, 0x0c, 0x65, 0x78, 0x70, 0x69, 0x72, 0x65, 0x73, 0x41,
-	0x66, 0x74, 0x65, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0c, 0x65, 0x78, 0x70, 0x69,
-	0x72, 0x65, 0x73, 0x41, 0x66, 0x74, 0x65, 0x72, 0x12, 0x24, 0x0a, 0x0d, 0x65, 0x78, 0x70, 0x69,
-	0x72, 0x65, 0x73, 0x42, 0x65, 0x66, 0x6f, 0x72, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x03, 0x52,
-	0x0d, 0x65, 0x78, 0x70, 0x69, 0x72, 0x65, 0x73, 0x42, 0x65, 0x66, 0x6f, 0x72, 0x65, 0x12, 0x24,
-	0x0a, 0x0d, 0x72, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x64, 0x42, 0x65, 0x66, 0x6f, 0x72, 0x65, 0x18,
-	0x04, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0d, 0x72, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x64, 0x42, 0x65,
-	0x66, 0x6f, 0x72, 0x65, 0x22, 0x8e, 0x01, 0x0a, 0x10, 0x52, 0x65, 0x76, 0x6f, 0x63, 0x61, 0x74,
-	0x69, 0x6f, 0x6e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x74, 0x61,
-	0x74, 0x75, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75,
-	0x73, 0x12, 0x24, 0x0a, 0x0d, 0x72, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x64, 0x52, 0x65, 0x61, 0x73,
-	0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0d, 0x72, 0x65, 0x76, 0x6f, 0x6b, 0x65,
-	0x64, 0x52, 0x65, 0x61, 0x73, 0x6f, 0x6e, 0x12, 0x3c, 0x0a, 0x0b, 0x72, 0x65, 0x76, 0x6f, 0x6b,
-	0x65, 0x64, 0x44, 0x61, 0x74, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67,
-	0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54,
-	0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x0b, 0x72, 0x65, 0x76, 0x6f, 0x6b, 0x65,
-	0x64, 0x44, 0x61, 0x74, 0x65, 0x32, 0xb2, 0x0f, 0x0a, 0x18, 0x53, 0x74, 0x6f, 0x72, 0x61, 0x67,
-	0x65, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x52, 0x65, 0x61, 0x64, 0x4f, 0x6e,
-	0x6c, 0x79, 0x12, 0x53, 0x0a, 0x18, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x43, 0x65, 0x72, 0x74, 0x69,
-	0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x73, 0x42, 0x79, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x12, 0x23,
-	0x2e, 0x73, 0x61, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69,
-	0x63, 0x61, 0x74, 0x65, 0x73, 0x42, 0x79, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75,
-	0x65, 0x73, 0x74, 0x1a, 0x10, 0x2e, 0x73, 0x61, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x42, 0x79,
-	0x4e, 0x61, 0x6d, 0x65, 0x73, 0x22, 0x00, 0x12, 0x36, 0x0a, 0x0d, 0x43, 0x6f, 0x75, 0x6e, 0x74,
-	0x46, 0x51, 0x44, 0x4e, 0x53, 0x65, 0x74, 0x73, 0x12, 0x18, 0x2e, 0x73, 0x61, 0x2e, 0x43, 0x6f,
-	0x75, 0x6e, 0x74, 0x46, 0x51, 0x44, 0x4e, 0x53, 0x65, 0x74, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65,
-	0x73, 0x74, 0x1a, 0x09, 0x2e, 0x73, 0x61, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x22, 0x00, 0x12,
-	0x51, 0x0a, 0x1b, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x49, 0x6e, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x41,
-	0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x32, 0x12, 0x25,
-	0x2e, 0x73, 0x61, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x49, 0x6e, 0x76, 0x61, 0x6c, 0x69, 0x64,
-	0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x65,
-	0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x09, 0x2e, 0x73, 0x61, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74,
-	0x22, 0x00, 0x12, 0x32, 0x0a, 0x0b, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x4f, 0x72, 0x64, 0x65, 0x72,
-	0x73, 0x12, 0x16, 0x2e, 0x73, 0x61, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x4f, 0x72, 0x64, 0x65,
-	0x72, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x09, 0x2e, 0x73, 0x61, 0x2e, 0x43,
-	0x6f, 0x75, 0x6e, 0x74, 0x22, 0x00, 0x12, 0x3e, 0x0a, 0x1b, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x50,
-	0x65, 0x6e, 0x64, 0x69, 0x6e, 0x67, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74,
-	0x69, 0x6f, 0x6e, 0x73, 0x32, 0x12, 0x12, 0x2e, 0x73, 0x61, 0x2e, 0x52, 0x65, 0x67, 0x69, 0x73,
-	0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x1a, 0x09, 0x2e, 0x73, 0x61, 0x2e, 0x43,
-	0x6f, 0x75, 0x6e, 0x74, 0x22, 0x00, 0x12, 0x48, 0x0a, 0x16, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x52,
-	0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x42, 0x79, 0x49, 0x50,
-	0x12, 0x21, 0x2e, 0x73, 0x61, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x52, 0x65, 0x67, 0x69, 0x73,
-	0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x42, 0x79, 0x49, 0x50, 0x52, 0x65, 0x71, 0x75,
-	0x65, 0x73, 0x74, 0x1a, 0x09, 0x2e, 0x73, 0x61, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x22, 0x00,
-	0x12, 0x4d, 0x0a, 0x1b, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72,
-	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x42, 0x79, 0x49, 0x50, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x12,
-	0x21, 0x2e, 0x73, 0x61, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74,
-	0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x42, 0x79, 0x49, 0x50, 0x52, 0x65, 0x71, 0x75, 0x65,
-	0x73, 0x74, 0x1a, 0x09, 0x2e, 0x73, 0x61, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x22, 0x00, 0x12,
-	0x37, 0x0a, 0x0d, 0x46, 0x51, 0x44, 0x4e, 0x53, 0x65, 0x74, 0x45, 0x78, 0x69, 0x73, 0x74, 0x73,
-	0x12, 0x18, 0x2e, 0x73, 0x61, 0x2e, 0x46, 0x51, 0x44, 0x4e, 0x53, 0x65, 0x74, 0x45, 0x78, 0x69,
-	0x73, 0x74, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x0a, 0x2e, 0x73, 0x61, 0x2e,
-	0x45, 0x78, 0x69, 0x73, 0x74, 0x73, 0x22, 0x00, 0x12, 0x48, 0x0a, 0x1a, 0x46, 0x51, 0x44, 0x4e,
-	0x53, 0x65, 0x74, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x73, 0x46, 0x6f, 0x72,
-	0x57, 0x69, 0x6e, 0x64, 0x6f, 0x77, 0x12, 0x18, 0x2e, 0x73, 0x61, 0x2e, 0x43, 0x6f, 0x75, 0x6e,
-	0x74, 0x46, 0x51, 0x44, 0x4e, 0x53, 0x65, 0x74, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74,
-	0x1a, 0x0e, 0x2e, 0x73, 0x61, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x73,
-	0x22, 0x00, 0x12, 0x40, 0x0a, 0x11, 0x47, 0x65, 0x74, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69,
-	0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x32, 0x12, 0x14, 0x2e, 0x73, 0x61, 0x2e, 0x41, 0x75, 0x74,
-	0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x32, 0x1a, 0x13, 0x2e,
-	0x63, 0x6f, 0x72, 0x65, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69,
-	0x6f, 0x6e, 0x22, 0x00, 0x12, 0x48, 0x0a, 0x12, 0x47, 0x65, 0x74, 0x41, 0x75, 0x74, 0x68, 0x6f,
-	0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x32, 0x12, 0x1c, 0x2e, 0x73, 0x61, 0x2e,
-	0x47, 0x65, 0x74, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e,
-	0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x12, 0x2e, 0x73, 0x61, 0x2e, 0x41, 0x75,
-	0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x22, 0x00, 0x12, 0x31,
-	0x0a, 0x0e, 0x47, 0x65, 0x74, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65,
-	0x12, 0x0a, 0x2e, 0x73, 0x61, 0x2e, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x1a, 0x11, 0x2e, 0x63,
-	0x6f, 0x72, 0x65, 0x2e, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x22,
-	0x00, 0x12, 0x3d, 0x0a, 0x14, 0x47, 0x65, 0x74, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63,
-	0x61, 0x74, 0x65, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x0a, 0x2e, 0x73, 0x61, 0x2e, 0x53,
-	0x65, 0x72, 0x69, 0x61, 0x6c, 0x1a, 0x17, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x43, 0x65, 0x72,
-	0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x22, 0x00,
-	0x12, 0x48, 0x0a, 0x10, 0x47, 0x65, 0x74, 0x4d, 0x61, 0x78, 0x45, 0x78, 0x70, 0x69, 0x72, 0x61,
-	0x74, 0x69, 0x6f, 0x6e, 0x12, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72,
-	0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x1a, 0x1a, 0x2e, 0x67,
-	0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54,
-	0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x22, 0x00, 0x12, 0x2b, 0x0a, 0x08, 0x47, 0x65,
-	0x74, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x12, 0x10, 0x2e, 0x73, 0x61, 0x2e, 0x4f, 0x72, 0x64, 0x65,
-	0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x0b, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e,
-	0x4f, 0x72, 0x64, 0x65, 0x72, 0x22, 0x00, 0x12, 0x3e, 0x0a, 0x10, 0x47, 0x65, 0x74, 0x4f, 0x72,
-	0x64, 0x65, 0x72, 0x46, 0x6f, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x12, 0x1b, 0x2e, 0x73, 0x61,
-	0x2e, 0x47, 0x65, 0x74, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x46, 0x6f, 0x72, 0x4e, 0x61, 0x6d, 0x65,
-	0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x0b, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e,
-	0x4f, 0x72, 0x64, 0x65, 0x72, 0x22, 0x00, 0x12, 0x55, 0x0a, 0x18, 0x47, 0x65, 0x74, 0x50, 0x65,
-	0x6e, 0x64, 0x69, 0x6e, 0x67, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69,
-	0x6f, 0x6e, 0x32, 0x12, 0x22, 0x2e, 0x73, 0x61, 0x2e, 0x47, 0x65, 0x74, 0x50, 0x65, 0x6e, 0x64,
-	0x69, 0x6e, 0x67, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e,
-	0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x13, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x41,
-	0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x00, 0x12, 0x34,
-	0x0a, 0x11, 0x47, 0x65, 0x74, 0x50, 0x72, 0x65, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63,
-	0x61, 0x74, 0x65, 0x12, 0x0a, 0x2e, 0x73, 0x61, 0x2e, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x1a,
-	0x11, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61,
-	0x74, 0x65, 0x22, 0x00, 0x12, 0x3b, 0x0a, 0x0f, 0x47, 0x65, 0x74, 0x52, 0x65, 0x67, 0x69, 0x73,
-	0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x12, 0x2e, 0x73, 0x61, 0x2e, 0x52, 0x65, 0x67,
-	0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x1a, 0x12, 0x2e, 0x63, 0x6f,
-	0x72, 0x65, 0x2e, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22,
-	0x00, 0x12, 0x3c, 0x0a, 0x14, 0x47, 0x65, 0x74, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61,
-	0x74, 0x69, 0x6f, 0x6e, 0x42, 0x79, 0x4b, 0x65, 0x79, 0x12, 0x0e, 0x2e, 0x73, 0x61, 0x2e, 0x4a,
-	0x53, 0x4f, 0x4e, 0x57, 0x65, 0x62, 0x4b, 0x65, 0x79, 0x1a, 0x12, 0x2e, 0x63, 0x6f, 0x72, 0x65,
-	0x2e, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x00, 0x12,
-	0x39, 0x0a, 0x13, 0x47, 0x65, 0x74, 0x52, 0x65, 0x76, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e,
-	0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x0a, 0x2e, 0x73, 0x61, 0x2e, 0x53, 0x65, 0x72, 0x69,
-	0x61, 0x6c, 0x1a, 0x14, 0x2e, 0x73, 0x61, 0x2e, 0x52, 0x65, 0x76, 0x6f, 0x63, 0x61, 0x74, 0x69,
-	0x6f, 0x6e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x22, 0x00, 0x12, 0x41, 0x0a, 0x0f, 0x47, 0x65,
-	0x74, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x64, 0x43, 0x65, 0x72, 0x74, 0x73, 0x12, 0x1a, 0x2e,
-	0x73, 0x61, 0x2e, 0x47, 0x65, 0x74, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x64, 0x43, 0x65, 0x72,
-	0x74, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x0e, 0x2e, 0x63, 0x6f, 0x72, 0x65,
-	0x2e, 0x43, 0x52, 0x4c, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x22, 0x00, 0x30, 0x01, 0x12, 0x35, 0x0a,
-	0x11, 0x47, 0x65, 0x74, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61,
-	0x74, 0x61, 0x12, 0x0a, 0x2e, 0x73, 0x61, 0x2e, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x1a, 0x12,
-	0x2e, 0x73, 0x61, 0x2e, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61,
-	0x74, 0x61, 0x22, 0x00, 0x12, 0x52, 0x0a, 0x17, 0x47, 0x65, 0x74, 0x56, 0x61, 0x6c, 0x69, 0x64,
-	0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x32, 0x12,
-	0x21, 0x2e, 0x73, 0x61, 0x2e, 0x47, 0x65, 0x74, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x41, 0x75, 0x74,
-	0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65,
-	0x73, 0x74, 0x1a, 0x12, 0x2e, 0x73, 0x61, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a,
-	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x22, 0x00, 0x12, 0x5c, 0x0a, 0x1c, 0x47, 0x65, 0x74, 0x56,
-	0x61, 0x6c, 0x69, 0x64, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69,
-	0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x32, 0x12, 0x26, 0x2e, 0x73, 0x61, 0x2e, 0x47, 0x65,
-	0x74, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x41, 0x75, 0x74, 0x68, 0x6f,
-	0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74,
-	0x1a, 0x12, 0x2e, 0x73, 0x61, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74,
-	0x69, 0x6f, 0x6e, 0x73, 0x22, 0x00, 0x12, 0x31, 0x0a, 0x12, 0x49, 0x6e, 0x63, 0x69, 0x64, 0x65,
-	0x6e, 0x74, 0x73, 0x46, 0x6f, 0x72, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x12, 0x0a, 0x2e, 0x73,
-	0x61, 0x2e, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x1a, 0x0d, 0x2e, 0x73, 0x61, 0x2e, 0x49, 0x6e,
-	0x63, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x73, 0x22, 0x00, 0x12, 0x31, 0x0a, 0x0a, 0x4b, 0x65, 0x79,
-	0x42, 0x6c, 0x6f, 0x63, 0x6b, 0x65, 0x64, 0x12, 0x15, 0x2e, 0x73, 0x61, 0x2e, 0x4b, 0x65, 0x79,
-	0x42, 0x6c, 0x6f, 0x63, 0x6b, 0x65, 0x64, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x0a,
-	0x2e, 0x73, 0x61, 0x2e, 0x45, 0x78, 0x69, 0x73, 0x74, 0x73, 0x22, 0x00, 0x12, 0x4f, 0x0a, 0x19,
-	0x50, 0x72, 0x65, 0x76, 0x69, 0x6f, 0x75, 0x73, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63,
-	0x61, 0x74, 0x65, 0x45, 0x78, 0x69, 0x73, 0x74, 0x73, 0x12, 0x24, 0x2e, 0x73, 0x61, 0x2e, 0x50,
-	0x72, 0x65, 0x76, 0x69, 0x6f, 0x75, 0x73, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61,
-	0x74, 0x65, 0x45, 0x78, 0x69, 0x73, 0x74, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a,
-	0x0a, 0x2e, 0x73, 0x61, 0x2e, 0x45, 0x78, 0x69, 0x73, 0x74, 0x73, 0x22, 0x00, 0x12, 0x4b, 0x0a,
-	0x12, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x73, 0x46, 0x6f, 0x72, 0x49, 0x6e, 0x63, 0x69, 0x64,
-	0x65, 0x6e, 0x74, 0x12, 0x1d, 0x2e, 0x73, 0x61, 0x2e, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x73,
-	0x46, 0x6f, 0x72, 0x49, 0x6e, 0x63, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65,
-	0x73, 0x74, 0x1a, 0x12, 0x2e, 0x73, 0x61, 0x2e, 0x49, 0x6e, 0x63, 0x69, 0x64, 0x65, 0x6e, 0x74,
-	0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x22, 0x00, 0x30, 0x01, 0x32, 0xdf, 0x18, 0x0a, 0x10, 0x53,
-	0x74, 0x6f, 0x72, 0x61, 0x67, 0x65, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x12,
-	0x53, 0x0a, 0x18, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63,
-	0x61, 0x74, 0x65, 0x73, 0x42, 0x79, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x12, 0x23, 0x2e, 0x73, 0x61,
-	0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74,
-	0x65, 0x73, 0x42, 0x79, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74,
-	0x1a, 0x10, 0x2e, 0x73, 0x61, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x42, 0x79, 0x4e, 0x61, 0x6d,
-	0x65, 0x73, 0x22, 0x00, 0x12, 0x36, 0x0a, 0x0d, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x46, 0x51, 0x44,
-	0x4e, 0x53, 0x65, 0x74, 0x73, 0x12, 0x18, 0x2e, 0x73, 0x61, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74,
-	0x46, 0x51, 0x44, 0x4e, 0x53, 0x65, 0x74, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a,
-	0x09, 0x2e, 0x73, 0x61, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x22, 0x00, 0x12, 0x51, 0x0a, 0x1b,
-	0x43, 0x6f, 0x75, 0x6e, 0x74, 0x49, 0x6e, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x41, 0x75, 0x74, 0x68,
-	0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x32, 0x12, 0x25, 0x2e, 0x73, 0x61,
-	0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x49, 0x6e, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x41, 0x75, 0x74,
-	0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65,
-	0x73, 0x74, 0x1a, 0x09, 0x2e, 0x73, 0x61, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x22, 0x00, 0x12,
-	0x32, 0x0a, 0x0b, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x73, 0x12, 0x16,
-	0x2e, 0x73, 0x61, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x73, 0x52,
-	0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x09, 0x2e, 0x73, 0x61, 0x2e, 0x43, 0x6f, 0x75, 0x6e,
-	0x74, 0x22, 0x00, 0x12, 0x3e, 0x0a, 0x1b, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x50, 0x65, 0x6e, 0x64,
-	0x69, 0x6e, 0x67, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e,
-	0x73, 0x32, 0x12, 0x12, 0x2e, 0x73, 0x61, 0x2e, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61,
-	0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x1a, 0x09, 0x2e, 0x73, 0x61, 0x2e, 0x43, 0x6f, 0x75, 0x6e,
-	0x74, 0x22, 0x00, 0x12, 0x48, 0x0a, 0x16, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x52, 0x65, 0x67, 0x69,
-	0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x42, 0x79, 0x49, 0x50, 0x12, 0x21, 0x2e,
-	0x73, 0x61, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61,
-	0x74, 0x69, 0x6f, 0x6e, 0x73, 0x42, 0x79, 0x49, 0x50, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74,
-	0x1a, 0x09, 0x2e, 0x73, 0x61, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x22, 0x00, 0x12, 0x4d, 0x0a,
-	0x1b, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69,
-	0x6f, 0x6e, 0x73, 0x42, 0x79, 0x49, 0x50, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x12, 0x21, 0x2e, 0x73,
-	0x61, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74,
-	0x69, 0x6f, 0x6e, 0x73, 0x42, 0x79, 0x49, 0x50, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a,
-	0x09, 0x2e, 0x73, 0x61, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x22, 0x00, 0x12, 0x37, 0x0a, 0x0d,
-	0x46, 0x51, 0x44, 0x4e, 0x53, 0x65, 0x74, 0x45, 0x78, 0x69, 0x73, 0x74, 0x73, 0x12, 0x18, 0x2e,
-	0x73, 0x61, 0x2e, 0x46, 0x51, 0x44, 0x4e, 0x53, 0x65, 0x74, 0x45, 0x78, 0x69, 0x73, 0x74, 0x73,
-	0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x0a, 0x2e, 0x73, 0x61, 0x2e, 0x45, 0x78, 0x69,
-	0x73, 0x74, 0x73, 0x22, 0x00, 0x12, 0x48, 0x0a, 0x1a, 0x46, 0x51, 0x44, 0x4e, 0x53, 0x65, 0x74,
-	0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x73, 0x46, 0x6f, 0x72, 0x57, 0x69, 0x6e,
-	0x64, 0x6f, 0x77, 0x12, 0x18, 0x2e, 0x73, 0x61, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x46, 0x51,
-	0x44, 0x4e, 0x53, 0x65, 0x74, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x0e, 0x2e,
-	0x73, 0x61, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x73, 0x22, 0x00, 0x12,
-	0x40, 0x0a, 0x11, 0x47, 0x65, 0x74, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74,
-	0x69, 0x6f, 0x6e, 0x32, 0x12, 0x14, 0x2e, 0x73, 0x61, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72,
-	0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x32, 0x1a, 0x13, 0x2e, 0x63, 0x6f, 0x72,
-	0x65, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22,
-	0x00, 0x12, 0x48, 0x0a, 0x12, 0x47, 0x65, 0x74, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a,
-	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x32, 0x12, 0x1c, 0x2e, 0x73, 0x61, 0x2e, 0x47, 0x65, 0x74,
-	0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x65,
-	0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x12, 0x2e, 0x73, 0x61, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x6f,
-	0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x22, 0x00, 0x12, 0x31, 0x0a, 0x0e, 0x47,
-	0x65, 0x74, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x0a, 0x2e,
-	0x73, 0x61, 0x2e, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x1a, 0x11, 0x2e, 0x63, 0x6f, 0x72, 0x65,
-	0x2e, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x22, 0x00, 0x12, 0x3d,
-	0x0a, 0x14, 0x47, 0x65, 0x74, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65,
-	0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x0a, 0x2e, 0x73, 0x61, 0x2e, 0x53, 0x65, 0x72, 0x69,
-	0x61, 0x6c, 0x1a, 0x17, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66,
-	0x69, 0x63, 0x61, 0x74, 0x65, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x22, 0x00, 0x12, 0x48, 0x0a,
-	0x10, 0x47, 0x65, 0x74, 0x4d, 0x61, 0x78, 0x45, 0x78, 0x70, 0x69, 0x72, 0x61, 0x74, 0x69, 0x6f,
-	0x6e, 0x12, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
-	0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x1a, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67,
-	0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65,
-	0x73, 0x74, 0x61, 0x6d, 0x70, 0x22, 0x00, 0x12, 0x2b, 0x0a, 0x08, 0x47, 0x65, 0x74, 0x4f, 0x72,
-	0x64, 0x65, 0x72, 0x12, 0x10, 0x2e, 0x73, 0x61, 0x2e, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x52, 0x65,
-	0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x0b, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x4f, 0x72, 0x64,
-	0x65, 0x72, 0x22, 0x00, 0x12, 0x3e, 0x0a, 0x10, 0x47, 0x65, 0x74, 0x4f, 0x72, 0x64, 0x65, 0x72,
-	0x46, 0x6f, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x12, 0x1b, 0x2e, 0x73, 0x61, 0x2e, 0x47, 0x65,
-	0x74, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x46, 0x6f, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x52, 0x65,
-	0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x0b, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x4f, 0x72, 0x64,
-	0x65, 0x72, 0x22, 0x00, 0x12, 0x55, 0x0a, 0x18, 0x47, 0x65, 0x74, 0x50, 0x65, 0x6e, 0x64, 0x69,
-	0x6e, 0x67, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x32,
-	0x12, 0x22, 0x2e, 0x73, 0x61, 0x2e, 0x47, 0x65, 0x74, 0x50, 0x65, 0x6e, 0x64, 0x69, 0x6e, 0x67,
-	0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71,
-	0x75, 0x65, 0x73, 0x74, 0x1a, 0x13, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x41, 0x75, 0x74, 0x68,
-	0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x00, 0x12, 0x34, 0x0a, 0x11, 0x47,
-	0x65, 0x74, 0x50, 0x72, 0x65, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65,
-	0x12, 0x0a, 0x2e, 0x73, 0x61, 0x2e, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x1a, 0x11, 0x2e, 0x63,
-	0x6f, 0x72, 0x65, 0x2e, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x22,
-	0x00, 0x12, 0x3b, 0x0a, 0x0f, 0x47, 0x65, 0x74, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61,
-	0x74, 0x69, 0x6f, 0x6e, 0x12, 0x12, 0x2e, 0x73, 0x61, 0x2e, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74,
-	0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x1a, 0x12, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e,
-	0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x00, 0x12, 0x3c,
-	0x0a, 0x14, 0x47, 0x65, 0x74, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f,
-	0x6e, 0x42, 0x79, 0x4b, 0x65, 0x79, 0x12, 0x0e, 0x2e, 0x73, 0x61, 0x2e, 0x4a, 0x53, 0x4f, 0x4e,
-	0x57, 0x65, 0x62, 0x4b, 0x65, 0x79, 0x1a, 0x12, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x52, 0x65,
-	0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x00, 0x12, 0x39, 0x0a, 0x13,
-	0x47, 0x65, 0x74, 0x52, 0x65, 0x76, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x74, 0x61,
-	0x74, 0x75, 0x73, 0x12, 0x0a, 0x2e, 0x73, 0x61, 0x2e, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x1a,
-	0x14, 0x2e, 0x73, 0x61, 0x2e, 0x52, 0x65, 0x76, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x53,
-	0x74, 0x61, 0x74, 0x75, 0x73, 0x22, 0x00, 0x12, 0x41, 0x0a, 0x0f, 0x47, 0x65, 0x74, 0x52, 0x65,
-	0x76, 0x6f, 0x6b, 0x65, 0x64, 0x43, 0x65, 0x72, 0x74, 0x73, 0x12, 0x1a, 0x2e, 0x73, 0x61, 0x2e,
-	0x47, 0x65, 0x74, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x64, 0x43, 0x65, 0x72, 0x74, 0x73, 0x52,
-	0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x0e, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x43, 0x52,
-	0x4c, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x22, 0x00, 0x30, 0x01, 0x12, 0x35, 0x0a, 0x11, 0x47, 0x65,
-	0x74, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x12,
-	0x0a, 0x2e, 0x73, 0x61, 0x2e, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x1a, 0x12, 0x2e, 0x73, 0x61,
-	0x2e, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x22,
-	0x00, 0x12, 0x52, 0x0a, 0x17, 0x47, 0x65, 0x74, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x41, 0x75, 0x74,
-	0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x32, 0x12, 0x21, 0x2e, 0x73,
-	0x61, 0x2e, 0x47, 0x65, 0x74, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72,
-	0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a,
-	0x12, 0x2e, 0x73, 0x61, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69,
-	0x6f, 0x6e, 0x73, 0x22, 0x00, 0x12, 0x5c, 0x0a, 0x1c, 0x47, 0x65, 0x74, 0x56, 0x61, 0x6c, 0x69,
-	0x64, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74,
-	0x69, 0x6f, 0x6e, 0x73, 0x32, 0x12, 0x26, 0x2e, 0x73, 0x61, 0x2e, 0x47, 0x65, 0x74, 0x56, 0x61,
-	0x6c, 0x69, 0x64, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a,
-	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x12, 0x2e,
-	0x73, 0x61, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e,
-	0x73, 0x22, 0x00, 0x12, 0x31, 0x0a, 0x12, 0x49, 0x6e, 0x63, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x73,
-	0x46, 0x6f, 0x72, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x12, 0x0a, 0x2e, 0x73, 0x61, 0x2e, 0x53,
-	0x65, 0x72, 0x69, 0x61, 0x6c, 0x1a, 0x0d, 0x2e, 0x73, 0x61, 0x2e, 0x49, 0x6e, 0x63, 0x69, 0x64,
-	0x65, 0x6e, 0x74, 0x73, 0x22, 0x00, 0x12, 0x31, 0x0a, 0x0a, 0x4b, 0x65, 0x79, 0x42, 0x6c, 0x6f,
-	0x63, 0x6b, 0x65, 0x64, 0x12, 0x15, 0x2e, 0x73, 0x61, 0x2e, 0x4b, 0x65, 0x79, 0x42, 0x6c, 0x6f,
-	0x63, 0x6b, 0x65, 0x64, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x0a, 0x2e, 0x73, 0x61,
-	0x2e, 0x45, 0x78, 0x69, 0x73, 0x74, 0x73, 0x22, 0x00, 0x12, 0x4f, 0x0a, 0x19, 0x50, 0x72, 0x65,
-	0x76, 0x69, 0x6f, 0x75, 0x73, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65,
-	0x45, 0x78, 0x69, 0x73, 0x74, 0x73, 0x12, 0x24, 0x2e, 0x73, 0x61, 0x2e, 0x50, 0x72, 0x65, 0x76,
-	0x69, 0x6f, 0x75, 0x73, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x45,
-	0x78, 0x69, 0x73, 0x74, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x0a, 0x2e, 0x73,
-	0x61, 0x2e, 0x45, 0x78, 0x69, 0x73, 0x74, 0x73, 0x22, 0x00, 0x12, 0x4b, 0x0a, 0x12, 0x53, 0x65,
-	0x72, 0x69, 0x61, 0x6c, 0x73, 0x46, 0x6f, 0x72, 0x49, 0x6e, 0x63, 0x69, 0x64, 0x65, 0x6e, 0x74,
-	0x12, 0x1d, 0x2e, 0x73, 0x61, 0x2e, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x73, 0x46, 0x6f, 0x72,
-	0x49, 0x6e, 0x63, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a,
-	0x12, 0x2e, 0x73, 0x61, 0x2e, 0x49, 0x6e, 0x63, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x53, 0x65, 0x72,
-	0x69, 0x61, 0x6c, 0x22, 0x00, 0x30, 0x01, 0x12, 0x43, 0x0a, 0x0d, 0x41, 0x64, 0x64, 0x42, 0x6c,
-	0x6f, 0x63, 0x6b, 0x65, 0x64, 0x4b, 0x65, 0x79, 0x12, 0x18, 0x2e, 0x73, 0x61, 0x2e, 0x41, 0x64,
-	0x64, 0x42, 0x6c, 0x6f, 0x63, 0x6b, 0x65, 0x64, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65,
-	0x73, 0x74, 0x1a, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74,
-	0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x22, 0x00, 0x12, 0x49, 0x0a, 0x0e,
-	0x41, 0x64, 0x64, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x19,
-	0x2e, 0x73, 0x61, 0x2e, 0x41, 0x64, 0x64, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61,
-	0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1a, 0x2e, 0x73, 0x61, 0x2e, 0x41,
-	0x64, 0x64, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x52, 0x65, 0x73,
-	0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x48, 0x0a, 0x11, 0x41, 0x64, 0x64, 0x50, 0x72,
-	0x65, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x19, 0x2e, 0x73,
-	0x61, 0x2e, 0x41, 0x64, 0x64, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65,
-	0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
-	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x22,
-	0x00, 0x12, 0x3b, 0x0a, 0x09, 0x41, 0x64, 0x64, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x12, 0x14,
-	0x2e, 0x73, 0x61, 0x2e, 0x41, 0x64, 0x64, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x52, 0x65, 0x71,
-	0x75, 0x65, 0x73, 0x74, 0x1a, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72,
-	0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x22, 0x00, 0x12, 0x4a,
-	0x0a, 0x18, 0x44, 0x65, 0x61, 0x63, 0x74, 0x69, 0x76, 0x61, 0x74, 0x65, 0x41, 0x75, 0x74, 0x68,
-	0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x32, 0x12, 0x14, 0x2e, 0x73, 0x61, 0x2e,
-	0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x32,
-	0x1a, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62,
-	0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x22, 0x00, 0x12, 0x46, 0x0a, 0x16, 0x44, 0x65,
-	0x61, 0x63, 0x74, 0x69, 0x76, 0x61, 0x74, 0x65, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61,
-	0x74, 0x69, 0x6f, 0x6e, 0x12, 0x12, 0x2e, 0x73, 0x61, 0x2e, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74,
-	0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x1a, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
-	0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79,
-	0x22, 0x00, 0x12, 0x54, 0x0a, 0x16, 0x46, 0x69, 0x6e, 0x61, 0x6c, 0x69, 0x7a, 0x65, 0x41, 0x75,
-	0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x32, 0x12, 0x20, 0x2e, 0x73,
-	0x61, 0x2e, 0x46, 0x69, 0x6e, 0x61, 0x6c, 0x69, 0x7a, 0x65, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72,
-	0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x16,
-	0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66,
-	0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x22, 0x00, 0x12, 0x43, 0x0a, 0x0d, 0x46, 0x69, 0x6e, 0x61,
-	0x6c, 0x69, 0x7a, 0x65, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x12, 0x18, 0x2e, 0x73, 0x61, 0x2e, 0x46,
-	0x69, 0x6e, 0x61, 0x6c, 0x69, 0x7a, 0x65, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x52, 0x65, 0x71, 0x75,
-	0x65, 0x73, 0x74, 0x1a, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f,
-	0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x22, 0x00, 0x12, 0x52, 0x0a,
-	0x12, 0x4e, 0x65, 0x77, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f,
-	0x6e, 0x73, 0x32, 0x12, 0x23, 0x2e, 0x73, 0x61, 0x2e, 0x41, 0x64, 0x64, 0x50, 0x65, 0x6e, 0x64,
-	0x69, 0x6e, 0x67, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e,
-	0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x15, 0x2e, 0x73, 0x61, 0x2e, 0x41, 0x75,
-	0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x32, 0x49, 0x44, 0x73, 0x22,
-	0x00, 0x12, 0x2e, 0x0a, 0x08, 0x4e, 0x65, 0x77, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x12, 0x13, 0x2e,
-	0x73, 0x61, 0x2e, 0x4e, 0x65, 0x77, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65,
-	0x73, 0x74, 0x1a, 0x0b, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x22,
-	0x00, 0x12, 0x40, 0x0a, 0x11, 0x4e, 0x65, 0x77, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x41, 0x6e, 0x64,
-	0x41, 0x75, 0x74, 0x68, 0x7a, 0x73, 0x12, 0x1c, 0x2e, 0x73, 0x61, 0x2e, 0x4e, 0x65, 0x77, 0x4f,
-	0x72, 0x64, 0x65, 0x72, 0x41, 0x6e, 0x64, 0x41, 0x75, 0x74, 0x68, 0x7a, 0x73, 0x52, 0x65, 0x71,
-	0x75, 0x65, 0x73, 0x74, 0x1a, 0x0b, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x4f, 0x72, 0x64, 0x65,
-	0x72, 0x22, 0x00, 0x12, 0x3b, 0x0a, 0x0f, 0x4e, 0x65, 0x77, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74,
-	0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x12, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x52, 0x65,
-	0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x1a, 0x12, 0x2e, 0x63, 0x6f, 0x72,
-	0x65, 0x2e, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x00,
-	0x12, 0x4b, 0x0a, 0x11, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66,
-	0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x1c, 0x2e, 0x73, 0x61, 0x2e, 0x52, 0x65, 0x76, 0x6f, 0x6b,
-	0x65, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75,
-	0x65, 0x73, 0x74, 0x1a, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f,
-	0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x22, 0x00, 0x12, 0x43, 0x0a,
-	0x0d, 0x53, 0x65, 0x74, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x12, 0x18,
-	0x2e, 0x73, 0x61, 0x2e, 0x53, 0x65, 0x74, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x45, 0x72, 0x72, 0x6f,
-	0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
-	0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79,
-	0x22, 0x00, 0x12, 0x40, 0x0a, 0x12, 0x53, 0x65, 0x74, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x50, 0x72,
-	0x6f, 0x63, 0x65, 0x73, 0x73, 0x69, 0x6e, 0x67, 0x12, 0x10, 0x2e, 0x73, 0x61, 0x2e, 0x4f, 0x72,
-	0x64, 0x65, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x16, 0x2e, 0x67, 0x6f, 0x6f,
-	0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70,
-	0x74, 0x79, 0x22, 0x00, 0x12, 0x42, 0x0a, 0x12, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x52, 0x65,
-	0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x12, 0x2e, 0x63, 0x6f, 0x72,
-	0x65, 0x2e, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x1a, 0x16,
-	0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66,
-	0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x22, 0x00, 0x12, 0x52, 0x0a, 0x18, 0x55, 0x70, 0x64, 0x61,
-	0x74, 0x65, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x64, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69,
-	0x63, 0x61, 0x74, 0x65, 0x12, 0x1c, 0x2e, 0x73, 0x61, 0x2e, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65,
-	0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65,
-	0x73, 0x74, 0x1a, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74,
-	0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x22, 0x00, 0x42, 0x29, 0x5a, 0x27,
-	0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6c, 0x65, 0x74, 0x73, 0x65,
-	0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x2f, 0x62, 0x6f, 0x75, 0x6c, 0x64, 0x65, 0x72, 0x2f, 0x73,
-	0x61, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
-}
-
-var (
-	file_sa_proto_rawDescOnce sync.Once
-	file_sa_proto_rawDescData = file_sa_proto_rawDesc
-)
-
-func file_sa_proto_rawDescGZIP() []byte {
-	file_sa_proto_rawDescOnce.Do(func() {
-		file_sa_proto_rawDescData = protoimpl.X.CompressGZIP(file_sa_proto_rawDescData)
-	})
-	return file_sa_proto_rawDescData
-}
-
-var file_sa_proto_msgTypes = make([]protoimpl.MessageInfo, 49)
-var file_sa_proto_goTypes = []interface{}{
-	(*RegistrationID)(nil),                     // 0: sa.RegistrationID
-	(*JSONWebKey)(nil),                         // 1: sa.JSONWebKey
-	(*AuthorizationID)(nil),                    // 2: sa.AuthorizationID
-	(*GetPendingAuthorizationRequest)(nil),     // 3: sa.GetPendingAuthorizationRequest
-	(*GetValidAuthorizationsRequest)(nil),      // 4: sa.GetValidAuthorizationsRequest
-	(*ValidAuthorizations)(nil),                // 5: sa.ValidAuthorizations
-	(*Serial)(nil),                             // 6: sa.Serial
-	(*SerialMetadata)(nil),                     // 7: sa.SerialMetadata
-	(*Range)(nil),                              // 8: sa.Range
-	(*Count)(nil),                              // 9: sa.Count
-	(*Timestamps)(nil),                         // 10: sa.Timestamps
-	(*CountCertificatesByNamesRequest)(nil),    // 11: sa.CountCertificatesByNamesRequest
-	(*CountByNames)(nil),                       // 12: sa.CountByNames
-	(*CountRegistrationsByIPRequest)(nil),      // 13: sa.CountRegistrationsByIPRequest
-	(*CountInvalidAuthorizationsRequest)(nil),  // 14: sa.CountInvalidAuthorizationsRequest
-	(*CountOrdersRequest)(nil),                 // 15: sa.CountOrdersRequest
-	(*CountFQDNSetsRequest)(nil),               // 16: sa.CountFQDNSetsRequest
-	(*FQDNSetExistsRequest)(nil),               // 17: sa.FQDNSetExistsRequest
-	(*PreviousCertificateExistsRequest)(nil),   // 18: sa.PreviousCertificateExistsRequest
-	(*Exists)(nil),                             // 19: sa.Exists
-	(*AddSerialRequest)(nil),                   // 20: sa.AddSerialRequest
-	(*AddCertificateRequest)(nil),              // 21: sa.AddCertificateRequest
-	(*AddCertificateResponse)(nil),             // 22: sa.AddCertificateResponse
-	(*OrderRequest)(nil),                       // 23: sa.OrderRequest
-	(*NewOrderRequest)(nil),                    // 24: sa.NewOrderRequest
-	(*NewOrderAndAuthzsRequest)(nil),           // 25: sa.NewOrderAndAuthzsRequest
-	(*SetOrderErrorRequest)(nil),               // 26: sa.SetOrderErrorRequest
-	(*GetValidOrderAuthorizationsRequest)(nil), // 27: sa.GetValidOrderAuthorizationsRequest
-	(*GetOrderForNamesRequest)(nil),            // 28: sa.GetOrderForNamesRequest
-	(*FinalizeOrderRequest)(nil),               // 29: sa.FinalizeOrderRequest
-	(*GetAuthorizationsRequest)(nil),           // 30: sa.GetAuthorizationsRequest
-	(*Authorizations)(nil),                     // 31: sa.Authorizations
-	(*AddPendingAuthorizationsRequest)(nil),    // 32: sa.AddPendingAuthorizationsRequest
-	(*AuthorizationIDs)(nil),                   // 33: sa.AuthorizationIDs
-	(*AuthorizationID2)(nil),                   // 34: sa.AuthorizationID2
-	(*Authorization2IDs)(nil),                  // 35: sa.Authorization2IDs
-	(*RevokeCertificateRequest)(nil),           // 36: sa.RevokeCertificateRequest
-	(*FinalizeAuthorizationRequest)(nil),       // 37: sa.FinalizeAuthorizationRequest
-	(*AddBlockedKeyRequest)(nil),               // 38: sa.AddBlockedKeyRequest
-	(*KeyBlockedRequest)(nil),                  // 39: sa.KeyBlockedRequest
-	(*Incident)(nil),                           // 40: sa.Incident
-	(*Incidents)(nil),                          // 41: sa.Incidents
-	(*SerialsForIncidentRequest)(nil),          // 42: sa.SerialsForIncidentRequest
-	(*IncidentSerial)(nil),                     // 43: sa.IncidentSerial
-	(*GetRevokedCertsRequest)(nil),             // 44: sa.GetRevokedCertsRequest
-	(*RevocationStatus)(nil),                   // 45: sa.RevocationStatus
-	(*ValidAuthorizations_MapElement)(nil),     // 46: sa.ValidAuthorizations.MapElement
-	nil,                                        // 47: sa.CountByNames.CountsEntry
-	(*Authorizations_MapElement)(nil),          // 48: sa.Authorizations.MapElement
-	(*timestamppb.Timestamp)(nil),              // 49: google.protobuf.Timestamp
-	(*proto.Authorization)(nil),                // 50: core.Authorization
-	(*proto.ProblemDetails)(nil),               // 51: core.ProblemDetails
-	(*proto.ValidationRecord)(nil),             // 52: core.ValidationRecord
-	(*emptypb.Empty)(nil),                      // 53: google.protobuf.Empty
-	(*proto.Registration)(nil),                 // 54: core.Registration
-	(*proto.Certificate)(nil),                  // 55: core.Certificate
-	(*proto.CertificateStatus)(nil),            // 56: core.CertificateStatus
-	(*proto.Order)(nil),                        // 57: core.Order
-	(*proto.CRLEntry)(nil),                     // 58: core.CRLEntry
-}
-var file_sa_proto_depIdxs = []int32{
-	46, // 0: sa.ValidAuthorizations.valid:type_name -> sa.ValidAuthorizations.MapElement
-	8,  // 1: sa.CountCertificatesByNamesRequest.range:type_name -> sa.Range
-	47, // 2: sa.CountByNames.counts:type_name -> sa.CountByNames.CountsEntry
-	49, // 3: sa.CountByNames.earliest:type_name -> google.protobuf.Timestamp
-	8,  // 4: sa.CountRegistrationsByIPRequest.range:type_name -> sa.Range
-	8,  // 5: sa.CountInvalidAuthorizationsRequest.range:type_name -> sa.Range
-	8,  // 6: sa.CountOrdersRequest.range:type_name -> sa.Range
-	24, // 7: sa.NewOrderAndAuthzsRequest.newOrder:type_name -> sa.NewOrderRequest
-	50, // 8: sa.NewOrderAndAuthzsRequest.newAuthzs:type_name -> core.Authorization
-	51, // 9: sa.SetOrderErrorRequest.error:type_name -> core.ProblemDetails
-	48, // 10: sa.Authorizations.authz:type_name -> sa.Authorizations.MapElement
-	50, // 11: sa.AddPendingAuthorizationsRequest.authz:type_name -> core.Authorization
-	52, // 12: sa.FinalizeAuthorizationRequest.validationRecords:type_name -> core.ValidationRecord
-	51, // 13: sa.FinalizeAuthorizationRequest.validationError:type_name -> core.ProblemDetails
-	40, // 14: sa.Incidents.incidents:type_name -> sa.Incident
-	49, // 15: sa.RevocationStatus.revokedDate:type_name -> google.protobuf.Timestamp
-	50, // 16: sa.ValidAuthorizations.MapElement.authz:type_name -> core.Authorization
-	50, // 17: sa.Authorizations.MapElement.authz:type_name -> core.Authorization
-	11, // 18: sa.StorageAuthorityReadOnly.CountCertificatesByNames:input_type -> sa.CountCertificatesByNamesRequest
-	16, // 19: sa.StorageAuthorityReadOnly.CountFQDNSets:input_type -> sa.CountFQDNSetsRequest
-	14, // 20: sa.StorageAuthorityReadOnly.CountInvalidAuthorizations2:input_type -> sa.CountInvalidAuthorizationsRequest
-	15, // 21: sa.StorageAuthorityReadOnly.CountOrders:input_type -> sa.CountOrdersRequest
-	0,  // 22: sa.StorageAuthorityReadOnly.CountPendingAuthorizations2:input_type -> sa.RegistrationID
-	13, // 23: sa.StorageAuthorityReadOnly.CountRegistrationsByIP:input_type -> sa.CountRegistrationsByIPRequest
-	13, // 24: sa.StorageAuthorityReadOnly.CountRegistrationsByIPRange:input_type -> sa.CountRegistrationsByIPRequest
-	17, // 25: sa.StorageAuthorityReadOnly.FQDNSetExists:input_type -> sa.FQDNSetExistsRequest
-	16, // 26: sa.StorageAuthorityReadOnly.FQDNSetTimestampsForWindow:input_type -> sa.CountFQDNSetsRequest
-	34, // 27: sa.StorageAuthorityReadOnly.GetAuthorization2:input_type -> sa.AuthorizationID2
-	30, // 28: sa.StorageAuthorityReadOnly.GetAuthorizations2:input_type -> sa.GetAuthorizationsRequest
-	6,  // 29: sa.StorageAuthorityReadOnly.GetCertificate:input_type -> sa.Serial
-	6,  // 30: sa.StorageAuthorityReadOnly.GetCertificateStatus:input_type -> sa.Serial
-	53, // 31: sa.StorageAuthorityReadOnly.GetMaxExpiration:input_type -> google.protobuf.Empty
-	23, // 32: sa.StorageAuthorityReadOnly.GetOrder:input_type -> sa.OrderRequest
-	28, // 33: sa.StorageAuthorityReadOnly.GetOrderForNames:input_type -> sa.GetOrderForNamesRequest
-	3,  // 34: sa.StorageAuthorityReadOnly.GetPendingAuthorization2:input_type -> sa.GetPendingAuthorizationRequest
-	6,  // 35: sa.StorageAuthorityReadOnly.GetPrecertificate:input_type -> sa.Serial
-	0,  // 36: sa.StorageAuthorityReadOnly.GetRegistration:input_type -> sa.RegistrationID
-	1,  // 37: sa.StorageAuthorityReadOnly.GetRegistrationByKey:input_type -> sa.JSONWebKey
-	6,  // 38: sa.StorageAuthorityReadOnly.GetRevocationStatus:input_type -> sa.Serial
-	44, // 39: sa.StorageAuthorityReadOnly.GetRevokedCerts:input_type -> sa.GetRevokedCertsRequest
-	6,  // 40: sa.StorageAuthorityReadOnly.GetSerialMetadata:input_type -> sa.Serial
-	4,  // 41: sa.StorageAuthorityReadOnly.GetValidAuthorizations2:input_type -> sa.GetValidAuthorizationsRequest
-	27, // 42: sa.StorageAuthorityReadOnly.GetValidOrderAuthorizations2:input_type -> sa.GetValidOrderAuthorizationsRequest
-	6,  // 43: sa.StorageAuthorityReadOnly.IncidentsForSerial:input_type -> sa.Serial
-	39, // 44: sa.StorageAuthorityReadOnly.KeyBlocked:input_type -> sa.KeyBlockedRequest
-	18, // 45: sa.StorageAuthorityReadOnly.PreviousCertificateExists:input_type -> sa.PreviousCertificateExistsRequest
-	42, // 46: sa.StorageAuthorityReadOnly.SerialsForIncident:input_type -> sa.SerialsForIncidentRequest
-	11, // 47: sa.StorageAuthority.CountCertificatesByNames:input_type -> sa.CountCertificatesByNamesRequest
-	16, // 48: sa.StorageAuthority.CountFQDNSets:input_type -> sa.CountFQDNSetsRequest
-	14, // 49: sa.StorageAuthority.CountInvalidAuthorizations2:input_type -> sa.CountInvalidAuthorizationsRequest
-	15, // 50: sa.StorageAuthority.CountOrders:input_type -> sa.CountOrdersRequest
-	0,  // 51: sa.StorageAuthority.CountPendingAuthorizations2:input_type -> sa.RegistrationID
-	13, // 52: sa.StorageAuthority.CountRegistrationsByIP:input_type -> sa.CountRegistrationsByIPRequest
-	13, // 53: sa.StorageAuthority.CountRegistrationsByIPRange:input_type -> sa.CountRegistrationsByIPRequest
-	17, // 54: sa.StorageAuthority.FQDNSetExists:input_type -> sa.FQDNSetExistsRequest
-	16, // 55: sa.StorageAuthority.FQDNSetTimestampsForWindow:input_type -> sa.CountFQDNSetsRequest
-	34, // 56: sa.StorageAuthority.GetAuthorization2:input_type -> sa.AuthorizationID2
-	30, // 57: sa.StorageAuthority.GetAuthorizations2:input_type -> sa.GetAuthorizationsRequest
-	6,  // 58: sa.StorageAuthority.GetCertificate:input_type -> sa.Serial
-	6,  // 59: sa.StorageAuthority.GetCertificateStatus:input_type -> sa.Serial
-	53, // 60: sa.StorageAuthority.GetMaxExpiration:input_type -> google.protobuf.Empty
-	23, // 61: sa.StorageAuthority.GetOrder:input_type -> sa.OrderRequest
-	28, // 62: sa.StorageAuthority.GetOrderForNames:input_type -> sa.GetOrderForNamesRequest
-	3,  // 63: sa.StorageAuthority.GetPendingAuthorization2:input_type -> sa.GetPendingAuthorizationRequest
-	6,  // 64: sa.StorageAuthority.GetPrecertificate:input_type -> sa.Serial
-	0,  // 65: sa.StorageAuthority.GetRegistration:input_type -> sa.RegistrationID
-	1,  // 66: sa.StorageAuthority.GetRegistrationByKey:input_type -> sa.JSONWebKey
-	6,  // 67: sa.StorageAuthority.GetRevocationStatus:input_type -> sa.Serial
-	44, // 68: sa.StorageAuthority.GetRevokedCerts:input_type -> sa.GetRevokedCertsRequest
-	6,  // 69: sa.StorageAuthority.GetSerialMetadata:input_type -> sa.Serial
-	4,  // 70: sa.StorageAuthority.GetValidAuthorizations2:input_type -> sa.GetValidAuthorizationsRequest
-	27, // 71: sa.StorageAuthority.GetValidOrderAuthorizations2:input_type -> sa.GetValidOrderAuthorizationsRequest
-	6,  // 72: sa.StorageAuthority.IncidentsForSerial:input_type -> sa.Serial
-	39, // 73: sa.StorageAuthority.KeyBlocked:input_type -> sa.KeyBlockedRequest
-	18, // 74: sa.StorageAuthority.PreviousCertificateExists:input_type -> sa.PreviousCertificateExistsRequest
-	42, // 75: sa.StorageAuthority.SerialsForIncident:input_type -> sa.SerialsForIncidentRequest
-	38, // 76: sa.StorageAuthority.AddBlockedKey:input_type -> sa.AddBlockedKeyRequest
-	21, // 77: sa.StorageAuthority.AddCertificate:input_type -> sa.AddCertificateRequest
-	21, // 78: sa.StorageAuthority.AddPrecertificate:input_type -> sa.AddCertificateRequest
-	20, // 79: sa.StorageAuthority.AddSerial:input_type -> sa.AddSerialRequest
-	34, // 80: sa.StorageAuthority.DeactivateAuthorization2:input_type -> sa.AuthorizationID2
-	0,  // 81: sa.StorageAuthority.DeactivateRegistration:input_type -> sa.RegistrationID
-	37, // 82: sa.StorageAuthority.FinalizeAuthorization2:input_type -> sa.FinalizeAuthorizationRequest
-	29, // 83: sa.StorageAuthority.FinalizeOrder:input_type -> sa.FinalizeOrderRequest
-	32, // 84: sa.StorageAuthority.NewAuthorizations2:input_type -> sa.AddPendingAuthorizationsRequest
-	24, // 85: sa.StorageAuthority.NewOrder:input_type -> sa.NewOrderRequest
-	25, // 86: sa.StorageAuthority.NewOrderAndAuthzs:input_type -> sa.NewOrderAndAuthzsRequest
-	54, // 87: sa.StorageAuthority.NewRegistration:input_type -> core.Registration
-	36, // 88: sa.StorageAuthority.RevokeCertificate:input_type -> sa.RevokeCertificateRequest
-	26, // 89: sa.StorageAuthority.SetOrderError:input_type -> sa.SetOrderErrorRequest
-	23, // 90: sa.StorageAuthority.SetOrderProcessing:input_type -> sa.OrderRequest
-	54, // 91: sa.StorageAuthority.UpdateRegistration:input_type -> core.Registration
-	36, // 92: sa.StorageAuthority.UpdateRevokedCertificate:input_type -> sa.RevokeCertificateRequest
-	12, // 93: sa.StorageAuthorityReadOnly.CountCertificatesByNames:output_type -> sa.CountByNames
-	9,  // 94: sa.StorageAuthorityReadOnly.CountFQDNSets:output_type -> sa.Count
-	9,  // 95: sa.StorageAuthorityReadOnly.CountInvalidAuthorizations2:output_type -> sa.Count
-	9,  // 96: sa.StorageAuthorityReadOnly.CountOrders:output_type -> sa.Count
-	9,  // 97: sa.StorageAuthorityReadOnly.CountPendingAuthorizations2:output_type -> sa.Count
-	9,  // 98: sa.StorageAuthorityReadOnly.CountRegistrationsByIP:output_type -> sa.Count
-	9,  // 99: sa.StorageAuthorityReadOnly.CountRegistrationsByIPRange:output_type -> sa.Count
-	19, // 100: sa.StorageAuthorityReadOnly.FQDNSetExists:output_type -> sa.Exists
-	10, // 101: sa.StorageAuthorityReadOnly.FQDNSetTimestampsForWindow:output_type -> sa.Timestamps
-	50, // 102: sa.StorageAuthorityReadOnly.GetAuthorization2:output_type -> core.Authorization
-	31, // 103: sa.StorageAuthorityReadOnly.GetAuthorizations2:output_type -> sa.Authorizations
-	55, // 104: sa.StorageAuthorityReadOnly.GetCertificate:output_type -> core.Certificate
-	56, // 105: sa.StorageAuthorityReadOnly.GetCertificateStatus:output_type -> core.CertificateStatus
-	49, // 106: sa.StorageAuthorityReadOnly.GetMaxExpiration:output_type -> google.protobuf.Timestamp
-	57, // 107: sa.StorageAuthorityReadOnly.GetOrder:output_type -> core.Order
-	57, // 108: sa.StorageAuthorityReadOnly.GetOrderForNames:output_type -> core.Order
-	50, // 109: sa.StorageAuthorityReadOnly.GetPendingAuthorization2:output_type -> core.Authorization
-	55, // 110: sa.StorageAuthorityReadOnly.GetPrecertificate:output_type -> core.Certificate
-	54, // 111: sa.StorageAuthorityReadOnly.GetRegistration:output_type -> core.Registration
-	54, // 112: sa.StorageAuthorityReadOnly.GetRegistrationByKey:output_type -> core.Registration
-	45, // 113: sa.StorageAuthorityReadOnly.GetRevocationStatus:output_type -> sa.RevocationStatus
-	58, // 114: sa.StorageAuthorityReadOnly.GetRevokedCerts:output_type -> core.CRLEntry
-	7,  // 115: sa.StorageAuthorityReadOnly.GetSerialMetadata:output_type -> sa.SerialMetadata
-	31, // 116: sa.StorageAuthorityReadOnly.GetValidAuthorizations2:output_type -> sa.Authorizations
-	31, // 117: sa.StorageAuthorityReadOnly.GetValidOrderAuthorizations2:output_type -> sa.Authorizations
-	41, // 118: sa.StorageAuthorityReadOnly.IncidentsForSerial:output_type -> sa.Incidents
-	19, // 119: sa.StorageAuthorityReadOnly.KeyBlocked:output_type -> sa.Exists
-	19, // 120: sa.StorageAuthorityReadOnly.PreviousCertificateExists:output_type -> sa.Exists
-	43, // 121: sa.StorageAuthorityReadOnly.SerialsForIncident:output_type -> sa.IncidentSerial
-	12, // 122: sa.StorageAuthority.CountCertificatesByNames:output_type -> sa.CountByNames
-	9,  // 123: sa.StorageAuthority.CountFQDNSets:output_type -> sa.Count
-	9,  // 124: sa.StorageAuthority.CountInvalidAuthorizations2:output_type -> sa.Count
-	9,  // 125: sa.StorageAuthority.CountOrders:output_type -> sa.Count
-	9,  // 126: sa.StorageAuthority.CountPendingAuthorizations2:output_type -> sa.Count
-	9,  // 127: sa.StorageAuthority.CountRegistrationsByIP:output_type -> sa.Count
-	9,  // 128: sa.StorageAuthority.CountRegistrationsByIPRange:output_type -> sa.Count
-	19, // 129: sa.StorageAuthority.FQDNSetExists:output_type -> sa.Exists
-	10, // 130: sa.StorageAuthority.FQDNSetTimestampsForWindow:output_type -> sa.Timestamps
-	50, // 131: sa.StorageAuthority.GetAuthorization2:output_type -> core.Authorization
-	31, // 132: sa.StorageAuthority.GetAuthorizations2:output_type -> sa.Authorizations
-	55, // 133: sa.StorageAuthority.GetCertificate:output_type -> core.Certificate
-	56, // 134: sa.StorageAuthority.GetCertificateStatus:output_type -> core.CertificateStatus
-	49, // 135: sa.StorageAuthority.GetMaxExpiration:output_type -> google.protobuf.Timestamp
-	57, // 136: sa.StorageAuthority.GetOrder:output_type -> core.Order
-	57, // 137: sa.StorageAuthority.GetOrderForNames:output_type -> core.Order
-	50, // 138: sa.StorageAuthority.GetPendingAuthorization2:output_type -> core.Authorization
-	55, // 139: sa.StorageAuthority.GetPrecertificate:output_type -> core.Certificate
-	54, // 140: sa.StorageAuthority.GetRegistration:output_type -> core.Registration
-	54, // 141: sa.StorageAuthority.GetRegistrationByKey:output_type -> core.Registration
-	45, // 142: sa.StorageAuthority.GetRevocationStatus:output_type -> sa.RevocationStatus
-	58, // 143: sa.StorageAuthority.GetRevokedCerts:output_type -> core.CRLEntry
-	7,  // 144: sa.StorageAuthority.GetSerialMetadata:output_type -> sa.SerialMetadata
-	31, // 145: sa.StorageAuthority.GetValidAuthorizations2:output_type -> sa.Authorizations
-	31, // 146: sa.StorageAuthority.GetValidOrderAuthorizations2:output_type -> sa.Authorizations
-	41, // 147: sa.StorageAuthority.IncidentsForSerial:output_type -> sa.Incidents
-	19, // 148: sa.StorageAuthority.KeyBlocked:output_type -> sa.Exists
-	19, // 149: sa.StorageAuthority.PreviousCertificateExists:output_type -> sa.Exists
-	43, // 150: sa.StorageAuthority.SerialsForIncident:output_type -> sa.IncidentSerial
-	53, // 151: sa.StorageAuthority.AddBlockedKey:output_type -> google.protobuf.Empty
-	22, // 152: sa.StorageAuthority.AddCertificate:output_type -> sa.AddCertificateResponse
-	53, // 153: sa.StorageAuthority.AddPrecertificate:output_type -> google.protobuf.Empty
-	53, // 154: sa.StorageAuthority.AddSerial:output_type -> google.protobuf.Empty
-	53, // 155: sa.StorageAuthority.DeactivateAuthorization2:output_type -> google.protobuf.Empty
-	53, // 156: sa.StorageAuthority.DeactivateRegistration:output_type -> google.protobuf.Empty
-	53, // 157: sa.StorageAuthority.FinalizeAuthorization2:output_type -> google.protobuf.Empty
-	53, // 158: sa.StorageAuthority.FinalizeOrder:output_type -> google.protobuf.Empty
-	35, // 159: sa.StorageAuthority.NewAuthorizations2:output_type -> sa.Authorization2IDs
-	57, // 160: sa.StorageAuthority.NewOrder:output_type -> core.Order
-	57, // 161: sa.StorageAuthority.NewOrderAndAuthzs:output_type -> core.Order
-	54, // 162: sa.StorageAuthority.NewRegistration:output_type -> core.Registration
-	53, // 163: sa.StorageAuthority.RevokeCertificate:output_type -> google.protobuf.Empty
-	53, // 164: sa.StorageAuthority.SetOrderError:output_type -> google.protobuf.Empty
-	53, // 165: sa.StorageAuthority.SetOrderProcessing:output_type -> google.protobuf.Empty
-	53, // 166: sa.StorageAuthority.UpdateRegistration:output_type -> google.protobuf.Empty
-	53, // 167: sa.StorageAuthority.UpdateRevokedCertificate:output_type -> google.protobuf.Empty
-	93, // [93:168] is the sub-list for method output_type
-	18, // [18:93] is the sub-list for method input_type
-	18, // [18:18] is the sub-list for extension type_name
-	18, // [18:18] is the sub-list for extension extendee
-	0,  // [0:18] is the sub-list for field type_name
-}
-
-func init() { file_sa_proto_init() }
-func file_sa_proto_init() {
-	if File_sa_proto != nil {
-		return
-	}
-	if !protoimpl.UnsafeEnabled {
-		file_sa_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*RegistrationID); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_sa_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*JSONWebKey); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_sa_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*AuthorizationID); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_sa_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*GetPendingAuthorizationRequest); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_sa_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*GetValidAuthorizationsRequest); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_sa_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*ValidAuthorizations); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_sa_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*Serial); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_sa_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*SerialMetadata); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_sa_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*Range); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_sa_proto_msgTypes[9].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*Count); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_sa_proto_msgTypes[10].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*Timestamps); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_sa_proto_msgTypes[11].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*CountCertificatesByNamesRequest); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_sa_proto_msgTypes[12].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*CountByNames); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_sa_proto_msgTypes[13].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*CountRegistrationsByIPRequest); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_sa_proto_msgTypes[14].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*CountInvalidAuthorizationsRequest); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_sa_proto_msgTypes[15].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*CountOrdersRequest); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_sa_proto_msgTypes[16].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*CountFQDNSetsRequest); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_sa_proto_msgTypes[17].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*FQDNSetExistsRequest); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_sa_proto_msgTypes[18].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*PreviousCertificateExistsRequest); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_sa_proto_msgTypes[19].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*Exists); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_sa_proto_msgTypes[20].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*AddSerialRequest); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_sa_proto_msgTypes[21].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*AddCertificateRequest); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_sa_proto_msgTypes[22].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*AddCertificateResponse); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_sa_proto_msgTypes[23].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*OrderRequest); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_sa_proto_msgTypes[24].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*NewOrderRequest); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_sa_proto_msgTypes[25].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*NewOrderAndAuthzsRequest); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_sa_proto_msgTypes[26].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*SetOrderErrorRequest); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_sa_proto_msgTypes[27].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*GetValidOrderAuthorizationsRequest); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_sa_proto_msgTypes[28].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*GetOrderForNamesRequest); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_sa_proto_msgTypes[29].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*FinalizeOrderRequest); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_sa_proto_msgTypes[30].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*GetAuthorizationsRequest); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_sa_proto_msgTypes[31].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*Authorizations); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_sa_proto_msgTypes[32].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*AddPendingAuthorizationsRequest); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_sa_proto_msgTypes[33].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*AuthorizationIDs); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_sa_proto_msgTypes[34].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*AuthorizationID2); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_sa_proto_msgTypes[35].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*Authorization2IDs); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_sa_proto_msgTypes[36].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*RevokeCertificateRequest); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_sa_proto_msgTypes[37].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*FinalizeAuthorizationRequest); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_sa_proto_msgTypes[38].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*AddBlockedKeyRequest); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_sa_proto_msgTypes[39].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*KeyBlockedRequest); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_sa_proto_msgTypes[40].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*Incident); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_sa_proto_msgTypes[41].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*Incidents); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_sa_proto_msgTypes[42].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*SerialsForIncidentRequest); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_sa_proto_msgTypes[43].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*IncidentSerial); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_sa_proto_msgTypes[44].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*GetRevokedCertsRequest); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_sa_proto_msgTypes[45].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*RevocationStatus); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_sa_proto_msgTypes[46].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*ValidAuthorizations_MapElement); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_sa_proto_msgTypes[48].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*Authorizations_MapElement); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-	}
-	type x struct{}
-	out := protoimpl.TypeBuilder{
-		File: protoimpl.DescBuilder{
-			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
-			RawDescriptor: file_sa_proto_rawDesc,
-			NumEnums:      0,
-			NumMessages:   49,
-			NumExtensions: 0,
-			NumServices:   2,
-		},
-		GoTypes:           file_sa_proto_goTypes,
-		DependencyIndexes: file_sa_proto_depIdxs,
-		MessageInfos:      file_sa_proto_msgTypes,
-	}.Build()
-	File_sa_proto = out.File
-	file_sa_proto_rawDesc = nil
-	file_sa_proto_goTypes = nil
-	file_sa_proto_depIdxs = nil
-}
diff --git a/vendor/github.com/letsencrypt/boulder/sa/proto/sa.proto b/vendor/github.com/letsencrypt/boulder/sa/proto/sa.proto
deleted file mode 100644
index 1e4ad6fb8..000000000
--- a/vendor/github.com/letsencrypt/boulder/sa/proto/sa.proto
+++ /dev/null
@@ -1,353 +0,0 @@
-syntax = "proto3";
-
-package sa;
-option go_package = "github.com/letsencrypt/boulder/sa/proto";
-
-import "core/proto/core.proto";
-import "google/protobuf/empty.proto";
-import "google/protobuf/timestamp.proto";
-
-// StorageAuthorityReadOnly exposes only those SA methods which are read-only.
-service StorageAuthorityReadOnly {
-  rpc CountCertificatesByNames(CountCertificatesByNamesRequest) returns (CountByNames) {}
-  rpc CountFQDNSets(CountFQDNSetsRequest) returns (Count) {}
-  rpc CountInvalidAuthorizations2(CountInvalidAuthorizationsRequest) returns (Count) {}
-  rpc CountOrders(CountOrdersRequest) returns (Count) {}
-  rpc CountPendingAuthorizations2(RegistrationID) returns (Count) {}
-  rpc CountRegistrationsByIP(CountRegistrationsByIPRequest) returns (Count) {}
-  rpc CountRegistrationsByIPRange(CountRegistrationsByIPRequest) returns (Count) {}
-  rpc FQDNSetExists(FQDNSetExistsRequest) returns (Exists) {}
-  rpc FQDNSetTimestampsForWindow(CountFQDNSetsRequest) returns (Timestamps) {}
-  rpc GetAuthorization2(AuthorizationID2) returns (core.Authorization) {}
-  rpc GetAuthorizations2(GetAuthorizationsRequest) returns (Authorizations) {}
-  rpc GetCertificate(Serial) returns (core.Certificate) {}
-  rpc GetCertificateStatus(Serial) returns (core.CertificateStatus) {}
-  rpc GetMaxExpiration(google.protobuf.Empty) returns (google.protobuf.Timestamp) {}
-  rpc GetOrder(OrderRequest) returns (core.Order) {}
-  rpc GetOrderForNames(GetOrderForNamesRequest) returns (core.Order) {}
-  rpc GetPendingAuthorization2(GetPendingAuthorizationRequest) returns (core.Authorization) {}
-  rpc GetPrecertificate(Serial) returns (core.Certificate) {}
-  rpc GetRegistration(RegistrationID) returns (core.Registration) {}
-  rpc GetRegistrationByKey(JSONWebKey) returns (core.Registration) {}
-  rpc GetRevocationStatus(Serial) returns (RevocationStatus) {}
-  rpc GetRevokedCerts(GetRevokedCertsRequest) returns (stream core.CRLEntry) {}
-  rpc GetSerialMetadata(Serial) returns (SerialMetadata) {}
-  rpc GetValidAuthorizations2(GetValidAuthorizationsRequest) returns (Authorizations) {}
-  rpc GetValidOrderAuthorizations2(GetValidOrderAuthorizationsRequest) returns (Authorizations) {}
-  rpc IncidentsForSerial(Serial) returns (Incidents) {}
-  rpc KeyBlocked(KeyBlockedRequest) returns (Exists) {}
-  rpc PreviousCertificateExists(PreviousCertificateExistsRequest) returns (Exists) {}
-  rpc SerialsForIncident (SerialsForIncidentRequest) returns (stream IncidentSerial) {}
-}
-
-// StorageAuthority provides full read/write access to the database.
-service StorageAuthority {
-  // Getters: this list must be identical to the StorageAuthorityReadOnly rpcs.
-  rpc CountCertificatesByNames(CountCertificatesByNamesRequest) returns (CountByNames) {}
-  rpc CountFQDNSets(CountFQDNSetsRequest) returns (Count) {}
-  rpc CountInvalidAuthorizations2(CountInvalidAuthorizationsRequest) returns (Count) {}
-  rpc CountOrders(CountOrdersRequest) returns (Count) {}
-  rpc CountPendingAuthorizations2(RegistrationID) returns (Count) {}
-  rpc CountRegistrationsByIP(CountRegistrationsByIPRequest) returns (Count) {}
-  rpc CountRegistrationsByIPRange(CountRegistrationsByIPRequest) returns (Count) {}
-  rpc FQDNSetExists(FQDNSetExistsRequest) returns (Exists) {}
-  rpc FQDNSetTimestampsForWindow(CountFQDNSetsRequest) returns (Timestamps) {}
-  rpc GetAuthorization2(AuthorizationID2) returns (core.Authorization) {}
-  rpc GetAuthorizations2(GetAuthorizationsRequest) returns (Authorizations) {}
-  rpc GetCertificate(Serial) returns (core.Certificate) {}
-  rpc GetCertificateStatus(Serial) returns (core.CertificateStatus) {}
-  rpc GetMaxExpiration(google.protobuf.Empty) returns (google.protobuf.Timestamp) {}
-  rpc GetOrder(OrderRequest) returns (core.Order) {}
-  rpc GetOrderForNames(GetOrderForNamesRequest) returns (core.Order) {}
-  rpc GetPendingAuthorization2(GetPendingAuthorizationRequest) returns (core.Authorization) {}
-  rpc GetPrecertificate(Serial) returns (core.Certificate) {}
-  rpc GetRegistration(RegistrationID) returns (core.Registration) {}
-  rpc GetRegistrationByKey(JSONWebKey) returns (core.Registration) {}
-  rpc GetRevocationStatus(Serial) returns (RevocationStatus) {}
-  rpc GetRevokedCerts(GetRevokedCertsRequest) returns (stream core.CRLEntry) {}
-  rpc GetSerialMetadata(Serial) returns (SerialMetadata) {}
-  rpc GetValidAuthorizations2(GetValidAuthorizationsRequest) returns (Authorizations) {}
-  rpc GetValidOrderAuthorizations2(GetValidOrderAuthorizationsRequest) returns (Authorizations) {}
-  rpc IncidentsForSerial(Serial) returns (Incidents) {}
-  rpc KeyBlocked(KeyBlockedRequest) returns (Exists) {}
-  rpc PreviousCertificateExists(PreviousCertificateExistsRequest) returns (Exists) {}
-  rpc SerialsForIncident (SerialsForIncidentRequest) returns (stream IncidentSerial) {}
-  // Adders
-  rpc AddBlockedKey(AddBlockedKeyRequest) returns (google.protobuf.Empty) {}
-  rpc AddCertificate(AddCertificateRequest) returns (AddCertificateResponse) {}
-  rpc AddPrecertificate(AddCertificateRequest) returns (google.protobuf.Empty) {}
-  rpc AddSerial(AddSerialRequest) returns (google.protobuf.Empty) {}
-  rpc DeactivateAuthorization2(AuthorizationID2) returns (google.protobuf.Empty) {}
-  rpc DeactivateRegistration(RegistrationID) returns (google.protobuf.Empty) {}
-  rpc FinalizeAuthorization2(FinalizeAuthorizationRequest) returns (google.protobuf.Empty) {}
-  rpc FinalizeOrder(FinalizeOrderRequest) returns (google.protobuf.Empty) {}
-  rpc NewAuthorizations2(AddPendingAuthorizationsRequest) returns (Authorization2IDs) {}
-  rpc NewOrder(NewOrderRequest) returns (core.Order) {}
-  rpc NewOrderAndAuthzs(NewOrderAndAuthzsRequest) returns (core.Order) {}
-  rpc NewRegistration(core.Registration) returns (core.Registration) {}
-  rpc RevokeCertificate(RevokeCertificateRequest) returns (google.protobuf.Empty) {}
-  rpc SetOrderError(SetOrderErrorRequest) returns (google.protobuf.Empty) {}
-  rpc SetOrderProcessing(OrderRequest) returns (google.protobuf.Empty) {}
-  rpc UpdateRegistration(core.Registration) returns (google.protobuf.Empty) {}
-  rpc UpdateRevokedCertificate(RevokeCertificateRequest) returns (google.protobuf.Empty) {}
-}
-
-message RegistrationID {
-  int64 id = 1;
-}
-
-message JSONWebKey {
-  bytes jwk = 1; 
-}
-
-message AuthorizationID {
-  string id = 1;
-}
-
-message GetPendingAuthorizationRequest {
-  int64 registrationID = 1;
-  string identifierType = 2;
-  string identifierValue = 3;
-  // Result must be valid until at least this Unix timestamp (nanos)
-  int64 validUntil = 4;
-}
-
-message GetValidAuthorizationsRequest {
-  int64 registrationID = 1;
-  repeated string domains = 2;
-  int64 now = 3; // Unix timestamp (nanoseconds)
-}
-
-message ValidAuthorizations {
-  message MapElement {
-          string domain = 1;
-          core.Authorization authz = 2;
-  }
-  repeated MapElement valid = 1;
-}
-
-message Serial {
-  string serial = 1;
-}
-
-message SerialMetadata {
-  string serial = 1;
-  int64 registrationID = 2;
-  int64 created = 3; // Unix timestamp (nanoseconds)
-  int64 expires = 4; // Unix timestamp (nanoseconds)
-}
-
-message Range {
-  int64 earliest = 1; // Unix timestamp (nanoseconds)
-  int64 latest = 2;   // Unix timestamp (nanoseconds)
-}
-
-message Count {
-  int64 count = 1;
-}
-
-message Timestamps {
-	repeated int64 timestamps = 1; // Unix timestamp (nanoseconds)
-}
-
-message CountCertificatesByNamesRequest {
-  Range range = 1;
-  repeated string names = 2;
-}
-
-message CountByNames {
-  map<string, int64> counts = 1;
-  google.protobuf.Timestamp earliest = 2; // Unix timestamp (nanoseconds)
-}
-
-message CountRegistrationsByIPRequest {
-  bytes ip = 1;
-  Range range = 2;
-}
-
-message CountInvalidAuthorizationsRequest {
-  int64 registrationID = 1;
-  string hostname = 2;
-  // Count authorizations that expire in this range.
-  Range range = 3;
-}
-
-message CountOrdersRequest {
-  int64 accountID = 1;
-  Range range = 2;
-}
-
-message CountFQDNSetsRequest {
-  int64 window = 1;
-  repeated string domains = 2;
-}
-
-message FQDNSetExistsRequest {
-  repeated string domains = 1;
-}
-
-message PreviousCertificateExistsRequest {
-  string domain = 1;
-  int64 regID = 2;
-}
-
-message Exists {
-  bool exists = 1;
-}
-
-message AddSerialRequest {
-  int64 regID = 1;
-  string serial = 2;
-  int64 created = 3; // Unix timestamp (nanoseconds)
-  int64 expires = 4; // Unix timestamp (nanoseconds)
-}
-
-message AddCertificateRequest {
-  bytes der = 1;
-  int64 regID = 2;
-  // A signed OCSP response for the certificate contained in "der".
-  // Note: The certificate status in the OCSP response is assumed to be 0 (good).
-  bytes ocsp = 3;
-  // An issued time. When not present the SA defaults to using
-  // the current time. The orphan-finder uses this parameter to add
-  // certificates with the correct historic issued date
-  int64 issued = 4;
-  int64 issuerID = 5;
-}
-
-message AddCertificateResponse {
-  string digest = 1;
-}
-
-message OrderRequest {
-  int64 id = 1;
-}
-
-message NewOrderRequest {
-  int64 registrationID = 1;
-  int64 expires = 2;
-  repeated string names = 3;
-  repeated int64 v2Authorizations = 4;
-}
-
-message NewOrderAndAuthzsRequest {
-  NewOrderRequest newOrder = 1;
-  repeated core.Authorization newAuthzs = 2;
-}
-
-message SetOrderErrorRequest {
-  int64 id = 1;
-  core.ProblemDetails error = 2;
-}
-
-message GetValidOrderAuthorizationsRequest {
-  int64 id = 1;
-  int64 acctID = 2;
-}
-
-message GetOrderForNamesRequest {
-  int64 acctID = 1;
-  repeated string names = 2;
-}
-
-message FinalizeOrderRequest {
-  int64 id = 1;
-  string certificateSerial = 2;
-}
-
-message GetAuthorizationsRequest {
-  int64 registrationID = 1;
-  repeated string domains = 2;
-  int64 now = 3; // Unix timestamp (nanoseconds)
-}
-
-message Authorizations {
-  message MapElement {
-          string domain = 1;
-          core.Authorization authz = 2;
-  }
-  repeated MapElement authz = 1;
-}
-
-message AddPendingAuthorizationsRequest {
-  repeated core.Authorization authz = 1;
-}
-
-message AuthorizationIDs {
-  repeated string ids = 1;
-}
-
-message AuthorizationID2 {
-  int64 id = 1;
-}
-
-message Authorization2IDs {
-  repeated int64 ids = 1;
-}
-
-message RevokeCertificateRequest {
-  string serial = 1;
-  int64 reason = 2;
-  int64 date = 3; // Unix timestamp (nanoseconds)
-  int64 backdate = 5; // Unix timestamp (nanoseconds)
-  bytes response = 4;
-  int64 issuerID = 6;
-}
-
-message FinalizeAuthorizationRequest {
-  int64 id = 1;
-  string status = 2;
-  int64 expires = 3; // Unix timestamp (nanoseconds)
-  string attempted = 4;
-  repeated core.ValidationRecord validationRecords = 5;
-  core.ProblemDetails validationError = 6;
-  int64 attemptedAt = 7; // Unix timestamp (nanoseconds)
-}
-
-message AddBlockedKeyRequest {
-  bytes keyHash = 1;
-  int64 added = 2; // Unix timestamp (nanoseconds)
-  string source = 3;
-  string comment = 4;
-  int64 revokedBy = 5;
-}
-
-message KeyBlockedRequest {
-  bytes keyHash = 1;
-}
-
-message Incident {
-  int64 id = 1;
-  string serialTable = 2;
-  string url = 3;
-  int64 renewBy = 4; // Unix timestamp (nanoseconds)
-  bool enabled = 5;
-}
-
-message Incidents {
-  repeated Incident incidents = 1;
-}
-
-message SerialsForIncidentRequest {
-  string incidentTable = 1;
-}
-
-message IncidentSerial {
-  string serial = 1;
-  int64 registrationID = 2;
-  int64 orderID = 3;
-  int64 lastNoticeSent = 4; // Unix timestamp (nanoseconds)
-}
-
-message GetRevokedCertsRequest {
-  int64 issuerNameID = 1;
-  int64 expiresAfter = 2; // Unix timestamp (nanoseconds), inclusive
-  int64 expiresBefore = 3; // Unix timestamp (nanoseconds), exclusive
-  int64 revokedBefore = 4; // Unix timestamp (nanoseconds)
-}
-
-message RevocationStatus {
-  int64 status = 1;
-  int64 revokedReason = 2;
-  google.protobuf.Timestamp revokedDate = 3; // Unix timestamp (nanoseconds)
-}
diff --git a/vendor/github.com/letsencrypt/boulder/sa/proto/sa_grpc.pb.go b/vendor/github.com/letsencrypt/boulder/sa/proto/sa_grpc.pb.go
deleted file mode 100644
index 37a4e026a..000000000
--- a/vendor/github.com/letsencrypt/boulder/sa/proto/sa_grpc.pb.go
+++ /dev/null
@@ -1,2937 +0,0 @@
-// Code generated by protoc-gen-go-grpc. DO NOT EDIT.
-// versions:
-// - protoc-gen-go-grpc v1.2.0
-// - protoc             v3.20.1
-// source: sa.proto
-
-package proto
-
-import (
-	context "context"
-	proto "github.com/letsencrypt/boulder/core/proto"
-	grpc "google.golang.org/grpc"
-	codes "google.golang.org/grpc/codes"
-	status "google.golang.org/grpc/status"
-	emptypb "google.golang.org/protobuf/types/known/emptypb"
-	timestamppb "google.golang.org/protobuf/types/known/timestamppb"
-)
-
-// This is a compile-time assertion to ensure that this generated file
-// is compatible with the grpc package it is being compiled against.
-// Requires gRPC-Go v1.32.0 or later.
-const _ = grpc.SupportPackageIsVersion7
-
-// StorageAuthorityReadOnlyClient is the client API for StorageAuthorityReadOnly service.
-//
-// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.
-type StorageAuthorityReadOnlyClient interface {
-	CountCertificatesByNames(ctx context.Context, in *CountCertificatesByNamesRequest, opts ...grpc.CallOption) (*CountByNames, error)
-	CountFQDNSets(ctx context.Context, in *CountFQDNSetsRequest, opts ...grpc.CallOption) (*Count, error)
-	CountInvalidAuthorizations2(ctx context.Context, in *CountInvalidAuthorizationsRequest, opts ...grpc.CallOption) (*Count, error)
-	CountOrders(ctx context.Context, in *CountOrdersRequest, opts ...grpc.CallOption) (*Count, error)
-	CountPendingAuthorizations2(ctx context.Context, in *RegistrationID, opts ...grpc.CallOption) (*Count, error)
-	CountRegistrationsByIP(ctx context.Context, in *CountRegistrationsByIPRequest, opts ...grpc.CallOption) (*Count, error)
-	CountRegistrationsByIPRange(ctx context.Context, in *CountRegistrationsByIPRequest, opts ...grpc.CallOption) (*Count, error)
-	FQDNSetExists(ctx context.Context, in *FQDNSetExistsRequest, opts ...grpc.CallOption) (*Exists, error)
-	FQDNSetTimestampsForWindow(ctx context.Context, in *CountFQDNSetsRequest, opts ...grpc.CallOption) (*Timestamps, error)
-	GetAuthorization2(ctx context.Context, in *AuthorizationID2, opts ...grpc.CallOption) (*proto.Authorization, error)
-	GetAuthorizations2(ctx context.Context, in *GetAuthorizationsRequest, opts ...grpc.CallOption) (*Authorizations, error)
-	GetCertificate(ctx context.Context, in *Serial, opts ...grpc.CallOption) (*proto.Certificate, error)
-	GetCertificateStatus(ctx context.Context, in *Serial, opts ...grpc.CallOption) (*proto.CertificateStatus, error)
-	GetMaxExpiration(ctx context.Context, in *emptypb.Empty, opts ...grpc.CallOption) (*timestamppb.Timestamp, error)
-	GetOrder(ctx context.Context, in *OrderRequest, opts ...grpc.CallOption) (*proto.Order, error)
-	GetOrderForNames(ctx context.Context, in *GetOrderForNamesRequest, opts ...grpc.CallOption) (*proto.Order, error)
-	GetPendingAuthorization2(ctx context.Context, in *GetPendingAuthorizationRequest, opts ...grpc.CallOption) (*proto.Authorization, error)
-	GetPrecertificate(ctx context.Context, in *Serial, opts ...grpc.CallOption) (*proto.Certificate, error)
-	GetRegistration(ctx context.Context, in *RegistrationID, opts ...grpc.CallOption) (*proto.Registration, error)
-	GetRegistrationByKey(ctx context.Context, in *JSONWebKey, opts ...grpc.CallOption) (*proto.Registration, error)
-	GetRevocationStatus(ctx context.Context, in *Serial, opts ...grpc.CallOption) (*RevocationStatus, error)
-	GetRevokedCerts(ctx context.Context, in *GetRevokedCertsRequest, opts ...grpc.CallOption) (StorageAuthorityReadOnly_GetRevokedCertsClient, error)
-	GetSerialMetadata(ctx context.Context, in *Serial, opts ...grpc.CallOption) (*SerialMetadata, error)
-	GetValidAuthorizations2(ctx context.Context, in *GetValidAuthorizationsRequest, opts ...grpc.CallOption) (*Authorizations, error)
-	GetValidOrderAuthorizations2(ctx context.Context, in *GetValidOrderAuthorizationsRequest, opts ...grpc.CallOption) (*Authorizations, error)
-	IncidentsForSerial(ctx context.Context, in *Serial, opts ...grpc.CallOption) (*Incidents, error)
-	KeyBlocked(ctx context.Context, in *KeyBlockedRequest, opts ...grpc.CallOption) (*Exists, error)
-	PreviousCertificateExists(ctx context.Context, in *PreviousCertificateExistsRequest, opts ...grpc.CallOption) (*Exists, error)
-	SerialsForIncident(ctx context.Context, in *SerialsForIncidentRequest, opts ...grpc.CallOption) (StorageAuthorityReadOnly_SerialsForIncidentClient, error)
-}
-
-type storageAuthorityReadOnlyClient struct {
-	cc grpc.ClientConnInterface
-}
-
-func NewStorageAuthorityReadOnlyClient(cc grpc.ClientConnInterface) StorageAuthorityReadOnlyClient {
-	return &storageAuthorityReadOnlyClient{cc}
-}
-
-func (c *storageAuthorityReadOnlyClient) CountCertificatesByNames(ctx context.Context, in *CountCertificatesByNamesRequest, opts ...grpc.CallOption) (*CountByNames, error) {
-	out := new(CountByNames)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthorityReadOnly/CountCertificatesByNames", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityReadOnlyClient) CountFQDNSets(ctx context.Context, in *CountFQDNSetsRequest, opts ...grpc.CallOption) (*Count, error) {
-	out := new(Count)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthorityReadOnly/CountFQDNSets", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityReadOnlyClient) CountInvalidAuthorizations2(ctx context.Context, in *CountInvalidAuthorizationsRequest, opts ...grpc.CallOption) (*Count, error) {
-	out := new(Count)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthorityReadOnly/CountInvalidAuthorizations2", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityReadOnlyClient) CountOrders(ctx context.Context, in *CountOrdersRequest, opts ...grpc.CallOption) (*Count, error) {
-	out := new(Count)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthorityReadOnly/CountOrders", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityReadOnlyClient) CountPendingAuthorizations2(ctx context.Context, in *RegistrationID, opts ...grpc.CallOption) (*Count, error) {
-	out := new(Count)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthorityReadOnly/CountPendingAuthorizations2", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityReadOnlyClient) CountRegistrationsByIP(ctx context.Context, in *CountRegistrationsByIPRequest, opts ...grpc.CallOption) (*Count, error) {
-	out := new(Count)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthorityReadOnly/CountRegistrationsByIP", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityReadOnlyClient) CountRegistrationsByIPRange(ctx context.Context, in *CountRegistrationsByIPRequest, opts ...grpc.CallOption) (*Count, error) {
-	out := new(Count)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthorityReadOnly/CountRegistrationsByIPRange", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityReadOnlyClient) FQDNSetExists(ctx context.Context, in *FQDNSetExistsRequest, opts ...grpc.CallOption) (*Exists, error) {
-	out := new(Exists)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthorityReadOnly/FQDNSetExists", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityReadOnlyClient) FQDNSetTimestampsForWindow(ctx context.Context, in *CountFQDNSetsRequest, opts ...grpc.CallOption) (*Timestamps, error) {
-	out := new(Timestamps)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthorityReadOnly/FQDNSetTimestampsForWindow", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityReadOnlyClient) GetAuthorization2(ctx context.Context, in *AuthorizationID2, opts ...grpc.CallOption) (*proto.Authorization, error) {
-	out := new(proto.Authorization)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthorityReadOnly/GetAuthorization2", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityReadOnlyClient) GetAuthorizations2(ctx context.Context, in *GetAuthorizationsRequest, opts ...grpc.CallOption) (*Authorizations, error) {
-	out := new(Authorizations)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthorityReadOnly/GetAuthorizations2", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityReadOnlyClient) GetCertificate(ctx context.Context, in *Serial, opts ...grpc.CallOption) (*proto.Certificate, error) {
-	out := new(proto.Certificate)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthorityReadOnly/GetCertificate", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityReadOnlyClient) GetCertificateStatus(ctx context.Context, in *Serial, opts ...grpc.CallOption) (*proto.CertificateStatus, error) {
-	out := new(proto.CertificateStatus)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthorityReadOnly/GetCertificateStatus", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityReadOnlyClient) GetMaxExpiration(ctx context.Context, in *emptypb.Empty, opts ...grpc.CallOption) (*timestamppb.Timestamp, error) {
-	out := new(timestamppb.Timestamp)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthorityReadOnly/GetMaxExpiration", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityReadOnlyClient) GetOrder(ctx context.Context, in *OrderRequest, opts ...grpc.CallOption) (*proto.Order, error) {
-	out := new(proto.Order)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthorityReadOnly/GetOrder", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityReadOnlyClient) GetOrderForNames(ctx context.Context, in *GetOrderForNamesRequest, opts ...grpc.CallOption) (*proto.Order, error) {
-	out := new(proto.Order)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthorityReadOnly/GetOrderForNames", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityReadOnlyClient) GetPendingAuthorization2(ctx context.Context, in *GetPendingAuthorizationRequest, opts ...grpc.CallOption) (*proto.Authorization, error) {
-	out := new(proto.Authorization)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthorityReadOnly/GetPendingAuthorization2", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityReadOnlyClient) GetPrecertificate(ctx context.Context, in *Serial, opts ...grpc.CallOption) (*proto.Certificate, error) {
-	out := new(proto.Certificate)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthorityReadOnly/GetPrecertificate", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityReadOnlyClient) GetRegistration(ctx context.Context, in *RegistrationID, opts ...grpc.CallOption) (*proto.Registration, error) {
-	out := new(proto.Registration)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthorityReadOnly/GetRegistration", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityReadOnlyClient) GetRegistrationByKey(ctx context.Context, in *JSONWebKey, opts ...grpc.CallOption) (*proto.Registration, error) {
-	out := new(proto.Registration)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthorityReadOnly/GetRegistrationByKey", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityReadOnlyClient) GetRevocationStatus(ctx context.Context, in *Serial, opts ...grpc.CallOption) (*RevocationStatus, error) {
-	out := new(RevocationStatus)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthorityReadOnly/GetRevocationStatus", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityReadOnlyClient) GetRevokedCerts(ctx context.Context, in *GetRevokedCertsRequest, opts ...grpc.CallOption) (StorageAuthorityReadOnly_GetRevokedCertsClient, error) {
-	stream, err := c.cc.NewStream(ctx, &StorageAuthorityReadOnly_ServiceDesc.Streams[0], "/sa.StorageAuthorityReadOnly/GetRevokedCerts", opts...)
-	if err != nil {
-		return nil, err
-	}
-	x := &storageAuthorityReadOnlyGetRevokedCertsClient{stream}
-	if err := x.ClientStream.SendMsg(in); err != nil {
-		return nil, err
-	}
-	if err := x.ClientStream.CloseSend(); err != nil {
-		return nil, err
-	}
-	return x, nil
-}
-
-type StorageAuthorityReadOnly_GetRevokedCertsClient interface {
-	Recv() (*proto.CRLEntry, error)
-	grpc.ClientStream
-}
-
-type storageAuthorityReadOnlyGetRevokedCertsClient struct {
-	grpc.ClientStream
-}
-
-func (x *storageAuthorityReadOnlyGetRevokedCertsClient) Recv() (*proto.CRLEntry, error) {
-	m := new(proto.CRLEntry)
-	if err := x.ClientStream.RecvMsg(m); err != nil {
-		return nil, err
-	}
-	return m, nil
-}
-
-func (c *storageAuthorityReadOnlyClient) GetSerialMetadata(ctx context.Context, in *Serial, opts ...grpc.CallOption) (*SerialMetadata, error) {
-	out := new(SerialMetadata)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthorityReadOnly/GetSerialMetadata", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityReadOnlyClient) GetValidAuthorizations2(ctx context.Context, in *GetValidAuthorizationsRequest, opts ...grpc.CallOption) (*Authorizations, error) {
-	out := new(Authorizations)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthorityReadOnly/GetValidAuthorizations2", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityReadOnlyClient) GetValidOrderAuthorizations2(ctx context.Context, in *GetValidOrderAuthorizationsRequest, opts ...grpc.CallOption) (*Authorizations, error) {
-	out := new(Authorizations)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthorityReadOnly/GetValidOrderAuthorizations2", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityReadOnlyClient) IncidentsForSerial(ctx context.Context, in *Serial, opts ...grpc.CallOption) (*Incidents, error) {
-	out := new(Incidents)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthorityReadOnly/IncidentsForSerial", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityReadOnlyClient) KeyBlocked(ctx context.Context, in *KeyBlockedRequest, opts ...grpc.CallOption) (*Exists, error) {
-	out := new(Exists)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthorityReadOnly/KeyBlocked", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityReadOnlyClient) PreviousCertificateExists(ctx context.Context, in *PreviousCertificateExistsRequest, opts ...grpc.CallOption) (*Exists, error) {
-	out := new(Exists)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthorityReadOnly/PreviousCertificateExists", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityReadOnlyClient) SerialsForIncident(ctx context.Context, in *SerialsForIncidentRequest, opts ...grpc.CallOption) (StorageAuthorityReadOnly_SerialsForIncidentClient, error) {
-	stream, err := c.cc.NewStream(ctx, &StorageAuthorityReadOnly_ServiceDesc.Streams[1], "/sa.StorageAuthorityReadOnly/SerialsForIncident", opts...)
-	if err != nil {
-		return nil, err
-	}
-	x := &storageAuthorityReadOnlySerialsForIncidentClient{stream}
-	if err := x.ClientStream.SendMsg(in); err != nil {
-		return nil, err
-	}
-	if err := x.ClientStream.CloseSend(); err != nil {
-		return nil, err
-	}
-	return x, nil
-}
-
-type StorageAuthorityReadOnly_SerialsForIncidentClient interface {
-	Recv() (*IncidentSerial, error)
-	grpc.ClientStream
-}
-
-type storageAuthorityReadOnlySerialsForIncidentClient struct {
-	grpc.ClientStream
-}
-
-func (x *storageAuthorityReadOnlySerialsForIncidentClient) Recv() (*IncidentSerial, error) {
-	m := new(IncidentSerial)
-	if err := x.ClientStream.RecvMsg(m); err != nil {
-		return nil, err
-	}
-	return m, nil
-}
-
-// StorageAuthorityReadOnlyServer is the server API for StorageAuthorityReadOnly service.
-// All implementations must embed UnimplementedStorageAuthorityReadOnlyServer
-// for forward compatibility
-type StorageAuthorityReadOnlyServer interface {
-	CountCertificatesByNames(context.Context, *CountCertificatesByNamesRequest) (*CountByNames, error)
-	CountFQDNSets(context.Context, *CountFQDNSetsRequest) (*Count, error)
-	CountInvalidAuthorizations2(context.Context, *CountInvalidAuthorizationsRequest) (*Count, error)
-	CountOrders(context.Context, *CountOrdersRequest) (*Count, error)
-	CountPendingAuthorizations2(context.Context, *RegistrationID) (*Count, error)
-	CountRegistrationsByIP(context.Context, *CountRegistrationsByIPRequest) (*Count, error)
-	CountRegistrationsByIPRange(context.Context, *CountRegistrationsByIPRequest) (*Count, error)
-	FQDNSetExists(context.Context, *FQDNSetExistsRequest) (*Exists, error)
-	FQDNSetTimestampsForWindow(context.Context, *CountFQDNSetsRequest) (*Timestamps, error)
-	GetAuthorization2(context.Context, *AuthorizationID2) (*proto.Authorization, error)
-	GetAuthorizations2(context.Context, *GetAuthorizationsRequest) (*Authorizations, error)
-	GetCertificate(context.Context, *Serial) (*proto.Certificate, error)
-	GetCertificateStatus(context.Context, *Serial) (*proto.CertificateStatus, error)
-	GetMaxExpiration(context.Context, *emptypb.Empty) (*timestamppb.Timestamp, error)
-	GetOrder(context.Context, *OrderRequest) (*proto.Order, error)
-	GetOrderForNames(context.Context, *GetOrderForNamesRequest) (*proto.Order, error)
-	GetPendingAuthorization2(context.Context, *GetPendingAuthorizationRequest) (*proto.Authorization, error)
-	GetPrecertificate(context.Context, *Serial) (*proto.Certificate, error)
-	GetRegistration(context.Context, *RegistrationID) (*proto.Registration, error)
-	GetRegistrationByKey(context.Context, *JSONWebKey) (*proto.Registration, error)
-	GetRevocationStatus(context.Context, *Serial) (*RevocationStatus, error)
-	GetRevokedCerts(*GetRevokedCertsRequest, StorageAuthorityReadOnly_GetRevokedCertsServer) error
-	GetSerialMetadata(context.Context, *Serial) (*SerialMetadata, error)
-	GetValidAuthorizations2(context.Context, *GetValidAuthorizationsRequest) (*Authorizations, error)
-	GetValidOrderAuthorizations2(context.Context, *GetValidOrderAuthorizationsRequest) (*Authorizations, error)
-	IncidentsForSerial(context.Context, *Serial) (*Incidents, error)
-	KeyBlocked(context.Context, *KeyBlockedRequest) (*Exists, error)
-	PreviousCertificateExists(context.Context, *PreviousCertificateExistsRequest) (*Exists, error)
-	SerialsForIncident(*SerialsForIncidentRequest, StorageAuthorityReadOnly_SerialsForIncidentServer) error
-	mustEmbedUnimplementedStorageAuthorityReadOnlyServer()
-}
-
-// UnimplementedStorageAuthorityReadOnlyServer must be embedded to have forward compatible implementations.
-type UnimplementedStorageAuthorityReadOnlyServer struct {
-}
-
-func (UnimplementedStorageAuthorityReadOnlyServer) CountCertificatesByNames(context.Context, *CountCertificatesByNamesRequest) (*CountByNames, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method CountCertificatesByNames not implemented")
-}
-func (UnimplementedStorageAuthorityReadOnlyServer) CountFQDNSets(context.Context, *CountFQDNSetsRequest) (*Count, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method CountFQDNSets not implemented")
-}
-func (UnimplementedStorageAuthorityReadOnlyServer) CountInvalidAuthorizations2(context.Context, *CountInvalidAuthorizationsRequest) (*Count, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method CountInvalidAuthorizations2 not implemented")
-}
-func (UnimplementedStorageAuthorityReadOnlyServer) CountOrders(context.Context, *CountOrdersRequest) (*Count, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method CountOrders not implemented")
-}
-func (UnimplementedStorageAuthorityReadOnlyServer) CountPendingAuthorizations2(context.Context, *RegistrationID) (*Count, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method CountPendingAuthorizations2 not implemented")
-}
-func (UnimplementedStorageAuthorityReadOnlyServer) CountRegistrationsByIP(context.Context, *CountRegistrationsByIPRequest) (*Count, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method CountRegistrationsByIP not implemented")
-}
-func (UnimplementedStorageAuthorityReadOnlyServer) CountRegistrationsByIPRange(context.Context, *CountRegistrationsByIPRequest) (*Count, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method CountRegistrationsByIPRange not implemented")
-}
-func (UnimplementedStorageAuthorityReadOnlyServer) FQDNSetExists(context.Context, *FQDNSetExistsRequest) (*Exists, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method FQDNSetExists not implemented")
-}
-func (UnimplementedStorageAuthorityReadOnlyServer) FQDNSetTimestampsForWindow(context.Context, *CountFQDNSetsRequest) (*Timestamps, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method FQDNSetTimestampsForWindow not implemented")
-}
-func (UnimplementedStorageAuthorityReadOnlyServer) GetAuthorization2(context.Context, *AuthorizationID2) (*proto.Authorization, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method GetAuthorization2 not implemented")
-}
-func (UnimplementedStorageAuthorityReadOnlyServer) GetAuthorizations2(context.Context, *GetAuthorizationsRequest) (*Authorizations, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method GetAuthorizations2 not implemented")
-}
-func (UnimplementedStorageAuthorityReadOnlyServer) GetCertificate(context.Context, *Serial) (*proto.Certificate, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method GetCertificate not implemented")
-}
-func (UnimplementedStorageAuthorityReadOnlyServer) GetCertificateStatus(context.Context, *Serial) (*proto.CertificateStatus, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method GetCertificateStatus not implemented")
-}
-func (UnimplementedStorageAuthorityReadOnlyServer) GetMaxExpiration(context.Context, *emptypb.Empty) (*timestamppb.Timestamp, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method GetMaxExpiration not implemented")
-}
-func (UnimplementedStorageAuthorityReadOnlyServer) GetOrder(context.Context, *OrderRequest) (*proto.Order, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method GetOrder not implemented")
-}
-func (UnimplementedStorageAuthorityReadOnlyServer) GetOrderForNames(context.Context, *GetOrderForNamesRequest) (*proto.Order, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method GetOrderForNames not implemented")
-}
-func (UnimplementedStorageAuthorityReadOnlyServer) GetPendingAuthorization2(context.Context, *GetPendingAuthorizationRequest) (*proto.Authorization, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method GetPendingAuthorization2 not implemented")
-}
-func (UnimplementedStorageAuthorityReadOnlyServer) GetPrecertificate(context.Context, *Serial) (*proto.Certificate, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method GetPrecertificate not implemented")
-}
-func (UnimplementedStorageAuthorityReadOnlyServer) GetRegistration(context.Context, *RegistrationID) (*proto.Registration, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method GetRegistration not implemented")
-}
-func (UnimplementedStorageAuthorityReadOnlyServer) GetRegistrationByKey(context.Context, *JSONWebKey) (*proto.Registration, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method GetRegistrationByKey not implemented")
-}
-func (UnimplementedStorageAuthorityReadOnlyServer) GetRevocationStatus(context.Context, *Serial) (*RevocationStatus, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method GetRevocationStatus not implemented")
-}
-func (UnimplementedStorageAuthorityReadOnlyServer) GetRevokedCerts(*GetRevokedCertsRequest, StorageAuthorityReadOnly_GetRevokedCertsServer) error {
-	return status.Errorf(codes.Unimplemented, "method GetRevokedCerts not implemented")
-}
-func (UnimplementedStorageAuthorityReadOnlyServer) GetSerialMetadata(context.Context, *Serial) (*SerialMetadata, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method GetSerialMetadata not implemented")
-}
-func (UnimplementedStorageAuthorityReadOnlyServer) GetValidAuthorizations2(context.Context, *GetValidAuthorizationsRequest) (*Authorizations, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method GetValidAuthorizations2 not implemented")
-}
-func (UnimplementedStorageAuthorityReadOnlyServer) GetValidOrderAuthorizations2(context.Context, *GetValidOrderAuthorizationsRequest) (*Authorizations, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method GetValidOrderAuthorizations2 not implemented")
-}
-func (UnimplementedStorageAuthorityReadOnlyServer) IncidentsForSerial(context.Context, *Serial) (*Incidents, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method IncidentsForSerial not implemented")
-}
-func (UnimplementedStorageAuthorityReadOnlyServer) KeyBlocked(context.Context, *KeyBlockedRequest) (*Exists, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method KeyBlocked not implemented")
-}
-func (UnimplementedStorageAuthorityReadOnlyServer) PreviousCertificateExists(context.Context, *PreviousCertificateExistsRequest) (*Exists, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method PreviousCertificateExists not implemented")
-}
-func (UnimplementedStorageAuthorityReadOnlyServer) SerialsForIncident(*SerialsForIncidentRequest, StorageAuthorityReadOnly_SerialsForIncidentServer) error {
-	return status.Errorf(codes.Unimplemented, "method SerialsForIncident not implemented")
-}
-func (UnimplementedStorageAuthorityReadOnlyServer) mustEmbedUnimplementedStorageAuthorityReadOnlyServer() {
-}
-
-// UnsafeStorageAuthorityReadOnlyServer may be embedded to opt out of forward compatibility for this service.
-// Use of this interface is not recommended, as added methods to StorageAuthorityReadOnlyServer will
-// result in compilation errors.
-type UnsafeStorageAuthorityReadOnlyServer interface {
-	mustEmbedUnimplementedStorageAuthorityReadOnlyServer()
-}
-
-func RegisterStorageAuthorityReadOnlyServer(s grpc.ServiceRegistrar, srv StorageAuthorityReadOnlyServer) {
-	s.RegisterService(&StorageAuthorityReadOnly_ServiceDesc, srv)
-}
-
-func _StorageAuthorityReadOnly_CountCertificatesByNames_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(CountCertificatesByNamesRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityReadOnlyServer).CountCertificatesByNames(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthorityReadOnly/CountCertificatesByNames",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityReadOnlyServer).CountCertificatesByNames(ctx, req.(*CountCertificatesByNamesRequest))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthorityReadOnly_CountFQDNSets_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(CountFQDNSetsRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityReadOnlyServer).CountFQDNSets(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthorityReadOnly/CountFQDNSets",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityReadOnlyServer).CountFQDNSets(ctx, req.(*CountFQDNSetsRequest))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthorityReadOnly_CountInvalidAuthorizations2_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(CountInvalidAuthorizationsRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityReadOnlyServer).CountInvalidAuthorizations2(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthorityReadOnly/CountInvalidAuthorizations2",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityReadOnlyServer).CountInvalidAuthorizations2(ctx, req.(*CountInvalidAuthorizationsRequest))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthorityReadOnly_CountOrders_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(CountOrdersRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityReadOnlyServer).CountOrders(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthorityReadOnly/CountOrders",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityReadOnlyServer).CountOrders(ctx, req.(*CountOrdersRequest))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthorityReadOnly_CountPendingAuthorizations2_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(RegistrationID)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityReadOnlyServer).CountPendingAuthorizations2(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthorityReadOnly/CountPendingAuthorizations2",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityReadOnlyServer).CountPendingAuthorizations2(ctx, req.(*RegistrationID))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthorityReadOnly_CountRegistrationsByIP_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(CountRegistrationsByIPRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityReadOnlyServer).CountRegistrationsByIP(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthorityReadOnly/CountRegistrationsByIP",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityReadOnlyServer).CountRegistrationsByIP(ctx, req.(*CountRegistrationsByIPRequest))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthorityReadOnly_CountRegistrationsByIPRange_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(CountRegistrationsByIPRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityReadOnlyServer).CountRegistrationsByIPRange(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthorityReadOnly/CountRegistrationsByIPRange",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityReadOnlyServer).CountRegistrationsByIPRange(ctx, req.(*CountRegistrationsByIPRequest))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthorityReadOnly_FQDNSetExists_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(FQDNSetExistsRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityReadOnlyServer).FQDNSetExists(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthorityReadOnly/FQDNSetExists",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityReadOnlyServer).FQDNSetExists(ctx, req.(*FQDNSetExistsRequest))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthorityReadOnly_FQDNSetTimestampsForWindow_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(CountFQDNSetsRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityReadOnlyServer).FQDNSetTimestampsForWindow(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthorityReadOnly/FQDNSetTimestampsForWindow",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityReadOnlyServer).FQDNSetTimestampsForWindow(ctx, req.(*CountFQDNSetsRequest))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthorityReadOnly_GetAuthorization2_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(AuthorizationID2)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityReadOnlyServer).GetAuthorization2(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthorityReadOnly/GetAuthorization2",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityReadOnlyServer).GetAuthorization2(ctx, req.(*AuthorizationID2))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthorityReadOnly_GetAuthorizations2_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(GetAuthorizationsRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityReadOnlyServer).GetAuthorizations2(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthorityReadOnly/GetAuthorizations2",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityReadOnlyServer).GetAuthorizations2(ctx, req.(*GetAuthorizationsRequest))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthorityReadOnly_GetCertificate_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(Serial)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityReadOnlyServer).GetCertificate(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthorityReadOnly/GetCertificate",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityReadOnlyServer).GetCertificate(ctx, req.(*Serial))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthorityReadOnly_GetCertificateStatus_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(Serial)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityReadOnlyServer).GetCertificateStatus(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthorityReadOnly/GetCertificateStatus",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityReadOnlyServer).GetCertificateStatus(ctx, req.(*Serial))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthorityReadOnly_GetMaxExpiration_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(emptypb.Empty)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityReadOnlyServer).GetMaxExpiration(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthorityReadOnly/GetMaxExpiration",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityReadOnlyServer).GetMaxExpiration(ctx, req.(*emptypb.Empty))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthorityReadOnly_GetOrder_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(OrderRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityReadOnlyServer).GetOrder(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthorityReadOnly/GetOrder",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityReadOnlyServer).GetOrder(ctx, req.(*OrderRequest))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthorityReadOnly_GetOrderForNames_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(GetOrderForNamesRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityReadOnlyServer).GetOrderForNames(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthorityReadOnly/GetOrderForNames",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityReadOnlyServer).GetOrderForNames(ctx, req.(*GetOrderForNamesRequest))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthorityReadOnly_GetPendingAuthorization2_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(GetPendingAuthorizationRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityReadOnlyServer).GetPendingAuthorization2(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthorityReadOnly/GetPendingAuthorization2",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityReadOnlyServer).GetPendingAuthorization2(ctx, req.(*GetPendingAuthorizationRequest))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthorityReadOnly_GetPrecertificate_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(Serial)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityReadOnlyServer).GetPrecertificate(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthorityReadOnly/GetPrecertificate",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityReadOnlyServer).GetPrecertificate(ctx, req.(*Serial))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthorityReadOnly_GetRegistration_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(RegistrationID)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityReadOnlyServer).GetRegistration(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthorityReadOnly/GetRegistration",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityReadOnlyServer).GetRegistration(ctx, req.(*RegistrationID))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthorityReadOnly_GetRegistrationByKey_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(JSONWebKey)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityReadOnlyServer).GetRegistrationByKey(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthorityReadOnly/GetRegistrationByKey",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityReadOnlyServer).GetRegistrationByKey(ctx, req.(*JSONWebKey))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthorityReadOnly_GetRevocationStatus_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(Serial)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityReadOnlyServer).GetRevocationStatus(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthorityReadOnly/GetRevocationStatus",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityReadOnlyServer).GetRevocationStatus(ctx, req.(*Serial))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthorityReadOnly_GetRevokedCerts_Handler(srv interface{}, stream grpc.ServerStream) error {
-	m := new(GetRevokedCertsRequest)
-	if err := stream.RecvMsg(m); err != nil {
-		return err
-	}
-	return srv.(StorageAuthorityReadOnlyServer).GetRevokedCerts(m, &storageAuthorityReadOnlyGetRevokedCertsServer{stream})
-}
-
-type StorageAuthorityReadOnly_GetRevokedCertsServer interface {
-	Send(*proto.CRLEntry) error
-	grpc.ServerStream
-}
-
-type storageAuthorityReadOnlyGetRevokedCertsServer struct {
-	grpc.ServerStream
-}
-
-func (x *storageAuthorityReadOnlyGetRevokedCertsServer) Send(m *proto.CRLEntry) error {
-	return x.ServerStream.SendMsg(m)
-}
-
-func _StorageAuthorityReadOnly_GetSerialMetadata_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(Serial)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityReadOnlyServer).GetSerialMetadata(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthorityReadOnly/GetSerialMetadata",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityReadOnlyServer).GetSerialMetadata(ctx, req.(*Serial))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthorityReadOnly_GetValidAuthorizations2_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(GetValidAuthorizationsRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityReadOnlyServer).GetValidAuthorizations2(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthorityReadOnly/GetValidAuthorizations2",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityReadOnlyServer).GetValidAuthorizations2(ctx, req.(*GetValidAuthorizationsRequest))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthorityReadOnly_GetValidOrderAuthorizations2_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(GetValidOrderAuthorizationsRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityReadOnlyServer).GetValidOrderAuthorizations2(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthorityReadOnly/GetValidOrderAuthorizations2",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityReadOnlyServer).GetValidOrderAuthorizations2(ctx, req.(*GetValidOrderAuthorizationsRequest))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthorityReadOnly_IncidentsForSerial_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(Serial)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityReadOnlyServer).IncidentsForSerial(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthorityReadOnly/IncidentsForSerial",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityReadOnlyServer).IncidentsForSerial(ctx, req.(*Serial))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthorityReadOnly_KeyBlocked_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(KeyBlockedRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityReadOnlyServer).KeyBlocked(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthorityReadOnly/KeyBlocked",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityReadOnlyServer).KeyBlocked(ctx, req.(*KeyBlockedRequest))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthorityReadOnly_PreviousCertificateExists_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(PreviousCertificateExistsRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityReadOnlyServer).PreviousCertificateExists(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthorityReadOnly/PreviousCertificateExists",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityReadOnlyServer).PreviousCertificateExists(ctx, req.(*PreviousCertificateExistsRequest))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthorityReadOnly_SerialsForIncident_Handler(srv interface{}, stream grpc.ServerStream) error {
-	m := new(SerialsForIncidentRequest)
-	if err := stream.RecvMsg(m); err != nil {
-		return err
-	}
-	return srv.(StorageAuthorityReadOnlyServer).SerialsForIncident(m, &storageAuthorityReadOnlySerialsForIncidentServer{stream})
-}
-
-type StorageAuthorityReadOnly_SerialsForIncidentServer interface {
-	Send(*IncidentSerial) error
-	grpc.ServerStream
-}
-
-type storageAuthorityReadOnlySerialsForIncidentServer struct {
-	grpc.ServerStream
-}
-
-func (x *storageAuthorityReadOnlySerialsForIncidentServer) Send(m *IncidentSerial) error {
-	return x.ServerStream.SendMsg(m)
-}
-
-// StorageAuthorityReadOnly_ServiceDesc is the grpc.ServiceDesc for StorageAuthorityReadOnly service.
-// It's only intended for direct use with grpc.RegisterService,
-// and not to be introspected or modified (even as a copy)
-var StorageAuthorityReadOnly_ServiceDesc = grpc.ServiceDesc{
-	ServiceName: "sa.StorageAuthorityReadOnly",
-	HandlerType: (*StorageAuthorityReadOnlyServer)(nil),
-	Methods: []grpc.MethodDesc{
-		{
-			MethodName: "CountCertificatesByNames",
-			Handler:    _StorageAuthorityReadOnly_CountCertificatesByNames_Handler,
-		},
-		{
-			MethodName: "CountFQDNSets",
-			Handler:    _StorageAuthorityReadOnly_CountFQDNSets_Handler,
-		},
-		{
-			MethodName: "CountInvalidAuthorizations2",
-			Handler:    _StorageAuthorityReadOnly_CountInvalidAuthorizations2_Handler,
-		},
-		{
-			MethodName: "CountOrders",
-			Handler:    _StorageAuthorityReadOnly_CountOrders_Handler,
-		},
-		{
-			MethodName: "CountPendingAuthorizations2",
-			Handler:    _StorageAuthorityReadOnly_CountPendingAuthorizations2_Handler,
-		},
-		{
-			MethodName: "CountRegistrationsByIP",
-			Handler:    _StorageAuthorityReadOnly_CountRegistrationsByIP_Handler,
-		},
-		{
-			MethodName: "CountRegistrationsByIPRange",
-			Handler:    _StorageAuthorityReadOnly_CountRegistrationsByIPRange_Handler,
-		},
-		{
-			MethodName: "FQDNSetExists",
-			Handler:    _StorageAuthorityReadOnly_FQDNSetExists_Handler,
-		},
-		{
-			MethodName: "FQDNSetTimestampsForWindow",
-			Handler:    _StorageAuthorityReadOnly_FQDNSetTimestampsForWindow_Handler,
-		},
-		{
-			MethodName: "GetAuthorization2",
-			Handler:    _StorageAuthorityReadOnly_GetAuthorization2_Handler,
-		},
-		{
-			MethodName: "GetAuthorizations2",
-			Handler:    _StorageAuthorityReadOnly_GetAuthorizations2_Handler,
-		},
-		{
-			MethodName: "GetCertificate",
-			Handler:    _StorageAuthorityReadOnly_GetCertificate_Handler,
-		},
-		{
-			MethodName: "GetCertificateStatus",
-			Handler:    _StorageAuthorityReadOnly_GetCertificateStatus_Handler,
-		},
-		{
-			MethodName: "GetMaxExpiration",
-			Handler:    _StorageAuthorityReadOnly_GetMaxExpiration_Handler,
-		},
-		{
-			MethodName: "GetOrder",
-			Handler:    _StorageAuthorityReadOnly_GetOrder_Handler,
-		},
-		{
-			MethodName: "GetOrderForNames",
-			Handler:    _StorageAuthorityReadOnly_GetOrderForNames_Handler,
-		},
-		{
-			MethodName: "GetPendingAuthorization2",
-			Handler:    _StorageAuthorityReadOnly_GetPendingAuthorization2_Handler,
-		},
-		{
-			MethodName: "GetPrecertificate",
-			Handler:    _StorageAuthorityReadOnly_GetPrecertificate_Handler,
-		},
-		{
-			MethodName: "GetRegistration",
-			Handler:    _StorageAuthorityReadOnly_GetRegistration_Handler,
-		},
-		{
-			MethodName: "GetRegistrationByKey",
-			Handler:    _StorageAuthorityReadOnly_GetRegistrationByKey_Handler,
-		},
-		{
-			MethodName: "GetRevocationStatus",
-			Handler:    _StorageAuthorityReadOnly_GetRevocationStatus_Handler,
-		},
-		{
-			MethodName: "GetSerialMetadata",
-			Handler:    _StorageAuthorityReadOnly_GetSerialMetadata_Handler,
-		},
-		{
-			MethodName: "GetValidAuthorizations2",
-			Handler:    _StorageAuthorityReadOnly_GetValidAuthorizations2_Handler,
-		},
-		{
-			MethodName: "GetValidOrderAuthorizations2",
-			Handler:    _StorageAuthorityReadOnly_GetValidOrderAuthorizations2_Handler,
-		},
-		{
-			MethodName: "IncidentsForSerial",
-			Handler:    _StorageAuthorityReadOnly_IncidentsForSerial_Handler,
-		},
-		{
-			MethodName: "KeyBlocked",
-			Handler:    _StorageAuthorityReadOnly_KeyBlocked_Handler,
-		},
-		{
-			MethodName: "PreviousCertificateExists",
-			Handler:    _StorageAuthorityReadOnly_PreviousCertificateExists_Handler,
-		},
-	},
-	Streams: []grpc.StreamDesc{
-		{
-			StreamName:    "GetRevokedCerts",
-			Handler:       _StorageAuthorityReadOnly_GetRevokedCerts_Handler,
-			ServerStreams: true,
-		},
-		{
-			StreamName:    "SerialsForIncident",
-			Handler:       _StorageAuthorityReadOnly_SerialsForIncident_Handler,
-			ServerStreams: true,
-		},
-	},
-	Metadata: "sa.proto",
-}
-
-// StorageAuthorityClient is the client API for StorageAuthority service.
-//
-// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.
-type StorageAuthorityClient interface {
-	// Getters: this list must be identical to the StorageAuthorityReadOnly rpcs.
-	CountCertificatesByNames(ctx context.Context, in *CountCertificatesByNamesRequest, opts ...grpc.CallOption) (*CountByNames, error)
-	CountFQDNSets(ctx context.Context, in *CountFQDNSetsRequest, opts ...grpc.CallOption) (*Count, error)
-	CountInvalidAuthorizations2(ctx context.Context, in *CountInvalidAuthorizationsRequest, opts ...grpc.CallOption) (*Count, error)
-	CountOrders(ctx context.Context, in *CountOrdersRequest, opts ...grpc.CallOption) (*Count, error)
-	CountPendingAuthorizations2(ctx context.Context, in *RegistrationID, opts ...grpc.CallOption) (*Count, error)
-	CountRegistrationsByIP(ctx context.Context, in *CountRegistrationsByIPRequest, opts ...grpc.CallOption) (*Count, error)
-	CountRegistrationsByIPRange(ctx context.Context, in *CountRegistrationsByIPRequest, opts ...grpc.CallOption) (*Count, error)
-	FQDNSetExists(ctx context.Context, in *FQDNSetExistsRequest, opts ...grpc.CallOption) (*Exists, error)
-	FQDNSetTimestampsForWindow(ctx context.Context, in *CountFQDNSetsRequest, opts ...grpc.CallOption) (*Timestamps, error)
-	GetAuthorization2(ctx context.Context, in *AuthorizationID2, opts ...grpc.CallOption) (*proto.Authorization, error)
-	GetAuthorizations2(ctx context.Context, in *GetAuthorizationsRequest, opts ...grpc.CallOption) (*Authorizations, error)
-	GetCertificate(ctx context.Context, in *Serial, opts ...grpc.CallOption) (*proto.Certificate, error)
-	GetCertificateStatus(ctx context.Context, in *Serial, opts ...grpc.CallOption) (*proto.CertificateStatus, error)
-	GetMaxExpiration(ctx context.Context, in *emptypb.Empty, opts ...grpc.CallOption) (*timestamppb.Timestamp, error)
-	GetOrder(ctx context.Context, in *OrderRequest, opts ...grpc.CallOption) (*proto.Order, error)
-	GetOrderForNames(ctx context.Context, in *GetOrderForNamesRequest, opts ...grpc.CallOption) (*proto.Order, error)
-	GetPendingAuthorization2(ctx context.Context, in *GetPendingAuthorizationRequest, opts ...grpc.CallOption) (*proto.Authorization, error)
-	GetPrecertificate(ctx context.Context, in *Serial, opts ...grpc.CallOption) (*proto.Certificate, error)
-	GetRegistration(ctx context.Context, in *RegistrationID, opts ...grpc.CallOption) (*proto.Registration, error)
-	GetRegistrationByKey(ctx context.Context, in *JSONWebKey, opts ...grpc.CallOption) (*proto.Registration, error)
-	GetRevocationStatus(ctx context.Context, in *Serial, opts ...grpc.CallOption) (*RevocationStatus, error)
-	GetRevokedCerts(ctx context.Context, in *GetRevokedCertsRequest, opts ...grpc.CallOption) (StorageAuthority_GetRevokedCertsClient, error)
-	GetSerialMetadata(ctx context.Context, in *Serial, opts ...grpc.CallOption) (*SerialMetadata, error)
-	GetValidAuthorizations2(ctx context.Context, in *GetValidAuthorizationsRequest, opts ...grpc.CallOption) (*Authorizations, error)
-	GetValidOrderAuthorizations2(ctx context.Context, in *GetValidOrderAuthorizationsRequest, opts ...grpc.CallOption) (*Authorizations, error)
-	IncidentsForSerial(ctx context.Context, in *Serial, opts ...grpc.CallOption) (*Incidents, error)
-	KeyBlocked(ctx context.Context, in *KeyBlockedRequest, opts ...grpc.CallOption) (*Exists, error)
-	PreviousCertificateExists(ctx context.Context, in *PreviousCertificateExistsRequest, opts ...grpc.CallOption) (*Exists, error)
-	SerialsForIncident(ctx context.Context, in *SerialsForIncidentRequest, opts ...grpc.CallOption) (StorageAuthority_SerialsForIncidentClient, error)
-	// Adders
-	AddBlockedKey(ctx context.Context, in *AddBlockedKeyRequest, opts ...grpc.CallOption) (*emptypb.Empty, error)
-	AddCertificate(ctx context.Context, in *AddCertificateRequest, opts ...grpc.CallOption) (*AddCertificateResponse, error)
-	AddPrecertificate(ctx context.Context, in *AddCertificateRequest, opts ...grpc.CallOption) (*emptypb.Empty, error)
-	AddSerial(ctx context.Context, in *AddSerialRequest, opts ...grpc.CallOption) (*emptypb.Empty, error)
-	DeactivateAuthorization2(ctx context.Context, in *AuthorizationID2, opts ...grpc.CallOption) (*emptypb.Empty, error)
-	DeactivateRegistration(ctx context.Context, in *RegistrationID, opts ...grpc.CallOption) (*emptypb.Empty, error)
-	FinalizeAuthorization2(ctx context.Context, in *FinalizeAuthorizationRequest, opts ...grpc.CallOption) (*emptypb.Empty, error)
-	FinalizeOrder(ctx context.Context, in *FinalizeOrderRequest, opts ...grpc.CallOption) (*emptypb.Empty, error)
-	NewAuthorizations2(ctx context.Context, in *AddPendingAuthorizationsRequest, opts ...grpc.CallOption) (*Authorization2IDs, error)
-	NewOrder(ctx context.Context, in *NewOrderRequest, opts ...grpc.CallOption) (*proto.Order, error)
-	NewOrderAndAuthzs(ctx context.Context, in *NewOrderAndAuthzsRequest, opts ...grpc.CallOption) (*proto.Order, error)
-	NewRegistration(ctx context.Context, in *proto.Registration, opts ...grpc.CallOption) (*proto.Registration, error)
-	RevokeCertificate(ctx context.Context, in *RevokeCertificateRequest, opts ...grpc.CallOption) (*emptypb.Empty, error)
-	SetOrderError(ctx context.Context, in *SetOrderErrorRequest, opts ...grpc.CallOption) (*emptypb.Empty, error)
-	SetOrderProcessing(ctx context.Context, in *OrderRequest, opts ...grpc.CallOption) (*emptypb.Empty, error)
-	UpdateRegistration(ctx context.Context, in *proto.Registration, opts ...grpc.CallOption) (*emptypb.Empty, error)
-	UpdateRevokedCertificate(ctx context.Context, in *RevokeCertificateRequest, opts ...grpc.CallOption) (*emptypb.Empty, error)
-}
-
-type storageAuthorityClient struct {
-	cc grpc.ClientConnInterface
-}
-
-func NewStorageAuthorityClient(cc grpc.ClientConnInterface) StorageAuthorityClient {
-	return &storageAuthorityClient{cc}
-}
-
-func (c *storageAuthorityClient) CountCertificatesByNames(ctx context.Context, in *CountCertificatesByNamesRequest, opts ...grpc.CallOption) (*CountByNames, error) {
-	out := new(CountByNames)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthority/CountCertificatesByNames", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityClient) CountFQDNSets(ctx context.Context, in *CountFQDNSetsRequest, opts ...grpc.CallOption) (*Count, error) {
-	out := new(Count)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthority/CountFQDNSets", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityClient) CountInvalidAuthorizations2(ctx context.Context, in *CountInvalidAuthorizationsRequest, opts ...grpc.CallOption) (*Count, error) {
-	out := new(Count)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthority/CountInvalidAuthorizations2", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityClient) CountOrders(ctx context.Context, in *CountOrdersRequest, opts ...grpc.CallOption) (*Count, error) {
-	out := new(Count)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthority/CountOrders", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityClient) CountPendingAuthorizations2(ctx context.Context, in *RegistrationID, opts ...grpc.CallOption) (*Count, error) {
-	out := new(Count)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthority/CountPendingAuthorizations2", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityClient) CountRegistrationsByIP(ctx context.Context, in *CountRegistrationsByIPRequest, opts ...grpc.CallOption) (*Count, error) {
-	out := new(Count)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthority/CountRegistrationsByIP", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityClient) CountRegistrationsByIPRange(ctx context.Context, in *CountRegistrationsByIPRequest, opts ...grpc.CallOption) (*Count, error) {
-	out := new(Count)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthority/CountRegistrationsByIPRange", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityClient) FQDNSetExists(ctx context.Context, in *FQDNSetExistsRequest, opts ...grpc.CallOption) (*Exists, error) {
-	out := new(Exists)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthority/FQDNSetExists", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityClient) FQDNSetTimestampsForWindow(ctx context.Context, in *CountFQDNSetsRequest, opts ...grpc.CallOption) (*Timestamps, error) {
-	out := new(Timestamps)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthority/FQDNSetTimestampsForWindow", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityClient) GetAuthorization2(ctx context.Context, in *AuthorizationID2, opts ...grpc.CallOption) (*proto.Authorization, error) {
-	out := new(proto.Authorization)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthority/GetAuthorization2", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityClient) GetAuthorizations2(ctx context.Context, in *GetAuthorizationsRequest, opts ...grpc.CallOption) (*Authorizations, error) {
-	out := new(Authorizations)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthority/GetAuthorizations2", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityClient) GetCertificate(ctx context.Context, in *Serial, opts ...grpc.CallOption) (*proto.Certificate, error) {
-	out := new(proto.Certificate)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthority/GetCertificate", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityClient) GetCertificateStatus(ctx context.Context, in *Serial, opts ...grpc.CallOption) (*proto.CertificateStatus, error) {
-	out := new(proto.CertificateStatus)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthority/GetCertificateStatus", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityClient) GetMaxExpiration(ctx context.Context, in *emptypb.Empty, opts ...grpc.CallOption) (*timestamppb.Timestamp, error) {
-	out := new(timestamppb.Timestamp)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthority/GetMaxExpiration", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityClient) GetOrder(ctx context.Context, in *OrderRequest, opts ...grpc.CallOption) (*proto.Order, error) {
-	out := new(proto.Order)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthority/GetOrder", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityClient) GetOrderForNames(ctx context.Context, in *GetOrderForNamesRequest, opts ...grpc.CallOption) (*proto.Order, error) {
-	out := new(proto.Order)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthority/GetOrderForNames", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityClient) GetPendingAuthorization2(ctx context.Context, in *GetPendingAuthorizationRequest, opts ...grpc.CallOption) (*proto.Authorization, error) {
-	out := new(proto.Authorization)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthority/GetPendingAuthorization2", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityClient) GetPrecertificate(ctx context.Context, in *Serial, opts ...grpc.CallOption) (*proto.Certificate, error) {
-	out := new(proto.Certificate)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthority/GetPrecertificate", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityClient) GetRegistration(ctx context.Context, in *RegistrationID, opts ...grpc.CallOption) (*proto.Registration, error) {
-	out := new(proto.Registration)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthority/GetRegistration", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityClient) GetRegistrationByKey(ctx context.Context, in *JSONWebKey, opts ...grpc.CallOption) (*proto.Registration, error) {
-	out := new(proto.Registration)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthority/GetRegistrationByKey", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityClient) GetRevocationStatus(ctx context.Context, in *Serial, opts ...grpc.CallOption) (*RevocationStatus, error) {
-	out := new(RevocationStatus)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthority/GetRevocationStatus", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityClient) GetRevokedCerts(ctx context.Context, in *GetRevokedCertsRequest, opts ...grpc.CallOption) (StorageAuthority_GetRevokedCertsClient, error) {
-	stream, err := c.cc.NewStream(ctx, &StorageAuthority_ServiceDesc.Streams[0], "/sa.StorageAuthority/GetRevokedCerts", opts...)
-	if err != nil {
-		return nil, err
-	}
-	x := &storageAuthorityGetRevokedCertsClient{stream}
-	if err := x.ClientStream.SendMsg(in); err != nil {
-		return nil, err
-	}
-	if err := x.ClientStream.CloseSend(); err != nil {
-		return nil, err
-	}
-	return x, nil
-}
-
-type StorageAuthority_GetRevokedCertsClient interface {
-	Recv() (*proto.CRLEntry, error)
-	grpc.ClientStream
-}
-
-type storageAuthorityGetRevokedCertsClient struct {
-	grpc.ClientStream
-}
-
-func (x *storageAuthorityGetRevokedCertsClient) Recv() (*proto.CRLEntry, error) {
-	m := new(proto.CRLEntry)
-	if err := x.ClientStream.RecvMsg(m); err != nil {
-		return nil, err
-	}
-	return m, nil
-}
-
-func (c *storageAuthorityClient) GetSerialMetadata(ctx context.Context, in *Serial, opts ...grpc.CallOption) (*SerialMetadata, error) {
-	out := new(SerialMetadata)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthority/GetSerialMetadata", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityClient) GetValidAuthorizations2(ctx context.Context, in *GetValidAuthorizationsRequest, opts ...grpc.CallOption) (*Authorizations, error) {
-	out := new(Authorizations)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthority/GetValidAuthorizations2", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityClient) GetValidOrderAuthorizations2(ctx context.Context, in *GetValidOrderAuthorizationsRequest, opts ...grpc.CallOption) (*Authorizations, error) {
-	out := new(Authorizations)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthority/GetValidOrderAuthorizations2", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityClient) IncidentsForSerial(ctx context.Context, in *Serial, opts ...grpc.CallOption) (*Incidents, error) {
-	out := new(Incidents)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthority/IncidentsForSerial", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityClient) KeyBlocked(ctx context.Context, in *KeyBlockedRequest, opts ...grpc.CallOption) (*Exists, error) {
-	out := new(Exists)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthority/KeyBlocked", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityClient) PreviousCertificateExists(ctx context.Context, in *PreviousCertificateExistsRequest, opts ...grpc.CallOption) (*Exists, error) {
-	out := new(Exists)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthority/PreviousCertificateExists", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityClient) SerialsForIncident(ctx context.Context, in *SerialsForIncidentRequest, opts ...grpc.CallOption) (StorageAuthority_SerialsForIncidentClient, error) {
-	stream, err := c.cc.NewStream(ctx, &StorageAuthority_ServiceDesc.Streams[1], "/sa.StorageAuthority/SerialsForIncident", opts...)
-	if err != nil {
-		return nil, err
-	}
-	x := &storageAuthoritySerialsForIncidentClient{stream}
-	if err := x.ClientStream.SendMsg(in); err != nil {
-		return nil, err
-	}
-	if err := x.ClientStream.CloseSend(); err != nil {
-		return nil, err
-	}
-	return x, nil
-}
-
-type StorageAuthority_SerialsForIncidentClient interface {
-	Recv() (*IncidentSerial, error)
-	grpc.ClientStream
-}
-
-type storageAuthoritySerialsForIncidentClient struct {
-	grpc.ClientStream
-}
-
-func (x *storageAuthoritySerialsForIncidentClient) Recv() (*IncidentSerial, error) {
-	m := new(IncidentSerial)
-	if err := x.ClientStream.RecvMsg(m); err != nil {
-		return nil, err
-	}
-	return m, nil
-}
-
-func (c *storageAuthorityClient) AddBlockedKey(ctx context.Context, in *AddBlockedKeyRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) {
-	out := new(emptypb.Empty)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthority/AddBlockedKey", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityClient) AddCertificate(ctx context.Context, in *AddCertificateRequest, opts ...grpc.CallOption) (*AddCertificateResponse, error) {
-	out := new(AddCertificateResponse)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthority/AddCertificate", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityClient) AddPrecertificate(ctx context.Context, in *AddCertificateRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) {
-	out := new(emptypb.Empty)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthority/AddPrecertificate", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityClient) AddSerial(ctx context.Context, in *AddSerialRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) {
-	out := new(emptypb.Empty)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthority/AddSerial", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityClient) DeactivateAuthorization2(ctx context.Context, in *AuthorizationID2, opts ...grpc.CallOption) (*emptypb.Empty, error) {
-	out := new(emptypb.Empty)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthority/DeactivateAuthorization2", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityClient) DeactivateRegistration(ctx context.Context, in *RegistrationID, opts ...grpc.CallOption) (*emptypb.Empty, error) {
-	out := new(emptypb.Empty)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthority/DeactivateRegistration", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityClient) FinalizeAuthorization2(ctx context.Context, in *FinalizeAuthorizationRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) {
-	out := new(emptypb.Empty)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthority/FinalizeAuthorization2", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityClient) FinalizeOrder(ctx context.Context, in *FinalizeOrderRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) {
-	out := new(emptypb.Empty)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthority/FinalizeOrder", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityClient) NewAuthorizations2(ctx context.Context, in *AddPendingAuthorizationsRequest, opts ...grpc.CallOption) (*Authorization2IDs, error) {
-	out := new(Authorization2IDs)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthority/NewAuthorizations2", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityClient) NewOrder(ctx context.Context, in *NewOrderRequest, opts ...grpc.CallOption) (*proto.Order, error) {
-	out := new(proto.Order)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthority/NewOrder", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityClient) NewOrderAndAuthzs(ctx context.Context, in *NewOrderAndAuthzsRequest, opts ...grpc.CallOption) (*proto.Order, error) {
-	out := new(proto.Order)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthority/NewOrderAndAuthzs", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityClient) NewRegistration(ctx context.Context, in *proto.Registration, opts ...grpc.CallOption) (*proto.Registration, error) {
-	out := new(proto.Registration)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthority/NewRegistration", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityClient) RevokeCertificate(ctx context.Context, in *RevokeCertificateRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) {
-	out := new(emptypb.Empty)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthority/RevokeCertificate", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityClient) SetOrderError(ctx context.Context, in *SetOrderErrorRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) {
-	out := new(emptypb.Empty)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthority/SetOrderError", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityClient) SetOrderProcessing(ctx context.Context, in *OrderRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) {
-	out := new(emptypb.Empty)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthority/SetOrderProcessing", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityClient) UpdateRegistration(ctx context.Context, in *proto.Registration, opts ...grpc.CallOption) (*emptypb.Empty, error) {
-	out := new(emptypb.Empty)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthority/UpdateRegistration", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityClient) UpdateRevokedCertificate(ctx context.Context, in *RevokeCertificateRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) {
-	out := new(emptypb.Empty)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthority/UpdateRevokedCertificate", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-// StorageAuthorityServer is the server API for StorageAuthority service.
-// All implementations must embed UnimplementedStorageAuthorityServer
-// for forward compatibility
-type StorageAuthorityServer interface {
-	// Getters: this list must be identical to the StorageAuthorityReadOnly rpcs.
-	CountCertificatesByNames(context.Context, *CountCertificatesByNamesRequest) (*CountByNames, error)
-	CountFQDNSets(context.Context, *CountFQDNSetsRequest) (*Count, error)
-	CountInvalidAuthorizations2(context.Context, *CountInvalidAuthorizationsRequest) (*Count, error)
-	CountOrders(context.Context, *CountOrdersRequest) (*Count, error)
-	CountPendingAuthorizations2(context.Context, *RegistrationID) (*Count, error)
-	CountRegistrationsByIP(context.Context, *CountRegistrationsByIPRequest) (*Count, error)
-	CountRegistrationsByIPRange(context.Context, *CountRegistrationsByIPRequest) (*Count, error)
-	FQDNSetExists(context.Context, *FQDNSetExistsRequest) (*Exists, error)
-	FQDNSetTimestampsForWindow(context.Context, *CountFQDNSetsRequest) (*Timestamps, error)
-	GetAuthorization2(context.Context, *AuthorizationID2) (*proto.Authorization, error)
-	GetAuthorizations2(context.Context, *GetAuthorizationsRequest) (*Authorizations, error)
-	GetCertificate(context.Context, *Serial) (*proto.Certificate, error)
-	GetCertificateStatus(context.Context, *Serial) (*proto.CertificateStatus, error)
-	GetMaxExpiration(context.Context, *emptypb.Empty) (*timestamppb.Timestamp, error)
-	GetOrder(context.Context, *OrderRequest) (*proto.Order, error)
-	GetOrderForNames(context.Context, *GetOrderForNamesRequest) (*proto.Order, error)
-	GetPendingAuthorization2(context.Context, *GetPendingAuthorizationRequest) (*proto.Authorization, error)
-	GetPrecertificate(context.Context, *Serial) (*proto.Certificate, error)
-	GetRegistration(context.Context, *RegistrationID) (*proto.Registration, error)
-	GetRegistrationByKey(context.Context, *JSONWebKey) (*proto.Registration, error)
-	GetRevocationStatus(context.Context, *Serial) (*RevocationStatus, error)
-	GetRevokedCerts(*GetRevokedCertsRequest, StorageAuthority_GetRevokedCertsServer) error
-	GetSerialMetadata(context.Context, *Serial) (*SerialMetadata, error)
-	GetValidAuthorizations2(context.Context, *GetValidAuthorizationsRequest) (*Authorizations, error)
-	GetValidOrderAuthorizations2(context.Context, *GetValidOrderAuthorizationsRequest) (*Authorizations, error)
-	IncidentsForSerial(context.Context, *Serial) (*Incidents, error)
-	KeyBlocked(context.Context, *KeyBlockedRequest) (*Exists, error)
-	PreviousCertificateExists(context.Context, *PreviousCertificateExistsRequest) (*Exists, error)
-	SerialsForIncident(*SerialsForIncidentRequest, StorageAuthority_SerialsForIncidentServer) error
-	// Adders
-	AddBlockedKey(context.Context, *AddBlockedKeyRequest) (*emptypb.Empty, error)
-	AddCertificate(context.Context, *AddCertificateRequest) (*AddCertificateResponse, error)
-	AddPrecertificate(context.Context, *AddCertificateRequest) (*emptypb.Empty, error)
-	AddSerial(context.Context, *AddSerialRequest) (*emptypb.Empty, error)
-	DeactivateAuthorization2(context.Context, *AuthorizationID2) (*emptypb.Empty, error)
-	DeactivateRegistration(context.Context, *RegistrationID) (*emptypb.Empty, error)
-	FinalizeAuthorization2(context.Context, *FinalizeAuthorizationRequest) (*emptypb.Empty, error)
-	FinalizeOrder(context.Context, *FinalizeOrderRequest) (*emptypb.Empty, error)
-	NewAuthorizations2(context.Context, *AddPendingAuthorizationsRequest) (*Authorization2IDs, error)
-	NewOrder(context.Context, *NewOrderRequest) (*proto.Order, error)
-	NewOrderAndAuthzs(context.Context, *NewOrderAndAuthzsRequest) (*proto.Order, error)
-	NewRegistration(context.Context, *proto.Registration) (*proto.Registration, error)
-	RevokeCertificate(context.Context, *RevokeCertificateRequest) (*emptypb.Empty, error)
-	SetOrderError(context.Context, *SetOrderErrorRequest) (*emptypb.Empty, error)
-	SetOrderProcessing(context.Context, *OrderRequest) (*emptypb.Empty, error)
-	UpdateRegistration(context.Context, *proto.Registration) (*emptypb.Empty, error)
-	UpdateRevokedCertificate(context.Context, *RevokeCertificateRequest) (*emptypb.Empty, error)
-	mustEmbedUnimplementedStorageAuthorityServer()
-}
-
-// UnimplementedStorageAuthorityServer must be embedded to have forward compatible implementations.
-type UnimplementedStorageAuthorityServer struct {
-}
-
-func (UnimplementedStorageAuthorityServer) CountCertificatesByNames(context.Context, *CountCertificatesByNamesRequest) (*CountByNames, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method CountCertificatesByNames not implemented")
-}
-func (UnimplementedStorageAuthorityServer) CountFQDNSets(context.Context, *CountFQDNSetsRequest) (*Count, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method CountFQDNSets not implemented")
-}
-func (UnimplementedStorageAuthorityServer) CountInvalidAuthorizations2(context.Context, *CountInvalidAuthorizationsRequest) (*Count, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method CountInvalidAuthorizations2 not implemented")
-}
-func (UnimplementedStorageAuthorityServer) CountOrders(context.Context, *CountOrdersRequest) (*Count, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method CountOrders not implemented")
-}
-func (UnimplementedStorageAuthorityServer) CountPendingAuthorizations2(context.Context, *RegistrationID) (*Count, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method CountPendingAuthorizations2 not implemented")
-}
-func (UnimplementedStorageAuthorityServer) CountRegistrationsByIP(context.Context, *CountRegistrationsByIPRequest) (*Count, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method CountRegistrationsByIP not implemented")
-}
-func (UnimplementedStorageAuthorityServer) CountRegistrationsByIPRange(context.Context, *CountRegistrationsByIPRequest) (*Count, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method CountRegistrationsByIPRange not implemented")
-}
-func (UnimplementedStorageAuthorityServer) FQDNSetExists(context.Context, *FQDNSetExistsRequest) (*Exists, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method FQDNSetExists not implemented")
-}
-func (UnimplementedStorageAuthorityServer) FQDNSetTimestampsForWindow(context.Context, *CountFQDNSetsRequest) (*Timestamps, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method FQDNSetTimestampsForWindow not implemented")
-}
-func (UnimplementedStorageAuthorityServer) GetAuthorization2(context.Context, *AuthorizationID2) (*proto.Authorization, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method GetAuthorization2 not implemented")
-}
-func (UnimplementedStorageAuthorityServer) GetAuthorizations2(context.Context, *GetAuthorizationsRequest) (*Authorizations, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method GetAuthorizations2 not implemented")
-}
-func (UnimplementedStorageAuthorityServer) GetCertificate(context.Context, *Serial) (*proto.Certificate, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method GetCertificate not implemented")
-}
-func (UnimplementedStorageAuthorityServer) GetCertificateStatus(context.Context, *Serial) (*proto.CertificateStatus, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method GetCertificateStatus not implemented")
-}
-func (UnimplementedStorageAuthorityServer) GetMaxExpiration(context.Context, *emptypb.Empty) (*timestamppb.Timestamp, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method GetMaxExpiration not implemented")
-}
-func (UnimplementedStorageAuthorityServer) GetOrder(context.Context, *OrderRequest) (*proto.Order, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method GetOrder not implemented")
-}
-func (UnimplementedStorageAuthorityServer) GetOrderForNames(context.Context, *GetOrderForNamesRequest) (*proto.Order, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method GetOrderForNames not implemented")
-}
-func (UnimplementedStorageAuthorityServer) GetPendingAuthorization2(context.Context, *GetPendingAuthorizationRequest) (*proto.Authorization, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method GetPendingAuthorization2 not implemented")
-}
-func (UnimplementedStorageAuthorityServer) GetPrecertificate(context.Context, *Serial) (*proto.Certificate, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method GetPrecertificate not implemented")
-}
-func (UnimplementedStorageAuthorityServer) GetRegistration(context.Context, *RegistrationID) (*proto.Registration, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method GetRegistration not implemented")
-}
-func (UnimplementedStorageAuthorityServer) GetRegistrationByKey(context.Context, *JSONWebKey) (*proto.Registration, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method GetRegistrationByKey not implemented")
-}
-func (UnimplementedStorageAuthorityServer) GetRevocationStatus(context.Context, *Serial) (*RevocationStatus, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method GetRevocationStatus not implemented")
-}
-func (UnimplementedStorageAuthorityServer) GetRevokedCerts(*GetRevokedCertsRequest, StorageAuthority_GetRevokedCertsServer) error {
-	return status.Errorf(codes.Unimplemented, "method GetRevokedCerts not implemented")
-}
-func (UnimplementedStorageAuthorityServer) GetSerialMetadata(context.Context, *Serial) (*SerialMetadata, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method GetSerialMetadata not implemented")
-}
-func (UnimplementedStorageAuthorityServer) GetValidAuthorizations2(context.Context, *GetValidAuthorizationsRequest) (*Authorizations, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method GetValidAuthorizations2 not implemented")
-}
-func (UnimplementedStorageAuthorityServer) GetValidOrderAuthorizations2(context.Context, *GetValidOrderAuthorizationsRequest) (*Authorizations, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method GetValidOrderAuthorizations2 not implemented")
-}
-func (UnimplementedStorageAuthorityServer) IncidentsForSerial(context.Context, *Serial) (*Incidents, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method IncidentsForSerial not implemented")
-}
-func (UnimplementedStorageAuthorityServer) KeyBlocked(context.Context, *KeyBlockedRequest) (*Exists, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method KeyBlocked not implemented")
-}
-func (UnimplementedStorageAuthorityServer) PreviousCertificateExists(context.Context, *PreviousCertificateExistsRequest) (*Exists, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method PreviousCertificateExists not implemented")
-}
-func (UnimplementedStorageAuthorityServer) SerialsForIncident(*SerialsForIncidentRequest, StorageAuthority_SerialsForIncidentServer) error {
-	return status.Errorf(codes.Unimplemented, "method SerialsForIncident not implemented")
-}
-func (UnimplementedStorageAuthorityServer) AddBlockedKey(context.Context, *AddBlockedKeyRequest) (*emptypb.Empty, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method AddBlockedKey not implemented")
-}
-func (UnimplementedStorageAuthorityServer) AddCertificate(context.Context, *AddCertificateRequest) (*AddCertificateResponse, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method AddCertificate not implemented")
-}
-func (UnimplementedStorageAuthorityServer) AddPrecertificate(context.Context, *AddCertificateRequest) (*emptypb.Empty, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method AddPrecertificate not implemented")
-}
-func (UnimplementedStorageAuthorityServer) AddSerial(context.Context, *AddSerialRequest) (*emptypb.Empty, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method AddSerial not implemented")
-}
-func (UnimplementedStorageAuthorityServer) DeactivateAuthorization2(context.Context, *AuthorizationID2) (*emptypb.Empty, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method DeactivateAuthorization2 not implemented")
-}
-func (UnimplementedStorageAuthorityServer) DeactivateRegistration(context.Context, *RegistrationID) (*emptypb.Empty, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method DeactivateRegistration not implemented")
-}
-func (UnimplementedStorageAuthorityServer) FinalizeAuthorization2(context.Context, *FinalizeAuthorizationRequest) (*emptypb.Empty, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method FinalizeAuthorization2 not implemented")
-}
-func (UnimplementedStorageAuthorityServer) FinalizeOrder(context.Context, *FinalizeOrderRequest) (*emptypb.Empty, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method FinalizeOrder not implemented")
-}
-func (UnimplementedStorageAuthorityServer) NewAuthorizations2(context.Context, *AddPendingAuthorizationsRequest) (*Authorization2IDs, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method NewAuthorizations2 not implemented")
-}
-func (UnimplementedStorageAuthorityServer) NewOrder(context.Context, *NewOrderRequest) (*proto.Order, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method NewOrder not implemented")
-}
-func (UnimplementedStorageAuthorityServer) NewOrderAndAuthzs(context.Context, *NewOrderAndAuthzsRequest) (*proto.Order, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method NewOrderAndAuthzs not implemented")
-}
-func (UnimplementedStorageAuthorityServer) NewRegistration(context.Context, *proto.Registration) (*proto.Registration, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method NewRegistration not implemented")
-}
-func (UnimplementedStorageAuthorityServer) RevokeCertificate(context.Context, *RevokeCertificateRequest) (*emptypb.Empty, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method RevokeCertificate not implemented")
-}
-func (UnimplementedStorageAuthorityServer) SetOrderError(context.Context, *SetOrderErrorRequest) (*emptypb.Empty, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method SetOrderError not implemented")
-}
-func (UnimplementedStorageAuthorityServer) SetOrderProcessing(context.Context, *OrderRequest) (*emptypb.Empty, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method SetOrderProcessing not implemented")
-}
-func (UnimplementedStorageAuthorityServer) UpdateRegistration(context.Context, *proto.Registration) (*emptypb.Empty, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method UpdateRegistration not implemented")
-}
-func (UnimplementedStorageAuthorityServer) UpdateRevokedCertificate(context.Context, *RevokeCertificateRequest) (*emptypb.Empty, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method UpdateRevokedCertificate not implemented")
-}
-func (UnimplementedStorageAuthorityServer) mustEmbedUnimplementedStorageAuthorityServer() {}
-
-// UnsafeStorageAuthorityServer may be embedded to opt out of forward compatibility for this service.
-// Use of this interface is not recommended, as added methods to StorageAuthorityServer will
-// result in compilation errors.
-type UnsafeStorageAuthorityServer interface {
-	mustEmbedUnimplementedStorageAuthorityServer()
-}
-
-func RegisterStorageAuthorityServer(s grpc.ServiceRegistrar, srv StorageAuthorityServer) {
-	s.RegisterService(&StorageAuthority_ServiceDesc, srv)
-}
-
-func _StorageAuthority_CountCertificatesByNames_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(CountCertificatesByNamesRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityServer).CountCertificatesByNames(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthority/CountCertificatesByNames",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityServer).CountCertificatesByNames(ctx, req.(*CountCertificatesByNamesRequest))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthority_CountFQDNSets_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(CountFQDNSetsRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityServer).CountFQDNSets(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthority/CountFQDNSets",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityServer).CountFQDNSets(ctx, req.(*CountFQDNSetsRequest))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthority_CountInvalidAuthorizations2_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(CountInvalidAuthorizationsRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityServer).CountInvalidAuthorizations2(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthority/CountInvalidAuthorizations2",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityServer).CountInvalidAuthorizations2(ctx, req.(*CountInvalidAuthorizationsRequest))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthority_CountOrders_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(CountOrdersRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityServer).CountOrders(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthority/CountOrders",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityServer).CountOrders(ctx, req.(*CountOrdersRequest))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthority_CountPendingAuthorizations2_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(RegistrationID)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityServer).CountPendingAuthorizations2(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthority/CountPendingAuthorizations2",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityServer).CountPendingAuthorizations2(ctx, req.(*RegistrationID))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthority_CountRegistrationsByIP_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(CountRegistrationsByIPRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityServer).CountRegistrationsByIP(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthority/CountRegistrationsByIP",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityServer).CountRegistrationsByIP(ctx, req.(*CountRegistrationsByIPRequest))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthority_CountRegistrationsByIPRange_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(CountRegistrationsByIPRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityServer).CountRegistrationsByIPRange(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthority/CountRegistrationsByIPRange",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityServer).CountRegistrationsByIPRange(ctx, req.(*CountRegistrationsByIPRequest))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthority_FQDNSetExists_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(FQDNSetExistsRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityServer).FQDNSetExists(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthority/FQDNSetExists",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityServer).FQDNSetExists(ctx, req.(*FQDNSetExistsRequest))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthority_FQDNSetTimestampsForWindow_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(CountFQDNSetsRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityServer).FQDNSetTimestampsForWindow(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthority/FQDNSetTimestampsForWindow",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityServer).FQDNSetTimestampsForWindow(ctx, req.(*CountFQDNSetsRequest))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthority_GetAuthorization2_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(AuthorizationID2)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityServer).GetAuthorization2(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthority/GetAuthorization2",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityServer).GetAuthorization2(ctx, req.(*AuthorizationID2))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthority_GetAuthorizations2_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(GetAuthorizationsRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityServer).GetAuthorizations2(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthority/GetAuthorizations2",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityServer).GetAuthorizations2(ctx, req.(*GetAuthorizationsRequest))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthority_GetCertificate_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(Serial)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityServer).GetCertificate(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthority/GetCertificate",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityServer).GetCertificate(ctx, req.(*Serial))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthority_GetCertificateStatus_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(Serial)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityServer).GetCertificateStatus(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthority/GetCertificateStatus",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityServer).GetCertificateStatus(ctx, req.(*Serial))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthority_GetMaxExpiration_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(emptypb.Empty)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityServer).GetMaxExpiration(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthority/GetMaxExpiration",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityServer).GetMaxExpiration(ctx, req.(*emptypb.Empty))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthority_GetOrder_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(OrderRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityServer).GetOrder(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthority/GetOrder",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityServer).GetOrder(ctx, req.(*OrderRequest))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthority_GetOrderForNames_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(GetOrderForNamesRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityServer).GetOrderForNames(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthority/GetOrderForNames",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityServer).GetOrderForNames(ctx, req.(*GetOrderForNamesRequest))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthority_GetPendingAuthorization2_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(GetPendingAuthorizationRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityServer).GetPendingAuthorization2(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthority/GetPendingAuthorization2",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityServer).GetPendingAuthorization2(ctx, req.(*GetPendingAuthorizationRequest))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthority_GetPrecertificate_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(Serial)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityServer).GetPrecertificate(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthority/GetPrecertificate",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityServer).GetPrecertificate(ctx, req.(*Serial))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthority_GetRegistration_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(RegistrationID)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityServer).GetRegistration(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthority/GetRegistration",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityServer).GetRegistration(ctx, req.(*RegistrationID))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthority_GetRegistrationByKey_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(JSONWebKey)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityServer).GetRegistrationByKey(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthority/GetRegistrationByKey",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityServer).GetRegistrationByKey(ctx, req.(*JSONWebKey))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthority_GetRevocationStatus_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(Serial)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityServer).GetRevocationStatus(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthority/GetRevocationStatus",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityServer).GetRevocationStatus(ctx, req.(*Serial))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthority_GetRevokedCerts_Handler(srv interface{}, stream grpc.ServerStream) error {
-	m := new(GetRevokedCertsRequest)
-	if err := stream.RecvMsg(m); err != nil {
-		return err
-	}
-	return srv.(StorageAuthorityServer).GetRevokedCerts(m, &storageAuthorityGetRevokedCertsServer{stream})
-}
-
-type StorageAuthority_GetRevokedCertsServer interface {
-	Send(*proto.CRLEntry) error
-	grpc.ServerStream
-}
-
-type storageAuthorityGetRevokedCertsServer struct {
-	grpc.ServerStream
-}
-
-func (x *storageAuthorityGetRevokedCertsServer) Send(m *proto.CRLEntry) error {
-	return x.ServerStream.SendMsg(m)
-}
-
-func _StorageAuthority_GetSerialMetadata_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(Serial)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityServer).GetSerialMetadata(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthority/GetSerialMetadata",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityServer).GetSerialMetadata(ctx, req.(*Serial))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthority_GetValidAuthorizations2_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(GetValidAuthorizationsRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityServer).GetValidAuthorizations2(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthority/GetValidAuthorizations2",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityServer).GetValidAuthorizations2(ctx, req.(*GetValidAuthorizationsRequest))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthority_GetValidOrderAuthorizations2_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(GetValidOrderAuthorizationsRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityServer).GetValidOrderAuthorizations2(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthority/GetValidOrderAuthorizations2",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityServer).GetValidOrderAuthorizations2(ctx, req.(*GetValidOrderAuthorizationsRequest))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthority_IncidentsForSerial_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(Serial)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityServer).IncidentsForSerial(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthority/IncidentsForSerial",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityServer).IncidentsForSerial(ctx, req.(*Serial))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthority_KeyBlocked_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(KeyBlockedRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityServer).KeyBlocked(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthority/KeyBlocked",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityServer).KeyBlocked(ctx, req.(*KeyBlockedRequest))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthority_PreviousCertificateExists_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(PreviousCertificateExistsRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityServer).PreviousCertificateExists(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthority/PreviousCertificateExists",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityServer).PreviousCertificateExists(ctx, req.(*PreviousCertificateExistsRequest))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthority_SerialsForIncident_Handler(srv interface{}, stream grpc.ServerStream) error {
-	m := new(SerialsForIncidentRequest)
-	if err := stream.RecvMsg(m); err != nil {
-		return err
-	}
-	return srv.(StorageAuthorityServer).SerialsForIncident(m, &storageAuthoritySerialsForIncidentServer{stream})
-}
-
-type StorageAuthority_SerialsForIncidentServer interface {
-	Send(*IncidentSerial) error
-	grpc.ServerStream
-}
-
-type storageAuthoritySerialsForIncidentServer struct {
-	grpc.ServerStream
-}
-
-func (x *storageAuthoritySerialsForIncidentServer) Send(m *IncidentSerial) error {
-	return x.ServerStream.SendMsg(m)
-}
-
-func _StorageAuthority_AddBlockedKey_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(AddBlockedKeyRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityServer).AddBlockedKey(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthority/AddBlockedKey",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityServer).AddBlockedKey(ctx, req.(*AddBlockedKeyRequest))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthority_AddCertificate_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(AddCertificateRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityServer).AddCertificate(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthority/AddCertificate",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityServer).AddCertificate(ctx, req.(*AddCertificateRequest))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthority_AddPrecertificate_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(AddCertificateRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityServer).AddPrecertificate(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthority/AddPrecertificate",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityServer).AddPrecertificate(ctx, req.(*AddCertificateRequest))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthority_AddSerial_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(AddSerialRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityServer).AddSerial(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthority/AddSerial",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityServer).AddSerial(ctx, req.(*AddSerialRequest))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthority_DeactivateAuthorization2_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(AuthorizationID2)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityServer).DeactivateAuthorization2(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthority/DeactivateAuthorization2",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityServer).DeactivateAuthorization2(ctx, req.(*AuthorizationID2))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthority_DeactivateRegistration_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(RegistrationID)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityServer).DeactivateRegistration(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthority/DeactivateRegistration",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityServer).DeactivateRegistration(ctx, req.(*RegistrationID))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthority_FinalizeAuthorization2_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(FinalizeAuthorizationRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityServer).FinalizeAuthorization2(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthority/FinalizeAuthorization2",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityServer).FinalizeAuthorization2(ctx, req.(*FinalizeAuthorizationRequest))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthority_FinalizeOrder_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(FinalizeOrderRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityServer).FinalizeOrder(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthority/FinalizeOrder",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityServer).FinalizeOrder(ctx, req.(*FinalizeOrderRequest))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthority_NewAuthorizations2_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(AddPendingAuthorizationsRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityServer).NewAuthorizations2(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthority/NewAuthorizations2",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityServer).NewAuthorizations2(ctx, req.(*AddPendingAuthorizationsRequest))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthority_NewOrder_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(NewOrderRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityServer).NewOrder(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthority/NewOrder",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityServer).NewOrder(ctx, req.(*NewOrderRequest))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthority_NewOrderAndAuthzs_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(NewOrderAndAuthzsRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityServer).NewOrderAndAuthzs(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthority/NewOrderAndAuthzs",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityServer).NewOrderAndAuthzs(ctx, req.(*NewOrderAndAuthzsRequest))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthority_NewRegistration_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(proto.Registration)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityServer).NewRegistration(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthority/NewRegistration",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityServer).NewRegistration(ctx, req.(*proto.Registration))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthority_RevokeCertificate_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(RevokeCertificateRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityServer).RevokeCertificate(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthority/RevokeCertificate",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityServer).RevokeCertificate(ctx, req.(*RevokeCertificateRequest))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthority_SetOrderError_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(SetOrderErrorRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityServer).SetOrderError(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthority/SetOrderError",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityServer).SetOrderError(ctx, req.(*SetOrderErrorRequest))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthority_SetOrderProcessing_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(OrderRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityServer).SetOrderProcessing(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthority/SetOrderProcessing",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityServer).SetOrderProcessing(ctx, req.(*OrderRequest))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthority_UpdateRegistration_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(proto.Registration)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityServer).UpdateRegistration(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthority/UpdateRegistration",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityServer).UpdateRegistration(ctx, req.(*proto.Registration))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthority_UpdateRevokedCertificate_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(RevokeCertificateRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityServer).UpdateRevokedCertificate(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthority/UpdateRevokedCertificate",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityServer).UpdateRevokedCertificate(ctx, req.(*RevokeCertificateRequest))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-// StorageAuthority_ServiceDesc is the grpc.ServiceDesc for StorageAuthority service.
-// It's only intended for direct use with grpc.RegisterService,
-// and not to be introspected or modified (even as a copy)
-var StorageAuthority_ServiceDesc = grpc.ServiceDesc{
-	ServiceName: "sa.StorageAuthority",
-	HandlerType: (*StorageAuthorityServer)(nil),
-	Methods: []grpc.MethodDesc{
-		{
-			MethodName: "CountCertificatesByNames",
-			Handler:    _StorageAuthority_CountCertificatesByNames_Handler,
-		},
-		{
-			MethodName: "CountFQDNSets",
-			Handler:    _StorageAuthority_CountFQDNSets_Handler,
-		},
-		{
-			MethodName: "CountInvalidAuthorizations2",
-			Handler:    _StorageAuthority_CountInvalidAuthorizations2_Handler,
-		},
-		{
-			MethodName: "CountOrders",
-			Handler:    _StorageAuthority_CountOrders_Handler,
-		},
-		{
-			MethodName: "CountPendingAuthorizations2",
-			Handler:    _StorageAuthority_CountPendingAuthorizations2_Handler,
-		},
-		{
-			MethodName: "CountRegistrationsByIP",
-			Handler:    _StorageAuthority_CountRegistrationsByIP_Handler,
-		},
-		{
-			MethodName: "CountRegistrationsByIPRange",
-			Handler:    _StorageAuthority_CountRegistrationsByIPRange_Handler,
-		},
-		{
-			MethodName: "FQDNSetExists",
-			Handler:    _StorageAuthority_FQDNSetExists_Handler,
-		},
-		{
-			MethodName: "FQDNSetTimestampsForWindow",
-			Handler:    _StorageAuthority_FQDNSetTimestampsForWindow_Handler,
-		},
-		{
-			MethodName: "GetAuthorization2",
-			Handler:    _StorageAuthority_GetAuthorization2_Handler,
-		},
-		{
-			MethodName: "GetAuthorizations2",
-			Handler:    _StorageAuthority_GetAuthorizations2_Handler,
-		},
-		{
-			MethodName: "GetCertificate",
-			Handler:    _StorageAuthority_GetCertificate_Handler,
-		},
-		{
-			MethodName: "GetCertificateStatus",
-			Handler:    _StorageAuthority_GetCertificateStatus_Handler,
-		},
-		{
-			MethodName: "GetMaxExpiration",
-			Handler:    _StorageAuthority_GetMaxExpiration_Handler,
-		},
-		{
-			MethodName: "GetOrder",
-			Handler:    _StorageAuthority_GetOrder_Handler,
-		},
-		{
-			MethodName: "GetOrderForNames",
-			Handler:    _StorageAuthority_GetOrderForNames_Handler,
-		},
-		{
-			MethodName: "GetPendingAuthorization2",
-			Handler:    _StorageAuthority_GetPendingAuthorization2_Handler,
-		},
-		{
-			MethodName: "GetPrecertificate",
-			Handler:    _StorageAuthority_GetPrecertificate_Handler,
-		},
-		{
-			MethodName: "GetRegistration",
-			Handler:    _StorageAuthority_GetRegistration_Handler,
-		},
-		{
-			MethodName: "GetRegistrationByKey",
-			Handler:    _StorageAuthority_GetRegistrationByKey_Handler,
-		},
-		{
-			MethodName: "GetRevocationStatus",
-			Handler:    _StorageAuthority_GetRevocationStatus_Handler,
-		},
-		{
-			MethodName: "GetSerialMetadata",
-			Handler:    _StorageAuthority_GetSerialMetadata_Handler,
-		},
-		{
-			MethodName: "GetValidAuthorizations2",
-			Handler:    _StorageAuthority_GetValidAuthorizations2_Handler,
-		},
-		{
-			MethodName: "GetValidOrderAuthorizations2",
-			Handler:    _StorageAuthority_GetValidOrderAuthorizations2_Handler,
-		},
-		{
-			MethodName: "IncidentsForSerial",
-			Handler:    _StorageAuthority_IncidentsForSerial_Handler,
-		},
-		{
-			MethodName: "KeyBlocked",
-			Handler:    _StorageAuthority_KeyBlocked_Handler,
-		},
-		{
-			MethodName: "PreviousCertificateExists",
-			Handler:    _StorageAuthority_PreviousCertificateExists_Handler,
-		},
-		{
-			MethodName: "AddBlockedKey",
-			Handler:    _StorageAuthority_AddBlockedKey_Handler,
-		},
-		{
-			MethodName: "AddCertificate",
-			Handler:    _StorageAuthority_AddCertificate_Handler,
-		},
-		{
-			MethodName: "AddPrecertificate",
-			Handler:    _StorageAuthority_AddPrecertificate_Handler,
-		},
-		{
-			MethodName: "AddSerial",
-			Handler:    _StorageAuthority_AddSerial_Handler,
-		},
-		{
-			MethodName: "DeactivateAuthorization2",
-			Handler:    _StorageAuthority_DeactivateAuthorization2_Handler,
-		},
-		{
-			MethodName: "DeactivateRegistration",
-			Handler:    _StorageAuthority_DeactivateRegistration_Handler,
-		},
-		{
-			MethodName: "FinalizeAuthorization2",
-			Handler:    _StorageAuthority_FinalizeAuthorization2_Handler,
-		},
-		{
-			MethodName: "FinalizeOrder",
-			Handler:    _StorageAuthority_FinalizeOrder_Handler,
-		},
-		{
-			MethodName: "NewAuthorizations2",
-			Handler:    _StorageAuthority_NewAuthorizations2_Handler,
-		},
-		{
-			MethodName: "NewOrder",
-			Handler:    _StorageAuthority_NewOrder_Handler,
-		},
-		{
-			MethodName: "NewOrderAndAuthzs",
-			Handler:    _StorageAuthority_NewOrderAndAuthzs_Handler,
-		},
-		{
-			MethodName: "NewRegistration",
-			Handler:    _StorageAuthority_NewRegistration_Handler,
-		},
-		{
-			MethodName: "RevokeCertificate",
-			Handler:    _StorageAuthority_RevokeCertificate_Handler,
-		},
-		{
-			MethodName: "SetOrderError",
-			Handler:    _StorageAuthority_SetOrderError_Handler,
-		},
-		{
-			MethodName: "SetOrderProcessing",
-			Handler:    _StorageAuthority_SetOrderProcessing_Handler,
-		},
-		{
-			MethodName: "UpdateRegistration",
-			Handler:    _StorageAuthority_UpdateRegistration_Handler,
-		},
-		{
-			MethodName: "UpdateRevokedCertificate",
-			Handler:    _StorageAuthority_UpdateRevokedCertificate_Handler,
-		},
-	},
-	Streams: []grpc.StreamDesc{
-		{
-			StreamName:    "GetRevokedCerts",
-			Handler:       _StorageAuthority_GetRevokedCerts_Handler,
-			ServerStreams: true,
-		},
-		{
-			StreamName:    "SerialsForIncident",
-			Handler:       _StorageAuthority_SerialsForIncident_Handler,
-			ServerStreams: true,
-		},
-	},
-	Metadata: "sa.proto",
-}
diff --git a/vendor/github.com/letsencrypt/boulder/sa/proto/subsets.go b/vendor/github.com/letsencrypt/boulder/sa/proto/subsets.go
deleted file mode 100644
index 5e2221f3f..000000000
--- a/vendor/github.com/letsencrypt/boulder/sa/proto/subsets.go
+++ /dev/null
@@ -1,47 +0,0 @@
-// Copied from the auto-generated sa_grpc.pb.go
-
-package proto
-
-import (
-	context "context"
-
-	proto "github.com/letsencrypt/boulder/core/proto"
-	grpc "google.golang.org/grpc"
-	emptypb "google.golang.org/protobuf/types/known/emptypb"
-)
-
-// StorageAuthorityGetterClient is a read-only subset of the sapb.StorageAuthorityClient interface
-type StorageAuthorityGetterClient interface {
-	GetRegistration(ctx context.Context, in *RegistrationID, opts ...grpc.CallOption) (*proto.Registration, error)
-	GetRegistrationByKey(ctx context.Context, in *JSONWebKey, opts ...grpc.CallOption) (*proto.Registration, error)
-	GetCertificate(ctx context.Context, in *Serial, opts ...grpc.CallOption) (*proto.Certificate, error)
-	GetPrecertificate(ctx context.Context, in *Serial, opts ...grpc.CallOption) (*proto.Certificate, error)
-	GetCertificateStatus(ctx context.Context, in *Serial, opts ...grpc.CallOption) (*proto.CertificateStatus, error)
-	CountCertificatesByNames(ctx context.Context, in *CountCertificatesByNamesRequest, opts ...grpc.CallOption) (*CountByNames, error)
-	CountRegistrationsByIP(ctx context.Context, in *CountRegistrationsByIPRequest, opts ...grpc.CallOption) (*Count, error)
-	CountRegistrationsByIPRange(ctx context.Context, in *CountRegistrationsByIPRequest, opts ...grpc.CallOption) (*Count, error)
-	CountOrders(ctx context.Context, in *CountOrdersRequest, opts ...grpc.CallOption) (*Count, error)
-	CountFQDNSets(ctx context.Context, in *CountFQDNSetsRequest, opts ...grpc.CallOption) (*Count, error)
-	FQDNSetExists(ctx context.Context, in *FQDNSetExistsRequest, opts ...grpc.CallOption) (*Exists, error)
-	PreviousCertificateExists(ctx context.Context, in *PreviousCertificateExistsRequest, opts ...grpc.CallOption) (*Exists, error)
-	GetAuthorization2(ctx context.Context, in *AuthorizationID2, opts ...grpc.CallOption) (*proto.Authorization, error)
-	GetAuthorizations2(ctx context.Context, in *GetAuthorizationsRequest, opts ...grpc.CallOption) (*Authorizations, error)
-	GetPendingAuthorization2(ctx context.Context, in *GetPendingAuthorizationRequest, opts ...grpc.CallOption) (*proto.Authorization, error)
-	CountPendingAuthorizations2(ctx context.Context, in *RegistrationID, opts ...grpc.CallOption) (*Count, error)
-	GetValidOrderAuthorizations2(ctx context.Context, in *GetValidOrderAuthorizationsRequest, opts ...grpc.CallOption) (*Authorizations, error)
-	CountInvalidAuthorizations2(ctx context.Context, in *CountInvalidAuthorizationsRequest, opts ...grpc.CallOption) (*Count, error)
-	GetValidAuthorizations2(ctx context.Context, in *GetValidAuthorizationsRequest, opts ...grpc.CallOption) (*Authorizations, error)
-	KeyBlocked(ctx context.Context, in *KeyBlockedRequest, opts ...grpc.CallOption) (*Exists, error)
-	GetOrder(ctx context.Context, in *OrderRequest, opts ...grpc.CallOption) (*proto.Order, error)
-	GetOrderForNames(ctx context.Context, in *GetOrderForNamesRequest, opts ...grpc.CallOption) (*proto.Order, error)
-	IncidentsForSerial(ctx context.Context, in *Serial, opts ...grpc.CallOption) (*Incidents, error)
-}
-
-// StorageAuthorityCertificateClient is a subset of the sapb.StorageAuthorityClient interface that only reads and writes certificates
-type StorageAuthorityCertificateClient interface {
-	AddSerial(ctx context.Context, in *AddSerialRequest, opts ...grpc.CallOption) (*emptypb.Empty, error)
-	AddPrecertificate(ctx context.Context, in *AddCertificateRequest, opts ...grpc.CallOption) (*emptypb.Empty, error)
-	GetPrecertificate(ctx context.Context, in *Serial, opts ...grpc.CallOption) (*proto.Certificate, error)
-	AddCertificate(ctx context.Context, in *AddCertificateRequest, opts ...grpc.CallOption) (*AddCertificateResponse, error)
-	GetCertificate(ctx context.Context, in *Serial, opts ...grpc.CallOption) (*proto.Certificate, error)
-}
diff --git a/vendor/github.com/letsencrypt/boulder/strictyaml/yaml.go b/vendor/github.com/letsencrypt/boulder/strictyaml/yaml.go
new file mode 100644
index 000000000..8e3bae996
--- /dev/null
+++ b/vendor/github.com/letsencrypt/boulder/strictyaml/yaml.go
@@ -0,0 +1,46 @@
+// Package strictyaml provides a strict YAML unmarshaller based on `go-yaml/yaml`
+package strictyaml
+
+import (
+	"bytes"
+	"errors"
+	"fmt"
+	"io"
+
+	"gopkg.in/yaml.v3"
+)
+
+// Unmarshal takes a byte array and an interface passed by reference. The
+// d.Decode will read the next YAML-encoded value from its input and store it in
+// the value pointed to by yamlObj. Any config keys from the incoming YAML
+// document which do not correspond to expected keys in the config struct will
+// result in errors.
+//
+// TODO(https://github.com/go-yaml/yaml/issues/639): Replace this function with
+// yaml.Unmarshal once a more ergonomic way to set unmarshal options is added
+// upstream.
+func Unmarshal(b []byte, yamlObj interface{}) error {
+	r := bytes.NewReader(b)
+
+	d := yaml.NewDecoder(r)
+	d.KnownFields(true)
+
+	// d.Decode will mutate yamlObj
+	err := d.Decode(yamlObj)
+
+	if err != nil {
+		// io.EOF is returned when the YAML document is empty.
+		if errors.Is(err, io.EOF) {
+			return fmt.Errorf("unmarshalling YAML, bytes cannot be nil: %w", err)
+		}
+		return fmt.Errorf("unmarshalling YAML: %w", err)
+	}
+
+	// As bytes are read by the decoder, the length of the byte buffer should
+	// decrease. If it doesn't, there's a problem.
+	if r.Len() != 0 {
+		return fmt.Errorf("yaml object of size %d bytes had %d bytes of unexpected unconsumed trailers", r.Size(), r.Len())
+	}
+
+	return nil
+}
diff --git a/vendor/github.com/mattn/go-isatty/isatty_bsd.go b/vendor/github.com/mattn/go-isatty/isatty_bsd.go
index d569c0c94..d0ea68f40 100644
--- a/vendor/github.com/mattn/go-isatty/isatty_bsd.go
+++ b/vendor/github.com/mattn/go-isatty/isatty_bsd.go
@@ -1,6 +1,7 @@
-//go:build (darwin || freebsd || openbsd || netbsd || dragonfly || hurd) && !appengine
+//go:build (darwin || freebsd || openbsd || netbsd || dragonfly || hurd) && !appengine && !tinygo
 // +build darwin freebsd openbsd netbsd dragonfly hurd
 // +build !appengine
+// +build !tinygo
 
 package isatty
 
diff --git a/vendor/github.com/mattn/go-isatty/isatty_others.go b/vendor/github.com/mattn/go-isatty/isatty_others.go
index 31503226f..7402e0618 100644
--- a/vendor/github.com/mattn/go-isatty/isatty_others.go
+++ b/vendor/github.com/mattn/go-isatty/isatty_others.go
@@ -1,5 +1,6 @@
-//go:build appengine || js || nacl || wasm
-// +build appengine js nacl wasm
+//go:build (appengine || js || nacl || tinygo || wasm) && !windows
+// +build appengine js nacl tinygo wasm
+// +build !windows
 
 package isatty
 
diff --git a/vendor/github.com/mattn/go-isatty/isatty_tcgets.go b/vendor/github.com/mattn/go-isatty/isatty_tcgets.go
index 67787657f..0337d8cf6 100644
--- a/vendor/github.com/mattn/go-isatty/isatty_tcgets.go
+++ b/vendor/github.com/mattn/go-isatty/isatty_tcgets.go
@@ -1,6 +1,7 @@
-//go:build (linux || aix || zos) && !appengine
+//go:build (linux || aix || zos) && !appengine && !tinygo
 // +build linux aix zos
 // +build !appengine
+// +build !tinygo
 
 package isatty
 
diff --git a/vendor/github.com/matttproud/golang_protobuf_extensions/v2/LICENSE b/vendor/github.com/matttproud/golang_protobuf_extensions/v2/LICENSE
new file mode 100644
index 000000000..8dada3eda
--- /dev/null
+++ b/vendor/github.com/matttproud/golang_protobuf_extensions/v2/LICENSE
@@ -0,0 +1,201 @@
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "{}"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright {yyyy} {name of copyright owner}
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
diff --git a/vendor/github.com/matttproud/golang_protobuf_extensions/NOTICE b/vendor/github.com/matttproud/golang_protobuf_extensions/v2/NOTICE
similarity index 100%
rename from vendor/github.com/matttproud/golang_protobuf_extensions/NOTICE
rename to vendor/github.com/matttproud/golang_protobuf_extensions/v2/NOTICE
diff --git a/vendor/github.com/matttproud/golang_protobuf_extensions/pbutil/.gitignore b/vendor/github.com/matttproud/golang_protobuf_extensions/v2/pbutil/.gitignore
similarity index 100%
rename from vendor/github.com/matttproud/golang_protobuf_extensions/pbutil/.gitignore
rename to vendor/github.com/matttproud/golang_protobuf_extensions/v2/pbutil/.gitignore
diff --git a/vendor/github.com/matttproud/golang_protobuf_extensions/pbutil/Makefile b/vendor/github.com/matttproud/golang_protobuf_extensions/v2/pbutil/Makefile
similarity index 100%
rename from vendor/github.com/matttproud/golang_protobuf_extensions/pbutil/Makefile
rename to vendor/github.com/matttproud/golang_protobuf_extensions/v2/pbutil/Makefile
diff --git a/vendor/github.com/matttproud/golang_protobuf_extensions/pbutil/decode.go b/vendor/github.com/matttproud/golang_protobuf_extensions/v2/pbutil/decode.go
similarity index 83%
rename from vendor/github.com/matttproud/golang_protobuf_extensions/pbutil/decode.go
rename to vendor/github.com/matttproud/golang_protobuf_extensions/v2/pbutil/decode.go
index 258c0636a..7c08e564f 100644
--- a/vendor/github.com/matttproud/golang_protobuf_extensions/pbutil/decode.go
+++ b/vendor/github.com/matttproud/golang_protobuf_extensions/v2/pbutil/decode.go
@@ -19,9 +19,10 @@ import (
 	"errors"
 	"io"
 
-	"github.com/golang/protobuf/proto"
+	"google.golang.org/protobuf/proto"
 )
 
+// TODO: Give error package name prefix in next minor release.
 var errInvalidVarint = errors.New("invalid varint32 encountered")
 
 // ReadDelimited decodes a message from the provided length-delimited stream,
@@ -36,6 +37,12 @@ var errInvalidVarint = errors.New("invalid varint32 encountered")
 // of the stream has been reached in doing so.  In that case, any subsequent
 // calls return (0, io.EOF).
 func ReadDelimited(r io.Reader, m proto.Message) (n int, err error) {
+	// TODO: Consider allowing the caller to specify a decode buffer in the
+	// next major version.
+
+	// TODO: Consider using error wrapping to annotate error state in pass-
+	// through cases in the next minor version.
+
 	// Per AbstractParser#parsePartialDelimitedFrom with
 	// CodedInputStream#readRawVarint32.
 	var headerBuf [binary.MaxVarintLen32]byte
@@ -53,15 +60,14 @@ func ReadDelimited(r io.Reader, m proto.Message) (n int, err error) {
 			if err != nil {
 				return bytesRead, err
 			}
-			// A Reader should not return (0, nil), but if it does,
-			// it should be treated as no-op (according to the
-			// Reader contract). So let's go on...
+			// A Reader should not return (0, nil); but if it does, it should
+			// be treated as no-op according to the Reader contract.
 			continue
 		}
 		bytesRead += newBytesRead
 		// Now present everything read so far to the varint decoder and
 		// see if a varint can be decoded already.
-		messageLength, varIntBytes = proto.DecodeVarint(headerBuf[:bytesRead])
+		messageLength, varIntBytes = binary.Uvarint(headerBuf[:bytesRead])
 	}
 
 	messageBuf := make([]byte, messageLength)
diff --git a/vendor/github.com/matttproud/golang_protobuf_extensions/pbutil/doc.go b/vendor/github.com/matttproud/golang_protobuf_extensions/v2/pbutil/doc.go
similarity index 100%
rename from vendor/github.com/matttproud/golang_protobuf_extensions/pbutil/doc.go
rename to vendor/github.com/matttproud/golang_protobuf_extensions/v2/pbutil/doc.go
diff --git a/vendor/github.com/matttproud/golang_protobuf_extensions/pbutil/encode.go b/vendor/github.com/matttproud/golang_protobuf_extensions/v2/pbutil/encode.go
similarity index 91%
rename from vendor/github.com/matttproud/golang_protobuf_extensions/pbutil/encode.go
rename to vendor/github.com/matttproud/golang_protobuf_extensions/v2/pbutil/encode.go
index 8fb59ad22..e58dd9d29 100644
--- a/vendor/github.com/matttproud/golang_protobuf_extensions/pbutil/encode.go
+++ b/vendor/github.com/matttproud/golang_protobuf_extensions/v2/pbutil/encode.go
@@ -18,7 +18,7 @@ import (
 	"encoding/binary"
 	"io"
 
-	"github.com/golang/protobuf/proto"
+	"google.golang.org/protobuf/proto"
 )
 
 // WriteDelimited encodes and dumps a message to the provided writer prefixed
@@ -28,6 +28,9 @@ import (
 // number of bytes written and any applicable error.  This is roughly
 // equivalent to the companion Java API's MessageLite#writeDelimitedTo.
 func WriteDelimited(w io.Writer, m proto.Message) (n int, err error) {
+	// TODO: Consider allowing the caller to specify an encode buffer in the
+	// next major version.
+
 	buffer, err := proto.Marshal(m)
 	if err != nil {
 		return 0, err
diff --git a/vendor/github.com/spf13/jwalterweatherman/.gitignore b/vendor/github.com/oleiade/reflections/.gitignore
similarity index 94%
rename from vendor/github.com/spf13/jwalterweatherman/.gitignore
rename to vendor/github.com/oleiade/reflections/.gitignore
index a71f88af8..00268614f 100644
--- a/vendor/github.com/spf13/jwalterweatherman/.gitignore
+++ b/vendor/github.com/oleiade/reflections/.gitignore
@@ -20,5 +20,3 @@ _cgo_export.*
 _testmain.go
 
 *.exe
-*.bench
-go.sum
\ No newline at end of file
diff --git a/vendor/github.com/oleiade/reflections/AUTHORS.md b/vendor/github.com/oleiade/reflections/AUTHORS.md
new file mode 100644
index 000000000..1038a43cd
--- /dev/null
+++ b/vendor/github.com/oleiade/reflections/AUTHORS.md
@@ -0,0 +1,9 @@
+## Creator
+
+* Oleiade <tcrevon@gmail.com>
+
+## Contributors
+
+* Cengle <https://github.com/cengle>
+* Tomo Krajina <https://github.com/tkrajina>
+* Seth Shelnutt <https://github.com/Shelnutt2>
diff --git a/vendor/github.com/oleiade/reflections/LICENSE b/vendor/github.com/oleiade/reflections/LICENSE
new file mode 100644
index 000000000..f64224242
--- /dev/null
+++ b/vendor/github.com/oleiade/reflections/LICENSE
@@ -0,0 +1,20 @@
+The MIT License (MIT)
+
+Copyright (c) 2013 Théo Crevon
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of
+this software and associated documentation files (the "Software"), to deal in
+the Software without restriction, including without limitation the rights to
+use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+the Software, and to permit persons to whom the Software is furnished to do so,
+subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/vendor/github.com/oleiade/reflections/README.md b/vendor/github.com/oleiade/reflections/README.md
new file mode 100644
index 000000000..8f6b38d70
--- /dev/null
+++ b/vendor/github.com/oleiade/reflections/README.md
@@ -0,0 +1,235 @@
+Reflections
+===========
+
+Package reflections provides high level abstractions above the golang reflect library.
+
+Reflect library is very low-level and can be quite complex when it comes to do simple things like accessing a structure field value, a field tag...
+
+The purpose of reflections package is to make developers life easier when it comes to introspect structures at runtime.
+Its API is inspired from python language (getattr, setattr, hasattr...) and provides a simplified access to structure fields and tags.
+
+*Reflections is an open source library under the MIT license. Any hackers are welcome to supply ideas, features requests, patches, pull requests and so on: see [Contribute]()*
+
+#### Documentation
+
+Documentation is available at http://godoc.org/github.com/oleiade/reflections
+
+## Usage
+
+#### Accessing structure fields
+
+##### GetField
+
+*GetField* returns the content of a structure field. It can be very usefull when
+you'd wanna iterate over a struct specific fields values for example. You can whether
+provide *GetField* a structure or a pointer to structure as first argument.
+
+```go
+    s := MyStruct {
+        FirstField: "first value",
+        SecondField: 2,
+        ThirdField: "third value",
+    }
+
+    fieldsToExtract := []string{"FirstField", "ThirdField"}
+
+    for _, fieldName := range fieldsToExtract {
+        value, err := reflections.GetField(s, fieldName)
+        DoWhatEverWithThatValue(value)
+    }
+```
+
+##### GetFieldKind
+
+*GetFieldKind* returns the [reflect.Kind](http://golang.org/src/pkg/reflect/type.go?s=6916:6930#L189) of a structure field. It can be used to operate type assertion over a structure fields at runtime.  You can whether provide *GetFieldKind* a structure or a pointer to structure as first argument.
+
+```go
+    s := MyStruct{
+        FirstField:  "first value",
+        SecondField: 2,
+        ThirdField:  "third value",
+    }
+
+    var firstFieldKind reflect.String
+    var secondFieldKind reflect.Int
+    var err error
+
+    firstFieldKind, err = GetFieldKind(s, "FirstField")
+    if err != nil {
+        log.Fatal(err)
+    }
+
+    secondFieldKind, err = GetFieldKind(s, "SecondField")
+    if err != nil {
+        log.Fatal(err)
+    }
+```
+
+##### GetFieldType
+
+*GetFieldType* returns the string literal of a structure field type. It can be used to operate type assertion over a structure fields at runtime.  You can whether provide *GetFieldType* a structure or a pointer to structure as first argument.
+
+```go
+    s := MyStruct{
+        FirstField:  "first value",
+        SecondField: 2,
+        ThirdField:  "third value",
+    }
+
+    var firstFieldKind string
+    var secondFieldKind string
+    var err error
+
+    firstFieldKind, err = GetFieldType(s, "FirstField")
+    if err != nil {
+        log.Fatal(err)
+    }
+
+    secondFieldKind, err = GetFieldType(s, "SecondField")
+    if err != nil {
+        log.Fatal(err)
+    }
+```
+
+##### GetFieldTag
+
+*GetFieldTag* extracts a specific structure field tag. You can whether provide *GetFieldTag* a structure or a pointer to structure as first argument.
+
+
+```go
+    s := MyStruct{}
+
+    tag, err := reflections.GetFieldTag(s, "FirstField", "matched")
+    if err != nil {
+        log.Fatal(err)
+    }
+    fmt.Println(tag)
+
+    tag, err = reflections.GetFieldTag(s, "ThirdField", "unmatched")
+    if err != nil {
+        log.Fatal(err)
+    }
+    fmt.Println(tag)
+```
+
+##### HasField
+
+*HasField* asserts a field exists through structure. You can whether provide *HasField* a structure or a pointer to structure as first argument.
+
+
+```go
+    s := MyStruct {
+        FirstField: "first value",
+        SecondField: 2,
+        ThirdField: "third value",
+    }
+
+    // has == true
+    has, _ := reflections.HasField(s, "FirstField")
+
+    // has == false
+    has, _ := reflections.HasField(s, "FourthField")
+```
+
+##### Fields
+
+*Fields* returns the list of a structure field names, so you can access or modify them later on. You can whether provide *Fields* a structure or a pointer to structure as first argument.
+
+
+```go
+    s := MyStruct {
+        FirstField: "first value",
+        SecondField: 2,
+        ThirdField: "third value",
+    }
+
+    var fields []string
+
+    // Fields will list every structure exportable fields.
+    // Here, it's content would be equal to:
+    // []string{"FirstField", "SecondField", "ThirdField"}
+    fields, _ = reflections.Fields(s)
+```
+
+##### Items
+
+*Items* returns the structure's field name to values map. You can whether provide *Items* a structure or a pointer to structure as first argument.
+
+
+```go
+    s := MyStruct {
+        FirstField: "first value",
+        SecondField: 2,
+        ThirdField: "third value",
+    }
+
+    var structItems map[string]interface{}
+
+    // Items will return a field name to
+    // field value map
+    structItems, _ = reflections.Items(s)
+```
+
+##### Tags
+
+*Tags* returns the structure's fields tag with the provided key. You can whether provide *Tags* a structure or a pointer to structure as first argument.
+
+
+```go
+    s := MyStruct {
+        FirstField: "first value",      `matched:"first tag"`
+        SecondField: 2,                 `matched:"second tag"`
+        ThirdField: "third value",      `unmatched:"third tag"`
+    }
+
+    var structTags map[string]string
+
+    // Tags will return a field name to tag content
+    // map. Nota that only field with the tag name
+    // you've provided which will be matched.
+    // Here structTags will contain:
+    // {
+    //     "FirstField": "first tag",
+    //     "SecondField": "second tag",
+    // }
+    structTags, _ = reflections.Tags(s, "matched")
+```
+
+#### Set a structure field value
+
+*SetField* update's a structure's field value with the one provided. Note that
+unexported fields cannot be set, and that field type and value type have to match.
+
+```go
+    s := MyStruct {
+        FirstField: "first value",
+        SecondField: 2,
+        ThirdField: "third value",
+    }
+
+    // In order to be able to set the structure's values,
+    // a pointer to it has to be passed to it.
+    _ := reflections.SetField(&s, "FirstField", "new value")
+
+    // If you try to set a field's value using the wrong type,
+    // an error will be returned
+    err := reflection.SetField(&s, "FirstField", 123)  // err != nil
+```
+
+## Important notes
+
+* **unexported fields** cannot be accessed or set using reflections library: the golang reflect library intentionaly prohibits unexported fields values access or modifications.
+
+
+## Contribute
+
+* Check for open issues or open a fresh issue to start a discussion around a feature idea or a bug.
+* Fork `the repository`_ on GitHub to start making your changes to the **master** branch (or branch off of it).
+* Write tests which shows that the bug was fixed or that the feature works as expected.
+* Send a pull request and bug the maintainer until it gets merged and published. :) Make sure to add yourself to AUTHORS_.
+
+[the repository](http://github.com/oleiade/reflections)
+[AUTHORS](https://github.com/oleiade/reflections/blob/master/AUTHORS.md)
+
+
+[![Bitdeli Badge](https://d2weczhvl823v0.cloudfront.net/oleiade/reflections/trend.png)](https://bitdeli.com/free "Bitdeli Badge")
diff --git a/vendor/github.com/oleiade/reflections/reflections.go b/vendor/github.com/oleiade/reflections/reflections.go
new file mode 100644
index 000000000..b25b423bb
--- /dev/null
+++ b/vendor/github.com/oleiade/reflections/reflections.go
@@ -0,0 +1,301 @@
+// Copyright (c) 2013 Théo Crevon
+//
+// See the file LICENSE for copying permission.
+
+/*
+Package reflections provides high level abstractions above the
+reflect library.
+
+Reflect library is very low-level and as can be quite complex when it comes to do simple things like accessing a structure field value, a field tag...
+
+The purpose of reflections package is to make developers life easier when it comes to introspect structures at runtime.
+It's API is freely inspired from python language (getattr, setattr, hasattr...) and provides a simplified access to structure fields and tags.
+*/
+package reflections
+
+import (
+	"errors"
+	"fmt"
+	"reflect"
+)
+
+// GetField returns the value of the provided obj field. obj can whether
+// be a structure or pointer to structure.
+func GetField(obj interface{}, name string) (interface{}, error) {
+	if !hasValidType(obj, []reflect.Kind{reflect.Struct, reflect.Ptr}) {
+		return nil, errors.New("Cannot use GetField on a non-struct interface")
+	}
+
+	objValue := reflectValue(obj)
+	field := objValue.FieldByName(name)
+	if !field.IsValid() {
+		return nil, fmt.Errorf("No such field: %s in obj", name)
+	}
+
+	return field.Interface(), nil
+}
+
+// GetFieldKind returns the kind of the provided obj field. obj can whether
+// be a structure or pointer to structure.
+func GetFieldKind(obj interface{}, name string) (reflect.Kind, error) {
+	if !hasValidType(obj, []reflect.Kind{reflect.Struct, reflect.Ptr}) {
+		return reflect.Invalid, errors.New("Cannot use GetField on a non-struct interface")
+	}
+
+	objValue := reflectValue(obj)
+	field := objValue.FieldByName(name)
+
+	if !field.IsValid() {
+		return reflect.Invalid, fmt.Errorf("No such field: %s in obj", name)
+	}
+
+	return field.Type().Kind(), nil
+}
+
+// GetFieldType returns the kind of the provided obj field. obj can whether
+// be a structure or pointer to structure.
+func GetFieldType(obj interface{}, name string) (string, error) {
+	if !hasValidType(obj, []reflect.Kind{reflect.Struct, reflect.Ptr}) {
+		return "", errors.New("Cannot use GetField on a non-struct interface")
+	}
+
+	objValue := reflectValue(obj)
+	field := objValue.FieldByName(name)
+
+	if !field.IsValid() {
+		return "", fmt.Errorf("No such field: %s in obj", name)
+	}
+
+	return field.Type().String(), nil
+}
+
+// GetFieldTag returns the provided obj field tag value. obj can whether
+// be a structure or pointer to structure.
+func GetFieldTag(obj interface{}, fieldName, tagKey string) (string, error) {
+	if !hasValidType(obj, []reflect.Kind{reflect.Struct, reflect.Ptr}) {
+		return "", errors.New("Cannot use GetField on a non-struct interface")
+	}
+
+	objValue := reflectValue(obj)
+	objType := objValue.Type()
+
+	field, ok := objType.FieldByName(fieldName)
+	if !ok {
+		return "", fmt.Errorf("No such field: %s in obj", fieldName)
+	}
+
+	if !isExportableField(field) {
+		return "", errors.New("Cannot GetFieldTag on a non-exported struct field")
+	}
+
+	return field.Tag.Get(tagKey), nil
+}
+
+// SetField sets the provided obj field with provided value. obj param has
+// to be a pointer to a struct, otherwise it will soundly fail. Provided
+// value type should match with the struct field you're trying to set.
+func SetField(obj interface{}, name string, value interface{}) error {
+	// Fetch the field reflect.Value
+	structValue := reflect.ValueOf(obj).Elem()
+	structFieldValue := structValue.FieldByName(name)
+
+	if !structFieldValue.IsValid() {
+		return fmt.Errorf("No such field: %s in obj", name)
+	}
+
+	// If obj field value is not settable an error is thrown
+	if !structFieldValue.CanSet() {
+		return fmt.Errorf("Cannot set %s field value", name)
+	}
+
+	structFieldType := structFieldValue.Type()
+	val := reflect.ValueOf(value)
+	if structFieldType != val.Type() {
+		invalidTypeError := errors.New("Provided value type didn't match obj field type")
+		return invalidTypeError
+	}
+
+	structFieldValue.Set(val)
+	return nil
+}
+
+// HasField checks if the provided field name is part of a struct. obj can whether
+// be a structure or pointer to structure.
+func HasField(obj interface{}, name string) (bool, error) {
+	if !hasValidType(obj, []reflect.Kind{reflect.Struct, reflect.Ptr}) {
+		return false, errors.New("Cannot use GetField on a non-struct interface")
+	}
+
+	objValue := reflectValue(obj)
+	objType := objValue.Type()
+	field, ok := objType.FieldByName(name)
+	if !ok || !isExportableField(field) {
+		return false, nil
+	}
+
+	return true, nil
+}
+
+// Fields returns the struct fields names list. obj can whether
+// be a structure or pointer to structure.
+func Fields(obj interface{}) ([]string, error) {
+	return fields(obj, false)
+}
+
+// FieldsDeep returns "flattened" fields (fields from anonymous
+// inner structs are treated as normal fields)
+func FieldsDeep(obj interface{}) ([]string, error) {
+	return fields(obj, true)
+}
+
+func fields(obj interface{}, deep bool) ([]string, error) {
+	if !hasValidType(obj, []reflect.Kind{reflect.Struct, reflect.Ptr}) {
+		return nil, errors.New("Cannot use GetField on a non-struct interface")
+	}
+
+	objValue := reflectValue(obj)
+	objType := objValue.Type()
+	fieldsCount := objType.NumField()
+
+	var allFields []string
+	for i := 0; i < fieldsCount; i++ {
+		field := objType.Field(i)
+		if isExportableField(field) {
+			if deep && field.Anonymous {
+				fieldValue := objValue.Field(i)
+				subFields, err := fields(fieldValue.Interface(), deep)
+				if err != nil {
+					return nil, fmt.Errorf("Cannot get fields in %s: %s", field.Name, err.Error())
+				}
+				allFields = append(allFields, subFields...)
+			} else {
+				allFields = append(allFields, field.Name)
+			}
+		}
+	}
+
+	return allFields, nil
+}
+
+// Items returns the field - value struct pairs as a map. obj can whether
+// be a structure or pointer to structure.
+func Items(obj interface{}) (map[string]interface{}, error) {
+	return items(obj, false)
+}
+
+// FieldsDeep returns "flattened" items (fields from anonymous
+// inner structs are treated as normal fields)
+func ItemsDeep(obj interface{}) (map[string]interface{}, error) {
+	return items(obj, true)
+}
+
+func items(obj interface{}, deep bool) (map[string]interface{}, error) {
+	if !hasValidType(obj, []reflect.Kind{reflect.Struct, reflect.Ptr}) {
+		return nil, errors.New("Cannot use GetField on a non-struct interface")
+	}
+
+	objValue := reflectValue(obj)
+	objType := objValue.Type()
+	fieldsCount := objType.NumField()
+
+	allItems := make(map[string]interface{})
+
+	for i := 0; i < fieldsCount; i++ {
+		field := objType.Field(i)
+		fieldValue := objValue.Field(i)
+		if isExportableField(field) {
+			if deep && field.Anonymous {
+				if m, err := items(fieldValue.Interface(), deep); err == nil {
+					for k, v := range m {
+						allItems[k] = v
+					}
+				} else {
+					return nil, fmt.Errorf("Cannot get items in %s: %s", field.Name, err.Error())
+				}
+			} else {
+				allItems[field.Name] = fieldValue.Interface()
+			}
+		}
+	}
+
+	return allItems, nil
+}
+
+// Tags lists the struct tag fields. obj can whether
+// be a structure or pointer to structure.
+func Tags(obj interface{}, key string) (map[string]string, error) {
+	return tags(obj, key, false)
+}
+
+// FieldsDeep returns "flattened" tags (fields from anonymous
+// inner structs are treated as normal fields)
+func TagsDeep(obj interface{}, key string) (map[string]string, error) {
+	return tags(obj, key, true)
+}
+
+func tags(obj interface{}, key string, deep bool) (map[string]string, error) {
+	if !hasValidType(obj, []reflect.Kind{reflect.Struct, reflect.Ptr}) {
+		return nil, errors.New("Cannot use GetField on a non-struct interface")
+	}
+
+	objValue := reflectValue(obj)
+	objType := objValue.Type()
+	fieldsCount := objType.NumField()
+
+	allTags := make(map[string]string)
+
+	for i := 0; i < fieldsCount; i++ {
+		structField := objType.Field(i)
+		if isExportableField(structField) {
+			if deep && structField.Anonymous {
+				fieldValue := objValue.Field(i)
+				if m, err := tags(fieldValue.Interface(), key, deep); err == nil {
+					for k, v := range m {
+						allTags[k] = v
+					}
+				} else {
+					return nil, fmt.Errorf("Cannot get items in %s: %s", structField.Name, err.Error())
+				}
+			} else {
+				allTags[structField.Name] = structField.Tag.Get(key)
+			}
+		}
+	}
+
+	return allTags, nil
+}
+
+func reflectValue(obj interface{}) reflect.Value {
+	var val reflect.Value
+
+	if reflect.TypeOf(obj).Kind() == reflect.Ptr {
+		val = reflect.ValueOf(obj).Elem()
+	} else {
+		val = reflect.ValueOf(obj)
+	}
+
+	return val
+}
+
+func isExportableField(field reflect.StructField) bool {
+	// PkgPath is empty for exported fields.
+	return field.PkgPath == ""
+}
+
+func hasValidType(obj interface{}, types []reflect.Kind) bool {
+	for _, t := range types {
+		if reflect.TypeOf(obj).Kind() == t {
+			return true
+		}
+	}
+
+	return false
+}
+
+func isStruct(obj interface{}) bool {
+	return reflect.TypeOf(obj).Kind() == reflect.Struct
+}
+
+func isPointer(obj interface{}) bool {
+	return reflect.TypeOf(obj).Kind() == reflect.Ptr
+}
diff --git a/vendor/github.com/docker/distribution/digestset/set.go b/vendor/github.com/opencontainers/go-digest/digestset/set.go
similarity index 91%
rename from vendor/github.com/docker/distribution/digestset/set.go
rename to vendor/github.com/opencontainers/go-digest/digestset/set.go
index 71327dca7..71f24184c 100644
--- a/vendor/github.com/docker/distribution/digestset/set.go
+++ b/vendor/github.com/opencontainers/go-digest/digestset/set.go
@@ -1,3 +1,18 @@
+// Copyright 2020, 2020 OCI Contributors
+// Copyright 2017 Docker, Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
 package digestset
 
 import (
diff --git a/vendor/github.com/opencontainers/image-spec/specs-go/v1/annotations.go b/vendor/github.com/opencontainers/image-spec/specs-go/v1/annotations.go
index e62892046..581cf7cdf 100644
--- a/vendor/github.com/opencontainers/image-spec/specs-go/v1/annotations.go
+++ b/vendor/github.com/opencontainers/image-spec/specs-go/v1/annotations.go
@@ -59,10 +59,4 @@ const (
 
 	// AnnotationBaseImageName is the annotation key for the image reference of the image's base image.
 	AnnotationBaseImageName = "org.opencontainers.image.base.name"
-
-	// AnnotationArtifactCreated is the annotation key for the date and time on which the artifact was built, conforming to RFC 3339.
-	AnnotationArtifactCreated = "org.opencontainers.artifact.created"
-
-	// AnnotationArtifactDescription is the annotation key for the human readable description for the artifact.
-	AnnotationArtifactDescription = "org.opencontainers.artifact.description"
 )
diff --git a/vendor/github.com/opencontainers/image-spec/specs-go/v1/descriptor.go b/vendor/github.com/opencontainers/image-spec/specs-go/v1/descriptor.go
index 9654aa5af..1881b1181 100644
--- a/vendor/github.com/opencontainers/image-spec/specs-go/v1/descriptor.go
+++ b/vendor/github.com/opencontainers/image-spec/specs-go/v1/descriptor.go
@@ -21,7 +21,7 @@ import digest "github.com/opencontainers/go-digest"
 // when marshalled to JSON.
 type Descriptor struct {
 	// MediaType is the media type of the object this schema refers to.
-	MediaType string `json:"mediaType,omitempty"`
+	MediaType string `json:"mediaType"`
 
 	// Digest is the digest of the targeted content.
 	Digest digest.Digest `json:"digest"`
@@ -52,7 +52,7 @@ type Descriptor struct {
 // Platform describes the platform which the image in the manifest runs on.
 type Platform struct {
 	// Architecture field specifies the CPU architecture, for example
-	// `amd64` or `ppc64`.
+	// `amd64` or `ppc64le`.
 	Architecture string `json:"architecture"`
 
 	// OS specifies the operating system, for example `linux` or `windows`.
@@ -70,3 +70,11 @@ type Platform struct {
 	// example `v7` to specify ARMv7 when architecture is `arm`.
 	Variant string `json:"variant,omitempty"`
 }
+
+// DescriptorEmptyJSON is the descriptor of a blob with content of `{}`.
+var DescriptorEmptyJSON = Descriptor{
+	MediaType: MediaTypeEmptyJSON,
+	Digest:    `sha256:44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a`,
+	Size:      2,
+	Data:      []byte(`{}`),
+}
diff --git a/vendor/github.com/opencontainers/image-spec/specs-go/v1/index.go b/vendor/github.com/opencontainers/image-spec/specs-go/v1/index.go
index ed4a56e59..e2bed9d4e 100644
--- a/vendor/github.com/opencontainers/image-spec/specs-go/v1/index.go
+++ b/vendor/github.com/opencontainers/image-spec/specs-go/v1/index.go
@@ -24,9 +24,15 @@ type Index struct {
 	// MediaType specifies the type of this document data structure e.g. `application/vnd.oci.image.index.v1+json`
 	MediaType string `json:"mediaType,omitempty"`
 
+	// ArtifactType specifies the IANA media type of artifact when the manifest is used for an artifact.
+	ArtifactType string `json:"artifactType,omitempty"`
+
 	// Manifests references platform specific manifests.
 	Manifests []Descriptor `json:"manifests"`
 
+	// Subject is an optional link from the image manifest to another manifest forming an association between the image manifest and the other manifest.
+	Subject *Descriptor `json:"subject,omitempty"`
+
 	// Annotations contains arbitrary metadata for the image index.
 	Annotations map[string]string `json:"annotations,omitempty"`
 }
diff --git a/vendor/github.com/opencontainers/image-spec/specs-go/v1/layout.go b/vendor/github.com/opencontainers/image-spec/specs-go/v1/layout.go
index fc79e9e0d..c5503cb30 100644
--- a/vendor/github.com/opencontainers/image-spec/specs-go/v1/layout.go
+++ b/vendor/github.com/opencontainers/image-spec/specs-go/v1/layout.go
@@ -15,10 +15,14 @@
 package v1
 
 const (
-	// ImageLayoutFile is the file name of oci image layout file
+	// ImageLayoutFile is the file name containing ImageLayout in an OCI Image Layout
 	ImageLayoutFile = "oci-layout"
 	// ImageLayoutVersion is the version of ImageLayout
 	ImageLayoutVersion = "1.0.0"
+	// ImageIndexFile is the file name of the entry point for references and descriptors in an OCI Image Layout
+	ImageIndexFile = "index.json"
+	// ImageBlobsDir is the directory name containing content addressable blobs in an OCI Image Layout
+	ImageBlobsDir = "blobs"
 )
 
 // ImageLayout is the structure in the "oci-layout" file, found in the root
diff --git a/vendor/github.com/opencontainers/image-spec/specs-go/v1/manifest.go b/vendor/github.com/opencontainers/image-spec/specs-go/v1/manifest.go
index 4ce7b54cc..26fec52a6 100644
--- a/vendor/github.com/opencontainers/image-spec/specs-go/v1/manifest.go
+++ b/vendor/github.com/opencontainers/image-spec/specs-go/v1/manifest.go
@@ -39,11 +39,3 @@ type Manifest struct {
 	// Annotations contains arbitrary metadata for the image manifest.
 	Annotations map[string]string `json:"annotations,omitempty"`
 }
-
-// ScratchDescriptor is the descriptor of a blob with content of `{}`.
-var ScratchDescriptor = Descriptor{
-	MediaType: MediaTypeScratch,
-	Digest:    `sha256:44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a`,
-	Size:      2,
-	Data:      []byte(`{}`),
-}
diff --git a/vendor/github.com/opencontainers/image-spec/specs-go/v1/mediatype.go b/vendor/github.com/opencontainers/image-spec/specs-go/v1/mediatype.go
index 5dd31255e..892ba3de9 100644
--- a/vendor/github.com/opencontainers/image-spec/specs-go/v1/mediatype.go
+++ b/vendor/github.com/opencontainers/image-spec/specs-go/v1/mediatype.go
@@ -70,6 +70,6 @@ const (
 	// MediaTypeImageConfig specifies the media type for the image configuration.
 	MediaTypeImageConfig = "application/vnd.oci.image.config.v1+json"
 
-	// MediaTypeScratch specifies the media type for an unused blob containing the value `{}`
-	MediaTypeScratch = "application/vnd.oci.scratch.v1+json"
+	// MediaTypeEmptyJSON specifies the media type for an unused blob containing the value `{}`
+	MediaTypeEmptyJSON = "application/vnd.oci.empty.v1+json"
 )
diff --git a/vendor/github.com/opencontainers/image-spec/specs-go/version.go b/vendor/github.com/opencontainers/image-spec/specs-go/version.go
index 3d4119b44..11e09b584 100644
--- a/vendor/github.com/opencontainers/image-spec/specs-go/version.go
+++ b/vendor/github.com/opencontainers/image-spec/specs-go/version.go
@@ -25,7 +25,7 @@ const (
 	VersionPatch = 0
 
 	// VersionDev indicates development branch. Releases will be empty string.
-	VersionDev = "-rc.3"
+	VersionDev = "-rc.5"
 )
 
 // Version is the specification version that the package types support.
diff --git a/vendor/github.com/outcaste-io/ristretto/.deepsource.toml b/vendor/github.com/outcaste-io/ristretto/.deepsource.toml
new file mode 100644
index 000000000..40609eff3
--- /dev/null
+++ b/vendor/github.com/outcaste-io/ristretto/.deepsource.toml
@@ -0,0 +1,17 @@
+version = 1
+
+test_patterns = [
+  '**/*_test.go'
+]
+
+exclude_patterns = [
+  
+]
+
+[[analyzers]]
+name = 'go'
+enabled = true
+
+
+  [analyzers.meta]
+  import_path = 'github.com/dgraph-io/ristretto'
diff --git a/vendor/github.com/outcaste-io/ristretto/.mailmap b/vendor/github.com/outcaste-io/ristretto/.mailmap
new file mode 100644
index 000000000..8ea0986d4
--- /dev/null
+++ b/vendor/github.com/outcaste-io/ristretto/.mailmap
@@ -0,0 +1 @@
+Manish R Jain <manishrjain@gmail.com> <manish@dgraph.io>
diff --git a/vendor/github.com/outcaste-io/ristretto/CHANGELOG.md b/vendor/github.com/outcaste-io/ristretto/CHANGELOG.md
new file mode 100644
index 000000000..da964bc0c
--- /dev/null
+++ b/vendor/github.com/outcaste-io/ristretto/CHANGELOG.md
@@ -0,0 +1,172 @@
+# Changelog
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
+and this project will adhere to [Semantic Versioning](http://semver.org/spec/v2.0.0.html) starting v1.0.0.
+
+## Unreleased
+
+## [0.1.0] - 2021-06-03
+
+[0.1.0]: https://github.com/dgraph-io/ristretto/compare/v0.1.0..v0.0.3
+This release contains bug fixes and improvements to Ristretto. It also contains
+major updates to the z package. The z package contains types such as Tree (B+
+tree), Buffer, Mmap file, etc. All these types are used in Badger and Dgraph to
+improve performance and reduce memory requirements.
+
+### Changed
+- Make item public. Add a new onReject call for rejected items. (#180)
+
+### Added
+- Use z.Buffer backing for B+ tree (#268)
+- expose GetTTL function (#270)
+- docs(README): Ristretto is production-ready. (#267)
+- Add IterateKV (#265)
+- feat(super-flags): Add GetPath method in superflags (#258)
+- add GetDuration to SuperFlag (#248)
+- add Has, GetFloat64, and GetInt64 to SuperFlag (#247)
+- move SuperFlag to Ristretto (#246)
+- add SuperFlagHelp tool to generate flag help text (#251)
+- allow empty defaults in SuperFlag (#254)
+- add mmaped b+ tree (#207)
+- Add API to allow the MaxCost of an existing cache to be updated. (#200)
+- Add OnExit handler which can be used for manual memory management (#183)
+- Add life expectancy histogram (#182)
+- Add mechanism to wait for items to be processed. (#184)
+
+### Fixed
+- change expiration type from int64 to time.Time (#277)
+- fix(buffer): make buffer capacity atleast defaultCapacity (#273)
+- Fixes for z.PersistentTree (#272)
+- Initialize persistent tree correctly (#271)
+- use xxhash v2 (#266)
+- update comments to correctly reflect counter space usage (#189)
+- enable riscv64 builds (#264)
+- Switch from log to glog (#263)
+- Use Fibonacci for latency numbers
+- cache: fix race when clearning a cache (#261)
+- Check for keys without values in superflags (#259)
+- chore(perf): using tags instead of runtime callers to improve the performance of leak detection (#255)
+- fix(Flags): panic on user errors (#256)
+- fix SuperFlagHelp newline (#252)
+- fix(arm): Fix crashing under ARMv6 due to memory mis-alignment (#239)
+- Fix incorrect unit test coverage depiction (#245)
+- chore(histogram): adding percentile in histogram (#241)
+- fix(windows): use filepath instead of path (#244)
+- fix(MmapFile): Close the fd before deleting the file (#242)
+- Fixes CGO_ENABLED=0 compilation error (#240)
+- fix(build): fix build on non-amd64 architectures (#238)
+- fix(b+tree): Do not double the size of btree (#237)
+- fix(jemalloc): Fix the stats of jemalloc (#236)
+- Don't print stuff, only return strings.
+- Bring memclrNoHeapPointers to z (#235)
+- increase number of buffers from 32 to 64 in allocator (#234)
+- Set minSize to 1MB.
+- Opt(btree): Use Go memory instead of mmap files
+- Opt(btree): Lightweight stats calculation
+- Put padding internally to z.Buffer
+- Chore(z): Add SetTmpDir API to set the temp directory (#233)
+- Add a BufferFrom
+- Bring z.Allocator and z.AllocatorPool back
+- Fix(z.Allocator): Make Allocator use Go memory
+- Updated ZeroOut to use a simple for loop.  (#231)
+- Add concurrency back
+- Add a test to check concurrency of Allocator.
+- Fix(buffer): Expose padding by z.Buffer's APIs and fix test (#222)
+- AllocateSlice should Truncate if the file is not big enough (#226)
+- Zero out allocations for structs now that we're reusing Allocators.
+- Fix the ristretto substring
+- Deal with nil z.AllocatorPool
+- Create an AllocatorPool class.
+- chore(btree): clean NewTree API (#225)
+- fix(MmapFile): Don't error out if fileSize > sz (#224)
+- feat(btree): allow option to reset btree and mmaping it to specified file. (#223)
+- Use mremap on Linux instead of munmap+mmap (#221)
+- Reuse pages in B+ tree (#220)
+- fix(allocator): make nil allocator return go byte slice (#217)
+- fix(buffer): Make padding internal to z.buffer (#216)
+- chore(buffer): add a parent directory field in z.Buffer (#215)
+- Make Allocator concurrent
+- Fix infinite loop in allocator (#214)
+- Add trim func
+- Use allocator pool. Turn off freelist.
+- Add freelists to Allocator to reuse.
+- make DeleteBelow delete values that are less than lo (#211)
+- Avoid an unnecessary Load procedure in IncrementOffset.
+- Add Stats method in Btree.
+- chore(script): fix local test script (#210)
+- fix(btree): Increase buffer size if needed. (#209)
+- chore(btree): add occupancy ratio, search benchmark and compact bug fix (#208)
+- Add licenses, remove prints, and fix a bug in compact
+- Add IncrementOffset API for z.buffers (#206)
+- Show count when printing histogram (#201)
+- Zbuffer: Add LenNoPadding and make padding 8 bytes (#204)
+- Allocate Go memory in case allocator is nil.
+- Add leak detection via leak build flag and fix a leak during cache.Close.
+- Add some APIs for allocator and buffer
+- Sync before truncation or close.
+- Handle nil MmapFile for Sync.
+- Public methods must not panic after Close() (#202)
+- Check for RD_ONLY correctly.
+- Modify MmapFile APIs
+- Add a bunch of APIs around MmapFile
+- Move APIs for mmapfile creation over to z package.
+- Add ZeroOut func
+- Add SliceOffsets
+- z: Add TotalSize method on bloom filter (#197)
+- Add Msync func
+- Buffer: Use 256 GB mmap size instead of MaxInt64 (#198)
+- Add a simple test to check next2Pow
+- Improve memory performance (#195)
+- Have a way to automatically mmap a growing buffer (#196)
+- Introduce Mmapped buffers and Merge Sort (#194)
+- Add a way to access an allocator via reference.
+- Use jemalloc.a to ensure compilation with the Go binary
+- Fix up a build issue with ReadMemStats
+- Add ReadMemStats function (#193)
+- Allocator helps allocate memory to be used by unsafe structs (#192)
+- Improve histogram output
+- Move Closer from y to z (#191)
+- Add histogram.Mean() method (#188)
+- Introduce Calloc: Manual Memory Management via jemalloc (#186)
+
+## [0.0.3] - 2020-07-06
+
+[0.0.3]: https://github.com/dgraph-io/ristretto/compare/v0.0.2..v0.0.3
+
+### Changed
+
+### Added
+
+### Fixed
+
+- z: use MemHashString and xxhash.Sum64String ([#153][])
+- Check conflict key before updating expiration map. ([#154][])
+- Fix race condition in Cache.Clear ([#133][])
+- Improve handling of updated items ([#168][])
+- Fix droppedSets count while updating the item ([#171][])
+
+## [0.0.2] - 2020-02-24
+
+[0.0.2]: https://github.com/dgraph-io/ristretto/compare/v0.0.1..v0.0.2
+
+### Added
+
+- Sets with TTL. ([#122][])
+
+### Fixed
+
+- Fix the way metrics are handled for deletions. ([#111][])
+- Support nil `*Cache` values in `Clear` and `Close`. ([#119][]) 
+- Delete item immediately. ([#113][])
+- Remove key from policy after TTL eviction. ([#130][])
+
+[#111]: https://github.com/dgraph-io/ristretto/issues/111
+[#113]: https://github.com/dgraph-io/ristretto/issues/113
+[#119]: https://github.com/dgraph-io/ristretto/issues/119
+[#122]: https://github.com/dgraph-io/ristretto/issues/122
+[#130]: https://github.com/dgraph-io/ristretto/issues/130
+
+## 0.0.1
+
+First release. Basic cache functionality based on a LFU policy.
diff --git a/vendor/github.com/outcaste-io/ristretto/LICENSE b/vendor/github.com/outcaste-io/ristretto/LICENSE
new file mode 100644
index 000000000..d9a10c0d8
--- /dev/null
+++ b/vendor/github.com/outcaste-io/ristretto/LICENSE
@@ -0,0 +1,176 @@
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
diff --git a/vendor/github.com/outcaste-io/ristretto/README.md b/vendor/github.com/outcaste-io/ristretto/README.md
new file mode 100644
index 000000000..80a43ec14
--- /dev/null
+++ b/vendor/github.com/outcaste-io/ristretto/README.md
@@ -0,0 +1,237 @@
+# Ristretto
+[![Go Doc](https://img.shields.io/badge/godoc-reference-blue.svg)](http://godoc.org/github.com/outcaste-io/ristretto)
+[![Go Report Card](https://img.shields.io/badge/go%20report-A%2B-brightgreen)](https://goreportcard.com/report/github.com/outcaste-io/ristretto)
+[![Coverage](https://gocover.io/_badge/github.com/outcaste-io/ristretto)](https://gocover.io/github.com/outcaste-io/ristretto)
+![Tests](https://github.com/outcaste-io/ristretto/workflows/tests/badge.svg)
+
+**This is a fork of dgraph-io/ristretto, maintained by @manishrjain.**
+
+Ristretto is a fast, concurrent cache library built with a focus on performance and correctness.
+
+The motivation to build Ristretto comes from the need for a contention-free
+cache.
+
+[issues]: https://github.com/outcaste-io/issues
+
+## Features
+
+* **High Hit Ratios** - with our unique admission/eviction policy pairing, Ristretto's performance is best in class.
+	* **Eviction: SampledLFU** - on par with exact LRU and better performance on Search and Database traces.
+	* **Admission: TinyLFU** - extra performance with little memory overhead (12 bits per counter).
+* **Fast Throughput** - we use a variety of techniques for managing contention and the result is excellent throughput.
+* **Cost-Based Eviction** - any large new item deemed valuable can evict multiple smaller items (cost could be anything).
+* **Fully Concurrent** - you can use as many goroutines as you want with little throughput degradation.
+* **Metrics** - optional performance metrics for throughput, hit ratios, and other stats.
+* **Simple API** - just figure out your ideal `Config` values and you're off and running.
+
+## Note on jemalloc
+
+We have been using jemalloc v5.2.1.
+To use jemalloc, please configure jemalloc with these flags:
+
+```
+./configure --with-install-suffix='_outcaste' --with-jemalloc-prefix='je_' --with-malloc-conf='background_thread:true,metadata_thp:auto'; \
+make
+make install_lib install_include # Use sudo if needed in this step.
+```
+
+outserv/outserv Makefile has these build steps already present. You can run
+`make jemalloc` to install it. This jemalloc would not interfere with any other
+jemalloc installation that might already be present on the system.
+
+
+## Status
+
+Ristretto is production-ready. See [Projects using Ristretto](#projects-using-ristretto).
+
+## Table of Contents
+
+* [Usage](#Usage)
+	* [Example](#Example)
+	* [Config](#Config)
+		* [NumCounters](#Config)
+		* [MaxCost](#Config)
+		* [BufferItems](#Config)
+		* [Metrics](#Config)
+		* [OnEvict](#Config)
+		* [KeyToHash](#Config)
+        * [Cost](#Config)
+* [Benchmarks](#Benchmarks)
+	* [Hit Ratios](#Hit-Ratios)
+		* [Search](#Search)
+		* [Database](#Database)
+		* [Looping](#Looping)
+		* [CODASYL](#CODASYL)
+	* [Throughput](#Throughput)
+		* [Mixed](#Mixed)
+		* [Read](#Read)
+		* [Write](#Write)
+* [Projects using Ristretto](#projects-using-ristretto)
+* [FAQ](#FAQ)
+
+## Usage
+
+### Example
+
+```go
+func main() {
+	cache, err := ristretto.NewCache(&ristretto.Config{
+		NumCounters: 1e7,     // number of keys to track frequency of (10M).
+		MaxCost:     1 << 30, // maximum cost of cache (1GB).
+		BufferItems: 64,      // number of keys per Get buffer.
+	})
+	if err != nil {
+		panic(err)
+	}
+
+	// set a value with a cost of 1
+	cache.Set("key", "value", 1)
+
+	// wait for value to pass through buffers
+	cache.Wait()
+
+	value, found := cache.Get("key")
+	if !found {
+		panic("missing value")
+	}
+	fmt.Println(value)
+	cache.Del("key")
+}
+```
+
+### Config
+
+The `Config` struct is passed to `NewCache` when creating Ristretto instances (see the example above).
+
+**NumCounters** `int64`
+
+NumCounters is the number of 4-bit access counters to keep for admission and eviction. We've seen good performance in setting this to 10x the number of items you expect to keep in the cache when full.
+
+For example, if you expect each item to have a cost of 1 and MaxCost is 100, set NumCounters to 1,000. Or, if you use variable cost values but expect the cache to hold around 10,000 items when full, set NumCounters to 100,000. The important thing is the *number of unique items* in the full cache, not necessarily the MaxCost value.
+
+**MaxCost** `int64`
+
+MaxCost is how eviction decisions are made. For example, if MaxCost is 100 and a new item with a cost of 1 increases total cache cost to 101, 1 item will be evicted.
+
+MaxCost can also be used to denote the max size in bytes. For example, if MaxCost is 1,000,000 (1MB) and the cache is full with 1,000 1KB items, a new item (that's accepted) would cause 5 1KB items to be evicted.
+
+MaxCost could be anything as long as it matches how you're using the cost values when calling Set.
+
+**BufferItems** `int64`
+
+BufferItems is the size of the Get buffers. The best value we've found for this is 64.
+
+If for some reason you see Get performance decreasing with lots of contention (you shouldn't), try increasing this value in increments of 64. This is a fine-tuning mechanism and you probably won't have to touch this.
+
+**Metrics** `bool`
+
+Metrics is true when you want real-time logging of a variety of stats. The reason this is a Config flag is because there's a 10% throughput performance overhead.
+
+**OnEvict** `func(hashes [2]uint64, value interface{}, cost int64)`
+
+OnEvict is called for every eviction.
+
+**KeyToHash** `func(key interface{}) [2]uint64`
+
+KeyToHash is the hashing algorithm used for every key. If this is nil, Ristretto has a variety of [defaults depending on the underlying interface type](https://github.com/outcaste-io/ristretto/blob/master/z/z.go#L19-L41).
+
+Note that if you want 128bit hashes you should use the full `[2]uint64`,
+otherwise just fill the `uint64` at the `0` position and it will behave like
+any 64bit hash.
+
+**Cost** `func(value interface{}) int64`
+
+Cost is an optional function you can pass to the Config in order to evaluate
+item cost at runtime, and only for the Set calls that aren't dropped (this is
+useful if calculating item cost is particularly expensive and you don't want to
+waste time on items that will be dropped anyways).
+
+To signal to Ristretto that you'd like to use this Cost function:
+
+1. Set the Cost field to a non-nil function.
+2. When calling Set for new items or item updates, use a `cost` of 0.
+
+## Benchmarks
+
+The benchmarks can be found in https://github.com/dgraph-io/benchmarks/tree/master/cachebench/ristretto.
+
+### Hit Ratios
+
+#### Search
+
+This trace is described as "disk read accesses initiated by a large commercial
+search engine in response to various web search requests."
+
+<p align="center">
+	<img src="https://raw.githubusercontent.com/dgraph-io/ristretto/master/benchmarks/Hit%20Ratios%20-%20Search%20(ARC-S3).svg">
+</p>
+
+#### Database
+
+This trace is described as "a database server running at a commercial site
+running an ERP application on top of a commercial database."
+
+<p align="center">
+	<img src="https://raw.githubusercontent.com/dgraph-io/ristretto/master/benchmarks/Hit%20Ratios%20-%20Database%20(ARC-DS1).svg">
+</p>
+
+#### Looping
+
+This trace demonstrates a looping access pattern.
+
+<p align="center">
+	<img src="https://raw.githubusercontent.com/dgraph-io/ristretto/master/benchmarks/Hit%20Ratios%20-%20Glimpse%20(LIRS-GLI).svg">
+</p>
+
+#### CODASYL
+
+This trace is described as "references to a CODASYL database for a one hour
+period."
+
+<p align="center">
+	<img src="https://raw.githubusercontent.com/dgraph-io/ristretto/master/benchmarks/Hit%20Ratios%20-%20CODASYL%20(ARC-OLTP).svg">
+</p>
+
+### Throughput
+
+All throughput benchmarks were ran on an Intel Core i7-8700K (3.7GHz) with 16gb
+of RAM.
+
+#### Mixed
+
+<p align="center">
+	<img src="https://raw.githubusercontent.com/dgraph-io/ristretto/master/benchmarks/Throughput%20-%20Mixed.svg">
+</p>
+
+#### Read
+
+<p align="center">
+	<img src="https://raw.githubusercontent.com/dgraph-io/ristretto/master/benchmarks/Throughput%20-%20Read%20(Zipfian).svg">
+</p>
+
+#### Write
+
+<p align="center">
+	<img src="https://raw.githubusercontent.com/dgraph-io/ristretto/master/benchmarks/Throughput%20-%20Write%20(Zipfian).svg">
+</p>
+
+## Projects Using Ristretto
+
+Below is a list of known projects that use Ristretto:
+
+- [Badger](https://github.com/dgraph-io/badger) - Embeddable key-value DB in Go
+- [Dgraph](https://github.com/dgraph-io/dgraph) - Horizontally scalable and distributed GraphQL database with a graph backend
+- [Vitess](https://github.com/vitessio/vitess) - Database clustering system for horizontal scaling of MySQL
+- [SpiceDB](https://github.com/authzed/spicedb) - Horizontally scalable permissions database
+
+## FAQ
+
+### How are you achieving this performance? What shortcuts are you taking?
+
+We go into detail in the [Ristretto blog post](https://blog.dgraph.io/post/introducing-ristretto-high-perf-go-cache/), but in short: our throughput performance can be attributed to a mix of batching and eventual consistency. Our hit ratio performance is mostly due to an excellent [admission policy](https://arxiv.org/abs/1512.00727) and SampledLFU eviction policy.
+
+As for "shortcuts," the only thing Ristretto does that could be construed as one is dropping some Set calls. That means a Set call for a new item (updates are guaranteed) isn't guaranteed to make it into the cache. The new item could be dropped at two points: when passing through the Set buffer or when passing through the admission policy. However, this doesn't affect hit ratios much at all as we expect the most popular items to be Set multiple times and eventually make it in the cache.
+
+### Is Ristretto distributed?
+
+No, it's just like any other Go library that you can import into your project and use in a single process.
diff --git a/vendor/github.com/outcaste-io/ristretto/cache.go b/vendor/github.com/outcaste-io/ristretto/cache.go
new file mode 100644
index 000000000..18e3647e8
--- /dev/null
+++ b/vendor/github.com/outcaste-io/ristretto/cache.go
@@ -0,0 +1,520 @@
+/*
+ * Copyright 2019 Dgraph Labs, Inc. and Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+// Ristretto is a fast, fixed size, in-memory cache with a dual focus on
+// throughput and hit ratio performance. You can easily add Ristretto to an
+// existing system and keep the most valuable data where you need it.
+package ristretto
+
+import (
+	"errors"
+	"sync"
+	"time"
+	"unsafe"
+
+	"github.com/outcaste-io/ristretto/z"
+	"go.uber.org/atomic"
+)
+
+var (
+	// TODO: find the optimal value for this or make it configurable
+	setBufSize = 32 * 1024
+)
+
+type itemCallback func(*Item)
+
+const itemSize = int64(unsafe.Sizeof(storeItem{}))
+
+// Cache is a thread-safe implementation of a hashmap with a TinyLFU admission
+// policy and a Sampled LFU eviction policy. You can use the same Cache instance
+// from as many goroutines as you want.
+type Cache struct {
+	// store is the central concurrent hashmap where key-value items are stored.
+	store *shardedMap
+	// policy determines what gets let in to the cache and what gets kicked out.
+	policy *lfuPolicy
+	// getBuf is a custom ring buffer implementation that gets pushed to when
+	// keys are read.
+	getBuf *ringBuffer
+	// setBuf is a buffer allowing us to batch/drop Sets during times of high
+	// contention.
+	setBuf chan *Item
+	// onEvict is called for item evictions.
+	onEvict itemCallback
+	// onReject is called when an item is rejected via admission policy.
+	onReject itemCallback
+	// onExit is called whenever a value goes out of scope from the cache.
+	onExit (func(interface{}))
+	// KeyToHash function is used to customize the key hashing algorithm.
+	// Each key will be hashed using the provided function. If keyToHash value
+	// is not set, the default keyToHash function is used.
+	keyToHash func(interface{}) (uint64, uint64)
+	// stop is used to stop the processItems goroutine.
+	stop chan struct{}
+	// indicates whether cache is closed.
+	isClosed atomic.Bool
+	// cost calculates cost from a value.
+	cost func(value interface{}) int64
+	// ignoreInternalCost dictates whether to ignore the cost of internally storing
+	// the item in the cost calculation.
+	ignoreInternalCost bool
+	// cleanupTicker is used to periodically check for entries whose TTL has passed.
+	cleanupTicker *time.Ticker
+	// Metrics contains a running log of important statistics like hits, misses,
+	// and dropped items.
+	Metrics *Metrics
+}
+
+// Config is passed to NewCache for creating new Cache instances.
+type Config struct {
+	// NumCounters determines the number of counters (keys) to keep that hold
+	// access frequency information. It's generally a good idea to have more
+	// counters than the max cache capacity, as this will improve eviction
+	// accuracy and subsequent hit ratios.
+	//
+	// For example, if you expect your cache to hold 1,000,000 items when full,
+	// NumCounters should be 10,000,000 (10x). Each counter takes up roughly
+	// 3 bytes (4 bits for each counter * 4 copies plus about a byte per
+	// counter for the bloom filter). Note that the number of counters is
+	// internally rounded up to the nearest power of 2, so the space usage
+	// may be a little larger than 3 bytes * NumCounters.
+	NumCounters int64
+	// MaxCost can be considered as the cache capacity, in whatever units you
+	// choose to use.
+	//
+	// For example, if you want the cache to have a max capacity of 100MB, you
+	// would set MaxCost to 100,000,000 and pass an item's number of bytes as
+	// the `cost` parameter for calls to Set. If new items are accepted, the
+	// eviction process will take care of making room for the new item and not
+	// overflowing the MaxCost value.
+	MaxCost int64
+	// BufferItems determines the size of Get buffers.
+	//
+	// Unless you have a rare use case, using `64` as the BufferItems value
+	// results in good performance.
+	BufferItems int64
+	// Metrics determines whether cache statistics are kept during the cache's
+	// lifetime. There *is* some overhead to keeping statistics, so you should
+	// only set this flag to true when testing or throughput performance isn't a
+	// major factor.
+	Metrics bool
+	// OnEvict is called for every eviction and passes the hashed key, value,
+	// and cost to the function.
+	OnEvict func(item *Item)
+	// OnReject is called for every rejection done via the policy.
+	OnReject func(item *Item)
+	// OnExit is called whenever a value is removed from cache. This can be
+	// used to do manual memory deallocation. Would also be called on eviction
+	// and rejection of the value.
+	OnExit func(val interface{})
+	// KeyToHash function is used to customize the key hashing algorithm.
+	// Each key will be hashed using the provided function. If keyToHash value
+	// is not set, the default keyToHash function is used.
+	KeyToHash func(key interface{}) (uint64, uint64)
+	// shouldUpdate is called when a value already exists in cache and is being updated.
+	ShouldUpdate func(prev, cur interface{}) bool
+	// Cost evaluates a value and outputs a corresponding cost. This function
+	// is ran after Set is called for a new item or an item update with a cost
+	// param of 0.
+	Cost func(value interface{}) int64
+	// IgnoreInternalCost set to true indicates to the cache that the cost of
+	// internally storing the value should be ignored. This is useful when the
+	// cost passed to set is not using bytes as units. Keep in mind that setting
+	// this to true will increase the memory usage.
+	IgnoreInternalCost bool
+}
+
+type itemFlag byte
+
+const (
+	itemNew itemFlag = iota
+	itemDelete
+	itemUpdate
+)
+
+// Item is passed to setBuf so items can eventually be added to the cache.
+type Item struct {
+	flag       itemFlag
+	Key        uint64
+	Conflict   uint64
+	Value      interface{}
+	Cost       int64
+	Expiration time.Time
+	wg         *sync.WaitGroup
+}
+
+// NewCache returns a new Cache instance and any configuration errors, if any.
+func NewCache(config *Config) (*Cache, error) {
+	switch {
+	case config.NumCounters == 0:
+		return nil, errors.New("NumCounters can't be zero")
+	case config.MaxCost == 0:
+		return nil, errors.New("MaxCost can't be zero")
+	case config.BufferItems == 0:
+		return nil, errors.New("BufferItems can't be zero")
+	}
+	policy := newPolicy(config.NumCounters, config.MaxCost)
+	cache := &Cache{
+		store:              newShardedMap(config.ShouldUpdate),
+		policy:             policy,
+		getBuf:             newRingBuffer(policy, config.BufferItems),
+		setBuf:             make(chan *Item, setBufSize),
+		keyToHash:          config.KeyToHash,
+		stop:               make(chan struct{}),
+		cost:               config.Cost,
+		ignoreInternalCost: config.IgnoreInternalCost,
+		cleanupTicker:      time.NewTicker(time.Duration(bucketDurationSecs) * time.Second / 2),
+	}
+	cache.onExit = func(val interface{}) {
+		if config.OnExit != nil && val != nil {
+			config.OnExit(val)
+		}
+	}
+	cache.onEvict = func(item *Item) {
+		if config.OnEvict != nil {
+			config.OnEvict(item)
+		}
+		cache.onExit(item.Value)
+	}
+	cache.onReject = func(item *Item) {
+		if config.OnReject != nil {
+			config.OnReject(item)
+		}
+		cache.onExit(item.Value)
+	}
+	cache.store.shouldUpdate = func(prev, cur interface{}) bool {
+		if config.ShouldUpdate != nil {
+			return config.ShouldUpdate(prev, cur)
+		}
+		return true
+	}
+	if cache.keyToHash == nil {
+		cache.keyToHash = z.KeyToHash
+	}
+	if config.Metrics {
+		cache.collectMetrics()
+	}
+	// NOTE: benchmarks seem to show that performance decreases the more
+	//       goroutines we have running cache.processItems(), so 1 should
+	//       usually be sufficient
+	go cache.processItems()
+	return cache, nil
+}
+
+func (c *Cache) Wait() {
+	if c == nil || c.isClosed.Load() {
+		return
+	}
+	wg := &sync.WaitGroup{}
+	wg.Add(1)
+	c.setBuf <- &Item{wg: wg}
+	wg.Wait()
+}
+
+// Get returns the value (if any) and a boolean representing whether the
+// value was found or not. The value can be nil and the boolean can be true at
+// the same time.
+func (c *Cache) Get(key interface{}) (interface{}, bool) {
+	if c == nil || c.isClosed.Load() || key == nil {
+		return nil, false
+	}
+	keyHash, conflictHash := c.keyToHash(key)
+	c.getBuf.Push(keyHash)
+	value, ok := c.store.Get(keyHash, conflictHash)
+	if ok {
+		c.Metrics.add(hit, keyHash, 1)
+	} else {
+		c.Metrics.add(miss, keyHash, 1)
+	}
+	return value, ok
+}
+
+// Set attempts to add the key-value item to the cache. If it returns false,
+// then the Set was dropped and the key-value item isn't added to the cache. If
+// it returns true, there's still a chance it could be dropped by the policy if
+// its determined that the key-value item isn't worth keeping, but otherwise the
+// item will be added and other items will be evicted in order to make room.
+//
+// To dynamically evaluate the items cost using the Config.Coster function, set
+// the cost parameter to 0 and Coster will be ran when needed in order to find
+// the items true cost.
+func (c *Cache) Set(key, value interface{}, cost int64) bool {
+	return c.SetWithTTL(key, value, cost, 0*time.Second)
+}
+
+// SetWithTTL works like Set but adds a key-value pair to the cache that will expire
+// after the specified TTL (time to live) has passed. A zero value means the value never
+// expires, which is identical to calling Set. A negative value is a no-op and the value
+// is discarded.
+func (c *Cache) SetWithTTL(key, value interface{}, cost int64, ttl time.Duration) bool {
+	return c.setInternal(key, value, cost, ttl, false)
+}
+
+// SetIfPresent is like Set, but only updates the value of an existing key. It
+// does NOT add the key to cache if it's absent.
+func (c *Cache) SetIfPresent(key, value interface{}, cost int64) bool {
+	return c.setInternal(key, value, cost, 0*time.Second, true)
+}
+
+func (c *Cache) setInternal(key, value interface{},
+	cost int64, ttl time.Duration, onlyUpdate bool) bool {
+	if c == nil || c.isClosed.Load() || key == nil {
+		return false
+	}
+
+	var expiration time.Time
+	switch {
+	case ttl == 0:
+		// No expiration.
+		break
+	case ttl < 0:
+		// Treat this a a no-op.
+		return false
+	default:
+		expiration = time.Now().Add(ttl)
+	}
+
+	keyHash, conflictHash := c.keyToHash(key)
+	i := &Item{
+		flag:       itemNew,
+		Key:        keyHash,
+		Conflict:   conflictHash,
+		Value:      value,
+		Cost:       cost,
+		Expiration: expiration,
+	}
+	if onlyUpdate {
+		i.flag = itemUpdate
+	}
+	// cost is eventually updated. The expiration must also be immediately updated
+	// to prevent items from being prematurely removed from the map.
+	if prev, ok := c.store.Update(i); ok {
+		c.onExit(prev)
+		i.flag = itemUpdate
+	} else if onlyUpdate {
+		// The instruction was to update the key, but store.Update failed. So,
+		// this is a NOOP.
+		return false
+	}
+	// Attempt to send item to policy.
+	select {
+	case c.setBuf <- i:
+		return true
+	default:
+		if i.flag == itemUpdate {
+			// Return true if this was an update operation since we've already
+			// updated the store. For all the other operations (set/delete), we
+			// return false which means the item was not inserted.
+			return true
+		}
+		c.Metrics.add(dropSets, keyHash, 1)
+		return false
+	}
+}
+
+// Del deletes the key-value item from the cache if it exists.
+func (c *Cache) Del(key interface{}) {
+	if c == nil || c.isClosed.Load() || key == nil {
+		return
+	}
+	keyHash, conflictHash := c.keyToHash(key)
+	// Delete immediately.
+	_, prev := c.store.Del(keyHash, conflictHash)
+	c.onExit(prev)
+	// If we've set an item, it would be applied slightly later.
+	// So we must push the same item to `setBuf` with the deletion flag.
+	// This ensures that if a set is followed by a delete, it will be
+	// applied in the correct order.
+	c.setBuf <- &Item{
+		flag:     itemDelete,
+		Key:      keyHash,
+		Conflict: conflictHash,
+	}
+}
+
+// GetTTL returns the TTL for the specified key and a bool that is true if the
+// item was found and is not expired.
+func (c *Cache) GetTTL(key interface{}) (time.Duration, bool) {
+	if c == nil || key == nil {
+		return 0, false
+	}
+
+	keyHash, conflictHash := c.keyToHash(key)
+	if _, ok := c.store.Get(keyHash, conflictHash); !ok {
+		// not found
+		return 0, false
+	}
+
+	expiration := c.store.Expiration(keyHash)
+	if expiration.IsZero() {
+		// found but no expiration
+		return 0, true
+	}
+
+	if time.Now().After(expiration) {
+		// found but expired
+		return 0, false
+	}
+
+	return time.Until(expiration), true
+}
+
+// Close stops all goroutines and closes all channels.
+func (c *Cache) Close() {
+	if c == nil || c.isClosed.Load() {
+		return
+	}
+	c.Clear()
+
+	// Block until processItems goroutine is returned.
+	c.stop <- struct{}{}
+	close(c.stop)
+	close(c.setBuf)
+	c.policy.Close()
+	c.isClosed.Store(true)
+}
+
+// Clear empties the hashmap and zeroes all policy counters. Note that this is
+// not an atomic operation (but that shouldn't be a problem as it's assumed that
+// Set/Get calls won't be occurring until after this).
+func (c *Cache) Clear() {
+	if c == nil || c.isClosed.Load() {
+		return
+	}
+	// Block until processItems goroutine is returned.
+	c.stop <- struct{}{}
+
+	// Clear out the setBuf channel.
+loop:
+	for {
+		select {
+		case i := <-c.setBuf:
+			if i.wg != nil {
+				i.wg.Done()
+				continue
+			}
+			if i.flag != itemUpdate {
+				// In itemUpdate, the value is already set in the store.  So, no need to call
+				// onEvict here.
+				c.onEvict(i)
+			}
+		default:
+			break loop
+		}
+	}
+
+	// Clear value hashmap and policy data.
+	c.policy.Clear()
+	c.store.Clear(c.onEvict)
+	// Only reset metrics if they're enabled.
+	if c.Metrics != nil {
+		c.Metrics.Clear()
+	}
+	// Restart processItems goroutine.
+	go c.processItems()
+}
+
+// MaxCost returns the max cost of the cache.
+func (c *Cache) MaxCost() int64 {
+	if c == nil {
+		return 0
+	}
+	return c.policy.MaxCost()
+}
+
+// UpdateMaxCost updates the maxCost of an existing cache.
+func (c *Cache) UpdateMaxCost(maxCost int64) {
+	if c == nil {
+		return
+	}
+	c.policy.UpdateMaxCost(maxCost)
+}
+
+// processItems is ran by goroutines processing the Set buffer.
+func (c *Cache) processItems() {
+	startTs := make(map[uint64]time.Time)
+	numToKeep := 100000 // TODO: Make this configurable via options.
+
+	trackAdmission := func(key uint64) {
+		if c.Metrics == nil {
+			return
+		}
+		startTs[key] = time.Now()
+		if len(startTs) > numToKeep {
+			for k := range startTs {
+				if len(startTs) <= numToKeep {
+					break
+				}
+				delete(startTs, k)
+			}
+		}
+	}
+	onEvict := func(i *Item) {
+		if ts, has := startTs[i.Key]; has {
+			c.Metrics.trackEviction(int64(time.Since(ts) / time.Second))
+			delete(startTs, i.Key)
+		}
+		if c.onEvict != nil {
+			c.onEvict(i)
+		}
+	}
+
+	for {
+		select {
+		case i := <-c.setBuf:
+			if i.wg != nil {
+				i.wg.Done()
+				continue
+			}
+			// Calculate item cost value if new or update.
+			if i.Cost == 0 && c.cost != nil && i.flag != itemDelete {
+				i.Cost = c.cost(i.Value)
+			}
+			if !c.ignoreInternalCost {
+				// Add the cost of internally storing the object.
+				i.Cost += itemSize
+			}
+
+			switch i.flag {
+			case itemNew:
+				victims, added := c.policy.Add(i.Key, i.Cost)
+				if added {
+					c.store.Set(i)
+					c.Metrics.add(keyAdd, i.Key, 1)
+					trackAdmission(i.Key)
+				} else {
+					c.onReject(i)
+				}
+				for _, victim := range victims {
+					victim.Conflict, victim.Value = c.store.Del(victim.Key, 0)
+					onEvict(victim)
+				}
+
+			case itemUpdate:
+				c.policy.Update(i.Key, i.Cost)
+
+			case itemDelete:
+				c.policy.Del(i.Key) // Deals with metrics updates.
+				_, val := c.store.Del(i.Key, i.Conflict)
+				c.onExit(val)
+			}
+		case <-c.cleanupTicker.C:
+			c.store.Cleanup(c.policy, onEvict)
+		case <-c.stop:
+			return
+		}
+	}
+}
diff --git a/vendor/github.com/outcaste-io/ristretto/metrics.go b/vendor/github.com/outcaste-io/ristretto/metrics.go
new file mode 100644
index 000000000..c2db77fad
--- /dev/null
+++ b/vendor/github.com/outcaste-io/ristretto/metrics.go
@@ -0,0 +1,249 @@
+/*
+ * Copyright 2021 Dgraph Labs, Inc. and Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package ristretto
+
+import (
+	"bytes"
+	"fmt"
+	"sync"
+	"sync/atomic"
+
+	"github.com/outcaste-io/ristretto/z"
+)
+
+type metricType int
+
+const (
+	// The following 2 keep track of hits and misses.
+	hit = iota
+	miss
+	// The following 3 keep track of number of keys added, updated and evicted.
+	keyAdd
+	keyUpdate
+	keyEvict
+	// The following 2 keep track of cost of keys added and evicted.
+	costAdd
+	costEvict
+	// The following keep track of how many sets were dropped or rejected later.
+	dropSets
+	rejectSets
+	// The following 2 keep track of how many gets were kept and dropped on the
+	// floor.
+	dropGets
+	keepGets
+	// This should be the final enum. Other enums should be set before this.
+	doNotUse
+)
+
+func stringFor(t metricType) string {
+	switch t {
+	case hit:
+		return "hit"
+	case miss:
+		return "miss"
+	case keyAdd:
+		return "keys-added"
+	case keyUpdate:
+		return "keys-updated"
+	case keyEvict:
+		return "keys-evicted"
+	case costAdd:
+		return "cost-added"
+	case costEvict:
+		return "cost-evicted"
+	case dropSets:
+		return "sets-dropped"
+	case rejectSets:
+		return "sets-rejected" // by policy.
+	case dropGets:
+		return "gets-dropped"
+	case keepGets:
+		return "gets-kept"
+	default:
+		return "unidentified"
+	}
+}
+
+// Metrics is a snapshot of performance statistics for the lifetime of a cache instance.
+type Metrics struct {
+	all [doNotUse][]*uint64
+
+	mu   sync.RWMutex
+	life *z.HistogramData // Tracks the life expectancy of a key.
+}
+
+// collectMetrics just creates a new *Metrics instance and adds the pointers
+// to the cache and policy instances.
+func (c *Cache) collectMetrics() {
+	c.Metrics = newMetrics()
+	c.policy.CollectMetrics(c.Metrics)
+}
+
+func newMetrics() *Metrics {
+	s := &Metrics{
+		life: z.NewHistogramData(z.HistogramBounds(1, 16)),
+	}
+	for i := 0; i < doNotUse; i++ {
+		s.all[i] = make([]*uint64, 256)
+		slice := s.all[i]
+		for j := range slice {
+			slice[j] = new(uint64)
+		}
+	}
+	return s
+}
+
+func (p *Metrics) add(t metricType, hash, delta uint64) {
+	if p == nil {
+		return
+	}
+	valp := p.all[t]
+	// Avoid false sharing by padding at least 64 bytes of space between two
+	// atomic counters which would be incremented.
+	idx := (hash % 25) * 10
+	atomic.AddUint64(valp[idx], delta)
+}
+
+func (p *Metrics) get(t metricType) uint64 {
+	if p == nil {
+		return 0
+	}
+	valp := p.all[t]
+	var total uint64
+	for i := range valp {
+		total += atomic.LoadUint64(valp[i])
+	}
+	return total
+}
+
+// Hits is the number of Get calls where a value was found for the corresponding key.
+func (p *Metrics) Hits() uint64 {
+	return p.get(hit)
+}
+
+// Misses is the number of Get calls where a value was not found for the corresponding key.
+func (p *Metrics) Misses() uint64 {
+	return p.get(miss)
+}
+
+// KeysAdded is the total number of Set calls where a new key-value item was added.
+func (p *Metrics) KeysAdded() uint64 {
+	return p.get(keyAdd)
+}
+
+// KeysUpdated is the total number of Set calls where the value was updated.
+func (p *Metrics) KeysUpdated() uint64 {
+	return p.get(keyUpdate)
+}
+
+// KeysEvicted is the total number of keys evicted.
+func (p *Metrics) KeysEvicted() uint64 {
+	return p.get(keyEvict)
+}
+
+// CostAdded is the sum of costs that have been added (successful Set calls).
+func (p *Metrics) CostAdded() uint64 {
+	return p.get(costAdd)
+}
+
+// CostEvicted is the sum of all costs that have been evicted.
+func (p *Metrics) CostEvicted() uint64 {
+	return p.get(costEvict)
+}
+
+// SetsDropped is the number of Set calls that don't make it into internal
+// buffers (due to contention or some other reason).
+func (p *Metrics) SetsDropped() uint64 {
+	return p.get(dropSets)
+}
+
+// SetsRejected is the number of Set calls rejected by the policy (TinyLFU).
+func (p *Metrics) SetsRejected() uint64 {
+	return p.get(rejectSets)
+}
+
+// GetsDropped is the number of Get counter increments that are dropped
+// internally.
+func (p *Metrics) GetsDropped() uint64 {
+	return p.get(dropGets)
+}
+
+// GetsKept is the number of Get counter increments that are kept.
+func (p *Metrics) GetsKept() uint64 {
+	return p.get(keepGets)
+}
+
+// Ratio is the number of Hits over all accesses (Hits + Misses). This is the
+// percentage of successful Get calls.
+func (p *Metrics) Ratio() float64 {
+	if p == nil {
+		return 0.0
+	}
+	hits, misses := p.get(hit), p.get(miss)
+	if hits == 0 && misses == 0 {
+		return 0.0
+	}
+	return float64(hits) / float64(hits+misses)
+}
+
+func (p *Metrics) trackEviction(numSeconds int64) {
+	if p == nil {
+		return
+	}
+	p.mu.Lock()
+	defer p.mu.Unlock()
+	p.life.Update(numSeconds)
+}
+
+func (p *Metrics) LifeExpectancySeconds() *z.HistogramData {
+	if p == nil {
+		return nil
+	}
+	p.mu.RLock()
+	defer p.mu.RUnlock()
+	return p.life.Copy()
+}
+
+// Clear resets all the metrics.
+func (p *Metrics) Clear() {
+	if p == nil {
+		return
+	}
+	for i := 0; i < doNotUse; i++ {
+		for j := range p.all[i] {
+			atomic.StoreUint64(p.all[i][j], 0)
+		}
+	}
+	p.mu.Lock()
+	p.life = z.NewHistogramData(z.HistogramBounds(1, 16))
+	p.mu.Unlock()
+}
+
+// String returns a string representation of the metrics.
+func (p *Metrics) String() string {
+	if p == nil {
+		return ""
+	}
+	var buf bytes.Buffer
+	for i := 0; i < doNotUse; i++ {
+		t := metricType(i)
+		fmt.Fprintf(&buf, "%s: %d ", stringFor(t), p.get(t))
+	}
+	fmt.Fprintf(&buf, "gets-total: %d ", p.get(hit)+p.get(miss))
+	fmt.Fprintf(&buf, "hit-ratio: %.2f", p.Ratio())
+	return buf.String()
+}
diff --git a/vendor/github.com/outcaste-io/ristretto/policy.go b/vendor/github.com/outcaste-io/ristretto/policy.go
new file mode 100644
index 000000000..58a65f993
--- /dev/null
+++ b/vendor/github.com/outcaste-io/ristretto/policy.go
@@ -0,0 +1,388 @@
+/*
+ * Copyright 2020 Dgraph Labs, Inc. and Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package ristretto
+
+import (
+	"math"
+	"sync"
+	"sync/atomic"
+
+	"github.com/outcaste-io/ristretto/z"
+)
+
+const (
+	// lfuSample is the number of items to sample when looking at eviction
+	// candidates. 5 seems to be the most optimal number [citation needed].
+	lfuSample = 5
+)
+
+// lfuPolicy encapsulates eviction/admission behavior.
+type lfuPolicy struct {
+	sync.Mutex
+	admit    *tinyLFU
+	costs    *keyCosts
+	itemsCh  chan []uint64
+	stop     chan struct{}
+	isClosed bool
+	metrics  *Metrics
+}
+
+func newPolicy(numCounters, maxCost int64) *lfuPolicy {
+	p := &lfuPolicy{
+		admit:   newTinyLFU(numCounters),
+		costs:   newSampledLFU(maxCost),
+		itemsCh: make(chan []uint64, 3),
+		stop:    make(chan struct{}),
+	}
+	go p.processItems()
+	return p
+}
+
+func (p *lfuPolicy) CollectMetrics(metrics *Metrics) {
+	p.metrics = metrics
+	p.costs.metrics = metrics
+}
+
+type policyPair struct {
+	key  uint64
+	cost int64
+}
+
+func (p *lfuPolicy) processItems() {
+	for {
+		select {
+		case items := <-p.itemsCh:
+			p.Lock()
+			p.admit.Push(items)
+			p.Unlock()
+		case <-p.stop:
+			return
+		}
+	}
+}
+
+func (p *lfuPolicy) Push(keys []uint64) bool {
+	if p.isClosed {
+		return false
+	}
+
+	if len(keys) == 0 {
+		return true
+	}
+
+	select {
+	case p.itemsCh <- keys:
+		p.metrics.add(keepGets, keys[0], uint64(len(keys)))
+		return true
+	default:
+		p.metrics.add(dropGets, keys[0], uint64(len(keys)))
+		return false
+	}
+}
+
+// Add decides whether the item with the given key and cost should be accepted by
+// the policy. It returns the list of victims that have been evicted and a boolean
+// indicating whether the incoming item should be accepted.
+func (p *lfuPolicy) Add(key uint64, cost int64) ([]*Item, bool) {
+	p.Lock()
+	defer p.Unlock()
+
+	// Cannot add an item bigger than entire cache.
+	if cost > p.costs.getMaxCost() {
+		return nil, false
+	}
+
+	// No need to go any further if the item is already in the cache.
+	if has := p.costs.updateIfHas(key, cost); has {
+		// An update does not count as an addition, so return false.
+		return nil, false
+	}
+
+	// If the execution reaches this point, the key doesn't exist in the cache.
+	// Calculate the remaining room in the cache (usually bytes).
+	room := p.costs.roomLeft(cost)
+	if room >= 0 {
+		// There's enough room in the cache to store the new item without
+		// overflowing. Do that now and stop here.
+		p.costs.add(key, cost)
+		p.metrics.add(costAdd, key, uint64(cost))
+		return nil, true
+	}
+
+	// incHits is the hit count for the incoming item.
+	incHits := p.admit.Estimate(key)
+	// sample is the eviction candidate pool to be filled via random sampling.
+	// TODO: perhaps we should use a min heap here. Right now our time
+	// complexity is N for finding the min. Min heap should bring it down to
+	// O(lg N).
+	sample := make([]*policyPair, 0, lfuSample)
+	// As items are evicted they will be appended to victims.
+	victims := make([]*Item, 0)
+
+	// Delete victims until there's enough space or a minKey is found that has
+	// more hits than incoming item.
+	for ; room < 0; room = p.costs.roomLeft(cost) {
+		// Fill up empty slots in sample.
+		sample = p.costs.fillSample(sample)
+
+		// Find minimally used item in sample.
+		minKey, minHits, minId, minCost := uint64(0), int64(math.MaxInt64), 0, int64(0)
+		for i, pair := range sample {
+			// Look up hit count for sample key.
+			if hits := p.admit.Estimate(pair.key); hits < minHits {
+				minKey, minHits, minId, minCost = pair.key, hits, i, pair.cost
+			}
+		}
+
+		// If the incoming item isn't worth keeping in the policy, reject.
+		if incHits < minHits {
+			p.metrics.add(rejectSets, key, 1)
+			return victims, false
+		}
+
+		// Delete the victim from metadata.
+		p.costs.del(minKey)
+
+		// Delete the victim from sample.
+		sample[minId] = sample[len(sample)-1]
+		sample = sample[:len(sample)-1]
+		// Store victim in evicted victims slice.
+		victims = append(victims, &Item{
+			Key:      minKey,
+			Conflict: 0,
+			Cost:     minCost,
+		})
+	}
+
+	p.costs.add(key, cost)
+	p.metrics.add(costAdd, key, uint64(cost))
+	return victims, true
+}
+
+func (p *lfuPolicy) Has(key uint64) bool {
+	p.Lock()
+	_, exists := p.costs.keyCosts[key]
+	p.Unlock()
+	return exists
+}
+
+func (p *lfuPolicy) Del(key uint64) {
+	p.Lock()
+	p.costs.del(key)
+	p.Unlock()
+}
+
+func (p *lfuPolicy) Cap() int64 {
+	p.Lock()
+	capacity := int64(p.costs.getMaxCost() - p.costs.used)
+	p.Unlock()
+	return capacity
+}
+
+func (p *lfuPolicy) Update(key uint64, cost int64) {
+	p.Lock()
+	p.costs.updateIfHas(key, cost)
+	p.Unlock()
+}
+
+func (p *lfuPolicy) Cost(key uint64) int64 {
+	p.Lock()
+	if cost, found := p.costs.keyCosts[key]; found {
+		p.Unlock()
+		return cost
+	}
+	p.Unlock()
+	return -1
+}
+
+func (p *lfuPolicy) Clear() {
+	p.Lock()
+	p.admit.clear()
+	p.costs.clear()
+	p.Unlock()
+}
+
+func (p *lfuPolicy) Close() {
+	if p.isClosed {
+		return
+	}
+
+	// Block until the p.processItems goroutine returns.
+	p.stop <- struct{}{}
+	close(p.stop)
+	close(p.itemsCh)
+	p.isClosed = true
+}
+
+func (p *lfuPolicy) MaxCost() int64 {
+	if p == nil || p.costs == nil {
+		return 0
+	}
+	return p.costs.getMaxCost()
+}
+
+func (p *lfuPolicy) UpdateMaxCost(maxCost int64) {
+	if p == nil || p.costs == nil {
+		return
+	}
+	p.costs.updateMaxCost(maxCost)
+}
+
+// keyCosts stores key-cost pairs.
+type keyCosts struct {
+	// NOTE: align maxCost to 64-bit boundary for use with atomic.
+	// As per https://golang.org/pkg/sync/atomic/: "On ARM, x86-32,
+	// and 32-bit MIPS, it is the caller’s responsibility to arrange
+	// for 64-bit alignment of 64-bit words accessed atomically.
+	// The first word in a variable or in an allocated struct, array,
+	// or slice can be relied upon to be 64-bit aligned."
+	maxCost  int64
+	used     int64
+	metrics  *Metrics
+	keyCosts map[uint64]int64
+}
+
+func newSampledLFU(maxCost int64) *keyCosts {
+	return &keyCosts{
+		keyCosts: make(map[uint64]int64),
+		maxCost:  maxCost,
+	}
+}
+
+func (p *keyCosts) getMaxCost() int64 {
+	return atomic.LoadInt64(&p.maxCost)
+}
+
+func (p *keyCosts) updateMaxCost(maxCost int64) {
+	atomic.StoreInt64(&p.maxCost, maxCost)
+}
+
+func (p *keyCosts) roomLeft(cost int64) int64 {
+	return p.getMaxCost() - (p.used + cost)
+}
+
+func (p *keyCosts) fillSample(in []*policyPair) []*policyPair {
+	if len(in) >= lfuSample {
+		return in
+	}
+	for key, cost := range p.keyCosts {
+		in = append(in, &policyPair{key, cost})
+		if len(in) >= lfuSample {
+			return in
+		}
+	}
+	return in
+}
+
+func (p *keyCosts) del(key uint64) {
+	cost, ok := p.keyCosts[key]
+	if !ok {
+		return
+	}
+	p.used -= cost
+	delete(p.keyCosts, key)
+	p.metrics.add(costEvict, key, uint64(cost))
+	p.metrics.add(keyEvict, key, 1)
+}
+
+func (p *keyCosts) add(key uint64, cost int64) {
+	p.keyCosts[key] = cost
+	p.used += cost
+}
+
+func (p *keyCosts) updateIfHas(key uint64, cost int64) bool {
+	if prev, found := p.keyCosts[key]; found {
+		// Update the cost of an existing key, but don't worry about evicting.
+		// Evictions will be handled the next time a new item is added.
+		p.metrics.add(keyUpdate, key, 1)
+		if prev > cost {
+			diff := prev - cost
+			p.metrics.add(costAdd, key, ^uint64(uint64(diff)-1))
+		} else if cost > prev {
+			diff := cost - prev
+			p.metrics.add(costAdd, key, uint64(diff))
+		}
+		p.used += cost - prev
+		p.keyCosts[key] = cost
+		return true
+	}
+	return false
+}
+
+func (p *keyCosts) clear() {
+	p.used = 0
+	p.keyCosts = make(map[uint64]int64)
+}
+
+// tinyLFU is an admission helper that keeps track of access frequency using
+// tiny (4-bit) counters in the form of a count-min sketch.
+// tinyLFU is NOT thread safe.
+type tinyLFU struct {
+	freq    *cmSketch
+	door    *z.Bloom
+	incrs   int64
+	resetAt int64
+}
+
+func newTinyLFU(numCounters int64) *tinyLFU {
+	return &tinyLFU{
+		freq:    newCmSketch(numCounters),
+		door:    z.NewBloomFilter(float64(numCounters), 0.01),
+		resetAt: numCounters,
+	}
+}
+
+func (p *tinyLFU) Push(keys []uint64) {
+	for _, key := range keys {
+		p.Increment(key)
+	}
+}
+
+func (p *tinyLFU) Estimate(key uint64) int64 {
+	hits := p.freq.Estimate(key)
+	if p.door.Has(key) {
+		hits++
+	}
+	return hits
+}
+
+func (p *tinyLFU) Increment(key uint64) {
+	// Flip doorkeeper bit if not already done.
+	if added := p.door.AddIfNotHas(key); !added {
+		// Increment count-min counter if doorkeeper bit is already set.
+		p.freq.Increment(key)
+	}
+	p.incrs++
+	if p.incrs >= p.resetAt {
+		p.reset()
+	}
+}
+
+func (p *tinyLFU) reset() {
+	// Zero out incrs.
+	p.incrs = 0
+	// clears doorkeeper bits
+	p.door.Clear()
+	// halves count-min counters
+	p.freq.Reset()
+}
+
+func (p *tinyLFU) clear() {
+	p.incrs = 0
+	p.door.Clear()
+	p.freq.Clear()
+}
diff --git a/vendor/github.com/outcaste-io/ristretto/ring.go b/vendor/github.com/outcaste-io/ristretto/ring.go
new file mode 100644
index 000000000..5dbed4cc5
--- /dev/null
+++ b/vendor/github.com/outcaste-io/ristretto/ring.go
@@ -0,0 +1,91 @@
+/*
+ * Copyright 2019 Dgraph Labs, Inc. and Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package ristretto
+
+import (
+	"sync"
+)
+
+// ringConsumer is the user-defined object responsible for receiving and
+// processing items in batches when buffers are drained.
+type ringConsumer interface {
+	Push([]uint64) bool
+}
+
+// ringStripe is a singular ring buffer that is not concurrent safe.
+type ringStripe struct {
+	cons ringConsumer
+	data []uint64
+	capa int
+}
+
+func newRingStripe(cons ringConsumer, capa int64) *ringStripe {
+	return &ringStripe{
+		cons: cons,
+		data: make([]uint64, 0, capa),
+		capa: int(capa),
+	}
+}
+
+// Push appends an item in the ring buffer and drains (copies items and
+// sends to Consumer) if full.
+func (s *ringStripe) Push(item uint64) {
+	s.data = append(s.data, item)
+	// Decide if the ring buffer should be drained.
+	if len(s.data) >= s.capa {
+		// Send elements to consumer and create a new ring stripe.
+		if s.cons.Push(s.data) {
+			s.data = make([]uint64, 0, s.capa)
+		} else {
+			s.data = s.data[:0]
+		}
+	}
+}
+
+// ringBuffer stores multiple buffers (stripes) and distributes Pushed items
+// between them to lower contention.
+//
+// This implements the "batching" process described in the BP-Wrapper paper
+// (section III part A).
+type ringBuffer struct {
+	pool *sync.Pool
+}
+
+// newRingBuffer returns a striped ring buffer. The Consumer in ringConfig will
+// be called when individual stripes are full and need to drain their elements.
+func newRingBuffer(cons ringConsumer, capa int64) *ringBuffer {
+	// LOSSY buffers use a very simple sync.Pool for concurrently reusing
+	// stripes. We do lose some stripes due to GC (unheld items in sync.Pool
+	// are cleared), but the performance gains generally outweigh the small
+	// percentage of elements lost. The performance primarily comes from
+	// low-level runtime functions used in the standard library that aren't
+	// available to us (such as runtime_procPin()).
+	return &ringBuffer{
+		pool: &sync.Pool{
+			New: func() interface{} { return newRingStripe(cons, capa) },
+		},
+	}
+}
+
+// Push adds an element to one of the internal stripes and possibly drains if
+// the stripe becomes full.
+func (b *ringBuffer) Push(item uint64) {
+	// Reuse or create a new stripe.
+	stripe := b.pool.Get().(*ringStripe)
+	stripe.Push(item)
+	b.pool.Put(stripe)
+}
diff --git a/vendor/github.com/outcaste-io/ristretto/sketch.go b/vendor/github.com/outcaste-io/ristretto/sketch.go
new file mode 100644
index 000000000..10f414689
--- /dev/null
+++ b/vendor/github.com/outcaste-io/ristretto/sketch.go
@@ -0,0 +1,155 @@
+/*
+ * Copyright 2019 Dgraph Labs, Inc. and Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+// This package includes multiple probabalistic data structures needed for
+// admission/eviction metadata. Most are Counting Bloom Filter variations, but
+// a caching-specific feature that is also required is a "freshness" mechanism,
+// which basically serves as a "lifetime" process. This freshness mechanism
+// was described in the original TinyLFU paper [1], but other mechanisms may
+// be better suited for certain data distributions.
+//
+// [1]: https://arxiv.org/abs/1512.00727
+package ristretto
+
+import (
+	"fmt"
+	"math/rand"
+	"time"
+)
+
+// cmSketch is a Count-Min sketch implementation with 4-bit counters, heavily
+// based on Damian Gryski's CM4 [1].
+//
+// [1]: https://github.com/dgryski/go-tinylfu/blob/master/cm4.go
+type cmSketch struct {
+	rows [cmDepth]cmRow
+	seed [cmDepth]uint64
+	mask uint64
+}
+
+const (
+	// cmDepth is the number of counter copies to store (think of it as rows).
+	cmDepth = 4
+)
+
+func newCmSketch(numCounters int64) *cmSketch {
+	if numCounters == 0 {
+		panic("cmSketch: bad numCounters")
+	}
+	// Get the next power of 2 for better cache performance.
+	numCounters = next2Power(numCounters)
+	sketch := &cmSketch{mask: uint64(numCounters - 1)}
+	// Initialize rows of counters and seeds.
+	source := rand.New(rand.NewSource(time.Now().UnixNano()))
+	for i := 0; i < cmDepth; i++ {
+		sketch.seed[i] = source.Uint64()
+		sketch.rows[i] = newCmRow(numCounters)
+	}
+	return sketch
+}
+
+// Increment increments the count(ers) for the specified key.
+func (s *cmSketch) Increment(hashed uint64) {
+	for i := range s.rows {
+		s.rows[i].increment((hashed ^ s.seed[i]) & s.mask)
+	}
+}
+
+// Estimate returns the value of the specified key.
+func (s *cmSketch) Estimate(hashed uint64) int64 {
+	min := byte(255)
+	for i := range s.rows {
+		val := s.rows[i].get((hashed ^ s.seed[i]) & s.mask)
+		if val < min {
+			min = val
+		}
+	}
+	return int64(min)
+}
+
+// Reset halves all counter values.
+func (s *cmSketch) Reset() {
+	for _, r := range s.rows {
+		r.reset()
+	}
+}
+
+// Clear zeroes all counters.
+func (s *cmSketch) Clear() {
+	for _, r := range s.rows {
+		r.clear()
+	}
+}
+
+// cmRow is a row of bytes, with each byte holding two counters.
+type cmRow []byte
+
+func newCmRow(numCounters int64) cmRow {
+	return make(cmRow, numCounters/2)
+}
+
+func (r cmRow) get(n uint64) byte {
+	return byte(r[n/2]>>((n&1)*4)) & 0x0f
+}
+
+func (r cmRow) increment(n uint64) {
+	// Index of the counter.
+	i := n / 2
+	// Shift distance (even 0, odd 4).
+	s := (n & 1) * 4
+	// Counter value.
+	v := (r[i] >> s) & 0x0f
+	// Only increment if not max value (overflow wrap is bad for LFU).
+	if v < 15 {
+		r[i] += 1 << s
+	}
+}
+
+func (r cmRow) reset() {
+	// Halve each counter.
+	for i := range r {
+		r[i] = (r[i] >> 1) & 0x77
+	}
+}
+
+func (r cmRow) clear() {
+	// Zero each counter.
+	for i := range r {
+		r[i] = 0
+	}
+}
+
+func (r cmRow) string() string {
+	s := ""
+	for i := uint64(0); i < uint64(len(r)*2); i++ {
+		s += fmt.Sprintf("%02d ", (r[(i/2)]>>((i&1)*4))&0x0f)
+	}
+	s = s[:len(s)-1]
+	return s
+}
+
+// next2Power rounds x up to the next power of 2, if it's not already one.
+func next2Power(x int64) int64 {
+	x--
+	x |= x >> 1
+	x |= x >> 2
+	x |= x >> 4
+	x |= x >> 8
+	x |= x >> 16
+	x |= x >> 32
+	x++
+	return x
+}
diff --git a/vendor/github.com/outcaste-io/ristretto/store.go b/vendor/github.com/outcaste-io/ristretto/store.go
new file mode 100644
index 000000000..5d5395c8d
--- /dev/null
+++ b/vendor/github.com/outcaste-io/ristretto/store.go
@@ -0,0 +1,225 @@
+/*
+ * Copyright 2019 Dgraph Labs, Inc. and Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package ristretto
+
+import (
+	"sync"
+	"time"
+)
+
+// TODO: Do we need this to be a separate struct from Item?
+type storeItem struct {
+	key        uint64
+	conflict   uint64
+	value      interface{}
+	expiration time.Time
+}
+
+const numShards uint64 = 256
+
+type updateFn func(prev, cur interface{}) bool
+type shardedMap struct {
+	shards       []*lockedMap
+	expiryMap    *expirationMap
+	shouldUpdate func(prev, cur interface{}) bool
+}
+
+// newShardedMap is safe for concurrent usage.
+func newShardedMap(fn updateFn) *shardedMap {
+	sm := &shardedMap{
+		shards:    make([]*lockedMap, int(numShards)),
+		expiryMap: newExpirationMap(),
+	}
+	if fn == nil {
+		fn = func(prev, cur interface{}) bool {
+			return true
+		}
+	}
+	for i := range sm.shards {
+		sm.shards[i] = newLockedMap(fn, sm.expiryMap)
+	}
+	return sm
+}
+
+func (sm *shardedMap) Get(key, conflict uint64) (interface{}, bool) {
+	return sm.shards[key%numShards].get(key, conflict)
+}
+
+func (sm *shardedMap) Expiration(key uint64) time.Time {
+	return sm.shards[key%numShards].Expiration(key)
+}
+
+func (sm *shardedMap) Set(i *Item) {
+	if i == nil {
+		// If item is nil make this Set a no-op.
+		return
+	}
+
+	sm.shards[i.Key%numShards].Set(i)
+}
+
+func (sm *shardedMap) Del(key, conflict uint64) (uint64, interface{}) {
+	return sm.shards[key%numShards].Del(key, conflict)
+}
+
+func (sm *shardedMap) Update(newItem *Item) (interface{}, bool) {
+	return sm.shards[newItem.Key%numShards].Update(newItem)
+}
+
+func (sm *shardedMap) Cleanup(policy *lfuPolicy, onEvict itemCallback) {
+	sm.expiryMap.cleanup(sm, policy, onEvict)
+}
+
+func (sm *shardedMap) Clear(onEvict itemCallback) {
+	for i := uint64(0); i < numShards; i++ {
+		sm.shards[i].Clear(onEvict)
+	}
+}
+
+type lockedMap struct {
+	sync.RWMutex
+	data         map[uint64]storeItem
+	em           *expirationMap
+	shouldUpdate updateFn
+}
+
+func newLockedMap(fn updateFn, em *expirationMap) *lockedMap {
+	return &lockedMap{
+		data:         make(map[uint64]storeItem),
+		em:           em,
+		shouldUpdate: fn,
+	}
+}
+
+func (m *lockedMap) get(key, conflict uint64) (interface{}, bool) {
+	m.RLock()
+	item, ok := m.data[key]
+	m.RUnlock()
+	if !ok {
+		return nil, false
+	}
+	if conflict != 0 && (conflict != item.conflict) {
+		return nil, false
+	}
+
+	// Handle expired items.
+	if !item.expiration.IsZero() && time.Now().After(item.expiration) {
+		return nil, false
+	}
+	return item.value, true
+}
+
+func (m *lockedMap) Expiration(key uint64) time.Time {
+	m.RLock()
+	defer m.RUnlock()
+	return m.data[key].expiration
+}
+
+func (m *lockedMap) Set(i *Item) {
+	if i == nil {
+		// If the item is nil make this Set a no-op.
+		return
+	}
+
+	m.Lock()
+	defer m.Unlock()
+	item, ok := m.data[i.Key]
+
+	if ok {
+		// The item existed already. We need to check the conflict key and reject the
+		// update if they do not match. Only after that the expiration map is updated.
+		if i.Conflict != 0 && (i.Conflict != item.conflict) {
+			return
+		}
+		if !m.shouldUpdate(item.value, i.Value) {
+			return
+		}
+		m.em.update(i.Key, i.Conflict, item.expiration, i.Expiration)
+	} else {
+		// The value is not in the map already. There's no need to return anything.
+		// Simply add the expiration map.
+		m.em.add(i.Key, i.Conflict, i.Expiration)
+	}
+
+	m.data[i.Key] = storeItem{
+		key:        i.Key,
+		conflict:   i.Conflict,
+		value:      i.Value,
+		expiration: i.Expiration,
+	}
+}
+
+func (m *lockedMap) Del(key, conflict uint64) (uint64, interface{}) {
+	m.Lock()
+	item, ok := m.data[key]
+	if !ok {
+		m.Unlock()
+		return 0, nil
+	}
+	if conflict != 0 && (conflict != item.conflict) {
+		m.Unlock()
+		return 0, nil
+	}
+
+	if !item.expiration.IsZero() {
+		m.em.del(key, item.expiration)
+	}
+
+	delete(m.data, key)
+	m.Unlock()
+	return item.conflict, item.value
+}
+
+func (m *lockedMap) Update(newItem *Item) (interface{}, bool) {
+	m.Lock()
+	defer m.Unlock()
+
+	item, ok := m.data[newItem.Key]
+	if !ok {
+		return nil, false
+	}
+	if newItem.Conflict != 0 && (newItem.Conflict != item.conflict) {
+		return nil, false
+	}
+	if !m.shouldUpdate(item.value, newItem.Value) {
+		return item.value, false
+	}
+
+	m.em.update(newItem.Key, newItem.Conflict, item.expiration, newItem.Expiration)
+	m.data[newItem.Key] = storeItem{
+		key:        newItem.Key,
+		conflict:   newItem.Conflict,
+		value:      newItem.Value,
+		expiration: newItem.Expiration,
+	}
+	return item.value, true
+}
+
+func (m *lockedMap) Clear(onEvict itemCallback) {
+	m.Lock()
+	i := &Item{}
+	if onEvict != nil {
+		for _, si := range m.data {
+			i.Key = si.key
+			i.Conflict = si.conflict
+			i.Value = si.value
+			onEvict(i)
+		}
+	}
+	m.data = make(map[uint64]storeItem)
+	m.Unlock()
+}
diff --git a/vendor/github.com/outcaste-io/ristretto/test.sh b/vendor/github.com/outcaste-io/ristretto/test.sh
new file mode 100644
index 000000000..99fdc99a3
--- /dev/null
+++ b/vendor/github.com/outcaste-io/ristretto/test.sh
@@ -0,0 +1,20 @@
+#! /bin/sh
+
+starttest() {
+	set -e
+	GO111MODULE=on go test -race ./...
+}
+
+if [ -z "${TEAMCITY_VERSION}" ]; then
+	# running locally, so start test in a container
+	# TEAMCITY_VERSION=local will avoid recursive calls, when it would be running in container
+	docker run --rm --name ristretto-test -ti \
+  		-v `pwd`:/go/src/github.com/outcaste-io/ristretto \
+  		--workdir /go/src/github.com/outcaste-io/ristretto \
+		--env TEAMCITY_VERSION=local \
+  		golang:1.16 \
+  		sh test.sh
+else
+	# running in teamcity, since teamcity itself run this in container, let's simply run this
+	starttest
+fi
diff --git a/vendor/github.com/outcaste-io/ristretto/ttl.go b/vendor/github.com/outcaste-io/ristretto/ttl.go
new file mode 100644
index 000000000..6e4bf38bf
--- /dev/null
+++ b/vendor/github.com/outcaste-io/ristretto/ttl.go
@@ -0,0 +1,155 @@
+/*
+ * Copyright 2020 Dgraph Labs, Inc. and Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package ristretto
+
+import (
+	"sync"
+	"time"
+)
+
+var (
+	// TODO: find the optimal value or make it configurable.
+	bucketDurationSecs = int64(5)
+)
+
+func storageBucket(t time.Time) int64 {
+	return (t.Unix() / bucketDurationSecs) + 1
+}
+
+func cleanupBucket(t time.Time) int64 {
+	// The bucket to cleanup is always behind the storage bucket by one so that
+	// no elements in that bucket (which might not have expired yet) are deleted.
+	return storageBucket(t) - 1
+}
+
+// bucket type is a map of key to conflict.
+type bucket map[uint64]uint64
+
+// expirationMap is a map of bucket number to the corresponding bucket.
+type expirationMap struct {
+	sync.RWMutex
+	buckets map[int64]bucket
+}
+
+func newExpirationMap() *expirationMap {
+	return &expirationMap{
+		buckets: make(map[int64]bucket),
+	}
+}
+
+func (m *expirationMap) add(key, conflict uint64, expiration time.Time) {
+	if m == nil {
+		return
+	}
+
+	// Items that don't expire don't need to be in the expiration map.
+	if expiration.IsZero() {
+		return
+	}
+
+	bucketNum := storageBucket(expiration)
+	m.Lock()
+	defer m.Unlock()
+
+	b, ok := m.buckets[bucketNum]
+	if !ok {
+		b = make(bucket)
+		m.buckets[bucketNum] = b
+	}
+	b[key] = conflict
+}
+
+func (m *expirationMap) update(key, conflict uint64, oldExpTime, newExpTime time.Time) {
+	if m == nil {
+		return
+	}
+	if oldExpTime.IsZero() && newExpTime.IsZero() {
+		return
+	}
+
+	m.Lock()
+	defer m.Unlock()
+
+	oldBucketNum := storageBucket(oldExpTime)
+	newBucketNum := storageBucket(newExpTime)
+	if oldBucketNum == newBucketNum {
+		// No change.
+		return
+	}
+
+	oldBucket, ok := m.buckets[oldBucketNum]
+	if ok {
+		delete(oldBucket, key)
+	}
+
+	newBucket, ok := m.buckets[newBucketNum]
+	if !ok {
+		newBucket = make(bucket)
+		m.buckets[newBucketNum] = newBucket
+	}
+	newBucket[key] = conflict
+}
+
+func (m *expirationMap) del(key uint64, expiration time.Time) {
+	if m == nil {
+		return
+	}
+
+	bucketNum := storageBucket(expiration)
+	m.Lock()
+	defer m.Unlock()
+	_, ok := m.buckets[bucketNum]
+	if !ok {
+		return
+	}
+	delete(m.buckets[bucketNum], key)
+}
+
+// cleanup removes all the items in the bucket that was just completed. It deletes
+// those items from the store, and calls the onEvict function on those items.
+// This function is meant to be called periodically.
+func (m *expirationMap) cleanup(store *shardedMap, policy *lfuPolicy, onEvict itemCallback) {
+	if m == nil {
+		return
+	}
+
+	m.Lock()
+	now := time.Now()
+	bucketNum := cleanupBucket(now)
+	keys := m.buckets[bucketNum]
+	delete(m.buckets, bucketNum)
+	m.Unlock()
+
+	for key, conflict := range keys {
+		// Sanity check. Verify that the store agrees that this key is expired.
+		if store.Expiration(key).After(now) {
+			continue
+		}
+
+		cost := policy.Cost(key)
+		policy.Del(key)
+		_, value := store.Del(key, conflict)
+
+		if onEvict != nil {
+			onEvict(&Item{Key: key,
+				Conflict: conflict,
+				Value:    value,
+				Cost:     cost,
+			})
+		}
+	}
+}
diff --git a/vendor/github.com/outcaste-io/ristretto/z/LICENSE b/vendor/github.com/outcaste-io/ristretto/z/LICENSE
new file mode 100644
index 000000000..0860cbfe8
--- /dev/null
+++ b/vendor/github.com/outcaste-io/ristretto/z/LICENSE
@@ -0,0 +1,64 @@
+bbloom.go
+
+// The MIT License (MIT)
+// Copyright (c) 2014 Andreas Briese, eduToolbox@Bri-C GmbH, Sarstedt
+
+// Permission is hereby granted, free of charge, to any person obtaining a copy of
+// this software and associated documentation files (the "Software"), to deal in
+// the Software without restriction, including without limitation the rights to
+// use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+// the Software, and to permit persons to whom the Software is furnished to do so,
+// subject to the following conditions:
+
+// The above copyright notice and this permission notice shall be included in all
+// copies or substantial portions of the Software.
+
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+// FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+// COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+// IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+// CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+rtutil.go
+
+// MIT License
+
+// Copyright (c) 2019 Ewan Chou
+
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files (the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions:
+
+// The above copyright notice and this permission notice shall be included in all
+// copies or substantial portions of the Software.
+
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+// SOFTWARE.
+
+Modifications:
+
+/*
+ * Copyright 2019 Dgraph Labs, Inc. and Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
diff --git a/vendor/github.com/outcaste-io/ristretto/z/README.md b/vendor/github.com/outcaste-io/ristretto/z/README.md
new file mode 100644
index 000000000..6d77e146e
--- /dev/null
+++ b/vendor/github.com/outcaste-io/ristretto/z/README.md
@@ -0,0 +1,129 @@
+## bbloom: a bitset Bloom filter for go/golang
+===
+
+package implements a fast bloom filter with real 'bitset' and JSONMarshal/JSONUnmarshal to store/reload the Bloom filter. 
+
+NOTE: the package uses unsafe.Pointer to set and read the bits from the bitset. If you're uncomfortable with using the unsafe package, please consider using my bloom filter package at github.com/AndreasBriese/bloom
+
+===
+
+changelog 11/2015: new thread safe methods AddTS(), HasTS(), AddIfNotHasTS() following a suggestion from Srdjan Marinovic (github @a-little-srdjan), who used this to code a bloomfilter cache.  
+
+This bloom filter was developed to strengthen a website-log database and was tested and optimized for this log-entry mask: "2014/%02i/%02i %02i:%02i:%02i /info.html". 
+Nonetheless bbloom should work with any other form of entries. 
+
+~~Hash function is a modified Berkeley DB sdbm hash (to optimize for smaller strings). sdbm  http://www.cse.yorku.ca/~oz/hash.html~~
+
+Found sipHash (SipHash-2-4, a fast short-input PRF created by Jean-Philippe Aumasson and Daniel J. Bernstein.) to be about as fast. sipHash had been ported by Dimtry Chestnyk to Go (github.com/dchest/siphash )
+
+Minimum hashset size is: 512 ([4]uint64; will be set automatically). 
+
+###install
+
+```sh
+go get github.com/AndreasBriese/bbloom
+```
+
+###test
++ change to folder ../bbloom 
++ create wordlist in file "words.txt" (you might use `python permut.py`)
++ run 'go test -bench=.' within the folder
+
+```go
+go test -bench=.
+```
+
+~~If you've installed the GOCONVEY TDD-framework http://goconvey.co/ you can run the tests automatically.~~
+
+using go's testing framework now (have in mind that the op timing is related to 65536 operations of Add, Has, AddIfNotHas respectively)
+
+### usage
+
+after installation add
+
+```go
+import (
+	...
+	"github.com/AndreasBriese/bbloom"
+	...
+	)
+```
+
+at your header. In the program use
+
+```go
+// create a bloom filter for 65536 items and 1 % wrong-positive ratio 
+bf := bbloom.New(float64(1<<16), float64(0.01))
+
+// or 
+// create a bloom filter with 650000 for 65536 items and 7 locs per hash explicitly
+// bf = bbloom.New(float64(650000), float64(7))
+// or
+bf = bbloom.New(650000.0, 7.0)
+
+// add one item
+bf.Add([]byte("butter"))
+
+// Number of elements added is exposed now 
+// Note: ElemNum will not be included in JSON export (for compatability to older version)
+nOfElementsInFilter := bf.ElemNum
+
+// check if item is in the filter
+isIn := bf.Has([]byte("butter"))    // should be true
+isNotIn := bf.Has([]byte("Butter")) // should be false
+
+// 'add only if item is new' to the bloomfilter
+added := bf.AddIfNotHas([]byte("butter"))    // should be false because 'butter' is already in the set
+added = bf.AddIfNotHas([]byte("buTTer"))    // should be true because 'buTTer' is new
+
+// thread safe versions for concurrent use: AddTS, HasTS, AddIfNotHasTS
+// add one item
+bf.AddTS([]byte("peanutbutter"))
+// check if item is in the filter
+isIn = bf.HasTS([]byte("peanutbutter"))    // should be true
+isNotIn = bf.HasTS([]byte("peanutButter")) // should be false
+// 'add only if item is new' to the bloomfilter
+added = bf.AddIfNotHasTS([]byte("butter"))    // should be false because 'peanutbutter' is already in the set
+added = bf.AddIfNotHasTS([]byte("peanutbuTTer"))    // should be true because 'penutbuTTer' is new
+
+// convert to JSON ([]byte) 
+Json := bf.JSONMarshal()
+
+// bloomfilters Mutex is exposed for external un-/locking
+// i.e. mutex lock while doing JSON conversion
+bf.Mtx.Lock()
+Json = bf.JSONMarshal()
+bf.Mtx.Unlock()
+
+// restore a bloom filter from storage 
+bfNew := bbloom.JSONUnmarshal(Json)
+
+isInNew := bfNew.Has([]byte("butter"))    // should be true
+isNotInNew := bfNew.Has([]byte("Butter")) // should be false
+
+```
+
+to work with the bloom filter.
+
+### why 'fast'? 
+
+It's about 3 times faster than William Fitzgeralds bitset bloom filter https://github.com/willf/bloom . And it is about so fast as my []bool set variant for Boom filters (see https://github.com/AndreasBriese/bloom ) but having a 8times smaller memory footprint: 
+
+	
+	Bloom filter (filter size 524288, 7 hashlocs)
+	github.com/AndreasBriese/bbloom 'Add' 65536 items (10 repetitions): 6595800 ns (100 ns/op)
+    github.com/AndreasBriese/bbloom 'Has' 65536 items (10 repetitions): 5986600 ns (91 ns/op)
+	github.com/AndreasBriese/bloom 'Add' 65536 items (10 repetitions): 6304684 ns (96 ns/op)
+	github.com/AndreasBriese/bloom 'Has' 65536 items (10 repetitions): 6568663 ns (100 ns/op)
+	
+	github.com/willf/bloom 'Add' 65536 items (10 repetitions): 24367224 ns (371 ns/op)
+	github.com/willf/bloom 'Test' 65536 items (10 repetitions): 21881142 ns (333 ns/op)
+	github.com/dataence/bloom/standard 'Add' 65536 items (10 repetitions): 23041644 ns (351 ns/op)
+	github.com/dataence/bloom/standard 'Check' 65536 items (10 repetitions): 19153133 ns (292 ns/op)
+	github.com/cabello/bloom 'Add' 65536 items (10 repetitions): 131921507 ns (2012 ns/op)
+	github.com/cabello/bloom 'Contains' 65536 items (10 repetitions): 131108962 ns (2000 ns/op)
+
+(on MBPro15 OSX10.8.5 i7 4Core 2.4Ghz)
+
+
+With 32bit bloom filters (bloom32) using modified sdbm, bloom32 does hashing with only 2 bit shifts, one xor and one substraction per byte. smdb is about as fast as fnv64a but gives less collisions with the dataset (see mask above). bloom.New(float64(10 * 1<<16),float64(7)) populated with 1<<16 random items from the dataset (see above) and tested against the rest results in less than 0.05% collisions.   
diff --git a/vendor/github.com/outcaste-io/ristretto/z/allocator.go b/vendor/github.com/outcaste-io/ristretto/z/allocator.go
new file mode 100644
index 000000000..db00ff5ec
--- /dev/null
+++ b/vendor/github.com/outcaste-io/ristretto/z/allocator.go
@@ -0,0 +1,403 @@
+/*
+ * Copyright 2020 Dgraph Labs, Inc. and Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package z
+
+import (
+	"bytes"
+	"fmt"
+	"math"
+	"math/bits"
+	"math/rand"
+	"strings"
+	"sync"
+	"sync/atomic"
+	"time"
+	"unsafe"
+
+	"github.com/dustin/go-humanize"
+)
+
+// Allocator amortizes the cost of small allocations by allocating memory in
+// bigger chunks.  Internally it uses z.Calloc to allocate memory. Once
+// allocated, the memory is not moved, so it is safe to use the allocated bytes
+// to unsafe cast them to Go struct pointers. Maintaining a freelist is slow.
+// Instead, Allocator only allocates memory, with the idea that finally we
+// would just release the entire Allocator.
+type Allocator struct {
+	sync.Mutex
+	compIdx uint64 // Stores bufIdx in 32 MSBs and posIdx in 32 LSBs.
+	buffers [][]byte
+	Ref     uint64
+	Tag     string
+}
+
+// allocs keeps references to all Allocators, so we can safely discard them later.
+var allocsMu *sync.Mutex
+var allocRef uint64
+var allocs map[uint64]*Allocator
+var calculatedLog2 []int
+
+func init() {
+	allocsMu = new(sync.Mutex)
+	allocs = make(map[uint64]*Allocator)
+
+	// Set up a unique Ref per process.
+	rand.Seed(time.Now().UnixNano())
+	allocRef = uint64(rand.Int63n(1<<16)) << 48
+
+	calculatedLog2 = make([]int, 1025)
+	for i := 1; i <= 1024; i++ {
+		calculatedLog2[i] = int(math.Log2(float64(i)))
+	}
+}
+
+// NewAllocator creates an allocator starting with the given size.
+func NewAllocator(sz int, tag string) *Allocator {
+	ref := atomic.AddUint64(&allocRef, 1)
+	// We should not allow a zero sized page because addBufferWithMinSize
+	// will run into an infinite loop trying to double the pagesize.
+	if sz < 512 {
+		sz = 512
+	}
+	a := &Allocator{
+		Ref:     ref,
+		buffers: make([][]byte, 64),
+		Tag:     tag,
+	}
+	l2 := uint64(log2(sz))
+	if bits.OnesCount64(uint64(sz)) > 1 {
+		l2 += 1
+	}
+	a.buffers[0] = Calloc(1<<l2, a.Tag)
+
+	allocsMu.Lock()
+	allocs[ref] = a
+	allocsMu.Unlock()
+	return a
+}
+
+func (a *Allocator) Reset() {
+	atomic.StoreUint64(&a.compIdx, 0)
+}
+
+func Allocators() string {
+	allocsMu.Lock()
+	tags := make(map[string]uint64)
+	num := make(map[string]int)
+	for _, ac := range allocs {
+		tags[ac.Tag] += ac.Allocated()
+		num[ac.Tag] += 1
+	}
+
+	var buf bytes.Buffer
+	for tag, sz := range tags {
+		fmt.Fprintf(&buf, "Tag: %s Num: %d Size: %s . ", tag, num[tag], humanize.IBytes(sz))
+	}
+	allocsMu.Unlock()
+	return buf.String()
+}
+
+func (a *Allocator) String() string {
+	var s strings.Builder
+	s.WriteString(fmt.Sprintf("Allocator: %x\n", a.Ref))
+	var cum int
+	for i, b := range a.buffers {
+		cum += len(b)
+		if len(b) == 0 {
+			break
+		}
+		s.WriteString(fmt.Sprintf("idx: %d len: %d cum: %d\n", i, len(b), cum))
+	}
+	pos := atomic.LoadUint64(&a.compIdx)
+	bi, pi := parse(pos)
+	s.WriteString(fmt.Sprintf("bi: %d pi: %d\n", bi, pi))
+	s.WriteString(fmt.Sprintf("Size: %d\n", a.Size()))
+	return s.String()
+}
+
+// AllocatorFrom would return the allocator corresponding to the ref.
+func AllocatorFrom(ref uint64) *Allocator {
+	allocsMu.Lock()
+	a := allocs[ref]
+	allocsMu.Unlock()
+	return a
+}
+
+func parse(pos uint64) (bufIdx, posIdx int) {
+	return int(pos >> 32), int(pos & 0xFFFFFFFF)
+}
+
+// Size returns the size of the allocations so far.
+func (a *Allocator) Size() int {
+	pos := atomic.LoadUint64(&a.compIdx)
+	bi, pi := parse(pos)
+	var sz int
+	for i, b := range a.buffers {
+		if i < bi {
+			sz += len(b)
+			continue
+		}
+		sz += pi
+		return sz
+	}
+	panic("Size should not reach here")
+}
+
+func log2(sz int) int {
+	if sz < len(calculatedLog2) {
+		return calculatedLog2[sz]
+	}
+	pow := 10
+	sz >>= 10
+	for sz > 1 {
+		sz >>= 1
+		pow++
+	}
+	return pow
+}
+
+func (a *Allocator) Allocated() uint64 {
+	var alloc int
+	for _, b := range a.buffers {
+		alloc += cap(b)
+	}
+	return uint64(alloc)
+}
+
+func (a *Allocator) TrimTo(max int) {
+	var alloc int
+	for i, b := range a.buffers {
+		if len(b) == 0 {
+			break
+		}
+		alloc += len(b)
+		if alloc < max {
+			continue
+		}
+		Free(b)
+		a.buffers[i] = nil
+	}
+}
+
+// Release would release the memory back. Remember to make this call to avoid memory leaks.
+func (a *Allocator) Release() {
+	if a == nil {
+		return
+	}
+
+	var alloc int
+	for _, b := range a.buffers {
+		if len(b) == 0 {
+			break
+		}
+		alloc += len(b)
+		Free(b)
+	}
+
+	allocsMu.Lock()
+	delete(allocs, a.Ref)
+	allocsMu.Unlock()
+}
+
+const maxAlloc = 1 << 30
+
+func (a *Allocator) MaxAlloc() int {
+	return maxAlloc
+}
+
+const nodeAlign = unsafe.Sizeof(uint64(0)) - 1
+
+func (a *Allocator) AllocateAligned(sz int) []byte {
+	tsz := sz + int(nodeAlign)
+	out := a.Allocate(tsz)
+	// We are reusing allocators. In that case, it's important to zero out the memory allocated
+	// here. We don't always zero it out (in Allocate), because other functions would be immediately
+	// overwriting the allocated slices anyway (see Copy).
+	ZeroOut(out, 0, len(out))
+
+	addr := uintptr(unsafe.Pointer(&out[0]))
+	aligned := (addr + nodeAlign) & ^nodeAlign
+	start := int(aligned - addr)
+
+	return out[start : start+sz]
+}
+
+func (a *Allocator) Copy(buf []byte) []byte {
+	if a == nil {
+		return append([]byte{}, buf...)
+	}
+	out := a.Allocate(len(buf))
+	copy(out, buf)
+	return out
+}
+
+func (a *Allocator) addBufferAt(bufIdx, minSz int) {
+	for {
+		if bufIdx >= len(a.buffers) {
+			panic(fmt.Sprintf("Allocator can not allocate more than %d buffers", len(a.buffers)))
+		}
+		if len(a.buffers[bufIdx]) == 0 {
+			break
+		}
+		if minSz <= len(a.buffers[bufIdx]) {
+			// No need to do anything. We already have a buffer which can satisfy minSz.
+			return
+		}
+		bufIdx++
+	}
+	assert(bufIdx > 0)
+	// We need to allocate a new buffer.
+	// Make pageSize double of the last allocation.
+	pageSize := 2 * len(a.buffers[bufIdx-1])
+	// Ensure pageSize is bigger than sz.
+	for pageSize < minSz {
+		pageSize *= 2
+	}
+	// If bigger than maxAlloc, trim to maxAlloc.
+	if pageSize > maxAlloc {
+		pageSize = maxAlloc
+	}
+
+	buf := Calloc(pageSize, a.Tag)
+	assert(len(a.buffers[bufIdx]) == 0)
+	a.buffers[bufIdx] = buf
+}
+
+func (a *Allocator) Allocate(sz int) []byte {
+	if a == nil {
+		return make([]byte, sz)
+	}
+	if sz > maxAlloc {
+		panic(fmt.Sprintf("Unable to allocate more than %d\n", maxAlloc))
+	}
+	if sz == 0 {
+		return nil
+	}
+	for {
+		pos := atomic.AddUint64(&a.compIdx, uint64(sz))
+		bufIdx, posIdx := parse(pos)
+		buf := a.buffers[bufIdx]
+		if posIdx > len(buf) {
+			a.Lock()
+			newPos := atomic.LoadUint64(&a.compIdx)
+			newBufIdx, _ := parse(newPos)
+			if newBufIdx != bufIdx {
+				a.Unlock()
+				continue
+			}
+			a.addBufferAt(bufIdx+1, sz)
+			atomic.StoreUint64(&a.compIdx, uint64((bufIdx+1)<<32))
+			a.Unlock()
+			// We added a new buffer. Let's acquire slice the right way by going back to the top.
+			continue
+		}
+		data := buf[posIdx-sz : posIdx]
+		return data
+	}
+}
+
+type AllocatorPool struct {
+	numGets int64
+	allocCh chan *Allocator
+	closer  *Closer
+}
+
+func NewAllocatorPool(sz int) *AllocatorPool {
+	a := &AllocatorPool{
+		allocCh: make(chan *Allocator, sz),
+		closer:  NewCloser(1),
+	}
+	go a.freeupAllocators()
+	return a
+}
+
+func (p *AllocatorPool) Get(sz int, tag string) *Allocator {
+	if p == nil {
+		return NewAllocator(sz, tag)
+	}
+	atomic.AddInt64(&p.numGets, 1)
+	select {
+	case alloc := <-p.allocCh:
+		alloc.Reset()
+		alloc.Tag = tag
+		return alloc
+	default:
+		return NewAllocator(sz, tag)
+	}
+}
+func (p *AllocatorPool) Return(a *Allocator) {
+	if a == nil {
+		return
+	}
+	if p == nil {
+		a.Release()
+		return
+	}
+	a.TrimTo(400 << 20)
+
+	select {
+	case p.allocCh <- a:
+		return
+	default:
+		a.Release()
+	}
+}
+
+func (p *AllocatorPool) Release() {
+	if p == nil {
+		return
+	}
+	p.closer.SignalAndWait()
+}
+
+func (p *AllocatorPool) freeupAllocators() {
+	defer p.closer.Done()
+
+	ticker := time.NewTicker(2 * time.Second)
+	defer ticker.Stop()
+
+	releaseOne := func() bool {
+		select {
+		case alloc := <-p.allocCh:
+			alloc.Release()
+			return true
+		default:
+			return false
+		}
+	}
+
+	var last int64
+	for {
+		select {
+		case <-p.closer.HasBeenClosed():
+			close(p.allocCh)
+			for alloc := range p.allocCh {
+				alloc.Release()
+			}
+			return
+
+		case <-ticker.C:
+			gets := atomic.LoadInt64(&p.numGets)
+			if gets != last {
+				// Some retrievals were made since the last time. So, let's avoid doing a release.
+				last = gets
+				continue
+			}
+			releaseOne()
+		}
+	}
+}
diff --git a/vendor/github.com/outcaste-io/ristretto/z/bbloom.go b/vendor/github.com/outcaste-io/ristretto/z/bbloom.go
new file mode 100644
index 000000000..4d657e4e1
--- /dev/null
+++ b/vendor/github.com/outcaste-io/ristretto/z/bbloom.go
@@ -0,0 +1,209 @@
+// The MIT License (MIT)
+// Copyright (c) 2014 Andreas Briese, eduToolbox@Bri-C GmbH, Sarstedt
+
+// Permission is hereby granted, free of charge, to any person obtaining a copy of
+// this software and associated documentation files (the "Software"), to deal in
+// the Software without restriction, including without limitation the rights to
+// use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+// the Software, and to permit persons to whom the Software is furnished to do so,
+// subject to the following conditions:
+
+// The above copyright notice and this permission notice shall be included in all
+// copies or substantial portions of the Software.
+
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+// FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+// COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+// IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+// CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+package z
+
+import (
+	"bytes"
+	"encoding/json"
+	"math"
+	"unsafe"
+)
+
+// helper
+var mask = []uint8{1, 2, 4, 8, 16, 32, 64, 128}
+
+func getSize(ui64 uint64) (size uint64, exponent uint64) {
+	if ui64 < uint64(512) {
+		ui64 = uint64(512)
+	}
+	size = uint64(1)
+	for size < ui64 {
+		size <<= 1
+		exponent++
+	}
+	return size, exponent
+}
+
+func calcSizeByWrongPositives(numEntries, wrongs float64) (uint64, uint64) {
+	size := -1 * numEntries * math.Log(wrongs) / math.Pow(float64(0.69314718056), 2)
+	locs := math.Ceil(float64(0.69314718056) * size / numEntries)
+	return uint64(size), uint64(locs)
+}
+
+// NewBloomFilter returns a new bloomfilter.
+func NewBloomFilter(params ...float64) (bloomfilter *Bloom) {
+	var entries, locs uint64
+	if len(params) == 2 {
+		if params[1] < 1 {
+			entries, locs = calcSizeByWrongPositives(params[0], params[1])
+		} else {
+			entries, locs = uint64(params[0]), uint64(params[1])
+		}
+	} else {
+		fatal("usage: New(float64(number_of_entries), float64(number_of_hashlocations))" +
+			" i.e. New(float64(1000), float64(3)) or New(float64(number_of_entries)," +
+			" float64(number_of_hashlocations)) i.e. New(float64(1000), float64(0.03))")
+	}
+	size, exponent := getSize(entries)
+	bloomfilter = &Bloom{
+		sizeExp: exponent,
+		size:    size - 1,
+		setLocs: locs,
+		shift:   64 - exponent,
+	}
+	bloomfilter.Size(size)
+	return bloomfilter
+}
+
+// Bloom filter
+type Bloom struct {
+	bitset  []uint64
+	ElemNum uint64
+	sizeExp uint64
+	size    uint64
+	setLocs uint64
+	shift   uint64
+}
+
+// <--- http://www.cse.yorku.ca/~oz/hash.html
+// modified Berkeley DB Hash (32bit)
+// hash is casted to l, h = 16bit fragments
+// func (bl Bloom) absdbm(b *[]byte) (l, h uint64) {
+// 	hash := uint64(len(*b))
+// 	for _, c := range *b {
+// 		hash = uint64(c) + (hash << 6) + (hash << bl.sizeExp) - hash
+// 	}
+// 	h = hash >> bl.shift
+// 	l = hash << bl.shift >> bl.shift
+// 	return l, h
+// }
+
+// Add adds hash of a key to the bloomfilter.
+func (bl *Bloom) Add(hash uint64) {
+	h := hash >> bl.shift
+	l := hash << bl.shift >> bl.shift
+	for i := uint64(0); i < bl.setLocs; i++ {
+		bl.Set((h + i*l) & bl.size)
+		bl.ElemNum++
+	}
+}
+
+// Has checks if bit(s) for entry hash is/are set,
+// returns true if the hash was added to the Bloom Filter.
+func (bl Bloom) Has(hash uint64) bool {
+	h := hash >> bl.shift
+	l := hash << bl.shift >> bl.shift
+	for i := uint64(0); i < bl.setLocs; i++ {
+		if !bl.IsSet((h + i*l) & bl.size) {
+			return false
+		}
+	}
+	return true
+}
+
+// AddIfNotHas only Adds hash, if it's not present in the bloomfilter.
+// Returns true if hash was added.
+// Returns false if hash was already registered in the bloomfilter.
+func (bl *Bloom) AddIfNotHas(hash uint64) bool {
+	if bl.Has(hash) {
+		return false
+	}
+	bl.Add(hash)
+	return true
+}
+
+// TotalSize returns the total size of the bloom filter.
+func (bl *Bloom) TotalSize() int {
+	// The bl struct has 5 members and each one is 8 byte. The bitset is a
+	// uint64 byte slice.
+	return len(bl.bitset)*8 + 5*8
+}
+
+// Size makes Bloom filter with as bitset of size sz.
+func (bl *Bloom) Size(sz uint64) {
+	bl.bitset = make([]uint64, sz>>6)
+}
+
+// Clear resets the Bloom filter.
+func (bl *Bloom) Clear() {
+	for i := range bl.bitset {
+		bl.bitset[i] = 0
+	}
+}
+
+// Set sets the bit[idx] of bitset.
+func (bl *Bloom) Set(idx uint64) {
+	ptr := unsafe.Pointer(uintptr(unsafe.Pointer(&bl.bitset[idx>>6])) + uintptr((idx%64)>>3))
+	*(*uint8)(ptr) |= mask[idx%8]
+}
+
+// IsSet checks if bit[idx] of bitset is set, returns true/false.
+func (bl *Bloom) IsSet(idx uint64) bool {
+	ptr := unsafe.Pointer(uintptr(unsafe.Pointer(&bl.bitset[idx>>6])) + uintptr((idx%64)>>3))
+	r := ((*(*uint8)(ptr)) >> (idx % 8)) & 1
+	return r == 1
+}
+
+// bloomJSONImExport
+// Im/Export structure used by JSONMarshal / JSONUnmarshal
+type bloomJSONImExport struct {
+	FilterSet []byte
+	SetLocs   uint64
+}
+
+// NewWithBoolset takes a []byte slice and number of locs per entry,
+// returns the bloomfilter with a bitset populated according to the input []byte.
+func newWithBoolset(bs *[]byte, locs uint64) *Bloom {
+	bloomfilter := NewBloomFilter(float64(len(*bs)<<3), float64(locs))
+	for i, b := range *bs {
+		*(*uint8)(unsafe.Pointer(uintptr(unsafe.Pointer(&bloomfilter.bitset[0])) + uintptr(i))) = b
+	}
+	return bloomfilter
+}
+
+// JSONUnmarshal takes JSON-Object (type bloomJSONImExport) as []bytes
+// returns bloom32 / bloom64 object.
+func JSONUnmarshal(dbData []byte) (*Bloom, error) {
+	bloomImEx := bloomJSONImExport{}
+	if err := json.Unmarshal(dbData, &bloomImEx); err != nil {
+		return nil, err
+	}
+	buf := bytes.NewBuffer(bloomImEx.FilterSet)
+	bs := buf.Bytes()
+	bf := newWithBoolset(&bs, bloomImEx.SetLocs)
+	return bf, nil
+}
+
+// JSONMarshal returns JSON-object (type bloomJSONImExport) as []byte.
+func (bl Bloom) JSONMarshal() []byte {
+	bloomImEx := bloomJSONImExport{}
+	bloomImEx.SetLocs = bl.setLocs
+	bloomImEx.FilterSet = make([]byte, len(bl.bitset)<<3)
+	for i := range bloomImEx.FilterSet {
+		bloomImEx.FilterSet[i] = *(*byte)(unsafe.Pointer(uintptr(unsafe.Pointer(&bl.bitset[0])) +
+			uintptr(i)))
+	}
+	data, err := json.Marshal(bloomImEx)
+	if err != nil {
+		fatal("json.Marshal failed: ", err)
+	}
+	return data
+}
diff --git a/vendor/github.com/outcaste-io/ristretto/z/btree.go b/vendor/github.com/outcaste-io/ristretto/z/btree.go
new file mode 100644
index 000000000..0b28ae5b8
--- /dev/null
+++ b/vendor/github.com/outcaste-io/ristretto/z/btree.go
@@ -0,0 +1,710 @@
+/*
+ * Copyright 2020 Dgraph Labs, Inc. and Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package z
+
+import (
+	"fmt"
+	"math"
+	"os"
+	"reflect"
+	"strings"
+	"unsafe"
+
+	"github.com/outcaste-io/ristretto/z/simd"
+)
+
+var (
+	pageSize = os.Getpagesize()
+	maxKeys  = (pageSize / 16) - 1
+	oneThird = int(float64(maxKeys) / 3)
+)
+
+const (
+	absoluteMax = uint64(math.MaxUint64 - 1)
+	minSize     = 1 << 20
+)
+
+// Tree represents the structure for custom mmaped B+ tree.
+// It supports keys in range [1, math.MaxUint64-1] and values [1, math.Uint64].
+type Tree struct {
+	buffer   *Buffer
+	data     []byte
+	nextPage uint64
+	freePage uint64
+	stats    TreeStats
+}
+
+func (t *Tree) initRootNode() {
+	// This is the root node.
+	t.newNode(0)
+	// This acts as the rightmost pointer (all the keys are <= this key).
+	t.Set(absoluteMax, 0)
+}
+
+// NewTree returns an in-memory B+ tree.
+func NewTree(tag string) *Tree {
+	const defaultTag = "tree"
+	if tag == "" {
+		tag = defaultTag
+	}
+	t := &Tree{buffer: NewBuffer(minSize, tag)}
+	t.Reset()
+	return t
+}
+
+// NewTree returns a persistent on-disk B+ tree.
+func NewTreePersistent(path string) (*Tree, error) {
+	t := &Tree{}
+	var err error
+
+	// Open the buffer from disk and set it to the maximum allocated size.
+	t.buffer, err = NewBufferPersistent(path, minSize)
+	if err != nil {
+		return nil, err
+	}
+	t.buffer.offset = uint64(len(t.buffer.buf))
+	t.data = t.buffer.Bytes()
+
+	// pageID can never be 0 if the tree has been initialized.
+	root := t.node(1)
+	isInitialized := root.pageID() != 0
+
+	if !isInitialized {
+		t.nextPage = 1
+		t.freePage = 0
+		t.initRootNode()
+	} else {
+		t.reinit()
+	}
+
+	return t, nil
+}
+
+// reinit sets the internal variables of a Tree, which are normally stored
+// in-memory, but are lost when loading from disk.
+func (t *Tree) reinit() {
+	// Calculate t.nextPage by finding the first node whose pageID is not set.
+	t.nextPage = 1
+	for int(t.nextPage)*pageSize < len(t.data) {
+		n := t.node(t.nextPage)
+		if n.pageID() == 0 {
+			break
+		}
+		t.nextPage++
+	}
+	maxPageId := t.nextPage - 1
+
+	// Calculate t.freePage by finding the page to which no other page points.
+	// This would be the head of the page linked list.
+	// tailPages[i] is true if pageId i+1 is not the head of the list.
+	tailPages := make([]bool, maxPageId)
+	// Mark all pages containing nodes as tail pages.
+	t.Iterate(func(n node) {
+		i := n.pageID() - 1
+		tailPages[i] = true
+		// If this is a leaf node, increment the stats.
+		if n.isLeaf() {
+			t.stats.NumLeafKeys += n.numKeys()
+		}
+	})
+	// pointedPages is a list of page IDs that the tail pages point to.
+	pointedPages := make([]uint64, 0)
+	for i, isTail := range tailPages {
+		if !isTail {
+			pageId := uint64(i) + 1
+			// Skip if nextPageId = 0, as that is equivalent to null page.
+			if nextPageId := t.node(pageId).uint64(0); nextPageId != 0 {
+				pointedPages = append(pointedPages, nextPageId)
+			}
+			t.stats.NumPagesFree++
+		}
+	}
+
+	// Mark all pages being pointed to as tail pages.
+	for _, pageId := range pointedPages {
+		i := pageId - 1
+		tailPages[i] = true
+	}
+	// There should only be one head page left.
+	for i, isTail := range tailPages {
+		if !isTail {
+			pageId := uint64(i) + 1
+			t.freePage = pageId
+			break
+		}
+	}
+}
+
+// Reset resets the tree and truncates it to maxSz.
+func (t *Tree) Reset() {
+	// Tree relies on uninitialized data being zeroed out, so we need to Memclr
+	// the data before using it again.
+	Memclr(t.buffer.buf)
+	t.buffer.Reset()
+	t.buffer.AllocateOffset(minSize)
+	t.data = t.buffer.Bytes()
+	t.stats = TreeStats{}
+	t.nextPage = 1
+	t.freePage = 0
+	t.initRootNode()
+}
+
+// Close releases the memory used by the tree.
+func (t *Tree) Close() error {
+	if t == nil {
+		return nil
+	}
+	return t.buffer.Release()
+}
+
+type TreeStats struct {
+	Allocated    int     // Derived.
+	Bytes        int     // Derived.
+	NumLeafKeys  int     // Calculated.
+	NumPages     int     // Derived.
+	NumPagesFree int     // Calculated.
+	Occupancy    float64 // Derived.
+	PageSize     int     // Derived.
+}
+
+// Stats returns stats about the tree.
+func (t *Tree) Stats() TreeStats {
+	numPages := int(t.nextPage - 1)
+	out := TreeStats{
+		Bytes:        numPages * pageSize,
+		Allocated:    len(t.data),
+		NumLeafKeys:  t.stats.NumLeafKeys,
+		NumPages:     numPages,
+		NumPagesFree: t.stats.NumPagesFree,
+		PageSize:     pageSize,
+	}
+	out.Occupancy = 100.0 * float64(out.NumLeafKeys) / float64(maxKeys*numPages)
+	return out
+}
+
+// BytesToUint64Slice converts a byte slice to a uint64 slice.
+func BytesToUint64Slice(b []byte) []uint64 {
+	if len(b) == 0 {
+		return nil
+	}
+	var u64s []uint64
+	hdr := (*reflect.SliceHeader)(unsafe.Pointer(&u64s))
+	hdr.Len = len(b) / 8
+	hdr.Cap = hdr.Len
+	hdr.Data = uintptr(unsafe.Pointer(&b[0]))
+	return u64s
+}
+
+func (t *Tree) newNode(bit uint64) node {
+	var pageId uint64
+	if t.freePage > 0 {
+		pageId = t.freePage
+		t.stats.NumPagesFree--
+	} else {
+		pageId = t.nextPage
+		t.nextPage++
+		offset := int(pageId) * pageSize
+		reqSize := offset + pageSize
+		if reqSize > len(t.data) {
+			t.buffer.AllocateOffset(reqSize - len(t.data))
+			t.data = t.buffer.Bytes()
+		}
+	}
+	n := t.node(pageId)
+	if t.freePage > 0 {
+		t.freePage = n.uint64(0)
+	}
+	zeroOut(n)
+	n.setBit(bit)
+	n.setAt(keyOffset(maxKeys), pageId)
+	return n
+}
+
+func getNode(data []byte) node {
+	return node(BytesToUint64Slice(data))
+}
+
+func zeroOut(data []uint64) {
+	for i := 0; i < len(data); i++ {
+		data[i] = 0
+	}
+}
+
+func (t *Tree) node(pid uint64) node {
+	// page does not exist
+	if pid == 0 {
+		return nil
+	}
+	start := pageSize * int(pid)
+	return getNode(t.data[start : start+pageSize])
+}
+
+// Set sets the key-value pair in the tree.
+func (t *Tree) Set(k, v uint64) {
+	if k == math.MaxUint64 || k == 0 {
+		panic("Error setting zero or MaxUint64")
+	}
+	root := t.set(1, k, v)
+	if root.isFull() {
+		right := t.split(1)
+		left := t.newNode(root.bits())
+		// Re-read the root as the underlying buffer for tree might have changed during split.
+		root = t.node(1)
+		copy(left[:keyOffset(maxKeys)], root)
+		left.setNumKeys(root.numKeys())
+
+		// reset the root node.
+		zeroOut(root[:keyOffset(maxKeys)])
+		root.setNumKeys(0)
+
+		// set the pointers for left and right child in the root node.
+		root.set(left.maxKey(), left.pageID())
+		root.set(right.maxKey(), right.pageID())
+	}
+}
+
+// For internal nodes, they contain <key, ptr>.
+// where all entries <= key are stored in the corresponding ptr.
+func (t *Tree) set(pid, k, v uint64) node {
+	n := t.node(pid)
+	if n.isLeaf() {
+		t.stats.NumLeafKeys += n.set(k, v)
+		return n
+	}
+
+	// This is an internal node.
+	idx := n.search(k)
+	if idx >= maxKeys {
+		panic("search returned index >= maxKeys")
+	}
+	// If no key at idx.
+	if n.key(idx) == 0 {
+		n.setAt(keyOffset(idx), k)
+		n.setNumKeys(n.numKeys() + 1)
+	}
+	child := t.node(n.val(idx))
+	if child == nil {
+		child = t.newNode(bitLeaf)
+		n = t.node(pid)
+		n.setAt(valOffset(idx), child.pageID())
+	}
+	child = t.set(child.pageID(), k, v)
+	// Re-read n as the underlying buffer for tree might have changed during set.
+	n = t.node(pid)
+	if child.isFull() {
+		// Just consider the left sibling for simplicity.
+		// if t.shareWithSibling(n, idx) {
+		// 	return n
+		// }
+
+		nn := t.split(child.pageID())
+		// Re-read n and child as the underlying buffer for tree might have changed during split.
+		n = t.node(pid)
+		child = t.node(n.uint64(valOffset(idx)))
+		// Set child pointers in the node n.
+		// Note that key for right node (nn) already exist in node n, but the
+		// pointer is updated.
+		n.set(child.maxKey(), child.pageID())
+		n.set(nn.maxKey(), nn.pageID())
+	}
+	return n
+}
+
+// Get looks for key and returns the corresponding value.
+// If key is not found, 0 is returned.
+func (t *Tree) Get(k uint64) uint64 {
+	if k == math.MaxUint64 || k == 0 {
+		panic("Does not support getting MaxUint64/Zero")
+	}
+	root := t.node(1)
+	return t.get(root, k)
+}
+
+func (t *Tree) get(n node, k uint64) uint64 {
+	if n.isLeaf() {
+		return n.get(k)
+	}
+	// This is internal node
+	idx := n.search(k)
+	if idx == n.numKeys() || n.key(idx) == 0 {
+		return 0
+	}
+	child := t.node(n.uint64(valOffset(idx)))
+	assert(child != nil)
+	return t.get(child, k)
+}
+
+// DeleteBelow deletes all keys with value under ts.
+func (t *Tree) DeleteBelow(ts uint64) {
+	root := t.node(1)
+	t.stats.NumLeafKeys = 0
+	t.compact(root, ts)
+	assert(root.numKeys() >= 1)
+}
+
+func (t *Tree) compact(n node, ts uint64) int {
+	if n.isLeaf() {
+		numKeys := n.compact(ts)
+		t.stats.NumLeafKeys += n.numKeys()
+		return numKeys
+	}
+	// Not leaf.
+	N := n.numKeys()
+	for i := 0; i < N; i++ {
+		assert(n.key(i) > 0)
+		childID := n.uint64(valOffset(i))
+		child := t.node(childID)
+		if rem := t.compact(child, ts); rem == 0 && i < N-1 {
+			// If no valid key is remaining we can drop this child. However, don't do that if this
+			// is the max key.
+			t.stats.NumLeafKeys -= child.numKeys()
+			child.setAt(0, t.freePage)
+			t.freePage = childID
+			n.setAt(valOffset(i), 0)
+			t.stats.NumPagesFree++
+		}
+	}
+	// We use ts=1 here because we want to delete all the keys whose value is 0, which means they no
+	// longer have a valid page for that key.
+	return n.compact(1)
+}
+
+func (t *Tree) iterate(n node, fn func(node)) {
+	fn(n)
+	if n.isLeaf() {
+		return
+	}
+	// Explore children.
+	for i := 0; i < maxKeys; i++ {
+		if n.key(i) == 0 {
+			return
+		}
+		childID := n.uint64(valOffset(i))
+		assert(childID > 0)
+
+		child := t.node(childID)
+		t.iterate(child, fn)
+	}
+}
+
+// Iterate iterates over the tree and executes the fn on each node.
+func (t *Tree) Iterate(fn func(node)) {
+	root := t.node(1)
+	t.iterate(root, fn)
+}
+
+// IterateKV iterates through all keys and values in the tree.
+// If newVal is non-zero, it will be set in the tree.
+func (t *Tree) IterateKV(f func(key, val uint64) (newVal uint64)) {
+	t.Iterate(func(n node) {
+		// Only leaf nodes contain keys.
+		if !n.isLeaf() {
+			return
+		}
+
+		for i := 0; i < n.numKeys(); i++ {
+			key := n.key(i)
+			val := n.val(i)
+
+			// A zero value here means that this is a bogus entry.
+			if val == 0 {
+				continue
+			}
+
+			newVal := f(key, val)
+			if newVal != 0 {
+				n.setAt(valOffset(i), newVal)
+			}
+		}
+	})
+}
+
+func (t *Tree) print(n node, parentID uint64) {
+	n.print(parentID)
+	if n.isLeaf() {
+		return
+	}
+	pid := n.pageID()
+	for i := 0; i < maxKeys; i++ {
+		if n.key(i) == 0 {
+			return
+		}
+		childID := n.uint64(valOffset(i))
+		child := t.node(childID)
+		t.print(child, pid)
+	}
+}
+
+// Print iterates over the tree and prints all valid KVs.
+func (t *Tree) Print() {
+	root := t.node(1)
+	t.print(root, 0)
+}
+
+// Splits the node into two. It moves right half of the keys from the original node to a newly
+// created right node. It returns the right node.
+func (t *Tree) split(pid uint64) node {
+	n := t.node(pid)
+	if !n.isFull() {
+		panic("This should be called only when n is full")
+	}
+
+	// Create a new node nn, copy over half the keys from n, and set the parent to n's parent.
+	nn := t.newNode(n.bits())
+	// Re-read n as the underlying buffer for tree might have changed during newNode.
+	n = t.node(pid)
+	rightHalf := n[keyOffset(maxKeys/2):keyOffset(maxKeys)]
+	copy(nn, rightHalf)
+	nn.setNumKeys(maxKeys - maxKeys/2)
+
+	// Remove entries from node n.
+	zeroOut(rightHalf)
+	n.setNumKeys(maxKeys / 2)
+	return nn
+}
+
+// shareWithSiblingXXX is unused for now. The idea is to move some keys to
+// sibling when a node is full. But, I don't see any special benefits in our
+// access pattern. It doesn't result in better occupancy ratios.
+func (t *Tree) shareWithSiblingXXX(n node, idx int) bool {
+	if idx == 0 {
+		return false
+	}
+	left := t.node(n.val(idx - 1))
+	ns := left.numKeys()
+	if ns >= maxKeys/2 {
+		// Sibling is already getting full.
+		return false
+	}
+
+	right := t.node(n.val(idx))
+	// Copy over keys from right child to left child.
+	copied := copy(left[keyOffset(ns):], right[:keyOffset(oneThird)])
+	copied /= 2 // Considering that key-val constitute one key.
+	left.setNumKeys(ns + copied)
+
+	// Update the max key in parent node n for the left sibling.
+	n.setAt(keyOffset(idx-1), left.maxKey())
+
+	// Now move keys to left for the right sibling.
+	until := copy(right, right[keyOffset(oneThird):keyOffset(maxKeys)])
+	right.setNumKeys(until / 2)
+	zeroOut(right[until:keyOffset(maxKeys)])
+	return true
+}
+
+// Each node in the node is of size pageSize. Two kinds of nodes. Leaf nodes and internal nodes.
+// Leaf nodes only contain the data. Internal nodes would contain the key and the offset to the
+// child node.
+// Internal node would have first entry as
+// <0 offset to child>, <1000 offset>, <5000 offset>, and so on...
+// Leaf nodes would just have: <key, value>, <key, value>, and so on...
+// Last 16 bytes of the node are off limits.
+// | pageID (8 bytes) | metaBits (1 byte) | 3 free bytes | numKeys (4 bytes) |
+type node []uint64
+
+func (n node) uint64(start int) uint64 { return n[start] }
+
+// func (n node) uint32(start int) uint32 { return *(*uint32)(unsafe.Pointer(&n[start])) }
+
+func keyOffset(i int) int          { return 2 * i }
+func valOffset(i int) int          { return 2*i + 1 }
+func (n node) numKeys() int        { return int(n.uint64(valOffset(maxKeys)) & 0xFFFFFFFF) }
+func (n node) pageID() uint64      { return n.uint64(keyOffset(maxKeys)) }
+func (n node) key(i int) uint64    { return n.uint64(keyOffset(i)) }
+func (n node) val(i int) uint64    { return n.uint64(valOffset(i)) }
+func (n node) data(i int) []uint64 { return n[keyOffset(i):keyOffset(i+1)] }
+
+func (n node) setAt(start int, k uint64) {
+	n[start] = k
+}
+
+func (n node) setNumKeys(num int) {
+	idx := valOffset(maxKeys)
+	val := n[idx]
+	val &= 0xFFFFFFFF00000000
+	val |= uint64(num)
+	n[idx] = val
+}
+
+func (n node) moveRight(lo int) {
+	hi := n.numKeys()
+	assert(hi != maxKeys)
+	// copy works despite of overlap in src and dst.
+	// See https://golang.org/pkg/builtin/#copy
+	copy(n[keyOffset(lo+1):keyOffset(hi+1)], n[keyOffset(lo):keyOffset(hi)])
+}
+
+const (
+	bitLeaf = uint64(1 << 63)
+)
+
+func (n node) setBit(b uint64) {
+	vo := valOffset(maxKeys)
+	val := n[vo]
+	val &= 0xFFFFFFFF
+	val |= b
+	n[vo] = val
+}
+func (n node) bits() uint64 {
+	return n.val(maxKeys) & 0xFF00000000000000
+}
+func (n node) isLeaf() bool {
+	return n.bits()&bitLeaf > 0
+}
+
+// isFull checks that the node is already full.
+func (n node) isFull() bool {
+	return n.numKeys() == maxKeys
+}
+
+// Search returns the index of a smallest key >= k in a node.
+func (n node) search(k uint64) int {
+	N := n.numKeys()
+	if N < 4 {
+		for i := 0; i < N; i++ {
+			if ki := n.key(i); ki >= k {
+				return i
+			}
+		}
+		return N
+	}
+	return int(simd.Search(n[:2*N], k))
+	// lo, hi := 0, N
+	// // Reduce the search space using binary seach and then do linear search.
+	// for hi-lo > 32 {
+	// 	mid := (hi + lo) / 2
+	// 	km := n.key(mid)
+	// 	if k == km {
+	// 		return mid
+	// 	}
+	// 	if k > km {
+	// 		// key is greater than the key at mid, so move right.
+	// 		lo = mid + 1
+	// 	} else {
+	// 		// else move left.
+	// 		hi = mid
+	// 	}
+	// }
+	// for i := lo; i <= hi; i++ {
+	// 	if ki := n.key(i); ki >= k {
+	// 		return i
+	// 	}
+	// }
+	// return N
+}
+func (n node) maxKey() uint64 {
+	idx := n.numKeys()
+	// idx points to the first key which is zero.
+	if idx > 0 {
+		idx--
+	}
+	return n.key(idx)
+}
+
+// compacts the node i.e., remove all the kvs with value < lo. It returns the remaining number of
+// keys.
+func (n node) compact(lo uint64) int {
+	N := n.numKeys()
+	mk := n.maxKey()
+	var left, right int
+	for right = 0; right < N; right++ {
+		if n.val(right) < lo && n.key(right) < mk {
+			// Skip over this key. Don't copy it.
+			continue
+		}
+		// Valid data. Copy it from right to left. Advance left.
+		if left != right {
+			copy(n.data(left), n.data(right))
+		}
+		left++
+	}
+	// zero out rest of the kv pairs.
+	zeroOut(n[keyOffset(left):keyOffset(right)])
+	n.setNumKeys(left)
+
+	// If the only key we have is the max key, and its value is less than lo, then we can indicate
+	// to the caller by returning a zero that it's OK to drop the node.
+	if left == 1 && n.key(0) == mk && n.val(0) < lo {
+		return 0
+	}
+	return left
+}
+
+func (n node) get(k uint64) uint64 {
+	idx := n.search(k)
+	// key is not found
+	if idx == n.numKeys() {
+		return 0
+	}
+	if ki := n.key(idx); ki == k {
+		return n.val(idx)
+	}
+	return 0
+}
+
+// set returns true if it added a new key.
+func (n node) set(k, v uint64) (numAdded int) {
+	idx := n.search(k)
+	ki := n.key(idx)
+	if n.numKeys() == maxKeys {
+		// This happens during split of non-root node, when we are updating the child pointer of
+		// right node. Hence, the key should already exist.
+		assert(ki == k)
+	}
+	if ki > k {
+		// Found the first entry which is greater than k. So, we need to fit k
+		// just before it. For that, we should move the rest of the data in the
+		// node to the right to make space for k.
+		n.moveRight(idx)
+	}
+	// If the k does not exist already, increment the number of keys.
+	if ki != k {
+		n.setNumKeys(n.numKeys() + 1)
+		numAdded = 1
+	}
+	if ki == 0 || ki >= k {
+		n.setAt(keyOffset(idx), k)
+		n.setAt(valOffset(idx), v)
+		return
+	}
+	panic("shouldn't reach here")
+}
+
+func (n node) iterate(fn func(node, int)) {
+	for i := 0; i < maxKeys; i++ {
+		if k := n.key(i); k > 0 {
+			fn(n, i)
+		} else {
+			break
+		}
+	}
+}
+
+func (n node) print(parentID uint64) {
+	var keys []string
+	n.iterate(func(n node, i int) {
+		keys = append(keys, fmt.Sprintf("%d", n.key(i)))
+	})
+	if len(keys) > 8 {
+		copy(keys[4:], keys[len(keys)-4:])
+		keys[3] = "..."
+		keys = keys[:8]
+	}
+	fmt.Printf("%d Child of: %d num keys: %d keys: %s\n",
+		n.pageID(), parentID, n.numKeys(), strings.Join(keys, " "))
+}
diff --git a/vendor/github.com/outcaste-io/ristretto/z/buffer.go b/vendor/github.com/outcaste-io/ristretto/z/buffer.go
new file mode 100644
index 000000000..8f760c7d3
--- /dev/null
+++ b/vendor/github.com/outcaste-io/ristretto/z/buffer.go
@@ -0,0 +1,543 @@
+/*
+ * Copyright 2020 Dgraph Labs, Inc. and Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package z
+
+import (
+	"encoding/binary"
+	"fmt"
+	"io/ioutil"
+	"os"
+	"sort"
+	"sync/atomic"
+
+	"github.com/pkg/errors"
+)
+
+const (
+	defaultCapacity = 64
+	defaultTag      = "buffer"
+)
+
+// Buffer is equivalent of bytes.Buffer without the ability to read. It is NOT thread-safe.
+//
+// In UseCalloc mode, z.Calloc is used to allocate memory, which depending upon how the code is
+// compiled could use jemalloc for allocations.
+//
+// In UseMmap mode, Buffer  uses file mmap to allocate memory. This allows us to store big data
+// structures without using physical memory.
+//
+// MaxSize can be set to limit the memory usage.
+type Buffer struct {
+	padding       uint64     // number of starting bytes used for padding
+	offset        uint64     // used length of the buffer
+	buf           []byte     // backing slice for the buffer
+	bufType       BufferType // type of the underlying buffer
+	curSz         int        // capacity of the buffer
+	maxSz         int        // causes a panic if the buffer grows beyond this size
+	mmapFile      *MmapFile  // optional mmap backing for the buffer
+	autoMmapAfter int        // Calloc falls back to an mmaped tmpfile after crossing this size
+	autoMmapDir   string     // directory for autoMmap to create a tempfile in
+	persistent    bool       // when enabled, Release will not delete the underlying mmap file
+	tag           string     // used for jemalloc stats
+}
+
+func NewBuffer(capacity int, tag string) *Buffer {
+	if capacity < defaultCapacity {
+		capacity = defaultCapacity
+	}
+	if tag == "" {
+		tag = defaultTag
+	}
+	return &Buffer{
+		buf:     Calloc(capacity, tag),
+		bufType: UseCalloc,
+		curSz:   capacity,
+		offset:  8,
+		padding: 8,
+		tag:     tag,
+	}
+}
+
+// It is the caller's responsibility to set offset after this, because Buffer
+// doesn't remember what it was.
+func NewBufferPersistent(path string, capacity int) (*Buffer, error) {
+	file, err := os.OpenFile(path, os.O_RDWR|os.O_CREATE, 0666)
+	if err != nil {
+		return nil, err
+	}
+	buffer, err := newBufferFile(file, capacity)
+	if err != nil {
+		return nil, err
+	}
+	buffer.persistent = true
+	return buffer, nil
+}
+
+func NewBufferTmp(dir string, capacity int) (*Buffer, error) {
+	if dir == "" {
+		dir = tmpDir
+	}
+	file, err := ioutil.TempFile(dir, "buffer")
+	if err != nil {
+		return nil, err
+	}
+	return newBufferFile(file, capacity)
+}
+
+func newBufferFile(file *os.File, capacity int) (*Buffer, error) {
+	if capacity < defaultCapacity {
+		capacity = defaultCapacity
+	}
+	mmapFile, err := OpenMmapFileUsing(file, capacity, true)
+	if err != nil && err != NewFile {
+		return nil, err
+	}
+	buf := &Buffer{
+		buf:      mmapFile.Data,
+		bufType:  UseMmap,
+		curSz:    len(mmapFile.Data),
+		mmapFile: mmapFile,
+		offset:   8,
+		padding:  8,
+	}
+	return buf, nil
+}
+
+func NewBufferSlice(slice []byte) *Buffer {
+	return &Buffer{
+		offset:  uint64(len(slice)),
+		buf:     slice,
+		bufType: UseInvalid,
+	}
+}
+
+func (b *Buffer) WithAutoMmap(threshold int, path string) *Buffer {
+	if b.bufType != UseCalloc {
+		panic("can only autoMmap with UseCalloc")
+	}
+	b.autoMmapAfter = threshold
+	if path == "" {
+		b.autoMmapDir = tmpDir
+	} else {
+		b.autoMmapDir = path
+	}
+	return b
+}
+
+func (b *Buffer) WithMaxSize(size int) *Buffer {
+	b.maxSz = size
+	return b
+}
+
+func (b *Buffer) IsEmpty() bool {
+	return int(b.offset) == b.StartOffset()
+}
+
+// LenWithPadding would return the number of bytes written to the buffer so far
+// plus the padding at the start of the buffer.
+func (b *Buffer) LenWithPadding() int {
+	return int(atomic.LoadUint64(&b.offset))
+}
+
+// LenNoPadding would return the number of bytes written to the buffer so far
+// (without the padding).
+func (b *Buffer) LenNoPadding() int {
+	return int(atomic.LoadUint64(&b.offset) - b.padding)
+}
+
+// Bytes would return all the written bytes as a slice.
+func (b *Buffer) Bytes() []byte {
+	off := atomic.LoadUint64(&b.offset)
+	return b.buf[b.padding:off]
+}
+
+// Grow would grow the buffer to have at least n more bytes. In case the buffer is at capacity, it
+// would reallocate twice the size of current capacity + n, to ensure n bytes can be written to the
+// buffer without further allocation. In UseMmap mode, this might result in underlying file
+// expansion.
+func (b *Buffer) Grow(n int) {
+	if b.buf == nil {
+		panic("z.Buffer needs to be initialized before using")
+	}
+	if b.maxSz > 0 && int(b.offset)+n > b.maxSz {
+		err := fmt.Errorf(
+			"z.Buffer max size exceeded: %d offset: %d grow: %d", b.maxSz, b.offset, n)
+		panic(err)
+	}
+	if int(b.offset)+n < b.curSz {
+		return
+	}
+
+	// Calculate new capacity.
+	growBy := b.curSz + n
+	// Don't allocate more than 1GB at a time.
+	if growBy > 1<<30 {
+		growBy = 1 << 30
+	}
+	// Allocate at least n, even if it exceeds the 1GB limit above.
+	if n > growBy {
+		growBy = n
+	}
+	b.curSz += growBy
+
+	switch b.bufType {
+	case UseCalloc:
+		// If autoMmap gets triggered, copy the slice over to an mmaped file.
+		if b.autoMmapAfter > 0 && b.curSz > b.autoMmapAfter {
+			b.bufType = UseMmap
+			file, err := ioutil.TempFile(b.autoMmapDir, "")
+			if err != nil {
+				panic(err)
+			}
+			mmapFile, err := OpenMmapFileUsing(file, b.curSz, true)
+			if err != nil && err != NewFile {
+				panic(err)
+			}
+			assert(int(b.offset) == copy(mmapFile.Data, b.buf[:b.offset]))
+			Free(b.buf)
+			b.mmapFile = mmapFile
+			b.buf = mmapFile.Data
+			break
+		}
+
+		// Else, reallocate the slice.
+		newBuf := Calloc(b.curSz, b.tag)
+		assert(int(b.offset) == copy(newBuf, b.buf[:b.offset]))
+		Free(b.buf)
+		b.buf = newBuf
+
+	case UseMmap:
+		// Truncate and remap the underlying file.
+		if err := b.mmapFile.Truncate(int64(b.curSz)); err != nil {
+			err = errors.Wrapf(err,
+				"while trying to truncate file: %s to size: %d", b.mmapFile.Fd.Name(), b.curSz)
+			panic(err)
+		}
+		b.buf = b.mmapFile.Data
+
+	default:
+		panic("can only use Grow on UseCalloc and UseMmap buffers")
+	}
+}
+
+// Allocate is a way to get a slice of size n back from the buffer. This slice can be directly
+// written to. Warning: Allocate is not thread-safe. The byte slice returned MUST be used before
+// further calls to Buffer.
+func (b *Buffer) Allocate(n int) []byte {
+	b.Grow(n)
+	off := b.offset
+	b.offset += uint64(n)
+	return b.buf[off:int(b.offset)]
+}
+
+// AllocateOffset works the same way as allocate, but instead of returning a byte slice, it returns
+// the offset of the allocation.
+func (b *Buffer) AllocateOffset(n int) int {
+	b.Grow(n)
+	b.offset += uint64(n)
+	return int(b.offset) - n
+}
+
+func (b *Buffer) writeLen(sz int) {
+	buf := b.Allocate(4)
+	binary.BigEndian.PutUint32(buf, uint32(sz))
+}
+
+// SliceAllocate would encode the size provided into the buffer, followed by a call to Allocate,
+// hence returning the slice of size sz. This can be used to allocate a lot of small buffers into
+// this big buffer.
+// Note that SliceAllocate should NOT be mixed with normal calls to Write.
+func (b *Buffer) SliceAllocate(sz int) []byte {
+	b.Grow(4 + sz)
+	b.writeLen(sz)
+	return b.Allocate(sz)
+}
+
+func (b *Buffer) StartOffset() int {
+	return int(b.padding)
+}
+
+func (b *Buffer) WriteSlice(slice []byte) {
+	dst := b.SliceAllocate(len(slice))
+	assert(len(slice) == copy(dst, slice))
+}
+
+func (b *Buffer) SliceIterate(f func(slice []byte) error) error {
+	if b.IsEmpty() {
+		return nil
+	}
+	slice, next := []byte{}, b.StartOffset()
+	for next >= 0 {
+		slice, next = b.Slice(next)
+		if len(slice) == 0 {
+			continue
+		}
+		if err := f(slice); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+const (
+	UseCalloc BufferType = iota
+	UseMmap
+	UseInvalid
+)
+
+type BufferType int
+
+func (t BufferType) String() string {
+	switch t {
+	case UseCalloc:
+		return "UseCalloc"
+	case UseMmap:
+		return "UseMmap"
+	default:
+		return "UseInvalid"
+	}
+}
+
+type LessFunc func(a, b []byte) bool
+type sortHelper struct {
+	offsets []int
+	b       *Buffer
+	tmp     *Buffer
+	less    LessFunc
+	small   []int
+}
+
+func (s *sortHelper) sortSmall(start, end int) {
+	s.tmp.Reset()
+	s.small = s.small[:0]
+	next := start
+	for next >= 0 && next < end {
+		s.small = append(s.small, next)
+		_, next = s.b.Slice(next)
+	}
+
+	// We are sorting the slices pointed to by s.small offsets, but only moving the offsets around.
+	sort.Slice(s.small, func(i, j int) bool {
+		left, _ := s.b.Slice(s.small[i])
+		right, _ := s.b.Slice(s.small[j])
+		return s.less(left, right)
+	})
+	// Now we iterate over the s.small offsets and copy over the slices. The result is now in order.
+	for _, off := range s.small {
+		s.tmp.Write(rawSlice(s.b.buf[off:]))
+	}
+	assert(end-start == copy(s.b.buf[start:end], s.tmp.Bytes()))
+}
+
+func assert(b bool) {
+	if !b {
+		fatalf("%+v", errors.Errorf("Assertion failure"))
+	}
+}
+func check(err error) {
+	if err != nil {
+		fatalf("%+v", err)
+	}
+}
+func check2(_ interface{}, err error) {
+	check(err)
+}
+
+func (s *sortHelper) merge(left, right []byte, start, end int) {
+	if len(left) == 0 || len(right) == 0 {
+		return
+	}
+	s.tmp.Reset()
+	check2(s.tmp.Write(left))
+	left = s.tmp.Bytes()
+
+	var ls, rs []byte
+
+	copyLeft := func() {
+		assert(len(ls) == copy(s.b.buf[start:], ls))
+		left = left[len(ls):]
+		start += len(ls)
+	}
+	copyRight := func() {
+		assert(len(rs) == copy(s.b.buf[start:], rs))
+		right = right[len(rs):]
+		start += len(rs)
+	}
+
+	for start < end {
+		if len(left) == 0 {
+			assert(len(right) == copy(s.b.buf[start:end], right))
+			return
+		}
+		if len(right) == 0 {
+			assert(len(left) == copy(s.b.buf[start:end], left))
+			return
+		}
+		ls = rawSlice(left)
+		rs = rawSlice(right)
+
+		// We skip the first 4 bytes in the rawSlice, because that stores the length.
+		if s.less(ls[4:], rs[4:]) {
+			copyLeft()
+		} else {
+			copyRight()
+		}
+	}
+}
+
+func (s *sortHelper) sort(lo, hi int) []byte {
+	assert(lo <= hi)
+
+	mid := lo + (hi-lo)/2
+	loff, hoff := s.offsets[lo], s.offsets[hi]
+	if lo == mid {
+		// No need to sort, just return the buffer.
+		return s.b.buf[loff:hoff]
+	}
+
+	// lo, mid would sort from [offset[lo], offset[mid]) .
+	left := s.sort(lo, mid)
+	// Typically we'd use mid+1, but here mid represents an offset in the buffer. Each offset
+	// contains a thousand entries. So, if we do mid+1, we'd skip over those entries.
+	right := s.sort(mid, hi)
+
+	s.merge(left, right, loff, hoff)
+	return s.b.buf[loff:hoff]
+}
+
+// SortSlice is like SortSliceBetween but sorting over the entire buffer.
+func (b *Buffer) SortSlice(less func(left, right []byte) bool) {
+	b.SortSliceBetween(b.StartOffset(), int(b.offset), less)
+}
+func (b *Buffer) SortSliceBetween(start, end int, less LessFunc) {
+	if start >= end {
+		return
+	}
+	if start == 0 {
+		panic("start can never be zero")
+	}
+
+	var offsets []int
+	next, count := start, 0
+	for next >= 0 && next < end {
+		if count%1024 == 0 {
+			offsets = append(offsets, next)
+		}
+		_, next = b.Slice(next)
+		count++
+	}
+	assert(len(offsets) > 0)
+	if offsets[len(offsets)-1] != end {
+		offsets = append(offsets, end)
+	}
+
+	szTmp := int(float64((end-start)/2) * 1.1)
+	s := &sortHelper{
+		offsets: offsets,
+		b:       b,
+		less:    less,
+		small:   make([]int, 0, 1024),
+		tmp:     NewBuffer(szTmp, b.tag),
+	}
+	defer s.tmp.Release()
+
+	left := offsets[0]
+	for _, off := range offsets[1:] {
+		s.sortSmall(left, off)
+		left = off
+	}
+	s.sort(0, len(offsets)-1)
+}
+
+func rawSlice(buf []byte) []byte {
+	sz := binary.BigEndian.Uint32(buf)
+	return buf[:4+int(sz)]
+}
+
+// Slice would return the slice written at offset.
+func (b *Buffer) Slice(offset int) ([]byte, int) {
+	if offset >= int(b.offset) {
+		return nil, -1
+	}
+
+	sz := binary.BigEndian.Uint32(b.buf[offset:])
+	start := offset + 4
+	next := start + int(sz)
+	res := b.buf[start:next]
+	if next >= int(b.offset) {
+		next = -1
+	}
+	return res, next
+}
+
+// SliceOffsets is an expensive function. Use sparingly.
+func (b *Buffer) SliceOffsets() []int {
+	next := b.StartOffset()
+	var offsets []int
+	for next >= 0 {
+		offsets = append(offsets, next)
+		_, next = b.Slice(next)
+	}
+	return offsets
+}
+
+func (b *Buffer) Data(offset int) []byte {
+	if offset > b.curSz {
+		panic("offset beyond current size")
+	}
+	return b.buf[offset:b.curSz]
+}
+
+// Write would write p bytes to the buffer.
+func (b *Buffer) Write(p []byte) (n int, err error) {
+	n = len(p)
+	b.Grow(n)
+	assert(n == copy(b.buf[b.offset:], p))
+	b.offset += uint64(n)
+	return n, nil
+}
+
+// Reset would reset the buffer to be reused.
+func (b *Buffer) Reset() {
+	b.offset = uint64(b.StartOffset())
+}
+
+// Release would free up the memory allocated by the buffer. Once the usage of buffer is done, it is
+// important to call Release, otherwise a memory leak can happen.
+func (b *Buffer) Release() error {
+	if b == nil {
+		return nil
+	}
+	switch b.bufType {
+	case UseCalloc:
+		Free(b.buf)
+	case UseMmap:
+		if b.mmapFile == nil {
+			return nil
+		}
+		path := b.mmapFile.Fd.Name()
+		if err := b.mmapFile.Close(-1); err != nil {
+			return errors.Wrapf(err, "while closing file: %s", path)
+		}
+		if !b.persistent {
+			if err := os.Remove(path); err != nil {
+				return errors.Wrapf(err, "while deleting file %s", path)
+			}
+		}
+	}
+	return nil
+}
diff --git a/vendor/github.com/outcaste-io/ristretto/z/calloc.go b/vendor/github.com/outcaste-io/ristretto/z/calloc.go
new file mode 100644
index 000000000..2e5d61381
--- /dev/null
+++ b/vendor/github.com/outcaste-io/ristretto/z/calloc.go
@@ -0,0 +1,42 @@
+package z
+
+import "sync/atomic"
+
+var numBytes int64
+
+// NumAllocBytes returns the number of bytes allocated using calls to z.Calloc. The allocations
+// could be happening via either Go or jemalloc, depending upon the build flags.
+func NumAllocBytes() int64 {
+	return atomic.LoadInt64(&numBytes)
+}
+
+// MemStats is used to fetch JE Malloc Stats. The stats are fetched from
+// the mallctl namespace http://jemalloc.net/jemalloc.3.html#mallctl_namespace.
+type MemStats struct {
+	// Total number of bytes allocated by the application.
+	// http://jemalloc.net/jemalloc.3.html#stats.allocated
+	Allocated uint64
+	// Total number of bytes in active pages allocated by the application. This
+	// is a multiple of the page size, and greater than or equal to
+	// Allocated.
+	// http://jemalloc.net/jemalloc.3.html#stats.active
+	Active uint64
+	// Maximum number of bytes in physically resident data pages mapped by the
+	// allocator, comprising all pages dedicated to allocator metadata, pages
+	// backing active allocations, and unused dirty pages. This is a maximum
+	// rather than precise because pages may not actually be physically
+	// resident if they correspond to demand-zeroed virtual memory that has not
+	// yet been touched. This is a multiple of the page size, and is larger
+	// than stats.active.
+	// http://jemalloc.net/jemalloc.3.html#stats.resident
+	Resident uint64
+	// Total number of bytes in virtual memory mappings that were retained
+	// rather than being returned to the operating system via e.g. munmap(2) or
+	// similar. Retained virtual memory is typically untouched, decommitted, or
+	// purged, so it has no strongly associated physical memory (see extent
+	// hooks http://jemalloc.net/jemalloc.3.html#arena.i.extent_hooks for
+	// details). Retained memory is excluded from mapped memory statistics,
+	// e.g. stats.mapped (http://jemalloc.net/jemalloc.3.html#stats.mapped).
+	// http://jemalloc.net/jemalloc.3.html#stats.retained
+	Retained uint64
+}
diff --git a/vendor/github.com/outcaste-io/ristretto/z/calloc_32bit.go b/vendor/github.com/outcaste-io/ristretto/z/calloc_32bit.go
new file mode 100644
index 000000000..3a0442614
--- /dev/null
+++ b/vendor/github.com/outcaste-io/ristretto/z/calloc_32bit.go
@@ -0,0 +1,14 @@
+// Copyright 2020 The LevelDB-Go and Pebble Authors. All rights reserved. Use
+// of this source code is governed by a BSD-style license that can be found in
+// the LICENSE file.
+
+// +build 386 amd64p32 arm armbe  mips mipsle mips64p32 mips64p32le ppc sparc
+
+package z
+
+const (
+	// MaxArrayLen is a safe maximum length for slices on this architecture.
+	MaxArrayLen = 1<<31 - 1
+	// MaxBufferSize is the size of virtually unlimited buffer on this architecture.
+	MaxBufferSize = 1 << 30
+)
diff --git a/vendor/github.com/outcaste-io/ristretto/z/calloc_64bit.go b/vendor/github.com/outcaste-io/ristretto/z/calloc_64bit.go
new file mode 100644
index 000000000..b898248bb
--- /dev/null
+++ b/vendor/github.com/outcaste-io/ristretto/z/calloc_64bit.go
@@ -0,0 +1,14 @@
+// Copyright 2020 The LevelDB-Go and Pebble Authors. All rights reserved. Use
+// of this source code is governed by a BSD-style license that can be found in
+// the LICENSE file.
+
+// +build amd64 arm64 arm64be ppc64 ppc64le mips64 mips64le riscv64 s390x sparc64
+
+package z
+
+const (
+	// MaxArrayLen is a safe maximum length for slices on this architecture.
+	MaxArrayLen = 1<<50 - 1
+	// MaxBufferSize is the size of virtually unlimited buffer on this architecture.
+	MaxBufferSize = 256 << 30
+)
diff --git a/vendor/github.com/outcaste-io/ristretto/z/calloc_jemalloc.go b/vendor/github.com/outcaste-io/ristretto/z/calloc_jemalloc.go
new file mode 100644
index 000000000..88a5acedb
--- /dev/null
+++ b/vendor/github.com/outcaste-io/ristretto/z/calloc_jemalloc.go
@@ -0,0 +1,173 @@
+// Copyright 2020 The LevelDB-Go and Pebble Authors. All rights reserved. Use
+// of this source code is governed by a BSD-style license that can be found in
+// the LICENSE file.
+
+//go:build jemalloc
+// +build jemalloc
+
+package z
+
+/*
+#cgo LDFLAGS: /usr/local/lib/libjemalloc_outcaste.a -L/usr/local/lib -Wl,-rpath,/usr/local/lib -ljemalloc_outcaste -lm -lstdc++ -pthread -ldl
+#include <stdlib.h>
+#include <jemalloc/jemalloc_outcaste.h>
+*/
+import "C"
+import (
+	"bytes"
+	"fmt"
+	"sync"
+	"sync/atomic"
+	"unsafe"
+
+	"github.com/dustin/go-humanize"
+)
+
+// The go:linkname directives provides backdoor access to private functions in
+// the runtime. Below we're accessing the throw function.
+
+//go:linkname throw runtime.throw
+func throw(s string)
+
+// New allocates a slice of size n. The returned slice is from manually managed
+// memory and MUST be released by calling Free. Failure to do so will result in
+// a memory leak.
+//
+// Compile jemalloc with ./configure --with-jemalloc-prefix="je_"
+// https://android.googlesource.com/platform/external/jemalloc_new/+/6840b22e8e11cb68b493297a5cd757d6eaa0b406/TUNING.md
+// These two config options seems useful for frequent allocations and deallocations in
+// multi-threaded programs (like we have).
+// JE_MALLOC_CONF="background_thread:true,metadata_thp:auto"
+//
+// Compile Go program with `go build -tags=jemalloc` to enable this.
+
+type dalloc struct {
+	t  string
+	sz int
+}
+
+var dallocsMu sync.Mutex
+var dallocs map[unsafe.Pointer]*dalloc
+
+func init() {
+	// By initializing dallocs, we can start tracking allocations and deallocations via z.Calloc.
+	dallocs = make(map[unsafe.Pointer]*dalloc)
+}
+
+func Calloc(n int, tag string) []byte {
+	if n == 0 {
+		return make([]byte, 0)
+	}
+	// We need to be conscious of the Cgo pointer passing rules:
+	//
+	//   https://golang.org/cmd/cgo/#hdr-Passing_pointers
+	//
+	//   ...
+	//   Note: the current implementation has a bug. While Go code is permitted
+	//   to write nil or a C pointer (but not a Go pointer) to C memory, the
+	//   current implementation may sometimes cause a runtime error if the
+	//   contents of the C memory appear to be a Go pointer. Therefore, avoid
+	//   passing uninitialized C memory to Go code if the Go code is going to
+	//   store pointer values in it. Zero out the memory in C before passing it
+	//   to Go.
+
+	ptr := C.je_calloc(C.size_t(n), 1)
+	if ptr == nil {
+		// NB: throw is like panic, except it guarantees the process will be
+		// terminated. The call below is exactly what the Go runtime invokes when
+		// it cannot allocate memory.
+		throw("out of memory")
+	}
+
+	uptr := unsafe.Pointer(ptr)
+	dallocsMu.Lock()
+	dallocs[uptr] = &dalloc{
+		t:  tag,
+		sz: n,
+	}
+	dallocsMu.Unlock()
+	atomic.AddInt64(&numBytes, int64(n))
+	// Interpret the C pointer as a pointer to a Go array, then slice.
+	return (*[MaxArrayLen]byte)(uptr)[:n:n]
+}
+
+// CallocNoRef does the exact same thing as Calloc with jemalloc enabled.
+func CallocNoRef(n int, tag string) []byte {
+	return Calloc(n, tag)
+}
+
+// Free frees the specified slice.
+func Free(b []byte) {
+	if sz := cap(b); sz != 0 {
+		b = b[:cap(b)]
+		ptr := unsafe.Pointer(&b[0])
+		C.je_free(ptr)
+		atomic.AddInt64(&numBytes, -int64(sz))
+		dallocsMu.Lock()
+		delete(dallocs, ptr)
+		dallocsMu.Unlock()
+	}
+}
+
+func Leaks() string {
+	if dallocs == nil {
+		return "Leak detection disabled. Enable with 'leak' build flag."
+	}
+	dallocsMu.Lock()
+	defer dallocsMu.Unlock()
+	if len(dallocs) == 0 {
+		return "NO leaks found."
+	}
+	m := make(map[string]int)
+	for _, da := range dallocs {
+		m[da.t] += da.sz
+	}
+	var buf bytes.Buffer
+	fmt.Fprintf(&buf, "Allocations:\n")
+	for f, sz := range m {
+		fmt.Fprintf(&buf, "%s at file: %s\n", humanize.IBytes(uint64(sz)), f)
+	}
+	return buf.String()
+}
+
+// ReadMemStats populates stats with JE Malloc statistics.
+func ReadMemStats(stats *MemStats) {
+	if stats == nil {
+		return
+	}
+	// Call an epoch mallclt to refresh the stats data as mentioned in the docs.
+	// http://jemalloc.net/jemalloc.3.html#epoch
+	// Note: This epoch mallctl is as expensive as a malloc call. It takes up the
+	// malloc_mutex_lock.
+	epoch := 1
+	sz := unsafe.Sizeof(&epoch)
+	C.je_mallctl(
+		(C.CString)("epoch"),
+		unsafe.Pointer(&epoch),
+		(*C.size_t)(unsafe.Pointer(&sz)),
+		unsafe.Pointer(&epoch),
+		(C.size_t)(unsafe.Sizeof(epoch)))
+	stats.Allocated = fetchStat("stats.allocated")
+	stats.Active = fetchStat("stats.active")
+	stats.Resident = fetchStat("stats.resident")
+	stats.Retained = fetchStat("stats.retained")
+}
+
+// fetchStat is used to read a specific attribute from je malloc stats using mallctl.
+func fetchStat(s string) uint64 {
+	var out uint64
+	sz := unsafe.Sizeof(&out)
+	C.je_mallctl(
+		(C.CString)(s),                   // Query: eg: stats.allocated, stats.resident, etc.
+		unsafe.Pointer(&out),             // Variable to store the output.
+		(*C.size_t)(unsafe.Pointer(&sz)), // Size of the output variable.
+		nil,                              // Input variable used to set a value.
+		0)                                // Size of the input variable.
+	return out
+}
+
+func StatsPrint() {
+	opts := C.CString("mdablxe")
+	C.je_malloc_stats_print(nil, nil, opts)
+	C.free(unsafe.Pointer(opts))
+}
diff --git a/vendor/github.com/outcaste-io/ristretto/z/calloc_nojemalloc.go b/vendor/github.com/outcaste-io/ristretto/z/calloc_nojemalloc.go
new file mode 100644
index 000000000..93ceedf90
--- /dev/null
+++ b/vendor/github.com/outcaste-io/ristretto/z/calloc_nojemalloc.go
@@ -0,0 +1,37 @@
+// Copyright 2020 The LevelDB-Go and Pebble Authors. All rights reserved. Use
+// of this source code is governed by a BSD-style license that can be found in
+// the LICENSE file.
+
+// +build !jemalloc !cgo
+
+package z
+
+import (
+	"fmt"
+)
+
+// Provides versions of Calloc, CallocNoRef, etc when jemalloc is not available
+// (eg: build without jemalloc tag).
+
+// Calloc allocates a slice of size n.
+func Calloc(n int, tag string) []byte {
+	return make([]byte, n)
+}
+
+// CallocNoRef will not give you memory back without jemalloc.
+func CallocNoRef(n int, tag string) []byte {
+	// We do the add here just to stay compatible with a corresponding Free call.
+	return nil
+}
+
+// Free does not do anything in this mode.
+func Free(b []byte) {}
+
+func Leaks() string { return "Leaks: Using Go memory" }
+func StatsPrint() {
+	fmt.Println("Using Go memory")
+}
+
+// ReadMemStats doesn't do anything since all the memory is being managed
+// by the Go runtime.
+func ReadMemStats(_ *MemStats) { return }
diff --git a/vendor/github.com/outcaste-io/ristretto/z/file.go b/vendor/github.com/outcaste-io/ristretto/z/file.go
new file mode 100644
index 000000000..880caf0ad
--- /dev/null
+++ b/vendor/github.com/outcaste-io/ristretto/z/file.go
@@ -0,0 +1,217 @@
+/*
+ * Copyright 2020 Dgraph Labs, Inc. and Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package z
+
+import (
+	"encoding/binary"
+	"fmt"
+	"io"
+	"os"
+	"path/filepath"
+
+	"github.com/pkg/errors"
+)
+
+// MmapFile represents an mmapd file and includes both the buffer to the data
+// and the file descriptor.
+type MmapFile struct {
+	Data []byte
+	Fd   *os.File
+}
+
+var NewFile = errors.New("Create a new file")
+
+func OpenMmapFileUsing(fd *os.File, sz int, writable bool) (*MmapFile, error) {
+	filename := fd.Name()
+	fi, err := fd.Stat()
+	if err != nil {
+		return nil, errors.Wrapf(err, "cannot stat file: %s", filename)
+	}
+
+	var rerr error
+	fileSize := fi.Size()
+	if sz > 0 && fileSize == 0 {
+		// If file is empty, truncate it to sz.
+		if err := fd.Truncate(int64(sz)); err != nil {
+			return nil, errors.Wrapf(err, "error while truncation")
+		}
+		fileSize = int64(sz)
+		rerr = NewFile
+	}
+
+	// fmt.Printf("Mmaping file: %s with writable: %v filesize: %d\n", fd.Name(), writable, fileSize)
+	buf, err := Mmap(fd, writable, fileSize) // Mmap up to file size.
+	if err != nil {
+		return nil, errors.Wrapf(err, "while mmapping %s with size: %d", fd.Name(), fileSize)
+	}
+
+	if fileSize == 0 {
+		dir, _ := filepath.Split(filename)
+		go SyncDir(dir)
+	}
+	return &MmapFile{
+		Data: buf,
+		Fd:   fd,
+	}, rerr
+}
+
+// OpenMmapFile opens an existing file or creates a new file. If the file is
+// created, it would truncate the file to maxSz. In both cases, it would mmap
+// the file to maxSz and returned it. In case the file is created, z.NewFile is
+// returned.
+func OpenMmapFile(filename string, flag int, maxSz int) (*MmapFile, error) {
+	// fmt.Printf("opening file %s with flag: %v\n", filename, flag)
+	fd, err := os.OpenFile(filename, flag, 0666)
+	if err != nil {
+		return nil, errors.Wrapf(err, "unable to open: %s", filename)
+	}
+	writable := true
+	if flag == os.O_RDONLY {
+		writable = false
+	}
+	return OpenMmapFileUsing(fd, maxSz, writable)
+}
+
+type mmapReader struct {
+	Data   []byte
+	offset int
+}
+
+func (mr *mmapReader) Read(buf []byte) (int, error) {
+	if mr.offset > len(mr.Data) {
+		return 0, io.EOF
+	}
+	n := copy(buf, mr.Data[mr.offset:])
+	mr.offset += n
+	if n < len(buf) {
+		return n, io.EOF
+	}
+	return n, nil
+}
+
+func (m *MmapFile) NewReader(offset int) io.Reader {
+	return &mmapReader{
+		Data:   m.Data,
+		offset: offset,
+	}
+}
+
+// Bytes returns data starting from offset off of size sz. If there's not enough data, it would
+// return nil slice and io.EOF.
+func (m *MmapFile) Bytes(off, sz int) ([]byte, error) {
+	if len(m.Data[off:]) < sz {
+		return nil, io.EOF
+	}
+	return m.Data[off : off+sz], nil
+}
+
+// Slice returns the slice at the given offset.
+func (m *MmapFile) Slice(offset int) []byte {
+	sz := binary.BigEndian.Uint32(m.Data[offset:])
+	start := offset + 4
+	next := start + int(sz)
+	if next > len(m.Data) {
+		return []byte{}
+	}
+	res := m.Data[start:next]
+	return res
+}
+
+// AllocateSlice allocates a slice of the given size at the given offset.
+func (m *MmapFile) AllocateSlice(sz, offset int) ([]byte, int, error) {
+	start := offset + 4
+
+	// If the file is too small, double its size or increase it by 1GB, whichever is smaller.
+	if start+sz > len(m.Data) {
+		const oneGB = 1 << 30
+		growBy := len(m.Data)
+		if growBy > oneGB {
+			growBy = oneGB
+		}
+		if growBy < sz+4 {
+			growBy = sz + 4
+		}
+		if err := m.Truncate(int64(len(m.Data) + growBy)); err != nil {
+			return nil, 0, err
+		}
+	}
+
+	binary.BigEndian.PutUint32(m.Data[offset:], uint32(sz))
+	return m.Data[start : start+sz], start + sz, nil
+}
+
+func (m *MmapFile) Sync() error {
+	if m == nil {
+		return nil
+	}
+	return Msync(m.Data)
+}
+
+func (m *MmapFile) Delete() error {
+	// Badger can set the m.Data directly, without setting any Fd. In that case, this should be a
+	// NOOP.
+	if m.Fd == nil {
+		return nil
+	}
+
+	if err := Munmap(m.Data); err != nil {
+		return fmt.Errorf("while munmap file: %s, error: %v\n", m.Fd.Name(), err)
+	}
+	m.Data = nil
+	if err := m.Fd.Truncate(0); err != nil {
+		return fmt.Errorf("while truncate file: %s, error: %v\n", m.Fd.Name(), err)
+	}
+	if err := m.Fd.Close(); err != nil {
+		return fmt.Errorf("while close file: %s, error: %v\n", m.Fd.Name(), err)
+	}
+	return os.Remove(m.Fd.Name())
+}
+
+// Close would close the file. It would also truncate the file if maxSz >= 0.
+func (m *MmapFile) Close(maxSz int64) error {
+	// Badger can set the m.Data directly, without setting any Fd. In that case, this should be a
+	// NOOP.
+	if m.Fd == nil {
+		return nil
+	}
+	if err := m.Sync(); err != nil {
+		return fmt.Errorf("while sync file: %s, error: %v\n", m.Fd.Name(), err)
+	}
+	if err := Munmap(m.Data); err != nil {
+		return fmt.Errorf("while munmap file: %s, error: %v\n", m.Fd.Name(), err)
+	}
+	if maxSz >= 0 {
+		if err := m.Fd.Truncate(maxSz); err != nil {
+			return fmt.Errorf("while truncate file: %s, error: %v\n", m.Fd.Name(), err)
+		}
+	}
+	return m.Fd.Close()
+}
+
+func SyncDir(dir string) error {
+	df, err := os.Open(dir)
+	if err != nil {
+		return errors.Wrapf(err, "while opening %s", dir)
+	}
+	if err := df.Sync(); err != nil {
+		return errors.Wrapf(err, "while syncing %s", dir)
+	}
+	if err := df.Close(); err != nil {
+		return errors.Wrapf(err, "while closing %s", dir)
+	}
+	return nil
+}
diff --git a/vendor/github.com/outcaste-io/ristretto/z/file_default.go b/vendor/github.com/outcaste-io/ristretto/z/file_default.go
new file mode 100644
index 000000000..d9c0db43e
--- /dev/null
+++ b/vendor/github.com/outcaste-io/ristretto/z/file_default.go
@@ -0,0 +1,39 @@
+// +build !linux
+
+/*
+ * Copyright 2020 Dgraph Labs, Inc. and Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package z
+
+import "fmt"
+
+// Truncate would truncate the mmapped file to the given size. On Linux, we truncate
+// the underlying file and then call mremap, but on other systems, we unmap first,
+// then truncate, then re-map.
+func (m *MmapFile) Truncate(maxSz int64) error {
+	if err := m.Sync(); err != nil {
+		return fmt.Errorf("while sync file: %s, error: %v\n", m.Fd.Name(), err)
+	}
+	if err := Munmap(m.Data); err != nil {
+		return fmt.Errorf("while munmap file: %s, error: %v\n", m.Fd.Name(), err)
+	}
+	if err := m.Fd.Truncate(maxSz); err != nil {
+		return fmt.Errorf("while truncate file: %s, error: %v\n", m.Fd.Name(), err)
+	}
+	var err error
+	m.Data, err = Mmap(m.Fd, true, maxSz) // Mmap up to max size.
+	return err
+}
diff --git a/vendor/github.com/outcaste-io/ristretto/z/file_linux.go b/vendor/github.com/outcaste-io/ristretto/z/file_linux.go
new file mode 100644
index 000000000..7f670bd2c
--- /dev/null
+++ b/vendor/github.com/outcaste-io/ristretto/z/file_linux.go
@@ -0,0 +1,37 @@
+/*
+ * Copyright 2020 Dgraph Labs, Inc. and Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package z
+
+import (
+	"fmt"
+)
+
+// Truncate would truncate the mmapped file to the given size. On Linux, we truncate
+// the underlying file and then call mremap, but on other systems, we unmap first,
+// then truncate, then re-map.
+func (m *MmapFile) Truncate(maxSz int64) error {
+	if err := m.Sync(); err != nil {
+		return fmt.Errorf("while sync file: %s, error: %v\n", m.Fd.Name(), err)
+	}
+	if err := m.Fd.Truncate(maxSz); err != nil {
+		return fmt.Errorf("while truncate file: %s, error: %v\n", m.Fd.Name(), err)
+	}
+
+	var err error
+	m.Data, err = mremap(m.Data, int(maxSz)) // Mmap up to max size.
+	return err
+}
diff --git a/vendor/github.com/outcaste-io/ristretto/z/flags.go b/vendor/github.com/outcaste-io/ristretto/z/flags.go
new file mode 100644
index 000000000..4aca58f30
--- /dev/null
+++ b/vendor/github.com/outcaste-io/ristretto/z/flags.go
@@ -0,0 +1,324 @@
+package z
+
+import (
+	"fmt"
+	"os"
+	"os/user"
+	"path/filepath"
+	"sort"
+	"strconv"
+	"strings"
+	"time"
+
+	"github.com/pkg/errors"
+)
+
+// SuperFlagHelp makes it really easy to generate command line `--help` output for a SuperFlag. For
+// example:
+//
+//	const flagDefaults = `enabled=true; path=some/path;`
+//
+//	var help string = z.NewSuperFlagHelp(flagDefaults).
+//		Flag("enabled", "Turns on <something>.").
+//		Flag("path", "The path to <something>.").
+//		Flag("another", "Not present in defaults, but still included.").
+//		String()
+//
+// The `help` string would then contain:
+//
+//	enabled=true; Turns on <something>.
+//	path=some/path; The path to <something>.
+//	another=; Not present in defaults, but still included.
+//
+// All flags are sorted alphabetically for consistent `--help` output. Flags with default values are
+// placed at the top, and everything else goes under.
+type SuperFlagHelp struct {
+	head     string
+	defaults *SuperFlag
+	flags    map[string]string
+}
+
+func NewSuperFlagHelp(defaults string) *SuperFlagHelp {
+	return &SuperFlagHelp{
+		defaults: NewSuperFlag(defaults),
+		flags:    make(map[string]string, 0),
+	}
+}
+
+func (h *SuperFlagHelp) Head(head string) *SuperFlagHelp {
+	h.head = head
+	return h
+}
+
+func (h *SuperFlagHelp) Flag(name, description string) *SuperFlagHelp {
+	h.flags[name] = description
+	return h
+}
+
+func (h *SuperFlagHelp) String() string {
+	defaultLines := make([]string, 0)
+	otherLines := make([]string, 0)
+	for name, help := range h.flags {
+		val, found := h.defaults.m[name]
+		line := fmt.Sprintf("    %s=%s; %s\n", name, val, help)
+		if found {
+			defaultLines = append(defaultLines, line)
+		} else {
+			otherLines = append(otherLines, line)
+		}
+	}
+	sort.Strings(defaultLines)
+	sort.Strings(otherLines)
+	dls := strings.Join(defaultLines, "")
+	ols := strings.Join(otherLines, "")
+	if len(h.defaults.m) == 0 && len(ols) == 0 {
+		// remove last newline
+		dls = dls[:len(dls)-1]
+	}
+	// remove last newline
+	if len(h.defaults.m) == 0 && len(ols) > 1 {
+		ols = ols[:len(ols)-1]
+	}
+	return h.head + "\n" + dls + ols
+}
+
+func parseFlag(flag string) (map[string]string, error) {
+	kvm := make(map[string]string)
+	for _, kv := range strings.Split(flag, ";") {
+		if strings.TrimSpace(kv) == "" {
+			continue
+		}
+		// For a non-empty separator, 0 < len(splits) ≤ 2.
+		splits := strings.SplitN(kv, "=", 2)
+		k := strings.TrimSpace(splits[0])
+		if len(splits) < 2 {
+			return nil, fmt.Errorf("superflag: missing value for '%s' in flag: %s", k, flag)
+		}
+		k = strings.ToLower(k)
+		k = strings.ReplaceAll(k, "_", "-")
+		kvm[k] = strings.TrimSpace(splits[1])
+	}
+	return kvm, nil
+}
+
+type SuperFlag struct {
+	m map[string]string
+}
+
+func NewSuperFlag(flag string) *SuperFlag {
+	sf, err := newSuperFlagImpl(flag)
+	if err != nil {
+		fatal(err)
+	}
+	return sf
+}
+
+func newSuperFlagImpl(flag string) (*SuperFlag, error) {
+	m, err := parseFlag(flag)
+	if err != nil {
+		return nil, err
+	}
+	return &SuperFlag{m}, nil
+}
+
+func (sf *SuperFlag) String() string {
+	if sf == nil {
+		return ""
+	}
+	kvs := make([]string, 0, len(sf.m))
+	for k, v := range sf.m {
+		kvs = append(kvs, fmt.Sprintf("%s=%s", k, v))
+	}
+	return strings.Join(kvs, "; ")
+}
+
+func (sf *SuperFlag) MergeAndCheckDefault(flag string) *SuperFlag {
+	sf, err := sf.MergeWithDefault(flag)
+	if err != nil {
+		fatal(err)
+	}
+	return sf
+}
+
+func (sf *SuperFlag) Merge(flag string) *SuperFlag {
+	src, err := parseFlag(flag)
+	if err != nil {
+		fatal(err)
+	}
+	for k, v := range src {
+		if _, ok := sf.m[k]; !ok {
+			fatal("Unable to find the flag in SuperFlag")
+		}
+		sf.m[k] = v
+	}
+	return sf
+}
+
+func (sf *SuperFlag) MergeWithDefault(flag string) (*SuperFlag, error) {
+	if sf == nil {
+		m, err := parseFlag(flag)
+		if err != nil {
+			return nil, err
+		}
+		return &SuperFlag{m}, nil
+	}
+
+	src, err := parseFlag(flag)
+	if err != nil {
+		return nil, err
+	}
+
+	numKeys := len(sf.m)
+	for k := range src {
+		if _, ok := sf.m[k]; ok {
+			numKeys--
+		}
+	}
+	if numKeys != 0 {
+		return nil, fmt.Errorf("superflag: found invalid options in flag: %s.\nvalid options: %v", sf, flag)
+	}
+	for k, v := range src {
+		if _, ok := sf.m[k]; !ok {
+			sf.m[k] = v
+		}
+	}
+	return sf, nil
+}
+
+func (sf *SuperFlag) Has(opt string) bool {
+	val := sf.GetString(opt)
+	return val != ""
+}
+
+func (sf *SuperFlag) GetDuration(opt string) time.Duration {
+	val := sf.GetString(opt)
+	if val == "" {
+		return time.Duration(0)
+	}
+	if strings.Contains(val, "d") {
+		val = strings.Replace(val, "d", "", 1)
+		days, err := strconv.ParseUint(val, 0, 64)
+		if err != nil {
+			return time.Duration(0)
+		}
+		return time.Hour * 24 * time.Duration(days)
+	}
+	d, err := time.ParseDuration(val)
+	if err != nil {
+		return time.Duration(0)
+	}
+	return d
+}
+
+func (sf *SuperFlag) GetBool(opt string) bool {
+	val := sf.GetString(opt)
+	if val == "" {
+		return false
+	}
+	b, err := strconv.ParseBool(val)
+	if err != nil {
+		err = errors.Wrapf(err,
+			"Unable to parse %s as bool for key: %s. Options: %s\n",
+			val, opt, sf)
+		fatalf("%+v", err)
+	}
+	return b
+}
+
+func (sf *SuperFlag) GetFloat64(opt string) float64 {
+	val := sf.GetString(opt)
+	if val == "" {
+		return 0
+	}
+	f, err := strconv.ParseFloat(val, 64)
+	if err != nil {
+		err = errors.Wrapf(err,
+			"Unable to parse %s as float64 for key: %s. Options: %s\n",
+			val, opt, sf)
+		fatalf("%+v", err)
+	}
+	return f
+}
+
+func (sf *SuperFlag) GetInt64(opt string) int64 {
+	val := sf.GetString(opt)
+	if val == "" {
+		return 0
+	}
+	i, err := strconv.ParseInt(val, 0, 64)
+	if err != nil {
+		err = errors.Wrapf(err,
+			"Unable to parse %s as int64 for key: %s. Options: %s\n",
+			val, opt, sf)
+		fatalf("%+v", err)
+	}
+	return i
+}
+
+func (sf *SuperFlag) GetUint64(opt string) uint64 {
+	val := sf.GetString(opt)
+	if val == "" {
+		return 0
+	}
+	u, err := strconv.ParseUint(val, 0, 64)
+	if err != nil {
+		err = errors.Wrapf(err,
+			"Unable to parse %s as uint64 for key: %s. Options: %s\n",
+			val, opt, sf)
+		fatalf("%+v", err)
+	}
+	return u
+}
+
+func (sf *SuperFlag) GetUint32(opt string) uint32 {
+	val := sf.GetString(opt)
+	if val == "" {
+		return 0
+	}
+	u, err := strconv.ParseUint(val, 0, 32)
+	if err != nil {
+		err = errors.Wrapf(err,
+			"Unable to parse %s as uint32 for key: %s. Options: %s\n",
+			val, opt, sf)
+		fatalf("%+v", err)
+	}
+	return uint32(u)
+}
+
+func (sf *SuperFlag) GetString(opt string) string {
+	if sf == nil {
+		return ""
+	}
+	return sf.m[opt]
+}
+
+func (sf *SuperFlag) GetPath(opt string) string {
+	p := sf.GetString(opt)
+	path, err := expandPath(p)
+	if err != nil {
+		fatalf("Failed to get path: %+v", err)
+	}
+	return path
+}
+
+// expandPath expands the paths containing ~ to /home/user. It also computes the absolute path
+// from the relative paths. For example: ~/abc/../cef will be transformed to /home/user/cef.
+func expandPath(path string) (string, error) {
+	if len(path) == 0 {
+		return "", nil
+	}
+	if path[0] == '~' && (len(path) == 1 || os.IsPathSeparator(path[1])) {
+		usr, err := user.Current()
+		if err != nil {
+			return "", errors.Wrap(err, "Failed to get the home directory of the user")
+		}
+		path = filepath.Join(usr.HomeDir, path[1:])
+	}
+
+	var err error
+	path, err = filepath.Abs(path)
+	if err != nil {
+		return "", errors.Wrap(err, "Failed to generate absolute path")
+	}
+	return path, nil
+}
diff --git a/vendor/github.com/outcaste-io/ristretto/z/histogram.go b/vendor/github.com/outcaste-io/ristretto/z/histogram.go
new file mode 100644
index 000000000..4eb0c4f6c
--- /dev/null
+++ b/vendor/github.com/outcaste-io/ristretto/z/histogram.go
@@ -0,0 +1,205 @@
+/*
+ * Copyright 2020 Dgraph Labs, Inc. and Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package z
+
+import (
+	"fmt"
+	"math"
+	"strings"
+
+	"github.com/dustin/go-humanize"
+)
+
+// Creates bounds for an histogram. The bounds are powers of two of the form
+// [2^min_exponent, ..., 2^max_exponent].
+func HistogramBounds(minExponent, maxExponent uint32) []float64 {
+	var bounds []float64
+	for i := minExponent; i <= maxExponent; i++ {
+		bounds = append(bounds, float64(int(1)<<i))
+	}
+	return bounds
+}
+
+func Fibonacci(num int) []float64 {
+	assert(num > 4)
+	bounds := make([]float64, num)
+	bounds[0] = 1
+	bounds[1] = 2
+	for i := 2; i < num; i++ {
+		bounds[i] = bounds[i-1] + bounds[i-2]
+	}
+	return bounds
+}
+
+// HistogramData stores the information needed to represent the sizes of the keys and values
+// as a histogram.
+type HistogramData struct {
+	Bounds         []float64
+	Count          int64
+	CountPerBucket []int64
+	Min            int64
+	Max            int64
+	Sum            int64
+}
+
+// NewHistogramData returns a new instance of HistogramData with properly initialized fields.
+func NewHistogramData(bounds []float64) *HistogramData {
+	return &HistogramData{
+		Bounds:         bounds,
+		CountPerBucket: make([]int64, len(bounds)+1),
+		Max:            0,
+		Min:            math.MaxInt64,
+	}
+}
+
+func (histogram *HistogramData) Copy() *HistogramData {
+	if histogram == nil {
+		return nil
+	}
+	return &HistogramData{
+		Bounds:         append([]float64{}, histogram.Bounds...),
+		CountPerBucket: append([]int64{}, histogram.CountPerBucket...),
+		Count:          histogram.Count,
+		Min:            histogram.Min,
+		Max:            histogram.Max,
+		Sum:            histogram.Sum,
+	}
+}
+
+// Update changes the Min and Max fields if value is less than or greater than the current values.
+func (histogram *HistogramData) Update(value int64) {
+	if histogram == nil {
+		return
+	}
+	if value > histogram.Max {
+		histogram.Max = value
+	}
+	if value < histogram.Min {
+		histogram.Min = value
+	}
+
+	histogram.Sum += value
+	histogram.Count++
+
+	for index := 0; index <= len(histogram.Bounds); index++ {
+		// Allocate value in the last buckets if we reached the end of the Bounds array.
+		if index == len(histogram.Bounds) {
+			histogram.CountPerBucket[index]++
+			break
+		}
+
+		if value < int64(histogram.Bounds[index]) {
+			histogram.CountPerBucket[index]++
+			break
+		}
+	}
+}
+
+// Mean returns the mean value for the histogram.
+func (histogram *HistogramData) Mean() float64 {
+	if histogram.Count == 0 {
+		return 0
+	}
+	return float64(histogram.Sum) / float64(histogram.Count)
+}
+
+// String converts the histogram data into human-readable string.
+func (histogram *HistogramData) String() string {
+	if histogram == nil {
+		return ""
+	}
+	var b strings.Builder
+
+	b.WriteString("\n -- Histogram: \n")
+	b.WriteString(fmt.Sprintf("Min value: %d \n", histogram.Min))
+	b.WriteString(fmt.Sprintf("Max value: %d \n", histogram.Max))
+	b.WriteString(fmt.Sprintf("Count: %d \n", histogram.Count))
+	b.WriteString(fmt.Sprintf("50p: %.2f \n", histogram.Percentile(0.5)))
+	b.WriteString(fmt.Sprintf("75p: %.2f \n", histogram.Percentile(0.75)))
+	b.WriteString(fmt.Sprintf("90p: %.2f \n", histogram.Percentile(0.90)))
+
+	numBounds := len(histogram.Bounds)
+	var cum float64
+	for index, count := range histogram.CountPerBucket {
+		if count == 0 {
+			continue
+		}
+
+		// The last bucket represents the bucket that contains the range from
+		// the last bound up to infinity so it's processed differently than the
+		// other buckets.
+		if index == len(histogram.CountPerBucket)-1 {
+			lowerBound := uint64(histogram.Bounds[numBounds-1])
+			page := float64(count*100) / float64(histogram.Count)
+			cum += page
+			b.WriteString(fmt.Sprintf("[%s, %s) %d %.2f%% %.2f%%\n",
+				humanize.IBytes(lowerBound), "infinity", count, page, cum))
+			continue
+		}
+
+		upperBound := uint64(histogram.Bounds[index])
+		lowerBound := uint64(0)
+		if index > 0 {
+			lowerBound = uint64(histogram.Bounds[index-1])
+		}
+
+		page := float64(count*100) / float64(histogram.Count)
+		cum += page
+		b.WriteString(fmt.Sprintf("[%d, %d) %d %.2f%% %.2f%%\n",
+			lowerBound, upperBound, count, page, cum))
+	}
+	b.WriteString(" --\n")
+	return b.String()
+}
+
+// Percentile returns the percentile value for the histogram.
+// value of p should be between [0.0-1.0]
+func (histogram *HistogramData) Percentile(p float64) float64 {
+	if histogram == nil {
+		return 0
+	}
+
+	if histogram.Count == 0 {
+		// if no data return the minimum range
+		return histogram.Bounds[0]
+	}
+	pval := int64(float64(histogram.Count) * p)
+	for i, v := range histogram.CountPerBucket {
+		pval = pval - v
+		if pval <= 0 {
+			if i == len(histogram.Bounds) {
+				break
+			}
+			return histogram.Bounds[i]
+		}
+	}
+	// default return should be the max range
+	return histogram.Bounds[len(histogram.Bounds)-1]
+}
+
+// Clear reset the histogram. Helpful in situations where we need to reset the metrics
+func (histogram *HistogramData) Clear() {
+	if histogram == nil {
+		return
+	}
+
+	histogram.Count = 0
+	histogram.CountPerBucket = make([]int64, len(histogram.Bounds)+1)
+	histogram.Sum = 0
+	histogram.Max = 0
+	histogram.Min = math.MaxInt64
+}
diff --git a/vendor/github.com/outcaste-io/ristretto/z/mmap.go b/vendor/github.com/outcaste-io/ristretto/z/mmap.go
new file mode 100644
index 000000000..9b0251000
--- /dev/null
+++ b/vendor/github.com/outcaste-io/ristretto/z/mmap.go
@@ -0,0 +1,44 @@
+/*
+ * Copyright 2019 Dgraph Labs, Inc. and Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package z
+
+import (
+	"os"
+)
+
+// Mmap uses the mmap system call to memory-map a file. If writable is true,
+// memory protection of the pages is set so that they may be written to as well.
+func Mmap(fd *os.File, writable bool, size int64) ([]byte, error) {
+	return mmap(fd, writable, size)
+}
+
+// Munmap unmaps a previously mapped slice.
+func Munmap(b []byte) error {
+	return munmap(b)
+}
+
+// Madvise uses the madvise system call to give advise about the use of memory
+// when using a slice that is memory-mapped to a file. Set the readahead flag to
+// false if page references are expected in random order.
+func Madvise(b []byte, readahead bool) error {
+	return madvise(b, readahead)
+}
+
+// Msync would call sync on the mmapped data.
+func Msync(b []byte) error {
+	return msync(b)
+}
diff --git a/vendor/github.com/outcaste-io/ristretto/z/mmap_darwin.go b/vendor/github.com/outcaste-io/ristretto/z/mmap_darwin.go
new file mode 100644
index 000000000..4d6d74f19
--- /dev/null
+++ b/vendor/github.com/outcaste-io/ristretto/z/mmap_darwin.go
@@ -0,0 +1,59 @@
+/*
+ * Copyright 2019 Dgraph Labs, Inc. and Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package z
+
+import (
+	"os"
+	"syscall"
+	"unsafe"
+
+	"golang.org/x/sys/unix"
+)
+
+// Mmap uses the mmap system call to memory-map a file. If writable is true,
+// memory protection of the pages is set so that they may be written to as well.
+func mmap(fd *os.File, writable bool, size int64) ([]byte, error) {
+	mtype := unix.PROT_READ
+	if writable {
+		mtype |= unix.PROT_WRITE
+	}
+	return unix.Mmap(int(fd.Fd()), 0, int(size), mtype, unix.MAP_SHARED)
+}
+
+// Munmap unmaps a previously mapped slice.
+func munmap(b []byte) error {
+	return unix.Munmap(b)
+}
+
+// This is required because the unix package does not support the madvise system call on OS X.
+func madvise(b []byte, readahead bool) error {
+	advice := unix.MADV_NORMAL
+	if !readahead {
+		advice = unix.MADV_RANDOM
+	}
+
+	_, _, e1 := syscall.Syscall(syscall.SYS_MADVISE, uintptr(unsafe.Pointer(&b[0])),
+		uintptr(len(b)), uintptr(advice))
+	if e1 != 0 {
+		return e1
+	}
+	return nil
+}
+
+func msync(b []byte) error {
+	return unix.Msync(b, unix.MS_SYNC)
+}
diff --git a/vendor/github.com/outcaste-io/ristretto/z/mmap_linux.go b/vendor/github.com/outcaste-io/ristretto/z/mmap_linux.go
new file mode 100644
index 000000000..8843e4243
--- /dev/null
+++ b/vendor/github.com/outcaste-io/ristretto/z/mmap_linux.go
@@ -0,0 +1,97 @@
+/*
+ * Copyright 2020 Dgraph Labs, Inc. and Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package z
+
+import (
+	"os"
+	"reflect"
+	"unsafe"
+
+	"golang.org/x/sys/unix"
+)
+
+// mmap uses the mmap system call to memory-map a file. If writable is true,
+// memory protection of the pages is set so that they may be written to as well.
+func mmap(fd *os.File, writable bool, size int64) ([]byte, error) {
+	mtype := unix.PROT_READ
+	if writable {
+		mtype |= unix.PROT_WRITE
+	}
+	return unix.Mmap(int(fd.Fd()), 0, int(size), mtype, unix.MAP_SHARED)
+}
+
+// mremap is a Linux-specific system call to remap pages in memory. This can be used in place of munmap + mmap.
+func mremap(data []byte, size int) ([]byte, error) {
+	// taken from <https://github.com/torvalds/linux/blob/f8394f232b1eab649ce2df5c5f15b0e528c92091/include/uapi/linux/mman.h#L8>
+	const MREMAP_MAYMOVE = 0x1
+
+	header := (*reflect.SliceHeader)(unsafe.Pointer(&data))
+	mmapAddr, _, errno := unix.Syscall6(
+		unix.SYS_MREMAP,
+		header.Data,
+		uintptr(header.Len),
+		uintptr(size),
+		uintptr(MREMAP_MAYMOVE),
+		0,
+		0,
+	)
+	if errno != 0 {
+		return nil, errno
+	}
+
+	header.Data = mmapAddr
+	header.Cap = size
+	header.Len = size
+	return data, nil
+}
+
+// munmap unmaps a previously mapped slice.
+//
+// unix.Munmap maintains an internal list of mmapped addresses, and only calls munmap
+// if the address is present in that list. If we use mremap, this list is not updated.
+// To bypass this, we call munmap ourselves.
+func munmap(data []byte) error {
+	if len(data) == 0 || len(data) != cap(data) {
+		return unix.EINVAL
+	}
+	_, _, errno := unix.Syscall(
+		unix.SYS_MUNMAP,
+		uintptr(unsafe.Pointer(&data[0])),
+		uintptr(len(data)),
+		0,
+	)
+	if errno != 0 {
+		return errno
+	}
+	return nil
+}
+
+// madvise uses the madvise system call to give advise about the use of memory
+// when using a slice that is memory-mapped to a file. Set the readahead flag to
+// false if page references are expected in random order.
+func madvise(b []byte, readahead bool) error {
+	flags := unix.MADV_NORMAL
+	if !readahead {
+		flags = unix.MADV_RANDOM
+	}
+	return unix.Madvise(b, flags)
+}
+
+// msync writes any modified data to persistent storage.
+func msync(b []byte) error {
+	return unix.Msync(b, unix.MS_SYNC)
+}
diff --git a/vendor/github.com/outcaste-io/ristretto/z/mmap_plan9.go b/vendor/github.com/outcaste-io/ristretto/z/mmap_plan9.go
new file mode 100644
index 000000000..f30729654
--- /dev/null
+++ b/vendor/github.com/outcaste-io/ristretto/z/mmap_plan9.go
@@ -0,0 +1,44 @@
+/*
+ * Copyright 2020 Dgraph Labs, Inc. and Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package z
+
+import (
+	"os"
+	"syscall"
+)
+
+// Mmap uses the mmap system call to memory-map a file. If writable is true,
+// memory protection of the pages is set so that they may be written to as well.
+func mmap(fd *os.File, writable bool, size int64) ([]byte, error) {
+	return nil, syscall.EPLAN9
+}
+
+// Munmap unmaps a previously mapped slice.
+func munmap(b []byte) error {
+	return syscall.EPLAN9
+}
+
+// Madvise uses the madvise system call to give advise about the use of memory
+// when using a slice that is memory-mapped to a file. Set the readahead flag to
+// false if page references are expected in random order.
+func madvise(b []byte, readahead bool) error {
+	return syscall.EPLAN9
+}
+
+func msync(b []byte) error {
+	return syscall.EPLAN9
+}
diff --git a/vendor/github.com/outcaste-io/ristretto/z/mmap_unix.go b/vendor/github.com/outcaste-io/ristretto/z/mmap_unix.go
new file mode 100644
index 000000000..629449f9d
--- /dev/null
+++ b/vendor/github.com/outcaste-io/ristretto/z/mmap_unix.go
@@ -0,0 +1,56 @@
+//go:build !windows && !darwin && !plan9 && !linux && !wasip1
+// +build !windows,!darwin,!plan9,!linux,!wasip1
+
+/*
+ * Copyright 2019 Dgraph Labs, Inc. and Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package z
+
+import (
+	"os"
+
+	"golang.org/x/sys/unix"
+)
+
+// Mmap uses the mmap system call to memory-map a file. If writable is true,
+// memory protection of the pages is set so that they may be written to as well.
+func mmap(fd *os.File, writable bool, size int64) ([]byte, error) {
+	mtype := unix.PROT_READ
+	if writable {
+		mtype |= unix.PROT_WRITE
+	}
+	return unix.Mmap(int(fd.Fd()), 0, int(size), mtype, unix.MAP_SHARED)
+}
+
+// Munmap unmaps a previously mapped slice.
+func munmap(b []byte) error {
+	return unix.Munmap(b)
+}
+
+// Madvise uses the madvise system call to give advise about the use of memory
+// when using a slice that is memory-mapped to a file. Set the readahead flag to
+// false if page references are expected in random order.
+func madvise(b []byte, readahead bool) error {
+	flags := unix.MADV_NORMAL
+	if !readahead {
+		flags = unix.MADV_RANDOM
+	}
+	return unix.Madvise(b, flags)
+}
+
+func msync(b []byte) error {
+	return unix.Msync(b, unix.MS_SYNC)
+}
diff --git a/vendor/github.com/outcaste-io/ristretto/z/mmap_wasip1.go b/vendor/github.com/outcaste-io/ristretto/z/mmap_wasip1.go
new file mode 100644
index 000000000..94f714845
--- /dev/null
+++ b/vendor/github.com/outcaste-io/ristretto/z/mmap_wasip1.go
@@ -0,0 +1,40 @@
+//go:build wasip1
+
+/*
+ * Copyright 2023 Dgraph Labs, Inc. and Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package z
+
+import (
+	"os"
+	"syscall"
+)
+
+func mmap(fd *os.File, writeable bool, size int64) ([]byte, error) {
+	return nil, syscall.ENOSYS
+}
+
+func munmap(b []byte) error {
+	return syscall.ENOSYS
+}
+
+func madvise(b []byte, readahead bool) error {
+	return syscall.ENOSYS
+}
+
+func msync(b []byte) error {
+	return syscall.ENOSYS
+}
diff --git a/vendor/github.com/outcaste-io/ristretto/z/mmap_windows.go b/vendor/github.com/outcaste-io/ristretto/z/mmap_windows.go
new file mode 100644
index 000000000..0ea6e9448
--- /dev/null
+++ b/vendor/github.com/outcaste-io/ristretto/z/mmap_windows.go
@@ -0,0 +1,95 @@
+// +build windows
+
+/*
+ * Copyright 2019 Dgraph Labs, Inc. and Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package z
+
+import (
+	"fmt"
+	"os"
+	"syscall"
+	"unsafe"
+)
+
+func mmap(fd *os.File, write bool, size int64) ([]byte, error) {
+	protect := syscall.PAGE_READONLY
+	access := syscall.FILE_MAP_READ
+
+	if write {
+		protect = syscall.PAGE_READWRITE
+		access = syscall.FILE_MAP_WRITE
+	}
+	fi, err := fd.Stat()
+	if err != nil {
+		return nil, err
+	}
+
+	// In windows, we cannot mmap a file more than it's actual size.
+	// So truncate the file to the size of the mmap.
+	if fi.Size() < size {
+		if err := fd.Truncate(size); err != nil {
+			return nil, fmt.Errorf("truncate: %s", err)
+		}
+	}
+
+	// Open a file mapping handle.
+	sizelo := uint32(size >> 32)
+	sizehi := uint32(size) & 0xffffffff
+
+	handler, err := syscall.CreateFileMapping(syscall.Handle(fd.Fd()), nil,
+		uint32(protect), sizelo, sizehi, nil)
+	if err != nil {
+		return nil, os.NewSyscallError("CreateFileMapping", err)
+	}
+
+	// Create the memory map.
+	addr, err := syscall.MapViewOfFile(handler, uint32(access), 0, 0, uintptr(size))
+	if addr == 0 {
+		return nil, os.NewSyscallError("MapViewOfFile", err)
+	}
+
+	// Close mapping handle.
+	if err := syscall.CloseHandle(syscall.Handle(handler)); err != nil {
+		return nil, os.NewSyscallError("CloseHandle", err)
+	}
+
+	// Slice memory layout
+	// Copied this snippet from golang/sys package
+	var sl = struct {
+		addr uintptr
+		len  int
+		cap  int
+	}{addr, int(size), int(size)}
+
+	// Use unsafe to turn sl into a []byte.
+	data := *(*[]byte)(unsafe.Pointer(&sl))
+
+	return data, nil
+}
+
+func munmap(b []byte) error {
+	return syscall.UnmapViewOfFile(uintptr(unsafe.Pointer(&b[0])))
+}
+
+func madvise(b []byte, readahead bool) error {
+	// Do Nothing. We don’t care about this setting on Windows
+	return nil
+}
+
+func msync(b []byte) error {
+	return syscall.FlushViewOfFile(uintptr(unsafe.Pointer(&b[0])), uintptr(len(b)))
+}
diff --git a/vendor/github.com/outcaste-io/ristretto/z/rtutil.go b/vendor/github.com/outcaste-io/ristretto/z/rtutil.go
new file mode 100644
index 000000000..8f317c80d
--- /dev/null
+++ b/vendor/github.com/outcaste-io/ristretto/z/rtutil.go
@@ -0,0 +1,75 @@
+// MIT License
+
+// Copyright (c) 2019 Ewan Chou
+
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files (the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions:
+
+// The above copyright notice and this permission notice shall be included in all
+// copies or substantial portions of the Software.
+
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+// SOFTWARE.
+
+package z
+
+import (
+	"unsafe"
+)
+
+// NanoTime returns the current time in nanoseconds from a monotonic clock.
+//go:linkname NanoTime runtime.nanotime
+func NanoTime() int64
+
+// CPUTicks is a faster alternative to NanoTime to measure time duration.
+//go:linkname CPUTicks runtime.cputicks
+func CPUTicks() int64
+
+type stringStruct struct {
+	str unsafe.Pointer
+	len int
+}
+
+//go:noescape
+//go:linkname memhash runtime.memhash
+func memhash(p unsafe.Pointer, h, s uintptr) uintptr
+
+// MemHash is the hash function used by go map, it utilizes available hardware instructions(behaves
+// as aeshash if aes instruction is available).
+// NOTE: The hash seed changes for every process. So, this cannot be used as a persistent hash.
+func MemHash(data []byte) uint64 {
+	ss := (*stringStruct)(unsafe.Pointer(&data))
+	return uint64(memhash(ss.str, 0, uintptr(ss.len)))
+}
+
+// MemHashString is the hash function used by go map, it utilizes available hardware instructions
+// (behaves as aeshash if aes instruction is available).
+// NOTE: The hash seed changes for every process. So, this cannot be used as a persistent hash.
+func MemHashString(str string) uint64 {
+	ss := (*stringStruct)(unsafe.Pointer(&str))
+	return uint64(memhash(ss.str, 0, uintptr(ss.len)))
+}
+
+// FastRand is a fast thread local random function.
+//go:linkname FastRand runtime.fastrand
+func FastRand() uint32
+
+//go:linkname memclrNoHeapPointers runtime.memclrNoHeapPointers
+func memclrNoHeapPointers(p unsafe.Pointer, n uintptr)
+
+func Memclr(b []byte) {
+	if len(b) == 0 {
+		return
+	}
+	p := unsafe.Pointer(&b[0])
+	memclrNoHeapPointers(p, uintptr(len(b)))
+}
diff --git a/vendor/github.com/outcaste-io/ristretto/z/rtutil.s b/vendor/github.com/outcaste-io/ristretto/z/rtutil.s
new file mode 100644
index 000000000..e69de29bb
diff --git a/vendor/github.com/outcaste-io/ristretto/z/simd/baseline.go b/vendor/github.com/outcaste-io/ristretto/z/simd/baseline.go
new file mode 100644
index 000000000..967e3a307
--- /dev/null
+++ b/vendor/github.com/outcaste-io/ristretto/z/simd/baseline.go
@@ -0,0 +1,127 @@
+package simd
+
+import (
+	"fmt"
+	"runtime"
+	"sort"
+	"sync"
+)
+
+// Search finds the key using the naive way
+func Naive(xs []uint64, k uint64) int16 {
+	var i int
+	for i = 0; i < len(xs); i += 2 {
+		x := xs[i]
+		if x >= k {
+			return int16(i / 2)
+		}
+	}
+	return int16(i / 2)
+}
+
+func Clever(xs []uint64, k uint64) int16 {
+	if len(xs) < 8 {
+		return Naive(xs, k)
+	}
+	var twos, pk [4]uint64
+	pk[0] = k
+	pk[1] = k
+	pk[2] = k
+	pk[3] = k
+	for i := 0; i < len(xs); i += 8 {
+		twos[0] = xs[i]
+		twos[1] = xs[i+2]
+		twos[2] = xs[i+4]
+		twos[3] = xs[i+6]
+		if twos[0] >= pk[0] {
+			return int16(i / 2)
+		}
+		if twos[1] >= pk[1] {
+			return int16((i + 2) / 2)
+		}
+		if twos[2] >= pk[2] {
+			return int16((i + 4) / 2)
+		}
+		if twos[3] >= pk[3] {
+			return int16((i + 6) / 2)
+		}
+
+	}
+	return int16(len(xs) / 2)
+}
+
+func Parallel(xs []uint64, k uint64) int16 {
+	cpus := runtime.NumCPU()
+	if cpus%2 != 0 {
+		panic(fmt.Sprintf("odd number of CPUs %v", cpus))
+	}
+	sz := len(xs)/cpus + 1
+	var wg sync.WaitGroup
+	retChan := make(chan int16, cpus)
+	for i := 0; i < len(xs); i += sz {
+		end := i + sz
+		if end >= len(xs) {
+			end = len(xs)
+		}
+		chunk := xs[i:end]
+		wg.Add(1)
+		go func(hd int16, xs []uint64, k uint64, wg *sync.WaitGroup, ch chan int16) {
+			for i := 0; i < len(xs); i += 2 {
+				if xs[i] >= k {
+					ch <- (int16(i) + hd) / 2
+					break
+				}
+			}
+			wg.Done()
+		}(int16(i), chunk, k, &wg, retChan)
+	}
+	wg.Wait()
+	close(retChan)
+	var min int16 = (1 << 15) - 1
+	for i := range retChan {
+		if i < min {
+			min = i
+		}
+	}
+	if min == (1<<15)-1 {
+		return int16(len(xs) / 2)
+	}
+	return min
+}
+
+func Binary(keys []uint64, key uint64) int16 {
+	return int16(sort.Search(len(keys), func(i int) bool {
+		if i*2 >= len(keys) {
+			return true
+		}
+		return keys[i*2] >= key
+	}))
+}
+
+func cmp2_native(twos, pk [2]uint64) int16 {
+	if twos[0] == pk[0] {
+		return 0
+	}
+	if twos[1] == pk[1] {
+		return 1
+	}
+	return 2
+}
+
+func cmp4_native(fours, pk [4]uint64) int16 {
+	for i := range fours {
+		if fours[i] >= pk[i] {
+			return int16(i)
+		}
+	}
+	return 4
+}
+
+func cmp8_native(a [8]uint64, pk [4]uint64) int16 {
+	for i := range a {
+		if a[i] >= pk[0] {
+			return int16(i)
+		}
+	}
+	return 8
+}
diff --git a/vendor/github.com/outcaste-io/ristretto/z/simd/search.go b/vendor/github.com/outcaste-io/ristretto/z/simd/search.go
new file mode 100644
index 000000000..b1e639225
--- /dev/null
+++ b/vendor/github.com/outcaste-io/ristretto/z/simd/search.go
@@ -0,0 +1,51 @@
+// +build !amd64
+
+/*
+ * Copyright 2020 Dgraph Labs, Inc. and Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package simd
+
+// Search uses the Clever search to find the correct key.
+func Search(xs []uint64, k uint64) int16 {
+	if len(xs) < 8 || (len(xs) % 8 != 0) {
+		return Naive(xs, k)
+	}
+	var twos, pk [4]uint64
+	pk[0] = k
+	pk[1] = k
+	pk[2] = k
+	pk[3] = k
+	for i := 0; i < len(xs); i += 8 {
+		twos[0] = xs[i]
+		twos[1] = xs[i+2]
+		twos[2] = xs[i+4]
+		twos[3] = xs[i+6]
+		if twos[0] >= pk[0] {
+			return int16(i / 2)
+		}
+		if twos[1] >= pk[1] {
+			return int16((i + 2) / 2)
+		}
+		if twos[2] >= pk[2] {
+			return int16((i + 4) / 2)
+		}
+		if twos[3] >= pk[3] {
+			return int16((i + 6) / 2)
+		}
+
+	}
+	return int16(len(xs) / 2)
+}
diff --git a/vendor/github.com/outcaste-io/ristretto/z/simd/search_amd64.s b/vendor/github.com/outcaste-io/ristretto/z/simd/search_amd64.s
new file mode 100644
index 000000000..150c84664
--- /dev/null
+++ b/vendor/github.com/outcaste-io/ristretto/z/simd/search_amd64.s
@@ -0,0 +1,60 @@
+// Code generated by command: go run asm2.go -out search_amd64.s -stubs stub_search_amd64.go. DO NOT EDIT.
+
+#include "textflag.h"
+
+// func Search(xs []uint64, k uint64) int16
+TEXT ·Search(SB), NOSPLIT, $0-34
+	MOVQ xs_base+0(FP), AX
+	MOVQ xs_len+8(FP), CX
+	MOVQ k+24(FP), DX
+
+	// Save n
+	MOVQ CX, BX
+
+	// Initialize idx register to zero.
+	XORL BP, BP
+
+loop:
+	// Unroll1
+	CMPQ (AX)(BP*8), DX
+	JAE  Found
+
+	// Unroll2
+	CMPQ 16(AX)(BP*8), DX
+	JAE  Found2
+
+	// Unroll3
+	CMPQ 32(AX)(BP*8), DX
+	JAE  Found3
+
+	// Unroll4
+	CMPQ 48(AX)(BP*8), DX
+	JAE  Found4
+
+	// plus8
+	ADDQ $0x08, BP
+	CMPQ BP, CX
+	JB   loop
+	JMP  NotFound
+
+Found2:
+	ADDL $0x02, BP
+	JMP  Found
+
+Found3:
+	ADDL $0x04, BP
+	JMP  Found
+
+Found4:
+	ADDL $0x06, BP
+
+Found:
+	MOVL BP, BX
+
+NotFound:
+	MOVL BX, BP
+	SHRL $0x1f, BP
+	ADDL BX, BP
+	SHRL $0x01, BP
+	MOVL BP, ret+32(FP)
+	RET
diff --git a/vendor/github.com/outcaste-io/ristretto/z/simd/stub_search_amd64.go b/vendor/github.com/outcaste-io/ristretto/z/simd/stub_search_amd64.go
new file mode 100644
index 000000000..0821d38a7
--- /dev/null
+++ b/vendor/github.com/outcaste-io/ristretto/z/simd/stub_search_amd64.go
@@ -0,0 +1,6 @@
+// Code generated by command: go run asm2.go -out search_amd64.s -stubs stub_search_amd64.go. DO NOT EDIT.
+
+package simd
+
+// Search finds the first idx for which xs[idx] >= k in xs.
+func Search(xs []uint64, k uint64) int16
diff --git a/vendor/github.com/outcaste-io/ristretto/z/z.go b/vendor/github.com/outcaste-io/ristretto/z/z.go
new file mode 100644
index 000000000..45c15cdcd
--- /dev/null
+++ b/vendor/github.com/outcaste-io/ristretto/z/z.go
@@ -0,0 +1,163 @@
+/*
+ * Copyright 2019 Dgraph Labs, Inc. and Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package z
+
+import (
+	"context"
+	"fmt"
+	"os"
+	"sync"
+
+	"github.com/cespare/xxhash/v2"
+)
+
+// TODO: Figure out a way to re-use memhash for the second uint64 hash, we
+//       already know that appending bytes isn't reliable for generating a
+//       second hash (see Ristretto PR #88).
+//
+//       We also know that while the Go runtime has a runtime memhash128
+//       function, it's not possible to use it to generate [2]uint64 or
+//       anything resembling a 128bit hash, even though that's exactly what
+//       we need in this situation.
+func KeyToHash(key interface{}) (uint64, uint64) {
+	if key == nil {
+		return 0, 0
+	}
+	switch k := key.(type) {
+	case uint64:
+		return k, 0
+	case string:
+		return MemHashString(k), xxhash.Sum64String(k)
+	case []byte:
+		return MemHash(k), xxhash.Sum64(k)
+	case byte:
+		return uint64(k), 0
+	case int:
+		return uint64(k), 0
+	case int32:
+		return uint64(k), 0
+	case uint32:
+		return uint64(k), 0
+	case int64:
+		return uint64(k), 0
+	default:
+		panic("Key type not supported")
+	}
+}
+
+var (
+	dummyCloserChan <-chan struct{}
+	tmpDir          string
+)
+
+// Closer holds the two things we need to close a goroutine and wait for it to
+// finish: a chan to tell the goroutine to shut down, and a WaitGroup with
+// which to wait for it to finish shutting down.
+type Closer struct {
+	waiting sync.WaitGroup
+
+	ctx    context.Context
+	cancel context.CancelFunc
+}
+
+// SetTmpDir sets the temporary directory for the temporary buffers.
+func SetTmpDir(dir string) {
+	tmpDir = dir
+}
+
+// NewCloser constructs a new Closer, with an initial count on the WaitGroup.
+func NewCloser(initial int) *Closer {
+	ret := &Closer{}
+	ret.ctx, ret.cancel = context.WithCancel(context.Background())
+	ret.waiting.Add(initial)
+	return ret
+}
+
+// AddRunning Add()'s delta to the WaitGroup.
+func (lc *Closer) AddRunning(delta int) {
+	lc.waiting.Add(delta)
+}
+
+// Ctx can be used to get a context, which would automatically get cancelled when Signal is called.
+func (lc *Closer) Ctx() context.Context {
+	if lc == nil {
+		return context.Background()
+	}
+	return lc.ctx
+}
+
+// Signal signals the HasBeenClosed signal.
+func (lc *Closer) Signal() {
+	// Todo(ibrahim): Change Signal to return error on next badger breaking change.
+	lc.cancel()
+}
+
+// HasBeenClosed gets signaled when Signal() is called.
+func (lc *Closer) HasBeenClosed() <-chan struct{} {
+	if lc == nil {
+		return dummyCloserChan
+	}
+	return lc.ctx.Done()
+}
+
+// Done calls Done() on the WaitGroup.
+func (lc *Closer) Done() {
+	if lc == nil {
+		return
+	}
+	lc.waiting.Done()
+}
+
+// Wait waits on the WaitGroup. (It waits for NewCloser's initial value, AddRunning, and Done
+// calls to balance out.)
+func (lc *Closer) Wait() {
+	lc.waiting.Wait()
+}
+
+// SignalAndWait calls Signal(), then Wait().
+func (lc *Closer) SignalAndWait() {
+	lc.Signal()
+	lc.Wait()
+}
+
+// ZeroOut zeroes out all the bytes in the range [start, end).
+func ZeroOut(dst []byte, start, end int) {
+	if start < 0 || start >= len(dst) {
+		return // BAD
+	}
+	if end >= len(dst) {
+		end = len(dst)
+	}
+	if end-start <= 0 {
+		return
+	}
+	Memclr(dst[start:end])
+	// b := dst[start:end]
+	// for i := range b {
+	// 	b[i] = 0x0
+	// }
+}
+
+func fatal(args ...interface{}) {
+	defer os.Exit(1)
+	panic(fmt.Sprint(args...))
+}
+
+func fatalf(format string, args ...interface{}) {
+	defer os.Exit(1)
+	panic(fmt.Sprintf(format, args...))
+}
diff --git a/vendor/github.com/pelletier/go-toml/v2/.goreleaser.yaml b/vendor/github.com/pelletier/go-toml/v2/.goreleaser.yaml
index 3aa1840ec..1d8b69e65 100644
--- a/vendor/github.com/pelletier/go-toml/v2/.goreleaser.yaml
+++ b/vendor/github.com/pelletier/go-toml/v2/.goreleaser.yaml
@@ -18,6 +18,7 @@ builds:
       - linux_amd64
       - linux_arm64
       - linux_arm
+      - linux_riscv64
       - windows_amd64
       - windows_arm64
       - windows_arm
@@ -37,6 +38,7 @@ builds:
       - linux_amd64
       - linux_arm64
       - linux_arm
+      - linux_riscv64
       - windows_amd64
       - windows_arm64
       - windows_arm
@@ -55,6 +57,7 @@ builds:
     targets:
       - linux_amd64
       - linux_arm64
+      - linux_riscv64
       - linux_arm
       - windows_amd64
       - windows_arm64
diff --git a/vendor/github.com/pelletier/go-toml/v2/LICENSE b/vendor/github.com/pelletier/go-toml/v2/LICENSE
index 6839d51cd..991e2ae96 100644
--- a/vendor/github.com/pelletier/go-toml/v2/LICENSE
+++ b/vendor/github.com/pelletier/go-toml/v2/LICENSE
@@ -1,6 +1,7 @@
 The MIT License (MIT)
 
-Copyright (c) 2013 - 2022 Thomas Pelletier, Eric Anderton
+go-toml v2
+Copyright (c) 2021 - 2023 Thomas Pelletier
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
diff --git a/vendor/github.com/pelletier/go-toml/v2/README.md b/vendor/github.com/pelletier/go-toml/v2/README.md
index d53f43971..63b92f3b0 100644
--- a/vendor/github.com/pelletier/go-toml/v2/README.md
+++ b/vendor/github.com/pelletier/go-toml/v2/README.md
@@ -45,16 +45,15 @@ to check for typos. [See example in the documentation][strict].
 
 ### Contextualized errors
 
-When most decoding errors occur, go-toml returns [`DecodeError`][decode-err]),
+When most decoding errors occur, go-toml returns [`DecodeError`][decode-err],
 which contains a human readable contextualized version of the error. For
 example:
 
 ```
-2| key1 = "value1"
-3| key2 = "missing2"
- | ~~~~ missing field
-4| key3 = "missing3"
-5| key4 = "value4"
+1| [server]
+2| path = 100
+ |        ~~~ cannot decode TOML integer into struct field toml_test.Server.Path of type string
+3| port = 50
 ```
 
 [decode-err]: https://pkg.go.dev/github.com/pelletier/go-toml/v2#DecodeError
@@ -73,6 +72,26 @@ representation.
 [tlt]: https://pkg.go.dev/github.com/pelletier/go-toml/v2#LocalTime
 [tldt]: https://pkg.go.dev/github.com/pelletier/go-toml/v2#LocalDateTime
 
+### Commented config
+
+Since TOML is often used for configuration files, go-toml can emit documents
+annotated with [comments and commented-out values][comments-example]. For
+example, it can generate the following file:
+
+```toml
+# Host IP to connect to.
+host = '127.0.0.1'
+# Port of the remote server.
+port = 4242
+
+# Encryption parameters (optional)
+# [TLS]
+# cipher = 'AEAD-AES128-GCM-SHA256'
+# version = 'TLS 1.3'
+```
+
+[comments-example]: https://pkg.go.dev/github.com/pelletier/go-toml/v2#example-Marshal-Commented
+
 ## Getting started
 
 Given the following struct, let's see how to read it and write it as TOML:
@@ -497,27 +516,20 @@ is not necessary anymore.
 
 V1 used to provide multiple struct tags: `comment`, `commented`, `multiline`,
 `toml`, and `omitempty`. To behave more like the standard library, v2 has merged
-`toml`, `multiline`, and `omitempty`. For example:
+`toml`, `multiline`, `commented`, and `omitempty`. For example:
 
 ```go
 type doc struct {
 	// v1
-	F string `toml:"field" multiline:"true" omitempty:"true"`
+	F string `toml:"field" multiline:"true" omitempty:"true" commented:"true"`
 	// v2
-	F string `toml:"field,multiline,omitempty"`
+	F string `toml:"field,multiline,omitempty,commented"`
 }
 ```
 
 Has a result, the `Encoder.SetTag*` methods have been removed, as there is just
 one tag now.
 
-
-#### `commented` tag has been removed
-
-There is no replacement for the `commented` tag. This feature would be better
-suited in a proper document model for go-toml v2, which has been [cut from
-scope][nodoc] at the moment.
-
 #### `Encoder.ArraysWithOneElementPerLine` has been renamed
 
 The new name is `Encoder.SetArraysMultiline`. The behavior should be the same.
diff --git a/vendor/github.com/pelletier/go-toml/v2/ci.sh b/vendor/github.com/pelletier/go-toml/v2/ci.sh
index 05c76f297..9ae8b7537 100644
--- a/vendor/github.com/pelletier/go-toml/v2/ci.sh
+++ b/vendor/github.com/pelletier/go-toml/v2/ci.sh
@@ -79,6 +79,7 @@ cover() {
     go test -covermode=atomic  -coverpkg=./... -coverprofile=coverage.out.tmp ./...
     cat coverage.out.tmp | grep -v fuzz | grep -v testsuite | grep -v tomltestgen | grep -v gotoml-test-decoder > coverage.out
     go tool cover -func=coverage.out
+    echo "Coverage profile for ${branch}: ${dir}/coverage.out" >&2
     popd
 
     if [ "${branch}" != "HEAD" ]; then
diff --git a/vendor/github.com/pelletier/go-toml/v2/decode.go b/vendor/github.com/pelletier/go-toml/v2/decode.go
index 3a860d0f6..f0ec3b170 100644
--- a/vendor/github.com/pelletier/go-toml/v2/decode.go
+++ b/vendor/github.com/pelletier/go-toml/v2/decode.go
@@ -318,7 +318,7 @@ func parseFloat(b []byte) (float64, error) {
 	if cleaned[0] == '+' || cleaned[0] == '-' {
 		start = 1
 	}
-	if cleaned[start] == '0' && isDigit(cleaned[start+1]) {
+	if cleaned[start] == '0' && len(cleaned) > start+1 && isDigit(cleaned[start+1]) {
 		return 0, unstable.NewParserError(b, "float integer part cannot have leading zeroes")
 	}
 
diff --git a/vendor/github.com/pelletier/go-toml/v2/marshaler.go b/vendor/github.com/pelletier/go-toml/v2/marshaler.go
index 6ab1d8238..6fe78533c 100644
--- a/vendor/github.com/pelletier/go-toml/v2/marshaler.go
+++ b/vendor/github.com/pelletier/go-toml/v2/marshaler.go
@@ -148,6 +148,9 @@ func (enc *Encoder) SetIndentTables(indent bool) *Encoder {
 //
 // The "omitempty" option prevents empty values or groups from being emitted.
 //
+// The "commented" option prefixes the value and all its children with a comment
+// symbol.
+//
 // In addition to the "toml" tag struct tag, a "comment" tag can be used to emit
 // a TOML comment before the value being annotated. Comments are ignored inside
 // inline tables. For array tables, the comment is only present before the first
@@ -180,6 +183,7 @@ func (enc *Encoder) Encode(v interface{}) error {
 type valueOptions struct {
 	multiline bool
 	omitempty bool
+	commented bool
 	comment   string
 }
 
@@ -205,6 +209,9 @@ type encoderCtx struct {
 	// Indentation level
 	indent int
 
+	// Prefix the current value with a comment.
+	commented bool
+
 	// Options coming from struct tags
 	options valueOptions
 }
@@ -273,7 +280,7 @@ func (enc *Encoder) encode(b []byte, ctx encoderCtx, v reflect.Value) ([]byte, e
 		return enc.encodeMap(b, ctx, v)
 	case reflect.Struct:
 		return enc.encodeStruct(b, ctx, v)
-	case reflect.Slice:
+	case reflect.Slice, reflect.Array:
 		return enc.encodeSlice(b, ctx, v)
 	case reflect.Interface:
 		if v.IsNil() {
@@ -357,6 +364,7 @@ func (enc *Encoder) encodeKv(b []byte, ctx encoderCtx, options valueOptions, v r
 
 	if !ctx.inline {
 		b = enc.encodeComment(ctx.indent, options.comment, b)
+		b = enc.commented(ctx.commented, b)
 		b = enc.indent(ctx.indent, b)
 	}
 
@@ -378,6 +386,13 @@ func (enc *Encoder) encodeKv(b []byte, ctx encoderCtx, options valueOptions, v r
 	return b, nil
 }
 
+func (enc *Encoder) commented(commented bool, b []byte) []byte {
+	if commented {
+		return append(b, "# "...)
+	}
+	return b
+}
+
 func isEmptyValue(v reflect.Value) bool {
 	switch v.Kind() {
 	case reflect.Struct:
@@ -526,6 +541,8 @@ func (enc *Encoder) encodeTableHeader(ctx encoderCtx, b []byte) ([]byte, error)
 
 	b = enc.encodeComment(ctx.indent, ctx.options.comment, b)
 
+	b = enc.commented(ctx.commented, b)
+
 	b = enc.indent(ctx.indent, b)
 
 	b = append(b, '[')
@@ -704,6 +721,7 @@ func walkStruct(ctx encoderCtx, t *table, v reflect.Value) {
 		options := valueOptions{
 			multiline: opts.multiline,
 			omitempty: opts.omitempty,
+			commented: opts.commented,
 			comment:   fieldType.Tag.Get("comment"),
 		}
 
@@ -763,6 +781,7 @@ type tagOptions struct {
 	multiline bool
 	inline    bool
 	omitempty bool
+	commented bool
 }
 
 func parseTag(tag string) (string, tagOptions) {
@@ -790,6 +809,8 @@ func parseTag(tag string) (string, tagOptions) {
 			opts.inline = true
 		case "omitempty":
 			opts.omitempty = true
+		case "commented":
+			opts.commented = true
 		}
 	}
 
@@ -825,8 +846,10 @@ func (enc *Encoder) encodeTable(b []byte, ctx encoderCtx, t table) ([]byte, erro
 		hasNonEmptyKV = true
 
 		ctx.setKey(kv.Key)
+		ctx2 := ctx
+		ctx2.commented = kv.Options.commented || ctx2.commented
 
-		b, err = enc.encodeKv(b, ctx, kv.Options, kv.Value)
+		b, err = enc.encodeKv(b, ctx2, kv.Options, kv.Value)
 		if err != nil {
 			return nil, err
 		}
@@ -851,8 +874,10 @@ func (enc *Encoder) encodeTable(b []byte, ctx encoderCtx, t table) ([]byte, erro
 		ctx.setKey(table.Key)
 
 		ctx.options = table.Options
+		ctx2 := ctx
+		ctx2.commented = ctx2.commented || ctx.options.commented
 
-		b, err = enc.encode(b, ctx, table.Value)
+		b, err = enc.encode(b, ctx2, table.Value)
 		if err != nil {
 			return nil, err
 		}
@@ -930,7 +955,7 @@ func willConvertToTableOrArrayTable(ctx encoderCtx, v reflect.Value) bool {
 		return willConvertToTableOrArrayTable(ctx, v.Elem())
 	}
 
-	if t.Kind() == reflect.Slice {
+	if t.Kind() == reflect.Slice || t.Kind() == reflect.Array {
 		if v.Len() == 0 {
 			// An empty slice should be a kv = [].
 			return false
@@ -970,6 +995,9 @@ func (enc *Encoder) encodeSliceAsArrayTable(b []byte, ctx encoderCtx, v reflect.
 	ctx.shiftKey()
 
 	scratch := make([]byte, 0, 64)
+
+	scratch = enc.commented(ctx.commented, scratch)
+
 	scratch = append(scratch, "[["...)
 
 	for i, k := range ctx.parentKey {
@@ -985,6 +1013,10 @@ func (enc *Encoder) encodeSliceAsArrayTable(b []byte, ctx encoderCtx, v reflect.
 
 	b = enc.encodeComment(ctx.indent, ctx.options.comment, b)
 
+	if enc.indentTables {
+		ctx.indent++
+	}
+
 	for i := 0; i < v.Len(); i++ {
 		if i != 0 {
 			b = append(b, "\n"...)
diff --git a/vendor/github.com/pelletier/go-toml/v2/unmarshaler.go b/vendor/github.com/pelletier/go-toml/v2/unmarshaler.go
index 393503431..868c74c15 100644
--- a/vendor/github.com/pelletier/go-toml/v2/unmarshaler.go
+++ b/vendor/github.com/pelletier/go-toml/v2/unmarshaler.go
@@ -149,12 +149,16 @@ type errorContext struct {
 }
 
 func (d *decoder) typeMismatchError(toml string, target reflect.Type) error {
+	return fmt.Errorf("toml: %s", d.typeMismatchString(toml, target))
+}
+
+func (d *decoder) typeMismatchString(toml string, target reflect.Type) string {
 	if d.errorContext != nil && d.errorContext.Struct != nil {
 		ctx := d.errorContext
 		f := ctx.Struct.FieldByIndex(ctx.Field)
-		return fmt.Errorf("toml: cannot decode TOML %s into struct field %s.%s of type %s", toml, ctx.Struct, f.Name, f.Type)
+		return fmt.Sprintf("cannot decode TOML %s into struct field %s.%s of type %s", toml, ctx.Struct, f.Name, f.Type)
 	}
-	return fmt.Errorf("toml: cannot decode TOML %s into a Go value of type %s", toml, target)
+	return fmt.Sprintf("cannot decode TOML %s into a Go value of type %s", toml, target)
 }
 
 func (d *decoder) expr() *unstable.Node {
@@ -963,7 +967,7 @@ func (d *decoder) unmarshalInteger(value *unstable.Node, v reflect.Value) error
 	case reflect.Interface:
 		r = reflect.ValueOf(i)
 	default:
-		return d.typeMismatchError("integer", v.Type())
+		return unstable.NewParserError(d.p.Raw(value.Raw), d.typeMismatchString("integer", v.Type()))
 	}
 
 	if !r.Type().AssignableTo(v.Type()) {
@@ -982,7 +986,7 @@ func (d *decoder) unmarshalString(value *unstable.Node, v reflect.Value) error {
 	case reflect.Interface:
 		v.Set(reflect.ValueOf(string(value.Data)))
 	default:
-		return unstable.NewParserError(d.p.Raw(value.Raw), "cannot store TOML string into a Go %s", v.Kind())
+		return unstable.NewParserError(d.p.Raw(value.Raw), d.typeMismatchString("string", v.Type()))
 	}
 
 	return nil
@@ -1170,10 +1174,10 @@ func initAndDereferencePointer(v reflect.Value) reflect.Value {
 
 // Same as reflect.Value.FieldByIndex, but creates pointers if needed.
 func fieldByIndex(v reflect.Value, path []int) reflect.Value {
-	for i, x := range path {
+	for _, x := range path {
 		v = v.Field(x)
 
-		if i < len(path)-1 && v.Kind() == reflect.Ptr {
+		if v.Kind() == reflect.Ptr {
 			if v.IsNil() {
 				v.Set(reflect.New(v.Type().Elem()))
 			}
diff --git a/vendor/github.com/pelletier/go-toml/v2/unstable/parser.go b/vendor/github.com/pelletier/go-toml/v2/unstable/parser.go
index a8eb05294..50358a44f 100644
--- a/vendor/github.com/pelletier/go-toml/v2/unstable/parser.go
+++ b/vendor/github.com/pelletier/go-toml/v2/unstable/parser.go
@@ -1013,6 +1013,7 @@ func (p *Parser) parseIntOrFloatOrDateTime(b []byte) (reference, []byte, error)
 		return p.builder.Push(Node{
 			Kind: Float,
 			Data: b[:3],
+			Raw:  p.Range(b[:3]),
 		}), b[3:], nil
 	case 'n':
 		if !scanFollowsNan(b) {
@@ -1022,6 +1023,7 @@ func (p *Parser) parseIntOrFloatOrDateTime(b []byte) (reference, []byte, error)
 		return p.builder.Push(Node{
 			Kind: Float,
 			Data: b[:3],
+			Raw:  p.Range(b[:3]),
 		}), b[3:], nil
 	case '+', '-':
 		return p.scanIntOrFloat(b)
@@ -1146,6 +1148,7 @@ func (p *Parser) scanIntOrFloat(b []byte) (reference, []byte, error) {
 		return p.builder.Push(Node{
 			Kind: Integer,
 			Data: b[:i],
+			Raw:  p.Range(b[:i]),
 		}), b[i:], nil
 	}
 
@@ -1169,6 +1172,7 @@ func (p *Parser) scanIntOrFloat(b []byte) (reference, []byte, error) {
 				return p.builder.Push(Node{
 					Kind: Float,
 					Data: b[:i+3],
+					Raw:  p.Range(b[:i+3]),
 				}), b[i+3:], nil
 			}
 
@@ -1180,6 +1184,7 @@ func (p *Parser) scanIntOrFloat(b []byte) (reference, []byte, error) {
 				return p.builder.Push(Node{
 					Kind: Float,
 					Data: b[:i+3],
+					Raw:  p.Range(b[:i+3]),
 				}), b[i+3:], nil
 			}
 
@@ -1202,6 +1207,7 @@ func (p *Parser) scanIntOrFloat(b []byte) (reference, []byte, error) {
 	return p.builder.Push(Node{
 		Kind: kind,
 		Data: b[:i],
+		Raw:  p.Range(b[:i]),
 	}), b[i:], nil
 }
 
diff --git a/vendor/github.com/philhofer/fwd/LICENSE.md b/vendor/github.com/philhofer/fwd/LICENSE.md
new file mode 100644
index 000000000..1ac6a81f6
--- /dev/null
+++ b/vendor/github.com/philhofer/fwd/LICENSE.md
@@ -0,0 +1,7 @@
+Copyright (c) 2014-2015, Philip Hofer
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
\ No newline at end of file
diff --git a/vendor/github.com/philhofer/fwd/README.md b/vendor/github.com/philhofer/fwd/README.md
new file mode 100644
index 000000000..62bd5c6d0
--- /dev/null
+++ b/vendor/github.com/philhofer/fwd/README.md
@@ -0,0 +1,359 @@
+
+# fwd
+
+[![Go Reference](https://pkg.go.dev/badge/github.com/philhofer/fwd.svg)](https://pkg.go.dev/github.com/philhofer/fwd)
+
+
+`import "github.com/philhofer/fwd"`
+
+* [Overview](#pkg-overview)
+* [Index](#pkg-index)
+
+## <a name="pkg-overview">Overview</a>
+Package fwd provides a buffered reader
+and writer. Each has methods that help improve
+the encoding/decoding performance of some binary
+protocols.
+
+The `Writer` and `Reader` type provide similar
+functionality to their counterparts in `bufio`, plus
+a few extra utility methods that simplify read-ahead
+and write-ahead. I wrote this package to improve serialization
+performance for [github.com/tinylib/msgp](https://github.com/tinylib/msgp),
+where it provided about a 2x speedup over `bufio` for certain
+workloads. However, care must be taken to understand the semantics of the
+extra methods provided by this package, as they allow
+the user to access and manipulate the buffer memory
+directly.
+
+The extra methods for `fwd.Reader` are `Peek`, `Skip`
+and `Next`. `(*fwd.Reader).Peek`, unlike `(*bufio.Reader).Peek`,
+will re-allocate the read buffer in order to accommodate arbitrarily
+large read-ahead. `(*fwd.Reader).Skip` skips the next `n` bytes
+in the stream, and uses the `io.Seeker` interface if the underlying
+stream implements it. `(*fwd.Reader).Next` returns a slice pointing
+to the next `n` bytes in the read buffer (like `Peek`), but also
+increments the read position. This allows users to process streams
+in arbitrary block sizes without having to manage appropriately-sized
+slices. Additionally, obviating the need to copy the data from the
+buffer to another location in memory can improve performance dramatically
+in CPU-bound applications.
+
+`fwd.Writer` only has one extra method, which is `(*fwd.Writer).Next`, which
+returns a slice pointing to the next `n` bytes of the writer, and increments
+the write position by the length of the returned slice. This allows users
+to write directly to the end of the buffer.
+
+
+
+
+## <a name="pkg-index">Index</a>
+* [Constants](#pkg-constants)
+* [type Reader](#Reader)
+  * [func NewReader(r io.Reader) *Reader](#NewReader)
+  * [func NewReaderBuf(r io.Reader, buf []byte) *Reader](#NewReaderBuf)
+  * [func NewReaderSize(r io.Reader, n int) *Reader](#NewReaderSize)
+  * [func (r *Reader) BufferSize() int](#Reader.BufferSize)
+  * [func (r *Reader) Buffered() int](#Reader.Buffered)
+  * [func (r *Reader) Next(n int) ([]byte, error)](#Reader.Next)
+  * [func (r *Reader) Peek(n int) ([]byte, error)](#Reader.Peek)
+  * [func (r *Reader) Read(b []byte) (int, error)](#Reader.Read)
+  * [func (r *Reader) ReadByte() (byte, error)](#Reader.ReadByte)
+  * [func (r *Reader) ReadFull(b []byte) (int, error)](#Reader.ReadFull)
+  * [func (r *Reader) Reset(rd io.Reader)](#Reader.Reset)
+  * [func (r *Reader) Skip(n int) (int, error)](#Reader.Skip)
+  * [func (r *Reader) WriteTo(w io.Writer) (int64, error)](#Reader.WriteTo)
+* [type Writer](#Writer)
+  * [func NewWriter(w io.Writer) *Writer](#NewWriter)
+  * [func NewWriterBuf(w io.Writer, buf []byte) *Writer](#NewWriterBuf)
+  * [func NewWriterSize(w io.Writer, n int) *Writer](#NewWriterSize)
+  * [func (w *Writer) BufferSize() int](#Writer.BufferSize)
+  * [func (w *Writer) Buffered() int](#Writer.Buffered)
+  * [func (w *Writer) Flush() error](#Writer.Flush)
+  * [func (w *Writer) Next(n int) ([]byte, error)](#Writer.Next)
+  * [func (w *Writer) ReadFrom(r io.Reader) (int64, error)](#Writer.ReadFrom)
+  * [func (w *Writer) Write(p []byte) (int, error)](#Writer.Write)
+  * [func (w *Writer) WriteByte(b byte) error](#Writer.WriteByte)
+  * [func (w *Writer) WriteString(s string) (int, error)](#Writer.WriteString)
+
+
+## <a name="pkg-constants">Constants</a>
+``` go
+const (
+    // DefaultReaderSize is the default size of the read buffer
+    DefaultReaderSize = 2048
+)
+```
+``` go
+const (
+    // DefaultWriterSize is the
+    // default write buffer size.
+    DefaultWriterSize = 2048
+)
+```
+
+
+
+## type Reader
+``` go
+type Reader struct {
+    // contains filtered or unexported fields
+}
+```
+Reader is a buffered look-ahead reader
+
+
+
+
+
+
+
+
+
+### func NewReader
+``` go
+func NewReader(r io.Reader) *Reader
+```
+NewReader returns a new *Reader that reads from 'r'
+
+
+### func NewReaderSize
+``` go
+func NewReaderSize(r io.Reader, n int) *Reader
+```
+NewReaderSize returns a new *Reader that
+reads from 'r' and has a buffer size 'n'
+
+
+
+
+### func (\*Reader) BufferSize
+``` go
+func (r *Reader) BufferSize() int
+```
+BufferSize returns the total size of the buffer
+
+
+
+### func (\*Reader) Buffered
+``` go
+func (r *Reader) Buffered() int
+```
+Buffered returns the number of bytes currently in the buffer
+
+
+
+### func (\*Reader) Next
+``` go
+func (r *Reader) Next(n int) ([]byte, error)
+```
+Next returns the next 'n' bytes in the stream.
+Unlike Peek, Next advances the reader position.
+The returned bytes point to the same
+data as the buffer, so the slice is
+only valid until the next reader method call.
+An EOF is considered an unexpected error.
+If an the returned slice is less than the
+length asked for, an error will be returned,
+and the reader position will not be incremented.
+
+
+
+### <a name="Reader.Peek">func</a> (\*Reader) Peek
+``` go
+func (r *Reader) Peek(n int) ([]byte, error)
+```
+Peek returns the next 'n' buffered bytes,
+reading from the underlying reader if necessary.
+It will only return a slice shorter than 'n' bytes
+if it also returns an error. Peek does not advance
+the reader. EOF errors are *not* returned as
+io.ErrUnexpectedEOF.
+
+
+
+### <a name="Reader.Read">func</a> (\*Reader) Read
+``` go
+func (r *Reader) Read(b []byte) (int, error)
+```
+Read implements `io.Reader`.
+
+
+
+### <a name="Reader.ReadByte">func</a> (\*Reader) ReadByte
+``` go
+func (r *Reader) ReadByte() (byte, error)
+```
+ReadByte implements `io.ByteReader`.
+
+
+
+### <a name="Reader.ReadFull">func</a> (\*Reader) ReadFull
+``` go
+func (r *Reader) ReadFull(b []byte) (int, error)
+```
+ReadFull attempts to read len(b) bytes into
+'b'. It returns the number of bytes read into
+'b', and an error if it does not return len(b).
+EOF is considered an unexpected error.
+
+
+
+### <a name="Reader.Reset">func</a> (\*Reader) Reset
+``` go
+func (r *Reader) Reset(rd io.Reader)
+```
+Reset resets the underlying reader
+and the read buffer.
+
+
+
+### <a name="Reader.Skip">func</a> (\*Reader) Skip
+``` go
+func (r *Reader) Skip(n int) (int, error)
+```
+Skip moves the reader forward 'n' bytes.
+Returns the number of bytes skipped and any
+errors encountered. It is analogous to Seek(n, 1).
+If the underlying reader implements io.Seeker, then
+that method will be used to skip forward.
+
+If the reader encounters
+an EOF before skipping 'n' bytes, it
+returns `io.ErrUnexpectedEOF`. If the
+underlying reader implements `io.Seeker`, then
+those rules apply instead. (Many implementations
+will not return `io.EOF` until the next call
+to Read).
+
+
+
+
+### <a name="Reader.WriteTo">func</a> (\*Reader) WriteTo
+``` go
+func (r *Reader) WriteTo(w io.Writer) (int64, error)
+```
+WriteTo implements `io.WriterTo`.
+
+
+
+
+## <a name="Writer">type</a> Writer
+``` go
+type Writer struct {
+    // contains filtered or unexported fields
+}
+
+```
+Writer is a buffered writer
+
+
+
+
+
+
+
+### <a name="NewWriter">func</a> NewWriter
+``` go
+func NewWriter(w io.Writer) *Writer
+```
+NewWriter returns a new writer
+that writes to 'w' and has a buffer
+that is `DefaultWriterSize` bytes.
+
+
+### <a name="NewWriterBuf">func</a> NewWriterBuf
+``` go
+func NewWriterBuf(w io.Writer, buf []byte) *Writer
+```
+NewWriterBuf returns a new writer
+that writes to 'w' and has 'buf' as a buffer.
+'buf' is not used when has smaller capacity than 18,
+custom buffer is allocated instead.
+
+
+### <a name="NewWriterSize">func</a> NewWriterSize
+``` go
+func NewWriterSize(w io.Writer, n int) *Writer
+```
+NewWriterSize returns a new writer that
+writes to 'w' and has a buffer size 'n'.
+
+### <a name="Writer.BufferSize">func</a> (\*Writer) BufferSize
+``` go
+func (w *Writer) BufferSize() int
+```
+BufferSize returns the maximum size of the buffer.
+
+
+
+### <a name="Writer.Buffered">func</a> (\*Writer) Buffered
+``` go
+func (w *Writer) Buffered() int
+```
+Buffered returns the number of buffered bytes
+in the reader.
+
+
+
+### <a name="Writer.Flush">func</a> (\*Writer) Flush
+``` go
+func (w *Writer) Flush() error
+```
+Flush flushes any buffered bytes
+to the underlying writer.
+
+
+
+### <a name="Writer.Next">func</a> (\*Writer) Next
+``` go
+func (w *Writer) Next(n int) ([]byte, error)
+```
+Next returns the next 'n' free bytes
+in the write buffer, flushing the writer
+as necessary. Next will return `io.ErrShortBuffer`
+if 'n' is greater than the size of the write buffer.
+Calls to 'next' increment the write position by
+the size of the returned buffer.
+
+
+
+### <a name="Writer.ReadFrom">func</a> (\*Writer) ReadFrom
+``` go
+func (w *Writer) ReadFrom(r io.Reader) (int64, error)
+```
+ReadFrom implements `io.ReaderFrom`
+
+
+
+### <a name="Writer.Write">func</a> (\*Writer) Write
+``` go
+func (w *Writer) Write(p []byte) (int, error)
+```
+Write implements `io.Writer`
+
+
+
+### <a name="Writer.WriteByte">func</a> (\*Writer) WriteByte
+``` go
+func (w *Writer) WriteByte(b byte) error
+```
+WriteByte implements `io.ByteWriter`
+
+
+
+### <a name="Writer.WriteString">func</a> (\*Writer) WriteString
+``` go
+func (w *Writer) WriteString(s string) (int, error)
+```
+WriteString is analogous to Write, but it takes a string.
+
+
+
+
+
+
+
+
+- - -
+Generated by [godoc2md](https://github.com/davecheney/godoc2md)
diff --git a/vendor/github.com/philhofer/fwd/reader.go b/vendor/github.com/philhofer/fwd/reader.go
new file mode 100644
index 000000000..7c21f8fb4
--- /dev/null
+++ b/vendor/github.com/philhofer/fwd/reader.go
@@ -0,0 +1,383 @@
+// Package fwd provides a buffered reader
+// and writer. Each has methods that help improve
+// the encoding/decoding performance of some binary
+// protocols.
+//
+// The [Writer] and [Reader] type provide similar
+// functionality to their counterparts in [bufio], plus
+// a few extra utility methods that simplify read-ahead
+// and write-ahead. I wrote this package to improve serialization
+// performance for http://github.com/tinylib/msgp,
+// where it provided about a 2x speedup over `bufio` for certain
+// workloads. However, care must be taken to understand the semantics of the
+// extra methods provided by this package, as they allow
+// the user to access and manipulate the buffer memory
+// directly.
+//
+// The extra methods for [Reader] are [Reader.Peek], [Reader.Skip]
+// and [Reader.Next]. (*fwd.Reader).Peek, unlike (*bufio.Reader).Peek,
+// will re-allocate the read buffer in order to accommodate arbitrarily
+// large read-ahead. (*fwd.Reader).Skip skips the next 'n' bytes
+// in the stream, and uses the [io.Seeker] interface if the underlying
+// stream implements it. (*fwd.Reader).Next returns a slice pointing
+// to the next 'n' bytes in the read buffer (like Reader.Peek), but also
+// increments the read position. This allows users to process streams
+// in arbitrary block sizes without having to manage appropriately-sized
+// slices. Additionally, obviating the need to copy the data from the
+// buffer to another location in memory can improve performance dramatically
+// in CPU-bound applications.
+//
+// [Writer] only has one extra method, which is (*fwd.Writer).Next, which
+// returns a slice pointing to the next 'n' bytes of the writer, and increments
+// the write position by the length of the returned slice. This allows users
+// to write directly to the end of the buffer.
+package fwd
+
+import (
+	"io"
+	"os"
+)
+
+const (
+	// DefaultReaderSize is the default size of the read buffer
+	DefaultReaderSize = 2048
+
+	// minimum read buffer; straight from bufio
+	minReaderSize = 16
+)
+
+// NewReader returns a new *Reader that reads from 'r'
+func NewReader(r io.Reader) *Reader {
+	return NewReaderSize(r, DefaultReaderSize)
+}
+
+// NewReaderSize returns a new *Reader that
+// reads from 'r' and has a buffer size 'n'.
+func NewReaderSize(r io.Reader, n int) *Reader {
+	buf := make([]byte, 0, max(n, minReaderSize))
+	return NewReaderBuf(r, buf)
+}
+
+// NewReaderBuf returns a new *Reader that
+// reads from 'r' and uses 'buf' as a buffer.
+// 'buf' is not used when has smaller capacity than 16,
+// custom buffer is allocated instead.
+func NewReaderBuf(r io.Reader, buf []byte) *Reader {
+	if cap(buf) < minReaderSize {
+		buf = make([]byte, 0, minReaderSize)
+	}
+	buf = buf[:0]
+	rd := &Reader{
+		r:    r,
+		data: buf,
+	}
+	if s, ok := r.(io.Seeker); ok {
+		rd.rs = s
+	}
+	return rd
+}
+
+// Reader is a buffered look-ahead reader
+type Reader struct {
+	r io.Reader // underlying reader
+
+	// data[n:len(data)] is buffered data; data[len(data):cap(data)] is free buffer space
+	data  []byte // data
+	n     int    // read offset
+	state error  // last read error
+
+	// if the reader past to NewReader was
+	// also an io.Seeker, this is non-nil
+	rs io.Seeker
+}
+
+// Reset resets the underlying reader
+// and the read buffer.
+func (r *Reader) Reset(rd io.Reader) {
+	r.r = rd
+	r.data = r.data[0:0]
+	r.n = 0
+	r.state = nil
+	if s, ok := rd.(io.Seeker); ok {
+		r.rs = s
+	} else {
+		r.rs = nil
+	}
+}
+
+// more() does one read on the underlying reader
+func (r *Reader) more() {
+	// move data backwards so that
+	// the read offset is 0; this way
+	// we can supply the maximum number of
+	// bytes to the reader
+	if r.n != 0 {
+		if r.n < len(r.data) {
+			r.data = r.data[:copy(r.data[0:], r.data[r.n:])]
+		} else {
+			r.data = r.data[:0]
+		}
+		r.n = 0
+	}
+	var a int
+	a, r.state = r.r.Read(r.data[len(r.data):cap(r.data)])
+	if a == 0 && r.state == nil {
+		r.state = io.ErrNoProgress
+		return
+	} else if a > 0 && r.state == io.EOF {
+		// discard the io.EOF if we read more than 0 bytes.
+		// the next call to Read should return io.EOF again.
+		r.state = nil
+	} else if r.state != nil {
+		return
+	}
+	r.data = r.data[:len(r.data)+a]
+}
+
+// pop error
+func (r *Reader) err() (e error) {
+	e, r.state = r.state, nil
+	return
+}
+
+// pop error; EOF -> io.ErrUnexpectedEOF
+func (r *Reader) noEOF() (e error) {
+	e, r.state = r.state, nil
+	if e == io.EOF {
+		e = io.ErrUnexpectedEOF
+	}
+	return
+}
+
+// buffered bytes
+func (r *Reader) buffered() int { return len(r.data) - r.n }
+
+// Buffered returns the number of bytes currently in the buffer
+func (r *Reader) Buffered() int { return len(r.data) - r.n }
+
+// BufferSize returns the total size of the buffer
+func (r *Reader) BufferSize() int { return cap(r.data) }
+
+// Peek returns the next 'n' buffered bytes,
+// reading from the underlying reader if necessary.
+// It will only return a slice shorter than 'n' bytes
+// if it also returns an error. Peek does not advance
+// the reader. EOF errors are *not* returned as
+// io.ErrUnexpectedEOF.
+func (r *Reader) Peek(n int) ([]byte, error) {
+	// in the degenerate case,
+	// we may need to realloc
+	// (the caller asked for more
+	// bytes than the size of the buffer)
+	if cap(r.data) < n {
+		old := r.data[r.n:]
+		r.data = make([]byte, n+r.buffered())
+		r.data = r.data[:copy(r.data, old)]
+		r.n = 0
+	}
+
+	// keep filling until
+	// we hit an error or
+	// read enough bytes
+	for r.buffered() < n && r.state == nil {
+		r.more()
+	}
+
+	// we must have hit an error
+	if r.buffered() < n {
+		return r.data[r.n:], r.err()
+	}
+
+	return r.data[r.n : r.n+n], nil
+}
+
+// discard(n) discards up to 'n' buffered bytes, and
+// and returns the number of bytes discarded
+func (r *Reader) discard(n int) int {
+	inbuf := r.buffered()
+	if inbuf <= n {
+		r.n = 0
+		r.data = r.data[:0]
+		return inbuf
+	}
+	r.n += n
+	return n
+}
+
+// Skip moves the reader forward 'n' bytes.
+// Returns the number of bytes skipped and any
+// errors encountered. It is analogous to Seek(n, 1).
+// If the underlying reader implements io.Seeker, then
+// that method will be used to skip forward.
+//
+// If the reader encounters
+// an EOF before skipping 'n' bytes, it
+// returns [io.ErrUnexpectedEOF]. If the
+// underlying reader implements [io.Seeker], then
+// those rules apply instead. (Many implementations
+// will not return [io.EOF] until the next call
+// to Read).
+func (r *Reader) Skip(n int) (int, error) {
+	if n < 0 {
+		return 0, os.ErrInvalid
+	}
+
+	// discard some or all of the current buffer
+	skipped := r.discard(n)
+
+	// if we can Seek() through the remaining bytes, do that
+	if n > skipped && r.rs != nil {
+		nn, err := r.rs.Seek(int64(n-skipped), 1)
+		return int(nn) + skipped, err
+	}
+	// otherwise, keep filling the buffer
+	// and discarding it up to 'n'
+	for skipped < n && r.state == nil {
+		r.more()
+		skipped += r.discard(n - skipped)
+	}
+	return skipped, r.noEOF()
+}
+
+// Next returns the next 'n' bytes in the stream.
+// Unlike Peek, Next advances the reader position.
+// The returned bytes point to the same
+// data as the buffer, so the slice is
+// only valid until the next reader method call.
+// An EOF is considered an unexpected error.
+// If an the returned slice is less than the
+// length asked for, an error will be returned,
+// and the reader position will not be incremented.
+func (r *Reader) Next(n int) ([]byte, error) {
+	// in case the buffer is too small
+	if cap(r.data) < n {
+		old := r.data[r.n:]
+		r.data = make([]byte, n+r.buffered())
+		r.data = r.data[:copy(r.data, old)]
+		r.n = 0
+	}
+
+	// fill at least 'n' bytes
+	for r.buffered() < n && r.state == nil {
+		r.more()
+	}
+
+	if r.buffered() < n {
+		return r.data[r.n:], r.noEOF()
+	}
+	out := r.data[r.n : r.n+n]
+	r.n += n
+	return out, nil
+}
+
+// Read implements [io.Reader].
+func (r *Reader) Read(b []byte) (int, error) {
+	// if we have data in the buffer, just
+	// return that.
+	if r.buffered() != 0 {
+		x := copy(b, r.data[r.n:])
+		r.n += x
+		return x, nil
+	}
+	var n int
+	// we have no buffered data; determine
+	// whether or not to buffer or call
+	// the underlying reader directly
+	if len(b) >= cap(r.data) {
+		n, r.state = r.r.Read(b)
+	} else {
+		r.more()
+		n = copy(b, r.data)
+		r.n = n
+	}
+	if n == 0 {
+		return 0, r.err()
+	}
+	return n, nil
+}
+
+// ReadFull attempts to read len(b) bytes into
+// 'b'. It returns the number of bytes read into
+// 'b', and an error if it does not return len(b).
+// EOF is considered an unexpected error.
+func (r *Reader) ReadFull(b []byte) (int, error) {
+	var n int  // read into b
+	var nn int // scratch
+	l := len(b)
+	// either read buffered data,
+	// or read directly for the underlying
+	// buffer, or fetch more buffered data.
+	for n < l && r.state == nil {
+		if r.buffered() != 0 {
+			nn = copy(b[n:], r.data[r.n:])
+			n += nn
+			r.n += nn
+		} else if l-n > cap(r.data) {
+			nn, r.state = r.r.Read(b[n:])
+			n += nn
+		} else {
+			r.more()
+		}
+	}
+	if n < l {
+		return n, r.noEOF()
+	}
+	return n, nil
+}
+
+// ReadByte implements [io.ByteReader].
+func (r *Reader) ReadByte() (byte, error) {
+	for r.buffered() < 1 && r.state == nil {
+		r.more()
+	}
+	if r.buffered() < 1 {
+		return 0, r.err()
+	}
+	b := r.data[r.n]
+	r.n++
+	return b, nil
+}
+
+// WriteTo implements [io.WriterTo].
+func (r *Reader) WriteTo(w io.Writer) (int64, error) {
+	var (
+		i   int64
+		ii  int
+		err error
+	)
+	// first, clear buffer
+	if r.buffered() > 0 {
+		ii, err = w.Write(r.data[r.n:])
+		i += int64(ii)
+		if err != nil {
+			return i, err
+		}
+		r.data = r.data[0:0]
+		r.n = 0
+	}
+	for r.state == nil {
+		// here we just do
+		// 1:1 reads and writes
+		r.more()
+		if r.buffered() > 0 {
+			ii, err = w.Write(r.data)
+			i += int64(ii)
+			if err != nil {
+				return i, err
+			}
+			r.data = r.data[0:0]
+			r.n = 0
+		}
+	}
+	if r.state != io.EOF {
+		return i, r.err()
+	}
+	return i, nil
+}
+
+func max(a int, b int) int {
+	if a < b {
+		return b
+	}
+	return a
+}
diff --git a/vendor/github.com/philhofer/fwd/writer.go b/vendor/github.com/philhofer/fwd/writer.go
new file mode 100644
index 000000000..4d6ea15b3
--- /dev/null
+++ b/vendor/github.com/philhofer/fwd/writer.go
@@ -0,0 +1,236 @@
+package fwd
+
+import "io"
+
+const (
+	// DefaultWriterSize is the
+	// default write buffer size.
+	DefaultWriterSize = 2048
+
+	minWriterSize = minReaderSize
+)
+
+// Writer is a buffered writer
+type Writer struct {
+	w   io.Writer // writer
+	buf []byte    // 0:len(buf) is bufered data
+}
+
+// NewWriter returns a new writer
+// that writes to 'w' and has a buffer
+// that is `DefaultWriterSize` bytes.
+func NewWriter(w io.Writer) *Writer {
+	if wr, ok := w.(*Writer); ok {
+		return wr
+	}
+	return &Writer{
+		w:   w,
+		buf: make([]byte, 0, DefaultWriterSize),
+	}
+}
+
+// NewWriterSize returns a new writer that
+// writes to 'w' and has a buffer size 'n'.
+func NewWriterSize(w io.Writer, n int) *Writer {
+	if wr, ok := w.(*Writer); ok && cap(wr.buf) >= n {
+		return wr
+	}
+	buf := make([]byte, 0, max(n, minWriterSize))
+	return NewWriterBuf(w, buf)
+}
+
+// NewWriterBuf returns a new writer
+// that writes to 'w' and has 'buf' as a buffer.
+// 'buf' is not used when has smaller capacity than 18,
+// custom buffer is allocated instead.
+func NewWriterBuf(w io.Writer, buf []byte) *Writer {
+	if cap(buf) < minWriterSize {
+		buf = make([]byte, 0, minWriterSize)
+	}
+	buf = buf[:0]
+	return &Writer{
+		w:   w,
+		buf: buf,
+	}
+}
+
+// Buffered returns the number of buffered bytes
+// in the reader.
+func (w *Writer) Buffered() int { return len(w.buf) }
+
+// BufferSize returns the maximum size of the buffer.
+func (w *Writer) BufferSize() int { return cap(w.buf) }
+
+// Flush flushes any buffered bytes
+// to the underlying writer.
+func (w *Writer) Flush() error {
+	l := len(w.buf)
+	if l > 0 {
+		n, err := w.w.Write(w.buf)
+
+		// if we didn't write the whole
+		// thing, copy the unwritten
+		// bytes to the beginnning of the
+		// buffer.
+		if n < l && n > 0 {
+			w.pushback(n)
+			if err == nil {
+				err = io.ErrShortWrite
+			}
+		}
+		if err != nil {
+			return err
+		}
+		w.buf = w.buf[:0]
+		return nil
+	}
+	return nil
+}
+
+// Write implements `io.Writer`
+func (w *Writer) Write(p []byte) (int, error) {
+	c, l, ln := cap(w.buf), len(w.buf), len(p)
+	avail := c - l
+
+	// requires flush
+	if avail < ln {
+		if err := w.Flush(); err != nil {
+			return 0, err
+		}
+		l = len(w.buf)
+	}
+	// too big to fit in buffer;
+	// write directly to w.w
+	if c < ln {
+		return w.w.Write(p)
+	}
+
+	// grow buf slice; copy; return
+	w.buf = w.buf[:l+ln]
+	return copy(w.buf[l:], p), nil
+}
+
+// WriteString is analogous to Write, but it takes a string.
+func (w *Writer) WriteString(s string) (int, error) {
+	c, l, ln := cap(w.buf), len(w.buf), len(s)
+	avail := c - l
+
+	// requires flush
+	if avail < ln {
+		if err := w.Flush(); err != nil {
+			return 0, err
+		}
+		l = len(w.buf)
+	}
+	// too big to fit in buffer;
+	// write directly to w.w
+	//
+	// yes, this is unsafe. *but*
+	// io.Writer is not allowed
+	// to mutate its input or
+	// maintain a reference to it,
+	// per the spec in package io.
+	//
+	// plus, if the string is really
+	// too big to fit in the buffer, then
+	// creating a copy to write it is
+	// expensive (and, strictly speaking,
+	// unnecessary)
+	if c < ln {
+		return w.w.Write(unsafestr(s))
+	}
+
+	// grow buf slice; copy; return
+	w.buf = w.buf[:l+ln]
+	return copy(w.buf[l:], s), nil
+}
+
+// WriteByte implements `io.ByteWriter`
+func (w *Writer) WriteByte(b byte) error {
+	if len(w.buf) == cap(w.buf) {
+		if err := w.Flush(); err != nil {
+			return err
+		}
+	}
+	w.buf = append(w.buf, b)
+	return nil
+}
+
+// Next returns the next 'n' free bytes
+// in the write buffer, flushing the writer
+// as necessary. Next will return `io.ErrShortBuffer`
+// if 'n' is greater than the size of the write buffer.
+// Calls to 'next' increment the write position by
+// the size of the returned buffer.
+func (w *Writer) Next(n int) ([]byte, error) {
+	c, l := cap(w.buf), len(w.buf)
+	if n > c {
+		return nil, io.ErrShortBuffer
+	}
+	avail := c - l
+	if avail < n {
+		if err := w.Flush(); err != nil {
+			return nil, err
+		}
+		l = len(w.buf)
+	}
+	w.buf = w.buf[:l+n]
+	return w.buf[l:], nil
+}
+
+// take the bytes from w.buf[n:len(w.buf)]
+// and put them at the beginning of w.buf,
+// and resize to the length of the copied segment.
+func (w *Writer) pushback(n int) {
+	w.buf = w.buf[:copy(w.buf, w.buf[n:])]
+}
+
+// ReadFrom implements `io.ReaderFrom`
+func (w *Writer) ReadFrom(r io.Reader) (int64, error) {
+	// anticipatory flush
+	if err := w.Flush(); err != nil {
+		return 0, err
+	}
+
+	w.buf = w.buf[0:cap(w.buf)] // expand buffer
+
+	var nn int64  // written
+	var err error // error
+	var x int     // read
+
+	// 1:1 reads and writes
+	for err == nil {
+		x, err = r.Read(w.buf)
+		if x > 0 {
+			n, werr := w.w.Write(w.buf[:x])
+			nn += int64(n)
+
+			if err != nil {
+				if n < x && n > 0 {
+					w.pushback(n - x)
+				}
+				return nn, werr
+			}
+			if n < x {
+				w.pushback(n - x)
+				return nn, io.ErrShortWrite
+			}
+		} else if err == nil {
+			err = io.ErrNoProgress
+			break
+		}
+	}
+	if err != io.EOF {
+		return nn, err
+	}
+
+	// we only clear here
+	// because we are sure
+	// the writes have
+	// succeeded. otherwise,
+	// we retain the data in case
+	// future writes succeed.
+	w.buf = w.buf[0:0]
+
+	return nn, nil
+}
diff --git a/vendor/github.com/philhofer/fwd/writer_appengine.go b/vendor/github.com/philhofer/fwd/writer_appengine.go
new file mode 100644
index 000000000..a978e3b6a
--- /dev/null
+++ b/vendor/github.com/philhofer/fwd/writer_appengine.go
@@ -0,0 +1,6 @@
+//go:build appengine
+// +build appengine
+
+package fwd
+
+func unsafestr(s string) []byte { return []byte(s) }
diff --git a/vendor/github.com/philhofer/fwd/writer_tinygo.go b/vendor/github.com/philhofer/fwd/writer_tinygo.go
new file mode 100644
index 000000000..b060faf7a
--- /dev/null
+++ b/vendor/github.com/philhofer/fwd/writer_tinygo.go
@@ -0,0 +1,19 @@
+//go:build tinygo
+// +build tinygo
+
+package fwd
+
+import (
+	"reflect"
+	"unsafe"
+)
+
+// unsafe cast string as []byte
+func unsafestr(b string) []byte {
+	l := uintptr(len(b))
+	return *(*[]byte)(unsafe.Pointer(&reflect.SliceHeader{
+		Len:  l,
+		Cap:  l,
+		Data: (*reflect.StringHeader)(unsafe.Pointer(&b)).Data,
+	}))
+}
diff --git a/vendor/github.com/philhofer/fwd/writer_unsafe.go b/vendor/github.com/philhofer/fwd/writer_unsafe.go
new file mode 100644
index 000000000..e4cb4a830
--- /dev/null
+++ b/vendor/github.com/philhofer/fwd/writer_unsafe.go
@@ -0,0 +1,20 @@
+//go:build !appengine && !tinygo
+// +build !appengine,!tinygo
+
+package fwd
+
+import (
+	"reflect"
+	"unsafe"
+)
+
+// unsafe cast string as []byte
+func unsafestr(s string) []byte {
+	var b []byte
+	sHdr := (*reflect.StringHeader)(unsafe.Pointer(&s))
+	bHdr := (*reflect.SliceHeader)(unsafe.Pointer(&b))
+	bHdr.Data = sHdr.Data
+	bHdr.Len = sHdr.Len
+	bHdr.Cap = sHdr.Len
+	return b
+}
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/collectors/expvar_collector.go b/vendor/github.com/prometheus/client_golang/prometheus/collectors/expvar_collector.go
index 3aa8d0590..b22d862fb 100644
--- a/vendor/github.com/prometheus/client_golang/prometheus/collectors/expvar_collector.go
+++ b/vendor/github.com/prometheus/client_golang/prometheus/collectors/expvar_collector.go
@@ -22,7 +22,7 @@ import "github.com/prometheus/client_golang/prometheus"
 // Prometheus metrics. Note that the data models of expvar and Prometheus are
 // fundamentally different, and that the expvar Collector is inherently slower
 // than native Prometheus metrics. Thus, the expvar Collector is probably great
-// for experiments and prototying, but you should seriously consider a more
+// for experiments and prototyping, but you should seriously consider a more
 // direct implementation of Prometheus metrics for monitoring production
 // systems.
 //
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/collectors/go_collector_latest.go b/vendor/github.com/prometheus/client_golang/prometheus/collectors/go_collector_latest.go
index 2f5616894..bcfa4fa10 100644
--- a/vendor/github.com/prometheus/client_golang/prometheus/collectors/go_collector_latest.go
+++ b/vendor/github.com/prometheus/client_golang/prometheus/collectors/go_collector_latest.go
@@ -132,16 +132,19 @@ type GoCollectionOption uint32
 
 const (
 	// GoRuntimeMemStatsCollection represents the metrics represented by runtime.MemStats structure.
-	// Deprecated. Use WithGoCollectorMemStatsMetricsDisabled() function to disable those metrics in the collector.
+	//
+	// Deprecated: Use WithGoCollectorMemStatsMetricsDisabled() function to disable those metrics in the collector.
 	GoRuntimeMemStatsCollection GoCollectionOption = 1 << iota
 	// GoRuntimeMetricsCollection is the new set of metrics represented by runtime/metrics package.
-	// Deprecated. Use WithGoCollectorRuntimeMetrics(GoRuntimeMetricsRule{Matcher: regexp.MustCompile("/.*")})
+	//
+	// Deprecated: Use WithGoCollectorRuntimeMetrics(GoRuntimeMetricsRule{Matcher: regexp.MustCompile("/.*")})
 	// function to enable those metrics in the collector.
 	GoRuntimeMetricsCollection
 )
 
 // WithGoCollections allows enabling different collections for Go collector on top of base metrics.
-// Deprecated. Use WithGoCollectorRuntimeMetrics() and WithGoCollectorMemStatsMetricsDisabled() instead to control metrics.
+//
+// Deprecated: Use WithGoCollectorRuntimeMetrics() and WithGoCollectorMemStatsMetricsDisabled() instead to control metrics.
 func WithGoCollections(flags GoCollectionOption) func(options *internal.GoCollectorOptions) {
 	return func(options *internal.GoCollectorOptions) {
 		if flags&GoRuntimeMemStatsCollection == 0 {
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/counter.go b/vendor/github.com/prometheus/client_golang/prometheus/counter.go
index 62de4dc59..4ce84e7a8 100644
--- a/vendor/github.com/prometheus/client_golang/prometheus/counter.go
+++ b/vendor/github.com/prometheus/client_golang/prometheus/counter.go
@@ -20,6 +20,7 @@ import (
 	"time"
 
 	dto "github.com/prometheus/client_model/go"
+	"google.golang.org/protobuf/types/known/timestamppb"
 )
 
 // Counter is a Metric that represents a single numerical value that only ever
@@ -66,7 +67,7 @@ type CounterVecOpts struct {
 	CounterOpts
 
 	// VariableLabels are used to partition the metric vector by the given set
-	// of labels. Each label value will be constrained with the optional Contraint
+	// of labels. Each label value will be constrained with the optional Constraint
 	// function, if provided.
 	VariableLabels ConstrainableLabels
 }
@@ -90,8 +91,12 @@ func NewCounter(opts CounterOpts) Counter {
 		nil,
 		opts.ConstLabels,
 	)
-	result := &counter{desc: desc, labelPairs: desc.constLabelPairs, now: time.Now}
+	if opts.now == nil {
+		opts.now = time.Now
+	}
+	result := &counter{desc: desc, labelPairs: desc.constLabelPairs, now: opts.now}
 	result.init(result) // Init self-collection.
+	result.createdTs = timestamppb.New(opts.now())
 	return result
 }
 
@@ -106,10 +111,12 @@ type counter struct {
 	selfCollector
 	desc *Desc
 
+	createdTs  *timestamppb.Timestamp
 	labelPairs []*dto.LabelPair
 	exemplar   atomic.Value // Containing nil or a *dto.Exemplar.
 
-	now func() time.Time // To mock out time.Now() for testing.
+	// now is for testing purposes, by default it's time.Now.
+	now func() time.Time
 }
 
 func (c *counter) Desc() *Desc {
@@ -159,8 +166,7 @@ func (c *counter) Write(out *dto.Metric) error {
 		exemplar = e.(*dto.Exemplar)
 	}
 	val := c.get()
-
-	return populateMetric(CounterValue, val, c.labelPairs, exemplar, out)
+	return populateMetric(CounterValue, val, c.labelPairs, exemplar, out, c.createdTs)
 }
 
 func (c *counter) updateExemplar(v float64, l Labels) {
@@ -200,13 +206,17 @@ func (v2) NewCounterVec(opts CounterVecOpts) *CounterVec {
 		opts.VariableLabels,
 		opts.ConstLabels,
 	)
+	if opts.now == nil {
+		opts.now = time.Now
+	}
 	return &CounterVec{
 		MetricVec: NewMetricVec(desc, func(lvs ...string) Metric {
-			if len(lvs) != len(desc.variableLabels) {
-				panic(makeInconsistentCardinalityError(desc.fqName, desc.variableLabels.labelNames(), lvs))
+			if len(lvs) != len(desc.variableLabels.names) {
+				panic(makeInconsistentCardinalityError(desc.fqName, desc.variableLabels.names, lvs))
 			}
-			result := &counter{desc: desc, labelPairs: MakeLabelPairs(desc, lvs), now: time.Now}
+			result := &counter{desc: desc, labelPairs: MakeLabelPairs(desc, lvs), now: opts.now}
 			result.init(result) // Init self-collection.
+			result.createdTs = timestamppb.New(opts.now())
 			return result
 		}),
 	}
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/desc.go b/vendor/github.com/prometheus/client_golang/prometheus/desc.go
index 12331542d..68ffe3c24 100644
--- a/vendor/github.com/prometheus/client_golang/prometheus/desc.go
+++ b/vendor/github.com/prometheus/client_golang/prometheus/desc.go
@@ -18,12 +18,12 @@ import (
 	"sort"
 	"strings"
 
-	"github.com/prometheus/client_golang/prometheus/internal"
-
 	"github.com/cespare/xxhash/v2"
 	dto "github.com/prometheus/client_model/go"
 	"github.com/prometheus/common/model"
 	"google.golang.org/protobuf/proto"
+
+	"github.com/prometheus/client_golang/prometheus/internal"
 )
 
 // Desc is the descriptor used by every Prometheus Metric. It is essentially
@@ -52,7 +52,7 @@ type Desc struct {
 	constLabelPairs []*dto.LabelPair
 	// variableLabels contains names of labels and normalization function for
 	// which the metric maintains variable values.
-	variableLabels ConstrainedLabels
+	variableLabels *compiledLabels
 	// id is a hash of the values of the ConstLabels and fqName. This
 	// must be unique among all registered descriptors and can therefore be
 	// used as an identifier of the descriptor.
@@ -93,7 +93,7 @@ func (v2) NewDesc(fqName, help string, variableLabels ConstrainableLabels, const
 	d := &Desc{
 		fqName:         fqName,
 		help:           help,
-		variableLabels: variableLabels.constrainedLabels(),
+		variableLabels: variableLabels.compile(),
 	}
 	if !model.IsValidMetricName(model.LabelValue(fqName)) {
 		d.err = fmt.Errorf("%q is not a valid metric name", fqName)
@@ -103,7 +103,7 @@ func (v2) NewDesc(fqName, help string, variableLabels ConstrainableLabels, const
 	// their sorted label names) plus the fqName (at position 0).
 	labelValues := make([]string, 1, len(constLabels)+1)
 	labelValues[0] = fqName
-	labelNames := make([]string, 0, len(constLabels)+len(d.variableLabels))
+	labelNames := make([]string, 0, len(constLabels)+len(d.variableLabels.names))
 	labelNameSet := map[string]struct{}{}
 	// First add only the const label names and sort them...
 	for labelName := range constLabels {
@@ -128,13 +128,13 @@ func (v2) NewDesc(fqName, help string, variableLabels ConstrainableLabels, const
 	// Now add the variable label names, but prefix them with something that
 	// cannot be in a regular label name. That prevents matching the label
 	// dimension with a different mix between preset and variable labels.
-	for _, label := range d.variableLabels {
-		if !checkLabelName(label.Name) {
-			d.err = fmt.Errorf("%q is not a valid label name for metric %q", label.Name, fqName)
+	for _, label := range d.variableLabels.names {
+		if !checkLabelName(label) {
+			d.err = fmt.Errorf("%q is not a valid label name for metric %q", label, fqName)
 			return d
 		}
-		labelNames = append(labelNames, "$"+label.Name)
-		labelNameSet[label.Name] = struct{}{}
+		labelNames = append(labelNames, "$"+label)
+		labelNameSet[label] = struct{}{}
 	}
 	if len(labelNames) != len(labelNameSet) {
 		d.err = fmt.Errorf("duplicate label names in constant and variable labels for metric %q", fqName)
@@ -189,11 +189,19 @@ func (d *Desc) String() string {
 			fmt.Sprintf("%s=%q", lp.GetName(), lp.GetValue()),
 		)
 	}
+	vlStrings := make([]string, 0, len(d.variableLabels.names))
+	for _, vl := range d.variableLabels.names {
+		if fn, ok := d.variableLabels.labelConstraints[vl]; ok && fn != nil {
+			vlStrings = append(vlStrings, fmt.Sprintf("c(%s)", vl))
+		} else {
+			vlStrings = append(vlStrings, vl)
+		}
+	}
 	return fmt.Sprintf(
-		"Desc{fqName: %q, help: %q, constLabels: {%s}, variableLabels: %v}",
+		"Desc{fqName: %q, help: %q, constLabels: {%s}, variableLabels: {%s}}",
 		d.fqName,
 		d.help,
 		strings.Join(lpStrings, ","),
-		d.variableLabels,
+		strings.Join(vlStrings, ","),
 	)
 }
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/expvar_collector.go b/vendor/github.com/prometheus/client_golang/prometheus/expvar_collector.go
index c41ab37f3..de5a85629 100644
--- a/vendor/github.com/prometheus/client_golang/prometheus/expvar_collector.go
+++ b/vendor/github.com/prometheus/client_golang/prometheus/expvar_collector.go
@@ -48,7 +48,7 @@ func (e *expvarCollector) Collect(ch chan<- Metric) {
 			continue
 		}
 		var v interface{}
-		labels := make([]string, len(desc.variableLabels))
+		labels := make([]string, len(desc.variableLabels.names))
 		if err := json.Unmarshal([]byte(expVar.String()), &v); err != nil {
 			ch <- NewInvalidMetric(desc, err)
 			continue
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/gauge.go b/vendor/github.com/prometheus/client_golang/prometheus/gauge.go
index f1ea6c76f..dd2eac940 100644
--- a/vendor/github.com/prometheus/client_golang/prometheus/gauge.go
+++ b/vendor/github.com/prometheus/client_golang/prometheus/gauge.go
@@ -62,7 +62,7 @@ type GaugeVecOpts struct {
 	GaugeOpts
 
 	// VariableLabels are used to partition the metric vector by the given set
-	// of labels. Each label value will be constrained with the optional Contraint
+	// of labels. Each label value will be constrained with the optional Constraint
 	// function, if provided.
 	VariableLabels ConstrainableLabels
 }
@@ -135,7 +135,7 @@ func (g *gauge) Sub(val float64) {
 
 func (g *gauge) Write(out *dto.Metric) error {
 	val := math.Float64frombits(atomic.LoadUint64(&g.valBits))
-	return populateMetric(GaugeValue, val, g.labelPairs, nil, out)
+	return populateMetric(GaugeValue, val, g.labelPairs, nil, out, nil)
 }
 
 // GaugeVec is a Collector that bundles a set of Gauges that all share the same
@@ -166,8 +166,8 @@ func (v2) NewGaugeVec(opts GaugeVecOpts) *GaugeVec {
 	)
 	return &GaugeVec{
 		MetricVec: NewMetricVec(desc, func(lvs ...string) Metric {
-			if len(lvs) != len(desc.variableLabels) {
-				panic(makeInconsistentCardinalityError(desc.fqName, desc.variableLabels.labelNames(), lvs))
+			if len(lvs) != len(desc.variableLabels.names) {
+				panic(makeInconsistentCardinalityError(desc.fqName, desc.variableLabels.names, lvs))
 			}
 			result := &gauge{desc: desc, labelPairs: MakeLabelPairs(desc, lvs)}
 			result.init(result) // Init self-collection.
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/histogram.go b/vendor/github.com/prometheus/client_golang/prometheus/histogram.go
index 5b69965b2..1feba62c6 100644
--- a/vendor/github.com/prometheus/client_golang/prometheus/histogram.go
+++ b/vendor/github.com/prometheus/client_golang/prometheus/histogram.go
@@ -25,6 +25,7 @@ import (
 	dto "github.com/prometheus/client_model/go"
 
 	"google.golang.org/protobuf/proto"
+	"google.golang.org/protobuf/types/known/timestamppb"
 )
 
 // nativeHistogramBounds for the frac of observed values. Only relevant for
@@ -391,7 +392,7 @@ type HistogramOpts struct {
 	// zero, it is replaced by default buckets. The default buckets are
 	// DefBuckets if no buckets for a native histogram (see below) are used,
 	// otherwise the default is no buckets. (In other words, if you want to
-	// use both reguler buckets and buckets for a native histogram, you have
+	// use both regular buckets and buckets for a native histogram, you have
 	// to define the regular buckets here explicitly.)
 	Buckets []float64
 
@@ -401,7 +402,7 @@ type HistogramOpts struct {
 	// Histogram by a Prometheus server with that feature enabled (requires
 	// Prometheus v2.40+). Sparse buckets are exponential buckets covering
 	// the whole float64 range (with the exception of the “zero” bucket, see
-	// SparseBucketsZeroThreshold below). From any one bucket to the next,
+	// NativeHistogramZeroThreshold below). From any one bucket to the next,
 	// the width of the bucket grows by a constant
 	// factor. NativeHistogramBucketFactor provides an upper bound for this
 	// factor (exception see below). The smaller
@@ -413,8 +414,8 @@ type HistogramOpts struct {
 	// and 2, same as between 2 and 4, and 4 and 8, etc.).
 	//
 	// Details about the actually used factor: The factor is calculated as
-	// 2^(2^n), where n is an integer number between (and including) -8 and
-	// 4. n is chosen so that the resulting factor is the largest that is
+	// 2^(2^-n), where n is an integer number between (and including) -4 and
+	// 8. n is chosen so that the resulting factor is the largest that is
 	// still smaller or equal to NativeHistogramBucketFactor. Note that the
 	// smallest possible factor is therefore approx. 1.00271 (i.e. 2^(2^-8)
 	// ). If NativeHistogramBucketFactor is greater than 1 but smaller than
@@ -428,12 +429,12 @@ type HistogramOpts struct {
 	// a major version bump.
 	NativeHistogramBucketFactor float64
 	// All observations with an absolute value of less or equal
-	// NativeHistogramZeroThreshold are accumulated into a “zero”
-	// bucket. For best results, this should be close to a bucket
-	// boundary. This is usually the case if picking a power of two. If
+	// NativeHistogramZeroThreshold are accumulated into a “zero” bucket.
+	// For best results, this should be close to a bucket boundary. This is
+	// usually the case if picking a power of two. If
 	// NativeHistogramZeroThreshold is left at zero,
-	// DefSparseBucketsZeroThreshold is used as the threshold. To configure
-	// a zero bucket with an actual threshold of zero (i.e. only
+	// DefNativeHistogramZeroThreshold is used as the threshold. To
+	// configure a zero bucket with an actual threshold of zero (i.e. only
 	// observations of precisely zero will go into the zero bucket), set
 	// NativeHistogramZeroThreshold to the NativeHistogramZeroThresholdZero
 	// constant (or any negative float value).
@@ -446,26 +447,34 @@ type HistogramOpts struct {
 	// Histogram are sufficiently wide-spread. In particular, this could be
 	// used as a DoS attack vector. Where the observed values depend on
 	// external inputs, it is highly recommended to set a
-	// NativeHistogramMaxBucketNumber.)  Once the set
+	// NativeHistogramMaxBucketNumber.) Once the set
 	// NativeHistogramMaxBucketNumber is exceeded, the following strategy is
-	// enacted: First, if the last reset (or the creation) of the histogram
-	// is at least NativeHistogramMinResetDuration ago, then the whole
-	// histogram is reset to its initial state (including regular
-	// buckets). If less time has passed, or if
-	// NativeHistogramMinResetDuration is zero, no reset is
-	// performed. Instead, the zero threshold is increased sufficiently to
-	// reduce the number of buckets to or below
-	// NativeHistogramMaxBucketNumber, but not to more than
-	// NativeHistogramMaxZeroThreshold. Thus, if
-	// NativeHistogramMaxZeroThreshold is already at or below the current
-	// zero threshold, nothing happens at this step. After that, if the
-	// number of buckets still exceeds NativeHistogramMaxBucketNumber, the
-	// resolution of the histogram is reduced by doubling the width of the
-	// sparse buckets (up to a growth factor between one bucket to the next
-	// of 2^(2^4) = 65536, see above).
+	// enacted:
+	//  - First, if the last reset (or the creation) of the histogram is at
+	//    least NativeHistogramMinResetDuration ago, then the whole
+	//    histogram is reset to its initial state (including regular
+	//    buckets).
+	//  - If less time has passed, or if NativeHistogramMinResetDuration is
+	//    zero, no reset is performed. Instead, the zero threshold is
+	//    increased sufficiently to reduce the number of buckets to or below
+	//    NativeHistogramMaxBucketNumber, but not to more than
+	//    NativeHistogramMaxZeroThreshold. Thus, if
+	//    NativeHistogramMaxZeroThreshold is already at or below the current
+	//    zero threshold, nothing happens at this step.
+	//  - After that, if the number of buckets still exceeds
+	//    NativeHistogramMaxBucketNumber, the resolution of the histogram is
+	//    reduced by doubling the width of the sparse buckets (up to a
+	//    growth factor between one bucket to the next of 2^(2^4) = 65536,
+	//    see above).
+	//  - Any increased zero threshold or reduced resolution is reset back
+	//    to their original values once NativeHistogramMinResetDuration has
+	//    passed (since the last reset or the creation of the histogram).
 	NativeHistogramMaxBucketNumber  uint32
 	NativeHistogramMinResetDuration time.Duration
 	NativeHistogramMaxZeroThreshold float64
+
+	// now is for testing purposes, by default it's time.Now.
+	now func() time.Time
 }
 
 // HistogramVecOpts bundles the options to create a HistogramVec metric.
@@ -475,7 +484,7 @@ type HistogramVecOpts struct {
 	HistogramOpts
 
 	// VariableLabels are used to partition the metric vector by the given set
-	// of labels. Each label value will be constrained with the optional Contraint
+	// of labels. Each label value will be constrained with the optional Constraint
 	// function, if provided.
 	VariableLabels ConstrainableLabels
 }
@@ -499,12 +508,12 @@ func NewHistogram(opts HistogramOpts) Histogram {
 }
 
 func newHistogram(desc *Desc, opts HistogramOpts, labelValues ...string) Histogram {
-	if len(desc.variableLabels) != len(labelValues) {
-		panic(makeInconsistentCardinalityError(desc.fqName, desc.variableLabels.labelNames(), labelValues))
+	if len(desc.variableLabels.names) != len(labelValues) {
+		panic(makeInconsistentCardinalityError(desc.fqName, desc.variableLabels.names, labelValues))
 	}
 
-	for _, n := range desc.variableLabels {
-		if n.Name == bucketLabel {
+	for _, n := range desc.variableLabels.names {
+		if n == bucketLabel {
 			panic(errBucketLabelNotAllowed)
 		}
 	}
@@ -514,6 +523,10 @@ func newHistogram(desc *Desc, opts HistogramOpts, labelValues ...string) Histogr
 		}
 	}
 
+	if opts.now == nil {
+		opts.now = time.Now
+	}
+
 	h := &histogram{
 		desc:                            desc,
 		upperBounds:                     opts.Buckets,
@@ -521,8 +534,8 @@ func newHistogram(desc *Desc, opts HistogramOpts, labelValues ...string) Histogr
 		nativeHistogramMaxBuckets:       opts.NativeHistogramMaxBucketNumber,
 		nativeHistogramMaxZeroThreshold: opts.NativeHistogramMaxZeroThreshold,
 		nativeHistogramMinResetDuration: opts.NativeHistogramMinResetDuration,
-		lastResetTime:                   time.Now(),
-		now:                             time.Now,
+		lastResetTime:                   opts.now(),
+		now:                             opts.now,
 	}
 	if len(h.upperBounds) == 0 && opts.NativeHistogramBucketFactor <= 1 {
 		h.upperBounds = DefBuckets
@@ -639,8 +652,8 @@ func (hc *histogramCounts) observe(v float64, bucket int, doSparse bool) {
 			if frac == 0.5 {
 				key--
 			}
-			div := 1 << -schema
-			key = (key + div - 1) / div
+			offset := (1 << -schema) - 1
+			key = (key + offset) >> -schema
 		}
 		if isInf {
 			key++
@@ -701,9 +714,11 @@ type histogram struct {
 	nativeHistogramMaxZeroThreshold float64
 	nativeHistogramMaxBuckets       uint32
 	nativeHistogramMinResetDuration time.Duration
-	lastResetTime                   time.Time // Protected by mtx.
+	// lastResetTime is protected by mtx. It is also used as created timestamp.
+	lastResetTime time.Time
 
-	now func() time.Time // To mock out time.Now() for testing.
+	// now is for testing purposes, by default it's time.Now.
+	now func() time.Time
 }
 
 func (h *histogram) Desc() *Desc {
@@ -742,9 +757,10 @@ func (h *histogram) Write(out *dto.Metric) error {
 	waitForCooldown(count, coldCounts)
 
 	his := &dto.Histogram{
-		Bucket:      make([]*dto.Bucket, len(h.upperBounds)),
-		SampleCount: proto.Uint64(count),
-		SampleSum:   proto.Float64(math.Float64frombits(atomic.LoadUint64(&coldCounts.sumBits))),
+		Bucket:           make([]*dto.Bucket, len(h.upperBounds)),
+		SampleCount:      proto.Uint64(count),
+		SampleSum:        proto.Float64(math.Float64frombits(atomic.LoadUint64(&coldCounts.sumBits))),
+		CreatedTimestamp: timestamppb.New(h.lastResetTime),
 	}
 	out.Histogram = his
 	out.Label = h.labelPairs
@@ -782,6 +798,16 @@ func (h *histogram) Write(out *dto.Metric) error {
 		his.ZeroCount = proto.Uint64(zeroBucket)
 		his.NegativeSpan, his.NegativeDelta = makeBuckets(&coldCounts.nativeHistogramBucketsNegative)
 		his.PositiveSpan, his.PositiveDelta = makeBuckets(&coldCounts.nativeHistogramBucketsPositive)
+
+		// Add a no-op span to a histogram without observations and with
+		// a zero threshold of zero. Otherwise, a native histogram would
+		// look like a classic histogram to scrapers.
+		if *his.ZeroThreshold == 0 && *his.ZeroCount == 0 && len(his.PositiveSpan) == 0 && len(his.NegativeSpan) == 0 {
+			his.PositiveSpan = []*dto.BucketSpan{{
+				Offset: proto.Int32(0),
+				Length: proto.Uint32(0),
+			}}
+		}
 	}
 	addAndResetCounts(hotCounts, coldCounts)
 	return nil
@@ -817,7 +843,7 @@ func (h *histogram) observe(v float64, bucket int) {
 	}
 }
 
-// limitSparsebuckets applies a strategy to limit the number of populated sparse
+// limitBuckets applies a strategy to limit the number of populated sparse
 // buckets. It's generally best effort, and there are situations where the
 // number can go higher (if even the lowest resolution isn't enough to reduce
 // the number sufficiently, or if the provided counts aren't fully updated yet
@@ -854,20 +880,23 @@ func (h *histogram) limitBuckets(counts *histogramCounts, value float64, bucket
 	h.doubleBucketWidth(hotCounts, coldCounts)
 }
 
-// maybeReset resests the whole histogram if at least h.nativeHistogramMinResetDuration
+// maybeReset resets the whole histogram if at least h.nativeHistogramMinResetDuration
 // has been passed. It returns true if the histogram has been reset. The caller
 // must have locked h.mtx.
-func (h *histogram) maybeReset(hot, cold *histogramCounts, coldIdx uint64, value float64, bucket int) bool {
+func (h *histogram) maybeReset(
+	hot, cold *histogramCounts, coldIdx uint64, value float64, bucket int,
+) bool {
 	// We are using the possibly mocked h.now() rather than
 	// time.Since(h.lastResetTime) to enable testing.
-	if h.nativeHistogramMinResetDuration == 0 || h.now().Sub(h.lastResetTime) < h.nativeHistogramMinResetDuration {
+	if h.nativeHistogramMinResetDuration == 0 ||
+		h.now().Sub(h.lastResetTime) < h.nativeHistogramMinResetDuration {
 		return false
 	}
 	// Completely reset coldCounts.
 	h.resetCounts(cold)
 	// Repeat the latest observation to not lose it completely.
 	cold.observe(value, bucket, true)
-	// Make coldCounts the new hot counts while ressetting countAndHotIdx.
+	// Make coldCounts the new hot counts while resetting countAndHotIdx.
 	n := atomic.SwapUint64(&h.countAndHotIdx, (coldIdx<<63)+1)
 	count := n & ((1 << 63) - 1)
 	waitForCooldown(count, hot)
@@ -1176,6 +1205,7 @@ type constHistogram struct {
 	sum        float64
 	buckets    map[float64]uint64
 	labelPairs []*dto.LabelPair
+	createdTs  *timestamppb.Timestamp
 }
 
 func (h *constHistogram) Desc() *Desc {
@@ -1183,7 +1213,9 @@ func (h *constHistogram) Desc() *Desc {
 }
 
 func (h *constHistogram) Write(out *dto.Metric) error {
-	his := &dto.Histogram{}
+	his := &dto.Histogram{
+		CreatedTimestamp: h.createdTs,
+	}
 
 	buckets := make([]*dto.Bucket, 0, len(h.buckets))
 
@@ -1230,7 +1262,7 @@ func NewConstHistogram(
 	if desc.err != nil {
 		return nil, desc.err
 	}
-	if err := validateLabelValues(labelValues, len(desc.variableLabels)); err != nil {
+	if err := validateLabelValues(labelValues, len(desc.variableLabels.names)); err != nil {
 		return nil, err
 	}
 	return &constHistogram{
@@ -1324,7 +1356,7 @@ func makeBuckets(buckets *sync.Map) ([]*dto.BucketSpan, []int64) {
 		// Multiple spans with only small gaps in between are probably
 		// encoded more efficiently as one larger span with a few empty
 		// buckets. Needs some research to find the sweet spot. For now,
-		// we assume that gaps of one ore two buckets should not create
+		// we assume that gaps of one or two buckets should not create
 		// a new span.
 		iDelta := int32(i - nextI)
 		if n == 0 || iDelta > 2 {
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/internal/difflib.go b/vendor/github.com/prometheus/client_golang/prometheus/internal/difflib.go
index fd0750f2c..a595a2036 100644
--- a/vendor/github.com/prometheus/client_golang/prometheus/internal/difflib.go
+++ b/vendor/github.com/prometheus/client_golang/prometheus/internal/difflib.go
@@ -14,7 +14,7 @@
 // It provides tools to compare sequences of strings and generate textual diffs.
 //
 // Maintaining `GetUnifiedDiffString` here because original repository
-// (https://github.com/pmezard/go-difflib) is no loger maintained.
+// (https://github.com/pmezard/go-difflib) is no longer maintained.
 package internal
 
 import (
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/labels.go b/vendor/github.com/prometheus/client_golang/prometheus/labels.go
index 63ff8683c..b3c4eca2b 100644
--- a/vendor/github.com/prometheus/client_golang/prometheus/labels.go
+++ b/vendor/github.com/prometheus/client_golang/prometheus/labels.go
@@ -32,19 +32,15 @@ import (
 // create a Desc.
 type Labels map[string]string
 
+// LabelConstraint normalizes label values.
+type LabelConstraint func(string) string
+
 // ConstrainedLabels represents a label name and its constrain function
 // to normalize label values. This type is commonly used when constructing
 // metric vector Collectors.
 type ConstrainedLabel struct {
 	Name       string
-	Constraint func(string) string
-}
-
-func (cl ConstrainedLabel) Constrain(v string) string {
-	if cl.Constraint == nil {
-		return v
-	}
-	return cl.Constraint(v)
+	Constraint LabelConstraint
 }
 
 // ConstrainableLabels is an interface that allows creating of labels that can
@@ -58,7 +54,7 @@ func (cl ConstrainedLabel) Constrain(v string) string {
 //	  },
 //	})
 type ConstrainableLabels interface {
-	constrainedLabels() ConstrainedLabels
+	compile() *compiledLabels
 	labelNames() []string
 }
 
@@ -67,8 +63,20 @@ type ConstrainableLabels interface {
 // metric vector Collectors.
 type ConstrainedLabels []ConstrainedLabel
 
-func (cls ConstrainedLabels) constrainedLabels() ConstrainedLabels {
-	return cls
+func (cls ConstrainedLabels) compile() *compiledLabels {
+	compiled := &compiledLabels{
+		names:            make([]string, len(cls)),
+		labelConstraints: map[string]LabelConstraint{},
+	}
+
+	for i, label := range cls {
+		compiled.names[i] = label.Name
+		if label.Constraint != nil {
+			compiled.labelConstraints[label.Name] = label.Constraint
+		}
+	}
+
+	return compiled
 }
 
 func (cls ConstrainedLabels) labelNames() []string {
@@ -92,18 +100,36 @@ func (cls ConstrainedLabels) labelNames() []string {
 //	}
 type UnconstrainedLabels []string
 
-func (uls UnconstrainedLabels) constrainedLabels() ConstrainedLabels {
-	constrainedLabels := make([]ConstrainedLabel, len(uls))
-	for i, l := range uls {
-		constrainedLabels[i] = ConstrainedLabel{Name: l}
+func (uls UnconstrainedLabels) compile() *compiledLabels {
+	return &compiledLabels{
+		names: uls,
 	}
-	return constrainedLabels
 }
 
 func (uls UnconstrainedLabels) labelNames() []string {
 	return uls
 }
 
+type compiledLabels struct {
+	names            []string
+	labelConstraints map[string]LabelConstraint
+}
+
+func (cls *compiledLabels) compile() *compiledLabels {
+	return cls
+}
+
+func (cls *compiledLabels) labelNames() []string {
+	return cls.names
+}
+
+func (cls *compiledLabels) constrain(labelName, value string) string {
+	if fn, ok := cls.labelConstraints[labelName]; ok && fn != nil {
+		return fn(value)
+	}
+	return value
+}
+
 // reservedLabelPrefix is a prefix which is not legal in user-supplied
 // label names.
 const reservedLabelPrefix = "__"
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/metric.go b/vendor/github.com/prometheus/client_golang/prometheus/metric.go
index 07bbc9d76..f018e5723 100644
--- a/vendor/github.com/prometheus/client_golang/prometheus/metric.go
+++ b/vendor/github.com/prometheus/client_golang/prometheus/metric.go
@@ -92,6 +92,9 @@ type Opts struct {
 	// machine_role metric). See also
 	// https://prometheus.io/docs/instrumenting/writing_exporters/#target-labels-not-static-scraped-labels
 	ConstLabels Labels
+
+	// now is for testing purposes, by default it's time.Now.
+	now func() time.Time
 }
 
 // BuildFQName joins the given three name components by "_". Empty name
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/promhttp/http.go b/vendor/github.com/prometheus/client_golang/prometheus/promhttp/http.go
index a4cc9810b..09b8d2fbe 100644
--- a/vendor/github.com/prometheus/client_golang/prometheus/promhttp/http.go
+++ b/vendor/github.com/prometheus/client_golang/prometheus/promhttp/http.go
@@ -37,6 +37,7 @@ import (
 	"fmt"
 	"io"
 	"net/http"
+	"strconv"
 	"strings"
 	"sync"
 	"time"
@@ -47,9 +48,10 @@ import (
 )
 
 const (
-	contentTypeHeader     = "Content-Type"
-	contentEncodingHeader = "Content-Encoding"
-	acceptEncodingHeader  = "Accept-Encoding"
+	contentTypeHeader      = "Content-Type"
+	contentEncodingHeader  = "Content-Encoding"
+	acceptEncodingHeader   = "Accept-Encoding"
+	processStartTimeHeader = "Process-Start-Time-Unix"
 )
 
 var gzipPool = sync.Pool{
@@ -121,6 +123,9 @@ func HandlerForTransactional(reg prometheus.TransactionalGatherer, opts HandlerO
 	}
 
 	h := http.HandlerFunc(func(rsp http.ResponseWriter, req *http.Request) {
+		if !opts.ProcessStartTime.IsZero() {
+			rsp.Header().Set(processStartTimeHeader, strconv.FormatInt(opts.ProcessStartTime.Unix(), 10))
+		}
 		if inFlightSem != nil {
 			select {
 			case inFlightSem <- struct{}{}: // All good, carry on.
@@ -366,6 +371,14 @@ type HandlerOpts struct {
 	// (which changes the identity of the resulting series on the Prometheus
 	// server).
 	EnableOpenMetrics bool
+	// ProcessStartTime allows setting process start timevalue that will be exposed
+	// with "Process-Start-Time-Unix" response header along with the metrics
+	// payload. This allow callers to have efficient transformations to cumulative
+	// counters (e.g. OpenTelemetry) or generally _created timestamp estimation per
+	// scrape target.
+	// NOTE: This feature is experimental and not covered by OpenMetrics or Prometheus
+	// exposition format.
+	ProcessStartTime time.Time
 }
 
 // gzipAccepted returns whether the client will accept gzip-encoded content.
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/promhttp/instrument_server.go b/vendor/github.com/prometheus/client_golang/prometheus/promhttp/instrument_server.go
index 3793036ad..356edb786 100644
--- a/vendor/github.com/prometheus/client_golang/prometheus/promhttp/instrument_server.go
+++ b/vendor/github.com/prometheus/client_golang/prometheus/promhttp/instrument_server.go
@@ -389,15 +389,12 @@ func isLabelCurried(c prometheus.Collector, label string) bool {
 	return true
 }
 
-// emptyLabels is a one-time allocation for non-partitioned metrics to avoid
-// unnecessary allocations on each request.
-var emptyLabels = prometheus.Labels{}
-
 func labels(code, method bool, reqMethod string, status int, extraMethods ...string) prometheus.Labels {
+	labels := prometheus.Labels{}
+
 	if !(code || method) {
-		return emptyLabels
+		return labels
 	}
-	labels := prometheus.Labels{}
 
 	if code {
 		labels["code"] = sanitizeCode(status)
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/registry.go b/vendor/github.com/prometheus/client_golang/prometheus/registry.go
index 44da9433b..5e2ced25a 100644
--- a/vendor/github.com/prometheus/client_golang/prometheus/registry.go
+++ b/vendor/github.com/prometheus/client_golang/prometheus/registry.go
@@ -548,7 +548,7 @@ func (r *Registry) Gather() ([]*dto.MetricFamily, error) {
 			goroutineBudget--
 			runtime.Gosched()
 		}
-		// Once both checkedMetricChan and uncheckdMetricChan are closed
+		// Once both checkedMetricChan and uncheckedMetricChan are closed
 		// and drained, the contraption above will nil out cmc and umc,
 		// and then we can leave the collect loop here.
 		if cmc == nil && umc == nil {
@@ -963,9 +963,9 @@ func checkDescConsistency(
 	// Is the desc consistent with the content of the metric?
 	lpsFromDesc := make([]*dto.LabelPair, len(desc.constLabelPairs), len(dtoMetric.Label))
 	copy(lpsFromDesc, desc.constLabelPairs)
-	for _, l := range desc.variableLabels {
+	for _, l := range desc.variableLabels.names {
 		lpsFromDesc = append(lpsFromDesc, &dto.LabelPair{
-			Name: proto.String(l.Name),
+			Name: proto.String(l),
 		})
 	}
 	if len(lpsFromDesc) != len(dtoMetric.Label) {
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/summary.go b/vendor/github.com/prometheus/client_golang/prometheus/summary.go
index dd359264e..146270444 100644
--- a/vendor/github.com/prometheus/client_golang/prometheus/summary.go
+++ b/vendor/github.com/prometheus/client_golang/prometheus/summary.go
@@ -26,6 +26,7 @@ import (
 
 	"github.com/beorn7/perks/quantile"
 	"google.golang.org/protobuf/proto"
+	"google.golang.org/protobuf/types/known/timestamppb"
 )
 
 // quantileLabel is used for the label that defines the quantile in a
@@ -145,6 +146,9 @@ type SummaryOpts struct {
 	// is the internal buffer size of the underlying package
 	// "github.com/bmizerany/perks/quantile").
 	BufCap uint32
+
+	// now is for testing purposes, by default it's time.Now.
+	now func() time.Time
 }
 
 // SummaryVecOpts bundles the options to create a SummaryVec metric.
@@ -154,7 +158,7 @@ type SummaryVecOpts struct {
 	SummaryOpts
 
 	// VariableLabels are used to partition the metric vector by the given set
-	// of labels. Each label value will be constrained with the optional Contraint
+	// of labels. Each label value will be constrained with the optional Constraint
 	// function, if provided.
 	VariableLabels ConstrainableLabels
 }
@@ -188,12 +192,12 @@ func NewSummary(opts SummaryOpts) Summary {
 }
 
 func newSummary(desc *Desc, opts SummaryOpts, labelValues ...string) Summary {
-	if len(desc.variableLabels) != len(labelValues) {
-		panic(makeInconsistentCardinalityError(desc.fqName, desc.variableLabels.labelNames(), labelValues))
+	if len(desc.variableLabels.names) != len(labelValues) {
+		panic(makeInconsistentCardinalityError(desc.fqName, desc.variableLabels.names, labelValues))
 	}
 
-	for _, n := range desc.variableLabels {
-		if n.Name == quantileLabel {
+	for _, n := range desc.variableLabels.names {
+		if n == quantileLabel {
 			panic(errQuantileLabelNotAllowed)
 		}
 	}
@@ -222,6 +226,9 @@ func newSummary(desc *Desc, opts SummaryOpts, labelValues ...string) Summary {
 		opts.BufCap = DefBufCap
 	}
 
+	if opts.now == nil {
+		opts.now = time.Now
+	}
 	if len(opts.Objectives) == 0 {
 		// Use the lock-free implementation of a Summary without objectives.
 		s := &noObjectivesSummary{
@@ -230,6 +237,7 @@ func newSummary(desc *Desc, opts SummaryOpts, labelValues ...string) Summary {
 			counts:     [2]*summaryCounts{{}, {}},
 		}
 		s.init(s) // Init self-collection.
+		s.createdTs = timestamppb.New(opts.now())
 		return s
 	}
 
@@ -245,7 +253,7 @@ func newSummary(desc *Desc, opts SummaryOpts, labelValues ...string) Summary {
 		coldBuf:        make([]float64, 0, opts.BufCap),
 		streamDuration: opts.MaxAge / time.Duration(opts.AgeBuckets),
 	}
-	s.headStreamExpTime = time.Now().Add(s.streamDuration)
+	s.headStreamExpTime = opts.now().Add(s.streamDuration)
 	s.hotBufExpTime = s.headStreamExpTime
 
 	for i := uint32(0); i < opts.AgeBuckets; i++ {
@@ -259,6 +267,7 @@ func newSummary(desc *Desc, opts SummaryOpts, labelValues ...string) Summary {
 	sort.Float64s(s.sortedObjectives)
 
 	s.init(s) // Init self-collection.
+	s.createdTs = timestamppb.New(opts.now())
 	return s
 }
 
@@ -286,6 +295,8 @@ type summary struct {
 	headStream                       *quantile.Stream
 	headStreamIdx                    int
 	headStreamExpTime, hotBufExpTime time.Time
+
+	createdTs *timestamppb.Timestamp
 }
 
 func (s *summary) Desc() *Desc {
@@ -307,7 +318,9 @@ func (s *summary) Observe(v float64) {
 }
 
 func (s *summary) Write(out *dto.Metric) error {
-	sum := &dto.Summary{}
+	sum := &dto.Summary{
+		CreatedTimestamp: s.createdTs,
+	}
 	qs := make([]*dto.Quantile, 0, len(s.objectives))
 
 	s.bufMtx.Lock()
@@ -440,6 +453,8 @@ type noObjectivesSummary struct {
 	counts [2]*summaryCounts
 
 	labelPairs []*dto.LabelPair
+
+	createdTs *timestamppb.Timestamp
 }
 
 func (s *noObjectivesSummary) Desc() *Desc {
@@ -490,8 +505,9 @@ func (s *noObjectivesSummary) Write(out *dto.Metric) error {
 	}
 
 	sum := &dto.Summary{
-		SampleCount: proto.Uint64(count),
-		SampleSum:   proto.Float64(math.Float64frombits(atomic.LoadUint64(&coldCounts.sumBits))),
+		SampleCount:      proto.Uint64(count),
+		SampleSum:        proto.Float64(math.Float64frombits(atomic.LoadUint64(&coldCounts.sumBits))),
+		CreatedTimestamp: s.createdTs,
 	}
 
 	out.Summary = sum
@@ -681,6 +697,7 @@ type constSummary struct {
 	sum        float64
 	quantiles  map[float64]float64
 	labelPairs []*dto.LabelPair
+	createdTs  *timestamppb.Timestamp
 }
 
 func (s *constSummary) Desc() *Desc {
@@ -688,7 +705,9 @@ func (s *constSummary) Desc() *Desc {
 }
 
 func (s *constSummary) Write(out *dto.Metric) error {
-	sum := &dto.Summary{}
+	sum := &dto.Summary{
+		CreatedTimestamp: s.createdTs,
+	}
 	qs := make([]*dto.Quantile, 0, len(s.quantiles))
 
 	sum.SampleCount = proto.Uint64(s.count)
@@ -737,7 +756,7 @@ func NewConstSummary(
 	if desc.err != nil {
 		return nil, desc.err
 	}
-	if err := validateLabelValues(labelValues, len(desc.variableLabels)); err != nil {
+	if err := validateLabelValues(labelValues, len(desc.variableLabels.names)); err != nil {
 		return nil, err
 	}
 	return &constSummary{
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/value.go b/vendor/github.com/prometheus/client_golang/prometheus/value.go
index 5f6bb8001..cc23011fa 100644
--- a/vendor/github.com/prometheus/client_golang/prometheus/value.go
+++ b/vendor/github.com/prometheus/client_golang/prometheus/value.go
@@ -14,6 +14,7 @@
 package prometheus
 
 import (
+	"errors"
 	"fmt"
 	"sort"
 	"time"
@@ -91,7 +92,7 @@ func (v *valueFunc) Desc() *Desc {
 }
 
 func (v *valueFunc) Write(out *dto.Metric) error {
-	return populateMetric(v.valType, v.function(), v.labelPairs, nil, out)
+	return populateMetric(v.valType, v.function(), v.labelPairs, nil, out, nil)
 }
 
 // NewConstMetric returns a metric with one fixed value that cannot be
@@ -105,12 +106,12 @@ func NewConstMetric(desc *Desc, valueType ValueType, value float64, labelValues
 	if desc.err != nil {
 		return nil, desc.err
 	}
-	if err := validateLabelValues(labelValues, len(desc.variableLabels)); err != nil {
+	if err := validateLabelValues(labelValues, len(desc.variableLabels.names)); err != nil {
 		return nil, err
 	}
 
 	metric := &dto.Metric{}
-	if err := populateMetric(valueType, value, MakeLabelPairs(desc, labelValues), nil, metric); err != nil {
+	if err := populateMetric(valueType, value, MakeLabelPairs(desc, labelValues), nil, metric, nil); err != nil {
 		return nil, err
 	}
 
@@ -130,6 +131,43 @@ func MustNewConstMetric(desc *Desc, valueType ValueType, value float64, labelVal
 	return m
 }
 
+// NewConstMetricWithCreatedTimestamp does the same thing as NewConstMetric, but generates Counters
+// with created timestamp set and returns an error for other metric types.
+func NewConstMetricWithCreatedTimestamp(desc *Desc, valueType ValueType, value float64, ct time.Time, labelValues ...string) (Metric, error) {
+	if desc.err != nil {
+		return nil, desc.err
+	}
+	if err := validateLabelValues(labelValues, len(desc.variableLabels.names)); err != nil {
+		return nil, err
+	}
+	switch valueType {
+	case CounterValue:
+		break
+	default:
+		return nil, errors.New("created timestamps are only supported for counters")
+	}
+
+	metric := &dto.Metric{}
+	if err := populateMetric(valueType, value, MakeLabelPairs(desc, labelValues), nil, metric, timestamppb.New(ct)); err != nil {
+		return nil, err
+	}
+
+	return &constMetric{
+		desc:   desc,
+		metric: metric,
+	}, nil
+}
+
+// MustNewConstMetricWithCreatedTimestamp is a version of NewConstMetricWithCreatedTimestamp that panics where
+// NewConstMetricWithCreatedTimestamp would have returned an error.
+func MustNewConstMetricWithCreatedTimestamp(desc *Desc, valueType ValueType, value float64, ct time.Time, labelValues ...string) Metric {
+	m, err := NewConstMetricWithCreatedTimestamp(desc, valueType, value, ct, labelValues...)
+	if err != nil {
+		panic(err)
+	}
+	return m
+}
+
 type constMetric struct {
 	desc   *Desc
 	metric *dto.Metric
@@ -153,11 +191,12 @@ func populateMetric(
 	labelPairs []*dto.LabelPair,
 	e *dto.Exemplar,
 	m *dto.Metric,
+	ct *timestamppb.Timestamp,
 ) error {
 	m.Label = labelPairs
 	switch t {
 	case CounterValue:
-		m.Counter = &dto.Counter{Value: proto.Float64(v), Exemplar: e}
+		m.Counter = &dto.Counter{Value: proto.Float64(v), Exemplar: e, CreatedTimestamp: ct}
 	case GaugeValue:
 		m.Gauge = &dto.Gauge{Value: proto.Float64(v)}
 	case UntypedValue:
@@ -176,19 +215,19 @@ func populateMetric(
 // This function is only needed for custom Metric implementations. See MetricVec
 // example.
 func MakeLabelPairs(desc *Desc, labelValues []string) []*dto.LabelPair {
-	totalLen := len(desc.variableLabels) + len(desc.constLabelPairs)
+	totalLen := len(desc.variableLabels.names) + len(desc.constLabelPairs)
 	if totalLen == 0 {
 		// Super fast path.
 		return nil
 	}
-	if len(desc.variableLabels) == 0 {
+	if len(desc.variableLabels.names) == 0 {
 		// Moderately fast path.
 		return desc.constLabelPairs
 	}
 	labelPairs := make([]*dto.LabelPair, 0, totalLen)
-	for i, l := range desc.variableLabels {
+	for i, l := range desc.variableLabels.names {
 		labelPairs = append(labelPairs, &dto.LabelPair{
-			Name:  proto.String(l.Name),
+			Name:  proto.String(l),
 			Value: proto.String(labelValues[i]),
 		})
 	}
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/vec.go b/vendor/github.com/prometheus/client_golang/prometheus/vec.go
index 386fb2d23..955cfd59f 100644
--- a/vendor/github.com/prometheus/client_golang/prometheus/vec.go
+++ b/vendor/github.com/prometheus/client_golang/prometheus/vec.go
@@ -73,6 +73,7 @@ func NewMetricVec(desc *Desc, newMetric func(lvs ...string) Metric) *MetricVec {
 // See also the CounterVec example.
 func (m *MetricVec) DeleteLabelValues(lvs ...string) bool {
 	lvs = constrainLabelValues(m.desc, lvs, m.curry)
+
 	h, err := m.hashLabelValues(lvs)
 	if err != nil {
 		return false
@@ -92,7 +93,9 @@ func (m *MetricVec) DeleteLabelValues(lvs ...string) bool {
 // This method is used for the same purpose as DeleteLabelValues(...string). See
 // there for pros and cons of the two methods.
 func (m *MetricVec) Delete(labels Labels) bool {
-	labels = constrainLabels(m.desc, labels)
+	labels, closer := constrainLabels(m.desc, labels)
+	defer closer()
+
 	h, err := m.hashLabels(labels)
 	if err != nil {
 		return false
@@ -108,7 +111,9 @@ func (m *MetricVec) Delete(labels Labels) bool {
 // Note that curried labels will never be matched if deleting from the curried vector.
 // To match curried labels with DeletePartialMatch, it must be called on the base vector.
 func (m *MetricVec) DeletePartialMatch(labels Labels) int {
-	labels = constrainLabels(m.desc, labels)
+	labels, closer := constrainLabels(m.desc, labels)
+	defer closer()
+
 	return m.metricMap.deleteByLabels(labels, m.curry)
 }
 
@@ -147,11 +152,11 @@ func (m *MetricVec) CurryWith(labels Labels) (*MetricVec, error) {
 		oldCurry = m.curry
 		iCurry   int
 	)
-	for i, label := range m.desc.variableLabels {
-		val, ok := labels[label.Name]
+	for i, labelName := range m.desc.variableLabels.names {
+		val, ok := labels[labelName]
 		if iCurry < len(oldCurry) && oldCurry[iCurry].index == i {
 			if ok {
-				return nil, fmt.Errorf("label name %q is already curried", label.Name)
+				return nil, fmt.Errorf("label name %q is already curried", labelName)
 			}
 			newCurry = append(newCurry, oldCurry[iCurry])
 			iCurry++
@@ -159,7 +164,10 @@ func (m *MetricVec) CurryWith(labels Labels) (*MetricVec, error) {
 			if !ok {
 				continue // Label stays uncurried.
 			}
-			newCurry = append(newCurry, curriedLabelValue{i, label.Constrain(val)})
+			newCurry = append(newCurry, curriedLabelValue{
+				i,
+				m.desc.variableLabels.constrain(labelName, val),
+			})
 		}
 	}
 	if l := len(oldCurry) + len(labels) - len(newCurry); l > 0 {
@@ -228,7 +236,9 @@ func (m *MetricVec) GetMetricWithLabelValues(lvs ...string) (Metric, error) {
 // around MetricVec, implementing a vector for a specific Metric implementation,
 // for example GaugeVec.
 func (m *MetricVec) GetMetricWith(labels Labels) (Metric, error) {
-	labels = constrainLabels(m.desc, labels)
+	labels, closer := constrainLabels(m.desc, labels)
+	defer closer()
+
 	h, err := m.hashLabels(labels)
 	if err != nil {
 		return nil, err
@@ -238,7 +248,7 @@ func (m *MetricVec) GetMetricWith(labels Labels) (Metric, error) {
 }
 
 func (m *MetricVec) hashLabelValues(vals []string) (uint64, error) {
-	if err := validateLabelValues(vals, len(m.desc.variableLabels)-len(m.curry)); err != nil {
+	if err := validateLabelValues(vals, len(m.desc.variableLabels.names)-len(m.curry)); err != nil {
 		return 0, err
 	}
 
@@ -247,7 +257,7 @@ func (m *MetricVec) hashLabelValues(vals []string) (uint64, error) {
 		curry         = m.curry
 		iVals, iCurry int
 	)
-	for i := 0; i < len(m.desc.variableLabels); i++ {
+	for i := 0; i < len(m.desc.variableLabels.names); i++ {
 		if iCurry < len(curry) && curry[iCurry].index == i {
 			h = m.hashAdd(h, curry[iCurry].value)
 			iCurry++
@@ -261,7 +271,7 @@ func (m *MetricVec) hashLabelValues(vals []string) (uint64, error) {
 }
 
 func (m *MetricVec) hashLabels(labels Labels) (uint64, error) {
-	if err := validateValuesInLabels(labels, len(m.desc.variableLabels)-len(m.curry)); err != nil {
+	if err := validateValuesInLabels(labels, len(m.desc.variableLabels.names)-len(m.curry)); err != nil {
 		return 0, err
 	}
 
@@ -270,17 +280,17 @@ func (m *MetricVec) hashLabels(labels Labels) (uint64, error) {
 		curry  = m.curry
 		iCurry int
 	)
-	for i, label := range m.desc.variableLabels {
-		val, ok := labels[label.Name]
+	for i, labelName := range m.desc.variableLabels.names {
+		val, ok := labels[labelName]
 		if iCurry < len(curry) && curry[iCurry].index == i {
 			if ok {
-				return 0, fmt.Errorf("label name %q is already curried", label.Name)
+				return 0, fmt.Errorf("label name %q is already curried", labelName)
 			}
 			h = m.hashAdd(h, curry[iCurry].value)
 			iCurry++
 		} else {
 			if !ok {
-				return 0, fmt.Errorf("label name %q missing in label map", label.Name)
+				return 0, fmt.Errorf("label name %q missing in label map", labelName)
 			}
 			h = m.hashAdd(h, val)
 		}
@@ -458,7 +468,7 @@ func valueMatchesVariableOrCurriedValue(targetValue string, index int, values []
 func matchPartialLabels(desc *Desc, values []string, labels Labels, curry []curriedLabelValue) bool {
 	for l, v := range labels {
 		// Check if the target label exists in our metrics and get the index.
-		varLabelIndex, validLabel := indexOf(l, desc.variableLabels.labelNames())
+		varLabelIndex, validLabel := indexOf(l, desc.variableLabels.names)
 		if validLabel {
 			// Check the value of that label against the target value.
 			// We don't consider curried values in partial matches.
@@ -602,7 +612,7 @@ func matchLabels(desc *Desc, values []string, labels Labels, curry []curriedLabe
 		return false
 	}
 	iCurry := 0
-	for i, k := range desc.variableLabels {
+	for i, k := range desc.variableLabels.names {
 		if iCurry < len(curry) && curry[iCurry].index == i {
 			if values[i] != curry[iCurry].value {
 				return false
@@ -610,7 +620,7 @@ func matchLabels(desc *Desc, values []string, labels Labels, curry []curriedLabe
 			iCurry++
 			continue
 		}
-		if values[i] != labels[k.Name] {
+		if values[i] != labels[k] {
 			return false
 		}
 	}
@@ -620,13 +630,13 @@ func matchLabels(desc *Desc, values []string, labels Labels, curry []curriedLabe
 func extractLabelValues(desc *Desc, labels Labels, curry []curriedLabelValue) []string {
 	labelValues := make([]string, len(labels)+len(curry))
 	iCurry := 0
-	for i, k := range desc.variableLabels {
+	for i, k := range desc.variableLabels.names {
 		if iCurry < len(curry) && curry[iCurry].index == i {
 			labelValues[i] = curry[iCurry].value
 			iCurry++
 			continue
 		}
-		labelValues[i] = labels[k.Name]
+		labelValues[i] = labels[k]
 	}
 	return labelValues
 }
@@ -646,19 +656,37 @@ func inlineLabelValues(lvs []string, curry []curriedLabelValue) []string {
 	return labelValues
 }
 
-func constrainLabels(desc *Desc, labels Labels) Labels {
-	constrainedValues := make(Labels, len(labels))
+var labelsPool = &sync.Pool{
+	New: func() interface{} {
+		return make(Labels)
+	},
+}
+
+func constrainLabels(desc *Desc, labels Labels) (Labels, func()) {
+	if len(desc.variableLabels.labelConstraints) == 0 {
+		// Fast path when there's no constraints
+		return labels, func() {}
+	}
+
+	constrainedLabels := labelsPool.Get().(Labels)
 	for l, v := range labels {
-		if i, ok := indexOf(l, desc.variableLabels.labelNames()); ok {
-			constrainedValues[l] = desc.variableLabels[i].Constrain(v)
-			continue
+		constrainedLabels[l] = desc.variableLabels.constrain(l, v)
+	}
+
+	return constrainedLabels, func() {
+		for k := range constrainedLabels {
+			delete(constrainedLabels, k)
 		}
-		constrainedValues[l] = v
+		labelsPool.Put(constrainedLabels)
 	}
-	return constrainedValues
 }
 
 func constrainLabelValues(desc *Desc, lvs []string, curry []curriedLabelValue) []string {
+	if len(desc.variableLabels.labelConstraints) == 0 {
+		// Fast path when there's no constraints
+		return lvs
+	}
+
 	constrainedValues := make([]string, len(lvs))
 	var iCurry, iLVs int
 	for i := 0; i < len(lvs)+len(curry); i++ {
@@ -667,8 +695,11 @@ func constrainLabelValues(desc *Desc, lvs []string, curry []curriedLabelValue) [
 			continue
 		}
 
-		if i < len(desc.variableLabels) {
-			constrainedValues[iLVs] = desc.variableLabels[i].Constrain(lvs[iLVs])
+		if i < len(desc.variableLabels.names) {
+			constrainedValues[iLVs] = desc.variableLabels.constrain(
+				desc.variableLabels.names[i],
+				lvs[iLVs],
+			)
 		} else {
 			constrainedValues[iLVs] = lvs[iLVs]
 		}
diff --git a/vendor/github.com/prometheus/client_model/go/metrics.pb.go b/vendor/github.com/prometheus/client_model/go/metrics.pb.go
index 2b5bca4b9..cee360db7 100644
--- a/vendor/github.com/prometheus/client_model/go/metrics.pb.go
+++ b/vendor/github.com/prometheus/client_model/go/metrics.pb.go
@@ -215,8 +215,9 @@ type Counter struct {
 	sizeCache     protoimpl.SizeCache
 	unknownFields protoimpl.UnknownFields
 
-	Value    *float64  `protobuf:"fixed64,1,opt,name=value" json:"value,omitempty"`
-	Exemplar *Exemplar `protobuf:"bytes,2,opt,name=exemplar" json:"exemplar,omitempty"`
+	Value            *float64               `protobuf:"fixed64,1,opt,name=value" json:"value,omitempty"`
+	Exemplar         *Exemplar              `protobuf:"bytes,2,opt,name=exemplar" json:"exemplar,omitempty"`
+	CreatedTimestamp *timestamppb.Timestamp `protobuf:"bytes,3,opt,name=created_timestamp,json=createdTimestamp" json:"created_timestamp,omitempty"`
 }
 
 func (x *Counter) Reset() {
@@ -265,6 +266,13 @@ func (x *Counter) GetExemplar() *Exemplar {
 	return nil
 }
 
+func (x *Counter) GetCreatedTimestamp() *timestamppb.Timestamp {
+	if x != nil {
+		return x.CreatedTimestamp
+	}
+	return nil
+}
+
 type Quantile struct {
 	state         protoimpl.MessageState
 	sizeCache     protoimpl.SizeCache
@@ -325,9 +333,10 @@ type Summary struct {
 	sizeCache     protoimpl.SizeCache
 	unknownFields protoimpl.UnknownFields
 
-	SampleCount *uint64     `protobuf:"varint,1,opt,name=sample_count,json=sampleCount" json:"sample_count,omitempty"`
-	SampleSum   *float64    `protobuf:"fixed64,2,opt,name=sample_sum,json=sampleSum" json:"sample_sum,omitempty"`
-	Quantile    []*Quantile `protobuf:"bytes,3,rep,name=quantile" json:"quantile,omitempty"`
+	SampleCount      *uint64                `protobuf:"varint,1,opt,name=sample_count,json=sampleCount" json:"sample_count,omitempty"`
+	SampleSum        *float64               `protobuf:"fixed64,2,opt,name=sample_sum,json=sampleSum" json:"sample_sum,omitempty"`
+	Quantile         []*Quantile            `protobuf:"bytes,3,rep,name=quantile" json:"quantile,omitempty"`
+	CreatedTimestamp *timestamppb.Timestamp `protobuf:"bytes,4,opt,name=created_timestamp,json=createdTimestamp" json:"created_timestamp,omitempty"`
 }
 
 func (x *Summary) Reset() {
@@ -383,6 +392,13 @@ func (x *Summary) GetQuantile() []*Quantile {
 	return nil
 }
 
+func (x *Summary) GetCreatedTimestamp() *timestamppb.Timestamp {
+	if x != nil {
+		return x.CreatedTimestamp
+	}
+	return nil
+}
+
 type Untyped struct {
 	state         protoimpl.MessageState
 	sizeCache     protoimpl.SizeCache
@@ -439,7 +455,8 @@ type Histogram struct {
 	SampleCountFloat *float64 `protobuf:"fixed64,4,opt,name=sample_count_float,json=sampleCountFloat" json:"sample_count_float,omitempty"` // Overrides sample_count if > 0.
 	SampleSum        *float64 `protobuf:"fixed64,2,opt,name=sample_sum,json=sampleSum" json:"sample_sum,omitempty"`
 	// Buckets for the conventional histogram.
-	Bucket []*Bucket `protobuf:"bytes,3,rep,name=bucket" json:"bucket,omitempty"` // Ordered in increasing order of upper_bound, +Inf bucket is optional.
+	Bucket           []*Bucket              `protobuf:"bytes,3,rep,name=bucket" json:"bucket,omitempty"` // Ordered in increasing order of upper_bound, +Inf bucket is optional.
+	CreatedTimestamp *timestamppb.Timestamp `protobuf:"bytes,15,opt,name=created_timestamp,json=createdTimestamp" json:"created_timestamp,omitempty"`
 	// schema defines the bucket schema. Currently, valid numbers are -4 <= n <= 8.
 	// They are all for base-2 bucket schemas, where 1 is a bucket boundary in each case, and
 	// then each power of two is divided into 2^n logarithmic buckets.
@@ -457,6 +474,9 @@ type Histogram struct {
 	NegativeDelta []int64   `protobuf:"zigzag64,10,rep,name=negative_delta,json=negativeDelta" json:"negative_delta,omitempty"` // Count delta of each bucket compared to previous one (or to zero for 1st bucket).
 	NegativeCount []float64 `protobuf:"fixed64,11,rep,name=negative_count,json=negativeCount" json:"negative_count,omitempty"`  // Absolute count of each bucket.
 	// Positive buckets for the native histogram.
+	// Use a no-op span (offset 0, length 0) for a native histogram without any
+	// observations yet and with a zero_threshold of 0. Otherwise, it would be
+	// indistinguishable from a classic histogram.
 	PositiveSpan []*BucketSpan `protobuf:"bytes,12,rep,name=positive_span,json=positiveSpan" json:"positive_span,omitempty"`
 	// Use either "positive_delta" or "positive_count", the former for
 	// regular histograms with integer counts, the latter for float
@@ -525,6 +545,13 @@ func (x *Histogram) GetBucket() []*Bucket {
 	return nil
 }
 
+func (x *Histogram) GetCreatedTimestamp() *timestamppb.Timestamp {
+	if x != nil {
+		return x.CreatedTimestamp
+	}
+	return nil
+}
+
 func (x *Histogram) GetSchema() int32 {
 	if x != nil && x.Schema != nil {
 		return *x.Schema
@@ -972,137 +999,151 @@ var file_io_prometheus_client_metrics_proto_rawDesc = []byte{
 	0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c,
 	0x75, 0x65, 0x22, 0x1d, 0x0a, 0x05, 0x47, 0x61, 0x75, 0x67, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x76,
 	0x61, 0x6c, 0x75, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x01, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75,
-	0x65, 0x22, 0x5b, 0x0a, 0x07, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x65, 0x72, 0x12, 0x14, 0x0a, 0x05,
-	0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x01, 0x52, 0x05, 0x76, 0x61, 0x6c,
-	0x75, 0x65, 0x12, 0x3a, 0x0a, 0x08, 0x65, 0x78, 0x65, 0x6d, 0x70, 0x6c, 0x61, 0x72, 0x18, 0x02,
-	0x20, 0x01, 0x28, 0x0b, 0x32, 0x1e, 0x2e, 0x69, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74,
-	0x68, 0x65, 0x75, 0x73, 0x2e, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e, 0x45, 0x78, 0x65, 0x6d,
-	0x70, 0x6c, 0x61, 0x72, 0x52, 0x08, 0x65, 0x78, 0x65, 0x6d, 0x70, 0x6c, 0x61, 0x72, 0x22, 0x3c,
-	0x0a, 0x08, 0x51, 0x75, 0x61, 0x6e, 0x74, 0x69, 0x6c, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x71, 0x75,
-	0x61, 0x6e, 0x74, 0x69, 0x6c, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x01, 0x52, 0x08, 0x71, 0x75,
-	0x61, 0x6e, 0x74, 0x69, 0x6c, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18,
-	0x02, 0x20, 0x01, 0x28, 0x01, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x22, 0x87, 0x01, 0x0a,
-	0x07, 0x53, 0x75, 0x6d, 0x6d, 0x61, 0x72, 0x79, 0x12, 0x21, 0x0a, 0x0c, 0x73, 0x61, 0x6d, 0x70,
+	0x65, 0x22, 0xa4, 0x01, 0x0a, 0x07, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x65, 0x72, 0x12, 0x14, 0x0a,
+	0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x01, 0x52, 0x05, 0x76, 0x61,
+	0x6c, 0x75, 0x65, 0x12, 0x3a, 0x0a, 0x08, 0x65, 0x78, 0x65, 0x6d, 0x70, 0x6c, 0x61, 0x72, 0x18,
+	0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1e, 0x2e, 0x69, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x6d, 0x65,
+	0x74, 0x68, 0x65, 0x75, 0x73, 0x2e, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e, 0x45, 0x78, 0x65,
+	0x6d, 0x70, 0x6c, 0x61, 0x72, 0x52, 0x08, 0x65, 0x78, 0x65, 0x6d, 0x70, 0x6c, 0x61, 0x72, 0x12,
+	0x47, 0x0a, 0x11, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x64, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x73,
+	0x74, 0x61, 0x6d, 0x70, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f,
+	0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d,
+	0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x10, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x64, 0x54,
+	0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x22, 0x3c, 0x0a, 0x08, 0x51, 0x75, 0x61, 0x6e,
+	0x74, 0x69, 0x6c, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x71, 0x75, 0x61, 0x6e, 0x74, 0x69, 0x6c, 0x65,
+	0x18, 0x01, 0x20, 0x01, 0x28, 0x01, 0x52, 0x08, 0x71, 0x75, 0x61, 0x6e, 0x74, 0x69, 0x6c, 0x65,
+	0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x01, 0x52,
+	0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x22, 0xd0, 0x01, 0x0a, 0x07, 0x53, 0x75, 0x6d, 0x6d, 0x61,
+	0x72, 0x79, 0x12, 0x21, 0x0a, 0x0c, 0x73, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x5f, 0x63, 0x6f, 0x75,
+	0x6e, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0b, 0x73, 0x61, 0x6d, 0x70, 0x6c, 0x65,
+	0x43, 0x6f, 0x75, 0x6e, 0x74, 0x12, 0x1d, 0x0a, 0x0a, 0x73, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x5f,
+	0x73, 0x75, 0x6d, 0x18, 0x02, 0x20, 0x01, 0x28, 0x01, 0x52, 0x09, 0x73, 0x61, 0x6d, 0x70, 0x6c,
+	0x65, 0x53, 0x75, 0x6d, 0x12, 0x3a, 0x0a, 0x08, 0x71, 0x75, 0x61, 0x6e, 0x74, 0x69, 0x6c, 0x65,
+	0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1e, 0x2e, 0x69, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x6d,
+	0x65, 0x74, 0x68, 0x65, 0x75, 0x73, 0x2e, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e, 0x51, 0x75,
+	0x61, 0x6e, 0x74, 0x69, 0x6c, 0x65, 0x52, 0x08, 0x71, 0x75, 0x61, 0x6e, 0x74, 0x69, 0x6c, 0x65,
+	0x12, 0x47, 0x0a, 0x11, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x64, 0x5f, 0x74, 0x69, 0x6d, 0x65,
+	0x73, 0x74, 0x61, 0x6d, 0x70, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f,
+	0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69,
+	0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x10, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x64,
+	0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x22, 0x1f, 0x0a, 0x07, 0x55, 0x6e, 0x74,
+	0x79, 0x70, 0x65, 0x64, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x01, 0x20,
+	0x01, 0x28, 0x01, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x22, 0xac, 0x05, 0x0a, 0x09, 0x48,
+	0x69, 0x73, 0x74, 0x6f, 0x67, 0x72, 0x61, 0x6d, 0x12, 0x21, 0x0a, 0x0c, 0x73, 0x61, 0x6d, 0x70,
 	0x6c, 0x65, 0x5f, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0b,
-	0x73, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x12, 0x1d, 0x0a, 0x0a, 0x73,
-	0x61, 0x6d, 0x70, 0x6c, 0x65, 0x5f, 0x73, 0x75, 0x6d, 0x18, 0x02, 0x20, 0x01, 0x28, 0x01, 0x52,
-	0x09, 0x73, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x53, 0x75, 0x6d, 0x12, 0x3a, 0x0a, 0x08, 0x71, 0x75,
-	0x61, 0x6e, 0x74, 0x69, 0x6c, 0x65, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1e, 0x2e, 0x69,
+	0x73, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x12, 0x2c, 0x0a, 0x12, 0x73,
+	0x61, 0x6d, 0x70, 0x6c, 0x65, 0x5f, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x5f, 0x66, 0x6c, 0x6f, 0x61,
+	0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x01, 0x52, 0x10, 0x73, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x43,
+	0x6f, 0x75, 0x6e, 0x74, 0x46, 0x6c, 0x6f, 0x61, 0x74, 0x12, 0x1d, 0x0a, 0x0a, 0x73, 0x61, 0x6d,
+	0x70, 0x6c, 0x65, 0x5f, 0x73, 0x75, 0x6d, 0x18, 0x02, 0x20, 0x01, 0x28, 0x01, 0x52, 0x09, 0x73,
+	0x61, 0x6d, 0x70, 0x6c, 0x65, 0x53, 0x75, 0x6d, 0x12, 0x34, 0x0a, 0x06, 0x62, 0x75, 0x63, 0x6b,
+	0x65, 0x74, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x69, 0x6f, 0x2e, 0x70, 0x72,
+	0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73, 0x2e, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e,
+	0x42, 0x75, 0x63, 0x6b, 0x65, 0x74, 0x52, 0x06, 0x62, 0x75, 0x63, 0x6b, 0x65, 0x74, 0x12, 0x47,
+	0x0a, 0x11, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x64, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74,
+	0x61, 0x6d, 0x70, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67,
+	0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65,
+	0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x10, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x64, 0x54, 0x69,
+	0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x63, 0x68, 0x65, 0x6d,
+	0x61, 0x18, 0x05, 0x20, 0x01, 0x28, 0x11, 0x52, 0x06, 0x73, 0x63, 0x68, 0x65, 0x6d, 0x61, 0x12,
+	0x25, 0x0a, 0x0e, 0x7a, 0x65, 0x72, 0x6f, 0x5f, 0x74, 0x68, 0x72, 0x65, 0x73, 0x68, 0x6f, 0x6c,
+	0x64, 0x18, 0x06, 0x20, 0x01, 0x28, 0x01, 0x52, 0x0d, 0x7a, 0x65, 0x72, 0x6f, 0x54, 0x68, 0x72,
+	0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64, 0x12, 0x1d, 0x0a, 0x0a, 0x7a, 0x65, 0x72, 0x6f, 0x5f, 0x63,
+	0x6f, 0x75, 0x6e, 0x74, 0x18, 0x07, 0x20, 0x01, 0x28, 0x04, 0x52, 0x09, 0x7a, 0x65, 0x72, 0x6f,
+	0x43, 0x6f, 0x75, 0x6e, 0x74, 0x12, 0x28, 0x0a, 0x10, 0x7a, 0x65, 0x72, 0x6f, 0x5f, 0x63, 0x6f,
+	0x75, 0x6e, 0x74, 0x5f, 0x66, 0x6c, 0x6f, 0x61, 0x74, 0x18, 0x08, 0x20, 0x01, 0x28, 0x01, 0x52,
+	0x0e, 0x7a, 0x65, 0x72, 0x6f, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x46, 0x6c, 0x6f, 0x61, 0x74, 0x12,
+	0x45, 0x0a, 0x0d, 0x6e, 0x65, 0x67, 0x61, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x73, 0x70, 0x61, 0x6e,
+	0x18, 0x09, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x20, 0x2e, 0x69, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x6d,
+	0x65, 0x74, 0x68, 0x65, 0x75, 0x73, 0x2e, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e, 0x42, 0x75,
+	0x63, 0x6b, 0x65, 0x74, 0x53, 0x70, 0x61, 0x6e, 0x52, 0x0c, 0x6e, 0x65, 0x67, 0x61, 0x74, 0x69,
+	0x76, 0x65, 0x53, 0x70, 0x61, 0x6e, 0x12, 0x25, 0x0a, 0x0e, 0x6e, 0x65, 0x67, 0x61, 0x74, 0x69,
+	0x76, 0x65, 0x5f, 0x64, 0x65, 0x6c, 0x74, 0x61, 0x18, 0x0a, 0x20, 0x03, 0x28, 0x12, 0x52, 0x0d,
+	0x6e, 0x65, 0x67, 0x61, 0x74, 0x69, 0x76, 0x65, 0x44, 0x65, 0x6c, 0x74, 0x61, 0x12, 0x25, 0x0a,
+	0x0e, 0x6e, 0x65, 0x67, 0x61, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x18,
+	0x0b, 0x20, 0x03, 0x28, 0x01, 0x52, 0x0d, 0x6e, 0x65, 0x67, 0x61, 0x74, 0x69, 0x76, 0x65, 0x43,
+	0x6f, 0x75, 0x6e, 0x74, 0x12, 0x45, 0x0a, 0x0d, 0x70, 0x6f, 0x73, 0x69, 0x74, 0x69, 0x76, 0x65,
+	0x5f, 0x73, 0x70, 0x61, 0x6e, 0x18, 0x0c, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x20, 0x2e, 0x69, 0x6f,
+	0x2e, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73, 0x2e, 0x63, 0x6c, 0x69, 0x65,
+	0x6e, 0x74, 0x2e, 0x42, 0x75, 0x63, 0x6b, 0x65, 0x74, 0x53, 0x70, 0x61, 0x6e, 0x52, 0x0c, 0x70,
+	0x6f, 0x73, 0x69, 0x74, 0x69, 0x76, 0x65, 0x53, 0x70, 0x61, 0x6e, 0x12, 0x25, 0x0a, 0x0e, 0x70,
+	0x6f, 0x73, 0x69, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x64, 0x65, 0x6c, 0x74, 0x61, 0x18, 0x0d, 0x20,
+	0x03, 0x28, 0x12, 0x52, 0x0d, 0x70, 0x6f, 0x73, 0x69, 0x74, 0x69, 0x76, 0x65, 0x44, 0x65, 0x6c,
+	0x74, 0x61, 0x12, 0x25, 0x0a, 0x0e, 0x70, 0x6f, 0x73, 0x69, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x63,
+	0x6f, 0x75, 0x6e, 0x74, 0x18, 0x0e, 0x20, 0x03, 0x28, 0x01, 0x52, 0x0d, 0x70, 0x6f, 0x73, 0x69,
+	0x74, 0x69, 0x76, 0x65, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x22, 0xc6, 0x01, 0x0a, 0x06, 0x42, 0x75,
+	0x63, 0x6b, 0x65, 0x74, 0x12, 0x29, 0x0a, 0x10, 0x63, 0x75, 0x6d, 0x75, 0x6c, 0x61, 0x74, 0x69,
+	0x76, 0x65, 0x5f, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0f,
+	0x63, 0x75, 0x6d, 0x75, 0x6c, 0x61, 0x74, 0x69, 0x76, 0x65, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x12,
+	0x34, 0x0a, 0x16, 0x63, 0x75, 0x6d, 0x75, 0x6c, 0x61, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x63, 0x6f,
+	0x75, 0x6e, 0x74, 0x5f, 0x66, 0x6c, 0x6f, 0x61, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x01, 0x52,
+	0x14, 0x63, 0x75, 0x6d, 0x75, 0x6c, 0x61, 0x74, 0x69, 0x76, 0x65, 0x43, 0x6f, 0x75, 0x6e, 0x74,
+	0x46, 0x6c, 0x6f, 0x61, 0x74, 0x12, 0x1f, 0x0a, 0x0b, 0x75, 0x70, 0x70, 0x65, 0x72, 0x5f, 0x62,
+	0x6f, 0x75, 0x6e, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x01, 0x52, 0x0a, 0x75, 0x70, 0x70, 0x65,
+	0x72, 0x42, 0x6f, 0x75, 0x6e, 0x64, 0x12, 0x3a, 0x0a, 0x08, 0x65, 0x78, 0x65, 0x6d, 0x70, 0x6c,
+	0x61, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1e, 0x2e, 0x69, 0x6f, 0x2e, 0x70, 0x72,
+	0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73, 0x2e, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e,
+	0x45, 0x78, 0x65, 0x6d, 0x70, 0x6c, 0x61, 0x72, 0x52, 0x08, 0x65, 0x78, 0x65, 0x6d, 0x70, 0x6c,
+	0x61, 0x72, 0x22, 0x3c, 0x0a, 0x0a, 0x42, 0x75, 0x63, 0x6b, 0x65, 0x74, 0x53, 0x70, 0x61, 0x6e,
+	0x12, 0x16, 0x0a, 0x06, 0x6f, 0x66, 0x66, 0x73, 0x65, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x11,
+	0x52, 0x06, 0x6f, 0x66, 0x66, 0x73, 0x65, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x6c, 0x65, 0x6e, 0x67,
+	0x74, 0x68, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x06, 0x6c, 0x65, 0x6e, 0x67, 0x74, 0x68,
+	0x22, 0x91, 0x01, 0x0a, 0x08, 0x45, 0x78, 0x65, 0x6d, 0x70, 0x6c, 0x61, 0x72, 0x12, 0x35, 0x0a,
+	0x05, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x69,
 	0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73, 0x2e, 0x63, 0x6c, 0x69,
-	0x65, 0x6e, 0x74, 0x2e, 0x51, 0x75, 0x61, 0x6e, 0x74, 0x69, 0x6c, 0x65, 0x52, 0x08, 0x71, 0x75,
-	0x61, 0x6e, 0x74, 0x69, 0x6c, 0x65, 0x22, 0x1f, 0x0a, 0x07, 0x55, 0x6e, 0x74, 0x79, 0x70, 0x65,
-	0x64, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x01,
-	0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x22, 0xe3, 0x04, 0x0a, 0x09, 0x48, 0x69, 0x73, 0x74,
-	0x6f, 0x67, 0x72, 0x61, 0x6d, 0x12, 0x21, 0x0a, 0x0c, 0x73, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x5f,
-	0x63, 0x6f, 0x75, 0x6e, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0b, 0x73, 0x61, 0x6d,
-	0x70, 0x6c, 0x65, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x12, 0x2c, 0x0a, 0x12, 0x73, 0x61, 0x6d, 0x70,
-	0x6c, 0x65, 0x5f, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x5f, 0x66, 0x6c, 0x6f, 0x61, 0x74, 0x18, 0x04,
-	0x20, 0x01, 0x28, 0x01, 0x52, 0x10, 0x73, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x43, 0x6f, 0x75, 0x6e,
-	0x74, 0x46, 0x6c, 0x6f, 0x61, 0x74, 0x12, 0x1d, 0x0a, 0x0a, 0x73, 0x61, 0x6d, 0x70, 0x6c, 0x65,
-	0x5f, 0x73, 0x75, 0x6d, 0x18, 0x02, 0x20, 0x01, 0x28, 0x01, 0x52, 0x09, 0x73, 0x61, 0x6d, 0x70,
-	0x6c, 0x65, 0x53, 0x75, 0x6d, 0x12, 0x34, 0x0a, 0x06, 0x62, 0x75, 0x63, 0x6b, 0x65, 0x74, 0x18,
-	0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x69, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x6d, 0x65,
-	0x74, 0x68, 0x65, 0x75, 0x73, 0x2e, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e, 0x42, 0x75, 0x63,
-	0x6b, 0x65, 0x74, 0x52, 0x06, 0x62, 0x75, 0x63, 0x6b, 0x65, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x73,
-	0x63, 0x68, 0x65, 0x6d, 0x61, 0x18, 0x05, 0x20, 0x01, 0x28, 0x11, 0x52, 0x06, 0x73, 0x63, 0x68,
-	0x65, 0x6d, 0x61, 0x12, 0x25, 0x0a, 0x0e, 0x7a, 0x65, 0x72, 0x6f, 0x5f, 0x74, 0x68, 0x72, 0x65,
-	0x73, 0x68, 0x6f, 0x6c, 0x64, 0x18, 0x06, 0x20, 0x01, 0x28, 0x01, 0x52, 0x0d, 0x7a, 0x65, 0x72,
-	0x6f, 0x54, 0x68, 0x72, 0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64, 0x12, 0x1d, 0x0a, 0x0a, 0x7a, 0x65,
-	0x72, 0x6f, 0x5f, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x18, 0x07, 0x20, 0x01, 0x28, 0x04, 0x52, 0x09,
-	0x7a, 0x65, 0x72, 0x6f, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x12, 0x28, 0x0a, 0x10, 0x7a, 0x65, 0x72,
-	0x6f, 0x5f, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x5f, 0x66, 0x6c, 0x6f, 0x61, 0x74, 0x18, 0x08, 0x20,
-	0x01, 0x28, 0x01, 0x52, 0x0e, 0x7a, 0x65, 0x72, 0x6f, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x46, 0x6c,
-	0x6f, 0x61, 0x74, 0x12, 0x45, 0x0a, 0x0d, 0x6e, 0x65, 0x67, 0x61, 0x74, 0x69, 0x76, 0x65, 0x5f,
-	0x73, 0x70, 0x61, 0x6e, 0x18, 0x09, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x20, 0x2e, 0x69, 0x6f, 0x2e,
+	0x65, 0x6e, 0x74, 0x2e, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x50, 0x61, 0x69, 0x72, 0x52, 0x05, 0x6c,
+	0x61, 0x62, 0x65, 0x6c, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20,
+	0x01, 0x28, 0x01, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x38, 0x0a, 0x09, 0x74, 0x69,
+	0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e,
+	0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e,
+	0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x09, 0x74, 0x69, 0x6d, 0x65, 0x73,
+	0x74, 0x61, 0x6d, 0x70, 0x22, 0xff, 0x02, 0x0a, 0x06, 0x4d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x12,
+	0x35, 0x0a, 0x05, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1f,
+	0x2e, 0x69, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73, 0x2e, 0x63,
+	0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x50, 0x61, 0x69, 0x72, 0x52,
+	0x05, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x12, 0x31, 0x0a, 0x05, 0x67, 0x61, 0x75, 0x67, 0x65, 0x18,
+	0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x69, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x6d, 0x65,
+	0x74, 0x68, 0x65, 0x75, 0x73, 0x2e, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e, 0x47, 0x61, 0x75,
+	0x67, 0x65, 0x52, 0x05, 0x67, 0x61, 0x75, 0x67, 0x65, 0x12, 0x37, 0x0a, 0x07, 0x63, 0x6f, 0x75,
+	0x6e, 0x74, 0x65, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x69, 0x6f, 0x2e,
 	0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73, 0x2e, 0x63, 0x6c, 0x69, 0x65, 0x6e,
-	0x74, 0x2e, 0x42, 0x75, 0x63, 0x6b, 0x65, 0x74, 0x53, 0x70, 0x61, 0x6e, 0x52, 0x0c, 0x6e, 0x65,
-	0x67, 0x61, 0x74, 0x69, 0x76, 0x65, 0x53, 0x70, 0x61, 0x6e, 0x12, 0x25, 0x0a, 0x0e, 0x6e, 0x65,
-	0x67, 0x61, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x64, 0x65, 0x6c, 0x74, 0x61, 0x18, 0x0a, 0x20, 0x03,
-	0x28, 0x12, 0x52, 0x0d, 0x6e, 0x65, 0x67, 0x61, 0x74, 0x69, 0x76, 0x65, 0x44, 0x65, 0x6c, 0x74,
-	0x61, 0x12, 0x25, 0x0a, 0x0e, 0x6e, 0x65, 0x67, 0x61, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x63, 0x6f,
-	0x75, 0x6e, 0x74, 0x18, 0x0b, 0x20, 0x03, 0x28, 0x01, 0x52, 0x0d, 0x6e, 0x65, 0x67, 0x61, 0x74,
-	0x69, 0x76, 0x65, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x12, 0x45, 0x0a, 0x0d, 0x70, 0x6f, 0x73, 0x69,
-	0x74, 0x69, 0x76, 0x65, 0x5f, 0x73, 0x70, 0x61, 0x6e, 0x18, 0x0c, 0x20, 0x03, 0x28, 0x0b, 0x32,
-	0x20, 0x2e, 0x69, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73, 0x2e,
-	0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e, 0x42, 0x75, 0x63, 0x6b, 0x65, 0x74, 0x53, 0x70, 0x61,
-	0x6e, 0x52, 0x0c, 0x70, 0x6f, 0x73, 0x69, 0x74, 0x69, 0x76, 0x65, 0x53, 0x70, 0x61, 0x6e, 0x12,
-	0x25, 0x0a, 0x0e, 0x70, 0x6f, 0x73, 0x69, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x64, 0x65, 0x6c, 0x74,
-	0x61, 0x18, 0x0d, 0x20, 0x03, 0x28, 0x12, 0x52, 0x0d, 0x70, 0x6f, 0x73, 0x69, 0x74, 0x69, 0x76,
-	0x65, 0x44, 0x65, 0x6c, 0x74, 0x61, 0x12, 0x25, 0x0a, 0x0e, 0x70, 0x6f, 0x73, 0x69, 0x74, 0x69,
-	0x76, 0x65, 0x5f, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x18, 0x0e, 0x20, 0x03, 0x28, 0x01, 0x52, 0x0d,
-	0x70, 0x6f, 0x73, 0x69, 0x74, 0x69, 0x76, 0x65, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x22, 0xc6, 0x01,
-	0x0a, 0x06, 0x42, 0x75, 0x63, 0x6b, 0x65, 0x74, 0x12, 0x29, 0x0a, 0x10, 0x63, 0x75, 0x6d, 0x75,
-	0x6c, 0x61, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x18, 0x01, 0x20, 0x01,
-	0x28, 0x04, 0x52, 0x0f, 0x63, 0x75, 0x6d, 0x75, 0x6c, 0x61, 0x74, 0x69, 0x76, 0x65, 0x43, 0x6f,
-	0x75, 0x6e, 0x74, 0x12, 0x34, 0x0a, 0x16, 0x63, 0x75, 0x6d, 0x75, 0x6c, 0x61, 0x74, 0x69, 0x76,
-	0x65, 0x5f, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x5f, 0x66, 0x6c, 0x6f, 0x61, 0x74, 0x18, 0x04, 0x20,
-	0x01, 0x28, 0x01, 0x52, 0x14, 0x63, 0x75, 0x6d, 0x75, 0x6c, 0x61, 0x74, 0x69, 0x76, 0x65, 0x43,
-	0x6f, 0x75, 0x6e, 0x74, 0x46, 0x6c, 0x6f, 0x61, 0x74, 0x12, 0x1f, 0x0a, 0x0b, 0x75, 0x70, 0x70,
-	0x65, 0x72, 0x5f, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x01, 0x52, 0x0a,
-	0x75, 0x70, 0x70, 0x65, 0x72, 0x42, 0x6f, 0x75, 0x6e, 0x64, 0x12, 0x3a, 0x0a, 0x08, 0x65, 0x78,
-	0x65, 0x6d, 0x70, 0x6c, 0x61, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1e, 0x2e, 0x69,
+	0x74, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x65, 0x72, 0x52, 0x07, 0x63, 0x6f, 0x75, 0x6e, 0x74,
+	0x65, 0x72, 0x12, 0x37, 0x0a, 0x07, 0x73, 0x75, 0x6d, 0x6d, 0x61, 0x72, 0x79, 0x18, 0x04, 0x20,
+	0x01, 0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x69, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68,
+	0x65, 0x75, 0x73, 0x2e, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e, 0x53, 0x75, 0x6d, 0x6d, 0x61,
+	0x72, 0x79, 0x52, 0x07, 0x73, 0x75, 0x6d, 0x6d, 0x61, 0x72, 0x79, 0x12, 0x37, 0x0a, 0x07, 0x75,
+	0x6e, 0x74, 0x79, 0x70, 0x65, 0x64, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x69,
 	0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73, 0x2e, 0x63, 0x6c, 0x69,
-	0x65, 0x6e, 0x74, 0x2e, 0x45, 0x78, 0x65, 0x6d, 0x70, 0x6c, 0x61, 0x72, 0x52, 0x08, 0x65, 0x78,
-	0x65, 0x6d, 0x70, 0x6c, 0x61, 0x72, 0x22, 0x3c, 0x0a, 0x0a, 0x42, 0x75, 0x63, 0x6b, 0x65, 0x74,
-	0x53, 0x70, 0x61, 0x6e, 0x12, 0x16, 0x0a, 0x06, 0x6f, 0x66, 0x66, 0x73, 0x65, 0x74, 0x18, 0x01,
-	0x20, 0x01, 0x28, 0x11, 0x52, 0x06, 0x6f, 0x66, 0x66, 0x73, 0x65, 0x74, 0x12, 0x16, 0x0a, 0x06,
-	0x6c, 0x65, 0x6e, 0x67, 0x74, 0x68, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x06, 0x6c, 0x65,
-	0x6e, 0x67, 0x74, 0x68, 0x22, 0x91, 0x01, 0x0a, 0x08, 0x45, 0x78, 0x65, 0x6d, 0x70, 0x6c, 0x61,
-	0x72, 0x12, 0x35, 0x0a, 0x05, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b,
-	0x32, 0x1f, 0x2e, 0x69, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73,
-	0x2e, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x50, 0x61, 0x69,
-	0x72, 0x52, 0x05, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75,
-	0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x01, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x38,
-	0x0a, 0x09, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x18, 0x03, 0x20, 0x01, 0x28,
-	0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
-	0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x09, 0x74,
-	0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x22, 0xff, 0x02, 0x0a, 0x06, 0x4d, 0x65, 0x74,
-	0x72, 0x69, 0x63, 0x12, 0x35, 0x0a, 0x05, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x18, 0x01, 0x20, 0x03,
-	0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x69, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65,
-	0x75, 0x73, 0x2e, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x50,
-	0x61, 0x69, 0x72, 0x52, 0x05, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x12, 0x31, 0x0a, 0x05, 0x67, 0x61,
-	0x75, 0x67, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x69, 0x6f, 0x2e, 0x70,
-	0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73, 0x2e, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74,
-	0x2e, 0x47, 0x61, 0x75, 0x67, 0x65, 0x52, 0x05, 0x67, 0x61, 0x75, 0x67, 0x65, 0x12, 0x37, 0x0a,
-	0x07, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x65, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1d,
-	0x2e, 0x69, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73, 0x2e, 0x63,
-	0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x65, 0x72, 0x52, 0x07, 0x63,
-	0x6f, 0x75, 0x6e, 0x74, 0x65, 0x72, 0x12, 0x37, 0x0a, 0x07, 0x73, 0x75, 0x6d, 0x6d, 0x61, 0x72,
-	0x79, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x69, 0x6f, 0x2e, 0x70, 0x72, 0x6f,
-	0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73, 0x2e, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e, 0x53,
-	0x75, 0x6d, 0x6d, 0x61, 0x72, 0x79, 0x52, 0x07, 0x73, 0x75, 0x6d, 0x6d, 0x61, 0x72, 0x79, 0x12,
-	0x37, 0x0a, 0x07, 0x75, 0x6e, 0x74, 0x79, 0x70, 0x65, 0x64, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b,
-	0x32, 0x1d, 0x2e, 0x69, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73,
-	0x2e, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e, 0x55, 0x6e, 0x74, 0x79, 0x70, 0x65, 0x64, 0x52,
-	0x07, 0x75, 0x6e, 0x74, 0x79, 0x70, 0x65, 0x64, 0x12, 0x3d, 0x0a, 0x09, 0x68, 0x69, 0x73, 0x74,
-	0x6f, 0x67, 0x72, 0x61, 0x6d, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x69, 0x6f,
-	0x2e, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73, 0x2e, 0x63, 0x6c, 0x69, 0x65,
-	0x6e, 0x74, 0x2e, 0x48, 0x69, 0x73, 0x74, 0x6f, 0x67, 0x72, 0x61, 0x6d, 0x52, 0x09, 0x68, 0x69,
-	0x73, 0x74, 0x6f, 0x67, 0x72, 0x61, 0x6d, 0x12, 0x21, 0x0a, 0x0c, 0x74, 0x69, 0x6d, 0x65, 0x73,
-	0x74, 0x61, 0x6d, 0x70, 0x5f, 0x6d, 0x73, 0x18, 0x06, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0b, 0x74,
-	0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x4d, 0x73, 0x22, 0xa2, 0x01, 0x0a, 0x0c, 0x4d,
-	0x65, 0x74, 0x72, 0x69, 0x63, 0x46, 0x61, 0x6d, 0x69, 0x6c, 0x79, 0x12, 0x12, 0x0a, 0x04, 0x6e,
-	0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12,
-	0x12, 0x0a, 0x04, 0x68, 0x65, 0x6c, 0x70, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x68,
-	0x65, 0x6c, 0x70, 0x12, 0x34, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28,
-	0x0e, 0x32, 0x20, 0x2e, 0x69, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75,
-	0x73, 0x2e, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e, 0x4d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x54,
-	0x79, 0x70, 0x65, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x34, 0x0a, 0x06, 0x6d, 0x65, 0x74,
-	0x72, 0x69, 0x63, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x69, 0x6f, 0x2e, 0x70,
-	0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73, 0x2e, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74,
-	0x2e, 0x4d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x52, 0x06, 0x6d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x2a,
-	0x62, 0x0a, 0x0a, 0x4d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x54, 0x79, 0x70, 0x65, 0x12, 0x0b, 0x0a,
-	0x07, 0x43, 0x4f, 0x55, 0x4e, 0x54, 0x45, 0x52, 0x10, 0x00, 0x12, 0x09, 0x0a, 0x05, 0x47, 0x41,
-	0x55, 0x47, 0x45, 0x10, 0x01, 0x12, 0x0b, 0x0a, 0x07, 0x53, 0x55, 0x4d, 0x4d, 0x41, 0x52, 0x59,
-	0x10, 0x02, 0x12, 0x0b, 0x0a, 0x07, 0x55, 0x4e, 0x54, 0x59, 0x50, 0x45, 0x44, 0x10, 0x03, 0x12,
-	0x0d, 0x0a, 0x09, 0x48, 0x49, 0x53, 0x54, 0x4f, 0x47, 0x52, 0x41, 0x4d, 0x10, 0x04, 0x12, 0x13,
-	0x0a, 0x0f, 0x47, 0x41, 0x55, 0x47, 0x45, 0x5f, 0x48, 0x49, 0x53, 0x54, 0x4f, 0x47, 0x52, 0x41,
-	0x4d, 0x10, 0x05, 0x42, 0x52, 0x0a, 0x14, 0x69, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74,
-	0x68, 0x65, 0x75, 0x73, 0x2e, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5a, 0x3a, 0x67, 0x69, 0x74,
-	0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65,
-	0x75, 0x73, 0x2f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x6c, 0x2f,
-	0x67, 0x6f, 0x3b, 0x69, 0x6f, 0x5f, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73,
-	0x5f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74,
+	0x65, 0x6e, 0x74, 0x2e, 0x55, 0x6e, 0x74, 0x79, 0x70, 0x65, 0x64, 0x52, 0x07, 0x75, 0x6e, 0x74,
+	0x79, 0x70, 0x65, 0x64, 0x12, 0x3d, 0x0a, 0x09, 0x68, 0x69, 0x73, 0x74, 0x6f, 0x67, 0x72, 0x61,
+	0x6d, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x69, 0x6f, 0x2e, 0x70, 0x72, 0x6f,
+	0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73, 0x2e, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e, 0x48,
+	0x69, 0x73, 0x74, 0x6f, 0x67, 0x72, 0x61, 0x6d, 0x52, 0x09, 0x68, 0x69, 0x73, 0x74, 0x6f, 0x67,
+	0x72, 0x61, 0x6d, 0x12, 0x21, 0x0a, 0x0c, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70,
+	0x5f, 0x6d, 0x73, 0x18, 0x06, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0b, 0x74, 0x69, 0x6d, 0x65, 0x73,
+	0x74, 0x61, 0x6d, 0x70, 0x4d, 0x73, 0x22, 0xa2, 0x01, 0x0a, 0x0c, 0x4d, 0x65, 0x74, 0x72, 0x69,
+	0x63, 0x46, 0x61, 0x6d, 0x69, 0x6c, 0x79, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18,
+	0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x68,
+	0x65, 0x6c, 0x70, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x68, 0x65, 0x6c, 0x70, 0x12,
+	0x34, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x20, 0x2e,
+	0x69, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73, 0x2e, 0x63, 0x6c,
+	0x69, 0x65, 0x6e, 0x74, 0x2e, 0x4d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x54, 0x79, 0x70, 0x65, 0x52,
+	0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x34, 0x0a, 0x06, 0x6d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x18,
+	0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x69, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x6d, 0x65,
+	0x74, 0x68, 0x65, 0x75, 0x73, 0x2e, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e, 0x4d, 0x65, 0x74,
+	0x72, 0x69, 0x63, 0x52, 0x06, 0x6d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x2a, 0x62, 0x0a, 0x0a, 0x4d,
+	0x65, 0x74, 0x72, 0x69, 0x63, 0x54, 0x79, 0x70, 0x65, 0x12, 0x0b, 0x0a, 0x07, 0x43, 0x4f, 0x55,
+	0x4e, 0x54, 0x45, 0x52, 0x10, 0x00, 0x12, 0x09, 0x0a, 0x05, 0x47, 0x41, 0x55, 0x47, 0x45, 0x10,
+	0x01, 0x12, 0x0b, 0x0a, 0x07, 0x53, 0x55, 0x4d, 0x4d, 0x41, 0x52, 0x59, 0x10, 0x02, 0x12, 0x0b,
+	0x0a, 0x07, 0x55, 0x4e, 0x54, 0x59, 0x50, 0x45, 0x44, 0x10, 0x03, 0x12, 0x0d, 0x0a, 0x09, 0x48,
+	0x49, 0x53, 0x54, 0x4f, 0x47, 0x52, 0x41, 0x4d, 0x10, 0x04, 0x12, 0x13, 0x0a, 0x0f, 0x47, 0x41,
+	0x55, 0x47, 0x45, 0x5f, 0x48, 0x49, 0x53, 0x54, 0x4f, 0x47, 0x52, 0x41, 0x4d, 0x10, 0x05, 0x42,
+	0x52, 0x0a, 0x14, 0x69, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73,
+	0x2e, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5a, 0x3a, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e,
+	0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73, 0x2f, 0x63,
+	0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x6c, 0x2f, 0x67, 0x6f, 0x3b, 0x69,
+	0x6f, 0x5f, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73, 0x5f, 0x63, 0x6c, 0x69,
+	0x65, 0x6e, 0x74,
 }
 
 var (
@@ -1137,26 +1178,29 @@ var file_io_prometheus_client_metrics_proto_goTypes = []interface{}{
 }
 var file_io_prometheus_client_metrics_proto_depIdxs = []int32{
 	10, // 0: io.prometheus.client.Counter.exemplar:type_name -> io.prometheus.client.Exemplar
-	4,  // 1: io.prometheus.client.Summary.quantile:type_name -> io.prometheus.client.Quantile
-	8,  // 2: io.prometheus.client.Histogram.bucket:type_name -> io.prometheus.client.Bucket
-	9,  // 3: io.prometheus.client.Histogram.negative_span:type_name -> io.prometheus.client.BucketSpan
-	9,  // 4: io.prometheus.client.Histogram.positive_span:type_name -> io.prometheus.client.BucketSpan
-	10, // 5: io.prometheus.client.Bucket.exemplar:type_name -> io.prometheus.client.Exemplar
-	1,  // 6: io.prometheus.client.Exemplar.label:type_name -> io.prometheus.client.LabelPair
-	13, // 7: io.prometheus.client.Exemplar.timestamp:type_name -> google.protobuf.Timestamp
-	1,  // 8: io.prometheus.client.Metric.label:type_name -> io.prometheus.client.LabelPair
-	2,  // 9: io.prometheus.client.Metric.gauge:type_name -> io.prometheus.client.Gauge
-	3,  // 10: io.prometheus.client.Metric.counter:type_name -> io.prometheus.client.Counter
-	5,  // 11: io.prometheus.client.Metric.summary:type_name -> io.prometheus.client.Summary
-	6,  // 12: io.prometheus.client.Metric.untyped:type_name -> io.prometheus.client.Untyped
-	7,  // 13: io.prometheus.client.Metric.histogram:type_name -> io.prometheus.client.Histogram
-	0,  // 14: io.prometheus.client.MetricFamily.type:type_name -> io.prometheus.client.MetricType
-	11, // 15: io.prometheus.client.MetricFamily.metric:type_name -> io.prometheus.client.Metric
-	16, // [16:16] is the sub-list for method output_type
-	16, // [16:16] is the sub-list for method input_type
-	16, // [16:16] is the sub-list for extension type_name
-	16, // [16:16] is the sub-list for extension extendee
-	0,  // [0:16] is the sub-list for field type_name
+	13, // 1: io.prometheus.client.Counter.created_timestamp:type_name -> google.protobuf.Timestamp
+	4,  // 2: io.prometheus.client.Summary.quantile:type_name -> io.prometheus.client.Quantile
+	13, // 3: io.prometheus.client.Summary.created_timestamp:type_name -> google.protobuf.Timestamp
+	8,  // 4: io.prometheus.client.Histogram.bucket:type_name -> io.prometheus.client.Bucket
+	13, // 5: io.prometheus.client.Histogram.created_timestamp:type_name -> google.protobuf.Timestamp
+	9,  // 6: io.prometheus.client.Histogram.negative_span:type_name -> io.prometheus.client.BucketSpan
+	9,  // 7: io.prometheus.client.Histogram.positive_span:type_name -> io.prometheus.client.BucketSpan
+	10, // 8: io.prometheus.client.Bucket.exemplar:type_name -> io.prometheus.client.Exemplar
+	1,  // 9: io.prometheus.client.Exemplar.label:type_name -> io.prometheus.client.LabelPair
+	13, // 10: io.prometheus.client.Exemplar.timestamp:type_name -> google.protobuf.Timestamp
+	1,  // 11: io.prometheus.client.Metric.label:type_name -> io.prometheus.client.LabelPair
+	2,  // 12: io.prometheus.client.Metric.gauge:type_name -> io.prometheus.client.Gauge
+	3,  // 13: io.prometheus.client.Metric.counter:type_name -> io.prometheus.client.Counter
+	5,  // 14: io.prometheus.client.Metric.summary:type_name -> io.prometheus.client.Summary
+	6,  // 15: io.prometheus.client.Metric.untyped:type_name -> io.prometheus.client.Untyped
+	7,  // 16: io.prometheus.client.Metric.histogram:type_name -> io.prometheus.client.Histogram
+	0,  // 17: io.prometheus.client.MetricFamily.type:type_name -> io.prometheus.client.MetricType
+	11, // 18: io.prometheus.client.MetricFamily.metric:type_name -> io.prometheus.client.Metric
+	19, // [19:19] is the sub-list for method output_type
+	19, // [19:19] is the sub-list for method input_type
+	19, // [19:19] is the sub-list for extension type_name
+	19, // [19:19] is the sub-list for extension extendee
+	0,  // [0:19] is the sub-list for field type_name
 }
 
 func init() { file_io_prometheus_client_metrics_proto_init() }
diff --git a/vendor/github.com/prometheus/common/expfmt/decode.go b/vendor/github.com/prometheus/common/expfmt/decode.go
index f4fc88455..0ca86a3dc 100644
--- a/vendor/github.com/prometheus/common/expfmt/decode.go
+++ b/vendor/github.com/prometheus/common/expfmt/decode.go
@@ -22,7 +22,7 @@ import (
 
 	dto "github.com/prometheus/client_model/go"
 
-	"github.com/matttproud/golang_protobuf_extensions/pbutil"
+	"github.com/matttproud/golang_protobuf_extensions/v2/pbutil"
 	"github.com/prometheus/common/model"
 )
 
@@ -132,7 +132,10 @@ func (d *textDecoder) Decode(v *dto.MetricFamily) error {
 	}
 	// Pick off one MetricFamily per Decode until there's nothing left.
 	for key, fam := range d.fams {
-		*v = *fam
+		v.Name = fam.Name
+		v.Help = fam.Help
+		v.Type = fam.Type
+		v.Metric = fam.Metric
 		delete(d.fams, key)
 		return nil
 	}
diff --git a/vendor/github.com/prometheus/common/expfmt/encode.go b/vendor/github.com/prometheus/common/expfmt/encode.go
index 64dc0eb40..ca2140600 100644
--- a/vendor/github.com/prometheus/common/expfmt/encode.go
+++ b/vendor/github.com/prometheus/common/expfmt/encode.go
@@ -18,9 +18,9 @@ import (
 	"io"
 	"net/http"
 
-	"github.com/golang/protobuf/proto" //nolint:staticcheck // Ignore SA1019. Need to keep deprecated package for compatibility.
-	"github.com/matttproud/golang_protobuf_extensions/pbutil"
+	"github.com/matttproud/golang_protobuf_extensions/v2/pbutil"
 	"github.com/prometheus/common/internal/bitbucket.org/ww/goautoneg"
+	"google.golang.org/protobuf/encoding/prototext"
 
 	dto "github.com/prometheus/client_model/go"
 )
@@ -99,8 +99,11 @@ func NegotiateIncludingOpenMetrics(h http.Header) Format {
 		if ac.Type == "text" && ac.SubType == "plain" && (ver == TextVersion || ver == "") {
 			return FmtText
 		}
-		if ac.Type+"/"+ac.SubType == OpenMetricsType && (ver == OpenMetricsVersion || ver == "") {
-			return FmtOpenMetrics
+		if ac.Type+"/"+ac.SubType == OpenMetricsType && (ver == OpenMetricsVersion_0_0_1 || ver == OpenMetricsVersion_1_0_0 || ver == "") {
+			if ver == OpenMetricsVersion_1_0_0 {
+				return FmtOpenMetrics_1_0_0
+			}
+			return FmtOpenMetrics_0_0_1
 		}
 	}
 	return FmtText
@@ -133,7 +136,7 @@ func NewEncoder(w io.Writer, format Format) Encoder {
 	case FmtProtoText:
 		return encoderCloser{
 			encode: func(v *dto.MetricFamily) error {
-				_, err := fmt.Fprintln(w, proto.MarshalTextString(v))
+				_, err := fmt.Fprintln(w, prototext.Format(v))
 				return err
 			},
 			close: func() error { return nil },
@@ -146,7 +149,7 @@ func NewEncoder(w io.Writer, format Format) Encoder {
 			},
 			close: func() error { return nil },
 		}
-	case FmtOpenMetrics:
+	case FmtOpenMetrics_0_0_1, FmtOpenMetrics_1_0_0:
 		return encoderCloser{
 			encode: func(v *dto.MetricFamily) error {
 				_, err := MetricFamilyToOpenMetrics(w, v)
diff --git a/vendor/github.com/prometheus/common/expfmt/expfmt.go b/vendor/github.com/prometheus/common/expfmt/expfmt.go
index 0f176fa64..c4cb20f0d 100644
--- a/vendor/github.com/prometheus/common/expfmt/expfmt.go
+++ b/vendor/github.com/prometheus/common/expfmt/expfmt.go
@@ -19,20 +19,22 @@ type Format string
 
 // Constants to assemble the Content-Type values for the different wire protocols.
 const (
-	TextVersion        = "0.0.4"
-	ProtoType          = `application/vnd.google.protobuf`
-	ProtoProtocol      = `io.prometheus.client.MetricFamily`
-	ProtoFmt           = ProtoType + "; proto=" + ProtoProtocol + ";"
-	OpenMetricsType    = `application/openmetrics-text`
-	OpenMetricsVersion = "0.0.1"
+	TextVersion              = "0.0.4"
+	ProtoType                = `application/vnd.google.protobuf`
+	ProtoProtocol            = `io.prometheus.client.MetricFamily`
+	ProtoFmt                 = ProtoType + "; proto=" + ProtoProtocol + ";"
+	OpenMetricsType          = `application/openmetrics-text`
+	OpenMetricsVersion_0_0_1 = "0.0.1"
+	OpenMetricsVersion_1_0_0 = "1.0.0"
 
 	// The Content-Type values for the different wire protocols.
-	FmtUnknown      Format = `<unknown>`
-	FmtText         Format = `text/plain; version=` + TextVersion + `; charset=utf-8`
-	FmtProtoDelim   Format = ProtoFmt + ` encoding=delimited`
-	FmtProtoText    Format = ProtoFmt + ` encoding=text`
-	FmtProtoCompact Format = ProtoFmt + ` encoding=compact-text`
-	FmtOpenMetrics  Format = OpenMetricsType + `; version=` + OpenMetricsVersion + `; charset=utf-8`
+	FmtUnknown           Format = `<unknown>`
+	FmtText              Format = `text/plain; version=` + TextVersion + `; charset=utf-8`
+	FmtProtoDelim        Format = ProtoFmt + ` encoding=delimited`
+	FmtProtoText         Format = ProtoFmt + ` encoding=text`
+	FmtProtoCompact      Format = ProtoFmt + ` encoding=compact-text`
+	FmtOpenMetrics_1_0_0 Format = OpenMetricsType + `; version=` + OpenMetricsVersion_1_0_0 + `; charset=utf-8`
+	FmtOpenMetrics_0_0_1 Format = OpenMetricsType + `; version=` + OpenMetricsVersion_0_0_1 + `; charset=utf-8`
 )
 
 const (
diff --git a/vendor/github.com/prometheus/common/expfmt/text_parse.go b/vendor/github.com/prometheus/common/expfmt/text_parse.go
index ac2482782..35db1cc9d 100644
--- a/vendor/github.com/prometheus/common/expfmt/text_parse.go
+++ b/vendor/github.com/prometheus/common/expfmt/text_parse.go
@@ -24,8 +24,8 @@ import (
 
 	dto "github.com/prometheus/client_model/go"
 
-	"github.com/golang/protobuf/proto" //nolint:staticcheck // Ignore SA1019. Need to keep deprecated package for compatibility.
 	"github.com/prometheus/common/model"
+	"google.golang.org/protobuf/proto"
 )
 
 // A stateFn is a function that represents a state in a state machine. By
diff --git a/vendor/github.com/prometheus/procfs/.golangci.yml b/vendor/github.com/prometheus/procfs/.golangci.yml
index a197699a1..c24864a92 100644
--- a/vendor/github.com/prometheus/procfs/.golangci.yml
+++ b/vendor/github.com/prometheus/procfs/.golangci.yml
@@ -2,6 +2,7 @@
 linters:
   enable:
   - godot
+  - misspell
   - revive
 
 linter-settings:
@@ -10,3 +11,5 @@ linter-settings:
     exclude:
     # Ignore "See: URL"
     - 'See:'
+  misspell:
+    locale: US
diff --git a/vendor/github.com/prometheus/procfs/Makefile.common b/vendor/github.com/prometheus/procfs/Makefile.common
index e358db69c..062a28185 100644
--- a/vendor/github.com/prometheus/procfs/Makefile.common
+++ b/vendor/github.com/prometheus/procfs/Makefile.common
@@ -49,19 +49,19 @@ endif
 GOTEST := $(GO) test
 GOTEST_DIR :=
 ifneq ($(CIRCLE_JOB),)
-ifneq ($(shell which gotestsum),)
+ifneq ($(shell command -v gotestsum > /dev/null),)
 	GOTEST_DIR := test-results
 	GOTEST := gotestsum --junitfile $(GOTEST_DIR)/unit-tests.xml --
 endif
 endif
 
-PROMU_VERSION ?= 0.14.0
+PROMU_VERSION ?= 0.15.0
 PROMU_URL     := https://github.com/prometheus/promu/releases/download/v$(PROMU_VERSION)/promu-$(PROMU_VERSION).$(GO_BUILD_PLATFORM).tar.gz
 
 SKIP_GOLANGCI_LINT :=
 GOLANGCI_LINT :=
 GOLANGCI_LINT_OPTS ?=
-GOLANGCI_LINT_VERSION ?= v1.49.0
+GOLANGCI_LINT_VERSION ?= v1.54.2
 # golangci-lint only supports linux, darwin and windows platforms on i386/amd64.
 # windows isn't included here because of the path separator being different.
 ifeq ($(GOHOSTOS),$(filter $(GOHOSTOS),linux darwin))
@@ -91,6 +91,8 @@ BUILD_DOCKER_ARCHS = $(addprefix common-docker-,$(DOCKER_ARCHS))
 PUBLISH_DOCKER_ARCHS = $(addprefix common-docker-publish-,$(DOCKER_ARCHS))
 TAG_DOCKER_ARCHS = $(addprefix common-docker-tag-latest-,$(DOCKER_ARCHS))
 
+SANITIZED_DOCKER_IMAGE_TAG := $(subst +,-,$(DOCKER_IMAGE_TAG))
+
 ifeq ($(GOHOSTARCH),amd64)
         ifeq ($(GOHOSTOS),$(filter $(GOHOSTOS),linux freebsd darwin windows))
                 # Only supported on amd64
@@ -176,7 +178,7 @@ endif
 .PHONY: common-yamllint
 common-yamllint:
 	@echo ">> running yamllint on all YAML files in the repository"
-ifeq (, $(shell which yamllint))
+ifeq (, $(shell command -v yamllint > /dev/null))
 	@echo "yamllint not installed so skipping"
 else
 	yamllint .
@@ -205,7 +207,7 @@ common-tarball: promu
 .PHONY: common-docker $(BUILD_DOCKER_ARCHS)
 common-docker: $(BUILD_DOCKER_ARCHS)
 $(BUILD_DOCKER_ARCHS): common-docker-%:
-	docker build -t "$(DOCKER_REPO)/$(DOCKER_IMAGE_NAME)-linux-$*:$(DOCKER_IMAGE_TAG)" \
+	docker build -t "$(DOCKER_REPO)/$(DOCKER_IMAGE_NAME)-linux-$*:$(SANITIZED_DOCKER_IMAGE_TAG)" \
 		-f $(DOCKERFILE_PATH) \
 		--build-arg ARCH="$*" \
 		--build-arg OS="linux" \
@@ -214,19 +216,19 @@ $(BUILD_DOCKER_ARCHS): common-docker-%:
 .PHONY: common-docker-publish $(PUBLISH_DOCKER_ARCHS)
 common-docker-publish: $(PUBLISH_DOCKER_ARCHS)
 $(PUBLISH_DOCKER_ARCHS): common-docker-publish-%:
-	docker push "$(DOCKER_REPO)/$(DOCKER_IMAGE_NAME)-linux-$*:$(DOCKER_IMAGE_TAG)"
+	docker push "$(DOCKER_REPO)/$(DOCKER_IMAGE_NAME)-linux-$*:$(SANITIZED_DOCKER_IMAGE_TAG)"
 
 DOCKER_MAJOR_VERSION_TAG = $(firstword $(subst ., ,$(shell cat VERSION)))
 .PHONY: common-docker-tag-latest $(TAG_DOCKER_ARCHS)
 common-docker-tag-latest: $(TAG_DOCKER_ARCHS)
 $(TAG_DOCKER_ARCHS): common-docker-tag-latest-%:
-	docker tag "$(DOCKER_REPO)/$(DOCKER_IMAGE_NAME)-linux-$*:$(DOCKER_IMAGE_TAG)" "$(DOCKER_REPO)/$(DOCKER_IMAGE_NAME)-linux-$*:latest"
-	docker tag "$(DOCKER_REPO)/$(DOCKER_IMAGE_NAME)-linux-$*:$(DOCKER_IMAGE_TAG)" "$(DOCKER_REPO)/$(DOCKER_IMAGE_NAME)-linux-$*:v$(DOCKER_MAJOR_VERSION_TAG)"
+	docker tag "$(DOCKER_REPO)/$(DOCKER_IMAGE_NAME)-linux-$*:$(SANITIZED_DOCKER_IMAGE_TAG)" "$(DOCKER_REPO)/$(DOCKER_IMAGE_NAME)-linux-$*:latest"
+	docker tag "$(DOCKER_REPO)/$(DOCKER_IMAGE_NAME)-linux-$*:$(SANITIZED_DOCKER_IMAGE_TAG)" "$(DOCKER_REPO)/$(DOCKER_IMAGE_NAME)-linux-$*:v$(DOCKER_MAJOR_VERSION_TAG)"
 
 .PHONY: common-docker-manifest
 common-docker-manifest:
-	DOCKER_CLI_EXPERIMENTAL=enabled docker manifest create -a "$(DOCKER_REPO)/$(DOCKER_IMAGE_NAME):$(DOCKER_IMAGE_TAG)" $(foreach ARCH,$(DOCKER_ARCHS),$(DOCKER_REPO)/$(DOCKER_IMAGE_NAME)-linux-$(ARCH):$(DOCKER_IMAGE_TAG))
-	DOCKER_CLI_EXPERIMENTAL=enabled docker manifest push "$(DOCKER_REPO)/$(DOCKER_IMAGE_NAME):$(DOCKER_IMAGE_TAG)"
+	DOCKER_CLI_EXPERIMENTAL=enabled docker manifest create -a "$(DOCKER_REPO)/$(DOCKER_IMAGE_NAME):$(SANITIZED_DOCKER_IMAGE_TAG)" $(foreach ARCH,$(DOCKER_ARCHS),$(DOCKER_REPO)/$(DOCKER_IMAGE_NAME)-linux-$(ARCH):$(SANITIZED_DOCKER_IMAGE_TAG))
+	DOCKER_CLI_EXPERIMENTAL=enabled docker manifest push "$(DOCKER_REPO)/$(DOCKER_IMAGE_NAME):$(SANITIZED_DOCKER_IMAGE_TAG)"
 
 .PHONY: promu
 promu: $(PROMU)
diff --git a/vendor/github.com/prometheus/procfs/README.md b/vendor/github.com/prometheus/procfs/README.md
index 43c37735a..1224816c2 100644
--- a/vendor/github.com/prometheus/procfs/README.md
+++ b/vendor/github.com/prometheus/procfs/README.md
@@ -51,11 +51,11 @@ ensure the `fixtures` directory is up to date by removing the existing directory
 extracting the ttar file using `make fixtures/.unpacked` or just `make test`.
 
 ```bash
-rm -rf fixtures
+rm -rf testdata/fixtures
 make test
 ```
 
 Next, make the required changes to the extracted files in the `fixtures` directory.  When
 the changes are complete, run `make update_fixtures` to create a new `fixtures.ttar` file
 based on the updated `fixtures` directory.  And finally, verify the changes using
-`git diff fixtures.ttar`.
+`git diff testdata/fixtures.ttar`.
diff --git a/vendor/github.com/prometheus/procfs/arp.go b/vendor/github.com/prometheus/procfs/arp.go
index 68f36e888..28783e2dd 100644
--- a/vendor/github.com/prometheus/procfs/arp.go
+++ b/vendor/github.com/prometheus/procfs/arp.go
@@ -55,7 +55,7 @@ type ARPEntry struct {
 func (fs FS) GatherARPEntries() ([]ARPEntry, error) {
 	data, err := os.ReadFile(fs.proc.Path("net/arp"))
 	if err != nil {
-		return nil, fmt.Errorf("error reading arp %q: %w", fs.proc.Path("net/arp"), err)
+		return nil, fmt.Errorf("%s: error reading arp %s: %w", ErrFileRead, fs.proc.Path("net/arp"), err)
 	}
 
 	return parseARPEntries(data)
@@ -78,11 +78,11 @@ func parseARPEntries(data []byte) ([]ARPEntry, error) {
 		} else if width == expectedDataWidth {
 			entry, err := parseARPEntry(columns)
 			if err != nil {
-				return []ARPEntry{}, fmt.Errorf("failed to parse ARP entry: %w", err)
+				return []ARPEntry{}, fmt.Errorf("%s: Failed to parse ARP entry: %v: %w", ErrFileParse, entry, err)
 			}
 			entries = append(entries, entry)
 		} else {
-			return []ARPEntry{}, fmt.Errorf("%d columns were detected, but %d were expected", width, expectedDataWidth)
+			return []ARPEntry{}, fmt.Errorf("%s: %d columns found, but expected %d: %w", ErrFileParse, width, expectedDataWidth, err)
 		}
 
 	}
diff --git a/vendor/github.com/prometheus/procfs/buddyinfo.go b/vendor/github.com/prometheus/procfs/buddyinfo.go
index f5b7939b2..4a173636c 100644
--- a/vendor/github.com/prometheus/procfs/buddyinfo.go
+++ b/vendor/github.com/prometheus/procfs/buddyinfo.go
@@ -55,7 +55,7 @@ func parseBuddyInfo(r io.Reader) ([]BuddyInfo, error) {
 		parts := strings.Fields(line)
 
 		if len(parts) < 4 {
-			return nil, fmt.Errorf("invalid number of fields when parsing buddyinfo")
+			return nil, fmt.Errorf("%w: Invalid number of fields, found: %v", ErrFileParse, parts)
 		}
 
 		node := strings.TrimRight(parts[1], ",")
@@ -66,7 +66,7 @@ func parseBuddyInfo(r io.Reader) ([]BuddyInfo, error) {
 			bucketCount = arraySize
 		} else {
 			if bucketCount != arraySize {
-				return nil, fmt.Errorf("mismatch in number of buddyinfo buckets, previous count %d, new count %d", bucketCount, arraySize)
+				return nil, fmt.Errorf("%w: mismatch in number of buddyinfo buckets, previous count %d, new count %d", ErrFileParse, bucketCount, arraySize)
 			}
 		}
 
@@ -74,7 +74,7 @@ func parseBuddyInfo(r io.Reader) ([]BuddyInfo, error) {
 		for i := 0; i < arraySize; i++ {
 			sizes[i], err = strconv.ParseFloat(parts[i+4], 64)
 			if err != nil {
-				return nil, fmt.Errorf("invalid value in buddyinfo: %w", err)
+				return nil, fmt.Errorf("%s: Invalid valid in buddyinfo: %f: %w", ErrFileParse, sizes[i], err)
 			}
 		}
 
diff --git a/vendor/github.com/prometheus/procfs/cpuinfo.go b/vendor/github.com/prometheus/procfs/cpuinfo.go
index 06968ca2e..f4f5501c6 100644
--- a/vendor/github.com/prometheus/procfs/cpuinfo.go
+++ b/vendor/github.com/prometheus/procfs/cpuinfo.go
@@ -79,7 +79,7 @@ func parseCPUInfoX86(info []byte) ([]CPUInfo, error) {
 	// find the first "processor" line
 	firstLine := firstNonEmptyLine(scanner)
 	if !strings.HasPrefix(firstLine, "processor") || !strings.Contains(firstLine, ":") {
-		return nil, fmt.Errorf("invalid cpuinfo file: %q", firstLine)
+		return nil, fmt.Errorf("%w: Cannot parse  line: %q", ErrFileParse, firstLine)
 	}
 	field := strings.SplitN(firstLine, ": ", 2)
 	v, err := strconv.ParseUint(field[1], 0, 32)
@@ -192,9 +192,10 @@ func parseCPUInfoARM(info []byte) ([]CPUInfo, error) {
 	scanner := bufio.NewScanner(bytes.NewReader(info))
 
 	firstLine := firstNonEmptyLine(scanner)
-	match, _ := regexp.MatchString("^[Pp]rocessor", firstLine)
+	match, err := regexp.MatchString("^[Pp]rocessor", firstLine)
 	if !match || !strings.Contains(firstLine, ":") {
-		return nil, fmt.Errorf("invalid cpuinfo file: %q", firstLine)
+		return nil, fmt.Errorf("%s: Cannot parse line: %q: %w", ErrFileParse, firstLine, err)
+
 	}
 	field := strings.SplitN(firstLine, ": ", 2)
 	cpuinfo := []CPUInfo{}
@@ -258,7 +259,7 @@ func parseCPUInfoS390X(info []byte) ([]CPUInfo, error) {
 
 	firstLine := firstNonEmptyLine(scanner)
 	if !strings.HasPrefix(firstLine, "vendor_id") || !strings.Contains(firstLine, ":") {
-		return nil, fmt.Errorf("invalid cpuinfo file: %q", firstLine)
+		return nil, fmt.Errorf("%w: Cannot parse line: %q", ErrFileParse, firstLine)
 	}
 	field := strings.SplitN(firstLine, ": ", 2)
 	cpuinfo := []CPUInfo{}
@@ -283,7 +284,7 @@ func parseCPUInfoS390X(info []byte) ([]CPUInfo, error) {
 		if strings.HasPrefix(line, "processor") {
 			match := cpuinfoS390XProcessorRegexp.FindStringSubmatch(line)
 			if len(match) < 2 {
-				return nil, fmt.Errorf("invalid cpuinfo file: %q", firstLine)
+				return nil, fmt.Errorf("%w: %q", ErrFileParse, firstLine)
 			}
 			cpu := commonCPUInfo
 			v, err := strconv.ParseUint(match[1], 0, 32)
@@ -343,7 +344,7 @@ func parseCPUInfoMips(info []byte) ([]CPUInfo, error) {
 	// find the first "processor" line
 	firstLine := firstNonEmptyLine(scanner)
 	if !strings.HasPrefix(firstLine, "system type") || !strings.Contains(firstLine, ":") {
-		return nil, fmt.Errorf("invalid cpuinfo file: %q", firstLine)
+		return nil, fmt.Errorf("%w: %q", ErrFileParse, firstLine)
 	}
 	field := strings.SplitN(firstLine, ": ", 2)
 	cpuinfo := []CPUInfo{}
@@ -421,7 +422,7 @@ func parseCPUInfoPPC(info []byte) ([]CPUInfo, error) {
 
 	firstLine := firstNonEmptyLine(scanner)
 	if !strings.HasPrefix(firstLine, "processor") || !strings.Contains(firstLine, ":") {
-		return nil, fmt.Errorf("invalid cpuinfo file: %q", firstLine)
+		return nil, fmt.Errorf("%w: %q", ErrFileParse, firstLine)
 	}
 	field := strings.SplitN(firstLine, ": ", 2)
 	v, err := strconv.ParseUint(field[1], 0, 32)
@@ -466,7 +467,7 @@ func parseCPUInfoRISCV(info []byte) ([]CPUInfo, error) {
 
 	firstLine := firstNonEmptyLine(scanner)
 	if !strings.HasPrefix(firstLine, "processor") || !strings.Contains(firstLine, ":") {
-		return nil, fmt.Errorf("invalid cpuinfo file: %q", firstLine)
+		return nil, fmt.Errorf("%w: %q", ErrFileParse, firstLine)
 	}
 	field := strings.SplitN(firstLine, ": ", 2)
 	v, err := strconv.ParseUint(field[1], 0, 32)
diff --git a/vendor/github.com/prometheus/procfs/crypto.go b/vendor/github.com/prometheus/procfs/crypto.go
index 5048ad1f2..9a73e2639 100644
--- a/vendor/github.com/prometheus/procfs/crypto.go
+++ b/vendor/github.com/prometheus/procfs/crypto.go
@@ -55,12 +55,13 @@ func (fs FS) Crypto() ([]Crypto, error) {
 	path := fs.proc.Path("crypto")
 	b, err := util.ReadFileNoStat(path)
 	if err != nil {
-		return nil, fmt.Errorf("error reading crypto %q: %w", path, err)
+		return nil, fmt.Errorf("%s: Cannot read file %v: %w", ErrFileRead, b, err)
+
 	}
 
 	crypto, err := parseCrypto(bytes.NewReader(b))
 	if err != nil {
-		return nil, fmt.Errorf("error parsing crypto %q: %w", path, err)
+		return nil, fmt.Errorf("%s: Cannot parse %v: %w", ErrFileParse, crypto, err)
 	}
 
 	return crypto, nil
@@ -83,7 +84,7 @@ func parseCrypto(r io.Reader) ([]Crypto, error) {
 
 		kv := strings.Split(text, ":")
 		if len(kv) != 2 {
-			return nil, fmt.Errorf("malformed crypto line: %q", text)
+			return nil, fmt.Errorf("%w: Cannot parae line: %q", ErrFileParse, text)
 		}
 
 		k := strings.TrimSpace(kv[0])
diff --git a/vendor/github.com/prometheus/procfs/fs.go b/vendor/github.com/prometheus/procfs/fs.go
index 0102ab0fd..4980c875b 100644
--- a/vendor/github.com/prometheus/procfs/fs.go
+++ b/vendor/github.com/prometheus/procfs/fs.go
@@ -20,7 +20,8 @@ import (
 // FS represents the pseudo-filesystem sys, which provides an interface to
 // kernel data structures.
 type FS struct {
-	proc fs.FS
+	proc   fs.FS
+	isReal bool
 }
 
 // DefaultMountPoint is the common mount point of the proc filesystem.
@@ -39,5 +40,11 @@ func NewFS(mountPoint string) (FS, error) {
 	if err != nil {
 		return FS{}, err
 	}
-	return FS{fs}, nil
+
+	isReal, err := isRealProc(mountPoint)
+	if err != nil {
+		return FS{}, err
+	}
+
+	return FS{fs, isReal}, nil
 }
diff --git a/vendor/github.com/prometheus/procfs/fs_statfs_notype.go b/vendor/github.com/prometheus/procfs/fs_statfs_notype.go
new file mode 100644
index 000000000..134767d69
--- /dev/null
+++ b/vendor/github.com/prometheus/procfs/fs_statfs_notype.go
@@ -0,0 +1,23 @@
+// Copyright 2018 The Prometheus Authors
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+//go:build !freebsd && !linux
+// +build !freebsd,!linux
+
+package procfs
+
+// isRealProc returns true on architectures that don't have a Type argument
+// in their Statfs_t struct
+func isRealProc(mountPoint string) (bool, error) {
+	return true, nil
+}
diff --git a/vendor/github.com/prometheus/procfs/fs_statfs_type.go b/vendor/github.com/prometheus/procfs/fs_statfs_type.go
new file mode 100644
index 000000000..80df79c31
--- /dev/null
+++ b/vendor/github.com/prometheus/procfs/fs_statfs_type.go
@@ -0,0 +1,33 @@
+// Copyright 2018 The Prometheus Authors
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+//go:build freebsd || linux
+// +build freebsd linux
+
+package procfs
+
+import (
+	"syscall"
+)
+
+// isRealProc determines whether supplied mountpoint is really a proc filesystem.
+func isRealProc(mountPoint string) (bool, error) {
+	stat := syscall.Statfs_t{}
+	err := syscall.Statfs(mountPoint, &stat)
+	if err != nil {
+		return false, err
+	}
+
+	// 0x9fa0 is PROC_SUPER_MAGIC: https://elixir.bootlin.com/linux/v6.1/source/include/uapi/linux/magic.h#L87
+	return stat.Type == 0x9fa0, nil
+}
diff --git a/vendor/github.com/prometheus/procfs/fscache.go b/vendor/github.com/prometheus/procfs/fscache.go
index f8070e6e2..f560a8db3 100644
--- a/vendor/github.com/prometheus/procfs/fscache.go
+++ b/vendor/github.com/prometheus/procfs/fscache.go
@@ -236,7 +236,7 @@ func (fs FS) Fscacheinfo() (Fscacheinfo, error) {
 
 	m, err := parseFscacheinfo(bytes.NewReader(b))
 	if err != nil {
-		return Fscacheinfo{}, fmt.Errorf("failed to parse Fscacheinfo: %w", err)
+		return Fscacheinfo{}, fmt.Errorf("%s: Cannot parse %v: %w", ErrFileParse, m, err)
 	}
 
 	return *m, nil
@@ -245,7 +245,7 @@ func (fs FS) Fscacheinfo() (Fscacheinfo, error) {
 func setFSCacheFields(fields []string, setFields ...*uint64) error {
 	var err error
 	if len(fields) < len(setFields) {
-		return fmt.Errorf("Insufficient number of fields, expected %v, got %v", len(setFields), len(fields))
+		return fmt.Errorf("%s: Expected %d, but got %d: %w", ErrFileParse, len(setFields), len(fields), err)
 	}
 
 	for i := range setFields {
@@ -263,7 +263,7 @@ func parseFscacheinfo(r io.Reader) (*Fscacheinfo, error) {
 	for s.Scan() {
 		fields := strings.Fields(s.Text())
 		if len(fields) < 2 {
-			return nil, fmt.Errorf("malformed Fscacheinfo line: %q", s.Text())
+			return nil, fmt.Errorf("%w: malformed Fscacheinfo line: %q", ErrFileParse, s.Text())
 		}
 
 		switch fields[0] {
diff --git a/vendor/github.com/prometheus/procfs/internal/util/parse.go b/vendor/github.com/prometheus/procfs/internal/util/parse.go
index b030951fa..14272dc78 100644
--- a/vendor/github.com/prometheus/procfs/internal/util/parse.go
+++ b/vendor/github.com/prometheus/procfs/internal/util/parse.go
@@ -64,6 +64,21 @@ func ParsePInt64s(ss []string) ([]*int64, error) {
 	return us, nil
 }
 
+// Parses a uint64 from given hex in string.
+func ParseHexUint64s(ss []string) ([]*uint64, error) {
+	us := make([]*uint64, 0, len(ss))
+	for _, s := range ss {
+		u, err := strconv.ParseUint(s, 16, 64)
+		if err != nil {
+			return nil, err
+		}
+
+		us = append(us, &u)
+	}
+
+	return us, nil
+}
+
 // ReadUintFromFile reads a file and attempts to parse a uint64 from it.
 func ReadUintFromFile(path string) (uint64, error) {
 	data, err := os.ReadFile(path)
diff --git a/vendor/github.com/prometheus/procfs/ipvs.go b/vendor/github.com/prometheus/procfs/ipvs.go
index 391c07957..5a145bbfe 100644
--- a/vendor/github.com/prometheus/procfs/ipvs.go
+++ b/vendor/github.com/prometheus/procfs/ipvs.go
@@ -221,15 +221,16 @@ func parseIPPort(s string) (net.IP, uint16, error) {
 	case 46:
 		ip = net.ParseIP(s[1:40])
 		if ip == nil {
-			return nil, 0, fmt.Errorf("invalid IPv6 address: %s", s[1:40])
+			return nil, 0, fmt.Errorf("%s: Invalid IPv6 addr %s: %w", ErrFileParse, s[1:40], err)
 		}
 	default:
-		return nil, 0, fmt.Errorf("unexpected IP:Port: %s", s)
+		return nil, 0, fmt.Errorf("%s: Unexpected IP:Port %s: %w", ErrFileParse, s, err)
 	}
 
 	portString := s[len(s)-4:]
 	if len(portString) != 4 {
-		return nil, 0, fmt.Errorf("unexpected port string format: %s", portString)
+		return nil, 0,
+			fmt.Errorf("%s: Unexpected port string format %s: %w", ErrFileParse, portString, err)
 	}
 	port, err := strconv.ParseUint(portString, 16, 16)
 	if err != nil {
diff --git a/vendor/github.com/prometheus/procfs/loadavg.go b/vendor/github.com/prometheus/procfs/loadavg.go
index 0096cafbd..59465c5bb 100644
--- a/vendor/github.com/prometheus/procfs/loadavg.go
+++ b/vendor/github.com/prometheus/procfs/loadavg.go
@@ -44,14 +44,14 @@ func parseLoad(loadavgBytes []byte) (*LoadAvg, error) {
 	loads := make([]float64, 3)
 	parts := strings.Fields(string(loadavgBytes))
 	if len(parts) < 3 {
-		return nil, fmt.Errorf("malformed loadavg line: too few fields in loadavg string: %q", string(loadavgBytes))
+		return nil, fmt.Errorf("%w: Malformed line %q", ErrFileParse, string(loadavgBytes))
 	}
 
 	var err error
 	for i, load := range parts[0:3] {
 		loads[i], err = strconv.ParseFloat(load, 64)
 		if err != nil {
-			return nil, fmt.Errorf("could not parse load %q: %w", load, err)
+			return nil, fmt.Errorf("%s: Cannot parse load: %f: %w", ErrFileParse, loads[i], err)
 		}
 	}
 	return &LoadAvg{
diff --git a/vendor/github.com/prometheus/procfs/mdstat.go b/vendor/github.com/prometheus/procfs/mdstat.go
index a95c889cb..fdd4b9544 100644
--- a/vendor/github.com/prometheus/procfs/mdstat.go
+++ b/vendor/github.com/prometheus/procfs/mdstat.go
@@ -70,7 +70,7 @@ func (fs FS) MDStat() ([]MDStat, error) {
 	}
 	mdstat, err := parseMDStat(data)
 	if err != nil {
-		return nil, fmt.Errorf("error parsing mdstat %q: %w", fs.proc.Path("mdstat"), err)
+		return nil, fmt.Errorf("%s: Cannot parse %v: %w", ErrFileParse, fs.proc.Path("mdstat"), err)
 	}
 	return mdstat, nil
 }
@@ -90,13 +90,13 @@ func parseMDStat(mdStatData []byte) ([]MDStat, error) {
 
 		deviceFields := strings.Fields(line)
 		if len(deviceFields) < 3 {
-			return nil, fmt.Errorf("not enough fields in mdline (expected at least 3): %s", line)
+			return nil, fmt.Errorf("%s: Expected 3+ lines, got %q", ErrFileParse, line)
 		}
 		mdName := deviceFields[0] // mdx
 		state := deviceFields[2]  // active or inactive
 
 		if len(lines) <= i+3 {
-			return nil, fmt.Errorf("error parsing %q: too few lines for md device", mdName)
+			return nil, fmt.Errorf("%w: Too few lines for md device: %q", ErrFileParse, mdName)
 		}
 
 		// Failed disks have the suffix (F) & Spare disks have the suffix (S).
@@ -105,7 +105,7 @@ func parseMDStat(mdStatData []byte) ([]MDStat, error) {
 		active, total, down, size, err := evalStatusLine(lines[i], lines[i+1])
 
 		if err != nil {
-			return nil, fmt.Errorf("error parsing md device lines: %w", err)
+			return nil, fmt.Errorf("%s: Cannot parse md device lines: %v: %w", ErrFileParse, active, err)
 		}
 
 		syncLineIdx := i + 2
@@ -140,7 +140,7 @@ func parseMDStat(mdStatData []byte) ([]MDStat, error) {
 			} else {
 				syncedBlocks, pct, finish, speed, err = evalRecoveryLine(lines[syncLineIdx])
 				if err != nil {
-					return nil, fmt.Errorf("error parsing sync line in md device %q: %w", mdName, err)
+					return nil, fmt.Errorf("%s: Cannot parse sync line in md device: %q: %w", ErrFileParse, mdName, err)
 				}
 			}
 		}
@@ -168,13 +168,13 @@ func parseMDStat(mdStatData []byte) ([]MDStat, error) {
 func evalStatusLine(deviceLine, statusLine string) (active, total, down, size int64, err error) {
 	statusFields := strings.Fields(statusLine)
 	if len(statusFields) < 1 {
-		return 0, 0, 0, 0, fmt.Errorf("unexpected statusLine %q", statusLine)
+		return 0, 0, 0, 0, fmt.Errorf("%s: Unexpected statusline %q: %w", ErrFileParse, statusLine, err)
 	}
 
 	sizeStr := statusFields[0]
 	size, err = strconv.ParseInt(sizeStr, 10, 64)
 	if err != nil {
-		return 0, 0, 0, 0, fmt.Errorf("unexpected statusLine %q: %w", statusLine, err)
+		return 0, 0, 0, 0, fmt.Errorf("%s: Unexpected statusline %q: %w", ErrFileParse, statusLine, err)
 	}
 
 	if strings.Contains(deviceLine, "raid0") || strings.Contains(deviceLine, "linear") {
@@ -189,17 +189,17 @@ func evalStatusLine(deviceLine, statusLine string) (active, total, down, size in
 
 	matches := statusLineRE.FindStringSubmatch(statusLine)
 	if len(matches) != 5 {
-		return 0, 0, 0, 0, fmt.Errorf("couldn't find all the substring matches: %s", statusLine)
+		return 0, 0, 0, 0, fmt.Errorf("%s: Could not fild all substring matches %s: %w", ErrFileParse, statusLine, err)
 	}
 
 	total, err = strconv.ParseInt(matches[2], 10, 64)
 	if err != nil {
-		return 0, 0, 0, 0, fmt.Errorf("unexpected statusLine %q: %w", statusLine, err)
+		return 0, 0, 0, 0, fmt.Errorf("%s: Unexpected statusline %q: %w", ErrFileParse, statusLine, err)
 	}
 
 	active, err = strconv.ParseInt(matches[3], 10, 64)
 	if err != nil {
-		return 0, 0, 0, 0, fmt.Errorf("unexpected statusLine %q: %w", statusLine, err)
+		return 0, 0, 0, 0, fmt.Errorf("%s: Unexpected active %d: %w", ErrFileParse, active, err)
 	}
 	down = int64(strings.Count(matches[4], "_"))
 
@@ -209,42 +209,42 @@ func evalStatusLine(deviceLine, statusLine string) (active, total, down, size in
 func evalRecoveryLine(recoveryLine string) (syncedBlocks int64, pct float64, finish float64, speed float64, err error) {
 	matches := recoveryLineBlocksRE.FindStringSubmatch(recoveryLine)
 	if len(matches) != 2 {
-		return 0, 0, 0, 0, fmt.Errorf("unexpected recoveryLine: %s", recoveryLine)
+		return 0, 0, 0, 0, fmt.Errorf("%s: Unexpected recoveryLine %s: %w", ErrFileParse, recoveryLine, err)
 	}
 
 	syncedBlocks, err = strconv.ParseInt(matches[1], 10, 64)
 	if err != nil {
-		return 0, 0, 0, 0, fmt.Errorf("error parsing int from recoveryLine %q: %w", recoveryLine, err)
+		return 0, 0, 0, 0, fmt.Errorf("%s: Unexpected parsing of recoveryLine %q: %w", ErrFileParse, recoveryLine, err)
 	}
 
 	// Get percentage complete
 	matches = recoveryLinePctRE.FindStringSubmatch(recoveryLine)
 	if len(matches) != 2 {
-		return syncedBlocks, 0, 0, 0, fmt.Errorf("unexpected recoveryLine matching percentage: %s", recoveryLine)
+		return syncedBlocks, 0, 0, 0, fmt.Errorf("%w: Unexpected recoveryLine matching percentage %s", ErrFileParse, recoveryLine)
 	}
 	pct, err = strconv.ParseFloat(strings.TrimSpace(matches[1]), 64)
 	if err != nil {
-		return syncedBlocks, 0, 0, 0, fmt.Errorf("error parsing float from recoveryLine %q: %w", recoveryLine, err)
+		return syncedBlocks, 0, 0, 0, fmt.Errorf("%w: Error parsing float from recoveryLine %q", ErrFileParse, recoveryLine)
 	}
 
 	// Get time expected left to complete
 	matches = recoveryLineFinishRE.FindStringSubmatch(recoveryLine)
 	if len(matches) != 2 {
-		return syncedBlocks, pct, 0, 0, fmt.Errorf("unexpected recoveryLine matching est. finish time: %s", recoveryLine)
+		return syncedBlocks, pct, 0, 0, fmt.Errorf("%w: Unexpected recoveryLine matching est. finish time: %s", ErrFileParse, recoveryLine)
 	}
 	finish, err = strconv.ParseFloat(matches[1], 64)
 	if err != nil {
-		return syncedBlocks, pct, 0, 0, fmt.Errorf("error parsing float from recoveryLine %q: %w", recoveryLine, err)
+		return syncedBlocks, pct, 0, 0, fmt.Errorf("%w: Unable to parse float from recoveryLine: %q", ErrFileParse, recoveryLine)
 	}
 
 	// Get recovery speed
 	matches = recoveryLineSpeedRE.FindStringSubmatch(recoveryLine)
 	if len(matches) != 2 {
-		return syncedBlocks, pct, finish, 0, fmt.Errorf("unexpected recoveryLine matching speed: %s", recoveryLine)
+		return syncedBlocks, pct, finish, 0, fmt.Errorf("%w: Unexpected recoveryLine value: %s", ErrFileParse, recoveryLine)
 	}
 	speed, err = strconv.ParseFloat(matches[1], 64)
 	if err != nil {
-		return syncedBlocks, pct, finish, 0, fmt.Errorf("error parsing float from recoveryLine %q: %w", recoveryLine, err)
+		return syncedBlocks, pct, finish, 0, fmt.Errorf("%s: Error parsing float from recoveryLine: %q: %w", ErrFileParse, recoveryLine, err)
 	}
 
 	return syncedBlocks, pct, finish, speed, nil
diff --git a/vendor/github.com/prometheus/procfs/meminfo.go b/vendor/github.com/prometheus/procfs/meminfo.go
index f65e174e5..eaf00e224 100644
--- a/vendor/github.com/prometheus/procfs/meminfo.go
+++ b/vendor/github.com/prometheus/procfs/meminfo.go
@@ -152,7 +152,7 @@ func (fs FS) Meminfo() (Meminfo, error) {
 
 	m, err := parseMemInfo(bytes.NewReader(b))
 	if err != nil {
-		return Meminfo{}, fmt.Errorf("failed to parse meminfo: %w", err)
+		return Meminfo{}, fmt.Errorf("%s: %w", ErrFileParse, err)
 	}
 
 	return *m, nil
@@ -165,7 +165,7 @@ func parseMemInfo(r io.Reader) (*Meminfo, error) {
 		// Each line has at least a name and value; we ignore the unit.
 		fields := strings.Fields(s.Text())
 		if len(fields) < 2 {
-			return nil, fmt.Errorf("malformed meminfo line: %q", s.Text())
+			return nil, fmt.Errorf("%w: Malformed line %q", ErrFileParse, s.Text())
 		}
 
 		v, err := strconv.ParseUint(fields[1], 0, 64)
diff --git a/vendor/github.com/prometheus/procfs/mountinfo.go b/vendor/github.com/prometheus/procfs/mountinfo.go
index 59f4d5055..388ebf396 100644
--- a/vendor/github.com/prometheus/procfs/mountinfo.go
+++ b/vendor/github.com/prometheus/procfs/mountinfo.go
@@ -78,11 +78,11 @@ func parseMountInfoString(mountString string) (*MountInfo, error) {
 	mountInfo := strings.Split(mountString, " ")
 	mountInfoLength := len(mountInfo)
 	if mountInfoLength < 10 {
-		return nil, fmt.Errorf("couldn't find enough fields in mount string: %s", mountString)
+		return nil, fmt.Errorf("%w: Too few fields in mount string: %s", ErrFileParse, mountString)
 	}
 
 	if mountInfo[mountInfoLength-4] != "-" {
-		return nil, fmt.Errorf("couldn't find separator in expected field: %s", mountInfo[mountInfoLength-4])
+		return nil, fmt.Errorf("%w: couldn't find separator in expected field: %s", ErrFileParse, mountInfo[mountInfoLength-4])
 	}
 
 	mount := &MountInfo{
@@ -98,18 +98,18 @@ func parseMountInfoString(mountString string) (*MountInfo, error) {
 
 	mount.MountID, err = strconv.Atoi(mountInfo[0])
 	if err != nil {
-		return nil, fmt.Errorf("failed to parse mount ID")
+		return nil, fmt.Errorf("%w: mount ID: %q", ErrFileParse, mount.MountID)
 	}
 	mount.ParentID, err = strconv.Atoi(mountInfo[1])
 	if err != nil {
-		return nil, fmt.Errorf("failed to parse parent ID")
+		return nil, fmt.Errorf("%w: parent ID: %q", ErrFileParse, mount.ParentID)
 	}
 	// Has optional fields, which is a space separated list of values.
 	// Example: shared:2 master:7
 	if mountInfo[6] != "" {
 		mount.OptionalFields, err = mountOptionsParseOptionalFields(mountInfo[6 : mountInfoLength-4])
 		if err != nil {
-			return nil, err
+			return nil, fmt.Errorf("%s: %w", ErrFileParse, err)
 		}
 	}
 	return mount, nil
diff --git a/vendor/github.com/prometheus/procfs/mountstats.go b/vendor/github.com/prometheus/procfs/mountstats.go
index 0c482c18c..9d8af6db7 100644
--- a/vendor/github.com/prometheus/procfs/mountstats.go
+++ b/vendor/github.com/prometheus/procfs/mountstats.go
@@ -44,6 +44,14 @@ const (
 
 	fieldTransport11TCPLen = 13
 	fieldTransport11UDPLen = 10
+
+	// kernel version >= 4.14 MaxLen
+	// See: https://elixir.bootlin.com/linux/v6.4.8/source/net/sunrpc/xprtrdma/xprt_rdma.h#L393
+	fieldTransport11RDMAMaxLen = 28
+
+	// kernel version <= 4.2 MinLen
+	// See: https://elixir.bootlin.com/linux/v4.2.8/source/net/sunrpc/xprtrdma/xprt_rdma.h#L331
+	fieldTransport11RDMAMinLen = 20
 )
 
 // A Mount is a device mount parsed from /proc/[pid]/mountstats.
@@ -186,6 +194,8 @@ type NFSOperationStats struct {
 	CumulativeTotalResponseMilliseconds uint64
 	// Duration from when a request was enqueued to when it was completely handled.
 	CumulativeTotalRequestMilliseconds uint64
+	// The average time from the point the client sends RPC requests until it receives the response.
+	AverageRTTMilliseconds float64
 	// The count of operations that complete with tk_status < 0.  These statuses usually indicate error conditions.
 	Errors uint64
 }
@@ -231,6 +241,33 @@ type NFSTransportStats struct {
 	// A running counter, incremented on each request as the current size of the
 	// pending queue.
 	CumulativePendingQueue uint64
+
+	// Stats below only available with stat version 1.1.
+	// Transport over RDMA
+
+	// accessed when sending a call
+	ReadChunkCount   uint64
+	WriteChunkCount  uint64
+	ReplyChunkCount  uint64
+	TotalRdmaRequest uint64
+
+	// rarely accessed error counters
+	PullupCopyCount      uint64
+	HardwayRegisterCount uint64
+	FailedMarshalCount   uint64
+	BadReplyCount        uint64
+	MrsRecovered         uint64
+	MrsOrphaned          uint64
+	MrsAllocated         uint64
+	EmptySendctxQ        uint64
+
+	// accessed when receiving a reply
+	TotalRdmaReply    uint64
+	FixupCopyCount    uint64
+	ReplyWaitsForSend uint64
+	LocalInvNeeded    uint64
+	NomsgCallCount    uint64
+	BcallCount        uint64
 }
 
 // parseMountStats parses a /proc/[pid]/mountstats file and returns a slice
@@ -264,7 +301,7 @@ func parseMountStats(r io.Reader) ([]*Mount, error) {
 		if len(ss) > deviceEntryLen {
 			// Only NFSv3 and v4 are supported for parsing statistics
 			if m.Type != nfs3Type && m.Type != nfs4Type {
-				return nil, fmt.Errorf("cannot parse MountStats for fstype %q", m.Type)
+				return nil, fmt.Errorf("%w: Cannot parse MountStats for %q", ErrFileParse, m.Type)
 			}
 
 			statVersion := strings.TrimPrefix(ss[8], statVersionPrefix)
@@ -288,7 +325,7 @@ func parseMountStats(r io.Reader) ([]*Mount, error) {
 //	device [device] mounted on [mount] with fstype [type]
 func parseMount(ss []string) (*Mount, error) {
 	if len(ss) < deviceEntryLen {
-		return nil, fmt.Errorf("invalid device entry: %v", ss)
+		return nil, fmt.Errorf("%w: Invalid device %q", ErrFileParse, ss)
 	}
 
 	// Check for specific words appearing at specific indices to ensure
@@ -306,7 +343,7 @@ func parseMount(ss []string) (*Mount, error) {
 
 	for _, f := range format {
 		if ss[f.i] != f.s {
-			return nil, fmt.Errorf("invalid device entry: %v", ss)
+			return nil, fmt.Errorf("%w: Invalid device %q", ErrFileParse, ss)
 		}
 	}
 
@@ -343,7 +380,7 @@ func parseMountStatsNFS(s *bufio.Scanner, statVersion string) (*MountStatsNFS, e
 		switch ss[0] {
 		case fieldOpts:
 			if len(ss) < 2 {
-				return nil, fmt.Errorf("not enough information for NFS stats: %v", ss)
+				return nil, fmt.Errorf("%w: Incomplete information for NFS stats: %v", ErrFileParse, ss)
 			}
 			if stats.Opts == nil {
 				stats.Opts = map[string]string{}
@@ -358,7 +395,7 @@ func parseMountStatsNFS(s *bufio.Scanner, statVersion string) (*MountStatsNFS, e
 			}
 		case fieldAge:
 			if len(ss) < 2 {
-				return nil, fmt.Errorf("not enough information for NFS stats: %v", ss)
+				return nil, fmt.Errorf("%w: Incomplete information for NFS stats: %v", ErrFileParse, ss)
 			}
 			// Age integer is in seconds
 			d, err := time.ParseDuration(ss[1] + "s")
@@ -369,7 +406,7 @@ func parseMountStatsNFS(s *bufio.Scanner, statVersion string) (*MountStatsNFS, e
 			stats.Age = d
 		case fieldBytes:
 			if len(ss) < 2 {
-				return nil, fmt.Errorf("not enough information for NFS stats: %v", ss)
+				return nil, fmt.Errorf("%w: Incomplete information for NFS stats: %v", ErrFileParse, ss)
 			}
 			bstats, err := parseNFSBytesStats(ss[1:])
 			if err != nil {
@@ -379,7 +416,7 @@ func parseMountStatsNFS(s *bufio.Scanner, statVersion string) (*MountStatsNFS, e
 			stats.Bytes = *bstats
 		case fieldEvents:
 			if len(ss) < 2 {
-				return nil, fmt.Errorf("not enough information for NFS stats: %v", ss)
+				return nil, fmt.Errorf("%w: Incomplete information for NFS events: %v", ErrFileParse, ss)
 			}
 			estats, err := parseNFSEventsStats(ss[1:])
 			if err != nil {
@@ -389,7 +426,7 @@ func parseMountStatsNFS(s *bufio.Scanner, statVersion string) (*MountStatsNFS, e
 			stats.Events = *estats
 		case fieldTransport:
 			if len(ss) < 3 {
-				return nil, fmt.Errorf("not enough information for NFS transport stats: %v", ss)
+				return nil, fmt.Errorf("%w: Incomplete information for NFS transport stats: %v", ErrFileParse, ss)
 			}
 
 			tstats, err := parseNFSTransportStats(ss[1:], statVersion)
@@ -428,7 +465,7 @@ func parseMountStatsNFS(s *bufio.Scanner, statVersion string) (*MountStatsNFS, e
 // integer fields.
 func parseNFSBytesStats(ss []string) (*NFSBytesStats, error) {
 	if len(ss) != fieldBytesLen {
-		return nil, fmt.Errorf("invalid NFS bytes stats: %v", ss)
+		return nil, fmt.Errorf("%w: Invalid NFS bytes stats: %v", ErrFileParse, ss)
 	}
 
 	ns := make([]uint64, 0, fieldBytesLen)
@@ -457,7 +494,7 @@ func parseNFSBytesStats(ss []string) (*NFSBytesStats, error) {
 // integer fields.
 func parseNFSEventsStats(ss []string) (*NFSEventsStats, error) {
 	if len(ss) != fieldEventsLen {
-		return nil, fmt.Errorf("invalid NFS events stats: %v", ss)
+		return nil, fmt.Errorf("%w: invalid NFS events stats: %v", ErrFileParse, ss)
 	}
 
 	ns := make([]uint64, 0, fieldEventsLen)
@@ -521,7 +558,7 @@ func parseNFSOperationStats(s *bufio.Scanner) ([]NFSOperationStats, error) {
 		}
 
 		if len(ss) < minFields {
-			return nil, fmt.Errorf("invalid NFS per-operations stats: %v", ss)
+			return nil, fmt.Errorf("%w: invalid NFS per-operations stats: %v", ErrFileParse, ss)
 		}
 
 		// Skip string operation name for integers
@@ -534,7 +571,6 @@ func parseNFSOperationStats(s *bufio.Scanner) ([]NFSOperationStats, error) {
 
 			ns = append(ns, n)
 		}
-
 		opStats := NFSOperationStats{
 			Operation:                           strings.TrimSuffix(ss[0], ":"),
 			Requests:                            ns[0],
@@ -546,6 +582,9 @@ func parseNFSOperationStats(s *bufio.Scanner) ([]NFSOperationStats, error) {
 			CumulativeTotalResponseMilliseconds: ns[6],
 			CumulativeTotalRequestMilliseconds:  ns[7],
 		}
+		if ns[0] != 0 {
+			opStats.AverageRTTMilliseconds = float64(ns[6]) / float64(ns[0])
+		}
 
 		if len(ns) > 8 {
 			opStats.Errors = ns[8]
@@ -572,10 +611,10 @@ func parseNFSTransportStats(ss []string, statVersion string) (*NFSTransportStats
 		} else if protocol == "udp" {
 			expectedLength = fieldTransport10UDPLen
 		} else {
-			return nil, fmt.Errorf("invalid NFS protocol \"%s\" in stats 1.0 statement: %v", protocol, ss)
+			return nil, fmt.Errorf("%w: Invalid NFS protocol \"%s\" in stats 1.0 statement: %v", ErrFileParse, protocol, ss)
 		}
 		if len(ss) != expectedLength {
-			return nil, fmt.Errorf("invalid NFS transport stats 1.0 statement: %v", ss)
+			return nil, fmt.Errorf("%w: Invalid NFS transport stats 1.0 statement: %v", ErrFileParse, ss)
 		}
 	case statVersion11:
 		var expectedLength int
@@ -583,14 +622,17 @@ func parseNFSTransportStats(ss []string, statVersion string) (*NFSTransportStats
 			expectedLength = fieldTransport11TCPLen
 		} else if protocol == "udp" {
 			expectedLength = fieldTransport11UDPLen
+		} else if protocol == "rdma" {
+			expectedLength = fieldTransport11RDMAMinLen
 		} else {
-			return nil, fmt.Errorf("invalid NFS protocol \"%s\" in stats 1.1 statement: %v", protocol, ss)
+			return nil, fmt.Errorf("%w: invalid NFS protocol \"%s\" in stats 1.1 statement: %v", ErrFileParse, protocol, ss)
 		}
-		if len(ss) != expectedLength {
-			return nil, fmt.Errorf("invalid NFS transport stats 1.1 statement: %v", ss)
+		if (len(ss) != expectedLength && (protocol == "tcp" || protocol == "udp")) ||
+			(protocol == "rdma" && len(ss) < expectedLength) {
+			return nil, fmt.Errorf("%w: invalid NFS transport stats 1.1 statement: %v, protocol: %v", ErrFileParse, ss, protocol)
 		}
 	default:
-		return nil, fmt.Errorf("unrecognized NFS transport stats version: %q", statVersion)
+		return nil, fmt.Errorf("%s: Unrecognized NFS transport stats version: %q, protocol: %v", ErrFileParse, statVersion, protocol)
 	}
 
 	// Allocate enough for v1.1 stats since zero value for v1.1 stats will be okay
@@ -600,7 +642,9 @@ func parseNFSTransportStats(ss []string, statVersion string) (*NFSTransportStats
 	// Note: slice length must be set to length of v1.1 stats to avoid a panic when
 	// only v1.0 stats are present.
 	// See: https://github.com/prometheus/node_exporter/issues/571.
-	ns := make([]uint64, fieldTransport11TCPLen)
+	//
+	// Note: NFS Over RDMA slice length is fieldTransport11RDMAMaxLen
+	ns := make([]uint64, fieldTransport11RDMAMaxLen+3)
 	for i, s := range ss {
 		n, err := strconv.ParseUint(s, 10, 64)
 		if err != nil {
@@ -618,9 +662,14 @@ func parseNFSTransportStats(ss []string, statVersion string) (*NFSTransportStats
 	// we set them to 0 here.
 	if protocol == "udp" {
 		ns = append(ns[:2], append(make([]uint64, 3), ns[2:]...)...)
+	} else if protocol == "tcp" {
+		ns = append(ns[:fieldTransport11TCPLen], make([]uint64, fieldTransport11RDMAMaxLen-fieldTransport11TCPLen+3)...)
+	} else if protocol == "rdma" {
+		ns = append(ns[:fieldTransport10TCPLen], append(make([]uint64, 3), ns[fieldTransport10TCPLen:]...)...)
 	}
 
 	return &NFSTransportStats{
+		// NFS xprt over tcp or udp
 		Protocol:                 protocol,
 		Port:                     ns[0],
 		Bind:                     ns[1],
@@ -632,8 +681,32 @@ func parseNFSTransportStats(ss []string, statVersion string) (*NFSTransportStats
 		BadTransactionIDs:        ns[7],
 		CumulativeActiveRequests: ns[8],
 		CumulativeBacklog:        ns[9],
-		MaximumRPCSlotsUsed:      ns[10],
-		CumulativeSendingQueue:   ns[11],
-		CumulativePendingQueue:   ns[12],
+
+		// NFS xprt over tcp or udp
+		// And statVersion 1.1
+		MaximumRPCSlotsUsed:    ns[10],
+		CumulativeSendingQueue: ns[11],
+		CumulativePendingQueue: ns[12],
+
+		// NFS xprt over rdma
+		// And stat Version 1.1
+		ReadChunkCount:       ns[13],
+		WriteChunkCount:      ns[14],
+		ReplyChunkCount:      ns[15],
+		TotalRdmaRequest:     ns[16],
+		PullupCopyCount:      ns[17],
+		HardwayRegisterCount: ns[18],
+		FailedMarshalCount:   ns[19],
+		BadReplyCount:        ns[20],
+		MrsRecovered:         ns[21],
+		MrsOrphaned:          ns[22],
+		MrsAllocated:         ns[23],
+		EmptySendctxQ:        ns[24],
+		TotalRdmaReply:       ns[25],
+		FixupCopyCount:       ns[26],
+		ReplyWaitsForSend:    ns[27],
+		LocalInvNeeded:       ns[28],
+		NomsgCallCount:       ns[29],
+		BcallCount:           ns[30],
 	}, nil
 }
diff --git a/vendor/github.com/prometheus/procfs/net_conntrackstat.go b/vendor/github.com/prometheus/procfs/net_conntrackstat.go
index 8300daca0..fdfa45611 100644
--- a/vendor/github.com/prometheus/procfs/net_conntrackstat.go
+++ b/vendor/github.com/prometheus/procfs/net_conntrackstat.go
@@ -18,7 +18,6 @@ import (
 	"bytes"
 	"fmt"
 	"io"
-	"strconv"
 	"strings"
 
 	"github.com/prometheus/procfs/internal/util"
@@ -28,9 +27,13 @@ import (
 // and contains netfilter conntrack statistics at one CPU core.
 type ConntrackStatEntry struct {
 	Entries       uint64
+	Searched      uint64
 	Found         uint64
+	New           uint64
 	Invalid       uint64
 	Ignore        uint64
+	Delete        uint64
+	DeleteList    uint64
 	Insert        uint64
 	InsertFailed  uint64
 	Drop          uint64
@@ -55,7 +58,7 @@ func readConntrackStat(path string) ([]ConntrackStatEntry, error) {
 
 	stat, err := parseConntrackStat(bytes.NewReader(b))
 	if err != nil {
-		return nil, fmt.Errorf("failed to read conntrack stats from %q: %w", path, err)
+		return nil, fmt.Errorf("%s: Cannot read file: %v: %w", ErrFileRead, path, err)
 	}
 
 	return stat, nil
@@ -81,73 +84,35 @@ func parseConntrackStat(r io.Reader) ([]ConntrackStatEntry, error) {
 
 // Parses a ConntrackStatEntry from given array of fields.
 func parseConntrackStatEntry(fields []string) (*ConntrackStatEntry, error) {
-	if len(fields) != 17 {
-		return nil, fmt.Errorf("invalid conntrackstat entry, missing fields")
-	}
-	entry := &ConntrackStatEntry{}
-
-	entries, err := parseConntrackStatField(fields[0])
-	if err != nil {
-		return nil, err
-	}
-	entry.Entries = entries
-
-	found, err := parseConntrackStatField(fields[2])
-	if err != nil {
-		return nil, err
-	}
-	entry.Found = found
-
-	invalid, err := parseConntrackStatField(fields[4])
-	if err != nil {
-		return nil, err
-	}
-	entry.Invalid = invalid
-
-	ignore, err := parseConntrackStatField(fields[5])
-	if err != nil {
-		return nil, err
-	}
-	entry.Ignore = ignore
-
-	insert, err := parseConntrackStatField(fields[8])
+	entries, err := util.ParseHexUint64s(fields)
 	if err != nil {
-		return nil, err
+		return nil, fmt.Errorf("%s: Cannot parse entry: %d: %w", ErrFileParse, entries, err)
 	}
-	entry.Insert = insert
-
-	insertFailed, err := parseConntrackStatField(fields[9])
-	if err != nil {
-		return nil, err
+	numEntries := len(entries)
+	if numEntries < 16 || numEntries > 17 {
+		return nil,
+			fmt.Errorf("%w: invalid conntrackstat entry, invalid number of fields: %d", ErrFileParse, numEntries)
 	}
-	entry.InsertFailed = insertFailed
 
-	drop, err := parseConntrackStatField(fields[10])
-	if err != nil {
-		return nil, err
+	stats := &ConntrackStatEntry{
+		Entries:      *entries[0],
+		Searched:     *entries[1],
+		Found:        *entries[2],
+		New:          *entries[3],
+		Invalid:      *entries[4],
+		Ignore:       *entries[5],
+		Delete:       *entries[6],
+		DeleteList:   *entries[7],
+		Insert:       *entries[8],
+		InsertFailed: *entries[9],
+		Drop:         *entries[10],
+		EarlyDrop:    *entries[11],
 	}
-	entry.Drop = drop
 
-	earlyDrop, err := parseConntrackStatField(fields[11])
-	if err != nil {
-		return nil, err
+	// Ignore missing search_restart on Linux < 2.6.35.
+	if numEntries == 17 {
+		stats.SearchRestart = *entries[16]
 	}
-	entry.EarlyDrop = earlyDrop
 
-	searchRestart, err := parseConntrackStatField(fields[16])
-	if err != nil {
-		return nil, err
-	}
-	entry.SearchRestart = searchRestart
-
-	return entry, nil
-}
-
-// Parses a uint64 from given hex in string.
-func parseConntrackStatField(field string) (uint64, error) {
-	val, err := strconv.ParseUint(field, 16, 64)
-	if err != nil {
-		return 0, fmt.Errorf("couldn't parse %q field: %w", field, err)
-	}
-	return val, err
+	return stats, nil
 }
diff --git a/vendor/github.com/prometheus/procfs/net_ip_socket.go b/vendor/github.com/prometheus/procfs/net_ip_socket.go
index 7fd57d7f4..4da81ea57 100644
--- a/vendor/github.com/prometheus/procfs/net_ip_socket.go
+++ b/vendor/github.com/prometheus/procfs/net_ip_socket.go
@@ -130,7 +130,7 @@ func parseIP(hexIP string) (net.IP, error) {
 	var byteIP []byte
 	byteIP, err := hex.DecodeString(hexIP)
 	if err != nil {
-		return nil, fmt.Errorf("cannot parse address field in socket line %q", hexIP)
+		return nil, fmt.Errorf("%s: Cannot parse socket field in %q: %w", ErrFileParse, hexIP, err)
 	}
 	switch len(byteIP) {
 	case 4:
@@ -144,7 +144,7 @@ func parseIP(hexIP string) (net.IP, error) {
 		}
 		return i, nil
 	default:
-		return nil, fmt.Errorf("Unable to parse IP %s", hexIP)
+		return nil, fmt.Errorf("%s: Unable to parse IP %s: %w", ErrFileParse, hexIP, nil)
 	}
 }
 
@@ -153,7 +153,8 @@ func parseNetIPSocketLine(fields []string) (*netIPSocketLine, error) {
 	line := &netIPSocketLine{}
 	if len(fields) < 10 {
 		return nil, fmt.Errorf(
-			"cannot parse net socket line as it has less then 10 columns %q",
+			"%w: Less than 10 columns found %q",
+			ErrFileParse,
 			strings.Join(fields, " "),
 		)
 	}
@@ -162,64 +163,65 @@ func parseNetIPSocketLine(fields []string) (*netIPSocketLine, error) {
 	// sl
 	s := strings.Split(fields[0], ":")
 	if len(s) != 2 {
-		return nil, fmt.Errorf("cannot parse sl field in socket line %q", fields[0])
+		return nil, fmt.Errorf("%w: Unable to parse sl field in line %q", ErrFileParse, fields[0])
 	}
 
 	if line.Sl, err = strconv.ParseUint(s[0], 0, 64); err != nil {
-		return nil, fmt.Errorf("cannot parse sl value in socket line: %w", err)
+		return nil, fmt.Errorf("%s: Unable to parse sl field in %q: %w", ErrFileParse, line.Sl, err)
 	}
 	// local_address
 	l := strings.Split(fields[1], ":")
 	if len(l) != 2 {
-		return nil, fmt.Errorf("cannot parse local_address field in socket line %q", fields[1])
+		return nil, fmt.Errorf("%w: Unable to parse local_address field in %q", ErrFileParse, fields[1])
 	}
 	if line.LocalAddr, err = parseIP(l[0]); err != nil {
 		return nil, err
 	}
 	if line.LocalPort, err = strconv.ParseUint(l[1], 16, 64); err != nil {
-		return nil, fmt.Errorf("cannot parse local_address port value in socket line: %w", err)
+		return nil, fmt.Errorf("%s: Unable to parse local_address port value line %q: %w", ErrFileParse, line.LocalPort, err)
 	}
 
 	// remote_address
 	r := strings.Split(fields[2], ":")
 	if len(r) != 2 {
-		return nil, fmt.Errorf("cannot parse rem_address field in socket line %q", fields[1])
+		return nil, fmt.Errorf("%w: Unable to parse rem_address field in %q", ErrFileParse, fields[1])
 	}
 	if line.RemAddr, err = parseIP(r[0]); err != nil {
 		return nil, err
 	}
 	if line.RemPort, err = strconv.ParseUint(r[1], 16, 64); err != nil {
-		return nil, fmt.Errorf("cannot parse rem_address port value in socket line: %w", err)
+		return nil, fmt.Errorf("%s: Cannot parse rem_address port value in %q: %w", ErrFileParse, line.RemPort, err)
 	}
 
 	// st
 	if line.St, err = strconv.ParseUint(fields[3], 16, 64); err != nil {
-		return nil, fmt.Errorf("cannot parse st value in socket line: %w", err)
+		return nil, fmt.Errorf("%s: Cannot parse st value in %q: %w", ErrFileParse, line.St, err)
 	}
 
 	// tx_queue and rx_queue
 	q := strings.Split(fields[4], ":")
 	if len(q) != 2 {
 		return nil, fmt.Errorf(
-			"cannot parse tx/rx queues in socket line as it has a missing colon %q",
+			"%w: Missing colon for tx/rx queues in socket line %q",
+			ErrFileParse,
 			fields[4],
 		)
 	}
 	if line.TxQueue, err = strconv.ParseUint(q[0], 16, 64); err != nil {
-		return nil, fmt.Errorf("cannot parse tx_queue value in socket line: %w", err)
+		return nil, fmt.Errorf("%s: Cannot parse tx_queue value in %q: %w", ErrFileParse, line.TxQueue, err)
 	}
 	if line.RxQueue, err = strconv.ParseUint(q[1], 16, 64); err != nil {
-		return nil, fmt.Errorf("cannot parse rx_queue value in socket line: %w", err)
+		return nil, fmt.Errorf("%s: Cannot parse trx_queue value in %q: %w", ErrFileParse, line.RxQueue, err)
 	}
 
 	// uid
 	if line.UID, err = strconv.ParseUint(fields[7], 0, 64); err != nil {
-		return nil, fmt.Errorf("cannot parse uid value in socket line: %w", err)
+		return nil, fmt.Errorf("%s: Cannot parse UID value in %q: %w", ErrFileParse, line.UID, err)
 	}
 
 	// inode
 	if line.Inode, err = strconv.ParseUint(fields[9], 0, 64); err != nil {
-		return nil, fmt.Errorf("cannot parse inode value in socket line: %w", err)
+		return nil, fmt.Errorf("%s: Cannot parse inode value in %q: %w", ErrFileParse, line.Inode, err)
 	}
 
 	return line, nil
diff --git a/vendor/github.com/prometheus/procfs/net_protocols.go b/vendor/github.com/prometheus/procfs/net_protocols.go
index 374b6f73f..b6c77b709 100644
--- a/vendor/github.com/prometheus/procfs/net_protocols.go
+++ b/vendor/github.com/prometheus/procfs/net_protocols.go
@@ -131,7 +131,7 @@ func (ps NetProtocolStats) parseLine(rawLine string) (*NetProtocolStatLine, erro
 	} else if fields[6] == disabled {
 		line.Slab = false
 	} else {
-		return nil, fmt.Errorf("unable to parse capability for protocol: %s", line.Name)
+		return nil, fmt.Errorf("%w: capability for protocol: %s", ErrFileParse, line.Name)
 	}
 	line.ModuleName = fields[7]
 
@@ -173,7 +173,7 @@ func (pc *NetProtocolCapabilities) parseCapabilities(capabilities []string) erro
 		} else if capabilities[i] == "n" {
 			*capabilityFields[i] = false
 		} else {
-			return fmt.Errorf("unable to parse capability block for protocol: position %d", i)
+			return fmt.Errorf("%w: capability block for protocol: position %d", ErrFileParse, i)
 		}
 	}
 	return nil
diff --git a/vendor/github.com/prometheus/procfs/net_route.go b/vendor/github.com/prometheus/procfs/net_route.go
new file mode 100644
index 000000000..deb7029fe
--- /dev/null
+++ b/vendor/github.com/prometheus/procfs/net_route.go
@@ -0,0 +1,143 @@
+// Copyright 2023 The Prometheus Authors
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package procfs
+
+import (
+	"bufio"
+	"bytes"
+	"fmt"
+	"io"
+	"strconv"
+	"strings"
+
+	"github.com/prometheus/procfs/internal/util"
+)
+
+const (
+	blackholeRepresentation string = "*"
+	blackholeIfaceName      string = "blackhole"
+	routeLineColumns        int    = 11
+)
+
+// A NetRouteLine represents one line from net/route.
+type NetRouteLine struct {
+	Iface       string
+	Destination uint32
+	Gateway     uint32
+	Flags       uint32
+	RefCnt      uint32
+	Use         uint32
+	Metric      uint32
+	Mask        uint32
+	MTU         uint32
+	Window      uint32
+	IRTT        uint32
+}
+
+func (fs FS) NetRoute() ([]NetRouteLine, error) {
+	return readNetRoute(fs.proc.Path("net", "route"))
+}
+
+func readNetRoute(path string) ([]NetRouteLine, error) {
+	b, err := util.ReadFileNoStat(path)
+	if err != nil {
+		return nil, err
+	}
+
+	routelines, err := parseNetRoute(bytes.NewReader(b))
+	if err != nil {
+		return nil, fmt.Errorf("failed to read net route from %s: %w", path, err)
+	}
+	return routelines, nil
+}
+
+func parseNetRoute(r io.Reader) ([]NetRouteLine, error) {
+	var routelines []NetRouteLine
+
+	scanner := bufio.NewScanner(r)
+	scanner.Scan()
+	for scanner.Scan() {
+		fields := strings.Fields(scanner.Text())
+		routeline, err := parseNetRouteLine(fields)
+		if err != nil {
+			return nil, err
+		}
+		routelines = append(routelines, *routeline)
+	}
+	return routelines, nil
+}
+
+func parseNetRouteLine(fields []string) (*NetRouteLine, error) {
+	if len(fields) != routeLineColumns {
+		return nil, fmt.Errorf("invalid routeline, num of digits: %d", len(fields))
+	}
+	iface := fields[0]
+	if iface == blackholeRepresentation {
+		iface = blackholeIfaceName
+	}
+	destination, err := strconv.ParseUint(fields[1], 16, 32)
+	if err != nil {
+		return nil, err
+	}
+	gateway, err := strconv.ParseUint(fields[2], 16, 32)
+	if err != nil {
+		return nil, err
+	}
+	flags, err := strconv.ParseUint(fields[3], 10, 32)
+	if err != nil {
+		return nil, err
+	}
+	refcnt, err := strconv.ParseUint(fields[4], 10, 32)
+	if err != nil {
+		return nil, err
+	}
+	use, err := strconv.ParseUint(fields[5], 10, 32)
+	if err != nil {
+		return nil, err
+	}
+	metric, err := strconv.ParseUint(fields[6], 10, 32)
+	if err != nil {
+		return nil, err
+	}
+	mask, err := strconv.ParseUint(fields[7], 16, 32)
+	if err != nil {
+		return nil, err
+	}
+	mtu, err := strconv.ParseUint(fields[8], 10, 32)
+	if err != nil {
+		return nil, err
+	}
+	window, err := strconv.ParseUint(fields[9], 10, 32)
+	if err != nil {
+		return nil, err
+	}
+	irtt, err := strconv.ParseUint(fields[10], 10, 32)
+	if err != nil {
+		return nil, err
+	}
+	routeline := &NetRouteLine{
+		Iface:       iface,
+		Destination: uint32(destination),
+		Gateway:     uint32(gateway),
+		Flags:       uint32(flags),
+		RefCnt:      uint32(refcnt),
+		Use:         uint32(use),
+		Metric:      uint32(metric),
+		Mask:        uint32(mask),
+		MTU:         uint32(mtu),
+		Window:      uint32(window),
+		IRTT:        uint32(irtt),
+	}
+	return routeline, nil
+}
diff --git a/vendor/github.com/prometheus/procfs/net_sockstat.go b/vendor/github.com/prometheus/procfs/net_sockstat.go
index e36f4872d..360e36af7 100644
--- a/vendor/github.com/prometheus/procfs/net_sockstat.go
+++ b/vendor/github.com/prometheus/procfs/net_sockstat.go
@@ -16,7 +16,6 @@ package procfs
 import (
 	"bufio"
 	"bytes"
-	"errors"
 	"fmt"
 	"io"
 	"strings"
@@ -70,7 +69,7 @@ func readSockstat(name string) (*NetSockstat, error) {
 
 	stat, err := parseSockstat(bytes.NewReader(b))
 	if err != nil {
-		return nil, fmt.Errorf("failed to read sockstats from %q: %w", name, err)
+		return nil, fmt.Errorf("%s: sockstats from %q: %w", ErrFileRead, name, err)
 	}
 
 	return stat, nil
@@ -84,13 +83,13 @@ func parseSockstat(r io.Reader) (*NetSockstat, error) {
 		// Expect a minimum of a protocol and one key/value pair.
 		fields := strings.Split(s.Text(), " ")
 		if len(fields) < 3 {
-			return nil, fmt.Errorf("malformed sockstat line: %q", s.Text())
+			return nil, fmt.Errorf("%w: Malformed sockstat line: %q", ErrFileParse, s.Text())
 		}
 
 		// The remaining fields are key/value pairs.
 		kvs, err := parseSockstatKVs(fields[1:])
 		if err != nil {
-			return nil, fmt.Errorf("error parsing sockstat key/value pairs from %q: %w", s.Text(), err)
+			return nil, fmt.Errorf("%s: sockstat key/value pairs from %q: %w", ErrFileParse, s.Text(), err)
 		}
 
 		// The first field is the protocol. We must trim its colon suffix.
@@ -119,7 +118,7 @@ func parseSockstat(r io.Reader) (*NetSockstat, error) {
 // parseSockstatKVs parses a string slice into a map of key/value pairs.
 func parseSockstatKVs(kvs []string) (map[string]int, error) {
 	if len(kvs)%2 != 0 {
-		return nil, errors.New("odd number of fields in key/value pairs")
+		return nil, fmt.Errorf("%w:: Odd number of fields in key/value pairs %q", ErrFileParse, kvs)
 	}
 
 	// Iterate two values at a time to gather key/value pairs.
diff --git a/vendor/github.com/prometheus/procfs/net_softnet.go b/vendor/github.com/prometheus/procfs/net_softnet.go
index 06b7b8f21..c77085291 100644
--- a/vendor/github.com/prometheus/procfs/net_softnet.go
+++ b/vendor/github.com/prometheus/procfs/net_softnet.go
@@ -64,7 +64,7 @@ func (fs FS) NetSoftnetStat() ([]SoftnetStat, error) {
 
 	entries, err := parseSoftnet(bytes.NewReader(b))
 	if err != nil {
-		return nil, fmt.Errorf("failed to parse /proc/net/softnet_stat: %w", err)
+		return nil, fmt.Errorf("%s: /proc/net/softnet_stat: %w", ErrFileParse, err)
 	}
 
 	return entries, nil
@@ -76,13 +76,14 @@ func parseSoftnet(r io.Reader) ([]SoftnetStat, error) {
 	s := bufio.NewScanner(r)
 
 	var stats []SoftnetStat
+	cpuIndex := 0
 	for s.Scan() {
 		columns := strings.Fields(s.Text())
 		width := len(columns)
 		softnetStat := SoftnetStat{}
 
 		if width < minColumns {
-			return nil, fmt.Errorf("%d columns were detected, but at least %d were expected", width, minColumns)
+			return nil, fmt.Errorf("%w: detected %d columns, but expected at least %d", ErrFileParse, width, minColumns)
 		}
 
 		// Linux 2.6.23 https://elixir.bootlin.com/linux/v2.6.23/source/net/core/dev.c#L2347
@@ -127,9 +128,13 @@ func parseSoftnet(r io.Reader) ([]SoftnetStat, error) {
 
 			softnetStat.SoftnetBacklogLen = us[0]
 			softnetStat.Index = us[1]
+		} else {
+			// For older kernels, create the Index based on the scan line number.
+			softnetStat.Index = uint32(cpuIndex)
 		}
 		softnetStat.Width = width
 		stats = append(stats, softnetStat)
+		cpuIndex++
 	}
 
 	return stats, nil
diff --git a/vendor/github.com/prometheus/procfs/net_unix.go b/vendor/github.com/prometheus/procfs/net_unix.go
index 98aa8e1c3..acbbc57ea 100644
--- a/vendor/github.com/prometheus/procfs/net_unix.go
+++ b/vendor/github.com/prometheus/procfs/net_unix.go
@@ -108,14 +108,14 @@ func parseNetUNIX(r io.Reader) (*NetUNIX, error) {
 		line := s.Text()
 		item, err := nu.parseLine(line, hasInode, minFields)
 		if err != nil {
-			return nil, fmt.Errorf("failed to parse /proc/net/unix data %q: %w", line, err)
+			return nil, fmt.Errorf("%s: /proc/net/unix encountered data %q: %w", ErrFileParse, line, err)
 		}
 
 		nu.Rows = append(nu.Rows, item)
 	}
 
 	if err := s.Err(); err != nil {
-		return nil, fmt.Errorf("failed to scan /proc/net/unix data: %w", err)
+		return nil, fmt.Errorf("%s: /proc/net/unix encountered data: %w", ErrFileParse, err)
 	}
 
 	return &nu, nil
@@ -126,7 +126,7 @@ func (u *NetUNIX) parseLine(line string, hasInode bool, min int) (*NetUNIXLine,
 
 	l := len(fields)
 	if l < min {
-		return nil, fmt.Errorf("expected at least %d fields but got %d", min, l)
+		return nil, fmt.Errorf("%w: expected at least %d fields but got %d", ErrFileParse, min, l)
 	}
 
 	// Field offsets are as follows:
@@ -136,29 +136,29 @@ func (u *NetUNIX) parseLine(line string, hasInode bool, min int) (*NetUNIXLine,
 
 	users, err := u.parseUsers(fields[1])
 	if err != nil {
-		return nil, fmt.Errorf("failed to parse ref count %q: %w", fields[1], err)
+		return nil, fmt.Errorf("%s: ref count %q: %w", ErrFileParse, fields[1], err)
 	}
 
 	flags, err := u.parseFlags(fields[3])
 	if err != nil {
-		return nil, fmt.Errorf("failed to parse flags %q: %w", fields[3], err)
+		return nil, fmt.Errorf("%s: Unable to parse flags %q: %w", ErrFileParse, fields[3], err)
 	}
 
 	typ, err := u.parseType(fields[4])
 	if err != nil {
-		return nil, fmt.Errorf("failed to parse type %q: %w", fields[4], err)
+		return nil, fmt.Errorf("%s: Failed to parse type %q: %w", ErrFileParse, fields[4], err)
 	}
 
 	state, err := u.parseState(fields[5])
 	if err != nil {
-		return nil, fmt.Errorf("failed to parse state %q: %w", fields[5], err)
+		return nil, fmt.Errorf("%s: Failed to parse state %q: %w", ErrFileParse, fields[5], err)
 	}
 
 	var inode uint64
 	if hasInode {
 		inode, err = u.parseInode(fields[6])
 		if err != nil {
-			return nil, fmt.Errorf("failed to parse inode %q: %w", fields[6], err)
+			return nil, fmt.Errorf("%s failed to parse inode %q: %w", ErrFileParse, fields[6], err)
 		}
 	}
 
diff --git a/vendor/github.com/prometheus/procfs/net_wireless.go b/vendor/github.com/prometheus/procfs/net_wireless.go
new file mode 100644
index 000000000..7443edca9
--- /dev/null
+++ b/vendor/github.com/prometheus/procfs/net_wireless.go
@@ -0,0 +1,182 @@
+// Copyright 2023 The Prometheus Authors
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package procfs
+
+import (
+	"bufio"
+	"bytes"
+	"fmt"
+	"io"
+	"strconv"
+	"strings"
+
+	"github.com/prometheus/procfs/internal/util"
+)
+
+// Wireless models the content of /proc/net/wireless.
+type Wireless struct {
+	Name string
+
+	// Status is the current 4-digit hex value status of the interface.
+	Status uint64
+
+	// QualityLink is the link quality.
+	QualityLink int
+
+	// QualityLevel is the signal gain (dBm).
+	QualityLevel int
+
+	// QualityNoise is the signal noise baseline (dBm).
+	QualityNoise int
+
+	// DiscardedNwid is the number of discarded packets with wrong nwid/essid.
+	DiscardedNwid int
+
+	// DiscardedCrypt is the number of discarded packets with wrong code/decode (WEP).
+	DiscardedCrypt int
+
+	// DiscardedFrag is the number of discarded packets that can't perform MAC reassembly.
+	DiscardedFrag int
+
+	// DiscardedRetry is the number of discarded packets that reached max MAC retries.
+	DiscardedRetry int
+
+	// DiscardedMisc is the number of discarded packets for other reasons.
+	DiscardedMisc int
+
+	// MissedBeacon is the number of missed beacons/superframe.
+	MissedBeacon int
+}
+
+// Wireless returns kernel wireless statistics.
+func (fs FS) Wireless() ([]*Wireless, error) {
+	b, err := util.ReadFileNoStat(fs.proc.Path("net/wireless"))
+	if err != nil {
+		return nil, err
+	}
+
+	m, err := parseWireless(bytes.NewReader(b))
+	if err != nil {
+		return nil, fmt.Errorf("%s: wireless: %w", ErrFileParse, err)
+	}
+
+	return m, nil
+}
+
+// parseWireless parses the contents of /proc/net/wireless.
+/*
+Inter-| sta-|   Quality        |   Discarded packets               | Missed | WE
+face | tus | link level noise |  nwid  crypt   frag  retry   misc | beacon | 22
+ eth1: 0000    5.  -256.  -10.       0      1      0     3      0        0
+ eth2: 0000    5.  -256.  -20.       0      2      0     4      0        0
+*/
+func parseWireless(r io.Reader) ([]*Wireless, error) {
+	var (
+		interfaces []*Wireless
+		scanner    = bufio.NewScanner(r)
+	)
+
+	for n := 0; scanner.Scan(); n++ {
+		// Skip the 2 header lines.
+		if n < 2 {
+			continue
+		}
+
+		line := scanner.Text()
+
+		parts := strings.Split(line, ":")
+		if len(parts) != 2 {
+			return nil, fmt.Errorf("%w: expected 2 parts after splitting line by ':', got %d for line %q", ErrFileParse, len(parts), line)
+		}
+
+		name := strings.TrimSpace(parts[0])
+		stats := strings.Fields(parts[1])
+
+		if len(stats) < 10 {
+			return nil, fmt.Errorf("%w: invalid number of fields in line %d, expected 10+, got %d: %q", ErrFileParse, n, len(stats), line)
+		}
+
+		status, err := strconv.ParseUint(stats[0], 16, 16)
+		if err != nil {
+			return nil, fmt.Errorf("%w: invalid status in line %d: %q", ErrFileParse, n, line)
+		}
+
+		qlink, err := strconv.Atoi(strings.TrimSuffix(stats[1], "."))
+		if err != nil {
+			return nil, fmt.Errorf("%s: parse Quality:link as integer %q: %w", ErrFileParse, qlink, err)
+		}
+
+		qlevel, err := strconv.Atoi(strings.TrimSuffix(stats[2], "."))
+		if err != nil {
+			return nil, fmt.Errorf("%s: Quality:level as integer %q: %w", ErrFileParse, qlevel, err)
+		}
+
+		qnoise, err := strconv.Atoi(strings.TrimSuffix(stats[3], "."))
+		if err != nil {
+			return nil, fmt.Errorf("%s: Quality:noise as integer %q: %w", ErrFileParse, qnoise, err)
+		}
+
+		dnwid, err := strconv.Atoi(stats[4])
+		if err != nil {
+			return nil, fmt.Errorf("%s: Discarded:nwid as integer %q: %w", ErrFileParse, dnwid, err)
+		}
+
+		dcrypt, err := strconv.Atoi(stats[5])
+		if err != nil {
+			return nil, fmt.Errorf("%s: Discarded:crypt as integer %q: %w", ErrFileParse, dcrypt, err)
+		}
+
+		dfrag, err := strconv.Atoi(stats[6])
+		if err != nil {
+			return nil, fmt.Errorf("%s: Discarded:frag as integer %q: %w", ErrFileParse, dfrag, err)
+		}
+
+		dretry, err := strconv.Atoi(stats[7])
+		if err != nil {
+			return nil, fmt.Errorf("%s: Discarded:retry as integer %q: %w", ErrFileParse, dretry, err)
+		}
+
+		dmisc, err := strconv.Atoi(stats[8])
+		if err != nil {
+			return nil, fmt.Errorf("%s: Discarded:misc as integer %q: %w", ErrFileParse, dmisc, err)
+		}
+
+		mbeacon, err := strconv.Atoi(stats[9])
+		if err != nil {
+			return nil, fmt.Errorf("%s: Missed:beacon as integer %q: %w", ErrFileParse, mbeacon, err)
+		}
+
+		w := &Wireless{
+			Name:           name,
+			Status:         status,
+			QualityLink:    qlink,
+			QualityLevel:   qlevel,
+			QualityNoise:   qnoise,
+			DiscardedNwid:  dnwid,
+			DiscardedCrypt: dcrypt,
+			DiscardedFrag:  dfrag,
+			DiscardedRetry: dretry,
+			DiscardedMisc:  dmisc,
+			MissedBeacon:   mbeacon,
+		}
+
+		interfaces = append(interfaces, w)
+	}
+
+	if err := scanner.Err(); err != nil {
+		return nil, fmt.Errorf("%s: Failed to scan /proc/net/wireless: %w", ErrFileRead, err)
+	}
+
+	return interfaces, nil
+}
diff --git a/vendor/github.com/prometheus/procfs/net_xfrm.go b/vendor/github.com/prometheus/procfs/net_xfrm.go
index f9d9d243d..932ef2046 100644
--- a/vendor/github.com/prometheus/procfs/net_xfrm.go
+++ b/vendor/github.com/prometheus/procfs/net_xfrm.go
@@ -115,7 +115,7 @@ func (fs FS) NewXfrmStat() (XfrmStat, error) {
 		fields := strings.Fields(s.Text())
 
 		if len(fields) != 2 {
-			return XfrmStat{}, fmt.Errorf("couldn't parse %q line %q", file.Name(), s.Text())
+			return XfrmStat{}, fmt.Errorf("%w: %q line %q", ErrFileParse, file.Name(), s.Text())
 		}
 
 		name := fields[0]
diff --git a/vendor/github.com/prometheus/procfs/netstat.go b/vendor/github.com/prometheus/procfs/netstat.go
index 5cc40aef5..742dff453 100644
--- a/vendor/github.com/prometheus/procfs/netstat.go
+++ b/vendor/github.com/prometheus/procfs/netstat.go
@@ -15,7 +15,6 @@ package procfs
 
 import (
 	"bufio"
-	"io"
 	"os"
 	"path/filepath"
 	"strconv"
@@ -38,12 +37,7 @@ func (fs FS) NetStat() ([]NetStat, error) {
 	var netStatsTotal []NetStat
 
 	for _, filePath := range statFiles {
-		file, err := os.Open(filePath)
-		if err != nil {
-			return nil, err
-		}
-
-		procNetstat, err := parseNetstat(file)
+		procNetstat, err := parseNetstat(filePath)
 		if err != nil {
 			return nil, err
 		}
@@ -56,14 +50,17 @@ func (fs FS) NetStat() ([]NetStat, error) {
 
 // parseNetstat parses the metrics from `/proc/net/stat/` file
 // and returns a NetStat structure.
-func parseNetstat(r io.Reader) (NetStat, error) {
-	var (
-		scanner = bufio.NewScanner(r)
-		netStat = NetStat{
-			Stats: make(map[string][]uint64),
-		}
-	)
+func parseNetstat(filePath string) (NetStat, error) {
+	netStat := NetStat{
+		Stats: make(map[string][]uint64),
+	}
+	file, err := os.Open(filePath)
+	if err != nil {
+		return netStat, err
+	}
+	defer file.Close()
 
+	scanner := bufio.NewScanner(file)
 	scanner.Scan()
 
 	// First string is always a header for stats
diff --git a/vendor/github.com/prometheus/procfs/proc.go b/vendor/github.com/prometheus/procfs/proc.go
index c30223af7..d1f71caa5 100644
--- a/vendor/github.com/prometheus/procfs/proc.go
+++ b/vendor/github.com/prometheus/procfs/proc.go
@@ -15,13 +15,13 @@ package procfs
 
 import (
 	"bytes"
+	"errors"
 	"fmt"
 	"io"
 	"os"
 	"strconv"
 	"strings"
 
-	"github.com/prometheus/procfs/internal/fs"
 	"github.com/prometheus/procfs/internal/util"
 )
 
@@ -30,12 +30,18 @@ type Proc struct {
 	// The process ID.
 	PID int
 
-	fs fs.FS
+	fs FS
 }
 
 // Procs represents a list of Proc structs.
 type Procs []Proc
 
+var (
+	ErrFileParse  = errors.New("Error Parsing File")
+	ErrFileRead   = errors.New("Error Reading File")
+	ErrMountPoint = errors.New("Error Accessing Mount point")
+)
+
 func (p Procs) Len() int           { return len(p) }
 func (p Procs) Swap(i, j int)      { p[i], p[j] = p[j], p[i] }
 func (p Procs) Less(i, j int) bool { return p[i].PID < p[j].PID }
@@ -43,7 +49,7 @@ func (p Procs) Less(i, j int) bool { return p[i].PID < p[j].PID }
 // Self returns a process for the current process read via /proc/self.
 func Self() (Proc, error) {
 	fs, err := NewFS(DefaultMountPoint)
-	if err != nil {
+	if err != nil || errors.Unwrap(err) == ErrMountPoint {
 		return Proc{}, err
 	}
 	return fs.Self()
@@ -92,7 +98,7 @@ func (fs FS) Proc(pid int) (Proc, error) {
 	if _, err := os.Stat(fs.proc.Path(strconv.Itoa(pid))); err != nil {
 		return Proc{}, err
 	}
-	return Proc{PID: pid, fs: fs.proc}, nil
+	return Proc{PID: pid, fs: fs}, nil
 }
 
 // AllProcs returns a list of all currently available processes.
@@ -105,7 +111,7 @@ func (fs FS) AllProcs() (Procs, error) {
 
 	names, err := d.Readdirnames(-1)
 	if err != nil {
-		return Procs{}, fmt.Errorf("could not read %q: %w", d.Name(), err)
+		return Procs{}, fmt.Errorf("%s: Cannot read file: %v: %w", ErrFileRead, names, err)
 	}
 
 	p := Procs{}
@@ -114,7 +120,7 @@ func (fs FS) AllProcs() (Procs, error) {
 		if err != nil {
 			continue
 		}
-		p = append(p, Proc{PID: int(pid), fs: fs.proc})
+		p = append(p, Proc{PID: int(pid), fs: fs})
 	}
 
 	return p, nil
@@ -206,7 +212,7 @@ func (p Proc) FileDescriptors() ([]uintptr, error) {
 	for i, n := range names {
 		fd, err := strconv.ParseInt(n, 10, 32)
 		if err != nil {
-			return nil, fmt.Errorf("could not parse fd %q: %w", n, err)
+			return nil, fmt.Errorf("%s: Cannot parse line: %v: %w", ErrFileParse, i, err)
 		}
 		fds[i] = uintptr(fd)
 	}
@@ -237,6 +243,19 @@ func (p Proc) FileDescriptorTargets() ([]string, error) {
 // FileDescriptorsLen returns the number of currently open file descriptors of
 // a process.
 func (p Proc) FileDescriptorsLen() (int, error) {
+	// Use fast path if available (Linux v6.2): https://github.com/torvalds/linux/commit/f1f1f2569901
+	if p.fs.isReal {
+		stat, err := os.Stat(p.path("fd"))
+		if err != nil {
+			return 0, err
+		}
+
+		size := stat.Size()
+		if size > 0 {
+			return int(size), nil
+		}
+	}
+
 	fds, err := p.fileDescriptors()
 	if err != nil {
 		return 0, err
@@ -278,14 +297,14 @@ func (p Proc) fileDescriptors() ([]string, error) {
 
 	names, err := d.Readdirnames(-1)
 	if err != nil {
-		return nil, fmt.Errorf("could not read %q: %w", d.Name(), err)
+		return nil, fmt.Errorf("%s: Cannot read file: %v: %w", ErrFileRead, names, err)
 	}
 
 	return names, nil
 }
 
 func (p Proc) path(pa ...string) string {
-	return p.fs.Path(append([]string{strconv.Itoa(p.PID)}, pa...)...)
+	return p.fs.proc.Path(append([]string{strconv.Itoa(p.PID)}, pa...)...)
 }
 
 // FileDescriptorsInfo retrieves information about all file descriptors of
diff --git a/vendor/github.com/prometheus/procfs/proc_cgroup.go b/vendor/github.com/prometheus/procfs/proc_cgroup.go
index ea83a75ff..daeed7f57 100644
--- a/vendor/github.com/prometheus/procfs/proc_cgroup.go
+++ b/vendor/github.com/prometheus/procfs/proc_cgroup.go
@@ -51,7 +51,7 @@ func parseCgroupString(cgroupStr string) (*Cgroup, error) {
 
 	fields := strings.SplitN(cgroupStr, ":", 3)
 	if len(fields) < 3 {
-		return nil, fmt.Errorf("at least 3 fields required, found %d fields in cgroup string: %s", len(fields), cgroupStr)
+		return nil, fmt.Errorf("%w: 3+ fields required, found %d fields in cgroup string: %s", ErrFileParse, len(fields), cgroupStr)
 	}
 
 	cgroup := &Cgroup{
@@ -60,7 +60,7 @@ func parseCgroupString(cgroupStr string) (*Cgroup, error) {
 	}
 	cgroup.HierarchyID, err = strconv.Atoi(fields[0])
 	if err != nil {
-		return nil, fmt.Errorf("failed to parse hierarchy ID")
+		return nil, fmt.Errorf("%w: hierarchy ID: %q", ErrFileParse, cgroup.HierarchyID)
 	}
 	if fields[1] != "" {
 		ssNames := strings.Split(fields[1], ",")
diff --git a/vendor/github.com/prometheus/procfs/proc_cgroups.go b/vendor/github.com/prometheus/procfs/proc_cgroups.go
index 24d4dce9c..5dd493899 100644
--- a/vendor/github.com/prometheus/procfs/proc_cgroups.go
+++ b/vendor/github.com/prometheus/procfs/proc_cgroups.go
@@ -46,7 +46,7 @@ func parseCgroupSummaryString(CgroupSummaryStr string) (*CgroupSummary, error) {
 	fields := strings.Fields(CgroupSummaryStr)
 	// require at least 4 fields
 	if len(fields) < 4 {
-		return nil, fmt.Errorf("at least 4 fields required, found %d fields in cgroup info string: %s", len(fields), CgroupSummaryStr)
+		return nil, fmt.Errorf("%w: 4+ fields required, found %d fields in cgroup info string: %s", ErrFileParse, len(fields), CgroupSummaryStr)
 	}
 
 	CgroupSummary := &CgroupSummary{
@@ -54,15 +54,15 @@ func parseCgroupSummaryString(CgroupSummaryStr string) (*CgroupSummary, error) {
 	}
 	CgroupSummary.Hierarchy, err = strconv.Atoi(fields[1])
 	if err != nil {
-		return nil, fmt.Errorf("failed to parse hierarchy ID")
+		return nil, fmt.Errorf("%w: Unable to parse hierarchy ID from %q", ErrFileParse, fields[1])
 	}
 	CgroupSummary.Cgroups, err = strconv.Atoi(fields[2])
 	if err != nil {
-		return nil, fmt.Errorf("failed to parse Cgroup Num")
+		return nil, fmt.Errorf("%w: Unable to parse Cgroup Num from %q", ErrFileParse, fields[2])
 	}
 	CgroupSummary.Enabled, err = strconv.Atoi(fields[3])
 	if err != nil {
-		return nil, fmt.Errorf("failed to parse Enabled")
+		return nil, fmt.Errorf("%w: Unable to parse Enabled from %q", ErrFileParse, fields[3])
 	}
 	return CgroupSummary, nil
 }
diff --git a/vendor/github.com/prometheus/procfs/proc_fdinfo.go b/vendor/github.com/prometheus/procfs/proc_fdinfo.go
index 1bbdd4a8e..fa761b352 100644
--- a/vendor/github.com/prometheus/procfs/proc_fdinfo.go
+++ b/vendor/github.com/prometheus/procfs/proc_fdinfo.go
@@ -26,6 +26,7 @@ var (
 	rPos          = regexp.MustCompile(`^pos:\s+(\d+)$`)
 	rFlags        = regexp.MustCompile(`^flags:\s+(\d+)$`)
 	rMntID        = regexp.MustCompile(`^mnt_id:\s+(\d+)$`)
+	rIno          = regexp.MustCompile(`^ino:\s+(\d+)$`)
 	rInotify      = regexp.MustCompile(`^inotify`)
 	rInotifyParts = regexp.MustCompile(`^inotify\s+wd:([0-9a-f]+)\s+ino:([0-9a-f]+)\s+sdev:([0-9a-f]+)(?:\s+mask:([0-9a-f]+))?`)
 )
@@ -40,6 +41,8 @@ type ProcFDInfo struct {
 	Flags string
 	// Mount point ID
 	MntID string
+	// Inode number
+	Ino string
 	// List of inotify lines (structured) in the fdinfo file (kernel 3.8+ only)
 	InotifyInfos []InotifyInfo
 }
@@ -51,7 +54,7 @@ func (p Proc) FDInfo(fd string) (*ProcFDInfo, error) {
 		return nil, err
 	}
 
-	var text, pos, flags, mntid string
+	var text, pos, flags, mntid, ino string
 	var inotify []InotifyInfo
 
 	scanner := bufio.NewScanner(bytes.NewReader(data))
@@ -63,6 +66,8 @@ func (p Proc) FDInfo(fd string) (*ProcFDInfo, error) {
 			flags = rFlags.FindStringSubmatch(text)[1]
 		} else if rMntID.MatchString(text) {
 			mntid = rMntID.FindStringSubmatch(text)[1]
+		} else if rIno.MatchString(text) {
+			ino = rIno.FindStringSubmatch(text)[1]
 		} else if rInotify.MatchString(text) {
 			newInotify, err := parseInotifyInfo(text)
 			if err != nil {
@@ -77,6 +82,7 @@ func (p Proc) FDInfo(fd string) (*ProcFDInfo, error) {
 		Pos:          pos,
 		Flags:        flags,
 		MntID:        mntid,
+		Ino:          ino,
 		InotifyInfos: inotify,
 	}
 
@@ -111,7 +117,7 @@ func parseInotifyInfo(line string) (*InotifyInfo, error) {
 		}
 		return i, nil
 	}
-	return nil, fmt.Errorf("invalid inode entry: %q", line)
+	return nil, fmt.Errorf("%w: invalid inode entry: %q", ErrFileParse, line)
 }
 
 // ProcFDInfos represents a list of ProcFDInfo structs.
diff --git a/vendor/github.com/prometheus/procfs/proc_interrupts.go b/vendor/github.com/prometheus/procfs/proc_interrupts.go
index 9df79c237..86b4b4524 100644
--- a/vendor/github.com/prometheus/procfs/proc_interrupts.go
+++ b/vendor/github.com/prometheus/procfs/proc_interrupts.go
@@ -66,7 +66,7 @@ func parseInterrupts(r io.Reader) (Interrupts, error) {
 			continue
 		}
 		if len(parts) < 2 {
-			return nil, fmt.Errorf("not enough fields in interrupts (expected at least 2 fields but got %d): %s", len(parts), parts)
+			return nil, fmt.Errorf("%w: Not enough fields in interrupts (expected 2+ fields but got %d): %s", ErrFileParse, len(parts), parts)
 		}
 		intName := parts[0][:len(parts[0])-1] // remove trailing :
 
diff --git a/vendor/github.com/prometheus/procfs/proc_limits.go b/vendor/github.com/prometheus/procfs/proc_limits.go
index 7a1388185..c86d815d7 100644
--- a/vendor/github.com/prometheus/procfs/proc_limits.go
+++ b/vendor/github.com/prometheus/procfs/proc_limits.go
@@ -103,7 +103,7 @@ func (p Proc) Limits() (ProcLimits, error) {
 		//fields := limitsMatch.Split(s.Text(), limitsFields)
 		fields := limitsMatch.FindStringSubmatch(s.Text())
 		if len(fields) != limitsFields {
-			return ProcLimits{}, fmt.Errorf("couldn't parse %q line %q", f.Name(), s.Text())
+			return ProcLimits{}, fmt.Errorf("%w: couldn't parse %q line %q", ErrFileParse, f.Name(), s.Text())
 		}
 
 		switch fields[1] {
@@ -154,7 +154,7 @@ func parseUint(s string) (uint64, error) {
 	}
 	i, err := strconv.ParseUint(s, 10, 64)
 	if err != nil {
-		return 0, fmt.Errorf("couldn't parse value %q: %w", s, err)
+		return 0, fmt.Errorf("%s: couldn't parse value %q: %w", ErrFileParse, s, err)
 	}
 	return i, nil
 }
diff --git a/vendor/github.com/prometheus/procfs/proc_maps.go b/vendor/github.com/prometheus/procfs/proc_maps.go
index f1bcbf32b..7e75c286b 100644
--- a/vendor/github.com/prometheus/procfs/proc_maps.go
+++ b/vendor/github.com/prometheus/procfs/proc_maps.go
@@ -63,17 +63,17 @@ type ProcMap struct {
 // parseDevice parses the device token of a line and converts it to a dev_t
 // (mkdev) like structure.
 func parseDevice(s string) (uint64, error) {
-	toks := strings.Split(s, ":")
-	if len(toks) < 2 {
-		return 0, fmt.Errorf("unexpected number of fields")
+	i := strings.Index(s, ":")
+	if i == -1 {
+		return 0, fmt.Errorf("%w: expected separator `:` in %s", ErrFileParse, s)
 	}
 
-	major, err := strconv.ParseUint(toks[0], 16, 0)
+	major, err := strconv.ParseUint(s[0:i], 16, 0)
 	if err != nil {
 		return 0, err
 	}
 
-	minor, err := strconv.ParseUint(toks[1], 16, 0)
+	minor, err := strconv.ParseUint(s[i+1:], 16, 0)
 	if err != nil {
 		return 0, err
 	}
@@ -93,17 +93,17 @@ func parseAddress(s string) (uintptr, error) {
 
 // parseAddresses parses the start-end address.
 func parseAddresses(s string) (uintptr, uintptr, error) {
-	toks := strings.Split(s, "-")
-	if len(toks) < 2 {
-		return 0, 0, fmt.Errorf("invalid address")
+	idx := strings.Index(s, "-")
+	if idx == -1 {
+		return 0, 0, fmt.Errorf("%w: expected separator `-` in %s", ErrFileParse, s)
 	}
 
-	saddr, err := parseAddress(toks[0])
+	saddr, err := parseAddress(s[0:idx])
 	if err != nil {
 		return 0, 0, err
 	}
 
-	eaddr, err := parseAddress(toks[1])
+	eaddr, err := parseAddress(s[idx+1:])
 	if err != nil {
 		return 0, 0, err
 	}
@@ -114,7 +114,7 @@ func parseAddresses(s string) (uintptr, uintptr, error) {
 // parsePermissions parses a token and returns any that are set.
 func parsePermissions(s string) (*ProcMapPermissions, error) {
 	if len(s) < 4 {
-		return nil, fmt.Errorf("invalid permissions token")
+		return nil, fmt.Errorf("%w: invalid permissions token", ErrFileParse)
 	}
 
 	perms := ProcMapPermissions{}
@@ -141,7 +141,7 @@ func parsePermissions(s string) (*ProcMapPermissions, error) {
 func parseProcMap(text string) (*ProcMap, error) {
 	fields := strings.Fields(text)
 	if len(fields) < 5 {
-		return nil, fmt.Errorf("truncated procmap entry")
+		return nil, fmt.Errorf("%w: truncated procmap entry", ErrFileParse)
 	}
 
 	saddr, eaddr, err := parseAddresses(fields[0])
diff --git a/vendor/github.com/prometheus/procfs/proc_netstat.go b/vendor/github.com/prometheus/procfs/proc_netstat.go
index 6a43bb245..8e3ff4d79 100644
--- a/vendor/github.com/prometheus/procfs/proc_netstat.go
+++ b/vendor/github.com/prometheus/procfs/proc_netstat.go
@@ -195,8 +195,8 @@ func parseProcNetstat(r io.Reader, fileName string) (ProcNetstat, error) {
 		// Remove trailing :.
 		protocol := strings.TrimSuffix(nameParts[0], ":")
 		if len(nameParts) != len(valueParts) {
-			return procNetstat, fmt.Errorf("mismatch field count mismatch in %s: %s",
-				fileName, protocol)
+			return procNetstat, fmt.Errorf("%w: mismatch field count mismatch in %s: %s",
+				ErrFileParse, fileName, protocol)
 		}
 		for i := 1; i < len(nameParts); i++ {
 			value, err := strconv.ParseFloat(valueParts[i], 64)
diff --git a/vendor/github.com/prometheus/procfs/proc_ns.go b/vendor/github.com/prometheus/procfs/proc_ns.go
index 391b4cbd1..c22666750 100644
--- a/vendor/github.com/prometheus/procfs/proc_ns.go
+++ b/vendor/github.com/prometheus/procfs/proc_ns.go
@@ -40,7 +40,7 @@ func (p Proc) Namespaces() (Namespaces, error) {
 
 	names, err := d.Readdirnames(-1)
 	if err != nil {
-		return nil, fmt.Errorf("failed to read contents of ns dir: %w", err)
+		return nil, fmt.Errorf("%s: failed to read contents of ns dir: %w", ErrFileRead, err)
 	}
 
 	ns := make(Namespaces, len(names))
@@ -52,13 +52,13 @@ func (p Proc) Namespaces() (Namespaces, error) {
 
 		fields := strings.SplitN(target, ":", 2)
 		if len(fields) != 2 {
-			return nil, fmt.Errorf("failed to parse namespace type and inode from %q", target)
+			return nil, fmt.Errorf("%w: namespace type and inode from %q", ErrFileParse, target)
 		}
 
 		typ := fields[0]
 		inode, err := strconv.ParseUint(strings.Trim(fields[1], "[]"), 10, 32)
 		if err != nil {
-			return nil, fmt.Errorf("failed to parse inode from %q: %w", fields[1], err)
+			return nil, fmt.Errorf("%s: inode from %q: %w", ErrFileParse, fields[1], err)
 		}
 
 		ns[name] = Namespace{typ, uint32(inode)}
diff --git a/vendor/github.com/prometheus/procfs/proc_psi.go b/vendor/github.com/prometheus/procfs/proc_psi.go
index a68fe1529..fe9dbb425 100644
--- a/vendor/github.com/prometheus/procfs/proc_psi.go
+++ b/vendor/github.com/prometheus/procfs/proc_psi.go
@@ -61,14 +61,14 @@ type PSIStats struct {
 func (fs FS) PSIStatsForResource(resource string) (PSIStats, error) {
 	data, err := util.ReadFileNoStat(fs.proc.Path(fmt.Sprintf("%s/%s", "pressure", resource)))
 	if err != nil {
-		return PSIStats{}, fmt.Errorf("psi_stats: unavailable for %q: %w", resource, err)
+		return PSIStats{}, fmt.Errorf("%s: psi_stats: unavailable for %q: %w", ErrFileRead, resource, err)
 	}
 
-	return parsePSIStats(resource, bytes.NewReader(data))
+	return parsePSIStats(bytes.NewReader(data))
 }
 
 // parsePSIStats parses the specified file for pressure stall information.
-func parsePSIStats(resource string, r io.Reader) (PSIStats, error) {
+func parsePSIStats(r io.Reader) (PSIStats, error) {
 	psiStats := PSIStats{}
 
 	scanner := bufio.NewScanner(r)
diff --git a/vendor/github.com/prometheus/procfs/proc_smaps.go b/vendor/github.com/prometheus/procfs/proc_smaps.go
index 0e97d9957..ad8785a40 100644
--- a/vendor/github.com/prometheus/procfs/proc_smaps.go
+++ b/vendor/github.com/prometheus/procfs/proc_smaps.go
@@ -135,12 +135,12 @@ func (s *ProcSMapsRollup) parseLine(line string) error {
 	}
 	vBytes := vKBytes * 1024
 
-	s.addValue(k, v, vKBytes, vBytes)
+	s.addValue(k, vBytes)
 
 	return nil
 }
 
-func (s *ProcSMapsRollup) addValue(k string, vString string, vUint uint64, vUintBytes uint64) {
+func (s *ProcSMapsRollup) addValue(k string, vUintBytes uint64) {
 	switch k {
 	case "Rss":
 		s.Rss += vUintBytes
diff --git a/vendor/github.com/prometheus/procfs/proc_snmp.go b/vendor/github.com/prometheus/procfs/proc_snmp.go
index 6c46b7188..b9d2cf642 100644
--- a/vendor/github.com/prometheus/procfs/proc_snmp.go
+++ b/vendor/github.com/prometheus/procfs/proc_snmp.go
@@ -159,8 +159,8 @@ func parseSnmp(r io.Reader, fileName string) (ProcSnmp, error) {
 		// Remove trailing :.
 		protocol := strings.TrimSuffix(nameParts[0], ":")
 		if len(nameParts) != len(valueParts) {
-			return procSnmp, fmt.Errorf("mismatch field count mismatch in %s: %s",
-				fileName, protocol)
+			return procSnmp, fmt.Errorf("%w: mismatch field count mismatch in %s: %s",
+				ErrFileParse, fileName, protocol)
 		}
 		for i := 1; i < len(nameParts); i++ {
 			value, err := strconv.ParseFloat(valueParts[i], 64)
diff --git a/vendor/github.com/prometheus/procfs/proc_stat.go b/vendor/github.com/prometheus/procfs/proc_stat.go
index b278eb2c2..923e55005 100644
--- a/vendor/github.com/prometheus/procfs/proc_stat.go
+++ b/vendor/github.com/prometheus/procfs/proc_stat.go
@@ -18,7 +18,6 @@ import (
 	"fmt"
 	"os"
 
-	"github.com/prometheus/procfs/internal/fs"
 	"github.com/prometheus/procfs/internal/util"
 )
 
@@ -112,7 +111,7 @@ type ProcStat struct {
 	// Aggregated block I/O delays, measured in clock ticks (centiseconds).
 	DelayAcctBlkIOTicks uint64
 
-	proc fs.FS
+	proc FS
 }
 
 // NewStat returns the current status information of the process.
@@ -139,7 +138,7 @@ func (p Proc) Stat() (ProcStat, error) {
 	)
 
 	if l < 0 || r < 0 {
-		return ProcStat{}, fmt.Errorf("unexpected format, couldn't extract comm %q", data)
+		return ProcStat{}, fmt.Errorf("%w: unexpected format, couldn't extract comm %q", ErrFileParse, data)
 	}
 
 	s.Comm = string(data[l+1 : r])
@@ -210,8 +209,7 @@ func (s ProcStat) ResidentMemory() int {
 
 // StartTime returns the unix timestamp of the process in seconds.
 func (s ProcStat) StartTime() (float64, error) {
-	fs := FS{proc: s.proc}
-	stat, err := fs.Stat()
+	stat, err := s.proc.Stat()
 	if err != nil {
 		return 0, err
 	}
diff --git a/vendor/github.com/prometheus/procfs/proc_status.go b/vendor/github.com/prometheus/procfs/proc_status.go
index 3d8c06439..46307f572 100644
--- a/vendor/github.com/prometheus/procfs/proc_status.go
+++ b/vendor/github.com/prometheus/procfs/proc_status.go
@@ -15,6 +15,7 @@ package procfs
 
 import (
 	"bytes"
+	"sort"
 	"strconv"
 	"strings"
 
@@ -22,7 +23,7 @@ import (
 )
 
 // ProcStatus provides status information about the process,
-// read from /proc/[pid]/stat.
+// read from /proc/[pid]/status.
 type ProcStatus struct {
 	// The process ID.
 	PID int
@@ -31,6 +32,8 @@ type ProcStatus struct {
 
 	// Thread group ID.
 	TGID int
+	// List of Pid namespace.
+	NSpids []uint64
 
 	// Peak virtual memory size.
 	VmPeak uint64 // nolint:revive
@@ -76,6 +79,9 @@ type ProcStatus struct {
 	UIDs [4]string
 	// GIDs of the process (Real, effective, saved set, and filesystem GIDs)
 	GIDs [4]string
+
+	// CpusAllowedList: List of cpu cores processes are allowed to run on.
+	CpusAllowedList []uint64
 }
 
 // NewStatus returns the current status information of the process.
@@ -123,6 +129,8 @@ func (s *ProcStatus) fillStatus(k string, vString string, vUint uint64, vUintByt
 		copy(s.UIDs[:], strings.Split(vString, "\t"))
 	case "Gid":
 		copy(s.GIDs[:], strings.Split(vString, "\t"))
+	case "NSpid":
+		s.NSpids = calcNSPidsList(vString)
 	case "VmPeak":
 		s.VmPeak = vUintBytes
 	case "VmSize":
@@ -161,10 +169,53 @@ func (s *ProcStatus) fillStatus(k string, vString string, vUint uint64, vUintByt
 		s.VoluntaryCtxtSwitches = vUint
 	case "nonvoluntary_ctxt_switches":
 		s.NonVoluntaryCtxtSwitches = vUint
+	case "Cpus_allowed_list":
+		s.CpusAllowedList = calcCpusAllowedList(vString)
 	}
+
 }
 
 // TotalCtxtSwitches returns the total context switch.
 func (s ProcStatus) TotalCtxtSwitches() uint64 {
 	return s.VoluntaryCtxtSwitches + s.NonVoluntaryCtxtSwitches
 }
+
+func calcCpusAllowedList(cpuString string) []uint64 {
+	s := strings.Split(cpuString, ",")
+
+	var g []uint64
+
+	for _, cpu := range s {
+		// parse cpu ranges, example: 1-3=[1,2,3]
+		if l := strings.Split(strings.TrimSpace(cpu), "-"); len(l) > 1 {
+			startCPU, _ := strconv.ParseUint(l[0], 10, 64)
+			endCPU, _ := strconv.ParseUint(l[1], 10, 64)
+
+			for i := startCPU; i <= endCPU; i++ {
+				g = append(g, i)
+			}
+		} else if len(l) == 1 {
+			cpu, _ := strconv.ParseUint(l[0], 10, 64)
+			g = append(g, cpu)
+		}
+
+	}
+
+	sort.Slice(g, func(i, j int) bool { return g[i] < g[j] })
+	return g
+}
+
+func calcNSPidsList(nspidsString string) []uint64 {
+	s := strings.Split(nspidsString, " ")
+	var nspids []uint64
+
+	for _, nspid := range s {
+		nspid, _ := strconv.ParseUint(nspid, 10, 64)
+		if nspid == 0 {
+			continue
+		}
+		nspids = append(nspids, nspid)
+	}
+
+	return nspids
+}
diff --git a/vendor/github.com/prometheus/procfs/proc_sys.go b/vendor/github.com/prometheus/procfs/proc_sys.go
index d46533ebf..12c5bf05b 100644
--- a/vendor/github.com/prometheus/procfs/proc_sys.go
+++ b/vendor/github.com/prometheus/procfs/proc_sys.go
@@ -44,7 +44,7 @@ func (fs FS) SysctlInts(sysctl string) ([]int, error) {
 		vp := util.NewValueParser(f)
 		values[i] = vp.Int()
 		if err := vp.Err(); err != nil {
-			return nil, fmt.Errorf("field %d in sysctl %s is not a valid int: %w", i, sysctl, err)
+			return nil, fmt.Errorf("%s: field %d in sysctl %s is not a valid int: %w", ErrFileParse, i, sysctl, err)
 		}
 	}
 	return values, nil
diff --git a/vendor/github.com/prometheus/procfs/slab.go b/vendor/github.com/prometheus/procfs/slab.go
index bc9aaf5c2..8611c9017 100644
--- a/vendor/github.com/prometheus/procfs/slab.go
+++ b/vendor/github.com/prometheus/procfs/slab.go
@@ -68,7 +68,7 @@ func parseV21SlabEntry(line string) (*Slab, error) {
 	l := slabSpace.ReplaceAllString(line, " ")
 	s := strings.Split(l, " ")
 	if len(s) != 16 {
-		return nil, fmt.Errorf("unable to parse: %q", line)
+		return nil, fmt.Errorf("%w: unable to parse: %q", ErrFileParse, line)
 	}
 	var err error
 	i := &Slab{Name: s[0]}
diff --git a/vendor/github.com/prometheus/procfs/softirqs.go b/vendor/github.com/prometheus/procfs/softirqs.go
index 559129cbc..b8fad677d 100644
--- a/vendor/github.com/prometheus/procfs/softirqs.go
+++ b/vendor/github.com/prometheus/procfs/softirqs.go
@@ -57,7 +57,7 @@ func parseSoftirqs(r io.Reader) (Softirqs, error) {
 	)
 
 	if !scanner.Scan() {
-		return Softirqs{}, fmt.Errorf("softirqs empty")
+		return Softirqs{}, fmt.Errorf("%w: softirqs empty", ErrFileRead)
 	}
 
 	for scanner.Scan() {
@@ -74,7 +74,7 @@ func parseSoftirqs(r io.Reader) (Softirqs, error) {
 			softirqs.Hi = make([]uint64, len(perCPU))
 			for i, count := range perCPU {
 				if softirqs.Hi[i], err = strconv.ParseUint(count, 10, 64); err != nil {
-					return Softirqs{}, fmt.Errorf("couldn't parse %q (HI%d): %w", count, i, err)
+					return Softirqs{}, fmt.Errorf("%s: couldn't parse %q (HI%d): %w", ErrFileParse, count, i, err)
 				}
 			}
 		case parts[0] == "TIMER:":
@@ -82,7 +82,7 @@ func parseSoftirqs(r io.Reader) (Softirqs, error) {
 			softirqs.Timer = make([]uint64, len(perCPU))
 			for i, count := range perCPU {
 				if softirqs.Timer[i], err = strconv.ParseUint(count, 10, 64); err != nil {
-					return Softirqs{}, fmt.Errorf("couldn't parse %q (TIMER%d): %w", count, i, err)
+					return Softirqs{}, fmt.Errorf("%s: couldn't parse %q (TIMER%d): %w", ErrFileParse, count, i, err)
 				}
 			}
 		case parts[0] == "NET_TX:":
@@ -90,7 +90,7 @@ func parseSoftirqs(r io.Reader) (Softirqs, error) {
 			softirqs.NetTx = make([]uint64, len(perCPU))
 			for i, count := range perCPU {
 				if softirqs.NetTx[i], err = strconv.ParseUint(count, 10, 64); err != nil {
-					return Softirqs{}, fmt.Errorf("couldn't parse %q (NET_TX%d): %w", count, i, err)
+					return Softirqs{}, fmt.Errorf("%s: couldn't parse %q (NET_TX%d): %w", ErrFileParse, count, i, err)
 				}
 			}
 		case parts[0] == "NET_RX:":
@@ -98,7 +98,7 @@ func parseSoftirqs(r io.Reader) (Softirqs, error) {
 			softirqs.NetRx = make([]uint64, len(perCPU))
 			for i, count := range perCPU {
 				if softirqs.NetRx[i], err = strconv.ParseUint(count, 10, 64); err != nil {
-					return Softirqs{}, fmt.Errorf("couldn't parse %q (NET_RX%d): %w", count, i, err)
+					return Softirqs{}, fmt.Errorf("%s: couldn't parse %q (NET_RX%d): %w", ErrFileParse, count, i, err)
 				}
 			}
 		case parts[0] == "BLOCK:":
@@ -106,7 +106,7 @@ func parseSoftirqs(r io.Reader) (Softirqs, error) {
 			softirqs.Block = make([]uint64, len(perCPU))
 			for i, count := range perCPU {
 				if softirqs.Block[i], err = strconv.ParseUint(count, 10, 64); err != nil {
-					return Softirqs{}, fmt.Errorf("couldn't parse %q (BLOCK%d): %w", count, i, err)
+					return Softirqs{}, fmt.Errorf("%s: couldn't parse %q (BLOCK%d): %w", ErrFileParse, count, i, err)
 				}
 			}
 		case parts[0] == "IRQ_POLL:":
@@ -114,7 +114,7 @@ func parseSoftirqs(r io.Reader) (Softirqs, error) {
 			softirqs.IRQPoll = make([]uint64, len(perCPU))
 			for i, count := range perCPU {
 				if softirqs.IRQPoll[i], err = strconv.ParseUint(count, 10, 64); err != nil {
-					return Softirqs{}, fmt.Errorf("couldn't parse %q (IRQ_POLL%d): %w", count, i, err)
+					return Softirqs{}, fmt.Errorf("%s: couldn't parse %q (IRQ_POLL%d): %w", ErrFileParse, count, i, err)
 				}
 			}
 		case parts[0] == "TASKLET:":
@@ -122,7 +122,7 @@ func parseSoftirqs(r io.Reader) (Softirqs, error) {
 			softirqs.Tasklet = make([]uint64, len(perCPU))
 			for i, count := range perCPU {
 				if softirqs.Tasklet[i], err = strconv.ParseUint(count, 10, 64); err != nil {
-					return Softirqs{}, fmt.Errorf("couldn't parse %q (TASKLET%d): %w", count, i, err)
+					return Softirqs{}, fmt.Errorf("%s: couldn't parse %q (TASKLET%d): %w", ErrFileParse, count, i, err)
 				}
 			}
 		case parts[0] == "SCHED:":
@@ -130,7 +130,7 @@ func parseSoftirqs(r io.Reader) (Softirqs, error) {
 			softirqs.Sched = make([]uint64, len(perCPU))
 			for i, count := range perCPU {
 				if softirqs.Sched[i], err = strconv.ParseUint(count, 10, 64); err != nil {
-					return Softirqs{}, fmt.Errorf("couldn't parse %q (SCHED%d): %w", count, i, err)
+					return Softirqs{}, fmt.Errorf("%s: couldn't parse %q (SCHED%d): %w", ErrFileParse, count, i, err)
 				}
 			}
 		case parts[0] == "HRTIMER:":
@@ -138,7 +138,7 @@ func parseSoftirqs(r io.Reader) (Softirqs, error) {
 			softirqs.HRTimer = make([]uint64, len(perCPU))
 			for i, count := range perCPU {
 				if softirqs.HRTimer[i], err = strconv.ParseUint(count, 10, 64); err != nil {
-					return Softirqs{}, fmt.Errorf("couldn't parse %q (HRTIMER%d): %w", count, i, err)
+					return Softirqs{}, fmt.Errorf("%s: couldn't parse %q (HRTIMER%d): %w", ErrFileParse, count, i, err)
 				}
 			}
 		case parts[0] == "RCU:":
@@ -146,14 +146,14 @@ func parseSoftirqs(r io.Reader) (Softirqs, error) {
 			softirqs.RCU = make([]uint64, len(perCPU))
 			for i, count := range perCPU {
 				if softirqs.RCU[i], err = strconv.ParseUint(count, 10, 64); err != nil {
-					return Softirqs{}, fmt.Errorf("couldn't parse %q (RCU%d): %w", count, i, err)
+					return Softirqs{}, fmt.Errorf("%s: couldn't parse %q (RCU%d): %w", ErrFileParse, count, i, err)
 				}
 			}
 		}
 	}
 
 	if err := scanner.Err(); err != nil {
-		return Softirqs{}, fmt.Errorf("couldn't parse softirqs: %w", err)
+		return Softirqs{}, fmt.Errorf("%s: couldn't parse softirqs: %w", ErrFileParse, err)
 	}
 
 	return softirqs, scanner.Err()
diff --git a/vendor/github.com/prometheus/procfs/stat.go b/vendor/github.com/prometheus/procfs/stat.go
index 586af48af..34fc3ee21 100644
--- a/vendor/github.com/prometheus/procfs/stat.go
+++ b/vendor/github.com/prometheus/procfs/stat.go
@@ -93,10 +93,10 @@ func parseCPUStat(line string) (CPUStat, int64, error) {
 		&cpuStat.Guest, &cpuStat.GuestNice)
 
 	if err != nil && err != io.EOF {
-		return CPUStat{}, -1, fmt.Errorf("couldn't parse %q (cpu): %w", line, err)
+		return CPUStat{}, -1, fmt.Errorf("%s: couldn't parse %q (cpu): %w", ErrFileParse, line, err)
 	}
 	if count == 0 {
-		return CPUStat{}, -1, fmt.Errorf("couldn't parse %q (cpu): 0 elements parsed", line)
+		return CPUStat{}, -1, fmt.Errorf("%w: couldn't parse %q (cpu): 0 elements parsed", ErrFileParse, line)
 	}
 
 	cpuStat.User /= userHZ
@@ -116,7 +116,7 @@ func parseCPUStat(line string) (CPUStat, int64, error) {
 
 	cpuID, err := strconv.ParseInt(cpu[3:], 10, 64)
 	if err != nil {
-		return CPUStat{}, -1, fmt.Errorf("couldn't parse %q (cpu/cpuid): %w", line, err)
+		return CPUStat{}, -1, fmt.Errorf("%s: couldn't parse %q (cpu/cpuid): %w", ErrFileParse, line, err)
 	}
 
 	return cpuStat, cpuID, nil
@@ -136,7 +136,7 @@ func parseSoftIRQStat(line string) (SoftIRQStat, uint64, error) {
 		&softIRQStat.Hrtimer, &softIRQStat.Rcu)
 
 	if err != nil {
-		return SoftIRQStat{}, 0, fmt.Errorf("couldn't parse %q (softirq): %w", line, err)
+		return SoftIRQStat{}, 0, fmt.Errorf("%s: couldn't parse %q (softirq): %w", ErrFileParse, line, err)
 	}
 
 	return softIRQStat, total, nil
@@ -187,6 +187,10 @@ func parseStat(r io.Reader, fileName string) (Stat, error) {
 		err error
 	)
 
+	// Increase default scanner buffer to handle very long `intr` lines.
+	buf := make([]byte, 0, 8*1024)
+	scanner.Buffer(buf, 1024*1024)
+
 	for scanner.Scan() {
 		line := scanner.Text()
 		parts := strings.Fields(scanner.Text())
@@ -197,34 +201,34 @@ func parseStat(r io.Reader, fileName string) (Stat, error) {
 		switch {
 		case parts[0] == "btime":
 			if stat.BootTime, err = strconv.ParseUint(parts[1], 10, 64); err != nil {
-				return Stat{}, fmt.Errorf("couldn't parse %q (btime): %w", parts[1], err)
+				return Stat{}, fmt.Errorf("%s: couldn't parse %q (btime): %w", ErrFileParse, parts[1], err)
 			}
 		case parts[0] == "intr":
 			if stat.IRQTotal, err = strconv.ParseUint(parts[1], 10, 64); err != nil {
-				return Stat{}, fmt.Errorf("couldn't parse %q (intr): %w", parts[1], err)
+				return Stat{}, fmt.Errorf("%s: couldn't parse %q (intr): %w", ErrFileParse, parts[1], err)
 			}
 			numberedIRQs := parts[2:]
 			stat.IRQ = make([]uint64, len(numberedIRQs))
 			for i, count := range numberedIRQs {
 				if stat.IRQ[i], err = strconv.ParseUint(count, 10, 64); err != nil {
-					return Stat{}, fmt.Errorf("couldn't parse %q (intr%d): %w", count, i, err)
+					return Stat{}, fmt.Errorf("%s: couldn't parse %q (intr%d): %w", ErrFileParse, count, i, err)
 				}
 			}
 		case parts[0] == "ctxt":
 			if stat.ContextSwitches, err = strconv.ParseUint(parts[1], 10, 64); err != nil {
-				return Stat{}, fmt.Errorf("couldn't parse %q (ctxt): %w", parts[1], err)
+				return Stat{}, fmt.Errorf("%s: couldn't parse %q (ctxt): %w", ErrFileParse, parts[1], err)
 			}
 		case parts[0] == "processes":
 			if stat.ProcessCreated, err = strconv.ParseUint(parts[1], 10, 64); err != nil {
-				return Stat{}, fmt.Errorf("couldn't parse %q (processes): %w", parts[1], err)
+				return Stat{}, fmt.Errorf("%s: couldn't parse %q (processes): %w", ErrFileParse, parts[1], err)
 			}
 		case parts[0] == "procs_running":
 			if stat.ProcessesRunning, err = strconv.ParseUint(parts[1], 10, 64); err != nil {
-				return Stat{}, fmt.Errorf("couldn't parse %q (procs_running): %w", parts[1], err)
+				return Stat{}, fmt.Errorf("%s: couldn't parse %q (procs_running): %w", ErrFileParse, parts[1], err)
 			}
 		case parts[0] == "procs_blocked":
 			if stat.ProcessesBlocked, err = strconv.ParseUint(parts[1], 10, 64); err != nil {
-				return Stat{}, fmt.Errorf("couldn't parse %q (procs_blocked): %w", parts[1], err)
+				return Stat{}, fmt.Errorf("%s: couldn't parse %q (procs_blocked): %w", ErrFileParse, parts[1], err)
 			}
 		case parts[0] == "softirq":
 			softIRQStats, total, err := parseSoftIRQStat(line)
@@ -247,7 +251,7 @@ func parseStat(r io.Reader, fileName string) (Stat, error) {
 	}
 
 	if err := scanner.Err(); err != nil {
-		return Stat{}, fmt.Errorf("couldn't parse %q: %w", fileName, err)
+		return Stat{}, fmt.Errorf("%s: couldn't parse %q: %w", ErrFileParse, fileName, err)
 	}
 
 	return stat, nil
diff --git a/vendor/github.com/prometheus/procfs/swaps.go b/vendor/github.com/prometheus/procfs/swaps.go
index 15edc2212..fa00f555d 100644
--- a/vendor/github.com/prometheus/procfs/swaps.go
+++ b/vendor/github.com/prometheus/procfs/swaps.go
@@ -64,7 +64,7 @@ func parseSwapString(swapString string) (*Swap, error) {
 	swapFields := strings.Fields(swapString)
 	swapLength := len(swapFields)
 	if swapLength < 5 {
-		return nil, fmt.Errorf("too few fields in swap string: %s", swapString)
+		return nil, fmt.Errorf("%w: too few fields in swap string: %s", ErrFileParse, swapString)
 	}
 
 	swap := &Swap{
@@ -74,15 +74,15 @@ func parseSwapString(swapString string) (*Swap, error) {
 
 	swap.Size, err = strconv.Atoi(swapFields[2])
 	if err != nil {
-		return nil, fmt.Errorf("invalid swap size: %s", swapFields[2])
+		return nil, fmt.Errorf("%s: invalid swap size: %s: %w", ErrFileParse, swapFields[2], err)
 	}
 	swap.Used, err = strconv.Atoi(swapFields[3])
 	if err != nil {
-		return nil, fmt.Errorf("invalid swap used: %s", swapFields[3])
+		return nil, fmt.Errorf("%s: invalid swap used: %s: %w", ErrFileParse, swapFields[3], err)
 	}
 	swap.Priority, err = strconv.Atoi(swapFields[4])
 	if err != nil {
-		return nil, fmt.Errorf("invalid swap priority: %s", swapFields[4])
+		return nil, fmt.Errorf("%s: invalid swap priority: %s: %w", ErrFileParse, swapFields[4], err)
 	}
 
 	return swap, nil
diff --git a/vendor/github.com/prometheus/procfs/thread.go b/vendor/github.com/prometheus/procfs/thread.go
index f08bfc769..df2215ece 100644
--- a/vendor/github.com/prometheus/procfs/thread.go
+++ b/vendor/github.com/prometheus/procfs/thread.go
@@ -45,7 +45,7 @@ func (fs FS) AllThreads(pid int) (Procs, error) {
 
 	names, err := d.Readdirnames(-1)
 	if err != nil {
-		return Procs{}, fmt.Errorf("could not read %q: %w", d.Name(), err)
+		return Procs{}, fmt.Errorf("%s: could not read %q: %w", ErrFileRead, d.Name(), err)
 	}
 
 	t := Procs{}
@@ -54,7 +54,8 @@ func (fs FS) AllThreads(pid int) (Procs, error) {
 		if err != nil {
 			continue
 		}
-		t = append(t, Proc{PID: int(tid), fs: fsi.FS(taskPath)})
+
+		t = append(t, Proc{PID: int(tid), fs: FS{fsi.FS(taskPath), fs.isReal}})
 	}
 
 	return t, nil
@@ -66,13 +67,13 @@ func (fs FS) Thread(pid, tid int) (Proc, error) {
 	if _, err := os.Stat(taskPath); err != nil {
 		return Proc{}, err
 	}
-	return Proc{PID: tid, fs: fsi.FS(taskPath)}, nil
+	return Proc{PID: tid, fs: FS{fsi.FS(taskPath), fs.isReal}}, nil
 }
 
 // Thread returns a process for a given TID of Proc.
 func (proc Proc) Thread(tid int) (Proc, error) {
-	tfs := fsi.FS(proc.path("task"))
-	if _, err := os.Stat(tfs.Path(strconv.Itoa(tid))); err != nil {
+	tfs := FS{fsi.FS(proc.path("task")), proc.fs.isReal}
+	if _, err := os.Stat(tfs.proc.Path(strconv.Itoa(tid))); err != nil {
 		return Proc{}, err
 	}
 	return Proc{PID: tid, fs: tfs}, nil
diff --git a/vendor/github.com/prometheus/procfs/vm.go b/vendor/github.com/prometheus/procfs/vm.go
index cdedcae99..51c49d89e 100644
--- a/vendor/github.com/prometheus/procfs/vm.go
+++ b/vendor/github.com/prometheus/procfs/vm.go
@@ -86,7 +86,7 @@ func (fs FS) VM() (*VM, error) {
 		return nil, err
 	}
 	if !file.Mode().IsDir() {
-		return nil, fmt.Errorf("%s is not a directory", path)
+		return nil, fmt.Errorf("%w: %s is not a directory", ErrFileRead, path)
 	}
 
 	files, err := os.ReadDir(path)
diff --git a/vendor/github.com/prometheus/procfs/zoneinfo.go b/vendor/github.com/prometheus/procfs/zoneinfo.go
index c745a4c04..ce5fefa5b 100644
--- a/vendor/github.com/prometheus/procfs/zoneinfo.go
+++ b/vendor/github.com/prometheus/procfs/zoneinfo.go
@@ -75,11 +75,11 @@ var nodeZoneRE = regexp.MustCompile(`(\d+), zone\s+(\w+)`)
 func (fs FS) Zoneinfo() ([]Zoneinfo, error) {
 	data, err := os.ReadFile(fs.proc.Path("zoneinfo"))
 	if err != nil {
-		return nil, fmt.Errorf("error reading zoneinfo %q: %w", fs.proc.Path("zoneinfo"), err)
+		return nil, fmt.Errorf("%s: error reading zoneinfo %q: %w", ErrFileRead, fs.proc.Path("zoneinfo"), err)
 	}
 	zoneinfo, err := parseZoneinfo(data)
 	if err != nil {
-		return nil, fmt.Errorf("error parsing zoneinfo %q: %w", fs.proc.Path("zoneinfo"), err)
+		return nil, fmt.Errorf("%s: error parsing zoneinfo %q: %w", ErrFileParse, fs.proc.Path("zoneinfo"), err)
 	}
 	return zoneinfo, nil
 }
diff --git a/vendor/github.com/puzpuzpuz/xsync/v2/.gitignore b/vendor/github.com/puzpuzpuz/xsync/v2/.gitignore
new file mode 100644
index 000000000..66fd13c90
--- /dev/null
+++ b/vendor/github.com/puzpuzpuz/xsync/v2/.gitignore
@@ -0,0 +1,15 @@
+# Binaries for programs and plugins
+*.exe
+*.exe~
+*.dll
+*.so
+*.dylib
+
+# Test binary, built with `go test -c`
+*.test
+
+# Output of the go coverage tool, specifically when used with LiteIDE
+*.out
+
+# Dependency directories (remove the comment below to include it)
+# vendor/
diff --git a/vendor/github.com/puzpuzpuz/xsync/v2/BENCHMARKS.md b/vendor/github.com/puzpuzpuz/xsync/v2/BENCHMARKS.md
new file mode 100644
index 000000000..1e3169c4f
--- /dev/null
+++ b/vendor/github.com/puzpuzpuz/xsync/v2/BENCHMARKS.md
@@ -0,0 +1,131 @@
+# xsync benchmarks
+
+If you're interested in `MapOf` comparison with some of the popular concurrent hash maps written in Go, check [this](https://github.com/cornelk/hashmap/pull/70) and [this](https://github.com/alphadose/haxmap/pull/22) PRs.
+
+The below results were obtained for xsync v2.3.1 on a c6g.metal EC2 instance (64 CPU, 128GB RAM) running Linux and Go 1.19.3. I'd like to thank [@felixge](https://github.com/felixge) who kindly run the benchmarks.
+
+The following commands were used to run the benchmarks:
+```bash
+$ go test -run='^$' -cpu=1,2,4,8,16,32,64 -bench . -count=30 -timeout=0 | tee bench.txt
+$ benchstat bench.txt | tee benchstat.txt
+```
+
+The below sections contain some of the results. Refer to [this gist](https://gist.github.com/puzpuzpuz/e62e38e06feadecfdc823c0f941ece0b) for the complete output.
+
+### Counter vs. atomic int64
+
+```
+name                                            time/op
+Counter                                         27.3ns ± 1%
+Counter-2                                       27.2ns ±11%
+Counter-4                                       15.3ns ± 8%
+Counter-8                                       7.43ns ± 7%
+Counter-16                                      3.70ns ±10%
+Counter-32                                      1.77ns ± 3%
+Counter-64                                      0.96ns ±10%
+AtomicInt64                                     7.60ns ± 0%
+AtomicInt64-2                                   12.6ns ±13%
+AtomicInt64-4                                   13.5ns ±14%
+AtomicInt64-8                                   12.7ns ± 9%
+AtomicInt64-16                                  12.8ns ± 8%
+AtomicInt64-32                                  13.0ns ± 6%
+AtomicInt64-64                                  12.9ns ± 7%
+```
+
+Here `time/op` stands for average time spent on operation. If you divide `10^9` by the result in nanosecond per operation, you'd get the throughput in operations per second. Thus, ideal theoretical scalability of a concurrent data structure implies that the reported `time/op` decreases proportionally with the increased number of CPU cores. On the contrary, if the measured time per operation increases when run on more cores, it means performance degradation.
+
+### MapOf vs. sync.Map
+
+1,000 `[int, int]` entries with warm-up, 100% Loads:
+```
+IntegerMapOf_WarmUp/reads=100%                  24.0ns ± 0%
+IntegerMapOf_WarmUp/reads=100%-2                12.0ns ± 0%
+IntegerMapOf_WarmUp/reads=100%-4                6.02ns ± 0%
+IntegerMapOf_WarmUp/reads=100%-8                3.01ns ± 0%
+IntegerMapOf_WarmUp/reads=100%-16               1.50ns ± 0%
+IntegerMapOf_WarmUp/reads=100%-32               0.75ns ± 0%
+IntegerMapOf_WarmUp/reads=100%-64               0.38ns ± 0%
+IntegerMapStandard_WarmUp/reads=100%            55.3ns ± 0%
+IntegerMapStandard_WarmUp/reads=100%-2          27.6ns ± 0%
+IntegerMapStandard_WarmUp/reads=100%-4          16.1ns ± 3%
+IntegerMapStandard_WarmUp/reads=100%-8          8.35ns ± 7%
+IntegerMapStandard_WarmUp/reads=100%-16         4.24ns ± 7%
+IntegerMapStandard_WarmUp/reads=100%-32         2.18ns ± 6%
+IntegerMapStandard_WarmUp/reads=100%-64         1.11ns ± 3%
+```
+
+1,000 `[int, int]` entries with warm-up, 99% Loads, 0.5% Stores, 0.5% Deletes:
+```
+IntegerMapOf_WarmUp/reads=99%                   31.0ns ± 0%
+IntegerMapOf_WarmUp/reads=99%-2                 16.4ns ± 1%
+IntegerMapOf_WarmUp/reads=99%-4                 8.42ns ± 0%
+IntegerMapOf_WarmUp/reads=99%-8                 4.41ns ± 0%
+IntegerMapOf_WarmUp/reads=99%-16                2.38ns ± 2%
+IntegerMapOf_WarmUp/reads=99%-32                1.37ns ± 4%
+IntegerMapOf_WarmUp/reads=99%-64                0.85ns ± 2%
+IntegerMapStandard_WarmUp/reads=99%              121ns ± 1%
+IntegerMapStandard_WarmUp/reads=99%-2            109ns ± 3%
+IntegerMapStandard_WarmUp/reads=99%-4            115ns ± 4%
+IntegerMapStandard_WarmUp/reads=99%-8            114ns ± 2%
+IntegerMapStandard_WarmUp/reads=99%-16           105ns ± 2%
+IntegerMapStandard_WarmUp/reads=99%-32          97.0ns ± 3%
+IntegerMapStandard_WarmUp/reads=99%-64          98.0ns ± 2%
+```
+
+1,000 `[int, int]` entries with warm-up, 75% Loads, 12.5% Stores, 12.5% Deletes:
+```
+IntegerMapOf_WarmUp/reads=75%-reads             46.2ns ± 1%
+IntegerMapOf_WarmUp/reads=75%-reads-2           36.7ns ± 2%
+IntegerMapOf_WarmUp/reads=75%-reads-4           22.0ns ± 1%
+IntegerMapOf_WarmUp/reads=75%-reads-8           12.8ns ± 2%
+IntegerMapOf_WarmUp/reads=75%-reads-16          7.69ns ± 1%
+IntegerMapOf_WarmUp/reads=75%-reads-32          5.16ns ± 1%
+IntegerMapOf_WarmUp/reads=75%-reads-64          4.91ns ± 1%
+IntegerMapStandard_WarmUp/reads=75%-reads        156ns ± 0%
+IntegerMapStandard_WarmUp/reads=75%-reads-2      177ns ± 1%
+IntegerMapStandard_WarmUp/reads=75%-reads-4      197ns ± 1%
+IntegerMapStandard_WarmUp/reads=75%-reads-8      221ns ± 2%
+IntegerMapStandard_WarmUp/reads=75%-reads-16     242ns ± 1%
+IntegerMapStandard_WarmUp/reads=75%-reads-32     258ns ± 1%
+IntegerMapStandard_WarmUp/reads=75%-reads-64     264ns ± 1%
+```
+
+### MPMCQueue vs. Go channels
+
+Concurrent producers and consumers (1:1), queue/channel size 1,000, some work:
+```
+QueueProdConsWork100                             252ns ± 0%
+QueueProdConsWork100-2                           206ns ± 5%
+QueueProdConsWork100-4                           136ns ±12%
+QueueProdConsWork100-8                           110ns ± 6%
+QueueProdConsWork100-16                          108ns ± 2%
+QueueProdConsWork100-32                          102ns ± 2%
+QueueProdConsWork100-64                          101ns ± 0%
+ChanProdConsWork100                              283ns ± 0%
+ChanProdConsWork100-2                            406ns ±21%
+ChanProdConsWork100-4                            549ns ± 7%
+ChanProdConsWork100-8                            754ns ± 7%
+ChanProdConsWork100-16                           828ns ± 7%
+ChanProdConsWork100-32                           810ns ± 8%
+ChanProdConsWork100-64                           832ns ± 4%
+```
+
+### RBMutex vs. sync.RWMutex
+
+Writer locks on each 100,000 iteration, both no work and some work in the critical section:
+```
+RBMutexWorkWrite100000                           146ns ± 0%
+RBMutexWorkWrite100000-2                        73.3ns ± 0%
+RBMutexWorkWrite100000-4                        36.7ns ± 0%
+RBMutexWorkWrite100000-8                        18.6ns ± 0%
+RBMutexWorkWrite100000-16                       9.83ns ± 3%
+RBMutexWorkWrite100000-32                       5.53ns ± 0%
+RBMutexWorkWrite100000-64                       4.04ns ± 3%
+RWMutexWorkWrite100000                           121ns ± 0%
+RWMutexWorkWrite100000-2                         128ns ± 1%
+RWMutexWorkWrite100000-4                         124ns ± 2%
+RWMutexWorkWrite100000-8                         101ns ± 1%
+RWMutexWorkWrite100000-16                       92.9ns ± 1%
+RWMutexWorkWrite100000-32                       89.9ns ± 1%
+RWMutexWorkWrite100000-64                       88.4ns ± 1%
+```
diff --git a/vendor/github.com/puzpuzpuz/xsync/v2/LICENSE b/vendor/github.com/puzpuzpuz/xsync/v2/LICENSE
new file mode 100644
index 000000000..837697194
--- /dev/null
+++ b/vendor/github.com/puzpuzpuz/xsync/v2/LICENSE
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2021 Andrey Pechkurov
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/vendor/github.com/puzpuzpuz/xsync/v2/README.md b/vendor/github.com/puzpuzpuz/xsync/v2/README.md
new file mode 100644
index 000000000..94dca04e7
--- /dev/null
+++ b/vendor/github.com/puzpuzpuz/xsync/v2/README.md
@@ -0,0 +1,148 @@
+[![GoDoc reference](https://img.shields.io/badge/godoc-reference-blue.svg)](https://pkg.go.dev/github.com/puzpuzpuz/xsync/v2)
+[![GoReport](https://goreportcard.com/badge/github.com/puzpuzpuz/xsync/v2)](https://goreportcard.com/report/github.com/puzpuzpuz/xsync/v2)
+[![codecov](https://codecov.io/gh/puzpuzpuz/xsync/branch/main/graph/badge.svg)](https://codecov.io/gh/puzpuzpuz/xsync)
+
+# xsync
+
+Concurrent data structures for Go. Aims to provide more scalable alternatives for some of the data structures from the standard `sync` package, but not only.
+
+Covered with tests following the approach described [here](https://puzpuzpuz.dev/testing-concurrent-code-for-fun-and-profit).
+
+## Benchmarks
+
+Benchmark results may be found [here](BENCHMARKS.md). I'd like to thank [@felixge](https://github.com/felixge) who kindly run the benchmarks on a beefy multicore machine.
+
+Also, a non-scientific, unfair benchmark comparing Java's [j.u.c.ConcurrentHashMap](https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/util/concurrent/ConcurrentHashMap.html) and `xsync.MapOf` is available [here](https://puzpuzpuz.dev/concurrent-map-in-go-vs-java-yet-another-meaningless-benchmark).
+
+## Usage
+
+The latest xsync major version is v2, so `/v2` suffix should be used when importing the library:
+
+```go
+import (
+	"github.com/puzpuzpuz/xsync/v2"
+)
+```
+
+*Note for v1 users*: v1 support is discontinued, so please upgrade to v2. While the API has some breaking changes, the migration should be trivial.
+
+### Counter
+
+A `Counter` is a striped `int64` counter inspired by the `j.u.c.a.LongAdder` class from Java standard library.
+
+```go
+c := xsync.NewCounter()
+// increment and decrement the counter
+c.Inc()
+c.Dec()
+// read the current value 
+v := c.Value()
+```
+
+Works better in comparison with a single atomically updated `int64` counter in high contention scenarios.
+
+### Map
+
+A `Map` is like a concurrent hash table based map. It follows the interface of `sync.Map` with a number of valuable extensions like `Compute` or `Size`.
+
+```go
+m := xsync.NewMap()
+m.Store("foo", "bar")
+v, ok := m.Load("foo")
+s := m.Size()
+```
+
+`Map` uses a modified version of Cache-Line Hash Table (CLHT) data structure: https://github.com/LPD-EPFL/CLHT
+
+CLHT is built around idea to organize the hash table in cache-line-sized buckets, so that on all modern CPUs update operations complete with minimal cache-line transfer. Also, `Get` operations are obstruction-free and involve no writes to shared memory, hence no mutexes or any other sort of locks. Due to this design, in all considered scenarios `Map` outperforms `sync.Map`.
+
+One important difference with `sync.Map` is that only string keys are supported. That's because Golang standard library does not expose the built-in hash functions for `interface{}` values.
+
+`MapOf[K, V]` is an implementation with parametrized value type. It is available for Go 1.18 or later. While it's still a CLHT-inspired hash map, `MapOf`'s design is quite different from `Map`. As a result, less GC pressure and less atomic operations on reads.
+
+```go
+m := xsync.NewMapOf[string]()
+m.Store("foo", "bar")
+v, ok := m.Load("foo")
+```
+
+One important difference with `Map` is that `MapOf` supports arbitrary `comparable` key types:
+
+```go
+type Point struct {
+	x int32
+	y int32
+}
+m := NewTypedMapOf[Point, int](func(seed maphash.Seed, p Point) uint64 {
+	// provide a hash function when creating the MapOf;
+	// we recommend using the hash/maphash package for the function
+	var h maphash.Hash
+	h.SetSeed(seed)
+	binary.Write(&h, binary.LittleEndian, p.x)
+	hash := h.Sum64()
+	h.Reset()
+	binary.Write(&h, binary.LittleEndian, p.y)
+	return 31*hash + h.Sum64()
+})
+m.Store(Point{42, 42}, 42)
+v, ok := m.Load(point{42, 42})
+```
+
+### MPMCQueue
+
+A `MPMCQueue` is a bounded multi-producer multi-consumer concurrent queue.
+
+```go
+q := xsync.NewMPMCQueue(1024)
+// producer inserts an item into the queue
+q.Enqueue("foo")
+// optimistic insertion attempt; doesn't block
+inserted := q.TryEnqueue("bar")
+// consumer obtains an item from the queue
+item := q.Dequeue() // interface{} pointing to a string
+// optimistic obtain attempt; doesn't block
+item, ok := q.TryDequeue()
+```
+
+`MPMCQueueOf[I]` is an implementation with parametrized item type. It is available for Go 1.19 or later.
+
+```go
+q := xsync.NewMPMCQueueOf[string](1024)
+q.Enqueue("foo")
+item := q.Dequeue() // string
+```
+
+The queue is based on the algorithm from the [MPMCQueue](https://github.com/rigtorp/MPMCQueue) C++ library which in its turn references D.Vyukov's [MPMC queue](https://www.1024cores.net/home/lock-free-algorithms/queues/bounded-mpmc-queue). According to the following [classification](https://www.1024cores.net/home/lock-free-algorithms/queues), the queue is array-based, fails on overflow, provides causal FIFO, has blocking producers and consumers.
+
+The idea of the algorithm is to allow parallelism for concurrent producers and consumers by introducing the notion of tickets, i.e. values of two counters, one per producers/consumers. An atomic increment of one of those counters is the only noticeable contention point in queue operations. The rest of the operation avoids contention on writes thanks to the turn-based read/write access for each of the queue items.
+
+In essence, `MPMCQueue` is a specialized queue for scenarios where there are multiple concurrent producers and consumers of a single queue running on a large multicore machine.
+
+To get the optimal performance, you may want to set the queue size to be large enough, say, an order of magnitude greater than the number of producers/consumers, to allow producers and consumers to progress with their queue operations in parallel most of the time.
+
+### RBMutex
+
+A `RBMutex` is a reader biased reader/writer mutual exclusion lock. The lock can be held by an many readers or a single writer.
+
+```go
+mu := xsync.NewRBMutex()
+// reader lock calls return a token
+t := mu.RLock()
+// the token must be later used to unlock the mutex
+mu.RUnlock(t)
+// writer locks are the same as in sync.RWMutex
+mu.Lock()
+mu.Unlock()
+```
+
+`RBMutex` is based on a modified version of BRAVO (Biased Locking for Reader-Writer Locks) algorithm: https://arxiv.org/pdf/1810.01553.pdf
+
+The idea of the algorithm is to build on top of an existing reader-writer mutex and introduce a fast path for readers. On the fast path, reader lock attempts are sharded over an internal array based on the reader identity (a token in case of Golang). This means that readers do not contend over a single atomic counter like it's done in, say, `sync.RWMutex` allowing for better scalability in terms of cores.
+
+Hence, by the design `RBMutex` is a specialized mutex for scenarios, such as caches, where the vast majority of locks are acquired by readers and write lock acquire attempts are infrequent. In such scenarios, `RBMutex` should perform better than the `sync.RWMutex` on large multicore machines.
+
+`RBMutex` extends `sync.RWMutex` internally and uses it as the "reader bias disabled" fallback, so the same semantics apply. The only noticeable difference is in the reader tokens returned from the `RLock`/`RUnlock` methods.
+
+## License
+
+Licensed under MIT.
diff --git a/vendor/github.com/puzpuzpuz/xsync/v2/counter.go b/vendor/github.com/puzpuzpuz/xsync/v2/counter.go
new file mode 100644
index 000000000..4bf2c91d8
--- /dev/null
+++ b/vendor/github.com/puzpuzpuz/xsync/v2/counter.go
@@ -0,0 +1,99 @@
+package xsync
+
+import (
+	"sync"
+	"sync/atomic"
+)
+
+// pool for P tokens
+var ptokenPool sync.Pool
+
+// a P token is used to point at the current OS thread (P)
+// on which the goroutine is run; exact identity of the thread,
+// as well as P migration tolerance, is not important since
+// it's used to as a best effort mechanism for assigning
+// concurrent operations (goroutines) to different stripes of
+// the counter
+type ptoken struct {
+	idx uint32
+	//lint:ignore U1000 prevents false sharing
+	pad [cacheLineSize - 4]byte
+}
+
+// A Counter is a striped int64 counter.
+//
+// Should be preferred over a single atomically updated int64
+// counter in high contention scenarios.
+//
+// A Counter must not be copied after first use.
+type Counter struct {
+	stripes []cstripe
+	mask    uint32
+}
+
+type cstripe struct {
+	c int64
+	//lint:ignore U1000 prevents false sharing
+	pad [cacheLineSize - 8]byte
+}
+
+// NewCounter creates a new Counter instance.
+func NewCounter() *Counter {
+	nstripes := nextPowOf2(parallelism())
+	c := Counter{
+		stripes: make([]cstripe, nstripes),
+		mask:    nstripes - 1,
+	}
+	return &c
+}
+
+// Inc increments the counter by 1.
+func (c *Counter) Inc() {
+	c.Add(1)
+}
+
+// Dec decrements the counter by 1.
+func (c *Counter) Dec() {
+	c.Add(-1)
+}
+
+// Add adds the delta to the counter.
+func (c *Counter) Add(delta int64) {
+	t, ok := ptokenPool.Get().(*ptoken)
+	if !ok {
+		t = new(ptoken)
+		t.idx = fastrand()
+	}
+	for {
+		stripe := &c.stripes[t.idx&c.mask]
+		cnt := atomic.LoadInt64(&stripe.c)
+		if atomic.CompareAndSwapInt64(&stripe.c, cnt, cnt+delta) {
+			break
+		}
+		// Give a try with another randomly selected stripe.
+		t.idx = fastrand()
+	}
+	ptokenPool.Put(t)
+}
+
+// Value returns the current counter value.
+// The returned value may not include all of the latest operations in
+// presence of concurrent modifications of the counter.
+func (c *Counter) Value() int64 {
+	v := int64(0)
+	for i := 0; i < len(c.stripes); i++ {
+		stripe := &c.stripes[i]
+		v += atomic.LoadInt64(&stripe.c)
+	}
+	return v
+}
+
+// Reset resets the counter to zero.
+// This method should only be used when it is known that there are
+// no concurrent modifications of the counter.
+func (c *Counter) Reset() {
+	for i := 0; i < len(c.stripes); i++ {
+		stripe := &c.stripes[i]
+		atomic.StoreInt64(&stripe.c, 0)
+	}
+}
diff --git a/vendor/github.com/puzpuzpuz/xsync/v2/map.go b/vendor/github.com/puzpuzpuz/xsync/v2/map.go
new file mode 100644
index 000000000..749293cbf
--- /dev/null
+++ b/vendor/github.com/puzpuzpuz/xsync/v2/map.go
@@ -0,0 +1,785 @@
+package xsync
+
+import (
+	"fmt"
+	"hash/maphash"
+	"math"
+	"runtime"
+	"strings"
+	"sync"
+	"sync/atomic"
+	"unsafe"
+)
+
+type mapResizeHint int
+
+const (
+	mapGrowHint   mapResizeHint = 0
+	mapShrinkHint mapResizeHint = 1
+	mapClearHint  mapResizeHint = 2
+)
+
+const (
+	// number of entries per bucket; 3 entries lead to size of 64B
+	// (one cache line) on 64-bit machines
+	entriesPerMapBucket = 3
+	// threshold fraction of table occupation to start a table shrinking
+	// when deleting the last entry in a bucket chain
+	mapShrinkFraction = 128
+	// map load factor to trigger a table resize during insertion;
+	// a map holds up to mapLoadFactor*entriesPerMapBucket*mapTableLen
+	// key-value pairs (this is a soft limit)
+	mapLoadFactor = 0.75
+	// minimal table size, i.e. number of buckets; thus, minimal map
+	// capacity can be calculated as entriesPerMapBucket*minMapTableLen
+	minMapTableLen = 32
+	// minimal table capacity
+	minMapTableCap = minMapTableLen * entriesPerMapBucket
+	// minimum counter stripes to use
+	minMapCounterLen = 8
+	// maximum counter stripes to use; stands for around 4KB of memory
+	maxMapCounterLen = 32
+)
+
+var (
+	topHashMask       = uint64((1<<20)-1) << 44
+	topHashEntryMasks = [3]uint64{
+		topHashMask,
+		topHashMask >> 20,
+		topHashMask >> 40,
+	}
+)
+
+// Map is like a Go map[string]interface{} but is safe for concurrent
+// use by multiple goroutines without additional locking or
+// coordination. It follows the interface of sync.Map with
+// a number of valuable extensions like Compute or Size.
+//
+// A Map must not be copied after first use.
+//
+// Map uses a modified version of Cache-Line Hash Table (CLHT)
+// data structure: https://github.com/LPD-EPFL/CLHT
+//
+// CLHT is built around idea to organize the hash table in
+// cache-line-sized buckets, so that on all modern CPUs update
+// operations complete with at most one cache-line transfer.
+// Also, Get operations involve no write to memory, as well as no
+// mutexes or any other sort of locks. Due to this design, in all
+// considered scenarios Map outperforms sync.Map.
+//
+// One important difference with sync.Map is that only string keys
+// are supported. That's because Golang standard library does not
+// expose the built-in hash functions for interface{} values.
+type Map struct {
+	totalGrowths int64
+	totalShrinks int64
+	resizing     int64          // resize in progress flag; updated atomically
+	resizeMu     sync.Mutex     // only used along with resizeCond
+	resizeCond   sync.Cond      // used to wake up resize waiters (concurrent modifications)
+	table        unsafe.Pointer // *mapTable
+}
+
+type mapTable struct {
+	buckets []bucketPadded
+	// striped counter for number of table entries;
+	// used to determine if a table shrinking is needed
+	// occupies min(buckets_memory/1024, 64KB) of memory
+	size []counterStripe
+	seed maphash.Seed
+}
+
+type counterStripe struct {
+	c int64
+	//lint:ignore U1000 prevents false sharing
+	pad [cacheLineSize - 8]byte
+}
+
+type bucketPadded struct {
+	//lint:ignore U1000 ensure each bucket takes two cache lines on both 32 and 64-bit archs
+	pad [cacheLineSize - unsafe.Sizeof(bucket{})]byte
+	bucket
+}
+
+type bucket struct {
+	next   unsafe.Pointer // *bucketPadded
+	keys   [entriesPerMapBucket]unsafe.Pointer
+	values [entriesPerMapBucket]unsafe.Pointer
+	// topHashMutex is a 2-in-1 value.
+	//
+	// It contains packed top 20 bits (20 MSBs) of hash codes for keys
+	// stored in the bucket:
+	// | key 0's top hash | key 1's top hash | key 2's top hash | bitmap for keys | mutex |
+	// |      20 bits     |      20 bits     |      20 bits     |     3 bits      | 1 bit |
+	//
+	// The least significant bit is used for the mutex (TTAS spinlock).
+	topHashMutex uint64
+}
+
+type rangeEntry struct {
+	key   unsafe.Pointer
+	value unsafe.Pointer
+}
+
+// NewMap creates a new Map instance.
+func NewMap() *Map {
+	return NewMapPresized(minMapTableCap)
+}
+
+// NewMapPresized creates a new Map instance with capacity enough to hold
+// sizeHint entries. If sizeHint is zero or negative, the value is ignored.
+func NewMapPresized(sizeHint int) *Map {
+	m := &Map{}
+	m.resizeCond = *sync.NewCond(&m.resizeMu)
+	var table *mapTable
+	if sizeHint <= minMapTableCap {
+		table = newMapTable(minMapTableLen)
+	} else {
+		tableLen := nextPowOf2(uint32(sizeHint / entriesPerMapBucket))
+		table = newMapTable(int(tableLen))
+	}
+	atomic.StorePointer(&m.table, unsafe.Pointer(table))
+	return m
+}
+
+func newMapTable(tableLen int) *mapTable {
+	buckets := make([]bucketPadded, tableLen)
+	counterLen := tableLen >> 10
+	if counterLen < minMapCounterLen {
+		counterLen = minMapCounterLen
+	} else if counterLen > maxMapCounterLen {
+		counterLen = maxMapCounterLen
+	}
+	counter := make([]counterStripe, counterLen)
+	t := &mapTable{
+		buckets: buckets,
+		size:    counter,
+		seed:    maphash.MakeSeed(),
+	}
+	return t
+}
+
+// Load returns the value stored in the map for a key, or nil if no
+// value is present.
+// The ok result indicates whether value was found in the map.
+func (m *Map) Load(key string) (value interface{}, ok bool) {
+	table := (*mapTable)(atomic.LoadPointer(&m.table))
+	hash := hashString(table.seed, key)
+	bidx := uint64(len(table.buckets)-1) & hash
+	b := &table.buckets[bidx]
+	for {
+		topHashes := atomic.LoadUint64(&b.topHashMutex)
+		for i := 0; i < entriesPerMapBucket; i++ {
+			if !topHashMatch(hash, topHashes, i) {
+				continue
+			}
+		atomic_snapshot:
+			// Start atomic snapshot.
+			vp := atomic.LoadPointer(&b.values[i])
+			kp := atomic.LoadPointer(&b.keys[i])
+			if kp != nil && vp != nil {
+				if key == derefKey(kp) {
+					if uintptr(vp) == uintptr(atomic.LoadPointer(&b.values[i])) {
+						// Atomic snapshot succeeded.
+						return derefValue(vp), true
+					}
+					// Concurrent update/remove. Go for another spin.
+					goto atomic_snapshot
+				}
+			}
+		}
+		bptr := atomic.LoadPointer(&b.next)
+		if bptr == nil {
+			return
+		}
+		b = (*bucketPadded)(bptr)
+	}
+}
+
+// Store sets the value for a key.
+func (m *Map) Store(key string, value interface{}) {
+	m.doCompute(
+		key,
+		func(interface{}, bool) (interface{}, bool) {
+			return value, false
+		},
+		false,
+		false,
+	)
+}
+
+// LoadOrStore returns the existing value for the key if present.
+// Otherwise, it stores and returns the given value.
+// The loaded result is true if the value was loaded, false if stored.
+func (m *Map) LoadOrStore(key string, value interface{}) (actual interface{}, loaded bool) {
+	return m.doCompute(
+		key,
+		func(interface{}, bool) (interface{}, bool) {
+			return value, false
+		},
+		true,
+		false,
+	)
+}
+
+// LoadAndStore returns the existing value for the key if present,
+// while setting the new value for the key.
+// It stores the new value and returns the existing one, if present.
+// The loaded result is true if the existing value was loaded,
+// false otherwise.
+func (m *Map) LoadAndStore(key string, value interface{}) (actual interface{}, loaded bool) {
+	return m.doCompute(
+		key,
+		func(interface{}, bool) (interface{}, bool) {
+			return value, false
+		},
+		false,
+		false,
+	)
+}
+
+// LoadOrCompute returns the existing value for the key if present.
+// Otherwise, it computes the value using the provided function and
+// returns the computed value. The loaded result is true if the value
+// was loaded, false if stored.
+func (m *Map) LoadOrCompute(key string, valueFn func() interface{}) (actual interface{}, loaded bool) {
+	return m.doCompute(
+		key,
+		func(interface{}, bool) (interface{}, bool) {
+			return valueFn(), false
+		},
+		true,
+		false,
+	)
+}
+
+// Compute either sets the computed new value for the key or deletes
+// the value for the key. When the delete result of the valueFn function
+// is set to true, the value will be deleted, if it exists. When delete
+// is set to false, the value is updated to the newValue.
+// The ok result indicates whether value was computed and stored, thus, is
+// present in the map. The actual result contains the new value in cases where
+// the value was computed and stored. See the example for a few use cases.
+func (m *Map) Compute(
+	key string,
+	valueFn func(oldValue interface{}, loaded bool) (newValue interface{}, delete bool),
+) (actual interface{}, ok bool) {
+	return m.doCompute(key, valueFn, false, true)
+}
+
+// LoadAndDelete deletes the value for a key, returning the previous
+// value if any. The loaded result reports whether the key was
+// present.
+func (m *Map) LoadAndDelete(key string) (value interface{}, loaded bool) {
+	return m.doCompute(
+		key,
+		func(value interface{}, loaded bool) (interface{}, bool) {
+			return value, true
+		},
+		false,
+		false,
+	)
+}
+
+// Delete deletes the value for a key.
+func (m *Map) Delete(key string) {
+	m.doCompute(
+		key,
+		func(value interface{}, loaded bool) (interface{}, bool) {
+			return value, true
+		},
+		false,
+		false,
+	)
+}
+
+func (m *Map) doCompute(
+	key string,
+	valueFn func(oldValue interface{}, loaded bool) (interface{}, bool),
+	loadIfExists, computeOnly bool,
+) (interface{}, bool) {
+	// Read-only path.
+	if loadIfExists {
+		if v, ok := m.Load(key); ok {
+			return v, !computeOnly
+		}
+	}
+	// Write path.
+	for {
+	compute_attempt:
+		var (
+			emptyb       *bucketPadded
+			emptyidx     int
+			hintNonEmpty int
+		)
+		table := (*mapTable)(atomic.LoadPointer(&m.table))
+		tableLen := len(table.buckets)
+		hash := hashString(table.seed, key)
+		bidx := uint64(len(table.buckets)-1) & hash
+		rootb := &table.buckets[bidx]
+		lockBucket(&rootb.topHashMutex)
+		if m.newerTableExists(table) {
+			// Someone resized the table. Go for another attempt.
+			unlockBucket(&rootb.topHashMutex)
+			goto compute_attempt
+		}
+		if m.resizeInProgress() {
+			// Resize is in progress. Wait, then go for another attempt.
+			unlockBucket(&rootb.topHashMutex)
+			m.waitForResize()
+			goto compute_attempt
+		}
+		b := rootb
+		for {
+			topHashes := atomic.LoadUint64(&b.topHashMutex)
+			for i := 0; i < entriesPerMapBucket; i++ {
+				if b.keys[i] == nil {
+					if emptyb == nil {
+						emptyb = b
+						emptyidx = i
+					}
+					continue
+				}
+				if !topHashMatch(hash, topHashes, i) {
+					hintNonEmpty++
+					continue
+				}
+				if key == derefKey(b.keys[i]) {
+					vp := b.values[i]
+					if loadIfExists {
+						unlockBucket(&rootb.topHashMutex)
+						return derefValue(vp), !computeOnly
+					}
+					// In-place update/delete.
+					// We get a copy of the value via an interface{} on each call,
+					// thus the live value pointers are unique. Otherwise atomic
+					// snapshot won't be correct in case of multiple Store calls
+					// using the same value.
+					oldValue := derefValue(vp)
+					newValue, del := valueFn(oldValue, true)
+					if del {
+						// Deletion.
+						// First we update the value, then the key.
+						// This is important for atomic snapshot states.
+						atomic.StoreUint64(&b.topHashMutex, eraseTopHash(topHashes, i))
+						atomic.StorePointer(&b.values[i], nil)
+						atomic.StorePointer(&b.keys[i], nil)
+						leftEmpty := false
+						if hintNonEmpty == 0 {
+							leftEmpty = isEmptyBucket(b)
+						}
+						unlockBucket(&rootb.topHashMutex)
+						table.addSize(bidx, -1)
+						// Might need to shrink the table.
+						if leftEmpty {
+							m.resize(table, mapShrinkHint)
+						}
+						return oldValue, !computeOnly
+					}
+					nvp := unsafe.Pointer(&newValue)
+					if assertionsEnabled && vp == nvp {
+						panic("non-unique value pointer")
+					}
+					atomic.StorePointer(&b.values[i], nvp)
+					unlockBucket(&rootb.topHashMutex)
+					if computeOnly {
+						// Compute expects the new value to be returned.
+						return newValue, true
+					}
+					// LoadAndStore expects the old value to be returned.
+					return oldValue, true
+				}
+				hintNonEmpty++
+			}
+			if b.next == nil {
+				if emptyb != nil {
+					// Insertion into an existing bucket.
+					var zeroedV interface{}
+					newValue, del := valueFn(zeroedV, false)
+					if del {
+						unlockBucket(&rootb.topHashMutex)
+						return zeroedV, false
+					}
+					// First we update the value, then the key.
+					// This is important for atomic snapshot states.
+					topHashes = atomic.LoadUint64(&emptyb.topHashMutex)
+					atomic.StoreUint64(&emptyb.topHashMutex, storeTopHash(hash, topHashes, emptyidx))
+					atomic.StorePointer(&emptyb.values[emptyidx], unsafe.Pointer(&newValue))
+					atomic.StorePointer(&emptyb.keys[emptyidx], unsafe.Pointer(&key))
+					unlockBucket(&rootb.topHashMutex)
+					table.addSize(bidx, 1)
+					return newValue, computeOnly
+				}
+				growThreshold := float64(tableLen) * entriesPerMapBucket * mapLoadFactor
+				if table.sumSize() > int64(growThreshold) {
+					// Need to grow the table. Then go for another attempt.
+					unlockBucket(&rootb.topHashMutex)
+					m.resize(table, mapGrowHint)
+					goto compute_attempt
+				}
+				// Insertion into a new bucket.
+				var zeroedV interface{}
+				newValue, del := valueFn(zeroedV, false)
+				if del {
+					unlockBucket(&rootb.topHashMutex)
+					return newValue, false
+				}
+				// Create and append the bucket.
+				newb := new(bucketPadded)
+				newb.keys[0] = unsafe.Pointer(&key)
+				newb.values[0] = unsafe.Pointer(&newValue)
+				newb.topHashMutex = storeTopHash(hash, newb.topHashMutex, 0)
+				atomic.StorePointer(&b.next, unsafe.Pointer(newb))
+				unlockBucket(&rootb.topHashMutex)
+				table.addSize(bidx, 1)
+				return newValue, computeOnly
+			}
+			b = (*bucketPadded)(b.next)
+		}
+	}
+}
+
+func (m *Map) newerTableExists(table *mapTable) bool {
+	curTablePtr := atomic.LoadPointer(&m.table)
+	return uintptr(curTablePtr) != uintptr(unsafe.Pointer(table))
+}
+
+func (m *Map) resizeInProgress() bool {
+	return atomic.LoadInt64(&m.resizing) == 1
+}
+
+func (m *Map) waitForResize() {
+	m.resizeMu.Lock()
+	for m.resizeInProgress() {
+		m.resizeCond.Wait()
+	}
+	m.resizeMu.Unlock()
+}
+
+func (m *Map) resize(table *mapTable, hint mapResizeHint) {
+	var shrinkThreshold int64
+	tableLen := len(table.buckets)
+	// Fast path for shrink attempts.
+	if hint == mapShrinkHint {
+		shrinkThreshold = int64((tableLen * entriesPerMapBucket) / mapShrinkFraction)
+		if tableLen == minMapTableLen || table.sumSize() > shrinkThreshold {
+			return
+		}
+	}
+	// Slow path.
+	if !atomic.CompareAndSwapInt64(&m.resizing, 0, 1) {
+		// Someone else started resize. Wait for it to finish.
+		m.waitForResize()
+		return
+	}
+	var newTable *mapTable
+	switch hint {
+	case mapGrowHint:
+		// Grow the table with factor of 2.
+		atomic.AddInt64(&m.totalGrowths, 1)
+		newTable = newMapTable(tableLen << 1)
+	case mapShrinkHint:
+		if table.sumSize() <= shrinkThreshold {
+			// Shrink the table with factor of 2.
+			atomic.AddInt64(&m.totalShrinks, 1)
+			newTable = newMapTable(tableLen >> 1)
+		} else {
+			// No need to shrink. Wake up all waiters and give up.
+			m.resizeMu.Lock()
+			atomic.StoreInt64(&m.resizing, 0)
+			m.resizeCond.Broadcast()
+			m.resizeMu.Unlock()
+			return
+		}
+	case mapClearHint:
+		newTable = newMapTable(minMapTableLen)
+	default:
+		panic(fmt.Sprintf("unexpected resize hint: %d", hint))
+	}
+	// Copy the data only if we're not clearing the map.
+	if hint != mapClearHint {
+		for i := 0; i < tableLen; i++ {
+			copied := copyBucket(&table.buckets[i], newTable)
+			newTable.addSizePlain(uint64(i), copied)
+		}
+	}
+	// Publish the new table and wake up all waiters.
+	atomic.StorePointer(&m.table, unsafe.Pointer(newTable))
+	m.resizeMu.Lock()
+	atomic.StoreInt64(&m.resizing, 0)
+	m.resizeCond.Broadcast()
+	m.resizeMu.Unlock()
+}
+
+func copyBucket(b *bucketPadded, destTable *mapTable) (copied int) {
+	rootb := b
+	lockBucket(&rootb.topHashMutex)
+	for {
+		for i := 0; i < entriesPerMapBucket; i++ {
+			if b.keys[i] != nil {
+				k := derefKey(b.keys[i])
+				hash := hashString(destTable.seed, k)
+				bidx := uint64(len(destTable.buckets)-1) & hash
+				destb := &destTable.buckets[bidx]
+				appendToBucket(hash, b.keys[i], b.values[i], destb)
+				copied++
+			}
+		}
+		if b.next == nil {
+			unlockBucket(&rootb.topHashMutex)
+			return
+		}
+		b = (*bucketPadded)(b.next)
+	}
+}
+
+func appendToBucket(hash uint64, keyPtr, valPtr unsafe.Pointer, b *bucketPadded) {
+	for {
+		for i := 0; i < entriesPerMapBucket; i++ {
+			if b.keys[i] == nil {
+				b.keys[i] = keyPtr
+				b.values[i] = valPtr
+				b.topHashMutex = storeTopHash(hash, b.topHashMutex, i)
+				return
+			}
+		}
+		if b.next == nil {
+			newb := new(bucketPadded)
+			newb.keys[0] = keyPtr
+			newb.values[0] = valPtr
+			newb.topHashMutex = storeTopHash(hash, newb.topHashMutex, 0)
+			b.next = unsafe.Pointer(newb)
+			return
+		}
+		b = (*bucketPadded)(b.next)
+	}
+}
+
+func isEmptyBucket(rootb *bucketPadded) bool {
+	b := rootb
+	for {
+		for i := 0; i < entriesPerMapBucket; i++ {
+			if b.keys[i] != nil {
+				return false
+			}
+		}
+		if b.next == nil {
+			return true
+		}
+		b = (*bucketPadded)(b.next)
+	}
+}
+
+// Range calls f sequentially for each key and value present in the
+// map. If f returns false, range stops the iteration.
+//
+// Range does not necessarily correspond to any consistent snapshot
+// of the Map's contents: no key will be visited more than once, but
+// if the value for any key is stored or deleted concurrently, Range
+// may reflect any mapping for that key from any point during the
+// Range call.
+//
+// It is safe to modify the map while iterating it. However, the
+// concurrent modification rule apply, i.e. the changes may be not
+// reflected in the subsequently iterated entries.
+func (m *Map) Range(f func(key string, value interface{}) bool) {
+	var zeroEntry rangeEntry
+	// Pre-allocate array big enough to fit entries for most hash tables.
+	bentries := make([]rangeEntry, 0, 16*entriesPerMapBucket)
+	tablep := atomic.LoadPointer(&m.table)
+	table := *(*mapTable)(tablep)
+	for i := range table.buckets {
+		rootb := &table.buckets[i]
+		b := rootb
+		// Prevent concurrent modifications and copy all entries into
+		// the intermediate slice.
+		lockBucket(&rootb.topHashMutex)
+		for {
+			for i := 0; i < entriesPerMapBucket; i++ {
+				if b.keys[i] != nil {
+					bentries = append(bentries, rangeEntry{
+						key:   b.keys[i],
+						value: b.values[i],
+					})
+				}
+			}
+			if b.next == nil {
+				unlockBucket(&rootb.topHashMutex)
+				break
+			}
+			b = (*bucketPadded)(b.next)
+		}
+		// Call the function for all copied entries.
+		for j := range bentries {
+			k := derefKey(bentries[j].key)
+			v := derefValue(bentries[j].value)
+			if !f(k, v) {
+				return
+			}
+			// Remove the reference to avoid preventing the copied
+			// entries from being GCed until this method finishes.
+			bentries[j] = zeroEntry
+		}
+		bentries = bentries[:0]
+	}
+}
+
+// Clear deletes all keys and values currently stored in the map.
+func (m *Map) Clear() {
+	table := (*mapTable)(atomic.LoadPointer(&m.table))
+	m.resize(table, mapClearHint)
+}
+
+// Size returns current size of the map.
+func (m *Map) Size() int {
+	table := (*mapTable)(atomic.LoadPointer(&m.table))
+	return int(table.sumSize())
+}
+
+func derefKey(keyPtr unsafe.Pointer) string {
+	return *(*string)(keyPtr)
+}
+
+func derefValue(valuePtr unsafe.Pointer) interface{} {
+	return *(*interface{})(valuePtr)
+}
+
+func lockBucket(mu *uint64) {
+	for {
+		var v uint64
+		for {
+			v = atomic.LoadUint64(mu)
+			if v&1 != 1 {
+				break
+			}
+			runtime.Gosched()
+		}
+		if atomic.CompareAndSwapUint64(mu, v, v|1) {
+			return
+		}
+		runtime.Gosched()
+	}
+}
+
+func unlockBucket(mu *uint64) {
+	v := atomic.LoadUint64(mu)
+	atomic.StoreUint64(mu, v&^1)
+}
+
+func topHashMatch(hash, topHashes uint64, idx int) bool {
+	if topHashes&(1<<(idx+1)) == 0 {
+		// Entry is not present.
+		return false
+	}
+	hash = hash & topHashMask
+	topHashes = (topHashes & topHashEntryMasks[idx]) << (20 * idx)
+	return hash == topHashes
+}
+
+func storeTopHash(hash, topHashes uint64, idx int) uint64 {
+	// Zero out top hash at idx.
+	topHashes = topHashes &^ topHashEntryMasks[idx]
+	// Chop top 20 MSBs of the given hash and position them at idx.
+	hash = (hash & topHashMask) >> (20 * idx)
+	// Store the MSBs.
+	topHashes = topHashes | hash
+	// Mark the entry as present.
+	return topHashes | (1 << (idx + 1))
+}
+
+func eraseTopHash(topHashes uint64, idx int) uint64 {
+	return topHashes &^ (1 << (idx + 1))
+}
+
+func (table *mapTable) addSize(bucketIdx uint64, delta int) {
+	cidx := uint64(len(table.size)-1) & bucketIdx
+	atomic.AddInt64(&table.size[cidx].c, int64(delta))
+}
+
+func (table *mapTable) addSizePlain(bucketIdx uint64, delta int) {
+	cidx := uint64(len(table.size)-1) & bucketIdx
+	table.size[cidx].c += int64(delta)
+}
+
+func (table *mapTable) sumSize() int64 {
+	sum := int64(0)
+	for i := range table.size {
+		sum += atomic.LoadInt64(&table.size[i].c)
+	}
+	return sum
+}
+
+type mapStats struct {
+	RootBuckets  int
+	TotalBuckets int
+	EmptyBuckets int
+	Capacity     int
+	Size         int // calculated number of entries
+	Counter      int // number of entries according to table counter
+	CounterLen   int // number of counter stripes
+	MinEntries   int // min entries per chain of buckets
+	MaxEntries   int // max entries per chain of buckets
+	TotalGrowths int64
+	TotalShrinks int64
+}
+
+func (s *mapStats) ToString() string {
+	var sb strings.Builder
+	sb.WriteString("\n---\n")
+	sb.WriteString(fmt.Sprintf("RootBuckets:  %d\n", s.RootBuckets))
+	sb.WriteString(fmt.Sprintf("TotalBuckets: %d\n", s.TotalBuckets))
+	sb.WriteString(fmt.Sprintf("EmptyBuckets: %d\n", s.EmptyBuckets))
+	sb.WriteString(fmt.Sprintf("Capacity:     %d\n", s.Capacity))
+	sb.WriteString(fmt.Sprintf("Size:         %d\n", s.Size))
+	sb.WriteString(fmt.Sprintf("Counter:      %d\n", s.Counter))
+	sb.WriteString(fmt.Sprintf("CounterLen:   %d\n", s.CounterLen))
+	sb.WriteString(fmt.Sprintf("MinEntries:   %d\n", s.MinEntries))
+	sb.WriteString(fmt.Sprintf("MaxEntries:   %d\n", s.MaxEntries))
+	sb.WriteString(fmt.Sprintf("TotalGrowths: %d\n", s.TotalGrowths))
+	sb.WriteString(fmt.Sprintf("TotalShrinks: %d\n", s.TotalShrinks))
+	sb.WriteString("---\n")
+	return sb.String()
+}
+
+// O(N) operation; use for debug purposes only
+func (m *Map) stats() mapStats {
+	stats := mapStats{
+		TotalGrowths: atomic.LoadInt64(&m.totalGrowths),
+		TotalShrinks: atomic.LoadInt64(&m.totalShrinks),
+		MinEntries:   math.MaxInt32,
+	}
+	table := (*mapTable)(atomic.LoadPointer(&m.table))
+	stats.RootBuckets = len(table.buckets)
+	stats.Counter = int(table.sumSize())
+	stats.CounterLen = len(table.size)
+	for i := range table.buckets {
+		nentries := 0
+		b := &table.buckets[i]
+		stats.TotalBuckets++
+		for {
+			nentriesLocal := 0
+			stats.Capacity += entriesPerMapBucket
+			for i := 0; i < entriesPerMapBucket; i++ {
+				if atomic.LoadPointer(&b.keys[i]) != nil {
+					stats.Size++
+					nentriesLocal++
+				}
+			}
+			nentries += nentriesLocal
+			if nentriesLocal == 0 {
+				stats.EmptyBuckets++
+			}
+			if b.next == nil {
+				break
+			}
+			b = (*bucketPadded)(b.next)
+			stats.TotalBuckets++
+		}
+		if nentries < stats.MinEntries {
+			stats.MinEntries = nentries
+		}
+		if nentries > stats.MaxEntries {
+			stats.MaxEntries = nentries
+		}
+	}
+	return stats
+}
diff --git a/vendor/github.com/puzpuzpuz/xsync/v2/mapof.go b/vendor/github.com/puzpuzpuz/xsync/v2/mapof.go
new file mode 100644
index 000000000..cadaeb438
--- /dev/null
+++ b/vendor/github.com/puzpuzpuz/xsync/v2/mapof.go
@@ -0,0 +1,688 @@
+//go:build go1.18
+// +build go1.18
+
+package xsync
+
+import (
+	"fmt"
+	"hash/maphash"
+	"math"
+	"sync"
+	"sync/atomic"
+	"unsafe"
+)
+
+// MapOf is like a Go map[string]V but is safe for concurrent
+// use by multiple goroutines without additional locking or
+// coordination. It follows the interface of sync.Map with
+// a number of valuable extensions like Compute or Size.
+//
+// A MapOf must not be copied after first use.
+//
+// MapOf uses a modified version of Cache-Line Hash Table (CLHT)
+// data structure: https://github.com/LPD-EPFL/CLHT
+//
+// CLHT is built around idea to organize the hash table in
+// cache-line-sized buckets, so that on all modern CPUs update
+// operations complete with at most one cache-line transfer.
+// Also, Get operations involve no write to memory, as well as no
+// mutexes or any other sort of locks. Due to this design, in all
+// considered scenarios MapOf outperforms sync.Map.
+type MapOf[K comparable, V any] struct {
+	totalGrowths int64
+	totalShrinks int64
+	resizing     int64          // resize in progress flag; updated atomically
+	resizeMu     sync.Mutex     // only used along with resizeCond
+	resizeCond   sync.Cond      // used to wake up resize waiters (concurrent modifications)
+	table        unsafe.Pointer // *mapOfTable
+	hasher       func(maphash.Seed, K) uint64
+}
+
+type mapOfTable[K comparable, V any] struct {
+	buckets []bucketOfPadded
+	// striped counter for number of table entries;
+	// used to determine if a table shrinking is needed
+	// occupies min(buckets_memory/1024, 64KB) of memory
+	size []counterStripe
+	seed maphash.Seed
+}
+
+// bucketOfPadded is a CL-sized map bucket holding up to
+// entriesPerMapBucket entries.
+type bucketOfPadded struct {
+	//lint:ignore U1000 ensure each bucket takes two cache lines on both 32 and 64-bit archs
+	pad [cacheLineSize - unsafe.Sizeof(bucketOf{})]byte
+	bucketOf
+}
+
+type bucketOf struct {
+	hashes  [entriesPerMapBucket]uint64
+	entries [entriesPerMapBucket]unsafe.Pointer // *entryOf
+	next    unsafe.Pointer                      // *bucketOfPadded
+	mu      sync.Mutex
+}
+
+// entryOf is an immutable map entry.
+type entryOf[K comparable, V any] struct {
+	key   K
+	value V
+}
+
+// NewMapOf creates a new MapOf instance with string keys.
+func NewMapOf[V any]() *MapOf[string, V] {
+	return NewTypedMapOfPresized[string, V](hashString, minMapTableCap)
+}
+
+// NewMapOfPresized creates a new MapOf instance with string keys and capacity
+// enough to hold sizeHint entries. If sizeHint is zero or negative, the value
+// is ignored.
+func NewMapOfPresized[V any](sizeHint int) *MapOf[string, V] {
+	return NewTypedMapOfPresized[string, V](hashString, sizeHint)
+}
+
+// IntegerConstraint represents any integer type.
+type IntegerConstraint interface {
+	// Recreation of golang.org/x/exp/constraints.Integer to avoid taking a dependency on an
+	// experimental package.
+	~int | ~int8 | ~int16 | ~int32 | ~int64 | ~uint | ~uint8 | ~uint16 | ~uint32 | ~uint64 | ~uintptr
+}
+
+// NewIntegerMapOf creates a new MapOf instance with integer typed keys.
+func NewIntegerMapOf[K IntegerConstraint, V any]() *MapOf[K, V] {
+	return NewTypedMapOfPresized[K, V](hashUint64[K], minMapTableCap)
+}
+
+// NewIntegerMapOfPresized creates a new MapOf instance with integer typed keys
+// and capacity enough to hold sizeHint entries. If sizeHint is zero or
+// negative, the value is ignored.
+func NewIntegerMapOfPresized[K IntegerConstraint, V any](sizeHint int) *MapOf[K, V] {
+	return NewTypedMapOfPresized[K, V](hashUint64[K], sizeHint)
+}
+
+// NewTypedMapOf creates a new MapOf instance with arbitrarily typed keys.
+//
+// Keys are hashed to uint64 using the hasher function. It is strongly
+// recommended to use the hash/maphash package to implement hasher. See the
+// example for how to do that.
+func NewTypedMapOf[K comparable, V any](hasher func(maphash.Seed, K) uint64) *MapOf[K, V] {
+	return NewTypedMapOfPresized[K, V](hasher, minMapTableCap)
+}
+
+// NewTypedMapOfPresized creates a new MapOf instance with arbitrarily typed
+// keys and capacity enough to hold sizeHint entries. If sizeHint is zero or
+// negative, the value is ignored.
+//
+// Keys are hashed to uint64 using the hasher function. It is strongly
+// recommended to use the hash/maphash package to implement hasher. See the
+// example for how to do that.
+func NewTypedMapOfPresized[K comparable, V any](hasher func(maphash.Seed, K) uint64, sizeHint int) *MapOf[K, V] {
+	m := &MapOf[K, V]{}
+	m.resizeCond = *sync.NewCond(&m.resizeMu)
+	m.hasher = hasher
+	var table *mapOfTable[K, V]
+	if sizeHint <= minMapTableCap {
+		table = newMapOfTable[K, V](minMapTableLen)
+	} else {
+		tableLen := nextPowOf2(uint32(sizeHint / entriesPerMapBucket))
+		table = newMapOfTable[K, V](int(tableLen))
+	}
+	atomic.StorePointer(&m.table, unsafe.Pointer(table))
+	return m
+}
+
+func newMapOfTable[K comparable, V any](tableLen int) *mapOfTable[K, V] {
+	buckets := make([]bucketOfPadded, tableLen)
+	counterLen := tableLen >> 10
+	if counterLen < minMapCounterLen {
+		counterLen = minMapCounterLen
+	} else if counterLen > maxMapCounterLen {
+		counterLen = maxMapCounterLen
+	}
+	counter := make([]counterStripe, counterLen)
+	t := &mapOfTable[K, V]{
+		buckets: buckets,
+		size:    counter,
+		seed:    maphash.MakeSeed(),
+	}
+	return t
+}
+
+// Load returns the value stored in the map for a key, or nil if no
+// value is present.
+// The ok result indicates whether value was found in the map.
+func (m *MapOf[K, V]) Load(key K) (value V, ok bool) {
+	table := (*mapOfTable[K, V])(atomic.LoadPointer(&m.table))
+	hash := shiftHash(m.hasher(table.seed, key))
+	bidx := uint64(len(table.buckets)-1) & hash
+	b := &table.buckets[bidx]
+	for {
+		for i := 0; i < entriesPerMapBucket; i++ {
+			// We treat the hash code only as a hint, so there is no
+			// need to get an atomic snapshot.
+			h := atomic.LoadUint64(&b.hashes[i])
+			if h == uint64(0) || h != hash {
+				continue
+			}
+			eptr := atomic.LoadPointer(&b.entries[i])
+			if eptr == nil {
+				continue
+			}
+			e := (*entryOf[K, V])(eptr)
+			if e.key == key {
+				return e.value, true
+			}
+		}
+		bptr := atomic.LoadPointer(&b.next)
+		if bptr == nil {
+			return
+		}
+		b = (*bucketOfPadded)(bptr)
+	}
+}
+
+// Store sets the value for a key.
+func (m *MapOf[K, V]) Store(key K, value V) {
+	m.doCompute(
+		key,
+		func(V, bool) (V, bool) {
+			return value, false
+		},
+		false,
+		false,
+	)
+}
+
+// LoadOrStore returns the existing value for the key if present.
+// Otherwise, it stores and returns the given value.
+// The loaded result is true if the value was loaded, false if stored.
+func (m *MapOf[K, V]) LoadOrStore(key K, value V) (actual V, loaded bool) {
+	return m.doCompute(
+		key,
+		func(V, bool) (V, bool) {
+			return value, false
+		},
+		true,
+		false,
+	)
+}
+
+// LoadAndStore returns the existing value for the key if present,
+// while setting the new value for the key.
+// It stores the new value and returns the existing one, if present.
+// The loaded result is true if the existing value was loaded,
+// false otherwise.
+func (m *MapOf[K, V]) LoadAndStore(key K, value V) (actual V, loaded bool) {
+	return m.doCompute(
+		key,
+		func(V, bool) (V, bool) {
+			return value, false
+		},
+		false,
+		false,
+	)
+}
+
+// LoadOrCompute returns the existing value for the key if present.
+// Otherwise, it computes the value using the provided function and
+// returns the computed value. The loaded result is true if the value
+// was loaded, false if stored.
+func (m *MapOf[K, V]) LoadOrCompute(key K, valueFn func() V) (actual V, loaded bool) {
+	return m.doCompute(
+		key,
+		func(V, bool) (V, bool) {
+			return valueFn(), false
+		},
+		true,
+		false,
+	)
+}
+
+// Compute either sets the computed new value for the key or deletes
+// the value for the key. When the delete result of the valueFn function
+// is set to true, the value will be deleted, if it exists. When delete
+// is set to false, the value is updated to the newValue.
+// The ok result indicates whether value was computed and stored, thus, is
+// present in the map. The actual result contains the new value in cases where
+// the value was computed and stored. See the example for a few use cases.
+func (m *MapOf[K, V]) Compute(
+	key K,
+	valueFn func(oldValue V, loaded bool) (newValue V, delete bool),
+) (actual V, ok bool) {
+	return m.doCompute(key, valueFn, false, true)
+}
+
+// LoadAndDelete deletes the value for a key, returning the previous
+// value if any. The loaded result reports whether the key was
+// present.
+func (m *MapOf[K, V]) LoadAndDelete(key K) (value V, loaded bool) {
+	return m.doCompute(
+		key,
+		func(value V, loaded bool) (V, bool) {
+			return value, true
+		},
+		false,
+		false,
+	)
+}
+
+// Delete deletes the value for a key.
+func (m *MapOf[K, V]) Delete(key K) {
+	m.doCompute(
+		key,
+		func(value V, loaded bool) (V, bool) {
+			return value, true
+		},
+		false,
+		false,
+	)
+}
+
+func (m *MapOf[K, V]) doCompute(
+	key K,
+	valueFn func(oldValue V, loaded bool) (V, bool),
+	loadIfExists, computeOnly bool,
+) (V, bool) {
+	// Read-only path.
+	if loadIfExists {
+		if v, ok := m.Load(key); ok {
+			return v, !computeOnly
+		}
+	}
+	// Write path.
+	for {
+	compute_attempt:
+		var (
+			emptyb       *bucketOfPadded
+			emptyidx     int
+			hintNonEmpty int
+		)
+		table := (*mapOfTable[K, V])(atomic.LoadPointer(&m.table))
+		tableLen := len(table.buckets)
+		hash := shiftHash(m.hasher(table.seed, key))
+		bidx := uint64(len(table.buckets)-1) & hash
+		rootb := &table.buckets[bidx]
+		rootb.mu.Lock()
+		if m.newerTableExists(table) {
+			// Someone resized the table. Go for another attempt.
+			rootb.mu.Unlock()
+			goto compute_attempt
+		}
+		if m.resizeInProgress() {
+			// Resize is in progress. Wait, then go for another attempt.
+			rootb.mu.Unlock()
+			m.waitForResize()
+			goto compute_attempt
+		}
+		b := rootb
+		for {
+			for i := 0; i < entriesPerMapBucket; i++ {
+				h := atomic.LoadUint64(&b.hashes[i])
+				if h == uint64(0) {
+					if emptyb == nil {
+						emptyb = b
+						emptyidx = i
+					}
+					continue
+				}
+				if h != hash {
+					hintNonEmpty++
+					continue
+				}
+				e := (*entryOf[K, V])(b.entries[i])
+				if e.key == key {
+					if loadIfExists {
+						rootb.mu.Unlock()
+						return e.value, !computeOnly
+					}
+					// In-place update/delete.
+					// We get a copy of the value via an interface{} on each call,
+					// thus the live value pointers are unique. Otherwise atomic
+					// snapshot won't be correct in case of multiple Store calls
+					// using the same value.
+					oldv := e.value
+					newv, del := valueFn(oldv, true)
+					if del {
+						// Deletion.
+						// First we update the hash, then the entry.
+						atomic.StoreUint64(&b.hashes[i], uint64(0))
+						atomic.StorePointer(&b.entries[i], nil)
+						leftEmpty := false
+						if hintNonEmpty == 0 {
+							leftEmpty = isEmptyBucketOf(b)
+						}
+						rootb.mu.Unlock()
+						table.addSize(bidx, -1)
+						// Might need to shrink the table.
+						if leftEmpty {
+							m.resize(table, mapShrinkHint)
+						}
+						return oldv, !computeOnly
+					}
+					newe := new(entryOf[K, V])
+					newe.key = key
+					newe.value = newv
+					atomic.StorePointer(&b.entries[i], unsafe.Pointer(newe))
+					rootb.mu.Unlock()
+					if computeOnly {
+						// Compute expects the new value to be returned.
+						return newv, true
+					}
+					// LoadAndStore expects the old value to be returned.
+					return oldv, true
+				}
+				hintNonEmpty++
+			}
+			if b.next == nil {
+				if emptyb != nil {
+					// Insertion into an existing bucket.
+					var zeroedV V
+					newValue, del := valueFn(zeroedV, false)
+					if del {
+						rootb.mu.Unlock()
+						return zeroedV, false
+					}
+					newe := new(entryOf[K, V])
+					newe.key = key
+					newe.value = newValue
+					// First we update the hash, then the entry.
+					atomic.StoreUint64(&emptyb.hashes[emptyidx], hash)
+					atomic.StorePointer(&emptyb.entries[emptyidx], unsafe.Pointer(newe))
+					rootb.mu.Unlock()
+					table.addSize(bidx, 1)
+					return newValue, computeOnly
+				}
+				growThreshold := float64(tableLen) * entriesPerMapBucket * mapLoadFactor
+				if table.sumSize() > int64(growThreshold) {
+					// Need to grow the table. Then go for another attempt.
+					rootb.mu.Unlock()
+					m.resize(table, mapGrowHint)
+					goto compute_attempt
+				}
+				// Insertion into a new bucket.
+				var zeroedV V
+				newValue, del := valueFn(zeroedV, false)
+				if del {
+					rootb.mu.Unlock()
+					return newValue, false
+				}
+				// Create and append the bucket.
+				newb := new(bucketOfPadded)
+				newb.hashes[0] = hash
+				newe := new(entryOf[K, V])
+				newe.key = key
+				newe.value = newValue
+				newb.entries[0] = unsafe.Pointer(newe)
+				atomic.StorePointer(&b.next, unsafe.Pointer(newb))
+				rootb.mu.Unlock()
+				table.addSize(bidx, 1)
+				return newValue, computeOnly
+			}
+			b = (*bucketOfPadded)(b.next)
+		}
+	}
+}
+
+func (m *MapOf[K, V]) newerTableExists(table *mapOfTable[K, V]) bool {
+	curTablePtr := atomic.LoadPointer(&m.table)
+	return uintptr(curTablePtr) != uintptr(unsafe.Pointer(table))
+}
+
+func (m *MapOf[K, V]) resizeInProgress() bool {
+	return atomic.LoadInt64(&m.resizing) == 1
+}
+
+func (m *MapOf[K, V]) waitForResize() {
+	m.resizeMu.Lock()
+	for m.resizeInProgress() {
+		m.resizeCond.Wait()
+	}
+	m.resizeMu.Unlock()
+}
+
+func (m *MapOf[K, V]) resize(table *mapOfTable[K, V], hint mapResizeHint) {
+	var shrinkThreshold int64
+	tableLen := len(table.buckets)
+	// Fast path for shrink attempts.
+	if hint == mapShrinkHint {
+		shrinkThreshold = int64((tableLen * entriesPerMapBucket) / mapShrinkFraction)
+		if tableLen == minMapTableLen || table.sumSize() > shrinkThreshold {
+			return
+		}
+	}
+	// Slow path.
+	if !atomic.CompareAndSwapInt64(&m.resizing, 0, 1) {
+		// Someone else started resize. Wait for it to finish.
+		m.waitForResize()
+		return
+	}
+	var newTable *mapOfTable[K, V]
+	switch hint {
+	case mapGrowHint:
+		// Grow the table with factor of 2.
+		atomic.AddInt64(&m.totalGrowths, 1)
+		newTable = newMapOfTable[K, V](tableLen << 1)
+	case mapShrinkHint:
+		if table.sumSize() <= shrinkThreshold {
+			// Shrink the table with factor of 2.
+			atomic.AddInt64(&m.totalShrinks, 1)
+			newTable = newMapOfTable[K, V](tableLen >> 1)
+		} else {
+			// No need to shrink. Wake up all waiters and give up.
+			m.resizeMu.Lock()
+			atomic.StoreInt64(&m.resizing, 0)
+			m.resizeCond.Broadcast()
+			m.resizeMu.Unlock()
+			return
+		}
+	case mapClearHint:
+		newTable = newMapOfTable[K, V](minMapTableLen)
+	default:
+		panic(fmt.Sprintf("unexpected resize hint: %d", hint))
+	}
+	// Copy the data only if we're not clearing the map.
+	if hint != mapClearHint {
+		for i := 0; i < tableLen; i++ {
+			copied := copyBucketOf(&table.buckets[i], newTable, m.hasher)
+			newTable.addSizePlain(uint64(i), copied)
+		}
+	}
+	// Publish the new table and wake up all waiters.
+	atomic.StorePointer(&m.table, unsafe.Pointer(newTable))
+	m.resizeMu.Lock()
+	atomic.StoreInt64(&m.resizing, 0)
+	m.resizeCond.Broadcast()
+	m.resizeMu.Unlock()
+}
+
+func copyBucketOf[K comparable, V any](
+	b *bucketOfPadded,
+	destTable *mapOfTable[K, V],
+	hasher func(maphash.Seed, K) uint64,
+) (copied int) {
+	rootb := b
+	rootb.mu.Lock()
+	for {
+		for i := 0; i < entriesPerMapBucket; i++ {
+			if b.entries[i] != nil {
+				e := (*entryOf[K, V])(b.entries[i])
+				hash := shiftHash(hasher(destTable.seed, e.key))
+				bidx := uint64(len(destTable.buckets)-1) & hash
+				destb := &destTable.buckets[bidx]
+				appendToBucketOf(hash, b.entries[i], destb)
+				copied++
+			}
+		}
+		if b.next == nil {
+			rootb.mu.Unlock()
+			return
+		}
+		b = (*bucketOfPadded)(b.next)
+	}
+}
+
+// Range calls f sequentially for each key and value present in the
+// map. If f returns false, range stops the iteration.
+//
+// Range does not necessarily correspond to any consistent snapshot
+// of the Map's contents: no key will be visited more than once, but
+// if the value for any key is stored or deleted concurrently, Range
+// may reflect any mapping for that key from any point during the
+// Range call.
+//
+// It is safe to modify the map while iterating it. However, the
+// concurrent modification rule apply, i.e. the changes may be not
+// reflected in the subsequently iterated entries.
+func (m *MapOf[K, V]) Range(f func(key K, value V) bool) {
+	var zeroPtr unsafe.Pointer
+	// Pre-allocate array big enough to fit entries for most hash tables.
+	bentries := make([]unsafe.Pointer, 0, 16*entriesPerMapBucket)
+	tablep := atomic.LoadPointer(&m.table)
+	table := *(*mapOfTable[K, V])(tablep)
+	for i := range table.buckets {
+		rootb := &table.buckets[i]
+		b := rootb
+		// Prevent concurrent modifications and copy all entries into
+		// the intermediate slice.
+		rootb.mu.Lock()
+		for {
+			for i := 0; i < entriesPerMapBucket; i++ {
+				if b.entries[i] != nil {
+					bentries = append(bentries, b.entries[i])
+				}
+			}
+			if b.next == nil {
+				rootb.mu.Unlock()
+				break
+			}
+			b = (*bucketOfPadded)(b.next)
+		}
+		// Call the function for all copied entries.
+		for j := range bentries {
+			entry := (*entryOf[K, V])(bentries[j])
+			if !f(entry.key, entry.value) {
+				return
+			}
+			// Remove the reference to avoid preventing the copied
+			// entries from being GCed until this method finishes.
+			bentries[j] = zeroPtr
+		}
+		bentries = bentries[:0]
+	}
+}
+
+// Clear deletes all keys and values currently stored in the map.
+func (m *MapOf[K, V]) Clear() {
+	table := (*mapOfTable[K, V])(atomic.LoadPointer(&m.table))
+	m.resize(table, mapClearHint)
+}
+
+// Size returns current size of the map.
+func (m *MapOf[K, V]) Size() int {
+	table := (*mapOfTable[K, V])(atomic.LoadPointer(&m.table))
+	return int(table.sumSize())
+}
+
+func appendToBucketOf(hash uint64, entryPtr unsafe.Pointer, b *bucketOfPadded) {
+	for {
+		for i := 0; i < entriesPerMapBucket; i++ {
+			if b.entries[i] == nil {
+				b.hashes[i] = hash
+				b.entries[i] = entryPtr
+				return
+			}
+		}
+		if b.next == nil {
+			newb := new(bucketOfPadded)
+			newb.hashes[0] = hash
+			newb.entries[0] = entryPtr
+			b.next = unsafe.Pointer(newb)
+			return
+		}
+		b = (*bucketOfPadded)(b.next)
+	}
+}
+
+func isEmptyBucketOf(rootb *bucketOfPadded) bool {
+	b := rootb
+	for {
+		for i := 0; i < entriesPerMapBucket; i++ {
+			if b.entries[i] != nil {
+				return false
+			}
+		}
+		if b.next == nil {
+			return true
+		}
+		b = (*bucketOfPadded)(b.next)
+	}
+}
+
+func (table *mapOfTable[K, V]) addSize(bucketIdx uint64, delta int) {
+	cidx := uint64(len(table.size)-1) & bucketIdx
+	atomic.AddInt64(&table.size[cidx].c, int64(delta))
+}
+
+func (table *mapOfTable[K, V]) addSizePlain(bucketIdx uint64, delta int) {
+	cidx := uint64(len(table.size)-1) & bucketIdx
+	table.size[cidx].c += int64(delta)
+}
+
+func (table *mapOfTable[K, V]) sumSize() int64 {
+	sum := int64(0)
+	for i := range table.size {
+		sum += atomic.LoadInt64(&table.size[i].c)
+	}
+	return sum
+}
+
+func shiftHash(h uint64) uint64 {
+	// uint64(0) is a reserved value which stands for an empty slot.
+	if h == uint64(0) {
+		return uint64(1)
+	}
+	return h
+}
+
+// O(N) operation; use for debug purposes only
+func (m *MapOf[K, V]) stats() mapStats {
+	stats := mapStats{
+		TotalGrowths: atomic.LoadInt64(&m.totalGrowths),
+		TotalShrinks: atomic.LoadInt64(&m.totalShrinks),
+		MinEntries:   math.MaxInt32,
+	}
+	table := (*mapOfTable[K, V])(atomic.LoadPointer(&m.table))
+	stats.RootBuckets = len(table.buckets)
+	stats.Counter = int(table.sumSize())
+	stats.CounterLen = len(table.size)
+	for i := range table.buckets {
+		nentries := 0
+		b := &table.buckets[i]
+		stats.TotalBuckets++
+		for {
+			nentriesLocal := 0
+			stats.Capacity += entriesPerMapBucket
+			for i := 0; i < entriesPerMapBucket; i++ {
+				if atomic.LoadPointer(&b.entries[i]) != nil {
+					stats.Size++
+					nentriesLocal++
+				}
+			}
+			nentries += nentriesLocal
+			if nentriesLocal == 0 {
+				stats.EmptyBuckets++
+			}
+			if b.next == nil {
+				break
+			}
+			b = (*bucketOfPadded)(b.next)
+			stats.TotalBuckets++
+		}
+		if nentries < stats.MinEntries {
+			stats.MinEntries = nentries
+		}
+		if nentries > stats.MaxEntries {
+			stats.MaxEntries = nentries
+		}
+	}
+	return stats
+}
diff --git a/vendor/github.com/puzpuzpuz/xsync/v2/mpmcqueue.go b/vendor/github.com/puzpuzpuz/xsync/v2/mpmcqueue.go
new file mode 100644
index 000000000..96584e698
--- /dev/null
+++ b/vendor/github.com/puzpuzpuz/xsync/v2/mpmcqueue.go
@@ -0,0 +1,137 @@
+package xsync
+
+import (
+	"runtime"
+	"sync/atomic"
+	"unsafe"
+)
+
+// A MPMCQueue is a bounded multi-producer multi-consumer concurrent
+// queue.
+//
+// MPMCQueue instances must be created with NewMPMCQueue function.
+// A MPMCQueue must not be copied after first use.
+//
+// Based on the data structure from the following C++ library:
+// https://github.com/rigtorp/MPMCQueue
+type MPMCQueue struct {
+	cap  uint64
+	head uint64
+	//lint:ignore U1000 prevents false sharing
+	hpad [cacheLineSize - 8]byte
+	tail uint64
+	//lint:ignore U1000 prevents false sharing
+	tpad  [cacheLineSize - 8]byte
+	slots []slotPadded
+}
+
+type slotPadded struct {
+	slot
+	//lint:ignore U1000 prevents false sharing
+	pad [cacheLineSize - unsafe.Sizeof(slot{})]byte
+}
+
+type slot struct {
+	turn uint64
+	item interface{}
+}
+
+// NewMPMCQueue creates a new MPMCQueue instance with the given
+// capacity.
+func NewMPMCQueue(capacity int) *MPMCQueue {
+	if capacity < 1 {
+		panic("capacity must be positive number")
+	}
+	return &MPMCQueue{
+		cap:   uint64(capacity),
+		slots: make([]slotPadded, capacity),
+	}
+}
+
+// Enqueue inserts the given item into the queue.
+// Blocks, if the queue is full.
+func (q *MPMCQueue) Enqueue(item interface{}) {
+	head := atomic.AddUint64(&q.head, 1) - 1
+	slot := &q.slots[q.idx(head)]
+	turn := q.turn(head) * 2
+	for atomic.LoadUint64(&slot.turn) != turn {
+		runtime.Gosched()
+	}
+	slot.item = item
+	atomic.StoreUint64(&slot.turn, turn+1)
+}
+
+// Dequeue retrieves and removes the item from the head of the queue.
+// Blocks, if the queue is empty.
+func (q *MPMCQueue) Dequeue() interface{} {
+	tail := atomic.AddUint64(&q.tail, 1) - 1
+	slot := &q.slots[q.idx(tail)]
+	turn := q.turn(tail)*2 + 1
+	for atomic.LoadUint64(&slot.turn) != turn {
+		runtime.Gosched()
+	}
+	item := slot.item
+	slot.item = nil
+	atomic.StoreUint64(&slot.turn, turn+1)
+	return item
+}
+
+// TryEnqueue inserts the given item into the queue. Does not block
+// and returns immediately. The result indicates that the queue isn't
+// full and the item was inserted.
+func (q *MPMCQueue) TryEnqueue(item interface{}) bool {
+	head := atomic.LoadUint64(&q.head)
+	for {
+		slot := &q.slots[q.idx(head)]
+		turn := q.turn(head) * 2
+		if atomic.LoadUint64(&slot.turn) == turn {
+			if atomic.CompareAndSwapUint64(&q.head, head, head+1) {
+				slot.item = item
+				atomic.StoreUint64(&slot.turn, turn+1)
+				return true
+			}
+		} else {
+			prevHead := head
+			head = atomic.LoadUint64(&q.head)
+			if head == prevHead {
+				return false
+			}
+		}
+		runtime.Gosched()
+	}
+}
+
+// TryDequeue retrieves and removes the item from the head of the
+// queue. Does not block and returns immediately. The ok result
+// indicates that the queue isn't empty and an item was retrieved.
+func (q *MPMCQueue) TryDequeue() (item interface{}, ok bool) {
+	tail := atomic.LoadUint64(&q.tail)
+	for {
+		slot := &q.slots[q.idx(tail)]
+		turn := q.turn(tail)*2 + 1
+		if atomic.LoadUint64(&slot.turn) == turn {
+			if atomic.CompareAndSwapUint64(&q.tail, tail, tail+1) {
+				item = slot.item
+				ok = true
+				slot.item = nil
+				atomic.StoreUint64(&slot.turn, turn+1)
+				return
+			}
+		} else {
+			prevTail := tail
+			tail = atomic.LoadUint64(&q.tail)
+			if tail == prevTail {
+				return
+			}
+		}
+		runtime.Gosched()
+	}
+}
+
+func (q *MPMCQueue) idx(i uint64) uint64 {
+	return i % q.cap
+}
+
+func (q *MPMCQueue) turn(i uint64) uint64 {
+	return i / q.cap
+}
diff --git a/vendor/github.com/puzpuzpuz/xsync/v2/mpmcqueueof.go b/vendor/github.com/puzpuzpuz/xsync/v2/mpmcqueueof.go
new file mode 100644
index 000000000..38a8fa3c6
--- /dev/null
+++ b/vendor/github.com/puzpuzpuz/xsync/v2/mpmcqueueof.go
@@ -0,0 +1,150 @@
+//go:build go1.19
+// +build go1.19
+
+package xsync
+
+import (
+	"runtime"
+	"sync/atomic"
+	"unsafe"
+)
+
+// A MPMCQueueOf is a bounded multi-producer multi-consumer concurrent
+// queue. It's a generic version of MPMCQueue.
+//
+// MPMCQueue instances must be created with NewMPMCQueueOf function.
+// A MPMCQueueOf must not be copied after first use.
+//
+// Based on the data structure from the following C++ library:
+// https://github.com/rigtorp/MPMCQueue
+type MPMCQueueOf[I any] struct {
+	cap  uint64
+	head uint64
+	//lint:ignore U1000 prevents false sharing
+	hpad [cacheLineSize - 8]byte
+	tail uint64
+	//lint:ignore U1000 prevents false sharing
+	tpad  [cacheLineSize - 8]byte
+	slots []slotOfPadded[I]
+}
+
+type slotOfPadded[I any] struct {
+	slotOf[I]
+	// Unfortunately, proper padding like the below one:
+	//
+	// pad [cacheLineSize - (unsafe.Sizeof(slotOf[I]{}) % cacheLineSize)]byte
+	//
+	// won't compile, so here we add a best-effort padding for items up to
+	// 56 bytes size.
+	//lint:ignore U1000 prevents false sharing
+	pad [cacheLineSize - unsafe.Sizeof(atomic.Uint64{})]byte
+}
+
+type slotOf[I any] struct {
+	// atomic.Uint64 is used here to get proper 8 byte alignment on
+	// 32-bit archs.
+	turn atomic.Uint64
+	item I
+}
+
+// NewMPMCQueueOf creates a new MPMCQueueOf instance with the given
+// capacity.
+func NewMPMCQueueOf[I any](capacity int) *MPMCQueueOf[I] {
+	if capacity < 1 {
+		panic("capacity must be positive number")
+	}
+	return &MPMCQueueOf[I]{
+		cap:   uint64(capacity),
+		slots: make([]slotOfPadded[I], capacity),
+	}
+}
+
+// Enqueue inserts the given item into the queue.
+// Blocks, if the queue is full.
+func (q *MPMCQueueOf[I]) Enqueue(item I) {
+	head := atomic.AddUint64(&q.head, 1) - 1
+	slot := &q.slots[q.idx(head)]
+	turn := q.turn(head) * 2
+	for slot.turn.Load() != turn {
+		runtime.Gosched()
+	}
+	slot.item = item
+	slot.turn.Store(turn + 1)
+}
+
+// Dequeue retrieves and removes the item from the head of the queue.
+// Blocks, if the queue is empty.
+func (q *MPMCQueueOf[I]) Dequeue() I {
+	var zeroedI I
+	tail := atomic.AddUint64(&q.tail, 1) - 1
+	slot := &q.slots[q.idx(tail)]
+	turn := q.turn(tail)*2 + 1
+	for slot.turn.Load() != turn {
+		runtime.Gosched()
+	}
+	item := slot.item
+	slot.item = zeroedI
+	slot.turn.Store(turn + 1)
+	return item
+}
+
+// TryEnqueue inserts the given item into the queue. Does not block
+// and returns immediately. The result indicates that the queue isn't
+// full and the item was inserted.
+func (q *MPMCQueueOf[I]) TryEnqueue(item I) bool {
+	head := atomic.LoadUint64(&q.head)
+	for {
+		slot := &q.slots[q.idx(head)]
+		turn := q.turn(head) * 2
+		if slot.turn.Load() == turn {
+			if atomic.CompareAndSwapUint64(&q.head, head, head+1) {
+				slot.item = item
+				slot.turn.Store(turn + 1)
+				return true
+			}
+		} else {
+			prevHead := head
+			head = atomic.LoadUint64(&q.head)
+			if head == prevHead {
+				return false
+			}
+		}
+		runtime.Gosched()
+	}
+}
+
+// TryDequeue retrieves and removes the item from the head of the
+// queue. Does not block and returns immediately. The ok result
+// indicates that the queue isn't empty and an item was retrieved.
+func (q *MPMCQueueOf[I]) TryDequeue() (item I, ok bool) {
+	tail := atomic.LoadUint64(&q.tail)
+	for {
+		slot := &q.slots[q.idx(tail)]
+		turn := q.turn(tail)*2 + 1
+		if slot.turn.Load() == turn {
+			if atomic.CompareAndSwapUint64(&q.tail, tail, tail+1) {
+				var zeroedI I
+				item = slot.item
+				ok = true
+				slot.item = zeroedI
+				slot.turn.Store(turn + 1)
+				return
+			}
+		} else {
+			prevTail := tail
+			tail = atomic.LoadUint64(&q.tail)
+			if tail == prevTail {
+				return
+			}
+		}
+		runtime.Gosched()
+	}
+}
+
+func (q *MPMCQueueOf[I]) idx(i uint64) uint64 {
+	return i % q.cap
+}
+
+func (q *MPMCQueueOf[I]) turn(i uint64) uint64 {
+	return i / q.cap
+}
diff --git a/vendor/github.com/puzpuzpuz/xsync/v2/rbmutex.go b/vendor/github.com/puzpuzpuz/xsync/v2/rbmutex.go
new file mode 100644
index 000000000..c4a503ff0
--- /dev/null
+++ b/vendor/github.com/puzpuzpuz/xsync/v2/rbmutex.go
@@ -0,0 +1,145 @@
+package xsync
+
+import (
+	"runtime"
+	"sync"
+	"sync/atomic"
+	"time"
+)
+
+// slow-down guard
+const nslowdown = 7
+
+// pool for reader tokens
+var rtokenPool sync.Pool
+
+// RToken is a reader lock token.
+type RToken struct {
+	slot uint32
+	//lint:ignore U1000 prevents false sharing
+	pad [cacheLineSize - 4]byte
+}
+
+// A RBMutex is a reader biased reader/writer mutual exclusion lock.
+// The lock can be held by an many readers or a single writer.
+// The zero value for a RBMutex is an unlocked mutex.
+//
+// A RBMutex must not be copied after first use.
+//
+// RBMutex is based on a modified version of BRAVO
+// (Biased Locking for Reader-Writer Locks) algorithm:
+// https://arxiv.org/pdf/1810.01553.pdf
+//
+// RBMutex is a specialized mutex for scenarios, such as caches,
+// where the vast majority of locks are acquired by readers and write
+// lock acquire attempts are infrequent. In such scenarios, RBMutex
+// performs better than sync.RWMutex on large multicore machines.
+//
+// RBMutex extends sync.RWMutex internally and uses it as the "reader
+// bias disabled" fallback, so the same semantics apply. The only
+// noticeable difference is in reader tokens returned from the
+// RLock/RUnlock methods.
+type RBMutex struct {
+	rslots       []rslot
+	rmask        uint32
+	rbias        int32
+	inhibitUntil time.Time
+	rw           sync.RWMutex
+}
+
+type rslot struct {
+	mu int32
+	//lint:ignore U1000 prevents false sharing
+	pad [cacheLineSize - 4]byte
+}
+
+// NewRBMutex creates a new RBMutex instance.
+func NewRBMutex() *RBMutex {
+	nslots := nextPowOf2(parallelism())
+	mu := RBMutex{
+		rslots: make([]rslot, nslots),
+		rmask:  nslots - 1,
+		rbias:  1,
+	}
+	return &mu
+}
+
+// RLock locks m for reading and returns a reader token. The
+// token must be used in the later RUnlock call.
+//
+// Should not be used for recursive read locking; a blocked Lock
+// call excludes new readers from acquiring the lock.
+func (mu *RBMutex) RLock() *RToken {
+	if atomic.LoadInt32(&mu.rbias) == 1 {
+		t, ok := rtokenPool.Get().(*RToken)
+		if !ok {
+			t = new(RToken)
+			t.slot = fastrand()
+		}
+		// Try all available slots to distribute reader threads to slots.
+		for i := 0; i < len(mu.rslots); i++ {
+			slot := t.slot + uint32(i)
+			rslot := &mu.rslots[slot&mu.rmask]
+			rslotmu := atomic.LoadInt32(&rslot.mu)
+			if atomic.CompareAndSwapInt32(&rslot.mu, rslotmu, rslotmu+1) {
+				if atomic.LoadInt32(&mu.rbias) == 1 {
+					// Hot path succeeded.
+					t.slot = slot
+					return t
+				}
+				// The mutex is no longer reader biased. Go to the slow path.
+				atomic.AddInt32(&rslot.mu, -1)
+				rtokenPool.Put(t)
+				break
+			}
+			// Contention detected. Give a try with the next slot.
+		}
+	}
+	// Slow path.
+	mu.rw.RLock()
+	if atomic.LoadInt32(&mu.rbias) == 0 && time.Now().After(mu.inhibitUntil) {
+		atomic.StoreInt32(&mu.rbias, 1)
+	}
+	return nil
+}
+
+// RUnlock undoes a single RLock call. A reader token obtained from
+// the RLock call must be provided. RUnlock does not affect other
+// simultaneous readers. A panic is raised if m is not locked for
+// reading on entry to RUnlock.
+func (mu *RBMutex) RUnlock(t *RToken) {
+	if t == nil {
+		mu.rw.RUnlock()
+		return
+	}
+	if atomic.AddInt32(&mu.rslots[t.slot&mu.rmask].mu, -1) < 0 {
+		panic("invalid reader state detected")
+	}
+	rtokenPool.Put(t)
+}
+
+// Lock locks m for writing. If the lock is already locked for
+// reading or writing, Lock blocks until the lock is available.
+func (mu *RBMutex) Lock() {
+	mu.rw.Lock()
+	if atomic.LoadInt32(&mu.rbias) == 1 {
+		atomic.StoreInt32(&mu.rbias, 0)
+		start := time.Now()
+		for i := 0; i < len(mu.rslots); i++ {
+			for atomic.LoadInt32(&mu.rslots[i].mu) > 0 {
+				runtime.Gosched()
+			}
+		}
+		mu.inhibitUntil = time.Now().Add(time.Since(start) * nslowdown)
+	}
+}
+
+// Unlock unlocks m for writing. A panic is raised if m is not locked
+// for writing on entry to Unlock.
+//
+// As with RWMutex, a locked RBMutex is not associated with a
+// particular goroutine. One goroutine may RLock (Lock) a RBMutex and
+// then arrange for another goroutine to RUnlock (Unlock) it.
+func (mu *RBMutex) Unlock() {
+	mu.rw.Unlock()
+}
diff --git a/vendor/github.com/puzpuzpuz/xsync/v2/util.go b/vendor/github.com/puzpuzpuz/xsync/v2/util.go
new file mode 100644
index 000000000..d8a64f8f8
--- /dev/null
+++ b/vendor/github.com/puzpuzpuz/xsync/v2/util.go
@@ -0,0 +1,63 @@
+package xsync
+
+import (
+	"hash/maphash"
+	"reflect"
+	"runtime"
+	"unsafe"
+	_ "unsafe"
+)
+
+// test-only assert()-like flag
+var assertionsEnabled = false
+
+const (
+	// cacheLineSize is used in paddings to prevent false sharing;
+	// 64B are used instead of 128B as a compromise between
+	// memory footprint and performance; 128B usage may give ~30%
+	// improvement on NUMA machines.
+	cacheLineSize = 64
+)
+
+// nextPowOf2 computes the next highest power of 2 of 32-bit v.
+// Source: https://graphics.stanford.edu/~seander/bithacks.html#RoundUpPowerOf2
+func nextPowOf2(v uint32) uint32 {
+	if v == 0 {
+		return 1
+	}
+	v--
+	v |= v >> 1
+	v |= v >> 2
+	v |= v >> 4
+	v |= v >> 8
+	v |= v >> 16
+	v++
+	return v
+}
+
+func parallelism() uint32 {
+	maxProcs := uint32(runtime.GOMAXPROCS(0))
+	numCores := uint32(runtime.NumCPU())
+	if maxProcs < numCores {
+		return maxProcs
+	}
+	return numCores
+}
+
+// hashString calculates a hash of s with the given seed.
+func hashString(seed maphash.Seed, s string) uint64 {
+	seed64 := *(*uint64)(unsafe.Pointer(&seed))
+	if s == "" {
+		return seed64
+	}
+	strh := (*reflect.StringHeader)(unsafe.Pointer(&s))
+	return uint64(memhash(unsafe.Pointer(strh.Data), uintptr(seed64), uintptr(strh.Len)))
+}
+
+//go:noescape
+//go:linkname memhash runtime.memhash
+func memhash(p unsafe.Pointer, h, s uintptr) uintptr
+
+//go:noescape
+//go:linkname fastrand runtime.fastrand
+func fastrand() uint32
diff --git a/vendor/github.com/puzpuzpuz/xsync/v2/util_mapof.go b/vendor/github.com/puzpuzpuz/xsync/v2/util_mapof.go
new file mode 100644
index 000000000..fbb00c438
--- /dev/null
+++ b/vendor/github.com/puzpuzpuz/xsync/v2/util_mapof.go
@@ -0,0 +1,22 @@
+//go:build go1.18
+// +build go1.18
+
+package xsync
+
+import (
+	"hash/maphash"
+	"unsafe"
+)
+
+// hashUint64 calculates a hash of v with the given seed.
+//
+//lint:ignore U1000 used in MapOf
+func hashUint64[K IntegerConstraint](seed maphash.Seed, k K) uint64 {
+	n := uint64(k)
+	// Java's Long standard hash function.
+	n = n ^ (n >> 32)
+	nseed := *(*uint64)(unsafe.Pointer(&seed))
+	// 64-bit variation of boost's hash_combine.
+	nseed ^= n + 0x9e3779b97f4a7c15 + (nseed << 12) + (nseed >> 4)
+	return nseed
+}
diff --git a/vendor/github.com/rivo/uniseg/README.md b/vendor/github.com/rivo/uniseg/README.md
index 7e3d12e79..25e934687 100644
--- a/vendor/github.com/rivo/uniseg/README.md
+++ b/vendor/github.com/rivo/uniseg/README.md
@@ -133,6 +133,13 @@ Similarly, use
 - [`FirstSentence`](https://pkg.go.dev/github.com/rivo/uniseg#FirstSentence) or [`FirstSentenceInString`](https://pkg.go.dev/github.com/rivo/uniseg#FirstSentenceInString) for sentence segmentation only, and
 - [`FirstLineSegment`](https://pkg.go.dev/github.com/rivo/uniseg#FirstLineSegment) or [`FirstLineSegmentInString`](https://pkg.go.dev/github.com/rivo/uniseg#FirstLineSegmentInString) for line breaking / word wrapping (although using [`Step`](https://pkg.go.dev/github.com/rivo/uniseg#Step) or [`StepString`](https://pkg.go.dev/github.com/rivo/uniseg#StepString) is preferred as it will observe grapheme cluster boundaries).
 
+Finally, if you need to reverse a string while preserving grapheme clusters, use [`ReverseString`](https://pkg.go.dev/github.com/rivo/uniseg#ReverseString):
+
+```go
+fmt.Println(uniseg.ReverseString("🇩🇪🏳️‍🌈"))
+// 🏳️‍🌈🇩🇪
+```
+
 ## Documentation
 
 Refer to https://pkg.go.dev/github.com/rivo/uniseg for the package's documentation.
diff --git a/vendor/github.com/rivo/uniseg/doc.go b/vendor/github.com/rivo/uniseg/doc.go
index 0fc2d8b43..11224ae22 100644
--- a/vendor/github.com/rivo/uniseg/doc.go
+++ b/vendor/github.com/rivo/uniseg/doc.go
@@ -70,10 +70,10 @@ broken.
 Monospace width, as referred to in this package, is the width of a string in a
 monospace font. This is commonly used in terminal user interfaces or text
 displays or editors that don't support proportional fonts. A width of 1
-corresponds to a single character cell. The C function [wcwidth()] and its
+corresponds to a single character cell. The C function [wcswidth()] and its
 implementation in other programming languages is in widespread use for the same
 purpose. However, there is no standard for the calculation of such widths, and
-this package differs from wcwidth() in a number of ways, presumably to generate
+this package differs from wcswidth() in a number of ways, presumably to generate
 more visually pleasing results.
 
 To start, we assume that every code point has a width of 1, with the following
@@ -103,6 +103,6 @@ Note that whether these widths appear correct depends on your application's
 render engine, to which extent it conforms to the Unicode Standard, and its
 choice of font.
 
-[wcwidth()]: https://man7.org/linux/man-pages/man3/wcwidth.3.html
+[wcswidth()]: https://man7.org/linux/man-pages/man3/wcswidth.3.html
 */
 package uniseg
diff --git a/vendor/github.com/rivo/uniseg/grapheme.go b/vendor/github.com/rivo/uniseg/grapheme.go
index 997abbefd..0086fc1b2 100644
--- a/vendor/github.com/rivo/uniseg/grapheme.go
+++ b/vendor/github.com/rivo/uniseg/grapheme.go
@@ -163,13 +163,32 @@ func GraphemeClusterCount(s string) (n int) {
 	return
 }
 
+// ReverseString reverses the given string while observing grapheme cluster
+// boundaries.
+func ReverseString(s string) string {
+	str := []byte(s)
+	reversed := make([]byte, len(str))
+	state := -1
+	index := len(str)
+	for len(str) > 0 {
+		var cluster []byte
+		cluster, str, _, state = FirstGraphemeCluster(str, state)
+		index -= len(cluster)
+		copy(reversed[index:], cluster)
+		if index <= len(str)/2 {
+			break
+		}
+	}
+	return string(reversed)
+}
+
 // The number of bits the grapheme property must be shifted to make place for
 // grapheme states.
 const shiftGraphemePropState = 4
 
 // FirstGraphemeCluster returns the first grapheme cluster found in the given
-// byte slice according to the rules of Unicode Standard Annex #29, Grapheme
-// Cluster Boundaries. This function can be called continuously to extract all
+// byte slice according to the rules of [Unicode Standard Annex #29, Grapheme
+// Cluster Boundaries]. This function can be called continuously to extract all
 // grapheme clusters from a byte slice, as illustrated in the example below.
 //
 // If you don't know the current state, for example when calling the function
@@ -190,6 +209,8 @@ const shiftGraphemePropState = 4
 // While slightly less convenient than using the Graphemes class, this function
 // has much better performance and makes no allocations. It lends itself well to
 // large byte slices.
+//
+// [Unicode Standard Annex #29, Grapheme Cluster Boundaries]: http://unicode.org/reports/tr29/#Grapheme_Cluster_Boundaries
 func FirstGraphemeCluster(b []byte, state int) (cluster, rest []byte, width, newState int) {
 	// An empty byte slice returns nothing.
 	if len(b) == 0 {
diff --git a/vendor/github.com/rivo/uniseg/graphemerules.go b/vendor/github.com/rivo/uniseg/graphemerules.go
index 907b30bd0..9f46b575b 100644
--- a/vendor/github.com/rivo/uniseg/graphemerules.go
+++ b/vendor/github.com/rivo/uniseg/graphemerules.go
@@ -48,7 +48,7 @@ var grTransitions = map[[2]int][3]int{
 	{grControlLF, prAny}: {grAny, grBoundary, 40},
 
 	// GB3.
-	{grCR, prLF}: {grAny, grNoBoundary, 30},
+	{grCR, prLF}: {grControlLF, grNoBoundary, 30},
 
 	// GB6.
 	{grAny, prL}: {grL, grBoundary, 9990},
diff --git a/vendor/github.com/rivo/uniseg/line.go b/vendor/github.com/rivo/uniseg/line.go
index c0398cacf..87f28503f 100644
--- a/vendor/github.com/rivo/uniseg/line.go
+++ b/vendor/github.com/rivo/uniseg/line.go
@@ -4,7 +4,7 @@ import "unicode/utf8"
 
 // FirstLineSegment returns the prefix of the given byte slice after which a
 // decision to break the string over to the next line can or must be made,
-// according to the rules of Unicode Standard Annex #14. This is used to
+// according to the rules of [Unicode Standard Annex #14]. This is used to
 // implement line breaking.
 //
 // Line breaking, also known as word wrapping, is the process of breaking a
@@ -35,7 +35,7 @@ import "unicode/utf8"
 //
 // Given an empty byte slice "b", the function returns nil values.
 //
-// Note that in accordance with UAX #14 LB3, the final segment will end with
+// Note that in accordance with [UAX #14 LB3], the final segment will end with
 // "mustBreak" set to true. You can choose to ignore this by checking if the
 // length of the "rest" slice is 0 and calling [HasTrailingLineBreak] or
 // [HasTrailingLineBreakInString] on the last rune.
@@ -43,6 +43,9 @@ import "unicode/utf8"
 // Note also that this algorithm may break within grapheme clusters. This is
 // addressed in Section 8.2 Example 6 of UAX #14. To avoid this, you can use
 // the [Step] function instead.
+//
+// [Unicode Standard Annex #14]: https://www.unicode.org/reports/tr14/
+// [UAX #14 LB3]: https://www.unicode.org/reports/tr14/#Algorithm
 func FirstLineSegment(b []byte, state int) (segment, rest []byte, mustBreak bool, newState int) {
 	// An empty byte slice returns nothing.
 	if len(b) == 0 {
diff --git a/vendor/github.com/rivo/uniseg/sentence.go b/vendor/github.com/rivo/uniseg/sentence.go
index b7fc70996..adc2a3577 100644
--- a/vendor/github.com/rivo/uniseg/sentence.go
+++ b/vendor/github.com/rivo/uniseg/sentence.go
@@ -3,7 +3,7 @@ package uniseg
 import "unicode/utf8"
 
 // FirstSentence returns the first sentence found in the given byte slice
-// according to the rules of Unicode Standard Annex #29, Sentence Boundaries.
+// according to the rules of [Unicode Standard Annex #29, Sentence Boundaries].
 // This function can be called continuously to extract all sentences from a byte
 // slice, as illustrated in the example below.
 //
@@ -17,6 +17,8 @@ import "unicode/utf8"
 // slice is the sub-slice of the input slice containing the identified sentence.
 //
 // Given an empty byte slice "b", the function returns nil values.
+//
+// [Unicode Standard Annex #29, Sentence Boundaries]: http://unicode.org/reports/tr29/#Sentence_Boundaries
 func FirstSentence(b []byte, state int) (sentence, rest []byte, newState int) {
 	// An empty byte slice returns nothing.
 	if len(b) == 0 {
diff --git a/vendor/github.com/rivo/uniseg/step.go b/vendor/github.com/rivo/uniseg/step.go
index 55e7f1219..6eca4b5dc 100644
--- a/vendor/github.com/rivo/uniseg/step.go
+++ b/vendor/github.com/rivo/uniseg/step.go
@@ -83,10 +83,12 @@ const (
 // has much better performance and makes no allocations. It lends itself well to
 // large byte slices.
 //
-// Note that in accordance with UAX #14 LB3, the final segment will end with
+// Note that in accordance with [UAX #14 LB3], the final segment will end with
 // a mandatory line break (boundaries&MaskLine == LineMustBreak). You can choose
 // to ignore this by checking if the length of the "rest" slice is 0 and calling
 // [HasTrailingLineBreak] or [HasTrailingLineBreakInString] on the last rune.
+//
+// [UAX #14 LB3]: https://www.unicode.org/reports/tr14/#Algorithm
 func Step(b []byte, state int) (cluster, rest []byte, boundaries int, newState int) {
 	// An empty byte slice returns nothing.
 	if len(b) == 0 {
diff --git a/vendor/github.com/rivo/uniseg/word.go b/vendor/github.com/rivo/uniseg/word.go
index 785af1e87..34fba7f29 100644
--- a/vendor/github.com/rivo/uniseg/word.go
+++ b/vendor/github.com/rivo/uniseg/word.go
@@ -3,7 +3,7 @@ package uniseg
 import "unicode/utf8"
 
 // FirstWord returns the first word found in the given byte slice according to
-// the rules of Unicode Standard Annex #29, Word Boundaries. This function can
+// the rules of [Unicode Standard Annex #29, Word Boundaries]. This function can
 // be called continuously to extract all words from a byte slice, as illustrated
 // in the example below.
 //
@@ -17,6 +17,8 @@ import "unicode/utf8"
 // the sub-slice of the input slice containing the identified word.
 //
 // Given an empty byte slice "b", the function returns nil values.
+//
+// [Unicode Standard Annex #29, Word Boundaries]: http://unicode.org/reports/tr29/#Word_Boundaries
 func FirstWord(b []byte, state int) (word, rest []byte, newState int) {
 	// An empty byte slice returns nothing.
 	if len(b) == 0 {
diff --git a/vendor/github.com/sagikazarmark/locafero/.editorconfig b/vendor/github.com/sagikazarmark/locafero/.editorconfig
new file mode 100644
index 000000000..6f944f540
--- /dev/null
+++ b/vendor/github.com/sagikazarmark/locafero/.editorconfig
@@ -0,0 +1,21 @@
+root = true
+
+[*]
+charset = utf-8
+end_of_line = lf
+indent_size = 4
+indent_style = space
+insert_final_newline = true
+trim_trailing_whitespace = true
+
+[{Makefile,*.mk}]
+indent_style = tab
+
+[*.nix]
+indent_size = 2
+
+[*.go]
+indent_style = tab
+
+[{*.yml,*.yaml}]
+indent_size = 2
diff --git a/vendor/github.com/sagikazarmark/locafero/.envrc b/vendor/github.com/sagikazarmark/locafero/.envrc
new file mode 100644
index 000000000..3ce7171a3
--- /dev/null
+++ b/vendor/github.com/sagikazarmark/locafero/.envrc
@@ -0,0 +1,4 @@
+if ! has nix_direnv_version || ! nix_direnv_version 2.3.0; then
+  source_url "https://raw.githubusercontent.com/nix-community/nix-direnv/2.3.0/direnvrc" "sha256-Dmd+j63L84wuzgyjITIfSxSD57Tx7v51DMxVZOsiUD8="
+fi
+use flake . --impure
diff --git a/vendor/github.com/sagikazarmark/locafero/.gitignore b/vendor/github.com/sagikazarmark/locafero/.gitignore
new file mode 100644
index 000000000..8f07e6016
--- /dev/null
+++ b/vendor/github.com/sagikazarmark/locafero/.gitignore
@@ -0,0 +1,8 @@
+/.devenv/
+/.direnv/
+/.task/
+/bin/
+/build/
+/tmp/
+/var/
+/vendor/
diff --git a/vendor/github.com/sagikazarmark/locafero/.golangci.yaml b/vendor/github.com/sagikazarmark/locafero/.golangci.yaml
new file mode 100644
index 000000000..829de2a4a
--- /dev/null
+++ b/vendor/github.com/sagikazarmark/locafero/.golangci.yaml
@@ -0,0 +1,27 @@
+run:
+  timeout: 10m
+
+linters-settings:
+  gci:
+    sections:
+      - standard
+      - default
+      - prefix(github.com/sagikazarmark/locafero)
+  goimports:
+    local-prefixes: github.com/sagikazarmark/locafero
+  misspell:
+    locale: US
+  nolintlint:
+    allow-leading-space: false # require machine-readable nolint directives (with no leading space)
+    allow-unused: false # report any unused nolint directives
+    require-specific: false # don't require nolint directives to be specific about which linter is being skipped
+  revive:
+    confidence: 0
+
+linters:
+  enable:
+    - gci
+    - goimports
+    - misspell
+    - nolintlint
+    - revive
diff --git a/vendor/github.com/sagikazarmark/locafero/LICENSE b/vendor/github.com/sagikazarmark/locafero/LICENSE
new file mode 100644
index 000000000..a70b0f296
--- /dev/null
+++ b/vendor/github.com/sagikazarmark/locafero/LICENSE
@@ -0,0 +1,19 @@
+Copyright (c) 2023 Márk Sági-Kazár <mark.sagikazar@gmail.com>
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is furnished
+to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
diff --git a/vendor/github.com/sagikazarmark/locafero/README.md b/vendor/github.com/sagikazarmark/locafero/README.md
new file mode 100644
index 000000000..a48e8e978
--- /dev/null
+++ b/vendor/github.com/sagikazarmark/locafero/README.md
@@ -0,0 +1,37 @@
+# Finder library for [Afero](https://github.com/spf13/afero)
+
+[![GitHub Workflow Status](https://img.shields.io/github/actions/workflow/status/sagikazarmark/locafero/ci.yaml?style=flat-square)](https://github.com/sagikazarmark/locafero/actions/workflows/ci.yaml)
+[![go.dev reference](https://img.shields.io/badge/go.dev-reference-007d9c?logo=go&logoColor=white&style=flat-square)](https://pkg.go.dev/mod/github.com/sagikazarmark/locafero)
+![Go Version](https://img.shields.io/badge/go%20version-%3E=1.20-61CFDD.svg?style=flat-square)
+[![built with nix](https://img.shields.io/badge/builtwith-nix-7d81f7?style=flat-square)](https://builtwithnix.org)
+
+**Finder library for [Afero](https://github.com/spf13/afero) ported from [go-finder](https://github.com/sagikazarmark/go-finder).**
+
+> [!WARNING]
+> This is an experimental library under development.
+>
+> **Backwards compatibility is not guaranteed, expect breaking changes.**
+
+## Installation
+
+```shell
+go get github.com/sagikazarmark/locafero
+```
+
+## Usage
+
+Check out the [package example](https://pkg.go.dev/github.com/sagikazarmark/locafero#example-package) on go.dev.
+
+## Development
+
+**For an optimal developer experience, it is recommended to install [Nix](https://nixos.org/download.html) and [direnv](https://direnv.net/docs/installation.html).**
+
+Run the test suite:
+
+```shell
+just test
+```
+
+## License
+
+The project is licensed under the [MIT License](LICENSE).
diff --git a/vendor/github.com/sagikazarmark/locafero/file_type.go b/vendor/github.com/sagikazarmark/locafero/file_type.go
new file mode 100644
index 000000000..9a9b14023
--- /dev/null
+++ b/vendor/github.com/sagikazarmark/locafero/file_type.go
@@ -0,0 +1,28 @@
+package locafero
+
+import "io/fs"
+
+// FileType represents the kind of entries [Finder] can return.
+type FileType int
+
+const (
+	FileTypeAll FileType = iota
+	FileTypeFile
+	FileTypeDir
+)
+
+func (ft FileType) matchFileInfo(info fs.FileInfo) bool {
+	switch ft {
+	case FileTypeAll:
+		return true
+
+	case FileTypeFile:
+		return !info.IsDir()
+
+	case FileTypeDir:
+		return info.IsDir()
+
+	default:
+		return false
+	}
+}
diff --git a/vendor/github.com/sagikazarmark/locafero/finder.go b/vendor/github.com/sagikazarmark/locafero/finder.go
new file mode 100644
index 000000000..754c8b260
--- /dev/null
+++ b/vendor/github.com/sagikazarmark/locafero/finder.go
@@ -0,0 +1,165 @@
+// Package finder looks for files and directories in an {fs.Fs} filesystem.
+package locafero
+
+import (
+	"errors"
+	"io/fs"
+	"path/filepath"
+	"strings"
+
+	"github.com/sourcegraph/conc/iter"
+	"github.com/spf13/afero"
+)
+
+// Finder looks for files and directories in an [afero.Fs] filesystem.
+type Finder struct {
+	// Paths represents a list of locations that the [Finder] will search in.
+	//
+	// They are essentially the root directories or starting points for the search.
+	//
+	// Examples:
+	//   - home/user
+	//   - etc
+	Paths []string
+
+	// Names are specific entries that the [Finder] will look for within the given Paths.
+	//
+	// It provides the capability to search for entries with depth,
+	// meaning it can target deeper locations within the directory structure.
+	//
+	// It also supports glob syntax (as defined by [filepat.Match]), offering greater flexibility in search patterns.
+	//
+	// Examples:
+	//   - config.yaml
+	//   - home/*/config.yaml
+	//   - home/*/config.*
+	Names []string
+
+	// Type restricts the kind of entries returned by the [Finder].
+	//
+	// This parameter helps in differentiating and filtering out files from directories or vice versa.
+	Type FileType
+}
+
+// Find looks for files and directories in an [afero.Fs] filesystem.
+func (f Finder) Find(fsys afero.Fs) ([]string, error) {
+	// Arbitrary go routine limit (TODO: make this a parameter)
+	// pool := pool.NewWithResults[[]string]().WithMaxGoroutines(5).WithErrors().WithFirstError()
+
+	type searchItem struct {
+		path string
+		name string
+	}
+
+	var searchItems []searchItem
+
+	for _, searchPath := range f.Paths {
+		searchPath := searchPath
+
+		for _, searchName := range f.Names {
+			searchName := searchName
+
+			searchItems = append(searchItems, searchItem{searchPath, searchName})
+
+			// pool.Go(func() ([]string, error) {
+			// 	// If the name contains any glob character, perform a glob match
+			// 	if strings.ContainsAny(searchName, "*?[]\\^") {
+			// 		return globWalkSearch(fsys, searchPath, searchName, f.Type)
+			// 	}
+			//
+			// 	return statSearch(fsys, searchPath, searchName, f.Type)
+			// })
+		}
+	}
+
+	// allResults, err := pool.Wait()
+	// if err != nil {
+	// 	return nil, err
+	// }
+
+	allResults, err := iter.MapErr(searchItems, func(item *searchItem) ([]string, error) {
+		// If the name contains any glob character, perform a glob match
+		if strings.ContainsAny(item.name, "*?[]\\^") {
+			return globWalkSearch(fsys, item.path, item.name, f.Type)
+		}
+
+		return statSearch(fsys, item.path, item.name, f.Type)
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	var results []string
+
+	for _, r := range allResults {
+		results = append(results, r...)
+	}
+
+	// Sort results in alphabetical order for now
+	// sort.Strings(results)
+
+	return results, nil
+}
+
+func globWalkSearch(fsys afero.Fs, searchPath string, searchName string, searchType FileType) ([]string, error) {
+	var results []string
+
+	err := afero.Walk(fsys, searchPath, func(p string, fileInfo fs.FileInfo, err error) error {
+		if err != nil {
+			return err
+		}
+
+		// Skip the root path
+		if p == searchPath {
+			return nil
+		}
+
+		var result error
+
+		// Stop reading subdirectories
+		// TODO: add depth detection here
+		if fileInfo.IsDir() && filepath.Dir(p) == searchPath {
+			result = fs.SkipDir
+		}
+
+		// Skip unmatching type
+		if !searchType.matchFileInfo(fileInfo) {
+			return result
+		}
+
+		match, err := filepath.Match(searchName, fileInfo.Name())
+		if err != nil {
+			return err
+		}
+
+		if match {
+			results = append(results, p)
+		}
+
+		return result
+	})
+	if err != nil {
+		return results, err
+	}
+
+	return results, nil
+}
+
+func statSearch(fsys afero.Fs, searchPath string, searchName string, searchType FileType) ([]string, error) {
+	filePath := filepath.Join(searchPath, searchName)
+
+	fileInfo, err := fsys.Stat(filePath)
+	if errors.Is(err, fs.ErrNotExist) {
+		return nil, nil
+	}
+	if err != nil {
+		return nil, err
+	}
+
+	// Skip unmatching type
+	if !searchType.matchFileInfo(fileInfo) {
+		return nil, nil
+	}
+
+	return []string{filePath}, nil
+}
diff --git a/vendor/github.com/sagikazarmark/locafero/flake.lock b/vendor/github.com/sagikazarmark/locafero/flake.lock
new file mode 100644
index 000000000..46d28f805
--- /dev/null
+++ b/vendor/github.com/sagikazarmark/locafero/flake.lock
@@ -0,0 +1,273 @@
+{
+  "nodes": {
+    "devenv": {
+      "inputs": {
+        "flake-compat": "flake-compat",
+        "nix": "nix",
+        "nixpkgs": "nixpkgs",
+        "pre-commit-hooks": "pre-commit-hooks"
+      },
+      "locked": {
+        "lastModified": 1694097209,
+        "narHash": "sha256-gQmBjjxeSyySjbh0yQVBKApo2KWIFqqbRUvG+Fa+QpM=",
+        "owner": "cachix",
+        "repo": "devenv",
+        "rev": "7a8e6a91510efe89d8dcb8e43233f93e86f6b189",
+        "type": "github"
+      },
+      "original": {
+        "owner": "cachix",
+        "repo": "devenv",
+        "type": "github"
+      }
+    },
+    "flake-compat": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1673956053,
+        "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
+        "type": "github"
+      },
+      "original": {
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "type": "github"
+      }
+    },
+    "flake-parts": {
+      "inputs": {
+        "nixpkgs-lib": "nixpkgs-lib"
+      },
+      "locked": {
+        "lastModified": 1693611461,
+        "narHash": "sha256-aPODl8vAgGQ0ZYFIRisxYG5MOGSkIczvu2Cd8Gb9+1Y=",
+        "owner": "hercules-ci",
+        "repo": "flake-parts",
+        "rev": "7f53fdb7bdc5bb237da7fefef12d099e4fd611ca",
+        "type": "github"
+      },
+      "original": {
+        "owner": "hercules-ci",
+        "repo": "flake-parts",
+        "type": "github"
+      }
+    },
+    "flake-utils": {
+      "inputs": {
+        "systems": "systems"
+      },
+      "locked": {
+        "lastModified": 1685518550,
+        "narHash": "sha256-o2d0KcvaXzTrPRIo0kOLV0/QXHhDQ5DTi+OxcjO8xqY=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "a1720a10a6cfe8234c0e93907ffe81be440f4cef",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "gitignore": {
+      "inputs": {
+        "nixpkgs": [
+          "devenv",
+          "pre-commit-hooks",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1660459072,
+        "narHash": "sha256-8DFJjXG8zqoONA1vXtgeKXy68KdJL5UaXR8NtVMUbx8=",
+        "owner": "hercules-ci",
+        "repo": "gitignore.nix",
+        "rev": "a20de23b925fd8264fd7fad6454652e142fd7f73",
+        "type": "github"
+      },
+      "original": {
+        "owner": "hercules-ci",
+        "repo": "gitignore.nix",
+        "type": "github"
+      }
+    },
+    "lowdown-src": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1633514407,
+        "narHash": "sha256-Dw32tiMjdK9t3ETl5fzGrutQTzh2rufgZV4A/BbxuD4=",
+        "owner": "kristapsdz",
+        "repo": "lowdown",
+        "rev": "d2c2b44ff6c27b936ec27358a2653caaef8f73b8",
+        "type": "github"
+      },
+      "original": {
+        "owner": "kristapsdz",
+        "repo": "lowdown",
+        "type": "github"
+      }
+    },
+    "nix": {
+      "inputs": {
+        "lowdown-src": "lowdown-src",
+        "nixpkgs": [
+          "devenv",
+          "nixpkgs"
+        ],
+        "nixpkgs-regression": "nixpkgs-regression"
+      },
+      "locked": {
+        "lastModified": 1676545802,
+        "narHash": "sha256-EK4rZ+Hd5hsvXnzSzk2ikhStJnD63odF7SzsQ8CuSPU=",
+        "owner": "domenkozar",
+        "repo": "nix",
+        "rev": "7c91803598ffbcfe4a55c44ac6d49b2cf07a527f",
+        "type": "github"
+      },
+      "original": {
+        "owner": "domenkozar",
+        "ref": "relaxed-flakes",
+        "repo": "nix",
+        "type": "github"
+      }
+    },
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1678875422,
+        "narHash": "sha256-T3o6NcQPwXjxJMn2shz86Chch4ljXgZn746c2caGxd8=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "126f49a01de5b7e35a43fd43f891ecf6d3a51459",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixpkgs-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs-lib": {
+      "locked": {
+        "dir": "lib",
+        "lastModified": 1693471703,
+        "narHash": "sha256-0l03ZBL8P1P6z8MaSDS/MvuU8E75rVxe5eE1N6gxeTo=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "3e52e76b70d5508f3cec70b882a29199f4d1ee85",
+        "type": "github"
+      },
+      "original": {
+        "dir": "lib",
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs-regression": {
+      "locked": {
+        "lastModified": 1643052045,
+        "narHash": "sha256-uGJ0VXIhWKGXxkeNnq4TvV3CIOkUJ3PAoLZ3HMzNVMw=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2",
+        "type": "github"
+      }
+    },
+    "nixpkgs-stable": {
+      "locked": {
+        "lastModified": 1685801374,
+        "narHash": "sha256-otaSUoFEMM+LjBI1XL/xGB5ao6IwnZOXc47qhIgJe8U=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "c37ca420157f4abc31e26f436c1145f8951ff373",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-23.05",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_2": {
+      "locked": {
+        "lastModified": 1694343207,
+        "narHash": "sha256-jWi7OwFxU5Owi4k2JmiL1sa/OuBCQtpaAesuj5LXC8w=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "78058d810644f5ed276804ce7ea9e82d92bee293",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixpkgs-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "pre-commit-hooks": {
+      "inputs": {
+        "flake-compat": [
+          "devenv",
+          "flake-compat"
+        ],
+        "flake-utils": "flake-utils",
+        "gitignore": "gitignore",
+        "nixpkgs": [
+          "devenv",
+          "nixpkgs"
+        ],
+        "nixpkgs-stable": "nixpkgs-stable"
+      },
+      "locked": {
+        "lastModified": 1688056373,
+        "narHash": "sha256-2+SDlNRTKsgo3LBRiMUcoEUb6sDViRNQhzJquZ4koOI=",
+        "owner": "cachix",
+        "repo": "pre-commit-hooks.nix",
+        "rev": "5843cf069272d92b60c3ed9e55b7a8989c01d4c7",
+        "type": "github"
+      },
+      "original": {
+        "owner": "cachix",
+        "repo": "pre-commit-hooks.nix",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "devenv": "devenv",
+        "flake-parts": "flake-parts",
+        "nixpkgs": "nixpkgs_2"
+      }
+    },
+    "systems": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}
diff --git a/vendor/github.com/sagikazarmark/locafero/flake.nix b/vendor/github.com/sagikazarmark/locafero/flake.nix
new file mode 100644
index 000000000..209ecf286
--- /dev/null
+++ b/vendor/github.com/sagikazarmark/locafero/flake.nix
@@ -0,0 +1,47 @@
+{
+  description = "Finder library for Afero";
+
+  inputs = {
+    nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
+    flake-parts.url = "github:hercules-ci/flake-parts";
+    devenv.url = "github:cachix/devenv";
+  };
+
+  outputs = inputs@{ flake-parts, ... }:
+    flake-parts.lib.mkFlake { inherit inputs; } {
+      imports = [
+        inputs.devenv.flakeModule
+      ];
+
+      systems = [ "x86_64-linux" "aarch64-darwin" ];
+
+      perSystem = { config, self', inputs', pkgs, system, ... }: rec {
+        devenv.shells = {
+          default = {
+            languages = {
+              go.enable = true;
+            };
+
+            packages = with pkgs; [
+              just
+
+              golangci-lint
+            ];
+
+            # https://github.com/cachix/devenv/issues/528#issuecomment-1556108767
+            containers = pkgs.lib.mkForce { };
+          };
+
+          ci = devenv.shells.default;
+
+          ci_1_20 = {
+            imports = [ devenv.shells.ci ];
+
+            languages = {
+              go.package = pkgs.go_1_20;
+            };
+          };
+        };
+      };
+    };
+}
diff --git a/vendor/github.com/sagikazarmark/locafero/helpers.go b/vendor/github.com/sagikazarmark/locafero/helpers.go
new file mode 100644
index 000000000..05b434481
--- /dev/null
+++ b/vendor/github.com/sagikazarmark/locafero/helpers.go
@@ -0,0 +1,41 @@
+package locafero
+
+import "fmt"
+
+// NameWithExtensions creates a list of names from a base name and a list of extensions.
+//
+// TODO: find a better name for this function.
+func NameWithExtensions(baseName string, extensions ...string) []string {
+	var names []string
+
+	if baseName == "" {
+		return names
+	}
+
+	for _, ext := range extensions {
+		if ext == "" {
+			continue
+		}
+
+		names = append(names, fmt.Sprintf("%s.%s", baseName, ext))
+	}
+
+	return names
+}
+
+// NameWithOptionalExtensions creates a list of names from a base name and a list of extensions,
+// plus it adds the base name (without any extensions) to the end of the list.
+//
+// TODO: find a better name for this function.
+func NameWithOptionalExtensions(baseName string, extensions ...string) []string {
+	var names []string
+
+	if baseName == "" {
+		return names
+	}
+
+	names = NameWithExtensions(baseName, extensions...)
+	names = append(names, baseName)
+
+	return names
+}
diff --git a/vendor/github.com/sagikazarmark/locafero/justfile b/vendor/github.com/sagikazarmark/locafero/justfile
new file mode 100644
index 000000000..00a88850c
--- /dev/null
+++ b/vendor/github.com/sagikazarmark/locafero/justfile
@@ -0,0 +1,11 @@
+default:
+    just --list
+
+test:
+    go test -race -v ./...
+
+lint:
+    golangci-lint run
+
+fmt:
+    golangci-lint run --fix
diff --git a/vendor/github.com/sagikazarmark/slog-shim/.editorconfig b/vendor/github.com/sagikazarmark/slog-shim/.editorconfig
new file mode 100644
index 000000000..1fb0e1bec
--- /dev/null
+++ b/vendor/github.com/sagikazarmark/slog-shim/.editorconfig
@@ -0,0 +1,18 @@
+root = true
+
+[*]
+charset = utf-8
+end_of_line = lf
+indent_size = 4
+indent_style = space
+insert_final_newline = true
+trim_trailing_whitespace = true
+
+[*.nix]
+indent_size = 2
+
+[{Makefile,*.mk}]
+indent_style = tab
+
+[Taskfile.yaml]
+indent_size = 2
diff --git a/vendor/github.com/sagikazarmark/slog-shim/.envrc b/vendor/github.com/sagikazarmark/slog-shim/.envrc
new file mode 100644
index 000000000..3ce7171a3
--- /dev/null
+++ b/vendor/github.com/sagikazarmark/slog-shim/.envrc
@@ -0,0 +1,4 @@
+if ! has nix_direnv_version || ! nix_direnv_version 2.3.0; then
+  source_url "https://raw.githubusercontent.com/nix-community/nix-direnv/2.3.0/direnvrc" "sha256-Dmd+j63L84wuzgyjITIfSxSD57Tx7v51DMxVZOsiUD8="
+fi
+use flake . --impure
diff --git a/vendor/github.com/sagikazarmark/slog-shim/.gitignore b/vendor/github.com/sagikazarmark/slog-shim/.gitignore
new file mode 100644
index 000000000..dc6d8b587
--- /dev/null
+++ b/vendor/github.com/sagikazarmark/slog-shim/.gitignore
@@ -0,0 +1,4 @@
+/.devenv/
+/.direnv/
+/.task/
+/build/
diff --git a/vendor/github.com/sagikazarmark/slog-shim/LICENSE b/vendor/github.com/sagikazarmark/slog-shim/LICENSE
new file mode 100644
index 000000000..6a66aea5e
--- /dev/null
+++ b/vendor/github.com/sagikazarmark/slog-shim/LICENSE
@@ -0,0 +1,27 @@
+Copyright (c) 2009 The Go Authors. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+   * Redistributions of source code must retain the above copyright
+notice, this list of conditions and the following disclaimer.
+   * Redistributions in binary form must reproduce the above
+copyright notice, this list of conditions and the following disclaimer
+in the documentation and/or other materials provided with the
+distribution.
+   * Neither the name of Google Inc. nor the names of its
+contributors may be used to endorse or promote products derived from
+this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/vendor/github.com/sagikazarmark/slog-shim/README.md b/vendor/github.com/sagikazarmark/slog-shim/README.md
new file mode 100644
index 000000000..1f5be85e1
--- /dev/null
+++ b/vendor/github.com/sagikazarmark/slog-shim/README.md
@@ -0,0 +1,81 @@
+# [slog](https://pkg.go.dev/log/slog) shim
+
+[![GitHub Workflow Status](https://img.shields.io/github/actions/workflow/status/sagikazarmark/slog-shim/ci.yaml?style=flat-square)](https://github.com/sagikazarmark/slog-shim/actions/workflows/ci.yaml)
+[![go.dev reference](https://img.shields.io/badge/go.dev-reference-007d9c?logo=go&logoColor=white&style=flat-square)](https://pkg.go.dev/mod/github.com/sagikazarmark/slog-shim)
+![Go Version](https://img.shields.io/badge/go%20version-%3E=1.20-61CFDD.svg?style=flat-square)
+[![built with nix](https://img.shields.io/badge/builtwith-nix-7d81f7?style=flat-square)](https://builtwithnix.org)
+
+Go 1.21 introduced a [new structured logging package](https://golang.org/doc/go1.21#slog), `log/slog`, to the standard library.
+Although it's been eagerly anticipated by many, widespread adoption isn't expected to occur immediately,
+especially since updating to Go 1.21 is a decision that most libraries won't make overnight.
+
+Before this package was added to the standard library, there was an _experimental_ version available at [golang.org/x/exp/slog](https://pkg.go.dev/golang.org/x/exp/slog).
+While it's generally advised against using experimental packages in production,
+this one served as a sort of backport package for the last few years,
+incorporating new features before they were added to the standard library (like `slices`, `maps` or `errors`).
+
+This package serves as a bridge, helping libraries integrate slog in a backward-compatible way without having to immediately update their Go version requirement to 1.21. On Go 1.21 (and above), it acts as a drop-in replacement for `log/slog`, while below 1.21 it falls back to `golang.org/x/exp/slog`.
+
+**How does it achieve backwards compatibility?**
+
+Although there's no consensus on whether dropping support for older Go versions is considered backward compatible, a majority seems to believe it is.
+(I don't have scientific proof for this, but it's based on conversations with various individuals across different channels.)
+
+This package adheres to that interpretation of backward compatibility. On Go 1.21, the shim uses type aliases to offer the same API as `slog/log`.
+Once a library upgrades its version requirement to Go 1.21, it should be able to discard this shim and use `log/slog` directly.
+
+For older Go versions, the library might become unstable after removing the shim.
+However, since those older versions are no longer supported, the promise of backward compatibility remains intact.
+
+## Installation
+
+```shell
+go get github.com/sagikazarmark/slog-shim
+```
+
+## Usage
+
+Import this package into your library and use it in your public API:
+
+```go
+package mylib
+
+import slog "github.com/sagikazarmark/slog-shim"
+
+func New(logger *slog.Logger) MyLib {
+    // ...
+}
+```
+
+When using the library, clients can either use `log/slog` (when on Go 1.21) or `golang.org/x/exp/slog` (below Go 1.21):
+
+```go
+package main
+
+import "log/slog"
+
+// OR
+
+import "golang.org/x/exp/slog"
+
+mylib.New(slog.Default())
+```
+
+**Make sure consumers are aware that your API behaves differently on different Go versions.**
+
+Once you bump your Go version requirement to Go 1.21, you can drop the shim entirely from your code:
+
+```diff
+package mylib
+
+- import slog "github.com/sagikazarmark/slog-shim"
++ import "log/slog"
+
+func New(logger *slog.Logger) MyLib {
+    // ...
+}
+```
+
+## License
+
+The project is licensed under a [BSD-style license](LICENSE).
diff --git a/vendor/github.com/sagikazarmark/slog-shim/attr.go b/vendor/github.com/sagikazarmark/slog-shim/attr.go
new file mode 100644
index 000000000..89608bf3a
--- /dev/null
+++ b/vendor/github.com/sagikazarmark/slog-shim/attr.go
@@ -0,0 +1,74 @@
+// Copyright 2022 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build go1.21
+
+package slog
+
+import (
+	"log/slog"
+	"time"
+)
+
+// An Attr is a key-value pair.
+type Attr = slog.Attr
+
+// String returns an Attr for a string value.
+func String(key, value string) Attr {
+	return slog.String(key, value)
+}
+
+// Int64 returns an Attr for an int64.
+func Int64(key string, value int64) Attr {
+	return slog.Int64(key, value)
+}
+
+// Int converts an int to an int64 and returns
+// an Attr with that value.
+func Int(key string, value int) Attr {
+	return slog.Int(key, value)
+}
+
+// Uint64 returns an Attr for a uint64.
+func Uint64(key string, v uint64) Attr {
+	return slog.Uint64(key, v)
+}
+
+// Float64 returns an Attr for a floating-point number.
+func Float64(key string, v float64) Attr {
+	return slog.Float64(key, v)
+}
+
+// Bool returns an Attr for a bool.
+func Bool(key string, v bool) Attr {
+	return slog.Bool(key, v)
+}
+
+// Time returns an Attr for a time.Time.
+// It discards the monotonic portion.
+func Time(key string, v time.Time) Attr {
+	return slog.Time(key, v)
+}
+
+// Duration returns an Attr for a time.Duration.
+func Duration(key string, v time.Duration) Attr {
+	return slog.Duration(key, v)
+}
+
+// Group returns an Attr for a Group Value.
+// The first argument is the key; the remaining arguments
+// are converted to Attrs as in [Logger.Log].
+//
+// Use Group to collect several key-value pairs under a single
+// key on a log line, or as the result of LogValue
+// in order to log a single value as multiple Attrs.
+func Group(key string, args ...any) Attr {
+	return slog.Group(key, args...)
+}
+
+// Any returns an Attr for the supplied value.
+// See [Value.AnyValue] for how values are treated.
+func Any(key string, value any) Attr {
+	return slog.Any(key, value)
+}
diff --git a/vendor/github.com/sagikazarmark/slog-shim/attr_120.go b/vendor/github.com/sagikazarmark/slog-shim/attr_120.go
new file mode 100644
index 000000000..b66481333
--- /dev/null
+++ b/vendor/github.com/sagikazarmark/slog-shim/attr_120.go
@@ -0,0 +1,75 @@
+// Copyright 2022 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build !go1.21
+
+package slog
+
+import (
+	"time"
+
+	"golang.org/x/exp/slog"
+)
+
+// An Attr is a key-value pair.
+type Attr = slog.Attr
+
+// String returns an Attr for a string value.
+func String(key, value string) Attr {
+	return slog.String(key, value)
+}
+
+// Int64 returns an Attr for an int64.
+func Int64(key string, value int64) Attr {
+	return slog.Int64(key, value)
+}
+
+// Int converts an int to an int64 and returns
+// an Attr with that value.
+func Int(key string, value int) Attr {
+	return slog.Int(key, value)
+}
+
+// Uint64 returns an Attr for a uint64.
+func Uint64(key string, v uint64) Attr {
+	return slog.Uint64(key, v)
+}
+
+// Float64 returns an Attr for a floating-point number.
+func Float64(key string, v float64) Attr {
+	return slog.Float64(key, v)
+}
+
+// Bool returns an Attr for a bool.
+func Bool(key string, v bool) Attr {
+	return slog.Bool(key, v)
+}
+
+// Time returns an Attr for a time.Time.
+// It discards the monotonic portion.
+func Time(key string, v time.Time) Attr {
+	return slog.Time(key, v)
+}
+
+// Duration returns an Attr for a time.Duration.
+func Duration(key string, v time.Duration) Attr {
+	return slog.Duration(key, v)
+}
+
+// Group returns an Attr for a Group Value.
+// The first argument is the key; the remaining arguments
+// are converted to Attrs as in [Logger.Log].
+//
+// Use Group to collect several key-value pairs under a single
+// key on a log line, or as the result of LogValue
+// in order to log a single value as multiple Attrs.
+func Group(key string, args ...any) Attr {
+	return slog.Group(key, args...)
+}
+
+// Any returns an Attr for the supplied value.
+// See [Value.AnyValue] for how values are treated.
+func Any(key string, value any) Attr {
+	return slog.Any(key, value)
+}
diff --git a/vendor/github.com/sagikazarmark/slog-shim/flake.lock b/vendor/github.com/sagikazarmark/slog-shim/flake.lock
new file mode 100644
index 000000000..7e8898e9e
--- /dev/null
+++ b/vendor/github.com/sagikazarmark/slog-shim/flake.lock
@@ -0,0 +1,273 @@
+{
+  "nodes": {
+    "devenv": {
+      "inputs": {
+        "flake-compat": "flake-compat",
+        "nix": "nix",
+        "nixpkgs": "nixpkgs",
+        "pre-commit-hooks": "pre-commit-hooks"
+      },
+      "locked": {
+        "lastModified": 1694097209,
+        "narHash": "sha256-gQmBjjxeSyySjbh0yQVBKApo2KWIFqqbRUvG+Fa+QpM=",
+        "owner": "cachix",
+        "repo": "devenv",
+        "rev": "7a8e6a91510efe89d8dcb8e43233f93e86f6b189",
+        "type": "github"
+      },
+      "original": {
+        "owner": "cachix",
+        "repo": "devenv",
+        "type": "github"
+      }
+    },
+    "flake-compat": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1673956053,
+        "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
+        "type": "github"
+      },
+      "original": {
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "type": "github"
+      }
+    },
+    "flake-parts": {
+      "inputs": {
+        "nixpkgs-lib": "nixpkgs-lib"
+      },
+      "locked": {
+        "lastModified": 1693611461,
+        "narHash": "sha256-aPODl8vAgGQ0ZYFIRisxYG5MOGSkIczvu2Cd8Gb9+1Y=",
+        "owner": "hercules-ci",
+        "repo": "flake-parts",
+        "rev": "7f53fdb7bdc5bb237da7fefef12d099e4fd611ca",
+        "type": "github"
+      },
+      "original": {
+        "owner": "hercules-ci",
+        "repo": "flake-parts",
+        "type": "github"
+      }
+    },
+    "flake-utils": {
+      "inputs": {
+        "systems": "systems"
+      },
+      "locked": {
+        "lastModified": 1685518550,
+        "narHash": "sha256-o2d0KcvaXzTrPRIo0kOLV0/QXHhDQ5DTi+OxcjO8xqY=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "a1720a10a6cfe8234c0e93907ffe81be440f4cef",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "gitignore": {
+      "inputs": {
+        "nixpkgs": [
+          "devenv",
+          "pre-commit-hooks",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1660459072,
+        "narHash": "sha256-8DFJjXG8zqoONA1vXtgeKXy68KdJL5UaXR8NtVMUbx8=",
+        "owner": "hercules-ci",
+        "repo": "gitignore.nix",
+        "rev": "a20de23b925fd8264fd7fad6454652e142fd7f73",
+        "type": "github"
+      },
+      "original": {
+        "owner": "hercules-ci",
+        "repo": "gitignore.nix",
+        "type": "github"
+      }
+    },
+    "lowdown-src": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1633514407,
+        "narHash": "sha256-Dw32tiMjdK9t3ETl5fzGrutQTzh2rufgZV4A/BbxuD4=",
+        "owner": "kristapsdz",
+        "repo": "lowdown",
+        "rev": "d2c2b44ff6c27b936ec27358a2653caaef8f73b8",
+        "type": "github"
+      },
+      "original": {
+        "owner": "kristapsdz",
+        "repo": "lowdown",
+        "type": "github"
+      }
+    },
+    "nix": {
+      "inputs": {
+        "lowdown-src": "lowdown-src",
+        "nixpkgs": [
+          "devenv",
+          "nixpkgs"
+        ],
+        "nixpkgs-regression": "nixpkgs-regression"
+      },
+      "locked": {
+        "lastModified": 1676545802,
+        "narHash": "sha256-EK4rZ+Hd5hsvXnzSzk2ikhStJnD63odF7SzsQ8CuSPU=",
+        "owner": "domenkozar",
+        "repo": "nix",
+        "rev": "7c91803598ffbcfe4a55c44ac6d49b2cf07a527f",
+        "type": "github"
+      },
+      "original": {
+        "owner": "domenkozar",
+        "ref": "relaxed-flakes",
+        "repo": "nix",
+        "type": "github"
+      }
+    },
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1678875422,
+        "narHash": "sha256-T3o6NcQPwXjxJMn2shz86Chch4ljXgZn746c2caGxd8=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "126f49a01de5b7e35a43fd43f891ecf6d3a51459",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixpkgs-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs-lib": {
+      "locked": {
+        "dir": "lib",
+        "lastModified": 1693471703,
+        "narHash": "sha256-0l03ZBL8P1P6z8MaSDS/MvuU8E75rVxe5eE1N6gxeTo=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "3e52e76b70d5508f3cec70b882a29199f4d1ee85",
+        "type": "github"
+      },
+      "original": {
+        "dir": "lib",
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs-regression": {
+      "locked": {
+        "lastModified": 1643052045,
+        "narHash": "sha256-uGJ0VXIhWKGXxkeNnq4TvV3CIOkUJ3PAoLZ3HMzNVMw=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2",
+        "type": "github"
+      }
+    },
+    "nixpkgs-stable": {
+      "locked": {
+        "lastModified": 1685801374,
+        "narHash": "sha256-otaSUoFEMM+LjBI1XL/xGB5ao6IwnZOXc47qhIgJe8U=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "c37ca420157f4abc31e26f436c1145f8951ff373",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-23.05",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_2": {
+      "locked": {
+        "lastModified": 1694345580,
+        "narHash": "sha256-BbG0NUxQTz1dN/Y87yPWZc/0Kp/coJ0vM3+7sNa5kUM=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "f002de6834fdde9c864f33c1ec51da7df19cd832",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "master",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "pre-commit-hooks": {
+      "inputs": {
+        "flake-compat": [
+          "devenv",
+          "flake-compat"
+        ],
+        "flake-utils": "flake-utils",
+        "gitignore": "gitignore",
+        "nixpkgs": [
+          "devenv",
+          "nixpkgs"
+        ],
+        "nixpkgs-stable": "nixpkgs-stable"
+      },
+      "locked": {
+        "lastModified": 1688056373,
+        "narHash": "sha256-2+SDlNRTKsgo3LBRiMUcoEUb6sDViRNQhzJquZ4koOI=",
+        "owner": "cachix",
+        "repo": "pre-commit-hooks.nix",
+        "rev": "5843cf069272d92b60c3ed9e55b7a8989c01d4c7",
+        "type": "github"
+      },
+      "original": {
+        "owner": "cachix",
+        "repo": "pre-commit-hooks.nix",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "devenv": "devenv",
+        "flake-parts": "flake-parts",
+        "nixpkgs": "nixpkgs_2"
+      }
+    },
+    "systems": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}
diff --git a/vendor/github.com/sagikazarmark/slog-shim/flake.nix b/vendor/github.com/sagikazarmark/slog-shim/flake.nix
new file mode 100644
index 000000000..7239bbc2e
--- /dev/null
+++ b/vendor/github.com/sagikazarmark/slog-shim/flake.nix
@@ -0,0 +1,57 @@
+{
+  inputs = {
+    # nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
+    nixpkgs.url = "github:NixOS/nixpkgs/master";
+    flake-parts.url = "github:hercules-ci/flake-parts";
+    devenv.url = "github:cachix/devenv";
+  };
+
+  outputs = inputs@{ flake-parts, ... }:
+    flake-parts.lib.mkFlake { inherit inputs; } {
+      imports = [
+        inputs.devenv.flakeModule
+      ];
+
+      systems = [ "x86_64-linux" "x86_64-darwin" "aarch64-darwin" ];
+
+      perSystem = { config, self', inputs', pkgs, system, ... }: rec {
+        devenv.shells = {
+          default = {
+            languages = {
+              go.enable = true;
+              go.package = pkgs.lib.mkDefault pkgs.go_1_21;
+            };
+
+            # https://github.com/cachix/devenv/issues/528#issuecomment-1556108767
+            containers = pkgs.lib.mkForce { };
+          };
+
+          ci = devenv.shells.default;
+
+          ci_1_19 = {
+            imports = [ devenv.shells.ci ];
+
+            languages = {
+              go.package = pkgs.go_1_19;
+            };
+          };
+
+          ci_1_20 = {
+            imports = [ devenv.shells.ci ];
+
+            languages = {
+              go.package = pkgs.go_1_20;
+            };
+          };
+
+          ci_1_21 = {
+            imports = [ devenv.shells.ci ];
+
+            languages = {
+              go.package = pkgs.go_1_21;
+            };
+          };
+        };
+      };
+    };
+}
diff --git a/vendor/github.com/sagikazarmark/slog-shim/handler.go b/vendor/github.com/sagikazarmark/slog-shim/handler.go
new file mode 100644
index 000000000..f55556ae1
--- /dev/null
+++ b/vendor/github.com/sagikazarmark/slog-shim/handler.go
@@ -0,0 +1,45 @@
+// Copyright 2022 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build go1.21
+
+package slog
+
+import (
+	"log/slog"
+)
+
+// A Handler handles log records produced by a Logger..
+//
+// A typical handler may print log records to standard error,
+// or write them to a file or database, or perhaps augment them
+// with additional attributes and pass them on to another handler.
+//
+// Any of the Handler's methods may be called concurrently with itself
+// or with other methods. It is the responsibility of the Handler to
+// manage this concurrency.
+//
+// Users of the slog package should not invoke Handler methods directly.
+// They should use the methods of [Logger] instead.
+type Handler = slog.Handler
+
+// HandlerOptions are options for a TextHandler or JSONHandler.
+// A zero HandlerOptions consists entirely of default values.
+type HandlerOptions = slog.HandlerOptions
+
+// Keys for "built-in" attributes.
+const (
+	// TimeKey is the key used by the built-in handlers for the time
+	// when the log method is called. The associated Value is a [time.Time].
+	TimeKey = slog.TimeKey
+	// LevelKey is the key used by the built-in handlers for the level
+	// of the log call. The associated value is a [Level].
+	LevelKey = slog.LevelKey
+	// MessageKey is the key used by the built-in handlers for the
+	// message of the log call. The associated value is a string.
+	MessageKey = slog.MessageKey
+	// SourceKey is the key used by the built-in handlers for the source file
+	// and line of the log call. The associated value is a string.
+	SourceKey = slog.SourceKey
+)
diff --git a/vendor/github.com/sagikazarmark/slog-shim/handler_120.go b/vendor/github.com/sagikazarmark/slog-shim/handler_120.go
new file mode 100644
index 000000000..670057573
--- /dev/null
+++ b/vendor/github.com/sagikazarmark/slog-shim/handler_120.go
@@ -0,0 +1,45 @@
+// Copyright 2022 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build !go1.21
+
+package slog
+
+import (
+	"golang.org/x/exp/slog"
+)
+
+// A Handler handles log records produced by a Logger..
+//
+// A typical handler may print log records to standard error,
+// or write them to a file or database, or perhaps augment them
+// with additional attributes and pass them on to another handler.
+//
+// Any of the Handler's methods may be called concurrently with itself
+// or with other methods. It is the responsibility of the Handler to
+// manage this concurrency.
+//
+// Users of the slog package should not invoke Handler methods directly.
+// They should use the methods of [Logger] instead.
+type Handler = slog.Handler
+
+// HandlerOptions are options for a TextHandler or JSONHandler.
+// A zero HandlerOptions consists entirely of default values.
+type HandlerOptions = slog.HandlerOptions
+
+// Keys for "built-in" attributes.
+const (
+	// TimeKey is the key used by the built-in handlers for the time
+	// when the log method is called. The associated Value is a [time.Time].
+	TimeKey = slog.TimeKey
+	// LevelKey is the key used by the built-in handlers for the level
+	// of the log call. The associated value is a [Level].
+	LevelKey = slog.LevelKey
+	// MessageKey is the key used by the built-in handlers for the
+	// message of the log call. The associated value is a string.
+	MessageKey = slog.MessageKey
+	// SourceKey is the key used by the built-in handlers for the source file
+	// and line of the log call. The associated value is a string.
+	SourceKey = slog.SourceKey
+)
diff --git a/vendor/github.com/sagikazarmark/slog-shim/json_handler.go b/vendor/github.com/sagikazarmark/slog-shim/json_handler.go
new file mode 100644
index 000000000..7c22bd81e
--- /dev/null
+++ b/vendor/github.com/sagikazarmark/slog-shim/json_handler.go
@@ -0,0 +1,23 @@
+// Copyright 2022 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build go1.21
+
+package slog
+
+import (
+	"io"
+	"log/slog"
+)
+
+// JSONHandler is a Handler that writes Records to an io.Writer as
+// line-delimited JSON objects.
+type JSONHandler = slog.JSONHandler
+
+// NewJSONHandler creates a JSONHandler that writes to w,
+// using the given options.
+// If opts is nil, the default options are used.
+func NewJSONHandler(w io.Writer, opts *HandlerOptions) *JSONHandler {
+	return slog.NewJSONHandler(w, opts)
+}
diff --git a/vendor/github.com/sagikazarmark/slog-shim/json_handler_120.go b/vendor/github.com/sagikazarmark/slog-shim/json_handler_120.go
new file mode 100644
index 000000000..7b14f10ba
--- /dev/null
+++ b/vendor/github.com/sagikazarmark/slog-shim/json_handler_120.go
@@ -0,0 +1,24 @@
+// Copyright 2022 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build !go1.21
+
+package slog
+
+import (
+	"io"
+
+	"golang.org/x/exp/slog"
+)
+
+// JSONHandler is a Handler that writes Records to an io.Writer as
+// line-delimited JSON objects.
+type JSONHandler = slog.JSONHandler
+
+// NewJSONHandler creates a JSONHandler that writes to w,
+// using the given options.
+// If opts is nil, the default options are used.
+func NewJSONHandler(w io.Writer, opts *HandlerOptions) *JSONHandler {
+	return slog.NewJSONHandler(w, opts)
+}
diff --git a/vendor/github.com/sagikazarmark/slog-shim/level.go b/vendor/github.com/sagikazarmark/slog-shim/level.go
new file mode 100644
index 000000000..07288cf89
--- /dev/null
+++ b/vendor/github.com/sagikazarmark/slog-shim/level.go
@@ -0,0 +1,61 @@
+// Copyright 2022 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build go1.21
+
+package slog
+
+import (
+	"log/slog"
+)
+
+// A Level is the importance or severity of a log event.
+// The higher the level, the more important or severe the event.
+type Level = slog.Level
+
+// Level numbers are inherently arbitrary,
+// but we picked them to satisfy three constraints.
+// Any system can map them to another numbering scheme if it wishes.
+//
+// First, we wanted the default level to be Info, Since Levels are ints, Info is
+// the default value for int, zero.
+//
+// Second, we wanted to make it easy to use levels to specify logger verbosity.
+// Since a larger level means a more severe event, a logger that accepts events
+// with smaller (or more negative) level means a more verbose logger. Logger
+// verbosity is thus the negation of event severity, and the default verbosity
+// of 0 accepts all events at least as severe as INFO.
+//
+// Third, we wanted some room between levels to accommodate schemes with named
+// levels between ours. For example, Google Cloud Logging defines a Notice level
+// between Info and Warn. Since there are only a few of these intermediate
+// levels, the gap between the numbers need not be large. Our gap of 4 matches
+// OpenTelemetry's mapping. Subtracting 9 from an OpenTelemetry level in the
+// DEBUG, INFO, WARN and ERROR ranges converts it to the corresponding slog
+// Level range. OpenTelemetry also has the names TRACE and FATAL, which slog
+// does not. But those OpenTelemetry levels can still be represented as slog
+// Levels by using the appropriate integers.
+//
+// Names for common levels.
+const (
+	LevelDebug Level = slog.LevelDebug
+	LevelInfo  Level = slog.LevelInfo
+	LevelWarn  Level = slog.LevelWarn
+	LevelError Level = slog.LevelError
+)
+
+// A LevelVar is a Level variable, to allow a Handler level to change
+// dynamically.
+// It implements Leveler as well as a Set method,
+// and it is safe for use by multiple goroutines.
+// The zero LevelVar corresponds to LevelInfo.
+type LevelVar = slog.LevelVar
+
+// A Leveler provides a Level value.
+//
+// As Level itself implements Leveler, clients typically supply
+// a Level value wherever a Leveler is needed, such as in HandlerOptions.
+// Clients who need to vary the level dynamically can provide a more complex
+// Leveler implementation such as *LevelVar.
+type Leveler = slog.Leveler
diff --git a/vendor/github.com/sagikazarmark/slog-shim/level_120.go b/vendor/github.com/sagikazarmark/slog-shim/level_120.go
new file mode 100644
index 000000000..d3feb9420
--- /dev/null
+++ b/vendor/github.com/sagikazarmark/slog-shim/level_120.go
@@ -0,0 +1,61 @@
+// Copyright 2022 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build !go1.21
+
+package slog
+
+import (
+	"golang.org/x/exp/slog"
+)
+
+// A Level is the importance or severity of a log event.
+// The higher the level, the more important or severe the event.
+type Level = slog.Level
+
+// Level numbers are inherently arbitrary,
+// but we picked them to satisfy three constraints.
+// Any system can map them to another numbering scheme if it wishes.
+//
+// First, we wanted the default level to be Info, Since Levels are ints, Info is
+// the default value for int, zero.
+//
+// Second, we wanted to make it easy to use levels to specify logger verbosity.
+// Since a larger level means a more severe event, a logger that accepts events
+// with smaller (or more negative) level means a more verbose logger. Logger
+// verbosity is thus the negation of event severity, and the default verbosity
+// of 0 accepts all events at least as severe as INFO.
+//
+// Third, we wanted some room between levels to accommodate schemes with named
+// levels between ours. For example, Google Cloud Logging defines a Notice level
+// between Info and Warn. Since there are only a few of these intermediate
+// levels, the gap between the numbers need not be large. Our gap of 4 matches
+// OpenTelemetry's mapping. Subtracting 9 from an OpenTelemetry level in the
+// DEBUG, INFO, WARN and ERROR ranges converts it to the corresponding slog
+// Level range. OpenTelemetry also has the names TRACE and FATAL, which slog
+// does not. But those OpenTelemetry levels can still be represented as slog
+// Levels by using the appropriate integers.
+//
+// Names for common levels.
+const (
+	LevelDebug Level = slog.LevelDebug
+	LevelInfo  Level = slog.LevelInfo
+	LevelWarn  Level = slog.LevelWarn
+	LevelError Level = slog.LevelError
+)
+
+// A LevelVar is a Level variable, to allow a Handler level to change
+// dynamically.
+// It implements Leveler as well as a Set method,
+// and it is safe for use by multiple goroutines.
+// The zero LevelVar corresponds to LevelInfo.
+type LevelVar = slog.LevelVar
+
+// A Leveler provides a Level value.
+//
+// As Level itself implements Leveler, clients typically supply
+// a Level value wherever a Leveler is needed, such as in HandlerOptions.
+// Clients who need to vary the level dynamically can provide a more complex
+// Leveler implementation such as *LevelVar.
+type Leveler = slog.Leveler
diff --git a/vendor/github.com/sagikazarmark/slog-shim/logger.go b/vendor/github.com/sagikazarmark/slog-shim/logger.go
new file mode 100644
index 000000000..e80036bec
--- /dev/null
+++ b/vendor/github.com/sagikazarmark/slog-shim/logger.go
@@ -0,0 +1,98 @@
+// Copyright 2022 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build go1.21
+
+package slog
+
+import (
+	"context"
+	"log"
+	"log/slog"
+)
+
+// Default returns the default Logger.
+func Default() *Logger { return slog.Default() }
+
+// SetDefault makes l the default Logger.
+// After this call, output from the log package's default Logger
+// (as with [log.Print], etc.) will be logged at LevelInfo using l's Handler.
+func SetDefault(l *Logger) {
+	slog.SetDefault(l)
+}
+
+// A Logger records structured information about each call to its
+// Log, Debug, Info, Warn, and Error methods.
+// For each call, it creates a Record and passes it to a Handler.
+//
+// To create a new Logger, call [New] or a Logger method
+// that begins "With".
+type Logger = slog.Logger
+
+// New creates a new Logger with the given non-nil Handler.
+func New(h Handler) *Logger {
+	return slog.New(h)
+}
+
+// With calls Logger.With on the default logger.
+func With(args ...any) *Logger {
+	return slog.With(args...)
+}
+
+// NewLogLogger returns a new log.Logger such that each call to its Output method
+// dispatches a Record to the specified handler. The logger acts as a bridge from
+// the older log API to newer structured logging handlers.
+func NewLogLogger(h Handler, level Level) *log.Logger {
+	return slog.NewLogLogger(h, level)
+}
+
+// Debug calls Logger.Debug on the default logger.
+func Debug(msg string, args ...any) {
+	slog.Debug(msg, args...)
+}
+
+// DebugContext calls Logger.DebugContext on the default logger.
+func DebugContext(ctx context.Context, msg string, args ...any) {
+	slog.DebugContext(ctx, msg, args...)
+}
+
+// Info calls Logger.Info on the default logger.
+func Info(msg string, args ...any) {
+	slog.Info(msg, args...)
+}
+
+// InfoContext calls Logger.InfoContext on the default logger.
+func InfoContext(ctx context.Context, msg string, args ...any) {
+	slog.InfoContext(ctx, msg, args...)
+}
+
+// Warn calls Logger.Warn on the default logger.
+func Warn(msg string, args ...any) {
+	slog.Warn(msg, args...)
+}
+
+// WarnContext calls Logger.WarnContext on the default logger.
+func WarnContext(ctx context.Context, msg string, args ...any) {
+	slog.WarnContext(ctx, msg, args...)
+}
+
+// Error calls Logger.Error on the default logger.
+func Error(msg string, args ...any) {
+	slog.Error(msg, args...)
+}
+
+// ErrorContext calls Logger.ErrorContext on the default logger.
+func ErrorContext(ctx context.Context, msg string, args ...any) {
+	slog.ErrorContext(ctx, msg, args...)
+}
+
+// Log calls Logger.Log on the default logger.
+func Log(ctx context.Context, level Level, msg string, args ...any) {
+	slog.Log(ctx, level, msg, args...)
+}
+
+// LogAttrs calls Logger.LogAttrs on the default logger.
+func LogAttrs(ctx context.Context, level Level, msg string, attrs ...Attr) {
+	slog.LogAttrs(ctx, level, msg, attrs...)
+}
diff --git a/vendor/github.com/sagikazarmark/slog-shim/logger_120.go b/vendor/github.com/sagikazarmark/slog-shim/logger_120.go
new file mode 100644
index 000000000..97ebdd5e1
--- /dev/null
+++ b/vendor/github.com/sagikazarmark/slog-shim/logger_120.go
@@ -0,0 +1,99 @@
+// Copyright 2022 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build !go1.21
+
+package slog
+
+import (
+	"context"
+	"log"
+
+	"golang.org/x/exp/slog"
+)
+
+// Default returns the default Logger.
+func Default() *Logger { return slog.Default() }
+
+// SetDefault makes l the default Logger.
+// After this call, output from the log package's default Logger
+// (as with [log.Print], etc.) will be logged at LevelInfo using l's Handler.
+func SetDefault(l *Logger) {
+	slog.SetDefault(l)
+}
+
+// A Logger records structured information about each call to its
+// Log, Debug, Info, Warn, and Error methods.
+// For each call, it creates a Record and passes it to a Handler.
+//
+// To create a new Logger, call [New] or a Logger method
+// that begins "With".
+type Logger = slog.Logger
+
+// New creates a new Logger with the given non-nil Handler.
+func New(h Handler) *Logger {
+	return slog.New(h)
+}
+
+// With calls Logger.With on the default logger.
+func With(args ...any) *Logger {
+	return slog.With(args...)
+}
+
+// NewLogLogger returns a new log.Logger such that each call to its Output method
+// dispatches a Record to the specified handler. The logger acts as a bridge from
+// the older log API to newer structured logging handlers.
+func NewLogLogger(h Handler, level Level) *log.Logger {
+	return slog.NewLogLogger(h, level)
+}
+
+// Debug calls Logger.Debug on the default logger.
+func Debug(msg string, args ...any) {
+	slog.Debug(msg, args...)
+}
+
+// DebugContext calls Logger.DebugContext on the default logger.
+func DebugContext(ctx context.Context, msg string, args ...any) {
+	slog.DebugContext(ctx, msg, args...)
+}
+
+// Info calls Logger.Info on the default logger.
+func Info(msg string, args ...any) {
+	slog.Info(msg, args...)
+}
+
+// InfoContext calls Logger.InfoContext on the default logger.
+func InfoContext(ctx context.Context, msg string, args ...any) {
+	slog.InfoContext(ctx, msg, args...)
+}
+
+// Warn calls Logger.Warn on the default logger.
+func Warn(msg string, args ...any) {
+	slog.Warn(msg, args...)
+}
+
+// WarnContext calls Logger.WarnContext on the default logger.
+func WarnContext(ctx context.Context, msg string, args ...any) {
+	slog.WarnContext(ctx, msg, args...)
+}
+
+// Error calls Logger.Error on the default logger.
+func Error(msg string, args ...any) {
+	slog.Error(msg, args...)
+}
+
+// ErrorContext calls Logger.ErrorContext on the default logger.
+func ErrorContext(ctx context.Context, msg string, args ...any) {
+	slog.ErrorContext(ctx, msg, args...)
+}
+
+// Log calls Logger.Log on the default logger.
+func Log(ctx context.Context, level Level, msg string, args ...any) {
+	slog.Log(ctx, level, msg, args...)
+}
+
+// LogAttrs calls Logger.LogAttrs on the default logger.
+func LogAttrs(ctx context.Context, level Level, msg string, attrs ...Attr) {
+	slog.LogAttrs(ctx, level, msg, attrs...)
+}
diff --git a/vendor/github.com/sagikazarmark/slog-shim/record.go b/vendor/github.com/sagikazarmark/slog-shim/record.go
new file mode 100644
index 000000000..85ad1f784
--- /dev/null
+++ b/vendor/github.com/sagikazarmark/slog-shim/record.go
@@ -0,0 +1,31 @@
+// Copyright 2022 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build go1.21
+
+package slog
+
+import (
+	"log/slog"
+	"time"
+)
+
+// A Record holds information about a log event.
+// Copies of a Record share state.
+// Do not modify a Record after handing out a copy to it.
+// Call [NewRecord] to create a new Record.
+// Use [Record.Clone] to create a copy with no shared state.
+type Record = slog.Record
+
+// NewRecord creates a Record from the given arguments.
+// Use [Record.AddAttrs] to add attributes to the Record.
+//
+// NewRecord is intended for logging APIs that want to support a [Handler] as
+// a backend.
+func NewRecord(t time.Time, level Level, msg string, pc uintptr) Record {
+	return slog.NewRecord(t, level, msg, pc)
+}
+
+// Source describes the location of a line of source code.
+type Source = slog.Source
diff --git a/vendor/github.com/sagikazarmark/slog-shim/record_120.go b/vendor/github.com/sagikazarmark/slog-shim/record_120.go
new file mode 100644
index 000000000..c2eaf4e79
--- /dev/null
+++ b/vendor/github.com/sagikazarmark/slog-shim/record_120.go
@@ -0,0 +1,32 @@
+// Copyright 2022 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build !go1.21
+
+package slog
+
+import (
+	"time"
+
+	"golang.org/x/exp/slog"
+)
+
+// A Record holds information about a log event.
+// Copies of a Record share state.
+// Do not modify a Record after handing out a copy to it.
+// Call [NewRecord] to create a new Record.
+// Use [Record.Clone] to create a copy with no shared state.
+type Record = slog.Record
+
+// NewRecord creates a Record from the given arguments.
+// Use [Record.AddAttrs] to add attributes to the Record.
+//
+// NewRecord is intended for logging APIs that want to support a [Handler] as
+// a backend.
+func NewRecord(t time.Time, level Level, msg string, pc uintptr) Record {
+	return slog.NewRecord(t, level, msg, pc)
+}
+
+// Source describes the location of a line of source code.
+type Source = slog.Source
diff --git a/vendor/github.com/sagikazarmark/slog-shim/text_handler.go b/vendor/github.com/sagikazarmark/slog-shim/text_handler.go
new file mode 100644
index 000000000..45f6cfcba
--- /dev/null
+++ b/vendor/github.com/sagikazarmark/slog-shim/text_handler.go
@@ -0,0 +1,23 @@
+// Copyright 2022 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build go1.21
+
+package slog
+
+import (
+	"io"
+	"log/slog"
+)
+
+// TextHandler is a Handler that writes Records to an io.Writer as a
+// sequence of key=value pairs separated by spaces and followed by a newline.
+type TextHandler = slog.TextHandler
+
+// NewTextHandler creates a TextHandler that writes to w,
+// using the given options.
+// If opts is nil, the default options are used.
+func NewTextHandler(w io.Writer, opts *HandlerOptions) *TextHandler {
+	return slog.NewTextHandler(w, opts)
+}
diff --git a/vendor/github.com/sagikazarmark/slog-shim/text_handler_120.go b/vendor/github.com/sagikazarmark/slog-shim/text_handler_120.go
new file mode 100644
index 000000000..a69d63cce
--- /dev/null
+++ b/vendor/github.com/sagikazarmark/slog-shim/text_handler_120.go
@@ -0,0 +1,24 @@
+// Copyright 2022 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build !go1.21
+
+package slog
+
+import (
+	"io"
+
+	"golang.org/x/exp/slog"
+)
+
+// TextHandler is a Handler that writes Records to an io.Writer as a
+// sequence of key=value pairs separated by spaces and followed by a newline.
+type TextHandler = slog.TextHandler
+
+// NewTextHandler creates a TextHandler that writes to w,
+// using the given options.
+// If opts is nil, the default options are used.
+func NewTextHandler(w io.Writer, opts *HandlerOptions) *TextHandler {
+	return slog.NewTextHandler(w, opts)
+}
diff --git a/vendor/github.com/sagikazarmark/slog-shim/value.go b/vendor/github.com/sagikazarmark/slog-shim/value.go
new file mode 100644
index 000000000..61173eb94
--- /dev/null
+++ b/vendor/github.com/sagikazarmark/slog-shim/value.go
@@ -0,0 +1,109 @@
+// Copyright 2022 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build go1.21
+
+package slog
+
+import (
+	"log/slog"
+	"time"
+)
+
+// A Value can represent any Go value, but unlike type any,
+// it can represent most small values without an allocation.
+// The zero Value corresponds to nil.
+type Value = slog.Value
+
+// Kind is the kind of a Value.
+type Kind = slog.Kind
+
+// The following list is sorted alphabetically, but it's also important that
+// KindAny is 0 so that a zero Value represents nil.
+const (
+	KindAny       = slog.KindAny
+	KindBool      = slog.KindBool
+	KindDuration  = slog.KindDuration
+	KindFloat64   = slog.KindFloat64
+	KindInt64     = slog.KindInt64
+	KindString    = slog.KindString
+	KindTime      = slog.KindTime
+	KindUint64    = slog.KindUint64
+	KindGroup     = slog.KindGroup
+	KindLogValuer = slog.KindLogValuer
+)
+
+//////////////// Constructors
+
+// StringValue returns a new Value for a string.
+func StringValue(value string) Value {
+	return slog.StringValue(value)
+}
+
+// IntValue returns a Value for an int.
+func IntValue(v int) Value {
+	return slog.IntValue(v)
+}
+
+// Int64Value returns a Value for an int64.
+func Int64Value(v int64) Value {
+	return slog.Int64Value(v)
+}
+
+// Uint64Value returns a Value for a uint64.
+func Uint64Value(v uint64) Value {
+	return slog.Uint64Value(v)
+}
+
+// Float64Value returns a Value for a floating-point number.
+func Float64Value(v float64) Value {
+	return slog.Float64Value(v)
+}
+
+// BoolValue returns a Value for a bool.
+func BoolValue(v bool) Value {
+	return slog.BoolValue(v)
+}
+
+// TimeValue returns a Value for a time.Time.
+// It discards the monotonic portion.
+func TimeValue(v time.Time) Value {
+	return slog.TimeValue(v)
+}
+
+// DurationValue returns a Value for a time.Duration.
+func DurationValue(v time.Duration) Value {
+	return slog.DurationValue(v)
+}
+
+// GroupValue returns a new Value for a list of Attrs.
+// The caller must not subsequently mutate the argument slice.
+func GroupValue(as ...Attr) Value {
+	return slog.GroupValue(as...)
+}
+
+// AnyValue returns a Value for the supplied value.
+//
+// If the supplied value is of type Value, it is returned
+// unmodified.
+//
+// Given a value of one of Go's predeclared string, bool, or
+// (non-complex) numeric types, AnyValue returns a Value of kind
+// String, Bool, Uint64, Int64, or Float64. The width of the
+// original numeric type is not preserved.
+//
+// Given a time.Time or time.Duration value, AnyValue returns a Value of kind
+// KindTime or KindDuration. The monotonic time is not preserved.
+//
+// For nil, or values of all other types, including named types whose
+// underlying type is numeric, AnyValue returns a value of kind KindAny.
+func AnyValue(v any) Value {
+	return slog.AnyValue(v)
+}
+
+// A LogValuer is any Go value that can convert itself into a Value for logging.
+//
+// This mechanism may be used to defer expensive operations until they are
+// needed, or to expand a single value into a sequence of components.
+type LogValuer = slog.LogValuer
diff --git a/vendor/github.com/sagikazarmark/slog-shim/value_120.go b/vendor/github.com/sagikazarmark/slog-shim/value_120.go
new file mode 100644
index 000000000..0f9f871ee
--- /dev/null
+++ b/vendor/github.com/sagikazarmark/slog-shim/value_120.go
@@ -0,0 +1,110 @@
+// Copyright 2022 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build !go1.21
+
+package slog
+
+import (
+	"time"
+
+	"golang.org/x/exp/slog"
+)
+
+// A Value can represent any Go value, but unlike type any,
+// it can represent most small values without an allocation.
+// The zero Value corresponds to nil.
+type Value = slog.Value
+
+// Kind is the kind of a Value.
+type Kind = slog.Kind
+
+// The following list is sorted alphabetically, but it's also important that
+// KindAny is 0 so that a zero Value represents nil.
+const (
+	KindAny       = slog.KindAny
+	KindBool      = slog.KindBool
+	KindDuration  = slog.KindDuration
+	KindFloat64   = slog.KindFloat64
+	KindInt64     = slog.KindInt64
+	KindString    = slog.KindString
+	KindTime      = slog.KindTime
+	KindUint64    = slog.KindUint64
+	KindGroup     = slog.KindGroup
+	KindLogValuer = slog.KindLogValuer
+)
+
+//////////////// Constructors
+
+// StringValue returns a new Value for a string.
+func StringValue(value string) Value {
+	return slog.StringValue(value)
+}
+
+// IntValue returns a Value for an int.
+func IntValue(v int) Value {
+	return slog.IntValue(v)
+}
+
+// Int64Value returns a Value for an int64.
+func Int64Value(v int64) Value {
+	return slog.Int64Value(v)
+}
+
+// Uint64Value returns a Value for a uint64.
+func Uint64Value(v uint64) Value {
+	return slog.Uint64Value(v)
+}
+
+// Float64Value returns a Value for a floating-point number.
+func Float64Value(v float64) Value {
+	return slog.Float64Value(v)
+}
+
+// BoolValue returns a Value for a bool.
+func BoolValue(v bool) Value {
+	return slog.BoolValue(v)
+}
+
+// TimeValue returns a Value for a time.Time.
+// It discards the monotonic portion.
+func TimeValue(v time.Time) Value {
+	return slog.TimeValue(v)
+}
+
+// DurationValue returns a Value for a time.Duration.
+func DurationValue(v time.Duration) Value {
+	return slog.DurationValue(v)
+}
+
+// GroupValue returns a new Value for a list of Attrs.
+// The caller must not subsequently mutate the argument slice.
+func GroupValue(as ...Attr) Value {
+	return slog.GroupValue(as...)
+}
+
+// AnyValue returns a Value for the supplied value.
+//
+// If the supplied value is of type Value, it is returned
+// unmodified.
+//
+// Given a value of one of Go's predeclared string, bool, or
+// (non-complex) numeric types, AnyValue returns a Value of kind
+// String, Bool, Uint64, Int64, or Float64. The width of the
+// original numeric type is not preserved.
+//
+// Given a time.Time or time.Duration value, AnyValue returns a Value of kind
+// KindTime or KindDuration. The monotonic time is not preserved.
+//
+// For nil, or values of all other types, including named types whose
+// underlying type is numeric, AnyValue returns a value of kind KindAny.
+func AnyValue(v any) Value {
+	return slog.AnyValue(v)
+}
+
+// A LogValuer is any Go value that can convert itself into a Value for logging.
+//
+// This mechanism may be used to defer expensive operations until they are
+// needed, or to expand a single value into a sequence of components.
+type LogValuer = slog.LogValuer
diff --git a/vendor/github.com/theupdateframework/go-tuf/encrypted/encrypted.go b/vendor/github.com/secure-systems-lab/go-securesystemslib/encrypted/encrypted.go
similarity index 64%
rename from vendor/github.com/theupdateframework/go-tuf/encrypted/encrypted.go
rename to vendor/github.com/secure-systems-lab/go-securesystemslib/encrypted/encrypted.go
index 4d174d61f..037a718ab 100644
--- a/vendor/github.com/theupdateframework/go-tuf/encrypted/encrypted.go
+++ b/vendor/github.com/secure-systems-lab/go-securesystemslib/encrypted/encrypted.go
@@ -23,13 +23,46 @@ const (
 	boxNonceSize = 24
 )
 
+// KDFParameterStrength defines the KDF parameter strength level to be used for
+// encryption key derivation.
+type KDFParameterStrength uint8
+
 const (
-	// N parameter was chosen to be ~100ms of work using the default implementation
-	// on the 2.3GHz Core i7 Haswell processor in a late-2013 Apple Retina Macbook
-	// Pro (it takes ~113ms).
-	scryptN = 32768
-	scryptR = 8
-	scryptP = 1
+	// Legacy defines legacy scrypt parameters (N:2^15, r:8, p:1)
+	Legacy KDFParameterStrength = iota + 1
+	// Standard defines standard scrypt parameters which is focusing 100ms of computation (N:2^16, r:8, p:1)
+	Standard
+	// OWASP defines OWASP recommended scrypt parameters (N:2^17, r:8, p:1)
+	OWASP
+)
+
+var (
+	// legacyParams represents old scrypt derivation parameters for backward
+	// compatibility.
+	legacyParams = scryptParams{
+		N: 32768, // 2^15
+		R: 8,
+		P: 1,
+	}
+
+	// standardParams defines scrypt parameters based on the scrypt creator
+	// recommendation to limit key derivation in time boxed to 100ms.
+	standardParams = scryptParams{
+		N: 65536, // 2^16
+		R: 8,
+		P: 1,
+	}
+
+	// owaspParams defines scrypt parameters recommended by OWASP
+	owaspParams = scryptParams{
+		N: 131072, // 2^17
+		R: 8,
+		P: 1,
+	}
+
+	// defaultParams defines scrypt parameters which will be used to generate a
+	// new key.
+	defaultParams = standardParams
 )
 
 const (
@@ -49,19 +82,33 @@ type scryptParams struct {
 	P int `json:"p"`
 }
 
-func newScryptKDF() (scryptKDF, error) {
+func (sp *scryptParams) Equal(in *scryptParams) bool {
+	return in != nil && sp.N == in.N && sp.P == in.P && sp.R == in.R
+}
+
+func newScryptKDF(level KDFParameterStrength) (scryptKDF, error) {
 	salt := make([]byte, saltSize)
 	if err := fillRandom(salt); err != nil {
-		return scryptKDF{}, err
+		return scryptKDF{}, fmt.Errorf("unable to generate a random salt: %w", err)
+	}
+
+	var params scryptParams
+	switch level {
+	case Legacy:
+		params = legacyParams
+	case Standard:
+		params = standardParams
+	case OWASP:
+		params = owaspParams
+	default:
+		// Fallback to default parameters
+		params = defaultParams
 	}
+
 	return scryptKDF{
-		Name: nameScrypt,
-		Params: scryptParams{
-			N: scryptN,
-			R: scryptR,
-			P: scryptP,
-		},
-		Salt: salt,
+		Name:   nameScrypt,
+		Params: params,
+		Salt:   salt,
 	}, nil
 }
 
@@ -79,9 +126,14 @@ func (s *scryptKDF) Key(passphrase []byte) ([]byte, error) {
 // be. If we do not do this, an attacker could cause a DoS by tampering with
 // them.
 func (s *scryptKDF) CheckParams() error {
-	if s.Params.N != scryptN || s.Params.R != scryptR || s.Params.P != scryptP {
-		return errors.New("encrypted: unexpected kdf parameters")
+	switch {
+	case legacyParams.Equal(&s.Params):
+	case standardParams.Equal(&s.Params):
+	case owaspParams.Equal(&s.Params):
+	default:
+		return errors.New("unsupported scrypt parameters")
 	}
+
 	return nil
 }
 
@@ -151,7 +203,14 @@ func (s *secretBoxCipher) Decrypt(ciphertext, key []byte) ([]byte, error) {
 // Encrypt takes a passphrase and plaintext, and returns a JSON object
 // containing ciphertext and the details necessary to decrypt it.
 func Encrypt(plaintext, passphrase []byte) ([]byte, error) {
-	k, err := newScryptKDF()
+	return EncryptWithCustomKDFParameters(plaintext, passphrase, Standard)
+}
+
+// EncryptWithCustomKDFParameters takes a passphrase, the plaintext and a KDF
+// parameter level (Legacy, Standard, or OWASP), and returns a JSON object
+// containing ciphertext and the details necessary to decrypt it.
+func EncryptWithCustomKDFParameters(plaintext, passphrase []byte, kdfLevel KDFParameterStrength) ([]byte, error) {
+	k, err := newScryptKDF(kdfLevel)
 	if err != nil {
 		return nil, err
 	}
@@ -176,11 +235,16 @@ func Encrypt(plaintext, passphrase []byte) ([]byte, error) {
 
 // Marshal encrypts the JSON encoding of v using passphrase.
 func Marshal(v interface{}, passphrase []byte) ([]byte, error) {
+	return MarshalWithCustomKDFParameters(v, passphrase, Standard)
+}
+
+// MarshalWithCustomKDFParameters encrypts the JSON encoding of v using passphrase.
+func MarshalWithCustomKDFParameters(v interface{}, passphrase []byte, kdfLevel KDFParameterStrength) ([]byte, error) {
 	data, err := json.MarshalIndent(v, "", "\t")
 	if err != nil {
 		return nil, err
 	}
-	return Encrypt(data, passphrase)
+	return EncryptWithCustomKDFParameters(data, passphrase, kdfLevel)
 }
 
 // Decrypt takes a JSON-encoded ciphertext object encrypted using Encrypt and
diff --git a/vendor/github.com/segmentio/asm/LICENSE b/vendor/github.com/segmentio/asm/LICENSE
new file mode 100644
index 000000000..29e1ab6b0
--- /dev/null
+++ b/vendor/github.com/segmentio/asm/LICENSE
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2021 Segment
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/vendor/github.com/segmentio/asm/base64/base64.go b/vendor/github.com/segmentio/asm/base64/base64.go
new file mode 100644
index 000000000..dd2128d4a
--- /dev/null
+++ b/vendor/github.com/segmentio/asm/base64/base64.go
@@ -0,0 +1,67 @@
+package base64
+
+import (
+	"encoding/base64"
+)
+
+const (
+	StdPadding rune = base64.StdPadding
+	NoPadding  rune = base64.NoPadding
+
+	encodeStd  = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"
+	encodeURL  = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_"
+	encodeIMAP = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+,"
+
+	letterRange = int8('Z' - 'A' + 1)
+)
+
+// StdEncoding is the standard base64 encoding, as defined in RFC 4648.
+var StdEncoding = NewEncoding(encodeStd)
+
+// URLEncoding is the alternate base64 encoding defined in RFC 4648.
+// It is typically used in URLs and file names.
+var URLEncoding = NewEncoding(encodeURL)
+
+// RawStdEncoding is the standard unpadded base64 encoding defined in RFC 4648 section 3.2.
+// This is the same as StdEncoding but omits padding characters.
+var RawStdEncoding = StdEncoding.WithPadding(NoPadding)
+
+// RawURLEncoding is the unpadded alternate base64 encoding defined in RFC 4648.
+// This is the same as URLEncoding but omits padding characters.
+var RawURLEncoding = URLEncoding.WithPadding(NoPadding)
+
+// NewEncoding returns a new padded Encoding defined by the given alphabet,
+// which must be a 64-byte string that does not contain the padding character
+// or CR / LF ('\r', '\n'). Unlike the standard library, the encoding alphabet
+// cannot be abitrary, and it must follow one of the know standard encoding
+// variants.
+//
+// Required alphabet values:
+//     * [0,26):  characters 'A'..'Z'
+//     * [26,52): characters 'a'..'z'
+//     * [52,62): characters '0'..'9'
+// Flexible alphabet value options:
+//     * RFC 4648, RFC 1421, RFC 2045, RFC 2152, RFC 4880: '+' and '/'
+//     * RFC 4648 URI: '-' and '_'
+//     * RFC 3501: '+' and ','
+//
+// The resulting Encoding uses the default padding character ('='), which may
+// be changed or disabled via WithPadding. The padding characters is urestricted,
+// but it must be a character outside of the encoder alphabet.
+func NewEncoding(encoder string) *Encoding {
+	if len(encoder) != 64 {
+		panic("encoding alphabet is not 64-bytes long")
+	}
+
+	if _, ok := allowedEncoding[encoder]; !ok {
+		panic("non-standard encoding alphabets are not supported")
+	}
+
+	return newEncoding(encoder)
+}
+
+var allowedEncoding = map[string]struct{}{
+	encodeStd:  {},
+	encodeURL:  {},
+	encodeIMAP: {},
+}
diff --git a/vendor/github.com/segmentio/asm/base64/base64_amd64.go b/vendor/github.com/segmentio/asm/base64/base64_amd64.go
new file mode 100644
index 000000000..4136098ea
--- /dev/null
+++ b/vendor/github.com/segmentio/asm/base64/base64_amd64.go
@@ -0,0 +1,78 @@
+//go:build amd64 && !purego
+// +build amd64,!purego
+
+package base64
+
+import (
+	"encoding/base64"
+
+	"github.com/segmentio/asm/cpu"
+	"github.com/segmentio/asm/cpu/x86"
+)
+
+const (
+	encLutSize   = 32
+	decLutSize   = 48
+	minEncodeLen = 28
+	minDecodeLen = 45
+)
+
+func newEncoding(encoder string) *Encoding {
+	e := &Encoding{base: base64.NewEncoding(encoder)}
+	if cpu.X86.Has(x86.AVX2) {
+		e.enableEncodeAVX2(encoder)
+		e.enableDecodeAVX2(encoder)
+	}
+	return e
+}
+
+func (e *Encoding) enableEncodeAVX2(encoder string) {
+	// Translate values 0..63 to the Base64 alphabet. There are five sets:
+	//
+	// From      To         Add    Index  Example
+	// [0..25]   [65..90]   +65        0  ABCDEFGHIJKLMNOPQRSTUVWXYZ
+	// [26..51]  [97..122]  +71        1  abcdefghijklmnopqrstuvwxyz
+	// [52..61]  [48..57]    -4  [2..11]  0123456789
+	// [62]      [43]       -19       12  +
+	// [63]      [47]       -16       13  /
+	tab := [encLutSize]int8{int8(encoder[0]), int8(encoder[letterRange]) - letterRange}
+	for i, ch := range encoder[2*letterRange:] {
+		tab[2+i] = int8(ch) - 2*letterRange - int8(i)
+	}
+
+	e.enc = encodeAVX2
+	e.enclut = tab
+}
+
+func (e *Encoding) enableDecodeAVX2(encoder string) {
+	c62, c63 := int8(encoder[62]), int8(encoder[63])
+	url := c63 == '_'
+	if url {
+		c63 = '/'
+	}
+
+	// Translate values from the Base64 alphabet using five sets. Values outside
+	// of these ranges are considered invalid:
+	//
+	// From       To        Add    Index  Example
+	// [47]       [63]      +16        1  /
+	// [43]       [62]      +19        2  +
+	// [48..57]   [52..61]   +4        3  0123456789
+	// [65..90]   [0..25]   -65      4,5  ABCDEFGHIJKLMNOPQRSTUVWXYZ
+	// [97..122]  [26..51]  -71      6,7  abcdefghijklmnopqrstuvwxyz
+	tab := [decLutSize]int8{
+		0, 63 - c63, 62 - c62, 4, -65, -65, -71, -71,
+		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+		0x15, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
+		0x11, 0x11, 0x13, 0x1B, 0x1B, 0x1B, 0x1B, 0x1B,
+	}
+	tab[(c62&15)+16] = 0x1A
+	tab[(c63&15)+16] = 0x1A
+
+	if url {
+		e.dec = decodeAVX2URI
+	} else {
+		e.dec = decodeAVX2
+	}
+	e.declut = tab
+}
diff --git a/vendor/github.com/segmentio/asm/base64/base64_arm64.go b/vendor/github.com/segmentio/asm/base64/base64_arm64.go
new file mode 100644
index 000000000..276f30028
--- /dev/null
+++ b/vendor/github.com/segmentio/asm/base64/base64_arm64.go
@@ -0,0 +1,42 @@
+//go:build arm64 && !purego
+// +build arm64,!purego
+
+package base64
+
+import (
+	"encoding/base64"
+)
+
+const (
+	encLutSize   = 16
+	decLutSize   = 2
+	minEncodeLen = 16 * 3
+	minDecodeLen = 8 * 4
+)
+
+func newEncoding(encoder string) *Encoding {
+	e := &Encoding{base: base64.NewEncoding(encoder)}
+	e.enableEncodeARM64(encoder)
+	e.enableDecodeARM64(encoder)
+	return e
+}
+
+func (e *Encoding) enableEncodeARM64(encoder string) {
+	c62, c63 := int8(encoder[62]), int8(encoder[63])
+	tab := [encLutSize]int8{
+		'a' - 26, '0' - 52, '0' - 52, '0' - 52, '0' - 52, '0' - 52, '0' - 52, '0' - 52,
+		'0' - 52, '0' - 52, '0' - 52, c62 - 62, c63 - 63, 'A', 0, 0,
+	}
+
+	e.enc = encodeARM64
+	e.enclut = tab
+}
+
+func (e *Encoding) enableDecodeARM64(encoder string) {
+	if encoder == encodeStd {
+		e.dec = decodeStdARM64
+	} else {
+		e.dec = decodeARM64
+	}
+	e.declut = [decLutSize]int8{int8(encoder[62]), int8(encoder[63])}
+}
diff --git a/vendor/github.com/segmentio/asm/base64/base64_asm.go b/vendor/github.com/segmentio/asm/base64/base64_asm.go
new file mode 100644
index 000000000..f9afadd7f
--- /dev/null
+++ b/vendor/github.com/segmentio/asm/base64/base64_asm.go
@@ -0,0 +1,94 @@
+//go:build (amd64 || arm64) && !purego
+// +build amd64 arm64
+// +build !purego
+
+package base64
+
+import (
+	"encoding/base64"
+
+	"github.com/segmentio/asm/internal/unsafebytes"
+)
+
+// An Encoding is a radix 64 encoding/decoding scheme, defined by a
+// 64-character alphabet.
+type Encoding struct {
+	enc    func(dst []byte, src []byte, lut *int8) (int, int)
+	enclut [encLutSize]int8
+
+	dec    func(dst []byte, src []byte, lut *int8) (int, int)
+	declut [decLutSize]int8
+
+	base *base64.Encoding
+}
+
+// WithPadding creates a duplicate Encoding updated with a specified padding
+// character, or NoPadding to disable padding. The padding character must not
+// be contained in the encoding alphabet, must not be '\r' or '\n', and must
+// be no greater than '\xFF'.
+func (enc Encoding) WithPadding(padding rune) *Encoding {
+	enc.base = enc.base.WithPadding(padding)
+	return &enc
+}
+
+// Strict creates a duplicate encoding updated with strict decoding enabled.
+// This requires that trailing padding bits are zero.
+func (enc Encoding) Strict() *Encoding {
+	enc.base = enc.base.Strict()
+	return &enc
+}
+
+// Encode encodes src using the defined encoding alphabet.
+// This will write EncodedLen(len(src)) bytes to dst.
+func (enc *Encoding) Encode(dst, src []byte) {
+	if len(src) >= minEncodeLen && enc.enc != nil {
+		d, s := enc.enc(dst, src, &enc.enclut[0])
+		dst = dst[d:]
+		src = src[s:]
+	}
+	enc.base.Encode(dst, src)
+}
+
+// Encode encodes src using the encoding enc, writing
+// EncodedLen(len(src)) bytes to dst.
+func (enc *Encoding) EncodeToString(src []byte) string {
+	buf := make([]byte, enc.base.EncodedLen(len(src)))
+	enc.Encode(buf, src)
+	return string(buf)
+}
+
+// EncodedLen calculates the base64-encoded byte length for a message
+// of length n.
+func (enc *Encoding) EncodedLen(n int) int {
+	return enc.base.EncodedLen(n)
+}
+
+// Decode decodes src using the defined encoding alphabet.
+// This will write DecodedLen(len(src)) bytes to dst and return the number of
+// bytes written.
+func (enc *Encoding) Decode(dst, src []byte) (n int, err error) {
+	var d, s int
+	if len(src) >= minDecodeLen && enc.dec != nil {
+		d, s = enc.dec(dst, src, &enc.declut[0])
+		dst = dst[d:]
+		src = src[s:]
+	}
+	n, err = enc.base.Decode(dst, src)
+	n += d
+	return
+}
+
+// DecodeString decodes the base64 encoded string s, returns the decoded
+// value as bytes.
+func (enc *Encoding) DecodeString(s string) ([]byte, error) {
+	src := unsafebytes.BytesOf(s)
+	dst := make([]byte, enc.base.DecodedLen(len(s)))
+	n, err := enc.Decode(dst, src)
+	return dst[:n], err
+}
+
+// DecodedLen calculates the decoded byte length for a base64-encoded message
+// of length n.
+func (enc *Encoding) DecodedLen(n int) int {
+	return enc.base.DecodedLen(n)
+}
diff --git a/vendor/github.com/segmentio/asm/base64/base64_default.go b/vendor/github.com/segmentio/asm/base64/base64_default.go
new file mode 100644
index 000000000..1720da5ca
--- /dev/null
+++ b/vendor/github.com/segmentio/asm/base64/base64_default.go
@@ -0,0 +1,14 @@
+//go:build purego || !(amd64 || arm64)
+// +build purego !amd64,!arm64
+
+package base64
+
+import "encoding/base64"
+
+// An Encoding is a radix 64 encoding/decoding scheme, defined by a
+// 64-character alphabet.
+type Encoding = base64.Encoding
+
+func newEncoding(encoder string) *Encoding {
+	return base64.NewEncoding(encoder)
+}
diff --git a/vendor/github.com/segmentio/asm/base64/decode_amd64.go b/vendor/github.com/segmentio/asm/base64/decode_amd64.go
new file mode 100644
index 000000000..e85bf6a92
--- /dev/null
+++ b/vendor/github.com/segmentio/asm/base64/decode_amd64.go
@@ -0,0 +1,9 @@
+// Code generated by command: go run decode_asm.go -pkg base64 -out ../base64/decode_amd64.s -stubs ../base64/decode_amd64.go. DO NOT EDIT.
+
+//go:build !purego
+
+package base64
+
+func decodeAVX2(dst []byte, src []byte, lut *int8) (int, int)
+
+func decodeAVX2URI(dst []byte, src []byte, lut *int8) (int, int)
diff --git a/vendor/github.com/segmentio/asm/base64/decode_amd64.s b/vendor/github.com/segmentio/asm/base64/decode_amd64.s
new file mode 100644
index 000000000..ade5442c3
--- /dev/null
+++ b/vendor/github.com/segmentio/asm/base64/decode_amd64.s
@@ -0,0 +1,143 @@
+// Code generated by command: go run decode_asm.go -pkg base64 -out ../base64/decode_amd64.s -stubs ../base64/decode_amd64.go. DO NOT EDIT.
+
+//go:build !purego
+
+#include "textflag.h"
+
+DATA b64_dec_lut_hi<>+0(SB)/8, $0x0804080402011010
+DATA b64_dec_lut_hi<>+8(SB)/8, $0x1010101010101010
+DATA b64_dec_lut_hi<>+16(SB)/8, $0x0804080402011010
+DATA b64_dec_lut_hi<>+24(SB)/8, $0x1010101010101010
+GLOBL b64_dec_lut_hi<>(SB), RODATA|NOPTR, $32
+
+DATA b64_dec_madd1<>+0(SB)/8, $0x0140014001400140
+DATA b64_dec_madd1<>+8(SB)/8, $0x0140014001400140
+DATA b64_dec_madd1<>+16(SB)/8, $0x0140014001400140
+DATA b64_dec_madd1<>+24(SB)/8, $0x0140014001400140
+GLOBL b64_dec_madd1<>(SB), RODATA|NOPTR, $32
+
+DATA b64_dec_madd2<>+0(SB)/8, $0x0001100000011000
+DATA b64_dec_madd2<>+8(SB)/8, $0x0001100000011000
+DATA b64_dec_madd2<>+16(SB)/8, $0x0001100000011000
+DATA b64_dec_madd2<>+24(SB)/8, $0x0001100000011000
+GLOBL b64_dec_madd2<>(SB), RODATA|NOPTR, $32
+
+DATA b64_dec_shuf_lo<>+0(SB)/8, $0x0000000000000000
+DATA b64_dec_shuf_lo<>+8(SB)/8, $0x0600010200000000
+GLOBL b64_dec_shuf_lo<>(SB), RODATA|NOPTR, $16
+
+DATA b64_dec_shuf<>+0(SB)/8, $0x090a040506000102
+DATA b64_dec_shuf<>+8(SB)/8, $0x000000000c0d0e08
+DATA b64_dec_shuf<>+16(SB)/8, $0x0c0d0e08090a0405
+DATA b64_dec_shuf<>+24(SB)/8, $0x0000000000000000
+GLOBL b64_dec_shuf<>(SB), RODATA|NOPTR, $32
+
+// func decodeAVX2(dst []byte, src []byte, lut *int8) (int, int)
+// Requires: AVX, AVX2, SSE4.1
+TEXT ·decodeAVX2(SB), NOSPLIT, $0-72
+	MOVQ         dst_base+0(FP), AX
+	MOVQ         src_base+24(FP), DX
+	MOVQ         lut+48(FP), SI
+	MOVQ         src_len+32(FP), DI
+	MOVB         $0x2f, CL
+	PINSRB       $0x00, CX, X8
+	VPBROADCASTB X8, Y8
+	XORQ         CX, CX
+	XORQ         BX, BX
+	VPXOR        Y7, Y7, Y7
+	VPERMQ       $0x44, (SI), Y6
+	VPERMQ       $0x44, 16(SI), Y4
+	VMOVDQA      b64_dec_lut_hi<>+0(SB), Y5
+
+loop:
+	VMOVDQU      (DX)(BX*1), Y0
+	VPSRLD       $0x04, Y0, Y2
+	VPAND        Y8, Y0, Y3
+	VPSHUFB      Y3, Y4, Y3
+	VPAND        Y8, Y2, Y2
+	VPSHUFB      Y2, Y5, Y9
+	VPTEST       Y9, Y3
+	JNE          done
+	VPCMPEQB     Y8, Y0, Y3
+	VPADDB       Y3, Y2, Y2
+	VPSHUFB      Y2, Y6, Y2
+	VPADDB       Y0, Y2, Y0
+	VPMADDUBSW   b64_dec_madd1<>+0(SB), Y0, Y0
+	VPMADDWD     b64_dec_madd2<>+0(SB), Y0, Y0
+	VEXTRACTI128 $0x01, Y0, X1
+	VPSHUFB      b64_dec_shuf_lo<>+0(SB), X1, X1
+	VPSHUFB      b64_dec_shuf<>+0(SB), Y0, Y0
+	VPBLENDD     $0x08, Y1, Y0, Y1
+	VPBLENDD     $0xc0, Y7, Y1, Y1
+	VMOVDQU      Y1, (AX)(CX*1)
+	ADDQ         $0x18, CX
+	ADDQ         $0x20, BX
+	SUBQ         $0x20, DI
+	CMPQ         DI, $0x2d
+	JB           done
+	JMP          loop
+
+done:
+	MOVQ CX, ret+56(FP)
+	MOVQ BX, ret1+64(FP)
+	VZEROUPPER
+	RET
+
+// func decodeAVX2URI(dst []byte, src []byte, lut *int8) (int, int)
+// Requires: AVX, AVX2, SSE4.1
+TEXT ·decodeAVX2URI(SB), NOSPLIT, $0-72
+	MOVB         $0x2f, AL
+	PINSRB       $0x00, AX, X0
+	VPBROADCASTB X0, Y0
+	MOVB         $0x5f, AL
+	PINSRB       $0x00, AX, X1
+	VPBROADCASTB X1, Y1
+	MOVQ         dst_base+0(FP), AX
+	MOVQ         src_base+24(FP), DX
+	MOVQ         lut+48(FP), SI
+	MOVQ         src_len+32(FP), DI
+	MOVB         $0x2f, CL
+	PINSRB       $0x00, CX, X10
+	VPBROADCASTB X10, Y10
+	XORQ         CX, CX
+	XORQ         BX, BX
+	VPXOR        Y9, Y9, Y9
+	VPERMQ       $0x44, (SI), Y8
+	VPERMQ       $0x44, 16(SI), Y6
+	VMOVDQA      b64_dec_lut_hi<>+0(SB), Y7
+
+loop:
+	VMOVDQU      (DX)(BX*1), Y2
+	VPCMPEQB     Y2, Y1, Y4
+	VPBLENDVB    Y4, Y0, Y2, Y2
+	VPSRLD       $0x04, Y2, Y4
+	VPAND        Y10, Y2, Y5
+	VPSHUFB      Y5, Y6, Y5
+	VPAND        Y10, Y4, Y4
+	VPSHUFB      Y4, Y7, Y11
+	VPTEST       Y11, Y5
+	JNE          done
+	VPCMPEQB     Y10, Y2, Y5
+	VPADDB       Y5, Y4, Y4
+	VPSHUFB      Y4, Y8, Y4
+	VPADDB       Y2, Y4, Y2
+	VPMADDUBSW   b64_dec_madd1<>+0(SB), Y2, Y2
+	VPMADDWD     b64_dec_madd2<>+0(SB), Y2, Y2
+	VEXTRACTI128 $0x01, Y2, X3
+	VPSHUFB      b64_dec_shuf_lo<>+0(SB), X3, X3
+	VPSHUFB      b64_dec_shuf<>+0(SB), Y2, Y2
+	VPBLENDD     $0x08, Y3, Y2, Y3
+	VPBLENDD     $0xc0, Y9, Y3, Y3
+	VMOVDQU      Y3, (AX)(CX*1)
+	ADDQ         $0x18, CX
+	ADDQ         $0x20, BX
+	SUBQ         $0x20, DI
+	CMPQ         DI, $0x2d
+	JB           done
+	JMP          loop
+
+done:
+	MOVQ CX, ret+56(FP)
+	MOVQ BX, ret1+64(FP)
+	VZEROUPPER
+	RET
diff --git a/vendor/github.com/segmentio/asm/base64/decode_arm64.go b/vendor/github.com/segmentio/asm/base64/decode_arm64.go
new file mode 100644
index 000000000..d44baa1dc
--- /dev/null
+++ b/vendor/github.com/segmentio/asm/base64/decode_arm64.go
@@ -0,0 +1,7 @@
+//go:build !purego
+// +build !purego
+
+package base64
+
+func decodeARM64(dst []byte, src []byte, lut *int8) (int, int)
+func decodeStdARM64(dst []byte, src []byte, lut *int8) (int, int)
diff --git a/vendor/github.com/segmentio/asm/base64/decode_arm64.s b/vendor/github.com/segmentio/asm/base64/decode_arm64.s
new file mode 100644
index 000000000..4374d5ce1
--- /dev/null
+++ b/vendor/github.com/segmentio/asm/base64/decode_arm64.s
@@ -0,0 +1,203 @@
+#include "textflag.h"
+
+#define LOAD_ARGS()                                            \
+	MOVD    dst_base+0(FP), R0;                                  \
+	MOVD    R0, R3;                                              \
+	MOVD    src_base+24(FP), R1;                                 \
+	MOVD    R1, R4;                                              \
+	MOVD    src_len+32(FP), R2;                                  \
+	BIC     $31, R2, R2;                                         \
+	ADD     R1, R2, R2
+
+#define LOAD_ARG_LUT()                                         \
+	MOVD    lut+48(FP), R5;                                      \
+	VLD2R   (R5), [V0.B16, V1.B16]
+
+#define LOAD_CONST_LUT()                                       \
+	MOVD    $·mask_lut(SB), R6;                                  \
+	MOVD    $·bpos_lut(SB), R7;                                  \
+	MOVD    $·shft_lut(SB), R8;                                  \
+	VLD1    (R6), [V2.B16];                                      \
+	VLD1    (R7), [V3.B16];                                      \
+	VLD1    (R8), [V4.B16];                                      \
+	VMOVI   $43, V5.B8;                                          \
+	VMOVI   $47, V6.B8;                                          \
+	VMOVI   $15, V7.B8;                                          \
+	VMOVI   $16, V8.B8;                                          \
+
+#define LOAD_INPUT()                                           \
+	VLD4    (R4), [V10.B8, V11.B8, V12.B8, V13.B8]
+
+#define COMPARE_INPUT(v)                                       \
+	VCMEQ   V10.B8, v.B8, V14.B8;                                \
+	VCMEQ   V11.B8, v.B8, V15.B8;                                \
+	VCMEQ   V12.B8, v.B8, V16.B8;                                \
+	VCMEQ   V13.B8, v.B8, V17.B8
+
+#define UPDATE_INPUT(v)                                        \
+	VBIT    V14.B8, v.B8, V10.B8;                                \
+	VBIT    V15.B8, v.B8, V11.B8;                                \
+	VBIT    V16.B8, v.B8, V12.B8;                                \
+	VBIT    V17.B8, v.B8, V13.B8
+
+#define DECODE_INPUT(goto_err)                                 \
+	/* Create hi/lo nibles */                                    \
+	VUSHR   $4, V10.B8, V18.B8;                                  \
+	VUSHR   $4, V11.B8, V19.B8;                                  \
+	VUSHR   $4, V12.B8, V20.B8;                                  \
+	VUSHR   $4, V13.B8, V21.B8;                                  \
+	VAND    V7.B8, V10.B8, V22.B8;                               \
+	VAND    V7.B8, V11.B8, V23.B8;                               \
+	VAND    V7.B8, V12.B8, V24.B8;                               \
+	VAND    V7.B8, V13.B8, V25.B8;                               \
+	/* Detect invalid input characters */                        \
+	VTBL    V22.B8, [V2.B8], V22.B8;                             \
+	VTBL    V23.B8, [V2.B8], V23.B8;                             \
+	VTBL    V24.B8, [V2.B8], V24.B8;                             \
+	VTBL    V25.B8, [V2.B8], V25.B8;                             \
+	VTBL    V18.B8, [V3.B8], V26.B8;                             \
+	VTBL    V19.B8, [V3.B8], V27.B8;                             \
+	VTBL    V20.B8, [V3.B8], V28.B8;                             \
+	VTBL    V21.B8, [V3.B8], V29.B8;                             \
+	VAND    V22.B8, V26.B8, V26.B8;                              \
+	VAND    V23.B8, V27.B8, V27.B8;                              \
+	VAND    V24.B8, V28.B8, V28.B8;                              \
+	VAND    V25.B8, V29.B8, V29.B8;                              \
+	WORD    $0x0e209b5a /* VCMEQ   $0, V26.B8, V26.B8 */;        \
+	WORD    $0x0e209b7b /* VCMEQ   $0, V27.B8, V27.B8 */;        \
+	WORD    $0x0e209b9c /* VCMEQ   $0, V28.B8, V28.B8 */;        \
+	WORD    $0x0e209bbd /* VCMEQ   $0, V29.B8, V29.B8 */;        \
+	VORR    V26.B8, V27.B8, V26.B8;                              \
+	VORR    V28.B8, V29.B8, V28.B8;                              \
+	VORR    V26.B8, V28.B8, V26.B8;                              \
+	VMOV    V26.D[0], R5;                                        \
+	VMOV    V26.D[1], R6;                                        \
+	ORR     R6, R5;                                              \
+	CBNZ    R5, goto_err;                                        \
+	/* Shift hi nibles */                                        \
+	VTBL    V18.B8, [V4.B8], V18.B8;                             \
+	VTBL    V19.B8, [V4.B8], V19.B8;                             \
+	VTBL    V20.B8, [V4.B8], V20.B8;                             \
+	VTBL    V21.B8, [V4.B8], V21.B8;                             \
+	VBIT    V14.B8, V8.B8, V18.B8;                               \
+	VBIT    V15.B8, V8.B8, V19.B8;                               \
+	VBIT    V16.B8, V8.B8, V20.B8;                               \
+	VBIT    V17.B8, V8.B8, V21.B8;                               \
+	/* Combine results */                                        \
+	VADD    V18.B8, V10.B8, V10.B8;                              \
+	VADD    V19.B8, V11.B8, V11.B8;                              \
+	VADD    V20.B8, V12.B8, V12.B8;                              \
+	VADD    V21.B8, V13.B8, V13.B8;                              \
+	VUSHR   $4, V11.B8, V14.B8;                                  \
+	VUSHR   $2, V12.B8, V15.B8;                                  \
+	VSHL    $2, V10.B8, V10.B8;                                  \
+	VSHL    $4, V11.B8, V11.B8;                                  \
+	VSHL    $6, V12.B8, V12.B8;                                  \
+	VORR    V10.B8, V14.B8, V16.B8;                              \
+	VORR    V11.B8, V15.B8, V17.B8;                              \
+	VORR    V12.B8, V13.B8, V18.B8
+
+#define ADVANCE_LOOP(goto_loop)                                \
+	VST3.P  [V16.B8, V17.B8, V18.B8], 24(R3);                    \
+	ADD     $32, R4;                                             \
+	CMP     R4, R2;                                              \
+	BGT     goto_loop
+
+#define RETURN()                                               \
+	SUB     R0, R3;                                              \
+	SUB     R1, R4;                                              \
+	MOVD    R3, ret+56(FP);                                      \
+	MOVD    R4, ret1+64(FP);                                     \
+	RET
+
+
+// func decodeARM64(dst []byte, src []byte, lut *int8) (int, int)
+TEXT ·decodeARM64(SB),NOSPLIT,$0-72
+	LOAD_ARGS()
+	LOAD_ARG_LUT()
+	LOAD_CONST_LUT()
+
+loop:
+	LOAD_INPUT()
+
+	// Compare and normalize the 63rd and 64th characters
+	COMPARE_INPUT(V0)
+	UPDATE_INPUT(V5)
+	COMPARE_INPUT(V1)
+	UPDATE_INPUT(V6)
+
+	DECODE_INPUT(done) // Detect invalid input characters
+	ADVANCE_LOOP(loop) // Store results and continue
+
+done:
+	RETURN()
+
+
+// func decodeStdARM64(dst []byte, src []byte, lut *int8) (int, int)
+TEXT ·decodeStdARM64(SB),NOSPLIT,$0-72
+	LOAD_ARGS()
+	LOAD_CONST_LUT()
+
+loop:
+	LOAD_INPUT()
+	COMPARE_INPUT(V6)  // Compare to '+'
+	DECODE_INPUT(done) // Detect invalid input characters
+	ADVANCE_LOOP(loop) // Store results and continue
+
+done:
+	RETURN()
+
+
+DATA  ·mask_lut+0x00(SB)/1, $0xa8
+DATA  ·mask_lut+0x01(SB)/1, $0xf8
+DATA  ·mask_lut+0x02(SB)/1, $0xf8
+DATA  ·mask_lut+0x03(SB)/1, $0xf8
+DATA  ·mask_lut+0x04(SB)/1, $0xf8
+DATA  ·mask_lut+0x05(SB)/1, $0xf8
+DATA  ·mask_lut+0x06(SB)/1, $0xf8
+DATA  ·mask_lut+0x07(SB)/1, $0xf8
+DATA  ·mask_lut+0x08(SB)/1, $0xf8
+DATA  ·mask_lut+0x09(SB)/1, $0xf8
+DATA  ·mask_lut+0x0a(SB)/1, $0xf0
+DATA  ·mask_lut+0x0b(SB)/1, $0x54
+DATA  ·mask_lut+0x0c(SB)/1, $0x50
+DATA  ·mask_lut+0x0d(SB)/1, $0x50
+DATA  ·mask_lut+0x0e(SB)/1, $0x50
+DATA  ·mask_lut+0x0f(SB)/1, $0x54
+GLOBL ·mask_lut(SB), NOPTR|RODATA, $16
+
+DATA  ·bpos_lut+0x00(SB)/1, $0x01
+DATA  ·bpos_lut+0x01(SB)/1, $0x02
+DATA  ·bpos_lut+0x02(SB)/1, $0x04
+DATA  ·bpos_lut+0x03(SB)/1, $0x08
+DATA  ·bpos_lut+0x04(SB)/1, $0x10
+DATA  ·bpos_lut+0x05(SB)/1, $0x20
+DATA  ·bpos_lut+0x06(SB)/1, $0x40
+DATA  ·bpos_lut+0x07(SB)/1, $0x80
+DATA  ·bpos_lut+0x08(SB)/1, $0x00
+DATA  ·bpos_lut+0x09(SB)/1, $0x00
+DATA  ·bpos_lut+0x0a(SB)/1, $0x00
+DATA  ·bpos_lut+0x0b(SB)/1, $0x00
+DATA  ·bpos_lut+0x0c(SB)/1, $0x00
+DATA  ·bpos_lut+0x0d(SB)/1, $0x00
+DATA  ·bpos_lut+0x0e(SB)/1, $0x00
+DATA  ·bpos_lut+0x0f(SB)/1, $0x00
+GLOBL ·bpos_lut(SB), NOPTR|RODATA, $16
+
+DATA  ·shft_lut+0x00(SB)/1, $0x00
+DATA  ·shft_lut+0x01(SB)/1, $0x00
+DATA  ·shft_lut+0x02(SB)/1, $0x13
+DATA  ·shft_lut+0x03(SB)/1, $0x04
+DATA  ·shft_lut+0x04(SB)/1, $0xbf
+DATA  ·shft_lut+0x05(SB)/1, $0xbf
+DATA  ·shft_lut+0x06(SB)/1, $0xb9
+DATA  ·shft_lut+0x07(SB)/1, $0xb9
+DATA  ·shft_lut+0x08(SB)/1, $0x00
+DATA  ·shft_lut+0x09(SB)/1, $0x00
+DATA  ·shft_lut+0x0a(SB)/1, $0x00
+DATA  ·shft_lut+0x0b(SB)/1, $0x00
+DATA  ·shft_lut+0x0c(SB)/1, $0x00
+DATA  ·shft_lut+0x0d(SB)/1, $0x00
+DATA  ·shft_lut+0x0e(SB)/1, $0x00
+DATA  ·shft_lut+0x0f(SB)/1, $0x00
+GLOBL ·shft_lut(SB), NOPTR|RODATA, $16
diff --git a/vendor/github.com/segmentio/asm/base64/encode_amd64.go b/vendor/github.com/segmentio/asm/base64/encode_amd64.go
new file mode 100644
index 000000000..a83c81f15
--- /dev/null
+++ b/vendor/github.com/segmentio/asm/base64/encode_amd64.go
@@ -0,0 +1,7 @@
+// Code generated by command: go run encode_asm.go -pkg base64 -out ../base64/encode_amd64.s -stubs ../base64/encode_amd64.go. DO NOT EDIT.
+
+//go:build !purego
+
+package base64
+
+func encodeAVX2(dst []byte, src []byte, lut *int8) (int, int)
diff --git a/vendor/github.com/segmentio/asm/base64/encode_amd64.s b/vendor/github.com/segmentio/asm/base64/encode_amd64.s
new file mode 100644
index 000000000..6797c977e
--- /dev/null
+++ b/vendor/github.com/segmentio/asm/base64/encode_amd64.s
@@ -0,0 +1,87 @@
+// Code generated by command: go run encode_asm.go -pkg base64 -out ../base64/encode_amd64.s -stubs ../base64/encode_amd64.go. DO NOT EDIT.
+
+//go:build !purego
+
+#include "textflag.h"
+
+// func encodeAVX2(dst []byte, src []byte, lut *int8) (int, int)
+// Requires: AVX, AVX2, SSE4.1
+TEXT ·encodeAVX2(SB), NOSPLIT, $0-72
+	MOVQ         dst_base+0(FP), AX
+	MOVQ         src_base+24(FP), DX
+	MOVQ         lut+48(FP), SI
+	MOVQ         src_len+32(FP), DI
+	MOVB         $0x33, CL
+	PINSRB       $0x00, CX, X4
+	VPBROADCASTB X4, Y4
+	MOVB         $0x19, CL
+	PINSRB       $0x00, CX, X5
+	VPBROADCASTB X5, Y5
+	XORQ         CX, CX
+	XORQ         BX, BX
+
+	// Load the 16-byte LUT into both lanes of the register
+	VPERMQ $0x44, (SI), Y3
+
+	// Load the first block using a mask to avoid potential fault
+	VMOVDQU    b64_enc_load<>+0(SB), Y0
+	VPMASKMOVD -4(DX)(BX*1), Y0, Y0
+
+loop:
+	VPSHUFB  b64_enc_shuf<>+0(SB), Y0, Y0
+	VPAND    b64_enc_mask1<>+0(SB), Y0, Y1
+	VPSLLW   $0x08, Y1, Y2
+	VPSLLW   $0x04, Y1, Y1
+	VPBLENDW $0xaa, Y2, Y1, Y2
+	VPAND    b64_enc_mask2<>+0(SB), Y0, Y1
+	VPMULHUW b64_enc_mult<>+0(SB), Y1, Y0
+	VPOR     Y0, Y2, Y0
+	VPSUBUSB Y4, Y0, Y1
+	VPCMPGTB Y5, Y0, Y2
+	VPSUBB   Y2, Y1, Y1
+	VPSHUFB  Y1, Y3, Y1
+	VPADDB   Y0, Y1, Y0
+	VMOVDQU  Y0, (AX)(CX*1)
+	ADDQ     $0x20, CX
+	ADDQ     $0x18, BX
+	SUBQ     $0x18, DI
+	CMPQ     DI, $0x20
+	JB       done
+	VMOVDQU  -4(DX)(BX*1), Y0
+	JMP      loop
+
+done:
+	MOVQ CX, ret+56(FP)
+	MOVQ BX, ret1+64(FP)
+	VZEROUPPER
+	RET
+
+DATA b64_enc_load<>+0(SB)/8, $0x8000000000000000
+DATA b64_enc_load<>+8(SB)/8, $0x8000000080000000
+DATA b64_enc_load<>+16(SB)/8, $0x8000000080000000
+DATA b64_enc_load<>+24(SB)/8, $0x8000000080000000
+GLOBL b64_enc_load<>(SB), RODATA|NOPTR, $32
+
+DATA b64_enc_shuf<>+0(SB)/8, $0x0809070805060405
+DATA b64_enc_shuf<>+8(SB)/8, $0x0e0f0d0e0b0c0a0b
+DATA b64_enc_shuf<>+16(SB)/8, $0x0405030401020001
+DATA b64_enc_shuf<>+24(SB)/8, $0x0a0b090a07080607
+GLOBL b64_enc_shuf<>(SB), RODATA|NOPTR, $32
+
+DATA b64_enc_mask1<>+0(SB)/8, $0x003f03f0003f03f0
+DATA b64_enc_mask1<>+8(SB)/8, $0x003f03f0003f03f0
+DATA b64_enc_mask1<>+16(SB)/8, $0x003f03f0003f03f0
+DATA b64_enc_mask1<>+24(SB)/8, $0x003f03f0003f03f0
+GLOBL b64_enc_mask1<>(SB), RODATA|NOPTR, $32
+
+DATA b64_enc_mask2<>+0(SB)/8, $0x0fc0fc000fc0fc00
+DATA b64_enc_mask2<>+8(SB)/8, $0x0fc0fc000fc0fc00
+DATA b64_enc_mask2<>+16(SB)/8, $0x0fc0fc000fc0fc00
+DATA b64_enc_mask2<>+24(SB)/8, $0x0fc0fc000fc0fc00
+GLOBL b64_enc_mask2<>(SB), RODATA|NOPTR, $32
+
+DATA b64_enc_mult<>+0(SB)/8, $0x0400004004000040
+DATA b64_enc_mult<>+8(SB)/8, $0x0400004004000040
+DATA b64_enc_mult<>+16(SB)/8, $0x0400004004000040
+DATA b64_enc_mult<>+24(SB)/8, $0x0400004004000040
+GLOBL b64_enc_mult<>(SB), RODATA|NOPTR, $32
diff --git a/vendor/github.com/segmentio/asm/base64/encode_arm64.go b/vendor/github.com/segmentio/asm/base64/encode_arm64.go
new file mode 100644
index 000000000..b6a381492
--- /dev/null
+++ b/vendor/github.com/segmentio/asm/base64/encode_arm64.go
@@ -0,0 +1,6 @@
+//go:build !purego
+// +build !purego
+
+package base64
+
+func encodeARM64(dst []byte, src []byte, lut *int8) (int, int)
diff --git a/vendor/github.com/segmentio/asm/base64/encode_arm64.s b/vendor/github.com/segmentio/asm/base64/encode_arm64.s
new file mode 100644
index 000000000..4654313bb
--- /dev/null
+++ b/vendor/github.com/segmentio/asm/base64/encode_arm64.s
@@ -0,0 +1,97 @@
+#include "textflag.h"
+
+#define Rdst  R0
+#define Rsrc  R1
+#define Rlen  R2
+#define Rwr   R3
+#define Rrem  R4
+#define Rtmp  R5
+
+#define Vlut V0
+#define Vfld0 V6
+#define Vfld1 V7
+#define Vfld2 V8
+#define Vfld3 V9
+#define Vsrc0 V10
+#define Vsrc1 V11
+#define Vsrc2 V12
+#define Vr0a V13
+#define Vr1a V14
+#define Vr2a V15
+#define Vr3a V16
+#define Vr0b V17
+#define Vr1b V18
+#define Vr2b V19
+#define Vr3b V20
+
+// func encodeARM64(dst []byte, src []byte, lut *int8) (int, int)
+TEXT ·encodeARM64(SB),NOSPLIT,$0-72
+	// Load dst/src info
+	MOVD    dst_base+0(FP), Rdst
+	MOVD    src_base+24(FP), Rsrc
+	MOVD    src_len+32(FP), Rlen
+	MOVD    lut+48(FP), Rtmp
+	VLD1    (Rtmp), [Vlut.B16]
+
+	MOVD    Rlen, Rrem
+	MOVD    Rdst, Rwr
+
+	VMOVI   $51, V1.B16
+	VMOVI   $26, V2.B16
+	VMOVI   $63, V3.B16
+	VMOVI   $13, V4.B16
+
+loop:
+	VLD3.P  48(Rsrc), [Vsrc0.B16, Vsrc1.B16, Vsrc2.B16]
+
+	// Split 3 source blocks into 4 lookup inputs
+	VUSHR   $2, Vsrc0.B16, Vfld0.B16
+	VUSHR   $4, Vsrc1.B16, Vfld1.B16
+	VUSHR   $6, Vsrc2.B16, Vfld2.B16
+	VSHL    $4, Vsrc0.B16, Vsrc0.B16
+	VSHL    $2, Vsrc1.B16, Vsrc1.B16
+	VORR    Vsrc0.B16, Vfld1.B16, Vfld1.B16
+	VORR    Vsrc1.B16, Vfld2.B16, Vfld2.B16
+	VAND    V3.B16, Vfld1.B16, Vfld1.B16
+	VAND    V3.B16, Vfld2.B16, Vfld2.B16
+	VAND    V3.B16, Vsrc2.B16, Vfld3.B16
+
+	WORD    $0x6e212ccd // VUQSUB  V1.B16, Vfld0.B16, Vr0a.B16
+	WORD    $0x4e263451 // VCMGT   V2.B16, Vfld0.B16, Vr0b.B16
+	VAND    V4.B16, Vr0b.B16, Vr0b.B16
+	VORR    Vr0b.B16, Vr0a.B16, Vr0a.B16
+	WORD    $0x6e212cee // VUQSUB  V1.B16, Vfld1.B16, Vr1a.B16
+	WORD    $0x4e273452 // VCMGT   V2.B16, Vfld1.B16, Vr1b.B16
+	VAND    V4.B16, Vr1b.B16, Vr1b.B16
+	VORR    Vr1b.B16, Vr1a.B16, Vr1a.B16
+	WORD    $0x6e212d0f // VUQSUB  V1.B16, Vfld2.B16, Vr2a.B16
+	WORD    $0x4e283453 // VCMGT   V2.B16, Vfld2.B16, Vr2b.B16
+	VAND    V4.B16, Vr2b.B16, Vr2b.B16
+	VORR    Vr2b.B16, Vr2a.B16, Vr2a.B16
+	WORD    $0x6e212d30 // VUQSUB  V1.B16, Vfld3.B16, Vr3a.B16
+	WORD    $0x4e293454 // VCMGT   V2.B16, Vfld3.B16, Vr3b.B16
+	VAND    V4.B16, Vr3b.B16, Vr3b.B16
+	VORR    Vr3b.B16, Vr3a.B16, Vr3a.B16
+
+	// Add result of lookup table to each field
+	VTBL    Vr0a.B16, [Vlut.B16], Vr0a.B16
+	VADD    Vr0a.B16, Vfld0.B16, Vfld0.B16
+	VTBL    Vr1a.B16, [Vlut.B16], Vr1a.B16
+	VADD    Vr1a.B16, Vfld1.B16, Vfld1.B16
+	VTBL    Vr2a.B16, [Vlut.B16], Vr2a.B16
+	VADD    Vr2a.B16, Vfld2.B16, Vfld2.B16
+	VTBL    Vr3a.B16, [Vlut.B16], Vr3a.B16
+	VADD    Vr3a.B16, Vfld3.B16, Vfld3.B16
+
+	VST4.P  [Vfld0.B16, Vfld1.B16, Vfld2.B16, Vfld3.B16], 64(Rwr)
+	SUB     $48, Rrem
+	CMP     $48, Rrem
+	BGE     loop
+
+done:
+	SUB     Rdst, Rwr
+	SUB     Rrem, Rlen
+	MOVD    Rwr, ret+56(FP)
+	MOVD    Rlen, ret1+64(FP)
+	RET
+
diff --git a/vendor/github.com/segmentio/asm/cpu/arm/arm.go b/vendor/github.com/segmentio/asm/cpu/arm/arm.go
new file mode 100644
index 000000000..47c695a07
--- /dev/null
+++ b/vendor/github.com/segmentio/asm/cpu/arm/arm.go
@@ -0,0 +1,80 @@
+package arm
+
+import (
+	"github.com/segmentio/asm/cpu/cpuid"
+	. "golang.org/x/sys/cpu"
+)
+
+type CPU cpuid.CPU
+
+func (cpu CPU) Has(feature Feature) bool {
+	return cpuid.CPU(cpu).Has(cpuid.Feature(feature))
+}
+
+func (cpu *CPU) set(feature Feature, enable bool) {
+	(*cpuid.CPU)(cpu).Set(cpuid.Feature(feature), enable)
+}
+
+type Feature cpuid.Feature
+
+const (
+	SWP      Feature = 1 << iota // SWP instruction support
+	HALF                         // Half-word load and store support
+	THUMB                        // ARM Thumb instruction set
+	BIT26                        // Address space limited to 26-bits
+	FASTMUL                      // 32-bit operand, 64-bit result multiplication support
+	FPA                          // Floating point arithmetic support
+	VFP                          // Vector floating point support
+	EDSP                         // DSP Extensions support
+	JAVA                         // Java instruction set
+	IWMMXT                       // Intel Wireless MMX technology support
+	CRUNCH                       // MaverickCrunch context switching and handling
+	THUMBEE                      // Thumb EE instruction set
+	NEON                         // NEON instruction set
+	VFPv3                        // Vector floating point version 3 support
+	VFPv3D16                     // Vector floating point version 3 D8-D15
+	TLS                          // Thread local storage support
+	VFPv4                        // Vector floating point version 4 support
+	IDIVA                        // Integer divide instruction support in ARM mode
+	IDIVT                        // Integer divide instruction support in Thumb mode
+	VFPD32                       // Vector floating point version 3 D15-D31
+	LPAE                         // Large Physical Address Extensions
+	EVTSTRM                      // Event stream support
+	AES                          // AES hardware implementation
+	PMULL                        // Polynomial multiplication instruction set
+	SHA1                         // SHA1 hardware implementation
+	SHA2                         // SHA2 hardware implementation
+	CRC32                        // CRC32 hardware implementation
+)
+
+func ABI() CPU {
+	cpu := CPU(0)
+	cpu.set(SWP, ARM.HasSWP)
+	cpu.set(HALF, ARM.HasHALF)
+	cpu.set(THUMB, ARM.HasTHUMB)
+	cpu.set(BIT26, ARM.Has26BIT)
+	cpu.set(FASTMUL, ARM.HasFASTMUL)
+	cpu.set(FPA, ARM.HasFPA)
+	cpu.set(VFP, ARM.HasVFP)
+	cpu.set(EDSP, ARM.HasEDSP)
+	cpu.set(JAVA, ARM.HasJAVA)
+	cpu.set(IWMMXT, ARM.HasIWMMXT)
+	cpu.set(CRUNCH, ARM.HasCRUNCH)
+	cpu.set(THUMBEE, ARM.HasTHUMBEE)
+	cpu.set(NEON, ARM.HasNEON)
+	cpu.set(VFPv3, ARM.HasVFPv3)
+	cpu.set(VFPv3D16, ARM.HasVFPv3D16)
+	cpu.set(TLS, ARM.HasTLS)
+	cpu.set(VFPv4, ARM.HasVFPv4)
+	cpu.set(IDIVA, ARM.HasIDIVA)
+	cpu.set(IDIVT, ARM.HasIDIVT)
+	cpu.set(VFPD32, ARM.HasVFPD32)
+	cpu.set(LPAE, ARM.HasLPAE)
+	cpu.set(EVTSTRM, ARM.HasEVTSTRM)
+	cpu.set(AES, ARM.HasAES)
+	cpu.set(PMULL, ARM.HasPMULL)
+	cpu.set(SHA1, ARM.HasSHA1)
+	cpu.set(SHA2, ARM.HasSHA2)
+	cpu.set(CRC32, ARM.HasCRC32)
+	return cpu
+}
diff --git a/vendor/github.com/segmentio/asm/cpu/arm64/arm64.go b/vendor/github.com/segmentio/asm/cpu/arm64/arm64.go
new file mode 100644
index 000000000..0c5134c76
--- /dev/null
+++ b/vendor/github.com/segmentio/asm/cpu/arm64/arm64.go
@@ -0,0 +1,74 @@
+package arm64
+
+import (
+	"github.com/segmentio/asm/cpu/cpuid"
+	. "golang.org/x/sys/cpu"
+)
+
+type CPU cpuid.CPU
+
+func (cpu CPU) Has(feature Feature) bool {
+	return cpuid.CPU(cpu).Has(cpuid.Feature(feature))
+}
+
+func (cpu *CPU) set(feature Feature, enable bool) {
+	(*cpuid.CPU)(cpu).Set(cpuid.Feature(feature), enable)
+}
+
+type Feature cpuid.Feature
+
+const (
+	FP       Feature = 1 << iota // Floating-point instruction set (always available)
+	ASIMD                        // Advanced SIMD (always available)
+	EVTSTRM                      // Event stream support
+	AES                          // AES hardware implementation
+	PMULL                        // Polynomial multiplication instruction set
+	SHA1                         // SHA1 hardware implementation
+	SHA2                         // SHA2 hardware implementation
+	CRC32                        // CRC32 hardware implementation
+	ATOMICS                      // Atomic memory operation instruction set
+	FPHP                         // Half precision floating-point instruction set
+	ASIMDHP                      // Advanced SIMD half precision instruction set
+	CPUID                        // CPUID identification scheme registers
+	ASIMDRDM                     // Rounding double multiply add/subtract instruction set
+	JSCVT                        // Javascript conversion from floating-point to integer
+	FCMA                         // Floating-point multiplication and addition of complex numbers
+	LRCPC                        // Release Consistent processor consistent support
+	DCPOP                        // Persistent memory support
+	SHA3                         // SHA3 hardware implementation
+	SM3                          // SM3 hardware implementation
+	SM4                          // SM4 hardware implementation
+	ASIMDDP                      // Advanced SIMD double precision instruction set
+	SHA512                       // SHA512 hardware implementation
+	SVE                          // Scalable Vector Extensions
+	ASIMDFHM                     // Advanced SIMD multiplication FP16 to FP32
+)
+
+func ABI() CPU {
+	cpu := CPU(0)
+	cpu.set(FP, ARM64.HasFP)
+	cpu.set(ASIMD, ARM64.HasASIMD)
+	cpu.set(EVTSTRM, ARM64.HasEVTSTRM)
+	cpu.set(AES, ARM64.HasAES)
+	cpu.set(PMULL, ARM64.HasPMULL)
+	cpu.set(SHA1, ARM64.HasSHA1)
+	cpu.set(SHA2, ARM64.HasSHA2)
+	cpu.set(CRC32, ARM64.HasCRC32)
+	cpu.set(ATOMICS, ARM64.HasATOMICS)
+	cpu.set(FPHP, ARM64.HasFPHP)
+	cpu.set(ASIMDHP, ARM64.HasASIMDHP)
+	cpu.set(CPUID, ARM64.HasCPUID)
+	cpu.set(ASIMDRDM, ARM64.HasASIMDRDM)
+	cpu.set(JSCVT, ARM64.HasJSCVT)
+	cpu.set(FCMA, ARM64.HasFCMA)
+	cpu.set(LRCPC, ARM64.HasLRCPC)
+	cpu.set(DCPOP, ARM64.HasDCPOP)
+	cpu.set(SHA3, ARM64.HasSHA3)
+	cpu.set(SM3, ARM64.HasSM3)
+	cpu.set(SM4, ARM64.HasSM4)
+	cpu.set(ASIMDDP, ARM64.HasASIMDDP)
+	cpu.set(SHA512, ARM64.HasSHA512)
+	cpu.set(SVE, ARM64.HasSVE)
+	cpu.set(ASIMDFHM, ARM64.HasASIMDFHM)
+	return cpu
+}
diff --git a/vendor/github.com/segmentio/asm/cpu/cpu.go b/vendor/github.com/segmentio/asm/cpu/cpu.go
new file mode 100644
index 000000000..6ddf4973f
--- /dev/null
+++ b/vendor/github.com/segmentio/asm/cpu/cpu.go
@@ -0,0 +1,22 @@
+// Pakage cpu provides APIs to detect CPU features available at runtime.
+package cpu
+
+import (
+	"github.com/segmentio/asm/cpu/arm"
+	"github.com/segmentio/asm/cpu/arm64"
+	"github.com/segmentio/asm/cpu/x86"
+)
+
+var (
+	// X86 is the bitset representing the set of the x86 instruction sets are
+	// supported by the CPU.
+	X86 = x86.ABI()
+
+	// ARM is the bitset representing which parts of the arm instruction sets
+	// are supported by the CPU.
+	ARM = arm.ABI()
+
+	// ARM64 is the bitset representing which parts of the arm64 instruction
+	// sets are supported by the CPU.
+	ARM64 = arm64.ABI()
+)
diff --git a/vendor/github.com/segmentio/asm/cpu/cpuid/cpuid.go b/vendor/github.com/segmentio/asm/cpu/cpuid/cpuid.go
new file mode 100644
index 000000000..0949d3d58
--- /dev/null
+++ b/vendor/github.com/segmentio/asm/cpu/cpuid/cpuid.go
@@ -0,0 +1,32 @@
+// Package cpuid provides generic types used to represent CPU features supported
+// by the architecture.
+package cpuid
+
+// CPU is a bitset of feature flags representing the capabilities of various CPU
+// architeectures that this package provides optimized assembly routines for.
+//
+// The intent is to provide a stable ABI between the Go code that generate the
+// assembly, and the program that uses the library functions.
+type CPU uint64
+
+// Feature represents a single CPU feature.
+type Feature uint64
+
+const (
+	// None is a Feature value that has no CPU features enabled.
+	None Feature = 0
+	// All is a Feature value that has all CPU features enabled.
+	All Feature = 0xFFFFFFFFFFFFFFFF
+)
+
+func (cpu CPU) Has(feature Feature) bool {
+	return (Feature(cpu) & feature) == feature
+}
+
+func (cpu *CPU) Set(feature Feature, enabled bool) {
+	if enabled {
+		*cpu |= CPU(feature)
+	} else {
+		*cpu &= ^CPU(feature)
+	}
+}
diff --git a/vendor/github.com/segmentio/asm/cpu/x86/x86.go b/vendor/github.com/segmentio/asm/cpu/x86/x86.go
new file mode 100644
index 000000000..9e9353758
--- /dev/null
+++ b/vendor/github.com/segmentio/asm/cpu/x86/x86.go
@@ -0,0 +1,76 @@
+package x86
+
+import (
+	"github.com/segmentio/asm/cpu/cpuid"
+	. "golang.org/x/sys/cpu"
+)
+
+type CPU cpuid.CPU
+
+func (cpu CPU) Has(feature Feature) bool {
+	return cpuid.CPU(cpu).Has(cpuid.Feature(feature))
+}
+
+func (cpu *CPU) set(feature Feature, enable bool) {
+	(*cpuid.CPU)(cpu).Set(cpuid.Feature(feature), enable)
+}
+
+type Feature cpuid.Feature
+
+const (
+	SSE                Feature = 1 << iota // SSE functions
+	SSE2                                   // P4 SSE functions
+	SSE3                                   // Prescott SSE3 functions
+	SSE41                                  // Penryn SSE4.1 functions
+	SSE42                                  // Nehalem SSE4.2 functions
+	SSE4A                                  // AMD Barcelona microarchitecture SSE4a instructions
+	SSSE3                                  // Conroe SSSE3 functions
+	AVX                                    // AVX functions
+	AVX2                                   // AVX2 functions
+	AVX512BF16                             // AVX-512 BFLOAT16 Instructions
+	AVX512BITALG                           // AVX-512 Bit Algorithms
+	AVX512BW                               // AVX-512 Byte and Word Instructions
+	AVX512CD                               // AVX-512 Conflict Detection Instructions
+	AVX512DQ                               // AVX-512 Doubleword and Quadword Instructions
+	AVX512ER                               // AVX-512 Exponential and Reciprocal Instructions
+	AVX512F                                // AVX-512 Foundation
+	AVX512IFMA                             // AVX-512 Integer Fused Multiply-Add Instructions
+	AVX512PF                               // AVX-512 Prefetch Instructions
+	AVX512VBMI                             // AVX-512 Vector Bit Manipulation Instructions
+	AVX512VBMI2                            // AVX-512 Vector Bit Manipulation Instructions, Version 2
+	AVX512VL                               // AVX-512 Vector Length Extensions
+	AVX512VNNI                             // AVX-512 Vector Neural Network Instructions
+	AVX512VP2INTERSECT                     // AVX-512 Intersect for D/Q
+	AVX512VPOPCNTDQ                        // AVX-512 Vector Population Count Doubleword and Quadword
+	CMOV                                   // Conditional move
+)
+
+func ABI() CPU {
+	cpu := CPU(0)
+	cpu.set(SSE, true) // TODO: golang.org/x/sys/cpu assumes all CPUs have SEE?
+	cpu.set(SSE2, X86.HasSSE2)
+	cpu.set(SSE3, X86.HasSSE3)
+	cpu.set(SSE41, X86.HasSSE41)
+	cpu.set(SSE42, X86.HasSSE42)
+	cpu.set(SSE4A, false) // TODO: add upstream support in golang.org/x/sys/cpu?
+	cpu.set(SSSE3, X86.HasSSSE3)
+	cpu.set(AVX, X86.HasAVX)
+	cpu.set(AVX2, X86.HasAVX2)
+	cpu.set(AVX512BF16, X86.HasAVX512BF16)
+	cpu.set(AVX512BITALG, X86.HasAVX512BITALG)
+	cpu.set(AVX512BW, X86.HasAVX512BW)
+	cpu.set(AVX512CD, X86.HasAVX512CD)
+	cpu.set(AVX512DQ, X86.HasAVX512DQ)
+	cpu.set(AVX512ER, X86.HasAVX512ER)
+	cpu.set(AVX512F, X86.HasAVX512F)
+	cpu.set(AVX512IFMA, X86.HasAVX512IFMA)
+	cpu.set(AVX512PF, X86.HasAVX512PF)
+	cpu.set(AVX512VBMI, X86.HasAVX512VBMI)
+	cpu.set(AVX512VBMI2, X86.HasAVX512VBMI2)
+	cpu.set(AVX512VL, X86.HasAVX512VL)
+	cpu.set(AVX512VNNI, X86.HasAVX512VNNI)
+	cpu.set(AVX512VP2INTERSECT, false) // TODO: add upstream support in golang.org/x/sys/cpu?
+	cpu.set(AVX512VPOPCNTDQ, X86.HasAVX512VPOPCNTDQ)
+	cpu.set(CMOV, true) // TODO: golang.org/x/sys/cpu assumes all CPUs have CMOV?
+	return cpu
+}
diff --git a/vendor/github.com/segmentio/asm/internal/unsafebytes/unsafebytes.go b/vendor/github.com/segmentio/asm/internal/unsafebytes/unsafebytes.go
new file mode 100644
index 000000000..913c9cc68
--- /dev/null
+++ b/vendor/github.com/segmentio/asm/internal/unsafebytes/unsafebytes.go
@@ -0,0 +1,20 @@
+package unsafebytes
+
+import "unsafe"
+
+func Pointer(b []byte) *byte {
+	return *(**byte)(unsafe.Pointer(&b))
+}
+
+func String(b []byte) string {
+	return *(*string)(unsafe.Pointer(&b))
+}
+
+func BytesOf(s string) []byte {
+	return *(*[]byte)(unsafe.Pointer(&sliceHeader{str: s, cap: len(s)}))
+}
+
+type sliceHeader struct {
+	str string
+	cap int
+}
diff --git a/vendor/github.com/sigstore/cosign/v2/cmd/cosign/cli/options/attach.go b/vendor/github.com/sigstore/cosign/v2/cmd/cosign/cli/options/attach.go
index 036ed1f1a..cb7b9a2ce 100644
--- a/vendor/github.com/sigstore/cosign/v2/cmd/cosign/cli/options/attach.go
+++ b/vendor/github.com/sigstore/cosign/v2/cmd/cosign/cli/options/attach.go
@@ -32,6 +32,7 @@ type AttachSignatureOptions struct {
 	Cert           string
 	CertChain      string
 	TimeStampedSig string
+	RekorBundle    string
 	Registry       RegistryOptions
 }
 
@@ -57,6 +58,8 @@ func (o *AttachSignatureOptions) AddFlags(cmd *cobra.Command) {
 			"signing certificate and end with the root certificate. Included in the OCI Signature")
 	cmd.Flags().StringVar(&o.TimeStampedSig, "tsr", "",
 		"path to the Time Stamped Signature Response from RFC3161 compliant TSA")
+	cmd.Flags().StringVar(&o.RekorBundle, "rekor-response", "",
+		"path to the rekor bundle")
 }
 
 // AttachSBOMOptions is the top level wrapper for the attach sbom command.
diff --git a/vendor/github.com/sigstore/cosign/v2/cmd/cosign/cli/options/clean.go b/vendor/github.com/sigstore/cosign/v2/cmd/cosign/cli/options/clean.go
index 67e332809..540bc4f1c 100644
--- a/vendor/github.com/sigstore/cosign/v2/cmd/cosign/cli/options/clean.go
+++ b/vendor/github.com/sigstore/cosign/v2/cmd/cosign/cli/options/clean.go
@@ -65,7 +65,7 @@ var _ Interface = (*CleanOptions)(nil)
 func (c *CleanOptions) AddFlags(cmd *cobra.Command) {
 	c.Registry.AddFlags(cmd)
 	c.CleanType = defaultCleanType()
-	cmd.Flags().Var(&c.CleanType, "type", "a type of clean: <signature|attestation|sbom|all>")
+	cmd.Flags().Var(&c.CleanType, "type", "a type of clean: <signature|attestation|sbom|all> (sbom is deprecated)")
 	// TODO(#2044): Rename to --skip-confirmation for consistency?
 	cmd.Flags().BoolVarP(&c.Force, "force", "f", false, "do not prompt for confirmation")
 }
diff --git a/vendor/github.com/sigstore/cosign/v2/cmd/cosign/cli/options/copy.go b/vendor/github.com/sigstore/cosign/v2/cmd/cosign/cli/options/copy.go
index e9c5c7013..7f4d5f373 100644
--- a/vendor/github.com/sigstore/cosign/v2/cmd/cosign/cli/options/copy.go
+++ b/vendor/github.com/sigstore/cosign/v2/cmd/cosign/cli/options/copy.go
@@ -21,8 +21,10 @@ import (
 
 // CopyOptions is the top level wrapper for the copy command.
 type CopyOptions struct {
+	CopyOnly      string
 	SignatureOnly bool
 	Force         bool
+	Platform      string
 	Registry      RegistryOptions
 }
 
@@ -32,9 +34,15 @@ var _ Interface = (*CopyOptions)(nil)
 func (o *CopyOptions) AddFlags(cmd *cobra.Command) {
 	o.Registry.AddFlags(cmd)
 
+	cmd.Flags().StringVar(&o.CopyOnly, "only", "",
+		"custom string array to only copy specific items, this flag is comma delimited. ex: --only=sbom,sign,att")
+
 	cmd.Flags().BoolVar(&o.SignatureOnly, "sig-only", false,
-		"only copy the image signature")
+		"[DEPRECATED] only copy the image signature")
 
 	cmd.Flags().BoolVarP(&o.Force, "force", "f", false,
 		"overwrite destination image(s), if necessary")
+
+	cmd.Flags().StringVar(&o.Platform, "platform", "",
+		"only copy container image and its signatures for a specific platform image")
 }
diff --git a/vendor/github.com/sigstore/cosign/v2/internal/pkg/now/now.go b/vendor/github.com/sigstore/cosign/v2/cmd/cosign/cli/options/deprecate.go
similarity index 55%
rename from vendor/github.com/sigstore/cosign/v2/internal/pkg/now/now.go
rename to vendor/github.com/sigstore/cosign/v2/cmd/cosign/cli/options/deprecate.go
index 253a41f3f..76084afa1 100644
--- a/vendor/github.com/sigstore/cosign/v2/internal/pkg/now/now.go
+++ b/vendor/github.com/sigstore/cosign/v2/cmd/cosign/cli/options/deprecate.go
@@ -13,26 +13,9 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-package now
+package options
 
-import (
-	"fmt"
-	"os"
-	"strconv"
-	"time"
-)
-
-// Now returns SOURCE_DATE_EPOCH or time.Now().
-func Now() (time.Time, error) {
-	// nolint
-	epoch := os.Getenv("SOURCE_DATE_EPOCH")
-	if epoch == "" {
-		return time.Now(), nil
-	}
-
-	seconds, err := strconv.ParseInt(epoch, 10, 64)
-	if err != nil {
-		return time.Now(), fmt.Errorf("SOURCE_DATE_EPOCH should be the number of seconds since January 1st 1970, 00:00 UTC, got: %w", err)
-	}
-	return time.Unix(seconds, 0), nil
-}
+const SBOMAttachmentDeprecation = "WARNING: SBOM attachments are deprecated " +
+	"and support will be removed in a Cosign release soon after 2024-02-22 " +
+	"(see https://github.com/sigstore/cosign/issues/2755). " +
+	"Instead, please use SBOM attestations."
diff --git a/vendor/github.com/sigstore/cosign/v2/cmd/cosign/cli/options/key.go b/vendor/github.com/sigstore/cosign/v2/cmd/cosign/cli/options/key.go
index 1100ca083..6af69afda 100644
--- a/vendor/github.com/sigstore/cosign/v2/cmd/cosign/cli/options/key.go
+++ b/vendor/github.com/sigstore/cosign/v2/cmd/cosign/cli/options/key.go
@@ -33,6 +33,10 @@ type KeyOpts struct {
 	OIDCProvider         string // Specify which OIDC credential provider to use for keyless signer
 	BundlePath           string
 	SkipConfirmation     bool
+	TSAClientCACert      string
+	TSAClientCert        string
+	TSAClientKey         string
+	TSAServerName        string // expected SAN field in the TSA server's certificate - https://pkg.go.dev/crypto/tls#Config.ServerName
 	TSAServerURL         string
 	RFC3161TimestampPath string
 	TSACertChainPath     string
diff --git a/vendor/github.com/sigstore/cosign/v2/cmd/cosign/cli/options/predicate.go b/vendor/github.com/sigstore/cosign/v2/cmd/cosign/cli/options/predicate.go
index 707a38cae..0c68e279b 100644
--- a/vendor/github.com/sigstore/cosign/v2/cmd/cosign/cli/options/predicate.go
+++ b/vendor/github.com/sigstore/cosign/v2/cmd/cosign/cli/options/predicate.go
@@ -19,7 +19,8 @@ import (
 	"fmt"
 	"net/url"
 
-	slsa "github.com/in-toto/in-toto-golang/in_toto/slsa_provenance/v0.2"
+	slsa02 "github.com/in-toto/in-toto-golang/in_toto/slsa_provenance/v0.2"
+	slsa1 "github.com/in-toto/in-toto-golang/in_toto/slsa_provenance/v1"
 
 	"github.com/in-toto/in-toto-golang/in_toto"
 	"github.com/spf13/cobra"
@@ -30,6 +31,8 @@ import (
 const (
 	PredicateCustom    = "custom"
 	PredicateSLSA      = "slsaprovenance"
+	PredicateSLSA02    = "slsaprovenance02"
+	PredicateSLSA1     = "slsaprovenance1"
 	PredicateSPDX      = "spdx"
 	PredicateSPDXJSON  = "spdxjson"
 	PredicateCycloneDX = "cyclonedx"
@@ -40,7 +43,9 @@ const (
 // PredicateTypeMap is the mapping between the predicate `type` option to predicate URI.
 var PredicateTypeMap = map[string]string{
 	PredicateCustom:    attestation.CosignCustomProvenanceV01,
-	PredicateSLSA:      slsa.PredicateSLSAProvenance,
+	PredicateSLSA:      slsa02.PredicateSLSAProvenance,
+	PredicateSLSA02:    slsa02.PredicateSLSAProvenance,
+	PredicateSLSA1:     slsa1.PredicateSLSAProvenance,
 	PredicateSPDX:      in_toto.PredicateSPDX,
 	PredicateSPDXJSON:  in_toto.PredicateSPDX,
 	PredicateCycloneDX: in_toto.PredicateCycloneDX,
@@ -58,7 +63,7 @@ var _ Interface = (*PredicateOptions)(nil)
 // AddFlags implements Interface
 func (o *PredicateOptions) AddFlags(cmd *cobra.Command) {
 	cmd.Flags().StringVar(&o.Type, "type", "custom",
-		"specify a predicate type (slsaprovenance|link|spdx|spdxjson|cyclonedx|vuln|custom) or an URI")
+		"specify a predicate type (slsaprovenance|slsaprovenance02|slsaprovenance1|link|spdx|spdxjson|cyclonedx|vuln|custom) or an URI")
 }
 
 // ParsePredicateType parses the predicate `type` flag passed into a predicate URI, or validates `type` is a valid URI.
diff --git a/vendor/github.com/sigstore/cosign/v2/cmd/cosign/cli/options/registry.go b/vendor/github.com/sigstore/cosign/v2/cmd/cosign/cli/options/registry.go
index 425a7c60a..61edb47d4 100644
--- a/vendor/github.com/sigstore/cosign/v2/cmd/cosign/cli/options/registry.go
+++ b/vendor/github.com/sigstore/cosign/v2/cmd/cosign/cli/options/registry.go
@@ -44,6 +44,7 @@ type RegistryOptions struct {
 	KubernetesKeychain bool
 	RefOpts            ReferenceOptions
 	Keychain           Keychain
+	AuthConfig         authn.AuthConfig
 
 	// RegistryClientOpts allows overriding the result of GetRegistryClientOpts.
 	RegistryClientOpts []remote.Option
@@ -62,6 +63,15 @@ func (o *RegistryOptions) AddFlags(cmd *cobra.Command) {
 	cmd.Flags().BoolVar(&o.KubernetesKeychain, "k8s-keychain", false,
 		"whether to use the kubernetes keychain instead of the default keychain (supports workload identity).")
 
+	cmd.Flags().StringVar(&o.AuthConfig.Username, "registry-username", "",
+		"registry basic auth username")
+
+	cmd.Flags().StringVar(&o.AuthConfig.Password, "registry-password", "",
+		"registry basic auth password")
+
+	cmd.Flags().StringVar(&o.AuthConfig.RegistryToken, "registry-token", "",
+		"registry bearer auth token")
+
 	o.RefOpts.AddFlags(cmd)
 }
 
@@ -113,6 +123,10 @@ func (o *RegistryOptions) GetRegistryClientOpts(ctx context.Context) []remote.Op
 			github.Keychain,
 		)
 		opts = append(opts, remote.WithAuthFromKeychain(kc))
+	case o.AuthConfig.Username != "" && o.AuthConfig.Password != "":
+		opts = append(opts, remote.WithAuth(&authn.Basic{Username: o.AuthConfig.Username, Password: o.AuthConfig.Password}))
+	case o.AuthConfig.RegistryToken != "":
+		opts = append(opts, remote.WithAuth(&authn.Bearer{Token: o.AuthConfig.RegistryToken}))
 	default:
 		opts = append(opts, remote.WithAuthFromKeychain(authn.DefaultKeychain))
 	}
diff --git a/vendor/github.com/sigstore/cosign/v2/cmd/cosign/cli/options/sign.go b/vendor/github.com/sigstore/cosign/v2/cmd/cosign/cli/options/sign.go
index 0359fa8e6..c7cef8607 100644
--- a/vendor/github.com/sigstore/cosign/v2/cmd/cosign/cli/options/sign.go
+++ b/vendor/github.com/sigstore/cosign/v2/cmd/cosign/cli/options/sign.go
@@ -34,6 +34,10 @@ type SignOptions struct {
 	Attachment            string
 	SkipConfirmation      bool
 	TlogUpload            bool
+	TSAClientCACert       string
+	TSAClientCert         string
+	TSAClientKey          string
+	TSAServerName         string
 	TSAServerURL          string
 	IssueCertificate      bool
 	SignContainerIdentity string
@@ -96,7 +100,7 @@ func (o *SignOptions) AddFlags(cmd *cobra.Command) {
 		"if a multi-arch image is specified, additionally sign each discrete image")
 
 	cmd.Flags().StringVar(&o.Attachment, "attachment", "",
-		"related image attachment to sign (sbom), default none")
+		"DEPRECATED, related image attachment to sign (sbom), default none")
 
 	cmd.Flags().BoolVarP(&o.SkipConfirmation, "yes", "y", false,
 		"skip confirmation prompts for non-destructive operations")
@@ -104,9 +108,23 @@ func (o *SignOptions) AddFlags(cmd *cobra.Command) {
 	cmd.Flags().BoolVar(&o.TlogUpload, "tlog-upload", true,
 		"whether or not to upload to the tlog")
 
+	cmd.Flags().StringVar(&o.TSAClientCACert, "timestamp-client-cacert", "",
+		"path to the X.509 CA certificate file in PEM format to be used for the connection to the TSA Server")
+
+	cmd.Flags().StringVar(&o.TSAClientCert, "timestamp-client-cert", "",
+		"path to the X.509 certificate file in PEM format to be used for the connection to the TSA Server")
+
+	cmd.Flags().StringVar(&o.TSAClientKey, "timestamp-client-key", "",
+		"path to the X.509 private key file in PEM format to be used, together with the 'timestamp-client-cert' value, for the connection to the TSA Server")
+
+	cmd.Flags().StringVar(&o.TSAServerName, "timestamp-server-name", "",
+		"SAN name to use as the 'ServerName' tls.Config field to verify the mTLS connection to the TSA Server")
+
 	cmd.Flags().StringVar(&o.TSAServerURL, "timestamp-server-url", "",
 		"url to the Timestamp RFC3161 server, default none. Must be the path to the API to request timestamp responses, e.g. https://freetsa.org/tsr")
 
+	_ = cmd.Flags().SetAnnotation("certificate", cobra.BashCompFilenameExt, []string{"cert"})
+
 	cmd.Flags().BoolVar(&o.IssueCertificate, "issue-certificate", false,
 		"issue a code signing certificate from Fulcio, even if a key is provided")
 
diff --git a/vendor/github.com/sigstore/cosign/v2/cmd/cosign/cli/options/signblob.go b/vendor/github.com/sigstore/cosign/v2/cmd/cosign/cli/options/signblob.go
index 99c1a473a..7cddde63d 100644
--- a/vendor/github.com/sigstore/cosign/v2/cmd/cosign/cli/options/signblob.go
+++ b/vendor/github.com/sigstore/cosign/v2/cmd/cosign/cli/options/signblob.go
@@ -35,6 +35,10 @@ type SignBlobOptions struct {
 	BundlePath           string
 	SkipConfirmation     bool
 	TlogUpload           bool
+	TSAClientCACert      string
+	TSAClientCert        string
+	TSAClientKey         string
+	TSAServerName        string
 	TSAServerURL         string
 	RFC3161TimestampPath string
 	IssueCertificate     bool
@@ -77,6 +81,18 @@ func (o *SignBlobOptions) AddFlags(cmd *cobra.Command) {
 	cmd.Flags().BoolVar(&o.TlogUpload, "tlog-upload", true,
 		"whether or not to upload to the tlog")
 
+	cmd.Flags().StringVar(&o.TSAClientCACert, "timestamp-client-cacert", "",
+		"path to the X.509 CA certificate file in PEM format to be used for the connection to the TSA Server")
+
+	cmd.Flags().StringVar(&o.TSAClientCert, "timestamp-client-cert", "",
+		"path to the X.509 certificate file in PEM format to be used for the connection to the TSA Server")
+
+	cmd.Flags().StringVar(&o.TSAClientKey, "timestamp-client-key", "",
+		"path to the X.509 private key file in PEM format to be used, together with the 'timestamp-client-cert' value, for the connection to the TSA Server")
+
+	cmd.Flags().StringVar(&o.TSAServerName, "timestamp-server-name", "",
+		"SAN name to use as the 'ServerName' tls.Config field to verify the mTLS connection to the TSA Server")
+
 	cmd.Flags().StringVar(&o.TSAServerURL, "timestamp-server-url", "",
 		"url to the Timestamp RFC3161 server, default none. Must be the path to the API to request timestamp responses, e.g. https://freetsa.org/tsr")
 
diff --git a/vendor/github.com/sigstore/cosign/v2/cmd/cosign/cli/options/triangulate.go b/vendor/github.com/sigstore/cosign/v2/cmd/cosign/cli/options/triangulate.go
index 5a60b38e9..ba76618b0 100644
--- a/vendor/github.com/sigstore/cosign/v2/cmd/cosign/cli/options/triangulate.go
+++ b/vendor/github.com/sigstore/cosign/v2/cmd/cosign/cli/options/triangulate.go
@@ -32,5 +32,5 @@ func (o *TriangulateOptions) AddFlags(cmd *cobra.Command) {
 	o.Registry.AddFlags(cmd)
 
 	cmd.Flags().StringVar(&o.Type, "type", "signature",
-		"related attachment to triangulate (attestation|sbom|signature), default signature")
+		"related attachment to triangulate (attestation|sbom|signature|digest), default signature (sbom is deprecated)")
 }
diff --git a/vendor/github.com/sigstore/cosign/v2/cmd/cosign/cli/options/verify.go b/vendor/github.com/sigstore/cosign/v2/cmd/cosign/cli/options/verify.go
index dd2c3f7a4..0b14797ef 100644
--- a/vendor/github.com/sigstore/cosign/v2/cmd/cosign/cli/options/verify.go
+++ b/vendor/github.com/sigstore/cosign/v2/cmd/cosign/cli/options/verify.go
@@ -26,6 +26,9 @@ type CommonVerifyOptions struct {
 	TSACertChainPath string
 	IgnoreTlog       bool
 	MaxWorkers       int
+	// This is added to CommonVerifyOptions to provide a path to support
+	// it for other verify options.
+	ExperimentalOCI11 bool
 }
 
 func (o *CommonVerifyOptions) AddFlags(cmd *cobra.Command) {
@@ -40,6 +43,9 @@ func (o *CommonVerifyOptions) AddFlags(cmd *cobra.Command) {
 		"ignore transparency log verification, to be used when an artifact signature has not been uploaded to the transparency log. Artifacts "+
 			"cannot be publicly verified when not included in a log")
 
+	cmd.Flags().BoolVar(&o.ExperimentalOCI11, "experimental-oci11", false,
+		"set to true to enable experimental OCI 1.1 behaviour")
+
 	cmd.Flags().IntVar(&o.MaxWorkers, "max-workers", cosign.DefaultMaxWorkers,
 		"the amount of maximum workers for parallel executions")
 }
@@ -84,7 +90,7 @@ func (o *VerifyOptions) AddFlags(cmd *cobra.Command) {
 		"whether to check the claims found")
 
 	cmd.Flags().StringVar(&o.Attachment, "attachment", "",
-		"related image attachment to verify (sbom), default none")
+		"DEPRECATED, related image attachment to verify (sbom), default none")
 
 	cmd.Flags().StringVarP(&o.Output, "output", "o", "json",
 		"output format for the signing image information (json|text)")
diff --git a/vendor/github.com/sigstore/cosign/v2/pkg/cosign/attestation/attestation.go b/vendor/github.com/sigstore/cosign/v2/pkg/cosign/attestation/attestation.go
index 52a200804..f95d8a9ec 100644
--- a/vendor/github.com/sigstore/cosign/v2/pkg/cosign/attestation/attestation.go
+++ b/vendor/github.com/sigstore/cosign/v2/pkg/cosign/attestation/attestation.go
@@ -23,7 +23,8 @@ import (
 	"strings"
 	"time"
 
-	slsa "github.com/in-toto/in-toto-golang/in_toto/slsa_provenance/v0.2"
+	slsa02 "github.com/in-toto/in-toto-golang/in_toto/slsa_provenance/v0.2"
+	slsa1 "github.com/in-toto/in-toto-golang/in_toto/slsa_provenance/v1"
 
 	"github.com/in-toto/in-toto-golang/in_toto"
 )
@@ -99,7 +100,7 @@ type GenerateOpts struct {
 }
 
 // GenerateStatement returns an in-toto statement based on the provided
-// predicate type (custom|slsaprovenance|spdx|spdxjson|cyclonedx|link).
+// predicate type (custom|slsaprovenance|slsaprovenance02|slsaprovenance1|spdx|spdxjson|cyclonedx|link).
 func GenerateStatement(opts GenerateOpts) (interface{}, error) {
 	predicate, err := io.ReadAll(opts.Predicate)
 	if err != nil {
@@ -108,7 +109,11 @@ func GenerateStatement(opts GenerateOpts) (interface{}, error) {
 
 	switch opts.Type {
 	case "slsaprovenance":
-		return generateSLSAProvenanceStatement(predicate, opts.Digest, opts.Repo)
+		return generateSLSAProvenanceStatementSLSA02(predicate, opts.Digest, opts.Repo)
+	case "slsaprovenance02":
+		return generateSLSAProvenanceStatementSLSA02(predicate, opts.Digest, opts.Repo)
+	case "slsaprovenance1":
+		return generateSLSAProvenanceStatementSLSA1(predicate, opts.Digest, opts.Repo)
 	case "spdx":
 		return generateSPDXStatement(predicate, opts.Digest, opts.Repo, false)
 	case "spdxjson":
@@ -198,8 +203,8 @@ func generateCustomPredicate(rawPayload []byte, customType, timestamp string) (i
 	return result, nil
 }
 
-func generateSLSAProvenanceStatement(rawPayload []byte, digest string, repo string) (interface{}, error) {
-	var predicate slsa.ProvenancePredicate
+func generateSLSAProvenanceStatementSLSA02(rawPayload []byte, digest string, repo string) (interface{}, error) {
+	var predicate slsa02.ProvenancePredicate
 	err := checkRequiredJSONFields(rawPayload, reflect.TypeOf(predicate))
 	if err != nil {
 		return nil, fmt.Errorf("provenance predicate: %w", err)
@@ -208,8 +213,24 @@ func generateSLSAProvenanceStatement(rawPayload []byte, digest string, repo stri
 	if err != nil {
 		return "", fmt.Errorf("unmarshal Provenance predicate: %w", err)
 	}
-	return in_toto.ProvenanceStatement{
-		StatementHeader: generateStatementHeader(digest, repo, slsa.PredicateSLSAProvenance),
+	return in_toto.ProvenanceStatementSLSA02{
+		StatementHeader: generateStatementHeader(digest, repo, slsa02.PredicateSLSAProvenance),
+		Predicate:       predicate,
+	}, nil
+}
+
+func generateSLSAProvenanceStatementSLSA1(rawPayload []byte, digest string, repo string) (interface{}, error) {
+	var predicate slsa1.ProvenancePredicate
+	err := checkRequiredJSONFields(rawPayload, reflect.TypeOf(predicate))
+	if err != nil {
+		return nil, fmt.Errorf("provenance predicate: %w", err)
+	}
+	err = json.Unmarshal(rawPayload, &predicate)
+	if err != nil {
+		return "", fmt.Errorf("unmarshal Provenance predicate: %w", err)
+	}
+	return in_toto.ProvenanceStatementSLSA1{
+		StatementHeader: generateStatementHeader(digest, repo, slsa1.PredicateSLSAProvenance),
 		Predicate:       predicate,
 	}, nil
 }
diff --git a/vendor/github.com/sigstore/cosign/v2/pkg/cosign/bundle/rekor.go b/vendor/github.com/sigstore/cosign/v2/pkg/cosign/bundle/rekor.go
index 497aa7a46..533130205 100644
--- a/vendor/github.com/sigstore/cosign/v2/pkg/cosign/bundle/rekor.go
+++ b/vendor/github.com/sigstore/cosign/v2/pkg/cosign/bundle/rekor.go
@@ -14,7 +14,9 @@
 
 package bundle
 
-import "github.com/sigstore/rekor/pkg/generated/models"
+import (
+	"github.com/sigstore/rekor/pkg/generated/models"
+)
 
 // RekorBundle holds metadata about recording a Signature's ephemeral key to
 // a Rekor transparency log.
diff --git a/vendor/github.com/sigstore/cosign/v2/pkg/cosign/env/env.go b/vendor/github.com/sigstore/cosign/v2/pkg/cosign/env/env.go
index 599df2e0f..5c26d4f51 100644
--- a/vendor/github.com/sigstore/cosign/v2/pkg/cosign/env/env.go
+++ b/vendor/github.com/sigstore/cosign/v2/pkg/cosign/env/env.go
@@ -44,12 +44,13 @@ func (v Variable) String() string {
 
 const (
 	// Cosign environment variables
-	VariableExperimental     Variable = "COSIGN_EXPERIMENTAL"
-	VariableDockerMediaTypes Variable = "COSIGN_DOCKER_MEDIA_TYPES"
-	VariablePassword         Variable = "COSIGN_PASSWORD"
-	VariablePKCS11Pin        Variable = "COSIGN_PKCS11_PIN"
-	VariablePKCS11ModulePath Variable = "COSIGN_PKCS11_MODULE_PATH"
-	VariableRepository       Variable = "COSIGN_REPOSITORY"
+	VariableExperimental            Variable = "COSIGN_EXPERIMENTAL"
+	VariableDockerMediaTypes        Variable = "COSIGN_DOCKER_MEDIA_TYPES"
+	VariablePassword                Variable = "COSIGN_PASSWORD"
+	VariablePKCS11Pin               Variable = "COSIGN_PKCS11_PIN"
+	VariablePKCS11ModulePath        Variable = "COSIGN_PKCS11_MODULE_PATH"
+	VariablePKCS11IgnoreCertificate Variable = "COSIGN_PKCS11_IGNORE_CERTIFICATE"
+	VariableRepository              Variable = "COSIGN_REPOSITORY"
 
 	// Sigstore environment variables
 	VariableSigstoreCTLogPublicKeyFile Variable = "SIGSTORE_CT_LOG_PUBLIC_KEY_FILE"
@@ -102,6 +103,11 @@ var (
 			Expects:     "string with a module-path",
 			Sensitive:   false,
 		},
+		VariablePKCS11IgnoreCertificate: {
+			Description: "disables loading certificates with PKCS11",
+			Expects:     "1 if loading certificates should be disabled (0 by default)",
+			Sensitive:   false,
+		},
 		VariableRepository: {
 			Description: "can be used to store signatures in an alternate location",
 			Expects:     "string with a repository",
diff --git a/vendor/github.com/sigstore/cosign/v2/pkg/cosign/fetch.go b/vendor/github.com/sigstore/cosign/v2/pkg/cosign/fetch.go
index 84c9238fe..ff81be227 100644
--- a/vendor/github.com/sigstore/cosign/v2/pkg/cosign/fetch.go
+++ b/vendor/github.com/sigstore/cosign/v2/pkg/cosign/fetch.go
@@ -34,6 +34,8 @@ import (
 	"golang.org/x/sync/errgroup"
 )
 
+const maxAllowedSigsOrAtts = 100
+
 type SignedPayload struct {
 	Base64Signature  string
 	Payload          []byte
@@ -64,6 +66,7 @@ const (
 	Signature   = "signature"
 	SBOM        = "sbom"
 	Attestation = "attestation"
+	Digest      = "digest"
 )
 
 func FetchSignaturesForReference(_ context.Context, ref name.Reference, opts ...ociremote.Option) ([]SignedPayload, error) {
@@ -83,6 +86,9 @@ func FetchSignaturesForReference(_ context.Context, ref name.Reference, opts ...
 	if len(l) == 0 {
 		return nil, fmt.Errorf("no signatures associated with %s", ref)
 	}
+	if len(l) > maxAllowedSigsOrAtts {
+		return nil, fmt.Errorf("maximum number of signatures on an image is %d, found %d", maxAllowedSigsOrAtts, len(l))
+	}
 
 	signatures := make([]SignedPayload, len(l))
 	var g errgroup.Group
@@ -144,6 +150,10 @@ func FetchAttestations(se oci.SignedEntity, predicateType string) ([]Attestation
 	if len(l) == 0 {
 		return nil, errors.New("found no attestations")
 	}
+	if len(l) > maxAllowedSigsOrAtts {
+		errMsg := fmt.Sprintf("maximum number of attestations on an image is %d, found %d", maxAllowedSigsOrAtts, len(l))
+		return nil, errors.New(errMsg)
+	}
 
 	attestations := make([]AttestationPayload, 0, len(l))
 	var attMu sync.Mutex
diff --git a/vendor/github.com/sigstore/cosign/v2/pkg/cosign/git/github/github.go b/vendor/github.com/sigstore/cosign/v2/pkg/cosign/git/github/github.go
index 8f7a0b4ea..6aecb0b64 100644
--- a/vendor/github.com/sigstore/cosign/v2/pkg/cosign/git/github/github.go
+++ b/vendor/github.com/sigstore/cosign/v2/pkg/cosign/git/github/github.go
@@ -25,7 +25,7 @@ import (
 	"os"
 	"strings"
 
-	"github.com/google/go-github/v50/github"
+	"github.com/google/go-github/v55/github"
 	"golang.org/x/crypto/nacl/box"
 	"golang.org/x/oauth2"
 
@@ -57,7 +57,7 @@ func (g *Gh) PutSecret(ctx context.Context, ref string, pf cosign.PassFunc) erro
 	var client *github.Client
 	if host, ok := env.LookupEnv(env.VariableGitHubHost); ok {
 		var err error
-		client, err = github.NewEnterpriseClient(host, host, httpClient)
+		client, err = github.NewClient(httpClient).WithEnterpriseURLs(host, host)
 		if err != nil {
 			return fmt.Errorf("could not create github enterprise client: %w", err)
 		}
diff --git a/vendor/github.com/sigstore/cosign/v2/pkg/cosign/keys.go b/vendor/github.com/sigstore/cosign/v2/pkg/cosign/keys.go
index 3ab43cae4..9adc22525 100644
--- a/vendor/github.com/sigstore/cosign/v2/pkg/cosign/keys.go
+++ b/vendor/github.com/sigstore/cosign/v2/pkg/cosign/keys.go
@@ -30,8 +30,7 @@ import (
 	"os"
 	"path/filepath"
 
-	"github.com/theupdateframework/go-tuf/encrypted"
-
+	"github.com/secure-systems-lab/go-securesystemslib/encrypted"
 	"github.com/sigstore/cosign/v2/pkg/oci/static"
 	"github.com/sigstore/sigstore/pkg/cryptoutils"
 	"github.com/sigstore/sigstore/pkg/signature"
diff --git a/vendor/github.com/sigstore/cosign/v2/pkg/cosign/kubernetes/secret.go b/vendor/github.com/sigstore/cosign/v2/pkg/cosign/kubernetes/secret.go
index b822dbb6e..b05c235e4 100644
--- a/vendor/github.com/sigstore/cosign/v2/pkg/cosign/kubernetes/secret.go
+++ b/vendor/github.com/sigstore/cosign/v2/pkg/cosign/kubernetes/secret.go
@@ -21,11 +21,10 @@ import (
 	"os"
 	"strings"
 
-	"k8s.io/utils/pointer"
-
 	v1 "k8s.io/api/core/v1"
 	k8serrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/utils/ptr"
 
 	"github.com/sigstore/cosign/v2/pkg/cosign"
 )
@@ -120,7 +119,7 @@ func secret(keys *cosign.KeysBytes, namespace, name string, data map[string][]by
 		return &v1.Secret{
 			ObjectMeta: obj,
 			Data:       data,
-			Immutable:  pointer.Bool(true),
+			Immutable:  ptr.To[bool](true),
 		}
 	}
 
diff --git a/vendor/github.com/sigstore/cosign/v2/pkg/cosign/pkcs11key/pkcs11key.go b/vendor/github.com/sigstore/cosign/v2/pkg/cosign/pkcs11key/pkcs11key.go
index 0c735c82f..c034a3f4f 100644
--- a/vendor/github.com/sigstore/cosign/v2/pkg/cosign/pkcs11key/pkcs11key.go
+++ b/vendor/github.com/sigstore/cosign/v2/pkg/cosign/pkcs11key/pkcs11key.go
@@ -177,10 +177,15 @@ func GetKeyWithURIConfig(config *Pkcs11UriConfig, askForPinIfNeeded bool) (*Key,
 	// Key's corresponding cert might not exist,
 	// therefore, we do not fail if it is the case.
 	var cert *x509.Certificate
-	if len(config.KeyID) != 0 {
-		cert, _ = ctx.FindCertificate(config.KeyID, nil, nil)
-	} else if len(config.KeyLabel) != 0 {
-		cert, _ = ctx.FindCertificate(nil, config.KeyLabel, nil)
+
+	ignoreCert := env.Getenv(env.VariablePKCS11IgnoreCertificate) == "1"
+
+	if !ignoreCert {
+		if len(config.KeyID) != 0 {
+			cert, _ = ctx.FindCertificate(config.KeyID, nil, nil)
+		} else if len(config.KeyLabel) != 0 {
+			cert, _ = ctx.FindCertificate(nil, config.KeyLabel, nil)
+		}
 	}
 
 	return &Key{ctx: ctx, signer: signer, cert: cert}, nil
diff --git a/vendor/github.com/sigstore/cosign/v2/pkg/cosign/tlog.go b/vendor/github.com/sigstore/cosign/v2/pkg/cosign/tlog.go
index 87579dacf..827311993 100644
--- a/vendor/github.com/sigstore/cosign/v2/pkg/cosign/tlog.go
+++ b/vendor/github.com/sigstore/cosign/v2/pkg/cosign/tlog.go
@@ -370,7 +370,7 @@ func GetTlogEntry(ctx context.Context, rekorClient *client.Rekor, entryUUID stri
 	return nil, errors.New("empty response")
 }
 
-func proposedEntry(b64Sig string, payload, pubKey []byte) ([]models.ProposedEntry, error) {
+func proposedEntries(b64Sig string, payload, pubKey []byte) ([]models.ProposedEntry, error) {
 	var proposedEntry []models.ProposedEntry
 	signature, err := base64.StdEncoding.DecodeString(b64Sig)
 	if err != nil {
@@ -380,11 +380,15 @@ func proposedEntry(b64Sig string, payload, pubKey []byte) ([]models.ProposedEntr
 	// The fact that there's no signature (or empty rather), implies
 	// that this is an Attestation that we're verifying.
 	if len(signature) == 0 {
-		e, err := intotoEntry(context.Background(), payload, pubKey)
+		intotoEntry, err := intotoEntry(context.Background(), payload, pubKey)
 		if err != nil {
 			return nil, err
 		}
-		proposedEntry = []models.ProposedEntry{e}
+		dsseEntry, err := dsseEntry(context.Background(), payload, pubKey)
+		if err != nil {
+			return nil, err
+		}
+		proposedEntry = []models.ProposedEntry{dsseEntry, intotoEntry}
 	} else {
 		sha256CheckSum := sha256.New()
 		if _, err := sha256CheckSum.Write(payload); err != nil {
@@ -404,12 +408,12 @@ func FindTlogEntry(ctx context.Context, rekorClient *client.Rekor,
 	b64Sig string, payload, pubKey []byte) ([]models.LogEntryAnon, error) {
 	searchParams := entries.NewSearchLogQueryParamsWithContext(ctx)
 	searchLogQuery := models.SearchLogQuery{}
-	proposedEntry, err := proposedEntry(b64Sig, payload, pubKey)
+	proposedEntries, err := proposedEntries(b64Sig, payload, pubKey)
 	if err != nil {
 		return nil, err
 	}
 
-	searchLogQuery.SetEntries(proposedEntry)
+	searchLogQuery.SetEntries(proposedEntries)
 
 	searchParams.SetEntry(&searchLogQuery)
 	resp, err := rekorClient.Entries.SearchLogQuery(searchParams)
diff --git a/vendor/github.com/sigstore/cosign/v2/pkg/cosign/verify.go b/vendor/github.com/sigstore/cosign/v2/pkg/cosign/verify.go
index 2ab846fe5..7a4b2b111 100644
--- a/vendor/github.com/sigstore/cosign/v2/pkg/cosign/verify.go
+++ b/vendor/github.com/sigstore/cosign/v2/pkg/cosign/verify.go
@@ -158,6 +158,10 @@ type CheckOpts struct {
 	// The amount of maximum workers for parallel executions.
 	// Defaults to 10.
 	MaxWorkers int
+
+	// Should the experimental OCI 1.1 behaviour be enabled or not.
+	// Defaults to false.
+	ExperimentalOCI11 bool
 }
 
 // This is a substitutable signature verification function that can be used for verifying
@@ -296,7 +300,7 @@ func CheckCertificatePolicy(cert *x509.Certificate, co *CheckOpts) error {
 		return err
 	}
 	oidcIssuer := ce.GetIssuer()
-	sans := getSubjectAlternateNames(cert)
+	sans := cryptoutils.GetSubjectAlternateNames(cert)
 	// If there are identities given, go through them and if one of them
 	// matches, call that good, otherwise, return an error.
 	if len(co.Identities) > 0 {
@@ -399,29 +403,6 @@ func validateCertExtensions(ce CertExtensions, co *CheckOpts) error {
 	return nil
 }
 
-// getSubjectAlternateNames returns all of the following for a Certificate.
-// DNSNames
-// EmailAddresses
-// IPAddresses
-// URIs
-func getSubjectAlternateNames(cert *x509.Certificate) []string {
-	sans := []string{}
-	sans = append(sans, cert.DNSNames...)
-	sans = append(sans, cert.EmailAddresses...)
-	for _, ip := range cert.IPAddresses {
-		sans = append(sans, ip.String())
-	}
-	for _, uri := range cert.URIs {
-		sans = append(sans, uri.String())
-	}
-	// ignore error if there's no OtherName SAN
-	otherName, _ := cryptoutils.UnmarshalOtherNameSAN(cert.Extensions)
-	if len(otherName) > 0 {
-		sans = append(sans, otherName)
-	}
-	return sans
-}
-
 // ValidateAndUnpackCertWithChain creates a Verifier from a certificate. Verifies that the certificate
 // chains up to the provided root. Chain should start with the parent of the certificate and end with the root.
 // Optionally verifies the subject and issuer of the certificate.
@@ -493,11 +474,15 @@ func (fos *fakeOCISignatures) Get() ([]oci.Signature, error) {
 
 // VerifyImageSignatures does all the main cosign checks in a loop, returning the verified signatures.
 // If there were no valid signatures, we return an error.
+// Note that if co.ExperimentlOCI11 is set, we will attempt to verify
+// signatures using the experimental OCI 1.1 behavior.
 func VerifyImageSignatures(ctx context.Context, signedImgRef name.Reference, co *CheckOpts) (checkedSignatures []oci.Signature, bundleVerified bool, err error) {
-	// Try first using OCI 1.1 behavior
-	verified, bundleVerified, err := verifyImageSignaturesExperimentalOCI(ctx, signedImgRef, co)
-	if err == nil {
-		return verified, bundleVerified, nil
+	// Try first using OCI 1.1 behavior if experimental flag is set.
+	if co.ExperimentalOCI11 {
+		verified, bundleVerified, err := verifyImageSignaturesExperimentalOCI(ctx, signedImgRef, co)
+		if err == nil {
+			return verified, bundleVerified, nil
+		}
 	}
 
 	// Enforce this up front.
@@ -618,6 +603,7 @@ func verifySignatures(ctx context.Context, sigs oci.Signatures, h v1.Hash, co *C
 				t.Done(err)
 				return
 			}
+
 			verified, err := VerifyImageSignature(ctx, sig, h, co)
 			bundlesVerified[index] = verified
 			if err != nil {
@@ -670,14 +656,12 @@ func verifyInternal(ctx context.Context, sig oci.Signature, h v1.Hash,
 	bundleVerified bool, err error) {
 	var acceptableRFC3161Time, acceptableRekorBundleTime *time.Time // Timestamps for the signature we accept, or nil if not applicable.
 
-	if co.TSARootCertificates != nil {
-		acceptableRFC3161Timestamp, err := VerifyRFC3161Timestamp(sig, co)
-		if err != nil {
-			return false, fmt.Errorf("unable to verify RFC3161 timestamp bundle: %w", err)
-		}
-		if acceptableRFC3161Timestamp != nil {
-			acceptableRFC3161Time = &acceptableRFC3161Timestamp.Time
-		}
+	acceptableRFC3161Timestamp, err := VerifyRFC3161Timestamp(sig, co)
+	if err != nil {
+		return false, fmt.Errorf("unable to verify RFC3161 timestamp bundle: %w", err)
+	}
+	if acceptableRFC3161Timestamp != nil {
+		acceptableRFC3161Time = &acceptableRFC3161Timestamp.Time
 	}
 
 	if !co.IgnoreTlog {
@@ -907,7 +891,7 @@ func VerifyImageAttestations(ctx context.Context, signedImgRef name.Reference, c
 		return nil, false, err
 	}
 
-	return verifyImageAttestations(ctx, atts, h, co)
+	return VerifyImageAttestation(ctx, atts, h, co)
 }
 
 // VerifyLocalImageAttestations verifies attestations from a saved, local image, without any network calls,
@@ -953,7 +937,7 @@ func VerifyLocalImageAttestations(ctx context.Context, path string, co *CheckOpt
 	if err != nil {
 		return nil, false, err
 	}
-	return verifyImageAttestations(ctx, atts, h, co)
+	return VerifyImageAttestation(ctx, atts, h, co)
 }
 
 func VerifyBlobAttestation(ctx context.Context, att oci.Signature, h v1.Hash, co *CheckOpts) (
@@ -961,7 +945,7 @@ func VerifyBlobAttestation(ctx context.Context, att oci.Signature, h v1.Hash, co
 	return verifyInternal(ctx, att, h, verifyOCIAttestation, co)
 }
 
-func verifyImageAttestations(ctx context.Context, atts oci.Signatures, h v1.Hash, co *CheckOpts) (checkedAttestations []oci.Signature, bundleVerified bool, err error) {
+func VerifyImageAttestation(ctx context.Context, atts oci.Signatures, h v1.Hash, co *CheckOpts) (checkedAttestations []oci.Signature, bundleVerified bool, err error) {
 	sl, err := atts.Get()
 	if err != nil {
 		return nil, false, err
@@ -1105,24 +1089,33 @@ func VerifyBundle(sig oci.Signature, co *CheckOpts) (bool, error) {
 	}
 
 	alg, bundlehash, err := bundleHash(bundle.Payload.Body.(string), signature)
+	if err != nil {
+		return false, fmt.Errorf("computing bundle hash: %w", err)
+	}
 	h := sha256.Sum256(payload)
 	payloadHash := hex.EncodeToString(h[:])
 
-	if alg != "sha256" || bundlehash != payloadHash {
-		return false, fmt.Errorf("matching bundle to payload: %w", err)
+	if alg != "sha256" {
+		return false, fmt.Errorf("unexpected algorithm: %q", alg)
+	} else if bundlehash != payloadHash {
+		return false, fmt.Errorf("matching bundle to payload: bundle=%q, payload=%q", bundlehash, payloadHash)
 	}
 	return true, nil
 }
 
 // VerifyRFC3161Timestamp verifies that the timestamp in sig is correctly signed, and if so,
 // returns the timestamp value.
-// It returns (nil, nil) if there is no timestamp, or (nil, err) if there is an invalid timestamp.
+// It returns (nil, nil) if there is no timestamp, or (nil, err) if there is an invalid timestamp or if
+// no root is provided with a timestamp.
 func VerifyRFC3161Timestamp(sig oci.Signature, co *CheckOpts) (*timestamp.Timestamp, error) {
 	ts, err := sig.RFC3161Timestamp()
-	if err != nil {
+	switch {
+	case err != nil:
 		return nil, err
-	} else if ts == nil {
+	case ts == nil:
 		return nil, nil
+	case co.TSARootCertificates == nil:
+		return nil, errors.New("no TSA root certificate(s) provided to verify timestamp")
 	}
 
 	b64Sig, err := sig.Base64Signature()
diff --git a/vendor/github.com/sigstore/cosign/v2/pkg/oci/mutate/mutate.go b/vendor/github.com/sigstore/cosign/v2/pkg/oci/mutate/mutate.go
index 32d37be57..f934cb358 100644
--- a/vendor/github.com/sigstore/cosign/v2/pkg/oci/mutate/mutate.go
+++ b/vendor/github.com/sigstore/cosign/v2/pkg/oci/mutate/mutate.go
@@ -96,13 +96,16 @@ func (i *indexWrapper) SignedImage(h v1.Hash) (oci.SignedImage, error) {
 			return si, nil
 		}
 	}
+
 	if sb, ok := i.ogbase.(oci.SignedImageIndex); ok {
 		return sb.SignedImage(h)
-	} else if unsigned, err := i.Image(h); err != nil {
+	}
+
+	unsigned, err := i.Image(h)
+	if err != nil {
 		return nil, err
-	} else {
-		return signed.Image(unsigned), nil
 	}
+	return signed.Image(unsigned), nil
 }
 
 // SignedImageIndex implements oci.SignedImageIndex
@@ -118,13 +121,16 @@ func (i *indexWrapper) SignedImageIndex(h v1.Hash) (oci.SignedImageIndex, error)
 			return sii, nil
 		}
 	}
+
 	if sb, ok := i.ogbase.(oci.SignedImageIndex); ok {
 		return sb.SignedImageIndex(h)
-	} else if unsigned, err := i.ImageIndex(h); err != nil {
+	}
+
+	unsigned, err := i.ImageIndex(h)
+	if err != nil {
 		return nil, err
-	} else {
-		return signed.ImageIndex(unsigned), nil
 	}
+	return signed.ImageIndex(unsigned), nil
 }
 
 // AttachSignatureToEntity attaches the provided signature to the provided entity.
@@ -204,47 +210,12 @@ type signedImage struct {
 
 // Signatures implements oci.SignedImage
 func (si *signedImage) Signatures() (oci.Signatures, error) {
-	base, err := si.SignedImage.Signatures()
-	if err != nil {
-		return nil, err
-	} else if si.sig == nil {
-		return base, nil
-	}
-	if si.so.dd != nil {
-		if existing, err := si.so.dd.Find(base, si.sig); err != nil {
-			return nil, err
-		} else if existing != nil {
-			// Just return base if the signature is redundant
-			return base, nil
-		}
-	}
-	return AppendSignatures(base, si.sig)
+	return si.so.dedupeAndReplace(si.sig, si.SignedImage.Signatures)
 }
 
 // Attestations implements oci.SignedImage
 func (si *signedImage) Attestations() (oci.Signatures, error) {
-	base, err := si.SignedImage.Attestations()
-	if err != nil {
-		return nil, err
-	} else if si.att == nil {
-		return base, nil
-	}
-	if si.so.dd != nil {
-		if existing, err := si.so.dd.Find(base, si.att); err != nil {
-			return nil, err
-		} else if existing != nil {
-			// Just return base if the signature is redundant
-			return base, nil
-		}
-	}
-	if si.so.ro != nil {
-		replace, err := si.so.ro.Replace(base, si.att)
-		if err != nil {
-			return nil, err
-		}
-		return ReplaceSignatures(replace)
-	}
-	return AppendSignatures(base, si.att)
+	return si.so.dedupeAndReplace(si.att, si.SignedImage.Attestations)
 }
 
 // Attachment implements oci.SignedImage
@@ -298,47 +269,12 @@ type signedImageIndex struct {
 
 // Signatures implements oci.SignedImageIndex
 func (sii *signedImageIndex) Signatures() (oci.Signatures, error) {
-	base, err := sii.ociSignedImageIndex.Signatures()
-	if err != nil {
-		return nil, err
-	} else if sii.sig == nil {
-		return base, nil
-	}
-	if sii.so.dd != nil {
-		if existing, err := sii.so.dd.Find(base, sii.sig); err != nil {
-			return nil, err
-		} else if existing != nil {
-			// Just return base if the signature is redundant
-			return base, nil
-		}
-	}
-	return AppendSignatures(base, sii.sig)
+	return sii.so.dedupeAndReplace(sii.sig, sii.ociSignedImageIndex.Signatures)
 }
 
 // Attestations implements oci.SignedImageIndex
 func (sii *signedImageIndex) Attestations() (oci.Signatures, error) {
-	base, err := sii.ociSignedImageIndex.Attestations()
-	if err != nil {
-		return nil, err
-	} else if sii.att == nil {
-		return base, nil
-	}
-	if sii.so.dd != nil {
-		if existing, err := sii.so.dd.Find(base, sii.att); err != nil {
-			return nil, err
-		} else if existing != nil {
-			// Just return base if the signature is redundant
-			return base, nil
-		}
-	}
-	if sii.so.ro != nil {
-		replace, err := sii.so.ro.Replace(base, sii.att)
-		if err != nil {
-			return nil, err
-		}
-		return ReplaceSignatures(replace)
-	}
-	return AppendSignatures(base, sii.att)
+	return sii.so.dedupeAndReplace(sii.att, sii.ociSignedImageIndex.Attestations)
 }
 
 // Attachment implements oci.SignedImageIndex
@@ -403,53 +339,43 @@ func (si *signedUnknown) Digest() (v1.Hash, error) {
 
 // Signatures implements oci.SignedEntity
 func (si *signedUnknown) Signatures() (oci.Signatures, error) {
-	base, err := si.SignedEntity.Signatures()
-	if err != nil {
-		return nil, err
-	} else if si.sig == nil {
-		return base, nil
-	}
-	if si.so.dd != nil {
-		if existing, err := si.so.dd.Find(base, si.sig); err != nil {
-			return nil, err
-		} else if existing != nil {
-			// Just return base if the signature is redundant
-			return base, nil
-		}
-	}
-	return AppendSignatures(base, si.sig)
+	return si.so.dedupeAndReplace(si.sig, si.SignedEntity.Signatures)
 }
 
 // Attestations implements oci.SignedEntity
 func (si *signedUnknown) Attestations() (oci.Signatures, error) {
-	base, err := si.SignedEntity.Attestations()
+	return si.so.dedupeAndReplace(si.att, si.SignedEntity.Attestations)
+}
+
+// Attachment implements oci.SignedEntity
+func (si *signedUnknown) Attachment(attName string) (oci.File, error) {
+	if f, ok := si.attachments[attName]; ok {
+		return f, nil
+	}
+	return nil, fmt.Errorf("attachment %q not found", attName)
+}
+
+func (so *signOpts) dedupeAndReplace(sig oci.Signature, basefn func() (oci.Signatures, error)) (oci.Signatures, error) {
+	base, err := basefn()
 	if err != nil {
 		return nil, err
-	} else if si.att == nil {
+	} else if sig == nil {
 		return base, nil
 	}
-	if si.so.dd != nil {
-		if existing, err := si.so.dd.Find(base, si.att); err != nil {
+	if so.dd != nil {
+		if existing, err := so.dd.Find(base, sig); err != nil {
 			return nil, err
 		} else if existing != nil {
 			// Just return base if the signature is redundant
 			return base, nil
 		}
 	}
-	if si.so.ro != nil {
-		replace, err := si.so.ro.Replace(base, si.att)
+	if so.ro != nil {
+		replace, err := so.ro.Replace(base, sig)
 		if err != nil {
 			return nil, err
 		}
 		return ReplaceSignatures(replace)
 	}
-	return AppendSignatures(base, si.att)
-}
-
-// Attachment implements oci.SignedEntity
-func (si *signedUnknown) Attachment(attName string) (oci.File, error) {
-	if f, ok := si.attachments[attName]; ok {
-		return f, nil
-	}
-	return nil, fmt.Errorf("attachment %q not found", attName)
+	return AppendSignatures(base, sig)
 }
diff --git a/vendor/github.com/sigstore/cosign/v2/pkg/oci/mutate/signatures.go b/vendor/github.com/sigstore/cosign/v2/pkg/oci/mutate/signatures.go
index dfbe1737a..648cab041 100644
--- a/vendor/github.com/sigstore/cosign/v2/pkg/oci/mutate/signatures.go
+++ b/vendor/github.com/sigstore/cosign/v2/pkg/oci/mutate/signatures.go
@@ -19,7 +19,6 @@ import (
 	v1 "github.com/google/go-containerregistry/pkg/v1"
 	"github.com/google/go-containerregistry/pkg/v1/empty"
 	"github.com/google/go-containerregistry/pkg/v1/mutate"
-	"github.com/sigstore/cosign/v2/internal/pkg/now"
 	"github.com/sigstore/cosign/v2/pkg/oci"
 )
 
@@ -43,17 +42,6 @@ func AppendSignatures(base oci.Signatures, sigs ...oci.Signature) (oci.Signature
 		return nil, err
 	}
 
-	t, err := now.Now()
-	if err != nil {
-		return nil, err
-	}
-
-	// Set the Created date to time of execution
-	img, err = mutate.CreatedAt(img, v1.Time{Time: t})
-	if err != nil {
-		return nil, err
-	}
-
 	return &sigAppender{
 		Image: img,
 		base:  base,
@@ -86,7 +74,7 @@ func ReplaceSignatures(base oci.Signatures) (oci.Signatures, error) {
 	return &sigAppender{
 		Image: img,
 		base:  base,
-		sigs:  sigs,
+		sigs:  []oci.Signature{},
 	}, nil
 }
 
diff --git a/vendor/github.com/sigstore/cosign/v2/pkg/oci/remote/remote.go b/vendor/github.com/sigstore/cosign/v2/pkg/oci/remote/remote.go
index fab0a7658..a9332d7c6 100644
--- a/vendor/github.com/sigstore/cosign/v2/pkg/oci/remote/remote.go
+++ b/vendor/github.com/sigstore/cosign/v2/pkg/oci/remote/remote.go
@@ -36,12 +36,24 @@ var (
 	remoteIndex = remote.Index
 	remoteGet   = remote.Get
 	remoteWrite = remote.Write
-
-	// ErrEntityNotFound is the error that SignedEntity returns when the
-	// provided ref does not exist.
-	ErrEntityNotFound = errors.New("entity not found in registry")
 )
 
+// EntityNotFoundError is the error that SignedEntity returns when the
+// provided ref does not exist.
+type EntityNotFoundError struct {
+	baseErr error
+}
+
+func (e *EntityNotFoundError) Error() string {
+	return fmt.Sprintf("entity not found in registry, error: %v", e.baseErr)
+}
+
+func NewEntityNotFoundError(err error) error {
+	return &EntityNotFoundError{
+		baseErr: err,
+	}
+}
+
 // SignedEntity provides access to a remote reference, and its signatures.
 // The SignedEntity will be one of SignedImage or SignedImageIndex.
 func SignedEntity(ref name.Reference, options ...Option) (oci.SignedEntity, error) {
@@ -50,7 +62,7 @@ func SignedEntity(ref name.Reference, options ...Option) (oci.SignedEntity, erro
 	got, err := remoteGet(ref, o.ROpt...)
 	var te *transport.Error
 	if errors.As(err, &te) && te.StatusCode == http.StatusNotFound {
-		return nil, ErrEntityNotFound
+		return nil, NewEntityNotFoundError(err)
 	} else if err != nil {
 		return nil, err
 	}
@@ -85,31 +97,43 @@ func SignedEntity(ref name.Reference, options ...Option) (oci.SignedEntity, erro
 // normalize turns image digests into tags with optional prefix & suffix:
 // sha256:d34db33f -> [prefix]sha256-d34db33f[.suffix]
 func normalize(h v1.Hash, prefix string, suffix string) string {
+	return normalizeWithSeparator(h, prefix, suffix, "-")
+}
+
+// normalizeWithSeparator turns image digests into tags with optional prefix & suffix:
+// sha256:d34db33f -> [prefix]sha256[algorithmSeparator]d34db33f[.suffix]
+func normalizeWithSeparator(h v1.Hash, prefix string, suffix string, algorithmSeparator string) string {
 	if suffix == "" {
-		return fmt.Sprint(prefix, h.Algorithm, "-", h.Hex)
+		return fmt.Sprint(prefix, h.Algorithm, algorithmSeparator, h.Hex)
 	}
-	return fmt.Sprint(prefix, h.Algorithm, "-", h.Hex, ".", suffix)
+	return fmt.Sprint(prefix, h.Algorithm, algorithmSeparator, h.Hex, ".", suffix)
 }
 
 // SignatureTag returns the name.Tag that associated signatures with a particular digest.
 func SignatureTag(ref name.Reference, opts ...Option) (name.Tag, error) {
 	o := makeOptions(ref.Context(), opts...)
-	return suffixTag(ref, o.SignatureSuffix, o)
+	return suffixTag(ref, o.SignatureSuffix, "-", o)
 }
 
 // AttestationTag returns the name.Tag that associated attestations with a particular digest.
 func AttestationTag(ref name.Reference, opts ...Option) (name.Tag, error) {
 	o := makeOptions(ref.Context(), opts...)
-	return suffixTag(ref, o.AttestationSuffix, o)
+	return suffixTag(ref, o.AttestationSuffix, "-", o)
 }
 
 // SBOMTag returns the name.Tag that associated SBOMs with a particular digest.
 func SBOMTag(ref name.Reference, opts ...Option) (name.Tag, error) {
 	o := makeOptions(ref.Context(), opts...)
-	return suffixTag(ref, o.SBOMSuffix, o)
+	return suffixTag(ref, o.SBOMSuffix, "-", o)
+}
+
+// DigestTag returns the name.Tag that associated SBOMs with a particular digest.
+func DigestTag(ref name.Reference, opts ...Option) (name.Tag, error) {
+	o := makeOptions(ref.Context(), opts...)
+	return suffixTag(ref, "", ":", o)
 }
 
-func suffixTag(ref name.Reference, suffix string, o *options) (name.Tag, error) {
+func suffixTag(ref name.Reference, suffix string, algorithmSeparator string, o *options) (name.Tag, error) {
 	var h v1.Hash
 	if digest, ok := ref.(name.Digest); ok {
 		var err error
@@ -124,7 +148,7 @@ func suffixTag(ref name.Reference, suffix string, o *options) (name.Tag, error)
 		}
 		h = desc.Digest
 	}
-	return o.TargetRepository.Tag(normalize(h, o.TagPrefix, suffix)), nil
+	return o.TargetRepository.Tag(normalizeWithSeparator(h, o.TagPrefix, suffix, algorithmSeparator)), nil
 }
 
 // signatures is a shared implementation of the oci.Signed* Signatures method.
diff --git a/vendor/github.com/sigstore/cosign/v2/pkg/oci/static/file.go b/vendor/github.com/sigstore/cosign/v2/pkg/oci/static/file.go
index 8e5cdc9c1..6fc55d831 100644
--- a/vendor/github.com/sigstore/cosign/v2/pkg/oci/static/file.go
+++ b/vendor/github.com/sigstore/cosign/v2/pkg/oci/static/file.go
@@ -22,7 +22,6 @@ import (
 	"github.com/google/go-containerregistry/pkg/v1/empty"
 	"github.com/google/go-containerregistry/pkg/v1/mutate"
 	"github.com/google/go-containerregistry/pkg/v1/types"
-	"github.com/sigstore/cosign/v2/internal/pkg/now"
 	"github.com/sigstore/cosign/v2/pkg/oci"
 	"github.com/sigstore/cosign/v2/pkg/oci/signed"
 )
@@ -49,16 +48,6 @@ func NewFile(payload []byte, opts ...Option) (oci.File, error) {
 	// Add annotations from options
 	img = mutate.Annotations(img, o.Annotations).(v1.Image)
 
-	t, err := now.Now()
-	if err != nil {
-		return nil, err
-	}
-
-	// Set the Created date to time of execution
-	img, err = mutate.CreatedAt(img, v1.Time{Time: t})
-	if err != nil {
-		return nil, err
-	}
 	return &file{
 		SignedImage: signed.Image(img),
 		layer:       layer,
diff --git a/vendor/github.com/sigstore/cosign/v2/pkg/providers/github/github.go b/vendor/github.com/sigstore/cosign/v2/pkg/providers/github/github.go
index 129c7a0bc..3329890ae 100644
--- a/vendor/github.com/sigstore/cosign/v2/pkg/providers/github/github.go
+++ b/vendor/github.com/sigstore/cosign/v2/pkg/providers/github/github.go
@@ -21,6 +21,7 @@ import (
 	"fmt"
 	"net/http"
 	"os"
+	"strings"
 	"time"
 
 	"github.com/sigstore/cosign/v2/pkg/cosign/env"
@@ -54,22 +55,38 @@ func (ga *githubActions) Enabled(_ context.Context) bool {
 }
 
 // Provide implements providers.Interface
-func (ga *githubActions) Provide(_ context.Context, audience string) (string, error) {
+func (ga *githubActions) Provide(ctx context.Context, audience string) (string, error) {
 	url := env.Getenv(env.VariableGitHubRequestURL) + "&audience=" + audience
 
-	req, err := http.NewRequest("GET", url, nil)
+	req, err := http.NewRequestWithContext(ctx, "GET", url, nil)
 	if err != nil {
 		return "", err
 	}
 
+	// May be replaced by a different client if we hit HTTP_1_1_REQUIRED.
+	client := http.DefaultClient
+
 	// Retry up to 3 times.
 	for i := 0; ; i++ {
 		req.Header.Add("Authorization", "bearer "+env.Getenv(env.VariableGitHubRequestToken))
-		resp, err := http.DefaultClient.Do(req)
+		resp, err := client.Do(req)
 		if err != nil {
 			if i == 2 {
 				return "", err
 			}
+
+			// This error isn't exposed by net/http, and retrying this with the
+			// DefaultClient will fail because it will just use HTTP2 again.
+			// I don't know why go doesn't do this for us.
+			if strings.Contains(err.Error(), "HTTP_1_1_REQUIRED") {
+				http1transport := http.DefaultTransport.(*http.Transport).Clone()
+				http1transport.ForceAttemptHTTP2 = false
+
+				client = &http.Client{
+					Transport: http1transport,
+				}
+			}
+
 			fmt.Fprintf(os.Stderr, "error fetching GitHub OIDC token (will retry): %v\n", err)
 			time.Sleep(time.Second)
 			continue
diff --git a/vendor/github.com/sigstore/rekor/pkg/generated/models/alpine_v001_schema.go b/vendor/github.com/sigstore/rekor/pkg/generated/models/alpine_v001_schema.go
index 6cf1181b0..250a6125b 100644
--- a/vendor/github.com/sigstore/rekor/pkg/generated/models/alpine_v001_schema.go
+++ b/vendor/github.com/sigstore/rekor/pkg/generated/models/alpine_v001_schema.go
@@ -126,6 +126,7 @@ func (m *AlpineV001Schema) ContextValidate(ctx context.Context, formats strfmt.R
 func (m *AlpineV001Schema) contextValidatePackage(ctx context.Context, formats strfmt.Registry) error {
 
 	if m.Package != nil {
+
 		if err := m.Package.ContextValidate(ctx, formats); err != nil {
 			if ve, ok := err.(*errors.Validation); ok {
 				return ve.ValidateName("package")
@@ -142,6 +143,7 @@ func (m *AlpineV001Schema) contextValidatePackage(ctx context.Context, formats s
 func (m *AlpineV001Schema) contextValidatePublicKey(ctx context.Context, formats strfmt.Registry) error {
 
 	if m.PublicKey != nil {
+
 		if err := m.PublicKey.ContextValidate(ctx, formats); err != nil {
 			if ve, ok := err.(*errors.Validation); ok {
 				return ve.ValidateName("publicKey")
@@ -244,6 +246,11 @@ func (m *AlpineV001SchemaPackage) ContextValidate(ctx context.Context, formats s
 func (m *AlpineV001SchemaPackage) contextValidateHash(ctx context.Context, formats strfmt.Registry) error {
 
 	if m.Hash != nil {
+
+		if swag.IsZero(m.Hash) { // not required
+			return nil
+		}
+
 		if err := m.Hash.ContextValidate(ctx, formats); err != nil {
 			if ve, ok := err.(*errors.Validation); ok {
 				return ve.ValidateName("package" + "." + "hash")
diff --git a/vendor/github.com/sigstore/rekor/pkg/generated/models/cose_v001_schema.go b/vendor/github.com/sigstore/rekor/pkg/generated/models/cose_v001_schema.go
index ea7f467da..2263abd78 100644
--- a/vendor/github.com/sigstore/rekor/pkg/generated/models/cose_v001_schema.go
+++ b/vendor/github.com/sigstore/rekor/pkg/generated/models/cose_v001_schema.go
@@ -116,6 +116,7 @@ func (m *CoseV001Schema) ContextValidate(ctx context.Context, formats strfmt.Reg
 func (m *CoseV001Schema) contextValidateData(ctx context.Context, formats strfmt.Registry) error {
 
 	if m.Data != nil {
+
 		if err := m.Data.ContextValidate(ctx, formats); err != nil {
 			if ve, ok := err.(*errors.Validation); ok {
 				return ve.ValidateName("data")
@@ -240,6 +241,11 @@ func (m *CoseV001SchemaData) ContextValidate(ctx context.Context, formats strfmt
 func (m *CoseV001SchemaData) contextValidateEnvelopeHash(ctx context.Context, formats strfmt.Registry) error {
 
 	if m.EnvelopeHash != nil {
+
+		if swag.IsZero(m.EnvelopeHash) { // not required
+			return nil
+		}
+
 		if err := m.EnvelopeHash.ContextValidate(ctx, formats); err != nil {
 			if ve, ok := err.(*errors.Validation); ok {
 				return ve.ValidateName("data" + "." + "envelopeHash")
@@ -256,6 +262,11 @@ func (m *CoseV001SchemaData) contextValidateEnvelopeHash(ctx context.Context, fo
 func (m *CoseV001SchemaData) contextValidatePayloadHash(ctx context.Context, formats strfmt.Registry) error {
 
 	if m.PayloadHash != nil {
+
+		if swag.IsZero(m.PayloadHash) { // not required
+			return nil
+		}
+
 		if err := m.PayloadHash.ContextValidate(ctx, formats); err != nil {
 			if ve, ok := err.(*errors.Validation); ok {
 				return ve.ValidateName("data" + "." + "payloadHash")
diff --git a/vendor/github.com/sigstore/rekor/pkg/generated/models/dsse_v001_schema.go b/vendor/github.com/sigstore/rekor/pkg/generated/models/dsse_v001_schema.go
index a28dd5244..ec4c32bfb 100644
--- a/vendor/github.com/sigstore/rekor/pkg/generated/models/dsse_v001_schema.go
+++ b/vendor/github.com/sigstore/rekor/pkg/generated/models/dsse_v001_schema.go
@@ -198,6 +198,11 @@ func (m *DSSEV001Schema) ContextValidate(ctx context.Context, formats strfmt.Reg
 func (m *DSSEV001Schema) contextValidateEnvelopeHash(ctx context.Context, formats strfmt.Registry) error {
 
 	if m.EnvelopeHash != nil {
+
+		if swag.IsZero(m.EnvelopeHash) { // not required
+			return nil
+		}
+
 		if err := m.EnvelopeHash.ContextValidate(ctx, formats); err != nil {
 			if ve, ok := err.(*errors.Validation); ok {
 				return ve.ValidateName("envelopeHash")
@@ -214,6 +219,11 @@ func (m *DSSEV001Schema) contextValidateEnvelopeHash(ctx context.Context, format
 func (m *DSSEV001Schema) contextValidatePayloadHash(ctx context.Context, formats strfmt.Registry) error {
 
 	if m.PayloadHash != nil {
+
+		if swag.IsZero(m.PayloadHash) { // not required
+			return nil
+		}
+
 		if err := m.PayloadHash.ContextValidate(ctx, formats); err != nil {
 			if ve, ok := err.(*errors.Validation); ok {
 				return ve.ValidateName("payloadHash")
@@ -230,6 +240,11 @@ func (m *DSSEV001Schema) contextValidatePayloadHash(ctx context.Context, formats
 func (m *DSSEV001Schema) contextValidateProposedContent(ctx context.Context, formats strfmt.Registry) error {
 
 	if m.ProposedContent != nil {
+
+		if swag.IsZero(m.ProposedContent) { // not required
+			return nil
+		}
+
 		if err := m.ProposedContent.ContextValidate(ctx, formats); err != nil {
 			if ve, ok := err.(*errors.Validation); ok {
 				return ve.ValidateName("proposedContent")
@@ -252,6 +267,11 @@ func (m *DSSEV001Schema) contextValidateSignatures(ctx context.Context, formats
 	for i := 0; i < len(m.Signatures); i++ {
 
 		if m.Signatures[i] != nil {
+
+			if swag.IsZero(m.Signatures[i]) { // not required
+				return nil
+			}
+
 			if err := m.Signatures[i].ContextValidate(ctx, formats); err != nil {
 				if ve, ok := err.(*errors.Validation); ok {
 					return ve.ValidateName("signatures" + "." + strconv.Itoa(i))
diff --git a/vendor/github.com/sigstore/rekor/pkg/generated/models/hashedrekord_v001_schema.go b/vendor/github.com/sigstore/rekor/pkg/generated/models/hashedrekord_v001_schema.go
index 72937c640..f8bf233ed 100644
--- a/vendor/github.com/sigstore/rekor/pkg/generated/models/hashedrekord_v001_schema.go
+++ b/vendor/github.com/sigstore/rekor/pkg/generated/models/hashedrekord_v001_schema.go
@@ -126,6 +126,7 @@ func (m *HashedrekordV001Schema) ContextValidate(ctx context.Context, formats st
 func (m *HashedrekordV001Schema) contextValidateData(ctx context.Context, formats strfmt.Registry) error {
 
 	if m.Data != nil {
+
 		if err := m.Data.ContextValidate(ctx, formats); err != nil {
 			if ve, ok := err.(*errors.Validation); ok {
 				return ve.ValidateName("data")
@@ -142,6 +143,7 @@ func (m *HashedrekordV001Schema) contextValidateData(ctx context.Context, format
 func (m *HashedrekordV001Schema) contextValidateSignature(ctx context.Context, formats strfmt.Registry) error {
 
 	if m.Signature != nil {
+
 		if err := m.Signature.ContextValidate(ctx, formats); err != nil {
 			if ve, ok := err.(*errors.Validation); ok {
 				return ve.ValidateName("signature")
@@ -232,6 +234,11 @@ func (m *HashedrekordV001SchemaData) ContextValidate(ctx context.Context, format
 func (m *HashedrekordV001SchemaData) contextValidateHash(ctx context.Context, formats strfmt.Registry) error {
 
 	if m.Hash != nil {
+
+		if swag.IsZero(m.Hash) { // not required
+			return nil
+		}
+
 		if err := m.Hash.ContextValidate(ctx, formats); err != nil {
 			if ve, ok := err.(*errors.Validation); ok {
 				return ve.ValidateName("data" + "." + "hash")
@@ -431,6 +438,11 @@ func (m *HashedrekordV001SchemaSignature) ContextValidate(ctx context.Context, f
 func (m *HashedrekordV001SchemaSignature) contextValidatePublicKey(ctx context.Context, formats strfmt.Registry) error {
 
 	if m.PublicKey != nil {
+
+		if swag.IsZero(m.PublicKey) { // not required
+			return nil
+		}
+
 		if err := m.PublicKey.ContextValidate(ctx, formats); err != nil {
 			if ve, ok := err.(*errors.Validation); ok {
 				return ve.ValidateName("signature" + "." + "publicKey")
diff --git a/vendor/github.com/sigstore/rekor/pkg/generated/models/helm_v001_schema.go b/vendor/github.com/sigstore/rekor/pkg/generated/models/helm_v001_schema.go
index e0942574b..930efc878 100644
--- a/vendor/github.com/sigstore/rekor/pkg/generated/models/helm_v001_schema.go
+++ b/vendor/github.com/sigstore/rekor/pkg/generated/models/helm_v001_schema.go
@@ -126,6 +126,7 @@ func (m *HelmV001Schema) ContextValidate(ctx context.Context, formats strfmt.Reg
 func (m *HelmV001Schema) contextValidateChart(ctx context.Context, formats strfmt.Registry) error {
 
 	if m.Chart != nil {
+
 		if err := m.Chart.ContextValidate(ctx, formats); err != nil {
 			if ve, ok := err.(*errors.Validation); ok {
 				return ve.ValidateName("chart")
@@ -142,6 +143,7 @@ func (m *HelmV001Schema) contextValidateChart(ctx context.Context, formats strfm
 func (m *HelmV001Schema) contextValidatePublicKey(ctx context.Context, formats strfmt.Registry) error {
 
 	if m.PublicKey != nil {
+
 		if err := m.PublicKey.ContextValidate(ctx, formats); err != nil {
 			if ve, ok := err.(*errors.Validation); ok {
 				return ve.ValidateName("publicKey")
@@ -264,6 +266,11 @@ func (m *HelmV001SchemaChart) ContextValidate(ctx context.Context, formats strfm
 func (m *HelmV001SchemaChart) contextValidateHash(ctx context.Context, formats strfmt.Registry) error {
 
 	if m.Hash != nil {
+
+		if swag.IsZero(m.Hash) { // not required
+			return nil
+		}
+
 		if err := m.Hash.ContextValidate(ctx, formats); err != nil {
 			if ve, ok := err.(*errors.Validation); ok {
 				return ve.ValidateName("chart" + "." + "hash")
@@ -280,6 +287,7 @@ func (m *HelmV001SchemaChart) contextValidateHash(ctx context.Context, formats s
 func (m *HelmV001SchemaChart) contextValidateProvenance(ctx context.Context, formats strfmt.Registry) error {
 
 	if m.Provenance != nil {
+
 		if err := m.Provenance.ContextValidate(ctx, formats); err != nil {
 			if ve, ok := err.(*errors.Validation); ok {
 				return ve.ValidateName("chart" + "." + "provenance")
@@ -484,6 +492,11 @@ func (m *HelmV001SchemaChartProvenance) ContextValidate(ctx context.Context, for
 func (m *HelmV001SchemaChartProvenance) contextValidateSignature(ctx context.Context, formats strfmt.Registry) error {
 
 	if m.Signature != nil {
+
+		if swag.IsZero(m.Signature) { // not required
+			return nil
+		}
+
 		if err := m.Signature.ContextValidate(ctx, formats); err != nil {
 			if ve, ok := err.(*errors.Validation); ok {
 				return ve.ValidateName("chart" + "." + "provenance" + "." + "signature")
diff --git a/vendor/github.com/sigstore/rekor/pkg/generated/models/intoto_v001_schema.go b/vendor/github.com/sigstore/rekor/pkg/generated/models/intoto_v001_schema.go
index 139e3ed11..0c299b1ca 100644
--- a/vendor/github.com/sigstore/rekor/pkg/generated/models/intoto_v001_schema.go
+++ b/vendor/github.com/sigstore/rekor/pkg/generated/models/intoto_v001_schema.go
@@ -112,6 +112,7 @@ func (m *IntotoV001Schema) ContextValidate(ctx context.Context, formats strfmt.R
 func (m *IntotoV001Schema) contextValidateContent(ctx context.Context, formats strfmt.Registry) error {
 
 	if m.Content != nil {
+
 		if err := m.Content.ContextValidate(ctx, formats); err != nil {
 			if ve, ok := err.(*errors.Validation); ok {
 				return ve.ValidateName("content")
@@ -235,6 +236,11 @@ func (m *IntotoV001SchemaContent) ContextValidate(ctx context.Context, formats s
 func (m *IntotoV001SchemaContent) contextValidateHash(ctx context.Context, formats strfmt.Registry) error {
 
 	if m.Hash != nil {
+
+		if swag.IsZero(m.Hash) { // not required
+			return nil
+		}
+
 		if err := m.Hash.ContextValidate(ctx, formats); err != nil {
 			if ve, ok := err.(*errors.Validation); ok {
 				return ve.ValidateName("content" + "." + "hash")
@@ -251,6 +257,11 @@ func (m *IntotoV001SchemaContent) contextValidateHash(ctx context.Context, forma
 func (m *IntotoV001SchemaContent) contextValidatePayloadHash(ctx context.Context, formats strfmt.Registry) error {
 
 	if m.PayloadHash != nil {
+
+		if swag.IsZero(m.PayloadHash) { // not required
+			return nil
+		}
+
 		if err := m.PayloadHash.ContextValidate(ctx, formats); err != nil {
 			if ve, ok := err.(*errors.Validation); ok {
 				return ve.ValidateName("content" + "." + "payloadHash")
diff --git a/vendor/github.com/sigstore/rekor/pkg/generated/models/intoto_v002_schema.go b/vendor/github.com/sigstore/rekor/pkg/generated/models/intoto_v002_schema.go
index 816435cb2..c2c08ea54 100644
--- a/vendor/github.com/sigstore/rekor/pkg/generated/models/intoto_v002_schema.go
+++ b/vendor/github.com/sigstore/rekor/pkg/generated/models/intoto_v002_schema.go
@@ -95,6 +95,7 @@ func (m *IntotoV002Schema) ContextValidate(ctx context.Context, formats strfmt.R
 func (m *IntotoV002Schema) contextValidateContent(ctx context.Context, formats strfmt.Registry) error {
 
 	if m.Content != nil {
+
 		if err := m.Content.ContextValidate(ctx, formats); err != nil {
 			if ve, ok := err.(*errors.Validation); ok {
 				return ve.ValidateName("content")
@@ -247,6 +248,7 @@ func (m *IntotoV002SchemaContent) ContextValidate(ctx context.Context, formats s
 func (m *IntotoV002SchemaContent) contextValidateEnvelope(ctx context.Context, formats strfmt.Registry) error {
 
 	if m.Envelope != nil {
+
 		if err := m.Envelope.ContextValidate(ctx, formats); err != nil {
 			if ve, ok := err.(*errors.Validation); ok {
 				return ve.ValidateName("content" + "." + "envelope")
@@ -263,6 +265,11 @@ func (m *IntotoV002SchemaContent) contextValidateEnvelope(ctx context.Context, f
 func (m *IntotoV002SchemaContent) contextValidateHash(ctx context.Context, formats strfmt.Registry) error {
 
 	if m.Hash != nil {
+
+		if swag.IsZero(m.Hash) { // not required
+			return nil
+		}
+
 		if err := m.Hash.ContextValidate(ctx, formats); err != nil {
 			if ve, ok := err.(*errors.Validation); ok {
 				return ve.ValidateName("content" + "." + "hash")
@@ -279,6 +286,11 @@ func (m *IntotoV002SchemaContent) contextValidateHash(ctx context.Context, forma
 func (m *IntotoV002SchemaContent) contextValidatePayloadHash(ctx context.Context, formats strfmt.Registry) error {
 
 	if m.PayloadHash != nil {
+
+		if swag.IsZero(m.PayloadHash) { // not required
+			return nil
+		}
+
 		if err := m.PayloadHash.ContextValidate(ctx, formats); err != nil {
 			if ve, ok := err.(*errors.Validation); ok {
 				return ve.ValidateName("content" + "." + "payloadHash")
@@ -408,6 +420,11 @@ func (m *IntotoV002SchemaContentEnvelope) contextValidateSignatures(ctx context.
 	for i := 0; i < len(m.Signatures); i++ {
 
 		if m.Signatures[i] != nil {
+
+			if swag.IsZero(m.Signatures[i]) { // not required
+				return nil
+			}
+
 			if err := m.Signatures[i].ContextValidate(ctx, formats); err != nil {
 				if ve, ok := err.(*errors.Validation); ok {
 					return ve.ValidateName("content" + "." + "envelope" + "." + "signatures" + "." + strconv.Itoa(i))
diff --git a/vendor/github.com/sigstore/rekor/pkg/generated/models/jar_v001_schema.go b/vendor/github.com/sigstore/rekor/pkg/generated/models/jar_v001_schema.go
index 7a49b3e2e..4564964a5 100644
--- a/vendor/github.com/sigstore/rekor/pkg/generated/models/jar_v001_schema.go
+++ b/vendor/github.com/sigstore/rekor/pkg/generated/models/jar_v001_schema.go
@@ -124,6 +124,7 @@ func (m *JarV001Schema) ContextValidate(ctx context.Context, formats strfmt.Regi
 func (m *JarV001Schema) contextValidateArchive(ctx context.Context, formats strfmt.Registry) error {
 
 	if m.Archive != nil {
+
 		if err := m.Archive.ContextValidate(ctx, formats); err != nil {
 			if ve, ok := err.(*errors.Validation); ok {
 				return ve.ValidateName("archive")
@@ -140,6 +141,11 @@ func (m *JarV001Schema) contextValidateArchive(ctx context.Context, formats strf
 func (m *JarV001Schema) contextValidateSignature(ctx context.Context, formats strfmt.Registry) error {
 
 	if m.Signature != nil {
+
+		if swag.IsZero(m.Signature) { // not required
+			return nil
+		}
+
 		if err := m.Signature.ContextValidate(ctx, formats); err != nil {
 			if ve, ok := err.(*errors.Validation); ok {
 				return ve.ValidateName("signature")
@@ -234,6 +240,11 @@ func (m *JarV001SchemaArchive) ContextValidate(ctx context.Context, formats strf
 func (m *JarV001SchemaArchive) contextValidateHash(ctx context.Context, formats strfmt.Registry) error {
 
 	if m.Hash != nil {
+
+		if swag.IsZero(m.Hash) { // not required
+			return nil
+		}
+
 		if err := m.Hash.ContextValidate(ctx, formats); err != nil {
 			if ve, ok := err.(*errors.Validation); ok {
 				return ve.ValidateName("archive" + "." + "hash")
@@ -463,6 +474,7 @@ func (m *JarV001SchemaSignature) contextValidateContent(ctx context.Context, for
 func (m *JarV001SchemaSignature) contextValidatePublicKey(ctx context.Context, formats strfmt.Registry) error {
 
 	if m.PublicKey != nil {
+
 		if err := m.PublicKey.ContextValidate(ctx, formats); err != nil {
 			if ve, ok := err.(*errors.Validation); ok {
 				return ve.ValidateName("signature" + "." + "publicKey")
diff --git a/vendor/github.com/sigstore/rekor/pkg/generated/models/log_entry.go b/vendor/github.com/sigstore/rekor/pkg/generated/models/log_entry.go
index 985e13b68..ee32ded41 100644
--- a/vendor/github.com/sigstore/rekor/pkg/generated/models/log_entry.go
+++ b/vendor/github.com/sigstore/rekor/pkg/generated/models/log_entry.go
@@ -95,7 +95,7 @@ type LogEntryAnon struct {
 	// Required: true
 	Body interface{} `json:"body"`
 
-	// integrated time
+	// The time the entry was added to the log as a Unix timestamp in seconds
 	// Required: true
 	IntegratedTime *int64 `json:"integratedTime"`
 
@@ -250,6 +250,11 @@ func (m *LogEntryAnon) ContextValidate(ctx context.Context, formats strfmt.Regis
 func (m *LogEntryAnon) contextValidateAttestation(ctx context.Context, formats strfmt.Registry) error {
 
 	if m.Attestation != nil {
+
+		if swag.IsZero(m.Attestation) { // not required
+			return nil
+		}
+
 		if err := m.Attestation.ContextValidate(ctx, formats); err != nil {
 			if ve, ok := err.(*errors.Validation); ok {
 				return ve.ValidateName("attestation")
@@ -266,6 +271,11 @@ func (m *LogEntryAnon) contextValidateAttestation(ctx context.Context, formats s
 func (m *LogEntryAnon) contextValidateVerification(ctx context.Context, formats strfmt.Registry) error {
 
 	if m.Verification != nil {
+
+		if swag.IsZero(m.Verification) { // not required
+			return nil
+		}
+
 		if err := m.Verification.ContextValidate(ctx, formats); err != nil {
 			if ve, ok := err.(*errors.Validation); ok {
 				return ve.ValidateName("verification")
@@ -398,6 +408,11 @@ func (m *LogEntryAnonVerification) ContextValidate(ctx context.Context, formats
 func (m *LogEntryAnonVerification) contextValidateInclusionProof(ctx context.Context, formats strfmt.Registry) error {
 
 	if m.InclusionProof != nil {
+
+		if swag.IsZero(m.InclusionProof) { // not required
+			return nil
+		}
+
 		if err := m.InclusionProof.ContextValidate(ctx, formats); err != nil {
 			if ve, ok := err.(*errors.Validation); ok {
 				return ve.ValidateName("verification" + "." + "inclusionProof")
diff --git a/vendor/github.com/sigstore/rekor/pkg/generated/models/log_info.go b/vendor/github.com/sigstore/rekor/pkg/generated/models/log_info.go
index 33178bc56..cb57b27f5 100644
--- a/vendor/github.com/sigstore/rekor/pkg/generated/models/log_info.go
+++ b/vendor/github.com/sigstore/rekor/pkg/generated/models/log_info.go
@@ -182,6 +182,11 @@ func (m *LogInfo) contextValidateInactiveShards(ctx context.Context, formats str
 	for i := 0; i < len(m.InactiveShards); i++ {
 
 		if m.InactiveShards[i] != nil {
+
+			if swag.IsZero(m.InactiveShards[i]) { // not required
+				return nil
+			}
+
 			if err := m.InactiveShards[i].ContextValidate(ctx, formats); err != nil {
 				if ve, ok := err.(*errors.Validation); ok {
 					return ve.ValidateName("inactiveShards" + "." + strconv.Itoa(i))
diff --git a/vendor/github.com/sigstore/rekor/pkg/generated/models/rekord_v001_schema.go b/vendor/github.com/sigstore/rekor/pkg/generated/models/rekord_v001_schema.go
index 3d0446a5b..9a525717d 100644
--- a/vendor/github.com/sigstore/rekor/pkg/generated/models/rekord_v001_schema.go
+++ b/vendor/github.com/sigstore/rekor/pkg/generated/models/rekord_v001_schema.go
@@ -126,6 +126,7 @@ func (m *RekordV001Schema) ContextValidate(ctx context.Context, formats strfmt.R
 func (m *RekordV001Schema) contextValidateData(ctx context.Context, formats strfmt.Registry) error {
 
 	if m.Data != nil {
+
 		if err := m.Data.ContextValidate(ctx, formats); err != nil {
 			if ve, ok := err.(*errors.Validation); ok {
 				return ve.ValidateName("data")
@@ -142,6 +143,7 @@ func (m *RekordV001Schema) contextValidateData(ctx context.Context, formats strf
 func (m *RekordV001Schema) contextValidateSignature(ctx context.Context, formats strfmt.Registry) error {
 
 	if m.Signature != nil {
+
 		if err := m.Signature.ContextValidate(ctx, formats); err != nil {
 			if ve, ok := err.(*errors.Validation); ok {
 				return ve.ValidateName("signature")
@@ -236,6 +238,11 @@ func (m *RekordV001SchemaData) ContextValidate(ctx context.Context, formats strf
 func (m *RekordV001SchemaData) contextValidateHash(ctx context.Context, formats strfmt.Registry) error {
 
 	if m.Hash != nil {
+
+		if swag.IsZero(m.Hash) { // not required
+			return nil
+		}
+
 		if err := m.Hash.ContextValidate(ctx, formats); err != nil {
 			if ve, ok := err.(*errors.Validation); ok {
 				return ve.ValidateName("data" + "." + "hash")
@@ -514,6 +521,7 @@ func (m *RekordV001SchemaSignature) ContextValidate(ctx context.Context, formats
 func (m *RekordV001SchemaSignature) contextValidatePublicKey(ctx context.Context, formats strfmt.Registry) error {
 
 	if m.PublicKey != nil {
+
 		if err := m.PublicKey.ContextValidate(ctx, formats); err != nil {
 			if ve, ok := err.(*errors.Validation); ok {
 				return ve.ValidateName("signature" + "." + "publicKey")
diff --git a/vendor/github.com/sigstore/rekor/pkg/generated/models/rfc3161_v001_schema.go b/vendor/github.com/sigstore/rekor/pkg/generated/models/rfc3161_v001_schema.go
index fe668412d..c3a50c849 100644
--- a/vendor/github.com/sigstore/rekor/pkg/generated/models/rfc3161_v001_schema.go
+++ b/vendor/github.com/sigstore/rekor/pkg/generated/models/rfc3161_v001_schema.go
@@ -93,6 +93,7 @@ func (m *Rfc3161V001Schema) ContextValidate(ctx context.Context, formats strfmt.
 func (m *Rfc3161V001Schema) contextValidateTsr(ctx context.Context, formats strfmt.Registry) error {
 
 	if m.Tsr != nil {
+
 		if err := m.Tsr.ContextValidate(ctx, formats); err != nil {
 			if ve, ok := err.(*errors.Validation); ok {
 				return ve.ValidateName("tsr")
diff --git a/vendor/github.com/sigstore/rekor/pkg/generated/models/rpm_v001_schema.go b/vendor/github.com/sigstore/rekor/pkg/generated/models/rpm_v001_schema.go
index 82a75c1de..80dadde7f 100644
--- a/vendor/github.com/sigstore/rekor/pkg/generated/models/rpm_v001_schema.go
+++ b/vendor/github.com/sigstore/rekor/pkg/generated/models/rpm_v001_schema.go
@@ -126,6 +126,7 @@ func (m *RpmV001Schema) ContextValidate(ctx context.Context, formats strfmt.Regi
 func (m *RpmV001Schema) contextValidatePackage(ctx context.Context, formats strfmt.Registry) error {
 
 	if m.Package != nil {
+
 		if err := m.Package.ContextValidate(ctx, formats); err != nil {
 			if ve, ok := err.(*errors.Validation); ok {
 				return ve.ValidateName("package")
@@ -142,6 +143,7 @@ func (m *RpmV001Schema) contextValidatePackage(ctx context.Context, formats strf
 func (m *RpmV001Schema) contextValidatePublicKey(ctx context.Context, formats strfmt.Registry) error {
 
 	if m.PublicKey != nil {
+
 		if err := m.PublicKey.ContextValidate(ctx, formats); err != nil {
 			if ve, ok := err.(*errors.Validation); ok {
 				return ve.ValidateName("publicKey")
@@ -244,6 +246,11 @@ func (m *RpmV001SchemaPackage) ContextValidate(ctx context.Context, formats strf
 func (m *RpmV001SchemaPackage) contextValidateHash(ctx context.Context, formats strfmt.Registry) error {
 
 	if m.Hash != nil {
+
+		if swag.IsZero(m.Hash) { // not required
+			return nil
+		}
+
 		if err := m.Hash.ContextValidate(ctx, formats); err != nil {
 			if ve, ok := err.(*errors.Validation); ok {
 				return ve.ValidateName("package" + "." + "hash")
diff --git a/vendor/github.com/sigstore/rekor/pkg/generated/models/search_index.go b/vendor/github.com/sigstore/rekor/pkg/generated/models/search_index.go
index 08bc595c3..bb1ccccc2 100644
--- a/vendor/github.com/sigstore/rekor/pkg/generated/models/search_index.go
+++ b/vendor/github.com/sigstore/rekor/pkg/generated/models/search_index.go
@@ -180,6 +180,11 @@ func (m *SearchIndex) ContextValidate(ctx context.Context, formats strfmt.Regist
 func (m *SearchIndex) contextValidatePublicKey(ctx context.Context, formats strfmt.Registry) error {
 
 	if m.PublicKey != nil {
+
+		if swag.IsZero(m.PublicKey) { // not required
+			return nil
+		}
+
 		if err := m.PublicKey.ContextValidate(ctx, formats); err != nil {
 			if ve, ok := err.(*errors.Validation); ok {
 				return ve.ValidateName("publicKey")
diff --git a/vendor/github.com/sigstore/rekor/pkg/generated/models/search_log_query.go b/vendor/github.com/sigstore/rekor/pkg/generated/models/search_log_query.go
index 6838b8a76..425ec8b34 100644
--- a/vendor/github.com/sigstore/rekor/pkg/generated/models/search_log_query.go
+++ b/vendor/github.com/sigstore/rekor/pkg/generated/models/search_log_query.go
@@ -260,6 +260,10 @@ func (m *SearchLogQuery) contextValidateEntries(ctx context.Context, formats str
 
 	for i := 0; i < len(m.Entries()); i++ {
 
+		if swag.IsZero(m.entriesField[i]) { // not required
+			return nil
+		}
+
 		if err := m.entriesField[i].ContextValidate(ctx, formats); err != nil {
 			if ve, ok := err.(*errors.Validation); ok {
 				return ve.ValidateName("entries" + "." + strconv.Itoa(i))
diff --git a/vendor/github.com/sigstore/rekor/pkg/generated/models/tuf_v001_schema.go b/vendor/github.com/sigstore/rekor/pkg/generated/models/tuf_v001_schema.go
index db5d8a3a9..021e0ce7d 100644
--- a/vendor/github.com/sigstore/rekor/pkg/generated/models/tuf_v001_schema.go
+++ b/vendor/github.com/sigstore/rekor/pkg/generated/models/tuf_v001_schema.go
@@ -133,6 +133,7 @@ func (m *TUFV001Schema) ContextValidate(ctx context.Context, formats strfmt.Regi
 func (m *TUFV001Schema) contextValidateMetadata(ctx context.Context, formats strfmt.Registry) error {
 
 	if m.Metadata != nil {
+
 		if err := m.Metadata.ContextValidate(ctx, formats); err != nil {
 			if ve, ok := err.(*errors.Validation); ok {
 				return ve.ValidateName("metadata")
@@ -149,6 +150,7 @@ func (m *TUFV001Schema) contextValidateMetadata(ctx context.Context, formats str
 func (m *TUFV001Schema) contextValidateRoot(ctx context.Context, formats strfmt.Registry) error {
 
 	if m.Root != nil {
+
 		if err := m.Root.ContextValidate(ctx, formats); err != nil {
 			if ve, ok := err.(*errors.Validation); ok {
 				return ve.ValidateName("root")
diff --git a/vendor/github.com/sigstore/rekor/pkg/pki/identity/identity.go b/vendor/github.com/sigstore/rekor/pkg/pki/identity/identity.go
new file mode 100644
index 000000000..4566e1ddf
--- /dev/null
+++ b/vendor/github.com/sigstore/rekor/pkg/pki/identity/identity.go
@@ -0,0 +1,38 @@
+// Copyright 2023 The Sigstore Authors.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package identity
+
+type Identity struct {
+	// Types include:
+	// - *rsa.PublicKey
+	// - *ecdsa.PublicKey
+	// - ed25519.PublicKey
+	// - *x509.Certificate
+	// - openpgp.EntityList (golang.org/x/crypto/openpgp)
+	// - *minisign.PublicKey (github.com/jedisct1/go-minisign)
+	// - ssh.PublicKey (golang.org/x/crypto/ssh)
+	Crypto any
+	// Raw key or certificate extracted from Crypto. Values include:
+	// - PKIX ASN.1 DER-encoded public key
+	// - ASN.1 DER-encoded certificate
+	Raw []byte
+	// For keys, certificates, and minisign, hex-encoded SHA-256 digest
+	// of the public key or certificate
+	// For SSH and PGP, Fingerprint is the standard for each ecosystem
+	// For SSH, unpadded base-64 encoded SHA-256 digest of the key
+	// For PGP, hex-encoded SHA-1 digest of a key, which can be either
+	// a primary key or subkey
+	Fingerprint string
+}
diff --git a/vendor/github.com/sigstore/rekor/pkg/pki/minisign/minisign.go b/vendor/github.com/sigstore/rekor/pkg/pki/minisign/minisign.go
index 0bcb02fa8..7432db3c8 100644
--- a/vendor/github.com/sigstore/rekor/pkg/pki/minisign/minisign.go
+++ b/vendor/github.com/sigstore/rekor/pkg/pki/minisign/minisign.go
@@ -17,12 +17,17 @@ package minisign
 
 import (
 	"bytes"
+	"crypto/ed25519"
+	"crypto/sha256"
 	"encoding/base64"
+	"encoding/hex"
 	"fmt"
 	"io"
 	"strings"
 
 	minisign "github.com/jedisct1/go-minisign"
+	"github.com/sigstore/rekor/pkg/pki/identity"
+	"github.com/sigstore/sigstore/pkg/cryptoutils"
 	sigsig "github.com/sigstore/sigstore/pkg/signature"
 	"golang.org/x/crypto/blake2b"
 )
@@ -184,11 +189,16 @@ func (k PublicKey) Subjects() []string {
 }
 
 // Identities implements the pki.PublicKey interface
-func (k PublicKey) Identities() ([]string, error) {
-	// returns base64-encoded key (sig alg, key ID, and public key)
-	key, err := k.CanonicalValue()
+func (k PublicKey) Identities() ([]identity.Identity, error) {
+	// PKIX encode ed25519 public key
+	pkixKey, err := cryptoutils.MarshalPublicKeyToDER(ed25519.PublicKey(k.key.PublicKey[:]))
 	if err != nil {
 		return nil, err
 	}
-	return []string{string(key)}, nil
+	digest := sha256.Sum256(pkixKey)
+	return []identity.Identity{{
+		Crypto:      k.key,
+		Raw:         pkixKey,
+		Fingerprint: hex.EncodeToString(digest[:]),
+	}}, nil
 }
diff --git a/vendor/github.com/sigstore/rekor/pkg/pki/pgp/pgp.go b/vendor/github.com/sigstore/rekor/pkg/pki/pgp/pgp.go
index aee7fa14b..19501bc1d 100644
--- a/vendor/github.com/sigstore/rekor/pkg/pki/pgp/pgp.go
+++ b/vendor/github.com/sigstore/rekor/pkg/pki/pgp/pgp.go
@@ -19,6 +19,10 @@ import (
 	"bufio"
 	"bytes"
 	"context"
+	"crypto/ecdsa"
+	"crypto/ed25519"
+	"crypto/rsa"
+	"encoding/hex"
 	"errors"
 	"fmt"
 	"io"
@@ -31,6 +35,8 @@ import (
 	"golang.org/x/crypto/openpgp/armor"  //nolint:staticcheck
 	"golang.org/x/crypto/openpgp/packet" //nolint:staticcheck
 
+	"github.com/sigstore/rekor/pkg/pki/identity"
+	"github.com/sigstore/sigstore/pkg/cryptoutils"
 	sigsig "github.com/sigstore/sigstore/pkg/signature"
 )
 
@@ -305,14 +311,34 @@ func (k PublicKey) Subjects() []string {
 }
 
 // Identities implements the pki.PublicKey interface
-func (k PublicKey) Identities() ([]string, error) {
-	// returns the email addresses and armored public key
-	var identities []string
-	identities = append(identities, k.Subjects()...)
-	key, err := k.CanonicalValue()
-	if err != nil {
-		return nil, err
+func (k PublicKey) Identities() ([]identity.Identity, error) {
+	var ids []identity.Identity
+	for _, entity := range k.key {
+		var keys []*packet.PublicKey
+		keys = append(keys, entity.PrimaryKey)
+		for _, subKey := range entity.Subkeys {
+			keys = append(keys, subKey.PublicKey)
+		}
+		for _, pk := range keys {
+			pubKey := pk.PublicKey
+			// Only process supported types. Will ignore DSA
+			// and ElGamal keys.
+			// TODO: For a V2 PGP type, enforce on upload
+			switch pubKey.(type) {
+			case *rsa.PublicKey, *ecdsa.PublicKey, ed25519.PublicKey:
+			default:
+				continue
+			}
+			pkixKey, err := cryptoutils.MarshalPublicKeyToDER(pubKey)
+			if err != nil {
+				return nil, err
+			}
+			ids = append(ids, identity.Identity{
+				Crypto:      pubKey,
+				Raw:         pkixKey,
+				Fingerprint: hex.EncodeToString(pk.Fingerprint[:]),
+			})
+		}
 	}
-	identities = append(identities, string(key))
-	return identities, nil
+	return ids, nil
 }
diff --git a/vendor/github.com/sigstore/rekor/pkg/pki/pkcs7/pkcs7.go b/vendor/github.com/sigstore/rekor/pkg/pki/pkcs7/pkcs7.go
index 8694844da..1701b5a53 100644
--- a/vendor/github.com/sigstore/rekor/pkg/pki/pkcs7/pkcs7.go
+++ b/vendor/github.com/sigstore/rekor/pkg/pki/pkcs7/pkcs7.go
@@ -19,8 +19,10 @@ package pkcs7
 import (
 	"bytes"
 	"crypto"
+	"crypto/sha256"
 	"crypto/x509"
 	"encoding/asn1"
+	"encoding/hex"
 	"encoding/pem"
 	"errors"
 	"fmt"
@@ -28,6 +30,7 @@ import (
 	"strings"
 
 	"github.com/sassoftware/relic/lib/pkcs7"
+	"github.com/sigstore/rekor/pkg/pki/identity"
 	"github.com/sigstore/sigstore/pkg/cryptoutils"
 	sigsig "github.com/sigstore/sigstore/pkg/signature"
 )
@@ -224,24 +227,22 @@ func (k PublicKey) Subjects() []string {
 }
 
 // Identities implements the pki.PublicKey interface
-func (k PublicKey) Identities() ([]string, error) {
-	var identities []string
-
+func (k PublicKey) Identities() ([]identity.Identity, error) {
 	// pkcs7 structure may contain both a key and certificate chain
-	pemCert, err := cryptoutils.MarshalCertificateToPEM(k.certs[0])
-	if err != nil {
-		return nil, err
-	}
-	identities = append(identities, string(pemCert))
-	pemKey, err := cryptoutils.MarshalPublicKeyToPEM(k.key)
+	pkixKey, err := cryptoutils.MarshalPublicKeyToDER(k.key)
 	if err != nil {
 		return nil, err
 	}
-	identities = append(identities, string(pemKey))
-
-	// Subjects come from the certificate Subject and SANs
-	// SANs could include an email, IP address, DNS name, URI, or any other value in the SAN
-	identities = append(identities, k.Subjects()...)
-
-	return identities, nil
+	keyDigest := sha256.Sum256(pkixKey)
+	certDigest := sha256.Sum256(k.certs[0].Raw)
+	return []identity.Identity{{
+		Crypto:      k.certs[0],
+		Raw:         k.certs[0].Raw,
+		Fingerprint: hex.EncodeToString(certDigest[:]),
+	}, {
+		Crypto:      k.key,
+		Raw:         pkixKey,
+		Fingerprint: hex.EncodeToString(keyDigest[:]),
+	},
+	}, nil
 }
diff --git a/vendor/github.com/sigstore/rekor/pkg/pki/pki.go b/vendor/github.com/sigstore/rekor/pkg/pki/pki.go
index fc60ac691..19688bd1b 100644
--- a/vendor/github.com/sigstore/rekor/pkg/pki/pki.go
+++ b/vendor/github.com/sigstore/rekor/pkg/pki/pki.go
@@ -18,6 +18,7 @@ package pki
 import (
 	"io"
 
+	"github.com/sigstore/rekor/pkg/pki/identity"
 	sigsig "github.com/sigstore/sigstore/pkg/signature"
 )
 
@@ -28,8 +29,8 @@ type PublicKey interface {
 	// also return Subject URIs present in public keys.
 	EmailAddresses() []string
 	Subjects() []string
-	// Identities returns PEM-encoded public keys and subjects from either certificate or PGP keys
-	Identities() ([]string, error)
+	// Identities returns a list of typed keys and certificates.
+	Identities() ([]identity.Identity, error)
 }
 
 // Signature Generic object representing a signature (regardless of format & algorithm)
diff --git a/vendor/github.com/sigstore/rekor/pkg/pki/ssh/ssh.go b/vendor/github.com/sigstore/rekor/pkg/pki/ssh/ssh.go
index 30f84ba23..d96a83343 100644
--- a/vendor/github.com/sigstore/rekor/pkg/pki/ssh/ssh.go
+++ b/vendor/github.com/sigstore/rekor/pkg/pki/ssh/ssh.go
@@ -16,12 +16,19 @@
 package ssh
 
 import (
-	"bytes"
+	"crypto"
+	"crypto/ecdsa"
+	"crypto/ed25519"
+	"crypto/elliptic"
+	"encoding/binary"
+	"errors"
 	"fmt"
 	"io"
 	"net/http"
 
 	"github.com/asaskevich/govalidator"
+	"github.com/sigstore/rekor/pkg/pki/identity"
+	"github.com/sigstore/sigstore/pkg/cryptoutils"
 	sigsig "github.com/sigstore/sigstore/pkg/signature"
 	"golang.org/x/crypto/ssh"
 )
@@ -108,25 +115,110 @@ func (k PublicKey) CanonicalValue() ([]byte, error) {
 
 // EmailAddresses implements the pki.PublicKey interface
 func (k PublicKey) EmailAddresses() []string {
+	if govalidator.IsEmail(k.comment) {
+		return []string{k.comment}
+	}
 	return nil
 }
 
 // Subjects implements the pki.PublicKey interface
 func (k PublicKey) Subjects() []string {
-	return nil
+	return k.EmailAddresses()
 }
 
 // Identities implements the pki.PublicKey interface
-func (k PublicKey) Identities() ([]string, error) {
-	var identities []string
+func (k PublicKey) Identities() ([]identity.Identity, error) {
+	// extract key from SSH certificate if present
+	var sshKey ssh.PublicKey
+	switch v := k.key.(type) {
+	case *ssh.Certificate:
+		sshKey = v.Key
+	default:
+		sshKey = k.key
+	}
 
-	// an authorized key format
-	authorizedKey := string(bytes.TrimSpace(ssh.MarshalAuthorizedKey(k.key)))
-	identities = append(identities, authorizedKey)
+	// Extract crypto.PublicKey from SSH key
+	// Handle sk public keys which do not implement ssh.CryptoPublicKey
+	// Inspired by x/ssh/keys.go
+	// TODO: Simplify after https://github.com/golang/go/issues/62518
+	var cryptoPubKey crypto.PublicKey
+	if v, ok := sshKey.(ssh.CryptoPublicKey); ok {
+		cryptoPubKey = v.CryptoPublicKey()
+	} else {
+		switch sshKey.Type() {
+		case ssh.KeyAlgoSKECDSA256:
+			var w struct {
+				Curve       string
+				KeyBytes    []byte
+				Application string
+				Rest        []byte `ssh:"rest"`
+			}
+			_, k, ok := parseString(sshKey.Marshal())
+			if !ok {
+				return nil, fmt.Errorf("error parsing ssh.KeyAlgoSKED25519 key")
+			}
+			if err := ssh.Unmarshal(k, &w); err != nil {
+				return nil, err
+			}
+			if w.Curve != "nistp256" {
+				return nil, errors.New("ssh: unsupported curve")
+			}
+			ecdsaPubKey := new(ecdsa.PublicKey)
+			ecdsaPubKey.Curve = elliptic.P256()
+			//nolint:staticcheck // ignore SA1019 for old code
+			ecdsaPubKey.X, ecdsaPubKey.Y = elliptic.Unmarshal(ecdsaPubKey.Curve, w.KeyBytes)
+			if ecdsaPubKey.X == nil || ecdsaPubKey.Y == nil {
+				return nil, errors.New("ssh: invalid curve point")
+			}
+			cryptoPubKey = ecdsaPubKey
+		case ssh.KeyAlgoSKED25519:
+			var w struct {
+				KeyBytes    []byte
+				Application string
+				Rest        []byte `ssh:"rest"`
+			}
+			_, k, ok := parseString(sshKey.Marshal())
+			if !ok {
+				return nil, fmt.Errorf("error parsing ssh.KeyAlgoSKED25519 key")
+			}
+			if err := ssh.Unmarshal(k, &w); err != nil {
+				return nil, err
+			}
+			if l := len(w.KeyBytes); l != ed25519.PublicKeySize {
+				return nil, fmt.Errorf("invalid size %d for Ed25519 public key", l)
+			}
+			cryptoPubKey = ed25519.PublicKey(w.KeyBytes)
+		default:
+			// Should not occur, as rsa, dsa, ecdsa, and ed25519 all implement ssh.CryptoPublicKey
+			return nil, fmt.Errorf("unknown key type: %T", sshKey)
+		}
+	}
 
-	if govalidator.IsEmail(k.comment) {
-		identities = append(identities, k.comment)
+	pkixKey, err := cryptoutils.MarshalPublicKeyToDER(cryptoPubKey)
+	if err != nil {
+		return nil, err
 	}
+	fp := ssh.FingerprintSHA256(k.key)
+	return []identity.Identity{{
+		Crypto:      k.key,
+		Raw:         pkixKey,
+		Fingerprint: fp,
+	}}, nil
+}
 
-	return identities, nil
+// Copied by x/ssh/keys.go
+// TODO: Remove after https://github.com/golang/go/issues/62518
+func parseString(in []byte) (out, rest []byte, ok bool) {
+	if len(in) < 4 {
+		return
+	}
+	length := binary.BigEndian.Uint32(in)
+	in = in[4:]
+	if uint32(len(in)) < length {
+		return
+	}
+	out = in[:length]
+	rest = in[length:]
+	ok = true
+	return
 }
diff --git a/vendor/github.com/sigstore/rekor/pkg/pki/tuf/tuf.go b/vendor/github.com/sigstore/rekor/pkg/pki/tuf/tuf.go
index 7da68e2e4..f2983481d 100644
--- a/vendor/github.com/sigstore/rekor/pkg/pki/tuf/tuf.go
+++ b/vendor/github.com/sigstore/rekor/pkg/pki/tuf/tuf.go
@@ -16,14 +16,21 @@
 package tuf
 
 import (
+	"crypto/ed25519"
+	"crypto/sha256"
+	"crypto/x509"
+	"encoding/hex"
 	"encoding/json"
 	"fmt"
 	"io"
 	"time"
 
 	"github.com/cyberphone/json-canonicalization/go/src/webpki.org/jsoncanonicalizer"
+	"github.com/sigstore/rekor/pkg/pki/identity"
+	"github.com/sigstore/sigstore/pkg/cryptoutils"
 	sigsig "github.com/sigstore/sigstore/pkg/signature"
 	"github.com/theupdateframework/go-tuf/data"
+	"github.com/theupdateframework/go-tuf/pkg/keys"
 	"github.com/theupdateframework/go-tuf/verify"
 )
 
@@ -168,14 +175,56 @@ func (k PublicKey) Subjects() []string {
 }
 
 // Identities implements the pki.PublicKey interface
-func (k PublicKey) Identities() ([]string, error) {
+func (k PublicKey) Identities() ([]identity.Identity, error) {
 	root := &data.Root{}
 	if err := json.Unmarshal(k.root.Signed, root); err != nil {
 		return nil, err
 	}
-	identity, err := json.Marshal(root.Keys)
-	if err != nil {
-		return nil, err
+	var ids []identity.Identity
+	for _, k := range root.Keys {
+		verifier, err := keys.GetVerifier(k)
+		if err != nil {
+			return nil, err
+		}
+		switch k.Type {
+		// RSA and ECDSA keys are PKIX-encoded without PEM header for the Verifier type
+		case data.KeyTypeRSASSA_PSS_SHA256:
+			fallthrough
+		// TODO: Update to constants once go-tuf is updated to 0.6.0 (need PR #508)
+		case "ecdsa-sha2-nistp256":
+			fallthrough
+		case "ecdsa":
+			// parse and marshal to check format is correct
+			pub, err := x509.ParsePKIXPublicKey([]byte(verifier.Public()))
+			if err != nil {
+				return nil, err
+			}
+			pkixKey, err := cryptoutils.MarshalPublicKeyToDER(pub)
+			if err != nil {
+				return nil, err
+			}
+			digest := sha256.Sum256(pkixKey)
+			ids = append(ids, identity.Identity{
+				Crypto:      pub,
+				Raw:         pkixKey,
+				Fingerprint: hex.EncodeToString(digest[:]),
+			})
+		case data.KeyTypeEd25519:
+			// key is stored as a 32-byte string
+			pub := ed25519.PublicKey(verifier.Public())
+			pkixKey, err := cryptoutils.MarshalPublicKeyToDER(pub)
+			if err != nil {
+				return nil, err
+			}
+			digest := sha256.Sum256(pkixKey)
+			ids = append(ids, identity.Identity{
+				Crypto:      pub,
+				Raw:         pkixKey,
+				Fingerprint: hex.EncodeToString(digest[:]),
+			})
+		default:
+			return nil, fmt.Errorf("unsupported key type: %v", k.Type)
+		}
 	}
-	return []string{string(identity)}, nil
+	return ids, nil
 }
diff --git a/vendor/github.com/sigstore/rekor/pkg/pki/x509/x509.go b/vendor/github.com/sigstore/rekor/pkg/pki/x509/x509.go
index 9624981a1..2589849c4 100644
--- a/vendor/github.com/sigstore/rekor/pkg/pki/x509/x509.go
+++ b/vendor/github.com/sigstore/rekor/pkg/pki/x509/x509.go
@@ -18,8 +18,10 @@ package x509
 import (
 	"bytes"
 	"crypto"
+	"crypto/sha256"
 	"crypto/x509"
 	"encoding/asn1"
+	"encoding/hex"
 	"encoding/pem"
 	"errors"
 	"fmt"
@@ -27,6 +29,7 @@ import (
 	"strings"
 
 	validator "github.com/go-playground/validator/v10"
+	"github.com/sigstore/rekor/pkg/pki/identity"
 	"github.com/sigstore/sigstore/pkg/cryptoutils"
 	sigsig "github.com/sigstore/sigstore/pkg/signature"
 )
@@ -194,7 +197,7 @@ func (k PublicKey) EmailAddresses() []string {
 
 // Subjects implements the pki.PublicKey interface
 func (k PublicKey) Subjects() []string {
-	var names []string
+	var subjects []string
 	var cert *x509.Certificate
 	if k.cert != nil {
 		cert = k.cert.c
@@ -202,34 +205,25 @@ func (k PublicKey) Subjects() []string {
 		cert = k.certs[0]
 	}
 	if cert != nil {
-		validate := validator.New()
-		for _, name := range cert.EmailAddresses {
-			if errs := validate.Var(name, "required,email"); errs == nil {
-				names = append(names, strings.ToLower(name))
-			}
-		}
-		for _, name := range cert.URIs {
-			if errs := validate.Var(name.String(), "required,uri"); errs == nil {
-				names = append(names, strings.ToLower(name.String()))
-			}
-		}
-		otherName, _ := cryptoutils.UnmarshalOtherNameSAN(cert.Extensions)
-		if len(otherName) > 0 {
-			names = append(names, otherName)
-		}
+		subjects = cryptoutils.GetSubjectAlternateNames(cert)
 	}
-	return names
+	return subjects
 }
 
 // Identities implements the pki.PublicKey interface
-func (k PublicKey) Identities() ([]string, error) {
+func (k PublicKey) Identities() ([]identity.Identity, error) {
 	// k contains either a key, a cert, or a list of certs
 	if k.key != nil {
-		pem, err := cryptoutils.MarshalPublicKeyToPEM(k.key)
+		pkixKey, err := cryptoutils.MarshalPublicKeyToDER(k.key)
 		if err != nil {
 			return nil, err
 		}
-		return []string{string(pem)}, nil
+		digest := sha256.Sum256(pkixKey)
+		return []identity.Identity{{
+			Crypto:      k.key,
+			Raw:         pkixKey,
+			Fingerprint: hex.EncodeToString(digest[:]),
+		}}, nil
 	}
 
 	var cert *x509.Certificate
@@ -242,19 +236,12 @@ func (k PublicKey) Identities() ([]string, error) {
 		return nil, errors.New("no key, certificate or certificate chain provided")
 	}
 
-	var identities []string
-	pemCert, err := cryptoutils.MarshalCertificateToPEM(cert)
-	if err != nil {
-		return nil, err
-	}
-	identities = append(identities, string(pemCert))
-	pemKey, err := cryptoutils.MarshalPublicKeyToPEM(cert.PublicKey)
-	if err != nil {
-		return nil, err
-	}
-	identities = append(identities, string(pemKey))
-	identities = append(identities, cryptoutils.GetSubjectAlternateNames(cert)...)
-	return identities, nil
+	digest := sha256.Sum256(cert.Raw)
+	return []identity.Identity{{
+		Crypto:      cert,
+		Raw:         cert.Raw,
+		Fingerprint: hex.EncodeToString(digest[:]),
+	}}, nil
 }
 
 func verifyCertChain(certChain []*x509.Certificate) error {
diff --git a/vendor/github.com/sigstore/rekor/pkg/types/dsse/v0.0.1/entry.go b/vendor/github.com/sigstore/rekor/pkg/types/dsse/v0.0.1/entry.go
index 3cb2ef0d9..fb62a22f5 100644
--- a/vendor/github.com/sigstore/rekor/pkg/types/dsse/v0.0.1/entry.go
+++ b/vendor/github.com/sigstore/rekor/pkg/types/dsse/v0.0.1/entry.go
@@ -403,13 +403,27 @@ func verifyEnvelope(allPubKeyBytes [][]byte, env *dsse.Envelope) (map[string]*x5
 	return verifierBySig, nil
 }
 
-func (v V001Entry) Verifier() (pki.PublicKey, error) {
+func (v V001Entry) Verifiers() ([]pki.PublicKey, error) {
 	if len(v.DSSEObj.Signatures) == 0 {
 		return nil, errors.New("dsse v0.0.1 entry not initialized")
 	}
 
-	//TODO: return multiple pki.PublicKeys; sigstore/rekor issue #1278
-	return x509.NewPublicKey(bytes.NewReader(*v.DSSEObj.Signatures[0].Verifier))
+	var keys []pki.PublicKey
+	for _, s := range v.DSSEObj.Signatures {
+		key, err := x509.NewPublicKey(bytes.NewReader(*s.Verifier))
+		if err != nil {
+			return nil, err
+		}
+		keys = append(keys, key)
+	}
+	return keys, nil
+}
+
+func (v V001Entry) ArtifactHash() (string, error) {
+	if v.DSSEObj.PayloadHash == nil || v.DSSEObj.PayloadHash.Algorithm == nil || v.DSSEObj.PayloadHash.Value == nil {
+		return "", errors.New("dsse v0.0.1 entry not initialized")
+	}
+	return strings.ToLower(fmt.Sprintf("%s:%s", *v.DSSEObj.PayloadHash.Algorithm, *v.DSSEObj.PayloadHash.Value)), nil
 }
 
 func (v V001Entry) Insertable() (bool, error) {
diff --git a/vendor/github.com/sigstore/rekor/pkg/types/entries.go b/vendor/github.com/sigstore/rekor/pkg/types/entries.go
index 9309b4c33..c2565968c 100644
--- a/vendor/github.com/sigstore/rekor/pkg/types/entries.go
+++ b/vendor/github.com/sigstore/rekor/pkg/types/entries.go
@@ -37,8 +37,9 @@ type EntryImpl interface {
 	Canonicalize(ctx context.Context) ([]byte, error) // marshal the canonical entry to be put into the tlog
 	Unmarshal(e models.ProposedEntry) error           // unmarshal the abstract entry into the specific struct for this versioned type
 	CreateFromArtifactProperties(context.Context, ArtifactProperties) (models.ProposedEntry, error)
-	Verifier() (pki.PublicKey, error)
-	Insertable() (bool, error) // denotes whether the entry that was unmarshalled has the writeOnly fields required to validate and insert into the log
+	Verifiers() ([]pki.PublicKey, error) // list of keys or certificates that can verify an entry's signature
+	ArtifactHash() (string, error)       // hex-encoded artifact hash prefixed with hash name, e.g. sha256:abcdef
+	Insertable() (bool, error)           // denotes whether the entry that was unmarshalled has the writeOnly fields required to validate and insert into the log
 }
 
 // EntryWithAttestationImpl specifies the behavior of a versioned type that also stores attestations
diff --git a/vendor/github.com/sigstore/rekor/pkg/types/hashedrekord/v0.0.1/entry.go b/vendor/github.com/sigstore/rekor/pkg/types/hashedrekord/v0.0.1/entry.go
index 82f54fe1a..5f0cb138a 100644
--- a/vendor/github.com/sigstore/rekor/pkg/types/hashedrekord/v0.0.1/entry.go
+++ b/vendor/github.com/sigstore/rekor/pkg/types/hashedrekord/v0.0.1/entry.go
@@ -246,11 +246,22 @@ func (v V001Entry) CreateFromArtifactProperties(_ context.Context, props types.A
 	return &returnVal, nil
 }
 
-func (v V001Entry) Verifier() (pki.PublicKey, error) {
+func (v V001Entry) Verifiers() ([]pki.PublicKey, error) {
 	if v.HashedRekordObj.Signature == nil || v.HashedRekordObj.Signature.PublicKey == nil || v.HashedRekordObj.Signature.PublicKey.Content == nil {
 		return nil, errors.New("hashedrekord v0.0.1 entry not initialized")
 	}
-	return x509.NewPublicKey(bytes.NewReader(v.HashedRekordObj.Signature.PublicKey.Content))
+	key, err := x509.NewPublicKey(bytes.NewReader(v.HashedRekordObj.Signature.PublicKey.Content))
+	if err != nil {
+		return nil, err
+	}
+	return []pki.PublicKey{key}, nil
+}
+
+func (v V001Entry) ArtifactHash() (string, error) {
+	if v.HashedRekordObj.Data == nil || v.HashedRekordObj.Data.Hash == nil || v.HashedRekordObj.Data.Hash.Value == nil || v.HashedRekordObj.Data.Hash.Algorithm == nil {
+		return "", errors.New("hashedrekord v0.0.1 entry not initialized")
+	}
+	return strings.ToLower(fmt.Sprintf("%s:%s", *v.HashedRekordObj.Data.Hash.Algorithm, *v.HashedRekordObj.Data.Hash.Value)), nil
 }
 
 func (v V001Entry) Insertable() (bool, error) {
diff --git a/vendor/github.com/sigstore/rekor/pkg/types/intoto/README.md b/vendor/github.com/sigstore/rekor/pkg/types/intoto/README.md
index eba7a16e0..0c4d1d73f 100644
--- a/vendor/github.com/sigstore/rekor/pkg/types/intoto/README.md
+++ b/vendor/github.com/sigstore/rekor/pkg/types/intoto/README.md
@@ -2,7 +2,7 @@
 
 This document provides a definition for each field that is not otherwise described in the [in-toto schema](https://github.com/sigstore/rekor/blob/main/pkg/types/intoto/v0.0.1/intoto_v0_0_1_schema.json). This document also notes any additional information about the values associated with each field such as the format in which the data is stored and any necessary transformations.
 
-**Attestation:** authenticated, machine-readable metadata about one or more software artifacts. [SLSA definiton](https://github.com/slsa-framework/slsa/blob/main/controls/attestations.md)
+**Attestation:** authenticated, machine-readable metadata about one or more software artifacts. [SLSA definition](https://github.com/slsa-framework/slsa/blob/main/controls/attestations.md)
 - The Attestation value ought to be a Base64-encoded JSON object.
 - The [in-toto Attestation specification](https://github.com/in-toto/attestation/blob/main/spec/README.md#statement) provides detailed guidance on understanding and parsing this JSON object.
 
diff --git a/vendor/github.com/sigstore/rekor/pkg/types/intoto/v0.0.1/entry.go b/vendor/github.com/sigstore/rekor/pkg/types/intoto/v0.0.1/entry.go
index 1018d4c0d..e44c76717 100644
--- a/vendor/github.com/sigstore/rekor/pkg/types/intoto/v0.0.1/entry.go
+++ b/vendor/github.com/sigstore/rekor/pkg/types/intoto/v0.0.1/entry.go
@@ -353,11 +353,22 @@ func (v V001Entry) CreateFromArtifactProperties(_ context.Context, props types.A
 	return &returnVal, nil
 }
 
-func (v V001Entry) Verifier() (pki.PublicKey, error) {
+func (v V001Entry) Verifiers() ([]pki.PublicKey, error) {
 	if v.IntotoObj.PublicKey == nil {
 		return nil, errors.New("intoto v0.0.1 entry not initialized")
 	}
-	return x509.NewPublicKey(bytes.NewReader(*v.IntotoObj.PublicKey))
+	key, err := x509.NewPublicKey(bytes.NewReader(*v.IntotoObj.PublicKey))
+	if err != nil {
+		return nil, err
+	}
+	return []pki.PublicKey{key}, nil
+}
+
+func (v V001Entry) ArtifactHash() (string, error) {
+	if v.IntotoObj.Content == nil || v.IntotoObj.Content.PayloadHash == nil || v.IntotoObj.Content.PayloadHash.Algorithm == nil || v.IntotoObj.Content.PayloadHash.Value == nil {
+		return "", errors.New("hashedrekord v0.0.1 entry not initialized")
+	}
+	return strings.ToLower(fmt.Sprintf("%s:%s", *v.IntotoObj.Content.PayloadHash.Algorithm, *v.IntotoObj.Content.PayloadHash.Value)), nil
 }
 
 func (v V001Entry) Insertable() (bool, error) {
diff --git a/vendor/github.com/sigstore/rekor/pkg/types/intoto/v0.0.2/entry.go b/vendor/github.com/sigstore/rekor/pkg/types/intoto/v0.0.2/entry.go
index 5231eee2c..0ae4a9d44 100644
--- a/vendor/github.com/sigstore/rekor/pkg/types/intoto/v0.0.2/entry.go
+++ b/vendor/github.com/sigstore/rekor/pkg/types/intoto/v0.0.2/entry.go
@@ -457,7 +457,7 @@ func verifyEnvelope(allPubKeyBytes [][]byte, env *dsse.Envelope) (map[string]*x5
 	return verifierBySig, nil
 }
 
-func (v V002Entry) Verifier() (pki.PublicKey, error) {
+func (v V002Entry) Verifiers() ([]pki.PublicKey, error) {
 	if v.IntotoObj.Content == nil || v.IntotoObj.Content.Envelope == nil {
 		return nil, errors.New("intoto v0.0.2 entry not initialized")
 	}
@@ -467,7 +467,22 @@ func (v V002Entry) Verifier() (pki.PublicKey, error) {
 		return nil, errors.New("no signatures found on intoto entry")
 	}
 
-	return x509.NewPublicKey(bytes.NewReader(*v.IntotoObj.Content.Envelope.Signatures[0].PublicKey))
+	var keys []pki.PublicKey
+	for _, s := range v.IntotoObj.Content.Envelope.Signatures {
+		key, err := x509.NewPublicKey(bytes.NewReader(*s.PublicKey))
+		if err != nil {
+			return nil, err
+		}
+		keys = append(keys, key)
+	}
+	return keys, nil
+}
+
+func (v V002Entry) ArtifactHash() (string, error) {
+	if v.IntotoObj.Content == nil || v.IntotoObj.Content.PayloadHash == nil || v.IntotoObj.Content.PayloadHash.Algorithm == nil || v.IntotoObj.Content.PayloadHash.Value == nil {
+		return "", errors.New("intoto v0.0.2 entry not initialized")
+	}
+	return strings.ToLower(fmt.Sprintf("%s:%s", *v.IntotoObj.Content.PayloadHash.Algorithm, *v.IntotoObj.Content.PayloadHash.Value)), nil
 }
 
 func (v V002Entry) Insertable() (bool, error) {
diff --git a/vendor/github.com/sigstore/rekor/pkg/types/rekord/v0.0.1/entry.go b/vendor/github.com/sigstore/rekor/pkg/types/rekord/v0.0.1/entry.go
index dd124e1ad..619f19f8e 100644
--- a/vendor/github.com/sigstore/rekor/pkg/types/rekord/v0.0.1/entry.go
+++ b/vendor/github.com/sigstore/rekor/pkg/types/rekord/v0.0.1/entry.go
@@ -425,23 +425,36 @@ func (v V001Entry) CreateFromArtifactProperties(ctx context.Context, props types
 	return &returnVal, nil
 }
 
-func (v V001Entry) Verifier() (pki.PublicKey, error) {
+func (v V001Entry) Verifiers() ([]pki.PublicKey, error) {
 	if v.RekordObj.Signature == nil || v.RekordObj.Signature.PublicKey == nil || v.RekordObj.Signature.PublicKey.Content == nil {
 		return nil, errors.New("rekord v0.0.1 entry not initialized")
 	}
 
+	var key pki.PublicKey
+	var err error
 	switch f := *v.RekordObj.Signature.Format; f {
 	case "x509":
-		return x509.NewPublicKey(bytes.NewReader(*v.RekordObj.Signature.PublicKey.Content))
+		key, err = x509.NewPublicKey(bytes.NewReader(*v.RekordObj.Signature.PublicKey.Content))
 	case "ssh":
-		return ssh.NewPublicKey(bytes.NewReader(*v.RekordObj.Signature.PublicKey.Content))
+		key, err = ssh.NewPublicKey(bytes.NewReader(*v.RekordObj.Signature.PublicKey.Content))
 	case "pgp":
-		return pgp.NewPublicKey(bytes.NewReader(*v.RekordObj.Signature.PublicKey.Content))
+		key, err = pgp.NewPublicKey(bytes.NewReader(*v.RekordObj.Signature.PublicKey.Content))
 	case "minisign":
-		return minisign.NewPublicKey(bytes.NewReader(*v.RekordObj.Signature.PublicKey.Content))
+		key, err = minisign.NewPublicKey(bytes.NewReader(*v.RekordObj.Signature.PublicKey.Content))
 	default:
 		return nil, fmt.Errorf("unexpected format of public key: %s", f)
 	}
+	if err != nil {
+		return nil, err
+	}
+	return []pki.PublicKey{key}, nil
+}
+
+func (v V001Entry) ArtifactHash() (string, error) {
+	if v.RekordObj.Data == nil || v.RekordObj.Data.Hash == nil || v.RekordObj.Data.Hash.Value == nil || v.RekordObj.Data.Hash.Algorithm == nil {
+		return "", errors.New("rekord v0.0.1 entry not initialized")
+	}
+	return strings.ToLower(fmt.Sprintf("%s:%s", *v.RekordObj.Data.Hash.Algorithm, *v.RekordObj.Data.Hash.Value)), nil
 }
 
 func (v V001Entry) Insertable() (bool, error) {
diff --git a/vendor/github.com/sigstore/rekor/pkg/types/test_util.go b/vendor/github.com/sigstore/rekor/pkg/types/test_util.go
index 03b5b9c0b..0fada89a2 100644
--- a/vendor/github.com/sigstore/rekor/pkg/types/test_util.go
+++ b/vendor/github.com/sigstore/rekor/pkg/types/test_util.go
@@ -31,7 +31,11 @@ func (u BaseUnmarshalTester) NewEntry() EntryImpl {
 	return &BaseUnmarshalTester{}
 }
 
-func (u BaseUnmarshalTester) Verifier() (pki.PublicKey, error) {
+func (u BaseUnmarshalTester) ArtifactHash() (string, error) {
+	return "", nil
+}
+
+func (u BaseUnmarshalTester) Verifiers() ([]pki.PublicKey, error) {
 	return nil, nil
 }
 
diff --git a/vendor/github.com/sigstore/rekor/pkg/util/checkpoint.go b/vendor/github.com/sigstore/rekor/pkg/util/checkpoint.go
index 94dc68c66..3d3534aec 100644
--- a/vendor/github.com/sigstore/rekor/pkg/util/checkpoint.go
+++ b/vendor/github.com/sigstore/rekor/pkg/util/checkpoint.go
@@ -29,7 +29,7 @@ import (
 	"github.com/sigstore/sigstore/pkg/signature/options"
 )
 
-// heavily borrowed from https://github.com/google/trillian-examples/blob/master/formats/log/checkpoint.go
+// heavily borrowed from https://github.com/transparency-dev/formats/blob/main/log/checkpoint.go
 
 type Checkpoint struct {
 	// Origin is the unique identifier/version string
diff --git a/vendor/github.com/sigstore/sigstore/pkg/cryptoutils/privatekey.go b/vendor/github.com/sigstore/sigstore/pkg/cryptoutils/privatekey.go
index b1a0dad05..325813d69 100644
--- a/vendor/github.com/sigstore/sigstore/pkg/cryptoutils/privatekey.go
+++ b/vendor/github.com/sigstore/sigstore/pkg/cryptoutils/privatekey.go
@@ -26,7 +26,7 @@ import (
 	"errors"
 	"fmt"
 
-	"github.com/theupdateframework/go-tuf/encrypted"
+	"github.com/secure-systems-lab/go-securesystemslib/encrypted"
 )
 
 const (
diff --git a/vendor/github.com/sigstore/sigstore/pkg/signature/payload/payload.go b/vendor/github.com/sigstore/sigstore/pkg/signature/payload/payload.go
index 2764b4b31..cab6f5b98 100644
--- a/vendor/github.com/sigstore/sigstore/pkg/signature/payload/payload.go
+++ b/vendor/github.com/sigstore/sigstore/pkg/signature/payload/payload.go
@@ -27,7 +27,7 @@ import (
 const CosignSignatureType = "cosign container image signature"
 
 // SimpleContainerImage describes the structure of a basic container image signature payload, as defined at:
-// https://github.com/containers/image/blob/master/docs/containers-signature.5.md#json-data-format
+// https://github.com/containers/image/blob/main/docs/containers-signature.5.md#json-data-format
 type SimpleContainerImage struct {
 	Critical Critical               `json:"critical"` // Critical data critical to correctly evaluating the validity of the signature
 	Optional map[string]interface{} `json:"optional"` // Optional optional metadata about the image
diff --git a/vendor/github.com/sigstore/sigstore/pkg/tuf/client.go b/vendor/github.com/sigstore/sigstore/pkg/tuf/client.go
index 5d5fe5083..c652a5261 100644
--- a/vendor/github.com/sigstore/sigstore/pkg/tuf/client.go
+++ b/vendor/github.com/sigstore/sigstore/pkg/tuf/client.go
@@ -37,7 +37,6 @@ import (
 	"github.com/theupdateframework/go-tuf/client"
 	tuf_leveldbstore "github.com/theupdateframework/go-tuf/client/leveldbstore"
 	"github.com/theupdateframework/go-tuf/data"
-	_ "github.com/theupdateframework/go-tuf/pkg/deprecated/set_ecdsa"
 	"github.com/theupdateframework/go-tuf/util"
 )
 
@@ -370,15 +369,17 @@ func Initialize(_ context.Context, mirror string, root []byte) error {
 }
 
 // Checks if the testTarget matches the valid target file metadata.
-func isValidTarget(testTarget []byte, validMeta data.TargetFileMeta) bool {
-	localMeta, err := util.GenerateTargetFileMeta(bytes.NewReader(testTarget))
+func isValidTarget(testTarget []byte, validMeta data.TargetFileMeta) (bool, error) {
+	localMeta, err := util.GenerateTargetFileMeta(
+		bytes.NewReader(testTarget),
+		"sha256", "sha512")
 	if err != nil {
-		return false
+		return false, err
 	}
 	if err := util.TargetFileMetaEqual(localMeta, validMeta); err != nil {
-		return false
+		return false, err
 	}
-	return true
+	return true, nil
 }
 
 func (t *TUF) GetTarget(name string) ([]byte, error) {
@@ -394,8 +395,8 @@ func (t *TUF) GetTarget(name string) ([]byte, error) {
 		return nil, err
 	}
 
-	if !isValidTarget(targetBytes, validMeta) {
-		return nil, fmt.Errorf("cache contains invalid target; local cache may be corrupt")
+	if valid, err := isValidTarget(targetBytes, validMeta); !valid {
+		return nil, fmt.Errorf("cache contains invalid target; local cache may be corrupt: %w", err)
 	}
 
 	return targetBytes, nil
@@ -540,7 +541,7 @@ func maybeDownloadRemoteTarget(name string, meta data.TargetFileMeta, t *TUF) er
 	// If we already have the target locally, don't bother downloading from remote storage.
 	if cachedTarget, err := t.targets.Get(name); err == nil {
 		// If the target we have stored matches the meta, use that.
-		if isValidTarget(cachedTarget, meta) {
+		if valid, _ := isValidTarget(cachedTarget, meta); valid {
 			return nil
 		}
 	}
@@ -561,7 +562,7 @@ func maybeDownloadRemoteTarget(name string, meta data.TargetFileMeta, t *TUF) er
 			b = bytes.ReplaceAll(b, []byte("\r\n"), []byte("\n"))
 		}
 
-		if isValidTarget(b, meta) {
+		if valid, _ := isValidTarget(b, meta); valid {
 			if _, err := io.Copy(&w, bytes.NewReader(b)); err != nil {
 				return fmt.Errorf("using embedded target: %w", err)
 			}
diff --git a/vendor/github.com/sigstore/sigstore/pkg/tuf/repository/root.json b/vendor/github.com/sigstore/sigstore/pkg/tuf/repository/root.json
index 386ebe62c..c3ea9cb6a 100644
--- a/vendor/github.com/sigstore/sigstore/pkg/tuf/repository/root.json
+++ b/vendor/github.com/sigstore/sigstore/pkg/tuf/repository/root.json
@@ -1,144 +1,140 @@
 {
-	"signatures": [
-		{
-			"keyid": "2f64fb5eac0cf94dd39bb45308b98920055e9a0d8e012a7220787834c60aef97",
-			"sig": "3046022100d3ea59490b253beae0926c6fa63f54336dea1ed700555be9f27ff55cd347639c0221009157d1ba012cead81948a4ab777d355451d57f5c4a2d333fc68d2e3f358093c2"
-		},
-		{
-			"keyid": "bdde902f5ec668179ff5ca0dabf7657109287d690bf97e230c21d65f99155c62",
-			"sig": "304502206eaef40564403ce572c6d062e0c9b0aab5e0223576133e081e1b495e8deb9efd02210080fd6f3464d759601b4afec596bbd5952f3a224cd06ed1cdfc3c399118752ba2"
-		},
-		{
-			"keyid": "eaf22372f417dd618a46f6c627dbc276e9fd30a004fc94f9be946e73f8bd090b",
-			"sig": "304502207baace02f56d8e6069f10b6ff098a26e7f53a7f9324ad62cffa0557bdeb9036c022100fb3032baaa090d0040c3f2fd872571c84479309b773208601d65948df87a9720"
-		},
-		{
-			"keyid": "f40f32044071a9365505da3d1e3be6561f6f22d0e60cf51df783999f6c3429cb",
-			"sig": "304402205180c01905505dd88acd7a2dad979dd75c979b3722513a7bdedac88c6ae8dbeb022056d1ddf7a192f0b1c2c90ff487de2fb3ec9f0c03f66ea937c78d3b6a493504ca"
-		},
-		{
-			"keyid": "f505595165a177a41750a8e864ed1719b1edfccd5a426fd2c0ffda33ce7ff209",
-			"sig": "3046022100c8806d4647c514d80fd8f707d3369444c4fd1d0812a2d25f828e564c99790e3f022100bb51f12e862ef17a7d3da2ac103bebc5c7e792237006c4cafacd76267b249c2f"
-		}
-	],
 	"signed": {
 		"_type": "root",
-		"consistent_snapshot": false,
-		"expires": "2022-05-11T19:09:02.663975009Z",
+		"spec_version": "1.0",
+		"version": 7,
+		"expires": "2023-10-04T13:08:11Z",
 		"keys": {
-			"2f64fb5eac0cf94dd39bb45308b98920055e9a0d8e012a7220787834c60aef97": {
+			"25a0eb450fd3ee2bd79218c963dce3f1cc6118badf251bf149f0bd07d5cabe99": {
+				"keytype": "ecdsa-sha2-nistp256",
+				"scheme": "ecdsa-sha2-nistp256",
 				"keyid_hash_algorithms": [
 					"sha256",
 					"sha512"
 				],
-				"keytype": "ecdsa-sha2-nistp256",
 				"keyval": {
-					"public": "04cbc5cab2684160323c25cd06c3307178a6b1d1c9b949328453ae473c5ba7527e35b13f298b41633382241f3fd8526c262d43b45adee5c618fa0642c82b8a9803"
-				},
-				"scheme": "ecdsa-sha2-nistp256"
+					"public": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEEXsz3SZXFb8jMV42j6pJlyjbjR8K\nN3Bwocexq6LMIb5qsWKOQvLN16NUefLc4HswOoumRsVVaajSpQS6fobkRw==\n-----END PUBLIC KEY-----\n"
+				}
 			},
-			"b6710623a30c010738e64c5209d367df1c0a18cf90e6ab5292fb01680f83453d": {
+			"2e61cd0cbf4a8f45809bda9f7f78c0d33ad11842ff94ae340873e2664dc843de": {
+				"keytype": "ecdsa-sha2-nistp256",
+				"scheme": "ecdsa-sha2-nistp256",
 				"keyid_hash_algorithms": [
 					"sha256",
 					"sha512"
 				],
-				"keytype": "ecdsa-sha2-nistp256",
 				"keyval": {
-					"public": "04fa1a3e42f2300cd3c5487a61509348feb1e936920fef2f83b7cd5dbe7ba045f538725ab8f18a666e6233edb7e0db8766c8dc336633449c5e1bbe0c182b02df0b"
-				},
-				"scheme": "ecdsa-sha2-nistp256"
+					"public": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE0ghrh92Lw1Yr3idGV5WqCtMDB8Cx\n+D8hdC4w2ZLNIplVRoVGLskYa3gheMyOjiJ8kPi15aQ2//7P+oj7UvJPGw==\n-----END PUBLIC KEY-----\n"
+				}
 			},
-			"bdde902f5ec668179ff5ca0dabf7657109287d690bf97e230c21d65f99155c62": {
+			"45b283825eb184cabd582eb17b74fc8ed404f68cf452acabdad2ed6f90ce216b": {
+				"keytype": "ecdsa-sha2-nistp256",
+				"scheme": "ecdsa-sha2-nistp256",
 				"keyid_hash_algorithms": [
 					"sha256",
 					"sha512"
 				],
-				"keytype": "ecdsa-sha2-nistp256",
 				"keyval": {
-					"public": "04a71aacd835dc170ba6db3fa33a1a33dee751d4f8b0217b805b9bd3242921ee93672fdcfd840576c5bb0dc0ed815edf394c1ee48c2b5e02485e59bfc512f3adc7"
-				},
-				"scheme": "ecdsa-sha2-nistp256"
+					"public": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAELrWvNt94v4R085ELeeCMxHp7PldF\n0/T1GxukUh2ODuggLGJE0pc1e8CSBf6CS91Fwo9FUOuRsjBUld+VqSyCdQ==\n-----END PUBLIC KEY-----\n"
+				}
 			},
-			"eaf22372f417dd618a46f6c627dbc276e9fd30a004fc94f9be946e73f8bd090b": {
+			"7f7513b25429a64473e10ce3ad2f3da372bbdd14b65d07bbaf547e7c8bbbe62b": {
+				"keytype": "ecdsa-sha2-nistp256",
+				"scheme": "ecdsa-sha2-nistp256",
 				"keyid_hash_algorithms": [
 					"sha256",
 					"sha512"
 				],
-				"keytype": "ecdsa-sha2-nistp256",
 				"keyval": {
-					"public": "04117b33dd265715bf23315e368faa499728db8d1f0a377070a1c7b1aba2cc21be6ab1628e42f2cdd7a35479f2dce07b303a8ba646c55569a8d2a504ba7e86e447"
-				},
-				"scheme": "ecdsa-sha2-nistp256"
+					"public": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEinikSsAQmYkNeH5eYq/CnIzLaacO\nxlSaawQDOwqKy/tCqxq5xxPSJc21K4WIhs9GyOkKfzueY3GILzcMJZ4cWw==\n-----END PUBLIC KEY-----\n"
+				}
 			},
-			"f40f32044071a9365505da3d1e3be6561f6f22d0e60cf51df783999f6c3429cb": {
+			"e1863ba02070322ebc626dcecf9d881a3a38c35c3b41a83765b6ad6c37eaec2a": {
+				"keytype": "ecdsa-sha2-nistp256",
+				"scheme": "ecdsa-sha2-nistp256",
 				"keyid_hash_algorithms": [
 					"sha256",
 					"sha512"
 				],
-				"keytype": "ecdsa-sha2-nistp256",
 				"keyval": {
-					"public": "04cc1cd53a61c23e88cc54b488dfae168a257c34fac3e88811c55962b24cffbfecb724447999c54670e365883716302e49da57c79a33cd3e16f81fbc66f0bcdf48"
-				},
-				"scheme": "ecdsa-sha2-nistp256"
+					"public": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEWRiGr5+j+3J5SsH+Ztr5nE2H2wO7\nBV+nO3s93gLca18qTOzHY1oWyAGDykMSsGTUBSt9D+An0KfKsD2mfSM42Q==\n-----END PUBLIC KEY-----\n"
+				}
 			},
-			"f505595165a177a41750a8e864ed1719b1edfccd5a426fd2c0ffda33ce7ff209": {
+			"f5312f542c21273d9485a49394386c4575804770667f2ddb59b3bf0669fddd2f": {
+				"keytype": "ecdsa-sha2-nistp256",
+				"scheme": "ecdsa-sha2-nistp256",
 				"keyid_hash_algorithms": [
 					"sha256",
 					"sha512"
 				],
-				"keytype": "ecdsa-sha2-nistp256",
 				"keyval": {
-					"public": "048a78a44ac01099890d787e5e62afc29c8ccb69a70ec6549a6b04033b0a8acbfb42ab1ab9c713d225cdb52b858886cf46c8e90a7f3b9e6371882f370c259e1c5b"
-				},
-				"scheme": "ecdsa-sha2-nistp256"
+					"public": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEzBzVOmHCPojMVLSI364WiiV8NPrD\n6IgRxVliskz/v+y3JER5mcVGcONliDcWMC5J2lfHmjPNPhb4H7xm8LzfSA==\n-----END PUBLIC KEY-----\n"
+				}
 			},
-			"fc61191ba8a516fe386c7d6c97d918e1d241e1589729add09b122725b8c32451": {
+			"ff51e17fcf253119b7033f6f57512631da4a0969442afcf9fc8b141c7f2be99c": {
+				"keytype": "ecdsa-sha2-nistp256",
+				"scheme": "ecdsa-sha2-nistp256",
 				"keyid_hash_algorithms": [
 					"sha256",
 					"sha512"
 				],
-				"keytype": "ecdsa-sha2-nistp256",
 				"keyval": {
-					"public": "044c7793ab74b9ddd713054e587b8d9c75c5f6025633d0fef7ca855ed5b8d5a474b23598fe33eb4a63630d526f74d4bdaec8adcb51993ed65652d651d7c49203eb"
-				},
-				"scheme": "ecdsa-sha2-nistp256"
+					"public": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEy8XKsmhBYDI8Jc0GwzBxeKax0cm5\nSTKEU65HPFunUn41sT8pi0FjM4IkHz/YUmwmLUO0Wt7lxhj6BkLIK4qYAw==\n-----END PUBLIC KEY-----\n"
+				}
 			}
 		},
 		"roles": {
 			"root": {
 				"keyids": [
-					"2f64fb5eac0cf94dd39bb45308b98920055e9a0d8e012a7220787834c60aef97",
-					"bdde902f5ec668179ff5ca0dabf7657109287d690bf97e230c21d65f99155c62",
-					"eaf22372f417dd618a46f6c627dbc276e9fd30a004fc94f9be946e73f8bd090b",
-					"f40f32044071a9365505da3d1e3be6561f6f22d0e60cf51df783999f6c3429cb",
-					"f505595165a177a41750a8e864ed1719b1edfccd5a426fd2c0ffda33ce7ff209"
+					"ff51e17fcf253119b7033f6f57512631da4a0969442afcf9fc8b141c7f2be99c",
+					"25a0eb450fd3ee2bd79218c963dce3f1cc6118badf251bf149f0bd07d5cabe99",
+					"f5312f542c21273d9485a49394386c4575804770667f2ddb59b3bf0669fddd2f",
+					"7f7513b25429a64473e10ce3ad2f3da372bbdd14b65d07bbaf547e7c8bbbe62b",
+					"2e61cd0cbf4a8f45809bda9f7f78c0d33ad11842ff94ae340873e2664dc843de"
 				],
 				"threshold": 3
 			},
 			"snapshot": {
 				"keyids": [
-					"fc61191ba8a516fe386c7d6c97d918e1d241e1589729add09b122725b8c32451"
+					"45b283825eb184cabd582eb17b74fc8ed404f68cf452acabdad2ed6f90ce216b"
 				],
 				"threshold": 1
 			},
 			"targets": {
 				"keyids": [
-					"2f64fb5eac0cf94dd39bb45308b98920055e9a0d8e012a7220787834c60aef97",
-					"bdde902f5ec668179ff5ca0dabf7657109287d690bf97e230c21d65f99155c62",
-					"eaf22372f417dd618a46f6c627dbc276e9fd30a004fc94f9be946e73f8bd090b",
-					"f40f32044071a9365505da3d1e3be6561f6f22d0e60cf51df783999f6c3429cb",
-					"f505595165a177a41750a8e864ed1719b1edfccd5a426fd2c0ffda33ce7ff209"
+					"ff51e17fcf253119b7033f6f57512631da4a0969442afcf9fc8b141c7f2be99c",
+					"25a0eb450fd3ee2bd79218c963dce3f1cc6118badf251bf149f0bd07d5cabe99",
+					"f5312f542c21273d9485a49394386c4575804770667f2ddb59b3bf0669fddd2f",
+					"7f7513b25429a64473e10ce3ad2f3da372bbdd14b65d07bbaf547e7c8bbbe62b",
+					"2e61cd0cbf4a8f45809bda9f7f78c0d33ad11842ff94ae340873e2664dc843de"
 				],
 				"threshold": 3
 			},
 			"timestamp": {
 				"keyids": [
-					"b6710623a30c010738e64c5209d367df1c0a18cf90e6ab5292fb01680f83453d"
+					"e1863ba02070322ebc626dcecf9d881a3a38c35c3b41a83765b6ad6c37eaec2a"
 				],
 				"threshold": 1
 			}
 		},
-		"spec_version": "1.0",
-		"version": 2
-	}
+		"consistent_snapshot": true
+	},
+	"signatures": [
+		{
+			"keyid": "25a0eb450fd3ee2bd79218c963dce3f1cc6118badf251bf149f0bd07d5cabe99",
+			"sig": "3046022100c0610c0055ce5c4a52d054d7322e7b514d55baf44423d63aa4daa077cc60fd1f022100a097f2803f090fb66c42ead915a2c46ebe7db53a32bf18f2188275cc936f8bdd"
+		},
+		{
+			"keyid": "f5312f542c21273d9485a49394386c4575804770667f2ddb59b3bf0669fddd2f",
+			"sig": "304502203134f0468810299d5493a867c40630b341296b92e59c29821311d353343bb3a4022100e667ae3d304e7e3da0894c7425f6b9ecd917106841280e5cf6f3496ad5f8f68e"
+		},
+		{
+			"keyid": "7f7513b25429a64473e10ce3ad2f3da372bbdd14b65d07bbaf547e7c8bbbe62b",
+			"sig": "3045022037fe5f45426f21eaaf4730d2136f2b1611d6379688f79b9d1e3f61719997135c022100b63b022d7b79d4694b96f416d88aa4d7b1a3bff8a01f4fb51e0f42137c7d2d06"
+		},
+		{
+			"keyid": "2e61cd0cbf4a8f45809bda9f7f78c0d33ad11842ff94ae340873e2664dc843de",
+			"sig": "3044022007cc8fcc4940809f2751ad5b535f4c5f53f5b4952f5b5696b09668e743306ac1022006dfcdf94e94c92163eeb1b47796db62cedaa730aa13aa61b573fe23714730f2"
+		}
+	]
 }
\ No newline at end of file
diff --git a/vendor/github.com/sigstore/sigstore/pkg/tuf/repository/targets/ctfe_2022.pub b/vendor/github.com/sigstore/sigstore/pkg/tuf/repository/targets/ctfe_2022.pub
new file mode 100644
index 000000000..32fa2ad10
--- /dev/null
+++ b/vendor/github.com/sigstore/sigstore/pkg/tuf/repository/targets/ctfe_2022.pub
@@ -0,0 +1,4 @@
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEiPSlFi0CmFTfEjCUqF9HuCEcYXNK
+AaYalIJmBZ8yyezPjTqhxrKBpMnaocVtLJBI1eM3uXnQzQGAJdJ4gs9Fyw==
+-----END PUBLIC KEY-----
diff --git a/vendor/github.com/sigstore/sigstore/pkg/tuf/repository/targets/fulcio_intermediate_v1.crt.pem b/vendor/github.com/sigstore/sigstore/pkg/tuf/repository/targets/fulcio_intermediate_v1.crt.pem
new file mode 100644
index 000000000..6d1c298ba
--- /dev/null
+++ b/vendor/github.com/sigstore/sigstore/pkg/tuf/repository/targets/fulcio_intermediate_v1.crt.pem
@@ -0,0 +1,14 @@
+-----BEGIN CERTIFICATE-----
+MIICGjCCAaGgAwIBAgIUALnViVfnU0brJasmRkHrn/UnfaQwCgYIKoZIzj0EAwMw
+KjEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MREwDwYDVQQDEwhzaWdzdG9yZTAeFw0y
+MjA0MTMyMDA2MTVaFw0zMTEwMDUxMzU2NThaMDcxFTATBgNVBAoTDHNpZ3N0b3Jl
+LmRldjEeMBwGA1UEAxMVc2lnc3RvcmUtaW50ZXJtZWRpYXRlMHYwEAYHKoZIzj0C
+AQYFK4EEACIDYgAE8RVS/ysH+NOvuDZyPIZtilgUF9NlarYpAd9HP1vBBH1U5CV7
+7LSS7s0ZiH4nE7Hv7ptS6LvvR/STk798LVgMzLlJ4HeIfF3tHSaexLcYpSASr1kS
+0N/RgBJz/9jWCiXno3sweTAOBgNVHQ8BAf8EBAMCAQYwEwYDVR0lBAwwCgYIKwYB
+BQUHAwMwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQU39Ppz1YkEZb5qNjp
+KFWixi4YZD8wHwYDVR0jBBgwFoAUWMAeX5FFpWapesyQoZMi0CrFxfowCgYIKoZI
+zj0EAwMDZwAwZAIwPCsQK4DYiZYDPIaDi5HFKnfxXx6ASSVmERfsynYBiX2X6SJR
+nZU84/9DZdnFvvxmAjBOt6QpBlc4J/0DxvkTCqpclvziL6BCCPnjdlIB3Pu3BxsP
+mygUY7Ii2zbdCdliiow=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/vendor/github.com/sigstore/sigstore/pkg/tuf/repository/targets/rekor.0.pub b/vendor/github.com/sigstore/sigstore/pkg/tuf/repository/targets/rekor.0.pub
deleted file mode 100644
index 050ef6014..000000000
--- a/vendor/github.com/sigstore/sigstore/pkg/tuf/repository/targets/rekor.0.pub
+++ /dev/null
@@ -1,4 +0,0 @@
------BEGIN PUBLIC KEY-----
-MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE2G2Y+2tabdTV5BcGiBIx0a9fAFwr
-kBbmLSGtks4L3qX6yYY0zufBnhC8Ur/iy55GhWP/9A/bY2LhC30M9+RYtw==
------END PUBLIC KEY-----
diff --git a/vendor/github.com/sigstore/sigstore/pkg/tuf/repository/targets/rekor.json b/vendor/github.com/sigstore/sigstore/pkg/tuf/repository/targets/rekor.json
deleted file mode 100644
index f86930d53..000000000
--- a/vendor/github.com/sigstore/sigstore/pkg/tuf/repository/targets/rekor.json
+++ /dev/null
@@ -1,23 +0,0 @@
-{
-	"signatures": [
-		{
-			"keyid": "ae0c689c6347ada7359df48934991f4e013193d6ddf3482a5ffb293f74f3b217",
-			"sig": "3045022076eadd73f6664bac5cc91f12d3a7ddcdd53f9bde661f147651196ff66e7235d1022100f7b3143792405f9e8a75331a05d4128bdf083de302801e99c3d027919a4b03da"
-		}
-	],
-	"signed": {
-		"_type": "targets",
-		"expires": "2022-05-11T19:10:11Z",
-		"spec_version": "1.0",
-		"targets": {
-			"rekor.0.pub": {
-				"hashes": {
-					"sha256": "dce5ef715502ec9f3cdfd11f8cc384b31a6141023d3e7595e9908a81cb6241bd",
-					"sha512": "0ae7705e02db33e814329746a4a0e5603c5bdcd91c96d072158d71011a2695788866565a2fec0fe363eb72cbcaeda39e54c5fe8d416daf9f3101fdba4217ef35"
-				},
-				"length": 178
-			}
-		},
-		"version": 1
-	}
-}
\ No newline at end of file
diff --git a/vendor/github.com/sigstore/sigstore/pkg/tuf/repository/targets/trusted_root.json b/vendor/github.com/sigstore/sigstore/pkg/tuf/repository/targets/trusted_root.json
new file mode 100644
index 000000000..5ed62811e
--- /dev/null
+++ b/vendor/github.com/sigstore/sigstore/pkg/tuf/repository/targets/trusted_root.json
@@ -0,0 +1,114 @@
+{
+  "mediaType": "application/vnd.dev.sigstore.trustedroot+json;version=0.1",
+  "tlogs": [
+    {
+      "baseUrl": "https://rekor.sigstore.dev",
+      "hashAlgorithm": "SHA2_256",
+      "publicKey": {
+        "rawBytes": "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE2G2Y+2tabdTV5BcGiBIx0a9fAFwrkBbmLSGtks4L3qX6yYY0zufBnhC8Ur/iy55GhWP/9A/bY2LhC30M9+RYtw==",
+        "keyDetails": "PKIX_ECDSA_P256_SHA_256",
+        "validFor": {
+          "start": "2021-01-12T11:53:27.000Z"
+        }
+      },
+      "logId": {
+        "keyId": "wNI9atQGlz+VWfO6LRygH4QUfY/8W4RFwiT5i5WRgB0="
+      }
+    }
+  ],
+  "certificateAuthorities": [
+    {
+      "subject": {
+        "organization": "sigstore.dev",
+        "commonName": "sigstore"
+      },
+      "uri": "https://fulcio.sigstore.dev",
+      "certChain": {
+        "certificates": [
+          {
+            "rawBytes": "MIIB+DCCAX6gAwIBAgITNVkDZoCiofPDsy7dfm6geLbuhzAKBggqhkjOPQQDAzAqMRUwEwYDVQQKEwxzaWdzdG9yZS5kZXYxETAPBgNVBAMTCHNpZ3N0b3JlMB4XDTIxMDMwNzAzMjAyOVoXDTMxMDIyMzAzMjAyOVowKjEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MREwDwYDVQQDEwhzaWdzdG9yZTB2MBAGByqGSM49AgEGBSuBBAAiA2IABLSyA7Ii5k+pNO8ZEWY0ylemWDowOkNa3kL+GZE5Z5GWehL9/A9bRNA3RbrsZ5i0JcastaRL7Sp5fp/jD5dxqc/UdTVnlvS16an+2Yfswe/QuLolRUCrcOE2+2iA5+tzd6NmMGQwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQEwHQYDVR0OBBYEFMjFHQBBmiQpMlEk6w2uSu1KBtPsMB8GA1UdIwQYMBaAFMjFHQBBmiQpMlEk6w2uSu1KBtPsMAoGCCqGSM49BAMDA2gAMGUCMH8liWJfMui6vXXBhjDgY4MwslmN/TJxVe/83WrFomwmNf056y1X48F9c4m3a3ozXAIxAKjRay5/aj/jsKKGIkmQatjI8uupHr/+CxFvaJWmpYqNkLDGRU+9orzh5hI2RrcuaQ=="
+          }
+        ]
+      },
+      "validFor": {
+        "start": "2021-03-07T03:20:29.000Z",
+        "end": "2022-12-31T23:59:59.999Z"
+      }
+    },
+    {
+      "subject": {
+        "organization": "sigstore.dev",
+        "commonName": "sigstore"
+      },
+      "uri": "https://fulcio.sigstore.dev",
+      "certChain": {
+        "certificates": [
+          {
+            "rawBytes": "MIICGjCCAaGgAwIBAgIUALnViVfnU0brJasmRkHrn/UnfaQwCgYIKoZIzj0EAwMwKjEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MREwDwYDVQQDEwhzaWdzdG9yZTAeFw0yMjA0MTMyMDA2MTVaFw0zMTEwMDUxMzU2NThaMDcxFTATBgNVBAoTDHNpZ3N0b3JlLmRldjEeMBwGA1UEAxMVc2lnc3RvcmUtaW50ZXJtZWRpYXRlMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE8RVS/ysH+NOvuDZyPIZtilgUF9NlarYpAd9HP1vBBH1U5CV77LSS7s0ZiH4nE7Hv7ptS6LvvR/STk798LVgMzLlJ4HeIfF3tHSaexLcYpSASr1kS0N/RgBJz/9jWCiXno3sweTAOBgNVHQ8BAf8EBAMCAQYwEwYDVR0lBAwwCgYIKwYBBQUHAwMwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQU39Ppz1YkEZb5qNjpKFWixi4YZD8wHwYDVR0jBBgwFoAUWMAeX5FFpWapesyQoZMi0CrFxfowCgYIKoZIzj0EAwMDZwAwZAIwPCsQK4DYiZYDPIaDi5HFKnfxXx6ASSVmERfsynYBiX2X6SJRnZU84/9DZdnFvvxmAjBOt6QpBlc4J/0DxvkTCqpclvziL6BCCPnjdlIB3Pu3BxsPmygUY7Ii2zbdCdliiow="
+          },
+          {
+            "rawBytes": "MIIB9zCCAXygAwIBAgIUALZNAPFdxHPwjeDloDwyYChAO/4wCgYIKoZIzj0EAwMwKjEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MREwDwYDVQQDEwhzaWdzdG9yZTAeFw0yMTEwMDcxMzU2NTlaFw0zMTEwMDUxMzU2NThaMCoxFTATBgNVBAoTDHNpZ3N0b3JlLmRldjERMA8GA1UEAxMIc2lnc3RvcmUwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAT7XeFT4rb3PQGwS4IajtLk3/OlnpgangaBclYpsYBr5i+4ynB07ceb3LP0OIOZdxexX69c5iVuyJRQ+Hz05yi+UF3uBWAlHpiS5sh0+H2GHE7SXrk1EC5m1Tr19L9gg92jYzBhMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRYwB5fkUWlZql6zJChkyLQKsXF+jAfBgNVHSMEGDAWgBRYwB5fkUWlZql6zJChkyLQKsXF+jAKBggqhkjOPQQDAwNpADBmAjEAj1nHeXZp+13NWBNa+EDsDP8G1WWg1tCMWP/WHPqpaVo0jhsweNFZgSs0eE7wYI4qAjEA2WB9ot98sIkoF3vZYdd3/VtWB5b9TNMea7Ix/stJ5TfcLLeABLE4BNJOsQ4vnBHJ"
+          }
+        ]
+      },
+      "validFor": {
+        "start": "2022-04-13T20:06:15.000Z"
+      }
+    }
+  ],
+  "ctlogs": [
+    {
+      "baseUrl": "https://ctfe.sigstore.dev/test",
+      "hashAlgorithm": "SHA2_256",
+      "publicKey": {
+        "rawBytes": "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEbfwR+RJudXscgRBRpKX1XFDy3PyudDxz/SfnRi1fT8ekpfBd2O1uoz7jr3Z8nKzxA69EUQ+eFCFI3zeubPWU7w==",
+        "keyDetails": "PKIX_ECDSA_P256_SHA_256",
+        "validFor": {
+          "start": "2021-03-14T00:00:00.000Z",
+          "end": "2022-10-31T23:59:59.999Z"
+        }
+      },
+      "logId": {
+        "keyId": "CGCS8ChS/2hF0dFrJ4ScRWcYrBY9wzjSbea8IgY2b3I="
+      }
+    },
+    {
+      "baseUrl": "https://ctfe.sigstore.dev/2022",
+      "hashAlgorithm": "SHA2_256",
+      "publicKey": {
+        "rawBytes": "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEiPSlFi0CmFTfEjCUqF9HuCEcYXNKAaYalIJmBZ8yyezPjTqhxrKBpMnaocVtLJBI1eM3uXnQzQGAJdJ4gs9Fyw==",
+        "keyDetails": "PKIX_ECDSA_P256_SHA_256",
+        "validFor": {
+          "start": "2022-10-20T00:00:00.000Z"
+        }
+      },
+      "logId": {
+        "keyId": "3T0wasbHETJjGR4cmWc3AqJKXrjePK3/h4pygC8p7o4="
+      }
+    }
+  ],
+  "timestampAuthorities": [
+    {
+      "subject": {
+        "organization": "GitHub, Inc.",
+        "commonName": "Internal Services Root"
+      },
+      "certChain": {
+        "certificates": [
+          {
+            "rawBytes": "MIIB3DCCAWKgAwIBAgIUchkNsH36Xa04b1LqIc+qr9DVecMwCgYIKoZIzj0EAwMwMjEVMBMGA1UEChMMR2l0SHViLCBJbmMuMRkwFwYDVQQDExBUU0EgaW50ZXJtZWRpYXRlMB4XDTIzMDQxNDAwMDAwMFoXDTI0MDQxMzAwMDAwMFowMjEVMBMGA1UEChMMR2l0SHViLCBJbmMuMRkwFwYDVQQDExBUU0EgVGltZXN0YW1waW5nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEUD5ZNbSqYMd6r8qpOOEX9ibGnZT9GsuXOhr/f8U9FJugBGExKYp40OULS0erjZW7xV9xV52NnJf5OeDq4e5ZKqNWMFQwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMIMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUaW1RudOgVt0leqY0WKYbuPr47wAwCgYIKoZIzj0EAwMDaAAwZQIwbUH9HvD4ejCZJOWQnqAlkqURllvu9M8+VqLbiRK+zSfZCZwsiljRn8MQQRSkXEE5AjEAg+VxqtojfVfu8DhzzhCx9GKETbJHb19iV72mMKUbDAFmzZ6bQ8b54Zb8tidy5aWe"
+          },
+          {
+            "rawBytes": "MIICEDCCAZWgAwIBAgIUX8ZO5QXP7vN4dMQ5e9sU3nub8OgwCgYIKoZIzj0EAwMwODEVMBMGA1UEChMMR2l0SHViLCBJbmMuMR8wHQYDVQQDExZJbnRlcm5hbCBTZXJ2aWNlcyBSb290MB4XDTIzMDQxNDAwMDAwMFoXDTI4MDQxMjAwMDAwMFowMjEVMBMGA1UEChMMR2l0SHViLCBJbmMuMRkwFwYDVQQDExBUU0EgaW50ZXJtZWRpYXRlMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEvMLY/dTVbvIJYANAuszEwJnQE1llftynyMKIMhh48HmqbVr5ygybzsLRLVKbBWOdZ21aeJz+gZiytZetqcyF9WlER5NEMf6JV7ZNojQpxHq4RHGoGSceQv/qvTiZxEDKo2YwZDAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQUaW1RudOgVt0leqY0WKYbuPr47wAwHwYDVR0jBBgwFoAU9NYYlobnAG4c0/qjxyH/lq/wz+QwCgYIKoZIzj0EAwMDaQAwZgIxAK1B185ygCrIYFlIs3GjswjnwSMG6LY8woLVdakKDZxVa8f8cqMs1DhcxJ0+09w95QIxAO+tBzZk7vjUJ9iJgD4R6ZWTxQWKqNm74jO99o+o9sv4FI/SZTZTFyMn0IJEHdNmyA=="
+          },
+          {
+            "rawBytes": "MIIB9DCCAXqgAwIBAgIUa/JAkdUjK4JUwsqtaiRJGWhqLSowCgYIKoZIzj0EAwMwODEVMBMGA1UEChMMR2l0SHViLCBJbmMuMR8wHQYDVQQDExZJbnRlcm5hbCBTZXJ2aWNlcyBSb290MB4XDTIzMDQxNDAwMDAwMFoXDTMzMDQxMTAwMDAwMFowODEVMBMGA1UEChMMR2l0SHViLCBJbmMuMR8wHQYDVQQDExZJbnRlcm5hbCBTZXJ2aWNlcyBSb290MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEf9jFAXxz4kx68AHRMOkFBhflDcMTvzaXz4x/FCcXjJ/1qEKon/qPIGnaURskDtyNbNDOpeJTDDFqt48iMPrnzpx6IZwqemfUJN4xBEZfza+pYt/iyod+9tZr20RRWSv/o0UwQzAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBAjAdBgNVHQ4EFgQU9NYYlobnAG4c0/qjxyH/lq/wz+QwCgYIKoZIzj0EAwMDaAAwZQIxALZLZ8BgRXzKxLMMN9VIlO+e4hrBnNBgF7tz7Hnrowv2NetZErIACKFymBlvWDvtMAIwZO+ki6ssQ1bsZo98O8mEAf2NZ7iiCgDDU0Vwjeco6zyeh0zBTs9/7gV6AHNQ53xD"
+          }
+        ]
+      },
+      "validFor": {
+        "start": "2023-04-14T00:00:00.000Z"
+      }
+    }
+  ]
+}
diff --git a/vendor/github.com/sourcegraph/conc/.golangci.yml b/vendor/github.com/sourcegraph/conc/.golangci.yml
new file mode 100644
index 000000000..ae65a760a
--- /dev/null
+++ b/vendor/github.com/sourcegraph/conc/.golangci.yml
@@ -0,0 +1,11 @@
+linters:
+  disable-all: true
+  enable:
+    - errcheck
+    - godot
+    - gosimple
+    - govet
+    - ineffassign
+    - staticcheck
+    - typecheck
+    - unused
diff --git a/vendor/github.com/sourcegraph/conc/LICENSE b/vendor/github.com/sourcegraph/conc/LICENSE
new file mode 100644
index 000000000..1081f4ef4
--- /dev/null
+++ b/vendor/github.com/sourcegraph/conc/LICENSE
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2023 Sourcegraph
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/vendor/github.com/sourcegraph/conc/README.md b/vendor/github.com/sourcegraph/conc/README.md
new file mode 100644
index 000000000..1c87c3c96
--- /dev/null
+++ b/vendor/github.com/sourcegraph/conc/README.md
@@ -0,0 +1,464 @@
+![conch](https://user-images.githubusercontent.com/12631702/210295964-785cc63d-d697-420c-99ff-f492eb81dec9.svg)
+
+# `conc`: better structured concurrency for go
+
+[![Go Reference](https://pkg.go.dev/badge/github.com/sourcegraph/conc.svg)](https://pkg.go.dev/github.com/sourcegraph/conc)
+[![Sourcegraph](https://img.shields.io/badge/view%20on-sourcegraph-A112FE?logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAADIAAAAyCAYAAAAeP4ixAAAEZklEQVRoQ+2aXWgUZxSG3292sxtNN43BhBakFPyhxSujRSxiU1pr7SaGXqgUxOIEW0IFkeYighYUxAuLUlq0lrq2iCDpjWtmFVtoG6QVNOCFVShVLyxIk0DVjZLMxt3xTGTccd2ZOd/8JBHci0CY9zvnPPN+/7sCIXwKavOwAcy2QgngQiIztDSE0OwQlDPYR1ebiaH6J5kZChyfW12gRG4QVgGTBfMchMbFP9Sn5nlZL2D0JjLD6710lc+z0NfqSGTXQRQ4bX07Mq423yoBL3OSyHSvUxirMuaEvgbJWrdcvkHMoJwxYuq4INUhyuWvQa1jvdMGxAvCxJlyEC9XOBCWL04wwRzpbDoDQ7wfZJzIQLi5Eggk6DiRhZgWIAbE3NrM4A3LPT8Q7UgqAqLqTmLSHLGPkyzG/qXEczhd0q6RH+zaSBfaUoc4iQx19pIClIscrTkNZzG6gd7qMY6eC2Hqyo705ZfTf+eqJmhMzcSbYtQpOXc92ZsZjLVAL4YNUQbJ5Ttg4CQrQdGYj44Xr9m1XJCzmZusFDJOWNpHjmh5x624a2ZFtOKDVL+uNo2TuXE3bZQQZUf8gtgqP31uI94Z/rMqix+IGiRfWw3xN9dCgVx+L3WrHm4Dju6PXz/EkjuXJ6R+IGgyOE1TbZqTq9y1eo0EZo7oMo1ktPu3xjHvuiLT5AFNszUyDULtWpzE2/fEsey8O5TbWuGWwxrs5rS7nFNMWJrNh2No74s9Ec4vRNmRRzPXMP19fBMSVsGcOJ98G8N3Wl2gXcbTjbX7vUBxLaeASDQCm5Cu/0E2tvtb0Ea+BowtskFD0wvlc6Rf2M+Jx7dTu7ubFr2dnKDRaMQe2v/tcIrNB7FH0O50AcrBaApmRDVwFO31ql3pD8QW4dP0feNwl/Q+kFEtRyIGyaWXnpy1OO0qNJWHo1y6iCmAGkBb/Ru+HenDWIF2mo4r8G+tRRzoniSn2uqFLxANhe9LKHVyTbz6egk9+x5w5fK6ulSNNMhZ/Feno+GebLZV6isTTa6k5qNl5RnZ5u56Ib6SBvFzaWBBVFZzvnERWlt/Cg4l27XChLCqFyLekjhy6xJyoytgjPf7opIB8QPx7sYFiMXHPGt76m741MhCKMZfng0nBOIjmoJPsLqWHwgFpe6V6qtfcopxveR2Oy+J0ntIN/zCWkf8QNAJ7y6d8Bq4lxLc2/qJl5K7t432XwcqX5CrI34gzATWuYILQtdQPyePDK3iuOekCR3Efjhig1B1Uq5UoXEEoZX7d1q535J5S9VOeFyYyEBku5XTMXXKQTToX5Rg7OI44nbW5oKYeYK4EniMeF0YFNSmb+grhc84LyRCEP1/OurOcipCQbKxDeK2V5FcVyIDMQvsgz5gwFhcWWwKyRlvQ3gv29RwWoDYAbIofNyBxI9eDlQ+n3YgsgCWnr4MStGXQXmv9pF2La/k3OccV54JEBM4yp9EsXa/3LfO0dGPcYq0Y7DfZB8nJzZw2rppHgKgVHs8L5wvRwAAAABJRU5ErkJggg==)](https://sourcegraph.com/github.com/sourcegraph/conc)
+[![Go Report Card](https://goreportcard.com/badge/github.com/sourcegraph/conc)](https://goreportcard.com/report/github.com/sourcegraph/conc)
+[![codecov](https://codecov.io/gh/sourcegraph/conc/branch/main/graph/badge.svg?token=MQZTEA1QWT)](https://codecov.io/gh/sourcegraph/conc)
+[![Discord](https://img.shields.io/badge/discord-chat-%235765F2)](https://discord.gg/bvXQXmtRjN)
+
+`conc` is your toolbelt for structured concurrency in go, making common tasks
+easier and safer.
+
+```sh
+go get github.com/sourcegraph/conc
+```
+
+# At a glance
+
+- Use [`conc.WaitGroup`](https://pkg.go.dev/github.com/sourcegraph/conc#WaitGroup) if you just want a safer version of `sync.WaitGroup`
+- Use [`pool.Pool`](https://pkg.go.dev/github.com/sourcegraph/conc/pool#Pool) if you want a concurrency-limited task runner
+- Use [`pool.ResultPool`](https://pkg.go.dev/github.com/sourcegraph/conc/pool#ResultPool) if you want a concurrent task runner that collects task results
+- Use [`pool.(Result)?ErrorPool`](https://pkg.go.dev/github.com/sourcegraph/conc/pool#ErrorPool) if your tasks are fallible
+- Use [`pool.(Result)?ContextPool`](https://pkg.go.dev/github.com/sourcegraph/conc/pool#ContextPool) if your tasks should be canceled on failure
+- Use [`stream.Stream`](https://pkg.go.dev/github.com/sourcegraph/conc/stream#Stream) if you want to process an ordered stream of tasks in parallel with serial callbacks
+- Use [`iter.Map`](https://pkg.go.dev/github.com/sourcegraph/conc/iter#Map) if you want to concurrently map a slice
+- Use [`iter.ForEach`](https://pkg.go.dev/github.com/sourcegraph/conc/iter#ForEach) if you want to concurrently iterate over a slice
+- Use [`panics.Catcher`](https://pkg.go.dev/github.com/sourcegraph/conc/panics#Catcher) if you want to catch panics in your own goroutines
+
+All pools are created with
+[`pool.New()`](https://pkg.go.dev/github.com/sourcegraph/conc/pool#New)
+or
+[`pool.NewWithResults[T]()`](https://pkg.go.dev/github.com/sourcegraph/conc/pool#NewWithResults),
+then configured with methods:
+
+- [`p.WithMaxGoroutines()`](https://pkg.go.dev/github.com/sourcegraph/conc/pool#Pool.MaxGoroutines) configures the maximum number of goroutines in the pool
+- [`p.WithErrors()`](https://pkg.go.dev/github.com/sourcegraph/conc/pool#Pool.WithErrors) configures the pool to run tasks that return errors
+- [`p.WithContext(ctx)`](https://pkg.go.dev/github.com/sourcegraph/conc/pool#Pool.WithContext) configures the pool to run tasks that should be canceled on first error
+- [`p.WithFirstError()`](https://pkg.go.dev/github.com/sourcegraph/conc/pool#ErrorPool.WithFirstError) configures error pools to only keep the first returned error rather than an aggregated error
+- [`p.WithCollectErrored()`](https://pkg.go.dev/github.com/sourcegraph/conc/pool#ResultContextPool.WithCollectErrored) configures result pools to collect results even when the task errored
+
+# Goals
+
+The main goals of the package are:
+1) Make it harder to leak goroutines
+2) Handle panics gracefully
+3) Make concurrent code easier to read
+
+## Goal #1: Make it harder to leak goroutines
+
+A common pain point when working with goroutines is cleaning them up. It's
+really easy to fire off a `go` statement and fail to properly wait for it to
+complete.
+
+`conc` takes the opinionated stance that all concurrency should be scoped.
+That is, goroutines should have an owner and that owner should always
+ensure that its owned goroutines exit properly.
+
+In `conc`, the owner of a goroutine is always a `conc.WaitGroup`. Goroutines
+are spawned in a `WaitGroup` with `(*WaitGroup).Go()`, and
+`(*WaitGroup).Wait()` should always be called before the `WaitGroup` goes out
+of scope.
+
+In some cases, you might want a spawned goroutine to outlast the scope of the
+caller. In that case, you could pass a `WaitGroup` into the spawning function.
+
+```go
+func main() {
+    var wg conc.WaitGroup
+    defer wg.Wait()
+
+    startTheThing(&wg)
+}
+
+func startTheThing(wg *conc.WaitGroup) {
+    wg.Go(func() { ... })
+}
+```
+
+For some more discussion on why scoped concurrency is nice, check out [this
+blog
+post](https://vorpus.org/blog/notes-on-structured-concurrency-or-go-statement-considered-harmful/).
+
+## Goal #2: Handle panics gracefully
+
+A frequent problem with goroutines in long-running applications is handling
+panics. A goroutine spawned without a panic handler will crash the whole process
+on panic. This is usually undesirable.
+
+However, if you do add a panic handler to a goroutine, what do you do with the
+panic once you catch it? Some options:
+1) Ignore it
+2) Log it
+3) Turn it into an error and return that to the goroutine spawner
+4) Propagate the panic to the goroutine spawner
+
+Ignoring panics is a bad idea since panics usually mean there is actually
+something wrong and someone should fix it.
+
+Just logging panics isn't great either because then there is no indication to the spawner
+that something bad happened, and it might just continue on as normal even though your
+program is in a really bad state.
+
+Both (3) and (4) are reasonable options, but both require the goroutine to have
+an owner that can actually receive the message that something went wrong. This
+is generally not true with a goroutine spawned with `go`, but in the `conc`
+package, all goroutines have an owner that must collect the spawned goroutine.
+In the conc package, any call to `Wait()` will panic if any of the spawned goroutines
+panicked. Additionally, it decorates the panic value with a stacktrace from the child
+goroutine so that you don't lose information about what caused the panic.
+
+Doing this all correctly every time you spawn something with `go` is not
+trivial and it requires a lot of boilerplate that makes the important parts of
+the code more difficult to read, so `conc` does this for you.
+
+<table>
+<tr>
+<th><code>stdlib</code></th>
+<th><code>conc</code></th>
+</tr>
+<tr>
+<td>
+
+```go
+type caughtPanicError struct {
+    val   any
+    stack []byte
+}
+
+func (e *caughtPanicError) Error() string {
+    return fmt.Sprintf(
+        "panic: %q\n%s",
+        e.val,
+        string(e.stack)
+    )
+}
+
+func main() {
+    done := make(chan error)
+    go func() {
+        defer func() {
+            if v := recover(); v != nil {
+                done <- &caughtPanicError{
+                    val: v,
+                    stack: debug.Stack()
+                }
+            } else {
+                done <- nil
+            }
+        }()
+        doSomethingThatMightPanic()
+    }()
+    err := <-done
+    if err != nil {
+        panic(err)
+    }
+}
+```
+</td>
+<td>
+
+```go
+func main() {
+    var wg conc.WaitGroup
+    wg.Go(doSomethingThatMightPanic)
+    // panics with a nice stacktrace
+    wg.Wait()
+}
+```
+</td>
+</tr>
+</table>
+
+## Goal #3: Make concurrent code easier to read
+
+Doing concurrency correctly is difficult. Doing it in a way that doesn't
+obfuscate what the code is actually doing is more difficult. The `conc` package
+attempts to make common operations easier by abstracting as much boilerplate
+complexity as possible.
+
+Want to run a set of concurrent tasks with a bounded set of goroutines? Use
+`pool.New()`. Want to process an ordered stream of results concurrently, but
+still maintain order? Try `stream.New()`. What about a concurrent map over
+a slice? Take a peek at `iter.Map()`.
+
+Browse some examples below for some comparisons with doing these by hand.
+
+# Examples
+
+Each of these examples forgoes propagating panics for simplicity. To see
+what kind of complexity that would add, check out the "Goal #2" header above.
+
+Spawn a set of goroutines and waiting for them to finish:
+
+<table>
+<tr>
+<th><code>stdlib</code></th>
+<th><code>conc</code></th>
+</tr>
+<tr>
+<td>
+
+```go
+func main() {
+    var wg sync.WaitGroup
+    for i := 0; i < 10; i++ {
+        wg.Add(1)
+        go func() {
+            defer wg.Done()
+            // crashes on panic!
+            doSomething()
+        }()
+    }
+    wg.Wait()
+}
+```
+</td>
+<td>
+
+```go
+func main() {
+    var wg conc.WaitGroup
+    for i := 0; i < 10; i++ {
+        wg.Go(doSomething)
+    }
+    wg.Wait()
+}
+```
+</td>
+</tr>
+</table>
+
+Process each element of a stream in a static pool of goroutines:
+
+<table>
+<tr>
+<th><code>stdlib</code></th>
+<th><code>conc</code></th>
+</tr>
+<tr>
+<td>
+
+```go
+func process(stream chan int) {
+    var wg sync.WaitGroup
+    for i := 0; i < 10; i++ {
+        wg.Add(1)
+        go func() {
+            defer wg.Done()
+            for elem := range stream {
+                handle(elem)
+            }
+        }()
+    }
+    wg.Wait()
+}
+```
+</td>
+<td>
+
+```go
+func process(stream chan int) {
+    p := pool.New().WithMaxGoroutines(10)
+    for elem := range stream {
+        elem := elem
+        p.Go(func() {
+            handle(elem)
+        })
+    }
+    p.Wait()
+}
+```
+</td>
+</tr>
+</table>
+
+Process each element of a slice in a static pool of goroutines:
+
+<table>
+<tr>
+<th><code>stdlib</code></th>
+<th><code>conc</code></th>
+</tr>
+<tr>
+<td>
+
+```go
+func process(values []int) {
+    feeder := make(chan int, 8)
+
+    var wg sync.WaitGroup
+    for i := 0; i < 10; i++ {
+        wg.Add(1)
+        go func() {
+            defer wg.Done()
+            for elem := range feeder {
+                handle(elem)
+            }
+        }()
+    }
+
+    for _, value := range values {
+        feeder <- value
+    }
+    close(feeder)
+    wg.Wait()
+}
+```
+</td>
+<td>
+
+```go
+func process(values []int) {
+    iter.ForEach(values, handle)
+}
+```
+</td>
+</tr>
+</table>
+
+Concurrently map a slice:
+
+<table>
+<tr>
+<th><code>stdlib</code></th>
+<th><code>conc</code></th>
+</tr>
+<tr>
+<td>
+
+```go
+func concMap(
+    input []int,
+    f func(int) int,
+) []int {
+    res := make([]int, len(input))
+    var idx atomic.Int64
+
+    var wg sync.WaitGroup
+    for i := 0; i < 10; i++ {
+        wg.Add(1)
+        go func() {
+            defer wg.Done()
+
+            for {
+                i := int(idx.Add(1) - 1)
+                if i >= len(input) {
+                    return
+                }
+
+                res[i] = f(input[i])
+            }
+        }()
+    }
+    wg.Wait()
+    return res
+}
+```
+</td>
+<td>
+
+```go
+func concMap(
+    input []int,
+    f func(*int) int,
+) []int {
+    return iter.Map(input, f)
+}
+```
+</td>
+</tr>
+</table>
+
+Process an ordered stream concurrently:
+
+
+<table>
+<tr>
+<th><code>stdlib</code></th>
+<th><code>conc</code></th>
+</tr>
+<tr>
+<td>
+
+```go
+func mapStream(
+    in chan int,
+    out chan int,
+    f func(int) int,
+) {
+    tasks := make(chan func())
+    taskResults := make(chan chan int)
+
+    // Worker goroutines
+    var workerWg sync.WaitGroup
+    for i := 0; i < 10; i++ {
+        workerWg.Add(1)
+        go func() {
+            defer workerWg.Done()
+            for task := range tasks {
+                task()
+            }
+        }()
+    }
+
+    // Ordered reader goroutines
+    var readerWg sync.WaitGroup
+    readerWg.Add(1)
+    go func() {
+        defer readerWg.Done()
+        for result := range taskResults {
+            item := <-result
+            out <- item
+        }
+    }()
+
+    // Feed the workers with tasks
+    for elem := range in {
+        resultCh := make(chan int, 1)
+        taskResults <- resultCh
+        tasks <- func() {
+            resultCh <- f(elem)
+        }
+    }
+
+    // We've exhausted input.
+    // Wait for everything to finish
+    close(tasks)
+    workerWg.Wait()
+    close(taskResults)
+    readerWg.Wait()
+}
+```
+</td>
+<td>
+
+```go
+func mapStream(
+    in chan int,
+    out chan int,
+    f func(int) int,
+) {
+    s := stream.New().WithMaxGoroutines(10)
+    for elem := range in {
+        elem := elem
+        s.Go(func() stream.Callback {
+            res := f(elem)
+            return func() { out <- res }
+        })
+    }
+    s.Wait()
+}
+```
+</td>
+</tr>
+</table>
+
+# Status
+
+This package is currently pre-1.0. There are likely to be minor breaking
+changes before a 1.0 release as we stabilize the APIs and tweak defaults.
+Please open an issue if you have questions, concerns, or requests that you'd
+like addressed before the 1.0 release. Currently, a 1.0 is targeted for 
+March 2023.
diff --git a/vendor/github.com/sourcegraph/conc/internal/multierror/multierror_go119.go b/vendor/github.com/sourcegraph/conc/internal/multierror/multierror_go119.go
new file mode 100644
index 000000000..7087e32a8
--- /dev/null
+++ b/vendor/github.com/sourcegraph/conc/internal/multierror/multierror_go119.go
@@ -0,0 +1,10 @@
+//go:build !go1.20
+// +build !go1.20
+
+package multierror
+
+import "go.uber.org/multierr"
+
+var (
+	Join = multierr.Combine
+)
diff --git a/vendor/github.com/sourcegraph/conc/internal/multierror/multierror_go120.go b/vendor/github.com/sourcegraph/conc/internal/multierror/multierror_go120.go
new file mode 100644
index 000000000..39cff829a
--- /dev/null
+++ b/vendor/github.com/sourcegraph/conc/internal/multierror/multierror_go120.go
@@ -0,0 +1,10 @@
+//go:build go1.20
+// +build go1.20
+
+package multierror
+
+import "errors"
+
+var (
+	Join = errors.Join
+)
diff --git a/vendor/github.com/sourcegraph/conc/iter/iter.go b/vendor/github.com/sourcegraph/conc/iter/iter.go
new file mode 100644
index 000000000..124b4f940
--- /dev/null
+++ b/vendor/github.com/sourcegraph/conc/iter/iter.go
@@ -0,0 +1,85 @@
+package iter
+
+import (
+	"runtime"
+	"sync/atomic"
+
+	"github.com/sourcegraph/conc"
+)
+
+// defaultMaxGoroutines returns the default maximum number of
+// goroutines to use within this package.
+func defaultMaxGoroutines() int { return runtime.GOMAXPROCS(0) }
+
+// Iterator can be used to configure the behaviour of ForEach
+// and ForEachIdx. The zero value is safe to use with reasonable
+// defaults.
+//
+// Iterator is also safe for reuse and concurrent use.
+type Iterator[T any] struct {
+	// MaxGoroutines controls the maximum number of goroutines
+	// to use on this Iterator's methods.
+	//
+	// If unset, MaxGoroutines defaults to runtime.GOMAXPROCS(0).
+	MaxGoroutines int
+}
+
+// ForEach executes f in parallel over each element in input.
+//
+// It is safe to mutate the input parameter, which makes it
+// possible to map in place.
+//
+// ForEach always uses at most runtime.GOMAXPROCS goroutines.
+// It takes roughly 2µs to start up the goroutines and adds
+// an overhead of roughly 50ns per element of input. For
+// a configurable goroutine limit, use a custom Iterator.
+func ForEach[T any](input []T, f func(*T)) { Iterator[T]{}.ForEach(input, f) }
+
+// ForEach executes f in parallel over each element in input,
+// using up to the Iterator's configured maximum number of
+// goroutines.
+//
+// It is safe to mutate the input parameter, which makes it
+// possible to map in place.
+//
+// It takes roughly 2µs to start up the goroutines and adds
+// an overhead of roughly 50ns per element of input.
+func (iter Iterator[T]) ForEach(input []T, f func(*T)) {
+	iter.ForEachIdx(input, func(_ int, t *T) {
+		f(t)
+	})
+}
+
+// ForEachIdx is the same as ForEach except it also provides the
+// index of the element to the callback.
+func ForEachIdx[T any](input []T, f func(int, *T)) { Iterator[T]{}.ForEachIdx(input, f) }
+
+// ForEachIdx is the same as ForEach except it also provides the
+// index of the element to the callback.
+func (iter Iterator[T]) ForEachIdx(input []T, f func(int, *T)) {
+	if iter.MaxGoroutines == 0 {
+		// iter is a value receiver and is hence safe to mutate
+		iter.MaxGoroutines = defaultMaxGoroutines()
+	}
+
+	numInput := len(input)
+	if iter.MaxGoroutines > numInput {
+		// No more concurrent tasks than the number of input items.
+		iter.MaxGoroutines = numInput
+	}
+
+	var idx atomic.Int64
+	// Create the task outside the loop to avoid extra closure allocations.
+	task := func() {
+		i := int(idx.Add(1) - 1)
+		for ; i < numInput; i = int(idx.Add(1) - 1) {
+			f(i, &input[i])
+		}
+	}
+
+	var wg conc.WaitGroup
+	for i := 0; i < iter.MaxGoroutines; i++ {
+		wg.Go(task)
+	}
+	wg.Wait()
+}
diff --git a/vendor/github.com/sourcegraph/conc/iter/map.go b/vendor/github.com/sourcegraph/conc/iter/map.go
new file mode 100644
index 000000000..efbe6bfaf
--- /dev/null
+++ b/vendor/github.com/sourcegraph/conc/iter/map.go
@@ -0,0 +1,65 @@
+package iter
+
+import (
+	"sync"
+
+	"github.com/sourcegraph/conc/internal/multierror"
+)
+
+// Mapper is an Iterator with a result type R. It can be used to configure
+// the behaviour of Map and MapErr. The zero value is safe to use with
+// reasonable defaults.
+//
+// Mapper is also safe for reuse and concurrent use.
+type Mapper[T, R any] Iterator[T]
+
+// Map applies f to each element of input, returning the mapped result.
+//
+// Map always uses at most runtime.GOMAXPROCS goroutines. For a configurable
+// goroutine limit, use a custom Mapper.
+func Map[T, R any](input []T, f func(*T) R) []R {
+	return Mapper[T, R]{}.Map(input, f)
+}
+
+// Map applies f to each element of input, returning the mapped result.
+//
+// Map uses up to the configured Mapper's maximum number of goroutines.
+func (m Mapper[T, R]) Map(input []T, f func(*T) R) []R {
+	res := make([]R, len(input))
+	Iterator[T](m).ForEachIdx(input, func(i int, t *T) {
+		res[i] = f(t)
+	})
+	return res
+}
+
+// MapErr applies f to each element of the input, returning the mapped result
+// and a combined error of all returned errors.
+//
+// Map always uses at most runtime.GOMAXPROCS goroutines. For a configurable
+// goroutine limit, use a custom Mapper.
+func MapErr[T, R any](input []T, f func(*T) (R, error)) ([]R, error) {
+	return Mapper[T, R]{}.MapErr(input, f)
+}
+
+// MapErr applies f to each element of the input, returning the mapped result
+// and a combined error of all returned errors.
+//
+// Map uses up to the configured Mapper's maximum number of goroutines.
+func (m Mapper[T, R]) MapErr(input []T, f func(*T) (R, error)) ([]R, error) {
+	var (
+		res    = make([]R, len(input))
+		errMux sync.Mutex
+		errs   error
+	)
+	Iterator[T](m).ForEachIdx(input, func(i int, t *T) {
+		var err error
+		res[i], err = f(t)
+		if err != nil {
+			errMux.Lock()
+			// TODO: use stdlib errors once multierrors land in go 1.20
+			errs = multierror.Join(errs, err)
+			errMux.Unlock()
+		}
+	})
+	return res, errs
+}
diff --git a/vendor/github.com/sourcegraph/conc/panics/panics.go b/vendor/github.com/sourcegraph/conc/panics/panics.go
new file mode 100644
index 000000000..abbed7fa0
--- /dev/null
+++ b/vendor/github.com/sourcegraph/conc/panics/panics.go
@@ -0,0 +1,102 @@
+package panics
+
+import (
+	"fmt"
+	"runtime"
+	"runtime/debug"
+	"sync/atomic"
+)
+
+// Catcher is used to catch panics. You can execute a function with Try,
+// which will catch any spawned panic. Try can be called any number of times,
+// from any number of goroutines. Once all calls to Try have completed, you can
+// get the value of the first panic (if any) with Recovered(), or you can just
+// propagate the panic (re-panic) with Repanic().
+type Catcher struct {
+	recovered atomic.Pointer[Recovered]
+}
+
+// Try executes f, catching any panic it might spawn. It is safe
+// to call from multiple goroutines simultaneously.
+func (p *Catcher) Try(f func()) {
+	defer p.tryRecover()
+	f()
+}
+
+func (p *Catcher) tryRecover() {
+	if val := recover(); val != nil {
+		rp := NewRecovered(1, val)
+		p.recovered.CompareAndSwap(nil, &rp)
+	}
+}
+
+// Repanic panics if any calls to Try caught a panic. It will panic with the
+// value of the first panic caught, wrapped in a panics.Recovered with caller
+// information.
+func (p *Catcher) Repanic() {
+	if val := p.Recovered(); val != nil {
+		panic(val)
+	}
+}
+
+// Recovered returns the value of the first panic caught by Try, or nil if
+// no calls to Try panicked.
+func (p *Catcher) Recovered() *Recovered {
+	return p.recovered.Load()
+}
+
+// NewRecovered creates a panics.Recovered from a panic value and a collected
+// stacktrace. The skip parameter allows the caller to skip stack frames when
+// collecting the stacktrace. Calling with a skip of 0 means include the call to
+// NewRecovered in the stacktrace.
+func NewRecovered(skip int, value any) Recovered {
+	// 64 frames should be plenty
+	var callers [64]uintptr
+	n := runtime.Callers(skip+1, callers[:])
+	return Recovered{
+		Value:   value,
+		Callers: callers[:n],
+		Stack:   debug.Stack(),
+	}
+}
+
+// Recovered is a panic that was caught with recover().
+type Recovered struct {
+	// The original value of the panic.
+	Value any
+	// The caller list as returned by runtime.Callers when the panic was
+	// recovered. Can be used to produce a more detailed stack information with
+	// runtime.CallersFrames.
+	Callers []uintptr
+	// The formatted stacktrace from the goroutine where the panic was recovered.
+	// Easier to use than Callers.
+	Stack []byte
+}
+
+// String renders a human-readable formatting of the panic.
+func (p *Recovered) String() string {
+	return fmt.Sprintf("panic: %v\nstacktrace:\n%s\n", p.Value, p.Stack)
+}
+
+// AsError casts the panic into an error implementation. The implementation
+// is unwrappable with the cause of the panic, if the panic was provided one.
+func (p *Recovered) AsError() error {
+	if p == nil {
+		return nil
+	}
+	return &ErrRecovered{*p}
+}
+
+// ErrRecovered wraps a panics.Recovered in an error implementation.
+type ErrRecovered struct{ Recovered }
+
+var _ error = (*ErrRecovered)(nil)
+
+func (p *ErrRecovered) Error() string { return p.String() }
+
+func (p *ErrRecovered) Unwrap() error {
+	if err, ok := p.Value.(error); ok {
+		return err
+	}
+	return nil
+}
diff --git a/vendor/github.com/sourcegraph/conc/panics/try.go b/vendor/github.com/sourcegraph/conc/panics/try.go
new file mode 100644
index 000000000..4ded92a1c
--- /dev/null
+++ b/vendor/github.com/sourcegraph/conc/panics/try.go
@@ -0,0 +1,11 @@
+package panics
+
+// Try executes f, catching and returning any panic it might spawn.
+//
+// The recovered panic can be propagated with panic(), or handled as a normal error with
+// (*panics.Recovered).AsError().
+func Try(f func()) *Recovered {
+	var c Catcher
+	c.Try(f)
+	return c.Recovered()
+}
diff --git a/vendor/github.com/sourcegraph/conc/waitgroup.go b/vendor/github.com/sourcegraph/conc/waitgroup.go
new file mode 100644
index 000000000..47b1bc1a5
--- /dev/null
+++ b/vendor/github.com/sourcegraph/conc/waitgroup.go
@@ -0,0 +1,52 @@
+package conc
+
+import (
+	"sync"
+
+	"github.com/sourcegraph/conc/panics"
+)
+
+// NewWaitGroup creates a new WaitGroup.
+func NewWaitGroup() *WaitGroup {
+	return &WaitGroup{}
+}
+
+// WaitGroup is the primary building block for scoped concurrency.
+// Goroutines can be spawned in the WaitGroup with the Go method,
+// and calling Wait() will ensure that each of those goroutines exits
+// before continuing. Any panics in a child goroutine will be caught
+// and propagated to the caller of Wait().
+//
+// The zero value of WaitGroup is usable, just like sync.WaitGroup.
+// Also like sync.WaitGroup, it must not be copied after first use.
+type WaitGroup struct {
+	wg sync.WaitGroup
+	pc panics.Catcher
+}
+
+// Go spawns a new goroutine in the WaitGroup.
+func (h *WaitGroup) Go(f func()) {
+	h.wg.Add(1)
+	go func() {
+		defer h.wg.Done()
+		h.pc.Try(f)
+	}()
+}
+
+// Wait will block until all goroutines spawned with Go exit and will
+// propagate any panics spawned in a child goroutine.
+func (h *WaitGroup) Wait() {
+	h.wg.Wait()
+
+	// Propagate a panic if we caught one from a child goroutine.
+	h.pc.Repanic()
+}
+
+// WaitAndRecover will block until all goroutines spawned with Go exit and
+// will return a *panics.Recovered if one of the child goroutines panics.
+func (h *WaitGroup) WaitAndRecover() *panics.Recovered {
+	h.wg.Wait()
+
+	// Return a recovered panic if we caught one from a child goroutine.
+	return h.pc.Recovered()
+}
diff --git a/vendor/github.com/spf13/afero/const_bsds.go b/vendor/github.com/spf13/afero/const_bsds.go
index eed0f225f..30855de57 100644
--- a/vendor/github.com/spf13/afero/const_bsds.go
+++ b/vendor/github.com/spf13/afero/const_bsds.go
@@ -11,8 +11,8 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-//go:build aix || darwin || openbsd || freebsd || netbsd || dragonfly
-// +build aix darwin openbsd freebsd netbsd dragonfly
+//go:build aix || darwin || openbsd || freebsd || netbsd || dragonfly || zos
+// +build aix darwin openbsd freebsd netbsd dragonfly zos
 
 package afero
 
diff --git a/vendor/github.com/spf13/afero/const_win_unix.go b/vendor/github.com/spf13/afero/const_win_unix.go
index 004d57e2f..12792d21e 100644
--- a/vendor/github.com/spf13/afero/const_win_unix.go
+++ b/vendor/github.com/spf13/afero/const_win_unix.go
@@ -10,8 +10,8 @@
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
-//go:build !darwin && !openbsd && !freebsd && !dragonfly && !netbsd && !aix
-// +build !darwin,!openbsd,!freebsd,!dragonfly,!netbsd,!aix
+//go:build !darwin && !openbsd && !freebsd && !dragonfly && !netbsd && !aix && !zos
+// +build !darwin,!openbsd,!freebsd,!dragonfly,!netbsd,!aix,!zos
 
 package afero
 
diff --git a/vendor/github.com/spf13/afero/memmap.go b/vendor/github.com/spf13/afero/memmap.go
index e6b7d70b9..d6c744e8d 100644
--- a/vendor/github.com/spf13/afero/memmap.go
+++ b/vendor/github.com/spf13/afero/memmap.go
@@ -16,9 +16,12 @@ package afero
 import (
 	"fmt"
 	"io"
+
 	"log"
 	"os"
 	"path/filepath"
+
+	"sort"
 	"strings"
 	"sync"
 	"time"
@@ -88,6 +91,24 @@ func (m *MemMapFs) findParent(f *mem.FileData) *mem.FileData {
 	return pfile
 }
 
+func (m *MemMapFs) findDescendants(name string) []*mem.FileData {
+	fData := m.getData()
+	descendants := make([]*mem.FileData, 0, len(fData))
+	for p, dFile := range fData {
+		if strings.HasPrefix(p, name+FilePathSeparator) {
+			descendants = append(descendants, dFile)
+		}
+	}
+
+	sort.Slice(descendants, func(i, j int) bool {
+		cur := len(strings.Split(descendants[i].Name(), FilePathSeparator))
+		next := len(strings.Split(descendants[j].Name(), FilePathSeparator))
+		return cur < next
+	})
+
+	return descendants
+}
+
 func (m *MemMapFs) registerWithParent(f *mem.FileData, perm os.FileMode) {
 	if f == nil {
 		return
@@ -309,29 +330,51 @@ func (m *MemMapFs) Rename(oldname, newname string) error {
 	if _, ok := m.getData()[oldname]; ok {
 		m.mu.RUnlock()
 		m.mu.Lock()
-		m.unRegisterWithParent(oldname)
+		err := m.unRegisterWithParent(oldname)
+		if err != nil {
+			return err
+		}
+
 		fileData := m.getData()[oldname]
-		delete(m.getData(), oldname)
 		mem.ChangeFileName(fileData, newname)
 		m.getData()[newname] = fileData
+
+		err = m.renameDescendants(oldname, newname)
+		if err != nil {
+			return err
+		}
+
+		delete(m.getData(), oldname)
+
 		m.registerWithParent(fileData, 0)
 		m.mu.Unlock()
 		m.mu.RLock()
 	} else {
 		return &os.PathError{Op: "rename", Path: oldname, Err: ErrFileNotFound}
 	}
+	return nil
+}
 
-	for p, fileData := range m.getData() {
-		if strings.HasPrefix(p, oldname+FilePathSeparator) {
-			m.mu.RUnlock()
-			m.mu.Lock()
-			delete(m.getData(), p)
-			p := strings.Replace(p, oldname, newname, 1)
-			m.getData()[p] = fileData
-			m.mu.Unlock()
-			m.mu.RLock()
+func (m *MemMapFs) renameDescendants(oldname, newname string) error {
+	descendants := m.findDescendants(oldname)
+	removes := make([]string, 0, len(descendants))
+	for _, desc := range descendants {
+		descNewName := strings.Replace(desc.Name(), oldname, newname, 1)
+		err := m.unRegisterWithParent(desc.Name())
+		if err != nil {
+			return err
 		}
+
+		removes = append(removes, desc.Name())
+		mem.ChangeFileName(desc, descNewName)
+		m.getData()[descNewName] = desc
+
+		m.registerWithParent(desc, 0)
+	}
+	for _, r := range removes {
+		delete(m.getData(), r)
 	}
+
 	return nil
 }
 
diff --git a/vendor/github.com/spf13/cobra/.golangci.yml b/vendor/github.com/spf13/cobra/.golangci.yml
index 2578d94b5..a618ec24d 100644
--- a/vendor/github.com/spf13/cobra/.golangci.yml
+++ b/vendor/github.com/spf13/cobra/.golangci.yml
@@ -19,7 +19,7 @@ linters:
   disable-all: true
   enable:
     #- bodyclose
-    - deadcode
+    # - deadcode ! deprecated since v1.49.0; replaced by 'unused'
     #- depguard
     #- dogsled
     #- dupl
@@ -51,12 +51,12 @@ linters:
     #- rowserrcheck
     #- scopelint
     #- staticcheck
-    - structcheck
+    #- structcheck ! deprecated since v1.49.0; replaced by 'unused'
     #- stylecheck
     #- typecheck
     - unconvert
     #- unparam
-    #- unused
-    - varcheck
+    - unused
+    # - varcheck ! deprecated since v1.49.0; replaced by 'unused'
     #- whitespace
   fast: false
diff --git a/vendor/github.com/spf13/cobra/README.md b/vendor/github.com/spf13/cobra/README.md
index 592c0b8ab..6444f4b7f 100644
--- a/vendor/github.com/spf13/cobra/README.md
+++ b/vendor/github.com/spf13/cobra/README.md
@@ -4,7 +4,7 @@ Cobra is a library for creating powerful modern CLI applications.
 
 Cobra is used in many Go projects such as [Kubernetes](https://kubernetes.io/),
 [Hugo](https://gohugo.io), and [GitHub CLI](https://github.com/cli/cli) to
-name a few. [This list](./projects_using_cobra.md) contains a more extensive list of projects using Cobra.
+name a few. [This list](site/content/projects_using_cobra.md) contains a more extensive list of projects using Cobra.
 
 [![](https://img.shields.io/github/actions/workflow/status/spf13/cobra/test.yml?branch=main&longCache=true&label=Test&logo=github%20actions&logoColor=fff)](https://github.com/spf13/cobra/actions?query=workflow%3ATest)
 [![Go Reference](https://pkg.go.dev/badge/github.com/spf13/cobra.svg)](https://pkg.go.dev/github.com/spf13/cobra)
@@ -80,7 +80,7 @@ which maintains the same interface while adding POSIX compliance.
 
 # Installing
 Using Cobra is easy. First, use `go get` to install the latest version
-of the library.     
+of the library.
 
 ```
 go get -u github.com/spf13/cobra@latest
@@ -105,8 +105,8 @@ go install github.com/spf13/cobra-cli@latest
 
 For complete details on using the Cobra-CLI generator, please read [The Cobra Generator README](https://github.com/spf13/cobra-cli/blob/main/README.md)
 
-For complete details on using the Cobra library, please read the [The Cobra User Guide](user_guide.md).
+For complete details on using the Cobra library, please read the [The Cobra User Guide](site/content/user_guide.md).
 
 # License
 
-Cobra is released under the Apache 2.0 license. See [LICENSE.txt](https://github.com/spf13/cobra/blob/master/LICENSE.txt)
+Cobra is released under the Apache 2.0 license. See [LICENSE.txt](LICENSE.txt)
diff --git a/vendor/github.com/spf13/cobra/active_help.go b/vendor/github.com/spf13/cobra/active_help.go
index 2d0239437..5f965e057 100644
--- a/vendor/github.com/spf13/cobra/active_help.go
+++ b/vendor/github.com/spf13/cobra/active_help.go
@@ -17,6 +17,7 @@ package cobra
 import (
 	"fmt"
 	"os"
+	"regexp"
 	"strings"
 )
 
@@ -29,6 +30,8 @@ const (
 	activeHelpGlobalDisable = "0"
 )
 
+var activeHelpEnvVarPrefixSubstRegexp = regexp.MustCompile(`[^A-Z0-9_]`)
+
 // AppendActiveHelp adds the specified string to the specified array to be used as ActiveHelp.
 // Such strings will be processed by the completion script and will be shown as ActiveHelp
 // to the user.
@@ -42,7 +45,7 @@ func AppendActiveHelp(compArray []string, activeHelpStr string) []string {
 
 // GetActiveHelpConfig returns the value of the ActiveHelp environment variable
 // <PROGRAM>_ACTIVE_HELP where <PROGRAM> is the name of the root command in upper
-// case, with all - replaced by _.
+// case, with all non-ASCII-alphanumeric characters replaced by `_`.
 // It will always return "0" if the global environment variable COBRA_ACTIVE_HELP
 // is set to "0".
 func GetActiveHelpConfig(cmd *Command) string {
@@ -55,9 +58,10 @@ func GetActiveHelpConfig(cmd *Command) string {
 
 // activeHelpEnvVar returns the name of the program-specific ActiveHelp environment
 // variable.  It has the format <PROGRAM>_ACTIVE_HELP where <PROGRAM> is the name of the
-// root command in upper case, with all - replaced by _.
+// root command in upper case, with all non-ASCII-alphanumeric characters replaced by `_`.
 func activeHelpEnvVar(name string) string {
 	// This format should not be changed: users will be using it explicitly.
 	activeHelpEnvVar := strings.ToUpper(fmt.Sprintf("%s%s", name, activeHelpEnvVarSuffix))
-	return strings.ReplaceAll(activeHelpEnvVar, "-", "_")
+	activeHelpEnvVar = activeHelpEnvVarPrefixSubstRegexp.ReplaceAllString(activeHelpEnvVar, "_")
+	return activeHelpEnvVar
 }
diff --git a/vendor/github.com/spf13/cobra/active_help.md b/vendor/github.com/spf13/cobra/active_help.md
deleted file mode 100644
index 5e7f59af3..000000000
--- a/vendor/github.com/spf13/cobra/active_help.md
+++ /dev/null
@@ -1,157 +0,0 @@
-# Active Help
-
-Active Help is a framework provided by Cobra which allows a program to define messages (hints, warnings, etc) that will be printed during program usage.  It aims to make it easier for your users to learn how to use your program.  If configured by the program, Active Help is printed when the user triggers shell completion.
-
-For example, 
-```
-bash-5.1$ helm repo add [tab]
-You must choose a name for the repo you are adding.
-
-bash-5.1$ bin/helm package [tab]
-Please specify the path to the chart to package
-
-bash-5.1$ bin/helm package [tab][tab]
-bin/    internal/    scripts/    pkg/     testdata/
-```
-
-**Hint**: A good place to use Active Help messages is when the normal completion system does not provide any suggestions. In such cases, Active Help nicely supplements the normal shell completions to guide the user in knowing what is expected by the program.
-## Supported shells
-
-Active Help is currently only supported for the following shells:
-- Bash (using [bash completion V2](shell_completions.md#bash-completion-v2) only). Note that bash 4.4 or higher is required for the prompt to appear when an Active Help message is printed.
-- Zsh
-
-## Adding Active Help messages
-
-As Active Help uses the shell completion system, the implementation of Active Help messages is done by enhancing custom dynamic completions.  If you are not familiar with dynamic completions, please refer to [Shell Completions](shell_completions.md).
-
-Adding Active Help is done through the use of the `cobra.AppendActiveHelp(...)` function, where the program repeatedly adds Active Help messages to the list of completions.  Keep reading for details.
-
-### Active Help for nouns
-
-Adding Active Help when completing a noun is done within the `ValidArgsFunction(...)` of a command.  Please notice the use of `cobra.AppendActiveHelp(...)` in the following example:
-
-```go
-cmd := &cobra.Command{
-	Use:   "add [NAME] [URL]",
-	Short: "add a chart repository",
-	Args:  require.ExactArgs(2),
-	RunE: func(cmd *cobra.Command, args []string) error {
-		return addRepo(args)
-	},
-	ValidArgsFunction: func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
-		var comps []string
-		if len(args) == 0 {
-			comps = cobra.AppendActiveHelp(comps, "You must choose a name for the repo you are adding")
-		} else if len(args) == 1 {
-			comps = cobra.AppendActiveHelp(comps, "You must specify the URL for the repo you are adding")
-		} else {
-			comps = cobra.AppendActiveHelp(comps, "This command does not take any more arguments")
-		}
-		return comps, cobra.ShellCompDirectiveNoFileComp
-	},
-}
-```
-The example above defines the completions (none, in this specific example) as well as the Active Help messages for the `helm repo add` command.  It yields the following behavior:
-```
-bash-5.1$ helm repo add [tab]
-You must choose a name for the repo you are adding
-
-bash-5.1$ helm repo add grafana [tab]
-You must specify the URL for the repo you are adding
-
-bash-5.1$ helm repo add grafana https://grafana.github.io/helm-charts [tab]
-This command does not take any more arguments
-```
-**Hint**: As can be seen in the above example, a good place to use Active Help messages is when the normal completion system does not provide any suggestions. In such cases, Active Help nicely supplements the normal shell completions.
-
-### Active Help for flags
-
-Providing Active Help for flags is done in the same fashion as for nouns, but using the completion function registered for the flag.  For example:
-```go
-_ = cmd.RegisterFlagCompletionFunc("version", func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
-		if len(args) != 2 {
-			return cobra.AppendActiveHelp(nil, "You must first specify the chart to install before the --version flag can be completed"), cobra.ShellCompDirectiveNoFileComp
-		}
-		return compVersionFlag(args[1], toComplete)
-	})
-```
-The example above prints an Active Help message when not enough information was given by the user to complete the `--version` flag.
-```
-bash-5.1$ bin/helm install myrelease --version 2.0.[tab]
-You must first specify the chart to install before the --version flag can be completed
-
-bash-5.1$ bin/helm install myrelease bitnami/solr --version 2.0.[tab][tab]
-2.0.1  2.0.2  2.0.3
-```
-
-## User control of Active Help
-
-You may want to allow your users to disable Active Help or choose between different levels of Active Help.  It is entirely up to the program to define the type of configurability of Active Help that it wants to offer, if any.
-Allowing to configure Active Help is entirely optional; you can use Active Help in your program without doing anything about Active Help configuration.
-
-The way to configure Active Help is to use the program's Active Help environment
-variable.  That variable is named `<PROGRAM>_ACTIVE_HELP` where `<PROGRAM>` is the name of your 
-program in uppercase with any `-` replaced by an `_`.  The variable should be set by the user to whatever
-Active Help configuration values are supported by the program.
-
-For example, say `helm` has chosen to support three levels for Active Help: `on`, `off`, `local`.  Then a user
-would set the desired behavior to `local` by doing `export HELM_ACTIVE_HELP=local` in their shell.
-
-For simplicity, when in `cmd.ValidArgsFunction(...)` or a flag's completion function, the program should read the
-Active Help configuration using the `cobra.GetActiveHelpConfig(cmd)` function and select what Active Help messages
-should or should not be added (instead of reading the environment variable directly).
-
-For example:
-```go
-ValidArgsFunction: func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
-	activeHelpLevel := cobra.GetActiveHelpConfig(cmd)
-
-	var comps []string
-	if len(args) == 0 {
-		if activeHelpLevel != "off"  {
-			comps = cobra.AppendActiveHelp(comps, "You must choose a name for the repo you are adding")
-		}
-	} else if len(args) == 1 {
-		if activeHelpLevel != "off" {
-			comps = cobra.AppendActiveHelp(comps, "You must specify the URL for the repo you are adding")
-		}
-	} else {
-		if activeHelpLevel == "local" {
-			comps = cobra.AppendActiveHelp(comps, "This command does not take any more arguments")
-		}
-	}
-	return comps, cobra.ShellCompDirectiveNoFileComp
-},
-```
-**Note 1**: If the `<PROGRAM>_ACTIVE_HELP` environment variable is set to the string "0", Cobra will automatically disable all Active Help output (even if some output was specified by the program using the `cobra.AppendActiveHelp(...)` function).  Using "0" can simplify your code in situations where you want to blindly disable Active Help without having to call `cobra.GetActiveHelpConfig(cmd)` explicitly.
-
-**Note 2**: If a user wants to disable Active Help for every single program based on Cobra, she can set the environment variable `COBRA_ACTIVE_HELP` to "0".  In this case `cobra.GetActiveHelpConfig(cmd)` will return "0" no matter what the variable `<PROGRAM>_ACTIVE_HELP` is set to.
-
-**Note 3**: If the user does not set `<PROGRAM>_ACTIVE_HELP` or `COBRA_ACTIVE_HELP` (which will be a common case), the default value for the Active Help configuration returned by `cobra.GetActiveHelpConfig(cmd)` will be the empty string. 
-## Active Help with Cobra's default completion command
-
-Cobra provides a default `completion` command for programs that wish to use it.
-When using the default `completion` command, Active Help is configurable in the same
-fashion as described above using environment variables.  You may wish to document this in more
-details for your users.
-
-## Debugging Active Help
-
-Debugging your Active Help code is done in the same way as debugging your dynamic completion code, which is with Cobra's hidden `__complete` command.  Please refer to [debugging shell completion](shell_completions.md#debugging) for details.
-
-When debugging with the `__complete` command, if you want to specify different Active Help configurations, you should use the active help environment variable.  That variable is named `<PROGRAM>_ACTIVE_HELP` where any `-` is replaced by an `_`.  For example, we can test deactivating some Active Help as shown below:
-```
-$ HELM_ACTIVE_HELP=1 bin/helm __complete install wordpress bitnami/h<ENTER>
-bitnami/haproxy
-bitnami/harbor
-_activeHelp_ WARNING: cannot re-use a name that is still in use
-:0
-Completion ended with directive: ShellCompDirectiveDefault
-
-$ HELM_ACTIVE_HELP=0 bin/helm __complete install wordpress bitnami/h<ENTER>
-bitnami/haproxy
-bitnami/harbor
-:0
-Completion ended with directive: ShellCompDirectiveDefault
-```
diff --git a/vendor/github.com/spf13/cobra/bash_completions.go b/vendor/github.com/spf13/cobra/bash_completions.go
index 10c78847d..8a5315184 100644
--- a/vendor/github.com/spf13/cobra/bash_completions.go
+++ b/vendor/github.com/spf13/cobra/bash_completions.go
@@ -85,7 +85,7 @@ __%[1]s_handle_go_custom_completion()
     local out requestComp lastParam lastChar comp directive args
 
     # Prepare the command to request completions for the program.
-    # Calling ${words[0]} instead of directly %[1]s allows to handle aliases
+    # Calling ${words[0]} instead of directly %[1]s allows handling aliases
     args=("${words[@]:1}")
     # Disable ActiveHelp which is not supported for bash completion v1
     requestComp="%[8]s=0 ${words[0]} %[2]s ${args[*]}"
diff --git a/vendor/github.com/spf13/cobra/bash_completions.md b/vendor/github.com/spf13/cobra/bash_completions.md
deleted file mode 100644
index 52919b2fa..000000000
--- a/vendor/github.com/spf13/cobra/bash_completions.md
+++ /dev/null
@@ -1,93 +0,0 @@
-# Generating Bash Completions For Your cobra.Command
-
-Please refer to [Shell Completions](shell_completions.md) for details.
-
-## Bash legacy dynamic completions
-
-For backward compatibility, Cobra still supports its legacy dynamic completion solution (described below).  Unlike the `ValidArgsFunction` solution, the legacy solution will only work for Bash shell-completion and not for other shells. This legacy solution can be used along-side `ValidArgsFunction` and `RegisterFlagCompletionFunc()`, as long as both solutions are not used for the same command.  This provides a path to gradually migrate from the legacy solution to the new solution.
-
-**Note**: Cobra's default `completion` command uses bash completion V2.  If you are currently using Cobra's legacy dynamic completion solution, you should not use the default `completion` command but continue using your own.
-
-The legacy solution allows you to inject bash functions into the bash completion script.  Those bash functions are responsible for providing the completion choices for your own completions.
-
-Some code that works in kubernetes:
-
-```bash
-const (
-        bash_completion_func = `__kubectl_parse_get()
-{
-    local kubectl_output out
-    if kubectl_output=$(kubectl get --no-headers "$1" 2>/dev/null); then
-        out=($(echo "${kubectl_output}" | awk '{print $1}'))
-        COMPREPLY=( $( compgen -W "${out[*]}" -- "$cur" ) )
-    fi
-}
-
-__kubectl_get_resource()
-{
-    if [[ ${#nouns[@]} -eq 0 ]]; then
-        return 1
-    fi
-    __kubectl_parse_get ${nouns[${#nouns[@]} -1]}
-    if [[ $? -eq 0 ]]; then
-        return 0
-    fi
-}
-
-__kubectl_custom_func() {
-    case ${last_command} in
-        kubectl_get | kubectl_describe | kubectl_delete | kubectl_stop)
-            __kubectl_get_resource
-            return
-            ;;
-        *)
-            ;;
-    esac
-}
-`)
-```
-
-And then I set that in my command definition:
-
-```go
-cmds := &cobra.Command{
-	Use:   "kubectl",
-	Short: "kubectl controls the Kubernetes cluster manager",
-	Long: `kubectl controls the Kubernetes cluster manager.
-
-Find more information at https://github.com/GoogleCloudPlatform/kubernetes.`,
-	Run: runHelp,
-	BashCompletionFunction: bash_completion_func,
-}
-```
-
-The `BashCompletionFunction` option is really only valid/useful on the root command. Doing the above will cause `__kubectl_custom_func()` (`__<command-use>_custom_func()`) to be called when the built in processor was unable to find a solution. In the case of kubernetes a valid command might look something like `kubectl get pod [mypod]`. If you type `kubectl get pod [tab][tab]` the `__kubectl_customc_func()` will run because the cobra.Command only understood "kubectl" and "get." `__kubectl_custom_func()` will see that the cobra.Command is "kubectl_get" and will thus call another helper `__kubectl_get_resource()`.  `__kubectl_get_resource` will look at the 'nouns' collected. In our example the only noun will be `pod`.  So it will call `__kubectl_parse_get pod`.  `__kubectl_parse_get` will actually call out to kubernetes and get any pods.  It will then set `COMPREPLY` to valid pods!
-
-Similarly, for flags:
-
-```go
-	annotation := make(map[string][]string)
-	annotation[cobra.BashCompCustom] = []string{"__kubectl_get_namespaces"}
-
-	flag := &pflag.Flag{
-		Name:        "namespace",
-		Usage:       usage,
-		Annotations: annotation,
-	}
-	cmd.Flags().AddFlag(flag)
-```
-
-In addition add the `__kubectl_get_namespaces` implementation in the `BashCompletionFunction`
-value, e.g.:
-
-```bash
-__kubectl_get_namespaces()
-{
-    local template
-    template="{{ range .items  }}{{ .metadata.name }} {{ end }}"
-    local kubectl_out
-    if kubectl_out=$(kubectl get -o template --template="${template}" namespace 2>/dev/null); then
-        COMPREPLY=( $( compgen -W "${kubectl_out}[*]" -- "$cur" ) )
-    fi
-}
-```
diff --git a/vendor/github.com/spf13/cobra/bash_completionsV2.go b/vendor/github.com/spf13/cobra/bash_completionsV2.go
index 19b09560c..1cce5c329 100644
--- a/vendor/github.com/spf13/cobra/bash_completionsV2.go
+++ b/vendor/github.com/spf13/cobra/bash_completionsV2.go
@@ -57,7 +57,7 @@ __%[1]s_get_completion_results() {
     local requestComp lastParam lastChar args
 
     # Prepare the command to request completions for the program.
-    # Calling ${words[0]} instead of directly %[1]s allows to handle aliases
+    # Calling ${words[0]} instead of directly %[1]s allows handling aliases
     args=("${words[@]:1}")
     requestComp="${words[0]} %[2]s ${args[*]}"
 
diff --git a/vendor/github.com/spf13/cobra/cobra.go b/vendor/github.com/spf13/cobra/cobra.go
index b07b44a0c..a6b160ce5 100644
--- a/vendor/github.com/spf13/cobra/cobra.go
+++ b/vendor/github.com/spf13/cobra/cobra.go
@@ -43,12 +43,13 @@ var initializers []func()
 var finalizers []func()
 
 const (
-	defaultPrefixMatching  = false
-	defaultCommandSorting  = true
-	defaultCaseInsensitive = false
+	defaultPrefixMatching   = false
+	defaultCommandSorting   = true
+	defaultCaseInsensitive  = false
+	defaultTraverseRunHooks = false
 )
 
-// EnablePrefixMatching allows to set automatic prefix matching. Automatic prefix matching can be a dangerous thing
+// EnablePrefixMatching allows setting automatic prefix matching. Automatic prefix matching can be a dangerous thing
 // to automatically enable in CLI tools.
 // Set this to true to enable it.
 var EnablePrefixMatching = defaultPrefixMatching
@@ -60,6 +61,10 @@ var EnableCommandSorting = defaultCommandSorting
 // EnableCaseInsensitive allows case-insensitive commands names. (case sensitive by default)
 var EnableCaseInsensitive = defaultCaseInsensitive
 
+// EnableTraverseRunHooks executes persistent pre-run and post-run hooks from all parents.
+// By default this is disabled, which means only the first run hook to be found is executed.
+var EnableTraverseRunHooks = defaultTraverseRunHooks
+
 // MousetrapHelpText enables an information splash screen on Windows
 // if the CLI is started from explorer.exe.
 // To disable the mousetrap, just set this variable to blank string ("").
diff --git a/vendor/github.com/spf13/cobra/command.go b/vendor/github.com/spf13/cobra/command.go
index 01f7c6f1c..2fbe6c131 100644
--- a/vendor/github.com/spf13/cobra/command.go
+++ b/vendor/github.com/spf13/cobra/command.go
@@ -30,7 +30,10 @@ import (
 	flag "github.com/spf13/pflag"
 )
 
-const FlagSetByCobraAnnotation = "cobra_annotation_flag_set_by_cobra"
+const (
+	FlagSetByCobraAnnotation     = "cobra_annotation_flag_set_by_cobra"
+	CommandDisplayNameAnnotation = "cobra_annotation_command_display_name"
+)
 
 // FParseErrWhitelist configures Flag parse errors to be ignored
 type FParseErrWhitelist flag.ParseErrorsWhitelist
@@ -99,7 +102,7 @@ type Command struct {
 	Deprecated string
 
 	// Annotations are key/value pairs that can be used by applications to identify or
-	// group commands.
+	// group commands or set special options.
 	Annotations map[string]string
 
 	// Version defines the version for this command. If this value is non-empty and the command does not
@@ -115,6 +118,8 @@ type Command struct {
 	//   * PostRun()
 	//   * PersistentPostRun()
 	// All functions get the same args, the arguments after the command name.
+	// The *PreRun and *PostRun functions will only be executed if the Run function of the current
+	// command has been declared.
 	//
 	// PersistentPreRun: children of this command will inherit and execute.
 	PersistentPreRun func(cmd *Command, args []string)
@@ -181,6 +186,9 @@ type Command struct {
 	// versionTemplate is the version template defined by user.
 	versionTemplate string
 
+	// errPrefix is the error message prefix defined by user.
+	errPrefix string
+
 	// inReader is a reader defined by the user that replaces stdin
 	inReader io.Reader
 	// outWriter is a writer defined by the user that replaces stdout
@@ -346,6 +354,11 @@ func (c *Command) SetVersionTemplate(s string) {
 	c.versionTemplate = s
 }
 
+// SetErrPrefix sets error message prefix to be used. Application can use it to set custom prefix.
+func (c *Command) SetErrPrefix(s string) {
+	c.errPrefix = s
+}
+
 // SetGlobalNormalizationFunc sets a normalization function to all flag sets and also to child commands.
 // The user should not have a cyclic dependency on commands.
 func (c *Command) SetGlobalNormalizationFunc(n func(f *flag.FlagSet, name string) flag.NormalizedName) {
@@ -595,6 +608,18 @@ func (c *Command) VersionTemplate() string {
 `
 }
 
+// ErrPrefix return error message prefix for the command
+func (c *Command) ErrPrefix() string {
+	if c.errPrefix != "" {
+		return c.errPrefix
+	}
+
+	if c.HasParent() {
+		return c.parent.ErrPrefix()
+	}
+	return "Error:"
+}
+
 func hasNoOptDefVal(name string, fs *flag.FlagSet) bool {
 	flag := fs.Lookup(name)
 	if flag == nil {
@@ -752,7 +777,9 @@ func (c *Command) findNext(next string) *Command {
 	}
 
 	if len(matches) == 1 {
-		return matches[0]
+		// Temporarily disable gosec G602, which produces a false positive.
+		// See https://github.com/securego/gosec/issues/1005.
+		return matches[0] // #nosec G602
 	}
 
 	return nil
@@ -910,15 +937,31 @@ func (c *Command) execute(a []string) (err error) {
 		return err
 	}
 
+	parents := make([]*Command, 0, 5)
 	for p := c; p != nil; p = p.Parent() {
+		if EnableTraverseRunHooks {
+			// When EnableTraverseRunHooks is set:
+			// - Execute all persistent pre-runs from the root parent till this command.
+			// - Execute all persistent post-runs from this command till the root parent.
+			parents = append([]*Command{p}, parents...)
+		} else {
+			// Otherwise, execute only the first found persistent hook.
+			parents = append(parents, p)
+		}
+	}
+	for _, p := range parents {
 		if p.PersistentPreRunE != nil {
 			if err := p.PersistentPreRunE(c, argWoFlags); err != nil {
 				return err
 			}
-			break
+			if !EnableTraverseRunHooks {
+				break
+			}
 		} else if p.PersistentPreRun != nil {
 			p.PersistentPreRun(c, argWoFlags)
-			break
+			if !EnableTraverseRunHooks {
+				break
+			}
 		}
 	}
 	if c.PreRunE != nil {
@@ -955,10 +998,14 @@ func (c *Command) execute(a []string) (err error) {
 			if err := p.PersistentPostRunE(c, argWoFlags); err != nil {
 				return err
 			}
-			break
+			if !EnableTraverseRunHooks {
+				break
+			}
 		} else if p.PersistentPostRun != nil {
 			p.PersistentPostRun(c, argWoFlags)
-			break
+			if !EnableTraverseRunHooks {
+				break
+			}
 		}
 	}
 
@@ -1048,7 +1095,7 @@ func (c *Command) ExecuteC() (cmd *Command, err error) {
 			c = cmd
 		}
 		if !c.SilenceErrors {
-			c.PrintErrln("Error:", err.Error())
+			c.PrintErrln(c.ErrPrefix(), err.Error())
 			c.PrintErrf("Run '%v --help' for usage.\n", c.CommandPath())
 		}
 		return c, err
@@ -1077,7 +1124,7 @@ func (c *Command) ExecuteC() (cmd *Command, err error) {
 		// If root command has SilenceErrors flagged,
 		// all subcommands should respect it
 		if !cmd.SilenceErrors && !c.SilenceErrors {
-			c.PrintErrln("Error:", err.Error())
+			c.PrintErrln(cmd.ErrPrefix(), err.Error())
 		}
 
 		// If root command has SilenceUsage flagged,
@@ -1380,6 +1427,9 @@ func (c *Command) CommandPath() string {
 	if c.HasParent() {
 		return c.Parent().CommandPath() + " " + c.Name()
 	}
+	if displayName, ok := c.Annotations[CommandDisplayNameAnnotation]; ok {
+		return displayName
+	}
 	return c.Name()
 }
 
@@ -1402,6 +1452,7 @@ func (c *Command) UseLine() string {
 
 // DebugFlags used to determine which flags have been assigned to which commands
 // and which persist.
+// nolint:goconst
 func (c *Command) DebugFlags() {
 	c.Println("DebugFlags called on", c.Name())
 	var debugflags func(*Command)
diff --git a/vendor/github.com/spf13/cobra/completions.go b/vendor/github.com/spf13/cobra/completions.go
index ee38c4d0b..b60f6b200 100644
--- a/vendor/github.com/spf13/cobra/completions.go
+++ b/vendor/github.com/spf13/cobra/completions.go
@@ -145,6 +145,20 @@ func (c *Command) RegisterFlagCompletionFunc(flagName string, f func(cmd *Comman
 	return nil
 }
 
+// GetFlagCompletionFunc returns the completion function for the given flag of the command, if available.
+func (c *Command) GetFlagCompletionFunc(flagName string) (func(*Command, []string, string) ([]string, ShellCompDirective), bool) {
+	flag := c.Flag(flagName)
+	if flag == nil {
+		return nil, false
+	}
+
+	flagCompletionMutex.RLock()
+	defer flagCompletionMutex.RUnlock()
+
+	completionFunc, exists := flagCompletionFunctions[flag]
+	return completionFunc, exists
+}
+
 // Returns a string listing the different directive enabled in the specified parameter
 func (d ShellCompDirective) string() string {
 	var directives []string
@@ -283,9 +297,13 @@ func (c *Command) getCompletions(args []string) (*Command, []string, ShellCompDi
 
 	// These flags are normally added when `execute()` is called on `finalCmd`,
 	// however, when doing completion, we don't call `finalCmd.execute()`.
-	// Let's add the --help and --version flag ourselves.
-	finalCmd.InitDefaultHelpFlag()
-	finalCmd.InitDefaultVersionFlag()
+	// Let's add the --help and --version flag ourselves but only if the finalCmd
+	// has not disabled flag parsing; if flag parsing is disabled, it is up to the
+	// finalCmd itself to handle the completion of *all* flags.
+	if !finalCmd.DisableFlagParsing {
+		finalCmd.InitDefaultHelpFlag()
+		finalCmd.InitDefaultVersionFlag()
+	}
 
 	// Check if we are doing flag value completion before parsing the flags.
 	// This is important because if we are completing a flag value, we need to also
@@ -389,6 +407,11 @@ func (c *Command) getCompletions(args []string) (*Command, []string, ShellCompDi
 			finalCmd.InheritedFlags().VisitAll(func(flag *pflag.Flag) {
 				doCompleteFlags(flag)
 			})
+			// Try to complete non-inherited flags even if DisableFlagParsing==true.
+			// This allows programs to tell Cobra about flags for completion even
+			// if the actual parsing of flags is not done by Cobra.
+			// For instance, Helm uses this to provide flag name completion for
+			// some of its plugins.
 			finalCmd.NonInheritedFlags().VisitAll(func(flag *pflag.Flag) {
 				doCompleteFlags(flag)
 			})
diff --git a/vendor/github.com/spf13/cobra/fish_completions.go b/vendor/github.com/spf13/cobra/fish_completions.go
index 12ca0d2b1..12d61b691 100644
--- a/vendor/github.com/spf13/cobra/fish_completions.go
+++ b/vendor/github.com/spf13/cobra/fish_completions.go
@@ -113,7 +113,7 @@ function __%[1]s_clear_perform_completion_once_result
     __%[1]s_debug ""
     __%[1]s_debug "========= clearing previously set __%[1]s_perform_completion_once_result variable =========="
     set --erase __%[1]s_perform_completion_once_result
-    __%[1]s_debug "Succesfully erased the variable __%[1]s_perform_completion_once_result"
+    __%[1]s_debug "Successfully erased the variable __%[1]s_perform_completion_once_result"
 end
 
 function __%[1]s_requires_order_preservation
diff --git a/vendor/github.com/spf13/cobra/fish_completions.md b/vendor/github.com/spf13/cobra/fish_completions.md
deleted file mode 100644
index 19b2ed129..000000000
--- a/vendor/github.com/spf13/cobra/fish_completions.md
+++ /dev/null
@@ -1,4 +0,0 @@
-## Generating Fish Completions For Your cobra.Command
-
-Please refer to [Shell Completions](shell_completions.md) for details.
-
diff --git a/vendor/github.com/spf13/cobra/flag_groups.go b/vendor/github.com/spf13/cobra/flag_groups.go
index b35fde155..0671ec5f2 100644
--- a/vendor/github.com/spf13/cobra/flag_groups.go
+++ b/vendor/github.com/spf13/cobra/flag_groups.go
@@ -24,6 +24,7 @@ import (
 
 const (
 	requiredAsGroup   = "cobra_annotation_required_if_others_set"
+	oneRequired       = "cobra_annotation_one_required"
 	mutuallyExclusive = "cobra_annotation_mutually_exclusive"
 )
 
@@ -43,6 +44,22 @@ func (c *Command) MarkFlagsRequiredTogether(flagNames ...string) {
 	}
 }
 
+// MarkFlagsOneRequired marks the given flags with annotations so that Cobra errors
+// if the command is invoked without at least one flag from the given set of flags.
+func (c *Command) MarkFlagsOneRequired(flagNames ...string) {
+	c.mergePersistentFlags()
+	for _, v := range flagNames {
+		f := c.Flags().Lookup(v)
+		if f == nil {
+			panic(fmt.Sprintf("Failed to find flag %q and mark it as being in a one-required flag group", v))
+		}
+		if err := c.Flags().SetAnnotation(v, oneRequired, append(f.Annotations[oneRequired], strings.Join(flagNames, " "))); err != nil {
+			// Only errs if the flag isn't found.
+			panic(err)
+		}
+	}
+}
+
 // MarkFlagsMutuallyExclusive marks the given flags with annotations so that Cobra errors
 // if the command is invoked with more than one flag from the given set of flags.
 func (c *Command) MarkFlagsMutuallyExclusive(flagNames ...string) {
@@ -59,7 +76,7 @@ func (c *Command) MarkFlagsMutuallyExclusive(flagNames ...string) {
 	}
 }
 
-// ValidateFlagGroups validates the mutuallyExclusive/requiredAsGroup logic and returns the
+// ValidateFlagGroups validates the mutuallyExclusive/oneRequired/requiredAsGroup logic and returns the
 // first error encountered.
 func (c *Command) ValidateFlagGroups() error {
 	if c.DisableFlagParsing {
@@ -71,15 +88,20 @@ func (c *Command) ValidateFlagGroups() error {
 	// groupStatus format is the list of flags as a unique ID,
 	// then a map of each flag name and whether it is set or not.
 	groupStatus := map[string]map[string]bool{}
+	oneRequiredGroupStatus := map[string]map[string]bool{}
 	mutuallyExclusiveGroupStatus := map[string]map[string]bool{}
 	flags.VisitAll(func(pflag *flag.Flag) {
 		processFlagForGroupAnnotation(flags, pflag, requiredAsGroup, groupStatus)
+		processFlagForGroupAnnotation(flags, pflag, oneRequired, oneRequiredGroupStatus)
 		processFlagForGroupAnnotation(flags, pflag, mutuallyExclusive, mutuallyExclusiveGroupStatus)
 	})
 
 	if err := validateRequiredFlagGroups(groupStatus); err != nil {
 		return err
 	}
+	if err := validateOneRequiredFlagGroups(oneRequiredGroupStatus); err != nil {
+		return err
+	}
 	if err := validateExclusiveFlagGroups(mutuallyExclusiveGroupStatus); err != nil {
 		return err
 	}
@@ -142,6 +164,27 @@ func validateRequiredFlagGroups(data map[string]map[string]bool) error {
 	return nil
 }
 
+func validateOneRequiredFlagGroups(data map[string]map[string]bool) error {
+	keys := sortedKeys(data)
+	for _, flagList := range keys {
+		flagnameAndStatus := data[flagList]
+		var set []string
+		for flagname, isSet := range flagnameAndStatus {
+			if isSet {
+				set = append(set, flagname)
+			}
+		}
+		if len(set) >= 1 {
+			continue
+		}
+
+		// Sort values, so they can be tested/scripted against consistently.
+		sort.Strings(set)
+		return fmt.Errorf("at least one of the flags in the group [%v] is required", flagList)
+	}
+	return nil
+}
+
 func validateExclusiveFlagGroups(data map[string]map[string]bool) error {
 	keys := sortedKeys(data)
 	for _, flagList := range keys {
@@ -176,6 +219,7 @@ func sortedKeys(m map[string]map[string]bool) []string {
 
 // enforceFlagGroupsForCompletion will do the following:
 // - when a flag in a group is present, other flags in the group will be marked required
+// - when none of the flags in a one-required group are present, all flags in the group will be marked required
 // - when a flag in a mutually exclusive group is present, other flags in the group will be marked as hidden
 // This allows the standard completion logic to behave appropriately for flag groups
 func (c *Command) enforceFlagGroupsForCompletion() {
@@ -185,9 +229,11 @@ func (c *Command) enforceFlagGroupsForCompletion() {
 
 	flags := c.Flags()
 	groupStatus := map[string]map[string]bool{}
+	oneRequiredGroupStatus := map[string]map[string]bool{}
 	mutuallyExclusiveGroupStatus := map[string]map[string]bool{}
 	c.Flags().VisitAll(func(pflag *flag.Flag) {
 		processFlagForGroupAnnotation(flags, pflag, requiredAsGroup, groupStatus)
+		processFlagForGroupAnnotation(flags, pflag, oneRequired, oneRequiredGroupStatus)
 		processFlagForGroupAnnotation(flags, pflag, mutuallyExclusive, mutuallyExclusiveGroupStatus)
 	})
 
@@ -204,6 +250,26 @@ func (c *Command) enforceFlagGroupsForCompletion() {
 		}
 	}
 
+	// If none of the flags of a one-required group are present, we make all the flags
+	// of that group required so that the shell completion suggests them automatically
+	for flagList, flagnameAndStatus := range oneRequiredGroupStatus {
+		set := 0
+
+		for _, isSet := range flagnameAndStatus {
+			if isSet {
+				set++
+			}
+		}
+
+		// None of the flags of the group are set, mark all flags in the group
+		// as required
+		if set == 0 {
+			for _, fName := range strings.Split(flagList, " ") {
+				_ = c.MarkFlagRequired(fName)
+			}
+		}
+	}
+
 	// If a flag that is mutually exclusive to others is present, we hide the other
 	// flags of that group so the shell completion does not suggest them
 	for flagList, flagnameAndStatus := range mutuallyExclusiveGroupStatus {
diff --git a/vendor/github.com/spf13/cobra/powershell_completions.go b/vendor/github.com/spf13/cobra/powershell_completions.go
index 177d2755f..551951939 100644
--- a/vendor/github.com/spf13/cobra/powershell_completions.go
+++ b/vendor/github.com/spf13/cobra/powershell_completions.go
@@ -47,7 +47,7 @@ filter __%[1]s_escapeStringWithSpecialChars {
 `+"    $_ -replace '\\s|#|@|\\$|;|,|''|\\{|\\}|\\(|\\)|\"|`|\\||<|>|&','`$&'"+`
 }
 
-[scriptblock]$__%[2]sCompleterBlock = {
+[scriptblock]${__%[2]sCompleterBlock} = {
     param(
             $WordToComplete,
             $CommandAst,
@@ -122,7 +122,7 @@ filter __%[1]s_escapeStringWithSpecialChars {
 
     __%[1]s_debug "Calling $RequestComp"
     # First disable ActiveHelp which is not supported for Powershell
-    $env:%[10]s=0
+    ${env:%[10]s}=0
 
     #call the command store the output in $out and redirect stderr and stdout to null
     # $Out is an array contains each line per element
@@ -279,7 +279,7 @@ filter __%[1]s_escapeStringWithSpecialChars {
     }
 }
 
-Register-ArgumentCompleter -CommandName '%[1]s' -ScriptBlock $__%[2]sCompleterBlock
+Register-ArgumentCompleter -CommandName '%[1]s' -ScriptBlock ${__%[2]sCompleterBlock}
 `, name, nameForVar, compCmd,
 		ShellCompDirectiveError, ShellCompDirectiveNoSpace, ShellCompDirectiveNoFileComp,
 		ShellCompDirectiveFilterFileExt, ShellCompDirectiveFilterDirs, ShellCompDirectiveKeepOrder, activeHelpEnvVar(name)))
diff --git a/vendor/github.com/spf13/cobra/powershell_completions.md b/vendor/github.com/spf13/cobra/powershell_completions.md
deleted file mode 100644
index c449f1e5c..000000000
--- a/vendor/github.com/spf13/cobra/powershell_completions.md
+++ /dev/null
@@ -1,3 +0,0 @@
-# Generating PowerShell Completions For Your Own cobra.Command
-
-Please refer to [Shell Completions](shell_completions.md#powershell-completions) for details.
diff --git a/vendor/github.com/spf13/cobra/projects_using_cobra.md b/vendor/github.com/spf13/cobra/projects_using_cobra.md
deleted file mode 100644
index 8a291eb20..000000000
--- a/vendor/github.com/spf13/cobra/projects_using_cobra.md
+++ /dev/null
@@ -1,64 +0,0 @@
-## Projects using Cobra
-
-- [Allero](https://github.com/allero-io/allero)
-- [Arewefastyet](https://benchmark.vitess.io)
-- [Arduino CLI](https://github.com/arduino/arduino-cli)
-- [Bleve](https://blevesearch.com/)
-- [Cilium](https://cilium.io/)
-- [CloudQuery](https://github.com/cloudquery/cloudquery)
-- [CockroachDB](https://www.cockroachlabs.com/)
-- [Constellation](https://github.com/edgelesssys/constellation)
-- [Cosmos SDK](https://github.com/cosmos/cosmos-sdk)
-- [Datree](https://github.com/datreeio/datree)
-- [Delve](https://github.com/derekparker/delve)
-- [Docker (distribution)](https://github.com/docker/distribution)
-- [Etcd](https://etcd.io/)
-- [Gardener](https://github.com/gardener/gardenctl)
-- [Giant Swarm's gsctl](https://github.com/giantswarm/gsctl)
-- [Git Bump](https://github.com/erdaltsksn/git-bump)
-- [GitHub CLI](https://github.com/cli/cli)
-- [GitHub Labeler](https://github.com/erdaltsksn/gh-label)
-- [Golangci-lint](https://golangci-lint.run)
-- [GopherJS](https://github.com/gopherjs/gopherjs)
-- [GoReleaser](https://goreleaser.com)
-- [Helm](https://helm.sh)
-- [Hugo](https://gohugo.io)
-- [Infracost](https://github.com/infracost/infracost)
-- [Istio](https://istio.io)
-- [Kool](https://github.com/kool-dev/kool)
-- [Kubernetes](https://kubernetes.io/)
-- [Kubescape](https://github.com/kubescape/kubescape)
-- [KubeVirt](https://github.com/kubevirt/kubevirt)
-- [Linkerd](https://linkerd.io/)
-- [Mattermost-server](https://github.com/mattermost/mattermost-server)
-- [Mercure](https://mercure.rocks/)
-- [Meroxa CLI](https://github.com/meroxa/cli)
-- [Metal Stack CLI](https://github.com/metal-stack/metalctl)
-- [Moby (former Docker)](https://github.com/moby/moby)
-- [Moldy](https://github.com/Moldy-Community/moldy)
-- [Multi-gitter](https://github.com/lindell/multi-gitter)
-- [Nanobox](https://github.com/nanobox-io/nanobox)/[Nanopack](https://github.com/nanopack)
-- [nFPM](https://nfpm.goreleaser.com)
-- [Okteto](https://github.com/okteto/okteto)
-- [OpenShift](https://www.openshift.com/)
-- [Ory Hydra](https://github.com/ory/hydra)
-- [Ory Kratos](https://github.com/ory/kratos)
-- [Pixie](https://github.com/pixie-io/pixie)
-- [Polygon Edge](https://github.com/0xPolygon/polygon-edge)
-- [Pouch](https://github.com/alibaba/pouch)
-- [ProjectAtomic (enterprise)](https://www.projectatomic.io/)
-- [Prototool](https://github.com/uber/prototool)
-- [Pulumi](https://www.pulumi.com)
-- [QRcp](https://github.com/claudiodangelis/qrcp)
-- [Random](https://github.com/erdaltsksn/random)
-- [Rclone](https://rclone.org/)
-- [Scaleway CLI](https://github.com/scaleway/scaleway-cli)
-- [Sia](https://github.com/SiaFoundation/siad)
-- [Skaffold](https://skaffold.dev/)
-- [Tendermint](https://github.com/tendermint/tendermint)
-- [Twitch CLI](https://github.com/twitchdev/twitch-cli)
-- [UpCloud CLI (`upctl`)](https://github.com/UpCloudLtd/upcloud-cli)
-- [Vitess](https://vitess.io)
-- VMware's [Tanzu Community Edition](https://github.com/vmware-tanzu/community-edition) & [Tanzu Framework](https://github.com/vmware-tanzu/tanzu-framework)
-- [Werf](https://werf.io/)
-- [ZITADEL](https://github.com/zitadel/zitadel)
diff --git a/vendor/github.com/spf13/cobra/shell_completions.md b/vendor/github.com/spf13/cobra/shell_completions.md
deleted file mode 100644
index 065c0621d..000000000
--- a/vendor/github.com/spf13/cobra/shell_completions.md
+++ /dev/null
@@ -1,576 +0,0 @@
-# Generating shell completions
-
-Cobra can generate shell completions for multiple shells.
-The currently supported shells are:
-- Bash
-- Zsh
-- fish
-- PowerShell
-
-Cobra will automatically provide your program with a fully functional `completion` command,
-similarly to how it provides the `help` command.
-
-## Creating your own completion command
-
-If you do not wish to use the default `completion` command, you can choose to
-provide your own, which will take precedence over the default one. (This also provides
-backwards-compatibility with programs that already have their own `completion` command.)
-
-If you are using the `cobra-cli` generator,
-which can be found at [spf13/cobra-cli](https://github.com/spf13/cobra-cli),
-you can create a completion command by running
-
-```bash
-cobra-cli add completion
-```
-and then modifying the generated `cmd/completion.go` file to look something like this
-(writing the shell script to stdout allows the most flexible use):
-
-```go
-var completionCmd = &cobra.Command{
-	Use:   "completion [bash|zsh|fish|powershell]",
-	Short: "Generate completion script",
-	Long: fmt.Sprintf(`To load completions:
-
-Bash:
-
-  $ source <(%[1]s completion bash)
-
-  # To load completions for each session, execute once:
-  # Linux:
-  $ %[1]s completion bash > /etc/bash_completion.d/%[1]s
-  # macOS:
-  $ %[1]s completion bash > $(brew --prefix)/etc/bash_completion.d/%[1]s
-
-Zsh:
-
-  # If shell completion is not already enabled in your environment,
-  # you will need to enable it.  You can execute the following once:
-
-  $ echo "autoload -U compinit; compinit" >> ~/.zshrc
-
-  # To load completions for each session, execute once:
-  $ %[1]s completion zsh > "${fpath[1]}/_%[1]s"
-
-  # You will need to start a new shell for this setup to take effect.
-
-fish:
-
-  $ %[1]s completion fish | source
-
-  # To load completions for each session, execute once:
-  $ %[1]s completion fish > ~/.config/fish/completions/%[1]s.fish
-
-PowerShell:
-
-  PS> %[1]s completion powershell | Out-String | Invoke-Expression
-
-  # To load completions for every new session, run:
-  PS> %[1]s completion powershell > %[1]s.ps1
-  # and source this file from your PowerShell profile.
-`,cmd.Root().Name()),
-	DisableFlagsInUseLine: true,
-	ValidArgs:             []string{"bash", "zsh", "fish", "powershell"},
-	Args:                  cobra.MatchAll(cobra.ExactArgs(1), cobra.OnlyValidArgs),
-	Run: func(cmd *cobra.Command, args []string) {
-		switch args[0] {
-		case "bash":
-			cmd.Root().GenBashCompletion(os.Stdout)
-		case "zsh":
-			cmd.Root().GenZshCompletion(os.Stdout)
-		case "fish":
-			cmd.Root().GenFishCompletion(os.Stdout, true)
-		case "powershell":
-			cmd.Root().GenPowerShellCompletionWithDesc(os.Stdout)
-		}
-	},
-}
-```
-
-**Note:** The cobra generator may include messages printed to stdout, for example, if the config file is loaded; this will break the auto-completion script so must be removed.
-
-## Adapting the default completion command
-
-Cobra provides a few options for the default `completion` command.  To configure such options you must set
-the `CompletionOptions` field on the *root* command.
-
-To tell Cobra *not* to provide the default `completion` command:
-```
-rootCmd.CompletionOptions.DisableDefaultCmd = true
-```
-
-To tell Cobra to mark the default `completion` command as *hidden*:
-```
-rootCmd.CompletionOptions.HiddenDefaultCmd = true
-```
-
-To tell Cobra *not* to provide the user with the `--no-descriptions` flag to the completion sub-commands:
-```
-rootCmd.CompletionOptions.DisableNoDescFlag = true
-```
-
-To tell Cobra to completely disable descriptions for completions:
-```
-rootCmd.CompletionOptions.DisableDescriptions = true
-```
-
-# Customizing completions
-
-The generated completion scripts will automatically handle completing commands and flags.  However, you can make your completions much more powerful by providing information to complete your program's nouns and flag values.
-
-## Completion of nouns
-
-### Static completion of nouns
-
-Cobra allows you to provide a pre-defined list of completion choices for your nouns using the `ValidArgs` field.
-For example, if you want `kubectl get [tab][tab]` to show a list of valid "nouns" you have to set them.
-Some simplified code from `kubectl get` looks like:
-
-```go
-validArgs = []string{ "pod", "node", "service", "replicationcontroller" }
-
-cmd := &cobra.Command{
-	Use:     "get [(-o|--output=)json|yaml|template|...] (RESOURCE [NAME] | RESOURCE/NAME ...)",
-	Short:   "Display one or many resources",
-	Long:    get_long,
-	Example: get_example,
-	Run: func(cmd *cobra.Command, args []string) {
-		cobra.CheckErr(RunGet(f, out, cmd, args))
-	},
-	ValidArgs: validArgs,
-}
-```
-
-Notice we put the `ValidArgs` field on the `get` sub-command. Doing so will give results like:
-
-```bash
-$ kubectl get [tab][tab]
-node   pod   replicationcontroller   service
-```
-
-#### Aliases for nouns
-
-If your nouns have aliases, you can define them alongside `ValidArgs` using `ArgAliases`:
-
-```go
-argAliases = []string { "pods", "nodes", "services", "svc", "replicationcontrollers", "rc" }
-
-cmd := &cobra.Command{
-    ...
-	ValidArgs:  validArgs,
-	ArgAliases: argAliases
-}
-```
-
-The aliases are shown to the user on tab completion only if no completions were found within sub-commands or `ValidArgs`.
-
-### Dynamic completion of nouns
-
-In some cases it is not possible to provide a list of completions in advance.  Instead, the list of completions must be determined at execution-time. In a similar fashion as for static completions, you can use the `ValidArgsFunction` field to provide a Go function that Cobra will execute when it needs the list of completion choices for the nouns of a command.  Note that either `ValidArgs` or `ValidArgsFunction` can be used for a single cobra command, but not both.
-Simplified code from `helm status` looks like:
-
-```go
-cmd := &cobra.Command{
-	Use:   "status RELEASE_NAME",
-	Short: "Display the status of the named release",
-	Long:  status_long,
-	RunE: func(cmd *cobra.Command, args []string) {
-		RunGet(args[0])
-	},
-	ValidArgsFunction: func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
-		if len(args) != 0 {
-			return nil, cobra.ShellCompDirectiveNoFileComp
-		}
-		return getReleasesFromCluster(toComplete), cobra.ShellCompDirectiveNoFileComp
-	},
-}
-```
-Where `getReleasesFromCluster()` is a Go function that obtains the list of current Helm releases running on the Kubernetes cluster.
-Notice we put the `ValidArgsFunction` on the `status` sub-command. Let's assume the Helm releases on the cluster are: `harbor`, `notary`, `rook` and `thanos` then this dynamic completion will give results like:
-
-```bash
-$ helm status [tab][tab]
-harbor notary rook thanos
-```
-You may have noticed the use of `cobra.ShellCompDirective`.  These directives are bit fields allowing to control some shell completion behaviors for your particular completion.  You can combine them with the bit-or operator such as `cobra.ShellCompDirectiveNoSpace | cobra.ShellCompDirectiveNoFileComp`
-```go
-// Indicates that the shell will perform its default behavior after completions
-// have been provided (this implies none of the other directives).
-ShellCompDirectiveDefault
-
-// Indicates an error occurred and completions should be ignored.
-ShellCompDirectiveError
-
-// Indicates that the shell should not add a space after the completion,
-// even if there is a single completion provided.
-ShellCompDirectiveNoSpace
-
-// Indicates that the shell should not provide file completion even when
-// no completion is provided.
-ShellCompDirectiveNoFileComp
-
-// Indicates that the returned completions should be used as file extension filters.
-// For example, to complete only files of the form *.json or *.yaml:
-//    return []string{"yaml", "json"}, ShellCompDirectiveFilterFileExt
-// For flags, using MarkFlagFilename() and MarkPersistentFlagFilename()
-// is a shortcut to using this directive explicitly.
-//
-ShellCompDirectiveFilterFileExt
-
-// Indicates that only directory names should be provided in file completion.
-// For example:
-//    return nil, ShellCompDirectiveFilterDirs
-// For flags, using MarkFlagDirname() is a shortcut to using this directive explicitly.
-//
-// To request directory names within another directory, the returned completions
-// should specify a single directory name within which to search. For example,
-// to complete directories within "themes/":
-//    return []string{"themes"}, ShellCompDirectiveFilterDirs
-//
-ShellCompDirectiveFilterDirs
-
-// ShellCompDirectiveKeepOrder indicates that the shell should preserve the order
-// in which the completions are provided
-ShellCompDirectiveKeepOrder
-```
-
-***Note***: When using the `ValidArgsFunction`, Cobra will call your registered function after having parsed all flags and arguments provided in the command-line.  You therefore don't need to do this parsing yourself.  For example, when a user calls `helm status --namespace my-rook-ns [tab][tab]`, Cobra will call your registered `ValidArgsFunction` after having parsed the `--namespace` flag, as it would have done when calling the `RunE` function.
-
-#### Debugging
-
-Cobra achieves dynamic completion through the use of a hidden command called by the completion script.  To debug your Go completion code, you can call this hidden command directly:
-```bash
-$ helm __complete status har<ENTER>
-harbor
-:4
-Completion ended with directive: ShellCompDirectiveNoFileComp # This is on stderr
-```
-***Important:*** If the noun to complete is empty (when the user has not yet typed any letters of that noun), you must pass an empty parameter to the `__complete` command:
-```bash
-$ helm __complete status ""<ENTER>
-harbor
-notary
-rook
-thanos
-:4
-Completion ended with directive: ShellCompDirectiveNoFileComp # This is on stderr
-```
-Calling the `__complete` command directly allows you to run the Go debugger to troubleshoot your code.  You can also add printouts to your code; Cobra provides the following functions to use for printouts in Go completion code:
-```go
-// Prints to the completion script debug file (if BASH_COMP_DEBUG_FILE
-// is set to a file path) and optionally prints to stderr.
-cobra.CompDebug(msg string, printToStdErr bool) {
-cobra.CompDebugln(msg string, printToStdErr bool)
-
-// Prints to the completion script debug file (if BASH_COMP_DEBUG_FILE
-// is set to a file path) and to stderr.
-cobra.CompError(msg string)
-cobra.CompErrorln(msg string)
-```
-***Important:*** You should **not** leave traces that print directly to stdout in your completion code as they will be interpreted as completion choices by the completion script.  Instead, use the cobra-provided debugging traces functions mentioned above.
-
-## Completions for flags
-
-### Mark flags as required
-
-Most of the time completions will only show sub-commands. But if a flag is required to make a sub-command work, you probably want it to show up when the user types [tab][tab].  You can mark a flag as 'Required' like so:
-
-```go
-cmd.MarkFlagRequired("pod")
-cmd.MarkFlagRequired("container")
-```
-
-and you'll get something like
-
-```bash
-$ kubectl exec [tab][tab]
--c            --container=  -p            --pod=
-```
-
-### Specify dynamic flag completion
-
-As for nouns, Cobra provides a way of defining dynamic completion of flags.  To provide a Go function that Cobra will execute when it needs the list of completion choices for a flag, you must register the function using the `command.RegisterFlagCompletionFunc()` function.
-
-```go
-flagName := "output"
-cmd.RegisterFlagCompletionFunc(flagName, func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
-	return []string{"json", "table", "yaml"}, cobra.ShellCompDirectiveDefault
-})
-```
-Notice that calling `RegisterFlagCompletionFunc()` is done through the `command` with which the flag is associated.  In our example this dynamic completion will give results like so:
-
-```bash
-$ helm status --output [tab][tab]
-json table yaml
-```
-
-#### Debugging
-
-You can also easily debug your Go completion code for flags:
-```bash
-$ helm __complete status --output ""
-json
-table
-yaml
-:4
-Completion ended with directive: ShellCompDirectiveNoFileComp # This is on stderr
-```
-***Important:*** You should **not** leave traces that print to stdout in your completion code as they will be interpreted as completion choices by the completion script.  Instead, use the cobra-provided debugging traces functions mentioned further above.
-
-### Specify valid filename extensions for flags that take a filename
-
-To limit completions of flag values to file names with certain extensions you can either use the different `MarkFlagFilename()` functions or a combination of `RegisterFlagCompletionFunc()` and `ShellCompDirectiveFilterFileExt`, like so:
-```go
-flagName := "output"
-cmd.MarkFlagFilename(flagName, "yaml", "json")
-```
-or
-```go
-flagName := "output"
-cmd.RegisterFlagCompletionFunc(flagName, func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
-	return []string{"yaml", "json"}, ShellCompDirectiveFilterFileExt})
-```
-
-### Limit flag completions to directory names
-
-To limit completions of flag values to directory names you can either use the `MarkFlagDirname()` functions or a combination of `RegisterFlagCompletionFunc()` and `ShellCompDirectiveFilterDirs`, like so:
-```go
-flagName := "output"
-cmd.MarkFlagDirname(flagName)
-```
-or
-```go
-flagName := "output"
-cmd.RegisterFlagCompletionFunc(flagName, func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
-	return nil, cobra.ShellCompDirectiveFilterDirs
-})
-```
-To limit completions of flag values to directory names *within another directory* you can use a combination of `RegisterFlagCompletionFunc()` and `ShellCompDirectiveFilterDirs` like so:
-```go
-flagName := "output"
-cmd.RegisterFlagCompletionFunc(flagName, func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
-	return []string{"themes"}, cobra.ShellCompDirectiveFilterDirs
-})
-```
-### Descriptions for completions
-
-Cobra provides support for completion descriptions.  Such descriptions are supported for each shell
-(however, for bash, it is only available in the [completion V2 version](#bash-completion-v2)).
-For commands and flags, Cobra will provide the descriptions automatically, based on usage information.
-For example, using zsh:
-```
-$ helm s[tab]
-search  -- search for a keyword in charts
-show    -- show information of a chart
-status  -- displays the status of the named release
-```
-while using fish:
-```
-$ helm s[tab]
-search  (search for a keyword in charts)  show  (show information of a chart)  status  (displays the status of the named release)
-```
-
-Cobra allows you to add descriptions to your own completions.  Simply add the description text after each completion, following a `\t` separator.  This technique applies to completions returned by `ValidArgs`, `ValidArgsFunction` and `RegisterFlagCompletionFunc()`.  For example:
-```go
-ValidArgsFunction: func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
-	return []string{"harbor\tAn image registry", "thanos\tLong-term metrics"}, cobra.ShellCompDirectiveNoFileComp
-}}
-```
-or
-```go
-ValidArgs: []string{"bash\tCompletions for bash", "zsh\tCompletions for zsh"}
-```
-
-If you don't want to show descriptions in the completions, you can add `--no-descriptions` to the default `completion` command to disable them, like:
-
-```bash
-$ source <(helm completion bash)
-$ helm completion [tab][tab]
-bash        (generate autocompletion script for bash)        powershell  (generate autocompletion script for powershell)
-fish        (generate autocompletion script for fish)        zsh         (generate autocompletion script for zsh)
-
-$ source <(helm completion bash --no-descriptions)
-$ helm completion [tab][tab]
-bash        fish        powershell  zsh
-```
-## Bash completions
-
-### Dependencies
-
-The bash completion script generated by Cobra requires the `bash_completion` package. You should update the help text of your completion command to show how to install the `bash_completion` package ([Kubectl docs](https://kubernetes.io/docs/tasks/tools/install-kubectl/#enabling-shell-autocompletion))
-
-### Aliases
-
-You can also configure `bash` aliases for your program and they will also support completions.
-
-```bash
-alias aliasname=origcommand
-complete -o default -F __start_origcommand aliasname
-
-# and now when you run `aliasname` completion will make
-# suggestions as it did for `origcommand`.
-
-$ aliasname <tab><tab>
-completion     firstcommand   secondcommand
-```
-### Bash legacy dynamic completions
-
-For backward compatibility, Cobra still supports its bash legacy dynamic completion solution.
-Please refer to [Bash Completions](bash_completions.md) for details.
-
-### Bash completion V2
-
-Cobra provides two versions for bash completion.  The original bash completion (which started it all!) can be used by calling
-`GenBashCompletion()` or `GenBashCompletionFile()`.
-
-A new V2 bash completion version is also available.  This version can be used by calling `GenBashCompletionV2()` or
-`GenBashCompletionFileV2()`.  The V2 version does **not** support the legacy dynamic completion
-(see [Bash Completions](bash_completions.md)) but instead works only with the Go dynamic completion
-solution described in this document.
-Unless your program already uses the legacy dynamic completion solution, it is recommended that you use the bash
-completion V2 solution which provides the following extra features:
-- Supports completion descriptions (like the other shells)
-- Small completion script of less than 300 lines (v1 generates scripts of thousands of lines; `kubectl` for example has a bash v1 completion script of over 13K lines)
-- Streamlined user experience thanks to a completion behavior aligned with the other shells 
-
-`Bash` completion V2 supports descriptions for completions. When calling `GenBashCompletionV2()` or `GenBashCompletionFileV2()`
-you must provide these functions with a parameter indicating if the completions should be annotated with a description; Cobra
-will provide the description automatically based on usage information.  You can choose to make this option configurable by
-your users.
-
-```
-# With descriptions
-$ helm s[tab][tab]
-search  (search for a keyword in charts)           status  (display the status of the named release)
-show    (show information of a chart)
-
-# Without descriptions
-$ helm s[tab][tab]
-search  show  status
-```
-**Note**: Cobra's default `completion` command uses bash completion V2.  If for some reason you need to use bash completion V1, you will need to implement your own `completion` command. 
-## Zsh completions
-
-Cobra supports native zsh completion generated from the root `cobra.Command`.
-The generated completion script should be put somewhere in your `$fpath` and be named
-`_<yourProgram>`.  You will need to start a new shell for the completions to become available.
-
-Zsh supports descriptions for completions. Cobra will provide the description automatically,
-based on usage information. Cobra provides a way to completely disable such descriptions by
-using `GenZshCompletionNoDesc()` or `GenZshCompletionFileNoDesc()`. You can choose to make
-this a configurable option to your users.
-```
-# With descriptions
-$ helm s[tab]
-search  -- search for a keyword in charts
-show    -- show information of a chart
-status  -- displays the status of the named release
-
-# Without descriptions
-$ helm s[tab]
-search  show  status
-```
-*Note*: Because of backward-compatibility requirements, we were forced to have a different API to disable completion descriptions between `zsh` and `fish`.
-
-### Limitations
-
-* Custom completions implemented in Bash scripting (legacy) are not supported and will be ignored for `zsh` (including the use of the `BashCompCustom` flag annotation).
-  * You should instead use `ValidArgsFunction` and `RegisterFlagCompletionFunc()` which are portable to the different shells (`bash`, `zsh`, `fish`, `powershell`).
-* The function `MarkFlagCustom()` is not supported and will be ignored for `zsh`.
-  * You should instead use `RegisterFlagCompletionFunc()`.
-
-### Zsh completions standardization
-
-Cobra 1.1 standardized its zsh completion support to align it with its other shell completions.  Although the API was kept backward-compatible, some small changes in behavior were introduced.
-Please refer to [Zsh Completions](zsh_completions.md) for details.
-
-## fish completions
-
-Cobra supports native fish completions generated from the root `cobra.Command`.  You can use the `command.GenFishCompletion()` or `command.GenFishCompletionFile()` functions. You must provide these functions with a parameter indicating if the completions should be annotated with a description; Cobra will provide the description automatically based on usage information.  You can choose to make this option configurable by your users.
-```
-# With descriptions
-$ helm s[tab]
-search  (search for a keyword in charts)  show  (show information of a chart)  status  (displays the status of the named release)
-
-# Without descriptions
-$ helm s[tab]
-search  show  status
-```
-*Note*: Because of backward-compatibility requirements, we were forced to have a different API to disable completion descriptions between `zsh` and `fish`.
-
-### Limitations
-
-* Custom completions implemented in bash scripting (legacy) are not supported and will be ignored for `fish` (including the use of the `BashCompCustom` flag annotation).
-  * You should instead use `ValidArgsFunction` and `RegisterFlagCompletionFunc()` which are portable to the different shells (`bash`, `zsh`, `fish`, `powershell`).
-* The function `MarkFlagCustom()` is not supported and will be ignored for `fish`.
-  * You should instead use `RegisterFlagCompletionFunc()`.
-* The following flag completion annotations are not supported and will be ignored for `fish`:
-  * `BashCompFilenameExt` (filtering by file extension)
-  * `BashCompSubdirsInDir` (filtering by directory)
-* The functions corresponding to the above annotations are consequently not supported and will be ignored for `fish`:
-  * `MarkFlagFilename()` and `MarkPersistentFlagFilename()` (filtering by file extension)
-  * `MarkFlagDirname()` and `MarkPersistentFlagDirname()` (filtering by directory)
-* Similarly, the following completion directives are not supported and will be ignored for `fish`:
-  * `ShellCompDirectiveFilterFileExt` (filtering by file extension)
-  * `ShellCompDirectiveFilterDirs` (filtering by directory)
-
-## PowerShell completions
-
-Cobra supports native PowerShell completions generated from the root `cobra.Command`. You can use the `command.GenPowerShellCompletion()` or `command.GenPowerShellCompletionFile()` functions. To include descriptions use `command.GenPowerShellCompletionWithDesc()` and `command.GenPowerShellCompletionFileWithDesc()`. Cobra will provide the description automatically based on usage information. You can choose to make this option configurable by your users.
-
-The script is designed to support all three PowerShell completion modes:
-
-* TabCompleteNext (default windows style - on each key press the next option is displayed)
-* Complete (works like bash)
-* MenuComplete (works like zsh)
-
-You set the mode with `Set-PSReadLineKeyHandler -Key Tab -Function <mode>`. Descriptions are only displayed when using the `Complete` or `MenuComplete` mode.
-
-Users need PowerShell version 5.0 or above, which comes with Windows 10 and can be downloaded separately for Windows 7 or 8.1. They can then write the completions to a file and source this file from their PowerShell profile, which is referenced by the `$Profile` environment variable. See `Get-Help about_Profiles` for more info about PowerShell profiles.
-
-```
-# With descriptions and Mode 'Complete'
-$ helm s[tab]
-search  (search for a keyword in charts)  show  (show information of a chart)  status  (displays the status of the named release)
-
-# With descriptions and Mode 'MenuComplete' The description of the current selected value will be displayed below the suggestions.
-$ helm s[tab]
-search    show     status  
-
-search for a keyword in charts
-
-# Without descriptions
-$ helm s[tab]
-search  show  status
-```
-### Aliases
-
-You can also configure `powershell` aliases for your program and they will also support completions.
-
-```
-$ sal aliasname origcommand
-$ Register-ArgumentCompleter -CommandName 'aliasname' -ScriptBlock $__origcommandCompleterBlock
-
-# and now when you run `aliasname` completion will make
-# suggestions as it did for `origcommand`.
-
-$ aliasname <tab>
-completion     firstcommand   secondcommand
-```
-The name of the completer block variable is of the form `$__<programName>CompleterBlock` where every `-` and `:` in the program name have been replaced with `_`, to respect powershell naming syntax.
-
-### Limitations
-
-* Custom completions implemented in bash scripting (legacy) are not supported and will be ignored for `powershell` (including the use of the `BashCompCustom` flag annotation).
-  * You should instead use `ValidArgsFunction` and `RegisterFlagCompletionFunc()` which are portable to the different shells (`bash`, `zsh`, `fish`, `powershell`).
-* The function `MarkFlagCustom()` is not supported and will be ignored for `powershell`.
-  * You should instead use `RegisterFlagCompletionFunc()`.
-* The following flag completion annotations are not supported and will be ignored for `powershell`:
-  * `BashCompFilenameExt` (filtering by file extension)
-  * `BashCompSubdirsInDir` (filtering by directory)
-* The functions corresponding to the above annotations are consequently not supported and will be ignored for `powershell`:
-  * `MarkFlagFilename()` and `MarkPersistentFlagFilename()` (filtering by file extension)
-  * `MarkFlagDirname()` and `MarkPersistentFlagDirname()` (filtering by directory)
-* Similarly, the following completion directives are not supported and will be ignored for `powershell`:
-  * `ShellCompDirectiveFilterFileExt` (filtering by file extension)
-  * `ShellCompDirectiveFilterDirs` (filtering by directory)
diff --git a/vendor/github.com/spf13/cobra/user_guide.md b/vendor/github.com/spf13/cobra/user_guide.md
deleted file mode 100644
index 85201d840..000000000
--- a/vendor/github.com/spf13/cobra/user_guide.md
+++ /dev/null
@@ -1,726 +0,0 @@
-# User Guide
-
-While you are welcome to provide your own organization, typically a Cobra-based
-application will follow the following organizational structure:
-
-```
-  ▾ appName/
-    ▾ cmd/
-        add.go
-        your.go
-        commands.go
-        here.go
-      main.go
-```
-
-In a Cobra app, typically the main.go file is very bare. It serves one purpose: initializing Cobra.
-
-```go
-package main
-
-import (
-  "{pathToYourApp}/cmd"
-)
-
-func main() {
-  cmd.Execute()
-}
-```
-
-## Using the Cobra Generator
-
-Cobra-CLI is its own program that will create your application and add any
-commands you want. It's the easiest way to incorporate Cobra into your application.
-
-For complete details on using the Cobra generator, please refer to [The Cobra-CLI Generator README](https://github.com/spf13/cobra-cli/blob/main/README.md)
-
-## Using the Cobra Library
-
-To manually implement Cobra you need to create a bare main.go file and a rootCmd file.
-You will optionally provide additional commands as you see fit.
-
-### Create rootCmd
-
-Cobra doesn't require any special constructors. Simply create your commands.
-
-Ideally you place this in app/cmd/root.go:
-
-```go
-var rootCmd = &cobra.Command{
-  Use:   "hugo",
-  Short: "Hugo is a very fast static site generator",
-  Long: `A Fast and Flexible Static Site Generator built with
-                love by spf13 and friends in Go.
-                Complete documentation is available at https://gohugo.io/documentation/`,
-  Run: func(cmd *cobra.Command, args []string) {
-    // Do Stuff Here
-  },
-}
-
-func Execute() {
-  if err := rootCmd.Execute(); err != nil {
-    fmt.Fprintln(os.Stderr, err)
-    os.Exit(1)
-  }
-}
-```
-
-You will additionally define flags and handle configuration in your init() function.
-
-For example cmd/root.go:
-
-```go
-package cmd
-
-import (
-	"fmt"
-	"os"
-
-	"github.com/spf13/cobra"
-	"github.com/spf13/viper"
-)
-
-var (
-	// Used for flags.
-	cfgFile     string
-	userLicense string
-
-	rootCmd = &cobra.Command{
-		Use:   "cobra-cli",
-		Short: "A generator for Cobra based Applications",
-		Long: `Cobra is a CLI library for Go that empowers applications.
-This application is a tool to generate the needed files
-to quickly create a Cobra application.`,
-	}
-)
-
-// Execute executes the root command.
-func Execute() error {
-	return rootCmd.Execute()
-}
-
-func init() {
-	cobra.OnInitialize(initConfig)
-
-	rootCmd.PersistentFlags().StringVar(&cfgFile, "config", "", "config file (default is $HOME/.cobra.yaml)")
-	rootCmd.PersistentFlags().StringP("author", "a", "YOUR NAME", "author name for copyright attribution")
-	rootCmd.PersistentFlags().StringVarP(&userLicense, "license", "l", "", "name of license for the project")
-	rootCmd.PersistentFlags().Bool("viper", true, "use Viper for configuration")
-	viper.BindPFlag("author", rootCmd.PersistentFlags().Lookup("author"))
-	viper.BindPFlag("useViper", rootCmd.PersistentFlags().Lookup("viper"))
-	viper.SetDefault("author", "NAME HERE <EMAIL ADDRESS>")
-	viper.SetDefault("license", "apache")
-
-	rootCmd.AddCommand(addCmd)
-	rootCmd.AddCommand(initCmd)
-}
-
-func initConfig() {
-	if cfgFile != "" {
-		// Use config file from the flag.
-		viper.SetConfigFile(cfgFile)
-	} else {
-		// Find home directory.
-		home, err := os.UserHomeDir()
-		cobra.CheckErr(err)
-
-		// Search config in home directory with name ".cobra" (without extension).
-		viper.AddConfigPath(home)
-		viper.SetConfigType("yaml")
-		viper.SetConfigName(".cobra")
-	}
-
-	viper.AutomaticEnv()
-
-	if err := viper.ReadInConfig(); err == nil {
-		fmt.Println("Using config file:", viper.ConfigFileUsed())
-	}
-}
-```
-
-### Create your main.go
-
-With the root command you need to have your main function execute it.
-Execute should be run on the root for clarity, though it can be called on any command.
-
-In a Cobra app, typically the main.go file is very bare. It serves one purpose: to initialize Cobra.
-
-```go
-package main
-
-import (
-  "{pathToYourApp}/cmd"
-)
-
-func main() {
-  cmd.Execute()
-}
-```
-
-### Create additional commands
-
-Additional commands can be defined and typically are each given their own file
-inside of the cmd/ directory.
-
-If you wanted to create a version command you would create cmd/version.go and
-populate it with the following:
-
-```go
-package cmd
-
-import (
-  "fmt"
-
-  "github.com/spf13/cobra"
-)
-
-func init() {
-  rootCmd.AddCommand(versionCmd)
-}
-
-var versionCmd = &cobra.Command{
-  Use:   "version",
-  Short: "Print the version number of Hugo",
-  Long:  `All software has versions. This is Hugo's`,
-  Run: func(cmd *cobra.Command, args []string) {
-    fmt.Println("Hugo Static Site Generator v0.9 -- HEAD")
-  },
-}
-```
-
-### Organizing subcommands
-
-A command may have subcommands which in turn may have other subcommands. This is achieved by using
-`AddCommand`. In some cases, especially in larger applications, each subcommand may be defined in
-its own go package.
-
-The suggested approach is for the parent command to use `AddCommand` to add its most immediate
-subcommands. For example, consider the following directory structure:
-
-```text
-├── cmd
-│   ├── root.go
-│   └── sub1
-│       ├── sub1.go
-│       └── sub2
-│           ├── leafA.go
-│           ├── leafB.go
-│           └── sub2.go
-└── main.go
-```
-
-In this case:
-
-* The `init` function of `root.go` adds the command defined in `sub1.go` to the root command.
-* The `init` function of `sub1.go` adds the command defined in `sub2.go` to the sub1 command.
-* The `init` function of `sub2.go` adds the commands defined in `leafA.go` and `leafB.go` to the
-  sub2 command.
-
-This approach ensures the subcommands are always included at compile time while avoiding cyclic
-references.
-
-### Returning and handling errors
-
-If you wish to return an error to the caller of a command, `RunE` can be used.
-
-```go
-package cmd
-
-import (
-  "fmt"
-
-  "github.com/spf13/cobra"
-)
-
-func init() {
-  rootCmd.AddCommand(tryCmd)
-}
-
-var tryCmd = &cobra.Command{
-  Use:   "try",
-  Short: "Try and possibly fail at something",
-  RunE: func(cmd *cobra.Command, args []string) error {
-    if err := someFunc(); err != nil {
-	return err
-    }
-    return nil
-  },
-}
-```
-
-The error can then be caught at the execute function call.
-
-## Working with Flags
-
-Flags provide modifiers to control how the action command operates.
-
-### Assign flags to a command
-
-Since the flags are defined and used in different locations, we need to
-define a variable outside with the correct scope to assign the flag to
-work with.
-
-```go
-var Verbose bool
-var Source string
-```
-
-There are two different approaches to assign a flag.
-
-### Persistent Flags
-
-A flag can be 'persistent', meaning that this flag will be available to the
-command it's assigned to as well as every command under that command. For
-global flags, assign a flag as a persistent flag on the root.
-
-```go
-rootCmd.PersistentFlags().BoolVarP(&Verbose, "verbose", "v", false, "verbose output")
-```
-
-### Local Flags
-
-A flag can also be assigned locally, which will only apply to that specific command.
-
-```go
-localCmd.Flags().StringVarP(&Source, "source", "s", "", "Source directory to read from")
-```
-
-### Local Flag on Parent Commands
-
-By default, Cobra only parses local flags on the target command, and any local flags on
-parent commands are ignored. By enabling `Command.TraverseChildren`, Cobra will
-parse local flags on each command before executing the target command.
-
-```go
-command := cobra.Command{
-  Use: "print [OPTIONS] [COMMANDS]",
-  TraverseChildren: true,
-}
-```
-
-### Bind Flags with Config
-
-You can also bind your flags with [viper](https://github.com/spf13/viper):
-```go
-var author string
-
-func init() {
-  rootCmd.PersistentFlags().StringVar(&author, "author", "YOUR NAME", "Author name for copyright attribution")
-  viper.BindPFlag("author", rootCmd.PersistentFlags().Lookup("author"))
-}
-```
-
-In this example, the persistent flag `author` is bound with `viper`.
-**Note**: the variable `author` will not be set to the value from config,
-when the `--author` flag is provided by user.
-
-More in [viper documentation](https://github.com/spf13/viper#working-with-flags).
-
-### Required flags
-
-Flags are optional by default. If instead you wish your command to report an error
-when a flag has not been set, mark it as required:
-```go
-rootCmd.Flags().StringVarP(&Region, "region", "r", "", "AWS region (required)")
-rootCmd.MarkFlagRequired("region")
-```
-
-Or, for persistent flags:
-```go
-rootCmd.PersistentFlags().StringVarP(&Region, "region", "r", "", "AWS region (required)")
-rootCmd.MarkPersistentFlagRequired("region")
-```
-
-### Flag Groups
-
-If you have different flags that must be provided together (e.g. if they provide the `--username` flag they MUST provide the `--password` flag as well) then
-Cobra can enforce that requirement:
-```go
-rootCmd.Flags().StringVarP(&u, "username", "u", "", "Username (required if password is set)")
-rootCmd.Flags().StringVarP(&pw, "password", "p", "", "Password (required if username is set)")
-rootCmd.MarkFlagsRequiredTogether("username", "password")
-```
-
-You can also prevent different flags from being provided together if they represent mutually
-exclusive options such as specifying an output format as either `--json` or `--yaml` but never both:
-```go
-rootCmd.Flags().BoolVar(&ofJson, "json", false, "Output in JSON")
-rootCmd.Flags().BoolVar(&ofYaml, "yaml", false, "Output in YAML")
-rootCmd.MarkFlagsMutuallyExclusive("json", "yaml")
-```
-
-In both of these cases:
-  - both local and persistent flags can be used
-    - **NOTE:** the group is only enforced on commands where every flag is defined
-  - a flag may appear in multiple groups
-  - a group may contain any number of flags
-
-## Positional and Custom Arguments
-
-Validation of positional arguments can be specified using the `Args` field of `Command`.
-The following validators are built in:
-
-- Number of arguments:
-  - `NoArgs` - report an error if there are any positional args.
-  - `ArbitraryArgs` - accept any number of args.
-  - `MinimumNArgs(int)` - report an error if less than N positional args are provided.
-  - `MaximumNArgs(int)` - report an error if more than N positional args are provided.
-  - `ExactArgs(int)` - report an error if there are not exactly N positional args.
-  - `RangeArgs(min, max)` - report an error if the number of args is not between `min` and `max`.
-- Content of the arguments:
-  - `OnlyValidArgs` - report an error if there are any positional args not specified in the `ValidArgs` field of `Command`, which can optionally be set to a list of valid values for positional args.
-
-If `Args` is undefined or `nil`, it defaults to `ArbitraryArgs`.
-
-Moreover, `MatchAll(pargs ...PositionalArgs)` enables combining existing checks with arbitrary other checks.
-For instance, if you want to report an error if there are not exactly N positional args OR if there are any positional
-args that are not in the `ValidArgs` field of `Command`, you can call `MatchAll` on `ExactArgs` and `OnlyValidArgs`, as
-shown below:
-
-```go
-var cmd = &cobra.Command{
-  Short: "hello",
-  Args: cobra.MatchAll(cobra.ExactArgs(2), cobra.OnlyValidArgs),
-  Run: func(cmd *cobra.Command, args []string) {
-    fmt.Println("Hello, World!")
-  },
-}
-```
-
-It is possible to set any custom validator that satisfies `func(cmd *cobra.Command, args []string) error`.
-For example:
-
-```go
-var cmd = &cobra.Command{
-  Short: "hello",
-  Args: func(cmd *cobra.Command, args []string) error {
-    // Optionally run one of the validators provided by cobra
-    if err := cobra.MinimumNArgs(1)(cmd, args); err != nil {
-        return err
-    }
-    // Run the custom validation logic
-    if myapp.IsValidColor(args[0]) {
-      return nil
-    }
-    return fmt.Errorf("invalid color specified: %s", args[0])
-  },
-  Run: func(cmd *cobra.Command, args []string) {
-    fmt.Println("Hello, World!")
-  },
-}
-```
-
-## Example
-
-In the example below, we have defined three commands. Two are at the top level
-and one (cmdTimes) is a child of one of the top commands. In this case the root
-is not executable, meaning that a subcommand is required. This is accomplished
-by not providing a 'Run' for the 'rootCmd'.
-
-We have only defined one flag for a single command.
-
-More documentation about flags is available at https://github.com/spf13/pflag
-
-```go
-package main
-
-import (
-  "fmt"
-  "strings"
-
-  "github.com/spf13/cobra"
-)
-
-func main() {
-  var echoTimes int
-
-  var cmdPrint = &cobra.Command{
-    Use:   "print [string to print]",
-    Short: "Print anything to the screen",
-    Long: `print is for printing anything back to the screen.
-For many years people have printed back to the screen.`,
-    Args: cobra.MinimumNArgs(1),
-    Run: func(cmd *cobra.Command, args []string) {
-      fmt.Println("Print: " + strings.Join(args, " "))
-    },
-  }
-
-  var cmdEcho = &cobra.Command{
-    Use:   "echo [string to echo]",
-    Short: "Echo anything to the screen",
-    Long: `echo is for echoing anything back.
-Echo works a lot like print, except it has a child command.`,
-    Args: cobra.MinimumNArgs(1),
-    Run: func(cmd *cobra.Command, args []string) {
-      fmt.Println("Echo: " + strings.Join(args, " "))
-    },
-  }
-
-  var cmdTimes = &cobra.Command{
-    Use:   "times [string to echo]",
-    Short: "Echo anything to the screen more times",
-    Long: `echo things multiple times back to the user by providing
-a count and a string.`,
-    Args: cobra.MinimumNArgs(1),
-    Run: func(cmd *cobra.Command, args []string) {
-      for i := 0; i < echoTimes; i++ {
-        fmt.Println("Echo: " + strings.Join(args, " "))
-      }
-    },
-  }
-
-  cmdTimes.Flags().IntVarP(&echoTimes, "times", "t", 1, "times to echo the input")
-
-  var rootCmd = &cobra.Command{Use: "app"}
-  rootCmd.AddCommand(cmdPrint, cmdEcho)
-  cmdEcho.AddCommand(cmdTimes)
-  rootCmd.Execute()
-}
-```
-
-For a more complete example of a larger application, please checkout [Hugo](https://gohugo.io/).
-
-## Help Command
-
-Cobra automatically adds a help command to your application when you have subcommands.
-This will be called when a user runs 'app help'. Additionally, help will also
-support all other commands as input. Say, for instance, you have a command called
-'create' without any additional configuration; Cobra will work when 'app help
-create' is called.  Every command will automatically have the '--help' flag added.
-
-### Example
-
-The following output is automatically generated by Cobra. Nothing beyond the
-command and flag definitions are needed.
-
-    $ cobra-cli help
-
-    Cobra is a CLI library for Go that empowers applications.
-    This application is a tool to generate the needed files
-    to quickly create a Cobra application.
-
-    Usage:
-      cobra-cli [command]
-
-    Available Commands:
-      add         Add a command to a Cobra Application
-      completion  Generate the autocompletion script for the specified shell
-      help        Help about any command
-      init        Initialize a Cobra Application
-
-    Flags:
-      -a, --author string    author name for copyright attribution (default "YOUR NAME")
-          --config string    config file (default is $HOME/.cobra.yaml)
-      -h, --help             help for cobra-cli
-      -l, --license string   name of license for the project
-          --viper            use Viper for configuration
-
-    Use "cobra-cli [command] --help" for more information about a command.
-
-
-Help is just a command like any other. There is no special logic or behavior
-around it. In fact, you can provide your own if you want.
-
-### Grouping commands in help
-
-Cobra supports grouping of available commands in the help output.  To group commands, each group must be explicitly
-defined using `AddGroup()` on the parent command.  Then a subcommand can be added to a group using the `GroupID` element
-of that subcommand. The groups will appear in the help output in the same order as they are defined using different
-calls to `AddGroup()`.  If you use the generated `help` or `completion` commands, you can set their group ids using
-`SetHelpCommandGroupId()` and `SetCompletionCommandGroupId()` on the root command, respectively.
-
-### Defining your own help
-
-You can provide your own Help command or your own template for the default command to use
-with the following functions:
-
-```go
-cmd.SetHelpCommand(cmd *Command)
-cmd.SetHelpFunc(f func(*Command, []string))
-cmd.SetHelpTemplate(s string)
-```
-
-The latter two will also apply to any children commands.
-
-## Usage Message
-
-When the user provides an invalid flag or invalid command, Cobra responds by
-showing the user the 'usage'.
-
-### Example
-You may recognize this from the help above. That's because the default help
-embeds the usage as part of its output.
-
-    $ cobra-cli --invalid
-    Error: unknown flag: --invalid
-    Usage:
-      cobra-cli [command]
-
-    Available Commands:
-      add         Add a command to a Cobra Application
-      completion  Generate the autocompletion script for the specified shell
-      help        Help about any command
-      init        Initialize a Cobra Application
-
-    Flags:
-      -a, --author string    author name for copyright attribution (default "YOUR NAME")
-          --config string    config file (default is $HOME/.cobra.yaml)
-      -h, --help             help for cobra-cli
-      -l, --license string   name of license for the project
-          --viper            use Viper for configuration
-
-    Use "cobra [command] --help" for more information about a command.
-
-### Defining your own usage
-You can provide your own usage function or template for Cobra to use.
-Like help, the function and template are overridable through public methods:
-
-```go
-cmd.SetUsageFunc(f func(*Command) error)
-cmd.SetUsageTemplate(s string)
-```
-
-## Version Flag
-
-Cobra adds a top-level '--version' flag if the Version field is set on the root command.
-Running an application with the '--version' flag will print the version to stdout using
-the version template. The template can be customized using the
-`cmd.SetVersionTemplate(s string)` function.
-
-## PreRun and PostRun Hooks
-
-It is possible to run functions before or after the main `Run` function of your command. The `PersistentPreRun` and `PreRun` functions will be executed before `Run`. `PersistentPostRun` and `PostRun` will be executed after `Run`.  The `Persistent*Run` functions will be inherited by children if they do not declare their own.  These functions are run in the following order:
-
-- `PersistentPreRun`
-- `PreRun`
-- `Run`
-- `PostRun`
-- `PersistentPostRun`
-
-An example of two commands which use all of these features is below.  When the subcommand is executed, it will run the root command's `PersistentPreRun` but not the root command's `PersistentPostRun`:
-
-```go
-package main
-
-import (
-  "fmt"
-
-  "github.com/spf13/cobra"
-)
-
-func main() {
-
-  var rootCmd = &cobra.Command{
-    Use:   "root [sub]",
-    Short: "My root command",
-    PersistentPreRun: func(cmd *cobra.Command, args []string) {
-      fmt.Printf("Inside rootCmd PersistentPreRun with args: %v\n", args)
-    },
-    PreRun: func(cmd *cobra.Command, args []string) {
-      fmt.Printf("Inside rootCmd PreRun with args: %v\n", args)
-    },
-    Run: func(cmd *cobra.Command, args []string) {
-      fmt.Printf("Inside rootCmd Run with args: %v\n", args)
-    },
-    PostRun: func(cmd *cobra.Command, args []string) {
-      fmt.Printf("Inside rootCmd PostRun with args: %v\n", args)
-    },
-    PersistentPostRun: func(cmd *cobra.Command, args []string) {
-      fmt.Printf("Inside rootCmd PersistentPostRun with args: %v\n", args)
-    },
-  }
-
-  var subCmd = &cobra.Command{
-    Use:   "sub [no options!]",
-    Short: "My subcommand",
-    PreRun: func(cmd *cobra.Command, args []string) {
-      fmt.Printf("Inside subCmd PreRun with args: %v\n", args)
-    },
-    Run: func(cmd *cobra.Command, args []string) {
-      fmt.Printf("Inside subCmd Run with args: %v\n", args)
-    },
-    PostRun: func(cmd *cobra.Command, args []string) {
-      fmt.Printf("Inside subCmd PostRun with args: %v\n", args)
-    },
-    PersistentPostRun: func(cmd *cobra.Command, args []string) {
-      fmt.Printf("Inside subCmd PersistentPostRun with args: %v\n", args)
-    },
-  }
-
-  rootCmd.AddCommand(subCmd)
-
-  rootCmd.SetArgs([]string{""})
-  rootCmd.Execute()
-  fmt.Println()
-  rootCmd.SetArgs([]string{"sub", "arg1", "arg2"})
-  rootCmd.Execute()
-}
-```
-
-Output:
-```
-Inside rootCmd PersistentPreRun with args: []
-Inside rootCmd PreRun with args: []
-Inside rootCmd Run with args: []
-Inside rootCmd PostRun with args: []
-Inside rootCmd PersistentPostRun with args: []
-
-Inside rootCmd PersistentPreRun with args: [arg1 arg2]
-Inside subCmd PreRun with args: [arg1 arg2]
-Inside subCmd Run with args: [arg1 arg2]
-Inside subCmd PostRun with args: [arg1 arg2]
-Inside subCmd PersistentPostRun with args: [arg1 arg2]
-```
-
-## Suggestions when "unknown command" happens
-
-Cobra will print automatic suggestions when "unknown command" errors happen. This allows Cobra to behave similarly to the `git` command when a typo happens. For example:
-
-```
-$ hugo srever
-Error: unknown command "srever" for "hugo"
-
-Did you mean this?
-        server
-
-Run 'hugo --help' for usage.
-```
-
-Suggestions are automatically generated based on existing subcommands and use an implementation of [Levenshtein distance](https://en.wikipedia.org/wiki/Levenshtein_distance). Every registered command that matches a minimum distance of 2 (ignoring case) will be displayed as a suggestion.
-
-If you need to disable suggestions or tweak the string distance in your command, use:
-
-```go
-command.DisableSuggestions = true
-```
-
-or
-
-```go
-command.SuggestionsMinimumDistance = 1
-```
-
-You can also explicitly set names for which a given command will be suggested using the `SuggestFor` attribute. This allows suggestions for strings that are not close in terms of string distance, but make sense in your set of commands but for which
-you don't want aliases. Example:
-
-```
-$ kubectl remove
-Error: unknown command "remove" for "kubectl"
-
-Did you mean this?
-        delete
-
-Run 'kubectl help' for usage.
-```
-
-## Generating documentation for your command
-
-Cobra can generate documentation based on subcommands, flags, etc. Read more about it in the [docs generation documentation](doc/README.md).
-
-## Generating shell completions
-
-Cobra can generate a shell-completion file for the following shells: bash, zsh, fish, PowerShell. If you add more information to your commands, these completions can be amazingly powerful and flexible.  Read more about it in [Shell Completions](shell_completions.md).
-
-## Providing Active Help
-
-Cobra makes use of the shell-completion system to define a framework allowing you to provide Active Help to your users.  Active Help are messages (hints, warnings, etc) printed as the program is being used.  Read more about it in [Active Help](active_help.md).
diff --git a/vendor/github.com/spf13/cobra/zsh_completions.md b/vendor/github.com/spf13/cobra/zsh_completions.md
deleted file mode 100644
index 7cff61787..000000000
--- a/vendor/github.com/spf13/cobra/zsh_completions.md
+++ /dev/null
@@ -1,48 +0,0 @@
-## Generating Zsh Completion For Your cobra.Command
-
-Please refer to [Shell Completions](shell_completions.md) for details.
-
-## Zsh completions standardization
-
-Cobra 1.1 standardized its zsh completion support to align it with its other shell completions.  Although the API was kept backwards-compatible, some small changes in behavior were introduced.
-
-### Deprecation summary
-
-See further below for more details on these deprecations.
-
-* `cmd.MarkZshCompPositionalArgumentFile(pos, []string{})` is no longer needed.  It is therefore **deprecated** and silently ignored.
-* `cmd.MarkZshCompPositionalArgumentFile(pos, glob[])` is **deprecated** and silently ignored.
-  * Instead use `ValidArgsFunction` with `ShellCompDirectiveFilterFileExt`.
-* `cmd.MarkZshCompPositionalArgumentWords()` is **deprecated** and silently ignored.
-  * Instead use `ValidArgsFunction`.
-
-### Behavioral changes
-
-**Noun completion**
-|Old behavior|New behavior|
-|---|---|
-|No file completion by default (opposite of bash)|File completion by default; use `ValidArgsFunction` with `ShellCompDirectiveNoFileComp` to turn off file completion on a per-argument basis|
-|Completion of flag names without the `-` prefix having been typed|Flag names are only completed if the user has typed the first `-`|
-`cmd.MarkZshCompPositionalArgumentFile(pos, []string{})` used to turn on file completion on a per-argument position basis|File completion for all arguments by default; `cmd.MarkZshCompPositionalArgumentFile()` is **deprecated** and silently ignored|
-|`cmd.MarkZshCompPositionalArgumentFile(pos, glob[])` used to turn on file completion **with glob filtering** on a per-argument position basis (zsh-specific)|`cmd.MarkZshCompPositionalArgumentFile()` is **deprecated** and silently ignored; use `ValidArgsFunction` with `ShellCompDirectiveFilterFileExt` for file **extension** filtering (not full glob filtering)|
-|`cmd.MarkZshCompPositionalArgumentWords(pos, words[])` used to provide completion choices on a per-argument position basis (zsh-specific)|`cmd.MarkZshCompPositionalArgumentWords()` is **deprecated** and silently ignored; use `ValidArgsFunction` to achieve the same behavior|
-
-**Flag-value completion**
-
-|Old behavior|New behavior|
-|---|---|
-|No file completion by default (opposite of bash)|File completion by default; use `RegisterFlagCompletionFunc()` with `ShellCompDirectiveNoFileComp` to turn off file completion|
-|`cmd.MarkFlagFilename(flag, []string{})` and similar used to turn on file completion|File completion by default; `cmd.MarkFlagFilename(flag, []string{})` no longer needed in this context and silently ignored|
-|`cmd.MarkFlagFilename(flag, glob[])`  used to turn on file completion **with glob filtering** (syntax of `[]string{"*.yaml", "*.yml"}` incompatible with bash)|Will continue to work, however, support for bash syntax is added and should be used instead so as to work for all shells (`[]string{"yaml", "yml"}`)|
-|`cmd.MarkFlagDirname(flag)` only completes directories (zsh-specific)|Has been added for all shells|
-|Completion of a flag name does not repeat, unless flag is of type `*Array` or `*Slice` (not supported by bash)|Retained for `zsh` and added to `fish`|
-|Completion of a flag name does not provide the `=` form (unlike bash)|Retained for `zsh` and added to `fish`|
-
-**Improvements**
-
-* Custom completion support (`ValidArgsFunction` and `RegisterFlagCompletionFunc()`)
-* File completion by default if no other completions found
-* Handling of required flags
-* File extension filtering no longer mutually exclusive with bash usage
-* Completion of directory names *within* another directory
-* Support for `=` form of flags
diff --git a/vendor/github.com/spf13/jwalterweatherman/README.md b/vendor/github.com/spf13/jwalterweatherman/README.md
deleted file mode 100644
index 932a23fc6..000000000
--- a/vendor/github.com/spf13/jwalterweatherman/README.md
+++ /dev/null
@@ -1,148 +0,0 @@
-jWalterWeatherman
-=================
-
-Seamless printing to the terminal (stdout) and logging to a io.Writer
-(file) that’s as easy to use as fmt.Println.
-
-![and_that__s_why_you_always_leave_a_note_by_jonnyetc-d57q7um](https://cloud.githubusercontent.com/assets/173412/11002937/ccd01654-847d-11e5-828e-12ebaf582eaf.jpg)
-Graphic by [JonnyEtc](http://jonnyetc.deviantart.com/art/And-That-s-Why-You-Always-Leave-a-Note-315311422)
-
-JWW is primarily a wrapper around the excellent standard log library. It
-provides a few advantages over using the standard log library alone.
-
-1. Ready to go out of the box. 
-2. One library for both printing to the terminal and logging (to files).
-3. Really easy to log to either a temp file or a file you specify.
-
-
-I really wanted a very straightforward library that could seamlessly do
-the following things.
-
-1. Replace all the println, printf, etc statements thoughout my code with
-   something more useful
-2. Allow the user to easily control what levels are printed to stdout
-3. Allow the user to easily control what levels are logged
-4. Provide an easy mechanism (like fmt.Println) to print info to the user
-   which can be easily logged as well 
-5. Due to 2 & 3 provide easy verbose mode for output and logs
-6. Not have any unnecessary initialization cruft. Just use it.
-
-# Usage
-
-## Step 1. Use it
-Put calls throughout your source based on type of feedback.
-No initialization or setup needs to happen. Just start calling things.
-
-Available Loggers are:
-
- * TRACE
- * DEBUG
- * INFO
- * WARN
- * ERROR
- * CRITICAL
- * FATAL
-
-These each are loggers based on the log standard library and follow the
-standard usage. Eg.
-
-```go
-    import (
-        jww "github.com/spf13/jwalterweatherman"
-    )
-
-    ...
-
-    if err != nil {
-
-        // This is a pretty serious error and the user should know about
-        // it. It will be printed to the terminal as well as logged under the
-        // default thresholds.
-
-        jww.ERROR.Println(err)
-    }
-
-    if err2 != nil {
-        // This error isn’t going to materially change the behavior of the
-        // application, but it’s something that may not be what the user
-        // expects. Under the default thresholds, Warn will be logged, but
-        // not printed to the terminal. 
-
-        jww.WARN.Println(err2)
-    }
-
-    // Information that’s relevant to what’s happening, but not very
-    // important for the user. Under the default thresholds this will be
-    // discarded.
-
-    jww.INFO.Printf("information %q", response)
-
-```
-
-NOTE: You can also use the library in a non-global setting by creating an instance of a Notebook:
-
-```go
-notepad = jww.NewNotepad(jww.LevelInfo, jww.LevelTrace, os.Stdout, ioutil.Discard, "", log.Ldate|log.Ltime)
-notepad.WARN.Println("Some warning"")
-```
-
-_Why 7 levels?_
-
-Maybe you think that 7 levels are too much for any application... and you
-are probably correct. Just because there are seven levels doesn’t mean
-that you should be using all 7 levels. Pick the right set for your needs.
-Remember they only have to mean something to your project.
-
-## Step 2. Optionally configure JWW
-
-Under the default thresholds :
-
- * Debug, Trace & Info goto /dev/null
- * Warn and above is logged (when a log file/io.Writer is provided)
- * Error and above is printed to the terminal (stdout)
-
-### Changing the thresholds
-
-The threshold can be changed at any time, but will only affect calls that
-execute after the change was made.
-
-This is very useful if your application has a verbose mode. Of course you
-can decide what verbose means to you or even have multiple levels of
-verbosity.
-
-
-```go
-    import (
-        jww "github.com/spf13/jwalterweatherman"
-    )
-
-    if Verbose {
-        jww.SetLogThreshold(jww.LevelTrace)
-        jww.SetStdoutThreshold(jww.LevelInfo)
-    }
-```
-
-Note that JWW's own internal output uses log levels as well, so set the log
-level before making any other calls if you want to see what it's up to.
-
-
-### Setting a log file
-
-JWW can log to any `io.Writer`:
-
-
-```go
-
-    jww.SetLogOutput(customWriter) 
-
-```
-
-
-# More information
-
-This is an early release. I’ve been using it for a while and this is the
-third interface I’ve tried. I like this one pretty well, but no guarantees
-that it won’t change a bit.
-
-I wrote this for use in [hugo](https://gohugo.io). If you are looking
-for a static website engine that’s super fast please checkout Hugo.
diff --git a/vendor/github.com/spf13/jwalterweatherman/default_notepad.go b/vendor/github.com/spf13/jwalterweatherman/default_notepad.go
deleted file mode 100644
index a018c15c4..000000000
--- a/vendor/github.com/spf13/jwalterweatherman/default_notepad.go
+++ /dev/null
@@ -1,111 +0,0 @@
-// Copyright © 2016 Steve Francia <spf@spf13.com>.
-//
-// Use of this source code is governed by an MIT-style
-// license that can be found in the LICENSE file.
-
-package jwalterweatherman
-
-import (
-	"io"
-	"io/ioutil"
-	"log"
-	"os"
-)
-
-var (
-	TRACE    *log.Logger
-	DEBUG    *log.Logger
-	INFO     *log.Logger
-	WARN     *log.Logger
-	ERROR    *log.Logger
-	CRITICAL *log.Logger
-	FATAL    *log.Logger
-
-	LOG      *log.Logger
-	FEEDBACK *Feedback
-
-	defaultNotepad *Notepad
-)
-
-func reloadDefaultNotepad() {
-	TRACE = defaultNotepad.TRACE
-	DEBUG = defaultNotepad.DEBUG
-	INFO = defaultNotepad.INFO
-	WARN = defaultNotepad.WARN
-	ERROR = defaultNotepad.ERROR
-	CRITICAL = defaultNotepad.CRITICAL
-	FATAL = defaultNotepad.FATAL
-
-	LOG = defaultNotepad.LOG
-	FEEDBACK = defaultNotepad.FEEDBACK
-}
-
-func init() {
-	defaultNotepad = NewNotepad(LevelError, LevelWarn, os.Stdout, ioutil.Discard, "", log.Ldate|log.Ltime)
-	reloadDefaultNotepad()
-}
-
-// SetLogThreshold set the log threshold for the default notepad. Trace by default.
-func SetLogThreshold(threshold Threshold) {
-	defaultNotepad.SetLogThreshold(threshold)
-	reloadDefaultNotepad()
-}
-
-// SetLogOutput set the log output for the default notepad. Discarded by default.
-func SetLogOutput(handle io.Writer) {
-	defaultNotepad.SetLogOutput(handle)
-	reloadDefaultNotepad()
-}
-
-// SetStdoutThreshold set the standard output threshold for the default notepad.
-// Info by default.
-func SetStdoutThreshold(threshold Threshold) {
-	defaultNotepad.SetStdoutThreshold(threshold)
-	reloadDefaultNotepad()
-}
-
-// SetStdoutOutput set the stdout output for the default notepad. Default is stdout.
-func SetStdoutOutput(handle io.Writer) {
-	defaultNotepad.outHandle = handle
-	defaultNotepad.init()
-	reloadDefaultNotepad()
-}
-
-// SetPrefix set the prefix for the default logger. Empty by default.
-func SetPrefix(prefix string) {
-	defaultNotepad.SetPrefix(prefix)
-	reloadDefaultNotepad()
-}
-
-// SetFlags set the flags for the default logger. "log.Ldate | log.Ltime" by default.
-func SetFlags(flags int) {
-	defaultNotepad.SetFlags(flags)
-	reloadDefaultNotepad()
-}
-
-// SetLogListeners configures the default logger with one or more log listeners.
-func SetLogListeners(l ...LogListener) {
-	defaultNotepad.logListeners = l
-	defaultNotepad.init()
-	reloadDefaultNotepad()
-}
-
-// Level returns the current global log threshold.
-func LogThreshold() Threshold {
-	return defaultNotepad.logThreshold
-}
-
-// Level returns the current global output threshold.
-func StdoutThreshold() Threshold {
-	return defaultNotepad.stdoutThreshold
-}
-
-// GetStdoutThreshold returns the defined Treshold for the log logger.
-func GetLogThreshold() Threshold {
-	return defaultNotepad.GetLogThreshold()
-}
-
-// GetStdoutThreshold returns the Treshold for the stdout logger.
-func GetStdoutThreshold() Threshold {
-	return defaultNotepad.GetStdoutThreshold()
-}
diff --git a/vendor/github.com/spf13/jwalterweatherman/log_counter.go b/vendor/github.com/spf13/jwalterweatherman/log_counter.go
deleted file mode 100644
index 41285f3dc..000000000
--- a/vendor/github.com/spf13/jwalterweatherman/log_counter.go
+++ /dev/null
@@ -1,46 +0,0 @@
-// Copyright © 2016 Steve Francia <spf@spf13.com>.
-//
-// Use of this source code is governed by an MIT-style
-// license that can be found in the LICENSE file.
-
-package jwalterweatherman
-
-import (
-	"io"
-	"sync/atomic"
-)
-
-// Counter is an io.Writer that increments a counter on Write.
-type Counter struct {
-	count uint64
-}
-
-func (c *Counter) incr() {
-	atomic.AddUint64(&c.count, 1)
-}
-
-// Reset resets the counter.
-func (c *Counter) Reset() {
-	atomic.StoreUint64(&c.count, 0)
-}
-
-// Count returns the current count.
-func (c *Counter) Count() uint64 {
-	return atomic.LoadUint64(&c.count)
-}
-
-func (c *Counter) Write(p []byte) (n int, err error) {
-	c.incr()
-	return len(p), nil
-}
-
-// LogCounter creates a LogListener that counts log statements >= the given threshold.
-func LogCounter(counter *Counter, t1 Threshold) LogListener {
-	return func(t2 Threshold) io.Writer {
-		if t2 < t1 {
-			// Not interested in this threshold.
-			return nil
-		}
-		return counter
-	}
-}
diff --git a/vendor/github.com/spf13/jwalterweatherman/notepad.go b/vendor/github.com/spf13/jwalterweatherman/notepad.go
deleted file mode 100644
index cc7957bf7..000000000
--- a/vendor/github.com/spf13/jwalterweatherman/notepad.go
+++ /dev/null
@@ -1,225 +0,0 @@
-// Copyright © 2016 Steve Francia <spf@spf13.com>.
-//
-// Use of this source code is governed by an MIT-style
-// license that can be found in the LICENSE file.
-
-package jwalterweatherman
-
-import (
-	"fmt"
-	"io"
-	"io/ioutil"
-	"log"
-)
-
-type Threshold int
-
-func (t Threshold) String() string {
-	return prefixes[t]
-}
-
-const (
-	LevelTrace Threshold = iota
-	LevelDebug
-	LevelInfo
-	LevelWarn
-	LevelError
-	LevelCritical
-	LevelFatal
-)
-
-var prefixes map[Threshold]string = map[Threshold]string{
-	LevelTrace:    "TRACE",
-	LevelDebug:    "DEBUG",
-	LevelInfo:     "INFO",
-	LevelWarn:     "WARN",
-	LevelError:    "ERROR",
-	LevelCritical: "CRITICAL",
-	LevelFatal:    "FATAL",
-}
-
-// Notepad is where you leave a note!
-type Notepad struct {
-	TRACE    *log.Logger
-	DEBUG    *log.Logger
-	INFO     *log.Logger
-	WARN     *log.Logger
-	ERROR    *log.Logger
-	CRITICAL *log.Logger
-	FATAL    *log.Logger
-
-	LOG      *log.Logger
-	FEEDBACK *Feedback
-
-	loggers         [7]**log.Logger
-	logHandle       io.Writer
-	outHandle       io.Writer
-	logThreshold    Threshold
-	stdoutThreshold Threshold
-	prefix          string
-	flags           int
-
-	logListeners []LogListener
-}
-
-// A LogListener can ble supplied to a Notepad to listen on log writes for a given
-// threshold. This can be used to capture log events in unit tests and similar.
-// Note that this function will be invoked once for each log threshold. If
-// the given threshold is not of interest to you, return nil.
-// Note that these listeners will receive log events for a given threshold, even
-// if the current configuration says not to log it. That way you can count ERRORs even
-// if you don't print them to the console.
-type LogListener func(t Threshold) io.Writer
-
-// NewNotepad creates a new Notepad.
-func NewNotepad(
-	outThreshold Threshold,
-	logThreshold Threshold,
-	outHandle, logHandle io.Writer,
-	prefix string, flags int,
-	logListeners ...LogListener,
-) *Notepad {
-
-	n := &Notepad{logListeners: logListeners}
-
-	n.loggers = [7]**log.Logger{&n.TRACE, &n.DEBUG, &n.INFO, &n.WARN, &n.ERROR, &n.CRITICAL, &n.FATAL}
-	n.outHandle = outHandle
-	n.logHandle = logHandle
-	n.stdoutThreshold = outThreshold
-	n.logThreshold = logThreshold
-
-	if len(prefix) != 0 {
-		n.prefix = "[" + prefix + "] "
-	} else {
-		n.prefix = ""
-	}
-
-	n.flags = flags
-
-	n.LOG = log.New(n.logHandle,
-		"LOG:   ",
-		n.flags)
-	n.FEEDBACK = &Feedback{out: log.New(outHandle, "", 0), log: n.LOG}
-
-	n.init()
-	return n
-}
-
-// init creates the loggers for each level depending on the notepad thresholds.
-func (n *Notepad) init() {
-	logAndOut := io.MultiWriter(n.outHandle, n.logHandle)
-
-	for t, logger := range n.loggers {
-		threshold := Threshold(t)
-		prefix := n.prefix + threshold.String() + " "
-
-		switch {
-		case threshold >= n.logThreshold && threshold >= n.stdoutThreshold:
-			*logger = log.New(n.createLogWriters(threshold, logAndOut), prefix, n.flags)
-
-		case threshold >= n.logThreshold:
-			*logger = log.New(n.createLogWriters(threshold, n.logHandle), prefix, n.flags)
-
-		case threshold >= n.stdoutThreshold:
-			*logger = log.New(n.createLogWriters(threshold, n.outHandle), prefix, n.flags)
-
-		default:
-			*logger = log.New(n.createLogWriters(threshold, ioutil.Discard), prefix, n.flags)
-		}
-	}
-}
-
-func (n *Notepad) createLogWriters(t Threshold, handle io.Writer) io.Writer {
-	if len(n.logListeners) == 0 {
-		return handle
-	}
-	writers := []io.Writer{handle}
-	for _, l := range n.logListeners {
-		w := l(t)
-		if w != nil {
-			writers = append(writers, w)
-		}
-	}
-
-	if len(writers) == 1 {
-		return handle
-	}
-
-	return io.MultiWriter(writers...)
-}
-
-// SetLogThreshold changes the threshold above which messages are written to the
-// log file.
-func (n *Notepad) SetLogThreshold(threshold Threshold) {
-	n.logThreshold = threshold
-	n.init()
-}
-
-// SetLogOutput changes the file where log messages are written.
-func (n *Notepad) SetLogOutput(handle io.Writer) {
-	n.logHandle = handle
-	n.init()
-}
-
-// GetStdoutThreshold returns the defined Treshold for the log logger.
-func (n *Notepad) GetLogThreshold() Threshold {
-	return n.logThreshold
-}
-
-// SetStdoutThreshold changes the threshold above which messages are written to the
-// standard output.
-func (n *Notepad) SetStdoutThreshold(threshold Threshold) {
-	n.stdoutThreshold = threshold
-	n.init()
-}
-
-// GetStdoutThreshold returns the Treshold for the stdout logger.
-func (n *Notepad) GetStdoutThreshold() Threshold {
-	return n.stdoutThreshold
-}
-
-// SetPrefix changes the prefix used by the notepad. Prefixes are displayed between
-// brackets at the beginning of the line. An empty prefix won't be displayed at all.
-func (n *Notepad) SetPrefix(prefix string) {
-	if len(prefix) != 0 {
-		n.prefix = "[" + prefix + "] "
-	} else {
-		n.prefix = ""
-	}
-	n.init()
-}
-
-// SetFlags choose which flags the logger will display (after prefix and message
-// level). See the package log for more informations on this.
-func (n *Notepad) SetFlags(flags int) {
-	n.flags = flags
-	n.init()
-}
-
-// Feedback writes plainly to the outHandle while
-// logging with the standard extra information (date, file, etc).
-type Feedback struct {
-	out *log.Logger
-	log *log.Logger
-}
-
-func (fb *Feedback) Println(v ...interface{}) {
-	fb.output(fmt.Sprintln(v...))
-}
-
-func (fb *Feedback) Printf(format string, v ...interface{}) {
-	fb.output(fmt.Sprintf(format, v...))
-}
-
-func (fb *Feedback) Print(v ...interface{}) {
-	fb.output(fmt.Sprint(v...))
-}
-
-func (fb *Feedback) output(s string) {
-	if fb.out != nil {
-		fb.out.Output(2, s)
-	}
-	if fb.log != nil {
-		fb.log.Output(2, s)
-	}
-}
diff --git a/vendor/github.com/spf13/viper/.editorconfig b/vendor/github.com/spf13/viper/.editorconfig
index 6d0b6d356..1f664d13a 100644
--- a/vendor/github.com/spf13/viper/.editorconfig
+++ b/vendor/github.com/spf13/viper/.editorconfig
@@ -13,3 +13,6 @@ indent_style = tab
 
 [{Makefile,*.mk}]
 indent_style = tab
+
+[*.nix]
+indent_size = 2
diff --git a/vendor/github.com/spf13/viper/.envrc b/vendor/github.com/spf13/viper/.envrc
new file mode 100644
index 000000000..3ce7171a3
--- /dev/null
+++ b/vendor/github.com/spf13/viper/.envrc
@@ -0,0 +1,4 @@
+if ! has nix_direnv_version || ! nix_direnv_version 2.3.0; then
+  source_url "https://raw.githubusercontent.com/nix-community/nix-direnv/2.3.0/direnvrc" "sha256-Dmd+j63L84wuzgyjITIfSxSD57Tx7v51DMxVZOsiUD8="
+fi
+use flake . --impure
diff --git a/vendor/github.com/spf13/viper/.gitignore b/vendor/github.com/spf13/viper/.gitignore
index 896250839..f1bbd4280 100644
--- a/vendor/github.com/spf13/viper/.gitignore
+++ b/vendor/github.com/spf13/viper/.gitignore
@@ -1,4 +1,7 @@
+/.devenv/
+/.direnv/
 /.idea/
+/.pre-commit-config.yaml
 /bin/
 /build/
 /var/
diff --git a/vendor/github.com/spf13/viper/.yamlignore b/vendor/github.com/spf13/viper/.yamlignore
new file mode 100644
index 000000000..c04c4dead
--- /dev/null
+++ b/vendor/github.com/spf13/viper/.yamlignore
@@ -0,0 +1,2 @@
+# TODO: FIXME
+/.github/
diff --git a/vendor/github.com/spf13/viper/.yamllint.yaml b/vendor/github.com/spf13/viper/.yamllint.yaml
new file mode 100644
index 000000000..bac19ce18
--- /dev/null
+++ b/vendor/github.com/spf13/viper/.yamllint.yaml
@@ -0,0 +1,6 @@
+ignore-from-file: [.gitignore, .yamlignore]
+
+extends: default
+
+rules:
+  line-length: disable
diff --git a/vendor/github.com/spf13/viper/Makefile b/vendor/github.com/spf13/viper/Makefile
index e8d3baaa8..a77b9c81c 100644
--- a/vendor/github.com/spf13/viper/Makefile
+++ b/vendor/github.com/spf13/viper/Makefile
@@ -16,7 +16,7 @@ endif
 
 # Dependency versions
 GOTESTSUM_VERSION = 1.9.0
-GOLANGCI_VERSION = 1.52.2
+GOLANGCI_VERSION = 1.53.3
 
 # Add the ability to override some variables
 # Use with care
@@ -29,11 +29,6 @@ clear: ## Clear the working area and the project
 .PHONY: check
 check: test lint ## Run tests and linters
 
-bin/gotestsum: bin/gotestsum-${GOTESTSUM_VERSION}
-	@ln -sf gotestsum-${GOTESTSUM_VERSION} bin/gotestsum
-bin/gotestsum-${GOTESTSUM_VERSION}:
-	@mkdir -p bin
-	curl -L https://github.com/gotestyourself/gotestsum/releases/download/v${GOTESTSUM_VERSION}/gotestsum_${GOTESTSUM_VERSION}_${OS}_amd64.tar.gz | tar -zOxf - gotestsum > ./bin/gotestsum-${GOTESTSUM_VERSION} && chmod +x ./bin/gotestsum-${GOTESTSUM_VERSION}
 
 TEST_PKGS ?= ./...
 .PHONY: test
@@ -44,20 +39,36 @@ test: bin/gotestsum ## Run tests
 	@mkdir -p ${BUILD_DIR}
 	bin/gotestsum --no-summary=skipped --junitfile ${BUILD_DIR}/coverage.xml --format ${TEST_FORMAT} -- -race -coverprofile=${BUILD_DIR}/coverage.txt -covermode=atomic $(filter-out -v,${GOARGS}) $(if ${TEST_PKGS},${TEST_PKGS},./...)
 
-bin/golangci-lint: bin/golangci-lint-${GOLANGCI_VERSION}
-	@ln -sf golangci-lint-${GOLANGCI_VERSION} bin/golangci-lint
-bin/golangci-lint-${GOLANGCI_VERSION}:
+.PHONY: lint
+lint: lint-go lint-yaml
+lint: ## Run linters
+
+.PHONY: lint-go
+lint-go:
+	golangci-lint run $(if ${CI},--out-format github-actions,)
+
+.PHONY: lint-yaml
+lint-yaml:
+	yamllint $(if ${CI},-f github,) --no-warnings .
+
+.PHONY: fmt
+fmt: ## Format code
+	golangci-lint run --fix
+
+deps: bin/golangci-lint bin/gotestsum yamllint
+deps: ## Install dependencies
+
+bin/gotestsum:
 	@mkdir -p bin
-	curl -sfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | bash -s -- -b ./bin/ v${GOLANGCI_VERSION}
-	@mv bin/golangci-lint "$@"
+	curl -L https://github.com/gotestyourself/gotestsum/releases/download/v${GOTESTSUM_VERSION}/gotestsum_${GOTESTSUM_VERSION}_${OS}_amd64.tar.gz | tar -zOxf - gotestsum > ./bin/gotestsum && chmod +x ./bin/gotestsum
 
-.PHONY: lint
-lint: bin/golangci-lint ## Run linter
-	bin/golangci-lint run
+bin/golangci-lint:
+	@mkdir -p bin
+	curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | bash -s -- v${GOLANGCI_VERSION}
 
-.PHONY: fix
-fix: bin/golangci-lint ## Fix lint violations
-	bin/golangci-lint run --fix
+.PHONY: yamllint
+yamllint:
+	pip3 install --user yamllint
 
 # Add custom targets here
 -include custom.mk
diff --git a/vendor/github.com/spf13/viper/README.md b/vendor/github.com/spf13/viper/README.md
index 4184d2a11..78102fbe2 100644
--- a/vendor/github.com/spf13/viper/README.md
+++ b/vendor/github.com/spf13/viper/README.md
@@ -11,7 +11,7 @@
 [![GitHub Workflow Status](https://img.shields.io/github/actions/workflow/status/spf13/viper/ci.yaml?branch=master&style=flat-square)](https://github.com/spf13/viper/actions?query=workflow%3ACI)
 [![Join the chat at https://gitter.im/spf13/viper](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/spf13/viper?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
 [![Go Report Card](https://goreportcard.com/badge/github.com/spf13/viper?style=flat-square)](https://goreportcard.com/report/github.com/spf13/viper)
-![Go Version](https://img.shields.io/badge/go%20version-%3E=1.16-61CFDD.svg?style=flat-square)
+![Go Version](https://img.shields.io/badge/go%20version-%3E=1.19-61CFDD.svg?style=flat-square)
 [![PkgGoDev](https://pkg.go.dev/badge/mod/github.com/spf13/viper)](https://pkg.go.dev/mod/github.com/spf13/viper)
 
 **Go configuration with fangs!**
@@ -30,6 +30,7 @@ Many Go projects are built using Viper including:
 * [Meshery](https://github.com/meshery/meshery)
 * [Bearer](https://github.com/bearer/bearer)
 * [Coder](https://github.com/coder/coder)
+* [Vitess](https://vitess.io/)
 
 
 ## Install
@@ -140,7 +141,7 @@ if err := viper.ReadInConfig(); err != nil {
 // Config file found and successfully parsed
 ```
 
-*NOTE [since 1.6]:* You can also have a file without an extension and specify the format programmaticaly. For those configuration files that lie in the home of the user without any extension like `.bashrc`
+*NOTE [since 1.6]:* You can also have a file without an extension and specify the format programmatically. For those configuration files that lie in the home of the user without any extension like `.bashrc`
 
 ### Writing Config Files
 
@@ -221,6 +222,7 @@ These could be from a command line flag, or from your own application logic.
 ```go
 viper.Set("Verbose", true)
 viper.Set("LogFile", LogFile)
+viper.Set("host.port", 5899)   // set subset
 ```
 
 ### Registering and Using Aliases
@@ -487,6 +489,15 @@ err := viper.ReadRemoteConfig()
 
 Of course, you're allowed to use `SecureRemoteProvider` also
 
+
+#### NATS
+
+```go
+viper.AddRemoteProvider("nats", "nats://127.0.0.1:4222", "myapp.config")
+viper.SetConfigType("json")
+err := viper.ReadRemoteConfig()
+```
+
 ### Remote Key/Value Store Example - Encrypted
 
 ```go
@@ -534,19 +545,19 @@ go func(){
 In Viper, there are a few ways to get a value depending on the value’s type.
 The following functions and methods exist:
 
- * `Get(key string) : interface{}`
+ * `Get(key string) : any`
  * `GetBool(key string) : bool`
  * `GetFloat64(key string) : float64`
  * `GetInt(key string) : int`
  * `GetIntSlice(key string) : []int`
  * `GetString(key string) : string`
- * `GetStringMap(key string) : map[string]interface{}`
+ * `GetStringMap(key string) : map[string]any`
  * `GetStringMapString(key string) : map[string]string`
  * `GetStringSlice(key string) : []string`
  * `GetTime(key string) : time.Time`
  * `GetDuration(key string) : time.Duration`
  * `IsSet(key string) : bool`
- * `AllSettings() : map[string]interface{}`
+ * `AllSettings() : map[string]any`
 
 One important thing to recognize is that each Get function will return a zero
 value if it’s not found. To check if a given key exists, the `IsSet()` method
@@ -709,8 +720,8 @@ etc.
 
 There are two methods to do this:
 
- * `Unmarshal(rawVal interface{}) : error`
- * `UnmarshalKey(key string, rawVal interface{}) : error`
+ * `Unmarshal(rawVal any) : error`
+ * `UnmarshalKey(key string, rawVal any) : error`
 
 Example:
 
@@ -735,9 +746,9 @@ you have to change the delimiter:
 ```go
 v := viper.NewWithOptions(viper.KeyDelimiter("::"))
 
-v.SetDefault("chart::values", map[string]interface{}{
-	"ingress": map[string]interface{}{
-		"annotations": map[string]interface{}{
+v.SetDefault("chart::values", map[string]any{
+	"ingress": map[string]any{
+		"annotations": map[string]any{
 			"traefik.frontend.rule.type":                 "PathPrefix",
 			"traefik.ingress.kubernetes.io/ssl-redirect": "true",
 		},
@@ -746,7 +757,7 @@ v.SetDefault("chart::values", map[string]interface{}{
 
 type config struct {
 	Chart struct{
-		Values map[string]interface{}
+		Values map[string]any
 	}
 }
 
@@ -882,3 +893,31 @@ No, you will need to synchronize access to the viper yourself (for example by us
 ## Troubleshooting
 
 See [TROUBLESHOOTING.md](TROUBLESHOOTING.md).
+
+## Development
+
+**For an optimal developer experience, it is recommended to install [Nix](https://nixos.org/download.html) and [direnv](https://direnv.net/docs/installation.html).**
+
+_Alternatively, install [Go](https://go.dev/dl/) on your computer then run `make deps` to install the rest of the dependencies._
+
+Run the test suite:
+
+```shell
+make test
+```
+
+Run linters:
+
+```shell
+make lint # pass -j option to run them in parallel
+```
+
+Some linter violations can automatically be fixed:
+
+```shell
+make fmt
+```
+
+## License
+
+The project is licensed under the [MIT License](LICENSE).
diff --git a/vendor/github.com/spf13/viper/experimental_logger.go b/vendor/github.com/spf13/viper/experimental_logger.go
deleted file mode 100644
index 206dad6a0..000000000
--- a/vendor/github.com/spf13/viper/experimental_logger.go
+++ /dev/null
@@ -1,11 +0,0 @@
-//go:build viper_logger
-// +build viper_logger
-
-package viper
-
-// WithLogger sets a custom logger.
-func WithLogger(l Logger) Option {
-	return optionFunc(func(v *Viper) {
-		v.logger = l
-	})
-}
diff --git a/vendor/github.com/spf13/viper/flags.go b/vendor/github.com/spf13/viper/flags.go
index b5ddbf5d4..ddb4da602 100644
--- a/vendor/github.com/spf13/viper/flags.go
+++ b/vendor/github.com/spf13/viper/flags.go
@@ -30,7 +30,7 @@ func (p pflagValueSet) VisitAll(fn func(flag FlagValue)) {
 	})
 }
 
-// pflagValue is a wrapper aroung *pflag.flag
+// pflagValue is a wrapper around *pflag.flag
 // that implements FlagValue
 type pflagValue struct {
 	flag *pflag.Flag
diff --git a/vendor/github.com/spf13/viper/flake.lock b/vendor/github.com/spf13/viper/flake.lock
new file mode 100644
index 000000000..78da51090
--- /dev/null
+++ b/vendor/github.com/spf13/viper/flake.lock
@@ -0,0 +1,255 @@
+{
+  "nodes": {
+    "devenv": {
+      "inputs": {
+        "flake-compat": "flake-compat",
+        "nix": "nix",
+        "nixpkgs": "nixpkgs",
+        "pre-commit-hooks": "pre-commit-hooks"
+      },
+      "locked": {
+        "lastModified": 1687972261,
+        "narHash": "sha256-+mxvZfwMVoaZYETmuQWqTi/7T9UKoAE+WpdSQkOVJ2g=",
+        "owner": "cachix",
+        "repo": "devenv",
+        "rev": "e85df562088573305e55906eaa964341f8cb0d9f",
+        "type": "github"
+      },
+      "original": {
+        "owner": "cachix",
+        "repo": "devenv",
+        "type": "github"
+      }
+    },
+    "flake-compat": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1673956053,
+        "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
+        "type": "github"
+      },
+      "original": {
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "type": "github"
+      }
+    },
+    "flake-parts": {
+      "inputs": {
+        "nixpkgs-lib": "nixpkgs-lib"
+      },
+      "locked": {
+        "lastModified": 1687762428,
+        "narHash": "sha256-DIf7mi45PKo+s8dOYF+UlXHzE0Wl/+k3tXUyAoAnoGE=",
+        "owner": "hercules-ci",
+        "repo": "flake-parts",
+        "rev": "37dd7bb15791c86d55c5121740a1887ab55ee836",
+        "type": "github"
+      },
+      "original": {
+        "owner": "hercules-ci",
+        "repo": "flake-parts",
+        "type": "github"
+      }
+    },
+    "flake-utils": {
+      "locked": {
+        "lastModified": 1667395993,
+        "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "gitignore": {
+      "inputs": {
+        "nixpkgs": [
+          "devenv",
+          "pre-commit-hooks",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1660459072,
+        "narHash": "sha256-8DFJjXG8zqoONA1vXtgeKXy68KdJL5UaXR8NtVMUbx8=",
+        "owner": "hercules-ci",
+        "repo": "gitignore.nix",
+        "rev": "a20de23b925fd8264fd7fad6454652e142fd7f73",
+        "type": "github"
+      },
+      "original": {
+        "owner": "hercules-ci",
+        "repo": "gitignore.nix",
+        "type": "github"
+      }
+    },
+    "lowdown-src": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1633514407,
+        "narHash": "sha256-Dw32tiMjdK9t3ETl5fzGrutQTzh2rufgZV4A/BbxuD4=",
+        "owner": "kristapsdz",
+        "repo": "lowdown",
+        "rev": "d2c2b44ff6c27b936ec27358a2653caaef8f73b8",
+        "type": "github"
+      },
+      "original": {
+        "owner": "kristapsdz",
+        "repo": "lowdown",
+        "type": "github"
+      }
+    },
+    "nix": {
+      "inputs": {
+        "lowdown-src": "lowdown-src",
+        "nixpkgs": [
+          "devenv",
+          "nixpkgs"
+        ],
+        "nixpkgs-regression": "nixpkgs-regression"
+      },
+      "locked": {
+        "lastModified": 1676545802,
+        "narHash": "sha256-EK4rZ+Hd5hsvXnzSzk2ikhStJnD63odF7SzsQ8CuSPU=",
+        "owner": "domenkozar",
+        "repo": "nix",
+        "rev": "7c91803598ffbcfe4a55c44ac6d49b2cf07a527f",
+        "type": "github"
+      },
+      "original": {
+        "owner": "domenkozar",
+        "ref": "relaxed-flakes",
+        "repo": "nix",
+        "type": "github"
+      }
+    },
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1678875422,
+        "narHash": "sha256-T3o6NcQPwXjxJMn2shz86Chch4ljXgZn746c2caGxd8=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "126f49a01de5b7e35a43fd43f891ecf6d3a51459",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixpkgs-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs-lib": {
+      "locked": {
+        "dir": "lib",
+        "lastModified": 1685564631,
+        "narHash": "sha256-8ywr3AkblY4++3lIVxmrWZFzac7+f32ZEhH/A8pNscI=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "4f53efe34b3a8877ac923b9350c874e3dcd5dc0a",
+        "type": "github"
+      },
+      "original": {
+        "dir": "lib",
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs-regression": {
+      "locked": {
+        "lastModified": 1643052045,
+        "narHash": "sha256-uGJ0VXIhWKGXxkeNnq4TvV3CIOkUJ3PAoLZ3HMzNVMw=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2",
+        "type": "github"
+      }
+    },
+    "nixpkgs-stable": {
+      "locked": {
+        "lastModified": 1678872516,
+        "narHash": "sha256-/E1YwtMtFAu2KUQKV/1+KFuReYPANM2Rzehk84VxVoc=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "9b8e5abb18324c7fe9f07cb100c3cd4a29cda8b8",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-22.11",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_2": {
+      "locked": {
+        "lastModified": 1687886075,
+        "narHash": "sha256-PeayJDDDy+uw1Ats4moZnRdL1OFuZm1Tj+KiHlD67+o=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "a565059a348422af5af9026b5174dc5c0dcefdae",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixpkgs-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "pre-commit-hooks": {
+      "inputs": {
+        "flake-compat": [
+          "devenv",
+          "flake-compat"
+        ],
+        "flake-utils": "flake-utils",
+        "gitignore": "gitignore",
+        "nixpkgs": [
+          "devenv",
+          "nixpkgs"
+        ],
+        "nixpkgs-stable": "nixpkgs-stable"
+      },
+      "locked": {
+        "lastModified": 1686050334,
+        "narHash": "sha256-R0mczWjDzBpIvM3XXhO908X5e2CQqjyh/gFbwZk/7/Q=",
+        "owner": "cachix",
+        "repo": "pre-commit-hooks.nix",
+        "rev": "6881eb2ae5d8a3516e34714e7a90d9d95914c4dc",
+        "type": "github"
+      },
+      "original": {
+        "owner": "cachix",
+        "repo": "pre-commit-hooks.nix",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "devenv": "devenv",
+        "flake-parts": "flake-parts",
+        "nixpkgs": "nixpkgs_2"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}
diff --git a/vendor/github.com/spf13/viper/flake.nix b/vendor/github.com/spf13/viper/flake.nix
new file mode 100644
index 000000000..9b26c3fcf
--- /dev/null
+++ b/vendor/github.com/spf13/viper/flake.nix
@@ -0,0 +1,56 @@
+{
+  description = "Viper";
+
+  inputs = {
+    nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
+    flake-parts.url = "github:hercules-ci/flake-parts";
+    devenv.url = "github:cachix/devenv";
+  };
+
+  outputs = inputs@{ flake-parts, ... }:
+    flake-parts.lib.mkFlake { inherit inputs; } {
+      imports = [
+        inputs.devenv.flakeModule
+      ];
+
+      systems = [ "x86_64-linux" "x86_64-darwin" "aarch64-darwin" ];
+
+      perSystem = { config, self', inputs', pkgs, system, ... }: rec {
+        devenv.shells = {
+          default = {
+            languages = {
+              go.enable = true;
+            };
+
+            pre-commit.hooks = {
+              nixpkgs-fmt.enable = true;
+              yamllint.enable = true;
+            };
+
+            packages = with pkgs; [
+              gnumake
+
+              golangci-lint
+              yamllint
+            ];
+
+            scripts = {
+              versions.exec = ''
+                go version
+                golangci-lint version
+              '';
+            };
+
+            enterShell = ''
+              versions
+            '';
+
+            # https://github.com/cachix/devenv/issues/528#issuecomment-1556108767
+            containers = pkgs.lib.mkForce { };
+          };
+
+          ci = devenv.shells.default;
+        };
+      };
+    };
+}
diff --git a/vendor/github.com/spf13/viper/fs.go b/vendor/github.com/spf13/viper/fs.go
deleted file mode 100644
index ecb1769e5..000000000
--- a/vendor/github.com/spf13/viper/fs.go
+++ /dev/null
@@ -1,65 +0,0 @@
-//go:build go1.16 && finder
-// +build go1.16,finder
-
-package viper
-
-import (
-	"errors"
-	"io/fs"
-	"path"
-)
-
-type finder struct {
-	paths      []string
-	fileNames  []string
-	extensions []string
-
-	withoutExtension bool
-}
-
-func (f finder) Find(fsys fs.FS) (string, error) {
-	for _, searchPath := range f.paths {
-		for _, fileName := range f.fileNames {
-			for _, extension := range f.extensions {
-				filePath := path.Join(searchPath, fileName+"."+extension)
-
-				ok, err := fileExists(fsys, filePath)
-				if err != nil {
-					return "", err
-				}
-
-				if ok {
-					return filePath, nil
-				}
-			}
-
-			if f.withoutExtension {
-				filePath := path.Join(searchPath, fileName)
-
-				ok, err := fileExists(fsys, filePath)
-				if err != nil {
-					return "", err
-				}
-
-				if ok {
-					return filePath, nil
-				}
-			}
-		}
-	}
-
-	return "", nil
-}
-
-func fileExists(fsys fs.FS, filePath string) (bool, error) {
-	fileInfo, err := fs.Stat(fsys, filePath)
-	if err == nil {
-		return !fileInfo.IsDir(), nil
-	}
-
-	if errors.Is(err, fs.ErrNotExist) {
-		return false, nil
-	}
-
-	return false, err
-}
diff --git a/vendor/github.com/spf13/viper/internal/encoding/decoder.go b/vendor/github.com/spf13/viper/internal/encoding/decoder.go
index f472e9ff1..8a7b1dbc9 100644
--- a/vendor/github.com/spf13/viper/internal/encoding/decoder.go
+++ b/vendor/github.com/spf13/viper/internal/encoding/decoder.go
@@ -5,9 +5,9 @@ import (
 )
 
 // Decoder decodes the contents of b into v.
-// It's primarily used for decoding contents of a file into a map[string]interface{}.
+// It's primarily used for decoding contents of a file into a map[string]any.
 type Decoder interface {
-	Decode(b []byte, v map[string]interface{}) error
+	Decode(b []byte, v map[string]any) error
 }
 
 const (
@@ -48,7 +48,7 @@ func (e *DecoderRegistry) RegisterDecoder(format string, enc Decoder) error {
 }
 
 // Decode calls the underlying Decoder based on the format.
-func (e *DecoderRegistry) Decode(format string, b []byte, v map[string]interface{}) error {
+func (e *DecoderRegistry) Decode(format string, b []byte, v map[string]any) error {
 	e.mu.RLock()
 	decoder, ok := e.decoders[format]
 	e.mu.RUnlock()
diff --git a/vendor/github.com/spf13/viper/internal/encoding/dotenv/codec.go b/vendor/github.com/spf13/viper/internal/encoding/dotenv/codec.go
index 4485063b6..3ebc76f02 100644
--- a/vendor/github.com/spf13/viper/internal/encoding/dotenv/codec.go
+++ b/vendor/github.com/spf13/viper/internal/encoding/dotenv/codec.go
@@ -15,8 +15,8 @@ const keyDelimiter = "_"
 // (commonly called as dotenv format).
 type Codec struct{}
 
-func (Codec) Encode(v map[string]interface{}) ([]byte, error) {
-	flattened := map[string]interface{}{}
+func (Codec) Encode(v map[string]any) ([]byte, error) {
+	flattened := map[string]any{}
 
 	flattened = flattenAndMergeMap(flattened, v, "", keyDelimiter)
 
@@ -40,7 +40,7 @@ func (Codec) Encode(v map[string]interface{}) ([]byte, error) {
 	return buf.Bytes(), nil
 }
 
-func (Codec) Decode(b []byte, v map[string]interface{}) error {
+func (Codec) Decode(b []byte, v map[string]any) error {
 	var buf bytes.Buffer
 
 	_, err := buf.Write(b)
diff --git a/vendor/github.com/spf13/viper/internal/encoding/dotenv/map_utils.go b/vendor/github.com/spf13/viper/internal/encoding/dotenv/map_utils.go
index ce6e6efa3..1340c7308 100644
--- a/vendor/github.com/spf13/viper/internal/encoding/dotenv/map_utils.go
+++ b/vendor/github.com/spf13/viper/internal/encoding/dotenv/map_utils.go
@@ -7,27 +7,27 @@ import (
 )
 
 // flattenAndMergeMap recursively flattens the given map into a new map
-// Code is based on the function with the same name in tha main package.
+// Code is based on the function with the same name in the main package.
 // TODO: move it to a common place
-func flattenAndMergeMap(shadow map[string]interface{}, m map[string]interface{}, prefix string, delimiter string) map[string]interface{} {
+func flattenAndMergeMap(shadow map[string]any, m map[string]any, prefix string, delimiter string) map[string]any {
 	if shadow != nil && prefix != "" && shadow[prefix] != nil {
 		// prefix is shadowed => nothing more to flatten
 		return shadow
 	}
 	if shadow == nil {
-		shadow = make(map[string]interface{})
+		shadow = make(map[string]any)
 	}
 
-	var m2 map[string]interface{}
+	var m2 map[string]any
 	if prefix != "" {
 		prefix += delimiter
 	}
 	for k, val := range m {
 		fullKey := prefix + k
-		switch val.(type) {
-		case map[string]interface{}:
-			m2 = val.(map[string]interface{})
-		case map[interface{}]interface{}:
+		switch val := val.(type) {
+		case map[string]any:
+			m2 = val
+		case map[any]any:
 			m2 = cast.ToStringMap(val)
 		default:
 			// immediate value
diff --git a/vendor/github.com/spf13/viper/internal/encoding/encoder.go b/vendor/github.com/spf13/viper/internal/encoding/encoder.go
index 2341bf235..659585962 100644
--- a/vendor/github.com/spf13/viper/internal/encoding/encoder.go
+++ b/vendor/github.com/spf13/viper/internal/encoding/encoder.go
@@ -5,9 +5,9 @@ import (
 )
 
 // Encoder encodes the contents of v into a byte representation.
-// It's primarily used for encoding a map[string]interface{} into a file format.
+// It's primarily used for encoding a map[string]any into a file format.
 type Encoder interface {
-	Encode(v map[string]interface{}) ([]byte, error)
+	Encode(v map[string]any) ([]byte, error)
 }
 
 const (
@@ -47,7 +47,7 @@ func (e *EncoderRegistry) RegisterEncoder(format string, enc Encoder) error {
 	return nil
 }
 
-func (e *EncoderRegistry) Encode(format string, v map[string]interface{}) ([]byte, error) {
+func (e *EncoderRegistry) Encode(format string, v map[string]any) ([]byte, error) {
 	e.mu.RLock()
 	encoder, ok := e.encoders[format]
 	e.mu.RUnlock()
diff --git a/vendor/github.com/spf13/viper/internal/encoding/hcl/codec.go b/vendor/github.com/spf13/viper/internal/encoding/hcl/codec.go
index 7fde8e4bc..d7fa8a1b7 100644
--- a/vendor/github.com/spf13/viper/internal/encoding/hcl/codec.go
+++ b/vendor/github.com/spf13/viper/internal/encoding/hcl/codec.go
@@ -12,7 +12,7 @@ import (
 // TODO: add printer config to the codec?
 type Codec struct{}
 
-func (Codec) Encode(v map[string]interface{}) ([]byte, error) {
+func (Codec) Encode(v map[string]any) ([]byte, error) {
 	b, err := json.Marshal(v)
 	if err != nil {
 		return nil, err
@@ -35,6 +35,6 @@ func (Codec) Encode(v map[string]interface{}) ([]byte, error) {
 	return buf.Bytes(), nil
 }
 
-func (Codec) Decode(b []byte, v map[string]interface{}) error {
+func (Codec) Decode(b []byte, v map[string]any) error {
 	return hcl.Unmarshal(b, &v)
 }
diff --git a/vendor/github.com/spf13/viper/internal/encoding/ini/codec.go b/vendor/github.com/spf13/viper/internal/encoding/ini/codec.go
index 9acd87fc3..d91cf59d2 100644
--- a/vendor/github.com/spf13/viper/internal/encoding/ini/codec.go
+++ b/vendor/github.com/spf13/viper/internal/encoding/ini/codec.go
@@ -19,11 +19,11 @@ type Codec struct {
 	LoadOptions  LoadOptions
 }
 
-func (c Codec) Encode(v map[string]interface{}) ([]byte, error) {
+func (c Codec) Encode(v map[string]any) ([]byte, error) {
 	cfg := ini.Empty()
 	ini.PrettyFormat = false
 
-	flattened := map[string]interface{}{}
+	flattened := map[string]any{}
 
 	flattened = flattenAndMergeMap(flattened, v, "", c.keyDelimiter())
 
@@ -62,7 +62,7 @@ func (c Codec) Encode(v map[string]interface{}) ([]byte, error) {
 	return buf.Bytes(), nil
 }
 
-func (c Codec) Decode(b []byte, v map[string]interface{}) error {
+func (c Codec) Decode(b []byte, v map[string]any) error {
 	cfg := ini.Empty(c.LoadOptions)
 
 	err := cfg.Append(b)
diff --git a/vendor/github.com/spf13/viper/internal/encoding/ini/map_utils.go b/vendor/github.com/spf13/viper/internal/encoding/ini/map_utils.go
index 8329856b5..c1919a386 100644
--- a/vendor/github.com/spf13/viper/internal/encoding/ini/map_utils.go
+++ b/vendor/github.com/spf13/viper/internal/encoding/ini/map_utils.go
@@ -15,22 +15,22 @@ import (
 // In case intermediate keys do not exist, or map to a non-map value,
 // a new map is created and inserted, and the search continues from there:
 // the initial map "m" may be modified!
-func deepSearch(m map[string]interface{}, path []string) map[string]interface{} {
+func deepSearch(m map[string]any, path []string) map[string]any {
 	for _, k := range path {
 		m2, ok := m[k]
 		if !ok {
 			// intermediate key does not exist
 			// => create it and continue from there
-			m3 := make(map[string]interface{})
+			m3 := make(map[string]any)
 			m[k] = m3
 			m = m3
 			continue
 		}
-		m3, ok := m2.(map[string]interface{})
+		m3, ok := m2.(map[string]any)
 		if !ok {
 			// intermediate key is a value
 			// => replace with a new map
-			m3 = make(map[string]interface{})
+			m3 = make(map[string]any)
 			m[k] = m3
 		}
 		// continue search from here
@@ -40,27 +40,27 @@ func deepSearch(m map[string]interface{}, path []string) map[string]interface{}
 }
 
 // flattenAndMergeMap recursively flattens the given map into a new map
-// Code is based on the function with the same name in tha main package.
+// Code is based on the function with the same name in the main package.
 // TODO: move it to a common place
-func flattenAndMergeMap(shadow map[string]interface{}, m map[string]interface{}, prefix string, delimiter string) map[string]interface{} {
+func flattenAndMergeMap(shadow map[string]any, m map[string]any, prefix string, delimiter string) map[string]any {
 	if shadow != nil && prefix != "" && shadow[prefix] != nil {
 		// prefix is shadowed => nothing more to flatten
 		return shadow
 	}
 	if shadow == nil {
-		shadow = make(map[string]interface{})
+		shadow = make(map[string]any)
 	}
 
-	var m2 map[string]interface{}
+	var m2 map[string]any
 	if prefix != "" {
 		prefix += delimiter
 	}
 	for k, val := range m {
 		fullKey := prefix + k
-		switch val.(type) {
-		case map[string]interface{}:
-			m2 = val.(map[string]interface{})
-		case map[interface{}]interface{}:
+		switch val := val.(type) {
+		case map[string]any:
+			m2 = val
+		case map[any]any:
 			m2 = cast.ToStringMap(val)
 		default:
 			// immediate value
diff --git a/vendor/github.com/spf13/viper/internal/encoding/javaproperties/codec.go b/vendor/github.com/spf13/viper/internal/encoding/javaproperties/codec.go
index b8a2251c1..e92e5172c 100644
--- a/vendor/github.com/spf13/viper/internal/encoding/javaproperties/codec.go
+++ b/vendor/github.com/spf13/viper/internal/encoding/javaproperties/codec.go
@@ -20,12 +20,12 @@ type Codec struct {
 	Properties *properties.Properties
 }
 
-func (c *Codec) Encode(v map[string]interface{}) ([]byte, error) {
+func (c *Codec) Encode(v map[string]any) ([]byte, error) {
 	if c.Properties == nil {
 		c.Properties = properties.NewProperties()
 	}
 
-	flattened := map[string]interface{}{}
+	flattened := map[string]any{}
 
 	flattened = flattenAndMergeMap(flattened, v, "", c.keyDelimiter())
 
@@ -54,7 +54,7 @@ func (c *Codec) Encode(v map[string]interface{}) ([]byte, error) {
 	return buf.Bytes(), nil
 }
 
-func (c *Codec) Decode(b []byte, v map[string]interface{}) error {
+func (c *Codec) Decode(b []byte, v map[string]any) error {
 	var err error
 	c.Properties, err = properties.Load(b, properties.UTF8)
 	if err != nil {
diff --git a/vendor/github.com/spf13/viper/internal/encoding/javaproperties/map_utils.go b/vendor/github.com/spf13/viper/internal/encoding/javaproperties/map_utils.go
index 93755cac1..8386920aa 100644
--- a/vendor/github.com/spf13/viper/internal/encoding/javaproperties/map_utils.go
+++ b/vendor/github.com/spf13/viper/internal/encoding/javaproperties/map_utils.go
@@ -15,22 +15,22 @@ import (
 // In case intermediate keys do not exist, or map to a non-map value,
 // a new map is created and inserted, and the search continues from there:
 // the initial map "m" may be modified!
-func deepSearch(m map[string]interface{}, path []string) map[string]interface{} {
+func deepSearch(m map[string]any, path []string) map[string]any {
 	for _, k := range path {
 		m2, ok := m[k]
 		if !ok {
 			// intermediate key does not exist
 			// => create it and continue from there
-			m3 := make(map[string]interface{})
+			m3 := make(map[string]any)
 			m[k] = m3
 			m = m3
 			continue
 		}
-		m3, ok := m2.(map[string]interface{})
+		m3, ok := m2.(map[string]any)
 		if !ok {
 			// intermediate key is a value
 			// => replace with a new map
-			m3 = make(map[string]interface{})
+			m3 = make(map[string]any)
 			m[k] = m3
 		}
 		// continue search from here
@@ -40,27 +40,27 @@ func deepSearch(m map[string]interface{}, path []string) map[string]interface{}
 }
 
 // flattenAndMergeMap recursively flattens the given map into a new map
-// Code is based on the function with the same name in tha main package.
+// Code is based on the function with the same name in the main package.
 // TODO: move it to a common place
-func flattenAndMergeMap(shadow map[string]interface{}, m map[string]interface{}, prefix string, delimiter string) map[string]interface{} {
+func flattenAndMergeMap(shadow map[string]any, m map[string]any, prefix string, delimiter string) map[string]any {
 	if shadow != nil && prefix != "" && shadow[prefix] != nil {
 		// prefix is shadowed => nothing more to flatten
 		return shadow
 	}
 	if shadow == nil {
-		shadow = make(map[string]interface{})
+		shadow = make(map[string]any)
 	}
 
-	var m2 map[string]interface{}
+	var m2 map[string]any
 	if prefix != "" {
 		prefix += delimiter
 	}
 	for k, val := range m {
 		fullKey := prefix + k
-		switch val.(type) {
-		case map[string]interface{}:
-			m2 = val.(map[string]interface{})
-		case map[interface{}]interface{}:
+		switch val := val.(type) {
+		case map[string]any:
+			m2 = val
+		case map[any]any:
 			m2 = cast.ToStringMap(val)
 		default:
 			// immediate value
diff --git a/vendor/github.com/spf13/viper/internal/encoding/json/codec.go b/vendor/github.com/spf13/viper/internal/encoding/json/codec.go
index 1b7caaceb..da7546b5a 100644
--- a/vendor/github.com/spf13/viper/internal/encoding/json/codec.go
+++ b/vendor/github.com/spf13/viper/internal/encoding/json/codec.go
@@ -7,11 +7,11 @@ import (
 // Codec implements the encoding.Encoder and encoding.Decoder interfaces for JSON encoding.
 type Codec struct{}
 
-func (Codec) Encode(v map[string]interface{}) ([]byte, error) {
+func (Codec) Encode(v map[string]any) ([]byte, error) {
 	// TODO: expose prefix and indent in the Codec as setting?
 	return json.MarshalIndent(v, "", "  ")
 }
 
-func (Codec) Decode(b []byte, v map[string]interface{}) error {
+func (Codec) Decode(b []byte, v map[string]any) error {
 	return json.Unmarshal(b, &v)
 }
diff --git a/vendor/github.com/spf13/viper/internal/encoding/toml/codec.go b/vendor/github.com/spf13/viper/internal/encoding/toml/codec.go
index a993c5994..c70aa8d28 100644
--- a/vendor/github.com/spf13/viper/internal/encoding/toml/codec.go
+++ b/vendor/github.com/spf13/viper/internal/encoding/toml/codec.go
@@ -7,10 +7,10 @@ import (
 // Codec implements the encoding.Encoder and encoding.Decoder interfaces for TOML encoding.
 type Codec struct{}
 
-func (Codec) Encode(v map[string]interface{}) ([]byte, error) {
+func (Codec) Encode(v map[string]any) ([]byte, error) {
 	return toml.Marshal(v)
 }
 
-func (Codec) Decode(b []byte, v map[string]interface{}) error {
+func (Codec) Decode(b []byte, v map[string]any) error {
 	return toml.Unmarshal(b, &v)
 }
diff --git a/vendor/github.com/spf13/viper/internal/encoding/yaml/codec.go b/vendor/github.com/spf13/viper/internal/encoding/yaml/codec.go
index 82dc136a3..036879249 100644
--- a/vendor/github.com/spf13/viper/internal/encoding/yaml/codec.go
+++ b/vendor/github.com/spf13/viper/internal/encoding/yaml/codec.go
@@ -5,10 +5,10 @@ import "gopkg.in/yaml.v3"
 // Codec implements the encoding.Encoder and encoding.Decoder interfaces for YAML encoding.
 type Codec struct{}
 
-func (Codec) Encode(v map[string]interface{}) ([]byte, error) {
+func (Codec) Encode(v map[string]any) ([]byte, error) {
 	return yaml.Marshal(v)
 }
 
-func (Codec) Decode(b []byte, v map[string]interface{}) error {
+func (Codec) Decode(b []byte, v map[string]any) error {
 	return yaml.Unmarshal(b, &v)
 }
diff --git a/vendor/github.com/spf13/viper/logger.go b/vendor/github.com/spf13/viper/logger.go
index a64e1446c..8938053b3 100644
--- a/vendor/github.com/spf13/viper/logger.go
+++ b/vendor/github.com/spf13/viper/logger.go
@@ -1,77 +1,68 @@
 package viper
 
 import (
-	"fmt"
+	"context"
 
-	jww "github.com/spf13/jwalterweatherman"
+	slog "github.com/sagikazarmark/slog-shim"
 )
 
 // Logger is a unified interface for various logging use cases and practices, including:
 //   - leveled logging
 //   - structured logging
+//
+// Deprecated: use `log/slog` instead.
 type Logger interface {
 	// Trace logs a Trace event.
 	//
 	// Even more fine-grained information than Debug events.
 	// Loggers not supporting this level should fall back to Debug.
-	Trace(msg string, keyvals ...interface{})
+	Trace(msg string, keyvals ...any)
 
 	// Debug logs a Debug event.
 	//
 	// A verbose series of information events.
 	// They are useful when debugging the system.
-	Debug(msg string, keyvals ...interface{})
+	Debug(msg string, keyvals ...any)
 
 	// Info logs an Info event.
 	//
 	// General information about what's happening inside the system.
-	Info(msg string, keyvals ...interface{})
+	Info(msg string, keyvals ...any)
 
 	// Warn logs a Warn(ing) event.
 	//
 	// Non-critical events that should be looked at.
-	Warn(msg string, keyvals ...interface{})
+	Warn(msg string, keyvals ...any)
 
 	// Error logs an Error event.
 	//
 	// Critical events that require immediate attention.
 	// Loggers commonly provide Fatal and Panic levels above Error level,
-	// but exiting and panicing is out of scope for a logging library.
-	Error(msg string, keyvals ...interface{})
+	// but exiting and panicking is out of scope for a logging library.
+	Error(msg string, keyvals ...any)
 }
 
-type jwwLogger struct{}
-
-func (jwwLogger) Trace(msg string, keyvals ...interface{}) {
-	jww.TRACE.Printf(jwwLogMessage(msg, keyvals...))
+// WithLogger sets a custom logger.
+func WithLogger(l *slog.Logger) Option {
+	return optionFunc(func(v *Viper) {
+		v.logger = l
+	})
 }
 
-func (jwwLogger) Debug(msg string, keyvals ...interface{}) {
-	jww.DEBUG.Printf(jwwLogMessage(msg, keyvals...))
-}
+type discardHandler struct{}
 
-func (jwwLogger) Info(msg string, keyvals ...interface{}) {
-	jww.INFO.Printf(jwwLogMessage(msg, keyvals...))
+func (n *discardHandler) Enabled(_ context.Context, _ slog.Level) bool {
+	return false
 }
 
-func (jwwLogger) Warn(msg string, keyvals ...interface{}) {
-	jww.WARN.Printf(jwwLogMessage(msg, keyvals...))
+func (n *discardHandler) Handle(_ context.Context, _ slog.Record) error {
+	return nil
 }
 
-func (jwwLogger) Error(msg string, keyvals ...interface{}) {
-	jww.ERROR.Printf(jwwLogMessage(msg, keyvals...))
+func (n *discardHandler) WithAttrs(_ []slog.Attr) slog.Handler {
+	return n
 }
 
-func jwwLogMessage(msg string, keyvals ...interface{}) string {
-	out := msg
-
-	if len(keyvals) > 0 && len(keyvals)%2 == 1 {
-		keyvals = append(keyvals, nil)
-	}
-
-	for i := 0; i <= len(keyvals)-2; i += 2 {
-		out = fmt.Sprintf("%s %v=%v", out, keyvals[i], keyvals[i+1])
-	}
-
-	return out
+func (n *discardHandler) WithGroup(_ string) slog.Handler {
+	return n
 }
diff --git a/vendor/github.com/spf13/viper/util.go b/vendor/github.com/spf13/viper/util.go
index 95009a147..52116ac44 100644
--- a/vendor/github.com/spf13/viper/util.go
+++ b/vendor/github.com/spf13/viper/util.go
@@ -18,6 +18,7 @@ import (
 	"strings"
 	"unicode"
 
+	slog "github.com/sagikazarmark/slog-shim"
 	"github.com/spf13/cast"
 )
 
@@ -38,11 +39,11 @@ func (pe ConfigParseError) Unwrap() error {
 
 // toCaseInsensitiveValue checks if the value is a  map;
 // if so, create a copy and lower-case the keys recursively.
-func toCaseInsensitiveValue(value interface{}) interface{} {
+func toCaseInsensitiveValue(value any) any {
 	switch v := value.(type) {
-	case map[interface{}]interface{}:
+	case map[any]any:
 		value = copyAndInsensitiviseMap(cast.ToStringMap(v))
-	case map[string]interface{}:
+	case map[string]any:
 		value = copyAndInsensitiviseMap(v)
 	}
 
@@ -51,15 +52,15 @@ func toCaseInsensitiveValue(value interface{}) interface{} {
 
 // copyAndInsensitiviseMap behaves like insensitiviseMap, but creates a copy of
 // any map it makes case insensitive.
-func copyAndInsensitiviseMap(m map[string]interface{}) map[string]interface{} {
-	nm := make(map[string]interface{})
+func copyAndInsensitiviseMap(m map[string]any) map[string]any {
+	nm := make(map[string]any)
 
 	for key, val := range m {
 		lkey := strings.ToLower(key)
 		switch v := val.(type) {
-		case map[interface{}]interface{}:
+		case map[any]any:
 			nm[lkey] = copyAndInsensitiviseMap(cast.ToStringMap(v))
-		case map[string]interface{}:
+		case map[string]any:
 			nm[lkey] = copyAndInsensitiviseMap(v)
 		default:
 			nm[lkey] = v
@@ -69,23 +70,23 @@ func copyAndInsensitiviseMap(m map[string]interface{}) map[string]interface{} {
 	return nm
 }
 
-func insensitiviseVal(val interface{}) interface{} {
-	switch val.(type) {
-	case map[interface{}]interface{}:
+func insensitiviseVal(val any) any {
+	switch v := val.(type) {
+	case map[any]any:
 		// nested map: cast and recursively insensitivise
 		val = cast.ToStringMap(val)
-		insensitiviseMap(val.(map[string]interface{}))
-	case map[string]interface{}:
+		insensitiviseMap(val.(map[string]any))
+	case map[string]any:
 		// nested map: recursively insensitivise
-		insensitiviseMap(val.(map[string]interface{}))
-	case []interface{}:
+		insensitiviseMap(v)
+	case []any:
 		// nested array: recursively insensitivise
-		insensitiveArray(val.([]interface{}))
+		insensitiveArray(v)
 	}
 	return val
 }
 
-func insensitiviseMap(m map[string]interface{}) {
+func insensitiviseMap(m map[string]any) {
 	for key, val := range m {
 		val = insensitiviseVal(val)
 		lower := strings.ToLower(key)
@@ -98,13 +99,13 @@ func insensitiviseMap(m map[string]interface{}) {
 	}
 }
 
-func insensitiveArray(a []interface{}) {
+func insensitiveArray(a []any) {
 	for i, val := range a {
 		a[i] = insensitiviseVal(val)
 	}
 }
 
-func absPathify(logger Logger, inPath string) string {
+func absPathify(logger *slog.Logger, inPath string) string {
 	logger.Info("trying to resolve absolute path", "path", inPath)
 
 	if inPath == "$HOME" || strings.HasPrefix(inPath, "$HOME"+string(os.PathSeparator)) {
@@ -197,22 +198,22 @@ func parseSizeInBytes(sizeStr string) uint {
 // In case intermediate keys do not exist, or map to a non-map value,
 // a new map is created and inserted, and the search continues from there:
 // the initial map "m" may be modified!
-func deepSearch(m map[string]interface{}, path []string) map[string]interface{} {
+func deepSearch(m map[string]any, path []string) map[string]any {
 	for _, k := range path {
 		m2, ok := m[k]
 		if !ok {
 			// intermediate key does not exist
 			// => create it and continue from there
-			m3 := make(map[string]interface{})
+			m3 := make(map[string]any)
 			m[k] = m3
 			m = m3
 			continue
 		}
-		m3, ok := m2.(map[string]interface{})
+		m3, ok := m2.(map[string]any)
 		if !ok {
 			// intermediate key is a value
 			// => replace with a new map
-			m3 = make(map[string]interface{})
+			m3 = make(map[string]any)
 			m[k] = m3
 		}
 		// continue search from here
diff --git a/vendor/github.com/spf13/viper/viper.go b/vendor/github.com/spf13/viper/viper.go
index 7fb1e1913..c1eab71b7 100644
--- a/vendor/github.com/spf13/viper/viper.go
+++ b/vendor/github.com/spf13/viper/viper.go
@@ -35,6 +35,7 @@ import (
 
 	"github.com/fsnotify/fsnotify"
 	"github.com/mitchellh/mapstructure"
+	slog "github.com/sagikazarmark/slog-shim"
 	"github.com/spf13/afero"
 	"github.com/spf13/cast"
 	"github.com/spf13/pflag"
@@ -206,10 +207,10 @@ type Viper struct {
 	allowEmptyEnv       bool
 
 	parents        []string
-	config         map[string]interface{}
-	override       map[string]interface{}
-	defaults       map[string]interface{}
-	kvstore        map[string]interface{}
+	config         map[string]any
+	override       map[string]any
+	defaults       map[string]any
+	kvstore        map[string]any
 	pflags         map[string]FlagValue
 	env            map[string][]string
 	aliases        map[string]string
@@ -217,7 +218,7 @@ type Viper struct {
 
 	onConfigChange func(fsnotify.Event)
 
-	logger Logger
+	logger *slog.Logger
 
 	// TODO: should probably be protected with a mutex
 	encoderRegistry *encoding.EncoderRegistry
@@ -231,16 +232,16 @@ func New() *Viper {
 	v.configName = "config"
 	v.configPermissions = os.FileMode(0o644)
 	v.fs = afero.NewOsFs()
-	v.config = make(map[string]interface{})
+	v.config = make(map[string]any)
 	v.parents = []string{}
-	v.override = make(map[string]interface{})
-	v.defaults = make(map[string]interface{})
-	v.kvstore = make(map[string]interface{})
+	v.override = make(map[string]any)
+	v.defaults = make(map[string]any)
+	v.kvstore = make(map[string]any)
 	v.pflags = make(map[string]FlagValue)
 	v.env = make(map[string][]string)
 	v.aliases = make(map[string]string)
 	v.typeByDefValue = false
-	v.logger = jwwLogger{}
+	v.logger = slog.New(&discardHandler{})
 
 	v.resetEncoding()
 
@@ -301,7 +302,7 @@ func NewWithOptions(opts ...Option) *Viper {
 func Reset() {
 	v = New()
 	SupportedExts = []string{"json", "toml", "yaml", "yml", "properties", "props", "prop", "hcl", "tfvars", "dotenv", "env", "ini"}
-	SupportedRemoteProviders = []string{"etcd", "etcd3", "consul", "firestore"}
+	SupportedRemoteProviders = []string{"etcd", "etcd3", "consul", "firestore", "nats"}
 }
 
 // TODO: make this lazy initialization instead
@@ -420,7 +421,7 @@ type RemoteProvider interface {
 var SupportedExts = []string{"json", "toml", "yaml", "yml", "properties", "props", "prop", "hcl", "tfvars", "dotenv", "env", "ini"}
 
 // SupportedRemoteProviders are universally supported remote providers.
-var SupportedRemoteProviders = []string{"etcd", "etcd3", "consul", "firestore"}
+var SupportedRemoteProviders = []string{"etcd", "etcd3", "consul", "firestore", "nats"}
 
 // OnConfigChange sets the event handler that is called when a config file changes.
 func OnConfigChange(run func(in fsnotify.Event)) { v.OnConfigChange(run) }
@@ -523,6 +524,12 @@ func (v *Viper) SetEnvPrefix(in string) {
 	}
 }
 
+func GetEnvPrefix() string { return v.GetEnvPrefix() }
+
+func (v *Viper) GetEnvPrefix() string {
+	return v.envPrefix
+}
+
 func (v *Viper) mergeWithEnvPrefix(in string) string {
 	if v.envPrefix != "" {
 		return strings.ToUpper(v.envPrefix + "_" + in)
@@ -578,8 +585,8 @@ func (v *Viper) AddConfigPath(in string) {
 
 // AddRemoteProvider adds a remote configuration source.
 // Remote Providers are searched in the order they are added.
-// provider is a string value: "etcd", "etcd3", "consul" or "firestore" are currently supported.
-// endpoint is the url.  etcd requires http://ip:port  consul requires ip:port
+// provider is a string value: "etcd", "etcd3", "consul", "firestore" or "nats" are currently supported.
+// endpoint is the url.  etcd requires http://ip:port, consul requires ip:port, nats requires nats://ip:port
 // path is the path in the k/v store to retrieve configuration
 // To retrieve a config file called myapp.json from /configs/myapp.json
 // you should set path to /configs and set config name (SetConfigName()) to
@@ -609,7 +616,7 @@ func (v *Viper) AddRemoteProvider(provider, endpoint, path string) error {
 
 // AddSecureRemoteProvider adds a remote configuration source.
 // Secure Remote Providers are searched in the order they are added.
-// provider is a string value: "etcd", "etcd3", "consul" or "firestore" are currently supported.
+// provider is a string value: "etcd", "etcd3", "consul", "firestore" or "nats" are currently supported.
 // endpoint is the url.  etcd requires http://ip:port  consul requires ip:port
 // secretkeyring is the filepath to your openpgp secret keyring.  e.g. /etc/secrets/myring.gpg
 // path is the path in the k/v store to retrieve configuration
@@ -653,7 +660,7 @@ func (v *Viper) providerPathExists(p *defaultRemoteProvider) bool {
 // searchMap recursively searches for a value for path in source map.
 // Returns nil if not found.
 // Note: This assumes that the path entries and map keys are lower cased.
-func (v *Viper) searchMap(source map[string]interface{}, path []string) interface{} {
+func (v *Viper) searchMap(source map[string]any, path []string) any {
 	if len(path) == 0 {
 		return source
 	}
@@ -666,13 +673,13 @@ func (v *Viper) searchMap(source map[string]interface{}, path []string) interfac
 		}
 
 		// Nested case
-		switch next.(type) {
-		case map[interface{}]interface{}:
+		switch next := next.(type) {
+		case map[any]any:
 			return v.searchMap(cast.ToStringMap(next), path[1:])
-		case map[string]interface{}:
+		case map[string]any:
 			// Type assertion is safe here since it is only reached
 			// if the type of `next` is the same as the type being asserted
-			return v.searchMap(next.(map[string]interface{}), path[1:])
+			return v.searchMap(next, path[1:])
 		default:
 			// got a value but nested key expected, return "nil" for not found
 			return nil
@@ -692,7 +699,7 @@ func (v *Viper) searchMap(source map[string]interface{}, path []string) interfac
 // in their keys).
 //
 // Note: This assumes that the path entries and map keys are lower cased.
-func (v *Viper) searchIndexableWithPathPrefixes(source interface{}, path []string) interface{} {
+func (v *Viper) searchIndexableWithPathPrefixes(source any, path []string) any {
 	if len(path) == 0 {
 		return source
 	}
@@ -701,11 +708,11 @@ func (v *Viper) searchIndexableWithPathPrefixes(source interface{}, path []strin
 	for i := len(path); i > 0; i-- {
 		prefixKey := strings.ToLower(strings.Join(path[0:i], v.keyDelim))
 
-		var val interface{}
+		var val any
 		switch sourceIndexable := source.(type) {
-		case []interface{}:
+		case []any:
 			val = v.searchSliceWithPathPrefixes(sourceIndexable, prefixKey, i, path)
-		case map[string]interface{}:
+		case map[string]any:
 			val = v.searchMapWithPathPrefixes(sourceIndexable, prefixKey, i, path)
 		}
 		if val != nil {
@@ -722,11 +729,11 @@ func (v *Viper) searchIndexableWithPathPrefixes(source interface{}, path []strin
 // This function is part of the searchIndexableWithPathPrefixes recurring search and
 // should not be called directly from functions other than searchIndexableWithPathPrefixes.
 func (v *Viper) searchSliceWithPathPrefixes(
-	sourceSlice []interface{},
+	sourceSlice []any,
 	prefixKey string,
 	pathIndex int,
 	path []string,
-) interface{} {
+) any {
 	// if the prefixKey is not a number or it is out of bounds of the slice
 	index, err := strconv.Atoi(prefixKey)
 	if err != nil || len(sourceSlice) <= index {
@@ -741,9 +748,9 @@ func (v *Viper) searchSliceWithPathPrefixes(
 	}
 
 	switch n := next.(type) {
-	case map[interface{}]interface{}:
+	case map[any]any:
 		return v.searchIndexableWithPathPrefixes(cast.ToStringMap(n), path[pathIndex:])
-	case map[string]interface{}, []interface{}:
+	case map[string]any, []any:
 		return v.searchIndexableWithPathPrefixes(n, path[pathIndex:])
 	default:
 		// got a value but nested key expected, do nothing and look for next prefix
@@ -758,11 +765,11 @@ func (v *Viper) searchSliceWithPathPrefixes(
 // This function is part of the searchIndexableWithPathPrefixes recurring search and
 // should not be called directly from functions other than searchIndexableWithPathPrefixes.
 func (v *Viper) searchMapWithPathPrefixes(
-	sourceMap map[string]interface{},
+	sourceMap map[string]any,
 	prefixKey string,
 	pathIndex int,
 	path []string,
-) interface{} {
+) any {
 	next, ok := sourceMap[prefixKey]
 	if !ok {
 		return nil
@@ -775,9 +782,9 @@ func (v *Viper) searchMapWithPathPrefixes(
 
 	// Nested case
 	switch n := next.(type) {
-	case map[interface{}]interface{}:
+	case map[any]any:
 		return v.searchIndexableWithPathPrefixes(cast.ToStringMap(n), path[pathIndex:])
-	case map[string]interface{}, []interface{}:
+	case map[string]any, []any:
 		return v.searchIndexableWithPathPrefixes(n, path[pathIndex:])
 	default:
 		// got a value but nested key expected, do nothing and look for next prefix
@@ -792,8 +799,8 @@ func (v *Viper) searchMapWithPathPrefixes(
 // e.g., if "foo.bar" has a value in the given map, it “shadows”
 //
 //	"foo.bar.baz" in a lower-priority map
-func (v *Viper) isPathShadowedInDeepMap(path []string, m map[string]interface{}) string {
-	var parentVal interface{}
+func (v *Viper) isPathShadowedInDeepMap(path []string, m map[string]any) string {
+	var parentVal any
 	for i := 1; i < len(path); i++ {
 		parentVal = v.searchMap(m, path[0:i])
 		if parentVal == nil {
@@ -801,9 +808,9 @@ func (v *Viper) isPathShadowedInDeepMap(path []string, m map[string]interface{})
 			return ""
 		}
 		switch parentVal.(type) {
-		case map[interface{}]interface{}:
+		case map[any]any:
 			continue
-		case map[string]interface{}:
+		case map[string]any:
 			continue
 		default:
 			// parentVal is a regular value which shadows "path"
@@ -818,9 +825,9 @@ func (v *Viper) isPathShadowedInDeepMap(path []string, m map[string]interface{})
 // e.g., if "foo.bar" has a value in the given map, it “shadows”
 //
 //	"foo.bar.baz" in a lower-priority map
-func (v *Viper) isPathShadowedInFlatMap(path []string, mi interface{}) string {
+func (v *Viper) isPathShadowedInFlatMap(path []string, mi any) string {
 	// unify input map
-	var m map[string]interface{}
+	var m map[string]any
 	switch mi.(type) {
 	case map[string]string, map[string]FlagValue:
 		m = cast.ToStringMap(mi)
@@ -887,9 +894,9 @@ func GetViper() *Viper {
 // override, flag, env, config file, key/value store, default
 //
 // Get returns an interface. For a specific value use one of the Get____ methods.
-func Get(key string) interface{} { return v.Get(key) }
+func Get(key string) any { return v.Get(key) }
 
-func (v *Viper) Get(key string) interface{} {
+func (v *Viper) Get(key string) any {
 	lcaseKey := strings.ToLower(key)
 	val := v.find(lcaseKey, true)
 	if val == nil {
@@ -1059,9 +1066,9 @@ func (v *Viper) GetStringSlice(key string) []string {
 }
 
 // GetStringMap returns the value associated with the key as a map of interfaces.
-func GetStringMap(key string) map[string]interface{} { return v.GetStringMap(key) }
+func GetStringMap(key string) map[string]any { return v.GetStringMap(key) }
 
-func (v *Viper) GetStringMap(key string) map[string]interface{} {
+func (v *Viper) GetStringMap(key string) map[string]any {
 	return cast.ToStringMap(v.Get(key))
 }
 
@@ -1089,27 +1096,27 @@ func (v *Viper) GetSizeInBytes(key string) uint {
 }
 
 // UnmarshalKey takes a single key and unmarshals it into a Struct.
-func UnmarshalKey(key string, rawVal interface{}, opts ...DecoderConfigOption) error {
+func UnmarshalKey(key string, rawVal any, opts ...DecoderConfigOption) error {
 	return v.UnmarshalKey(key, rawVal, opts...)
 }
 
-func (v *Viper) UnmarshalKey(key string, rawVal interface{}, opts ...DecoderConfigOption) error {
+func (v *Viper) UnmarshalKey(key string, rawVal any, opts ...DecoderConfigOption) error {
 	return decode(v.Get(key), defaultDecoderConfig(rawVal, opts...))
 }
 
 // Unmarshal unmarshals the config into a Struct. Make sure that the tags
 // on the fields of the structure are properly set.
-func Unmarshal(rawVal interface{}, opts ...DecoderConfigOption) error {
+func Unmarshal(rawVal any, opts ...DecoderConfigOption) error {
 	return v.Unmarshal(rawVal, opts...)
 }
 
-func (v *Viper) Unmarshal(rawVal interface{}, opts ...DecoderConfigOption) error {
+func (v *Viper) Unmarshal(rawVal any, opts ...DecoderConfigOption) error {
 	return decode(v.AllSettings(), defaultDecoderConfig(rawVal, opts...))
 }
 
 // defaultDecoderConfig returns default mapstructure.DecoderConfig with support
 // of time.Duration values & string slices
-func defaultDecoderConfig(output interface{}, opts ...DecoderConfigOption) *mapstructure.DecoderConfig {
+func defaultDecoderConfig(output any, opts ...DecoderConfigOption) *mapstructure.DecoderConfig {
 	c := &mapstructure.DecoderConfig{
 		Metadata:         nil,
 		Result:           output,
@@ -1126,7 +1133,7 @@ func defaultDecoderConfig(output interface{}, opts ...DecoderConfigOption) *maps
 }
 
 // A wrapper around mapstructure.Decode that mimics the WeakDecode functionality
-func decode(input interface{}, config *mapstructure.DecoderConfig) error {
+func decode(input any, config *mapstructure.DecoderConfig) error {
 	decoder, err := mapstructure.NewDecoder(config)
 	if err != nil {
 		return err
@@ -1136,11 +1143,11 @@ func decode(input interface{}, config *mapstructure.DecoderConfig) error {
 
 // UnmarshalExact unmarshals the config into a Struct, erroring if a field is nonexistent
 // in the destination struct.
-func UnmarshalExact(rawVal interface{}, opts ...DecoderConfigOption) error {
+func UnmarshalExact(rawVal any, opts ...DecoderConfigOption) error {
 	return v.UnmarshalExact(rawVal, opts...)
 }
 
-func (v *Viper) UnmarshalExact(rawVal interface{}, opts ...DecoderConfigOption) error {
+func (v *Viper) UnmarshalExact(rawVal any, opts ...DecoderConfigOption) error {
 	config := defaultDecoderConfig(rawVal, opts...)
 	config.ErrorUnused = true
 
@@ -1237,9 +1244,9 @@ func (v *Viper) MustBindEnv(input ...string) {
 // corresponds to a flag, the flag's default value is returned.
 //
 // Note: this assumes a lower-cased key given.
-func (v *Viper) find(lcaseKey string, flagDefault bool) interface{} {
+func (v *Viper) find(lcaseKey string, flagDefault bool) any {
 	var (
-		val    interface{}
+		val    any
 		exists bool
 		path   = strings.Split(lcaseKey, v.keyDelim)
 		nested = len(path) > 1
@@ -1398,46 +1405,46 @@ func readAsCSV(val string) ([]string, error) {
 }
 
 // mostly copied from pflag's implementation of this operation here https://github.com/spf13/pflag/blob/master/string_to_string.go#L79
-// alterations are: errors are swallowed, map[string]interface{} is returned in order to enable cast.ToStringMap
-func stringToStringConv(val string) interface{} {
+// alterations are: errors are swallowed, map[string]any is returned in order to enable cast.ToStringMap
+func stringToStringConv(val string) any {
 	val = strings.Trim(val, "[]")
 	// An empty string would cause an empty map
 	if len(val) == 0 {
-		return map[string]interface{}{}
+		return map[string]any{}
 	}
 	r := csv.NewReader(strings.NewReader(val))
 	ss, err := r.Read()
 	if err != nil {
 		return nil
 	}
-	out := make(map[string]interface{}, len(ss))
+	out := make(map[string]any, len(ss))
 	for _, pair := range ss {
-		kv := strings.SplitN(pair, "=", 2)
-		if len(kv) != 2 {
+		k, vv, found := strings.Cut(pair, "=")
+		if !found {
 			return nil
 		}
-		out[kv[0]] = kv[1]
+		out[k] = vv
 	}
 	return out
 }
 
 // mostly copied from pflag's implementation of this operation here https://github.com/spf13/pflag/blob/d5e0c0615acee7028e1e2740a11102313be88de1/string_to_int.go#L68
-// alterations are: errors are swallowed, map[string]interface{} is returned in order to enable cast.ToStringMap
-func stringToIntConv(val string) interface{} {
+// alterations are: errors are swallowed, map[string]any is returned in order to enable cast.ToStringMap
+func stringToIntConv(val string) any {
 	val = strings.Trim(val, "[]")
 	// An empty string would cause an empty map
 	if len(val) == 0 {
-		return map[string]interface{}{}
+		return map[string]any{}
 	}
 	ss := strings.Split(val, ",")
-	out := make(map[string]interface{}, len(ss))
+	out := make(map[string]any, len(ss))
 	for _, pair := range ss {
-		kv := strings.SplitN(pair, "=", 2)
-		if len(kv) != 2 {
+		k, vv, found := strings.Cut(pair, "=")
+		if !found {
 			return nil
 		}
 		var err error
-		out[kv[0]], err = strconv.Atoi(kv[1])
+		out[k], err = strconv.Atoi(vv)
 		if err != nil {
 			return nil
 		}
@@ -1538,9 +1545,9 @@ func (v *Viper) InConfig(key string) bool {
 // SetDefault sets the default value for this key.
 // SetDefault is case-insensitive for a key.
 // Default only used when no value is provided by the user via flag, config or ENV.
-func SetDefault(key string, value interface{}) { v.SetDefault(key, value) }
+func SetDefault(key string, value any) { v.SetDefault(key, value) }
 
-func (v *Viper) SetDefault(key string, value interface{}) {
+func (v *Viper) SetDefault(key string, value any) {
 	// If alias passed in, then set the proper default
 	key = v.realKey(strings.ToLower(key))
 	value = toCaseInsensitiveValue(value)
@@ -1557,9 +1564,9 @@ func (v *Viper) SetDefault(key string, value interface{}) {
 // Set is case-insensitive for a key.
 // Will be used instead of values obtained via
 // flags, config file, ENV, default, or key/value store.
-func Set(key string, value interface{}) { v.Set(key, value) }
+func Set(key string, value any) { v.Set(key, value) }
 
-func (v *Viper) Set(key string, value interface{}) {
+func (v *Viper) Set(key string, value any) {
 	// If alias passed in, then set the proper override
 	key = v.realKey(strings.ToLower(key))
 	value = toCaseInsensitiveValue(value)
@@ -1593,7 +1600,7 @@ func (v *Viper) ReadInConfig() error {
 		return err
 	}
 
-	config := make(map[string]interface{})
+	config := make(map[string]any)
 
 	err = v.unmarshalReader(bytes.NewReader(file), config)
 	if err != nil {
@@ -1631,7 +1638,7 @@ func (v *Viper) MergeInConfig() error {
 func ReadConfig(in io.Reader) error { return v.ReadConfig(in) }
 
 func (v *Viper) ReadConfig(in io.Reader) error {
-	v.config = make(map[string]interface{})
+	v.config = make(map[string]any)
 	return v.unmarshalReader(in, v.config)
 }
 
@@ -1639,7 +1646,7 @@ func (v *Viper) ReadConfig(in io.Reader) error {
 func MergeConfig(in io.Reader) error { return v.MergeConfig(in) }
 
 func (v *Viper) MergeConfig(in io.Reader) error {
-	cfg := make(map[string]interface{})
+	cfg := make(map[string]any)
 	if err := v.unmarshalReader(in, cfg); err != nil {
 		return err
 	}
@@ -1648,11 +1655,11 @@ func (v *Viper) MergeConfig(in io.Reader) error {
 
 // MergeConfigMap merges the configuration from the map given with an existing config.
 // Note that the map given may be modified.
-func MergeConfigMap(cfg map[string]interface{}) error { return v.MergeConfigMap(cfg) }
+func MergeConfigMap(cfg map[string]any) error { return v.MergeConfigMap(cfg) }
 
-func (v *Viper) MergeConfigMap(cfg map[string]interface{}) error {
+func (v *Viper) MergeConfigMap(cfg map[string]any) error {
 	if v.config == nil {
-		v.config = make(map[string]interface{})
+		v.config = make(map[string]any)
 	}
 	insensitiviseMap(cfg)
 	mergeMaps(cfg, v.config, nil)
@@ -1717,7 +1724,7 @@ func (v *Viper) writeConfig(filename string, force bool) error {
 		return UnsupportedConfigError(configType)
 	}
 	if v.config == nil {
-		v.config = make(map[string]interface{})
+		v.config = make(map[string]any)
 	}
 	flags := os.O_CREATE | os.O_TRUNC | os.O_WRONLY
 	if !force {
@@ -1738,11 +1745,11 @@ func (v *Viper) writeConfig(filename string, force bool) error {
 
 // Unmarshal a Reader into a map.
 // Should probably be an unexported function.
-func unmarshalReader(in io.Reader, c map[string]interface{}) error {
+func unmarshalReader(in io.Reader, c map[string]any) error {
 	return v.unmarshalReader(in, c)
 }
 
-func (v *Viper) unmarshalReader(in io.Reader, c map[string]interface{}) error {
+func (v *Viper) unmarshalReader(in io.Reader, c map[string]any) error {
 	buf := new(bytes.Buffer)
 	buf.ReadFrom(in)
 
@@ -1776,7 +1783,7 @@ func (v *Viper) marshalWriter(f afero.File, configType string) error {
 	return nil
 }
 
-func keyExists(k string, m map[string]interface{}) string {
+func keyExists(k string, m map[string]any) string {
 	lk := strings.ToLower(k)
 	for mk := range m {
 		lmk := strings.ToLower(mk)
@@ -1788,33 +1795,33 @@ func keyExists(k string, m map[string]interface{}) string {
 }
 
 func castToMapStringInterface(
-	src map[interface{}]interface{},
-) map[string]interface{} {
-	tgt := map[string]interface{}{}
+	src map[any]any,
+) map[string]any {
+	tgt := map[string]any{}
 	for k, v := range src {
 		tgt[fmt.Sprintf("%v", k)] = v
 	}
 	return tgt
 }
 
-func castMapStringSliceToMapInterface(src map[string][]string) map[string]interface{} {
-	tgt := map[string]interface{}{}
+func castMapStringSliceToMapInterface(src map[string][]string) map[string]any {
+	tgt := map[string]any{}
 	for k, v := range src {
 		tgt[k] = v
 	}
 	return tgt
 }
 
-func castMapStringToMapInterface(src map[string]string) map[string]interface{} {
-	tgt := map[string]interface{}{}
+func castMapStringToMapInterface(src map[string]string) map[string]any {
+	tgt := map[string]any{}
 	for k, v := range src {
 		tgt[k] = v
 	}
 	return tgt
 }
 
-func castMapFlagToMapInterface(src map[string]FlagValue) map[string]interface{} {
-	tgt := map[string]interface{}{}
+func castMapFlagToMapInterface(src map[string]FlagValue) map[string]any {
+	tgt := map[string]any{}
 	for k, v := range src {
 		tgt[k] = v
 	}
@@ -1822,17 +1829,15 @@ func castMapFlagToMapInterface(src map[string]FlagValue) map[string]interface{}
 }
 
 // mergeMaps merges two maps. The `itgt` parameter is for handling go-yaml's
-// insistence on parsing nested structures as `map[interface{}]interface{}`
+// insistence on parsing nested structures as `map[any]any`
 // instead of using a `string` as the key for nest structures beyond one level
 // deep. Both map types are supported as there is a go-yaml fork that uses
-// `map[string]interface{}` instead.
-func mergeMaps(
-	src, tgt map[string]interface{}, itgt map[interface{}]interface{},
-) {
+// `map[string]any` instead.
+func mergeMaps(src, tgt map[string]any, itgt map[any]any) {
 	for sk, sv := range src {
 		tk := keyExists(sk, tgt)
 		if tk == "" {
-			v.logger.Trace("", "tk", "\"\"", fmt.Sprintf("tgt[%s]", sk), sv)
+			v.logger.Debug("", "tk", "\"\"", fmt.Sprintf("tgt[%s]", sk), sv)
 			tgt[sk] = sv
 			if itgt != nil {
 				itgt[sk] = sv
@@ -1842,7 +1847,7 @@ func mergeMaps(
 
 		tv, ok := tgt[tk]
 		if !ok {
-			v.logger.Trace("", fmt.Sprintf("ok[%s]", tk), false, fmt.Sprintf("tgt[%s]", sk), sv)
+			v.logger.Debug("", fmt.Sprintf("ok[%s]", tk), false, fmt.Sprintf("tgt[%s]", sk), sv)
 			tgt[sk] = sv
 			if itgt != nil {
 				itgt[sk] = sv
@@ -1853,7 +1858,7 @@ func mergeMaps(
 		svType := reflect.TypeOf(sv)
 		tvType := reflect.TypeOf(tv)
 
-		v.logger.Trace(
+		v.logger.Debug(
 			"processing",
 			"key", sk,
 			"st", svType,
@@ -1863,12 +1868,12 @@ func mergeMaps(
 		)
 
 		switch ttv := tv.(type) {
-		case map[interface{}]interface{}:
-			v.logger.Trace("merging maps (must convert)")
-			tsv, ok := sv.(map[interface{}]interface{})
+		case map[any]any:
+			v.logger.Debug("merging maps (must convert)")
+			tsv, ok := sv.(map[any]any)
 			if !ok {
 				v.logger.Error(
-					"Could not cast sv to map[interface{}]interface{}",
+					"Could not cast sv to map[any]any",
 					"key", sk,
 					"st", svType,
 					"tt", tvType,
@@ -1881,12 +1886,12 @@ func mergeMaps(
 			ssv := castToMapStringInterface(tsv)
 			stv := castToMapStringInterface(ttv)
 			mergeMaps(ssv, stv, ttv)
-		case map[string]interface{}:
-			v.logger.Trace("merging maps")
-			tsv, ok := sv.(map[string]interface{})
+		case map[string]any:
+			v.logger.Debug("merging maps")
+			tsv, ok := sv.(map[string]any)
 			if !ok {
 				v.logger.Error(
-					"Could not cast sv to map[string]interface{}",
+					"Could not cast sv to map[string]any",
 					"key", sk,
 					"st", svType,
 					"tt", tvType,
@@ -1897,7 +1902,7 @@ func mergeMaps(
 			}
 			mergeMaps(tsv, ttv, nil)
 		default:
-			v.logger.Trace("setting value")
+			v.logger.Debug("setting value")
 			tgt[tk] = sv
 			if itgt != nil {
 				itgt[tk] = sv
@@ -1948,7 +1953,7 @@ func (v *Viper) getKeyValueConfig() error {
 	return RemoteConfigError("No Files Found")
 }
 
-func (v *Viper) getRemoteConfig(provider RemoteProvider) (map[string]interface{}, error) {
+func (v *Viper) getRemoteConfig(provider RemoteProvider) (map[string]any, error) {
 	reader, err := RemoteConfig.Get(provider)
 	if err != nil {
 		return nil, err
@@ -1997,7 +2002,7 @@ func (v *Viper) watchKeyValueConfig() error {
 	return RemoteConfigError("No Files Found")
 }
 
-func (v *Viper) watchRemoteConfig(provider RemoteProvider) (map[string]interface{}, error) {
+func (v *Viper) watchRemoteConfig(provider RemoteProvider) (map[string]any, error) {
 	reader, err := RemoteConfig.Watch(provider)
 	if err != nil {
 		return nil, err
@@ -2036,7 +2041,7 @@ func (v *Viper) AllKeys() []string {
 //     it is skipped.
 //
 // The resulting set of paths is merged to the given shadow set at the same time.
-func (v *Viper) flattenAndMergeMap(shadow map[string]bool, m map[string]interface{}, prefix string) map[string]bool {
+func (v *Viper) flattenAndMergeMap(shadow map[string]bool, m map[string]any, prefix string) map[string]bool {
 	if shadow != nil && prefix != "" && shadow[prefix] {
 		// prefix is shadowed => nothing more to flatten
 		return shadow
@@ -2045,16 +2050,16 @@ func (v *Viper) flattenAndMergeMap(shadow map[string]bool, m map[string]interfac
 		shadow = make(map[string]bool)
 	}
 
-	var m2 map[string]interface{}
+	var m2 map[string]any
 	if prefix != "" {
 		prefix += v.keyDelim
 	}
 	for k, val := range m {
 		fullKey := prefix + k
-		switch val.(type) {
-		case map[string]interface{}:
-			m2 = val.(map[string]interface{})
-		case map[interface{}]interface{}:
+		switch val := val.(type) {
+		case map[string]any:
+			m2 = val
+		case map[any]any:
 			m2 = cast.ToStringMap(val)
 		default:
 			// immediate value
@@ -2069,7 +2074,7 @@ func (v *Viper) flattenAndMergeMap(shadow map[string]bool, m map[string]interfac
 
 // mergeFlatMap merges the given maps, excluding values of the second map
 // shadowed by values from the first map.
-func (v *Viper) mergeFlatMap(shadow map[string]bool, m map[string]interface{}) map[string]bool {
+func (v *Viper) mergeFlatMap(shadow map[string]bool, m map[string]any) map[string]bool {
 	// scan keys
 outer:
 	for k := range m {
@@ -2089,11 +2094,11 @@ outer:
 	return shadow
 }
 
-// AllSettings merges all settings and returns them as a map[string]interface{}.
-func AllSettings() map[string]interface{} { return v.AllSettings() }
+// AllSettings merges all settings and returns them as a map[string]any.
+func AllSettings() map[string]any { return v.AllSettings() }
 
-func (v *Viper) AllSettings() map[string]interface{} {
-	m := map[string]interface{}{}
+func (v *Viper) AllSettings() map[string]any {
+	m := map[string]any{}
 	// start from the list of keys, and construct the map one value at a time
 	for _, k := range v.AllKeys() {
 		value := v.Get(k)
diff --git a/vendor/github.com/spf13/viper/viper_go1_15.go b/vendor/github.com/spf13/viper/viper_go1_15.go
index 19a771cbd..7fc6aff33 100644
--- a/vendor/github.com/spf13/viper/viper_go1_15.go
+++ b/vendor/github.com/spf13/viper/viper_go1_15.go
@@ -1,5 +1,4 @@
-//go:build !go1.16 || !finder
-// +build !go1.16 !finder
+//go:build !finder
 
 package viper
 
diff --git a/vendor/github.com/spf13/viper/viper_go1_16.go b/vendor/github.com/spf13/viper/viper_go1_16.go
index e10172fa3..d96a1bd22 100644
--- a/vendor/github.com/spf13/viper/viper_go1_16.go
+++ b/vendor/github.com/spf13/viper/viper_go1_16.go
@@ -1,32 +1,38 @@
-//go:build go1.16 && finder
-// +build go1.16,finder
+//go:build finder
 
 package viper
 
 import (
 	"fmt"
 
-	"github.com/spf13/afero"
+	"github.com/sagikazarmark/locafero"
 )
 
 // Search all configPaths for any config file.
 // Returns the first path that exists (and is a config file).
 func (v *Viper) findConfigFile() (string, error) {
-	finder := finder{
-		paths:            v.configPaths,
-		fileNames:        []string{v.configName},
-		extensions:       SupportedExts,
-		withoutExtension: v.configType != "",
+	var names []string
+
+	if v.configType != "" {
+		names = locafero.NameWithOptionalExtensions(v.configName, SupportedExts...)
+	} else {
+		names = locafero.NameWithExtensions(v.configName, SupportedExts...)
+	}
+
+	finder := locafero.Finder{
+		Paths: v.configPaths,
+		Names: names,
+		Type:  locafero.FileTypeFile,
 	}
 
-	file, err := finder.Find(afero.NewIOFS(v.fs))
+	results, err := finder.Find(v.fs)
 	if err != nil {
 		return "", err
 	}
 
-	if file == "" {
+	if len(results) == 0 {
 		return "", ConfigFileNotFoundError{v.configName, fmt.Sprintf("%s", v.configPaths)}
 	}
 
-	return file, nil
+	return results[0], nil
 }
diff --git a/vendor/github.com/spf13/viper/watch.go b/vendor/github.com/spf13/viper/watch.go
index 1ce84eaf8..e98fce89c 100644
--- a/vendor/github.com/spf13/viper/watch.go
+++ b/vendor/github.com/spf13/viper/watch.go
@@ -1,5 +1,4 @@
 //go:build darwin || dragonfly || freebsd || openbsd || linux || netbsd || solaris || windows
-// +build darwin dragonfly freebsd openbsd linux netbsd solaris windows
 
 package viper
 
diff --git a/vendor/github.com/spf13/viper/watch_unsupported.go b/vendor/github.com/spf13/viper/watch_unsupported.go
index 7e2715377..707640560 100644
--- a/vendor/github.com/spf13/viper/watch_unsupported.go
+++ b/vendor/github.com/spf13/viper/watch_unsupported.go
@@ -1,5 +1,4 @@
 //go:build appengine || (!darwin && !dragonfly && !freebsd && !openbsd && !linux && !netbsd && !solaris && !windows)
-// +build appengine !darwin,!dragonfly,!freebsd,!openbsd,!linux,!netbsd,!solaris,!windows
 
 package viper
 
diff --git a/vendor/github.com/subosito/gotenv/CHANGELOG.md b/vendor/github.com/subosito/gotenv/CHANGELOG.md
index 757caad26..c4fe7d326 100644
--- a/vendor/github.com/subosito/gotenv/CHANGELOG.md
+++ b/vendor/github.com/subosito/gotenv/CHANGELOG.md
@@ -1,5 +1,42 @@
 # Changelog
 
+## [1.5.0] - 2023-08-15
+
+### Fixed
+
+- Use io.Reader instead of custom Reader
+
+## [1.5.0] - 2023-08-15
+
+### Added
+
+- Support for reading UTF16 files
+
+### Fixed
+
+- Scanner error handling
+- Reader error handling
+
+## [1.4.2] - 2023-01-11
+
+### Fixed
+
+- Env var initialization
+
+### Changed
+
+- More consitent line splitting
+
+## [1.4.1] - 2022-08-23
+
+### Fixed
+
+- Missing file close
+
+### Changed
+
+- Updated dependencies
+
 ## [1.4.0] - 2022-06-02
 
 ### Added
diff --git a/vendor/github.com/subosito/gotenv/gotenv.go b/vendor/github.com/subosito/gotenv/gotenv.go
index dc013e1e0..1191d3587 100644
--- a/vendor/github.com/subosito/gotenv/gotenv.go
+++ b/vendor/github.com/subosito/gotenv/gotenv.go
@@ -12,6 +12,9 @@ import (
 	"sort"
 	"strconv"
 	"strings"
+
+	"golang.org/x/text/encoding/unicode"
+	"golang.org/x/text/transform"
 )
 
 const (
@@ -20,9 +23,13 @@ const (
 
 	// Pattern for detecting valid variable within a value
 	variablePattern = `(\\)?(\$)(\{?([A-Z0-9_]+)?\}?)`
+)
 
-	// Byte order mark character
-	bom = "\xef\xbb\xbf"
+// Byte order mark character
+var (
+	bomUTF8    = []byte("\xEF\xBB\xBF")
+	bomUTF16LE = []byte("\xFF\xFE")
+	bomUTF16BE = []byte("\xFE\xFF")
 )
 
 // Env holds key/value pair of valid environment variable
@@ -203,19 +210,40 @@ func splitLines(data []byte, atEOF bool) (advance int, token []byte, err error)
 
 func strictParse(r io.Reader, override bool) (Env, error) {
 	env := make(Env)
-	scanner := bufio.NewScanner(r)
-	scanner.Split(splitLines)
 
-	firstLine := true
+	buf := new(bytes.Buffer)
+	tee := io.TeeReader(r, buf)
 
-	for scanner.Scan() {
-		line := strings.TrimSpace(scanner.Text())
+	// There can be a maximum of 3 BOM bytes.
+	bomByteBuffer := make([]byte, 3)
+	_, err := tee.Read(bomByteBuffer)
+	if err != nil && err != io.EOF {
+		return env, err
+	}
+
+	z := io.MultiReader(buf, r)
+
+	// We chooes a different scanner depending on file encoding.
+	var scanner *bufio.Scanner
 
-		if firstLine {
-			line = strings.TrimPrefix(line, bom)
-			firstLine = false
+	if bytes.HasPrefix(bomByteBuffer, bomUTF8) {
+		scanner = bufio.NewScanner(transform.NewReader(z, unicode.UTF8BOM.NewDecoder()))
+	} else if bytes.HasPrefix(bomByteBuffer, bomUTF16LE) {
+		scanner = bufio.NewScanner(transform.NewReader(z, unicode.UTF16(unicode.LittleEndian, unicode.ExpectBOM).NewDecoder()))
+	} else if bytes.HasPrefix(bomByteBuffer, bomUTF16BE) {
+		scanner = bufio.NewScanner(transform.NewReader(z, unicode.UTF16(unicode.BigEndian, unicode.ExpectBOM).NewDecoder()))
+	} else {
+		scanner = bufio.NewScanner(z)
+	}
+
+	scanner.Split(splitLines)
+
+	for scanner.Scan() {
+		if err := scanner.Err(); err != nil {
+			return env, err
 		}
 
+		line := strings.TrimSpace(scanner.Text())
 		if line == "" || line[0] == '#' {
 			continue
 		}
@@ -263,7 +291,7 @@ func strictParse(r io.Reader, override bool) (Env, error) {
 		}
 	}
 
-	return env, nil
+	return env, scanner.Err()
 }
 
 var (
diff --git a/vendor/github.com/theupdateframework/go-tuf/.golangci.yml b/vendor/github.com/theupdateframework/go-tuf/.golangci.yml
index 570c05d60..992c1190a 100644
--- a/vendor/github.com/theupdateframework/go-tuf/.golangci.yml
+++ b/vendor/github.com/theupdateframework/go-tuf/.golangci.yml
@@ -1,9 +1,3 @@
-run:
-  # Lint using Go 1.17, since some linters are disabled by default for Go 1.18
-  # until generics are supported.
-  # See https://github.com/golangci/golangci-lint/issues/2649
-  go: '1.17'
-
 linters:
   disable-all: true
   enable:
diff --git a/vendor/github.com/theupdateframework/go-tuf/README.md b/vendor/github.com/theupdateframework/go-tuf/README.md
index 125978c1c..fe2836743 100644
--- a/vendor/github.com/theupdateframework/go-tuf/README.md
+++ b/vendor/github.com/theupdateframework/go-tuf/README.md
@@ -35,7 +35,7 @@ The directories contain the following files:
 `go-tuf` is tested on Go versions 1.18.
 
 ```bash
-go get github.com/theupdateframework/go-tuf/cmd/tuf
+go install github.com/theupdateframework/go-tuf/cmd/tuf@latest
 ```
 
 ### Commands
@@ -653,3 +653,10 @@ install tuf`). To update the data for these tests requires Docker and make (see
 test data [README.md](client/python_interop/testdata/README.md) for details).
 
 Please see [CONTRIBUTING.md](docs/CONTRIBUTING.md) for contribution guidelines before making your first contribution!
+
+## Comparison to other implementations
+
+There are TUF implementations in a variety of programming languages. Some other Go implementations of TUF include:
+
+* [Notary](https://github.com/notaryproject/notary): A version of TUF designed specifically for publishing and managing trusted collections of content. It was used by Docker Content Trust, and has since been superseded by the [Notation](https://github.com/notaryproject/notation) project. In contrast, go-tuf is a direct implementation of TUF and has been updated to conform to 1.0.0 of the TUF specification.
+
diff --git a/vendor/github.com/theupdateframework/go-tuf/data/types.go b/vendor/github.com/theupdateframework/go-tuf/data/types.go
index 3e1806bde..eb00489b6 100644
--- a/vendor/github.com/theupdateframework/go-tuf/data/types.go
+++ b/vendor/github.com/theupdateframework/go-tuf/data/types.go
@@ -24,9 +24,12 @@ type HashAlgorithm string
 const (
 	KeyIDLength = sha256.Size * 2
 
-	KeyTypeEd25519           KeyType = "ed25519"
-	KeyTypeECDSA_SHA2_P256   KeyType = "ecdsa-sha2-nistp256"
-	KeyTypeRSASSA_PSS_SHA256 KeyType = "rsa"
+	KeyTypeEd25519 KeyType = "ed25519"
+	// From version 1.0.32, the reference implementation defines 'ecdsa',
+	// not 'ecdsa-sha2-nistp256' for NIST P-256 curves.
+	KeyTypeECDSA_SHA2_P256         KeyType = "ecdsa"
+	KeyTypeECDSA_SHA2_P256_OLD_FMT KeyType = "ecdsa-sha2-nistp256"
+	KeyTypeRSASSA_PSS_SHA256       KeyType = "rsa"
 
 	KeySchemeEd25519           KeyScheme = "ed25519"
 	KeySchemeECDSA_SHA2_P256   KeyScheme = "ecdsa-sha2-nistp256"
diff --git a/vendor/github.com/theupdateframework/go-tuf/local_store.go b/vendor/github.com/theupdateframework/go-tuf/local_store.go
index fee03f314..b59721e61 100644
--- a/vendor/github.com/theupdateframework/go-tuf/local_store.go
+++ b/vendor/github.com/theupdateframework/go-tuf/local_store.go
@@ -12,8 +12,8 @@ import (
 	"path/filepath"
 	"strings"
 
+	"github.com/secure-systems-lab/go-securesystemslib/encrypted"
 	"github.com/theupdateframework/go-tuf/data"
-	"github.com/theupdateframework/go-tuf/encrypted"
 	"github.com/theupdateframework/go-tuf/internal/fsutil"
 	"github.com/theupdateframework/go-tuf/internal/sets"
 	"github.com/theupdateframework/go-tuf/pkg/keys"
diff --git a/vendor/github.com/theupdateframework/go-tuf/pkg/deprecated/set_ecdsa/set_ecdsa.go b/vendor/github.com/theupdateframework/go-tuf/pkg/deprecated/set_ecdsa/set_ecdsa.go
deleted file mode 100644
index de3771e3a..000000000
--- a/vendor/github.com/theupdateframework/go-tuf/pkg/deprecated/set_ecdsa/set_ecdsa.go
+++ /dev/null
@@ -1,23 +0,0 @@
-package set_ecdsa
-
-import (
-	"errors"
-
-	"github.com/theupdateframework/go-tuf/data"
-	"github.com/theupdateframework/go-tuf/pkg/keys"
-)
-
-/*
-	Importing this package will allow support for both hex-encoded ECDSA
-	verifiers and PEM-encoded ECDSA verifiers.
-	Note that this package imports "github.com/theupdateframework/go-tuf/pkg/keys"
-	and overrides the ECDSA verifier loaded at init time in that package.
-*/
-
-func init() {
-	_, ok := keys.VerifierMap.Load(data.KeyTypeECDSA_SHA2_P256)
-	if !ok {
-		panic(errors.New("expected to override previously loaded PEM-only ECDSA verifier"))
-	}
-	keys.VerifierMap.Store(data.KeyTypeECDSA_SHA2_P256, keys.NewDeprecatedEcdsaVerifier)
-}
diff --git a/vendor/github.com/theupdateframework/go-tuf/pkg/keys/ecdsa.go b/vendor/github.com/theupdateframework/go-tuf/pkg/keys/ecdsa.go
index ee93e3300..9740d1f33 100644
--- a/vendor/github.com/theupdateframework/go-tuf/pkg/keys/ecdsa.go
+++ b/vendor/github.com/theupdateframework/go-tuf/pkg/keys/ecdsa.go
@@ -20,7 +20,9 @@ func init() {
 	// Note: we use LoadOrStore here to prevent accidentally overriding the
 	// an explicit deprecated ECDSA verifier.
 	// TODO: When deprecated ECDSA is removed, this can switch back to Store.
+	VerifierMap.LoadOrStore(data.KeyTypeECDSA_SHA2_P256_OLD_FMT, NewEcdsaVerifier)
 	VerifierMap.LoadOrStore(data.KeyTypeECDSA_SHA2_P256, NewEcdsaVerifier)
+	SignerMap.Store(data.KeyTypeECDSA_SHA2_P256_OLD_FMT, newEcdsaSigner)
 	SignerMap.Store(data.KeyTypeECDSA_SHA2_P256, newEcdsaSigner)
 }
 
diff --git a/vendor/github.com/theupdateframework/go-tuf/repo.go b/vendor/github.com/theupdateframework/go-tuf/repo.go
index c6a23deea..db2ac6636 100644
--- a/vendor/github.com/theupdateframework/go-tuf/repo.go
+++ b/vendor/github.com/theupdateframework/go-tuf/repo.go
@@ -782,11 +782,13 @@ func (r *Repo) setMeta(roleFilename string, meta interface{}) error {
 	return r.local.SetMeta(roleFilename, b)
 }
 
-// SignPayload signs the given payload using the key(s) associated with role.
+// CanonicalizeAndSign canonicalizes the signed portion of signed, then signs it using the key(s) associated with role.
+//
+// It appends the signature to signed.
 //
 // It returns the total number of keys used for signing, 0 (along with
 // ErrNoKeys) if no keys were found, or -1 (along with an error) in error cases.
-func (r *Repo) SignPayload(role string, payload *data.Signed) (int, error) {
+func (r *Repo) CanonicalizeAndSign(role string, signed *data.Signed) (int, error) {
 	keys, err := r.signersForRole(role)
 	if err != nil {
 		return -1, err
@@ -795,13 +797,46 @@ func (r *Repo) SignPayload(role string, payload *data.Signed) (int, error) {
 		return 0, ErrNoKeys{role}
 	}
 	for _, k := range keys {
-		if err = sign.Sign(payload, k); err != nil {
+		if err = sign.Sign(signed, k); err != nil {
 			return -1, err
 		}
 	}
 	return len(keys), nil
 }
 
+// SignPayload canonicalizes the signed portion of payload, then signs it using the key(s) associated with role.
+//
+// It returns the total number of keys used for signing, 0 (along with
+// ErrNoKeys) if no keys were found, or -1 (along with an error) in error cases.
+//
+// DEPRECATED: please use CanonicalizeAndSign instead.
+func (r *Repo) SignPayload(role string, payload *data.Signed) (int, error) {
+	return r.CanonicalizeAndSign(role, payload)
+}
+
+// SignRaw signs the given (pre-canonicalized) payload using the key(s) associated with role.
+//
+// It returns the new data.Signatures.
+func (r *Repo) SignRaw(role string, payload []byte) ([]data.Signature, error) {
+	keys, err := r.signersForRole(role)
+	if err != nil {
+		return nil, err
+	}
+	if len(keys) == 0 {
+		return nil, ErrNoKeys{role}
+	}
+
+	allSigs := make([]data.Signature, 0, len(keys))
+	for _, k := range keys {
+		sigs, err := sign.MakeSignatures(payload, k)
+		if err != nil {
+			return nil, err
+		}
+		allSigs = append(allSigs, sigs...)
+	}
+	return allSigs, nil
+}
+
 func (r *Repo) Sign(roleFilename string) error {
 	signed, err := r.SignedMeta(roleFilename)
 	if err != nil {
diff --git a/vendor/github.com/theupdateframework/go-tuf/requirements-test.txt b/vendor/github.com/theupdateframework/go-tuf/requirements-test.txt
index 00f20734b..23822eecf 100644
--- a/vendor/github.com/theupdateframework/go-tuf/requirements-test.txt
+++ b/vendor/github.com/theupdateframework/go-tuf/requirements-test.txt
@@ -1,5 +1,5 @@
-iso8601==1.1.0
-requests==2.28.2
-securesystemslib==0.26.0
+iso8601==2.0.0
+requests==2.31.0
+securesystemslib==0.28.0
 six==1.16.0
-tuf==2.0.0
+tuf==3.0.0
diff --git a/vendor/github.com/theupdateframework/go-tuf/sign/sign.go b/vendor/github.com/theupdateframework/go-tuf/sign/sign.go
index 6b15b6b4f..e31b5465d 100644
--- a/vendor/github.com/theupdateframework/go-tuf/sign/sign.go
+++ b/vendor/github.com/theupdateframework/go-tuf/sign/sign.go
@@ -2,46 +2,65 @@ package sign
 
 import (
 	"encoding/json"
+	"errors"
 
 	"github.com/secure-systems-lab/go-securesystemslib/cjson"
 	"github.com/theupdateframework/go-tuf/data"
 	"github.com/theupdateframework/go-tuf/pkg/keys"
 )
 
-func Sign(s *data.Signed, k keys.Signer) error {
+const maxSignatures = 1024
+
+// MakeSignatures creates data.Signatures for canonical using signer k.
+//
+// There will be one data.Signature for each of k's IDs, each wih the same
+// signature data.
+func MakeSignatures(canonical []byte, k keys.Signer) ([]data.Signature, error) {
+	sigData, err := k.SignMessage(canonical)
+	if err != nil {
+		return nil, err
+	}
+
 	ids := k.PublicData().IDs()
-	signatures := make([]data.Signature, 0, len(s.Signatures)+1)
-	for _, sig := range s.Signatures {
-		found := false
-		for _, id := range ids {
-			if sig.KeyID == id {
-				found = true
-				break
-			}
-		}
-		if !found {
-			signatures = append(signatures, sig)
-		}
+	signatures := make([]data.Signature, 0, len(ids))
+	for _, id := range ids {
+		signatures = append(signatures, data.Signature{
+			KeyID:     id,
+			Signature: sigData,
+		})
 	}
 
+	return signatures, nil
+}
+
+// Sign signs the to-be-signed part of s using the signer k.
+//
+// The new signature(s) (one for each of k's key IDs) are appended to
+// s.Signatures. Existing signatures for the Key IDs are replaced.
+func Sign(s *data.Signed, k keys.Signer) error {
 	canonical, err := cjson.EncodeCanonical(s.Signed)
 	if err != nil {
 		return err
 	}
 
-	sig, err := k.SignMessage(canonical)
+	size := len(s.Signatures)
+	if size > maxSignatures-1 {
+		return errors.New("value too large")
+	}
+	signatures := make([]data.Signature, 0, size+1)
+	for _, oldSig := range s.Signatures {
+		if !k.PublicData().ContainsID(oldSig.KeyID) {
+			signatures = append(signatures, oldSig)
+		}
+	}
+
+	newSigs, err := MakeSignatures(canonical, k)
 	if err != nil {
 		return err
 	}
+	signatures = append(signatures, newSigs...)
 
 	s.Signatures = signatures
-	for _, id := range ids {
-		s.Signatures = append(s.Signatures, data.Signature{
-			KeyID:     id,
-			Signature: sig,
-		})
-	}
-
 	return nil
 }
 
diff --git a/vendor/github.com/tinylib/msgp/LICENSE b/vendor/github.com/tinylib/msgp/LICENSE
new file mode 100644
index 000000000..14d60424e
--- /dev/null
+++ b/vendor/github.com/tinylib/msgp/LICENSE
@@ -0,0 +1,8 @@
+Copyright (c) 2014 Philip Hofer
+Portions Copyright (c) 2009 The Go Authors (license at http://golang.org) where indicated
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
\ No newline at end of file
diff --git a/vendor/github.com/tinylib/msgp/msgp/advise_linux.go b/vendor/github.com/tinylib/msgp/msgp/advise_linux.go
new file mode 100644
index 000000000..d2a66857b
--- /dev/null
+++ b/vendor/github.com/tinylib/msgp/msgp/advise_linux.go
@@ -0,0 +1,25 @@
+//go:build linux && !appengine && !tinygo
+// +build linux,!appengine,!tinygo
+
+package msgp
+
+import (
+	"os"
+	"syscall"
+)
+
+func adviseRead(mem []byte) {
+	syscall.Madvise(mem, syscall.MADV_SEQUENTIAL|syscall.MADV_WILLNEED)
+}
+
+func adviseWrite(mem []byte) {
+	syscall.Madvise(mem, syscall.MADV_SEQUENTIAL)
+}
+
+func fallocate(f *os.File, sz int64) error {
+	err := syscall.Fallocate(int(f.Fd()), 0, 0, sz)
+	if err == syscall.ENOTSUP {
+		return f.Truncate(sz)
+	}
+	return err
+}
diff --git a/vendor/github.com/tinylib/msgp/msgp/advise_other.go b/vendor/github.com/tinylib/msgp/msgp/advise_other.go
new file mode 100644
index 000000000..1b6ed5727
--- /dev/null
+++ b/vendor/github.com/tinylib/msgp/msgp/advise_other.go
@@ -0,0 +1,18 @@
+//go:build (!linux && !tinygo) || appengine
+// +build !linux,!tinygo appengine
+
+package msgp
+
+import (
+	"os"
+)
+
+// TODO: darwin, BSD support
+
+func adviseRead(mem []byte) {}
+
+func adviseWrite(mem []byte) {}
+
+func fallocate(f *os.File, sz int64) error {
+	return f.Truncate(sz)
+}
diff --git a/vendor/github.com/tinylib/msgp/msgp/circular.go b/vendor/github.com/tinylib/msgp/msgp/circular.go
new file mode 100644
index 000000000..a0434c7ea
--- /dev/null
+++ b/vendor/github.com/tinylib/msgp/msgp/circular.go
@@ -0,0 +1,39 @@
+package msgp
+
+type timer interface {
+	StartTimer()
+	StopTimer()
+}
+
+// EndlessReader is an io.Reader
+// that loops over the same data
+// endlessly. It is used for benchmarking.
+type EndlessReader struct {
+	tb     timer
+	data   []byte
+	offset int
+}
+
+// NewEndlessReader returns a new endless reader
+func NewEndlessReader(b []byte, tb timer) *EndlessReader {
+	return &EndlessReader{tb: tb, data: b, offset: 0}
+}
+
+// Read implements io.Reader. In practice, it
+// always returns (len(p), nil), although it
+// fills the supplied slice while the benchmark
+// timer is stopped.
+func (c *EndlessReader) Read(p []byte) (int, error) {
+	c.tb.StopTimer()
+	var n int
+	l := len(p)
+	m := len(c.data)
+	for n < l {
+		nn := copy(p[n:], c.data[c.offset:])
+		n += nn
+		c.offset += nn
+		c.offset %= m
+	}
+	c.tb.StartTimer()
+	return n, nil
+}
diff --git a/vendor/github.com/tinylib/msgp/msgp/defs.go b/vendor/github.com/tinylib/msgp/msgp/defs.go
new file mode 100644
index 000000000..e265aa4f8
--- /dev/null
+++ b/vendor/github.com/tinylib/msgp/msgp/defs.go
@@ -0,0 +1,147 @@
+// This package is the support library for the msgp code generator (http://github.com/tinylib/msgp).
+//
+// This package defines the utilites used by the msgp code generator for encoding and decoding MessagePack
+// from []byte and io.Reader/io.Writer types. Much of this package is devoted to helping the msgp code
+// generator implement the Marshaler/Unmarshaler and Encodable/Decodable interfaces.
+//
+// This package defines four "families" of functions:
+//   - AppendXxxx() appends an object to a []byte in MessagePack encoding.
+//   - ReadXxxxBytes() reads an object from a []byte and returns the remaining bytes.
+//   - (*Writer).WriteXxxx() writes an object to the buffered *Writer type.
+//   - (*Reader).ReadXxxx() reads an object from a buffered *Reader type.
+//
+// Once a type has satisfied the `Encodable` and `Decodable` interfaces,
+// it can be written and read from arbitrary `io.Writer`s and `io.Reader`s using
+//
+//	msgp.Encode(io.Writer, msgp.Encodable)
+//
+// and
+//
+//	msgp.Decode(io.Reader, msgp.Decodable)
+//
+// There are also methods for converting MessagePack to JSON without
+// an explicit de-serialization step.
+//
+// For additional tips, tricks, and gotchas, please visit
+// the wiki at http://github.com/tinylib/msgp
+package msgp
+
+const (
+	last4  = 0x0f
+	first4 = 0xf0
+	last5  = 0x1f
+	first3 = 0xe0
+	last7  = 0x7f
+)
+
+func isfixint(b byte) bool {
+	return b>>7 == 0
+}
+
+func isnfixint(b byte) bool {
+	return b&first3 == mnfixint
+}
+
+func isfixmap(b byte) bool {
+	return b&first4 == mfixmap
+}
+
+func isfixarray(b byte) bool {
+	return b&first4 == mfixarray
+}
+
+func isfixstr(b byte) bool {
+	return b&first3 == mfixstr
+}
+
+func wfixint(u uint8) byte {
+	return u & last7
+}
+
+func rfixint(b byte) uint8 {
+	return b
+}
+
+func wnfixint(i int8) byte {
+	return byte(i) | mnfixint
+}
+
+func rnfixint(b byte) int8 {
+	return int8(b)
+}
+
+func rfixmap(b byte) uint8 {
+	return b & last4
+}
+
+func wfixmap(u uint8) byte {
+	return mfixmap | (u & last4)
+}
+
+func rfixstr(b byte) uint8 {
+	return b & last5
+}
+
+func wfixstr(u uint8) byte {
+	return (u & last5) | mfixstr
+}
+
+func rfixarray(b byte) uint8 {
+	return (b & last4)
+}
+
+func wfixarray(u uint8) byte {
+	return (u & last4) | mfixarray
+}
+
+// These are all the byte
+// prefixes defined by the
+// msgpack standard
+const (
+	// 0XXXXXXX
+	mfixint uint8 = 0x00
+
+	// 111XXXXX
+	mnfixint uint8 = 0xe0
+
+	// 1000XXXX
+	mfixmap uint8 = 0x80
+
+	// 1001XXXX
+	mfixarray uint8 = 0x90
+
+	// 101XXXXX
+	mfixstr uint8 = 0xa0
+
+	mnil      uint8 = 0xc0
+	mfalse    uint8 = 0xc2
+	mtrue     uint8 = 0xc3
+	mbin8     uint8 = 0xc4
+	mbin16    uint8 = 0xc5
+	mbin32    uint8 = 0xc6
+	mext8     uint8 = 0xc7
+	mext16    uint8 = 0xc8
+	mext32    uint8 = 0xc9
+	mfloat32  uint8 = 0xca
+	mfloat64  uint8 = 0xcb
+	muint8    uint8 = 0xcc
+	muint16   uint8 = 0xcd
+	muint32   uint8 = 0xce
+	muint64   uint8 = 0xcf
+	mint8     uint8 = 0xd0
+	mint16    uint8 = 0xd1
+	mint32    uint8 = 0xd2
+	mint64    uint8 = 0xd3
+	mfixext1  uint8 = 0xd4
+	mfixext2  uint8 = 0xd5
+	mfixext4  uint8 = 0xd6
+	mfixext8  uint8 = 0xd7
+	mfixext16 uint8 = 0xd8
+	mstr8     uint8 = 0xd9
+	mstr16    uint8 = 0xda
+	mstr32    uint8 = 0xdb
+	marray16  uint8 = 0xdc
+	marray32  uint8 = 0xdd
+	mmap16    uint8 = 0xde
+	mmap32    uint8 = 0xdf
+)
diff --git a/vendor/github.com/tinylib/msgp/msgp/edit.go b/vendor/github.com/tinylib/msgp/msgp/edit.go
new file mode 100644
index 000000000..b473a6f66
--- /dev/null
+++ b/vendor/github.com/tinylib/msgp/msgp/edit.go
@@ -0,0 +1,242 @@
+package msgp
+
+import (
+	"math"
+)
+
+// Locate returns a []byte pointing to the field
+// in a messagepack map with the provided key. (The returned []byte
+// points to a sub-slice of 'raw'; Locate does no allocations.) If the
+// key doesn't exist in the map, a zero-length []byte will be returned.
+func Locate(key string, raw []byte) []byte {
+	s, n := locate(raw, key)
+	return raw[s:n]
+}
+
+// Replace takes a key ("key") in a messagepack map ("raw")
+// and replaces its value with the one provided and returns
+// the new []byte. The returned []byte may point to the same
+// memory as "raw". Replace makes no effort to evaluate the validity
+// of the contents of 'val'. It may use up to the full capacity of 'raw.'
+// Replace returns 'nil' if the field doesn't exist or if the object in 'raw'
+// is not a map.
+func Replace(key string, raw []byte, val []byte) []byte {
+	start, end := locate(raw, key)
+	if start == end {
+		return nil
+	}
+	return replace(raw, start, end, val, true)
+}
+
+// CopyReplace works similarly to Replace except that the returned
+// byte slice does not point to the same memory as 'raw'. CopyReplace
+// returns 'nil' if the field doesn't exist or 'raw' isn't a map.
+func CopyReplace(key string, raw []byte, val []byte) []byte {
+	start, end := locate(raw, key)
+	if start == end {
+		return nil
+	}
+	return replace(raw, start, end, val, false)
+}
+
+// Remove removes a key-value pair from 'raw'. It returns
+// 'raw' unchanged if the key didn't exist.
+func Remove(key string, raw []byte) []byte {
+	start, end := locateKV(raw, key)
+	if start == end {
+		return raw
+	}
+	raw = raw[:start+copy(raw[start:], raw[end:])]
+	return resizeMap(raw, -1)
+}
+
+// HasKey returns whether the map in 'raw' has
+// a field with key 'key'
+func HasKey(key string, raw []byte) bool {
+	sz, bts, err := ReadMapHeaderBytes(raw)
+	if err != nil {
+		return false
+	}
+	var field []byte
+	for i := uint32(0); i < sz; i++ {
+		field, bts, err = ReadStringZC(bts)
+		if err != nil {
+			return false
+		}
+		if UnsafeString(field) == key {
+			return true
+		}
+	}
+	return false
+}
+
+func replace(raw []byte, start int, end int, val []byte, inplace bool) []byte {
+	ll := end - start // length of segment to replace
+	lv := len(val)
+
+	if inplace {
+		extra := lv - ll
+
+		// fastest case: we're doing
+		// a 1:1 replacement
+		if extra == 0 {
+			copy(raw[start:], val)
+			return raw
+
+		} else if extra < 0 {
+			// 'val' smaller than replaced value
+			// copy in place and shift back
+
+			x := copy(raw[start:], val)
+			y := copy(raw[start+x:], raw[end:])
+			return raw[:start+x+y]
+
+		} else if extra < cap(raw)-len(raw) {
+			// 'val' less than (cap-len) extra bytes
+			// copy in place and shift forward
+			raw = raw[0 : len(raw)+extra]
+			// shift end forward
+			copy(raw[end+extra:], raw[end:])
+			copy(raw[start:], val)
+			return raw
+		}
+	}
+
+	// we have to allocate new space
+	out := make([]byte, len(raw)+len(val)-ll)
+	x := copy(out, raw[:start])
+	y := copy(out[x:], val)
+	copy(out[x+y:], raw[end:])
+	return out
+}
+
+// locate does a naive O(n) search for the map key; returns start, end
+// (returns 0,0 on error)
+func locate(raw []byte, key string) (start int, end int) {
+	var (
+		sz    uint32
+		bts   []byte
+		field []byte
+		err   error
+	)
+	sz, bts, err = ReadMapHeaderBytes(raw)
+	if err != nil {
+		return
+	}
+
+	// loop and locate field
+	for i := uint32(0); i < sz; i++ {
+		field, bts, err = ReadStringZC(bts)
+		if err != nil {
+			return 0, 0
+		}
+		if UnsafeString(field) == key {
+			// start location
+			l := len(raw)
+			start = l - len(bts)
+			bts, err = Skip(bts)
+			if err != nil {
+				return 0, 0
+			}
+			end = l - len(bts)
+			return
+		}
+		bts, err = Skip(bts)
+		if err != nil {
+			return 0, 0
+		}
+	}
+	return 0, 0
+}
+
+// locate key AND value
+func locateKV(raw []byte, key string) (start int, end int) {
+	var (
+		sz    uint32
+		bts   []byte
+		field []byte
+		err   error
+	)
+	sz, bts, err = ReadMapHeaderBytes(raw)
+	if err != nil {
+		return 0, 0
+	}
+
+	for i := uint32(0); i < sz; i++ {
+		tmp := len(bts)
+		field, bts, err = ReadStringZC(bts)
+		if err != nil {
+			return 0, 0
+		}
+		if UnsafeString(field) == key {
+			start = len(raw) - tmp
+			bts, err = Skip(bts)
+			if err != nil {
+				return 0, 0
+			}
+			end = len(raw) - len(bts)
+			return
+		}
+		bts, err = Skip(bts)
+		if err != nil {
+			return 0, 0
+		}
+	}
+	return 0, 0
+}
+
+// delta is delta on map size
+func resizeMap(raw []byte, delta int64) []byte {
+	var sz int64
+	switch raw[0] {
+	case mmap16:
+		sz = int64(big.Uint16(raw[1:]))
+		if sz+delta <= math.MaxUint16 {
+			big.PutUint16(raw[1:], uint16(sz+delta))
+			return raw
+		}
+		if cap(raw)-len(raw) >= 2 {
+			raw = raw[0 : len(raw)+2]
+			copy(raw[5:], raw[3:])
+			raw[0] = mmap32
+			big.PutUint32(raw[1:], uint32(sz+delta))
+			return raw
+		}
+		n := make([]byte, 0, len(raw)+5)
+		n = AppendMapHeader(n, uint32(sz+delta))
+		return append(n, raw[3:]...)
+
+	case mmap32:
+		sz = int64(big.Uint32(raw[1:]))
+		big.PutUint32(raw[1:], uint32(sz+delta))
+		return raw
+
+	default:
+		sz = int64(rfixmap(raw[0]))
+		if sz+delta < 16 {
+			raw[0] = wfixmap(uint8(sz + delta))
+			return raw
+		} else if sz+delta <= math.MaxUint16 {
+			if cap(raw)-len(raw) >= 2 {
+				raw = raw[0 : len(raw)+2]
+				copy(raw[3:], raw[1:])
+				raw[0] = mmap16
+				big.PutUint16(raw[1:], uint16(sz+delta))
+				return raw
+			}
+			n := make([]byte, 0, len(raw)+5)
+			n = AppendMapHeader(n, uint32(sz+delta))
+			return append(n, raw[1:]...)
+		}
+		if cap(raw)-len(raw) >= 4 {
+			raw = raw[0 : len(raw)+4]
+			copy(raw[5:], raw[1:])
+			raw[0] = mmap32
+			big.PutUint32(raw[1:], uint32(sz+delta))
+			return raw
+		}
+		n := make([]byte, 0, len(raw)+5)
+		n = AppendMapHeader(n, uint32(sz+delta))
+		return append(n, raw[1:]...)
+	}
+}
diff --git a/vendor/github.com/tinylib/msgp/msgp/elsize.go b/vendor/github.com/tinylib/msgp/msgp/elsize.go
new file mode 100644
index 000000000..a05b0b21c
--- /dev/null
+++ b/vendor/github.com/tinylib/msgp/msgp/elsize.go
@@ -0,0 +1,128 @@
+package msgp
+
+func calcBytespec(v byte) bytespec {
+	// single byte values
+	switch v {
+
+	case mnil:
+		return bytespec{size: 1, extra: constsize, typ: NilType}
+	case mfalse:
+		return bytespec{size: 1, extra: constsize, typ: BoolType}
+	case mtrue:
+		return bytespec{size: 1, extra: constsize, typ: BoolType}
+	case mbin8:
+		return bytespec{size: 2, extra: extra8, typ: BinType}
+	case mbin16:
+		return bytespec{size: 3, extra: extra16, typ: BinType}
+	case mbin32:
+		return bytespec{size: 5, extra: extra32, typ: BinType}
+	case mext8:
+		return bytespec{size: 3, extra: extra8, typ: ExtensionType}
+	case mext16:
+		return bytespec{size: 4, extra: extra16, typ: ExtensionType}
+	case mext32:
+		return bytespec{size: 6, extra: extra32, typ: ExtensionType}
+	case mfloat32:
+		return bytespec{size: 5, extra: constsize, typ: Float32Type}
+	case mfloat64:
+		return bytespec{size: 9, extra: constsize, typ: Float64Type}
+	case muint8:
+		return bytespec{size: 2, extra: constsize, typ: UintType}
+	case muint16:
+		return bytespec{size: 3, extra: constsize, typ: UintType}
+	case muint32:
+		return bytespec{size: 5, extra: constsize, typ: UintType}
+	case muint64:
+		return bytespec{size: 9, extra: constsize, typ: UintType}
+	case mint8:
+		return bytespec{size: 2, extra: constsize, typ: IntType}
+	case mint16:
+		return bytespec{size: 3, extra: constsize, typ: IntType}
+	case mint32:
+		return bytespec{size: 5, extra: constsize, typ: IntType}
+	case mint64:
+		return bytespec{size: 9, extra: constsize, typ: IntType}
+	case mfixext1:
+		return bytespec{size: 3, extra: constsize, typ: ExtensionType}
+	case mfixext2:
+		return bytespec{size: 4, extra: constsize, typ: ExtensionType}
+	case mfixext4:
+		return bytespec{size: 6, extra: constsize, typ: ExtensionType}
+	case mfixext8:
+		return bytespec{size: 10, extra: constsize, typ: ExtensionType}
+	case mfixext16:
+		return bytespec{size: 18, extra: constsize, typ: ExtensionType}
+	case mstr8:
+		return bytespec{size: 2, extra: extra8, typ: StrType}
+	case mstr16:
+		return bytespec{size: 3, extra: extra16, typ: StrType}
+	case mstr32:
+		return bytespec{size: 5, extra: extra32, typ: StrType}
+	case marray16:
+		return bytespec{size: 3, extra: array16v, typ: ArrayType}
+	case marray32:
+		return bytespec{size: 5, extra: array32v, typ: ArrayType}
+	case mmap16:
+		return bytespec{size: 3, extra: map16v, typ: MapType}
+	case mmap32:
+		return bytespec{size: 5, extra: map32v, typ: MapType}
+	}
+
+	switch {
+
+	// fixint
+	case v >= mfixint && v < 0x80:
+		return bytespec{size: 1, extra: constsize, typ: IntType}
+
+	// fixstr gets constsize, since the prefix yields the size
+	case v >= mfixstr && v < 0xc0:
+		return bytespec{size: 1 + rfixstr(v), extra: constsize, typ: StrType}
+
+	// fixmap
+	case v >= mfixmap && v < 0x90:
+		return bytespec{size: 1, extra: varmode(2 * rfixmap(v)), typ: MapType}
+
+	// fixarray
+	case v >= mfixarray && v < 0xa0:
+		return bytespec{size: 1, extra: varmode(rfixarray(v)), typ: ArrayType}
+
+	// nfixint
+	case v >= mnfixint && uint16(v) < 0x100:
+		return bytespec{size: 1, extra: constsize, typ: IntType}
+
+	}
+
+	// 0xC1 is unused per the spec and falls through to here,
+	// everything else is covered above
+
+	return bytespec{}
+}
+
+func getType(v byte) Type {
+	return getBytespec(v).typ
+}
+
+// a valid bytespsec has
+// non-zero 'size' and
+// non-zero 'typ'
+type bytespec struct {
+	size  uint8   // prefix size information
+	extra varmode // extra size information
+	typ   Type    // type
+	_     byte    // makes bytespec 4 bytes (yes, this matters)
+}
+
+// size mode
+// if positive, # elements for composites
+type varmode int8
+
+const (
+	constsize varmode = 0  // constant size (size bytes + uint8(varmode) objects)
+	extra8    varmode = -1 // has uint8(p[1]) extra bytes
+	extra16   varmode = -2 // has be16(p[1:]) extra bytes
+	extra32   varmode = -3 // has be32(p[1:]) extra bytes
+	map16v    varmode = -4 // use map16
+	map32v    varmode = -5 // use map32
+	array16v  varmode = -6 // use array16
+	array32v  varmode = -7 // use array32
+)
diff --git a/vendor/github.com/tinylib/msgp/msgp/elsize_default.go b/vendor/github.com/tinylib/msgp/msgp/elsize_default.go
new file mode 100644
index 000000000..e7e8b547a
--- /dev/null
+++ b/vendor/github.com/tinylib/msgp/msgp/elsize_default.go
@@ -0,0 +1,21 @@
+//go:build !tinygo
+// +build !tinygo
+
+package msgp
+
+// size of every object on the wire,
+// plus type information. gives us
+// constant-time type information
+// for traversing composite objects.
+var sizes [256]bytespec
+
+func init() {
+	for i := 0; i < 256; i++ {
+		sizes[i] = calcBytespec(byte(i))
+	}
+}
+
+// getBytespec gets inlined to a simple array index
+func getBytespec(v byte) bytespec {
+	return sizes[v]
+}
diff --git a/vendor/github.com/tinylib/msgp/msgp/elsize_tinygo.go b/vendor/github.com/tinylib/msgp/msgp/elsize_tinygo.go
new file mode 100644
index 000000000..041f4ad69
--- /dev/null
+++ b/vendor/github.com/tinylib/msgp/msgp/elsize_tinygo.go
@@ -0,0 +1,13 @@
+//go:build tinygo
+// +build tinygo
+
+package msgp
+
+// for tinygo, getBytespec just calls calcBytespec
+// a simple/slow function with a switch statement -
+// doesn't require any heap alloc, moves the space
+// requirements into code instad of ram
+
+func getBytespec(v byte) bytespec {
+	return calcBytespec(v)
+}
diff --git a/vendor/github.com/tinylib/msgp/msgp/errors.go b/vendor/github.com/tinylib/msgp/msgp/errors.go
new file mode 100644
index 000000000..4f19359a2
--- /dev/null
+++ b/vendor/github.com/tinylib/msgp/msgp/errors.go
@@ -0,0 +1,359 @@
+package msgp
+
+import (
+	"reflect"
+	"strconv"
+)
+
+const resumableDefault = false
+
+var (
+	// ErrShortBytes is returned when the
+	// slice being decoded is too short to
+	// contain the contents of the message
+	ErrShortBytes error = errShort{}
+
+	// this error is only returned
+	// if we reach code that should
+	// be unreachable
+	fatal error = errFatal{}
+)
+
+// Error is the interface satisfied
+// by all of the errors that originate
+// from this package.
+type Error interface {
+	error
+
+	// Resumable returns whether
+	// or not the error means that
+	// the stream of data is malformed
+	// and the information is unrecoverable.
+	Resumable() bool
+}
+
+// contextError allows msgp Error instances to be enhanced with additional
+// context about their origin.
+type contextError interface {
+	Error
+
+	// withContext must not modify the error instance - it must clone and
+	// return a new error with the context added.
+	withContext(ctx string) error
+}
+
+// Cause returns the underlying cause of an error that has been wrapped
+// with additional context.
+func Cause(e error) error {
+	out := e
+	if e, ok := e.(errWrapped); ok && e.cause != nil {
+		out = e.cause
+	}
+	return out
+}
+
+// Resumable returns whether or not the error means that the stream of data is
+// malformed and the information is unrecoverable.
+func Resumable(e error) bool {
+	if e, ok := e.(Error); ok {
+		return e.Resumable()
+	}
+	return resumableDefault
+}
+
+// WrapError wraps an error with additional context that allows the part of the
+// serialized type that caused the problem to be identified. Underlying errors
+// can be retrieved using Cause()
+//
+// The input error is not modified - a new error should be returned.
+//
+// ErrShortBytes is not wrapped with any context due to backward compatibility
+// issues with the public API.
+func WrapError(err error, ctx ...interface{}) error {
+	switch e := err.(type) {
+	case errShort:
+		return e
+	case contextError:
+		return e.withContext(ctxString(ctx))
+	default:
+		return errWrapped{cause: err, ctx: ctxString(ctx)}
+	}
+}
+
+func addCtx(ctx, add string) string {
+	if ctx != "" {
+		return add + "/" + ctx
+	} else {
+		return add
+	}
+}
+
+// errWrapped allows arbitrary errors passed to WrapError to be enhanced with
+// context and unwrapped with Cause()
+type errWrapped struct {
+	cause error
+	ctx   string
+}
+
+func (e errWrapped) Error() string {
+	if e.ctx != "" {
+		return e.cause.Error() + " at " + e.ctx
+	} else {
+		return e.cause.Error()
+	}
+}
+
+func (e errWrapped) Resumable() bool {
+	if e, ok := e.cause.(Error); ok {
+		return e.Resumable()
+	}
+	return resumableDefault
+}
+
+// Unwrap returns the cause.
+func (e errWrapped) Unwrap() error { return e.cause }
+
+type errShort struct{}
+
+func (e errShort) Error() string   { return "msgp: too few bytes left to read object" }
+func (e errShort) Resumable() bool { return false }
+
+type errFatal struct {
+	ctx string
+}
+
+func (f errFatal) Error() string {
+	out := "msgp: fatal decoding error (unreachable code)"
+	if f.ctx != "" {
+		out += " at " + f.ctx
+	}
+	return out
+}
+
+func (f errFatal) Resumable() bool { return false }
+
+func (f errFatal) withContext(ctx string) error { f.ctx = addCtx(f.ctx, ctx); return f }
+
+// ArrayError is an error returned
+// when decoding a fix-sized array
+// of the wrong size
+type ArrayError struct {
+	Wanted uint32
+	Got    uint32
+	ctx    string
+}
+
+// Error implements the error interface
+func (a ArrayError) Error() string {
+	out := "msgp: wanted array of size " + strconv.Itoa(int(a.Wanted)) + "; got " + strconv.Itoa(int(a.Got))
+	if a.ctx != "" {
+		out += " at " + a.ctx
+	}
+	return out
+}
+
+// Resumable is always 'true' for ArrayErrors
+func (a ArrayError) Resumable() bool { return true }
+
+func (a ArrayError) withContext(ctx string) error { a.ctx = addCtx(a.ctx, ctx); return a }
+
+// IntOverflow is returned when a call
+// would downcast an integer to a type
+// with too few bits to hold its value.
+type IntOverflow struct {
+	Value         int64 // the value of the integer
+	FailedBitsize int   // the bit size that the int64 could not fit into
+	ctx           string
+}
+
+// Error implements the error interface
+func (i IntOverflow) Error() string {
+	str := "msgp: " + strconv.FormatInt(i.Value, 10) + " overflows int" + strconv.Itoa(i.FailedBitsize)
+	if i.ctx != "" {
+		str += " at " + i.ctx
+	}
+	return str
+}
+
+// Resumable is always 'true' for overflows
+func (i IntOverflow) Resumable() bool { return true }
+
+func (i IntOverflow) withContext(ctx string) error { i.ctx = addCtx(i.ctx, ctx); return i }
+
+// UintOverflow is returned when a call
+// would downcast an unsigned integer to a type
+// with too few bits to hold its value
+type UintOverflow struct {
+	Value         uint64 // value of the uint
+	FailedBitsize int    // the bit size that couldn't fit the value
+	ctx           string
+}
+
+// Error implements the error interface
+func (u UintOverflow) Error() string {
+	str := "msgp: " + strconv.FormatUint(u.Value, 10) + " overflows uint" + strconv.Itoa(u.FailedBitsize)
+	if u.ctx != "" {
+		str += " at " + u.ctx
+	}
+	return str
+}
+
+// Resumable is always 'true' for overflows
+func (u UintOverflow) Resumable() bool { return true }
+
+func (u UintOverflow) withContext(ctx string) error { u.ctx = addCtx(u.ctx, ctx); return u }
+
+// UintBelowZero is returned when a call
+// would cast a signed integer below zero
+// to an unsigned integer.
+type UintBelowZero struct {
+	Value int64 // value of the incoming int
+	ctx   string
+}
+
+// Error implements the error interface
+func (u UintBelowZero) Error() string {
+	str := "msgp: attempted to cast int " + strconv.FormatInt(u.Value, 10) + " to unsigned"
+	if u.ctx != "" {
+		str += " at " + u.ctx
+	}
+	return str
+}
+
+// Resumable is always 'true' for overflows
+func (u UintBelowZero) Resumable() bool { return true }
+
+func (u UintBelowZero) withContext(ctx string) error {
+	u.ctx = ctx
+	return u
+}
+
+// A TypeError is returned when a particular
+// decoding method is unsuitable for decoding
+// a particular MessagePack value.
+type TypeError struct {
+	Method  Type // Type expected by method
+	Encoded Type // Type actually encoded
+
+	ctx string
+}
+
+// Error implements the error interface
+func (t TypeError) Error() string {
+	out := "msgp: attempted to decode type " + quoteStr(t.Encoded.String()) + " with method for " + quoteStr(t.Method.String())
+	if t.ctx != "" {
+		out += " at " + t.ctx
+	}
+	return out
+}
+
+// Resumable returns 'true' for TypeErrors
+func (t TypeError) Resumable() bool { return true }
+
+func (t TypeError) withContext(ctx string) error { t.ctx = addCtx(t.ctx, ctx); return t }
+
+// returns either InvalidPrefixError or
+// TypeError depending on whether or not
+// the prefix is recognized
+func badPrefix(want Type, lead byte) error {
+	t := getType(lead)
+	if t == InvalidType {
+		return InvalidPrefixError(lead)
+	}
+	return TypeError{Method: want, Encoded: t}
+}
+
+// InvalidPrefixError is returned when a bad encoding
+// uses a prefix that is not recognized in the MessagePack standard.
+// This kind of error is unrecoverable.
+type InvalidPrefixError byte
+
+// Error implements the error interface
+func (i InvalidPrefixError) Error() string {
+	return "msgp: unrecognized type prefix 0x" + strconv.FormatInt(int64(i), 16)
+}
+
+// Resumable returns 'false' for InvalidPrefixErrors
+func (i InvalidPrefixError) Resumable() bool { return false }
+
+// ErrUnsupportedType is returned
+// when a bad argument is supplied
+// to a function that takes `interface{}`.
+type ErrUnsupportedType struct {
+	T reflect.Type
+
+	ctx string
+}
+
+// Error implements error
+func (e *ErrUnsupportedType) Error() string {
+	out := "msgp: type " + quoteStr(e.T.String()) + " not supported"
+	if e.ctx != "" {
+		out += " at " + e.ctx
+	}
+	return out
+}
+
+// Resumable returns 'true' for ErrUnsupportedType
+func (e *ErrUnsupportedType) Resumable() bool { return true }
+
+func (e *ErrUnsupportedType) withContext(ctx string) error {
+	o := *e
+	o.ctx = addCtx(o.ctx, ctx)
+	return &o
+}
+
+// simpleQuoteStr is a simplified version of strconv.Quote for TinyGo,
+// which takes up a lot less code space by escaping all non-ASCII
+// (UTF-8) bytes with \x.  Saves about 4k of code size
+// (unicode tables, needed for IsPrint(), are big).
+// It lives in errors.go just so we can test it in errors_test.go
+func simpleQuoteStr(s string) string {
+	const (
+		lowerhex = "0123456789abcdef"
+	)
+
+	sb := make([]byte, 0, len(s)+2)
+
+	sb = append(sb, `"`...)
+
+l: // loop through string bytes (not UTF-8 characters)
+	for i := 0; i < len(s); i++ {
+		b := s[i]
+		// specific escape chars
+		switch b {
+		case '\\':
+			sb = append(sb, `\\`...)
+		case '"':
+			sb = append(sb, `\"`...)
+		case '\a':
+			sb = append(sb, `\a`...)
+		case '\b':
+			sb = append(sb, `\b`...)
+		case '\f':
+			sb = append(sb, `\f`...)
+		case '\n':
+			sb = append(sb, `\n`...)
+		case '\r':
+			sb = append(sb, `\r`...)
+		case '\t':
+			sb = append(sb, `\t`...)
+		case '\v':
+			sb = append(sb, `\v`...)
+		default:
+			// no escaping needed (printable ASCII)
+			if b >= 0x20 && b <= 0x7E {
+				sb = append(sb, b)
+				continue l
+			}
+			// anything else is \x
+			sb = append(sb, `\x`...)
+			sb = append(sb, lowerhex[byte(b)>>4])
+			sb = append(sb, lowerhex[byte(b)&0xF])
+			continue l
+		}
+	}
+
+	sb = append(sb, `"`...)
+	return string(sb)
+}
diff --git a/vendor/github.com/tinylib/msgp/msgp/errors_default.go b/vendor/github.com/tinylib/msgp/msgp/errors_default.go
new file mode 100644
index 000000000..e45c00a8b
--- /dev/null
+++ b/vendor/github.com/tinylib/msgp/msgp/errors_default.go
@@ -0,0 +1,25 @@
+//go:build !tinygo
+// +build !tinygo
+
+package msgp
+
+import (
+	"fmt"
+	"strconv"
+)
+
+// ctxString converts the incoming interface{} slice into a single string.
+func ctxString(ctx []interface{}) string {
+	out := ""
+	for idx, cv := range ctx {
+		if idx > 0 {
+			out += "/"
+		}
+		out += fmt.Sprintf("%v", cv)
+	}
+	return out
+}
+
+func quoteStr(s string) string {
+	return strconv.Quote(s)
+}
diff --git a/vendor/github.com/tinylib/msgp/msgp/errors_tinygo.go b/vendor/github.com/tinylib/msgp/msgp/errors_tinygo.go
new file mode 100644
index 000000000..8691cd387
--- /dev/null
+++ b/vendor/github.com/tinylib/msgp/msgp/errors_tinygo.go
@@ -0,0 +1,42 @@
+//go:build tinygo
+// +build tinygo
+
+package msgp
+
+import (
+	"reflect"
+)
+
+// ctxString converts the incoming interface{} slice into a single string,
+// without using fmt under tinygo
+func ctxString(ctx []interface{}) string {
+	out := ""
+	for idx, cv := range ctx {
+		if idx > 0 {
+			out += "/"
+		}
+		out += ifToStr(cv)
+	}
+	return out
+}
+
+type stringer interface {
+	String() string
+}
+
+func ifToStr(i interface{}) string {
+	switch v := i.(type) {
+	case stringer:
+		return v.String()
+	case error:
+		return v.Error()
+	case string:
+		return v
+	default:
+		return reflect.ValueOf(i).String()
+	}
+}
+
+func quoteStr(s string) string {
+	return simpleQuoteStr(s)
+}
diff --git a/vendor/github.com/tinylib/msgp/msgp/extension.go b/vendor/github.com/tinylib/msgp/msgp/extension.go
new file mode 100644
index 000000000..b5ef3a4e3
--- /dev/null
+++ b/vendor/github.com/tinylib/msgp/msgp/extension.go
@@ -0,0 +1,550 @@
+package msgp
+
+import (
+	"errors"
+	"math"
+	"strconv"
+)
+
+const (
+	// Complex64Extension is the extension number used for complex64
+	Complex64Extension = 3
+
+	// Complex128Extension is the extension number used for complex128
+	Complex128Extension = 4
+
+	// TimeExtension is the extension number used for time.Time
+	TimeExtension = 5
+)
+
+// our extensions live here
+var extensionReg = make(map[int8]func() Extension)
+
+// RegisterExtension registers extensions so that they
+// can be initialized and returned by methods that
+// decode `interface{}` values. This should only
+// be called during initialization. f() should return
+// a newly-initialized zero value of the extension. Keep in
+// mind that extensions 3, 4, and 5 are reserved for
+// complex64, complex128, and time.Time, respectively,
+// and that MessagePack reserves extension types from -127 to -1.
+//
+// For example, if you wanted to register a user-defined struct:
+//
+//	msgp.RegisterExtension(10, func() msgp.Extension { &MyExtension{} })
+//
+// RegisterExtension will panic if you call it multiple times
+// with the same 'typ' argument, or if you use a reserved
+// type (3, 4, or 5).
+func RegisterExtension(typ int8, f func() Extension) {
+	switch typ {
+	case Complex64Extension, Complex128Extension, TimeExtension:
+		panic(errors.New("msgp: forbidden extension type: " + strconv.Itoa(int(typ))))
+	}
+	if _, ok := extensionReg[typ]; ok {
+		panic(errors.New("msgp: RegisterExtension() called with typ " + strconv.Itoa(int(typ)) + " more than once"))
+	}
+	extensionReg[typ] = f
+}
+
+// ExtensionTypeError is an error type returned
+// when there is a mis-match between an extension type
+// and the type encoded on the wire
+type ExtensionTypeError struct {
+	Got  int8
+	Want int8
+}
+
+// Error implements the error interface
+func (e ExtensionTypeError) Error() string {
+	return "msgp: error decoding extension: wanted type " + strconv.Itoa(int(e.Want)) + "; got type " + strconv.Itoa(int(e.Got))
+}
+
+// Resumable returns 'true' for ExtensionTypeErrors
+func (e ExtensionTypeError) Resumable() bool { return true }
+
+func errExt(got int8, wanted int8) error {
+	return ExtensionTypeError{Got: got, Want: wanted}
+}
+
+// Extension is the interface fulfilled
+// by types that want to define their
+// own binary encoding.
+type Extension interface {
+	// ExtensionType should return
+	// a int8 that identifies the concrete
+	// type of the extension. (Types <0 are
+	// officially reserved by the MessagePack
+	// specifications.)
+	ExtensionType() int8
+
+	// Len should return the length
+	// of the data to be encoded
+	Len() int
+
+	// MarshalBinaryTo should copy
+	// the data into the supplied slice,
+	// assuming that the slice has length Len()
+	MarshalBinaryTo([]byte) error
+
+	UnmarshalBinary([]byte) error
+}
+
+// RawExtension implements the Extension interface
+type RawExtension struct {
+	Data []byte
+	Type int8
+}
+
+// ExtensionType implements Extension.ExtensionType, and returns r.Type
+func (r *RawExtension) ExtensionType() int8 { return r.Type }
+
+// Len implements Extension.Len, and returns len(r.Data)
+func (r *RawExtension) Len() int { return len(r.Data) }
+
+// MarshalBinaryTo implements Extension.MarshalBinaryTo,
+// and returns a copy of r.Data
+func (r *RawExtension) MarshalBinaryTo(d []byte) error {
+	copy(d, r.Data)
+	return nil
+}
+
+// UnmarshalBinary implements Extension.UnmarshalBinary,
+// and sets r.Data to the contents of the provided slice
+func (r *RawExtension) UnmarshalBinary(b []byte) error {
+	if cap(r.Data) >= len(b) {
+		r.Data = r.Data[0:len(b)]
+	} else {
+		r.Data = make([]byte, len(b))
+	}
+	copy(r.Data, b)
+	return nil
+}
+
+// WriteExtension writes an extension type to the writer
+func (mw *Writer) WriteExtension(e Extension) error {
+	l := e.Len()
+	var err error
+	switch l {
+	case 0:
+		o, err := mw.require(3)
+		if err != nil {
+			return err
+		}
+		mw.buf[o] = mext8
+		mw.buf[o+1] = 0
+		mw.buf[o+2] = byte(e.ExtensionType())
+	case 1:
+		o, err := mw.require(2)
+		if err != nil {
+			return err
+		}
+		mw.buf[o] = mfixext1
+		mw.buf[o+1] = byte(e.ExtensionType())
+	case 2:
+		o, err := mw.require(2)
+		if err != nil {
+			return err
+		}
+		mw.buf[o] = mfixext2
+		mw.buf[o+1] = byte(e.ExtensionType())
+	case 4:
+		o, err := mw.require(2)
+		if err != nil {
+			return err
+		}
+		mw.buf[o] = mfixext4
+		mw.buf[o+1] = byte(e.ExtensionType())
+	case 8:
+		o, err := mw.require(2)
+		if err != nil {
+			return err
+		}
+		mw.buf[o] = mfixext8
+		mw.buf[o+1] = byte(e.ExtensionType())
+	case 16:
+		o, err := mw.require(2)
+		if err != nil {
+			return err
+		}
+		mw.buf[o] = mfixext16
+		mw.buf[o+1] = byte(e.ExtensionType())
+	default:
+		switch {
+		case l < math.MaxUint8:
+			o, err := mw.require(3)
+			if err != nil {
+				return err
+			}
+			mw.buf[o] = mext8
+			mw.buf[o+1] = byte(uint8(l))
+			mw.buf[o+2] = byte(e.ExtensionType())
+		case l < math.MaxUint16:
+			o, err := mw.require(4)
+			if err != nil {
+				return err
+			}
+			mw.buf[o] = mext16
+			big.PutUint16(mw.buf[o+1:], uint16(l))
+			mw.buf[o+3] = byte(e.ExtensionType())
+		default:
+			o, err := mw.require(6)
+			if err != nil {
+				return err
+			}
+			mw.buf[o] = mext32
+			big.PutUint32(mw.buf[o+1:], uint32(l))
+			mw.buf[o+5] = byte(e.ExtensionType())
+		}
+	}
+	// we can only write directly to the
+	// buffer if we're sure that it
+	// fits the object
+	if l <= mw.bufsize() {
+		o, err := mw.require(l)
+		if err != nil {
+			return err
+		}
+		return e.MarshalBinaryTo(mw.buf[o:])
+	}
+	// here we create a new buffer
+	// just large enough for the body
+	// and save it as the write buffer
+	err = mw.flush()
+	if err != nil {
+		return err
+	}
+	buf := make([]byte, l)
+	err = e.MarshalBinaryTo(buf)
+	if err != nil {
+		return err
+	}
+	mw.buf = buf
+	mw.wloc = l
+	return nil
+}
+
+// peek at the extension type, assuming the next
+// kind to be read is Extension
+func (m *Reader) peekExtensionType() (int8, error) {
+	p, err := m.R.Peek(2)
+	if err != nil {
+		return 0, err
+	}
+	spec := getBytespec(p[0])
+	if spec.typ != ExtensionType {
+		return 0, badPrefix(ExtensionType, p[0])
+	}
+	if spec.extra == constsize {
+		return int8(p[1]), nil
+	}
+	size := spec.size
+	p, err = m.R.Peek(int(size))
+	if err != nil {
+		return 0, err
+	}
+	return int8(p[size-1]), nil
+}
+
+// peekExtension peeks at the extension encoding type
+// (must guarantee at least 1 byte in 'b')
+func peekExtension(b []byte) (int8, error) {
+	spec := getBytespec(b[0])
+	size := spec.size
+	if spec.typ != ExtensionType {
+		return 0, badPrefix(ExtensionType, b[0])
+	}
+	if len(b) < int(size) {
+		return 0, ErrShortBytes
+	}
+	// for fixed extensions,
+	// the type information is in
+	// the second byte
+	if spec.extra == constsize {
+		return int8(b[1]), nil
+	}
+	// otherwise, it's in the last
+	// part of the prefix
+	return int8(b[size-1]), nil
+}
+
+// ReadExtension reads the next object from the reader
+// as an extension. ReadExtension will fail if the next
+// object in the stream is not an extension, or if
+// e.Type() is not the same as the wire type.
+func (m *Reader) ReadExtension(e Extension) (err error) {
+	var p []byte
+	p, err = m.R.Peek(2)
+	if err != nil {
+		return
+	}
+	lead := p[0]
+	var read int
+	var off int
+	switch lead {
+	case mfixext1:
+		if int8(p[1]) != e.ExtensionType() {
+			err = errExt(int8(p[1]), e.ExtensionType())
+			return
+		}
+		p, err = m.R.Peek(3)
+		if err != nil {
+			return
+		}
+		err = e.UnmarshalBinary(p[2:])
+		if err == nil {
+			_, err = m.R.Skip(3)
+		}
+		return
+
+	case mfixext2:
+		if int8(p[1]) != e.ExtensionType() {
+			err = errExt(int8(p[1]), e.ExtensionType())
+			return
+		}
+		p, err = m.R.Peek(4)
+		if err != nil {
+			return
+		}
+		err = e.UnmarshalBinary(p[2:])
+		if err == nil {
+			_, err = m.R.Skip(4)
+		}
+		return
+
+	case mfixext4:
+		if int8(p[1]) != e.ExtensionType() {
+			err = errExt(int8(p[1]), e.ExtensionType())
+			return
+		}
+		p, err = m.R.Peek(6)
+		if err != nil {
+			return
+		}
+		err = e.UnmarshalBinary(p[2:])
+		if err == nil {
+			_, err = m.R.Skip(6)
+		}
+		return
+
+	case mfixext8:
+		if int8(p[1]) != e.ExtensionType() {
+			err = errExt(int8(p[1]), e.ExtensionType())
+			return
+		}
+		p, err = m.R.Peek(10)
+		if err != nil {
+			return
+		}
+		err = e.UnmarshalBinary(p[2:])
+		if err == nil {
+			_, err = m.R.Skip(10)
+		}
+		return
+
+	case mfixext16:
+		if int8(p[1]) != e.ExtensionType() {
+			err = errExt(int8(p[1]), e.ExtensionType())
+			return
+		}
+		p, err = m.R.Peek(18)
+		if err != nil {
+			return
+		}
+		err = e.UnmarshalBinary(p[2:])
+		if err == nil {
+			_, err = m.R.Skip(18)
+		}
+		return
+
+	case mext8:
+		p, err = m.R.Peek(3)
+		if err != nil {
+			return
+		}
+		if int8(p[2]) != e.ExtensionType() {
+			err = errExt(int8(p[2]), e.ExtensionType())
+			return
+		}
+		read = int(uint8(p[1]))
+		off = 3
+
+	case mext16:
+		p, err = m.R.Peek(4)
+		if err != nil {
+			return
+		}
+		if int8(p[3]) != e.ExtensionType() {
+			err = errExt(int8(p[3]), e.ExtensionType())
+			return
+		}
+		read = int(big.Uint16(p[1:]))
+		off = 4
+
+	case mext32:
+		p, err = m.R.Peek(6)
+		if err != nil {
+			return
+		}
+		if int8(p[5]) != e.ExtensionType() {
+			err = errExt(int8(p[5]), e.ExtensionType())
+			return
+		}
+		read = int(big.Uint32(p[1:]))
+		off = 6
+
+	default:
+		err = badPrefix(ExtensionType, lead)
+		return
+	}
+
+	p, err = m.R.Peek(read + off)
+	if err != nil {
+		return
+	}
+	err = e.UnmarshalBinary(p[off:])
+	if err == nil {
+		_, err = m.R.Skip(read + off)
+	}
+	return
+}
+
+// AppendExtension appends a MessagePack extension to the provided slice
+func AppendExtension(b []byte, e Extension) ([]byte, error) {
+	l := e.Len()
+	var o []byte
+	var n int
+	switch l {
+	case 0:
+		o, n = ensure(b, 3)
+		o[n] = mext8
+		o[n+1] = 0
+		o[n+2] = byte(e.ExtensionType())
+		return o[:n+3], nil
+	case 1:
+		o, n = ensure(b, 3)
+		o[n] = mfixext1
+		o[n+1] = byte(e.ExtensionType())
+		n += 2
+	case 2:
+		o, n = ensure(b, 4)
+		o[n] = mfixext2
+		o[n+1] = byte(e.ExtensionType())
+		n += 2
+	case 4:
+		o, n = ensure(b, 6)
+		o[n] = mfixext4
+		o[n+1] = byte(e.ExtensionType())
+		n += 2
+	case 8:
+		o, n = ensure(b, 10)
+		o[n] = mfixext8
+		o[n+1] = byte(e.ExtensionType())
+		n += 2
+	case 16:
+		o, n = ensure(b, 18)
+		o[n] = mfixext16
+		o[n+1] = byte(e.ExtensionType())
+		n += 2
+	default:
+		switch {
+		case l < math.MaxUint8:
+			o, n = ensure(b, l+3)
+			o[n] = mext8
+			o[n+1] = byte(uint8(l))
+			o[n+2] = byte(e.ExtensionType())
+			n += 3
+		case l < math.MaxUint16:
+			o, n = ensure(b, l+4)
+			o[n] = mext16
+			big.PutUint16(o[n+1:], uint16(l))
+			o[n+3] = byte(e.ExtensionType())
+			n += 4
+		default:
+			o, n = ensure(b, l+6)
+			o[n] = mext32
+			big.PutUint32(o[n+1:], uint32(l))
+			o[n+5] = byte(e.ExtensionType())
+			n += 6
+		}
+	}
+	return o, e.MarshalBinaryTo(o[n:])
+}
+
+// ReadExtensionBytes reads an extension from 'b' into 'e'
+// and returns any remaining bytes.
+// Possible errors:
+// - ErrShortBytes ('b' not long enough)
+// - ExtensionTypeError{} (wire type not the same as e.Type())
+// - TypeError{} (next object not an extension)
+// - InvalidPrefixError
+// - An umarshal error returned from e.UnmarshalBinary
+func ReadExtensionBytes(b []byte, e Extension) ([]byte, error) {
+	l := len(b)
+	if l < 3 {
+		return b, ErrShortBytes
+	}
+	lead := b[0]
+	var (
+		sz  int // size of 'data'
+		off int // offset of 'data'
+		typ int8
+	)
+	switch lead {
+	case mfixext1:
+		typ = int8(b[1])
+		sz = 1
+		off = 2
+	case mfixext2:
+		typ = int8(b[1])
+		sz = 2
+		off = 2
+	case mfixext4:
+		typ = int8(b[1])
+		sz = 4
+		off = 2
+	case mfixext8:
+		typ = int8(b[1])
+		sz = 8
+		off = 2
+	case mfixext16:
+		typ = int8(b[1])
+		sz = 16
+		off = 2
+	case mext8:
+		sz = int(uint8(b[1]))
+		typ = int8(b[2])
+		off = 3
+		if sz == 0 {
+			return b[3:], e.UnmarshalBinary(b[3:3])
+		}
+	case mext16:
+		if l < 4 {
+			return b, ErrShortBytes
+		}
+		sz = int(big.Uint16(b[1:]))
+		typ = int8(b[3])
+		off = 4
+	case mext32:
+		if l < 6 {
+			return b, ErrShortBytes
+		}
+		sz = int(big.Uint32(b[1:]))
+		typ = int8(b[5])
+		off = 6
+	default:
+		return b, badPrefix(ExtensionType, lead)
+	}
+
+	if typ != e.ExtensionType() {
+		return b, errExt(typ, e.ExtensionType())
+	}
+
+	// the data of the extension starts
+	// at 'off' and is 'sz' bytes long
+	if len(b[off:]) < sz {
+		return b, ErrShortBytes
+	}
+	tot := off + sz
+	return b[tot:], e.UnmarshalBinary(b[off:tot])
+}
diff --git a/vendor/github.com/tinylib/msgp/msgp/file.go b/vendor/github.com/tinylib/msgp/msgp/file.go
new file mode 100644
index 000000000..0f2c37520
--- /dev/null
+++ b/vendor/github.com/tinylib/msgp/msgp/file.go
@@ -0,0 +1,93 @@
+//go:build (linux || darwin || dragonfly || freebsd || netbsd || openbsd) && !appengine && !tinygo
+// +build linux darwin dragonfly freebsd netbsd openbsd
+// +build !appengine
+// +build !tinygo
+
+package msgp
+
+import (
+	"os"
+	"syscall"
+)
+
+// ReadFile reads a file into 'dst' using
+// a read-only memory mapping. Consequently,
+// the file must be mmap-able, and the
+// Unmarshaler should never write to
+// the source memory. (Methods generated
+// by the msgp tool obey that constraint, but
+// user-defined implementations may not.)
+//
+// Reading and writing through file mappings
+// is only efficient for large files; small
+// files are best read and written using
+// the ordinary streaming interfaces.
+func ReadFile(dst Unmarshaler, file *os.File) error {
+	stat, err := file.Stat()
+	if err != nil {
+		return err
+	}
+	data, err := syscall.Mmap(int(file.Fd()), 0, int(stat.Size()), syscall.PROT_READ, syscall.MAP_SHARED)
+	if err != nil {
+		return err
+	}
+	adviseRead(data)
+	_, err = dst.UnmarshalMsg(data)
+	uerr := syscall.Munmap(data)
+	if err == nil {
+		err = uerr
+	}
+	return err
+}
+
+// MarshalSizer is the combination
+// of the Marshaler and Sizer
+// interfaces.
+type MarshalSizer interface {
+	Marshaler
+	Sizer
+}
+
+// WriteFile writes a file from 'src' using
+// memory mapping. It overwrites the entire
+// contents of the previous file.
+// The mapping size is calculated
+// using the `Msgsize()` method
+// of 'src', so it must produce a result
+// equal to or greater than the actual encoded
+// size of the object. Otherwise,
+// a fault (SIGBUS) will occur.
+//
+// Reading and writing through file mappings
+// is only efficient for large files; small
+// files are best read and written using
+// the ordinary streaming interfaces.
+//
+// NOTE: The performance of this call
+// is highly OS- and filesystem-dependent.
+// Users should take care to test that this
+// performs as expected in a production environment.
+// (Linux users should run a kernel and filesystem
+// that support fallocate(2) for the best results.)
+func WriteFile(src MarshalSizer, file *os.File) error {
+	sz := src.Msgsize()
+	err := fallocate(file, int64(sz))
+	if err != nil {
+		return err
+	}
+	data, err := syscall.Mmap(int(file.Fd()), 0, sz, syscall.PROT_READ|syscall.PROT_WRITE, syscall.MAP_SHARED)
+	if err != nil {
+		return err
+	}
+	adviseWrite(data)
+	chunk := data[:0]
+	chunk, err = src.MarshalMsg(chunk)
+	if err != nil {
+		return err
+	}
+	uerr := syscall.Munmap(data)
+	if uerr != nil {
+		return uerr
+	}
+	return file.Truncate(int64(len(chunk)))
+}
diff --git a/vendor/github.com/tinylib/msgp/msgp/file_port.go b/vendor/github.com/tinylib/msgp/msgp/file_port.go
new file mode 100644
index 000000000..2bbb3ad13
--- /dev/null
+++ b/vendor/github.com/tinylib/msgp/msgp/file_port.go
@@ -0,0 +1,48 @@
+//go:build windows || appengine || tinygo
+// +build windows appengine tinygo
+
+package msgp
+
+import (
+	"io/ioutil"
+	"os"
+)
+
+// MarshalSizer is the combination
+// of the Marshaler and Sizer
+// interfaces.
+type MarshalSizer interface {
+	Marshaler
+	Sizer
+}
+
+func ReadFile(dst Unmarshaler, file *os.File) error {
+	if u, ok := dst.(Decodable); ok {
+		return u.DecodeMsg(NewReader(file))
+	}
+
+	data, err := ioutil.ReadAll(file)
+	if err != nil {
+		return err
+	}
+	_, err = dst.UnmarshalMsg(data)
+	return err
+}
+
+func WriteFile(src MarshalSizer, file *os.File) error {
+	if e, ok := src.(Encodable); ok {
+		w := NewWriter(file)
+		err := e.EncodeMsg(w)
+		if err == nil {
+			err = w.Flush()
+		}
+		return err
+	}
+
+	raw, err := src.MarshalMsg(nil)
+	if err != nil {
+		return err
+	}
+	_, err = file.Write(raw)
+	return err
+}
diff --git a/vendor/github.com/tinylib/msgp/msgp/integers.go b/vendor/github.com/tinylib/msgp/msgp/integers.go
new file mode 100644
index 000000000..f817d7759
--- /dev/null
+++ b/vendor/github.com/tinylib/msgp/msgp/integers.go
@@ -0,0 +1,174 @@
+package msgp
+
+/* ----------------------------------
+	integer encoding utilities
+	(inline-able)
+
+	TODO(tinylib): there are faster,
+	albeit non-portable solutions
+	to the code below. implement
+	byteswap?
+   ---------------------------------- */
+
+func putMint64(b []byte, i int64) {
+	b[0] = mint64
+	b[1] = byte(i >> 56)
+	b[2] = byte(i >> 48)
+	b[3] = byte(i >> 40)
+	b[4] = byte(i >> 32)
+	b[5] = byte(i >> 24)
+	b[6] = byte(i >> 16)
+	b[7] = byte(i >> 8)
+	b[8] = byte(i)
+}
+
+func getMint64(b []byte) int64 {
+	return (int64(b[1]) << 56) | (int64(b[2]) << 48) |
+		(int64(b[3]) << 40) | (int64(b[4]) << 32) |
+		(int64(b[5]) << 24) | (int64(b[6]) << 16) |
+		(int64(b[7]) << 8) | (int64(b[8]))
+}
+
+func putMint32(b []byte, i int32) {
+	b[0] = mint32
+	b[1] = byte(i >> 24)
+	b[2] = byte(i >> 16)
+	b[3] = byte(i >> 8)
+	b[4] = byte(i)
+}
+
+func getMint32(b []byte) int32 {
+	return (int32(b[1]) << 24) | (int32(b[2]) << 16) | (int32(b[3]) << 8) | (int32(b[4]))
+}
+
+func putMint16(b []byte, i int16) {
+	b[0] = mint16
+	b[1] = byte(i >> 8)
+	b[2] = byte(i)
+}
+
+func getMint16(b []byte) (i int16) {
+	return (int16(b[1]) << 8) | int16(b[2])
+}
+
+func putMint8(b []byte, i int8) {
+	b[0] = mint8
+	b[1] = byte(i)
+}
+
+func getMint8(b []byte) (i int8) {
+	return int8(b[1])
+}
+
+func putMuint64(b []byte, u uint64) {
+	b[0] = muint64
+	b[1] = byte(u >> 56)
+	b[2] = byte(u >> 48)
+	b[3] = byte(u >> 40)
+	b[4] = byte(u >> 32)
+	b[5] = byte(u >> 24)
+	b[6] = byte(u >> 16)
+	b[7] = byte(u >> 8)
+	b[8] = byte(u)
+}
+
+func getMuint64(b []byte) uint64 {
+	return (uint64(b[1]) << 56) | (uint64(b[2]) << 48) |
+		(uint64(b[3]) << 40) | (uint64(b[4]) << 32) |
+		(uint64(b[5]) << 24) | (uint64(b[6]) << 16) |
+		(uint64(b[7]) << 8) | (uint64(b[8]))
+}
+
+func putMuint32(b []byte, u uint32) {
+	b[0] = muint32
+	b[1] = byte(u >> 24)
+	b[2] = byte(u >> 16)
+	b[3] = byte(u >> 8)
+	b[4] = byte(u)
+}
+
+func getMuint32(b []byte) uint32 {
+	return (uint32(b[1]) << 24) | (uint32(b[2]) << 16) | (uint32(b[3]) << 8) | (uint32(b[4]))
+}
+
+func putMuint16(b []byte, u uint16) {
+	b[0] = muint16
+	b[1] = byte(u >> 8)
+	b[2] = byte(u)
+}
+
+func getMuint16(b []byte) uint16 {
+	return (uint16(b[1]) << 8) | uint16(b[2])
+}
+
+func putMuint8(b []byte, u uint8) {
+	b[0] = muint8
+	b[1] = byte(u)
+}
+
+func getMuint8(b []byte) uint8 {
+	return uint8(b[1])
+}
+
+func getUnix(b []byte) (sec int64, nsec int32) {
+	sec = (int64(b[0]) << 56) | (int64(b[1]) << 48) |
+		(int64(b[2]) << 40) | (int64(b[3]) << 32) |
+		(int64(b[4]) << 24) | (int64(b[5]) << 16) |
+		(int64(b[6]) << 8) | (int64(b[7]))
+
+	nsec = (int32(b[8]) << 24) | (int32(b[9]) << 16) | (int32(b[10]) << 8) | (int32(b[11]))
+	return
+}
+
+func putUnix(b []byte, sec int64, nsec int32) {
+	b[0] = byte(sec >> 56)
+	b[1] = byte(sec >> 48)
+	b[2] = byte(sec >> 40)
+	b[3] = byte(sec >> 32)
+	b[4] = byte(sec >> 24)
+	b[5] = byte(sec >> 16)
+	b[6] = byte(sec >> 8)
+	b[7] = byte(sec)
+	b[8] = byte(nsec >> 24)
+	b[9] = byte(nsec >> 16)
+	b[10] = byte(nsec >> 8)
+	b[11] = byte(nsec)
+}
+
+/* -----------------------------
+		prefix utilities
+   ----------------------------- */
+
+// write prefix and uint8
+func prefixu8(b []byte, pre byte, sz uint8) {
+	b[0] = pre
+	b[1] = byte(sz)
+}
+
+// write prefix and big-endian uint16
+func prefixu16(b []byte, pre byte, sz uint16) {
+	b[0] = pre
+	b[1] = byte(sz >> 8)
+	b[2] = byte(sz)
+}
+
+// write prefix and big-endian uint32
+func prefixu32(b []byte, pre byte, sz uint32) {
+	b[0] = pre
+	b[1] = byte(sz >> 24)
+	b[2] = byte(sz >> 16)
+	b[3] = byte(sz >> 8)
+	b[4] = byte(sz)
+}
+
+func prefixu64(b []byte, pre byte, sz uint64) {
+	b[0] = pre
+	b[1] = byte(sz >> 56)
+	b[2] = byte(sz >> 48)
+	b[3] = byte(sz >> 40)
+	b[4] = byte(sz >> 32)
+	b[5] = byte(sz >> 24)
+	b[6] = byte(sz >> 16)
+	b[7] = byte(sz >> 8)
+	b[8] = byte(sz)
+}
diff --git a/vendor/github.com/tinylib/msgp/msgp/json.go b/vendor/github.com/tinylib/msgp/msgp/json.go
new file mode 100644
index 000000000..0e11e603c
--- /dev/null
+++ b/vendor/github.com/tinylib/msgp/msgp/json.go
@@ -0,0 +1,568 @@
+package msgp
+
+import (
+	"bufio"
+	"encoding/base64"
+	"encoding/json"
+	"io"
+	"strconv"
+	"unicode/utf8"
+)
+
+var (
+	null = []byte("null")
+	hex  = []byte("0123456789abcdef")
+)
+
+var defuns [_maxtype]func(jsWriter, *Reader) (int, error)
+
+// note: there is an initialization loop if
+// this isn't set up during init()
+func init() {
+	// since none of these functions are inline-able,
+	// there is not much of a penalty to the indirect
+	// call. however, this is best expressed as a jump-table...
+	defuns = [_maxtype]func(jsWriter, *Reader) (int, error){
+		StrType:        rwString,
+		BinType:        rwBytes,
+		MapType:        rwMap,
+		ArrayType:      rwArray,
+		Float64Type:    rwFloat64,
+		Float32Type:    rwFloat32,
+		BoolType:       rwBool,
+		IntType:        rwInt,
+		UintType:       rwUint,
+		NilType:        rwNil,
+		ExtensionType:  rwExtension,
+		Complex64Type:  rwExtension,
+		Complex128Type: rwExtension,
+		TimeType:       rwTime,
+	}
+}
+
+// this is the interface
+// used to write json
+type jsWriter interface {
+	io.Writer
+	io.ByteWriter
+	WriteString(string) (int, error)
+}
+
+// CopyToJSON reads MessagePack from 'src' and copies it
+// as JSON to 'dst' until EOF.
+func CopyToJSON(dst io.Writer, src io.Reader) (n int64, err error) {
+	r := NewReader(src)
+	n, err = r.WriteToJSON(dst)
+	freeR(r)
+	return
+}
+
+// WriteToJSON translates MessagePack from 'r' and writes it as
+// JSON to 'w' until the underlying reader returns io.EOF. It returns
+// the number of bytes written, and an error if it stopped before EOF.
+func (r *Reader) WriteToJSON(w io.Writer) (n int64, err error) {
+	var j jsWriter
+	var bf *bufio.Writer
+	if jsw, ok := w.(jsWriter); ok {
+		j = jsw
+	} else {
+		bf = bufio.NewWriter(w)
+		j = bf
+	}
+	var nn int
+	for err == nil {
+		nn, err = rwNext(j, r)
+		n += int64(nn)
+	}
+	if err != io.EOF {
+		if bf != nil {
+			bf.Flush()
+		}
+		return
+	}
+	err = nil
+	if bf != nil {
+		err = bf.Flush()
+	}
+	return
+}
+
+func rwNext(w jsWriter, src *Reader) (int, error) {
+	t, err := src.NextType()
+	if err != nil {
+		return 0, err
+	}
+	return defuns[t](w, src)
+}
+
+func rwMap(dst jsWriter, src *Reader) (n int, err error) {
+	var comma bool
+	var sz uint32
+	var field []byte
+
+	sz, err = src.ReadMapHeader()
+	if err != nil {
+		return
+	}
+
+	if sz == 0 {
+		return dst.WriteString("{}")
+	}
+
+	err = dst.WriteByte('{')
+	if err != nil {
+		return
+	}
+	n++
+	var nn int
+	for i := uint32(0); i < sz; i++ {
+		if comma {
+			err = dst.WriteByte(',')
+			if err != nil {
+				return
+			}
+			n++
+		}
+
+		field, err = src.ReadMapKeyPtr()
+		if err != nil {
+			return
+		}
+		nn, err = rwquoted(dst, field)
+		n += nn
+		if err != nil {
+			return
+		}
+
+		err = dst.WriteByte(':')
+		if err != nil {
+			return
+		}
+		n++
+		nn, err = rwNext(dst, src)
+		n += nn
+		if err != nil {
+			return
+		}
+		if !comma {
+			comma = true
+		}
+	}
+
+	err = dst.WriteByte('}')
+	if err != nil {
+		return
+	}
+	n++
+	return
+}
+
+func rwArray(dst jsWriter, src *Reader) (n int, err error) {
+	err = dst.WriteByte('[')
+	if err != nil {
+		return
+	}
+	var sz uint32
+	var nn int
+	sz, err = src.ReadArrayHeader()
+	if err != nil {
+		return
+	}
+	comma := false
+	for i := uint32(0); i < sz; i++ {
+		if comma {
+			err = dst.WriteByte(',')
+			if err != nil {
+				return
+			}
+			n++
+		}
+		nn, err = rwNext(dst, src)
+		n += nn
+		if err != nil {
+			return
+		}
+		comma = true
+	}
+
+	err = dst.WriteByte(']')
+	if err != nil {
+		return
+	}
+	n++
+	return
+}
+
+func rwNil(dst jsWriter, src *Reader) (int, error) {
+	err := src.ReadNil()
+	if err != nil {
+		return 0, err
+	}
+	return dst.Write(null)
+}
+
+func rwFloat32(dst jsWriter, src *Reader) (int, error) {
+	f, err := src.ReadFloat32()
+	if err != nil {
+		return 0, err
+	}
+	src.scratch = strconv.AppendFloat(src.scratch[:0], float64(f), 'f', -1, 32)
+	return dst.Write(src.scratch)
+}
+
+func rwFloat64(dst jsWriter, src *Reader) (int, error) {
+	f, err := src.ReadFloat64()
+	if err != nil {
+		return 0, err
+	}
+	src.scratch = strconv.AppendFloat(src.scratch[:0], f, 'f', -1, 64)
+	return dst.Write(src.scratch)
+}
+
+func rwInt(dst jsWriter, src *Reader) (int, error) {
+	i, err := src.ReadInt64()
+	if err != nil {
+		return 0, err
+	}
+	src.scratch = strconv.AppendInt(src.scratch[:0], i, 10)
+	return dst.Write(src.scratch)
+}
+
+func rwUint(dst jsWriter, src *Reader) (int, error) {
+	u, err := src.ReadUint64()
+	if err != nil {
+		return 0, err
+	}
+	src.scratch = strconv.AppendUint(src.scratch[:0], u, 10)
+	return dst.Write(src.scratch)
+}
+
+func rwBool(dst jsWriter, src *Reader) (int, error) {
+	b, err := src.ReadBool()
+	if err != nil {
+		return 0, err
+	}
+	if b {
+		return dst.WriteString("true")
+	}
+	return dst.WriteString("false")
+}
+
+func rwTime(dst jsWriter, src *Reader) (int, error) {
+	t, err := src.ReadTime()
+	if err != nil {
+		return 0, err
+	}
+	bts, err := t.MarshalJSON()
+	if err != nil {
+		return 0, err
+	}
+	return dst.Write(bts)
+}
+
+func rwExtension(dst jsWriter, src *Reader) (n int, err error) {
+	et, err := src.peekExtensionType()
+	if err != nil {
+		return 0, err
+	}
+
+	// registered extensions can override
+	// the JSON encoding
+	if j, ok := extensionReg[et]; ok {
+		var bts []byte
+		e := j()
+		err = src.ReadExtension(e)
+		if err != nil {
+			return
+		}
+		bts, err = json.Marshal(e)
+		if err != nil {
+			return
+		}
+		return dst.Write(bts)
+	}
+
+	e := RawExtension{}
+	e.Type = et
+	err = src.ReadExtension(&e)
+	if err != nil {
+		return
+	}
+
+	var nn int
+	err = dst.WriteByte('{')
+	if err != nil {
+		return
+	}
+	n++
+
+	nn, err = dst.WriteString(`"type:"`)
+	n += nn
+	if err != nil {
+		return
+	}
+
+	src.scratch = strconv.AppendInt(src.scratch[0:0], int64(e.Type), 10)
+	nn, err = dst.Write(src.scratch)
+	n += nn
+	if err != nil {
+		return
+	}
+
+	nn, err = dst.WriteString(`,"data":"`)
+	n += nn
+	if err != nil {
+		return
+	}
+
+	enc := base64.NewEncoder(base64.StdEncoding, dst)
+
+	nn, err = enc.Write(e.Data)
+	n += nn
+	if err != nil {
+		return
+	}
+	err = enc.Close()
+	if err != nil {
+		return
+	}
+	nn, err = dst.WriteString(`"}`)
+	n += nn
+	return
+}
+
+func rwString(dst jsWriter, src *Reader) (n int, err error) {
+	var p []byte
+	p, err = src.R.Peek(1)
+	if err != nil {
+		return
+	}
+	lead := p[0]
+	var read int
+
+	if isfixstr(lead) {
+		read = int(rfixstr(lead))
+		src.R.Skip(1)
+		goto write
+	}
+
+	switch lead {
+	case mstr8:
+		p, err = src.R.Next(2)
+		if err != nil {
+			return
+		}
+		read = int(uint8(p[1]))
+	case mstr16:
+		p, err = src.R.Next(3)
+		if err != nil {
+			return
+		}
+		read = int(big.Uint16(p[1:]))
+	case mstr32:
+		p, err = src.R.Next(5)
+		if err != nil {
+			return
+		}
+		read = int(big.Uint32(p[1:]))
+	default:
+		err = badPrefix(StrType, lead)
+		return
+	}
+write:
+	p, err = src.R.Next(read)
+	if err != nil {
+		return
+	}
+	n, err = rwquoted(dst, p)
+	return
+}
+
+func rwBytes(dst jsWriter, src *Reader) (n int, err error) {
+	var nn int
+	err = dst.WriteByte('"')
+	if err != nil {
+		return
+	}
+	n++
+	src.scratch, err = src.ReadBytes(src.scratch[:0])
+	if err != nil {
+		return
+	}
+	enc := base64.NewEncoder(base64.StdEncoding, dst)
+	nn, err = enc.Write(src.scratch)
+	n += nn
+	if err != nil {
+		return
+	}
+	err = enc.Close()
+	if err != nil {
+		return
+	}
+	err = dst.WriteByte('"')
+	if err != nil {
+		return
+	}
+	n++
+	return
+}
+
+// Below (c) The Go Authors, 2009-2014
+// Subject to the BSD-style license found at http://golang.org
+//
+// see: encoding/json/encode.go:(*encodeState).stringbytes()
+func rwquoted(dst jsWriter, s []byte) (n int, err error) {
+	var nn int
+	err = dst.WriteByte('"')
+	if err != nil {
+		return
+	}
+	n++
+	start := 0
+	for i := 0; i < len(s); {
+		if b := s[i]; b < utf8.RuneSelf {
+			if 0x20 <= b && b != '\\' && b != '"' && b != '<' && b != '>' && b != '&' {
+				i++
+				continue
+			}
+			if start < i {
+				nn, err = dst.Write(s[start:i])
+				n += nn
+				if err != nil {
+					return
+				}
+			}
+			switch b {
+			case '\\', '"':
+				err = dst.WriteByte('\\')
+				if err != nil {
+					return
+				}
+				n++
+				err = dst.WriteByte(b)
+				if err != nil {
+					return
+				}
+				n++
+			case '\n':
+				err = dst.WriteByte('\\')
+				if err != nil {
+					return
+				}
+				n++
+				err = dst.WriteByte('n')
+				if err != nil {
+					return
+				}
+				n++
+			case '\r':
+				err = dst.WriteByte('\\')
+				if err != nil {
+					return
+				}
+				n++
+				err = dst.WriteByte('r')
+				if err != nil {
+					return
+				}
+				n++
+			case '\t':
+				err = dst.WriteByte('\\')
+				if err != nil {
+					return
+				}
+				n++
+				err = dst.WriteByte('t')
+				if err != nil {
+					return
+				}
+				n++
+			default:
+				// This encodes bytes < 0x20 except for \t, \n and \r.
+				// It also escapes <, >, and &
+				// because they can lead to security holes when
+				// user-controlled strings are rendered into JSON
+				// and served to some browsers.
+				nn, err = dst.WriteString(`\u00`)
+				n += nn
+				if err != nil {
+					return
+				}
+				err = dst.WriteByte(hex[b>>4])
+				if err != nil {
+					return
+				}
+				n++
+				err = dst.WriteByte(hex[b&0xF])
+				if err != nil {
+					return
+				}
+				n++
+			}
+			i++
+			start = i
+			continue
+		}
+		c, size := utf8.DecodeRune(s[i:])
+		if c == utf8.RuneError && size == 1 {
+			if start < i {
+				nn, err = dst.Write(s[start:i])
+				n += nn
+				if err != nil {
+					return
+				}
+			}
+			nn, err = dst.WriteString(`\ufffd`)
+			n += nn
+			if err != nil {
+				return
+			}
+			i += size
+			start = i
+			continue
+		}
+		// U+2028 is LINE SEPARATOR.
+		// U+2029 is PARAGRAPH SEPARATOR.
+		// They are both technically valid characters in JSON strings,
+		// but don't work in JSONP, which has to be evaluated as JavaScript,
+		// and can lead to security holes there. It is valid JSON to
+		// escape them, so we do so unconditionally.
+		// See http://timelessrepo.com/json-isnt-a-javascript-subset for discussion.
+		if c == '\u2028' || c == '\u2029' {
+			if start < i {
+				nn, err = dst.Write(s[start:i])
+				n += nn
+				if err != nil {
+					return
+				}
+			}
+			nn, err = dst.WriteString(`\u202`)
+			n += nn
+			if err != nil {
+				return
+			}
+			err = dst.WriteByte(hex[c&0xF])
+			if err != nil {
+				return
+			}
+			n++
+			i += size
+			start = i
+			continue
+		}
+		i += size
+	}
+	if start < len(s) {
+		nn, err = dst.Write(s[start:])
+		n += nn
+		if err != nil {
+			return
+		}
+	}
+	err = dst.WriteByte('"')
+	if err != nil {
+		return
+	}
+	n++
+	return
+}
diff --git a/vendor/github.com/tinylib/msgp/msgp/json_bytes.go b/vendor/github.com/tinylib/msgp/msgp/json_bytes.go
new file mode 100644
index 000000000..e6162d0a6
--- /dev/null
+++ b/vendor/github.com/tinylib/msgp/msgp/json_bytes.go
@@ -0,0 +1,341 @@
+package msgp
+
+import (
+	"bufio"
+	"encoding/base64"
+	"encoding/json"
+	"io"
+	"strconv"
+	"time"
+)
+
+var unfuns [_maxtype]func(jsWriter, []byte, []byte) ([]byte, []byte, error)
+
+func init() {
+	// NOTE(pmh): this is best expressed as a jump table,
+	// but gc doesn't do that yet. revisit post-go1.5.
+	unfuns = [_maxtype]func(jsWriter, []byte, []byte) ([]byte, []byte, error){
+		StrType:        rwStringBytes,
+		BinType:        rwBytesBytes,
+		MapType:        rwMapBytes,
+		ArrayType:      rwArrayBytes,
+		Float64Type:    rwFloat64Bytes,
+		Float32Type:    rwFloat32Bytes,
+		BoolType:       rwBoolBytes,
+		IntType:        rwIntBytes,
+		UintType:       rwUintBytes,
+		NilType:        rwNullBytes,
+		ExtensionType:  rwExtensionBytes,
+		Complex64Type:  rwExtensionBytes,
+		Complex128Type: rwExtensionBytes,
+		TimeType:       rwTimeBytes,
+	}
+}
+
+// UnmarshalAsJSON takes raw messagepack and writes
+// it as JSON to 'w'. If an error is returned, the
+// bytes not translated will also be returned. If
+// no errors are encountered, the length of the returned
+// slice will be zero.
+func UnmarshalAsJSON(w io.Writer, msg []byte) ([]byte, error) {
+	var (
+		scratch []byte
+		cast    bool
+		dst     jsWriter
+		err     error
+	)
+	if jsw, ok := w.(jsWriter); ok {
+		dst = jsw
+		cast = true
+	} else {
+		dst = bufio.NewWriterSize(w, 512)
+	}
+	for len(msg) > 0 && err == nil {
+		msg, scratch, err = writeNext(dst, msg, scratch)
+	}
+	if !cast && err == nil {
+		err = dst.(*bufio.Writer).Flush()
+	}
+	return msg, err
+}
+
+func writeNext(w jsWriter, msg []byte, scratch []byte) ([]byte, []byte, error) {
+	if len(msg) < 1 {
+		return msg, scratch, ErrShortBytes
+	}
+	t := getType(msg[0])
+	if t == InvalidType {
+		return msg, scratch, InvalidPrefixError(msg[0])
+	}
+	if t == ExtensionType {
+		et, err := peekExtension(msg)
+		if err != nil {
+			return nil, scratch, err
+		}
+		if et == TimeExtension {
+			t = TimeType
+		}
+	}
+	return unfuns[t](w, msg, scratch)
+}
+
+func rwArrayBytes(w jsWriter, msg []byte, scratch []byte) ([]byte, []byte, error) {
+	sz, msg, err := ReadArrayHeaderBytes(msg)
+	if err != nil {
+		return msg, scratch, err
+	}
+	err = w.WriteByte('[')
+	if err != nil {
+		return msg, scratch, err
+	}
+	for i := uint32(0); i < sz; i++ {
+		if i != 0 {
+			err = w.WriteByte(',')
+			if err != nil {
+				return msg, scratch, err
+			}
+		}
+		msg, scratch, err = writeNext(w, msg, scratch)
+		if err != nil {
+			return msg, scratch, err
+		}
+	}
+	err = w.WriteByte(']')
+	return msg, scratch, err
+}
+
+func rwMapBytes(w jsWriter, msg []byte, scratch []byte) ([]byte, []byte, error) {
+	sz, msg, err := ReadMapHeaderBytes(msg)
+	if err != nil {
+		return msg, scratch, err
+	}
+	err = w.WriteByte('{')
+	if err != nil {
+		return msg, scratch, err
+	}
+	for i := uint32(0); i < sz; i++ {
+		if i != 0 {
+			err = w.WriteByte(',')
+			if err != nil {
+				return msg, scratch, err
+			}
+		}
+		msg, scratch, err = rwMapKeyBytes(w, msg, scratch)
+		if err != nil {
+			return msg, scratch, err
+		}
+		err = w.WriteByte(':')
+		if err != nil {
+			return msg, scratch, err
+		}
+		msg, scratch, err = writeNext(w, msg, scratch)
+		if err != nil {
+			return msg, scratch, err
+		}
+	}
+	err = w.WriteByte('}')
+	return msg, scratch, err
+}
+
+func rwMapKeyBytes(w jsWriter, msg []byte, scratch []byte) ([]byte, []byte, error) {
+	msg, scratch, err := rwStringBytes(w, msg, scratch)
+	if err != nil {
+		if tperr, ok := err.(TypeError); ok && tperr.Encoded == BinType {
+			return rwBytesBytes(w, msg, scratch)
+		}
+	}
+	return msg, scratch, err
+}
+
+func rwStringBytes(w jsWriter, msg []byte, scratch []byte) ([]byte, []byte, error) {
+	str, msg, err := ReadStringZC(msg)
+	if err != nil {
+		return msg, scratch, err
+	}
+	_, err = rwquoted(w, str)
+	return msg, scratch, err
+}
+
+func rwBytesBytes(w jsWriter, msg []byte, scratch []byte) ([]byte, []byte, error) {
+	bts, msg, err := ReadBytesZC(msg)
+	if err != nil {
+		return msg, scratch, err
+	}
+	l := base64.StdEncoding.EncodedLen(len(bts))
+	if cap(scratch) >= l {
+		scratch = scratch[0:l]
+	} else {
+		scratch = make([]byte, l)
+	}
+	base64.StdEncoding.Encode(scratch, bts)
+	err = w.WriteByte('"')
+	if err != nil {
+		return msg, scratch, err
+	}
+	_, err = w.Write(scratch)
+	if err != nil {
+		return msg, scratch, err
+	}
+	err = w.WriteByte('"')
+	return msg, scratch, err
+}
+
+func rwNullBytes(w jsWriter, msg []byte, scratch []byte) ([]byte, []byte, error) {
+	msg, err := ReadNilBytes(msg)
+	if err != nil {
+		return msg, scratch, err
+	}
+	_, err = w.Write(null)
+	return msg, scratch, err
+}
+
+func rwBoolBytes(w jsWriter, msg []byte, scratch []byte) ([]byte, []byte, error) {
+	b, msg, err := ReadBoolBytes(msg)
+	if err != nil {
+		return msg, scratch, err
+	}
+	if b {
+		_, err = w.WriteString("true")
+		return msg, scratch, err
+	}
+	_, err = w.WriteString("false")
+	return msg, scratch, err
+}
+
+func rwIntBytes(w jsWriter, msg []byte, scratch []byte) ([]byte, []byte, error) {
+	i, msg, err := ReadInt64Bytes(msg)
+	if err != nil {
+		return msg, scratch, err
+	}
+	scratch = strconv.AppendInt(scratch[0:0], i, 10)
+	_, err = w.Write(scratch)
+	return msg, scratch, err
+}
+
+func rwUintBytes(w jsWriter, msg []byte, scratch []byte) ([]byte, []byte, error) {
+	u, msg, err := ReadUint64Bytes(msg)
+	if err != nil {
+		return msg, scratch, err
+	}
+	scratch = strconv.AppendUint(scratch[0:0], u, 10)
+	_, err = w.Write(scratch)
+	return msg, scratch, err
+}
+
+func rwFloat32Bytes(w jsWriter, msg []byte, scratch []byte) ([]byte, []byte, error) {
+	var f float32
+	var err error
+	f, msg, err = ReadFloat32Bytes(msg)
+	if err != nil {
+		return msg, scratch, err
+	}
+	scratch = strconv.AppendFloat(scratch[:0], float64(f), 'f', -1, 32)
+	_, err = w.Write(scratch)
+	return msg, scratch, err
+}
+
+func rwFloat64Bytes(w jsWriter, msg []byte, scratch []byte) ([]byte, []byte, error) {
+	var f float64
+	var err error
+	f, msg, err = ReadFloat64Bytes(msg)
+	if err != nil {
+		return msg, scratch, err
+	}
+	scratch = strconv.AppendFloat(scratch[:0], f, 'f', -1, 64)
+	_, err = w.Write(scratch)
+	return msg, scratch, err
+}
+
+func rwTimeBytes(w jsWriter, msg []byte, scratch []byte) ([]byte, []byte, error) {
+	var t time.Time
+	var err error
+	t, msg, err = ReadTimeBytes(msg)
+	if err != nil {
+		return msg, scratch, err
+	}
+	bts, err := t.MarshalJSON()
+	if err != nil {
+		return msg, scratch, err
+	}
+	_, err = w.Write(bts)
+	return msg, scratch, err
+}
+
+func rwExtensionBytes(w jsWriter, msg []byte, scratch []byte) ([]byte, []byte, error) {
+	var err error
+	var et int8
+	et, err = peekExtension(msg)
+	if err != nil {
+		return msg, scratch, err
+	}
+
+	// if it's time.Time
+	if et == TimeExtension {
+		var tm time.Time
+		tm, msg, err = ReadTimeBytes(msg)
+		if err != nil {
+			return msg, scratch, err
+		}
+		bts, err := tm.MarshalJSON()
+		if err != nil {
+			return msg, scratch, err
+		}
+		_, err = w.Write(bts)
+		return msg, scratch, err
+	}
+
+	// if the extension is registered,
+	// use its canonical JSON form
+	if f, ok := extensionReg[et]; ok {
+		e := f()
+		msg, err = ReadExtensionBytes(msg, e)
+		if err != nil {
+			return msg, scratch, err
+		}
+		bts, err := json.Marshal(e)
+		if err != nil {
+			return msg, scratch, err
+		}
+		_, err = w.Write(bts)
+		return msg, scratch, err
+	}
+
+	// otherwise, write `{"type": <num>, "data": "<base64data>"}`
+	r := RawExtension{}
+	r.Type = et
+	msg, err = ReadExtensionBytes(msg, &r)
+	if err != nil {
+		return msg, scratch, err
+	}
+	scratch, err = writeExt(w, r, scratch)
+	return msg, scratch, err
+}
+
+func writeExt(w jsWriter, r RawExtension, scratch []byte) ([]byte, error) {
+	_, err := w.WriteString(`{"type":`)
+	if err != nil {
+		return scratch, err
+	}
+	scratch = strconv.AppendInt(scratch[0:0], int64(r.Type), 10)
+	_, err = w.Write(scratch)
+	if err != nil {
+		return scratch, err
+	}
+	_, err = w.WriteString(`,"data":"`)
+	if err != nil {
+		return scratch, err
+	}
+	l := base64.StdEncoding.EncodedLen(len(r.Data))
+	if cap(scratch) >= l {
+		scratch = scratch[0:l]
+	} else {
+		scratch = make([]byte, l)
+	}
+	base64.StdEncoding.Encode(scratch, r.Data)
+	_, err = w.Write(scratch)
+	if err != nil {
+		return scratch, err
+	}
+	_, err = w.WriteString(`"}`)
+	return scratch, err
+}
diff --git a/vendor/github.com/tinylib/msgp/msgp/number.go b/vendor/github.com/tinylib/msgp/msgp/number.go
new file mode 100644
index 000000000..edfe328b4
--- /dev/null
+++ b/vendor/github.com/tinylib/msgp/msgp/number.go
@@ -0,0 +1,266 @@
+package msgp
+
+import (
+	"math"
+	"strconv"
+)
+
+// The portable parts of the Number implementation
+
+// Number can be
+// an int64, uint64, float32,
+// or float64 internally.
+// It can decode itself
+// from any of the native
+// messagepack number types.
+// The zero-value of Number
+// is Int(0). Using the equality
+// operator with Number compares
+// both the type and the value
+// of the number.
+type Number struct {
+	// internally, this
+	// is just a tagged union.
+	// the raw bits of the number
+	// are stored the same way regardless.
+	bits uint64
+	typ  Type
+}
+
+// AsInt sets the number to an int64.
+func (n *Number) AsInt(i int64) {
+	// we always store int(0)
+	// as {0, InvalidType} in
+	// order to preserve
+	// the behavior of the == operator
+	if i == 0 {
+		n.typ = InvalidType
+		n.bits = 0
+		return
+	}
+
+	n.typ = IntType
+	n.bits = uint64(i)
+}
+
+// AsUint sets the number to a uint64.
+func (n *Number) AsUint(u uint64) {
+	n.typ = UintType
+	n.bits = u
+}
+
+// AsFloat32 sets the value of the number
+// to a float32.
+func (n *Number) AsFloat32(f float32) {
+	n.typ = Float32Type
+	n.bits = uint64(math.Float32bits(f))
+}
+
+// AsFloat64 sets the value of the
+// number to a float64.
+func (n *Number) AsFloat64(f float64) {
+	n.typ = Float64Type
+	n.bits = math.Float64bits(f)
+}
+
+// Int casts the number as an int64, and
+// returns whether or not that was the
+// underlying type.
+func (n *Number) Int() (int64, bool) {
+	return int64(n.bits), n.typ == IntType || n.typ == InvalidType
+}
+
+// Uint casts the number as a uint64, and returns
+// whether or not that was the underlying type.
+func (n *Number) Uint() (uint64, bool) {
+	return n.bits, n.typ == UintType
+}
+
+// Float casts the number to a float64, and
+// returns whether or not that was the underlying
+// type (either a float64 or a float32).
+func (n *Number) Float() (float64, bool) {
+	switch n.typ {
+	case Float32Type:
+		return float64(math.Float32frombits(uint32(n.bits))), true
+	case Float64Type:
+		return math.Float64frombits(n.bits), true
+	default:
+		return 0.0, false
+	}
+}
+
+// Type will return one of:
+// Float64Type, Float32Type, UintType, or IntType.
+func (n *Number) Type() Type {
+	if n.typ == InvalidType {
+		return IntType
+	}
+	return n.typ
+}
+
+// DecodeMsg implements msgp.Decodable
+func (n *Number) DecodeMsg(r *Reader) error {
+	typ, err := r.NextType()
+	if err != nil {
+		return err
+	}
+	switch typ {
+	case Float32Type:
+		f, err := r.ReadFloat32()
+		if err != nil {
+			return err
+		}
+		n.AsFloat32(f)
+		return nil
+	case Float64Type:
+		f, err := r.ReadFloat64()
+		if err != nil {
+			return err
+		}
+		n.AsFloat64(f)
+		return nil
+	case IntType:
+		i, err := r.ReadInt64()
+		if err != nil {
+			return err
+		}
+		n.AsInt(i)
+		return nil
+	case UintType:
+		u, err := r.ReadUint64()
+		if err != nil {
+			return err
+		}
+		n.AsUint(u)
+		return nil
+	default:
+		return TypeError{Encoded: typ, Method: IntType}
+	}
+}
+
+// UnmarshalMsg implements msgp.Unmarshaler
+func (n *Number) UnmarshalMsg(b []byte) ([]byte, error) {
+	typ := NextType(b)
+	switch typ {
+	case IntType:
+		i, o, err := ReadInt64Bytes(b)
+		if err != nil {
+			return b, err
+		}
+		n.AsInt(i)
+		return o, nil
+	case UintType:
+		u, o, err := ReadUint64Bytes(b)
+		if err != nil {
+			return b, err
+		}
+		n.AsUint(u)
+		return o, nil
+	case Float64Type:
+		f, o, err := ReadFloat64Bytes(b)
+		if err != nil {
+			return b, err
+		}
+		n.AsFloat64(f)
+		return o, nil
+	case Float32Type:
+		f, o, err := ReadFloat32Bytes(b)
+		if err != nil {
+			return b, err
+		}
+		n.AsFloat32(f)
+		return o, nil
+	default:
+		return b, TypeError{Method: IntType, Encoded: typ}
+	}
+}
+
+// MarshalMsg implements msgp.Marshaler
+func (n *Number) MarshalMsg(b []byte) ([]byte, error) {
+	switch n.typ {
+	case IntType:
+		return AppendInt64(b, int64(n.bits)), nil
+	case UintType:
+		return AppendUint64(b, uint64(n.bits)), nil
+	case Float64Type:
+		return AppendFloat64(b, math.Float64frombits(n.bits)), nil
+	case Float32Type:
+		return AppendFloat32(b, math.Float32frombits(uint32(n.bits))), nil
+	default:
+		return AppendInt64(b, 0), nil
+	}
+}
+
+// EncodeMsg implements msgp.Encodable
+func (n *Number) EncodeMsg(w *Writer) error {
+	switch n.typ {
+	case IntType:
+		return w.WriteInt64(int64(n.bits))
+	case UintType:
+		return w.WriteUint64(n.bits)
+	case Float64Type:
+		return w.WriteFloat64(math.Float64frombits(n.bits))
+	case Float32Type:
+		return w.WriteFloat32(math.Float32frombits(uint32(n.bits)))
+	default:
+		return w.WriteInt64(0)
+	}
+}
+
+// Msgsize implements msgp.Sizer
+func (n *Number) Msgsize() int {
+	switch n.typ {
+	case Float32Type:
+		return Float32Size
+	case Float64Type:
+		return Float64Size
+	case IntType:
+		return Int64Size
+	case UintType:
+		return Uint64Size
+	default:
+		return 1 // fixint(0)
+	}
+}
+
+// MarshalJSON implements json.Marshaler
+func (n *Number) MarshalJSON() ([]byte, error) {
+	t := n.Type()
+	if t == InvalidType {
+		return []byte{'0'}, nil
+	}
+	out := make([]byte, 0, 32)
+	switch t {
+	case Float32Type, Float64Type:
+		f, _ := n.Float()
+		return strconv.AppendFloat(out, f, 'f', -1, 64), nil
+	case IntType:
+		i, _ := n.Int()
+		return strconv.AppendInt(out, i, 10), nil
+	case UintType:
+		u, _ := n.Uint()
+		return strconv.AppendUint(out, u, 10), nil
+	default:
+		panic("(*Number).typ is invalid")
+	}
+}
+
+// String implements fmt.Stringer
+func (n *Number) String() string {
+	switch n.typ {
+	case InvalidType:
+		return "0"
+	case Float32Type, Float64Type:
+		f, _ := n.Float()
+		return strconv.FormatFloat(f, 'f', -1, 64)
+	case IntType:
+		i, _ := n.Int()
+		return strconv.FormatInt(i, 10)
+	case UintType:
+		u, _ := n.Uint()
+		return strconv.FormatUint(u, 10)
+	default:
+		panic("(*Number).typ is invalid")
+	}
+}
diff --git a/vendor/github.com/tinylib/msgp/msgp/purego.go b/vendor/github.com/tinylib/msgp/msgp/purego.go
new file mode 100644
index 000000000..2cd35c3e1
--- /dev/null
+++ b/vendor/github.com/tinylib/msgp/msgp/purego.go
@@ -0,0 +1,16 @@
+//go:build purego || appengine
+// +build purego appengine
+
+package msgp
+
+// let's just assume appengine
+// uses 64-bit hardware...
+const smallint = false
+
+func UnsafeString(b []byte) string {
+	return string(b)
+}
+
+func UnsafeBytes(s string) []byte {
+	return []byte(s)
+}
diff --git a/vendor/github.com/tinylib/msgp/msgp/read.go b/vendor/github.com/tinylib/msgp/msgp/read.go
new file mode 100644
index 000000000..e6d72f17d
--- /dev/null
+++ b/vendor/github.com/tinylib/msgp/msgp/read.go
@@ -0,0 +1,1374 @@
+package msgp
+
+import (
+	"io"
+	"math"
+	"sync"
+	"time"
+
+	"github.com/philhofer/fwd"
+)
+
+// where we keep old *Readers
+var readerPool = sync.Pool{New: func() interface{} { return &Reader{} }}
+
+// Type is a MessagePack wire type,
+// including this package's built-in
+// extension types.
+type Type byte
+
+// MessagePack Types
+//
+// The zero value of Type
+// is InvalidType.
+const (
+	InvalidType Type = iota
+
+	// MessagePack built-in types
+
+	StrType
+	BinType
+	MapType
+	ArrayType
+	Float64Type
+	Float32Type
+	BoolType
+	IntType
+	UintType
+	NilType
+	DurationType
+	ExtensionType
+
+	// pseudo-types provided
+	// by extensions
+
+	Complex64Type
+	Complex128Type
+	TimeType
+
+	_maxtype
+)
+
+// String implements fmt.Stringer
+func (t Type) String() string {
+	switch t {
+	case StrType:
+		return "str"
+	case BinType:
+		return "bin"
+	case MapType:
+		return "map"
+	case ArrayType:
+		return "array"
+	case Float64Type:
+		return "float64"
+	case Float32Type:
+		return "float32"
+	case BoolType:
+		return "bool"
+	case UintType:
+		return "uint"
+	case IntType:
+		return "int"
+	case ExtensionType:
+		return "ext"
+	case NilType:
+		return "nil"
+	default:
+		return "<invalid>"
+	}
+}
+
+func freeR(m *Reader) {
+	readerPool.Put(m)
+}
+
+// Unmarshaler is the interface fulfilled
+// by objects that know how to unmarshal
+// themselves from MessagePack.
+// UnmarshalMsg unmarshals the object
+// from binary, returing any leftover
+// bytes and any errors encountered.
+type Unmarshaler interface {
+	UnmarshalMsg([]byte) ([]byte, error)
+}
+
+// Decodable is the interface fulfilled
+// by objects that know how to read
+// themselves from a *Reader.
+type Decodable interface {
+	DecodeMsg(*Reader) error
+}
+
+// Decode decodes 'd' from 'r'.
+func Decode(r io.Reader, d Decodable) error {
+	rd := NewReader(r)
+	err := d.DecodeMsg(rd)
+	freeR(rd)
+	return err
+}
+
+// NewReader returns a *Reader that
+// reads from the provided reader. The
+// reader will be buffered.
+func NewReader(r io.Reader) *Reader {
+	p := readerPool.Get().(*Reader)
+	if p.R == nil {
+		p.R = fwd.NewReader(r)
+	} else {
+		p.R.Reset(r)
+	}
+	return p
+}
+
+// NewReaderSize returns a *Reader with a buffer of the given size.
+// (This is vastly preferable to passing the decoder a reader that is already buffered.)
+func NewReaderSize(r io.Reader, sz int) *Reader {
+	return &Reader{R: fwd.NewReaderSize(r, sz)}
+}
+
+// NewReaderBuf returns a *Reader with a provided buffer.
+func NewReaderBuf(r io.Reader, buf []byte) *Reader {
+	return &Reader{R: fwd.NewReaderBuf(r, buf)}
+}
+
+// Reader wraps an io.Reader and provides
+// methods to read MessagePack-encoded values
+// from it. Readers are buffered.
+type Reader struct {
+	// R is the buffered reader
+	// that the Reader uses
+	// to decode MessagePack.
+	// The Reader itself
+	// is stateless; all the
+	// buffering is done
+	// within R.
+	R       *fwd.Reader
+	scratch []byte
+}
+
+// Read implements `io.Reader`
+func (m *Reader) Read(p []byte) (int, error) {
+	return m.R.Read(p)
+}
+
+// CopyNext reads the next object from m without decoding it and writes it to w.
+// It avoids unnecessary copies internally.
+func (m *Reader) CopyNext(w io.Writer) (int64, error) {
+	sz, o, err := getNextSize(m.R)
+	if err != nil {
+		return 0, err
+	}
+
+	var n int64
+	// Opportunistic optimization: if we can fit the whole thing in the m.R
+	// buffer, then just get a pointer to that, and pass it to w.Write,
+	// avoiding an allocation.
+	if int(sz) <= m.R.BufferSize() {
+		var nn int
+		var buf []byte
+		buf, err = m.R.Next(int(sz))
+		if err != nil {
+			if err == io.ErrUnexpectedEOF {
+				err = ErrShortBytes
+			}
+			return 0, err
+		}
+		nn, err = w.Write(buf)
+		n += int64(nn)
+	} else {
+		// Fall back to io.CopyN.
+		// May avoid allocating if w is a ReaderFrom (e.g. bytes.Buffer)
+		n, err = io.CopyN(w, m.R, int64(sz))
+		if err == io.ErrUnexpectedEOF {
+			err = ErrShortBytes
+		}
+	}
+	if err != nil {
+		return n, err
+	} else if n < int64(sz) {
+		return n, io.ErrShortWrite
+	}
+
+	// for maps and slices, read elements
+	for x := uintptr(0); x < o; x++ {
+		var n2 int64
+		n2, err = m.CopyNext(w)
+		if err != nil {
+			return n, err
+		}
+		n += n2
+	}
+	return n, nil
+}
+
+// ReadFull implements `io.ReadFull`
+func (m *Reader) ReadFull(p []byte) (int, error) {
+	return m.R.ReadFull(p)
+}
+
+// Reset resets the underlying reader.
+func (m *Reader) Reset(r io.Reader) { m.R.Reset(r) }
+
+// Buffered returns the number of bytes currently in the read buffer.
+func (m *Reader) Buffered() int { return m.R.Buffered() }
+
+// BufferSize returns the capacity of the read buffer.
+func (m *Reader) BufferSize() int { return m.R.BufferSize() }
+
+// NextType returns the next object type to be decoded.
+func (m *Reader) NextType() (Type, error) {
+	p, err := m.R.Peek(1)
+	if err != nil {
+		return InvalidType, err
+	}
+	t := getType(p[0])
+	if t == InvalidType {
+		return t, InvalidPrefixError(p[0])
+	}
+	if t == ExtensionType {
+		v, err := m.peekExtensionType()
+		if err != nil {
+			return InvalidType, err
+		}
+		switch v {
+		case Complex64Extension:
+			return Complex64Type, nil
+		case Complex128Extension:
+			return Complex128Type, nil
+		case TimeExtension:
+			return TimeType, nil
+		}
+	}
+	return t, nil
+}
+
+// IsNil returns whether or not
+// the next byte is a null messagepack byte
+func (m *Reader) IsNil() bool {
+	p, err := m.R.Peek(1)
+	return err == nil && p[0] == mnil
+}
+
+// getNextSize returns the size of the next object on the wire.
+// returns (obj size, obj elements, error)
+// only maps and arrays have non-zero obj elements
+// for maps and arrays, obj size does not include elements
+//
+// use uintptr b/c it's guaranteed to be large enough
+// to hold whatever we can fit in memory.
+func getNextSize(r *fwd.Reader) (uintptr, uintptr, error) {
+	b, err := r.Peek(1)
+	if err != nil {
+		return 0, 0, err
+	}
+	lead := b[0]
+	spec := getBytespec(lead)
+	size, mode := spec.size, spec.extra
+	if size == 0 {
+		return 0, 0, InvalidPrefixError(lead)
+	}
+	if mode >= 0 {
+		return uintptr(size), uintptr(mode), nil
+	}
+	b, err = r.Peek(int(size))
+	if err != nil {
+		return 0, 0, err
+	}
+	switch mode {
+	case extra8:
+		return uintptr(size) + uintptr(b[1]), 0, nil
+	case extra16:
+		return uintptr(size) + uintptr(big.Uint16(b[1:])), 0, nil
+	case extra32:
+		return uintptr(size) + uintptr(big.Uint32(b[1:])), 0, nil
+	case map16v:
+		return uintptr(size), 2 * uintptr(big.Uint16(b[1:])), nil
+	case map32v:
+		return uintptr(size), 2 * uintptr(big.Uint32(b[1:])), nil
+	case array16v:
+		return uintptr(size), uintptr(big.Uint16(b[1:])), nil
+	case array32v:
+		return uintptr(size), uintptr(big.Uint32(b[1:])), nil
+	default:
+		return 0, 0, fatal
+	}
+}
+
+// Skip skips over the next object, regardless of
+// its type. If it is an array or map, the whole array
+// or map will be skipped.
+func (m *Reader) Skip() error {
+	var (
+		v   uintptr // bytes
+		o   uintptr // objects
+		err error
+		p   []byte
+	)
+
+	// we can use the faster
+	// method if we have enough
+	// buffered data
+	if m.R.Buffered() >= 5 {
+		p, err = m.R.Peek(5)
+		if err != nil {
+			return err
+		}
+		v, o, err = getSize(p)
+		if err != nil {
+			return err
+		}
+	} else {
+		v, o, err = getNextSize(m.R)
+		if err != nil {
+			return err
+		}
+	}
+
+	// 'v' is always non-zero
+	// if err == nil
+	_, err = m.R.Skip(int(v))
+	if err != nil {
+		return err
+	}
+
+	// for maps and slices, skip elements
+	for x := uintptr(0); x < o; x++ {
+		err = m.Skip()
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+// ReadMapHeader reads the next object
+// as a map header and returns the size
+// of the map and the number of bytes written.
+// It will return a TypeError{} if the next
+// object is not a map.
+func (m *Reader) ReadMapHeader() (sz uint32, err error) {
+	var p []byte
+	var lead byte
+	p, err = m.R.Peek(1)
+	if err != nil {
+		return
+	}
+	lead = p[0]
+	if isfixmap(lead) {
+		sz = uint32(rfixmap(lead))
+		_, err = m.R.Skip(1)
+		return
+	}
+	switch lead {
+	case mmap16:
+		p, err = m.R.Next(3)
+		if err != nil {
+			return
+		}
+		sz = uint32(big.Uint16(p[1:]))
+		return
+	case mmap32:
+		p, err = m.R.Next(5)
+		if err != nil {
+			return
+		}
+		sz = big.Uint32(p[1:])
+		return
+	default:
+		err = badPrefix(MapType, lead)
+		return
+	}
+}
+
+// ReadMapKey reads either a 'str' or 'bin' field from
+// the reader and returns the value as a []byte. It uses
+// scratch for storage if it is large enough.
+func (m *Reader) ReadMapKey(scratch []byte) ([]byte, error) {
+	out, err := m.ReadStringAsBytes(scratch)
+	if err != nil {
+		if tperr, ok := err.(TypeError); ok && tperr.Encoded == BinType {
+			return m.ReadBytes(scratch)
+		}
+		return nil, err
+	}
+	return out, nil
+}
+
+// ReadMapKeyPtr returns a []byte pointing to the contents
+// of a valid map key. The key cannot be empty, and it
+// must be shorter than the total buffer size of the
+// *Reader. Additionally, the returned slice is only
+// valid until the next *Reader method call. Users
+// should exercise extreme care when using this
+// method; writing into the returned slice may
+// corrupt future reads.
+func (m *Reader) ReadMapKeyPtr() ([]byte, error) {
+	p, err := m.R.Peek(1)
+	if err != nil {
+		return nil, err
+	}
+	lead := p[0]
+	var read int
+	if isfixstr(lead) {
+		read = int(rfixstr(lead))
+		m.R.Skip(1)
+		goto fill
+	}
+	switch lead {
+	case mstr8, mbin8:
+		p, err = m.R.Next(2)
+		if err != nil {
+			return nil, err
+		}
+		read = int(p[1])
+	case mstr16, mbin16:
+		p, err = m.R.Next(3)
+		if err != nil {
+			return nil, err
+		}
+		read = int(big.Uint16(p[1:]))
+	case mstr32, mbin32:
+		p, err = m.R.Next(5)
+		if err != nil {
+			return nil, err
+		}
+		read = int(big.Uint32(p[1:]))
+	default:
+		return nil, badPrefix(StrType, lead)
+	}
+fill:
+	if read == 0 {
+		return nil, ErrShortBytes
+	}
+	return m.R.Next(read)
+}
+
+// ReadArrayHeader reads the next object as an
+// array header and returns the size of the array
+// and the number of bytes read.
+func (m *Reader) ReadArrayHeader() (sz uint32, err error) {
+	var lead byte
+	var p []byte
+	p, err = m.R.Peek(1)
+	if err != nil {
+		return
+	}
+	lead = p[0]
+	if isfixarray(lead) {
+		sz = uint32(rfixarray(lead))
+		_, err = m.R.Skip(1)
+		return
+	}
+	switch lead {
+	case marray16:
+		p, err = m.R.Next(3)
+		if err != nil {
+			return
+		}
+		sz = uint32(big.Uint16(p[1:]))
+		return
+
+	case marray32:
+		p, err = m.R.Next(5)
+		if err != nil {
+			return
+		}
+		sz = big.Uint32(p[1:])
+		return
+
+	default:
+		err = badPrefix(ArrayType, lead)
+		return
+	}
+}
+
+// ReadNil reads a 'nil' MessagePack byte from the reader
+func (m *Reader) ReadNil() error {
+	p, err := m.R.Peek(1)
+	if err != nil {
+		return err
+	}
+	if p[0] != mnil {
+		return badPrefix(NilType, p[0])
+	}
+	_, err = m.R.Skip(1)
+	return err
+}
+
+// ReadFloat64 reads a float64 from the reader.
+// (If the value on the wire is encoded as a float32,
+// it will be up-cast to a float64.)
+func (m *Reader) ReadFloat64() (f float64, err error) {
+	var p []byte
+	p, err = m.R.Peek(9)
+	if err != nil {
+		// we'll allow a coversion from float32 to float64,
+		// since we don't lose any precision
+		if err == io.EOF && len(p) > 0 && p[0] == mfloat32 {
+			ef, err := m.ReadFloat32()
+			return float64(ef), err
+		}
+		return
+	}
+	if p[0] != mfloat64 {
+		// see above
+		if p[0] == mfloat32 {
+			ef, err := m.ReadFloat32()
+			return float64(ef), err
+		}
+		err = badPrefix(Float64Type, p[0])
+		return
+	}
+	f = math.Float64frombits(getMuint64(p))
+	_, err = m.R.Skip(9)
+	return
+}
+
+// ReadFloat32 reads a float32 from the reader
+func (m *Reader) ReadFloat32() (f float32, err error) {
+	var p []byte
+	p, err = m.R.Peek(5)
+	if err != nil {
+		return
+	}
+	if p[0] != mfloat32 {
+		err = badPrefix(Float32Type, p[0])
+		return
+	}
+	f = math.Float32frombits(getMuint32(p))
+	_, err = m.R.Skip(5)
+	return
+}
+
+// ReadBool reads a bool from the reader
+func (m *Reader) ReadBool() (b bool, err error) {
+	var p []byte
+	p, err = m.R.Peek(1)
+	if err != nil {
+		return
+	}
+	switch p[0] {
+	case mtrue:
+		b = true
+	case mfalse:
+	default:
+		err = badPrefix(BoolType, p[0])
+		return
+	}
+	_, err = m.R.Skip(1)
+	return
+}
+
+// ReadDuration reads a time.Duration from the reader
+func (m *Reader) ReadDuration() (d time.Duration, err error) {
+	i, err := m.ReadInt64()
+	return time.Duration(i), err
+}
+
+// ReadInt64 reads an int64 from the reader
+func (m *Reader) ReadInt64() (i int64, err error) {
+	var p []byte
+	var lead byte
+	p, err = m.R.Peek(1)
+	if err != nil {
+		return
+	}
+	lead = p[0]
+
+	if isfixint(lead) {
+		i = int64(rfixint(lead))
+		_, err = m.R.Skip(1)
+		return
+	} else if isnfixint(lead) {
+		i = int64(rnfixint(lead))
+		_, err = m.R.Skip(1)
+		return
+	}
+
+	switch lead {
+	case mint8:
+		p, err = m.R.Next(2)
+		if err != nil {
+			return
+		}
+		i = int64(getMint8(p))
+		return
+
+	case muint8:
+		p, err = m.R.Next(2)
+		if err != nil {
+			return
+		}
+		i = int64(getMuint8(p))
+		return
+
+	case mint16:
+		p, err = m.R.Next(3)
+		if err != nil {
+			return
+		}
+		i = int64(getMint16(p))
+		return
+
+	case muint16:
+		p, err = m.R.Next(3)
+		if err != nil {
+			return
+		}
+		i = int64(getMuint16(p))
+		return
+
+	case mint32:
+		p, err = m.R.Next(5)
+		if err != nil {
+			return
+		}
+		i = int64(getMint32(p))
+		return
+
+	case muint32:
+		p, err = m.R.Next(5)
+		if err != nil {
+			return
+		}
+		i = int64(getMuint32(p))
+		return
+
+	case mint64:
+		p, err = m.R.Next(9)
+		if err != nil {
+			return
+		}
+		i = getMint64(p)
+		return
+
+	case muint64:
+		p, err = m.R.Next(9)
+		if err != nil {
+			return
+		}
+		u := getMuint64(p)
+		if u > math.MaxInt64 {
+			err = UintOverflow{Value: u, FailedBitsize: 64}
+			return
+		}
+		i = int64(u)
+		return
+
+	default:
+		err = badPrefix(IntType, lead)
+		return
+	}
+}
+
+// ReadInt32 reads an int32 from the reader
+func (m *Reader) ReadInt32() (i int32, err error) {
+	var in int64
+	in, err = m.ReadInt64()
+	if in > math.MaxInt32 || in < math.MinInt32 {
+		err = IntOverflow{Value: in, FailedBitsize: 32}
+		return
+	}
+	i = int32(in)
+	return
+}
+
+// ReadInt16 reads an int16 from the reader
+func (m *Reader) ReadInt16() (i int16, err error) {
+	var in int64
+	in, err = m.ReadInt64()
+	if in > math.MaxInt16 || in < math.MinInt16 {
+		err = IntOverflow{Value: in, FailedBitsize: 16}
+		return
+	}
+	i = int16(in)
+	return
+}
+
+// ReadInt8 reads an int8 from the reader
+func (m *Reader) ReadInt8() (i int8, err error) {
+	var in int64
+	in, err = m.ReadInt64()
+	if in > math.MaxInt8 || in < math.MinInt8 {
+		err = IntOverflow{Value: in, FailedBitsize: 8}
+		return
+	}
+	i = int8(in)
+	return
+}
+
+// ReadInt reads an int from the reader
+func (m *Reader) ReadInt() (i int, err error) {
+	if smallint {
+		var in int32
+		in, err = m.ReadInt32()
+		i = int(in)
+		return
+	}
+	var in int64
+	in, err = m.ReadInt64()
+	i = int(in)
+	return
+}
+
+// ReadUint64 reads a uint64 from the reader
+func (m *Reader) ReadUint64() (u uint64, err error) {
+	var p []byte
+	var lead byte
+	p, err = m.R.Peek(1)
+	if err != nil {
+		return
+	}
+	lead = p[0]
+	if isfixint(lead) {
+		u = uint64(rfixint(lead))
+		_, err = m.R.Skip(1)
+		return
+	}
+	switch lead {
+	case mint8:
+		p, err = m.R.Next(2)
+		if err != nil {
+			return
+		}
+		v := int64(getMint8(p))
+		if v < 0 {
+			err = UintBelowZero{Value: v}
+			return
+		}
+		u = uint64(v)
+		return
+
+	case muint8:
+		p, err = m.R.Next(2)
+		if err != nil {
+			return
+		}
+		u = uint64(getMuint8(p))
+		return
+
+	case mint16:
+		p, err = m.R.Next(3)
+		if err != nil {
+			return
+		}
+		v := int64(getMint16(p))
+		if v < 0 {
+			err = UintBelowZero{Value: v}
+			return
+		}
+		u = uint64(v)
+		return
+
+	case muint16:
+		p, err = m.R.Next(3)
+		if err != nil {
+			return
+		}
+		u = uint64(getMuint16(p))
+		return
+
+	case mint32:
+		p, err = m.R.Next(5)
+		if err != nil {
+			return
+		}
+		v := int64(getMint32(p))
+		if v < 0 {
+			err = UintBelowZero{Value: v}
+			return
+		}
+		u = uint64(v)
+		return
+
+	case muint32:
+		p, err = m.R.Next(5)
+		if err != nil {
+			return
+		}
+		u = uint64(getMuint32(p))
+		return
+
+	case mint64:
+		p, err = m.R.Next(9)
+		if err != nil {
+			return
+		}
+		v := int64(getMint64(p))
+		if v < 0 {
+			err = UintBelowZero{Value: v}
+			return
+		}
+		u = uint64(v)
+		return
+
+	case muint64:
+		p, err = m.R.Next(9)
+		if err != nil {
+			return
+		}
+		u = getMuint64(p)
+		return
+
+	default:
+		if isnfixint(lead) {
+			err = UintBelowZero{Value: int64(rnfixint(lead))}
+		} else {
+			err = badPrefix(UintType, lead)
+		}
+		return
+
+	}
+}
+
+// ReadUint32 reads a uint32 from the reader
+func (m *Reader) ReadUint32() (u uint32, err error) {
+	var in uint64
+	in, err = m.ReadUint64()
+	if in > math.MaxUint32 {
+		err = UintOverflow{Value: in, FailedBitsize: 32}
+		return
+	}
+	u = uint32(in)
+	return
+}
+
+// ReadUint16 reads a uint16 from the reader
+func (m *Reader) ReadUint16() (u uint16, err error) {
+	var in uint64
+	in, err = m.ReadUint64()
+	if in > math.MaxUint16 {
+		err = UintOverflow{Value: in, FailedBitsize: 16}
+		return
+	}
+	u = uint16(in)
+	return
+}
+
+// ReadUint8 reads a uint8 from the reader
+func (m *Reader) ReadUint8() (u uint8, err error) {
+	var in uint64
+	in, err = m.ReadUint64()
+	if in > math.MaxUint8 {
+		err = UintOverflow{Value: in, FailedBitsize: 8}
+		return
+	}
+	u = uint8(in)
+	return
+}
+
+// ReadUint reads a uint from the reader
+func (m *Reader) ReadUint() (u uint, err error) {
+	if smallint {
+		var un uint32
+		un, err = m.ReadUint32()
+		u = uint(un)
+		return
+	}
+	var un uint64
+	un, err = m.ReadUint64()
+	u = uint(un)
+	return
+}
+
+// ReadByte is analogous to ReadUint8.
+//
+// NOTE: this is *not* an implementation
+// of io.ByteReader.
+func (m *Reader) ReadByte() (b byte, err error) {
+	var in uint64
+	in, err = m.ReadUint64()
+	if in > math.MaxUint8 {
+		err = UintOverflow{Value: in, FailedBitsize: 8}
+		return
+	}
+	b = byte(in)
+	return
+}
+
+// ReadBytes reads a MessagePack 'bin' object
+// from the reader and returns its value. It may
+// use 'scratch' for storage if it is non-nil.
+func (m *Reader) ReadBytes(scratch []byte) (b []byte, err error) {
+	var p []byte
+	var lead byte
+	p, err = m.R.Peek(2)
+	if err != nil {
+		return
+	}
+	lead = p[0]
+	var read int64
+	switch lead {
+	case mbin8:
+		read = int64(p[1])
+		m.R.Skip(2)
+	case mbin16:
+		p, err = m.R.Next(3)
+		if err != nil {
+			return
+		}
+		read = int64(big.Uint16(p[1:]))
+	case mbin32:
+		p, err = m.R.Next(5)
+		if err != nil {
+			return
+		}
+		read = int64(big.Uint32(p[1:]))
+	default:
+		err = badPrefix(BinType, lead)
+		return
+	}
+	if int64(cap(scratch)) < read {
+		b = make([]byte, read)
+	} else {
+		b = scratch[0:read]
+	}
+	_, err = m.R.ReadFull(b)
+	return
+}
+
+// ReadBytesHeader reads the size header
+// of a MessagePack 'bin' object. The user
+// is responsible for dealing with the next
+// 'sz' bytes from the reader in an application-specific
+// way.
+func (m *Reader) ReadBytesHeader() (sz uint32, err error) {
+	var p []byte
+	p, err = m.R.Peek(1)
+	if err != nil {
+		return
+	}
+	switch p[0] {
+	case mbin8:
+		p, err = m.R.Next(2)
+		if err != nil {
+			return
+		}
+		sz = uint32(p[1])
+		return
+	case mbin16:
+		p, err = m.R.Next(3)
+		if err != nil {
+			return
+		}
+		sz = uint32(big.Uint16(p[1:]))
+		return
+	case mbin32:
+		p, err = m.R.Next(5)
+		if err != nil {
+			return
+		}
+		sz = uint32(big.Uint32(p[1:]))
+		return
+	default:
+		err = badPrefix(BinType, p[0])
+		return
+	}
+}
+
+// ReadExactBytes reads a MessagePack 'bin'-encoded
+// object off of the wire into the provided slice. An
+// ArrayError will be returned if the object is not
+// exactly the length of the input slice.
+func (m *Reader) ReadExactBytes(into []byte) error {
+	p, err := m.R.Peek(2)
+	if err != nil {
+		return err
+	}
+	lead := p[0]
+	var read int64 // bytes to read
+	var skip int   // prefix size to skip
+	switch lead {
+	case mbin8:
+		read = int64(p[1])
+		skip = 2
+	case mbin16:
+		p, err = m.R.Peek(3)
+		if err != nil {
+			return err
+		}
+		read = int64(big.Uint16(p[1:]))
+		skip = 3
+	case mbin32:
+		p, err = m.R.Peek(5)
+		if err != nil {
+			return err
+		}
+		read = int64(big.Uint32(p[1:]))
+		skip = 5
+	default:
+		return badPrefix(BinType, lead)
+	}
+	if read != int64(len(into)) {
+		return ArrayError{Wanted: uint32(len(into)), Got: uint32(read)}
+	}
+	m.R.Skip(skip)
+	_, err = m.R.ReadFull(into)
+	return err
+}
+
+// ReadStringAsBytes reads a MessagePack 'str' (utf-8) string
+// and returns its value as bytes. It may use 'scratch' for storage
+// if it is non-nil.
+func (m *Reader) ReadStringAsBytes(scratch []byte) (b []byte, err error) {
+	var p []byte
+	var lead byte
+	p, err = m.R.Peek(1)
+	if err != nil {
+		return
+	}
+	lead = p[0]
+	var read int64
+
+	if isfixstr(lead) {
+		read = int64(rfixstr(lead))
+		m.R.Skip(1)
+		goto fill
+	}
+
+	switch lead {
+	case mstr8:
+		p, err = m.R.Next(2)
+		if err != nil {
+			return
+		}
+		read = int64(uint8(p[1]))
+	case mstr16:
+		p, err = m.R.Next(3)
+		if err != nil {
+			return
+		}
+		read = int64(big.Uint16(p[1:]))
+	case mstr32:
+		p, err = m.R.Next(5)
+		if err != nil {
+			return
+		}
+		read = int64(big.Uint32(p[1:]))
+	default:
+		err = badPrefix(StrType, lead)
+		return
+	}
+fill:
+	if int64(cap(scratch)) < read {
+		b = make([]byte, read)
+	} else {
+		b = scratch[0:read]
+	}
+	_, err = m.R.ReadFull(b)
+	return
+}
+
+// ReadStringHeader reads a string header
+// off of the wire. The user is then responsible
+// for dealing with the next 'sz' bytes from
+// the reader in an application-specific manner.
+func (m *Reader) ReadStringHeader() (sz uint32, err error) {
+	var p []byte
+	p, err = m.R.Peek(1)
+	if err != nil {
+		return
+	}
+	lead := p[0]
+	if isfixstr(lead) {
+		sz = uint32(rfixstr(lead))
+		m.R.Skip(1)
+		return
+	}
+	switch lead {
+	case mstr8:
+		p, err = m.R.Next(2)
+		if err != nil {
+			return
+		}
+		sz = uint32(p[1])
+		return
+	case mstr16:
+		p, err = m.R.Next(3)
+		if err != nil {
+			return
+		}
+		sz = uint32(big.Uint16(p[1:]))
+		return
+	case mstr32:
+		p, err = m.R.Next(5)
+		if err != nil {
+			return
+		}
+		sz = big.Uint32(p[1:])
+		return
+	default:
+		err = badPrefix(StrType, lead)
+		return
+	}
+}
+
+// ReadString reads a utf-8 string from the reader
+func (m *Reader) ReadString() (s string, err error) {
+	var p []byte
+	var lead byte
+	var read int64
+	p, err = m.R.Peek(1)
+	if err != nil {
+		return
+	}
+	lead = p[0]
+
+	if isfixstr(lead) {
+		read = int64(rfixstr(lead))
+		m.R.Skip(1)
+		goto fill
+	}
+
+	switch lead {
+	case mstr8:
+		p, err = m.R.Next(2)
+		if err != nil {
+			return
+		}
+		read = int64(uint8(p[1]))
+	case mstr16:
+		p, err = m.R.Next(3)
+		if err != nil {
+			return
+		}
+		read = int64(big.Uint16(p[1:]))
+	case mstr32:
+		p, err = m.R.Next(5)
+		if err != nil {
+			return
+		}
+		read = int64(big.Uint32(p[1:]))
+	default:
+		err = badPrefix(StrType, lead)
+		return
+	}
+fill:
+	if read == 0 {
+		s, err = "", nil
+		return
+	}
+	// reading into the memory
+	// that will become the string
+	// itself has vastly superior
+	// worst-case performance, because
+	// the reader buffer doesn't have
+	// to be large enough to hold the string.
+	// the idea here is to make it more
+	// difficult for someone malicious
+	// to cause the system to run out of
+	// memory by sending very large strings.
+	//
+	// NOTE: this works because the argument
+	// passed to (*fwd.Reader).ReadFull escapes
+	// to the heap; its argument may, in turn,
+	// be passed to the underlying reader, and
+	// thus escape analysis *must* conclude that
+	// 'out' escapes.
+	out := make([]byte, read)
+	_, err = m.R.ReadFull(out)
+	if err != nil {
+		return
+	}
+	s = UnsafeString(out)
+	return
+}
+
+// ReadComplex64 reads a complex64 from the reader
+func (m *Reader) ReadComplex64() (f complex64, err error) {
+	var p []byte
+	p, err = m.R.Peek(10)
+	if err != nil {
+		return
+	}
+	if p[0] != mfixext8 {
+		err = badPrefix(Complex64Type, p[0])
+		return
+	}
+	if int8(p[1]) != Complex64Extension {
+		err = errExt(int8(p[1]), Complex64Extension)
+		return
+	}
+	f = complex(math.Float32frombits(big.Uint32(p[2:])),
+		math.Float32frombits(big.Uint32(p[6:])))
+	_, err = m.R.Skip(10)
+	return
+}
+
+// ReadComplex128 reads a complex128 from the reader
+func (m *Reader) ReadComplex128() (f complex128, err error) {
+	var p []byte
+	p, err = m.R.Peek(18)
+	if err != nil {
+		return
+	}
+	if p[0] != mfixext16 {
+		err = badPrefix(Complex128Type, p[0])
+		return
+	}
+	if int8(p[1]) != Complex128Extension {
+		err = errExt(int8(p[1]), Complex128Extension)
+		return
+	}
+	f = complex(math.Float64frombits(big.Uint64(p[2:])),
+		math.Float64frombits(big.Uint64(p[10:])))
+	_, err = m.R.Skip(18)
+	return
+}
+
+// ReadMapStrIntf reads a MessagePack map into a map[string]interface{}.
+// (You must pass a non-nil map into the function.)
+func (m *Reader) ReadMapStrIntf(mp map[string]interface{}) (err error) {
+	var sz uint32
+	sz, err = m.ReadMapHeader()
+	if err != nil {
+		return
+	}
+	for key := range mp {
+		delete(mp, key)
+	}
+	for i := uint32(0); i < sz; i++ {
+		var key string
+		var val interface{}
+		key, err = m.ReadString()
+		if err != nil {
+			return
+		}
+		val, err = m.ReadIntf()
+		if err != nil {
+			return
+		}
+		mp[key] = val
+	}
+	return
+}
+
+// ReadTime reads a time.Time object from the reader.
+// The returned time's location will be set to time.Local.
+func (m *Reader) ReadTime() (t time.Time, err error) {
+	var p []byte
+	p, err = m.R.Peek(15)
+	if err != nil {
+		return
+	}
+	if p[0] != mext8 || p[1] != 12 {
+		err = badPrefix(TimeType, p[0])
+		return
+	}
+	if int8(p[2]) != TimeExtension {
+		err = errExt(int8(p[2]), TimeExtension)
+		return
+	}
+	sec, nsec := getUnix(p[3:])
+	t = time.Unix(sec, int64(nsec)).Local()
+	_, err = m.R.Skip(15)
+	return
+}
+
+// ReadIntf reads out the next object as a raw interface{}.
+// Arrays are decoded as []interface{}, and maps are decoded
+// as map[string]interface{}. Integers are decoded as int64
+// and unsigned integers are decoded as uint64.
+func (m *Reader) ReadIntf() (i interface{}, err error) {
+	var t Type
+	t, err = m.NextType()
+	if err != nil {
+		return
+	}
+	switch t {
+	case BoolType:
+		i, err = m.ReadBool()
+		return
+
+	case IntType:
+		i, err = m.ReadInt64()
+		return
+
+	case UintType:
+		i, err = m.ReadUint64()
+		return
+
+	case BinType:
+		i, err = m.ReadBytes(nil)
+		return
+
+	case StrType:
+		i, err = m.ReadString()
+		return
+
+	case Complex64Type:
+		i, err = m.ReadComplex64()
+		return
+
+	case Complex128Type:
+		i, err = m.ReadComplex128()
+		return
+
+	case TimeType:
+		i, err = m.ReadTime()
+		return
+
+	case DurationType:
+		i, err = m.ReadDuration()
+		return
+
+	case ExtensionType:
+		var t int8
+		t, err = m.peekExtensionType()
+		if err != nil {
+			return
+		}
+		f, ok := extensionReg[t]
+		if ok {
+			e := f()
+			err = m.ReadExtension(e)
+			i = e
+			return
+		}
+		var e RawExtension
+		e.Type = t
+		err = m.ReadExtension(&e)
+		i = &e
+		return
+
+	case MapType:
+		mp := make(map[string]interface{})
+		err = m.ReadMapStrIntf(mp)
+		i = mp
+		return
+
+	case NilType:
+		err = m.ReadNil()
+		i = nil
+		return
+
+	case Float32Type:
+		i, err = m.ReadFloat32()
+		return
+
+	case Float64Type:
+		i, err = m.ReadFloat64()
+		return
+
+	case ArrayType:
+		var sz uint32
+		sz, err = m.ReadArrayHeader()
+
+		if err != nil {
+			return
+		}
+		out := make([]interface{}, int(sz))
+		for j := range out {
+			out[j], err = m.ReadIntf()
+			if err != nil {
+				return
+			}
+		}
+		i = out
+		return
+
+	default:
+		return nil, fatal // unreachable
+	}
+}
diff --git a/vendor/github.com/tinylib/msgp/msgp/read_bytes.go b/vendor/github.com/tinylib/msgp/msgp/read_bytes.go
new file mode 100644
index 000000000..a204ac4b9
--- /dev/null
+++ b/vendor/github.com/tinylib/msgp/msgp/read_bytes.go
@@ -0,0 +1,1303 @@
+package msgp
+
+import (
+	"bytes"
+	"encoding/binary"
+	"math"
+	"time"
+)
+
+var big = binary.BigEndian
+
+// NextType returns the type of the next
+// object in the slice. If the length
+// of the input is zero, it returns
+// [InvalidType].
+func NextType(b []byte) Type {
+	if len(b) == 0 {
+		return InvalidType
+	}
+	spec := getBytespec(b[0])
+	t := spec.typ
+	if t == ExtensionType && len(b) > int(spec.size) {
+		var tp int8
+		if spec.extra == constsize {
+			tp = int8(b[1])
+		} else {
+			tp = int8(b[spec.size-1])
+		}
+		switch tp {
+		case TimeExtension:
+			return TimeType
+		case Complex128Extension:
+			return Complex128Type
+		case Complex64Extension:
+			return Complex64Type
+		default:
+			return ExtensionType
+		}
+	}
+	return t
+}
+
+// IsNil returns true if len(b)>0 and
+// the leading byte is a 'nil' MessagePack
+// byte; false otherwise
+func IsNil(b []byte) bool {
+	if len(b) != 0 && b[0] == mnil {
+		return true
+	}
+	return false
+}
+
+// Raw is raw MessagePack.
+// Raw allows you to read and write
+// data without interpreting its contents.
+type Raw []byte
+
+// MarshalMsg implements [Marshaler].
+// It appends the raw contents of 'raw'
+// to the provided byte slice. If 'raw'
+// is 0 bytes, 'nil' will be appended instead.
+func (r Raw) MarshalMsg(b []byte) ([]byte, error) {
+	i := len(r)
+	if i == 0 {
+		return AppendNil(b), nil
+	}
+	o, l := ensure(b, i)
+	copy(o[l:], []byte(r))
+	return o, nil
+}
+
+// UnmarshalMsg implements [Unmarshaler].
+// It sets the contents of *Raw to be the next
+// object in the provided byte slice.
+func (r *Raw) UnmarshalMsg(b []byte) ([]byte, error) {
+	l := len(b)
+	out, err := Skip(b)
+	if err != nil {
+		return b, err
+	}
+	rlen := l - len(out)
+	if IsNil(b[:rlen]) {
+		rlen = 0
+	}
+	if cap(*r) < rlen {
+		*r = make(Raw, rlen)
+	} else {
+		*r = (*r)[0:rlen]
+	}
+	copy(*r, b[:rlen])
+	return out, nil
+}
+
+// EncodeMsg implements [Encodable].
+// It writes the raw bytes to the writer.
+// If r is empty, it writes 'nil' instead.
+func (r Raw) EncodeMsg(w *Writer) error {
+	if len(r) == 0 {
+		return w.WriteNil()
+	}
+	_, err := w.Write([]byte(r))
+	return err
+}
+
+// DecodeMsg implements [Decodable].
+// It sets the value of *Raw to be the
+// next object on the wire.
+func (r *Raw) DecodeMsg(f *Reader) error {
+	*r = (*r)[:0]
+	err := appendNext(f, (*[]byte)(r))
+	if IsNil(*r) {
+		*r = (*r)[:0]
+	}
+	return err
+}
+
+// Msgsize implements [Sizer].
+func (r Raw) Msgsize() int {
+	l := len(r)
+	if l == 0 {
+		return 1 // for 'nil'
+	}
+	return l
+}
+
+func appendNext(f *Reader, d *[]byte) error {
+	amt, o, err := getNextSize(f.R)
+	if err != nil {
+		return err
+	}
+	var i int
+	*d, i = ensure(*d, int(amt))
+	_, err = f.R.ReadFull((*d)[i:])
+	if err != nil {
+		return err
+	}
+	for o > 0 {
+		err = appendNext(f, d)
+		if err != nil {
+			return err
+		}
+		o--
+	}
+	return nil
+}
+
+// MarshalJSON implements [json.Marshaler].
+func (r *Raw) MarshalJSON() ([]byte, error) {
+	var buf bytes.Buffer
+	_, err := UnmarshalAsJSON(&buf, []byte(*r))
+	return buf.Bytes(), err
+}
+
+// ReadMapHeaderBytes reads a map header size
+// from 'b' and returns the remaining bytes.
+//
+// Possible errors:
+//
+//   - [ErrShortBytes] (too few bytes)
+//   - [TypeError] (not a map)
+func ReadMapHeaderBytes(b []byte) (sz uint32, o []byte, err error) {
+	l := len(b)
+	if l < 1 {
+		err = ErrShortBytes
+		return
+	}
+
+	lead := b[0]
+	if isfixmap(lead) {
+		sz = uint32(rfixmap(lead))
+		o = b[1:]
+		return
+	}
+
+	switch lead {
+	case mmap16:
+		if l < 3 {
+			err = ErrShortBytes
+			return
+		}
+		sz = uint32(big.Uint16(b[1:]))
+		o = b[3:]
+		return
+
+	case mmap32:
+		if l < 5 {
+			err = ErrShortBytes
+			return
+		}
+		sz = big.Uint32(b[1:])
+		o = b[5:]
+		return
+
+	default:
+		err = badPrefix(MapType, lead)
+		return
+	}
+}
+
+// ReadMapKeyZC attempts to read a map key
+// from 'b' and returns the key bytes and the remaining bytes
+//
+// Possible errors:
+//
+//   - [ErrShortBytes] (too few bytes)
+//   - [TypeError] (not a str or bin)
+func ReadMapKeyZC(b []byte) ([]byte, []byte, error) {
+	o, x, err := ReadStringZC(b)
+	if err != nil {
+		if tperr, ok := err.(TypeError); ok && tperr.Encoded == BinType {
+			return ReadBytesZC(b)
+		}
+		return nil, b, err
+	}
+	return o, x, nil
+}
+
+// ReadArrayHeaderBytes attempts to read
+// the array header size off of 'b' and return
+// the size and remaining bytes.
+//
+// Possible errors:
+//
+//   - [ErrShortBytes] (too few bytes)
+//   - [TypeError] (not an array)
+func ReadArrayHeaderBytes(b []byte) (sz uint32, o []byte, err error) {
+	if len(b) < 1 {
+		return 0, nil, ErrShortBytes
+	}
+	lead := b[0]
+	if isfixarray(lead) {
+		sz = uint32(rfixarray(lead))
+		o = b[1:]
+		return
+	}
+
+	switch lead {
+	case marray16:
+		if len(b) < 3 {
+			err = ErrShortBytes
+			return
+		}
+		sz = uint32(big.Uint16(b[1:]))
+		o = b[3:]
+		return
+
+	case marray32:
+		if len(b) < 5 {
+			err = ErrShortBytes
+			return
+		}
+		sz = big.Uint32(b[1:])
+		o = b[5:]
+		return
+
+	default:
+		err = badPrefix(ArrayType, lead)
+		return
+	}
+}
+
+// ReadBytesHeader reads the 'bin' header size
+// off of 'b' and returns the size and remaining bytes.
+//
+// Possible errors:
+//
+//   - [ErrShortBytes] (too few bytes)
+//   - [TypeError] (not a bin object)
+func ReadBytesHeader(b []byte) (sz uint32, o []byte, err error) {
+	if len(b) < 1 {
+		return 0, nil, ErrShortBytes
+	}
+	switch b[0] {
+	case mbin8:
+		if len(b) < 2 {
+			err = ErrShortBytes
+			return
+		}
+		sz = uint32(b[1])
+		o = b[2:]
+		return
+	case mbin16:
+		if len(b) < 3 {
+			err = ErrShortBytes
+			return
+		}
+		sz = uint32(big.Uint16(b[1:]))
+		o = b[3:]
+		return
+	case mbin32:
+		if len(b) < 5 {
+			err = ErrShortBytes
+			return
+		}
+		sz = big.Uint32(b[1:])
+		o = b[5:]
+		return
+	default:
+		err = badPrefix(BinType, b[0])
+		return
+	}
+}
+
+// ReadNilBytes tries to read a "nil" byte
+// off of 'b' and return the remaining bytes.
+//
+// Possible errors:
+//
+//   - [ErrShortBytes] (too few bytes)
+//   - [TypeError] (not a 'nil')
+//   - [InvalidPrefixError]
+func ReadNilBytes(b []byte) ([]byte, error) {
+	if len(b) < 1 {
+		return nil, ErrShortBytes
+	}
+	if b[0] != mnil {
+		return b, badPrefix(NilType, b[0])
+	}
+	return b[1:], nil
+}
+
+// ReadFloat64Bytes tries to read a float64
+// from 'b' and return the value and the remaining bytes.
+//
+// Possible errors:
+//
+//   - [ErrShortBytes] (too few bytes)
+//   - [TypeError] (not a float64)
+func ReadFloat64Bytes(b []byte) (f float64, o []byte, err error) {
+	if len(b) < 9 {
+		if len(b) >= 5 && b[0] == mfloat32 {
+			var tf float32
+			tf, o, err = ReadFloat32Bytes(b)
+			f = float64(tf)
+			return
+		}
+		err = ErrShortBytes
+		return
+	}
+
+	if b[0] != mfloat64 {
+		if b[0] == mfloat32 {
+			var tf float32
+			tf, o, err = ReadFloat32Bytes(b)
+			f = float64(tf)
+			return
+		}
+		err = badPrefix(Float64Type, b[0])
+		return
+	}
+
+	f = math.Float64frombits(getMuint64(b))
+	o = b[9:]
+	return
+}
+
+// ReadFloat32Bytes tries to read a float64
+// from 'b' and return the value and the remaining bytes.
+//
+// Possible errors:
+//
+//   - [ErrShortBytes] (too few bytes)
+//   - [TypeError] (not a float32)
+func ReadFloat32Bytes(b []byte) (f float32, o []byte, err error) {
+	if len(b) < 5 {
+		err = ErrShortBytes
+		return
+	}
+
+	if b[0] != mfloat32 {
+		err = TypeError{Method: Float32Type, Encoded: getType(b[0])}
+		return
+	}
+
+	f = math.Float32frombits(getMuint32(b))
+	o = b[5:]
+	return
+}
+
+// ReadBoolBytes tries to read a float64
+// from 'b' and return the value and the remaining bytes.
+//
+// Possible errors:
+//
+//   - [ErrShortBytes] (too few bytes)
+//   - [TypeError] (not a bool)
+func ReadBoolBytes(b []byte) (bool, []byte, error) {
+	if len(b) < 1 {
+		return false, b, ErrShortBytes
+	}
+	switch b[0] {
+	case mtrue:
+		return true, b[1:], nil
+	case mfalse:
+		return false, b[1:], nil
+	default:
+		return false, b, badPrefix(BoolType, b[0])
+	}
+}
+
+// ReadDurationBytes tries to read a time.Duration
+// from 'b' and return the value and the remaining bytes.
+//
+// Possible errors:
+//
+//   - [ErrShortBytes] (too few bytes)
+//   - TypeError (not a int)
+func ReadDurationBytes(b []byte) (d time.Duration, o []byte, err error) {
+	i, o, err := ReadInt64Bytes(b)
+	return time.Duration(i), o, err
+}
+
+// ReadInt64Bytes tries to read an int64
+// from 'b' and return the value and the remaining bytes.
+//
+// Possible errors:
+//
+//   - [ErrShortBytes] (too few bytes)
+//   - [TypeError] (not a int)
+func ReadInt64Bytes(b []byte) (i int64, o []byte, err error) {
+	l := len(b)
+	if l < 1 {
+		return 0, nil, ErrShortBytes
+	}
+
+	lead := b[0]
+	if isfixint(lead) {
+		i = int64(rfixint(lead))
+		o = b[1:]
+		return
+	}
+	if isnfixint(lead) {
+		i = int64(rnfixint(lead))
+		o = b[1:]
+		return
+	}
+
+	switch lead {
+	case mint8:
+		if l < 2 {
+			err = ErrShortBytes
+			return
+		}
+		i = int64(getMint8(b))
+		o = b[2:]
+		return
+
+	case muint8:
+		if l < 2 {
+			err = ErrShortBytes
+			return
+		}
+		i = int64(getMuint8(b))
+		o = b[2:]
+		return
+
+	case mint16:
+		if l < 3 {
+			err = ErrShortBytes
+			return
+		}
+		i = int64(getMint16(b))
+		o = b[3:]
+		return
+
+	case muint16:
+		if l < 3 {
+			err = ErrShortBytes
+			return
+		}
+		i = int64(getMuint16(b))
+		o = b[3:]
+		return
+
+	case mint32:
+		if l < 5 {
+			err = ErrShortBytes
+			return
+		}
+		i = int64(getMint32(b))
+		o = b[5:]
+		return
+
+	case muint32:
+		if l < 5 {
+			err = ErrShortBytes
+			return
+		}
+		i = int64(getMuint32(b))
+		o = b[5:]
+		return
+
+	case mint64:
+		if l < 9 {
+			err = ErrShortBytes
+			return
+		}
+		i = int64(getMint64(b))
+		o = b[9:]
+		return
+
+	case muint64:
+		if l < 9 {
+			err = ErrShortBytes
+			return
+		}
+		u := getMuint64(b)
+		if u > math.MaxInt64 {
+			err = UintOverflow{Value: u, FailedBitsize: 64}
+			return
+		}
+		i = int64(u)
+		o = b[9:]
+		return
+
+	default:
+		err = badPrefix(IntType, lead)
+		return
+	}
+}
+
+// ReadInt32Bytes tries to read an int32
+// from 'b' and return the value and the remaining bytes.
+//
+// Possible errors:
+//
+//   - [ErrShortBytes] (too few bytes)
+//   - [TypeError] (not a int)
+//   - [IntOverflow] (value doesn't fit in int32)
+func ReadInt32Bytes(b []byte) (int32, []byte, error) {
+	i, o, err := ReadInt64Bytes(b)
+	if i > math.MaxInt32 || i < math.MinInt32 {
+		return 0, o, IntOverflow{Value: i, FailedBitsize: 32}
+	}
+	return int32(i), o, err
+}
+
+// ReadInt16Bytes tries to read an int16
+// from 'b' and return the value and the remaining bytes.
+//
+// Possible errors:
+//
+//   - [ErrShortBytes] (too few bytes)
+//   - [TypeError] (not a int)
+//   - [IntOverflow] (value doesn't fit in int16)
+func ReadInt16Bytes(b []byte) (int16, []byte, error) {
+	i, o, err := ReadInt64Bytes(b)
+	if i > math.MaxInt16 || i < math.MinInt16 {
+		return 0, o, IntOverflow{Value: i, FailedBitsize: 16}
+	}
+	return int16(i), o, err
+}
+
+// ReadInt8Bytes tries to read an int16
+// from 'b' and return the value and the remaining bytes.
+//
+// Possible errors:
+//
+//   - [ErrShortBytes] (too few bytes)
+//   - [TypeError] (not a int)
+//   - [IntOverflow] (value doesn't fit in int8)
+func ReadInt8Bytes(b []byte) (int8, []byte, error) {
+	i, o, err := ReadInt64Bytes(b)
+	if i > math.MaxInt8 || i < math.MinInt8 {
+		return 0, o, IntOverflow{Value: i, FailedBitsize: 8}
+	}
+	return int8(i), o, err
+}
+
+// ReadIntBytes tries to read an int
+// from 'b' and return the value and the remaining bytes.
+//
+// Possible errors:
+//
+//   - [ErrShortBytes] (too few bytes)
+//   - [TypeError] (not a int)
+//   - [IntOverflow] (value doesn't fit in int; 32-bit platforms only)
+func ReadIntBytes(b []byte) (int, []byte, error) {
+	if smallint {
+		i, b, err := ReadInt32Bytes(b)
+		return int(i), b, err
+	}
+	i, b, err := ReadInt64Bytes(b)
+	return int(i), b, err
+}
+
+// ReadUint64Bytes tries to read a uint64
+// from 'b' and return the value and the remaining bytes.
+//
+// Possible errors:
+//
+//   - [ErrShortBytes] (too few bytes)
+//   - [TypeError] (not a uint)
+func ReadUint64Bytes(b []byte) (u uint64, o []byte, err error) {
+	l := len(b)
+	if l < 1 {
+		return 0, nil, ErrShortBytes
+	}
+
+	lead := b[0]
+	if isfixint(lead) {
+		u = uint64(rfixint(lead))
+		o = b[1:]
+		return
+	}
+
+	switch lead {
+	case mint8:
+		if l < 2 {
+			err = ErrShortBytes
+			return
+		}
+		v := int64(getMint8(b))
+		if v < 0 {
+			err = UintBelowZero{Value: v}
+			return
+		}
+		u = uint64(v)
+		o = b[2:]
+		return
+
+	case muint8:
+		if l < 2 {
+			err = ErrShortBytes
+			return
+		}
+		u = uint64(getMuint8(b))
+		o = b[2:]
+		return
+
+	case mint16:
+		if l < 3 {
+			err = ErrShortBytes
+			return
+		}
+		v := int64(getMint16(b))
+		if v < 0 {
+			err = UintBelowZero{Value: v}
+			return
+		}
+		u = uint64(v)
+		o = b[3:]
+		return
+
+	case muint16:
+		if l < 3 {
+			err = ErrShortBytes
+			return
+		}
+		u = uint64(getMuint16(b))
+		o = b[3:]
+		return
+
+	case mint32:
+		if l < 5 {
+			err = ErrShortBytes
+			return
+		}
+		v := int64(getMint32(b))
+		if v < 0 {
+			err = UintBelowZero{Value: v}
+			return
+		}
+		u = uint64(v)
+		o = b[5:]
+		return
+
+	case muint32:
+		if l < 5 {
+			err = ErrShortBytes
+			return
+		}
+		u = uint64(getMuint32(b))
+		o = b[5:]
+		return
+
+	case mint64:
+		if l < 9 {
+			err = ErrShortBytes
+			return
+		}
+		v := int64(getMint64(b))
+		if v < 0 {
+			err = UintBelowZero{Value: v}
+			return
+		}
+		u = uint64(v)
+		o = b[9:]
+		return
+
+	case muint64:
+		if l < 9 {
+			err = ErrShortBytes
+			return
+		}
+		u = getMuint64(b)
+		o = b[9:]
+		return
+
+	default:
+		if isnfixint(lead) {
+			err = UintBelowZero{Value: int64(rnfixint(lead))}
+		} else {
+			err = badPrefix(UintType, lead)
+		}
+		return
+	}
+}
+
+// ReadUint32Bytes tries to read a uint32
+// from 'b' and return the value and the remaining bytes.
+//
+// Possible errors:
+//
+//   - [ErrShortBytes] (too few bytes)
+//   - [TypeError] (not a uint)
+//   - [UintOverflow] (value too large for uint32)
+func ReadUint32Bytes(b []byte) (uint32, []byte, error) {
+	v, o, err := ReadUint64Bytes(b)
+	if v > math.MaxUint32 {
+		return 0, nil, UintOverflow{Value: v, FailedBitsize: 32}
+	}
+	return uint32(v), o, err
+}
+
+// ReadUint16Bytes tries to read a uint16
+// from 'b' and return the value and the remaining bytes.
+//
+// Possible errors:
+//
+//   - [ErrShortBytes] (too few bytes)
+//   - [TypeError] (not a uint)
+//   - [UintOverflow] (value too large for uint16)
+func ReadUint16Bytes(b []byte) (uint16, []byte, error) {
+	v, o, err := ReadUint64Bytes(b)
+	if v > math.MaxUint16 {
+		return 0, nil, UintOverflow{Value: v, FailedBitsize: 16}
+	}
+	return uint16(v), o, err
+}
+
+// ReadUint8Bytes tries to read a uint8
+// from 'b' and return the value and the remaining bytes.
+//
+// Possible errors:
+//
+//   - [ErrShortBytes] (too few bytes)
+//   - [TypeError] (not a uint)
+//   - [UintOverflow] (value too large for uint8)
+func ReadUint8Bytes(b []byte) (uint8, []byte, error) {
+	v, o, err := ReadUint64Bytes(b)
+	if v > math.MaxUint8 {
+		return 0, nil, UintOverflow{Value: v, FailedBitsize: 8}
+	}
+	return uint8(v), o, err
+}
+
+// ReadUintBytes tries to read a uint
+// from 'b' and return the value and the remaining bytes.
+//
+// Possible errors:
+//
+//   - [ErrShortBytes] (too few bytes)
+//   - [TypeError] (not a uint)
+//   - [UintOverflow] (value too large for uint; 32-bit platforms only)
+func ReadUintBytes(b []byte) (uint, []byte, error) {
+	if smallint {
+		u, b, err := ReadUint32Bytes(b)
+		return uint(u), b, err
+	}
+	u, b, err := ReadUint64Bytes(b)
+	return uint(u), b, err
+}
+
+// ReadByteBytes is analogous to ReadUint8Bytes
+func ReadByteBytes(b []byte) (byte, []byte, error) {
+	return ReadUint8Bytes(b)
+}
+
+// ReadBytesBytes reads a 'bin' object
+// from 'b' and returns its vaue and
+// the remaining bytes in 'b'.
+//
+// Possible errors:
+//
+//   - [ErrShortBytes] (too few bytes)
+//   - [TypeError] (not a 'bin' object)
+func ReadBytesBytes(b []byte, scratch []byte) (v []byte, o []byte, err error) {
+	return readBytesBytes(b, scratch, false)
+}
+
+func readBytesBytes(b []byte, scratch []byte, zc bool) (v []byte, o []byte, err error) {
+	l := len(b)
+	if l < 1 {
+		return nil, nil, ErrShortBytes
+	}
+
+	lead := b[0]
+	var read int
+	switch lead {
+	case mbin8:
+		if l < 2 {
+			err = ErrShortBytes
+			return
+		}
+
+		read = int(b[1])
+		b = b[2:]
+
+	case mbin16:
+		if l < 3 {
+			err = ErrShortBytes
+			return
+		}
+		read = int(big.Uint16(b[1:]))
+		b = b[3:]
+
+	case mbin32:
+		if l < 5 {
+			err = ErrShortBytes
+			return
+		}
+		read = int(big.Uint32(b[1:]))
+		b = b[5:]
+
+	default:
+		err = badPrefix(BinType, lead)
+		return
+	}
+
+	if len(b) < read {
+		err = ErrShortBytes
+		return
+	}
+
+	// zero-copy
+	if zc {
+		v = b[0:read]
+		o = b[read:]
+		return
+	}
+
+	if cap(scratch) >= read {
+		v = scratch[0:read]
+	} else {
+		v = make([]byte, read)
+	}
+
+	o = b[copy(v, b):]
+	return
+}
+
+// ReadBytesZC extracts the messagepack-encoded
+// binary field without copying. The returned []byte
+// points to the same memory as the input slice.
+//
+// Possible errors:
+//
+//   - [ErrShortBytes] (b not long enough)
+//   - [TypeError] (object not 'bin')
+func ReadBytesZC(b []byte) (v []byte, o []byte, err error) {
+	return readBytesBytes(b, nil, true)
+}
+
+func ReadExactBytes(b []byte, into []byte) (o []byte, err error) {
+	l := len(b)
+	if l < 1 {
+		err = ErrShortBytes
+		return
+	}
+
+	lead := b[0]
+	var read uint32
+	var skip int
+	switch lead {
+	case mbin8:
+		if l < 2 {
+			err = ErrShortBytes
+			return
+		}
+
+		read = uint32(b[1])
+		skip = 2
+
+	case mbin16:
+		if l < 3 {
+			err = ErrShortBytes
+			return
+		}
+		read = uint32(big.Uint16(b[1:]))
+		skip = 3
+
+	case mbin32:
+		if l < 5 {
+			err = ErrShortBytes
+			return
+		}
+		read = uint32(big.Uint32(b[1:]))
+		skip = 5
+
+	default:
+		err = badPrefix(BinType, lead)
+		return
+	}
+
+	if read != uint32(len(into)) {
+		err = ArrayError{Wanted: uint32(len(into)), Got: read}
+		return
+	}
+
+	o = b[skip+copy(into, b[skip:]):]
+	return
+}
+
+// ReadStringZC reads a messagepack string field
+// without copying. The returned []byte points
+// to the same memory as the input slice.
+//
+// Possible errors:
+//
+//   - [ErrShortBytes] (b not long enough)
+//   - [TypeError] (object not 'str')
+func ReadStringZC(b []byte) (v []byte, o []byte, err error) {
+	l := len(b)
+	if l < 1 {
+		return nil, nil, ErrShortBytes
+	}
+
+	lead := b[0]
+	var read int
+
+	if isfixstr(lead) {
+		read = int(rfixstr(lead))
+		b = b[1:]
+	} else {
+		switch lead {
+		case mstr8:
+			if l < 2 {
+				err = ErrShortBytes
+				return
+			}
+			read = int(b[1])
+			b = b[2:]
+
+		case mstr16:
+			if l < 3 {
+				err = ErrShortBytes
+				return
+			}
+			read = int(big.Uint16(b[1:]))
+			b = b[3:]
+
+		case mstr32:
+			if l < 5 {
+				err = ErrShortBytes
+				return
+			}
+			read = int(big.Uint32(b[1:]))
+			b = b[5:]
+
+		default:
+			err = TypeError{Method: StrType, Encoded: getType(lead)}
+			return
+		}
+	}
+
+	if len(b) < read {
+		err = ErrShortBytes
+		return
+	}
+
+	v = b[0:read]
+	o = b[read:]
+	return
+}
+
+// ReadStringBytes reads a 'str' object
+// from 'b' and returns its value and the
+// remaining bytes in 'b'.
+//
+// Possible errors:
+//
+//   - [ErrShortBytes] (b not long enough)
+//   - [TypeError] (not 'str' type)
+//   - [InvalidPrefixError]
+func ReadStringBytes(b []byte) (string, []byte, error) {
+	v, o, err := ReadStringZC(b)
+	return string(v), o, err
+}
+
+// ReadStringAsBytes reads a 'str' object
+// into a slice of bytes. 'v' is the value of
+// the 'str' object, which may reside in memory
+// pointed to by 'scratch.' 'o' is the remaining bytes
+// in 'b'.
+//
+// Possible errors:
+//
+//   - [ErrShortBytes] (b not long enough)
+//   - [TypeError] (not 'str' type)
+//   - [InvalidPrefixError] (unknown type marker)
+func ReadStringAsBytes(b []byte, scratch []byte) (v []byte, o []byte, err error) {
+	var tmp []byte
+	tmp, o, err = ReadStringZC(b)
+	v = append(scratch[:0], tmp...)
+	return
+}
+
+// ReadComplex128Bytes reads a complex128
+// extension object from 'b' and returns the
+// remaining bytes.
+//
+// Possible errors:
+//
+//   - [ErrShortBytes] (not enough bytes in 'b')
+//   - [TypeError] (object not a complex128)
+//   - [InvalidPrefixError]
+//   - [ExtensionTypeError] (object an extension of the correct size, but not a complex128)
+func ReadComplex128Bytes(b []byte) (c complex128, o []byte, err error) {
+	if len(b) < 18 {
+		err = ErrShortBytes
+		return
+	}
+	if b[0] != mfixext16 {
+		err = badPrefix(Complex128Type, b[0])
+		return
+	}
+	if int8(b[1]) != Complex128Extension {
+		err = errExt(int8(b[1]), Complex128Extension)
+		return
+	}
+	c = complex(math.Float64frombits(big.Uint64(b[2:])),
+		math.Float64frombits(big.Uint64(b[10:])))
+	o = b[18:]
+	return
+}
+
+// ReadComplex64Bytes reads a complex64
+// extension object from 'b' and returns the
+// remaining bytes.
+//
+// Possible errors:
+//
+//   - [ErrShortBytes] (not enough bytes in 'b')
+//   - [TypeError] (object not a complex64)
+//   - [ExtensionTypeError] (object an extension of the correct size, but not a complex64)
+func ReadComplex64Bytes(b []byte) (c complex64, o []byte, err error) {
+	if len(b) < 10 {
+		err = ErrShortBytes
+		return
+	}
+	if b[0] != mfixext8 {
+		err = badPrefix(Complex64Type, b[0])
+		return
+	}
+	if b[1] != Complex64Extension {
+		err = errExt(int8(b[1]), Complex64Extension)
+		return
+	}
+	c = complex(math.Float32frombits(big.Uint32(b[2:])),
+		math.Float32frombits(big.Uint32(b[6:])))
+	o = b[10:]
+	return
+}
+
+// ReadTimeBytes reads a time.Time
+// extension object from 'b' and returns the
+// remaining bytes.
+//
+// Possible errors:
+//
+//   - [ErrShortBytes] (not enough bytes in 'b')
+//   - [TypeError] (object not a complex64)
+//   - [ExtensionTypeError] (object an extension of the correct size, but not a time.Time)
+func ReadTimeBytes(b []byte) (t time.Time, o []byte, err error) {
+	if len(b) < 15 {
+		err = ErrShortBytes
+		return
+	}
+	if b[0] != mext8 || b[1] != 12 {
+		err = badPrefix(TimeType, b[0])
+		return
+	}
+	if int8(b[2]) != TimeExtension {
+		err = errExt(int8(b[2]), TimeExtension)
+		return
+	}
+	sec, nsec := getUnix(b[3:])
+	t = time.Unix(sec, int64(nsec)).Local()
+	o = b[15:]
+	return
+}
+
+// ReadMapStrIntfBytes reads a map[string]interface{}
+// out of 'b' and returns the map and remaining bytes.
+// If 'old' is non-nil, the values will be read into that map.
+func ReadMapStrIntfBytes(b []byte, old map[string]interface{}) (v map[string]interface{}, o []byte, err error) {
+	var sz uint32
+	o = b
+	sz, o, err = ReadMapHeaderBytes(o)
+
+	if err != nil {
+		return
+	}
+
+	if old != nil {
+		for key := range old {
+			delete(old, key)
+		}
+		v = old
+	} else {
+		v = make(map[string]interface{}, int(sz))
+	}
+
+	for z := uint32(0); z < sz; z++ {
+		if len(o) < 1 {
+			err = ErrShortBytes
+			return
+		}
+		var key []byte
+		key, o, err = ReadMapKeyZC(o)
+		if err != nil {
+			return
+		}
+		var val interface{}
+		val, o, err = ReadIntfBytes(o)
+		if err != nil {
+			return
+		}
+		v[string(key)] = val
+	}
+	return
+}
+
+// ReadIntfBytes attempts to read
+// the next object out of 'b' as a raw interface{} and
+// return the remaining bytes.
+func ReadIntfBytes(b []byte) (i interface{}, o []byte, err error) {
+	if len(b) < 1 {
+		err = ErrShortBytes
+		return
+	}
+
+	k := NextType(b)
+
+	switch k {
+	case MapType:
+		i, o, err = ReadMapStrIntfBytes(b, nil)
+		return
+
+	case ArrayType:
+		var sz uint32
+		sz, o, err = ReadArrayHeaderBytes(b)
+		if err != nil {
+			return
+		}
+		j := make([]interface{}, int(sz))
+		i = j
+		for d := range j {
+			j[d], o, err = ReadIntfBytes(o)
+			if err != nil {
+				return
+			}
+		}
+		return
+
+	case Float32Type:
+		i, o, err = ReadFloat32Bytes(b)
+		return
+
+	case Float64Type:
+		i, o, err = ReadFloat64Bytes(b)
+		return
+
+	case IntType:
+		i, o, err = ReadInt64Bytes(b)
+		return
+
+	case UintType:
+		i, o, err = ReadUint64Bytes(b)
+		return
+
+	case BoolType:
+		i, o, err = ReadBoolBytes(b)
+		return
+
+	case TimeType:
+		i, o, err = ReadTimeBytes(b)
+		return
+
+	case Complex64Type:
+		i, o, err = ReadComplex64Bytes(b)
+		return
+
+	case Complex128Type:
+		i, o, err = ReadComplex128Bytes(b)
+		return
+
+	case ExtensionType:
+		var t int8
+		t, err = peekExtension(b)
+		if err != nil {
+			return
+		}
+		// use a user-defined extension,
+		// if it's been registered
+		f, ok := extensionReg[t]
+		if ok {
+			e := f()
+			o, err = ReadExtensionBytes(b, e)
+			i = e
+			return
+		}
+		// last resort is a raw extension
+		e := RawExtension{}
+		e.Type = int8(t)
+		o, err = ReadExtensionBytes(b, &e)
+		i = &e
+		return
+
+	case NilType:
+		o, err = ReadNilBytes(b)
+		return
+
+	case BinType:
+		i, o, err = ReadBytesBytes(b, nil)
+		return
+
+	case StrType:
+		i, o, err = ReadStringBytes(b)
+		return
+
+	default:
+		err = InvalidPrefixError(b[0])
+		return
+	}
+}
+
+// Skip skips the next object in 'b' and
+// returns the remaining bytes. If the object
+// is a map or array, all of its elements
+// will be skipped.
+//
+// Possible errors:
+//
+//   - [ErrShortBytes] (not enough bytes in b)
+//   - [InvalidPrefixError] (bad encoding)
+func Skip(b []byte) ([]byte, error) {
+	sz, asz, err := getSize(b)
+	if err != nil {
+		return b, err
+	}
+	if uintptr(len(b)) < sz {
+		return b, ErrShortBytes
+	}
+	b = b[sz:]
+	for asz > 0 {
+		b, err = Skip(b)
+		if err != nil {
+			return b, err
+		}
+		asz--
+	}
+	return b, nil
+}
+
+// returns (skip N bytes, skip M objects, error)
+func getSize(b []byte) (uintptr, uintptr, error) {
+	l := len(b)
+	if l == 0 {
+		return 0, 0, ErrShortBytes
+	}
+	lead := b[0]
+	spec := getBytespec(lead) // get type information
+	size, mode := spec.size, spec.extra
+	if size == 0 {
+		return 0, 0, InvalidPrefixError(lead)
+	}
+	if mode >= 0 { // fixed composites
+		return uintptr(size), uintptr(mode), nil
+	}
+	if l < int(size) {
+		return 0, 0, ErrShortBytes
+	}
+	switch mode {
+	case extra8:
+		return uintptr(size) + uintptr(b[1]), 0, nil
+	case extra16:
+		return uintptr(size) + uintptr(big.Uint16(b[1:])), 0, nil
+	case extra32:
+		return uintptr(size) + uintptr(big.Uint32(b[1:])), 0, nil
+	case map16v:
+		return uintptr(size), 2 * uintptr(big.Uint16(b[1:])), nil
+	case map32v:
+		return uintptr(size), 2 * uintptr(big.Uint32(b[1:])), nil
+	case array16v:
+		return uintptr(size), uintptr(big.Uint16(b[1:])), nil
+	case array32v:
+		return uintptr(size), uintptr(big.Uint32(b[1:])), nil
+	default:
+		return 0, 0, fatal
+	}
+}
diff --git a/vendor/github.com/tinylib/msgp/msgp/size.go b/vendor/github.com/tinylib/msgp/msgp/size.go
new file mode 100644
index 000000000..e3a613b24
--- /dev/null
+++ b/vendor/github.com/tinylib/msgp/msgp/size.go
@@ -0,0 +1,39 @@
+package msgp
+
+// The sizes provided
+// are the worst-case
+// encoded sizes for
+// each type. For variable-
+// length types ([]byte, string),
+// the total encoded size is
+// the prefix size plus the
+// length of the object.
+const (
+	Int64Size      = 9
+	IntSize        = Int64Size
+	UintSize       = Int64Size
+	Int8Size       = 2
+	Int16Size      = 3
+	Int32Size      = 5
+	Uint8Size      = 2
+	ByteSize       = Uint8Size
+	Uint16Size     = 3
+	Uint32Size     = 5
+	Uint64Size     = Int64Size
+	Float64Size    = 9
+	Float32Size    = 5
+	Complex64Size  = 10
+	Complex128Size = 18
+
+	DurationSize = Int64Size
+	TimeSize     = 15
+	BoolSize     = 1
+	NilSize      = 1
+
+	MapHeaderSize   = 5
+	ArrayHeaderSize = 5
+
+	BytesPrefixSize     = 5
+	StringPrefixSize    = 5
+	ExtensionPrefixSize = 6
+)
diff --git a/vendor/github.com/tinylib/msgp/msgp/unsafe.go b/vendor/github.com/tinylib/msgp/msgp/unsafe.go
new file mode 100644
index 000000000..06e8d8437
--- /dev/null
+++ b/vendor/github.com/tinylib/msgp/msgp/unsafe.go
@@ -0,0 +1,37 @@
+//go:build !purego && !appengine
+// +build !purego,!appengine
+
+package msgp
+
+import (
+	"unsafe"
+)
+
+// NOTE:
+// all of the definition in this file
+// should be repeated in appengine.go,
+// but without using unsafe
+
+const (
+	// spec says int and uint are always
+	// the same size, but that int/uint
+	// size may not be machine word size
+	smallint = unsafe.Sizeof(int(0)) == 4
+)
+
+// UnsafeString returns the byte slice as a volatile string
+// THIS SHOULD ONLY BE USED BY THE CODE GENERATOR.
+// THIS IS EVIL CODE.
+// YOU HAVE BEEN WARNED.
+func UnsafeString(b []byte) string {
+	return *(*string)(unsafe.Pointer(&b))
+}
+
+// UnsafeBytes returns the string as a byte slice
+//
+// Deprecated:
+// Since this code is no longer used by the code generator,
+// UnsafeBytes(s) is precisely equivalent to []byte(s)
+func UnsafeBytes(s string) []byte {
+	return []byte(s)
+}
diff --git a/vendor/github.com/tinylib/msgp/msgp/write.go b/vendor/github.com/tinylib/msgp/msgp/write.go
new file mode 100644
index 000000000..ec2f6f528
--- /dev/null
+++ b/vendor/github.com/tinylib/msgp/msgp/write.go
@@ -0,0 +1,813 @@
+package msgp
+
+import (
+	"errors"
+	"io"
+	"math"
+	"reflect"
+	"sync"
+	"time"
+)
+
+const (
+	// min buffer size for the writer
+	minWriterSize = 18
+)
+
+// Sizer is an interface implemented
+// by types that can estimate their
+// size when MessagePack encoded.
+// This interface is optional, but
+// encoding/marshaling implementations
+// may use this as a way to pre-allocate
+// memory for serialization.
+type Sizer interface {
+	Msgsize() int
+}
+
+var (
+	// Nowhere is an io.Writer to nowhere
+	Nowhere io.Writer = nwhere{}
+
+	btsType    = reflect.TypeOf(([]byte)(nil))
+	writerPool = sync.Pool{
+		New: func() interface{} {
+			return &Writer{buf: make([]byte, 2048)}
+		},
+	}
+)
+
+func popWriter(w io.Writer) *Writer {
+	wr := writerPool.Get().(*Writer)
+	wr.Reset(w)
+	return wr
+}
+
+func pushWriter(wr *Writer) {
+	wr.w = nil
+	wr.wloc = 0
+	writerPool.Put(wr)
+}
+
+// freeW frees a writer for use
+// by other processes. It is not necessary
+// to call freeW on a writer. However, maintaining
+// a reference to a *Writer after calling freeW on
+// it will cause undefined behavior.
+func freeW(w *Writer) { pushWriter(w) }
+
+// Require ensures that cap(old)-len(old) >= extra.
+func Require(old []byte, extra int) []byte {
+	l := len(old)
+	c := cap(old)
+	r := l + extra
+	if c >= r {
+		return old
+	} else if l == 0 {
+		return make([]byte, 0, extra)
+	}
+	// the new size is the greater
+	// of double the old capacity
+	// and the sum of the old length
+	// and the number of new bytes
+	// necessary.
+	c <<= 1
+	if c < r {
+		c = r
+	}
+	n := make([]byte, l, c)
+	copy(n, old)
+	return n
+}
+
+// nowhere writer
+type nwhere struct{}
+
+func (n nwhere) Write(p []byte) (int, error) { return len(p), nil }
+
+// Marshaler is the interface implemented
+// by types that know how to marshal themselves
+// as MessagePack. MarshalMsg appends the marshalled
+// form of the object to the provided
+// byte slice, returning the extended
+// slice and any errors encountered.
+type Marshaler interface {
+	MarshalMsg([]byte) ([]byte, error)
+}
+
+// Encodable is the interface implemented
+// by types that know how to write themselves
+// as MessagePack using a *msgp.Writer.
+type Encodable interface {
+	EncodeMsg(*Writer) error
+}
+
+// Writer is a buffered writer
+// that can be used to write
+// MessagePack objects to an io.Writer.
+// You must call *Writer.Flush() in order
+// to flush all of the buffered data
+// to the underlying writer.
+type Writer struct {
+	w    io.Writer
+	buf  []byte
+	wloc int
+}
+
+// NewWriter returns a new *Writer.
+func NewWriter(w io.Writer) *Writer {
+	if wr, ok := w.(*Writer); ok {
+		return wr
+	}
+	return popWriter(w)
+}
+
+// NewWriterSize returns a writer with a custom buffer size.
+func NewWriterSize(w io.Writer, sz int) *Writer {
+	// we must be able to require() 'minWriterSize'
+	// contiguous bytes, so that is the
+	// practical minimum buffer size
+	if sz < minWriterSize {
+		sz = minWriterSize
+	}
+	buf := make([]byte, sz)
+	return NewWriterBuf(w, buf)
+}
+
+// NewWriterBuf returns a writer with a provided buffer.
+// 'buf' is not used when the capacity is smaller than 18,
+// custom buffer is allocated instead.
+func NewWriterBuf(w io.Writer, buf []byte) *Writer {
+	if cap(buf) < minWriterSize {
+		buf = make([]byte, minWriterSize)
+	}
+	buf = buf[:cap(buf)]
+	return &Writer{
+		w:   w,
+		buf: buf,
+	}
+}
+
+// Encode encodes an Encodable to an io.Writer.
+func Encode(w io.Writer, e Encodable) error {
+	wr := NewWriter(w)
+	err := e.EncodeMsg(wr)
+	if err == nil {
+		err = wr.Flush()
+	}
+	freeW(wr)
+	return err
+}
+
+func (mw *Writer) flush() error {
+	if mw.wloc == 0 {
+		return nil
+	}
+	n, err := mw.w.Write(mw.buf[:mw.wloc])
+	if err != nil {
+		if n > 0 {
+			mw.wloc = copy(mw.buf, mw.buf[n:mw.wloc])
+		}
+		return err
+	}
+	mw.wloc = 0
+	return nil
+}
+
+// Flush flushes all of the buffered
+// data to the underlying writer.
+func (mw *Writer) Flush() error { return mw.flush() }
+
+// Buffered returns the number bytes in the write buffer
+func (mw *Writer) Buffered() int { return len(mw.buf) - mw.wloc }
+
+func (mw *Writer) avail() int { return len(mw.buf) - mw.wloc }
+
+func (mw *Writer) bufsize() int { return len(mw.buf) }
+
+// NOTE: this should only be called with
+// a number that is guaranteed to be less than
+// len(mw.buf). typically, it is called with a constant.
+//
+// NOTE: this is a hot code path
+func (mw *Writer) require(n int) (int, error) {
+	c := len(mw.buf)
+	wl := mw.wloc
+	if c-wl < n {
+		if err := mw.flush(); err != nil {
+			return 0, err
+		}
+		wl = mw.wloc
+	}
+	mw.wloc += n
+	return wl, nil
+}
+
+func (mw *Writer) Append(b ...byte) error {
+	if mw.avail() < len(b) {
+		err := mw.flush()
+		if err != nil {
+			return err
+		}
+	}
+	mw.wloc += copy(mw.buf[mw.wloc:], b)
+	return nil
+}
+
+// push one byte onto the buffer
+//
+// NOTE: this is a hot code path
+func (mw *Writer) push(b byte) error {
+	if mw.wloc == len(mw.buf) {
+		if err := mw.flush(); err != nil {
+			return err
+		}
+	}
+	mw.buf[mw.wloc] = b
+	mw.wloc++
+	return nil
+}
+
+func (mw *Writer) prefix8(b byte, u uint8) error {
+	const need = 2
+	if len(mw.buf)-mw.wloc < need {
+		if err := mw.flush(); err != nil {
+			return err
+		}
+	}
+	prefixu8(mw.buf[mw.wloc:], b, u)
+	mw.wloc += need
+	return nil
+}
+
+func (mw *Writer) prefix16(b byte, u uint16) error {
+	const need = 3
+	if len(mw.buf)-mw.wloc < need {
+		if err := mw.flush(); err != nil {
+			return err
+		}
+	}
+	prefixu16(mw.buf[mw.wloc:], b, u)
+	mw.wloc += need
+	return nil
+}
+
+func (mw *Writer) prefix32(b byte, u uint32) error {
+	const need = 5
+	if len(mw.buf)-mw.wloc < need {
+		if err := mw.flush(); err != nil {
+			return err
+		}
+	}
+	prefixu32(mw.buf[mw.wloc:], b, u)
+	mw.wloc += need
+	return nil
+}
+
+func (mw *Writer) prefix64(b byte, u uint64) error {
+	const need = 9
+	if len(mw.buf)-mw.wloc < need {
+		if err := mw.flush(); err != nil {
+			return err
+		}
+	}
+	prefixu64(mw.buf[mw.wloc:], b, u)
+	mw.wloc += need
+	return nil
+}
+
+// Write implements io.Writer, and writes
+// data directly to the buffer.
+func (mw *Writer) Write(p []byte) (int, error) {
+	l := len(p)
+	if mw.avail() < l {
+		if err := mw.flush(); err != nil {
+			return 0, err
+		}
+		if l > len(mw.buf) {
+			return mw.w.Write(p)
+		}
+	}
+	mw.wloc += copy(mw.buf[mw.wloc:], p)
+	return l, nil
+}
+
+// implements io.WriteString
+func (mw *Writer) writeString(s string) error {
+	l := len(s)
+	if mw.avail() < l {
+		if err := mw.flush(); err != nil {
+			return err
+		}
+		if l > len(mw.buf) {
+			_, err := io.WriteString(mw.w, s)
+			return err
+		}
+	}
+	mw.wloc += copy(mw.buf[mw.wloc:], s)
+	return nil
+}
+
+// Reset changes the underlying writer used by the Writer
+func (mw *Writer) Reset(w io.Writer) {
+	mw.buf = mw.buf[:cap(mw.buf)]
+	mw.w = w
+	mw.wloc = 0
+}
+
+// WriteMapHeader writes a map header of the given
+// size to the writer
+func (mw *Writer) WriteMapHeader(sz uint32) error {
+	switch {
+	case sz <= 15:
+		return mw.push(wfixmap(uint8(sz)))
+	case sz <= math.MaxUint16:
+		return mw.prefix16(mmap16, uint16(sz))
+	default:
+		return mw.prefix32(mmap32, sz)
+	}
+}
+
+// WriteArrayHeader writes an array header of the
+// given size to the writer
+func (mw *Writer) WriteArrayHeader(sz uint32) error {
+	switch {
+	case sz <= 15:
+		return mw.push(wfixarray(uint8(sz)))
+	case sz <= math.MaxUint16:
+		return mw.prefix16(marray16, uint16(sz))
+	default:
+		return mw.prefix32(marray32, sz)
+	}
+}
+
+// WriteNil writes a nil byte to the buffer
+func (mw *Writer) WriteNil() error {
+	return mw.push(mnil)
+}
+
+// WriteFloat64 writes a float64 to the writer
+func (mw *Writer) WriteFloat64(f float64) error {
+	return mw.prefix64(mfloat64, math.Float64bits(f))
+}
+
+// WriteFloat32 writes a float32 to the writer
+func (mw *Writer) WriteFloat32(f float32) error {
+	return mw.prefix32(mfloat32, math.Float32bits(f))
+}
+
+// WriteDuration writes a time.Duration to the writer
+func (mw *Writer) WriteDuration(d time.Duration) error {
+	return mw.WriteInt64(int64(d))
+}
+
+// WriteInt64 writes an int64 to the writer
+func (mw *Writer) WriteInt64(i int64) error {
+	if i >= 0 {
+		switch {
+		case i <= math.MaxInt8:
+			return mw.push(wfixint(uint8(i)))
+		case i <= math.MaxInt16:
+			return mw.prefix16(mint16, uint16(i))
+		case i <= math.MaxInt32:
+			return mw.prefix32(mint32, uint32(i))
+		default:
+			return mw.prefix64(mint64, uint64(i))
+		}
+	}
+	switch {
+	case i >= -32:
+		return mw.push(wnfixint(int8(i)))
+	case i >= math.MinInt8:
+		return mw.prefix8(mint8, uint8(i))
+	case i >= math.MinInt16:
+		return mw.prefix16(mint16, uint16(i))
+	case i >= math.MinInt32:
+		return mw.prefix32(mint32, uint32(i))
+	default:
+		return mw.prefix64(mint64, uint64(i))
+	}
+}
+
+// WriteInt8 writes an int8 to the writer
+func (mw *Writer) WriteInt8(i int8) error { return mw.WriteInt64(int64(i)) }
+
+// WriteInt16 writes an int16 to the writer
+func (mw *Writer) WriteInt16(i int16) error { return mw.WriteInt64(int64(i)) }
+
+// WriteInt32 writes an int32 to the writer
+func (mw *Writer) WriteInt32(i int32) error { return mw.WriteInt64(int64(i)) }
+
+// WriteInt writes an int to the writer
+func (mw *Writer) WriteInt(i int) error { return mw.WriteInt64(int64(i)) }
+
+// WriteUint64 writes a uint64 to the writer
+func (mw *Writer) WriteUint64(u uint64) error {
+	switch {
+	case u <= (1<<7)-1:
+		return mw.push(wfixint(uint8(u)))
+	case u <= math.MaxUint8:
+		return mw.prefix8(muint8, uint8(u))
+	case u <= math.MaxUint16:
+		return mw.prefix16(muint16, uint16(u))
+	case u <= math.MaxUint32:
+		return mw.prefix32(muint32, uint32(u))
+	default:
+		return mw.prefix64(muint64, u)
+	}
+}
+
+// WriteByte is analogous to WriteUint8
+func (mw *Writer) WriteByte(u byte) error { return mw.WriteUint8(uint8(u)) }
+
+// WriteUint8 writes a uint8 to the writer
+func (mw *Writer) WriteUint8(u uint8) error { return mw.WriteUint64(uint64(u)) }
+
+// WriteUint16 writes a uint16 to the writer
+func (mw *Writer) WriteUint16(u uint16) error { return mw.WriteUint64(uint64(u)) }
+
+// WriteUint32 writes a uint32 to the writer
+func (mw *Writer) WriteUint32(u uint32) error { return mw.WriteUint64(uint64(u)) }
+
+// WriteUint writes a uint to the writer
+func (mw *Writer) WriteUint(u uint) error { return mw.WriteUint64(uint64(u)) }
+
+// WriteBytes writes binary as 'bin' to the writer
+func (mw *Writer) WriteBytes(b []byte) error {
+	sz := uint32(len(b))
+	var err error
+	switch {
+	case sz <= math.MaxUint8:
+		err = mw.prefix8(mbin8, uint8(sz))
+	case sz <= math.MaxUint16:
+		err = mw.prefix16(mbin16, uint16(sz))
+	default:
+		err = mw.prefix32(mbin32, sz)
+	}
+	if err != nil {
+		return err
+	}
+	_, err = mw.Write(b)
+	return err
+}
+
+// WriteBytesHeader writes just the size header
+// of a MessagePack 'bin' object. The user is responsible
+// for then writing 'sz' more bytes into the stream.
+func (mw *Writer) WriteBytesHeader(sz uint32) error {
+	switch {
+	case sz <= math.MaxUint8:
+		return mw.prefix8(mbin8, uint8(sz))
+	case sz <= math.MaxUint16:
+		return mw.prefix16(mbin16, uint16(sz))
+	default:
+		return mw.prefix32(mbin32, sz)
+	}
+}
+
+// WriteBool writes a bool to the writer
+func (mw *Writer) WriteBool(b bool) error {
+	if b {
+		return mw.push(mtrue)
+	}
+	return mw.push(mfalse)
+}
+
+// WriteString writes a messagepack string to the writer.
+// (This is NOT an implementation of io.StringWriter)
+func (mw *Writer) WriteString(s string) error {
+	sz := uint32(len(s))
+	var err error
+	switch {
+	case sz <= 31:
+		err = mw.push(wfixstr(uint8(sz)))
+	case sz <= math.MaxUint8:
+		err = mw.prefix8(mstr8, uint8(sz))
+	case sz <= math.MaxUint16:
+		err = mw.prefix16(mstr16, uint16(sz))
+	default:
+		err = mw.prefix32(mstr32, sz)
+	}
+	if err != nil {
+		return err
+	}
+	return mw.writeString(s)
+}
+
+// WriteStringHeader writes just the string size
+// header of a MessagePack 'str' object. The user
+// is responsible for writing 'sz' more valid UTF-8
+// bytes to the stream.
+func (mw *Writer) WriteStringHeader(sz uint32) error {
+	switch {
+	case sz <= 31:
+		return mw.push(wfixstr(uint8(sz)))
+	case sz <= math.MaxUint8:
+		return mw.prefix8(mstr8, uint8(sz))
+	case sz <= math.MaxUint16:
+		return mw.prefix16(mstr16, uint16(sz))
+	default:
+		return mw.prefix32(mstr32, sz)
+	}
+}
+
+// WriteStringFromBytes writes a 'str' object
+// from a []byte.
+func (mw *Writer) WriteStringFromBytes(str []byte) error {
+	sz := uint32(len(str))
+	var err error
+	switch {
+	case sz <= 31:
+		err = mw.push(wfixstr(uint8(sz)))
+	case sz <= math.MaxUint8:
+		err = mw.prefix8(mstr8, uint8(sz))
+	case sz <= math.MaxUint16:
+		err = mw.prefix16(mstr16, uint16(sz))
+	default:
+		err = mw.prefix32(mstr32, sz)
+	}
+	if err != nil {
+		return err
+	}
+	_, err = mw.Write(str)
+	return err
+}
+
+// WriteComplex64 writes a complex64 to the writer
+func (mw *Writer) WriteComplex64(f complex64) error {
+	o, err := mw.require(10)
+	if err != nil {
+		return err
+	}
+	mw.buf[o] = mfixext8
+	mw.buf[o+1] = Complex64Extension
+	big.PutUint32(mw.buf[o+2:], math.Float32bits(real(f)))
+	big.PutUint32(mw.buf[o+6:], math.Float32bits(imag(f)))
+	return nil
+}
+
+// WriteComplex128 writes a complex128 to the writer
+func (mw *Writer) WriteComplex128(f complex128) error {
+	o, err := mw.require(18)
+	if err != nil {
+		return err
+	}
+	mw.buf[o] = mfixext16
+	mw.buf[o+1] = Complex128Extension
+	big.PutUint64(mw.buf[o+2:], math.Float64bits(real(f)))
+	big.PutUint64(mw.buf[o+10:], math.Float64bits(imag(f)))
+	return nil
+}
+
+// WriteMapStrStr writes a map[string]string to the writer
+func (mw *Writer) WriteMapStrStr(mp map[string]string) (err error) {
+	err = mw.WriteMapHeader(uint32(len(mp)))
+	if err != nil {
+		return
+	}
+	for key, val := range mp {
+		err = mw.WriteString(key)
+		if err != nil {
+			return
+		}
+		err = mw.WriteString(val)
+		if err != nil {
+			return
+		}
+	}
+	return nil
+}
+
+// WriteMapStrIntf writes a map[string]interface to the writer
+func (mw *Writer) WriteMapStrIntf(mp map[string]interface{}) (err error) {
+	err = mw.WriteMapHeader(uint32(len(mp)))
+	if err != nil {
+		return
+	}
+	for key, val := range mp {
+		err = mw.WriteString(key)
+		if err != nil {
+			return
+		}
+		err = mw.WriteIntf(val)
+		if err != nil {
+			return
+		}
+	}
+	return
+}
+
+// WriteTime writes a time.Time object to the wire.
+//
+// Time is encoded as Unix time, which means that
+// location (time zone) data is removed from the object.
+// The encoded object itself is 12 bytes: 8 bytes for
+// a big-endian 64-bit integer denoting seconds
+// elapsed since "zero" Unix time, followed by 4 bytes
+// for a big-endian 32-bit signed integer denoting
+// the nanosecond offset of the time. This encoding
+// is intended to ease portability across languages.
+// (Note that this is *not* the standard time.Time
+// binary encoding, because its implementation relies
+// heavily on the internal representation used by the
+// time package.)
+func (mw *Writer) WriteTime(t time.Time) error {
+	t = t.UTC()
+	o, err := mw.require(15)
+	if err != nil {
+		return err
+	}
+	mw.buf[o] = mext8
+	mw.buf[o+1] = 12
+	mw.buf[o+2] = TimeExtension
+	putUnix(mw.buf[o+3:], t.Unix(), int32(t.Nanosecond()))
+	return nil
+}
+
+// WriteIntf writes the concrete type of 'v'.
+// WriteIntf will error if 'v' is not one of the following:
+//   - A bool, float, string, []byte, int, uint, or complex
+//   - A map of supported types (with string keys)
+//   - An array or slice of supported types
+//   - A pointer to a supported type
+//   - A type that satisfies the msgp.Encodable interface
+//   - A type that satisfies the msgp.Extension interface
+func (mw *Writer) WriteIntf(v interface{}) error {
+	if v == nil {
+		return mw.WriteNil()
+	}
+	switch v := v.(type) {
+
+	// preferred interfaces
+
+	case Encodable:
+		return v.EncodeMsg(mw)
+	case Extension:
+		return mw.WriteExtension(v)
+
+	// concrete types
+
+	case bool:
+		return mw.WriteBool(v)
+	case float32:
+		return mw.WriteFloat32(v)
+	case float64:
+		return mw.WriteFloat64(v)
+	case complex64:
+		return mw.WriteComplex64(v)
+	case complex128:
+		return mw.WriteComplex128(v)
+	case uint8:
+		return mw.WriteUint8(v)
+	case uint16:
+		return mw.WriteUint16(v)
+	case uint32:
+		return mw.WriteUint32(v)
+	case uint64:
+		return mw.WriteUint64(v)
+	case uint:
+		return mw.WriteUint(v)
+	case int8:
+		return mw.WriteInt8(v)
+	case int16:
+		return mw.WriteInt16(v)
+	case int32:
+		return mw.WriteInt32(v)
+	case int64:
+		return mw.WriteInt64(v)
+	case int:
+		return mw.WriteInt(v)
+	case string:
+		return mw.WriteString(v)
+	case []byte:
+		return mw.WriteBytes(v)
+	case map[string]string:
+		return mw.WriteMapStrStr(v)
+	case map[string]interface{}:
+		return mw.WriteMapStrIntf(v)
+	case time.Time:
+		return mw.WriteTime(v)
+	case time.Duration:
+		return mw.WriteDuration(v)
+	}
+
+	val := reflect.ValueOf(v)
+	if !isSupported(val.Kind()) || !val.IsValid() {
+		return errors.New("msgp: type " + val.String() + " not supported")
+	}
+
+	switch val.Kind() {
+	case reflect.Ptr:
+		if val.IsNil() {
+			return mw.WriteNil()
+		}
+		return mw.WriteIntf(val.Elem().Interface())
+	case reflect.Slice:
+		return mw.writeSlice(val)
+	case reflect.Map:
+		return mw.writeMap(val)
+	}
+	return &ErrUnsupportedType{T: val.Type()}
+}
+
+func (mw *Writer) writeMap(v reflect.Value) (err error) {
+	if v.Type().Key().Kind() != reflect.String {
+		return errors.New("msgp: map keys must be strings")
+	}
+	ks := v.MapKeys()
+	err = mw.WriteMapHeader(uint32(len(ks)))
+	if err != nil {
+		return
+	}
+	for _, key := range ks {
+		val := v.MapIndex(key)
+		err = mw.WriteString(key.String())
+		if err != nil {
+			return
+		}
+		err = mw.WriteIntf(val.Interface())
+		if err != nil {
+			return
+		}
+	}
+	return
+}
+
+func (mw *Writer) writeSlice(v reflect.Value) (err error) {
+	// is []byte
+	if v.Type().ConvertibleTo(btsType) {
+		return mw.WriteBytes(v.Bytes())
+	}
+
+	sz := uint32(v.Len())
+	err = mw.WriteArrayHeader(sz)
+	if err != nil {
+		return
+	}
+	for i := uint32(0); i < sz; i++ {
+		err = mw.WriteIntf(v.Index(int(i)).Interface())
+		if err != nil {
+			return
+		}
+	}
+	return
+}
+
+// is the reflect.Kind encodable?
+func isSupported(k reflect.Kind) bool {
+	switch k {
+	case reflect.Func, reflect.Chan, reflect.Invalid, reflect.UnsafePointer:
+		return false
+	default:
+		return true
+	}
+}
+
+// GuessSize guesses the size of the underlying
+// value of 'i'. If the underlying value is not
+// a simple builtin (or []byte), GuessSize defaults
+// to 512.
+func GuessSize(i interface{}) int {
+	if i == nil {
+		return NilSize
+	}
+
+	switch i := i.(type) {
+	case Sizer:
+		return i.Msgsize()
+	case Extension:
+		return ExtensionPrefixSize + i.Len()
+	case float64:
+		return Float64Size
+	case float32:
+		return Float32Size
+	case uint8, uint16, uint32, uint64, uint:
+		return UintSize
+	case int8, int16, int32, int64, int:
+		return IntSize
+	case []byte:
+		return BytesPrefixSize + len(i)
+	case string:
+		return StringPrefixSize + len(i)
+	case complex64:
+		return Complex64Size
+	case complex128:
+		return Complex128Size
+	case bool:
+		return BoolSize
+	case map[string]interface{}:
+		s := MapHeaderSize
+		for key, val := range i {
+			s += StringPrefixSize + len(key) + GuessSize(val)
+		}
+		return s
+	case map[string]string:
+		s := MapHeaderSize
+		for key, val := range i {
+			s += 2*StringPrefixSize + len(key) + len(val)
+		}
+		return s
+	default:
+		return 512
+	}
+}
diff --git a/vendor/github.com/tinylib/msgp/msgp/write_bytes.go b/vendor/github.com/tinylib/msgp/msgp/write_bytes.go
new file mode 100644
index 000000000..676a6efe1
--- /dev/null
+++ b/vendor/github.com/tinylib/msgp/msgp/write_bytes.go
@@ -0,0 +1,436 @@
+package msgp
+
+import (
+	"math"
+	"reflect"
+	"time"
+)
+
+// ensure 'sz' extra bytes in 'b' btw len(b) and cap(b)
+func ensure(b []byte, sz int) ([]byte, int) {
+	l := len(b)
+	c := cap(b)
+	if c-l < sz {
+		o := make([]byte, (2*c)+sz) // exponential growth
+		n := copy(o, b)
+		return o[:n+sz], n
+	}
+	return b[:l+sz], l
+}
+
+// AppendMapHeader appends a map header with the
+// given size to the slice
+func AppendMapHeader(b []byte, sz uint32) []byte {
+	switch {
+	case sz <= 15:
+		return append(b, wfixmap(uint8(sz)))
+
+	case sz <= math.MaxUint16:
+		o, n := ensure(b, 3)
+		prefixu16(o[n:], mmap16, uint16(sz))
+		return o
+
+	default:
+		o, n := ensure(b, 5)
+		prefixu32(o[n:], mmap32, sz)
+		return o
+	}
+}
+
+// AppendArrayHeader appends an array header with
+// the given size to the slice
+func AppendArrayHeader(b []byte, sz uint32) []byte {
+	switch {
+	case sz <= 15:
+		return append(b, wfixarray(uint8(sz)))
+
+	case sz <= math.MaxUint16:
+		o, n := ensure(b, 3)
+		prefixu16(o[n:], marray16, uint16(sz))
+		return o
+
+	default:
+		o, n := ensure(b, 5)
+		prefixu32(o[n:], marray32, sz)
+		return o
+	}
+}
+
+// AppendNil appends a 'nil' byte to the slice
+func AppendNil(b []byte) []byte { return append(b, mnil) }
+
+// AppendFloat64 appends a float64 to the slice
+func AppendFloat64(b []byte, f float64) []byte {
+	o, n := ensure(b, Float64Size)
+	prefixu64(o[n:], mfloat64, math.Float64bits(f))
+	return o
+}
+
+// AppendFloat32 appends a float32 to the slice
+func AppendFloat32(b []byte, f float32) []byte {
+	o, n := ensure(b, Float32Size)
+	prefixu32(o[n:], mfloat32, math.Float32bits(f))
+	return o
+}
+
+// AppendDuration appends a time.Duration to the slice
+func AppendDuration(b []byte, d time.Duration) []byte {
+	return AppendInt64(b, int64(d))
+}
+
+// AppendInt64 appends an int64 to the slice
+func AppendInt64(b []byte, i int64) []byte {
+	if i >= 0 {
+		switch {
+		case i <= math.MaxInt8:
+			return append(b, wfixint(uint8(i)))
+		case i <= math.MaxInt16:
+			o, n := ensure(b, 3)
+			putMint16(o[n:], int16(i))
+			return o
+		case i <= math.MaxInt32:
+			o, n := ensure(b, 5)
+			putMint32(o[n:], int32(i))
+			return o
+		default:
+			o, n := ensure(b, 9)
+			putMint64(o[n:], i)
+			return o
+		}
+	}
+	switch {
+	case i >= -32:
+		return append(b, wnfixint(int8(i)))
+	case i >= math.MinInt8:
+		o, n := ensure(b, 2)
+		putMint8(o[n:], int8(i))
+		return o
+	case i >= math.MinInt16:
+		o, n := ensure(b, 3)
+		putMint16(o[n:], int16(i))
+		return o
+	case i >= math.MinInt32:
+		o, n := ensure(b, 5)
+		putMint32(o[n:], int32(i))
+		return o
+	default:
+		o, n := ensure(b, 9)
+		putMint64(o[n:], i)
+		return o
+	}
+}
+
+// AppendInt appends an int to the slice
+func AppendInt(b []byte, i int) []byte { return AppendInt64(b, int64(i)) }
+
+// AppendInt8 appends an int8 to the slice
+func AppendInt8(b []byte, i int8) []byte { return AppendInt64(b, int64(i)) }
+
+// AppendInt16 appends an int16 to the slice
+func AppendInt16(b []byte, i int16) []byte { return AppendInt64(b, int64(i)) }
+
+// AppendInt32 appends an int32 to the slice
+func AppendInt32(b []byte, i int32) []byte { return AppendInt64(b, int64(i)) }
+
+// AppendUint64 appends a uint64 to the slice
+func AppendUint64(b []byte, u uint64) []byte {
+	switch {
+	case u <= (1<<7)-1:
+		return append(b, wfixint(uint8(u)))
+
+	case u <= math.MaxUint8:
+		o, n := ensure(b, 2)
+		putMuint8(o[n:], uint8(u))
+		return o
+
+	case u <= math.MaxUint16:
+		o, n := ensure(b, 3)
+		putMuint16(o[n:], uint16(u))
+		return o
+
+	case u <= math.MaxUint32:
+		o, n := ensure(b, 5)
+		putMuint32(o[n:], uint32(u))
+		return o
+
+	default:
+		o, n := ensure(b, 9)
+		putMuint64(o[n:], u)
+		return o
+
+	}
+}
+
+// AppendUint appends a uint to the slice
+func AppendUint(b []byte, u uint) []byte { return AppendUint64(b, uint64(u)) }
+
+// AppendUint8 appends a uint8 to the slice
+func AppendUint8(b []byte, u uint8) []byte { return AppendUint64(b, uint64(u)) }
+
+// AppendByte is analogous to AppendUint8
+func AppendByte(b []byte, u byte) []byte { return AppendUint8(b, uint8(u)) }
+
+// AppendUint16 appends a uint16 to the slice
+func AppendUint16(b []byte, u uint16) []byte { return AppendUint64(b, uint64(u)) }
+
+// AppendUint32 appends a uint32 to the slice
+func AppendUint32(b []byte, u uint32) []byte { return AppendUint64(b, uint64(u)) }
+
+// AppendBytes appends bytes to the slice as MessagePack 'bin' data
+func AppendBytes(b []byte, bts []byte) []byte {
+	sz := len(bts)
+	var o []byte
+	var n int
+	switch {
+	case sz <= math.MaxUint8:
+		o, n = ensure(b, 2+sz)
+		prefixu8(o[n:], mbin8, uint8(sz))
+		n += 2
+	case sz <= math.MaxUint16:
+		o, n = ensure(b, 3+sz)
+		prefixu16(o[n:], mbin16, uint16(sz))
+		n += 3
+	default:
+		o, n = ensure(b, 5+sz)
+		prefixu32(o[n:], mbin32, uint32(sz))
+		n += 5
+	}
+	return o[:n+copy(o[n:], bts)]
+}
+
+// AppendBytesHeader appends an 'bin' header with
+// the given size to the slice.
+func AppendBytesHeader(b []byte, sz uint32) []byte {
+	var o []byte
+	var n int
+	switch {
+	case sz <= math.MaxUint8:
+		o, n = ensure(b, 2)
+		prefixu8(o[n:], mbin8, uint8(sz))
+		return o
+	case sz <= math.MaxUint16:
+		o, n = ensure(b, 3)
+		prefixu16(o[n:], mbin16, uint16(sz))
+		return o
+	}
+	o, n = ensure(b, 5)
+	prefixu32(o[n:], mbin32, sz)
+	return o
+}
+
+// AppendBool appends a bool to the slice
+func AppendBool(b []byte, t bool) []byte {
+	if t {
+		return append(b, mtrue)
+	}
+	return append(b, mfalse)
+}
+
+// AppendString appends a string as a MessagePack 'str' to the slice
+func AppendString(b []byte, s string) []byte {
+	sz := len(s)
+	var n int
+	var o []byte
+	switch {
+	case sz <= 31:
+		o, n = ensure(b, 1+sz)
+		o[n] = wfixstr(uint8(sz))
+		n++
+	case sz <= math.MaxUint8:
+		o, n = ensure(b, 2+sz)
+		prefixu8(o[n:], mstr8, uint8(sz))
+		n += 2
+	case sz <= math.MaxUint16:
+		o, n = ensure(b, 3+sz)
+		prefixu16(o[n:], mstr16, uint16(sz))
+		n += 3
+	default:
+		o, n = ensure(b, 5+sz)
+		prefixu32(o[n:], mstr32, uint32(sz))
+		n += 5
+	}
+	return o[:n+copy(o[n:], s)]
+}
+
+// AppendStringFromBytes appends a []byte
+// as a MessagePack 'str' to the slice 'b.'
+func AppendStringFromBytes(b []byte, str []byte) []byte {
+	sz := len(str)
+	var n int
+	var o []byte
+	switch {
+	case sz <= 31:
+		o, n = ensure(b, 1+sz)
+		o[n] = wfixstr(uint8(sz))
+		n++
+	case sz <= math.MaxUint8:
+		o, n = ensure(b, 2+sz)
+		prefixu8(o[n:], mstr8, uint8(sz))
+		n += 2
+	case sz <= math.MaxUint16:
+		o, n = ensure(b, 3+sz)
+		prefixu16(o[n:], mstr16, uint16(sz))
+		n += 3
+	default:
+		o, n = ensure(b, 5+sz)
+		prefixu32(o[n:], mstr32, uint32(sz))
+		n += 5
+	}
+	return o[:n+copy(o[n:], str)]
+}
+
+// AppendComplex64 appends a complex64 to the slice as a MessagePack extension
+func AppendComplex64(b []byte, c complex64) []byte {
+	o, n := ensure(b, Complex64Size)
+	o[n] = mfixext8
+	o[n+1] = Complex64Extension
+	big.PutUint32(o[n+2:], math.Float32bits(real(c)))
+	big.PutUint32(o[n+6:], math.Float32bits(imag(c)))
+	return o
+}
+
+// AppendComplex128 appends a complex128 to the slice as a MessagePack extension
+func AppendComplex128(b []byte, c complex128) []byte {
+	o, n := ensure(b, Complex128Size)
+	o[n] = mfixext16
+	o[n+1] = Complex128Extension
+	big.PutUint64(o[n+2:], math.Float64bits(real(c)))
+	big.PutUint64(o[n+10:], math.Float64bits(imag(c)))
+	return o
+}
+
+// AppendTime appends a time.Time to the slice as a MessagePack extension
+func AppendTime(b []byte, t time.Time) []byte {
+	o, n := ensure(b, TimeSize)
+	t = t.UTC()
+	o[n] = mext8
+	o[n+1] = 12
+	o[n+2] = TimeExtension
+	putUnix(o[n+3:], t.Unix(), int32(t.Nanosecond()))
+	return o
+}
+
+// AppendMapStrStr appends a map[string]string to the slice
+// as a MessagePack map with 'str'-type keys and values
+func AppendMapStrStr(b []byte, m map[string]string) []byte {
+	sz := uint32(len(m))
+	b = AppendMapHeader(b, sz)
+	for key, val := range m {
+		b = AppendString(b, key)
+		b = AppendString(b, val)
+	}
+	return b
+}
+
+// AppendMapStrIntf appends a map[string]interface{} to the slice
+// as a MessagePack map with 'str'-type keys.
+func AppendMapStrIntf(b []byte, m map[string]interface{}) ([]byte, error) {
+	sz := uint32(len(m))
+	b = AppendMapHeader(b, sz)
+	var err error
+	for key, val := range m {
+		b = AppendString(b, key)
+		b, err = AppendIntf(b, val)
+		if err != nil {
+			return b, err
+		}
+	}
+	return b, nil
+}
+
+// AppendIntf appends the concrete type of 'i' to the
+// provided []byte. 'i' must be one of the following:
+//   - 'nil'
+//   - A bool, float, string, []byte, int, uint, or complex
+//   - A map[string]interface{} or map[string]string
+//   - A []T, where T is another supported type
+//   - A *T, where T is another supported type
+//   - A type that satisfieds the msgp.Marshaler interface
+//   - A type that satisfies the msgp.Extension interface
+func AppendIntf(b []byte, i interface{}) ([]byte, error) {
+	if i == nil {
+		return AppendNil(b), nil
+	}
+
+	// all the concrete types
+	// for which we have methods
+	switch i := i.(type) {
+	case Marshaler:
+		return i.MarshalMsg(b)
+	case Extension:
+		return AppendExtension(b, i)
+	case bool:
+		return AppendBool(b, i), nil
+	case float32:
+		return AppendFloat32(b, i), nil
+	case float64:
+		return AppendFloat64(b, i), nil
+	case complex64:
+		return AppendComplex64(b, i), nil
+	case complex128:
+		return AppendComplex128(b, i), nil
+	case string:
+		return AppendString(b, i), nil
+	case []byte:
+		return AppendBytes(b, i), nil
+	case int8:
+		return AppendInt8(b, i), nil
+	case int16:
+		return AppendInt16(b, i), nil
+	case int32:
+		return AppendInt32(b, i), nil
+	case int64:
+		return AppendInt64(b, i), nil
+	case int:
+		return AppendInt64(b, int64(i)), nil
+	case uint:
+		return AppendUint64(b, uint64(i)), nil
+	case uint8:
+		return AppendUint8(b, i), nil
+	case uint16:
+		return AppendUint16(b, i), nil
+	case uint32:
+		return AppendUint32(b, i), nil
+	case uint64:
+		return AppendUint64(b, i), nil
+	case time.Time:
+		return AppendTime(b, i), nil
+	case map[string]interface{}:
+		return AppendMapStrIntf(b, i)
+	case map[string]string:
+		return AppendMapStrStr(b, i), nil
+	case []interface{}:
+		b = AppendArrayHeader(b, uint32(len(i)))
+		var err error
+		for _, k := range i {
+			b, err = AppendIntf(b, k)
+			if err != nil {
+				return b, err
+			}
+		}
+		return b, nil
+	}
+
+	var err error
+	v := reflect.ValueOf(i)
+	switch v.Kind() {
+	case reflect.Array, reflect.Slice:
+		l := v.Len()
+		b = AppendArrayHeader(b, uint32(l))
+		for i := 0; i < l; i++ {
+			b, err = AppendIntf(b, v.Index(i).Interface())
+			if err != nil {
+				return b, err
+			}
+		}
+		return b, nil
+	case reflect.Ptr:
+		if v.IsNil() {
+			return AppendNil(b), err
+		}
+		b, err = AppendIntf(b, v.Elem().Interface())
+		return b, err
+	default:
+		return b, &ErrUnsupportedType{T: v.Type()}
+	}
+}
diff --git a/vendor/github.com/tjfoc/gmsm/sm3/ifile b/vendor/github.com/tjfoc/gmsm/sm3/ifile
new file mode 100644
index 000000000..30d74d258
--- /dev/null
+++ b/vendor/github.com/tjfoc/gmsm/sm3/ifile
@@ -0,0 +1 @@
+test
\ No newline at end of file
diff --git a/vendor/github.com/tjfoc/gmsm/sm3/sm3.go b/vendor/github.com/tjfoc/gmsm/sm3/sm3.go
index 1a610b993..7c6094cda 100644
--- a/vendor/github.com/tjfoc/gmsm/sm3/sm3.go
+++ b/vendor/github.com/tjfoc/gmsm/sm3/sm3.go
@@ -38,7 +38,7 @@ func (sm3 *SM3) p0(x uint32) uint32 { return x ^ sm3.leftRotate(x, 9) ^ sm3.left
 
 func (sm3 *SM3) p1(x uint32) uint32 { return x ^ sm3.leftRotate(x, 15) ^ sm3.leftRotate(x, 23) }
 
-func (sm3 *SM3) leftRotate(x uint32, i uint32) uint32 { return (x<<(i%32) | x>>(32-i%32)) }
+func (sm3 *SM3) leftRotate(x uint32, i uint32) uint32 { return x<<(i%32) | x>>(32-i%32) }
 
 func (sm3 *SM3) pad() []byte {
 	msg := sm3.unhandleMsg
@@ -63,7 +63,7 @@ func (sm3 *SM3) pad() []byte {
 	return msg
 }
 
-func (sm3 *SM3) update(msg []byte, nblocks int) {
+func (sm3 *SM3) update(msg []byte) {
 	var w [68]uint32
 	var w1 [64]uint32
 
@@ -119,7 +119,7 @@ func (sm3 *SM3) update(msg []byte, nblocks int) {
 	}
 	sm3.digest[0], sm3.digest[1], sm3.digest[2], sm3.digest[3], sm3.digest[4], sm3.digest[5], sm3.digest[6], sm3.digest[7] = a, b, c, d, e, f, g, h
 }
-func (sm3 *SM3) update2(msg []byte, nblocks int)([8]uint32){
+func (sm3 *SM3) update2(msg []byte,) [8]uint32 {
 	var w [68]uint32
 	var w1 [64]uint32
 
@@ -175,8 +175,10 @@ func (sm3 *SM3) update2(msg []byte, nblocks int)([8]uint32){
 	}
 	var digest [8]uint32
 	digest[0], digest[1], digest[2], digest[3], digest[4], digest[5], digest[6], digest[7] = a, b, c, d, e, f, g, h
-   return digest
+	return digest
 }
+
+// 创建哈希计算实例
 func New() hash.Hash {
 	var sm3 SM3
 
@@ -184,14 +186,12 @@ func New() hash.Hash {
 	return &sm3
 }
 
-// BlockSize, required by the hash.Hash interface.
 // BlockSize returns the hash's underlying block size.
 // The Write method must be able to accept any amount
 // of data, but it may operate more efficiently if all writes
 // are a multiple of the block size.
 func (sm3 *SM3) BlockSize() int { return 64 }
 
-// Size, required by the hash.Hash interface.
 // Size returns the number of bytes Sum will return.
 func (sm3 *SM3) Size() int { return 32 }
 
@@ -212,7 +212,6 @@ func (sm3 *SM3) Reset() {
 	sm3.unhandleMsg = []byte{}
 }
 
-// Write, required by the hash.Hash interface.
 // Write (via the embedded io.Writer interface) adds more data to the running hash.
 // It never returns an error.
 func (sm3 *SM3) Write(p []byte) (int, error) {
@@ -220,21 +219,21 @@ func (sm3 *SM3) Write(p []byte) (int, error) {
 	sm3.length += uint64(len(p) * 8)
 	msg := append(sm3.unhandleMsg, p...)
 	nblocks := len(msg) / sm3.BlockSize()
-	sm3.update(msg, nblocks)
+	sm3.update(msg)
 	// Update unhandleMsg
 	sm3.unhandleMsg = msg[nblocks*sm3.BlockSize():]
 
 	return toWrite, nil
 }
 
-// Sum, required by the hash.Hash interface.
+// 返回SM3哈希算法摘要值
 // Sum appends the current hash to b and returns the resulting slice.
 // It does not change the underlying hash state.
 func (sm3 *SM3) Sum(in []byte) []byte {
-	sm3.Write(in)
+	_, _ = sm3.Write(in)
 	msg := sm3.pad()
-	//Finialize
-	digest:=sm3.update2(msg, len(msg)/sm3.BlockSize())
+	//Finalize
+	digest := sm3.update2(msg)
 
 	// save hash to in
 	needed := sm3.Size()
@@ -255,6 +254,6 @@ func Sm3Sum(data []byte) []byte {
 	var sm3 SM3
 
 	sm3.Reset()
-	sm3.Write(data)
+	_, _ = sm3.Write(data)
 	return sm3.Sum(nil)
 }
diff --git a/vendor/github.com/ulikunitz/xz/.gitignore b/vendor/github.com/ulikunitz/xz/.gitignore
index e3c2fc2f1..eb3d5f517 100644
--- a/vendor/github.com/ulikunitz/xz/.gitignore
+++ b/vendor/github.com/ulikunitz/xz/.gitignore
@@ -23,3 +23,6 @@ cmd/xb/xb
 
 # default compression test file
 enwik8*
+
+# file generated by example
+example.xz
\ No newline at end of file
diff --git a/vendor/github.com/ulikunitz/xz/LICENSE b/vendor/github.com/ulikunitz/xz/LICENSE
index 009b84870..8a7f0877d 100644
--- a/vendor/github.com/ulikunitz/xz/LICENSE
+++ b/vendor/github.com/ulikunitz/xz/LICENSE
@@ -1,4 +1,4 @@
-Copyright (c) 2014-2021  Ulrich Kunitz
+Copyright (c) 2014-2022  Ulrich Kunitz
 All rights reserved.
 
 Redistribution and use in source and binary forms, with or without
diff --git a/vendor/github.com/ulikunitz/xz/README.md b/vendor/github.com/ulikunitz/xz/README.md
index 0a2dc8284..554718521 100644
--- a/vendor/github.com/ulikunitz/xz/README.md
+++ b/vendor/github.com/ulikunitz/xz/README.md
@@ -53,6 +53,10 @@ func main() {
 }
 ```
 
+## Documentation
+
+You can find the full documentation at [pkg.go.dev](https://pkg.go.dev/github.com/ulikunitz/xz).
+
 ## Using the gxz compression tool
 
 The package includes a gxz command line utility for compression and
diff --git a/vendor/github.com/ulikunitz/xz/TODO.md b/vendor/github.com/ulikunitz/xz/TODO.md
index 594e0c7fe..a3d6f1925 100644
--- a/vendor/github.com/ulikunitz/xz/TODO.md
+++ b/vendor/github.com/ulikunitz/xz/TODO.md
@@ -86,11 +86,20 @@
 
 ## Log
 
+### 2022-12-12
+
+Matt Dantay (@bodgit) reported an issue with the LZMA reader. The implementation
+returned an error if the dictionary size was less than 4096 byte, but the
+recommendation stated the actual used window size should be set to 4096 byte in
+that case. It actually was the pull request
+[#52](https://github.com/ulikunitz/xz/pull/52). The new patch v0.5.11 will fix
+it.
+
 ### 2021-02-02
 
 Mituo Heijo has fuzzed xz and found a bug in the function readIndexBody. The
 function allocated a slice of records immediately after reading the value
-without further checks. Since the number has been too large the make function
+without further checks. Sincex the number has been too large the make function
 did panic. The fix is to check the number against the expected number of records
 before allocating the records.
 
diff --git a/vendor/github.com/ulikunitz/xz/bits.go b/vendor/github.com/ulikunitz/xz/bits.go
index e48450c2c..b30f1ec97 100644
--- a/vendor/github.com/ulikunitz/xz/bits.go
+++ b/vendor/github.com/ulikunitz/xz/bits.go
@@ -1,4 +1,4 @@
-// Copyright 2014-2021 Ulrich Kunitz. All rights reserved.
+// Copyright 2014-2022 Ulrich Kunitz. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
diff --git a/vendor/github.com/ulikunitz/xz/crc.go b/vendor/github.com/ulikunitz/xz/crc.go
index a5c57fb61..13a58cb30 100644
--- a/vendor/github.com/ulikunitz/xz/crc.go
+++ b/vendor/github.com/ulikunitz/xz/crc.go
@@ -1,4 +1,4 @@
-// Copyright 2014-2021 Ulrich Kunitz. All rights reserved.
+// Copyright 2014-2022 Ulrich Kunitz. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
diff --git a/vendor/github.com/ulikunitz/xz/format.go b/vendor/github.com/ulikunitz/xz/format.go
index c98c12dfd..597fca2dc 100644
--- a/vendor/github.com/ulikunitz/xz/format.go
+++ b/vendor/github.com/ulikunitz/xz/format.go
@@ -1,4 +1,4 @@
-// Copyright 2014-2021 Ulrich Kunitz. All rights reserved.
+// Copyright 2014-2022 Ulrich Kunitz. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
diff --git a/vendor/github.com/ulikunitz/xz/internal/hash/cyclic_poly.go b/vendor/github.com/ulikunitz/xz/internal/hash/cyclic_poly.go
index f723cf252..dae159db5 100644
--- a/vendor/github.com/ulikunitz/xz/internal/hash/cyclic_poly.go
+++ b/vendor/github.com/ulikunitz/xz/internal/hash/cyclic_poly.go
@@ -1,4 +1,4 @@
-// Copyright 2014-2021 Ulrich Kunitz. All rights reserved.
+// Copyright 2014-2022 Ulrich Kunitz. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
diff --git a/vendor/github.com/ulikunitz/xz/internal/hash/doc.go b/vendor/github.com/ulikunitz/xz/internal/hash/doc.go
index cc60a6b5c..b4cf8b75e 100644
--- a/vendor/github.com/ulikunitz/xz/internal/hash/doc.go
+++ b/vendor/github.com/ulikunitz/xz/internal/hash/doc.go
@@ -1,4 +1,4 @@
-// Copyright 2014-2021 Ulrich Kunitz. All rights reserved.
+// Copyright 2014-2022 Ulrich Kunitz. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
diff --git a/vendor/github.com/ulikunitz/xz/internal/hash/rabin_karp.go b/vendor/github.com/ulikunitz/xz/internal/hash/rabin_karp.go
index c6432913f..5322342ee 100644
--- a/vendor/github.com/ulikunitz/xz/internal/hash/rabin_karp.go
+++ b/vendor/github.com/ulikunitz/xz/internal/hash/rabin_karp.go
@@ -1,4 +1,4 @@
-// Copyright 2014-2021 Ulrich Kunitz. All rights reserved.
+// Copyright 2014-2022 Ulrich Kunitz. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
diff --git a/vendor/github.com/ulikunitz/xz/internal/hash/roller.go b/vendor/github.com/ulikunitz/xz/internal/hash/roller.go
index f1de88b44..a98983356 100644
--- a/vendor/github.com/ulikunitz/xz/internal/hash/roller.go
+++ b/vendor/github.com/ulikunitz/xz/internal/hash/roller.go
@@ -1,4 +1,4 @@
-// Copyright 2014-2021 Ulrich Kunitz. All rights reserved.
+// Copyright 2014-2022 Ulrich Kunitz. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
diff --git a/vendor/github.com/ulikunitz/xz/internal/xlog/xlog.go b/vendor/github.com/ulikunitz/xz/internal/xlog/xlog.go
index 6c20c77ba..f4627ea11 100644
--- a/vendor/github.com/ulikunitz/xz/internal/xlog/xlog.go
+++ b/vendor/github.com/ulikunitz/xz/internal/xlog/xlog.go
@@ -1,4 +1,4 @@
-// Copyright 2014-2021 Ulrich Kunitz. All rights reserved.
+// Copyright 2014-2022 Ulrich Kunitz. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
@@ -31,8 +31,7 @@ import (
 // printed. There is no control over the order of the items printed and
 // the format. The full format is:
 //
-//   2009-01-23 01:23:23.123123 /a/b/c/d.go:23: message
-//
+//	2009-01-23 01:23:23.123123 /a/b/c/d.go:23: message
 const (
 	Ldate         = 1 << iota // the date: 2009-01-23
 	Ltime                     // the time: 01:23:23
diff --git a/vendor/github.com/ulikunitz/xz/lzma/bintree.go b/vendor/github.com/ulikunitz/xz/lzma/bintree.go
index 2a7bd19ec..2b39da6f7 100644
--- a/vendor/github.com/ulikunitz/xz/lzma/bintree.go
+++ b/vendor/github.com/ulikunitz/xz/lzma/bintree.go
@@ -1,4 +1,4 @@
-// Copyright 2014-2021 Ulrich Kunitz. All rights reserved.
+// Copyright 2014-2022 Ulrich Kunitz. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
diff --git a/vendor/github.com/ulikunitz/xz/lzma/bitops.go b/vendor/github.com/ulikunitz/xz/lzma/bitops.go
index d2c07e8c9..201091709 100644
--- a/vendor/github.com/ulikunitz/xz/lzma/bitops.go
+++ b/vendor/github.com/ulikunitz/xz/lzma/bitops.go
@@ -1,4 +1,4 @@
-// Copyright 2014-2021 Ulrich Kunitz. All rights reserved.
+// Copyright 2014-2022 Ulrich Kunitz. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
diff --git a/vendor/github.com/ulikunitz/xz/lzma/breader.go b/vendor/github.com/ulikunitz/xz/lzma/breader.go
index 939be8845..9dfdf28b2 100644
--- a/vendor/github.com/ulikunitz/xz/lzma/breader.go
+++ b/vendor/github.com/ulikunitz/xz/lzma/breader.go
@@ -1,4 +1,4 @@
-// Copyright 2014-2021 Ulrich Kunitz. All rights reserved.
+// Copyright 2014-2022 Ulrich Kunitz. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
diff --git a/vendor/github.com/ulikunitz/xz/lzma/buffer.go b/vendor/github.com/ulikunitz/xz/lzma/buffer.go
index 2761de5f0..af41d5b2d 100644
--- a/vendor/github.com/ulikunitz/xz/lzma/buffer.go
+++ b/vendor/github.com/ulikunitz/xz/lzma/buffer.go
@@ -1,4 +1,4 @@
-// Copyright 2014-2021 Ulrich Kunitz. All rights reserved.
+// Copyright 2014-2022 Ulrich Kunitz. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
diff --git a/vendor/github.com/ulikunitz/xz/lzma/bytewriter.go b/vendor/github.com/ulikunitz/xz/lzma/bytewriter.go
index 040874c1a..f27e31a4a 100644
--- a/vendor/github.com/ulikunitz/xz/lzma/bytewriter.go
+++ b/vendor/github.com/ulikunitz/xz/lzma/bytewriter.go
@@ -1,4 +1,4 @@
-// Copyright 2014-2021 Ulrich Kunitz. All rights reserved.
+// Copyright 2014-2022 Ulrich Kunitz. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
diff --git a/vendor/github.com/ulikunitz/xz/lzma/decoder.go b/vendor/github.com/ulikunitz/xz/lzma/decoder.go
index cbb943a06..3765484e6 100644
--- a/vendor/github.com/ulikunitz/xz/lzma/decoder.go
+++ b/vendor/github.com/ulikunitz/xz/lzma/decoder.go
@@ -1,4 +1,4 @@
-// Copyright 2014-2021 Ulrich Kunitz. All rights reserved.
+// Copyright 2014-2022 Ulrich Kunitz. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
diff --git a/vendor/github.com/ulikunitz/xz/lzma/decoderdict.go b/vendor/github.com/ulikunitz/xz/lzma/decoderdict.go
index 8cd616ef9..d5b814f0a 100644
--- a/vendor/github.com/ulikunitz/xz/lzma/decoderdict.go
+++ b/vendor/github.com/ulikunitz/xz/lzma/decoderdict.go
@@ -1,4 +1,4 @@
-// Copyright 2014-2021 Ulrich Kunitz. All rights reserved.
+// Copyright 2014-2022 Ulrich Kunitz. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
diff --git a/vendor/github.com/ulikunitz/xz/lzma/directcodec.go b/vendor/github.com/ulikunitz/xz/lzma/directcodec.go
index 20b256a9d..76b713106 100644
--- a/vendor/github.com/ulikunitz/xz/lzma/directcodec.go
+++ b/vendor/github.com/ulikunitz/xz/lzma/directcodec.go
@@ -1,4 +1,4 @@
-// Copyright 2014-2021 Ulrich Kunitz. All rights reserved.
+// Copyright 2014-2022 Ulrich Kunitz. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
diff --git a/vendor/github.com/ulikunitz/xz/lzma/distcodec.go b/vendor/github.com/ulikunitz/xz/lzma/distcodec.go
index 60ed9aef1..b447d8ec4 100644
--- a/vendor/github.com/ulikunitz/xz/lzma/distcodec.go
+++ b/vendor/github.com/ulikunitz/xz/lzma/distcodec.go
@@ -1,4 +1,4 @@
-// Copyright 2014-2021 Ulrich Kunitz. All rights reserved.
+// Copyright 2014-2022 Ulrich Kunitz. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
diff --git a/vendor/github.com/ulikunitz/xz/lzma/encoder.go b/vendor/github.com/ulikunitz/xz/lzma/encoder.go
index 5ed057a71..e40938318 100644
--- a/vendor/github.com/ulikunitz/xz/lzma/encoder.go
+++ b/vendor/github.com/ulikunitz/xz/lzma/encoder.go
@@ -1,4 +1,4 @@
-// Copyright 2014-2021 Ulrich Kunitz. All rights reserved.
+// Copyright 2014-2022 Ulrich Kunitz. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
diff --git a/vendor/github.com/ulikunitz/xz/lzma/encoderdict.go b/vendor/github.com/ulikunitz/xz/lzma/encoderdict.go
index 056f89757..4b3916eab 100644
--- a/vendor/github.com/ulikunitz/xz/lzma/encoderdict.go
+++ b/vendor/github.com/ulikunitz/xz/lzma/encoderdict.go
@@ -1,4 +1,4 @@
-// Copyright 2014-2021 Ulrich Kunitz. All rights reserved.
+// Copyright 2014-2022 Ulrich Kunitz. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
diff --git a/vendor/github.com/ulikunitz/xz/lzma/hashtable.go b/vendor/github.com/ulikunitz/xz/lzma/hashtable.go
index 0fb7910bc..f66e9cdd9 100644
--- a/vendor/github.com/ulikunitz/xz/lzma/hashtable.go
+++ b/vendor/github.com/ulikunitz/xz/lzma/hashtable.go
@@ -1,4 +1,4 @@
-// Copyright 2014-2021 Ulrich Kunitz. All rights reserved.
+// Copyright 2014-2022 Ulrich Kunitz. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
diff --git a/vendor/github.com/ulikunitz/xz/lzma/header.go b/vendor/github.com/ulikunitz/xz/lzma/header.go
index 04276c816..1ae7d80ca 100644
--- a/vendor/github.com/ulikunitz/xz/lzma/header.go
+++ b/vendor/github.com/ulikunitz/xz/lzma/header.go
@@ -1,4 +1,4 @@
-// Copyright 2014-2021 Ulrich Kunitz. All rights reserved.
+// Copyright 2014-2022 Ulrich Kunitz. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
diff --git a/vendor/github.com/ulikunitz/xz/lzma/header2.go b/vendor/github.com/ulikunitz/xz/lzma/header2.go
index be54dd85f..081fc840b 100644
--- a/vendor/github.com/ulikunitz/xz/lzma/header2.go
+++ b/vendor/github.com/ulikunitz/xz/lzma/header2.go
@@ -1,4 +1,4 @@
-// Copyright 2014-2021 Ulrich Kunitz. All rights reserved.
+// Copyright 2014-2022 Ulrich Kunitz. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
diff --git a/vendor/github.com/ulikunitz/xz/lzma/lengthcodec.go b/vendor/github.com/ulikunitz/xz/lzma/lengthcodec.go
index 6e0edfc8c..1ea5320a0 100644
--- a/vendor/github.com/ulikunitz/xz/lzma/lengthcodec.go
+++ b/vendor/github.com/ulikunitz/xz/lzma/lengthcodec.go
@@ -1,4 +1,4 @@
-// Copyright 2014-2021 Ulrich Kunitz. All rights reserved.
+// Copyright 2014-2022 Ulrich Kunitz. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
@@ -59,8 +59,7 @@ func (lc *lengthCodec) init() {
 // Encode encodes the length offset. The length offset l can be compute by
 // subtracting minMatchLen (2) from the actual length.
 //
-//   l = length - minMatchLen
-//
+//	l = length - minMatchLen
 func (lc *lengthCodec) Encode(e *rangeEncoder, l uint32, posState uint32,
 ) (err error) {
 	if l > maxMatchLen-minMatchLen {
diff --git a/vendor/github.com/ulikunitz/xz/lzma/literalcodec.go b/vendor/github.com/ulikunitz/xz/lzma/literalcodec.go
index 0bfc763ce..e4ef5fc59 100644
--- a/vendor/github.com/ulikunitz/xz/lzma/literalcodec.go
+++ b/vendor/github.com/ulikunitz/xz/lzma/literalcodec.go
@@ -1,4 +1,4 @@
-// Copyright 2014-2021 Ulrich Kunitz. All rights reserved.
+// Copyright 2014-2022 Ulrich Kunitz. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
diff --git a/vendor/github.com/ulikunitz/xz/lzma/matchalgorithm.go b/vendor/github.com/ulikunitz/xz/lzma/matchalgorithm.go
index 96ebda0fd..02dfb8bf5 100644
--- a/vendor/github.com/ulikunitz/xz/lzma/matchalgorithm.go
+++ b/vendor/github.com/ulikunitz/xz/lzma/matchalgorithm.go
@@ -1,4 +1,4 @@
-// Copyright 2014-2021 Ulrich Kunitz. All rights reserved.
+// Copyright 2014-2022 Ulrich Kunitz. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
diff --git a/vendor/github.com/ulikunitz/xz/lzma/operation.go b/vendor/github.com/ulikunitz/xz/lzma/operation.go
index 026ce48af..7b7eddc3d 100644
--- a/vendor/github.com/ulikunitz/xz/lzma/operation.go
+++ b/vendor/github.com/ulikunitz/xz/lzma/operation.go
@@ -1,4 +1,4 @@
-// Copyright 2014-2021 Ulrich Kunitz. All rights reserved.
+// Copyright 2014-2022 Ulrich Kunitz. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
diff --git a/vendor/github.com/ulikunitz/xz/lzma/prob.go b/vendor/github.com/ulikunitz/xz/lzma/prob.go
index 9a2648e0f..2feccba11 100644
--- a/vendor/github.com/ulikunitz/xz/lzma/prob.go
+++ b/vendor/github.com/ulikunitz/xz/lzma/prob.go
@@ -1,4 +1,4 @@
-// Copyright 2014-2021 Ulrich Kunitz. All rights reserved.
+// Copyright 2014-2022 Ulrich Kunitz. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
diff --git a/vendor/github.com/ulikunitz/xz/lzma/properties.go b/vendor/github.com/ulikunitz/xz/lzma/properties.go
index f229fc9fe..15b754ccb 100644
--- a/vendor/github.com/ulikunitz/xz/lzma/properties.go
+++ b/vendor/github.com/ulikunitz/xz/lzma/properties.go
@@ -1,4 +1,4 @@
-// Copyright 2014-2021 Ulrich Kunitz. All rights reserved.
+// Copyright 2014-2022 Ulrich Kunitz. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
diff --git a/vendor/github.com/ulikunitz/xz/lzma/rangecodec.go b/vendor/github.com/ulikunitz/xz/lzma/rangecodec.go
index 57f1ab904..4b0fee3ff 100644
--- a/vendor/github.com/ulikunitz/xz/lzma/rangecodec.go
+++ b/vendor/github.com/ulikunitz/xz/lzma/rangecodec.go
@@ -1,4 +1,4 @@
-// Copyright 2014-2021 Ulrich Kunitz. All rights reserved.
+// Copyright 2014-2022 Ulrich Kunitz. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
diff --git a/vendor/github.com/ulikunitz/xz/lzma/reader.go b/vendor/github.com/ulikunitz/xz/lzma/reader.go
index 2ed13c886..ae911c389 100644
--- a/vendor/github.com/ulikunitz/xz/lzma/reader.go
+++ b/vendor/github.com/ulikunitz/xz/lzma/reader.go
@@ -1,4 +1,4 @@
-// Copyright 2014-2021 Ulrich Kunitz. All rights reserved.
+// Copyright 2014-2022 Ulrich Kunitz. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
@@ -70,7 +70,7 @@ func (c ReaderConfig) NewReader(lzma io.Reader) (r *Reader, err error) {
 		return nil, err
 	}
 	if r.h.dictCap < MinDictCap {
-		return nil, errors.New("lzma: dictionary capacity too small")
+		r.h.dictCap = MinDictCap
 	}
 	dictCap := r.h.dictCap
 	if c.DictCap > dictCap {
diff --git a/vendor/github.com/ulikunitz/xz/lzma/reader2.go b/vendor/github.com/ulikunitz/xz/lzma/reader2.go
index de3da37ee..f36e26505 100644
--- a/vendor/github.com/ulikunitz/xz/lzma/reader2.go
+++ b/vendor/github.com/ulikunitz/xz/lzma/reader2.go
@@ -1,4 +1,4 @@
-// Copyright 2014-2021 Ulrich Kunitz. All rights reserved.
+// Copyright 2014-2022 Ulrich Kunitz. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
diff --git a/vendor/github.com/ulikunitz/xz/lzma/state.go b/vendor/github.com/ulikunitz/xz/lzma/state.go
index 09d62f7d9..34779c513 100644
--- a/vendor/github.com/ulikunitz/xz/lzma/state.go
+++ b/vendor/github.com/ulikunitz/xz/lzma/state.go
@@ -1,4 +1,4 @@
-// Copyright 2014-2021 Ulrich Kunitz. All rights reserved.
+// Copyright 2014-2022 Ulrich Kunitz. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
diff --git a/vendor/github.com/ulikunitz/xz/lzma/treecodecs.go b/vendor/github.com/ulikunitz/xz/lzma/treecodecs.go
index 6e927e935..36b29b598 100644
--- a/vendor/github.com/ulikunitz/xz/lzma/treecodecs.go
+++ b/vendor/github.com/ulikunitz/xz/lzma/treecodecs.go
@@ -1,4 +1,4 @@
-// Copyright 2014-2021 Ulrich Kunitz. All rights reserved.
+// Copyright 2014-2022 Ulrich Kunitz. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
diff --git a/vendor/github.com/ulikunitz/xz/lzma/writer.go b/vendor/github.com/ulikunitz/xz/lzma/writer.go
index d0d220fe1..e8f89811d 100644
--- a/vendor/github.com/ulikunitz/xz/lzma/writer.go
+++ b/vendor/github.com/ulikunitz/xz/lzma/writer.go
@@ -1,4 +1,4 @@
-// Copyright 2014-2021 Ulrich Kunitz. All rights reserved.
+// Copyright 2014-2022 Ulrich Kunitz. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
diff --git a/vendor/github.com/ulikunitz/xz/lzma/writer2.go b/vendor/github.com/ulikunitz/xz/lzma/writer2.go
index dfaaec95b..97bbafa11 100644
--- a/vendor/github.com/ulikunitz/xz/lzma/writer2.go
+++ b/vendor/github.com/ulikunitz/xz/lzma/writer2.go
@@ -1,4 +1,4 @@
-// Copyright 2014-2021 Ulrich Kunitz. All rights reserved.
+// Copyright 2014-2022 Ulrich Kunitz. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
diff --git a/vendor/github.com/ulikunitz/xz/lzmafilter.go b/vendor/github.com/ulikunitz/xz/lzmafilter.go
index 4f1bb3393..bd5f42ee8 100644
--- a/vendor/github.com/ulikunitz/xz/lzmafilter.go
+++ b/vendor/github.com/ulikunitz/xz/lzmafilter.go
@@ -1,4 +1,4 @@
-// Copyright 2014-2021 Ulrich Kunitz. All rights reserved.
+// Copyright 2014-2022 Ulrich Kunitz. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
diff --git a/vendor/github.com/ulikunitz/xz/none-check.go b/vendor/github.com/ulikunitz/xz/none-check.go
index 95240135d..6a56a2612 100644
--- a/vendor/github.com/ulikunitz/xz/none-check.go
+++ b/vendor/github.com/ulikunitz/xz/none-check.go
@@ -1,4 +1,4 @@
-// Copyright 2014-2021 Ulrich Kunitz. All rights reserved.
+// Copyright 2014-2022 Ulrich Kunitz. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
diff --git a/vendor/github.com/ulikunitz/xz/reader.go b/vendor/github.com/ulikunitz/xz/reader.go
index 7f974ffc5..bde1412cf 100644
--- a/vendor/github.com/ulikunitz/xz/reader.go
+++ b/vendor/github.com/ulikunitz/xz/reader.go
@@ -1,4 +1,4 @@
-// Copyright 2014-2021 Ulrich Kunitz. All rights reserved.
+// Copyright 2014-2022 Ulrich Kunitz. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
diff --git a/vendor/github.com/ulikunitz/xz/writer.go b/vendor/github.com/ulikunitz/xz/writer.go
index 6b3a66620..f693e0aef 100644
--- a/vendor/github.com/ulikunitz/xz/writer.go
+++ b/vendor/github.com/ulikunitz/xz/writer.go
@@ -1,4 +1,4 @@
-// Copyright 2014-2021 Ulrich Kunitz. All rights reserved.
+// Copyright 2014-2022 Ulrich Kunitz. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
diff --git a/vendor/github.com/vbatts/tar-split/archive/tar/reader.go b/vendor/github.com/vbatts/tar-split/archive/tar/reader.go
index fcf321553..af006fc92 100644
--- a/vendor/github.com/vbatts/tar-split/archive/tar/reader.go
+++ b/vendor/github.com/vbatts/tar-split/archive/tar/reader.go
@@ -7,7 +7,6 @@ package tar
 import (
 	"bytes"
 	"io"
-	"io/ioutil"
 	"strconv"
 	"strings"
 	"time"
@@ -140,7 +139,7 @@ func (tr *Reader) next() (*Header, error) {
 			continue // This is a meta header affecting the next header
 		case TypeGNULongName, TypeGNULongLink:
 			format.mayOnlyBe(FormatGNU)
-			realname, err := ioutil.ReadAll(tr)
+			realname, err := io.ReadAll(tr)
 			if err != nil {
 				return nil, err
 			}
@@ -334,7 +333,7 @@ func mergePAX(hdr *Header, paxHdrs map[string]string) (err error) {
 // parsePAX parses PAX headers.
 // If an extended header (type 'x') is invalid, ErrHeader is returned
 func parsePAX(r io.Reader) (map[string]string, error) {
-	buf, err := ioutil.ReadAll(r)
+	buf, err := io.ReadAll(r)
 	if err != nil {
 		return nil, err
 	}
@@ -916,7 +915,7 @@ func discard(tr *Reader, n int64) error {
 		}
 	}
 
-	copySkipped, err = io.CopyN(ioutil.Discard, r, n-seekSkipped)
+	copySkipped, err = io.CopyN(io.Discard, r, n-seekSkipped)
 out:
 	if err == io.EOF && seekSkipped+copySkipped < n {
 		err = io.ErrUnexpectedEOF
diff --git a/vendor/github.com/xanzy/go-gitlab/CONTRIBUTING.md b/vendor/github.com/xanzy/go-gitlab/CONTRIBUTING.md
index ec4ed485d..32bd82274 100644
--- a/vendor/github.com/xanzy/go-gitlab/CONTRIBUTING.md
+++ b/vendor/github.com/xanzy/go-gitlab/CONTRIBUTING.md
@@ -4,8 +4,7 @@ We want to make contributing to this project as easy as possible.
 
 ## Reporting Issues
 
-If you have an issue, please report it on the [issue tracker](
-https://github.com/xanzy/go-gitlab/issues).
+If you have an issue, please report it on the [issue tracker](https://github.com/xanzy/go-gitlab/issues).
 
 When you are up for writing a PR to solve the issue you encountered, it's not
 needed to first open a separate issue. In that case only opening a PR with a
@@ -13,8 +12,8 @@ description of the issue you are trying to solve is just fine.
 
 ## Contributing Code
 
-Pull requests are always welcome. When in doubt if your contribution fits in with
-the rest of the project, free to first open an issue to discuss your idea.
+Pull requests are always welcome. When in doubt if your contribution fits within
+the rest of the project, feel free to first open an issue to discuss your idea.
 
 This is not needed when fixing a bug or adding an enhancement, as long as the
 enhancement you are trying to add can be found in the public GitLab API docs as
@@ -22,8 +21,10 @@ this project only supports what is in the public API docs.
 
 ## Coding style
 
-We try to follow the Go best practices, where it makes sense, and use [`gofumpt`](
-https://github.com/mvdan/gofumpt) to format code in this project.
+We try to follow the Go best practices, where it makes sense, and use
+[`gofumpt`](https://github.com/mvdan/gofumpt) to format code in this project.
+As a general rule of thumb we prefer to keep line width for comments below 80
+chars and for code (where possible and sensible) below 100 chars.
 
 Before making a PR, please look at the rest this package and try to make sure
 your contribution is consistent with the rest of the coding style.
@@ -35,18 +36,18 @@ easier to find things.
 ### Setting up your local development environment to Contribute to `go-gitlab`
 
 1. [Fork](https://github.com/xanzy/go-gitlab/fork), then clone the repository.
-    ```sh
-    git clone https://github.com/<your-username>/go-gitlab.git
-    # or via ssh
-    git clone git@github.com:<your-username>/go-gitlab.git
-    ```
+   ```sh
+   git clone https://github.com/<your-username>/go-gitlab.git
+   # or via ssh
+   git clone git@github.com:<your-username>/go-gitlab.git
+   ```
 1. Install dependencies:
-    ```sh
-    make setup
-    ```
+   ```sh
+   make setup
+   ```
 1. Make your changes on your feature branch
 1. Run the tests and `gofumpt`
-    ```sh
-    make test && make fmt
-    ```
+   ```sh
+   make test && make fmt
+   ```
 1. Open up your pull request
diff --git a/vendor/github.com/xanzy/go-gitlab/README.md b/vendor/github.com/xanzy/go-gitlab/README.md
index 06ddb255d..1652705af 100644
--- a/vendor/github.com/xanzy/go-gitlab/README.md
+++ b/vendor/github.com/xanzy/go-gitlab/README.md
@@ -74,6 +74,7 @@ to add new and/or missing endpoints. Currently, the following services are suppo
 - [x] Project Import/export
 - [x] Project Members
 - [x] Project Milestones
+- [x] Project Repository Storage Moves
 - [x] Project Snippets
 - [x] Project Vulnerabilities
 - [x] Project-Level Variables
diff --git a/vendor/github.com/xanzy/go-gitlab/appearance.go b/vendor/github.com/xanzy/go-gitlab/appearance.go
new file mode 100644
index 000000000..f21893c0e
--- /dev/null
+++ b/vendor/github.com/xanzy/go-gitlab/appearance.go
@@ -0,0 +1,110 @@
+//
+// Copyright 2023, 徐晓伟 <xuxiaowei@xuxiaowei.com.cn>
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+package gitlab
+
+import "net/http"
+
+// AppearanceService handles communication with appearance of the Gitlab API.
+//
+// Gitlab API docs : https://docs.gitlab.com/ee/api/appearance.html
+type AppearanceService struct {
+	client *Client
+}
+
+// Appearance represents a GitLab appearance.
+//
+// Gitlab API docs : https://docs.gitlab.com/ee/api/appearance.html
+type Appearance struct {
+	Title                       string `json:"title"`
+	Description                 string `json:"description"`
+	PWAName                     string `json:"pwa_name"`
+	PWAShortName                string `json:"pwa_short_name"`
+	PWADescription              string `json:"pwa_description"`
+	PWAIcon                     string `json:"pwa_icon"`
+	Logo                        string `json:"logo"`
+	HeaderLogo                  string `json:"header_logo"`
+	Favicon                     string `json:"favicon"`
+	NewProjectGuidelines        string `json:"new_project_guidelines"`
+	ProfileImageGuidelines      string `json:"profile_image_guidelines"`
+	HeaderMessage               string `json:"header_message"`
+	FooterMessage               string `json:"footer_message"`
+	MessageBackgroundColor      string `json:"message_background_color"`
+	MessageFontColor            string `json:"message_font_color"`
+	EmailHeaderAndFooterEnabled bool   `json:"email_header_and_footer_enabled"`
+}
+
+// GetAppearance gets the current appearance configuration of the GitLab instance.
+//
+// Gitlab API docs:
+// https://docs.gitlab.com/ee/api/appearance.html#get-current-appearance-configuration
+func (s *AppearanceService) GetAppearance(options ...RequestOptionFunc) (*Appearance, *Response, error) {
+	req, err := s.client.NewRequest(http.MethodGet, "application/appearance", nil, options)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	as := new(Appearance)
+	resp, err := s.client.Do(req, as)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return as, resp, nil
+}
+
+// ChangeAppearanceOptions represents the available ChangeAppearance() options.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/appearance.html#change-appearance-configuration
+type ChangeAppearanceOptions struct {
+	Title                       *string `url:"title,omitempty" json:"title,omitempty"`
+	Description                 *string `url:"description,omitempty" json:"description,omitempty"`
+	PWAName                     *string `url:"pwa_name,omitempty" json:"pwa_name,omitempty"`
+	PWAShortName                *string `url:"pwa_short_name,omitempty" json:"pwa_short_name,omitempty"`
+	PWADescription              *string `url:"pwa_description,omitempty" json:"pwa_description,omitempty"`
+	PWAIcon                     *string `url:"pwa_icon,omitempty" json:"pwa_icon,omitempty"`
+	Logo                        *string `url:"logo,omitempty" json:"logo,omitempty"`
+	HeaderLogo                  *string `url:"header_logo,omitempty" json:"header_logo,omitempty"`
+	Favicon                     *string `url:"favicon,omitempty" json:"favicon,omitempty"`
+	NewProjectGuidelines        *string `url:"new_project_guidelines,omitempty" json:"new_project_guidelines,omitempty"`
+	ProfileImageGuidelines      *string `url:"profile_image_guidelines,omitempty" json:"profile_image_guidelines,omitempty"`
+	HeaderMessage               *string `url:"header_message,omitempty" json:"header_message,omitempty"`
+	FooterMessage               *string `url:"footer_message,omitempty" json:"footer_message,omitempty"`
+	MessageBackgroundColor      *string `url:"message_background_color,omitempty" json:"message_background_color,omitempty"`
+	MessageFontColor            *string `url:"message_font_color,omitempty" json:"message_font_color,omitempty"`
+	EmailHeaderAndFooterEnabled *bool   `url:"email_header_and_footer_enabled,omitempty" json:"email_header_and_footer_enabled,omitempty"`
+	URL                         *string `url:"url,omitempty" json:"url,omitempty"`
+}
+
+// ChangeAppearance changes the appearance configuration.
+//
+// Gitlab API docs:
+// https://docs.gitlab.com/ee/api/appearance.html#change-appearance-configuration
+func (s *AppearanceService) ChangeAppearance(opt *ChangeAppearanceOptions, options ...RequestOptionFunc) (*Appearance, *Response, error) {
+	req, err := s.client.NewRequest(http.MethodPut, "application/appearance", opt, options)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	as := new(Appearance)
+	resp, err := s.client.Do(req, as)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return as, resp, nil
+}
diff --git a/vendor/github.com/xanzy/go-gitlab/commits.go b/vendor/github.com/xanzy/go-gitlab/commits.go
index 7c724c2b0..cdb548b07 100644
--- a/vendor/github.com/xanzy/go-gitlab/commits.go
+++ b/vendor/github.com/xanzy/go-gitlab/commits.go
@@ -77,6 +77,7 @@ type ListCommitsOptions struct {
 	Since       *time.Time `url:"since,omitempty" json:"since,omitempty"`
 	Until       *time.Time `url:"until,omitempty" json:"until,omitempty"`
 	Path        *string    `url:"path,omitempty" json:"path,omitempty"`
+	Author      *string    `url:"author,omitempty" json:"author,omitempty"`
 	All         *bool      `url:"all,omitempty" json:"all,omitempty"`
 	WithStats   *bool      `url:"with_stats,omitempty" json:"with_stats,omitempty"`
 	FirstParent *bool      `url:"first_parent,omitempty" json:"first_parent,omitempty"`
@@ -402,6 +403,7 @@ type CommitStatus struct {
 	Name         string     `json:"name"`
 	AllowFailure bool       `json:"allow_failure"`
 	Coverage     float64    `json:"coverage"`
+	PipelineId   int        `json:"pipeline_id"`
 	Author       Author     `json:"author"`
 	Description  string     `json:"description"`
 	TargetURL    string     `json:"target_url"`
@@ -571,10 +573,10 @@ type GPGSignature struct {
 	KeySubkeyID        int    `json:"gpg_key_subkey_id"`
 }
 
-// GetGPGSiganature gets a GPG signature of a commit.
+// GetGPGSignature gets a GPG signature of a commit.
 //
 // GitLab API docs: https://docs.gitlab.com/ee/api/commits.html#get-gpg-signature-of-a-commit
-func (s *CommitsService) GetGPGSiganature(pid interface{}, sha string, options ...RequestOptionFunc) (*GPGSignature, *Response, error) {
+func (s *CommitsService) GetGPGSignature(pid interface{}, sha string, options ...RequestOptionFunc) (*GPGSignature, *Response, error) {
 	project, err := parseID(pid)
 	if err != nil {
 		return nil, nil, err
diff --git a/vendor/github.com/xanzy/go-gitlab/deployments.go b/vendor/github.com/xanzy/go-gitlab/deployments.go
index 40ac4ed51..3ce8ec40f 100644
--- a/vendor/github.com/xanzy/go-gitlab/deployments.go
+++ b/vendor/github.com/xanzy/go-gitlab/deployments.go
@@ -201,3 +201,21 @@ func (s *DeploymentsService) UpdateProjectDeployment(pid interface{}, deployment
 
 	return d, resp, nil
 }
+
+// DeleteProjectDeployment delete a project deployment.
+//
+// GitLab API docs: https://docs.gitlab.com/ee/api/deployments.html#delete-a-specific-deployment
+func (s *DeploymentsService) DeleteProjectDeployment(pid interface{}, deployment int, options ...RequestOptionFunc) (*Response, error) {
+	project, err := parseID(pid)
+	if err != nil {
+		return nil, err
+	}
+	u := fmt.Sprintf("projects/%s/deployments/%d", PathEscape(project), deployment)
+
+	req, err := s.client.NewRequest(http.MethodDelete, u, nil, options)
+	if err != nil {
+		return nil, err
+	}
+
+	return s.client.Do(req, nil)
+}
diff --git a/vendor/github.com/xanzy/go-gitlab/discussions.go b/vendor/github.com/xanzy/go-gitlab/discussions.go
index b4d7f2468..7f791c585 100644
--- a/vendor/github.com/xanzy/go-gitlab/discussions.go
+++ b/vendor/github.com/xanzy/go-gitlab/discussions.go
@@ -724,10 +724,39 @@ func (s *DiscussionsService) GetMergeRequestDiscussion(pid interface{}, mergeReq
 // GitLab API docs:
 // https://docs.gitlab.com/ee/api/discussions.html#create-new-merge-request-thread
 type CreateMergeRequestDiscussionOptions struct {
-	Body      *string       `url:"body,omitempty" json:"body,omitempty"`
-	CommitID  *string       `url:"commit_id,omitempty" json:"commit_id,omitempty"`
-	CreatedAt *time.Time    `url:"created_at,omitempty" json:"created_at,omitempty"`
-	Position  *NotePosition `url:"position,omitempty" json:"position,omitempty"`
+	Body      *string          `url:"body,omitempty" json:"body,omitempty"`
+	CommitID  *string          `url:"commit_id,omitempty" json:"commit_id,omitempty"`
+	CreatedAt *time.Time       `url:"created_at,omitempty" json:"created_at,omitempty"`
+	Position  *PositionOptions `url:"position,omitempty" json:"position,omitempty"`
+}
+
+// PositionOptions represents the position option of a discussion.
+type PositionOptions struct {
+	BaseSHA      *string           `url:"base_sha,omitempty" json:"base_sha,omitempty"`
+	HeadSHA      *string           `url:"head_sha,omitempty" json:"head_sha,omitempty"`
+	StartSHA     *string           `url:"start_sha,omitempty" json:"start_sha,omitempty"`
+	NewPath      *string           `url:"new_path,omitempty" json:"new_path,omitempty"`
+	OldPath      *string           `url:"old_path,omitempty" json:"old_path,omitempty"`
+	PositionType *string           `url:"position_type,omitempty" json:"position_type"`
+	NewLine      *int              `url:"new_line,omitempty" json:"new_line,omitempty"`
+	OldLine      *int              `url:"old_line,omitempty" json:"old_line,omitempty"`
+	LineRange    *LineRangeOptions `url:"line_range,omitempty" json:"line_range,omitempty"`
+	Width        *int              `url:"width,omitempty" json:"width,omitempty"`
+	Height       *int              `url:"height,omitempty" json:"height,omitempty"`
+	X            *float64          `url:"x,omitempty" json:"x,omitempty"`
+	Y            *float64          `url:"y,omitempty" json:"y,omitempty"`
+}
+
+// LineRangeOptions represents the line range option of a discussion.
+type LineRangeOptions struct {
+	Start *LinePositionOptions `url:"start,omitempty" json:"start,omitempty"`
+	End   *LinePositionOptions `url:"end,omitempty" json:"end,omitempty"`
+}
+
+// LinePositionOptions represents the line position option of a discussion.
+type LinePositionOptions struct {
+	LineCode *string `url:"line_code,omitempty" json:"line_code,omitempty"`
+	Type     *string `url:"type,omitempty" json:"type,omitempty"`
 }
 
 // CreateMergeRequestDiscussion creates a new discussion for a single merge
diff --git a/vendor/github.com/xanzy/go-gitlab/event_webhook_types.go b/vendor/github.com/xanzy/go-gitlab/event_webhook_types.go
index b90f4fa3e..fa1fe5c7d 100644
--- a/vendor/github.com/xanzy/go-gitlab/event_webhook_types.go
+++ b/vendor/github.com/xanzy/go-gitlab/event_webhook_types.go
@@ -652,6 +652,7 @@ type MergeEvent struct {
 		} `json:"last_commit"`
 		BlockingDiscussionsResolved bool          `json:"blocking_discussions_resolved"`
 		WorkInProgress              bool          `json:"work_in_progress"`
+		Draft                       bool          `json:"draft"`
 		TotalTimeSpent              int           `json:"total_time_spent"`
 		TimeChange                  int           `json:"time_change"`
 		HumanTotalTimeSpent         string        `json:"human_total_time_spent"`
@@ -679,6 +680,10 @@ type MergeEvent struct {
 			Previous string `json:"previous"`
 			Current  string `json:"current"`
 		} `json:"description"`
+		Draft struct {
+			Previous bool `json:"previous"`
+			Current  bool `json:"current"`
+		} `json:"draft"`
 		Labels struct {
 			Previous []*EventLabel `json:"previous"`
 			Current  []*EventLabel `json:"current"`
@@ -789,6 +794,7 @@ type PipelineEvent struct {
 	ObjectAttributes struct {
 		ID             int      `json:"id"`
 		IID            int      `json:"iid"`
+		Name           string   `json:"name"`
 		Ref            string   `json:"ref"`
 		Tag            bool     `json:"tag"`
 		SHA            string   `json:"sha"`
@@ -801,6 +807,7 @@ type PipelineEvent struct {
 		FinishedAt     string   `json:"finished_at"`
 		Duration       int      `json:"duration"`
 		QueuedDuration int      `json:"queued_duration"`
+		URL            string   `json:"url"`
 		Variables      []struct {
 			Key   string `json:"key"`
 			Value string `json:"value"`
diff --git a/vendor/github.com/xanzy/go-gitlab/gitlab.go b/vendor/github.com/xanzy/go-gitlab/gitlab.go
index 81cf3ff9e..88d55057c 100644
--- a/vendor/github.com/xanzy/go-gitlab/gitlab.go
+++ b/vendor/github.com/xanzy/go-gitlab/gitlab.go
@@ -33,8 +33,9 @@ import (
 	"sync"
 	"time"
 
-	"github.com/google/go-querystring/query"
 	"github.com/hashicorp/go-cleanhttp"
+
+	"github.com/google/go-querystring/query"
 	retryablehttp "github.com/hashicorp/go-retryablehttp"
 	"golang.org/x/oauth2"
 	"golang.org/x/time/rate"
@@ -103,115 +104,124 @@ type Client struct {
 	UserAgent string
 
 	// Services used for talking to different parts of the GitLab API.
-	AccessRequests          *AccessRequestsService
-	Applications            *ApplicationsService
-	AuditEvents             *AuditEventsService
-	Avatar                  *AvatarRequestsService
-	AwardEmoji              *AwardEmojiService
-	Boards                  *IssueBoardsService
-	Branches                *BranchesService
-	BroadcastMessage        *BroadcastMessagesService
-	CIYMLTemplate           *CIYMLTemplatesService
-	ClusterAgents           *ClusterAgentsService
-	Commits                 *CommitsService
-	ContainerRegistry       *ContainerRegistryService
-	CustomAttribute         *CustomAttributesService
-	DeployKeys              *DeployKeysService
-	DeployTokens            *DeployTokensService
-	DeploymentMergeRequests *DeploymentMergeRequestsService
-	Deployments             *DeploymentsService
-	Discussions             *DiscussionsService
-	DockerfileTemplate      *DockerfileTemplatesService
-	Environments            *EnvironmentsService
-	EpicIssues              *EpicIssuesService
-	Epics                   *EpicsService
-	ErrorTracking           *ErrorTrackingService
-	Events                  *EventsService
-	ExternalStatusChecks    *ExternalStatusChecksService
-	Features                *FeaturesService
-	FreezePeriods           *FreezePeriodsService
-	GenericPackages         *GenericPackagesService
-	GeoNodes                *GeoNodesService
-	GitIgnoreTemplates      *GitIgnoreTemplatesService
-	GroupAccessTokens       *GroupAccessTokensService
-	GroupBadges             *GroupBadgesService
-	GroupCluster            *GroupClustersService
-	GroupImportExport       *GroupImportExportService
-	GroupIssueBoards        *GroupIssueBoardsService
-	GroupIterations         *GroupIterationsService
-	GroupLabels             *GroupLabelsService
-	GroupMembers            *GroupMembersService
-	GroupMilestones         *GroupMilestonesService
-	GroupVariables          *GroupVariablesService
-	GroupWikis              *GroupWikisService
-	Groups                  *GroupsService
-	InstanceCluster         *InstanceClustersService
-	InstanceVariables       *InstanceVariablesService
-	Invites                 *InvitesService
-	IssueLinks              *IssueLinksService
-	Issues                  *IssuesService
-	IssuesStatistics        *IssuesStatisticsService
-	Jobs                    *JobsService
-	Keys                    *KeysService
-	Labels                  *LabelsService
-	License                 *LicenseService
-	LicenseTemplates        *LicenseTemplatesService
-	ManagedLicenses         *ManagedLicensesService
-	Markdown                *MarkdownService
-	MergeRequestApprovals   *MergeRequestApprovalsService
-	MergeRequests           *MergeRequestsService
-	Metadata                *MetadataService
-	Milestones              *MilestonesService
-	Namespaces              *NamespacesService
-	Notes                   *NotesService
-	NotificationSettings    *NotificationSettingsService
-	Packages                *PackagesService
-	Pages                   *PagesService
-	PagesDomains            *PagesDomainsService
-	PersonalAccessTokens    *PersonalAccessTokensService
-	PipelineSchedules       *PipelineSchedulesService
-	PipelineTriggers        *PipelineTriggersService
-	Pipelines               *PipelinesService
-	PlanLimits              *PlanLimitsService
-	ProjectAccessTokens     *ProjectAccessTokensService
-	ProjectBadges           *ProjectBadgesService
-	ProjectCluster          *ProjectClustersService
-	ProjectFeatureFlags     *ProjectFeatureFlagService
-	ProjectImportExport     *ProjectImportExportService
-	ProjectIterations       *ProjectIterationsService
-	ProjectMembers          *ProjectMembersService
-	ProjectMirrors          *ProjectMirrorService
-	ProjectSnippets         *ProjectSnippetsService
-	ProjectTemplates        *ProjectTemplatesService
-	ProjectVariables        *ProjectVariablesService
-	ProjectVulnerabilities  *ProjectVulnerabilitiesService
-	Projects                *ProjectsService
-	ProtectedBranches       *ProtectedBranchesService
-	ProtectedEnvironments   *ProtectedEnvironmentsService
-	ProtectedTags           *ProtectedTagsService
-	ReleaseLinks            *ReleaseLinksService
-	Releases                *ReleasesService
-	Repositories            *RepositoriesService
-	RepositoryFiles         *RepositoryFilesService
-	RepositorySubmodules    *RepositorySubmodulesService
-	ResourceLabelEvents     *ResourceLabelEventsService
-	ResourceMilestoneEvents *ResourceMilestoneEventsService
-	ResourceStateEvents     *ResourceStateEventsService
-	ResourceWeightEvents    *ResourceWeightEventsService
-	Runners                 *RunnersService
-	Search                  *SearchService
-	Services                *ServicesService
-	Settings                *SettingsService
-	Sidekiq                 *SidekiqService
-	Snippets                *SnippetsService
-	SystemHooks             *SystemHooksService
-	Tags                    *TagsService
-	Todos                   *TodosService
-	Topics                  *TopicsService
-	Users                   *UsersService
-	Validate                *ValidateService
-	Version                 *VersionService
-	Wikis                   *WikisService
+	AccessRequests               *AccessRequestsService
+	Appearance                   *AppearanceService
+	Applications                 *ApplicationsService
+	AuditEvents                  *AuditEventsService
+	Avatar                       *AvatarRequestsService
+	AwardEmoji                   *AwardEmojiService
+	Boards                       *IssueBoardsService
+	Branches                     *BranchesService
+	BroadcastMessage             *BroadcastMessagesService
+	CIYMLTemplate                *CIYMLTemplatesService
+	ClusterAgents                *ClusterAgentsService
+	Commits                      *CommitsService
+	ContainerRegistry            *ContainerRegistryService
+	CustomAttribute              *CustomAttributesService
+	DeployKeys                   *DeployKeysService
+	DeployTokens                 *DeployTokensService
+	DeploymentMergeRequests      *DeploymentMergeRequestsService
+	Deployments                  *DeploymentsService
+	Discussions                  *DiscussionsService
+	DockerfileTemplate           *DockerfileTemplatesService
+	Environments                 *EnvironmentsService
+	EpicIssues                   *EpicIssuesService
+	Epics                        *EpicsService
+	ErrorTracking                *ErrorTrackingService
+	Events                       *EventsService
+	ExternalStatusChecks         *ExternalStatusChecksService
+	Features                     *FeaturesService
+	FreezePeriods                *FreezePeriodsService
+	GenericPackages              *GenericPackagesService
+	GeoNodes                     *GeoNodesService
+	GitIgnoreTemplates           *GitIgnoreTemplatesService
+	GroupAccessTokens            *GroupAccessTokensService
+	GroupBadges                  *GroupBadgesService
+	GroupCluster                 *GroupClustersService
+	GroupEpicBoards              *GroupEpicBoardsService
+	GroupImportExport            *GroupImportExportService
+	GroupIssueBoards             *GroupIssueBoardsService
+	GroupIterations              *GroupIterationsService
+	GroupLabels                  *GroupLabelsService
+	GroupMembers                 *GroupMembersService
+	GroupMilestones              *GroupMilestonesService
+	GroupProtectedEnvironments   *GroupProtectedEnvironmentsService
+	GroupRepositoryStorageMove   *GroupRepositoryStorageMoveService
+	GroupVariables               *GroupVariablesService
+	GroupWikis                   *GroupWikisService
+	Groups                       *GroupsService
+	InstanceCluster              *InstanceClustersService
+	InstanceVariables            *InstanceVariablesService
+	Invites                      *InvitesService
+	IssueLinks                   *IssueLinksService
+	Issues                       *IssuesService
+	IssuesStatistics             *IssuesStatisticsService
+	Jobs                         *JobsService
+	JobTokenScope                *JobTokenScopeService
+	Keys                         *KeysService
+	Labels                       *LabelsService
+	License                      *LicenseService
+	LicenseTemplates             *LicenseTemplatesService
+	ManagedLicenses              *ManagedLicensesService
+	Markdown                     *MarkdownService
+	MergeRequestApprovals        *MergeRequestApprovalsService
+	MergeRequests                *MergeRequestsService
+	MergeTrains                  *MergeTrainsService
+	Metadata                     *MetadataService
+	Milestones                   *MilestonesService
+	Namespaces                   *NamespacesService
+	Notes                        *NotesService
+	NotificationSettings         *NotificationSettingsService
+	Packages                     *PackagesService
+	Pages                        *PagesService
+	PagesDomains                 *PagesDomainsService
+	PersonalAccessTokens         *PersonalAccessTokensService
+	PipelineSchedules            *PipelineSchedulesService
+	PipelineTriggers             *PipelineTriggersService
+	Pipelines                    *PipelinesService
+	PlanLimits                   *PlanLimitsService
+	ProjectAccessTokens          *ProjectAccessTokensService
+	ProjectBadges                *ProjectBadgesService
+	ProjectCluster               *ProjectClustersService
+	ProjectFeatureFlags          *ProjectFeatureFlagService
+	ProjectImportExport          *ProjectImportExportService
+	ProjectIterations            *ProjectIterationsService
+	ProjectMembers               *ProjectMembersService
+	ProjectMirrors               *ProjectMirrorService
+	ProjectRepositoryStorageMove *ProjectRepositoryStorageMoveService
+	ProjectSnippets              *ProjectSnippetsService
+	ProjectTemplates             *ProjectTemplatesService
+	ProjectVariables             *ProjectVariablesService
+	ProjectVulnerabilities       *ProjectVulnerabilitiesService
+	Projects                     *ProjectsService
+	ProtectedBranches            *ProtectedBranchesService
+	ProtectedEnvironments        *ProtectedEnvironmentsService
+	ProtectedTags                *ProtectedTagsService
+	ReleaseLinks                 *ReleaseLinksService
+	Releases                     *ReleasesService
+	Repositories                 *RepositoriesService
+	RepositoryFiles              *RepositoryFilesService
+	RepositorySubmodules         *RepositorySubmodulesService
+	ResourceIterationEvents      *ResourceIterationEventsService
+	ResourceLabelEvents          *ResourceLabelEventsService
+	ResourceMilestoneEvents      *ResourceMilestoneEventsService
+	ResourceStateEvents          *ResourceStateEventsService
+	ResourceWeightEvents         *ResourceWeightEventsService
+	Runners                      *RunnersService
+	Search                       *SearchService
+	Services                     *ServicesService
+	Settings                     *SettingsService
+	Sidekiq                      *SidekiqService
+	SnippetRepositoryStorageMove *SnippetRepositoryStorageMoveService
+	Snippets                     *SnippetsService
+	SystemHooks                  *SystemHooksService
+	Tags                         *TagsService
+	Todos                        *TodosService
+	Topics                       *TopicsService
+	Users                        *UsersService
+	Validate                     *ValidateService
+	Version                      *VersionService
+	Wikis                        *WikisService
 }
 
 // ListOptions specifies the optional parameters to various List methods that
@@ -320,6 +330,7 @@ func newClient(options ...ClientOptionFunc) (*Client, error) {
 
 	// Create all the public services.
 	c.AccessRequests = &AccessRequestsService{client: c}
+	c.Appearance = &AppearanceService{client: c}
 	c.Applications = &ApplicationsService{client: c}
 	c.AuditEvents = &AuditEventsService{client: c}
 	c.Avatar = &AvatarRequestsService{client: c}
@@ -352,12 +363,15 @@ func newClient(options ...ClientOptionFunc) (*Client, error) {
 	c.GroupAccessTokens = &GroupAccessTokensService{client: c}
 	c.GroupBadges = &GroupBadgesService{client: c}
 	c.GroupCluster = &GroupClustersService{client: c}
+	c.GroupEpicBoards = &GroupEpicBoardsService{client: c}
 	c.GroupImportExport = &GroupImportExportService{client: c}
 	c.GroupIssueBoards = &GroupIssueBoardsService{client: c}
 	c.GroupIterations = &GroupIterationsService{client: c}
 	c.GroupLabels = &GroupLabelsService{client: c}
 	c.GroupMembers = &GroupMembersService{client: c}
 	c.GroupMilestones = &GroupMilestonesService{client: c}
+	c.GroupProtectedEnvironments = &GroupProtectedEnvironmentsService{client: c}
+	c.GroupRepositoryStorageMove = &GroupRepositoryStorageMoveService{client: c}
 	c.GroupVariables = &GroupVariablesService{client: c}
 	c.GroupWikis = &GroupWikisService{client: c}
 	c.Groups = &GroupsService{client: c}
@@ -368,6 +382,7 @@ func newClient(options ...ClientOptionFunc) (*Client, error) {
 	c.Issues = &IssuesService{client: c, timeStats: timeStats}
 	c.IssuesStatistics = &IssuesStatisticsService{client: c}
 	c.Jobs = &JobsService{client: c}
+	c.JobTokenScope = &JobTokenScopeService{client: c}
 	c.Keys = &KeysService{client: c}
 	c.Labels = &LabelsService{client: c}
 	c.License = &LicenseService{client: c}
@@ -376,6 +391,7 @@ func newClient(options ...ClientOptionFunc) (*Client, error) {
 	c.Markdown = &MarkdownService{client: c}
 	c.MergeRequestApprovals = &MergeRequestApprovalsService{client: c}
 	c.MergeRequests = &MergeRequestsService{client: c, timeStats: timeStats}
+	c.MergeTrains = &MergeTrainsService{client: c}
 	c.Metadata = &MetadataService{client: c}
 	c.Milestones = &MilestonesService{client: c}
 	c.Namespaces = &NamespacesService{client: c}
@@ -397,6 +413,7 @@ func newClient(options ...ClientOptionFunc) (*Client, error) {
 	c.ProjectIterations = &ProjectIterationsService{client: c}
 	c.ProjectMembers = &ProjectMembersService{client: c}
 	c.ProjectMirrors = &ProjectMirrorService{client: c}
+	c.ProjectRepositoryStorageMove = &ProjectRepositoryStorageMoveService{client: c}
 	c.ProjectSnippets = &ProjectSnippetsService{client: c}
 	c.ProjectTemplates = &ProjectTemplatesService{client: c}
 	c.ProjectVariables = &ProjectVariablesService{client: c}
@@ -410,6 +427,7 @@ func newClient(options ...ClientOptionFunc) (*Client, error) {
 	c.Repositories = &RepositoriesService{client: c}
 	c.RepositoryFiles = &RepositoryFilesService{client: c}
 	c.RepositorySubmodules = &RepositorySubmodulesService{client: c}
+	c.ResourceIterationEvents = &ResourceIterationEventsService{client: c}
 	c.ResourceLabelEvents = &ResourceLabelEventsService{client: c}
 	c.ResourceMilestoneEvents = &ResourceMilestoneEventsService{client: c}
 	c.ResourceStateEvents = &ResourceStateEventsService{client: c}
@@ -420,6 +438,7 @@ func newClient(options ...ClientOptionFunc) (*Client, error) {
 	c.Settings = &SettingsService{client: c}
 	c.Sidekiq = &SidekiqService{client: c}
 	c.Snippets = &SnippetsService{client: c}
+	c.SnippetRepositoryStorageMove = &SnippetRepositoryStorageMoveService{client: c}
 	c.SystemHooks = &SystemHooksService{client: c}
 	c.Tags = &TagsService{client: c}
 	c.Todos = &TodosService{client: c}
@@ -798,6 +817,7 @@ func (c *Client) Do(req *retryablehttp.Request, v interface{}) (*Response, error
 		return c.Do(req, v)
 	}
 	defer resp.Body.Close()
+	defer io.Copy(io.Discard, resp.Body)
 
 	// If not yet configured, try to configure the rate limiter
 	// using the response headers we just received. Fail silently
diff --git a/vendor/github.com/xanzy/go-gitlab/group_access_tokens.go b/vendor/github.com/xanzy/go-gitlab/group_access_tokens.go
index 3d42ab531..15f303a98 100644
--- a/vendor/github.com/xanzy/go-gitlab/group_access_tokens.go
+++ b/vendor/github.com/xanzy/go-gitlab/group_access_tokens.go
@@ -145,6 +145,31 @@ func (s *GroupAccessTokensService) CreateGroupAccessToken(gid interface{}, opt *
 	return pat, resp, nil
 }
 
+// RotateGroupAccessToken revokes a group access token and returns a new group
+// access token that expires in one week.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/group_access_tokens.html#rotate-a-group-access-token
+func (s *GroupAccessTokensService) RotateGroupAccessToken(gid interface{}, id int, options ...RequestOptionFunc) (*GroupAccessToken, *Response, error) {
+	groups, err := parseID(gid)
+	if err != nil {
+		return nil, nil, err
+	}
+	u := fmt.Sprintf("groups/%s/access_tokens/%d/rotate", PathEscape(groups), id)
+	req, err := s.client.NewRequest(http.MethodPost, u, nil, options)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	gat := new(GroupAccessToken)
+	resp, err := s.client.Do(req, gat)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return gat, resp, nil
+}
+
 // RevokeGroupAccessToken revokes a group access token.
 //
 // GitLab API docs:
diff --git a/vendor/github.com/xanzy/go-gitlab/group_badges.go b/vendor/github.com/xanzy/go-gitlab/group_badges.go
index 1ae3ebcc6..c648a7443 100644
--- a/vendor/github.com/xanzy/go-gitlab/group_badges.go
+++ b/vendor/github.com/xanzy/go-gitlab/group_badges.go
@@ -44,6 +44,7 @@ const (
 // https://docs.gitlab.com/ee/api/group_badges.html
 type GroupBadge struct {
 	ID               int       `json:"id"`
+	Name             string    `json:"name"`
 	LinkURL          string    `json:"link_url"`
 	ImageURL         string    `json:"image_url"`
 	RenderedLinkURL  string    `json:"rendered_link_url"`
@@ -55,7 +56,10 @@ type GroupBadge struct {
 //
 // GitLab API docs:
 // https://docs.gitlab.com/ee/api/group_badges.html#list-all-badges-of-a-group
-type ListGroupBadgesOptions ListOptions
+type ListGroupBadgesOptions struct {
+	ListOptions
+	Name *string `url:"name,omitempty" json:"name,omitempty"`
+}
 
 // ListGroupBadges gets a list of a group badges.
 //
@@ -114,6 +118,7 @@ func (s *GroupBadgesService) GetGroupBadge(gid interface{}, badge int, options .
 type AddGroupBadgeOptions struct {
 	LinkURL  *string `url:"link_url,omitempty" json:"link_url,omitempty"`
 	ImageURL *string `url:"image_url,omitempty" json:"image_url,omitempty"`
+	Name     *string `url:"name,omitempty" json:"name,omitempty"`
 }
 
 // AddGroupBadge adds a badge to a group.
@@ -148,6 +153,7 @@ func (s *GroupBadgesService) AddGroupBadge(gid interface{}, opt *AddGroupBadgeOp
 type EditGroupBadgeOptions struct {
 	LinkURL  *string `url:"link_url,omitempty" json:"link_url,omitempty"`
 	ImageURL *string `url:"image_url,omitempty" json:"image_url,omitempty"`
+	Name     *string `url:"name,omitempty" json:"name,omitempty"`
 }
 
 // EditGroupBadge updates a badge of a group.
@@ -201,6 +207,7 @@ func (s *GroupBadgesService) DeleteGroupBadge(gid interface{}, badge int, option
 type GroupBadgePreviewOptions struct {
 	LinkURL  *string `url:"link_url,omitempty" json:"link_url,omitempty"`
 	ImageURL *string `url:"image_url,omitempty" json:"image_url,omitempty"`
+	Name     *string `url:"name,omitempty" json:"name,omitempty"`
 }
 
 // PreviewGroupBadge returns how the link_url and image_url final URLs would be after
diff --git a/vendor/github.com/xanzy/go-gitlab/group_epic_boards.go b/vendor/github.com/xanzy/go-gitlab/group_epic_boards.go
new file mode 100644
index 000000000..fd8cfd86d
--- /dev/null
+++ b/vendor/github.com/xanzy/go-gitlab/group_epic_boards.go
@@ -0,0 +1,104 @@
+//
+// Copyright 2021, Patrick Webster
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+package gitlab
+
+import (
+	"fmt"
+	"net/http"
+)
+
+// GroupEpicBoardsService handles communication with the group epic board
+// related methods of the GitLab API.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/group_epic_boards.html
+type GroupEpicBoardsService struct {
+	client *Client
+}
+
+// GroupEpicBoard represents a GitLab group epic board.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/group_epic_boards.html
+type GroupEpicBoard struct {
+	ID     int             `json:"id"`
+	Name   string          `json:"name"`
+	Group  *Group          `json:"group"`
+	Labels []*LabelDetails `json:"labels"`
+	Lists  []*BoardList    `json:"lists"`
+}
+
+func (b GroupEpicBoard) String() string {
+	return Stringify(b)
+}
+
+// ListGroupEpicBoardsOptions represents the available
+// ListGroupEpicBoards() options.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/group_epic_boards.html#list-all-epic-boards-in-a-group
+type ListGroupEpicBoardsOptions ListOptions
+
+// ListGroupEpicBoards gets a list of all epic boards in a group.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/group_epic_boards.html#list-all-epic-boards-in-a-group
+func (s *GroupEpicBoardsService) ListGroupEpicBoards(gid interface{}, opt *ListGroupEpicBoardsOptions, options ...RequestOptionFunc) ([]*GroupEpicBoard, *Response, error) {
+	group, err := parseID(gid)
+	if err != nil {
+		return nil, nil, err
+	}
+	u := fmt.Sprintf("groups/%s/epic_boards", PathEscape(group))
+
+	req, err := s.client.NewRequest(http.MethodGet, u, opt, options)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	var gs []*GroupEpicBoard
+	resp, err := s.client.Do(req, &gs)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return gs, resp, nil
+}
+
+// GetGroupEpicBoard gets a single epic board of a group.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/group_epic_boards.html#single-group-epic-board
+func (s *GroupEpicBoardsService) GetGroupEpicBoard(gid interface{}, board int, options ...RequestOptionFunc) (*GroupEpicBoard, *Response, error) {
+	group, err := parseID(gid)
+	if err != nil {
+		return nil, nil, err
+	}
+	u := fmt.Sprintf("groups/%s/epic_boards/%d", PathEscape(group), board)
+
+	req, err := s.client.NewRequest(http.MethodGet, u, nil, options)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	gib := new(GroupEpicBoard)
+	resp, err := s.client.Do(req, gib)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return gib, resp, nil
+}
diff --git a/vendor/github.com/xanzy/go-gitlab/group_protected_environments.go b/vendor/github.com/xanzy/go-gitlab/group_protected_environments.go
new file mode 100644
index 000000000..53bee7079
--- /dev/null
+++ b/vendor/github.com/xanzy/go-gitlab/group_protected_environments.go
@@ -0,0 +1,278 @@
+//
+// Copyright 2023, Sander van Harmelen
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+package gitlab
+
+import (
+	"fmt"
+	"net/http"
+)
+
+// GroupProtectedEnvironmentsService handles communication with the group-level
+// protected environment methods of the GitLab API.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/group_protected_environments.html
+type GroupProtectedEnvironmentsService struct {
+	client *Client
+}
+
+// GroupProtectedEnvironment represents a group-level protected environment.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/group_protected_environments.html
+type GroupProtectedEnvironment struct {
+	Name                  string                               `json:"name"`
+	DeployAccessLevels    []*GroupEnvironmentAccessDescription `json:"deploy_access_levels"`
+	RequiredApprovalCount int                                  `json:"required_approval_count"`
+	ApprovalRules         []*GroupEnvironmentApprovalRule      `json:"approval_rules"`
+}
+
+// GroupEnvironmentAccessDescription represents the access decription for a
+// group-level protected environment.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/group_protected_environments.html
+type GroupEnvironmentAccessDescription struct {
+	ID                     int              `json:"id"`
+	AccessLevel            AccessLevelValue `json:"access_level"`
+	AccessLevelDescription string           `json:"access_level_description"`
+	UserID                 int              `json:"user_id"`
+	GroupID                int              `json:"group_id"`
+}
+
+// GroupEnvironmentApprovalRule represents the approval rules for a group-level
+// protected environment.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/group_protected_environments.html#protect-a-single-environment
+type GroupEnvironmentApprovalRule struct {
+	ID                     int              `json:"id"`
+	UserID                 int              `json:"user_id"`
+	GroupID                int              `json:"group_id"`
+	AccessLevel            AccessLevelValue `json:"access_level"`
+	AccessLevelDescription string           `json:"access_level_description"`
+	RequiredApprovalCount  int              `json:"required_approvals"`
+	GroupInheritanceType   int              `json:"group_inheritance_type"`
+}
+
+// ListGroupProtectedEnvironmentsOptions represents the available
+// ListGroupProtectedEnvironments() options.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/group_protected_environments.html#list-group-level-protected-environments
+type ListGroupProtectedEnvironmentsOptions ListOptions
+
+// ListGroupProtectedEnvironments returns a list of protected environments from
+// a group.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/group_protected_environments.html#list-group-level-protected-environments
+func (s *GroupProtectedEnvironmentsService) ListGroupProtectedEnvironments(gid interface{}, opt *ListGroupProtectedEnvironmentsOptions, options ...RequestOptionFunc) ([]*GroupProtectedEnvironment, *Response, error) {
+	group, err := parseID(gid)
+	if err != nil {
+		return nil, nil, err
+	}
+	u := fmt.Sprintf("groups/%s/protected_environments", PathEscape(group))
+
+	req, err := s.client.NewRequest(http.MethodGet, u, opt, options)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	var pes []*GroupProtectedEnvironment
+	resp, err := s.client.Do(req, &pes)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return pes, resp, nil
+}
+
+// GetGroupProtectedEnvironment returns a single group-level protected
+// environment.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/group_protected_environments.html#get-a-single-protected-environment
+func (s *GroupProtectedEnvironmentsService) GetGroupProtectedEnvironment(gid interface{}, environment string, options ...RequestOptionFunc) (*GroupProtectedEnvironment, *Response, error) {
+	group, err := parseID(gid)
+	if err != nil {
+		return nil, nil, err
+	}
+	u := fmt.Sprintf("groups/%s/protected_environments/%s", PathEscape(group), environment)
+
+	req, err := s.client.NewRequest(http.MethodGet, u, nil, options)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	pe := new(GroupProtectedEnvironment)
+	resp, err := s.client.Do(req, pe)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return pe, resp, nil
+}
+
+// ProtectGroupEnvironmentOptions represents the available
+// ProtectGroupEnvironment() options.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/group_protected_environments.html#protect-a-single-environment
+type ProtectGroupEnvironmentOptions struct {
+	Name                  *string                                 `url:"name,omitempty" json:"name,omitempty"`
+	DeployAccessLevels    *[]*GroupEnvironmentAccessOptions       `url:"deploy_access_levels,omitempty" json:"deploy_access_levels,omitempty"`
+	RequiredApprovalCount *int                                    `url:"required_approval_count,omitempty" json:"required_approval_count,omitempty"`
+	ApprovalRules         *[]*GroupEnvironmentApprovalRuleOptions `url:"approval_rules,omitempty" json:"approval_rules,omitempty"`
+}
+
+// GroupEnvironmentAccessOptions represents the options for an access decription
+// for a group-level protected environment.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/group_protected_environments.html#protect-a-single-environment
+type GroupEnvironmentAccessOptions struct {
+	AccessLevel *AccessLevelValue `url:"access_level,omitempty" json:"access_level,omitempty"`
+	UserID      *int              `url:"user_id,omitempty" json:"user_id,omitempty"`
+	GroupID     *int              `url:"group_id,omitempty" json:"group_id,omitempty"`
+}
+
+// GroupEnvironmentApprovalRuleOptions represents the approval rules for a
+// group-level protected environment.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/group_protected_environments.html#protect-a-single-environment
+type GroupEnvironmentApprovalRuleOptions struct {
+	UserID                 *int              `url:"user_id,omitempty" json:"user_id,omitempty"`
+	GroupID                *int              `url:"group_id,omitempty" json:"group_id,omitempty"`
+	AccessLevel            *AccessLevelValue `url:"access_level,omitempty" json:"access_level,omitempty"`
+	AccessLevelDescription *string           `url:"access_level_description,omitempty" json:"access_level_description,omitempty"`
+	RequiredApprovalCount  *int              `url:"required_approvals,omitempty" json:"required_approvals,omitempty"`
+	GroupInheritanceType   *int              `url:"group_inheritance_type,omitempty" json:"group_inheritance_type,omitempty"`
+}
+
+// ProtectGroupEnvironment protects a single group-level environment.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/group_protected_environments.html#protect-a-single-environment
+func (s *GroupProtectedEnvironmentsService) ProtectGroupEnvironment(gid interface{}, opt *ProtectGroupEnvironmentOptions, options ...RequestOptionFunc) (*GroupProtectedEnvironment, *Response, error) {
+	group, err := parseID(gid)
+	if err != nil {
+		return nil, nil, err
+	}
+	u := fmt.Sprintf("groups/%s/protected_environments", PathEscape(group))
+
+	req, err := s.client.NewRequest(http.MethodPost, u, opt, options)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	pe := new(GroupProtectedEnvironment)
+	resp, err := s.client.Do(req, pe)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return pe, resp, nil
+}
+
+// UpdateGroupProtectedEnvironmentOptions represents the available
+// UpdateGroupProtectedEnvironment() options.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/group_protected_environments.html#update-a-protected-environment
+type UpdateGroupProtectedEnvironmentOptions struct {
+	Name                  *string                                       `url:"name,omitempty" json:"name,omitempty"`
+	DeployAccessLevels    *[]*UpdateGroupEnvironmentAccessOptions       `url:"deploy_access_levels,omitempty" json:"deploy_access_levels,omitempty"`
+	RequiredApprovalCount *int                                          `url:"required_approval_count,omitempty" json:"required_approval_count,omitempty"`
+	ApprovalRules         *[]*UpdateGroupEnvironmentApprovalRuleOptions `url:"approval_rules,omitempty" json:"approval_rules,omitempty"`
+}
+
+// UpdateGroupEnvironmentAccessOptions represents the options for updates to the
+// access decription for a group-level protected environment.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/group_protected_environments.html#update-a-protected-environment
+type UpdateGroupEnvironmentAccessOptions struct {
+	AccessLevel *AccessLevelValue `url:"access_level,omitempty" json:"access_level,omitempty"`
+	ID          *int              `url:"id,omitempty" json:"id,omitempty"`
+	UserID      *int              `url:"user_id,omitempty" json:"user_id,omitempty"`
+	GroupID     *int              `url:"group_id,omitempty" json:"group_id,omitempty"`
+	Destroy     *bool             `url:"_destroy,omitempty" json:"_destroy,omitempty"`
+}
+
+// UpdateGroupEnvironmentApprovalRuleOptions represents the updates to the
+// approval rules for a group-level protected environment.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/group_protected_environments.html#update-a-protected-environment
+type UpdateGroupEnvironmentApprovalRuleOptions struct {
+	ID                     *int              `url:"id,omitempty" json:"id,omitempty"`
+	UserID                 *int              `url:"user_id,omitempty" json:"user_id,omitempty"`
+	GroupID                *int              `url:"group_id,omitempty" json:"group_id,omitempty"`
+	AccessLevel            *AccessLevelValue `url:"access_level,omitempty" json:"access_level,omitempty"`
+	AccessLevelDescription *string           `url:"access_level_description,omitempty" json:"access_level_description,omitempty"`
+	RequiredApprovalCount  *int              `url:"required_approvals,omitempty" json:"required_approvals,omitempty"`
+	GroupInheritanceType   *int              `url:"group_inheritance_type,omitempty" json:"group_inheritance_type,omitempty"`
+	Destroy                *bool             `url:"_destroy,omitempty" json:"_destroy,omitempty"`
+}
+
+// UpdateGroupProtectedEnvironment updates a single group-level protected
+// environment.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/group_protected_environments.html#update-a-protected-environment
+func (s *GroupProtectedEnvironmentsService) UpdateGroupProtectedEnvironment(gid interface{}, environment string, opt *UpdateGroupProtectedEnvironmentOptions, options ...RequestOptionFunc) (*GroupProtectedEnvironment, *Response, error) {
+	group, err := parseID(gid)
+	if err != nil {
+		return nil, nil, err
+	}
+	u := fmt.Sprintf("groups/%s/protected_environments/%s", PathEscape(group), environment)
+
+	req, err := s.client.NewRequest(http.MethodPut, u, opt, options)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	pe := new(GroupProtectedEnvironment)
+	resp, err := s.client.Do(req, pe)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return pe, resp, nil
+}
+
+// UnprotectGroupEnvironment unprotects the given protected group-level
+// environment.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/group_protected_environments.html#unprotect-a-single-environment
+func (s *GroupProtectedEnvironmentsService) UnprotectGroupEnvironment(gid interface{}, environment string, options ...RequestOptionFunc) (*Response, error) {
+	group, err := parseID(gid)
+	if err != nil {
+		return nil, err
+	}
+	u := fmt.Sprintf("groups/%s/protected_environments/%s", PathEscape(group), environment)
+
+	req, err := s.client.NewRequest(http.MethodDelete, u, nil, options)
+	if err != nil {
+		return nil, err
+	}
+
+	return s.client.Do(req, nil)
+}
diff --git a/vendor/github.com/xanzy/go-gitlab/group_repository_storage_move.go b/vendor/github.com/xanzy/go-gitlab/group_repository_storage_move.go
new file mode 100644
index 000000000..18951a166
--- /dev/null
+++ b/vendor/github.com/xanzy/go-gitlab/group_repository_storage_move.go
@@ -0,0 +1,195 @@
+//
+// Copyright 2023, Nick Westbury
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+package gitlab
+
+import (
+	"fmt"
+	"net/http"
+	"time"
+)
+
+// GroupRepositoryStorageMoveService handles communication with the
+// group repositories related methods of the GitLab API.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/group_repository_storage_moves.html
+type GroupRepositoryStorageMoveService struct {
+	client *Client
+}
+
+// GroupRepositoryStorageMove represents the status of a repository move.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/group_repository_storage_moves.html
+type GroupRepositoryStorageMove struct {
+	ID                     int              `json:"id"`
+	CreatedAt              *time.Time       `json:"created_at"`
+	State                  string           `json:"state"`
+	SourceStorageName      string           `json:"source_storage_name"`
+	DestinationStorageName string           `json:"destination_storage_name"`
+	Group                  *RepositoryGroup `json:"group"`
+}
+
+type RepositoryGroup struct {
+	ID     int    `json:"id"`
+	Name   string `json:"name"`
+	WebURL string `json:"web_url"`
+}
+
+// RetrieveAllGroupStorageMovesOptions represents the available
+// RetrieveAllStorageMoves() options.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/group_repository_storage_moves.html#retrieve-all-group-repository-storage-moves
+type RetrieveAllGroupStorageMovesOptions ListOptions
+
+// RetrieveAllStorageMoves retrieves all group repository storage moves
+// accessible by the authenticated user.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/group_repository_storage_moves.html#retrieve-all-group-repository-storage-moves
+func (g GroupRepositoryStorageMoveService) RetrieveAllStorageMoves(opts RetrieveAllGroupStorageMovesOptions, options ...RequestOptionFunc) ([]*GroupRepositoryStorageMove, *Response, error) {
+	req, err := g.client.NewRequest(http.MethodGet, "group_repository_storage_moves", opts, options)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	var gsms []*GroupRepositoryStorageMove
+	resp, err := g.client.Do(req, &gsms)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return gsms, resp, err
+}
+
+// RetrieveAllStorageMovesForGroup retrieves all repository storage moves for
+// a single group accessible by the authenticated user.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/group_repository_storage_moves.html#retrieve-all-repository-storage-moves-for-a-single-group
+func (g GroupRepositoryStorageMoveService) RetrieveAllStorageMovesForGroup(group int, opts RetrieveAllGroupStorageMovesOptions, options ...RequestOptionFunc) ([]*GroupRepositoryStorageMove, *Response, error) {
+	u := fmt.Sprintf("groups/%d/repository_storage_moves", group)
+
+	req, err := g.client.NewRequest(http.MethodGet, u, opts, options)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	var gsms []*GroupRepositoryStorageMove
+	resp, err := g.client.Do(req, &gsms)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return gsms, resp, err
+}
+
+// GetStorageMove gets a single group repository storage move.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/group_repository_storage_moves.html#get-a-single-group-repository-storage-move
+func (g GroupRepositoryStorageMoveService) GetStorageMove(repositoryStorage int, options ...RequestOptionFunc) (*GroupRepositoryStorageMove, *Response, error) {
+	u := fmt.Sprintf("group_repository_storage_moves/%d", repositoryStorage)
+
+	req, err := g.client.NewRequest(http.MethodGet, u, nil, options)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	gsm := new(GroupRepositoryStorageMove)
+	resp, err := g.client.Do(req, gsm)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return gsm, resp, err
+}
+
+// GetStorageMoveForGroup gets a single repository storage move for a group.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/group_repository_storage_moves.html#get-a-single-repository-storage-move-for-a-group
+func (g GroupRepositoryStorageMoveService) GetStorageMoveForGroup(group int, repositoryStorage int, options ...RequestOptionFunc) (*GroupRepositoryStorageMove, *Response, error) {
+	u := fmt.Sprintf("groups/%d/repository_storage_moves/%d", group, repositoryStorage)
+
+	req, err := g.client.NewRequest(http.MethodGet, u, nil, options)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	gsm := new(GroupRepositoryStorageMove)
+	resp, err := g.client.Do(req, gsm)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return gsm, resp, err
+}
+
+// ScheduleStorageMoveForGroupOptions represents the available
+// ScheduleStorageMoveForGroup() options.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/group_repository_storage_moves.html#schedule-a-repository-storage-move-for-a-group
+type ScheduleStorageMoveForGroupOptions struct {
+	DestinationStorageName *string `url:"destination_storage_name,omitempty" json:"destination_storage_name,omitempty"`
+}
+
+// ScheduleStorageMoveForGroup schedule a repository to be moved for a group.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/group_repository_storage_moves.html#schedule-a-repository-storage-move-for-a-group
+func (g GroupRepositoryStorageMoveService) ScheduleStorageMoveForGroup(group int, opts ScheduleStorageMoveForGroupOptions, options ...RequestOptionFunc) (*GroupRepositoryStorageMove, *Response, error) {
+	u := fmt.Sprintf("groups/%d/repository_storage_moves", group)
+
+	req, err := g.client.NewRequest(http.MethodPost, u, opts, options)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	gsm := new(GroupRepositoryStorageMove)
+	resp, err := g.client.Do(req, gsm)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return gsm, resp, err
+}
+
+// ScheduleAllGroupStorageMovesOptions represents the available
+// ScheduleAllStorageMoves() options.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/group_repository_storage_moves.html#schedule-repository-storage-moves-for-all-groups-on-a-storage-shard
+type ScheduleAllGroupStorageMovesOptions struct {
+	SourceStorageName      *string `url:"source_storage_name,omitempty" json:"source_storage_name,omitempty"`
+	DestinationStorageName *string `url:"destination_storage_name,omitempty" json:"destination_storage_name,omitempty"`
+}
+
+// ScheduleAllStorageMoves schedules all group repositories to be moved.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/group_repository_storage_moves.html#schedule-repository-storage-moves-for-all-groups-on-a-storage-shard
+func (g GroupRepositoryStorageMoveService) ScheduleAllStorageMoves(opts ScheduleAllGroupStorageMovesOptions, options ...RequestOptionFunc) (*Response, error) {
+	req, err := g.client.NewRequest(http.MethodPost, "group_repository_storage_moves", opts, options)
+	if err != nil {
+		return nil, err
+	}
+
+	return g.client.Do(req, nil)
+}
diff --git a/vendor/github.com/xanzy/go-gitlab/groups.go b/vendor/github.com/xanzy/go-gitlab/groups.go
index ceff07411..fcbd68de1 100644
--- a/vendor/github.com/xanzy/go-gitlab/groups.go
+++ b/vendor/github.com/xanzy/go-gitlab/groups.go
@@ -50,6 +50,7 @@ type Group struct {
 	AvatarURL               string                     `json:"avatar_url"`
 	WebURL                  string                     `json:"web_url"`
 	RequestAccessEnabled    bool                       `json:"request_access_enabled"`
+	RepositoryStorage       string                     `json:"repository_storage"`
 	FullName                string                     `json:"full_name"`
 	FullPath                string                     `json:"full_path"`
 	FileTemplateProjectID   int                        `json:"file_template_project_id"`
@@ -67,7 +68,7 @@ type Group struct {
 	MentionsDisabled        bool                       `json:"mentions_disabled"`
 	RunnersToken            string                     `json:"runners_token"`
 	SharedProjects          []*Project                 `json:"shared_projects"`
-	SharedRunnersEnabled    bool                       `json:"shared_runners_enabled"`
+	SharedRunnersSetting    SharedRunnersSettingValue  `json:"shared_runners_setting"`
 	SharedWithGroups        []struct {
 		GroupID          int      `json:"group_id"`
 		GroupName        string   `json:"group_name"`
@@ -75,16 +76,17 @@ type Group struct {
 		GroupAccessLevel int      `json:"group_access_level"`
 		ExpiresAt        *ISOTime `json:"expires_at"`
 	} `json:"shared_with_groups"`
-	LDAPCN                         string           `json:"ldap_cn"`
-	LDAPAccess                     AccessLevelValue `json:"ldap_access"`
-	LDAPGroupLinks                 []*LDAPGroupLink `json:"ldap_group_links"`
-	SAMLGroupLinks                 []*SAMLGroupLink `json:"saml_group_links"`
-	SharedRunnersMinutesLimit      int              `json:"shared_runners_minutes_limit"`
-	ExtraSharedRunnersMinutesLimit int              `json:"extra_shared_runners_minutes_limit"`
-	PreventForkingOutsideGroup     bool             `json:"prevent_forking_outside_group"`
-	MarkedForDeletionOn            *ISOTime         `json:"marked_for_deletion_on"`
-	CreatedAt                      *time.Time       `json:"created_at"`
-	IPRestrictionRanges            string           `json:"ip_restriction_ranges"`
+	LDAPCN                         string             `json:"ldap_cn"`
+	LDAPAccess                     AccessLevelValue   `json:"ldap_access"`
+	LDAPGroupLinks                 []*LDAPGroupLink   `json:"ldap_group_links"`
+	SAMLGroupLinks                 []*SAMLGroupLink   `json:"saml_group_links"`
+	SharedRunnersMinutesLimit      int                `json:"shared_runners_minutes_limit"`
+	ExtraSharedRunnersMinutesLimit int                `json:"extra_shared_runners_minutes_limit"`
+	PreventForkingOutsideGroup     bool               `json:"prevent_forking_outside_group"`
+	MarkedForDeletionOn            *ISOTime           `json:"marked_for_deletion_on"`
+	CreatedAt                      *time.Time         `json:"created_at"`
+	IPRestrictionRanges            string             `json:"ip_restriction_ranges"`
+	WikiAccessLevel                AccessControlValue `json:"wiki_access_level"`
 }
 
 // GroupAvatar represents a GitLab group avatar.
@@ -127,16 +129,17 @@ type SAMLGroupLink struct {
 // GitLab API docs: https://docs.gitlab.com/ee/api/groups.html#list-groups
 type ListGroupsOptions struct {
 	ListOptions
+	SkipGroups           *[]int            `url:"skip_groups,omitempty" del:"," json:"skip_groups,omitempty"`
 	AllAvailable         *bool             `url:"all_available,omitempty" json:"all_available,omitempty"`
-	MinAccessLevel       *AccessLevelValue `url:"min_access_level,omitempty" json:"min_access_level,omitempty"`
-	OrderBy              *string           `url:"order_by,omitempty" json:"order_by,omitempty"`
-	Owned                *bool             `url:"owned,omitempty" json:"owned,omitempty"`
 	Search               *string           `url:"search,omitempty" json:"search,omitempty"`
-	SkipGroups           *[]int            `url:"skip_groups,omitempty" del:"," json:"skip_groups,omitempty"`
+	OrderBy              *string           `url:"order_by,omitempty" json:"order_by,omitempty"`
 	Sort                 *string           `url:"sort,omitempty" json:"sort,omitempty"`
 	Statistics           *bool             `url:"statistics,omitempty" json:"statistics,omitempty"`
-	TopLevelOnly         *bool             `url:"top_level_only,omitempty" json:"top_level_only,omitempty"`
 	WithCustomAttributes *bool             `url:"with_custom_attributes,omitempty" json:"with_custom_attributes,omitempty"`
+	Owned                *bool             `url:"owned,omitempty" json:"owned,omitempty"`
+	MinAccessLevel       *AccessLevelValue `url:"min_access_level,omitempty" json:"min_access_level,omitempty"`
+	TopLevelOnly         *bool             `url:"top_level_only,omitempty" json:"top_level_only,omitempty"`
+	RepositoryStorage    *string           `url:"repository_storage,omitempty" json:"repository_storage,omitempty"`
 }
 
 // ListGroups gets a list of groups (as user: my groups, as admin: all groups).
@@ -353,6 +356,7 @@ type CreateGroupOptions struct {
 	SharedRunnersMinutesLimit      *int                        `url:"shared_runners_minutes_limit,omitempty" json:"shared_runners_minutes_limit,omitempty"`
 	ExtraSharedRunnersMinutesLimit *int                        `url:"extra_shared_runners_minutes_limit,omitempty" json:"extra_shared_runners_minutes_limit,omitempty"`
 	IPRestrictionRanges            *string                     `url:"ip_restriction_ranges,omitempty" json:"ip_restriction_ranges,omitempty"`
+	WikiAccessLevel                *AccessControlValue         `url:"wiki_access_level,omitempty" json:"wiki_access_level,omitempty"`
 }
 
 // CreateGroup creates a new project group. Available only for users who can
@@ -481,6 +485,7 @@ type UpdateGroupOptions struct {
 	SharedRunnersSetting                 *SharedRunnersSettingValue  `url:"shared_runners_setting,omitempty" json:"shared_runners_setting,omitempty"`
 	PreventSharingGroupsOutsideHierarchy *bool                       `url:"prevent_sharing_groups_outside_hierarchy,omitempty" json:"prevent_sharing_groups_outside_hierarchy,omitempty"`
 	IPRestrictionRanges                  *string                     `url:"ip_restriction_ranges,omitempty" json:"ip_restriction_ranges,omitempty"`
+	WikiAccessLevel                      *AccessControlValue         `url:"wiki_access_level,omitempty" json:"wiki_access_level,omitempty"`
 }
 
 // UpdateGroup updates an existing group; only available to group owners and
diff --git a/vendor/github.com/xanzy/go-gitlab/issues.go b/vendor/github.com/xanzy/go-gitlab/issues.go
index 45849293c..42478c9f9 100644
--- a/vendor/github.com/xanzy/go-gitlab/issues.go
+++ b/vendor/github.com/xanzy/go-gitlab/issues.go
@@ -445,6 +445,7 @@ type CreateIssueOptions struct {
 	Labels                             *Labels    `url:"labels,comma,omitempty" json:"labels,omitempty"`
 	CreatedAt                          *time.Time `url:"created_at,omitempty" json:"created_at,omitempty"`
 	DueDate                            *ISOTime   `url:"due_date,omitempty" json:"due_date,omitempty"`
+	EpicID                             *int       `url:"epic_id,omitempty" json:"epic_id,omitempty"`
 	MergeRequestToResolveDiscussionsOf *int       `url:"merge_request_to_resolve_discussions_of,omitempty" json:"merge_request_to_resolve_discussions_of,omitempty"`
 	DiscussionToResolve                *string    `url:"discussion_to_resolve,omitempty" json:"discussion_to_resolve,omitempty"`
 	Weight                             *int       `url:"weight,omitempty" json:"weight,omitempty"`
@@ -490,6 +491,7 @@ type UpdateIssueOptions struct {
 	StateEvent       *string    `url:"state_event,omitempty" json:"state_event,omitempty"`
 	UpdatedAt        *time.Time `url:"updated_at,omitempty" json:"updated_at,omitempty"`
 	DueDate          *ISOTime   `url:"due_date,omitempty" json:"due_date,omitempty"`
+	EpicID           *int       `url:"epic_id,omitempty" json:"epic_id,omitempty"`
 	Weight           *int       `url:"weight,omitempty" json:"weight,omitempty"`
 	DiscussionLocked *bool      `url:"discussion_locked,omitempty" json:"discussion_locked,omitempty"`
 	IssueType        *string    `url:"issue_type,omitempty" json:"issue_type,omitempty"`
diff --git a/vendor/github.com/xanzy/go-gitlab/job_token_scope.go b/vendor/github.com/xanzy/go-gitlab/job_token_scope.go
new file mode 100644
index 000000000..ff96ba698
--- /dev/null
+++ b/vendor/github.com/xanzy/go-gitlab/job_token_scope.go
@@ -0,0 +1,186 @@
+// Copyright 2021, Sander van Harmelen
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//	http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+package gitlab
+
+import (
+	"fmt"
+	"net/http"
+)
+
+// JobTokenScopeService handles communication with project CI settings
+// such as token permissions.
+//
+// GitLab API docs: https://docs.gitlab.com/ee/api/project_job_token_scopes.html
+type JobTokenScopeService struct {
+	client *Client
+}
+
+// JobTokenAccessSettings represents job token access attributes for this project.
+//
+// GitLab API docs: https://docs.gitlab.com/ee/api/project_job_token_scopes.html
+type JobTokenAccessSettings struct {
+	InboundEnabled  bool `json:"inbound_enabled"`
+	OutboundEnabled bool `json:"outbound_enabled"`
+}
+
+// GetProjectJobTokenAccessSettings fetch the CI/CD job token access settings (job token scope) of a project.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/project_job_token_scopes.html#get-a-projects-cicd-job-token-access-settings
+func (j *JobTokenScopeService) GetProjectJobTokenAccessSettings(pid interface{}, options ...RequestOptionFunc) (*JobTokenAccessSettings, *Response, error) {
+	project, err := parseID(pid)
+	if err != nil {
+		return nil, nil, err
+	}
+	u := fmt.Sprintf(`projects/%s/job_token_scope`, PathEscape(project))
+
+	req, err := j.client.NewRequest(http.MethodGet, u, nil, options)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	jt := new(JobTokenAccessSettings)
+	resp, err := j.client.Do(req, jt)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return jt, resp, err
+}
+
+// PatchProjectJobTokenAccessSettingsOptions represents the available
+// PatchProjectJobTokenAccessSettings() options.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/project_job_token_scopes.html#patch-a-projects-cicd-job-token-access-settings
+type PatchProjectJobTokenAccessSettingsOptions struct {
+	Enabled bool `json:"enabled"`
+}
+
+// PatchProjectJobTokenAccessSettings patch the Limit access to this project setting (job token scope) of a project.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/project_job_token_scopes.html#patch-a-projects-cicd-job-token-access-settings
+func (j *JobTokenScopeService) PatchProjectJobTokenAccessSettings(pid interface{}, opt *PatchProjectJobTokenAccessSettingsOptions, options ...RequestOptionFunc) (*Response, error) {
+	project, err := parseID(pid)
+	if err != nil {
+		return nil, err
+	}
+	u := fmt.Sprintf(`projects/%s/job_token_scope`, PathEscape(project))
+
+	req, err := j.client.NewRequest(http.MethodPatch, u, opt, options)
+	if err != nil {
+		return nil, err
+	}
+
+	return j.client.Do(req, nil)
+}
+
+// JobTokenInboundAllowItem represents a single job token inbound allowlist item.
+//
+// GitLab API docs: https://docs.gitlab.com/ee/api/project_job_token_scopes.html
+type JobTokenInboundAllowItem struct {
+	SourceProjectID int `json:"source_project_id"`
+	TargetProjectID int `json:"target_project_id"`
+}
+
+// GetJobTokenInboundAllowListOptions represents the available
+// GetJobTokenInboundAllowList() options.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/project_job_token_scopes.html#get-a-projects-cicd-job-token-inbound-allowlist
+type GetJobTokenInboundAllowListOptions struct {
+	ListOptions
+}
+
+// GetProjectJobTokenInboundAllowList fetches the CI/CD job token inbound
+// allowlist (job token scope) of a project.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/project_job_token_scopes.html#get-a-projects-cicd-job-token-inbound-allowlist
+func (j *JobTokenScopeService) GetProjectJobTokenInboundAllowList(pid interface{}, opt *GetJobTokenInboundAllowListOptions, options ...RequestOptionFunc) ([]*Project, *Response, error) {
+	project, err := parseID(pid)
+	if err != nil {
+		return nil, nil, err
+	}
+	u := fmt.Sprintf(`projects/%s/job_token_scope/allowlist`, PathEscape(project))
+
+	req, err := j.client.NewRequest(http.MethodGet, u, opt, options)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	var ps []*Project
+	resp, err := j.client.Do(req, &ps)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return ps, resp, nil
+}
+
+// AddProjectToJobScopeAllowListOptions represents the available
+// AddProjectToJobScopeAllowList() options.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/project_job_token_scopes.html#create-a-new-project-to-a-projects-cicd-job-token-inbound-allowlist
+type JobTokenInboundAllowOptions struct {
+	TargetProjectID *int `url:"target_project_id,omitempty" json:"target_project_id,omitempty"`
+}
+
+// AddProjectToJobScopeAllowList adds a new project to a project's job token
+// inbound allow list.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/project_job_token_scopes.html#create-a-new-project-to-a-projects-cicd-job-token-inbound-allowlist
+func (j *JobTokenScopeService) AddProjectToJobScopeAllowList(pid interface{}, opt *JobTokenInboundAllowOptions, options ...RequestOptionFunc) (*JobTokenInboundAllowItem, *Response, error) {
+	project, err := parseID(pid)
+	if err != nil {
+		return nil, nil, err
+	}
+	u := fmt.Sprintf(`projects/%s/job_token_scope/allowlist`, PathEscape(project))
+
+	req, err := j.client.NewRequest(http.MethodPost, u, opt, options)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	jt := new(JobTokenInboundAllowItem)
+	resp, err := j.client.Do(req, jt)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return jt, resp, nil
+}
+
+// RemoveProjectFromJobScopeAllowList removes a project from a project's job
+// token inbound allow list.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/project_job_token_scopes.html#remove-a-project-from-a-projects-cicd-job-token-inbound-allowlist
+func (j *JobTokenScopeService) RemoveProjectFromJobScopeAllowList(pid interface{}, targetProject int, options ...RequestOptionFunc) (*Response, error) {
+	project, err := parseID(pid)
+	if err != nil {
+		return nil, err
+	}
+	u := fmt.Sprintf(`projects/%s/job_token_scope/allowlist/%d`, PathEscape(project), targetProject)
+
+	req, err := j.client.NewRequest(http.MethodDelete, u, nil, options)
+	if err != nil {
+		return nil, err
+	}
+
+	return j.client.Do(req, nil)
+}
diff --git a/vendor/github.com/xanzy/go-gitlab/jobs.go b/vendor/github.com/xanzy/go-gitlab/jobs.go
index 0feaee989..9ad006658 100644
--- a/vendor/github.com/xanzy/go-gitlab/jobs.go
+++ b/vendor/github.com/xanzy/go-gitlab/jobs.go
@@ -564,3 +564,22 @@ func (s *JobsService) DeleteArtifacts(pid interface{}, jobID int, options ...Req
 
 	return s.client.Do(req, nil)
 }
+
+// DeleteProjectArtifacts delete artifacts eligible for deletion in a project
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/job_artifacts.html#delete-project-artifacts
+func (s *JobsService) DeleteProjectArtifacts(pid interface{}, options ...RequestOptionFunc) (*Response, error) {
+	project, err := parseID(pid)
+	if err != nil {
+		return nil, err
+	}
+	u := fmt.Sprintf("projects/%s/artifacts", PathEscape(project))
+
+	req, err := s.client.NewRequest(http.MethodDelete, u, nil, options)
+	if err != nil {
+		return nil, err
+	}
+
+	return s.client.Do(req, nil)
+}
diff --git a/vendor/github.com/xanzy/go-gitlab/keys.go b/vendor/github.com/xanzy/go-gitlab/keys.go
index 0c03f5d6d..d9cf59833 100644
--- a/vendor/github.com/xanzy/go-gitlab/keys.go
+++ b/vendor/github.com/xanzy/go-gitlab/keys.go
@@ -64,3 +64,34 @@ func (s *KeysService) GetKeyWithUser(key int, options ...RequestOptionFunc) (*Ke
 
 	return k, resp, nil
 }
+
+// GetKeyByFingerprintOptions represents the available GetKeyByFingerprint()
+// options.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/keys.html#get-user-by-fingerprint-of-ssh-key
+// https://docs.gitlab.com/ee/api/keys.html#get-user-by-deploy-key-fingerprint
+type GetKeyByFingerprintOptions struct {
+	Fingerprint string `url:"fingerprint" json:"fingerprint"`
+}
+
+// GetKeyByFingerprint gets a specific SSH key or deploy key by fingerprint
+// along with the associated user information.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/keys.html#get-user-by-fingerprint-of-ssh-key
+// https://docs.gitlab.com/ee/api/keys.html#get-user-by-deploy-key-fingerprint
+func (s *KeysService) GetKeyByFingerprint(opt *GetKeyByFingerprintOptions, options ...RequestOptionFunc) (*Key, *Response, error) {
+	req, err := s.client.NewRequest(http.MethodGet, "keys", opt, options)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	k := new(Key)
+	resp, err := s.client.Do(req, k)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return k, resp, nil
+}
diff --git a/vendor/github.com/xanzy/go-gitlab/merge_requests.go b/vendor/github.com/xanzy/go-gitlab/merge_requests.go
index 34a244a1d..458255f33 100644
--- a/vendor/github.com/xanzy/go-gitlab/merge_requests.go
+++ b/vendor/github.com/xanzy/go-gitlab/merge_requests.go
@@ -17,6 +17,7 @@
 package gitlab
 
 import (
+	"encoding/json"
 	"fmt"
 	"net/http"
 	"time"
@@ -35,58 +36,50 @@ type MergeRequestsService struct {
 //
 // GitLab API docs: https://docs.gitlab.com/ee/api/merge_requests.html
 type MergeRequest struct {
-	ID                        int              `json:"id"`
-	IID                       int              `json:"iid"`
-	TargetBranch              string           `json:"target_branch"`
-	SourceBranch              string           `json:"source_branch"`
-	ProjectID                 int              `json:"project_id"`
-	Title                     string           `json:"title"`
-	State                     string           `json:"state"`
-	CreatedAt                 *time.Time       `json:"created_at"`
-	UpdatedAt                 *time.Time       `json:"updated_at"`
-	Upvotes                   int              `json:"upvotes"`
-	Downvotes                 int              `json:"downvotes"`
-	Author                    *BasicUser       `json:"author"`
-	Assignee                  *BasicUser       `json:"assignee"`
-	Assignees                 []*BasicUser     `json:"assignees"`
-	Reviewers                 []*BasicUser     `json:"reviewers"`
-	SourceProjectID           int              `json:"source_project_id"`
-	TargetProjectID           int              `json:"target_project_id"`
-	Labels                    Labels           `json:"labels"`
-	Description               string           `json:"description"`
-	Draft                     bool             `json:"draft"`
-	WorkInProgress            bool             `json:"work_in_progress"`
-	Milestone                 *Milestone       `json:"milestone"`
-	MergeWhenPipelineSucceeds bool             `json:"merge_when_pipeline_succeeds"`
-	DetailedMergeStatus       string           `json:"detailed_merge_status"`
-	MergeError                string           `json:"merge_error"`
-	MergedBy                  *BasicUser       `json:"merged_by"`
-	MergedAt                  *time.Time       `json:"merged_at"`
-	ClosedBy                  *BasicUser       `json:"closed_by"`
-	ClosedAt                  *time.Time       `json:"closed_at"`
-	Subscribed                bool             `json:"subscribed"`
-	SHA                       string           `json:"sha"`
-	MergeCommitSHA            string           `json:"merge_commit_sha"`
-	SquashCommitSHA           string           `json:"squash_commit_sha"`
-	UserNotesCount            int              `json:"user_notes_count"`
-	ChangesCount              string           `json:"changes_count"`
-	ShouldRemoveSourceBranch  bool             `json:"should_remove_source_branch"`
-	ForceRemoveSourceBranch   bool             `json:"force_remove_source_branch"`
-	AllowCollaboration        bool             `json:"allow_collaboration"`
-	WebURL                    string           `json:"web_url"`
-	References                *IssueReferences `json:"references"`
-	DiscussionLocked          bool             `json:"discussion_locked"`
-	Changes                   []struct {
-		OldPath     string `json:"old_path"`
-		NewPath     string `json:"new_path"`
-		AMode       string `json:"a_mode"`
-		BMode       string `json:"b_mode"`
-		Diff        string `json:"diff"`
-		NewFile     bool   `json:"new_file"`
-		RenamedFile bool   `json:"renamed_file"`
-		DeletedFile bool   `json:"deleted_file"`
-	} `json:"changes"`
-	User struct {
+	ID                        int                 `json:"id"`
+	IID                       int                 `json:"iid"`
+	TargetBranch              string              `json:"target_branch"`
+	SourceBranch              string              `json:"source_branch"`
+	ProjectID                 int                 `json:"project_id"`
+	Title                     string              `json:"title"`
+	State                     string              `json:"state"`
+	CreatedAt                 *time.Time          `json:"created_at"`
+	UpdatedAt                 *time.Time          `json:"updated_at"`
+	Upvotes                   int                 `json:"upvotes"`
+	Downvotes                 int                 `json:"downvotes"`
+	Author                    *BasicUser          `json:"author"`
+	Assignee                  *BasicUser          `json:"assignee"`
+	Assignees                 []*BasicUser        `json:"assignees"`
+	Reviewers                 []*BasicUser        `json:"reviewers"`
+	SourceProjectID           int                 `json:"source_project_id"`
+	TargetProjectID           int                 `json:"target_project_id"`
+	Labels                    Labels              `json:"labels"`
+	LabelDetails              []*LabelDetails     `json:"label_details"`
+	Description               string              `json:"description"`
+	Draft                     bool                `json:"draft"`
+	WorkInProgress            bool                `json:"work_in_progress"`
+	Milestone                 *Milestone          `json:"milestone"`
+	MergeWhenPipelineSucceeds bool                `json:"merge_when_pipeline_succeeds"`
+	DetailedMergeStatus       string              `json:"detailed_merge_status"`
+	MergeError                string              `json:"merge_error"`
+	MergedBy                  *BasicUser          `json:"merged_by"`
+	MergedAt                  *time.Time          `json:"merged_at"`
+	ClosedBy                  *BasicUser          `json:"closed_by"`
+	ClosedAt                  *time.Time          `json:"closed_at"`
+	Subscribed                bool                `json:"subscribed"`
+	SHA                       string              `json:"sha"`
+	MergeCommitSHA            string              `json:"merge_commit_sha"`
+	SquashCommitSHA           string              `json:"squash_commit_sha"`
+	UserNotesCount            int                 `json:"user_notes_count"`
+	ChangesCount              string              `json:"changes_count"`
+	ShouldRemoveSourceBranch  bool                `json:"should_remove_source_branch"`
+	ForceRemoveSourceBranch   bool                `json:"force_remove_source_branch"`
+	AllowCollaboration        bool                `json:"allow_collaboration"`
+	WebURL                    string              `json:"web_url"`
+	References                *IssueReferences    `json:"references"`
+	DiscussionLocked          bool                `json:"discussion_locked"`
+	Changes                   []*MergeRequestDiff `json:"changes"`
+	User                      struct {
 		CanMerge bool `json:"can_merge"`
 	} `json:"user"`
 	TimeStats    *TimeStats    `json:"time_stats"`
@@ -116,6 +109,55 @@ func (m MergeRequest) String() string {
 	return Stringify(m)
 }
 
+func (m *MergeRequest) UnmarshalJSON(data []byte) error {
+	type alias MergeRequest
+
+	raw := make(map[string]interface{})
+	err := json.Unmarshal(data, &raw)
+	if err != nil {
+		return err
+	}
+
+	labelDetails, ok := raw["labels"].([]interface{})
+	if ok && len(labelDetails) > 0 {
+		// We only want to change anything if we got label details.
+		if _, ok := labelDetails[0].(map[string]interface{}); !ok {
+			return json.Unmarshal(data, (*alias)(m))
+		}
+
+		labels := make([]interface{}, len(labelDetails))
+		for i, details := range labelDetails {
+			labels[i] = details.(map[string]interface{})["name"]
+		}
+
+		// Set the correct values
+		raw["labels"] = labels
+		raw["label_details"] = labelDetails
+
+		data, err = json.Marshal(raw)
+		if err != nil {
+			return err
+		}
+	}
+
+	return json.Unmarshal(data, (*alias)(m))
+}
+
+// MergeRequestDiff represents Gitlab merge request diff.
+//
+// Gitlab API docs:
+// https://docs.gitlab.com/ee/api/merge_requests.html#list-merge-request-diffs
+type MergeRequestDiff struct {
+	OldPath     string `json:"old_path"`
+	NewPath     string `json:"new_path"`
+	AMode       string `json:"a_mode"`
+	BMode       string `json:"b_mode"`
+	Diff        string `json:"diff"`
+	NewFile     bool   `json:"new_file"`
+	RenamedFile bool   `json:"renamed_file"`
+	DeletedFile bool   `json:"deleted_file"`
+}
+
 // MergeRequestDiffVersion represents Gitlab merge request version.
 //
 // Gitlab API docs:
@@ -160,6 +202,7 @@ type ListMergeRequestsOptions struct {
 	Scope                  *string           `url:"scope,omitempty" json:"scope,omitempty"`
 	AuthorID               *int              `url:"author_id,omitempty" json:"author_id,omitempty"`
 	AuthorUsername         *string           `url:"author_username,omitempty" json:"author_username,omitempty"`
+	NotAuthorUsername      *string           `url:"not[author_username],omitempty" json:"not[author_username],omitempty"`
 	AssigneeID             *AssigneeIDValue  `url:"assignee_id,omitempty" json:"assignee_id,omitempty"`
 	ApproverIDs            *ApproverIDsValue `url:"approver_ids,omitempty" json:"approver_ids,omitempty"`
 	ApprovedByIDs          *ApproverIDsValue `url:"approved_by_ids,omitempty" json:"approved_by_ids,omitempty"`
@@ -220,6 +263,7 @@ type ListProjectMergeRequestsOptions struct {
 	Scope                  *string           `url:"scope,omitempty" json:"scope,omitempty"`
 	AuthorID               *int              `url:"author_id,omitempty" json:"author_id,omitempty"`
 	AuthorUsername         *string           `url:"author_username,omitempty" json:"author_username,omitempty"`
+	NotAuthorUsername      *string           `url:"not[author_username],omitempty" json:"not[author_username],omitempty"`
 	AssigneeID             *AssigneeIDValue  `url:"assignee_id,omitempty" json:"assignee_id,omitempty"`
 	ApproverIDs            *ApproverIDsValue `url:"approver_ids,omitempty" json:"approver_ids,omitempty"`
 	ApprovedByIDs          *ApproverIDsValue `url:"approved_by_ids,omitempty" json:"approved_by_ids,omitempty"`
@@ -281,6 +325,7 @@ type ListGroupMergeRequestsOptions struct {
 	Scope                  *string           `url:"scope,omitempty" json:"scope,omitempty"`
 	AuthorID               *int              `url:"author_id,omitempty" json:"author_id,omitempty"`
 	AuthorUsername         *string           `url:"author_username,omitempty" json:"author_username,omitempty"`
+	NotAuthorUsername      *string           `url:"not[author_username],omitempty" json:"not[author_username],omitempty"`
 	AssigneeID             *AssigneeIDValue  `url:"assignee_id,omitempty" json:"assignee_id,omitempty"`
 	ApproverIDs            *ApproverIDsValue `url:"approver_ids,omitempty" json:"approver_ids,omitempty"`
 	ApprovedByIDs          *ApproverIDsValue `url:"approved_by_ids,omitempty" json:"approved_by_ids,omitempty"`
@@ -425,6 +470,9 @@ type GetMergeRequestChangesOptions struct {
 // GetMergeRequestChanges shows information about the merge request including
 // its files and changes.
 //
+// Deprecated: This endpoint has been replaced by
+// MergeRequestsService.ListMergeRequestDiffs()
+//
 // GitLab API docs:
 // https://docs.gitlab.com/ee/api/merge_requests.html#get-single-merge-request-changes
 func (s *MergeRequestsService) GetMergeRequestChanges(pid interface{}, mergeRequest int, opt *GetMergeRequestChangesOptions, options ...RequestOptionFunc) (*MergeRequest, *Response, error) {
@@ -448,6 +496,38 @@ func (s *MergeRequestsService) GetMergeRequestChanges(pid interface{}, mergeRequ
 	return m, resp, nil
 }
 
+// ListMergeRequestDiffsOptions represents the available ListMergeRequestDiffs()
+// options.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/merge_requests.html#list-merge-request-diffs
+type ListMergeRequestDiffsOptions ListOptions
+
+// ListMergeRequestDiffs List diffs of the files changed in a merge request
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/merge_requests.html#list-merge-request-diffs
+func (s *MergeRequestsService) ListMergeRequestDiffs(pid interface{}, mergeRequest int, opt *ListMergeRequestDiffsOptions, options ...RequestOptionFunc) ([]*MergeRequestDiff, *Response, error) {
+	project, err := parseID(pid)
+	if err != nil {
+		return nil, nil, err
+	}
+	u := fmt.Sprintf("projects/%s/merge_requests/%d/diffs", PathEscape(project), mergeRequest)
+
+	req, err := s.client.NewRequest(http.MethodGet, u, opt, options)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	var m []*MergeRequestDiff
+	resp, err := s.client.Do(req, &m)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return m, resp, nil
+}
+
 // GetMergeRequestParticipants gets a list of merge request participants.
 //
 // GitLab API docs:
@@ -464,13 +544,48 @@ func (s *MergeRequestsService) GetMergeRequestParticipants(pid interface{}, merg
 		return nil, nil, err
 	}
 
-	var ps []*BasicUser
-	resp, err := s.client.Do(req, &ps)
+	var bu []*BasicUser
+	resp, err := s.client.Do(req, &bu)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return bu, resp, nil
+}
+
+// MergeRequestReviewer represents a GitLab merge request reviewer.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/merge_requests.html#get-single-merge-request-reviewers
+type MergeRequestReviewer struct {
+	User      *BasicUser `json:"user"`
+	State     string     `json:"state"`
+	CreatedAt *time.Time `json:"created_at"`
+}
+
+// GetMergeRequestReviewers gets a list of merge request reviewers.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/merge_requests.html#get-single-merge-request-reviewers
+func (s *MergeRequestsService) GetMergeRequestReviewers(pid interface{}, mergeRequest int, options ...RequestOptionFunc) ([]*MergeRequestReviewer, *Response, error) {
+	project, err := parseID(pid)
+	if err != nil {
+		return nil, nil, err
+	}
+	u := fmt.Sprintf("projects/%s/merge_requests/%d/reviewers", PathEscape(project), mergeRequest)
+
+	req, err := s.client.NewRequest(http.MethodGet, u, nil, options)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	var mrr []*MergeRequestReviewer
+	resp, err := s.client.Do(req, &mrr)
 	if err != nil {
 		return nil, resp, err
 	}
 
-	return ps, resp, nil
+	return mrr, resp, nil
 }
 
 // ListMergeRequestPipelines gets all pipelines for the provided merge request.
diff --git a/vendor/github.com/xanzy/go-gitlab/merge_trains.go b/vendor/github.com/xanzy/go-gitlab/merge_trains.go
new file mode 100644
index 000000000..e55917fa0
--- /dev/null
+++ b/vendor/github.com/xanzy/go-gitlab/merge_trains.go
@@ -0,0 +1,170 @@
+package gitlab
+
+import (
+	"fmt"
+	"net/http"
+	"time"
+)
+
+// MergeTrainsService handles communication with the merge trains related
+// methods of the GitLab API.
+//
+// GitLab API docs: https://docs.gitlab.com/ee/api/merge_trains.html
+type MergeTrainsService struct {
+	client *Client
+}
+
+// MergeTrain represents a Gitlab merge train.
+//
+// GitLab API docs: https://docs.gitlab.com/ee/api/merge_trains.html
+type MergeTrain struct {
+	ID           int                     `json:"id"`
+	MergeRequest *MergeTrainMergeRequest `json:"merge_request"`
+	User         *BasicUser              `json:"user"`
+	Pipeline     *Pipeline               `json:"pipeline"`
+	CreatedAt    *time.Time              `json:"created_at"`
+	UpdatedAt    *time.Time              `json:"updated_at"`
+	TargetBranch string                  `json:"target_branch"`
+	Status       string                  `json:"status"`
+	MergedAt     *time.Time              `json:"merged_at"`
+	Duration     int                     `json:"duration"`
+}
+
+// MergeTrainMergeRequest represents a Gitlab merge request inside merge train.
+//
+// GitLab API docs: https://docs.gitlab.com/ee/api/merge_trains.html
+type MergeTrainMergeRequest struct {
+	ID          int        `json:"id"`
+	IID         int        `json:"iid"`
+	ProjectID   int        `json:"project_id"`
+	Title       string     `json:"title"`
+	Description string     `json:"description"`
+	State       string     `json:"state"`
+	CreatedAt   *time.Time `json:"created_at"`
+	UpdatedAt   *time.Time `json:"updated_at"`
+	WebURL      string     `json:"web_url"`
+}
+
+// ListMergeTrainsOptions represents the available ListMergeTrain() options.
+//
+// Gitab API docs:
+// https://docs.gitlab.com/ee/api/merge_trains.html#list-merge-trains-for-a-project
+type ListMergeTrainsOptions struct {
+	ListOptions
+	Scope *string `url:"scope,omitempty" json:"scope,omitempty"`
+	Sort  *string `url:"sort,omitempty" json:"sort,omitempty"`
+}
+
+// ListProjectMergeTrains get a list of merge trains in a project.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/merge_trains.html#list-merge-trains-for-a-project
+func (s *MergeTrainsService) ListProjectMergeTrains(pid interface{}, opt *ListMergeTrainsOptions, options ...RequestOptionFunc) ([]*MergeTrain, *Response, error) {
+	project, err := parseID(pid)
+	if err != nil {
+		return nil, nil, err
+	}
+	u := fmt.Sprintf("projects/%s/merge_trains", PathEscape(project))
+
+	req, err := s.client.NewRequest(http.MethodGet, u, opt, options)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	var mts []*MergeTrain
+	resp, err := s.client.Do(req, &mts)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return mts, resp, nil
+}
+
+// ListMergeRequestInMergeTrain gets a list of merge requests added to a merge
+// train for the requested target branch.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/merge_trains.html#list-merge-requests-in-a-merge-train
+func (s *MergeTrainsService) ListMergeRequestInMergeTrain(pid interface{}, targetBranch string, opts *ListMergeTrainsOptions, options ...RequestOptionFunc) ([]*MergeTrain, *Response, error) {
+	project, err := parseID(pid)
+	if err != nil {
+		return nil, nil, err
+	}
+	u := fmt.Sprintf("projects/%s/merge_trains/%s", PathEscape(project), targetBranch)
+
+	req, err := s.client.NewRequest(http.MethodGet, u, opts, options)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	var mts []*MergeTrain
+	resp, err := s.client.Do(req, &mts)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return mts, resp, nil
+}
+
+// GetMergeRequestOnAMergeTrain Get merge train information for the requested
+// merge request.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/merge_trains.html#get-the-status-of-a-merge-request-on-a-merge-train
+func (s *MergeTrainsService) GetMergeRequestOnAMergeTrain(pid interface{}, mergeRequest int, options ...RequestOptionFunc) (*MergeTrain, *Response, error) {
+	project, err := parseID(pid)
+	if err != nil {
+		return nil, nil, err
+	}
+	u := fmt.Sprintf("projects/%s/merge_trains/merge_requests/%d", PathEscape(project), mergeRequest)
+
+	req, err := s.client.NewRequest(http.MethodGet, u, nil, options)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	mt := new(MergeTrain)
+	resp, err := s.client.Do(req, mt)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return mt, resp, nil
+}
+
+// AddMergeRequestToMergeTrainOptions represents the available
+// AddMergeRequestToMergeTrain() options.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/merge_trains.html#add-a-merge-request-to-a-merge-train
+type AddMergeRequestToMergeTrainOptions struct {
+	WhenPipelineSucceeds *bool   `url:"when_pipeline_succeeds,omitempty" json:"when_pipeline_succeeds,omitempty"`
+	SHA                  *string `url:"sha,omitempty" json:"sha,omitempty"`
+	Squash               *bool   `url:"squash,omitempty" json:"squash,omitempty"`
+}
+
+// AddMergeRequestToMergeTrain Add a merge request to the merge train targeting
+// the merge request’s target branch.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/merge_trains.html#add-a-merge-request-to-a-merge-train
+func (s *MergeTrainsService) AddMergeRequestToMergeTrain(pid interface{}, mergeRequest int, opts *AddMergeRequestToMergeTrainOptions, options ...RequestOptionFunc) ([]*MergeTrain, *Response, error) {
+	project, err := parseID(pid)
+	if err != nil {
+		return nil, nil, err
+	}
+	u := fmt.Sprintf("projects/%s/merge_trains/merge_requests/%d", PathEscape(project), mergeRequest)
+
+	req, err := s.client.NewRequest(http.MethodPost, u, opts, options)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	var mts []*MergeTrain
+	resp, err := s.client.Do(req, &mts)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return mts, resp, nil
+}
diff --git a/vendor/github.com/xanzy/go-gitlab/milestones.go b/vendor/github.com/xanzy/go-gitlab/milestones.go
index 095c9132d..17c97e031 100644
--- a/vendor/github.com/xanzy/go-gitlab/milestones.go
+++ b/vendor/github.com/xanzy/go-gitlab/milestones.go
@@ -36,6 +36,7 @@ type MilestonesService struct {
 type Milestone struct {
 	ID          int        `json:"id"`
 	IID         int        `json:"iid"`
+	GroupID     int        `json:"group_id"`
 	ProjectID   int        `json:"project_id"`
 	Title       string     `json:"title"`
 	Description string     `json:"description"`
diff --git a/vendor/github.com/xanzy/go-gitlab/notifications.go b/vendor/github.com/xanzy/go-gitlab/notifications.go
index da02415a9..92c2cb189 100644
--- a/vendor/github.com/xanzy/go-gitlab/notifications.go
+++ b/vendor/github.com/xanzy/go-gitlab/notifications.go
@@ -45,18 +45,24 @@ type NotificationSettings struct {
 // GitLab API docs:
 // https://docs.gitlab.com/ee/api/notification_settings.html#valid-notification-levels
 type NotificationEvents struct {
-	CloseIssue           bool `json:"close_issue"`
-	CloseMergeRequest    bool `json:"close_merge_request"`
-	FailedPipeline       bool `json:"failed_pipeline"`
-	MergeMergeRequest    bool `json:"merge_merge_request"`
-	NewIssue             bool `json:"new_issue"`
-	NewMergeRequest      bool `json:"new_merge_request"`
-	NewNote              bool `json:"new_note"`
-	ReassignIssue        bool `json:"reassign_issue"`
-	ReassignMergeRequest bool `json:"reassign_merge_request"`
-	ReopenIssue          bool `json:"reopen_issue"`
-	ReopenMergeRequest   bool `json:"reopen_merge_request"`
-	SuccessPipeline      bool `json:"success_pipeline"`
+	CloseIssue                bool `json:"close_issue"`
+	CloseMergeRequest         bool `json:"close_merge_request"`
+	FailedPipeline            bool `json:"failed_pipeline"`
+	FixedPipeline             bool `json:"fixed_pipeline"`
+	IssueDue                  bool `json:"issue_due"`
+	MergeWhenPipelineSucceeds bool `json:"merge_when_pipeline_succeeds"`
+	MergeMergeRequest         bool `json:"merge_merge_request"`
+	MovedProject              bool `json:"moved_project"`
+	NewIssue                  bool `json:"new_issue"`
+	NewMergeRequest           bool `json:"new_merge_request"`
+	NewEpic                   bool `json:"new_epic"`
+	NewNote                   bool `json:"new_note"`
+	PushToMergeRequest        bool `json:"push_to_merge_request"`
+	ReassignIssue             bool `json:"reassign_issue"`
+	ReassignMergeRequest      bool `json:"reassign_merge_request"`
+	ReopenIssue               bool `json:"reopen_issue"`
+	ReopenMergeRequest        bool `json:"reopen_merge_request"`
+	SuccessPipeline           bool `json:"success_pipeline"`
 }
 
 func (ns NotificationSettings) String() string {
@@ -87,20 +93,26 @@ func (s *NotificationSettingsService) GetGlobalSettings(options ...RequestOption
 // NotificationSettingsOptions represents the available options that can be passed
 // to the API when updating the notification settings.
 type NotificationSettingsOptions struct {
-	Level                *NotificationLevelValue `url:"level,omitempty" json:"level,omitempty"`
-	NotificationEmail    *string                 `url:"notification_email,omitempty" json:"notification_email,omitempty"`
-	CloseIssue           *bool                   `url:"close_issue,omitempty" json:"close_issue,omitempty"`
-	CloseMergeRequest    *bool                   `url:"close_merge_request,omitempty" json:"close_merge_request,omitempty"`
-	FailedPipeline       *bool                   `url:"failed_pipeline,omitempty" json:"failed_pipeline,omitempty"`
-	MergeMergeRequest    *bool                   `url:"merge_merge_request,omitempty" json:"merge_merge_request,omitempty"`
-	NewIssue             *bool                   `url:"new_issue,omitempty" json:"new_issue,omitempty"`
-	NewMergeRequest      *bool                   `url:"new_merge_request,omitempty" json:"new_merge_request,omitempty"`
-	NewNote              *bool                   `url:"new_note,omitempty" json:"new_note,omitempty"`
-	ReassignIssue        *bool                   `url:"reassign_issue,omitempty" json:"reassign_issue,omitempty"`
-	ReassignMergeRequest *bool                   `url:"reassign_merge_request,omitempty" json:"reassign_merge_request,omitempty"`
-	ReopenIssue          *bool                   `url:"reopen_issue,omitempty" json:"reopen_issue,omitempty"`
-	ReopenMergeRequest   *bool                   `url:"reopen_merge_request,omitempty" json:"reopen_merge_request,omitempty"`
-	SuccessPipeline      *bool                   `url:"success_pipeline,omitempty" json:"success_pipeline,omitempty"`
+	Level                     *NotificationLevelValue `url:"level,omitempty" json:"level,omitempty"`
+	NotificationEmail         *string                 `url:"notification_email,omitempty" json:"notification_email,omitempty"`
+	CloseIssue                *bool                   `url:"close_issue,omitempty" json:"close_issue,omitempty"`
+	CloseMergeRequest         *bool                   `url:"close_merge_request,omitempty" json:"close_merge_request,omitempty"`
+	FailedPipeline            *bool                   `url:"failed_pipeline,omitempty" json:"failed_pipeline,omitempty"`
+	FixedPipeline             *bool                   `url:"fixed_pipeline,omitempty" json:"fixed_pipeline,omitempty"`
+	IssueDue                  *bool                   `url:"issue_due,omitempty" json:"issue_due,omitempty"`
+	MergeMergeRequest         *bool                   `url:"merge_merge_request,omitempty" json:"merge_merge_request,omitempty"`
+	MergeWhenPipelineSucceeds *bool                   `url:"merge_when_pipeline_succeeds,omitempty" json:"merge_when_pipeline_succeeds,omitempty"`
+	MovedProject              *bool                   `url:"moved_project,omitempty" json:"moved_project,omitempty"`
+	NewEpic                   *bool                   `url:"new_epic,omitempty" json:"new_epic,omitempty"`
+	NewIssue                  *bool                   `url:"new_issue,omitempty" json:"new_issue,omitempty"`
+	NewMergeRequest           *bool                   `url:"new_merge_request,omitempty" json:"new_merge_request,omitempty"`
+	NewNote                   *bool                   `url:"new_note,omitempty" json:"new_note,omitempty"`
+	PushToMergeRequest        *bool                   `url:"push_to_merge_request,omitempty" json:"push_to_merge_request,omitempty"`
+	ReassignIssue             *bool                   `url:"reassign_issue,omitempty" json:"reassign_issue,omitempty"`
+	ReassignMergeRequest      *bool                   `url:"reassign_merge_request,omitempty" json:"reassign_merge_request,omitempty"`
+	ReopenIssue               *bool                   `url:"reopen_issue,omitempty" json:"reopen_issue,omitempty"`
+	ReopenMergeRequest        *bool                   `url:"reopen_merge_request,omitempty" json:"reopen_merge_request,omitempty"`
+	SuccessPipeline           *bool                   `url:"success_pipeline,omitempty" json:"success_pipeline,omitempty"`
 }
 
 // UpdateGlobalSettings updates current notification settings and email address.
diff --git a/vendor/github.com/xanzy/go-gitlab/personal_access_tokens.go b/vendor/github.com/xanzy/go-gitlab/personal_access_tokens.go
index bb27c7737..63d294e6f 100644
--- a/vendor/github.com/xanzy/go-gitlab/personal_access_tokens.go
+++ b/vendor/github.com/xanzy/go-gitlab/personal_access_tokens.go
@@ -120,6 +120,27 @@ func (s *PersonalAccessTokensService) GetSinglePersonalAccessToken(options ...Re
 	return pat, resp, nil
 }
 
+// RotatePersonalAccessToken revokes a token and returns a new token that
+// expires in one week.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/personal_access_tokens.html#rotate-a-personal-access-token
+func (s *PersonalAccessTokensService) RotatePersonalAccessToken(token int, options ...RequestOptionFunc) (*PersonalAccessToken, *Response, error) {
+	u := fmt.Sprintf("personal_access_tokens/%d/rotate", token)
+	req, err := s.client.NewRequest(http.MethodPost, u, nil, options)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	pat := new(PersonalAccessToken)
+	resp, err := s.client.Do(req, pat)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return pat, resp, nil
+}
+
 // RevokePersonalAccessToken revokes a personal access token.
 //
 // GitLab API docs:
diff --git a/vendor/github.com/xanzy/go-gitlab/pipelines.go b/vendor/github.com/xanzy/go-gitlab/pipelines.go
index 1bba71e00..75a8b6cb5 100644
--- a/vendor/github.com/xanzy/go-gitlab/pipelines.go
+++ b/vendor/github.com/xanzy/go-gitlab/pipelines.go
@@ -115,7 +115,7 @@ type PipelineTestCases struct {
 	Classname      string          `json:"classname"`
 	File           string          `json:"file"`
 	ExecutionTime  float64         `json:"execution_time"`
-	SystemOutput   string          `json:"system_output"`
+	SystemOutput   interface{}     `json:"system_output"`
 	StackTrace     string          `json:"stack_trace"`
 	AttachmentURL  string          `json:"attachment_url"`
 	RecentFailures *RecentFailures `json:"recent_failures"`
@@ -135,6 +135,7 @@ func (p PipelineTestReport) String() string {
 // on other assets, like Commit.
 type PipelineInfo struct {
 	ID        int        `json:"id"`
+	IID       int        `json:"iid"`
 	ProjectID int        `json:"project_id"`
 	Status    string     `json:"status"`
 	Source    string     `json:"source"`
diff --git a/vendor/github.com/xanzy/go-gitlab/project_access_tokens.go b/vendor/github.com/xanzy/go-gitlab/project_access_tokens.go
index 9fa510d09..780e59a82 100644
--- a/vendor/github.com/xanzy/go-gitlab/project_access_tokens.go
+++ b/vendor/github.com/xanzy/go-gitlab/project_access_tokens.go
@@ -146,6 +146,31 @@ func (s *ProjectAccessTokensService) CreateProjectAccessToken(pid interface{}, o
 	return pat, resp, nil
 }
 
+// RotateProjectAccessToken revokes a project access token and returns a new
+// project access token that expires in one week.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/project_access_tokens.html#rotate-a-project-access-token
+func (s *ProjectAccessTokensService) RotateProjectAccessToken(pid interface{}, id int, options ...RequestOptionFunc) (*ProjectAccessToken, *Response, error) {
+	projects, err := parseID(pid)
+	if err != nil {
+		return nil, nil, err
+	}
+	u := fmt.Sprintf("projects/%s/access_tokens/%d/rotate", PathEscape(projects), id)
+	req, err := s.client.NewRequest(http.MethodPost, u, nil, options)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	pat := new(ProjectAccessToken)
+	resp, err := s.client.Do(req, pat)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return pat, resp, nil
+}
+
 // RevokeProjectAccessToken revokes a project access token.
 //
 // GitLab API docs:
diff --git a/vendor/github.com/xanzy/go-gitlab/project_repository_storage_move.go b/vendor/github.com/xanzy/go-gitlab/project_repository_storage_move.go
new file mode 100644
index 000000000..3beecb1f7
--- /dev/null
+++ b/vendor/github.com/xanzy/go-gitlab/project_repository_storage_move.go
@@ -0,0 +1,199 @@
+//
+// Copyright 2023, Nick Westbury
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+package gitlab
+
+import (
+	"fmt"
+	"net/http"
+	"time"
+)
+
+// ProjectRepositoryStorageMoveService handles communication with the
+// repositories related methods of the GitLab API.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/project_repository_storage_moves.html
+type ProjectRepositoryStorageMoveService struct {
+	client *Client
+}
+
+// ProjectRepositoryStorageMove represents the status of a repository move.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/project_repository_storage_moves.html
+type ProjectRepositoryStorageMove struct {
+	ID                     int                `json:"id"`
+	CreatedAt              *time.Time         `json:"created_at"`
+	State                  string             `json:"state"`
+	SourceStorageName      string             `json:"source_storage_name"`
+	DestinationStorageName string             `json:"destination_storage_name"`
+	Project                *RepositoryProject `json:"project"`
+}
+
+type RepositoryProject struct {
+	ID                int        `json:"id"`
+	Description       string     `json:"description"`
+	Name              string     `json:"name"`
+	NameWithNamespace string     `json:"name_with_namespace"`
+	Path              string     `json:"path"`
+	PathWithNamespace string     `json:"path_with_namespace"`
+	CreatedAt         *time.Time `json:"created_at"`
+}
+
+// RetrieveAllProjectStorageMovesOptions represents the available
+// RetrieveAllStorageMoves() options.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/project_repository_storage_moves.html#retrieve-all-project-repository-storage-moves
+type RetrieveAllProjectStorageMovesOptions ListOptions
+
+// RetrieveAllStorageMoves retrieves all project repository storage moves
+// accessible by the authenticated user.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/project_repository_storage_moves.html#retrieve-all-project-repository-storage-moves
+func (p ProjectRepositoryStorageMoveService) RetrieveAllStorageMoves(opts RetrieveAllProjectStorageMovesOptions, options ...RequestOptionFunc) ([]*ProjectRepositoryStorageMove, *Response, error) {
+	req, err := p.client.NewRequest(http.MethodGet, "project_repository_storage_moves", opts, options)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	var psms []*ProjectRepositoryStorageMove
+	resp, err := p.client.Do(req, &psms)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return psms, resp, err
+}
+
+// RetrieveAllStorageMovesForProject retrieves all repository storage moves for
+// a single project accessible by the authenticated user.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/project_repository_storage_moves.html#retrieve-all-repository-storage-moves-for-a-project
+func (p ProjectRepositoryStorageMoveService) RetrieveAllStorageMovesForProject(project int, opts RetrieveAllProjectStorageMovesOptions, options ...RequestOptionFunc) ([]*ProjectRepositoryStorageMove, *Response, error) {
+	u := fmt.Sprintf("projects/%d/repository_storage_moves", project)
+
+	req, err := p.client.NewRequest(http.MethodGet, u, opts, options)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	var psms []*ProjectRepositoryStorageMove
+	resp, err := p.client.Do(req, &psms)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return psms, resp, err
+}
+
+// GetStorageMove gets a single project repository storage move.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/project_repository_storage_moves.html#get-a-single-project-repository-storage-move
+func (p ProjectRepositoryStorageMoveService) GetStorageMove(repositoryStorage int, options ...RequestOptionFunc) (*ProjectRepositoryStorageMove, *Response, error) {
+	u := fmt.Sprintf("project_repository_storage_moves/%d", repositoryStorage)
+
+	req, err := p.client.NewRequest(http.MethodGet, u, nil, options)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	psm := new(ProjectRepositoryStorageMove)
+	resp, err := p.client.Do(req, psm)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return psm, resp, err
+}
+
+// GetStorageMoveForProject gets a single repository storage move for a project.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/project_repository_storage_moves.html#get-a-single-repository-storage-move-for-a-project
+func (p ProjectRepositoryStorageMoveService) GetStorageMoveForProject(project int, repositoryStorage int, options ...RequestOptionFunc) (*ProjectRepositoryStorageMove, *Response, error) {
+	u := fmt.Sprintf("projects/%d/repository_storage_moves/%d", project, repositoryStorage)
+
+	req, err := p.client.NewRequest(http.MethodGet, u, nil, options)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	psm := new(ProjectRepositoryStorageMove)
+	resp, err := p.client.Do(req, psm)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return psm, resp, err
+}
+
+// ScheduleStorageMoveForProjectOptions represents the available
+// ScheduleStorageMoveForProject() options.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/project_repository_storage_moves.html#schedule-a-repository-storage-move-for-a-project
+type ScheduleStorageMoveForProjectOptions struct {
+	DestinationStorageName *string `url:"destination_storage_name,omitempty" json:"destination_storage_name,omitempty"`
+}
+
+// ScheduleStorageMoveForProject schedule a repository to be moved for a project.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/project_repository_storage_moves.html#schedule-a-repository-storage-move-for-a-project
+func (p ProjectRepositoryStorageMoveService) ScheduleStorageMoveForProject(project int, opts ScheduleStorageMoveForProjectOptions, options ...RequestOptionFunc) (*ProjectRepositoryStorageMove, *Response, error) {
+	u := fmt.Sprintf("projects/%d/repository_storage_moves", project)
+
+	req, err := p.client.NewRequest(http.MethodPost, u, opts, options)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	psm := new(ProjectRepositoryStorageMove)
+	resp, err := p.client.Do(req, psm)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return psm, resp, err
+}
+
+// ScheduleAllProjectStorageMovesOptions represents the available
+// ScheduleAllStorageMoves() options.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/project_repository_storage_moves.html#schedule-repository-storage-moves-for-all-projects-on-a-storage-shard
+type ScheduleAllProjectStorageMovesOptions struct {
+	SourceStorageName      *string `url:"source_storage_name,omitempty" json:"source_storage_name,omitempty"`
+	DestinationStorageName *string `url:"destination_storage_name,omitempty" json:"destination_storage_name,omitempty"`
+}
+
+// ScheduleAllStorageMoves schedules all repositories to be moved.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/project_repository_storage_moves.html#schedule-repository-storage-moves-for-all-projects-on-a-storage-shard
+func (p ProjectRepositoryStorageMoveService) ScheduleAllStorageMoves(opts ScheduleAllProjectStorageMovesOptions, options ...RequestOptionFunc) (*Response, error) {
+	req, err := p.client.NewRequest(http.MethodPost, "project_repository_storage_moves", opts, options)
+	if err != nil {
+		return nil, err
+	}
+
+	return p.client.Do(req, nil)
+}
diff --git a/vendor/github.com/xanzy/go-gitlab/projects.go b/vendor/github.com/xanzy/go-gitlab/projects.go
index cbe67635b..6a2b3be01 100644
--- a/vendor/github.com/xanzy/go-gitlab/projects.go
+++ b/vendor/github.com/xanzy/go-gitlab/projects.go
@@ -158,7 +158,7 @@ type Project struct {
 	AutoDevopsDeployStrategy                 string             `json:"auto_devops_deploy_strategy"`
 	AutoDevopsEnabled                        bool               `json:"auto_devops_enabled"`
 	BuildGitStrategy                         string             `json:"build_git_strategy"`
-	EmailsDisabled                           bool               `json:"emails_disabled"`
+	EmailsEnabled                            bool               `json:"emails_enabled"`
 	ExternalAuthorizationClassificationLabel string             `json:"external_authorization_classification_label"`
 	RequirementsEnabled                      bool               `json:"requirements_enabled"`
 	RequirementsAccessLevel                  AccessControlValue `json:"requirements_access_level"`
@@ -166,6 +166,8 @@ type Project struct {
 	SecurityAndComplianceAccessLevel         AccessControlValue `json:"security_and_compliance_access_level"`
 	MergeRequestDefaultTargetSelf            bool               `json:"mr_default_target_self"`
 
+	// Deprecated: Use EmailsEnabled instead
+	EmailsDisabled bool `json:"emails_disabled"`
 	// Deprecated: This parameter has been renamed to PublicJobs in GitLab 9.0.
 	PublicBuilds bool `json:"public_builds"`
 }
@@ -195,13 +197,14 @@ type ContainerExpirationPolicy struct {
 
 // ForkParent represents the parent project when this is a fork.
 type ForkParent struct {
-	HTTPURLToRepo     string `json:"http_url_to_repo"`
 	ID                int    `json:"id"`
 	Name              string `json:"name"`
 	NameWithNamespace string `json:"name_with_namespace"`
 	Path              string `json:"path"`
 	PathWithNamespace string `json:"path_with_namespace"`
+	HTTPURLToRepo     string `json:"http_url_to_repo"`
 	WebURL            string `json:"web_url"`
+	RepositoryStorage string `json:"repository_storage"`
 }
 
 // GroupAccess represents group access.
@@ -388,6 +391,31 @@ func (s *ProjectsService) ListUserProjects(uid interface{}, opt *ListProjectsOpt
 	return p, resp, nil
 }
 
+// ListUserContributedProjects gets a list of visible projects a given user has contributed to.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/projects.html#list-projects-a-user-has-contributed-to
+func (s *ProjectsService) ListUserContributedProjects(uid interface{}, opt *ListProjectsOptions, options ...RequestOptionFunc) ([]*Project, *Response, error) {
+	user, err := parseID(uid)
+	if err != nil {
+		return nil, nil, err
+	}
+	u := fmt.Sprintf("users/%s/contributed_projects", user)
+
+	req, err := s.client.NewRequest(http.MethodGet, u, opt, options)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	var p []*Project
+	resp, err := s.client.Do(req, &p)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return p, resp, nil
+}
+
 // ListUserStarredProjects gets a list of projects starred by the given user.
 //
 // GitLab API docs:
@@ -589,7 +617,7 @@ type CreateProjectOptions struct {
 	ContainerRegistryAccessLevel              *AccessControlValue                  `url:"container_registry_access_level,omitempty" json:"container_registry_access_level,omitempty"`
 	DefaultBranch                             *string                              `url:"default_branch,omitempty" json:"default_branch,omitempty"`
 	Description                               *string                              `url:"description,omitempty" json:"description,omitempty"`
-	EmailsDisabled                            *bool                                `url:"emails_disabled,omitempty" json:"emails_disabled,omitempty"`
+	EmailsEnabled                             *bool                                `url:"emails_enabled,omitempty" json:"emails_enabled,omitempty"`
 	EnforceAuthChecksOnUploads                *bool                                `url:"enforce_auth_checks_on_uploads,omitempty" json:"enforce_auth_checks_on_uploads,omitempty"`
 	ExternalAuthorizationClassificationLabel  *string                              `url:"external_authorization_classification_label,omitempty" json:"external_authorization_classification_label,omitempty"`
 	ForkingAccessLevel                        *AccessControlValue                  `url:"forking_access_level,omitempty" json:"forking_access_level,omitempty"`
@@ -646,6 +674,8 @@ type CreateProjectOptions struct {
 	CIForwardDeploymentEnabled *bool `url:"ci_forward_deployment_enabled,omitempty" json:"ci_forward_deployment_enabled,omitempty"`
 	// Deprecated: Use ContainerRegistryAccessLevel instead.
 	ContainerRegistryEnabled *bool `url:"container_registry_enabled,omitempty" json:"container_registry_enabled,omitempty"`
+	// Deprecated: Use EmailsEnabled instead
+	EmailsDisabled *bool `url:"emails_disabled,omitempty" json:"emails_disabled,omitempty"`
 	// Deprecated: Use IssuesAccessLevel instead.
 	IssuesEnabled *bool `url:"issues_enabled,omitempty" json:"issues_enabled,omitempty"`
 	// Deprecated: No longer supported in recent versions.
@@ -812,7 +842,7 @@ type EditProjectOptions struct {
 	ContainerRegistryAccessLevel              *AccessControlValue                  `url:"container_registry_access_level,omitempty" json:"container_registry_access_level,omitempty"`
 	DefaultBranch                             *string                              `url:"default_branch,omitempty" json:"default_branch,omitempty"`
 	Description                               *string                              `url:"description,omitempty" json:"description,omitempty"`
-	EmailsDisabled                            *bool                                `url:"emails_disabled,omitempty" json:"emails_disabled,omitempty"`
+	EmailsEnabled                             *bool                                `url:"emails_enabled,omitempty" json:"emails_enabled,omitempty"`
 	EnforceAuthChecksOnUploads                *bool                                `url:"enforce_auth_checks_on_uploads,omitempty" json:"enforce_auth_checks_on_uploads,omitempty"`
 	ExternalAuthorizationClassificationLabel  *string                              `url:"external_authorization_classification_label,omitempty" json:"external_authorization_classification_label,omitempty"`
 	ForkingAccessLevel                        *AccessControlValue                  `url:"forking_access_level,omitempty" json:"forking_access_level,omitempty"`
@@ -870,6 +900,8 @@ type EditProjectOptions struct {
 
 	// Deprecated: Use ContainerRegistryAccessLevel instead.
 	ContainerRegistryEnabled *bool `url:"container_registry_enabled,omitempty" json:"container_registry_enabled,omitempty"`
+	// Deprecated: Use EmailsEnabled instead
+	EmailsDisabled *bool `url:"emails_disabled,omitempty" json:"emails_disabled,omitempty"`
 	// Deprecated: Use IssuesAccessLevel instead.
 	IssuesEnabled *bool `url:"issues_enabled,omitempty" json:"issues_enabled,omitempty"`
 	// Deprecated: Use BuildsAccessLevel instead.
@@ -1803,6 +1835,7 @@ func (s *ProjectsService) GetProjectApprovalRule(pid interface{}, ruleID int, op
 type CreateProjectLevelRuleOptions struct {
 	Name                          *string `url:"name,omitempty" json:"name,omitempty"`
 	ApprovalsRequired             *int    `url:"approvals_required,omitempty" json:"approvals_required,omitempty"`
+	ReportType                    *string `url:"report_type,omitempty" json:"report_type,omitempty"`
 	RuleType                      *string `url:"rule_type,omitempty" json:"rule_type,omitempty"`
 	UserIDs                       *[]int  `url:"user_ids,omitempty" json:"user_ids,omitempty"`
 	GroupIDs                      *[]int  `url:"group_ids,omitempty" json:"group_ids,omitempty"`
diff --git a/vendor/github.com/xanzy/go-gitlab/protected_environments.go b/vendor/github.com/xanzy/go-gitlab/protected_environments.go
index 21820ab39..3dc7fbdfb 100644
--- a/vendor/github.com/xanzy/go-gitlab/protected_environments.go
+++ b/vendor/github.com/xanzy/go-gitlab/protected_environments.go
@@ -191,6 +191,73 @@ func (s *ProtectedEnvironmentsService) ProtectRepositoryEnvironments(pid interfa
 	return pe, resp, nil
 }
 
+// UpdateProtectedEnvironmentsOptions represents the available
+// UpdateProtectedEnvironments() options.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/protected_environments.html#update-a-protected-environment
+type UpdateProtectedEnvironmentsOptions struct {
+	Name                  *string                                  `url:"name,omitempty" json:"name,omitempty"`
+	DeployAccessLevels    *[]*UpdateEnvironmentAccessOptions       `url:"deploy_access_levels,omitempty" json:"deploy_access_levels,omitempty"`
+	RequiredApprovalCount *int                                     `url:"required_approval_count,omitempty" json:"required_approval_count,omitempty"`
+	ApprovalRules         *[]*UpdateEnvironmentApprovalRuleOptions `url:"approval_rules,omitempty" json:"approval_rules,omitempty"`
+}
+
+// UpdateEnvironmentAccessOptions represents the options for updates to an
+// access decription for a protected environment.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/protected_environments.html#update-a-protected-environment
+type UpdateEnvironmentAccessOptions struct {
+	AccessLevel *AccessLevelValue `url:"access_level,omitempty" json:"access_level,omitempty"`
+	ID          *int              `url:"id,omitempty" json:"id,omitempty"`
+	UserID      *int              `url:"user_id,omitempty" json:"user_id,omitempty"`
+	GroupID     *int              `url:"group_id,omitempty" json:"group_id,omitempty"`
+	Destroy     *bool             `url:"_destroy,omitempty" json:"_destroy,omitempty"`
+}
+
+// UpdateEnvironmentApprovalRuleOptions represents the updates to the approval
+// rules for a protected environment.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/protected_environments.html#update-a-protected-environment
+type UpdateEnvironmentApprovalRuleOptions struct {
+	ID                     *int              `url:"id,omitempty" json:"id,omitempty"`
+	UserID                 *int              `url:"user_id,omitempty" json:"user_id,omitempty"`
+	GroupID                *int              `url:"group_id,omitempty" json:"group_id,omitempty"`
+	AccessLevel            *AccessLevelValue `url:"access_level,omitempty" json:"access_level,omitempty"`
+	AccessLevelDescription *string           `url:"access_level_description,omitempty" json:"access_level_description,omitempty"`
+	RequiredApprovalCount  *int              `url:"required_approvals,omitempty" json:"required_approvals,omitempty"`
+	GroupInheritanceType   *int              `url:"group_inheritance_type,omitempty" json:"group_inheritance_type,omitempty"`
+	Destroy                *bool             `url:"_destroy,omitempty" json:"_destroy,omitempty"`
+}
+
+// UpdateProtectedEnvironments updates a single repository environment or
+// several project repository environments using wildcard protected environment.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/protected_environments.html#update-a-protected-environment
+func (s *ProtectedEnvironmentsService) UpdateProtectedEnvironments(pid interface{}, environment string, opt *UpdateProtectedEnvironmentsOptions, options ...RequestOptionFunc) (*ProtectedEnvironment, *Response, error) {
+	project, err := parseID(pid)
+	if err != nil {
+		return nil, nil, err
+	}
+	u := fmt.Sprintf("projects/%s/protected_environments/%s", PathEscape(project), environment)
+
+	req, err := s.client.NewRequest(http.MethodPut, u, opt, options)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	pe := new(ProtectedEnvironment)
+	resp, err := s.client.Do(req, pe)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return pe, resp, nil
+}
+
 // UnprotectEnvironment unprotects the given protected environment or wildcard
 // protected environment.
 //
diff --git a/vendor/github.com/xanzy/go-gitlab/protected_tags.go b/vendor/github.com/xanzy/go-gitlab/protected_tags.go
index 62da5c474..76e8ff4d2 100644
--- a/vendor/github.com/xanzy/go-gitlab/protected_tags.go
+++ b/vendor/github.com/xanzy/go-gitlab/protected_tags.go
@@ -44,6 +44,7 @@ type ProtectedTag struct {
 // GitLab API docs:
 // https://docs.gitlab.com/ee/api/protected_tags.html
 type TagAccessDescription struct {
+	ID                     int              `json:"id"`
 	UserID                 int              `json:"user_id"`
 	GroupID                int              `json:"group_id"`
 	AccessLevel            AccessLevelValue `json:"access_level"`
diff --git a/vendor/github.com/xanzy/go-gitlab/releases.go b/vendor/github.com/xanzy/go-gitlab/releases.go
index 86308c5a9..3d6a89772 100644
--- a/vendor/github.com/xanzy/go-gitlab/releases.go
+++ b/vendor/github.com/xanzy/go-gitlab/releases.go
@@ -133,6 +133,31 @@ func (s *ReleasesService) GetRelease(pid interface{}, tagName string, options ..
 	return r, resp, nil
 }
 
+// GetLatestRelease returns the latest release for the project.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/releases/#get-the-latest-release
+func (s *ReleasesService) GetLatestRelease(pid interface{}, options ...RequestOptionFunc) (*Release, *Response, error) {
+	project, err := parseID(pid)
+	if err != nil {
+		return nil, nil, err
+	}
+	u := fmt.Sprintf("projects/%s/releases/permalink/latest", PathEscape(project))
+
+	req, err := s.client.NewRequest(http.MethodGet, u, nil, options)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	r := new(Release)
+	resp, err := s.client.Do(req, r)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return r, resp, err
+}
+
 // CreateReleaseOptions represents CreateRelease() options.
 //
 // GitLab API docs:
diff --git a/vendor/github.com/xanzy/go-gitlab/repositories.go b/vendor/github.com/xanzy/go-gitlab/repositories.go
index b89efc090..986dd001c 100644
--- a/vendor/github.com/xanzy/go-gitlab/repositories.go
+++ b/vendor/github.com/xanzy/go-gitlab/repositories.go
@@ -140,6 +140,7 @@ func (s *RepositoriesService) RawBlobContent(pid interface{}, sha string, option
 // https://docs.gitlab.com/ee/api/repositories.html#get-file-archive
 type ArchiveOptions struct {
 	Format *string `url:"-" json:"-"`
+	Path   *string `url:"path,omitempty" json:"path,omitempty"`
 	SHA    *string `url:"sha,omitempty" json:"sha,omitempty"`
 }
 
diff --git a/vendor/github.com/xanzy/go-gitlab/resource_iteration_events.go b/vendor/github.com/xanzy/go-gitlab/resource_iteration_events.go
new file mode 100644
index 000000000..7ad354a7b
--- /dev/null
+++ b/vendor/github.com/xanzy/go-gitlab/resource_iteration_events.go
@@ -0,0 +1,122 @@
+//
+// Copyright 2023, Hakki Ceylan, Yavuz Turk
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+package gitlab
+
+import (
+	"fmt"
+	"net/http"
+	"time"
+)
+
+// ResourceIterationEventsService handles communication with the event related
+// methods of the GitLab API.
+//
+// GitLab API docs: https://docs.gitlab.com/ee/api/resource_iteration_events.html
+type ResourceIterationEventsService struct {
+	client *Client
+}
+
+// IterationEvent represents a resource iteration event.
+//
+// GitLab API docs: https://docs.gitlab.com/ee/api/resource_iteration_events.html
+type IterationEvent struct {
+	ID           int        `json:"id"`
+	User         *BasicUser `json:"user"`
+	CreatedAt    *time.Time `json:"created_at"`
+	ResourceType string     `json:"resource_type"`
+	ResourceID   int        `json:"resource_id"`
+	Iteration    *Iteration `json:"iteration"`
+	Action       string     `json:"action"`
+}
+
+// Iteration represents a project issue iteration.
+//
+// GitLab API docs: https://docs.gitlab.com/ee/api/resource_iteration_events.html
+type Iteration struct {
+	ID          int        `json:"id"`
+	IID         int        `json:"iid"`
+	Sequence    int        `json:"sequence"`
+	GroupId     int        `json:"group_id"`
+	Title       string     `json:"title"`
+	Description string     `json:"description"`
+	State       int        `json:"state"`
+	CreatedAt   *time.Time `json:"created_at"`
+	UpdatedAt   *time.Time `json:"updated_at"`
+	DueDate     *ISOTime   `json:"due_date"`
+	StartDate   *ISOTime   `json:"start_date"`
+	WebURL      string     `json:"web_url"`
+}
+
+// ListIterationEventsOptions represents the options for all resource state
+// events list methods.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/resource_iteration_events.html#list-project-issue-iteration-events
+type ListIterationEventsOptions struct {
+	ListOptions
+}
+
+// ListIssueIterationEvents retrieves resource iteration events for the
+// specified project and issue.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/resource_iteration_events.html#list-project-issue-iteration-events
+func (s *ResourceIterationEventsService) ListIssueIterationEvents(pid interface{}, issue int, opt *ListIterationEventsOptions, options ...RequestOptionFunc) ([]*IterationEvent, *Response, error) {
+	project, err := parseID(pid)
+	if err != nil {
+		return nil, nil, err
+	}
+	u := fmt.Sprintf("projects/%s/issues/%d/resource_iteration_events", PathEscape(project), issue)
+
+	req, err := s.client.NewRequest(http.MethodGet, u, opt, options)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	var ies []*IterationEvent
+	resp, err := s.client.Do(req, &ies)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return ies, resp, nil
+}
+
+// GetIssueIterationEvent gets a single issue iteration event.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/resource_iteration_events.html#get-single-issue-iteration-event
+func (s *ResourceIterationEventsService) GetIssueIterationEvent(pid interface{}, issue int, event int, options ...RequestOptionFunc) (*IterationEvent, *Response, error) {
+	project, err := parseID(pid)
+	if err != nil {
+		return nil, nil, err
+	}
+	u := fmt.Sprintf("projects/%s/issues/%d/resource_iteration_events/%d", PathEscape(project), issue, event)
+
+	req, err := s.client.NewRequest(http.MethodGet, u, nil, options)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	ie := new(IterationEvent)
+	resp, err := s.client.Do(req, ie)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return ie, resp, nil
+}
diff --git a/vendor/github.com/xanzy/go-gitlab/services.go b/vendor/github.com/xanzy/go-gitlab/services.go
index e7acb9e98..0313eccdb 100644
--- a/vendor/github.com/xanzy/go-gitlab/services.go
+++ b/vendor/github.com/xanzy/go-gitlab/services.go
@@ -44,6 +44,7 @@ type Service struct {
 	Active                   bool       `json:"active"`
 	PushEvents               bool       `json:"push_events"`
 	IssuesEvents             bool       `json:"issues_events"`
+	AlertEvents              bool       `json:"alert_events"`
 	ConfidentialIssuesEvents bool       `json:"confidential_issues_events"`
 	CommitEvents             bool       `json:"commit_events"`
 	MergeRequestsEvents      bool       `json:"merge_requests_events"`
@@ -54,6 +55,7 @@ type Service struct {
 	PipelineEvents           bool       `json:"pipeline_events"`
 	JobEvents                bool       `json:"job_events"`
 	WikiPageEvents           bool       `json:"wiki_page_events"`
+	VulnerabilityEvents      bool       `json:"vulnerability_events"`
 	DeploymentEvents         bool       `json:"deployment_events"`
 }
 
@@ -177,6 +179,106 @@ func (s *ServicesService) DeleteCustomIssueTrackerService(pid interface{}, optio
 	return s.client.Do(req, nil)
 }
 
+// DataDogService represents DataDog service settings.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/services.html#datadog
+type DataDogService struct {
+	Service
+	Properties *DataDogServiceProperties `json:"properties"`
+}
+
+// DataDogServiceProperties represents DataDog specific properties.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/services.html#datadog
+type DataDogServiceProperties struct {
+	APIURL             string `url:"api_url,omitempty" json:"api_url,omitempty"`
+	DataDogEnv         string `url:"datadog_env,omitempty" json:"datadog_env,omitempty"`
+	DataDogService     string `url:"datadog_service,omitempty" json:"datadog_service,omitempty"`
+	DataDogSite        string `url:"datadog_site,omitempty" json:"datadog_site,omitempty"`
+	DataDogTags        string `url:"datadog_tags,omitempty" json:"datadog_tags,omitempty"`
+	ArchiveTraceEvents bool   `url:"archive_trace_events,omitempty" json:"archive_trace_events,omitempty"`
+}
+
+// GetDataDogService gets DataDog service settings for a project.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/services.html#get-datadog-integration-settings
+func (s *ServicesService) GetDataDogService(pid interface{}, options ...RequestOptionFunc) (*DataDogService, *Response, error) {
+	project, err := parseID(pid)
+	if err != nil {
+		return nil, nil, err
+	}
+	u := fmt.Sprintf("projects/%s/services/datadog", PathEscape(project))
+
+	req, err := s.client.NewRequest(http.MethodGet, u, nil, options)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	svc := new(DataDogService)
+	resp, err := s.client.Do(req, svc)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return svc, resp, nil
+}
+
+// SetDataDogServiceOptions represents the available SetDataDogService()
+// options.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/services.html#createedit-datadog-integration
+type SetDataDogServiceOptions struct {
+	APIKey             *string `url:"api_key,omitempty" json:"api_key,omitempty"`
+	APIURL             *string `url:"api_url,omitempty" json:"api_url,omitempty"`
+	DataDogEnv         *string `url:"datadog_env,omitempty" json:"datadog_env,omitempty"`
+	DataDogService     *string `url:"datadog_service,omitempty" json:"datadog_service,omitempty"`
+	DataDogSite        *string `url:"datadog_site,omitempty" json:"datadog_site,omitempty"`
+	DataDogTags        *string `url:"datadog_tags,omitempty" json:"datadog_tags,omitempty"`
+	ArchiveTraceEvents *bool   `url:"archive_trace_events,omitempty" json:"archive_trace_events,omitempty"`
+}
+
+// SetDataDogService sets DataDog service settings for a project.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/services.html#createedit-datadog-integration
+func (s *ServicesService) SetDataDogService(pid interface{}, opt *SetDataDogServiceOptions, options ...RequestOptionFunc) (*Response, error) {
+	project, err := parseID(pid)
+	if err != nil {
+		return nil, err
+	}
+	u := fmt.Sprintf("projects/%s/services/datadog", PathEscape(project))
+
+	req, err := s.client.NewRequest(http.MethodPut, u, opt, options)
+	if err != nil {
+		return nil, err
+	}
+
+	return s.client.Do(req, nil)
+}
+
+// DeleteDataDogService deletes the DataDog service settings for a project.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/services.html#disable-datadog-integration
+func (s *ServicesService) DeleteDataDogService(pid interface{}, options ...RequestOptionFunc) (*Response, error) {
+	project, err := parseID(pid)
+	if err != nil {
+		return nil, err
+	}
+	u := fmt.Sprintf("projects/%s/services/datadog", PathEscape(project))
+
+	req, err := s.client.NewRequest(http.MethodDelete, u, nil, options)
+	if err != nil {
+		return nil, err
+	}
+
+	return s.client.Do(req, nil)
+}
+
 // DiscordService represents Discord service settings.
 //
 // GitLab API docs:
@@ -191,8 +293,8 @@ type DiscordService struct {
 // GitLab API docs:
 // https://docs.gitlab.com/ee/api/services.html#discord
 type DiscordServiceProperties struct {
-	NotifyOnlyBrokenPipelines bool   `url:"notify_only_broken_pipelines,omitempty" json:"notify_only_broken_pipelines,omitempty"`
 	BranchesToBeNotified      string `url:"branches_to_be_notified,omitempty" json:"branches_to_be_notified,omitempty"`
+	NotifyOnlyBrokenPipelines bool   `url:"notify_only_broken_pipelines,omitempty" json:"notify_only_broken_pipelines,omitempty"`
 }
 
 // GetDiscordService gets Discord service settings for a project.
@@ -226,7 +328,18 @@ func (s *ServicesService) GetDiscordService(pid interface{}, options ...RequestO
 // GitLab API docs:
 // https://docs.gitlab.com/ee/api/services.html#createedit-discord-service
 type SetDiscordServiceOptions struct {
-	WebHook *string `json:"webhook,omitempty"`
+	WebHook                   *string `url:"webhook,omitempty" json:"webhook,omitempty"`
+	BranchesToBeNotified      *string `url:"branches_to_be_notified,omitempty" json:"branches_to_be_notified,omitempty"`
+	ConfidentialIssuesEvents  *bool   `url:"confidential_issues_events,omitempty" json:"confidential_issues_events,omitempty"`
+	ConfidentialNoteEvents    *bool   `url:"confidential_note_events,omitempty" json:"confidential_note_events,omitempty"`
+	IssuesEvents              *bool   `url:"issues_events,omitempty" json:"issues_events,omitempty"`
+	MergeRequestsEvents       *bool   `url:"merge_requests_events,omitempty" json:"merge_requests_events,omitempty"`
+	NoteEvents                *bool   `url:"note_events,omitempty" json:"note_events,omitempty"`
+	NotifyOnlyBrokenPipelines *bool   `url:"notify_only_broken_pipelines,omitempty" json:"notify_only_broken_pipelines,omitempty"`
+	PipelineEvents            *bool   `url:"pipeline_events,omitempty" json:"pipeline_events,omitempty"`
+	PushEvents                *bool   `url:"push_events,omitempty" json:"push_events,omitempty"`
+	TagPushEvents             *bool   `url:"tag_push_events,omitempty" json:"tag_push_events,omitempty"`
+	WikiPageEvents            *bool   `url:"wiki_page_events,omitempty" json:"wiki_page_events,omitempty"`
 }
 
 // SetDiscordService sets Discord service for a project.
@@ -993,6 +1106,7 @@ type MattermostServiceProperties struct {
 	TagPushChannel            string    `json:"tag_push_channel"`
 	PipelineChannel           string    `json:"pipeline_channel"`
 	PushChannel               string    `json:"push_channel"`
+	VulnerabilityChannel      string    `json:"vulnerability_channel"`
 	WikiPageChannel           string    `json:"wiki_page_channel"`
 }
 
@@ -1032,24 +1146,24 @@ type SetMattermostServiceOptions struct {
 	Channel                   *string `url:"channel,omitempty" json:"channel,omitempty"`
 	NotifyOnlyBrokenPipelines *bool   `url:"notify_only_broken_pipelines,omitempty" json:"notify_only_broken_pipelines,omitempty"`
 	BranchesToBeNotified      *string `url:"branches_to_be_notified,omitempty" json:"branches_to_be_notified,omitempty"`
-	ConfidentialIssueChannel  *string `url:"confidential_issue_channel,omitempty" json:"confidential_issue_channel,omitempty"`
-	ConfidentialIssuesEvents  *bool   `url:"confidential_issues_events,omitempty" json:"confidential_issues_events,omitempty"`
-	ConfidentialNoteChannel   *string `json:"confidential_note_channel,omitempty"`
-	ConfidentialNoteEvents    *bool   `url:"confidential_note_events,omitempty" json:"confidential_note_events,omitempty"`
-	IssueChannel              *string `url:"issue_channel,omitempty" json:"issue_channel,omitempty"`
+	PushEvents                *bool   `url:"push_events,omitempty" json:"push_events,omitempty"`
 	IssuesEvents              *bool   `url:"issues_events,omitempty" json:"issues_events,omitempty"`
-	MergeRequestChannel       *string `url:"merge_request_channel,omitempty" json:"merge_request_channel,omitempty"`
+	ConfidentialIssuesEvents  *bool   `url:"confidential_issues_events,omitempty" json:"confidential_issues_events,omitempty"`
 	MergeRequestsEvents       *bool   `url:"merge_requests_events,omitempty" json:"merge_requests_events,omitempty"`
-	TagPushChannel            *string `url:"tag_push_channel,omitempty" json:"tag_push_channel,omitempty"`
 	TagPushEvents             *bool   `url:"tag_push_events,omitempty" json:"tag_push_events,omitempty"`
-	NoteChannel               *string `url:"note_channel,omitempty" json:"note_channel,omitempty"`
 	NoteEvents                *bool   `url:"note_events,omitempty" json:"note_events,omitempty"`
-	PipelineChannel           *string `url:"pipeline_channel,omitempty" json:"pipeline_channel,omitempty"`
+	ConfidentialNoteChannel   *string `url:"confidential_note_channel,omitempty" json:"confidential_note_channel,omitempty"`
 	PipelineEvents            *bool   `url:"pipeline_events,omitempty" json:"pipeline_events,omitempty"`
+	WikiPageEvents            *bool   `url:"wiki_page_events,omitempty" json:"wiki_page_events,omitempty"`
 	PushChannel               *string `url:"push_channel,omitempty" json:"push_channel,omitempty"`
-	PushEvents                *bool   `url:"push_events,omitempty" json:"push_events,omitempty"`
+	IssueChannel              *string `url:"issue_channel,omitempty" json:"issue_channel,omitempty"`
+	ConfidentialIssueChannel  *string `url:"confidential_issue_channel,omitempty" json:"confidential_issue_channel,omitempty"`
+	MergeRequestChannel       *string `url:"merge_request_channel,omitempty" json:"merge_request_channel,omitempty"`
+	NoteChannel               *string `url:"note_channel,omitempty" json:"note_channel,omitempty"`
+	ConfidentialNoteEvents    *bool   `url:"confidential_note_events,omitempty" json:"confidential_note_events,omitempty"`
+	TagPushChannel            *string `url:"tag_push_channel,omitempty" json:"tag_push_channel,omitempty"`
+	PipelineChannel           *string `url:"pipeline_channel,omitempty" json:"pipeline_channel,omitempty"`
 	WikiPageChannel           *string `url:"wiki_page_channel,omitempty" json:"wiki_page_channel,omitempty"`
-	WikiPageEvents            *bool   `url:"wiki_page_events,omitempty" json:"wiki_page_events,omitempty"`
 }
 
 // SetMattermostService sets Mattermost service for a project.
@@ -1409,6 +1523,7 @@ type SlackServiceProperties struct {
 	NotifyOnlyBrokenPipelines BoolValue `json:"notify_only_broken_pipelines"`
 	NotifyOnlyDefaultBranch   BoolValue `json:"notify_only_default_branch"`
 	BranchesToBeNotified      string    `json:"branches_to_be_notified"`
+	AlertChannel              string    `json:"alert_channel"`
 	ConfidentialIssueChannel  string    `json:"confidential_issue_channel"`
 	ConfidentialNoteChannel   string    `json:"confidential_note_channel"`
 	DeploymentChannel         string    `json:"deployment_channel"`
@@ -1418,6 +1533,7 @@ type SlackServiceProperties struct {
 	TagPushChannel            string    `json:"tag_push_channel"`
 	PipelineChannel           string    `json:"pipeline_channel"`
 	PushChannel               string    `json:"push_channel"`
+	VulnerabilityChannel      string    `json:"vulnerability_channel"`
 	WikiPageChannel           string    `json:"wiki_page_channel"`
 }
 
@@ -1458,29 +1574,28 @@ type SetSlackServiceOptions struct {
 	NotifyOnlyBrokenPipelines *bool   `url:"notify_only_broken_pipelines,omitempty" json:"notify_only_broken_pipelines,omitempty"`
 	NotifyOnlyDefaultBranch   *bool   `url:"notify_only_default_branch,omitempty" json:"notify_only_default_branch,omitempty"`
 	BranchesToBeNotified      *string `url:"branches_to_be_notified,omitempty" json:"branches_to_be_notified,omitempty"`
+	AlertChannel              *string `url:"alert_channel,omitempty" json:"alert_channel,omitempty"`
+	AlertEvents               *bool   `url:"alert_events,omitempty" json:"alert_events,omitempty"`
 	ConfidentialIssueChannel  *string `url:"confidential_issue_channel,omitempty" json:"confidential_issue_channel,omitempty"`
 	ConfidentialIssuesEvents  *bool   `url:"confidential_issues_events,omitempty" json:"confidential_issues_events,omitempty"`
-	// TODO: Currently, GitLab ignores this option (not implemented yet?), so
-	// there is no way to set it. Uncomment when this is fixed.
-	// See: https://gitlab.com/gitlab-org/gitlab-ce/issues/49730
-	// ConfidentialNoteChannel   *string `json:"confidential_note_channel,omitempty"`
-	ConfidentialNoteEvents *bool   `url:"confidential_note_events,omitempty" json:"confidential_note_events,omitempty"`
-	DeploymentChannel      *string `url:"deployment_channel,omitempty" json:"deployment_channel,omitempty"`
-	DeploymentEvents       *bool   `url:"deployment_events,omitempty" json:"deployment_events,omitempty"`
-	IssueChannel           *string `url:"issue_channel,omitempty" json:"issue_channel,omitempty"`
-	IssuesEvents           *bool   `url:"issues_events,omitempty" json:"issues_events,omitempty"`
-	MergeRequestChannel    *string `url:"merge_request_channel,omitempty" json:"merge_request_channel,omitempty"`
-	MergeRequestsEvents    *bool   `url:"merge_requests_events,omitempty" json:"merge_requests_events,omitempty"`
-	TagPushChannel         *string `url:"tag_push_channel,omitempty" json:"tag_push_channel,omitempty"`
-	TagPushEvents          *bool   `url:"tag_push_events,omitempty" json:"tag_push_events,omitempty"`
-	NoteChannel            *string `url:"note_channel,omitempty" json:"note_channel,omitempty"`
-	NoteEvents             *bool   `url:"note_events,omitempty" json:"note_events,omitempty"`
-	PipelineChannel        *string `url:"pipeline_channel,omitempty" json:"pipeline_channel,omitempty"`
-	PipelineEvents         *bool   `url:"pipeline_events,omitempty" json:"pipeline_events,omitempty"`
-	PushChannel            *string `url:"push_channel,omitempty" json:"push_channel,omitempty"`
-	PushEvents             *bool   `url:"push_events,omitempty" json:"push_events,omitempty"`
-	WikiPageChannel        *string `url:"wiki_page_channel,omitempty" json:"wiki_page_channel,omitempty"`
-	WikiPageEvents         *bool   `url:"wiki_page_events,omitempty" json:"wiki_page_events,omitempty"`
+	ConfidentialNoteChannel   *string `url:"confidential_note_channel,omitempty" json:"confidential_note_channel,omitempty"`
+	ConfidentialNoteEvents    *bool   `url:"confidential_note_events,omitempty" json:"confidential_note_events,omitempty"`
+	DeploymentChannel         *string `url:"deployment_channel,omitempty" json:"deployment_channel,omitempty"`
+	DeploymentEvents          *bool   `url:"deployment_events,omitempty" json:"deployment_events,omitempty"`
+	IssueChannel              *string `url:"issue_channel,omitempty" json:"issue_channel,omitempty"`
+	IssuesEvents              *bool   `url:"issues_events,omitempty" json:"issues_events,omitempty"`
+	MergeRequestChannel       *string `url:"merge_request_channel,omitempty" json:"merge_request_channel,omitempty"`
+	MergeRequestsEvents       *bool   `url:"merge_requests_events,omitempty" json:"merge_requests_events,omitempty"`
+	NoteChannel               *string `url:"note_channel,omitempty" json:"note_channel,omitempty"`
+	NoteEvents                *bool   `url:"note_events,omitempty" json:"note_events,omitempty"`
+	PipelineChannel           *string `url:"pipeline_channel,omitempty" json:"pipeline_channel,omitempty"`
+	PipelineEvents            *bool   `url:"pipeline_events,omitempty" json:"pipeline_events,omitempty"`
+	PushChannel               *string `url:"push_channel,omitempty" json:"push_channel,omitempty"`
+	PushEvents                *bool   `url:"push_events,omitempty" json:"push_events,omitempty"`
+	TagPushChannel            *string `url:"tag_push_channel,omitempty" json:"tag_push_channel,omitempty"`
+	TagPushEvents             *bool   `url:"tag_push_events,omitempty" json:"tag_push_events,omitempty"`
+	WikiPageChannel           *string `url:"wiki_page_channel,omitempty" json:"wiki_page_channel,omitempty"`
+	WikiPageEvents            *bool   `url:"wiki_page_events,omitempty" json:"wiki_page_events,omitempty"`
 }
 
 // SetSlackService sets Slack service for a project
diff --git a/vendor/github.com/xanzy/go-gitlab/settings.go b/vendor/github.com/xanzy/go-gitlab/settings.go
index 3ac4eadb4..a81d892d9 100644
--- a/vendor/github.com/xanzy/go-gitlab/settings.go
+++ b/vendor/github.com/xanzy/go-gitlab/settings.go
@@ -189,6 +189,7 @@ type Settings struct {
 	HousekeepingFullRepackPeriod                          int               `json:"housekeeping_full_repack_period"`
 	HousekeepingGcPeriod                                  int               `json:"housekeeping_gc_period"`
 	HousekeepingIncrementalRepackPeriod                   int               `json:"housekeeping_incremental_repack_period"`
+	HousekeepingOptimizeRepositoryPeriod                  int               `json:"housekeeping_optimize_repository_period"`
 	ImportSources                                         []string          `json:"import_sources"`
 	InactiveProjectsDeleteAfterMonths                     int               `json:"inactive_projects_delete_after_months"`
 	InactiveProjectsMinSizeMB                             int               `json:"inactive_projects_min_size_mb"`
@@ -237,7 +238,7 @@ type Settings struct {
 	PasswordSymbolRequired                                bool              `json:"password_symbol_required"`
 	PasswordUppercaseRequired                             bool              `json:"password_uppercase_required"`
 	PasswordLowercaseRequired                             bool              `json:"password_lowercase_required"`
-	PerformanceBarAllowedGroupID                          string            `json:"performance_bar_allowed_group_id"`
+	PerformanceBarAllowedGroupID                          int               `json:"performance_bar_allowed_group_id"`
 	PerformanceBarAllowedGroupPath                        string            `json:"performance_bar_allowed_group_path"`
 	PerformanceBarEnabled                                 bool              `json:"performance_bar_enabled"`
 	PersonalAccessTokenPrefix                             string            `json:"personal_access_token_prefix"`
@@ -567,6 +568,7 @@ type UpdateSettingsOptions struct {
 	HousekeepingFullRepackPeriod                          *int               `url:"housekeeping_full_repack_period,omitempty" json:"housekeeping_full_repack_period,omitempty"`
 	HousekeepingGcPeriod                                  *int               `url:"housekeeping_gc_period,omitempty" json:"housekeeping_gc_period,omitempty"`
 	HousekeepingIncrementalRepackPeriod                   *int               `url:"housekeeping_incremental_repack_period,omitempty" json:"housekeeping_incremental_repack_period,omitempty"`
+	HousekeepingOptimizedepositoryPeriod                  *int               `url:"housekeeping_optimize_repository_period,omitempty" json:"housekeeping_optimize_repository_period,omitempty"`
 	ImportSources                                         *[]string          `url:"import_sources,omitempty" json:"import_sources,omitempty"`
 	InactiveProjectsDeleteAfterMonths                     *int               `url:"inactive_projects_delete_after_months,omitempty" json:"inactive_projects_delete_after_months,omitempty"`
 	InactiveProjectsMinSizeMB                             *int               `url:"inactive_projects_min_size_mb,omitempty" json:"inactive_projects_min_size_mb,omitempty"`
@@ -615,7 +617,7 @@ type UpdateSettingsOptions struct {
 	PasswordSymbolRequired                                *bool              `url:"password_symbol_required,omitempty" json:"password_symbol_required,omitempty"`
 	PasswordUppercaseRequired                             *bool              `url:"password_uppercase_required,omitempty" json:"password_uppercase_required,omitempty"`
 	PasswordLowercaseRequired                             *bool              `url:"password_lowercase_required,omitempty" json:"password_lowercase_required,omitempty"`
-	PerformanceBarAllowedGroupID                          *string            `url:"performance_bar_allowed_group_id,omitempty" json:"performance_bar_allowed_group_id,omitempty"`
+	PerformanceBarAllowedGroupID                          *int               `url:"performance_bar_allowed_group_id,omitempty" json:"performance_bar_allowed_group_id,omitempty"`
 	PerformanceBarAllowedGroupPath                        *string            `url:"performance_bar_allowed_group_path,omitempty" json:"performance_bar_allowed_group_path,omitempty"`
 	PerformanceBarEnabled                                 *bool              `url:"performance_bar_enabled,omitempty" json:"performance_bar_enabled,omitempty"`
 	PersonalAccessTokenPrefix                             *string            `url:"personal_access_token_prefix,omitempty" json:"personal_access_token_prefix,omitempty"`
diff --git a/vendor/github.com/xanzy/go-gitlab/snippet_repository_storage_move.go b/vendor/github.com/xanzy/go-gitlab/snippet_repository_storage_move.go
new file mode 100644
index 000000000..00761ec2e
--- /dev/null
+++ b/vendor/github.com/xanzy/go-gitlab/snippet_repository_storage_move.go
@@ -0,0 +1,203 @@
+//
+// Copyright 2023, Nick Westbury
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+package gitlab
+
+import (
+	"fmt"
+	"net/http"
+	"time"
+)
+
+// SnippetRepositoryStorageMoveService handles communication with the
+// snippets related methods of the GitLab API.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/snippet_repository_storage_moves.html
+type SnippetRepositoryStorageMoveService struct {
+	client *Client
+}
+
+// SnippetRepositoryStorageMove represents the status of a repository move.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/snippet_repository_storage_moves.html
+type SnippetRepositoryStorageMove struct {
+	ID                     int                `json:"id"`
+	CreatedAt              *time.Time         `json:"created_at"`
+	State                  string             `json:"state"`
+	SourceStorageName      string             `json:"source_storage_name"`
+	DestinationStorageName string             `json:"destination_storage_name"`
+	Snippet                *RepositorySnippet `json:"snippet"`
+}
+
+type RepositorySnippet struct {
+	ID            int             `json:"id"`
+	Title         string          `json:"title"`
+	Description   string          `json:"description"`
+	Visibility    VisibilityValue `json:"visibility"`
+	UpdatedAt     *time.Time      `json:"updated_at"`
+	CreatedAt     *time.Time      `json:"created_at"`
+	ProjectID     int             `json:"project_id"`
+	WebURL        string          `json:"web_url"`
+	RawURL        string          `json:"raw_url"`
+	SSHURLToRepo  string          `json:"ssh_url_to_repo"`
+	HTTPURLToRepo string          `json:"http_url_to_repo"`
+}
+
+// RetrieveAllSnippetStorageMovesOptions represents the available
+// RetrieveAllStorageMoves() options.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/snippet_repository_storage_moves.html#retrieve-all-repository-storage-moves-for-a-snippet
+type RetrieveAllSnippetStorageMovesOptions ListOptions
+
+// RetrieveAllStorageMoves retrieves all snippet repository storage moves
+// accessible by the authenticated user.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/snippet_repository_storage_moves.html#retrieve-all-repository-storage-moves-for-a-snippet
+func (s SnippetRepositoryStorageMoveService) RetrieveAllStorageMoves(opts RetrieveAllSnippetStorageMovesOptions, options ...RequestOptionFunc) ([]*SnippetRepositoryStorageMove, *Response, error) {
+	req, err := s.client.NewRequest(http.MethodGet, "snippet_repository_storage_moves", opts, options)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	var ssms []*SnippetRepositoryStorageMove
+	resp, err := s.client.Do(req, &ssms)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return ssms, resp, err
+}
+
+// RetrieveAllStorageMovesForSnippet retrieves all repository storage moves for
+// a single snippet accessible by the authenticated user.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/snippet_repository_storage_moves.html#retrieve-all-repository-storage-moves-for-a-snippet
+func (s SnippetRepositoryStorageMoveService) RetrieveAllStorageMovesForSnippet(snippet int, opts RetrieveAllSnippetStorageMovesOptions, options ...RequestOptionFunc) ([]*SnippetRepositoryStorageMove, *Response, error) {
+	u := fmt.Sprintf("snippets/%d/repository_storage_moves", snippet)
+
+	req, err := s.client.NewRequest(http.MethodGet, u, opts, options)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	var ssms []*SnippetRepositoryStorageMove
+	resp, err := s.client.Do(req, &ssms)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return ssms, resp, err
+}
+
+// GetStorageMove gets a single snippet repository storage move.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/snippet_repository_storage_moves.html#get-a-single-snippet-repository-storage-move
+func (s SnippetRepositoryStorageMoveService) GetStorageMove(repositoryStorage int, options ...RequestOptionFunc) (*SnippetRepositoryStorageMove, *Response, error) {
+	u := fmt.Sprintf("snippet_repository_storage_moves/%d", repositoryStorage)
+
+	req, err := s.client.NewRequest(http.MethodGet, u, nil, options)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	ssm := new(SnippetRepositoryStorageMove)
+	resp, err := s.client.Do(req, ssm)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return ssm, resp, err
+}
+
+// GetStorageMoveForSnippet gets a single repository storage move for a snippet.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/snippet_repository_storage_moves.html#get-a-single-repository-storage-move-for-a-snippet
+func (s SnippetRepositoryStorageMoveService) GetStorageMoveForSnippet(snippet int, repositoryStorage int, options ...RequestOptionFunc) (*SnippetRepositoryStorageMove, *Response, error) {
+	u := fmt.Sprintf("snippets/%d/repository_storage_moves/%d", snippet, repositoryStorage)
+
+	req, err := s.client.NewRequest(http.MethodGet, u, nil, options)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	ssm := new(SnippetRepositoryStorageMove)
+	resp, err := s.client.Do(req, ssm)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return ssm, resp, err
+}
+
+// ScheduleStorageMoveForSnippetOptions represents the available
+// ScheduleStorageMoveForSnippet() options.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/snippet_repository_storage_moves.html#schedule-a-repository-storage-move-for-a-snippet
+type ScheduleStorageMoveForSnippetOptions struct {
+	DestinationStorageName *string `url:"destination_storage_name,omitempty" json:"destination_storage_name,omitempty"`
+}
+
+// ScheduleStorageMoveForSnippet schedule a repository to be moved for a snippet.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/snippet_repository_storage_moves.html#schedule-a-repository-storage-move-for-a-snippet
+func (s SnippetRepositoryStorageMoveService) ScheduleStorageMoveForSnippet(snippet int, opts ScheduleStorageMoveForSnippetOptions, options ...RequestOptionFunc) (*SnippetRepositoryStorageMove, *Response, error) {
+	u := fmt.Sprintf("snippets/%d/repository_storage_moves", snippet)
+
+	req, err := s.client.NewRequest(http.MethodPost, u, opts, options)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	ssm := new(SnippetRepositoryStorageMove)
+	resp, err := s.client.Do(req, ssm)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return ssm, resp, err
+}
+
+// ScheduleAllSnippetStorageMovesOptions represents the available
+// ScheduleAllStorageMoves() options.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/snippet_repository_storage_moves.html#schedule-repository-storage-moves-for-all-snippets-on-a-storage-shard
+type ScheduleAllSnippetStorageMovesOptions struct {
+	SourceStorageName      *string `url:"source_storage_name,omitempty" json:"source_storage_name,omitempty"`
+	DestinationStorageName *string `url:"destination_storage_name,omitempty" json:"destination_storage_name,omitempty"`
+}
+
+// ScheduleAllStorageMoves schedules all snippet repositories to be moved.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/snippet_repository_storage_moves.html#schedule-repository-storage-moves-for-all-snippets-on-a-storage-shard
+func (s SnippetRepositoryStorageMoveService) ScheduleAllStorageMoves(opts ScheduleAllSnippetStorageMovesOptions, options ...RequestOptionFunc) (*Response, error) {
+	req, err := s.client.NewRequest(http.MethodPost, "snippet_repository_storage_moves", opts, options)
+	if err != nil {
+		return nil, err
+	}
+
+	return s.client.Do(req, nil)
+}
diff --git a/vendor/github.com/xanzy/go-gitlab/snippets.go b/vendor/github.com/xanzy/go-gitlab/snippets.go
index 12687c372..c25548b12 100644
--- a/vendor/github.com/xanzy/go-gitlab/snippets.go
+++ b/vendor/github.com/xanzy/go-gitlab/snippets.go
@@ -57,6 +57,7 @@ type Snippet struct {
 		Path   string `json:"path"`
 		RawURL string `json:"raw_url"`
 	} `json:"files"`
+	RepositoryStorage string `json:"repository_storage"`
 }
 
 func (s Snippet) String() string {
@@ -281,3 +282,33 @@ func (s *SnippetsService) ExploreSnippets(opt *ExploreSnippetsOptions, options .
 
 	return ps, resp, nil
 }
+
+// ListAllSnippetsOptions represents the available ListAllSnippets() options.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/snippets.html#list-all-snippets
+type ListAllSnippetsOptions struct {
+	ListOptions
+	CreatedAfter      *ISOTime `url:"created_after,omitempty" json:"created_after,omitempty"`
+	CreatedBefore     *ISOTime `url:"created_before,omitempty" json:"created_before,omitempty"`
+	RepositoryStorage *string  `url:"repository_storage,omitempty" json:"repository_storage,omitempty"`
+}
+
+// ListAllSnippets gets all snippets the current user has access to.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/snippets.html#list-all-snippets
+func (s *SnippetsService) ListAllSnippets(opt *ListAllSnippetsOptions, options ...RequestOptionFunc) ([]*Snippet, *Response, error) {
+	req, err := s.client.NewRequest(http.MethodGet, "snippets/all", opt, options)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	var ps []*Snippet
+	resp, err := s.client.Do(req, &ps)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return ps, resp, nil
+}
diff --git a/vendor/github.com/xanzy/go-gitlab/time_stats.go b/vendor/github.com/xanzy/go-gitlab/time_stats.go
index c1256b965..0ce2d6751 100644
--- a/vendor/github.com/xanzy/go-gitlab/time_stats.go
+++ b/vendor/github.com/xanzy/go-gitlab/time_stats.go
@@ -104,6 +104,7 @@ func (s *timeStatsService) resetTimeEstimate(pid interface{}, entity string, iss
 // GitLab docs: https://docs.gitlab.com/ee/workflow/time_tracking.html
 type AddSpentTimeOptions struct {
 	Duration *string `url:"duration,omitempty" json:"duration,omitempty"`
+	Summary  *string `url:"summary,omitempty" json:"summary,omitempty"`
 }
 
 // addSpentTime adds spent time for a single project issue.
diff --git a/vendor/github.com/xanzy/go-gitlab/todos.go b/vendor/github.com/xanzy/go-gitlab/todos.go
index 4e3c58dee..7ea26d01b 100644
--- a/vendor/github.com/xanzy/go-gitlab/todos.go
+++ b/vendor/github.com/xanzy/go-gitlab/todos.go
@@ -59,7 +59,7 @@ type TodoTarget struct {
 	Description          string                 `json:"description"`
 	Downvotes            int                    `json:"downvotes"`
 	ID                   int                    `json:"id"`
-	IID                  int                    `json:"iid"`
+	IID                  interface{}            `json:"iid"`
 	Labels               []string               `json:"labels"`
 	Milestone            *Milestone             `json:"milestone"`
 	ProjectID            int                    `json:"project_id"`
diff --git a/vendor/github.com/xanzy/go-gitlab/types.go b/vendor/github.com/xanzy/go-gitlab/types.go
index 9b2a96cf1..cd8aad768 100644
--- a/vendor/github.com/xanzy/go-gitlab/types.go
+++ b/vendor/github.com/xanzy/go-gitlab/types.go
@@ -607,8 +607,11 @@ type SharedRunnersSettingValue string
 // https://docs.gitlab.com/ee/api/groups.html#options-for-shared_runners_setting
 const (
 	EnabledSharedRunnersSettingValue                  SharedRunnersSettingValue = "enabled"
-	DisabledWithOverrideSharedRunnersSettingValue     SharedRunnersSettingValue = "disabled_with_override"
+	DisabledAndOverridableSharedRunnersSettingValue   SharedRunnersSettingValue = "disabled_and_overridable"
 	DisabledAndUnoverridableSharedRunnersSettingValue SharedRunnersSettingValue = "disabled_and_unoverridable"
+
+	// Deprecated: DisabledWithOverrideSharedRunnersSettingValue is deprecated in favor of DisabledAndOverridableSharedRunnersSettingValue
+	DisabledWithOverrideSharedRunnersSettingValue SharedRunnersSettingValue = "disabled_with_override"
 )
 
 // SharedRunnersSetting is a helper routine that allocates a new SharedRunnersSettingValue
diff --git a/vendor/github.com/xanzy/go-gitlab/users.go b/vendor/github.com/xanzy/go-gitlab/users.go
index 68ddd6bd7..4489034e1 100644
--- a/vendor/github.com/xanzy/go-gitlab/users.go
+++ b/vendor/github.com/xanzy/go-gitlab/users.go
@@ -398,6 +398,36 @@ func (s *UsersService) SetUserStatus(opt *UserStatusOptions, options ...RequestO
 	return status, resp, nil
 }
 
+// UserAssociationsCount represents the user associations count.
+//
+// Gitlab API docs: https://docs.gitlab.com/ee/api/users.html#list-associations-count-for-user
+type UserAssociationsCount struct {
+	GroupsCount        int `json:"groups_count"`
+	ProjectsCount      int `json:"projects_count"`
+	IssuesCount        int `json:"issues_count"`
+	MergeRequestsCount int `json:"merge_requests_count"`
+}
+
+// GetUserAssociationsCount gets a list of a specified user associations.
+//
+// Gitlab API docs: https://docs.gitlab.com/ee/api/users.html#list-associations-count-for-user
+func (s *UsersService) GetUserAssociationsCount(user int, options ...RequestOptionFunc) (*UserAssociationsCount, *Response, error) {
+	u := fmt.Sprintf("users/%d/associations_count", user)
+
+	req, err := s.client.NewRequest(http.MethodGet, u, nil, options)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	uac := new(UserAssociationsCount)
+	resp, err := s.client.Do(req, uac)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return uac, resp, nil
+}
+
 // SSHKey represents a SSH key.
 //
 // GitLab API docs: https://docs.gitlab.com/ee/api/users.html#list-ssh-keys
@@ -409,11 +439,16 @@ type SSHKey struct {
 	ExpiresAt *time.Time `json:"expires_at"`
 }
 
+// ListSSHKeysOptions represents the available ListSSHKeys options.
+//
+// GitLab API docs: https://docs.gitlab.com/ee/api/users.html#list-ssh-keys
+type ListSSHKeysOptions ListOptions
+
 // ListSSHKeys gets a list of currently authenticated user's SSH keys.
 //
 // GitLab API docs: https://docs.gitlab.com/ee/api/users.html#list-ssh-keys
-func (s *UsersService) ListSSHKeys(options ...RequestOptionFunc) ([]*SSHKey, *Response, error) {
-	req, err := s.client.NewRequest(http.MethodGet, "user/keys", nil, options)
+func (s *UsersService) ListSSHKeys(opt *ListSSHKeysOptions, options ...RequestOptionFunc) ([]*SSHKey, *Response, error) {
+	req, err := s.client.NewRequest(http.MethodGet, "user/keys", opt, options)
 	if err != nil {
 		return nil, nil, err
 	}
@@ -1124,14 +1159,15 @@ func (s *UsersService) RejectUser(user int, options ...RequestOptionFunc) error
 // GitLab API docs:
 // https://docs.gitlab.com/ee/api/users.html#get-all-impersonation-tokens-of-a-user
 type ImpersonationToken struct {
-	ID        int        `json:"id"`
-	Name      string     `json:"name"`
-	Active    bool       `json:"active"`
-	Token     string     `json:"token"`
-	Scopes    []string   `json:"scopes"`
-	Revoked   bool       `json:"revoked"`
-	CreatedAt *time.Time `json:"created_at"`
-	ExpiresAt *ISOTime   `json:"expires_at"`
+	ID         int        `json:"id"`
+	Name       string     `json:"name"`
+	Active     bool       `json:"active"`
+	Token      string     `json:"token"`
+	Scopes     []string   `json:"scopes"`
+	Revoked    bool       `json:"revoked"`
+	CreatedAt  *time.Time `json:"created_at"`
+	ExpiresAt  *ISOTime   `json:"expires_at"`
+	LastUsedAt *time.Time `json:"last_used_at"`
 }
 
 // GetAllImpersonationTokensOptions represents the available
@@ -1265,6 +1301,38 @@ func (s *UsersService) CreatePersonalAccessToken(user int, opt *CreatePersonalAc
 	return t, resp, nil
 }
 
+// CreatePersonalAccessTokenForCurrentUserOptions represents the available
+// CreatePersonalAccessTokenForCurrentUser() options.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/users.html#create-a-personal-access-token-with-limited-scopes-for-the-currently-authenticated-user
+type CreatePersonalAccessTokenForCurrentUserOptions struct {
+	Name      *string   `url:"name,omitempty" json:"name,omitempty"`
+	Scopes    *[]string `url:"scopes,omitempty" json:"scopes,omitempty"`
+	ExpiresAt *ISOTime  `url:"expires_at,omitempty" json:"expires_at,omitempty"`
+}
+
+// CreatePersonalAccessTokenForCurrentUser creates a personal access token with limited scopes for the currently authenticated user.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/users.html#create-a-personal-access-token-with-limited-scopes-for-the-currently-authenticated-user
+func (s *UsersService) CreatePersonalAccessTokenForCurrentUser(opt *CreatePersonalAccessTokenForCurrentUserOptions, options ...RequestOptionFunc) (*PersonalAccessToken, *Response, error) {
+	u := "user/personal_access_tokens"
+
+	req, err := s.client.NewRequest(http.MethodPost, u, opt, options)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	t := new(PersonalAccessToken)
+	resp, err := s.client.Do(req, &t)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return t, resp, nil
+}
+
 // UserActivity represents an entry in the user/activities response
 //
 // GitLab API docs:
@@ -1373,3 +1441,50 @@ func (s *UsersService) DisableTwoFactor(user int, options ...RequestOptionFunc)
 		return fmt.Errorf("Received unexpected result code: %d", resp.StatusCode)
 	}
 }
+
+// UserRunner represents a GitLab runner linked to the current user.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/users.html#create-a-runner
+type UserRunner struct {
+	ID             int        `json:"id"`
+	Token          string     `json:"token"`
+	TokenExpiresAt *time.Time `json:"token_expires_at"`
+}
+
+// CreateUserRunnerOptions represents the available CreateUserRunner() options.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/users.html#create-a-runner
+type CreateUserRunnerOptions struct {
+	RunnerType      *string   `url:"runner_type,omitempty" json:"runner_type,omitempty"`
+	GroupID         *int      `url:"group_id,omitempty" json:"group_id,omitempty"`
+	ProjectID       *int      `url:"project_id,omitempty" json:"project_id,omitempty"`
+	Description     *string   `url:"description,omitempty" json:"description,omitempty"`
+	Paused          *bool     `url:"paused,omitempty" json:"paused,omitempty"`
+	Locked          *bool     `url:"locked,omitempty" json:"locked,omitempty"`
+	RunUntagged     *bool     `url:"run_untagged,omitempty" json:"run_untagged,omitempty"`
+	TagList         *[]string `url:"tag_list,omitempty" json:"tag_list,omitempty"`
+	AccessLevel     *string   `url:"access_level,omitempty" json:"access_level,omitempty"`
+	MaximumTimeout  *int      `url:"maximum_timeout,omitempty" json:"maximum_timeout,omitempty"`
+	MaintenanceNote *string   `url:"maintenance_note,omitempty" json:"maintenance_note,omitempty"`
+}
+
+// CreateUserRunner creates a runner linked to the current user.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/users.html#create-a-runner
+func (s *UsersService) CreateUserRunner(opts *CreateUserRunnerOptions, options ...RequestOptionFunc) (*UserRunner, *Response, error) {
+	req, err := s.client.NewRequest(http.MethodPost, "user/runners", opts, options)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	r := new(UserRunner)
+	resp, err := s.client.Do(req, r)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return r, resp, nil
+}
diff --git a/vendor/go.mongodb.org/mongo-driver/bson/bsoncodec/array_codec.go b/vendor/go.mongodb.org/mongo-driver/bson/bsoncodec/array_codec.go
index 4e24f9eed..6ca8d9ad6 100644
--- a/vendor/go.mongodb.org/mongo-driver/bson/bsoncodec/array_codec.go
+++ b/vendor/go.mongodb.org/mongo-driver/bson/bsoncodec/array_codec.go
@@ -14,17 +14,23 @@ import (
 )
 
 // ArrayCodec is the Codec used for bsoncore.Array values.
+//
+// Deprecated: Use [go.mongodb.org/mongo-driver/bson.NewRegistry] to get a registry with the
+// ArrayCodec registered.
 type ArrayCodec struct{}
 
 var defaultArrayCodec = NewArrayCodec()
 
 // NewArrayCodec returns an ArrayCodec.
+//
+// Deprecated: Use [go.mongodb.org/mongo-driver/bson.NewRegistry] to get a registry with the
+// ArrayCodec registered.
 func NewArrayCodec() *ArrayCodec {
 	return &ArrayCodec{}
 }
 
 // EncodeValue is the ValueEncoder for bsoncore.Array values.
-func (ac *ArrayCodec) EncodeValue(ec EncodeContext, vw bsonrw.ValueWriter, val reflect.Value) error {
+func (ac *ArrayCodec) EncodeValue(_ EncodeContext, vw bsonrw.ValueWriter, val reflect.Value) error {
 	if !val.IsValid() || val.Type() != tCoreArray {
 		return ValueEncoderError{Name: "CoreArrayEncodeValue", Types: []reflect.Type{tCoreArray}, Received: val}
 	}
@@ -34,7 +40,7 @@ func (ac *ArrayCodec) EncodeValue(ec EncodeContext, vw bsonrw.ValueWriter, val r
 }
 
 // DecodeValue is the ValueDecoder for bsoncore.Array values.
-func (ac *ArrayCodec) DecodeValue(dc DecodeContext, vr bsonrw.ValueReader, val reflect.Value) error {
+func (ac *ArrayCodec) DecodeValue(_ DecodeContext, vr bsonrw.ValueReader, val reflect.Value) error {
 	if !val.CanSet() || val.Type() != tCoreArray {
 		return ValueDecoderError{Name: "CoreArrayDecodeValue", Types: []reflect.Type{tCoreArray}, Received: val}
 	}
diff --git a/vendor/go.mongodb.org/mongo-driver/bson/bsoncodec/bsoncodec.go b/vendor/go.mongodb.org/mongo-driver/bson/bsoncodec/bsoncodec.go
index 098ed69f9..0693bd432 100644
--- a/vendor/go.mongodb.org/mongo-driver/bson/bsoncodec/bsoncodec.go
+++ b/vendor/go.mongodb.org/mongo-driver/bson/bsoncodec/bsoncodec.go
@@ -23,6 +23,8 @@ var (
 // Marshaler is an interface implemented by types that can marshal themselves
 // into a BSON document represented as bytes. The bytes returned must be a valid
 // BSON document if the error is nil.
+//
+// Deprecated: Use [go.mongodb.org/mongo-driver/bson.Marshaler] instead.
 type Marshaler interface {
 	MarshalBSON() ([]byte, error)
 }
@@ -31,6 +33,8 @@ type Marshaler interface {
 // themselves into a BSON value as bytes. The type must be the valid type for
 // the bytes returned. The bytes and byte type together must be valid if the
 // error is nil.
+//
+// Deprecated: Use [go.mongodb.org/mongo-driver/bson.ValueMarshaler] instead.
 type ValueMarshaler interface {
 	MarshalBSONValue() (bsontype.Type, []byte, error)
 }
@@ -39,6 +43,8 @@ type ValueMarshaler interface {
 // document representation of themselves. The BSON bytes can be assumed to be
 // valid. UnmarshalBSON must copy the BSON bytes if it wishes to retain the data
 // after returning.
+//
+// Deprecated: Use [go.mongodb.org/mongo-driver/bson.Unmarshaler] instead.
 type Unmarshaler interface {
 	UnmarshalBSON([]byte) error
 }
@@ -47,6 +53,8 @@ type Unmarshaler interface {
 // BSON value representation of themselves. The BSON bytes and type can be
 // assumed to be valid. UnmarshalBSONValue must copy the BSON value bytes if it
 // wishes to retain the data after returning.
+//
+// Deprecated: Use [go.mongodb.org/mongo-driver/bson.ValueUnmarshaler] instead.
 type ValueUnmarshaler interface {
 	UnmarshalBSONValue(bsontype.Type, []byte) error
 }
@@ -111,13 +119,93 @@ func (vde ValueDecoderError) Error() string {
 // value.
 type EncodeContext struct {
 	*Registry
+
+	// MinSize causes the Encoder to marshal Go integer values (int, int8, int16, int32, int64,
+	// uint, uint8, uint16, uint32, or uint64) as the minimum BSON int size (either 32 or 64 bits)
+	// that can represent the integer value.
+	//
+	// Deprecated: Use bson.Encoder.IntMinSize instead.
 	MinSize bool
+
+	errorOnInlineDuplicates bool
+	stringifyMapKeysWithFmt bool
+	nilMapAsEmpty           bool
+	nilSliceAsEmpty         bool
+	nilByteSliceAsEmpty     bool
+	omitZeroStruct          bool
+	useJSONStructTags       bool
+}
+
+// ErrorOnInlineDuplicates causes the Encoder to return an error if there is a duplicate field in
+// the marshaled BSON when the "inline" struct tag option is set.
+//
+// Deprecated: Use [go.mongodb.org/mongo-driver/bson.Encoder.ErrorOnInlineDuplicates] instead.
+func (ec *EncodeContext) ErrorOnInlineDuplicates() {
+	ec.errorOnInlineDuplicates = true
+}
+
+// StringifyMapKeysWithFmt causes the Encoder to convert Go map keys to BSON document field name
+// strings using fmt.Sprintf() instead of the default string conversion logic.
+//
+// Deprecated: Use [go.mongodb.org/mongo-driver/bson.Encoder.StringifyMapKeysWithFmt] instead.
+func (ec *EncodeContext) StringifyMapKeysWithFmt() {
+	ec.stringifyMapKeysWithFmt = true
+}
+
+// NilMapAsEmpty causes the Encoder to marshal nil Go maps as empty BSON documents instead of BSON
+// null.
+//
+// Deprecated: Use [go.mongodb.org/mongo-driver/bson.Encoder.NilMapAsEmpty] instead.
+func (ec *EncodeContext) NilMapAsEmpty() {
+	ec.nilMapAsEmpty = true
+}
+
+// NilSliceAsEmpty causes the Encoder to marshal nil Go slices as empty BSON arrays instead of BSON
+// null.
+//
+// Deprecated: Use [go.mongodb.org/mongo-driver/bson.Encoder.NilSliceAsEmpty] instead.
+func (ec *EncodeContext) NilSliceAsEmpty() {
+	ec.nilSliceAsEmpty = true
+}
+
+// NilByteSliceAsEmpty causes the Encoder to marshal nil Go byte slices as empty BSON binary values
+// instead of BSON null.
+//
+// Deprecated: Use [go.mongodb.org/mongo-driver/bson.Encoder.NilByteSliceAsEmpty] instead.
+func (ec *EncodeContext) NilByteSliceAsEmpty() {
+	ec.nilByteSliceAsEmpty = true
+}
+
+// OmitZeroStruct causes the Encoder to consider the zero value for a struct (e.g. MyStruct{})
+// as empty and omit it from the marshaled BSON when the "omitempty" struct tag option is set.
+//
+// Note that the Encoder only examines exported struct fields when determining if a struct is the
+// zero value. It considers pointers to a zero struct value (e.g. &MyStruct{}) not empty.
+//
+// Deprecated: Use [go.mongodb.org/mongo-driver/bson.Encoder.OmitZeroStruct] instead.
+func (ec *EncodeContext) OmitZeroStruct() {
+	ec.omitZeroStruct = true
+}
+
+// UseJSONStructTags causes the Encoder to fall back to using the "json" struct tag if a "bson"
+// struct tag is not specified.
+//
+// Deprecated: Use [go.mongodb.org/mongo-driver/bson.Encoder.UseJSONStructTags] instead.
+func (ec *EncodeContext) UseJSONStructTags() {
+	ec.useJSONStructTags = true
 }
 
 // DecodeContext is the contextual information required for a Codec to decode a
 // value.
 type DecodeContext struct {
 	*Registry
+
+	// Truncate, if true, instructs decoders to to truncate the fractional part of BSON "double"
+	// values when attempting to unmarshal them into a Go integer (int, int8, int16, int32, int64,
+	// uint, uint8, uint16, uint32, or uint64) struct field. The truncation logic does not apply to
+	// BSON "decimal128" values.
+	//
+	// Deprecated: Use bson.Decoder.AllowTruncatingDoubles instead.
 	Truncate bool
 
 	// Ancestor is the type of a containing document. This is mainly used to determine what type
@@ -125,7 +213,7 @@ type DecodeContext struct {
 	// Ancestor is a bson.M, BSON embedded document values being decoded into an empty interface
 	// will be decoded into a bson.M.
 	//
-	// Deprecated: Use DefaultDocumentM or DefaultDocumentD instead.
+	// Deprecated: Use bson.Decoder.DefaultDocumentM or bson.Decoder.DefaultDocumentD instead.
 	Ancestor reflect.Type
 
 	// defaultDocumentType specifies the Go type to decode top-level and nested BSON documents into. In particular, the
@@ -133,22 +221,74 @@ type DecodeContext struct {
 	// set to a type that a BSON document cannot be unmarshaled into (e.g. "string"), unmarshalling will result in an
 	// error. DocumentType overrides the Ancestor field.
 	defaultDocumentType reflect.Type
+
+	binaryAsSlice     bool
+	useJSONStructTags bool
+	useLocalTimeZone  bool
+	zeroMaps          bool
+	zeroStructs       bool
 }
 
-// DefaultDocumentM will decode empty documents using the primitive.M type. This behavior is restricted to data typed as
-// "interface{}" or "map[string]interface{}".
+// BinaryAsSlice causes the Decoder to unmarshal BSON binary field values that are the "Generic" or
+// "Old" BSON binary subtype as a Go byte slice instead of a primitive.Binary.
+//
+// Deprecated: Use [go.mongodb.org/mongo-driver/bson.Decoder.BinaryAsSlice] instead.
+func (dc *DecodeContext) BinaryAsSlice() {
+	dc.binaryAsSlice = true
+}
+
+// UseJSONStructTags causes the Decoder to fall back to using the "json" struct tag if a "bson"
+// struct tag is not specified.
+//
+// Deprecated: Use [go.mongodb.org/mongo-driver/bson.Decoder.UseJSONStructTags] instead.
+func (dc *DecodeContext) UseJSONStructTags() {
+	dc.useJSONStructTags = true
+}
+
+// UseLocalTimeZone causes the Decoder to unmarshal time.Time values in the local timezone instead
+// of the UTC timezone.
+//
+// Deprecated: Use [go.mongodb.org/mongo-driver/bson.Decoder.UseLocalTimeZone] instead.
+func (dc *DecodeContext) UseLocalTimeZone() {
+	dc.useLocalTimeZone = true
+}
+
+// ZeroMaps causes the Decoder to delete any existing values from Go maps in the destination value
+// passed to Decode before unmarshaling BSON documents into them.
+//
+// Deprecated: Use [go.mongodb.org/mongo-driver/bson.Decoder.ZeroMaps] instead.
+func (dc *DecodeContext) ZeroMaps() {
+	dc.zeroMaps = true
+}
+
+// ZeroStructs causes the Decoder to delete any existing values from Go structs in the destination
+// value passed to Decode before unmarshaling BSON documents into them.
+//
+// Deprecated: Use [go.mongodb.org/mongo-driver/bson.Decoder.ZeroStructs] instead.
+func (dc *DecodeContext) ZeroStructs() {
+	dc.zeroStructs = true
+}
+
+// DefaultDocumentM causes the Decoder to always unmarshal documents into the primitive.M type. This
+// behavior is restricted to data typed as "interface{}" or "map[string]interface{}".
+//
+// Deprecated: Use [go.mongodb.org/mongo-driver/bson.Decoder.DefaultDocumentM] instead.
 func (dc *DecodeContext) DefaultDocumentM() {
 	dc.defaultDocumentType = reflect.TypeOf(primitive.M{})
 }
 
-// DefaultDocumentD will decode empty documents using the primitive.D type. This behavior is restricted to data typed as
-// "interface{}" or "map[string]interface{}".
+// DefaultDocumentD causes the Decoder to always unmarshal documents into the primitive.D type. This
+// behavior is restricted to data typed as "interface{}" or "map[string]interface{}".
+//
+// Deprecated: Use [go.mongodb.org/mongo-driver/bson.Decoder.DefaultDocumentD] instead.
 func (dc *DecodeContext) DefaultDocumentD() {
 	dc.defaultDocumentType = reflect.TypeOf(primitive.D{})
 }
 
-// ValueCodec is the interface that groups the methods to encode and decode
+// ValueCodec is an interface for encoding and decoding a reflect.Value.
 // values.
+//
+// Deprecated: Use [ValueEncoder] and [ValueDecoder] instead.
 type ValueCodec interface {
 	ValueEncoder
 	ValueDecoder
@@ -233,6 +373,10 @@ func decodeTypeOrValueWithInfo(vd ValueDecoder, td typeDecoder, dc DecodeContext
 
 // CodecZeroer is the interface implemented by Codecs that can also determine if
 // a value of the type that would be encoded is zero.
+//
+// Deprecated: Defining custom rules for the zero/empty value will not be supported in Go Driver
+// 2.0. Users who want to omit empty complex values should use a pointer field and set the value to
+// nil instead.
 type CodecZeroer interface {
 	IsTypeZero(interface{}) bool
 }
diff --git a/vendor/go.mongodb.org/mongo-driver/bson/bsoncodec/byte_slice_codec.go b/vendor/go.mongodb.org/mongo-driver/bson/bsoncodec/byte_slice_codec.go
index 5a916cc15..dde3e7681 100644
--- a/vendor/go.mongodb.org/mongo-driver/bson/bsoncodec/byte_slice_codec.go
+++ b/vendor/go.mongodb.org/mongo-driver/bson/bsoncodec/byte_slice_codec.go
@@ -16,18 +16,30 @@ import (
 )
 
 // ByteSliceCodec is the Codec used for []byte values.
+//
+// Deprecated: Use [go.mongodb.org/mongo-driver/bson.NewRegistry] to get a registry with the
+// ByteSliceCodec registered.
 type ByteSliceCodec struct {
+	// EncodeNilAsEmpty causes EncodeValue to marshal nil Go byte slices as empty BSON binary values
+	// instead of BSON null.
+	//
+	// Deprecated: Use bson.Encoder.NilByteSliceAsEmpty instead.
 	EncodeNilAsEmpty bool
 }
 
 var (
 	defaultByteSliceCodec = NewByteSliceCodec()
 
-	_ ValueCodec  = defaultByteSliceCodec
+	// Assert that defaultByteSliceCodec satisfies the typeDecoder interface, which allows it to be
+	// used by collection type decoders (e.g. map, slice, etc) to set individual values in a
+	// collection.
 	_ typeDecoder = defaultByteSliceCodec
 )
 
-// NewByteSliceCodec returns a StringCodec with options opts.
+// NewByteSliceCodec returns a ByteSliceCodec with options opts.
+//
+// Deprecated: Use [go.mongodb.org/mongo-driver/bson.NewRegistry] to get a registry with the
+// ByteSliceCodec registered.
 func NewByteSliceCodec(opts ...*bsonoptions.ByteSliceCodecOptions) *ByteSliceCodec {
 	byteSliceOpt := bsonoptions.MergeByteSliceCodecOptions(opts...)
 	codec := ByteSliceCodec{}
@@ -42,13 +54,13 @@ func (bsc *ByteSliceCodec) EncodeValue(ec EncodeContext, vw bsonrw.ValueWriter,
 	if !val.IsValid() || val.Type() != tByteSlice {
 		return ValueEncoderError{Name: "ByteSliceEncodeValue", Types: []reflect.Type{tByteSlice}, Received: val}
 	}
-	if val.IsNil() && !bsc.EncodeNilAsEmpty {
+	if val.IsNil() && !bsc.EncodeNilAsEmpty && !ec.nilByteSliceAsEmpty {
 		return vw.WriteNull()
 	}
 	return vw.WriteBinary(val.Interface().([]byte))
 }
 
-func (bsc *ByteSliceCodec) decodeType(dc DecodeContext, vr bsonrw.ValueReader, t reflect.Type) (reflect.Value, error) {
+func (bsc *ByteSliceCodec) decodeType(_ DecodeContext, vr bsonrw.ValueReader, t reflect.Type) (reflect.Value, error) {
 	if t != tByteSlice {
 		return emptyValue, ValueDecoderError{
 			Name:     "ByteSliceDecodeValue",
diff --git a/vendor/go.mongodb.org/mongo-driver/bson/bsoncodec/default_value_decoders.go b/vendor/go.mongodb.org/mongo-driver/bson/bsoncodec/default_value_decoders.go
index e95cab585..e479c3585 100644
--- a/vendor/go.mongodb.org/mongo-driver/bson/bsoncodec/default_value_decoders.go
+++ b/vendor/go.mongodb.org/mongo-driver/bson/bsoncodec/default_value_decoders.go
@@ -48,6 +48,9 @@ func newDefaultStructCodec() *StructCodec {
 
 // DefaultValueDecoders is a namespace type for the default ValueDecoders used
 // when creating a registry.
+//
+// Deprecated: Use [go.mongodb.org/mongo-driver/bson.NewRegistry] to get a registry with all default
+// value decoders registered.
 type DefaultValueDecoders struct{}
 
 // RegisterDefaultDecoders will register the decoder methods attached to DefaultValueDecoders with
@@ -56,6 +59,9 @@ type DefaultValueDecoders struct{}
 // There is no support for decoding map[string]interface{} because there is no decoder for
 // interface{}, so users must either register this decoder themselves or use the
 // EmptyInterfaceDecoder available in the bson package.
+//
+// Deprecated: Use [go.mongodb.org/mongo-driver/bson.NewRegistry] to get a registry with all default
+// value decoders registered.
 func (dvd DefaultValueDecoders) RegisterDefaultDecoders(rb *RegistryBuilder) {
 	if rb == nil {
 		panic(errors.New("argument to RegisterDefaultDecoders must not be nil"))
@@ -132,6 +138,9 @@ func (dvd DefaultValueDecoders) RegisterDefaultDecoders(rb *RegistryBuilder) {
 }
 
 // DDecodeValue is the ValueDecoderFunc for primitive.D instances.
+//
+// Deprecated: Use [go.mongodb.org/mongo-driver/bson.NewRegistry] to get a registry with all default
+// value decoders registered.
 func (dvd DefaultValueDecoders) DDecodeValue(dc DecodeContext, vr bsonrw.ValueReader, val reflect.Value) error {
 	if !val.IsValid() || !val.CanSet() || val.Type() != tD {
 		return ValueDecoderError{Name: "DDecodeValue", Kinds: []reflect.Kind{reflect.Slice}, Received: val}
@@ -188,7 +197,7 @@ func (dvd DefaultValueDecoders) DDecodeValue(dc DecodeContext, vr bsonrw.ValueRe
 	return nil
 }
 
-func (dvd DefaultValueDecoders) booleanDecodeType(dctx DecodeContext, vr bsonrw.ValueReader, t reflect.Type) (reflect.Value, error) {
+func (dvd DefaultValueDecoders) booleanDecodeType(_ DecodeContext, vr bsonrw.ValueReader, t reflect.Type) (reflect.Value, error) {
 	if t.Kind() != reflect.Bool {
 		return emptyValue, ValueDecoderError{
 			Name:     "BooleanDecodeValue",
@@ -235,6 +244,9 @@ func (dvd DefaultValueDecoders) booleanDecodeType(dctx DecodeContext, vr bsonrw.
 }
 
 // BooleanDecodeValue is the ValueDecoderFunc for bool types.
+//
+// Deprecated: Use [go.mongodb.org/mongo-driver/bson.NewRegistry] to get a registry with all default
+// value decoders registered.
 func (dvd DefaultValueDecoders) BooleanDecodeValue(dctx DecodeContext, vr bsonrw.ValueReader, val reflect.Value) error {
 	if !val.IsValid() || !val.CanSet() || val.Kind() != reflect.Bool {
 		return ValueDecoderError{Name: "BooleanDecodeValue", Kinds: []reflect.Kind{reflect.Bool}, Received: val}
@@ -333,6 +345,9 @@ func (DefaultValueDecoders) intDecodeType(dc DecodeContext, vr bsonrw.ValueReade
 }
 
 // IntDecodeValue is the ValueDecoderFunc for int types.
+//
+// Deprecated: Use [go.mongodb.org/mongo-driver/bson.NewRegistry] to get a registry with all default
+// value decoders registered.
 func (dvd DefaultValueDecoders) IntDecodeValue(dc DecodeContext, vr bsonrw.ValueReader, val reflect.Value) error {
 	if !val.CanSet() {
 		return ValueDecoderError{
@@ -434,7 +449,7 @@ func (dvd DefaultValueDecoders) UintDecodeValue(dc DecodeContext, vr bsonrw.Valu
 	return nil
 }
 
-func (dvd DefaultValueDecoders) floatDecodeType(ec DecodeContext, vr bsonrw.ValueReader, t reflect.Type) (reflect.Value, error) {
+func (dvd DefaultValueDecoders) floatDecodeType(dc DecodeContext, vr bsonrw.ValueReader, t reflect.Type) (reflect.Value, error) {
 	var f float64
 	var err error
 	switch vrType := vr.Type(); vrType {
@@ -477,7 +492,7 @@ func (dvd DefaultValueDecoders) floatDecodeType(ec DecodeContext, vr bsonrw.Valu
 
 	switch t.Kind() {
 	case reflect.Float32:
-		if !ec.Truncate && float64(float32(f)) != f {
+		if !dc.Truncate && float64(float32(f)) != f {
 			return emptyValue, errCannotTruncate
 		}
 
@@ -494,6 +509,9 @@ func (dvd DefaultValueDecoders) floatDecodeType(ec DecodeContext, vr bsonrw.Valu
 }
 
 // FloatDecodeValue is the ValueDecoderFunc for float types.
+//
+// Deprecated: Use [go.mongodb.org/mongo-driver/bson.NewRegistry] to get a registry with all default
+// value decoders registered.
 func (dvd DefaultValueDecoders) FloatDecodeValue(ec DecodeContext, vr bsonrw.ValueReader, val reflect.Value) error {
 	if !val.CanSet() {
 		return ValueDecoderError{
@@ -515,7 +533,7 @@ func (dvd DefaultValueDecoders) FloatDecodeValue(ec DecodeContext, vr bsonrw.Val
 // StringDecodeValue is the ValueDecoderFunc for string types.
 //
 // Deprecated: StringDecodeValue is not registered by default. Use StringCodec.DecodeValue instead.
-func (dvd DefaultValueDecoders) StringDecodeValue(dctx DecodeContext, vr bsonrw.ValueReader, val reflect.Value) error {
+func (dvd DefaultValueDecoders) StringDecodeValue(_ DecodeContext, vr bsonrw.ValueReader, val reflect.Value) error {
 	var str string
 	var err error
 	switch vr.Type() {
@@ -536,7 +554,7 @@ func (dvd DefaultValueDecoders) StringDecodeValue(dctx DecodeContext, vr bsonrw.
 	return nil
 }
 
-func (DefaultValueDecoders) javaScriptDecodeType(dctx DecodeContext, vr bsonrw.ValueReader, t reflect.Type) (reflect.Value, error) {
+func (DefaultValueDecoders) javaScriptDecodeType(_ DecodeContext, vr bsonrw.ValueReader, t reflect.Type) (reflect.Value, error) {
 	if t != tJavaScript {
 		return emptyValue, ValueDecoderError{
 			Name:     "JavaScriptDecodeValue",
@@ -565,6 +583,9 @@ func (DefaultValueDecoders) javaScriptDecodeType(dctx DecodeContext, vr bsonrw.V
 }
 
 // JavaScriptDecodeValue is the ValueDecoderFunc for the primitive.JavaScript type.
+//
+// Deprecated: Use [go.mongodb.org/mongo-driver/bson.NewRegistry] to get a registry with all default
+// value decoders registered.
 func (dvd DefaultValueDecoders) JavaScriptDecodeValue(dctx DecodeContext, vr bsonrw.ValueReader, val reflect.Value) error {
 	if !val.CanSet() || val.Type() != tJavaScript {
 		return ValueDecoderError{Name: "JavaScriptDecodeValue", Types: []reflect.Type{tJavaScript}, Received: val}
@@ -579,7 +600,7 @@ func (dvd DefaultValueDecoders) JavaScriptDecodeValue(dctx DecodeContext, vr bso
 	return nil
 }
 
-func (DefaultValueDecoders) symbolDecodeType(dctx DecodeContext, vr bsonrw.ValueReader, t reflect.Type) (reflect.Value, error) {
+func (DefaultValueDecoders) symbolDecodeType(_ DecodeContext, vr bsonrw.ValueReader, t reflect.Type) (reflect.Value, error) {
 	if t != tSymbol {
 		return emptyValue, ValueDecoderError{
 			Name:     "SymbolDecodeValue",
@@ -620,6 +641,9 @@ func (DefaultValueDecoders) symbolDecodeType(dctx DecodeContext, vr bsonrw.Value
 }
 
 // SymbolDecodeValue is the ValueDecoderFunc for the primitive.Symbol type.
+//
+// Deprecated: Use [go.mongodb.org/mongo-driver/bson.NewRegistry] to get a registry with all default
+// value decoders registered.
 func (dvd DefaultValueDecoders) SymbolDecodeValue(dctx DecodeContext, vr bsonrw.ValueReader, val reflect.Value) error {
 	if !val.CanSet() || val.Type() != tSymbol {
 		return ValueDecoderError{Name: "SymbolDecodeValue", Types: []reflect.Type{tSymbol}, Received: val}
@@ -634,7 +658,7 @@ func (dvd DefaultValueDecoders) SymbolDecodeValue(dctx DecodeContext, vr bsonrw.
 	return nil
 }
 
-func (DefaultValueDecoders) binaryDecodeType(dc DecodeContext, vr bsonrw.ValueReader, t reflect.Type) (reflect.Value, error) {
+func (DefaultValueDecoders) binaryDecodeType(_ DecodeContext, vr bsonrw.ValueReader, t reflect.Type) (reflect.Value, error) {
 	if t != tBinary {
 		return emptyValue, ValueDecoderError{
 			Name:     "BinaryDecodeValue",
@@ -664,6 +688,9 @@ func (DefaultValueDecoders) binaryDecodeType(dc DecodeContext, vr bsonrw.ValueRe
 }
 
 // BinaryDecodeValue is the ValueDecoderFunc for Binary.
+//
+// Deprecated: Use [go.mongodb.org/mongo-driver/bson.NewRegistry] to get a registry with all default
+// value decoders registered.
 func (dvd DefaultValueDecoders) BinaryDecodeValue(dc DecodeContext, vr bsonrw.ValueReader, val reflect.Value) error {
 	if !val.CanSet() || val.Type() != tBinary {
 		return ValueDecoderError{Name: "BinaryDecodeValue", Types: []reflect.Type{tBinary}, Received: val}
@@ -678,7 +705,7 @@ func (dvd DefaultValueDecoders) BinaryDecodeValue(dc DecodeContext, vr bsonrw.Va
 	return nil
 }
 
-func (DefaultValueDecoders) undefinedDecodeType(dc DecodeContext, vr bsonrw.ValueReader, t reflect.Type) (reflect.Value, error) {
+func (DefaultValueDecoders) undefinedDecodeType(_ DecodeContext, vr bsonrw.ValueReader, t reflect.Type) (reflect.Value, error) {
 	if t != tUndefined {
 		return emptyValue, ValueDecoderError{
 			Name:     "UndefinedDecodeValue",
@@ -704,6 +731,9 @@ func (DefaultValueDecoders) undefinedDecodeType(dc DecodeContext, vr bsonrw.Valu
 }
 
 // UndefinedDecodeValue is the ValueDecoderFunc for Undefined.
+//
+// Deprecated: Use [go.mongodb.org/mongo-driver/bson.NewRegistry] to get a registry with all default
+// value decoders registered.
 func (dvd DefaultValueDecoders) UndefinedDecodeValue(dc DecodeContext, vr bsonrw.ValueReader, val reflect.Value) error {
 	if !val.CanSet() || val.Type() != tUndefined {
 		return ValueDecoderError{Name: "UndefinedDecodeValue", Types: []reflect.Type{tUndefined}, Received: val}
@@ -719,7 +749,7 @@ func (dvd DefaultValueDecoders) UndefinedDecodeValue(dc DecodeContext, vr bsonrw
 }
 
 // Accept both 12-byte string and pretty-printed 24-byte hex string formats.
-func (dvd DefaultValueDecoders) objectIDDecodeType(dc DecodeContext, vr bsonrw.ValueReader, t reflect.Type) (reflect.Value, error) {
+func (dvd DefaultValueDecoders) objectIDDecodeType(_ DecodeContext, vr bsonrw.ValueReader, t reflect.Type) (reflect.Value, error) {
 	if t != tOID {
 		return emptyValue, ValueDecoderError{
 			Name:     "ObjectIDDecodeValue",
@@ -765,6 +795,9 @@ func (dvd DefaultValueDecoders) objectIDDecodeType(dc DecodeContext, vr bsonrw.V
 }
 
 // ObjectIDDecodeValue is the ValueDecoderFunc for primitive.ObjectID.
+//
+// Deprecated: Use [go.mongodb.org/mongo-driver/bson.NewRegistry] to get a registry with all default
+// value decoders registered.
 func (dvd DefaultValueDecoders) ObjectIDDecodeValue(dc DecodeContext, vr bsonrw.ValueReader, val reflect.Value) error {
 	if !val.CanSet() || val.Type() != tOID {
 		return ValueDecoderError{Name: "ObjectIDDecodeValue", Types: []reflect.Type{tOID}, Received: val}
@@ -779,7 +812,7 @@ func (dvd DefaultValueDecoders) ObjectIDDecodeValue(dc DecodeContext, vr bsonrw.
 	return nil
 }
 
-func (DefaultValueDecoders) dateTimeDecodeType(dc DecodeContext, vr bsonrw.ValueReader, t reflect.Type) (reflect.Value, error) {
+func (DefaultValueDecoders) dateTimeDecodeType(_ DecodeContext, vr bsonrw.ValueReader, t reflect.Type) (reflect.Value, error) {
 	if t != tDateTime {
 		return emptyValue, ValueDecoderError{
 			Name:     "DateTimeDecodeValue",
@@ -808,6 +841,9 @@ func (DefaultValueDecoders) dateTimeDecodeType(dc DecodeContext, vr bsonrw.Value
 }
 
 // DateTimeDecodeValue is the ValueDecoderFunc for DateTime.
+//
+// Deprecated: Use [go.mongodb.org/mongo-driver/bson.NewRegistry] to get a registry with all default
+// value decoders registered.
 func (dvd DefaultValueDecoders) DateTimeDecodeValue(dc DecodeContext, vr bsonrw.ValueReader, val reflect.Value) error {
 	if !val.CanSet() || val.Type() != tDateTime {
 		return ValueDecoderError{Name: "DateTimeDecodeValue", Types: []reflect.Type{tDateTime}, Received: val}
@@ -822,7 +858,7 @@ func (dvd DefaultValueDecoders) DateTimeDecodeValue(dc DecodeContext, vr bsonrw.
 	return nil
 }
 
-func (DefaultValueDecoders) nullDecodeType(dc DecodeContext, vr bsonrw.ValueReader, t reflect.Type) (reflect.Value, error) {
+func (DefaultValueDecoders) nullDecodeType(_ DecodeContext, vr bsonrw.ValueReader, t reflect.Type) (reflect.Value, error) {
 	if t != tNull {
 		return emptyValue, ValueDecoderError{
 			Name:     "NullDecodeValue",
@@ -848,6 +884,9 @@ func (DefaultValueDecoders) nullDecodeType(dc DecodeContext, vr bsonrw.ValueRead
 }
 
 // NullDecodeValue is the ValueDecoderFunc for Null.
+//
+// Deprecated: Use [go.mongodb.org/mongo-driver/bson.NewRegistry] to get a registry with all default
+// value decoders registered.
 func (dvd DefaultValueDecoders) NullDecodeValue(dc DecodeContext, vr bsonrw.ValueReader, val reflect.Value) error {
 	if !val.CanSet() || val.Type() != tNull {
 		return ValueDecoderError{Name: "NullDecodeValue", Types: []reflect.Type{tNull}, Received: val}
@@ -862,7 +901,7 @@ func (dvd DefaultValueDecoders) NullDecodeValue(dc DecodeContext, vr bsonrw.Valu
 	return nil
 }
 
-func (DefaultValueDecoders) regexDecodeType(dc DecodeContext, vr bsonrw.ValueReader, t reflect.Type) (reflect.Value, error) {
+func (DefaultValueDecoders) regexDecodeType(_ DecodeContext, vr bsonrw.ValueReader, t reflect.Type) (reflect.Value, error) {
 	if t != tRegex {
 		return emptyValue, ValueDecoderError{
 			Name:     "RegexDecodeValue",
@@ -891,6 +930,9 @@ func (DefaultValueDecoders) regexDecodeType(dc DecodeContext, vr bsonrw.ValueRea
 }
 
 // RegexDecodeValue is the ValueDecoderFunc for Regex.
+//
+// Deprecated: Use [go.mongodb.org/mongo-driver/bson.NewRegistry] to get a registry with all default
+// value decoders registered.
 func (dvd DefaultValueDecoders) RegexDecodeValue(dc DecodeContext, vr bsonrw.ValueReader, val reflect.Value) error {
 	if !val.CanSet() || val.Type() != tRegex {
 		return ValueDecoderError{Name: "RegexDecodeValue", Types: []reflect.Type{tRegex}, Received: val}
@@ -905,7 +947,7 @@ func (dvd DefaultValueDecoders) RegexDecodeValue(dc DecodeContext, vr bsonrw.Val
 	return nil
 }
 
-func (DefaultValueDecoders) dBPointerDecodeType(dc DecodeContext, vr bsonrw.ValueReader, t reflect.Type) (reflect.Value, error) {
+func (DefaultValueDecoders) dBPointerDecodeType(_ DecodeContext, vr bsonrw.ValueReader, t reflect.Type) (reflect.Value, error) {
 	if t != tDBPointer {
 		return emptyValue, ValueDecoderError{
 			Name:     "DBPointerDecodeValue",
@@ -935,6 +977,9 @@ func (DefaultValueDecoders) dBPointerDecodeType(dc DecodeContext, vr bsonrw.Valu
 }
 
 // DBPointerDecodeValue is the ValueDecoderFunc for DBPointer.
+//
+// Deprecated: Use [go.mongodb.org/mongo-driver/bson.NewRegistry] to get a registry with all default
+// value decoders registered.
 func (dvd DefaultValueDecoders) DBPointerDecodeValue(dc DecodeContext, vr bsonrw.ValueReader, val reflect.Value) error {
 	if !val.CanSet() || val.Type() != tDBPointer {
 		return ValueDecoderError{Name: "DBPointerDecodeValue", Types: []reflect.Type{tDBPointer}, Received: val}
@@ -949,7 +994,7 @@ func (dvd DefaultValueDecoders) DBPointerDecodeValue(dc DecodeContext, vr bsonrw
 	return nil
 }
 
-func (DefaultValueDecoders) timestampDecodeType(dc DecodeContext, vr bsonrw.ValueReader, reflectType reflect.Type) (reflect.Value, error) {
+func (DefaultValueDecoders) timestampDecodeType(_ DecodeContext, vr bsonrw.ValueReader, reflectType reflect.Type) (reflect.Value, error) {
 	if reflectType != tTimestamp {
 		return emptyValue, ValueDecoderError{
 			Name:     "TimestampDecodeValue",
@@ -978,6 +1023,9 @@ func (DefaultValueDecoders) timestampDecodeType(dc DecodeContext, vr bsonrw.Valu
 }
 
 // TimestampDecodeValue is the ValueDecoderFunc for Timestamp.
+//
+// Deprecated: Use [go.mongodb.org/mongo-driver/bson.NewRegistry] to get a registry with all default
+// value decoders registered.
 func (dvd DefaultValueDecoders) TimestampDecodeValue(dc DecodeContext, vr bsonrw.ValueReader, val reflect.Value) error {
 	if !val.CanSet() || val.Type() != tTimestamp {
 		return ValueDecoderError{Name: "TimestampDecodeValue", Types: []reflect.Type{tTimestamp}, Received: val}
@@ -992,7 +1040,7 @@ func (dvd DefaultValueDecoders) TimestampDecodeValue(dc DecodeContext, vr bsonrw
 	return nil
 }
 
-func (DefaultValueDecoders) minKeyDecodeType(dc DecodeContext, vr bsonrw.ValueReader, t reflect.Type) (reflect.Value, error) {
+func (DefaultValueDecoders) minKeyDecodeType(_ DecodeContext, vr bsonrw.ValueReader, t reflect.Type) (reflect.Value, error) {
 	if t != tMinKey {
 		return emptyValue, ValueDecoderError{
 			Name:     "MinKeyDecodeValue",
@@ -1020,6 +1068,9 @@ func (DefaultValueDecoders) minKeyDecodeType(dc DecodeContext, vr bsonrw.ValueRe
 }
 
 // MinKeyDecodeValue is the ValueDecoderFunc for MinKey.
+//
+// Deprecated: Use [go.mongodb.org/mongo-driver/bson.NewRegistry] to get a registry with all default
+// value decoders registered.
 func (dvd DefaultValueDecoders) MinKeyDecodeValue(dc DecodeContext, vr bsonrw.ValueReader, val reflect.Value) error {
 	if !val.CanSet() || val.Type() != tMinKey {
 		return ValueDecoderError{Name: "MinKeyDecodeValue", Types: []reflect.Type{tMinKey}, Received: val}
@@ -1034,7 +1085,7 @@ func (dvd DefaultValueDecoders) MinKeyDecodeValue(dc DecodeContext, vr bsonrw.Va
 	return nil
 }
 
-func (DefaultValueDecoders) maxKeyDecodeType(dc DecodeContext, vr bsonrw.ValueReader, t reflect.Type) (reflect.Value, error) {
+func (DefaultValueDecoders) maxKeyDecodeType(_ DecodeContext, vr bsonrw.ValueReader, t reflect.Type) (reflect.Value, error) {
 	if t != tMaxKey {
 		return emptyValue, ValueDecoderError{
 			Name:     "MaxKeyDecodeValue",
@@ -1062,6 +1113,9 @@ func (DefaultValueDecoders) maxKeyDecodeType(dc DecodeContext, vr bsonrw.ValueRe
 }
 
 // MaxKeyDecodeValue is the ValueDecoderFunc for MaxKey.
+//
+// Deprecated: Use [go.mongodb.org/mongo-driver/bson.NewRegistry] to get a registry with all default
+// value decoders registered.
 func (dvd DefaultValueDecoders) MaxKeyDecodeValue(dc DecodeContext, vr bsonrw.ValueReader, val reflect.Value) error {
 	if !val.CanSet() || val.Type() != tMaxKey {
 		return ValueDecoderError{Name: "MaxKeyDecodeValue", Types: []reflect.Type{tMaxKey}, Received: val}
@@ -1076,7 +1130,7 @@ func (dvd DefaultValueDecoders) MaxKeyDecodeValue(dc DecodeContext, vr bsonrw.Va
 	return nil
 }
 
-func (dvd DefaultValueDecoders) decimal128DecodeType(dctx DecodeContext, vr bsonrw.ValueReader, t reflect.Type) (reflect.Value, error) {
+func (dvd DefaultValueDecoders) decimal128DecodeType(_ DecodeContext, vr bsonrw.ValueReader, t reflect.Type) (reflect.Value, error) {
 	if t != tDecimal {
 		return emptyValue, ValueDecoderError{
 			Name:     "Decimal128DecodeValue",
@@ -1105,6 +1159,9 @@ func (dvd DefaultValueDecoders) decimal128DecodeType(dctx DecodeContext, vr bson
 }
 
 // Decimal128DecodeValue is the ValueDecoderFunc for primitive.Decimal128.
+//
+// Deprecated: Use [go.mongodb.org/mongo-driver/bson.NewRegistry] to get a registry with all default
+// value decoders registered.
 func (dvd DefaultValueDecoders) Decimal128DecodeValue(dctx DecodeContext, vr bsonrw.ValueReader, val reflect.Value) error {
 	if !val.CanSet() || val.Type() != tDecimal {
 		return ValueDecoderError{Name: "Decimal128DecodeValue", Types: []reflect.Type{tDecimal}, Received: val}
@@ -1119,7 +1176,7 @@ func (dvd DefaultValueDecoders) Decimal128DecodeValue(dctx DecodeContext, vr bso
 	return nil
 }
 
-func (dvd DefaultValueDecoders) jsonNumberDecodeType(dc DecodeContext, vr bsonrw.ValueReader, t reflect.Type) (reflect.Value, error) {
+func (dvd DefaultValueDecoders) jsonNumberDecodeType(_ DecodeContext, vr bsonrw.ValueReader, t reflect.Type) (reflect.Value, error) {
 	if t != tJSONNumber {
 		return emptyValue, ValueDecoderError{
 			Name:     "JSONNumberDecodeValue",
@@ -1164,6 +1221,9 @@ func (dvd DefaultValueDecoders) jsonNumberDecodeType(dc DecodeContext, vr bsonrw
 }
 
 // JSONNumberDecodeValue is the ValueDecoderFunc for json.Number.
+//
+// Deprecated: Use [go.mongodb.org/mongo-driver/bson.NewRegistry] to get a registry with all default
+// value decoders registered.
 func (dvd DefaultValueDecoders) JSONNumberDecodeValue(dc DecodeContext, vr bsonrw.ValueReader, val reflect.Value) error {
 	if !val.CanSet() || val.Type() != tJSONNumber {
 		return ValueDecoderError{Name: "JSONNumberDecodeValue", Types: []reflect.Type{tJSONNumber}, Received: val}
@@ -1178,7 +1238,7 @@ func (dvd DefaultValueDecoders) JSONNumberDecodeValue(dc DecodeContext, vr bsonr
 	return nil
 }
 
-func (dvd DefaultValueDecoders) urlDecodeType(dc DecodeContext, vr bsonrw.ValueReader, t reflect.Type) (reflect.Value, error) {
+func (dvd DefaultValueDecoders) urlDecodeType(_ DecodeContext, vr bsonrw.ValueReader, t reflect.Type) (reflect.Value, error) {
 	if t != tURL {
 		return emptyValue, ValueDecoderError{
 			Name:     "URLDecodeValue",
@@ -1213,6 +1273,9 @@ func (dvd DefaultValueDecoders) urlDecodeType(dc DecodeContext, vr bsonrw.ValueR
 }
 
 // URLDecodeValue is the ValueDecoderFunc for url.URL.
+//
+// Deprecated: Use [go.mongodb.org/mongo-driver/bson.NewRegistry] to get a registry with all default
+// value decoders registered.
 func (dvd DefaultValueDecoders) URLDecodeValue(dc DecodeContext, vr bsonrw.ValueReader, val reflect.Value) error {
 	if !val.CanSet() || val.Type() != tURL {
 		return ValueDecoderError{Name: "URLDecodeValue", Types: []reflect.Type{tURL}, Received: val}
@@ -1230,7 +1293,7 @@ func (dvd DefaultValueDecoders) URLDecodeValue(dc DecodeContext, vr bsonrw.Value
 // TimeDecodeValue is the ValueDecoderFunc for time.Time.
 //
 // Deprecated: TimeDecodeValue is not registered by default. Use TimeCodec.DecodeValue instead.
-func (dvd DefaultValueDecoders) TimeDecodeValue(dc DecodeContext, vr bsonrw.ValueReader, val reflect.Value) error {
+func (dvd DefaultValueDecoders) TimeDecodeValue(_ DecodeContext, vr bsonrw.ValueReader, val reflect.Value) error {
 	if vr.Type() != bsontype.DateTime {
 		return fmt.Errorf("cannot decode %v into a time.Time", vr.Type())
 	}
@@ -1251,7 +1314,7 @@ func (dvd DefaultValueDecoders) TimeDecodeValue(dc DecodeContext, vr bsonrw.Valu
 // ByteSliceDecodeValue is the ValueDecoderFunc for []byte.
 //
 // Deprecated: ByteSliceDecodeValue is not registered by default. Use ByteSliceCodec.DecodeValue instead.
-func (dvd DefaultValueDecoders) ByteSliceDecodeValue(dc DecodeContext, vr bsonrw.ValueReader, val reflect.Value) error {
+func (dvd DefaultValueDecoders) ByteSliceDecodeValue(_ DecodeContext, vr bsonrw.ValueReader, val reflect.Value) error {
 	if vr.Type() != bsontype.Binary && vr.Type() != bsontype.Null {
 		return fmt.Errorf("cannot decode %v into a []byte", vr.Type())
 	}
@@ -1336,6 +1399,9 @@ func (dvd DefaultValueDecoders) MapDecodeValue(dc DecodeContext, vr bsonrw.Value
 }
 
 // ArrayDecodeValue is the ValueDecoderFunc for array types.
+//
+// Deprecated: Use [go.mongodb.org/mongo-driver/bson.NewRegistry] to get a registry with all default
+// value decoders registered.
 func (dvd DefaultValueDecoders) ArrayDecodeValue(dc DecodeContext, vr bsonrw.ValueReader, val reflect.Value) error {
 	if !val.IsValid() || val.Kind() != reflect.Array {
 		return ValueDecoderError{Name: "ArrayDecodeValue", Kinds: []reflect.Kind{reflect.Array}, Received: val}
@@ -1447,7 +1513,10 @@ func (dvd DefaultValueDecoders) SliceDecodeValue(dc DecodeContext, vr bsonrw.Val
 }
 
 // ValueUnmarshalerDecodeValue is the ValueDecoderFunc for ValueUnmarshaler implementations.
-func (dvd DefaultValueDecoders) ValueUnmarshalerDecodeValue(dc DecodeContext, vr bsonrw.ValueReader, val reflect.Value) error {
+//
+// Deprecated: Use [go.mongodb.org/mongo-driver/bson.NewRegistry] to get a registry with all default
+// value decoders registered.
+func (dvd DefaultValueDecoders) ValueUnmarshalerDecodeValue(_ DecodeContext, vr bsonrw.ValueReader, val reflect.Value) error {
 	if !val.IsValid() || (!val.Type().Implements(tValueUnmarshaler) && !reflect.PtrTo(val.Type()).Implements(tValueUnmarshaler)) {
 		return ValueDecoderError{Name: "ValueUnmarshalerDecodeValue", Types: []reflect.Type{tValueUnmarshaler}, Received: val}
 	}
@@ -1471,16 +1540,19 @@ func (dvd DefaultValueDecoders) ValueUnmarshalerDecodeValue(dc DecodeContext, vr
 		return err
 	}
 
-	fn := val.Convert(tValueUnmarshaler).MethodByName("UnmarshalBSONValue")
-	errVal := fn.Call([]reflect.Value{reflect.ValueOf(t), reflect.ValueOf(src)})[0]
-	if !errVal.IsNil() {
-		return errVal.Interface().(error)
+	m, ok := val.Interface().(ValueUnmarshaler)
+	if !ok {
+		// NB: this error should be unreachable due to the above checks
+		return ValueDecoderError{Name: "ValueUnmarshalerDecodeValue", Types: []reflect.Type{tValueUnmarshaler}, Received: val}
 	}
-	return nil
+	return m.UnmarshalBSONValue(t, src)
 }
 
 // UnmarshalerDecodeValue is the ValueDecoderFunc for Unmarshaler implementations.
-func (dvd DefaultValueDecoders) UnmarshalerDecodeValue(dc DecodeContext, vr bsonrw.ValueReader, val reflect.Value) error {
+//
+// Deprecated: Use [go.mongodb.org/mongo-driver/bson.NewRegistry] to get a registry with all default
+// value decoders registered.
+func (dvd DefaultValueDecoders) UnmarshalerDecodeValue(_ DecodeContext, vr bsonrw.ValueReader, val reflect.Value) error {
 	if !val.IsValid() || (!val.Type().Implements(tUnmarshaler) && !reflect.PtrTo(val.Type()).Implements(tUnmarshaler)) {
 		return ValueDecoderError{Name: "UnmarshalerDecodeValue", Types: []reflect.Type{tUnmarshaler}, Received: val}
 	}
@@ -1516,12 +1588,12 @@ func (dvd DefaultValueDecoders) UnmarshalerDecodeValue(dc DecodeContext, vr bson
 		val = val.Addr() // If the type doesn't implement the interface, a pointer to it must.
 	}
 
-	fn := val.Convert(tUnmarshaler).MethodByName("UnmarshalBSON")
-	errVal := fn.Call([]reflect.Value{reflect.ValueOf(src)})[0]
-	if !errVal.IsNil() {
-		return errVal.Interface().(error)
+	m, ok := val.Interface().(Unmarshaler)
+	if !ok {
+		// NB: this error should be unreachable due to the above checks
+		return ValueDecoderError{Name: "UnmarshalerDecodeValue", Types: []reflect.Type{tUnmarshaler}, Received: val}
 	}
-	return nil
+	return m.UnmarshalBSON(src)
 }
 
 // EmptyInterfaceDecodeValue is the ValueDecoderFunc for interface{}.
@@ -1565,7 +1637,10 @@ func (dvd DefaultValueDecoders) EmptyInterfaceDecodeValue(dc DecodeContext, vr b
 }
 
 // CoreDocumentDecodeValue is the ValueDecoderFunc for bsoncore.Document.
-func (DefaultValueDecoders) CoreDocumentDecodeValue(dc DecodeContext, vr bsonrw.ValueReader, val reflect.Value) error {
+//
+// Deprecated: Use [go.mongodb.org/mongo-driver/bson.NewRegistry] to get a registry with all default
+// value decoders registered.
+func (DefaultValueDecoders) CoreDocumentDecodeValue(_ DecodeContext, vr bsonrw.ValueReader, val reflect.Value) error {
 	if !val.CanSet() || val.Type() != tCoreDocument {
 		return ValueDecoderError{Name: "CoreDocumentDecodeValue", Types: []reflect.Type{tCoreDocument}, Received: val}
 	}
@@ -1671,6 +1746,9 @@ func (dvd DefaultValueDecoders) codeWithScopeDecodeType(dc DecodeContext, vr bso
 }
 
 // CodeWithScopeDecodeValue is the ValueDecoderFunc for CodeWithScope.
+//
+// Deprecated: Use [go.mongodb.org/mongo-driver/bson.NewRegistry] to get a registry with all default
+// value decoders registered.
 func (dvd DefaultValueDecoders) CodeWithScopeDecodeValue(dc DecodeContext, vr bsonrw.ValueReader, val reflect.Value) error {
 	if !val.CanSet() || val.Type() != tCodeWithScope {
 		return ValueDecoderError{Name: "CodeWithScopeDecodeValue", Types: []reflect.Type{tCodeWithScope}, Received: val}
diff --git a/vendor/go.mongodb.org/mongo-driver/bson/bsoncodec/default_value_encoders.go b/vendor/go.mongodb.org/mongo-driver/bson/bsoncodec/default_value_encoders.go
index 6bdb43cb4..4ab14a668 100644
--- a/vendor/go.mongodb.org/mongo-driver/bson/bsoncodec/default_value_encoders.go
+++ b/vendor/go.mongodb.org/mongo-driver/bson/bsoncodec/default_value_encoders.go
@@ -58,10 +58,16 @@ func encodeElement(ec EncodeContext, dw bsonrw.DocumentWriter, e primitive.E) er
 
 // DefaultValueEncoders is a namespace type for the default ValueEncoders used
 // when creating a registry.
+//
+// Deprecated: Use [go.mongodb.org/mongo-driver/bson.NewRegistry] to get a registry with all default
+// value encoders registered.
 type DefaultValueEncoders struct{}
 
 // RegisterDefaultEncoders will register the encoder methods attached to DefaultValueEncoders with
 // the provided RegistryBuilder.
+//
+// Deprecated: Use [go.mongodb.org/mongo-driver/bson.NewRegistry] to get a registry with all default
+// value encoders registered.
 func (dve DefaultValueEncoders) RegisterDefaultEncoders(rb *RegistryBuilder) {
 	if rb == nil {
 		panic(errors.New("argument to RegisterDefaultEncoders must not be nil"))
@@ -113,7 +119,10 @@ func (dve DefaultValueEncoders) RegisterDefaultEncoders(rb *RegistryBuilder) {
 }
 
 // BooleanEncodeValue is the ValueEncoderFunc for bool types.
-func (dve DefaultValueEncoders) BooleanEncodeValue(ectx EncodeContext, vw bsonrw.ValueWriter, val reflect.Value) error {
+//
+// Deprecated: Use [go.mongodb.org/mongo-driver/bson.NewRegistry] to get a registry with all default
+// value encoders registered.
+func (dve DefaultValueEncoders) BooleanEncodeValue(_ EncodeContext, vw bsonrw.ValueWriter, val reflect.Value) error {
 	if !val.IsValid() || val.Kind() != reflect.Bool {
 		return ValueEncoderError{Name: "BooleanEncodeValue", Kinds: []reflect.Kind{reflect.Bool}, Received: val}
 	}
@@ -125,6 +134,9 @@ func fitsIn32Bits(i int64) bool {
 }
 
 // IntEncodeValue is the ValueEncoderFunc for int types.
+//
+// Deprecated: Use [go.mongodb.org/mongo-driver/bson.NewRegistry] to get a registry with all default
+// value encoders registered.
 func (dve DefaultValueEncoders) IntEncodeValue(ec EncodeContext, vw bsonrw.ValueWriter, val reflect.Value) error {
 	switch val.Kind() {
 	case reflect.Int8, reflect.Int16, reflect.Int32:
@@ -176,7 +188,10 @@ func (dve DefaultValueEncoders) UintEncodeValue(ec EncodeContext, vw bsonrw.Valu
 }
 
 // FloatEncodeValue is the ValueEncoderFunc for float types.
-func (dve DefaultValueEncoders) FloatEncodeValue(ec EncodeContext, vw bsonrw.ValueWriter, val reflect.Value) error {
+//
+// Deprecated: Use [go.mongodb.org/mongo-driver/bson.NewRegistry] to get a registry with all default
+// value encoders registered.
+func (dve DefaultValueEncoders) FloatEncodeValue(_ EncodeContext, vw bsonrw.ValueWriter, val reflect.Value) error {
 	switch val.Kind() {
 	case reflect.Float32, reflect.Float64:
 		return vw.WriteDouble(val.Float())
@@ -188,7 +203,7 @@ func (dve DefaultValueEncoders) FloatEncodeValue(ec EncodeContext, vw bsonrw.Val
 // StringEncodeValue is the ValueEncoderFunc for string types.
 //
 // Deprecated: StringEncodeValue is not registered by default. Use StringCodec.EncodeValue instead.
-func (dve DefaultValueEncoders) StringEncodeValue(ectx EncodeContext, vw bsonrw.ValueWriter, val reflect.Value) error {
+func (dve DefaultValueEncoders) StringEncodeValue(_ EncodeContext, vw bsonrw.ValueWriter, val reflect.Value) error {
 	if val.Kind() != reflect.String {
 		return ValueEncoderError{
 			Name:     "StringEncodeValue",
@@ -201,7 +216,10 @@ func (dve DefaultValueEncoders) StringEncodeValue(ectx EncodeContext, vw bsonrw.
 }
 
 // ObjectIDEncodeValue is the ValueEncoderFunc for primitive.ObjectID.
-func (dve DefaultValueEncoders) ObjectIDEncodeValue(ec EncodeContext, vw bsonrw.ValueWriter, val reflect.Value) error {
+//
+// Deprecated: Use [go.mongodb.org/mongo-driver/bson.NewRegistry] to get a registry with all default
+// value encoders registered.
+func (dve DefaultValueEncoders) ObjectIDEncodeValue(_ EncodeContext, vw bsonrw.ValueWriter, val reflect.Value) error {
 	if !val.IsValid() || val.Type() != tOID {
 		return ValueEncoderError{Name: "ObjectIDEncodeValue", Types: []reflect.Type{tOID}, Received: val}
 	}
@@ -209,7 +227,10 @@ func (dve DefaultValueEncoders) ObjectIDEncodeValue(ec EncodeContext, vw bsonrw.
 }
 
 // Decimal128EncodeValue is the ValueEncoderFunc for primitive.Decimal128.
-func (dve DefaultValueEncoders) Decimal128EncodeValue(ec EncodeContext, vw bsonrw.ValueWriter, val reflect.Value) error {
+//
+// Deprecated: Use [go.mongodb.org/mongo-driver/bson.NewRegistry] to get a registry with all default
+// value encoders registered.
+func (dve DefaultValueEncoders) Decimal128EncodeValue(_ EncodeContext, vw bsonrw.ValueWriter, val reflect.Value) error {
 	if !val.IsValid() || val.Type() != tDecimal {
 		return ValueEncoderError{Name: "Decimal128EncodeValue", Types: []reflect.Type{tDecimal}, Received: val}
 	}
@@ -217,6 +238,9 @@ func (dve DefaultValueEncoders) Decimal128EncodeValue(ec EncodeContext, vw bsonr
 }
 
 // JSONNumberEncodeValue is the ValueEncoderFunc for json.Number.
+//
+// Deprecated: Use [go.mongodb.org/mongo-driver/bson.NewRegistry] to get a registry with all default
+// value encoders registered.
 func (dve DefaultValueEncoders) JSONNumberEncodeValue(ec EncodeContext, vw bsonrw.ValueWriter, val reflect.Value) error {
 	if !val.IsValid() || val.Type() != tJSONNumber {
 		return ValueEncoderError{Name: "JSONNumberEncodeValue", Types: []reflect.Type{tJSONNumber}, Received: val}
@@ -237,7 +261,10 @@ func (dve DefaultValueEncoders) JSONNumberEncodeValue(ec EncodeContext, vw bsonr
 }
 
 // URLEncodeValue is the ValueEncoderFunc for url.URL.
-func (dve DefaultValueEncoders) URLEncodeValue(ec EncodeContext, vw bsonrw.ValueWriter, val reflect.Value) error {
+//
+// Deprecated: Use [go.mongodb.org/mongo-driver/bson.NewRegistry] to get a registry with all default
+// value encoders registered.
+func (dve DefaultValueEncoders) URLEncodeValue(_ EncodeContext, vw bsonrw.ValueWriter, val reflect.Value) error {
 	if !val.IsValid() || val.Type() != tURL {
 		return ValueEncoderError{Name: "URLEncodeValue", Types: []reflect.Type{tURL}, Received: val}
 	}
@@ -248,7 +275,7 @@ func (dve DefaultValueEncoders) URLEncodeValue(ec EncodeContext, vw bsonrw.Value
 // TimeEncodeValue is the ValueEncoderFunc for time.TIme.
 //
 // Deprecated: TimeEncodeValue is not registered by default. Use TimeCodec.EncodeValue instead.
-func (dve DefaultValueEncoders) TimeEncodeValue(ec EncodeContext, vw bsonrw.ValueWriter, val reflect.Value) error {
+func (dve DefaultValueEncoders) TimeEncodeValue(_ EncodeContext, vw bsonrw.ValueWriter, val reflect.Value) error {
 	if !val.IsValid() || val.Type() != tTime {
 		return ValueEncoderError{Name: "TimeEncodeValue", Types: []reflect.Type{tTime}, Received: val}
 	}
@@ -260,7 +287,7 @@ func (dve DefaultValueEncoders) TimeEncodeValue(ec EncodeContext, vw bsonrw.Valu
 // ByteSliceEncodeValue is the ValueEncoderFunc for []byte.
 //
 // Deprecated: ByteSliceEncodeValue is not registered by default. Use ByteSliceCodec.EncodeValue instead.
-func (dve DefaultValueEncoders) ByteSliceEncodeValue(ec EncodeContext, vw bsonrw.ValueWriter, val reflect.Value) error {
+func (dve DefaultValueEncoders) ByteSliceEncodeValue(_ EncodeContext, vw bsonrw.ValueWriter, val reflect.Value) error {
 	if !val.IsValid() || val.Type() != tByteSlice {
 		return ValueEncoderError{Name: "ByteSliceEncodeValue", Types: []reflect.Type{tByteSlice}, Received: val}
 	}
@@ -343,6 +370,9 @@ func (dve DefaultValueEncoders) mapEncodeValue(ec EncodeContext, dw bsonrw.Docum
 }
 
 // ArrayEncodeValue is the ValueEncoderFunc for array types.
+//
+// Deprecated: Use [go.mongodb.org/mongo-driver/bson.NewRegistry] to get a registry with all default
+// value encoders registered.
 func (dve DefaultValueEncoders) ArrayEncodeValue(ec EncodeContext, vw bsonrw.ValueWriter, val reflect.Value) error {
 	if !val.IsValid() || val.Kind() != reflect.Array {
 		return ValueEncoderError{Name: "ArrayEncodeValue", Kinds: []reflect.Kind{reflect.Array}, Received: val}
@@ -515,7 +545,10 @@ func (dve DefaultValueEncoders) EmptyInterfaceEncodeValue(ec EncodeContext, vw b
 }
 
 // ValueMarshalerEncodeValue is the ValueEncoderFunc for ValueMarshaler implementations.
-func (dve DefaultValueEncoders) ValueMarshalerEncodeValue(ec EncodeContext, vw bsonrw.ValueWriter, val reflect.Value) error {
+//
+// Deprecated: Use [go.mongodb.org/mongo-driver/bson.NewRegistry] to get a registry with all default
+// value encoders registered.
+func (dve DefaultValueEncoders) ValueMarshalerEncodeValue(_ EncodeContext, vw bsonrw.ValueWriter, val reflect.Value) error {
 	// Either val or a pointer to val must implement ValueMarshaler
 	switch {
 	case !val.IsValid():
@@ -531,17 +564,22 @@ func (dve DefaultValueEncoders) ValueMarshalerEncodeValue(ec EncodeContext, vw b
 		return ValueEncoderError{Name: "ValueMarshalerEncodeValue", Types: []reflect.Type{tValueMarshaler}, Received: val}
 	}
 
-	fn := val.Convert(tValueMarshaler).MethodByName("MarshalBSONValue")
-	returns := fn.Call(nil)
-	if !returns[2].IsNil() {
-		return returns[2].Interface().(error)
+	m, ok := val.Interface().(ValueMarshaler)
+	if !ok {
+		return vw.WriteNull()
+	}
+	t, data, err := m.MarshalBSONValue()
+	if err != nil {
+		return err
 	}
-	t, data := returns[0].Interface().(bsontype.Type), returns[1].Interface().([]byte)
 	return bsonrw.Copier{}.CopyValueFromBytes(vw, t, data)
 }
 
 // MarshalerEncodeValue is the ValueEncoderFunc for Marshaler implementations.
-func (dve DefaultValueEncoders) MarshalerEncodeValue(ec EncodeContext, vw bsonrw.ValueWriter, val reflect.Value) error {
+//
+// Deprecated: Use [go.mongodb.org/mongo-driver/bson.NewRegistry] to get a registry with all default
+// value encoders registered.
+func (dve DefaultValueEncoders) MarshalerEncodeValue(_ EncodeContext, vw bsonrw.ValueWriter, val reflect.Value) error {
 	// Either val or a pointer to val must implement Marshaler
 	switch {
 	case !val.IsValid():
@@ -557,16 +595,21 @@ func (dve DefaultValueEncoders) MarshalerEncodeValue(ec EncodeContext, vw bsonrw
 		return ValueEncoderError{Name: "MarshalerEncodeValue", Types: []reflect.Type{tMarshaler}, Received: val}
 	}
 
-	fn := val.Convert(tMarshaler).MethodByName("MarshalBSON")
-	returns := fn.Call(nil)
-	if !returns[1].IsNil() {
-		return returns[1].Interface().(error)
+	m, ok := val.Interface().(Marshaler)
+	if !ok {
+		return vw.WriteNull()
+	}
+	data, err := m.MarshalBSON()
+	if err != nil {
+		return err
 	}
-	data := returns[0].Interface().([]byte)
 	return bsonrw.Copier{}.CopyValueFromBytes(vw, bsontype.EmbeddedDocument, data)
 }
 
 // ProxyEncodeValue is the ValueEncoderFunc for Proxy implementations.
+//
+// Deprecated: Use [go.mongodb.org/mongo-driver/bson.NewRegistry] to get a registry with all default
+// value encoders registered.
 func (dve DefaultValueEncoders) ProxyEncodeValue(ec EncodeContext, vw bsonrw.ValueWriter, val reflect.Value) error {
 	// Either val or a pointer to val must implement Proxy
 	switch {
@@ -583,27 +626,38 @@ func (dve DefaultValueEncoders) ProxyEncodeValue(ec EncodeContext, vw bsonrw.Val
 		return ValueEncoderError{Name: "ProxyEncodeValue", Types: []reflect.Type{tProxy}, Received: val}
 	}
 
-	fn := val.Convert(tProxy).MethodByName("ProxyBSON")
-	returns := fn.Call(nil)
-	if !returns[1].IsNil() {
-		return returns[1].Interface().(error)
+	m, ok := val.Interface().(Proxy)
+	if !ok {
+		return vw.WriteNull()
 	}
-	data := returns[0]
-	var encoder ValueEncoder
-	var err error
-	if data.Elem().IsValid() {
-		encoder, err = ec.LookupEncoder(data.Elem().Type())
-	} else {
-		encoder, err = ec.LookupEncoder(nil)
+	v, err := m.ProxyBSON()
+	if err != nil {
+		return err
 	}
+	if v == nil {
+		encoder, err := ec.LookupEncoder(nil)
+		if err != nil {
+			return err
+		}
+		return encoder.EncodeValue(ec, vw, reflect.ValueOf(nil))
+	}
+	vv := reflect.ValueOf(v)
+	switch vv.Kind() {
+	case reflect.Ptr, reflect.Interface:
+		vv = vv.Elem()
+	}
+	encoder, err := ec.LookupEncoder(vv.Type())
 	if err != nil {
 		return err
 	}
-	return encoder.EncodeValue(ec, vw, data.Elem())
+	return encoder.EncodeValue(ec, vw, vv)
 }
 
 // JavaScriptEncodeValue is the ValueEncoderFunc for the primitive.JavaScript type.
-func (DefaultValueEncoders) JavaScriptEncodeValue(ectx EncodeContext, vw bsonrw.ValueWriter, val reflect.Value) error {
+//
+// Deprecated: Use [go.mongodb.org/mongo-driver/bson.NewRegistry] to get a registry with all default
+// value encoders registered.
+func (DefaultValueEncoders) JavaScriptEncodeValue(_ EncodeContext, vw bsonrw.ValueWriter, val reflect.Value) error {
 	if !val.IsValid() || val.Type() != tJavaScript {
 		return ValueEncoderError{Name: "JavaScriptEncodeValue", Types: []reflect.Type{tJavaScript}, Received: val}
 	}
@@ -612,7 +666,10 @@ func (DefaultValueEncoders) JavaScriptEncodeValue(ectx EncodeContext, vw bsonrw.
 }
 
 // SymbolEncodeValue is the ValueEncoderFunc for the primitive.Symbol type.
-func (DefaultValueEncoders) SymbolEncodeValue(ectx EncodeContext, vw bsonrw.ValueWriter, val reflect.Value) error {
+//
+// Deprecated: Use [go.mongodb.org/mongo-driver/bson.NewRegistry] to get a registry with all default
+// value encoders registered.
+func (DefaultValueEncoders) SymbolEncodeValue(_ EncodeContext, vw bsonrw.ValueWriter, val reflect.Value) error {
 	if !val.IsValid() || val.Type() != tSymbol {
 		return ValueEncoderError{Name: "SymbolEncodeValue", Types: []reflect.Type{tSymbol}, Received: val}
 	}
@@ -621,7 +678,10 @@ func (DefaultValueEncoders) SymbolEncodeValue(ectx EncodeContext, vw bsonrw.Valu
 }
 
 // BinaryEncodeValue is the ValueEncoderFunc for Binary.
-func (DefaultValueEncoders) BinaryEncodeValue(ec EncodeContext, vw bsonrw.ValueWriter, val reflect.Value) error {
+//
+// Deprecated: Use [go.mongodb.org/mongo-driver/bson.NewRegistry] to get a registry with all default
+// value encoders registered.
+func (DefaultValueEncoders) BinaryEncodeValue(_ EncodeContext, vw bsonrw.ValueWriter, val reflect.Value) error {
 	if !val.IsValid() || val.Type() != tBinary {
 		return ValueEncoderError{Name: "BinaryEncodeValue", Types: []reflect.Type{tBinary}, Received: val}
 	}
@@ -631,7 +691,10 @@ func (DefaultValueEncoders) BinaryEncodeValue(ec EncodeContext, vw bsonrw.ValueW
 }
 
 // UndefinedEncodeValue is the ValueEncoderFunc for Undefined.
-func (DefaultValueEncoders) UndefinedEncodeValue(ec EncodeContext, vw bsonrw.ValueWriter, val reflect.Value) error {
+//
+// Deprecated: Use [go.mongodb.org/mongo-driver/bson.NewRegistry] to get a registry with all default
+// value encoders registered.
+func (DefaultValueEncoders) UndefinedEncodeValue(_ EncodeContext, vw bsonrw.ValueWriter, val reflect.Value) error {
 	if !val.IsValid() || val.Type() != tUndefined {
 		return ValueEncoderError{Name: "UndefinedEncodeValue", Types: []reflect.Type{tUndefined}, Received: val}
 	}
@@ -640,7 +703,10 @@ func (DefaultValueEncoders) UndefinedEncodeValue(ec EncodeContext, vw bsonrw.Val
 }
 
 // DateTimeEncodeValue is the ValueEncoderFunc for DateTime.
-func (DefaultValueEncoders) DateTimeEncodeValue(ec EncodeContext, vw bsonrw.ValueWriter, val reflect.Value) error {
+//
+// Deprecated: Use [go.mongodb.org/mongo-driver/bson.NewRegistry] to get a registry with all default
+// value encoders registered.
+func (DefaultValueEncoders) DateTimeEncodeValue(_ EncodeContext, vw bsonrw.ValueWriter, val reflect.Value) error {
 	if !val.IsValid() || val.Type() != tDateTime {
 		return ValueEncoderError{Name: "DateTimeEncodeValue", Types: []reflect.Type{tDateTime}, Received: val}
 	}
@@ -649,7 +715,10 @@ func (DefaultValueEncoders) DateTimeEncodeValue(ec EncodeContext, vw bsonrw.Valu
 }
 
 // NullEncodeValue is the ValueEncoderFunc for Null.
-func (DefaultValueEncoders) NullEncodeValue(ec EncodeContext, vw bsonrw.ValueWriter, val reflect.Value) error {
+//
+// Deprecated: Use [go.mongodb.org/mongo-driver/bson.NewRegistry] to get a registry with all default
+// value encoders registered.
+func (DefaultValueEncoders) NullEncodeValue(_ EncodeContext, vw bsonrw.ValueWriter, val reflect.Value) error {
 	if !val.IsValid() || val.Type() != tNull {
 		return ValueEncoderError{Name: "NullEncodeValue", Types: []reflect.Type{tNull}, Received: val}
 	}
@@ -658,7 +727,10 @@ func (DefaultValueEncoders) NullEncodeValue(ec EncodeContext, vw bsonrw.ValueWri
 }
 
 // RegexEncodeValue is the ValueEncoderFunc for Regex.
-func (DefaultValueEncoders) RegexEncodeValue(ec EncodeContext, vw bsonrw.ValueWriter, val reflect.Value) error {
+//
+// Deprecated: Use [go.mongodb.org/mongo-driver/bson.NewRegistry] to get a registry with all default
+// value encoders registered.
+func (DefaultValueEncoders) RegexEncodeValue(_ EncodeContext, vw bsonrw.ValueWriter, val reflect.Value) error {
 	if !val.IsValid() || val.Type() != tRegex {
 		return ValueEncoderError{Name: "RegexEncodeValue", Types: []reflect.Type{tRegex}, Received: val}
 	}
@@ -669,7 +741,10 @@ func (DefaultValueEncoders) RegexEncodeValue(ec EncodeContext, vw bsonrw.ValueWr
 }
 
 // DBPointerEncodeValue is the ValueEncoderFunc for DBPointer.
-func (DefaultValueEncoders) DBPointerEncodeValue(ec EncodeContext, vw bsonrw.ValueWriter, val reflect.Value) error {
+//
+// Deprecated: Use [go.mongodb.org/mongo-driver/bson.NewRegistry] to get a registry with all default
+// value encoders registered.
+func (DefaultValueEncoders) DBPointerEncodeValue(_ EncodeContext, vw bsonrw.ValueWriter, val reflect.Value) error {
 	if !val.IsValid() || val.Type() != tDBPointer {
 		return ValueEncoderError{Name: "DBPointerEncodeValue", Types: []reflect.Type{tDBPointer}, Received: val}
 	}
@@ -680,7 +755,10 @@ func (DefaultValueEncoders) DBPointerEncodeValue(ec EncodeContext, vw bsonrw.Val
 }
 
 // TimestampEncodeValue is the ValueEncoderFunc for Timestamp.
-func (DefaultValueEncoders) TimestampEncodeValue(ec EncodeContext, vw bsonrw.ValueWriter, val reflect.Value) error {
+//
+// Deprecated: Use [go.mongodb.org/mongo-driver/bson.NewRegistry] to get a registry with all default
+// value encoders registered.
+func (DefaultValueEncoders) TimestampEncodeValue(_ EncodeContext, vw bsonrw.ValueWriter, val reflect.Value) error {
 	if !val.IsValid() || val.Type() != tTimestamp {
 		return ValueEncoderError{Name: "TimestampEncodeValue", Types: []reflect.Type{tTimestamp}, Received: val}
 	}
@@ -691,7 +769,10 @@ func (DefaultValueEncoders) TimestampEncodeValue(ec EncodeContext, vw bsonrw.Val
 }
 
 // MinKeyEncodeValue is the ValueEncoderFunc for MinKey.
-func (DefaultValueEncoders) MinKeyEncodeValue(ec EncodeContext, vw bsonrw.ValueWriter, val reflect.Value) error {
+//
+// Deprecated: Use [go.mongodb.org/mongo-driver/bson.NewRegistry] to get a registry with all default
+// value encoders registered.
+func (DefaultValueEncoders) MinKeyEncodeValue(_ EncodeContext, vw bsonrw.ValueWriter, val reflect.Value) error {
 	if !val.IsValid() || val.Type() != tMinKey {
 		return ValueEncoderError{Name: "MinKeyEncodeValue", Types: []reflect.Type{tMinKey}, Received: val}
 	}
@@ -700,7 +781,10 @@ func (DefaultValueEncoders) MinKeyEncodeValue(ec EncodeContext, vw bsonrw.ValueW
 }
 
 // MaxKeyEncodeValue is the ValueEncoderFunc for MaxKey.
-func (DefaultValueEncoders) MaxKeyEncodeValue(ec EncodeContext, vw bsonrw.ValueWriter, val reflect.Value) error {
+//
+// Deprecated: Use [go.mongodb.org/mongo-driver/bson.NewRegistry] to get a registry with all default
+// value encoders registered.
+func (DefaultValueEncoders) MaxKeyEncodeValue(_ EncodeContext, vw bsonrw.ValueWriter, val reflect.Value) error {
 	if !val.IsValid() || val.Type() != tMaxKey {
 		return ValueEncoderError{Name: "MaxKeyEncodeValue", Types: []reflect.Type{tMaxKey}, Received: val}
 	}
@@ -709,7 +793,10 @@ func (DefaultValueEncoders) MaxKeyEncodeValue(ec EncodeContext, vw bsonrw.ValueW
 }
 
 // CoreDocumentEncodeValue is the ValueEncoderFunc for bsoncore.Document.
-func (DefaultValueEncoders) CoreDocumentEncodeValue(ec EncodeContext, vw bsonrw.ValueWriter, val reflect.Value) error {
+//
+// Deprecated: Use [go.mongodb.org/mongo-driver/bson.NewRegistry] to get a registry with all default
+// value encoders registered.
+func (DefaultValueEncoders) CoreDocumentEncodeValue(_ EncodeContext, vw bsonrw.ValueWriter, val reflect.Value) error {
 	if !val.IsValid() || val.Type() != tCoreDocument {
 		return ValueEncoderError{Name: "CoreDocumentEncodeValue", Types: []reflect.Type{tCoreDocument}, Received: val}
 	}
@@ -720,6 +807,9 @@ func (DefaultValueEncoders) CoreDocumentEncodeValue(ec EncodeContext, vw bsonrw.
 }
 
 // CodeWithScopeEncodeValue is the ValueEncoderFunc for CodeWithScope.
+//
+// Deprecated: Use [go.mongodb.org/mongo-driver/bson.NewRegistry] to get a registry with all default
+// value encoders registered.
 func (dve DefaultValueEncoders) CodeWithScopeEncodeValue(ec EncodeContext, vw bsonrw.ValueWriter, val reflect.Value) error {
 	if !val.IsValid() || val.Type() != tCodeWithScope {
 		return ValueEncoderError{Name: "CodeWithScopeEncodeValue", Types: []reflect.Type{tCodeWithScope}, Received: val}
diff --git a/vendor/go.mongodb.org/mongo-driver/bson/bsoncodec/doc.go b/vendor/go.mongodb.org/mongo-driver/bson/bsoncodec/doc.go
index 5f903ebea..4613e5a1e 100644
--- a/vendor/go.mongodb.org/mongo-driver/bson/bsoncodec/doc.go
+++ b/vendor/go.mongodb.org/mongo-driver/bson/bsoncodec/doc.go
@@ -31,35 +31,39 @@
 // allow the use of a function with the correct signature as a ValueDecoder. A DecodeContext
 // instance is provided and serves similar functionality to the EncodeContext.
 //
-// # Registry and RegistryBuilder
-//
-// A Registry is an immutable store for ValueEncoders, ValueDecoders, and a type map. See the Registry type
-// documentation for examples of registering various custom encoders and decoders. A Registry can be constructed using a
-// RegistryBuilder, which handles three main types of codecs:
-//
-// 1. Type encoders/decoders - These can be registered using the RegisterTypeEncoder and RegisterTypeDecoder methods.
-// The registered codec will be invoked when encoding/decoding a value whose type matches the registered type exactly.
-// If the registered type is an interface, the codec will be invoked when encoding or decoding values whose type is the
-// interface, but not for values with concrete types that implement the interface.
-//
-// 2. Hook encoders/decoders - These can be registered using the RegisterHookEncoder and RegisterHookDecoder methods.
-// These methods only accept interface types and the registered codecs will be invoked when encoding or decoding values
-// whose types implement the interface. An example of a hook defined by the driver is bson.Marshaler. The driver will
-// call the MarshalBSON method for any value whose type implements bson.Marshaler, regardless of the value's concrete
-// type.
-//
-// 3. Type map entries - This can be used to associate a BSON type with a Go type. These type associations are used when
-// decoding into a bson.D/bson.M or a struct field of type interface{}. For example, by default, BSON int32 and int64
-// values decode as Go int32 and int64 instances, respectively, when decoding into a bson.D. The following code would
-// change the behavior so these values decode as Go int instances instead:
+// # Registry
+//
+// A Registry is a store for ValueEncoders, ValueDecoders, and a type map. See the Registry type
+// documentation for examples of registering various custom encoders and decoders. A Registry can
+// have three main types of codecs:
+//
+// 1. Type encoders/decoders - These can be registered using the RegisterTypeEncoder and
+// RegisterTypeDecoder methods. The registered codec will be invoked when encoding/decoding a value
+// whose type matches the registered type exactly.
+// If the registered type is an interface, the codec will be invoked when encoding or decoding
+// values whose type is the interface, but not for values with concrete types that implement the
+// interface.
+//
+// 2. Hook encoders/decoders - These can be registered using the RegisterHookEncoder and
+// RegisterHookDecoder methods. These methods only accept interface types and the registered codecs
+// will be invoked when encoding or decoding values whose types implement the interface. An example
+// of a hook defined by the driver is bson.Marshaler. The driver will call the MarshalBSON method
+// for any value whose type implements bson.Marshaler, regardless of the value's concrete type.
+//
+// 3. Type map entries - This can be used to associate a BSON type with a Go type. These type
+// associations are used when decoding into a bson.D/bson.M or a struct field of type interface{}.
+// For example, by default, BSON int32 and int64 values decode as Go int32 and int64 instances,
+// respectively, when decoding into a bson.D. The following code would change the behavior so these
+// values decode as Go int instances instead:
 //
 //	intType := reflect.TypeOf(int(0))
-//	registryBuilder.RegisterTypeMapEntry(bsontype.Int32, intType).RegisterTypeMapEntry(bsontype.Int64, intType)
+//	registry.RegisterTypeMapEntry(bsontype.Int32, intType).RegisterTypeMapEntry(bsontype.Int64, intType)
 //
-// 4. Kind encoder/decoders - These can be registered using the RegisterDefaultEncoder and RegisterDefaultDecoder
-// methods. The registered codec will be invoked when encoding or decoding values whose reflect.Kind matches the
-// registered reflect.Kind as long as the value's type doesn't match a registered type or hook encoder/decoder first.
-// These methods should be used to change the behavior for all values for a specific kind.
+// 4. Kind encoder/decoders - These can be registered using the RegisterDefaultEncoder and
+// RegisterDefaultDecoder methods. The registered codec will be invoked when encoding or decoding
+// values whose reflect.Kind matches the registered reflect.Kind as long as the value's type doesn't
+// match a registered type or hook encoder/decoder first. These methods should be used to change the
+// behavior for all values for a specific kind.
 //
 // # Registry Lookup Procedure
 //
@@ -67,17 +71,18 @@
 //
 // 1. A type encoder registered for the exact type of the value.
 //
-// 2. A hook encoder registered for an interface that is implemented by the value or by a pointer to the value. If the
-// value matches multiple hooks (e.g. the type implements bsoncodec.Marshaler and bsoncodec.ValueMarshaler), the first
-// one registered will be selected. Note that registries constructed using bson.NewRegistryBuilder have driver-defined
-// hooks registered for the bsoncodec.Marshaler, bsoncodec.ValueMarshaler, and bsoncodec.Proxy interfaces, so those
-// will take precedence over any new hooks.
+// 2. A hook encoder registered for an interface that is implemented by the value or by a pointer to
+// the value. If the value matches multiple hooks (e.g. the type implements bsoncodec.Marshaler and
+// bsoncodec.ValueMarshaler), the first one registered will be selected. Note that registries
+// constructed using bson.NewRegistry have driver-defined hooks registered for the
+// bsoncodec.Marshaler, bsoncodec.ValueMarshaler, and bsoncodec.Proxy interfaces, so those will take
+// precedence over any new hooks.
 //
 // 3. A kind encoder registered for the value's kind.
 //
-// If all of these lookups fail to find an encoder, an error of type ErrNoEncoder is returned. The same precedence
-// rules apply for decoders, with the exception that an error of type ErrNoDecoder will be returned if no decoder is
-// found.
+// If all of these lookups fail to find an encoder, an error of type ErrNoEncoder is returned. The
+// same precedence rules apply for decoders, with the exception that an error of type ErrNoDecoder
+// will be returned if no decoder is found.
 //
 // # DefaultValueEncoders and DefaultValueDecoders
 //
diff --git a/vendor/go.mongodb.org/mongo-driver/bson/bsoncodec/empty_interface_codec.go b/vendor/go.mongodb.org/mongo-driver/bson/bsoncodec/empty_interface_codec.go
index eda417cff..94f7dcf1e 100644
--- a/vendor/go.mongodb.org/mongo-driver/bson/bsoncodec/empty_interface_codec.go
+++ b/vendor/go.mongodb.org/mongo-driver/bson/bsoncodec/empty_interface_codec.go
@@ -16,18 +16,30 @@ import (
 )
 
 // EmptyInterfaceCodec is the Codec used for interface{} values.
+//
+// Deprecated: Use [go.mongodb.org/mongo-driver/bson.NewRegistry] to get a registry with the
+// EmptyInterfaceCodec registered.
 type EmptyInterfaceCodec struct {
+	// DecodeBinaryAsSlice causes DecodeValue to unmarshal BSON binary field values that are the
+	// "Generic" or "Old" BSON binary subtype as a Go byte slice instead of a primitive.Binary.
+	//
+	// Deprecated: Use bson.Decoder.BinaryAsSlice instead.
 	DecodeBinaryAsSlice bool
 }
 
 var (
 	defaultEmptyInterfaceCodec = NewEmptyInterfaceCodec()
 
-	_ ValueCodec  = defaultEmptyInterfaceCodec
+	// Assert that defaultEmptyInterfaceCodec satisfies the typeDecoder interface, which allows it
+	// to be used by collection type decoders (e.g. map, slice, etc) to set individual values in a
+	// collection.
 	_ typeDecoder = defaultEmptyInterfaceCodec
 )
 
 // NewEmptyInterfaceCodec returns a EmptyInterfaceCodec with options opts.
+//
+// Deprecated: Use [go.mongodb.org/mongo-driver/bson.NewRegistry] to get a registry with the
+// EmptyInterfaceCodec registered.
 func NewEmptyInterfaceCodec(opts ...*bsonoptions.EmptyInterfaceCodecOptions) *EmptyInterfaceCodec {
 	interfaceOpt := bsonoptions.MergeEmptyInterfaceCodecOptions(opts...)
 
@@ -121,7 +133,7 @@ func (eic EmptyInterfaceCodec) decodeType(dc DecodeContext, vr bsonrw.ValueReade
 		return emptyValue, err
 	}
 
-	if eic.DecodeBinaryAsSlice && rtype == tBinary {
+	if (eic.DecodeBinaryAsSlice || dc.binaryAsSlice) && rtype == tBinary {
 		binElem := elem.Interface().(primitive.Binary)
 		if binElem.Subtype == bsontype.BinaryGeneric || binElem.Subtype == bsontype.BinaryBinaryOld {
 			elem = reflect.ValueOf(binElem.Data)
diff --git a/vendor/go.mongodb.org/mongo-driver/bson/bsoncodec/map_codec.go b/vendor/go.mongodb.org/mongo-driver/bson/bsoncodec/map_codec.go
index e1fbef9c6..325c1738a 100644
--- a/vendor/go.mongodb.org/mongo-driver/bson/bsoncodec/map_codec.go
+++ b/vendor/go.mongodb.org/mongo-driver/bson/bsoncodec/map_codec.go
@@ -20,14 +20,29 @@ import (
 var defaultMapCodec = NewMapCodec()
 
 // MapCodec is the Codec used for map values.
+//
+// Deprecated: Use [go.mongodb.org/mongo-driver/bson.NewRegistry] to get a registry with the
+// MapCodec registered.
 type MapCodec struct {
-	DecodeZerosMap         bool
-	EncodeNilAsEmpty       bool
+	// DecodeZerosMap causes DecodeValue to delete any existing values from Go maps in the destination
+	// value passed to Decode before unmarshaling BSON documents into them.
+	//
+	// Deprecated: Use bson.Decoder.ZeroMaps instead.
+	DecodeZerosMap bool
+
+	// EncodeNilAsEmpty causes EncodeValue to marshal nil Go maps as empty BSON documents instead of
+	// BSON null.
+	//
+	// Deprecated: Use bson.Encoder.NilMapAsEmpty instead.
+	EncodeNilAsEmpty bool
+
+	// EncodeKeysWithStringer causes the Encoder to convert Go map keys to BSON document field name
+	// strings using fmt.Sprintf() instead of the default string conversion logic.
+	//
+	// Deprecated: Use bson.Encoder.StringifyMapKeysWithFmt instead.
 	EncodeKeysWithStringer bool
 }
 
-var _ ValueCodec = &MapCodec{}
-
 // KeyMarshaler is the interface implemented by an object that can marshal itself into a string key.
 // This applies to types used as map keys and is similar to encoding.TextMarshaler.
 type KeyMarshaler interface {
@@ -45,6 +60,9 @@ type KeyUnmarshaler interface {
 }
 
 // NewMapCodec returns a MapCodec with options opts.
+//
+// Deprecated: Use [go.mongodb.org/mongo-driver/bson.NewRegistry] to get a registry with the
+// MapCodec registered.
 func NewMapCodec(opts ...*bsonoptions.MapCodecOptions) *MapCodec {
 	mapOpt := bsonoptions.MergeMapCodecOptions(opts...)
 
@@ -67,7 +85,7 @@ func (mc *MapCodec) EncodeValue(ec EncodeContext, vw bsonrw.ValueWriter, val ref
 		return ValueEncoderError{Name: "MapEncodeValue", Kinds: []reflect.Kind{reflect.Map}, Received: val}
 	}
 
-	if val.IsNil() && !mc.EncodeNilAsEmpty {
+	if val.IsNil() && !mc.EncodeNilAsEmpty && !ec.nilMapAsEmpty {
 		// If we have a nil map but we can't WriteNull, that means we're probably trying to encode
 		// to a TopLevel document. We can't currently tell if this is what actually happened, but if
 		// there's a deeper underlying problem, the error will also be returned from WriteDocument,
@@ -100,7 +118,7 @@ func (mc *MapCodec) mapEncodeValue(ec EncodeContext, dw bsonrw.DocumentWriter, v
 
 	keys := val.MapKeys()
 	for _, key := range keys {
-		keyStr, err := mc.encodeKey(key)
+		keyStr, err := mc.encodeKey(key, ec.stringifyMapKeysWithFmt)
 		if err != nil {
 			return err
 		}
@@ -163,7 +181,7 @@ func (mc *MapCodec) DecodeValue(dc DecodeContext, vr bsonrw.ValueReader, val ref
 		val.Set(reflect.MakeMap(val.Type()))
 	}
 
-	if val.Len() > 0 && mc.DecodeZerosMap {
+	if val.Len() > 0 && (mc.DecodeZerosMap || dc.zeroMaps) {
 		clearMap(val)
 	}
 
@@ -211,8 +229,8 @@ func clearMap(m reflect.Value) {
 	}
 }
 
-func (mc *MapCodec) encodeKey(val reflect.Value) (string, error) {
-	if mc.EncodeKeysWithStringer {
+func (mc *MapCodec) encodeKey(val reflect.Value, encodeKeysWithStringer bool) (string, error) {
+	if mc.EncodeKeysWithStringer || encodeKeysWithStringer {
 		return fmt.Sprint(val), nil
 	}
 
diff --git a/vendor/go.mongodb.org/mongo-driver/bson/bsoncodec/pointer_codec.go b/vendor/go.mongodb.org/mongo-driver/bson/bsoncodec/pointer_codec.go
index 616a3e701..a1bf9c3e2 100644
--- a/vendor/go.mongodb.org/mongo-driver/bson/bsoncodec/pointer_codec.go
+++ b/vendor/go.mongodb.org/mongo-driver/bson/bsoncodec/pointer_codec.go
@@ -18,6 +18,9 @@ var _ ValueEncoder = &PointerCodec{}
 var _ ValueDecoder = &PointerCodec{}
 
 // PointerCodec is the Codec used for pointers.
+//
+// Deprecated: Use [go.mongodb.org/mongo-driver/bson.NewRegistry] to get a registry with the
+// PointerCodec registered.
 type PointerCodec struct {
 	ecache map[reflect.Type]ValueEncoder
 	dcache map[reflect.Type]ValueDecoder
@@ -25,6 +28,9 @@ type PointerCodec struct {
 }
 
 // NewPointerCodec returns a PointerCodec that has been initialized.
+//
+// Deprecated: Use [go.mongodb.org/mongo-driver/bson.NewRegistry] to get a registry with the
+// PointerCodec registered.
 func NewPointerCodec() *PointerCodec {
 	return &PointerCodec{
 		ecache: make(map[reflect.Type]ValueEncoder),
diff --git a/vendor/go.mongodb.org/mongo-driver/bson/bsoncodec/registry.go b/vendor/go.mongodb.org/mongo-driver/bson/bsoncodec/registry.go
index 80644023c..930de2849 100644
--- a/vendor/go.mongodb.org/mongo-driver/bson/bsoncodec/registry.go
+++ b/vendor/go.mongodb.org/mongo-driver/bson/bsoncodec/registry.go
@@ -16,12 +16,18 @@ import (
 )
 
 // ErrNilType is returned when nil is passed to either LookupEncoder or LookupDecoder.
+//
+// Deprecated: ErrNilType will not be supported in Go Driver 2.0.
 var ErrNilType = errors.New("cannot perform a decoder lookup on <nil>")
 
 // ErrNotPointer is returned when a non-pointer type is provided to LookupDecoder.
+//
+// Deprecated: ErrNotPointer will not be supported in Go Driver 2.0.
 var ErrNotPointer = errors.New("non-pointer provided to LookupDecoder")
 
 // ErrNoEncoder is returned when there wasn't an encoder available for a type.
+//
+// Deprecated: ErrNoEncoder will not be supported in Go Driver 2.0.
 type ErrNoEncoder struct {
 	Type reflect.Type
 }
@@ -34,6 +40,8 @@ func (ene ErrNoEncoder) Error() string {
 }
 
 // ErrNoDecoder is returned when there wasn't a decoder available for a type.
+//
+// Deprecated: ErrNoDecoder will not be supported in Go Driver 2.0.
 type ErrNoDecoder struct {
 	Type reflect.Type
 }
@@ -43,6 +51,8 @@ func (end ErrNoDecoder) Error() string {
 }
 
 // ErrNoTypeMapEntry is returned when there wasn't a type available for the provided BSON type.
+//
+// Deprecated: ErrNoTypeMapEntry will not be supported in Go Driver 2.0.
 type ErrNoTypeMapEntry struct {
 	Type bsontype.Type
 }
@@ -52,63 +62,30 @@ func (entme ErrNoTypeMapEntry) Error() string {
 }
 
 // ErrNotInterface is returned when the provided type is not an interface.
+//
+// Deprecated: ErrNotInterface will not be supported in Go Driver 2.0.
 var ErrNotInterface = errors.New("The provided type is not an interface")
 
 // A RegistryBuilder is used to build a Registry. This type is not goroutine
 // safe.
+//
+// Deprecated: Use Registry instead.
 type RegistryBuilder struct {
-	typeEncoders      map[reflect.Type]ValueEncoder
-	interfaceEncoders []interfaceValueEncoder
-	kindEncoders      map[reflect.Kind]ValueEncoder
-
-	typeDecoders      map[reflect.Type]ValueDecoder
-	interfaceDecoders []interfaceValueDecoder
-	kindDecoders      map[reflect.Kind]ValueDecoder
-
-	typeMap map[bsontype.Type]reflect.Type
-}
-
-// A Registry is used to store and retrieve codecs for types and interfaces. This type is the main
-// typed passed around and Encoders and Decoders are constructed from it.
-type Registry struct {
-	typeEncoders map[reflect.Type]ValueEncoder
-	typeDecoders map[reflect.Type]ValueDecoder
-
-	interfaceEncoders []interfaceValueEncoder
-	interfaceDecoders []interfaceValueDecoder
-
-	kindEncoders map[reflect.Kind]ValueEncoder
-	kindDecoders map[reflect.Kind]ValueDecoder
-
-	typeMap map[bsontype.Type]reflect.Type
-
-	mu sync.RWMutex
+	registry *Registry
 }
 
 // NewRegistryBuilder creates a new empty RegistryBuilder.
+//
+// Deprecated: Use NewRegistry instead.
 func NewRegistryBuilder() *RegistryBuilder {
 	return &RegistryBuilder{
-		typeEncoders: make(map[reflect.Type]ValueEncoder),
-		typeDecoders: make(map[reflect.Type]ValueDecoder),
-
-		interfaceEncoders: make([]interfaceValueEncoder, 0),
-		interfaceDecoders: make([]interfaceValueDecoder, 0),
-
-		kindEncoders: make(map[reflect.Kind]ValueEncoder),
-		kindDecoders: make(map[reflect.Kind]ValueDecoder),
-
-		typeMap: make(map[bsontype.Type]reflect.Type),
+		registry: NewRegistry(),
 	}
 }
 
-func buildDefaultRegistry() *Registry {
-	rb := NewRegistryBuilder()
-	defaultValueEncoders.RegisterDefaultEncoders(rb)
-	defaultValueDecoders.RegisterDefaultDecoders(rb)
-	return rb.Build()
-}
-
 // RegisterCodec will register the provided ValueCodec for the provided type.
+//
+// Deprecated: Use Registry.RegisterTypeEncoder and Registry.RegisterTypeDecoder instead.
 func (rb *RegistryBuilder) RegisterCodec(t reflect.Type, codec ValueCodec) *RegistryBuilder {
 	rb.RegisterTypeEncoder(t, codec)
 	rb.RegisterTypeDecoder(t, codec)
@@ -120,31 +97,22 @@ func (rb *RegistryBuilder) RegisterCodec(t reflect.Type, codec ValueCodec) *Regi
 // The type will be used directly, so an encoder can be registered for a type and a different encoder can be registered
 // for a pointer to that type.
 //
-// If the given type is an interface, the encoder will be called when marshalling a type that is that interface. It
-// will not be called when marshalling a non-interface type that implements the interface.
+// If the given type is an interface, the encoder will be called when marshaling a type that is that interface. It
+// will not be called when marshaling a non-interface type that implements the interface.
+//
+// Deprecated: Use Registry.RegisterTypeEncoder instead.
 func (rb *RegistryBuilder) RegisterTypeEncoder(t reflect.Type, enc ValueEncoder) *RegistryBuilder {
-	rb.typeEncoders[t] = enc
+	rb.registry.RegisterTypeEncoder(t, enc)
 	return rb
 }
 
 // RegisterHookEncoder will register an encoder for the provided interface type t. This encoder will be called when
-// marshalling a type if the type implements t or a pointer to the type implements t. If the provided type is not
+// marshaling a type if the type implements t or a pointer to the type implements t. If the provided type is not
 // an interface (i.e. t.Kind() != reflect.Interface), this method will panic.
+//
+// Deprecated: Use Registry.RegisterInterfaceEncoder instead.
 func (rb *RegistryBuilder) RegisterHookEncoder(t reflect.Type, enc ValueEncoder) *RegistryBuilder {
-	if t.Kind() != reflect.Interface {
-		panicStr := fmt.Sprintf("RegisterHookEncoder expects a type with kind reflect.Interface, "+
-			"got type %s with kind %s", t, t.Kind())
-		panic(panicStr)
-	}
-
-	for idx, encoder := range rb.interfaceEncoders {
-		if encoder.i == t {
-			rb.interfaceEncoders[idx].ve = enc
-			return rb
-		}
-	}
-
-	rb.interfaceEncoders = append(rb.interfaceEncoders, interfaceValueEncoder{i: t, ve: enc})
+	rb.registry.RegisterInterfaceEncoder(t, enc)
 	return rb
 }
 
@@ -153,97 +121,78 @@ func (rb *RegistryBuilder) RegisterHookEncoder(t reflect.Type, enc ValueEncoder)
 // The type will be used directly, so a decoder can be registered for a type and a different decoder can be registered
 // for a pointer to that type.
 //
-// If the given type is an interface, the decoder will be called when unmarshalling into a type that is that interface.
-// It will not be called when unmarshalling into a non-interface type that implements the interface.
+// If the given type is an interface, the decoder will be called when unmarshaling into a type that is that interface.
+// It will not be called when unmarshaling into a non-interface type that implements the interface.
+//
+// Deprecated: Use Registry.RegisterTypeDecoder instead.
 func (rb *RegistryBuilder) RegisterTypeDecoder(t reflect.Type, dec ValueDecoder) *RegistryBuilder {
-	rb.typeDecoders[t] = dec
+	rb.registry.RegisterTypeDecoder(t, dec)
 	return rb
 }
 
 // RegisterHookDecoder will register an decoder for the provided interface type t. This decoder will be called when
-// unmarshalling into a type if the type implements t or a pointer to the type implements t. If the provided type is not
+// unmarshaling into a type if the type implements t or a pointer to the type implements t. If the provided type is not
 // an interface (i.e. t.Kind() != reflect.Interface), this method will panic.
+//
+// Deprecated: Use Registry.RegisterInterfaceDecoder instead.
 func (rb *RegistryBuilder) RegisterHookDecoder(t reflect.Type, dec ValueDecoder) *RegistryBuilder {
-	if t.Kind() != reflect.Interface {
-		panicStr := fmt.Sprintf("RegisterHookDecoder expects a type with kind reflect.Interface, "+
-			"got type %s with kind %s", t, t.Kind())
-		panic(panicStr)
-	}
-
-	for idx, decoder := range rb.interfaceDecoders {
-		if decoder.i == t {
-			rb.interfaceDecoders[idx].vd = dec
-			return rb
-		}
-	}
-
-	rb.interfaceDecoders = append(rb.interfaceDecoders, interfaceValueDecoder{i: t, vd: dec})
+	rb.registry.RegisterInterfaceDecoder(t, dec)
 	return rb
 }
 
 // RegisterEncoder registers the provided type and encoder pair.
 //
-// Deprecated: Use RegisterTypeEncoder or RegisterHookEncoder instead.
+// Deprecated: Use Registry.RegisterTypeEncoder or Registry.RegisterInterfaceEncoder instead.
 func (rb *RegistryBuilder) RegisterEncoder(t reflect.Type, enc ValueEncoder) *RegistryBuilder {
 	if t == tEmpty {
-		rb.typeEncoders[t] = enc
+		rb.registry.RegisterTypeEncoder(t, enc)
 		return rb
 	}
 	switch t.Kind() {
 	case reflect.Interface:
-		for idx, ir := range rb.interfaceEncoders {
-			if ir.i == t {
-				rb.interfaceEncoders[idx].ve = enc
-				return rb
-			}
-		}
-
-		rb.interfaceEncoders = append(rb.interfaceEncoders, interfaceValueEncoder{i: t, ve: enc})
+		rb.registry.RegisterInterfaceEncoder(t, enc)
 	default:
-		rb.typeEncoders[t] = enc
+		rb.registry.RegisterTypeEncoder(t, enc)
 	}
 	return rb
 }
 
 // RegisterDecoder registers the provided type and decoder pair.
 //
-// Deprecated: Use RegisterTypeDecoder or RegisterHookDecoder instead.
+// Deprecated: Use Registry.RegisterTypeDecoder or Registry.RegisterInterfaceDecoder instead.
 func (rb *RegistryBuilder) RegisterDecoder(t reflect.Type, dec ValueDecoder) *RegistryBuilder {
 	if t == nil {
-		rb.typeDecoders[nil] = dec
+		rb.registry.RegisterTypeDecoder(t, dec)
 		return rb
 	}
 	if t == tEmpty {
-		rb.typeDecoders[t] = dec
+		rb.registry.RegisterTypeDecoder(t, dec)
 		return rb
 	}
 	switch t.Kind() {
 	case reflect.Interface:
-		for idx, ir := range rb.interfaceDecoders {
-			if ir.i == t {
-				rb.interfaceDecoders[idx].vd = dec
-				return rb
-			}
-		}
-
-		rb.interfaceDecoders = append(rb.interfaceDecoders, interfaceValueDecoder{i: t, vd: dec})
+		rb.registry.RegisterInterfaceDecoder(t, dec)
 	default:
-		rb.typeDecoders[t] = dec
+		rb.registry.RegisterTypeDecoder(t, dec)
 	}
 	return rb
 }
 
-// RegisterDefaultEncoder will registr the provided ValueEncoder to the provided
+// RegisterDefaultEncoder will register the provided ValueEncoder to the provided
 // kind.
+//
+// Deprecated: Use Registry.RegisterKindEncoder instead.
 func (rb *RegistryBuilder) RegisterDefaultEncoder(kind reflect.Kind, enc ValueEncoder) *RegistryBuilder {
-	rb.kindEncoders[kind] = enc
+	rb.registry.RegisterKindEncoder(kind, enc)
 	return rb
 }
 
 // RegisterDefaultDecoder will register the provided ValueDecoder to the
 // provided kind.
+//
+// Deprecated: Use Registry.RegisterKindDecoder instead.
 func (rb *RegistryBuilder) RegisterDefaultDecoder(kind reflect.Kind, dec ValueDecoder) *RegistryBuilder {
-	rb.kindDecoders[kind] = dec
+	rb.registry.RegisterKindDecoder(kind, dec)
 	return rb
 }
 
@@ -256,120 +205,277 @@ func (rb *RegistryBuilder) RegisterDefaultDecoder(kind reflect.Kind, dec ValueDe
 // to decode to bson.Raw, use the following code:
 //
 //	rb.RegisterTypeMapEntry(bsontype.EmbeddedDocument, reflect.TypeOf(bson.Raw{}))
+//
+// Deprecated: Use Registry.RegisterTypeMapEntry instead.
 func (rb *RegistryBuilder) RegisterTypeMapEntry(bt bsontype.Type, rt reflect.Type) *RegistryBuilder {
-	rb.typeMap[bt] = rt
+	rb.registry.RegisterTypeMapEntry(bt, rt)
 	return rb
 }
 
 // Build creates a Registry from the current state of this RegistryBuilder.
+//
+// Deprecated: Use NewRegistry instead.
 func (rb *RegistryBuilder) Build() *Registry {
 	registry := new(Registry)
 
-	registry.typeEncoders = make(map[reflect.Type]ValueEncoder)
-	for t, enc := range rb.typeEncoders {
+	registry.typeEncoders = make(map[reflect.Type]ValueEncoder, len(rb.registry.typeEncoders))
+	for t, enc := range rb.registry.typeEncoders {
 		registry.typeEncoders[t] = enc
 	}
 
-	registry.typeDecoders = make(map[reflect.Type]ValueDecoder)
-	for t, dec := range rb.typeDecoders {
+	registry.typeDecoders = make(map[reflect.Type]ValueDecoder, len(rb.registry.typeDecoders))
+	for t, dec := range rb.registry.typeDecoders {
 		registry.typeDecoders[t] = dec
 	}
 
-	registry.interfaceEncoders = make([]interfaceValueEncoder, len(rb.interfaceEncoders))
-	copy(registry.interfaceEncoders, rb.interfaceEncoders)
+	registry.interfaceEncoders = make([]interfaceValueEncoder, len(rb.registry.interfaceEncoders))
+	copy(registry.interfaceEncoders, rb.registry.interfaceEncoders)
 
-	registry.interfaceDecoders = make([]interfaceValueDecoder, len(rb.interfaceDecoders))
-	copy(registry.interfaceDecoders, rb.interfaceDecoders)
+	registry.interfaceDecoders = make([]interfaceValueDecoder, len(rb.registry.interfaceDecoders))
+	copy(registry.interfaceDecoders, rb.registry.interfaceDecoders)
 
 	registry.kindEncoders = make(map[reflect.Kind]ValueEncoder)
-	for kind, enc := range rb.kindEncoders {
+	for kind, enc := range rb.registry.kindEncoders {
 		registry.kindEncoders[kind] = enc
 	}
 
 	registry.kindDecoders = make(map[reflect.Kind]ValueDecoder)
-	for kind, dec := range rb.kindDecoders {
+	for kind, dec := range rb.registry.kindDecoders {
 		registry.kindDecoders[kind] = dec
 	}
 
 	registry.typeMap = make(map[bsontype.Type]reflect.Type)
-	for bt, rt := range rb.typeMap {
+	for bt, rt := range rb.registry.typeMap {
 		registry.typeMap[bt] = rt
 	}
 
 	return registry
 }
 
-// LookupEncoder inspects the registry for an encoder for the given type. The lookup precedence works as follows:
+// A Registry is used to store and retrieve codecs for types and interfaces. This type is the main
+// typed passed around and Encoders and Decoders are constructed from it.
+type Registry struct {
+	typeEncoders map[reflect.Type]ValueEncoder
+	typeDecoders map[reflect.Type]ValueDecoder
+
+	interfaceEncoders []interfaceValueEncoder
+	interfaceDecoders []interfaceValueDecoder
+
+	kindEncoders map[reflect.Kind]ValueEncoder
+	kindDecoders map[reflect.Kind]ValueDecoder
+
+	typeMap map[bsontype.Type]reflect.Type
+
+	mu sync.RWMutex
+}
+
+// NewRegistry creates a new empty Registry.
+func NewRegistry() *Registry {
+	return &Registry{
+		typeEncoders: make(map[reflect.Type]ValueEncoder),
+		typeDecoders: make(map[reflect.Type]ValueDecoder),
+
+		interfaceEncoders: make([]interfaceValueEncoder, 0),
+		interfaceDecoders: make([]interfaceValueDecoder, 0),
+
+		kindEncoders: make(map[reflect.Kind]ValueEncoder),
+		kindDecoders: make(map[reflect.Kind]ValueDecoder),
+
+		typeMap: make(map[bsontype.Type]reflect.Type),
+	}
+}
+
+// RegisterTypeEncoder registers the provided ValueEncoder for the provided type.
+//
+// The type will be used as provided, so an encoder can be registered for a type and a different
+// encoder can be registered for a pointer to that type.
+//
+// If the given type is an interface, the encoder will be called when marshaling a type that is
+// that interface. It will not be called when marshaling a non-interface type that implements the
+// interface. To get the latter behavior, call RegisterHookEncoder instead.
+//
+// RegisterTypeEncoder should not be called concurrently with any other Registry method.
+func (r *Registry) RegisterTypeEncoder(valueType reflect.Type, enc ValueEncoder) {
+	r.typeEncoders[valueType] = enc
+}
+
+// RegisterTypeDecoder registers the provided ValueDecoder for the provided type.
+//
+// The type will be used as provided, so a decoder can be registered for a type and a different
+// decoder can be registered for a pointer to that type.
+//
+// If the given type is an interface, the decoder will be called when unmarshaling into a type that
+// is that interface. It will not be called when unmarshaling into a non-interface type that
+// implements the interface. To get the latter behavior, call RegisterHookDecoder instead.
+//
+// RegisterTypeDecoder should not be called concurrently with any other Registry method.
+func (r *Registry) RegisterTypeDecoder(valueType reflect.Type, dec ValueDecoder) {
+	r.typeDecoders[valueType] = dec
+}
+
+// RegisterKindEncoder registers the provided ValueEncoder for the provided kind.
+//
+// Use RegisterKindEncoder to register an encoder for any type with the same underlying kind. For
+// example, consider the type MyInt defined as
+//
+//	type MyInt int32
+//
+// To define an encoder for MyInt and int32, use RegisterKindEncoder like
+//
+//	reg.RegisterKindEncoder(reflect.Int32, myEncoder)
+//
+// RegisterKindEncoder should not be called concurrently with any other Registry method.
+func (r *Registry) RegisterKindEncoder(kind reflect.Kind, enc ValueEncoder) {
+	r.kindEncoders[kind] = enc
+}
+
+// RegisterKindDecoder registers the provided ValueDecoder for the provided kind.
+//
+// Use RegisterKindDecoder to register a decoder for any type with the same underlying kind. For
+// example, consider the type MyInt defined as
 //
-// 1. An encoder registered for the exact type. If the given type represents an interface, an encoder registered using
-// RegisterTypeEncoder for the interface will be selected.
+//	type MyInt int32
 //
-// 2. An encoder registered using RegisterHookEncoder for an interface implemented by the type or by a pointer to the
-// type.
+// To define an decoder for MyInt and int32, use RegisterKindDecoder like
 //
-// 3. An encoder registered for the reflect.Kind of the value.
+//	reg.RegisterKindDecoder(reflect.Int32, myDecoder)
 //
-// If no encoder is found, an error of type ErrNoEncoder is returned.
-func (r *Registry) LookupEncoder(t reflect.Type) (ValueEncoder, error) {
-	encodererr := ErrNoEncoder{Type: t}
+// RegisterKindDecoder should not be called concurrently with any other Registry method.
+func (r *Registry) RegisterKindDecoder(kind reflect.Kind, dec ValueDecoder) {
+	r.kindDecoders[kind] = dec
+}
+
+// RegisterInterfaceEncoder registers an encoder for the provided interface type iface. This encoder will
+// be called when marshaling a type if the type implements iface or a pointer to the type
+// implements iface. If the provided type is not an interface
+// (i.e. iface.Kind() != reflect.Interface), this method will panic.
+//
+// RegisterInterfaceEncoder should not be called concurrently with any other Registry method.
+func (r *Registry) RegisterInterfaceEncoder(iface reflect.Type, enc ValueEncoder) {
+	if iface.Kind() != reflect.Interface {
+		panicStr := fmt.Errorf("RegisterInterfaceEncoder expects a type with kind reflect.Interface, "+
+			"got type %s with kind %s", iface, iface.Kind())
+		panic(panicStr)
+	}
+
+	for idx, encoder := range r.interfaceEncoders {
+		if encoder.i == iface {
+			r.interfaceEncoders[idx].ve = enc
+			return
+		}
+	}
+
+	r.interfaceEncoders = append(r.interfaceEncoders, interfaceValueEncoder{i: iface, ve: enc})
+}
+
+// RegisterInterfaceDecoder registers an decoder for the provided interface type iface. This decoder will
+// be called when unmarshaling into a type if the type implements iface or a pointer to the type
+// implements iface. If the provided type is not an interface (i.e. iface.Kind() != reflect.Interface),
+// this method will panic.
+//
+// RegisterInterfaceDecoder should not be called concurrently with any other Registry method.
+func (r *Registry) RegisterInterfaceDecoder(iface reflect.Type, dec ValueDecoder) {
+	if iface.Kind() != reflect.Interface {
+		panicStr := fmt.Errorf("RegisterInterfaceDecoder expects a type with kind reflect.Interface, "+
+			"got type %s with kind %s", iface, iface.Kind())
+		panic(panicStr)
+	}
+
+	for idx, decoder := range r.interfaceDecoders {
+		if decoder.i == iface {
+			r.interfaceDecoders[idx].vd = dec
+			return
+		}
+	}
+
+	r.interfaceDecoders = append(r.interfaceDecoders, interfaceValueDecoder{i: iface, vd: dec})
+}
+
+// RegisterTypeMapEntry will register the provided type to the BSON type. The primary usage for this
+// mapping is decoding situations where an empty interface is used and a default type needs to be
+// created and decoded into.
+//
+// By default, BSON documents will decode into interface{} values as bson.D. To change the default type for BSON
+// documents, a type map entry for bsontype.EmbeddedDocument should be registered. For example, to force BSON documents
+// to decode to bson.Raw, use the following code:
+//
+//	reg.RegisterTypeMapEntry(bsontype.EmbeddedDocument, reflect.TypeOf(bson.Raw{}))
+func (r *Registry) RegisterTypeMapEntry(bt bsontype.Type, rt reflect.Type) {
+	r.typeMap[bt] = rt
+}
+
+// LookupEncoder returns the first matching encoder in the Registry. It uses the following lookup
+// order:
+//
+// 1. An encoder registered for the exact type. If the given type is an interface, an encoder
+// registered using RegisterTypeEncoder for that interface will be selected.
+//
+// 2. An encoder registered using RegisterInterfaceEncoder for an interface implemented by the type
+// or by a pointer to the type.
+//
+// 3. An encoder registered using RegisterKindEncoder for the kind of value.
+//
+// If no encoder is found, an error of type ErrNoEncoder is returned. LookupEncoder is safe for
+// concurrent use by multiple goroutines after all codecs and encoders are registered.
+func (r *Registry) LookupEncoder(valueType reflect.Type) (ValueEncoder, error) {
 	r.mu.RLock()
-	enc, found := r.lookupTypeEncoder(t)
+	enc, found := r.lookupTypeEncoder(valueType)
 	r.mu.RUnlock()
 	if found {
 		if enc == nil {
-			return nil, ErrNoEncoder{Type: t}
+			return nil, ErrNoEncoder{Type: valueType}
 		}
 		return enc, nil
 	}
 
-	enc, found = r.lookupInterfaceEncoder(t, true)
+	enc, found = r.lookupInterfaceEncoder(valueType, true)
 	if found {
 		r.mu.Lock()
-		r.typeEncoders[t] = enc
+		r.typeEncoders[valueType] = enc
 		r.mu.Unlock()
 		return enc, nil
 	}
 
-	if t == nil {
+	if valueType == nil {
 		r.mu.Lock()
-		r.typeEncoders[t] = nil
+		r.typeEncoders[valueType] = nil
 		r.mu.Unlock()
-		return nil, encodererr
+		return nil, ErrNoEncoder{Type: valueType}
 	}
 
-	enc, found = r.kindEncoders[t.Kind()]
+	enc, found = r.kindEncoders[valueType.Kind()]
 	if !found {
 		r.mu.Lock()
-		r.typeEncoders[t] = nil
+		r.typeEncoders[valueType] = nil
 		r.mu.Unlock()
-		return nil, encodererr
+		return nil, ErrNoEncoder{Type: valueType}
 	}
 
 	r.mu.Lock()
-	r.typeEncoders[t] = enc
+	r.typeEncoders[valueType] = enc
 	r.mu.Unlock()
 	return enc, nil
 }
 
-func (r *Registry) lookupTypeEncoder(t reflect.Type) (ValueEncoder, bool) {
-	enc, found := r.typeEncoders[t]
+func (r *Registry) lookupTypeEncoder(valueType reflect.Type) (ValueEncoder, bool) {
+	enc, found := r.typeEncoders[valueType]
 	return enc, found
 }
 
-func (r *Registry) lookupInterfaceEncoder(t reflect.Type, allowAddr bool) (ValueEncoder, bool) {
-	if t == nil {
+func (r *Registry) lookupInterfaceEncoder(valueType reflect.Type, allowAddr bool) (ValueEncoder, bool) {
+	if valueType == nil {
 		return nil, false
 	}
 	for _, ienc := range r.interfaceEncoders {
-		if t.Implements(ienc.i) {
+		if valueType.Implements(ienc.i) {
 			return ienc.ve, true
 		}
-		if allowAddr && t.Kind() != reflect.Ptr && reflect.PtrTo(t).Implements(ienc.i) {
-			// if *t implements an interface, this will catch if t implements an interface further ahead
-			// in interfaceEncoders
-			defaultEnc, found := r.lookupInterfaceEncoder(t, false)
+		if allowAddr && valueType.Kind() != reflect.Ptr && reflect.PtrTo(valueType).Implements(ienc.i) {
+			// if *t implements an interface, this will catch if t implements an interface further
+			// ahead in interfaceEncoders
+			defaultEnc, found := r.lookupInterfaceEncoder(valueType, false)
 			if !found {
-				defaultEnc = r.kindEncoders[t.Kind()]
+				defaultEnc = r.kindEncoders[valueType.Kind()]
 			}
 			return newCondAddrEncoder(ienc.ve, defaultEnc), true
 		}
@@ -377,70 +483,72 @@ func (r *Registry) lookupInterfaceEncoder(t reflect.Type, allowAddr bool) (Value
 	return nil, false
 }
 
-// LookupDecoder inspects the registry for an decoder for the given type. The lookup precedence works as follows:
+// LookupDecoder returns the first matching decoder in the Registry. It uses the following lookup
+// order:
 //
-// 1. A decoder registered for the exact type. If the given type represents an interface, a decoder registered using
-// RegisterTypeDecoder for the interface will be selected.
+// 1. A decoder registered for the exact type. If the given type is an interface, a decoder
+// registered using RegisterTypeDecoder for that interface will be selected.
 //
-// 2. A decoder registered using RegisterHookDecoder for an interface implemented by the type or by a pointer to the
-// type.
+// 2. A decoder registered using RegisterInterfaceDecoder for an interface implemented by the type or by
+// a pointer to the type.
 //
-// 3. A decoder registered for the reflect.Kind of the value.
+// 3. A decoder registered using RegisterKindDecoder for the kind of value.
 //
-// If no decoder is found, an error of type ErrNoDecoder is returned.
-func (r *Registry) LookupDecoder(t reflect.Type) (ValueDecoder, error) {
-	if t == nil {
+// If no decoder is found, an error of type ErrNoDecoder is returned. LookupDecoder is safe for
+// concurrent use by multiple goroutines after all codecs and decoders are registered.
+func (r *Registry) LookupDecoder(valueType reflect.Type) (ValueDecoder, error) {
+	if valueType == nil {
 		return nil, ErrNilType
 	}
-	decodererr := ErrNoDecoder{Type: t}
+	decodererr := ErrNoDecoder{Type: valueType}
 	r.mu.RLock()
-	dec, found := r.lookupTypeDecoder(t)
+	dec, found := r.lookupTypeDecoder(valueType)
 	r.mu.RUnlock()
 	if found {
 		if dec == nil {
-			return nil, ErrNoDecoder{Type: t}
+			return nil, ErrNoDecoder{Type: valueType}
 		}
 		return dec, nil
 	}
 
-	dec, found = r.lookupInterfaceDecoder(t, true)
+	dec, found = r.lookupInterfaceDecoder(valueType, true)
 	if found {
 		r.mu.Lock()
-		r.typeDecoders[t] = dec
+		r.typeDecoders[valueType] = dec
 		r.mu.Unlock()
 		return dec, nil
 	}
 
-	dec, found = r.kindDecoders[t.Kind()]
+	dec, found = r.kindDecoders[valueType.Kind()]
 	if !found {
 		r.mu.Lock()
-		r.typeDecoders[t] = nil
+		r.typeDecoders[valueType] = nil
 		r.mu.Unlock()
 		return nil, decodererr
 	}
 
 	r.mu.Lock()
-	r.typeDecoders[t] = dec
+	r.typeDecoders[valueType] = dec
 	r.mu.Unlock()
 	return dec, nil
 }
 
-func (r *Registry) lookupTypeDecoder(t reflect.Type) (ValueDecoder, bool) {
-	dec, found := r.typeDecoders[t]
+func (r *Registry) lookupTypeDecoder(valueType reflect.Type) (ValueDecoder, bool) {
+	dec, found := r.typeDecoders[valueType]
 	return dec, found
 }
 
-func (r *Registry) lookupInterfaceDecoder(t reflect.Type, allowAddr bool) (ValueDecoder, bool) {
+func (r *Registry) lookupInterfaceDecoder(valueType reflect.Type, allowAddr bool) (ValueDecoder, bool) {
 	for _, idec := range r.interfaceDecoders {
-		if t.Implements(idec.i) {
+		if valueType.Implements(idec.i) {
 			return idec.vd, true
 		}
-		if allowAddr && t.Kind() != reflect.Ptr && reflect.PtrTo(t).Implements(idec.i) {
-			// if *t implements an interface, this will catch if t implements an interface further ahead
-			// in interfaceDecoders
-			defaultDec, found := r.lookupInterfaceDecoder(t, false)
+		if allowAddr && valueType.Kind() != reflect.Ptr && reflect.PtrTo(valueType).Implements(idec.i) {
+			// if *t implements an interface, this will catch if t implements an interface further
+			// ahead in interfaceDecoders
+			defaultDec, found := r.lookupInterfaceDecoder(valueType, false)
 			if !found {
-				defaultDec = r.kindDecoders[t.Kind()]
+				defaultDec = r.kindDecoders[valueType.Kind()]
 			}
 			return newCondAddrDecoder(idec.vd, defaultDec), true
 		}
@@ -450,6 +558,8 @@ func (r *Registry) lookupInterfaceDecoder(t reflect.Type, allowAddr bool) (Value
 
 // LookupTypeMapEntry inspects the registry's type map for a Go type for the corresponding BSON
 // type. If no type is found, ErrNoTypeMapEntry is returned.
+//
+// LookupTypeMapEntry should not be called concurrently with any other Registry method.
 func (r *Registry) LookupTypeMapEntry(bt bsontype.Type) (reflect.Type, error) {
 	t, ok := r.typeMap[bt]
 	if !ok || t == nil {
diff --git a/vendor/go.mongodb.org/mongo-driver/bson/bsoncodec/slice_codec.go b/vendor/go.mongodb.org/mongo-driver/bson/bsoncodec/slice_codec.go
index 3c1b6b860..20c3e7549 100644
--- a/vendor/go.mongodb.org/mongo-driver/bson/bsoncodec/slice_codec.go
+++ b/vendor/go.mongodb.org/mongo-driver/bson/bsoncodec/slice_codec.go
@@ -19,13 +19,21 @@ import (
 var defaultSliceCodec = NewSliceCodec()
 
 // SliceCodec is the Codec used for slice values.
+//
+// Deprecated: Use [go.mongodb.org/mongo-driver/bson.NewRegistry] to get a registry with the
+// SliceCodec registered.
 type SliceCodec struct {
+	// EncodeNilAsEmpty causes EncodeValue to marshal nil Go slices as empty BSON arrays instead of
+	// BSON null.
+	//
+	// Deprecated: Use bson.Encoder.NilSliceAsEmpty instead.
 	EncodeNilAsEmpty bool
 }
 
-var _ ValueCodec = &MapCodec{}
-
 // NewSliceCodec returns a MapCodec with options opts.
+//
+// Deprecated: Use [go.mongodb.org/mongo-driver/bson.NewRegistry] to get a registry with the
+// SliceCodec registered.
 func NewSliceCodec(opts ...*bsonoptions.SliceCodecOptions) *SliceCodec {
 	sliceOpt := bsonoptions.MergeSliceCodecOptions(opts...)
 
@@ -42,16 +50,14 @@ func (sc SliceCodec) EncodeValue(ec EncodeContext, vw bsonrw.ValueWriter, val re
 		return ValueEncoderError{Name: "SliceEncodeValue", Kinds: []reflect.Kind{reflect.Slice}, Received: val}
 	}
 
-	if val.IsNil() && !sc.EncodeNilAsEmpty {
+	if val.IsNil() && !sc.EncodeNilAsEmpty && !ec.nilSliceAsEmpty {
 		return vw.WriteNull()
 	}
 
 	// If we have a []byte we want to treat it as a binary instead of as an array.
 	if val.Type().Elem() == tByte {
-		var byteSlice []byte
-		for idx := 0; idx < val.Len(); idx++ {
-			byteSlice = append(byteSlice, val.Index(idx).Interface().(byte))
-		}
+		byteSlice := make([]byte, val.Len())
+		reflect.Copy(reflect.ValueOf(byteSlice), val)
 		return vw.WriteBinary(byteSlice)
 	}
 
@@ -145,11 +151,8 @@ func (sc *SliceCodec) DecodeValue(dc DecodeContext, vr bsonrw.ValueReader, val r
 		if val.IsNil() {
 			val.Set(reflect.MakeSlice(val.Type(), 0, len(data)))
 		}
-
 		val.SetLen(0)
-		for _, elem := range data {
-			val.Set(reflect.Append(val, reflect.ValueOf(elem)))
-		}
+		val.Set(reflect.AppendSlice(val, reflect.ValueOf(data)))
 		return nil
 	case bsontype.String:
 		if sliceType := val.Type().Elem(); sliceType != tByte {
@@ -164,11 +167,8 @@ func (sc *SliceCodec) DecodeValue(dc DecodeContext, vr bsonrw.ValueReader, val r
 		if val.IsNil() {
 			val.Set(reflect.MakeSlice(val.Type(), 0, len(byteStr)))
 		}
-
 		val.SetLen(0)
-		for _, elem := range byteStr {
-			val.Set(reflect.Append(val, reflect.ValueOf(elem)))
-		}
+		val.Set(reflect.AppendSlice(val, reflect.ValueOf(byteStr)))
 		return nil
 	default:
 		return fmt.Errorf("cannot decode %v into a slice", vrType)
diff --git a/vendor/go.mongodb.org/mongo-driver/bson/bsoncodec/string_codec.go b/vendor/go.mongodb.org/mongo-driver/bson/bsoncodec/string_codec.go
index 5332b7c3b..ff931b725 100644
--- a/vendor/go.mongodb.org/mongo-driver/bson/bsoncodec/string_codec.go
+++ b/vendor/go.mongodb.org/mongo-driver/bson/bsoncodec/string_codec.go
@@ -15,26 +15,38 @@ import (
 	"go.mongodb.org/mongo-driver/bson/bsontype"
 )
 
-// StringCodec is the Codec used for struct values.
+// StringCodec is the Codec used for string values.
+//
+// Deprecated: Use [go.mongodb.org/mongo-driver/bson.NewRegistry] to get a registry with the
+// StringCodec registered.
 type StringCodec struct {
+	// DecodeObjectIDAsHex specifies if object IDs should be decoded as their hex representation.
+	// If false, a string made from the raw object ID bytes will be used. Defaults to true.
+	//
+	// Deprecated: Decoding object IDs as raw bytes will not be supported in Go Driver 2.0.
 	DecodeObjectIDAsHex bool
 }
 
 var (
 	defaultStringCodec = NewStringCodec()
 
-	_ ValueCodec  = defaultStringCodec
+	// Assert that defaultStringCodec satisfies the typeDecoder interface, which allows it to be
+	// used by collection type decoders (e.g. map, slice, etc) to set individual values in a
+	// collection.
 	_ typeDecoder = defaultStringCodec
 )
 
 // NewStringCodec returns a StringCodec with options opts.
+//
+// Deprecated: Use [go.mongodb.org/mongo-driver/bson.NewRegistry] to get a registry with the
+// StringCodec registered.
 func NewStringCodec(opts ...*bsonoptions.StringCodecOptions) *StringCodec {
 	stringOpt := bsonoptions.MergeStringCodecOptions(opts...)
 	return &StringCodec{*stringOpt.DecodeObjectIDAsHex}
 }
 
 // EncodeValue is the ValueEncoder for string types.
-func (sc *StringCodec) EncodeValue(ectx EncodeContext, vw bsonrw.ValueWriter, val reflect.Value) error {
+func (sc *StringCodec) EncodeValue(_ EncodeContext, vw bsonrw.ValueWriter, val reflect.Value) error {
 	if val.Kind() != reflect.String {
 		return ValueEncoderError{
 			Name:     "StringEncodeValue",
@@ -46,7 +58,7 @@ func (sc *StringCodec) EncodeValue(ectx EncodeContext, vw bsonrw.ValueWriter, va
 	return vw.WriteString(val.String())
 }
 
-func (sc *StringCodec) decodeType(dc DecodeContext, vr bsonrw.ValueReader, t reflect.Type) (reflect.Value, error) {
+func (sc *StringCodec) decodeType(_ DecodeContext, vr bsonrw.ValueReader, t reflect.Type) (reflect.Value, error) {
 	if t.Kind() != reflect.String {
 		return emptyValue, ValueDecoderError{
 			Name:     "StringDecodeValue",
@@ -71,6 +83,7 @@ func (sc *StringCodec) decodeType(dc DecodeContext, vr bsonrw.ValueReader, t ref
 		if sc.DecodeObjectIDAsHex {
 			str = oid.Hex()
 		} else {
+			// TODO(GODRIVER-2796): Return an error here instead of decoding to a garbled string.
 			byteArray := [12]byte(oid)
 			str = string(byteArray[:])
 		}
diff --git a/vendor/go.mongodb.org/mongo-driver/bson/bsoncodec/struct_codec.go b/vendor/go.mongodb.org/mongo-driver/bson/bsoncodec/struct_codec.go
index be3f2081e..1dfdd9886 100644
--- a/vendor/go.mongodb.org/mongo-driver/bson/bsoncodec/struct_codec.go
+++ b/vendor/go.mongodb.org/mongo-driver/bson/bsoncodec/struct_codec.go
@@ -59,14 +59,44 @@ type Zeroer interface {
 }
 
 // StructCodec is the Codec used for struct values.
+//
+// Deprecated: Use [go.mongodb.org/mongo-driver/bson.NewRegistry] to get a registry with the
+// StructCodec registered.
 type StructCodec struct {
-	cache                            map[reflect.Type]*structDescription
-	l                                sync.RWMutex
-	parser                           StructTagParser
-	DecodeZeroStruct                 bool
-	DecodeDeepZeroInline             bool
-	EncodeOmitDefaultStruct          bool
-	AllowUnexportedFields            bool
+	cache  map[reflect.Type]*structDescription
+	l      sync.RWMutex
+	parser StructTagParser
+
+	// DecodeZeroStruct causes DecodeValue to delete any existing values from Go structs in the
+	// destination value passed to Decode before unmarshaling BSON documents into them.
+	//
+	// Deprecated: Use bson.Decoder.ZeroStructs instead.
+	DecodeZeroStruct bool
+
+	// DecodeDeepZeroInline causes DecodeValue to delete any existing values from Go structs in the
+	// destination value passed to Decode before unmarshaling BSON documents into them.
+	//
+	// Deprecated: DecodeDeepZeroInline will not be supported in Go Driver 2.0.
+	DecodeDeepZeroInline bool
+
+	// EncodeOmitDefaultStruct causes the Encoder to consider the zero value for a struct (e.g.
+	// MyStruct{}) as empty and omit it from the marshaled BSON when the "omitempty" struct tag
+	// option is set.
+	//
+	// Deprecated: Use bson.Encoder.OmitZeroStruct instead.
+	EncodeOmitDefaultStruct bool
+
+	// AllowUnexportedFields allows encoding and decoding values from un-exported struct fields.
+	//
+	// Deprecated: AllowUnexportedFields does not work on recent versions of Go and will not be
+	// supported in Go Driver 2.0.
+	AllowUnexportedFields bool
+
+	// OverwriteDuplicatedInlinedFields, if false, causes EncodeValue to return an error if there is
+	// a duplicate field in the marshaled BSON when the "inline" struct tag option is set. The
+	// default value is true.
+	//
+	// Deprecated: Use bson.Encoder.ErrorOnInlineDuplicates instead.
 	OverwriteDuplicatedInlinedFields bool
 }
 
@@ -74,6 +104,9 @@ var _ ValueEncoder = &StructCodec{}
 var _ ValueDecoder = &StructCodec{}
 
 // NewStructCodec returns a StructCodec that uses p for struct tag parsing.
+//
+// Deprecated: Use [go.mongodb.org/mongo-driver/bson.NewRegistry] to get a registry with the
+// StructCodec registered.
 func NewStructCodec(p StructTagParser, opts ...*bsonoptions.StructCodecOptions) (*StructCodec, error) {
 	if p == nil {
 		return nil, errors.New("a StructTagParser must be provided to NewStructCodec")
@@ -106,12 +139,12 @@ func NewStructCodec(p StructTagParser, opts ...*bsonoptions.StructCodecOptions)
 }
 
 // EncodeValue handles encoding generic struct types.
-func (sc *StructCodec) EncodeValue(r EncodeContext, vw bsonrw.ValueWriter, val reflect.Value) error {
+func (sc *StructCodec) EncodeValue(ec EncodeContext, vw bsonrw.ValueWriter, val reflect.Value) error {
 	if !val.IsValid() || val.Kind() != reflect.Struct {
 		return ValueEncoderError{Name: "StructCodec.EncodeValue", Kinds: []reflect.Kind{reflect.Struct}, Received: val}
 	}
 
-	sd, err := sc.describeStruct(r.Registry, val.Type())
+	sd, err := sc.describeStruct(ec.Registry, val.Type(), ec.useJSONStructTags, ec.errorOnInlineDuplicates)
 	if err != nil {
 		return err
 	}
@@ -131,7 +164,7 @@ func (sc *StructCodec) EncodeValue(r EncodeContext, vw bsonrw.ValueWriter, val r
 			}
 		}
 
-		desc.encoder, rv, err = defaultValueEncoders.lookupElementEncoder(r, desc.encoder, rv)
+		desc.encoder, rv, err = defaultValueEncoders.lookupElementEncoder(ec, desc.encoder, rv)
 
 		if err != nil && err != errInvalidValue {
 			return err
@@ -158,17 +191,18 @@ func (sc *StructCodec) EncodeValue(r EncodeContext, vw bsonrw.ValueWriter, val r
 
 		encoder := desc.encoder
 
-		var isZero bool
+		var zero bool
 		rvInterface := rv.Interface()
 		if cz, ok := encoder.(CodecZeroer); ok {
-			isZero = cz.IsTypeZero(rvInterface)
+			zero = cz.IsTypeZero(rvInterface)
 		} else if rv.Kind() == reflect.Interface {
-			// sc.isZero will not treat an interface rv as an interface, so we need to check for the zero interface separately.
-			isZero = rv.IsNil()
+			// isZero will not treat an interface rv as an interface, so we need to check for the
+			// zero interface separately.
+			zero = rv.IsNil()
 		} else {
-			isZero = sc.isZero(rvInterface)
+			zero = isZero(rvInterface, sc.EncodeOmitDefaultStruct || ec.omitZeroStruct)
 		}
-		if desc.omitEmpty && isZero {
+		if desc.omitEmpty && zero {
 			continue
 		}
 
@@ -177,7 +211,17 @@ func (sc *StructCodec) EncodeValue(r EncodeContext, vw bsonrw.ValueWriter, val r
 			return err
 		}
 
-		ectx := EncodeContext{Registry: r.Registry, MinSize: desc.minSize}
+		ectx := EncodeContext{
+			Registry:                ec.Registry,
+			MinSize:                 desc.minSize || ec.MinSize,
+			errorOnInlineDuplicates: ec.errorOnInlineDuplicates,
+			stringifyMapKeysWithFmt: ec.stringifyMapKeysWithFmt,
+			nilMapAsEmpty:           ec.nilMapAsEmpty,
+			nilSliceAsEmpty:         ec.nilSliceAsEmpty,
+			nilByteSliceAsEmpty:     ec.nilByteSliceAsEmpty,
+			omitZeroStruct:          ec.omitZeroStruct,
+			useJSONStructTags:       ec.useJSONStructTags,
+		}
 		err = encoder.EncodeValue(ectx, vw2, rv)
 		if err != nil {
 			return err
@@ -191,7 +235,7 @@ func (sc *StructCodec) EncodeValue(r EncodeContext, vw bsonrw.ValueWriter, val r
 			return exists
 		}
 
-		return defaultMapCodec.mapEncodeValue(r, dw, rv, collisionFn)
+		return defaultMapCodec.mapEncodeValue(ec, dw, rv, collisionFn)
 	}
 
 	return dw.WriteDocumentEnd()
@@ -213,7 +257,7 @@ func newDecodeError(key string, original error) error {
 // DecodeValue implements the Codec interface.
 // By default, map types in val will not be cleared. If a map has existing key/value pairs, it will be extended with the new ones from vr.
 // For slices, the decoder will set the length of the slice to zero and append all elements. The underlying array will not be cleared.
-func (sc *StructCodec) DecodeValue(r DecodeContext, vr bsonrw.ValueReader, val reflect.Value) error {
+func (sc *StructCodec) DecodeValue(dc DecodeContext, vr bsonrw.ValueReader, val reflect.Value) error {
 	if !val.CanSet() || val.Kind() != reflect.Struct {
 		return ValueDecoderError{Name: "StructCodec.DecodeValue", Kinds: []reflect.Kind{reflect.Struct}, Received: val}
 	}
@@ -238,12 +282,12 @@ func (sc *StructCodec) DecodeValue(r DecodeContext, vr bsonrw.ValueReader, val r
 		return fmt.Errorf("cannot decode %v into a %s", vrType, val.Type())
 	}
 
-	sd, err := sc.describeStruct(r.Registry, val.Type())
+	sd, err := sc.describeStruct(dc.Registry, val.Type(), dc.useJSONStructTags, false)
 	if err != nil {
 		return err
 	}
 
-	if sc.DecodeZeroStruct {
+	if sc.DecodeZeroStruct || dc.zeroStructs {
 		val.Set(reflect.Zero(val.Type()))
 	}
 	if sc.DecodeDeepZeroInline && sd.inline {
@@ -254,7 +298,7 @@ func (sc *StructCodec) DecodeValue(r DecodeContext, vr bsonrw.ValueReader, val r
 	var inlineMap reflect.Value
 	if sd.inlineMap >= 0 {
 		inlineMap = val.Field(sd.inlineMap)
-		decoder, err = r.LookupDecoder(inlineMap.Type().Elem())
+		decoder, err = dc.LookupDecoder(inlineMap.Type().Elem())
 		if err != nil {
 			return err
 		}
@@ -298,8 +342,8 @@ func (sc *StructCodec) DecodeValue(r DecodeContext, vr bsonrw.ValueReader, val r
 			}
 
 			elem := reflect.New(inlineMap.Type().Elem()).Elem()
-			r.Ancestor = inlineMap.Type()
-			err = decoder.DecodeValue(r, vr, elem)
+			dc.Ancestor = inlineMap.Type()
+			err = decoder.DecodeValue(dc, vr, elem)
 			if err != nil {
 				return err
 			}
@@ -326,7 +370,17 @@ func (sc *StructCodec) DecodeValue(r DecodeContext, vr bsonrw.ValueReader, val r
 		}
 		field = field.Addr()
 
-		dctx := DecodeContext{Registry: r.Registry, Truncate: fd.truncate || r.Truncate}
+		dctx := DecodeContext{
+			Registry:            dc.Registry,
+			Truncate:            fd.truncate || dc.Truncate,
+			defaultDocumentType: dc.defaultDocumentType,
+			binaryAsSlice:       dc.binaryAsSlice,
+			useJSONStructTags:   dc.useJSONStructTags,
+			useLocalTimeZone:    dc.useLocalTimeZone,
+			zeroMaps:            dc.zeroMaps,
+			zeroStructs:         dc.zeroStructs,
+		}
+
 		if fd.decoder == nil {
 			return newDecodeError(fd.name, ErrNoDecoder{Type: field.Elem().Type()})
 		}
@@ -340,7 +394,7 @@ func (sc *StructCodec) DecodeValue(r DecodeContext, vr bsonrw.ValueReader, val r
 	return nil
 }
 
-func (sc *StructCodec) isZero(i interface{}) bool {
+func isZero(i interface{}, omitZeroStruct bool) bool {
 	v := reflect.ValueOf(i)
 
 	// check the value validity
@@ -366,22 +420,27 @@ func (sc *StructCodec) isZero(i interface{}) bool {
 	case reflect.Interface, reflect.Ptr:
 		return v.IsNil()
 	case reflect.Struct:
-		if sc.EncodeOmitDefaultStruct {
-			vt := v.Type()
-			if vt == tTime {
-				return v.Interface().(time.Time).IsZero()
+		if !omitZeroStruct {
+			return false
+		}
+
+		// TODO(GODRIVER-2820): Update the logic to be able to handle private struct fields.
+		// TODO Use condition "reflect.Zero(v.Type()).Equal(v)" instead.
+
+		vt := v.Type()
+		if vt == tTime {
+			return v.Interface().(time.Time).IsZero()
+		}
+		for i := 0; i < v.NumField(); i++ {
+			if vt.Field(i).PkgPath != "" && !vt.Field(i).Anonymous {
+				continue // Private field
 			}
-			for i := 0; i < v.NumField(); i++ {
-				if vt.Field(i).PkgPath != "" && !vt.Field(i).Anonymous {
-					continue // Private field
-				}
-				fld := v.Field(i)
-				if !sc.isZero(fld.Interface()) {
-					return false
-				}
+			fld := v.Field(i)
+			if !isZero(fld.Interface(), omitZeroStruct) {
+				return false
 			}
-			return true
 		}
+		return true
 	}
 
 	return false
@@ -435,7 +494,12 @@ func (bi byIndex) Less(i, j int) bool {
 	return len(bi[i].inline) < len(bi[j].inline)
 }
 
-func (sc *StructCodec) describeStruct(r *Registry, t reflect.Type) (*structDescription, error) {
+func (sc *StructCodec) describeStruct(
+	r *Registry,
+	t reflect.Type,
+	useJSONStructTags bool,
+	errorOnDuplicates bool,
+) (*structDescription, error) {
 	// We need to analyze the struct, including getting the tags, collecting
 	// information about inlining, and create a map of the field name to the field.
 	sc.l.RLock()
@@ -477,7 +541,14 @@ func (sc *StructCodec) describeStruct(r *Registry, t reflect.Type) (*structDescr
 			decoder:   decoder,
 		}
 
-		stags, err := sc.parser.ParseStructTags(sf)
+		var stags StructTags
+		// If the caller requested that we use JSON struct tags, use the JSONFallbackStructTagParser
+		// instead of the parser defined on the codec.
+		if useJSONStructTags {
+			stags, err = JSONFallbackStructTagParser.ParseStructTags(sf)
+		} else {
+			stags, err = sc.parser.ParseStructTags(sf)
+		}
 		if err != nil {
 			return nil, err
 		}
@@ -507,7 +578,7 @@ func (sc *StructCodec) describeStruct(r *Registry, t reflect.Type) (*structDescr
 				}
 				fallthrough
 			case reflect.Struct:
-				inlinesf, err := sc.describeStruct(r, sfType)
+				inlinesf, err := sc.describeStruct(r, sfType, useJSONStructTags, errorOnDuplicates)
 				if err != nil {
 					return nil, err
 				}
@@ -559,7 +630,7 @@ func (sc *StructCodec) describeStruct(r *Registry, t reflect.Type) (*structDescr
 			continue
 		}
 		dominant, ok := dominantField(fields[i : i+advance])
-		if !ok || !sc.OverwriteDuplicatedInlinedFields {
+		if !ok || !sc.OverwriteDuplicatedInlinedFields || errorOnDuplicates {
 			return nil, fmt.Errorf("struct %s has duplicated key %s", t.String(), name)
 		}
 		sd.fl = append(sd.fl, dominant)
diff --git a/vendor/go.mongodb.org/mongo-driver/bson/bsoncodec/struct_tag_parser.go b/vendor/go.mongodb.org/mongo-driver/bson/bsoncodec/struct_tag_parser.go
index 62708c5c7..18d85bfb0 100644
--- a/vendor/go.mongodb.org/mongo-driver/bson/bsoncodec/struct_tag_parser.go
+++ b/vendor/go.mongodb.org/mongo-driver/bson/bsoncodec/struct_tag_parser.go
@@ -12,12 +12,16 @@ import (
 )
 
 // StructTagParser returns the struct tags for a given struct field.
+//
+// Deprecated: Defining custom BSON struct tag parsers will not be supported in Go Driver 2.0.
 type StructTagParser interface {
 	ParseStructTags(reflect.StructField) (StructTags, error)
 }
 
 // StructTagParserFunc is an adapter that allows a generic function to be used
 // as a StructTagParser.
+//
+// Deprecated: Defining custom BSON struct tag parsers will not be supported in Go Driver 2.0.
 type StructTagParserFunc func(reflect.StructField) (StructTags, error)
 
 // ParseStructTags implements the StructTagParser interface.
@@ -50,7 +54,7 @@ func (stpf StructTagParserFunc) ParseStructTags(sf reflect.StructField) (StructT
 //	Skip       This struct field should be skipped. This is usually denoted by parsing a "-"
 //	           for the name.
 //
-// TODO(skriptble): Add tags for undefined as nil and for null as nil.
+// Deprecated: Defining custom BSON struct tag parsers will not be supported in Go Driver 2.0.
 type StructTags struct {
 	Name      string
 	OmitEmpty bool
@@ -85,6 +89,8 @@ type StructTags struct {
 // A struct tag either consisting entirely of '-' or with a bson key with a
 // value consisting entirely of '-' will return a StructTags with Skip true and
 // the remaining fields will be their default values.
+//
+// Deprecated: DefaultStructTagParser will be removed in Go Driver 2.0.
 var DefaultStructTagParser StructTagParserFunc = func(sf reflect.StructField) (StructTags, error) {
 	key := strings.ToLower(sf.Name)
 	tag, ok := sf.Tag.Lookup("bson")
@@ -125,6 +131,9 @@ func parseTags(key string, tag string) (StructTags, error) {
 // JSONFallbackStructTagParser has the same behavior as DefaultStructTagParser
 // but will also fallback to parsing the json tag instead on a field where the
 // bson tag isn't available.
+//
+// Deprecated: Use [go.mongodb.org/mongo-driver/bson.Encoder.UseJSONStructTags] and
+// [go.mongodb.org/mongo-driver/bson.Decoder.UseJSONStructTags] instead.
 var JSONFallbackStructTagParser StructTagParserFunc = func(sf reflect.StructField) (StructTags, error) {
 	key := strings.ToLower(sf.Name)
 	tag, ok := sf.Tag.Lookup("bson")
diff --git a/vendor/go.mongodb.org/mongo-driver/bson/bsoncodec/time_codec.go b/vendor/go.mongodb.org/mongo-driver/bson/bsoncodec/time_codec.go
index ec7e30f72..7b005a995 100644
--- a/vendor/go.mongodb.org/mongo-driver/bson/bsoncodec/time_codec.go
+++ b/vendor/go.mongodb.org/mongo-driver/bson/bsoncodec/time_codec.go
@@ -22,18 +22,28 @@ const (
 )
 
 // TimeCodec is the Codec used for time.Time values.
+//
+// Deprecated: Use [go.mongodb.org/mongo-driver/bson.NewRegistry] to get a registry with the
+// TimeCodec registered.
 type TimeCodec struct {
+	// UseLocalTimeZone specifies if we should decode into the local time zone. Defaults to false.
+	//
+	// Deprecated: Use bson.Decoder.UseLocalTimeZone instead.
 	UseLocalTimeZone bool
 }
 
 var (
 	defaultTimeCodec = NewTimeCodec()
 
-	_ ValueCodec  = defaultTimeCodec
+	// Assert that defaultTimeCodec satisfies the typeDecoder interface, which allows it to be used
+	// by collection type decoders (e.g. map, slice, etc) to set individual values in a collection.
 	_ typeDecoder = defaultTimeCodec
 )
 
 // NewTimeCodec returns a TimeCodec with options opts.
+//
+// Deprecated: Use [go.mongodb.org/mongo-driver/bson.NewRegistry] to get a registry with the
+// TimeCodec registered.
 func NewTimeCodec(opts ...*bsonoptions.TimeCodecOptions) *TimeCodec {
 	timeOpt := bsonoptions.MergeTimeCodecOptions(opts...)
 
@@ -95,7 +105,7 @@ func (tc *TimeCodec) decodeType(dc DecodeContext, vr bsonrw.ValueReader, t refle
 		return emptyValue, fmt.Errorf("cannot decode %v into a time.Time", vrType)
 	}
 
-	if !tc.UseLocalTimeZone {
+	if !tc.UseLocalTimeZone && !dc.useLocalTimeZone {
 		timeVal = timeVal.UTC()
 	}
 	return reflect.ValueOf(timeVal), nil
@@ -117,7 +127,7 @@ func (tc *TimeCodec) DecodeValue(dc DecodeContext, vr bsonrw.ValueReader, val re
 }
 
 // EncodeValue is the ValueEncoderFunc for time.TIme.
-func (tc *TimeCodec) EncodeValue(ec EncodeContext, vw bsonrw.ValueWriter, val reflect.Value) error {
+func (tc *TimeCodec) EncodeValue(_ EncodeContext, vw bsonrw.ValueWriter, val reflect.Value) error {
 	if !val.IsValid() || val.Type() != tTime {
 		return ValueEncoderError{Name: "TimeEncodeValue", Types: []reflect.Type{tTime}, Received: val}
 	}
diff --git a/vendor/go.mongodb.org/mongo-driver/bson/bsoncodec/uint_codec.go b/vendor/go.mongodb.org/mongo-driver/bson/bsoncodec/uint_codec.go
index 0b21ce999..7eb106905 100644
--- a/vendor/go.mongodb.org/mongo-driver/bson/bsoncodec/uint_codec.go
+++ b/vendor/go.mongodb.org/mongo-driver/bson/bsoncodec/uint_codec.go
@@ -17,18 +17,29 @@ import (
 )
 
 // UIntCodec is the Codec used for uint values.
+//
+// Deprecated: Use [go.mongodb.org/mongo-driver/bson.NewRegistry] to get a registry with the
+// UIntCodec registered.
 type UIntCodec struct {
+	// EncodeToMinSize causes EncodeValue to marshal Go uint values (excluding uint64) as the
+	// minimum BSON int size (either 32-bit or 64-bit) that can represent the integer value.
+	//
+	// Deprecated: Use bson.Encoder.IntMinSize instead.
 	EncodeToMinSize bool
 }
 
 var (
 	defaultUIntCodec = NewUIntCodec()
 
-	_ ValueCodec  = defaultUIntCodec
+	// Assert that defaultUIntCodec satisfies the typeDecoder interface, which allows it to be used
+	// by collection type decoders (e.g. map, slice, etc) to set individual values in a collection.
 	_ typeDecoder = defaultUIntCodec
 )
 
 // NewUIntCodec returns a UIntCodec with options opts.
+//
+// Deprecated: Use [go.mongodb.org/mongo-driver/bson.NewRegistry] to get a registry with the
+// UIntCodec registered.
 func NewUIntCodec(opts ...*bsonoptions.UIntCodecOptions) *UIntCodec {
 	uintOpt := bsonoptions.MergeUIntCodecOptions(opts...)
 
diff --git a/vendor/go.mongodb.org/mongo-driver/bson/bsonoptions/byte_slice_codec_options.go b/vendor/go.mongodb.org/mongo-driver/bson/bsonoptions/byte_slice_codec_options.go
index b1256a4dc..996bd1712 100644
--- a/vendor/go.mongodb.org/mongo-driver/bson/bsonoptions/byte_slice_codec_options.go
+++ b/vendor/go.mongodb.org/mongo-driver/bson/bsonoptions/byte_slice_codec_options.go
@@ -7,22 +7,33 @@
 package bsonoptions
 
 // ByteSliceCodecOptions represents all possible options for byte slice encoding and decoding.
+//
+// Deprecated: Use the bson.Encoder and bson.Decoder configuration methods to set the desired BSON marshal
+// and unmarshal behavior instead.
 type ByteSliceCodecOptions struct {
 	EncodeNilAsEmpty *bool // Specifies if a nil byte slice should encode as an empty binary instead of null. Defaults to false.
 }
 
 // ByteSliceCodec creates a new *ByteSliceCodecOptions
+//
+// Deprecated: Use the bson.Encoder and bson.Decoder configuration methods to set the desired BSON marshal
+// and unmarshal behavior instead.
 func ByteSliceCodec() *ByteSliceCodecOptions {
 	return &ByteSliceCodecOptions{}
 }
 
 // SetEncodeNilAsEmpty specifies  if a nil byte slice should encode as an empty binary instead of null. Defaults to false.
+//
+// Deprecated: Use [go.mongodb.org/mongo-driver/bson.Encoder.NilByteSliceAsEmpty] instead.
 func (bs *ByteSliceCodecOptions) SetEncodeNilAsEmpty(b bool) *ByteSliceCodecOptions {
 	bs.EncodeNilAsEmpty = &b
 	return bs
 }
 
 // MergeByteSliceCodecOptions combines the given *ByteSliceCodecOptions into a single *ByteSliceCodecOptions in a last one wins fashion.
+//
+// Deprecated: Merging options structs will not be supported in Go Driver 2.0. Users should create a
+// single options struct instead.
 func MergeByteSliceCodecOptions(opts ...*ByteSliceCodecOptions) *ByteSliceCodecOptions {
 	bs := ByteSliceCodec()
 	for _, opt := range opts {
diff --git a/vendor/go.mongodb.org/mongo-driver/bson/bsonoptions/empty_interface_codec_options.go b/vendor/go.mongodb.org/mongo-driver/bson/bsonoptions/empty_interface_codec_options.go
index 6caaa000e..f522c7e03 100644
--- a/vendor/go.mongodb.org/mongo-driver/bson/bsonoptions/empty_interface_codec_options.go
+++ b/vendor/go.mongodb.org/mongo-driver/bson/bsonoptions/empty_interface_codec_options.go
@@ -7,22 +7,33 @@
 package bsonoptions
 
 // EmptyInterfaceCodecOptions represents all possible options for interface{} encoding and decoding.
+//
+// Deprecated: Use the bson.Encoder and bson.Decoder configuration methods to set the desired BSON marshal
+// and unmarshal behavior instead.
 type EmptyInterfaceCodecOptions struct {
 	DecodeBinaryAsSlice *bool // Specifies if Old and Generic type binarys should default to []slice instead of primitive.Binary. Defaults to false.
 }
 
 // EmptyInterfaceCodec creates a new *EmptyInterfaceCodecOptions
+//
+// Deprecated: Use the bson.Encoder and bson.Decoder configuration methods to set the desired BSON marshal
+// and unmarshal behavior instead.
 func EmptyInterfaceCodec() *EmptyInterfaceCodecOptions {
 	return &EmptyInterfaceCodecOptions{}
 }
 
 // SetDecodeBinaryAsSlice specifies if Old and Generic type binarys should default to []slice instead of primitive.Binary. Defaults to false.
+//
+// Deprecated: Use [go.mongodb.org/mongo-driver/bson.Decoder.BinaryAsSlice] instead.
 func (e *EmptyInterfaceCodecOptions) SetDecodeBinaryAsSlice(b bool) *EmptyInterfaceCodecOptions {
 	e.DecodeBinaryAsSlice = &b
 	return e
 }
 
 // MergeEmptyInterfaceCodecOptions combines the given *EmptyInterfaceCodecOptions into a single *EmptyInterfaceCodecOptions in a last one wins fashion.
+//
+// Deprecated: Merging options structs will not be supported in Go Driver 2.0. Users should create a
+// single options struct instead.
 func MergeEmptyInterfaceCodecOptions(opts ...*EmptyInterfaceCodecOptions) *EmptyInterfaceCodecOptions {
 	e := EmptyInterfaceCodec()
 	for _, opt := range opts {
diff --git a/vendor/go.mongodb.org/mongo-driver/bson/bsonoptions/map_codec_options.go b/vendor/go.mongodb.org/mongo-driver/bson/bsonoptions/map_codec_options.go
index 7a6a880b8..a7a7c1d98 100644
--- a/vendor/go.mongodb.org/mongo-driver/bson/bsonoptions/map_codec_options.go
+++ b/vendor/go.mongodb.org/mongo-driver/bson/bsonoptions/map_codec_options.go
@@ -7,6 +7,9 @@
 package bsonoptions
 
 // MapCodecOptions represents all possible options for map encoding and decoding.
+//
+// Deprecated: Use the bson.Encoder and bson.Decoder configuration methods to set the desired BSON marshal
+// and unmarshal behavior instead.
 type MapCodecOptions struct {
 	DecodeZerosMap   *bool // Specifies if the map should be zeroed before decoding into it. Defaults to false.
 	EncodeNilAsEmpty *bool // Specifies if a nil map should encode as an empty document instead of null. Defaults to false.
@@ -19,17 +22,24 @@ type MapCodecOptions struct {
 }
 
 // MapCodec creates a new *MapCodecOptions
+//
+// Deprecated: Use the bson.Encoder and bson.Decoder configuration methods to set the desired BSON marshal
+// and unmarshal behavior instead.
 func MapCodec() *MapCodecOptions {
 	return &MapCodecOptions{}
 }
 
 // SetDecodeZerosMap specifies if the map should be zeroed before decoding into it. Defaults to false.
+//
+// Deprecated: Use [go.mongodb.org/mongo-driver/bson.Decoder.ZeroMaps] instead.
 func (t *MapCodecOptions) SetDecodeZerosMap(b bool) *MapCodecOptions {
 	t.DecodeZerosMap = &b
 	return t
 }
 
 // SetEncodeNilAsEmpty specifies if a nil map should encode as an empty document instead of null. Defaults to false.
+//
+// Deprecated: Use [go.mongodb.org/mongo-driver/bson.Encoder.NilMapAsEmpty] instead.
 func (t *MapCodecOptions) SetEncodeNilAsEmpty(b bool) *MapCodecOptions {
 	t.EncodeNilAsEmpty = &b
 	return t
@@ -40,12 +50,17 @@ func (t *MapCodecOptions) SetEncodeNilAsEmpty(b bool) *MapCodecOptions {
 // type must either be a string, an integer type, or implement bsoncodec.KeyUnmarshaler. If true, keys are encoded with
 // fmt.Sprint() and the encoding key type must be a string, an integer type, or a float. If true, the use of Stringer
 // will override TextMarshaler/TextUnmarshaler. Defaults to false.
+//
+// Deprecated: Use [go.mongodb.org/mongo-driver/bson.Encoder.StringifyMapKeysWithFmt] instead.
 func (t *MapCodecOptions) SetEncodeKeysWithStringer(b bool) *MapCodecOptions {
 	t.EncodeKeysWithStringer = &b
 	return t
 }
 
 // MergeMapCodecOptions combines the given *MapCodecOptions into a single *MapCodecOptions in a last one wins fashion.
+//
+// Deprecated: Merging options structs will not be supported in Go Driver 2.0. Users should create a
+// single options struct instead.
 func MergeMapCodecOptions(opts ...*MapCodecOptions) *MapCodecOptions {
 	s := MapCodec()
 	for _, opt := range opts {
diff --git a/vendor/go.mongodb.org/mongo-driver/bson/bsonoptions/slice_codec_options.go b/vendor/go.mongodb.org/mongo-driver/bson/bsonoptions/slice_codec_options.go
index ef965e4b4..3c1e4f35b 100644
--- a/vendor/go.mongodb.org/mongo-driver/bson/bsonoptions/slice_codec_options.go
+++ b/vendor/go.mongodb.org/mongo-driver/bson/bsonoptions/slice_codec_options.go
@@ -7,22 +7,33 @@
 package bsonoptions
 
 // SliceCodecOptions represents all possible options for slice encoding and decoding.
+//
+// Deprecated: Use the bson.Encoder and bson.Decoder configuration methods to set the desired BSON marshal
+// and unmarshal behavior instead.
 type SliceCodecOptions struct {
 	EncodeNilAsEmpty *bool // Specifies if a nil slice should encode as an empty array instead of null. Defaults to false.
 }
 
 // SliceCodec creates a new *SliceCodecOptions
+//
+// Deprecated: Use the bson.Encoder and bson.Decoder configuration methods to set the desired BSON marshal
+// and unmarshal behavior instead.
 func SliceCodec() *SliceCodecOptions {
 	return &SliceCodecOptions{}
 }
 
 // SetEncodeNilAsEmpty specifies  if a nil slice should encode as an empty array instead of null. Defaults to false.
+//
+// Deprecated: Use [go.mongodb.org/mongo-driver/bson.Encoder.NilSliceAsEmpty] instead.
 func (s *SliceCodecOptions) SetEncodeNilAsEmpty(b bool) *SliceCodecOptions {
 	s.EncodeNilAsEmpty = &b
 	return s
 }
 
 // MergeSliceCodecOptions combines the given *SliceCodecOptions into a single *SliceCodecOptions in a last one wins fashion.
+//
+// Deprecated: Merging options structs will not be supported in Go Driver 2.0. Users should create a
+// single options struct instead.
 func MergeSliceCodecOptions(opts ...*SliceCodecOptions) *SliceCodecOptions {
 	s := SliceCodec()
 	for _, opt := range opts {
diff --git a/vendor/go.mongodb.org/mongo-driver/bson/bsonoptions/string_codec_options.go b/vendor/go.mongodb.org/mongo-driver/bson/bsonoptions/string_codec_options.go
index 65964f420..f8b76f996 100644
--- a/vendor/go.mongodb.org/mongo-driver/bson/bsonoptions/string_codec_options.go
+++ b/vendor/go.mongodb.org/mongo-driver/bson/bsonoptions/string_codec_options.go
@@ -9,23 +9,34 @@ package bsonoptions
 var defaultDecodeOIDAsHex = true
 
 // StringCodecOptions represents all possible options for string encoding and decoding.
+//
+// Deprecated: Use the bson.Encoder and bson.Decoder configuration methods to set the desired BSON marshal
+// and unmarshal behavior instead.
 type StringCodecOptions struct {
 	DecodeObjectIDAsHex *bool // Specifies if we should decode ObjectID as the hex value. Defaults to true.
 }
 
 // StringCodec creates a new *StringCodecOptions
+//
+// Deprecated: Use the bson.Encoder and bson.Decoder configuration methods to set the desired BSON marshal
+// and unmarshal behavior instead.
 func StringCodec() *StringCodecOptions {
 	return &StringCodecOptions{}
 }
 
 // SetDecodeObjectIDAsHex specifies if object IDs should be decoded as their hex representation. If false, a string made
 // from the raw object ID bytes will be used. Defaults to true.
+//
+// Deprecated: Decoding object IDs as raw bytes will not be supported in Go Driver 2.0.
 func (t *StringCodecOptions) SetDecodeObjectIDAsHex(b bool) *StringCodecOptions {
 	t.DecodeObjectIDAsHex = &b
 	return t
 }
 
 // MergeStringCodecOptions combines the given *StringCodecOptions into a single *StringCodecOptions in a last one wins fashion.
+//
+// Deprecated: Merging options structs will not be supported in Go Driver 2.0. Users should create a
+// single options struct instead.
 func MergeStringCodecOptions(opts ...*StringCodecOptions) *StringCodecOptions {
 	s := &StringCodecOptions{&defaultDecodeOIDAsHex}
 	for _, opt := range opts {
diff --git a/vendor/go.mongodb.org/mongo-driver/bson/bsonoptions/struct_codec_options.go b/vendor/go.mongodb.org/mongo-driver/bson/bsonoptions/struct_codec_options.go
index 78d1dd866..1cbfa32e8 100644
--- a/vendor/go.mongodb.org/mongo-driver/bson/bsonoptions/struct_codec_options.go
+++ b/vendor/go.mongodb.org/mongo-driver/bson/bsonoptions/struct_codec_options.go
@@ -9,6 +9,9 @@ package bsonoptions
 var defaultOverwriteDuplicatedInlinedFields = true
 
 // StructCodecOptions represents all possible options for struct encoding and decoding.
+//
+// Deprecated: Use the bson.Encoder and bson.Decoder configuration methods to set the desired BSON marshal
+// and unmarshal behavior instead.
 type StructCodecOptions struct {
 	DecodeZeroStruct                 *bool // Specifies if structs should be zeroed before decoding into them. Defaults to false.
 	DecodeDeepZeroInline             *bool // Specifies if structs should be recursively zeroed when a inline value is decoded. Defaults to false.
@@ -18,17 +21,24 @@ type StructCodecOptions struct {
 }
 
 // StructCodec creates a new *StructCodecOptions
+//
+// Deprecated: Use the bson.Encoder and bson.Decoder configuration methods to set the desired BSON marshal
+// and unmarshal behavior instead.
 func StructCodec() *StructCodecOptions {
 	return &StructCodecOptions{}
 }
 
 // SetDecodeZeroStruct specifies if structs should be zeroed before decoding into them. Defaults to false.
+//
+// Deprecated: Use [go.mongodb.org/mongo-driver/bson.Decoder.ZeroStructs] instead.
 func (t *StructCodecOptions) SetDecodeZeroStruct(b bool) *StructCodecOptions {
 	t.DecodeZeroStruct = &b
 	return t
 }
 
 // SetDecodeDeepZeroInline specifies if structs should be zeroed before decoding into them. Defaults to false.
+//
+// Deprecated: DecodeDeepZeroInline will not be supported in Go Driver 2.0.
 func (t *StructCodecOptions) SetDecodeDeepZeroInline(b bool) *StructCodecOptions {
 	t.DecodeDeepZeroInline = &b
 	return t
@@ -36,6 +46,8 @@ func (t *StructCodecOptions) SetDecodeDeepZeroInline(b bool) *StructCodecOptions
 
 // SetEncodeOmitDefaultStruct specifies if default structs should be considered empty by omitempty. A default struct has all
 // its values set to their default value. Defaults to false.
+//
+// Deprecated: Use [go.mongodb.org/mongo-driver/bson.Encoder.OmitZeroStruct] instead.
 func (t *StructCodecOptions) SetEncodeOmitDefaultStruct(b bool) *StructCodecOptions {
 	t.EncodeOmitDefaultStruct = &b
 	return t
@@ -45,18 +57,26 @@ func (t *StructCodecOptions) SetEncodeOmitDefaultStruct(b bool) *StructCodecOpti
 // same bson key. When true and decoding, values will be written to the outermost struct with a matching key, and when
 // encoding, keys will have the value of the top-most matching field. When false, decoding and encoding will error if
 // there are duplicate keys after the struct is inlined. Defaults to true.
+//
+// Deprecated: Use [go.mongodb.org/mongo-driver/bson.Encoder.ErrorOnInlineDuplicates] instead.
 func (t *StructCodecOptions) SetOverwriteDuplicatedInlinedFields(b bool) *StructCodecOptions {
 	t.OverwriteDuplicatedInlinedFields = &b
 	return t
 }
 
 // SetAllowUnexportedFields specifies if unexported fields should be marshaled/unmarshaled. Defaults to false.
+//
+// Deprecated: AllowUnexportedFields does not work on recent versions of Go and will not be
+// supported in Go Driver 2.0.
 func (t *StructCodecOptions) SetAllowUnexportedFields(b bool) *StructCodecOptions {
 	t.AllowUnexportedFields = &b
 	return t
 }
 
 // MergeStructCodecOptions combines the given *StructCodecOptions into a single *StructCodecOptions in a last one wins fashion.
+//
+// Deprecated: Merging options structs will not be supported in Go Driver 2.0. Users should create a
+// single options struct instead.
 func MergeStructCodecOptions(opts ...*StructCodecOptions) *StructCodecOptions {
 	s := &StructCodecOptions{
 		OverwriteDuplicatedInlinedFields: &defaultOverwriteDuplicatedInlinedFields,
diff --git a/vendor/go.mongodb.org/mongo-driver/bson/bsonoptions/time_codec_options.go b/vendor/go.mongodb.org/mongo-driver/bson/bsonoptions/time_codec_options.go
index 13496d121..3f38433d2 100644
--- a/vendor/go.mongodb.org/mongo-driver/bson/bsonoptions/time_codec_options.go
+++ b/vendor/go.mongodb.org/mongo-driver/bson/bsonoptions/time_codec_options.go
@@ -7,22 +7,33 @@
 package bsonoptions
 
 // TimeCodecOptions represents all possible options for time.Time encoding and decoding.
+//
+// Deprecated: Use the bson.Encoder and bson.Decoder configuration methods to set the desired BSON marshal
+// and unmarshal behavior instead.
 type TimeCodecOptions struct {
 	UseLocalTimeZone *bool // Specifies if we should decode into the local time zone. Defaults to false.
 }
 
 // TimeCodec creates a new *TimeCodecOptions
+//
+// Deprecated: Use the bson.Encoder and bson.Decoder configuration methods to set the desired BSON marshal
+// and unmarshal behavior instead.
 func TimeCodec() *TimeCodecOptions {
 	return &TimeCodecOptions{}
 }
 
 // SetUseLocalTimeZone specifies if we should decode into the local time zone. Defaults to false.
+//
+// Deprecated: Use [go.mongodb.org/mongo-driver/bson.Decoder.UseLocalTimeZone] instead.
 func (t *TimeCodecOptions) SetUseLocalTimeZone(b bool) *TimeCodecOptions {
 	t.UseLocalTimeZone = &b
 	return t
 }
 
 // MergeTimeCodecOptions combines the given *TimeCodecOptions into a single *TimeCodecOptions in a last one wins fashion.
+//
+// Deprecated: Merging options structs will not be supported in Go Driver 2.0. Users should create a
+// single options struct instead.
 func MergeTimeCodecOptions(opts ...*TimeCodecOptions) *TimeCodecOptions {
 	t := TimeCodec()
 	for _, opt := range opts {
diff --git a/vendor/go.mongodb.org/mongo-driver/bson/bsonoptions/uint_codec_options.go b/vendor/go.mongodb.org/mongo-driver/bson/bsonoptions/uint_codec_options.go
index e08b7f192..5091e4d96 100644
--- a/vendor/go.mongodb.org/mongo-driver/bson/bsonoptions/uint_codec_options.go
+++ b/vendor/go.mongodb.org/mongo-driver/bson/bsonoptions/uint_codec_options.go
@@ -7,22 +7,33 @@
 package bsonoptions
 
 // UIntCodecOptions represents all possible options for uint encoding and decoding.
+//
+// Deprecated: Use the bson.Encoder and bson.Decoder configuration methods to set the desired BSON marshal
+// and unmarshal behavior instead.
 type UIntCodecOptions struct {
 	EncodeToMinSize *bool // Specifies if all uints except uint64 should be decoded to minimum size bsontype. Defaults to false.
 }
 
 // UIntCodec creates a new *UIntCodecOptions
+//
+// Deprecated: Use the bson.Encoder and bson.Decoder configuration methods to set the desired BSON marshal
+// and unmarshal behavior instead.
 func UIntCodec() *UIntCodecOptions {
 	return &UIntCodecOptions{}
 }
 
 // SetEncodeToMinSize specifies if all uints except uint64 should be decoded to minimum size bsontype. Defaults to false.
+//
+// Deprecated: Use [go.mongodb.org/mongo-driver/bson.Encoder.IntMinSize] instead.
 func (u *UIntCodecOptions) SetEncodeToMinSize(b bool) *UIntCodecOptions {
 	u.EncodeToMinSize = &b
 	return u
 }
 
 // MergeUIntCodecOptions combines the given *UIntCodecOptions into a single *UIntCodecOptions in a last one wins fashion.
+//
+// Deprecated: Merging options structs will not be supported in Go Driver 2.0. Users should create a
+// single options struct instead.
 func MergeUIntCodecOptions(opts ...*UIntCodecOptions) *UIntCodecOptions {
 	u := UIntCodec()
 	for _, opt := range opts {
diff --git a/vendor/go.mongodb.org/mongo-driver/bson/bsonrw/copier.go b/vendor/go.mongodb.org/mongo-driver/bson/bsonrw/copier.go
index 5cdf6460b..33d59bd25 100644
--- a/vendor/go.mongodb.org/mongo-driver/bson/bsonrw/copier.go
+++ b/vendor/go.mongodb.org/mongo-driver/bson/bsonrw/copier.go
@@ -17,20 +17,32 @@ import (
 
 // Copier is a type that allows copying between ValueReaders, ValueWriters, and
 // []byte values.
+//
+// Deprecated: Copying BSON documents using the ValueWriter and ValueReader interfaces will not be
+// supported in Go Driver 2.0.
 type Copier struct{}
 
 // NewCopier creates a new copier with the given registry. If a nil registry is provided
 // a default registry is used.
+//
+// Deprecated: Copying BSON documents using the ValueWriter and ValueReader interfaces will not be
+// supported in Go Driver 2.0.
 func NewCopier() Copier {
 	return Copier{}
 }
 
 // CopyDocument handles copying a document from src to dst.
+//
+// Deprecated: Copying BSON documents using the ValueWriter and ValueReader interfaces will not be
+// supported in Go Driver 2.0.
 func CopyDocument(dst ValueWriter, src ValueReader) error {
 	return Copier{}.CopyDocument(dst, src)
 }
 
 // CopyDocument handles copying one document from the src to the dst.
+//
+// Deprecated: Copying BSON documents using the ValueWriter and ValueReader interfaces will not be
+// supported in Go Driver 2.0.
 func (c Copier) CopyDocument(dst ValueWriter, src ValueReader) error {
 	dr, err := src.ReadDocument()
 	if err != nil {
@@ -47,6 +59,9 @@ func (c Copier) CopyDocument(dst ValueWriter, src ValueReader) error {
 
 // CopyArrayFromBytes copies the values from a BSON array represented as a
 // []byte to a ValueWriter.
+//
+// Deprecated: Copying BSON arrays using the ValueWriter and ValueReader interfaces will not be
+// supported in Go Driver 2.0.
 func (c Copier) CopyArrayFromBytes(dst ValueWriter, src []byte) error {
 	aw, err := dst.WriteArray()
 	if err != nil {
@@ -63,6 +78,9 @@ func (c Copier) CopyArrayFromBytes(dst ValueWriter, src []byte) error {
 
 // CopyDocumentFromBytes copies the values from a BSON document represented as a
 // []byte to a ValueWriter.
+//
+// Deprecated: Copying BSON documents using the ValueWriter and ValueReader interfaces will not be
+// supported in Go Driver 2.0.
 func (c Copier) CopyDocumentFromBytes(dst ValueWriter, src []byte) error {
 	dw, err := dst.WriteDocument()
 	if err != nil {
@@ -81,6 +99,9 @@ type writeElementFn func(key string) (ValueWriter, error)
 
 // CopyBytesToArrayWriter copies the values from a BSON Array represented as a []byte to an
 // ArrayWriter.
+//
+// Deprecated: Copying BSON arrays using the ArrayWriter interface will not be supported in Go
+// Driver 2.0.
 func (c Copier) CopyBytesToArrayWriter(dst ArrayWriter, src []byte) error {
 	wef := func(_ string) (ValueWriter, error) {
 		return dst.WriteArrayElement()
@@ -91,6 +112,9 @@ func (c Copier) CopyBytesToArrayWriter(dst ArrayWriter, src []byte) error {
 
 // CopyBytesToDocumentWriter copies the values from a BSON document represented as a []byte to a
 // DocumentWriter.
+//
+// Deprecated: Copying BSON documents using the ValueWriter and ValueReader interfaces will not be
+// supported in Go Driver 2.0.
 func (c Copier) CopyBytesToDocumentWriter(dst DocumentWriter, src []byte) error {
 	wef := func(key string) (ValueWriter, error) {
 		return dst.WriteDocumentElement(key)
@@ -150,12 +174,18 @@ func (c Copier) copyBytesToValueWriter(src []byte, wef writeElementFn) error {
 
 // CopyDocumentToBytes copies an entire document from the ValueReader and
 // returns it as bytes.
+//
+// Deprecated: Copying BSON documents using the ValueWriter and ValueReader interfaces will not be
+// supported in Go Driver 2.0.
 func (c Copier) CopyDocumentToBytes(src ValueReader) ([]byte, error) {
 	return c.AppendDocumentBytes(nil, src)
 }
 
 // AppendDocumentBytes functions the same as CopyDocumentToBytes, but will
 // append the result to dst.
+//
+// Deprecated: Copying BSON documents using the ValueWriter and ValueReader interfaces will not be
+// supported in Go Driver 2.0.
 func (c Copier) AppendDocumentBytes(dst []byte, src ValueReader) ([]byte, error) {
 	if br, ok := src.(BytesReader); ok {
 		_, dst, err := br.ReadValueBytes(dst)
@@ -173,6 +203,9 @@ func (c Copier) AppendDocumentBytes(dst []byte, src ValueReader) ([]byte, error)
 }
 
 // AppendArrayBytes copies an array from the ValueReader to dst.
+//
+// Deprecated: Copying BSON arrays using the ValueWriter and ValueReader interfaces will not be
+// supported in Go Driver 2.0.
 func (c Copier) AppendArrayBytes(dst []byte, src ValueReader) ([]byte, error) {
 	if br, ok := src.(BytesReader); ok {
 		_, dst, err := br.ReadValueBytes(dst)
@@ -190,6 +223,8 @@ func (c Copier) AppendArrayBytes(dst []byte, src ValueReader) ([]byte, error) {
 }
 
 // CopyValueFromBytes will write the value represtend by t and src to dst.
+//
+// Deprecated: Use [go.mongodb.org/mongo-driver/bson.UnmarshalValue] instead.
 func (c Copier) CopyValueFromBytes(dst ValueWriter, t bsontype.Type, src []byte) error {
 	if wvb, ok := dst.(BytesWriter); ok {
 		return wvb.WriteValueBytes(t, src)
@@ -206,12 +241,17 @@ func (c Copier) CopyValueFromBytes(dst ValueWriter, t bsontype.Type, src []byte)
 
 // CopyValueToBytes copies a value from src and returns it as a bsontype.Type and a
 // []byte.
+//
+// Deprecated: Use [go.mongodb.org/mongo-driver/bson.MarshalValue] instead.
 func (c Copier) CopyValueToBytes(src ValueReader) (bsontype.Type, []byte, error) {
 	return c.AppendValueBytes(nil, src)
 }
 
 // AppendValueBytes functions the same as CopyValueToBytes, but will append the
 // result to dst.
+//
+// Deprecated: Appending individual BSON elements to an existing slice will not be supported in Go
+// Driver 2.0.
 func (c Copier) AppendValueBytes(dst []byte, src ValueReader) (bsontype.Type, []byte, error) {
 	if br, ok := src.(BytesReader); ok {
 		return br.ReadValueBytes(dst)
@@ -234,6 +274,9 @@ func (c Copier) AppendValueBytes(dst []byte, src ValueReader) (bsontype.Type, []
 }
 
 // CopyValue will copy a single value from src to dst.
+//
+// Deprecated: Copying BSON values using the ValueWriter and ValueReader interfaces will not be
+// supported in Go Driver 2.0.
 func (c Copier) CopyValue(dst ValueWriter, src ValueReader) error {
 	var err error
 	switch src.Type() {
diff --git a/vendor/go.mongodb.org/mongo-driver/bson/bsonrw/extjson_reader.go b/vendor/go.mongodb.org/mongo-driver/bson/bsonrw/extjson_reader.go
index 35832d73a..2aca37a91 100644
--- a/vendor/go.mongodb.org/mongo-driver/bson/bsonrw/extjson_reader.go
+++ b/vendor/go.mongodb.org/mongo-driver/bson/bsonrw/extjson_reader.go
@@ -16,11 +16,15 @@ import (
 )
 
 // ExtJSONValueReaderPool is a pool for ValueReaders that read ExtJSON.
+//
+// Deprecated: ExtJSONValueReaderPool will not be supported in Go Driver 2.0.
 type ExtJSONValueReaderPool struct {
 	pool sync.Pool
 }
 
 // NewExtJSONValueReaderPool instantiates a new ExtJSONValueReaderPool.
+//
+// Deprecated: ExtJSONValueReaderPool will not be supported in Go Driver 2.0.
 func NewExtJSONValueReaderPool() *ExtJSONValueReaderPool {
 	return &ExtJSONValueReaderPool{
 		pool: sync.Pool{
@@ -32,6 +36,8 @@ func NewExtJSONValueReaderPool() *ExtJSONValueReaderPool {
 }
 
 // Get retrieves a ValueReader from the pool and uses src as the underlying ExtJSON.
+//
+// Deprecated: ExtJSONValueReaderPool will not be supported in Go Driver 2.0.
 func (bvrp *ExtJSONValueReaderPool) Get(r io.Reader, canonical bool) (ValueReader, error) {
 	vr := bvrp.pool.Get().(*extJSONValueReader)
 	return vr.reset(r, canonical)
@@ -39,6 +45,8 @@ func (bvrp *ExtJSONValueReaderPool) Get(r io.Reader, canonical bool) (ValueReade
 
 // Put inserts a ValueReader into the pool. If the ValueReader is not a ExtJSON ValueReader nothing
 // is inserted into the pool and ok will be false.
+//
+// Deprecated: ExtJSONValueReaderPool will not be supported in Go Driver 2.0.
 func (bvrp *ExtJSONValueReaderPool) Put(vr ValueReader) (ok bool) {
 	bvr, ok := vr.(*extJSONValueReader)
 	if !ok {
diff --git a/vendor/go.mongodb.org/mongo-driver/bson/bsonrw/extjson_writer.go b/vendor/go.mongodb.org/mongo-driver/bson/bsonrw/extjson_writer.go
index 99ed524b7..bb9303167 100644
--- a/vendor/go.mongodb.org/mongo-driver/bson/bsonrw/extjson_writer.go
+++ b/vendor/go.mongodb.org/mongo-driver/bson/bsonrw/extjson_writer.go
@@ -23,11 +23,15 @@ import (
 )
 
 // ExtJSONValueWriterPool is a pool for ExtJSON ValueWriters.
+//
+// Deprecated: ExtJSONValueWriterPool will not be supported in Go Driver 2.0.
 type ExtJSONValueWriterPool struct {
 	pool sync.Pool
 }
 
 // NewExtJSONValueWriterPool creates a new pool for ValueWriter instances that write to ExtJSON.
+//
+// Deprecated: ExtJSONValueWriterPool will not be supported in Go Driver 2.0.
 func NewExtJSONValueWriterPool() *ExtJSONValueWriterPool {
 	return &ExtJSONValueWriterPool{
 		pool: sync.Pool{
@@ -39,6 +43,8 @@ func NewExtJSONValueWriterPool() *ExtJSONValueWriterPool {
 }
 
 // Get retrieves a ExtJSON ValueWriter from the pool and resets it to use w as the destination.
+//
+// Deprecated: ExtJSONValueWriterPool will not be supported in Go Driver 2.0.
 func (bvwp *ExtJSONValueWriterPool) Get(w io.Writer, canonical, escapeHTML bool) ValueWriter {
 	vw := bvwp.pool.Get().(*extJSONValueWriter)
 	if writer, ok := w.(*SliceWriter); ok {
@@ -53,6 +59,8 @@ func (bvwp *ExtJSONValueWriterPool) Get(w io.Writer, canonical, escapeHTML bool)
 
 // Put inserts a ValueWriter into the pool. If the ValueWriter is not a ExtJSON ValueWriter, nothing
 // happens and ok will be false.
+//
+// Deprecated: ExtJSONValueWriterPool will not be supported in Go Driver 2.0.
 func (bvwp *ExtJSONValueWriterPool) Put(vw ValueWriter) (ok bool) {
 	bvw, ok := vw.(*extJSONValueWriter)
 	if !ok {
@@ -80,6 +88,7 @@ type extJSONValueWriter struct {
 	frame      int64
 	canonical  bool
 	escapeHTML bool
+	newlines   bool
 }
 
 // NewExtJSONValueWriter creates a ValueWriter that writes Extended JSON to w.
@@ -88,10 +97,13 @@ func NewExtJSONValueWriter(w io.Writer, canonical, escapeHTML bool) (ValueWriter
 		return nil, errNilWriter
 	}
 
-	return newExtJSONWriter(w, canonical, escapeHTML), nil
+	// Enable newlines for all Extended JSON value writers created by NewExtJSONValueWriter. We
+	// expect these value writers to be used with an Encoder, which should add newlines after
+	// encoded Extended JSON documents.
+	return newExtJSONWriter(w, canonical, escapeHTML, true), nil
 }
 
-func newExtJSONWriter(w io.Writer, canonical, escapeHTML bool) *extJSONValueWriter {
+func newExtJSONWriter(w io.Writer, canonical, escapeHTML, newlines bool) *extJSONValueWriter {
 	stack := make([]ejvwState, 1, 5)
 	stack[0] = ejvwState{mode: mTopLevel}
 
@@ -101,6 +113,7 @@ func newExtJSONWriter(w io.Writer, canonical, escapeHTML bool) *extJSONValueWrit
 		stack:      stack,
 		canonical:  canonical,
 		escapeHTML: escapeHTML,
+		newlines:   newlines,
 	}
 }
 
@@ -564,6 +577,12 @@ func (ejvw *extJSONValueWriter) WriteDocumentEnd() error {
 	case mDocument:
 		ejvw.buf = append(ejvw.buf, ',')
 	case mTopLevel:
+		// If the value writer has newlines enabled, end top-level documents with a newline so that
+		// multiple documents encoded to the same writer are separated by newlines. That matches the
+		// Go json.Encoder behavior and also works with bsonrw.NewExtJSONValueReader.
+		if ejvw.newlines {
+			ejvw.buf = append(ejvw.buf, '\n')
+		}
 		if ejvw.w != nil {
 			if _, err := ejvw.w.Write(ejvw.buf); err != nil {
 				return err
diff --git a/vendor/go.mongodb.org/mongo-driver/bson/bsonrw/reader.go b/vendor/go.mongodb.org/mongo-driver/bson/bsonrw/reader.go
index 0b8fa28d5..324b10b61 100644
--- a/vendor/go.mongodb.org/mongo-driver/bson/bsonrw/reader.go
+++ b/vendor/go.mongodb.org/mongo-driver/bson/bsonrw/reader.go
@@ -58,6 +58,8 @@ type ValueReader interface {
 // types that implement ValueReader may also implement this interface.
 //
 // The bytes of the value will be appended to dst.
+//
+// Deprecated: BytesReader will not be supported in Go Driver 2.0.
 type BytesReader interface {
 	ReadValueBytes(dst []byte) (bsontype.Type, []byte, error)
 }
diff --git a/vendor/go.mongodb.org/mongo-driver/bson/bsonrw/value_reader.go b/vendor/go.mongodb.org/mongo-driver/bson/bsonrw/value_reader.go
index ef5d837c2..9bf24fae0 100644
--- a/vendor/go.mongodb.org/mongo-driver/bson/bsonrw/value_reader.go
+++ b/vendor/go.mongodb.org/mongo-driver/bson/bsonrw/value_reader.go
@@ -28,11 +28,15 @@ var vrPool = sync.Pool{
 }
 
 // BSONValueReaderPool is a pool for ValueReaders that read BSON.
+//
+// Deprecated: BSONValueReaderPool will not be supported in Go Driver 2.0.
 type BSONValueReaderPool struct {
 	pool sync.Pool
 }
 
 // NewBSONValueReaderPool instantiates a new BSONValueReaderPool.
+//
+// Deprecated: BSONValueReaderPool will not be supported in Go Driver 2.0.
 func NewBSONValueReaderPool() *BSONValueReaderPool {
 	return &BSONValueReaderPool{
 		pool: sync.Pool{
@@ -44,6 +48,8 @@ func NewBSONValueReaderPool() *BSONValueReaderPool {
 }
 
 // Get retrieves a ValueReader from the pool and uses src as the underlying BSON.
+//
+// Deprecated: BSONValueReaderPool will not be supported in Go Driver 2.0.
 func (bvrp *BSONValueReaderPool) Get(src []byte) ValueReader {
 	vr := bvrp.pool.Get().(*valueReader)
 	vr.reset(src)
@@ -52,6 +58,8 @@ func (bvrp *BSONValueReaderPool) Get(src []byte) ValueReader {
 
 // Put inserts a ValueReader into the pool. If the ValueReader is not a BSON ValueReader nothing
 // is inserted into the pool and ok will be false.
+//
+// Deprecated: BSONValueReaderPool will not be supported in Go Driver 2.0.
 func (bvrp *BSONValueReaderPool) Put(vr ValueReader) (ok bool) {
 	bvr, ok := vr.(*valueReader)
 	if !ok {
diff --git a/vendor/go.mongodb.org/mongo-driver/bson/bsonrw/value_writer.go b/vendor/go.mongodb.org/mongo-driver/bson/bsonrw/value_writer.go
index f95a08afd..a6dd8d34f 100644
--- a/vendor/go.mongodb.org/mongo-driver/bson/bsonrw/value_writer.go
+++ b/vendor/go.mongodb.org/mongo-driver/bson/bsonrw/value_writer.go
@@ -29,11 +29,15 @@ var vwPool = sync.Pool{
 }
 
 // BSONValueWriterPool is a pool for BSON ValueWriters.
+//
+// Deprecated: BSONValueWriterPool will not be supported in Go Driver 2.0.
 type BSONValueWriterPool struct {
 	pool sync.Pool
 }
 
 // NewBSONValueWriterPool creates a new pool for ValueWriter instances that write to BSON.
+//
+// Deprecated: BSONValueWriterPool will not be supported in Go Driver 2.0.
 func NewBSONValueWriterPool() *BSONValueWriterPool {
 	return &BSONValueWriterPool{
 		pool: sync.Pool{
@@ -45,6 +49,8 @@ func NewBSONValueWriterPool() *BSONValueWriterPool {
 }
 
 // Get retrieves a BSON ValueWriter from the pool and resets it to use w as the destination.
+//
+// Deprecated: BSONValueWriterPool will not be supported in Go Driver 2.0.
 func (bvwp *BSONValueWriterPool) Get(w io.Writer) ValueWriter {
 	vw := bvwp.pool.Get().(*valueWriter)
 
@@ -56,6 +62,8 @@ func (bvwp *BSONValueWriterPool) Get(w io.Writer) ValueWriter {
 }
 
 // GetAtModeElement retrieves a ValueWriterFlusher from the pool and resets it to use w as the destination.
+//
+// Deprecated: BSONValueWriterPool will not be supported in Go Driver 2.0.
 func (bvwp *BSONValueWriterPool) GetAtModeElement(w io.Writer) ValueWriterFlusher {
 	vw := bvwp.Get(w).(*valueWriter)
 	vw.push(mElement)
@@ -64,6 +72,8 @@ func (bvwp *BSONValueWriterPool) GetAtModeElement(w io.Writer) ValueWriterFlushe
 
 // Put inserts a ValueWriter into the pool. If the ValueWriter is not a BSON ValueWriter, nothing
 // happens and ok will be false.
+//
+// Deprecated: BSONValueWriterPool will not be supported in Go Driver 2.0.
 func (bvwp *BSONValueWriterPool) Put(vw ValueWriter) (ok bool) {
 	bvw, ok := vw.(*valueWriter)
 	if !ok {
diff --git a/vendor/go.mongodb.org/mongo-driver/bson/bsonrw/writer.go b/vendor/go.mongodb.org/mongo-driver/bson/bsonrw/writer.go
index dff65f87f..628f45293 100644
--- a/vendor/go.mongodb.org/mongo-driver/bson/bsonrw/writer.go
+++ b/vendor/go.mongodb.org/mongo-driver/bson/bsonrw/writer.go
@@ -56,6 +56,8 @@ type ValueWriter interface {
 }
 
 // ValueWriterFlusher is a superset of ValueWriter that exposes functionality to flush to the underlying buffer.
+//
+// Deprecated: ValueWriterFlusher will not be supported in Go Driver 2.0.
 type ValueWriterFlusher interface {
 	ValueWriter
 	Flush() error
@@ -64,13 +66,20 @@ type ValueWriterFlusher interface {
 // BytesWriter is the interface used to write BSON bytes to a ValueWriter.
 // This interface is meant to be a superset of ValueWriter, so that types that
 // implement ValueWriter may also implement this interface.
+//
+// Deprecated: BytesWriter will not be supported in Go Driver 2.0.
 type BytesWriter interface {
 	WriteValueBytes(t bsontype.Type, b []byte) error
 }
 
 // SliceWriter allows a pointer to a slice of bytes to be used as an io.Writer.
+//
+// Deprecated: SliceWriter will not be supported in Go Driver 2.0.
 type SliceWriter []byte
 
+// Write writes the bytes to the underlying slice.
+//
+// Deprecated: SliceWriter will not be supported in Go Driver 2.0.
 func (sw *SliceWriter) Write(p []byte) (int, error) {
 	written := len(p)
 	*sw = append(*sw, p...)
diff --git a/vendor/go.mongodb.org/mongo-driver/bson/bsontype/bsontype.go b/vendor/go.mongodb.org/mongo-driver/bson/bsontype/bsontype.go
index 7c91ae518..8cff5492d 100644
--- a/vendor/go.mongodb.org/mongo-driver/bson/bsontype/bsontype.go
+++ b/vendor/go.mongodb.org/mongo-driver/bson/bsontype/bsontype.go
@@ -8,7 +8,9 @@
 // a stringifier for the Type to enable easier debugging when working with BSON.
 package bsontype // import "go.mongodb.org/mongo-driver/bson/bsontype"
 
-// These constants uniquely refer to each BSON type.
+// BSON element types as described in https://bsonspec.org/spec.html.
+//
+// Deprecated: Use bson.Type* constants instead.
 const (
 	Double           Type = 0x01
 	String           Type = 0x02
@@ -31,7 +33,12 @@ const (
 	Decimal128       Type = 0x13
 	MinKey           Type = 0xFF
 	MaxKey           Type = 0x7F
+)
 
+// BSON binary element subtypes as described in https://bsonspec.org/spec.html.
+//
+// Deprecated: Use the bson.TypeBinary* constants instead.
+const (
 	BinaryGeneric     byte = 0x00
 	BinaryFunction    byte = 0x01
 	BinaryBinaryOld   byte = 0x02
@@ -95,3 +102,14 @@ func (bt Type) String() string {
 		return "invalid"
 	}
 }
+
+// IsValid will return true if the Type is valid.
+func (bt Type) IsValid() bool {
+	switch bt {
+	case Double, String, EmbeddedDocument, Array, Binary, Undefined, ObjectID, Boolean, DateTime, Null, Regex,
+		DBPointer, JavaScript, Symbol, CodeWithScope, Int32, Timestamp, Int64, Decimal128, MinKey, MaxKey:
+		return true
+	default:
+		return false
+	}
+}
diff --git a/vendor/go.mongodb.org/mongo-driver/bson/decoder.go b/vendor/go.mongodb.org/mongo-driver/bson/decoder.go
index 6e189fa58..eac74cd39 100644
--- a/vendor/go.mongodb.org/mongo-driver/bson/decoder.go
+++ b/vendor/go.mongodb.org/mongo-driver/bson/decoder.go
@@ -38,6 +38,12 @@ type Decoder struct {
 	// (*Decoder).SetContext.
 	defaultDocumentM bool
 	defaultDocumentD bool
+
+	binaryAsSlice     bool
+	useJSONStructTags bool
+	useLocalTimeZone  bool
+	zeroMaps          bool
+	zeroStructs       bool
 }
 
 // NewDecoder returns a new decoder that uses the DefaultRegistry to read from vr.
@@ -53,6 +59,9 @@ func NewDecoder(vr bsonrw.ValueReader) (*Decoder, error) {
 }
 
 // NewDecoderWithContext returns a new decoder that uses DecodeContext dc to read from vr.
+//
+// Deprecated: Use [NewDecoder] and use the Decoder configuration methods set the desired unmarshal
+// behavior instead.
 func NewDecoderWithContext(dc bsoncodec.DecodeContext, vr bsonrw.ValueReader) (*Decoder, error) {
 	if dc.Registry == nil {
 		dc.Registry = DefaultRegistry
@@ -70,8 +79,7 @@ func NewDecoderWithContext(dc bsoncodec.DecodeContext, vr bsonrw.ValueReader) (*
 // Decode reads the next BSON document from the stream and decodes it into the
 // value pointed to by val.
 //
-// The documentation for Unmarshal contains details about of BSON into a Go
-// value.
+// See [Unmarshal] for details about BSON unmarshaling behavior.
 func (d *Decoder) Decode(val interface{}) error {
 	if unmarshaler, ok := val.(Unmarshaler); ok {
 		// TODO(skriptble): Reuse a []byte here and use the AppendDocumentBytes method.
@@ -100,42 +108,101 @@ func (d *Decoder) Decode(val interface{}) error {
 	if err != nil {
 		return err
 	}
+
 	if d.defaultDocumentM {
 		d.dc.DefaultDocumentM()
 	}
 	if d.defaultDocumentD {
 		d.dc.DefaultDocumentD()
 	}
+	if d.binaryAsSlice {
+		d.dc.BinaryAsSlice()
+	}
+	if d.useJSONStructTags {
+		d.dc.UseJSONStructTags()
+	}
+	if d.useLocalTimeZone {
+		d.dc.UseLocalTimeZone()
+	}
+	if d.zeroMaps {
+		d.dc.ZeroMaps()
+	}
+	if d.zeroStructs {
+		d.dc.ZeroStructs()
+	}
+
 	return decoder.DecodeValue(d.dc, d.vr, rval)
 }
 
 // Reset will reset the state of the decoder, using the same *DecodeContext used in
 // the original construction but using vr for reading.
 func (d *Decoder) Reset(vr bsonrw.ValueReader) error {
+	// TODO:(GODRIVER-2719): Remove error return value.
 	d.vr = vr
 	return nil
 }
 
 // SetRegistry replaces the current registry of the decoder with r.
 func (d *Decoder) SetRegistry(r *bsoncodec.Registry) error {
+	// TODO:(GODRIVER-2719): Remove error return value.
 	d.dc.Registry = r
 	return nil
 }
 
 // SetContext replaces the current registry of the decoder with dc.
+//
+// Deprecated: Use the Decoder configuration methods to set the desired unmarshal behavior instead.
 func (d *Decoder) SetContext(dc bsoncodec.DecodeContext) error {
+	// TODO:(GODRIVER-2719): Remove error return value.
 	d.dc = dc
 	return nil
 }
 
-// DefaultDocumentM will decode empty documents using the primitive.M type. This behavior is restricted to data typed as
-// "interface{}" or "map[string]interface{}".
+// DefaultDocumentM causes the Decoder to always unmarshal documents into the primitive.M type. This
+// behavior is restricted to data typed as "interface{}" or "map[string]interface{}".
 func (d *Decoder) DefaultDocumentM() {
 	d.defaultDocumentM = true
 }
 
-// DefaultDocumentD will decode empty documents using the primitive.D type. This behavior is restricted to data typed as
-// "interface{}" or "map[string]interface{}".
+// DefaultDocumentD causes the Decoder to always unmarshal documents into the primitive.D type. This
+// behavior is restricted to data typed as "interface{}" or "map[string]interface{}".
 func (d *Decoder) DefaultDocumentD() {
 	d.defaultDocumentD = true
 }
+
+// AllowTruncatingDoubles causes the Decoder to truncate the fractional part of BSON "double" values
+// when attempting to unmarshal them into a Go integer (int, int8, int16, int32, or int64) struct
+// field. The truncation logic does not apply to BSON "decimal128" values.
+func (d *Decoder) AllowTruncatingDoubles() {
+	d.dc.Truncate = true
+}
+
+// BinaryAsSlice causes the Decoder to unmarshal BSON binary field values that are the "Generic" or
+// "Old" BSON binary subtype as a Go byte slice instead of a primitive.Binary.
+func (d *Decoder) BinaryAsSlice() {
+	d.binaryAsSlice = true
+}
+
+// UseJSONStructTags causes the Decoder to fall back to using the "json" struct tag if a "bson"
+// struct tag is not specified.
+func (d *Decoder) UseJSONStructTags() {
+	d.useJSONStructTags = true
+}
+
+// UseLocalTimeZone causes the Decoder to unmarshal time.Time values in the local timezone instead
+// of the UTC timezone.
+func (d *Decoder) UseLocalTimeZone() {
+	d.useLocalTimeZone = true
+}
+
+// ZeroMaps causes the Decoder to delete any existing values from Go maps in the destination value
+// passed to Decode before unmarshaling BSON documents into them.
+func (d *Decoder) ZeroMaps() {
+	d.zeroMaps = true
+}
+
+// ZeroStructs causes the Decoder to delete any existing values from Go structs in the destination
+// value passed to Decode before unmarshaling BSON documents into them.
+func (d *Decoder) ZeroStructs() {
+	d.zeroStructs = true
+}
diff --git a/vendor/go.mongodb.org/mongo-driver/bson/doc.go b/vendor/go.mongodb.org/mongo-driver/bson/doc.go
index 0134006d8..048b5eb99 100644
--- a/vendor/go.mongodb.org/mongo-driver/bson/doc.go
+++ b/vendor/go.mongodb.org/mongo-driver/bson/doc.go
@@ -7,7 +7,8 @@
 // Package bson is a library for reading, writing, and manipulating BSON. BSON is a binary serialization format used to
 // store documents and make remote procedure calls in MongoDB. The BSON specification is located at https://bsonspec.org.
 // The BSON library handles marshalling and unmarshalling of values through a configurable codec system. For a description
-// of the codec system and examples of registering custom codecs, see the bsoncodec package.
+// of the codec system and examples of registering custom codecs, see the bsoncodec package. For additional information and
+// usage examples, check out the [Work with BSON] page in the Go Driver docs site.
 //
 // # Raw BSON
 //
@@ -138,4 +139,6 @@
 // # Marshalling and Unmarshalling
 //
 // Manually marshalling and unmarshalling can be done with the Marshal and Unmarshal family of functions.
+//
+// [Work with BSON]: https://www.mongodb.com/docs/drivers/go/current/fundamentals/bson/
 package bson
diff --git a/vendor/go.mongodb.org/mongo-driver/bson/encoder.go b/vendor/go.mongodb.org/mongo-driver/bson/encoder.go
index fe5125d08..0be2a97fb 100644
--- a/vendor/go.mongodb.org/mongo-driver/bson/encoder.go
+++ b/vendor/go.mongodb.org/mongo-driver/bson/encoder.go
@@ -29,10 +29,20 @@ var encPool = sync.Pool{
 type Encoder struct {
 	ec bsoncodec.EncodeContext
 	vw bsonrw.ValueWriter
+
+	errorOnInlineDuplicates bool
+	intMinSize              bool
+	stringifyMapKeysWithFmt bool
+	nilMapAsEmpty           bool
+	nilSliceAsEmpty         bool
+	nilByteSliceAsEmpty     bool
+	omitZeroStruct          bool
+	useJSONStructTags       bool
 }
 
 // NewEncoder returns a new encoder that uses the DefaultRegistry to write to vw.
 func NewEncoder(vw bsonrw.ValueWriter) (*Encoder, error) {
+	// TODO:(GODRIVER-2719): Remove error return value.
 	if vw == nil {
 		return nil, errors.New("cannot create a new Encoder with a nil ValueWriter")
 	}
@@ -44,6 +54,9 @@ func NewEncoder(vw bsonrw.ValueWriter) (*Encoder, error) {
 }
 
 // NewEncoderWithContext returns a new encoder that uses EncodeContext ec to write to vw.
+//
+// Deprecated: Use [NewEncoder] and use the Encoder configuration methods to set the desired marshal
+// behavior instead.
 func NewEncoderWithContext(ec bsoncodec.EncodeContext, vw bsonrw.ValueWriter) (*Encoder, error) {
 	if ec.Registry == nil {
 		ec = bsoncodec.EncodeContext{Registry: DefaultRegistry}
@@ -60,8 +73,7 @@ func NewEncoderWithContext(ec bsoncodec.EncodeContext, vw bsonrw.ValueWriter) (*
 
 // Encode writes the BSON encoding of val to the stream.
 //
-// The documentation for Marshal contains details about the conversion of Go
-// values to BSON.
+// See [Marshal] for details about BSON marshaling behavior.
 func (e *Encoder) Encode(val interface{}) error {
 	if marshaler, ok := val.(Marshaler); ok {
 		// TODO(skriptble): Should we have a MarshalAppender interface so that we can have []byte reuse?
@@ -76,24 +88,112 @@ func (e *Encoder) Encode(val interface{}) error {
 	if err != nil {
 		return err
 	}
+
+	// Copy the configurations applied to the Encoder over to the EncodeContext, which actually
+	// communicates those configurations to the default ValueEncoders.
+	if e.errorOnInlineDuplicates {
+		e.ec.ErrorOnInlineDuplicates()
+	}
+	if e.intMinSize {
+		e.ec.MinSize = true
+	}
+	if e.stringifyMapKeysWithFmt {
+		e.ec.StringifyMapKeysWithFmt()
+	}
+	if e.nilMapAsEmpty {
+		e.ec.NilMapAsEmpty()
+	}
+	if e.nilSliceAsEmpty {
+		e.ec.NilSliceAsEmpty()
+	}
+	if e.nilByteSliceAsEmpty {
+		e.ec.NilByteSliceAsEmpty()
+	}
+	if e.omitZeroStruct {
+		e.ec.OmitZeroStruct()
+	}
+	if e.useJSONStructTags {
+		e.ec.UseJSONStructTags()
+	}
+
 	return encoder.EncodeValue(e.ec, e.vw, reflect.ValueOf(val))
 }
 
-// Reset will reset the state of the encoder, using the same *EncodeContext used in
+// Reset will reset the state of the Encoder, using the same *EncodeContext used in
 // the original construction but using vw.
 func (e *Encoder) Reset(vw bsonrw.ValueWriter) error {
+	// TODO:(GODRIVER-2719): Remove error return value.
 	e.vw = vw
 	return nil
 }
 
-// SetRegistry replaces the current registry of the encoder with r.
+// SetRegistry replaces the current registry of the Encoder with r.
 func (e *Encoder) SetRegistry(r *bsoncodec.Registry) error {
+	// TODO:(GODRIVER-2719): Remove error return value.
 	e.ec.Registry = r
 	return nil
 }
 
-// SetContext replaces the current EncodeContext of the encoder with er.
+// SetContext replaces the current EncodeContext of the encoder with ec.
+//
+// Deprecated: Use the Encoder configuration methods set the desired marshal behavior instead.
 func (e *Encoder) SetContext(ec bsoncodec.EncodeContext) error {
+	// TODO:(GODRIVER-2719): Remove error return value.
 	e.ec = ec
 	return nil
 }
+
+// ErrorOnInlineDuplicates causes the Encoder to return an error if there is a duplicate field in
+// the marshaled BSON when the "inline" struct tag option is set.
+func (e *Encoder) ErrorOnInlineDuplicates() {
+	e.errorOnInlineDuplicates = true
+}
+
+// IntMinSize causes the Encoder to marshal Go integer values (int, int8, int16, int32, int64, uint,
+// uint8, uint16, uint32, or uint64) as the minimum BSON int size (either 32 or 64 bits) that can
+// represent the integer value.
+func (e *Encoder) IntMinSize() {
+	e.intMinSize = true
+}
+
+// StringifyMapKeysWithFmt causes the Encoder to convert Go map keys to BSON document field name
+// strings using fmt.Sprint instead of the default string conversion logic.
+func (e *Encoder) StringifyMapKeysWithFmt() {
+	e.stringifyMapKeysWithFmt = true
+}
+
+// NilMapAsEmpty causes the Encoder to marshal nil Go maps as empty BSON documents instead of BSON
+// null.
+func (e *Encoder) NilMapAsEmpty() {
+	e.nilMapAsEmpty = true
+}
+
+// NilSliceAsEmpty causes the Encoder to marshal nil Go slices as empty BSON arrays instead of BSON
+// null.
+func (e *Encoder) NilSliceAsEmpty() {
+	e.nilSliceAsEmpty = true
+}
+
+// NilByteSliceAsEmpty causes the Encoder to marshal nil Go byte slices as empty BSON binary values
+// instead of BSON null.
+func (e *Encoder) NilByteSliceAsEmpty() {
+	e.nilByteSliceAsEmpty = true
+}
+
+// TODO(GODRIVER-2820): Update the description to remove the note about only examining exported
+// TODO struct fields once the logic is updated to also inspect private struct fields.
+
+// OmitZeroStruct causes the Encoder to consider the zero value for a struct (e.g. MyStruct{})
+// as empty and omit it from the marshaled BSON when the "omitempty" struct tag option is set.
+//
+// Note that the Encoder only examines exported struct fields when determining if a struct is the
+// zero value. It considers pointers to a zero struct value (e.g. &MyStruct{}) not empty.
+func (e *Encoder) OmitZeroStruct() {
+	e.omitZeroStruct = true
+}
+
+// UseJSONStructTags causes the Encoder to fall back to using the "json" struct tag if a "bson"
+// struct tag is not specified.
+func (e *Encoder) UseJSONStructTags() {
+	e.useJSONStructTags = true
+}
diff --git a/vendor/go.mongodb.org/mongo-driver/bson/marshal.go b/vendor/go.mongodb.org/mongo-driver/bson/marshal.go
index db8d8ee92..f2c48d049 100644
--- a/vendor/go.mongodb.org/mongo-driver/bson/marshal.go
+++ b/vendor/go.mongodb.org/mongo-driver/bson/marshal.go
@@ -20,17 +20,23 @@ const defaultDstCap = 256
 var bvwPool = bsonrw.NewBSONValueWriterPool()
 var extjPool = bsonrw.NewExtJSONValueWriterPool()
 
-// Marshaler is an interface implemented by types that can marshal themselves
-// into a BSON document represented as bytes. The bytes returned must be a valid
-// BSON document if the error is nil.
+// Marshaler is the interface implemented by types that can marshal themselves
+// into a valid BSON document.
+//
+// Implementations of Marshaler must return a full BSON document. To create
+// custom BSON marshaling behavior for individual values in a BSON document,
+// implement the ValueMarshaler interface instead.
 type Marshaler interface {
 	MarshalBSON() ([]byte, error)
 }
 
-// ValueMarshaler is an interface implemented by types that can marshal
-// themselves into a BSON value as bytes. The type must be the valid type for
-// the bytes returned. The bytes and byte type together must be valid if the
-// error is nil.
+// ValueMarshaler is the interface implemented by types that can marshal
+// themselves into a valid BSON value. The format of the returned bytes must
+// match the returned type.
+//
+// Implementations of ValueMarshaler must return an individual BSON value. To
+// create custom BSON marshaling behavior for an entire BSON document, implement
+// the Marshaler interface instead.
 type ValueMarshaler interface {
 	MarshalBSONValue() (bsontype.Type, []byte, error)
 }
@@ -48,12 +54,42 @@ func Marshal(val interface{}) ([]byte, error) {
 // MarshalAppend will encode val as a BSON document and append the bytes to dst. If dst is not large enough to hold the
 // bytes, it will be grown. If val is not a type that can be transformed into a document, MarshalValueAppend should be
 // used instead.
+//
+// Deprecated: Use [NewEncoder] and pass the dst byte slice (wrapped by a bytes.Buffer) into
+// [bsonrw.NewBSONValueWriter]:
+//
+//	buf := bytes.NewBuffer(dst)
+//	vw, err := bsonrw.NewBSONValueWriter(buf)
+//	if err != nil {
+//		panic(err)
+//	}
+//	enc, err := bson.NewEncoder(vw)
+//	if err != nil {
+//		panic(err)
+//	}
+//
+// See [Encoder] for more examples.
 func MarshalAppend(dst []byte, val interface{}) ([]byte, error) {
 	return MarshalAppendWithRegistry(DefaultRegistry, dst, val)
 }
 
 // MarshalWithRegistry returns the BSON encoding of val as a BSON document. If val is not a type that can be transformed
 // into a document, MarshalValueWithRegistry should be used instead.
+//
+// Deprecated: Use [NewEncoder] and specify the Registry by calling [Encoder.SetRegistry] instead:
+//
+//	buf := new(bytes.Buffer)
+//	vw, err := bsonrw.NewBSONValueWriter(buf)
+//	if err != nil {
+//		panic(err)
+//	}
+//	enc, err := bson.NewEncoder(vw)
+//	if err != nil {
+//		panic(err)
+//	}
+//	enc.SetRegistry(reg)
+//
+// See [Encoder] for more examples.
 func MarshalWithRegistry(r *bsoncodec.Registry, val interface{}) ([]byte, error) {
 	dst := make([]byte, 0)
 	return MarshalAppendWithRegistry(r, dst, val)
@@ -61,6 +97,22 @@ func MarshalWithRegistry(r *bsoncodec.Registry, val interface{}) ([]byte, error)
 
 // MarshalWithContext returns the BSON encoding of val as a BSON document using EncodeContext ec. If val is not a type
 // that can be transformed into a document, MarshalValueWithContext should be used instead.
+//
+// Deprecated: Use [NewEncoder] and use the Encoder configuration methods to set the desired marshal
+// behavior instead:
+//
+//	buf := bytes.NewBuffer(dst)
+//	vw, err := bsonrw.NewBSONValueWriter(buf)
+//	if err != nil {
+//		panic(err)
+//	}
+//	enc, err := bson.NewEncoder(vw)
+//	if err != nil {
+//		panic(err)
+//	}
+//	enc.IntMinSize()
+//
+// See [Encoder] for more examples.
 func MarshalWithContext(ec bsoncodec.EncodeContext, val interface{}) ([]byte, error) {
 	dst := make([]byte, 0)
 	return MarshalAppendWithContext(ec, dst, val)
@@ -69,6 +121,22 @@ func MarshalWithContext(ec bsoncodec.EncodeContext, val interface{}) ([]byte, er
 // MarshalAppendWithRegistry will encode val as a BSON document using Registry r and append the bytes to dst. If dst is
 // not large enough to hold the bytes, it will be grown. If val is not a type that can be transformed into a document,
 // MarshalValueAppendWithRegistry should be used instead.
+//
+// Deprecated: Use [NewEncoder], and pass the dst byte slice (wrapped by a bytes.Buffer) into
+// [bsonrw.NewBSONValueWriter], and specify the Registry by calling [Encoder.SetRegistry] instead:
+//
+//	buf := bytes.NewBuffer(dst)
+//	vw, err := bsonrw.NewBSONValueWriter(buf)
+//	if err != nil {
+//		panic(err)
+//	}
+//	enc, err := bson.NewEncoder(vw)
+//	if err != nil {
+//		panic(err)
+//	}
+//	enc.SetRegistry(reg)
+//
+// See [Encoder] for more examples.
 func MarshalAppendWithRegistry(r *bsoncodec.Registry, dst []byte, val interface{}) ([]byte, error) {
 	return MarshalAppendWithContext(bsoncodec.EncodeContext{Registry: r}, dst, val)
 }
@@ -76,6 +144,23 @@ func MarshalAppendWithRegistry(r *bsoncodec.Registry, dst []byte, val interface{
 // MarshalAppendWithContext will encode val as a BSON document using Registry r and EncodeContext ec and append the
 // bytes to dst. If dst is not large enough to hold the bytes, it will be grown. If val is not a type that can be
 // transformed into a document, MarshalValueAppendWithContext should be used instead.
+//
+// Deprecated: Use [NewEncoder], pass the dst byte slice (wrapped by a bytes.Buffer) into
+// [bsonrw.NewBSONValueWriter], and use the Encoder configuration methods to set the desired marshal
+// behavior instead:
+//
+//	buf := bytes.NewBuffer(dst)
+//	vw, err := bsonrw.NewBSONValueWriter(buf)
+//	if err != nil {
+//		panic(err)
+//	}
+//	enc, err := bson.NewEncoder(vw)
+//	if err != nil {
+//		panic(err)
+//	}
+//	enc.IntMinSize()
+//
+// See [Encoder] for more examples.
 func MarshalAppendWithContext(ec bsoncodec.EncodeContext, dst []byte, val interface{}) ([]byte, error) {
 	sw := new(bsonrw.SliceWriter)
 	*sw = dst
@@ -112,17 +197,26 @@ func MarshalValue(val interface{}) (bsontype.Type, []byte, error) {
 
 // MarshalValueAppend will append the BSON encoding of val to dst. If dst is not large enough to hold the BSON encoding
 // of val, dst will be grown.
+//
+// Deprecated: Appending individual BSON elements to an existing slice will not be supported in Go
+// Driver 2.0.
 func MarshalValueAppend(dst []byte, val interface{}) (bsontype.Type, []byte, error) {
 	return MarshalValueAppendWithRegistry(DefaultRegistry, dst, val)
 }
 
 // MarshalValueWithRegistry returns the BSON encoding of val using Registry r.
+//
+// Deprecated: Using a custom registry to marshal individual BSON values will not be supported in Go
+// Driver 2.0.
 func MarshalValueWithRegistry(r *bsoncodec.Registry, val interface{}) (bsontype.Type, []byte, error) {
 	dst := make([]byte, 0)
 	return MarshalValueAppendWithRegistry(r, dst, val)
 }
 
 // MarshalValueWithContext returns the BSON encoding of val using EncodeContext ec.
+//
+// Deprecated: Using a custom EncodeContext to marshal individual BSON elements will not be
+// supported in Go Driver 2.0.
 func MarshalValueWithContext(ec bsoncodec.EncodeContext, val interface{}) (bsontype.Type, []byte, error) {
 	dst := make([]byte, 0)
 	return MarshalValueAppendWithContext(ec, dst, val)
@@ -130,12 +224,18 @@ func MarshalValueWithContext(ec bsoncodec.EncodeContext, val interface{}) (bsont
 
 // MarshalValueAppendWithRegistry will append the BSON encoding of val to dst using Registry r. If dst is not large
 // enough to hold the BSON encoding of val, dst will be grown.
+//
+// Deprecated: Appending individual BSON elements to an existing slice will not be supported in Go
+// Driver 2.0.
 func MarshalValueAppendWithRegistry(r *bsoncodec.Registry, dst []byte, val interface{}) (bsontype.Type, []byte, error) {
 	return MarshalValueAppendWithContext(bsoncodec.EncodeContext{Registry: r}, dst, val)
 }
 
 // MarshalValueAppendWithContext will append the BSON encoding of val to dst using EncodeContext ec. If dst is not large
 // enough to hold the BSON encoding of val, dst will be grown.
+//
+// Deprecated: Appending individual BSON elements to an existing slice will not be supported in Go
+// Driver 2.0.
 func MarshalValueAppendWithContext(ec bsoncodec.EncodeContext, dst []byte, val interface{}) (bsontype.Type, []byte, error) {
 	// get a ValueWriter configured to write to dst
 	sw := new(bsonrw.SliceWriter)
@@ -173,17 +273,63 @@ func MarshalExtJSON(val interface{}, canonical, escapeHTML bool) ([]byte, error)
 // MarshalExtJSONAppend will append the extended JSON encoding of val to dst.
 // If dst is not large enough to hold the extended JSON encoding of val, dst
 // will be grown.
+//
+// Deprecated: Use [NewEncoder] and pass the dst byte slice (wrapped by a bytes.Buffer) into
+// [bsonrw.NewExtJSONValueWriter] instead:
+//
+//	buf := bytes.NewBuffer(dst)
+//	vw, err := bsonrw.NewExtJSONValueWriter(buf, true, false)
+//	if err != nil {
+//		panic(err)
+//	}
+//	enc, err := bson.NewEncoder(vw)
+//	if err != nil {
+//		panic(err)
+//	}
+//
+// See [Encoder] for more examples.
 func MarshalExtJSONAppend(dst []byte, val interface{}, canonical, escapeHTML bool) ([]byte, error) {
 	return MarshalExtJSONAppendWithRegistry(DefaultRegistry, dst, val, canonical, escapeHTML)
 }
 
 // MarshalExtJSONWithRegistry returns the extended JSON encoding of val using Registry r.
+//
+// Deprecated: Use [NewEncoder] and specify the Registry by calling [Encoder.SetRegistry] instead:
+//
+//	buf := new(bytes.Buffer)
+//	vw, err := bsonrw.NewBSONValueWriter(buf)
+//	if err != nil {
+//		panic(err)
+//	}
+//	enc, err := bson.NewEncoder(vw)
+//	if err != nil {
+//		panic(err)
+//	}
+//	enc.SetRegistry(reg)
+//
+// See [Encoder] for more examples.
 func MarshalExtJSONWithRegistry(r *bsoncodec.Registry, val interface{}, canonical, escapeHTML bool) ([]byte, error) {
 	dst := make([]byte, 0, defaultDstCap)
 	return MarshalExtJSONAppendWithContext(bsoncodec.EncodeContext{Registry: r}, dst, val, canonical, escapeHTML)
 }
 
 // MarshalExtJSONWithContext returns the extended JSON encoding of val using Registry r.
+//
+// Deprecated: Use [NewEncoder] and use the Encoder configuration methods to set the desired marshal
+// behavior instead:
+//
+//	buf := new(bytes.Buffer)
+//	vw, err := bsonrw.NewBSONValueWriter(buf)
+//	if err != nil {
+//		panic(err)
+//	}
+//	enc, err := bson.NewEncoder(vw)
+//	if err != nil {
+//		panic(err)
+//	}
+//	enc.IntMinSize()
+//
+// See [Encoder] for more examples.
 func MarshalExtJSONWithContext(ec bsoncodec.EncodeContext, val interface{}, canonical, escapeHTML bool) ([]byte, error) {
 	dst := make([]byte, 0, defaultDstCap)
 	return MarshalExtJSONAppendWithContext(ec, dst, val, canonical, escapeHTML)
@@ -192,6 +338,22 @@ func MarshalExtJSONWithContext(ec bsoncodec.EncodeContext, val interface{}, cano
 // MarshalExtJSONAppendWithRegistry will append the extended JSON encoding of
 // val to dst using Registry r. If dst is not large enough to hold the BSON
 // encoding of val, dst will be grown.
+//
+// Deprecated: Use [NewEncoder], pass the dst byte slice (wrapped by a bytes.Buffer) into
+// [bsonrw.NewExtJSONValueWriter], and specify the Registry by calling [Encoder.SetRegistry]
+// instead:
+//
+//	buf := bytes.NewBuffer(dst)
+//	vw, err := bsonrw.NewExtJSONValueWriter(buf, true, false)
+//	if err != nil {
+//		panic(err)
+//	}
+//	enc, err := bson.NewEncoder(vw)
+//	if err != nil {
+//		panic(err)
+//	}
+//
+// See [Encoder] for more examples.
 func MarshalExtJSONAppendWithRegistry(r *bsoncodec.Registry, dst []byte, val interface{}, canonical, escapeHTML bool) ([]byte, error) {
 	return MarshalExtJSONAppendWithContext(bsoncodec.EncodeContext{Registry: r}, dst, val, canonical, escapeHTML)
 }
@@ -199,6 +361,23 @@ func MarshalExtJSONAppendWithRegistry(r *bsoncodec.Registry, dst []byte, val int
 // MarshalExtJSONAppendWithContext will append the extended JSON encoding of
 // val to dst using Registry r. If dst is not large enough to hold the BSON
 // encoding of val, dst will be grown.
+//
+// Deprecated: Use [NewEncoder], pass the dst byte slice (wrapped by a bytes.Buffer) into
+// [bsonrw.NewExtJSONValueWriter], and use the Encoder configuration methods to set the desired marshal
+// behavior instead:
+//
+//	buf := bytes.NewBuffer(dst)
+//	vw, err := bsonrw.NewExtJSONValueWriter(buf, true, false)
+//	if err != nil {
+//		panic(err)
+//	}
+//	enc, err := bson.NewEncoder(vw)
+//	if err != nil {
+//		panic(err)
+//	}
+//	enc.IntMinSize()
+//
+// See [Encoder] for more examples.
 func MarshalExtJSONAppendWithContext(ec bsoncodec.EncodeContext, dst []byte, val interface{}, canonical, escapeHTML bool) ([]byte, error) {
 	sw := new(bsonrw.SliceWriter)
 	*sw = dst
diff --git a/vendor/go.mongodb.org/mongo-driver/bson/primitive/decimal.go b/vendor/go.mongodb.org/mongo-driver/bson/primitive/decimal.go
index ba7c9112e..24ab58fc4 100644
--- a/vendor/go.mongodb.org/mongo-driver/bson/primitive/decimal.go
+++ b/vendor/go.mongodb.org/mongo-driver/bson/primitive/decimal.go
@@ -328,6 +328,7 @@ func ParseDecimal128(s string) (Decimal128, error) {
 		return dErr(s)
 	}
 
+	// Parse the significand (i.e. the non-exponent part) as a big.Int.
 	bi, ok := new(big.Int).SetString(intPart+decPart, 10)
 	if !ok {
 		return dErr(s)
@@ -360,6 +361,19 @@ func ParseDecimal128FromBigInt(bi *big.Int, exp int) (Decimal128, bool) {
 	q := new(big.Int)
 	r := new(big.Int)
 
+	// If the significand is zero, the logical value will always be zero, independent of the
+	// exponent. However, the loops for handling out-of-range exponent values below may be extremely
+	// slow for zero values because the significand never changes. Limit the exponent value to the
+	// supported range here to prevent entering the loops below.
+	if bi.Cmp(zero) == 0 {
+		if exp > MaxDecimal128Exp {
+			exp = MaxDecimal128Exp
+		}
+		if exp < MinDecimal128Exp {
+			exp = MinDecimal128Exp
+		}
+	}
+
 	for bigIntCmpAbs(bi, maxS) == 1 {
 		bi, _ = q.QuoRem(bi, ten, r)
 		if r.Cmp(zero) != 0 {
diff --git a/vendor/go.mongodb.org/mongo-driver/bson/primitive/objectid.go b/vendor/go.mongodb.org/mongo-driver/bson/primitive/objectid.go
index ded367316..9bbaffac2 100644
--- a/vendor/go.mongodb.org/mongo-driver/bson/primitive/objectid.go
+++ b/vendor/go.mongodb.org/mongo-driver/bson/primitive/objectid.go
@@ -82,18 +82,18 @@ func ObjectIDFromHex(s string) (ObjectID, error) {
 		return NilObjectID, ErrInvalidHex
 	}
 
-	b, err := hex.DecodeString(s)
+	var oid [12]byte
+	_, err := hex.Decode(oid[:], []byte(s))
 	if err != nil {
 		return NilObjectID, err
 	}
 
-	var oid [12]byte
-	copy(oid[:], b)
-
 	return oid, nil
 }
 
 // IsValidObjectID returns true if the provided hex string represents a valid ObjectID and false if not.
+//
+// Deprecated: Use ObjectIDFromHex and check the error instead.
 func IsValidObjectID(s string) bool {
 	_, err := ObjectIDFromHex(s)
 	return err == nil
diff --git a/vendor/go.mongodb.org/mongo-driver/bson/primitive/primitive.go b/vendor/go.mongodb.org/mongo-driver/bson/primitive/primitive.go
index c72ccc1c4..65f4fbb94 100644
--- a/vendor/go.mongodb.org/mongo-driver/bson/primitive/primitive.go
+++ b/vendor/go.mongodb.org/mongo-driver/bson/primitive/primitive.go
@@ -45,7 +45,7 @@ var _ json.Unmarshaler = (*DateTime)(nil)
 
 // MarshalJSON marshal to time type.
 func (d DateTime) MarshalJSON() ([]byte, error) {
-	return json.Marshal(d.Time())
+	return json.Marshal(d.Time().UTC())
 }
 
 // UnmarshalJSON creates a primitive.DateTime from a JSON string.
@@ -141,6 +141,16 @@ type Timestamp struct {
 	I uint32
 }
 
+// After reports whether the time instant tp is after tp2.
+func (tp Timestamp) After(tp2 Timestamp) bool {
+	return tp.T > tp2.T || (tp.T == tp2.T && tp.I > tp2.I)
+}
+
+// Before reports whether the time instant tp is before tp2.
+func (tp Timestamp) Before(tp2 Timestamp) bool {
+	return tp.T < tp2.T || (tp.T == tp2.T && tp.I < tp2.I)
+}
+
 // Equal compares tp to tp2 and returns true if they are equal.
 func (tp Timestamp) Equal(tp2 Timestamp) bool {
 	return tp.T == tp2.T && tp.I == tp2.I
@@ -151,24 +161,25 @@ func (tp Timestamp) IsZero() bool {
 	return tp.T == 0 && tp.I == 0
 }
 
-// CompareTimestamp returns an integer comparing two Timestamps, where T is compared first, followed by I.
-// Returns 0 if tp = tp2, 1 if tp > tp2, -1 if tp < tp2.
-func CompareTimestamp(tp, tp2 Timestamp) int {
-	if tp.Equal(tp2) {
+// Compare compares the time instant tp with tp2. If tp is before tp2, it returns -1; if tp is after
+// tp2, it returns +1; if they're the same, it returns 0.
+func (tp Timestamp) Compare(tp2 Timestamp) int {
+	switch {
+	case tp.Equal(tp2):
 		return 0
-	}
-
-	if tp.T > tp2.T {
-		return 1
-	}
-	if tp.T < tp2.T {
+	case tp.Before(tp2):
 		return -1
+	default:
+		return +1
 	}
-	// Compare I values because T values are equal
-	if tp.I > tp2.I {
-		return 1
-	}
-	return -1
+}
+
+// CompareTimestamp compares the time instant tp with tp2. If tp is before tp2, it returns -1; if tp is after
+// tp2, it returns +1; if they're the same, it returns 0.
+//
+// Deprecated: Use Timestamp.Compare instead.
+func CompareTimestamp(tp, tp2 Timestamp) int {
+	return tp.Compare(tp2)
 }
 
 // MinKey represents the BSON minkey value.
@@ -186,6 +197,9 @@ type MaxKey struct{}
 type D []E
 
 // Map creates a map from the elements of the D.
+//
+// Deprecated: Converting directly from a D to an M will not be supported in Go Driver 2.0. Instead,
+// users should marshal the D to BSON using bson.Marshal and unmarshal it to M using bson.Unmarshal.
 func (d D) Map() M {
 	m := make(M, len(d))
 	for _, e := range d {
diff --git a/vendor/go.mongodb.org/mongo-driver/bson/primitive_codecs.go b/vendor/go.mongodb.org/mongo-driver/bson/primitive_codecs.go
index 1cbe3884d..ff32a87a7 100644
--- a/vendor/go.mongodb.org/mongo-driver/bson/primitive_codecs.go
+++ b/vendor/go.mongodb.org/mongo-driver/bson/primitive_codecs.go
@@ -8,6 +8,7 @@ package bson
 
 import (
 	"errors"
+	"fmt"
 	"reflect"
 
 	"go.mongodb.org/mongo-driver/bson/bsoncodec"
@@ -21,10 +22,16 @@ var primitiveCodecs PrimitiveCodecs
 
 // PrimitiveCodecs is a namespace for all of the default bsoncodec.Codecs for the primitive types
 // defined in this package.
+//
+// Deprecated: Use bson.NewRegistry to get a registry with all primitive encoders and decoders
+// registered.
 type PrimitiveCodecs struct{}
 
 // RegisterPrimitiveCodecs will register the encode and decode methods attached to PrimitiveCodecs
 // with the provided RegistryBuilder. if rb is nil, a new empty RegistryBuilder will be created.
+//
+// Deprecated: Use bson.NewRegistry to get a registry with all primitive encoders and decoders
+// registered.
 func (pc PrimitiveCodecs) RegisterPrimitiveCodecs(rb *bsoncodec.RegistryBuilder) {
 	if rb == nil {
 		panic(errors.New("argument to RegisterPrimitiveCodecs must not be nil"))
@@ -38,18 +45,35 @@ func (pc PrimitiveCodecs) RegisterPrimitiveCodecs(rb *bsoncodec.RegistryBuilder)
 }
 
 // RawValueEncodeValue is the ValueEncoderFunc for RawValue.
-func (PrimitiveCodecs) RawValueEncodeValue(ec bsoncodec.EncodeContext, vw bsonrw.ValueWriter, val reflect.Value) error {
+//
+// If the RawValue's Type is "invalid" and the RawValue's Value is not empty or
+// nil, then this method will return an error.
+//
+// Deprecated: Use bson.NewRegistry to get a registry with all primitive
+// encoders and decoders registered.
+func (PrimitiveCodecs) RawValueEncodeValue(_ bsoncodec.EncodeContext, vw bsonrw.ValueWriter, val reflect.Value) error {
 	if !val.IsValid() || val.Type() != tRawValue {
-		return bsoncodec.ValueEncoderError{Name: "RawValueEncodeValue", Types: []reflect.Type{tRawValue}, Received: val}
+		return bsoncodec.ValueEncoderError{
+			Name:     "RawValueEncodeValue",
+			Types:    []reflect.Type{tRawValue},
+			Received: val,
+		}
 	}
 
 	rawvalue := val.Interface().(RawValue)
 
+	if !rawvalue.Type.IsValid() {
+		return fmt.Errorf("the RawValue Type specifies an invalid BSON type: %#x", byte(rawvalue.Type))
+	}
+
 	return bsonrw.Copier{}.CopyValueFromBytes(vw, rawvalue.Type, rawvalue.Value)
 }
 
 // RawValueDecodeValue is the ValueDecoderFunc for RawValue.
-func (PrimitiveCodecs) RawValueDecodeValue(dc bsoncodec.DecodeContext, vr bsonrw.ValueReader, val reflect.Value) error {
+//
+// Deprecated: Use bson.NewRegistry to get a registry with all primitive encoders and decoders
+// registered.
+func (PrimitiveCodecs) RawValueDecodeValue(_ bsoncodec.DecodeContext, vr bsonrw.ValueReader, val reflect.Value) error {
 	if !val.CanSet() || val.Type() != tRawValue {
 		return bsoncodec.ValueDecoderError{Name: "RawValueDecodeValue", Types: []reflect.Type{tRawValue}, Received: val}
 	}
@@ -64,7 +88,10 @@ func (PrimitiveCodecs) RawValueDecodeValue(dc bsoncodec.DecodeContext, vr bsonrw
 }
 
 // RawEncodeValue is the ValueEncoderFunc for Reader.
-func (PrimitiveCodecs) RawEncodeValue(ec bsoncodec.EncodeContext, vw bsonrw.ValueWriter, val reflect.Value) error {
+//
+// Deprecated: Use bson.NewRegistry to get a registry with all primitive encoders and decoders
+// registered.
+func (PrimitiveCodecs) RawEncodeValue(_ bsoncodec.EncodeContext, vw bsonrw.ValueWriter, val reflect.Value) error {
 	if !val.IsValid() || val.Type() != tRaw {
 		return bsoncodec.ValueEncoderError{Name: "RawEncodeValue", Types: []reflect.Type{tRaw}, Received: val}
 	}
@@ -75,7 +102,10 @@ func (PrimitiveCodecs) RawEncodeValue(ec bsoncodec.EncodeContext, vw bsonrw.Valu
 }
 
 // RawDecodeValue is the ValueDecoderFunc for Reader.
-func (PrimitiveCodecs) RawDecodeValue(dc bsoncodec.DecodeContext, vr bsonrw.ValueReader, val reflect.Value) error {
+//
+// Deprecated: Use bson.NewRegistry to get a registry with all primitive encoders and decoders
+// registered.
+func (PrimitiveCodecs) RawDecodeValue(_ bsoncodec.DecodeContext, vr bsonrw.ValueReader, val reflect.Value) error {
 	if !val.CanSet() || val.Type() != tRaw {
 		return bsoncodec.ValueDecoderError{Name: "RawDecodeValue", Types: []reflect.Type{tRaw}, Received: val}
 	}
diff --git a/vendor/go.mongodb.org/mongo-driver/bson/raw.go b/vendor/go.mongodb.org/mongo-driver/bson/raw.go
index efd705daa..fe990a177 100644
--- a/vendor/go.mongodb.org/mongo-driver/bson/raw.go
+++ b/vendor/go.mongodb.org/mongo-driver/bson/raw.go
@@ -16,18 +16,27 @@ import (
 // ErrNilReader indicates that an operation was attempted on a nil bson.Reader.
 var ErrNilReader = errors.New("nil reader")
 
-// Raw is a wrapper around a byte slice. It will interpret the slice as a
-// BSON document. This type is a wrapper around a bsoncore.Document. Errors returned from the
-// methods on this type and associated types come from the bsoncore package.
+// Raw is a raw encoded BSON document. It can be used to delay BSON document decoding or precompute
+// a BSON encoded document.
+//
+// A Raw must be a full BSON document. Use the RawValue type for individual BSON values.
 type Raw []byte
 
-// NewFromIOReader reads in a document from the given io.Reader and constructs a Raw from
-// it.
-func NewFromIOReader(r io.Reader) (Raw, error) {
+// ReadDocument reads a BSON document from the io.Reader and returns it as a bson.Raw. If the
+// reader contains multiple BSON documents, only the first document is read.
+func ReadDocument(r io.Reader) (Raw, error) {
 	doc, err := bsoncore.NewDocumentFromReader(r)
 	return Raw(doc), err
 }
 
+// NewFromIOReader reads a BSON document from the io.Reader and returns it as a bson.Raw. If the
+// reader contains multiple BSON documents, only the first document is read.
+//
+// Deprecated: Use ReadDocument instead.
+func NewFromIOReader(r io.Reader) (Raw, error) {
+	return ReadDocument(r)
+}
+
 // Validate validates the document. This method only validates the first document in
 // the slice, to validate other documents, the slice must be resliced.
 func (r Raw) Validate() (err error) { return bsoncore.Document(r).Validate() }
@@ -81,5 +90,5 @@ func (r Raw) IndexErr(index uint) (RawElement, error) {
 	return RawElement(elem), err
 }
 
-// String implements the fmt.Stringer interface.
+// String returns the BSON document encoded as Extended JSON.
 func (r Raw) String() string { return bsoncore.Document(r).String() }
diff --git a/vendor/go.mongodb.org/mongo-driver/bson/raw_element.go b/vendor/go.mongodb.org/mongo-driver/bson/raw_element.go
index 006f503a3..8ce13c2cc 100644
--- a/vendor/go.mongodb.org/mongo-driver/bson/raw_element.go
+++ b/vendor/go.mongodb.org/mongo-driver/bson/raw_element.go
@@ -10,10 +10,7 @@ import (
 	"go.mongodb.org/mongo-driver/x/bsonx/bsoncore"
 )
 
-// RawElement represents a BSON element in byte form. This type provides a simple way to
-// transform a slice of bytes into a BSON element and extract information from it.
-//
-// RawElement is a thin wrapper around a bsoncore.Element.
+// RawElement is a raw encoded BSON document or array element.
 type RawElement []byte
 
 // Key returns the key for this element. If the element is not valid, this method returns an empty
@@ -36,7 +33,7 @@ func (re RawElement) ValueErr() (RawValue, error) {
 // Validate ensures re is a valid BSON element.
 func (re RawElement) Validate() error { return bsoncore.Element(re).Validate() }
 
-// String implements the fmt.Stringer interface. The output will be in extended JSON format.
+// String returns the BSON element encoded as Extended JSON.
 func (re RawElement) String() string {
 	doc := bsoncore.BuildDocument(nil, re)
 	j, err := MarshalExtJSON(Raw(doc), true, false)
diff --git a/vendor/go.mongodb.org/mongo-driver/bson/raw_value.go b/vendor/go.mongodb.org/mongo-driver/bson/raw_value.go
index 75297f30f..4d1bfb316 100644
--- a/vendor/go.mongodb.org/mongo-driver/bson/raw_value.go
+++ b/vendor/go.mongodb.org/mongo-driver/bson/raw_value.go
@@ -26,11 +26,10 @@ var ErrNilContext = errors.New("DecodeContext cannot be nil")
 // ErrNilRegistry is returned when the provided registry is nil.
 var ErrNilRegistry = errors.New("Registry cannot be nil")
 
-// RawValue represents a BSON value in byte form. It can be used to hold unprocessed BSON or to
-// defer processing of BSON. Type is the BSON type of the value and Value are the raw bytes that
-// represent the element.
+// RawValue is a raw encoded BSON value. It can be used to delay BSON value decoding or precompute
+// BSON encoded value. Type is the BSON type of the value and Value is the raw encoded BSON value.
 //
-// This type wraps bsoncore.Value for most of it's functionality.
+// A RawValue must be an individual BSON value. Use the Raw type for full BSON documents.
 type RawValue struct {
 	Type  bsontype.Type
 	Value []byte
@@ -38,6 +37,12 @@ type RawValue struct {
 	r *bsoncodec.Registry
 }
 
+// IsZero reports whether the RawValue is zero, i.e. no data is present on
+// the RawValue. It returns true if Type is 0 and Value is empty or nil.
+func (rv RawValue) IsZero() bool {
+	return rv.Type == 0x00 && len(rv.Value) == 0
+}
+
 // Unmarshal deserializes BSON into the provided val. If RawValue cannot be unmarshaled into val, an
 // error is returned. This method will use the registry used to create the RawValue, if the RawValue
 // was created from partial BSON processing, or it will use the default registry. Users wishing to
@@ -268,10 +273,16 @@ func (rv RawValue) Int32OK() (int32, bool) { return convertToCoreValue(rv).Int32
 
 // AsInt32 returns a BSON number as an int32. If the BSON type is not a numeric one, this method
 // will panic.
+//
+// Deprecated: Use AsInt64 instead. If an int32 is required, convert the returned value to an int32
+// and perform any required overflow/underflow checking.
 func (rv RawValue) AsInt32() int32 { return convertToCoreValue(rv).AsInt32() }
 
 // AsInt32OK is the same as AsInt32, except that it returns a boolean instead of
 // panicking.
+//
+// Deprecated: Use AsInt64OK instead. If an int32 is required, convert the returned value to an
+// int32 and perform any required overflow/underflow checking.
 func (rv RawValue) AsInt32OK() (int32, bool) { return convertToCoreValue(rv).AsInt32OK() }
 
 // Timestamp returns the BSON timestamp value the Value represents. It panics if the value is a
diff --git a/vendor/go.mongodb.org/mongo-driver/bson/registry.go b/vendor/go.mongodb.org/mongo-driver/bson/registry.go
index 16d7573e7..b5b0f3568 100644
--- a/vendor/go.mongodb.org/mongo-driver/bson/registry.go
+++ b/vendor/go.mongodb.org/mongo-driver/bson/registry.go
@@ -6,15 +6,19 @@
 
 package bson
 
-import "go.mongodb.org/mongo-driver/bson/bsoncodec"
+import (
+	"go.mongodb.org/mongo-driver/bson/bsoncodec"
+)
 
 // DefaultRegistry is the default bsoncodec.Registry. It contains the default codecs and the
 // primitive codecs.
-var DefaultRegistry = NewRegistryBuilder().Build()
+var DefaultRegistry = NewRegistry()
 
 // NewRegistryBuilder creates a new RegistryBuilder configured with the default encoders and
 // decoders from the bsoncodec.DefaultValueEncoders and bsoncodec.DefaultValueDecoders types and the
 // PrimitiveCodecs type in this package.
+//
+// Deprecated: Use NewRegistry instead.
 func NewRegistryBuilder() *bsoncodec.RegistryBuilder {
 	rb := bsoncodec.NewRegistryBuilder()
 	bsoncodec.DefaultValueEncoders{}.RegisterDefaultEncoders(rb)
@@ -22,3 +26,10 @@ func NewRegistryBuilder() *bsoncodec.RegistryBuilder {
 	primitiveCodecs.RegisterPrimitiveCodecs(rb)
 	return rb
 }
+
+// NewRegistry creates a new Registry configured with the default encoders and decoders from the
+// bsoncodec.DefaultValueEncoders and bsoncodec.DefaultValueDecoders types and the PrimitiveCodecs
+// type in this package.
+func NewRegistry() *bsoncodec.Registry {
+	return NewRegistryBuilder().Build()
+}
diff --git a/vendor/go.mongodb.org/mongo-driver/bson/types.go b/vendor/go.mongodb.org/mongo-driver/bson/types.go
index 13a1c35cf..e201ac37e 100644
--- a/vendor/go.mongodb.org/mongo-driver/bson/types.go
+++ b/vendor/go.mongodb.org/mongo-driver/bson/types.go
@@ -10,7 +10,7 @@ import (
 	"go.mongodb.org/mongo-driver/bson/bsontype"
 )
 
-// These constants uniquely refer to each BSON type.
+// BSON element types as described in https://bsonspec.org/spec.html.
 const (
 	TypeDouble           = bsontype.Double
 	TypeString           = bsontype.String
@@ -34,3 +34,16 @@ const (
 	TypeMinKey           = bsontype.MinKey
 	TypeMaxKey           = bsontype.MaxKey
 )
+
+// BSON binary element subtypes as described in https://bsonspec.org/spec.html.
+const (
+	TypeBinaryGeneric     = bsontype.BinaryGeneric
+	TypeBinaryFunction    = bsontype.BinaryFunction
+	TypeBinaryBinaryOld   = bsontype.BinaryBinaryOld
+	TypeBinaryUUIDOld     = bsontype.BinaryUUIDOld
+	TypeBinaryUUID        = bsontype.BinaryUUID
+	TypeBinaryMD5         = bsontype.BinaryMD5
+	TypeBinaryEncrypted   = bsontype.BinaryEncrypted
+	TypeBinaryColumn      = bsontype.BinaryColumn
+	TypeBinaryUserDefined = bsontype.BinaryUserDefined
+)
diff --git a/vendor/go.mongodb.org/mongo-driver/bson/unmarshal.go b/vendor/go.mongodb.org/mongo-driver/bson/unmarshal.go
index f936ba183..66da17ee0 100644
--- a/vendor/go.mongodb.org/mongo-driver/bson/unmarshal.go
+++ b/vendor/go.mongodb.org/mongo-driver/bson/unmarshal.go
@@ -14,18 +14,26 @@ import (
 	"go.mongodb.org/mongo-driver/bson/bsontype"
 )
 
-// Unmarshaler is an interface implemented by types that can unmarshal a BSON
-// document representation of themselves. The BSON bytes can be assumed to be
-// valid. UnmarshalBSON must copy the BSON bytes if it wishes to retain the data
-// after returning.
+// Unmarshaler is the interface implemented by types that can unmarshal a BSON
+// document representation of themselves. The input can be assumed to be a valid
+// encoding of a BSON document. UnmarshalBSON must copy the JSON data if it
+// wishes to retain the data after returning.
+//
+// Unmarshaler is only used to unmarshal full BSON documents. To create custom
+// BSON unmarshaling behavior for individual values in a BSON document,
+// implement the ValueUnmarshaler interface instead.
 type Unmarshaler interface {
 	UnmarshalBSON([]byte) error
 }
 
-// ValueUnmarshaler is an interface implemented by types that can unmarshal a
-// BSON value representation of themselves. The BSON bytes and type can be
-// assumed to be valid. UnmarshalBSONValue must copy the BSON value bytes if it
-// wishes to retain the data after returning.
+// ValueUnmarshaler is the interface implemented by types that can unmarshal a
+// BSON value representation of themselves. The input can be assumed to be a
+// valid encoding of a BSON value. UnmarshalBSONValue must copy the BSON value
+// bytes if it wishes to retain the data after returning.
+//
+// ValueUnmarshaler is only used to unmarshal individual values in a BSON
+// document. To create custom BSON unmarshaling behavior for an entire BSON
+// document, implement the Unmarshaler interface instead.
 type ValueUnmarshaler interface {
 	UnmarshalBSONValue(bsontype.Type, []byte) error
 }
@@ -40,6 +48,16 @@ func Unmarshal(data []byte, val interface{}) error {
 // UnmarshalWithRegistry parses the BSON-encoded data using Registry r and
 // stores the result in the value pointed to by val. If val is nil or not
 // a pointer, UnmarshalWithRegistry returns InvalidUnmarshalError.
+//
+// Deprecated: Use [NewDecoder] and specify the Registry by calling [Decoder.SetRegistry] instead:
+//
+//	dec, err := bson.NewDecoder(bsonrw.NewBSONDocumentReader(data))
+//	if err != nil {
+//		panic(err)
+//	}
+//	dec.SetRegistry(reg)
+//
+// See [Decoder] for more examples.
 func UnmarshalWithRegistry(r *bsoncodec.Registry, data []byte, val interface{}) error {
 	vr := bsonrw.NewBSONDocumentReader(data)
 	return unmarshalFromReader(bsoncodec.DecodeContext{Registry: r}, vr, val)
@@ -48,11 +66,40 @@ func UnmarshalWithRegistry(r *bsoncodec.Registry, data []byte, val interface{})
 // UnmarshalWithContext parses the BSON-encoded data using DecodeContext dc and
 // stores the result in the value pointed to by val. If val is nil or not
 // a pointer, UnmarshalWithRegistry returns InvalidUnmarshalError.
+//
+// Deprecated: Use [NewDecoder] and use the Decoder configuration methods to set the desired unmarshal
+// behavior instead:
+//
+//	dec, err := bson.NewDecoder(bsonrw.NewBSONDocumentReader(data))
+//	if err != nil {
+//		panic(err)
+//	}
+//	dec.DefaultDocumentM()
+//
+// See [Decoder] for more examples.
 func UnmarshalWithContext(dc bsoncodec.DecodeContext, data []byte, val interface{}) error {
 	vr := bsonrw.NewBSONDocumentReader(data)
 	return unmarshalFromReader(dc, vr, val)
 }
 
+// UnmarshalValue parses the BSON value of type t with bson.DefaultRegistry and
+// stores the result in the value pointed to by val. If val is nil or not a pointer,
+// UnmarshalValue returns an error.
+func UnmarshalValue(t bsontype.Type, data []byte, val interface{}) error {
+	return UnmarshalValueWithRegistry(DefaultRegistry, t, data, val)
+}
+
+// UnmarshalValueWithRegistry parses the BSON value of type t with registry r and
+// stores the result in the value pointed to by val. If val is nil or not a pointer,
+// UnmarshalValue returns an error.
+//
+// Deprecated: Using a custom registry to unmarshal individual BSON values will not be supported in
+// Go Driver 2.0.
+func UnmarshalValueWithRegistry(r *bsoncodec.Registry, t bsontype.Type, data []byte, val interface{}) error {
+	vr := bsonrw.NewBSONValueReader(t, data)
+	return unmarshalFromReader(bsoncodec.DecodeContext{Registry: r}, vr, val)
+}
+
 // UnmarshalExtJSON parses the extended JSON-encoded data and stores the result
 // in the value pointed to by val. If val is nil or not a pointer, Unmarshal
 // returns InvalidUnmarshalError.
@@ -63,6 +110,20 @@ func UnmarshalExtJSON(data []byte, canonical bool, val interface{}) error {
 // UnmarshalExtJSONWithRegistry parses the extended JSON-encoded data using
 // Registry r and stores the result in the value pointed to by val. If val is
 // nil or not a pointer, UnmarshalWithRegistry returns InvalidUnmarshalError.
+//
+// Deprecated: Use [NewDecoder] and specify the Registry by calling [Decoder.SetRegistry] instead:
+//
+//	vr, err := bsonrw.NewExtJSONValueReader(bytes.NewReader(data), true)
+//	if err != nil {
+//		panic(err)
+//	}
+//	dec, err := bson.NewDecoder(vr)
+//	if err != nil {
+//		panic(err)
+//	}
+//	dec.SetRegistry(reg)
+//
+// See [Decoder] for more examples.
 func UnmarshalExtJSONWithRegistry(r *bsoncodec.Registry, data []byte, canonical bool, val interface{}) error {
 	ejvr, err := bsonrw.NewExtJSONValueReader(bytes.NewReader(data), canonical)
 	if err != nil {
@@ -75,6 +136,21 @@ func UnmarshalExtJSONWithRegistry(r *bsoncodec.Registry, data []byte, canonical
 // UnmarshalExtJSONWithContext parses the extended JSON-encoded data using
 // DecodeContext dc and stores the result in the value pointed to by val. If val is
 // nil or not a pointer, UnmarshalWithRegistry returns InvalidUnmarshalError.
+//
+// Deprecated: Use [NewDecoder] and use the Decoder configuration methods to set the desired unmarshal
+// behavior instead:
+//
+//	vr, err := bsonrw.NewExtJSONValueReader(bytes.NewReader(data), true)
+//	if err != nil {
+//		panic(err)
+//	}
+//	dec, err := bson.NewDecoder(vr)
+//	if err != nil {
+//		panic(err)
+//	}
+//	dec.DefaultDocumentM()
+//
+// See [Decoder] for more examples.
 func UnmarshalExtJSONWithContext(dc bsoncodec.DecodeContext, data []byte, canonical bool, val interface{}) error {
 	ejvr, err := bsonrw.NewExtJSONValueReader(bytes.NewReader(data), canonical)
 	if err != nil {
diff --git a/vendor/go.mongodb.org/mongo-driver/x/bsonx/bsoncore/array.go b/vendor/go.mongodb.org/mongo-driver/x/bsonx/bsoncore/array.go
index 8ea60ba3c..6bc0afa70 100644
--- a/vendor/go.mongodb.org/mongo-driver/x/bsonx/bsoncore/array.go
+++ b/vendor/go.mongodb.org/mongo-driver/x/bsonx/bsoncore/array.go
@@ -7,10 +7,10 @@
 package bsoncore
 
 import (
-	"bytes"
 	"fmt"
 	"io"
 	"strconv"
+	"strings"
 )
 
 // NewArrayLengthError creates and returns an error for when the length of an array exceeds the
@@ -53,7 +53,7 @@ func (a Array) DebugString() string {
 	if len(a) < 5 {
 		return "<malformed>"
 	}
-	var buf bytes.Buffer
+	var buf strings.Builder
 	buf.WriteString("Array")
 	length, rem, _ := ReadLength(a) // We know we have enough bytes to read the length
 	buf.WriteByte('(')
@@ -69,7 +69,7 @@ func (a Array) DebugString() string {
 			buf.WriteString(fmt.Sprintf("<malformed (%d)>", length))
 			break
 		}
-		fmt.Fprintf(&buf, "%s", elem.Value().DebugString())
+		buf.WriteString(elem.Value().DebugString())
 		if length != 1 {
 			buf.WriteByte(',')
 		}
@@ -85,7 +85,7 @@ func (a Array) String() string {
 	if len(a) < 5 {
 		return ""
 	}
-	var buf bytes.Buffer
+	var buf strings.Builder
 	buf.WriteByte('[')
 
 	length, rem, _ := ReadLength(a) // We know we have enough bytes to read the length
@@ -100,7 +100,7 @@ func (a Array) String() string {
 		if !ok {
 			return ""
 		}
-		fmt.Fprintf(&buf, "%s", elem.Value().String())
+		buf.WriteString(elem.Value().String())
 		if length > 1 {
 			buf.WriteByte(',')
 		}
diff --git a/vendor/go.mongodb.org/mongo-driver/x/bsonx/bsoncore/bsoncore.go b/vendor/go.mongodb.org/mongo-driver/x/bsonx/bsoncore/bsoncore.go
index 17aad6d71..e52674aac 100644
--- a/vendor/go.mongodb.org/mongo-driver/x/bsonx/bsoncore/bsoncore.go
+++ b/vendor/go.mongodb.org/mongo-driver/x/bsonx/bsoncore/bsoncore.go
@@ -4,25 +4,6 @@
 // not use this file except in compliance with the License. You may obtain
 // a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
 
-// Package bsoncore contains functions that can be used to encode and decode BSON
-// elements and values to or from a slice of bytes. These functions are aimed at
-// allowing low level manipulation of BSON and can be used to build a higher
-// level BSON library.
-//
-// The Read* functions within this package return the values of the element and
-// a boolean indicating if the values are valid. A boolean was used instead of
-// an error because any error that would be returned would be the same: not
-// enough bytes. This library attempts to do no validation, it will only return
-// false if there are not enough bytes for an item to be read. For example, the
-// ReadDocument function checks the length, if that length is larger than the
-// number of bytes available, it will return false, if there are enough bytes, it
-// will return those bytes and true. It is the consumers responsibility to
-// validate those bytes.
-//
-// The Append* functions within this package will append the type value to the
-// given dst slice. If the slice has enough capacity, it will not grow the
-// slice. The Append*Element functions within this package operate in the same
-// way, but additionally append the BSON type and the key before the value.
 package bsoncore // import "go.mongodb.org/mongo-driver/x/bsonx/bsoncore"
 
 import (
@@ -844,6 +825,9 @@ func readLengthBytes(src []byte) ([]byte, []byte, bool) {
 	if !ok {
 		return nil, src, false
 	}
+	if l < 4 {
+		return nil, src, false
+	}
 	if len(src) < int(l) {
 		return nil, src, false
 	}
diff --git a/vendor/go.mongodb.org/mongo-driver/x/bsonx/bsoncore/doc.go b/vendor/go.mongodb.org/mongo-driver/x/bsonx/bsoncore/doc.go
new file mode 100644
index 000000000..6837b53fc
--- /dev/null
+++ b/vendor/go.mongodb.org/mongo-driver/x/bsonx/bsoncore/doc.go
@@ -0,0 +1,29 @@
+// Copyright (C) MongoDB, Inc. 2022-present.
+//
+// Licensed under the Apache License, Version 2.0 (the "License"); you may
+// not use this file except in compliance with the License. You may obtain
+// a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
+
+// Package bsoncore contains functions that can be used to encode and decode BSON
+// elements and values to or from a slice of bytes. These functions are aimed at
+// allowing low level manipulation of BSON and can be used to build a higher
+// level BSON library.
+//
+// The Read* functions within this package return the values of the element and
+// a boolean indicating if the values are valid. A boolean was used instead of
+// an error because any error that would be returned would be the same: not
+// enough bytes. This library attempts to do no validation, it will only return
+// false if there are not enough bytes for an item to be read. For example, the
+// ReadDocument function checks the length, if that length is larger than the
+// number of bytes available, it will return false, if there are enough bytes, it
+// will return those bytes and true. It is the consumers responsibility to
+// validate those bytes.
+//
+// The Append* functions within this package will append the type value to the
+// given dst slice. If the slice has enough capacity, it will not grow the
+// slice. The Append*Element functions within this package operate in the same
+// way, but additionally append the BSON type and the key before the value.
+//
+// Warning: Package bsoncore is unstable and there is no backward compatibility
+// guarantee. It is experimental and subject to change.
+package bsoncore
diff --git a/vendor/go.mongodb.org/mongo-driver/x/bsonx/bsoncore/document.go b/vendor/go.mongodb.org/mongo-driver/x/bsonx/bsoncore/document.go
index d6e4bb069..3f360f1ae 100644
--- a/vendor/go.mongodb.org/mongo-driver/x/bsonx/bsoncore/document.go
+++ b/vendor/go.mongodb.org/mongo-driver/x/bsonx/bsoncore/document.go
@@ -7,11 +7,11 @@
 package bsoncore
 
 import (
-	"bytes"
 	"errors"
 	"fmt"
 	"io"
 	"strconv"
+	"strings"
 
 	"go.mongodb.org/mongo-driver/bson/bsontype"
 )
@@ -237,7 +237,7 @@ func (d Document) DebugString() string {
 	if len(d) < 5 {
 		return "<malformed>"
 	}
-	var buf bytes.Buffer
+	var buf strings.Builder
 	buf.WriteString("Document")
 	length, rem, _ := ReadLength(d) // We know we have enough bytes to read the length
 	buf.WriteByte('(')
@@ -253,7 +253,7 @@ func (d Document) DebugString() string {
 			buf.WriteString(fmt.Sprintf("<malformed (%d)>", length))
 			break
 		}
-		fmt.Fprintf(&buf, "%s ", elem.DebugString())
+		buf.WriteString(elem.DebugString())
 	}
 	buf.WriteByte('}')
 
@@ -266,7 +266,7 @@ func (d Document) String() string {
 	if len(d) < 5 {
 		return ""
 	}
-	var buf bytes.Buffer
+	var buf strings.Builder
 	buf.WriteByte('{')
 
 	length, rem, _ := ReadLength(d) // We know we have enough bytes to read the length
@@ -285,7 +285,7 @@ func (d Document) String() string {
 		if !ok {
 			return ""
 		}
-		fmt.Fprintf(&buf, "%s", elem.String())
+		buf.WriteString(elem.String())
 		first = false
 	}
 	buf.WriteByte('}')
diff --git a/vendor/go.mongodb.org/mongo-driver/x/bsonx/bsoncore/element.go b/vendor/go.mongodb.org/mongo-driver/x/bsonx/bsoncore/element.go
index 3acb4222b..1fe0897c9 100644
--- a/vendor/go.mongodb.org/mongo-driver/x/bsonx/bsoncore/element.go
+++ b/vendor/go.mongodb.org/mongo-driver/x/bsonx/bsoncore/element.go
@@ -129,7 +129,7 @@ func (e Element) String() string {
 	if !valid {
 		return ""
 	}
-	return fmt.Sprintf(`"%s": %v`, key, val)
+	return "\"" + string(key) + "\": " + val.String()
 }
 
 // DebugString outputs a human readable version of RawElement. It will attempt to stringify the
diff --git a/vendor/go.mongodb.org/mongo-driver/x/bsonx/bsoncore/value.go b/vendor/go.mongodb.org/mongo-driver/x/bsonx/bsoncore/value.go
index 789d2b982..69c1f9edb 100644
--- a/vendor/go.mongodb.org/mongo-driver/x/bsonx/bsoncore/value.go
+++ b/vendor/go.mongodb.org/mongo-driver/x/bsonx/bsoncore/value.go
@@ -59,8 +59,6 @@ func (v Value) IsNumber() bool {
 
 // AsInt32 returns a BSON number as an int32. If the BSON type is not a numeric one, this method
 // will panic.
-//
-// TODO(skriptble): Add support for Decimal128.
 func (v Value) AsInt32() int32 {
 	if !v.IsNumber() {
 		panic(ElementTypeError{"bsoncore.Value.AsInt32", v.Type})
@@ -93,8 +91,6 @@ func (v Value) AsInt32() int32 {
 
 // AsInt32OK functions the same as AsInt32 but returns a boolean instead of panicking. False
 // indicates an error.
-//
-// TODO(skriptble): Add support for Decimal128.
 func (v Value) AsInt32OK() (int32, bool) {
 	if !v.IsNumber() {
 		return 0, false
@@ -127,8 +123,6 @@ func (v Value) AsInt32OK() (int32, bool) {
 
 // AsInt64 returns a BSON number as an int64. If the BSON type is not a numeric one, this method
 // will panic.
-//
-// TODO(skriptble): Add support for Decimal128.
 func (v Value) AsInt64() int64 {
 	if !v.IsNumber() {
 		panic(ElementTypeError{"bsoncore.Value.AsInt64", v.Type})
@@ -162,8 +156,6 @@ func (v Value) AsInt64() int64 {
 
 // AsInt64OK functions the same as AsInt64 but returns a boolean instead of panicking. False
 // indicates an error.
-//
-// TODO(skriptble): Add support for Decimal128.
 func (v Value) AsInt64OK() (int64, bool) {
 	if !v.IsNumber() {
 		return 0, false
@@ -198,21 +190,14 @@ func (v Value) AsInt64OK() (int64, bool) {
 // AsFloat64 returns a BSON number as an float64. If the BSON type is not a numeric one, this method
 // will panic.
 //
-// TODO(skriptble): Add support for Decimal128.
-func (v Value) AsFloat64() float64 { return 0 }
+// TODO(GODRIVER-2751): Implement AsFloat64.
+// func (v Value) AsFloat64() float64
 
 // AsFloat64OK functions the same as AsFloat64 but returns a boolean instead of panicking. False
 // indicates an error.
 //
-// TODO(skriptble): Add support for Decimal128.
-func (v Value) AsFloat64OK() (float64, bool) { return 0, false }
-
-// Add will add this value to another. This is currently only implemented for strings and numbers.
-// If either value is a string, the other type is coerced into a string and added to the other.
-//
-// This method will alter v and will attempt to reuse the []byte of v. If the []byte is too small,
-// it will be expanded.
-func (v *Value) Add(v2 Value) error { return nil }
+// TODO(GODRIVER-2751): Implement AsFloat64OK.
+// func (v Value) AsFloat64OK() (float64, bool)
 
 // Equal compaes v to v2 and returns true if they are equal.
 func (v Value) Equal(v2 Value) bool {
diff --git a/vendor/go.opentelemetry.io/otel/.gitignore b/vendor/go.opentelemetry.io/otel/.gitignore
index aa6993762..f3355c852 100644
--- a/vendor/go.opentelemetry.io/otel/.gitignore
+++ b/vendor/go.opentelemetry.io/otel/.gitignore
@@ -13,6 +13,7 @@ go.work.sum
 
 gen/
 
+/example/dice/dice
 /example/fib/fib
 /example/fib/traces.txt
 /example/jaeger/jaeger
diff --git a/vendor/go.opentelemetry.io/otel/.golangci.yml b/vendor/go.opentelemetry.io/otel/.golangci.yml
index dbb6670b3..6e8eeec00 100644
--- a/vendor/go.opentelemetry.io/otel/.golangci.yml
+++ b/vendor/go.opentelemetry.io/otel/.golangci.yml
@@ -61,28 +61,63 @@ issues:
 
 linters-settings:
   depguard:
-    # Check the list against standard lib.
-    # Default: false
-    include-go-root: true
-    # A list of packages for the list type specified.
-    # Default: []
-    packages:
-      - "crypto/md5"
-      - "crypto/sha1"
-      - "crypto/**/pkix"
-    ignore-file-rules:
-      - "**/*_test.go"
-    additional-guards:
-      # Do not allow testing packages in non-test files.
-      - list-type: denylist
-        include-go-root: true
-        packages:
-          - testing
-          - github.com/stretchr/testify
-        ignore-file-rules:
-          - "**/*_test.go"
-          - "**/*test/*.go"
-          - "**/internal/matchers/*.go"
+    rules:
+      non-tests:
+        files:
+          - "!$test"
+          - "!**/*test/*.go"
+          - "!**/internal/matchers/*.go"
+        deny:
+          - pkg: "testing"
+          - pkg: "github.com/stretchr/testify"
+          - pkg: "crypto/md5"
+          - pkg: "crypto/sha1"
+          - pkg: "crypto/**/pkix"
+      otlp-internal:
+        files:
+          - "!**/exporters/otlp/internal/**/*.go"
+        deny:
+          - pkg: "go.opentelemetry.io/otel/exporters/otlp/internal"
+            desc: Do not use cross-module internal packages.
+      otlptrace-internal:
+        files:
+          - "!**/exporters/otlp/otlptrace/*.go"
+          - "!**/exporters/otlp/otlptrace/internal/**.go"
+        deny:
+          - pkg: "go.opentelemetry.io/otel/exporters/otlp/otlptrace/internal"
+            desc: Do not use cross-module internal packages.
+      otlpmetric-internal:
+        files:
+          - "!**/exporters/otlp/otlpmetric/internal/*.go"
+          - "!**/exporters/otlp/otlpmetric/internal/**/*.go"
+        deny:
+          - pkg: "go.opentelemetry.io/otel/exporters/otlp/otlpmetric/internal"
+            desc: Do not use cross-module internal packages.
+      otel-internal:
+        files:
+          - "**/sdk/*.go"
+          - "**/sdk/**/*.go"
+          - "**/exporters/*.go"
+          - "**/exporters/**/*.go"
+          - "**/schema/*.go"
+          - "**/schema/**/*.go"
+          - "**/metric/*.go"
+          - "**/metric/**/*.go"
+          - "**/bridge/*.go"
+          - "**/bridge/**/*.go"
+          - "**/example/*.go"
+          - "**/example/**/*.go"
+          - "**/trace/*.go"
+          - "**/trace/**/*.go"
+        deny:
+          - pkg: "go.opentelemetry.io/otel/internal$"
+            desc: Do not use cross-module internal packages.
+          - pkg: "go.opentelemetry.io/otel/internal/attribute"
+            desc: Do not use cross-module internal packages.
+          - pkg: "go.opentelemetry.io/otel/internal/internaltest"
+            desc: Do not use cross-module internal packages.
+          - pkg: "go.opentelemetry.io/otel/internal/matchers"
+            desc: Do not use cross-module internal packages.
   godot:
     exclude:
       # Exclude links.
diff --git a/vendor/go.opentelemetry.io/otel/CHANGELOG.md b/vendor/go.opentelemetry.io/otel/CHANGELOG.md
index d9f145f86..3e5c35b5d 100644
--- a/vendor/go.opentelemetry.io/otel/CHANGELOG.md
+++ b/vendor/go.opentelemetry.io/otel/CHANGELOG.md
@@ -8,6 +8,164 @@ This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.htm
 
 ## [Unreleased]
 
+## [1.19.0/0.42.0/0.0.7] 2023-09-28
+
+This release contains the first stable release of the OpenTelemetry Go [metric SDK].
+Our project stability guarantees now apply to the `go.opentelemetry.io/otel/sdk/metric` package.
+See our [versioning policy](VERSIONING.md) for more information about these stability guarantees.
+
+### Added
+
+- Add the "Roll the dice" getting started application example in `go.opentelemetry.io/otel/example/dice`. (#4539)
+- The `WithWriter` and `WithPrettyPrint` options to `go.opentelemetry.io/otel/exporters/stdout/stdoutmetric` to set a custom `io.Writer`, and allow displaying the output in human-readable JSON. (#4507)
+
+### Changed
+
+- Allow '/' characters in metric instrument names. (#4501)
+- The exporter in `go.opentelemetry.io/otel/exporters/stdout/stdoutmetric` does not prettify its output by default anymore. (#4507)
+- Upgrade `gopkg.io/yaml` from `v2` to `v3` in `go.opentelemetry.io/otel/schema`. (#4535)
+
+### Fixed
+
+- In `go.opentelemetry.op/otel/exporters/prometheus`, don't try to create the Prometheus metric on every `Collect` if we know the scope is invalid. (#4499)
+
+### Removed
+
+- Remove `"go.opentelemetry.io/otel/bridge/opencensus".NewMetricExporter`, which is replaced by `NewMetricProducer`. (#4566)
+
+## [1.19.0-rc.1/0.42.0-rc.1] 2023-09-14
+
+This is a release candidate for the v1.19.0/v0.42.0 release.
+That release is expected to include the `v1` release of the OpenTelemetry Go metric SDK and will provide stability guarantees of that SDK.
+See our [versioning policy](VERSIONING.md) for more information about these stability guarantees.
+
+### Changed
+
+- Allow '/' characters in metric instrument names. (#4501)
+
+### Fixed
+
+- In `go.opentelemetry.op/otel/exporters/prometheus`, don't try to create the prometheus metric on every `Collect` if we know the scope is invalid. (#4499)
+
+## [1.18.0/0.41.0/0.0.6] 2023-09-12
+
+This release drops the compatibility guarantee of [Go 1.19].
+
+### Added
+
+- Add `WithProducer` option in `go.opentelemetry.op/otel/exporters/prometheus` to restore the ability to register producers on the prometheus exporter's manual reader. (#4473)
+- Add `IgnoreValue` option in `go.opentelemetry.io/otel/sdk/metric/metricdata/metricdatatest` to allow ignoring values when comparing metrics. (#4447)
+
+### Changed
+
+- Use a `TestingT` interface instead of `*testing.T` struct in `go.opentelemetry.io/otel/sdk/metric/metricdata/metricdatatest`. (#4483)
+
+### Deprecated
+
+- The `NewMetricExporter` in `go.opentelemetry.io/otel/bridge/opencensus` was deprecated in `v0.35.0` (#3541).
+  The deprecation notice format for the function has been corrected to trigger Go documentation and build tooling. (#4470)
+
+### Removed
+
+- Removed the deprecated `go.opentelemetry.io/otel/exporters/jaeger` package. (#4467)
+- Removed the deprecated `go.opentelemetry.io/otel/example/jaeger` package. (#4467)
+- Removed the deprecated `go.opentelemetry.io/otel/sdk/metric/aggregation` package. (#4468)
+- Removed the deprecated internal packages in `go.opentelemetry.io/otel/exporters/otlp` and its sub-packages. (#4469)
+- Dropped guaranteed support for versions of Go less than 1.20. (#4481)
+
+## [1.17.0/0.40.0/0.0.5] 2023-08-28
+
+### Added
+
+- Export the `ManualReader` struct in `go.opentelemetry.io/otel/sdk/metric`. (#4244)
+- Export the `PeriodicReader` struct in `go.opentelemetry.io/otel/sdk/metric`. (#4244)
+- Add support for exponential histogram aggregations.
+  A histogram can be configured as an exponential histogram using a view with `"go.opentelemetry.io/otel/sdk/metric".ExponentialHistogram` as the aggregation. (#4245)
+- Export the `Exporter` struct in `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc`. (#4272)
+- Export the `Exporter` struct in `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp`. (#4272)
+- The exporters in `go.opentelemetry.io/otel/exporters/otlp/otlpmetric` now support the `OTEL_EXPORTER_OTLP_METRICS_TEMPORALITY_PREFERENCE` environment variable. (#4287)
+- Add `WithoutCounterSuffixes` option in `go.opentelemetry.io/otel/exporters/prometheus` to disable addition of `_total` suffixes. (#4306)
+- Add info and debug logging to the metric SDK in `go.opentelemetry.io/otel/sdk/metric`. (#4315)
+- The `go.opentelemetry.io/otel/semconv/v1.21.0` package.
+  The package contains semantic conventions from the `v1.21.0` version of the OpenTelemetry Semantic Conventions. (#4362)
+- Accept 201 to 299 HTTP status as success in `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp` and `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp`. (#4365)
+- Document the `Temporality` and `Aggregation` methods of the `"go.opentelemetry.io/otel/sdk/metric".Exporter"` need to be concurrent safe. (#4381)
+- Expand the set of units supported by the Prometheus exporter, and don't add unit suffixes if they are already present in `go.opentelemetry.op/otel/exporters/prometheus` (#4374)
+- Move the `Aggregation` interface and its implementations from `go.opentelemetry.io/otel/sdk/metric/aggregation` to `go.opentelemetry.io/otel/sdk/metric`. (#4435)
+- The exporters in `go.opentelemetry.io/otel/exporters/otlp/otlpmetric` now support the `OTEL_EXPORTER_OTLP_METRICS_DEFAULT_HISTOGRAM_AGGREGATION` environment variable. (#4437)
+- Add the `NewAllowKeysFilter` and `NewDenyKeysFilter` functions to `go.opentelemetry.io/otel/attribute` to allow convenient creation of allow-keys and deny-keys filters. (#4444)
+- Support Go 1.21. (#4463)
+
+### Changed
+
+- Starting from `v1.21.0` of semantic conventions, `go.opentelemetry.io/otel/semconv/{version}/httpconv` and `go.opentelemetry.io/otel/semconv/{version}/netconv` packages will no longer be published. (#4145)
+- Log duplicate instrument conflict at a warning level instead of info in `go.opentelemetry.io/otel/sdk/metric`. (#4202)
+- Return an error on the creation of new instruments in `go.opentelemetry.io/otel/sdk/metric` if their name doesn't pass regexp validation. (#4210)
+- `NewManualReader` in `go.opentelemetry.io/otel/sdk/metric` returns `*ManualReader` instead of `Reader`. (#4244)
+- `NewPeriodicReader` in `go.opentelemetry.io/otel/sdk/metric` returns `*PeriodicReader` instead of `Reader`. (#4244)
+- Count the Collect time in the `PeriodicReader` timeout in `go.opentelemetry.io/otel/sdk/metric`. (#4221)
+- The function `New` in `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc` returns `*Exporter` instead of `"go.opentelemetry.io/otel/sdk/metric".Exporter`. (#4272)
+- The function `New` in `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp` returns `*Exporter` instead of `"go.opentelemetry.io/otel/sdk/metric".Exporter`. (#4272)
+- If an attribute set is omitted from an async callback, the previous value will no longer be exported in `go.opentelemetry.io/otel/sdk/metric`. (#4290)
+- If an attribute set is observed multiple times in an async callback in `go.opentelemetry.io/otel/sdk/metric`, the values will be summed instead of the last observation winning. (#4289)
+- Allow the explicit bucket histogram aggregation to be used for the up-down counter, observable counter, observable up-down counter, and observable gauge in the `go.opentelemetry.io/otel/sdk/metric` package. (#4332)
+- Restrict `Meter`s in `go.opentelemetry.io/otel/sdk/metric` to only register and collect instruments it created. (#4333)
+- `PeriodicReader.Shutdown` and `PeriodicReader.ForceFlush` in `go.opentelemetry.io/otel/sdk/metric` now apply the periodic reader's timeout to the operation if the user provided context does not contain a deadline. (#4356, #4377)
+- Upgrade all use of `go.opentelemetry.io/otel/semconv` to use `v1.21.0`. (#4408)
+- Increase instrument name maximum length from 63 to 255 characters in `go.opentelemetry.io/otel/sdk/metric`. (#4434)
+- Add `go.opentelemetry.op/otel/sdk/metric.WithProducer` as an `Option` for `"go.opentelemetry.io/otel/sdk/metric".NewManualReader` and `"go.opentelemetry.io/otel/sdk/metric".NewPeriodicReader`. (#4346)
+
+### Removed
+
+- Remove `Reader.RegisterProducer` in `go.opentelemetry.io/otel/metric`.
+  Use the added `WithProducer` option instead. (#4346)
+- Remove `Reader.ForceFlush` in `go.opentelemetry.io/otel/metric`.
+  Notice that `PeriodicReader.ForceFlush` is still available. (#4375)
+
+### Fixed
+
+- Correctly format log messages from the `go.opentelemetry.io/otel/exporters/zipkin` exporter. (#4143)
+- Log an error for calls to `NewView` in `go.opentelemetry.io/otel/sdk/metric` that have empty criteria. (#4307)
+- Fix `"go.opentelemetry.io/otel/sdk/resource".WithHostID()` to not set an empty `host.id`. (#4317)
+- Use the instrument identifying fields to cache aggregators and determine duplicate instrument registrations in `go.opentelemetry.io/otel/sdk/metric`. (#4337)
+- Detect duplicate instruments for case-insensitive names in `go.opentelemetry.io/otel/sdk/metric`. (#4338)
+- The `ManualReader` will not panic if `AggregationSelector` returns `nil` in `go.opentelemetry.io/otel/sdk/metric`. (#4350)
+- If a `Reader`'s `AggregationSelector` returns `nil` or `DefaultAggregation` the pipeline will use the default aggregation. (#4350)
+- Log a suggested view that fixes instrument conflicts in `go.opentelemetry.io/otel/sdk/metric`. (#4349)
+- Fix possible panic, deadlock and race condition in batch span processor in `go.opentelemetry.io/otel/sdk/trace`. (#4353)
+- Improve context cancellation handling in batch span processor's `ForceFlush` in  `go.opentelemetry.io/otel/sdk/trace`. (#4369)
+- Decouple `go.opentelemetry.io/otel/exporters/otlp/otlptrace/internal` from `go.opentelemetry.io/otel/exporters/otlp/internal` using gotmpl. (#4397, #3846)
+- Decouple `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc/internal` from `go.opentelemetry.io/otel/exporters/otlp/internal` and `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/internal` using gotmpl. (#4404, #3846)
+- Decouple `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp/internal` from `go.opentelemetry.io/otel/exporters/otlp/internal` and `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/internal` using gotmpl. (#4407, #3846)
+- Decouple `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/internal` from `go.opentelemetry.io/otel/exporters/otlp/internal` and `go.opentelemetry.io/otel/exporters/otlp/otlptrace/internal` using gotmpl. (#4400, #3846)
+- Decouple `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp/internal` from `go.opentelemetry.io/otel/exporters/otlp/internal` and `go.opentelemetry.io/otel/exporters/otlp/otlptrace/internal` using gotmpl. (#4401, #3846)
+- Do not block the metric SDK when OTLP metric exports are blocked in `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc` and `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp`. (#3925, #4395)
+- Do not append `_total` if the counter already has that suffix for the Prometheus exproter in `go.opentelemetry.io/otel/exporter/prometheus`. (#4373)
+- Fix resource detection data race in `go.opentelemetry.io/otel/sdk/resource`. (#4409)
+- Use the first-seen instrument name during instrument name conflicts in `go.opentelemetry.io/otel/sdk/metric`. (#4428)
+
+### Deprecated
+
+- The `go.opentelemetry.io/otel/exporters/jaeger` package is deprecated.
+  OpenTelemetry dropped support for Jaeger exporter in July 2023.
+  Use `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp`
+  or `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc` instead. (#4423)
+- The `go.opentelemetry.io/otel/example/jaeger` package is deprecated. (#4423)
+- The `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/internal` package is deprecated. (#4420)
+- The `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/internal/oconf` package is deprecated. (#4420)
+- The `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/internal/otest` package is deprecated. (#4420)
+- The `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/internal/transform` package is deprecated. (#4420)
+- The `go.opentelemetry.io/otel/exporters/otlp/internal` package is deprecated. (#4421)
+- The `go.opentelemetry.io/otel/exporters/otlp/internal/envconfig` package is deprecated. (#4421)
+- The `go.opentelemetry.io/otel/exporters/otlp/internal/retry` package is deprecated. (#4421)
+- The `go.opentelemetry.io/otel/exporters/otlp/otlptrace/internal` package is deprecated. (#4425)
+- The `go.opentelemetry.io/otel/exporters/otlp/otlptrace/internal/envconfig` package is deprecated. (#4425)
+- The `go.opentelemetry.io/otel/exporters/otlp/otlptrace/internal/otlpconfig` package is deprecated. (#4425)
+- The `go.opentelemetry.io/otel/exporters/otlp/otlptrace/internal/otlptracetest` package is deprecated. (#4425)
+- The `go.opentelemetry.io/otel/exporters/otlp/otlptrace/internal/retry` package is deprecated. (#4425)
+- The `go.opentelemetry.io/otel/sdk/metric/aggregation` package is deprecated.
+  Use the aggregation types added to `go.opentelemetry.io/otel/sdk/metric` instead. (#4435)
+
 ## [1.16.0/0.39.0] 2023-05-18
 
 This release contains the first stable release of the OpenTelemetry Go [metric API].
@@ -20,10 +178,14 @@ See our [versioning policy](VERSIONING.md) for more information about these stab
   The package contains semantic conventions from the `v1.19.0` version of the OpenTelemetry specification. (#3848)
 - The `go.opentelemetry.io/otel/semconv/v1.20.0` package.
   The package contains semantic conventions from the `v1.20.0` version of the OpenTelemetry specification. (#4078)
+- The Exponential Histogram data types in `go.opentelemetry.io/otel/sdk/metric/metricdata`. (#4165)
+- OTLP metrics exporter now supports the Exponential Histogram Data Type. (#4222)
+- Fix serialization of `time.Time` zero values in `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc` and `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp` packages. (#4271)
 
 ### Changed
 
 - Use `strings.Cut()` instead of `string.SplitN()` for better readability and memory use. (#4049)
+- `MeterProvider` returns noop meters once it has been shutdown. (#4154)
 
 ### Removed
 
@@ -188,6 +350,8 @@ This release drops the compatibility guarantee of [Go 1.18].
 
 - Handle empty environment variable as it they were not set. (#3764)
 - Clarify the `httpconv` and `netconv` packages in `go.opentelemetry.io/otel/semconv/*` provide tracing semantic conventions. (#3823)
+- Fix race conditions in `go.opentelemetry.io/otel/exporters/metric/prometheus` that could cause a panic. (#3899)
+- Fix sending nil `scopeInfo` to metrics channel in `go.opentelemetry.io/otel/exporters/metric/prometheus` that could cause a panic in `github.com/prometheus/client_golang/prometheus`. (#3899)
 
 ### Deprecated
 
@@ -2492,7 +2656,11 @@ It contains api and sdk for trace and meter.
 - CircleCI build CI manifest files.
 - CODEOWNERS file to track owners of this project.
 
-[Unreleased]: https://github.com/open-telemetry/opentelemetry-go/compare/v1.16.0...HEAD
+[Unreleased]: https://github.com/open-telemetry/opentelemetry-go/compare/v1.19.0...HEAD
+[1.19.0/0.42.0/0.0.7]: https://github.com/open-telemetry/opentelemetry-go/releases/tag/v1.19.0
+[1.19.0-rc.1/0.42.0-rc.1]: https://github.com/open-telemetry/opentelemetry-go/releases/tag/v1.19.0-rc.1
+[1.18.0/0.41.0/0.0.6]: https://github.com/open-telemetry/opentelemetry-go/releases/tag/v1.18.0
+[1.17.0/0.40.0/0.0.5]: https://github.com/open-telemetry/opentelemetry-go/releases/tag/v1.17.0
 [1.16.0/0.39.0]: https://github.com/open-telemetry/opentelemetry-go/releases/tag/v1.16.0
 [1.16.0-rc.1/0.39.0-rc.1]: https://github.com/open-telemetry/opentelemetry-go/releases/tag/v1.16.0-rc.1
 [1.15.1/0.38.1]: https://github.com/open-telemetry/opentelemetry-go/releases/tag/v1.15.1
@@ -2563,5 +2731,7 @@ It contains api and sdk for trace and meter.
 [Go 1.20]: https://go.dev/doc/go1.20
 [Go 1.19]: https://go.dev/doc/go1.19
 [Go 1.18]: https://go.dev/doc/go1.18
+[Go 1.19]: https://go.dev/doc/go1.19
 
 [metric API]:https://pkg.go.dev/go.opentelemetry.io/otel/metric
+[metric SDK]:https://pkg.go.dev/go.opentelemetry.io/otel/sdk/metric
diff --git a/vendor/go.opentelemetry.io/otel/CODEOWNERS b/vendor/go.opentelemetry.io/otel/CODEOWNERS
index f6f6a313b..623740007 100644
--- a/vendor/go.opentelemetry.io/otel/CODEOWNERS
+++ b/vendor/go.opentelemetry.io/otel/CODEOWNERS
@@ -14,4 +14,4 @@
 
 * @MrAlias @Aneurysm9 @evantorrie @XSAM @dashpole @MadVikingGod @pellared @hanyuancheung @dmathieu
 
-CODEOWNERS @MrAlias @Aneurysm9 @MadVikingGod
+CODEOWNERS @MrAlias @MadVikingGod @pellared
\ No newline at end of file
diff --git a/vendor/go.opentelemetry.io/otel/CONTRIBUTING.md b/vendor/go.opentelemetry.io/otel/CONTRIBUTING.md
index b2df5de34..a00dbca7b 100644
--- a/vendor/go.opentelemetry.io/otel/CONTRIBUTING.md
+++ b/vendor/go.opentelemetry.io/otel/CONTRIBUTING.md
@@ -179,23 +179,23 @@ For a deeper discussion, see
 
 ## Documentation
 
-Each non-example Go Module should have its own `README.md` containing:
+Each (non-internal, non-test) package must be documented using
+[Go Doc Comments](https://go.dev/doc/comment),
+preferably in a `doc.go` file.
 
-- A pkg.go.dev badge which can be generated [here](https://pkg.go.dev/badge/).
-- Brief description.
-- Installation instructions (and requirements if applicable).
-- Hyperlink to an example. Depending on the component the example can be:
-  - An `example_test.go` like [here](exporters/stdout/stdouttrace/example_test.go).
-  - A sample Go application with its own `README.md`, like [here](example/zipkin).
-- Additional documentation sections such us:
-  - Configuration,
-  - Contributing,
-  - References.
+Prefer using [Examples](https://pkg.go.dev/testing#hdr-Examples)
+instead of putting code snippets in Go doc comments.
+In some cases, you can even create [Testable Examples](https://go.dev/blog/examples).
 
-[Here](exporters/jaeger/README.md) is an example of a concise `README.md`.
+You can install and run a "local Go Doc site" in the following way:
 
-Moreover, it should be possible to navigate to any `README.md` from the
-root `README.md`.
+  ```sh
+  go install golang.org/x/pkgsite/cmd/pkgsite@latest
+  pkgsite
+  ```
+
+[`go.opentelemetry.io/otel/metric`](https://pkg.go.dev/go.opentelemetry.io/otel/metric)
+is an example of a very well-documented package.
 
 ## Style Guide
 
@@ -475,8 +475,33 @@ documentation are allowed to be extended with additional methods.
 
 > Warning: methods may be added to this interface in minor releases.
 
+These interfaces are defined by the OpenTelemetry specification and will be
+updated as the specification evolves.
+
 Otherwise, stable interfaces MUST NOT be modified.
 
+#### How to Change Specification Interfaces
+
+When an API change must be made, we will update the SDK with the new method one
+release before the API change. This will allow the SDK one version before the
+API change to work seamlessly with the new API.
+
+If an incompatible version of the SDK is used with the new API the application
+will fail to compile.
+
+#### How Not to Change Specification Interfaces
+
+We have explored using a v2 of the API to change interfaces and found that there
+was no way to introduce a v2 and have it work seamlessly with the v1 of the API.
+Problems happened with libraries that upgraded to v2 when an application did not,
+and would not produce any telemetry.
+
+More detail of the approaches considered and their limitations can be found in
+the [Use a V2 API to evolve interfaces](https://github.com/open-telemetry/opentelemetry-go/issues/3920)
+issue.
+
+#### How to Change Other Interfaces
+
 If new functionality is needed for an interface that cannot be changed it MUST
 be added by including an additional interface. That added interface can be a
 simple interface for the specific functionality that you want to add or it can
@@ -531,6 +556,37 @@ functionality should be added, each one will need their own super-set
 interfaces and will duplicate the pattern. For this reason, the simple targeted
 interface that defines the specific functionality should be preferred.
 
+### Testing
+
+The tests should never leak goroutines.
+
+Use the term `ConcurrentSafe` in the test name when it aims to verify the
+absence of race conditions.
+
+### Internal packages
+
+The use of internal packages should be scoped to a single module. A sub-module
+should never import from a parent internal package. This creates a coupling
+between the two modules where a user can upgrade the parent without the child
+and if the internal package API has changed it will fail to upgrade[^3].
+
+There are two known exceptions to this rule:
+
+- `go.opentelemetry.io/otel/internal/global`
+  - This package manages global state for all of opentelemetry-go. It needs to
+  be a single package in order to ensure the uniqueness of the global state.
+- `go.opentelemetry.io/otel/internal/baggage`
+  - This package provides values in a `context.Context` that need to be
+  recognized by `go.opentelemetry.io/otel/baggage` and
+  `go.opentelemetry.io/otel/bridge/opentracing` but remain private.
+
+If you have duplicate code in multiple modules, make that code into a Go
+template stored in `go.opentelemetry.io/otel/internal/shared` and use [gotmpl]
+to render the templates in the desired locations. See [#4404] for an example of
+this.
+
+[^3]: https://github.com/open-telemetry/opentelemetry-go/issues/3548
+
 ## Approvers and Maintainers
 
 ### Approvers
@@ -538,14 +594,14 @@ interface that defines the specific functionality should be preferred.
 - [Evan Torrie](https://github.com/evantorrie), Verizon Media
 - [Sam Xie](https://github.com/XSAM), Cisco/AppDynamics
 - [David Ashpole](https://github.com/dashpole), Google
-- [Robert Pająk](https://github.com/pellared), Splunk
 - [Chester Cheung](https://github.com/hanyuancheung), Tencent
 - [Damien Mathieu](https://github.com/dmathieu), Elastic
+- [Anthony Mirabella](https://github.com/Aneurysm9), AWS
 
 ### Maintainers
 
 - [Aaron Clawson](https://github.com/MadVikingGod), LightStep
-- [Anthony Mirabella](https://github.com/Aneurysm9), AWS
+- [Robert Pająk](https://github.com/pellared), Splunk
 - [Tyler Yahn](https://github.com/MrAlias), Splunk
 
 ### Emeritus
@@ -560,3 +616,5 @@ repo](https://github.com/open-telemetry/community/blob/main/community-membership
 
 [Approver]: #approvers
 [Maintainer]: #maintainers
+[gotmpl]: https://pkg.go.dev/go.opentelemetry.io/build-tools/gotmpl
+[#4404]: https://github.com/open-telemetry/opentelemetry-go/pull/4404
diff --git a/vendor/go.opentelemetry.io/otel/Makefile b/vendor/go.opentelemetry.io/otel/Makefile
index 26e4bed22..5c311706b 100644
--- a/vendor/go.opentelemetry.io/otel/Makefile
+++ b/vendor/go.opentelemetry.io/otel/Makefile
@@ -25,7 +25,7 @@ TIMEOUT = 60
 .DEFAULT_GOAL := precommit
 
 .PHONY: precommit ci
-precommit: generate dependabot-generate license-check vanity-import-fix misspell go-mod-tidy golangci-lint-fix test-default
+precommit: generate dependabot-generate license-check misspell go-mod-tidy golangci-lint-fix test-default
 ci: generate dependabot-check license-check lint vanity-import-check build test-default check-clean-work-tree test-coverage
 
 # Tools
@@ -71,8 +71,14 @@ $(TOOLS)/porto: PACKAGE=github.com/jcchavezs/porto/cmd/porto
 GOJQ = $(TOOLS)/gojq
 $(TOOLS)/gojq: PACKAGE=github.com/itchyny/gojq/cmd/gojq
 
+GOTMPL = $(TOOLS)/gotmpl
+$(GOTMPL): PACKAGE=go.opentelemetry.io/build-tools/gotmpl
+
+GORELEASE = $(TOOLS)/gorelease
+$(GORELEASE): PACKAGE=golang.org/x/exp/cmd/gorelease
+
 .PHONY: tools
-tools: $(CROSSLINK) $(DBOTCONF) $(GOLANGCI_LINT) $(MISSPELL) $(GOCOVMERGE) $(STRINGER) $(PORTO) $(GOJQ) $(SEMCONVGEN) $(MULTIMOD) $(SEMCONVKIT)
+tools: $(CROSSLINK) $(DBOTCONF) $(GOLANGCI_LINT) $(MISSPELL) $(GOCOVMERGE) $(STRINGER) $(PORTO) $(GOJQ) $(SEMCONVGEN) $(MULTIMOD) $(SEMCONVKIT) $(GOTMPL) $(GORELEASE)
 
 # Virtualized python tools via docker
 
@@ -110,13 +116,24 @@ $(CODESPELL): PACKAGE=codespell
 # Generate
 
 .PHONY: generate
+generate: go-generate vanity-import-fix
 
-generate: $(OTEL_GO_MOD_DIRS:%=generate/%)
-generate/%: DIR=$*
-generate/%: | $(STRINGER) $(PORTO)
+.PHONY: go-generate
+go-generate: $(OTEL_GO_MOD_DIRS:%=go-generate/%)
+go-generate/%: DIR=$*
+go-generate/%: | $(STRINGER) $(GOTMPL)
 	@echo "$(GO) generate $(DIR)/..." \
 		&& cd $(DIR) \
-		&& PATH="$(TOOLS):$${PATH}" $(GO) generate ./... && $(PORTO) -w .
+		&& PATH="$(TOOLS):$${PATH}" $(GO) generate ./...
+
+.PHONY: vanity-import-fix
+vanity-import-fix: | $(PORTO)
+	@$(PORTO) --include-internal -w .
+
+# Generate go.work file for local development.
+.PHONY: go-work
+go-work: | $(CROSSLINK)
+	$(CROSSLINK) work --root=$(shell pwd)
 
 # Build
 
@@ -193,7 +210,7 @@ go-mod-tidy/%: DIR=$*
 go-mod-tidy/%: | crosslink
 	@echo "$(GO) mod tidy in $(DIR)" \
 		&& cd $(DIR) \
-		&& $(GO) mod tidy -compat=1.19
+		&& $(GO) mod tidy -compat=1.20
 
 .PHONY: lint-modules
 lint-modules: go-mod-tidy
@@ -203,11 +220,7 @@ lint: misspell lint-modules golangci-lint
 
 .PHONY: vanity-import-check
 vanity-import-check: | $(PORTO)
-	@$(PORTO) --include-internal -l . || echo "(run: make vanity-import-fix)"
-
-.PHONY: vanity-import-fix
-vanity-import-fix: | $(PORTO)
-	@$(PORTO) --include-internal -w .
+	@$(PORTO) --include-internal -l . || ( echo "(run: make vanity-import-fix)"; exit 1 )
 
 .PHONY: misspell
 misspell: | $(MISSPELL)
@@ -220,7 +233,7 @@ codespell: | $(CODESPELL)
 .PHONY: license-check
 license-check:
 	@licRes=$$(for f in $$(find . -type f \( -iname '*.go' -o -iname '*.sh' \) ! -path '**/third_party/*' ! -path './.git/*' ) ; do \
-	           awk '/Copyright The OpenTelemetry Authors|generated|GENERATED/ && NR<=3 { found=1; next } END { if (!found) print FILENAME }' $$f; \
+	           awk '/Copyright The OpenTelemetry Authors|generated|GENERATED/ && NR<=4 { found=1; next } END { if (!found) print FILENAME }' $$f; \
 	   done); \
 	   if [ -n "$${licRes}" ]; then \
 	           echo "license header checking failed:"; echo "$${licRes}"; \
@@ -230,7 +243,7 @@ license-check:
 DEPENDABOT_CONFIG = .github/dependabot.yml
 .PHONY: dependabot-check
 dependabot-check: | $(DBOTCONF)
-	@$(DBOTCONF) verify $(DEPENDABOT_CONFIG) || echo "(run: make dependabot-generate)"
+	@$(DBOTCONF) verify $(DEPENDABOT_CONFIG) || ( echo "(run: make dependabot-generate)"; exit 1 )
 
 .PHONY: dependabot-generate
 dependabot-generate: | $(DBOTCONF)
@@ -249,14 +262,23 @@ check-clean-work-tree:
 SEMCONVPKG ?= "semconv/"
 .PHONY: semconv-generate
 semconv-generate: | $(SEMCONVGEN) $(SEMCONVKIT)
-	[ "$(TAG)" ] || ( echo "TAG unset: missing opentelemetry specification tag"; exit 1 )
-	[ "$(OTEL_SPEC_REPO)" ] || ( echo "OTEL_SPEC_REPO unset: missing path to opentelemetry specification repo"; exit 1 )
-	$(SEMCONVGEN) -i "$(OTEL_SPEC_REPO)/semantic_conventions/." --only=span -p conventionType=trace -f trace.go -t "$(SEMCONVPKG)/template.j2" -s "$(TAG)"
-	$(SEMCONVGEN) -i "$(OTEL_SPEC_REPO)/semantic_conventions/." --only=attribute_group -p conventionType=trace -f attribute_group.go -t "$(SEMCONVPKG)/template.j2" -s "$(TAG)"
-	$(SEMCONVGEN) -i "$(OTEL_SPEC_REPO)/semantic_conventions/." --only=event -p conventionType=event -f event.go -t "$(SEMCONVPKG)/template.j2" -s "$(TAG)"
-	$(SEMCONVGEN) -i "$(OTEL_SPEC_REPO)/semantic_conventions/." --only=resource -p conventionType=resource -f resource.go -t "$(SEMCONVPKG)/template.j2" -s "$(TAG)"
+	[ "$(TAG)" ] || ( echo "TAG unset: missing opentelemetry semantic-conventions tag"; exit 1 )
+	[ "$(OTEL_SEMCONV_REPO)" ] || ( echo "OTEL_SEMCONV_REPO unset: missing path to opentelemetry semantic-conventions repo"; exit 1 )
+	$(SEMCONVGEN) -i "$(OTEL_SEMCONV_REPO)/model/." --only=span -p conventionType=trace -f trace.go -t "$(SEMCONVPKG)/template.j2" -s "$(TAG)"
+	$(SEMCONVGEN) -i "$(OTEL_SEMCONV_REPO)/model/." --only=attribute_group -p conventionType=trace -f attribute_group.go -t "$(SEMCONVPKG)/template.j2" -s "$(TAG)"
+	$(SEMCONVGEN) -i "$(OTEL_SEMCONV_REPO)/model/." --only=event -p conventionType=event -f event.go -t "$(SEMCONVPKG)/template.j2" -s "$(TAG)"
+	$(SEMCONVGEN) -i "$(OTEL_SEMCONV_REPO)/model/." --only=resource -p conventionType=resource -f resource.go -t "$(SEMCONVPKG)/template.j2" -s "$(TAG)"
 	$(SEMCONVKIT) -output "$(SEMCONVPKG)/$(TAG)" -tag "$(TAG)"
 
+.PHONY: gorelease
+gorelease: $(OTEL_GO_MOD_DIRS:%=gorelease/%)
+gorelease/%: DIR=$*
+gorelease/%:| $(GORELEASE)
+	@echo "gorelease in $(DIR):" \
+		&& cd $(DIR) \
+		&& $(GORELEASE) \
+		|| echo ""
+
 .PHONY: prerelease
 prerelease: | $(MULTIMOD)
 	@[ "${MODSET}" ] || ( echo ">> env var MODSET is not set"; exit 1 )
diff --git a/vendor/go.opentelemetry.io/otel/README.md b/vendor/go.opentelemetry.io/otel/README.md
index e138a8a07..634326ef8 100644
--- a/vendor/go.opentelemetry.io/otel/README.md
+++ b/vendor/go.opentelemetry.io/otel/README.md
@@ -11,22 +11,25 @@ It provides a set of APIs to directly measure performance and behavior of your s
 
 ## Project Status
 
-| Signal  | Status     | Project |
-| ------- | ---------- | ------- |
-| Traces  | Stable     | N/A     |
-| Metrics | Beta       | N/A     |
-| Logs    | Frozen [1] | N/A     |
+| Signal  | Status     | Project               |
+|---------|------------|-----------------------|
+| Traces  | Stable     | N/A                   |
+| Metrics | Mixed [1]  | [Go: Metric SDK (GA)] |
+| Logs    | Frozen [2] | N/A                   |
 
-- [1]: The Logs signal development is halted for this project while we develop both Traces and Metrics.
+[Go: Metric SDK (GA)]: https://github.com/orgs/open-telemetry/projects/34
+
+- [1]: [Metrics API](https://pkg.go.dev/go.opentelemetry.io/otel/metric) is Stable. [Metrics SDK](https://pkg.go.dev/go.opentelemetry.io/otel/sdk/metric) is Beta.
+- [2]: The Logs signal development is halted for this project while we stabilize the Metrics SDK.
    No Logs Pull Requests are currently being accepted.
 
-Progress and status specific to this repository is tracked in our local
+Progress and status specific to this repository is tracked in our
 [project boards](https://github.com/open-telemetry/opentelemetry-go/projects)
 and
 [milestones](https://github.com/open-telemetry/opentelemetry-go/milestones).
 
 Project versioning information and stability guarantees can be found in the
-[versioning documentation](./VERSIONING.md).
+[versioning documentation](VERSIONING.md).
 
 ### Compatibility
 
@@ -49,17 +52,17 @@ stop ensuring compatibility with these versions in the following manner:
 Currently, this project supports the following environments.
 
 | OS      | Go Version | Architecture |
-| ------- | ---------- | ------------ |
+|---------|------------|--------------|
+| Ubuntu  | 1.21       | amd64        |
 | Ubuntu  | 1.20       | amd64        |
-| Ubuntu  | 1.19       | amd64        |
+| Ubuntu  | 1.21       | 386          |
 | Ubuntu  | 1.20       | 386          |
-| Ubuntu  | 1.19       | 386          |
+| MacOS   | 1.21       | amd64        |
 | MacOS   | 1.20       | amd64        |
-| MacOS   | 1.19       | amd64        |
+| Windows | 1.21       | amd64        |
 | Windows | 1.20       | amd64        |
-| Windows | 1.19       | amd64        |
+| Windows | 1.21       | 386          |
 | Windows | 1.20       | 386          |
-| Windows | 1.19       | 386          |
 
 While this project should work for other systems, no compatibility guarantees
 are made for those systems currently.
@@ -97,12 +100,11 @@ export pipeline to send that telemetry to an observability platform.
 All officially supported exporters for the OpenTelemetry project are contained in the [exporters directory](./exporters).
 
 | Exporter                              | Metrics | Traces |
-| :-----------------------------------: | :-----: | :----: |
-| [Jaeger](./exporters/jaeger/)         |         | ✓      |
-| [OTLP](./exporters/otlp/)             | ✓       | ✓      |
-| [Prometheus](./exporters/prometheus/) | ✓       |        |
-| [stdout](./exporters/stdout/)         | ✓       | ✓      |
-| [Zipkin](./exporters/zipkin/)         |         | ✓      |
+|---------------------------------------|:-------:|:------:|
+| [OTLP](./exporters/otlp/)             |    ✓    |   ✓    |
+| [Prometheus](./exporters/prometheus/) |    ✓    |        |
+| [stdout](./exporters/stdout/)         |    ✓    |   ✓    |
+| [Zipkin](./exporters/zipkin/)         |         |   ✓    |
 
 ## Contributing
 
diff --git a/vendor/go.opentelemetry.io/otel/RELEASING.md b/vendor/go.opentelemetry.io/otel/RELEASING.md
index 5e6daf6c4..82ce3ee46 100644
--- a/vendor/go.opentelemetry.io/otel/RELEASING.md
+++ b/vendor/go.opentelemetry.io/otel/RELEASING.md
@@ -2,27 +2,30 @@
 
 ## Semantic Convention Generation
 
-New versions of the [OpenTelemetry Specification] mean new versions of the `semconv` package need to be generated.
+New versions of the [OpenTelemetry Semantic Conventions] mean new versions of the `semconv` package need to be generated.
 The `semconv-generate` make target is used for this.
 
-1. Checkout a local copy of the [OpenTelemetry Specification] to the desired release tag.
+1. Checkout a local copy of the [OpenTelemetry Semantic Conventions] to the desired release tag.
 2. Pull the latest `otel/semconvgen` image: `docker pull otel/semconvgen:latest`
 3. Run the `make semconv-generate ...` target from this repository.
 
 For example,
 
 ```sh
-export TAG="v1.13.0" # Change to the release version you are generating.
-export OTEL_SPEC_REPO="/absolute/path/to/opentelemetry-specification"
+export TAG="v1.21.0" # Change to the release version you are generating.
+export OTEL_SEMCONV_REPO="/absolute/path/to/opentelemetry/semantic-conventions"
 docker pull otel/semconvgen:latest
-make semconv-generate # Uses the exported TAG and OTEL_SPEC_REPO.
+make semconv-generate # Uses the exported TAG and OTEL_SEMCONV_REPO.
 ```
 
 This should create a new sub-package of [`semconv`](./semconv).
 Ensure things look correct before submitting a pull request to include the addition.
 
-**Note**, the generation code was changed to generate versions >= 1.13.
-To generate versions prior to this, checkout the old release of this repository (i.e. [2fe8861](https://github.com/open-telemetry/opentelemetry-go/commit/2fe8861a24e20088c065b116089862caf9e3cd8b)).
+## Breaking changes validation
+
+You can run `make gorelease` that runs [gorelease](https://pkg.go.dev/golang.org/x/exp/cmd/gorelease) to ensure that there are no unwanted changes done in the public API.
+
+You can check/report problems with `gorelease` [here](https://golang.org/issues/26420).
 
 ## Pre-Release
 
@@ -120,7 +123,17 @@ Once verified be sure to [make a release for the `contrib` repository](https://g
 
 ### Website Documentation
 
-Update [the documentation](./website_docs) for [the OpenTelemetry website](https://opentelemetry.io/docs/go/).
+Update the [Go instrumentation documentation] in the OpenTelemetry website under [content/en/docs/instrumentation/go].
 Importantly, bump any package versions referenced to be the latest one you just released and ensure all code examples still compile and are accurate.
 
-[OpenTelemetry Specification]: https://github.com/open-telemetry/opentelemetry-specification
+[OpenTelemetry Semantic Conventions]: https://github.com/open-telemetry/semantic-conventions
+[Go instrumentation documentation]: https://opentelemetry.io/docs/instrumentation/go/
+[content/en/docs/instrumentation/go]: https://github.com/open-telemetry/opentelemetry.io/tree/main/content/en/docs/instrumentation/go
+
+### Demo Repository
+
+Bump the dependencies in the following Go services:
+
+- [`accountingservice`](https://github.com/open-telemetry/opentelemetry-demo/tree/main/src/accountingservice)
+- [`checkoutservice`](https://github.com/open-telemetry/opentelemetry-demo/tree/main/src/checkoutservice)
+- [`productcatalogservice`](https://github.com/open-telemetry/opentelemetry-demo/tree/main/src/productcatalogservice)
diff --git a/vendor/go.opentelemetry.io/otel/attribute/filter.go b/vendor/go.opentelemetry.io/otel/attribute/filter.go
new file mode 100644
index 000000000..638c213d5
--- /dev/null
+++ b/vendor/go.opentelemetry.io/otel/attribute/filter.go
@@ -0,0 +1,60 @@
+// Copyright The OpenTelemetry Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package attribute // import "go.opentelemetry.io/otel/attribute"
+
+// Filter supports removing certain attributes from attribute sets. When
+// the filter returns true, the attribute will be kept in the filtered
+// attribute set. When the filter returns false, the attribute is excluded
+// from the filtered attribute set, and the attribute instead appears in
+// the removed list of excluded attributes.
+type Filter func(KeyValue) bool
+
+// NewAllowKeysFilter returns a Filter that only allows attributes with one of
+// the provided keys.
+//
+// If keys is empty a deny-all filter is returned.
+func NewAllowKeysFilter(keys ...Key) Filter {
+	if len(keys) <= 0 {
+		return func(kv KeyValue) bool { return false }
+	}
+
+	allowed := make(map[Key]struct{})
+	for _, k := range keys {
+		allowed[k] = struct{}{}
+	}
+	return func(kv KeyValue) bool {
+		_, ok := allowed[kv.Key]
+		return ok
+	}
+}
+
+// NewDenyKeysFilter returns a Filter that only allows attributes
+// that do not have one of the provided keys.
+//
+// If keys is empty an allow-all filter is returned.
+func NewDenyKeysFilter(keys ...Key) Filter {
+	if len(keys) <= 0 {
+		return func(kv KeyValue) bool { return true }
+	}
+
+	forbid := make(map[Key]struct{})
+	for _, k := range keys {
+		forbid[k] = struct{}{}
+	}
+	return func(kv KeyValue) bool {
+		_, ok := forbid[kv.Key]
+		return !ok
+	}
+}
diff --git a/vendor/go.opentelemetry.io/otel/attribute/set.go b/vendor/go.opentelemetry.io/otel/attribute/set.go
index b976367e4..9f9303d4f 100644
--- a/vendor/go.opentelemetry.io/otel/attribute/set.go
+++ b/vendor/go.opentelemetry.io/otel/attribute/set.go
@@ -39,13 +39,6 @@ type (
 		iface interface{}
 	}
 
-	// Filter supports removing certain attributes from attribute sets. When
-	// the filter returns true, the attribute will be kept in the filtered
-	// attribute set. When the filter returns false, the attribute is excluded
-	// from the filtered attribute set, and the attribute instead appears in
-	// the removed list of excluded attributes.
-	Filter func(KeyValue) bool
-
 	// Sortable implements sort.Interface, used for sorting KeyValue. This is
 	// an exported type to support a memory optimization. A pointer to one of
 	// these is needed for the call to sort.Stable(), which the caller may
diff --git a/vendor/go.opentelemetry.io/otel/baggage/baggage.go b/vendor/go.opentelemetry.io/otel/baggage/baggage.go
index 46e523a80..9e6b3b7b5 100644
--- a/vendor/go.opentelemetry.io/otel/baggage/baggage.go
+++ b/vendor/go.opentelemetry.io/otel/baggage/baggage.go
@@ -61,11 +61,6 @@ type Property struct {
 	// hasValue indicates if a zero-value value means the property does not
 	// have a value or if it was the zero-value.
 	hasValue bool
-
-	// hasData indicates whether the created property contains data or not.
-	// Properties that do not contain data are invalid with no other check
-	// required.
-	hasData bool
 }
 
 // NewKeyProperty returns a new Property for key.
@@ -76,7 +71,7 @@ func NewKeyProperty(key string) (Property, error) {
 		return newInvalidProperty(), fmt.Errorf("%w: %q", errInvalidKey, key)
 	}
 
-	p := Property{key: key, hasData: true}
+	p := Property{key: key}
 	return p, nil
 }
 
@@ -95,7 +90,6 @@ func NewKeyValueProperty(key, value string) (Property, error) {
 		key:      key,
 		value:    value,
 		hasValue: true,
-		hasData:  true,
 	}
 	return p, nil
 }
@@ -117,7 +111,7 @@ func parseProperty(property string) (Property, error) {
 		return newInvalidProperty(), fmt.Errorf("%w: %q", errInvalidProperty, property)
 	}
 
-	p := Property{hasData: true}
+	var p Property
 	if match[1] != "" {
 		p.key = match[1]
 	} else {
@@ -136,10 +130,6 @@ func (p Property) validate() error {
 		return fmt.Errorf("invalid property: %w", err)
 	}
 
-	if !p.hasData {
-		return errFunc(fmt.Errorf("%w: %q", errInvalidProperty, p))
-	}
-
 	if !keyRe.MatchString(p.key) {
 		return errFunc(fmt.Errorf("%w: %q", errInvalidKey, p.key))
 	}
diff --git a/vendor/go.opentelemetry.io/otel/internal/gen.go b/vendor/go.opentelemetry.io/otel/internal/gen.go
new file mode 100644
index 000000000..f532f07e9
--- /dev/null
+++ b/vendor/go.opentelemetry.io/otel/internal/gen.go
@@ -0,0 +1,29 @@
+// Copyright The OpenTelemetry Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package internal // import "go.opentelemetry.io/otel/internal"
+
+//go:generate gotmpl --body=./shared/matchers/expectation.go.tmpl "--data={}" --out=matchers/expectation.go
+//go:generate gotmpl --body=./shared/matchers/expecter.go.tmpl "--data={}" --out=matchers/expecter.go
+//go:generate gotmpl --body=./shared/matchers/temporal_matcher.go.tmpl "--data={}" --out=matchers/temporal_matcher.go
+
+//go:generate gotmpl --body=./shared/internaltest/alignment.go.tmpl "--data={}" --out=internaltest/alignment.go
+//go:generate gotmpl --body=./shared/internaltest/env.go.tmpl "--data={}" --out=internaltest/env.go
+//go:generate gotmpl --body=./shared/internaltest/env_test.go.tmpl "--data={}" --out=internaltest/env_test.go
+//go:generate gotmpl --body=./shared/internaltest/errors.go.tmpl "--data={}" --out=internaltest/errors.go
+//go:generate gotmpl --body=./shared/internaltest/harness.go.tmpl "--data={\"matchersImportPath\": \"go.opentelemetry.io/otel/internal/matchers\"}" --out=internaltest/harness.go
+//go:generate gotmpl --body=./shared/internaltest/text_map_carrier.go.tmpl "--data={}" --out=internaltest/text_map_carrier.go
+//go:generate gotmpl --body=./shared/internaltest/text_map_carrier_test.go.tmpl "--data={}" --out=internaltest/text_map_carrier_test.go
+//go:generate gotmpl --body=./shared/internaltest/text_map_propagator.go.tmpl "--data={}" --out=internaltest/text_map_propagator.go
+//go:generate gotmpl --body=./shared/internaltest/text_map_propagator_test.go.tmpl "--data={}" --out=internaltest/text_map_propagator_test.go
diff --git a/vendor/go.opentelemetry.io/otel/internal/global/handler.go b/vendor/go.opentelemetry.io/otel/internal/global/handler.go
index 3dcd1caae..5e9b83047 100644
--- a/vendor/go.opentelemetry.io/otel/internal/global/handler.go
+++ b/vendor/go.opentelemetry.io/otel/internal/global/handler.go
@@ -18,7 +18,6 @@ import (
 	"log"
 	"os"
 	"sync/atomic"
-	"unsafe"
 )
 
 var (
@@ -42,7 +41,7 @@ type ErrorHandler interface {
 }
 
 type ErrDelegator struct {
-	delegate unsafe.Pointer
+	delegate atomic.Pointer[ErrorHandler]
 }
 
 func (d *ErrDelegator) Handle(err error) {
@@ -50,12 +49,12 @@ func (d *ErrDelegator) Handle(err error) {
 }
 
 func (d *ErrDelegator) getDelegate() ErrorHandler {
-	return *(*ErrorHandler)(atomic.LoadPointer(&d.delegate))
+	return *d.delegate.Load()
 }
 
 // setDelegate sets the ErrorHandler delegate.
 func (d *ErrDelegator) setDelegate(eh ErrorHandler) {
-	atomic.StorePointer(&d.delegate, unsafe.Pointer(&eh))
+	d.delegate.Store(&eh)
 }
 
 func defaultErrorHandler() *ErrDelegator {
diff --git a/vendor/go.opentelemetry.io/otel/internal/global/internal_logging.go b/vendor/go.opentelemetry.io/otel/internal/global/internal_logging.go
index 5951fd06d..c6f305a2b 100644
--- a/vendor/go.opentelemetry.io/otel/internal/global/internal_logging.go
+++ b/vendor/go.opentelemetry.io/otel/internal/global/internal_logging.go
@@ -18,7 +18,6 @@ import (
 	"log"
 	"os"
 	"sync/atomic"
-	"unsafe"
 
 	"github.com/go-logr/logr"
 	"github.com/go-logr/stdr"
@@ -28,7 +27,7 @@ import (
 //
 // The default logger uses stdr which is backed by the standard `log.Logger`
 // interface. This logger will only show messages at the Error Level.
-var globalLogger unsafe.Pointer
+var globalLogger atomic.Pointer[logr.Logger]
 
 func init() {
 	SetLogger(stdr.New(log.New(os.Stderr, "", log.LstdFlags|log.Lshortfile)))
@@ -40,11 +39,11 @@ func init() {
 // To see Info messages use a logger with `l.V(4).Enabled() == true`
 // To see Debug messages use a logger with `l.V(8).Enabled() == true`.
 func SetLogger(l logr.Logger) {
-	atomic.StorePointer(&globalLogger, unsafe.Pointer(&l))
+	globalLogger.Store(&l)
 }
 
 func getLogger() logr.Logger {
-	return *(*logr.Logger)(atomic.LoadPointer(&globalLogger))
+	return *globalLogger.Load()
 }
 
 // Info prints messages about the general state of the API or SDK.
diff --git a/vendor/go.opentelemetry.io/otel/metric/instrument.go b/vendor/go.opentelemetry.io/otel/metric/instrument.go
index 0033c1e12..cdca00058 100644
--- a/vendor/go.opentelemetry.io/otel/metric/instrument.go
+++ b/vendor/go.opentelemetry.io/otel/metric/instrument.go
@@ -167,6 +167,8 @@ func (o unitOpt) applyInt64ObservableGauge(c Int64ObservableGaugeConfig) Int64Ob
 }
 
 // WithUnit sets the instrument unit.
+//
+// The unit u should be defined using the appropriate [UCUM](https://ucum.org) case-sensitive code.
 func WithUnit(u string) InstrumentOption { return unitOpt(u) }
 
 // AddOption applies options to an addition measurement. See
diff --git a/vendor/go.opentelemetry.io/otel/metric/meter.go b/vendor/go.opentelemetry.io/otel/metric/meter.go
index 8e1917c32..2520bc74a 100644
--- a/vendor/go.opentelemetry.io/otel/metric/meter.go
+++ b/vendor/go.opentelemetry.io/otel/metric/meter.go
@@ -157,6 +157,8 @@ type Meter interface {
 	//
 	// If no instruments are passed, f should not be registered nor called
 	// during collection.
+	//
+	// The function f needs to be concurrent safe.
 	RegisterCallback(f Callback, instruments ...Observable) (Registration, error)
 }
 
diff --git a/vendor/go.opentelemetry.io/otel/requirements.txt b/vendor/go.opentelemetry.io/otel/requirements.txt
index 407f17489..ddff45468 100644
--- a/vendor/go.opentelemetry.io/otel/requirements.txt
+++ b/vendor/go.opentelemetry.io/otel/requirements.txt
@@ -1 +1 @@
-codespell==2.2.4
+codespell==2.2.5
diff --git a/vendor/go.opentelemetry.io/otel/version.go b/vendor/go.opentelemetry.io/otel/version.go
index c2217a28d..ad64e1996 100644
--- a/vendor/go.opentelemetry.io/otel/version.go
+++ b/vendor/go.opentelemetry.io/otel/version.go
@@ -16,5 +16,5 @@ package otel // import "go.opentelemetry.io/otel"
 
 // Version is the current release version of OpenTelemetry in use.
 func Version() string {
-	return "1.16.0"
+	return "1.19.0"
 }
diff --git a/vendor/go.opentelemetry.io/otel/versions.yaml b/vendor/go.opentelemetry.io/otel/versions.yaml
index 9dc47532b..7d2127692 100644
--- a/vendor/go.opentelemetry.io/otel/versions.yaml
+++ b/vendor/go.opentelemetry.io/otel/versions.yaml
@@ -14,19 +14,17 @@
 
 module-sets:
   stable-v1:
-    version: v1.16.0
+    version: v1.19.0
     modules:
       - go.opentelemetry.io/otel
       - go.opentelemetry.io/otel/bridge/opentracing
       - go.opentelemetry.io/otel/bridge/opentracing/test
+      - go.opentelemetry.io/otel/example/dice
       - go.opentelemetry.io/otel/example/fib
-      - go.opentelemetry.io/otel/example/jaeger
       - go.opentelemetry.io/otel/example/namedtracer
       - go.opentelemetry.io/otel/example/otel-collector
       - go.opentelemetry.io/otel/example/passthrough
       - go.opentelemetry.io/otel/example/zipkin
-      - go.opentelemetry.io/otel/exporters/jaeger
-      - go.opentelemetry.io/otel/exporters/otlp/internal/retry
       - go.opentelemetry.io/otel/exporters/otlp/otlptrace
       - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc
       - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp
@@ -34,23 +32,23 @@ module-sets:
       - go.opentelemetry.io/otel/exporters/zipkin
       - go.opentelemetry.io/otel/metric
       - go.opentelemetry.io/otel/sdk
+      - go.opentelemetry.io/otel/sdk/metric
       - go.opentelemetry.io/otel/trace
   experimental-metrics:
-    version: v0.39.0
+    version: v0.42.0
     modules:
+      - go.opentelemetry.io/otel/bridge/opencensus
+      - go.opentelemetry.io/otel/bridge/opencensus/test
       - go.opentelemetry.io/otel/example/opencensus
       - go.opentelemetry.io/otel/example/prometheus
+      - go.opentelemetry.io/otel/example/view
       - go.opentelemetry.io/otel/exporters/otlp/otlpmetric
       - go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc
       - go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp
       - go.opentelemetry.io/otel/exporters/prometheus
       - go.opentelemetry.io/otel/exporters/stdout/stdoutmetric
-      - go.opentelemetry.io/otel/sdk/metric
-      - go.opentelemetry.io/otel/bridge/opencensus
-      - go.opentelemetry.io/otel/bridge/opencensus/test
-      - go.opentelemetry.io/otel/example/view
   experimental-schema:
-    version: v0.0.4
+    version: v0.0.7
     modules:
       - go.opentelemetry.io/otel/schema
 excluded-modules:
diff --git a/vendor/go.step.sm/crypto/jose/parse.go b/vendor/go.step.sm/crypto/jose/parse.go
index 8496a6481..9807af03d 100644
--- a/vendor/go.step.sm/crypto/jose/parse.go
+++ b/vendor/go.step.sm/crypto/jose/parse.go
@@ -375,7 +375,7 @@ func guessSignatureAlgorithm(key crypto.PrivateKey) SignatureAlgorithm {
 
 // guessKnownJWKAlgorithm sets the algorithm for keys that only have one
 // possible algorithm.
-func guessKnownJWKAlgorithm(ctx *context, jwk *JSONWebKey) {
+func guessKnownJWKAlgorithm(_ *context, jwk *JSONWebKey) {
 	if jwk.Algorithm == "" && jwk.Use != "enc" {
 		switch k := jwk.Key.(type) {
 		case *ecdsa.PrivateKey:
diff --git a/vendor/go.step.sm/crypto/pemutil/pem.go b/vendor/go.step.sm/crypto/pemutil/pem.go
index e02512ebc..b281c4024 100644
--- a/vendor/go.step.sm/crypto/pemutil/pem.go
+++ b/vendor/go.step.sm/crypto/pemutil/pem.go
@@ -10,6 +10,7 @@ import (
 	"crypto/elliptic"
 	"crypto/rand"
 	"crypto/rsa"
+	"crypto/sha256"
 	"crypto/x509"
 	"encoding/pem"
 	"fmt"
@@ -44,6 +45,9 @@ var PromptPassword PasswordPrompter
 // check if a file exists and prompts the user if it should be overwritten.
 var WriteFile FileWriter = utils.WriteFile
 
+// PEMBlockHeader is the expected header for any PEM formatted block.
+var PEMBlockHeader = []byte("-----BEGIN ")
+
 // context add options to the pem methods.
 type context struct {
 	filename         string
@@ -282,7 +286,7 @@ func ReadCertificate(filename string, opts ...Options) (*x509.Certificate, error
 	}
 
 	// PEM format
-	if bytes.HasPrefix(b, []byte("-----BEGIN ")) {
+	if bytes.Contains(b, PEMBlockHeader) {
 		var crt interface{}
 		crt, err = Read(filename, opts...)
 		if err != nil {
@@ -311,7 +315,7 @@ func ReadCertificateBundle(filename string) ([]*x509.Certificate, error) {
 	}
 
 	// PEM format
-	if bytes.HasPrefix(b, []byte("-----BEGIN ")) {
+	if bytes.Contains(b, PEMBlockHeader) {
 		var block *pem.Block
 		var bundle []*x509.Certificate
 		for len(b) > 0 {
@@ -352,7 +356,7 @@ func ReadCertificateRequest(filename string) (*x509.CertificateRequest, error) {
 	}
 
 	// PEM format
-	if bytes.HasPrefix(b, []byte("-----BEGIN ")) {
+	if bytes.Contains(b, PEMBlockHeader) {
 		csr, err := Parse(b, WithFilename(filename))
 		if err != nil {
 			return nil, err
@@ -704,3 +708,35 @@ func ParseSSH(b []byte) (interface{}, error) {
 		return nil, errors.Errorf("unsupported key type %T", key)
 	}
 }
+
+// BundleCertificate adds PEM-encoded certificates to a PEM-encoded certificate
+// bundle if not already in the bundle.
+func BundleCertificate(bundlePEM []byte, certsPEM ...[]byte) ([]byte, bool, error) {
+	bundle, err := ParseCertificateBundle(bundlePEM)
+	if err != nil {
+		return nil, false, fmt.Errorf("invalid bundle: %w", err)
+	}
+
+	sums := make(map[[sha256.Size224]byte]bool, len(bundle)+len(certsPEM))
+	for i := range bundle {
+		sums[sha256.Sum224(bundle[i].Raw)] = true
+	}
+
+	modified := false
+
+	for i := range certsPEM {
+		cert, err := ParseCertificate(certsPEM[i])
+		if err != nil {
+			return nil, false, fmt.Errorf("invalid certificate %d: %w", i, err)
+		}
+		certSum := sha256.Sum224(cert.Raw)
+		if sums[certSum] {
+			continue
+		}
+		sums[certSum] = true
+		bundlePEM = append(bundlePEM, certsPEM[i]...)
+		modified = true
+	}
+
+	return bundlePEM, modified, nil
+}
diff --git a/vendor/go.uber.org/atomic/CHANGELOG.md b/vendor/go.uber.org/atomic/CHANGELOG.md
index 5fe03f21b..6f87f33fa 100644
--- a/vendor/go.uber.org/atomic/CHANGELOG.md
+++ b/vendor/go.uber.org/atomic/CHANGELOG.md
@@ -4,6 +4,16 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [1.11.0] - 2023-05-02
+### Fixed
+- Fix initialization of `Value` wrappers.
+
+### Added
+- Add `String` method to `atomic.Pointer[T]` type allowing users to safely print
+underlying values of pointers.
+
+[1.11.0]: https://github.com/uber-go/atomic/compare/v1.10.0...v1.11.0
+
 ## [1.10.0] - 2022-08-11
 ### Added
 - Add `atomic.Float32` type for atomic operations on `float32`.
diff --git a/vendor/go.uber.org/atomic/bool.go b/vendor/go.uber.org/atomic/bool.go
index dfa2085f4..f0a2ddd14 100644
--- a/vendor/go.uber.org/atomic/bool.go
+++ b/vendor/go.uber.org/atomic/bool.go
@@ -1,6 +1,6 @@
 // @generated Code generated by gen-atomicwrapper.
 
-// Copyright (c) 2020-2022 Uber Technologies, Inc.
+// Copyright (c) 2020-2023 Uber Technologies, Inc.
 //
 // Permission is hereby granted, free of charge, to any person obtaining a copy
 // of this software and associated documentation files (the "Software"), to deal
diff --git a/vendor/go.uber.org/atomic/duration.go b/vendor/go.uber.org/atomic/duration.go
index 6f4157445..7c23868fc 100644
--- a/vendor/go.uber.org/atomic/duration.go
+++ b/vendor/go.uber.org/atomic/duration.go
@@ -1,6 +1,6 @@
 // @generated Code generated by gen-atomicwrapper.
 
-// Copyright (c) 2020-2022 Uber Technologies, Inc.
+// Copyright (c) 2020-2023 Uber Technologies, Inc.
 //
 // Permission is hereby granted, free of charge, to any person obtaining a copy
 // of this software and associated documentation files (the "Software"), to deal
diff --git a/vendor/go.uber.org/atomic/error.go b/vendor/go.uber.org/atomic/error.go
index 27b23ea16..b7e3f1291 100644
--- a/vendor/go.uber.org/atomic/error.go
+++ b/vendor/go.uber.org/atomic/error.go
@@ -1,6 +1,6 @@
 // @generated Code generated by gen-atomicwrapper.
 
-// Copyright (c) 2020-2022 Uber Technologies, Inc.
+// Copyright (c) 2020-2023 Uber Technologies, Inc.
 //
 // Permission is hereby granted, free of charge, to any person obtaining a copy
 // of this software and associated documentation files (the "Software"), to deal
@@ -52,7 +52,17 @@ func (x *Error) Store(val error) {
 
 // CompareAndSwap is an atomic compare-and-swap for error values.
 func (x *Error) CompareAndSwap(old, new error) (swapped bool) {
-	return x.v.CompareAndSwap(packError(old), packError(new))
+	if x.v.CompareAndSwap(packError(old), packError(new)) {
+		return true
+	}
+
+	if old == _zeroError {
+		// If the old value is the empty value, then it's possible the
+		// underlying Value hasn't been set and is nil, so retry with nil.
+		return x.v.CompareAndSwap(nil, packError(new))
+	}
+
+	return false
 }
 
 // Swap atomically stores the given error and returns the old
diff --git a/vendor/go.uber.org/atomic/float32.go b/vendor/go.uber.org/atomic/float32.go
index 5d535a6d2..62c36334f 100644
--- a/vendor/go.uber.org/atomic/float32.go
+++ b/vendor/go.uber.org/atomic/float32.go
@@ -1,6 +1,6 @@
 // @generated Code generated by gen-atomicwrapper.
 
-// Copyright (c) 2020-2022 Uber Technologies, Inc.
+// Copyright (c) 2020-2023 Uber Technologies, Inc.
 //
 // Permission is hereby granted, free of charge, to any person obtaining a copy
 // of this software and associated documentation files (the "Software"), to deal
diff --git a/vendor/go.uber.org/atomic/float64.go b/vendor/go.uber.org/atomic/float64.go
index 11d5189a5..5bc11caab 100644
--- a/vendor/go.uber.org/atomic/float64.go
+++ b/vendor/go.uber.org/atomic/float64.go
@@ -1,6 +1,6 @@
 // @generated Code generated by gen-atomicwrapper.
 
-// Copyright (c) 2020-2022 Uber Technologies, Inc.
+// Copyright (c) 2020-2023 Uber Technologies, Inc.
 //
 // Permission is hereby granted, free of charge, to any person obtaining a copy
 // of this software and associated documentation files (the "Software"), to deal
diff --git a/vendor/go.uber.org/atomic/int32.go b/vendor/go.uber.org/atomic/int32.go
index b9a68f42c..5320eac10 100644
--- a/vendor/go.uber.org/atomic/int32.go
+++ b/vendor/go.uber.org/atomic/int32.go
@@ -1,6 +1,6 @@
 // @generated Code generated by gen-atomicint.
 
-// Copyright (c) 2020-2022 Uber Technologies, Inc.
+// Copyright (c) 2020-2023 Uber Technologies, Inc.
 //
 // Permission is hereby granted, free of charge, to any person obtaining a copy
 // of this software and associated documentation files (the "Software"), to deal
diff --git a/vendor/go.uber.org/atomic/int64.go b/vendor/go.uber.org/atomic/int64.go
index 78d260976..460821d00 100644
--- a/vendor/go.uber.org/atomic/int64.go
+++ b/vendor/go.uber.org/atomic/int64.go
@@ -1,6 +1,6 @@
 // @generated Code generated by gen-atomicint.
 
-// Copyright (c) 2020-2022 Uber Technologies, Inc.
+// Copyright (c) 2020-2023 Uber Technologies, Inc.
 //
 // Permission is hereby granted, free of charge, to any person obtaining a copy
 // of this software and associated documentation files (the "Software"), to deal
diff --git a/vendor/go.uber.org/atomic/pointer_go118.go b/vendor/go.uber.org/atomic/pointer_go118.go
index e0f47dba4..1fb6c03b2 100644
--- a/vendor/go.uber.org/atomic/pointer_go118.go
+++ b/vendor/go.uber.org/atomic/pointer_go118.go
@@ -18,43 +18,14 @@
 // OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 // THE SOFTWARE.
 
-//go:build go1.18 && !go1.19
-// +build go1.18,!go1.19
+//go:build go1.18
+// +build go1.18
 
 package atomic
 
-import "unsafe"
+import "fmt"
 
-type Pointer[T any] struct {
-	_ nocmp // disallow non-atomic comparison
-	p UnsafePointer
-}
-
-// NewPointer creates a new Pointer.
-func NewPointer[T any](v *T) *Pointer[T] {
-	var p Pointer[T]
-	if v != nil {
-		p.p.Store(unsafe.Pointer(v))
-	}
-	return &p
-}
-
-// Load atomically loads the wrapped value.
-func (p *Pointer[T]) Load() *T {
-	return (*T)(p.p.Load())
-}
-
-// Store atomically stores the passed value.
-func (p *Pointer[T]) Store(val *T) {
-	p.p.Store(unsafe.Pointer(val))
-}
-
-// Swap atomically swaps the wrapped pointer and returns the old value.
-func (p *Pointer[T]) Swap(val *T) (old *T) {
-	return (*T)(p.p.Swap(unsafe.Pointer(val)))
-}
-
-// CompareAndSwap is an atomic compare-and-swap.
-func (p *Pointer[T]) CompareAndSwap(old, new *T) (swapped bool) {
-	return p.p.CompareAndSwap(unsafe.Pointer(old), unsafe.Pointer(new))
+// String returns a human readable representation of a Pointer's underlying value.
+func (p *Pointer[T]) String() string {
+	return fmt.Sprint(p.Load())
 }
diff --git a/vendor/go.uber.org/atomic/pointer_go118_pre119.go b/vendor/go.uber.org/atomic/pointer_go118_pre119.go
new file mode 100644
index 000000000..e0f47dba4
--- /dev/null
+++ b/vendor/go.uber.org/atomic/pointer_go118_pre119.go
@@ -0,0 +1,60 @@
+// Copyright (c) 2022 Uber Technologies, Inc.
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files (the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions:
+//
+// The above copyright notice and this permission notice shall be included in
+// all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+// THE SOFTWARE.
+
+//go:build go1.18 && !go1.19
+// +build go1.18,!go1.19
+
+package atomic
+
+import "unsafe"
+
+type Pointer[T any] struct {
+	_ nocmp // disallow non-atomic comparison
+	p UnsafePointer
+}
+
+// NewPointer creates a new Pointer.
+func NewPointer[T any](v *T) *Pointer[T] {
+	var p Pointer[T]
+	if v != nil {
+		p.p.Store(unsafe.Pointer(v))
+	}
+	return &p
+}
+
+// Load atomically loads the wrapped value.
+func (p *Pointer[T]) Load() *T {
+	return (*T)(p.p.Load())
+}
+
+// Store atomically stores the passed value.
+func (p *Pointer[T]) Store(val *T) {
+	p.p.Store(unsafe.Pointer(val))
+}
+
+// Swap atomically swaps the wrapped pointer and returns the old value.
+func (p *Pointer[T]) Swap(val *T) (old *T) {
+	return (*T)(p.p.Swap(unsafe.Pointer(val)))
+}
+
+// CompareAndSwap is an atomic compare-and-swap.
+func (p *Pointer[T]) CompareAndSwap(old, new *T) (swapped bool) {
+	return p.p.CompareAndSwap(unsafe.Pointer(old), unsafe.Pointer(new))
+}
diff --git a/vendor/go.uber.org/atomic/string.go b/vendor/go.uber.org/atomic/string.go
index c4bea70f4..061466c5b 100644
--- a/vendor/go.uber.org/atomic/string.go
+++ b/vendor/go.uber.org/atomic/string.go
@@ -1,6 +1,6 @@
 // @generated Code generated by gen-atomicwrapper.
 
-// Copyright (c) 2020-2022 Uber Technologies, Inc.
+// Copyright (c) 2020-2023 Uber Technologies, Inc.
 //
 // Permission is hereby granted, free of charge, to any person obtaining a copy
 // of this software and associated documentation files (the "Software"), to deal
@@ -42,24 +42,31 @@ func NewString(val string) *String {
 
 // Load atomically loads the wrapped string.
 func (x *String) Load() string {
-	if v := x.v.Load(); v != nil {
-		return v.(string)
-	}
-	return _zeroString
+	return unpackString(x.v.Load())
 }
 
 // Store atomically stores the passed string.
 func (x *String) Store(val string) {
-	x.v.Store(val)
+	x.v.Store(packString(val))
 }
 
 // CompareAndSwap is an atomic compare-and-swap for string values.
 func (x *String) CompareAndSwap(old, new string) (swapped bool) {
-	return x.v.CompareAndSwap(old, new)
+	if x.v.CompareAndSwap(packString(old), packString(new)) {
+		return true
+	}
+
+	if old == _zeroString {
+		// If the old value is the empty value, then it's possible the
+		// underlying Value hasn't been set and is nil, so retry with nil.
+		return x.v.CompareAndSwap(nil, packString(new))
+	}
+
+	return false
 }
 
 // Swap atomically stores the given string and returns the old
 // value.
 func (x *String) Swap(val string) (old string) {
-	return x.v.Swap(val).(string)
+	return unpackString(x.v.Swap(packString(val)))
 }
diff --git a/vendor/go.uber.org/atomic/string_ext.go b/vendor/go.uber.org/atomic/string_ext.go
index 1f63dfd5b..019109c86 100644
--- a/vendor/go.uber.org/atomic/string_ext.go
+++ b/vendor/go.uber.org/atomic/string_ext.go
@@ -1,4 +1,4 @@
-// Copyright (c) 2020-2022 Uber Technologies, Inc.
+// Copyright (c) 2020-2023 Uber Technologies, Inc.
 //
 // Permission is hereby granted, free of charge, to any person obtaining a copy
 // of this software and associated documentation files (the "Software"), to deal
@@ -20,7 +20,18 @@
 
 package atomic
 
-//go:generate bin/gen-atomicwrapper -name=String -type=string -wrapped=Value -compareandswap -swap -file=string.go
+//go:generate bin/gen-atomicwrapper -name=String -type=string -wrapped Value -pack packString -unpack unpackString -compareandswap -swap -file=string.go
+
+func packString(s string) interface{} {
+	return s
+}
+
+func unpackString(v interface{}) string {
+	if s, ok := v.(string); ok {
+		return s
+	}
+	return ""
+}
 
 // String returns the wrapped value.
 func (s *String) String() string {
diff --git a/vendor/go.uber.org/atomic/time.go b/vendor/go.uber.org/atomic/time.go
index 1660feb14..cc2a230c0 100644
--- a/vendor/go.uber.org/atomic/time.go
+++ b/vendor/go.uber.org/atomic/time.go
@@ -1,6 +1,6 @@
 // @generated Code generated by gen-atomicwrapper.
 
-// Copyright (c) 2020-2022 Uber Technologies, Inc.
+// Copyright (c) 2020-2023 Uber Technologies, Inc.
 //
 // Permission is hereby granted, free of charge, to any person obtaining a copy
 // of this software and associated documentation files (the "Software"), to deal
diff --git a/vendor/go.uber.org/atomic/uint32.go b/vendor/go.uber.org/atomic/uint32.go
index d6f04a96d..4adc294ac 100644
--- a/vendor/go.uber.org/atomic/uint32.go
+++ b/vendor/go.uber.org/atomic/uint32.go
@@ -1,6 +1,6 @@
 // @generated Code generated by gen-atomicint.
 
-// Copyright (c) 2020-2022 Uber Technologies, Inc.
+// Copyright (c) 2020-2023 Uber Technologies, Inc.
 //
 // Permission is hereby granted, free of charge, to any person obtaining a copy
 // of this software and associated documentation files (the "Software"), to deal
diff --git a/vendor/go.uber.org/atomic/uint64.go b/vendor/go.uber.org/atomic/uint64.go
index 2574bdd5e..0e2eddb30 100644
--- a/vendor/go.uber.org/atomic/uint64.go
+++ b/vendor/go.uber.org/atomic/uint64.go
@@ -1,6 +1,6 @@
 // @generated Code generated by gen-atomicint.
 
-// Copyright (c) 2020-2022 Uber Technologies, Inc.
+// Copyright (c) 2020-2023 Uber Technologies, Inc.
 //
 // Permission is hereby granted, free of charge, to any person obtaining a copy
 // of this software and associated documentation files (the "Software"), to deal
diff --git a/vendor/go.uber.org/atomic/uintptr.go b/vendor/go.uber.org/atomic/uintptr.go
index 81b275a7a..7d5b000d6 100644
--- a/vendor/go.uber.org/atomic/uintptr.go
+++ b/vendor/go.uber.org/atomic/uintptr.go
@@ -1,6 +1,6 @@
 // @generated Code generated by gen-atomicint.
 
-// Copyright (c) 2020-2022 Uber Technologies, Inc.
+// Copyright (c) 2020-2023 Uber Technologies, Inc.
 //
 // Permission is hereby granted, free of charge, to any person obtaining a copy
 // of this software and associated documentation files (the "Software"), to deal
diff --git a/vendor/go.uber.org/zap/.golangci.yml b/vendor/go.uber.org/zap/.golangci.yml
new file mode 100644
index 000000000..fbc6df790
--- /dev/null
+++ b/vendor/go.uber.org/zap/.golangci.yml
@@ -0,0 +1,77 @@
+output:
+  # Make output more digestible with quickfix in vim/emacs/etc.
+  sort-results: true
+  print-issued-lines: false
+
+linters:
+  # We'll track the golangci-lint default linters manually
+  # instead of letting them change without our control.
+  disable-all: true
+  enable:
+    # golangci-lint defaults:
+    - errcheck
+    - gosimple
+    - govet
+    - ineffassign
+    - staticcheck
+    - unused
+
+    # Our own extras:
+    - gofmt
+    - nolintlint # lints nolint directives
+    - revive
+
+linters-settings:
+  govet:
+    # These govet checks are disabled by default, but they're useful.
+    enable:
+      - niliness
+      - reflectvaluecompare
+      - sortslice
+      - unusedwrite
+
+  errcheck:
+    exclude-functions:
+      # These methods can not fail.
+      # They operate on an in-memory buffer.
+      - (*go.uber.org/zap/buffer.Buffer).Write
+      - (*go.uber.org/zap/buffer.Buffer).WriteByte
+      - (*go.uber.org/zap/buffer.Buffer).WriteString
+
+      - (*go.uber.org/zap/zapio.Writer).Close
+      - (*go.uber.org/zap/zapio.Writer).Sync
+      - (*go.uber.org/zap/zapio.Writer).Write
+      # Write to zapio.Writer cannot fail,
+      # so io.WriteString on it cannot fail.
+      - io.WriteString(*go.uber.org/zap/zapio.Writer)
+
+      # Writing a plain string to a fmt.State cannot fail.
+      - io.WriteString(fmt.State)
+
+issues:
+  # Print all issues reported by all linters.
+  max-issues-per-linter: 0
+  max-same-issues: 0
+
+  # Don't ignore some of the issues that golangci-lint considers okay.
+  # This includes documenting all exported entities.
+  exclude-use-default: false
+
+  exclude-rules:
+    # Don't warn on unused parameters.
+    # Parameter names are useful; replacing them with '_' is undesirable.
+    - linters: [revive]
+      text: 'unused-parameter: parameter \S+ seems to be unused, consider removing or renaming it as _'
+
+    # staticcheck already has smarter checks for empty blocks.
+    # revive's empty-block linter has false positives.
+    # For example, as of writing this, the following is not allowed.
+    #   for foo() { }
+    - linters: [revive]
+      text: 'empty-block: this block is empty, you can remove it'
+
+    # Ignore logger.Sync() errcheck failures in example_test.go
+    # since those are intended to be uncomplicated examples.
+    - linters: [errcheck]
+      path: example_test.go
+      text: 'Error return value of `logger.Sync` is not checked'
diff --git a/vendor/go.uber.org/zap/CHANGELOG.md b/vendor/go.uber.org/zap/CHANGELOG.md
index 0db1f9f15..11b465976 100644
--- a/vendor/go.uber.org/zap/CHANGELOG.md
+++ b/vendor/go.uber.org/zap/CHANGELOG.md
@@ -1,7 +1,39 @@
 # Changelog
 All notable changes to this project will be documented in this file.
 
-This project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
+This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## 1.26.0 (14 Sep 2023)
+Enhancements:
+* [#1319][]: Add `WithLazy` method to `Logger` which lazily evaluates the structured
+context.
+* [#1350][]: String encoding is much (~50%) faster now.
+
+Thanks to @jquirke, @cdvr1993 for their contributions to this release.
+
+[#1319]: https://github.com/uber-go/zap/pull/1319
+[#1350]: https://github.com/uber-go/zap/pull/1350
+
+## 1.25.0 (1 Aug 2023)
+
+This release contains several improvements including performance, API additions,
+and two new experimental packages whose APIs are unstable and may change in the
+future.
+
+Enhancements:
+* [#1246][]: Add `zap/exp/zapslog` package for integration with slog.
+* [#1273][]: Add `Name` to `Logger` which returns the Logger's name if one is set.
+* [#1281][]: Add `zap/exp/expfield` package which contains helper methods
+`Str` and `Strs` for constructing String-like zap.Fields.
+* [#1310][]: Reduce stack size on `Any`. 
+
+Thanks to @knight42, @dzakaammar, @bcspragu, and @rexywork for their contributions
+to this release.
+
+[#1246]: https://github.com/uber-go/zap/pull/1246
+[#1273]: https://github.com/uber-go/zap/pull/1273
+[#1281]: https://github.com/uber-go/zap/pull/1281
+[#1310]: https://github.com/uber-go/zap/pull/1310
 
 ## 1.24.0 (30 Nov 2022)
 
@@ -27,7 +59,6 @@ Enhancements:
 [#1147]: https://github.com/uber-go/zap/pull/1147
 [#1155]: https://github.com/uber-go/zap/pull/1155
 
-
 ## 1.22.0 (8 Aug 2022)
 
 Enhancements:
@@ -176,6 +207,16 @@ Enhancements:
 
 Thanks to @ash2k, @FMLS, @jimmystewpot, @Oncilla, @tsoslow, @tylitianrui, @withshubh, and @wziww for their contributions to this release.
 
+[#865]: https://github.com/uber-go/zap/pull/865
+[#867]: https://github.com/uber-go/zap/pull/867
+[#881]: https://github.com/uber-go/zap/pull/881
+[#903]: https://github.com/uber-go/zap/pull/903
+[#912]: https://github.com/uber-go/zap/pull/912
+[#913]: https://github.com/uber-go/zap/pull/913
+[#928]: https://github.com/uber-go/zap/pull/928
+[#931]: https://github.com/uber-go/zap/pull/931
+[#936]: https://github.com/uber-go/zap/pull/936
+
 ## 1.16.0 (1 Sep 2020)
 
 Bugfixes:
@@ -197,6 +238,17 @@ Enhancements:
 
 Thanks to @SteelPhase, @tmshn, @lixingwang, @wyxloading, @moul, @segevfiner, @andy-retailnext and @jcorbin for their contributions to this release.
 
+[#629]: https://github.com/uber-go/zap/pull/629
+[#697]: https://github.com/uber-go/zap/pull/697
+[#828]: https://github.com/uber-go/zap/pull/828
+[#835]: https://github.com/uber-go/zap/pull/835
+[#843]: https://github.com/uber-go/zap/pull/843
+[#844]: https://github.com/uber-go/zap/pull/844
+[#852]: https://github.com/uber-go/zap/pull/852
+[#854]: https://github.com/uber-go/zap/pull/854
+[#861]: https://github.com/uber-go/zap/pull/861
+[#862]: https://github.com/uber-go/zap/pull/862
+
 ## 1.15.0 (23 Apr 2020)
 
 Bugfixes:
@@ -213,6 +265,11 @@ Enhancements:
 
 Thanks to @danielbprice for their contributions to this release.
 
+[#804]: https://github.com/uber-go/zap/pull/804
+[#812]: https://github.com/uber-go/zap/pull/812
+[#806]: https://github.com/uber-go/zap/pull/806
+[#813]: https://github.com/uber-go/zap/pull/813
+
 ## 1.14.1 (14 Mar 2020)
 
 Bugfixes:
@@ -225,6 +282,10 @@ Bugfixes:
 
 Thanks to @YashishDua for their contributions to this release.
 
+[#791]: https://github.com/uber-go/zap/pull/791
+[#795]: https://github.com/uber-go/zap/pull/795
+[#799]: https://github.com/uber-go/zap/pull/799
+
 ## 1.14.0 (20 Feb 2020)
 
 Enhancements:
@@ -235,6 +296,11 @@ Enhancements:
 
 Thanks to @caibirdme for their contributions to this release.
 
+[#771]: https://github.com/uber-go/zap/pull/771
+[#773]: https://github.com/uber-go/zap/pull/773
+[#775]: https://github.com/uber-go/zap/pull/775
+[#786]: https://github.com/uber-go/zap/pull/786
+
 ## 1.13.0 (13 Nov 2019)
 
 Enhancements:
@@ -243,11 +309,15 @@ Enhancements:
 
 Thanks to @jbizzle for their contributions to this release.
 
+[#758]: https://github.com/uber-go/zap/pull/758
+
 ## 1.12.0 (29 Oct 2019)
 
 Enhancements:
 * [#751][]: Migrate to Go modules.
 
+[#751]: https://github.com/uber-go/zap/pull/751
+
 ## 1.11.0 (21 Oct 2019)
 
 Enhancements:
@@ -256,6 +326,9 @@ Enhancements:
 
 Thanks to @juicemia, @uhthomas for their contributions to this release.
 
+[#725]: https://github.com/uber-go/zap/pull/725
+[#736]: https://github.com/uber-go/zap/pull/736
+
 ## 1.10.0 (29 Apr 2019)
 
 Bugfixes:
@@ -273,12 +346,20 @@ Enhancements:
 Thanks to @iaroslav-ciupin, @lelenanam, @joa, @NWilson for their contributions
 to this release.
 
+[#657]: https://github.com/uber-go/zap/pull/657
+[#706]: https://github.com/uber-go/zap/pull/706
+[#610]: https://github.com/uber-go/zap/pull/610
+[#675]: https://github.com/uber-go/zap/pull/675
+[#704]: https://github.com/uber-go/zap/pull/704
+
 ## v1.9.1 (06 Aug 2018)
 
 Bugfixes:
 
 * [#614][]: MapObjectEncoder should not ignore empty slices.
 
+[#614]: https://github.com/uber-go/zap/pull/614
+
 ## v1.9.0 (19 Jul 2018)
 
 Enhancements:
@@ -288,6 +369,10 @@ Enhancements:
 Thanks to @nfarah86, @AlekSi, @JeanMertz, @philippgille, @etsangsplk, and
 @dimroc for their contributions to this release.
 
+[#602]: https://github.com/uber-go/zap/pull/602
+[#572]: https://github.com/uber-go/zap/pull/572
+[#606]: https://github.com/uber-go/zap/pull/606
+
 ## v1.8.0 (13 Apr 2018)
 
 Enhancements:
@@ -301,11 +386,18 @@ Bugfixes:
 
 Thanks to @DiSiqueira and @djui for their contributions to this release.
 
+[#508]: https://github.com/uber-go/zap/pull/508
+[#518]: https://github.com/uber-go/zap/pull/518
+[#577]: https://github.com/uber-go/zap/pull/577
+[#574]: https://github.com/uber-go/zap/pull/574
+
 ## v1.7.1 (25 Sep 2017)
 
 Bugfixes:
 * [#504][]: Store strings when using AddByteString with the map encoder.
 
+[#504]: https://github.com/uber-go/zap/pull/504
+
 ## v1.7.0 (21 Sep 2017)
 
 Enhancements:
@@ -313,6 +405,8 @@ Enhancements:
 * [#487][]: Add `NewStdLogAt`, which extends `NewStdLog` by allowing the user
   to specify the level of the logged messages.
 
+[#487]: https://github.com/uber-go/zap/pull/487
+
 ## v1.6.0 (30 Aug 2017)
 
 Enhancements:
@@ -321,6 +415,9 @@ Enhancements:
 * [#490][]: Add a `ContextMap` method to observer logs for simpler
   field validation in tests.
 
+[#490]: https://github.com/uber-go/zap/pull/490
+[#491]: https://github.com/uber-go/zap/pull/491
+
 ## v1.5.0 (22 Jul 2017)
 
 Enhancements:
@@ -334,6 +431,11 @@ Bugfixes:
 
 Thanks to @richard-tunein and @pavius for their contributions to this release.
 
+[#477]: https://github.com/uber-go/zap/pull/477
+[#465]: https://github.com/uber-go/zap/pull/465
+[#460]: https://github.com/uber-go/zap/pull/460
+[#470]: https://github.com/uber-go/zap/pull/470
+
 ## v1.4.1 (08 Jun 2017)
 
 This release fixes two bugs.
@@ -343,6 +445,9 @@ Bugfixes:
 * [#435][]: Support a variety of case conventions when unmarshaling levels.
 * [#444][]: Fix a panic in the observer.
 
+[#435]: https://github.com/uber-go/zap/pull/435
+[#444]: https://github.com/uber-go/zap/pull/444
+
 ## v1.4.0 (12 May 2017)
 
 This release adds a few small features and is fully backward-compatible.
@@ -355,6 +460,10 @@ Enhancements:
 * [#431][]: Make `zap.AtomicLevel` implement `fmt.Stringer`, which makes a
   variety of operations a bit simpler.
 
+[#424]: https://github.com/uber-go/zap/pull/424
+[#425]: https://github.com/uber-go/zap/pull/425
+[#431]: https://github.com/uber-go/zap/pull/431
+
 ## v1.3.0 (25 Apr 2017)
 
 This release adds an enhancement to zap's testing helpers as well as the
@@ -366,6 +475,9 @@ Enhancements:
   particularly useful when testing the `SugaredLogger`.
 * [#416][]: Make `AtomicLevel` implement `encoding.TextMarshaler`.
 
+[#415]: https://github.com/uber-go/zap/pull/415
+[#416]: https://github.com/uber-go/zap/pull/416
+
 ## v1.2.0 (13 Apr 2017)
 
 This release adds a gRPC compatibility wrapper. It is fully backward-compatible.
@@ -375,6 +487,8 @@ Enhancements:
 * [#402][]: Add a `zapgrpc` package that wraps zap's Logger and implements
   `grpclog.Logger`.
 
+[#402]: https://github.com/uber-go/zap/pull/402
+
 ## v1.1.0 (31 Mar 2017)
 
 This release fixes two bugs and adds some enhancements to zap's testing helpers.
@@ -392,6 +506,10 @@ Enhancements:
 
 Thanks to @moitias for contributing to this release.
 
+[#385]: https://github.com/uber-go/zap/pull/385
+[#396]: https://github.com/uber-go/zap/pull/396
+[#386]: https://github.com/uber-go/zap/pull/386
+
 ## v1.0.0 (14 Mar 2017)
 
 This is zap's first stable release. All exported APIs are now final, and no
@@ -437,6 +555,20 @@ Enhancements:
 Thanks to @suyash, @htrendev, @flisky, @Ulexus, and @skipor for their
 contributions to this release.
 
+[#366]: https://github.com/uber-go/zap/pull/366
+[#364]: https://github.com/uber-go/zap/pull/364
+[#371]: https://github.com/uber-go/zap/pull/371
+[#362]: https://github.com/uber-go/zap/pull/362
+[#369]: https://github.com/uber-go/zap/pull/369
+[#347]: https://github.com/uber-go/zap/pull/347
+[#373]: https://github.com/uber-go/zap/pull/373
+[#348]: https://github.com/uber-go/zap/pull/348
+[#327]: https://github.com/uber-go/zap/pull/327
+[#376]: https://github.com/uber-go/zap/pull/376
+[#346]: https://github.com/uber-go/zap/pull/346
+[#365]: https://github.com/uber-go/zap/pull/365
+[#372]: https://github.com/uber-go/zap/pull/372
+
 ## v1.0.0-rc.3 (7 Mar 2017)
 
 This is the third release candidate for zap's stable release. There are no
@@ -458,6 +590,11 @@ Enhancements:
 
 Thanks to @ansel1 and @suyash for their contributions to this release.
 
+[#339]: https://github.com/uber-go/zap/pull/339
+[#307]: https://github.com/uber-go/zap/pull/307
+[#353]: https://github.com/uber-go/zap/pull/353
+[#311]: https://github.com/uber-go/zap/pull/311
+
 ## v1.0.0-rc.2 (21 Feb 2017)
 
 This is the second release candidate for zap's stable release. It includes two
@@ -495,6 +632,15 @@ Enhancements:
 
 Thanks to @skipor and @chapsuk for their contributions to this release.
 
+[#316]: https://github.com/uber-go/zap/pull/316
+[#309]: https://github.com/uber-go/zap/pull/309
+[#317]: https://github.com/uber-go/zap/pull/317
+[#321]: https://github.com/uber-go/zap/pull/321
+[#325]: https://github.com/uber-go/zap/pull/325
+[#333]: https://github.com/uber-go/zap/pull/333
+[#326]: https://github.com/uber-go/zap/pull/326
+[#300]: https://github.com/uber-go/zap/pull/300
+
 ## v1.0.0-rc.1 (14 Feb 2017)
 
 This is the first release candidate for zap's stable release. There are multiple
@@ -523,95 +669,3 @@ backward compatibility concerns and all functionality is new.
 
 Early zap adopters should pin to the 0.1.x minor version until they're ready to
 upgrade to the upcoming stable release.
-
-[#316]: https://github.com/uber-go/zap/pull/316
-[#309]: https://github.com/uber-go/zap/pull/309
-[#317]: https://github.com/uber-go/zap/pull/317
-[#321]: https://github.com/uber-go/zap/pull/321
-[#325]: https://github.com/uber-go/zap/pull/325
-[#333]: https://github.com/uber-go/zap/pull/333
-[#326]: https://github.com/uber-go/zap/pull/326
-[#300]: https://github.com/uber-go/zap/pull/300
-[#339]: https://github.com/uber-go/zap/pull/339
-[#307]: https://github.com/uber-go/zap/pull/307
-[#353]: https://github.com/uber-go/zap/pull/353
-[#311]: https://github.com/uber-go/zap/pull/311
-[#366]: https://github.com/uber-go/zap/pull/366
-[#364]: https://github.com/uber-go/zap/pull/364
-[#371]: https://github.com/uber-go/zap/pull/371
-[#362]: https://github.com/uber-go/zap/pull/362
-[#369]: https://github.com/uber-go/zap/pull/369
-[#347]: https://github.com/uber-go/zap/pull/347
-[#373]: https://github.com/uber-go/zap/pull/373
-[#348]: https://github.com/uber-go/zap/pull/348
-[#327]: https://github.com/uber-go/zap/pull/327
-[#376]: https://github.com/uber-go/zap/pull/376
-[#346]: https://github.com/uber-go/zap/pull/346
-[#365]: https://github.com/uber-go/zap/pull/365
-[#372]: https://github.com/uber-go/zap/pull/372
-[#385]: https://github.com/uber-go/zap/pull/385
-[#396]: https://github.com/uber-go/zap/pull/396
-[#386]: https://github.com/uber-go/zap/pull/386
-[#402]: https://github.com/uber-go/zap/pull/402
-[#415]: https://github.com/uber-go/zap/pull/415
-[#416]: https://github.com/uber-go/zap/pull/416
-[#424]: https://github.com/uber-go/zap/pull/424
-[#425]: https://github.com/uber-go/zap/pull/425
-[#431]: https://github.com/uber-go/zap/pull/431
-[#435]: https://github.com/uber-go/zap/pull/435
-[#444]: https://github.com/uber-go/zap/pull/444
-[#477]: https://github.com/uber-go/zap/pull/477
-[#465]: https://github.com/uber-go/zap/pull/465
-[#460]: https://github.com/uber-go/zap/pull/460
-[#470]: https://github.com/uber-go/zap/pull/470
-[#487]: https://github.com/uber-go/zap/pull/487
-[#490]: https://github.com/uber-go/zap/pull/490
-[#491]: https://github.com/uber-go/zap/pull/491
-[#504]: https://github.com/uber-go/zap/pull/504
-[#508]: https://github.com/uber-go/zap/pull/508
-[#518]: https://github.com/uber-go/zap/pull/518
-[#577]: https://github.com/uber-go/zap/pull/577
-[#574]: https://github.com/uber-go/zap/pull/574
-[#602]: https://github.com/uber-go/zap/pull/602
-[#572]: https://github.com/uber-go/zap/pull/572
-[#606]: https://github.com/uber-go/zap/pull/606
-[#614]: https://github.com/uber-go/zap/pull/614
-[#657]: https://github.com/uber-go/zap/pull/657
-[#706]: https://github.com/uber-go/zap/pull/706
-[#610]: https://github.com/uber-go/zap/pull/610
-[#675]: https://github.com/uber-go/zap/pull/675
-[#704]: https://github.com/uber-go/zap/pull/704
-[#725]: https://github.com/uber-go/zap/pull/725
-[#736]: https://github.com/uber-go/zap/pull/736
-[#751]: https://github.com/uber-go/zap/pull/751
-[#758]: https://github.com/uber-go/zap/pull/758
-[#771]: https://github.com/uber-go/zap/pull/771
-[#773]: https://github.com/uber-go/zap/pull/773
-[#775]: https://github.com/uber-go/zap/pull/775
-[#786]: https://github.com/uber-go/zap/pull/786
-[#791]: https://github.com/uber-go/zap/pull/791
-[#795]: https://github.com/uber-go/zap/pull/795
-[#799]: https://github.com/uber-go/zap/pull/799
-[#804]: https://github.com/uber-go/zap/pull/804
-[#812]: https://github.com/uber-go/zap/pull/812
-[#806]: https://github.com/uber-go/zap/pull/806
-[#813]: https://github.com/uber-go/zap/pull/813
-[#629]: https://github.com/uber-go/zap/pull/629
-[#697]: https://github.com/uber-go/zap/pull/697
-[#828]: https://github.com/uber-go/zap/pull/828
-[#835]: https://github.com/uber-go/zap/pull/835
-[#843]: https://github.com/uber-go/zap/pull/843
-[#844]: https://github.com/uber-go/zap/pull/844
-[#852]: https://github.com/uber-go/zap/pull/852
-[#854]: https://github.com/uber-go/zap/pull/854
-[#861]: https://github.com/uber-go/zap/pull/861
-[#862]: https://github.com/uber-go/zap/pull/862
-[#865]: https://github.com/uber-go/zap/pull/865
-[#867]: https://github.com/uber-go/zap/pull/867
-[#881]: https://github.com/uber-go/zap/pull/881
-[#903]: https://github.com/uber-go/zap/pull/903
-[#912]: https://github.com/uber-go/zap/pull/912
-[#913]: https://github.com/uber-go/zap/pull/913
-[#928]: https://github.com/uber-go/zap/pull/928
-[#931]: https://github.com/uber-go/zap/pull/931
-[#936]: https://github.com/uber-go/zap/pull/936
diff --git a/vendor/go.uber.org/zap/Makefile b/vendor/go.uber.org/zap/Makefile
index 9b1bc3b0e..eb1cee53b 100644
--- a/vendor/go.uber.org/zap/Makefile
+++ b/vendor/go.uber.org/zap/Makefile
@@ -1,50 +1,51 @@
-export GOBIN ?= $(shell pwd)/bin
+# Directory containing the Makefile.
+PROJECT_ROOT = $(dir $(abspath $(lastword $(MAKEFILE_LIST))))
 
-GOLINT = $(GOBIN)/golint
-STATICCHECK = $(GOBIN)/staticcheck
+export GOBIN ?= $(PROJECT_ROOT)/bin
+export PATH := $(GOBIN):$(PATH)
+
+GOVULNCHECK = $(GOBIN)/govulncheck
 BENCH_FLAGS ?= -cpuprofile=cpu.pprof -memprofile=mem.pprof -benchmem
 
 # Directories containing independent Go modules.
-#
-# We track coverage only for the main module.
-MODULE_DIRS = . ./benchmarks ./zapgrpc/internal/test
+MODULE_DIRS = . ./exp ./benchmarks ./zapgrpc/internal/test
 
-# Many Go tools take file globs or directories as arguments instead of packages.
-GO_FILES := $(shell \
-	find . '(' -path '*/.*' -o -path './vendor' ')' -prune \
-	-o -name '*.go' -print | cut -b3-)
+# Directories that we want to track coverage for.
+COVER_DIRS = . ./exp
 
 .PHONY: all
 all: lint test
 
 .PHONY: lint
-lint: $(GOLINT) $(STATICCHECK)
-	@rm -rf lint.log
-	@echo "Checking formatting..."
-	@gofmt -d -s $(GO_FILES) 2>&1 | tee lint.log
-	@echo "Checking vet..."
-	@$(foreach dir,$(MODULE_DIRS),(cd $(dir) && go vet ./... 2>&1) &&) true | tee -a lint.log
-	@echo "Checking lint..."
-	@$(foreach dir,$(MODULE_DIRS),(cd $(dir) && $(GOLINT) ./... 2>&1) &&) true | tee -a lint.log
-	@echo "Checking staticcheck..."
-	@$(foreach dir,$(MODULE_DIRS),(cd $(dir) && $(STATICCHECK) ./... 2>&1) &&) true | tee -a lint.log
-	@echo "Checking for unresolved FIXMEs..."
-	@git grep -i fixme | grep -v -e Makefile | tee -a lint.log
-	@echo "Checking for license headers..."
-	@./checklicense.sh | tee -a lint.log
-	@[ ! -s lint.log ]
-	@echo "Checking 'go mod tidy'..."
-	@make tidy
-	@if ! git diff --quiet; then \
-		echo "'go mod tidy' resulted in changes or working tree is dirty:"; \
-		git --no-pager diff; \
-	fi
-
-$(GOLINT):
-	cd tools && go install golang.org/x/lint/golint
-
-$(STATICCHECK):
-	cd tools && go install honnef.co/go/tools/cmd/staticcheck
+lint: golangci-lint tidy-lint license-lint
+
+.PHONY: golangci-lint
+golangci-lint:
+	@$(foreach mod,$(MODULE_DIRS), \
+		(cd $(mod) && \
+		echo "[lint] golangci-lint: $(mod)" && \
+		golangci-lint run --path-prefix $(mod)) &&) true
+
+.PHONY: tidy
+tidy:
+	@$(foreach dir,$(MODULE_DIRS), \
+		(cd $(dir) && go mod tidy) &&) true
+
+.PHONY: tidy-lint
+tidy-lint:
+	@$(foreach mod,$(MODULE_DIRS), \
+		(cd $(mod) && \
+		echo "[lint] tidy: $(mod)" && \
+		go mod tidy && \
+		git diff --exit-code -- go.mod go.sum) &&) true
+
+
+.PHONY: license-lint
+license-lint:
+	./checklicense.sh
+
+$(GOVULNCHECK):
+	cd tools && go install golang.org/x/vuln/cmd/govulncheck
 
 .PHONY: test
 test:
@@ -52,8 +53,10 @@ test:
 
 .PHONY: cover
 cover:
-	go test -race -coverprofile=cover.out -coverpkg=./... ./...
-	go tool cover -html=cover.out -o cover.html
+	@$(foreach dir,$(COVER_DIRS), ( \
+		cd $(dir) && \
+		go test -race -coverprofile=cover.out -coverpkg=./... ./... \
+		&& go tool cover -html=cover.out -o cover.html) &&) true
 
 .PHONY: bench
 BENCH ?= .
@@ -68,6 +71,6 @@ updatereadme:
 	rm -f README.md
 	cat .readme.tmpl | go run internal/readme/readme.go > README.md
 
-.PHONY: tidy
-tidy:
-	@$(foreach dir,$(MODULE_DIRS),(cd $(dir) && go mod tidy) &&) true
+.PHONY: vulncheck
+vulncheck: $(GOVULNCHECK)
+	$(GOVULNCHECK) ./...
diff --git a/vendor/go.uber.org/zap/README.md b/vendor/go.uber.org/zap/README.md
index a553a428c..9de08927b 100644
--- a/vendor/go.uber.org/zap/README.md
+++ b/vendor/go.uber.org/zap/README.md
@@ -54,7 +54,7 @@ and make many small allocations. Put differently, using `encoding/json` and
 Zap takes a different approach. It includes a reflection-free, zero-allocation
 JSON encoder, and the base `Logger` strives to avoid serialization overhead
 and allocations wherever possible. By building the high-level `SugaredLogger`
-on that foundation, zap lets users _choose_ when they need to count every
+on that foundation, zap lets users *choose* when they need to count every
 allocation and when they'd prefer a more familiar, loosely typed API.
 
 As measured by its own [benchmarking suite][], not only is zap more performant
@@ -64,40 +64,43 @@ id="anchor-versions">[1](#footnote-versions)</sup>
 
 Log a message and 10 fields:
 
-| Package             |    Time     | Time % to zap | Objects Allocated |
-| :------------------ | :---------: | :-----------: | :---------------: |
-| :zap: zap           | 2900 ns/op  |      +0%      |    5 allocs/op    |
-| :zap: zap (sugared) | 3475 ns/op  |     +20%      |   10 allocs/op    |
-| zerolog             | 10639 ns/op |     +267%     |   32 allocs/op    |
-| go-kit              | 14434 ns/op |     +398%     |   59 allocs/op    |
-| logrus              | 17104 ns/op |     +490%     |   81 allocs/op    |
-| apex/log            | 32424 ns/op |    +1018%     |   66 allocs/op    |
-| log15               | 33579 ns/op |    +1058%     |   76 allocs/op    |
+| Package | Time | Time % to zap | Objects Allocated |
+| :------ | :--: | :-----------: | :---------------: |
+| :zap: zap | 1744 ns/op | +0% | 5 allocs/op
+| :zap: zap (sugared) | 2483 ns/op | +42% | 10 allocs/op
+| zerolog | 918 ns/op | -47% | 1 allocs/op
+| go-kit | 5590 ns/op | +221% | 57 allocs/op
+| slog | 5640 ns/op | +223% | 40 allocs/op
+| apex/log | 21184 ns/op | +1115% | 63 allocs/op
+| logrus | 24338 ns/op | +1296% | 79 allocs/op
+| log15 | 26054 ns/op | +1394% | 74 allocs/op
 
 Log a message with a logger that already has 10 fields of context:
 
-| Package             |    Time     | Time % to zap | Objects Allocated |
-| :------------------ | :---------: | :-----------: | :---------------: |
-| :zap: zap           |  373 ns/op  |      +0%      |    0 allocs/op    |
-| :zap: zap (sugared) |  452 ns/op  |     +21%      |    1 allocs/op    |
-| zerolog             |  288 ns/op  |     -23%      |    0 allocs/op    |
-| go-kit              | 11785 ns/op |    +3060%     |   58 allocs/op    |
-| logrus              | 19629 ns/op |    +5162%     |   70 allocs/op    |
-| log15               | 21866 ns/op |    +5762%     |   72 allocs/op    |
-| apex/log            | 30890 ns/op |    +8182%     |   55 allocs/op    |
+| Package | Time | Time % to zap | Objects Allocated |
+| :------ | :--: | :-----------: | :---------------: |
+| :zap: zap | 193 ns/op | +0% | 0 allocs/op
+| :zap: zap (sugared) | 227 ns/op | +18% | 1 allocs/op
+| zerolog | 81 ns/op | -58% | 0 allocs/op
+| slog | 322 ns/op | +67% | 0 allocs/op
+| go-kit | 5377 ns/op | +2686% | 56 allocs/op
+| apex/log | 19518 ns/op | +10013% | 53 allocs/op
+| log15 | 19812 ns/op | +10165% | 70 allocs/op
+| logrus | 21997 ns/op | +11297% | 68 allocs/op
 
 Log a static string, without any context or `printf`-style templating:
 
-| Package             |    Time    | Time % to zap | Objects Allocated |
-| :------------------ | :--------: | :-----------: | :---------------: |
-| :zap: zap           | 381 ns/op  |      +0%      |    0 allocs/op    |
-| :zap: zap (sugared) | 410 ns/op  |      +8%      |    1 allocs/op    |
-| zerolog             | 369 ns/op  |      -3%      |    0 allocs/op    |
-| standard library    | 385 ns/op  |      +1%      |    2 allocs/op    |
-| go-kit              | 606 ns/op  |     +59%      |   11 allocs/op    |
-| logrus              | 1730 ns/op |     +354%     |   25 allocs/op    |
-| apex/log            | 1998 ns/op |     +424%     |    7 allocs/op    |
-| log15               | 4546 ns/op |    +1093%     |   22 allocs/op    |
+| Package | Time | Time % to zap | Objects Allocated |
+| :------ | :--: | :-----------: | :---------------: |
+| :zap: zap | 165 ns/op | +0% | 0 allocs/op
+| :zap: zap (sugared) | 212 ns/op | +28% | 1 allocs/op
+| zerolog | 95 ns/op | -42% | 0 allocs/op
+| slog | 296 ns/op | +79% | 0 allocs/op
+| go-kit | 415 ns/op | +152% | 9 allocs/op
+| standard library | 422 ns/op | +156% | 2 allocs/op
+| apex/log | 1601 ns/op | +870% | 5 allocs/op
+| logrus | 3017 ns/op | +1728% | 23 allocs/op
+| log15 | 3469 ns/op | +2002% | 20 allocs/op
 
 ## Development Status: Stable
 
@@ -131,3 +134,4 @@ pinned in the [benchmarks/go.mod][] file. [↩](#anchor-versions)
 [cov]: https://codecov.io/gh/uber-go/zap
 [benchmarking suite]: https://github.com/uber-go/zap/tree/master/benchmarks
 [benchmarks/go.mod]: https://github.com/uber-go/zap/blob/master/benchmarks/go.mod
+
diff --git a/vendor/go.uber.org/zap/array.go b/vendor/go.uber.org/zap/array.go
index 5be3704a3..abfccb566 100644
--- a/vendor/go.uber.org/zap/array.go
+++ b/vendor/go.uber.org/zap/array.go
@@ -21,6 +21,7 @@
 package zap
 
 import (
+	"fmt"
 	"time"
 
 	"go.uber.org/zap/zapcore"
@@ -94,11 +95,137 @@ func Int8s(key string, nums []int8) Field {
 	return Array(key, int8s(nums))
 }
 
+// Objects constructs a field with the given key, holding a list of the
+// provided objects that can be marshaled by Zap.
+//
+// Note that these objects must implement zapcore.ObjectMarshaler directly.
+// That is, if you're trying to marshal a []Request, the MarshalLogObject
+// method must be declared on the Request type, not its pointer (*Request).
+// If it's on the pointer, use ObjectValues.
+//
+// Given an object that implements MarshalLogObject on the value receiver, you
+// can log a slice of those objects with Objects like so:
+//
+//	type Author struct{ ... }
+//	func (a Author) MarshalLogObject(enc zapcore.ObjectEncoder) error
+//
+//	var authors []Author = ...
+//	logger.Info("loading article", zap.Objects("authors", authors))
+//
+// Similarly, given a type that implements MarshalLogObject on its pointer
+// receiver, you can log a slice of pointers to that object with Objects like
+// so:
+//
+//	type Request struct{ ... }
+//	func (r *Request) MarshalLogObject(enc zapcore.ObjectEncoder) error
+//
+//	var requests []*Request = ...
+//	logger.Info("sending requests", zap.Objects("requests", requests))
+//
+// If instead, you have a slice of values of such an object, use the
+// ObjectValues constructor.
+//
+//	var requests []Request = ...
+//	logger.Info("sending requests", zap.ObjectValues("requests", requests))
+func Objects[T zapcore.ObjectMarshaler](key string, values []T) Field {
+	return Array(key, objects[T](values))
+}
+
+type objects[T zapcore.ObjectMarshaler] []T
+
+func (os objects[T]) MarshalLogArray(arr zapcore.ArrayEncoder) error {
+	for _, o := range os {
+		if err := arr.AppendObject(o); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+// ObjectMarshalerPtr is a constraint that specifies that the given type
+// implements zapcore.ObjectMarshaler on a pointer receiver.
+type ObjectMarshalerPtr[T any] interface {
+	*T
+	zapcore.ObjectMarshaler
+}
+
+// ObjectValues constructs a field with the given key, holding a list of the
+// provided objects, where pointers to these objects can be marshaled by Zap.
+//
+// Note that pointers to these objects must implement zapcore.ObjectMarshaler.
+// That is, if you're trying to marshal a []Request, the MarshalLogObject
+// method must be declared on the *Request type, not the value (Request).
+// If it's on the value, use Objects.
+//
+// Given an object that implements MarshalLogObject on the pointer receiver,
+// you can log a slice of those objects with ObjectValues like so:
+//
+//	type Request struct{ ... }
+//	func (r *Request) MarshalLogObject(enc zapcore.ObjectEncoder) error
+//
+//	var requests []Request = ...
+//	logger.Info("sending requests", zap.ObjectValues("requests", requests))
+//
+// If instead, you have a slice of pointers of such an object, use the Objects
+// field constructor.
+//
+//	var requests []*Request = ...
+//	logger.Info("sending requests", zap.Objects("requests", requests))
+func ObjectValues[T any, P ObjectMarshalerPtr[T]](key string, values []T) Field {
+	return Array(key, objectValues[T, P](values))
+}
+
+type objectValues[T any, P ObjectMarshalerPtr[T]] []T
+
+func (os objectValues[T, P]) MarshalLogArray(arr zapcore.ArrayEncoder) error {
+	for i := range os {
+		// It is necessary for us to explicitly reference the "P" type.
+		// We cannot simply pass "&os[i]" to AppendObject because its type
+		// is "*T", which the type system does not consider as
+		// implementing ObjectMarshaler.
+		// Only the type "P" satisfies ObjectMarshaler, which we have
+		// to convert "*T" to explicitly.
+		var p P = &os[i]
+		if err := arr.AppendObject(p); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
 // Strings constructs a field that carries a slice of strings.
 func Strings(key string, ss []string) Field {
 	return Array(key, stringArray(ss))
 }
 
+// Stringers constructs a field with the given key, holding a list of the
+// output provided by the value's String method
+//
+// Given an object that implements String on the value receiver, you
+// can log a slice of those objects with Objects like so:
+//
+//	type Request struct{ ... }
+//	func (a Request) String() string
+//
+//	var requests []Request = ...
+//	logger.Info("sending requests", zap.Stringers("requests", requests))
+//
+// Note that these objects must implement fmt.Stringer directly.
+// That is, if you're trying to marshal a []Request, the String method
+// must be declared on the Request type, not its pointer (*Request).
+func Stringers[T fmt.Stringer](key string, values []T) Field {
+	return Array(key, stringers[T](values))
+}
+
+type stringers[T fmt.Stringer] []T
+
+func (os stringers[T]) MarshalLogArray(arr zapcore.ArrayEncoder) error {
+	for _, o := range os {
+		arr.AppendString(o.String())
+	}
+	return nil
+}
+
 // Times constructs a field that carries a slice of time.Times.
 func Times(key string, ts []time.Time) Field {
 	return Array(key, times(ts))
diff --git a/vendor/go.uber.org/zap/array_go118.go b/vendor/go.uber.org/zap/array_go118.go
deleted file mode 100644
index d0d2c49d6..000000000
--- a/vendor/go.uber.org/zap/array_go118.go
+++ /dev/null
@@ -1,156 +0,0 @@
-// Copyright (c) 2022 Uber Technologies, Inc.
-//
-// Permission is hereby granted, free of charge, to any person obtaining a copy
-// of this software and associated documentation files (the "Software"), to deal
-// in the Software without restriction, including without limitation the rights
-// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-// copies of the Software, and to permit persons to whom the Software is
-// furnished to do so, subject to the following conditions:
-//
-// The above copyright notice and this permission notice shall be included in
-// all copies or substantial portions of the Software.
-//
-// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-// THE SOFTWARE.
-
-//go:build go1.18
-// +build go1.18
-
-package zap
-
-import (
-	"fmt"
-
-	"go.uber.org/zap/zapcore"
-)
-
-// Objects constructs a field with the given key, holding a list of the
-// provided objects that can be marshaled by Zap.
-//
-// Note that these objects must implement zapcore.ObjectMarshaler directly.
-// That is, if you're trying to marshal a []Request, the MarshalLogObject
-// method must be declared on the Request type, not its pointer (*Request).
-// If it's on the pointer, use ObjectValues.
-//
-// Given an object that implements MarshalLogObject on the value receiver, you
-// can log a slice of those objects with Objects like so:
-//
-//	type Author struct{ ... }
-//	func (a Author) MarshalLogObject(enc zapcore.ObjectEncoder) error
-//
-//	var authors []Author = ...
-//	logger.Info("loading article", zap.Objects("authors", authors))
-//
-// Similarly, given a type that implements MarshalLogObject on its pointer
-// receiver, you can log a slice of pointers to that object with Objects like
-// so:
-//
-//	type Request struct{ ... }
-//	func (r *Request) MarshalLogObject(enc zapcore.ObjectEncoder) error
-//
-//	var requests []*Request = ...
-//	logger.Info("sending requests", zap.Objects("requests", requests))
-//
-// If instead, you have a slice of values of such an object, use the
-// ObjectValues constructor.
-//
-//	var requests []Request = ...
-//	logger.Info("sending requests", zap.ObjectValues("requests", requests))
-func Objects[T zapcore.ObjectMarshaler](key string, values []T) Field {
-	return Array(key, objects[T](values))
-}
-
-type objects[T zapcore.ObjectMarshaler] []T
-
-func (os objects[T]) MarshalLogArray(arr zapcore.ArrayEncoder) error {
-	for _, o := range os {
-		if err := arr.AppendObject(o); err != nil {
-			return err
-		}
-	}
-	return nil
-}
-
-// ObjectMarshalerPtr is a constraint that specifies that the given type
-// implements zapcore.ObjectMarshaler on a pointer receiver.
-type ObjectMarshalerPtr[T any] interface {
-	*T
-	zapcore.ObjectMarshaler
-}
-
-// ObjectValues constructs a field with the given key, holding a list of the
-// provided objects, where pointers to these objects can be marshaled by Zap.
-//
-// Note that pointers to these objects must implement zapcore.ObjectMarshaler.
-// That is, if you're trying to marshal a []Request, the MarshalLogObject
-// method must be declared on the *Request type, not the value (Request).
-// If it's on the value, use Objects.
-//
-// Given an object that implements MarshalLogObject on the pointer receiver,
-// you can log a slice of those objects with ObjectValues like so:
-//
-//	type Request struct{ ... }
-//	func (r *Request) MarshalLogObject(enc zapcore.ObjectEncoder) error
-//
-//	var requests []Request = ...
-//	logger.Info("sending requests", zap.ObjectValues("requests", requests))
-//
-// If instead, you have a slice of pointers of such an object, use the Objects
-// field constructor.
-//
-//	var requests []*Request = ...
-//	logger.Info("sending requests", zap.Objects("requests", requests))
-func ObjectValues[T any, P ObjectMarshalerPtr[T]](key string, values []T) Field {
-	return Array(key, objectValues[T, P](values))
-}
-
-type objectValues[T any, P ObjectMarshalerPtr[T]] []T
-
-func (os objectValues[T, P]) MarshalLogArray(arr zapcore.ArrayEncoder) error {
-	for i := range os {
-		// It is necessary for us to explicitly reference the "P" type.
-		// We cannot simply pass "&os[i]" to AppendObject because its type
-		// is "*T", which the type system does not consider as
-		// implementing ObjectMarshaler.
-		// Only the type "P" satisfies ObjectMarshaler, which we have
-		// to convert "*T" to explicitly.
-		var p P = &os[i]
-		if err := arr.AppendObject(p); err != nil {
-			return err
-		}
-	}
-	return nil
-}
-
-// Stringers constructs a field with the given key, holding a list of the
-// output provided by the value's String method
-//
-// Given an object that implements String on the value receiver, you
-// can log a slice of those objects with Objects like so:
-//
-//	type Request struct{ ... }
-//	func (a Request) String() string
-//
-//	var requests []Request = ...
-//	logger.Info("sending requests", zap.Stringers("requests", requests))
-//
-// Note that these objects must implement fmt.Stringer directly.
-// That is, if you're trying to marshal a []Request, the String method
-// must be declared on the Request type, not its pointer (*Request).
-func Stringers[T fmt.Stringer](key string, values []T) Field {
-	return Array(key, stringers[T](values))
-}
-
-type stringers[T fmt.Stringer] []T
-
-func (os stringers[T]) MarshalLogArray(arr zapcore.ArrayEncoder) error {
-	for _, o := range os {
-		arr.AppendString(o.String())
-	}
-	return nil
-}
diff --git a/vendor/go.uber.org/zap/buffer/buffer.go b/vendor/go.uber.org/zap/buffer/buffer.go
index 9e929cd98..27fb5cd5d 100644
--- a/vendor/go.uber.org/zap/buffer/buffer.go
+++ b/vendor/go.uber.org/zap/buffer/buffer.go
@@ -42,6 +42,11 @@ func (b *Buffer) AppendByte(v byte) {
 	b.bs = append(b.bs, v)
 }
 
+// AppendBytes writes a single byte to the Buffer.
+func (b *Buffer) AppendBytes(v []byte) {
+	b.bs = append(b.bs, v...)
+}
+
 // AppendString writes a string to the Buffer.
 func (b *Buffer) AppendString(s string) {
 	b.bs = append(b.bs, s...)
diff --git a/vendor/go.uber.org/zap/buffer/pool.go b/vendor/go.uber.org/zap/buffer/pool.go
index 8fb3e202c..846323360 100644
--- a/vendor/go.uber.org/zap/buffer/pool.go
+++ b/vendor/go.uber.org/zap/buffer/pool.go
@@ -20,25 +20,29 @@
 
 package buffer
 
-import "sync"
+import (
+	"go.uber.org/zap/internal/pool"
+)
 
 // A Pool is a type-safe wrapper around a sync.Pool.
 type Pool struct {
-	p *sync.Pool
+	p *pool.Pool[*Buffer]
 }
 
 // NewPool constructs a new Pool.
 func NewPool() Pool {
-	return Pool{p: &sync.Pool{
-		New: func() interface{} {
-			return &Buffer{bs: make([]byte, 0, _size)}
-		},
-	}}
+	return Pool{
+		p: pool.New(func() *Buffer {
+			return &Buffer{
+				bs: make([]byte, 0, _size),
+			}
+		}),
+	}
 }
 
 // Get retrieves a Buffer from the pool, creating one if necessary.
 func (p Pool) Get() *Buffer {
-	buf := p.p.Get().(*Buffer)
+	buf := p.p.Get()
 	buf.Reset()
 	buf.pool = p
 	return buf
diff --git a/vendor/go.uber.org/zap/config.go b/vendor/go.uber.org/zap/config.go
index ee6096766..e76e4e64f 100644
--- a/vendor/go.uber.org/zap/config.go
+++ b/vendor/go.uber.org/zap/config.go
@@ -95,6 +95,32 @@ type Config struct {
 
 // NewProductionEncoderConfig returns an opinionated EncoderConfig for
 // production environments.
+//
+// Messages encoded with this configuration will be JSON-formatted
+// and will have the following keys by default:
+//
+//   - "level": The logging level (e.g. "info", "error").
+//   - "ts": The current time in number of seconds since the Unix epoch.
+//   - "msg": The message passed to the log statement.
+//   - "caller": If available, a short path to the file and line number
+//     where the log statement was issued.
+//     The logger configuration determines whether this field is captured.
+//   - "stacktrace": If available, a stack trace from the line
+//     where the log statement was issued.
+//     The logger configuration determines whether this field is captured.
+//
+// By default, the following formats are used for different types:
+//
+//   - Time is formatted as floating-point number of seconds since the Unix
+//     epoch.
+//   - Duration is formatted as floating-point number of seconds.
+//
+// You may change these by setting the appropriate fields in the returned
+// object.
+// For example, use the following to change the time encoding format:
+//
+//	cfg := zap.NewProductionEncoderConfig()
+//	cfg.EncodeTime = zapcore.ISO8601TimeEncoder
 func NewProductionEncoderConfig() zapcore.EncoderConfig {
 	return zapcore.EncoderConfig{
 		TimeKey:        "ts",
@@ -112,11 +138,22 @@ func NewProductionEncoderConfig() zapcore.EncoderConfig {
 	}
 }
 
-// NewProductionConfig is a reasonable production logging configuration.
-// Logging is enabled at InfoLevel and above.
+// NewProductionConfig builds a reasonable default production logging
+// configuration.
+// Logging is enabled at InfoLevel and above, and uses a JSON encoder.
+// Logs are written to standard error.
+// Stacktraces are included on logs of ErrorLevel and above.
+// DPanicLevel logs will not panic, but will write a stacktrace.
+//
+// Sampling is enabled at 100:100 by default,
+// meaning that after the first 100 log entries
+// with the same level and message in the same second,
+// it will log every 100th entry
+// with the same level and message in the same second.
+// You may disable this behavior by setting Sampling to nil.
 //
-// It uses a JSON encoder, writes to standard error, and enables sampling.
-// Stacktraces are automatically included on logs of ErrorLevel and above.
+// See [NewProductionEncoderConfig] for information
+// on the default encoder configuration.
 func NewProductionConfig() Config {
 	return Config{
 		Level:       NewAtomicLevelAt(InfoLevel),
@@ -134,6 +171,32 @@ func NewProductionConfig() Config {
 
 // NewDevelopmentEncoderConfig returns an opinionated EncoderConfig for
 // development environments.
+//
+// Messages encoded with this configuration will use Zap's console encoder
+// intended to print human-readable output.
+// It will print log messages with the following information:
+//
+//   - The log level (e.g. "INFO", "ERROR").
+//   - The time in ISO8601 format (e.g. "2017-01-01T12:00:00Z").
+//   - The message passed to the log statement.
+//   - If available, a short path to the file and line number
+//     where the log statement was issued.
+//     The logger configuration determines whether this field is captured.
+//   - If available, a stacktrace from the line
+//     where the log statement was issued.
+//     The logger configuration determines whether this field is captured.
+//
+// By default, the following formats are used for different types:
+//
+//   - Time is formatted in ISO8601 format (e.g. "2017-01-01T12:00:00Z").
+//   - Duration is formatted as a string (e.g. "1.234s").
+//
+// You may change these by setting the appropriate fields in the returned
+// object.
+// For example, use the following to change the time encoding format:
+//
+//	cfg := zap.NewDevelopmentEncoderConfig()
+//	cfg.EncodeTime = zapcore.ISO8601TimeEncoder
 func NewDevelopmentEncoderConfig() zapcore.EncoderConfig {
 	return zapcore.EncoderConfig{
 		// Keys can be anything except the empty string.
@@ -152,12 +215,15 @@ func NewDevelopmentEncoderConfig() zapcore.EncoderConfig {
 	}
 }
 
-// NewDevelopmentConfig is a reasonable development logging configuration.
-// Logging is enabled at DebugLevel and above.
+// NewDevelopmentConfig builds a reasonable default development logging
+// configuration.
+// Logging is enabled at DebugLevel and above, and uses a console encoder.
+// Logs are written to standard error.
+// Stacktraces are included on logs of WarnLevel and above.
+// DPanicLevel logs will panic.
 //
-// It enables development mode (which makes DPanicLevel logs panic), uses a
-// console encoder, writes to standard error, and disables sampling.
-// Stacktraces are automatically included on logs of WarnLevel and above.
+// See [NewDevelopmentEncoderConfig] for information
+// on the default encoder configuration.
 func NewDevelopmentConfig() Config {
 	return Config{
 		Level:            NewAtomicLevelAt(DebugLevel),
diff --git a/vendor/go.uber.org/zap/error.go b/vendor/go.uber.org/zap/error.go
index 65982a51e..45f7b838d 100644
--- a/vendor/go.uber.org/zap/error.go
+++ b/vendor/go.uber.org/zap/error.go
@@ -21,14 +21,13 @@
 package zap
 
 import (
-	"sync"
-
+	"go.uber.org/zap/internal/pool"
 	"go.uber.org/zap/zapcore"
 )
 
-var _errArrayElemPool = sync.Pool{New: func() interface{} {
+var _errArrayElemPool = pool.New(func() *errArrayElem {
 	return &errArrayElem{}
-}}
+})
 
 // Error is shorthand for the common idiom NamedError("error", err).
 func Error(err error) Field {
@@ -60,11 +59,14 @@ func (errs errArray) MarshalLogArray(arr zapcore.ArrayEncoder) error {
 		// potentially an "errorVerbose" attribute, we need to wrap it in a
 		// type that implements LogObjectMarshaler. To prevent this from
 		// allocating, pool the wrapper type.
-		elem := _errArrayElemPool.Get().(*errArrayElem)
+		elem := _errArrayElemPool.Get()
 		elem.error = errs[i]
-		arr.AppendObject(elem)
+		err := arr.AppendObject(elem)
 		elem.error = nil
 		_errArrayElemPool.Put(elem)
+		if err != nil {
+			return err
+		}
 	}
 	return nil
 }
diff --git a/vendor/go.uber.org/zap/field.go b/vendor/go.uber.org/zap/field.go
index bbb745db5..c8dd3358a 100644
--- a/vendor/go.uber.org/zap/field.go
+++ b/vendor/go.uber.org/zap/field.go
@@ -25,6 +25,7 @@ import (
 	"math"
 	"time"
 
+	"go.uber.org/zap/internal/stacktrace"
 	"go.uber.org/zap/zapcore"
 )
 
@@ -374,7 +375,7 @@ func StackSkip(key string, skip int) Field {
 	// from expanding the zapcore.Field union struct to include a byte slice. Since
 	// taking a stacktrace is already so expensive (~10us), the extra allocation
 	// is okay.
-	return String(key, takeStacktrace(skip+1)) // skip StackSkip
+	return String(key, stacktrace.Take(skip+1)) // skip StackSkip
 }
 
 // Duration constructs a field with the given key and value. The encoder
@@ -410,6 +411,63 @@ func Inline(val zapcore.ObjectMarshaler) Field {
 	}
 }
 
+// Dict constructs a field containing the provided key-value pairs.
+// It acts similar to [Object], but with the fields specified as arguments.
+func Dict(key string, val ...Field) Field {
+	return dictField(key, val)
+}
+
+// We need a function with the signature (string, T) for zap.Any.
+func dictField(key string, val []Field) Field {
+	return Object(key, dictObject(val))
+}
+
+type dictObject []Field
+
+func (d dictObject) MarshalLogObject(enc zapcore.ObjectEncoder) error {
+	for _, f := range d {
+		f.AddTo(enc)
+	}
+	return nil
+}
+
+// We discovered an issue where zap.Any can cause a performance degradation
+// when used in new goroutines.
+//
+// This happens because the compiler assigns 4.8kb (one zap.Field per arm of
+// switch statement) of stack space for zap.Any when it takes the form:
+//
+//	switch v := v.(type) {
+//	case string:
+//		return String(key, v)
+//	case int:
+//		return Int(key, v)
+//		// ...
+//	default:
+//		return Reflect(key, v)
+//	}
+//
+// To avoid this, we use the type switch to assign a value to a single local variable
+// and then call a function on it.
+// The local variable is just a function reference so it doesn't allocate
+// when converted to an interface{}.
+//
+// A fair bit of experimentation went into this.
+// See also:
+//
+// - https://github.com/uber-go/zap/pull/1301
+// - https://github.com/uber-go/zap/pull/1303
+// - https://github.com/uber-go/zap/pull/1304
+// - https://github.com/uber-go/zap/pull/1305
+// - https://github.com/uber-go/zap/pull/1308
+type anyFieldC[T any] func(string, T) Field
+
+func (f anyFieldC[T]) Any(key string, val any) Field {
+	v, _ := val.(T)
+	// val is guaranteed to be a T, except when it's nil.
+	return f(key, v)
+}
+
 // Any takes a key and an arbitrary value and chooses the best way to represent
 // them as a field, falling back to a reflection-based approach only if
 // necessary.
@@ -418,132 +476,138 @@ func Inline(val zapcore.ObjectMarshaler) Field {
 // them. To minimize surprises, []byte values are treated as binary blobs, byte
 // values are treated as uint8, and runes are always treated as integers.
 func Any(key string, value interface{}) Field {
-	switch val := value.(type) {
+	var c interface{ Any(string, any) Field }
+
+	switch value.(type) {
 	case zapcore.ObjectMarshaler:
-		return Object(key, val)
+		c = anyFieldC[zapcore.ObjectMarshaler](Object)
 	case zapcore.ArrayMarshaler:
-		return Array(key, val)
+		c = anyFieldC[zapcore.ArrayMarshaler](Array)
+	case []Field:
+		c = anyFieldC[[]Field](dictField)
 	case bool:
-		return Bool(key, val)
+		c = anyFieldC[bool](Bool)
 	case *bool:
-		return Boolp(key, val)
+		c = anyFieldC[*bool](Boolp)
 	case []bool:
-		return Bools(key, val)
+		c = anyFieldC[[]bool](Bools)
 	case complex128:
-		return Complex128(key, val)
+		c = anyFieldC[complex128](Complex128)
 	case *complex128:
-		return Complex128p(key, val)
+		c = anyFieldC[*complex128](Complex128p)
 	case []complex128:
-		return Complex128s(key, val)
+		c = anyFieldC[[]complex128](Complex128s)
 	case complex64:
-		return Complex64(key, val)
+		c = anyFieldC[complex64](Complex64)
 	case *complex64:
-		return Complex64p(key, val)
+		c = anyFieldC[*complex64](Complex64p)
 	case []complex64:
-		return Complex64s(key, val)
+		c = anyFieldC[[]complex64](Complex64s)
 	case float64:
-		return Float64(key, val)
+		c = anyFieldC[float64](Float64)
 	case *float64:
-		return Float64p(key, val)
+		c = anyFieldC[*float64](Float64p)
 	case []float64:
-		return Float64s(key, val)
+		c = anyFieldC[[]float64](Float64s)
 	case float32:
-		return Float32(key, val)
+		c = anyFieldC[float32](Float32)
 	case *float32:
-		return Float32p(key, val)
+		c = anyFieldC[*float32](Float32p)
 	case []float32:
-		return Float32s(key, val)
+		c = anyFieldC[[]float32](Float32s)
 	case int:
-		return Int(key, val)
+		c = anyFieldC[int](Int)
 	case *int:
-		return Intp(key, val)
+		c = anyFieldC[*int](Intp)
 	case []int:
-		return Ints(key, val)
+		c = anyFieldC[[]int](Ints)
 	case int64:
-		return Int64(key, val)
+		c = anyFieldC[int64](Int64)
 	case *int64:
-		return Int64p(key, val)
+		c = anyFieldC[*int64](Int64p)
 	case []int64:
-		return Int64s(key, val)
+		c = anyFieldC[[]int64](Int64s)
 	case int32:
-		return Int32(key, val)
+		c = anyFieldC[int32](Int32)
 	case *int32:
-		return Int32p(key, val)
+		c = anyFieldC[*int32](Int32p)
 	case []int32:
-		return Int32s(key, val)
+		c = anyFieldC[[]int32](Int32s)
 	case int16:
-		return Int16(key, val)
+		c = anyFieldC[int16](Int16)
 	case *int16:
-		return Int16p(key, val)
+		c = anyFieldC[*int16](Int16p)
 	case []int16:
-		return Int16s(key, val)
+		c = anyFieldC[[]int16](Int16s)
 	case int8:
-		return Int8(key, val)
+		c = anyFieldC[int8](Int8)
 	case *int8:
-		return Int8p(key, val)
+		c = anyFieldC[*int8](Int8p)
 	case []int8:
-		return Int8s(key, val)
+		c = anyFieldC[[]int8](Int8s)
 	case string:
-		return String(key, val)
+		c = anyFieldC[string](String)
 	case *string:
-		return Stringp(key, val)
+		c = anyFieldC[*string](Stringp)
 	case []string:
-		return Strings(key, val)
+		c = anyFieldC[[]string](Strings)
 	case uint:
-		return Uint(key, val)
+		c = anyFieldC[uint](Uint)
 	case *uint:
-		return Uintp(key, val)
+		c = anyFieldC[*uint](Uintp)
 	case []uint:
-		return Uints(key, val)
+		c = anyFieldC[[]uint](Uints)
 	case uint64:
-		return Uint64(key, val)
+		c = anyFieldC[uint64](Uint64)
 	case *uint64:
-		return Uint64p(key, val)
+		c = anyFieldC[*uint64](Uint64p)
 	case []uint64:
-		return Uint64s(key, val)
+		c = anyFieldC[[]uint64](Uint64s)
 	case uint32:
-		return Uint32(key, val)
+		c = anyFieldC[uint32](Uint32)
 	case *uint32:
-		return Uint32p(key, val)
+		c = anyFieldC[*uint32](Uint32p)
 	case []uint32:
-		return Uint32s(key, val)
+		c = anyFieldC[[]uint32](Uint32s)
 	case uint16:
-		return Uint16(key, val)
+		c = anyFieldC[uint16](Uint16)
 	case *uint16:
-		return Uint16p(key, val)
+		c = anyFieldC[*uint16](Uint16p)
 	case []uint16:
-		return Uint16s(key, val)
+		c = anyFieldC[[]uint16](Uint16s)
 	case uint8:
-		return Uint8(key, val)
+		c = anyFieldC[uint8](Uint8)
 	case *uint8:
-		return Uint8p(key, val)
+		c = anyFieldC[*uint8](Uint8p)
 	case []byte:
-		return Binary(key, val)
+		c = anyFieldC[[]byte](Binary)
 	case uintptr:
-		return Uintptr(key, val)
+		c = anyFieldC[uintptr](Uintptr)
 	case *uintptr:
-		return Uintptrp(key, val)
+		c = anyFieldC[*uintptr](Uintptrp)
 	case []uintptr:
-		return Uintptrs(key, val)
+		c = anyFieldC[[]uintptr](Uintptrs)
 	case time.Time:
-		return Time(key, val)
+		c = anyFieldC[time.Time](Time)
 	case *time.Time:
-		return Timep(key, val)
+		c = anyFieldC[*time.Time](Timep)
 	case []time.Time:
-		return Times(key, val)
+		c = anyFieldC[[]time.Time](Times)
 	case time.Duration:
-		return Duration(key, val)
+		c = anyFieldC[time.Duration](Duration)
 	case *time.Duration:
-		return Durationp(key, val)
+		c = anyFieldC[*time.Duration](Durationp)
 	case []time.Duration:
-		return Durations(key, val)
+		c = anyFieldC[[]time.Duration](Durations)
 	case error:
-		return NamedError(key, val)
+		c = anyFieldC[error](NamedError)
 	case []error:
-		return Errors(key, val)
+		c = anyFieldC[[]error](Errors)
 	case fmt.Stringer:
-		return Stringer(key, val)
+		c = anyFieldC[fmt.Stringer](Stringer)
 	default:
-		return Reflect(key, val)
+		c = anyFieldC[any](Reflect)
 	}
+
+	return c.Any(key, value)
 }
diff --git a/vendor/go.uber.org/zap/http_handler.go b/vendor/go.uber.org/zap/http_handler.go
index 632b6831a..2be8f6515 100644
--- a/vendor/go.uber.org/zap/http_handler.go
+++ b/vendor/go.uber.org/zap/http_handler.go
@@ -69,6 +69,13 @@ import (
 //
 //	curl -X PUT localhost:8080/log/level -H "Content-Type: application/json" -d '{"level":"debug"}'
 func (lvl AtomicLevel) ServeHTTP(w http.ResponseWriter, r *http.Request) {
+	if err := lvl.serveHTTP(w, r); err != nil {
+		w.WriteHeader(http.StatusInternalServerError)
+		fmt.Fprintf(w, "internal error: %v", err)
+	}
+}
+
+func (lvl AtomicLevel) serveHTTP(w http.ResponseWriter, r *http.Request) error {
 	type errorResponse struct {
 		Error string `json:"error"`
 	}
@@ -80,19 +87,20 @@ func (lvl AtomicLevel) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 
 	switch r.Method {
 	case http.MethodGet:
-		enc.Encode(payload{Level: lvl.Level()})
+		return enc.Encode(payload{Level: lvl.Level()})
+
 	case http.MethodPut:
 		requestedLvl, err := decodePutRequest(r.Header.Get("Content-Type"), r)
 		if err != nil {
 			w.WriteHeader(http.StatusBadRequest)
-			enc.Encode(errorResponse{Error: err.Error()})
-			return
+			return enc.Encode(errorResponse{Error: err.Error()})
 		}
 		lvl.SetLevel(requestedLvl)
-		enc.Encode(payload{Level: lvl.Level()})
+		return enc.Encode(payload{Level: lvl.Level()})
+
 	default:
 		w.WriteHeader(http.StatusMethodNotAllowed)
-		enc.Encode(errorResponse{
+		return enc.Encode(errorResponse{
 			Error: "Only GET and PUT are supported.",
 		})
 	}
@@ -129,5 +137,4 @@ func decodePutJSON(body io.Reader) (zapcore.Level, error) {
 		return 0, errors.New("must specify logging level")
 	}
 	return *pld.Level, nil
-
 }
diff --git a/vendor/go.uber.org/zap/internal/level_enabler.go b/vendor/go.uber.org/zap/internal/level_enabler.go
index 5f3e3f1b9..40bfed81e 100644
--- a/vendor/go.uber.org/zap/internal/level_enabler.go
+++ b/vendor/go.uber.org/zap/internal/level_enabler.go
@@ -18,6 +18,8 @@
 // OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 // THE SOFTWARE.
 
+// Package internal and its subpackages hold types and functionality
+// that are not part of Zap's public API.
 package internal
 
 import "go.uber.org/zap/zapcore"
diff --git a/vendor/go.uber.org/zap/internal/pool/pool.go b/vendor/go.uber.org/zap/internal/pool/pool.go
new file mode 100644
index 000000000..60e9d2c43
--- /dev/null
+++ b/vendor/go.uber.org/zap/internal/pool/pool.go
@@ -0,0 +1,58 @@
+// Copyright (c) 2023 Uber Technologies, Inc.
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files (the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions:
+//
+// The above copyright notice and this permission notice shall be included in
+// all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+// THE SOFTWARE.
+
+// Package pool provides internal pool utilities.
+package pool
+
+import (
+	"sync"
+)
+
+// A Pool is a generic wrapper around [sync.Pool] to provide strongly-typed
+// object pooling.
+//
+// Note that SA6002 (ref: https://staticcheck.io/docs/checks/#SA6002) will
+// not be detected, so all internal pool use must take care to only store
+// pointer types.
+type Pool[T any] struct {
+	pool sync.Pool
+}
+
+// New returns a new [Pool] for T, and will use fn to construct new Ts when
+// the pool is empty.
+func New[T any](fn func() T) *Pool[T] {
+	return &Pool[T]{
+		pool: sync.Pool{
+			New: func() any {
+				return fn()
+			},
+		},
+	}
+}
+
+// Get gets a T from the pool, or creates a new one if the pool is empty.
+func (p *Pool[T]) Get() T {
+	return p.pool.Get().(T)
+}
+
+// Put returns x into the pool.
+func (p *Pool[T]) Put(x T) {
+	p.pool.Put(x)
+}
diff --git a/vendor/go.uber.org/zap/stacktrace.go b/vendor/go.uber.org/zap/internal/stacktrace/stack.go
similarity index 73%
rename from vendor/go.uber.org/zap/stacktrace.go
rename to vendor/go.uber.org/zap/internal/stacktrace/stack.go
index 817a3bde8..82af7551f 100644
--- a/vendor/go.uber.org/zap/stacktrace.go
+++ b/vendor/go.uber.org/zap/internal/stacktrace/stack.go
@@ -1,4 +1,4 @@
-// Copyright (c) 2016 Uber Technologies, Inc.
+// Copyright (c) 2023 Uber Technologies, Inc.
 //
 // Permission is hereby granted, free of charge, to any person obtaining a copy
 // of this software and associated documentation files (the "Software"), to deal
@@ -18,25 +18,26 @@
 // OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 // THE SOFTWARE.
 
-package zap
+// Package stacktrace provides support for gathering stack traces
+// efficiently.
+package stacktrace
 
 import (
 	"runtime"
-	"sync"
 
 	"go.uber.org/zap/buffer"
 	"go.uber.org/zap/internal/bufferpool"
+	"go.uber.org/zap/internal/pool"
 )
 
-var _stacktracePool = sync.Pool{
-	New: func() interface{} {
-		return &stacktrace{
-			storage: make([]uintptr, 64),
-		}
-	},
-}
+var _stackPool = pool.New(func() *Stack {
+	return &Stack{
+		storage: make([]uintptr, 64),
+	}
+})
 
-type stacktrace struct {
+// Stack is a captured stack trace.
+type Stack struct {
 	pcs    []uintptr // program counters; always a subslice of storage
 	frames *runtime.Frames
 
@@ -50,30 +51,30 @@ type stacktrace struct {
 	storage []uintptr
 }
 
-// stacktraceDepth specifies how deep of a stack trace should be captured.
-type stacktraceDepth int
+// Depth specifies how deep of a stack trace should be captured.
+type Depth int
 
 const (
-	// stacktraceFirst captures only the first frame.
-	stacktraceFirst stacktraceDepth = iota
+	// First captures only the first frame.
+	First Depth = iota
 
-	// stacktraceFull captures the entire call stack, allocating more
+	// Full captures the entire call stack, allocating more
 	// storage for it if needed.
-	stacktraceFull
+	Full
 )
 
-// captureStacktrace captures a stack trace of the specified depth, skipping
+// Capture captures a stack trace of the specified depth, skipping
 // the provided number of frames. skip=0 identifies the caller of
-// captureStacktrace.
+// Capture.
 //
 // The caller must call Free on the returned stacktrace after using it.
-func captureStacktrace(skip int, depth stacktraceDepth) *stacktrace {
-	stack := _stacktracePool.Get().(*stacktrace)
+func Capture(skip int, depth Depth) *Stack {
+	stack := _stackPool.Get()
 
 	switch depth {
-	case stacktraceFirst:
+	case First:
 		stack.pcs = stack.storage[:1]
-	case stacktraceFull:
+	case Full:
 		stack.pcs = stack.storage
 	}
 
@@ -87,7 +88,7 @@ func captureStacktrace(skip int, depth stacktraceDepth) *stacktrace {
 	// runtime.Callers truncates the recorded stacktrace if there is no
 	// room in the provided slice. For the full stack trace, keep expanding
 	// storage until there are fewer frames than there is room.
-	if depth == stacktraceFull {
+	if depth == Full {
 		pcs := stack.pcs
 		for numFrames == len(pcs) {
 			pcs = make([]uintptr, len(pcs)*2)
@@ -109,50 +110,54 @@ func captureStacktrace(skip int, depth stacktraceDepth) *stacktrace {
 
 // Free releases resources associated with this stacktrace
 // and returns it back to the pool.
-func (st *stacktrace) Free() {
+func (st *Stack) Free() {
 	st.frames = nil
 	st.pcs = nil
-	_stacktracePool.Put(st)
+	_stackPool.Put(st)
 }
 
 // Count reports the total number of frames in this stacktrace.
 // Count DOES NOT change as Next is called.
-func (st *stacktrace) Count() int {
+func (st *Stack) Count() int {
 	return len(st.pcs)
 }
 
 // Next returns the next frame in the stack trace,
 // and a boolean indicating whether there are more after it.
-func (st *stacktrace) Next() (_ runtime.Frame, more bool) {
+func (st *Stack) Next() (_ runtime.Frame, more bool) {
 	return st.frames.Next()
 }
 
-func takeStacktrace(skip int) string {
-	stack := captureStacktrace(skip+1, stacktraceFull)
+// Take returns a string representation of the current stacktrace.
+//
+// skip is the number of frames to skip before recording the stack trace.
+// skip=0 identifies the caller of Take.
+func Take(skip int) string {
+	stack := Capture(skip+1, Full)
 	defer stack.Free()
 
 	buffer := bufferpool.Get()
 	defer buffer.Free()
 
-	stackfmt := newStackFormatter(buffer)
+	stackfmt := NewFormatter(buffer)
 	stackfmt.FormatStack(stack)
 	return buffer.String()
 }
 
-// stackFormatter formats a stack trace into a readable string representation.
-type stackFormatter struct {
+// Formatter formats a stack trace into a readable string representation.
+type Formatter struct {
 	b        *buffer.Buffer
 	nonEmpty bool // whehther we've written at least one frame already
 }
 
-// newStackFormatter builds a new stackFormatter.
-func newStackFormatter(b *buffer.Buffer) stackFormatter {
-	return stackFormatter{b: b}
+// NewFormatter builds a new Formatter.
+func NewFormatter(b *buffer.Buffer) Formatter {
+	return Formatter{b: b}
 }
 
 // FormatStack formats all remaining frames in the provided stacktrace -- minus
 // the final runtime.main/runtime.goexit frame.
-func (sf *stackFormatter) FormatStack(stack *stacktrace) {
+func (sf *Formatter) FormatStack(stack *Stack) {
 	// Note: On the last iteration, frames.Next() returns false, with a valid
 	// frame, but we ignore this frame. The last frame is a runtime frame which
 	// adds noise, since it's only either runtime.main or runtime.goexit.
@@ -162,7 +167,7 @@ func (sf *stackFormatter) FormatStack(stack *stacktrace) {
 }
 
 // FormatFrame formats the given frame.
-func (sf *stackFormatter) FormatFrame(frame runtime.Frame) {
+func (sf *Formatter) FormatFrame(frame runtime.Frame) {
 	if sf.nonEmpty {
 		sf.b.AppendByte('\n')
 	}
diff --git a/vendor/go.uber.org/zap/level.go b/vendor/go.uber.org/zap/level.go
index db951e19a..155b208bd 100644
--- a/vendor/go.uber.org/zap/level.go
+++ b/vendor/go.uber.org/zap/level.go
@@ -21,7 +21,8 @@
 package zap
 
 import (
-	"go.uber.org/atomic"
+	"sync/atomic"
+
 	"go.uber.org/zap/internal"
 	"go.uber.org/zap/zapcore"
 )
@@ -76,9 +77,9 @@ var _ internal.LeveledEnabler = AtomicLevel{}
 // NewAtomicLevel creates an AtomicLevel with InfoLevel and above logging
 // enabled.
 func NewAtomicLevel() AtomicLevel {
-	return AtomicLevel{
-		l: atomic.NewInt32(int32(InfoLevel)),
-	}
+	lvl := AtomicLevel{l: new(atomic.Int32)}
+	lvl.l.Store(int32(InfoLevel))
+	return lvl
 }
 
 // NewAtomicLevelAt is a convenience function that creates an AtomicLevel
diff --git a/vendor/go.uber.org/zap/logger.go b/vendor/go.uber.org/zap/logger.go
index cd44030d1..6205fe48a 100644
--- a/vendor/go.uber.org/zap/logger.go
+++ b/vendor/go.uber.org/zap/logger.go
@@ -27,6 +27,7 @@ import (
 	"strings"
 
 	"go.uber.org/zap/internal/bufferpool"
+	"go.uber.org/zap/internal/stacktrace"
 	"go.uber.org/zap/zapcore"
 )
 
@@ -173,7 +174,8 @@ func (log *Logger) WithOptions(opts ...Option) *Logger {
 }
 
 // With creates a child logger and adds structured context to it. Fields added
-// to the child don't affect the parent, and vice versa.
+// to the child don't affect the parent, and vice versa. Any fields that
+// require evaluation (such as Objects) are evaluated upon invocation of With.
 func (log *Logger) With(fields ...Field) *Logger {
 	if len(fields) == 0 {
 		return log
@@ -183,6 +185,28 @@ func (log *Logger) With(fields ...Field) *Logger {
 	return l
 }
 
+// WithLazy creates a child logger and adds structured context to it lazily.
+//
+// The fields are evaluated only if the logger is further chained with [With]
+// or is written to with any of the log level methods.
+// Until that occurs, the logger may retain references to objects inside the fields,
+// and logging will reflect the state of an object at the time of logging,
+// not the time of WithLazy().
+//
+// WithLazy provides a worthwhile performance optimization for contextual loggers
+// when the likelihood of using the child logger is low,
+// such as error paths and rarely taken branches.
+//
+// Similar to [With], fields added to the child don't affect the parent, and vice versa.
+func (log *Logger) WithLazy(fields ...Field) *Logger {
+	if len(fields) == 0 {
+		return log
+	}
+	return log.WithOptions(WrapCore(func(core zapcore.Core) zapcore.Core {
+		return zapcore.NewLazyWith(core, fields)
+	}))
+}
+
 // Level reports the minimum enabled level for this logger.
 //
 // For NopLoggers, this is [zapcore.InvalidLevel].
@@ -199,6 +223,8 @@ func (log *Logger) Check(lvl zapcore.Level, msg string) *zapcore.CheckedEntry {
 
 // Log logs a message at the specified level. The message includes any fields
 // passed at the log site, as well as any fields accumulated on the logger.
+// Any Fields that require  evaluation (such as Objects) are evaluated upon
+// invocation of Log.
 func (log *Logger) Log(lvl zapcore.Level, msg string, fields ...Field) {
 	if ce := log.check(lvl, msg); ce != nil {
 		ce.Write(fields...)
@@ -281,9 +307,15 @@ func (log *Logger) Core() zapcore.Core {
 	return log.core
 }
 
+// Name returns the Logger's underlying name,
+// or an empty string if the logger is unnamed.
+func (log *Logger) Name() string {
+	return log.name
+}
+
 func (log *Logger) clone() *Logger {
-	copy := *log
-	return &copy
+	clone := *log
+	return &clone
 }
 
 func (log *Logger) check(lvl zapcore.Level, msg string) *zapcore.CheckedEntry {
@@ -354,17 +386,17 @@ func (log *Logger) check(lvl zapcore.Level, msg string) *zapcore.CheckedEntry {
 
 	// Adding the caller or stack trace requires capturing the callers of
 	// this function. We'll share information between these two.
-	stackDepth := stacktraceFirst
+	stackDepth := stacktrace.First
 	if addStack {
-		stackDepth = stacktraceFull
+		stackDepth = stacktrace.Full
 	}
-	stack := captureStacktrace(log.callerSkip+callerSkipOffset, stackDepth)
+	stack := stacktrace.Capture(log.callerSkip+callerSkipOffset, stackDepth)
 	defer stack.Free()
 
 	if stack.Count() == 0 {
 		if log.addCaller {
 			fmt.Fprintf(log.errorOutput, "%v Logger.check error: failed to get caller\n", ent.Time.UTC())
-			log.errorOutput.Sync()
+			_ = log.errorOutput.Sync()
 		}
 		return ce
 	}
@@ -385,7 +417,7 @@ func (log *Logger) check(lvl zapcore.Level, msg string) *zapcore.CheckedEntry {
 		buffer := bufferpool.Get()
 		defer buffer.Free()
 
-		stackfmt := newStackFormatter(buffer)
+		stackfmt := stacktrace.NewFormatter(buffer)
 
 		// We've already extracted the first frame, so format that
 		// separately and defer to stackfmt for the rest.
diff --git a/vendor/go.uber.org/zap/sink.go b/vendor/go.uber.org/zap/sink.go
index 478c9a10f..499772a00 100644
--- a/vendor/go.uber.org/zap/sink.go
+++ b/vendor/go.uber.org/zap/sink.go
@@ -66,7 +66,8 @@ func newSinkRegistry() *sinkRegistry {
 		factories: make(map[string]func(*url.URL) (Sink, error)),
 		openFile:  os.OpenFile,
 	}
-	sr.RegisterSink(schemeFile, sr.newFileSinkFromURL)
+	// Infallible operation: the registry is empty, so we can't have a conflict.
+	_ = sr.RegisterSink(schemeFile, sr.newFileSinkFromURL)
 	return sr
 }
 
@@ -154,7 +155,7 @@ func (sr *sinkRegistry) newFileSinkFromPath(path string) (Sink, error) {
 	case "stderr":
 		return nopCloserSink{os.Stderr}, nil
 	}
-	return sr.openFile(path, os.O_WRONLY|os.O_APPEND|os.O_CREATE, 0666)
+	return sr.openFile(path, os.O_WRONLY|os.O_APPEND|os.O_CREATE, 0o666)
 }
 
 func normalizeScheme(s string) (string, error) {
diff --git a/vendor/go.uber.org/zap/sugar.go b/vendor/go.uber.org/zap/sugar.go
index ac387b3e4..00ac5fe3a 100644
--- a/vendor/go.uber.org/zap/sugar.go
+++ b/vendor/go.uber.org/zap/sugar.go
@@ -122,74 +122,88 @@ func (s *SugaredLogger) Level() zapcore.Level {
 	return zapcore.LevelOf(s.base.core)
 }
 
-// Debug uses fmt.Sprint to construct and log a message.
+// Debug logs the provided arguments at [DebugLevel].
+// Spaces are added between arguments when neither is a string.
 func (s *SugaredLogger) Debug(args ...interface{}) {
 	s.log(DebugLevel, "", args, nil)
 }
 
-// Info uses fmt.Sprint to construct and log a message.
+// Info logs the provided arguments at [InfoLevel].
+// Spaces are added between arguments when neither is a string.
 func (s *SugaredLogger) Info(args ...interface{}) {
 	s.log(InfoLevel, "", args, nil)
 }
 
-// Warn uses fmt.Sprint to construct and log a message.
+// Warn logs the provided arguments at [WarnLevel].
+// Spaces are added between arguments when neither is a string.
 func (s *SugaredLogger) Warn(args ...interface{}) {
 	s.log(WarnLevel, "", args, nil)
 }
 
-// Error uses fmt.Sprint to construct and log a message.
+// Error logs the provided arguments at [ErrorLevel].
+// Spaces are added between arguments when neither is a string.
 func (s *SugaredLogger) Error(args ...interface{}) {
 	s.log(ErrorLevel, "", args, nil)
 }
 
-// DPanic uses fmt.Sprint to construct and log a message. In development, the
-// logger then panics. (See DPanicLevel for details.)
+// DPanic logs the provided arguments at [DPanicLevel].
+// In development, the logger then panics. (See [DPanicLevel] for details.)
+// Spaces are added between arguments when neither is a string.
 func (s *SugaredLogger) DPanic(args ...interface{}) {
 	s.log(DPanicLevel, "", args, nil)
 }
 
-// Panic uses fmt.Sprint to construct and log a message, then panics.
+// Panic constructs a message with the provided arguments and panics.
+// Spaces are added between arguments when neither is a string.
 func (s *SugaredLogger) Panic(args ...interface{}) {
 	s.log(PanicLevel, "", args, nil)
 }
 
-// Fatal uses fmt.Sprint to construct and log a message, then calls os.Exit.
+// Fatal constructs a message with the provided arguments and calls os.Exit.
+// Spaces are added between arguments when neither is a string.
 func (s *SugaredLogger) Fatal(args ...interface{}) {
 	s.log(FatalLevel, "", args, nil)
 }
 
-// Debugf uses fmt.Sprintf to log a templated message.
+// Debugf formats the message according to the format specifier
+// and logs it at [DebugLevel].
 func (s *SugaredLogger) Debugf(template string, args ...interface{}) {
 	s.log(DebugLevel, template, args, nil)
 }
 
-// Infof uses fmt.Sprintf to log a templated message.
+// Infof formats the message according to the format specifier
+// and logs it at [InfoLevel].
 func (s *SugaredLogger) Infof(template string, args ...interface{}) {
 	s.log(InfoLevel, template, args, nil)
 }
 
-// Warnf uses fmt.Sprintf to log a templated message.
+// Warnf formats the message according to the format specifier
+// and logs it at [WarnLevel].
 func (s *SugaredLogger) Warnf(template string, args ...interface{}) {
 	s.log(WarnLevel, template, args, nil)
 }
 
-// Errorf uses fmt.Sprintf to log a templated message.
+// Errorf formats the message according to the format specifier
+// and logs it at [ErrorLevel].
 func (s *SugaredLogger) Errorf(template string, args ...interface{}) {
 	s.log(ErrorLevel, template, args, nil)
 }
 
-// DPanicf uses fmt.Sprintf to log a templated message. In development, the
-// logger then panics. (See DPanicLevel for details.)
+// DPanicf formats the message according to the format specifier
+// and logs it at [DPanicLevel].
+// In development, the logger then panics. (See [DPanicLevel] for details.)
 func (s *SugaredLogger) DPanicf(template string, args ...interface{}) {
 	s.log(DPanicLevel, template, args, nil)
 }
 
-// Panicf uses fmt.Sprintf to log a templated message, then panics.
+// Panicf formats the message according to the format specifier
+// and panics.
 func (s *SugaredLogger) Panicf(template string, args ...interface{}) {
 	s.log(PanicLevel, template, args, nil)
 }
 
-// Fatalf uses fmt.Sprintf to log a templated message, then calls os.Exit.
+// Fatalf formats the message according to the format specifier
+// and calls os.Exit.
 func (s *SugaredLogger) Fatalf(template string, args ...interface{}) {
 	s.log(FatalLevel, template, args, nil)
 }
@@ -241,38 +255,45 @@ func (s *SugaredLogger) Fatalw(msg string, keysAndValues ...interface{}) {
 	s.log(FatalLevel, msg, nil, keysAndValues)
 }
 
-// Debugln uses fmt.Sprintln to construct and log a message.
+// Debugln logs a message at [DebugLevel].
+// Spaces are always added between arguments.
 func (s *SugaredLogger) Debugln(args ...interface{}) {
 	s.logln(DebugLevel, args, nil)
 }
 
-// Infoln uses fmt.Sprintln to construct and log a message.
+// Infoln logs a message at [InfoLevel].
+// Spaces are always added between arguments.
 func (s *SugaredLogger) Infoln(args ...interface{}) {
 	s.logln(InfoLevel, args, nil)
 }
 
-// Warnln uses fmt.Sprintln to construct and log a message.
+// Warnln logs a message at [WarnLevel].
+// Spaces are always added between arguments.
 func (s *SugaredLogger) Warnln(args ...interface{}) {
 	s.logln(WarnLevel, args, nil)
 }
 
-// Errorln uses fmt.Sprintln to construct and log a message.
+// Errorln logs a message at [ErrorLevel].
+// Spaces are always added between arguments.
 func (s *SugaredLogger) Errorln(args ...interface{}) {
 	s.logln(ErrorLevel, args, nil)
 }
 
-// DPanicln uses fmt.Sprintln to construct and log a message. In development, the
-// logger then panics. (See DPanicLevel for details.)
+// DPanicln logs a message at [DPanicLevel].
+// In development, the logger then panics. (See [DPanicLevel] for details.)
+// Spaces are always added between arguments.
 func (s *SugaredLogger) DPanicln(args ...interface{}) {
 	s.logln(DPanicLevel, args, nil)
 }
 
-// Panicln uses fmt.Sprintln to construct and log a message, then panics.
+// Panicln logs a message at [PanicLevel] and panics.
+// Spaces are always added between arguments.
 func (s *SugaredLogger) Panicln(args ...interface{}) {
 	s.logln(PanicLevel, args, nil)
 }
 
-// Fatalln uses fmt.Sprintln to construct and log a message, then calls os.Exit.
+// Fatalln logs a message at [FatalLevel] and calls os.Exit.
+// Spaces are always added between arguments.
 func (s *SugaredLogger) Fatalln(args ...interface{}) {
 	s.logln(FatalLevel, args, nil)
 }
diff --git a/vendor/go.uber.org/zap/writer.go b/vendor/go.uber.org/zap/writer.go
index f08728e1e..06768c679 100644
--- a/vendor/go.uber.org/zap/writer.go
+++ b/vendor/go.uber.org/zap/writer.go
@@ -48,21 +48,21 @@ import (
 // os.Stdout and os.Stderr. When specified without a scheme, relative file
 // paths also work.
 func Open(paths ...string) (zapcore.WriteSyncer, func(), error) {
-	writers, close, err := open(paths)
+	writers, closeAll, err := open(paths)
 	if err != nil {
 		return nil, nil, err
 	}
 
 	writer := CombineWriteSyncers(writers...)
-	return writer, close, nil
+	return writer, closeAll, nil
 }
 
 func open(paths []string) ([]zapcore.WriteSyncer, func(), error) {
 	writers := make([]zapcore.WriteSyncer, 0, len(paths))
 	closers := make([]io.Closer, 0, len(paths))
-	close := func() {
+	closeAll := func() {
 		for _, c := range closers {
-			c.Close()
+			_ = c.Close()
 		}
 	}
 
@@ -77,11 +77,11 @@ func open(paths []string) ([]zapcore.WriteSyncer, func(), error) {
 		closers = append(closers, sink)
 	}
 	if openErr != nil {
-		close()
+		closeAll()
 		return nil, nil, openErr
 	}
 
-	return writers, close, nil
+	return writers, closeAll, nil
 }
 
 // CombineWriteSyncers is a utility that combines multiple WriteSyncers into a
diff --git a/vendor/go.uber.org/zap/zapcore/console_encoder.go b/vendor/go.uber.org/zap/zapcore/console_encoder.go
index 1aa5dc364..8ca0bfaf5 100644
--- a/vendor/go.uber.org/zap/zapcore/console_encoder.go
+++ b/vendor/go.uber.org/zap/zapcore/console_encoder.go
@@ -22,20 +22,20 @@ package zapcore
 
 import (
 	"fmt"
-	"sync"
 
 	"go.uber.org/zap/buffer"
 	"go.uber.org/zap/internal/bufferpool"
+	"go.uber.org/zap/internal/pool"
 )
 
-var _sliceEncoderPool = sync.Pool{
-	New: func() interface{} {
-		return &sliceArrayEncoder{elems: make([]interface{}, 0, 2)}
-	},
-}
+var _sliceEncoderPool = pool.New(func() *sliceArrayEncoder {
+	return &sliceArrayEncoder{
+		elems: make([]interface{}, 0, 2),
+	}
+})
 
 func getSliceEncoder() *sliceArrayEncoder {
-	return _sliceEncoderPool.Get().(*sliceArrayEncoder)
+	return _sliceEncoderPool.Get()
 }
 
 func putSliceEncoder(e *sliceArrayEncoder) {
diff --git a/vendor/go.uber.org/zap/zapcore/core.go b/vendor/go.uber.org/zap/zapcore/core.go
index 9dfd64051..776e93f6f 100644
--- a/vendor/go.uber.org/zap/zapcore/core.go
+++ b/vendor/go.uber.org/zap/zapcore/core.go
@@ -102,9 +102,9 @@ func (c *ioCore) Write(ent Entry, fields []Field) error {
 		return err
 	}
 	if ent.Level > ErrorLevel {
-		// Since we may be crashing the program, sync the output. Ignore Sync
-		// errors, pending a clean solution to issue #370.
-		c.Sync()
+		// Since we may be crashing the program, sync the output.
+		// Ignore Sync errors, pending a clean solution to issue #370.
+		_ = c.Sync()
 	}
 	return nil
 }
diff --git a/vendor/go.uber.org/zap/zapcore/entry.go b/vendor/go.uber.org/zap/zapcore/entry.go
index 9d326e95e..459a5d7ce 100644
--- a/vendor/go.uber.org/zap/zapcore/entry.go
+++ b/vendor/go.uber.org/zap/zapcore/entry.go
@@ -24,25 +24,23 @@ import (
 	"fmt"
 	"runtime"
 	"strings"
-	"sync"
 	"time"
 
 	"go.uber.org/multierr"
 	"go.uber.org/zap/internal/bufferpool"
 	"go.uber.org/zap/internal/exit"
+	"go.uber.org/zap/internal/pool"
 )
 
-var (
-	_cePool = sync.Pool{New: func() interface{} {
-		// Pre-allocate some space for cores.
-		return &CheckedEntry{
-			cores: make([]Core, 4),
-		}
-	}}
-)
+var _cePool = pool.New(func() *CheckedEntry {
+	// Pre-allocate some space for cores.
+	return &CheckedEntry{
+		cores: make([]Core, 4),
+	}
+})
 
 func getCheckedEntry() *CheckedEntry {
-	ce := _cePool.Get().(*CheckedEntry)
+	ce := _cePool.Get()
 	ce.reset()
 	return ce
 }
@@ -244,7 +242,7 @@ func (ce *CheckedEntry) Write(fields ...Field) {
 			// CheckedEntry is being used after it was returned to the pool,
 			// the message may be an amalgamation from multiple call sites.
 			fmt.Fprintf(ce.ErrorOutput, "%v Unsafe CheckedEntry re-use near Entry %+v.\n", ce.Time, ce.Entry)
-			ce.ErrorOutput.Sync()
+			_ = ce.ErrorOutput.Sync() // ignore error
 		}
 		return
 	}
@@ -256,7 +254,7 @@ func (ce *CheckedEntry) Write(fields ...Field) {
 	}
 	if err != nil && ce.ErrorOutput != nil {
 		fmt.Fprintf(ce.ErrorOutput, "%v write error: %v\n", ce.Time, err)
-		ce.ErrorOutput.Sync()
+		_ = ce.ErrorOutput.Sync() // ignore error
 	}
 
 	hook := ce.after
diff --git a/vendor/go.uber.org/zap/zapcore/error.go b/vendor/go.uber.org/zap/zapcore/error.go
index 06359907a..c40df1326 100644
--- a/vendor/go.uber.org/zap/zapcore/error.go
+++ b/vendor/go.uber.org/zap/zapcore/error.go
@@ -23,7 +23,8 @@ package zapcore
 import (
 	"fmt"
 	"reflect"
-	"sync"
+
+	"go.uber.org/zap/internal/pool"
 )
 
 // Encodes the given error into fields of an object. A field with the given
@@ -97,15 +98,18 @@ func (errs errArray) MarshalLogArray(arr ArrayEncoder) error {
 		}
 
 		el := newErrArrayElem(errs[i])
-		arr.AppendObject(el)
+		err := arr.AppendObject(el)
 		el.Free()
+		if err != nil {
+			return err
+		}
 	}
 	return nil
 }
 
-var _errArrayElemPool = sync.Pool{New: func() interface{} {
+var _errArrayElemPool = pool.New(func() *errArrayElem {
 	return &errArrayElem{}
-}}
+})
 
 // Encodes any error into a {"error": ...} re-using the same errors logic.
 //
@@ -113,7 +117,7 @@ var _errArrayElemPool = sync.Pool{New: func() interface{} {
 type errArrayElem struct{ err error }
 
 func newErrArrayElem(err error) *errArrayElem {
-	e := _errArrayElemPool.Get().(*errArrayElem)
+	e := _errArrayElemPool.Get()
 	e.err = err
 	return e
 }
diff --git a/vendor/go.uber.org/zap/zapcore/json_encoder.go b/vendor/go.uber.org/zap/zapcore/json_encoder.go
index 3921c5cd3..c8ab86979 100644
--- a/vendor/go.uber.org/zap/zapcore/json_encoder.go
+++ b/vendor/go.uber.org/zap/zapcore/json_encoder.go
@@ -23,24 +23,20 @@ package zapcore
 import (
 	"encoding/base64"
 	"math"
-	"sync"
 	"time"
 	"unicode/utf8"
 
 	"go.uber.org/zap/buffer"
 	"go.uber.org/zap/internal/bufferpool"
+	"go.uber.org/zap/internal/pool"
 )
 
 // For JSON-escaping; see jsonEncoder.safeAddString below.
 const _hex = "0123456789abcdef"
 
-var _jsonPool = sync.Pool{New: func() interface{} {
+var _jsonPool = pool.New(func() *jsonEncoder {
 	return &jsonEncoder{}
-}}
-
-func getJSONEncoder() *jsonEncoder {
-	return _jsonPool.Get().(*jsonEncoder)
-}
+})
 
 func putJSONEncoder(enc *jsonEncoder) {
 	if enc.reflectBuf != nil {
@@ -354,7 +350,7 @@ func (enc *jsonEncoder) Clone() Encoder {
 }
 
 func (enc *jsonEncoder) clone() *jsonEncoder {
-	clone := getJSONEncoder()
+	clone := _jsonPool.Get()
 	clone.EncoderConfig = enc.EncoderConfig
 	clone.spaced = enc.spaced
 	clone.openNamespaces = enc.openNamespaces
@@ -490,73 +486,98 @@ func (enc *jsonEncoder) appendFloat(val float64, bitSize int) {
 // Unlike the standard library's encoder, it doesn't attempt to protect the
 // user from browser vulnerabilities or JSONP-related problems.
 func (enc *jsonEncoder) safeAddString(s string) {
-	for i := 0; i < len(s); {
-		if enc.tryAddRuneSelf(s[i]) {
-			i++
-			continue
-		}
-		r, size := utf8.DecodeRuneInString(s[i:])
-		if enc.tryAddRuneError(r, size) {
-			i++
-			continue
-		}
-		enc.buf.AppendString(s[i : i+size])
-		i += size
-	}
+	safeAppendStringLike(
+		(*buffer.Buffer).AppendString,
+		utf8.DecodeRuneInString,
+		enc.buf,
+		s,
+	)
 }
 
 // safeAddByteString is no-alloc equivalent of safeAddString(string(s)) for s []byte.
 func (enc *jsonEncoder) safeAddByteString(s []byte) {
+	safeAppendStringLike(
+		(*buffer.Buffer).AppendBytes,
+		utf8.DecodeRune,
+		enc.buf,
+		s,
+	)
+}
+
+// safeAppendStringLike is a generic implementation of safeAddString and safeAddByteString.
+// It appends a string or byte slice to the buffer, escaping all special characters.
+func safeAppendStringLike[S []byte | string](
+	// appendTo appends this string-like object to the buffer.
+	appendTo func(*buffer.Buffer, S),
+	// decodeRune decodes the next rune from the string-like object
+	// and returns its value and width in bytes.
+	decodeRune func(S) (rune, int),
+	buf *buffer.Buffer,
+	s S,
+) {
+	// The encoding logic below works by skipping over characters
+	// that can be safely copied as-is,
+	// until a character is found that needs special handling.
+	// At that point, we copy everything we've seen so far,
+	// and then handle that special character.
+	//
+	// last is the index of the last byte that was copied to the buffer.
+	last := 0
 	for i := 0; i < len(s); {
-		if enc.tryAddRuneSelf(s[i]) {
+		if s[i] >= utf8.RuneSelf {
+			// Character >= RuneSelf may be part of a multi-byte rune.
+			// They need to be decoded before we can decide how to handle them.
+			r, size := decodeRune(s[i:])
+			if r != utf8.RuneError || size != 1 {
+				// No special handling required.
+				// Skip over this rune and continue.
+				i += size
+				continue
+			}
+
+			// Invalid UTF-8 sequence.
+			// Replace it with the Unicode replacement character.
+			appendTo(buf, s[last:i])
+			buf.AppendString(`\ufffd`)
+
 			i++
-			continue
-		}
-		r, size := utf8.DecodeRune(s[i:])
-		if enc.tryAddRuneError(r, size) {
+			last = i
+		} else {
+			// Character < RuneSelf is a single-byte UTF-8 rune.
+			if s[i] >= 0x20 && s[i] != '\\' && s[i] != '"' {
+				// No escaping necessary.
+				// Skip over this character and continue.
+				i++
+				continue
+			}
+
+			// This character needs to be escaped.
+			appendTo(buf, s[last:i])
+			switch s[i] {
+			case '\\', '"':
+				buf.AppendByte('\\')
+				buf.AppendByte(s[i])
+			case '\n':
+				buf.AppendByte('\\')
+				buf.AppendByte('n')
+			case '\r':
+				buf.AppendByte('\\')
+				buf.AppendByte('r')
+			case '\t':
+				buf.AppendByte('\\')
+				buf.AppendByte('t')
+			default:
+				// Encode bytes < 0x20, except for the escape sequences above.
+				buf.AppendString(`\u00`)
+				buf.AppendByte(_hex[s[i]>>4])
+				buf.AppendByte(_hex[s[i]&0xF])
+			}
+
 			i++
-			continue
+			last = i
 		}
-		enc.buf.Write(s[i : i+size])
-		i += size
-	}
-}
-
-// tryAddRuneSelf appends b if it is valid UTF-8 character represented in a single byte.
-func (enc *jsonEncoder) tryAddRuneSelf(b byte) bool {
-	if b >= utf8.RuneSelf {
-		return false
-	}
-	if 0x20 <= b && b != '\\' && b != '"' {
-		enc.buf.AppendByte(b)
-		return true
-	}
-	switch b {
-	case '\\', '"':
-		enc.buf.AppendByte('\\')
-		enc.buf.AppendByte(b)
-	case '\n':
-		enc.buf.AppendByte('\\')
-		enc.buf.AppendByte('n')
-	case '\r':
-		enc.buf.AppendByte('\\')
-		enc.buf.AppendByte('r')
-	case '\t':
-		enc.buf.AppendByte('\\')
-		enc.buf.AppendByte('t')
-	default:
-		// Encode bytes < 0x20, except for the escape sequences above.
-		enc.buf.AppendString(`\u00`)
-		enc.buf.AppendByte(_hex[b>>4])
-		enc.buf.AppendByte(_hex[b&0xF])
 	}
-	return true
-}
 
-func (enc *jsonEncoder) tryAddRuneError(r rune, size int) bool {
-	if r == utf8.RuneError && size == 1 {
-		enc.buf.AppendString(`\ufffd`)
-		return true
-	}
-	return false
+	// add remaining
+	appendTo(buf, s[last:])
 }
diff --git a/vendor/go.uber.org/zap/zapcore/lazy_with.go b/vendor/go.uber.org/zap/zapcore/lazy_with.go
new file mode 100644
index 000000000..05288d6a8
--- /dev/null
+++ b/vendor/go.uber.org/zap/zapcore/lazy_with.go
@@ -0,0 +1,54 @@
+// Copyright (c) 2023 Uber Technologies, Inc.
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files (the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions:
+//
+// The above copyright notice and this permission notice shall be included in
+// all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+// THE SOFTWARE.
+
+package zapcore
+
+import "sync"
+
+type lazyWithCore struct {
+	Core
+	sync.Once
+	fields []Field
+}
+
+// NewLazyWith wraps a Core with a "lazy" Core that will only encode fields if
+// the logger is written to (or is further chained in a lon-lazy manner).
+func NewLazyWith(core Core, fields []Field) Core {
+	return &lazyWithCore{
+		Core:   core,
+		fields: fields,
+	}
+}
+
+func (d *lazyWithCore) initOnce() {
+	d.Once.Do(func() {
+		d.Core = d.Core.With(d.fields)
+	})
+}
+
+func (d *lazyWithCore) With(fields []Field) Core {
+	d.initOnce()
+	return d.Core.With(fields)
+}
+
+func (d *lazyWithCore) Check(e Entry, ce *CheckedEntry) *CheckedEntry {
+	d.initOnce()
+	return d.Core.Check(e, ce)
+}
diff --git a/vendor/go.uber.org/zap/zapcore/sampler.go b/vendor/go.uber.org/zap/zapcore/sampler.go
index dc518055a..b7c093a4f 100644
--- a/vendor/go.uber.org/zap/zapcore/sampler.go
+++ b/vendor/go.uber.org/zap/zapcore/sampler.go
@@ -21,9 +21,8 @@
 package zapcore
 
 import (
+	"sync/atomic"
 	"time"
-
-	"go.uber.org/atomic"
 )
 
 const (
@@ -66,16 +65,16 @@ func (c *counter) IncCheckReset(t time.Time, tick time.Duration) uint64 {
 	tn := t.UnixNano()
 	resetAfter := c.resetAt.Load()
 	if resetAfter > tn {
-		return c.counter.Inc()
+		return c.counter.Add(1)
 	}
 
 	c.counter.Store(1)
 
 	newResetAfter := tn + tick.Nanoseconds()
-	if !c.resetAt.CAS(resetAfter, newResetAfter) {
+	if !c.resetAt.CompareAndSwap(resetAfter, newResetAfter) {
 		// We raced with another goroutine trying to reset, and it also reset
 		// the counter to 1, so we need to reincrement the counter.
-		return c.counter.Inc()
+		return c.counter.Add(1)
 	}
 
 	return 1
diff --git a/vendor/go4.org/intern/LICENSE b/vendor/go4.org/intern/LICENSE
new file mode 100644
index 000000000..b0ab8921d
--- /dev/null
+++ b/vendor/go4.org/intern/LICENSE
@@ -0,0 +1,29 @@
+BSD 3-Clause License
+
+Copyright (c) 2020, Brad Fitzpatrick
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+1. Redistributions of source code must retain the above copyright notice, this
+   list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright notice,
+   this list of conditions and the following disclaimer in the documentation
+   and/or other materials provided with the distribution.
+
+3. Neither the name of the copyright holder nor the names of its
+   contributors may be used to endorse or promote products derived from
+   this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/vendor/go4.org/intern/README.md b/vendor/go4.org/intern/README.md
new file mode 100644
index 000000000..758699dc6
--- /dev/null
+++ b/vendor/go4.org/intern/README.md
@@ -0,0 +1,19 @@
+# go4.org/intern [![Go Reference](https://pkg.go.dev/badge/go4.org/intern.svg)](https://pkg.go.dev/go4.org/intern)
+
+## What
+
+Package intern lets you make smaller comparable values by boxing a larger comparable value (such as a string header) down into a single globally unique pointer.
+
+Docs: https://pkg.go.dev/go4.org/intern
+
+## Status
+
+This package is mature and stable. However, it depends on the implementation details of the Go runtime. Use with care.
+
+This package is a core, low-level package with no substantive dependencies.
+
+We take code review, testing, dependencies, and performance seriously, similar to Go's standard library or the golang.org/x repos.
+
+## Motivation
+
+Package intern was initially created for [package inet.af/netaddr](https://pkg.go.dev/inet.af/netaddr).
diff --git a/vendor/go4.org/intern/intern.go b/vendor/go4.org/intern/intern.go
new file mode 100644
index 000000000..536014cd3
--- /dev/null
+++ b/vendor/go4.org/intern/intern.go
@@ -0,0 +1,183 @@
+// Copyright 2020 Brad Fitzpatrick. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package intern lets you make smaller comparable values by boxing
+// a larger comparable value (such as a 16 byte string header) down
+// into a globally unique 8 byte pointer.
+//
+// The globally unique pointers are garbage collected with weak
+// references and finalizers. This package hides that.
+//
+// The GitHub repo is https://github.com/go4org/intern
+package intern // import "go4.org/intern"
+
+import (
+	"os"
+	"runtime"
+	"strconv"
+	"sync"
+	"unsafe"
+
+	_ "go4.org/unsafe/assume-no-moving-gc"
+)
+
+// A Value pointer is the handle to an underlying comparable value.
+// See func Get for how Value pointers may be used.
+type Value struct {
+	_      [0]func() // prevent people from accidentally using value type as comparable
+	cmpVal interface{}
+	// resurrected is guarded by mu (for all instances of Value).
+	// It is set true whenever v is synthesized from a uintptr.
+	resurrected bool
+}
+
+// Get returns the comparable value passed to the Get func
+// that returned v.
+func (v *Value) Get() interface{} { return v.cmpVal }
+
+// key is a key in our global value map.
+// It contains type-specialized fields to avoid allocations
+// when converting common types to empty interfaces.
+type key struct {
+	s      string
+	cmpVal interface{}
+	// isString reports whether key contains a string.
+	// Without it, the zero value of key is ambiguous.
+	isString bool
+}
+
+// keyFor returns a key to use with cmpVal.
+func keyFor(cmpVal interface{}) key {
+	if s, ok := cmpVal.(string); ok {
+		return key{s: s, isString: true}
+	}
+	return key{cmpVal: cmpVal}
+}
+
+// Value returns a *Value built from k.
+func (k key) Value() *Value {
+	if k.isString {
+		return &Value{cmpVal: k.s}
+	}
+	return &Value{cmpVal: k.cmpVal}
+}
+
+var (
+	// mu guards valMap, a weakref map of *Value by underlying value.
+	// It also guards the resurrected field of all *Values.
+	mu      sync.Mutex
+	valMap  = map[key]uintptr{} // to uintptr(*Value)
+	valSafe = safeMap()         // non-nil in safe+leaky mode
+)
+
+// safeMap returns a non-nil map if we're in safe-but-leaky mode,
+// as controlled by GO4_INTERN_SAFE_BUT_LEAKY.
+func safeMap() map[key]*Value {
+	if v, _ := strconv.ParseBool(os.Getenv("GO4_INTERN_SAFE_BUT_LEAKY")); v {
+		return map[key]*Value{}
+	}
+	return nil
+}
+
+// Get returns a pointer representing the comparable value cmpVal.
+//
+// The returned pointer will be the same for Get(v) and Get(v2)
+// if and only if v == v2, and can be used as a map key.
+func Get(cmpVal interface{}) *Value {
+	return get(keyFor(cmpVal))
+}
+
+// GetByString is identical to Get, except that it is specialized for strings.
+// This avoids an allocation from putting a string into an interface{}
+// to pass as an argument to Get.
+func GetByString(s string) *Value {
+	return get(key{s: s, isString: true})
+}
+
+// We play unsafe games that violate Go's rules (and assume a non-moving
+// collector). So we quiet Go here.
+// See the comment below Get for more implementation details.
+//go:nocheckptr
+func get(k key) *Value {
+	mu.Lock()
+	defer mu.Unlock()
+
+	var v *Value
+	if valSafe != nil {
+		v = valSafe[k]
+	} else if addr, ok := valMap[k]; ok {
+		v = (*Value)((unsafe.Pointer)(addr))
+		v.resurrected = true
+	}
+	if v != nil {
+		return v
+	}
+	v = k.Value()
+	if valSafe != nil {
+		valSafe[k] = v
+	} else {
+		// SetFinalizer before uintptr conversion (theoretical concern;
+		// see https://github.com/go4org/intern/issues/13)
+		runtime.SetFinalizer(v, finalize)
+		valMap[k] = uintptr(unsafe.Pointer(v))
+	}
+	return v
+}
+
+func finalize(v *Value) {
+	mu.Lock()
+	defer mu.Unlock()
+	if v.resurrected {
+		// We lost the race. Somebody resurrected it while we
+		// were about to finalize it. Try again next round.
+		v.resurrected = false
+		runtime.SetFinalizer(v, finalize)
+		return
+	}
+	delete(valMap, keyFor(v.cmpVal))
+}
+
+// Interning is simple if you don't require that unused values be
+// garbage collectable. But we do require that; we don't want to be
+// DOS vector. We do this by using a uintptr to hide the pointer from
+// the garbage collector, and using a finalizer to eliminate the
+// pointer when no other code is using it.
+//
+// The obvious implementation of this is to use a
+// map[interface{}]uintptr-of-*interface{}, and set up a finalizer to
+// delete from the map. Unfortunately, this is racy. Because pointers
+// are being created in violation of Go's unsafety rules, it's
+// possible to create a pointer to a value concurrently with the GC
+// concluding that the value can be collected. There are other races
+// that break the equality invariant as well, but the use-after-free
+// will cause a runtime crash.
+//
+// To make this work, the finalizer needs to know that no references
+// have been unsafely created since the finalizer was set up. To do
+// this, values carry a "resurrected" sentinel, which gets set
+// whenever a pointer is unsafely created. If the finalizer encounters
+// the sentinel, it clears the sentinel and delays collection for one
+// additional GC cycle, by re-installing itself as finalizer. This
+// ensures that the unsafely created pointer is visible to the GC, and
+// will correctly prevent collection.
+//
+// This technique does mean that interned values that get reused take
+// at least 3 GC cycles to fully collect (1 to clear the sentinel, 1
+// to clean up the unsafe map, 1 to be actually deleted).
+//
+// @ianlancetaylor commented in
+// https://github.com/golang/go/issues/41303#issuecomment-717401656
+// that it is possible to implement weak references in terms of
+// finalizers without unsafe. Unfortunately, the approach he outlined
+// does not work here, for two reasons. First, there is no way to
+// construct a strong pointer out of a weak pointer; our map stores
+// weak pointers, but we must return strong pointers to callers.
+// Second, and more fundamentally, we must return not just _a_ strong
+// pointer to callers, but _the same_ strong pointer to callers. In
+// order to return _the same_ strong pointer to callers, we must track
+// it, which is exactly what we cannot do with strong pointers.
+//
+// See https://github.com/inetaf/netaddr/issues/53 for more
+// discussion, and https://github.com/go4org/intern/issues/2 for an
+// illustration of the subtleties at play.
diff --git a/vendor/go4.org/unsafe/assume-no-moving-gc/LICENSE b/vendor/go4.org/unsafe/assume-no-moving-gc/LICENSE
new file mode 100644
index 000000000..b0ab8921d
--- /dev/null
+++ b/vendor/go4.org/unsafe/assume-no-moving-gc/LICENSE
@@ -0,0 +1,29 @@
+BSD 3-Clause License
+
+Copyright (c) 2020, Brad Fitzpatrick
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+1. Redistributions of source code must retain the above copyright notice, this
+   list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright notice,
+   this list of conditions and the following disclaimer in the documentation
+   and/or other materials provided with the distribution.
+
+3. Neither the name of the copyright holder nor the names of its
+   contributors may be used to endorse or promote products derived from
+   this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/vendor/go4.org/unsafe/assume-no-moving-gc/README.md b/vendor/go4.org/unsafe/assume-no-moving-gc/README.md
new file mode 100644
index 000000000..920fc9dda
--- /dev/null
+++ b/vendor/go4.org/unsafe/assume-no-moving-gc/README.md
@@ -0,0 +1,13 @@
+# go4.org/unsafe/assume-no-moving-gc
+
+If your Go package wants to declare that it plays `unsafe` games that only
+work if the Go runtime's garbage collector is not a moving collector, then add:
+
+```go
+import _ "go4.org/unsafe/assume-no-moving-gc"
+```
+
+Then your program will explode if that's no longer the case. (Users can override
+the explosion with a scary sounding environment variable.)
+
+This also gives us a way to find all the really gross unsafe packages.
diff --git a/vendor/go4.org/unsafe/assume-no-moving-gc/assume-no-moving-gc.go b/vendor/go4.org/unsafe/assume-no-moving-gc/assume-no-moving-gc.go
new file mode 100644
index 000000000..60561d05d
--- /dev/null
+++ b/vendor/go4.org/unsafe/assume-no-moving-gc/assume-no-moving-gc.go
@@ -0,0 +1,32 @@
+// Copyright 2020 Brad Fitzpatrick. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package go4.org/unsafe/assume-no-moving-gc exists so you can depend
+// on it from unsafe code that wants to declare that it assumes that
+// the Go runtime does not using a moving garbage collector. Specifically,
+// it asserts that the caller is playing stupid games with the addresses
+// of heap-allocated values. It says nothing about values that Go's escape
+// analysis keeps on the stack. Ensuring things aren't stack-allocated
+// is the caller's responsibility.
+//
+// This package is then updated as needed for new Go versions when
+// that is still the case and explodes at runtime with a failure
+// otherwise, with the idea that it's better to not start at all than
+// to silently corrupt your data at runtime.
+//
+// To use:
+//
+//     import _ "go4.org/unsafe/assume-no-moving-gc"
+//
+// There is no API.
+//
+// As of Go 1.21, this package asks the Go runtime whether it can move
+// heap objects around. If you get an error on versions prior to that,
+// go get go4.org/unsafe/assume-no-moving-gc@latest and things will
+// work.
+//
+// The GitHub repo is at https://github.com/go4org/unsafe-assume-no-moving-gc
+package assume_no_moving_gc
+
+const env = "ASSUME_NO_MOVING_GC_UNSAFE"
diff --git a/vendor/go4.org/unsafe/assume-no-moving-gc/check.go b/vendor/go4.org/unsafe/assume-no-moving-gc/check.go
new file mode 100644
index 000000000..a2fbf4650
--- /dev/null
+++ b/vendor/go4.org/unsafe/assume-no-moving-gc/check.go
@@ -0,0 +1,36 @@
+// Copyright 2020 Brad Fitzpatrick. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build go1.21
+// +build go1.21
+
+package assume_no_moving_gc
+
+import (
+	"os"
+	_ "unsafe"
+)
+
+//go:linkname heapObjectsCanMove runtime.heapObjectsCanMove
+func heapObjectsCanMove() bool
+
+func init() {
+	if !heapObjectsCanMove() {
+		// The unsafe assumptions made by the package
+		// importing this package still hold. All's good. (at
+		// least unless they made other assumption this
+		// package doesn't concern itself with)
+		return
+	}
+	if os.Getenv(env) == "play-with-fire" {
+		return
+	}
+	panic(`
+Something in this program imports go4.org/unsafe/assume-no-moving-gc to
+declare that it assumes a non-moving garbage collector, but the version
+of Go you're using declares that its heap objects can now move around.
+This program is no longer safe. You should update your packages which import
+go4.org/unsafe/assume-no-moving-gc. To risk it and bypass this check, set
+ASSUME_NO_MOVING_GC_UNSAFE=play-with-fire and cross your fingers.`)
+}
diff --git a/vendor/golang.org/x/exp/slices/cmp.go b/vendor/golang.org/x/exp/slices/cmp.go
new file mode 100644
index 000000000..fbf1934a0
--- /dev/null
+++ b/vendor/golang.org/x/exp/slices/cmp.go
@@ -0,0 +1,44 @@
+// Copyright 2023 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package slices
+
+import "golang.org/x/exp/constraints"
+
+// min is a version of the predeclared function from the Go 1.21 release.
+func min[T constraints.Ordered](a, b T) T {
+	if a < b || isNaN(a) {
+		return a
+	}
+	return b
+}
+
+// max is a version of the predeclared function from the Go 1.21 release.
+func max[T constraints.Ordered](a, b T) T {
+	if a > b || isNaN(a) {
+		return a
+	}
+	return b
+}
+
+// cmpLess is a copy of cmp.Less from the Go 1.21 release.
+func cmpLess[T constraints.Ordered](x, y T) bool {
+	return (isNaN(x) && !isNaN(y)) || x < y
+}
+
+// cmpCompare is a copy of cmp.Compare from the Go 1.21 release.
+func cmpCompare[T constraints.Ordered](x, y T) int {
+	xNaN := isNaN(x)
+	yNaN := isNaN(y)
+	if xNaN && yNaN {
+		return 0
+	}
+	if xNaN || x < y {
+		return -1
+	}
+	if yNaN || x > y {
+		return +1
+	}
+	return 0
+}
diff --git a/vendor/golang.org/x/exp/slices/slices.go b/vendor/golang.org/x/exp/slices/slices.go
index cff0cd49e..5e8158bba 100644
--- a/vendor/golang.org/x/exp/slices/slices.go
+++ b/vendor/golang.org/x/exp/slices/slices.go
@@ -3,23 +3,20 @@
 // license that can be found in the LICENSE file.
 
 // Package slices defines various functions useful with slices of any type.
-// Unless otherwise specified, these functions all apply to the elements
-// of a slice at index 0 <= i < len(s).
-//
-// Note that the less function in IsSortedFunc, SortFunc, SortStableFunc requires a
-// strict weak ordering (https://en.wikipedia.org/wiki/Weak_ordering#Strict_weak_orderings),
-// or the sorting may fail to sort correctly. A common case is when sorting slices of
-// floating-point numbers containing NaN values.
 package slices
 
-import "golang.org/x/exp/constraints"
+import (
+	"unsafe"
+
+	"golang.org/x/exp/constraints"
+)
 
 // Equal reports whether two slices are equal: the same length and all
 // elements equal. If the lengths are different, Equal returns false.
 // Otherwise, the elements are compared in increasing index order, and the
 // comparison stops at the first unequal pair.
 // Floating point NaNs are not considered equal.
-func Equal[E comparable](s1, s2 []E) bool {
+func Equal[S ~[]E, E comparable](s1, s2 S) bool {
 	if len(s1) != len(s2) {
 		return false
 	}
@@ -31,12 +28,12 @@ func Equal[E comparable](s1, s2 []E) bool {
 	return true
 }
 
-// EqualFunc reports whether two slices are equal using a comparison
+// EqualFunc reports whether two slices are equal using an equality
 // function on each pair of elements. If the lengths are different,
 // EqualFunc returns false. Otherwise, the elements are compared in
 // increasing index order, and the comparison stops at the first index
 // for which eq returns false.
-func EqualFunc[E1, E2 any](s1 []E1, s2 []E2, eq func(E1, E2) bool) bool {
+func EqualFunc[S1 ~[]E1, S2 ~[]E2, E1, E2 any](s1 S1, s2 S2, eq func(E1, E2) bool) bool {
 	if len(s1) != len(s2) {
 		return false
 	}
@@ -49,45 +46,37 @@ func EqualFunc[E1, E2 any](s1 []E1, s2 []E2, eq func(E1, E2) bool) bool {
 	return true
 }
 
-// Compare compares the elements of s1 and s2.
-// The elements are compared sequentially, starting at index 0,
+// Compare compares the elements of s1 and s2, using [cmp.Compare] on each pair
+// of elements. The elements are compared sequentially, starting at index 0,
 // until one element is not equal to the other.
 // The result of comparing the first non-matching elements is returned.
 // If both slices are equal until one of them ends, the shorter slice is
 // considered less than the longer one.
 // The result is 0 if s1 == s2, -1 if s1 < s2, and +1 if s1 > s2.
-// Comparisons involving floating point NaNs are ignored.
-func Compare[E constraints.Ordered](s1, s2 []E) int {
-	s2len := len(s2)
+func Compare[S ~[]E, E constraints.Ordered](s1, s2 S) int {
 	for i, v1 := range s1 {
-		if i >= s2len {
+		if i >= len(s2) {
 			return +1
 		}
 		v2 := s2[i]
-		switch {
-		case v1 < v2:
-			return -1
-		case v1 > v2:
-			return +1
+		if c := cmpCompare(v1, v2); c != 0 {
+			return c
 		}
 	}
-	if len(s1) < s2len {
+	if len(s1) < len(s2) {
 		return -1
 	}
 	return 0
 }
 
-// CompareFunc is like Compare but uses a comparison function
-// on each pair of elements. The elements are compared in increasing
-// index order, and the comparisons stop after the first time cmp
-// returns non-zero.
+// CompareFunc is like [Compare] but uses a custom comparison function on each
+// pair of elements.
 // The result is the first non-zero result of cmp; if cmp always
 // returns 0 the result is 0 if len(s1) == len(s2), -1 if len(s1) < len(s2),
 // and +1 if len(s1) > len(s2).
-func CompareFunc[E1, E2 any](s1 []E1, s2 []E2, cmp func(E1, E2) int) int {
-	s2len := len(s2)
+func CompareFunc[S1 ~[]E1, S2 ~[]E2, E1, E2 any](s1 S1, s2 S2, cmp func(E1, E2) int) int {
 	for i, v1 := range s1 {
-		if i >= s2len {
+		if i >= len(s2) {
 			return +1
 		}
 		v2 := s2[i]
@@ -95,7 +84,7 @@ func CompareFunc[E1, E2 any](s1 []E1, s2 []E2, cmp func(E1, E2) int) int {
 			return c
 		}
 	}
-	if len(s1) < s2len {
+	if len(s1) < len(s2) {
 		return -1
 	}
 	return 0
@@ -103,9 +92,9 @@ func CompareFunc[E1, E2 any](s1 []E1, s2 []E2, cmp func(E1, E2) int) int {
 
 // Index returns the index of the first occurrence of v in s,
 // or -1 if not present.
-func Index[E comparable](s []E, v E) int {
-	for i, vs := range s {
-		if v == vs {
+func Index[S ~[]E, E comparable](s S, v E) int {
+	for i := range s {
+		if v == s[i] {
 			return i
 		}
 	}
@@ -114,9 +103,9 @@ func Index[E comparable](s []E, v E) int {
 
 // IndexFunc returns the first index i satisfying f(s[i]),
 // or -1 if none do.
-func IndexFunc[E any](s []E, f func(E) bool) int {
-	for i, v := range s {
-		if f(v) {
+func IndexFunc[S ~[]E, E any](s S, f func(E) bool) int {
+	for i := range s {
+		if f(s[i]) {
 			return i
 		}
 	}
@@ -124,39 +113,104 @@ func IndexFunc[E any](s []E, f func(E) bool) int {
 }
 
 // Contains reports whether v is present in s.
-func Contains[E comparable](s []E, v E) bool {
+func Contains[S ~[]E, E comparable](s S, v E) bool {
 	return Index(s, v) >= 0
 }
 
 // ContainsFunc reports whether at least one
 // element e of s satisfies f(e).
-func ContainsFunc[E any](s []E, f func(E) bool) bool {
+func ContainsFunc[S ~[]E, E any](s S, f func(E) bool) bool {
 	return IndexFunc(s, f) >= 0
 }
 
 // Insert inserts the values v... into s at index i,
 // returning the modified slice.
-// In the returned slice r, r[i] == v[0].
+// The elements at s[i:] are shifted up to make room.
+// In the returned slice r, r[i] == v[0],
+// and r[i+len(v)] == value originally at r[i].
 // Insert panics if i is out of range.
 // This function is O(len(s) + len(v)).
 func Insert[S ~[]E, E any](s S, i int, v ...E) S {
-	tot := len(s) + len(v)
-	if tot <= cap(s) {
-		s2 := s[:tot]
-		copy(s2[i+len(v):], s[i:])
+	m := len(v)
+	if m == 0 {
+		return s
+	}
+	n := len(s)
+	if i == n {
+		return append(s, v...)
+	}
+	if n+m > cap(s) {
+		// Use append rather than make so that we bump the size of
+		// the slice up to the next storage class.
+		// This is what Grow does but we don't call Grow because
+		// that might copy the values twice.
+		s2 := append(s[:i], make(S, n+m-i)...)
 		copy(s2[i:], v)
+		copy(s2[i+m:], s[i:])
 		return s2
 	}
-	s2 := make(S, tot)
-	copy(s2, s[:i])
-	copy(s2[i:], v)
-	copy(s2[i+len(v):], s[i:])
-	return s2
+	s = s[:n+m]
+
+	// before:
+	// s: aaaaaaaabbbbccccccccdddd
+	//            ^   ^       ^   ^
+	//            i  i+m      n  n+m
+	// after:
+	// s: aaaaaaaavvvvbbbbcccccccc
+	//            ^   ^       ^   ^
+	//            i  i+m      n  n+m
+	//
+	// a are the values that don't move in s.
+	// v are the values copied in from v.
+	// b and c are the values from s that are shifted up in index.
+	// d are the values that get overwritten, never to be seen again.
+
+	if !overlaps(v, s[i+m:]) {
+		// Easy case - v does not overlap either the c or d regions.
+		// (It might be in some of a or b, or elsewhere entirely.)
+		// The data we copy up doesn't write to v at all, so just do it.
+
+		copy(s[i+m:], s[i:])
+
+		// Now we have
+		// s: aaaaaaaabbbbbbbbcccccccc
+		//            ^   ^       ^   ^
+		//            i  i+m      n  n+m
+		// Note the b values are duplicated.
+
+		copy(s[i:], v)
+
+		// Now we have
+		// s: aaaaaaaavvvvbbbbcccccccc
+		//            ^   ^       ^   ^
+		//            i  i+m      n  n+m
+		// That's the result we want.
+		return s
+	}
+
+	// The hard case - v overlaps c or d. We can't just shift up
+	// the data because we'd move or clobber the values we're trying
+	// to insert.
+	// So instead, write v on top of d, then rotate.
+	copy(s[n:], v)
+
+	// Now we have
+	// s: aaaaaaaabbbbccccccccvvvv
+	//            ^   ^       ^   ^
+	//            i  i+m      n  n+m
+
+	rotateRight(s[i:], m)
+
+	// Now we have
+	// s: aaaaaaaavvvvbbbbcccccccc
+	//            ^   ^       ^   ^
+	//            i  i+m      n  n+m
+	// That's the result we want.
+	return s
 }
 
 // Delete removes the elements s[i:j] from s, returning the modified slice.
 // Delete panics if s[i:j] is not a valid slice of s.
-// Delete modifies the contents of the slice s; it does not create a new slice.
 // Delete is O(len(s)-j), so if many items must be deleted, it is better to
 // make a single call deleting them all together than to delete one at a time.
 // Delete might not modify the elements s[len(s)-(j-i):len(s)]. If those
@@ -168,22 +222,113 @@ func Delete[S ~[]E, E any](s S, i, j int) S {
 	return append(s[:i], s[j:]...)
 }
 
+// DeleteFunc removes any elements from s for which del returns true,
+// returning the modified slice.
+// When DeleteFunc removes m elements, it might not modify the elements
+// s[len(s)-m:len(s)]. If those elements contain pointers you might consider
+// zeroing those elements so that objects they reference can be garbage
+// collected.
+func DeleteFunc[S ~[]E, E any](s S, del func(E) bool) S {
+	i := IndexFunc(s, del)
+	if i == -1 {
+		return s
+	}
+	// Don't start copying elements until we find one to delete.
+	for j := i + 1; j < len(s); j++ {
+		if v := s[j]; !del(v) {
+			s[i] = v
+			i++
+		}
+	}
+	return s[:i]
+}
+
 // Replace replaces the elements s[i:j] by the given v, and returns the
 // modified slice. Replace panics if s[i:j] is not a valid slice of s.
 func Replace[S ~[]E, E any](s S, i, j int, v ...E) S {
 	_ = s[i:j] // verify that i:j is a valid subslice
+
+	if i == j {
+		return Insert(s, i, v...)
+	}
+	if j == len(s) {
+		return append(s[:i], v...)
+	}
+
 	tot := len(s[:i]) + len(v) + len(s[j:])
-	if tot <= cap(s) {
-		s2 := s[:tot]
-		copy(s2[i+len(v):], s[j:])
+	if tot > cap(s) {
+		// Too big to fit, allocate and copy over.
+		s2 := append(s[:i], make(S, tot-i)...) // See Insert
 		copy(s2[i:], v)
+		copy(s2[i+len(v):], s[j:])
 		return s2
 	}
-	s2 := make(S, tot)
-	copy(s2, s[:i])
-	copy(s2[i:], v)
-	copy(s2[i+len(v):], s[j:])
-	return s2
+
+	r := s[:tot]
+
+	if i+len(v) <= j {
+		// Easy, as v fits in the deleted portion.
+		copy(r[i:], v)
+		if i+len(v) != j {
+			copy(r[i+len(v):], s[j:])
+		}
+		return r
+	}
+
+	// We are expanding (v is bigger than j-i).
+	// The situation is something like this:
+	// (example has i=4,j=8,len(s)=16,len(v)=6)
+	// s: aaaaxxxxbbbbbbbbyy
+	//        ^   ^       ^ ^
+	//        i   j  len(s) tot
+	// a: prefix of s
+	// x: deleted range
+	// b: more of s
+	// y: area to expand into
+
+	if !overlaps(r[i+len(v):], v) {
+		// Easy, as v is not clobbered by the first copy.
+		copy(r[i+len(v):], s[j:])
+		copy(r[i:], v)
+		return r
+	}
+
+	// This is a situation where we don't have a single place to which
+	// we can copy v. Parts of it need to go to two different places.
+	// We want to copy the prefix of v into y and the suffix into x, then
+	// rotate |y| spots to the right.
+	//
+	//        v[2:]      v[:2]
+	//         |           |
+	// s: aaaavvvvbbbbbbbbvv
+	//        ^   ^       ^ ^
+	//        i   j  len(s) tot
+	//
+	// If either of those two destinations don't alias v, then we're good.
+	y := len(v) - (j - i) // length of y portion
+
+	if !overlaps(r[i:j], v) {
+		copy(r[i:j], v[y:])
+		copy(r[len(s):], v[:y])
+		rotateRight(r[i:], y)
+		return r
+	}
+	if !overlaps(r[len(s):], v) {
+		copy(r[len(s):], v[:y])
+		copy(r[i:j], v[y:])
+		rotateRight(r[i:], y)
+		return r
+	}
+
+	// Now we know that v overlaps both x and y.
+	// That means that the entirety of b is *inside* v.
+	// So we don't need to preserve b at all; instead we
+	// can copy v first, then copy the b part of v out of
+	// v to the right destination.
+	k := startIdx(v, s[j:])
+	copy(r[i:], v)
+	copy(r[i+len(v):], r[i+k:])
+	return r
 }
 
 // Clone returns a copy of the slice.
@@ -198,7 +343,8 @@ func Clone[S ~[]E, E any](s S) S {
 
 // Compact replaces consecutive runs of equal elements with a single copy.
 // This is like the uniq command found on Unix.
-// Compact modifies the contents of the slice s; it does not create a new slice.
+// Compact modifies the contents of the slice s and returns the modified slice,
+// which may have a smaller length.
 // When Compact discards m elements in total, it might not modify the elements
 // s[len(s)-m:len(s)]. If those elements contain pointers you might consider
 // zeroing those elements so that objects they reference can be garbage collected.
@@ -207,29 +353,30 @@ func Compact[S ~[]E, E comparable](s S) S {
 		return s
 	}
 	i := 1
-	last := s[0]
-	for _, v := range s[1:] {
-		if v != last {
-			s[i] = v
+	for k := 1; k < len(s); k++ {
+		if s[k] != s[k-1] {
+			if i != k {
+				s[i] = s[k]
+			}
 			i++
-			last = v
 		}
 	}
 	return s[:i]
 }
 
-// CompactFunc is like Compact but uses a comparison function.
+// CompactFunc is like [Compact] but uses an equality function to compare elements.
+// For runs of elements that compare equal, CompactFunc keeps the first one.
 func CompactFunc[S ~[]E, E any](s S, eq func(E, E) bool) S {
 	if len(s) < 2 {
 		return s
 	}
 	i := 1
-	last := s[0]
-	for _, v := range s[1:] {
-		if !eq(v, last) {
-			s[i] = v
+	for k := 1; k < len(s); k++ {
+		if !eq(s[k], s[k-1]) {
+			if i != k {
+				s[i] = s[k]
+			}
 			i++
-			last = v
 		}
 	}
 	return s[:i]
@@ -256,3 +403,97 @@ func Grow[S ~[]E, E any](s S, n int) S {
 func Clip[S ~[]E, E any](s S) S {
 	return s[:len(s):len(s)]
 }
+
+// Rotation algorithm explanation:
+//
+// rotate left by 2
+// start with
+//   0123456789
+// split up like this
+//   01 234567 89
+// swap first 2 and last 2
+//   89 234567 01
+// join first parts
+//   89234567 01
+// recursively rotate first left part by 2
+//   23456789 01
+// join at the end
+//   2345678901
+//
+// rotate left by 8
+// start with
+//   0123456789
+// split up like this
+//   01 234567 89
+// swap first 2 and last 2
+//   89 234567 01
+// join last parts
+//   89 23456701
+// recursively rotate second part left by 6
+//   89 01234567
+// join at the end
+//   8901234567
+
+// TODO: There are other rotate algorithms.
+// This algorithm has the desirable property that it moves each element exactly twice.
+// The triple-reverse algorithm is simpler and more cache friendly, but takes more writes.
+// The follow-cycles algorithm can be 1-write but it is not very cache friendly.
+
+// rotateLeft rotates b left by n spaces.
+// s_final[i] = s_orig[i+r], wrapping around.
+func rotateLeft[E any](s []E, r int) {
+	for r != 0 && r != len(s) {
+		if r*2 <= len(s) {
+			swap(s[:r], s[len(s)-r:])
+			s = s[:len(s)-r]
+		} else {
+			swap(s[:len(s)-r], s[r:])
+			s, r = s[len(s)-r:], r*2-len(s)
+		}
+	}
+}
+func rotateRight[E any](s []E, r int) {
+	rotateLeft(s, len(s)-r)
+}
+
+// swap swaps the contents of x and y. x and y must be equal length and disjoint.
+func swap[E any](x, y []E) {
+	for i := 0; i < len(x); i++ {
+		x[i], y[i] = y[i], x[i]
+	}
+}
+
+// overlaps reports whether the memory ranges a[0:len(a)] and b[0:len(b)] overlap.
+func overlaps[E any](a, b []E) bool {
+	if len(a) == 0 || len(b) == 0 {
+		return false
+	}
+	elemSize := unsafe.Sizeof(a[0])
+	if elemSize == 0 {
+		return false
+	}
+	// TODO: use a runtime/unsafe facility once one becomes available. See issue 12445.
+	// Also see crypto/internal/alias/alias.go:AnyOverlap
+	return uintptr(unsafe.Pointer(&a[0])) <= uintptr(unsafe.Pointer(&b[len(b)-1]))+(elemSize-1) &&
+		uintptr(unsafe.Pointer(&b[0])) <= uintptr(unsafe.Pointer(&a[len(a)-1]))+(elemSize-1)
+}
+
+// startIdx returns the index in haystack where the needle starts.
+// prerequisite: the needle must be aliased entirely inside the haystack.
+func startIdx[E any](haystack, needle []E) int {
+	p := &needle[0]
+	for i := range haystack {
+		if p == &haystack[i] {
+			return i
+		}
+	}
+	// TODO: what if the overlap is by a non-integral number of Es?
+	panic("needle not found")
+}
+
+// Reverse reverses the elements of the slice in place.
+func Reverse[S ~[]E, E any](s S) {
+	for i, j := 0, len(s)-1; i < j; i, j = i+1, j-1 {
+		s[i], s[j] = s[j], s[i]
+	}
+}
diff --git a/vendor/golang.org/x/exp/slices/sort.go b/vendor/golang.org/x/exp/slices/sort.go
index f14f40da7..b67897f76 100644
--- a/vendor/golang.org/x/exp/slices/sort.go
+++ b/vendor/golang.org/x/exp/slices/sort.go
@@ -2,6 +2,8 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
+//go:generate go run $GOROOT/src/sort/gen_sort_variants.go -exp
+
 package slices
 
 import (
@@ -11,57 +13,116 @@ import (
 )
 
 // Sort sorts a slice of any ordered type in ascending order.
-// Sort may fail to sort correctly when sorting slices of floating-point
-// numbers containing Not-a-number (NaN) values.
-// Use slices.SortFunc(x, func(a, b float64) bool {return a < b || (math.IsNaN(a) && !math.IsNaN(b))})
-// instead if the input may contain NaNs.
-func Sort[E constraints.Ordered](x []E) {
+// When sorting floating-point numbers, NaNs are ordered before other values.
+func Sort[S ~[]E, E constraints.Ordered](x S) {
 	n := len(x)
 	pdqsortOrdered(x, 0, n, bits.Len(uint(n)))
 }
 
-// SortFunc sorts the slice x in ascending order as determined by the less function.
-// This sort is not guaranteed to be stable.
+// SortFunc sorts the slice x in ascending order as determined by the cmp
+// function. This sort is not guaranteed to be stable.
+// cmp(a, b) should return a negative number when a < b, a positive number when
+// a > b and zero when a == b.
 //
-// SortFunc requires that less is a strict weak ordering.
+// SortFunc requires that cmp is a strict weak ordering.
 // See https://en.wikipedia.org/wiki/Weak_ordering#Strict_weak_orderings.
-func SortFunc[E any](x []E, less func(a, b E) bool) {
+func SortFunc[S ~[]E, E any](x S, cmp func(a, b E) int) {
 	n := len(x)
-	pdqsortLessFunc(x, 0, n, bits.Len(uint(n)), less)
+	pdqsortCmpFunc(x, 0, n, bits.Len(uint(n)), cmp)
 }
 
 // SortStableFunc sorts the slice x while keeping the original order of equal
-// elements, using less to compare elements.
-func SortStableFunc[E any](x []E, less func(a, b E) bool) {
-	stableLessFunc(x, len(x), less)
+// elements, using cmp to compare elements in the same way as [SortFunc].
+func SortStableFunc[S ~[]E, E any](x S, cmp func(a, b E) int) {
+	stableCmpFunc(x, len(x), cmp)
 }
 
 // IsSorted reports whether x is sorted in ascending order.
-func IsSorted[E constraints.Ordered](x []E) bool {
+func IsSorted[S ~[]E, E constraints.Ordered](x S) bool {
 	for i := len(x) - 1; i > 0; i-- {
-		if x[i] < x[i-1] {
+		if cmpLess(x[i], x[i-1]) {
 			return false
 		}
 	}
 	return true
 }
 
-// IsSortedFunc reports whether x is sorted in ascending order, with less as the
-// comparison function.
-func IsSortedFunc[E any](x []E, less func(a, b E) bool) bool {
+// IsSortedFunc reports whether x is sorted in ascending order, with cmp as the
+// comparison function as defined by [SortFunc].
+func IsSortedFunc[S ~[]E, E any](x S, cmp func(a, b E) int) bool {
 	for i := len(x) - 1; i > 0; i-- {
-		if less(x[i], x[i-1]) {
+		if cmp(x[i], x[i-1]) < 0 {
 			return false
 		}
 	}
 	return true
 }
 
+// Min returns the minimal value in x. It panics if x is empty.
+// For floating-point numbers, Min propagates NaNs (any NaN value in x
+// forces the output to be NaN).
+func Min[S ~[]E, E constraints.Ordered](x S) E {
+	if len(x) < 1 {
+		panic("slices.Min: empty list")
+	}
+	m := x[0]
+	for i := 1; i < len(x); i++ {
+		m = min(m, x[i])
+	}
+	return m
+}
+
+// MinFunc returns the minimal value in x, using cmp to compare elements.
+// It panics if x is empty. If there is more than one minimal element
+// according to the cmp function, MinFunc returns the first one.
+func MinFunc[S ~[]E, E any](x S, cmp func(a, b E) int) E {
+	if len(x) < 1 {
+		panic("slices.MinFunc: empty list")
+	}
+	m := x[0]
+	for i := 1; i < len(x); i++ {
+		if cmp(x[i], m) < 0 {
+			m = x[i]
+		}
+	}
+	return m
+}
+
+// Max returns the maximal value in x. It panics if x is empty.
+// For floating-point E, Max propagates NaNs (any NaN value in x
+// forces the output to be NaN).
+func Max[S ~[]E, E constraints.Ordered](x S) E {
+	if len(x) < 1 {
+		panic("slices.Max: empty list")
+	}
+	m := x[0]
+	for i := 1; i < len(x); i++ {
+		m = max(m, x[i])
+	}
+	return m
+}
+
+// MaxFunc returns the maximal value in x, using cmp to compare elements.
+// It panics if x is empty. If there is more than one maximal element
+// according to the cmp function, MaxFunc returns the first one.
+func MaxFunc[S ~[]E, E any](x S, cmp func(a, b E) int) E {
+	if len(x) < 1 {
+		panic("slices.MaxFunc: empty list")
+	}
+	m := x[0]
+	for i := 1; i < len(x); i++ {
+		if cmp(x[i], m) > 0 {
+			m = x[i]
+		}
+	}
+	return m
+}
+
 // BinarySearch searches for target in a sorted slice and returns the position
 // where target is found, or the position where target would appear in the
 // sort order; it also returns a bool saying whether the target is really found
 // in the slice. The slice must be sorted in increasing order.
-func BinarySearch[E constraints.Ordered](x []E, target E) (int, bool) {
+func BinarySearch[S ~[]E, E constraints.Ordered](x S, target E) (int, bool) {
 	// Inlining is faster than calling BinarySearchFunc with a lambda.
 	n := len(x)
 	// Define x[-1] < target and x[n] >= target.
@@ -70,22 +131,24 @@ func BinarySearch[E constraints.Ordered](x []E, target E) (int, bool) {
 	for i < j {
 		h := int(uint(i+j) >> 1) // avoid overflow when computing h
 		// i ≤ h < j
-		if x[h] < target {
+		if cmpLess(x[h], target) {
 			i = h + 1 // preserves x[i-1] < target
 		} else {
 			j = h // preserves x[j] >= target
 		}
 	}
 	// i == j, x[i-1] < target, and x[j] (= x[i]) >= target  =>  answer is i.
-	return i, i < n && x[i] == target
+	return i, i < n && (x[i] == target || (isNaN(x[i]) && isNaN(target)))
 }
 
-// BinarySearchFunc works like BinarySearch, but uses a custom comparison
-// function. The slice must be sorted in increasing order, where "increasing" is
-// defined by cmp. cmp(a, b) is expected to return an integer comparing the two
-// parameters: 0 if a == b, a negative number if a < b and a positive number if
-// a > b.
-func BinarySearchFunc[E, T any](x []E, target T, cmp func(E, T) int) (int, bool) {
+// BinarySearchFunc works like [BinarySearch], but uses a custom comparison
+// function. The slice must be sorted in increasing order, where "increasing"
+// is defined by cmp. cmp should return 0 if the slice element matches
+// the target, a negative number if the slice element precedes the target,
+// or a positive number if the slice element follows the target.
+// cmp must implement the same ordering as the slice, such that if
+// cmp(a, t) < 0 and cmp(b, t) >= 0, then a must precede b in the slice.
+func BinarySearchFunc[S ~[]E, E, T any](x S, target T, cmp func(E, T) int) (int, bool) {
 	n := len(x)
 	// Define cmp(x[-1], target) < 0 and cmp(x[n], target) >= 0 .
 	// Invariant: cmp(x[i - 1], target) < 0, cmp(x[j], target) >= 0.
@@ -124,3 +187,9 @@ func (r *xorshift) Next() uint64 {
 func nextPowerOfTwo(length int) uint {
 	return 1 << bits.Len(uint(length))
 }
+
+// isNaN reports whether x is a NaN without requiring the math package.
+// This will always return false if T is not floating-point.
+func isNaN[T constraints.Ordered](x T) bool {
+	return x != x
+}
diff --git a/vendor/golang.org/x/exp/slices/zsortfunc.go b/vendor/golang.org/x/exp/slices/zsortanyfunc.go
similarity index 64%
rename from vendor/golang.org/x/exp/slices/zsortfunc.go
rename to vendor/golang.org/x/exp/slices/zsortanyfunc.go
index 2a632476c..06f2c7a24 100644
--- a/vendor/golang.org/x/exp/slices/zsortfunc.go
+++ b/vendor/golang.org/x/exp/slices/zsortanyfunc.go
@@ -6,28 +6,28 @@
 
 package slices
 
-// insertionSortLessFunc sorts data[a:b] using insertion sort.
-func insertionSortLessFunc[E any](data []E, a, b int, less func(a, b E) bool) {
+// insertionSortCmpFunc sorts data[a:b] using insertion sort.
+func insertionSortCmpFunc[E any](data []E, a, b int, cmp func(a, b E) int) {
 	for i := a + 1; i < b; i++ {
-		for j := i; j > a && less(data[j], data[j-1]); j-- {
+		for j := i; j > a && (cmp(data[j], data[j-1]) < 0); j-- {
 			data[j], data[j-1] = data[j-1], data[j]
 		}
 	}
 }
 
-// siftDownLessFunc implements the heap property on data[lo:hi].
+// siftDownCmpFunc implements the heap property on data[lo:hi].
 // first is an offset into the array where the root of the heap lies.
-func siftDownLessFunc[E any](data []E, lo, hi, first int, less func(a, b E) bool) {
+func siftDownCmpFunc[E any](data []E, lo, hi, first int, cmp func(a, b E) int) {
 	root := lo
 	for {
 		child := 2*root + 1
 		if child >= hi {
 			break
 		}
-		if child+1 < hi && less(data[first+child], data[first+child+1]) {
+		if child+1 < hi && (cmp(data[first+child], data[first+child+1]) < 0) {
 			child++
 		}
-		if !less(data[first+root], data[first+child]) {
+		if !(cmp(data[first+root], data[first+child]) < 0) {
 			return
 		}
 		data[first+root], data[first+child] = data[first+child], data[first+root]
@@ -35,30 +35,30 @@ func siftDownLessFunc[E any](data []E, lo, hi, first int, less func(a, b E) bool
 	}
 }
 
-func heapSortLessFunc[E any](data []E, a, b int, less func(a, b E) bool) {
+func heapSortCmpFunc[E any](data []E, a, b int, cmp func(a, b E) int) {
 	first := a
 	lo := 0
 	hi := b - a
 
 	// Build heap with greatest element at top.
 	for i := (hi - 1) / 2; i >= 0; i-- {
-		siftDownLessFunc(data, i, hi, first, less)
+		siftDownCmpFunc(data, i, hi, first, cmp)
 	}
 
 	// Pop elements, largest first, into end of data.
 	for i := hi - 1; i >= 0; i-- {
 		data[first], data[first+i] = data[first+i], data[first]
-		siftDownLessFunc(data, lo, i, first, less)
+		siftDownCmpFunc(data, lo, i, first, cmp)
 	}
 }
 
-// pdqsortLessFunc sorts data[a:b].
+// pdqsortCmpFunc sorts data[a:b].
 // The algorithm based on pattern-defeating quicksort(pdqsort), but without the optimizations from BlockQuicksort.
 // pdqsort paper: https://arxiv.org/pdf/2106.05123.pdf
 // C++ implementation: https://github.com/orlp/pdqsort
 // Rust implementation: https://docs.rs/pdqsort/latest/pdqsort/
 // limit is the number of allowed bad (very unbalanced) pivots before falling back to heapsort.
-func pdqsortLessFunc[E any](data []E, a, b, limit int, less func(a, b E) bool) {
+func pdqsortCmpFunc[E any](data []E, a, b, limit int, cmp func(a, b E) int) {
 	const maxInsertion = 12
 
 	var (
@@ -70,25 +70,25 @@ func pdqsortLessFunc[E any](data []E, a, b, limit int, less func(a, b E) bool) {
 		length := b - a
 
 		if length <= maxInsertion {
-			insertionSortLessFunc(data, a, b, less)
+			insertionSortCmpFunc(data, a, b, cmp)
 			return
 		}
 
 		// Fall back to heapsort if too many bad choices were made.
 		if limit == 0 {
-			heapSortLessFunc(data, a, b, less)
+			heapSortCmpFunc(data, a, b, cmp)
 			return
 		}
 
 		// If the last partitioning was imbalanced, we need to breaking patterns.
 		if !wasBalanced {
-			breakPatternsLessFunc(data, a, b, less)
+			breakPatternsCmpFunc(data, a, b, cmp)
 			limit--
 		}
 
-		pivot, hint := choosePivotLessFunc(data, a, b, less)
+		pivot, hint := choosePivotCmpFunc(data, a, b, cmp)
 		if hint == decreasingHint {
-			reverseRangeLessFunc(data, a, b, less)
+			reverseRangeCmpFunc(data, a, b, cmp)
 			// The chosen pivot was pivot-a elements after the start of the array.
 			// After reversing it is pivot-a elements before the end of the array.
 			// The idea came from Rust's implementation.
@@ -98,48 +98,48 @@ func pdqsortLessFunc[E any](data []E, a, b, limit int, less func(a, b E) bool) {
 
 		// The slice is likely already sorted.
 		if wasBalanced && wasPartitioned && hint == increasingHint {
-			if partialInsertionSortLessFunc(data, a, b, less) {
+			if partialInsertionSortCmpFunc(data, a, b, cmp) {
 				return
 			}
 		}
 
 		// Probably the slice contains many duplicate elements, partition the slice into
 		// elements equal to and elements greater than the pivot.
-		if a > 0 && !less(data[a-1], data[pivot]) {
-			mid := partitionEqualLessFunc(data, a, b, pivot, less)
+		if a > 0 && !(cmp(data[a-1], data[pivot]) < 0) {
+			mid := partitionEqualCmpFunc(data, a, b, pivot, cmp)
 			a = mid
 			continue
 		}
 
-		mid, alreadyPartitioned := partitionLessFunc(data, a, b, pivot, less)
+		mid, alreadyPartitioned := partitionCmpFunc(data, a, b, pivot, cmp)
 		wasPartitioned = alreadyPartitioned
 
 		leftLen, rightLen := mid-a, b-mid
 		balanceThreshold := length / 8
 		if leftLen < rightLen {
 			wasBalanced = leftLen >= balanceThreshold
-			pdqsortLessFunc(data, a, mid, limit, less)
+			pdqsortCmpFunc(data, a, mid, limit, cmp)
 			a = mid + 1
 		} else {
 			wasBalanced = rightLen >= balanceThreshold
-			pdqsortLessFunc(data, mid+1, b, limit, less)
+			pdqsortCmpFunc(data, mid+1, b, limit, cmp)
 			b = mid
 		}
 	}
 }
 
-// partitionLessFunc does one quicksort partition.
+// partitionCmpFunc does one quicksort partition.
 // Let p = data[pivot]
 // Moves elements in data[a:b] around, so that data[i]<p and data[j]>=p for i<newpivot and j>newpivot.
 // On return, data[newpivot] = p
-func partitionLessFunc[E any](data []E, a, b, pivot int, less func(a, b E) bool) (newpivot int, alreadyPartitioned bool) {
+func partitionCmpFunc[E any](data []E, a, b, pivot int, cmp func(a, b E) int) (newpivot int, alreadyPartitioned bool) {
 	data[a], data[pivot] = data[pivot], data[a]
 	i, j := a+1, b-1 // i and j are inclusive of the elements remaining to be partitioned
 
-	for i <= j && less(data[i], data[a]) {
+	for i <= j && (cmp(data[i], data[a]) < 0) {
 		i++
 	}
-	for i <= j && !less(data[j], data[a]) {
+	for i <= j && !(cmp(data[j], data[a]) < 0) {
 		j--
 	}
 	if i > j {
@@ -151,10 +151,10 @@ func partitionLessFunc[E any](data []E, a, b, pivot int, less func(a, b E) bool)
 	j--
 
 	for {
-		for i <= j && less(data[i], data[a]) {
+		for i <= j && (cmp(data[i], data[a]) < 0) {
 			i++
 		}
-		for i <= j && !less(data[j], data[a]) {
+		for i <= j && !(cmp(data[j], data[a]) < 0) {
 			j--
 		}
 		if i > j {
@@ -168,17 +168,17 @@ func partitionLessFunc[E any](data []E, a, b, pivot int, less func(a, b E) bool)
 	return j, false
 }
 
-// partitionEqualLessFunc partitions data[a:b] into elements equal to data[pivot] followed by elements greater than data[pivot].
+// partitionEqualCmpFunc partitions data[a:b] into elements equal to data[pivot] followed by elements greater than data[pivot].
 // It assumed that data[a:b] does not contain elements smaller than the data[pivot].
-func partitionEqualLessFunc[E any](data []E, a, b, pivot int, less func(a, b E) bool) (newpivot int) {
+func partitionEqualCmpFunc[E any](data []E, a, b, pivot int, cmp func(a, b E) int) (newpivot int) {
 	data[a], data[pivot] = data[pivot], data[a]
 	i, j := a+1, b-1 // i and j are inclusive of the elements remaining to be partitioned
 
 	for {
-		for i <= j && !less(data[a], data[i]) {
+		for i <= j && !(cmp(data[a], data[i]) < 0) {
 			i++
 		}
-		for i <= j && less(data[a], data[j]) {
+		for i <= j && (cmp(data[a], data[j]) < 0) {
 			j--
 		}
 		if i > j {
@@ -191,15 +191,15 @@ func partitionEqualLessFunc[E any](data []E, a, b, pivot int, less func(a, b E)
 	return i
 }
 
-// partialInsertionSortLessFunc partially sorts a slice, returns true if the slice is sorted at the end.
-func partialInsertionSortLessFunc[E any](data []E, a, b int, less func(a, b E) bool) bool {
+// partialInsertionSortCmpFunc partially sorts a slice, returns true if the slice is sorted at the end.
+func partialInsertionSortCmpFunc[E any](data []E, a, b int, cmp func(a, b E) int) bool {
 	const (
 		maxSteps         = 5  // maximum number of adjacent out-of-order pairs that will get shifted
 		shortestShifting = 50 // don't shift any elements on short arrays
 	)
 	i := a + 1
 	for j := 0; j < maxSteps; j++ {
-		for i < b && !less(data[i], data[i-1]) {
+		for i < b && !(cmp(data[i], data[i-1]) < 0) {
 			i++
 		}
 
@@ -216,7 +216,7 @@ func partialInsertionSortLessFunc[E any](data []E, a, b int, less func(a, b E) b
 		// Shift the smaller one to the left.
 		if i-a >= 2 {
 			for j := i - 1; j >= 1; j-- {
-				if !less(data[j], data[j-1]) {
+				if !(cmp(data[j], data[j-1]) < 0) {
 					break
 				}
 				data[j], data[j-1] = data[j-1], data[j]
@@ -225,7 +225,7 @@ func partialInsertionSortLessFunc[E any](data []E, a, b int, less func(a, b E) b
 		// Shift the greater one to the right.
 		if b-i >= 2 {
 			for j := i + 1; j < b; j++ {
-				if !less(data[j], data[j-1]) {
+				if !(cmp(data[j], data[j-1]) < 0) {
 					break
 				}
 				data[j], data[j-1] = data[j-1], data[j]
@@ -235,9 +235,9 @@ func partialInsertionSortLessFunc[E any](data []E, a, b int, less func(a, b E) b
 	return false
 }
 
-// breakPatternsLessFunc scatters some elements around in an attempt to break some patterns
+// breakPatternsCmpFunc scatters some elements around in an attempt to break some patterns
 // that might cause imbalanced partitions in quicksort.
-func breakPatternsLessFunc[E any](data []E, a, b int, less func(a, b E) bool) {
+func breakPatternsCmpFunc[E any](data []E, a, b int, cmp func(a, b E) int) {
 	length := b - a
 	if length >= 8 {
 		random := xorshift(length)
@@ -253,12 +253,12 @@ func breakPatternsLessFunc[E any](data []E, a, b int, less func(a, b E) bool) {
 	}
 }
 
-// choosePivotLessFunc chooses a pivot in data[a:b].
+// choosePivotCmpFunc chooses a pivot in data[a:b].
 //
 // [0,8): chooses a static pivot.
 // [8,shortestNinther): uses the simple median-of-three method.
 // [shortestNinther,∞): uses the Tukey ninther method.
-func choosePivotLessFunc[E any](data []E, a, b int, less func(a, b E) bool) (pivot int, hint sortedHint) {
+func choosePivotCmpFunc[E any](data []E, a, b int, cmp func(a, b E) int) (pivot int, hint sortedHint) {
 	const (
 		shortestNinther = 50
 		maxSwaps        = 4 * 3
@@ -276,12 +276,12 @@ func choosePivotLessFunc[E any](data []E, a, b int, less func(a, b E) bool) (piv
 	if l >= 8 {
 		if l >= shortestNinther {
 			// Tukey ninther method, the idea came from Rust's implementation.
-			i = medianAdjacentLessFunc(data, i, &swaps, less)
-			j = medianAdjacentLessFunc(data, j, &swaps, less)
-			k = medianAdjacentLessFunc(data, k, &swaps, less)
+			i = medianAdjacentCmpFunc(data, i, &swaps, cmp)
+			j = medianAdjacentCmpFunc(data, j, &swaps, cmp)
+			k = medianAdjacentCmpFunc(data, k, &swaps, cmp)
 		}
 		// Find the median among i, j, k and stores it into j.
-		j = medianLessFunc(data, i, j, k, &swaps, less)
+		j = medianCmpFunc(data, i, j, k, &swaps, cmp)
 	}
 
 	switch swaps {
@@ -294,29 +294,29 @@ func choosePivotLessFunc[E any](data []E, a, b int, less func(a, b E) bool) (piv
 	}
 }
 
-// order2LessFunc returns x,y where data[x] <= data[y], where x,y=a,b or x,y=b,a.
-func order2LessFunc[E any](data []E, a, b int, swaps *int, less func(a, b E) bool) (int, int) {
-	if less(data[b], data[a]) {
+// order2CmpFunc returns x,y where data[x] <= data[y], where x,y=a,b or x,y=b,a.
+func order2CmpFunc[E any](data []E, a, b int, swaps *int, cmp func(a, b E) int) (int, int) {
+	if cmp(data[b], data[a]) < 0 {
 		*swaps++
 		return b, a
 	}
 	return a, b
 }
 
-// medianLessFunc returns x where data[x] is the median of data[a],data[b],data[c], where x is a, b, or c.
-func medianLessFunc[E any](data []E, a, b, c int, swaps *int, less func(a, b E) bool) int {
-	a, b = order2LessFunc(data, a, b, swaps, less)
-	b, c = order2LessFunc(data, b, c, swaps, less)
-	a, b = order2LessFunc(data, a, b, swaps, less)
+// medianCmpFunc returns x where data[x] is the median of data[a],data[b],data[c], where x is a, b, or c.
+func medianCmpFunc[E any](data []E, a, b, c int, swaps *int, cmp func(a, b E) int) int {
+	a, b = order2CmpFunc(data, a, b, swaps, cmp)
+	b, c = order2CmpFunc(data, b, c, swaps, cmp)
+	a, b = order2CmpFunc(data, a, b, swaps, cmp)
 	return b
 }
 
-// medianAdjacentLessFunc finds the median of data[a - 1], data[a], data[a + 1] and stores the index into a.
-func medianAdjacentLessFunc[E any](data []E, a int, swaps *int, less func(a, b E) bool) int {
-	return medianLessFunc(data, a-1, a, a+1, swaps, less)
+// medianAdjacentCmpFunc finds the median of data[a - 1], data[a], data[a + 1] and stores the index into a.
+func medianAdjacentCmpFunc[E any](data []E, a int, swaps *int, cmp func(a, b E) int) int {
+	return medianCmpFunc(data, a-1, a, a+1, swaps, cmp)
 }
 
-func reverseRangeLessFunc[E any](data []E, a, b int, less func(a, b E) bool) {
+func reverseRangeCmpFunc[E any](data []E, a, b int, cmp func(a, b E) int) {
 	i := a
 	j := b - 1
 	for i < j {
@@ -326,37 +326,37 @@ func reverseRangeLessFunc[E any](data []E, a, b int, less func(a, b E) bool) {
 	}
 }
 
-func swapRangeLessFunc[E any](data []E, a, b, n int, less func(a, b E) bool) {
+func swapRangeCmpFunc[E any](data []E, a, b, n int, cmp func(a, b E) int) {
 	for i := 0; i < n; i++ {
 		data[a+i], data[b+i] = data[b+i], data[a+i]
 	}
 }
 
-func stableLessFunc[E any](data []E, n int, less func(a, b E) bool) {
+func stableCmpFunc[E any](data []E, n int, cmp func(a, b E) int) {
 	blockSize := 20 // must be > 0
 	a, b := 0, blockSize
 	for b <= n {
-		insertionSortLessFunc(data, a, b, less)
+		insertionSortCmpFunc(data, a, b, cmp)
 		a = b
 		b += blockSize
 	}
-	insertionSortLessFunc(data, a, n, less)
+	insertionSortCmpFunc(data, a, n, cmp)
 
 	for blockSize < n {
 		a, b = 0, 2*blockSize
 		for b <= n {
-			symMergeLessFunc(data, a, a+blockSize, b, less)
+			symMergeCmpFunc(data, a, a+blockSize, b, cmp)
 			a = b
 			b += 2 * blockSize
 		}
 		if m := a + blockSize; m < n {
-			symMergeLessFunc(data, a, m, n, less)
+			symMergeCmpFunc(data, a, m, n, cmp)
 		}
 		blockSize *= 2
 	}
 }
 
-// symMergeLessFunc merges the two sorted subsequences data[a:m] and data[m:b] using
+// symMergeCmpFunc merges the two sorted subsequences data[a:m] and data[m:b] using
 // the SymMerge algorithm from Pok-Son Kim and Arne Kutzner, "Stable Minimum
 // Storage Merging by Symmetric Comparisons", in Susanne Albers and Tomasz
 // Radzik, editors, Algorithms - ESA 2004, volume 3221 of Lecture Notes in
@@ -375,7 +375,7 @@ func stableLessFunc[E any](data []E, n int, less func(a, b E) bool) {
 // symMerge assumes non-degenerate arguments: a < m && m < b.
 // Having the caller check this condition eliminates many leaf recursion calls,
 // which improves performance.
-func symMergeLessFunc[E any](data []E, a, m, b int, less func(a, b E) bool) {
+func symMergeCmpFunc[E any](data []E, a, m, b int, cmp func(a, b E) int) {
 	// Avoid unnecessary recursions of symMerge
 	// by direct insertion of data[a] into data[m:b]
 	// if data[a:m] only contains one element.
@@ -387,7 +387,7 @@ func symMergeLessFunc[E any](data []E, a, m, b int, less func(a, b E) bool) {
 		j := b
 		for i < j {
 			h := int(uint(i+j) >> 1)
-			if less(data[h], data[a]) {
+			if cmp(data[h], data[a]) < 0 {
 				i = h + 1
 			} else {
 				j = h
@@ -411,7 +411,7 @@ func symMergeLessFunc[E any](data []E, a, m, b int, less func(a, b E) bool) {
 		j := m
 		for i < j {
 			h := int(uint(i+j) >> 1)
-			if !less(data[m], data[h]) {
+			if !(cmp(data[m], data[h]) < 0) {
 				i = h + 1
 			} else {
 				j = h
@@ -438,7 +438,7 @@ func symMergeLessFunc[E any](data []E, a, m, b int, less func(a, b E) bool) {
 
 	for start < r {
 		c := int(uint(start+r) >> 1)
-		if !less(data[p-c], data[c]) {
+		if !(cmp(data[p-c], data[c]) < 0) {
 			start = c + 1
 		} else {
 			r = c
@@ -447,33 +447,33 @@ func symMergeLessFunc[E any](data []E, a, m, b int, less func(a, b E) bool) {
 
 	end := n - start
 	if start < m && m < end {
-		rotateLessFunc(data, start, m, end, less)
+		rotateCmpFunc(data, start, m, end, cmp)
 	}
 	if a < start && start < mid {
-		symMergeLessFunc(data, a, start, mid, less)
+		symMergeCmpFunc(data, a, start, mid, cmp)
 	}
 	if mid < end && end < b {
-		symMergeLessFunc(data, mid, end, b, less)
+		symMergeCmpFunc(data, mid, end, b, cmp)
 	}
 }
 
-// rotateLessFunc rotates two consecutive blocks u = data[a:m] and v = data[m:b] in data:
+// rotateCmpFunc rotates two consecutive blocks u = data[a:m] and v = data[m:b] in data:
 // Data of the form 'x u v y' is changed to 'x v u y'.
 // rotate performs at most b-a many calls to data.Swap,
 // and it assumes non-degenerate arguments: a < m && m < b.
-func rotateLessFunc[E any](data []E, a, m, b int, less func(a, b E) bool) {
+func rotateCmpFunc[E any](data []E, a, m, b int, cmp func(a, b E) int) {
 	i := m - a
 	j := b - m
 
 	for i != j {
 		if i > j {
-			swapRangeLessFunc(data, m-i, m, j, less)
+			swapRangeCmpFunc(data, m-i, m, j, cmp)
 			i -= j
 		} else {
-			swapRangeLessFunc(data, m-i, m+j-i, i, less)
+			swapRangeCmpFunc(data, m-i, m+j-i, i, cmp)
 			j -= i
 		}
 	}
 	// i == j
-	swapRangeLessFunc(data, m-i, m, i, less)
+	swapRangeCmpFunc(data, m-i, m, i, cmp)
 }
diff --git a/vendor/golang.org/x/exp/slices/zsortordered.go b/vendor/golang.org/x/exp/slices/zsortordered.go
index efaa1c8b7..99b47c398 100644
--- a/vendor/golang.org/x/exp/slices/zsortordered.go
+++ b/vendor/golang.org/x/exp/slices/zsortordered.go
@@ -11,7 +11,7 @@ import "golang.org/x/exp/constraints"
 // insertionSortOrdered sorts data[a:b] using insertion sort.
 func insertionSortOrdered[E constraints.Ordered](data []E, a, b int) {
 	for i := a + 1; i < b; i++ {
-		for j := i; j > a && (data[j] < data[j-1]); j-- {
+		for j := i; j > a && cmpLess(data[j], data[j-1]); j-- {
 			data[j], data[j-1] = data[j-1], data[j]
 		}
 	}
@@ -26,10 +26,10 @@ func siftDownOrdered[E constraints.Ordered](data []E, lo, hi, first int) {
 		if child >= hi {
 			break
 		}
-		if child+1 < hi && (data[first+child] < data[first+child+1]) {
+		if child+1 < hi && cmpLess(data[first+child], data[first+child+1]) {
 			child++
 		}
-		if !(data[first+root] < data[first+child]) {
+		if !cmpLess(data[first+root], data[first+child]) {
 			return
 		}
 		data[first+root], data[first+child] = data[first+child], data[first+root]
@@ -107,7 +107,7 @@ func pdqsortOrdered[E constraints.Ordered](data []E, a, b, limit int) {
 
 		// Probably the slice contains many duplicate elements, partition the slice into
 		// elements equal to and elements greater than the pivot.
-		if a > 0 && !(data[a-1] < data[pivot]) {
+		if a > 0 && !cmpLess(data[a-1], data[pivot]) {
 			mid := partitionEqualOrdered(data, a, b, pivot)
 			a = mid
 			continue
@@ -138,10 +138,10 @@ func partitionOrdered[E constraints.Ordered](data []E, a, b, pivot int) (newpivo
 	data[a], data[pivot] = data[pivot], data[a]
 	i, j := a+1, b-1 // i and j are inclusive of the elements remaining to be partitioned
 
-	for i <= j && (data[i] < data[a]) {
+	for i <= j && cmpLess(data[i], data[a]) {
 		i++
 	}
-	for i <= j && !(data[j] < data[a]) {
+	for i <= j && !cmpLess(data[j], data[a]) {
 		j--
 	}
 	if i > j {
@@ -153,10 +153,10 @@ func partitionOrdered[E constraints.Ordered](data []E, a, b, pivot int) (newpivo
 	j--
 
 	for {
-		for i <= j && (data[i] < data[a]) {
+		for i <= j && cmpLess(data[i], data[a]) {
 			i++
 		}
-		for i <= j && !(data[j] < data[a]) {
+		for i <= j && !cmpLess(data[j], data[a]) {
 			j--
 		}
 		if i > j {
@@ -177,10 +177,10 @@ func partitionEqualOrdered[E constraints.Ordered](data []E, a, b, pivot int) (ne
 	i, j := a+1, b-1 // i and j are inclusive of the elements remaining to be partitioned
 
 	for {
-		for i <= j && !(data[a] < data[i]) {
+		for i <= j && !cmpLess(data[a], data[i]) {
 			i++
 		}
-		for i <= j && (data[a] < data[j]) {
+		for i <= j && cmpLess(data[a], data[j]) {
 			j--
 		}
 		if i > j {
@@ -201,7 +201,7 @@ func partialInsertionSortOrdered[E constraints.Ordered](data []E, a, b int) bool
 	)
 	i := a + 1
 	for j := 0; j < maxSteps; j++ {
-		for i < b && !(data[i] < data[i-1]) {
+		for i < b && !cmpLess(data[i], data[i-1]) {
 			i++
 		}
 
@@ -218,7 +218,7 @@ func partialInsertionSortOrdered[E constraints.Ordered](data []E, a, b int) bool
 		// Shift the smaller one to the left.
 		if i-a >= 2 {
 			for j := i - 1; j >= 1; j-- {
-				if !(data[j] < data[j-1]) {
+				if !cmpLess(data[j], data[j-1]) {
 					break
 				}
 				data[j], data[j-1] = data[j-1], data[j]
@@ -227,7 +227,7 @@ func partialInsertionSortOrdered[E constraints.Ordered](data []E, a, b int) bool
 		// Shift the greater one to the right.
 		if b-i >= 2 {
 			for j := i + 1; j < b; j++ {
-				if !(data[j] < data[j-1]) {
+				if !cmpLess(data[j], data[j-1]) {
 					break
 				}
 				data[j], data[j-1] = data[j-1], data[j]
@@ -298,7 +298,7 @@ func choosePivotOrdered[E constraints.Ordered](data []E, a, b int) (pivot int, h
 
 // order2Ordered returns x,y where data[x] <= data[y], where x,y=a,b or x,y=b,a.
 func order2Ordered[E constraints.Ordered](data []E, a, b int, swaps *int) (int, int) {
-	if data[b] < data[a] {
+	if cmpLess(data[b], data[a]) {
 		*swaps++
 		return b, a
 	}
@@ -389,7 +389,7 @@ func symMergeOrdered[E constraints.Ordered](data []E, a, m, b int) {
 		j := b
 		for i < j {
 			h := int(uint(i+j) >> 1)
-			if data[h] < data[a] {
+			if cmpLess(data[h], data[a]) {
 				i = h + 1
 			} else {
 				j = h
@@ -413,7 +413,7 @@ func symMergeOrdered[E constraints.Ordered](data []E, a, m, b int) {
 		j := m
 		for i < j {
 			h := int(uint(i+j) >> 1)
-			if !(data[m] < data[h]) {
+			if !cmpLess(data[m], data[h]) {
 				i = h + 1
 			} else {
 				j = h
@@ -440,7 +440,7 @@ func symMergeOrdered[E constraints.Ordered](data []E, a, m, b int) {
 
 	for start < r {
 		c := int(uint(start+r) >> 1)
-		if !(data[p-c] < data[c]) {
+		if !cmpLess(data[p-c], data[c]) {
 			start = c + 1
 		} else {
 			r = c
diff --git a/vendor/golang.org/x/exp/slog/attr.go b/vendor/golang.org/x/exp/slog/attr.go
new file mode 100644
index 000000000..a180d0e1d
--- /dev/null
+++ b/vendor/golang.org/x/exp/slog/attr.go
@@ -0,0 +1,102 @@
+// Copyright 2022 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package slog
+
+import (
+	"fmt"
+	"time"
+)
+
+// An Attr is a key-value pair.
+type Attr struct {
+	Key   string
+	Value Value
+}
+
+// String returns an Attr for a string value.
+func String(key, value string) Attr {
+	return Attr{key, StringValue(value)}
+}
+
+// Int64 returns an Attr for an int64.
+func Int64(key string, value int64) Attr {
+	return Attr{key, Int64Value(value)}
+}
+
+// Int converts an int to an int64 and returns
+// an Attr with that value.
+func Int(key string, value int) Attr {
+	return Int64(key, int64(value))
+}
+
+// Uint64 returns an Attr for a uint64.
+func Uint64(key string, v uint64) Attr {
+	return Attr{key, Uint64Value(v)}
+}
+
+// Float64 returns an Attr for a floating-point number.
+func Float64(key string, v float64) Attr {
+	return Attr{key, Float64Value(v)}
+}
+
+// Bool returns an Attr for a bool.
+func Bool(key string, v bool) Attr {
+	return Attr{key, BoolValue(v)}
+}
+
+// Time returns an Attr for a time.Time.
+// It discards the monotonic portion.
+func Time(key string, v time.Time) Attr {
+	return Attr{key, TimeValue(v)}
+}
+
+// Duration returns an Attr for a time.Duration.
+func Duration(key string, v time.Duration) Attr {
+	return Attr{key, DurationValue(v)}
+}
+
+// Group returns an Attr for a Group Value.
+// The first argument is the key; the remaining arguments
+// are converted to Attrs as in [Logger.Log].
+//
+// Use Group to collect several key-value pairs under a single
+// key on a log line, or as the result of LogValue
+// in order to log a single value as multiple Attrs.
+func Group(key string, args ...any) Attr {
+	return Attr{key, GroupValue(argsToAttrSlice(args)...)}
+}
+
+func argsToAttrSlice(args []any) []Attr {
+	var (
+		attr  Attr
+		attrs []Attr
+	)
+	for len(args) > 0 {
+		attr, args = argsToAttr(args)
+		attrs = append(attrs, attr)
+	}
+	return attrs
+}
+
+// Any returns an Attr for the supplied value.
+// See [Value.AnyValue] for how values are treated.
+func Any(key string, value any) Attr {
+	return Attr{key, AnyValue(value)}
+}
+
+// Equal reports whether a and b have equal keys and values.
+func (a Attr) Equal(b Attr) bool {
+	return a.Key == b.Key && a.Value.Equal(b.Value)
+}
+
+func (a Attr) String() string {
+	return fmt.Sprintf("%s=%s", a.Key, a.Value)
+}
+
+// isEmpty reports whether a has an empty key and a nil value.
+// That can be written as Attr{} or Any("", nil).
+func (a Attr) isEmpty() bool {
+	return a.Key == "" && a.Value.num == 0 && a.Value.any == nil
+}
diff --git a/vendor/golang.org/x/exp/slog/doc.go b/vendor/golang.org/x/exp/slog/doc.go
new file mode 100644
index 000000000..4beaf8674
--- /dev/null
+++ b/vendor/golang.org/x/exp/slog/doc.go
@@ -0,0 +1,316 @@
+// Copyright 2022 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+/*
+Package slog provides structured logging,
+in which log records include a message,
+a severity level, and various other attributes
+expressed as key-value pairs.
+
+It defines a type, [Logger],
+which provides several methods (such as [Logger.Info] and [Logger.Error])
+for reporting events of interest.
+
+Each Logger is associated with a [Handler].
+A Logger output method creates a [Record] from the method arguments
+and passes it to the Handler, which decides how to handle it.
+There is a default Logger accessible through top-level functions
+(such as [Info] and [Error]) that call the corresponding Logger methods.
+
+A log record consists of a time, a level, a message, and a set of key-value
+pairs, where the keys are strings and the values may be of any type.
+As an example,
+
+	slog.Info("hello", "count", 3)
+
+creates a record containing the time of the call,
+a level of Info, the message "hello", and a single
+pair with key "count" and value 3.
+
+The [Info] top-level function calls the [Logger.Info] method on the default Logger.
+In addition to [Logger.Info], there are methods for Debug, Warn and Error levels.
+Besides these convenience methods for common levels,
+there is also a [Logger.Log] method which takes the level as an argument.
+Each of these methods has a corresponding top-level function that uses the
+default logger.
+
+The default handler formats the log record's message, time, level, and attributes
+as a string and passes it to the [log] package.
+
+	2022/11/08 15:28:26 INFO hello count=3
+
+For more control over the output format, create a logger with a different handler.
+This statement uses [New] to create a new logger with a TextHandler
+that writes structured records in text form to standard error:
+
+	logger := slog.New(slog.NewTextHandler(os.Stderr, nil))
+
+[TextHandler] output is a sequence of key=value pairs, easily and unambiguously
+parsed by machine. This statement:
+
+	logger.Info("hello", "count", 3)
+
+produces this output:
+
+	time=2022-11-08T15:28:26.000-05:00 level=INFO msg=hello count=3
+
+The package also provides [JSONHandler], whose output is line-delimited JSON:
+
+	logger := slog.New(slog.NewJSONHandler(os.Stdout, nil))
+	logger.Info("hello", "count", 3)
+
+produces this output:
+
+	{"time":"2022-11-08T15:28:26.000000000-05:00","level":"INFO","msg":"hello","count":3}
+
+Both [TextHandler] and [JSONHandler] can be configured with [HandlerOptions].
+There are options for setting the minimum level (see Levels, below),
+displaying the source file and line of the log call, and
+modifying attributes before they are logged.
+
+Setting a logger as the default with
+
+	slog.SetDefault(logger)
+
+will cause the top-level functions like [Info] to use it.
+[SetDefault] also updates the default logger used by the [log] package,
+so that existing applications that use [log.Printf] and related functions
+will send log records to the logger's handler without needing to be rewritten.
+
+Some attributes are common to many log calls.
+For example, you may wish to include the URL or trace identifier of a server request
+with all log events arising from the request.
+Rather than repeat the attribute with every log call, you can use [Logger.With]
+to construct a new Logger containing the attributes:
+
+	logger2 := logger.With("url", r.URL)
+
+The arguments to With are the same key-value pairs used in [Logger.Info].
+The result is a new Logger with the same handler as the original, but additional
+attributes that will appear in the output of every call.
+
+# Levels
+
+A [Level] is an integer representing the importance or severity of a log event.
+The higher the level, the more severe the event.
+This package defines constants for the most common levels,
+but any int can be used as a level.
+
+In an application, you may wish to log messages only at a certain level or greater.
+One common configuration is to log messages at Info or higher levels,
+suppressing debug logging until it is needed.
+The built-in handlers can be configured with the minimum level to output by
+setting [HandlerOptions.Level].
+The program's `main` function typically does this.
+The default value is LevelInfo.
+
+Setting the [HandlerOptions.Level] field to a [Level] value
+fixes the handler's minimum level throughout its lifetime.
+Setting it to a [LevelVar] allows the level to be varied dynamically.
+A LevelVar holds a Level and is safe to read or write from multiple
+goroutines.
+To vary the level dynamically for an entire program, first initialize
+a global LevelVar:
+
+	var programLevel = new(slog.LevelVar) // Info by default
+
+Then use the LevelVar to construct a handler, and make it the default:
+
+	h := slog.NewJSONHandler(os.Stderr, &slog.HandlerOptions{Level: programLevel})
+	slog.SetDefault(slog.New(h))
+
+Now the program can change its logging level with a single statement:
+
+	programLevel.Set(slog.LevelDebug)
+
+# Groups
+
+Attributes can be collected into groups.
+A group has a name that is used to qualify the names of its attributes.
+How this qualification is displayed depends on the handler.
+[TextHandler] separates the group and attribute names with a dot.
+[JSONHandler] treats each group as a separate JSON object, with the group name as the key.
+
+Use [Group] to create a Group attribute from a name and a list of key-value pairs:
+
+	slog.Group("request",
+	    "method", r.Method,
+	    "url", r.URL)
+
+TextHandler would display this group as
+
+	request.method=GET request.url=http://example.com
+
+JSONHandler would display it as
+
+	"request":{"method":"GET","url":"http://example.com"}
+
+Use [Logger.WithGroup] to qualify all of a Logger's output
+with a group name. Calling WithGroup on a Logger results in a
+new Logger with the same Handler as the original, but with all
+its attributes qualified by the group name.
+
+This can help prevent duplicate attribute keys in large systems,
+where subsystems might use the same keys.
+Pass each subsystem a different Logger with its own group name so that
+potential duplicates are qualified:
+
+	logger := slog.Default().With("id", systemID)
+	parserLogger := logger.WithGroup("parser")
+	parseInput(input, parserLogger)
+
+When parseInput logs with parserLogger, its keys will be qualified with "parser",
+so even if it uses the common key "id", the log line will have distinct keys.
+
+# Contexts
+
+Some handlers may wish to include information from the [context.Context] that is
+available at the call site. One example of such information
+is the identifier for the current span when tracing is enabled.
+
+The [Logger.Log] and [Logger.LogAttrs] methods take a context as a first
+argument, as do their corresponding top-level functions.
+
+Although the convenience methods on Logger (Info and so on) and the
+corresponding top-level functions do not take a context, the alternatives ending
+in "Context" do. For example,
+
+	slog.InfoContext(ctx, "message")
+
+It is recommended to pass a context to an output method if one is available.
+
+# Attrs and Values
+
+An [Attr] is a key-value pair. The Logger output methods accept Attrs as well as
+alternating keys and values. The statement
+
+	slog.Info("hello", slog.Int("count", 3))
+
+behaves the same as
+
+	slog.Info("hello", "count", 3)
+
+There are convenience constructors for [Attr] such as [Int], [String], and [Bool]
+for common types, as well as the function [Any] for constructing Attrs of any
+type.
+
+The value part of an Attr is a type called [Value].
+Like an [any], a Value can hold any Go value,
+but it can represent typical values, including all numbers and strings,
+without an allocation.
+
+For the most efficient log output, use [Logger.LogAttrs].
+It is similar to [Logger.Log] but accepts only Attrs, not alternating
+keys and values; this allows it, too, to avoid allocation.
+
+The call
+
+	logger.LogAttrs(nil, slog.LevelInfo, "hello", slog.Int("count", 3))
+
+is the most efficient way to achieve the same output as
+
+	slog.Info("hello", "count", 3)
+
+# Customizing a type's logging behavior
+
+If a type implements the [LogValuer] interface, the [Value] returned from its LogValue
+method is used for logging. You can use this to control how values of the type
+appear in logs. For example, you can redact secret information like passwords,
+or gather a struct's fields in a Group. See the examples under [LogValuer] for
+details.
+
+A LogValue method may return a Value that itself implements [LogValuer]. The [Value.Resolve]
+method handles these cases carefully, avoiding infinite loops and unbounded recursion.
+Handler authors and others may wish to use Value.Resolve instead of calling LogValue directly.
+
+# Wrapping output methods
+
+The logger functions use reflection over the call stack to find the file name
+and line number of the logging call within the application. This can produce
+incorrect source information for functions that wrap slog. For instance, if you
+define this function in file mylog.go:
+
+	func Infof(format string, args ...any) {
+	    slog.Default().Info(fmt.Sprintf(format, args...))
+	}
+
+and you call it like this in main.go:
+
+	Infof(slog.Default(), "hello, %s", "world")
+
+then slog will report the source file as mylog.go, not main.go.
+
+A correct implementation of Infof will obtain the source location
+(pc) and pass it to NewRecord.
+The Infof function in the package-level example called "wrapping"
+demonstrates how to do this.
+
+# Working with Records
+
+Sometimes a Handler will need to modify a Record
+before passing it on to another Handler or backend.
+A Record contains a mixture of simple public fields (e.g. Time, Level, Message)
+and hidden fields that refer to state (such as attributes) indirectly. This
+means that modifying a simple copy of a Record (e.g. by calling
+[Record.Add] or [Record.AddAttrs] to add attributes)
+may have unexpected effects on the original.
+Before modifying a Record, use [Clone] to
+create a copy that shares no state with the original,
+or create a new Record with [NewRecord]
+and build up its Attrs by traversing the old ones with [Record.Attrs].
+
+# Performance considerations
+
+If profiling your application demonstrates that logging is taking significant time,
+the following suggestions may help.
+
+If many log lines have a common attribute, use [Logger.With] to create a Logger with
+that attribute. The built-in handlers will format that attribute only once, at the
+call to [Logger.With]. The [Handler] interface is designed to allow that optimization,
+and a well-written Handler should take advantage of it.
+
+The arguments to a log call are always evaluated, even if the log event is discarded.
+If possible, defer computation so that it happens only if the value is actually logged.
+For example, consider the call
+
+	slog.Info("starting request", "url", r.URL.String())  // may compute String unnecessarily
+
+The URL.String method will be called even if the logger discards Info-level events.
+Instead, pass the URL directly:
+
+	slog.Info("starting request", "url", &r.URL) // calls URL.String only if needed
+
+The built-in [TextHandler] will call its String method, but only
+if the log event is enabled.
+Avoiding the call to String also preserves the structure of the underlying value.
+For example [JSONHandler] emits the components of the parsed URL as a JSON object.
+If you want to avoid eagerly paying the cost of the String call
+without causing the handler to potentially inspect the structure of the value,
+wrap the value in a fmt.Stringer implementation that hides its Marshal methods.
+
+You can also use the [LogValuer] interface to avoid unnecessary work in disabled log
+calls. Say you need to log some expensive value:
+
+	slog.Debug("frobbing", "value", computeExpensiveValue(arg))
+
+Even if this line is disabled, computeExpensiveValue will be called.
+To avoid that, define a type implementing LogValuer:
+
+	type expensive struct { arg int }
+
+	func (e expensive) LogValue() slog.Value {
+	    return slog.AnyValue(computeExpensiveValue(e.arg))
+	}
+
+Then use a value of that type in log calls:
+
+	slog.Debug("frobbing", "value", expensive{arg})
+
+Now computeExpensiveValue will only be called when the line is enabled.
+
+The built-in handlers acquire a lock before calling [io.Writer.Write]
+to ensure that each record is written in one piece. User-defined
+handlers are responsible for their own locking.
+*/
+package slog
diff --git a/vendor/golang.org/x/exp/slog/handler.go b/vendor/golang.org/x/exp/slog/handler.go
new file mode 100644
index 000000000..74f88738c
--- /dev/null
+++ b/vendor/golang.org/x/exp/slog/handler.go
@@ -0,0 +1,559 @@
+// Copyright 2022 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package slog
+
+import (
+	"context"
+	"fmt"
+	"io"
+	"strconv"
+	"sync"
+	"time"
+
+	"golang.org/x/exp/slices"
+	"golang.org/x/exp/slog/internal/buffer"
+)
+
+// A Handler handles log records produced by a Logger..
+//
+// A typical handler may print log records to standard error,
+// or write them to a file or database, or perhaps augment them
+// with additional attributes and pass them on to another handler.
+//
+// Any of the Handler's methods may be called concurrently with itself
+// or with other methods. It is the responsibility of the Handler to
+// manage this concurrency.
+//
+// Users of the slog package should not invoke Handler methods directly.
+// They should use the methods of [Logger] instead.
+type Handler interface {
+	// Enabled reports whether the handler handles records at the given level.
+	// The handler ignores records whose level is lower.
+	// It is called early, before any arguments are processed,
+	// to save effort if the log event should be discarded.
+	// If called from a Logger method, the first argument is the context
+	// passed to that method, or context.Background() if nil was passed
+	// or the method does not take a context.
+	// The context is passed so Enabled can use its values
+	// to make a decision.
+	Enabled(context.Context, Level) bool
+
+	// Handle handles the Record.
+	// It will only be called when Enabled returns true.
+	// The Context argument is as for Enabled.
+	// It is present solely to provide Handlers access to the context's values.
+	// Canceling the context should not affect record processing.
+	// (Among other things, log messages may be necessary to debug a
+	// cancellation-related problem.)
+	//
+	// Handle methods that produce output should observe the following rules:
+	//   - If r.Time is the zero time, ignore the time.
+	//   - If r.PC is zero, ignore it.
+	//   - Attr's values should be resolved.
+	//   - If an Attr's key and value are both the zero value, ignore the Attr.
+	//     This can be tested with attr.Equal(Attr{}).
+	//   - If a group's key is empty, inline the group's Attrs.
+	//   - If a group has no Attrs (even if it has a non-empty key),
+	//     ignore it.
+	Handle(context.Context, Record) error
+
+	// WithAttrs returns a new Handler whose attributes consist of
+	// both the receiver's attributes and the arguments.
+	// The Handler owns the slice: it may retain, modify or discard it.
+	WithAttrs(attrs []Attr) Handler
+
+	// WithGroup returns a new Handler with the given group appended to
+	// the receiver's existing groups.
+	// The keys of all subsequent attributes, whether added by With or in a
+	// Record, should be qualified by the sequence of group names.
+	//
+	// How this qualification happens is up to the Handler, so long as
+	// this Handler's attribute keys differ from those of another Handler
+	// with a different sequence of group names.
+	//
+	// A Handler should treat WithGroup as starting a Group of Attrs that ends
+	// at the end of the log event. That is,
+	//
+	//     logger.WithGroup("s").LogAttrs(level, msg, slog.Int("a", 1), slog.Int("b", 2))
+	//
+	// should behave like
+	//
+	//     logger.LogAttrs(level, msg, slog.Group("s", slog.Int("a", 1), slog.Int("b", 2)))
+	//
+	// If the name is empty, WithGroup returns the receiver.
+	WithGroup(name string) Handler
+}
+
+type defaultHandler struct {
+	ch *commonHandler
+	// log.Output, except for testing
+	output func(calldepth int, message string) error
+}
+
+func newDefaultHandler(output func(int, string) error) *defaultHandler {
+	return &defaultHandler{
+		ch:     &commonHandler{json: false},
+		output: output,
+	}
+}
+
+func (*defaultHandler) Enabled(_ context.Context, l Level) bool {
+	return l >= LevelInfo
+}
+
+// Collect the level, attributes and message in a string and
+// write it with the default log.Logger.
+// Let the log.Logger handle time and file/line.
+func (h *defaultHandler) Handle(ctx context.Context, r Record) error {
+	buf := buffer.New()
+	buf.WriteString(r.Level.String())
+	buf.WriteByte(' ')
+	buf.WriteString(r.Message)
+	state := h.ch.newHandleState(buf, true, " ", nil)
+	defer state.free()
+	state.appendNonBuiltIns(r)
+
+	// skip [h.output, defaultHandler.Handle, handlerWriter.Write, log.Output]
+	return h.output(4, buf.String())
+}
+
+func (h *defaultHandler) WithAttrs(as []Attr) Handler {
+	return &defaultHandler{h.ch.withAttrs(as), h.output}
+}
+
+func (h *defaultHandler) WithGroup(name string) Handler {
+	return &defaultHandler{h.ch.withGroup(name), h.output}
+}
+
+// HandlerOptions are options for a TextHandler or JSONHandler.
+// A zero HandlerOptions consists entirely of default values.
+type HandlerOptions struct {
+	// AddSource causes the handler to compute the source code position
+	// of the log statement and add a SourceKey attribute to the output.
+	AddSource bool
+
+	// Level reports the minimum record level that will be logged.
+	// The handler discards records with lower levels.
+	// If Level is nil, the handler assumes LevelInfo.
+	// The handler calls Level.Level for each record processed;
+	// to adjust the minimum level dynamically, use a LevelVar.
+	Level Leveler
+
+	// ReplaceAttr is called to rewrite each non-group attribute before it is logged.
+	// The attribute's value has been resolved (see [Value.Resolve]).
+	// If ReplaceAttr returns an Attr with Key == "", the attribute is discarded.
+	//
+	// The built-in attributes with keys "time", "level", "source", and "msg"
+	// are passed to this function, except that time is omitted
+	// if zero, and source is omitted if AddSource is false.
+	//
+	// The first argument is a list of currently open groups that contain the
+	// Attr. It must not be retained or modified. ReplaceAttr is never called
+	// for Group attributes, only their contents. For example, the attribute
+	// list
+	//
+	//     Int("a", 1), Group("g", Int("b", 2)), Int("c", 3)
+	//
+	// results in consecutive calls to ReplaceAttr with the following arguments:
+	//
+	//     nil, Int("a", 1)
+	//     []string{"g"}, Int("b", 2)
+	//     nil, Int("c", 3)
+	//
+	// ReplaceAttr can be used to change the default keys of the built-in
+	// attributes, convert types (for example, to replace a `time.Time` with the
+	// integer seconds since the Unix epoch), sanitize personal information, or
+	// remove attributes from the output.
+	ReplaceAttr func(groups []string, a Attr) Attr
+}
+
+// Keys for "built-in" attributes.
+const (
+	// TimeKey is the key used by the built-in handlers for the time
+	// when the log method is called. The associated Value is a [time.Time].
+	TimeKey = "time"
+	// LevelKey is the key used by the built-in handlers for the level
+	// of the log call. The associated value is a [Level].
+	LevelKey = "level"
+	// MessageKey is the key used by the built-in handlers for the
+	// message of the log call. The associated value is a string.
+	MessageKey = "msg"
+	// SourceKey is the key used by the built-in handlers for the source file
+	// and line of the log call. The associated value is a string.
+	SourceKey = "source"
+)
+
+type commonHandler struct {
+	json              bool // true => output JSON; false => output text
+	opts              HandlerOptions
+	preformattedAttrs []byte
+	groupPrefix       string   // for text: prefix of groups opened in preformatting
+	groups            []string // all groups started from WithGroup
+	nOpenGroups       int      // the number of groups opened in preformattedAttrs
+	mu                sync.Mutex
+	w                 io.Writer
+}
+
+func (h *commonHandler) clone() *commonHandler {
+	// We can't use assignment because we can't copy the mutex.
+	return &commonHandler{
+		json:              h.json,
+		opts:              h.opts,
+		preformattedAttrs: slices.Clip(h.preformattedAttrs),
+		groupPrefix:       h.groupPrefix,
+		groups:            slices.Clip(h.groups),
+		nOpenGroups:       h.nOpenGroups,
+		w:                 h.w,
+	}
+}
+
+// enabled reports whether l is greater than or equal to the
+// minimum level.
+func (h *commonHandler) enabled(l Level) bool {
+	minLevel := LevelInfo
+	if h.opts.Level != nil {
+		minLevel = h.opts.Level.Level()
+	}
+	return l >= minLevel
+}
+
+func (h *commonHandler) withAttrs(as []Attr) *commonHandler {
+	h2 := h.clone()
+	// Pre-format the attributes as an optimization.
+	prefix := buffer.New()
+	defer prefix.Free()
+	prefix.WriteString(h.groupPrefix)
+	state := h2.newHandleState((*buffer.Buffer)(&h2.preformattedAttrs), false, "", prefix)
+	defer state.free()
+	if len(h2.preformattedAttrs) > 0 {
+		state.sep = h.attrSep()
+	}
+	state.openGroups()
+	for _, a := range as {
+		state.appendAttr(a)
+	}
+	// Remember the new prefix for later keys.
+	h2.groupPrefix = state.prefix.String()
+	// Remember how many opened groups are in preformattedAttrs,
+	// so we don't open them again when we handle a Record.
+	h2.nOpenGroups = len(h2.groups)
+	return h2
+}
+
+func (h *commonHandler) withGroup(name string) *commonHandler {
+	if name == "" {
+		return h
+	}
+	h2 := h.clone()
+	h2.groups = append(h2.groups, name)
+	return h2
+}
+
+func (h *commonHandler) handle(r Record) error {
+	state := h.newHandleState(buffer.New(), true, "", nil)
+	defer state.free()
+	if h.json {
+		state.buf.WriteByte('{')
+	}
+	// Built-in attributes. They are not in a group.
+	stateGroups := state.groups
+	state.groups = nil // So ReplaceAttrs sees no groups instead of the pre groups.
+	rep := h.opts.ReplaceAttr
+	// time
+	if !r.Time.IsZero() {
+		key := TimeKey
+		val := r.Time.Round(0) // strip monotonic to match Attr behavior
+		if rep == nil {
+			state.appendKey(key)
+			state.appendTime(val)
+		} else {
+			state.appendAttr(Time(key, val))
+		}
+	}
+	// level
+	key := LevelKey
+	val := r.Level
+	if rep == nil {
+		state.appendKey(key)
+		state.appendString(val.String())
+	} else {
+		state.appendAttr(Any(key, val))
+	}
+	// source
+	if h.opts.AddSource {
+		state.appendAttr(Any(SourceKey, r.source()))
+	}
+	key = MessageKey
+	msg := r.Message
+	if rep == nil {
+		state.appendKey(key)
+		state.appendString(msg)
+	} else {
+		state.appendAttr(String(key, msg))
+	}
+	state.groups = stateGroups // Restore groups passed to ReplaceAttrs.
+	state.appendNonBuiltIns(r)
+	state.buf.WriteByte('\n')
+
+	h.mu.Lock()
+	defer h.mu.Unlock()
+	_, err := h.w.Write(*state.buf)
+	return err
+}
+
+func (s *handleState) appendNonBuiltIns(r Record) {
+	// preformatted Attrs
+	if len(s.h.preformattedAttrs) > 0 {
+		s.buf.WriteString(s.sep)
+		s.buf.Write(s.h.preformattedAttrs)
+		s.sep = s.h.attrSep()
+	}
+	// Attrs in Record -- unlike the built-in ones, they are in groups started
+	// from WithGroup.
+	s.prefix = buffer.New()
+	defer s.prefix.Free()
+	s.prefix.WriteString(s.h.groupPrefix)
+	s.openGroups()
+	r.Attrs(func(a Attr) bool {
+		s.appendAttr(a)
+		return true
+	})
+	if s.h.json {
+		// Close all open groups.
+		for range s.h.groups {
+			s.buf.WriteByte('}')
+		}
+		// Close the top-level object.
+		s.buf.WriteByte('}')
+	}
+}
+
+// attrSep returns the separator between attributes.
+func (h *commonHandler) attrSep() string {
+	if h.json {
+		return ","
+	}
+	return " "
+}
+
+// handleState holds state for a single call to commonHandler.handle.
+// The initial value of sep determines whether to emit a separator
+// before the next key, after which it stays true.
+type handleState struct {
+	h       *commonHandler
+	buf     *buffer.Buffer
+	freeBuf bool           // should buf be freed?
+	sep     string         // separator to write before next key
+	prefix  *buffer.Buffer // for text: key prefix
+	groups  *[]string      // pool-allocated slice of active groups, for ReplaceAttr
+}
+
+var groupPool = sync.Pool{New: func() any {
+	s := make([]string, 0, 10)
+	return &s
+}}
+
+func (h *commonHandler) newHandleState(buf *buffer.Buffer, freeBuf bool, sep string, prefix *buffer.Buffer) handleState {
+	s := handleState{
+		h:       h,
+		buf:     buf,
+		freeBuf: freeBuf,
+		sep:     sep,
+		prefix:  prefix,
+	}
+	if h.opts.ReplaceAttr != nil {
+		s.groups = groupPool.Get().(*[]string)
+		*s.groups = append(*s.groups, h.groups[:h.nOpenGroups]...)
+	}
+	return s
+}
+
+func (s *handleState) free() {
+	if s.freeBuf {
+		s.buf.Free()
+	}
+	if gs := s.groups; gs != nil {
+		*gs = (*gs)[:0]
+		groupPool.Put(gs)
+	}
+}
+
+func (s *handleState) openGroups() {
+	for _, n := range s.h.groups[s.h.nOpenGroups:] {
+		s.openGroup(n)
+	}
+}
+
+// Separator for group names and keys.
+const keyComponentSep = '.'
+
+// openGroup starts a new group of attributes
+// with the given name.
+func (s *handleState) openGroup(name string) {
+	if s.h.json {
+		s.appendKey(name)
+		s.buf.WriteByte('{')
+		s.sep = ""
+	} else {
+		s.prefix.WriteString(name)
+		s.prefix.WriteByte(keyComponentSep)
+	}
+	// Collect group names for ReplaceAttr.
+	if s.groups != nil {
+		*s.groups = append(*s.groups, name)
+	}
+}
+
+// closeGroup ends the group with the given name.
+func (s *handleState) closeGroup(name string) {
+	if s.h.json {
+		s.buf.WriteByte('}')
+	} else {
+		(*s.prefix) = (*s.prefix)[:len(*s.prefix)-len(name)-1 /* for keyComponentSep */]
+	}
+	s.sep = s.h.attrSep()
+	if s.groups != nil {
+		*s.groups = (*s.groups)[:len(*s.groups)-1]
+	}
+}
+
+// appendAttr appends the Attr's key and value using app.
+// It handles replacement and checking for an empty key.
+// after replacement).
+func (s *handleState) appendAttr(a Attr) {
+	if rep := s.h.opts.ReplaceAttr; rep != nil && a.Value.Kind() != KindGroup {
+		var gs []string
+		if s.groups != nil {
+			gs = *s.groups
+		}
+		// Resolve before calling ReplaceAttr, so the user doesn't have to.
+		a.Value = a.Value.Resolve()
+		a = rep(gs, a)
+	}
+	a.Value = a.Value.Resolve()
+	// Elide empty Attrs.
+	if a.isEmpty() {
+		return
+	}
+	// Special case: Source.
+	if v := a.Value; v.Kind() == KindAny {
+		if src, ok := v.Any().(*Source); ok {
+			if s.h.json {
+				a.Value = src.group()
+			} else {
+				a.Value = StringValue(fmt.Sprintf("%s:%d", src.File, src.Line))
+			}
+		}
+	}
+	if a.Value.Kind() == KindGroup {
+		attrs := a.Value.Group()
+		// Output only non-empty groups.
+		if len(attrs) > 0 {
+			// Inline a group with an empty key.
+			if a.Key != "" {
+				s.openGroup(a.Key)
+			}
+			for _, aa := range attrs {
+				s.appendAttr(aa)
+			}
+			if a.Key != "" {
+				s.closeGroup(a.Key)
+			}
+		}
+	} else {
+		s.appendKey(a.Key)
+		s.appendValue(a.Value)
+	}
+}
+
+func (s *handleState) appendError(err error) {
+	s.appendString(fmt.Sprintf("!ERROR:%v", err))
+}
+
+func (s *handleState) appendKey(key string) {
+	s.buf.WriteString(s.sep)
+	if s.prefix != nil {
+		// TODO: optimize by avoiding allocation.
+		s.appendString(string(*s.prefix) + key)
+	} else {
+		s.appendString(key)
+	}
+	if s.h.json {
+		s.buf.WriteByte(':')
+	} else {
+		s.buf.WriteByte('=')
+	}
+	s.sep = s.h.attrSep()
+}
+
+func (s *handleState) appendString(str string) {
+	if s.h.json {
+		s.buf.WriteByte('"')
+		*s.buf = appendEscapedJSONString(*s.buf, str)
+		s.buf.WriteByte('"')
+	} else {
+		// text
+		if needsQuoting(str) {
+			*s.buf = strconv.AppendQuote(*s.buf, str)
+		} else {
+			s.buf.WriteString(str)
+		}
+	}
+}
+
+func (s *handleState) appendValue(v Value) {
+	var err error
+	if s.h.json {
+		err = appendJSONValue(s, v)
+	} else {
+		err = appendTextValue(s, v)
+	}
+	if err != nil {
+		s.appendError(err)
+	}
+}
+
+func (s *handleState) appendTime(t time.Time) {
+	if s.h.json {
+		appendJSONTime(s, t)
+	} else {
+		writeTimeRFC3339Millis(s.buf, t)
+	}
+}
+
+// This takes half the time of Time.AppendFormat.
+func writeTimeRFC3339Millis(buf *buffer.Buffer, t time.Time) {
+	year, month, day := t.Date()
+	buf.WritePosIntWidth(year, 4)
+	buf.WriteByte('-')
+	buf.WritePosIntWidth(int(month), 2)
+	buf.WriteByte('-')
+	buf.WritePosIntWidth(day, 2)
+	buf.WriteByte('T')
+	hour, min, sec := t.Clock()
+	buf.WritePosIntWidth(hour, 2)
+	buf.WriteByte(':')
+	buf.WritePosIntWidth(min, 2)
+	buf.WriteByte(':')
+	buf.WritePosIntWidth(sec, 2)
+	ns := t.Nanosecond()
+	buf.WriteByte('.')
+	buf.WritePosIntWidth(ns/1e6, 3)
+	_, offsetSeconds := t.Zone()
+	if offsetSeconds == 0 {
+		buf.WriteByte('Z')
+	} else {
+		offsetMinutes := offsetSeconds / 60
+		if offsetMinutes < 0 {
+			buf.WriteByte('-')
+			offsetMinutes = -offsetMinutes
+		} else {
+			buf.WriteByte('+')
+		}
+		buf.WritePosIntWidth(offsetMinutes/60, 2)
+		buf.WriteByte(':')
+		buf.WritePosIntWidth(offsetMinutes%60, 2)
+	}
+}
diff --git a/vendor/golang.org/x/exp/slog/internal/buffer/buffer.go b/vendor/golang.org/x/exp/slog/internal/buffer/buffer.go
new file mode 100644
index 000000000..7786c166e
--- /dev/null
+++ b/vendor/golang.org/x/exp/slog/internal/buffer/buffer.go
@@ -0,0 +1,84 @@
+// Copyright 2022 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package buffer provides a pool-allocated byte buffer.
+package buffer
+
+import (
+	"sync"
+)
+
+// Buffer adapted from go/src/fmt/print.go
+type Buffer []byte
+
+// Having an initial size gives a dramatic speedup.
+var bufPool = sync.Pool{
+	New: func() any {
+		b := make([]byte, 0, 1024)
+		return (*Buffer)(&b)
+	},
+}
+
+func New() *Buffer {
+	return bufPool.Get().(*Buffer)
+}
+
+func (b *Buffer) Free() {
+	// To reduce peak allocation, return only smaller buffers to the pool.
+	const maxBufferSize = 16 << 10
+	if cap(*b) <= maxBufferSize {
+		*b = (*b)[:0]
+		bufPool.Put(b)
+	}
+}
+
+func (b *Buffer) Reset() {
+	*b = (*b)[:0]
+}
+
+func (b *Buffer) Write(p []byte) (int, error) {
+	*b = append(*b, p...)
+	return len(p), nil
+}
+
+func (b *Buffer) WriteString(s string) {
+	*b = append(*b, s...)
+}
+
+func (b *Buffer) WriteByte(c byte) {
+	*b = append(*b, c)
+}
+
+func (b *Buffer) WritePosInt(i int) {
+	b.WritePosIntWidth(i, 0)
+}
+
+// WritePosIntWidth writes non-negative integer i to the buffer, padded on the left
+// by zeroes to the given width. Use a width of 0 to omit padding.
+func (b *Buffer) WritePosIntWidth(i, width int) {
+	// Cheap integer to fixed-width decimal ASCII.
+	// Copied from log/log.go.
+
+	if i < 0 {
+		panic("negative int")
+	}
+
+	// Assemble decimal in reverse order.
+	var bb [20]byte
+	bp := len(bb) - 1
+	for i >= 10 || width > 1 {
+		width--
+		q := i / 10
+		bb[bp] = byte('0' + i - q*10)
+		bp--
+		i = q
+	}
+	// i < 10
+	bb[bp] = byte('0' + i)
+	b.Write(bb[bp:])
+}
+
+func (b *Buffer) String() string {
+	return string(*b)
+}
diff --git a/vendor/golang.org/x/exp/slog/internal/ignorepc.go b/vendor/golang.org/x/exp/slog/internal/ignorepc.go
new file mode 100644
index 000000000..d1256426f
--- /dev/null
+++ b/vendor/golang.org/x/exp/slog/internal/ignorepc.go
@@ -0,0 +1,9 @@
+// Copyright 2023 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package internal
+
+// If IgnorePC is true, do not invoke runtime.Callers to get the pc.
+// This is solely for benchmarking the slowdown from runtime.Callers.
+var IgnorePC = false
diff --git a/vendor/golang.org/x/exp/slog/json_handler.go b/vendor/golang.org/x/exp/slog/json_handler.go
new file mode 100644
index 000000000..157ada869
--- /dev/null
+++ b/vendor/golang.org/x/exp/slog/json_handler.go
@@ -0,0 +1,336 @@
+// Copyright 2022 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package slog
+
+import (
+	"bytes"
+	"context"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"io"
+	"strconv"
+	"time"
+	"unicode/utf8"
+
+	"golang.org/x/exp/slog/internal/buffer"
+)
+
+// JSONHandler is a Handler that writes Records to an io.Writer as
+// line-delimited JSON objects.
+type JSONHandler struct {
+	*commonHandler
+}
+
+// NewJSONHandler creates a JSONHandler that writes to w,
+// using the given options.
+// If opts is nil, the default options are used.
+func NewJSONHandler(w io.Writer, opts *HandlerOptions) *JSONHandler {
+	if opts == nil {
+		opts = &HandlerOptions{}
+	}
+	return &JSONHandler{
+		&commonHandler{
+			json: true,
+			w:    w,
+			opts: *opts,
+		},
+	}
+}
+
+// Enabled reports whether the handler handles records at the given level.
+// The handler ignores records whose level is lower.
+func (h *JSONHandler) Enabled(_ context.Context, level Level) bool {
+	return h.commonHandler.enabled(level)
+}
+
+// WithAttrs returns a new JSONHandler whose attributes consists
+// of h's attributes followed by attrs.
+func (h *JSONHandler) WithAttrs(attrs []Attr) Handler {
+	return &JSONHandler{commonHandler: h.commonHandler.withAttrs(attrs)}
+}
+
+func (h *JSONHandler) WithGroup(name string) Handler {
+	return &JSONHandler{commonHandler: h.commonHandler.withGroup(name)}
+}
+
+// Handle formats its argument Record as a JSON object on a single line.
+//
+// If the Record's time is zero, the time is omitted.
+// Otherwise, the key is "time"
+// and the value is output as with json.Marshal.
+//
+// If the Record's level is zero, the level is omitted.
+// Otherwise, the key is "level"
+// and the value of [Level.String] is output.
+//
+// If the AddSource option is set and source information is available,
+// the key is "source"
+// and the value is output as "FILE:LINE".
+//
+// The message's key is "msg".
+//
+// To modify these or other attributes, or remove them from the output, use
+// [HandlerOptions.ReplaceAttr].
+//
+// Values are formatted as with an [encoding/json.Encoder] with SetEscapeHTML(false),
+// with two exceptions.
+//
+// First, an Attr whose Value is of type error is formatted as a string, by
+// calling its Error method. Only errors in Attrs receive this special treatment,
+// not errors embedded in structs, slices, maps or other data structures that
+// are processed by the encoding/json package.
+//
+// Second, an encoding failure does not cause Handle to return an error.
+// Instead, the error message is formatted as a string.
+//
+// Each call to Handle results in a single serialized call to io.Writer.Write.
+func (h *JSONHandler) Handle(_ context.Context, r Record) error {
+	return h.commonHandler.handle(r)
+}
+
+// Adapted from time.Time.MarshalJSON to avoid allocation.
+func appendJSONTime(s *handleState, t time.Time) {
+	if y := t.Year(); y < 0 || y >= 10000 {
+		// RFC 3339 is clear that years are 4 digits exactly.
+		// See golang.org/issue/4556#c15 for more discussion.
+		s.appendError(errors.New("time.Time year outside of range [0,9999]"))
+	}
+	s.buf.WriteByte('"')
+	*s.buf = t.AppendFormat(*s.buf, time.RFC3339Nano)
+	s.buf.WriteByte('"')
+}
+
+func appendJSONValue(s *handleState, v Value) error {
+	switch v.Kind() {
+	case KindString:
+		s.appendString(v.str())
+	case KindInt64:
+		*s.buf = strconv.AppendInt(*s.buf, v.Int64(), 10)
+	case KindUint64:
+		*s.buf = strconv.AppendUint(*s.buf, v.Uint64(), 10)
+	case KindFloat64:
+		// json.Marshal is funny about floats; it doesn't
+		// always match strconv.AppendFloat. So just call it.
+		// That's expensive, but floats are rare.
+		if err := appendJSONMarshal(s.buf, v.Float64()); err != nil {
+			return err
+		}
+	case KindBool:
+		*s.buf = strconv.AppendBool(*s.buf, v.Bool())
+	case KindDuration:
+		// Do what json.Marshal does.
+		*s.buf = strconv.AppendInt(*s.buf, int64(v.Duration()), 10)
+	case KindTime:
+		s.appendTime(v.Time())
+	case KindAny:
+		a := v.Any()
+		_, jm := a.(json.Marshaler)
+		if err, ok := a.(error); ok && !jm {
+			s.appendString(err.Error())
+		} else {
+			return appendJSONMarshal(s.buf, a)
+		}
+	default:
+		panic(fmt.Sprintf("bad kind: %s", v.Kind()))
+	}
+	return nil
+}
+
+func appendJSONMarshal(buf *buffer.Buffer, v any) error {
+	// Use a json.Encoder to avoid escaping HTML.
+	var bb bytes.Buffer
+	enc := json.NewEncoder(&bb)
+	enc.SetEscapeHTML(false)
+	if err := enc.Encode(v); err != nil {
+		return err
+	}
+	bs := bb.Bytes()
+	buf.Write(bs[:len(bs)-1]) // remove final newline
+	return nil
+}
+
+// appendEscapedJSONString escapes s for JSON and appends it to buf.
+// It does not surround the string in quotation marks.
+//
+// Modified from encoding/json/encode.go:encodeState.string,
+// with escapeHTML set to false.
+func appendEscapedJSONString(buf []byte, s string) []byte {
+	char := func(b byte) { buf = append(buf, b) }
+	str := func(s string) { buf = append(buf, s...) }
+
+	start := 0
+	for i := 0; i < len(s); {
+		if b := s[i]; b < utf8.RuneSelf {
+			if safeSet[b] {
+				i++
+				continue
+			}
+			if start < i {
+				str(s[start:i])
+			}
+			char('\\')
+			switch b {
+			case '\\', '"':
+				char(b)
+			case '\n':
+				char('n')
+			case '\r':
+				char('r')
+			case '\t':
+				char('t')
+			default:
+				// This encodes bytes < 0x20 except for \t, \n and \r.
+				str(`u00`)
+				char(hex[b>>4])
+				char(hex[b&0xF])
+			}
+			i++
+			start = i
+			continue
+		}
+		c, size := utf8.DecodeRuneInString(s[i:])
+		if c == utf8.RuneError && size == 1 {
+			if start < i {
+				str(s[start:i])
+			}
+			str(`\ufffd`)
+			i += size
+			start = i
+			continue
+		}
+		// U+2028 is LINE SEPARATOR.
+		// U+2029 is PARAGRAPH SEPARATOR.
+		// They are both technically valid characters in JSON strings,
+		// but don't work in JSONP, which has to be evaluated as JavaScript,
+		// and can lead to security holes there. It is valid JSON to
+		// escape them, so we do so unconditionally.
+		// See http://timelessrepo.com/json-isnt-a-javascript-subset for discussion.
+		if c == '\u2028' || c == '\u2029' {
+			if start < i {
+				str(s[start:i])
+			}
+			str(`\u202`)
+			char(hex[c&0xF])
+			i += size
+			start = i
+			continue
+		}
+		i += size
+	}
+	if start < len(s) {
+		str(s[start:])
+	}
+	return buf
+}
+
+var hex = "0123456789abcdef"
+
+// Copied from encoding/json/tables.go.
+//
+// safeSet holds the value true if the ASCII character with the given array
+// position can be represented inside a JSON string without any further
+// escaping.
+//
+// All values are true except for the ASCII control characters (0-31), the
+// double quote ("), and the backslash character ("\").
+var safeSet = [utf8.RuneSelf]bool{
+	' ':      true,
+	'!':      true,
+	'"':      false,
+	'#':      true,
+	'$':      true,
+	'%':      true,
+	'&':      true,
+	'\'':     true,
+	'(':      true,
+	')':      true,
+	'*':      true,
+	'+':      true,
+	',':      true,
+	'-':      true,
+	'.':      true,
+	'/':      true,
+	'0':      true,
+	'1':      true,
+	'2':      true,
+	'3':      true,
+	'4':      true,
+	'5':      true,
+	'6':      true,
+	'7':      true,
+	'8':      true,
+	'9':      true,
+	':':      true,
+	';':      true,
+	'<':      true,
+	'=':      true,
+	'>':      true,
+	'?':      true,
+	'@':      true,
+	'A':      true,
+	'B':      true,
+	'C':      true,
+	'D':      true,
+	'E':      true,
+	'F':      true,
+	'G':      true,
+	'H':      true,
+	'I':      true,
+	'J':      true,
+	'K':      true,
+	'L':      true,
+	'M':      true,
+	'N':      true,
+	'O':      true,
+	'P':      true,
+	'Q':      true,
+	'R':      true,
+	'S':      true,
+	'T':      true,
+	'U':      true,
+	'V':      true,
+	'W':      true,
+	'X':      true,
+	'Y':      true,
+	'Z':      true,
+	'[':      true,
+	'\\':     false,
+	']':      true,
+	'^':      true,
+	'_':      true,
+	'`':      true,
+	'a':      true,
+	'b':      true,
+	'c':      true,
+	'd':      true,
+	'e':      true,
+	'f':      true,
+	'g':      true,
+	'h':      true,
+	'i':      true,
+	'j':      true,
+	'k':      true,
+	'l':      true,
+	'm':      true,
+	'n':      true,
+	'o':      true,
+	'p':      true,
+	'q':      true,
+	'r':      true,
+	's':      true,
+	't':      true,
+	'u':      true,
+	'v':      true,
+	'w':      true,
+	'x':      true,
+	'y':      true,
+	'z':      true,
+	'{':      true,
+	'|':      true,
+	'}':      true,
+	'~':      true,
+	'\u007f': true,
+}
diff --git a/vendor/golang.org/x/exp/slog/level.go b/vendor/golang.org/x/exp/slog/level.go
new file mode 100644
index 000000000..b2365f0aa
--- /dev/null
+++ b/vendor/golang.org/x/exp/slog/level.go
@@ -0,0 +1,201 @@
+// Copyright 2022 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package slog
+
+import (
+	"errors"
+	"fmt"
+	"strconv"
+	"strings"
+	"sync/atomic"
+)
+
+// A Level is the importance or severity of a log event.
+// The higher the level, the more important or severe the event.
+type Level int
+
+// Level numbers are inherently arbitrary,
+// but we picked them to satisfy three constraints.
+// Any system can map them to another numbering scheme if it wishes.
+//
+// First, we wanted the default level to be Info, Since Levels are ints, Info is
+// the default value for int, zero.
+//
+
+// Second, we wanted to make it easy to use levels to specify logger verbosity.
+// Since a larger level means a more severe event, a logger that accepts events
+// with smaller (or more negative) level means a more verbose logger. Logger
+// verbosity is thus the negation of event severity, and the default verbosity
+// of 0 accepts all events at least as severe as INFO.
+//
+// Third, we wanted some room between levels to accommodate schemes with named
+// levels between ours. For example, Google Cloud Logging defines a Notice level
+// between Info and Warn. Since there are only a few of these intermediate
+// levels, the gap between the numbers need not be large. Our gap of 4 matches
+// OpenTelemetry's mapping. Subtracting 9 from an OpenTelemetry level in the
+// DEBUG, INFO, WARN and ERROR ranges converts it to the corresponding slog
+// Level range. OpenTelemetry also has the names TRACE and FATAL, which slog
+// does not. But those OpenTelemetry levels can still be represented as slog
+// Levels by using the appropriate integers.
+//
+// Names for common levels.
+const (
+	LevelDebug Level = -4
+	LevelInfo  Level = 0
+	LevelWarn  Level = 4
+	LevelError Level = 8
+)
+
+// String returns a name for the level.
+// If the level has a name, then that name
+// in uppercase is returned.
+// If the level is between named values, then
+// an integer is appended to the uppercased name.
+// Examples:
+//
+//	LevelWarn.String() => "WARN"
+//	(LevelInfo+2).String() => "INFO+2"
+func (l Level) String() string {
+	str := func(base string, val Level) string {
+		if val == 0 {
+			return base
+		}
+		return fmt.Sprintf("%s%+d", base, val)
+	}
+
+	switch {
+	case l < LevelInfo:
+		return str("DEBUG", l-LevelDebug)
+	case l < LevelWarn:
+		return str("INFO", l-LevelInfo)
+	case l < LevelError:
+		return str("WARN", l-LevelWarn)
+	default:
+		return str("ERROR", l-LevelError)
+	}
+}
+
+// MarshalJSON implements [encoding/json.Marshaler]
+// by quoting the output of [Level.String].
+func (l Level) MarshalJSON() ([]byte, error) {
+	// AppendQuote is sufficient for JSON-encoding all Level strings.
+	// They don't contain any runes that would produce invalid JSON
+	// when escaped.
+	return strconv.AppendQuote(nil, l.String()), nil
+}
+
+// UnmarshalJSON implements [encoding/json.Unmarshaler]
+// It accepts any string produced by [Level.MarshalJSON],
+// ignoring case.
+// It also accepts numeric offsets that would result in a different string on
+// output. For example, "Error-8" would marshal as "INFO".
+func (l *Level) UnmarshalJSON(data []byte) error {
+	s, err := strconv.Unquote(string(data))
+	if err != nil {
+		return err
+	}
+	return l.parse(s)
+}
+
+// MarshalText implements [encoding.TextMarshaler]
+// by calling [Level.String].
+func (l Level) MarshalText() ([]byte, error) {
+	return []byte(l.String()), nil
+}
+
+// UnmarshalText implements [encoding.TextUnmarshaler].
+// It accepts any string produced by [Level.MarshalText],
+// ignoring case.
+// It also accepts numeric offsets that would result in a different string on
+// output. For example, "Error-8" would marshal as "INFO".
+func (l *Level) UnmarshalText(data []byte) error {
+	return l.parse(string(data))
+}
+
+func (l *Level) parse(s string) (err error) {
+	defer func() {
+		if err != nil {
+			err = fmt.Errorf("slog: level string %q: %w", s, err)
+		}
+	}()
+
+	name := s
+	offset := 0
+	if i := strings.IndexAny(s, "+-"); i >= 0 {
+		name = s[:i]
+		offset, err = strconv.Atoi(s[i:])
+		if err != nil {
+			return err
+		}
+	}
+	switch strings.ToUpper(name) {
+	case "DEBUG":
+		*l = LevelDebug
+	case "INFO":
+		*l = LevelInfo
+	case "WARN":
+		*l = LevelWarn
+	case "ERROR":
+		*l = LevelError
+	default:
+		return errors.New("unknown name")
+	}
+	*l += Level(offset)
+	return nil
+}
+
+// Level returns the receiver.
+// It implements Leveler.
+func (l Level) Level() Level { return l }
+
+// A LevelVar is a Level variable, to allow a Handler level to change
+// dynamically.
+// It implements Leveler as well as a Set method,
+// and it is safe for use by multiple goroutines.
+// The zero LevelVar corresponds to LevelInfo.
+type LevelVar struct {
+	val atomic.Int64
+}
+
+// Level returns v's level.
+func (v *LevelVar) Level() Level {
+	return Level(int(v.val.Load()))
+}
+
+// Set sets v's level to l.
+func (v *LevelVar) Set(l Level) {
+	v.val.Store(int64(l))
+}
+
+func (v *LevelVar) String() string {
+	return fmt.Sprintf("LevelVar(%s)", v.Level())
+}
+
+// MarshalText implements [encoding.TextMarshaler]
+// by calling [Level.MarshalText].
+func (v *LevelVar) MarshalText() ([]byte, error) {
+	return v.Level().MarshalText()
+}
+
+// UnmarshalText implements [encoding.TextUnmarshaler]
+// by calling [Level.UnmarshalText].
+func (v *LevelVar) UnmarshalText(data []byte) error {
+	var l Level
+	if err := l.UnmarshalText(data); err != nil {
+		return err
+	}
+	v.Set(l)
+	return nil
+}
+
+// A Leveler provides a Level value.
+//
+// As Level itself implements Leveler, clients typically supply
+// a Level value wherever a Leveler is needed, such as in HandlerOptions.
+// Clients who need to vary the level dynamically can provide a more complex
+// Leveler implementation such as *LevelVar.
+type Leveler interface {
+	Level() Level
+}
diff --git a/vendor/golang.org/x/exp/slog/logger.go b/vendor/golang.org/x/exp/slog/logger.go
new file mode 100644
index 000000000..e87ec9936
--- /dev/null
+++ b/vendor/golang.org/x/exp/slog/logger.go
@@ -0,0 +1,343 @@
+// Copyright 2022 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package slog
+
+import (
+	"context"
+	"log"
+	"runtime"
+	"sync/atomic"
+	"time"
+
+	"golang.org/x/exp/slog/internal"
+)
+
+var defaultLogger atomic.Value
+
+func init() {
+	defaultLogger.Store(New(newDefaultHandler(log.Output)))
+}
+
+// Default returns the default Logger.
+func Default() *Logger { return defaultLogger.Load().(*Logger) }
+
+// SetDefault makes l the default Logger.
+// After this call, output from the log package's default Logger
+// (as with [log.Print], etc.) will be logged at LevelInfo using l's Handler.
+func SetDefault(l *Logger) {
+	defaultLogger.Store(l)
+	// If the default's handler is a defaultHandler, then don't use a handleWriter,
+	// or we'll deadlock as they both try to acquire the log default mutex.
+	// The defaultHandler will use whatever the log default writer is currently
+	// set to, which is correct.
+	// This can occur with SetDefault(Default()).
+	// See TestSetDefault.
+	if _, ok := l.Handler().(*defaultHandler); !ok {
+		capturePC := log.Flags()&(log.Lshortfile|log.Llongfile) != 0
+		log.SetOutput(&handlerWriter{l.Handler(), LevelInfo, capturePC})
+		log.SetFlags(0) // we want just the log message, no time or location
+	}
+}
+
+// handlerWriter is an io.Writer that calls a Handler.
+// It is used to link the default log.Logger to the default slog.Logger.
+type handlerWriter struct {
+	h         Handler
+	level     Level
+	capturePC bool
+}
+
+func (w *handlerWriter) Write(buf []byte) (int, error) {
+	if !w.h.Enabled(context.Background(), w.level) {
+		return 0, nil
+	}
+	var pc uintptr
+	if !internal.IgnorePC && w.capturePC {
+		// skip [runtime.Callers, w.Write, Logger.Output, log.Print]
+		var pcs [1]uintptr
+		runtime.Callers(4, pcs[:])
+		pc = pcs[0]
+	}
+
+	// Remove final newline.
+	origLen := len(buf) // Report that the entire buf was written.
+	if len(buf) > 0 && buf[len(buf)-1] == '\n' {
+		buf = buf[:len(buf)-1]
+	}
+	r := NewRecord(time.Now(), w.level, string(buf), pc)
+	return origLen, w.h.Handle(context.Background(), r)
+}
+
+// A Logger records structured information about each call to its
+// Log, Debug, Info, Warn, and Error methods.
+// For each call, it creates a Record and passes it to a Handler.
+//
+// To create a new Logger, call [New] or a Logger method
+// that begins "With".
+type Logger struct {
+	handler Handler // for structured logging
+}
+
+func (l *Logger) clone() *Logger {
+	c := *l
+	return &c
+}
+
+// Handler returns l's Handler.
+func (l *Logger) Handler() Handler { return l.handler }
+
+// With returns a new Logger that includes the given arguments, converted to
+// Attrs as in [Logger.Log].
+// The Attrs will be added to each output from the Logger.
+// The new Logger shares the old Logger's context.
+// The new Logger's handler is the result of calling WithAttrs on the receiver's
+// handler.
+func (l *Logger) With(args ...any) *Logger {
+	c := l.clone()
+	c.handler = l.handler.WithAttrs(argsToAttrSlice(args))
+	return c
+}
+
+// WithGroup returns a new Logger that starts a group. The keys of all
+// attributes added to the Logger will be qualified by the given name.
+// (How that qualification happens depends on the [Handler.WithGroup]
+// method of the Logger's Handler.)
+// The new Logger shares the old Logger's context.
+//
+// The new Logger's handler is the result of calling WithGroup on the receiver's
+// handler.
+func (l *Logger) WithGroup(name string) *Logger {
+	c := l.clone()
+	c.handler = l.handler.WithGroup(name)
+	return c
+
+}
+
+// New creates a new Logger with the given non-nil Handler and a nil context.
+func New(h Handler) *Logger {
+	if h == nil {
+		panic("nil Handler")
+	}
+	return &Logger{handler: h}
+}
+
+// With calls Logger.With on the default logger.
+func With(args ...any) *Logger {
+	return Default().With(args...)
+}
+
+// Enabled reports whether l emits log records at the given context and level.
+func (l *Logger) Enabled(ctx context.Context, level Level) bool {
+	if ctx == nil {
+		ctx = context.Background()
+	}
+	return l.Handler().Enabled(ctx, level)
+}
+
+// NewLogLogger returns a new log.Logger such that each call to its Output method
+// dispatches a Record to the specified handler. The logger acts as a bridge from
+// the older log API to newer structured logging handlers.
+func NewLogLogger(h Handler, level Level) *log.Logger {
+	return log.New(&handlerWriter{h, level, true}, "", 0)
+}
+
+// Log emits a log record with the current time and the given level and message.
+// The Record's Attrs consist of the Logger's attributes followed by
+// the Attrs specified by args.
+//
+// The attribute arguments are processed as follows:
+//   - If an argument is an Attr, it is used as is.
+//   - If an argument is a string and this is not the last argument,
+//     the following argument is treated as the value and the two are combined
+//     into an Attr.
+//   - Otherwise, the argument is treated as a value with key "!BADKEY".
+func (l *Logger) Log(ctx context.Context, level Level, msg string, args ...any) {
+	l.log(ctx, level, msg, args...)
+}
+
+// LogAttrs is a more efficient version of [Logger.Log] that accepts only Attrs.
+func (l *Logger) LogAttrs(ctx context.Context, level Level, msg string, attrs ...Attr) {
+	l.logAttrs(ctx, level, msg, attrs...)
+}
+
+// Debug logs at LevelDebug.
+func (l *Logger) Debug(msg string, args ...any) {
+	l.log(nil, LevelDebug, msg, args...)
+}
+
+// DebugContext logs at LevelDebug with the given context.
+func (l *Logger) DebugContext(ctx context.Context, msg string, args ...any) {
+	l.log(ctx, LevelDebug, msg, args...)
+}
+
+// DebugCtx logs at LevelDebug with the given context.
+// Deprecated: Use Logger.DebugContext.
+func (l *Logger) DebugCtx(ctx context.Context, msg string, args ...any) {
+	l.log(ctx, LevelDebug, msg, args...)
+}
+
+// Info logs at LevelInfo.
+func (l *Logger) Info(msg string, args ...any) {
+	l.log(nil, LevelInfo, msg, args...)
+}
+
+// InfoContext logs at LevelInfo with the given context.
+func (l *Logger) InfoContext(ctx context.Context, msg string, args ...any) {
+	l.log(ctx, LevelInfo, msg, args...)
+}
+
+// InfoCtx logs at LevelInfo with the given context.
+// Deprecated: Use Logger.InfoContext.
+func (l *Logger) InfoCtx(ctx context.Context, msg string, args ...any) {
+	l.log(ctx, LevelInfo, msg, args...)
+}
+
+// Warn logs at LevelWarn.
+func (l *Logger) Warn(msg string, args ...any) {
+	l.log(nil, LevelWarn, msg, args...)
+}
+
+// WarnContext logs at LevelWarn with the given context.
+func (l *Logger) WarnContext(ctx context.Context, msg string, args ...any) {
+	l.log(ctx, LevelWarn, msg, args...)
+}
+
+// WarnCtx logs at LevelWarn with the given context.
+// Deprecated: Use Logger.WarnContext.
+func (l *Logger) WarnCtx(ctx context.Context, msg string, args ...any) {
+	l.log(ctx, LevelWarn, msg, args...)
+}
+
+// Error logs at LevelError.
+func (l *Logger) Error(msg string, args ...any) {
+	l.log(nil, LevelError, msg, args...)
+}
+
+// ErrorContext logs at LevelError with the given context.
+func (l *Logger) ErrorContext(ctx context.Context, msg string, args ...any) {
+	l.log(ctx, LevelError, msg, args...)
+}
+
+// ErrorCtx logs at LevelError with the given context.
+// Deprecated: Use Logger.ErrorContext.
+func (l *Logger) ErrorCtx(ctx context.Context, msg string, args ...any) {
+	l.log(ctx, LevelError, msg, args...)
+}
+
+// log is the low-level logging method for methods that take ...any.
+// It must always be called directly by an exported logging method
+// or function, because it uses a fixed call depth to obtain the pc.
+func (l *Logger) log(ctx context.Context, level Level, msg string, args ...any) {
+	if !l.Enabled(ctx, level) {
+		return
+	}
+	var pc uintptr
+	if !internal.IgnorePC {
+		var pcs [1]uintptr
+		// skip [runtime.Callers, this function, this function's caller]
+		runtime.Callers(3, pcs[:])
+		pc = pcs[0]
+	}
+	r := NewRecord(time.Now(), level, msg, pc)
+	r.Add(args...)
+	if ctx == nil {
+		ctx = context.Background()
+	}
+	_ = l.Handler().Handle(ctx, r)
+}
+
+// logAttrs is like [Logger.log], but for methods that take ...Attr.
+func (l *Logger) logAttrs(ctx context.Context, level Level, msg string, attrs ...Attr) {
+	if !l.Enabled(ctx, level) {
+		return
+	}
+	var pc uintptr
+	if !internal.IgnorePC {
+		var pcs [1]uintptr
+		// skip [runtime.Callers, this function, this function's caller]
+		runtime.Callers(3, pcs[:])
+		pc = pcs[0]
+	}
+	r := NewRecord(time.Now(), level, msg, pc)
+	r.AddAttrs(attrs...)
+	if ctx == nil {
+		ctx = context.Background()
+	}
+	_ = l.Handler().Handle(ctx, r)
+}
+
+// Debug calls Logger.Debug on the default logger.
+func Debug(msg string, args ...any) {
+	Default().log(nil, LevelDebug, msg, args...)
+}
+
+// DebugContext calls Logger.DebugContext on the default logger.
+func DebugContext(ctx context.Context, msg string, args ...any) {
+	Default().log(ctx, LevelDebug, msg, args...)
+}
+
+// Info calls Logger.Info on the default logger.
+func Info(msg string, args ...any) {
+	Default().log(nil, LevelInfo, msg, args...)
+}
+
+// InfoContext calls Logger.InfoContext on the default logger.
+func InfoContext(ctx context.Context, msg string, args ...any) {
+	Default().log(ctx, LevelInfo, msg, args...)
+}
+
+// Warn calls Logger.Warn on the default logger.
+func Warn(msg string, args ...any) {
+	Default().log(nil, LevelWarn, msg, args...)
+}
+
+// WarnContext calls Logger.WarnContext on the default logger.
+func WarnContext(ctx context.Context, msg string, args ...any) {
+	Default().log(ctx, LevelWarn, msg, args...)
+}
+
+// Error calls Logger.Error on the default logger.
+func Error(msg string, args ...any) {
+	Default().log(nil, LevelError, msg, args...)
+}
+
+// ErrorContext calls Logger.ErrorContext on the default logger.
+func ErrorContext(ctx context.Context, msg string, args ...any) {
+	Default().log(ctx, LevelError, msg, args...)
+}
+
+// DebugCtx calls Logger.DebugContext on the default logger.
+// Deprecated: call DebugContext.
+func DebugCtx(ctx context.Context, msg string, args ...any) {
+	Default().log(ctx, LevelDebug, msg, args...)
+}
+
+// InfoCtx calls Logger.InfoContext on the default logger.
+// Deprecated: call InfoContext.
+func InfoCtx(ctx context.Context, msg string, args ...any) {
+	Default().log(ctx, LevelInfo, msg, args...)
+}
+
+// WarnCtx calls Logger.WarnContext on the default logger.
+// Deprecated: call WarnContext.
+func WarnCtx(ctx context.Context, msg string, args ...any) {
+	Default().log(ctx, LevelWarn, msg, args...)
+}
+
+// ErrorCtx calls Logger.ErrorContext on the default logger.
+// Deprecated: call ErrorContext.
+func ErrorCtx(ctx context.Context, msg string, args ...any) {
+	Default().log(ctx, LevelError, msg, args...)
+}
+
+// Log calls Logger.Log on the default logger.
+func Log(ctx context.Context, level Level, msg string, args ...any) {
+	Default().log(ctx, level, msg, args...)
+}
+
+// LogAttrs calls Logger.LogAttrs on the default logger.
+func LogAttrs(ctx context.Context, level Level, msg string, attrs ...Attr) {
+	Default().logAttrs(ctx, level, msg, attrs...)
+}
diff --git a/vendor/golang.org/x/exp/slog/noplog.bench b/vendor/golang.org/x/exp/slog/noplog.bench
new file mode 100644
index 000000000..ed9296ff6
--- /dev/null
+++ b/vendor/golang.org/x/exp/slog/noplog.bench
@@ -0,0 +1,36 @@
+goos: linux
+goarch: amd64
+pkg: golang.org/x/exp/slog
+cpu: Intel(R) Xeon(R) CPU @ 2.20GHz
+BenchmarkNopLog/attrs-8         	 1000000	      1090 ns/op	       0 B/op	       0 allocs/op
+BenchmarkNopLog/attrs-8         	 1000000	      1097 ns/op	       0 B/op	       0 allocs/op
+BenchmarkNopLog/attrs-8         	 1000000	      1078 ns/op	       0 B/op	       0 allocs/op
+BenchmarkNopLog/attrs-8         	 1000000	      1095 ns/op	       0 B/op	       0 allocs/op
+BenchmarkNopLog/attrs-8         	 1000000	      1096 ns/op	       0 B/op	       0 allocs/op
+BenchmarkNopLog/attrs-parallel-8         	 4007268	       308.2 ns/op	       0 B/op	       0 allocs/op
+BenchmarkNopLog/attrs-parallel-8         	 4016138	       299.7 ns/op	       0 B/op	       0 allocs/op
+BenchmarkNopLog/attrs-parallel-8         	 4020529	       305.9 ns/op	       0 B/op	       0 allocs/op
+BenchmarkNopLog/attrs-parallel-8         	 3977829	       303.4 ns/op	       0 B/op	       0 allocs/op
+BenchmarkNopLog/attrs-parallel-8         	 3225438	       318.5 ns/op	       0 B/op	       0 allocs/op
+BenchmarkNopLog/keys-values-8            	 1179256	       994.2 ns/op	       0 B/op	       0 allocs/op
+BenchmarkNopLog/keys-values-8            	 1000000	      1002 ns/op	       0 B/op	       0 allocs/op
+BenchmarkNopLog/keys-values-8            	 1216710	       993.2 ns/op	       0 B/op	       0 allocs/op
+BenchmarkNopLog/keys-values-8            	 1000000	      1013 ns/op	       0 B/op	       0 allocs/op
+BenchmarkNopLog/keys-values-8            	 1000000	      1016 ns/op	       0 B/op	       0 allocs/op
+BenchmarkNopLog/WithContext-8            	  989066	      1163 ns/op	       0 B/op	       0 allocs/op
+BenchmarkNopLog/WithContext-8            	  994116	      1163 ns/op	       0 B/op	       0 allocs/op
+BenchmarkNopLog/WithContext-8            	 1000000	      1152 ns/op	       0 B/op	       0 allocs/op
+BenchmarkNopLog/WithContext-8            	  991675	      1165 ns/op	       0 B/op	       0 allocs/op
+BenchmarkNopLog/WithContext-8            	  965268	      1166 ns/op	       0 B/op	       0 allocs/op
+BenchmarkNopLog/WithContext-parallel-8   	 3955503	       303.3 ns/op	       0 B/op	       0 allocs/op
+BenchmarkNopLog/WithContext-parallel-8   	 3861188	       307.8 ns/op	       0 B/op	       0 allocs/op
+BenchmarkNopLog/WithContext-parallel-8   	 3967752	       303.9 ns/op	       0 B/op	       0 allocs/op
+BenchmarkNopLog/WithContext-parallel-8   	 3955203	       302.7 ns/op	       0 B/op	       0 allocs/op
+BenchmarkNopLog/WithContext-parallel-8   	 3948278	       301.1 ns/op	       0 B/op	       0 allocs/op
+BenchmarkNopLog/Ctx-8                    	  940622	      1247 ns/op	       0 B/op	       0 allocs/op
+BenchmarkNopLog/Ctx-8                    	  936381	      1257 ns/op	       0 B/op	       0 allocs/op
+BenchmarkNopLog/Ctx-8                    	  959730	      1266 ns/op	       0 B/op	       0 allocs/op
+BenchmarkNopLog/Ctx-8                    	  943473	      1290 ns/op	       0 B/op	       0 allocs/op
+BenchmarkNopLog/Ctx-8                    	  919414	      1259 ns/op	       0 B/op	       0 allocs/op
+PASS
+ok  	golang.org/x/exp/slog	40.566s
diff --git a/vendor/golang.org/x/exp/slog/record.go b/vendor/golang.org/x/exp/slog/record.go
new file mode 100644
index 000000000..38b3440f7
--- /dev/null
+++ b/vendor/golang.org/x/exp/slog/record.go
@@ -0,0 +1,207 @@
+// Copyright 2022 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package slog
+
+import (
+	"runtime"
+	"time"
+
+	"golang.org/x/exp/slices"
+)
+
+const nAttrsInline = 5
+
+// A Record holds information about a log event.
+// Copies of a Record share state.
+// Do not modify a Record after handing out a copy to it.
+// Use [Record.Clone] to create a copy with no shared state.
+type Record struct {
+	// The time at which the output method (Log, Info, etc.) was called.
+	Time time.Time
+
+	// The log message.
+	Message string
+
+	// The level of the event.
+	Level Level
+
+	// The program counter at the time the record was constructed, as determined
+	// by runtime.Callers. If zero, no program counter is available.
+	//
+	// The only valid use for this value is as an argument to
+	// [runtime.CallersFrames]. In particular, it must not be passed to
+	// [runtime.FuncForPC].
+	PC uintptr
+
+	// Allocation optimization: an inline array sized to hold
+	// the majority of log calls (based on examination of open-source
+	// code). It holds the start of the list of Attrs.
+	front [nAttrsInline]Attr
+
+	// The number of Attrs in front.
+	nFront int
+
+	// The list of Attrs except for those in front.
+	// Invariants:
+	//   - len(back) > 0 iff nFront == len(front)
+	//   - Unused array elements are zero. Used to detect mistakes.
+	back []Attr
+}
+
+// NewRecord creates a Record from the given arguments.
+// Use [Record.AddAttrs] to add attributes to the Record.
+//
+// NewRecord is intended for logging APIs that want to support a [Handler] as
+// a backend.
+func NewRecord(t time.Time, level Level, msg string, pc uintptr) Record {
+	return Record{
+		Time:    t,
+		Message: msg,
+		Level:   level,
+		PC:      pc,
+	}
+}
+
+// Clone returns a copy of the record with no shared state.
+// The original record and the clone can both be modified
+// without interfering with each other.
+func (r Record) Clone() Record {
+	r.back = slices.Clip(r.back) // prevent append from mutating shared array
+	return r
+}
+
+// NumAttrs returns the number of attributes in the Record.
+func (r Record) NumAttrs() int {
+	return r.nFront + len(r.back)
+}
+
+// Attrs calls f on each Attr in the Record.
+// Iteration stops if f returns false.
+func (r Record) Attrs(f func(Attr) bool) {
+	for i := 0; i < r.nFront; i++ {
+		if !f(r.front[i]) {
+			return
+		}
+	}
+	for _, a := range r.back {
+		if !f(a) {
+			return
+		}
+	}
+}
+
+// AddAttrs appends the given Attrs to the Record's list of Attrs.
+func (r *Record) AddAttrs(attrs ...Attr) {
+	n := copy(r.front[r.nFront:], attrs)
+	r.nFront += n
+	// Check if a copy was modified by slicing past the end
+	// and seeing if the Attr there is non-zero.
+	if cap(r.back) > len(r.back) {
+		end := r.back[:len(r.back)+1][len(r.back)]
+		if !end.isEmpty() {
+			panic("copies of a slog.Record were both modified")
+		}
+	}
+	r.back = append(r.back, attrs[n:]...)
+}
+
+// Add converts the args to Attrs as described in [Logger.Log],
+// then appends the Attrs to the Record's list of Attrs.
+func (r *Record) Add(args ...any) {
+	var a Attr
+	for len(args) > 0 {
+		a, args = argsToAttr(args)
+		if r.nFront < len(r.front) {
+			r.front[r.nFront] = a
+			r.nFront++
+		} else {
+			if r.back == nil {
+				r.back = make([]Attr, 0, countAttrs(args))
+			}
+			r.back = append(r.back, a)
+		}
+	}
+
+}
+
+// countAttrs returns the number of Attrs that would be created from args.
+func countAttrs(args []any) int {
+	n := 0
+	for i := 0; i < len(args); i++ {
+		n++
+		if _, ok := args[i].(string); ok {
+			i++
+		}
+	}
+	return n
+}
+
+const badKey = "!BADKEY"
+
+// argsToAttr turns a prefix of the nonempty args slice into an Attr
+// and returns the unconsumed portion of the slice.
+// If args[0] is an Attr, it returns it.
+// If args[0] is a string, it treats the first two elements as
+// a key-value pair.
+// Otherwise, it treats args[0] as a value with a missing key.
+func argsToAttr(args []any) (Attr, []any) {
+	switch x := args[0].(type) {
+	case string:
+		if len(args) == 1 {
+			return String(badKey, x), nil
+		}
+		return Any(x, args[1]), args[2:]
+
+	case Attr:
+		return x, args[1:]
+
+	default:
+		return Any(badKey, x), args[1:]
+	}
+}
+
+// Source describes the location of a line of source code.
+type Source struct {
+	// Function is the package path-qualified function name containing the
+	// source line. If non-empty, this string uniquely identifies a single
+	// function in the program. This may be the empty string if not known.
+	Function string `json:"function"`
+	// File and Line are the file name and line number (1-based) of the source
+	// line. These may be the empty string and zero, respectively, if not known.
+	File string `json:"file"`
+	Line int    `json:"line"`
+}
+
+// attrs returns the non-zero fields of s as a slice of attrs.
+// It is similar to a LogValue method, but we don't want Source
+// to implement LogValuer because it would be resolved before
+// the ReplaceAttr function was called.
+func (s *Source) group() Value {
+	var as []Attr
+	if s.Function != "" {
+		as = append(as, String("function", s.Function))
+	}
+	if s.File != "" {
+		as = append(as, String("file", s.File))
+	}
+	if s.Line != 0 {
+		as = append(as, Int("line", s.Line))
+	}
+	return GroupValue(as...)
+}
+
+// source returns a Source for the log event.
+// If the Record was created without the necessary information,
+// or if the location is unavailable, it returns a non-nil *Source
+// with zero fields.
+func (r Record) source() *Source {
+	fs := runtime.CallersFrames([]uintptr{r.PC})
+	f, _ := fs.Next()
+	return &Source{
+		Function: f.Function,
+		File:     f.File,
+		Line:     f.Line,
+	}
+}
diff --git a/vendor/golang.org/x/exp/slog/text_handler.go b/vendor/golang.org/x/exp/slog/text_handler.go
new file mode 100644
index 000000000..75b66b716
--- /dev/null
+++ b/vendor/golang.org/x/exp/slog/text_handler.go
@@ -0,0 +1,161 @@
+// Copyright 2022 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package slog
+
+import (
+	"context"
+	"encoding"
+	"fmt"
+	"io"
+	"reflect"
+	"strconv"
+	"unicode"
+	"unicode/utf8"
+)
+
+// TextHandler is a Handler that writes Records to an io.Writer as a
+// sequence of key=value pairs separated by spaces and followed by a newline.
+type TextHandler struct {
+	*commonHandler
+}
+
+// NewTextHandler creates a TextHandler that writes to w,
+// using the given options.
+// If opts is nil, the default options are used.
+func NewTextHandler(w io.Writer, opts *HandlerOptions) *TextHandler {
+	if opts == nil {
+		opts = &HandlerOptions{}
+	}
+	return &TextHandler{
+		&commonHandler{
+			json: false,
+			w:    w,
+			opts: *opts,
+		},
+	}
+}
+
+// Enabled reports whether the handler handles records at the given level.
+// The handler ignores records whose level is lower.
+func (h *TextHandler) Enabled(_ context.Context, level Level) bool {
+	return h.commonHandler.enabled(level)
+}
+
+// WithAttrs returns a new TextHandler whose attributes consists
+// of h's attributes followed by attrs.
+func (h *TextHandler) WithAttrs(attrs []Attr) Handler {
+	return &TextHandler{commonHandler: h.commonHandler.withAttrs(attrs)}
+}
+
+func (h *TextHandler) WithGroup(name string) Handler {
+	return &TextHandler{commonHandler: h.commonHandler.withGroup(name)}
+}
+
+// Handle formats its argument Record as a single line of space-separated
+// key=value items.
+//
+// If the Record's time is zero, the time is omitted.
+// Otherwise, the key is "time"
+// and the value is output in RFC3339 format with millisecond precision.
+//
+// If the Record's level is zero, the level is omitted.
+// Otherwise, the key is "level"
+// and the value of [Level.String] is output.
+//
+// If the AddSource option is set and source information is available,
+// the key is "source" and the value is output as FILE:LINE.
+//
+// The message's key is "msg".
+//
+// To modify these or other attributes, or remove them from the output, use
+// [HandlerOptions.ReplaceAttr].
+//
+// If a value implements [encoding.TextMarshaler], the result of MarshalText is
+// written. Otherwise, the result of fmt.Sprint is written.
+//
+// Keys and values are quoted with [strconv.Quote] if they contain Unicode space
+// characters, non-printing characters, '"' or '='.
+//
+// Keys inside groups consist of components (keys or group names) separated by
+// dots. No further escaping is performed.
+// Thus there is no way to determine from the key "a.b.c" whether there
+// are two groups "a" and "b" and a key "c", or a single group "a.b" and a key "c",
+// or single group "a" and a key "b.c".
+// If it is necessary to reconstruct the group structure of a key
+// even in the presence of dots inside components, use
+// [HandlerOptions.ReplaceAttr] to encode that information in the key.
+//
+// Each call to Handle results in a single serialized call to
+// io.Writer.Write.
+func (h *TextHandler) Handle(_ context.Context, r Record) error {
+	return h.commonHandler.handle(r)
+}
+
+func appendTextValue(s *handleState, v Value) error {
+	switch v.Kind() {
+	case KindString:
+		s.appendString(v.str())
+	case KindTime:
+		s.appendTime(v.time())
+	case KindAny:
+		if tm, ok := v.any.(encoding.TextMarshaler); ok {
+			data, err := tm.MarshalText()
+			if err != nil {
+				return err
+			}
+			// TODO: avoid the conversion to string.
+			s.appendString(string(data))
+			return nil
+		}
+		if bs, ok := byteSlice(v.any); ok {
+			// As of Go 1.19, this only allocates for strings longer than 32 bytes.
+			s.buf.WriteString(strconv.Quote(string(bs)))
+			return nil
+		}
+		s.appendString(fmt.Sprintf("%+v", v.Any()))
+	default:
+		*s.buf = v.append(*s.buf)
+	}
+	return nil
+}
+
+// byteSlice returns its argument as a []byte if the argument's
+// underlying type is []byte, along with a second return value of true.
+// Otherwise it returns nil, false.
+func byteSlice(a any) ([]byte, bool) {
+	if bs, ok := a.([]byte); ok {
+		return bs, true
+	}
+	// Like Printf's %s, we allow both the slice type and the byte element type to be named.
+	t := reflect.TypeOf(a)
+	if t != nil && t.Kind() == reflect.Slice && t.Elem().Kind() == reflect.Uint8 {
+		return reflect.ValueOf(a).Bytes(), true
+	}
+	return nil, false
+}
+
+func needsQuoting(s string) bool {
+	if len(s) == 0 {
+		return true
+	}
+	for i := 0; i < len(s); {
+		b := s[i]
+		if b < utf8.RuneSelf {
+			// Quote anything except a backslash that would need quoting in a
+			// JSON string, as well as space and '='
+			if b != '\\' && (b == ' ' || b == '=' || !safeSet[b]) {
+				return true
+			}
+			i++
+			continue
+		}
+		r, size := utf8.DecodeRuneInString(s[i:])
+		if r == utf8.RuneError || unicode.IsSpace(r) || !unicode.IsPrint(r) {
+			return true
+		}
+		i += size
+	}
+	return false
+}
diff --git a/vendor/golang.org/x/exp/slog/value.go b/vendor/golang.org/x/exp/slog/value.go
new file mode 100644
index 000000000..3550c46fc
--- /dev/null
+++ b/vendor/golang.org/x/exp/slog/value.go
@@ -0,0 +1,456 @@
+// Copyright 2022 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package slog
+
+import (
+	"fmt"
+	"math"
+	"runtime"
+	"strconv"
+	"strings"
+	"time"
+	"unsafe"
+
+	"golang.org/x/exp/slices"
+)
+
+// A Value can represent any Go value, but unlike type any,
+// it can represent most small values without an allocation.
+// The zero Value corresponds to nil.
+type Value struct {
+	_ [0]func() // disallow ==
+	// num holds the value for Kinds Int64, Uint64, Float64, Bool and Duration,
+	// the string length for KindString, and nanoseconds since the epoch for KindTime.
+	num uint64
+	// If any is of type Kind, then the value is in num as described above.
+	// If any is of type *time.Location, then the Kind is Time and time.Time value
+	// can be constructed from the Unix nanos in num and the location (monotonic time
+	// is not preserved).
+	// If any is of type stringptr, then the Kind is String and the string value
+	// consists of the length in num and the pointer in any.
+	// Otherwise, the Kind is Any and any is the value.
+	// (This implies that Attrs cannot store values of type Kind, *time.Location
+	// or stringptr.)
+	any any
+}
+
+// Kind is the kind of a Value.
+type Kind int
+
+// The following list is sorted alphabetically, but it's also important that
+// KindAny is 0 so that a zero Value represents nil.
+
+const (
+	KindAny Kind = iota
+	KindBool
+	KindDuration
+	KindFloat64
+	KindInt64
+	KindString
+	KindTime
+	KindUint64
+	KindGroup
+	KindLogValuer
+)
+
+var kindStrings = []string{
+	"Any",
+	"Bool",
+	"Duration",
+	"Float64",
+	"Int64",
+	"String",
+	"Time",
+	"Uint64",
+	"Group",
+	"LogValuer",
+}
+
+func (k Kind) String() string {
+	if k >= 0 && int(k) < len(kindStrings) {
+		return kindStrings[k]
+	}
+	return "<unknown slog.Kind>"
+}
+
+// Unexported version of Kind, just so we can store Kinds in Values.
+// (No user-provided value has this type.)
+type kind Kind
+
+// Kind returns v's Kind.
+func (v Value) Kind() Kind {
+	switch x := v.any.(type) {
+	case Kind:
+		return x
+	case stringptr:
+		return KindString
+	case timeLocation:
+		return KindTime
+	case groupptr:
+		return KindGroup
+	case LogValuer:
+		return KindLogValuer
+	case kind: // a kind is just a wrapper for a Kind
+		return KindAny
+	default:
+		return KindAny
+	}
+}
+
+//////////////// Constructors
+
+// IntValue returns a Value for an int.
+func IntValue(v int) Value {
+	return Int64Value(int64(v))
+}
+
+// Int64Value returns a Value for an int64.
+func Int64Value(v int64) Value {
+	return Value{num: uint64(v), any: KindInt64}
+}
+
+// Uint64Value returns a Value for a uint64.
+func Uint64Value(v uint64) Value {
+	return Value{num: v, any: KindUint64}
+}
+
+// Float64Value returns a Value for a floating-point number.
+func Float64Value(v float64) Value {
+	return Value{num: math.Float64bits(v), any: KindFloat64}
+}
+
+// BoolValue returns a Value for a bool.
+func BoolValue(v bool) Value {
+	u := uint64(0)
+	if v {
+		u = 1
+	}
+	return Value{num: u, any: KindBool}
+}
+
+// Unexported version of *time.Location, just so we can store *time.Locations in
+// Values. (No user-provided value has this type.)
+type timeLocation *time.Location
+
+// TimeValue returns a Value for a time.Time.
+// It discards the monotonic portion.
+func TimeValue(v time.Time) Value {
+	if v.IsZero() {
+		// UnixNano on the zero time is undefined, so represent the zero time
+		// with a nil *time.Location instead. time.Time.Location method never
+		// returns nil, so a Value with any == timeLocation(nil) cannot be
+		// mistaken for any other Value, time.Time or otherwise.
+		return Value{any: timeLocation(nil)}
+	}
+	return Value{num: uint64(v.UnixNano()), any: timeLocation(v.Location())}
+}
+
+// DurationValue returns a Value for a time.Duration.
+func DurationValue(v time.Duration) Value {
+	return Value{num: uint64(v.Nanoseconds()), any: KindDuration}
+}
+
+// AnyValue returns a Value for the supplied value.
+//
+// If the supplied value is of type Value, it is returned
+// unmodified.
+//
+// Given a value of one of Go's predeclared string, bool, or
+// (non-complex) numeric types, AnyValue returns a Value of kind
+// String, Bool, Uint64, Int64, or Float64. The width of the
+// original numeric type is not preserved.
+//
+// Given a time.Time or time.Duration value, AnyValue returns a Value of kind
+// KindTime or KindDuration. The monotonic time is not preserved.
+//
+// For nil, or values of all other types, including named types whose
+// underlying type is numeric, AnyValue returns a value of kind KindAny.
+func AnyValue(v any) Value {
+	switch v := v.(type) {
+	case string:
+		return StringValue(v)
+	case int:
+		return Int64Value(int64(v))
+	case uint:
+		return Uint64Value(uint64(v))
+	case int64:
+		return Int64Value(v)
+	case uint64:
+		return Uint64Value(v)
+	case bool:
+		return BoolValue(v)
+	case time.Duration:
+		return DurationValue(v)
+	case time.Time:
+		return TimeValue(v)
+	case uint8:
+		return Uint64Value(uint64(v))
+	case uint16:
+		return Uint64Value(uint64(v))
+	case uint32:
+		return Uint64Value(uint64(v))
+	case uintptr:
+		return Uint64Value(uint64(v))
+	case int8:
+		return Int64Value(int64(v))
+	case int16:
+		return Int64Value(int64(v))
+	case int32:
+		return Int64Value(int64(v))
+	case float64:
+		return Float64Value(v)
+	case float32:
+		return Float64Value(float64(v))
+	case []Attr:
+		return GroupValue(v...)
+	case Kind:
+		return Value{any: kind(v)}
+	case Value:
+		return v
+	default:
+		return Value{any: v}
+	}
+}
+
+//////////////// Accessors
+
+// Any returns v's value as an any.
+func (v Value) Any() any {
+	switch v.Kind() {
+	case KindAny:
+		if k, ok := v.any.(kind); ok {
+			return Kind(k)
+		}
+		return v.any
+	case KindLogValuer:
+		return v.any
+	case KindGroup:
+		return v.group()
+	case KindInt64:
+		return int64(v.num)
+	case KindUint64:
+		return v.num
+	case KindFloat64:
+		return v.float()
+	case KindString:
+		return v.str()
+	case KindBool:
+		return v.bool()
+	case KindDuration:
+		return v.duration()
+	case KindTime:
+		return v.time()
+	default:
+		panic(fmt.Sprintf("bad kind: %s", v.Kind()))
+	}
+}
+
+// Int64 returns v's value as an int64. It panics
+// if v is not a signed integer.
+func (v Value) Int64() int64 {
+	if g, w := v.Kind(), KindInt64; g != w {
+		panic(fmt.Sprintf("Value kind is %s, not %s", g, w))
+	}
+	return int64(v.num)
+}
+
+// Uint64 returns v's value as a uint64. It panics
+// if v is not an unsigned integer.
+func (v Value) Uint64() uint64 {
+	if g, w := v.Kind(), KindUint64; g != w {
+		panic(fmt.Sprintf("Value kind is %s, not %s", g, w))
+	}
+	return v.num
+}
+
+// Bool returns v's value as a bool. It panics
+// if v is not a bool.
+func (v Value) Bool() bool {
+	if g, w := v.Kind(), KindBool; g != w {
+		panic(fmt.Sprintf("Value kind is %s, not %s", g, w))
+	}
+	return v.bool()
+}
+
+func (v Value) bool() bool {
+	return v.num == 1
+}
+
+// Duration returns v's value as a time.Duration. It panics
+// if v is not a time.Duration.
+func (v Value) Duration() time.Duration {
+	if g, w := v.Kind(), KindDuration; g != w {
+		panic(fmt.Sprintf("Value kind is %s, not %s", g, w))
+	}
+
+	return v.duration()
+}
+
+func (v Value) duration() time.Duration {
+	return time.Duration(int64(v.num))
+}
+
+// Float64 returns v's value as a float64. It panics
+// if v is not a float64.
+func (v Value) Float64() float64 {
+	if g, w := v.Kind(), KindFloat64; g != w {
+		panic(fmt.Sprintf("Value kind is %s, not %s", g, w))
+	}
+
+	return v.float()
+}
+
+func (v Value) float() float64 {
+	return math.Float64frombits(v.num)
+}
+
+// Time returns v's value as a time.Time. It panics
+// if v is not a time.Time.
+func (v Value) Time() time.Time {
+	if g, w := v.Kind(), KindTime; g != w {
+		panic(fmt.Sprintf("Value kind is %s, not %s", g, w))
+	}
+	return v.time()
+}
+
+func (v Value) time() time.Time {
+	loc := v.any.(timeLocation)
+	if loc == nil {
+		return time.Time{}
+	}
+	return time.Unix(0, int64(v.num)).In(loc)
+}
+
+// LogValuer returns v's value as a LogValuer. It panics
+// if v is not a LogValuer.
+func (v Value) LogValuer() LogValuer {
+	return v.any.(LogValuer)
+}
+
+// Group returns v's value as a []Attr.
+// It panics if v's Kind is not KindGroup.
+func (v Value) Group() []Attr {
+	if sp, ok := v.any.(groupptr); ok {
+		return unsafe.Slice((*Attr)(sp), v.num)
+	}
+	panic("Group: bad kind")
+}
+
+func (v Value) group() []Attr {
+	return unsafe.Slice((*Attr)(v.any.(groupptr)), v.num)
+}
+
+//////////////// Other
+
+// Equal reports whether v and w represent the same Go value.
+func (v Value) Equal(w Value) bool {
+	k1 := v.Kind()
+	k2 := w.Kind()
+	if k1 != k2 {
+		return false
+	}
+	switch k1 {
+	case KindInt64, KindUint64, KindBool, KindDuration:
+		return v.num == w.num
+	case KindString:
+		return v.str() == w.str()
+	case KindFloat64:
+		return v.float() == w.float()
+	case KindTime:
+		return v.time().Equal(w.time())
+	case KindAny, KindLogValuer:
+		return v.any == w.any // may panic if non-comparable
+	case KindGroup:
+		return slices.EqualFunc(v.group(), w.group(), Attr.Equal)
+	default:
+		panic(fmt.Sprintf("bad kind: %s", k1))
+	}
+}
+
+// append appends a text representation of v to dst.
+// v is formatted as with fmt.Sprint.
+func (v Value) append(dst []byte) []byte {
+	switch v.Kind() {
+	case KindString:
+		return append(dst, v.str()...)
+	case KindInt64:
+		return strconv.AppendInt(dst, int64(v.num), 10)
+	case KindUint64:
+		return strconv.AppendUint(dst, v.num, 10)
+	case KindFloat64:
+		return strconv.AppendFloat(dst, v.float(), 'g', -1, 64)
+	case KindBool:
+		return strconv.AppendBool(dst, v.bool())
+	case KindDuration:
+		return append(dst, v.duration().String()...)
+	case KindTime:
+		return append(dst, v.time().String()...)
+	case KindGroup:
+		return fmt.Append(dst, v.group())
+	case KindAny, KindLogValuer:
+		return fmt.Append(dst, v.any)
+	default:
+		panic(fmt.Sprintf("bad kind: %s", v.Kind()))
+	}
+}
+
+// A LogValuer is any Go value that can convert itself into a Value for logging.
+//
+// This mechanism may be used to defer expensive operations until they are
+// needed, or to expand a single value into a sequence of components.
+type LogValuer interface {
+	LogValue() Value
+}
+
+const maxLogValues = 100
+
+// Resolve repeatedly calls LogValue on v while it implements LogValuer,
+// and returns the result.
+// If v resolves to a group, the group's attributes' values are not recursively
+// resolved.
+// If the number of LogValue calls exceeds a threshold, a Value containing an
+// error is returned.
+// Resolve's return value is guaranteed not to be of Kind KindLogValuer.
+func (v Value) Resolve() (rv Value) {
+	orig := v
+	defer func() {
+		if r := recover(); r != nil {
+			rv = AnyValue(fmt.Errorf("LogValue panicked\n%s", stack(3, 5)))
+		}
+	}()
+
+	for i := 0; i < maxLogValues; i++ {
+		if v.Kind() != KindLogValuer {
+			return v
+		}
+		v = v.LogValuer().LogValue()
+	}
+	err := fmt.Errorf("LogValue called too many times on Value of type %T", orig.Any())
+	return AnyValue(err)
+}
+
+func stack(skip, nFrames int) string {
+	pcs := make([]uintptr, nFrames+1)
+	n := runtime.Callers(skip+1, pcs)
+	if n == 0 {
+		return "(no stack)"
+	}
+	frames := runtime.CallersFrames(pcs[:n])
+	var b strings.Builder
+	i := 0
+	for {
+		frame, more := frames.Next()
+		fmt.Fprintf(&b, "called from %s (%s:%d)\n", frame.Function, frame.File, frame.Line)
+		if !more {
+			break
+		}
+		i++
+		if i >= nFrames {
+			fmt.Fprintf(&b, "(rest of stack elided)\n")
+			break
+		}
+	}
+	return b.String()
+}
diff --git a/vendor/golang.org/x/exp/slog/value_119.go b/vendor/golang.org/x/exp/slog/value_119.go
new file mode 100644
index 000000000..29b0d7329
--- /dev/null
+++ b/vendor/golang.org/x/exp/slog/value_119.go
@@ -0,0 +1,53 @@
+// Copyright 2022 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build go1.19 && !go1.20
+
+package slog
+
+import (
+	"reflect"
+	"unsafe"
+)
+
+type (
+	stringptr unsafe.Pointer // used in Value.any when the Value is a string
+	groupptr  unsafe.Pointer // used in Value.any when the Value is a []Attr
+)
+
+// StringValue returns a new Value for a string.
+func StringValue(value string) Value {
+	hdr := (*reflect.StringHeader)(unsafe.Pointer(&value))
+	return Value{num: uint64(hdr.Len), any: stringptr(hdr.Data)}
+}
+
+func (v Value) str() string {
+	var s string
+	hdr := (*reflect.StringHeader)(unsafe.Pointer(&s))
+	hdr.Data = uintptr(v.any.(stringptr))
+	hdr.Len = int(v.num)
+	return s
+}
+
+// String returns Value's value as a string, formatted like fmt.Sprint. Unlike
+// the methods Int64, Float64, and so on, which panic if v is of the
+// wrong kind, String never panics.
+func (v Value) String() string {
+	if sp, ok := v.any.(stringptr); ok {
+		// Inlining this code makes a huge difference.
+		var s string
+		hdr := (*reflect.StringHeader)(unsafe.Pointer(&s))
+		hdr.Data = uintptr(sp)
+		hdr.Len = int(v.num)
+		return s
+	}
+	return string(v.append(nil))
+}
+
+// GroupValue returns a new Value for a list of Attrs.
+// The caller must not subsequently mutate the argument slice.
+func GroupValue(as ...Attr) Value {
+	hdr := (*reflect.SliceHeader)(unsafe.Pointer(&as))
+	return Value{num: uint64(hdr.Len), any: groupptr(hdr.Data)}
+}
diff --git a/vendor/golang.org/x/exp/slog/value_120.go b/vendor/golang.org/x/exp/slog/value_120.go
new file mode 100644
index 000000000..f7d4c0932
--- /dev/null
+++ b/vendor/golang.org/x/exp/slog/value_120.go
@@ -0,0 +1,39 @@
+// Copyright 2022 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build go1.20
+
+package slog
+
+import "unsafe"
+
+type (
+	stringptr *byte // used in Value.any when the Value is a string
+	groupptr  *Attr // used in Value.any when the Value is a []Attr
+)
+
+// StringValue returns a new Value for a string.
+func StringValue(value string) Value {
+	return Value{num: uint64(len(value)), any: stringptr(unsafe.StringData(value))}
+}
+
+// GroupValue returns a new Value for a list of Attrs.
+// The caller must not subsequently mutate the argument slice.
+func GroupValue(as ...Attr) Value {
+	return Value{num: uint64(len(as)), any: groupptr(unsafe.SliceData(as))}
+}
+
+// String returns Value's value as a string, formatted like fmt.Sprint. Unlike
+// the methods Int64, Float64, and so on, which panic if v is of the
+// wrong kind, String never panics.
+func (v Value) String() string {
+	if sp, ok := v.any.(stringptr); ok {
+		return unsafe.String(sp, v.num)
+	}
+	return string(v.append(nil))
+}
+
+func (v Value) str() string {
+	return unsafe.String(v.any.(stringptr), v.num)
+}
diff --git a/vendor/golang.org/x/mod/internal/lazyregexp/lazyre.go b/vendor/golang.org/x/mod/internal/lazyregexp/lazyre.go
index 2681af35a..150f887e7 100644
--- a/vendor/golang.org/x/mod/internal/lazyregexp/lazyre.go
+++ b/vendor/golang.org/x/mod/internal/lazyregexp/lazyre.go
@@ -13,7 +13,7 @@ import (
 	"sync"
 )
 
-// Regexp is a wrapper around regexp.Regexp, where the underlying regexp will be
+// Regexp is a wrapper around [regexp.Regexp], where the underlying regexp will be
 // compiled the first time it is needed.
 type Regexp struct {
 	str  string
diff --git a/vendor/golang.org/x/mod/modfile/read.go b/vendor/golang.org/x/mod/modfile/read.go
index a503bc210..5b5bb5e11 100644
--- a/vendor/golang.org/x/mod/modfile/read.go
+++ b/vendor/golang.org/x/mod/modfile/read.go
@@ -65,7 +65,7 @@ type Comments struct {
 }
 
 // Comment returns the receiver. This isn't useful by itself, but
-// a Comments struct is embedded into all the expression
+// a [Comments] struct is embedded into all the expression
 // implementation types, and this gives each of those a Comment
 // method to satisfy the Expr interface.
 func (c *Comments) Comment() *Comments {
diff --git a/vendor/golang.org/x/mod/modfile/rule.go b/vendor/golang.org/x/mod/modfile/rule.go
index b4dd7997b..e0869fa38 100644
--- a/vendor/golang.org/x/mod/modfile/rule.go
+++ b/vendor/golang.org/x/mod/modfile/rule.go
@@ -5,17 +5,17 @@
 // Package modfile implements a parser and formatter for go.mod files.
 //
 // The go.mod syntax is described in
-// https://golang.org/cmd/go/#hdr-The_go_mod_file.
+// https://pkg.go.dev/cmd/go/#hdr-The_go_mod_file.
 //
-// The Parse and ParseLax functions both parse a go.mod file and return an
+// The [Parse] and [ParseLax] functions both parse a go.mod file and return an
 // abstract syntax tree. ParseLax ignores unknown statements and may be used to
 // parse go.mod files that may have been developed with newer versions of Go.
 //
-// The File struct returned by Parse and ParseLax represent an abstract
-// go.mod file. File has several methods like AddNewRequire and DropReplace
-// that can be used to programmatically edit a file.
+// The [File] struct returned by Parse and ParseLax represent an abstract
+// go.mod file. File has several methods like [File.AddNewRequire] and
+// [File.DropReplace] that can be used to programmatically edit a file.
 //
-// The Format function formats a File back to a byte slice which can be
+// The [Format] function formats a File back to a byte slice which can be
 // written to a file.
 package modfile
 
@@ -226,7 +226,7 @@ var dontFixRetract VersionFixer = func(_, vers string) (string, error) {
 // data is the content of the file.
 //
 // fix is an optional function that canonicalizes module versions.
-// If fix is nil, all module versions must be canonical (module.CanonicalVersion
+// If fix is nil, all module versions must be canonical ([module.CanonicalVersion]
 // must return the same string).
 func Parse(file string, data []byte, fix VersionFixer) (*File, error) {
 	return parseToFile(file, data, fix, true)
@@ -367,7 +367,7 @@ func (f *File) add(errs *ErrorList, block *LineBlock, line *Line, verb string, a
 				}
 			}
 			if !fixed {
-				errorf("invalid go version '%s': must match format 1.23", args[0])
+				errorf("invalid go version '%s': must match format 1.23.0", args[0])
 				return
 			}
 		}
@@ -384,7 +384,7 @@ func (f *File) add(errs *ErrorList, block *LineBlock, line *Line, verb string, a
 			errorf("toolchain directive expects exactly one argument")
 			return
 		} else if strict && !ToolchainRE.MatchString(args[0]) {
-			errorf("invalid toolchain version '%s': must match format go1.23 or local", args[0])
+			errorf("invalid toolchain version '%s': must match format go1.23.0 or local", args[0])
 			return
 		}
 		f.Toolchain = &Toolchain{Syntax: line}
@@ -923,7 +923,7 @@ func (f *File) Format() ([]byte, error) {
 }
 
 // Cleanup cleans up the file f after any edit operations.
-// To avoid quadratic behavior, modifications like DropRequire
+// To avoid quadratic behavior, modifications like [File.DropRequire]
 // clear the entry but do not remove it from the slice.
 // Cleanup cleans out all the cleared entries.
 func (f *File) Cleanup() {
@@ -1075,8 +1075,8 @@ func (f *File) AddNewRequire(path, vers string, indirect bool) {
 // The requirements in req must specify at most one distinct version for each
 // module path.
 //
-// If any existing requirements may be removed, the caller should call Cleanup
-// after all edits are complete.
+// If any existing requirements may be removed, the caller should call
+// [File.Cleanup] after all edits are complete.
 func (f *File) SetRequire(req []*Require) {
 	type elem struct {
 		version  string
diff --git a/vendor/golang.org/x/mod/modfile/work.go b/vendor/golang.org/x/mod/modfile/work.go
index 75dc1c549..d7b99376e 100644
--- a/vendor/golang.org/x/mod/modfile/work.go
+++ b/vendor/golang.org/x/mod/modfile/work.go
@@ -34,7 +34,7 @@ type Use struct {
 // data is the content of the file.
 //
 // fix is an optional function that canonicalizes module versions.
-// If fix is nil, all module versions must be canonical (module.CanonicalVersion
+// If fix is nil, all module versions must be canonical ([module.CanonicalVersion]
 // must return the same string).
 func ParseWork(file string, data []byte, fix VersionFixer) (*WorkFile, error) {
 	fs, err := parse(file, data)
@@ -83,7 +83,7 @@ func ParseWork(file string, data []byte, fix VersionFixer) (*WorkFile, error) {
 }
 
 // Cleanup cleans up the file f after any edit operations.
-// To avoid quadratic behavior, modifications like DropRequire
+// To avoid quadratic behavior, modifications like [WorkFile.DropRequire]
 // clear the entry but do not remove it from the slice.
 // Cleanup cleans out all the cleared entries.
 func (f *WorkFile) Cleanup() {
diff --git a/vendor/golang.org/x/mod/module/module.go b/vendor/golang.org/x/mod/module/module.go
index e9dec6e61..2a364b229 100644
--- a/vendor/golang.org/x/mod/module/module.go
+++ b/vendor/golang.org/x/mod/module/module.go
@@ -4,7 +4,7 @@
 
 // Package module defines the module.Version type along with support code.
 //
-// The module.Version type is a simple Path, Version pair:
+// The [module.Version] type is a simple Path, Version pair:
 //
 //	type Version struct {
 //		Path string
@@ -12,7 +12,7 @@
 //	}
 //
 // There are no restrictions imposed directly by use of this structure,
-// but additional checking functions, most notably Check, verify that
+// but additional checking functions, most notably [Check], verify that
 // a particular path, version pair is valid.
 //
 // # Escaped Paths
@@ -140,7 +140,7 @@ type ModuleError struct {
 	Err     error
 }
 
-// VersionError returns a ModuleError derived from a Version and error,
+// VersionError returns a [ModuleError] derived from a [Version] and error,
 // or err itself if it is already such an error.
 func VersionError(v Version, err error) error {
 	var mErr *ModuleError
@@ -169,7 +169,7 @@ func (e *ModuleError) Unwrap() error { return e.Err }
 // An InvalidVersionError indicates an error specific to a version, with the
 // module path unknown or specified externally.
 //
-// A ModuleError may wrap an InvalidVersionError, but an InvalidVersionError
+// A [ModuleError] may wrap an InvalidVersionError, but an InvalidVersionError
 // must not wrap a ModuleError.
 type InvalidVersionError struct {
 	Version string
@@ -193,8 +193,8 @@ func (e *InvalidVersionError) Error() string {
 func (e *InvalidVersionError) Unwrap() error { return e.Err }
 
 // An InvalidPathError indicates a module, import, or file path doesn't
-// satisfy all naming constraints. See CheckPath, CheckImportPath,
-// and CheckFilePath for specific restrictions.
+// satisfy all naming constraints. See [CheckPath], [CheckImportPath],
+// and [CheckFilePath] for specific restrictions.
 type InvalidPathError struct {
 	Kind string // "module", "import", or "file"
 	Path string
@@ -294,7 +294,7 @@ func fileNameOK(r rune) bool {
 }
 
 // CheckPath checks that a module path is valid.
-// A valid module path is a valid import path, as checked by CheckImportPath,
+// A valid module path is a valid import path, as checked by [CheckImportPath],
 // with three additional constraints.
 // First, the leading path element (up to the first slash, if any),
 // by convention a domain name, must contain only lower-case ASCII letters,
@@ -380,7 +380,7 @@ const (
 // checkPath returns an error describing why the path is not valid.
 // Because these checks apply to module, import, and file paths,
 // and because other checks may be applied, the caller is expected to wrap
-// this error with InvalidPathError.
+// this error with [InvalidPathError].
 func checkPath(path string, kind pathKind) error {
 	if !utf8.ValidString(path) {
 		return fmt.Errorf("invalid UTF-8")
@@ -532,7 +532,7 @@ var badWindowsNames = []string{
 // they require ".vN" instead of "/vN", and for all N, not just N >= 2.
 // SplitPathVersion returns with ok = false when presented with
 // a path whose last path element does not satisfy the constraints
-// applied by CheckPath, such as "example.com/pkg/v1" or "example.com/pkg/v1.2".
+// applied by [CheckPath], such as "example.com/pkg/v1" or "example.com/pkg/v1.2".
 func SplitPathVersion(path string) (prefix, pathMajor string, ok bool) {
 	if strings.HasPrefix(path, "gopkg.in/") {
 		return splitGopkgIn(path)
@@ -582,7 +582,7 @@ func splitGopkgIn(path string) (prefix, pathMajor string, ok bool) {
 // MatchPathMajor reports whether the semantic version v
 // matches the path major version pathMajor.
 //
-// MatchPathMajor returns true if and only if CheckPathMajor returns nil.
+// MatchPathMajor returns true if and only if [CheckPathMajor] returns nil.
 func MatchPathMajor(v, pathMajor string) bool {
 	return CheckPathMajor(v, pathMajor) == nil
 }
@@ -622,7 +622,7 @@ func CheckPathMajor(v, pathMajor string) error {
 // PathMajorPrefix returns the major-version tag prefix implied by pathMajor.
 // An empty PathMajorPrefix allows either v0 or v1.
 //
-// Note that MatchPathMajor may accept some versions that do not actually begin
+// Note that [MatchPathMajor] may accept some versions that do not actually begin
 // with this prefix: namely, it accepts a 'v0.0.0-' prefix for a '.v1'
 // pathMajor, even though that pathMajor implies 'v1' tagging.
 func PathMajorPrefix(pathMajor string) string {
@@ -643,7 +643,7 @@ func PathMajorPrefix(pathMajor string) string {
 }
 
 // CanonicalVersion returns the canonical form of the version string v.
-// It is the same as semver.Canonical(v) except that it preserves the special build suffix "+incompatible".
+// It is the same as [semver.Canonical] except that it preserves the special build suffix "+incompatible".
 func CanonicalVersion(v string) string {
 	cv := semver.Canonical(v)
 	if semver.Build(v) == "+incompatible" {
@@ -652,8 +652,8 @@ func CanonicalVersion(v string) string {
 	return cv
 }
 
-// Sort sorts the list by Path, breaking ties by comparing Version fields.
-// The Version fields are interpreted as semantic versions (using semver.Compare)
+// Sort sorts the list by Path, breaking ties by comparing [Version] fields.
+// The Version fields are interpreted as semantic versions (using [semver.Compare])
 // optionally followed by a tie-breaking suffix introduced by a slash character,
 // like in "v0.0.1/go.mod".
 func Sort(list []Version) {
@@ -793,7 +793,7 @@ func unescapeString(escaped string) (string, bool) {
 }
 
 // MatchPrefixPatterns reports whether any path prefix of target matches one of
-// the glob patterns (as defined by path.Match) in the comma-separated globs
+// the glob patterns (as defined by [path.Match]) in the comma-separated globs
 // list. This implements the algorithm used when matching a module path to the
 // GOPRIVATE environment variable, as described by 'go help module-private'.
 //
diff --git a/vendor/golang.org/x/mod/module/pseudo.go b/vendor/golang.org/x/mod/module/pseudo.go
index f04ad3788..9cf19d325 100644
--- a/vendor/golang.org/x/mod/module/pseudo.go
+++ b/vendor/golang.org/x/mod/module/pseudo.go
@@ -125,7 +125,7 @@ func IsPseudoVersion(v string) bool {
 }
 
 // IsZeroPseudoVersion returns whether v is a pseudo-version with a zero base,
-// timestamp, and revision, as returned by ZeroPseudoVersion.
+// timestamp, and revision, as returned by [ZeroPseudoVersion].
 func IsZeroPseudoVersion(v string) bool {
 	return v == ZeroPseudoVersion(semver.Major(v))
 }
diff --git a/vendor/golang.org/x/mod/semver/semver.go b/vendor/golang.org/x/mod/semver/semver.go
index a30a22bf2..9a2dfd33a 100644
--- a/vendor/golang.org/x/mod/semver/semver.go
+++ b/vendor/golang.org/x/mod/semver/semver.go
@@ -140,7 +140,7 @@ func Compare(v, w string) int {
 // Max canonicalizes its arguments and then returns the version string
 // that compares greater.
 //
-// Deprecated: use Compare instead. In most cases, returning a canonicalized
+// Deprecated: use [Compare] instead. In most cases, returning a canonicalized
 // version is not expected or desired.
 func Max(v, w string) string {
 	v = Canonical(v)
@@ -151,7 +151,7 @@ func Max(v, w string) string {
 	return w
 }
 
-// ByVersion implements sort.Interface for sorting semantic version strings.
+// ByVersion implements [sort.Interface] for sorting semantic version strings.
 type ByVersion []string
 
 func (vs ByVersion) Len() int      { return len(vs) }
@@ -164,7 +164,7 @@ func (vs ByVersion) Less(i, j int) bool {
 	return vs[i] < vs[j]
 }
 
-// Sort sorts a list of semantic version strings using ByVersion.
+// Sort sorts a list of semantic version strings using [ByVersion].
 func Sort(list []string) {
 	sort.Sort(ByVersion(list))
 }
diff --git a/vendor/golang.org/x/mod/sumdb/note/note.go b/vendor/golang.org/x/mod/sumdb/note/note.go
index 8c22b19d3..db9865c31 100644
--- a/vendor/golang.org/x/mod/sumdb/note/note.go
+++ b/vendor/golang.org/x/mod/sumdb/note/note.go
@@ -20,45 +20,45 @@
 //
 // # Verifying Notes
 //
-// A Verifier allows verification of signatures by one server public key.
+// A [Verifier] allows verification of signatures by one server public key.
 // It can report the name of the server and the uint32 hash of the key,
 // and it can verify a purported signature by that key.
 //
 // The standard implementation of a Verifier is constructed
-// by NewVerifier starting from a verifier key, which is a
+// by [NewVerifier] starting from a verifier key, which is a
 // plain text string of the form "<name>+<hash>+<keydata>".
 //
-// A Verifiers allows looking up a Verifier by the combination
+// A [Verifiers] allows looking up a Verifier by the combination
 // of server name and key hash.
 //
 // The standard implementation of a Verifiers is constructed
 // by VerifierList from a list of known verifiers.
 //
-// A Note represents a text with one or more signatures.
+// A [Note] represents a text with one or more signatures.
 // An implementation can reject a note with too many signatures
 // (for example, more than 100 signatures).
 //
-// A Signature represents a signature on a note, verified or not.
+// A [Signature] represents a signature on a note, verified or not.
 //
-// The Open function takes as input a signed message
+// The [Open] function takes as input a signed message
 // and a set of known verifiers. It decodes and verifies
-// the message signatures and returns a Note structure
+// the message signatures and returns a [Note] structure
 // containing the message text and (verified or unverified) signatures.
 //
 // # Signing Notes
 //
-// A Signer allows signing a text with a given key.
+// A [Signer] allows signing a text with a given key.
 // It can report the name of the server and the hash of the key
 // and can sign a raw text using that key.
 //
 // The standard implementation of a Signer is constructed
-// by NewSigner starting from an encoded signer key, which is a
+// by [NewSigner] starting from an encoded signer key, which is a
 // plain text string of the form "PRIVATE+KEY+<name>+<hash>+<keydata>".
 // Anyone with an encoded signer key can sign messages using that key,
 // so it must be kept secret. The encoding begins with the literal text
 // "PRIVATE+KEY" to avoid confusion with the public server key.
 //
-// The Sign function takes as input a Note and a list of Signers
+// The [Sign] function takes as input a Note and a list of Signers
 // and returns an encoded, signed message.
 //
 // # Signed Note Format
@@ -88,7 +88,7 @@
 // although doing so will require deploying the new algorithms to all clients
 // before starting to depend on them for signatures.
 //
-// The GenerateKey function generates and returns a new signer
+// The [GenerateKey] function generates and returns a new signer
 // and corresponding verifier.
 //
 // # Example
@@ -123,9 +123,9 @@
 // base URLs, the only syntactic requirement is that they
 // not contain spaces or newlines).
 //
-// If Open is given access to a Verifiers including the
-// Verifier for this key, then it will succeed at verifying
-// the encoded message and returning the parsed Note:
+// If [Open] is given access to a [Verifiers] including the
+// [Verifier] for this key, then it will succeed at verifying
+// the encoded message and returning the parsed [Note]:
 //
 //	vkey := "PeterNeumann+c74f20a3+ARpc2QcUPDhMQegwxbzhKqiBfsVkmqq/LDE4izWy10TW"
 //	msg := []byte("If you think cryptography is the answer to your problem,\n" +
@@ -238,7 +238,7 @@ func isValidName(name string) bool {
 	return name != "" && utf8.ValidString(name) && strings.IndexFunc(name, unicode.IsSpace) < 0 && !strings.Contains(name, "+")
 }
 
-// NewVerifier construct a new Verifier from an encoded verifier key.
+// NewVerifier construct a new [Verifier] from an encoded verifier key.
 func NewVerifier(vkey string) (Verifier, error) {
 	name, vkey := chop(vkey, "+")
 	hash16, key64 := chop(vkey, "+")
@@ -295,7 +295,7 @@ func (v *verifier) Name() string                { return v.name }
 func (v *verifier) KeyHash() uint32             { return v.hash }
 func (v *verifier) Verify(msg, sig []byte) bool { return v.verify(msg, sig) }
 
-// NewSigner constructs a new Signer from an encoded signer key.
+// NewSigner constructs a new [Signer] from an encoded signer key.
 func NewSigner(skey string) (Signer, error) {
 	priv1, skey := chop(skey, "+")
 	priv2, skey := chop(skey, "+")
@@ -409,7 +409,7 @@ func (e *UnknownVerifierError) Error() string {
 }
 
 // An ambiguousVerifierError indicates that the given name and hash
-// match multiple keys passed to VerifierList.
+// match multiple keys passed to [VerifierList].
 // (If this happens, some malicious actor has taken control of the
 // verifier list, at which point we may as well give up entirely,
 // but we diagnose the problem instead.)
@@ -422,7 +422,7 @@ func (e *ambiguousVerifierError) Error() string {
 	return fmt.Sprintf("ambiguous key %s+%08x", e.name, e.hash)
 }
 
-// VerifierList returns a Verifiers implementation that uses the given list of verifiers.
+// VerifierList returns a [Verifiers] implementation that uses the given list of verifiers.
 func VerifierList(list ...Verifier) Verifiers {
 	m := make(verifierMap)
 	for _, v := range list {
@@ -510,7 +510,7 @@ var (
 // If known.Verifier returns any other error, Open returns that error.
 //
 // If no known verifier has signed an otherwise valid note,
-// Open returns an UnverifiedNoteError.
+// Open returns an [UnverifiedNoteError].
 // In this case, the unverified note can be fetched from inside the error.
 func Open(msg []byte, known Verifiers) (*Note, error) {
 	if known == nil {
diff --git a/vendor/golang.org/x/oauth2/deviceauth.go b/vendor/golang.org/x/oauth2/deviceauth.go
new file mode 100644
index 000000000..e99c92f39
--- /dev/null
+++ b/vendor/golang.org/x/oauth2/deviceauth.go
@@ -0,0 +1,198 @@
+package oauth2
+
+import (
+	"context"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"io"
+	"net/http"
+	"net/url"
+	"strings"
+	"time"
+
+	"golang.org/x/oauth2/internal"
+)
+
+// https://datatracker.ietf.org/doc/html/rfc8628#section-3.5
+const (
+	errAuthorizationPending = "authorization_pending"
+	errSlowDown             = "slow_down"
+	errAccessDenied         = "access_denied"
+	errExpiredToken         = "expired_token"
+)
+
+// DeviceAuthResponse describes a successful RFC 8628 Device Authorization Response
+// https://datatracker.ietf.org/doc/html/rfc8628#section-3.2
+type DeviceAuthResponse struct {
+	// DeviceCode
+	DeviceCode string `json:"device_code"`
+	// UserCode is the code the user should enter at the verification uri
+	UserCode string `json:"user_code"`
+	// VerificationURI is where user should enter the user code
+	VerificationURI string `json:"verification_uri"`
+	// VerificationURIComplete (if populated) includes the user code in the verification URI. This is typically shown to the user in non-textual form, such as a QR code.
+	VerificationURIComplete string `json:"verification_uri_complete,omitempty"`
+	// Expiry is when the device code and user code expire
+	Expiry time.Time `json:"expires_in,omitempty"`
+	// Interval is the duration in seconds that Poll should wait between requests
+	Interval int64 `json:"interval,omitempty"`
+}
+
+func (d DeviceAuthResponse) MarshalJSON() ([]byte, error) {
+	type Alias DeviceAuthResponse
+	var expiresIn int64
+	if !d.Expiry.IsZero() {
+		expiresIn = int64(time.Until(d.Expiry).Seconds())
+	}
+	return json.Marshal(&struct {
+		ExpiresIn int64 `json:"expires_in,omitempty"`
+		*Alias
+	}{
+		ExpiresIn: expiresIn,
+		Alias:     (*Alias)(&d),
+	})
+
+}
+
+func (c *DeviceAuthResponse) UnmarshalJSON(data []byte) error {
+	type Alias DeviceAuthResponse
+	aux := &struct {
+		ExpiresIn int64 `json:"expires_in"`
+		// workaround misspelling of verification_uri
+		VerificationURL string `json:"verification_url"`
+		*Alias
+	}{
+		Alias: (*Alias)(c),
+	}
+	if err := json.Unmarshal(data, &aux); err != nil {
+		return err
+	}
+	if aux.ExpiresIn != 0 {
+		c.Expiry = time.Now().UTC().Add(time.Second * time.Duration(aux.ExpiresIn))
+	}
+	if c.VerificationURI == "" {
+		c.VerificationURI = aux.VerificationURL
+	}
+	return nil
+}
+
+// DeviceAuth returns a device auth struct which contains a device code
+// and authorization information provided for users to enter on another device.
+func (c *Config) DeviceAuth(ctx context.Context, opts ...AuthCodeOption) (*DeviceAuthResponse, error) {
+	// https://datatracker.ietf.org/doc/html/rfc8628#section-3.1
+	v := url.Values{
+		"client_id": {c.ClientID},
+	}
+	if len(c.Scopes) > 0 {
+		v.Set("scope", strings.Join(c.Scopes, " "))
+	}
+	for _, opt := range opts {
+		opt.setValue(v)
+	}
+	return retrieveDeviceAuth(ctx, c, v)
+}
+
+func retrieveDeviceAuth(ctx context.Context, c *Config, v url.Values) (*DeviceAuthResponse, error) {
+	if c.Endpoint.DeviceAuthURL == "" {
+		return nil, errors.New("endpoint missing DeviceAuthURL")
+	}
+
+	req, err := http.NewRequest("POST", c.Endpoint.DeviceAuthURL, strings.NewReader(v.Encode()))
+	if err != nil {
+		return nil, err
+	}
+	req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
+	req.Header.Set("Accept", "application/json")
+
+	t := time.Now()
+	r, err := internal.ContextClient(ctx).Do(req)
+	if err != nil {
+		return nil, err
+	}
+
+	body, err := io.ReadAll(io.LimitReader(r.Body, 1<<20))
+	if err != nil {
+		return nil, fmt.Errorf("oauth2: cannot auth device: %v", err)
+	}
+	if code := r.StatusCode; code < 200 || code > 299 {
+		return nil, &RetrieveError{
+			Response: r,
+			Body:     body,
+		}
+	}
+
+	da := &DeviceAuthResponse{}
+	err = json.Unmarshal(body, &da)
+	if err != nil {
+		return nil, fmt.Errorf("unmarshal %s", err)
+	}
+
+	if !da.Expiry.IsZero() {
+		// Make a small adjustment to account for time taken by the request
+		da.Expiry = da.Expiry.Add(-time.Since(t))
+	}
+
+	return da, nil
+}
+
+// DeviceAccessToken polls the server to exchange a device code for a token.
+func (c *Config) DeviceAccessToken(ctx context.Context, da *DeviceAuthResponse, opts ...AuthCodeOption) (*Token, error) {
+	if !da.Expiry.IsZero() {
+		var cancel context.CancelFunc
+		ctx, cancel = context.WithDeadline(ctx, da.Expiry)
+		defer cancel()
+	}
+
+	// https://datatracker.ietf.org/doc/html/rfc8628#section-3.4
+	v := url.Values{
+		"client_id":   {c.ClientID},
+		"grant_type":  {"urn:ietf:params:oauth:grant-type:device_code"},
+		"device_code": {da.DeviceCode},
+	}
+	if len(c.Scopes) > 0 {
+		v.Set("scope", strings.Join(c.Scopes, " "))
+	}
+	for _, opt := range opts {
+		opt.setValue(v)
+	}
+
+	// "If no value is provided, clients MUST use 5 as the default."
+	// https://datatracker.ietf.org/doc/html/rfc8628#section-3.2
+	interval := da.Interval
+	if interval == 0 {
+		interval = 5
+	}
+
+	ticker := time.NewTicker(time.Duration(interval) * time.Second)
+	defer ticker.Stop()
+	for {
+		select {
+		case <-ctx.Done():
+			return nil, ctx.Err()
+		case <-ticker.C:
+			tok, err := retrieveToken(ctx, c, v)
+			if err == nil {
+				return tok, nil
+			}
+
+			e, ok := err.(*RetrieveError)
+			if !ok {
+				return nil, err
+			}
+			switch e.ErrorCode {
+			case errSlowDown:
+				// https://datatracker.ietf.org/doc/html/rfc8628#section-3.5
+				// "the interval MUST be increased by 5 seconds for this and all subsequent requests"
+				interval += 5
+				ticker.Reset(time.Duration(interval) * time.Second)
+			case errAuthorizationPending:
+				// Do nothing.
+			case errAccessDenied, errExpiredToken:
+				fallthrough
+			default:
+				return tok, err
+			}
+		}
+	}
+}
diff --git a/vendor/golang.org/x/oauth2/google/appengine_gen1.go b/vendor/golang.org/x/oauth2/google/appengine_gen1.go
index 16c6c6b90..e61587945 100644
--- a/vendor/golang.org/x/oauth2/google/appengine_gen1.go
+++ b/vendor/golang.org/x/oauth2/google/appengine_gen1.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build appengine
-// +build appengine
 
 // This file applies to App Engine first generation runtimes (<= Go 1.9).
 
diff --git a/vendor/golang.org/x/oauth2/google/appengine_gen2_flex.go b/vendor/golang.org/x/oauth2/google/appengine_gen2_flex.go
index a7e27b3d2..9c79aa0a0 100644
--- a/vendor/golang.org/x/oauth2/google/appengine_gen2_flex.go
+++ b/vendor/golang.org/x/oauth2/google/appengine_gen2_flex.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build !appengine
-// +build !appengine
 
 // This file applies to App Engine second generation runtimes (>= Go 1.11) and App Engine flexible.
 
diff --git a/vendor/golang.org/x/oauth2/google/default.go b/vendor/golang.org/x/oauth2/google/default.go
index 2cf71f0f9..12b12a30c 100644
--- a/vendor/golang.org/x/oauth2/google/default.go
+++ b/vendor/golang.org/x/oauth2/google/default.go
@@ -19,7 +19,10 @@ import (
 	"golang.org/x/oauth2/authhandler"
 )
 
-const adcSetupURL = "https://cloud.google.com/docs/authentication/external/set-up-adc"
+const (
+	adcSetupURL           = "https://cloud.google.com/docs/authentication/external/set-up-adc"
+	universeDomainDefault = "googleapis.com"
+)
 
 // Credentials holds Google credentials, including "Application Default Credentials".
 // For more details, see:
@@ -37,6 +40,18 @@ type Credentials struct {
 	// environment and not with a credentials file, e.g. when code is
 	// running on Google Cloud Platform.
 	JSON []byte
+
+	// universeDomain is the default service domain for a given Cloud universe.
+	universeDomain string
+}
+
+// UniverseDomain returns the default service domain for a given Cloud universe.
+// The default value is "googleapis.com".
+func (c *Credentials) UniverseDomain() string {
+	if c.universeDomain == "" {
+		return universeDomainDefault
+	}
+	return c.universeDomain
 }
 
 // DefaultCredentials is the old name of Credentials.
@@ -200,15 +215,23 @@ func CredentialsFromJSONWithParams(ctx context.Context, jsonData []byte, params
 	if err := json.Unmarshal(jsonData, &f); err != nil {
 		return nil, err
 	}
+
+	universeDomain := f.UniverseDomain
+	// Authorized user credentials are only supported in the googleapis.com universe.
+	if f.Type == userCredentialsKey {
+		universeDomain = universeDomainDefault
+	}
+
 	ts, err := f.tokenSource(ctx, params)
 	if err != nil {
 		return nil, err
 	}
 	ts = newErrWrappingTokenSource(ts)
 	return &Credentials{
-		ProjectID:   f.ProjectID,
-		TokenSource: ts,
-		JSON:        jsonData,
+		ProjectID:      f.ProjectID,
+		TokenSource:    ts,
+		JSON:           jsonData,
+		universeDomain: universeDomain,
 	}, nil
 }
 
diff --git a/vendor/golang.org/x/oauth2/google/google.go b/vendor/golang.org/x/oauth2/google/google.go
index cc1223889..c66c53527 100644
--- a/vendor/golang.org/x/oauth2/google/google.go
+++ b/vendor/golang.org/x/oauth2/google/google.go
@@ -16,14 +16,16 @@ import (
 	"cloud.google.com/go/compute/metadata"
 	"golang.org/x/oauth2"
 	"golang.org/x/oauth2/google/internal/externalaccount"
+	"golang.org/x/oauth2/google/internal/externalaccountauthorizeduser"
 	"golang.org/x/oauth2/jwt"
 )
 
 // Endpoint is Google's OAuth 2.0 default endpoint.
 var Endpoint = oauth2.Endpoint{
-	AuthURL:   "https://accounts.google.com/o/oauth2/auth",
-	TokenURL:  "https://oauth2.googleapis.com/token",
-	AuthStyle: oauth2.AuthStyleInParams,
+	AuthURL:       "https://accounts.google.com/o/oauth2/auth",
+	TokenURL:      "https://oauth2.googleapis.com/token",
+	DeviceAuthURL: "https://oauth2.googleapis.com/device/code",
+	AuthStyle:     oauth2.AuthStyleInParams,
 }
 
 // MTLSTokenURL is Google's OAuth 2.0 default mTLS endpoint.
@@ -95,10 +97,11 @@ func JWTConfigFromJSON(jsonKey []byte, scope ...string) (*jwt.Config, error) {
 
 // JSON key file types.
 const (
-	serviceAccountKey          = "service_account"
-	userCredentialsKey         = "authorized_user"
-	externalAccountKey         = "external_account"
-	impersonatedServiceAccount = "impersonated_service_account"
+	serviceAccountKey                = "service_account"
+	userCredentialsKey               = "authorized_user"
+	externalAccountKey               = "external_account"
+	externalAccountAuthorizedUserKey = "external_account_authorized_user"
+	impersonatedServiceAccount       = "impersonated_service_account"
 )
 
 // credentialsFile is the unmarshalled representation of a credentials file.
@@ -106,12 +109,13 @@ type credentialsFile struct {
 	Type string `json:"type"`
 
 	// Service Account fields
-	ClientEmail  string `json:"client_email"`
-	PrivateKeyID string `json:"private_key_id"`
-	PrivateKey   string `json:"private_key"`
-	AuthURL      string `json:"auth_uri"`
-	TokenURL     string `json:"token_uri"`
-	ProjectID    string `json:"project_id"`
+	ClientEmail    string `json:"client_email"`
+	PrivateKeyID   string `json:"private_key_id"`
+	PrivateKey     string `json:"private_key"`
+	AuthURL        string `json:"auth_uri"`
+	TokenURL       string `json:"token_uri"`
+	ProjectID      string `json:"project_id"`
+	UniverseDomain string `json:"universe_domain"`
 
 	// User Credential fields
 	// (These typically come from gcloud auth.)
@@ -131,6 +135,9 @@ type credentialsFile struct {
 	QuotaProjectID                 string                           `json:"quota_project_id"`
 	WorkforcePoolUserProject       string                           `json:"workforce_pool_user_project"`
 
+	// External Account Authorized User fields
+	RevokeURL string `json:"revoke_url"`
+
 	// Service account impersonation
 	SourceCredentials *credentialsFile `json:"source_credentials"`
 }
@@ -199,6 +206,19 @@ func (f *credentialsFile) tokenSource(ctx context.Context, params CredentialsPar
 			WorkforcePoolUserProject: f.WorkforcePoolUserProject,
 		}
 		return cfg.TokenSource(ctx)
+	case externalAccountAuthorizedUserKey:
+		cfg := &externalaccountauthorizeduser.Config{
+			Audience:       f.Audience,
+			RefreshToken:   f.RefreshToken,
+			TokenURL:       f.TokenURLExternal,
+			TokenInfoURL:   f.TokenInfoURL,
+			ClientID:       f.ClientID,
+			ClientSecret:   f.ClientSecret,
+			RevokeURL:      f.RevokeURL,
+			QuotaProjectID: f.QuotaProjectID,
+			Scopes:         params.Scopes,
+		}
+		return cfg.TokenSource(ctx)
 	case impersonatedServiceAccount:
 		if f.ServiceAccountImpersonationURL == "" || f.SourceCredentials == nil {
 			return nil, errors.New("missing 'source_credentials' field or 'service_account_impersonation_url' in credentials")
diff --git a/vendor/golang.org/x/oauth2/google/internal/externalaccount/aws.go b/vendor/golang.org/x/oauth2/google/internal/externalaccount/aws.go
index 2bf3202b2..bd4efd19b 100644
--- a/vendor/golang.org/x/oauth2/google/internal/externalaccount/aws.go
+++ b/vendor/golang.org/x/oauth2/google/internal/externalaccount/aws.go
@@ -274,49 +274,6 @@ type awsRequest struct {
 	Headers []awsRequestHeader `json:"headers"`
 }
 
-func (cs awsCredentialSource) validateMetadataServers() error {
-	if err := cs.validateMetadataServer(cs.RegionURL, "region_url"); err != nil {
-		return err
-	}
-	if err := cs.validateMetadataServer(cs.CredVerificationURL, "url"); err != nil {
-		return err
-	}
-	return cs.validateMetadataServer(cs.IMDSv2SessionTokenURL, "imdsv2_session_token_url")
-}
-
-var validHostnames []string = []string{"169.254.169.254", "fd00:ec2::254"}
-
-func (cs awsCredentialSource) isValidMetadataServer(metadataUrl string) bool {
-	if metadataUrl == "" {
-		// Zero value means use default, which is valid.
-		return true
-	}
-
-	u, err := url.Parse(metadataUrl)
-	if err != nil {
-		// Unparseable URL means invalid
-		return false
-	}
-
-	for _, validHostname := range validHostnames {
-		if u.Hostname() == validHostname {
-			// If it's one of the valid hostnames, everything is good
-			return true
-		}
-	}
-
-	// hostname not found in our allowlist, so not valid
-	return false
-}
-
-func (cs awsCredentialSource) validateMetadataServer(metadataUrl, urlName string) error {
-	if !cs.isValidMetadataServer(metadataUrl) {
-		return fmt.Errorf("oauth2/google: invalid hostname %s for %s", metadataUrl, urlName)
-	}
-
-	return nil
-}
-
 func (cs awsCredentialSource) doRequest(req *http.Request) (*http.Response, error) {
 	if cs.client == nil {
 		cs.client = oauth2.NewClient(cs.ctx, nil)
@@ -339,6 +296,10 @@ func shouldUseMetadataServer() bool {
 	return !canRetrieveRegionFromEnvironment() || !canRetrieveSecurityCredentialFromEnvironment()
 }
 
+func (cs awsCredentialSource) credentialSourceType() string {
+	return "aws"
+}
+
 func (cs awsCredentialSource) subjectToken() (string, error) {
 	if cs.requestSigner == nil {
 		headers := make(map[string]string)
diff --git a/vendor/golang.org/x/oauth2/google/internal/externalaccount/basecredentials.go b/vendor/golang.org/x/oauth2/google/internal/externalaccount/basecredentials.go
index dcd252a61..33288d367 100644
--- a/vendor/golang.org/x/oauth2/google/internal/externalaccount/basecredentials.go
+++ b/vendor/golang.org/x/oauth2/google/internal/externalaccount/basecredentials.go
@@ -8,13 +8,12 @@ import (
 	"context"
 	"fmt"
 	"net/http"
-	"net/url"
 	"regexp"
 	"strconv"
-	"strings"
 	"time"
 
 	"golang.org/x/oauth2"
+	"golang.org/x/oauth2/google/internal/stsexchange"
 )
 
 // now aliases time.Now for testing
@@ -63,31 +62,10 @@ type Config struct {
 	WorkforcePoolUserProject string
 }
 
-// Each element consists of a list of patterns.  validateURLs checks for matches
-// that include all elements in a given list, in that order.
-
 var (
 	validWorkforceAudiencePattern *regexp.Regexp = regexp.MustCompile(`//iam\.googleapis\.com/locations/[^/]+/workforcePools/`)
 )
 
-func validateURL(input string, patterns []*regexp.Regexp, scheme string) bool {
-	parsed, err := url.Parse(input)
-	if err != nil {
-		return false
-	}
-	if !strings.EqualFold(parsed.Scheme, scheme) {
-		return false
-	}
-	toTest := parsed.Host
-
-	for _, pattern := range patterns {
-		if pattern.MatchString(toTest) {
-			return true
-		}
-	}
-	return false
-}
-
 func validateWorkforceAudience(input string) bool {
 	return validWorkforceAudiencePattern.MatchString(input)
 }
@@ -185,10 +163,6 @@ func (c *Config) parse(ctx context.Context) (baseCredentialSource, error) {
 				awsCredSource.IMDSv2SessionTokenURL = c.CredentialSource.IMDSv2SessionTokenURL
 			}
 
-			if err := awsCredSource.validateMetadataServers(); err != nil {
-				return nil, err
-			}
-
 			return awsCredSource, nil
 		}
 	} else if c.CredentialSource.File != "" {
@@ -202,6 +176,7 @@ func (c *Config) parse(ctx context.Context) (baseCredentialSource, error) {
 }
 
 type baseCredentialSource interface {
+	credentialSourceType() string
 	subjectToken() (string, error)
 }
 
@@ -211,6 +186,15 @@ type tokenSource struct {
 	conf *Config
 }
 
+func getMetricsHeaderValue(conf *Config, credSource baseCredentialSource) string {
+	return fmt.Sprintf("gl-go/%s auth/%s google-byoid-sdk source/%s sa-impersonation/%t config-lifetime/%t",
+		goVersion(),
+		"unknown",
+		credSource.credentialSourceType(),
+		conf.ServiceAccountImpersonationURL != "",
+		conf.ServiceAccountImpersonationLifetimeSeconds != 0)
+}
+
 // Token allows tokenSource to conform to the oauth2.TokenSource interface.
 func (ts tokenSource) Token() (*oauth2.Token, error) {
 	conf := ts.conf
@@ -224,7 +208,7 @@ func (ts tokenSource) Token() (*oauth2.Token, error) {
 	if err != nil {
 		return nil, err
 	}
-	stsRequest := stsTokenExchangeRequest{
+	stsRequest := stsexchange.TokenExchangeRequest{
 		GrantType:          "urn:ietf:params:oauth:grant-type:token-exchange",
 		Audience:           conf.Audience,
 		Scope:              conf.Scopes,
@@ -234,7 +218,8 @@ func (ts tokenSource) Token() (*oauth2.Token, error) {
 	}
 	header := make(http.Header)
 	header.Add("Content-Type", "application/x-www-form-urlencoded")
-	clientAuth := clientAuthentication{
+	header.Add("x-goog-api-client", getMetricsHeaderValue(conf, credSource))
+	clientAuth := stsexchange.ClientAuthentication{
 		AuthStyle:    oauth2.AuthStyleInHeader,
 		ClientID:     conf.ClientID,
 		ClientSecret: conf.ClientSecret,
@@ -247,7 +232,7 @@ func (ts tokenSource) Token() (*oauth2.Token, error) {
 			"userProject": conf.WorkforcePoolUserProject,
 		}
 	}
-	stsResp, err := exchangeToken(ts.ctx, conf.TokenURL, &stsRequest, clientAuth, header, options)
+	stsResp, err := stsexchange.ExchangeToken(ts.ctx, conf.TokenURL, &stsRequest, clientAuth, header, options)
 	if err != nil {
 		return nil, err
 	}
diff --git a/vendor/golang.org/x/oauth2/google/internal/externalaccount/executablecredsource.go b/vendor/golang.org/x/oauth2/google/internal/externalaccount/executablecredsource.go
index 579bcce5f..6497dc022 100644
--- a/vendor/golang.org/x/oauth2/google/internal/externalaccount/executablecredsource.go
+++ b/vendor/golang.org/x/oauth2/google/internal/externalaccount/executablecredsource.go
@@ -233,6 +233,10 @@ func (cs executableCredentialSource) parseSubjectTokenFromSource(response []byte
 	return "", tokenTypeError(source)
 }
 
+func (cs executableCredentialSource) credentialSourceType() string {
+	return "executable"
+}
+
 func (cs executableCredentialSource) subjectToken() (string, error) {
 	if token, err := cs.getTokenFromOutputFile(); token != "" || err != nil {
 		return token, err
diff --git a/vendor/golang.org/x/oauth2/google/internal/externalaccount/filecredsource.go b/vendor/golang.org/x/oauth2/google/internal/externalaccount/filecredsource.go
index e953ddb47..f35f73c5c 100644
--- a/vendor/golang.org/x/oauth2/google/internal/externalaccount/filecredsource.go
+++ b/vendor/golang.org/x/oauth2/google/internal/externalaccount/filecredsource.go
@@ -19,6 +19,10 @@ type fileCredentialSource struct {
 	Format format
 }
 
+func (cs fileCredentialSource) credentialSourceType() string {
+	return "file"
+}
+
 func (cs fileCredentialSource) subjectToken() (string, error) {
 	tokenFile, err := os.Open(cs.File)
 	if err != nil {
diff --git a/vendor/golang.org/x/oauth2/google/internal/externalaccount/header.go b/vendor/golang.org/x/oauth2/google/internal/externalaccount/header.go
new file mode 100644
index 000000000..1d5aad2e2
--- /dev/null
+++ b/vendor/golang.org/x/oauth2/google/internal/externalaccount/header.go
@@ -0,0 +1,64 @@
+// Copyright 2023 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package externalaccount
+
+import (
+	"runtime"
+	"strings"
+	"unicode"
+)
+
+var (
+	// version is a package internal global variable for testing purposes.
+	version = runtime.Version
+)
+
+// versionUnknown is only used when the runtime version cannot be determined.
+const versionUnknown = "UNKNOWN"
+
+// goVersion returns a Go runtime version derived from the runtime environment
+// that is modified to be suitable for reporting in a header, meaning it has no
+// whitespace. If it is unable to determine the Go runtime version, it returns
+// versionUnknown.
+func goVersion() string {
+	const develPrefix = "devel +"
+
+	s := version()
+	if strings.HasPrefix(s, develPrefix) {
+		s = s[len(develPrefix):]
+		if p := strings.IndexFunc(s, unicode.IsSpace); p >= 0 {
+			s = s[:p]
+		}
+		return s
+	} else if p := strings.IndexFunc(s, unicode.IsSpace); p >= 0 {
+		s = s[:p]
+	}
+
+	notSemverRune := func(r rune) bool {
+		return !strings.ContainsRune("0123456789.", r)
+	}
+
+	if strings.HasPrefix(s, "go1") {
+		s = s[2:]
+		var prerelease string
+		if p := strings.IndexFunc(s, notSemverRune); p >= 0 {
+			s, prerelease = s[:p], s[p:]
+		}
+		if strings.HasSuffix(s, ".") {
+			s += "0"
+		} else if strings.Count(s, ".") < 2 {
+			s += ".0"
+		}
+		if prerelease != "" {
+			// Some release candidates already have a dash in them.
+			if !strings.HasPrefix(prerelease, "-") {
+				prerelease = "-" + prerelease
+			}
+			s += prerelease
+		}
+		return s
+	}
+	return "UNKNOWN"
+}
diff --git a/vendor/golang.org/x/oauth2/google/internal/externalaccount/urlcredsource.go b/vendor/golang.org/x/oauth2/google/internal/externalaccount/urlcredsource.go
index 16dca6541..606bb4e80 100644
--- a/vendor/golang.org/x/oauth2/google/internal/externalaccount/urlcredsource.go
+++ b/vendor/golang.org/x/oauth2/google/internal/externalaccount/urlcredsource.go
@@ -23,6 +23,10 @@ type urlCredentialSource struct {
 	ctx     context.Context
 }
 
+func (cs urlCredentialSource) credentialSourceType() string {
+	return "url"
+}
+
 func (cs urlCredentialSource) subjectToken() (string, error) {
 	client := oauth2.NewClient(cs.ctx, nil)
 	req, err := http.NewRequest("GET", cs.URL, nil)
diff --git a/vendor/golang.org/x/oauth2/google/internal/externalaccountauthorizeduser/externalaccountauthorizeduser.go b/vendor/golang.org/x/oauth2/google/internal/externalaccountauthorizeduser/externalaccountauthorizeduser.go
new file mode 100644
index 000000000..cb5820707
--- /dev/null
+++ b/vendor/golang.org/x/oauth2/google/internal/externalaccountauthorizeduser/externalaccountauthorizeduser.go
@@ -0,0 +1,114 @@
+// Copyright 2023 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package externalaccountauthorizeduser
+
+import (
+	"context"
+	"errors"
+	"time"
+
+	"golang.org/x/oauth2"
+	"golang.org/x/oauth2/google/internal/stsexchange"
+)
+
+// now aliases time.Now for testing.
+var now = func() time.Time {
+	return time.Now().UTC()
+}
+
+var tokenValid = func(token oauth2.Token) bool {
+	return token.Valid()
+}
+
+type Config struct {
+	// Audience is the Secure Token Service (STS) audience which contains the resource name for the workforce pool and
+	// the provider identifier in that pool.
+	Audience string
+	// RefreshToken is the optional OAuth 2.0 refresh token. If specified, credentials can be refreshed.
+	RefreshToken string
+	// TokenURL is the optional STS token exchange endpoint for refresh. Must be specified for refresh, can be left as
+	// None if the token can not be refreshed.
+	TokenURL string
+	// TokenInfoURL is the optional STS endpoint URL for token introspection.
+	TokenInfoURL string
+	// ClientID is only required in conjunction with ClientSecret, as described above.
+	ClientID string
+	// ClientSecret is currently only required if token_info endpoint also needs to be called with the generated GCP
+	// access token. When provided, STS will be called with additional basic authentication using client_id as username
+	// and client_secret as password.
+	ClientSecret string
+	// Token is the OAuth2.0 access token. Can be nil if refresh information is provided.
+	Token string
+	// Expiry is the optional expiration datetime of the OAuth 2.0 access token.
+	Expiry time.Time
+	// RevokeURL is the optional STS endpoint URL for revoking tokens.
+	RevokeURL string
+	// QuotaProjectID is the optional project ID used for quota and billing. This project may be different from the
+	// project used to create the credentials.
+	QuotaProjectID string
+	Scopes         []string
+}
+
+func (c *Config) canRefresh() bool {
+	return c.ClientID != "" && c.ClientSecret != "" && c.RefreshToken != "" && c.TokenURL != ""
+}
+
+func (c *Config) TokenSource(ctx context.Context) (oauth2.TokenSource, error) {
+	var token oauth2.Token
+	if c.Token != "" && !c.Expiry.IsZero() {
+		token = oauth2.Token{
+			AccessToken: c.Token,
+			Expiry:      c.Expiry,
+			TokenType:   "Bearer",
+		}
+	}
+	if !tokenValid(token) && !c.canRefresh() {
+		return nil, errors.New("oauth2/google: Token should be created with fields to make it valid (`token` and `expiry`), or fields to allow it to refresh (`refresh_token`, `token_url`, `client_id`, `client_secret`).")
+	}
+
+	ts := tokenSource{
+		ctx:  ctx,
+		conf: c,
+	}
+
+	return oauth2.ReuseTokenSource(&token, ts), nil
+}
+
+type tokenSource struct {
+	ctx  context.Context
+	conf *Config
+}
+
+func (ts tokenSource) Token() (*oauth2.Token, error) {
+	conf := ts.conf
+	if !conf.canRefresh() {
+		return nil, errors.New("oauth2/google: The credentials do not contain the necessary fields need to refresh the access token. You must specify refresh_token, token_url, client_id, and client_secret.")
+	}
+
+	clientAuth := stsexchange.ClientAuthentication{
+		AuthStyle:    oauth2.AuthStyleInHeader,
+		ClientID:     conf.ClientID,
+		ClientSecret: conf.ClientSecret,
+	}
+
+	stsResponse, err := stsexchange.RefreshAccessToken(ts.ctx, conf.TokenURL, conf.RefreshToken, clientAuth, nil)
+	if err != nil {
+		return nil, err
+	}
+	if stsResponse.ExpiresIn < 0 {
+		return nil, errors.New("oauth2/google: got invalid expiry from security token service")
+	}
+
+	if stsResponse.RefreshToken != "" {
+		conf.RefreshToken = stsResponse.RefreshToken
+	}
+
+	token := &oauth2.Token{
+		AccessToken: stsResponse.AccessToken,
+		Expiry:      now().Add(time.Duration(stsResponse.ExpiresIn) * time.Second),
+		TokenType:   "Bearer",
+	}
+	return token, nil
+}
diff --git a/vendor/golang.org/x/oauth2/google/internal/externalaccount/clientauth.go b/vendor/golang.org/x/oauth2/google/internal/stsexchange/clientauth.go
similarity index 88%
rename from vendor/golang.org/x/oauth2/google/internal/externalaccount/clientauth.go
rename to vendor/golang.org/x/oauth2/google/internal/stsexchange/clientauth.go
index 99987ce29..ebd520eac 100644
--- a/vendor/golang.org/x/oauth2/google/internal/externalaccount/clientauth.go
+++ b/vendor/golang.org/x/oauth2/google/internal/stsexchange/clientauth.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-package externalaccount
+package stsexchange
 
 import (
 	"encoding/base64"
@@ -12,8 +12,8 @@ import (
 	"golang.org/x/oauth2"
 )
 
-// clientAuthentication represents an OAuth client ID and secret and the mechanism for passing these credentials as stated in rfc6749#2.3.1.
-type clientAuthentication struct {
+// ClientAuthentication represents an OAuth client ID and secret and the mechanism for passing these credentials as stated in rfc6749#2.3.1.
+type ClientAuthentication struct {
 	// AuthStyle can be either basic or request-body
 	AuthStyle    oauth2.AuthStyle
 	ClientID     string
@@ -23,7 +23,7 @@ type clientAuthentication struct {
 // InjectAuthentication is used to add authentication to a Secure Token Service exchange
 // request.  It modifies either the passed url.Values or http.Header depending on the desired
 // authentication format.
-func (c *clientAuthentication) InjectAuthentication(values url.Values, headers http.Header) {
+func (c *ClientAuthentication) InjectAuthentication(values url.Values, headers http.Header) {
 	if c.ClientID == "" || c.ClientSecret == "" || values == nil || headers == nil {
 		return
 	}
diff --git a/vendor/golang.org/x/oauth2/google/internal/externalaccount/sts_exchange.go b/vendor/golang.org/x/oauth2/google/internal/stsexchange/sts_exchange.go
similarity index 68%
rename from vendor/golang.org/x/oauth2/google/internal/externalaccount/sts_exchange.go
rename to vendor/golang.org/x/oauth2/google/internal/stsexchange/sts_exchange.go
index e6fcae5fc..1a0bebd15 100644
--- a/vendor/golang.org/x/oauth2/google/internal/externalaccount/sts_exchange.go
+++ b/vendor/golang.org/x/oauth2/google/internal/stsexchange/sts_exchange.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-package externalaccount
+package stsexchange
 
 import (
 	"context"
@@ -18,14 +18,17 @@ import (
 	"golang.org/x/oauth2"
 )
 
-// exchangeToken performs an oauth2 token exchange with the provided endpoint.
+func defaultHeader() http.Header {
+	header := make(http.Header)
+	header.Add("Content-Type", "application/x-www-form-urlencoded")
+	return header
+}
+
+// ExchangeToken performs an oauth2 token exchange with the provided endpoint.
 // The first 4 fields are all mandatory.  headers can be used to pass additional
 // headers beyond the bare minimum required by the token exchange.  options can
 // be used to pass additional JSON-structured options to the remote server.
-func exchangeToken(ctx context.Context, endpoint string, request *stsTokenExchangeRequest, authentication clientAuthentication, headers http.Header, options map[string]interface{}) (*stsTokenExchangeResponse, error) {
-
-	client := oauth2.NewClient(ctx, nil)
-
+func ExchangeToken(ctx context.Context, endpoint string, request *TokenExchangeRequest, authentication ClientAuthentication, headers http.Header, options map[string]interface{}) (*Response, error) {
 	data := url.Values{}
 	data.Set("audience", request.Audience)
 	data.Set("grant_type", "urn:ietf:params:oauth:grant-type:token-exchange")
@@ -41,13 +44,28 @@ func exchangeToken(ctx context.Context, endpoint string, request *stsTokenExchan
 		data.Set("options", string(opts))
 	}
 
+	return makeRequest(ctx, endpoint, data, authentication, headers)
+}
+
+func RefreshAccessToken(ctx context.Context, endpoint string, refreshToken string, authentication ClientAuthentication, headers http.Header) (*Response, error) {
+	data := url.Values{}
+	data.Set("grant_type", "refresh_token")
+	data.Set("refresh_token", refreshToken)
+
+	return makeRequest(ctx, endpoint, data, authentication, headers)
+}
+
+func makeRequest(ctx context.Context, endpoint string, data url.Values, authentication ClientAuthentication, headers http.Header) (*Response, error) {
+	if headers == nil {
+		headers = defaultHeader()
+	}
+	client := oauth2.NewClient(ctx, nil)
 	authentication.InjectAuthentication(data, headers)
 	encodedData := data.Encode()
 
 	req, err := http.NewRequest("POST", endpoint, strings.NewReader(encodedData))
 	if err != nil {
 		return nil, fmt.Errorf("oauth2/google: failed to properly build http request: %v", err)
-
 	}
 	req = req.WithContext(ctx)
 	for key, list := range headers {
@@ -71,7 +89,7 @@ func exchangeToken(ctx context.Context, endpoint string, request *stsTokenExchan
 	if c := resp.StatusCode; c < 200 || c > 299 {
 		return nil, fmt.Errorf("oauth2/google: status code %d: %s", c, body)
 	}
-	var stsResp stsTokenExchangeResponse
+	var stsResp Response
 	err = json.Unmarshal(body, &stsResp)
 	if err != nil {
 		return nil, fmt.Errorf("oauth2/google: failed to unmarshal response body from Secure Token Server: %v", err)
@@ -81,8 +99,8 @@ func exchangeToken(ctx context.Context, endpoint string, request *stsTokenExchan
 	return &stsResp, nil
 }
 
-// stsTokenExchangeRequest contains fields necessary to make an oauth2 token exchange.
-type stsTokenExchangeRequest struct {
+// TokenExchangeRequest contains fields necessary to make an oauth2 token exchange.
+type TokenExchangeRequest struct {
 	ActingParty struct {
 		ActorToken     string
 		ActorTokenType string
@@ -96,8 +114,8 @@ type stsTokenExchangeRequest struct {
 	SubjectTokenType   string
 }
 
-// stsTokenExchangeResponse is used to decode the remote server response during an oauth2 token exchange.
-type stsTokenExchangeResponse struct {
+// Response is used to decode the remote server response during an oauth2 token exchange.
+type Response struct {
 	AccessToken     string `json:"access_token"`
 	IssuedTokenType string `json:"issued_token_type"`
 	TokenType       string `json:"token_type"`
diff --git a/vendor/golang.org/x/oauth2/internal/client_appengine.go b/vendor/golang.org/x/oauth2/internal/client_appengine.go
index e1755d1d9..d28140f78 100644
--- a/vendor/golang.org/x/oauth2/internal/client_appengine.go
+++ b/vendor/golang.org/x/oauth2/internal/client_appengine.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build appengine
-// +build appengine
 
 package internal
 
diff --git a/vendor/golang.org/x/oauth2/internal/token.go b/vendor/golang.org/x/oauth2/internal/token.go
index 58901bda5..e83ddeef0 100644
--- a/vendor/golang.org/x/oauth2/internal/token.go
+++ b/vendor/golang.org/x/oauth2/internal/token.go
@@ -18,6 +18,7 @@ import (
 	"strconv"
 	"strings"
 	"sync"
+	"sync/atomic"
 	"time"
 )
 
@@ -115,41 +116,60 @@ const (
 	AuthStyleInHeader AuthStyle = 2
 )
 
-// authStyleCache is the set of tokenURLs we've successfully used via
+// LazyAuthStyleCache is a backwards compatibility compromise to let Configs
+// have a lazily-initialized AuthStyleCache.
+//
+// The two users of this, oauth2.Config and oauth2/clientcredentials.Config,
+// both would ideally just embed an unexported AuthStyleCache but because both
+// were historically allowed to be copied by value we can't retroactively add an
+// uncopyable Mutex to them.
+//
+// We could use an atomic.Pointer, but that was added recently enough (in Go
+// 1.18) that we'd break Go 1.17 users where the tests as of 2023-08-03
+// still pass. By using an atomic.Value, it supports both Go 1.17 and
+// copying by value, even if that's not ideal.
+type LazyAuthStyleCache struct {
+	v atomic.Value // of *AuthStyleCache
+}
+
+func (lc *LazyAuthStyleCache) Get() *AuthStyleCache {
+	if c, ok := lc.v.Load().(*AuthStyleCache); ok {
+		return c
+	}
+	c := new(AuthStyleCache)
+	if !lc.v.CompareAndSwap(nil, c) {
+		c = lc.v.Load().(*AuthStyleCache)
+	}
+	return c
+}
+
+// AuthStyleCache is the set of tokenURLs we've successfully used via
 // RetrieveToken and which style auth we ended up using.
 // It's called a cache, but it doesn't (yet?) shrink. It's expected that
 // the set of OAuth2 servers a program contacts over time is fixed and
 // small.
-var authStyleCache struct {
-	sync.Mutex
-	m map[string]AuthStyle // keyed by tokenURL
-}
-
-// ResetAuthCache resets the global authentication style cache used
-// for AuthStyleUnknown token requests.
-func ResetAuthCache() {
-	authStyleCache.Lock()
-	defer authStyleCache.Unlock()
-	authStyleCache.m = nil
+type AuthStyleCache struct {
+	mu sync.Mutex
+	m  map[string]AuthStyle // keyed by tokenURL
 }
 
 // lookupAuthStyle reports which auth style we last used with tokenURL
 // when calling RetrieveToken and whether we have ever done so.
-func lookupAuthStyle(tokenURL string) (style AuthStyle, ok bool) {
-	authStyleCache.Lock()
-	defer authStyleCache.Unlock()
-	style, ok = authStyleCache.m[tokenURL]
+func (c *AuthStyleCache) lookupAuthStyle(tokenURL string) (style AuthStyle, ok bool) {
+	c.mu.Lock()
+	defer c.mu.Unlock()
+	style, ok = c.m[tokenURL]
 	return
 }
 
 // setAuthStyle adds an entry to authStyleCache, documented above.
-func setAuthStyle(tokenURL string, v AuthStyle) {
-	authStyleCache.Lock()
-	defer authStyleCache.Unlock()
-	if authStyleCache.m == nil {
-		authStyleCache.m = make(map[string]AuthStyle)
+func (c *AuthStyleCache) setAuthStyle(tokenURL string, v AuthStyle) {
+	c.mu.Lock()
+	defer c.mu.Unlock()
+	if c.m == nil {
+		c.m = make(map[string]AuthStyle)
 	}
-	authStyleCache.m[tokenURL] = v
+	c.m[tokenURL] = v
 }
 
 // newTokenRequest returns a new *http.Request to retrieve a new token
@@ -189,10 +209,10 @@ func cloneURLValues(v url.Values) url.Values {
 	return v2
 }
 
-func RetrieveToken(ctx context.Context, clientID, clientSecret, tokenURL string, v url.Values, authStyle AuthStyle) (*Token, error) {
+func RetrieveToken(ctx context.Context, clientID, clientSecret, tokenURL string, v url.Values, authStyle AuthStyle, styleCache *AuthStyleCache) (*Token, error) {
 	needsAuthStyleProbe := authStyle == 0
 	if needsAuthStyleProbe {
-		if style, ok := lookupAuthStyle(tokenURL); ok {
+		if style, ok := styleCache.lookupAuthStyle(tokenURL); ok {
 			authStyle = style
 			needsAuthStyleProbe = false
 		} else {
@@ -222,7 +242,7 @@ func RetrieveToken(ctx context.Context, clientID, clientSecret, tokenURL string,
 		token, err = doTokenRoundTrip(ctx, req)
 	}
 	if needsAuthStyleProbe && err == nil {
-		setAuthStyle(tokenURL, authStyle)
+		styleCache.setAuthStyle(tokenURL, authStyle)
 	}
 	// Don't overwrite `RefreshToken` with an empty value
 	// if this was a token refreshing request.
diff --git a/vendor/golang.org/x/oauth2/oauth2.go b/vendor/golang.org/x/oauth2/oauth2.go
index 9085fabe3..90a2c3d6d 100644
--- a/vendor/golang.org/x/oauth2/oauth2.go
+++ b/vendor/golang.org/x/oauth2/oauth2.go
@@ -58,6 +58,10 @@ type Config struct {
 
 	// Scope specifies optional requested permissions.
 	Scopes []string
+
+	// authStyleCache caches which auth style to use when Endpoint.AuthStyle is
+	// the zero value (AuthStyleAutoDetect).
+	authStyleCache internal.LazyAuthStyleCache
 }
 
 // A TokenSource is anything that can return a token.
@@ -71,8 +75,9 @@ type TokenSource interface {
 // Endpoint represents an OAuth 2.0 provider's authorization and token
 // endpoint URLs.
 type Endpoint struct {
-	AuthURL  string
-	TokenURL string
+	AuthURL       string
+	DeviceAuthURL string
+	TokenURL      string
 
 	// AuthStyle optionally specifies how the endpoint wants the
 	// client ID & client secret sent. The zero value means to
@@ -139,15 +144,19 @@ func SetAuthURLParam(key, value string) AuthCodeOption {
 // AuthCodeURL returns a URL to OAuth 2.0 provider's consent page
 // that asks for permissions for the required scopes explicitly.
 //
-// State is a token to protect the user from CSRF attacks. You must
-// always provide a non-empty string and validate that it matches the
-// state query parameter on your redirect callback.
-// See http://tools.ietf.org/html/rfc6749#section-10.12 for more info.
+// State is an opaque value used by the client to maintain state between the
+// request and callback. The authorization server includes this value when
+// redirecting the user agent back to the client.
 //
 // Opts may include AccessTypeOnline or AccessTypeOffline, as well
 // as ApprovalForce.
-// It can also be used to pass the PKCE challenge.
-// See https://www.oauth.com/oauth2-servers/pkce/ for more info.
+//
+// To protect against CSRF attacks, opts should include a PKCE challenge
+// (S256ChallengeOption). Not all servers support PKCE. An alternative is to
+// generate a random state parameter and verify it after exchange.
+// See https://datatracker.ietf.org/doc/html/rfc6749#section-10.12 (predating
+// PKCE), https://www.oauth.com/oauth2-servers/pkce/ and
+// https://www.ietf.org/archive/id/draft-ietf-oauth-v2-1-09.html#name-cross-site-request-forgery (describing both approaches)
 func (c *Config) AuthCodeURL(state string, opts ...AuthCodeOption) string {
 	var buf bytes.Buffer
 	buf.WriteString(c.Endpoint.AuthURL)
@@ -162,7 +171,6 @@ func (c *Config) AuthCodeURL(state string, opts ...AuthCodeOption) string {
 		v.Set("scope", strings.Join(c.Scopes, " "))
 	}
 	if state != "" {
-		// TODO(light): Docs say never to omit state; don't allow empty.
 		v.Set("state", state)
 	}
 	for _, opt := range opts {
@@ -207,10 +215,11 @@ func (c *Config) PasswordCredentialsToken(ctx context.Context, username, passwor
 // The provided context optionally controls which HTTP client is used. See the HTTPClient variable.
 //
 // The code will be in the *http.Request.FormValue("code"). Before
-// calling Exchange, be sure to validate FormValue("state").
+// calling Exchange, be sure to validate FormValue("state") if you are
+// using it to protect against CSRF attacks.
 //
-// Opts may include the PKCE verifier code if previously used in AuthCodeURL.
-// See https://www.oauth.com/oauth2-servers/pkce/ for more info.
+// If using PKCE to protect against CSRF attacks, opts should include a
+// VerifierOption.
 func (c *Config) Exchange(ctx context.Context, code string, opts ...AuthCodeOption) (*Token, error) {
 	v := url.Values{
 		"grant_type": {"authorization_code"},
diff --git a/vendor/golang.org/x/oauth2/pkce.go b/vendor/golang.org/x/oauth2/pkce.go
new file mode 100644
index 000000000..50593b6df
--- /dev/null
+++ b/vendor/golang.org/x/oauth2/pkce.go
@@ -0,0 +1,68 @@
+// Copyright 2023 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+package oauth2
+
+import (
+	"crypto/rand"
+	"crypto/sha256"
+	"encoding/base64"
+	"net/url"
+)
+
+const (
+	codeChallengeKey       = "code_challenge"
+	codeChallengeMethodKey = "code_challenge_method"
+	codeVerifierKey        = "code_verifier"
+)
+
+// GenerateVerifier generates a PKCE code verifier with 32 octets of randomness.
+// This follows recommendations in RFC 7636.
+//
+// A fresh verifier should be generated for each authorization.
+// S256ChallengeOption(verifier) should then be passed to Config.AuthCodeURL
+// (or Config.DeviceAccess) and VerifierOption(verifier) to Config.Exchange
+// (or Config.DeviceAccessToken).
+func GenerateVerifier() string {
+	// "RECOMMENDED that the output of a suitable random number generator be
+	// used to create a 32-octet sequence.  The octet sequence is then
+	// base64url-encoded to produce a 43-octet URL-safe string to use as the
+	// code verifier."
+	// https://datatracker.ietf.org/doc/html/rfc7636#section-4.1
+	data := make([]byte, 32)
+	if _, err := rand.Read(data); err != nil {
+		panic(err)
+	}
+	return base64.RawURLEncoding.EncodeToString(data)
+}
+
+// VerifierOption returns a PKCE code verifier AuthCodeOption. It should be
+// passed to Config.Exchange or Config.DeviceAccessToken only.
+func VerifierOption(verifier string) AuthCodeOption {
+	return setParam{k: codeVerifierKey, v: verifier}
+}
+
+// S256ChallengeFromVerifier returns a PKCE code challenge derived from verifier with method S256.
+//
+// Prefer to use S256ChallengeOption where possible.
+func S256ChallengeFromVerifier(verifier string) string {
+	sha := sha256.Sum256([]byte(verifier))
+	return base64.RawURLEncoding.EncodeToString(sha[:])
+}
+
+// S256ChallengeOption derives a PKCE code challenge derived from verifier with
+// method S256. It should be passed to Config.AuthCodeURL or Config.DeviceAccess
+// only.
+func S256ChallengeOption(verifier string) AuthCodeOption {
+	return challengeOption{
+		challenge_method: "S256",
+		challenge:        S256ChallengeFromVerifier(verifier),
+	}
+}
+
+type challengeOption struct{ challenge_method, challenge string }
+
+func (p challengeOption) setValue(m url.Values) {
+	m.Set(codeChallengeMethodKey, p.challenge_method)
+	m.Set(codeChallengeKey, p.challenge)
+}
diff --git a/vendor/golang.org/x/oauth2/token.go b/vendor/golang.org/x/oauth2/token.go
index 5ffce9764..5bbb33217 100644
--- a/vendor/golang.org/x/oauth2/token.go
+++ b/vendor/golang.org/x/oauth2/token.go
@@ -164,7 +164,7 @@ func tokenFromInternal(t *internal.Token) *Token {
 // This token is then mapped from *internal.Token into an *oauth2.Token which is returned along
 // with an error..
 func retrieveToken(ctx context.Context, c *Config, v url.Values) (*Token, error) {
-	tk, err := internal.RetrieveToken(ctx, c.ClientID, c.ClientSecret, c.Endpoint.TokenURL, v, internal.AuthStyle(c.Endpoint.AuthStyle))
+	tk, err := internal.RetrieveToken(ctx, c.ClientID, c.ClientSecret, c.Endpoint.TokenURL, v, internal.AuthStyle(c.Endpoint.AuthStyle), c.authStyleCache.Get())
 	if err != nil {
 		if rErr, ok := err.(*internal.RetrieveError); ok {
 			return nil, (*RetrieveError)(rErr)
diff --git a/vendor/golang.org/x/sync/errgroup/go120.go b/vendor/golang.org/x/sync/errgroup/go120.go
index 7d419d376..f93c740b6 100644
--- a/vendor/golang.org/x/sync/errgroup/go120.go
+++ b/vendor/golang.org/x/sync/errgroup/go120.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build go1.20
-// +build go1.20
 
 package errgroup
 
diff --git a/vendor/golang.org/x/sync/errgroup/pre_go120.go b/vendor/golang.org/x/sync/errgroup/pre_go120.go
index 1795c18ac..88ce33434 100644
--- a/vendor/golang.org/x/sync/errgroup/pre_go120.go
+++ b/vendor/golang.org/x/sync/errgroup/pre_go120.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build !go1.20
-// +build !go1.20
 
 package errgroup
 
diff --git a/vendor/golang.org/x/sys/windows/registry/key.go b/vendor/golang.org/x/sys/windows/registry/key.go
new file mode 100644
index 000000000..6c8d97b6a
--- /dev/null
+++ b/vendor/golang.org/x/sys/windows/registry/key.go
@@ -0,0 +1,206 @@
+// Copyright 2015 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build windows
+// +build windows
+
+// Package registry provides access to the Windows registry.
+//
+// Here is a simple example, opening a registry key and reading a string value from it.
+//
+//	k, err := registry.OpenKey(registry.LOCAL_MACHINE, `SOFTWARE\Microsoft\Windows NT\CurrentVersion`, registry.QUERY_VALUE)
+//	if err != nil {
+//		log.Fatal(err)
+//	}
+//	defer k.Close()
+//
+//	s, _, err := k.GetStringValue("SystemRoot")
+//	if err != nil {
+//		log.Fatal(err)
+//	}
+//	fmt.Printf("Windows system root is %q\n", s)
+package registry
+
+import (
+	"io"
+	"runtime"
+	"syscall"
+	"time"
+)
+
+const (
+	// Registry key security and access rights.
+	// See https://msdn.microsoft.com/en-us/library/windows/desktop/ms724878.aspx
+	// for details.
+	ALL_ACCESS         = 0xf003f
+	CREATE_LINK        = 0x00020
+	CREATE_SUB_KEY     = 0x00004
+	ENUMERATE_SUB_KEYS = 0x00008
+	EXECUTE            = 0x20019
+	NOTIFY             = 0x00010
+	QUERY_VALUE        = 0x00001
+	READ               = 0x20019
+	SET_VALUE          = 0x00002
+	WOW64_32KEY        = 0x00200
+	WOW64_64KEY        = 0x00100
+	WRITE              = 0x20006
+)
+
+// Key is a handle to an open Windows registry key.
+// Keys can be obtained by calling OpenKey; there are
+// also some predefined root keys such as CURRENT_USER.
+// Keys can be used directly in the Windows API.
+type Key syscall.Handle
+
+const (
+	// Windows defines some predefined root keys that are always open.
+	// An application can use these keys as entry points to the registry.
+	// Normally these keys are used in OpenKey to open new keys,
+	// but they can also be used anywhere a Key is required.
+	CLASSES_ROOT     = Key(syscall.HKEY_CLASSES_ROOT)
+	CURRENT_USER     = Key(syscall.HKEY_CURRENT_USER)
+	LOCAL_MACHINE    = Key(syscall.HKEY_LOCAL_MACHINE)
+	USERS            = Key(syscall.HKEY_USERS)
+	CURRENT_CONFIG   = Key(syscall.HKEY_CURRENT_CONFIG)
+	PERFORMANCE_DATA = Key(syscall.HKEY_PERFORMANCE_DATA)
+)
+
+// Close closes open key k.
+func (k Key) Close() error {
+	return syscall.RegCloseKey(syscall.Handle(k))
+}
+
+// OpenKey opens a new key with path name relative to key k.
+// It accepts any open key, including CURRENT_USER and others,
+// and returns the new key and an error.
+// The access parameter specifies desired access rights to the
+// key to be opened.
+func OpenKey(k Key, path string, access uint32) (Key, error) {
+	p, err := syscall.UTF16PtrFromString(path)
+	if err != nil {
+		return 0, err
+	}
+	var subkey syscall.Handle
+	err = syscall.RegOpenKeyEx(syscall.Handle(k), p, 0, access, &subkey)
+	if err != nil {
+		return 0, err
+	}
+	return Key(subkey), nil
+}
+
+// OpenRemoteKey opens a predefined registry key on another
+// computer pcname. The key to be opened is specified by k, but
+// can only be one of LOCAL_MACHINE, PERFORMANCE_DATA or USERS.
+// If pcname is "", OpenRemoteKey returns local computer key.
+func OpenRemoteKey(pcname string, k Key) (Key, error) {
+	var err error
+	var p *uint16
+	if pcname != "" {
+		p, err = syscall.UTF16PtrFromString(`\\` + pcname)
+		if err != nil {
+			return 0, err
+		}
+	}
+	var remoteKey syscall.Handle
+	err = regConnectRegistry(p, syscall.Handle(k), &remoteKey)
+	if err != nil {
+		return 0, err
+	}
+	return Key(remoteKey), nil
+}
+
+// ReadSubKeyNames returns the names of subkeys of key k.
+// The parameter n controls the number of returned names,
+// analogous to the way os.File.Readdirnames works.
+func (k Key) ReadSubKeyNames(n int) ([]string, error) {
+	// RegEnumKeyEx must be called repeatedly and to completion.
+	// During this time, this goroutine cannot migrate away from
+	// its current thread. See https://golang.org/issue/49320 and
+	// https://golang.org/issue/49466.
+	runtime.LockOSThread()
+	defer runtime.UnlockOSThread()
+
+	names := make([]string, 0)
+	// Registry key size limit is 255 bytes and described there:
+	// https://msdn.microsoft.com/library/windows/desktop/ms724872.aspx
+	buf := make([]uint16, 256) //plus extra room for terminating zero byte
+loopItems:
+	for i := uint32(0); ; i++ {
+		if n > 0 {
+			if len(names) == n {
+				return names, nil
+			}
+		}
+		l := uint32(len(buf))
+		for {
+			err := syscall.RegEnumKeyEx(syscall.Handle(k), i, &buf[0], &l, nil, nil, nil, nil)
+			if err == nil {
+				break
+			}
+			if err == syscall.ERROR_MORE_DATA {
+				// Double buffer size and try again.
+				l = uint32(2 * len(buf))
+				buf = make([]uint16, l)
+				continue
+			}
+			if err == _ERROR_NO_MORE_ITEMS {
+				break loopItems
+			}
+			return names, err
+		}
+		names = append(names, syscall.UTF16ToString(buf[:l]))
+	}
+	if n > len(names) {
+		return names, io.EOF
+	}
+	return names, nil
+}
+
+// CreateKey creates a key named path under open key k.
+// CreateKey returns the new key and a boolean flag that reports
+// whether the key already existed.
+// The access parameter specifies the access rights for the key
+// to be created.
+func CreateKey(k Key, path string, access uint32) (newk Key, openedExisting bool, err error) {
+	var h syscall.Handle
+	var d uint32
+	err = regCreateKeyEx(syscall.Handle(k), syscall.StringToUTF16Ptr(path),
+		0, nil, _REG_OPTION_NON_VOLATILE, access, nil, &h, &d)
+	if err != nil {
+		return 0, false, err
+	}
+	return Key(h), d == _REG_OPENED_EXISTING_KEY, nil
+}
+
+// DeleteKey deletes the subkey path of key k and its values.
+func DeleteKey(k Key, path string) error {
+	return regDeleteKey(syscall.Handle(k), syscall.StringToUTF16Ptr(path))
+}
+
+// A KeyInfo describes the statistics of a key. It is returned by Stat.
+type KeyInfo struct {
+	SubKeyCount     uint32
+	MaxSubKeyLen    uint32 // size of the key's subkey with the longest name, in Unicode characters, not including the terminating zero byte
+	ValueCount      uint32
+	MaxValueNameLen uint32 // size of the key's longest value name, in Unicode characters, not including the terminating zero byte
+	MaxValueLen     uint32 // longest data component among the key's values, in bytes
+	lastWriteTime   syscall.Filetime
+}
+
+// ModTime returns the key's last write time.
+func (ki *KeyInfo) ModTime() time.Time {
+	return time.Unix(0, ki.lastWriteTime.Nanoseconds())
+}
+
+// Stat retrieves information about the open key k.
+func (k Key) Stat() (*KeyInfo, error) {
+	var ki KeyInfo
+	err := syscall.RegQueryInfoKey(syscall.Handle(k), nil, nil, nil,
+		&ki.SubKeyCount, &ki.MaxSubKeyLen, nil, &ki.ValueCount,
+		&ki.MaxValueNameLen, &ki.MaxValueLen, nil, &ki.lastWriteTime)
+	if err != nil {
+		return nil, err
+	}
+	return &ki, nil
+}
diff --git a/vendor/golang.org/x/sys/windows/registry/mksyscall.go b/vendor/golang.org/x/sys/windows/registry/mksyscall.go
new file mode 100644
index 000000000..ee74927d3
--- /dev/null
+++ b/vendor/golang.org/x/sys/windows/registry/mksyscall.go
@@ -0,0 +1,10 @@
+// Copyright 2015 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build generate
+// +build generate
+
+package registry
+
+//go:generate go run golang.org/x/sys/windows/mkwinsyscall -output zsyscall_windows.go syscall.go
diff --git a/vendor/golang.org/x/sys/windows/registry/syscall.go b/vendor/golang.org/x/sys/windows/registry/syscall.go
new file mode 100644
index 000000000..417335123
--- /dev/null
+++ b/vendor/golang.org/x/sys/windows/registry/syscall.go
@@ -0,0 +1,33 @@
+// Copyright 2015 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build windows
+// +build windows
+
+package registry
+
+import "syscall"
+
+const (
+	_REG_OPTION_NON_VOLATILE = 0
+
+	_REG_CREATED_NEW_KEY     = 1
+	_REG_OPENED_EXISTING_KEY = 2
+
+	_ERROR_NO_MORE_ITEMS syscall.Errno = 259
+)
+
+func LoadRegLoadMUIString() error {
+	return procRegLoadMUIStringW.Find()
+}
+
+//sys	regCreateKeyEx(key syscall.Handle, subkey *uint16, reserved uint32, class *uint16, options uint32, desired uint32, sa *syscall.SecurityAttributes, result *syscall.Handle, disposition *uint32) (regerrno error) = advapi32.RegCreateKeyExW
+//sys	regDeleteKey(key syscall.Handle, subkey *uint16) (regerrno error) = advapi32.RegDeleteKeyW
+//sys	regSetValueEx(key syscall.Handle, valueName *uint16, reserved uint32, vtype uint32, buf *byte, bufsize uint32) (regerrno error) = advapi32.RegSetValueExW
+//sys	regEnumValue(key syscall.Handle, index uint32, name *uint16, nameLen *uint32, reserved *uint32, valtype *uint32, buf *byte, buflen *uint32) (regerrno error) = advapi32.RegEnumValueW
+//sys	regDeleteValue(key syscall.Handle, name *uint16) (regerrno error) = advapi32.RegDeleteValueW
+//sys   regLoadMUIString(key syscall.Handle, name *uint16, buf *uint16, buflen uint32, buflenCopied *uint32, flags uint32, dir *uint16) (regerrno error) = advapi32.RegLoadMUIStringW
+//sys	regConnectRegistry(machinename *uint16, key syscall.Handle, result *syscall.Handle) (regerrno error) = advapi32.RegConnectRegistryW
+
+//sys	expandEnvironmentStrings(src *uint16, dst *uint16, size uint32) (n uint32, err error) = kernel32.ExpandEnvironmentStringsW
diff --git a/vendor/golang.org/x/sys/windows/registry/value.go b/vendor/golang.org/x/sys/windows/registry/value.go
new file mode 100644
index 000000000..2789f6f18
--- /dev/null
+++ b/vendor/golang.org/x/sys/windows/registry/value.go
@@ -0,0 +1,387 @@
+// Copyright 2015 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build windows
+// +build windows
+
+package registry
+
+import (
+	"errors"
+	"io"
+	"syscall"
+	"unicode/utf16"
+	"unsafe"
+)
+
+const (
+	// Registry value types.
+	NONE                       = 0
+	SZ                         = 1
+	EXPAND_SZ                  = 2
+	BINARY                     = 3
+	DWORD                      = 4
+	DWORD_BIG_ENDIAN           = 5
+	LINK                       = 6
+	MULTI_SZ                   = 7
+	RESOURCE_LIST              = 8
+	FULL_RESOURCE_DESCRIPTOR   = 9
+	RESOURCE_REQUIREMENTS_LIST = 10
+	QWORD                      = 11
+)
+
+var (
+	// ErrShortBuffer is returned when the buffer was too short for the operation.
+	ErrShortBuffer = syscall.ERROR_MORE_DATA
+
+	// ErrNotExist is returned when a registry key or value does not exist.
+	ErrNotExist = syscall.ERROR_FILE_NOT_FOUND
+
+	// ErrUnexpectedType is returned by Get*Value when the value's type was unexpected.
+	ErrUnexpectedType = errors.New("unexpected key value type")
+)
+
+// GetValue retrieves the type and data for the specified value associated
+// with an open key k. It fills up buffer buf and returns the retrieved
+// byte count n. If buf is too small to fit the stored value it returns
+// ErrShortBuffer error along with the required buffer size n.
+// If no buffer is provided, it returns true and actual buffer size n.
+// If no buffer is provided, GetValue returns the value's type only.
+// If the value does not exist, the error returned is ErrNotExist.
+//
+// GetValue is a low level function. If value's type is known, use the appropriate
+// Get*Value function instead.
+func (k Key) GetValue(name string, buf []byte) (n int, valtype uint32, err error) {
+	pname, err := syscall.UTF16PtrFromString(name)
+	if err != nil {
+		return 0, 0, err
+	}
+	var pbuf *byte
+	if len(buf) > 0 {
+		pbuf = (*byte)(unsafe.Pointer(&buf[0]))
+	}
+	l := uint32(len(buf))
+	err = syscall.RegQueryValueEx(syscall.Handle(k), pname, nil, &valtype, pbuf, &l)
+	if err != nil {
+		return int(l), valtype, err
+	}
+	return int(l), valtype, nil
+}
+
+func (k Key) getValue(name string, buf []byte) (data []byte, valtype uint32, err error) {
+	p, err := syscall.UTF16PtrFromString(name)
+	if err != nil {
+		return nil, 0, err
+	}
+	var t uint32
+	n := uint32(len(buf))
+	for {
+		err = syscall.RegQueryValueEx(syscall.Handle(k), p, nil, &t, (*byte)(unsafe.Pointer(&buf[0])), &n)
+		if err == nil {
+			return buf[:n], t, nil
+		}
+		if err != syscall.ERROR_MORE_DATA {
+			return nil, 0, err
+		}
+		if n <= uint32(len(buf)) {
+			return nil, 0, err
+		}
+		buf = make([]byte, n)
+	}
+}
+
+// GetStringValue retrieves the string value for the specified
+// value name associated with an open key k. It also returns the value's type.
+// If value does not exist, GetStringValue returns ErrNotExist.
+// If value is not SZ or EXPAND_SZ, it will return the correct value
+// type and ErrUnexpectedType.
+func (k Key) GetStringValue(name string) (val string, valtype uint32, err error) {
+	data, typ, err2 := k.getValue(name, make([]byte, 64))
+	if err2 != nil {
+		return "", typ, err2
+	}
+	switch typ {
+	case SZ, EXPAND_SZ:
+	default:
+		return "", typ, ErrUnexpectedType
+	}
+	if len(data) == 0 {
+		return "", typ, nil
+	}
+	u := (*[1 << 29]uint16)(unsafe.Pointer(&data[0]))[: len(data)/2 : len(data)/2]
+	return syscall.UTF16ToString(u), typ, nil
+}
+
+// GetMUIStringValue retrieves the localized string value for
+// the specified value name associated with an open key k.
+// If the value name doesn't exist or the localized string value
+// can't be resolved, GetMUIStringValue returns ErrNotExist.
+// GetMUIStringValue panics if the system doesn't support
+// regLoadMUIString; use LoadRegLoadMUIString to check if
+// regLoadMUIString is supported before calling this function.
+func (k Key) GetMUIStringValue(name string) (string, error) {
+	pname, err := syscall.UTF16PtrFromString(name)
+	if err != nil {
+		return "", err
+	}
+
+	buf := make([]uint16, 1024)
+	var buflen uint32
+	var pdir *uint16
+
+	err = regLoadMUIString(syscall.Handle(k), pname, &buf[0], uint32(len(buf)), &buflen, 0, pdir)
+	if err == syscall.ERROR_FILE_NOT_FOUND { // Try fallback path
+
+		// Try to resolve the string value using the system directory as
+		// a DLL search path; this assumes the string value is of the form
+		// @[path]\dllname,-strID but with no path given, e.g. @tzres.dll,-320.
+
+		// This approach works with tzres.dll but may have to be revised
+		// in the future to allow callers to provide custom search paths.
+
+		var s string
+		s, err = ExpandString("%SystemRoot%\\system32\\")
+		if err != nil {
+			return "", err
+		}
+		pdir, err = syscall.UTF16PtrFromString(s)
+		if err != nil {
+			return "", err
+		}
+
+		err = regLoadMUIString(syscall.Handle(k), pname, &buf[0], uint32(len(buf)), &buflen, 0, pdir)
+	}
+
+	for err == syscall.ERROR_MORE_DATA { // Grow buffer if needed
+		if buflen <= uint32(len(buf)) {
+			break // Buffer not growing, assume race; break
+		}
+		buf = make([]uint16, buflen)
+		err = regLoadMUIString(syscall.Handle(k), pname, &buf[0], uint32(len(buf)), &buflen, 0, pdir)
+	}
+
+	if err != nil {
+		return "", err
+	}
+
+	return syscall.UTF16ToString(buf), nil
+}
+
+// ExpandString expands environment-variable strings and replaces
+// them with the values defined for the current user.
+// Use ExpandString to expand EXPAND_SZ strings.
+func ExpandString(value string) (string, error) {
+	if value == "" {
+		return "", nil
+	}
+	p, err := syscall.UTF16PtrFromString(value)
+	if err != nil {
+		return "", err
+	}
+	r := make([]uint16, 100)
+	for {
+		n, err := expandEnvironmentStrings(p, &r[0], uint32(len(r)))
+		if err != nil {
+			return "", err
+		}
+		if n <= uint32(len(r)) {
+			return syscall.UTF16ToString(r[:n]), nil
+		}
+		r = make([]uint16, n)
+	}
+}
+
+// GetStringsValue retrieves the []string value for the specified
+// value name associated with an open key k. It also returns the value's type.
+// If value does not exist, GetStringsValue returns ErrNotExist.
+// If value is not MULTI_SZ, it will return the correct value
+// type and ErrUnexpectedType.
+func (k Key) GetStringsValue(name string) (val []string, valtype uint32, err error) {
+	data, typ, err2 := k.getValue(name, make([]byte, 64))
+	if err2 != nil {
+		return nil, typ, err2
+	}
+	if typ != MULTI_SZ {
+		return nil, typ, ErrUnexpectedType
+	}
+	if len(data) == 0 {
+		return nil, typ, nil
+	}
+	p := (*[1 << 29]uint16)(unsafe.Pointer(&data[0]))[: len(data)/2 : len(data)/2]
+	if len(p) == 0 {
+		return nil, typ, nil
+	}
+	if p[len(p)-1] == 0 {
+		p = p[:len(p)-1] // remove terminating null
+	}
+	val = make([]string, 0, 5)
+	from := 0
+	for i, c := range p {
+		if c == 0 {
+			val = append(val, string(utf16.Decode(p[from:i])))
+			from = i + 1
+		}
+	}
+	return val, typ, nil
+}
+
+// GetIntegerValue retrieves the integer value for the specified
+// value name associated with an open key k. It also returns the value's type.
+// If value does not exist, GetIntegerValue returns ErrNotExist.
+// If value is not DWORD or QWORD, it will return the correct value
+// type and ErrUnexpectedType.
+func (k Key) GetIntegerValue(name string) (val uint64, valtype uint32, err error) {
+	data, typ, err2 := k.getValue(name, make([]byte, 8))
+	if err2 != nil {
+		return 0, typ, err2
+	}
+	switch typ {
+	case DWORD:
+		if len(data) != 4 {
+			return 0, typ, errors.New("DWORD value is not 4 bytes long")
+		}
+		var val32 uint32
+		copy((*[4]byte)(unsafe.Pointer(&val32))[:], data)
+		return uint64(val32), DWORD, nil
+	case QWORD:
+		if len(data) != 8 {
+			return 0, typ, errors.New("QWORD value is not 8 bytes long")
+		}
+		copy((*[8]byte)(unsafe.Pointer(&val))[:], data)
+		return val, QWORD, nil
+	default:
+		return 0, typ, ErrUnexpectedType
+	}
+}
+
+// GetBinaryValue retrieves the binary value for the specified
+// value name associated with an open key k. It also returns the value's type.
+// If value does not exist, GetBinaryValue returns ErrNotExist.
+// If value is not BINARY, it will return the correct value
+// type and ErrUnexpectedType.
+func (k Key) GetBinaryValue(name string) (val []byte, valtype uint32, err error) {
+	data, typ, err2 := k.getValue(name, make([]byte, 64))
+	if err2 != nil {
+		return nil, typ, err2
+	}
+	if typ != BINARY {
+		return nil, typ, ErrUnexpectedType
+	}
+	return data, typ, nil
+}
+
+func (k Key) setValue(name string, valtype uint32, data []byte) error {
+	p, err := syscall.UTF16PtrFromString(name)
+	if err != nil {
+		return err
+	}
+	if len(data) == 0 {
+		return regSetValueEx(syscall.Handle(k), p, 0, valtype, nil, 0)
+	}
+	return regSetValueEx(syscall.Handle(k), p, 0, valtype, &data[0], uint32(len(data)))
+}
+
+// SetDWordValue sets the data and type of a name value
+// under key k to value and DWORD.
+func (k Key) SetDWordValue(name string, value uint32) error {
+	return k.setValue(name, DWORD, (*[4]byte)(unsafe.Pointer(&value))[:])
+}
+
+// SetQWordValue sets the data and type of a name value
+// under key k to value and QWORD.
+func (k Key) SetQWordValue(name string, value uint64) error {
+	return k.setValue(name, QWORD, (*[8]byte)(unsafe.Pointer(&value))[:])
+}
+
+func (k Key) setStringValue(name string, valtype uint32, value string) error {
+	v, err := syscall.UTF16FromString(value)
+	if err != nil {
+		return err
+	}
+	buf := (*[1 << 29]byte)(unsafe.Pointer(&v[0]))[: len(v)*2 : len(v)*2]
+	return k.setValue(name, valtype, buf)
+}
+
+// SetStringValue sets the data and type of a name value
+// under key k to value and SZ. The value must not contain a zero byte.
+func (k Key) SetStringValue(name, value string) error {
+	return k.setStringValue(name, SZ, value)
+}
+
+// SetExpandStringValue sets the data and type of a name value
+// under key k to value and EXPAND_SZ. The value must not contain a zero byte.
+func (k Key) SetExpandStringValue(name, value string) error {
+	return k.setStringValue(name, EXPAND_SZ, value)
+}
+
+// SetStringsValue sets the data and type of a name value
+// under key k to value and MULTI_SZ. The value strings
+// must not contain a zero byte.
+func (k Key) SetStringsValue(name string, value []string) error {
+	ss := ""
+	for _, s := range value {
+		for i := 0; i < len(s); i++ {
+			if s[i] == 0 {
+				return errors.New("string cannot have 0 inside")
+			}
+		}
+		ss += s + "\x00"
+	}
+	v := utf16.Encode([]rune(ss + "\x00"))
+	buf := (*[1 << 29]byte)(unsafe.Pointer(&v[0]))[: len(v)*2 : len(v)*2]
+	return k.setValue(name, MULTI_SZ, buf)
+}
+
+// SetBinaryValue sets the data and type of a name value
+// under key k to value and BINARY.
+func (k Key) SetBinaryValue(name string, value []byte) error {
+	return k.setValue(name, BINARY, value)
+}
+
+// DeleteValue removes a named value from the key k.
+func (k Key) DeleteValue(name string) error {
+	return regDeleteValue(syscall.Handle(k), syscall.StringToUTF16Ptr(name))
+}
+
+// ReadValueNames returns the value names of key k.
+// The parameter n controls the number of returned names,
+// analogous to the way os.File.Readdirnames works.
+func (k Key) ReadValueNames(n int) ([]string, error) {
+	ki, err := k.Stat()
+	if err != nil {
+		return nil, err
+	}
+	names := make([]string, 0, ki.ValueCount)
+	buf := make([]uint16, ki.MaxValueNameLen+1) // extra room for terminating null character
+loopItems:
+	for i := uint32(0); ; i++ {
+		if n > 0 {
+			if len(names) == n {
+				return names, nil
+			}
+		}
+		l := uint32(len(buf))
+		for {
+			err := regEnumValue(syscall.Handle(k), i, &buf[0], &l, nil, nil, nil, nil)
+			if err == nil {
+				break
+			}
+			if err == syscall.ERROR_MORE_DATA {
+				// Double buffer size and try again.
+				l = uint32(2 * len(buf))
+				buf = make([]uint16, l)
+				continue
+			}
+			if err == _ERROR_NO_MORE_ITEMS {
+				break loopItems
+			}
+			return names, err
+		}
+		names = append(names, syscall.UTF16ToString(buf[:l]))
+	}
+	if n > len(names) {
+		return names, io.EOF
+	}
+	return names, nil
+}
diff --git a/vendor/golang.org/x/sys/windows/registry/zsyscall_windows.go b/vendor/golang.org/x/sys/windows/registry/zsyscall_windows.go
new file mode 100644
index 000000000..fc1835d8a
--- /dev/null
+++ b/vendor/golang.org/x/sys/windows/registry/zsyscall_windows.go
@@ -0,0 +1,117 @@
+// Code generated by 'go generate'; DO NOT EDIT.
+
+package registry
+
+import (
+	"syscall"
+	"unsafe"
+
+	"golang.org/x/sys/windows"
+)
+
+var _ unsafe.Pointer
+
+// Do the interface allocations only once for common
+// Errno values.
+const (
+	errnoERROR_IO_PENDING = 997
+)
+
+var (
+	errERROR_IO_PENDING error = syscall.Errno(errnoERROR_IO_PENDING)
+	errERROR_EINVAL     error = syscall.EINVAL
+)
+
+// errnoErr returns common boxed Errno values, to prevent
+// allocations at runtime.
+func errnoErr(e syscall.Errno) error {
+	switch e {
+	case 0:
+		return errERROR_EINVAL
+	case errnoERROR_IO_PENDING:
+		return errERROR_IO_PENDING
+	}
+	// TODO: add more here, after collecting data on the common
+	// error values see on Windows. (perhaps when running
+	// all.bat?)
+	return e
+}
+
+var (
+	modadvapi32 = windows.NewLazySystemDLL("advapi32.dll")
+	modkernel32 = windows.NewLazySystemDLL("kernel32.dll")
+
+	procRegConnectRegistryW       = modadvapi32.NewProc("RegConnectRegistryW")
+	procRegCreateKeyExW           = modadvapi32.NewProc("RegCreateKeyExW")
+	procRegDeleteKeyW             = modadvapi32.NewProc("RegDeleteKeyW")
+	procRegDeleteValueW           = modadvapi32.NewProc("RegDeleteValueW")
+	procRegEnumValueW             = modadvapi32.NewProc("RegEnumValueW")
+	procRegLoadMUIStringW         = modadvapi32.NewProc("RegLoadMUIStringW")
+	procRegSetValueExW            = modadvapi32.NewProc("RegSetValueExW")
+	procExpandEnvironmentStringsW = modkernel32.NewProc("ExpandEnvironmentStringsW")
+)
+
+func regConnectRegistry(machinename *uint16, key syscall.Handle, result *syscall.Handle) (regerrno error) {
+	r0, _, _ := syscall.Syscall(procRegConnectRegistryW.Addr(), 3, uintptr(unsafe.Pointer(machinename)), uintptr(key), uintptr(unsafe.Pointer(result)))
+	if r0 != 0 {
+		regerrno = syscall.Errno(r0)
+	}
+	return
+}
+
+func regCreateKeyEx(key syscall.Handle, subkey *uint16, reserved uint32, class *uint16, options uint32, desired uint32, sa *syscall.SecurityAttributes, result *syscall.Handle, disposition *uint32) (regerrno error) {
+	r0, _, _ := syscall.Syscall9(procRegCreateKeyExW.Addr(), 9, uintptr(key), uintptr(unsafe.Pointer(subkey)), uintptr(reserved), uintptr(unsafe.Pointer(class)), uintptr(options), uintptr(desired), uintptr(unsafe.Pointer(sa)), uintptr(unsafe.Pointer(result)), uintptr(unsafe.Pointer(disposition)))
+	if r0 != 0 {
+		regerrno = syscall.Errno(r0)
+	}
+	return
+}
+
+func regDeleteKey(key syscall.Handle, subkey *uint16) (regerrno error) {
+	r0, _, _ := syscall.Syscall(procRegDeleteKeyW.Addr(), 2, uintptr(key), uintptr(unsafe.Pointer(subkey)), 0)
+	if r0 != 0 {
+		regerrno = syscall.Errno(r0)
+	}
+	return
+}
+
+func regDeleteValue(key syscall.Handle, name *uint16) (regerrno error) {
+	r0, _, _ := syscall.Syscall(procRegDeleteValueW.Addr(), 2, uintptr(key), uintptr(unsafe.Pointer(name)), 0)
+	if r0 != 0 {
+		regerrno = syscall.Errno(r0)
+	}
+	return
+}
+
+func regEnumValue(key syscall.Handle, index uint32, name *uint16, nameLen *uint32, reserved *uint32, valtype *uint32, buf *byte, buflen *uint32) (regerrno error) {
+	r0, _, _ := syscall.Syscall9(procRegEnumValueW.Addr(), 8, uintptr(key), uintptr(index), uintptr(unsafe.Pointer(name)), uintptr(unsafe.Pointer(nameLen)), uintptr(unsafe.Pointer(reserved)), uintptr(unsafe.Pointer(valtype)), uintptr(unsafe.Pointer(buf)), uintptr(unsafe.Pointer(buflen)), 0)
+	if r0 != 0 {
+		regerrno = syscall.Errno(r0)
+	}
+	return
+}
+
+func regLoadMUIString(key syscall.Handle, name *uint16, buf *uint16, buflen uint32, buflenCopied *uint32, flags uint32, dir *uint16) (regerrno error) {
+	r0, _, _ := syscall.Syscall9(procRegLoadMUIStringW.Addr(), 7, uintptr(key), uintptr(unsafe.Pointer(name)), uintptr(unsafe.Pointer(buf)), uintptr(buflen), uintptr(unsafe.Pointer(buflenCopied)), uintptr(flags), uintptr(unsafe.Pointer(dir)), 0, 0)
+	if r0 != 0 {
+		regerrno = syscall.Errno(r0)
+	}
+	return
+}
+
+func regSetValueEx(key syscall.Handle, valueName *uint16, reserved uint32, vtype uint32, buf *byte, bufsize uint32) (regerrno error) {
+	r0, _, _ := syscall.Syscall6(procRegSetValueExW.Addr(), 6, uintptr(key), uintptr(unsafe.Pointer(valueName)), uintptr(reserved), uintptr(vtype), uintptr(unsafe.Pointer(buf)), uintptr(bufsize))
+	if r0 != 0 {
+		regerrno = syscall.Errno(r0)
+	}
+	return
+}
+
+func expandEnvironmentStrings(src *uint16, dst *uint16, size uint32) (n uint32, err error) {
+	r0, _, e1 := syscall.Syscall(procExpandEnvironmentStringsW.Addr(), 3, uintptr(unsafe.Pointer(src)), uintptr(unsafe.Pointer(dst)), uintptr(size))
+	n = uint32(r0)
+	if n == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
diff --git a/vendor/golang.org/x/tools/cmd/stringer/stringer.go b/vendor/golang.org/x/tools/cmd/stringer/stringer.go
index 998d1a51b..2b19c93e8 100644
--- a/vendor/golang.org/x/tools/cmd/stringer/stringer.go
+++ b/vendor/golang.org/x/tools/cmd/stringer/stringer.go
@@ -188,6 +188,8 @@ type Generator struct {
 
 	trimPrefix  string
 	lineComment bool
+
+	logf func(format string, args ...interface{}) // test logging hook; nil when not testing
 }
 
 func (g *Generator) Printf(format string, args ...interface{}) {
@@ -221,13 +223,14 @@ func (g *Generator) parsePackage(patterns []string, tags []string) {
 		// in a separate pass? For later.
 		Tests:      false,
 		BuildFlags: []string{fmt.Sprintf("-tags=%s", strings.Join(tags, " "))},
+		Logf:       g.logf,
 	}
 	pkgs, err := packages.Load(cfg, patterns...)
 	if err != nil {
 		log.Fatal(err)
 	}
 	if len(pkgs) != 1 {
-		log.Fatalf("error: %d packages found", len(pkgs))
+		log.Fatalf("error: %d packages matching %v", len(pkgs), strings.Join(patterns, " "))
 	}
 	g.addPackage(pkgs[0])
 }
diff --git a/vendor/golang.org/x/tools/go/ast/inspector/inspector.go b/vendor/golang.org/x/tools/go/ast/inspector/inspector.go
index 3fbfebf36..1fc1de0bd 100644
--- a/vendor/golang.org/x/tools/go/ast/inspector/inspector.go
+++ b/vendor/golang.org/x/tools/go/ast/inspector/inspector.go
@@ -64,8 +64,9 @@ type event struct {
 // depth-first order. It calls f(n) for each node n before it visits
 // n's children.
 //
+// The complete traversal sequence is determined by ast.Inspect.
 // The types argument, if non-empty, enables type-based filtering of
-// events. The function f if is called only for nodes whose type
+// events. The function f is called only for nodes whose type
 // matches an element of the types slice.
 func (in *Inspector) Preorder(types []ast.Node, f func(ast.Node)) {
 	// Because it avoids postorder calls to f, and the pruning
@@ -97,6 +98,7 @@ func (in *Inspector) Preorder(types []ast.Node, f func(ast.Node)) {
 // of the non-nil children of the node, followed by a call of
 // f(n, false).
 //
+// The complete traversal sequence is determined by ast.Inspect.
 // The types argument, if non-empty, enables type-based filtering of
 // events. The function f if is called only for nodes whose type
 // matches an element of the types slice.
diff --git a/vendor/golang.org/x/tools/go/internal/packagesdriver/sizes.go b/vendor/golang.org/x/tools/go/internal/packagesdriver/sizes.go
index 18a002f82..0454cdd78 100644
--- a/vendor/golang.org/x/tools/go/internal/packagesdriver/sizes.go
+++ b/vendor/golang.org/x/tools/go/internal/packagesdriver/sizes.go
@@ -8,7 +8,6 @@ package packagesdriver
 import (
 	"context"
 	"fmt"
-	"go/types"
 	"strings"
 
 	"golang.org/x/tools/internal/gocommand"
@@ -16,7 +15,7 @@ import (
 
 var debug = false
 
-func GetSizesGolist(ctx context.Context, inv gocommand.Invocation, gocmdRunner *gocommand.Runner) (types.Sizes, error) {
+func GetSizesForArgsGolist(ctx context.Context, inv gocommand.Invocation, gocmdRunner *gocommand.Runner) (string, string, error) {
 	inv.Verb = "list"
 	inv.Args = []string{"-f", "{{context.GOARCH}} {{context.Compiler}}", "--", "unsafe"}
 	stdout, stderr, friendlyErr, rawErr := gocmdRunner.RunRaw(ctx, inv)
@@ -29,21 +28,21 @@ func GetSizesGolist(ctx context.Context, inv gocommand.Invocation, gocmdRunner *
 			inv.Args = []string{"GOARCH"}
 			envout, enverr := gocmdRunner.Run(ctx, inv)
 			if enverr != nil {
-				return nil, enverr
+				return "", "", enverr
 			}
 			goarch = strings.TrimSpace(envout.String())
 			compiler = "gc"
 		} else {
-			return nil, friendlyErr
+			return "", "", friendlyErr
 		}
 	} else {
 		fields := strings.Fields(stdout.String())
 		if len(fields) < 2 {
-			return nil, fmt.Errorf("could not parse GOARCH and Go compiler in format \"<GOARCH> <compiler>\":\nstdout: <<%s>>\nstderr: <<%s>>",
+			return "", "", fmt.Errorf("could not parse GOARCH and Go compiler in format \"<GOARCH> <compiler>\":\nstdout: <<%s>>\nstderr: <<%s>>",
 				stdout.String(), stderr.String())
 		}
 		goarch = fields[0]
 		compiler = fields[1]
 	}
-	return types.SizesFor(compiler, goarch), nil
+	return compiler, goarch, nil
 }
diff --git a/vendor/golang.org/x/tools/go/packages/doc.go b/vendor/golang.org/x/tools/go/packages/doc.go
index da4ab89fe..a7a8f73e3 100644
--- a/vendor/golang.org/x/tools/go/packages/doc.go
+++ b/vendor/golang.org/x/tools/go/packages/doc.go
@@ -35,7 +35,7 @@ The Package struct provides basic information about the package, including
   - Imports, a map from source import strings to the Packages they name;
   - Types, the type information for the package's exported symbols;
   - Syntax, the parsed syntax trees for the package's source code; and
-  - TypeInfo, the result of a complete type-check of the package syntax trees.
+  - TypesInfo, the result of a complete type-check of the package syntax trees.
 
 (See the documentation for type Package for the complete list of fields
 and more detailed descriptions.)
diff --git a/vendor/golang.org/x/tools/go/packages/golist.go b/vendor/golang.org/x/tools/go/packages/golist.go
index e84f19dfa..1f1eade0a 100644
--- a/vendor/golang.org/x/tools/go/packages/golist.go
+++ b/vendor/golang.org/x/tools/go/packages/golist.go
@@ -9,8 +9,6 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
-	"go/types"
-	"io/ioutil"
 	"log"
 	"os"
 	"path"
@@ -153,10 +151,10 @@ func goListDriver(cfg *Config, patterns ...string) (*driverResponse, error) {
 	if cfg.Mode&NeedTypesSizes != 0 || cfg.Mode&NeedTypes != 0 {
 		sizeswg.Add(1)
 		go func() {
-			var sizes types.Sizes
-			sizes, sizeserr = packagesdriver.GetSizesGolist(ctx, state.cfgInvocation(), cfg.gocmdRunner)
-			// types.SizesFor always returns nil or a *types.StdSizes.
-			response.dr.Sizes, _ = sizes.(*types.StdSizes)
+			compiler, arch, err := packagesdriver.GetSizesForArgsGolist(ctx, state.cfgInvocation(), cfg.gocmdRunner)
+			sizeserr = err
+			response.dr.Compiler = compiler
+			response.dr.Arch = arch
 			sizeswg.Done()
 		}()
 	}
@@ -671,6 +669,9 @@ func (state *golistState) createDriverResponse(words ...string) (*driverResponse
 		// Temporary work-around for golang/go#39986. Parse filenames out of
 		// error messages. This happens if there are unrecoverable syntax
 		// errors in the source, so we can't match on a specific error message.
+		//
+		// TODO(rfindley): remove this heuristic, in favor of considering
+		// InvalidGoFiles from the list driver.
 		if err := p.Error; err != nil && state.shouldAddFilenameFromError(p) {
 			addFilenameFromPos := func(pos string) bool {
 				split := strings.Split(pos, ":")
@@ -1107,7 +1108,7 @@ func (state *golistState) writeOverlays() (filename string, cleanup func(), err
 	if len(state.cfg.Overlay) == 0 {
 		return "", func() {}, nil
 	}
-	dir, err := ioutil.TempDir("", "gopackages-*")
+	dir, err := os.MkdirTemp("", "gopackages-*")
 	if err != nil {
 		return "", nil, err
 	}
@@ -1126,7 +1127,7 @@ func (state *golistState) writeOverlays() (filename string, cleanup func(), err
 		// Create a unique filename for the overlaid files, to avoid
 		// creating nested directories.
 		noSeparator := strings.Join(strings.Split(filepath.ToSlash(k), "/"), "")
-		f, err := ioutil.TempFile(dir, fmt.Sprintf("*-%s", noSeparator))
+		f, err := os.CreateTemp(dir, fmt.Sprintf("*-%s", noSeparator))
 		if err != nil {
 			return "", func() {}, err
 		}
@@ -1144,7 +1145,7 @@ func (state *golistState) writeOverlays() (filename string, cleanup func(), err
 	}
 	// Write out the overlay file that contains the filepath mappings.
 	filename = filepath.Join(dir, "overlay.json")
-	if err := ioutil.WriteFile(filename, b, 0665); err != nil {
+	if err := os.WriteFile(filename, b, 0665); err != nil {
 		return "", func() {}, err
 	}
 	return filename, cleanup, nil
diff --git a/vendor/golang.org/x/tools/go/packages/packages.go b/vendor/golang.org/x/tools/go/packages/packages.go
index 632be722a..ece0e7c60 100644
--- a/vendor/golang.org/x/tools/go/packages/packages.go
+++ b/vendor/golang.org/x/tools/go/packages/packages.go
@@ -16,7 +16,6 @@ import (
 	"go/token"
 	"go/types"
 	"io"
-	"io/ioutil"
 	"log"
 	"os"
 	"path/filepath"
@@ -220,8 +219,10 @@ type driverResponse struct {
 	// lists of multiple drivers, go/packages will fall back to the next driver.
 	NotHandled bool
 
-	// Sizes, if not nil, is the types.Sizes to use when type checking.
-	Sizes *types.StdSizes
+	// Compiler and Arch are the arguments pass of types.SizesFor
+	// to get a types.Sizes to use when type checking.
+	Compiler string
+	Arch     string
 
 	// Roots is the set of package IDs that make up the root packages.
 	// We have to encode this separately because when we encode a single package
@@ -262,7 +263,7 @@ func Load(cfg *Config, patterns ...string) ([]*Package, error) {
 	if err != nil {
 		return nil, err
 	}
-	l.sizes = response.Sizes
+	l.sizes = types.SizesFor(response.Compiler, response.Arch)
 	return l.refine(response)
 }
 
@@ -630,7 +631,7 @@ func newLoader(cfg *Config) *loader {
 	return ld
 }
 
-// refine connects the supplied packages into a graph and then adds type and
+// refine connects the supplied packages into a graph and then adds type
 // and syntax information as requested by the LoadMode.
 func (ld *loader) refine(response *driverResponse) ([]*Package, error) {
 	roots := response.Roots
@@ -1043,6 +1044,9 @@ func (ld *loader) loadPackage(lpkg *loaderPackage) {
 		Error: appendError,
 		Sizes: ld.sizes,
 	}
+	if lpkg.Module != nil && lpkg.Module.GoVersion != "" {
+		typesinternal.SetGoVersion(tc, "go"+lpkg.Module.GoVersion)
+	}
 	if (ld.Mode & typecheckCgo) != 0 {
 		if !typesinternal.SetUsesCgo(tc) {
 			appendError(Error{
@@ -1122,7 +1126,7 @@ func (ld *loader) parseFile(filename string) (*ast.File, error) {
 		var err error
 		if src == nil {
 			ioLimit <- true // wait
-			src, err = ioutil.ReadFile(filename)
+			src, err = os.ReadFile(filename)
 			<-ioLimit // signal
 		}
 		if err != nil {
diff --git a/vendor/golang.org/x/tools/go/types/objectpath/objectpath.go b/vendor/golang.org/x/tools/go/types/objectpath/objectpath.go
new file mode 100644
index 000000000..fa5834baf
--- /dev/null
+++ b/vendor/golang.org/x/tools/go/types/objectpath/objectpath.go
@@ -0,0 +1,827 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package objectpath defines a naming scheme for types.Objects
+// (that is, named entities in Go programs) relative to their enclosing
+// package.
+//
+// Type-checker objects are canonical, so they are usually identified by
+// their address in memory (a pointer), but a pointer has meaning only
+// within one address space. By contrast, objectpath names allow the
+// identity of an object to be sent from one program to another,
+// establishing a correspondence between types.Object variables that are
+// distinct but logically equivalent.
+//
+// A single object may have multiple paths. In this example,
+//
+//	type A struct{ X int }
+//	type B A
+//
+// the field X has two paths due to its membership of both A and B.
+// The For(obj) function always returns one of these paths, arbitrarily
+// but consistently.
+package objectpath
+
+import (
+	"fmt"
+	"go/types"
+	"sort"
+	"strconv"
+	"strings"
+	_ "unsafe"
+
+	"golang.org/x/tools/internal/typeparams"
+	"golang.org/x/tools/internal/typesinternal"
+)
+
+// A Path is an opaque name that identifies a types.Object
+// relative to its package. Conceptually, the name consists of a
+// sequence of destructuring operations applied to the package scope
+// to obtain the original object.
+// The name does not include the package itself.
+type Path string
+
+// Encoding
+//
+// An object path is a textual and (with training) human-readable encoding
+// of a sequence of destructuring operators, starting from a types.Package.
+// The sequences represent a path through the package/object/type graph.
+// We classify these operators by their type:
+//
+//	PO package->object	Package.Scope.Lookup
+//	OT  object->type 	Object.Type
+//	TT    type->type 	Type.{Elem,Key,Params,Results,Underlying} [EKPRU]
+//	TO   type->object	Type.{At,Field,Method,Obj} [AFMO]
+//
+// All valid paths start with a package and end at an object
+// and thus may be defined by the regular language:
+//
+//	objectpath = PO (OT TT* TO)*
+//
+// The concrete encoding follows directly:
+//   - The only PO operator is Package.Scope.Lookup, which requires an identifier.
+//   - The only OT operator is Object.Type,
+//     which we encode as '.' because dot cannot appear in an identifier.
+//   - The TT operators are encoded as [EKPRUTC];
+//     one of these (TypeParam) requires an integer operand,
+//     which is encoded as a string of decimal digits.
+//   - The TO operators are encoded as [AFMO];
+//     three of these (At,Field,Method) require an integer operand,
+//     which is encoded as a string of decimal digits.
+//     These indices are stable across different representations
+//     of the same package, even source and export data.
+//     The indices used are implementation specific and may not correspond to
+//     the argument to the go/types function.
+//
+// In the example below,
+//
+//	package p
+//
+//	type T interface {
+//		f() (a string, b struct{ X int })
+//	}
+//
+// field X has the path "T.UM0.RA1.F0",
+// representing the following sequence of operations:
+//
+//	p.Lookup("T")					T
+//	.Type().Underlying().Method(0).			f
+//	.Type().Results().At(1)				b
+//	.Type().Field(0)					X
+//
+// The encoding is not maximally compact---every R or P is
+// followed by an A, for example---but this simplifies the
+// encoder and decoder.
+const (
+	// object->type operators
+	opType = '.' // .Type()		  (Object)
+
+	// type->type operators
+	opElem       = 'E' // .Elem()		        (Pointer, Slice, Array, Chan, Map)
+	opKey        = 'K' // .Key()		        (Map)
+	opParams     = 'P' // .Params()		      (Signature)
+	opResults    = 'R' // .Results()	      (Signature)
+	opUnderlying = 'U' // .Underlying()	    (Named)
+	opTypeParam  = 'T' // .TypeParams.At(i) (Named, Signature)
+	opConstraint = 'C' // .Constraint()     (TypeParam)
+
+	// type->object operators
+	opAt     = 'A' // .At(i)		 (Tuple)
+	opField  = 'F' // .Field(i)	 (Struct)
+	opMethod = 'M' // .Method(i) (Named or Interface; not Struct: "promoted" names are ignored)
+	opObj    = 'O' // .Obj()		 (Named, TypeParam)
+)
+
+// For is equivalent to new(Encoder).For(obj).
+//
+// It may be more efficient to reuse a single Encoder across several calls.
+func For(obj types.Object) (Path, error) {
+	return new(Encoder).For(obj)
+}
+
+// An Encoder amortizes the cost of encoding the paths of multiple objects.
+// The zero value of an Encoder is ready to use.
+type Encoder struct {
+	scopeMemo         map[*types.Scope][]types.Object // memoization of scopeObjects
+	namedMethodsMemo  map[*types.Named][]*types.Func  // memoization of namedMethods()
+	skipMethodSorting bool
+}
+
+// Expose back doors so that gopls can avoid method sorting, which can dominate
+// analysis on certain repositories.
+//
+// TODO(golang/go#61443): remove this.
+func init() {
+	typesinternal.SkipEncoderMethodSorting = func(enc interface{}) {
+		enc.(*Encoder).skipMethodSorting = true
+	}
+	typesinternal.ObjectpathObject = object
+}
+
+// For returns the path to an object relative to its package,
+// or an error if the object is not accessible from the package's Scope.
+//
+// The For function guarantees to return a path only for the following objects:
+// - package-level types
+// - exported package-level non-types
+// - methods
+// - parameter and result variables
+// - struct fields
+// These objects are sufficient to define the API of their package.
+// The objects described by a package's export data are drawn from this set.
+//
+// The set of objects accessible from a package's Scope depends on
+// whether the package was produced by type-checking syntax, or
+// reading export data; the latter may have a smaller Scope since
+// export data trims objects that are not reachable from an exported
+// declaration. For example, the For function will return a path for
+// an exported method of an unexported type that is not reachable
+// from any public declaration; this path will cause the Object
+// function to fail if called on a package loaded from export data.
+// TODO(adonovan): is this a bug or feature? Should this package
+// compute accessibility in the same way?
+//
+// For does not return a path for predeclared names, imported package
+// names, local names, and unexported package-level names (except
+// types).
+//
+// Example: given this definition,
+//
+//	package p
+//
+//	type T interface {
+//		f() (a string, b struct{ X int })
+//	}
+//
+// For(X) would return a path that denotes the following sequence of operations:
+//
+//	p.Scope().Lookup("T")				(TypeName T)
+//	.Type().Underlying().Method(0).			(method Func f)
+//	.Type().Results().At(1)				(field Var b)
+//	.Type().Field(0)					(field Var X)
+//
+// where p is the package (*types.Package) to which X belongs.
+func (enc *Encoder) For(obj types.Object) (Path, error) {
+	pkg := obj.Pkg()
+
+	// This table lists the cases of interest.
+	//
+	// Object				Action
+	// ------                               ------
+	// nil					reject
+	// builtin				reject
+	// pkgname				reject
+	// label				reject
+	// var
+	//    package-level			accept
+	//    func param/result			accept
+	//    local				reject
+	//    struct field			accept
+	// const
+	//    package-level			accept
+	//    local				reject
+	// func
+	//    package-level			accept
+	//    init functions			reject
+	//    concrete method			accept
+	//    interface method			accept
+	// type
+	//    package-level			accept
+	//    local				reject
+	//
+	// The only accessible package-level objects are members of pkg itself.
+	//
+	// The cases are handled in four steps:
+	//
+	// 1. reject nil and builtin
+	// 2. accept package-level objects
+	// 3. reject obviously invalid objects
+	// 4. search the API for the path to the param/result/field/method.
+
+	// 1. reference to nil or builtin?
+	if pkg == nil {
+		return "", fmt.Errorf("predeclared %s has no path", obj)
+	}
+	scope := pkg.Scope()
+
+	// 2. package-level object?
+	if scope.Lookup(obj.Name()) == obj {
+		// Only exported objects (and non-exported types) have a path.
+		// Non-exported types may be referenced by other objects.
+		if _, ok := obj.(*types.TypeName); !ok && !obj.Exported() {
+			return "", fmt.Errorf("no path for non-exported %v", obj)
+		}
+		return Path(obj.Name()), nil
+	}
+
+	// 3. Not a package-level object.
+	//    Reject obviously non-viable cases.
+	switch obj := obj.(type) {
+	case *types.TypeName:
+		if _, ok := obj.Type().(*typeparams.TypeParam); !ok {
+			// With the exception of type parameters, only package-level type names
+			// have a path.
+			return "", fmt.Errorf("no path for %v", obj)
+		}
+	case *types.Const, // Only package-level constants have a path.
+		*types.Label,   // Labels are function-local.
+		*types.PkgName: // PkgNames are file-local.
+		return "", fmt.Errorf("no path for %v", obj)
+
+	case *types.Var:
+		// Could be:
+		// - a field (obj.IsField())
+		// - a func parameter or result
+		// - a local var.
+		// Sadly there is no way to distinguish
+		// a param/result from a local
+		// so we must proceed to the find.
+
+	case *types.Func:
+		// A func, if not package-level, must be a method.
+		if recv := obj.Type().(*types.Signature).Recv(); recv == nil {
+			return "", fmt.Errorf("func is not a method: %v", obj)
+		}
+
+		if path, ok := enc.concreteMethod(obj); ok {
+			// Fast path for concrete methods that avoids looping over scope.
+			return path, nil
+		}
+
+	default:
+		panic(obj)
+	}
+
+	// 4. Search the API for the path to the var (field/param/result) or method.
+
+	// First inspect package-level named types.
+	// In the presence of path aliases, these give
+	// the best paths because non-types may
+	// refer to types, but not the reverse.
+	empty := make([]byte, 0, 48) // initial space
+	objs := enc.scopeObjects(scope)
+	for _, o := range objs {
+		tname, ok := o.(*types.TypeName)
+		if !ok {
+			continue // handle non-types in second pass
+		}
+
+		path := append(empty, o.Name()...)
+		path = append(path, opType)
+
+		T := o.Type()
+
+		if tname.IsAlias() {
+			// type alias
+			if r := find(obj, T, path, nil); r != nil {
+				return Path(r), nil
+			}
+		} else {
+			if named, _ := T.(*types.Named); named != nil {
+				if r := findTypeParam(obj, typeparams.ForNamed(named), path, nil); r != nil {
+					// generic named type
+					return Path(r), nil
+				}
+			}
+			// defined (named) type
+			if r := find(obj, T.Underlying(), append(path, opUnderlying), nil); r != nil {
+				return Path(r), nil
+			}
+		}
+	}
+
+	// Then inspect everything else:
+	// non-types, and declared methods of defined types.
+	for _, o := range objs {
+		path := append(empty, o.Name()...)
+		if _, ok := o.(*types.TypeName); !ok {
+			if o.Exported() {
+				// exported non-type (const, var, func)
+				if r := find(obj, o.Type(), append(path, opType), nil); r != nil {
+					return Path(r), nil
+				}
+			}
+			continue
+		}
+
+		// Inspect declared methods of defined types.
+		if T, ok := o.Type().(*types.Named); ok {
+			path = append(path, opType)
+			if !enc.skipMethodSorting {
+				// Note that method index here is always with respect
+				// to canonical ordering of methods, regardless of how
+				// they appear in the underlying type.
+				for i, m := range enc.namedMethods(T) {
+					path2 := appendOpArg(path, opMethod, i)
+					if m == obj {
+						return Path(path2), nil // found declared method
+					}
+					if r := find(obj, m.Type(), append(path2, opType), nil); r != nil {
+						return Path(r), nil
+					}
+				}
+			} else {
+				// This branch must match the logic in the branch above, using go/types
+				// APIs without sorting.
+				for i := 0; i < T.NumMethods(); i++ {
+					m := T.Method(i)
+					path2 := appendOpArg(path, opMethod, i)
+					if m == obj {
+						return Path(path2), nil // found declared method
+					}
+					if r := find(obj, m.Type(), append(path2, opType), nil); r != nil {
+						return Path(r), nil
+					}
+				}
+			}
+		}
+	}
+
+	return "", fmt.Errorf("can't find path for %v in %s", obj, pkg.Path())
+}
+
+func appendOpArg(path []byte, op byte, arg int) []byte {
+	path = append(path, op)
+	path = strconv.AppendInt(path, int64(arg), 10)
+	return path
+}
+
+// concreteMethod returns the path for meth, which must have a non-nil receiver.
+// The second return value indicates success and may be false if the method is
+// an interface method or if it is an instantiated method.
+//
+// This function is just an optimization that avoids the general scope walking
+// approach. You are expected to fall back to the general approach if this
+// function fails.
+func (enc *Encoder) concreteMethod(meth *types.Func) (Path, bool) {
+	// Concrete methods can only be declared on package-scoped named types. For
+	// that reason we can skip the expensive walk over the package scope: the
+	// path will always be package -> named type -> method. We can trivially get
+	// the type name from the receiver, and only have to look over the type's
+	// methods to find the method index.
+	//
+	// Methods on generic types require special consideration, however. Consider
+	// the following package:
+	//
+	// 	L1: type S[T any] struct{}
+	// 	L2: func (recv S[A]) Foo() { recv.Bar() }
+	// 	L3: func (recv S[B]) Bar() { }
+	// 	L4: type Alias = S[int]
+	// 	L5: func _[T any]() { var s S[int]; s.Foo() }
+	//
+	// The receivers of methods on generic types are instantiations. L2 and L3
+	// instantiate S with the type-parameters A and B, which are scoped to the
+	// respective methods. L4 and L5 each instantiate S with int. Each of these
+	// instantiations has its own method set, full of methods (and thus objects)
+	// with receivers whose types are the respective instantiations. In other
+	// words, we have
+	//
+	// S[A].Foo, S[A].Bar
+	// S[B].Foo, S[B].Bar
+	// S[int].Foo, S[int].Bar
+	//
+	// We may thus be trying to produce object paths for any of these objects.
+	//
+	// S[A].Foo and S[B].Bar are the origin methods, and their paths are S.Foo
+	// and S.Bar, which are the paths that this function naturally produces.
+	//
+	// S[A].Bar, S[B].Foo, and both methods on S[int] are instantiations that
+	// don't correspond to the origin methods. For S[int], this is significant.
+	// The most precise object path for S[int].Foo, for example, is Alias.Foo,
+	// not S.Foo. Our function, however, would produce S.Foo, which would
+	// resolve to a different object.
+	//
+	// For S[A].Bar and S[B].Foo it could be argued that S.Bar and S.Foo are
+	// still the correct paths, since only the origin methods have meaningful
+	// paths. But this is likely only true for trivial cases and has edge cases.
+	// Since this function is only an optimization, we err on the side of giving
+	// up, deferring to the slower but definitely correct algorithm. Most users
+	// of objectpath will only be giving us origin methods, anyway, as referring
+	// to instantiated methods is usually not useful.
+
+	if typeparams.OriginMethod(meth) != meth {
+		return "", false
+	}
+
+	recvT := meth.Type().(*types.Signature).Recv().Type()
+	if ptr, ok := recvT.(*types.Pointer); ok {
+		recvT = ptr.Elem()
+	}
+
+	named, ok := recvT.(*types.Named)
+	if !ok {
+		return "", false
+	}
+
+	if types.IsInterface(named) {
+		// Named interfaces don't have to be package-scoped
+		//
+		// TODO(dominikh): opt: if scope.Lookup(name) == named, then we can apply this optimization to interface
+		// methods, too, I think.
+		return "", false
+	}
+
+	// Preallocate space for the name, opType, opMethod, and some digits.
+	name := named.Obj().Name()
+	path := make([]byte, 0, len(name)+8)
+	path = append(path, name...)
+	path = append(path, opType)
+
+	if !enc.skipMethodSorting {
+		for i, m := range enc.namedMethods(named) {
+			if m == meth {
+				path = appendOpArg(path, opMethod, i)
+				return Path(path), true
+			}
+		}
+	} else {
+		// This branch must match the logic of the branch above, using go/types
+		// APIs without sorting.
+		for i := 0; i < named.NumMethods(); i++ {
+			m := named.Method(i)
+			if m == meth {
+				path = appendOpArg(path, opMethod, i)
+				return Path(path), true
+			}
+		}
+	}
+
+	// Due to golang/go#59944, go/types fails to associate the receiver with
+	// certain methods on cgo types.
+	//
+	// TODO(rfindley): replace this panic once golang/go#59944 is fixed in all Go
+	// versions gopls supports.
+	return "", false
+	// panic(fmt.Sprintf("couldn't find method %s on type %s; methods: %#v", meth, named, enc.namedMethods(named)))
+}
+
+// find finds obj within type T, returning the path to it, or nil if not found.
+//
+// The seen map is used to short circuit cycles through type parameters. If
+// nil, it will be allocated as necessary.
+func find(obj types.Object, T types.Type, path []byte, seen map[*types.TypeName]bool) []byte {
+	switch T := T.(type) {
+	case *types.Basic, *types.Named:
+		// Named types belonging to pkg were handled already,
+		// so T must belong to another package. No path.
+		return nil
+	case *types.Pointer:
+		return find(obj, T.Elem(), append(path, opElem), seen)
+	case *types.Slice:
+		return find(obj, T.Elem(), append(path, opElem), seen)
+	case *types.Array:
+		return find(obj, T.Elem(), append(path, opElem), seen)
+	case *types.Chan:
+		return find(obj, T.Elem(), append(path, opElem), seen)
+	case *types.Map:
+		if r := find(obj, T.Key(), append(path, opKey), seen); r != nil {
+			return r
+		}
+		return find(obj, T.Elem(), append(path, opElem), seen)
+	case *types.Signature:
+		if r := findTypeParam(obj, typeparams.ForSignature(T), path, seen); r != nil {
+			return r
+		}
+		if r := find(obj, T.Params(), append(path, opParams), seen); r != nil {
+			return r
+		}
+		return find(obj, T.Results(), append(path, opResults), seen)
+	case *types.Struct:
+		for i := 0; i < T.NumFields(); i++ {
+			fld := T.Field(i)
+			path2 := appendOpArg(path, opField, i)
+			if fld == obj {
+				return path2 // found field var
+			}
+			if r := find(obj, fld.Type(), append(path2, opType), seen); r != nil {
+				return r
+			}
+		}
+		return nil
+	case *types.Tuple:
+		for i := 0; i < T.Len(); i++ {
+			v := T.At(i)
+			path2 := appendOpArg(path, opAt, i)
+			if v == obj {
+				return path2 // found param/result var
+			}
+			if r := find(obj, v.Type(), append(path2, opType), seen); r != nil {
+				return r
+			}
+		}
+		return nil
+	case *types.Interface:
+		for i := 0; i < T.NumMethods(); i++ {
+			m := T.Method(i)
+			path2 := appendOpArg(path, opMethod, i)
+			if m == obj {
+				return path2 // found interface method
+			}
+			if r := find(obj, m.Type(), append(path2, opType), seen); r != nil {
+				return r
+			}
+		}
+		return nil
+	case *typeparams.TypeParam:
+		name := T.Obj()
+		if name == obj {
+			return append(path, opObj)
+		}
+		if seen[name] {
+			return nil
+		}
+		if seen == nil {
+			seen = make(map[*types.TypeName]bool)
+		}
+		seen[name] = true
+		if r := find(obj, T.Constraint(), append(path, opConstraint), seen); r != nil {
+			return r
+		}
+		return nil
+	}
+	panic(T)
+}
+
+func findTypeParam(obj types.Object, list *typeparams.TypeParamList, path []byte, seen map[*types.TypeName]bool) []byte {
+	for i := 0; i < list.Len(); i++ {
+		tparam := list.At(i)
+		path2 := appendOpArg(path, opTypeParam, i)
+		if r := find(obj, tparam, path2, seen); r != nil {
+			return r
+		}
+	}
+	return nil
+}
+
+// Object returns the object denoted by path p within the package pkg.
+func Object(pkg *types.Package, p Path) (types.Object, error) {
+	return object(pkg, string(p), false)
+}
+
+// Note: the skipMethodSorting parameter must match the value of
+// Encoder.skipMethodSorting used during encoding.
+func object(pkg *types.Package, pathstr string, skipMethodSorting bool) (types.Object, error) {
+	if pathstr == "" {
+		return nil, fmt.Errorf("empty path")
+	}
+
+	var pkgobj, suffix string
+	if dot := strings.IndexByte(pathstr, opType); dot < 0 {
+		pkgobj = pathstr
+	} else {
+		pkgobj = pathstr[:dot]
+		suffix = pathstr[dot:] // suffix starts with "."
+	}
+
+	obj := pkg.Scope().Lookup(pkgobj)
+	if obj == nil {
+		return nil, fmt.Errorf("package %s does not contain %q", pkg.Path(), pkgobj)
+	}
+
+	// abstraction of *types.{Pointer,Slice,Array,Chan,Map}
+	type hasElem interface {
+		Elem() types.Type
+	}
+	// abstraction of *types.{Named,Signature}
+	type hasTypeParams interface {
+		TypeParams() *typeparams.TypeParamList
+	}
+	// abstraction of *types.{Named,TypeParam}
+	type hasObj interface {
+		Obj() *types.TypeName
+	}
+
+	// The loop state is the pair (t, obj),
+	// exactly one of which is non-nil, initially obj.
+	// All suffixes start with '.' (the only object->type operation),
+	// followed by optional type->type operations,
+	// then a type->object operation.
+	// The cycle then repeats.
+	var t types.Type
+	for suffix != "" {
+		code := suffix[0]
+		suffix = suffix[1:]
+
+		// Codes [AFM] have an integer operand.
+		var index int
+		switch code {
+		case opAt, opField, opMethod, opTypeParam:
+			rest := strings.TrimLeft(suffix, "0123456789")
+			numerals := suffix[:len(suffix)-len(rest)]
+			suffix = rest
+			i, err := strconv.Atoi(numerals)
+			if err != nil {
+				return nil, fmt.Errorf("invalid path: bad numeric operand %q for code %q", numerals, code)
+			}
+			index = int(i)
+		case opObj:
+			// no operand
+		default:
+			// The suffix must end with a type->object operation.
+			if suffix == "" {
+				return nil, fmt.Errorf("invalid path: ends with %q, want [AFMO]", code)
+			}
+		}
+
+		if code == opType {
+			if t != nil {
+				return nil, fmt.Errorf("invalid path: unexpected %q in type context", opType)
+			}
+			t = obj.Type()
+			obj = nil
+			continue
+		}
+
+		if t == nil {
+			return nil, fmt.Errorf("invalid path: code %q in object context", code)
+		}
+
+		// Inv: t != nil, obj == nil
+
+		switch code {
+		case opElem:
+			hasElem, ok := t.(hasElem) // Pointer, Slice, Array, Chan, Map
+			if !ok {
+				return nil, fmt.Errorf("cannot apply %q to %s (got %T, want pointer, slice, array, chan or map)", code, t, t)
+			}
+			t = hasElem.Elem()
+
+		case opKey:
+			mapType, ok := t.(*types.Map)
+			if !ok {
+				return nil, fmt.Errorf("cannot apply %q to %s (got %T, want map)", code, t, t)
+			}
+			t = mapType.Key()
+
+		case opParams:
+			sig, ok := t.(*types.Signature)
+			if !ok {
+				return nil, fmt.Errorf("cannot apply %q to %s (got %T, want signature)", code, t, t)
+			}
+			t = sig.Params()
+
+		case opResults:
+			sig, ok := t.(*types.Signature)
+			if !ok {
+				return nil, fmt.Errorf("cannot apply %q to %s (got %T, want signature)", code, t, t)
+			}
+			t = sig.Results()
+
+		case opUnderlying:
+			named, ok := t.(*types.Named)
+			if !ok {
+				return nil, fmt.Errorf("cannot apply %q to %s (got %T, want named)", code, t, t)
+			}
+			t = named.Underlying()
+
+		case opTypeParam:
+			hasTypeParams, ok := t.(hasTypeParams) // Named, Signature
+			if !ok {
+				return nil, fmt.Errorf("cannot apply %q to %s (got %T, want named or signature)", code, t, t)
+			}
+			tparams := hasTypeParams.TypeParams()
+			if n := tparams.Len(); index >= n {
+				return nil, fmt.Errorf("tuple index %d out of range [0-%d)", index, n)
+			}
+			t = tparams.At(index)
+
+		case opConstraint:
+			tparam, ok := t.(*typeparams.TypeParam)
+			if !ok {
+				return nil, fmt.Errorf("cannot apply %q to %s (got %T, want type parameter)", code, t, t)
+			}
+			t = tparam.Constraint()
+
+		case opAt:
+			tuple, ok := t.(*types.Tuple)
+			if !ok {
+				return nil, fmt.Errorf("cannot apply %q to %s (got %T, want tuple)", code, t, t)
+			}
+			if n := tuple.Len(); index >= n {
+				return nil, fmt.Errorf("tuple index %d out of range [0-%d)", index, n)
+			}
+			obj = tuple.At(index)
+			t = nil
+
+		case opField:
+			structType, ok := t.(*types.Struct)
+			if !ok {
+				return nil, fmt.Errorf("cannot apply %q to %s (got %T, want struct)", code, t, t)
+			}
+			if n := structType.NumFields(); index >= n {
+				return nil, fmt.Errorf("field index %d out of range [0-%d)", index, n)
+			}
+			obj = structType.Field(index)
+			t = nil
+
+		case opMethod:
+			switch t := t.(type) {
+			case *types.Interface:
+				if index >= t.NumMethods() {
+					return nil, fmt.Errorf("method index %d out of range [0-%d)", index, t.NumMethods())
+				}
+				obj = t.Method(index) // Id-ordered
+
+			case *types.Named:
+				if index >= t.NumMethods() {
+					return nil, fmt.Errorf("method index %d out of range [0-%d)", index, t.NumMethods())
+				}
+				if skipMethodSorting {
+					obj = t.Method(index)
+				} else {
+					methods := namedMethods(t) // (unmemoized)
+					obj = methods[index]       // Id-ordered
+				}
+
+			default:
+				return nil, fmt.Errorf("cannot apply %q to %s (got %T, want interface or named)", code, t, t)
+			}
+			t = nil
+
+		case opObj:
+			hasObj, ok := t.(hasObj)
+			if !ok {
+				return nil, fmt.Errorf("cannot apply %q to %s (got %T, want named or type param)", code, t, t)
+			}
+			obj = hasObj.Obj()
+			t = nil
+
+		default:
+			return nil, fmt.Errorf("invalid path: unknown code %q", code)
+		}
+	}
+
+	if obj.Pkg() != pkg {
+		return nil, fmt.Errorf("path denotes %s, which belongs to a different package", obj)
+	}
+
+	return obj, nil // success
+}
+
+// namedMethods returns the methods of a Named type in ascending Id order.
+func namedMethods(named *types.Named) []*types.Func {
+	methods := make([]*types.Func, named.NumMethods())
+	for i := range methods {
+		methods[i] = named.Method(i)
+	}
+	sort.Slice(methods, func(i, j int) bool {
+		return methods[i].Id() < methods[j].Id()
+	})
+	return methods
+}
+
+// namedMethods is a memoization of the namedMethods function. Callers must not modify the result.
+func (enc *Encoder) namedMethods(named *types.Named) []*types.Func {
+	m := enc.namedMethodsMemo
+	if m == nil {
+		m = make(map[*types.Named][]*types.Func)
+		enc.namedMethodsMemo = m
+	}
+	methods, ok := m[named]
+	if !ok {
+		methods = namedMethods(named) // allocates and sorts
+		m[named] = methods
+	}
+	return methods
+}
+
+// scopeObjects is a memoization of scope objects.
+// Callers must not modify the result.
+func (enc *Encoder) scopeObjects(scope *types.Scope) []types.Object {
+	m := enc.scopeMemo
+	if m == nil {
+		m = make(map[*types.Scope][]types.Object)
+		enc.scopeMemo = m
+	}
+	objs, ok := m[scope]
+	if !ok {
+		names := scope.Names() // allocates and sorts
+		objs = make([]types.Object, len(names))
+		for i, name := range names {
+			objs[i] = scope.Lookup(name)
+		}
+		m[scope] = objs
+	}
+	return objs
+}
diff --git a/vendor/golang.org/x/tools/imports/forward.go b/vendor/golang.org/x/tools/imports/forward.go
index d2547c743..cb6db8893 100644
--- a/vendor/golang.org/x/tools/imports/forward.go
+++ b/vendor/golang.org/x/tools/imports/forward.go
@@ -7,8 +7,8 @@
 package imports // import "golang.org/x/tools/imports"
 
 import (
-	"io/ioutil"
 	"log"
+	"os"
 
 	"golang.org/x/tools/internal/gocommand"
 	intimp "golang.org/x/tools/internal/imports"
@@ -44,7 +44,7 @@ var LocalPrefix string
 func Process(filename string, src []byte, opt *Options) ([]byte, error) {
 	var err error
 	if src == nil {
-		src, err = ioutil.ReadFile(filename)
+		src, err = os.ReadFile(filename)
 		if err != nil {
 			return nil, err
 		}
diff --git a/vendor/golang.org/x/tools/internal/event/tag/tag.go b/vendor/golang.org/x/tools/internal/event/tag/tag.go
index ff2f2ecd3..581b26c20 100644
--- a/vendor/golang.org/x/tools/internal/event/tag/tag.go
+++ b/vendor/golang.org/x/tools/internal/event/tag/tag.go
@@ -19,7 +19,7 @@ var (
 	File          = keys.NewString("file", "")
 	Directory     = keys.New("directory", "")
 	URI           = keys.New("URI", "")
-	Package       = keys.NewString("package", "") // Package ID
+	Package       = keys.NewString("package", "") // sorted comma-separated list of Package IDs
 	PackagePath   = keys.NewString("package_path", "")
 	Query         = keys.New("query", "")
 	Snapshot      = keys.NewUInt64("snapshot", "")
diff --git a/vendor/golang.org/x/tools/internal/fastwalk/fastwalk.go b/vendor/golang.org/x/tools/internal/fastwalk/fastwalk.go
index 798fe599b..c40c7e931 100644
--- a/vendor/golang.org/x/tools/internal/fastwalk/fastwalk.go
+++ b/vendor/golang.org/x/tools/internal/fastwalk/fastwalk.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// Package fastwalk provides a faster version of filepath.Walk for file system
+// Package fastwalk provides a faster version of [filepath.Walk] for file system
 // scanning tools.
 package fastwalk
 
@@ -23,31 +23,31 @@ var ErrTraverseLink = errors.New("fastwalk: traverse symlink, assuming target is
 // Child directories will still be traversed.
 var ErrSkipFiles = errors.New("fastwalk: skip remaining files in directory")
 
-// Walk is a faster implementation of filepath.Walk.
+// Walk is a faster implementation of [filepath.Walk].
 //
-// filepath.Walk's design necessarily calls os.Lstat on each file,
+// [filepath.Walk]'s design necessarily calls [os.Lstat] on each file,
 // even if the caller needs less info.
 // Many tools need only the type of each file.
 // On some platforms, this information is provided directly by the readdir
 // system call, avoiding the need to stat each file individually.
 // fastwalk_unix.go contains a fork of the syscall routines.
 //
-// See golang.org/issue/16399
+// See golang.org/issue/16399.
 //
 // Walk walks the file tree rooted at root, calling walkFn for
 // each file or directory in the tree, including root.
 //
-// If fastWalk returns filepath.SkipDir, the directory is skipped.
+// If Walk returns [filepath.SkipDir], the directory is skipped.
 //
-// Unlike filepath.Walk:
+// Unlike [filepath.Walk]:
 //   - file stat calls must be done by the user.
 //     The only provided metadata is the file type, which does not include
 //     any permission bits.
 //   - multiple goroutines stat the filesystem concurrently. The provided
 //     walkFn must be safe for concurrent use.
-//   - fastWalk can follow symlinks if walkFn returns the TraverseLink
+//   - Walk can follow symlinks if walkFn returns the TraverseLink
 //     sentinel error. It is the walkFn's responsibility to prevent
-//     fastWalk from going into symlink cycles.
+//     Walk from going into symlink cycles.
 func Walk(root string, walkFn func(path string, typ os.FileMode) error) error {
 	// TODO(bradfitz): make numWorkers configurable? We used a
 	// minimum of 4 to give the kernel more info about multiple
diff --git a/vendor/golang.org/x/tools/internal/fastwalk/fastwalk_portable.go b/vendor/golang.org/x/tools/internal/fastwalk/fastwalk_portable.go
index 085d31160..27e860243 100644
--- a/vendor/golang.org/x/tools/internal/fastwalk/fastwalk_portable.go
+++ b/vendor/golang.org/x/tools/internal/fastwalk/fastwalk_portable.go
@@ -8,7 +8,6 @@
 package fastwalk
 
 import (
-	"io/ioutil"
 	"os"
 )
 
@@ -17,16 +16,20 @@ import (
 // If fn returns a non-nil error, readDir returns with that error
 // immediately.
 func readDir(dirName string, fn func(dirName, entName string, typ os.FileMode) error) error {
-	fis, err := ioutil.ReadDir(dirName)
+	fis, err := os.ReadDir(dirName)
 	if err != nil {
 		return err
 	}
 	skipFiles := false
 	for _, fi := range fis {
-		if fi.Mode().IsRegular() && skipFiles {
+		info, err := fi.Info()
+		if err != nil {
+			return err
+		}
+		if info.Mode().IsRegular() && skipFiles {
 			continue
 		}
-		if err := fn(dirName, fi.Name(), fi.Mode()&os.ModeType); err != nil {
+		if err := fn(dirName, fi.Name(), info.Mode()&os.ModeType); err != nil {
 			if err == ErrSkipFiles {
 				skipFiles = true
 				continue
diff --git a/vendor/golang.org/x/tools/internal/gcimporter/gcimporter.go b/vendor/golang.org/x/tools/internal/gcimporter/gcimporter.go
index b1223713b..2d078ccb1 100644
--- a/vendor/golang.org/x/tools/internal/gcimporter/gcimporter.go
+++ b/vendor/golang.org/x/tools/internal/gcimporter/gcimporter.go
@@ -29,7 +29,6 @@ import (
 	"go/token"
 	"go/types"
 	"io"
-	"io/ioutil"
 	"os"
 	"os/exec"
 	"path/filepath"
@@ -221,7 +220,7 @@ func Import(packages map[string]*types.Package, path, srcDir string, lookup func
 	switch hdr {
 	case "$$B\n":
 		var data []byte
-		data, err = ioutil.ReadAll(buf)
+		data, err = io.ReadAll(buf)
 		if err != nil {
 			break
 		}
diff --git a/vendor/golang.org/x/tools/internal/gcimporter/iexport.go b/vendor/golang.org/x/tools/internal/gcimporter/iexport.go
index 9930d8c36..6103dd710 100644
--- a/vendor/golang.org/x/tools/internal/gcimporter/iexport.go
+++ b/vendor/golang.org/x/tools/internal/gcimporter/iexport.go
@@ -22,17 +22,23 @@ import (
 	"strconv"
 	"strings"
 
+	"golang.org/x/tools/go/types/objectpath"
 	"golang.org/x/tools/internal/tokeninternal"
 	"golang.org/x/tools/internal/typeparams"
 )
 
 // IExportShallow encodes "shallow" export data for the specified package.
 //
-// No promises are made about the encoding other than that it can be
-// decoded by the same version of IIExportShallow. If you plan to save
-// export data in the file system, be sure to include a cryptographic
-// digest of the executable in the key to avoid version skew.
-func IExportShallow(fset *token.FileSet, pkg *types.Package) ([]byte, error) {
+// No promises are made about the encoding other than that it can be decoded by
+// the same version of IIExportShallow. If you plan to save export data in the
+// file system, be sure to include a cryptographic digest of the executable in
+// the key to avoid version skew.
+//
+// If the provided reportf func is non-nil, it will be used for reporting bugs
+// encountered during export.
+// TODO(rfindley): remove reportf when we are confident enough in the new
+// objectpath encoding.
+func IExportShallow(fset *token.FileSet, pkg *types.Package, reportf ReportFunc) ([]byte, error) {
 	// In principle this operation can only fail if out.Write fails,
 	// but that's impossible for bytes.Buffer---and as a matter of
 	// fact iexportCommon doesn't even check for I/O errors.
@@ -47,19 +53,27 @@ func IExportShallow(fset *token.FileSet, pkg *types.Package) ([]byte, error) {
 // IImportShallow decodes "shallow" types.Package data encoded by
 // IExportShallow in the same executable. This function cannot import data from
 // cmd/compile or gcexportdata.Write.
-func IImportShallow(fset *token.FileSet, getPackage GetPackageFunc, data []byte, path string, insert InsertType) (*types.Package, error) {
+//
+// The importer calls getPackages to obtain package symbols for all
+// packages mentioned in the export data, including the one being
+// decoded.
+//
+// If the provided reportf func is non-nil, it will be used for reporting bugs
+// encountered during import.
+// TODO(rfindley): remove reportf when we are confident enough in the new
+// objectpath encoding.
+func IImportShallow(fset *token.FileSet, getPackages GetPackagesFunc, data []byte, path string, reportf ReportFunc) (*types.Package, error) {
 	const bundle = false
-	pkgs, err := iimportCommon(fset, getPackage, data, bundle, path, insert)
+	const shallow = true
+	pkgs, err := iimportCommon(fset, getPackages, data, bundle, path, shallow, reportf)
 	if err != nil {
 		return nil, err
 	}
 	return pkgs[0], nil
 }
 
-// InsertType is the type of a function that creates a types.TypeName
-// object for a named type and inserts it into the scope of the
-// specified Package.
-type InsertType = func(pkg *types.Package, name string)
+// ReportFunc is the type of a function used to report formatted bugs.
+type ReportFunc = func(string, ...interface{})
 
 // Current bundled export format version. Increase with each format change.
 // 0: initial implementation
@@ -313,8 +327,9 @@ type iexporter struct {
 	out     *bytes.Buffer
 	version int
 
-	shallow  bool           // don't put types from other packages in the index
-	localpkg *types.Package // (nil in bundle mode)
+	shallow    bool                // don't put types from other packages in the index
+	objEncoder *objectpath.Encoder // encodes objects from other packages in shallow mode; lazily allocated
+	localpkg   *types.Package      // (nil in bundle mode)
 
 	// allPkgs tracks all packages that have been referenced by
 	// the export data, so we can ensure to include them in the
@@ -354,6 +369,17 @@ func (p *iexporter) trace(format string, args ...interface{}) {
 	fmt.Printf(strings.Repeat("..", p.indent)+format+"\n", args...)
 }
 
+// objectpathEncoder returns the lazily allocated objectpath.Encoder to use
+// when encoding objects in other packages during shallow export.
+//
+// Using a shared Encoder amortizes some of cost of objectpath search.
+func (p *iexporter) objectpathEncoder() *objectpath.Encoder {
+	if p.objEncoder == nil {
+		p.objEncoder = new(objectpath.Encoder)
+	}
+	return p.objEncoder
+}
+
 // stringOff returns the offset of s within the string section.
 // If not already present, it's added to the end.
 func (p *iexporter) stringOff(s string) uint64 {
@@ -413,7 +439,6 @@ type exportWriter struct {
 	p *iexporter
 
 	data       intWriter
-	currPkg    *types.Package
 	prevFile   string
 	prevLine   int64
 	prevColumn int64
@@ -436,7 +461,6 @@ func (p *iexporter) doDecl(obj types.Object) {
 		}()
 	}
 	w := p.newWriter()
-	w.setPkg(obj.Pkg(), false)
 
 	switch obj := obj.(type) {
 	case *types.Var:
@@ -673,6 +697,9 @@ func (w *exportWriter) qualifiedType(obj *types.TypeName) {
 	w.pkg(obj.Pkg())
 }
 
+// TODO(rfindley): what does 'pkg' even mean here? It would be better to pass
+// it in explicitly into signatures and structs that may use it for
+// constructing fields.
 func (w *exportWriter) typ(t types.Type, pkg *types.Package) {
 	w.data.uint64(w.p.typOff(t, pkg))
 }
@@ -764,30 +791,53 @@ func (w *exportWriter) doTyp(t types.Type, pkg *types.Package) {
 
 	case *types.Signature:
 		w.startType(signatureType)
-		w.setPkg(pkg, true)
+		w.pkg(pkg)
 		w.signature(t)
 
 	case *types.Struct:
 		w.startType(structType)
 		n := t.NumFields()
+		// Even for struct{} we must emit some qualifying package, because that's
+		// what the compiler does, and thus that's what the importer expects.
+		fieldPkg := pkg
 		if n > 0 {
-			w.setPkg(t.Field(0).Pkg(), true) // qualifying package for field objects
-		} else {
-			w.setPkg(pkg, true)
+			fieldPkg = t.Field(0).Pkg()
 		}
+		if fieldPkg == nil {
+			// TODO(rfindley): improve this very hacky logic.
+			//
+			// The importer expects a package to be set for all struct types, even
+			// those with no fields. A better encoding might be to set NumFields
+			// before pkg. setPkg panics with a nil package, which may be possible
+			// to reach with invalid packages (and perhaps valid packages, too?), so
+			// (arbitrarily) set the localpkg if available.
+			//
+			// Alternatively, we may be able to simply guarantee that pkg != nil, by
+			// reconsidering the encoding of constant values.
+			if w.p.shallow {
+				fieldPkg = w.p.localpkg
+			} else {
+				panic(internalErrorf("no package to set for empty struct"))
+			}
+		}
+		w.pkg(fieldPkg)
 		w.uint64(uint64(n))
+
 		for i := 0; i < n; i++ {
 			f := t.Field(i)
+			if w.p.shallow {
+				w.objectPath(f)
+			}
 			w.pos(f.Pos())
 			w.string(f.Name()) // unexported fields implicitly qualified by prior setPkg
-			w.typ(f.Type(), pkg)
+			w.typ(f.Type(), fieldPkg)
 			w.bool(f.Anonymous())
 			w.string(t.Tag(i)) // note (or tag)
 		}
 
 	case *types.Interface:
 		w.startType(interfaceType)
-		w.setPkg(pkg, true)
+		w.pkg(pkg)
 
 		n := t.NumEmbeddeds()
 		w.uint64(uint64(n))
@@ -802,10 +852,16 @@ func (w *exportWriter) doTyp(t types.Type, pkg *types.Package) {
 			w.typ(ft, tPkg)
 		}
 
+		// See comment for struct fields. In shallow mode we change the encoding
+		// for interface methods that are promoted from other packages.
+
 		n = t.NumExplicitMethods()
 		w.uint64(uint64(n))
 		for i := 0; i < n; i++ {
 			m := t.ExplicitMethod(i)
+			if w.p.shallow {
+				w.objectPath(m)
+			}
 			w.pos(m.Pos())
 			w.string(m.Name())
 			sig, _ := m.Type().(*types.Signature)
@@ -827,12 +883,61 @@ func (w *exportWriter) doTyp(t types.Type, pkg *types.Package) {
 	}
 }
 
-func (w *exportWriter) setPkg(pkg *types.Package, write bool) {
-	if write {
-		w.pkg(pkg)
+// objectPath writes the package and objectPath to use to look up obj in a
+// different package, when encoding in "shallow" mode.
+//
+// When doing a shallow import, the importer creates only the local package,
+// and requests package symbols for dependencies from the client.
+// However, certain types defined in the local package may hold objects defined
+// (perhaps deeply) within another package.
+//
+// For example, consider the following:
+//
+//	package a
+//	func F() chan * map[string] struct { X int }
+//
+//	package b
+//	import "a"
+//	var B = a.F()
+//
+// In this example, the type of b.B holds fields defined in package a.
+// In order to have the correct canonical objects for the field defined in the
+// type of B, they are encoded as objectPaths and later looked up in the
+// importer. The same problem applies to interface methods.
+func (w *exportWriter) objectPath(obj types.Object) {
+	if obj.Pkg() == nil || obj.Pkg() == w.p.localpkg {
+		// obj.Pkg() may be nil for the builtin error.Error.
+		// In this case, or if obj is declared in the local package, no need to
+		// encode.
+		w.string("")
+		return
 	}
-
-	w.currPkg = pkg
+	objectPath, err := w.p.objectpathEncoder().For(obj)
+	if err != nil {
+		// Fall back to the empty string, which will cause the importer to create a
+		// new object, which matches earlier behavior. Creating a new object is
+		// sufficient for many purposes (such as type checking), but causes certain
+		// references algorithms to fail (golang/go#60819). However, we didn't
+		// notice this problem during months of gopls@v0.12.0 testing.
+		//
+		// TODO(golang/go#61674): this workaround is insufficient, as in the case
+		// where the field forwarded from an instantiated type that may not appear
+		// in the export data of the original package:
+		//
+		//  // package a
+		//  type A[P any] struct{ F P }
+		//
+		//  // package b
+		//  type B a.A[int]
+		//
+		// We need to update references algorithms not to depend on this
+		// de-duplication, at which point we may want to simply remove the
+		// workaround here.
+		w.string("")
+		return
+	}
+	w.string(string(objectPath))
+	w.pkg(obj.Pkg())
 }
 
 func (w *exportWriter) signature(sig *types.Signature) {
@@ -913,6 +1018,17 @@ func (w *exportWriter) value(typ types.Type, v constant.Value) {
 		w.int64(int64(v.Kind()))
 	}
 
+	if v.Kind() == constant.Unknown {
+		// golang/go#60605: treat unknown constant values as if they have invalid type
+		//
+		// This loses some fidelity over the package type-checked from source, but that
+		// is acceptable.
+		//
+		// TODO(rfindley): we should switch on the recorded constant kind rather
+		// than the constant type
+		return
+	}
+
 	switch b := typ.Underlying().(*types.Basic); b.Info() & types.IsConstType {
 	case types.IsBoolean:
 		w.bool(constant.BoolVal(v))
@@ -1194,6 +1310,13 @@ type internalError string
 
 func (e internalError) Error() string { return "gcimporter: " + string(e) }
 
+// TODO(adonovan): make this call panic, so that it's symmetric with errorf.
+// Otherwise it's easy to forget to do anything with the error.
+//
+// TODO(adonovan): also, consider switching the names "errorf" and
+// "internalErrorf" as the former is used for bugs, whose cause is
+// internal inconsistency, whereas the latter is used for ordinary
+// situations like bad input, whose cause is external.
 func internalErrorf(format string, args ...interface{}) error {
 	return internalError(fmt.Sprintf(format, args...))
 }
diff --git a/vendor/golang.org/x/tools/internal/gcimporter/iimport.go b/vendor/golang.org/x/tools/internal/gcimporter/iimport.go
index 94a5eba33..8e64cf644 100644
--- a/vendor/golang.org/x/tools/internal/gcimporter/iimport.go
+++ b/vendor/golang.org/x/tools/internal/gcimporter/iimport.go
@@ -21,6 +21,7 @@ import (
 	"sort"
 	"strings"
 
+	"golang.org/x/tools/go/types/objectpath"
 	"golang.org/x/tools/internal/typeparams"
 )
 
@@ -85,7 +86,7 @@ const (
 // If the export data version is not recognized or the format is otherwise
 // compromised, an error is returned.
 func IImportData(fset *token.FileSet, imports map[string]*types.Package, data []byte, path string) (int, *types.Package, error) {
-	pkgs, err := iimportCommon(fset, GetPackageFromMap(imports), data, false, path, nil)
+	pkgs, err := iimportCommon(fset, GetPackagesFromMap(imports), data, false, path, false, nil)
 	if err != nil {
 		return 0, nil, err
 	}
@@ -94,33 +95,49 @@ func IImportData(fset *token.FileSet, imports map[string]*types.Package, data []
 
 // IImportBundle imports a set of packages from the serialized package bundle.
 func IImportBundle(fset *token.FileSet, imports map[string]*types.Package, data []byte) ([]*types.Package, error) {
-	return iimportCommon(fset, GetPackageFromMap(imports), data, true, "", nil)
+	return iimportCommon(fset, GetPackagesFromMap(imports), data, true, "", false, nil)
 }
 
-// A GetPackageFunc is a function that gets the package with the given path
-// from the importer state, creating it (with the specified name) if necessary.
-// It is an abstraction of the map historically used to memoize package creation.
+// A GetPackagesFunc function obtains the non-nil symbols for a set of
+// packages, creating and recursively importing them as needed. An
+// implementation should store each package symbol is in the Pkg
+// field of the items array.
 //
-// Two calls with the same path must return the same package.
-//
-// If the given getPackage func returns nil, the import will fail.
-type GetPackageFunc = func(path, name string) *types.Package
+// Any error causes importing to fail. This can be used to quickly read
+// the import manifest of an export data file without fully decoding it.
+type GetPackagesFunc = func(items []GetPackagesItem) error
+
+// A GetPackagesItem is a request from the importer for the package
+// symbol of the specified name and path.
+type GetPackagesItem struct {
+	Name, Path string
+	Pkg        *types.Package // to be filled in by GetPackagesFunc call
+
+	// private importer state
+	pathOffset uint64
+	nameIndex  map[string]uint64
+}
 
-// GetPackageFromMap returns a GetPackageFunc that retrieves packages from the
-// given map of package path -> package.
+// GetPackagesFromMap returns a GetPackagesFunc that retrieves
+// packages from the given map of package path to package.
 //
-// The resulting func may mutate m: if a requested package is not found, a new
-// package will be inserted into m.
-func GetPackageFromMap(m map[string]*types.Package) GetPackageFunc {
-	return func(path, name string) *types.Package {
-		if _, ok := m[path]; !ok {
-			m[path] = types.NewPackage(path, name)
+// The returned function may mutate m: each requested package that is not
+// found is created with types.NewPackage and inserted into m.
+func GetPackagesFromMap(m map[string]*types.Package) GetPackagesFunc {
+	return func(items []GetPackagesItem) error {
+		for i, item := range items {
+			pkg, ok := m[item.Path]
+			if !ok {
+				pkg = types.NewPackage(item.Path, item.Name)
+				m[item.Path] = pkg
+			}
+			items[i].Pkg = pkg
 		}
-		return m[path]
+		return nil
 	}
 }
 
-func iimportCommon(fset *token.FileSet, getPackage GetPackageFunc, data []byte, bundle bool, path string, insert InsertType) (pkgs []*types.Package, err error) {
+func iimportCommon(fset *token.FileSet, getPackages GetPackagesFunc, data []byte, bundle bool, path string, shallow bool, reportf ReportFunc) (pkgs []*types.Package, err error) {
 	const currentVersion = iexportVersionCurrent
 	version := int64(-1)
 	if !debug {
@@ -159,7 +176,7 @@ func iimportCommon(fset *token.FileSet, getPackage GetPackageFunc, data []byte,
 	sLen := int64(r.uint64())
 	var fLen int64
 	var fileOffset []uint64
-	if insert != nil {
+	if shallow {
 		// Shallow mode uses a different position encoding.
 		fLen = int64(r.uint64())
 		fileOffset = make([]uint64, r.uint64())
@@ -178,7 +195,8 @@ func iimportCommon(fset *token.FileSet, getPackage GetPackageFunc, data []byte,
 	p := iimporter{
 		version: int(version),
 		ipath:   path,
-		insert:  insert,
+		shallow: shallow,
+		reportf: reportf,
 
 		stringData:  stringData,
 		stringCache: make(map[uint64]string),
@@ -205,8 +223,9 @@ func iimportCommon(fset *token.FileSet, getPackage GetPackageFunc, data []byte,
 		p.typCache[uint64(i)] = pt
 	}
 
-	pkgList := make([]*types.Package, r.uint64())
-	for i := range pkgList {
+	// Gather the relevant packages from the manifest.
+	items := make([]GetPackagesItem, r.uint64())
+	for i := range items {
 		pkgPathOff := r.uint64()
 		pkgPath := p.stringAt(pkgPathOff)
 		pkgName := p.stringAt(r.uint64())
@@ -215,29 +234,42 @@ func iimportCommon(fset *token.FileSet, getPackage GetPackageFunc, data []byte,
 		if pkgPath == "" {
 			pkgPath = path
 		}
-		pkg := getPackage(pkgPath, pkgName)
-		if pkg == nil {
-			errorf("internal error: getPackage returned nil package for %s", pkgPath)
-		} else if pkg.Name() != pkgName {
-			errorf("conflicting names %s and %s for package %q", pkg.Name(), pkgName, path)
-		}
-		if i == 0 && !bundle {
-			p.localpkg = pkg
-		}
-
-		p.pkgCache[pkgPathOff] = pkg
+		items[i].Name = pkgName
+		items[i].Path = pkgPath
+		items[i].pathOffset = pkgPathOff
 
 		// Read index for package.
 		nameIndex := make(map[string]uint64)
 		nSyms := r.uint64()
-		// In shallow mode we don't expect an index for other packages.
-		assert(nSyms == 0 || p.localpkg == pkg || p.insert == nil)
+		// In shallow mode, only the current package (i=0) has an index.
+		assert(!(shallow && i > 0 && nSyms != 0))
 		for ; nSyms > 0; nSyms-- {
 			name := p.stringAt(r.uint64())
 			nameIndex[name] = r.uint64()
 		}
 
-		p.pkgIndex[pkg] = nameIndex
+		items[i].nameIndex = nameIndex
+	}
+
+	// Request packages all at once from the client,
+	// enabling a parallel implementation.
+	if err := getPackages(items); err != nil {
+		return nil, err // don't wrap this error
+	}
+
+	// Check the results and complete the index.
+	pkgList := make([]*types.Package, len(items))
+	for i, item := range items {
+		pkg := item.Pkg
+		if pkg == nil {
+			errorf("internal error: getPackages returned nil package for %q", item.Path)
+		} else if pkg.Path() != item.Path {
+			errorf("internal error: getPackages returned wrong path %q, want %q", pkg.Path(), item.Path)
+		} else if pkg.Name() != item.Name {
+			errorf("internal error: getPackages returned wrong name %s for package %q, want %s", pkg.Name(), item.Path, item.Name)
+		}
+		p.pkgCache[item.pathOffset] = pkg
+		p.pkgIndex[pkg] = item.nameIndex
 		pkgList[i] = pkg
 	}
 
@@ -296,6 +328,13 @@ func iimportCommon(fset *token.FileSet, getPackage GetPackageFunc, data []byte,
 		typ.Complete()
 	}
 
+	// Workaround for golang/go#61561. See the doc for instanceList for details.
+	for _, typ := range p.instanceList {
+		if iface, _ := typ.Underlying().(*types.Interface); iface != nil {
+			iface.Complete()
+		}
+	}
+
 	return pkgs, nil
 }
 
@@ -308,8 +347,8 @@ type iimporter struct {
 	version int
 	ipath   string
 
-	localpkg *types.Package
-	insert   func(pkg *types.Package, name string) // "shallow" mode only
+	shallow bool
+	reportf ReportFunc // if non-nil, used to report bugs
 
 	stringData  []byte
 	stringCache map[uint64]string
@@ -326,6 +365,12 @@ type iimporter struct {
 	fake          fakeFileSet
 	interfaceList []*types.Interface
 
+	// Workaround for the go/types bug golang/go#61561: instances produced during
+	// instantiation may contain incomplete interfaces. Here we only complete the
+	// underlying type of the instance, which is the most common case but doesn't
+	// handle parameterized interface literals defined deeper in the type.
+	instanceList []types.Type // instances for later completion (see golang/go#61561)
+
 	// Arguments for calls to SetConstraint that are deferred due to recursive types
 	later []setConstraintArgs
 
@@ -357,13 +402,9 @@ func (p *iimporter) doDecl(pkg *types.Package, name string) {
 
 	off, ok := p.pkgIndex[pkg][name]
 	if !ok {
-		// In "shallow" mode, call back to the application to
-		// find the object and insert it into the package scope.
-		if p.insert != nil {
-			assert(pkg != p.localpkg)
-			p.insert(pkg, name) // "can't fail"
-			return
-		}
+		// In deep mode, the index should be complete. In shallow
+		// mode, we should have already recursively loaded necessary
+		// dependencies so the above Lookup succeeds.
 		errorf("%v.%v not in index", pkg, name)
 	}
 
@@ -730,7 +771,8 @@ func (r *importReader) qualifiedIdent() (*types.Package, string) {
 }
 
 func (r *importReader) pos() token.Pos {
-	if r.p.insert != nil { // shallow mode
+	if r.p.shallow {
+		// precise offsets are encoded only in shallow mode
 		return r.posv2()
 	}
 	if r.p.version >= iexportVersionPosCol {
@@ -831,13 +873,28 @@ func (r *importReader) doType(base *types.Named) (res types.Type) {
 		fields := make([]*types.Var, r.uint64())
 		tags := make([]string, len(fields))
 		for i := range fields {
+			var field *types.Var
+			if r.p.shallow {
+				field, _ = r.objectPathObject().(*types.Var)
+			}
+
 			fpos := r.pos()
 			fname := r.ident()
 			ftyp := r.typ()
 			emb := r.bool()
 			tag := r.string()
 
-			fields[i] = types.NewField(fpos, r.currPkg, fname, ftyp, emb)
+			// Either this is not a shallow import, the field is local, or the
+			// encoded objectPath failed to produce an object (a bug).
+			//
+			// Even in this last, buggy case, fall back on creating a new field. As
+			// discussed in iexport.go, this is not correct, but mostly works and is
+			// preferable to failing (for now at least).
+			if field == nil {
+				field = types.NewField(fpos, r.currPkg, fname, ftyp, emb)
+			}
+
+			fields[i] = field
 			tags[i] = tag
 		}
 		return types.NewStruct(fields, tags)
@@ -853,6 +910,11 @@ func (r *importReader) doType(base *types.Named) (res types.Type) {
 
 		methods := make([]*types.Func, r.uint64())
 		for i := range methods {
+			var method *types.Func
+			if r.p.shallow {
+				method, _ = r.objectPathObject().(*types.Func)
+			}
+
 			mpos := r.pos()
 			mname := r.ident()
 
@@ -862,9 +924,12 @@ func (r *importReader) doType(base *types.Named) (res types.Type) {
 			if base != nil {
 				recv = types.NewVar(token.NoPos, r.currPkg, "", base)
 			}
-
 			msig := r.signature(recv, nil, nil)
-			methods[i] = types.NewFunc(mpos, r.currPkg, mname, msig)
+
+			if method == nil {
+				method = types.NewFunc(mpos, r.currPkg, mname, msig)
+			}
+			methods[i] = method
 		}
 
 		typ := newInterface(methods, embeddeds)
@@ -902,6 +967,9 @@ func (r *importReader) doType(base *types.Named) (res types.Type) {
 		// we must always use the methods of the base (orig) type.
 		// TODO provide a non-nil *Environment
 		t, _ := typeparams.Instantiate(nil, baseType, targs, false)
+
+		// Workaround for golang/go#61561. See the doc for instanceList for details.
+		r.p.instanceList = append(r.p.instanceList, t)
 		return t
 
 	case unionType:
@@ -920,6 +988,26 @@ func (r *importReader) kind() itag {
 	return itag(r.uint64())
 }
 
+// objectPathObject is the inverse of exportWriter.objectPath.
+//
+// In shallow mode, certain fields and methods may need to be looked up in an
+// imported package. See the doc for exportWriter.objectPath for a full
+// explanation.
+func (r *importReader) objectPathObject() types.Object {
+	objPath := objectpath.Path(r.string())
+	if objPath == "" {
+		return nil
+	}
+	pkg := r.pkg()
+	obj, err := objectpath.Object(pkg, objPath)
+	if err != nil {
+		if r.p.reportf != nil {
+			r.p.reportf("failed to find object for objectPath %q: %v", objPath, err)
+		}
+	}
+	return obj
+}
+
 func (r *importReader) signature(recv *types.Var, rparams []*typeparams.TypeParam, tparams []*typeparams.TypeParam) *types.Signature {
 	params := r.paramList()
 	results := r.paramList()
diff --git a/vendor/golang.org/x/tools/internal/gocommand/invoke.go b/vendor/golang.org/x/tools/internal/gocommand/invoke.go
index 8d9fc98d8..53cf66da0 100644
--- a/vendor/golang.org/x/tools/internal/gocommand/invoke.go
+++ b/vendor/golang.org/x/tools/internal/gocommand/invoke.go
@@ -319,7 +319,7 @@ func runCmdContext(ctx context.Context, cmd *exec.Cmd) (err error) {
 					// Per https://pkg.go.dev/os#File.Close, the call to stdoutR.Close
 					// should cause the Read call in io.Copy to unblock and return
 					// immediately, but we still need to receive from stdoutErr to confirm
-					// that that has happened.
+					// that it has happened.
 					<-stdoutErr
 					err2 = ctx.Err()
 				}
@@ -333,7 +333,7 @@ func runCmdContext(ctx context.Context, cmd *exec.Cmd) (err error) {
 			// one goroutine at a time will call Write.”
 			//
 			// Since we're starting a goroutine that writes to cmd.Stdout, we must
-			// also update cmd.Stderr so that that still holds.
+			// also update cmd.Stderr so that it still holds.
 			func() {
 				defer func() { recover() }()
 				if cmd.Stderr == prevStdout {
diff --git a/vendor/golang.org/x/tools/internal/gopathwalk/walk.go b/vendor/golang.org/x/tools/internal/gopathwalk/walk.go
index 168405322..452e342c5 100644
--- a/vendor/golang.org/x/tools/internal/gopathwalk/walk.go
+++ b/vendor/golang.org/x/tools/internal/gopathwalk/walk.go
@@ -9,8 +9,6 @@ package gopathwalk
 import (
 	"bufio"
 	"bytes"
-	"fmt"
-	"io/ioutil"
 	"log"
 	"os"
 	"path/filepath"
@@ -78,7 +76,7 @@ func walkDir(root Root, add func(Root, string), skip func(root Root, dir string)
 	}
 	start := time.Now()
 	if opts.Logf != nil {
-		opts.Logf("gopathwalk: scanning %s", root.Path)
+		opts.Logf("scanning %s", root.Path)
 	}
 	w := &walker{
 		root: root,
@@ -88,11 +86,15 @@ func walkDir(root Root, add func(Root, string), skip func(root Root, dir string)
 	}
 	w.init()
 	if err := fastwalk.Walk(root.Path, w.walk); err != nil {
-		log.Printf("gopathwalk: scanning directory %v: %v", root.Path, err)
+		logf := opts.Logf
+		if logf == nil {
+			logf = log.Printf
+		}
+		logf("scanning directory %v: %v", root.Path, err)
 	}
 
 	if opts.Logf != nil {
-		opts.Logf("gopathwalk: scanned %s in %v", root.Path, time.Since(start))
+		opts.Logf("scanned %s in %v", root.Path, time.Since(start))
 	}
 }
 
@@ -135,7 +137,7 @@ func (w *walker) init() {
 // The provided path is one of the $GOPATH entries with "src" appended.
 func (w *walker) getIgnoredDirs(path string) []string {
 	file := filepath.Join(path, ".goimportsignore")
-	slurp, err := ioutil.ReadFile(file)
+	slurp, err := os.ReadFile(file)
 	if w.opts.Logf != nil {
 		if err != nil {
 			w.opts.Logf("%v", err)
@@ -222,7 +224,11 @@ func (w *walker) walk(path string, typ os.FileMode) error {
 func (w *walker) shouldTraverse(path string) bool {
 	ts, err := os.Stat(path)
 	if err != nil {
-		fmt.Fprintln(os.Stderr, err)
+		logf := w.opts.Logf
+		if logf == nil {
+			logf = log.Printf
+		}
+		logf("%v", err)
 		return false
 	}
 	if !ts.IsDir() {
diff --git a/vendor/golang.org/x/tools/internal/imports/fix.go b/vendor/golang.org/x/tools/internal/imports/fix.go
index d4f1b4e8a..01e8ba5fa 100644
--- a/vendor/golang.org/x/tools/internal/imports/fix.go
+++ b/vendor/golang.org/x/tools/internal/imports/fix.go
@@ -13,6 +13,7 @@ import (
 	"go/build"
 	"go/parser"
 	"go/token"
+	"io/fs"
 	"io/ioutil"
 	"os"
 	"path"
@@ -107,7 +108,7 @@ func parseOtherFiles(fset *token.FileSet, srcDir, filename string) []*ast.File {
 	considerTests := strings.HasSuffix(filename, "_test.go")
 
 	fileBase := filepath.Base(filename)
-	packageFileInfos, err := ioutil.ReadDir(srcDir)
+	packageFileInfos, err := os.ReadDir(srcDir)
 	if err != nil {
 		return nil
 	}
@@ -1469,11 +1470,11 @@ func VendorlessPath(ipath string) string {
 
 func loadExportsFromFiles(ctx context.Context, env *ProcessEnv, dir string, includeTest bool) (string, []string, error) {
 	// Look for non-test, buildable .go files which could provide exports.
-	all, err := ioutil.ReadDir(dir)
+	all, err := os.ReadDir(dir)
 	if err != nil {
 		return "", nil, err
 	}
-	var files []os.FileInfo
+	var files []fs.DirEntry
 	for _, fi := range all {
 		name := fi.Name()
 		if !strings.HasSuffix(name, ".go") || (!includeTest && strings.HasSuffix(name, "_test.go")) {
diff --git a/vendor/golang.org/x/tools/internal/imports/mod.go b/vendor/golang.org/x/tools/internal/imports/mod.go
index 1389d38b2..5f4d435d3 100644
--- a/vendor/golang.org/x/tools/internal/imports/mod.go
+++ b/vendor/golang.org/x/tools/internal/imports/mod.go
@@ -9,7 +9,6 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
 	"os"
 	"path"
 	"path/filepath"
@@ -38,7 +37,7 @@ type ModuleResolver struct {
 	mains         []*gocommand.ModuleJSON
 	mainByDir     map[string]*gocommand.ModuleJSON
 	modsByModPath []*gocommand.ModuleJSON // All modules, ordered by # of path components in module Path...
-	modsByDir     []*gocommand.ModuleJSON // ...or Dir.
+	modsByDir     []*gocommand.ModuleJSON // ...or number of path components in their Dir.
 
 	// moduleCacheCache stores information about the module cache.
 	moduleCacheCache *dirInfoCache
@@ -124,7 +123,7 @@ func (r *ModuleResolver) init() error {
 	})
 	sort.Slice(r.modsByDir, func(i, j int) bool {
 		count := func(x int) int {
-			return strings.Count(r.modsByDir[x].Dir, "/")
+			return strings.Count(r.modsByDir[x].Dir, string(filepath.Separator))
 		}
 		return count(j) < count(i) // descending order
 	})
@@ -265,7 +264,7 @@ func (r *ModuleResolver) findPackage(importPath string) (*gocommand.ModuleJSON,
 		}
 
 		// Not cached. Read the filesystem.
-		pkgFiles, err := ioutil.ReadDir(pkgDir)
+		pkgFiles, err := os.ReadDir(pkgDir)
 		if err != nil {
 			continue
 		}
@@ -328,6 +327,10 @@ func (r *ModuleResolver) findModuleByDir(dir string) *gocommand.ModuleJSON {
 	// - in /vendor/ in -mod=vendor mode.
 	//    - nested module? Dunno.
 	// Rumor has it that replace targets cannot contain other replace targets.
+	//
+	// Note that it is critical here that modsByDir is sorted to have deeper dirs
+	// first. This ensures that findModuleByDir finds the innermost module.
+	// See also golang/go#56291.
 	for _, m := range r.modsByDir {
 		if !strings.HasPrefix(dir, m.Dir) {
 			continue
@@ -366,7 +369,7 @@ func (r *ModuleResolver) dirIsNestedModule(dir string, mod *gocommand.ModuleJSON
 
 func (r *ModuleResolver) modInfo(dir string) (modDir string, modName string) {
 	readModName := func(modFile string) string {
-		modBytes, err := ioutil.ReadFile(modFile)
+		modBytes, err := os.ReadFile(modFile)
 		if err != nil {
 			return ""
 		}
diff --git a/vendor/golang.org/x/tools/internal/imports/mod_cache.go b/vendor/golang.org/x/tools/internal/imports/mod_cache.go
index 18dada495..45690abbb 100644
--- a/vendor/golang.org/x/tools/internal/imports/mod_cache.go
+++ b/vendor/golang.org/x/tools/internal/imports/mod_cache.go
@@ -12,7 +12,7 @@ import (
 	"golang.org/x/tools/internal/gopathwalk"
 )
 
-// To find packages to import, the resolver needs to know about all of the
+// To find packages to import, the resolver needs to know about all of
 // the packages that could be imported. This includes packages that are
 // already in modules that are in (1) the current module, (2) replace targets,
 // and (3) packages in the module cache. Packages in (1) and (2) may change over
diff --git a/vendor/golang.org/x/tools/internal/imports/zstdlib.go b/vendor/golang.org/x/tools/internal/imports/zstdlib.go
index 31a75949c..9f992c2be 100644
--- a/vendor/golang.org/x/tools/internal/imports/zstdlib.go
+++ b/vendor/golang.org/x/tools/internal/imports/zstdlib.go
@@ -93,6 +93,7 @@ var stdlib = map[string][]string{
 		"Compare",
 		"Contains",
 		"ContainsAny",
+		"ContainsFunc",
 		"ContainsRune",
 		"Count",
 		"Cut",
@@ -147,6 +148,11 @@ var stdlib = map[string][]string{
 		"TrimSpace",
 		"TrimSuffix",
 	},
+	"cmp": {
+		"Compare",
+		"Less",
+		"Ordered",
+	},
 	"compress/bzip2": {
 		"NewReader",
 		"StructuralError",
@@ -228,6 +234,7 @@ var stdlib = map[string][]string{
 		"Ring",
 	},
 	"context": {
+		"AfterFunc",
 		"Background",
 		"CancelCauseFunc",
 		"CancelFunc",
@@ -239,8 +246,11 @@ var stdlib = map[string][]string{
 		"WithCancel",
 		"WithCancelCause",
 		"WithDeadline",
+		"WithDeadlineCause",
 		"WithTimeout",
+		"WithTimeoutCause",
 		"WithValue",
+		"WithoutCancel",
 	},
 	"crypto": {
 		"BLAKE2b_256",
@@ -445,6 +455,7 @@ var stdlib = map[string][]string{
 		"XORBytes",
 	},
 	"crypto/tls": {
+		"AlertError",
 		"Certificate",
 		"CertificateRequestInfo",
 		"CertificateVerificationError",
@@ -476,6 +487,7 @@ var stdlib = map[string][]string{
 		"LoadX509KeyPair",
 		"NewLRUClientSessionCache",
 		"NewListener",
+		"NewResumptionState",
 		"NoClientCert",
 		"PKCS1WithSHA1",
 		"PKCS1WithSHA256",
@@ -484,6 +496,27 @@ var stdlib = map[string][]string{
 		"PSSWithSHA256",
 		"PSSWithSHA384",
 		"PSSWithSHA512",
+		"ParseSessionState",
+		"QUICClient",
+		"QUICConfig",
+		"QUICConn",
+		"QUICEncryptionLevel",
+		"QUICEncryptionLevelApplication",
+		"QUICEncryptionLevelEarly",
+		"QUICEncryptionLevelHandshake",
+		"QUICEncryptionLevelInitial",
+		"QUICEvent",
+		"QUICEventKind",
+		"QUICHandshakeDone",
+		"QUICNoEvent",
+		"QUICRejectedEarlyData",
+		"QUICServer",
+		"QUICSessionTicketOptions",
+		"QUICSetReadSecret",
+		"QUICSetWriteSecret",
+		"QUICTransportParameters",
+		"QUICTransportParametersRequired",
+		"QUICWriteData",
 		"RecordHeaderError",
 		"RenegotiateFreelyAsClient",
 		"RenegotiateNever",
@@ -493,6 +526,7 @@ var stdlib = map[string][]string{
 		"RequireAndVerifyClientCert",
 		"RequireAnyClientCert",
 		"Server",
+		"SessionState",
 		"SignatureScheme",
 		"TLS_AES_128_GCM_SHA256",
 		"TLS_AES_256_GCM_SHA384",
@@ -523,6 +557,7 @@ var stdlib = map[string][]string{
 		"TLS_RSA_WITH_AES_256_GCM_SHA384",
 		"TLS_RSA_WITH_RC4_128_SHA",
 		"VerifyClientCertIfGiven",
+		"VersionName",
 		"VersionSSL30",
 		"VersionTLS10",
 		"VersionTLS11",
@@ -618,6 +653,7 @@ var stdlib = map[string][]string{
 		"PureEd25519",
 		"RSA",
 		"RevocationList",
+		"RevocationListEntry",
 		"SHA1WithRSA",
 		"SHA256WithRSA",
 		"SHA256WithRSAPSS",
@@ -1002,10 +1038,42 @@ var stdlib = map[string][]string{
 		"COMPRESS_LOOS",
 		"COMPRESS_LOPROC",
 		"COMPRESS_ZLIB",
+		"COMPRESS_ZSTD",
 		"Chdr32",
 		"Chdr64",
 		"Class",
 		"CompressionType",
+		"DF_1_CONFALT",
+		"DF_1_DIRECT",
+		"DF_1_DISPRELDNE",
+		"DF_1_DISPRELPND",
+		"DF_1_EDITED",
+		"DF_1_ENDFILTEE",
+		"DF_1_GLOBAL",
+		"DF_1_GLOBAUDIT",
+		"DF_1_GROUP",
+		"DF_1_IGNMULDEF",
+		"DF_1_INITFIRST",
+		"DF_1_INTERPOSE",
+		"DF_1_KMOD",
+		"DF_1_LOADFLTR",
+		"DF_1_NOCOMMON",
+		"DF_1_NODEFLIB",
+		"DF_1_NODELETE",
+		"DF_1_NODIRECT",
+		"DF_1_NODUMP",
+		"DF_1_NOHDR",
+		"DF_1_NOKSYMS",
+		"DF_1_NOOPEN",
+		"DF_1_NORELOC",
+		"DF_1_NOW",
+		"DF_1_ORIGIN",
+		"DF_1_PIE",
+		"DF_1_SINGLETON",
+		"DF_1_STUB",
+		"DF_1_SYMINTPOSE",
+		"DF_1_TRANS",
+		"DF_1_WEAKFILTER",
 		"DF_BIND_NOW",
 		"DF_ORIGIN",
 		"DF_STATIC_TLS",
@@ -1144,6 +1212,7 @@ var stdlib = map[string][]string{
 		"Dyn32",
 		"Dyn64",
 		"DynFlag",
+		"DynFlag1",
 		"DynTag",
 		"EI_ABIVERSION",
 		"EI_CLASS",
@@ -2111,6 +2180,7 @@ var stdlib = map[string][]string{
 		"R_PPC64_REL16_LO",
 		"R_PPC64_REL24",
 		"R_PPC64_REL24_NOTOC",
+		"R_PPC64_REL24_P9NOTOC",
 		"R_PPC64_REL30",
 		"R_PPC64_REL32",
 		"R_PPC64_REL64",
@@ -2848,6 +2918,7 @@ var stdlib = map[string][]string{
 		"MaxVarintLen16",
 		"MaxVarintLen32",
 		"MaxVarintLen64",
+		"NativeEndian",
 		"PutUvarint",
 		"PutVarint",
 		"Read",
@@ -2963,6 +3034,7 @@ var stdlib = map[string][]string{
 	},
 	"errors": {
 		"As",
+		"ErrUnsupported",
 		"Is",
 		"Join",
 		"New",
@@ -2989,6 +3061,7 @@ var stdlib = map[string][]string{
 		"Arg",
 		"Args",
 		"Bool",
+		"BoolFunc",
 		"BoolVar",
 		"CommandLine",
 		"ContinueOnError",
@@ -3119,6 +3192,7 @@ var stdlib = map[string][]string{
 		"Inspect",
 		"InterfaceType",
 		"IsExported",
+		"IsGenerated",
 		"KeyValueExpr",
 		"LabeledStmt",
 		"Lbl",
@@ -3169,6 +3243,7 @@ var stdlib = map[string][]string{
 		"ArchChar",
 		"Context",
 		"Default",
+		"Directive",
 		"FindOnly",
 		"IgnoreVendor",
 		"Import",
@@ -3184,6 +3259,7 @@ var stdlib = map[string][]string{
 	"go/build/constraint": {
 		"AndExpr",
 		"Expr",
+		"GoVersion",
 		"IsGoBuild",
 		"IsPlusBuild",
 		"NotExpr",
@@ -3626,6 +3702,7 @@ var stdlib = map[string][]string{
 		"ErrBadHTML",
 		"ErrBranchEnd",
 		"ErrEndContext",
+		"ErrJSTemplate",
 		"ErrNoSuchTemplate",
 		"ErrOutputContext",
 		"ErrPartialCharset",
@@ -3870,6 +3947,8 @@ var stdlib = map[string][]string{
 		"FileInfo",
 		"FileInfoToDirEntry",
 		"FileMode",
+		"FormatDirEntry",
+		"FormatFileInfo",
 		"Glob",
 		"GlobFS",
 		"ModeAppend",
@@ -3942,6 +4021,78 @@ var stdlib = map[string][]string{
 		"SetPrefix",
 		"Writer",
 	},
+	"log/slog": {
+		"Any",
+		"AnyValue",
+		"Attr",
+		"Bool",
+		"BoolValue",
+		"Debug",
+		"DebugContext",
+		"Default",
+		"Duration",
+		"DurationValue",
+		"Error",
+		"ErrorContext",
+		"Float64",
+		"Float64Value",
+		"Group",
+		"GroupValue",
+		"Handler",
+		"HandlerOptions",
+		"Info",
+		"InfoContext",
+		"Int",
+		"Int64",
+		"Int64Value",
+		"IntValue",
+		"JSONHandler",
+		"Kind",
+		"KindAny",
+		"KindBool",
+		"KindDuration",
+		"KindFloat64",
+		"KindGroup",
+		"KindInt64",
+		"KindLogValuer",
+		"KindString",
+		"KindTime",
+		"KindUint64",
+		"Level",
+		"LevelDebug",
+		"LevelError",
+		"LevelInfo",
+		"LevelKey",
+		"LevelVar",
+		"LevelWarn",
+		"Leveler",
+		"Log",
+		"LogAttrs",
+		"LogValuer",
+		"Logger",
+		"MessageKey",
+		"New",
+		"NewJSONHandler",
+		"NewLogLogger",
+		"NewRecord",
+		"NewTextHandler",
+		"Record",
+		"SetDefault",
+		"Source",
+		"SourceKey",
+		"String",
+		"StringValue",
+		"TextHandler",
+		"Time",
+		"TimeKey",
+		"TimeValue",
+		"Uint64",
+		"Uint64Value",
+		"Value",
+		"Warn",
+		"WarnContext",
+		"With",
+	},
 	"log/syslog": {
 		"Dial",
 		"LOG_ALERT",
@@ -3977,6 +4128,13 @@ var stdlib = map[string][]string{
 		"Priority",
 		"Writer",
 	},
+	"maps": {
+		"Clone",
+		"Copy",
+		"DeleteFunc",
+		"Equal",
+		"EqualFunc",
+	},
 	"math": {
 		"Abs",
 		"Acos",
@@ -4371,6 +4529,7 @@ var stdlib = map[string][]string{
 		"ErrNoLocation",
 		"ErrNotMultipart",
 		"ErrNotSupported",
+		"ErrSchemeMismatch",
 		"ErrServerClosed",
 		"ErrShortBody",
 		"ErrSkipAltProtocol",
@@ -5084,6 +5243,8 @@ var stdlib = map[string][]string{
 		"NumCPU",
 		"NumCgoCall",
 		"NumGoroutine",
+		"PanicNilError",
+		"Pinner",
 		"ReadMemStats",
 		"ReadTrace",
 		"SetBlockProfileRate",
@@ -5172,6 +5333,37 @@ var stdlib = map[string][]string{
 		"Task",
 		"WithRegion",
 	},
+	"slices": {
+		"BinarySearch",
+		"BinarySearchFunc",
+		"Clip",
+		"Clone",
+		"Compact",
+		"CompactFunc",
+		"Compare",
+		"CompareFunc",
+		"Contains",
+		"ContainsFunc",
+		"Delete",
+		"DeleteFunc",
+		"Equal",
+		"EqualFunc",
+		"Grow",
+		"Index",
+		"IndexFunc",
+		"Insert",
+		"IsSorted",
+		"IsSortedFunc",
+		"Max",
+		"MaxFunc",
+		"Min",
+		"MinFunc",
+		"Replace",
+		"Reverse",
+		"Sort",
+		"SortFunc",
+		"SortStableFunc",
+	},
 	"sort": {
 		"Find",
 		"Float64Slice",
@@ -5242,6 +5434,7 @@ var stdlib = map[string][]string{
 		"Compare",
 		"Contains",
 		"ContainsAny",
+		"ContainsFunc",
 		"ContainsRune",
 		"Count",
 		"Cut",
@@ -5299,6 +5492,9 @@ var stdlib = map[string][]string{
 		"Mutex",
 		"NewCond",
 		"Once",
+		"OnceFunc",
+		"OnceValue",
+		"OnceValues",
 		"Pool",
 		"RWMutex",
 		"WaitGroup",
@@ -9135,10 +9331,12 @@ var stdlib = map[string][]string{
 		"SYS_AIO_CANCEL",
 		"SYS_AIO_ERROR",
 		"SYS_AIO_FSYNC",
+		"SYS_AIO_MLOCK",
 		"SYS_AIO_READ",
 		"SYS_AIO_RETURN",
 		"SYS_AIO_SUSPEND",
 		"SYS_AIO_SUSPEND_NOCANCEL",
+		"SYS_AIO_WAITCOMPLETE",
 		"SYS_AIO_WRITE",
 		"SYS_ALARM",
 		"SYS_ARCH_PRCTL",
@@ -9368,6 +9566,7 @@ var stdlib = map[string][]string{
 		"SYS_GET_MEMPOLICY",
 		"SYS_GET_ROBUST_LIST",
 		"SYS_GET_THREAD_AREA",
+		"SYS_GSSD_SYSCALL",
 		"SYS_GTTY",
 		"SYS_IDENTITYSVC",
 		"SYS_IDLE",
@@ -9411,8 +9610,24 @@ var stdlib = map[string][]string{
 		"SYS_KLDSYM",
 		"SYS_KLDUNLOAD",
 		"SYS_KLDUNLOADF",
+		"SYS_KMQ_NOTIFY",
+		"SYS_KMQ_OPEN",
+		"SYS_KMQ_SETATTR",
+		"SYS_KMQ_TIMEDRECEIVE",
+		"SYS_KMQ_TIMEDSEND",
+		"SYS_KMQ_UNLINK",
 		"SYS_KQUEUE",
 		"SYS_KQUEUE1",
+		"SYS_KSEM_CLOSE",
+		"SYS_KSEM_DESTROY",
+		"SYS_KSEM_GETVALUE",
+		"SYS_KSEM_INIT",
+		"SYS_KSEM_OPEN",
+		"SYS_KSEM_POST",
+		"SYS_KSEM_TIMEDWAIT",
+		"SYS_KSEM_TRYWAIT",
+		"SYS_KSEM_UNLINK",
+		"SYS_KSEM_WAIT",
 		"SYS_KTIMER_CREATE",
 		"SYS_KTIMER_DELETE",
 		"SYS_KTIMER_GETOVERRUN",
@@ -9504,11 +9719,14 @@ var stdlib = map[string][]string{
 		"SYS_NFSSVC",
 		"SYS_NFSTAT",
 		"SYS_NICE",
+		"SYS_NLM_SYSCALL",
 		"SYS_NLSTAT",
 		"SYS_NMOUNT",
 		"SYS_NSTAT",
 		"SYS_NTP_ADJTIME",
 		"SYS_NTP_GETTIME",
+		"SYS_NUMA_GETAFFINITY",
+		"SYS_NUMA_SETAFFINITY",
 		"SYS_OABI_SYSCALL_BASE",
 		"SYS_OBREAK",
 		"SYS_OLDFSTAT",
@@ -9891,6 +10109,7 @@ var stdlib = map[string][]string{
 		"SYS___ACL_SET_FD",
 		"SYS___ACL_SET_FILE",
 		"SYS___ACL_SET_LINK",
+		"SYS___CAP_RIGHTS_GET",
 		"SYS___CLONE",
 		"SYS___DISABLE_THREADSIGNAL",
 		"SYS___GETCWD",
@@ -10574,6 +10793,7 @@ var stdlib = map[string][]string{
 		"Short",
 		"T",
 		"TB",
+		"Testing",
 		"Verbose",
 	},
 	"testing/fstest": {
@@ -10603,6 +10823,9 @@ var stdlib = map[string][]string{
 		"SetupError",
 		"Value",
 	},
+	"testing/slogtest": {
+		"TestHandler",
+	},
 	"text/scanner": {
 		"Char",
 		"Comment",
@@ -10826,6 +11049,7 @@ var stdlib = map[string][]string{
 		"Cs",
 		"Cuneiform",
 		"Cypriot",
+		"Cypro_Minoan",
 		"Cyrillic",
 		"Dash",
 		"Deprecated",
@@ -10889,6 +11113,7 @@ var stdlib = map[string][]string{
 		"Kaithi",
 		"Kannada",
 		"Katakana",
+		"Kawi",
 		"Kayah_Li",
 		"Kharoshthi",
 		"Khitan_Small_Script",
@@ -10943,6 +11168,7 @@ var stdlib = map[string][]string{
 		"Myanmar",
 		"N",
 		"Nabataean",
+		"Nag_Mundari",
 		"Nandinagari",
 		"Nd",
 		"New_Tai_Lue",
@@ -10964,6 +11190,7 @@ var stdlib = map[string][]string{
 		"Old_Sogdian",
 		"Old_South_Arabian",
 		"Old_Turkic",
+		"Old_Uyghur",
 		"Oriya",
 		"Osage",
 		"Osmanya",
@@ -11038,6 +11265,7 @@ var stdlib = map[string][]string{
 		"Tai_Viet",
 		"Takri",
 		"Tamil",
+		"Tangsa",
 		"Tangut",
 		"Telugu",
 		"Terminal_Punctuation",
@@ -11052,6 +11280,7 @@ var stdlib = map[string][]string{
 		"ToLower",
 		"ToTitle",
 		"ToUpper",
+		"Toto",
 		"TurkishCase",
 		"Ugaritic",
 		"Unified_Ideograph",
@@ -11061,6 +11290,7 @@ var stdlib = map[string][]string{
 		"Vai",
 		"Variation_Selector",
 		"Version",
+		"Vithkuqi",
 		"Wancho",
 		"Warang_Citi",
 		"White_Space",
diff --git a/vendor/golang.org/x/tools/internal/typeparams/common.go b/vendor/golang.org/x/tools/internal/typeparams/common.go
index cfba8189f..d0d0649fe 100644
--- a/vendor/golang.org/x/tools/internal/typeparams/common.go
+++ b/vendor/golang.org/x/tools/internal/typeparams/common.go
@@ -23,6 +23,7 @@
 package typeparams
 
 import (
+	"fmt"
 	"go/ast"
 	"go/token"
 	"go/types"
@@ -105,6 +106,31 @@ func OriginMethod(fn *types.Func) *types.Func {
 	}
 	orig := NamedTypeOrigin(named)
 	gfn, _, _ := types.LookupFieldOrMethod(orig, true, fn.Pkg(), fn.Name())
+
+	// This is a fix for a gopls crash (#60628) due to a go/types bug (#60634). In:
+	// 	package p
+	//      type T *int
+	//      func (*T) f() {}
+	// LookupFieldOrMethod(T, true, p, f)=nil, but NewMethodSet(*T)={(*T).f}.
+	// Here we make them consistent by force.
+	// (The go/types bug is general, but this workaround is reached only
+	// for generic T thanks to the early return above.)
+	if gfn == nil {
+		mset := types.NewMethodSet(types.NewPointer(orig))
+		for i := 0; i < mset.Len(); i++ {
+			m := mset.At(i)
+			if m.Obj().Id() == fn.Id() {
+				gfn = m.Obj()
+				break
+			}
+		}
+	}
+
+	// In golang/go#61196, we observe another crash, this time inexplicable.
+	if gfn == nil {
+		panic(fmt.Sprintf("missing origin method for %s.%s; named == origin: %t, named.NumMethods(): %d, origin.NumMethods(): %d", named, fn, named == orig, named.NumMethods(), orig.NumMethods()))
+	}
+
 	return gfn.(*types.Func)
 }
 
diff --git a/vendor/golang.org/x/tools/internal/typeparams/coretype.go b/vendor/golang.org/x/tools/internal/typeparams/coretype.go
index 993135ec9..71248209e 100644
--- a/vendor/golang.org/x/tools/internal/typeparams/coretype.go
+++ b/vendor/golang.org/x/tools/internal/typeparams/coretype.go
@@ -81,13 +81,13 @@ func CoreType(T types.Type) types.Type {
 // restrictions may be arbitrarily complex. For example, consider the
 // following:
 //
-//  type A interface{ ~string|~[]byte }
+//	type A interface{ ~string|~[]byte }
 //
-//  type B interface{ int|string }
+//	type B interface{ int|string }
 //
-//  type C interface { ~string|~int }
+//	type C interface { ~string|~int }
 //
-//  type T[P interface{ A|B; C }] int
+//	type T[P interface{ A|B; C }] int
 //
 // In this example, the structural type restriction of P is ~string|int: A|B
 // expands to ~string|~[]byte|int|string, which reduces to ~string|~[]byte|int,
diff --git a/vendor/golang.org/x/tools/internal/typeparams/termlist.go b/vendor/golang.org/x/tools/internal/typeparams/termlist.go
index 933106a23..cbd12f801 100644
--- a/vendor/golang.org/x/tools/internal/typeparams/termlist.go
+++ b/vendor/golang.org/x/tools/internal/typeparams/termlist.go
@@ -30,7 +30,7 @@ func (xl termlist) String() string {
 	var buf bytes.Buffer
 	for i, x := range xl {
 		if i > 0 {
-			buf.WriteString(" ∪ ")
+			buf.WriteString(" | ")
 		}
 		buf.WriteString(x.String())
 	}
diff --git a/vendor/golang.org/x/tools/internal/typeparams/typeparams_go117.go b/vendor/golang.org/x/tools/internal/typeparams/typeparams_go117.go
index b4788978f..7ed86e171 100644
--- a/vendor/golang.org/x/tools/internal/typeparams/typeparams_go117.go
+++ b/vendor/golang.org/x/tools/internal/typeparams/typeparams_go117.go
@@ -129,7 +129,7 @@ func NamedTypeArgs(*types.Named) *TypeList {
 }
 
 // NamedTypeOrigin is the identity method at this Go version.
-func NamedTypeOrigin(named *types.Named) types.Type {
+func NamedTypeOrigin(named *types.Named) *types.Named {
 	return named
 }
 
diff --git a/vendor/golang.org/x/tools/internal/typeparams/typeparams_go118.go b/vendor/golang.org/x/tools/internal/typeparams/typeparams_go118.go
index 114a36b86..cf301af1d 100644
--- a/vendor/golang.org/x/tools/internal/typeparams/typeparams_go118.go
+++ b/vendor/golang.org/x/tools/internal/typeparams/typeparams_go118.go
@@ -103,7 +103,7 @@ func NamedTypeArgs(named *types.Named) *TypeList {
 }
 
 // NamedTypeOrigin returns named.Orig().
-func NamedTypeOrigin(named *types.Named) types.Type {
+func NamedTypeOrigin(named *types.Named) *types.Named {
 	return named.Origin()
 }
 
diff --git a/vendor/golang.org/x/tools/internal/typeparams/typeterm.go b/vendor/golang.org/x/tools/internal/typeparams/typeterm.go
index 7ddee28d9..7350bb702 100644
--- a/vendor/golang.org/x/tools/internal/typeparams/typeterm.go
+++ b/vendor/golang.org/x/tools/internal/typeparams/typeterm.go
@@ -10,11 +10,10 @@ import "go/types"
 
 // A term describes elementary type sets:
 //
-//   ∅:  (*term)(nil)     == ∅                      // set of no types (empty set)
-//   𝓤:  &term{}          == 𝓤                      // set of all types (𝓤niverse)
-//   T:  &term{false, T}  == {T}                    // set of type T
-//  ~t:  &term{true, t}   == {t' | under(t') == t}  // set of types with underlying type t
-//
+//	 ∅:  (*term)(nil)     == ∅                      // set of no types (empty set)
+//	 𝓤:  &term{}          == 𝓤                      // set of all types (𝓤niverse)
+//	 T:  &term{false, T}  == {T}                    // set of type T
+//	~t:  &term{true, t}   == {t' | under(t') == t}  // set of types with underlying type t
 type term struct {
 	tilde bool // valid if typ != nil
 	typ   types.Type
diff --git a/vendor/golang.org/x/tools/internal/typesinternal/objectpath.go b/vendor/golang.org/x/tools/internal/typesinternal/objectpath.go
new file mode 100644
index 000000000..5e96e8955
--- /dev/null
+++ b/vendor/golang.org/x/tools/internal/typesinternal/objectpath.go
@@ -0,0 +1,24 @@
+// Copyright 2023 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package typesinternal
+
+import "go/types"
+
+// This file contains back doors that allow gopls to avoid method sorting when
+// using the objectpath package.
+//
+// This is performance-critical in certain repositories, but changing the
+// behavior of the objectpath package is still being discussed in
+// golang/go#61443. If we decide to remove the sorting in objectpath we can
+// simply delete these back doors. Otherwise, we should add a new API to
+// objectpath that allows controlling the sorting.
+
+// SkipEncoderMethodSorting marks enc (which must be an *objectpath.Encoder) as
+// not requiring sorted methods.
+var SkipEncoderMethodSorting func(enc interface{})
+
+// ObjectpathObject is like objectpath.Object, but allows suppressing method
+// sorting.
+var ObjectpathObject func(pkg *types.Package, p string, skipMethodSorting bool) (types.Object, error)
diff --git a/vendor/golang.org/x/xerrors/LICENSE b/vendor/golang.org/x/xerrors/LICENSE
new file mode 100644
index 000000000..e4a47e17f
--- /dev/null
+++ b/vendor/golang.org/x/xerrors/LICENSE
@@ -0,0 +1,27 @@
+Copyright (c) 2019 The Go Authors. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+   * Redistributions of source code must retain the above copyright
+notice, this list of conditions and the following disclaimer.
+   * Redistributions in binary form must reproduce the above
+copyright notice, this list of conditions and the following disclaimer
+in the documentation and/or other materials provided with the
+distribution.
+   * Neither the name of Google Inc. nor the names of its
+contributors may be used to endorse or promote products derived from
+this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/vendor/golang.org/x/xerrors/PATENTS b/vendor/golang.org/x/xerrors/PATENTS
new file mode 100644
index 000000000..733099041
--- /dev/null
+++ b/vendor/golang.org/x/xerrors/PATENTS
@@ -0,0 +1,22 @@
+Additional IP Rights Grant (Patents)
+
+"This implementation" means the copyrightable works distributed by
+Google as part of the Go project.
+
+Google hereby grants to You a perpetual, worldwide, non-exclusive,
+no-charge, royalty-free, irrevocable (except as stated in this section)
+patent license to make, have made, use, offer to sell, sell, import,
+transfer and otherwise run, modify and propagate the contents of this
+implementation of Go, where such license applies only to those patent
+claims, both currently owned or controlled by Google and acquired in
+the future, licensable by Google that are necessarily infringed by this
+implementation of Go.  This grant does not include claims that would be
+infringed only as a consequence of further modification of this
+implementation.  If you or your agent or exclusive licensee institute or
+order or agree to the institution of patent litigation against any
+entity (including a cross-claim or counterclaim in a lawsuit) alleging
+that this implementation of Go or any code incorporated within this
+implementation of Go constitutes direct or contributory patent
+infringement, or inducement of patent infringement, then any patent
+rights granted to you under this License for this implementation of Go
+shall terminate as of the date such litigation is filed.
diff --git a/vendor/golang.org/x/xerrors/README b/vendor/golang.org/x/xerrors/README
new file mode 100644
index 000000000..aac7867a5
--- /dev/null
+++ b/vendor/golang.org/x/xerrors/README
@@ -0,0 +1,2 @@
+This repository holds the transition packages for the new Go 1.13 error values.
+See golang.org/design/29934-error-values.
diff --git a/vendor/golang.org/x/xerrors/adaptor.go b/vendor/golang.org/x/xerrors/adaptor.go
new file mode 100644
index 000000000..4317f2483
--- /dev/null
+++ b/vendor/golang.org/x/xerrors/adaptor.go
@@ -0,0 +1,193 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package xerrors
+
+import (
+	"bytes"
+	"fmt"
+	"io"
+	"reflect"
+	"strconv"
+)
+
+// FormatError calls the FormatError method of f with an errors.Printer
+// configured according to s and verb, and writes the result to s.
+func FormatError(f Formatter, s fmt.State, verb rune) {
+	// Assuming this function is only called from the Format method, and given
+	// that FormatError takes precedence over Format, it cannot be called from
+	// any package that supports errors.Formatter. It is therefore safe to
+	// disregard that State may be a specific printer implementation and use one
+	// of our choice instead.
+
+	// limitations: does not support printing error as Go struct.
+
+	var (
+		sep    = " " // separator before next error
+		p      = &state{State: s}
+		direct = true
+	)
+
+	var err error = f
+
+	switch verb {
+	// Note that this switch must match the preference order
+	// for ordinary string printing (%#v before %+v, and so on).
+
+	case 'v':
+		if s.Flag('#') {
+			if stringer, ok := err.(fmt.GoStringer); ok {
+				io.WriteString(&p.buf, stringer.GoString())
+				goto exit
+			}
+			// proceed as if it were %v
+		} else if s.Flag('+') {
+			p.printDetail = true
+			sep = "\n  - "
+		}
+	case 's':
+	case 'q', 'x', 'X':
+		// Use an intermediate buffer in the rare cases that precision,
+		// truncation, or one of the alternative verbs (q, x, and X) are
+		// specified.
+		direct = false
+
+	default:
+		p.buf.WriteString("%!")
+		p.buf.WriteRune(verb)
+		p.buf.WriteByte('(')
+		switch {
+		case err != nil:
+			p.buf.WriteString(reflect.TypeOf(f).String())
+		default:
+			p.buf.WriteString("<nil>")
+		}
+		p.buf.WriteByte(')')
+		io.Copy(s, &p.buf)
+		return
+	}
+
+loop:
+	for {
+		switch v := err.(type) {
+		case Formatter:
+			err = v.FormatError((*printer)(p))
+		case fmt.Formatter:
+			v.Format(p, 'v')
+			break loop
+		default:
+			io.WriteString(&p.buf, v.Error())
+			break loop
+		}
+		if err == nil {
+			break
+		}
+		if p.needColon || !p.printDetail {
+			p.buf.WriteByte(':')
+			p.needColon = false
+		}
+		p.buf.WriteString(sep)
+		p.inDetail = false
+		p.needNewline = false
+	}
+
+exit:
+	width, okW := s.Width()
+	prec, okP := s.Precision()
+
+	if !direct || (okW && width > 0) || okP {
+		// Construct format string from State s.
+		format := []byte{'%'}
+		if s.Flag('-') {
+			format = append(format, '-')
+		}
+		if s.Flag('+') {
+			format = append(format, '+')
+		}
+		if s.Flag(' ') {
+			format = append(format, ' ')
+		}
+		if okW {
+			format = strconv.AppendInt(format, int64(width), 10)
+		}
+		if okP {
+			format = append(format, '.')
+			format = strconv.AppendInt(format, int64(prec), 10)
+		}
+		format = append(format, string(verb)...)
+		fmt.Fprintf(s, string(format), p.buf.String())
+	} else {
+		io.Copy(s, &p.buf)
+	}
+}
+
+var detailSep = []byte("\n    ")
+
+// state tracks error printing state. It implements fmt.State.
+type state struct {
+	fmt.State
+	buf bytes.Buffer
+
+	printDetail bool
+	inDetail    bool
+	needColon   bool
+	needNewline bool
+}
+
+func (s *state) Write(b []byte) (n int, err error) {
+	if s.printDetail {
+		if len(b) == 0 {
+			return 0, nil
+		}
+		if s.inDetail && s.needColon {
+			s.needNewline = true
+			if b[0] == '\n' {
+				b = b[1:]
+			}
+		}
+		k := 0
+		for i, c := range b {
+			if s.needNewline {
+				if s.inDetail && s.needColon {
+					s.buf.WriteByte(':')
+					s.needColon = false
+				}
+				s.buf.Write(detailSep)
+				s.needNewline = false
+			}
+			if c == '\n' {
+				s.buf.Write(b[k:i])
+				k = i + 1
+				s.needNewline = true
+			}
+		}
+		s.buf.Write(b[k:])
+		if !s.inDetail {
+			s.needColon = true
+		}
+	} else if !s.inDetail {
+		s.buf.Write(b)
+	}
+	return len(b), nil
+}
+
+// printer wraps a state to implement an xerrors.Printer.
+type printer state
+
+func (s *printer) Print(args ...interface{}) {
+	if !s.inDetail || s.printDetail {
+		fmt.Fprint((*state)(s), args...)
+	}
+}
+
+func (s *printer) Printf(format string, args ...interface{}) {
+	if !s.inDetail || s.printDetail {
+		fmt.Fprintf((*state)(s), format, args...)
+	}
+}
+
+func (s *printer) Detail() bool {
+	s.inDetail = true
+	return s.printDetail
+}
diff --git a/vendor/golang.org/x/xerrors/codereview.cfg b/vendor/golang.org/x/xerrors/codereview.cfg
new file mode 100644
index 000000000..3f8b14b64
--- /dev/null
+++ b/vendor/golang.org/x/xerrors/codereview.cfg
@@ -0,0 +1 @@
+issuerepo: golang/go
diff --git a/vendor/golang.org/x/xerrors/doc.go b/vendor/golang.org/x/xerrors/doc.go
new file mode 100644
index 000000000..2ef99f5a8
--- /dev/null
+++ b/vendor/golang.org/x/xerrors/doc.go
@@ -0,0 +1,23 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package xerrors implements functions to manipulate errors.
+//
+// This package is based on the Go 2 proposal for error values:
+//
+//	https://golang.org/design/29934-error-values
+//
+// These functions were incorporated into the standard library's errors package
+// in Go 1.13:
+// - Is
+// - As
+// - Unwrap
+//
+// Also, Errorf's %w verb was incorporated into fmt.Errorf.
+//
+// Use this package to get equivalent behavior in all supported Go versions.
+//
+// No other features of this package were included in Go 1.13, and at present
+// there are no plans to include any of them.
+package xerrors // import "golang.org/x/xerrors"
diff --git a/vendor/golang.org/x/xerrors/errors.go b/vendor/golang.org/x/xerrors/errors.go
new file mode 100644
index 000000000..e88d3772d
--- /dev/null
+++ b/vendor/golang.org/x/xerrors/errors.go
@@ -0,0 +1,33 @@
+// Copyright 2011 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package xerrors
+
+import "fmt"
+
+// errorString is a trivial implementation of error.
+type errorString struct {
+	s     string
+	frame Frame
+}
+
+// New returns an error that formats as the given text.
+//
+// The returned error contains a Frame set to the caller's location and
+// implements Formatter to show this information when printed with details.
+func New(text string) error {
+	return &errorString{text, Caller(1)}
+}
+
+func (e *errorString) Error() string {
+	return e.s
+}
+
+func (e *errorString) Format(s fmt.State, v rune) { FormatError(e, s, v) }
+
+func (e *errorString) FormatError(p Printer) (next error) {
+	p.Print(e.s)
+	e.frame.Format(p)
+	return nil
+}
diff --git a/vendor/golang.org/x/xerrors/fmt.go b/vendor/golang.org/x/xerrors/fmt.go
new file mode 100644
index 000000000..27a5d70bd
--- /dev/null
+++ b/vendor/golang.org/x/xerrors/fmt.go
@@ -0,0 +1,190 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package xerrors
+
+import (
+	"fmt"
+	"strings"
+	"unicode"
+	"unicode/utf8"
+
+	"golang.org/x/xerrors/internal"
+)
+
+const percentBangString = "%!"
+
+// Errorf formats according to a format specifier and returns the string as a
+// value that satisfies error.
+//
+// The returned error includes the file and line number of the caller when
+// formatted with additional detail enabled. If the last argument is an error
+// the returned error's Format method will return it if the format string ends
+// with ": %s", ": %v", or ": %w". If the last argument is an error and the
+// format string ends with ": %w", the returned error implements an Unwrap
+// method returning it.
+//
+// If the format specifier includes a %w verb with an error operand in a
+// position other than at the end, the returned error will still implement an
+// Unwrap method returning the operand, but the error's Format method will not
+// return the wrapped error.
+//
+// It is invalid to include more than one %w verb or to supply it with an
+// operand that does not implement the error interface. The %w verb is otherwise
+// a synonym for %v.
+//
+// Note that as of Go 1.13, the fmt.Errorf function will do error formatting,
+// but it will not capture a stack backtrace.
+func Errorf(format string, a ...interface{}) error {
+	format = formatPlusW(format)
+	// Support a ": %[wsv]" suffix, which works well with xerrors.Formatter.
+	wrap := strings.HasSuffix(format, ": %w")
+	idx, format2, ok := parsePercentW(format)
+	percentWElsewhere := !wrap && idx >= 0
+	if !percentWElsewhere && (wrap || strings.HasSuffix(format, ": %s") || strings.HasSuffix(format, ": %v")) {
+		err := errorAt(a, len(a)-1)
+		if err == nil {
+			return &noWrapError{fmt.Sprintf(format, a...), nil, Caller(1)}
+		}
+		// TODO: this is not entirely correct. The error value could be
+		// printed elsewhere in format if it mixes numbered with unnumbered
+		// substitutions. With relatively small changes to doPrintf we can
+		// have it optionally ignore extra arguments and pass the argument
+		// list in its entirety.
+		msg := fmt.Sprintf(format[:len(format)-len(": %s")], a[:len(a)-1]...)
+		frame := Frame{}
+		if internal.EnableTrace {
+			frame = Caller(1)
+		}
+		if wrap {
+			return &wrapError{msg, err, frame}
+		}
+		return &noWrapError{msg, err, frame}
+	}
+	// Support %w anywhere.
+	// TODO: don't repeat the wrapped error's message when %w occurs in the middle.
+	msg := fmt.Sprintf(format2, a...)
+	if idx < 0 {
+		return &noWrapError{msg, nil, Caller(1)}
+	}
+	err := errorAt(a, idx)
+	if !ok || err == nil {
+		// Too many %ws or argument of %w is not an error. Approximate the Go
+		// 1.13 fmt.Errorf message.
+		return &noWrapError{fmt.Sprintf("%sw(%s)", percentBangString, msg), nil, Caller(1)}
+	}
+	frame := Frame{}
+	if internal.EnableTrace {
+		frame = Caller(1)
+	}
+	return &wrapError{msg, err, frame}
+}
+
+func errorAt(args []interface{}, i int) error {
+	if i < 0 || i >= len(args) {
+		return nil
+	}
+	err, ok := args[i].(error)
+	if !ok {
+		return nil
+	}
+	return err
+}
+
+// formatPlusW is used to avoid the vet check that will barf at %w.
+func formatPlusW(s string) string {
+	return s
+}
+
+// Return the index of the only %w in format, or -1 if none.
+// Also return a rewritten format string with %w replaced by %v, and
+// false if there is more than one %w.
+// TODO: handle "%[N]w".
+func parsePercentW(format string) (idx int, newFormat string, ok bool) {
+	// Loosely copied from golang.org/x/tools/go/analysis/passes/printf/printf.go.
+	idx = -1
+	ok = true
+	n := 0
+	sz := 0
+	var isW bool
+	for i := 0; i < len(format); i += sz {
+		if format[i] != '%' {
+			sz = 1
+			continue
+		}
+		// "%%" is not a format directive.
+		if i+1 < len(format) && format[i+1] == '%' {
+			sz = 2
+			continue
+		}
+		sz, isW = parsePrintfVerb(format[i:])
+		if isW {
+			if idx >= 0 {
+				ok = false
+			} else {
+				idx = n
+			}
+			// "Replace" the last character, the 'w', with a 'v'.
+			p := i + sz - 1
+			format = format[:p] + "v" + format[p+1:]
+		}
+		n++
+	}
+	return idx, format, ok
+}
+
+// Parse the printf verb starting with a % at s[0].
+// Return how many bytes it occupies and whether the verb is 'w'.
+func parsePrintfVerb(s string) (int, bool) {
+	// Assume only that the directive is a sequence of non-letters followed by a single letter.
+	sz := 0
+	var r rune
+	for i := 1; i < len(s); i += sz {
+		r, sz = utf8.DecodeRuneInString(s[i:])
+		if unicode.IsLetter(r) {
+			return i + sz, r == 'w'
+		}
+	}
+	return len(s), false
+}
+
+type noWrapError struct {
+	msg   string
+	err   error
+	frame Frame
+}
+
+func (e *noWrapError) Error() string {
+	return fmt.Sprint(e)
+}
+
+func (e *noWrapError) Format(s fmt.State, v rune) { FormatError(e, s, v) }
+
+func (e *noWrapError) FormatError(p Printer) (next error) {
+	p.Print(e.msg)
+	e.frame.Format(p)
+	return e.err
+}
+
+type wrapError struct {
+	msg   string
+	err   error
+	frame Frame
+}
+
+func (e *wrapError) Error() string {
+	return fmt.Sprint(e)
+}
+
+func (e *wrapError) Format(s fmt.State, v rune) { FormatError(e, s, v) }
+
+func (e *wrapError) FormatError(p Printer) (next error) {
+	p.Print(e.msg)
+	e.frame.Format(p)
+	return e.err
+}
+
+func (e *wrapError) Unwrap() error {
+	return e.err
+}
diff --git a/vendor/golang.org/x/xerrors/format.go b/vendor/golang.org/x/xerrors/format.go
new file mode 100644
index 000000000..1bc9c26b9
--- /dev/null
+++ b/vendor/golang.org/x/xerrors/format.go
@@ -0,0 +1,34 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package xerrors
+
+// A Formatter formats error messages.
+type Formatter interface {
+	error
+
+	// FormatError prints the receiver's first error and returns the next error in
+	// the error chain, if any.
+	FormatError(p Printer) (next error)
+}
+
+// A Printer formats error messages.
+//
+// The most common implementation of Printer is the one provided by package fmt
+// during Printf (as of Go 1.13). Localization packages such as golang.org/x/text/message
+// typically provide their own implementations.
+type Printer interface {
+	// Print appends args to the message output.
+	Print(args ...interface{})
+
+	// Printf writes a formatted string.
+	Printf(format string, args ...interface{})
+
+	// Detail reports whether error detail is requested.
+	// After the first call to Detail, all text written to the Printer
+	// is formatted as additional detail, or ignored when
+	// detail has not been requested.
+	// If Detail returns false, the caller can avoid printing the detail at all.
+	Detail() bool
+}
diff --git a/vendor/golang.org/x/xerrors/frame.go b/vendor/golang.org/x/xerrors/frame.go
new file mode 100644
index 000000000..0de628ec5
--- /dev/null
+++ b/vendor/golang.org/x/xerrors/frame.go
@@ -0,0 +1,56 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package xerrors
+
+import (
+	"runtime"
+)
+
+// A Frame contains part of a call stack.
+type Frame struct {
+	// Make room for three PCs: the one we were asked for, what it called,
+	// and possibly a PC for skipPleaseUseCallersFrames. See:
+	// https://go.googlesource.com/go/+/032678e0fb/src/runtime/extern.go#169
+	frames [3]uintptr
+}
+
+// Caller returns a Frame that describes a frame on the caller's stack.
+// The argument skip is the number of frames to skip over.
+// Caller(0) returns the frame for the caller of Caller.
+func Caller(skip int) Frame {
+	var s Frame
+	runtime.Callers(skip+1, s.frames[:])
+	return s
+}
+
+// location reports the file, line, and function of a frame.
+//
+// The returned function may be "" even if file and line are not.
+func (f Frame) location() (function, file string, line int) {
+	frames := runtime.CallersFrames(f.frames[:])
+	if _, ok := frames.Next(); !ok {
+		return "", "", 0
+	}
+	fr, ok := frames.Next()
+	if !ok {
+		return "", "", 0
+	}
+	return fr.Function, fr.File, fr.Line
+}
+
+// Format prints the stack as error detail.
+// It should be called from an error's Format implementation
+// after printing any other error detail.
+func (f Frame) Format(p Printer) {
+	if p.Detail() {
+		function, file, line := f.location()
+		if function != "" {
+			p.Printf("%s\n    ", function)
+		}
+		if file != "" {
+			p.Printf("%s:%d\n", file, line)
+		}
+	}
+}
diff --git a/vendor/golang.org/x/xerrors/internal/internal.go b/vendor/golang.org/x/xerrors/internal/internal.go
new file mode 100644
index 000000000..89f4eca5d
--- /dev/null
+++ b/vendor/golang.org/x/xerrors/internal/internal.go
@@ -0,0 +1,8 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package internal
+
+// EnableTrace indicates whether stack information should be recorded in errors.
+var EnableTrace = true
diff --git a/vendor/golang.org/x/xerrors/wrap.go b/vendor/golang.org/x/xerrors/wrap.go
new file mode 100644
index 000000000..9842758ca
--- /dev/null
+++ b/vendor/golang.org/x/xerrors/wrap.go
@@ -0,0 +1,112 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package xerrors
+
+import (
+	"reflect"
+)
+
+// A Wrapper provides context around another error.
+type Wrapper interface {
+	// Unwrap returns the next error in the error chain.
+	// If there is no next error, Unwrap returns nil.
+	Unwrap() error
+}
+
+// Opaque returns an error with the same error formatting as err
+// but that does not match err and cannot be unwrapped.
+func Opaque(err error) error {
+	return noWrapper{err}
+}
+
+type noWrapper struct {
+	error
+}
+
+func (e noWrapper) FormatError(p Printer) (next error) {
+	if f, ok := e.error.(Formatter); ok {
+		return f.FormatError(p)
+	}
+	p.Print(e.error)
+	return nil
+}
+
+// Unwrap returns the result of calling the Unwrap method on err, if err implements
+// Unwrap. Otherwise, Unwrap returns nil.
+//
+// Deprecated: As of Go 1.13, use errors.Unwrap instead.
+func Unwrap(err error) error {
+	u, ok := err.(Wrapper)
+	if !ok {
+		return nil
+	}
+	return u.Unwrap()
+}
+
+// Is reports whether any error in err's chain matches target.
+//
+// An error is considered to match a target if it is equal to that target or if
+// it implements a method Is(error) bool such that Is(target) returns true.
+//
+// Deprecated: As of Go 1.13, use errors.Is instead.
+func Is(err, target error) bool {
+	if target == nil {
+		return err == target
+	}
+
+	isComparable := reflect.TypeOf(target).Comparable()
+	for {
+		if isComparable && err == target {
+			return true
+		}
+		if x, ok := err.(interface{ Is(error) bool }); ok && x.Is(target) {
+			return true
+		}
+		// TODO: consider supporing target.Is(err). This would allow
+		// user-definable predicates, but also may allow for coping with sloppy
+		// APIs, thereby making it easier to get away with them.
+		if err = Unwrap(err); err == nil {
+			return false
+		}
+	}
+}
+
+// As finds the first error in err's chain that matches the type to which target
+// points, and if so, sets the target to its value and returns true. An error
+// matches a type if it is assignable to the target type, or if it has a method
+// As(interface{}) bool such that As(target) returns true. As will panic if target
+// is not a non-nil pointer to a type which implements error or is of interface type.
+//
+// The As method should set the target to its value and return true if err
+// matches the type to which target points.
+//
+// Deprecated: As of Go 1.13, use errors.As instead.
+func As(err error, target interface{}) bool {
+	if target == nil {
+		panic("errors: target cannot be nil")
+	}
+	val := reflect.ValueOf(target)
+	typ := val.Type()
+	if typ.Kind() != reflect.Ptr || val.IsNil() {
+		panic("errors: target must be a non-nil pointer")
+	}
+	if e := typ.Elem(); e.Kind() != reflect.Interface && !e.Implements(errorType) {
+		panic("errors: *target must be interface or implement error")
+	}
+	targetType := typ.Elem()
+	for err != nil {
+		if reflect.TypeOf(err).AssignableTo(targetType) {
+			val.Elem().Set(reflect.ValueOf(err))
+			return true
+		}
+		if x, ok := err.(interface{ As(interface{}) bool }); ok && x.As(target) {
+			return true
+		}
+		err = Unwrap(err)
+	}
+	return false
+}
+
+var errorType = reflect.TypeOf((*error)(nil)).Elem()
diff --git a/vendor/google.golang.org/api/idtoken/validate.go b/vendor/google.golang.org/api/idtoken/validate.go
index 5f89b9b63..47d314f50 100644
--- a/vendor/google.golang.org/api/idtoken/validate.go
+++ b/vendor/google.golang.org/api/idtoken/validate.go
@@ -122,6 +122,23 @@ func Validate(ctx context.Context, idToken string, audience string) (*Payload, e
 	return defaultValidator.validate(ctx, idToken, audience)
 }
 
+// ParsePayload parses the given token and returns its payload.
+//
+// Warning: This function does not validate the token prior to parsing it.
+//
+// ParsePayload is primarily meant to be used to inspect a token's payload. This is
+// useful when validation fails and the payload needs to be inspected.
+//
+// Note: A successful Validate() invocation with the same token will return an
+// identical payload.
+func ParsePayload(idToken string) (*Payload, error) {
+	jwt, err := parseJWT(idToken)
+	if err != nil {
+		return nil, err
+	}
+	return jwt.parsedPayload()
+}
+
 func (v *Validator) validate(ctx context.Context, idToken string, audience string) (*Payload, error) {
 	jwt, err := parseJWT(idToken)
 	if err != nil {
@@ -145,7 +162,7 @@ func (v *Validator) validate(ctx context.Context, idToken string, audience strin
 	}
 
 	if now().Unix() > payload.Expires {
-		return nil, fmt.Errorf("idtoken: token expired")
+		return nil, fmt.Errorf("idtoken: token expired: now=%v, expires=%v", now().Unix(), payload.Expires)
 	}
 
 	switch header.Algorithm {
diff --git a/vendor/google.golang.org/api/internal/cba.go b/vendor/google.golang.org/api/internal/cba.go
index cecbb9ba1..829383f55 100644
--- a/vendor/google.golang.org/api/internal/cba.go
+++ b/vendor/google.golang.org/api/internal/cba.go
@@ -91,16 +91,10 @@ func getTransportConfig(settings *DialSettings) (*transportConfig, error) {
 		s2aMTLSEndpoint:  "",
 	}
 
-	// Check the env to determine whether to use S2A.
-	if !isGoogleS2AEnabled() {
+	if !shouldUseS2A(clientCertSource, settings) {
 		return &defaultTransportConfig, nil
 	}
 
-	// If client cert is found, use that over S2A.
-	// If MTLS is not enabled for the endpoint, skip S2A.
-	if clientCertSource != nil || !mtlsEndpointEnabledForS2A() {
-		return &defaultTransportConfig, nil
-	}
 	s2aMTLSEndpoint := settings.DefaultMTLSEndpoint
 	// If there is endpoint override, honor it.
 	if settings.Endpoint != "" {
@@ -118,10 +112,6 @@ func getTransportConfig(settings *DialSettings) (*transportConfig, error) {
 	}, nil
 }
 
-func isGoogleS2AEnabled() bool {
-	return strings.ToLower(os.Getenv(googleAPIUseS2AEnv)) == "true"
-}
-
 // getClientCertificateSource returns a default client certificate source, if
 // not provided by the user.
 //
@@ -275,8 +265,36 @@ func GetHTTPTransportConfigAndEndpoint(settings *DialSettings) (cert.Source, fun
 	return nil, dialTLSContextFunc, config.s2aMTLSEndpoint, nil
 }
 
+func shouldUseS2A(clientCertSource cert.Source, settings *DialSettings) bool {
+	// If client cert is found, use that over S2A.
+	if clientCertSource != nil {
+		return false
+	}
+	// If EXPERIMENTAL_GOOGLE_API_USE_S2A is not set to true, skip S2A.
+	if !isGoogleS2AEnabled() {
+		return false
+	}
+	// If DefaultMTLSEndpoint is not set and no endpoint override, skip S2A.
+	if settings.DefaultMTLSEndpoint == "" && settings.Endpoint == "" {
+		return false
+	}
+	// If MTLS is not enabled for this endpoint, skip S2A.
+	if !mtlsEndpointEnabledForS2A() {
+		return false
+	}
+	// If custom HTTP client is provided, skip S2A.
+	if settings.HTTPClient != nil {
+		return false
+	}
+	return true
+}
+
 // mtlsEndpointEnabledForS2A checks if the endpoint is indeed MTLS-enabled, so that we can use S2A for MTLS connection.
 var mtlsEndpointEnabledForS2A = func() bool {
 	// TODO(xmenxk): determine this via discovery config.
 	return true
 }
+
+func isGoogleS2AEnabled() bool {
+	return strings.ToLower(os.Getenv(googleAPIUseS2AEnv)) == "true"
+}
diff --git a/vendor/google.golang.org/api/internal/creds.go b/vendor/google.golang.org/api/internal/creds.go
index 92b3acf6e..05165f333 100644
--- a/vendor/google.golang.org/api/internal/creds.go
+++ b/vendor/google.golang.org/api/internal/creds.go
@@ -78,9 +78,8 @@ const (
 // met:
 //
 //	(1) At least one of the following is true:
-//	    (a) No scope is provided
-//	    (b) Scope for self-signed JWT flow is enabled
-//	    (c) Audiences are explicitly provided by users
+//	    (a) Scope for self-signed JWT flow is enabled
+//	    (b) Audiences are explicitly provided by users
 //	(2) No service account impersontation
 //
 // - Otherwise, executes standard OAuth 2.0 flow
diff --git a/vendor/google.golang.org/api/internal/s2a.go b/vendor/google.golang.org/api/internal/s2a.go
index c5b421f55..c70f2419b 100644
--- a/vendor/google.golang.org/api/internal/s2a.go
+++ b/vendor/google.golang.org/api/internal/s2a.go
@@ -13,7 +13,7 @@ import (
 	"cloud.google.com/go/compute/metadata"
 )
 
-const configEndpointSuffix = "googleAutoMtlsConfiguration"
+const configEndpointSuffix = "instance/platform-security/auto-mtls-configuration"
 
 // The period an MTLS config can be reused before needing refresh.
 var configExpiry = time.Hour
diff --git a/vendor/google.golang.org/api/internal/settings.go b/vendor/google.golang.org/api/internal/settings.go
index 3a3874df1..84f9302dc 100644
--- a/vendor/google.golang.org/api/internal/settings.go
+++ b/vendor/google.golang.org/api/internal/settings.go
@@ -9,6 +9,8 @@ import (
 	"crypto/tls"
 	"errors"
 	"net/http"
+	"os"
+	"strconv"
 
 	"golang.org/x/oauth2"
 	"golang.org/x/oauth2/google"
@@ -16,6 +18,10 @@ import (
 	"google.golang.org/grpc"
 )
 
+const (
+	newAuthLibEnVar = "GOOGLE_API_GO_EXPERIMENTAL_USE_NEW_AUTH_LIB"
+)
+
 // DialSettings holds information needed to establish a connection with a
 // Google API service.
 type DialSettings struct {
@@ -47,6 +53,7 @@ type DialSettings struct {
 	ImpersonationConfig           *impersonate.Config
 	EnableDirectPath              bool
 	EnableDirectPathXds           bool
+	EnableNewAuthLibrary          bool
 	AllowNonDefaultServiceAccount bool
 
 	// Google API system parameters. For more information please read:
@@ -77,6 +84,16 @@ func (ds *DialSettings) HasCustomAudience() bool {
 	return len(ds.Audiences) > 0
 }
 
+func (ds *DialSettings) IsNewAuthLibraryEnabled() bool {
+	if ds.EnableNewAuthLibrary {
+		return true
+	}
+	if b, err := strconv.ParseBool(os.Getenv(newAuthLibEnVar)); err == nil {
+		return b
+	}
+	return false
+}
+
 // Validate reports an error if ds is invalid.
 func (ds *DialSettings) Validate() error {
 	if ds.SkipValidation {
diff --git a/vendor/google.golang.org/api/internal/version.go b/vendor/google.golang.org/api/internal/version.go
index 54d30ef66..0674cb4f6 100644
--- a/vendor/google.golang.org/api/internal/version.go
+++ b/vendor/google.golang.org/api/internal/version.go
@@ -5,4 +5,4 @@
 package internal
 
 // Version is the current tagged release of the library.
-const Version = "0.128.0"
+const Version = "0.149.0"
diff --git a/vendor/google.golang.org/api/option/internaloption/internaloption.go b/vendor/google.golang.org/api/option/internaloption/internaloption.go
index 3b8461d1d..b2b249eec 100644
--- a/vendor/google.golang.org/api/option/internaloption/internaloption.go
+++ b/vendor/google.golang.org/api/option/internaloption/internaloption.go
@@ -150,6 +150,19 @@ func (w *withCreds) Apply(o *internal.DialSettings) {
 	o.InternalCredentials = (*google.Credentials)(w)
 }
 
+// EnableNewAuthLibrary returns a ClientOption that specifies if libraries in this
+// module to delegate auth to our new library. This option will be removed in
+// the future once all clients have been moved to the new auth layer.
+func EnableNewAuthLibrary() option.ClientOption {
+	return enableNewAuthLibrary(true)
+}
+
+type enableNewAuthLibrary bool
+
+func (w enableNewAuthLibrary) Apply(o *internal.DialSettings) {
+	o.EnableNewAuthLibrary = bool(w)
+}
+
 // EmbeddableAdapter is a no-op option.ClientOption that allow libraries to
 // create their own client options by embedding this type into their own
 // client-specific option wrapper. See example for usage.
diff --git a/vendor/google.golang.org/api/transport/http/dial.go b/vendor/google.golang.org/api/transport/http/dial.go
index eca0c3ba7..a07362ffd 100644
--- a/vendor/google.golang.org/api/transport/http/dial.go
+++ b/vendor/google.golang.org/api/transport/http/dial.go
@@ -145,22 +145,13 @@ func (t *parameterTransport) RoundTrip(req *http.Request) (*http.Response, error
 	return rt.RoundTrip(&newReq)
 }
 
-// Set at init time by dial_appengine.go. If nil, we're not on App Engine.
-var appengineUrlfetchHook func(context.Context) http.RoundTripper
-
-// defaultBaseTransport returns the base HTTP transport.
-// On App Engine, this is urlfetch.Transport.
-// Otherwise, use a default transport, taking most defaults from
-// http.DefaultTransport.
+// defaultBaseTransport returns the base HTTP transport. It uses a default
+// transport, taking most defaults from http.DefaultTransport.
 // If TLSCertificate is available, set TLSClientConfig as well.
 func defaultBaseTransport(ctx context.Context, clientCertSource cert.Source, dialTLSContext func(context.Context, string, string) (net.Conn, error)) http.RoundTripper {
-	if appengineUrlfetchHook != nil {
-		return appengineUrlfetchHook(ctx)
-	}
-
 	// Copy http.DefaultTransport except for MaxIdleConnsPerHost setting,
-	// which is increased due to reported performance issues under load in the GCS
-	// client. Transport.Clone is only available in Go 1.13 and up.
+	// which is increased due to reported performance issues under load in the
+	// GCS client. Transport.Clone is only available in Go 1.13 and up.
 	trans := clonedTransport(http.DefaultTransport)
 	if trans == nil {
 		trans = fallbackBaseTransport()
diff --git a/vendor/google.golang.org/api/transport/http/dial_appengine.go b/vendor/google.golang.org/api/transport/http/dial_appengine.go
deleted file mode 100644
index f064e133f..000000000
--- a/vendor/google.golang.org/api/transport/http/dial_appengine.go
+++ /dev/null
@@ -1,21 +0,0 @@
-// Copyright 2016 Google LLC.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build appengine
-// +build appengine
-
-package http
-
-import (
-	"context"
-	"net/http"
-
-	"google.golang.org/appengine/urlfetch"
-)
-
-func init() {
-	appengineUrlfetchHook = func(ctx context.Context) http.RoundTripper {
-		return &urlfetch.Transport{Context: ctx}
-	}
-}
diff --git a/vendor/google.golang.org/appengine/.travis.yml b/vendor/google.golang.org/appengine/.travis.yml
deleted file mode 100644
index 6d03f4d36..000000000
--- a/vendor/google.golang.org/appengine/.travis.yml
+++ /dev/null
@@ -1,18 +0,0 @@
-language: go
-
-go_import_path: google.golang.org/appengine
-
-install:
-  - ./travis_install.sh
-
-script:
-  - ./travis_test.sh
-
-matrix:
-  include:
-    - go: 1.9.x
-      env: GOAPP=true
-    - go: 1.10.x
-      env: GOAPP=false
-    - go: 1.11.x
-      env: GO111MODULE=on
diff --git a/vendor/google.golang.org/appengine/CONTRIBUTING.md b/vendor/google.golang.org/appengine/CONTRIBUTING.md
index ffc298520..289693613 100644
--- a/vendor/google.golang.org/appengine/CONTRIBUTING.md
+++ b/vendor/google.golang.org/appengine/CONTRIBUTING.md
@@ -19,14 +19,12 @@
 
 ## Running system tests
 
-Download and install the [Go App Engine SDK](https://cloud.google.com/appengine/docs/go/download). Make sure the `go_appengine` dir is in your `PATH`.
-
 Set the `APPENGINE_DEV_APPSERVER` environment variable to `/path/to/go_appengine/dev_appserver.py`.
 
-Run tests with `goapp test`:
+Run tests with `go test`:
 
 ```
-goapp test -v google.golang.org/appengine/...
+go test -v google.golang.org/appengine/...
 ```
 
 ## Contributor License Agreements
diff --git a/vendor/google.golang.org/appengine/README.md b/vendor/google.golang.org/appengine/README.md
index 9fdbacd3c..5ccddd999 100644
--- a/vendor/google.golang.org/appengine/README.md
+++ b/vendor/google.golang.org/appengine/README.md
@@ -1,6 +1,6 @@
 # Go App Engine packages
 
-[![Build Status](https://travis-ci.org/golang/appengine.svg)](https://travis-ci.org/golang/appengine)
+[![CI Status](https://github.com/golang/appengine/actions/workflows/ci.yml/badge.svg)](https://github.com/golang/appengine/actions/workflows/ci.yml)
 
 This repository supports the Go runtime on *App Engine standard*.
 It provides APIs for interacting with App Engine services.
@@ -51,7 +51,7 @@ code importing `appengine/datastore` will now need to import `google.golang.org/
 Most App Engine services are available with exactly the same API.
 A few APIs were cleaned up, and there are some differences:
 
-* `appengine.Context` has been replaced with the `Context` type from `golang.org/x/net/context`.
+* `appengine.Context` has been replaced with the `Context` type from `context`.
 * Logging methods that were on `appengine.Context` are now functions in `google.golang.org/appengine/log`.
 * `appengine.Timeout` has been removed. Use `context.WithTimeout` instead.
 * `appengine.Datacenter` now takes a `context.Context` argument.
@@ -72,7 +72,7 @@ A few APIs were cleaned up, and there are some differences:
 * `appengine/socket` is not required on App Engine flexible environment / Managed VMs.
   Use the standard `net` package instead.
 
-## Key Encode/Decode compatibiltiy to help with datastore library migrations
+## Key Encode/Decode compatibility to help with datastore library migrations
 
 Key compatibility updates have been added to help customers transition from google.golang.org/appengine/datastore to cloud.google.com/go/datastore.
 The `EnableKeyConversion` enables automatic conversion from a key encoded with cloud.google.com/go/datastore to google.golang.org/appengine/datastore key type.
diff --git a/vendor/google.golang.org/appengine/appengine.go b/vendor/google.golang.org/appengine/appengine.go
index 8c9697674..35ba9c896 100644
--- a/vendor/google.golang.org/appengine/appengine.go
+++ b/vendor/google.golang.org/appengine/appengine.go
@@ -9,10 +9,10 @@
 package appengine // import "google.golang.org/appengine"
 
 import (
+	"context"
 	"net/http"
 
 	"github.com/golang/protobuf/proto"
-	"golang.org/x/net/context"
 
 	"google.golang.org/appengine/internal"
 )
@@ -35,18 +35,18 @@ import (
 //
 // Main is designed so that the app's main package looks like this:
 //
-//      package main
+//	package main
 //
-//      import (
-//              "google.golang.org/appengine"
+//	import (
+//	        "google.golang.org/appengine"
 //
-//              _ "myapp/package0"
-//              _ "myapp/package1"
-//      )
+//	        _ "myapp/package0"
+//	        _ "myapp/package1"
+//	)
 //
-//      func main() {
-//              appengine.Main()
-//      }
+//	func main() {
+//	        appengine.Main()
+//	}
 //
 // The "myapp/packageX" packages are expected to register HTTP handlers
 // in their init functions.
@@ -54,6 +54,9 @@ func Main() {
 	internal.Main()
 }
 
+// Middleware wraps an http handler so that it can make GAE API calls
+var Middleware func(http.Handler) http.Handler = internal.Middleware
+
 // IsDevAppServer reports whether the App Engine app is running in the
 // development App Server.
 func IsDevAppServer() bool {
diff --git a/vendor/google.golang.org/appengine/appengine_vm.go b/vendor/google.golang.org/appengine/appengine_vm.go
index f4b645aad..6e1d041cd 100644
--- a/vendor/google.golang.org/appengine/appengine_vm.go
+++ b/vendor/google.golang.org/appengine/appengine_vm.go
@@ -2,19 +2,19 @@
 // Use of this source code is governed by the Apache 2.0
 // license that can be found in the LICENSE file.
 
+//go:build !appengine
 // +build !appengine
 
 package appengine
 
 import (
-	"golang.org/x/net/context"
-
-	"google.golang.org/appengine/internal"
+	"context"
 )
 
 // BackgroundContext returns a context not associated with a request.
-// This should only be used when not servicing a request.
-// This only works in App Engine "flexible environment".
+//
+// Deprecated: App Engine no longer has a special background context.
+// Just use context.Background().
 func BackgroundContext() context.Context {
-	return internal.BackgroundContext()
+	return context.Background()
 }
diff --git a/vendor/google.golang.org/appengine/identity.go b/vendor/google.golang.org/appengine/identity.go
index b8dcf8f36..1202fc1a5 100644
--- a/vendor/google.golang.org/appengine/identity.go
+++ b/vendor/google.golang.org/appengine/identity.go
@@ -5,10 +5,9 @@
 package appengine
 
 import (
+	"context"
 	"time"
 
-	"golang.org/x/net/context"
-
 	"google.golang.org/appengine/internal"
 	pb "google.golang.org/appengine/internal/app_identity"
 	modpb "google.golang.org/appengine/internal/modules"
diff --git a/vendor/google.golang.org/appengine/internal/api.go b/vendor/google.golang.org/appengine/internal/api.go
index 721053c20..0569f5dd4 100644
--- a/vendor/google.golang.org/appengine/internal/api.go
+++ b/vendor/google.golang.org/appengine/internal/api.go
@@ -2,12 +2,14 @@
 // Use of this source code is governed by the Apache 2.0
 // license that can be found in the LICENSE file.
 
+//go:build !appengine
 // +build !appengine
 
 package internal
 
 import (
 	"bytes"
+	"context"
 	"errors"
 	"fmt"
 	"io/ioutil"
@@ -24,7 +26,6 @@ import (
 	"time"
 
 	"github.com/golang/protobuf/proto"
-	netcontext "golang.org/x/net/context"
 
 	basepb "google.golang.org/appengine/internal/base"
 	logpb "google.golang.org/appengine/internal/log"
@@ -32,8 +33,7 @@ import (
 )
 
 const (
-	apiPath             = "/rpc_http"
-	defaultTicketSuffix = "/default.20150612t184001.0"
+	apiPath = "/rpc_http"
 )
 
 var (
@@ -65,21 +65,22 @@ var (
 			IdleConnTimeout:     90 * time.Second,
 		},
 	}
-
-	defaultTicketOnce     sync.Once
-	defaultTicket         string
-	backgroundContextOnce sync.Once
-	backgroundContext     netcontext.Context
 )
 
-func apiURL() *url.URL {
+func apiURL(ctx context.Context) *url.URL {
 	host, port := "appengine.googleapis.internal", "10001"
 	if h := os.Getenv("API_HOST"); h != "" {
 		host = h
 	}
+	if hostOverride := ctx.Value(apiHostOverrideKey); hostOverride != nil {
+		host = hostOverride.(string)
+	}
 	if p := os.Getenv("API_PORT"); p != "" {
 		port = p
 	}
+	if portOverride := ctx.Value(apiPortOverrideKey); portOverride != nil {
+		port = portOverride.(string)
+	}
 	return &url.URL{
 		Scheme: "http",
 		Host:   host + ":" + port,
@@ -87,82 +88,97 @@ func apiURL() *url.URL {
 	}
 }
 
-func handleHTTP(w http.ResponseWriter, r *http.Request) {
-	c := &context{
-		req:       r,
-		outHeader: w.Header(),
-		apiURL:    apiURL(),
-	}
-	r = r.WithContext(withContext(r.Context(), c))
-	c.req = r
-
-	stopFlushing := make(chan int)
+// Middleware wraps an http handler so that it can make GAE API calls
+func Middleware(next http.Handler) http.Handler {
+	return handleHTTPMiddleware(executeRequestSafelyMiddleware(next))
+}
 
-	// Patch up RemoteAddr so it looks reasonable.
-	if addr := r.Header.Get(userIPHeader); addr != "" {
-		r.RemoteAddr = addr
-	} else if addr = r.Header.Get(remoteAddrHeader); addr != "" {
-		r.RemoteAddr = addr
-	} else {
-		// Should not normally reach here, but pick a sensible default anyway.
-		r.RemoteAddr = "127.0.0.1"
-	}
-	// The address in the headers will most likely be of these forms:
-	//	123.123.123.123
-	//	2001:db8::1
-	// net/http.Request.RemoteAddr is specified to be in "IP:port" form.
-	if _, _, err := net.SplitHostPort(r.RemoteAddr); err != nil {
-		// Assume the remote address is only a host; add a default port.
-		r.RemoteAddr = net.JoinHostPort(r.RemoteAddr, "80")
-	}
+func handleHTTPMiddleware(next http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		c := &aeContext{
+			req:       r,
+			outHeader: w.Header(),
+		}
+		r = r.WithContext(withContext(r.Context(), c))
+		c.req = r
+
+		stopFlushing := make(chan int)
+
+		// Patch up RemoteAddr so it looks reasonable.
+		if addr := r.Header.Get(userIPHeader); addr != "" {
+			r.RemoteAddr = addr
+		} else if addr = r.Header.Get(remoteAddrHeader); addr != "" {
+			r.RemoteAddr = addr
+		} else {
+			// Should not normally reach here, but pick a sensible default anyway.
+			r.RemoteAddr = "127.0.0.1"
+		}
+		// The address in the headers will most likely be of these forms:
+		//	123.123.123.123
+		//	2001:db8::1
+		// net/http.Request.RemoteAddr is specified to be in "IP:port" form.
+		if _, _, err := net.SplitHostPort(r.RemoteAddr); err != nil {
+			// Assume the remote address is only a host; add a default port.
+			r.RemoteAddr = net.JoinHostPort(r.RemoteAddr, "80")
+		}
 
-	// Start goroutine responsible for flushing app logs.
-	// This is done after adding c to ctx.m (and stopped before removing it)
-	// because flushing logs requires making an API call.
-	go c.logFlusher(stopFlushing)
+		if logToLogservice() {
+			// Start goroutine responsible for flushing app logs.
+			// This is done after adding c to ctx.m (and stopped before removing it)
+			// because flushing logs requires making an API call.
+			go c.logFlusher(stopFlushing)
+		}
 
-	executeRequestSafely(c, r)
-	c.outHeader = nil // make sure header changes aren't respected any more
+		next.ServeHTTP(c, r)
+		c.outHeader = nil // make sure header changes aren't respected any more
 
-	stopFlushing <- 1 // any logging beyond this point will be dropped
+		flushed := make(chan struct{})
+		if logToLogservice() {
+			stopFlushing <- 1 // any logging beyond this point will be dropped
 
-	// Flush any pending logs asynchronously.
-	c.pendingLogs.Lock()
-	flushes := c.pendingLogs.flushes
-	if len(c.pendingLogs.lines) > 0 {
-		flushes++
-	}
-	c.pendingLogs.Unlock()
-	flushed := make(chan struct{})
-	go func() {
-		defer close(flushed)
-		// Force a log flush, because with very short requests we
-		// may not ever flush logs.
-		c.flushLog(true)
-	}()
-	w.Header().Set(logFlushHeader, strconv.Itoa(flushes))
+			// Flush any pending logs asynchronously.
+			c.pendingLogs.Lock()
+			flushes := c.pendingLogs.flushes
+			if len(c.pendingLogs.lines) > 0 {
+				flushes++
+			}
+			c.pendingLogs.Unlock()
+			go func() {
+				defer close(flushed)
+				// Force a log flush, because with very short requests we
+				// may not ever flush logs.
+				c.flushLog(true)
+			}()
+			w.Header().Set(logFlushHeader, strconv.Itoa(flushes))
+		}
 
-	// Avoid nil Write call if c.Write is never called.
-	if c.outCode != 0 {
-		w.WriteHeader(c.outCode)
-	}
-	if c.outBody != nil {
-		w.Write(c.outBody)
-	}
-	// Wait for the last flush to complete before returning,
-	// otherwise the security ticket will not be valid.
-	<-flushed
+		// Avoid nil Write call if c.Write is never called.
+		if c.outCode != 0 {
+			w.WriteHeader(c.outCode)
+		}
+		if c.outBody != nil {
+			w.Write(c.outBody)
+		}
+		if logToLogservice() {
+			// Wait for the last flush to complete before returning,
+			// otherwise the security ticket will not be valid.
+			<-flushed
+		}
+	})
 }
 
-func executeRequestSafely(c *context, r *http.Request) {
-	defer func() {
-		if x := recover(); x != nil {
-			logf(c, 4, "%s", renderPanic(x)) // 4 == critical
-			c.outCode = 500
-		}
-	}()
+func executeRequestSafelyMiddleware(next http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		defer func() {
+			if x := recover(); x != nil {
+				c := w.(*aeContext)
+				logf(c, 4, "%s", renderPanic(x)) // 4 == critical
+				c.outCode = 500
+			}
+		}()
 
-	http.DefaultServeMux.ServeHTTP(c, r)
+		next.ServeHTTP(w, r)
+	})
 }
 
 func renderPanic(x interface{}) string {
@@ -204,9 +220,9 @@ func renderPanic(x interface{}) string {
 	return string(buf)
 }
 
-// context represents the context of an in-flight HTTP request.
+// aeContext represents the aeContext of an in-flight HTTP request.
 // It implements the appengine.Context and http.ResponseWriter interfaces.
-type context struct {
+type aeContext struct {
 	req *http.Request
 
 	outCode   int
@@ -218,8 +234,6 @@ type context struct {
 		lines   []*logpb.UserAppLogLine
 		flushes int
 	}
-
-	apiURL *url.URL
 }
 
 var contextKey = "holds a *context"
@@ -227,8 +241,8 @@ var contextKey = "holds a *context"
 // jointContext joins two contexts in a superficial way.
 // It takes values and timeouts from a base context, and only values from another context.
 type jointContext struct {
-	base       netcontext.Context
-	valuesOnly netcontext.Context
+	base       context.Context
+	valuesOnly context.Context
 }
 
 func (c jointContext) Deadline() (time.Time, bool) {
@@ -252,94 +266,54 @@ func (c jointContext) Value(key interface{}) interface{} {
 
 // fromContext returns the App Engine context or nil if ctx is not
 // derived from an App Engine context.
-func fromContext(ctx netcontext.Context) *context {
-	c, _ := ctx.Value(&contextKey).(*context)
+func fromContext(ctx context.Context) *aeContext {
+	c, _ := ctx.Value(&contextKey).(*aeContext)
 	return c
 }
 
-func withContext(parent netcontext.Context, c *context) netcontext.Context {
-	ctx := netcontext.WithValue(parent, &contextKey, c)
+func withContext(parent context.Context, c *aeContext) context.Context {
+	ctx := context.WithValue(parent, &contextKey, c)
 	if ns := c.req.Header.Get(curNamespaceHeader); ns != "" {
 		ctx = withNamespace(ctx, ns)
 	}
 	return ctx
 }
 
-func toContext(c *context) netcontext.Context {
-	return withContext(netcontext.Background(), c)
+func toContext(c *aeContext) context.Context {
+	return withContext(context.Background(), c)
 }
 
-func IncomingHeaders(ctx netcontext.Context) http.Header {
+func IncomingHeaders(ctx context.Context) http.Header {
 	if c := fromContext(ctx); c != nil {
 		return c.req.Header
 	}
 	return nil
 }
 
-func ReqContext(req *http.Request) netcontext.Context {
+func ReqContext(req *http.Request) context.Context {
 	return req.Context()
 }
 
-func WithContext(parent netcontext.Context, req *http.Request) netcontext.Context {
+func WithContext(parent context.Context, req *http.Request) context.Context {
 	return jointContext{
 		base:       parent,
 		valuesOnly: req.Context(),
 	}
 }
 
-// DefaultTicket returns a ticket used for background context or dev_appserver.
-func DefaultTicket() string {
-	defaultTicketOnce.Do(func() {
-		if IsDevAppServer() {
-			defaultTicket = "testapp" + defaultTicketSuffix
-			return
-		}
-		appID := partitionlessAppID()
-		escAppID := strings.Replace(strings.Replace(appID, ":", "_", -1), ".", "_", -1)
-		majVersion := VersionID(nil)
-		if i := strings.Index(majVersion, "."); i > 0 {
-			majVersion = majVersion[:i]
-		}
-		defaultTicket = fmt.Sprintf("%s/%s.%s.%s", escAppID, ModuleName(nil), majVersion, InstanceID())
-	})
-	return defaultTicket
-}
-
-func BackgroundContext() netcontext.Context {
-	backgroundContextOnce.Do(func() {
-		// Compute background security ticket.
-		ticket := DefaultTicket()
-
-		c := &context{
-			req: &http.Request{
-				Header: http.Header{
-					ticketHeader: []string{ticket},
-				},
-			},
-			apiURL: apiURL(),
-		}
-		backgroundContext = toContext(c)
-
-		// TODO(dsymonds): Wire up the shutdown handler to do a final flush.
-		go c.logFlusher(make(chan int))
-	})
-
-	return backgroundContext
-}
-
 // RegisterTestRequest registers the HTTP request req for testing, such that
-// any API calls are sent to the provided URL. It returns a closure to delete
-// the registration.
+// any API calls are sent to the provided URL.
 // It should only be used by aetest package.
-func RegisterTestRequest(req *http.Request, apiURL *url.URL, decorate func(netcontext.Context) netcontext.Context) (*http.Request, func()) {
-	c := &context{
-		req:    req,
-		apiURL: apiURL,
-	}
-	ctx := withContext(decorate(req.Context()), c)
-	req = req.WithContext(ctx)
-	c.req = req
-	return req, func() {}
+func RegisterTestRequest(req *http.Request, apiURL *url.URL, appID string) *http.Request {
+	ctx := req.Context()
+	ctx = withAPIHostOverride(ctx, apiURL.Hostname())
+	ctx = withAPIPortOverride(ctx, apiURL.Port())
+	ctx = WithAppIDOverride(ctx, appID)
+
+	// use the unregistered request as a placeholder so that withContext can read the headers
+	c := &aeContext{req: req}
+	c.req = req.WithContext(withContext(ctx, c))
+	return c.req
 }
 
 var errTimeout = &CallError{
@@ -348,7 +322,7 @@ var errTimeout = &CallError{
 	Timeout: true,
 }
 
-func (c *context) Header() http.Header { return c.outHeader }
+func (c *aeContext) Header() http.Header { return c.outHeader }
 
 // Copied from $GOROOT/src/pkg/net/http/transfer.go. Some response status
 // codes do not permit a response body (nor response entity headers such as
@@ -365,7 +339,7 @@ func bodyAllowedForStatus(status int) bool {
 	return true
 }
 
-func (c *context) Write(b []byte) (int, error) {
+func (c *aeContext) Write(b []byte) (int, error) {
 	if c.outCode == 0 {
 		c.WriteHeader(http.StatusOK)
 	}
@@ -376,7 +350,7 @@ func (c *context) Write(b []byte) (int, error) {
 	return len(b), nil
 }
 
-func (c *context) WriteHeader(code int) {
+func (c *aeContext) WriteHeader(code int) {
 	if c.outCode != 0 {
 		logf(c, 3, "WriteHeader called multiple times on request.") // error level
 		return
@@ -384,10 +358,11 @@ func (c *context) WriteHeader(code int) {
 	c.outCode = code
 }
 
-func (c *context) post(body []byte, timeout time.Duration) (b []byte, err error) {
+func post(ctx context.Context, body []byte, timeout time.Duration) (b []byte, err error) {
+	apiURL := apiURL(ctx)
 	hreq := &http.Request{
 		Method: "POST",
-		URL:    c.apiURL,
+		URL:    apiURL,
 		Header: http.Header{
 			apiEndpointHeader: apiEndpointHeaderValue,
 			apiMethodHeader:   apiMethodHeaderValue,
@@ -396,13 +371,16 @@ func (c *context) post(body []byte, timeout time.Duration) (b []byte, err error)
 		},
 		Body:          ioutil.NopCloser(bytes.NewReader(body)),
 		ContentLength: int64(len(body)),
-		Host:          c.apiURL.Host,
-	}
-	if info := c.req.Header.Get(dapperHeader); info != "" {
-		hreq.Header.Set(dapperHeader, info)
+		Host:          apiURL.Host,
 	}
-	if info := c.req.Header.Get(traceHeader); info != "" {
-		hreq.Header.Set(traceHeader, info)
+	c := fromContext(ctx)
+	if c != nil {
+		if info := c.req.Header.Get(dapperHeader); info != "" {
+			hreq.Header.Set(dapperHeader, info)
+		}
+		if info := c.req.Header.Get(traceHeader); info != "" {
+			hreq.Header.Set(traceHeader, info)
+		}
 	}
 
 	tr := apiHTTPClient.Transport.(*http.Transport)
@@ -444,7 +422,7 @@ func (c *context) post(body []byte, timeout time.Duration) (b []byte, err error)
 	return hrespBody, nil
 }
 
-func Call(ctx netcontext.Context, service, method string, in, out proto.Message) error {
+func Call(ctx context.Context, service, method string, in, out proto.Message) error {
 	if ns := NamespaceFromContext(ctx); ns != "" {
 		if fn, ok := NamespaceMods[service]; ok {
 			fn(in, ns)
@@ -463,15 +441,11 @@ func Call(ctx netcontext.Context, service, method string, in, out proto.Message)
 	}
 
 	c := fromContext(ctx)
-	if c == nil {
-		// Give a good error message rather than a panic lower down.
-		return errNotAppEngineContext
-	}
 
 	// Apply transaction modifications if we're in a transaction.
 	if t := transactionFromContext(ctx); t != nil {
 		if t.finished {
-			return errors.New("transaction context has expired")
+			return errors.New("transaction aeContext has expired")
 		}
 		applyTransaction(in, &t.transaction)
 	}
@@ -487,20 +461,13 @@ func Call(ctx netcontext.Context, service, method string, in, out proto.Message)
 		return err
 	}
 
-	ticket := c.req.Header.Get(ticketHeader)
-	// Use a test ticket under test environment.
-	if ticket == "" {
-		if appid := ctx.Value(&appIDOverrideKey); appid != nil {
-			ticket = appid.(string) + defaultTicketSuffix
+	ticket := ""
+	if c != nil {
+		ticket = c.req.Header.Get(ticketHeader)
+		if dri := c.req.Header.Get(devRequestIdHeader); IsDevAppServer() && dri != "" {
+			ticket = dri
 		}
 	}
-	// Fall back to use background ticket when the request ticket is not available in Flex or dev_appserver.
-	if ticket == "" {
-		ticket = DefaultTicket()
-	}
-	if dri := c.req.Header.Get(devRequestIdHeader); IsDevAppServer() && dri != "" {
-		ticket = dri
-	}
 	req := &remotepb.Request{
 		ServiceName: &service,
 		Method:      &method,
@@ -512,7 +479,7 @@ func Call(ctx netcontext.Context, service, method string, in, out proto.Message)
 		return err
 	}
 
-	hrespBody, err := c.post(hreqBody, timeout)
+	hrespBody, err := post(ctx, hreqBody, timeout)
 	if err != nil {
 		return err
 	}
@@ -549,11 +516,11 @@ func Call(ctx netcontext.Context, service, method string, in, out proto.Message)
 	return proto.Unmarshal(res.Response, out)
 }
 
-func (c *context) Request() *http.Request {
+func (c *aeContext) Request() *http.Request {
 	return c.req
 }
 
-func (c *context) addLogLine(ll *logpb.UserAppLogLine) {
+func (c *aeContext) addLogLine(ll *logpb.UserAppLogLine) {
 	// Truncate long log lines.
 	// TODO(dsymonds): Check if this is still necessary.
 	const lim = 8 << 10
@@ -575,18 +542,20 @@ var logLevelName = map[int64]string{
 	4: "CRITICAL",
 }
 
-func logf(c *context, level int64, format string, args ...interface{}) {
+func logf(c *aeContext, level int64, format string, args ...interface{}) {
 	if c == nil {
-		panic("not an App Engine context")
+		panic("not an App Engine aeContext")
 	}
 	s := fmt.Sprintf(format, args...)
 	s = strings.TrimRight(s, "\n") // Remove any trailing newline characters.
-	c.addLogLine(&logpb.UserAppLogLine{
-		TimestampUsec: proto.Int64(time.Now().UnixNano() / 1e3),
-		Level:         &level,
-		Message:       &s,
-	})
-	// Only duplicate log to stderr if not running on App Engine second generation
+	if logToLogservice() {
+		c.addLogLine(&logpb.UserAppLogLine{
+			TimestampUsec: proto.Int64(time.Now().UnixNano() / 1e3),
+			Level:         &level,
+			Message:       &s,
+		})
+	}
+	// Log to stdout if not deployed
 	if !IsSecondGen() {
 		log.Print(logLevelName[level] + ": " + s)
 	}
@@ -594,7 +563,7 @@ func logf(c *context, level int64, format string, args ...interface{}) {
 
 // flushLog attempts to flush any pending logs to the appserver.
 // It should not be called concurrently.
-func (c *context) flushLog(force bool) (flushed bool) {
+func (c *aeContext) flushLog(force bool) (flushed bool) {
 	c.pendingLogs.Lock()
 	// Grab up to 30 MB. We can get away with up to 32 MB, but let's be cautious.
 	n, rem := 0, 30<<20
@@ -655,7 +624,7 @@ const (
 	forceFlushInterval = 60 * time.Second
 )
 
-func (c *context) logFlusher(stop <-chan int) {
+func (c *aeContext) logFlusher(stop <-chan int) {
 	lastFlush := time.Now()
 	tick := time.NewTicker(flushInterval)
 	for {
@@ -673,6 +642,12 @@ func (c *context) logFlusher(stop <-chan int) {
 	}
 }
 
-func ContextForTesting(req *http.Request) netcontext.Context {
-	return toContext(&context{req: req})
+func ContextForTesting(req *http.Request) context.Context {
+	return toContext(&aeContext{req: req})
+}
+
+func logToLogservice() bool {
+	// TODO: replace logservice with json structured logs to $LOG_DIR/app.log.json
+	// where $LOG_DIR is /var/log in prod and some tmpdir in dev
+	return os.Getenv("LOG_TO_LOGSERVICE") != "0"
 }
diff --git a/vendor/google.golang.org/appengine/internal/api_classic.go b/vendor/google.golang.org/appengine/internal/api_classic.go
index f0f40b2e3..87c33c798 100644
--- a/vendor/google.golang.org/appengine/internal/api_classic.go
+++ b/vendor/google.golang.org/appengine/internal/api_classic.go
@@ -2,11 +2,13 @@
 // Use of this source code is governed by the Apache 2.0
 // license that can be found in the LICENSE file.
 
+//go:build appengine
 // +build appengine
 
 package internal
 
 import (
+	"context"
 	"errors"
 	"fmt"
 	"net/http"
@@ -17,20 +19,19 @@ import (
 	basepb "appengine_internal/base"
 
 	"github.com/golang/protobuf/proto"
-	netcontext "golang.org/x/net/context"
 )
 
 var contextKey = "holds an appengine.Context"
 
 // fromContext returns the App Engine context or nil if ctx is not
 // derived from an App Engine context.
-func fromContext(ctx netcontext.Context) appengine.Context {
+func fromContext(ctx context.Context) appengine.Context {
 	c, _ := ctx.Value(&contextKey).(appengine.Context)
 	return c
 }
 
 // This is only for classic App Engine adapters.
-func ClassicContextFromContext(ctx netcontext.Context) (appengine.Context, error) {
+func ClassicContextFromContext(ctx context.Context) (appengine.Context, error) {
 	c := fromContext(ctx)
 	if c == nil {
 		return nil, errNotAppEngineContext
@@ -38,8 +39,8 @@ func ClassicContextFromContext(ctx netcontext.Context) (appengine.Context, error
 	return c, nil
 }
 
-func withContext(parent netcontext.Context, c appengine.Context) netcontext.Context {
-	ctx := netcontext.WithValue(parent, &contextKey, c)
+func withContext(parent context.Context, c appengine.Context) context.Context {
+	ctx := context.WithValue(parent, &contextKey, c)
 
 	s := &basepb.StringProto{}
 	c.Call("__go__", "GetNamespace", &basepb.VoidProto{}, s, nil)
@@ -50,7 +51,7 @@ func withContext(parent netcontext.Context, c appengine.Context) netcontext.Cont
 	return ctx
 }
 
-func IncomingHeaders(ctx netcontext.Context) http.Header {
+func IncomingHeaders(ctx context.Context) http.Header {
 	if c := fromContext(ctx); c != nil {
 		if req, ok := c.Request().(*http.Request); ok {
 			return req.Header
@@ -59,11 +60,11 @@ func IncomingHeaders(ctx netcontext.Context) http.Header {
 	return nil
 }
 
-func ReqContext(req *http.Request) netcontext.Context {
-	return WithContext(netcontext.Background(), req)
+func ReqContext(req *http.Request) context.Context {
+	return WithContext(context.Background(), req)
 }
 
-func WithContext(parent netcontext.Context, req *http.Request) netcontext.Context {
+func WithContext(parent context.Context, req *http.Request) context.Context {
 	c := appengine.NewContext(req)
 	return withContext(parent, c)
 }
@@ -83,11 +84,11 @@ func (t *testingContext) Call(service, method string, _, _ appengine_internal.Pr
 }
 func (t *testingContext) Request() interface{} { return t.req }
 
-func ContextForTesting(req *http.Request) netcontext.Context {
-	return withContext(netcontext.Background(), &testingContext{req: req})
+func ContextForTesting(req *http.Request) context.Context {
+	return withContext(context.Background(), &testingContext{req: req})
 }
 
-func Call(ctx netcontext.Context, service, method string, in, out proto.Message) error {
+func Call(ctx context.Context, service, method string, in, out proto.Message) error {
 	if ns := NamespaceFromContext(ctx); ns != "" {
 		if fn, ok := NamespaceMods[service]; ok {
 			fn(in, ns)
@@ -144,8 +145,8 @@ func Call(ctx netcontext.Context, service, method string, in, out proto.Message)
 	return err
 }
 
-func handleHTTP(w http.ResponseWriter, r *http.Request) {
-	panic("handleHTTP called; this should be impossible")
+func Middleware(next http.Handler) http.Handler {
+	panic("Middleware called; this should be impossible")
 }
 
 func logf(c appengine.Context, level int64, format string, args ...interface{}) {
diff --git a/vendor/google.golang.org/appengine/internal/api_common.go b/vendor/google.golang.org/appengine/internal/api_common.go
index e0c0b214b..5b95c13d9 100644
--- a/vendor/google.golang.org/appengine/internal/api_common.go
+++ b/vendor/google.golang.org/appengine/internal/api_common.go
@@ -5,20 +5,26 @@
 package internal
 
 import (
+	"context"
 	"errors"
 	"os"
 
 	"github.com/golang/protobuf/proto"
-	netcontext "golang.org/x/net/context"
 )
 
+type ctxKey string
+
+func (c ctxKey) String() string {
+	return "appengine context key: " + string(c)
+}
+
 var errNotAppEngineContext = errors.New("not an App Engine context")
 
-type CallOverrideFunc func(ctx netcontext.Context, service, method string, in, out proto.Message) error
+type CallOverrideFunc func(ctx context.Context, service, method string, in, out proto.Message) error
 
 var callOverrideKey = "holds []CallOverrideFunc"
 
-func WithCallOverride(ctx netcontext.Context, f CallOverrideFunc) netcontext.Context {
+func WithCallOverride(ctx context.Context, f CallOverrideFunc) context.Context {
 	// We avoid appending to any existing call override
 	// so we don't risk overwriting a popped stack below.
 	var cofs []CallOverrideFunc
@@ -26,10 +32,10 @@ func WithCallOverride(ctx netcontext.Context, f CallOverrideFunc) netcontext.Con
 		cofs = append(cofs, uf...)
 	}
 	cofs = append(cofs, f)
-	return netcontext.WithValue(ctx, &callOverrideKey, cofs)
+	return context.WithValue(ctx, &callOverrideKey, cofs)
 }
 
-func callOverrideFromContext(ctx netcontext.Context) (CallOverrideFunc, netcontext.Context, bool) {
+func callOverrideFromContext(ctx context.Context) (CallOverrideFunc, context.Context, bool) {
 	cofs, _ := ctx.Value(&callOverrideKey).([]CallOverrideFunc)
 	if len(cofs) == 0 {
 		return nil, nil, false
@@ -37,7 +43,7 @@ func callOverrideFromContext(ctx netcontext.Context) (CallOverrideFunc, netconte
 	// We found a list of overrides; grab the last, and reconstitute a
 	// context that will hide it.
 	f := cofs[len(cofs)-1]
-	ctx = netcontext.WithValue(ctx, &callOverrideKey, cofs[:len(cofs)-1])
+	ctx = context.WithValue(ctx, &callOverrideKey, cofs[:len(cofs)-1])
 	return f, ctx, true
 }
 
@@ -45,23 +51,35 @@ type logOverrideFunc func(level int64, format string, args ...interface{})
 
 var logOverrideKey = "holds a logOverrideFunc"
 
-func WithLogOverride(ctx netcontext.Context, f logOverrideFunc) netcontext.Context {
-	return netcontext.WithValue(ctx, &logOverrideKey, f)
+func WithLogOverride(ctx context.Context, f logOverrideFunc) context.Context {
+	return context.WithValue(ctx, &logOverrideKey, f)
 }
 
 var appIDOverrideKey = "holds a string, being the full app ID"
 
-func WithAppIDOverride(ctx netcontext.Context, appID string) netcontext.Context {
-	return netcontext.WithValue(ctx, &appIDOverrideKey, appID)
+func WithAppIDOverride(ctx context.Context, appID string) context.Context {
+	return context.WithValue(ctx, &appIDOverrideKey, appID)
+}
+
+var apiHostOverrideKey = ctxKey("holds a string, being the alternate API_HOST")
+
+func withAPIHostOverride(ctx context.Context, apiHost string) context.Context {
+	return context.WithValue(ctx, apiHostOverrideKey, apiHost)
+}
+
+var apiPortOverrideKey = ctxKey("holds a string, being the alternate API_PORT")
+
+func withAPIPortOverride(ctx context.Context, apiPort string) context.Context {
+	return context.WithValue(ctx, apiPortOverrideKey, apiPort)
 }
 
 var namespaceKey = "holds the namespace string"
 
-func withNamespace(ctx netcontext.Context, ns string) netcontext.Context {
-	return netcontext.WithValue(ctx, &namespaceKey, ns)
+func withNamespace(ctx context.Context, ns string) context.Context {
+	return context.WithValue(ctx, &namespaceKey, ns)
 }
 
-func NamespaceFromContext(ctx netcontext.Context) string {
+func NamespaceFromContext(ctx context.Context) string {
 	// If there's no namespace, return the empty string.
 	ns, _ := ctx.Value(&namespaceKey).(string)
 	return ns
@@ -70,14 +88,14 @@ func NamespaceFromContext(ctx netcontext.Context) string {
 // FullyQualifiedAppID returns the fully-qualified application ID.
 // This may contain a partition prefix (e.g. "s~" for High Replication apps),
 // or a domain prefix (e.g. "example.com:").
-func FullyQualifiedAppID(ctx netcontext.Context) string {
+func FullyQualifiedAppID(ctx context.Context) string {
 	if id, ok := ctx.Value(&appIDOverrideKey).(string); ok {
 		return id
 	}
 	return fullyQualifiedAppID(ctx)
 }
 
-func Logf(ctx netcontext.Context, level int64, format string, args ...interface{}) {
+func Logf(ctx context.Context, level int64, format string, args ...interface{}) {
 	if f, ok := ctx.Value(&logOverrideKey).(logOverrideFunc); ok {
 		f(level, format, args...)
 		return
@@ -90,7 +108,7 @@ func Logf(ctx netcontext.Context, level int64, format string, args ...interface{
 }
 
 // NamespacedContext wraps a Context to support namespaces.
-func NamespacedContext(ctx netcontext.Context, namespace string) netcontext.Context {
+func NamespacedContext(ctx context.Context, namespace string) context.Context {
 	return withNamespace(ctx, namespace)
 }
 
diff --git a/vendor/google.golang.org/appengine/internal/identity.go b/vendor/google.golang.org/appengine/internal/identity.go
index 9b4134e42..0f95aa91d 100644
--- a/vendor/google.golang.org/appengine/internal/identity.go
+++ b/vendor/google.golang.org/appengine/internal/identity.go
@@ -5,9 +5,8 @@
 package internal
 
 import (
+	"context"
 	"os"
-
-	netcontext "golang.org/x/net/context"
 )
 
 var (
@@ -23,7 +22,7 @@ var (
 
 // AppID is the implementation of the wrapper function of the same name in
 // ../identity.go. See that file for commentary.
-func AppID(c netcontext.Context) string {
+func AppID(c context.Context) string {
 	return appID(FullyQualifiedAppID(c))
 }
 
@@ -35,7 +34,7 @@ func IsStandard() bool {
 	return appengineStandard || IsSecondGen()
 }
 
-// IsStandard is the implementation of the wrapper function of the same name in
+// IsSecondGen is the implementation of the wrapper function of the same name in
 // ../appengine.go. See that file for commentary.
 func IsSecondGen() bool {
 	// Second-gen runtimes set $GAE_ENV so we use that to check if we're on a second-gen runtime.
diff --git a/vendor/google.golang.org/appengine/internal/identity_classic.go b/vendor/google.golang.org/appengine/internal/identity_classic.go
index 4e979f45e..5ad3548bf 100644
--- a/vendor/google.golang.org/appengine/internal/identity_classic.go
+++ b/vendor/google.golang.org/appengine/internal/identity_classic.go
@@ -2,21 +2,22 @@
 // Use of this source code is governed by the Apache 2.0
 // license that can be found in the LICENSE file.
 
+//go:build appengine
 // +build appengine
 
 package internal
 
 import (
-	"appengine"
+	"context"
 
-	netcontext "golang.org/x/net/context"
+	"appengine"
 )
 
 func init() {
 	appengineStandard = true
 }
 
-func DefaultVersionHostname(ctx netcontext.Context) string {
+func DefaultVersionHostname(ctx context.Context) string {
 	c := fromContext(ctx)
 	if c == nil {
 		panic(errNotAppEngineContext)
@@ -24,12 +25,12 @@ func DefaultVersionHostname(ctx netcontext.Context) string {
 	return appengine.DefaultVersionHostname(c)
 }
 
-func Datacenter(_ netcontext.Context) string { return appengine.Datacenter() }
-func ServerSoftware() string                 { return appengine.ServerSoftware() }
-func InstanceID() string                     { return appengine.InstanceID() }
-func IsDevAppServer() bool                   { return appengine.IsDevAppServer() }
+func Datacenter(_ context.Context) string { return appengine.Datacenter() }
+func ServerSoftware() string              { return appengine.ServerSoftware() }
+func InstanceID() string                  { return appengine.InstanceID() }
+func IsDevAppServer() bool                { return appengine.IsDevAppServer() }
 
-func RequestID(ctx netcontext.Context) string {
+func RequestID(ctx context.Context) string {
 	c := fromContext(ctx)
 	if c == nil {
 		panic(errNotAppEngineContext)
@@ -37,14 +38,14 @@ func RequestID(ctx netcontext.Context) string {
 	return appengine.RequestID(c)
 }
 
-func ModuleName(ctx netcontext.Context) string {
+func ModuleName(ctx context.Context) string {
 	c := fromContext(ctx)
 	if c == nil {
 		panic(errNotAppEngineContext)
 	}
 	return appengine.ModuleName(c)
 }
-func VersionID(ctx netcontext.Context) string {
+func VersionID(ctx context.Context) string {
 	c := fromContext(ctx)
 	if c == nil {
 		panic(errNotAppEngineContext)
@@ -52,7 +53,7 @@ func VersionID(ctx netcontext.Context) string {
 	return appengine.VersionID(c)
 }
 
-func fullyQualifiedAppID(ctx netcontext.Context) string {
+func fullyQualifiedAppID(ctx context.Context) string {
 	c := fromContext(ctx)
 	if c == nil {
 		panic(errNotAppEngineContext)
diff --git a/vendor/google.golang.org/appengine/internal/identity_flex.go b/vendor/google.golang.org/appengine/internal/identity_flex.go
index d5e2e7b5e..4201b6b58 100644
--- a/vendor/google.golang.org/appengine/internal/identity_flex.go
+++ b/vendor/google.golang.org/appengine/internal/identity_flex.go
@@ -2,6 +2,7 @@
 // Use of this source code is governed by the Apache 2.0
 // license that can be found in the LICENSE file.
 
+//go:build appenginevm
 // +build appenginevm
 
 package internal
diff --git a/vendor/google.golang.org/appengine/internal/identity_vm.go b/vendor/google.golang.org/appengine/internal/identity_vm.go
index 5d8067263..18ddda3a4 100644
--- a/vendor/google.golang.org/appengine/internal/identity_vm.go
+++ b/vendor/google.golang.org/appengine/internal/identity_vm.go
@@ -2,17 +2,17 @@
 // Use of this source code is governed by the Apache 2.0
 // license that can be found in the LICENSE file.
 
+//go:build !appengine
 // +build !appengine
 
 package internal
 
 import (
+	"context"
 	"log"
 	"net/http"
 	"os"
 	"strings"
-
-	netcontext "golang.org/x/net/context"
 )
 
 // These functions are implementations of the wrapper functions
@@ -24,7 +24,7 @@ const (
 	hDatacenter             = "X-AppEngine-Datacenter"
 )
 
-func ctxHeaders(ctx netcontext.Context) http.Header {
+func ctxHeaders(ctx context.Context) http.Header {
 	c := fromContext(ctx)
 	if c == nil {
 		return nil
@@ -32,15 +32,15 @@ func ctxHeaders(ctx netcontext.Context) http.Header {
 	return c.Request().Header
 }
 
-func DefaultVersionHostname(ctx netcontext.Context) string {
+func DefaultVersionHostname(ctx context.Context) string {
 	return ctxHeaders(ctx).Get(hDefaultVersionHostname)
 }
 
-func RequestID(ctx netcontext.Context) string {
+func RequestID(ctx context.Context) string {
 	return ctxHeaders(ctx).Get(hRequestLogId)
 }
 
-func Datacenter(ctx netcontext.Context) string {
+func Datacenter(ctx context.Context) string {
 	if dc := ctxHeaders(ctx).Get(hDatacenter); dc != "" {
 		return dc
 	}
@@ -71,7 +71,7 @@ func ServerSoftware() string {
 
 // TODO(dsymonds): Remove the metadata fetches.
 
-func ModuleName(_ netcontext.Context) string {
+func ModuleName(_ context.Context) string {
 	if s := os.Getenv("GAE_MODULE_NAME"); s != "" {
 		return s
 	}
@@ -81,7 +81,7 @@ func ModuleName(_ netcontext.Context) string {
 	return string(mustGetMetadata("instance/attributes/gae_backend_name"))
 }
 
-func VersionID(_ netcontext.Context) string {
+func VersionID(_ context.Context) string {
 	if s1, s2 := os.Getenv("GAE_MODULE_VERSION"), os.Getenv("GAE_MINOR_VERSION"); s1 != "" && s2 != "" {
 		return s1 + "." + s2
 	}
@@ -112,7 +112,7 @@ func partitionlessAppID() string {
 	return string(mustGetMetadata("instance/attributes/gae_project"))
 }
 
-func fullyQualifiedAppID(_ netcontext.Context) string {
+func fullyQualifiedAppID(_ context.Context) string {
 	if s := os.Getenv("GAE_APPLICATION"); s != "" {
 		return s
 	}
@@ -130,5 +130,5 @@ func fullyQualifiedAppID(_ netcontext.Context) string {
 }
 
 func IsDevAppServer() bool {
-	return os.Getenv("RUN_WITH_DEVAPPSERVER") != ""
+	return os.Getenv("RUN_WITH_DEVAPPSERVER") != "" || os.Getenv("GAE_ENV") == "localdev"
 }
diff --git a/vendor/google.golang.org/appengine/internal/main.go b/vendor/google.golang.org/appengine/internal/main.go
index 1e765312f..afd0ae84f 100644
--- a/vendor/google.golang.org/appengine/internal/main.go
+++ b/vendor/google.golang.org/appengine/internal/main.go
@@ -2,6 +2,7 @@
 // Use of this source code is governed by the Apache 2.0
 // license that can be found in the LICENSE file.
 
+//go:build appengine
 // +build appengine
 
 package internal
diff --git a/vendor/google.golang.org/appengine/internal/main_vm.go b/vendor/google.golang.org/appengine/internal/main_vm.go
index ddb79a333..86a8caf06 100644
--- a/vendor/google.golang.org/appengine/internal/main_vm.go
+++ b/vendor/google.golang.org/appengine/internal/main_vm.go
@@ -2,6 +2,7 @@
 // Use of this source code is governed by the Apache 2.0
 // license that can be found in the LICENSE file.
 
+//go:build !appengine
 // +build !appengine
 
 package internal
@@ -29,7 +30,7 @@ func Main() {
 	if IsDevAppServer() {
 		host = "127.0.0.1"
 	}
-	if err := http.ListenAndServe(host+":"+port, http.HandlerFunc(handleHTTP)); err != nil {
+	if err := http.ListenAndServe(host+":"+port, Middleware(http.DefaultServeMux)); err != nil {
 		log.Fatalf("http.ListenAndServe: %v", err)
 	}
 }
diff --git a/vendor/google.golang.org/appengine/internal/socket/socket_service.pb.go b/vendor/google.golang.org/appengine/internal/socket/socket_service.pb.go
deleted file mode 100644
index 4ec872e46..000000000
--- a/vendor/google.golang.org/appengine/internal/socket/socket_service.pb.go
+++ /dev/null
@@ -1,2822 +0,0 @@
-// Code generated by protoc-gen-go. DO NOT EDIT.
-// source: google.golang.org/appengine/internal/socket/socket_service.proto
-
-package socket
-
-import proto "github.com/golang/protobuf/proto"
-import fmt "fmt"
-import math "math"
-
-// Reference imports to suppress errors if they are not otherwise used.
-var _ = proto.Marshal
-var _ = fmt.Errorf
-var _ = math.Inf
-
-// This is a compile-time assertion to ensure that this generated file
-// is compatible with the proto package it is being compiled against.
-// A compilation error at this line likely means your copy of the
-// proto package needs to be updated.
-const _ = proto.ProtoPackageIsVersion2 // please upgrade the proto package
-
-type RemoteSocketServiceError_ErrorCode int32
-
-const (
-	RemoteSocketServiceError_SYSTEM_ERROR      RemoteSocketServiceError_ErrorCode = 1
-	RemoteSocketServiceError_GAI_ERROR         RemoteSocketServiceError_ErrorCode = 2
-	RemoteSocketServiceError_FAILURE           RemoteSocketServiceError_ErrorCode = 4
-	RemoteSocketServiceError_PERMISSION_DENIED RemoteSocketServiceError_ErrorCode = 5
-	RemoteSocketServiceError_INVALID_REQUEST   RemoteSocketServiceError_ErrorCode = 6
-	RemoteSocketServiceError_SOCKET_CLOSED     RemoteSocketServiceError_ErrorCode = 7
-)
-
-var RemoteSocketServiceError_ErrorCode_name = map[int32]string{
-	1: "SYSTEM_ERROR",
-	2: "GAI_ERROR",
-	4: "FAILURE",
-	5: "PERMISSION_DENIED",
-	6: "INVALID_REQUEST",
-	7: "SOCKET_CLOSED",
-}
-var RemoteSocketServiceError_ErrorCode_value = map[string]int32{
-	"SYSTEM_ERROR":      1,
-	"GAI_ERROR":         2,
-	"FAILURE":           4,
-	"PERMISSION_DENIED": 5,
-	"INVALID_REQUEST":   6,
-	"SOCKET_CLOSED":     7,
-}
-
-func (x RemoteSocketServiceError_ErrorCode) Enum() *RemoteSocketServiceError_ErrorCode {
-	p := new(RemoteSocketServiceError_ErrorCode)
-	*p = x
-	return p
-}
-func (x RemoteSocketServiceError_ErrorCode) String() string {
-	return proto.EnumName(RemoteSocketServiceError_ErrorCode_name, int32(x))
-}
-func (x *RemoteSocketServiceError_ErrorCode) UnmarshalJSON(data []byte) error {
-	value, err := proto.UnmarshalJSONEnum(RemoteSocketServiceError_ErrorCode_value, data, "RemoteSocketServiceError_ErrorCode")
-	if err != nil {
-		return err
-	}
-	*x = RemoteSocketServiceError_ErrorCode(value)
-	return nil
-}
-func (RemoteSocketServiceError_ErrorCode) EnumDescriptor() ([]byte, []int) {
-	return fileDescriptor_socket_service_b5f8f233dc327808, []int{0, 0}
-}
-
-type RemoteSocketServiceError_SystemError int32
-
-const (
-	RemoteSocketServiceError_SYS_SUCCESS         RemoteSocketServiceError_SystemError = 0
-	RemoteSocketServiceError_SYS_EPERM           RemoteSocketServiceError_SystemError = 1
-	RemoteSocketServiceError_SYS_ENOENT          RemoteSocketServiceError_SystemError = 2
-	RemoteSocketServiceError_SYS_ESRCH           RemoteSocketServiceError_SystemError = 3
-	RemoteSocketServiceError_SYS_EINTR           RemoteSocketServiceError_SystemError = 4
-	RemoteSocketServiceError_SYS_EIO             RemoteSocketServiceError_SystemError = 5
-	RemoteSocketServiceError_SYS_ENXIO           RemoteSocketServiceError_SystemError = 6
-	RemoteSocketServiceError_SYS_E2BIG           RemoteSocketServiceError_SystemError = 7
-	RemoteSocketServiceError_SYS_ENOEXEC         RemoteSocketServiceError_SystemError = 8
-	RemoteSocketServiceError_SYS_EBADF           RemoteSocketServiceError_SystemError = 9
-	RemoteSocketServiceError_SYS_ECHILD          RemoteSocketServiceError_SystemError = 10
-	RemoteSocketServiceError_SYS_EAGAIN          RemoteSocketServiceError_SystemError = 11
-	RemoteSocketServiceError_SYS_EWOULDBLOCK     RemoteSocketServiceError_SystemError = 11
-	RemoteSocketServiceError_SYS_ENOMEM          RemoteSocketServiceError_SystemError = 12
-	RemoteSocketServiceError_SYS_EACCES          RemoteSocketServiceError_SystemError = 13
-	RemoteSocketServiceError_SYS_EFAULT          RemoteSocketServiceError_SystemError = 14
-	RemoteSocketServiceError_SYS_ENOTBLK         RemoteSocketServiceError_SystemError = 15
-	RemoteSocketServiceError_SYS_EBUSY           RemoteSocketServiceError_SystemError = 16
-	RemoteSocketServiceError_SYS_EEXIST          RemoteSocketServiceError_SystemError = 17
-	RemoteSocketServiceError_SYS_EXDEV           RemoteSocketServiceError_SystemError = 18
-	RemoteSocketServiceError_SYS_ENODEV          RemoteSocketServiceError_SystemError = 19
-	RemoteSocketServiceError_SYS_ENOTDIR         RemoteSocketServiceError_SystemError = 20
-	RemoteSocketServiceError_SYS_EISDIR          RemoteSocketServiceError_SystemError = 21
-	RemoteSocketServiceError_SYS_EINVAL          RemoteSocketServiceError_SystemError = 22
-	RemoteSocketServiceError_SYS_ENFILE          RemoteSocketServiceError_SystemError = 23
-	RemoteSocketServiceError_SYS_EMFILE          RemoteSocketServiceError_SystemError = 24
-	RemoteSocketServiceError_SYS_ENOTTY          RemoteSocketServiceError_SystemError = 25
-	RemoteSocketServiceError_SYS_ETXTBSY         RemoteSocketServiceError_SystemError = 26
-	RemoteSocketServiceError_SYS_EFBIG           RemoteSocketServiceError_SystemError = 27
-	RemoteSocketServiceError_SYS_ENOSPC          RemoteSocketServiceError_SystemError = 28
-	RemoteSocketServiceError_SYS_ESPIPE          RemoteSocketServiceError_SystemError = 29
-	RemoteSocketServiceError_SYS_EROFS           RemoteSocketServiceError_SystemError = 30
-	RemoteSocketServiceError_SYS_EMLINK          RemoteSocketServiceError_SystemError = 31
-	RemoteSocketServiceError_SYS_EPIPE           RemoteSocketServiceError_SystemError = 32
-	RemoteSocketServiceError_SYS_EDOM            RemoteSocketServiceError_SystemError = 33
-	RemoteSocketServiceError_SYS_ERANGE          RemoteSocketServiceError_SystemError = 34
-	RemoteSocketServiceError_SYS_EDEADLK         RemoteSocketServiceError_SystemError = 35
-	RemoteSocketServiceError_SYS_EDEADLOCK       RemoteSocketServiceError_SystemError = 35
-	RemoteSocketServiceError_SYS_ENAMETOOLONG    RemoteSocketServiceError_SystemError = 36
-	RemoteSocketServiceError_SYS_ENOLCK          RemoteSocketServiceError_SystemError = 37
-	RemoteSocketServiceError_SYS_ENOSYS          RemoteSocketServiceError_SystemError = 38
-	RemoteSocketServiceError_SYS_ENOTEMPTY       RemoteSocketServiceError_SystemError = 39
-	RemoteSocketServiceError_SYS_ELOOP           RemoteSocketServiceError_SystemError = 40
-	RemoteSocketServiceError_SYS_ENOMSG          RemoteSocketServiceError_SystemError = 42
-	RemoteSocketServiceError_SYS_EIDRM           RemoteSocketServiceError_SystemError = 43
-	RemoteSocketServiceError_SYS_ECHRNG          RemoteSocketServiceError_SystemError = 44
-	RemoteSocketServiceError_SYS_EL2NSYNC        RemoteSocketServiceError_SystemError = 45
-	RemoteSocketServiceError_SYS_EL3HLT          RemoteSocketServiceError_SystemError = 46
-	RemoteSocketServiceError_SYS_EL3RST          RemoteSocketServiceError_SystemError = 47
-	RemoteSocketServiceError_SYS_ELNRNG          RemoteSocketServiceError_SystemError = 48
-	RemoteSocketServiceError_SYS_EUNATCH         RemoteSocketServiceError_SystemError = 49
-	RemoteSocketServiceError_SYS_ENOCSI          RemoteSocketServiceError_SystemError = 50
-	RemoteSocketServiceError_SYS_EL2HLT          RemoteSocketServiceError_SystemError = 51
-	RemoteSocketServiceError_SYS_EBADE           RemoteSocketServiceError_SystemError = 52
-	RemoteSocketServiceError_SYS_EBADR           RemoteSocketServiceError_SystemError = 53
-	RemoteSocketServiceError_SYS_EXFULL          RemoteSocketServiceError_SystemError = 54
-	RemoteSocketServiceError_SYS_ENOANO          RemoteSocketServiceError_SystemError = 55
-	RemoteSocketServiceError_SYS_EBADRQC         RemoteSocketServiceError_SystemError = 56
-	RemoteSocketServiceError_SYS_EBADSLT         RemoteSocketServiceError_SystemError = 57
-	RemoteSocketServiceError_SYS_EBFONT          RemoteSocketServiceError_SystemError = 59
-	RemoteSocketServiceError_SYS_ENOSTR          RemoteSocketServiceError_SystemError = 60
-	RemoteSocketServiceError_SYS_ENODATA         RemoteSocketServiceError_SystemError = 61
-	RemoteSocketServiceError_SYS_ETIME           RemoteSocketServiceError_SystemError = 62
-	RemoteSocketServiceError_SYS_ENOSR           RemoteSocketServiceError_SystemError = 63
-	RemoteSocketServiceError_SYS_ENONET          RemoteSocketServiceError_SystemError = 64
-	RemoteSocketServiceError_SYS_ENOPKG          RemoteSocketServiceError_SystemError = 65
-	RemoteSocketServiceError_SYS_EREMOTE         RemoteSocketServiceError_SystemError = 66
-	RemoteSocketServiceError_SYS_ENOLINK         RemoteSocketServiceError_SystemError = 67
-	RemoteSocketServiceError_SYS_EADV            RemoteSocketServiceError_SystemError = 68
-	RemoteSocketServiceError_SYS_ESRMNT          RemoteSocketServiceError_SystemError = 69
-	RemoteSocketServiceError_SYS_ECOMM           RemoteSocketServiceError_SystemError = 70
-	RemoteSocketServiceError_SYS_EPROTO          RemoteSocketServiceError_SystemError = 71
-	RemoteSocketServiceError_SYS_EMULTIHOP       RemoteSocketServiceError_SystemError = 72
-	RemoteSocketServiceError_SYS_EDOTDOT         RemoteSocketServiceError_SystemError = 73
-	RemoteSocketServiceError_SYS_EBADMSG         RemoteSocketServiceError_SystemError = 74
-	RemoteSocketServiceError_SYS_EOVERFLOW       RemoteSocketServiceError_SystemError = 75
-	RemoteSocketServiceError_SYS_ENOTUNIQ        RemoteSocketServiceError_SystemError = 76
-	RemoteSocketServiceError_SYS_EBADFD          RemoteSocketServiceError_SystemError = 77
-	RemoteSocketServiceError_SYS_EREMCHG         RemoteSocketServiceError_SystemError = 78
-	RemoteSocketServiceError_SYS_ELIBACC         RemoteSocketServiceError_SystemError = 79
-	RemoteSocketServiceError_SYS_ELIBBAD         RemoteSocketServiceError_SystemError = 80
-	RemoteSocketServiceError_SYS_ELIBSCN         RemoteSocketServiceError_SystemError = 81
-	RemoteSocketServiceError_SYS_ELIBMAX         RemoteSocketServiceError_SystemError = 82
-	RemoteSocketServiceError_SYS_ELIBEXEC        RemoteSocketServiceError_SystemError = 83
-	RemoteSocketServiceError_SYS_EILSEQ          RemoteSocketServiceError_SystemError = 84
-	RemoteSocketServiceError_SYS_ERESTART        RemoteSocketServiceError_SystemError = 85
-	RemoteSocketServiceError_SYS_ESTRPIPE        RemoteSocketServiceError_SystemError = 86
-	RemoteSocketServiceError_SYS_EUSERS          RemoteSocketServiceError_SystemError = 87
-	RemoteSocketServiceError_SYS_ENOTSOCK        RemoteSocketServiceError_SystemError = 88
-	RemoteSocketServiceError_SYS_EDESTADDRREQ    RemoteSocketServiceError_SystemError = 89
-	RemoteSocketServiceError_SYS_EMSGSIZE        RemoteSocketServiceError_SystemError = 90
-	RemoteSocketServiceError_SYS_EPROTOTYPE      RemoteSocketServiceError_SystemError = 91
-	RemoteSocketServiceError_SYS_ENOPROTOOPT     RemoteSocketServiceError_SystemError = 92
-	RemoteSocketServiceError_SYS_EPROTONOSUPPORT RemoteSocketServiceError_SystemError = 93
-	RemoteSocketServiceError_SYS_ESOCKTNOSUPPORT RemoteSocketServiceError_SystemError = 94
-	RemoteSocketServiceError_SYS_EOPNOTSUPP      RemoteSocketServiceError_SystemError = 95
-	RemoteSocketServiceError_SYS_ENOTSUP         RemoteSocketServiceError_SystemError = 95
-	RemoteSocketServiceError_SYS_EPFNOSUPPORT    RemoteSocketServiceError_SystemError = 96
-	RemoteSocketServiceError_SYS_EAFNOSUPPORT    RemoteSocketServiceError_SystemError = 97
-	RemoteSocketServiceError_SYS_EADDRINUSE      RemoteSocketServiceError_SystemError = 98
-	RemoteSocketServiceError_SYS_EADDRNOTAVAIL   RemoteSocketServiceError_SystemError = 99
-	RemoteSocketServiceError_SYS_ENETDOWN        RemoteSocketServiceError_SystemError = 100
-	RemoteSocketServiceError_SYS_ENETUNREACH     RemoteSocketServiceError_SystemError = 101
-	RemoteSocketServiceError_SYS_ENETRESET       RemoteSocketServiceError_SystemError = 102
-	RemoteSocketServiceError_SYS_ECONNABORTED    RemoteSocketServiceError_SystemError = 103
-	RemoteSocketServiceError_SYS_ECONNRESET      RemoteSocketServiceError_SystemError = 104
-	RemoteSocketServiceError_SYS_ENOBUFS         RemoteSocketServiceError_SystemError = 105
-	RemoteSocketServiceError_SYS_EISCONN         RemoteSocketServiceError_SystemError = 106
-	RemoteSocketServiceError_SYS_ENOTCONN        RemoteSocketServiceError_SystemError = 107
-	RemoteSocketServiceError_SYS_ESHUTDOWN       RemoteSocketServiceError_SystemError = 108
-	RemoteSocketServiceError_SYS_ETOOMANYREFS    RemoteSocketServiceError_SystemError = 109
-	RemoteSocketServiceError_SYS_ETIMEDOUT       RemoteSocketServiceError_SystemError = 110
-	RemoteSocketServiceError_SYS_ECONNREFUSED    RemoteSocketServiceError_SystemError = 111
-	RemoteSocketServiceError_SYS_EHOSTDOWN       RemoteSocketServiceError_SystemError = 112
-	RemoteSocketServiceError_SYS_EHOSTUNREACH    RemoteSocketServiceError_SystemError = 113
-	RemoteSocketServiceError_SYS_EALREADY        RemoteSocketServiceError_SystemError = 114
-	RemoteSocketServiceError_SYS_EINPROGRESS     RemoteSocketServiceError_SystemError = 115
-	RemoteSocketServiceError_SYS_ESTALE          RemoteSocketServiceError_SystemError = 116
-	RemoteSocketServiceError_SYS_EUCLEAN         RemoteSocketServiceError_SystemError = 117
-	RemoteSocketServiceError_SYS_ENOTNAM         RemoteSocketServiceError_SystemError = 118
-	RemoteSocketServiceError_SYS_ENAVAIL         RemoteSocketServiceError_SystemError = 119
-	RemoteSocketServiceError_SYS_EISNAM          RemoteSocketServiceError_SystemError = 120
-	RemoteSocketServiceError_SYS_EREMOTEIO       RemoteSocketServiceError_SystemError = 121
-	RemoteSocketServiceError_SYS_EDQUOT          RemoteSocketServiceError_SystemError = 122
-	RemoteSocketServiceError_SYS_ENOMEDIUM       RemoteSocketServiceError_SystemError = 123
-	RemoteSocketServiceError_SYS_EMEDIUMTYPE     RemoteSocketServiceError_SystemError = 124
-	RemoteSocketServiceError_SYS_ECANCELED       RemoteSocketServiceError_SystemError = 125
-	RemoteSocketServiceError_SYS_ENOKEY          RemoteSocketServiceError_SystemError = 126
-	RemoteSocketServiceError_SYS_EKEYEXPIRED     RemoteSocketServiceError_SystemError = 127
-	RemoteSocketServiceError_SYS_EKEYREVOKED     RemoteSocketServiceError_SystemError = 128
-	RemoteSocketServiceError_SYS_EKEYREJECTED    RemoteSocketServiceError_SystemError = 129
-	RemoteSocketServiceError_SYS_EOWNERDEAD      RemoteSocketServiceError_SystemError = 130
-	RemoteSocketServiceError_SYS_ENOTRECOVERABLE RemoteSocketServiceError_SystemError = 131
-	RemoteSocketServiceError_SYS_ERFKILL         RemoteSocketServiceError_SystemError = 132
-)
-
-var RemoteSocketServiceError_SystemError_name = map[int32]string{
-	0:  "SYS_SUCCESS",
-	1:  "SYS_EPERM",
-	2:  "SYS_ENOENT",
-	3:  "SYS_ESRCH",
-	4:  "SYS_EINTR",
-	5:  "SYS_EIO",
-	6:  "SYS_ENXIO",
-	7:  "SYS_E2BIG",
-	8:  "SYS_ENOEXEC",
-	9:  "SYS_EBADF",
-	10: "SYS_ECHILD",
-	11: "SYS_EAGAIN",
-	// Duplicate value: 11: "SYS_EWOULDBLOCK",
-	12: "SYS_ENOMEM",
-	13: "SYS_EACCES",
-	14: "SYS_EFAULT",
-	15: "SYS_ENOTBLK",
-	16: "SYS_EBUSY",
-	17: "SYS_EEXIST",
-	18: "SYS_EXDEV",
-	19: "SYS_ENODEV",
-	20: "SYS_ENOTDIR",
-	21: "SYS_EISDIR",
-	22: "SYS_EINVAL",
-	23: "SYS_ENFILE",
-	24: "SYS_EMFILE",
-	25: "SYS_ENOTTY",
-	26: "SYS_ETXTBSY",
-	27: "SYS_EFBIG",
-	28: "SYS_ENOSPC",
-	29: "SYS_ESPIPE",
-	30: "SYS_EROFS",
-	31: "SYS_EMLINK",
-	32: "SYS_EPIPE",
-	33: "SYS_EDOM",
-	34: "SYS_ERANGE",
-	35: "SYS_EDEADLK",
-	// Duplicate value: 35: "SYS_EDEADLOCK",
-	36: "SYS_ENAMETOOLONG",
-	37: "SYS_ENOLCK",
-	38: "SYS_ENOSYS",
-	39: "SYS_ENOTEMPTY",
-	40: "SYS_ELOOP",
-	42: "SYS_ENOMSG",
-	43: "SYS_EIDRM",
-	44: "SYS_ECHRNG",
-	45: "SYS_EL2NSYNC",
-	46: "SYS_EL3HLT",
-	47: "SYS_EL3RST",
-	48: "SYS_ELNRNG",
-	49: "SYS_EUNATCH",
-	50: "SYS_ENOCSI",
-	51: "SYS_EL2HLT",
-	52: "SYS_EBADE",
-	53: "SYS_EBADR",
-	54: "SYS_EXFULL",
-	55: "SYS_ENOANO",
-	56: "SYS_EBADRQC",
-	57: "SYS_EBADSLT",
-	59: "SYS_EBFONT",
-	60: "SYS_ENOSTR",
-	61: "SYS_ENODATA",
-	62: "SYS_ETIME",
-	63: "SYS_ENOSR",
-	64: "SYS_ENONET",
-	65: "SYS_ENOPKG",
-	66: "SYS_EREMOTE",
-	67: "SYS_ENOLINK",
-	68: "SYS_EADV",
-	69: "SYS_ESRMNT",
-	70: "SYS_ECOMM",
-	71: "SYS_EPROTO",
-	72: "SYS_EMULTIHOP",
-	73: "SYS_EDOTDOT",
-	74: "SYS_EBADMSG",
-	75: "SYS_EOVERFLOW",
-	76: "SYS_ENOTUNIQ",
-	77: "SYS_EBADFD",
-	78: "SYS_EREMCHG",
-	79: "SYS_ELIBACC",
-	80: "SYS_ELIBBAD",
-	81: "SYS_ELIBSCN",
-	82: "SYS_ELIBMAX",
-	83: "SYS_ELIBEXEC",
-	84: "SYS_EILSEQ",
-	85: "SYS_ERESTART",
-	86: "SYS_ESTRPIPE",
-	87: "SYS_EUSERS",
-	88: "SYS_ENOTSOCK",
-	89: "SYS_EDESTADDRREQ",
-	90: "SYS_EMSGSIZE",
-	91: "SYS_EPROTOTYPE",
-	92: "SYS_ENOPROTOOPT",
-	93: "SYS_EPROTONOSUPPORT",
-	94: "SYS_ESOCKTNOSUPPORT",
-	95: "SYS_EOPNOTSUPP",
-	// Duplicate value: 95: "SYS_ENOTSUP",
-	96:  "SYS_EPFNOSUPPORT",
-	97:  "SYS_EAFNOSUPPORT",
-	98:  "SYS_EADDRINUSE",
-	99:  "SYS_EADDRNOTAVAIL",
-	100: "SYS_ENETDOWN",
-	101: "SYS_ENETUNREACH",
-	102: "SYS_ENETRESET",
-	103: "SYS_ECONNABORTED",
-	104: "SYS_ECONNRESET",
-	105: "SYS_ENOBUFS",
-	106: "SYS_EISCONN",
-	107: "SYS_ENOTCONN",
-	108: "SYS_ESHUTDOWN",
-	109: "SYS_ETOOMANYREFS",
-	110: "SYS_ETIMEDOUT",
-	111: "SYS_ECONNREFUSED",
-	112: "SYS_EHOSTDOWN",
-	113: "SYS_EHOSTUNREACH",
-	114: "SYS_EALREADY",
-	115: "SYS_EINPROGRESS",
-	116: "SYS_ESTALE",
-	117: "SYS_EUCLEAN",
-	118: "SYS_ENOTNAM",
-	119: "SYS_ENAVAIL",
-	120: "SYS_EISNAM",
-	121: "SYS_EREMOTEIO",
-	122: "SYS_EDQUOT",
-	123: "SYS_ENOMEDIUM",
-	124: "SYS_EMEDIUMTYPE",
-	125: "SYS_ECANCELED",
-	126: "SYS_ENOKEY",
-	127: "SYS_EKEYEXPIRED",
-	128: "SYS_EKEYREVOKED",
-	129: "SYS_EKEYREJECTED",
-	130: "SYS_EOWNERDEAD",
-	131: "SYS_ENOTRECOVERABLE",
-	132: "SYS_ERFKILL",
-}
-var RemoteSocketServiceError_SystemError_value = map[string]int32{
-	"SYS_SUCCESS":         0,
-	"SYS_EPERM":           1,
-	"SYS_ENOENT":          2,
-	"SYS_ESRCH":           3,
-	"SYS_EINTR":           4,
-	"SYS_EIO":             5,
-	"SYS_ENXIO":           6,
-	"SYS_E2BIG":           7,
-	"SYS_ENOEXEC":         8,
-	"SYS_EBADF":           9,
-	"SYS_ECHILD":          10,
-	"SYS_EAGAIN":          11,
-	"SYS_EWOULDBLOCK":     11,
-	"SYS_ENOMEM":          12,
-	"SYS_EACCES":          13,
-	"SYS_EFAULT":          14,
-	"SYS_ENOTBLK":         15,
-	"SYS_EBUSY":           16,
-	"SYS_EEXIST":          17,
-	"SYS_EXDEV":           18,
-	"SYS_ENODEV":          19,
-	"SYS_ENOTDIR":         20,
-	"SYS_EISDIR":          21,
-	"SYS_EINVAL":          22,
-	"SYS_ENFILE":          23,
-	"SYS_EMFILE":          24,
-	"SYS_ENOTTY":          25,
-	"SYS_ETXTBSY":         26,
-	"SYS_EFBIG":           27,
-	"SYS_ENOSPC":          28,
-	"SYS_ESPIPE":          29,
-	"SYS_EROFS":           30,
-	"SYS_EMLINK":          31,
-	"SYS_EPIPE":           32,
-	"SYS_EDOM":            33,
-	"SYS_ERANGE":          34,
-	"SYS_EDEADLK":         35,
-	"SYS_EDEADLOCK":       35,
-	"SYS_ENAMETOOLONG":    36,
-	"SYS_ENOLCK":          37,
-	"SYS_ENOSYS":          38,
-	"SYS_ENOTEMPTY":       39,
-	"SYS_ELOOP":           40,
-	"SYS_ENOMSG":          42,
-	"SYS_EIDRM":           43,
-	"SYS_ECHRNG":          44,
-	"SYS_EL2NSYNC":        45,
-	"SYS_EL3HLT":          46,
-	"SYS_EL3RST":          47,
-	"SYS_ELNRNG":          48,
-	"SYS_EUNATCH":         49,
-	"SYS_ENOCSI":          50,
-	"SYS_EL2HLT":          51,
-	"SYS_EBADE":           52,
-	"SYS_EBADR":           53,
-	"SYS_EXFULL":          54,
-	"SYS_ENOANO":          55,
-	"SYS_EBADRQC":         56,
-	"SYS_EBADSLT":         57,
-	"SYS_EBFONT":          59,
-	"SYS_ENOSTR":          60,
-	"SYS_ENODATA":         61,
-	"SYS_ETIME":           62,
-	"SYS_ENOSR":           63,
-	"SYS_ENONET":          64,
-	"SYS_ENOPKG":          65,
-	"SYS_EREMOTE":         66,
-	"SYS_ENOLINK":         67,
-	"SYS_EADV":            68,
-	"SYS_ESRMNT":          69,
-	"SYS_ECOMM":           70,
-	"SYS_EPROTO":          71,
-	"SYS_EMULTIHOP":       72,
-	"SYS_EDOTDOT":         73,
-	"SYS_EBADMSG":         74,
-	"SYS_EOVERFLOW":       75,
-	"SYS_ENOTUNIQ":        76,
-	"SYS_EBADFD":          77,
-	"SYS_EREMCHG":         78,
-	"SYS_ELIBACC":         79,
-	"SYS_ELIBBAD":         80,
-	"SYS_ELIBSCN":         81,
-	"SYS_ELIBMAX":         82,
-	"SYS_ELIBEXEC":        83,
-	"SYS_EILSEQ":          84,
-	"SYS_ERESTART":        85,
-	"SYS_ESTRPIPE":        86,
-	"SYS_EUSERS":          87,
-	"SYS_ENOTSOCK":        88,
-	"SYS_EDESTADDRREQ":    89,
-	"SYS_EMSGSIZE":        90,
-	"SYS_EPROTOTYPE":      91,
-	"SYS_ENOPROTOOPT":     92,
-	"SYS_EPROTONOSUPPORT": 93,
-	"SYS_ESOCKTNOSUPPORT": 94,
-	"SYS_EOPNOTSUPP":      95,
-	"SYS_ENOTSUP":         95,
-	"SYS_EPFNOSUPPORT":    96,
-	"SYS_EAFNOSUPPORT":    97,
-	"SYS_EADDRINUSE":      98,
-	"SYS_EADDRNOTAVAIL":   99,
-	"SYS_ENETDOWN":        100,
-	"SYS_ENETUNREACH":     101,
-	"SYS_ENETRESET":       102,
-	"SYS_ECONNABORTED":    103,
-	"SYS_ECONNRESET":      104,
-	"SYS_ENOBUFS":         105,
-	"SYS_EISCONN":         106,
-	"SYS_ENOTCONN":        107,
-	"SYS_ESHUTDOWN":       108,
-	"SYS_ETOOMANYREFS":    109,
-	"SYS_ETIMEDOUT":       110,
-	"SYS_ECONNREFUSED":    111,
-	"SYS_EHOSTDOWN":       112,
-	"SYS_EHOSTUNREACH":    113,
-	"SYS_EALREADY":        114,
-	"SYS_EINPROGRESS":     115,
-	"SYS_ESTALE":          116,
-	"SYS_EUCLEAN":         117,
-	"SYS_ENOTNAM":         118,
-	"SYS_ENAVAIL":         119,
-	"SYS_EISNAM":          120,
-	"SYS_EREMOTEIO":       121,
-	"SYS_EDQUOT":          122,
-	"SYS_ENOMEDIUM":       123,
-	"SYS_EMEDIUMTYPE":     124,
-	"SYS_ECANCELED":       125,
-	"SYS_ENOKEY":          126,
-	"SYS_EKEYEXPIRED":     127,
-	"SYS_EKEYREVOKED":     128,
-	"SYS_EKEYREJECTED":    129,
-	"SYS_EOWNERDEAD":      130,
-	"SYS_ENOTRECOVERABLE": 131,
-	"SYS_ERFKILL":         132,
-}
-
-func (x RemoteSocketServiceError_SystemError) Enum() *RemoteSocketServiceError_SystemError {
-	p := new(RemoteSocketServiceError_SystemError)
-	*p = x
-	return p
-}
-func (x RemoteSocketServiceError_SystemError) String() string {
-	return proto.EnumName(RemoteSocketServiceError_SystemError_name, int32(x))
-}
-func (x *RemoteSocketServiceError_SystemError) UnmarshalJSON(data []byte) error {
-	value, err := proto.UnmarshalJSONEnum(RemoteSocketServiceError_SystemError_value, data, "RemoteSocketServiceError_SystemError")
-	if err != nil {
-		return err
-	}
-	*x = RemoteSocketServiceError_SystemError(value)
-	return nil
-}
-func (RemoteSocketServiceError_SystemError) EnumDescriptor() ([]byte, []int) {
-	return fileDescriptor_socket_service_b5f8f233dc327808, []int{0, 1}
-}
-
-type CreateSocketRequest_SocketFamily int32
-
-const (
-	CreateSocketRequest_IPv4 CreateSocketRequest_SocketFamily = 1
-	CreateSocketRequest_IPv6 CreateSocketRequest_SocketFamily = 2
-)
-
-var CreateSocketRequest_SocketFamily_name = map[int32]string{
-	1: "IPv4",
-	2: "IPv6",
-}
-var CreateSocketRequest_SocketFamily_value = map[string]int32{
-	"IPv4": 1,
-	"IPv6": 2,
-}
-
-func (x CreateSocketRequest_SocketFamily) Enum() *CreateSocketRequest_SocketFamily {
-	p := new(CreateSocketRequest_SocketFamily)
-	*p = x
-	return p
-}
-func (x CreateSocketRequest_SocketFamily) String() string {
-	return proto.EnumName(CreateSocketRequest_SocketFamily_name, int32(x))
-}
-func (x *CreateSocketRequest_SocketFamily) UnmarshalJSON(data []byte) error {
-	value, err := proto.UnmarshalJSONEnum(CreateSocketRequest_SocketFamily_value, data, "CreateSocketRequest_SocketFamily")
-	if err != nil {
-		return err
-	}
-	*x = CreateSocketRequest_SocketFamily(value)
-	return nil
-}
-func (CreateSocketRequest_SocketFamily) EnumDescriptor() ([]byte, []int) {
-	return fileDescriptor_socket_service_b5f8f233dc327808, []int{2, 0}
-}
-
-type CreateSocketRequest_SocketProtocol int32
-
-const (
-	CreateSocketRequest_TCP CreateSocketRequest_SocketProtocol = 1
-	CreateSocketRequest_UDP CreateSocketRequest_SocketProtocol = 2
-)
-
-var CreateSocketRequest_SocketProtocol_name = map[int32]string{
-	1: "TCP",
-	2: "UDP",
-}
-var CreateSocketRequest_SocketProtocol_value = map[string]int32{
-	"TCP": 1,
-	"UDP": 2,
-}
-
-func (x CreateSocketRequest_SocketProtocol) Enum() *CreateSocketRequest_SocketProtocol {
-	p := new(CreateSocketRequest_SocketProtocol)
-	*p = x
-	return p
-}
-func (x CreateSocketRequest_SocketProtocol) String() string {
-	return proto.EnumName(CreateSocketRequest_SocketProtocol_name, int32(x))
-}
-func (x *CreateSocketRequest_SocketProtocol) UnmarshalJSON(data []byte) error {
-	value, err := proto.UnmarshalJSONEnum(CreateSocketRequest_SocketProtocol_value, data, "CreateSocketRequest_SocketProtocol")
-	if err != nil {
-		return err
-	}
-	*x = CreateSocketRequest_SocketProtocol(value)
-	return nil
-}
-func (CreateSocketRequest_SocketProtocol) EnumDescriptor() ([]byte, []int) {
-	return fileDescriptor_socket_service_b5f8f233dc327808, []int{2, 1}
-}
-
-type SocketOption_SocketOptionLevel int32
-
-const (
-	SocketOption_SOCKET_SOL_IP     SocketOption_SocketOptionLevel = 0
-	SocketOption_SOCKET_SOL_SOCKET SocketOption_SocketOptionLevel = 1
-	SocketOption_SOCKET_SOL_TCP    SocketOption_SocketOptionLevel = 6
-	SocketOption_SOCKET_SOL_UDP    SocketOption_SocketOptionLevel = 17
-)
-
-var SocketOption_SocketOptionLevel_name = map[int32]string{
-	0:  "SOCKET_SOL_IP",
-	1:  "SOCKET_SOL_SOCKET",
-	6:  "SOCKET_SOL_TCP",
-	17: "SOCKET_SOL_UDP",
-}
-var SocketOption_SocketOptionLevel_value = map[string]int32{
-	"SOCKET_SOL_IP":     0,
-	"SOCKET_SOL_SOCKET": 1,
-	"SOCKET_SOL_TCP":    6,
-	"SOCKET_SOL_UDP":    17,
-}
-
-func (x SocketOption_SocketOptionLevel) Enum() *SocketOption_SocketOptionLevel {
-	p := new(SocketOption_SocketOptionLevel)
-	*p = x
-	return p
-}
-func (x SocketOption_SocketOptionLevel) String() string {
-	return proto.EnumName(SocketOption_SocketOptionLevel_name, int32(x))
-}
-func (x *SocketOption_SocketOptionLevel) UnmarshalJSON(data []byte) error {
-	value, err := proto.UnmarshalJSONEnum(SocketOption_SocketOptionLevel_value, data, "SocketOption_SocketOptionLevel")
-	if err != nil {
-		return err
-	}
-	*x = SocketOption_SocketOptionLevel(value)
-	return nil
-}
-func (SocketOption_SocketOptionLevel) EnumDescriptor() ([]byte, []int) {
-	return fileDescriptor_socket_service_b5f8f233dc327808, []int{10, 0}
-}
-
-type SocketOption_SocketOptionName int32
-
-const (
-	SocketOption_SOCKET_SO_DEBUG         SocketOption_SocketOptionName = 1
-	SocketOption_SOCKET_SO_REUSEADDR     SocketOption_SocketOptionName = 2
-	SocketOption_SOCKET_SO_TYPE          SocketOption_SocketOptionName = 3
-	SocketOption_SOCKET_SO_ERROR         SocketOption_SocketOptionName = 4
-	SocketOption_SOCKET_SO_DONTROUTE     SocketOption_SocketOptionName = 5
-	SocketOption_SOCKET_SO_BROADCAST     SocketOption_SocketOptionName = 6
-	SocketOption_SOCKET_SO_SNDBUF        SocketOption_SocketOptionName = 7
-	SocketOption_SOCKET_SO_RCVBUF        SocketOption_SocketOptionName = 8
-	SocketOption_SOCKET_SO_KEEPALIVE     SocketOption_SocketOptionName = 9
-	SocketOption_SOCKET_SO_OOBINLINE     SocketOption_SocketOptionName = 10
-	SocketOption_SOCKET_SO_LINGER        SocketOption_SocketOptionName = 13
-	SocketOption_SOCKET_SO_RCVTIMEO      SocketOption_SocketOptionName = 20
-	SocketOption_SOCKET_SO_SNDTIMEO      SocketOption_SocketOptionName = 21
-	SocketOption_SOCKET_IP_TOS           SocketOption_SocketOptionName = 1
-	SocketOption_SOCKET_IP_TTL           SocketOption_SocketOptionName = 2
-	SocketOption_SOCKET_IP_HDRINCL       SocketOption_SocketOptionName = 3
-	SocketOption_SOCKET_IP_OPTIONS       SocketOption_SocketOptionName = 4
-	SocketOption_SOCKET_TCP_NODELAY      SocketOption_SocketOptionName = 1
-	SocketOption_SOCKET_TCP_MAXSEG       SocketOption_SocketOptionName = 2
-	SocketOption_SOCKET_TCP_CORK         SocketOption_SocketOptionName = 3
-	SocketOption_SOCKET_TCP_KEEPIDLE     SocketOption_SocketOptionName = 4
-	SocketOption_SOCKET_TCP_KEEPINTVL    SocketOption_SocketOptionName = 5
-	SocketOption_SOCKET_TCP_KEEPCNT      SocketOption_SocketOptionName = 6
-	SocketOption_SOCKET_TCP_SYNCNT       SocketOption_SocketOptionName = 7
-	SocketOption_SOCKET_TCP_LINGER2      SocketOption_SocketOptionName = 8
-	SocketOption_SOCKET_TCP_DEFER_ACCEPT SocketOption_SocketOptionName = 9
-	SocketOption_SOCKET_TCP_WINDOW_CLAMP SocketOption_SocketOptionName = 10
-	SocketOption_SOCKET_TCP_INFO         SocketOption_SocketOptionName = 11
-	SocketOption_SOCKET_TCP_QUICKACK     SocketOption_SocketOptionName = 12
-)
-
-var SocketOption_SocketOptionName_name = map[int32]string{
-	1:  "SOCKET_SO_DEBUG",
-	2:  "SOCKET_SO_REUSEADDR",
-	3:  "SOCKET_SO_TYPE",
-	4:  "SOCKET_SO_ERROR",
-	5:  "SOCKET_SO_DONTROUTE",
-	6:  "SOCKET_SO_BROADCAST",
-	7:  "SOCKET_SO_SNDBUF",
-	8:  "SOCKET_SO_RCVBUF",
-	9:  "SOCKET_SO_KEEPALIVE",
-	10: "SOCKET_SO_OOBINLINE",
-	13: "SOCKET_SO_LINGER",
-	20: "SOCKET_SO_RCVTIMEO",
-	21: "SOCKET_SO_SNDTIMEO",
-	// Duplicate value: 1: "SOCKET_IP_TOS",
-	// Duplicate value: 2: "SOCKET_IP_TTL",
-	// Duplicate value: 3: "SOCKET_IP_HDRINCL",
-	// Duplicate value: 4: "SOCKET_IP_OPTIONS",
-	// Duplicate value: 1: "SOCKET_TCP_NODELAY",
-	// Duplicate value: 2: "SOCKET_TCP_MAXSEG",
-	// Duplicate value: 3: "SOCKET_TCP_CORK",
-	// Duplicate value: 4: "SOCKET_TCP_KEEPIDLE",
-	// Duplicate value: 5: "SOCKET_TCP_KEEPINTVL",
-	// Duplicate value: 6: "SOCKET_TCP_KEEPCNT",
-	// Duplicate value: 7: "SOCKET_TCP_SYNCNT",
-	// Duplicate value: 8: "SOCKET_TCP_LINGER2",
-	// Duplicate value: 9: "SOCKET_TCP_DEFER_ACCEPT",
-	// Duplicate value: 10: "SOCKET_TCP_WINDOW_CLAMP",
-	11: "SOCKET_TCP_INFO",
-	12: "SOCKET_TCP_QUICKACK",
-}
-var SocketOption_SocketOptionName_value = map[string]int32{
-	"SOCKET_SO_DEBUG":         1,
-	"SOCKET_SO_REUSEADDR":     2,
-	"SOCKET_SO_TYPE":          3,
-	"SOCKET_SO_ERROR":         4,
-	"SOCKET_SO_DONTROUTE":     5,
-	"SOCKET_SO_BROADCAST":     6,
-	"SOCKET_SO_SNDBUF":        7,
-	"SOCKET_SO_RCVBUF":        8,
-	"SOCKET_SO_KEEPALIVE":     9,
-	"SOCKET_SO_OOBINLINE":     10,
-	"SOCKET_SO_LINGER":        13,
-	"SOCKET_SO_RCVTIMEO":      20,
-	"SOCKET_SO_SNDTIMEO":      21,
-	"SOCKET_IP_TOS":           1,
-	"SOCKET_IP_TTL":           2,
-	"SOCKET_IP_HDRINCL":       3,
-	"SOCKET_IP_OPTIONS":       4,
-	"SOCKET_TCP_NODELAY":      1,
-	"SOCKET_TCP_MAXSEG":       2,
-	"SOCKET_TCP_CORK":         3,
-	"SOCKET_TCP_KEEPIDLE":     4,
-	"SOCKET_TCP_KEEPINTVL":    5,
-	"SOCKET_TCP_KEEPCNT":      6,
-	"SOCKET_TCP_SYNCNT":       7,
-	"SOCKET_TCP_LINGER2":      8,
-	"SOCKET_TCP_DEFER_ACCEPT": 9,
-	"SOCKET_TCP_WINDOW_CLAMP": 10,
-	"SOCKET_TCP_INFO":         11,
-	"SOCKET_TCP_QUICKACK":     12,
-}
-
-func (x SocketOption_SocketOptionName) Enum() *SocketOption_SocketOptionName {
-	p := new(SocketOption_SocketOptionName)
-	*p = x
-	return p
-}
-func (x SocketOption_SocketOptionName) String() string {
-	return proto.EnumName(SocketOption_SocketOptionName_name, int32(x))
-}
-func (x *SocketOption_SocketOptionName) UnmarshalJSON(data []byte) error {
-	value, err := proto.UnmarshalJSONEnum(SocketOption_SocketOptionName_value, data, "SocketOption_SocketOptionName")
-	if err != nil {
-		return err
-	}
-	*x = SocketOption_SocketOptionName(value)
-	return nil
-}
-func (SocketOption_SocketOptionName) EnumDescriptor() ([]byte, []int) {
-	return fileDescriptor_socket_service_b5f8f233dc327808, []int{10, 1}
-}
-
-type ShutDownRequest_How int32
-
-const (
-	ShutDownRequest_SOCKET_SHUT_RD   ShutDownRequest_How = 1
-	ShutDownRequest_SOCKET_SHUT_WR   ShutDownRequest_How = 2
-	ShutDownRequest_SOCKET_SHUT_RDWR ShutDownRequest_How = 3
-)
-
-var ShutDownRequest_How_name = map[int32]string{
-	1: "SOCKET_SHUT_RD",
-	2: "SOCKET_SHUT_WR",
-	3: "SOCKET_SHUT_RDWR",
-}
-var ShutDownRequest_How_value = map[string]int32{
-	"SOCKET_SHUT_RD":   1,
-	"SOCKET_SHUT_WR":   2,
-	"SOCKET_SHUT_RDWR": 3,
-}
-
-func (x ShutDownRequest_How) Enum() *ShutDownRequest_How {
-	p := new(ShutDownRequest_How)
-	*p = x
-	return p
-}
-func (x ShutDownRequest_How) String() string {
-	return proto.EnumName(ShutDownRequest_How_name, int32(x))
-}
-func (x *ShutDownRequest_How) UnmarshalJSON(data []byte) error {
-	value, err := proto.UnmarshalJSONEnum(ShutDownRequest_How_value, data, "ShutDownRequest_How")
-	if err != nil {
-		return err
-	}
-	*x = ShutDownRequest_How(value)
-	return nil
-}
-func (ShutDownRequest_How) EnumDescriptor() ([]byte, []int) {
-	return fileDescriptor_socket_service_b5f8f233dc327808, []int{21, 0}
-}
-
-type ReceiveRequest_Flags int32
-
-const (
-	ReceiveRequest_MSG_OOB  ReceiveRequest_Flags = 1
-	ReceiveRequest_MSG_PEEK ReceiveRequest_Flags = 2
-)
-
-var ReceiveRequest_Flags_name = map[int32]string{
-	1: "MSG_OOB",
-	2: "MSG_PEEK",
-}
-var ReceiveRequest_Flags_value = map[string]int32{
-	"MSG_OOB":  1,
-	"MSG_PEEK": 2,
-}
-
-func (x ReceiveRequest_Flags) Enum() *ReceiveRequest_Flags {
-	p := new(ReceiveRequest_Flags)
-	*p = x
-	return p
-}
-func (x ReceiveRequest_Flags) String() string {
-	return proto.EnumName(ReceiveRequest_Flags_name, int32(x))
-}
-func (x *ReceiveRequest_Flags) UnmarshalJSON(data []byte) error {
-	value, err := proto.UnmarshalJSONEnum(ReceiveRequest_Flags_value, data, "ReceiveRequest_Flags")
-	if err != nil {
-		return err
-	}
-	*x = ReceiveRequest_Flags(value)
-	return nil
-}
-func (ReceiveRequest_Flags) EnumDescriptor() ([]byte, []int) {
-	return fileDescriptor_socket_service_b5f8f233dc327808, []int{27, 0}
-}
-
-type PollEvent_PollEventFlag int32
-
-const (
-	PollEvent_SOCKET_POLLNONE   PollEvent_PollEventFlag = 0
-	PollEvent_SOCKET_POLLIN     PollEvent_PollEventFlag = 1
-	PollEvent_SOCKET_POLLPRI    PollEvent_PollEventFlag = 2
-	PollEvent_SOCKET_POLLOUT    PollEvent_PollEventFlag = 4
-	PollEvent_SOCKET_POLLERR    PollEvent_PollEventFlag = 8
-	PollEvent_SOCKET_POLLHUP    PollEvent_PollEventFlag = 16
-	PollEvent_SOCKET_POLLNVAL   PollEvent_PollEventFlag = 32
-	PollEvent_SOCKET_POLLRDNORM PollEvent_PollEventFlag = 64
-	PollEvent_SOCKET_POLLRDBAND PollEvent_PollEventFlag = 128
-	PollEvent_SOCKET_POLLWRNORM PollEvent_PollEventFlag = 256
-	PollEvent_SOCKET_POLLWRBAND PollEvent_PollEventFlag = 512
-	PollEvent_SOCKET_POLLMSG    PollEvent_PollEventFlag = 1024
-	PollEvent_SOCKET_POLLREMOVE PollEvent_PollEventFlag = 4096
-	PollEvent_SOCKET_POLLRDHUP  PollEvent_PollEventFlag = 8192
-)
-
-var PollEvent_PollEventFlag_name = map[int32]string{
-	0:    "SOCKET_POLLNONE",
-	1:    "SOCKET_POLLIN",
-	2:    "SOCKET_POLLPRI",
-	4:    "SOCKET_POLLOUT",
-	8:    "SOCKET_POLLERR",
-	16:   "SOCKET_POLLHUP",
-	32:   "SOCKET_POLLNVAL",
-	64:   "SOCKET_POLLRDNORM",
-	128:  "SOCKET_POLLRDBAND",
-	256:  "SOCKET_POLLWRNORM",
-	512:  "SOCKET_POLLWRBAND",
-	1024: "SOCKET_POLLMSG",
-	4096: "SOCKET_POLLREMOVE",
-	8192: "SOCKET_POLLRDHUP",
-}
-var PollEvent_PollEventFlag_value = map[string]int32{
-	"SOCKET_POLLNONE":   0,
-	"SOCKET_POLLIN":     1,
-	"SOCKET_POLLPRI":    2,
-	"SOCKET_POLLOUT":    4,
-	"SOCKET_POLLERR":    8,
-	"SOCKET_POLLHUP":    16,
-	"SOCKET_POLLNVAL":   32,
-	"SOCKET_POLLRDNORM": 64,
-	"SOCKET_POLLRDBAND": 128,
-	"SOCKET_POLLWRNORM": 256,
-	"SOCKET_POLLWRBAND": 512,
-	"SOCKET_POLLMSG":    1024,
-	"SOCKET_POLLREMOVE": 4096,
-	"SOCKET_POLLRDHUP":  8192,
-}
-
-func (x PollEvent_PollEventFlag) Enum() *PollEvent_PollEventFlag {
-	p := new(PollEvent_PollEventFlag)
-	*p = x
-	return p
-}
-func (x PollEvent_PollEventFlag) String() string {
-	return proto.EnumName(PollEvent_PollEventFlag_name, int32(x))
-}
-func (x *PollEvent_PollEventFlag) UnmarshalJSON(data []byte) error {
-	value, err := proto.UnmarshalJSONEnum(PollEvent_PollEventFlag_value, data, "PollEvent_PollEventFlag")
-	if err != nil {
-		return err
-	}
-	*x = PollEvent_PollEventFlag(value)
-	return nil
-}
-func (PollEvent_PollEventFlag) EnumDescriptor() ([]byte, []int) {
-	return fileDescriptor_socket_service_b5f8f233dc327808, []int{29, 0}
-}
-
-type ResolveReply_ErrorCode int32
-
-const (
-	ResolveReply_SOCKET_EAI_ADDRFAMILY ResolveReply_ErrorCode = 1
-	ResolveReply_SOCKET_EAI_AGAIN      ResolveReply_ErrorCode = 2
-	ResolveReply_SOCKET_EAI_BADFLAGS   ResolveReply_ErrorCode = 3
-	ResolveReply_SOCKET_EAI_FAIL       ResolveReply_ErrorCode = 4
-	ResolveReply_SOCKET_EAI_FAMILY     ResolveReply_ErrorCode = 5
-	ResolveReply_SOCKET_EAI_MEMORY     ResolveReply_ErrorCode = 6
-	ResolveReply_SOCKET_EAI_NODATA     ResolveReply_ErrorCode = 7
-	ResolveReply_SOCKET_EAI_NONAME     ResolveReply_ErrorCode = 8
-	ResolveReply_SOCKET_EAI_SERVICE    ResolveReply_ErrorCode = 9
-	ResolveReply_SOCKET_EAI_SOCKTYPE   ResolveReply_ErrorCode = 10
-	ResolveReply_SOCKET_EAI_SYSTEM     ResolveReply_ErrorCode = 11
-	ResolveReply_SOCKET_EAI_BADHINTS   ResolveReply_ErrorCode = 12
-	ResolveReply_SOCKET_EAI_PROTOCOL   ResolveReply_ErrorCode = 13
-	ResolveReply_SOCKET_EAI_OVERFLOW   ResolveReply_ErrorCode = 14
-	ResolveReply_SOCKET_EAI_MAX        ResolveReply_ErrorCode = 15
-)
-
-var ResolveReply_ErrorCode_name = map[int32]string{
-	1:  "SOCKET_EAI_ADDRFAMILY",
-	2:  "SOCKET_EAI_AGAIN",
-	3:  "SOCKET_EAI_BADFLAGS",
-	4:  "SOCKET_EAI_FAIL",
-	5:  "SOCKET_EAI_FAMILY",
-	6:  "SOCKET_EAI_MEMORY",
-	7:  "SOCKET_EAI_NODATA",
-	8:  "SOCKET_EAI_NONAME",
-	9:  "SOCKET_EAI_SERVICE",
-	10: "SOCKET_EAI_SOCKTYPE",
-	11: "SOCKET_EAI_SYSTEM",
-	12: "SOCKET_EAI_BADHINTS",
-	13: "SOCKET_EAI_PROTOCOL",
-	14: "SOCKET_EAI_OVERFLOW",
-	15: "SOCKET_EAI_MAX",
-}
-var ResolveReply_ErrorCode_value = map[string]int32{
-	"SOCKET_EAI_ADDRFAMILY": 1,
-	"SOCKET_EAI_AGAIN":      2,
-	"SOCKET_EAI_BADFLAGS":   3,
-	"SOCKET_EAI_FAIL":       4,
-	"SOCKET_EAI_FAMILY":     5,
-	"SOCKET_EAI_MEMORY":     6,
-	"SOCKET_EAI_NODATA":     7,
-	"SOCKET_EAI_NONAME":     8,
-	"SOCKET_EAI_SERVICE":    9,
-	"SOCKET_EAI_SOCKTYPE":   10,
-	"SOCKET_EAI_SYSTEM":     11,
-	"SOCKET_EAI_BADHINTS":   12,
-	"SOCKET_EAI_PROTOCOL":   13,
-	"SOCKET_EAI_OVERFLOW":   14,
-	"SOCKET_EAI_MAX":        15,
-}
-
-func (x ResolveReply_ErrorCode) Enum() *ResolveReply_ErrorCode {
-	p := new(ResolveReply_ErrorCode)
-	*p = x
-	return p
-}
-func (x ResolveReply_ErrorCode) String() string {
-	return proto.EnumName(ResolveReply_ErrorCode_name, int32(x))
-}
-func (x *ResolveReply_ErrorCode) UnmarshalJSON(data []byte) error {
-	value, err := proto.UnmarshalJSONEnum(ResolveReply_ErrorCode_value, data, "ResolveReply_ErrorCode")
-	if err != nil {
-		return err
-	}
-	*x = ResolveReply_ErrorCode(value)
-	return nil
-}
-func (ResolveReply_ErrorCode) EnumDescriptor() ([]byte, []int) {
-	return fileDescriptor_socket_service_b5f8f233dc327808, []int{33, 0}
-}
-
-type RemoteSocketServiceError struct {
-	SystemError          *int32   `protobuf:"varint,1,opt,name=system_error,json=systemError,def=0" json:"system_error,omitempty"`
-	ErrorDetail          *string  `protobuf:"bytes,2,opt,name=error_detail,json=errorDetail" json:"error_detail,omitempty"`
-	XXX_NoUnkeyedLiteral struct{} `json:"-"`
-	XXX_unrecognized     []byte   `json:"-"`
-	XXX_sizecache        int32    `json:"-"`
-}
-
-func (m *RemoteSocketServiceError) Reset()         { *m = RemoteSocketServiceError{} }
-func (m *RemoteSocketServiceError) String() string { return proto.CompactTextString(m) }
-func (*RemoteSocketServiceError) ProtoMessage()    {}
-func (*RemoteSocketServiceError) Descriptor() ([]byte, []int) {
-	return fileDescriptor_socket_service_b5f8f233dc327808, []int{0}
-}
-func (m *RemoteSocketServiceError) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_RemoteSocketServiceError.Unmarshal(m, b)
-}
-func (m *RemoteSocketServiceError) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_RemoteSocketServiceError.Marshal(b, m, deterministic)
-}
-func (dst *RemoteSocketServiceError) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_RemoteSocketServiceError.Merge(dst, src)
-}
-func (m *RemoteSocketServiceError) XXX_Size() int {
-	return xxx_messageInfo_RemoteSocketServiceError.Size(m)
-}
-func (m *RemoteSocketServiceError) XXX_DiscardUnknown() {
-	xxx_messageInfo_RemoteSocketServiceError.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_RemoteSocketServiceError proto.InternalMessageInfo
-
-const Default_RemoteSocketServiceError_SystemError int32 = 0
-
-func (m *RemoteSocketServiceError) GetSystemError() int32 {
-	if m != nil && m.SystemError != nil {
-		return *m.SystemError
-	}
-	return Default_RemoteSocketServiceError_SystemError
-}
-
-func (m *RemoteSocketServiceError) GetErrorDetail() string {
-	if m != nil && m.ErrorDetail != nil {
-		return *m.ErrorDetail
-	}
-	return ""
-}
-
-type AddressPort struct {
-	Port                 *int32   `protobuf:"varint,1,req,name=port" json:"port,omitempty"`
-	PackedAddress        []byte   `protobuf:"bytes,2,opt,name=packed_address,json=packedAddress" json:"packed_address,omitempty"`
-	HostnameHint         *string  `protobuf:"bytes,3,opt,name=hostname_hint,json=hostnameHint" json:"hostname_hint,omitempty"`
-	XXX_NoUnkeyedLiteral struct{} `json:"-"`
-	XXX_unrecognized     []byte   `json:"-"`
-	XXX_sizecache        int32    `json:"-"`
-}
-
-func (m *AddressPort) Reset()         { *m = AddressPort{} }
-func (m *AddressPort) String() string { return proto.CompactTextString(m) }
-func (*AddressPort) ProtoMessage()    {}
-func (*AddressPort) Descriptor() ([]byte, []int) {
-	return fileDescriptor_socket_service_b5f8f233dc327808, []int{1}
-}
-func (m *AddressPort) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_AddressPort.Unmarshal(m, b)
-}
-func (m *AddressPort) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_AddressPort.Marshal(b, m, deterministic)
-}
-func (dst *AddressPort) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_AddressPort.Merge(dst, src)
-}
-func (m *AddressPort) XXX_Size() int {
-	return xxx_messageInfo_AddressPort.Size(m)
-}
-func (m *AddressPort) XXX_DiscardUnknown() {
-	xxx_messageInfo_AddressPort.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_AddressPort proto.InternalMessageInfo
-
-func (m *AddressPort) GetPort() int32 {
-	if m != nil && m.Port != nil {
-		return *m.Port
-	}
-	return 0
-}
-
-func (m *AddressPort) GetPackedAddress() []byte {
-	if m != nil {
-		return m.PackedAddress
-	}
-	return nil
-}
-
-func (m *AddressPort) GetHostnameHint() string {
-	if m != nil && m.HostnameHint != nil {
-		return *m.HostnameHint
-	}
-	return ""
-}
-
-type CreateSocketRequest struct {
-	Family               *CreateSocketRequest_SocketFamily   `protobuf:"varint,1,req,name=family,enum=appengine.CreateSocketRequest_SocketFamily" json:"family,omitempty"`
-	Protocol             *CreateSocketRequest_SocketProtocol `protobuf:"varint,2,req,name=protocol,enum=appengine.CreateSocketRequest_SocketProtocol" json:"protocol,omitempty"`
-	SocketOptions        []*SocketOption                     `protobuf:"bytes,3,rep,name=socket_options,json=socketOptions" json:"socket_options,omitempty"`
-	ProxyExternalIp      *AddressPort                        `protobuf:"bytes,4,opt,name=proxy_external_ip,json=proxyExternalIp" json:"proxy_external_ip,omitempty"`
-	ListenBacklog        *int32                              `protobuf:"varint,5,opt,name=listen_backlog,json=listenBacklog,def=0" json:"listen_backlog,omitempty"`
-	RemoteIp             *AddressPort                        `protobuf:"bytes,6,opt,name=remote_ip,json=remoteIp" json:"remote_ip,omitempty"`
-	AppId                *string                             `protobuf:"bytes,9,opt,name=app_id,json=appId" json:"app_id,omitempty"`
-	ProjectId            *int64                              `protobuf:"varint,10,opt,name=project_id,json=projectId" json:"project_id,omitempty"`
-	XXX_NoUnkeyedLiteral struct{}                            `json:"-"`
-	XXX_unrecognized     []byte                              `json:"-"`
-	XXX_sizecache        int32                               `json:"-"`
-}
-
-func (m *CreateSocketRequest) Reset()         { *m = CreateSocketRequest{} }
-func (m *CreateSocketRequest) String() string { return proto.CompactTextString(m) }
-func (*CreateSocketRequest) ProtoMessage()    {}
-func (*CreateSocketRequest) Descriptor() ([]byte, []int) {
-	return fileDescriptor_socket_service_b5f8f233dc327808, []int{2}
-}
-func (m *CreateSocketRequest) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_CreateSocketRequest.Unmarshal(m, b)
-}
-func (m *CreateSocketRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_CreateSocketRequest.Marshal(b, m, deterministic)
-}
-func (dst *CreateSocketRequest) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_CreateSocketRequest.Merge(dst, src)
-}
-func (m *CreateSocketRequest) XXX_Size() int {
-	return xxx_messageInfo_CreateSocketRequest.Size(m)
-}
-func (m *CreateSocketRequest) XXX_DiscardUnknown() {
-	xxx_messageInfo_CreateSocketRequest.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_CreateSocketRequest proto.InternalMessageInfo
-
-const Default_CreateSocketRequest_ListenBacklog int32 = 0
-
-func (m *CreateSocketRequest) GetFamily() CreateSocketRequest_SocketFamily {
-	if m != nil && m.Family != nil {
-		return *m.Family
-	}
-	return CreateSocketRequest_IPv4
-}
-
-func (m *CreateSocketRequest) GetProtocol() CreateSocketRequest_SocketProtocol {
-	if m != nil && m.Protocol != nil {
-		return *m.Protocol
-	}
-	return CreateSocketRequest_TCP
-}
-
-func (m *CreateSocketRequest) GetSocketOptions() []*SocketOption {
-	if m != nil {
-		return m.SocketOptions
-	}
-	return nil
-}
-
-func (m *CreateSocketRequest) GetProxyExternalIp() *AddressPort {
-	if m != nil {
-		return m.ProxyExternalIp
-	}
-	return nil
-}
-
-func (m *CreateSocketRequest) GetListenBacklog() int32 {
-	if m != nil && m.ListenBacklog != nil {
-		return *m.ListenBacklog
-	}
-	return Default_CreateSocketRequest_ListenBacklog
-}
-
-func (m *CreateSocketRequest) GetRemoteIp() *AddressPort {
-	if m != nil {
-		return m.RemoteIp
-	}
-	return nil
-}
-
-func (m *CreateSocketRequest) GetAppId() string {
-	if m != nil && m.AppId != nil {
-		return *m.AppId
-	}
-	return ""
-}
-
-func (m *CreateSocketRequest) GetProjectId() int64 {
-	if m != nil && m.ProjectId != nil {
-		return *m.ProjectId
-	}
-	return 0
-}
-
-type CreateSocketReply struct {
-	SocketDescriptor             *string      `protobuf:"bytes,1,opt,name=socket_descriptor,json=socketDescriptor" json:"socket_descriptor,omitempty"`
-	ServerAddress                *AddressPort `protobuf:"bytes,3,opt,name=server_address,json=serverAddress" json:"server_address,omitempty"`
-	ProxyExternalIp              *AddressPort `protobuf:"bytes,4,opt,name=proxy_external_ip,json=proxyExternalIp" json:"proxy_external_ip,omitempty"`
-	XXX_NoUnkeyedLiteral         struct{}     `json:"-"`
-	proto.XXX_InternalExtensions `json:"-"`
-	XXX_unrecognized             []byte `json:"-"`
-	XXX_sizecache                int32  `json:"-"`
-}
-
-func (m *CreateSocketReply) Reset()         { *m = CreateSocketReply{} }
-func (m *CreateSocketReply) String() string { return proto.CompactTextString(m) }
-func (*CreateSocketReply) ProtoMessage()    {}
-func (*CreateSocketReply) Descriptor() ([]byte, []int) {
-	return fileDescriptor_socket_service_b5f8f233dc327808, []int{3}
-}
-
-var extRange_CreateSocketReply = []proto.ExtensionRange{
-	{Start: 1000, End: 536870911},
-}
-
-func (*CreateSocketReply) ExtensionRangeArray() []proto.ExtensionRange {
-	return extRange_CreateSocketReply
-}
-func (m *CreateSocketReply) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_CreateSocketReply.Unmarshal(m, b)
-}
-func (m *CreateSocketReply) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_CreateSocketReply.Marshal(b, m, deterministic)
-}
-func (dst *CreateSocketReply) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_CreateSocketReply.Merge(dst, src)
-}
-func (m *CreateSocketReply) XXX_Size() int {
-	return xxx_messageInfo_CreateSocketReply.Size(m)
-}
-func (m *CreateSocketReply) XXX_DiscardUnknown() {
-	xxx_messageInfo_CreateSocketReply.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_CreateSocketReply proto.InternalMessageInfo
-
-func (m *CreateSocketReply) GetSocketDescriptor() string {
-	if m != nil && m.SocketDescriptor != nil {
-		return *m.SocketDescriptor
-	}
-	return ""
-}
-
-func (m *CreateSocketReply) GetServerAddress() *AddressPort {
-	if m != nil {
-		return m.ServerAddress
-	}
-	return nil
-}
-
-func (m *CreateSocketReply) GetProxyExternalIp() *AddressPort {
-	if m != nil {
-		return m.ProxyExternalIp
-	}
-	return nil
-}
-
-type BindRequest struct {
-	SocketDescriptor     *string      `protobuf:"bytes,1,req,name=socket_descriptor,json=socketDescriptor" json:"socket_descriptor,omitempty"`
-	ProxyExternalIp      *AddressPort `protobuf:"bytes,2,req,name=proxy_external_ip,json=proxyExternalIp" json:"proxy_external_ip,omitempty"`
-	XXX_NoUnkeyedLiteral struct{}     `json:"-"`
-	XXX_unrecognized     []byte       `json:"-"`
-	XXX_sizecache        int32        `json:"-"`
-}
-
-func (m *BindRequest) Reset()         { *m = BindRequest{} }
-func (m *BindRequest) String() string { return proto.CompactTextString(m) }
-func (*BindRequest) ProtoMessage()    {}
-func (*BindRequest) Descriptor() ([]byte, []int) {
-	return fileDescriptor_socket_service_b5f8f233dc327808, []int{4}
-}
-func (m *BindRequest) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_BindRequest.Unmarshal(m, b)
-}
-func (m *BindRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_BindRequest.Marshal(b, m, deterministic)
-}
-func (dst *BindRequest) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_BindRequest.Merge(dst, src)
-}
-func (m *BindRequest) XXX_Size() int {
-	return xxx_messageInfo_BindRequest.Size(m)
-}
-func (m *BindRequest) XXX_DiscardUnknown() {
-	xxx_messageInfo_BindRequest.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_BindRequest proto.InternalMessageInfo
-
-func (m *BindRequest) GetSocketDescriptor() string {
-	if m != nil && m.SocketDescriptor != nil {
-		return *m.SocketDescriptor
-	}
-	return ""
-}
-
-func (m *BindRequest) GetProxyExternalIp() *AddressPort {
-	if m != nil {
-		return m.ProxyExternalIp
-	}
-	return nil
-}
-
-type BindReply struct {
-	ProxyExternalIp      *AddressPort `protobuf:"bytes,1,opt,name=proxy_external_ip,json=proxyExternalIp" json:"proxy_external_ip,omitempty"`
-	XXX_NoUnkeyedLiteral struct{}     `json:"-"`
-	XXX_unrecognized     []byte       `json:"-"`
-	XXX_sizecache        int32        `json:"-"`
-}
-
-func (m *BindReply) Reset()         { *m = BindReply{} }
-func (m *BindReply) String() string { return proto.CompactTextString(m) }
-func (*BindReply) ProtoMessage()    {}
-func (*BindReply) Descriptor() ([]byte, []int) {
-	return fileDescriptor_socket_service_b5f8f233dc327808, []int{5}
-}
-func (m *BindReply) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_BindReply.Unmarshal(m, b)
-}
-func (m *BindReply) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_BindReply.Marshal(b, m, deterministic)
-}
-func (dst *BindReply) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_BindReply.Merge(dst, src)
-}
-func (m *BindReply) XXX_Size() int {
-	return xxx_messageInfo_BindReply.Size(m)
-}
-func (m *BindReply) XXX_DiscardUnknown() {
-	xxx_messageInfo_BindReply.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_BindReply proto.InternalMessageInfo
-
-func (m *BindReply) GetProxyExternalIp() *AddressPort {
-	if m != nil {
-		return m.ProxyExternalIp
-	}
-	return nil
-}
-
-type GetSocketNameRequest struct {
-	SocketDescriptor     *string  `protobuf:"bytes,1,req,name=socket_descriptor,json=socketDescriptor" json:"socket_descriptor,omitempty"`
-	XXX_NoUnkeyedLiteral struct{} `json:"-"`
-	XXX_unrecognized     []byte   `json:"-"`
-	XXX_sizecache        int32    `json:"-"`
-}
-
-func (m *GetSocketNameRequest) Reset()         { *m = GetSocketNameRequest{} }
-func (m *GetSocketNameRequest) String() string { return proto.CompactTextString(m) }
-func (*GetSocketNameRequest) ProtoMessage()    {}
-func (*GetSocketNameRequest) Descriptor() ([]byte, []int) {
-	return fileDescriptor_socket_service_b5f8f233dc327808, []int{6}
-}
-func (m *GetSocketNameRequest) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_GetSocketNameRequest.Unmarshal(m, b)
-}
-func (m *GetSocketNameRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_GetSocketNameRequest.Marshal(b, m, deterministic)
-}
-func (dst *GetSocketNameRequest) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_GetSocketNameRequest.Merge(dst, src)
-}
-func (m *GetSocketNameRequest) XXX_Size() int {
-	return xxx_messageInfo_GetSocketNameRequest.Size(m)
-}
-func (m *GetSocketNameRequest) XXX_DiscardUnknown() {
-	xxx_messageInfo_GetSocketNameRequest.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_GetSocketNameRequest proto.InternalMessageInfo
-
-func (m *GetSocketNameRequest) GetSocketDescriptor() string {
-	if m != nil && m.SocketDescriptor != nil {
-		return *m.SocketDescriptor
-	}
-	return ""
-}
-
-type GetSocketNameReply struct {
-	ProxyExternalIp      *AddressPort `protobuf:"bytes,2,opt,name=proxy_external_ip,json=proxyExternalIp" json:"proxy_external_ip,omitempty"`
-	XXX_NoUnkeyedLiteral struct{}     `json:"-"`
-	XXX_unrecognized     []byte       `json:"-"`
-	XXX_sizecache        int32        `json:"-"`
-}
-
-func (m *GetSocketNameReply) Reset()         { *m = GetSocketNameReply{} }
-func (m *GetSocketNameReply) String() string { return proto.CompactTextString(m) }
-func (*GetSocketNameReply) ProtoMessage()    {}
-func (*GetSocketNameReply) Descriptor() ([]byte, []int) {
-	return fileDescriptor_socket_service_b5f8f233dc327808, []int{7}
-}
-func (m *GetSocketNameReply) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_GetSocketNameReply.Unmarshal(m, b)
-}
-func (m *GetSocketNameReply) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_GetSocketNameReply.Marshal(b, m, deterministic)
-}
-func (dst *GetSocketNameReply) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_GetSocketNameReply.Merge(dst, src)
-}
-func (m *GetSocketNameReply) XXX_Size() int {
-	return xxx_messageInfo_GetSocketNameReply.Size(m)
-}
-func (m *GetSocketNameReply) XXX_DiscardUnknown() {
-	xxx_messageInfo_GetSocketNameReply.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_GetSocketNameReply proto.InternalMessageInfo
-
-func (m *GetSocketNameReply) GetProxyExternalIp() *AddressPort {
-	if m != nil {
-		return m.ProxyExternalIp
-	}
-	return nil
-}
-
-type GetPeerNameRequest struct {
-	SocketDescriptor     *string  `protobuf:"bytes,1,req,name=socket_descriptor,json=socketDescriptor" json:"socket_descriptor,omitempty"`
-	XXX_NoUnkeyedLiteral struct{} `json:"-"`
-	XXX_unrecognized     []byte   `json:"-"`
-	XXX_sizecache        int32    `json:"-"`
-}
-
-func (m *GetPeerNameRequest) Reset()         { *m = GetPeerNameRequest{} }
-func (m *GetPeerNameRequest) String() string { return proto.CompactTextString(m) }
-func (*GetPeerNameRequest) ProtoMessage()    {}
-func (*GetPeerNameRequest) Descriptor() ([]byte, []int) {
-	return fileDescriptor_socket_service_b5f8f233dc327808, []int{8}
-}
-func (m *GetPeerNameRequest) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_GetPeerNameRequest.Unmarshal(m, b)
-}
-func (m *GetPeerNameRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_GetPeerNameRequest.Marshal(b, m, deterministic)
-}
-func (dst *GetPeerNameRequest) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_GetPeerNameRequest.Merge(dst, src)
-}
-func (m *GetPeerNameRequest) XXX_Size() int {
-	return xxx_messageInfo_GetPeerNameRequest.Size(m)
-}
-func (m *GetPeerNameRequest) XXX_DiscardUnknown() {
-	xxx_messageInfo_GetPeerNameRequest.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_GetPeerNameRequest proto.InternalMessageInfo
-
-func (m *GetPeerNameRequest) GetSocketDescriptor() string {
-	if m != nil && m.SocketDescriptor != nil {
-		return *m.SocketDescriptor
-	}
-	return ""
-}
-
-type GetPeerNameReply struct {
-	PeerIp               *AddressPort `protobuf:"bytes,2,opt,name=peer_ip,json=peerIp" json:"peer_ip,omitempty"`
-	XXX_NoUnkeyedLiteral struct{}     `json:"-"`
-	XXX_unrecognized     []byte       `json:"-"`
-	XXX_sizecache        int32        `json:"-"`
-}
-
-func (m *GetPeerNameReply) Reset()         { *m = GetPeerNameReply{} }
-func (m *GetPeerNameReply) String() string { return proto.CompactTextString(m) }
-func (*GetPeerNameReply) ProtoMessage()    {}
-func (*GetPeerNameReply) Descriptor() ([]byte, []int) {
-	return fileDescriptor_socket_service_b5f8f233dc327808, []int{9}
-}
-func (m *GetPeerNameReply) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_GetPeerNameReply.Unmarshal(m, b)
-}
-func (m *GetPeerNameReply) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_GetPeerNameReply.Marshal(b, m, deterministic)
-}
-func (dst *GetPeerNameReply) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_GetPeerNameReply.Merge(dst, src)
-}
-func (m *GetPeerNameReply) XXX_Size() int {
-	return xxx_messageInfo_GetPeerNameReply.Size(m)
-}
-func (m *GetPeerNameReply) XXX_DiscardUnknown() {
-	xxx_messageInfo_GetPeerNameReply.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_GetPeerNameReply proto.InternalMessageInfo
-
-func (m *GetPeerNameReply) GetPeerIp() *AddressPort {
-	if m != nil {
-		return m.PeerIp
-	}
-	return nil
-}
-
-type SocketOption struct {
-	Level                *SocketOption_SocketOptionLevel `protobuf:"varint,1,req,name=level,enum=appengine.SocketOption_SocketOptionLevel" json:"level,omitempty"`
-	Option               *SocketOption_SocketOptionName  `protobuf:"varint,2,req,name=option,enum=appengine.SocketOption_SocketOptionName" json:"option,omitempty"`
-	Value                []byte                          `protobuf:"bytes,3,req,name=value" json:"value,omitempty"`
-	XXX_NoUnkeyedLiteral struct{}                        `json:"-"`
-	XXX_unrecognized     []byte                          `json:"-"`
-	XXX_sizecache        int32                           `json:"-"`
-}
-
-func (m *SocketOption) Reset()         { *m = SocketOption{} }
-func (m *SocketOption) String() string { return proto.CompactTextString(m) }
-func (*SocketOption) ProtoMessage()    {}
-func (*SocketOption) Descriptor() ([]byte, []int) {
-	return fileDescriptor_socket_service_b5f8f233dc327808, []int{10}
-}
-func (m *SocketOption) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_SocketOption.Unmarshal(m, b)
-}
-func (m *SocketOption) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_SocketOption.Marshal(b, m, deterministic)
-}
-func (dst *SocketOption) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_SocketOption.Merge(dst, src)
-}
-func (m *SocketOption) XXX_Size() int {
-	return xxx_messageInfo_SocketOption.Size(m)
-}
-func (m *SocketOption) XXX_DiscardUnknown() {
-	xxx_messageInfo_SocketOption.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_SocketOption proto.InternalMessageInfo
-
-func (m *SocketOption) GetLevel() SocketOption_SocketOptionLevel {
-	if m != nil && m.Level != nil {
-		return *m.Level
-	}
-	return SocketOption_SOCKET_SOL_IP
-}
-
-func (m *SocketOption) GetOption() SocketOption_SocketOptionName {
-	if m != nil && m.Option != nil {
-		return *m.Option
-	}
-	return SocketOption_SOCKET_SO_DEBUG
-}
-
-func (m *SocketOption) GetValue() []byte {
-	if m != nil {
-		return m.Value
-	}
-	return nil
-}
-
-type SetSocketOptionsRequest struct {
-	SocketDescriptor     *string         `protobuf:"bytes,1,req,name=socket_descriptor,json=socketDescriptor" json:"socket_descriptor,omitempty"`
-	Options              []*SocketOption `protobuf:"bytes,2,rep,name=options" json:"options,omitempty"`
-	XXX_NoUnkeyedLiteral struct{}        `json:"-"`
-	XXX_unrecognized     []byte          `json:"-"`
-	XXX_sizecache        int32           `json:"-"`
-}
-
-func (m *SetSocketOptionsRequest) Reset()         { *m = SetSocketOptionsRequest{} }
-func (m *SetSocketOptionsRequest) String() string { return proto.CompactTextString(m) }
-func (*SetSocketOptionsRequest) ProtoMessage()    {}
-func (*SetSocketOptionsRequest) Descriptor() ([]byte, []int) {
-	return fileDescriptor_socket_service_b5f8f233dc327808, []int{11}
-}
-func (m *SetSocketOptionsRequest) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_SetSocketOptionsRequest.Unmarshal(m, b)
-}
-func (m *SetSocketOptionsRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_SetSocketOptionsRequest.Marshal(b, m, deterministic)
-}
-func (dst *SetSocketOptionsRequest) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_SetSocketOptionsRequest.Merge(dst, src)
-}
-func (m *SetSocketOptionsRequest) XXX_Size() int {
-	return xxx_messageInfo_SetSocketOptionsRequest.Size(m)
-}
-func (m *SetSocketOptionsRequest) XXX_DiscardUnknown() {
-	xxx_messageInfo_SetSocketOptionsRequest.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_SetSocketOptionsRequest proto.InternalMessageInfo
-
-func (m *SetSocketOptionsRequest) GetSocketDescriptor() string {
-	if m != nil && m.SocketDescriptor != nil {
-		return *m.SocketDescriptor
-	}
-	return ""
-}
-
-func (m *SetSocketOptionsRequest) GetOptions() []*SocketOption {
-	if m != nil {
-		return m.Options
-	}
-	return nil
-}
-
-type SetSocketOptionsReply struct {
-	XXX_NoUnkeyedLiteral struct{} `json:"-"`
-	XXX_unrecognized     []byte   `json:"-"`
-	XXX_sizecache        int32    `json:"-"`
-}
-
-func (m *SetSocketOptionsReply) Reset()         { *m = SetSocketOptionsReply{} }
-func (m *SetSocketOptionsReply) String() string { return proto.CompactTextString(m) }
-func (*SetSocketOptionsReply) ProtoMessage()    {}
-func (*SetSocketOptionsReply) Descriptor() ([]byte, []int) {
-	return fileDescriptor_socket_service_b5f8f233dc327808, []int{12}
-}
-func (m *SetSocketOptionsReply) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_SetSocketOptionsReply.Unmarshal(m, b)
-}
-func (m *SetSocketOptionsReply) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_SetSocketOptionsReply.Marshal(b, m, deterministic)
-}
-func (dst *SetSocketOptionsReply) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_SetSocketOptionsReply.Merge(dst, src)
-}
-func (m *SetSocketOptionsReply) XXX_Size() int {
-	return xxx_messageInfo_SetSocketOptionsReply.Size(m)
-}
-func (m *SetSocketOptionsReply) XXX_DiscardUnknown() {
-	xxx_messageInfo_SetSocketOptionsReply.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_SetSocketOptionsReply proto.InternalMessageInfo
-
-type GetSocketOptionsRequest struct {
-	SocketDescriptor     *string         `protobuf:"bytes,1,req,name=socket_descriptor,json=socketDescriptor" json:"socket_descriptor,omitempty"`
-	Options              []*SocketOption `protobuf:"bytes,2,rep,name=options" json:"options,omitempty"`
-	XXX_NoUnkeyedLiteral struct{}        `json:"-"`
-	XXX_unrecognized     []byte          `json:"-"`
-	XXX_sizecache        int32           `json:"-"`
-}
-
-func (m *GetSocketOptionsRequest) Reset()         { *m = GetSocketOptionsRequest{} }
-func (m *GetSocketOptionsRequest) String() string { return proto.CompactTextString(m) }
-func (*GetSocketOptionsRequest) ProtoMessage()    {}
-func (*GetSocketOptionsRequest) Descriptor() ([]byte, []int) {
-	return fileDescriptor_socket_service_b5f8f233dc327808, []int{13}
-}
-func (m *GetSocketOptionsRequest) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_GetSocketOptionsRequest.Unmarshal(m, b)
-}
-func (m *GetSocketOptionsRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_GetSocketOptionsRequest.Marshal(b, m, deterministic)
-}
-func (dst *GetSocketOptionsRequest) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_GetSocketOptionsRequest.Merge(dst, src)
-}
-func (m *GetSocketOptionsRequest) XXX_Size() int {
-	return xxx_messageInfo_GetSocketOptionsRequest.Size(m)
-}
-func (m *GetSocketOptionsRequest) XXX_DiscardUnknown() {
-	xxx_messageInfo_GetSocketOptionsRequest.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_GetSocketOptionsRequest proto.InternalMessageInfo
-
-func (m *GetSocketOptionsRequest) GetSocketDescriptor() string {
-	if m != nil && m.SocketDescriptor != nil {
-		return *m.SocketDescriptor
-	}
-	return ""
-}
-
-func (m *GetSocketOptionsRequest) GetOptions() []*SocketOption {
-	if m != nil {
-		return m.Options
-	}
-	return nil
-}
-
-type GetSocketOptionsReply struct {
-	Options              []*SocketOption `protobuf:"bytes,2,rep,name=options" json:"options,omitempty"`
-	XXX_NoUnkeyedLiteral struct{}        `json:"-"`
-	XXX_unrecognized     []byte          `json:"-"`
-	XXX_sizecache        int32           `json:"-"`
-}
-
-func (m *GetSocketOptionsReply) Reset()         { *m = GetSocketOptionsReply{} }
-func (m *GetSocketOptionsReply) String() string { return proto.CompactTextString(m) }
-func (*GetSocketOptionsReply) ProtoMessage()    {}
-func (*GetSocketOptionsReply) Descriptor() ([]byte, []int) {
-	return fileDescriptor_socket_service_b5f8f233dc327808, []int{14}
-}
-func (m *GetSocketOptionsReply) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_GetSocketOptionsReply.Unmarshal(m, b)
-}
-func (m *GetSocketOptionsReply) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_GetSocketOptionsReply.Marshal(b, m, deterministic)
-}
-func (dst *GetSocketOptionsReply) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_GetSocketOptionsReply.Merge(dst, src)
-}
-func (m *GetSocketOptionsReply) XXX_Size() int {
-	return xxx_messageInfo_GetSocketOptionsReply.Size(m)
-}
-func (m *GetSocketOptionsReply) XXX_DiscardUnknown() {
-	xxx_messageInfo_GetSocketOptionsReply.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_GetSocketOptionsReply proto.InternalMessageInfo
-
-func (m *GetSocketOptionsReply) GetOptions() []*SocketOption {
-	if m != nil {
-		return m.Options
-	}
-	return nil
-}
-
-type ConnectRequest struct {
-	SocketDescriptor     *string      `protobuf:"bytes,1,req,name=socket_descriptor,json=socketDescriptor" json:"socket_descriptor,omitempty"`
-	RemoteIp             *AddressPort `protobuf:"bytes,2,req,name=remote_ip,json=remoteIp" json:"remote_ip,omitempty"`
-	TimeoutSeconds       *float64     `protobuf:"fixed64,3,opt,name=timeout_seconds,json=timeoutSeconds,def=-1" json:"timeout_seconds,omitempty"`
-	XXX_NoUnkeyedLiteral struct{}     `json:"-"`
-	XXX_unrecognized     []byte       `json:"-"`
-	XXX_sizecache        int32        `json:"-"`
-}
-
-func (m *ConnectRequest) Reset()         { *m = ConnectRequest{} }
-func (m *ConnectRequest) String() string { return proto.CompactTextString(m) }
-func (*ConnectRequest) ProtoMessage()    {}
-func (*ConnectRequest) Descriptor() ([]byte, []int) {
-	return fileDescriptor_socket_service_b5f8f233dc327808, []int{15}
-}
-func (m *ConnectRequest) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_ConnectRequest.Unmarshal(m, b)
-}
-func (m *ConnectRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_ConnectRequest.Marshal(b, m, deterministic)
-}
-func (dst *ConnectRequest) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_ConnectRequest.Merge(dst, src)
-}
-func (m *ConnectRequest) XXX_Size() int {
-	return xxx_messageInfo_ConnectRequest.Size(m)
-}
-func (m *ConnectRequest) XXX_DiscardUnknown() {
-	xxx_messageInfo_ConnectRequest.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_ConnectRequest proto.InternalMessageInfo
-
-const Default_ConnectRequest_TimeoutSeconds float64 = -1
-
-func (m *ConnectRequest) GetSocketDescriptor() string {
-	if m != nil && m.SocketDescriptor != nil {
-		return *m.SocketDescriptor
-	}
-	return ""
-}
-
-func (m *ConnectRequest) GetRemoteIp() *AddressPort {
-	if m != nil {
-		return m.RemoteIp
-	}
-	return nil
-}
-
-func (m *ConnectRequest) GetTimeoutSeconds() float64 {
-	if m != nil && m.TimeoutSeconds != nil {
-		return *m.TimeoutSeconds
-	}
-	return Default_ConnectRequest_TimeoutSeconds
-}
-
-type ConnectReply struct {
-	ProxyExternalIp              *AddressPort `protobuf:"bytes,1,opt,name=proxy_external_ip,json=proxyExternalIp" json:"proxy_external_ip,omitempty"`
-	XXX_NoUnkeyedLiteral         struct{}     `json:"-"`
-	proto.XXX_InternalExtensions `json:"-"`
-	XXX_unrecognized             []byte `json:"-"`
-	XXX_sizecache                int32  `json:"-"`
-}
-
-func (m *ConnectReply) Reset()         { *m = ConnectReply{} }
-func (m *ConnectReply) String() string { return proto.CompactTextString(m) }
-func (*ConnectReply) ProtoMessage()    {}
-func (*ConnectReply) Descriptor() ([]byte, []int) {
-	return fileDescriptor_socket_service_b5f8f233dc327808, []int{16}
-}
-
-var extRange_ConnectReply = []proto.ExtensionRange{
-	{Start: 1000, End: 536870911},
-}
-
-func (*ConnectReply) ExtensionRangeArray() []proto.ExtensionRange {
-	return extRange_ConnectReply
-}
-func (m *ConnectReply) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_ConnectReply.Unmarshal(m, b)
-}
-func (m *ConnectReply) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_ConnectReply.Marshal(b, m, deterministic)
-}
-func (dst *ConnectReply) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_ConnectReply.Merge(dst, src)
-}
-func (m *ConnectReply) XXX_Size() int {
-	return xxx_messageInfo_ConnectReply.Size(m)
-}
-func (m *ConnectReply) XXX_DiscardUnknown() {
-	xxx_messageInfo_ConnectReply.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_ConnectReply proto.InternalMessageInfo
-
-func (m *ConnectReply) GetProxyExternalIp() *AddressPort {
-	if m != nil {
-		return m.ProxyExternalIp
-	}
-	return nil
-}
-
-type ListenRequest struct {
-	SocketDescriptor     *string  `protobuf:"bytes,1,req,name=socket_descriptor,json=socketDescriptor" json:"socket_descriptor,omitempty"`
-	Backlog              *int32   `protobuf:"varint,2,req,name=backlog" json:"backlog,omitempty"`
-	XXX_NoUnkeyedLiteral struct{} `json:"-"`
-	XXX_unrecognized     []byte   `json:"-"`
-	XXX_sizecache        int32    `json:"-"`
-}
-
-func (m *ListenRequest) Reset()         { *m = ListenRequest{} }
-func (m *ListenRequest) String() string { return proto.CompactTextString(m) }
-func (*ListenRequest) ProtoMessage()    {}
-func (*ListenRequest) Descriptor() ([]byte, []int) {
-	return fileDescriptor_socket_service_b5f8f233dc327808, []int{17}
-}
-func (m *ListenRequest) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_ListenRequest.Unmarshal(m, b)
-}
-func (m *ListenRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_ListenRequest.Marshal(b, m, deterministic)
-}
-func (dst *ListenRequest) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_ListenRequest.Merge(dst, src)
-}
-func (m *ListenRequest) XXX_Size() int {
-	return xxx_messageInfo_ListenRequest.Size(m)
-}
-func (m *ListenRequest) XXX_DiscardUnknown() {
-	xxx_messageInfo_ListenRequest.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_ListenRequest proto.InternalMessageInfo
-
-func (m *ListenRequest) GetSocketDescriptor() string {
-	if m != nil && m.SocketDescriptor != nil {
-		return *m.SocketDescriptor
-	}
-	return ""
-}
-
-func (m *ListenRequest) GetBacklog() int32 {
-	if m != nil && m.Backlog != nil {
-		return *m.Backlog
-	}
-	return 0
-}
-
-type ListenReply struct {
-	XXX_NoUnkeyedLiteral struct{} `json:"-"`
-	XXX_unrecognized     []byte   `json:"-"`
-	XXX_sizecache        int32    `json:"-"`
-}
-
-func (m *ListenReply) Reset()         { *m = ListenReply{} }
-func (m *ListenReply) String() string { return proto.CompactTextString(m) }
-func (*ListenReply) ProtoMessage()    {}
-func (*ListenReply) Descriptor() ([]byte, []int) {
-	return fileDescriptor_socket_service_b5f8f233dc327808, []int{18}
-}
-func (m *ListenReply) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_ListenReply.Unmarshal(m, b)
-}
-func (m *ListenReply) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_ListenReply.Marshal(b, m, deterministic)
-}
-func (dst *ListenReply) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_ListenReply.Merge(dst, src)
-}
-func (m *ListenReply) XXX_Size() int {
-	return xxx_messageInfo_ListenReply.Size(m)
-}
-func (m *ListenReply) XXX_DiscardUnknown() {
-	xxx_messageInfo_ListenReply.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_ListenReply proto.InternalMessageInfo
-
-type AcceptRequest struct {
-	SocketDescriptor     *string  `protobuf:"bytes,1,req,name=socket_descriptor,json=socketDescriptor" json:"socket_descriptor,omitempty"`
-	TimeoutSeconds       *float64 `protobuf:"fixed64,2,opt,name=timeout_seconds,json=timeoutSeconds,def=-1" json:"timeout_seconds,omitempty"`
-	XXX_NoUnkeyedLiteral struct{} `json:"-"`
-	XXX_unrecognized     []byte   `json:"-"`
-	XXX_sizecache        int32    `json:"-"`
-}
-
-func (m *AcceptRequest) Reset()         { *m = AcceptRequest{} }
-func (m *AcceptRequest) String() string { return proto.CompactTextString(m) }
-func (*AcceptRequest) ProtoMessage()    {}
-func (*AcceptRequest) Descriptor() ([]byte, []int) {
-	return fileDescriptor_socket_service_b5f8f233dc327808, []int{19}
-}
-func (m *AcceptRequest) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_AcceptRequest.Unmarshal(m, b)
-}
-func (m *AcceptRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_AcceptRequest.Marshal(b, m, deterministic)
-}
-func (dst *AcceptRequest) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_AcceptRequest.Merge(dst, src)
-}
-func (m *AcceptRequest) XXX_Size() int {
-	return xxx_messageInfo_AcceptRequest.Size(m)
-}
-func (m *AcceptRequest) XXX_DiscardUnknown() {
-	xxx_messageInfo_AcceptRequest.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_AcceptRequest proto.InternalMessageInfo
-
-const Default_AcceptRequest_TimeoutSeconds float64 = -1
-
-func (m *AcceptRequest) GetSocketDescriptor() string {
-	if m != nil && m.SocketDescriptor != nil {
-		return *m.SocketDescriptor
-	}
-	return ""
-}
-
-func (m *AcceptRequest) GetTimeoutSeconds() float64 {
-	if m != nil && m.TimeoutSeconds != nil {
-		return *m.TimeoutSeconds
-	}
-	return Default_AcceptRequest_TimeoutSeconds
-}
-
-type AcceptReply struct {
-	NewSocketDescriptor  []byte       `protobuf:"bytes,2,opt,name=new_socket_descriptor,json=newSocketDescriptor" json:"new_socket_descriptor,omitempty"`
-	RemoteAddress        *AddressPort `protobuf:"bytes,3,opt,name=remote_address,json=remoteAddress" json:"remote_address,omitempty"`
-	XXX_NoUnkeyedLiteral struct{}     `json:"-"`
-	XXX_unrecognized     []byte       `json:"-"`
-	XXX_sizecache        int32        `json:"-"`
-}
-
-func (m *AcceptReply) Reset()         { *m = AcceptReply{} }
-func (m *AcceptReply) String() string { return proto.CompactTextString(m) }
-func (*AcceptReply) ProtoMessage()    {}
-func (*AcceptReply) Descriptor() ([]byte, []int) {
-	return fileDescriptor_socket_service_b5f8f233dc327808, []int{20}
-}
-func (m *AcceptReply) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_AcceptReply.Unmarshal(m, b)
-}
-func (m *AcceptReply) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_AcceptReply.Marshal(b, m, deterministic)
-}
-func (dst *AcceptReply) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_AcceptReply.Merge(dst, src)
-}
-func (m *AcceptReply) XXX_Size() int {
-	return xxx_messageInfo_AcceptReply.Size(m)
-}
-func (m *AcceptReply) XXX_DiscardUnknown() {
-	xxx_messageInfo_AcceptReply.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_AcceptReply proto.InternalMessageInfo
-
-func (m *AcceptReply) GetNewSocketDescriptor() []byte {
-	if m != nil {
-		return m.NewSocketDescriptor
-	}
-	return nil
-}
-
-func (m *AcceptReply) GetRemoteAddress() *AddressPort {
-	if m != nil {
-		return m.RemoteAddress
-	}
-	return nil
-}
-
-type ShutDownRequest struct {
-	SocketDescriptor     *string              `protobuf:"bytes,1,req,name=socket_descriptor,json=socketDescriptor" json:"socket_descriptor,omitempty"`
-	How                  *ShutDownRequest_How `protobuf:"varint,2,req,name=how,enum=appengine.ShutDownRequest_How" json:"how,omitempty"`
-	SendOffset           *int64               `protobuf:"varint,3,req,name=send_offset,json=sendOffset" json:"send_offset,omitempty"`
-	XXX_NoUnkeyedLiteral struct{}             `json:"-"`
-	XXX_unrecognized     []byte               `json:"-"`
-	XXX_sizecache        int32                `json:"-"`
-}
-
-func (m *ShutDownRequest) Reset()         { *m = ShutDownRequest{} }
-func (m *ShutDownRequest) String() string { return proto.CompactTextString(m) }
-func (*ShutDownRequest) ProtoMessage()    {}
-func (*ShutDownRequest) Descriptor() ([]byte, []int) {
-	return fileDescriptor_socket_service_b5f8f233dc327808, []int{21}
-}
-func (m *ShutDownRequest) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_ShutDownRequest.Unmarshal(m, b)
-}
-func (m *ShutDownRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_ShutDownRequest.Marshal(b, m, deterministic)
-}
-func (dst *ShutDownRequest) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_ShutDownRequest.Merge(dst, src)
-}
-func (m *ShutDownRequest) XXX_Size() int {
-	return xxx_messageInfo_ShutDownRequest.Size(m)
-}
-func (m *ShutDownRequest) XXX_DiscardUnknown() {
-	xxx_messageInfo_ShutDownRequest.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_ShutDownRequest proto.InternalMessageInfo
-
-func (m *ShutDownRequest) GetSocketDescriptor() string {
-	if m != nil && m.SocketDescriptor != nil {
-		return *m.SocketDescriptor
-	}
-	return ""
-}
-
-func (m *ShutDownRequest) GetHow() ShutDownRequest_How {
-	if m != nil && m.How != nil {
-		return *m.How
-	}
-	return ShutDownRequest_SOCKET_SHUT_RD
-}
-
-func (m *ShutDownRequest) GetSendOffset() int64 {
-	if m != nil && m.SendOffset != nil {
-		return *m.SendOffset
-	}
-	return 0
-}
-
-type ShutDownReply struct {
-	XXX_NoUnkeyedLiteral struct{} `json:"-"`
-	XXX_unrecognized     []byte   `json:"-"`
-	XXX_sizecache        int32    `json:"-"`
-}
-
-func (m *ShutDownReply) Reset()         { *m = ShutDownReply{} }
-func (m *ShutDownReply) String() string { return proto.CompactTextString(m) }
-func (*ShutDownReply) ProtoMessage()    {}
-func (*ShutDownReply) Descriptor() ([]byte, []int) {
-	return fileDescriptor_socket_service_b5f8f233dc327808, []int{22}
-}
-func (m *ShutDownReply) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_ShutDownReply.Unmarshal(m, b)
-}
-func (m *ShutDownReply) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_ShutDownReply.Marshal(b, m, deterministic)
-}
-func (dst *ShutDownReply) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_ShutDownReply.Merge(dst, src)
-}
-func (m *ShutDownReply) XXX_Size() int {
-	return xxx_messageInfo_ShutDownReply.Size(m)
-}
-func (m *ShutDownReply) XXX_DiscardUnknown() {
-	xxx_messageInfo_ShutDownReply.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_ShutDownReply proto.InternalMessageInfo
-
-type CloseRequest struct {
-	SocketDescriptor     *string  `protobuf:"bytes,1,req,name=socket_descriptor,json=socketDescriptor" json:"socket_descriptor,omitempty"`
-	SendOffset           *int64   `protobuf:"varint,2,opt,name=send_offset,json=sendOffset,def=-1" json:"send_offset,omitempty"`
-	XXX_NoUnkeyedLiteral struct{} `json:"-"`
-	XXX_unrecognized     []byte   `json:"-"`
-	XXX_sizecache        int32    `json:"-"`
-}
-
-func (m *CloseRequest) Reset()         { *m = CloseRequest{} }
-func (m *CloseRequest) String() string { return proto.CompactTextString(m) }
-func (*CloseRequest) ProtoMessage()    {}
-func (*CloseRequest) Descriptor() ([]byte, []int) {
-	return fileDescriptor_socket_service_b5f8f233dc327808, []int{23}
-}
-func (m *CloseRequest) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_CloseRequest.Unmarshal(m, b)
-}
-func (m *CloseRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_CloseRequest.Marshal(b, m, deterministic)
-}
-func (dst *CloseRequest) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_CloseRequest.Merge(dst, src)
-}
-func (m *CloseRequest) XXX_Size() int {
-	return xxx_messageInfo_CloseRequest.Size(m)
-}
-func (m *CloseRequest) XXX_DiscardUnknown() {
-	xxx_messageInfo_CloseRequest.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_CloseRequest proto.InternalMessageInfo
-
-const Default_CloseRequest_SendOffset int64 = -1
-
-func (m *CloseRequest) GetSocketDescriptor() string {
-	if m != nil && m.SocketDescriptor != nil {
-		return *m.SocketDescriptor
-	}
-	return ""
-}
-
-func (m *CloseRequest) GetSendOffset() int64 {
-	if m != nil && m.SendOffset != nil {
-		return *m.SendOffset
-	}
-	return Default_CloseRequest_SendOffset
-}
-
-type CloseReply struct {
-	XXX_NoUnkeyedLiteral struct{} `json:"-"`
-	XXX_unrecognized     []byte   `json:"-"`
-	XXX_sizecache        int32    `json:"-"`
-}
-
-func (m *CloseReply) Reset()         { *m = CloseReply{} }
-func (m *CloseReply) String() string { return proto.CompactTextString(m) }
-func (*CloseReply) ProtoMessage()    {}
-func (*CloseReply) Descriptor() ([]byte, []int) {
-	return fileDescriptor_socket_service_b5f8f233dc327808, []int{24}
-}
-func (m *CloseReply) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_CloseReply.Unmarshal(m, b)
-}
-func (m *CloseReply) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_CloseReply.Marshal(b, m, deterministic)
-}
-func (dst *CloseReply) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_CloseReply.Merge(dst, src)
-}
-func (m *CloseReply) XXX_Size() int {
-	return xxx_messageInfo_CloseReply.Size(m)
-}
-func (m *CloseReply) XXX_DiscardUnknown() {
-	xxx_messageInfo_CloseReply.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_CloseReply proto.InternalMessageInfo
-
-type SendRequest struct {
-	SocketDescriptor     *string      `protobuf:"bytes,1,req,name=socket_descriptor,json=socketDescriptor" json:"socket_descriptor,omitempty"`
-	Data                 []byte       `protobuf:"bytes,2,req,name=data" json:"data,omitempty"`
-	StreamOffset         *int64       `protobuf:"varint,3,req,name=stream_offset,json=streamOffset" json:"stream_offset,omitempty"`
-	Flags                *int32       `protobuf:"varint,4,opt,name=flags,def=0" json:"flags,omitempty"`
-	SendTo               *AddressPort `protobuf:"bytes,5,opt,name=send_to,json=sendTo" json:"send_to,omitempty"`
-	TimeoutSeconds       *float64     `protobuf:"fixed64,6,opt,name=timeout_seconds,json=timeoutSeconds,def=-1" json:"timeout_seconds,omitempty"`
-	XXX_NoUnkeyedLiteral struct{}     `json:"-"`
-	XXX_unrecognized     []byte       `json:"-"`
-	XXX_sizecache        int32        `json:"-"`
-}
-
-func (m *SendRequest) Reset()         { *m = SendRequest{} }
-func (m *SendRequest) String() string { return proto.CompactTextString(m) }
-func (*SendRequest) ProtoMessage()    {}
-func (*SendRequest) Descriptor() ([]byte, []int) {
-	return fileDescriptor_socket_service_b5f8f233dc327808, []int{25}
-}
-func (m *SendRequest) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_SendRequest.Unmarshal(m, b)
-}
-func (m *SendRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_SendRequest.Marshal(b, m, deterministic)
-}
-func (dst *SendRequest) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_SendRequest.Merge(dst, src)
-}
-func (m *SendRequest) XXX_Size() int {
-	return xxx_messageInfo_SendRequest.Size(m)
-}
-func (m *SendRequest) XXX_DiscardUnknown() {
-	xxx_messageInfo_SendRequest.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_SendRequest proto.InternalMessageInfo
-
-const Default_SendRequest_Flags int32 = 0
-const Default_SendRequest_TimeoutSeconds float64 = -1
-
-func (m *SendRequest) GetSocketDescriptor() string {
-	if m != nil && m.SocketDescriptor != nil {
-		return *m.SocketDescriptor
-	}
-	return ""
-}
-
-func (m *SendRequest) GetData() []byte {
-	if m != nil {
-		return m.Data
-	}
-	return nil
-}
-
-func (m *SendRequest) GetStreamOffset() int64 {
-	if m != nil && m.StreamOffset != nil {
-		return *m.StreamOffset
-	}
-	return 0
-}
-
-func (m *SendRequest) GetFlags() int32 {
-	if m != nil && m.Flags != nil {
-		return *m.Flags
-	}
-	return Default_SendRequest_Flags
-}
-
-func (m *SendRequest) GetSendTo() *AddressPort {
-	if m != nil {
-		return m.SendTo
-	}
-	return nil
-}
-
-func (m *SendRequest) GetTimeoutSeconds() float64 {
-	if m != nil && m.TimeoutSeconds != nil {
-		return *m.TimeoutSeconds
-	}
-	return Default_SendRequest_TimeoutSeconds
-}
-
-type SendReply struct {
-	DataSent             *int32   `protobuf:"varint,1,opt,name=data_sent,json=dataSent" json:"data_sent,omitempty"`
-	XXX_NoUnkeyedLiteral struct{} `json:"-"`
-	XXX_unrecognized     []byte   `json:"-"`
-	XXX_sizecache        int32    `json:"-"`
-}
-
-func (m *SendReply) Reset()         { *m = SendReply{} }
-func (m *SendReply) String() string { return proto.CompactTextString(m) }
-func (*SendReply) ProtoMessage()    {}
-func (*SendReply) Descriptor() ([]byte, []int) {
-	return fileDescriptor_socket_service_b5f8f233dc327808, []int{26}
-}
-func (m *SendReply) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_SendReply.Unmarshal(m, b)
-}
-func (m *SendReply) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_SendReply.Marshal(b, m, deterministic)
-}
-func (dst *SendReply) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_SendReply.Merge(dst, src)
-}
-func (m *SendReply) XXX_Size() int {
-	return xxx_messageInfo_SendReply.Size(m)
-}
-func (m *SendReply) XXX_DiscardUnknown() {
-	xxx_messageInfo_SendReply.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_SendReply proto.InternalMessageInfo
-
-func (m *SendReply) GetDataSent() int32 {
-	if m != nil && m.DataSent != nil {
-		return *m.DataSent
-	}
-	return 0
-}
-
-type ReceiveRequest struct {
-	SocketDescriptor     *string  `protobuf:"bytes,1,req,name=socket_descriptor,json=socketDescriptor" json:"socket_descriptor,omitempty"`
-	DataSize             *int32   `protobuf:"varint,2,req,name=data_size,json=dataSize" json:"data_size,omitempty"`
-	Flags                *int32   `protobuf:"varint,3,opt,name=flags,def=0" json:"flags,omitempty"`
-	TimeoutSeconds       *float64 `protobuf:"fixed64,5,opt,name=timeout_seconds,json=timeoutSeconds,def=-1" json:"timeout_seconds,omitempty"`
-	XXX_NoUnkeyedLiteral struct{} `json:"-"`
-	XXX_unrecognized     []byte   `json:"-"`
-	XXX_sizecache        int32    `json:"-"`
-}
-
-func (m *ReceiveRequest) Reset()         { *m = ReceiveRequest{} }
-func (m *ReceiveRequest) String() string { return proto.CompactTextString(m) }
-func (*ReceiveRequest) ProtoMessage()    {}
-func (*ReceiveRequest) Descriptor() ([]byte, []int) {
-	return fileDescriptor_socket_service_b5f8f233dc327808, []int{27}
-}
-func (m *ReceiveRequest) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_ReceiveRequest.Unmarshal(m, b)
-}
-func (m *ReceiveRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_ReceiveRequest.Marshal(b, m, deterministic)
-}
-func (dst *ReceiveRequest) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_ReceiveRequest.Merge(dst, src)
-}
-func (m *ReceiveRequest) XXX_Size() int {
-	return xxx_messageInfo_ReceiveRequest.Size(m)
-}
-func (m *ReceiveRequest) XXX_DiscardUnknown() {
-	xxx_messageInfo_ReceiveRequest.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_ReceiveRequest proto.InternalMessageInfo
-
-const Default_ReceiveRequest_Flags int32 = 0
-const Default_ReceiveRequest_TimeoutSeconds float64 = -1
-
-func (m *ReceiveRequest) GetSocketDescriptor() string {
-	if m != nil && m.SocketDescriptor != nil {
-		return *m.SocketDescriptor
-	}
-	return ""
-}
-
-func (m *ReceiveRequest) GetDataSize() int32 {
-	if m != nil && m.DataSize != nil {
-		return *m.DataSize
-	}
-	return 0
-}
-
-func (m *ReceiveRequest) GetFlags() int32 {
-	if m != nil && m.Flags != nil {
-		return *m.Flags
-	}
-	return Default_ReceiveRequest_Flags
-}
-
-func (m *ReceiveRequest) GetTimeoutSeconds() float64 {
-	if m != nil && m.TimeoutSeconds != nil {
-		return *m.TimeoutSeconds
-	}
-	return Default_ReceiveRequest_TimeoutSeconds
-}
-
-type ReceiveReply struct {
-	StreamOffset         *int64       `protobuf:"varint,2,opt,name=stream_offset,json=streamOffset" json:"stream_offset,omitempty"`
-	Data                 []byte       `protobuf:"bytes,3,opt,name=data" json:"data,omitempty"`
-	ReceivedFrom         *AddressPort `protobuf:"bytes,4,opt,name=received_from,json=receivedFrom" json:"received_from,omitempty"`
-	BufferSize           *int32       `protobuf:"varint,5,opt,name=buffer_size,json=bufferSize" json:"buffer_size,omitempty"`
-	XXX_NoUnkeyedLiteral struct{}     `json:"-"`
-	XXX_unrecognized     []byte       `json:"-"`
-	XXX_sizecache        int32        `json:"-"`
-}
-
-func (m *ReceiveReply) Reset()         { *m = ReceiveReply{} }
-func (m *ReceiveReply) String() string { return proto.CompactTextString(m) }
-func (*ReceiveReply) ProtoMessage()    {}
-func (*ReceiveReply) Descriptor() ([]byte, []int) {
-	return fileDescriptor_socket_service_b5f8f233dc327808, []int{28}
-}
-func (m *ReceiveReply) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_ReceiveReply.Unmarshal(m, b)
-}
-func (m *ReceiveReply) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_ReceiveReply.Marshal(b, m, deterministic)
-}
-func (dst *ReceiveReply) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_ReceiveReply.Merge(dst, src)
-}
-func (m *ReceiveReply) XXX_Size() int {
-	return xxx_messageInfo_ReceiveReply.Size(m)
-}
-func (m *ReceiveReply) XXX_DiscardUnknown() {
-	xxx_messageInfo_ReceiveReply.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_ReceiveReply proto.InternalMessageInfo
-
-func (m *ReceiveReply) GetStreamOffset() int64 {
-	if m != nil && m.StreamOffset != nil {
-		return *m.StreamOffset
-	}
-	return 0
-}
-
-func (m *ReceiveReply) GetData() []byte {
-	if m != nil {
-		return m.Data
-	}
-	return nil
-}
-
-func (m *ReceiveReply) GetReceivedFrom() *AddressPort {
-	if m != nil {
-		return m.ReceivedFrom
-	}
-	return nil
-}
-
-func (m *ReceiveReply) GetBufferSize() int32 {
-	if m != nil && m.BufferSize != nil {
-		return *m.BufferSize
-	}
-	return 0
-}
-
-type PollEvent struct {
-	SocketDescriptor     *string  `protobuf:"bytes,1,req,name=socket_descriptor,json=socketDescriptor" json:"socket_descriptor,omitempty"`
-	RequestedEvents      *int32   `protobuf:"varint,2,req,name=requested_events,json=requestedEvents" json:"requested_events,omitempty"`
-	ObservedEvents       *int32   `protobuf:"varint,3,req,name=observed_events,json=observedEvents" json:"observed_events,omitempty"`
-	XXX_NoUnkeyedLiteral struct{} `json:"-"`
-	XXX_unrecognized     []byte   `json:"-"`
-	XXX_sizecache        int32    `json:"-"`
-}
-
-func (m *PollEvent) Reset()         { *m = PollEvent{} }
-func (m *PollEvent) String() string { return proto.CompactTextString(m) }
-func (*PollEvent) ProtoMessage()    {}
-func (*PollEvent) Descriptor() ([]byte, []int) {
-	return fileDescriptor_socket_service_b5f8f233dc327808, []int{29}
-}
-func (m *PollEvent) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_PollEvent.Unmarshal(m, b)
-}
-func (m *PollEvent) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_PollEvent.Marshal(b, m, deterministic)
-}
-func (dst *PollEvent) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_PollEvent.Merge(dst, src)
-}
-func (m *PollEvent) XXX_Size() int {
-	return xxx_messageInfo_PollEvent.Size(m)
-}
-func (m *PollEvent) XXX_DiscardUnknown() {
-	xxx_messageInfo_PollEvent.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_PollEvent proto.InternalMessageInfo
-
-func (m *PollEvent) GetSocketDescriptor() string {
-	if m != nil && m.SocketDescriptor != nil {
-		return *m.SocketDescriptor
-	}
-	return ""
-}
-
-func (m *PollEvent) GetRequestedEvents() int32 {
-	if m != nil && m.RequestedEvents != nil {
-		return *m.RequestedEvents
-	}
-	return 0
-}
-
-func (m *PollEvent) GetObservedEvents() int32 {
-	if m != nil && m.ObservedEvents != nil {
-		return *m.ObservedEvents
-	}
-	return 0
-}
-
-type PollRequest struct {
-	Events               []*PollEvent `protobuf:"bytes,1,rep,name=events" json:"events,omitempty"`
-	TimeoutSeconds       *float64     `protobuf:"fixed64,2,opt,name=timeout_seconds,json=timeoutSeconds,def=-1" json:"timeout_seconds,omitempty"`
-	XXX_NoUnkeyedLiteral struct{}     `json:"-"`
-	XXX_unrecognized     []byte       `json:"-"`
-	XXX_sizecache        int32        `json:"-"`
-}
-
-func (m *PollRequest) Reset()         { *m = PollRequest{} }
-func (m *PollRequest) String() string { return proto.CompactTextString(m) }
-func (*PollRequest) ProtoMessage()    {}
-func (*PollRequest) Descriptor() ([]byte, []int) {
-	return fileDescriptor_socket_service_b5f8f233dc327808, []int{30}
-}
-func (m *PollRequest) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_PollRequest.Unmarshal(m, b)
-}
-func (m *PollRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_PollRequest.Marshal(b, m, deterministic)
-}
-func (dst *PollRequest) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_PollRequest.Merge(dst, src)
-}
-func (m *PollRequest) XXX_Size() int {
-	return xxx_messageInfo_PollRequest.Size(m)
-}
-func (m *PollRequest) XXX_DiscardUnknown() {
-	xxx_messageInfo_PollRequest.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_PollRequest proto.InternalMessageInfo
-
-const Default_PollRequest_TimeoutSeconds float64 = -1
-
-func (m *PollRequest) GetEvents() []*PollEvent {
-	if m != nil {
-		return m.Events
-	}
-	return nil
-}
-
-func (m *PollRequest) GetTimeoutSeconds() float64 {
-	if m != nil && m.TimeoutSeconds != nil {
-		return *m.TimeoutSeconds
-	}
-	return Default_PollRequest_TimeoutSeconds
-}
-
-type PollReply struct {
-	Events               []*PollEvent `protobuf:"bytes,2,rep,name=events" json:"events,omitempty"`
-	XXX_NoUnkeyedLiteral struct{}     `json:"-"`
-	XXX_unrecognized     []byte       `json:"-"`
-	XXX_sizecache        int32        `json:"-"`
-}
-
-func (m *PollReply) Reset()         { *m = PollReply{} }
-func (m *PollReply) String() string { return proto.CompactTextString(m) }
-func (*PollReply) ProtoMessage()    {}
-func (*PollReply) Descriptor() ([]byte, []int) {
-	return fileDescriptor_socket_service_b5f8f233dc327808, []int{31}
-}
-func (m *PollReply) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_PollReply.Unmarshal(m, b)
-}
-func (m *PollReply) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_PollReply.Marshal(b, m, deterministic)
-}
-func (dst *PollReply) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_PollReply.Merge(dst, src)
-}
-func (m *PollReply) XXX_Size() int {
-	return xxx_messageInfo_PollReply.Size(m)
-}
-func (m *PollReply) XXX_DiscardUnknown() {
-	xxx_messageInfo_PollReply.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_PollReply proto.InternalMessageInfo
-
-func (m *PollReply) GetEvents() []*PollEvent {
-	if m != nil {
-		return m.Events
-	}
-	return nil
-}
-
-type ResolveRequest struct {
-	Name                 *string                            `protobuf:"bytes,1,req,name=name" json:"name,omitempty"`
-	AddressFamilies      []CreateSocketRequest_SocketFamily `protobuf:"varint,2,rep,name=address_families,json=addressFamilies,enum=appengine.CreateSocketRequest_SocketFamily" json:"address_families,omitempty"`
-	XXX_NoUnkeyedLiteral struct{}                           `json:"-"`
-	XXX_unrecognized     []byte                             `json:"-"`
-	XXX_sizecache        int32                              `json:"-"`
-}
-
-func (m *ResolveRequest) Reset()         { *m = ResolveRequest{} }
-func (m *ResolveRequest) String() string { return proto.CompactTextString(m) }
-func (*ResolveRequest) ProtoMessage()    {}
-func (*ResolveRequest) Descriptor() ([]byte, []int) {
-	return fileDescriptor_socket_service_b5f8f233dc327808, []int{32}
-}
-func (m *ResolveRequest) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_ResolveRequest.Unmarshal(m, b)
-}
-func (m *ResolveRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_ResolveRequest.Marshal(b, m, deterministic)
-}
-func (dst *ResolveRequest) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_ResolveRequest.Merge(dst, src)
-}
-func (m *ResolveRequest) XXX_Size() int {
-	return xxx_messageInfo_ResolveRequest.Size(m)
-}
-func (m *ResolveRequest) XXX_DiscardUnknown() {
-	xxx_messageInfo_ResolveRequest.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_ResolveRequest proto.InternalMessageInfo
-
-func (m *ResolveRequest) GetName() string {
-	if m != nil && m.Name != nil {
-		return *m.Name
-	}
-	return ""
-}
-
-func (m *ResolveRequest) GetAddressFamilies() []CreateSocketRequest_SocketFamily {
-	if m != nil {
-		return m.AddressFamilies
-	}
-	return nil
-}
-
-type ResolveReply struct {
-	PackedAddress        [][]byte `protobuf:"bytes,2,rep,name=packed_address,json=packedAddress" json:"packed_address,omitempty"`
-	CanonicalName        *string  `protobuf:"bytes,3,opt,name=canonical_name,json=canonicalName" json:"canonical_name,omitempty"`
-	Aliases              []string `protobuf:"bytes,4,rep,name=aliases" json:"aliases,omitempty"`
-	XXX_NoUnkeyedLiteral struct{} `json:"-"`
-	XXX_unrecognized     []byte   `json:"-"`
-	XXX_sizecache        int32    `json:"-"`
-}
-
-func (m *ResolveReply) Reset()         { *m = ResolveReply{} }
-func (m *ResolveReply) String() string { return proto.CompactTextString(m) }
-func (*ResolveReply) ProtoMessage()    {}
-func (*ResolveReply) Descriptor() ([]byte, []int) {
-	return fileDescriptor_socket_service_b5f8f233dc327808, []int{33}
-}
-func (m *ResolveReply) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_ResolveReply.Unmarshal(m, b)
-}
-func (m *ResolveReply) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_ResolveReply.Marshal(b, m, deterministic)
-}
-func (dst *ResolveReply) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_ResolveReply.Merge(dst, src)
-}
-func (m *ResolveReply) XXX_Size() int {
-	return xxx_messageInfo_ResolveReply.Size(m)
-}
-func (m *ResolveReply) XXX_DiscardUnknown() {
-	xxx_messageInfo_ResolveReply.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_ResolveReply proto.InternalMessageInfo
-
-func (m *ResolveReply) GetPackedAddress() [][]byte {
-	if m != nil {
-		return m.PackedAddress
-	}
-	return nil
-}
-
-func (m *ResolveReply) GetCanonicalName() string {
-	if m != nil && m.CanonicalName != nil {
-		return *m.CanonicalName
-	}
-	return ""
-}
-
-func (m *ResolveReply) GetAliases() []string {
-	if m != nil {
-		return m.Aliases
-	}
-	return nil
-}
-
-func init() {
-	proto.RegisterType((*RemoteSocketServiceError)(nil), "appengine.RemoteSocketServiceError")
-	proto.RegisterType((*AddressPort)(nil), "appengine.AddressPort")
-	proto.RegisterType((*CreateSocketRequest)(nil), "appengine.CreateSocketRequest")
-	proto.RegisterType((*CreateSocketReply)(nil), "appengine.CreateSocketReply")
-	proto.RegisterType((*BindRequest)(nil), "appengine.BindRequest")
-	proto.RegisterType((*BindReply)(nil), "appengine.BindReply")
-	proto.RegisterType((*GetSocketNameRequest)(nil), "appengine.GetSocketNameRequest")
-	proto.RegisterType((*GetSocketNameReply)(nil), "appengine.GetSocketNameReply")
-	proto.RegisterType((*GetPeerNameRequest)(nil), "appengine.GetPeerNameRequest")
-	proto.RegisterType((*GetPeerNameReply)(nil), "appengine.GetPeerNameReply")
-	proto.RegisterType((*SocketOption)(nil), "appengine.SocketOption")
-	proto.RegisterType((*SetSocketOptionsRequest)(nil), "appengine.SetSocketOptionsRequest")
-	proto.RegisterType((*SetSocketOptionsReply)(nil), "appengine.SetSocketOptionsReply")
-	proto.RegisterType((*GetSocketOptionsRequest)(nil), "appengine.GetSocketOptionsRequest")
-	proto.RegisterType((*GetSocketOptionsReply)(nil), "appengine.GetSocketOptionsReply")
-	proto.RegisterType((*ConnectRequest)(nil), "appengine.ConnectRequest")
-	proto.RegisterType((*ConnectReply)(nil), "appengine.ConnectReply")
-	proto.RegisterType((*ListenRequest)(nil), "appengine.ListenRequest")
-	proto.RegisterType((*ListenReply)(nil), "appengine.ListenReply")
-	proto.RegisterType((*AcceptRequest)(nil), "appengine.AcceptRequest")
-	proto.RegisterType((*AcceptReply)(nil), "appengine.AcceptReply")
-	proto.RegisterType((*ShutDownRequest)(nil), "appengine.ShutDownRequest")
-	proto.RegisterType((*ShutDownReply)(nil), "appengine.ShutDownReply")
-	proto.RegisterType((*CloseRequest)(nil), "appengine.CloseRequest")
-	proto.RegisterType((*CloseReply)(nil), "appengine.CloseReply")
-	proto.RegisterType((*SendRequest)(nil), "appengine.SendRequest")
-	proto.RegisterType((*SendReply)(nil), "appengine.SendReply")
-	proto.RegisterType((*ReceiveRequest)(nil), "appengine.ReceiveRequest")
-	proto.RegisterType((*ReceiveReply)(nil), "appengine.ReceiveReply")
-	proto.RegisterType((*PollEvent)(nil), "appengine.PollEvent")
-	proto.RegisterType((*PollRequest)(nil), "appengine.PollRequest")
-	proto.RegisterType((*PollReply)(nil), "appengine.PollReply")
-	proto.RegisterType((*ResolveRequest)(nil), "appengine.ResolveRequest")
-	proto.RegisterType((*ResolveReply)(nil), "appengine.ResolveReply")
-}
-
-func init() {
-	proto.RegisterFile("google.golang.org/appengine/internal/socket/socket_service.proto", fileDescriptor_socket_service_b5f8f233dc327808)
-}
-
-var fileDescriptor_socket_service_b5f8f233dc327808 = []byte{
-	// 3088 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xc4, 0x59, 0x5f, 0x77, 0xe3, 0xc6,
-	0x75, 0x37, 0x48, 0xfd, 0xe3, 0x90, 0x94, 0xee, 0x62, 0xa5, 0x5d, 0x25, 0x6e, 0x12, 0x05, 0x8e,
-	0x1b, 0x25, 0x8e, 0x77, 0x6d, 0x39, 0x4d, 0x9b, 0xa4, 0x49, 0x16, 0x04, 0x86, 0x24, 0x4c, 0x00,
-	0x03, 0xcd, 0x0c, 0x25, 0xd1, 0x6d, 0x8a, 0xd0, 0x22, 0xa4, 0x65, 0x4c, 0x11, 0x0c, 0xc9, 0xdd,
-	0xf5, 0xba, 0x69, 0xaa, 0xfe, 0x39, 0xfd, 0x12, 0x7d, 0xe8, 0x73, 0x3f, 0x43, 0x4f, 0x4f, 0x5f,
-	0xfa, 0xec, 0xc7, 0x7e, 0x84, 0x9e, 0xbe, 0xb4, 0x9f, 0xa1, 0x67, 0x06, 0xe0, 0x60, 0xc8, 0xd5,
-	0xae, 0x77, 0x75, 0x72, 0x4e, 0x9e, 0xa4, 0xfb, 0xbb, 0x77, 0xee, 0xff, 0x99, 0xb9, 0x03, 0xa2,
-	0x47, 0x97, 0x69, 0x7a, 0x39, 0x4a, 0x1e, 0x5c, 0xa6, 0xa3, 0xfe, 0xf8, 0xf2, 0x41, 0x3a, 0xbd,
-	0x7c, 0xd8, 0x9f, 0x4c, 0x92, 0xf1, 0xe5, 0x70, 0x9c, 0x3c, 0x1c, 0x8e, 0xe7, 0xc9, 0x74, 0xdc,
-	0x1f, 0x3d, 0x9c, 0xa5, 0xe7, 0x9f, 0x25, 0xf3, 0xfc, 0x4f, 0x3c, 0x4b, 0xa6, 0x4f, 0x87, 0xe7,
-	0xc9, 0x83, 0xc9, 0x34, 0x9d, 0xa7, 0x66, 0x45, 0xc9, 0x5b, 0xff, 0xbc, 0x8b, 0xf6, 0x69, 0x72,
-	0x95, 0xce, 0x13, 0x26, 0x25, 0x59, 0x26, 0x88, 0xa7, 0xd3, 0x74, 0x6a, 0x7e, 0x07, 0xd5, 0x66,
-	0xcf, 0x67, 0xf3, 0xe4, 0x2a, 0x4e, 0x04, 0xbd, 0x6f, 0x1c, 0x18, 0x87, 0xeb, 0x3f, 0x31, 0x3e,
-	0xa0, 0xd5, 0x0c, 0xce, 0xa4, 0xbe, 0x8d, 0x6a, 0x92, 0x1d, 0x0f, 0x92, 0x79, 0x7f, 0x38, 0xda,
-	0x2f, 0x1d, 0x18, 0x87, 0x15, 0x5a, 0x95, 0x98, 0x2b, 0x21, 0xeb, 0x73, 0x54, 0x91, 0xb2, 0x4e,
-	0x3a, 0x48, 0x4c, 0x40, 0x35, 0xd6, 0x63, 0x1c, 0x07, 0x31, 0xa6, 0x94, 0x50, 0x30, 0xcc, 0x3a,
-	0xaa, 0xb4, 0x6c, 0x2f, 0x27, 0x4b, 0x66, 0x15, 0x6d, 0x36, 0x6d, 0xcf, 0xef, 0x52, 0x0c, 0x6b,
-	0xe6, 0x1e, 0xba, 0x13, 0x61, 0x1a, 0x78, 0x8c, 0x79, 0x24, 0x8c, 0x5d, 0x1c, 0x7a, 0xd8, 0x85,
-	0x75, 0xf3, 0x2e, 0xda, 0xf1, 0xc2, 0x13, 0xdb, 0xf7, 0xdc, 0x98, 0xe2, 0xe3, 0x2e, 0x66, 0x1c,
-	0x36, 0xcc, 0x3b, 0xa8, 0xce, 0x88, 0xd3, 0xc1, 0x3c, 0x76, 0x7c, 0xc2, 0xb0, 0x0b, 0x9b, 0xd6,
-	0xbf, 0x99, 0xa8, 0xca, 0x34, 0x67, 0x77, 0x50, 0x95, 0xf5, 0x58, 0xcc, 0xba, 0x8e, 0x83, 0x19,
-	0x83, 0xb7, 0x84, 0x6d, 0x01, 0x60, 0x61, 0x04, 0x0c, 0x73, 0x1b, 0x21, 0x49, 0x86, 0x04, 0x87,
-	0x1c, 0x4a, 0x8a, 0xcd, 0xa8, 0xd3, 0x86, 0xb2, 0x22, 0xbd, 0x90, 0x53, 0x58, 0x13, 0x9e, 0x66,
-	0x24, 0x81, 0x75, 0xc5, 0x0b, 0xcf, 0x3c, 0x02, 0x1b, 0x8a, 0x3c, 0x6a, 0x78, 0x2d, 0xd8, 0x5c,
-	0x18, 0x16, 0x8a, 0xcf, 0xb0, 0x03, 0x5b, 0x8a, 0xdf, 0xb0, 0xdd, 0x26, 0x54, 0x94, 0x61, 0xa7,
-	0xed, 0xf9, 0x2e, 0x20, 0x45, 0xdb, 0x2d, 0xdb, 0x0b, 0xa1, 0x2a, 0x02, 0x96, 0xf4, 0x29, 0xe9,
-	0xfa, 0x6e, 0xc3, 0x27, 0x4e, 0x07, 0xaa, 0x9a, 0xb7, 0x01, 0x0e, 0xa0, 0x56, 0x2c, 0x12, 0xd1,
-	0x41, 0x5d, 0xd1, 0x4d, 0xbb, 0xeb, 0x73, 0xd8, 0xd6, 0x9c, 0xe0, 0x0d, 0xbf, 0x03, 0x3b, 0x85,
-	0x13, 0x5d, 0xd6, 0x03, 0x50, 0xf2, 0xf8, 0xcc, 0x63, 0x1c, 0xee, 0x28, 0xf6, 0x99, 0x8b, 0x4f,
-	0xc0, 0xd4, 0xcc, 0x09, 0xfa, 0xae, 0xae, 0xce, 0xf5, 0x28, 0xec, 0x2a, 0x01, 0x8f, 0x09, 0x7a,
-	0xaf, 0xa0, 0x45, 0xa9, 0xe0, 0x5e, 0xa1, 0xa0, 0xe9, 0xf9, 0x18, 0xee, 0x2b, 0x3a, 0x90, 0xf4,
-	0xbe, 0x66, 0x80, 0xf3, 0x1e, 0x7c, 0x4d, 0x19, 0xe0, 0x67, 0xbc, 0xc1, 0x7a, 0xf0, 0x75, 0xe5,
-	0x50, 0x53, 0x24, 0xf5, 0x6d, 0x4d, 0x9e, 0x45, 0x0e, 0xfc, 0x91, 0xa2, 0x59, 0xe4, 0x45, 0x18,
-	0xbe, 0xa1, 0xc4, 0x29, 0x69, 0x32, 0xf8, 0x66, 0x61, 0xce, 0xf7, 0xc2, 0x0e, 0x7c, 0xab, 0xa8,
-	0xbd, 0x90, 0x3e, 0x30, 0x6b, 0x68, 0x4b, 0x92, 0x2e, 0x09, 0xe0, 0xdb, 0x4a, 0x98, 0xda, 0x61,
-	0x0b, 0x83, 0xa5, 0x7c, 0x71, 0xb1, 0xed, 0xfa, 0x1d, 0x78, 0x47, 0x76, 0x9b, 0x02, 0x44, 0x3d,
-	0xde, 0x31, 0x77, 0x11, 0x64, 0xfe, 0xd8, 0x01, 0xe6, 0x84, 0xf8, 0x24, 0x6c, 0xc1, 0x77, 0x34,
-	0x2f, 0x7d, 0xa7, 0x03, 0xef, 0xea, 0x5e, 0xf7, 0x18, 0xfc, 0xb1, 0x52, 0x14, 0x12, 0x8e, 0x83,
-	0x88, 0xf7, 0xe0, 0xbb, 0xca, 0x33, 0x9f, 0x90, 0x08, 0x0e, 0xf5, 0x3a, 0xb3, 0x16, 0x7c, 0xbf,
-	0x68, 0x43, 0x97, 0x06, 0xf0, 0x9e, 0xd6, 0x3b, 0x34, 0x6c, 0xc1, 0x0f, 0xf2, 0x1d, 0x16, 0x63,
-	0xff, 0x28, 0x64, 0xbd, 0xd0, 0x81, 0xf7, 0x95, 0x84, 0xff, 0x51, 0xdb, 0xe7, 0xf0, 0x40, 0xa3,
-	0x29, 0xe3, 0xf0, 0xb0, 0xa0, 0x43, 0xa1, 0xe1, 0x03, 0x15, 0x6c, 0x37, 0xb4, 0xb9, 0xd3, 0x86,
-	0x0f, 0x35, 0x0f, 0x1c, 0xe6, 0xc1, 0x51, 0xb1, 0xe0, 0x48, 0x28, 0xfc, 0x48, 0xef, 0x66, 0x0c,
-	0x3f, 0xd4, 0x49, 0x0a, 0x7f, 0xa2, 0xa4, 0xcf, 0x9a, 0x5d, 0xdf, 0x87, 0x1f, 0x69, 0xda, 0xec,
-	0x90, 0xc0, 0x9f, 0x2a, 0x73, 0x42, 0xfc, 0xd8, 0x81, 0x3f, 0xd3, 0x01, 0xe6, 0x73, 0xf8, 0xb1,
-	0x5a, 0xd1, 0x68, 0x92, 0x90, 0xc3, 0x4f, 0xf5, 0x1c, 0x72, 0x0a, 0x7f, 0xae, 0xb5, 0xa2, 0x6b,
-	0x73, 0x1b, 0x7e, 0xa6, 0x3c, 0xe0, 0x5e, 0x80, 0xe1, 0xe7, 0xc5, 0xe6, 0x24, 0x8c, 0xc2, 0x2f,
-	0xb4, 0xe5, 0x21, 0xe6, 0xf0, 0x48, 0xa3, 0xa3, 0x4e, 0x0b, 0x6c, 0xa5, 0x8e, 0xe2, 0x80, 0x70,
-	0x0c, 0x0d, 0x4d, 0xbf, 0xec, 0x1d, 0x47, 0x35, 0x8b, 0xed, 0x9e, 0x80, 0x5b, 0x34, 0x1e, 0x0d,
-	0x42, 0x0e, 0x58, 0x99, 0x73, 0x48, 0x10, 0x40, 0x53, 0xb1, 0x23, 0x4a, 0x38, 0x81, 0x96, 0xaa,
-	0x78, 0xd0, 0xf5, 0xb9, 0xd7, 0x26, 0x11, 0xb4, 0x8b, 0xf6, 0x22, 0xdc, 0x25, 0x1c, 0x3c, 0x3d,
-	0x05, 0xa2, 0xe8, 0x1f, 0xab, 0x45, 0xe4, 0x04, 0xd3, 0xa6, 0x4f, 0x4e, 0xa1, 0xa3, 0x0a, 0x1d,
-	0x12, 0xde, 0x0d, 0xbd, 0x63, 0xf0, 0x8b, 0x3c, 0xd9, 0x6e, 0xd3, 0x85, 0x40, 0x0f, 0xc4, 0x69,
-	0xb7, 0x20, 0x54, 0x80, 0xef, 0x35, 0x6c, 0xc7, 0x01, 0xa2, 0x03, 0x0d, 0xdb, 0x85, 0x48, 0x07,
-	0x98, 0x13, 0xc2, 0xb1, 0x0e, 0x04, 0xf6, 0x19, 0xd0, 0xa2, 0xbf, 0xbc, 0x86, 0x3c, 0xcc, 0x58,
-	0xb1, 0xd1, 0x7d, 0x86, 0x8f, 0x81, 0x2b, 0x09, 0x8a, 0x19, 0xb7, 0x29, 0x87, 0xae, 0x42, 0x18,
-	0xa7, 0x72, 0xbb, 0x9d, 0xa8, 0x35, 0x5d, 0x86, 0x29, 0x83, 0x53, 0x3d, 0x18, 0x71, 0x8a, 0xc3,
-	0x99, 0xda, 0x4e, 0xae, 0xd0, 0xe2, 0xba, 0x94, 0xe2, 0x63, 0xe8, 0x29, 0xb9, 0x80, 0xb5, 0x98,
-	0xf7, 0x09, 0x86, 0x4f, 0x4c, 0x13, 0x6d, 0x17, 0xe9, 0xe5, 0xbd, 0x08, 0xc3, 0x5f, 0xa8, 0xf3,
-	0x32, 0x24, 0x12, 0x25, 0x11, 0x87, 0xbf, 0x34, 0xef, 0xa3, 0xbb, 0x85, 0x60, 0x48, 0x58, 0x37,
-	0x8a, 0x08, 0xe5, 0xf0, 0x4b, 0xc5, 0x10, 0x86, 0x79, 0xc1, 0xf8, 0x2b, 0xa5, 0x9a, 0x44, 0xc2,
-	0xad, 0x6e, 0x14, 0x41, 0xac, 0x1f, 0x7b, 0xac, 0x2b, 0x80, 0x85, 0x9f, 0x51, 0xb3, 0x58, 0xfa,
-	0x2b, 0x85, 0xda, 0x1a, 0xda, 0x57, 0x0a, 0x45, 0x3c, 0x5e, 0xd8, 0x65, 0x18, 0x3e, 0x15, 0x77,
-	0x9c, 0xc2, 0x42, 0xc2, 0xed, 0x13, 0xdb, 0xf3, 0xe1, 0xbc, 0x48, 0x08, 0xe6, 0x2e, 0x39, 0x0d,
-	0x61, 0x50, 0x04, 0x85, 0x79, 0x37, 0xa4, 0xd8, 0x76, 0xda, 0x90, 0x14, 0xc7, 0x07, 0xe6, 0x14,
-	0x33, 0xcc, 0xe1, 0x42, 0x99, 0x76, 0x48, 0x18, 0xda, 0x0d, 0x42, 0x39, 0x76, 0xe1, 0x52, 0x99,
-	0x16, 0x68, 0x26, 0xf9, 0x58, 0x8b, 0xa5, 0xd1, 0x6d, 0x32, 0x18, 0x2a, 0xc0, 0x63, 0x42, 0x0c,
-	0x7e, 0xad, 0x97, 0x45, 0x22, 0x9f, 0x29, 0x83, 0xac, 0xdd, 0xcd, 0x1c, 0x1b, 0x29, 0x83, 0x9c,
-	0x90, 0xc0, 0x0e, 0x7b, 0x14, 0x37, 0x19, 0x5c, 0x29, 0x41, 0xb1, 0x07, 0x5d, 0xd2, 0xe5, 0x30,
-	0x5e, 0xf2, 0x8c, 0xe2, 0x66, 0x57, 0xdc, 0xd2, 0xa9, 0x12, 0x6c, 0x13, 0x96, 0x69, 0x9c, 0x28,
-	0x41, 0x01, 0x2d, 0x62, 0xfd, 0x8d, 0x72, 0xc6, 0xf6, 0x29, 0xb6, 0xdd, 0x1e, 0x4c, 0x55, 0x4a,
-	0xbc, 0x30, 0xa2, 0xa4, 0x45, 0xc5, 0xa5, 0x3e, 0x2b, 0xb6, 0x23, 0xb7, 0x7d, 0x0c, 0xf3, 0xe2,
-	0x38, 0x73, 0x7c, 0x6c, 0x87, 0xf0, 0x44, 0x2f, 0x61, 0x68, 0x07, 0xf0, 0xb4, 0x00, 0xb2, 0xe4,
-	0x3f, 0xd3, 0xae, 0x32, 0x21, 0xf0, 0xb9, 0x72, 0x31, 0x3b, 0x11, 0x3c, 0x02, 0xcf, 0x95, 0x88,
-	0x7b, 0xdc, 0x25, 0x1c, 0xbe, 0xd0, 0xce, 0xf1, 0x00, 0xbb, 0x5e, 0x37, 0x80, 0xbf, 0x56, 0xde,
-	0x65, 0x80, 0x6c, 0xcd, 0xdf, 0x2a, 0x39, 0xc7, 0x0e, 0x1d, 0xec, 0x63, 0x17, 0xfe, 0x46, 0x3b,
-	0x7f, 0x3a, 0xb8, 0x07, 0xbf, 0x53, 0xeb, 0x3a, 0xb8, 0x87, 0xcf, 0x22, 0x8f, 0x62, 0x17, 0xfe,
-	0xd6, 0xdc, 0x2d, 0x40, 0x8a, 0x4f, 0x48, 0x07, 0xbb, 0x70, 0x6d, 0x98, 0x7b, 0x79, 0xa2, 0x24,
-	0xfa, 0x31, 0x76, 0x44, 0xad, 0xff, 0xce, 0x30, 0xef, 0x2e, 0x1a, 0xf7, 0x34, 0xc4, 0x54, 0x5c,
-	0x51, 0xf0, 0xf7, 0x86, 0xb9, 0x9f, 0xb7, 0x79, 0x48, 0x38, 0xc5, 0x8e, 0x38, 0x48, 0xec, 0x86,
-	0x8f, 0xe1, 0x1f, 0x0c, 0x13, 0x16, 0xe7, 0x44, 0xb3, 0xe3, 0xf9, 0x3e, 0xfc, 0xa3, 0xf1, 0xf5,
-	0x12, 0x18, 0xd6, 0x15, 0xaa, 0xda, 0x83, 0xc1, 0x34, 0x99, 0xcd, 0xa2, 0x74, 0x3a, 0x37, 0x4d,
-	0xb4, 0x36, 0x49, 0xa7, 0xf3, 0x7d, 0xe3, 0xa0, 0x74, 0xb8, 0x4e, 0xe5, 0xff, 0xe6, 0xbb, 0x68,
-	0x7b, 0xd2, 0x3f, 0xff, 0x2c, 0x19, 0xc4, 0xfd, 0x4c, 0x52, 0xce, 0x7f, 0x35, 0x5a, 0xcf, 0xd0,
-	0x7c, 0xb9, 0xf9, 0x0e, 0xaa, 0x3f, 0x4e, 0x67, 0xf3, 0x71, 0xff, 0x2a, 0x89, 0x1f, 0x0f, 0xc7,
-	0xf3, 0xfd, 0xb2, 0x9c, 0x12, 0x6b, 0x0b, 0xb0, 0x3d, 0x1c, 0xcf, 0xad, 0x7f, 0x5a, 0x43, 0x77,
-	0x9d, 0x69, 0xd2, 0x5f, 0x0c, 0xa3, 0x34, 0xf9, 0xcd, 0x93, 0x64, 0x36, 0x37, 0x1d, 0xb4, 0x71,
-	0xd1, 0xbf, 0x1a, 0x8e, 0x9e, 0x4b, 0xcb, 0xdb, 0x47, 0xef, 0x3d, 0x50, 0x03, 0xec, 0x83, 0x1b,
-	0xe4, 0x1f, 0x64, 0x54, 0x53, 0x2e, 0xa1, 0xf9, 0x52, 0xd3, 0x43, 0x5b, 0x72, 0xfa, 0x3d, 0x4f,
-	0xc5, 0x88, 0x2a, 0xd4, 0xbc, 0xff, 0x5a, 0x6a, 0xa2, 0x7c, 0x11, 0x55, 0xcb, 0xcd, 0x9f, 0xa3,
-	0xed, 0x7c, 0xae, 0x4e, 0x27, 0xf3, 0x61, 0x3a, 0x9e, 0xed, 0x97, 0x0f, 0xca, 0x87, 0xd5, 0xa3,
-	0xfb, 0x9a, 0xc2, 0x6c, 0x31, 0x91, 0x7c, 0x5a, 0x9f, 0x69, 0xd4, 0xcc, 0x6c, 0xa0, 0x3b, 0x93,
-	0x69, 0xfa, 0xf9, 0xf3, 0x38, 0xf9, 0x3c, 0x9b, 0xd6, 0xe3, 0xe1, 0x64, 0x7f, 0xed, 0xc0, 0x38,
-	0xac, 0x1e, 0xdd, 0xd3, 0x54, 0x68, 0xa9, 0xa7, 0x3b, 0x72, 0x01, 0xce, 0xe5, 0xbd, 0x89, 0x79,
-	0x88, 0xb6, 0x47, 0xc3, 0xd9, 0x3c, 0x19, 0xc7, 0x9f, 0xf6, 0xcf, 0x3f, 0x1b, 0xa5, 0x97, 0xfb,
-	0xeb, 0x8b, 0xe9, 0xbc, 0x9e, 0x31, 0x1a, 0x19, 0x6e, 0x7e, 0x84, 0x2a, 0x53, 0x39, 0xe1, 0x0b,
-	0x2b, 0x1b, 0xaf, 0xb4, 0xb2, 0x95, 0x09, 0x7a, 0x13, 0x73, 0x0f, 0x6d, 0xf4, 0x27, 0x93, 0x78,
-	0x38, 0xd8, 0xaf, 0xc8, 0x42, 0xad, 0xf7, 0x27, 0x13, 0x6f, 0x60, 0x7e, 0x03, 0xa1, 0xc9, 0x34,
-	0xfd, 0x75, 0x72, 0x3e, 0x17, 0x2c, 0x74, 0x60, 0x1c, 0x96, 0x69, 0x25, 0x47, 0xbc, 0x81, 0x65,
-	0xa1, 0x9a, 0x9e, 0x7b, 0x73, 0x0b, 0xad, 0x79, 0xd1, 0xd3, 0x1f, 0x82, 0x91, 0xff, 0xf7, 0x23,
-	0x28, 0x59, 0x16, 0xda, 0x5e, 0x4e, 0xac, 0xb9, 0x89, 0xca, 0xdc, 0x89, 0xc0, 0x10, 0xff, 0x74,
-	0xdd, 0x08, 0x4a, 0xd6, 0x97, 0x06, 0xba, 0xb3, 0x5c, 0x91, 0xc9, 0xe8, 0xb9, 0xf9, 0x1e, 0xba,
-	0x93, 0xa7, 0x7d, 0x90, 0xcc, 0xce, 0xa7, 0xc3, 0xc9, 0x3c, 0x7f, 0x93, 0x54, 0x28, 0x64, 0x0c,
-	0x57, 0xe1, 0xe6, 0xcf, 0xd0, 0xb6, 0x78, 0xf4, 0x24, 0x53, 0xd5, 0x97, 0xe5, 0x57, 0x86, 0x5e,
-	0xcf, 0xa4, 0x17, 0xfd, 0xfa, 0x7b, 0x28, 0xd1, 0xf7, 0x2b, 0x5b, 0xff, 0xb3, 0x09, 0xd7, 0xd7,
-	0xd7, 0xd7, 0x25, 0xeb, 0x77, 0xa8, 0xda, 0x18, 0x8e, 0x07, 0x8b, 0x86, 0x7e, 0x49, 0x24, 0xa5,
-	0x1b, 0x23, 0xb9, 0xd1, 0x15, 0xd1, 0xc1, 0xaf, 0xef, 0x8a, 0x45, 0x50, 0x25, 0xb3, 0x2f, 0xf2,
-	0x78, 0xa3, 0x42, 0xe3, 0x8d, 0x62, 0xb3, 0x1c, 0xb4, 0xdb, 0x4a, 0xe6, 0x59, 0x75, 0xc2, 0xfe,
-	0x55, 0x72, 0x9b, 0xc8, 0xac, 0x33, 0x64, 0xae, 0x28, 0x79, 0xa9, 0x7b, 0xa5, 0x37, 0x73, 0xcf,
-	0x96, 0x9a, 0xa3, 0x24, 0x99, 0xde, 0xda, 0x39, 0x07, 0xc1, 0x92, 0x0a, 0xe1, 0xda, 0x43, 0xb4,
-	0x39, 0x49, 0x92, 0xe9, 0x57, 0x3b, 0xb4, 0x21, 0xc4, 0xbc, 0x89, 0xf5, 0xe5, 0xe6, 0x62, 0x47,
-	0x64, 0x7b, 0xdf, 0xfc, 0x05, 0x5a, 0x1f, 0x25, 0x4f, 0x93, 0x51, 0x7e, 0x92, 0x7d, 0xef, 0x25,
-	0x27, 0xc6, 0x12, 0xe1, 0x8b, 0x05, 0x34, 0x5b, 0x67, 0x3e, 0x42, 0x1b, 0xd9, 0xa1, 0x93, 0x1f,
-	0x62, 0x87, 0xaf, 0xa3, 0x41, 0x46, 0x90, 0xaf, 0x33, 0x77, 0xd1, 0xfa, 0xd3, 0xfe, 0xe8, 0x49,
-	0xb2, 0x5f, 0x3e, 0x28, 0x1d, 0xd6, 0x68, 0x46, 0x58, 0x09, 0xba, 0xf3, 0x82, 0x4d, 0xed, 0x41,
-	0xcd, 0x88, 0x1f, 0x7b, 0x11, 0xbc, 0x25, 0x67, 0x95, 0x02, 0xca, 0xfe, 0x05, 0x43, 0xce, 0x16,
-	0x05, 0x2c, 0xb6, 0xf3, 0xc6, 0x0a, 0x26, 0x76, 0xf6, 0x1d, 0xeb, 0xdf, 0xd7, 0x11, 0xac, 0x7a,
-	0x26, 0x6f, 0xbb, 0x85, 0x60, 0xec, 0xe2, 0x46, 0xb7, 0x05, 0x86, 0x1c, 0xc9, 0x14, 0x48, 0xc5,
-	0x94, 0x28, 0xc6, 0x23, 0x28, 0x2d, 0xa9, 0x8d, 0xe5, 0x95, 0x5a, 0x5e, 0xd6, 0x90, 0x7d, 0x47,
-	0x58, 0x5b, 0xd6, 0xe0, 0x92, 0x90, 0x53, 0xd2, 0xe5, 0x18, 0xd6, 0x97, 0x19, 0x0d, 0x4a, 0x6c,
-	0xd7, 0xb1, 0xe5, 0x07, 0x04, 0x31, 0x74, 0x28, 0x06, 0x0b, 0xdd, 0x46, 0xb7, 0x09, 0x9b, 0xcb,
-	0x28, 0x75, 0x4e, 0x04, 0xba, 0xb5, 0xac, 0xa4, 0x83, 0x71, 0x64, 0xfb, 0xde, 0x09, 0x86, 0xca,
-	0x32, 0x83, 0x90, 0x86, 0x17, 0xfa, 0x5e, 0x88, 0x01, 0x2d, 0xeb, 0xf1, 0xbd, 0xb0, 0x85, 0x29,
-	0xd4, 0xcd, 0x7b, 0xc8, 0x5c, 0xd2, 0x2e, 0x86, 0x25, 0x02, 0xbb, 0xcb, 0x38, 0x0b, 0xdd, 0x0c,
-	0xdf, 0xd3, 0x6a, 0xe2, 0x45, 0x31, 0x27, 0x0c, 0x8c, 0x15, 0x88, 0xfb, 0x50, 0xd2, 0xca, 0xe4,
-	0x45, 0x71, 0x5b, 0x8c, 0x9a, 0x8e, 0x0f, 0xe5, 0x65, 0x98, 0x44, 0xdc, 0x23, 0x21, 0x83, 0x35,
-	0xcd, 0x16, 0x77, 0xa2, 0x58, 0x3c, 0xef, 0x7d, 0xbb, 0x07, 0x86, 0x26, 0x2e, 0xf0, 0xc0, 0x3e,
-	0x63, 0xb8, 0x05, 0x25, 0x2d, 0xdb, 0x02, 0x76, 0x08, 0xed, 0x40, 0x59, 0x0b, 0x5b, 0x80, 0x22,
-	0x21, 0x9e, 0xeb, 0x63, 0x58, 0x33, 0xf7, 0xd1, 0xee, 0x2a, 0x23, 0xe4, 0x27, 0x3e, 0xac, 0xaf,
-	0x98, 0x15, 0x1c, 0x27, 0x14, 0x65, 0x58, 0x36, 0x2b, 0x9e, 0xb0, 0x21, 0x87, 0xcd, 0x15, 0xf1,
-	0x2c, 0x81, 0x47, 0xb0, 0x65, 0xbe, 0x8d, 0xee, 0x6b, 0xb8, 0x8b, 0x9b, 0x98, 0xc6, 0xb6, 0xe3,
-	0xe0, 0x88, 0x43, 0x65, 0x85, 0x79, 0xea, 0x85, 0x2e, 0x39, 0x8d, 0x1d, 0xdf, 0x0e, 0x22, 0x40,
-	0x2b, 0x81, 0x78, 0x61, 0x93, 0x40, 0x75, 0x25, 0x90, 0xe3, 0xae, 0xe7, 0x74, 0x6c, 0xa7, 0x03,
-	0x35, 0x39, 0x11, 0x3d, 0x47, 0xf7, 0xd9, 0xe2, 0xc8, 0xca, 0xaf, 0xf3, 0x5b, 0x1d, 0xea, 0x1f,
-	0xa2, 0xcd, 0xc5, 0xec, 0x50, 0x7a, 0xf5, 0xec, 0xb0, 0x90, 0xb3, 0xee, 0xa3, 0xbd, 0x17, 0x4d,
-	0x4f, 0x46, 0xcf, 0x85, 0x4f, 0xad, 0x3f, 0x90, 0x4f, 0x1f, 0xa3, 0xbd, 0xd6, 0x4d, 0x3e, 0xdd,
-	0x46, 0xd7, 0xbf, 0x18, 0x68, 0xdb, 0x49, 0xc7, 0xe3, 0xe4, 0x7c, 0x7e, 0x2b, 0xf7, 0x97, 0xe6,
-	0x9c, 0x57, 0xdf, 0x8f, 0xc5, 0x9c, 0xf3, 0x1e, 0xda, 0x99, 0x0f, 0xaf, 0x92, 0xf4, 0xc9, 0x3c,
-	0x9e, 0x25, 0xe7, 0xe9, 0x78, 0x90, 0xcd, 0x09, 0xc6, 0x4f, 0x4a, 0xef, 0x7f, 0x48, 0xb7, 0x73,
-	0x16, 0xcb, 0x38, 0xd6, 0x2f, 0x51, 0x4d, 0x39, 0xf8, 0x7b, 0xba, 0x48, 0xf5, 0x21, 0xe1, 0x04,
-	0xd5, 0x7d, 0x39, 0xb9, 0xdd, 0x2a, 0xfc, 0x7d, 0xb4, 0xb9, 0x98, 0x04, 0x4b, 0x72, 0x3e, 0x5f,
-	0x90, 0x56, 0x1d, 0x55, 0x17, 0x7a, 0x45, 0xbb, 0x0c, 0x51, 0xdd, 0x3e, 0x3f, 0x4f, 0x26, 0xb7,
-	0xcb, 0xf2, 0x0d, 0x09, 0x2b, 0xbd, 0x34, 0x61, 0xd7, 0x06, 0xaa, 0x2e, 0x6c, 0x89, 0x84, 0x1d,
-	0xa1, 0xbd, 0x71, 0xf2, 0x2c, 0x7e, 0xd1, 0x5a, 0xf6, 0x66, 0xb8, 0x3b, 0x4e, 0x9e, 0xb1, 0x1b,
-	0x06, 0xb9, 0xbc, 0xac, 0xaf, 0x39, 0xc8, 0x65, 0xd2, 0x39, 0x64, 0xfd, 0x97, 0x81, 0x76, 0xd8,
-	0xe3, 0x27, 0x73, 0x37, 0x7d, 0x76, 0xbb, 0xbc, 0x7e, 0x80, 0xca, 0x8f, 0xd3, 0x67, 0xf9, 0x6d,
-	0xfb, 0x4d, 0xbd, 0x8b, 0x97, 0xb5, 0x3e, 0x68, 0xa7, 0xcf, 0xa8, 0x10, 0x35, 0xbf, 0x85, 0xaa,
-	0xb3, 0x64, 0x3c, 0x88, 0xd3, 0x8b, 0x8b, 0x59, 0x32, 0x97, 0xd7, 0x6c, 0x99, 0x22, 0x01, 0x11,
-	0x89, 0x58, 0x0e, 0x2a, 0xb7, 0xd3, 0x67, 0xfa, 0x45, 0xd6, 0xee, 0xf2, 0x98, 0xba, 0xcb, 0xf7,
-	0xa8, 0xc0, 0x4e, 0xc5, 0x85, 0xa7, 0xdd, 0x1b, 0x99, 0xdc, 0x29, 0x85, 0xb2, 0xb5, 0x83, 0xea,
-	0x85, 0x07, 0xa2, 0xae, 0xbf, 0x42, 0x35, 0x67, 0x94, 0xce, 0x6e, 0x35, 0xed, 0x98, 0xef, 0x2c,
-	0xfb, 0x2c, 0xea, 0x51, 0x96, 0x25, 0xd5, 0xfd, 0xae, 0x21, 0x94, 0x5b, 0x10, 0xf6, 0xfe, 0xcf,
-	0x40, 0x55, 0x96, 0xdc, 0x72, 0xa8, 0xbd, 0x87, 0xd6, 0x06, 0xfd, 0x79, 0x5f, 0xa6, 0xb5, 0xd6,
-	0x28, 0x6d, 0x19, 0x54, 0xd2, 0xe2, 0x9d, 0x38, 0x9b, 0x4f, 0x93, 0xfe, 0xd5, 0x72, 0xf6, 0x6a,
-	0x19, 0x98, 0xf9, 0x61, 0xde, 0x47, 0xeb, 0x17, 0xa3, 0xfe, 0xe5, 0x4c, 0x0e, 0xe4, 0xf2, 0xc9,
-	0x93, 0xd1, 0x62, 0x3e, 0x93, 0x51, 0xcc, 0x53, 0xf9, 0x1a, 0x7a, 0xc5, 0x7c, 0x26, 0xc4, 0x78,
-	0x7a, 0x53, 0x37, 0x6f, 0xbc, 0xb4, 0x9b, 0x0f, 0x51, 0x25, 0x8b, 0x57, 0xb4, 0xf2, 0xdb, 0xa8,
-	0x22, 0x1c, 0x8e, 0x67, 0xc9, 0x78, 0x9e, 0xfd, 0x30, 0x42, 0xb7, 0x04, 0xc0, 0x92, 0xf1, 0xdc,
-	0xfa, 0x4f, 0x03, 0x6d, 0xd3, 0xe4, 0x3c, 0x19, 0x3e, 0xbd, 0x5d, 0x35, 0x94, 0xf2, 0xe1, 0x17,
-	0x49, 0xbe, 0x9b, 0x33, 0xe5, 0xc3, 0x2f, 0x92, 0x22, 0xfa, 0xf2, 0x4a, 0xf4, 0x37, 0x04, 0xb3,
-	0xfe, 0xd2, 0x60, 0x2c, 0xb4, 0xde, 0x94, 0xab, 0xaa, 0x68, 0x33, 0x60, 0x2d, 0x31, 0xa8, 0x80,
-	0x61, 0xd6, 0xd0, 0x96, 0x20, 0x22, 0x8c, 0x3b, 0x50, 0xb2, 0xfe, 0xd5, 0x40, 0x35, 0x15, 0x86,
-	0x08, 0xfa, 0x85, 0xea, 0xc8, 0x3e, 0x59, 0xa9, 0xce, 0xa2, 0xb4, 0xc2, 0x3d, 0xbd, 0xb4, 0x3f,
-	0x45, 0xf5, 0x69, 0xa6, 0x6c, 0x10, 0x5f, 0x4c, 0xd3, 0xab, 0xaf, 0x78, 0x4e, 0xd5, 0x16, 0xc2,
-	0xcd, 0x69, 0x7a, 0x25, 0xf6, 0xd4, 0xa7, 0x4f, 0x2e, 0x2e, 0x92, 0x69, 0x96, 0x13, 0xf9, 0xd6,
-	0xa5, 0x28, 0x83, 0x44, 0x56, 0xac, 0x2f, 0xcb, 0xa8, 0x12, 0xa5, 0xa3, 0x11, 0x7e, 0x9a, 0x8c,
-	0xdf, 0x30, 0xdb, 0xdf, 0x43, 0x30, 0xcd, 0xaa, 0x94, 0x0c, 0xe2, 0x44, 0xac, 0x9f, 0xe5, 0x49,
-	0xdf, 0x51, 0xb8, 0x54, 0x3b, 0x33, 0xbf, 0x8b, 0x76, 0xd2, 0x4f, 0xe5, 0x4b, 0x51, 0x49, 0x96,
-	0xa5, 0xe4, 0xf6, 0x02, 0xce, 0x04, 0xad, 0xff, 0x28, 0xa1, 0xba, 0x72, 0x47, 0x24, 0x5a, 0x9b,
-	0x35, 0x22, 0xe2, 0xfb, 0x21, 0x09, 0x31, 0xbc, 0xa5, 0x4d, 0x6e, 0x02, 0xf4, 0xc2, 0xa5, 0x13,
-	0x40, 0x40, 0x11, 0xf5, 0x96, 0x46, 0x5e, 0x81, 0x91, 0x2e, 0x87, 0xb5, 0x15, 0x0c, 0x53, 0x0a,
-	0x5b, 0x2b, 0x58, 0xbb, 0x1b, 0x01, 0xac, 0xda, 0x3d, 0xb1, 0x7d, 0x38, 0xd0, 0x26, 0x2c, 0x01,
-	0x52, 0x37, 0x24, 0x34, 0x80, 0x47, 0xe6, 0xbd, 0x15, 0xb8, 0x61, 0x87, 0xf2, 0x1b, 0xd3, 0x32,
-	0x7e, 0x4a, 0xa5, 0xf8, 0x75, 0xe9, 0x05, 0x3c, 0x93, 0x5f, 0x93, 0x1f, 0x9f, 0x0a, 0x3c, 0x60,
-	0x2d, 0xb8, 0xde, 0x5a, 0x55, 0x8e, 0x03, 0x72, 0x82, 0xe1, 0xfa, 0x40, 0x7e, 0xc0, 0xd2, 0x8d,
-	0x0a, 0xb7, 0xaf, 0x1f, 0x59, 0x8f, 0x51, 0x55, 0x24, 0x70, 0xb1, 0x7f, 0x7e, 0x80, 0x36, 0xf2,
-	0x84, 0x1b, 0x72, 0x9e, 0xd8, 0xd5, 0xda, 0x46, 0x25, 0x9a, 0xe6, 0x32, 0x6f, 0x76, 0x4b, 0xfd,
-	0x38, 0xeb, 0x9c, 0xac, 0xc5, 0x0b, 0x3b, 0xa5, 0xaf, 0xb6, 0x63, 0xfd, 0x56, 0xec, 0xf3, 0x59,
-	0x3a, 0x2a, 0xf6, 0xb9, 0x89, 0xd6, 0xc6, 0xfd, 0xab, 0x24, 0x6f, 0x36, 0xf9, 0xbf, 0x79, 0x82,
-	0x20, 0xbf, 0xbb, 0x62, 0xf9, 0x31, 0x6a, 0x98, 0x64, 0xda, 0xdf, 0xf0, 0x4b, 0xd6, 0x4e, 0xae,
-	0xa4, 0x99, 0xeb, 0xb0, 0xfe, 0xbb, 0x2c, 0xf6, 0x67, 0x6e, 0x5e, 0x38, 0x7f, 0xd3, 0xc7, 0xb8,
-	0xf2, 0x8b, 0x1f, 0xe3, 0xde, 0x45, 0xdb, 0xe7, 0xfd, 0x71, 0x3a, 0x1e, 0x9e, 0xf7, 0x47, 0xb1,
-	0xf4, 0x36, 0xfb, 0x1a, 0x57, 0x57, 0xa8, 0x7c, 0x96, 0xed, 0xa3, 0xcd, 0xfe, 0x68, 0xd8, 0x9f,
-	0x25, 0xe2, 0xa0, 0x2d, 0x1f, 0x56, 0xe8, 0x82, 0xb4, 0xfe, 0xb7, 0xa4, 0xff, 0xa0, 0xfb, 0x35,
-	0xb4, 0x97, 0x17, 0x10, 0xdb, 0x5e, 0x2c, 0x5e, 0x69, 0x4d, 0x3b, 0xf0, 0x7c, 0xf1, 0x80, 0x28,
-	0xae, 0x2e, 0xc9, 0x92, 0xbf, 0x65, 0x96, 0xb4, 0x09, 0x5b, 0xa0, 0x0d, 0xdb, 0x6d, 0xfa, 0x76,
-	0x8b, 0x2d, 0x3d, 0xe3, 0x04, 0xa3, 0x69, 0x7b, 0x7e, 0xf6, 0x0b, 0xf0, 0x12, 0x28, 0x55, 0xaf,
-	0xaf, 0xc0, 0x01, 0x0e, 0x08, 0xed, 0x2d, 0xbd, 0x1d, 0x04, 0x9c, 0xff, 0x1c, 0xb4, 0xf9, 0x02,
-	0x1c, 0xda, 0x01, 0x86, 0x2d, 0xed, 0x49, 0x21, 0x60, 0x86, 0xe9, 0x89, 0xe7, 0x2c, 0xbf, 0xe1,
-	0x24, 0x4e, 0x9c, 0x8e, 0x7c, 0x68, 0xa2, 0x15, 0x3d, 0xd9, 0xef, 0xd8, 0x4b, 0x6f, 0x86, 0x3c,
-	0xa2, 0xb6, 0x17, 0x72, 0x06, 0xb5, 0x15, 0x86, 0xfc, 0xdd, 0xc1, 0x21, 0x3e, 0xd4, 0x57, 0x18,
-	0xea, 0x37, 0x9d, 0x6d, 0x6d, 0x0f, 0xcb, 0xb8, 0xec, 0x33, 0xd8, 0x69, 0x6c, 0x7d, 0xb2, 0x91,
-	0x9d, 0x5a, 0xff, 0x1f, 0x00, 0x00, 0xff, 0xff, 0x31, 0x03, 0x4e, 0xbd, 0xfd, 0x1f, 0x00, 0x00,
-}
diff --git a/vendor/google.golang.org/appengine/internal/socket/socket_service.proto b/vendor/google.golang.org/appengine/internal/socket/socket_service.proto
deleted file mode 100644
index 2fcc7953d..000000000
--- a/vendor/google.golang.org/appengine/internal/socket/socket_service.proto
+++ /dev/null
@@ -1,460 +0,0 @@
-syntax = "proto2";
-option go_package = "socket";
-
-package appengine;
-
-message RemoteSocketServiceError {
-  enum ErrorCode {
-    SYSTEM_ERROR = 1;
-    GAI_ERROR = 2;
-    FAILURE = 4;
-    PERMISSION_DENIED = 5;
-    INVALID_REQUEST = 6;
-    SOCKET_CLOSED = 7;
-  }
-
-  enum SystemError {
-    option allow_alias = true;
-
-    SYS_SUCCESS = 0;
-    SYS_EPERM = 1;
-    SYS_ENOENT = 2;
-    SYS_ESRCH = 3;
-    SYS_EINTR = 4;
-    SYS_EIO = 5;
-    SYS_ENXIO = 6;
-    SYS_E2BIG = 7;
-    SYS_ENOEXEC = 8;
-    SYS_EBADF = 9;
-    SYS_ECHILD = 10;
-    SYS_EAGAIN = 11;
-    SYS_EWOULDBLOCK = 11;
-    SYS_ENOMEM = 12;
-    SYS_EACCES = 13;
-    SYS_EFAULT = 14;
-    SYS_ENOTBLK = 15;
-    SYS_EBUSY = 16;
-    SYS_EEXIST = 17;
-    SYS_EXDEV = 18;
-    SYS_ENODEV = 19;
-    SYS_ENOTDIR = 20;
-    SYS_EISDIR = 21;
-    SYS_EINVAL = 22;
-    SYS_ENFILE = 23;
-    SYS_EMFILE = 24;
-    SYS_ENOTTY = 25;
-    SYS_ETXTBSY = 26;
-    SYS_EFBIG = 27;
-    SYS_ENOSPC = 28;
-    SYS_ESPIPE = 29;
-    SYS_EROFS = 30;
-    SYS_EMLINK = 31;
-    SYS_EPIPE = 32;
-    SYS_EDOM = 33;
-    SYS_ERANGE = 34;
-    SYS_EDEADLK = 35;
-    SYS_EDEADLOCK = 35;
-    SYS_ENAMETOOLONG = 36;
-    SYS_ENOLCK = 37;
-    SYS_ENOSYS = 38;
-    SYS_ENOTEMPTY = 39;
-    SYS_ELOOP = 40;
-    SYS_ENOMSG = 42;
-    SYS_EIDRM = 43;
-    SYS_ECHRNG = 44;
-    SYS_EL2NSYNC = 45;
-    SYS_EL3HLT = 46;
-    SYS_EL3RST = 47;
-    SYS_ELNRNG = 48;
-    SYS_EUNATCH = 49;
-    SYS_ENOCSI = 50;
-    SYS_EL2HLT = 51;
-    SYS_EBADE = 52;
-    SYS_EBADR = 53;
-    SYS_EXFULL = 54;
-    SYS_ENOANO = 55;
-    SYS_EBADRQC = 56;
-    SYS_EBADSLT = 57;
-    SYS_EBFONT = 59;
-    SYS_ENOSTR = 60;
-    SYS_ENODATA = 61;
-    SYS_ETIME = 62;
-    SYS_ENOSR = 63;
-    SYS_ENONET = 64;
-    SYS_ENOPKG = 65;
-    SYS_EREMOTE = 66;
-    SYS_ENOLINK = 67;
-    SYS_EADV = 68;
-    SYS_ESRMNT = 69;
-    SYS_ECOMM = 70;
-    SYS_EPROTO = 71;
-    SYS_EMULTIHOP = 72;
-    SYS_EDOTDOT = 73;
-    SYS_EBADMSG = 74;
-    SYS_EOVERFLOW = 75;
-    SYS_ENOTUNIQ = 76;
-    SYS_EBADFD = 77;
-    SYS_EREMCHG = 78;
-    SYS_ELIBACC = 79;
-    SYS_ELIBBAD = 80;
-    SYS_ELIBSCN = 81;
-    SYS_ELIBMAX = 82;
-    SYS_ELIBEXEC = 83;
-    SYS_EILSEQ = 84;
-    SYS_ERESTART = 85;
-    SYS_ESTRPIPE = 86;
-    SYS_EUSERS = 87;
-    SYS_ENOTSOCK = 88;
-    SYS_EDESTADDRREQ = 89;
-    SYS_EMSGSIZE = 90;
-    SYS_EPROTOTYPE = 91;
-    SYS_ENOPROTOOPT = 92;
-    SYS_EPROTONOSUPPORT = 93;
-    SYS_ESOCKTNOSUPPORT = 94;
-    SYS_EOPNOTSUPP = 95;
-    SYS_ENOTSUP = 95;
-    SYS_EPFNOSUPPORT = 96;
-    SYS_EAFNOSUPPORT = 97;
-    SYS_EADDRINUSE = 98;
-    SYS_EADDRNOTAVAIL = 99;
-    SYS_ENETDOWN = 100;
-    SYS_ENETUNREACH = 101;
-    SYS_ENETRESET = 102;
-    SYS_ECONNABORTED = 103;
-    SYS_ECONNRESET = 104;
-    SYS_ENOBUFS = 105;
-    SYS_EISCONN = 106;
-    SYS_ENOTCONN = 107;
-    SYS_ESHUTDOWN = 108;
-    SYS_ETOOMANYREFS = 109;
-    SYS_ETIMEDOUT = 110;
-    SYS_ECONNREFUSED = 111;
-    SYS_EHOSTDOWN = 112;
-    SYS_EHOSTUNREACH = 113;
-    SYS_EALREADY = 114;
-    SYS_EINPROGRESS = 115;
-    SYS_ESTALE = 116;
-    SYS_EUCLEAN = 117;
-    SYS_ENOTNAM = 118;
-    SYS_ENAVAIL = 119;
-    SYS_EISNAM = 120;
-    SYS_EREMOTEIO = 121;
-    SYS_EDQUOT = 122;
-    SYS_ENOMEDIUM = 123;
-    SYS_EMEDIUMTYPE = 124;
-    SYS_ECANCELED = 125;
-    SYS_ENOKEY = 126;
-    SYS_EKEYEXPIRED = 127;
-    SYS_EKEYREVOKED = 128;
-    SYS_EKEYREJECTED = 129;
-    SYS_EOWNERDEAD = 130;
-    SYS_ENOTRECOVERABLE = 131;
-    SYS_ERFKILL = 132;
-  }
-
-  optional int32 system_error = 1 [default=0];
-  optional string error_detail = 2;
-}
-
-message AddressPort {
-  required int32 port = 1;
-  optional bytes packed_address = 2;
-
-  optional string hostname_hint = 3;
-}
-
-
-
-message CreateSocketRequest {
-  enum SocketFamily {
-    IPv4 = 1;
-    IPv6 = 2;
-  }
-
-  enum SocketProtocol {
-    TCP = 1;
-    UDP = 2;
-  }
-
-  required SocketFamily family = 1;
-  required SocketProtocol protocol = 2;
-
-  repeated SocketOption socket_options = 3;
-
-  optional AddressPort proxy_external_ip = 4;
-
-  optional int32 listen_backlog = 5 [default=0];
-
-  optional AddressPort remote_ip = 6;
-
-  optional string app_id = 9;
-
-  optional int64 project_id = 10;
-}
-
-message CreateSocketReply {
-  optional string socket_descriptor = 1;
-
-  optional AddressPort server_address = 3;
-
-  optional AddressPort proxy_external_ip = 4;
-
-  extensions 1000 to max;
-}
-
-
-
-message BindRequest {
-  required string socket_descriptor = 1;
-  required AddressPort proxy_external_ip = 2;
-}
-
-message BindReply {
-  optional AddressPort proxy_external_ip = 1;
-}
-
-
-
-message GetSocketNameRequest {
-  required string socket_descriptor = 1;
-}
-
-message GetSocketNameReply {
-  optional AddressPort proxy_external_ip = 2;
-}
-
-
-
-message GetPeerNameRequest {
-  required string socket_descriptor = 1;
-}
-
-message GetPeerNameReply {
-  optional AddressPort peer_ip = 2;
-}
-
-
-message SocketOption {
-
-  enum SocketOptionLevel {
-    SOCKET_SOL_IP = 0;
-    SOCKET_SOL_SOCKET = 1;
-    SOCKET_SOL_TCP = 6;
-    SOCKET_SOL_UDP = 17;
-  }
-
-  enum SocketOptionName {
-    option allow_alias = true;
-
-    SOCKET_SO_DEBUG = 1;
-    SOCKET_SO_REUSEADDR = 2;
-    SOCKET_SO_TYPE = 3;
-    SOCKET_SO_ERROR = 4;
-    SOCKET_SO_DONTROUTE = 5;
-    SOCKET_SO_BROADCAST = 6;
-    SOCKET_SO_SNDBUF = 7;
-    SOCKET_SO_RCVBUF = 8;
-    SOCKET_SO_KEEPALIVE = 9;
-    SOCKET_SO_OOBINLINE = 10;
-    SOCKET_SO_LINGER = 13;
-    SOCKET_SO_RCVTIMEO = 20;
-    SOCKET_SO_SNDTIMEO = 21;
-
-    SOCKET_IP_TOS = 1;
-    SOCKET_IP_TTL = 2;
-    SOCKET_IP_HDRINCL = 3;
-    SOCKET_IP_OPTIONS = 4;
-
-    SOCKET_TCP_NODELAY = 1;
-    SOCKET_TCP_MAXSEG = 2;
-    SOCKET_TCP_CORK = 3;
-    SOCKET_TCP_KEEPIDLE = 4;
-    SOCKET_TCP_KEEPINTVL = 5;
-    SOCKET_TCP_KEEPCNT = 6;
-    SOCKET_TCP_SYNCNT = 7;
-    SOCKET_TCP_LINGER2 = 8;
-    SOCKET_TCP_DEFER_ACCEPT = 9;
-    SOCKET_TCP_WINDOW_CLAMP = 10;
-    SOCKET_TCP_INFO = 11;
-    SOCKET_TCP_QUICKACK = 12;
-  }
-
-  required SocketOptionLevel level = 1;
-  required SocketOptionName option = 2;
-  required bytes value = 3;
-}
-
-
-message SetSocketOptionsRequest {
-  required string socket_descriptor = 1;
-  repeated SocketOption options = 2;
-}
-
-message SetSocketOptionsReply {
-}
-
-message GetSocketOptionsRequest {
-  required string socket_descriptor = 1;
-  repeated SocketOption options = 2;
-}
-
-message GetSocketOptionsReply {
-  repeated SocketOption options = 2;
-}
-
-
-message ConnectRequest {
-  required string socket_descriptor = 1;
-  required AddressPort remote_ip = 2;
-  optional double timeout_seconds = 3 [default=-1];
-}
-
-message ConnectReply {
-  optional AddressPort proxy_external_ip = 1;
-
-  extensions 1000 to max;
-}
-
-
-message ListenRequest {
-  required string socket_descriptor = 1;
-  required int32 backlog = 2;
-}
-
-message ListenReply {
-}
-
-
-message AcceptRequest {
-  required string socket_descriptor = 1;
-  optional double timeout_seconds = 2 [default=-1];
-}
-
-message AcceptReply {
-  optional bytes new_socket_descriptor = 2;
-  optional AddressPort remote_address = 3;
-}
-
-
-
-message ShutDownRequest {
-  enum How {
-    SOCKET_SHUT_RD = 1;
-    SOCKET_SHUT_WR = 2;
-    SOCKET_SHUT_RDWR = 3;
-  }
-  required string socket_descriptor = 1;
-  required How how = 2;
-  required int64 send_offset = 3;
-}
-
-message ShutDownReply {
-}
-
-
-
-message CloseRequest {
-  required string socket_descriptor = 1;
-  optional int64 send_offset = 2 [default=-1];
-}
-
-message CloseReply {
-}
-
-
-
-message SendRequest {
-  required string socket_descriptor = 1;
-  required bytes data = 2 [ctype=CORD];
-  required int64 stream_offset = 3;
-  optional int32 flags = 4 [default=0];
-  optional AddressPort send_to = 5;
-  optional double timeout_seconds = 6 [default=-1];
-}
-
-message SendReply {
-  optional int32 data_sent = 1;
-}
-
-
-message ReceiveRequest {
-  enum Flags {
-    MSG_OOB = 1;
-    MSG_PEEK = 2;
-  }
-  required string socket_descriptor = 1;
-  required int32 data_size = 2;
-  optional int32 flags = 3 [default=0];
-  optional double timeout_seconds = 5 [default=-1];
-}
-
-message ReceiveReply {
-  optional int64 stream_offset = 2;
-  optional bytes data = 3 [ctype=CORD];
-  optional AddressPort received_from = 4;
-  optional int32 buffer_size = 5;
-}
-
-
-
-message PollEvent {
-
-  enum PollEventFlag {
-    SOCKET_POLLNONE = 0;
-    SOCKET_POLLIN = 1;
-    SOCKET_POLLPRI = 2;
-    SOCKET_POLLOUT = 4;
-    SOCKET_POLLERR = 8;
-    SOCKET_POLLHUP = 16;
-    SOCKET_POLLNVAL = 32;
-    SOCKET_POLLRDNORM = 64;
-    SOCKET_POLLRDBAND = 128;
-    SOCKET_POLLWRNORM = 256;
-    SOCKET_POLLWRBAND = 512;
-    SOCKET_POLLMSG = 1024;
-    SOCKET_POLLREMOVE = 4096;
-    SOCKET_POLLRDHUP = 8192;
-  };
-
-  required string socket_descriptor = 1;
-  required int32 requested_events = 2;
-  required int32 observed_events = 3;
-}
-
-message PollRequest {
-  repeated PollEvent events = 1;
-  optional double timeout_seconds = 2 [default=-1];
-}
-
-message PollReply {
-  repeated PollEvent events = 2;
-}
-
-message ResolveRequest {
-  required string name = 1;
-  repeated CreateSocketRequest.SocketFamily address_families = 2;
-}
-
-message ResolveReply {
-  enum ErrorCode {
-    SOCKET_EAI_ADDRFAMILY = 1;
-    SOCKET_EAI_AGAIN = 2;
-    SOCKET_EAI_BADFLAGS = 3;
-    SOCKET_EAI_FAIL = 4;
-    SOCKET_EAI_FAMILY = 5;
-    SOCKET_EAI_MEMORY = 6;
-    SOCKET_EAI_NODATA = 7;
-    SOCKET_EAI_NONAME = 8;
-    SOCKET_EAI_SERVICE = 9;
-    SOCKET_EAI_SOCKTYPE = 10;
-    SOCKET_EAI_SYSTEM = 11;
-    SOCKET_EAI_BADHINTS = 12;
-    SOCKET_EAI_PROTOCOL = 13;
-    SOCKET_EAI_OVERFLOW = 14;
-    SOCKET_EAI_MAX = 15;
-  };
-
-  repeated bytes packed_address = 2;
-  optional string canonical_name = 3;
-  repeated string aliases = 4;
-}
diff --git a/vendor/google.golang.org/appengine/internal/transaction.go b/vendor/google.golang.org/appengine/internal/transaction.go
index 9006ae653..2ae8ab9fa 100644
--- a/vendor/google.golang.org/appengine/internal/transaction.go
+++ b/vendor/google.golang.org/appengine/internal/transaction.go
@@ -7,11 +7,11 @@ package internal
 // This file implements hooks for applying datastore transactions.
 
 import (
+	"context"
 	"errors"
 	"reflect"
 
 	"github.com/golang/protobuf/proto"
-	netcontext "golang.org/x/net/context"
 
 	basepb "google.golang.org/appengine/internal/base"
 	pb "google.golang.org/appengine/internal/datastore"
@@ -38,13 +38,13 @@ func applyTransaction(pb proto.Message, t *pb.Transaction) {
 
 var transactionKey = "used for *Transaction"
 
-func transactionFromContext(ctx netcontext.Context) *transaction {
+func transactionFromContext(ctx context.Context) *transaction {
 	t, _ := ctx.Value(&transactionKey).(*transaction)
 	return t
 }
 
-func withTransaction(ctx netcontext.Context, t *transaction) netcontext.Context {
-	return netcontext.WithValue(ctx, &transactionKey, t)
+func withTransaction(ctx context.Context, t *transaction) context.Context {
+	return context.WithValue(ctx, &transactionKey, t)
 }
 
 type transaction struct {
@@ -54,7 +54,7 @@ type transaction struct {
 
 var ErrConcurrentTransaction = errors.New("internal: concurrent transaction")
 
-func RunTransactionOnce(c netcontext.Context, f func(netcontext.Context) error, xg bool, readOnly bool, previousTransaction *pb.Transaction) (*pb.Transaction, error) {
+func RunTransactionOnce(c context.Context, f func(context.Context) error, xg bool, readOnly bool, previousTransaction *pb.Transaction) (*pb.Transaction, error) {
 	if transactionFromContext(c) != nil {
 		return nil, errors.New("nested transactions are not supported")
 	}
diff --git a/vendor/google.golang.org/appengine/namespace.go b/vendor/google.golang.org/appengine/namespace.go
index 21860ca08..6f169be48 100644
--- a/vendor/google.golang.org/appengine/namespace.go
+++ b/vendor/google.golang.org/appengine/namespace.go
@@ -5,11 +5,10 @@
 package appengine
 
 import (
+	"context"
 	"fmt"
 	"regexp"
 
-	"golang.org/x/net/context"
-
 	"google.golang.org/appengine/internal"
 )
 
diff --git a/vendor/google.golang.org/appengine/socket/doc.go b/vendor/google.golang.org/appengine/socket/doc.go
deleted file mode 100644
index 3de46df82..000000000
--- a/vendor/google.golang.org/appengine/socket/doc.go
+++ /dev/null
@@ -1,10 +0,0 @@
-// Copyright 2012 Google Inc. All rights reserved.
-// Use of this source code is governed by the Apache 2.0
-// license that can be found in the LICENSE file.
-
-// Package socket provides outbound network sockets.
-//
-// This package is only required in the classic App Engine environment.
-// Applications running only in App Engine "flexible environment" should
-// use the standard library's net package.
-package socket
diff --git a/vendor/google.golang.org/appengine/socket/socket_classic.go b/vendor/google.golang.org/appengine/socket/socket_classic.go
deleted file mode 100644
index 0ad50e2d3..000000000
--- a/vendor/google.golang.org/appengine/socket/socket_classic.go
+++ /dev/null
@@ -1,290 +0,0 @@
-// Copyright 2012 Google Inc. All rights reserved.
-// Use of this source code is governed by the Apache 2.0
-// license that can be found in the LICENSE file.
-
-// +build appengine
-
-package socket
-
-import (
-	"fmt"
-	"io"
-	"net"
-	"strconv"
-	"time"
-
-	"github.com/golang/protobuf/proto"
-	"golang.org/x/net/context"
-	"google.golang.org/appengine/internal"
-
-	pb "google.golang.org/appengine/internal/socket"
-)
-
-// Dial connects to the address addr on the network protocol.
-// The address format is host:port, where host may be a hostname or an IP address.
-// Known protocols are "tcp" and "udp".
-// The returned connection satisfies net.Conn, and is valid while ctx is valid;
-// if the connection is to be used after ctx becomes invalid, invoke SetContext
-// with the new context.
-func Dial(ctx context.Context, protocol, addr string) (*Conn, error) {
-	return DialTimeout(ctx, protocol, addr, 0)
-}
-
-var ipFamilies = []pb.CreateSocketRequest_SocketFamily{
-	pb.CreateSocketRequest_IPv4,
-	pb.CreateSocketRequest_IPv6,
-}
-
-// DialTimeout is like Dial but takes a timeout.
-// The timeout includes name resolution, if required.
-func DialTimeout(ctx context.Context, protocol, addr string, timeout time.Duration) (*Conn, error) {
-	dialCtx := ctx // Used for dialing and name resolution, but not stored in the *Conn.
-	if timeout > 0 {
-		var cancel context.CancelFunc
-		dialCtx, cancel = context.WithTimeout(ctx, timeout)
-		defer cancel()
-	}
-
-	host, portStr, err := net.SplitHostPort(addr)
-	if err != nil {
-		return nil, err
-	}
-	port, err := strconv.Atoi(portStr)
-	if err != nil {
-		return nil, fmt.Errorf("socket: bad port %q: %v", portStr, err)
-	}
-
-	var prot pb.CreateSocketRequest_SocketProtocol
-	switch protocol {
-	case "tcp":
-		prot = pb.CreateSocketRequest_TCP
-	case "udp":
-		prot = pb.CreateSocketRequest_UDP
-	default:
-		return nil, fmt.Errorf("socket: unknown protocol %q", protocol)
-	}
-
-	packedAddrs, resolved, err := resolve(dialCtx, ipFamilies, host)
-	if err != nil {
-		return nil, fmt.Errorf("socket: failed resolving %q: %v", host, err)
-	}
-	if len(packedAddrs) == 0 {
-		return nil, fmt.Errorf("no addresses for %q", host)
-	}
-
-	packedAddr := packedAddrs[0] // use first address
-	fam := pb.CreateSocketRequest_IPv4
-	if len(packedAddr) == net.IPv6len {
-		fam = pb.CreateSocketRequest_IPv6
-	}
-
-	req := &pb.CreateSocketRequest{
-		Family:   fam.Enum(),
-		Protocol: prot.Enum(),
-		RemoteIp: &pb.AddressPort{
-			Port:          proto.Int32(int32(port)),
-			PackedAddress: packedAddr,
-		},
-	}
-	if resolved {
-		req.RemoteIp.HostnameHint = &host
-	}
-	res := &pb.CreateSocketReply{}
-	if err := internal.Call(dialCtx, "remote_socket", "CreateSocket", req, res); err != nil {
-		return nil, err
-	}
-
-	return &Conn{
-		ctx:    ctx,
-		desc:   res.GetSocketDescriptor(),
-		prot:   prot,
-		local:  res.ProxyExternalIp,
-		remote: req.RemoteIp,
-	}, nil
-}
-
-// LookupIP returns the given host's IP addresses.
-func LookupIP(ctx context.Context, host string) (addrs []net.IP, err error) {
-	packedAddrs, _, err := resolve(ctx, ipFamilies, host)
-	if err != nil {
-		return nil, fmt.Errorf("socket: failed resolving %q: %v", host, err)
-	}
-	addrs = make([]net.IP, len(packedAddrs))
-	for i, pa := range packedAddrs {
-		addrs[i] = net.IP(pa)
-	}
-	return addrs, nil
-}
-
-func resolve(ctx context.Context, fams []pb.CreateSocketRequest_SocketFamily, host string) ([][]byte, bool, error) {
-	// Check if it's an IP address.
-	if ip := net.ParseIP(host); ip != nil {
-		if ip := ip.To4(); ip != nil {
-			return [][]byte{ip}, false, nil
-		}
-		return [][]byte{ip}, false, nil
-	}
-
-	req := &pb.ResolveRequest{
-		Name:            &host,
-		AddressFamilies: fams,
-	}
-	res := &pb.ResolveReply{}
-	if err := internal.Call(ctx, "remote_socket", "Resolve", req, res); err != nil {
-		// XXX: need to map to pb.ResolveReply_ErrorCode?
-		return nil, false, err
-	}
-	return res.PackedAddress, true, nil
-}
-
-// withDeadline is like context.WithDeadline, except it ignores the zero deadline.
-func withDeadline(parent context.Context, deadline time.Time) (context.Context, context.CancelFunc) {
-	if deadline.IsZero() {
-		return parent, func() {}
-	}
-	return context.WithDeadline(parent, deadline)
-}
-
-// Conn represents a socket connection.
-// It implements net.Conn.
-type Conn struct {
-	ctx    context.Context
-	desc   string
-	offset int64
-
-	prot          pb.CreateSocketRequest_SocketProtocol
-	local, remote *pb.AddressPort
-
-	readDeadline, writeDeadline time.Time // optional
-}
-
-// SetContext sets the context that is used by this Conn.
-// It is usually used only when using a Conn that was created in a different context,
-// such as when a connection is created during a warmup request but used while
-// servicing a user request.
-func (cn *Conn) SetContext(ctx context.Context) {
-	cn.ctx = ctx
-}
-
-func (cn *Conn) Read(b []byte) (n int, err error) {
-	const maxRead = 1 << 20
-	if len(b) > maxRead {
-		b = b[:maxRead]
-	}
-
-	req := &pb.ReceiveRequest{
-		SocketDescriptor: &cn.desc,
-		DataSize:         proto.Int32(int32(len(b))),
-	}
-	res := &pb.ReceiveReply{}
-	if !cn.readDeadline.IsZero() {
-		req.TimeoutSeconds = proto.Float64(cn.readDeadline.Sub(time.Now()).Seconds())
-	}
-	ctx, cancel := withDeadline(cn.ctx, cn.readDeadline)
-	defer cancel()
-	if err := internal.Call(ctx, "remote_socket", "Receive", req, res); err != nil {
-		return 0, err
-	}
-	if len(res.Data) == 0 {
-		return 0, io.EOF
-	}
-	if len(res.Data) > len(b) {
-		return 0, fmt.Errorf("socket: internal error: read too much data: %d > %d", len(res.Data), len(b))
-	}
-	return copy(b, res.Data), nil
-}
-
-func (cn *Conn) Write(b []byte) (n int, err error) {
-	const lim = 1 << 20 // max per chunk
-
-	for n < len(b) {
-		chunk := b[n:]
-		if len(chunk) > lim {
-			chunk = chunk[:lim]
-		}
-
-		req := &pb.SendRequest{
-			SocketDescriptor: &cn.desc,
-			Data:             chunk,
-			StreamOffset:     &cn.offset,
-		}
-		res := &pb.SendReply{}
-		if !cn.writeDeadline.IsZero() {
-			req.TimeoutSeconds = proto.Float64(cn.writeDeadline.Sub(time.Now()).Seconds())
-		}
-		ctx, cancel := withDeadline(cn.ctx, cn.writeDeadline)
-		defer cancel()
-		if err = internal.Call(ctx, "remote_socket", "Send", req, res); err != nil {
-			// assume zero bytes were sent in this RPC
-			break
-		}
-		n += int(res.GetDataSent())
-		cn.offset += int64(res.GetDataSent())
-	}
-
-	return
-}
-
-func (cn *Conn) Close() error {
-	req := &pb.CloseRequest{
-		SocketDescriptor: &cn.desc,
-	}
-	res := &pb.CloseReply{}
-	if err := internal.Call(cn.ctx, "remote_socket", "Close", req, res); err != nil {
-		return err
-	}
-	cn.desc = "CLOSED"
-	return nil
-}
-
-func addr(prot pb.CreateSocketRequest_SocketProtocol, ap *pb.AddressPort) net.Addr {
-	if ap == nil {
-		return nil
-	}
-	switch prot {
-	case pb.CreateSocketRequest_TCP:
-		return &net.TCPAddr{
-			IP:   net.IP(ap.PackedAddress),
-			Port: int(*ap.Port),
-		}
-	case pb.CreateSocketRequest_UDP:
-		return &net.UDPAddr{
-			IP:   net.IP(ap.PackedAddress),
-			Port: int(*ap.Port),
-		}
-	}
-	panic("unknown protocol " + prot.String())
-}
-
-func (cn *Conn) LocalAddr() net.Addr  { return addr(cn.prot, cn.local) }
-func (cn *Conn) RemoteAddr() net.Addr { return addr(cn.prot, cn.remote) }
-
-func (cn *Conn) SetDeadline(t time.Time) error {
-	cn.readDeadline = t
-	cn.writeDeadline = t
-	return nil
-}
-
-func (cn *Conn) SetReadDeadline(t time.Time) error {
-	cn.readDeadline = t
-	return nil
-}
-
-func (cn *Conn) SetWriteDeadline(t time.Time) error {
-	cn.writeDeadline = t
-	return nil
-}
-
-// KeepAlive signals that the connection is still in use.
-// It may be called to prevent the socket being closed due to inactivity.
-func (cn *Conn) KeepAlive() error {
-	req := &pb.GetSocketNameRequest{
-		SocketDescriptor: &cn.desc,
-	}
-	res := &pb.GetSocketNameReply{}
-	return internal.Call(cn.ctx, "remote_socket", "GetSocketName", req, res)
-}
-
-func init() {
-	internal.RegisterErrorCodeMap("remote_socket", pb.RemoteSocketServiceError_ErrorCode_name)
-}
diff --git a/vendor/google.golang.org/appengine/socket/socket_vm.go b/vendor/google.golang.org/appengine/socket/socket_vm.go
deleted file mode 100644
index c804169a1..000000000
--- a/vendor/google.golang.org/appengine/socket/socket_vm.go
+++ /dev/null
@@ -1,64 +0,0 @@
-// Copyright 2015 Google Inc. All rights reserved.
-// Use of this source code is governed by the Apache 2.0
-// license that can be found in the LICENSE file.
-
-// +build !appengine
-
-package socket
-
-import (
-	"net"
-	"time"
-
-	"golang.org/x/net/context"
-)
-
-// Dial connects to the address addr on the network protocol.
-// The address format is host:port, where host may be a hostname or an IP address.
-// Known protocols are "tcp" and "udp".
-// The returned connection satisfies net.Conn, and is valid while ctx is valid;
-// if the connection is to be used after ctx becomes invalid, invoke SetContext
-// with the new context.
-func Dial(ctx context.Context, protocol, addr string) (*Conn, error) {
-	conn, err := net.Dial(protocol, addr)
-	if err != nil {
-		return nil, err
-	}
-	return &Conn{conn}, nil
-}
-
-// DialTimeout is like Dial but takes a timeout.
-// The timeout includes name resolution, if required.
-func DialTimeout(ctx context.Context, protocol, addr string, timeout time.Duration) (*Conn, error) {
-	conn, err := net.DialTimeout(protocol, addr, timeout)
-	if err != nil {
-		return nil, err
-	}
-	return &Conn{conn}, nil
-}
-
-// LookupIP returns the given host's IP addresses.
-func LookupIP(ctx context.Context, host string) (addrs []net.IP, err error) {
-	return net.LookupIP(host)
-}
-
-// Conn represents a socket connection.
-// It implements net.Conn.
-type Conn struct {
-	net.Conn
-}
-
-// SetContext sets the context that is used by this Conn.
-// It is usually used only when using a Conn that was created in a different context,
-// such as when a connection is created during a warmup request but used while
-// servicing a user request.
-func (cn *Conn) SetContext(ctx context.Context) {
-	// This function is not required in App Engine "flexible environment".
-}
-
-// KeepAlive signals that the connection is still in use.
-// It may be called to prevent the socket being closed due to inactivity.
-func (cn *Conn) KeepAlive() error {
-	// This function is not required in App Engine "flexible environment".
-	return nil
-}
diff --git a/vendor/google.golang.org/appengine/timeout.go b/vendor/google.golang.org/appengine/timeout.go
index 05642a992..fcf3ad0a5 100644
--- a/vendor/google.golang.org/appengine/timeout.go
+++ b/vendor/google.golang.org/appengine/timeout.go
@@ -4,7 +4,7 @@
 
 package appengine
 
-import "golang.org/x/net/context"
+import "context"
 
 // IsTimeoutError reports whether err is a timeout error.
 func IsTimeoutError(err error) bool {
diff --git a/vendor/google.golang.org/appengine/travis_install.sh b/vendor/google.golang.org/appengine/travis_install.sh
deleted file mode 100644
index 785b62f46..000000000
--- a/vendor/google.golang.org/appengine/travis_install.sh
+++ /dev/null
@@ -1,18 +0,0 @@
-#!/bin/bash
-set -e
-
-if [[ $GO111MODULE == "on" ]]; then
-  go get .
-else
-  go get -u -v $(go list -f '{{join .Imports "\n"}}{{"\n"}}{{join .TestImports "\n"}}' ./... | sort | uniq | grep -v appengine)
-fi
-
-if [[ $GOAPP == "true" ]]; then
-  mkdir /tmp/sdk
-  curl -o /tmp/sdk.zip "https://storage.googleapis.com/appengine-sdks/featured/go_appengine_sdk_linux_amd64-1.9.68.zip"
-  unzip -q /tmp/sdk.zip -d /tmp/sdk
-  # NOTE: Set the following env vars in the test script:
-  # export PATH="$PATH:/tmp/sdk/go_appengine"
-  # export APPENGINE_DEV_APPSERVER=/tmp/sdk/go_appengine/dev_appserver.py
-fi
-
diff --git a/vendor/google.golang.org/appengine/travis_test.sh b/vendor/google.golang.org/appengine/travis_test.sh
deleted file mode 100644
index d4390f045..000000000
--- a/vendor/google.golang.org/appengine/travis_test.sh
+++ /dev/null
@@ -1,12 +0,0 @@
-#!/bin/bash
-set -e
-
-go version
-go test -v google.golang.org/appengine/...
-go test -v -race google.golang.org/appengine/...
-if [[ $GOAPP == "true" ]]; then
-  export PATH="$PATH:/tmp/sdk/go_appengine"
-  export APPENGINE_DEV_APPSERVER=/tmp/sdk/go_appengine/dev_appserver.py
-  goapp version
-  goapp test -v google.golang.org/appengine/...
-fi
diff --git a/vendor/google.golang.org/appengine/urlfetch/urlfetch.go b/vendor/google.golang.org/appengine/urlfetch/urlfetch.go
index 6ffe1e6d9..6c0d72418 100644
--- a/vendor/google.golang.org/appengine/urlfetch/urlfetch.go
+++ b/vendor/google.golang.org/appengine/urlfetch/urlfetch.go
@@ -7,6 +7,7 @@
 package urlfetch // import "google.golang.org/appengine/urlfetch"
 
 import (
+	"context"
 	"errors"
 	"fmt"
 	"io"
@@ -18,7 +19,6 @@ import (
 	"time"
 
 	"github.com/golang/protobuf/proto"
-	"golang.org/x/net/context"
 
 	"google.golang.org/appengine/internal"
 	pb "google.golang.org/appengine/internal/urlfetch"
@@ -44,11 +44,10 @@ type Transport struct {
 var _ http.RoundTripper = (*Transport)(nil)
 
 // Client returns an *http.Client using a default urlfetch Transport. This
-// client will have the default deadline of 5 seconds, and will check the
-// validity of SSL certificates.
+// client will check the validity of SSL certificates.
 //
-// Any deadline of the provided context will be used for requests through this client;
-// if the client does not have a deadline then a 5 second default is used.
+// Any deadline of the provided context will be used for requests through this client.
+// If the client does not have a deadline, then an App Engine default of 60 second is used.
 func Client(ctx context.Context) *http.Client {
 	return &http.Client{
 		Transport: &Transport{
diff --git a/vendor/google.golang.org/grpc/README.md b/vendor/google.golang.org/grpc/README.md
index 0e6ae69a5..ab0fbb79b 100644
--- a/vendor/google.golang.org/grpc/README.md
+++ b/vendor/google.golang.org/grpc/README.md
@@ -1,8 +1,8 @@
 # gRPC-Go
 
-[![Build Status](https://travis-ci.org/grpc/grpc-go.svg)](https://travis-ci.org/grpc/grpc-go)
 [![GoDoc](https://pkg.go.dev/badge/google.golang.org/grpc)][API]
 [![GoReportCard](https://goreportcard.com/badge/grpc/grpc-go)](https://goreportcard.com/report/github.com/grpc/grpc-go)
+[![codecov](https://codecov.io/gh/grpc/grpc-go/graph/badge.svg)](https://codecov.io/gh/grpc/grpc-go)
 
 The [Go][] implementation of [gRPC][]: A high performance, open source, general
 RPC framework that puts mobile and HTTP/2 first. For more information see the
@@ -14,21 +14,14 @@ RPC framework that puts mobile and HTTP/2 first. For more information see the
 
 ## Installation
 
-With [Go module][] support (Go 1.11+), simply add the following import
+Simply add the following import to your code, and then `go [build|run|test]`
+will automatically fetch the necessary dependencies:
+
 
 ```go
 import "google.golang.org/grpc"
 ```
 
-to your code, and then `go [build|run|test]` will automatically fetch the
-necessary dependencies.
-
-Otherwise, to install the `grpc-go` package, run the following command:
-
-```console
-$ go get -u google.golang.org/grpc
-```
-
 > **Note:** If you are trying to access `grpc-go` from **China**, see the
 > [FAQ](#FAQ) below.
 
@@ -56,15 +49,6 @@ To build Go code, there are several options:
 
 - Set up a VPN and access google.golang.org through that.
 
-- Without Go module support: `git clone` the repo manually:
-
-  ```sh
-  git clone https://github.com/grpc/grpc-go.git $GOPATH/src/google.golang.org/grpc
-  ```
-
-  You will need to do the same for all of grpc's dependencies in `golang.org`,
-  e.g. `golang.org/x/net`.
-
 - With Go module support: it is possible to use the `replace` feature of `go
   mod` to create aliases for golang.org packages.  In your project's directory:
 
@@ -76,33 +60,13 @@ To build Go code, there are several options:
   ```
 
   Again, this will need to be done for all transitive dependencies hosted on
-  golang.org as well. For details, refer to [golang/go issue #28652](https://github.com/golang/go/issues/28652).
+  golang.org as well. For details, refer to [golang/go issue
+  #28652](https://github.com/golang/go/issues/28652).
 
 ### Compiling error, undefined: grpc.SupportPackageIsVersion
 
-#### If you are using Go modules:
-
-Ensure your gRPC-Go version is `require`d at the appropriate version in
-the same module containing the generated `.pb.go` files.  For example,
-`SupportPackageIsVersion6` needs `v1.27.0`, so in your `go.mod` file:
-
-```go
-module <your module name>
-
-require (
-    google.golang.org/grpc v1.27.0
-)
-```
-
-#### If you are *not* using Go modules:
-
-Update the `proto` package, gRPC package, and rebuild the `.proto` files:
-
-```sh
-go get -u github.com/golang/protobuf/{proto,protoc-gen-go}
-go get -u google.golang.org/grpc
-protoc --go_out=plugins=grpc:. *.proto
-```
+Please update to the latest version of gRPC-Go using
+`go get google.golang.org/grpc`.
 
 ### How to turn on logging
 
@@ -121,9 +85,11 @@ possible reasons, including:
  1. mis-configured transport credentials, connection failed on handshaking
  1. bytes disrupted, possibly by a proxy in between
  1. server shutdown
- 1. Keepalive parameters caused connection shutdown, for example if you have configured
-    your server to terminate connections regularly to [trigger DNS lookups](https://github.com/grpc/grpc-go/issues/3170#issuecomment-552517779).
-    If this is the case, you may want to increase your [MaxConnectionAgeGrace](https://pkg.go.dev/google.golang.org/grpc/keepalive?tab=doc#ServerParameters),
+ 1. Keepalive parameters caused connection shutdown, for example if you have
+    configured your server to terminate connections regularly to [trigger DNS
+    lookups](https://github.com/grpc/grpc-go/issues/3170#issuecomment-552517779).
+    If this is the case, you may want to increase your
+    [MaxConnectionAgeGrace](https://pkg.go.dev/google.golang.org/grpc/keepalive?tab=doc#ServerParameters),
     to allow longer RPC calls to finish.
 
 It can be tricky to debug this because the error happens on the client side but
diff --git a/vendor/google.golang.org/grpc/attributes/attributes.go b/vendor/google.golang.org/grpc/attributes/attributes.go
index 3efca4591..52d530d7a 100644
--- a/vendor/google.golang.org/grpc/attributes/attributes.go
+++ b/vendor/google.golang.org/grpc/attributes/attributes.go
@@ -34,26 +34,26 @@ import (
 // key/value pairs.  Keys must be hashable, and users should define their own
 // types for keys.  Values should not be modified after they are added to an
 // Attributes or if they were received from one.  If values implement 'Equal(o
-// interface{}) bool', it will be called by (*Attributes).Equal to determine
-// whether two values with the same key should be considered equal.
+// any) bool', it will be called by (*Attributes).Equal to determine whether
+// two values with the same key should be considered equal.
 type Attributes struct {
-	m map[interface{}]interface{}
+	m map[any]any
 }
 
 // New returns a new Attributes containing the key/value pair.
-func New(key, value interface{}) *Attributes {
-	return &Attributes{m: map[interface{}]interface{}{key: value}}
+func New(key, value any) *Attributes {
+	return &Attributes{m: map[any]any{key: value}}
 }
 
 // WithValue returns a new Attributes containing the previous keys and values
 // and the new key/value pair.  If the same key appears multiple times, the
 // last value overwrites all previous values for that key.  To remove an
 // existing key, use a nil value.  value should not be modified later.
-func (a *Attributes) WithValue(key, value interface{}) *Attributes {
+func (a *Attributes) WithValue(key, value any) *Attributes {
 	if a == nil {
 		return New(key, value)
 	}
-	n := &Attributes{m: make(map[interface{}]interface{}, len(a.m)+1)}
+	n := &Attributes{m: make(map[any]any, len(a.m)+1)}
 	for k, v := range a.m {
 		n.m[k] = v
 	}
@@ -63,20 +63,19 @@ func (a *Attributes) WithValue(key, value interface{}) *Attributes {
 
 // Value returns the value associated with these attributes for key, or nil if
 // no value is associated with key.  The returned value should not be modified.
-func (a *Attributes) Value(key interface{}) interface{} {
+func (a *Attributes) Value(key any) any {
 	if a == nil {
 		return nil
 	}
 	return a.m[key]
 }
 
-// Equal returns whether a and o are equivalent.  If 'Equal(o interface{})
-// bool' is implemented for a value in the attributes, it is called to
-// determine if the value matches the one stored in the other attributes.  If
-// Equal is not implemented, standard equality is used to determine if the two
-// values are equal. Note that some types (e.g. maps) aren't comparable by
-// default, so they must be wrapped in a struct, or in an alias type, with Equal
-// defined.
+// Equal returns whether a and o are equivalent.  If 'Equal(o any) bool' is
+// implemented for a value in the attributes, it is called to determine if the
+// value matches the one stored in the other attributes.  If Equal is not
+// implemented, standard equality is used to determine if the two values are
+// equal. Note that some types (e.g. maps) aren't comparable by default, so
+// they must be wrapped in a struct, or in an alias type, with Equal defined.
 func (a *Attributes) Equal(o *Attributes) bool {
 	if a == nil && o == nil {
 		return true
@@ -93,7 +92,7 @@ func (a *Attributes) Equal(o *Attributes) bool {
 			// o missing element of a
 			return false
 		}
-		if eq, ok := v.(interface{ Equal(o interface{}) bool }); ok {
+		if eq, ok := v.(interface{ Equal(o any) bool }); ok {
 			if !eq.Equal(ov) {
 				return false
 			}
@@ -112,19 +111,31 @@ func (a *Attributes) String() string {
 	sb.WriteString("{")
 	first := true
 	for k, v := range a.m {
-		var key, val string
-		if str, ok := k.(interface{ String() string }); ok {
-			key = str.String()
-		}
-		if str, ok := v.(interface{ String() string }); ok {
-			val = str.String()
-		}
 		if !first {
 			sb.WriteString(", ")
 		}
-		sb.WriteString(fmt.Sprintf("%q: %q, ", key, val))
+		sb.WriteString(fmt.Sprintf("%q: %q ", str(k), str(v)))
 		first = false
 	}
 	sb.WriteString("}")
 	return sb.String()
 }
+
+func str(x any) (s string) {
+	if v, ok := x.(fmt.Stringer); ok {
+		return fmt.Sprint(v)
+	} else if v, ok := x.(string); ok {
+		return v
+	}
+	return fmt.Sprintf("<%p>", x)
+}
+
+// MarshalJSON helps implement the json.Marshaler interface, thereby rendering
+// the Attributes correctly when printing (via pretty.JSON) structs containing
+// Attributes as fields.
+//
+// Is it impossible to unmarshal attributes from a JSON representation and this
+// method is meant only for debugging purposes.
+func (a *Attributes) MarshalJSON() ([]byte, error) {
+	return []byte(a.String()), nil
+}
diff --git a/vendor/google.golang.org/grpc/balancer/balancer.go b/vendor/google.golang.org/grpc/balancer/balancer.go
index 8f00523c0..d79560a2e 100644
--- a/vendor/google.golang.org/grpc/balancer/balancer.go
+++ b/vendor/google.golang.org/grpc/balancer/balancer.go
@@ -30,6 +30,7 @@ import (
 	"google.golang.org/grpc/channelz"
 	"google.golang.org/grpc/connectivity"
 	"google.golang.org/grpc/credentials"
+	"google.golang.org/grpc/grpclog"
 	"google.golang.org/grpc/internal"
 	"google.golang.org/grpc/metadata"
 	"google.golang.org/grpc/resolver"
@@ -39,6 +40,8 @@ import (
 var (
 	// m is a map from name to balancer builder.
 	m = make(map[string]Builder)
+
+	logger = grpclog.Component("balancer")
 )
 
 // Register registers the balancer builder to the balancer map. b.Name
@@ -51,6 +54,12 @@ var (
 // an init() function), and is not thread-safe. If multiple Balancers are
 // registered with the same name, the one registered last will take effect.
 func Register(b Builder) {
+	if strings.ToLower(b.Name()) != b.Name() {
+		// TODO: Skip the use of strings.ToLower() to index the map after v1.59
+		// is released to switch to case sensitive balancer registry. Also,
+		// remove this warning and update the docstrings for Register and Get.
+		logger.Warningf("Balancer registered with name %q. grpc-go will be switching to case sensitive balancer registries soon", b.Name())
+	}
 	m[strings.ToLower(b.Name())] = b
 }
 
@@ -70,6 +79,12 @@ func init() {
 // Note that the compare is done in a case-insensitive fashion.
 // If no builder is register with the name, nil will be returned.
 func Get(name string) Builder {
+	if strings.ToLower(name) != name {
+		// TODO: Skip the use of strings.ToLower() to index the map after v1.59
+		// is released to switch to case sensitive balancer registry. Also,
+		// remove this warning and update the docstrings for Register and Get.
+		logger.Warningf("Balancer retrieved for name %q. grpc-go will be switching to case sensitive balancer registries soon", name)
+	}
 	if b, ok := m[strings.ToLower(name)]; ok {
 		return b
 	}
@@ -105,8 +120,8 @@ type SubConn interface {
 	//
 	// This will trigger a state transition for the SubConn.
 	//
-	// Deprecated: This method is now part of the ClientConn interface and will
-	// eventually be removed from here.
+	// Deprecated: this method will be removed.  Create new SubConns for new
+	// addresses instead.
 	UpdateAddresses([]resolver.Address)
 	// Connect starts the connecting for this SubConn.
 	Connect()
@@ -115,6 +130,13 @@ type SubConn interface {
 	// creates a new one and returns it.  Returns a close function which must
 	// be called when the Producer is no longer needed.
 	GetOrBuildProducer(ProducerBuilder) (p Producer, close func())
+	// Shutdown shuts down the SubConn gracefully.  Any started RPCs will be
+	// allowed to complete.  No future calls should be made on the SubConn.
+	// One final state update will be delivered to the StateListener (or
+	// UpdateSubConnState; deprecated) with ConnectivityState of Shutdown to
+	// indicate the shutdown operation.  This may be delivered before
+	// in-progress RPCs are complete and the actual connection is closed.
+	Shutdown()
 }
 
 // NewSubConnOptions contains options to create new SubConn.
@@ -129,6 +151,11 @@ type NewSubConnOptions struct {
 	// HealthCheckEnabled indicates whether health check service should be
 	// enabled on this SubConn
 	HealthCheckEnabled bool
+	// StateListener is called when the state of the subconn changes.  If nil,
+	// Balancer.UpdateSubConnState will be called instead.  Will never be
+	// invoked until after Connect() is called on the SubConn created with
+	// these options.
+	StateListener func(SubConnState)
 }
 
 // State contains the balancer's state relevant to the gRPC ClientConn.
@@ -150,16 +177,24 @@ type ClientConn interface {
 	// NewSubConn is called by balancer to create a new SubConn.
 	// It doesn't block and wait for the connections to be established.
 	// Behaviors of the SubConn can be controlled by options.
+	//
+	// Deprecated: please be aware that in a future version, SubConns will only
+	// support one address per SubConn.
 	NewSubConn([]resolver.Address, NewSubConnOptions) (SubConn, error)
 	// RemoveSubConn removes the SubConn from ClientConn.
 	// The SubConn will be shutdown.
+	//
+	// Deprecated: use SubConn.Shutdown instead.
 	RemoveSubConn(SubConn)
 	// UpdateAddresses updates the addresses used in the passed in SubConn.
 	// gRPC checks if the currently connected address is still in the new list.
 	// If so, the connection will be kept. Else, the connection will be
 	// gracefully closed, and a new connection will be created.
 	//
-	// This will trigger a state transition for the SubConn.
+	// This may trigger a state transition for the SubConn.
+	//
+	// Deprecated: this method will be removed.  Create new SubConns for new
+	// addresses instead.
 	UpdateAddresses(SubConn, []resolver.Address)
 
 	// UpdateState notifies gRPC that the balancer's internal state has
@@ -250,7 +285,7 @@ type DoneInfo struct {
 	// trailing metadata.
 	//
 	// The only supported type now is *orca_v3.LoadReport.
-	ServerLoad interface{}
+	ServerLoad any
 }
 
 var (
@@ -343,9 +378,13 @@ type Balancer interface {
 	ResolverError(error)
 	// UpdateSubConnState is called by gRPC when the state of a SubConn
 	// changes.
+	//
+	// Deprecated: Use NewSubConnOptions.StateListener when creating the
+	// SubConn instead.
 	UpdateSubConnState(SubConn, SubConnState)
-	// Close closes the balancer. The balancer is not required to call
-	// ClientConn.RemoveSubConn for its existing SubConns.
+	// Close closes the balancer. The balancer is not currently required to
+	// call SubConn.Shutdown for its existing SubConns; however, this will be
+	// required in a future release, so it is recommended.
 	Close()
 }
 
@@ -390,15 +429,14 @@ var ErrBadResolverState = errors.New("bad resolver state")
 type ProducerBuilder interface {
 	// Build creates a Producer.  The first parameter is always a
 	// grpc.ClientConnInterface (a type to allow creating RPCs/streams on the
-	// associated SubConn), but is declared as interface{} to avoid a
-	// dependency cycle.  Should also return a close function that will be
-	// called when all references to the Producer have been given up.
-	Build(grpcClientConnInterface interface{}) (p Producer, close func())
+	// associated SubConn), but is declared as `any` to avoid a dependency
+	// cycle.  Should also return a close function that will be called when all
+	// references to the Producer have been given up.
+	Build(grpcClientConnInterface any) (p Producer, close func())
 }
 
 // A Producer is a type shared among potentially many consumers.  It is
 // associated with a SubConn, and an implementation will typically contain
 // other methods to provide additional functionality, e.g. configuration or
 // subscription registration.
-type Producer interface {
-}
+type Producer any
diff --git a/vendor/google.golang.org/grpc/balancer/base/balancer.go b/vendor/google.golang.org/grpc/balancer/base/balancer.go
index 3929c26d3..a7f1eeec8 100644
--- a/vendor/google.golang.org/grpc/balancer/base/balancer.go
+++ b/vendor/google.golang.org/grpc/balancer/base/balancer.go
@@ -105,7 +105,12 @@ func (b *baseBalancer) UpdateClientConnState(s balancer.ClientConnState) error {
 		addrsSet.Set(a, nil)
 		if _, ok := b.subConns.Get(a); !ok {
 			// a is a new address (not existing in b.subConns).
-			sc, err := b.cc.NewSubConn([]resolver.Address{a}, balancer.NewSubConnOptions{HealthCheckEnabled: b.config.HealthCheck})
+			var sc balancer.SubConn
+			opts := balancer.NewSubConnOptions{
+				HealthCheckEnabled: b.config.HealthCheck,
+				StateListener:      func(scs balancer.SubConnState) { b.updateSubConnState(sc, scs) },
+			}
+			sc, err := b.cc.NewSubConn([]resolver.Address{a}, opts)
 			if err != nil {
 				logger.Warningf("base.baseBalancer: failed to create new SubConn: %v", err)
 				continue
@@ -121,10 +126,10 @@ func (b *baseBalancer) UpdateClientConnState(s balancer.ClientConnState) error {
 		sc := sci.(balancer.SubConn)
 		// a was removed by resolver.
 		if _, ok := addrsSet.Get(a); !ok {
-			b.cc.RemoveSubConn(sc)
+			sc.Shutdown()
 			b.subConns.Delete(a)
 			// Keep the state of this sc in b.scStates until sc's state becomes Shutdown.
-			// The entry will be deleted in UpdateSubConnState.
+			// The entry will be deleted in updateSubConnState.
 		}
 	}
 	// If resolver state contains no addresses, return an error so ClientConn
@@ -177,7 +182,12 @@ func (b *baseBalancer) regeneratePicker() {
 	b.picker = b.pickerBuilder.Build(PickerBuildInfo{ReadySCs: readySCs})
 }
 
+// UpdateSubConnState is a nop because a StateListener is always set in NewSubConn.
 func (b *baseBalancer) UpdateSubConnState(sc balancer.SubConn, state balancer.SubConnState) {
+	logger.Errorf("base.baseBalancer: UpdateSubConnState(%v, %+v) called unexpectedly", sc, state)
+}
+
+func (b *baseBalancer) updateSubConnState(sc balancer.SubConn, state balancer.SubConnState) {
 	s := state.ConnectivityState
 	if logger.V(2) {
 		logger.Infof("base.baseBalancer: handle SubConn state change: %p, %v", sc, s)
@@ -204,8 +214,8 @@ func (b *baseBalancer) UpdateSubConnState(sc balancer.SubConn, state balancer.Su
 	case connectivity.Idle:
 		sc.Connect()
 	case connectivity.Shutdown:
-		// When an address was removed by resolver, b called RemoveSubConn but
-		// kept the sc's state in scStates. Remove state for this sc here.
+		// When an address was removed by resolver, b called Shutdown but kept
+		// the sc's state in scStates. Remove state for this sc here.
 		delete(b.scStates, sc)
 	case connectivity.TransientFailure:
 		// Save error to be reported via picker.
@@ -226,7 +236,7 @@ func (b *baseBalancer) UpdateSubConnState(sc balancer.SubConn, state balancer.Su
 }
 
 // Close is a nop because base balancer doesn't have internal state to clean up,
-// and it doesn't need to call RemoveSubConn for the SubConns.
+// and it doesn't need to call Shutdown for the SubConns.
 func (b *baseBalancer) Close() {
 }
 
diff --git a/vendor/google.golang.org/grpc/balancer_conn_wrappers.go b/vendor/google.golang.org/grpc/balancer_conn_wrappers.go
index 04b9ad411..a4411c22b 100644
--- a/vendor/google.golang.org/grpc/balancer_conn_wrappers.go
+++ b/vendor/google.golang.org/grpc/balancer_conn_wrappers.go
@@ -99,20 +99,6 @@ func (ccb *ccBalancerWrapper) updateClientConnState(ccs *balancer.ClientConnStat
 	// lock held. But the lock guards only the scheduling part. The actual
 	// callback is called asynchronously without the lock being held.
 	ok := ccb.serializer.Schedule(func(_ context.Context) {
-		// If the addresses specified in the update contain addresses of type
-		// "grpclb" and the selected LB policy is not "grpclb", these addresses
-		// will be filtered out and ccs will be modified with the updated
-		// address list.
-		if ccb.curBalancerName != grpclbName {
-			var addrs []resolver.Address
-			for _, addr := range ccs.ResolverState.Addresses {
-				if addr.Type == resolver.GRPCLB {
-					continue
-				}
-				addrs = append(addrs, addr)
-			}
-			ccs.ResolverState.Addresses = addrs
-		}
 		errCh <- ccb.balancer.UpdateClientConnState(*ccs)
 	})
 	if !ok {
@@ -139,7 +125,9 @@ func (ccb *ccBalancerWrapper) updateClientConnState(ccs *balancer.ClientConnStat
 func (ccb *ccBalancerWrapper) updateSubConnState(sc balancer.SubConn, s connectivity.State, err error) {
 	ccb.mu.Lock()
 	ccb.serializer.Schedule(func(_ context.Context) {
-		ccb.balancer.UpdateSubConnState(sc, balancer.SubConnState{ConnectivityState: s, ConnectionError: err})
+		// Even though it is optional for balancers, gracefulswitch ensures
+		// opts.StateListener is set, so this cannot ever be nil.
+		sc.(*acBalancerWrapper).stateListener(balancer.SubConnState{ConnectivityState: s, ConnectionError: err})
 	})
 	ccb.mu.Unlock()
 }
@@ -221,7 +209,7 @@ func (ccb *ccBalancerWrapper) closeBalancer(m ccbMode) {
 	}
 
 	ccb.mode = m
-	done := ccb.serializer.Done
+	done := ccb.serializer.Done()
 	b := ccb.balancer
 	ok := ccb.serializer.Schedule(func(_ context.Context) {
 		// Close the serializer to ensure that no more calls from gRPC are sent
@@ -238,11 +226,9 @@ func (ccb *ccBalancerWrapper) closeBalancer(m ccbMode) {
 	}
 	ccb.mu.Unlock()
 
-	// Give enqueued callbacks a chance to finish.
+	// Give enqueued callbacks a chance to finish before closing the balancer.
 	<-done
-	// Spawn a goroutine to close the balancer (since it may block trying to
-	// cleanup all allocated resources) and return early.
-	go b.Close()
+	b.Close()
 }
 
 // exitIdleMode is invoked by grpc when the channel exits idle mode either
@@ -314,29 +300,19 @@ func (ccb *ccBalancerWrapper) NewSubConn(addrs []resolver.Address, opts balancer
 		channelz.Warningf(logger, ccb.cc.channelzID, "acBalancerWrapper: NewSubConn: failed to newAddrConn: %v", err)
 		return nil, err
 	}
-	acbw := &acBalancerWrapper{ac: ac, producers: make(map[balancer.ProducerBuilder]*refCountedProducer)}
+	acbw := &acBalancerWrapper{
+		ccb:           ccb,
+		ac:            ac,
+		producers:     make(map[balancer.ProducerBuilder]*refCountedProducer),
+		stateListener: opts.StateListener,
+	}
 	ac.acbw = acbw
 	return acbw, nil
 }
 
 func (ccb *ccBalancerWrapper) RemoveSubConn(sc balancer.SubConn) {
-	if ccb.isIdleOrClosed() {
-		// It it safe to ignore this call when the balancer is closed or in idle
-		// because the ClientConn takes care of closing the connections.
-		//
-		// Not returning early from here when the balancer is closed or in idle
-		// leads to a deadlock though, because of the following sequence of
-		// calls when holding cc.mu:
-		// cc.exitIdleMode --> ccb.enterIdleMode --> gsw.Close -->
-		// ccb.RemoveAddrConn --> cc.removeAddrConn
-		return
-	}
-
-	acbw, ok := sc.(*acBalancerWrapper)
-	if !ok {
-		return
-	}
-	ccb.cc.removeAddrConn(acbw.ac, errConnDrain)
+	// The graceful switch balancer will never call this.
+	logger.Errorf("ccb RemoveSubConn(%v) called unexpectedly, sc")
 }
 
 func (ccb *ccBalancerWrapper) UpdateAddresses(sc balancer.SubConn, addrs []resolver.Address) {
@@ -380,7 +356,9 @@ func (ccb *ccBalancerWrapper) Target() string {
 // acBalancerWrapper is a wrapper on top of ac for balancers.
 // It implements balancer.SubConn interface.
 type acBalancerWrapper struct {
-	ac *addrConn // read-only
+	ac            *addrConn          // read-only
+	ccb           *ccBalancerWrapper // read-only
+	stateListener func(balancer.SubConnState)
 
 	mu        sync.Mutex
 	producers map[balancer.ProducerBuilder]*refCountedProducer
@@ -398,6 +376,23 @@ func (acbw *acBalancerWrapper) Connect() {
 	go acbw.ac.connect()
 }
 
+func (acbw *acBalancerWrapper) Shutdown() {
+	ccb := acbw.ccb
+	if ccb.isIdleOrClosed() {
+		// It it safe to ignore this call when the balancer is closed or in idle
+		// because the ClientConn takes care of closing the connections.
+		//
+		// Not returning early from here when the balancer is closed or in idle
+		// leads to a deadlock though, because of the following sequence of
+		// calls when holding cc.mu:
+		// cc.exitIdleMode --> ccb.enterIdleMode --> gsw.Close -->
+		// ccb.RemoveAddrConn --> cc.removeAddrConn
+		return
+	}
+
+	ccb.cc.removeAddrConn(acbw.ac, errConnDrain)
+}
+
 // NewStream begins a streaming RPC on the addrConn.  If the addrConn is not
 // ready, blocks until it is or ctx expires.  Returns an error when the context
 // expires or the addrConn is shut down.
@@ -411,7 +406,7 @@ func (acbw *acBalancerWrapper) NewStream(ctx context.Context, desc *StreamDesc,
 
 // Invoke performs a unary RPC.  If the addrConn is not ready, returns
 // errSubConnNotReady.
-func (acbw *acBalancerWrapper) Invoke(ctx context.Context, method string, args interface{}, reply interface{}, opts ...CallOption) error {
+func (acbw *acBalancerWrapper) Invoke(ctx context.Context, method string, args any, reply any, opts ...CallOption) error {
 	cs, err := acbw.NewStream(ctx, unaryStreamDesc, method, opts...)
 	if err != nil {
 		return err
diff --git a/vendor/google.golang.org/grpc/binarylog/grpc_binarylog_v1/binarylog.pb.go b/vendor/google.golang.org/grpc/binarylog/grpc_binarylog_v1/binarylog.pb.go
index ec2c2fa14..595480112 100644
--- a/vendor/google.golang.org/grpc/binarylog/grpc_binarylog_v1/binarylog.pb.go
+++ b/vendor/google.golang.org/grpc/binarylog/grpc_binarylog_v1/binarylog.pb.go
@@ -18,7 +18,7 @@
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.30.0
+// 	protoc-gen-go v1.31.0
 // 	protoc        v4.22.0
 // source: grpc/binlog/v1/binarylog.proto
 
diff --git a/vendor/google.golang.org/grpc/call.go b/vendor/google.golang.org/grpc/call.go
index e6a1dc5d7..788c89c16 100644
--- a/vendor/google.golang.org/grpc/call.go
+++ b/vendor/google.golang.org/grpc/call.go
@@ -26,12 +26,7 @@ import (
 // received.  This is typically called by generated code.
 //
 // All errors returned by Invoke are compatible with the status package.
-func (cc *ClientConn) Invoke(ctx context.Context, method string, args, reply interface{}, opts ...CallOption) error {
-	if err := cc.idlenessMgr.onCallBegin(); err != nil {
-		return err
-	}
-	defer cc.idlenessMgr.onCallEnd()
-
+func (cc *ClientConn) Invoke(ctx context.Context, method string, args, reply any, opts ...CallOption) error {
 	// allow interceptor to see all applicable call options, which means those
 	// configured as defaults from dial option as well as per-call options
 	opts = combine(cc.dopts.callOptions, opts)
@@ -61,13 +56,13 @@ func combine(o1 []CallOption, o2 []CallOption) []CallOption {
 // received.  This is typically called by generated code.
 //
 // DEPRECATED: Use ClientConn.Invoke instead.
-func Invoke(ctx context.Context, method string, args, reply interface{}, cc *ClientConn, opts ...CallOption) error {
+func Invoke(ctx context.Context, method string, args, reply any, cc *ClientConn, opts ...CallOption) error {
 	return cc.Invoke(ctx, method, args, reply, opts...)
 }
 
 var unaryStreamDesc = &StreamDesc{ServerStreams: false, ClientStreams: false}
 
-func invoke(ctx context.Context, method string, req, reply interface{}, cc *ClientConn, opts ...CallOption) error {
+func invoke(ctx context.Context, method string, req, reply any, cc *ClientConn, opts ...CallOption) error {
 	cs, err := newClientStream(ctx, unaryStreamDesc, cc, method, opts...)
 	if err != nil {
 		return err
diff --git a/vendor/google.golang.org/grpc/clientconn.go b/vendor/google.golang.org/grpc/clientconn.go
index 95a7459b0..429c389e4 100644
--- a/vendor/google.golang.org/grpc/clientconn.go
+++ b/vendor/google.golang.org/grpc/clientconn.go
@@ -34,9 +34,12 @@ import (
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/connectivity"
 	"google.golang.org/grpc/credentials"
+	"google.golang.org/grpc/internal"
 	"google.golang.org/grpc/internal/backoff"
 	"google.golang.org/grpc/internal/channelz"
 	"google.golang.org/grpc/internal/grpcsync"
+	"google.golang.org/grpc/internal/idle"
+	"google.golang.org/grpc/internal/pretty"
 	iresolver "google.golang.org/grpc/internal/resolver"
 	"google.golang.org/grpc/internal/transport"
 	"google.golang.org/grpc/keepalive"
@@ -53,8 +56,6 @@ import (
 const (
 	// minimum time to give a connection to complete
 	minConnectTimeout = 20 * time.Second
-	// must match grpclbName in grpclb/grpclb.go
-	grpclbName = "grpclb"
 )
 
 var (
@@ -137,7 +138,6 @@ func (dcs *defaultConfigSelector) SelectConfig(rpcInfo iresolver.RPCInfo) (*ires
 func DialContext(ctx context.Context, target string, opts ...DialOption) (conn *ClientConn, err error) {
 	cc := &ClientConn{
 		target: target,
-		csMgr:  &connectivityStateManager{},
 		conns:  make(map[*addrConn]struct{}),
 		dopts:  defaultDialOptions(),
 		czData: new(channelzData),
@@ -190,6 +190,8 @@ func DialContext(ctx context.Context, target string, opts ...DialOption) (conn *
 	// Register ClientConn with channelz.
 	cc.channelzRegistration(target)
 
+	cc.csMgr = newConnectivityStateManager(cc.ctx, cc.channelzID)
+
 	if err := cc.validateTransportCredentials(); err != nil {
 		return nil, err
 	}
@@ -265,7 +267,7 @@ func DialContext(ctx context.Context, target string, opts ...DialOption) (conn *
 	// Configure idleness support with configured idle timeout or default idle
 	// timeout duration. Idleness can be explicitly disabled by the user, by
 	// setting the dial option to 0.
-	cc.idlenessMgr = newIdlenessManager(cc, cc.dopts.idleTimeout)
+	cc.idlenessMgr = idle.NewManager(idle.ManagerOptions{Enforcer: (*idler)(cc), Timeout: cc.dopts.idleTimeout, Logger: logger})
 
 	// Return early for non-blocking dials.
 	if !cc.dopts.block {
@@ -316,6 +318,16 @@ func (cc *ClientConn) addTraceEvent(msg string) {
 	channelz.AddTraceEvent(logger, cc.channelzID, 0, ted)
 }
 
+type idler ClientConn
+
+func (i *idler) EnterIdleMode() error {
+	return (*ClientConn)(i).enterIdleMode()
+}
+
+func (i *idler) ExitIdleMode() error {
+	return (*ClientConn)(i).exitIdleMode()
+}
+
 // exitIdleMode moves the channel out of idle mode by recreating the name
 // resolver and load balancer.
 func (cc *ClientConn) exitIdleMode() error {
@@ -325,8 +337,8 @@ func (cc *ClientConn) exitIdleMode() error {
 		return errConnClosing
 	}
 	if cc.idlenessState != ccIdlenessStateIdle {
+		channelz.Infof(logger, cc.channelzID, "ClientConn asked to exit idle mode, current mode is %v", cc.idlenessState)
 		cc.mu.Unlock()
-		logger.Info("ClientConn asked to exit idle mode when not in idle mode")
 		return nil
 	}
 
@@ -349,7 +361,7 @@ func (cc *ClientConn) exitIdleMode() error {
 	cc.idlenessState = ccIdlenessStateExitingIdle
 	exitedIdle := false
 	if cc.blockingpicker == nil {
-		cc.blockingpicker = newPickerWrapper()
+		cc.blockingpicker = newPickerWrapper(cc.dopts.copts.StatsHandlers)
 	} else {
 		cc.blockingpicker.exitIdleMode()
 		exitedIdle = true
@@ -392,12 +404,13 @@ func (cc *ClientConn) exitIdleMode() error {
 // name resolver, load balancer and any subchannels.
 func (cc *ClientConn) enterIdleMode() error {
 	cc.mu.Lock()
+	defer cc.mu.Unlock()
+
 	if cc.conns == nil {
-		cc.mu.Unlock()
 		return ErrClientConnClosing
 	}
 	if cc.idlenessState != ccIdlenessStateActive {
-		logger.Error("ClientConn asked to enter idle mode when not active")
+		channelz.Warningf(logger, cc.channelzID, "ClientConn asked to enter idle mode, current mode is %v", cc.idlenessState)
 		return nil
 	}
 
@@ -418,14 +431,14 @@ func (cc *ClientConn) enterIdleMode() error {
 	cc.balancerWrapper.enterIdleMode()
 	cc.csMgr.updateState(connectivity.Idle)
 	cc.idlenessState = ccIdlenessStateIdle
-	cc.mu.Unlock()
+	cc.addTraceEvent("entering idle mode")
 
 	go func() {
-		cc.addTraceEvent("entering idle mode")
 		for ac := range conns {
 			ac.tearDown(errConnIdling)
 		}
 	}()
+
 	return nil
 }
 
@@ -474,7 +487,6 @@ func (cc *ClientConn) validateTransportCredentials() error {
 func (cc *ClientConn) channelzRegistration(target string) {
 	cc.channelzID = channelz.RegisterChannel(&channelzChannel{cc}, cc.dopts.channelzParentID, target)
 	cc.addTraceEvent("created")
-	cc.csMgr.channelzID = cc.channelzID
 }
 
 // chainUnaryClientInterceptors chains all unary client interceptors into one.
@@ -491,7 +503,7 @@ func chainUnaryClientInterceptors(cc *ClientConn) {
 	} else if len(interceptors) == 1 {
 		chainedInt = interceptors[0]
 	} else {
-		chainedInt = func(ctx context.Context, method string, req, reply interface{}, cc *ClientConn, invoker UnaryInvoker, opts ...CallOption) error {
+		chainedInt = func(ctx context.Context, method string, req, reply any, cc *ClientConn, invoker UnaryInvoker, opts ...CallOption) error {
 			return interceptors[0](ctx, method, req, reply, cc, getChainUnaryInvoker(interceptors, 0, invoker), opts...)
 		}
 	}
@@ -503,7 +515,7 @@ func getChainUnaryInvoker(interceptors []UnaryClientInterceptor, curr int, final
 	if curr == len(interceptors)-1 {
 		return finalInvoker
 	}
-	return func(ctx context.Context, method string, req, reply interface{}, cc *ClientConn, opts ...CallOption) error {
+	return func(ctx context.Context, method string, req, reply any, cc *ClientConn, opts ...CallOption) error {
 		return interceptors[curr+1](ctx, method, req, reply, cc, getChainUnaryInvoker(interceptors, curr+1, finalInvoker), opts...)
 	}
 }
@@ -539,13 +551,27 @@ func getChainStreamer(interceptors []StreamClientInterceptor, curr int, finalStr
 	}
 }
 
+// newConnectivityStateManager creates an connectivityStateManager with
+// the specified id.
+func newConnectivityStateManager(ctx context.Context, id *channelz.Identifier) *connectivityStateManager {
+	return &connectivityStateManager{
+		channelzID: id,
+		pubSub:     grpcsync.NewPubSub(ctx),
+	}
+}
+
 // connectivityStateManager keeps the connectivity.State of ClientConn.
 // This struct will eventually be exported so the balancers can access it.
+//
+// TODO: If possible, get rid of the `connectivityStateManager` type, and
+// provide this functionality using the `PubSub`, to avoid keeping track of
+// the connectivity state at two places.
 type connectivityStateManager struct {
 	mu         sync.Mutex
 	state      connectivity.State
 	notifyChan chan struct{}
 	channelzID *channelz.Identifier
+	pubSub     *grpcsync.PubSub
 }
 
 // updateState updates the connectivity.State of ClientConn.
@@ -561,6 +587,8 @@ func (csm *connectivityStateManager) updateState(state connectivity.State) {
 		return
 	}
 	csm.state = state
+	csm.pubSub.Publish(state)
+
 	channelz.Infof(logger, csm.channelzID, "Channel Connectivity change to %v", state)
 	if csm.notifyChan != nil {
 		// There are other goroutines waiting on this channel.
@@ -590,7 +618,7 @@ func (csm *connectivityStateManager) getNotifyChan() <-chan struct{} {
 type ClientConnInterface interface {
 	// Invoke performs a unary RPC and returns after the response is received
 	// into reply.
-	Invoke(ctx context.Context, method string, args interface{}, reply interface{}, opts ...CallOption) error
+	Invoke(ctx context.Context, method string, args any, reply any, opts ...CallOption) error
 	// NewStream begins a streaming RPC.
 	NewStream(ctx context.Context, desc *StreamDesc, method string, opts ...CallOption) (ClientStream, error)
 }
@@ -622,7 +650,7 @@ type ClientConn struct {
 	channelzID      *channelz.Identifier // Channelz identifier for the channel.
 	resolverBuilder resolver.Builder     // See parseTargetAndFindResolver().
 	balancerWrapper *ccBalancerWrapper   // Uses gracefulswitch.balancer underneath.
-	idlenessMgr     idlenessManager
+	idlenessMgr     idle.Manager
 
 	// The following provide their own synchronization, and therefore don't
 	// require cc.mu to be held to access them.
@@ -668,6 +696,19 @@ const (
 	ccIdlenessStateExitingIdle
 )
 
+func (s ccIdlenessState) String() string {
+	switch s {
+	case ccIdlenessStateActive:
+		return "active"
+	case ccIdlenessStateIdle:
+		return "idle"
+	case ccIdlenessStateExitingIdle:
+		return "exitingIdle"
+	default:
+		return "unknown"
+	}
+}
+
 // WaitForStateChange waits until the connectivity.State of ClientConn changes from sourceState or
 // ctx expires. A true value is returned in former case and false in latter.
 //
@@ -759,6 +800,16 @@ func init() {
 		panic(fmt.Sprintf("impossible error parsing empty service config: %v", cfg.Err))
 	}
 	emptyServiceConfig = cfg.Config.(*ServiceConfig)
+
+	internal.SubscribeToConnectivityStateChanges = func(cc *ClientConn, s grpcsync.Subscriber) func() {
+		return cc.csMgr.pubSub.Subscribe(s)
+	}
+	internal.EnterIdleModeForTesting = func(cc *ClientConn) error {
+		return cc.enterIdleMode()
+	}
+	internal.ExitIdleModeForTesting = func(cc *ClientConn) error {
+		return cc.exitIdleMode()
+	}
 }
 
 func (cc *ClientConn) maybeApplyDefaultServiceConfig(addrs []resolver.Address) {
@@ -867,6 +918,20 @@ func (cc *ClientConn) handleSubConnStateChange(sc balancer.SubConn, s connectivi
 	cc.balancerWrapper.updateSubConnState(sc, s, err)
 }
 
+// Makes a copy of the input addresses slice and clears out the balancer
+// attributes field. Addresses are passed during subconn creation and address
+// update operations. In both cases, we will clear the balancer attributes by
+// calling this function, and therefore we will be able to use the Equal method
+// provided by the resolver.Address type for comparison.
+func copyAddressesWithoutBalancerAttributes(in []resolver.Address) []resolver.Address {
+	out := make([]resolver.Address, len(in))
+	for i := range in {
+		out[i] = in[i]
+		out[i].BalancerAttributes = nil
+	}
+	return out
+}
+
 // newAddrConn creates an addrConn for addrs and adds it to cc.conns.
 //
 // Caller needs to make sure len(addrs) > 0.
@@ -874,7 +939,7 @@ func (cc *ClientConn) newAddrConn(addrs []resolver.Address, opts balancer.NewSub
 	ac := &addrConn{
 		state:        connectivity.Idle,
 		cc:           cc,
-		addrs:        addrs,
+		addrs:        copyAddressesWithoutBalancerAttributes(addrs),
 		scopts:       opts,
 		dopts:        cc.dopts,
 		czData:       new(channelzData),
@@ -995,8 +1060,9 @@ func equalAddresses(a, b []resolver.Address) bool {
 // connections or connection attempts.
 func (ac *addrConn) updateAddrs(addrs []resolver.Address) {
 	ac.mu.Lock()
-	channelz.Infof(logger, ac.channelzID, "addrConn: updateAddrs curAddr: %v, addrs: %v", ac.curAddr, addrs)
+	channelz.Infof(logger, ac.channelzID, "addrConn: updateAddrs curAddr: %v, addrs: %v", pretty.ToJSON(ac.curAddr), pretty.ToJSON(addrs))
 
+	addrs = copyAddressesWithoutBalancerAttributes(addrs)
 	if equalAddresses(ac.addrs, addrs) {
 		ac.mu.Unlock()
 		return
@@ -1031,8 +1097,8 @@ func (ac *addrConn) updateAddrs(addrs []resolver.Address) {
 	ac.cancel()
 	ac.ctx, ac.cancel = context.WithCancel(ac.cc.ctx)
 
-	// We have to defer here because GracefulClose => Close => onClose, which
-	// requires locking ac.mu.
+	// We have to defer here because GracefulClose => onClose, which requires
+	// locking ac.mu.
 	if ac.transport != nil {
 		defer ac.transport.GracefulClose()
 		ac.transport = nil
@@ -1137,23 +1203,13 @@ func (cc *ClientConn) applyServiceConfigAndBalancer(sc *ServiceConfig, configSel
 	}
 
 	var newBalancerName string
-	if cc.sc != nil && cc.sc.lbConfig != nil {
+	if cc.sc == nil || (cc.sc.lbConfig == nil && cc.sc.LB == nil) {
+		// No service config or no LB policy specified in config.
+		newBalancerName = PickFirstBalancerName
+	} else if cc.sc.lbConfig != nil {
 		newBalancerName = cc.sc.lbConfig.name
-	} else {
-		var isGRPCLB bool
-		for _, a := range addrs {
-			if a.Type == resolver.GRPCLB {
-				isGRPCLB = true
-				break
-			}
-		}
-		if isGRPCLB {
-			newBalancerName = grpclbName
-		} else if cc.sc != nil && cc.sc.LB != nil {
-			newBalancerName = *cc.sc.LB
-		} else {
-			newBalancerName = PickFirstBalancerName
-		}
+	} else { // cc.sc.LB != nil
+		newBalancerName = *cc.sc.LB
 	}
 	cc.balancerWrapper.switchTo(newBalancerName)
 }
@@ -1192,7 +1248,10 @@ func (cc *ClientConn) ResetConnectBackoff() {
 
 // Close tears down the ClientConn and all underlying connections.
 func (cc *ClientConn) Close() error {
-	defer cc.cancel()
+	defer func() {
+		cc.cancel()
+		<-cc.csMgr.pubSub.Done()
+	}()
 
 	cc.mu.Lock()
 	if cc.conns == nil {
@@ -1226,7 +1285,7 @@ func (cc *ClientConn) Close() error {
 		rWrapper.close()
 	}
 	if idlenessMgr != nil {
-		idlenessMgr.close()
+		idlenessMgr.Close()
 	}
 
 	for ac := range conns {
@@ -1336,12 +1395,14 @@ func (ac *addrConn) resetTransport() {
 
 	if err := ac.tryAllAddrs(acCtx, addrs, connectDeadline); err != nil {
 		ac.cc.resolveNow(resolver.ResolveNowOptions{})
-		// After exhausting all addresses, the addrConn enters
-		// TRANSIENT_FAILURE.
+		ac.mu.Lock()
 		if acCtx.Err() != nil {
+			// addrConn was torn down.
+			ac.mu.Unlock()
 			return
 		}
-		ac.mu.Lock()
+		// After exhausting all addresses, the addrConn enters
+		// TRANSIENT_FAILURE.
 		ac.updateConnectivityState(connectivity.TransientFailure, err)
 
 		// Backoff.
@@ -1537,7 +1598,7 @@ func (ac *addrConn) startHealthCheck(ctx context.Context) {
 
 	// Set up the health check helper functions.
 	currentTr := ac.transport
-	newStream := func(method string) (interface{}, error) {
+	newStream := func(method string) (any, error) {
 		ac.mu.Lock()
 		if ac.transport != currentTr {
 			ac.mu.Unlock()
@@ -1625,16 +1686,7 @@ func (ac *addrConn) tearDown(err error) {
 	ac.updateConnectivityState(connectivity.Shutdown, nil)
 	ac.cancel()
 	ac.curAddr = resolver.Address{}
-	if err == errConnDrain && curTr != nil {
-		// GracefulClose(...) may be executed multiple times when
-		// i) receiving multiple GoAway frames from the server; or
-		// ii) there are concurrent name resolver/Balancer triggered
-		// address removal and GoAway.
-		// We have to unlock and re-lock here because GracefulClose => Close => onClose, which requires locking ac.mu.
-		ac.mu.Unlock()
-		curTr.GracefulClose()
-		ac.mu.Lock()
-	}
+
 	channelz.AddTraceEvent(logger, ac.channelzID, 0, &channelz.TraceEventDesc{
 		Desc:     "Subchannel deleted",
 		Severity: channelz.CtInfo,
@@ -1648,6 +1700,29 @@ func (ac *addrConn) tearDown(err error) {
 	// being deleted right away.
 	channelz.RemoveEntry(ac.channelzID)
 	ac.mu.Unlock()
+
+	// We have to release the lock before the call to GracefulClose/Close here
+	// because both of them call onClose(), which requires locking ac.mu.
+	if curTr != nil {
+		if err == errConnDrain {
+			// Close the transport gracefully when the subConn is being shutdown.
+			//
+			// GracefulClose() may be executed multiple times if:
+			// - multiple GoAway frames are received from the server
+			// - there are concurrent name resolver or balancer triggered
+			//   address removal and GoAway
+			curTr.GracefulClose()
+		} else {
+			// Hard close the transport when the channel is entering idle or is
+			// being shutdown. In the case where the channel is being shutdown,
+			// closing of transports is also taken care of by cancelation of cc.ctx.
+			// But in the case where the channel is entering idle, we need to
+			// explicitly close the transports here. Instead of distinguishing
+			// between these two cases, it is simpler to close the transport
+			// unconditionally here.
+			curTr.Close(err)
+		}
+	}
 }
 
 func (ac *addrConn) getState() connectivity.State {
@@ -1807,19 +1882,70 @@ func (cc *ClientConn) parseTargetAndFindResolver() error {
 }
 
 // parseTarget uses RFC 3986 semantics to parse the given target into a
-// resolver.Target struct containing scheme, authority and url. Query
-// params are stripped from the endpoint.
+// resolver.Target struct containing url. Query params are stripped from the
+// endpoint.
 func parseTarget(target string) (resolver.Target, error) {
 	u, err := url.Parse(target)
 	if err != nil {
 		return resolver.Target{}, err
 	}
 
-	return resolver.Target{
-		Scheme:    u.Scheme,
-		Authority: u.Host,
-		URL:       *u,
-	}, nil
+	return resolver.Target{URL: *u}, nil
+}
+
+func encodeAuthority(authority string) string {
+	const upperhex = "0123456789ABCDEF"
+
+	// Return for characters that must be escaped as per
+	// Valid chars are mentioned here:
+	// https://datatracker.ietf.org/doc/html/rfc3986#section-3.2
+	shouldEscape := func(c byte) bool {
+		// Alphanum are always allowed.
+		if 'a' <= c && c <= 'z' || 'A' <= c && c <= 'Z' || '0' <= c && c <= '9' {
+			return false
+		}
+		switch c {
+		case '-', '_', '.', '~': // Unreserved characters
+			return false
+		case '!', '$', '&', '\'', '(', ')', '*', '+', ',', ';', '=': // Subdelim characters
+			return false
+		case ':', '[', ']', '@': // Authority related delimeters
+			return false
+		}
+		// Everything else must be escaped.
+		return true
+	}
+
+	hexCount := 0
+	for i := 0; i < len(authority); i++ {
+		c := authority[i]
+		if shouldEscape(c) {
+			hexCount++
+		}
+	}
+
+	if hexCount == 0 {
+		return authority
+	}
+
+	required := len(authority) + 2*hexCount
+	t := make([]byte, required)
+
+	j := 0
+	// This logic is a barebones version of escape in the go net/url library.
+	for i := 0; i < len(authority); i++ {
+		switch c := authority[i]; {
+		case shouldEscape(c):
+			t[j] = '%'
+			t[j+1] = upperhex[c>>4]
+			t[j+2] = upperhex[c&15]
+			j += 3
+		default:
+			t[j] = authority[i]
+			j++
+		}
+	}
+	return string(t)
 }
 
 // Determine channel authority. The order of precedence is as follows:
@@ -1872,7 +1998,11 @@ func (cc *ClientConn) determineAuthority() error {
 		// the channel authority given the user's dial target. For resolvers
 		// which don't implement this interface, we will use the endpoint from
 		// "scheme://authority/endpoint" as the default authority.
-		cc.authority = endpoint
+		// Escape the endpoint to handle use cases where the endpoint
+		// might not be a valid authority by default.
+		// For example an endpoint which has multiple paths like
+		// 'a/b/c', which is not a valid authority by default.
+		cc.authority = encodeAuthority(endpoint)
 	}
 	channelz.Infof(logger, cc.channelzID, "Channel authority set to %q", cc.authority)
 	return nil
diff --git a/vendor/google.golang.org/grpc/codec.go b/vendor/google.golang.org/grpc/codec.go
index 129776547..411e3dfd4 100644
--- a/vendor/google.golang.org/grpc/codec.go
+++ b/vendor/google.golang.org/grpc/codec.go
@@ -27,8 +27,8 @@ import (
 // omits the name/string, which vary between the two and are not needed for
 // anything besides the registry in the encoding package.
 type baseCodec interface {
-	Marshal(v interface{}) ([]byte, error)
-	Unmarshal(data []byte, v interface{}) error
+	Marshal(v any) ([]byte, error)
+	Unmarshal(data []byte, v any) error
 }
 
 var _ baseCodec = Codec(nil)
@@ -41,9 +41,9 @@ var _ baseCodec = encoding.Codec(nil)
 // Deprecated: use encoding.Codec instead.
 type Codec interface {
 	// Marshal returns the wire format of v.
-	Marshal(v interface{}) ([]byte, error)
+	Marshal(v any) ([]byte, error)
 	// Unmarshal parses the wire format into v.
-	Unmarshal(data []byte, v interface{}) error
+	Unmarshal(data []byte, v any) error
 	// String returns the name of the Codec implementation.  This is unused by
 	// gRPC.
 	String() string
diff --git a/vendor/google.golang.org/grpc/dialoptions.go b/vendor/google.golang.org/grpc/dialoptions.go
index 15a3d5102..cfc9fd85e 100644
--- a/vendor/google.golang.org/grpc/dialoptions.go
+++ b/vendor/google.golang.org/grpc/dialoptions.go
@@ -78,6 +78,7 @@ type dialOptions struct {
 	defaultServiceConfigRawJSON *string
 	resolvers                   []resolver.Builder
 	idleTimeout                 time.Duration
+	recvBufferPool              SharedBufferPool
 }
 
 // DialOption configures how we set up the connection.
@@ -138,6 +139,20 @@ func newJoinDialOption(opts ...DialOption) DialOption {
 	return &joinDialOption{opts: opts}
 }
 
+// WithSharedWriteBuffer allows reusing per-connection transport write buffer.
+// If this option is set to true every connection will release the buffer after
+// flushing the data on the wire.
+//
+// # Experimental
+//
+// Notice: This API is EXPERIMENTAL and may be changed or removed in a
+// later release.
+func WithSharedWriteBuffer(val bool) DialOption {
+	return newFuncDialOption(func(o *dialOptions) {
+		o.copts.SharedWriteBuffer = val
+	})
+}
+
 // WithWriteBufferSize determines how much data can be batched before doing a
 // write on the wire. The corresponding memory allocation for this buffer will
 // be twice the size to keep syscalls low. The default value for this buffer is
@@ -628,6 +643,8 @@ func defaultDialOptions() dialOptions {
 			ReadBufferSize:  defaultReadBufSize,
 			UseProxy:        true,
 		},
+		recvBufferPool: nopBufferPool{},
+		idleTimeout:    30 * time.Minute,
 	}
 }
 
@@ -664,8 +681,8 @@ func WithResolvers(rs ...resolver.Builder) DialOption {
 // channel will exit idle mode when the Connect() method is called or when an
 // RPC is initiated.
 //
-// By default this feature is disabled, which can also be explicitly configured
-// by passing zero to this function.
+// A default timeout of 30 minutes will be used if this dial option is not set
+// at dial time and idleness can be disabled by passing a timeout of zero.
 //
 // # Experimental
 //
@@ -676,3 +693,24 @@ func WithIdleTimeout(d time.Duration) DialOption {
 		o.idleTimeout = d
 	})
 }
+
+// WithRecvBufferPool returns a DialOption that configures the ClientConn
+// to use the provided shared buffer pool for parsing incoming messages. Depending
+// on the application's workload, this could result in reduced memory allocation.
+//
+// If you are unsure about how to implement a memory pool but want to utilize one,
+// begin with grpc.NewSharedBufferPool.
+//
+// Note: The shared buffer pool feature will not be active if any of the following
+// options are used: WithStatsHandler, EnableTracing, or binary logging. In such
+// cases, the shared buffer pool will be ignored.
+//
+// # Experimental
+//
+// Notice: This API is EXPERIMENTAL and may be changed or removed in a
+// later release.
+func WithRecvBufferPool(bufferPool SharedBufferPool) DialOption {
+	return newFuncDialOption(func(o *dialOptions) {
+		o.recvBufferPool = bufferPool
+	})
+}
diff --git a/vendor/google.golang.org/grpc/encoding/encoding.go b/vendor/google.golang.org/grpc/encoding/encoding.go
index 07a586135..5ebf88d71 100644
--- a/vendor/google.golang.org/grpc/encoding/encoding.go
+++ b/vendor/google.golang.org/grpc/encoding/encoding.go
@@ -38,6 +38,10 @@ const Identity = "identity"
 
 // Compressor is used for compressing and decompressing when sending or
 // receiving messages.
+//
+// If a Compressor implements `DecompressedSize(compressedBytes []byte) int`,
+// gRPC will invoke it to determine the size of the buffer allocated for the
+// result of decompression.  A return value of -1 indicates unknown size.
 type Compressor interface {
 	// Compress writes the data written to wc to w after compressing it.  If an
 	// error occurs while initializing the compressor, that error is returned
@@ -51,15 +55,6 @@ type Compressor interface {
 	// coding header.  The result must be static; the result cannot change
 	// between calls.
 	Name() string
-	// If a Compressor implements
-	// DecompressedSize(compressedBytes []byte) int, gRPC will call it
-	// to determine the size of the buffer allocated for the result of decompression.
-	// Return -1 to indicate unknown size.
-	//
-	// Experimental
-	//
-	// Notice: This API is EXPERIMENTAL and may be changed or removed in a
-	// later release.
 }
 
 var registeredCompressor = make(map[string]Compressor)
@@ -90,9 +85,9 @@ func GetCompressor(name string) Compressor {
 // methods can be called from concurrent goroutines.
 type Codec interface {
 	// Marshal returns the wire format of v.
-	Marshal(v interface{}) ([]byte, error)
+	Marshal(v any) ([]byte, error)
 	// Unmarshal parses the wire format into v.
-	Unmarshal(data []byte, v interface{}) error
+	Unmarshal(data []byte, v any) error
 	// Name returns the name of the Codec implementation. The returned string
 	// will be used as part of content type in transmission.  The result must be
 	// static; the result cannot change between calls.
diff --git a/vendor/google.golang.org/grpc/encoding/proto/proto.go b/vendor/google.golang.org/grpc/encoding/proto/proto.go
index 3009b35af..0ee3d3bae 100644
--- a/vendor/google.golang.org/grpc/encoding/proto/proto.go
+++ b/vendor/google.golang.org/grpc/encoding/proto/proto.go
@@ -37,7 +37,7 @@ func init() {
 // codec is a Codec implementation with protobuf. It is the default codec for gRPC.
 type codec struct{}
 
-func (codec) Marshal(v interface{}) ([]byte, error) {
+func (codec) Marshal(v any) ([]byte, error) {
 	vv, ok := v.(proto.Message)
 	if !ok {
 		return nil, fmt.Errorf("failed to marshal, message is %T, want proto.Message", v)
@@ -45,7 +45,7 @@ func (codec) Marshal(v interface{}) ([]byte, error) {
 	return proto.Marshal(vv)
 }
 
-func (codec) Unmarshal(data []byte, v interface{}) error {
+func (codec) Unmarshal(data []byte, v any) error {
 	vv, ok := v.(proto.Message)
 	if !ok {
 		return fmt.Errorf("failed to unmarshal, message is %T, want proto.Message", v)
diff --git a/vendor/google.golang.org/grpc/grpclog/component.go b/vendor/google.golang.org/grpc/grpclog/component.go
index 8358dd6e2..ac73c9ced 100644
--- a/vendor/google.golang.org/grpc/grpclog/component.go
+++ b/vendor/google.golang.org/grpc/grpclog/component.go
@@ -31,71 +31,71 @@ type componentData struct {
 
 var cache = map[string]*componentData{}
 
-func (c *componentData) InfoDepth(depth int, args ...interface{}) {
-	args = append([]interface{}{"[" + string(c.name) + "]"}, args...)
+func (c *componentData) InfoDepth(depth int, args ...any) {
+	args = append([]any{"[" + string(c.name) + "]"}, args...)
 	grpclog.InfoDepth(depth+1, args...)
 }
 
-func (c *componentData) WarningDepth(depth int, args ...interface{}) {
-	args = append([]interface{}{"[" + string(c.name) + "]"}, args...)
+func (c *componentData) WarningDepth(depth int, args ...any) {
+	args = append([]any{"[" + string(c.name) + "]"}, args...)
 	grpclog.WarningDepth(depth+1, args...)
 }
 
-func (c *componentData) ErrorDepth(depth int, args ...interface{}) {
-	args = append([]interface{}{"[" + string(c.name) + "]"}, args...)
+func (c *componentData) ErrorDepth(depth int, args ...any) {
+	args = append([]any{"[" + string(c.name) + "]"}, args...)
 	grpclog.ErrorDepth(depth+1, args...)
 }
 
-func (c *componentData) FatalDepth(depth int, args ...interface{}) {
-	args = append([]interface{}{"[" + string(c.name) + "]"}, args...)
+func (c *componentData) FatalDepth(depth int, args ...any) {
+	args = append([]any{"[" + string(c.name) + "]"}, args...)
 	grpclog.FatalDepth(depth+1, args...)
 }
 
-func (c *componentData) Info(args ...interface{}) {
+func (c *componentData) Info(args ...any) {
 	c.InfoDepth(1, args...)
 }
 
-func (c *componentData) Warning(args ...interface{}) {
+func (c *componentData) Warning(args ...any) {
 	c.WarningDepth(1, args...)
 }
 
-func (c *componentData) Error(args ...interface{}) {
+func (c *componentData) Error(args ...any) {
 	c.ErrorDepth(1, args...)
 }
 
-func (c *componentData) Fatal(args ...interface{}) {
+func (c *componentData) Fatal(args ...any) {
 	c.FatalDepth(1, args...)
 }
 
-func (c *componentData) Infof(format string, args ...interface{}) {
+func (c *componentData) Infof(format string, args ...any) {
 	c.InfoDepth(1, fmt.Sprintf(format, args...))
 }
 
-func (c *componentData) Warningf(format string, args ...interface{}) {
+func (c *componentData) Warningf(format string, args ...any) {
 	c.WarningDepth(1, fmt.Sprintf(format, args...))
 }
 
-func (c *componentData) Errorf(format string, args ...interface{}) {
+func (c *componentData) Errorf(format string, args ...any) {
 	c.ErrorDepth(1, fmt.Sprintf(format, args...))
 }
 
-func (c *componentData) Fatalf(format string, args ...interface{}) {
+func (c *componentData) Fatalf(format string, args ...any) {
 	c.FatalDepth(1, fmt.Sprintf(format, args...))
 }
 
-func (c *componentData) Infoln(args ...interface{}) {
+func (c *componentData) Infoln(args ...any) {
 	c.InfoDepth(1, args...)
 }
 
-func (c *componentData) Warningln(args ...interface{}) {
+func (c *componentData) Warningln(args ...any) {
 	c.WarningDepth(1, args...)
 }
 
-func (c *componentData) Errorln(args ...interface{}) {
+func (c *componentData) Errorln(args ...any) {
 	c.ErrorDepth(1, args...)
 }
 
-func (c *componentData) Fatalln(args ...interface{}) {
+func (c *componentData) Fatalln(args ...any) {
 	c.FatalDepth(1, args...)
 }
 
diff --git a/vendor/google.golang.org/grpc/grpclog/grpclog.go b/vendor/google.golang.org/grpc/grpclog/grpclog.go
index c8bb2be34..16928c9cb 100644
--- a/vendor/google.golang.org/grpc/grpclog/grpclog.go
+++ b/vendor/google.golang.org/grpc/grpclog/grpclog.go
@@ -42,53 +42,53 @@ func V(l int) bool {
 }
 
 // Info logs to the INFO log.
-func Info(args ...interface{}) {
+func Info(args ...any) {
 	grpclog.Logger.Info(args...)
 }
 
 // Infof logs to the INFO log. Arguments are handled in the manner of fmt.Printf.
-func Infof(format string, args ...interface{}) {
+func Infof(format string, args ...any) {
 	grpclog.Logger.Infof(format, args...)
 }
 
 // Infoln logs to the INFO log. Arguments are handled in the manner of fmt.Println.
-func Infoln(args ...interface{}) {
+func Infoln(args ...any) {
 	grpclog.Logger.Infoln(args...)
 }
 
 // Warning logs to the WARNING log.
-func Warning(args ...interface{}) {
+func Warning(args ...any) {
 	grpclog.Logger.Warning(args...)
 }
 
 // Warningf logs to the WARNING log. Arguments are handled in the manner of fmt.Printf.
-func Warningf(format string, args ...interface{}) {
+func Warningf(format string, args ...any) {
 	grpclog.Logger.Warningf(format, args...)
 }
 
 // Warningln logs to the WARNING log. Arguments are handled in the manner of fmt.Println.
-func Warningln(args ...interface{}) {
+func Warningln(args ...any) {
 	grpclog.Logger.Warningln(args...)
 }
 
 // Error logs to the ERROR log.
-func Error(args ...interface{}) {
+func Error(args ...any) {
 	grpclog.Logger.Error(args...)
 }
 
 // Errorf logs to the ERROR log. Arguments are handled in the manner of fmt.Printf.
-func Errorf(format string, args ...interface{}) {
+func Errorf(format string, args ...any) {
 	grpclog.Logger.Errorf(format, args...)
 }
 
 // Errorln logs to the ERROR log. Arguments are handled in the manner of fmt.Println.
-func Errorln(args ...interface{}) {
+func Errorln(args ...any) {
 	grpclog.Logger.Errorln(args...)
 }
 
 // Fatal logs to the FATAL log. Arguments are handled in the manner of fmt.Print.
 // It calls os.Exit() with exit code 1.
-func Fatal(args ...interface{}) {
+func Fatal(args ...any) {
 	grpclog.Logger.Fatal(args...)
 	// Make sure fatal logs will exit.
 	os.Exit(1)
@@ -96,7 +96,7 @@ func Fatal(args ...interface{}) {
 
 // Fatalf logs to the FATAL log. Arguments are handled in the manner of fmt.Printf.
 // It calls os.Exit() with exit code 1.
-func Fatalf(format string, args ...interface{}) {
+func Fatalf(format string, args ...any) {
 	grpclog.Logger.Fatalf(format, args...)
 	// Make sure fatal logs will exit.
 	os.Exit(1)
@@ -104,7 +104,7 @@ func Fatalf(format string, args ...interface{}) {
 
 // Fatalln logs to the FATAL log. Arguments are handled in the manner of fmt.Println.
 // It calle os.Exit()) with exit code 1.
-func Fatalln(args ...interface{}) {
+func Fatalln(args ...any) {
 	grpclog.Logger.Fatalln(args...)
 	// Make sure fatal logs will exit.
 	os.Exit(1)
@@ -113,20 +113,20 @@ func Fatalln(args ...interface{}) {
 // Print prints to the logger. Arguments are handled in the manner of fmt.Print.
 //
 // Deprecated: use Info.
-func Print(args ...interface{}) {
+func Print(args ...any) {
 	grpclog.Logger.Info(args...)
 }
 
 // Printf prints to the logger. Arguments are handled in the manner of fmt.Printf.
 //
 // Deprecated: use Infof.
-func Printf(format string, args ...interface{}) {
+func Printf(format string, args ...any) {
 	grpclog.Logger.Infof(format, args...)
 }
 
 // Println prints to the logger. Arguments are handled in the manner of fmt.Println.
 //
 // Deprecated: use Infoln.
-func Println(args ...interface{}) {
+func Println(args ...any) {
 	grpclog.Logger.Infoln(args...)
 }
diff --git a/vendor/google.golang.org/grpc/grpclog/logger.go b/vendor/google.golang.org/grpc/grpclog/logger.go
index ef06a4822..b1674d826 100644
--- a/vendor/google.golang.org/grpc/grpclog/logger.go
+++ b/vendor/google.golang.org/grpc/grpclog/logger.go
@@ -24,12 +24,12 @@ import "google.golang.org/grpc/internal/grpclog"
 //
 // Deprecated: use LoggerV2.
 type Logger interface {
-	Fatal(args ...interface{})
-	Fatalf(format string, args ...interface{})
-	Fatalln(args ...interface{})
-	Print(args ...interface{})
-	Printf(format string, args ...interface{})
-	Println(args ...interface{})
+	Fatal(args ...any)
+	Fatalf(format string, args ...any)
+	Fatalln(args ...any)
+	Print(args ...any)
+	Printf(format string, args ...any)
+	Println(args ...any)
 }
 
 // SetLogger sets the logger that is used in grpc. Call only from
@@ -45,39 +45,39 @@ type loggerWrapper struct {
 	Logger
 }
 
-func (g *loggerWrapper) Info(args ...interface{}) {
+func (g *loggerWrapper) Info(args ...any) {
 	g.Logger.Print(args...)
 }
 
-func (g *loggerWrapper) Infoln(args ...interface{}) {
+func (g *loggerWrapper) Infoln(args ...any) {
 	g.Logger.Println(args...)
 }
 
-func (g *loggerWrapper) Infof(format string, args ...interface{}) {
+func (g *loggerWrapper) Infof(format string, args ...any) {
 	g.Logger.Printf(format, args...)
 }
 
-func (g *loggerWrapper) Warning(args ...interface{}) {
+func (g *loggerWrapper) Warning(args ...any) {
 	g.Logger.Print(args...)
 }
 
-func (g *loggerWrapper) Warningln(args ...interface{}) {
+func (g *loggerWrapper) Warningln(args ...any) {
 	g.Logger.Println(args...)
 }
 
-func (g *loggerWrapper) Warningf(format string, args ...interface{}) {
+func (g *loggerWrapper) Warningf(format string, args ...any) {
 	g.Logger.Printf(format, args...)
 }
 
-func (g *loggerWrapper) Error(args ...interface{}) {
+func (g *loggerWrapper) Error(args ...any) {
 	g.Logger.Print(args...)
 }
 
-func (g *loggerWrapper) Errorln(args ...interface{}) {
+func (g *loggerWrapper) Errorln(args ...any) {
 	g.Logger.Println(args...)
 }
 
-func (g *loggerWrapper) Errorf(format string, args ...interface{}) {
+func (g *loggerWrapper) Errorf(format string, args ...any) {
 	g.Logger.Printf(format, args...)
 }
 
diff --git a/vendor/google.golang.org/grpc/grpclog/loggerv2.go b/vendor/google.golang.org/grpc/grpclog/loggerv2.go
index 5de66e40d..ecfd36d71 100644
--- a/vendor/google.golang.org/grpc/grpclog/loggerv2.go
+++ b/vendor/google.golang.org/grpc/grpclog/loggerv2.go
@@ -33,35 +33,35 @@ import (
 // LoggerV2 does underlying logging work for grpclog.
 type LoggerV2 interface {
 	// Info logs to INFO log. Arguments are handled in the manner of fmt.Print.
-	Info(args ...interface{})
+	Info(args ...any)
 	// Infoln logs to INFO log. Arguments are handled in the manner of fmt.Println.
-	Infoln(args ...interface{})
+	Infoln(args ...any)
 	// Infof logs to INFO log. Arguments are handled in the manner of fmt.Printf.
-	Infof(format string, args ...interface{})
+	Infof(format string, args ...any)
 	// Warning logs to WARNING log. Arguments are handled in the manner of fmt.Print.
-	Warning(args ...interface{})
+	Warning(args ...any)
 	// Warningln logs to WARNING log. Arguments are handled in the manner of fmt.Println.
-	Warningln(args ...interface{})
+	Warningln(args ...any)
 	// Warningf logs to WARNING log. Arguments are handled in the manner of fmt.Printf.
-	Warningf(format string, args ...interface{})
+	Warningf(format string, args ...any)
 	// Error logs to ERROR log. Arguments are handled in the manner of fmt.Print.
-	Error(args ...interface{})
+	Error(args ...any)
 	// Errorln logs to ERROR log. Arguments are handled in the manner of fmt.Println.
-	Errorln(args ...interface{})
+	Errorln(args ...any)
 	// Errorf logs to ERROR log. Arguments are handled in the manner of fmt.Printf.
-	Errorf(format string, args ...interface{})
+	Errorf(format string, args ...any)
 	// Fatal logs to ERROR log. Arguments are handled in the manner of fmt.Print.
 	// gRPC ensures that all Fatal logs will exit with os.Exit(1).
 	// Implementations may also call os.Exit() with a non-zero exit code.
-	Fatal(args ...interface{})
+	Fatal(args ...any)
 	// Fatalln logs to ERROR log. Arguments are handled in the manner of fmt.Println.
 	// gRPC ensures that all Fatal logs will exit with os.Exit(1).
 	// Implementations may also call os.Exit() with a non-zero exit code.
-	Fatalln(args ...interface{})
+	Fatalln(args ...any)
 	// Fatalf logs to ERROR log. Arguments are handled in the manner of fmt.Printf.
 	// gRPC ensures that all Fatal logs will exit with os.Exit(1).
 	// Implementations may also call os.Exit() with a non-zero exit code.
-	Fatalf(format string, args ...interface{})
+	Fatalf(format string, args ...any)
 	// V reports whether verbosity level l is at least the requested verbose level.
 	V(l int) bool
 }
@@ -182,53 +182,53 @@ func (g *loggerT) output(severity int, s string) {
 	g.m[severity].Output(2, string(b))
 }
 
-func (g *loggerT) Info(args ...interface{}) {
+func (g *loggerT) Info(args ...any) {
 	g.output(infoLog, fmt.Sprint(args...))
 }
 
-func (g *loggerT) Infoln(args ...interface{}) {
+func (g *loggerT) Infoln(args ...any) {
 	g.output(infoLog, fmt.Sprintln(args...))
 }
 
-func (g *loggerT) Infof(format string, args ...interface{}) {
+func (g *loggerT) Infof(format string, args ...any) {
 	g.output(infoLog, fmt.Sprintf(format, args...))
 }
 
-func (g *loggerT) Warning(args ...interface{}) {
+func (g *loggerT) Warning(args ...any) {
 	g.output(warningLog, fmt.Sprint(args...))
 }
 
-func (g *loggerT) Warningln(args ...interface{}) {
+func (g *loggerT) Warningln(args ...any) {
 	g.output(warningLog, fmt.Sprintln(args...))
 }
 
-func (g *loggerT) Warningf(format string, args ...interface{}) {
+func (g *loggerT) Warningf(format string, args ...any) {
 	g.output(warningLog, fmt.Sprintf(format, args...))
 }
 
-func (g *loggerT) Error(args ...interface{}) {
+func (g *loggerT) Error(args ...any) {
 	g.output(errorLog, fmt.Sprint(args...))
 }
 
-func (g *loggerT) Errorln(args ...interface{}) {
+func (g *loggerT) Errorln(args ...any) {
 	g.output(errorLog, fmt.Sprintln(args...))
 }
 
-func (g *loggerT) Errorf(format string, args ...interface{}) {
+func (g *loggerT) Errorf(format string, args ...any) {
 	g.output(errorLog, fmt.Sprintf(format, args...))
 }
 
-func (g *loggerT) Fatal(args ...interface{}) {
+func (g *loggerT) Fatal(args ...any) {
 	g.output(fatalLog, fmt.Sprint(args...))
 	os.Exit(1)
 }
 
-func (g *loggerT) Fatalln(args ...interface{}) {
+func (g *loggerT) Fatalln(args ...any) {
 	g.output(fatalLog, fmt.Sprintln(args...))
 	os.Exit(1)
 }
 
-func (g *loggerT) Fatalf(format string, args ...interface{}) {
+func (g *loggerT) Fatalf(format string, args ...any) {
 	g.output(fatalLog, fmt.Sprintf(format, args...))
 	os.Exit(1)
 }
@@ -248,11 +248,11 @@ func (g *loggerT) V(l int) bool {
 type DepthLoggerV2 interface {
 	LoggerV2
 	// InfoDepth logs to INFO log at the specified depth. Arguments are handled in the manner of fmt.Println.
-	InfoDepth(depth int, args ...interface{})
+	InfoDepth(depth int, args ...any)
 	// WarningDepth logs to WARNING log at the specified depth. Arguments are handled in the manner of fmt.Println.
-	WarningDepth(depth int, args ...interface{})
+	WarningDepth(depth int, args ...any)
 	// ErrorDepth logs to ERROR log at the specified depth. Arguments are handled in the manner of fmt.Println.
-	ErrorDepth(depth int, args ...interface{})
+	ErrorDepth(depth int, args ...any)
 	// FatalDepth logs to FATAL log at the specified depth. Arguments are handled in the manner of fmt.Println.
-	FatalDepth(depth int, args ...interface{})
+	FatalDepth(depth int, args ...any)
 }
diff --git a/vendor/google.golang.org/grpc/interceptor.go b/vendor/google.golang.org/grpc/interceptor.go
index bb96ef57b..877d78fc3 100644
--- a/vendor/google.golang.org/grpc/interceptor.go
+++ b/vendor/google.golang.org/grpc/interceptor.go
@@ -23,7 +23,7 @@ import (
 )
 
 // UnaryInvoker is called by UnaryClientInterceptor to complete RPCs.
-type UnaryInvoker func(ctx context.Context, method string, req, reply interface{}, cc *ClientConn, opts ...CallOption) error
+type UnaryInvoker func(ctx context.Context, method string, req, reply any, cc *ClientConn, opts ...CallOption) error
 
 // UnaryClientInterceptor intercepts the execution of a unary RPC on the client.
 // Unary interceptors can be specified as a DialOption, using
@@ -40,7 +40,7 @@ type UnaryInvoker func(ctx context.Context, method string, req, reply interface{
 // defaults from the ClientConn as well as per-call options.
 //
 // The returned error must be compatible with the status package.
-type UnaryClientInterceptor func(ctx context.Context, method string, req, reply interface{}, cc *ClientConn, invoker UnaryInvoker, opts ...CallOption) error
+type UnaryClientInterceptor func(ctx context.Context, method string, req, reply any, cc *ClientConn, invoker UnaryInvoker, opts ...CallOption) error
 
 // Streamer is called by StreamClientInterceptor to create a ClientStream.
 type Streamer func(ctx context.Context, desc *StreamDesc, cc *ClientConn, method string, opts ...CallOption) (ClientStream, error)
@@ -66,7 +66,7 @@ type StreamClientInterceptor func(ctx context.Context, desc *StreamDesc, cc *Cli
 // server side. All per-rpc information may be mutated by the interceptor.
 type UnaryServerInfo struct {
 	// Server is the service implementation the user provides. This is read-only.
-	Server interface{}
+	Server any
 	// FullMethod is the full RPC method string, i.e., /package.service/method.
 	FullMethod string
 }
@@ -78,13 +78,13 @@ type UnaryServerInfo struct {
 // status package, or be one of the context errors. Otherwise, gRPC will use
 // codes.Unknown as the status code and err.Error() as the status message of the
 // RPC.
-type UnaryHandler func(ctx context.Context, req interface{}) (interface{}, error)
+type UnaryHandler func(ctx context.Context, req any) (any, error)
 
 // UnaryServerInterceptor provides a hook to intercept the execution of a unary RPC on the server. info
 // contains all the information of this RPC the interceptor can operate on. And handler is the wrapper
 // of the service method implementation. It is the responsibility of the interceptor to invoke handler
 // to complete the RPC.
-type UnaryServerInterceptor func(ctx context.Context, req interface{}, info *UnaryServerInfo, handler UnaryHandler) (resp interface{}, err error)
+type UnaryServerInterceptor func(ctx context.Context, req any, info *UnaryServerInfo, handler UnaryHandler) (resp any, err error)
 
 // StreamServerInfo consists of various information about a streaming RPC on
 // server side. All per-rpc information may be mutated by the interceptor.
@@ -101,4 +101,4 @@ type StreamServerInfo struct {
 // info contains all the information of this RPC the interceptor can operate on. And handler is the
 // service method implementation. It is the responsibility of the interceptor to invoke handler to
 // complete the RPC.
-type StreamServerInterceptor func(srv interface{}, ss ServerStream, info *StreamServerInfo, handler StreamHandler) error
+type StreamServerInterceptor func(srv any, ss ServerStream, info *StreamServerInfo, handler StreamHandler) error
diff --git a/vendor/google.golang.org/grpc/internal/backoff/backoff.go b/vendor/google.golang.org/grpc/internal/backoff/backoff.go
index 5fc0ee3da..fed1c011a 100644
--- a/vendor/google.golang.org/grpc/internal/backoff/backoff.go
+++ b/vendor/google.golang.org/grpc/internal/backoff/backoff.go
@@ -23,6 +23,8 @@
 package backoff
 
 import (
+	"context"
+	"errors"
 	"time"
 
 	grpcbackoff "google.golang.org/grpc/backoff"
@@ -71,3 +73,37 @@ func (bc Exponential) Backoff(retries int) time.Duration {
 	}
 	return time.Duration(backoff)
 }
+
+// ErrResetBackoff is the error to be returned by the function executed by RunF,
+// to instruct the latter to reset its backoff state.
+var ErrResetBackoff = errors.New("reset backoff state")
+
+// RunF provides a convenient way to run a function f repeatedly until the
+// context expires or f returns a non-nil error that is not ErrResetBackoff.
+// When f returns ErrResetBackoff, RunF continues to run f, but resets its
+// backoff state before doing so. backoff accepts an integer representing the
+// number of retries, and returns the amount of time to backoff.
+func RunF(ctx context.Context, f func() error, backoff func(int) time.Duration) {
+	attempt := 0
+	timer := time.NewTimer(0)
+	for ctx.Err() == nil {
+		select {
+		case <-timer.C:
+		case <-ctx.Done():
+			timer.Stop()
+			return
+		}
+
+		err := f()
+		if errors.Is(err, ErrResetBackoff) {
+			timer.Reset(0)
+			attempt = 0
+			continue
+		}
+		if err != nil {
+			return
+		}
+		timer.Reset(backoff(attempt))
+		attempt++
+	}
+}
diff --git a/vendor/google.golang.org/grpc/internal/balancer/gracefulswitch/gracefulswitch.go b/vendor/google.golang.org/grpc/internal/balancer/gracefulswitch/gracefulswitch.go
index 08666f62a..3c594e6e4 100644
--- a/vendor/google.golang.org/grpc/internal/balancer/gracefulswitch/gracefulswitch.go
+++ b/vendor/google.golang.org/grpc/internal/balancer/gracefulswitch/gracefulswitch.go
@@ -200,8 +200,8 @@ func (gsb *Balancer) ExitIdle() {
 	}
 }
 
-// UpdateSubConnState forwards the update to the appropriate child.
-func (gsb *Balancer) UpdateSubConnState(sc balancer.SubConn, state balancer.SubConnState) {
+// updateSubConnState forwards the update to the appropriate child.
+func (gsb *Balancer) updateSubConnState(sc balancer.SubConn, state balancer.SubConnState, cb func(balancer.SubConnState)) {
 	gsb.currentMu.Lock()
 	defer gsb.currentMu.Unlock()
 	gsb.mu.Lock()
@@ -214,13 +214,26 @@ func (gsb *Balancer) UpdateSubConnState(sc balancer.SubConn, state balancer.SubC
 	} else if gsb.balancerPending != nil && gsb.balancerPending.subconns[sc] {
 		balToUpdate = gsb.balancerPending
 	}
-	gsb.mu.Unlock()
 	if balToUpdate == nil {
 		// SubConn belonged to a stale lb policy that has not yet fully closed,
 		// or the balancer was already closed.
+		gsb.mu.Unlock()
 		return
 	}
-	balToUpdate.UpdateSubConnState(sc, state)
+	if state.ConnectivityState == connectivity.Shutdown {
+		delete(balToUpdate.subconns, sc)
+	}
+	gsb.mu.Unlock()
+	if cb != nil {
+		cb(state)
+	} else {
+		balToUpdate.UpdateSubConnState(sc, state)
+	}
+}
+
+// UpdateSubConnState forwards the update to the appropriate child.
+func (gsb *Balancer) UpdateSubConnState(sc balancer.SubConn, state balancer.SubConnState) {
+	gsb.updateSubConnState(sc, state, nil)
 }
 
 // Close closes any active child balancers.
@@ -242,7 +255,7 @@ func (gsb *Balancer) Close() {
 //
 // It implements the balancer.ClientConn interface and is passed down in that
 // capacity to the wrapped balancer. It maintains a set of subConns created by
-// the wrapped balancer and calls from the latter to create/update/remove
+// the wrapped balancer and calls from the latter to create/update/shutdown
 // SubConns update this set before being forwarded to the parent ClientConn.
 // State updates from the wrapped balancer can result in invocation of the
 // graceful switch logic.
@@ -254,21 +267,10 @@ type balancerWrapper struct {
 	subconns  map[balancer.SubConn]bool // subconns created by this balancer
 }
 
-func (bw *balancerWrapper) UpdateSubConnState(sc balancer.SubConn, state balancer.SubConnState) {
-	if state.ConnectivityState == connectivity.Shutdown {
-		bw.gsb.mu.Lock()
-		delete(bw.subconns, sc)
-		bw.gsb.mu.Unlock()
-	}
-	// There is no need to protect this read with a mutex, as the write to the
-	// Balancer field happens in SwitchTo, which completes before this can be
-	// called.
-	bw.Balancer.UpdateSubConnState(sc, state)
-}
-
-// Close closes the underlying LB policy and removes the subconns it created. bw
-// must not be referenced via balancerCurrent or balancerPending in gsb when
-// called. gsb.mu must not be held.  Does not panic with a nil receiver.
+// Close closes the underlying LB policy and shuts down the subconns it
+// created. bw must not be referenced via balancerCurrent or balancerPending in
+// gsb when called. gsb.mu must not be held.  Does not panic with a nil
+// receiver.
 func (bw *balancerWrapper) Close() {
 	// before Close is called.
 	if bw == nil {
@@ -281,7 +283,7 @@ func (bw *balancerWrapper) Close() {
 	bw.Balancer.Close()
 	bw.gsb.mu.Lock()
 	for sc := range bw.subconns {
-		bw.gsb.cc.RemoveSubConn(sc)
+		sc.Shutdown()
 	}
 	bw.gsb.mu.Unlock()
 }
@@ -335,13 +337,16 @@ func (bw *balancerWrapper) NewSubConn(addrs []resolver.Address, opts balancer.Ne
 	}
 	bw.gsb.mu.Unlock()
 
+	var sc balancer.SubConn
+	oldListener := opts.StateListener
+	opts.StateListener = func(state balancer.SubConnState) { bw.gsb.updateSubConnState(sc, state, oldListener) }
 	sc, err := bw.gsb.cc.NewSubConn(addrs, opts)
 	if err != nil {
 		return nil, err
 	}
 	bw.gsb.mu.Lock()
 	if !bw.gsb.balancerCurrentOrPending(bw) { // balancer was closed during this call
-		bw.gsb.cc.RemoveSubConn(sc)
+		sc.Shutdown()
 		bw.gsb.mu.Unlock()
 		return nil, fmt.Errorf("%T at address %p that called NewSubConn is deleted", bw, bw)
 	}
@@ -360,13 +365,9 @@ func (bw *balancerWrapper) ResolveNow(opts resolver.ResolveNowOptions) {
 }
 
 func (bw *balancerWrapper) RemoveSubConn(sc balancer.SubConn) {
-	bw.gsb.mu.Lock()
-	if !bw.gsb.balancerCurrentOrPending(bw) {
-		bw.gsb.mu.Unlock()
-		return
-	}
-	bw.gsb.mu.Unlock()
-	bw.gsb.cc.RemoveSubConn(sc)
+	// Note: existing third party balancers may call this, so it must remain
+	// until RemoveSubConn is fully removed.
+	sc.Shutdown()
 }
 
 func (bw *balancerWrapper) UpdateAddresses(sc balancer.SubConn, addrs []resolver.Address) {
diff --git a/vendor/google.golang.org/grpc/internal/balancerload/load.go b/vendor/google.golang.org/grpc/internal/balancerload/load.go
index 3a905d966..94a08d687 100644
--- a/vendor/google.golang.org/grpc/internal/balancerload/load.go
+++ b/vendor/google.golang.org/grpc/internal/balancerload/load.go
@@ -25,7 +25,7 @@ import (
 // Parser converts loads from metadata into a concrete type.
 type Parser interface {
 	// Parse parses loads from metadata.
-	Parse(md metadata.MD) interface{}
+	Parse(md metadata.MD) any
 }
 
 var parser Parser
@@ -38,7 +38,7 @@ func SetParser(lr Parser) {
 }
 
 // Parse calls parser.Read().
-func Parse(md metadata.MD) interface{} {
+func Parse(md metadata.MD) any {
 	if parser == nil {
 		return nil
 	}
diff --git a/vendor/google.golang.org/grpc/internal/binarylog/method_logger.go b/vendor/google.golang.org/grpc/internal/binarylog/method_logger.go
index 6c3f63221..0f31274a3 100644
--- a/vendor/google.golang.org/grpc/internal/binarylog/method_logger.go
+++ b/vendor/google.golang.org/grpc/internal/binarylog/method_logger.go
@@ -230,7 +230,7 @@ type ClientMessage struct {
 	OnClientSide bool
 	// Message can be a proto.Message or []byte. Other messages formats are not
 	// supported.
-	Message interface{}
+	Message any
 }
 
 func (c *ClientMessage) toProto() *binlogpb.GrpcLogEntry {
@@ -270,7 +270,7 @@ type ServerMessage struct {
 	OnClientSide bool
 	// Message can be a proto.Message or []byte. Other messages formats are not
 	// supported.
-	Message interface{}
+	Message any
 }
 
 func (c *ServerMessage) toProto() *binlogpb.GrpcLogEntry {
diff --git a/vendor/google.golang.org/grpc/internal/buffer/unbounded.go b/vendor/google.golang.org/grpc/internal/buffer/unbounded.go
index 81c2f5fd7..4399c3df4 100644
--- a/vendor/google.golang.org/grpc/internal/buffer/unbounded.go
+++ b/vendor/google.golang.org/grpc/internal/buffer/unbounded.go
@@ -28,25 +28,25 @@ import "sync"
 // the underlying mutex used for synchronization.
 //
 // Unbounded supports values of any type to be stored in it by using a channel
-// of `interface{}`. This means that a call to Put() incurs an extra memory
-// allocation, and also that users need a type assertion while reading. For
-// performance critical code paths, using Unbounded is strongly discouraged and
-// defining a new type specific implementation of this buffer is preferred. See
+// of `any`. This means that a call to Put() incurs an extra memory allocation,
+// and also that users need a type assertion while reading. For performance
+// critical code paths, using Unbounded is strongly discouraged and defining a
+// new type specific implementation of this buffer is preferred. See
 // internal/transport/transport.go for an example of this.
 type Unbounded struct {
-	c       chan interface{}
+	c       chan any
 	closed  bool
 	mu      sync.Mutex
-	backlog []interface{}
+	backlog []any
 }
 
 // NewUnbounded returns a new instance of Unbounded.
 func NewUnbounded() *Unbounded {
-	return &Unbounded{c: make(chan interface{}, 1)}
+	return &Unbounded{c: make(chan any, 1)}
 }
 
 // Put adds t to the unbounded buffer.
-func (b *Unbounded) Put(t interface{}) {
+func (b *Unbounded) Put(t any) {
 	b.mu.Lock()
 	defer b.mu.Unlock()
 	if b.closed {
@@ -89,7 +89,7 @@ func (b *Unbounded) Load() {
 //
 // If the unbounded buffer is closed, the read channel returned by this method
 // is closed.
-func (b *Unbounded) Get() <-chan interface{} {
+func (b *Unbounded) Get() <-chan any {
 	return b.c
 }
 
diff --git a/vendor/google.golang.org/grpc/internal/channelz/funcs.go b/vendor/google.golang.org/grpc/internal/channelz/funcs.go
index 777cbcd79..5395e7752 100644
--- a/vendor/google.golang.org/grpc/internal/channelz/funcs.go
+++ b/vendor/google.golang.org/grpc/internal/channelz/funcs.go
@@ -24,9 +24,7 @@
 package channelz
 
 import (
-	"context"
 	"errors"
-	"fmt"
 	"sort"
 	"sync"
 	"sync/atomic"
@@ -40,8 +38,11 @@ const (
 )
 
 var (
-	db    dbWrapper
-	idGen idGenerator
+	// IDGen is the global channelz entity ID generator.  It should not be used
+	// outside this package except by tests.
+	IDGen IDGenerator
+
+	db dbWrapper
 	// EntryPerPage defines the number of channelz entries to be shown on a web page.
 	EntryPerPage  = int64(50)
 	curState      int32
@@ -52,14 +53,14 @@ var (
 func TurnOn() {
 	if !IsOn() {
 		db.set(newChannelMap())
-		idGen.reset()
+		IDGen.Reset()
 		atomic.StoreInt32(&curState, 1)
 	}
 }
 
 // IsOn returns whether channelz data collection is on.
 func IsOn() bool {
-	return atomic.CompareAndSwapInt32(&curState, 1, 1)
+	return atomic.LoadInt32(&curState) == 1
 }
 
 // SetMaxTraceEntry sets maximum number of trace entry per entity (i.e. channel/subchannel).
@@ -97,43 +98,6 @@ func (d *dbWrapper) get() *channelMap {
 	return d.DB
 }
 
-// NewChannelzStorageForTesting initializes channelz data storage and id
-// generator for testing purposes.
-//
-// Returns a cleanup function to be invoked by the test, which waits for up to
-// 10s for all channelz state to be reset by the grpc goroutines when those
-// entities get closed. This cleanup function helps with ensuring that tests
-// don't mess up each other.
-func NewChannelzStorageForTesting() (cleanup func() error) {
-	db.set(newChannelMap())
-	idGen.reset()
-
-	return func() error {
-		cm := db.get()
-		if cm == nil {
-			return nil
-		}
-
-		ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
-		defer cancel()
-		ticker := time.NewTicker(10 * time.Millisecond)
-		defer ticker.Stop()
-		for {
-			cm.mu.RLock()
-			topLevelChannels, servers, channels, subChannels, listenSockets, normalSockets := len(cm.topLevelChannels), len(cm.servers), len(cm.channels), len(cm.subChannels), len(cm.listenSockets), len(cm.normalSockets)
-			cm.mu.RUnlock()
-
-			if err := ctx.Err(); err != nil {
-				return fmt.Errorf("after 10s the channelz map has not been cleaned up yet, topchannels: %d, servers: %d, channels: %d, subchannels: %d, listen sockets: %d, normal sockets: %d", topLevelChannels, servers, channels, subChannels, listenSockets, normalSockets)
-			}
-			if topLevelChannels == 0 && servers == 0 && channels == 0 && subChannels == 0 && listenSockets == 0 && normalSockets == 0 {
-				return nil
-			}
-			<-ticker.C
-		}
-	}
-}
-
 // GetTopChannels returns a slice of top channel's ChannelMetric, along with a
 // boolean indicating whether there's more top channels to be queried for.
 //
@@ -193,7 +157,7 @@ func GetServer(id int64) *ServerMetric {
 //
 // If channelz is not turned ON, the channelz database is not mutated.
 func RegisterChannel(c Channel, pid *Identifier, ref string) *Identifier {
-	id := idGen.genID()
+	id := IDGen.genID()
 	var parent int64
 	isTopChannel := true
 	if pid != nil {
@@ -229,7 +193,7 @@ func RegisterSubChannel(c Channel, pid *Identifier, ref string) (*Identifier, er
 	if pid == nil {
 		return nil, errors.New("a SubChannel's parent id cannot be nil")
 	}
-	id := idGen.genID()
+	id := IDGen.genID()
 	if !IsOn() {
 		return newIdentifer(RefSubChannel, id, pid), nil
 	}
@@ -251,7 +215,7 @@ func RegisterSubChannel(c Channel, pid *Identifier, ref string) (*Identifier, er
 //
 // If channelz is not turned ON, the channelz database is not mutated.
 func RegisterServer(s Server, ref string) *Identifier {
-	id := idGen.genID()
+	id := IDGen.genID()
 	if !IsOn() {
 		return newIdentifer(RefServer, id, nil)
 	}
@@ -277,7 +241,7 @@ func RegisterListenSocket(s Socket, pid *Identifier, ref string) (*Identifier, e
 	if pid == nil {
 		return nil, errors.New("a ListenSocket's parent id cannot be 0")
 	}
-	id := idGen.genID()
+	id := IDGen.genID()
 	if !IsOn() {
 		return newIdentifer(RefListenSocket, id, pid), nil
 	}
@@ -297,7 +261,7 @@ func RegisterNormalSocket(s Socket, pid *Identifier, ref string) (*Identifier, e
 	if pid == nil {
 		return nil, errors.New("a NormalSocket's parent id cannot be 0")
 	}
-	id := idGen.genID()
+	id := IDGen.genID()
 	if !IsOn() {
 		return newIdentifer(RefNormalSocket, id, pid), nil
 	}
@@ -776,14 +740,17 @@ func (c *channelMap) GetServer(id int64) *ServerMetric {
 	return sm
 }
 
-type idGenerator struct {
+// IDGenerator is an incrementing atomic that tracks IDs for channelz entities.
+type IDGenerator struct {
 	id int64
 }
 
-func (i *idGenerator) reset() {
+// Reset resets the generated ID back to zero.  Should only be used at
+// initialization or by tests sensitive to the ID number.
+func (i *IDGenerator) Reset() {
 	atomic.StoreInt64(&i.id, 0)
 }
 
-func (i *idGenerator) genID() int64 {
+func (i *IDGenerator) genID() int64 {
 	return atomic.AddInt64(&i.id, 1)
 }
diff --git a/vendor/google.golang.org/grpc/internal/channelz/logging.go b/vendor/google.golang.org/grpc/internal/channelz/logging.go
index 8e13a3d2c..f89e6f77b 100644
--- a/vendor/google.golang.org/grpc/internal/channelz/logging.go
+++ b/vendor/google.golang.org/grpc/internal/channelz/logging.go
@@ -31,7 +31,7 @@ func withParens(id *Identifier) string {
 }
 
 // Info logs and adds a trace event if channelz is on.
-func Info(l grpclog.DepthLoggerV2, id *Identifier, args ...interface{}) {
+func Info(l grpclog.DepthLoggerV2, id *Identifier, args ...any) {
 	AddTraceEvent(l, id, 1, &TraceEventDesc{
 		Desc:     fmt.Sprint(args...),
 		Severity: CtInfo,
@@ -39,7 +39,7 @@ func Info(l grpclog.DepthLoggerV2, id *Identifier, args ...interface{}) {
 }
 
 // Infof logs and adds a trace event if channelz is on.
-func Infof(l grpclog.DepthLoggerV2, id *Identifier, format string, args ...interface{}) {
+func Infof(l grpclog.DepthLoggerV2, id *Identifier, format string, args ...any) {
 	AddTraceEvent(l, id, 1, &TraceEventDesc{
 		Desc:     fmt.Sprintf(format, args...),
 		Severity: CtInfo,
@@ -47,7 +47,7 @@ func Infof(l grpclog.DepthLoggerV2, id *Identifier, format string, args ...inter
 }
 
 // Warning logs and adds a trace event if channelz is on.
-func Warning(l grpclog.DepthLoggerV2, id *Identifier, args ...interface{}) {
+func Warning(l grpclog.DepthLoggerV2, id *Identifier, args ...any) {
 	AddTraceEvent(l, id, 1, &TraceEventDesc{
 		Desc:     fmt.Sprint(args...),
 		Severity: CtWarning,
@@ -55,7 +55,7 @@ func Warning(l grpclog.DepthLoggerV2, id *Identifier, args ...interface{}) {
 }
 
 // Warningf logs and adds a trace event if channelz is on.
-func Warningf(l grpclog.DepthLoggerV2, id *Identifier, format string, args ...interface{}) {
+func Warningf(l grpclog.DepthLoggerV2, id *Identifier, format string, args ...any) {
 	AddTraceEvent(l, id, 1, &TraceEventDesc{
 		Desc:     fmt.Sprintf(format, args...),
 		Severity: CtWarning,
@@ -63,7 +63,7 @@ func Warningf(l grpclog.DepthLoggerV2, id *Identifier, format string, args ...in
 }
 
 // Error logs and adds a trace event if channelz is on.
-func Error(l grpclog.DepthLoggerV2, id *Identifier, args ...interface{}) {
+func Error(l grpclog.DepthLoggerV2, id *Identifier, args ...any) {
 	AddTraceEvent(l, id, 1, &TraceEventDesc{
 		Desc:     fmt.Sprint(args...),
 		Severity: CtError,
@@ -71,7 +71,7 @@ func Error(l grpclog.DepthLoggerV2, id *Identifier, args ...interface{}) {
 }
 
 // Errorf logs and adds a trace event if channelz is on.
-func Errorf(l grpclog.DepthLoggerV2, id *Identifier, format string, args ...interface{}) {
+func Errorf(l grpclog.DepthLoggerV2, id *Identifier, format string, args ...any) {
 	AddTraceEvent(l, id, 1, &TraceEventDesc{
 		Desc:     fmt.Sprintf(format, args...),
 		Severity: CtError,
diff --git a/vendor/google.golang.org/grpc/internal/channelz/types.go b/vendor/google.golang.org/grpc/internal/channelz/types.go
index 7b2f350e2..1d4020f53 100644
--- a/vendor/google.golang.org/grpc/internal/channelz/types.go
+++ b/vendor/google.golang.org/grpc/internal/channelz/types.go
@@ -628,6 +628,7 @@ type tracedChannel interface {
 
 type channelTrace struct {
 	cm          *channelMap
+	clearCalled bool
 	createdTime time.Time
 	eventCount  int64
 	mu          sync.Mutex
@@ -656,6 +657,10 @@ func (c *channelTrace) append(e *TraceEvent) {
 }
 
 func (c *channelTrace) clear() {
+	if c.clearCalled {
+		return
+	}
+	c.clearCalled = true
 	c.mu.Lock()
 	for _, e := range c.events {
 		if e.RefID != 0 {
diff --git a/vendor/google.golang.org/grpc/internal/channelz/util_linux.go b/vendor/google.golang.org/grpc/internal/channelz/util_linux.go
index 8d194e44e..98288c3f8 100644
--- a/vendor/google.golang.org/grpc/internal/channelz/util_linux.go
+++ b/vendor/google.golang.org/grpc/internal/channelz/util_linux.go
@@ -23,7 +23,7 @@ import (
 )
 
 // GetSocketOption gets the socket option info of the conn.
-func GetSocketOption(socket interface{}) *SocketOptionData {
+func GetSocketOption(socket any) *SocketOptionData {
 	c, ok := socket.(syscall.Conn)
 	if !ok {
 		return nil
diff --git a/vendor/google.golang.org/grpc/internal/channelz/util_nonlinux.go b/vendor/google.golang.org/grpc/internal/channelz/util_nonlinux.go
index 837ddc402..b5568b22e 100644
--- a/vendor/google.golang.org/grpc/internal/channelz/util_nonlinux.go
+++ b/vendor/google.golang.org/grpc/internal/channelz/util_nonlinux.go
@@ -22,6 +22,6 @@
 package channelz
 
 // GetSocketOption gets the socket option info of the conn.
-func GetSocketOption(c interface{}) *SocketOptionData {
+func GetSocketOption(c any) *SocketOptionData {
 	return nil
 }
diff --git a/vendor/google.golang.org/grpc/internal/credentials/credentials.go b/vendor/google.golang.org/grpc/internal/credentials/credentials.go
index 32c9b5903..9deee7f65 100644
--- a/vendor/google.golang.org/grpc/internal/credentials/credentials.go
+++ b/vendor/google.golang.org/grpc/internal/credentials/credentials.go
@@ -25,12 +25,12 @@ import (
 type requestInfoKey struct{}
 
 // NewRequestInfoContext creates a context with ri.
-func NewRequestInfoContext(ctx context.Context, ri interface{}) context.Context {
+func NewRequestInfoContext(ctx context.Context, ri any) context.Context {
 	return context.WithValue(ctx, requestInfoKey{}, ri)
 }
 
 // RequestInfoFromContext extracts the RequestInfo from ctx.
-func RequestInfoFromContext(ctx context.Context) interface{} {
+func RequestInfoFromContext(ctx context.Context) any {
 	return ctx.Value(requestInfoKey{})
 }
 
@@ -39,11 +39,11 @@ func RequestInfoFromContext(ctx context.Context) interface{} {
 type clientHandshakeInfoKey struct{}
 
 // ClientHandshakeInfoFromContext extracts the ClientHandshakeInfo from ctx.
-func ClientHandshakeInfoFromContext(ctx context.Context) interface{} {
+func ClientHandshakeInfoFromContext(ctx context.Context) any {
 	return ctx.Value(clientHandshakeInfoKey{})
 }
 
 // NewClientHandshakeInfoContext creates a context with chi.
-func NewClientHandshakeInfoContext(ctx context.Context, chi interface{}) context.Context {
+func NewClientHandshakeInfoContext(ctx context.Context, chi any) context.Context {
 	return context.WithValue(ctx, clientHandshakeInfoKey{}, chi)
 }
diff --git a/vendor/google.golang.org/grpc/internal/envconfig/envconfig.go b/vendor/google.golang.org/grpc/internal/envconfig/envconfig.go
index 80fd5c7d2..3cf10ddfb 100644
--- a/vendor/google.golang.org/grpc/internal/envconfig/envconfig.go
+++ b/vendor/google.golang.org/grpc/internal/envconfig/envconfig.go
@@ -37,9 +37,15 @@ var (
 	// checking which NACKs configs specifying ring sizes > 8*1024*1024 (~8M).
 	RingHashCap = uint64FromEnv("GRPC_RING_HASH_CAP", 4096, 1, 8*1024*1024)
 	// PickFirstLBConfig is set if we should support configuration of the
-	// pick_first LB policy, which can be enabled by setting the environment
-	// variable "GRPC_EXPERIMENTAL_PICKFIRST_LB_CONFIG" to "true".
-	PickFirstLBConfig = boolFromEnv("GRPC_EXPERIMENTAL_PICKFIRST_LB_CONFIG", false)
+	// pick_first LB policy.
+	PickFirstLBConfig = boolFromEnv("GRPC_EXPERIMENTAL_PICKFIRST_LB_CONFIG", true)
+	// LeastRequestLB is set if we should support the least_request_experimental
+	// LB policy, which can be enabled by setting the environment variable
+	// "GRPC_EXPERIMENTAL_ENABLE_LEAST_REQUEST" to "true".
+	LeastRequestLB = boolFromEnv("GRPC_EXPERIMENTAL_ENABLE_LEAST_REQUEST", false)
+	// ALTSMaxConcurrentHandshakes is the maximum number of concurrent ALTS
+	// handshakes that can be performed.
+	ALTSMaxConcurrentHandshakes = uint64FromEnv("GRPC_ALTS_MAX_CONCURRENT_HANDSHAKES", 100, 1, 100)
 )
 
 func boolFromEnv(envVar string, def bool) bool {
diff --git a/vendor/google.golang.org/grpc/internal/grpclog/grpclog.go b/vendor/google.golang.org/grpc/internal/grpclog/grpclog.go
index b68e26a36..bfc45102a 100644
--- a/vendor/google.golang.org/grpc/internal/grpclog/grpclog.go
+++ b/vendor/google.golang.org/grpc/internal/grpclog/grpclog.go
@@ -30,7 +30,7 @@ var Logger LoggerV2
 var DepthLogger DepthLoggerV2
 
 // InfoDepth logs to the INFO log at the specified depth.
-func InfoDepth(depth int, args ...interface{}) {
+func InfoDepth(depth int, args ...any) {
 	if DepthLogger != nil {
 		DepthLogger.InfoDepth(depth, args...)
 	} else {
@@ -39,7 +39,7 @@ func InfoDepth(depth int, args ...interface{}) {
 }
 
 // WarningDepth logs to the WARNING log at the specified depth.
-func WarningDepth(depth int, args ...interface{}) {
+func WarningDepth(depth int, args ...any) {
 	if DepthLogger != nil {
 		DepthLogger.WarningDepth(depth, args...)
 	} else {
@@ -48,7 +48,7 @@ func WarningDepth(depth int, args ...interface{}) {
 }
 
 // ErrorDepth logs to the ERROR log at the specified depth.
-func ErrorDepth(depth int, args ...interface{}) {
+func ErrorDepth(depth int, args ...any) {
 	if DepthLogger != nil {
 		DepthLogger.ErrorDepth(depth, args...)
 	} else {
@@ -57,7 +57,7 @@ func ErrorDepth(depth int, args ...interface{}) {
 }
 
 // FatalDepth logs to the FATAL log at the specified depth.
-func FatalDepth(depth int, args ...interface{}) {
+func FatalDepth(depth int, args ...any) {
 	if DepthLogger != nil {
 		DepthLogger.FatalDepth(depth, args...)
 	} else {
@@ -71,35 +71,35 @@ func FatalDepth(depth int, args ...interface{}) {
 // is defined here to avoid a circular dependency.
 type LoggerV2 interface {
 	// Info logs to INFO log. Arguments are handled in the manner of fmt.Print.
-	Info(args ...interface{})
+	Info(args ...any)
 	// Infoln logs to INFO log. Arguments are handled in the manner of fmt.Println.
-	Infoln(args ...interface{})
+	Infoln(args ...any)
 	// Infof logs to INFO log. Arguments are handled in the manner of fmt.Printf.
-	Infof(format string, args ...interface{})
+	Infof(format string, args ...any)
 	// Warning logs to WARNING log. Arguments are handled in the manner of fmt.Print.
-	Warning(args ...interface{})
+	Warning(args ...any)
 	// Warningln logs to WARNING log. Arguments are handled in the manner of fmt.Println.
-	Warningln(args ...interface{})
+	Warningln(args ...any)
 	// Warningf logs to WARNING log. Arguments are handled in the manner of fmt.Printf.
-	Warningf(format string, args ...interface{})
+	Warningf(format string, args ...any)
 	// Error logs to ERROR log. Arguments are handled in the manner of fmt.Print.
-	Error(args ...interface{})
+	Error(args ...any)
 	// Errorln logs to ERROR log. Arguments are handled in the manner of fmt.Println.
-	Errorln(args ...interface{})
+	Errorln(args ...any)
 	// Errorf logs to ERROR log. Arguments are handled in the manner of fmt.Printf.
-	Errorf(format string, args ...interface{})
+	Errorf(format string, args ...any)
 	// Fatal logs to ERROR log. Arguments are handled in the manner of fmt.Print.
 	// gRPC ensures that all Fatal logs will exit with os.Exit(1).
 	// Implementations may also call os.Exit() with a non-zero exit code.
-	Fatal(args ...interface{})
+	Fatal(args ...any)
 	// Fatalln logs to ERROR log. Arguments are handled in the manner of fmt.Println.
 	// gRPC ensures that all Fatal logs will exit with os.Exit(1).
 	// Implementations may also call os.Exit() with a non-zero exit code.
-	Fatalln(args ...interface{})
+	Fatalln(args ...any)
 	// Fatalf logs to ERROR log. Arguments are handled in the manner of fmt.Printf.
 	// gRPC ensures that all Fatal logs will exit with os.Exit(1).
 	// Implementations may also call os.Exit() with a non-zero exit code.
-	Fatalf(format string, args ...interface{})
+	Fatalf(format string, args ...any)
 	// V reports whether verbosity level l is at least the requested verbose level.
 	V(l int) bool
 }
@@ -116,11 +116,11 @@ type LoggerV2 interface {
 // later release.
 type DepthLoggerV2 interface {
 	// InfoDepth logs to INFO log at the specified depth. Arguments are handled in the manner of fmt.Println.
-	InfoDepth(depth int, args ...interface{})
+	InfoDepth(depth int, args ...any)
 	// WarningDepth logs to WARNING log at the specified depth. Arguments are handled in the manner of fmt.Println.
-	WarningDepth(depth int, args ...interface{})
+	WarningDepth(depth int, args ...any)
 	// ErrorDepth logs to ERROR log at the specified depth. Arguments are handled in the manner of fmt.Println.
-	ErrorDepth(depth int, args ...interface{})
+	ErrorDepth(depth int, args ...any)
 	// FatalDepth logs to FATAL log at the specified depth. Arguments are handled in the manner of fmt.Println.
-	FatalDepth(depth int, args ...interface{})
+	FatalDepth(depth int, args ...any)
 }
diff --git a/vendor/google.golang.org/grpc/internal/grpclog/prefixLogger.go b/vendor/google.golang.org/grpc/internal/grpclog/prefixLogger.go
index 02224b42c..faa998de7 100644
--- a/vendor/google.golang.org/grpc/internal/grpclog/prefixLogger.go
+++ b/vendor/google.golang.org/grpc/internal/grpclog/prefixLogger.go
@@ -31,7 +31,7 @@ type PrefixLogger struct {
 }
 
 // Infof does info logging.
-func (pl *PrefixLogger) Infof(format string, args ...interface{}) {
+func (pl *PrefixLogger) Infof(format string, args ...any) {
 	if pl != nil {
 		// Handle nil, so the tests can pass in a nil logger.
 		format = pl.prefix + format
@@ -42,7 +42,7 @@ func (pl *PrefixLogger) Infof(format string, args ...interface{}) {
 }
 
 // Warningf does warning logging.
-func (pl *PrefixLogger) Warningf(format string, args ...interface{}) {
+func (pl *PrefixLogger) Warningf(format string, args ...any) {
 	if pl != nil {
 		format = pl.prefix + format
 		pl.logger.WarningDepth(1, fmt.Sprintf(format, args...))
@@ -52,7 +52,7 @@ func (pl *PrefixLogger) Warningf(format string, args ...interface{}) {
 }
 
 // Errorf does error logging.
-func (pl *PrefixLogger) Errorf(format string, args ...interface{}) {
+func (pl *PrefixLogger) Errorf(format string, args ...any) {
 	if pl != nil {
 		format = pl.prefix + format
 		pl.logger.ErrorDepth(1, fmt.Sprintf(format, args...))
@@ -62,7 +62,7 @@ func (pl *PrefixLogger) Errorf(format string, args ...interface{}) {
 }
 
 // Debugf does info logging at verbose level 2.
-func (pl *PrefixLogger) Debugf(format string, args ...interface{}) {
+func (pl *PrefixLogger) Debugf(format string, args ...any) {
 	// TODO(6044): Refactor interfaces LoggerV2 and DepthLogger, and maybe
 	// rewrite PrefixLogger a little to ensure that we don't use the global
 	// `Logger` here, and instead use the `logger` field.
diff --git a/vendor/google.golang.org/grpc/internal/grpcrand/grpcrand.go b/vendor/google.golang.org/grpc/internal/grpcrand/grpcrand.go
index d08e3e907..aa97273e7 100644
--- a/vendor/google.golang.org/grpc/internal/grpcrand/grpcrand.go
+++ b/vendor/google.golang.org/grpc/internal/grpcrand/grpcrand.go
@@ -80,6 +80,13 @@ func Uint32() uint32 {
 	return r.Uint32()
 }
 
+// ExpFloat64 implements rand.ExpFloat64 on the grpcrand global source.
+func ExpFloat64() float64 {
+	mu.Lock()
+	defer mu.Unlock()
+	return r.ExpFloat64()
+}
+
 // Shuffle implements rand.Shuffle on the grpcrand global source.
 var Shuffle = func(n int, f func(int, int)) {
 	mu.Lock()
diff --git a/vendor/google.golang.org/grpc/internal/grpcsync/callback_serializer.go b/vendor/google.golang.org/grpc/internal/grpcsync/callback_serializer.go
index 37b8d4117..900917dbe 100644
--- a/vendor/google.golang.org/grpc/internal/grpcsync/callback_serializer.go
+++ b/vendor/google.golang.org/grpc/internal/grpcsync/callback_serializer.go
@@ -32,10 +32,10 @@ import (
 //
 // This type is safe for concurrent access.
 type CallbackSerializer struct {
-	// Done is closed once the serializer is shut down completely, i.e all
+	// done is closed once the serializer is shut down completely, i.e all
 	// scheduled callbacks are executed and the serializer has deallocated all
 	// its resources.
-	Done chan struct{}
+	done chan struct{}
 
 	callbacks *buffer.Unbounded
 	closedMu  sync.Mutex
@@ -48,12 +48,12 @@ type CallbackSerializer struct {
 // callbacks will be added once this context is canceled, and any pending un-run
 // callbacks will be executed before the serializer is shut down.
 func NewCallbackSerializer(ctx context.Context) *CallbackSerializer {
-	t := &CallbackSerializer{
-		Done:      make(chan struct{}),
+	cs := &CallbackSerializer{
+		done:      make(chan struct{}),
 		callbacks: buffer.NewUnbounded(),
 	}
-	go t.run(ctx)
-	return t
+	go cs.run(ctx)
+	return cs
 }
 
 // Schedule adds a callback to be scheduled after existing callbacks are run.
@@ -64,56 +64,62 @@ func NewCallbackSerializer(ctx context.Context) *CallbackSerializer {
 // Return value indicates if the callback was successfully added to the list of
 // callbacks to be executed by the serializer. It is not possible to add
 // callbacks once the context passed to NewCallbackSerializer is cancelled.
-func (t *CallbackSerializer) Schedule(f func(ctx context.Context)) bool {
-	t.closedMu.Lock()
-	defer t.closedMu.Unlock()
+func (cs *CallbackSerializer) Schedule(f func(ctx context.Context)) bool {
+	cs.closedMu.Lock()
+	defer cs.closedMu.Unlock()
 
-	if t.closed {
+	if cs.closed {
 		return false
 	}
-	t.callbacks.Put(f)
+	cs.callbacks.Put(f)
 	return true
 }
 
-func (t *CallbackSerializer) run(ctx context.Context) {
+func (cs *CallbackSerializer) run(ctx context.Context) {
 	var backlog []func(context.Context)
 
-	defer close(t.Done)
+	defer close(cs.done)
 	for ctx.Err() == nil {
 		select {
 		case <-ctx.Done():
 			// Do nothing here. Next iteration of the for loop will not happen,
 			// since ctx.Err() would be non-nil.
-		case callback, ok := <-t.callbacks.Get():
+		case callback, ok := <-cs.callbacks.Get():
 			if !ok {
 				return
 			}
-			t.callbacks.Load()
+			cs.callbacks.Load()
 			callback.(func(ctx context.Context))(ctx)
 		}
 	}
 
 	// Fetch pending callbacks if any, and execute them before returning from
-	// this method and closing t.Done.
-	t.closedMu.Lock()
-	t.closed = true
-	backlog = t.fetchPendingCallbacks()
-	t.callbacks.Close()
-	t.closedMu.Unlock()
+	// this method and closing cs.done.
+	cs.closedMu.Lock()
+	cs.closed = true
+	backlog = cs.fetchPendingCallbacks()
+	cs.callbacks.Close()
+	cs.closedMu.Unlock()
 	for _, b := range backlog {
 		b(ctx)
 	}
 }
 
-func (t *CallbackSerializer) fetchPendingCallbacks() []func(context.Context) {
+func (cs *CallbackSerializer) fetchPendingCallbacks() []func(context.Context) {
 	var backlog []func(context.Context)
 	for {
 		select {
-		case b := <-t.callbacks.Get():
+		case b := <-cs.callbacks.Get():
 			backlog = append(backlog, b.(func(context.Context)))
-			t.callbacks.Load()
+			cs.callbacks.Load()
 		default:
 			return backlog
 		}
 	}
 }
+
+// Done returns a channel that is closed after the context passed to
+// NewCallbackSerializer is canceled and all callbacks have been executed.
+func (cs *CallbackSerializer) Done() <-chan struct{} {
+	return cs.done
+}
diff --git a/vendor/google.golang.org/grpc/internal/grpcsync/pubsub.go b/vendor/google.golang.org/grpc/internal/grpcsync/pubsub.go
new file mode 100644
index 000000000..aef8cec1a
--- /dev/null
+++ b/vendor/google.golang.org/grpc/internal/grpcsync/pubsub.go
@@ -0,0 +1,121 @@
+/*
+ *
+ * Copyright 2023 gRPC authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package grpcsync
+
+import (
+	"context"
+	"sync"
+)
+
+// Subscriber represents an entity that is subscribed to messages published on
+// a PubSub. It wraps the callback to be invoked by the PubSub when a new
+// message is published.
+type Subscriber interface {
+	// OnMessage is invoked when a new message is published. Implementations
+	// must not block in this method.
+	OnMessage(msg any)
+}
+
+// PubSub is a simple one-to-many publish-subscribe system that supports
+// messages of arbitrary type. It guarantees that messages are delivered in
+// the same order in which they were published.
+//
+// Publisher invokes the Publish() method to publish new messages, while
+// subscribers interested in receiving these messages register a callback
+// via the Subscribe() method.
+//
+// Once a PubSub is stopped, no more messages can be published, but any pending
+// published messages will be delivered to the subscribers.  Done may be used
+// to determine when all published messages have been delivered.
+type PubSub struct {
+	cs *CallbackSerializer
+
+	// Access to the below fields are guarded by this mutex.
+	mu          sync.Mutex
+	msg         any
+	subscribers map[Subscriber]bool
+}
+
+// NewPubSub returns a new PubSub instance.  Users should cancel the
+// provided context to shutdown the PubSub.
+func NewPubSub(ctx context.Context) *PubSub {
+	return &PubSub{
+		cs:          NewCallbackSerializer(ctx),
+		subscribers: map[Subscriber]bool{},
+	}
+}
+
+// Subscribe registers the provided Subscriber to the PubSub.
+//
+// If the PubSub contains a previously published message, the Subscriber's
+// OnMessage() callback will be invoked asynchronously with the existing
+// message to begin with, and subsequently for every newly published message.
+//
+// The caller is responsible for invoking the returned cancel function to
+// unsubscribe itself from the PubSub.
+func (ps *PubSub) Subscribe(sub Subscriber) (cancel func()) {
+	ps.mu.Lock()
+	defer ps.mu.Unlock()
+
+	ps.subscribers[sub] = true
+
+	if ps.msg != nil {
+		msg := ps.msg
+		ps.cs.Schedule(func(context.Context) {
+			ps.mu.Lock()
+			defer ps.mu.Unlock()
+			if !ps.subscribers[sub] {
+				return
+			}
+			sub.OnMessage(msg)
+		})
+	}
+
+	return func() {
+		ps.mu.Lock()
+		defer ps.mu.Unlock()
+		delete(ps.subscribers, sub)
+	}
+}
+
+// Publish publishes the provided message to the PubSub, and invokes
+// callbacks registered by subscribers asynchronously.
+func (ps *PubSub) Publish(msg any) {
+	ps.mu.Lock()
+	defer ps.mu.Unlock()
+
+	ps.msg = msg
+	for sub := range ps.subscribers {
+		s := sub
+		ps.cs.Schedule(func(context.Context) {
+			ps.mu.Lock()
+			defer ps.mu.Unlock()
+			if !ps.subscribers[s] {
+				return
+			}
+			s.OnMessage(msg)
+		})
+	}
+}
+
+// Done returns a channel that is closed after the context passed to NewPubSub
+// is canceled and all updates have been sent to subscribers.
+func (ps *PubSub) Done() <-chan struct{} {
+	return ps.cs.Done()
+}
diff --git a/vendor/google.golang.org/grpc/idle.go b/vendor/google.golang.org/grpc/internal/idle/idle.go
similarity index 61%
rename from vendor/google.golang.org/grpc/idle.go
rename to vendor/google.golang.org/grpc/internal/idle/idle.go
index dc3dc72f6..6c272476e 100644
--- a/vendor/google.golang.org/grpc/idle.go
+++ b/vendor/google.golang.org/grpc/internal/idle/idle.go
@@ -16,7 +16,9 @@
  *
  */
 
-package grpc
+// Package idle contains a component for managing idleness (entering and exiting)
+// based on RPC activity.
+package idle
 
 import (
 	"fmt"
@@ -24,6 +26,8 @@ import (
 	"sync"
 	"sync/atomic"
 	"time"
+
+	"google.golang.org/grpc/grpclog"
 )
 
 // For overriding in unit tests.
@@ -31,31 +35,31 @@ var timeAfterFunc = func(d time.Duration, f func()) *time.Timer {
 	return time.AfterFunc(d, f)
 }
 
-// idlenessEnforcer is the functionality provided by grpc.ClientConn to enter
+// Enforcer is the functionality provided by grpc.ClientConn to enter
 // and exit from idle mode.
-type idlenessEnforcer interface {
-	exitIdleMode() error
-	enterIdleMode() error
+type Enforcer interface {
+	ExitIdleMode() error
+	EnterIdleMode() error
 }
 
-// idlenessManager defines the functionality required to track RPC activity on a
+// Manager defines the functionality required to track RPC activity on a
 // channel.
-type idlenessManager interface {
-	onCallBegin() error
-	onCallEnd()
-	close()
+type Manager interface {
+	OnCallBegin() error
+	OnCallEnd()
+	Close()
 }
 
-type noopIdlenessManager struct{}
+type noopManager struct{}
 
-func (noopIdlenessManager) onCallBegin() error { return nil }
-func (noopIdlenessManager) onCallEnd()         {}
-func (noopIdlenessManager) close()             {}
+func (noopManager) OnCallBegin() error { return nil }
+func (noopManager) OnCallEnd()         {}
+func (noopManager) Close()             {}
 
-// idlenessManagerImpl implements the idlenessManager interface. It uses atomic
-// operations to synchronize access to shared state and a mutex to guarantee
-// mutual exclusion in a critical section.
-type idlenessManagerImpl struct {
+// manager implements the Manager interface. It uses atomic operations to
+// synchronize access to shared state and a mutex to guarantee mutual exclusion
+// in a critical section.
+type manager struct {
 	// State accessed atomically.
 	lastCallEndTime           int64 // Unix timestamp in nanos; time when the most recent RPC completed.
 	activeCallsCount          int32 // Count of active RPCs; -math.MaxInt32 means channel is idle or is trying to get there.
@@ -64,14 +68,15 @@ type idlenessManagerImpl struct {
 
 	// Can be accessed without atomics or mutex since these are set at creation
 	// time and read-only after that.
-	enforcer idlenessEnforcer // Functionality provided by grpc.ClientConn.
-	timeout  int64            // Idle timeout duration nanos stored as an int64.
+	enforcer Enforcer // Functionality provided by grpc.ClientConn.
+	timeout  int64    // Idle timeout duration nanos stored as an int64.
+	logger   grpclog.LoggerV2
 
 	// idleMu is used to guarantee mutual exclusion in two scenarios:
 	// - Opposing intentions:
 	//   - a: Idle timeout has fired and handleIdleTimeout() is trying to put
 	//     the channel in idle mode because the channel has been inactive.
-	//   - b: At the same time an RPC is made on the channel, and onCallBegin()
+	//   - b: At the same time an RPC is made on the channel, and OnCallBegin()
 	//     is trying to prevent the channel from going idle.
 	// - Competing intentions:
 	//   - The channel is in idle mode and there are multiple RPCs starting at
@@ -83,28 +88,37 @@ type idlenessManagerImpl struct {
 	timer        *time.Timer
 }
 
-// newIdlenessManager creates a new idleness manager implementation for the
+// ManagerOptions is a collection of options used by
+// NewManager.
+type ManagerOptions struct {
+	Enforcer Enforcer
+	Timeout  time.Duration
+	Logger   grpclog.LoggerV2
+}
+
+// NewManager creates a new idleness manager implementation for the
 // given idle timeout.
-func newIdlenessManager(enforcer idlenessEnforcer, idleTimeout time.Duration) idlenessManager {
-	if idleTimeout == 0 {
-		return noopIdlenessManager{}
+func NewManager(opts ManagerOptions) Manager {
+	if opts.Timeout == 0 {
+		return noopManager{}
 	}
 
-	i := &idlenessManagerImpl{
-		enforcer: enforcer,
-		timeout:  int64(idleTimeout),
+	m := &manager{
+		enforcer: opts.Enforcer,
+		timeout:  int64(opts.Timeout),
+		logger:   opts.Logger,
 	}
-	i.timer = timeAfterFunc(idleTimeout, i.handleIdleTimeout)
-	return i
+	m.timer = timeAfterFunc(opts.Timeout, m.handleIdleTimeout)
+	return m
 }
 
 // resetIdleTimer resets the idle timer to the given duration. This method
 // should only be called from the timer callback.
-func (i *idlenessManagerImpl) resetIdleTimer(d time.Duration) {
-	i.idleMu.Lock()
-	defer i.idleMu.Unlock()
+func (m *manager) resetIdleTimer(d time.Duration) {
+	m.idleMu.Lock()
+	defer m.idleMu.Unlock()
 
-	if i.timer == nil {
+	if m.timer == nil {
 		// Only close sets timer to nil. We are done.
 		return
 	}
@@ -112,47 +126,47 @@ func (i *idlenessManagerImpl) resetIdleTimer(d time.Duration) {
 	// It is safe to ignore the return value from Reset() because this method is
 	// only ever called from the timer callback, which means the timer has
 	// already fired.
-	i.timer.Reset(d)
+	m.timer.Reset(d)
 }
 
 // handleIdleTimeout is the timer callback that is invoked upon expiry of the
 // configured idle timeout. The channel is considered inactive if there are no
 // ongoing calls and no RPC activity since the last time the timer fired.
-func (i *idlenessManagerImpl) handleIdleTimeout() {
-	if i.isClosed() {
+func (m *manager) handleIdleTimeout() {
+	if m.isClosed() {
 		return
 	}
 
-	if atomic.LoadInt32(&i.activeCallsCount) > 0 {
-		i.resetIdleTimer(time.Duration(i.timeout))
+	if atomic.LoadInt32(&m.activeCallsCount) > 0 {
+		m.resetIdleTimer(time.Duration(m.timeout))
 		return
 	}
 
 	// There has been activity on the channel since we last got here. Reset the
 	// timer and return.
-	if atomic.LoadInt32(&i.activeSinceLastTimerCheck) == 1 {
+	if atomic.LoadInt32(&m.activeSinceLastTimerCheck) == 1 {
 		// Set the timer to fire after a duration of idle timeout, calculated
 		// from the time the most recent RPC completed.
-		atomic.StoreInt32(&i.activeSinceLastTimerCheck, 0)
-		i.resetIdleTimer(time.Duration(atomic.LoadInt64(&i.lastCallEndTime) + i.timeout - time.Now().UnixNano()))
+		atomic.StoreInt32(&m.activeSinceLastTimerCheck, 0)
+		m.resetIdleTimer(time.Duration(atomic.LoadInt64(&m.lastCallEndTime) + m.timeout - time.Now().UnixNano()))
 		return
 	}
 
 	// This CAS operation is extremely likely to succeed given that there has
 	// been no activity since the last time we were here.  Setting the
-	// activeCallsCount to -math.MaxInt32 indicates to onCallBegin() that the
+	// activeCallsCount to -math.MaxInt32 indicates to OnCallBegin() that the
 	// channel is either in idle mode or is trying to get there.
-	if !atomic.CompareAndSwapInt32(&i.activeCallsCount, 0, -math.MaxInt32) {
+	if !atomic.CompareAndSwapInt32(&m.activeCallsCount, 0, -math.MaxInt32) {
 		// This CAS operation can fail if an RPC started after we checked for
 		// activity at the top of this method, or one was ongoing from before
 		// the last time we were here. In both case, reset the timer and return.
-		i.resetIdleTimer(time.Duration(i.timeout))
+		m.resetIdleTimer(time.Duration(m.timeout))
 		return
 	}
 
 	// Now that we've set the active calls count to -math.MaxInt32, it's time to
 	// actually move to idle mode.
-	if i.tryEnterIdleMode() {
+	if m.tryEnterIdleMode() {
 		// Successfully entered idle mode. No timer needed until we exit idle.
 		return
 	}
@@ -160,8 +174,8 @@ func (i *idlenessManagerImpl) handleIdleTimeout() {
 	// Failed to enter idle mode due to a concurrent RPC that kept the channel
 	// active, or because of an error from the channel. Undo the attempt to
 	// enter idle, and reset the timer to try again later.
-	atomic.AddInt32(&i.activeCallsCount, math.MaxInt32)
-	i.resetIdleTimer(time.Duration(i.timeout))
+	atomic.AddInt32(&m.activeCallsCount, math.MaxInt32)
+	m.resetIdleTimer(time.Duration(m.timeout))
 }
 
 // tryEnterIdleMode instructs the channel to enter idle mode. But before
@@ -171,15 +185,15 @@ func (i *idlenessManagerImpl) handleIdleTimeout() {
 // Return value indicates whether or not the channel moved to idle mode.
 //
 // Holds idleMu which ensures mutual exclusion with exitIdleMode.
-func (i *idlenessManagerImpl) tryEnterIdleMode() bool {
-	i.idleMu.Lock()
-	defer i.idleMu.Unlock()
+func (m *manager) tryEnterIdleMode() bool {
+	m.idleMu.Lock()
+	defer m.idleMu.Unlock()
 
-	if atomic.LoadInt32(&i.activeCallsCount) != -math.MaxInt32 {
+	if atomic.LoadInt32(&m.activeCallsCount) != -math.MaxInt32 {
 		// We raced and lost to a new RPC. Very rare, but stop entering idle.
 		return false
 	}
-	if atomic.LoadInt32(&i.activeSinceLastTimerCheck) == 1 {
+	if atomic.LoadInt32(&m.activeSinceLastTimerCheck) == 1 {
 		// An very short RPC could have come in (and also finished) after we
 		// checked for calls count and activity in handleIdleTimeout(), but
 		// before the CAS operation. So, we need to check for activity again.
@@ -189,99 +203,99 @@ func (i *idlenessManagerImpl) tryEnterIdleMode() bool {
 	// No new RPCs have come in since we last set the active calls count value
 	// -math.MaxInt32 in the timer callback. And since we have the lock, it is
 	// safe to enter idle mode now.
-	if err := i.enforcer.enterIdleMode(); err != nil {
-		logger.Errorf("Failed to enter idle mode: %v", err)
+	if err := m.enforcer.EnterIdleMode(); err != nil {
+		m.logger.Errorf("Failed to enter idle mode: %v", err)
 		return false
 	}
 
 	// Successfully entered idle mode.
-	i.actuallyIdle = true
+	m.actuallyIdle = true
 	return true
 }
 
-// onCallBegin is invoked at the start of every RPC.
-func (i *idlenessManagerImpl) onCallBegin() error {
-	if i.isClosed() {
+// OnCallBegin is invoked at the start of every RPC.
+func (m *manager) OnCallBegin() error {
+	if m.isClosed() {
 		return nil
 	}
 
-	if atomic.AddInt32(&i.activeCallsCount, 1) > 0 {
+	if atomic.AddInt32(&m.activeCallsCount, 1) > 0 {
 		// Channel is not idle now. Set the activity bit and allow the call.
-		atomic.StoreInt32(&i.activeSinceLastTimerCheck, 1)
+		atomic.StoreInt32(&m.activeSinceLastTimerCheck, 1)
 		return nil
 	}
 
 	// Channel is either in idle mode or is in the process of moving to idle
 	// mode. Attempt to exit idle mode to allow this RPC.
-	if err := i.exitIdleMode(); err != nil {
+	if err := m.exitIdleMode(); err != nil {
 		// Undo the increment to calls count, and return an error causing the
 		// RPC to fail.
-		atomic.AddInt32(&i.activeCallsCount, -1)
+		atomic.AddInt32(&m.activeCallsCount, -1)
 		return err
 	}
 
-	atomic.StoreInt32(&i.activeSinceLastTimerCheck, 1)
+	atomic.StoreInt32(&m.activeSinceLastTimerCheck, 1)
 	return nil
 }
 
 // exitIdleMode instructs the channel to exit idle mode.
 //
 // Holds idleMu which ensures mutual exclusion with tryEnterIdleMode.
-func (i *idlenessManagerImpl) exitIdleMode() error {
-	i.idleMu.Lock()
-	defer i.idleMu.Unlock()
+func (m *manager) exitIdleMode() error {
+	m.idleMu.Lock()
+	defer m.idleMu.Unlock()
 
-	if !i.actuallyIdle {
+	if !m.actuallyIdle {
 		// This can happen in two scenarios:
 		// - handleIdleTimeout() set the calls count to -math.MaxInt32 and called
 		//   tryEnterIdleMode(). But before the latter could grab the lock, an RPC
-		//   came in and onCallBegin() noticed that the calls count is negative.
+		//   came in and OnCallBegin() noticed that the calls count is negative.
 		// - Channel is in idle mode, and multiple new RPCs come in at the same
-		//   time, all of them notice a negative calls count in onCallBegin and get
+		//   time, all of them notice a negative calls count in OnCallBegin and get
 		//   here. The first one to get the lock would got the channel to exit idle.
 		//
 		// Either way, nothing to do here.
 		return nil
 	}
 
-	if err := i.enforcer.exitIdleMode(); err != nil {
+	if err := m.enforcer.ExitIdleMode(); err != nil {
 		return fmt.Errorf("channel failed to exit idle mode: %v", err)
 	}
 
 	// Undo the idle entry process. This also respects any new RPC attempts.
-	atomic.AddInt32(&i.activeCallsCount, math.MaxInt32)
-	i.actuallyIdle = false
+	atomic.AddInt32(&m.activeCallsCount, math.MaxInt32)
+	m.actuallyIdle = false
 
 	// Start a new timer to fire after the configured idle timeout.
-	i.timer = timeAfterFunc(time.Duration(i.timeout), i.handleIdleTimeout)
+	m.timer = timeAfterFunc(time.Duration(m.timeout), m.handleIdleTimeout)
 	return nil
 }
 
-// onCallEnd is invoked at the end of every RPC.
-func (i *idlenessManagerImpl) onCallEnd() {
-	if i.isClosed() {
+// OnCallEnd is invoked at the end of every RPC.
+func (m *manager) OnCallEnd() {
+	if m.isClosed() {
 		return
 	}
 
 	// Record the time at which the most recent call finished.
-	atomic.StoreInt64(&i.lastCallEndTime, time.Now().UnixNano())
+	atomic.StoreInt64(&m.lastCallEndTime, time.Now().UnixNano())
 
 	// Decrement the active calls count. This count can temporarily go negative
 	// when the timer callback is in the process of moving the channel to idle
 	// mode, but one or more RPCs come in and complete before the timer callback
 	// can get done with the process of moving to idle mode.
-	atomic.AddInt32(&i.activeCallsCount, -1)
+	atomic.AddInt32(&m.activeCallsCount, -1)
 }
 
-func (i *idlenessManagerImpl) isClosed() bool {
-	return atomic.LoadInt32(&i.closed) == 1
+func (m *manager) isClosed() bool {
+	return atomic.LoadInt32(&m.closed) == 1
 }
 
-func (i *idlenessManagerImpl) close() {
-	atomic.StoreInt32(&i.closed, 1)
+func (m *manager) Close() {
+	atomic.StoreInt32(&m.closed, 1)
 
-	i.idleMu.Lock()
-	i.timer.Stop()
-	i.timer = nil
-	i.idleMu.Unlock()
+	m.idleMu.Lock()
+	m.timer.Stop()
+	m.timer = nil
+	m.idleMu.Unlock()
 }
diff --git a/vendor/google.golang.org/grpc/internal/internal.go b/vendor/google.golang.org/grpc/internal/internal.go
index 42ff39c84..0d94c63e0 100644
--- a/vendor/google.golang.org/grpc/internal/internal.go
+++ b/vendor/google.golang.org/grpc/internal/internal.go
@@ -30,7 +30,7 @@ import (
 
 var (
 	// WithHealthCheckFunc is set by dialoptions.go
-	WithHealthCheckFunc interface{} // func (HealthChecker) DialOption
+	WithHealthCheckFunc any // func (HealthChecker) DialOption
 	// HealthCheckFunc is used to provide client-side LB channel health checking
 	HealthCheckFunc HealthChecker
 	// BalancerUnregister is exported by package balancer to unregister a balancer.
@@ -38,8 +38,12 @@ var (
 	// KeepaliveMinPingTime is the minimum ping interval.  This must be 10s by
 	// default, but tests may wish to set it lower for convenience.
 	KeepaliveMinPingTime = 10 * time.Second
+	// KeepaliveMinServerPingTime is the minimum ping interval for servers.
+	// This must be 1s by default, but tests may wish to set it lower for
+	// convenience.
+	KeepaliveMinServerPingTime = time.Second
 	// ParseServiceConfig parses a JSON representation of the service config.
-	ParseServiceConfig interface{} // func(string) *serviceconfig.ParseResult
+	ParseServiceConfig any // func(string) *serviceconfig.ParseResult
 	// EqualServiceConfigForTesting is for testing service config generation and
 	// parsing. Both a and b should be returned by ParseServiceConfig.
 	// This function compares the config without rawJSON stripped, in case the
@@ -49,33 +53,33 @@ var (
 	// given name. This is set by package certprovider for use from xDS
 	// bootstrap code while parsing certificate provider configs in the
 	// bootstrap file.
-	GetCertificateProviderBuilder interface{} // func(string) certprovider.Builder
+	GetCertificateProviderBuilder any // func(string) certprovider.Builder
 	// GetXDSHandshakeInfoForTesting returns a pointer to the xds.HandshakeInfo
 	// stored in the passed in attributes. This is set by
 	// credentials/xds/xds.go.
-	GetXDSHandshakeInfoForTesting interface{} // func (*attributes.Attributes) *xds.HandshakeInfo
+	GetXDSHandshakeInfoForTesting any // func (*attributes.Attributes) *xds.HandshakeInfo
 	// GetServerCredentials returns the transport credentials configured on a
 	// gRPC server. An xDS-enabled server needs to know what type of credentials
 	// is configured on the underlying gRPC server. This is set by server.go.
-	GetServerCredentials interface{} // func (*grpc.Server) credentials.TransportCredentials
+	GetServerCredentials any // func (*grpc.Server) credentials.TransportCredentials
 	// CanonicalString returns the canonical string of the code defined here:
 	// https://github.com/grpc/grpc/blob/master/doc/statuscodes.md.
 	//
 	// This is used in the 1.0 release of gcp/observability, and thus must not be
 	// deleted or changed.
-	CanonicalString interface{} // func (codes.Code) string
+	CanonicalString any // func (codes.Code) string
 	// DrainServerTransports initiates a graceful close of existing connections
 	// on a gRPC server accepted on the provided listener address. An
 	// xDS-enabled server invokes this method on a grpc.Server when a particular
 	// listener moves to "not-serving" mode.
-	DrainServerTransports interface{} // func(*grpc.Server, string)
+	DrainServerTransports any // func(*grpc.Server, string)
 	// AddGlobalServerOptions adds an array of ServerOption that will be
 	// effective globally for newly created servers. The priority will be: 1.
 	// user-provided; 2. this method; 3. default values.
 	//
 	// This is used in the 1.0 release of gcp/observability, and thus must not be
 	// deleted or changed.
-	AddGlobalServerOptions interface{} // func(opt ...ServerOption)
+	AddGlobalServerOptions any // func(opt ...ServerOption)
 	// ClearGlobalServerOptions clears the array of extra ServerOption. This
 	// method is useful in testing and benchmarking.
 	//
@@ -88,14 +92,14 @@ var (
 	//
 	// This is used in the 1.0 release of gcp/observability, and thus must not be
 	// deleted or changed.
-	AddGlobalDialOptions interface{} // func(opt ...DialOption)
+	AddGlobalDialOptions any // func(opt ...DialOption)
 	// DisableGlobalDialOptions returns a DialOption that prevents the
 	// ClientConn from applying the global DialOptions (set via
 	// AddGlobalDialOptions).
 	//
 	// This is used in the 1.0 release of gcp/observability, and thus must not be
 	// deleted or changed.
-	DisableGlobalDialOptions interface{} // func() grpc.DialOption
+	DisableGlobalDialOptions any // func() grpc.DialOption
 	// ClearGlobalDialOptions clears the array of extra DialOption. This
 	// method is useful in testing and benchmarking.
 	//
@@ -104,23 +108,26 @@ var (
 	ClearGlobalDialOptions func()
 	// JoinDialOptions combines the dial options passed as arguments into a
 	// single dial option.
-	JoinDialOptions interface{} // func(...grpc.DialOption) grpc.DialOption
+	JoinDialOptions any // func(...grpc.DialOption) grpc.DialOption
 	// JoinServerOptions combines the server options passed as arguments into a
 	// single server option.
-	JoinServerOptions interface{} // func(...grpc.ServerOption) grpc.ServerOption
+	JoinServerOptions any // func(...grpc.ServerOption) grpc.ServerOption
 
 	// WithBinaryLogger returns a DialOption that specifies the binary logger
 	// for a ClientConn.
 	//
 	// This is used in the 1.0 release of gcp/observability, and thus must not be
 	// deleted or changed.
-	WithBinaryLogger interface{} // func(binarylog.Logger) grpc.DialOption
+	WithBinaryLogger any // func(binarylog.Logger) grpc.DialOption
 	// BinaryLogger returns a ServerOption that can set the binary logger for a
 	// server.
 	//
 	// This is used in the 1.0 release of gcp/observability, and thus must not be
 	// deleted or changed.
-	BinaryLogger interface{} // func(binarylog.Logger) grpc.ServerOption
+	BinaryLogger any // func(binarylog.Logger) grpc.ServerOption
+
+	// SubscribeToConnectivityStateChanges adds a grpcsync.Subscriber to a provided grpc.ClientConn
+	SubscribeToConnectivityStateChanges any // func(*grpc.ClientConn, grpcsync.Subscriber)
 
 	// NewXDSResolverWithConfigForTesting creates a new xds resolver builder using
 	// the provided xds bootstrap config instead of the global configuration from
@@ -131,7 +138,7 @@ var (
 	//
 	// This function should ONLY be used for testing and may not work with some
 	// other features, including the CSDS service.
-	NewXDSResolverWithConfigForTesting interface{} // func([]byte) (resolver.Builder, error)
+	NewXDSResolverWithConfigForTesting any // func([]byte) (resolver.Builder, error)
 
 	// RegisterRLSClusterSpecifierPluginForTesting registers the RLS Cluster
 	// Specifier Plugin for testing purposes, regardless of the XDSRLS environment
@@ -163,7 +170,17 @@ var (
 	UnregisterRBACHTTPFilterForTesting func()
 
 	// ORCAAllowAnyMinReportingInterval is for examples/orca use ONLY.
-	ORCAAllowAnyMinReportingInterval interface{} // func(so *orca.ServiceOptions)
+	ORCAAllowAnyMinReportingInterval any // func(so *orca.ServiceOptions)
+
+	// GRPCResolverSchemeExtraMetadata determines when gRPC will add extra
+	// metadata to RPCs.
+	GRPCResolverSchemeExtraMetadata string = "xds"
+
+	// EnterIdleModeForTesting gets the ClientConn to enter IDLE mode.
+	EnterIdleModeForTesting any // func(*grpc.ClientConn) error
+
+	// ExitIdleModeForTesting gets the ClientConn to exit IDLE mode.
+	ExitIdleModeForTesting any // func(*grpc.ClientConn) error
 )
 
 // HealthChecker defines the signature of the client-side LB channel health checking function.
@@ -174,7 +191,7 @@ var (
 //
 // The health checking protocol is defined at:
 // https://github.com/grpc/grpc/blob/master/doc/health-checking.md
-type HealthChecker func(ctx context.Context, newStream func(string) (interface{}, error), setConnectivityState func(connectivity.State, error), serviceName string) error
+type HealthChecker func(ctx context.Context, newStream func(string) (any, error), setConnectivityState func(connectivity.State, error), serviceName string) error
 
 const (
 	// CredsBundleModeFallback switches GoogleDefaultCreds to fallback mode.
diff --git a/vendor/google.golang.org/grpc/internal/metadata/metadata.go b/vendor/google.golang.org/grpc/internal/metadata/metadata.go
index c82e608e0..900bfb716 100644
--- a/vendor/google.golang.org/grpc/internal/metadata/metadata.go
+++ b/vendor/google.golang.org/grpc/internal/metadata/metadata.go
@@ -35,7 +35,7 @@ const mdKey = mdKeyType("grpc.internal.address.metadata")
 
 type mdValue metadata.MD
 
-func (m mdValue) Equal(o interface{}) bool {
+func (m mdValue) Equal(o any) bool {
 	om, ok := o.(mdValue)
 	if !ok {
 		return false
diff --git a/vendor/google.golang.org/grpc/internal/pretty/pretty.go b/vendor/google.golang.org/grpc/internal/pretty/pretty.go
index 0177af4b5..703319137 100644
--- a/vendor/google.golang.org/grpc/internal/pretty/pretty.go
+++ b/vendor/google.golang.org/grpc/internal/pretty/pretty.go
@@ -35,7 +35,7 @@ const jsonIndent = "  "
 // ToJSON marshals the input into a json string.
 //
 // If marshal fails, it falls back to fmt.Sprintf("%+v").
-func ToJSON(e interface{}) string {
+func ToJSON(e any) string {
 	switch ee := e.(type) {
 	case protov1.Message:
 		mm := jsonpb.Marshaler{Indent: jsonIndent}
diff --git a/vendor/google.golang.org/grpc/internal/resolver/config_selector.go b/vendor/google.golang.org/grpc/internal/resolver/config_selector.go
index c7a18a948..f0603871c 100644
--- a/vendor/google.golang.org/grpc/internal/resolver/config_selector.go
+++ b/vendor/google.golang.org/grpc/internal/resolver/config_selector.go
@@ -92,7 +92,7 @@ type ClientStream interface {
 	// calling RecvMsg on the same stream at the same time, but it is not safe
 	// to call SendMsg on the same stream in different goroutines. It is also
 	// not safe to call CloseSend concurrently with SendMsg.
-	SendMsg(m interface{}) error
+	SendMsg(m any) error
 	// RecvMsg blocks until it receives a message into m or the stream is
 	// done. It returns io.EOF when the stream completes successfully. On
 	// any other error, the stream is aborted and the error contains the RPC
@@ -101,7 +101,7 @@ type ClientStream interface {
 	// It is safe to have a goroutine calling SendMsg and another goroutine
 	// calling RecvMsg on the same stream at the same time, but it is not
 	// safe to call RecvMsg on the same stream in different goroutines.
-	RecvMsg(m interface{}) error
+	RecvMsg(m any) error
 }
 
 // ClientInterceptor is an interceptor for gRPC client streams.
diff --git a/vendor/google.golang.org/grpc/internal/resolver/dns/dns_resolver.go b/vendor/google.golang.org/grpc/internal/resolver/dns/dns_resolver.go
index 09a667f33..99e1e5b36 100644
--- a/vendor/google.golang.org/grpc/internal/resolver/dns/dns_resolver.go
+++ b/vendor/google.golang.org/grpc/internal/resolver/dns/dns_resolver.go
@@ -62,7 +62,8 @@ const (
 	defaultPort       = "443"
 	defaultDNSSvrPort = "53"
 	golang            = "GO"
-	// txtPrefix is the prefix string to be prepended to the host name for txt record lookup.
+	// txtPrefix is the prefix string to be prepended to the host name for txt
+	// record lookup.
 	txtPrefix = "_grpc_config."
 	// In DNS, service config is encoded in a TXT record via the mechanism
 	// described in RFC-1464 using the attribute name grpc_config.
@@ -86,14 +87,14 @@ var (
 	minDNSResRate = 30 * time.Second
 )
 
-var customAuthorityDialler = func(authority string) func(ctx context.Context, network, address string) (net.Conn, error) {
-	return func(ctx context.Context, network, address string) (net.Conn, error) {
+var addressDialer = func(address string) func(context.Context, string, string) (net.Conn, error) {
+	return func(ctx context.Context, network, _ string) (net.Conn, error) {
 		var dialer net.Dialer
-		return dialer.DialContext(ctx, network, authority)
+		return dialer.DialContext(ctx, network, address)
 	}
 }
 
-var customAuthorityResolver = func(authority string) (netResolver, error) {
+var newNetResolver = func(authority string) (netResolver, error) {
 	host, port, err := parseTarget(authority, defaultDNSSvrPort)
 	if err != nil {
 		return nil, err
@@ -103,7 +104,7 @@ var customAuthorityResolver = func(authority string) (netResolver, error) {
 
 	return &net.Resolver{
 		PreferGo: true,
-		Dial:     customAuthorityDialler(authorityWithPort),
+		Dial:     addressDialer(authorityWithPort),
 	}, nil
 }
 
@@ -114,7 +115,8 @@ func NewBuilder() resolver.Builder {
 
 type dnsBuilder struct{}
 
-// Build creates and starts a DNS resolver that watches the name resolution of the target.
+// Build creates and starts a DNS resolver that watches the name resolution of
+// the target.
 func (b *dnsBuilder) Build(target resolver.Target, cc resolver.ClientConn, opts resolver.BuildOptions) (resolver.Resolver, error) {
 	host, port, err := parseTarget(target.Endpoint(), defaultPort)
 	if err != nil {
@@ -143,7 +145,7 @@ func (b *dnsBuilder) Build(target resolver.Target, cc resolver.ClientConn, opts
 	if target.URL.Host == "" {
 		d.resolver = defaultResolver
 	} else {
-		d.resolver, err = customAuthorityResolver(target.URL.Host)
+		d.resolver, err = newNetResolver(target.URL.Host)
 		if err != nil {
 			return nil, err
 		}
@@ -180,19 +182,22 @@ type dnsResolver struct {
 	ctx      context.Context
 	cancel   context.CancelFunc
 	cc       resolver.ClientConn
-	// rn channel is used by ResolveNow() to force an immediate resolution of the target.
+	// rn channel is used by ResolveNow() to force an immediate resolution of the
+	// target.
 	rn chan struct{}
-	// wg is used to enforce Close() to return after the watcher() goroutine has finished.
-	// Otherwise, data race will be possible. [Race Example] in dns_resolver_test we
-	// replace the real lookup functions with mocked ones to facilitate testing.
-	// If Close() doesn't wait for watcher() goroutine finishes, race detector sometimes
-	// will warns lookup (READ the lookup function pointers) inside watcher() goroutine
-	// has data race with replaceNetFunc (WRITE the lookup function pointers).
+	// wg is used to enforce Close() to return after the watcher() goroutine has
+	// finished. Otherwise, data race will be possible. [Race Example] in
+	// dns_resolver_test we replace the real lookup functions with mocked ones to
+	// facilitate testing. If Close() doesn't wait for watcher() goroutine
+	// finishes, race detector sometimes will warns lookup (READ the lookup
+	// function pointers) inside watcher() goroutine has data race with
+	// replaceNetFunc (WRITE the lookup function pointers).
 	wg                   sync.WaitGroup
 	disableServiceConfig bool
 }
 
-// ResolveNow invoke an immediate resolution of the target that this dnsResolver watches.
+// ResolveNow invoke an immediate resolution of the target that this
+// dnsResolver watches.
 func (d *dnsResolver) ResolveNow(resolver.ResolveNowOptions) {
 	select {
 	case d.rn <- struct{}{}:
@@ -220,8 +225,8 @@ func (d *dnsResolver) watcher() {
 
 		var timer *time.Timer
 		if err == nil {
-			// Success resolving, wait for the next ResolveNow. However, also wait 30 seconds at the very least
-			// to prevent constantly re-resolving.
+			// Success resolving, wait for the next ResolveNow. However, also wait 30
+			// seconds at the very least to prevent constantly re-resolving.
 			backoffIndex = 1
 			timer = newTimerDNSResRate(minDNSResRate)
 			select {
@@ -231,7 +236,8 @@ func (d *dnsResolver) watcher() {
 			case <-d.rn:
 			}
 		} else {
-			// Poll on an error found in DNS Resolver or an error received from ClientConn.
+			// Poll on an error found in DNS Resolver or an error received from
+			// ClientConn.
 			timer = newTimer(backoff.DefaultExponential.Backoff(backoffIndex))
 			backoffIndex++
 		}
@@ -278,7 +284,8 @@ func (d *dnsResolver) lookupSRV() ([]resolver.Address, error) {
 }
 
 func handleDNSError(err error, lookupType string) error {
-	if dnsErr, ok := err.(*net.DNSError); ok && !dnsErr.IsTimeout && !dnsErr.IsTemporary {
+	dnsErr, ok := err.(*net.DNSError)
+	if ok && !dnsErr.IsTimeout && !dnsErr.IsTemporary {
 		// Timeouts and temporary errors should be communicated to gRPC to
 		// attempt another DNS query (with backoff).  Other errors should be
 		// suppressed (they may represent the absence of a TXT record).
@@ -307,10 +314,12 @@ func (d *dnsResolver) lookupTXT() *serviceconfig.ParseResult {
 		res += s
 	}
 
-	// TXT record must have "grpc_config=" attribute in order to be used as service config.
+	// TXT record must have "grpc_config=" attribute in order to be used as
+	// service config.
 	if !strings.HasPrefix(res, txtAttribute) {
 		logger.Warningf("dns: TXT record %v missing %v attribute", res, txtAttribute)
-		// This is not an error; it is the equivalent of not having a service config.
+		// This is not an error; it is the equivalent of not having a service
+		// config.
 		return nil
 	}
 	sc := canaryingSC(strings.TrimPrefix(res, txtAttribute))
@@ -352,9 +361,10 @@ func (d *dnsResolver) lookup() (*resolver.State, error) {
 	return &state, nil
 }
 
-// formatIP returns ok = false if addr is not a valid textual representation of an IP address.
-// If addr is an IPv4 address, return the addr and ok = true.
-// If addr is an IPv6 address, return the addr enclosed in square brackets and ok = true.
+// formatIP returns ok = false if addr is not a valid textual representation of
+// an IP address. If addr is an IPv4 address, return the addr and ok = true.
+// If addr is an IPv6 address, return the addr enclosed in square brackets and
+// ok = true.
 func formatIP(addr string) (addrIP string, ok bool) {
 	ip := net.ParseIP(addr)
 	if ip == nil {
@@ -366,10 +376,10 @@ func formatIP(addr string) (addrIP string, ok bool) {
 	return "[" + addr + "]", true
 }
 
-// parseTarget takes the user input target string and default port, returns formatted host and port info.
-// If target doesn't specify a port, set the port to be the defaultPort.
-// If target is in IPv6 format and host-name is enclosed in square brackets, brackets
-// are stripped when setting the host.
+// parseTarget takes the user input target string and default port, returns
+// formatted host and port info. If target doesn't specify a port, set the port
+// to be the defaultPort. If target is in IPv6 format and host-name is enclosed
+// in square brackets, brackets are stripped when setting the host.
 // examples:
 // target: "www.google.com" defaultPort: "443" returns host: "www.google.com", port: "443"
 // target: "ipv4-host:80" defaultPort: "443" returns host: "ipv4-host", port: "80"
@@ -385,12 +395,14 @@ func parseTarget(target, defaultPort string) (host, port string, err error) {
 	}
 	if host, port, err = net.SplitHostPort(target); err == nil {
 		if port == "" {
-			// If the port field is empty (target ends with colon), e.g. "[::1]:", this is an error.
+			// If the port field is empty (target ends with colon), e.g. "[::1]:",
+			// this is an error.
 			return "", "", errEndsWithColon
 		}
 		// target has port, i.e ipv4-host:port, [ipv6-host]:port, host-name:port
 		if host == "" {
-			// Keep consistent with net.Dial(): If the host is empty, as in ":80", the local system is assumed.
+			// Keep consistent with net.Dial(): If the host is empty, as in ":80",
+			// the local system is assumed.
 			host = "localhost"
 		}
 		return host, port, nil
diff --git a/vendor/google.golang.org/grpc/internal/status/status.go b/vendor/google.golang.org/grpc/internal/status/status.go
index b0ead4f54..03ef2fedd 100644
--- a/vendor/google.golang.org/grpc/internal/status/status.go
+++ b/vendor/google.golang.org/grpc/internal/status/status.go
@@ -43,13 +43,41 @@ type Status struct {
 	s *spb.Status
 }
 
+// NewWithProto returns a new status including details from statusProto.  This
+// is meant to be used by the gRPC library only.
+func NewWithProto(code codes.Code, message string, statusProto []string) *Status {
+	if len(statusProto) != 1 {
+		// No grpc-status-details bin header, or multiple; just ignore.
+		return &Status{s: &spb.Status{Code: int32(code), Message: message}}
+	}
+	st := &spb.Status{}
+	if err := proto.Unmarshal([]byte(statusProto[0]), st); err != nil {
+		// Probably not a google.rpc.Status proto; do not provide details.
+		return &Status{s: &spb.Status{Code: int32(code), Message: message}}
+	}
+	if st.Code == int32(code) {
+		// The codes match between the grpc-status header and the
+		// grpc-status-details-bin header; use the full details proto.
+		return &Status{s: st}
+	}
+	return &Status{
+		s: &spb.Status{
+			Code: int32(codes.Internal),
+			Message: fmt.Sprintf(
+				"grpc-status-details-bin mismatch: grpc-status=%v, grpc-message=%q, grpc-status-details-bin=%+v",
+				code, message, st,
+			),
+		},
+	}
+}
+
 // New returns a Status representing c and msg.
 func New(c codes.Code, msg string) *Status {
 	return &Status{s: &spb.Status{Code: int32(c), Message: msg}}
 }
 
 // Newf returns New(c, fmt.Sprintf(format, a...)).
-func Newf(c codes.Code, format string, a ...interface{}) *Status {
+func Newf(c codes.Code, format string, a ...any) *Status {
 	return New(c, fmt.Sprintf(format, a...))
 }
 
@@ -64,7 +92,7 @@ func Err(c codes.Code, msg string) error {
 }
 
 // Errorf returns Error(c, fmt.Sprintf(format, a...)).
-func Errorf(c codes.Code, format string, a ...interface{}) error {
+func Errorf(c codes.Code, format string, a ...any) error {
 	return Err(c, fmt.Sprintf(format, a...))
 }
 
@@ -120,11 +148,11 @@ func (s *Status) WithDetails(details ...proto.Message) (*Status, error) {
 
 // Details returns a slice of details messages attached to the status.
 // If a detail cannot be decoded, the error is returned in place of the detail.
-func (s *Status) Details() []interface{} {
+func (s *Status) Details() []any {
 	if s == nil || s.s == nil {
 		return nil
 	}
-	details := make([]interface{}, 0, len(s.s.Details))
+	details := make([]any, 0, len(s.s.Details))
 	for _, any := range s.s.Details {
 		detail := &ptypes.DynamicAny{}
 		if err := ptypes.UnmarshalAny(any, detail); err != nil {
diff --git a/vendor/google.golang.org/grpc/internal/transport/controlbuf.go b/vendor/google.golang.org/grpc/internal/transport/controlbuf.go
index be5a9c81e..b330ccedc 100644
--- a/vendor/google.golang.org/grpc/internal/transport/controlbuf.go
+++ b/vendor/google.golang.org/grpc/internal/transport/controlbuf.go
@@ -40,7 +40,7 @@ var updateHeaderTblSize = func(e *hpack.Encoder, v uint32) {
 }
 
 type itemNode struct {
-	it   interface{}
+	it   any
 	next *itemNode
 }
 
@@ -49,7 +49,7 @@ type itemList struct {
 	tail *itemNode
 }
 
-func (il *itemList) enqueue(i interface{}) {
+func (il *itemList) enqueue(i any) {
 	n := &itemNode{it: i}
 	if il.tail == nil {
 		il.head, il.tail = n, n
@@ -61,11 +61,11 @@ func (il *itemList) enqueue(i interface{}) {
 
 // peek returns the first item in the list without removing it from the
 // list.
-func (il *itemList) peek() interface{} {
+func (il *itemList) peek() any {
 	return il.head.it
 }
 
-func (il *itemList) dequeue() interface{} {
+func (il *itemList) dequeue() any {
 	if il.head == nil {
 		return nil
 	}
@@ -336,7 +336,7 @@ func (c *controlBuffer) put(it cbItem) error {
 	return err
 }
 
-func (c *controlBuffer) executeAndPut(f func(it interface{}) bool, it cbItem) (bool, error) {
+func (c *controlBuffer) executeAndPut(f func(it any) bool, it cbItem) (bool, error) {
 	var wakeUp bool
 	c.mu.Lock()
 	if c.err != nil {
@@ -373,7 +373,7 @@ func (c *controlBuffer) executeAndPut(f func(it interface{}) bool, it cbItem) (b
 }
 
 // Note argument f should never be nil.
-func (c *controlBuffer) execute(f func(it interface{}) bool, it interface{}) (bool, error) {
+func (c *controlBuffer) execute(f func(it any) bool, it any) (bool, error) {
 	c.mu.Lock()
 	if c.err != nil {
 		c.mu.Unlock()
@@ -387,7 +387,7 @@ func (c *controlBuffer) execute(f func(it interface{}) bool, it interface{}) (bo
 	return true, nil
 }
 
-func (c *controlBuffer) get(block bool) (interface{}, error) {
+func (c *controlBuffer) get(block bool) (any, error) {
 	for {
 		c.mu.Lock()
 		if c.err != nil {
@@ -830,7 +830,7 @@ func (l *loopyWriter) goAwayHandler(g *goAway) error {
 	return nil
 }
 
-func (l *loopyWriter) handle(i interface{}) error {
+func (l *loopyWriter) handle(i any) error {
 	switch i := i.(type) {
 	case *incomingWindowUpdate:
 		l.incomingWindowUpdateHandler(i)
diff --git a/vendor/google.golang.org/grpc/internal/transport/handler_server.go b/vendor/google.golang.org/grpc/internal/transport/handler_server.go
index 98f80e3fa..17f7a21b5 100644
--- a/vendor/google.golang.org/grpc/internal/transport/handler_server.go
+++ b/vendor/google.golang.org/grpc/internal/transport/handler_server.go
@@ -220,18 +220,20 @@ func (ht *serverHandlerTransport) WriteStatus(s *Stream, st *status.Status) erro
 			h.Set("Grpc-Message", encodeGrpcMessage(m))
 		}
 
+		s.hdrMu.Lock()
 		if p := st.Proto(); p != nil && len(p.Details) > 0 {
+			delete(s.trailer, grpcStatusDetailsBinHeader)
 			stBytes, err := proto.Marshal(p)
 			if err != nil {
 				// TODO: return error instead, when callers are able to handle it.
 				panic(err)
 			}
 
-			h.Set("Grpc-Status-Details-Bin", encodeBinHeader(stBytes))
+			h.Set(grpcStatusDetailsBinHeader, encodeBinHeader(stBytes))
 		}
 
-		if md := s.Trailer(); len(md) > 0 {
-			for k, vv := range md {
+		if len(s.trailer) > 0 {
+			for k, vv := range s.trailer {
 				// Clients don't tolerate reading restricted headers after some non restricted ones were sent.
 				if isReservedHeader(k) {
 					continue
@@ -243,6 +245,7 @@ func (ht *serverHandlerTransport) WriteStatus(s *Stream, st *status.Status) erro
 				}
 			}
 		}
+		s.hdrMu.Unlock()
 	})
 
 	if err == nil { // transport has not been closed
@@ -287,7 +290,7 @@ func (ht *serverHandlerTransport) writeCommonHeaders(s *Stream) {
 }
 
 // writeCustomHeaders sets custom headers set on the stream via SetHeader
-// on the first write call (Write, WriteHeader, or WriteStatus).
+// on the first write call (Write, WriteHeader, or WriteStatus)
 func (ht *serverHandlerTransport) writeCustomHeaders(s *Stream) {
 	h := ht.rw.Header()
 
@@ -344,7 +347,7 @@ func (ht *serverHandlerTransport) WriteHeader(s *Stream, md metadata.MD) error {
 	return err
 }
 
-func (ht *serverHandlerTransport) HandleStreams(startStream func(*Stream), traceCtx func(context.Context, string) context.Context) {
+func (ht *serverHandlerTransport) HandleStreams(startStream func(*Stream)) {
 	// With this transport type there will be exactly 1 stream: this HTTP request.
 
 	ctx := ht.req.Context()
diff --git a/vendor/google.golang.org/grpc/internal/transport/http2_client.go b/vendor/google.golang.org/grpc/internal/transport/http2_client.go
index 326bf0848..d6f5c4935 100644
--- a/vendor/google.golang.org/grpc/internal/transport/http2_client.go
+++ b/vendor/google.golang.org/grpc/internal/transport/http2_client.go
@@ -330,7 +330,7 @@ func newHTTP2Client(connectCtx, ctx context.Context, addr resolver.Address, opts
 		readerDone:            make(chan struct{}),
 		writerDone:            make(chan struct{}),
 		goAway:                make(chan struct{}),
-		framer:                newFramer(conn, writeBufSize, readBufSize, maxHeaderListSize),
+		framer:                newFramer(conn, writeBufSize, readBufSize, opts.SharedWriteBuffer, maxHeaderListSize),
 		fc:                    &trInFlow{limit: uint32(icwz)},
 		scheme:                scheme,
 		activeStreams:         make(map[uint32]*Stream),
@@ -762,7 +762,7 @@ func (t *http2Client) NewStream(ctx context.Context, callHdr *CallHdr) (*Stream,
 	firstTry := true
 	var ch chan struct{}
 	transportDrainRequired := false
-	checkForStreamQuota := func(it interface{}) bool {
+	checkForStreamQuota := func(it any) bool {
 		if t.streamQuota <= 0 { // Can go negative if server decreases it.
 			if firstTry {
 				t.waitingStreams++
@@ -800,7 +800,7 @@ func (t *http2Client) NewStream(ctx context.Context, callHdr *CallHdr) (*Stream,
 		return true
 	}
 	var hdrListSizeErr error
-	checkForHeaderListSize := func(it interface{}) bool {
+	checkForHeaderListSize := func(it any) bool {
 		if t.maxSendHeaderListSize == nil {
 			return true
 		}
@@ -815,7 +815,7 @@ func (t *http2Client) NewStream(ctx context.Context, callHdr *CallHdr) (*Stream,
 		return true
 	}
 	for {
-		success, err := t.controlBuf.executeAndPut(func(it interface{}) bool {
+		success, err := t.controlBuf.executeAndPut(func(it any) bool {
 			return checkForHeaderListSize(it) && checkForStreamQuota(it)
 		}, hdr)
 		if err != nil {
@@ -927,7 +927,7 @@ func (t *http2Client) closeStream(s *Stream, err error, rst bool, rstCode http2.
 		rst:     rst,
 		rstCode: rstCode,
 	}
-	addBackStreamQuota := func(interface{}) bool {
+	addBackStreamQuota := func(any) bool {
 		t.streamQuota++
 		if t.streamQuota > 0 && t.waitingStreams > 0 {
 			select {
@@ -1080,7 +1080,7 @@ func (t *http2Client) updateWindow(s *Stream, n uint32) {
 // for the transport and the stream based on the current bdp
 // estimation.
 func (t *http2Client) updateFlowControl(n uint32) {
-	updateIWS := func(interface{}) bool {
+	updateIWS := func(any) bool {
 		t.initialWindowSize = int32(n)
 		t.mu.Lock()
 		for _, s := range t.activeStreams {
@@ -1233,7 +1233,7 @@ func (t *http2Client) handleSettings(f *http2.SettingsFrame, isFirst bool) {
 		}
 		updateFuncs = append(updateFuncs, updateStreamQuota)
 	}
-	t.controlBuf.executeAndPut(func(interface{}) bool {
+	t.controlBuf.executeAndPut(func(any) bool {
 		for _, f := range updateFuncs {
 			f()
 		}
@@ -1399,7 +1399,6 @@ func (t *http2Client) operateHeaders(frame *http2.MetaHeadersFrame) {
 		mdata          = make(map[string][]string)
 		contentTypeErr = "malformed header: missing HTTP content-type"
 		grpcMessage    string
-		statusGen      *status.Status
 		recvCompress   string
 		httpStatusCode *int
 		httpStatusErr  string
@@ -1434,12 +1433,6 @@ func (t *http2Client) operateHeaders(frame *http2.MetaHeadersFrame) {
 			rawStatusCode = codes.Code(uint32(code))
 		case "grpc-message":
 			grpcMessage = decodeGrpcMessage(hf.Value)
-		case "grpc-status-details-bin":
-			var err error
-			statusGen, err = decodeGRPCStatusDetails(hf.Value)
-			if err != nil {
-				headerError = fmt.Sprintf("transport: malformed grpc-status-details-bin: %v", err)
-			}
 		case ":status":
 			if hf.Value == "200" {
 				httpStatusErr = ""
@@ -1505,14 +1498,15 @@ func (t *http2Client) operateHeaders(frame *http2.MetaHeadersFrame) {
 		return
 	}
 
-	isHeader := false
-
-	// If headerChan hasn't been closed yet
-	if atomic.CompareAndSwapUint32(&s.headerChanClosed, 0, 1) {
-		s.headerValid = true
-		if !endStream {
-			// HEADERS frame block carries a Response-Headers.
-			isHeader = true
+	// For headers, set them in s.header and close headerChan.  For trailers or
+	// trailers-only, closeStream will set the trailers and close headerChan as
+	// needed.
+	if !endStream {
+		// If headerChan hasn't been closed yet (expected, given we checked it
+		// above, but something else could have potentially closed the whole
+		// stream).
+		if atomic.CompareAndSwapUint32(&s.headerChanClosed, 0, 1) {
+			s.headerValid = true
 			// These values can be set without any synchronization because
 			// stream goroutine will read it only after seeing a closed
 			// headerChan which we'll close after setting this.
@@ -1520,15 +1514,12 @@ func (t *http2Client) operateHeaders(frame *http2.MetaHeadersFrame) {
 			if len(mdata) > 0 {
 				s.header = mdata
 			}
-		} else {
-			// HEADERS frame block carries a Trailers-Only.
-			s.noHeaders = true
+			close(s.headerChan)
 		}
-		close(s.headerChan)
 	}
 
 	for _, sh := range t.statsHandlers {
-		if isHeader {
+		if !endStream {
 			inHeader := &stats.InHeader{
 				Client:      true,
 				WireLength:  int(frame.Header().Length),
@@ -1550,13 +1541,12 @@ func (t *http2Client) operateHeaders(frame *http2.MetaHeadersFrame) {
 		return
 	}
 
-	if statusGen == nil {
-		statusGen = status.New(rawStatusCode, grpcMessage)
-	}
+	status := istatus.NewWithProto(rawStatusCode, grpcMessage, mdata[grpcStatusDetailsBinHeader])
 
-	// if client received END_STREAM from server while stream was still active, send RST_STREAM
-	rst := s.getState() == streamActive
-	t.closeStream(s, io.EOF, rst, http2.ErrCodeNo, statusGen, mdata, true)
+	// If client received END_STREAM from server while stream was still active,
+	// send RST_STREAM.
+	rstStream := s.getState() == streamActive
+	t.closeStream(s, io.EOF, rstStream, http2.ErrCodeNo, status, mdata, true)
 }
 
 // readServerPreface reads and handles the initial settings frame from the
diff --git a/vendor/google.golang.org/grpc/internal/transport/http2_server.go b/vendor/google.golang.org/grpc/internal/transport/http2_server.go
index ec4eef213..6fa1eb419 100644
--- a/vendor/google.golang.org/grpc/internal/transport/http2_server.go
+++ b/vendor/google.golang.org/grpc/internal/transport/http2_server.go
@@ -165,7 +165,7 @@ func NewServerTransport(conn net.Conn, config *ServerConfig) (_ ServerTransport,
 	if config.MaxHeaderListSize != nil {
 		maxHeaderListSize = *config.MaxHeaderListSize
 	}
-	framer := newFramer(conn, writeBufSize, readBufSize, maxHeaderListSize)
+	framer := newFramer(conn, writeBufSize, readBufSize, config.SharedWriteBuffer, maxHeaderListSize)
 	// Send initial settings as connection preface to client.
 	isettings := []http2.Setting{{
 		ID:  http2.SettingMaxFrameSize,
@@ -233,7 +233,7 @@ func NewServerTransport(conn net.Conn, config *ServerConfig) (_ ServerTransport,
 		kp.Timeout = defaultServerKeepaliveTimeout
 	}
 	if kp.Time != infinity {
-		if err = syscall.SetTCPUserTimeout(conn, kp.Timeout); err != nil {
+		if err = syscall.SetTCPUserTimeout(rawConn, kp.Timeout); err != nil {
 			return nil, connectionErrorf(false, err, "transport: failed to set TCP_USER_TIMEOUT: %v", err)
 		}
 	}
@@ -342,7 +342,7 @@ func NewServerTransport(conn net.Conn, config *ServerConfig) (_ ServerTransport,
 
 // operateHeaders takes action on the decoded headers. Returns an error if fatal
 // error encountered and transport needs to close, otherwise returns nil.
-func (t *http2Server) operateHeaders(frame *http2.MetaHeadersFrame, handle func(*Stream), traceCtx func(context.Context, string) context.Context) error {
+func (t *http2Server) operateHeaders(frame *http2.MetaHeadersFrame, handle func(*Stream)) error {
 	// Acquire max stream ID lock for entire duration
 	t.maxStreamMu.Lock()
 	defer t.maxStreamMu.Unlock()
@@ -561,7 +561,7 @@ func (t *http2Server) operateHeaders(frame *http2.MetaHeadersFrame, handle func(
 	}
 	if t.inTapHandle != nil {
 		var err error
-		if s.ctx, err = t.inTapHandle(s.ctx, &tap.Info{FullMethodName: s.method}); err != nil {
+		if s.ctx, err = t.inTapHandle(s.ctx, &tap.Info{FullMethodName: s.method, Header: mdata}); err != nil {
 			t.mu.Unlock()
 			if t.logger.V(logLevel) {
 				t.logger.Infof("Aborting the stream early due to InTapHandle failure: %v", err)
@@ -592,7 +592,6 @@ func (t *http2Server) operateHeaders(frame *http2.MetaHeadersFrame, handle func(
 	s.requestRead = func(n int) {
 		t.adjustWindow(s, uint32(n))
 	}
-	s.ctx = traceCtx(s.ctx, s.method)
 	for _, sh := range t.stats {
 		s.ctx = sh.TagRPC(s.ctx, &stats.RPCTagInfo{FullMethodName: s.method})
 		inHeader := &stats.InHeader{
@@ -630,7 +629,7 @@ func (t *http2Server) operateHeaders(frame *http2.MetaHeadersFrame, handle func(
 // HandleStreams receives incoming streams using the given handler. This is
 // typically run in a separate goroutine.
 // traceCtx attaches trace to ctx and returns the new context.
-func (t *http2Server) HandleStreams(handle func(*Stream), traceCtx func(context.Context, string) context.Context) {
+func (t *http2Server) HandleStreams(handle func(*Stream)) {
 	defer close(t.readerDone)
 	for {
 		t.controlBuf.throttle()
@@ -665,7 +664,7 @@ func (t *http2Server) HandleStreams(handle func(*Stream), traceCtx func(context.
 		}
 		switch frame := frame.(type) {
 		case *http2.MetaHeadersFrame:
-			if err := t.operateHeaders(frame, handle, traceCtx); err != nil {
+			if err := t.operateHeaders(frame, handle); err != nil {
 				t.Close(err)
 				break
 			}
@@ -850,7 +849,7 @@ func (t *http2Server) handleSettings(f *http2.SettingsFrame) {
 		}
 		return nil
 	})
-	t.controlBuf.executeAndPut(func(interface{}) bool {
+	t.controlBuf.executeAndPut(func(any) bool {
 		for _, f := range updateFuncs {
 			f()
 		}
@@ -934,7 +933,7 @@ func appendHeaderFieldsFromMD(headerFields []hpack.HeaderField, md metadata.MD)
 	return headerFields
 }
 
-func (t *http2Server) checkForHeaderListSize(it interface{}) bool {
+func (t *http2Server) checkForHeaderListSize(it any) bool {
 	if t.maxSendHeaderListSize == nil {
 		return true
 	}
@@ -1053,12 +1052,15 @@ func (t *http2Server) WriteStatus(s *Stream, st *status.Status) error {
 	headerFields = append(headerFields, hpack.HeaderField{Name: "grpc-message", Value: encodeGrpcMessage(st.Message())})
 
 	if p := st.Proto(); p != nil && len(p.Details) > 0 {
+		// Do not use the user's grpc-status-details-bin (if present) if we are
+		// even attempting to set our own.
+		delete(s.trailer, grpcStatusDetailsBinHeader)
 		stBytes, err := proto.Marshal(p)
 		if err != nil {
 			// TODO: return error instead, when callers are able to handle it.
 			t.logger.Errorf("Failed to marshal rpc status: %s, error: %v", pretty.ToJSON(p), err)
 		} else {
-			headerFields = append(headerFields, hpack.HeaderField{Name: "grpc-status-details-bin", Value: encodeBinHeader(stBytes)})
+			headerFields = append(headerFields, hpack.HeaderField{Name: grpcStatusDetailsBinHeader, Value: encodeBinHeader(stBytes)})
 		}
 	}
 
diff --git a/vendor/google.golang.org/grpc/internal/transport/http_util.go b/vendor/google.golang.org/grpc/internal/transport/http_util.go
index 19cbb18f5..dc29d590e 100644
--- a/vendor/google.golang.org/grpc/internal/transport/http_util.go
+++ b/vendor/google.golang.org/grpc/internal/transport/http_util.go
@@ -30,15 +30,13 @@ import (
 	"net/url"
 	"strconv"
 	"strings"
+	"sync"
 	"time"
 	"unicode/utf8"
 
-	"github.com/golang/protobuf/proto"
 	"golang.org/x/net/http2"
 	"golang.org/x/net/http2/hpack"
-	spb "google.golang.org/genproto/googleapis/rpc/status"
 	"google.golang.org/grpc/codes"
-	"google.golang.org/grpc/status"
 )
 
 const (
@@ -87,6 +85,8 @@ var (
 	}
 )
 
+var grpcStatusDetailsBinHeader = "grpc-status-details-bin"
+
 // isReservedHeader checks whether hdr belongs to HTTP2 headers
 // reserved by gRPC protocol. Any other headers are classified as the
 // user-specified metadata.
@@ -102,7 +102,6 @@ func isReservedHeader(hdr string) bool {
 		"grpc-message",
 		"grpc-status",
 		"grpc-timeout",
-		"grpc-status-details-bin",
 		// Intentionally exclude grpc-previous-rpc-attempts and
 		// grpc-retry-pushback-ms, which are "reserved", but their API
 		// intentionally works via metadata.
@@ -153,18 +152,6 @@ func decodeMetadataHeader(k, v string) (string, error) {
 	return v, nil
 }
 
-func decodeGRPCStatusDetails(rawDetails string) (*status.Status, error) {
-	v, err := decodeBinHeader(rawDetails)
-	if err != nil {
-		return nil, err
-	}
-	st := &spb.Status{}
-	if err = proto.Unmarshal(v, st); err != nil {
-		return nil, err
-	}
-	return status.FromProto(st), nil
-}
-
 type timeoutUnit uint8
 
 const (
@@ -309,6 +296,7 @@ func decodeGrpcMessageUnchecked(msg string) string {
 }
 
 type bufWriter struct {
+	pool      *sync.Pool
 	buf       []byte
 	offset    int
 	batchSize int
@@ -316,12 +304,17 @@ type bufWriter struct {
 	err       error
 }
 
-func newBufWriter(conn net.Conn, batchSize int) *bufWriter {
-	return &bufWriter{
-		buf:       make([]byte, batchSize*2),
+func newBufWriter(conn net.Conn, batchSize int, pool *sync.Pool) *bufWriter {
+	w := &bufWriter{
 		batchSize: batchSize,
 		conn:      conn,
+		pool:      pool,
+	}
+	// this indicates that we should use non shared buf
+	if pool == nil {
+		w.buf = make([]byte, batchSize)
 	}
+	return w
 }
 
 func (w *bufWriter) Write(b []byte) (n int, err error) {
@@ -332,19 +325,34 @@ func (w *bufWriter) Write(b []byte) (n int, err error) {
 		n, err = w.conn.Write(b)
 		return n, toIOError(err)
 	}
+	if w.buf == nil {
+		b := w.pool.Get().(*[]byte)
+		w.buf = *b
+	}
 	for len(b) > 0 {
 		nn := copy(w.buf[w.offset:], b)
 		b = b[nn:]
 		w.offset += nn
 		n += nn
 		if w.offset >= w.batchSize {
-			err = w.Flush()
+			err = w.flushKeepBuffer()
 		}
 	}
 	return n, err
 }
 
 func (w *bufWriter) Flush() error {
+	err := w.flushKeepBuffer()
+	// Only release the buffer if we are in a "shared" mode
+	if w.buf != nil && w.pool != nil {
+		b := w.buf
+		w.pool.Put(&b)
+		w.buf = nil
+	}
+	return err
+}
+
+func (w *bufWriter) flushKeepBuffer() error {
 	if w.err != nil {
 		return w.err
 	}
@@ -381,7 +389,10 @@ type framer struct {
 	fr     *http2.Framer
 }
 
-func newFramer(conn net.Conn, writeBufferSize, readBufferSize int, maxHeaderListSize uint32) *framer {
+var writeBufferPoolMap map[int]*sync.Pool = make(map[int]*sync.Pool)
+var writeBufferMutex sync.Mutex
+
+func newFramer(conn net.Conn, writeBufferSize, readBufferSize int, sharedWriteBuffer bool, maxHeaderListSize uint32) *framer {
 	if writeBufferSize < 0 {
 		writeBufferSize = 0
 	}
@@ -389,7 +400,11 @@ func newFramer(conn net.Conn, writeBufferSize, readBufferSize int, maxHeaderList
 	if readBufferSize > 0 {
 		r = bufio.NewReaderSize(r, readBufferSize)
 	}
-	w := newBufWriter(conn, writeBufferSize)
+	var pool *sync.Pool
+	if sharedWriteBuffer {
+		pool = getWriteBufferPool(writeBufferSize)
+	}
+	w := newBufWriter(conn, writeBufferSize, pool)
 	f := &framer{
 		writer: w,
 		fr:     http2.NewFramer(w, r),
@@ -403,6 +418,24 @@ func newFramer(conn net.Conn, writeBufferSize, readBufferSize int, maxHeaderList
 	return f
 }
 
+func getWriteBufferPool(writeBufferSize int) *sync.Pool {
+	writeBufferMutex.Lock()
+	defer writeBufferMutex.Unlock()
+	size := writeBufferSize * 2
+	pool, ok := writeBufferPoolMap[size]
+	if ok {
+		return pool
+	}
+	pool = &sync.Pool{
+		New: func() any {
+			b := make([]byte, size)
+			return &b
+		},
+	}
+	writeBufferPoolMap[size] = pool
+	return pool
+}
+
 // parseDialTarget returns the network and address to pass to dialer.
 func parseDialTarget(target string) (string, string) {
 	net := "tcp"
diff --git a/vendor/google.golang.org/grpc/internal/transport/transport.go b/vendor/google.golang.org/grpc/internal/transport/transport.go
index aa1c89659..aac056e72 100644
--- a/vendor/google.golang.org/grpc/internal/transport/transport.go
+++ b/vendor/google.golang.org/grpc/internal/transport/transport.go
@@ -43,10 +43,6 @@ import (
 	"google.golang.org/grpc/tap"
 )
 
-// ErrNoHeaders is used as a signal that a trailers only response was received,
-// and is not a real error.
-var ErrNoHeaders = errors.New("stream has no headers")
-
 const logLevel = 2
 
 type bufferPool struct {
@@ -56,7 +52,7 @@ type bufferPool struct {
 func newBufferPool() *bufferPool {
 	return &bufferPool{
 		pool: sync.Pool{
-			New: func() interface{} {
+			New: func() any {
 				return new(bytes.Buffer)
 			},
 		},
@@ -390,14 +386,10 @@ func (s *Stream) Header() (metadata.MD, error) {
 	}
 	s.waitOnHeader()
 
-	if !s.headerValid {
+	if !s.headerValid || s.noHeaders {
 		return nil, s.status.Err()
 	}
 
-	if s.noHeaders {
-		return nil, ErrNoHeaders
-	}
-
 	return s.header.Copy(), nil
 }
 
@@ -559,6 +551,7 @@ type ServerConfig struct {
 	InitialConnWindowSize int32
 	WriteBufferSize       int
 	ReadBufferSize        int
+	SharedWriteBuffer     bool
 	ChannelzParentID      *channelz.Identifier
 	MaxHeaderListSize     *uint32
 	HeaderTableSize       *uint32
@@ -592,6 +585,8 @@ type ConnectOptions struct {
 	WriteBufferSize int
 	// ReadBufferSize sets the size of read buffer, which in turn determines how much data can be read at most for one read syscall.
 	ReadBufferSize int
+	// SharedWriteBuffer indicates whether connections should reuse write buffer
+	SharedWriteBuffer bool
 	// ChannelzParentID sets the addrConn id which initiate the creation of this client transport.
 	ChannelzParentID *channelz.Identifier
 	// MaxHeaderListSize sets the max (uncompressed) size of header list that is prepared to be received.
@@ -703,7 +698,7 @@ type ClientTransport interface {
 // Write methods for a given Stream will be called serially.
 type ServerTransport interface {
 	// HandleStreams receives incoming streams using the given handler.
-	HandleStreams(func(*Stream), func(context.Context, string) context.Context)
+	HandleStreams(func(*Stream))
 
 	// WriteHeader sends the header metadata for the given stream.
 	// WriteHeader may not be called on all streams.
@@ -736,7 +731,7 @@ type ServerTransport interface {
 }
 
 // connectionErrorf creates an ConnectionError with the specified error description.
-func connectionErrorf(temp bool, e error, format string, a ...interface{}) ConnectionError {
+func connectionErrorf(temp bool, e error, format string, a ...any) ConnectionError {
 	return ConnectionError{
 		Desc: fmt.Sprintf(format, a...),
 		temp: temp,
diff --git a/vendor/google.golang.org/grpc/picker_wrapper.go b/vendor/google.golang.org/grpc/picker_wrapper.go
index 02f975951..236837f41 100644
--- a/vendor/google.golang.org/grpc/picker_wrapper.go
+++ b/vendor/google.golang.org/grpc/picker_wrapper.go
@@ -28,21 +28,26 @@ import (
 	"google.golang.org/grpc/internal/channelz"
 	istatus "google.golang.org/grpc/internal/status"
 	"google.golang.org/grpc/internal/transport"
+	"google.golang.org/grpc/stats"
 	"google.golang.org/grpc/status"
 )
 
 // pickerWrapper is a wrapper of balancer.Picker. It blocks on certain pick
 // actions and unblock when there's a picker update.
 type pickerWrapper struct {
-	mu         sync.Mutex
-	done       bool
-	idle       bool
-	blockingCh chan struct{}
-	picker     balancer.Picker
+	mu            sync.Mutex
+	done          bool
+	idle          bool
+	blockingCh    chan struct{}
+	picker        balancer.Picker
+	statsHandlers []stats.Handler // to record blocking picker calls
 }
 
-func newPickerWrapper() *pickerWrapper {
-	return &pickerWrapper{blockingCh: make(chan struct{})}
+func newPickerWrapper(statsHandlers []stats.Handler) *pickerWrapper {
+	return &pickerWrapper{
+		blockingCh:    make(chan struct{}),
+		statsHandlers: statsHandlers,
+	}
 }
 
 // updatePicker is called by UpdateBalancerState. It unblocks all blocked pick.
@@ -95,6 +100,7 @@ func (pw *pickerWrapper) pick(ctx context.Context, failfast bool, info balancer.
 	var ch chan struct{}
 
 	var lastPickErr error
+
 	for {
 		pw.mu.Lock()
 		if pw.done {
@@ -129,6 +135,20 @@ func (pw *pickerWrapper) pick(ctx context.Context, failfast bool, info balancer.
 			continue
 		}
 
+		// If the channel is set, it means that the pick call had to wait for a
+		// new picker at some point. Either it's the first iteration and this
+		// function received the first picker, or a picker errored with
+		// ErrNoSubConnAvailable or errored with failfast set to false, which
+		// will trigger a continue to the next iteration. In the first case this
+		// conditional will hit if this call had to block (the channel is set).
+		// In the second case, the only way it will get to this conditional is
+		// if there is a new picker.
+		if ch != nil {
+			for _, sh := range pw.statsHandlers {
+				sh.HandleRPC(ctx, &stats.PickerUpdated{})
+			}
+		}
+
 		ch = pw.blockingCh
 		p := pw.picker
 		pw.mu.Unlock()
diff --git a/vendor/google.golang.org/grpc/pickfirst.go b/vendor/google.golang.org/grpc/pickfirst.go
index abe266b02..2e9cf66b4 100644
--- a/vendor/google.golang.org/grpc/pickfirst.go
+++ b/vendor/google.golang.org/grpc/pickfirst.go
@@ -26,12 +26,18 @@ import (
 	"google.golang.org/grpc/balancer"
 	"google.golang.org/grpc/connectivity"
 	"google.golang.org/grpc/internal/envconfig"
+	internalgrpclog "google.golang.org/grpc/internal/grpclog"
 	"google.golang.org/grpc/internal/grpcrand"
+	"google.golang.org/grpc/internal/pretty"
+	"google.golang.org/grpc/resolver"
 	"google.golang.org/grpc/serviceconfig"
 )
 
-// PickFirstBalancerName is the name of the pick_first balancer.
-const PickFirstBalancerName = "pick_first"
+const (
+	// PickFirstBalancerName is the name of the pick_first balancer.
+	PickFirstBalancerName = "pick_first"
+	logPrefix             = "[pick-first-lb %p] "
+)
 
 func newPickfirstBuilder() balancer.Builder {
 	return &pickfirstBuilder{}
@@ -40,7 +46,9 @@ func newPickfirstBuilder() balancer.Builder {
 type pickfirstBuilder struct{}
 
 func (*pickfirstBuilder) Build(cc balancer.ClientConn, opt balancer.BuildOptions) balancer.Balancer {
-	return &pickfirstBalancer{cc: cc}
+	b := &pickfirstBalancer{cc: cc}
+	b.logger = internalgrpclog.NewPrefixLogger(logger, fmt.Sprintf(logPrefix, b))
+	return b
 }
 
 func (*pickfirstBuilder) Name() string {
@@ -57,23 +65,36 @@ type pfConfig struct {
 }
 
 func (*pickfirstBuilder) ParseConfig(js json.RawMessage) (serviceconfig.LoadBalancingConfig, error) {
-	cfg := &pfConfig{}
-	if err := json.Unmarshal(js, cfg); err != nil {
+	if !envconfig.PickFirstLBConfig {
+		// Prior to supporting loadbalancing configuration, the pick_first LB
+		// policy did not implement the balancer.ConfigParser interface. This
+		// meant that if a non-empty configuration was passed to it, the service
+		// config unmarshaling code would throw a warning log, but would
+		// continue using the pick_first LB policy. The code below ensures the
+		// same behavior is retained if the env var is not set.
+		if string(js) != "{}" {
+			logger.Warningf("Ignoring non-empty balancer configuration %q for the pick_first LB policy", string(js))
+		}
+		return nil, nil
+	}
+
+	var cfg pfConfig
+	if err := json.Unmarshal(js, &cfg); err != nil {
 		return nil, fmt.Errorf("pickfirst: unable to unmarshal LB policy config: %s, error: %v", string(js), err)
 	}
 	return cfg, nil
 }
 
 type pickfirstBalancer struct {
+	logger  *internalgrpclog.PrefixLogger
 	state   connectivity.State
 	cc      balancer.ClientConn
 	subConn balancer.SubConn
-	cfg     *pfConfig
 }
 
 func (b *pickfirstBalancer) ResolverError(err error) {
-	if logger.V(2) {
-		logger.Infof("pickfirstBalancer: ResolverError called with error: %v", err)
+	if b.logger.V(2) {
+		b.logger.Infof("Received error from the name resolver: %v", err)
 	}
 	if b.subConn == nil {
 		b.state = connectivity.TransientFailure
@@ -96,35 +117,44 @@ func (b *pickfirstBalancer) UpdateClientConnState(state balancer.ClientConnState
 		// The resolver reported an empty address list. Treat it like an error by
 		// calling b.ResolverError.
 		if b.subConn != nil {
-			// Remove the old subConn. All addresses were removed, so it is no longer
-			// valid.
-			b.cc.RemoveSubConn(b.subConn)
+			// Shut down the old subConn. All addresses were removed, so it is
+			// no longer valid.
+			b.subConn.Shutdown()
 			b.subConn = nil
 		}
 		b.ResolverError(errors.New("produced zero addresses"))
 		return balancer.ErrBadResolverState
 	}
 
-	if state.BalancerConfig != nil {
-		cfg, ok := state.BalancerConfig.(*pfConfig)
-		if !ok {
-			return fmt.Errorf("pickfirstBalancer: received nil or illegal BalancerConfig (type %T): %v", state.BalancerConfig, state.BalancerConfig)
-		}
-		b.cfg = cfg
+	// We don't have to guard this block with the env var because ParseConfig
+	// already does so.
+	cfg, ok := state.BalancerConfig.(pfConfig)
+	if state.BalancerConfig != nil && !ok {
+		return fmt.Errorf("pickfirst: received illegal BalancerConfig (type %T): %v", state.BalancerConfig, state.BalancerConfig)
 	}
-
-	if envconfig.PickFirstLBConfig && b.cfg != nil && b.cfg.ShuffleAddressList {
+	if cfg.ShuffleAddressList {
+		addrs = append([]resolver.Address{}, addrs...)
 		grpcrand.Shuffle(len(addrs), func(i, j int) { addrs[i], addrs[j] = addrs[j], addrs[i] })
 	}
+
+	if b.logger.V(2) {
+		b.logger.Infof("Received new config %s, resolver state %s", pretty.ToJSON(cfg), pretty.ToJSON(state.ResolverState))
+	}
+
 	if b.subConn != nil {
 		b.cc.UpdateAddresses(b.subConn, addrs)
 		return nil
 	}
 
-	subConn, err := b.cc.NewSubConn(addrs, balancer.NewSubConnOptions{})
+	var subConn balancer.SubConn
+	subConn, err := b.cc.NewSubConn(addrs, balancer.NewSubConnOptions{
+		StateListener: func(state balancer.SubConnState) {
+			b.updateSubConnState(subConn, state)
+		},
+	})
 	if err != nil {
-		if logger.V(2) {
-			logger.Errorf("pickfirstBalancer: failed to NewSubConn: %v", err)
+		if b.logger.V(2) {
+			b.logger.Infof("Failed to create new SubConn: %v", err)
 		}
 		b.state = connectivity.TransientFailure
 		b.cc.UpdateState(balancer.State{
@@ -143,13 +173,19 @@ func (b *pickfirstBalancer) UpdateClientConnState(state balancer.ClientConnState
 	return nil
 }
 
+// UpdateSubConnState is unused as a StateListener is always registered when
+// creating SubConns.
 func (b *pickfirstBalancer) UpdateSubConnState(subConn balancer.SubConn, state balancer.SubConnState) {
-	if logger.V(2) {
-		logger.Infof("pickfirstBalancer: UpdateSubConnState: %p, %v", subConn, state)
+	b.logger.Errorf("UpdateSubConnState(%v, %+v) called unexpectedly", subConn, state)
+}
+
+func (b *pickfirstBalancer) updateSubConnState(subConn balancer.SubConn, state balancer.SubConnState) {
+	if b.logger.V(2) {
+		b.logger.Infof("Received SubConn state update: %p, %+v", subConn, state)
 	}
 	if b.subConn != subConn {
-		if logger.V(2) {
-			logger.Infof("pickfirstBalancer: ignored state change because subConn is not recognized")
+		if b.logger.V(2) {
+			b.logger.Infof("Ignored state change because subConn is not recognized")
 		}
 		return
 	}
diff --git a/vendor/google.golang.org/grpc/preloader.go b/vendor/google.golang.org/grpc/preloader.go
index cd4554785..73bd63364 100644
--- a/vendor/google.golang.org/grpc/preloader.go
+++ b/vendor/google.golang.org/grpc/preloader.go
@@ -37,7 +37,7 @@ type PreparedMsg struct {
 }
 
 // Encode marshalls and compresses the message using the codec and compressor for the stream.
-func (p *PreparedMsg) Encode(s Stream, msg interface{}) error {
+func (p *PreparedMsg) Encode(s Stream, msg any) error {
 	ctx := s.Context()
 	rpcInfo, ok := rpcInfoFromContext(ctx)
 	if !ok {
diff --git a/vendor/google.golang.org/grpc/resolver/map.go b/vendor/google.golang.org/grpc/resolver/map.go
index efcb7f3ef..804be887d 100644
--- a/vendor/google.golang.org/grpc/resolver/map.go
+++ b/vendor/google.golang.org/grpc/resolver/map.go
@@ -20,7 +20,7 @@ package resolver
 
 type addressMapEntry struct {
 	addr  Address
-	value interface{}
+	value any
 }
 
 // AddressMap is a map of addresses to arbitrary values taking into account
@@ -69,7 +69,7 @@ func (l addressMapEntryList) find(addr Address) int {
 }
 
 // Get returns the value for the address in the map, if present.
-func (a *AddressMap) Get(addr Address) (value interface{}, ok bool) {
+func (a *AddressMap) Get(addr Address) (value any, ok bool) {
 	addrKey := toMapKey(&addr)
 	entryList := a.m[addrKey]
 	if entry := entryList.find(addr); entry != -1 {
@@ -79,7 +79,7 @@ func (a *AddressMap) Get(addr Address) (value interface{}, ok bool) {
 }
 
 // Set updates or adds the value to the address in the map.
-func (a *AddressMap) Set(addr Address, value interface{}) {
+func (a *AddressMap) Set(addr Address, value any) {
 	addrKey := toMapKey(&addr)
 	entryList := a.m[addrKey]
 	if entry := entryList.find(addr); entry != -1 {
@@ -127,8 +127,8 @@ func (a *AddressMap) Keys() []Address {
 }
 
 // Values returns a slice of all current map values.
-func (a *AddressMap) Values() []interface{} {
-	ret := make([]interface{}, 0, a.Len())
+func (a *AddressMap) Values() []any {
+	ret := make([]any, 0, a.Len())
 	for _, entryList := range a.m {
 		for _, entry := range entryList {
 			ret = append(ret, entry.value)
diff --git a/vendor/google.golang.org/grpc/resolver/resolver.go b/vendor/google.golang.org/grpc/resolver/resolver.go
index 353c10b69..11384e228 100644
--- a/vendor/google.golang.org/grpc/resolver/resolver.go
+++ b/vendor/google.golang.org/grpc/resolver/resolver.go
@@ -77,25 +77,6 @@ func GetDefaultScheme() string {
 	return defaultScheme
 }
 
-// AddressType indicates the address type returned by name resolution.
-//
-// Deprecated: use Attributes in Address instead.
-type AddressType uint8
-
-const (
-	// Backend indicates the address is for a backend server.
-	//
-	// Deprecated: use Attributes in Address instead.
-	Backend AddressType = iota
-	// GRPCLB indicates the address is for a grpclb load balancer.
-	//
-	// Deprecated: to select the GRPCLB load balancing policy, use a service
-	// config with a corresponding loadBalancingConfig.  To supply balancer
-	// addresses to the GRPCLB load balancing policy, set State.Attributes
-	// using balancer/grpclb/state.Set.
-	GRPCLB
-)
-
 // Address represents a server the client connects to.
 //
 // # Experimental
@@ -111,9 +92,6 @@ type Address struct {
 	// the address, instead of the hostname from the Dial target string. In most cases,
 	// this should not be set.
 	//
-	// If Type is GRPCLB, ServerName should be the name of the remote load
-	// balancer, not the name of the backend.
-	//
 	// WARNING: ServerName must only be populated with trusted values. It
 	// is insecure to populate it with data from untrusted inputs since untrusted
 	// values could be used to bypass the authority checks performed by TLS.
@@ -126,27 +104,29 @@ type Address struct {
 	// BalancerAttributes contains arbitrary data about this address intended
 	// for consumption by the LB policy.  These attributes do not affect SubConn
 	// creation, connection establishment, handshaking, etc.
-	BalancerAttributes *attributes.Attributes
-
-	// Type is the type of this address.
 	//
-	// Deprecated: use Attributes instead.
-	Type AddressType
+	// Deprecated: when an Address is inside an Endpoint, this field should not
+	// be used, and it will eventually be removed entirely.
+	BalancerAttributes *attributes.Attributes
 
 	// Metadata is the information associated with Addr, which may be used
 	// to make load balancing decision.
 	//
 	// Deprecated: use Attributes instead.
-	Metadata interface{}
+	Metadata any
 }
 
 // Equal returns whether a and o are identical.  Metadata is compared directly,
 // not with any recursive introspection.
+//
+// This method compares all fields of the address. When used to tell apart
+// addresses during subchannel creation or connection establishment, it might be
+// more appropriate for the caller to implement custom equality logic.
 func (a Address) Equal(o Address) bool {
 	return a.Addr == o.Addr && a.ServerName == o.ServerName &&
 		a.Attributes.Equal(o.Attributes) &&
 		a.BalancerAttributes.Equal(o.BalancerAttributes) &&
-		a.Type == o.Type && a.Metadata == o.Metadata
+		a.Metadata == o.Metadata
 }
 
 // String returns JSON formatted string representation of the address.
@@ -190,11 +170,37 @@ type BuildOptions struct {
 	Dialer func(context.Context, string) (net.Conn, error)
 }
 
+// An Endpoint is one network endpoint, or server, which may have multiple
+// addresses with which it can be accessed.
+type Endpoint struct {
+	// Addresses contains a list of addresses used to access this endpoint.
+	Addresses []Address
+
+	// Attributes contains arbitrary data about this endpoint intended for
+	// consumption by the LB policy.
+	Attributes *attributes.Attributes
+}
+
 // State contains the current Resolver state relevant to the ClientConn.
 type State struct {
 	// Addresses is the latest set of resolved addresses for the target.
+	//
+	// If a resolver sets Addresses but does not set Endpoints, one Endpoint
+	// will be created for each Address before the State is passed to the LB
+	// policy.  The BalancerAttributes of each entry in Addresses will be set
+	// in Endpoints.Attributes, and be cleared in the Endpoint's Address's
+	// BalancerAttributes.
+	//
+	// Soon, Addresses will be deprecated and replaced fully by Endpoints.
 	Addresses []Address
 
+	// Endpoints is the latest set of resolved endpoints for the target.
+	//
+	// If a resolver produces a State containing Endpoints but not Addresses,
+	// it must take care to ensure the LB policies it selects will support
+	// Endpoints.
+	Endpoints []Endpoint
+
 	// ServiceConfig contains the result from parsing the latest service
 	// config.  If it is nil, it indicates no service config is present or the
 	// resolver does not provide service configs.
@@ -254,20 +260,7 @@ type ClientConn interface {
 // target does not contain a scheme or if the parsed scheme is not registered
 // (i.e. no corresponding resolver available to resolve the endpoint), we will
 // apply the default scheme, and will attempt to reparse it.
-//
-// Examples:
-//
-//   - "dns://some_authority/foo.bar"
-//     Target{Scheme: "dns", Authority: "some_authority", Endpoint: "foo.bar"}
-//   - "foo.bar"
-//     Target{Scheme: resolver.GetDefaultScheme(), Endpoint: "foo.bar"}
-//   - "unknown_scheme://authority/endpoint"
-//     Target{Scheme: resolver.GetDefaultScheme(), Endpoint: "unknown_scheme://authority/endpoint"}
 type Target struct {
-	// Deprecated: use URL.Scheme instead.
-	Scheme string
-	// Deprecated: use URL.Host instead.
-	Authority string
 	// URL contains the parsed dial target with an optional default scheme added
 	// to it if the original dial target contained no scheme or contained an
 	// unregistered scheme. Any query params specified in the original dial
@@ -321,10 +314,3 @@ type Resolver interface {
 	// Close closes the resolver.
 	Close()
 }
-
-// UnregisterForTesting removes the resolver builder with the given scheme from the
-// resolver map.
-// This function is for testing only.
-func UnregisterForTesting(scheme string) {
-	delete(m, scheme)
-}
diff --git a/vendor/google.golang.org/grpc/resolver_conn_wrapper.go b/vendor/google.golang.org/grpc/resolver_conn_wrapper.go
index b408b3688..d68330560 100644
--- a/vendor/google.golang.org/grpc/resolver_conn_wrapper.go
+++ b/vendor/google.golang.org/grpc/resolver_conn_wrapper.go
@@ -133,7 +133,7 @@ func (ccr *ccResolverWrapper) close() {
 	ccr.mu.Unlock()
 
 	// Give enqueued callbacks a chance to finish.
-	<-ccr.serializer.Done
+	<-ccr.serializer.Done()
 
 	// Spawn a goroutine to close the resolver (since it may block trying to
 	// cleanup all allocated resources) and return early.
@@ -152,6 +152,14 @@ func (ccr *ccResolverWrapper) serializerScheduleLocked(f func(context.Context))
 // which includes addresses and service config.
 func (ccr *ccResolverWrapper) UpdateState(s resolver.State) error {
 	errCh := make(chan error, 1)
+	if s.Endpoints == nil {
+		s.Endpoints = make([]resolver.Endpoint, 0, len(s.Addresses))
+		for _, a := range s.Addresses {
+			ep := resolver.Endpoint{Addresses: []resolver.Address{a}, Attributes: a.BalancerAttributes}
+			ep.Addresses[0].BalancerAttributes = nil
+			s.Endpoints = append(s.Endpoints, ep)
+		}
+	}
 	ok := ccr.serializer.Schedule(func(context.Context) {
 		ccr.addChannelzTraceEvent(s)
 		ccr.curState = s
diff --git a/vendor/google.golang.org/grpc/rpc_util.go b/vendor/google.golang.org/grpc/rpc_util.go
index 2030736a3..b7723aa09 100644
--- a/vendor/google.golang.org/grpc/rpc_util.go
+++ b/vendor/google.golang.org/grpc/rpc_util.go
@@ -75,7 +75,7 @@ func NewGZIPCompressorWithLevel(level int) (Compressor, error) {
 	}
 	return &gzipCompressor{
 		pool: sync.Pool{
-			New: func() interface{} {
+			New: func() any {
 				w, err := gzip.NewWriterLevel(io.Discard, level)
 				if err != nil {
 					panic(err)
@@ -577,6 +577,9 @@ type parser struct {
 	// The header of a gRPC message. Find more detail at
 	// https://github.com/grpc/grpc/blob/master/doc/PROTOCOL-HTTP2.md
 	header [5]byte
+
+	// recvBufferPool is the pool of shared receive buffers.
+	recvBufferPool SharedBufferPool
 }
 
 // recvMsg reads a complete gRPC message from the stream.
@@ -610,9 +613,7 @@ func (p *parser) recvMsg(maxReceiveMessageSize int) (pf payloadFormat, msg []byt
 	if int(length) > maxReceiveMessageSize {
 		return 0, nil, status.Errorf(codes.ResourceExhausted, "grpc: received message larger than max (%d vs. %d)", length, maxReceiveMessageSize)
 	}
-	// TODO(bradfitz,zhaoq): garbage. reuse buffer after proto decoding instead
-	// of making it for each message:
-	msg = make([]byte, int(length))
+	msg = p.recvBufferPool.Get(int(length))
 	if _, err := p.r.Read(msg); err != nil {
 		if err == io.EOF {
 			err = io.ErrUnexpectedEOF
@@ -625,7 +626,7 @@ func (p *parser) recvMsg(maxReceiveMessageSize int) (pf payloadFormat, msg []byt
 // encode serializes msg and returns a buffer containing the message, or an
 // error if it is too large to be transmitted by grpc.  If msg is nil, it
 // generates an empty message.
-func encode(c baseCodec, msg interface{}) ([]byte, error) {
+func encode(c baseCodec, msg any) ([]byte, error) {
 	if msg == nil { // NOTE: typed nils will not be caught by this check
 		return nil, nil
 	}
@@ -692,7 +693,7 @@ func msgHeader(data, compData []byte) (hdr []byte, payload []byte) {
 	return hdr, data
 }
 
-func outPayload(client bool, msg interface{}, data, payload []byte, t time.Time) *stats.OutPayload {
+func outPayload(client bool, msg any, data, payload []byte, t time.Time) *stats.OutPayload {
 	return &stats.OutPayload{
 		Client:           client,
 		Payload:          msg,
@@ -726,12 +727,12 @@ type payloadInfo struct {
 }
 
 func recvAndDecompress(p *parser, s *transport.Stream, dc Decompressor, maxReceiveMessageSize int, payInfo *payloadInfo, compressor encoding.Compressor) ([]byte, error) {
-	pf, d, err := p.recvMsg(maxReceiveMessageSize)
+	pf, buf, err := p.recvMsg(maxReceiveMessageSize)
 	if err != nil {
 		return nil, err
 	}
 	if payInfo != nil {
-		payInfo.compressedLength = len(d)
+		payInfo.compressedLength = len(buf)
 	}
 
 	if st := checkRecvPayload(pf, s.RecvCompress(), compressor != nil || dc != nil); st != nil {
@@ -743,10 +744,10 @@ func recvAndDecompress(p *parser, s *transport.Stream, dc Decompressor, maxRecei
 		// To match legacy behavior, if the decompressor is set by WithDecompressor or RPCDecompressor,
 		// use this decompressor as the default.
 		if dc != nil {
-			d, err = dc.Do(bytes.NewReader(d))
-			size = len(d)
+			buf, err = dc.Do(bytes.NewReader(buf))
+			size = len(buf)
 		} else {
-			d, size, err = decompress(compressor, d, maxReceiveMessageSize)
+			buf, size, err = decompress(compressor, buf, maxReceiveMessageSize)
 		}
 		if err != nil {
 			return nil, status.Errorf(codes.Internal, "grpc: failed to decompress the received message: %v", err)
@@ -757,7 +758,7 @@ func recvAndDecompress(p *parser, s *transport.Stream, dc Decompressor, maxRecei
 			return nil, status.Errorf(codes.ResourceExhausted, "grpc: received message after decompression larger than max (%d vs. %d)", size, maxReceiveMessageSize)
 		}
 	}
-	return d, nil
+	return buf, nil
 }
 
 // Using compressor, decompress d, returning data and size.
@@ -791,16 +792,18 @@ func decompress(compressor encoding.Compressor, d []byte, maxReceiveMessageSize
 // For the two compressor parameters, both should not be set, but if they are,
 // dc takes precedence over compressor.
 // TODO(dfawley): wrap the old compressor/decompressor using the new API?
-func recv(p *parser, c baseCodec, s *transport.Stream, dc Decompressor, m interface{}, maxReceiveMessageSize int, payInfo *payloadInfo, compressor encoding.Compressor) error {
-	d, err := recvAndDecompress(p, s, dc, maxReceiveMessageSize, payInfo, compressor)
+func recv(p *parser, c baseCodec, s *transport.Stream, dc Decompressor, m any, maxReceiveMessageSize int, payInfo *payloadInfo, compressor encoding.Compressor) error {
+	buf, err := recvAndDecompress(p, s, dc, maxReceiveMessageSize, payInfo, compressor)
 	if err != nil {
 		return err
 	}
-	if err := c.Unmarshal(d, m); err != nil {
+	if err := c.Unmarshal(buf, m); err != nil {
 		return status.Errorf(codes.Internal, "grpc: failed to unmarshal the received message: %v", err)
 	}
 	if payInfo != nil {
-		payInfo.uncompressedBytes = d
+		payInfo.uncompressedBytes = buf
+	} else {
+		p.recvBufferPool.Put(&buf)
 	}
 	return nil
 }
@@ -860,19 +863,22 @@ func ErrorDesc(err error) string {
 // Errorf returns nil if c is OK.
 //
 // Deprecated: use status.Errorf instead.
-func Errorf(c codes.Code, format string, a ...interface{}) error {
+func Errorf(c codes.Code, format string, a ...any) error {
 	return status.Errorf(c, format, a...)
 }
 
+var errContextCanceled = status.Error(codes.Canceled, context.Canceled.Error())
+var errContextDeadline = status.Error(codes.DeadlineExceeded, context.DeadlineExceeded.Error())
+
 // toRPCErr converts an error into an error from the status package.
 func toRPCErr(err error) error {
 	switch err {
 	case nil, io.EOF:
 		return err
 	case context.DeadlineExceeded:
-		return status.Error(codes.DeadlineExceeded, err.Error())
+		return errContextDeadline
 	case context.Canceled:
-		return status.Error(codes.Canceled, err.Error())
+		return errContextCanceled
 	case io.ErrUnexpectedEOF:
 		return status.Error(codes.Internal, err.Error())
 	}
diff --git a/vendor/google.golang.org/grpc/server.go b/vendor/google.golang.org/grpc/server.go
index 8869cc906..8f60d4214 100644
--- a/vendor/google.golang.org/grpc/server.go
+++ b/vendor/google.golang.org/grpc/server.go
@@ -86,7 +86,7 @@ func init() {
 var statusOK = status.New(codes.OK, "")
 var logger = grpclog.Component("core")
 
-type methodHandler func(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor UnaryServerInterceptor) (interface{}, error)
+type methodHandler func(srv any, ctx context.Context, dec func(any) error, interceptor UnaryServerInterceptor) (any, error)
 
 // MethodDesc represents an RPC service's method specification.
 type MethodDesc struct {
@@ -99,20 +99,20 @@ type ServiceDesc struct {
 	ServiceName string
 	// The pointer to the service interface. Used to check whether the user
 	// provided implementation satisfies the interface requirements.
-	HandlerType interface{}
+	HandlerType any
 	Methods     []MethodDesc
 	Streams     []StreamDesc
-	Metadata    interface{}
+	Metadata    any
 }
 
 // serviceInfo wraps information about a service. It is very similar to
 // ServiceDesc and is constructed from it for internal purposes.
 type serviceInfo struct {
 	// Contains the implementation for the methods in this service.
-	serviceImpl interface{}
+	serviceImpl any
 	methods     map[string]*MethodDesc
 	streams     map[string]*StreamDesc
-	mdata       interface{}
+	mdata       any
 }
 
 // Server is a gRPC server to serve RPC requests.
@@ -164,10 +164,12 @@ type serverOptions struct {
 	initialConnWindowSize int32
 	writeBufferSize       int
 	readBufferSize        int
+	sharedWriteBuffer     bool
 	connectionTimeout     time.Duration
 	maxHeaderListSize     *uint32
 	headerTableSize       *uint32
 	numServerWorkers      uint32
+	recvBufferPool        SharedBufferPool
 }
 
 var defaultServerOptions = serverOptions{
@@ -177,6 +179,7 @@ var defaultServerOptions = serverOptions{
 	connectionTimeout:     120 * time.Second,
 	writeBufferSize:       defaultWriteBufSize,
 	readBufferSize:        defaultReadBufSize,
+	recvBufferPool:        nopBufferPool{},
 }
 var globalServerOptions []ServerOption
 
@@ -228,6 +231,20 @@ func newJoinServerOption(opts ...ServerOption) ServerOption {
 	return &joinServerOption{opts: opts}
 }
 
+// SharedWriteBuffer allows reusing per-connection transport write buffer.
+// If this option is set to true every connection will release the buffer after
+// flushing the data on the wire.
+//
+// # Experimental
+//
+// Notice: This API is EXPERIMENTAL and may be changed or removed in a
+// later release.
+func SharedWriteBuffer(val bool) ServerOption {
+	return newFuncServerOption(func(o *serverOptions) {
+		o.sharedWriteBuffer = val
+	})
+}
+
 // WriteBufferSize determines how much data can be batched before doing a write
 // on the wire. The corresponding memory allocation for this buffer will be
 // twice the size to keep syscalls low. The default value for this buffer is
@@ -268,9 +285,9 @@ func InitialConnWindowSize(s int32) ServerOption {
 
 // KeepaliveParams returns a ServerOption that sets keepalive and max-age parameters for the server.
 func KeepaliveParams(kp keepalive.ServerParameters) ServerOption {
-	if kp.Time > 0 && kp.Time < time.Second {
+	if kp.Time > 0 && kp.Time < internal.KeepaliveMinServerPingTime {
 		logger.Warning("Adjusting keepalive ping interval to minimum period of 1s")
-		kp.Time = time.Second
+		kp.Time = internal.KeepaliveMinServerPingTime
 	}
 
 	return newFuncServerOption(func(o *serverOptions) {
@@ -550,6 +567,27 @@ func NumStreamWorkers(numServerWorkers uint32) ServerOption {
 	})
 }
 
+// RecvBufferPool returns a ServerOption that configures the server
+// to use the provided shared buffer pool for parsing incoming messages. Depending
+// on the application's workload, this could result in reduced memory allocation.
+//
+// If you are unsure about how to implement a memory pool but want to utilize one,
+// begin with grpc.NewSharedBufferPool.
+//
+// Note: The shared buffer pool feature will not be active if any of the following
+// options are used: StatsHandler, EnableTracing, or binary logging. In such
+// cases, the shared buffer pool will be ignored.
+//
+// # Experimental
+//
+// Notice: This API is EXPERIMENTAL and may be changed or removed in a
+// later release.
+func RecvBufferPool(bufferPool SharedBufferPool) ServerOption {
+	return newFuncServerOption(func(o *serverOptions) {
+		o.recvBufferPool = bufferPool
+	})
+}
+
 // serverWorkerResetThreshold defines how often the stack must be reset. Every
 // N requests, by spawning a new goroutine in its place, a worker can reset its
 // stack so that large stacks don't live in memory forever. 2^16 should allow
@@ -625,7 +663,7 @@ func NewServer(opt ...ServerOption) *Server {
 
 // printf records an event in s's event log, unless s has been stopped.
 // REQUIRES s.mu is held.
-func (s *Server) printf(format string, a ...interface{}) {
+func (s *Server) printf(format string, a ...any) {
 	if s.events != nil {
 		s.events.Printf(format, a...)
 	}
@@ -633,7 +671,7 @@ func (s *Server) printf(format string, a ...interface{}) {
 
 // errorf records an error in s's event log, unless s has been stopped.
 // REQUIRES s.mu is held.
-func (s *Server) errorf(format string, a ...interface{}) {
+func (s *Server) errorf(format string, a ...any) {
 	if s.events != nil {
 		s.events.Errorf(format, a...)
 	}
@@ -648,14 +686,14 @@ type ServiceRegistrar interface {
 	// once the server has started serving.
 	// desc describes the service and its methods and handlers. impl is the
 	// service implementation which is passed to the method handlers.
-	RegisterService(desc *ServiceDesc, impl interface{})
+	RegisterService(desc *ServiceDesc, impl any)
 }
 
 // RegisterService registers a service and its implementation to the gRPC
 // server. It is called from the IDL generated code. This must be called before
 // invoking Serve. If ss is non-nil (for legacy code), its type is checked to
 // ensure it implements sd.HandlerType.
-func (s *Server) RegisterService(sd *ServiceDesc, ss interface{}) {
+func (s *Server) RegisterService(sd *ServiceDesc, ss any) {
 	if ss != nil {
 		ht := reflect.TypeOf(sd.HandlerType).Elem()
 		st := reflect.TypeOf(ss)
@@ -666,7 +704,7 @@ func (s *Server) RegisterService(sd *ServiceDesc, ss interface{}) {
 	s.register(sd, ss)
 }
 
-func (s *Server) register(sd *ServiceDesc, ss interface{}) {
+func (s *Server) register(sd *ServiceDesc, ss any) {
 	s.mu.Lock()
 	defer s.mu.Unlock()
 	s.printf("RegisterService(%q)", sd.ServiceName)
@@ -707,7 +745,7 @@ type MethodInfo struct {
 type ServiceInfo struct {
 	Methods []MethodInfo
 	// Metadata is the metadata specified in ServiceDesc when registering service.
-	Metadata interface{}
+	Metadata any
 }
 
 // GetServiceInfo returns a map from service names to ServiceInfo.
@@ -908,6 +946,7 @@ func (s *Server) newHTTP2Transport(c net.Conn) transport.ServerTransport {
 		InitialConnWindowSize: s.opts.initialConnWindowSize,
 		WriteBufferSize:       s.opts.writeBufferSize,
 		ReadBufferSize:        s.opts.readBufferSize,
+		SharedWriteBuffer:     s.opts.sharedWriteBuffer,
 		ChannelzParentID:      s.channelzID,
 		MaxHeaderListSize:     s.opts.maxHeaderListSize,
 		HeaderTableSize:       s.opts.headerTableSize,
@@ -944,7 +983,7 @@ func (s *Server) serveStreams(st transport.ServerTransport) {
 		f := func() {
 			defer streamQuota.release()
 			defer wg.Done()
-			s.handleStream(st, stream, s.traceInfo(st, stream))
+			s.handleStream(st, stream)
 		}
 
 		if s.opts.numServerWorkers > 0 {
@@ -956,12 +995,6 @@ func (s *Server) serveStreams(st transport.ServerTransport) {
 			}
 		}
 		go f()
-	}, func(ctx context.Context, method string) context.Context {
-		if !EnableTracing {
-			return ctx
-		}
-		tr := trace.New("grpc.Recv."+methodFamily(method), method)
-		return trace.NewContext(ctx, tr)
 	})
 	wg.Wait()
 }
@@ -1010,30 +1043,6 @@ func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	s.serveStreams(st)
 }
 
-// traceInfo returns a traceInfo and associates it with stream, if tracing is enabled.
-// If tracing is not enabled, it returns nil.
-func (s *Server) traceInfo(st transport.ServerTransport, stream *transport.Stream) (trInfo *traceInfo) {
-	if !EnableTracing {
-		return nil
-	}
-	tr, ok := trace.FromContext(stream.Context())
-	if !ok {
-		return nil
-	}
-
-	trInfo = &traceInfo{
-		tr: tr,
-		firstLine: firstLine{
-			client:     false,
-			remoteAddr: st.RemoteAddr(),
-		},
-	}
-	if dl, ok := stream.Context().Deadline(); ok {
-		trInfo.firstLine.deadline = time.Until(dl)
-	}
-	return trInfo
-}
-
 func (s *Server) addConn(addr string, st transport.ServerTransport) bool {
 	s.mu.Lock()
 	defer s.mu.Unlock()
@@ -1094,7 +1103,7 @@ func (s *Server) incrCallsFailed() {
 	atomic.AddInt64(&s.czData.callsFailed, 1)
 }
 
-func (s *Server) sendResponse(t transport.ServerTransport, stream *transport.Stream, msg interface{}, cp Compressor, opts *transport.Options, comp encoding.Compressor) error {
+func (s *Server) sendResponse(ctx context.Context, t transport.ServerTransport, stream *transport.Stream, msg any, cp Compressor, opts *transport.Options, comp encoding.Compressor) error {
 	data, err := encode(s.getCodec(stream.ContentSubtype()), msg)
 	if err != nil {
 		channelz.Error(logger, s.channelzID, "grpc: server failed to encode response: ", err)
@@ -1113,7 +1122,7 @@ func (s *Server) sendResponse(t transport.ServerTransport, stream *transport.Str
 	err = t.Write(stream, hdr, payload, opts)
 	if err == nil {
 		for _, sh := range s.opts.statsHandlers {
-			sh.HandleRPC(stream.Context(), outPayload(false, msg, data, payload, time.Now()))
+			sh.HandleRPC(ctx, outPayload(false, msg, data, payload, time.Now()))
 		}
 	}
 	return err
@@ -1141,7 +1150,7 @@ func chainUnaryServerInterceptors(s *Server) {
 }
 
 func chainUnaryInterceptors(interceptors []UnaryServerInterceptor) UnaryServerInterceptor {
-	return func(ctx context.Context, req interface{}, info *UnaryServerInfo, handler UnaryHandler) (interface{}, error) {
+	return func(ctx context.Context, req any, info *UnaryServerInfo, handler UnaryHandler) (any, error) {
 		return interceptors[0](ctx, req, info, getChainUnaryHandler(interceptors, 0, info, handler))
 	}
 }
@@ -1150,12 +1159,12 @@ func getChainUnaryHandler(interceptors []UnaryServerInterceptor, curr int, info
 	if curr == len(interceptors)-1 {
 		return finalHandler
 	}
-	return func(ctx context.Context, req interface{}) (interface{}, error) {
+	return func(ctx context.Context, req any) (any, error) {
 		return interceptors[curr+1](ctx, req, info, getChainUnaryHandler(interceptors, curr+1, info, finalHandler))
 	}
 }
 
-func (s *Server) processUnaryRPC(t transport.ServerTransport, stream *transport.Stream, info *serviceInfo, md *MethodDesc, trInfo *traceInfo) (err error) {
+func (s *Server) processUnaryRPC(ctx context.Context, t transport.ServerTransport, stream *transport.Stream, info *serviceInfo, md *MethodDesc, trInfo *traceInfo) (err error) {
 	shs := s.opts.statsHandlers
 	if len(shs) != 0 || trInfo != nil || channelz.IsOn() {
 		if channelz.IsOn() {
@@ -1169,7 +1178,7 @@ func (s *Server) processUnaryRPC(t transport.ServerTransport, stream *transport.
 				IsClientStream: false,
 				IsServerStream: false,
 			}
-			sh.HandleRPC(stream.Context(), statsBegin)
+			sh.HandleRPC(ctx, statsBegin)
 		}
 		if trInfo != nil {
 			trInfo.tr.LazyLog(&trInfo.firstLine, false)
@@ -1187,7 +1196,7 @@ func (s *Server) processUnaryRPC(t transport.ServerTransport, stream *transport.
 		defer func() {
 			if trInfo != nil {
 				if err != nil && err != io.EOF {
-					trInfo.tr.LazyLog(&fmtStringer{"%v", []interface{}{err}}, true)
+					trInfo.tr.LazyLog(&fmtStringer{"%v", []any{err}}, true)
 					trInfo.tr.SetError()
 				}
 				trInfo.tr.Finish()
@@ -1201,7 +1210,7 @@ func (s *Server) processUnaryRPC(t transport.ServerTransport, stream *transport.
 				if err != nil && err != io.EOF {
 					end.Error = toRPCErr(err)
 				}
-				sh.HandleRPC(stream.Context(), end)
+				sh.HandleRPC(ctx, end)
 			}
 
 			if channelz.IsOn() {
@@ -1223,7 +1232,6 @@ func (s *Server) processUnaryRPC(t transport.ServerTransport, stream *transport.
 		}
 	}
 	if len(binlogs) != 0 {
-		ctx := stream.Context()
 		md, _ := metadata.FromIncomingContext(ctx)
 		logEntry := &binarylog.ClientHeader{
 			Header:     md,
@@ -1294,7 +1302,7 @@ func (s *Server) processUnaryRPC(t transport.ServerTransport, stream *transport.
 	if len(shs) != 0 || len(binlogs) != 0 {
 		payInfo = &payloadInfo{}
 	}
-	d, err := recvAndDecompress(&parser{r: stream}, stream, dc, s.opts.maxReceiveMessageSize, payInfo, decomp)
+	d, err := recvAndDecompress(&parser{r: stream, recvBufferPool: s.opts.recvBufferPool}, stream, dc, s.opts.maxReceiveMessageSize, payInfo, decomp)
 	if err != nil {
 		if e := t.WriteStatus(stream, status.Convert(err)); e != nil {
 			channelz.Warningf(logger, s.channelzID, "grpc: Server.processUnaryRPC failed to write status: %v", e)
@@ -1304,12 +1312,12 @@ func (s *Server) processUnaryRPC(t transport.ServerTransport, stream *transport.
 	if channelz.IsOn() {
 		t.IncrMsgRecv()
 	}
-	df := func(v interface{}) error {
+	df := func(v any) error {
 		if err := s.getCodec(stream.ContentSubtype()).Unmarshal(d, v); err != nil {
 			return status.Errorf(codes.Internal, "grpc: error unmarshalling request: %v", err)
 		}
 		for _, sh := range shs {
-			sh.HandleRPC(stream.Context(), &stats.InPayload{
+			sh.HandleRPC(ctx, &stats.InPayload{
 				RecvTime:         time.Now(),
 				Payload:          v,
 				Length:           len(d),
@@ -1323,7 +1331,7 @@ func (s *Server) processUnaryRPC(t transport.ServerTransport, stream *transport.
 				Message: d,
 			}
 			for _, binlog := range binlogs {
-				binlog.Log(stream.Context(), cm)
+				binlog.Log(ctx, cm)
 			}
 		}
 		if trInfo != nil {
@@ -1331,7 +1339,7 @@ func (s *Server) processUnaryRPC(t transport.ServerTransport, stream *transport.
 		}
 		return nil
 	}
-	ctx := NewContextWithServerTransportStream(stream.Context(), stream)
+	ctx = NewContextWithServerTransportStream(ctx, stream)
 	reply, appErr := md.Handler(info.serviceImpl, ctx, df, s.opts.unaryInt)
 	if appErr != nil {
 		appStatus, ok := status.FromError(appErr)
@@ -1356,7 +1364,7 @@ func (s *Server) processUnaryRPC(t transport.ServerTransport, stream *transport.
 					Header: h,
 				}
 				for _, binlog := range binlogs {
-					binlog.Log(stream.Context(), sh)
+					binlog.Log(ctx, sh)
 				}
 			}
 			st := &binarylog.ServerTrailer{
@@ -1364,7 +1372,7 @@ func (s *Server) processUnaryRPC(t transport.ServerTransport, stream *transport.
 				Err:     appErr,
 			}
 			for _, binlog := range binlogs {
-				binlog.Log(stream.Context(), st)
+				binlog.Log(ctx, st)
 			}
 		}
 		return appErr
@@ -1379,7 +1387,7 @@ func (s *Server) processUnaryRPC(t transport.ServerTransport, stream *transport.
 	if stream.SendCompress() != sendCompressorName {
 		comp = encoding.GetCompressor(stream.SendCompress())
 	}
-	if err := s.sendResponse(t, stream, reply, cp, opts, comp); err != nil {
+	if err := s.sendResponse(ctx, t, stream, reply, cp, opts, comp); err != nil {
 		if err == io.EOF {
 			// The entire stream is done (for unary RPC only).
 			return err
@@ -1406,8 +1414,8 @@ func (s *Server) processUnaryRPC(t transport.ServerTransport, stream *transport.
 				Err:     appErr,
 			}
 			for _, binlog := range binlogs {
-				binlog.Log(stream.Context(), sh)
-				binlog.Log(stream.Context(), st)
+				binlog.Log(ctx, sh)
+				binlog.Log(ctx, st)
 			}
 		}
 		return err
@@ -1421,8 +1429,8 @@ func (s *Server) processUnaryRPC(t transport.ServerTransport, stream *transport.
 			Message: reply,
 		}
 		for _, binlog := range binlogs {
-			binlog.Log(stream.Context(), sh)
-			binlog.Log(stream.Context(), sm)
+			binlog.Log(ctx, sh)
+			binlog.Log(ctx, sm)
 		}
 	}
 	if channelz.IsOn() {
@@ -1440,7 +1448,7 @@ func (s *Server) processUnaryRPC(t transport.ServerTransport, stream *transport.
 			Err:     appErr,
 		}
 		for _, binlog := range binlogs {
-			binlog.Log(stream.Context(), st)
+			binlog.Log(ctx, st)
 		}
 	}
 	return t.WriteStatus(stream, statusOK)
@@ -1468,7 +1476,7 @@ func chainStreamServerInterceptors(s *Server) {
 }
 
 func chainStreamInterceptors(interceptors []StreamServerInterceptor) StreamServerInterceptor {
-	return func(srv interface{}, ss ServerStream, info *StreamServerInfo, handler StreamHandler) error {
+	return func(srv any, ss ServerStream, info *StreamServerInfo, handler StreamHandler) error {
 		return interceptors[0](srv, ss, info, getChainStreamHandler(interceptors, 0, info, handler))
 	}
 }
@@ -1477,12 +1485,12 @@ func getChainStreamHandler(interceptors []StreamServerInterceptor, curr int, inf
 	if curr == len(interceptors)-1 {
 		return finalHandler
 	}
-	return func(srv interface{}, stream ServerStream) error {
+	return func(srv any, stream ServerStream) error {
 		return interceptors[curr+1](srv, stream, info, getChainStreamHandler(interceptors, curr+1, info, finalHandler))
 	}
 }
 
-func (s *Server) processStreamingRPC(t transport.ServerTransport, stream *transport.Stream, info *serviceInfo, sd *StreamDesc, trInfo *traceInfo) (err error) {
+func (s *Server) processStreamingRPC(ctx context.Context, t transport.ServerTransport, stream *transport.Stream, info *serviceInfo, sd *StreamDesc, trInfo *traceInfo) (err error) {
 	if channelz.IsOn() {
 		s.incrCallsStarted()
 	}
@@ -1496,15 +1504,15 @@ func (s *Server) processStreamingRPC(t transport.ServerTransport, stream *transp
 			IsServerStream: sd.ServerStreams,
 		}
 		for _, sh := range shs {
-			sh.HandleRPC(stream.Context(), statsBegin)
+			sh.HandleRPC(ctx, statsBegin)
 		}
 	}
-	ctx := NewContextWithServerTransportStream(stream.Context(), stream)
+	ctx = NewContextWithServerTransportStream(ctx, stream)
 	ss := &serverStream{
 		ctx:                   ctx,
 		t:                     t,
 		s:                     stream,
-		p:                     &parser{r: stream},
+		p:                     &parser{r: stream, recvBufferPool: s.opts.recvBufferPool},
 		codec:                 s.getCodec(stream.ContentSubtype()),
 		maxReceiveMessageSize: s.opts.maxReceiveMessageSize,
 		maxSendMessageSize:    s.opts.maxSendMessageSize,
@@ -1518,7 +1526,7 @@ func (s *Server) processStreamingRPC(t transport.ServerTransport, stream *transp
 			if trInfo != nil {
 				ss.mu.Lock()
 				if err != nil && err != io.EOF {
-					ss.trInfo.tr.LazyLog(&fmtStringer{"%v", []interface{}{err}}, true)
+					ss.trInfo.tr.LazyLog(&fmtStringer{"%v", []any{err}}, true)
 					ss.trInfo.tr.SetError()
 				}
 				ss.trInfo.tr.Finish()
@@ -1535,7 +1543,7 @@ func (s *Server) processStreamingRPC(t transport.ServerTransport, stream *transp
 					end.Error = toRPCErr(err)
 				}
 				for _, sh := range shs {
-					sh.HandleRPC(stream.Context(), end)
+					sh.HandleRPC(ctx, end)
 				}
 			}
 
@@ -1577,7 +1585,7 @@ func (s *Server) processStreamingRPC(t transport.ServerTransport, stream *transp
 			logEntry.PeerAddr = peer.Addr
 		}
 		for _, binlog := range ss.binlogs {
-			binlog.Log(stream.Context(), logEntry)
+			binlog.Log(ctx, logEntry)
 		}
 	}
 
@@ -1621,7 +1629,7 @@ func (s *Server) processStreamingRPC(t transport.ServerTransport, stream *transp
 		trInfo.tr.LazyLog(&trInfo.firstLine, false)
 	}
 	var appErr error
-	var server interface{}
+	var server any
 	if info != nil {
 		server = info.serviceImpl
 	}
@@ -1655,7 +1663,7 @@ func (s *Server) processStreamingRPC(t transport.ServerTransport, stream *transp
 				Err:     appErr,
 			}
 			for _, binlog := range ss.binlogs {
-				binlog.Log(stream.Context(), st)
+				binlog.Log(ctx, st)
 			}
 		}
 		t.WriteStatus(ss.s, appStatus)
@@ -1673,33 +1681,50 @@ func (s *Server) processStreamingRPC(t transport.ServerTransport, stream *transp
 			Err:     appErr,
 		}
 		for _, binlog := range ss.binlogs {
-			binlog.Log(stream.Context(), st)
+			binlog.Log(ctx, st)
 		}
 	}
 	return t.WriteStatus(ss.s, statusOK)
 }
 
-func (s *Server) handleStream(t transport.ServerTransport, stream *transport.Stream, trInfo *traceInfo) {
+func (s *Server) handleStream(t transport.ServerTransport, stream *transport.Stream) {
+	ctx := stream.Context()
+	var ti *traceInfo
+	if EnableTracing {
+		tr := trace.New("grpc.Recv."+methodFamily(stream.Method()), stream.Method())
+		ctx = trace.NewContext(ctx, tr)
+		ti = &traceInfo{
+			tr: tr,
+			firstLine: firstLine{
+				client:     false,
+				remoteAddr: t.RemoteAddr(),
+			},
+		}
+		if dl, ok := ctx.Deadline(); ok {
+			ti.firstLine.deadline = time.Until(dl)
+		}
+	}
+
 	sm := stream.Method()
 	if sm != "" && sm[0] == '/' {
 		sm = sm[1:]
 	}
 	pos := strings.LastIndex(sm, "/")
 	if pos == -1 {
-		if trInfo != nil {
-			trInfo.tr.LazyLog(&fmtStringer{"Malformed method name %q", []interface{}{sm}}, true)
-			trInfo.tr.SetError()
+		if ti != nil {
+			ti.tr.LazyLog(&fmtStringer{"Malformed method name %q", []any{sm}}, true)
+			ti.tr.SetError()
 		}
 		errDesc := fmt.Sprintf("malformed method name: %q", stream.Method())
 		if err := t.WriteStatus(stream, status.New(codes.Unimplemented, errDesc)); err != nil {
-			if trInfo != nil {
-				trInfo.tr.LazyLog(&fmtStringer{"%v", []interface{}{err}}, true)
-				trInfo.tr.SetError()
+			if ti != nil {
+				ti.tr.LazyLog(&fmtStringer{"%v", []any{err}}, true)
+				ti.tr.SetError()
 			}
 			channelz.Warningf(logger, s.channelzID, "grpc: Server.handleStream failed to write status: %v", err)
 		}
-		if trInfo != nil {
-			trInfo.tr.Finish()
+		if ti != nil {
+			ti.tr.Finish()
 		}
 		return
 	}
@@ -1709,17 +1734,17 @@ func (s *Server) handleStream(t transport.ServerTransport, stream *transport.Str
 	srv, knownService := s.services[service]
 	if knownService {
 		if md, ok := srv.methods[method]; ok {
-			s.processUnaryRPC(t, stream, srv, md, trInfo)
+			s.processUnaryRPC(ctx, t, stream, srv, md, ti)
 			return
 		}
 		if sd, ok := srv.streams[method]; ok {
-			s.processStreamingRPC(t, stream, srv, sd, trInfo)
+			s.processStreamingRPC(ctx, t, stream, srv, sd, ti)
 			return
 		}
 	}
 	// Unknown service, or known server unknown method.
 	if unknownDesc := s.opts.unknownStreamDesc; unknownDesc != nil {
-		s.processStreamingRPC(t, stream, nil, unknownDesc, trInfo)
+		s.processStreamingRPC(ctx, t, stream, nil, unknownDesc, ti)
 		return
 	}
 	var errDesc string
@@ -1728,19 +1753,19 @@ func (s *Server) handleStream(t transport.ServerTransport, stream *transport.Str
 	} else {
 		errDesc = fmt.Sprintf("unknown method %v for service %v", method, service)
 	}
-	if trInfo != nil {
-		trInfo.tr.LazyPrintf("%s", errDesc)
-		trInfo.tr.SetError()
+	if ti != nil {
+		ti.tr.LazyPrintf("%s", errDesc)
+		ti.tr.SetError()
 	}
 	if err := t.WriteStatus(stream, status.New(codes.Unimplemented, errDesc)); err != nil {
-		if trInfo != nil {
-			trInfo.tr.LazyLog(&fmtStringer{"%v", []interface{}{err}}, true)
-			trInfo.tr.SetError()
+		if ti != nil {
+			ti.tr.LazyLog(&fmtStringer{"%v", []any{err}}, true)
+			ti.tr.SetError()
 		}
 		channelz.Warningf(logger, s.channelzID, "grpc: Server.handleStream failed to write status: %v", err)
 	}
-	if trInfo != nil {
-		trInfo.tr.Finish()
+	if ti != nil {
+		ti.tr.Finish()
 	}
 }
 
@@ -2054,12 +2079,12 @@ func validateSendCompressor(name, clientCompressors string) error {
 // atomicSemaphore implements a blocking, counting semaphore. acquire should be
 // called synchronously; release may be called asynchronously.
 type atomicSemaphore struct {
-	n    int64
+	n    atomic.Int64
 	wait chan struct{}
 }
 
 func (q *atomicSemaphore) acquire() {
-	if atomic.AddInt64(&q.n, -1) < 0 {
+	if q.n.Add(-1) < 0 {
 		// We ran out of quota.  Block until a release happens.
 		<-q.wait
 	}
@@ -2070,12 +2095,14 @@ func (q *atomicSemaphore) release() {
 	// concurrent calls to acquire, but also note that with synchronous calls to
 	// acquire, as our system does, n will never be less than -1.  There are
 	// fairness issues (queuing) to consider if this was to be generalized.
-	if atomic.AddInt64(&q.n, 1) <= 0 {
+	if q.n.Add(1) <= 0 {
 		// An acquire was waiting on us.  Unblock it.
 		q.wait <- struct{}{}
 	}
 }
 
 func newHandlerQuota(n uint32) *atomicSemaphore {
-	return &atomicSemaphore{n: int64(n), wait: make(chan struct{}, 1)}
+	a := &atomicSemaphore{wait: make(chan struct{}, 1)}
+	a.n.Store(int64(n))
+	return a
 }
diff --git a/vendor/google.golang.org/grpc/shared_buffer_pool.go b/vendor/google.golang.org/grpc/shared_buffer_pool.go
new file mode 100644
index 000000000..48a64cfe8
--- /dev/null
+++ b/vendor/google.golang.org/grpc/shared_buffer_pool.go
@@ -0,0 +1,154 @@
+/*
+ *
+ * Copyright 2023 gRPC authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package grpc
+
+import "sync"
+
+// SharedBufferPool is a pool of buffers that can be shared, resulting in
+// decreased memory allocation. Currently, in gRPC-go, it is only utilized
+// for parsing incoming messages.
+//
+// # Experimental
+//
+// Notice: This API is EXPERIMENTAL and may be changed or removed in a
+// later release.
+type SharedBufferPool interface {
+	// Get returns a buffer with specified length from the pool.
+	//
+	// The returned byte slice may be not zero initialized.
+	Get(length int) []byte
+
+	// Put returns a buffer to the pool.
+	Put(*[]byte)
+}
+
+// NewSharedBufferPool creates a simple SharedBufferPool with buckets
+// of different sizes to optimize memory usage. This prevents the pool from
+// wasting large amounts of memory, even when handling messages of varying sizes.
+//
+// # Experimental
+//
+// Notice: This API is EXPERIMENTAL and may be changed or removed in a
+// later release.
+func NewSharedBufferPool() SharedBufferPool {
+	return &simpleSharedBufferPool{
+		pools: [poolArraySize]simpleSharedBufferChildPool{
+			newBytesPool(level0PoolMaxSize),
+			newBytesPool(level1PoolMaxSize),
+			newBytesPool(level2PoolMaxSize),
+			newBytesPool(level3PoolMaxSize),
+			newBytesPool(level4PoolMaxSize),
+			newBytesPool(0),
+		},
+	}
+}
+
+// simpleSharedBufferPool is a simple implementation of SharedBufferPool.
+type simpleSharedBufferPool struct {
+	pools [poolArraySize]simpleSharedBufferChildPool
+}
+
+func (p *simpleSharedBufferPool) Get(size int) []byte {
+	return p.pools[p.poolIdx(size)].Get(size)
+}
+
+func (p *simpleSharedBufferPool) Put(bs *[]byte) {
+	p.pools[p.poolIdx(cap(*bs))].Put(bs)
+}
+
+func (p *simpleSharedBufferPool) poolIdx(size int) int {
+	switch {
+	case size <= level0PoolMaxSize:
+		return level0PoolIdx
+	case size <= level1PoolMaxSize:
+		return level1PoolIdx
+	case size <= level2PoolMaxSize:
+		return level2PoolIdx
+	case size <= level3PoolMaxSize:
+		return level3PoolIdx
+	case size <= level4PoolMaxSize:
+		return level4PoolIdx
+	default:
+		return levelMaxPoolIdx
+	}
+}
+
+const (
+	level0PoolMaxSize = 16                     //  16  B
+	level1PoolMaxSize = level0PoolMaxSize * 16 // 256  B
+	level2PoolMaxSize = level1PoolMaxSize * 16 //   4 KB
+	level3PoolMaxSize = level2PoolMaxSize * 16 //  64 KB
+	level4PoolMaxSize = level3PoolMaxSize * 16 //   1 MB
+)
+
+const (
+	level0PoolIdx = iota
+	level1PoolIdx
+	level2PoolIdx
+	level3PoolIdx
+	level4PoolIdx
+	levelMaxPoolIdx
+	poolArraySize
+)
+
+type simpleSharedBufferChildPool interface {
+	Get(size int) []byte
+	Put(any)
+}
+
+type bufferPool struct {
+	sync.Pool
+
+	defaultSize int
+}
+
+func (p *bufferPool) Get(size int) []byte {
+	bs := p.Pool.Get().(*[]byte)
+
+	if cap(*bs) < size {
+		p.Pool.Put(bs)
+
+		return make([]byte, size)
+	}
+
+	return (*bs)[:size]
+}
+
+func newBytesPool(size int) simpleSharedBufferChildPool {
+	return &bufferPool{
+		Pool: sync.Pool{
+			New: func() any {
+				bs := make([]byte, size)
+				return &bs
+			},
+		},
+		defaultSize: size,
+	}
+}
+
+// nopBufferPool is a buffer pool just makes new buffer without pooling.
+type nopBufferPool struct {
+}
+
+func (nopBufferPool) Get(length int) []byte {
+	return make([]byte, length)
+}
+
+func (nopBufferPool) Put(*[]byte) {
+}
diff --git a/vendor/google.golang.org/grpc/stats/stats.go b/vendor/google.golang.org/grpc/stats/stats.go
index 7a552a9b7..4ab70e2d4 100644
--- a/vendor/google.golang.org/grpc/stats/stats.go
+++ b/vendor/google.golang.org/grpc/stats/stats.go
@@ -59,12 +59,22 @@ func (s *Begin) IsClient() bool { return s.Client }
 
 func (s *Begin) isRPCStats() {}
 
+// PickerUpdated indicates that the LB policy provided a new picker while the
+// RPC was waiting for one.
+type PickerUpdated struct{}
+
+// IsClient indicates if the stats information is from client side. Only Client
+// Side interfaces with a Picker, thus always returns true.
+func (*PickerUpdated) IsClient() bool { return true }
+
+func (*PickerUpdated) isRPCStats() {}
+
 // InPayload contains the information for an incoming payload.
 type InPayload struct {
 	// Client is true if this InPayload is from client side.
 	Client bool
 	// Payload is the payload with original type.
-	Payload interface{}
+	Payload any
 	// Data is the serialized message payload.
 	Data []byte
 
@@ -134,7 +144,7 @@ type OutPayload struct {
 	// Client is true if this OutPayload is from client side.
 	Client bool
 	// Payload is the payload with original type.
-	Payload interface{}
+	Payload any
 	// Data is the serialized message payload.
 	Data []byte
 	// Length is the size of the uncompressed payload data. Does not include any
diff --git a/vendor/google.golang.org/grpc/status/status.go b/vendor/google.golang.org/grpc/status/status.go
index bcf2e4d81..a93360efb 100644
--- a/vendor/google.golang.org/grpc/status/status.go
+++ b/vendor/google.golang.org/grpc/status/status.go
@@ -50,7 +50,7 @@ func New(c codes.Code, msg string) *Status {
 }
 
 // Newf returns New(c, fmt.Sprintf(format, a...)).
-func Newf(c codes.Code, format string, a ...interface{}) *Status {
+func Newf(c codes.Code, format string, a ...any) *Status {
 	return New(c, fmt.Sprintf(format, a...))
 }
 
@@ -60,7 +60,7 @@ func Error(c codes.Code, msg string) error {
 }
 
 // Errorf returns Error(c, fmt.Sprintf(format, a...)).
-func Errorf(c codes.Code, format string, a ...interface{}) error {
+func Errorf(c codes.Code, format string, a ...any) error {
 	return Error(c, fmt.Sprintf(format, a...))
 }
 
@@ -99,25 +99,27 @@ func FromError(err error) (s *Status, ok bool) {
 	}
 	type grpcstatus interface{ GRPCStatus() *Status }
 	if gs, ok := err.(grpcstatus); ok {
-		if gs.GRPCStatus() == nil {
+		grpcStatus := gs.GRPCStatus()
+		if grpcStatus == nil {
 			// Error has status nil, which maps to codes.OK. There
 			// is no sensible behavior for this, so we turn it into
 			// an error with codes.Unknown and discard the existing
 			// status.
 			return New(codes.Unknown, err.Error()), false
 		}
-		return gs.GRPCStatus(), true
+		return grpcStatus, true
 	}
 	var gs grpcstatus
 	if errors.As(err, &gs) {
-		if gs.GRPCStatus() == nil {
+		grpcStatus := gs.GRPCStatus()
+		if grpcStatus == nil {
 			// Error wraps an error that has status nil, which maps
 			// to codes.OK.  There is no sensible behavior for this,
 			// so we turn it into an error with codes.Unknown and
 			// discard the existing status.
 			return New(codes.Unknown, err.Error()), false
 		}
-		p := gs.GRPCStatus().Proto()
+		p := grpcStatus.Proto()
 		p.Message = err.Error()
 		return status.FromProto(p), true
 	}
diff --git a/vendor/google.golang.org/grpc/stream.go b/vendor/google.golang.org/grpc/stream.go
index 10092685b..b14b2fbea 100644
--- a/vendor/google.golang.org/grpc/stream.go
+++ b/vendor/google.golang.org/grpc/stream.go
@@ -31,6 +31,7 @@ import (
 	"google.golang.org/grpc/balancer"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/encoding"
+	"google.golang.org/grpc/internal"
 	"google.golang.org/grpc/internal/balancerload"
 	"google.golang.org/grpc/internal/binarylog"
 	"google.golang.org/grpc/internal/channelz"
@@ -54,7 +55,7 @@ import (
 // status package, or be one of the context errors. Otherwise, gRPC will use
 // codes.Unknown as the status code and err.Error() as the status message of the
 // RPC.
-type StreamHandler func(srv interface{}, stream ServerStream) error
+type StreamHandler func(srv any, stream ServerStream) error
 
 // StreamDesc represents a streaming RPC service's method specification.  Used
 // on the server when registering services and on the client when initiating
@@ -79,9 +80,9 @@ type Stream interface {
 	// Deprecated: See ClientStream and ServerStream documentation instead.
 	Context() context.Context
 	// Deprecated: See ClientStream and ServerStream documentation instead.
-	SendMsg(m interface{}) error
+	SendMsg(m any) error
 	// Deprecated: See ClientStream and ServerStream documentation instead.
-	RecvMsg(m interface{}) error
+	RecvMsg(m any) error
 }
 
 // ClientStream defines the client-side behavior of a streaming RPC.
@@ -90,7 +91,9 @@ type Stream interface {
 // status package.
 type ClientStream interface {
 	// Header returns the header metadata received from the server if there
-	// is any. It blocks if the metadata is not ready to read.
+	// is any. It blocks if the metadata is not ready to read.  If the metadata
+	// is nil and the error is also nil, then the stream was terminated without
+	// headers, and the status can be discovered by calling RecvMsg.
 	Header() (metadata.MD, error)
 	// Trailer returns the trailer metadata from the server, if there is any.
 	// It must only be called after stream.CloseAndRecv has returned, or
@@ -126,7 +129,7 @@ type ClientStream interface {
 	//
 	// It is not safe to modify the message after calling SendMsg. Tracing
 	// libraries and stats handlers may use the message lazily.
-	SendMsg(m interface{}) error
+	SendMsg(m any) error
 	// RecvMsg blocks until it receives a message into m or the stream is
 	// done. It returns io.EOF when the stream completes successfully. On
 	// any other error, the stream is aborted and the error contains the RPC
@@ -135,7 +138,7 @@ type ClientStream interface {
 	// It is safe to have a goroutine calling SendMsg and another goroutine
 	// calling RecvMsg on the same stream at the same time, but it is not
 	// safe to call RecvMsg on the same stream in different goroutines.
-	RecvMsg(m interface{}) error
+	RecvMsg(m any) error
 }
 
 // NewStream creates a new Stream for the client side. This is typically
@@ -155,11 +158,6 @@ type ClientStream interface {
 // If none of the above happen, a goroutine and a context will be leaked, and grpc
 // will not call the optionally-configured stats handler with a stats.End message.
 func (cc *ClientConn) NewStream(ctx context.Context, desc *StreamDesc, method string, opts ...CallOption) (ClientStream, error) {
-	if err := cc.idlenessMgr.onCallBegin(); err != nil {
-		return nil, err
-	}
-	defer cc.idlenessMgr.onCallEnd()
-
 	// allow interceptor to see all applicable call options, which means those
 	// configured as defaults from dial option as well as per-call options
 	opts = combine(cc.dopts.callOptions, opts)
@@ -176,6 +174,16 @@ func NewClientStream(ctx context.Context, desc *StreamDesc, cc *ClientConn, meth
 }
 
 func newClientStream(ctx context.Context, desc *StreamDesc, cc *ClientConn, method string, opts ...CallOption) (_ ClientStream, err error) {
+	// Start tracking the RPC for idleness purposes. This is where a stream is
+	// created for both streaming and unary RPCs, and hence is a good place to
+	// track active RPC count.
+	if err := cc.idlenessMgr.OnCallBegin(); err != nil {
+		return nil, err
+	}
+	// Add a calloption, to decrement the active call count, that gets executed
+	// when the RPC completes.
+	opts = append([]CallOption{OnFinish(func(error) { cc.idlenessMgr.OnCallEnd() })}, opts...)
+
 	if md, added, ok := metadata.FromOutgoingContextRaw(ctx); ok {
 		// validate md
 		if err := imetadata.Validate(md); err != nil {
@@ -433,7 +441,7 @@ func (cs *clientStream) newAttemptLocked(isTransparent bool) (*csAttempt, error)
 		ctx = trace.NewContext(ctx, trInfo.tr)
 	}
 
-	if cs.cc.parsedTarget.URL.Scheme == "xds" {
+	if cs.cc.parsedTarget.URL.Scheme == internal.GRPCResolverSchemeExtraMetadata {
 		// Add extra metadata (metadata that will be added by transport) to context
 		// so the balancer can see them.
 		ctx = grpcutil.WithExtraMetadata(ctx, metadata.Pairs(
@@ -507,7 +515,7 @@ func (a *csAttempt) newStream() error {
 		return toRPCErr(nse.Err)
 	}
 	a.s = s
-	a.p = &parser{r: s}
+	a.p = &parser{r: s, recvBufferPool: a.cs.cc.dopts.recvBufferPool}
 	return nil
 }
 
@@ -788,23 +796,24 @@ func (cs *clientStream) withRetry(op func(a *csAttempt) error, onSuccess func())
 
 func (cs *clientStream) Header() (metadata.MD, error) {
 	var m metadata.MD
-	noHeader := false
 	err := cs.withRetry(func(a *csAttempt) error {
 		var err error
 		m, err = a.s.Header()
-		if err == transport.ErrNoHeaders {
-			noHeader = true
-			return nil
-		}
 		return toRPCErr(err)
 	}, cs.commitAttemptLocked)
 
+	if m == nil && err == nil {
+		// The stream ended with success.  Finish the clientStream.
+		err = io.EOF
+	}
+
 	if err != nil {
 		cs.finish(err)
-		return nil, err
+		// Do not return the error.  The user should get it by calling Recv().
+		return nil, nil
 	}
 
-	if len(cs.binlogs) != 0 && !cs.serverHeaderBinlogged && !noHeader {
+	if len(cs.binlogs) != 0 && !cs.serverHeaderBinlogged && m != nil {
 		// Only log if binary log is on and header has not been logged, and
 		// there is actually headers to log.
 		logEntry := &binarylog.ServerHeader{
@@ -820,6 +829,7 @@ func (cs *clientStream) Header() (metadata.MD, error) {
 			binlog.Log(cs.ctx, logEntry)
 		}
 	}
+
 	return m, nil
 }
 
@@ -860,7 +870,7 @@ func (cs *clientStream) bufferForRetryLocked(sz int, op func(a *csAttempt) error
 	cs.buffer = append(cs.buffer, op)
 }
 
-func (cs *clientStream) SendMsg(m interface{}) (err error) {
+func (cs *clientStream) SendMsg(m any) (err error) {
 	defer func() {
 		if err != nil && err != io.EOF {
 			// Call finish on the client stream for errors generated by this SendMsg
@@ -904,7 +914,7 @@ func (cs *clientStream) SendMsg(m interface{}) (err error) {
 	return err
 }
 
-func (cs *clientStream) RecvMsg(m interface{}) error {
+func (cs *clientStream) RecvMsg(m any) error {
 	if len(cs.binlogs) != 0 && !cs.serverHeaderBinlogged {
 		// Call Header() to binary log header if it's not already logged.
 		cs.Header()
@@ -928,24 +938,6 @@ func (cs *clientStream) RecvMsg(m interface{}) error {
 	if err != nil || !cs.desc.ServerStreams {
 		// err != nil or non-server-streaming indicates end of stream.
 		cs.finish(err)
-
-		if len(cs.binlogs) != 0 {
-			// finish will not log Trailer. Log Trailer here.
-			logEntry := &binarylog.ServerTrailer{
-				OnClientSide: true,
-				Trailer:      cs.Trailer(),
-				Err:          err,
-			}
-			if logEntry.Err == io.EOF {
-				logEntry.Err = nil
-			}
-			if peer, ok := peer.FromContext(cs.Context()); ok {
-				logEntry.PeerAddr = peer.Addr
-			}
-			for _, binlog := range cs.binlogs {
-				binlog.Log(cs.ctx, logEntry)
-			}
-		}
 	}
 	return err
 }
@@ -1001,18 +993,30 @@ func (cs *clientStream) finish(err error) {
 			}
 		}
 	}
+
 	cs.mu.Unlock()
-	// For binary logging. only log cancel in finish (could be caused by RPC ctx
-	// canceled or ClientConn closed). Trailer will be logged in RecvMsg.
-	//
-	// Only one of cancel or trailer needs to be logged. In the cases where
-	// users don't call RecvMsg, users must have already canceled the RPC.
-	if len(cs.binlogs) != 0 && status.Code(err) == codes.Canceled {
-		c := &binarylog.Cancel{
-			OnClientSide: true,
-		}
-		for _, binlog := range cs.binlogs {
-			binlog.Log(cs.ctx, c)
+	// Only one of cancel or trailer needs to be logged.
+	if len(cs.binlogs) != 0 {
+		switch err {
+		case errContextCanceled, errContextDeadline, ErrClientConnClosing:
+			c := &binarylog.Cancel{
+				OnClientSide: true,
+			}
+			for _, binlog := range cs.binlogs {
+				binlog.Log(cs.ctx, c)
+			}
+		default:
+			logEntry := &binarylog.ServerTrailer{
+				OnClientSide: true,
+				Trailer:      cs.Trailer(),
+				Err:          err,
+			}
+			if peer, ok := peer.FromContext(cs.Context()); ok {
+				logEntry.PeerAddr = peer.Addr
+			}
+			for _, binlog := range cs.binlogs {
+				binlog.Log(cs.ctx, logEntry)
+			}
 		}
 	}
 	if err == nil {
@@ -1028,7 +1032,7 @@ func (cs *clientStream) finish(err error) {
 	cs.cancel()
 }
 
-func (a *csAttempt) sendMsg(m interface{}, hdr, payld, data []byte) error {
+func (a *csAttempt) sendMsg(m any, hdr, payld, data []byte) error {
 	cs := a.cs
 	if a.trInfo != nil {
 		a.mu.Lock()
@@ -1055,7 +1059,7 @@ func (a *csAttempt) sendMsg(m interface{}, hdr, payld, data []byte) error {
 	return nil
 }
 
-func (a *csAttempt) recvMsg(m interface{}, payInfo *payloadInfo) (err error) {
+func (a *csAttempt) recvMsg(m any, payInfo *payloadInfo) (err error) {
 	cs := a.cs
 	if len(a.statsHandlers) != 0 && payInfo == nil {
 		payInfo = &payloadInfo{}
@@ -1270,7 +1274,7 @@ func newNonRetryClientStream(ctx context.Context, desc *StreamDesc, method strin
 		return nil, err
 	}
 	as.s = s
-	as.p = &parser{r: s}
+	as.p = &parser{r: s, recvBufferPool: ac.dopts.recvBufferPool}
 	ac.incrCallsStarted()
 	if desc != unaryStreamDesc {
 		// Listen on stream context to cleanup when the stream context is
@@ -1348,7 +1352,7 @@ func (as *addrConnStream) Context() context.Context {
 	return as.s.Context()
 }
 
-func (as *addrConnStream) SendMsg(m interface{}) (err error) {
+func (as *addrConnStream) SendMsg(m any) (err error) {
 	defer func() {
 		if err != nil && err != io.EOF {
 			// Call finish on the client stream for errors generated by this SendMsg
@@ -1393,7 +1397,7 @@ func (as *addrConnStream) SendMsg(m interface{}) (err error) {
 	return nil
 }
 
-func (as *addrConnStream) RecvMsg(m interface{}) (err error) {
+func (as *addrConnStream) RecvMsg(m any) (err error) {
 	defer func() {
 		if err != nil || !as.desc.ServerStreams {
 			// err != nil or non-server-streaming indicates end of stream.
@@ -1512,7 +1516,7 @@ type ServerStream interface {
 	//
 	// It is not safe to modify the message after calling SendMsg. Tracing
 	// libraries and stats handlers may use the message lazily.
-	SendMsg(m interface{}) error
+	SendMsg(m any) error
 	// RecvMsg blocks until it receives a message into m or the stream is
 	// done. It returns io.EOF when the client has performed a CloseSend. On
 	// any non-EOF error, the stream is aborted and the error contains the
@@ -1521,7 +1525,7 @@ type ServerStream interface {
 	// It is safe to have a goroutine calling SendMsg and another goroutine
 	// calling RecvMsg on the same stream at the same time, but it is not
 	// safe to call RecvMsg on the same stream in different goroutines.
-	RecvMsg(m interface{}) error
+	RecvMsg(m any) error
 }
 
 // serverStream implements a server side Stream.
@@ -1602,7 +1606,7 @@ func (ss *serverStream) SetTrailer(md metadata.MD) {
 	ss.s.SetTrailer(md)
 }
 
-func (ss *serverStream) SendMsg(m interface{}) (err error) {
+func (ss *serverStream) SendMsg(m any) (err error) {
 	defer func() {
 		if ss.trInfo != nil {
 			ss.mu.Lock()
@@ -1610,7 +1614,7 @@ func (ss *serverStream) SendMsg(m interface{}) (err error) {
 				if err == nil {
 					ss.trInfo.tr.LazyLog(&payload{sent: true, msg: m}, true)
 				} else {
-					ss.trInfo.tr.LazyLog(&fmtStringer{"%v", []interface{}{err}}, true)
+					ss.trInfo.tr.LazyLog(&fmtStringer{"%v", []any{err}}, true)
 					ss.trInfo.tr.SetError()
 				}
 			}
@@ -1677,7 +1681,7 @@ func (ss *serverStream) SendMsg(m interface{}) (err error) {
 	return nil
 }
 
-func (ss *serverStream) RecvMsg(m interface{}) (err error) {
+func (ss *serverStream) RecvMsg(m any) (err error) {
 	defer func() {
 		if ss.trInfo != nil {
 			ss.mu.Lock()
@@ -1685,7 +1689,7 @@ func (ss *serverStream) RecvMsg(m interface{}) (err error) {
 				if err == nil {
 					ss.trInfo.tr.LazyLog(&payload{sent: false, msg: m}, true)
 				} else if err != io.EOF {
-					ss.trInfo.tr.LazyLog(&fmtStringer{"%v", []interface{}{err}}, true)
+					ss.trInfo.tr.LazyLog(&fmtStringer{"%v", []any{err}}, true)
 					ss.trInfo.tr.SetError()
 				}
 			}
@@ -1757,7 +1761,7 @@ func MethodFromServerStream(stream ServerStream) (string, bool) {
 // prepareMsg returns the hdr, payload and data
 // using the compressors passed or using the
 // passed preparedmsg
-func prepareMsg(m interface{}, codec baseCodec, cp Compressor, comp encoding.Compressor) (hdr, payload, data []byte, err error) {
+func prepareMsg(m any, codec baseCodec, cp Compressor, comp encoding.Compressor) (hdr, payload, data []byte, err error) {
 	if preparedMsg, ok := m.(*PreparedMsg); ok {
 		return preparedMsg.hdr, preparedMsg.payload, preparedMsg.encodedData, nil
 	}
diff --git a/vendor/google.golang.org/grpc/tap/tap.go b/vendor/google.golang.org/grpc/tap/tap.go
index bfa5dfa40..07f012576 100644
--- a/vendor/google.golang.org/grpc/tap/tap.go
+++ b/vendor/google.golang.org/grpc/tap/tap.go
@@ -27,6 +27,8 @@ package tap
 
 import (
 	"context"
+
+	"google.golang.org/grpc/metadata"
 )
 
 // Info defines the relevant information needed by the handles.
@@ -34,6 +36,10 @@ type Info struct {
 	// FullMethodName is the string of grpc method (in the format of
 	// /package.service/method).
 	FullMethodName string
+
+	// Header contains the header metadata received.
+	Header metadata.MD
+
 	// TODO: More to be added.
 }
 
diff --git a/vendor/google.golang.org/grpc/trace.go b/vendor/google.golang.org/grpc/trace.go
index 07a2d26b3..9ded79321 100644
--- a/vendor/google.golang.org/grpc/trace.go
+++ b/vendor/google.golang.org/grpc/trace.go
@@ -97,8 +97,8 @@ func truncate(x string, l int) string {
 
 // payload represents an RPC request or response payload.
 type payload struct {
-	sent bool        // whether this is an outgoing payload
-	msg  interface{} // e.g. a proto.Message
+	sent bool // whether this is an outgoing payload
+	msg  any  // e.g. a proto.Message
 	// TODO(dsymonds): add stringifying info to codec, and limit how much we hold here?
 }
 
@@ -111,7 +111,7 @@ func (p payload) String() string {
 
 type fmtStringer struct {
 	format string
-	a      []interface{}
+	a      []any
 }
 
 func (f *fmtStringer) String() string {
diff --git a/vendor/google.golang.org/grpc/version.go b/vendor/google.golang.org/grpc/version.go
index 3cc754062..6d2cadd79 100644
--- a/vendor/google.golang.org/grpc/version.go
+++ b/vendor/google.golang.org/grpc/version.go
@@ -19,4 +19,4 @@
 package grpc
 
 // Version is the current grpc version.
-const Version = "1.56.3"
+const Version = "1.59.0"
diff --git a/vendor/google.golang.org/grpc/vet.sh b/vendor/google.golang.org/grpc/vet.sh
index a8e4732b3..bb480f1f9 100644
--- a/vendor/google.golang.org/grpc/vet.sh
+++ b/vendor/google.golang.org/grpc/vet.sh
@@ -84,12 +84,18 @@ not git grep -l 'x/net/context' -- "*.go"
 #   thread safety.
 git grep -l '"math/rand"' -- "*.go" 2>&1 | not grep -v '^examples\|^stress\|grpcrand\|^benchmark\|wrr_test'
 
+# - Do not use "interface{}"; use "any" instead.
+git grep -l 'interface{}' -- "*.go" 2>&1 | not grep -v '\.pb\.go\|protoc-gen-go-grpc'
+
 # - Do not call grpclog directly. Use grpclog.Component instead.
 git grep -l -e 'grpclog.I' --or -e 'grpclog.W' --or -e 'grpclog.E' --or -e 'grpclog.F' --or -e 'grpclog.V' -- "*.go" | not grep -v '^grpclog/component.go\|^internal/grpctest/tlogger_test.go'
 
 # - Ensure all ptypes proto packages are renamed when importing.
 not git grep "\(import \|^\s*\)\"github.com/golang/protobuf/ptypes/" -- "*.go"
 
+# - Ensure all usages of grpc_testing package are renamed when importing.
+not git grep "\(import \|^\s*\)\"google.golang.org/grpc/interop/grpc_testing" -- "*.go" 
+
 # - Ensure all xds proto imports are renamed to *pb or *grpc.
 git grep '"github.com/envoyproxy/go-control-plane/envoy' -- '*.go' ':(exclude)*.pb.go' | not grep -v 'pb "\|grpc "'
 
@@ -106,7 +112,7 @@ for MOD_FILE in $(find . -name 'go.mod'); do
   goimports -l . 2>&1 | not grep -vE "\.pb\.go"
   golint ./... 2>&1 | not grep -vE "/grpc_testing_not_regenerate/.*\.pb\.go:"
 
-  go mod tidy -compat=1.17
+  go mod tidy -compat=1.19
   git status --porcelain 2>&1 | fail_on_output || \
     (git status; git --no-pager diff; exit 1)
   popd
@@ -168,8 +174,6 @@ proto.RegisteredExtension is deprecated
 proto.RegisteredExtensions is deprecated
 proto.RegisterMapType is deprecated
 proto.Unmarshaler is deprecated
-resolver.Backend
-resolver.GRPCLB
 Target is deprecated: Use the Target field in the BuildOptions instead.
 xxx_messageInfo_
 ' "${SC_OUT}"
diff --git a/vendor/google.golang.org/protobuf/encoding/protojson/encode.go b/vendor/google.golang.org/protobuf/encoding/protojson/encode.go
index d09d22e13..66b95870e 100644
--- a/vendor/google.golang.org/protobuf/encoding/protojson/encode.go
+++ b/vendor/google.golang.org/protobuf/encoding/protojson/encode.go
@@ -106,13 +106,19 @@ func (o MarshalOptions) Format(m proto.Message) string {
 // MarshalOptions. Do not depend on the output being stable. It may change over
 // time across different versions of the program.
 func (o MarshalOptions) Marshal(m proto.Message) ([]byte, error) {
-	return o.marshal(m)
+	return o.marshal(nil, m)
+}
+
+// MarshalAppend appends the JSON format encoding of m to b,
+// returning the result.
+func (o MarshalOptions) MarshalAppend(b []byte, m proto.Message) ([]byte, error) {
+	return o.marshal(b, m)
 }
 
 // marshal is a centralized function that all marshal operations go through.
 // For profiling purposes, avoid changing the name of this function or
 // introducing other code paths for marshal that do not go through this.
-func (o MarshalOptions) marshal(m proto.Message) ([]byte, error) {
+func (o MarshalOptions) marshal(b []byte, m proto.Message) ([]byte, error) {
 	if o.Multiline && o.Indent == "" {
 		o.Indent = defaultIndent
 	}
@@ -120,7 +126,7 @@ func (o MarshalOptions) marshal(m proto.Message) ([]byte, error) {
 		o.Resolver = protoregistry.GlobalTypes
 	}
 
-	internalEnc, err := json.NewEncoder(o.Indent)
+	internalEnc, err := json.NewEncoder(b, o.Indent)
 	if err != nil {
 		return nil, err
 	}
@@ -128,7 +134,7 @@ func (o MarshalOptions) marshal(m proto.Message) ([]byte, error) {
 	// Treat nil message interface as an empty message,
 	// in which case the output in an empty JSON object.
 	if m == nil {
-		return []byte("{}"), nil
+		return append(b, '{', '}'), nil
 	}
 
 	enc := encoder{internalEnc, o}
diff --git a/vendor/google.golang.org/protobuf/encoding/prototext/encode.go b/vendor/google.golang.org/protobuf/encoding/prototext/encode.go
index ebf6c6528..722a7b41d 100644
--- a/vendor/google.golang.org/protobuf/encoding/prototext/encode.go
+++ b/vendor/google.golang.org/protobuf/encoding/prototext/encode.go
@@ -101,13 +101,19 @@ func (o MarshalOptions) Format(m proto.Message) string {
 // MarshalOptions object. Do not depend on the output being stable. It may
 // change over time across different versions of the program.
 func (o MarshalOptions) Marshal(m proto.Message) ([]byte, error) {
-	return o.marshal(m)
+	return o.marshal(nil, m)
+}
+
+// MarshalAppend appends the textproto format encoding of m to b,
+// returning the result.
+func (o MarshalOptions) MarshalAppend(b []byte, m proto.Message) ([]byte, error) {
+	return o.marshal(b, m)
 }
 
 // marshal is a centralized function that all marshal operations go through.
 // For profiling purposes, avoid changing the name of this function or
 // introducing other code paths for marshal that do not go through this.
-func (o MarshalOptions) marshal(m proto.Message) ([]byte, error) {
+func (o MarshalOptions) marshal(b []byte, m proto.Message) ([]byte, error) {
 	var delims = [2]byte{'{', '}'}
 
 	if o.Multiline && o.Indent == "" {
@@ -117,7 +123,7 @@ func (o MarshalOptions) marshal(m proto.Message) ([]byte, error) {
 		o.Resolver = protoregistry.GlobalTypes
 	}
 
-	internalEnc, err := text.NewEncoder(o.Indent, delims, o.EmitASCII)
+	internalEnc, err := text.NewEncoder(b, o.Indent, delims, o.EmitASCII)
 	if err != nil {
 		return nil, err
 	}
@@ -125,7 +131,7 @@ func (o MarshalOptions) marshal(m proto.Message) ([]byte, error) {
 	// Treat nil message interface as an empty message,
 	// in which case there is nothing to output.
 	if m == nil {
-		return []byte{}, nil
+		return b, nil
 	}
 
 	enc := encoder{internalEnc, o}
diff --git a/vendor/google.golang.org/protobuf/internal/encoding/json/encode.go b/vendor/google.golang.org/protobuf/internal/encoding/json/encode.go
index fbdf34873..934f2dcb3 100644
--- a/vendor/google.golang.org/protobuf/internal/encoding/json/encode.go
+++ b/vendor/google.golang.org/protobuf/internal/encoding/json/encode.go
@@ -41,8 +41,10 @@ type Encoder struct {
 //
 // If indent is a non-empty string, it causes every entry for an Array or Object
 // to be preceded by the indent and trailed by a newline.
-func NewEncoder(indent string) (*Encoder, error) {
-	e := &Encoder{}
+func NewEncoder(buf []byte, indent string) (*Encoder, error) {
+	e := &Encoder{
+		out: buf,
+	}
 	if len(indent) > 0 {
 		if strings.Trim(indent, " \t") != "" {
 			return nil, errors.New("indent may only be composed of space or tab characters")
@@ -176,13 +178,13 @@ func appendFloat(out []byte, n float64, bitSize int) []byte {
 // WriteInt writes out the given signed integer in JSON number value.
 func (e *Encoder) WriteInt(n int64) {
 	e.prepareNext(scalar)
-	e.out = append(e.out, strconv.FormatInt(n, 10)...)
+	e.out = strconv.AppendInt(e.out, n, 10)
 }
 
 // WriteUint writes out the given unsigned integer in JSON number value.
 func (e *Encoder) WriteUint(n uint64) {
 	e.prepareNext(scalar)
-	e.out = append(e.out, strconv.FormatUint(n, 10)...)
+	e.out = strconv.AppendUint(e.out, n, 10)
 }
 
 // StartObject writes out the '{' symbol.
diff --git a/vendor/google.golang.org/protobuf/internal/encoding/text/encode.go b/vendor/google.golang.org/protobuf/internal/encoding/text/encode.go
index da289ccce..cf7aed77b 100644
--- a/vendor/google.golang.org/protobuf/internal/encoding/text/encode.go
+++ b/vendor/google.golang.org/protobuf/internal/encoding/text/encode.go
@@ -53,8 +53,10 @@ type encoderState struct {
 // If outputASCII is true, strings will be serialized in such a way that
 // multi-byte UTF-8 sequences are escaped. This property ensures that the
 // overall output is ASCII (as opposed to UTF-8).
-func NewEncoder(indent string, delims [2]byte, outputASCII bool) (*Encoder, error) {
-	e := &Encoder{}
+func NewEncoder(buf []byte, indent string, delims [2]byte, outputASCII bool) (*Encoder, error) {
+	e := &Encoder{
+		encoderState: encoderState{out: buf},
+	}
 	if len(indent) > 0 {
 		if strings.Trim(indent, " \t") != "" {
 			return nil, errors.New("indent may only be composed of space and tab characters")
@@ -195,13 +197,13 @@ func appendFloat(out []byte, n float64, bitSize int) []byte {
 // WriteInt writes out the given signed integer value.
 func (e *Encoder) WriteInt(n int64) {
 	e.prepareNext(scalar)
-	e.out = append(e.out, strconv.FormatInt(n, 10)...)
+	e.out = strconv.AppendInt(e.out, n, 10)
 }
 
 // WriteUint writes out the given unsigned integer value.
 func (e *Encoder) WriteUint(n uint64) {
 	e.prepareNext(scalar)
-	e.out = append(e.out, strconv.FormatUint(n, 10)...)
+	e.out = strconv.AppendUint(e.out, n, 10)
 }
 
 // WriteLiteral writes out the given string as a literal value without quotes.
diff --git a/vendor/google.golang.org/protobuf/internal/genid/descriptor_gen.go b/vendor/google.golang.org/protobuf/internal/genid/descriptor_gen.go
index 5c0e8f73f..136f1b215 100644
--- a/vendor/google.golang.org/protobuf/internal/genid/descriptor_gen.go
+++ b/vendor/google.golang.org/protobuf/internal/genid/descriptor_gen.go
@@ -183,13 +183,58 @@ const (
 // Field names for google.protobuf.ExtensionRangeOptions.
 const (
 	ExtensionRangeOptions_UninterpretedOption_field_name protoreflect.Name = "uninterpreted_option"
+	ExtensionRangeOptions_Declaration_field_name         protoreflect.Name = "declaration"
+	ExtensionRangeOptions_Verification_field_name        protoreflect.Name = "verification"
 
 	ExtensionRangeOptions_UninterpretedOption_field_fullname protoreflect.FullName = "google.protobuf.ExtensionRangeOptions.uninterpreted_option"
+	ExtensionRangeOptions_Declaration_field_fullname         protoreflect.FullName = "google.protobuf.ExtensionRangeOptions.declaration"
+	ExtensionRangeOptions_Verification_field_fullname        protoreflect.FullName = "google.protobuf.ExtensionRangeOptions.verification"
 )
 
 // Field numbers for google.protobuf.ExtensionRangeOptions.
 const (
 	ExtensionRangeOptions_UninterpretedOption_field_number protoreflect.FieldNumber = 999
+	ExtensionRangeOptions_Declaration_field_number         protoreflect.FieldNumber = 2
+	ExtensionRangeOptions_Verification_field_number        protoreflect.FieldNumber = 3
+)
+
+// Full and short names for google.protobuf.ExtensionRangeOptions.VerificationState.
+const (
+	ExtensionRangeOptions_VerificationState_enum_fullname = "google.protobuf.ExtensionRangeOptions.VerificationState"
+	ExtensionRangeOptions_VerificationState_enum_name     = "VerificationState"
+)
+
+// Names for google.protobuf.ExtensionRangeOptions.Declaration.
+const (
+	ExtensionRangeOptions_Declaration_message_name     protoreflect.Name     = "Declaration"
+	ExtensionRangeOptions_Declaration_message_fullname protoreflect.FullName = "google.protobuf.ExtensionRangeOptions.Declaration"
+)
+
+// Field names for google.protobuf.ExtensionRangeOptions.Declaration.
+const (
+	ExtensionRangeOptions_Declaration_Number_field_name     protoreflect.Name = "number"
+	ExtensionRangeOptions_Declaration_FullName_field_name   protoreflect.Name = "full_name"
+	ExtensionRangeOptions_Declaration_Type_field_name       protoreflect.Name = "type"
+	ExtensionRangeOptions_Declaration_IsRepeated_field_name protoreflect.Name = "is_repeated"
+	ExtensionRangeOptions_Declaration_Reserved_field_name   protoreflect.Name = "reserved"
+	ExtensionRangeOptions_Declaration_Repeated_field_name   protoreflect.Name = "repeated"
+
+	ExtensionRangeOptions_Declaration_Number_field_fullname     protoreflect.FullName = "google.protobuf.ExtensionRangeOptions.Declaration.number"
+	ExtensionRangeOptions_Declaration_FullName_field_fullname   protoreflect.FullName = "google.protobuf.ExtensionRangeOptions.Declaration.full_name"
+	ExtensionRangeOptions_Declaration_Type_field_fullname       protoreflect.FullName = "google.protobuf.ExtensionRangeOptions.Declaration.type"
+	ExtensionRangeOptions_Declaration_IsRepeated_field_fullname protoreflect.FullName = "google.protobuf.ExtensionRangeOptions.Declaration.is_repeated"
+	ExtensionRangeOptions_Declaration_Reserved_field_fullname   protoreflect.FullName = "google.protobuf.ExtensionRangeOptions.Declaration.reserved"
+	ExtensionRangeOptions_Declaration_Repeated_field_fullname   protoreflect.FullName = "google.protobuf.ExtensionRangeOptions.Declaration.repeated"
+)
+
+// Field numbers for google.protobuf.ExtensionRangeOptions.Declaration.
+const (
+	ExtensionRangeOptions_Declaration_Number_field_number     protoreflect.FieldNumber = 1
+	ExtensionRangeOptions_Declaration_FullName_field_number   protoreflect.FieldNumber = 2
+	ExtensionRangeOptions_Declaration_Type_field_number       protoreflect.FieldNumber = 3
+	ExtensionRangeOptions_Declaration_IsRepeated_field_number protoreflect.FieldNumber = 4
+	ExtensionRangeOptions_Declaration_Reserved_field_number   protoreflect.FieldNumber = 5
+	ExtensionRangeOptions_Declaration_Repeated_field_number   protoreflect.FieldNumber = 6
 )
 
 // Names for google.protobuf.FieldDescriptorProto.
@@ -540,6 +585,7 @@ const (
 	FieldOptions_DebugRedact_field_name         protoreflect.Name = "debug_redact"
 	FieldOptions_Retention_field_name           protoreflect.Name = "retention"
 	FieldOptions_Target_field_name              protoreflect.Name = "target"
+	FieldOptions_Targets_field_name             protoreflect.Name = "targets"
 	FieldOptions_UninterpretedOption_field_name protoreflect.Name = "uninterpreted_option"
 
 	FieldOptions_Ctype_field_fullname               protoreflect.FullName = "google.protobuf.FieldOptions.ctype"
@@ -552,6 +598,7 @@ const (
 	FieldOptions_DebugRedact_field_fullname         protoreflect.FullName = "google.protobuf.FieldOptions.debug_redact"
 	FieldOptions_Retention_field_fullname           protoreflect.FullName = "google.protobuf.FieldOptions.retention"
 	FieldOptions_Target_field_fullname              protoreflect.FullName = "google.protobuf.FieldOptions.target"
+	FieldOptions_Targets_field_fullname             protoreflect.FullName = "google.protobuf.FieldOptions.targets"
 	FieldOptions_UninterpretedOption_field_fullname protoreflect.FullName = "google.protobuf.FieldOptions.uninterpreted_option"
 )
 
@@ -567,6 +614,7 @@ const (
 	FieldOptions_DebugRedact_field_number         protoreflect.FieldNumber = 16
 	FieldOptions_Retention_field_number           protoreflect.FieldNumber = 17
 	FieldOptions_Target_field_number              protoreflect.FieldNumber = 18
+	FieldOptions_Targets_field_number             protoreflect.FieldNumber = 19
 	FieldOptions_UninterpretedOption_field_number protoreflect.FieldNumber = 999
 )
 
diff --git a/vendor/google.golang.org/protobuf/internal/genid/type_gen.go b/vendor/google.golang.org/protobuf/internal/genid/type_gen.go
index 3bc710138..e0f75fea0 100644
--- a/vendor/google.golang.org/protobuf/internal/genid/type_gen.go
+++ b/vendor/google.golang.org/protobuf/internal/genid/type_gen.go
@@ -32,6 +32,7 @@ const (
 	Type_Options_field_name       protoreflect.Name = "options"
 	Type_SourceContext_field_name protoreflect.Name = "source_context"
 	Type_Syntax_field_name        protoreflect.Name = "syntax"
+	Type_Edition_field_name       protoreflect.Name = "edition"
 
 	Type_Name_field_fullname          protoreflect.FullName = "google.protobuf.Type.name"
 	Type_Fields_field_fullname        protoreflect.FullName = "google.protobuf.Type.fields"
@@ -39,6 +40,7 @@ const (
 	Type_Options_field_fullname       protoreflect.FullName = "google.protobuf.Type.options"
 	Type_SourceContext_field_fullname protoreflect.FullName = "google.protobuf.Type.source_context"
 	Type_Syntax_field_fullname        protoreflect.FullName = "google.protobuf.Type.syntax"
+	Type_Edition_field_fullname       protoreflect.FullName = "google.protobuf.Type.edition"
 )
 
 // Field numbers for google.protobuf.Type.
@@ -49,6 +51,7 @@ const (
 	Type_Options_field_number       protoreflect.FieldNumber = 4
 	Type_SourceContext_field_number protoreflect.FieldNumber = 5
 	Type_Syntax_field_number        protoreflect.FieldNumber = 6
+	Type_Edition_field_number       protoreflect.FieldNumber = 7
 )
 
 // Names for google.protobuf.Field.
@@ -121,12 +124,14 @@ const (
 	Enum_Options_field_name       protoreflect.Name = "options"
 	Enum_SourceContext_field_name protoreflect.Name = "source_context"
 	Enum_Syntax_field_name        protoreflect.Name = "syntax"
+	Enum_Edition_field_name       protoreflect.Name = "edition"
 
 	Enum_Name_field_fullname          protoreflect.FullName = "google.protobuf.Enum.name"
 	Enum_Enumvalue_field_fullname     protoreflect.FullName = "google.protobuf.Enum.enumvalue"
 	Enum_Options_field_fullname       protoreflect.FullName = "google.protobuf.Enum.options"
 	Enum_SourceContext_field_fullname protoreflect.FullName = "google.protobuf.Enum.source_context"
 	Enum_Syntax_field_fullname        protoreflect.FullName = "google.protobuf.Enum.syntax"
+	Enum_Edition_field_fullname       protoreflect.FullName = "google.protobuf.Enum.edition"
 )
 
 // Field numbers for google.protobuf.Enum.
@@ -136,6 +141,7 @@ const (
 	Enum_Options_field_number       protoreflect.FieldNumber = 3
 	Enum_SourceContext_field_number protoreflect.FieldNumber = 4
 	Enum_Syntax_field_number        protoreflect.FieldNumber = 5
+	Enum_Edition_field_number       protoreflect.FieldNumber = 6
 )
 
 // Names for google.protobuf.EnumValue.
diff --git a/vendor/google.golang.org/protobuf/internal/order/order.go b/vendor/google.golang.org/protobuf/internal/order/order.go
index 33745ed06..dea522e12 100644
--- a/vendor/google.golang.org/protobuf/internal/order/order.go
+++ b/vendor/google.golang.org/protobuf/internal/order/order.go
@@ -33,7 +33,7 @@ var (
 			return !inOneof(ox) && inOneof(oy)
 		}
 		// Fields in disjoint oneof sets are sorted by declaration index.
-		if ox != nil && oy != nil && ox != oy {
+		if inOneof(ox) && inOneof(oy) && ox != oy {
 			return ox.Index() < oy.Index()
 		}
 		// Fields sorted by field number.
diff --git a/vendor/google.golang.org/protobuf/internal/version/version.go b/vendor/google.golang.org/protobuf/internal/version/version.go
index f7014cd51..0999f29d5 100644
--- a/vendor/google.golang.org/protobuf/internal/version/version.go
+++ b/vendor/google.golang.org/protobuf/internal/version/version.go
@@ -51,7 +51,7 @@ import (
 //  10. Send out the CL for review and submit it.
 const (
 	Major      = 1
-	Minor      = 30
+	Minor      = 31
 	Patch      = 0
 	PreRelease = ""
 )
diff --git a/vendor/google.golang.org/protobuf/proto/size.go b/vendor/google.golang.org/protobuf/proto/size.go
index 554b9c6c0..f1692b49b 100644
--- a/vendor/google.golang.org/protobuf/proto/size.go
+++ b/vendor/google.golang.org/protobuf/proto/size.go
@@ -73,23 +73,27 @@ func (o MarshalOptions) sizeField(fd protoreflect.FieldDescriptor, value protore
 }
 
 func (o MarshalOptions) sizeList(num protowire.Number, fd protoreflect.FieldDescriptor, list protoreflect.List) (size int) {
+	sizeTag := protowire.SizeTag(num)
+
 	if fd.IsPacked() && list.Len() > 0 {
 		content := 0
 		for i, llen := 0, list.Len(); i < llen; i++ {
 			content += o.sizeSingular(num, fd.Kind(), list.Get(i))
 		}
-		return protowire.SizeTag(num) + protowire.SizeBytes(content)
+		return sizeTag + protowire.SizeBytes(content)
 	}
 
 	for i, llen := 0, list.Len(); i < llen; i++ {
-		size += protowire.SizeTag(num) + o.sizeSingular(num, fd.Kind(), list.Get(i))
+		size += sizeTag + o.sizeSingular(num, fd.Kind(), list.Get(i))
 	}
 	return size
 }
 
 func (o MarshalOptions) sizeMap(num protowire.Number, fd protoreflect.FieldDescriptor, mapv protoreflect.Map) (size int) {
+	sizeTag := protowire.SizeTag(num)
+
 	mapv.Range(func(key protoreflect.MapKey, value protoreflect.Value) bool {
-		size += protowire.SizeTag(num)
+		size += sizeTag
 		size += protowire.SizeBytes(o.sizeField(fd.MapKey(), key.Value()) + o.sizeField(fd.MapValue(), value))
 		return true
 	})
diff --git a/vendor/google.golang.org/protobuf/reflect/protoreflect/source_gen.go b/vendor/google.golang.org/protobuf/reflect/protoreflect/source_gen.go
index 54ce326df..717b106f3 100644
--- a/vendor/google.golang.org/protobuf/reflect/protoreflect/source_gen.go
+++ b/vendor/google.golang.org/protobuf/reflect/protoreflect/source_gen.go
@@ -363,6 +363,8 @@ func (p *SourcePath) appendFieldOptions(b []byte) []byte {
 		b = p.appendSingularField(b, "retention", nil)
 	case 18:
 		b = p.appendSingularField(b, "target", nil)
+	case 19:
+		b = p.appendRepeatedField(b, "targets", nil)
 	case 999:
 		b = p.appendRepeatedField(b, "uninterpreted_option", (*SourcePath).appendUninterpretedOption)
 	}
@@ -418,6 +420,10 @@ func (p *SourcePath) appendExtensionRangeOptions(b []byte) []byte {
 	switch (*p)[0] {
 	case 999:
 		b = p.appendRepeatedField(b, "uninterpreted_option", (*SourcePath).appendUninterpretedOption)
+	case 2:
+		b = p.appendRepeatedField(b, "declaration", (*SourcePath).appendExtensionRangeOptions_Declaration)
+	case 3:
+		b = p.appendSingularField(b, "verification", nil)
 	}
 	return b
 }
@@ -473,3 +479,24 @@ func (p *SourcePath) appendUninterpretedOption_NamePart(b []byte) []byte {
 	}
 	return b
 }
+
+func (p *SourcePath) appendExtensionRangeOptions_Declaration(b []byte) []byte {
+	if len(*p) == 0 {
+		return b
+	}
+	switch (*p)[0] {
+	case 1:
+		b = p.appendSingularField(b, "number", nil)
+	case 2:
+		b = p.appendSingularField(b, "full_name", nil)
+	case 3:
+		b = p.appendSingularField(b, "type", nil)
+	case 4:
+		b = p.appendSingularField(b, "is_repeated", nil)
+	case 5:
+		b = p.appendSingularField(b, "reserved", nil)
+	case 6:
+		b = p.appendSingularField(b, "repeated", nil)
+	}
+	return b
+}
diff --git a/vendor/google.golang.org/protobuf/types/descriptorpb/descriptor.pb.go b/vendor/google.golang.org/protobuf/types/descriptorpb/descriptor.pb.go
index dac5671db..04c00f737 100644
--- a/vendor/google.golang.org/protobuf/types/descriptorpb/descriptor.pb.go
+++ b/vendor/google.golang.org/protobuf/types/descriptorpb/descriptor.pb.go
@@ -48,6 +48,64 @@ import (
 	sync "sync"
 )
 
+// The verification state of the extension range.
+type ExtensionRangeOptions_VerificationState int32
+
+const (
+	// All the extensions of the range must be declared.
+	ExtensionRangeOptions_DECLARATION ExtensionRangeOptions_VerificationState = 0
+	ExtensionRangeOptions_UNVERIFIED  ExtensionRangeOptions_VerificationState = 1
+)
+
+// Enum value maps for ExtensionRangeOptions_VerificationState.
+var (
+	ExtensionRangeOptions_VerificationState_name = map[int32]string{
+		0: "DECLARATION",
+		1: "UNVERIFIED",
+	}
+	ExtensionRangeOptions_VerificationState_value = map[string]int32{
+		"DECLARATION": 0,
+		"UNVERIFIED":  1,
+	}
+)
+
+func (x ExtensionRangeOptions_VerificationState) Enum() *ExtensionRangeOptions_VerificationState {
+	p := new(ExtensionRangeOptions_VerificationState)
+	*p = x
+	return p
+}
+
+func (x ExtensionRangeOptions_VerificationState) String() string {
+	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
+}
+
+func (ExtensionRangeOptions_VerificationState) Descriptor() protoreflect.EnumDescriptor {
+	return file_google_protobuf_descriptor_proto_enumTypes[0].Descriptor()
+}
+
+func (ExtensionRangeOptions_VerificationState) Type() protoreflect.EnumType {
+	return &file_google_protobuf_descriptor_proto_enumTypes[0]
+}
+
+func (x ExtensionRangeOptions_VerificationState) Number() protoreflect.EnumNumber {
+	return protoreflect.EnumNumber(x)
+}
+
+// Deprecated: Do not use.
+func (x *ExtensionRangeOptions_VerificationState) UnmarshalJSON(b []byte) error {
+	num, err := protoimpl.X.UnmarshalJSONEnum(x.Descriptor(), b)
+	if err != nil {
+		return err
+	}
+	*x = ExtensionRangeOptions_VerificationState(num)
+	return nil
+}
+
+// Deprecated: Use ExtensionRangeOptions_VerificationState.Descriptor instead.
+func (ExtensionRangeOptions_VerificationState) EnumDescriptor() ([]byte, []int) {
+	return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{3, 0}
+}
+
 type FieldDescriptorProto_Type int32
 
 const (
@@ -137,11 +195,11 @@ func (x FieldDescriptorProto_Type) String() string {
 }
 
 func (FieldDescriptorProto_Type) Descriptor() protoreflect.EnumDescriptor {
-	return file_google_protobuf_descriptor_proto_enumTypes[0].Descriptor()
+	return file_google_protobuf_descriptor_proto_enumTypes[1].Descriptor()
 }
 
 func (FieldDescriptorProto_Type) Type() protoreflect.EnumType {
-	return &file_google_protobuf_descriptor_proto_enumTypes[0]
+	return &file_google_protobuf_descriptor_proto_enumTypes[1]
 }
 
 func (x FieldDescriptorProto_Type) Number() protoreflect.EnumNumber {
@@ -197,11 +255,11 @@ func (x FieldDescriptorProto_Label) String() string {
 }
 
 func (FieldDescriptorProto_Label) Descriptor() protoreflect.EnumDescriptor {
-	return file_google_protobuf_descriptor_proto_enumTypes[1].Descriptor()
+	return file_google_protobuf_descriptor_proto_enumTypes[2].Descriptor()
 }
 
 func (FieldDescriptorProto_Label) Type() protoreflect.EnumType {
-	return &file_google_protobuf_descriptor_proto_enumTypes[1]
+	return &file_google_protobuf_descriptor_proto_enumTypes[2]
 }
 
 func (x FieldDescriptorProto_Label) Number() protoreflect.EnumNumber {
@@ -258,11 +316,11 @@ func (x FileOptions_OptimizeMode) String() string {
 }
 
 func (FileOptions_OptimizeMode) Descriptor() protoreflect.EnumDescriptor {
-	return file_google_protobuf_descriptor_proto_enumTypes[2].Descriptor()
+	return file_google_protobuf_descriptor_proto_enumTypes[3].Descriptor()
 }
 
 func (FileOptions_OptimizeMode) Type() protoreflect.EnumType {
-	return &file_google_protobuf_descriptor_proto_enumTypes[2]
+	return &file_google_protobuf_descriptor_proto_enumTypes[3]
 }
 
 func (x FileOptions_OptimizeMode) Number() protoreflect.EnumNumber {
@@ -288,7 +346,13 @@ type FieldOptions_CType int32
 
 const (
 	// Default mode.
-	FieldOptions_STRING       FieldOptions_CType = 0
+	FieldOptions_STRING FieldOptions_CType = 0
+	// The option [ctype=CORD] may be applied to a non-repeated field of type
+	// "bytes". It indicates that in C++, the data should be stored in a Cord
+	// instead of a string.  For very large strings, this may reduce memory
+	// fragmentation. It may also allow better performance when parsing from a
+	// Cord, or when parsing with aliasing enabled, as the parsed Cord may then
+	// alias the original buffer.
 	FieldOptions_CORD         FieldOptions_CType = 1
 	FieldOptions_STRING_PIECE FieldOptions_CType = 2
 )
@@ -318,11 +382,11 @@ func (x FieldOptions_CType) String() string {
 }
 
 func (FieldOptions_CType) Descriptor() protoreflect.EnumDescriptor {
-	return file_google_protobuf_descriptor_proto_enumTypes[3].Descriptor()
+	return file_google_protobuf_descriptor_proto_enumTypes[4].Descriptor()
 }
 
 func (FieldOptions_CType) Type() protoreflect.EnumType {
-	return &file_google_protobuf_descriptor_proto_enumTypes[3]
+	return &file_google_protobuf_descriptor_proto_enumTypes[4]
 }
 
 func (x FieldOptions_CType) Number() protoreflect.EnumNumber {
@@ -380,11 +444,11 @@ func (x FieldOptions_JSType) String() string {
 }
 
 func (FieldOptions_JSType) Descriptor() protoreflect.EnumDescriptor {
-	return file_google_protobuf_descriptor_proto_enumTypes[4].Descriptor()
+	return file_google_protobuf_descriptor_proto_enumTypes[5].Descriptor()
 }
 
 func (FieldOptions_JSType) Type() protoreflect.EnumType {
-	return &file_google_protobuf_descriptor_proto_enumTypes[4]
+	return &file_google_protobuf_descriptor_proto_enumTypes[5]
 }
 
 func (x FieldOptions_JSType) Number() protoreflect.EnumNumber {
@@ -442,11 +506,11 @@ func (x FieldOptions_OptionRetention) String() string {
 }
 
 func (FieldOptions_OptionRetention) Descriptor() protoreflect.EnumDescriptor {
-	return file_google_protobuf_descriptor_proto_enumTypes[5].Descriptor()
+	return file_google_protobuf_descriptor_proto_enumTypes[6].Descriptor()
 }
 
 func (FieldOptions_OptionRetention) Type() protoreflect.EnumType {
-	return &file_google_protobuf_descriptor_proto_enumTypes[5]
+	return &file_google_protobuf_descriptor_proto_enumTypes[6]
 }
 
 func (x FieldOptions_OptionRetention) Number() protoreflect.EnumNumber {
@@ -526,11 +590,11 @@ func (x FieldOptions_OptionTargetType) String() string {
 }
 
 func (FieldOptions_OptionTargetType) Descriptor() protoreflect.EnumDescriptor {
-	return file_google_protobuf_descriptor_proto_enumTypes[6].Descriptor()
+	return file_google_protobuf_descriptor_proto_enumTypes[7].Descriptor()
 }
 
 func (FieldOptions_OptionTargetType) Type() protoreflect.EnumType {
-	return &file_google_protobuf_descriptor_proto_enumTypes[6]
+	return &file_google_protobuf_descriptor_proto_enumTypes[7]
 }
 
 func (x FieldOptions_OptionTargetType) Number() protoreflect.EnumNumber {
@@ -588,11 +652,11 @@ func (x MethodOptions_IdempotencyLevel) String() string {
 }
 
 func (MethodOptions_IdempotencyLevel) Descriptor() protoreflect.EnumDescriptor {
-	return file_google_protobuf_descriptor_proto_enumTypes[7].Descriptor()
+	return file_google_protobuf_descriptor_proto_enumTypes[8].Descriptor()
 }
 
 func (MethodOptions_IdempotencyLevel) Type() protoreflect.EnumType {
-	return &file_google_protobuf_descriptor_proto_enumTypes[7]
+	return &file_google_protobuf_descriptor_proto_enumTypes[8]
 }
 
 func (x MethodOptions_IdempotencyLevel) Number() protoreflect.EnumNumber {
@@ -652,11 +716,11 @@ func (x GeneratedCodeInfo_Annotation_Semantic) String() string {
 }
 
 func (GeneratedCodeInfo_Annotation_Semantic) Descriptor() protoreflect.EnumDescriptor {
-	return file_google_protobuf_descriptor_proto_enumTypes[8].Descriptor()
+	return file_google_protobuf_descriptor_proto_enumTypes[9].Descriptor()
 }
 
 func (GeneratedCodeInfo_Annotation_Semantic) Type() protoreflect.EnumType {
-	return &file_google_protobuf_descriptor_proto_enumTypes[8]
+	return &file_google_protobuf_descriptor_proto_enumTypes[9]
 }
 
 func (x GeneratedCodeInfo_Annotation_Semantic) Number() protoreflect.EnumNumber {
@@ -1015,7 +1079,21 @@ type ExtensionRangeOptions struct {
 
 	// The parser stores options it doesn't recognize here. See above.
 	UninterpretedOption []*UninterpretedOption `protobuf:"bytes,999,rep,name=uninterpreted_option,json=uninterpretedOption" json:"uninterpreted_option,omitempty"`
-}
+	// go/protobuf-stripping-extension-declarations
+	// Like Metadata, but we use a repeated field to hold all extension
+	// declarations. This should avoid the size increases of transforming a large
+	// extension range into small ranges in generated binaries.
+	Declaration []*ExtensionRangeOptions_Declaration `protobuf:"bytes,2,rep,name=declaration" json:"declaration,omitempty"`
+	// The verification state of the range.
+	// TODO(b/278783756): flip the default to DECLARATION once all empty ranges
+	// are marked as UNVERIFIED.
+	Verification *ExtensionRangeOptions_VerificationState `protobuf:"varint,3,opt,name=verification,enum=google.protobuf.ExtensionRangeOptions_VerificationState,def=1" json:"verification,omitempty"`
+}
+
+// Default values for ExtensionRangeOptions fields.
+const (
+	Default_ExtensionRangeOptions_Verification = ExtensionRangeOptions_UNVERIFIED
+)
 
 func (x *ExtensionRangeOptions) Reset() {
 	*x = ExtensionRangeOptions{}
@@ -1056,6 +1134,20 @@ func (x *ExtensionRangeOptions) GetUninterpretedOption() []*UninterpretedOption
 	return nil
 }
 
+func (x *ExtensionRangeOptions) GetDeclaration() []*ExtensionRangeOptions_Declaration {
+	if x != nil {
+		return x.Declaration
+	}
+	return nil
+}
+
+func (x *ExtensionRangeOptions) GetVerification() ExtensionRangeOptions_VerificationState {
+	if x != nil && x.Verification != nil {
+		return *x.Verification
+	}
+	return Default_ExtensionRangeOptions_Verification
+}
+
 // Describes a field within a message.
 type FieldDescriptorProto struct {
 	state         protoimpl.MessageState
@@ -2046,8 +2138,10 @@ type FieldOptions struct {
 
 	// The ctype option instructs the C++ code generator to use a different
 	// representation of the field than it normally would.  See the specific
-	// options below.  This option is not yet implemented in the open source
-	// release -- sorry, we'll try to include it in a future version!
+	// options below.  This option is only implemented to support use of
+	// [ctype=CORD] and [ctype=STRING] (the default) on non-repeated fields of
+	// type "bytes" in the open source release -- sorry, we'll try to include
+	// other types in a future version!
 	Ctype *FieldOptions_CType `protobuf:"varint,1,opt,name=ctype,enum=google.protobuf.FieldOptions_CType,def=0" json:"ctype,omitempty"`
 	// The packed option can be enabled for repeated primitive fields to enable
 	// a more efficient representation on the wire. Rather than repeatedly
@@ -2111,9 +2205,11 @@ type FieldOptions struct {
 	Weak *bool `protobuf:"varint,10,opt,name=weak,def=0" json:"weak,omitempty"`
 	// Indicate that the field value should not be printed out when using debug
 	// formats, e.g. when the field contains sensitive credentials.
-	DebugRedact *bool                          `protobuf:"varint,16,opt,name=debug_redact,json=debugRedact,def=0" json:"debug_redact,omitempty"`
-	Retention   *FieldOptions_OptionRetention  `protobuf:"varint,17,opt,name=retention,enum=google.protobuf.FieldOptions_OptionRetention" json:"retention,omitempty"`
-	Target      *FieldOptions_OptionTargetType `protobuf:"varint,18,opt,name=target,enum=google.protobuf.FieldOptions_OptionTargetType" json:"target,omitempty"`
+	DebugRedact *bool                         `protobuf:"varint,16,opt,name=debug_redact,json=debugRedact,def=0" json:"debug_redact,omitempty"`
+	Retention   *FieldOptions_OptionRetention `protobuf:"varint,17,opt,name=retention,enum=google.protobuf.FieldOptions_OptionRetention" json:"retention,omitempty"`
+	// Deprecated: Marked as deprecated in google/protobuf/descriptor.proto.
+	Target  *FieldOptions_OptionTargetType  `protobuf:"varint,18,opt,name=target,enum=google.protobuf.FieldOptions_OptionTargetType" json:"target,omitempty"`
+	Targets []FieldOptions_OptionTargetType `protobuf:"varint,19,rep,name=targets,enum=google.protobuf.FieldOptions_OptionTargetType" json:"targets,omitempty"`
 	// The parser stores options it doesn't recognize here. See above.
 	UninterpretedOption []*UninterpretedOption `protobuf:"bytes,999,rep,name=uninterpreted_option,json=uninterpretedOption" json:"uninterpreted_option,omitempty"`
 }
@@ -2224,6 +2320,7 @@ func (x *FieldOptions) GetRetention() FieldOptions_OptionRetention {
 	return FieldOptions_RETENTION_UNKNOWN
 }
 
+// Deprecated: Marked as deprecated in google/protobuf/descriptor.proto.
 func (x *FieldOptions) GetTarget() FieldOptions_OptionTargetType {
 	if x != nil && x.Target != nil {
 		return *x.Target
@@ -2231,6 +2328,13 @@ func (x *FieldOptions) GetTarget() FieldOptions_OptionTargetType {
 	return FieldOptions_TARGET_TYPE_UNKNOWN
 }
 
+func (x *FieldOptions) GetTargets() []FieldOptions_OptionTargetType {
+	if x != nil {
+		return x.Targets
+	}
+	return nil
+}
+
 func (x *FieldOptions) GetUninterpretedOption() []*UninterpretedOption {
 	if x != nil {
 		return x.UninterpretedOption
@@ -2960,6 +3064,108 @@ func (x *DescriptorProto_ReservedRange) GetEnd() int32 {
 	return 0
 }
 
+type ExtensionRangeOptions_Declaration struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// The extension number declared within the extension range.
+	Number *int32 `protobuf:"varint,1,opt,name=number" json:"number,omitempty"`
+	// The fully-qualified name of the extension field. There must be a leading
+	// dot in front of the full name.
+	FullName *string `protobuf:"bytes,2,opt,name=full_name,json=fullName" json:"full_name,omitempty"`
+	// The fully-qualified type name of the extension field. Unlike
+	// Metadata.type, Declaration.type must have a leading dot for messages
+	// and enums.
+	Type *string `protobuf:"bytes,3,opt,name=type" json:"type,omitempty"`
+	// Deprecated. Please use "repeated".
+	//
+	// Deprecated: Marked as deprecated in google/protobuf/descriptor.proto.
+	IsRepeated *bool `protobuf:"varint,4,opt,name=is_repeated,json=isRepeated" json:"is_repeated,omitempty"`
+	// If true, indicates that the number is reserved in the extension range,
+	// and any extension field with the number will fail to compile. Set this
+	// when a declared extension field is deleted.
+	Reserved *bool `protobuf:"varint,5,opt,name=reserved" json:"reserved,omitempty"`
+	// If true, indicates that the extension must be defined as repeated.
+	// Otherwise the extension must be defined as optional.
+	Repeated *bool `protobuf:"varint,6,opt,name=repeated" json:"repeated,omitempty"`
+}
+
+func (x *ExtensionRangeOptions_Declaration) Reset() {
+	*x = ExtensionRangeOptions_Declaration{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_google_protobuf_descriptor_proto_msgTypes[23]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *ExtensionRangeOptions_Declaration) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ExtensionRangeOptions_Declaration) ProtoMessage() {}
+
+func (x *ExtensionRangeOptions_Declaration) ProtoReflect() protoreflect.Message {
+	mi := &file_google_protobuf_descriptor_proto_msgTypes[23]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ExtensionRangeOptions_Declaration.ProtoReflect.Descriptor instead.
+func (*ExtensionRangeOptions_Declaration) Descriptor() ([]byte, []int) {
+	return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{3, 0}
+}
+
+func (x *ExtensionRangeOptions_Declaration) GetNumber() int32 {
+	if x != nil && x.Number != nil {
+		return *x.Number
+	}
+	return 0
+}
+
+func (x *ExtensionRangeOptions_Declaration) GetFullName() string {
+	if x != nil && x.FullName != nil {
+		return *x.FullName
+	}
+	return ""
+}
+
+func (x *ExtensionRangeOptions_Declaration) GetType() string {
+	if x != nil && x.Type != nil {
+		return *x.Type
+	}
+	return ""
+}
+
+// Deprecated: Marked as deprecated in google/protobuf/descriptor.proto.
+func (x *ExtensionRangeOptions_Declaration) GetIsRepeated() bool {
+	if x != nil && x.IsRepeated != nil {
+		return *x.IsRepeated
+	}
+	return false
+}
+
+func (x *ExtensionRangeOptions_Declaration) GetReserved() bool {
+	if x != nil && x.Reserved != nil {
+		return *x.Reserved
+	}
+	return false
+}
+
+func (x *ExtensionRangeOptions_Declaration) GetRepeated() bool {
+	if x != nil && x.Repeated != nil {
+		return *x.Repeated
+	}
+	return false
+}
+
 // Range of reserved numeric values. Reserved values may not be used by
 // entries in the same enum. Reserved ranges may not overlap.
 //
@@ -2978,7 +3184,7 @@ type EnumDescriptorProto_EnumReservedRange struct {
 func (x *EnumDescriptorProto_EnumReservedRange) Reset() {
 	*x = EnumDescriptorProto_EnumReservedRange{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_google_protobuf_descriptor_proto_msgTypes[23]
+		mi := &file_google_protobuf_descriptor_proto_msgTypes[24]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -2991,7 +3197,7 @@ func (x *EnumDescriptorProto_EnumReservedRange) String() string {
 func (*EnumDescriptorProto_EnumReservedRange) ProtoMessage() {}
 
 func (x *EnumDescriptorProto_EnumReservedRange) ProtoReflect() protoreflect.Message {
-	mi := &file_google_protobuf_descriptor_proto_msgTypes[23]
+	mi := &file_google_protobuf_descriptor_proto_msgTypes[24]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -3038,7 +3244,7 @@ type UninterpretedOption_NamePart struct {
 func (x *UninterpretedOption_NamePart) Reset() {
 	*x = UninterpretedOption_NamePart{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_google_protobuf_descriptor_proto_msgTypes[24]
+		mi := &file_google_protobuf_descriptor_proto_msgTypes[25]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -3051,7 +3257,7 @@ func (x *UninterpretedOption_NamePart) String() string {
 func (*UninterpretedOption_NamePart) ProtoMessage() {}
 
 func (x *UninterpretedOption_NamePart) ProtoReflect() protoreflect.Message {
-	mi := &file_google_protobuf_descriptor_proto_msgTypes[24]
+	mi := &file_google_protobuf_descriptor_proto_msgTypes[25]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -3182,7 +3388,7 @@ type SourceCodeInfo_Location struct {
 func (x *SourceCodeInfo_Location) Reset() {
 	*x = SourceCodeInfo_Location{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_google_protobuf_descriptor_proto_msgTypes[25]
+		mi := &file_google_protobuf_descriptor_proto_msgTypes[26]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -3195,7 +3401,7 @@ func (x *SourceCodeInfo_Location) String() string {
 func (*SourceCodeInfo_Location) ProtoMessage() {}
 
 func (x *SourceCodeInfo_Location) ProtoReflect() protoreflect.Message {
-	mi := &file_google_protobuf_descriptor_proto_msgTypes[25]
+	mi := &file_google_protobuf_descriptor_proto_msgTypes[26]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -3269,7 +3475,7 @@ type GeneratedCodeInfo_Annotation struct {
 func (x *GeneratedCodeInfo_Annotation) Reset() {
 	*x = GeneratedCodeInfo_Annotation{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_google_protobuf_descriptor_proto_msgTypes[26]
+		mi := &file_google_protobuf_descriptor_proto_msgTypes[27]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -3282,7 +3488,7 @@ func (x *GeneratedCodeInfo_Annotation) String() string {
 func (*GeneratedCodeInfo_Annotation) ProtoMessage() {}
 
 func (x *GeneratedCodeInfo_Annotation) ProtoReflect() protoreflect.Message {
-	mi := &file_google_protobuf_descriptor_proto_msgTypes[26]
+	mi := &file_google_protobuf_descriptor_proto_msgTypes[27]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -3436,264 +3642,296 @@ var file_google_protobuf_descriptor_proto_rawDesc = []byte{
 	0x65, 0x64, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x73, 0x74, 0x61, 0x72, 0x74,
 	0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x05, 0x73, 0x74, 0x61, 0x72, 0x74, 0x12, 0x10, 0x0a,
 	0x03, 0x65, 0x6e, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x03, 0x65, 0x6e, 0x64, 0x22,
-	0x7c, 0x0a, 0x15, 0x45, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x61, 0x6e, 0x67,
-	0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x58, 0x0a, 0x14, 0x75, 0x6e, 0x69, 0x6e,
-	0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e,
-	0x18, 0xe7, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
-	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x6e, 0x69, 0x6e, 0x74, 0x65,
-	0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x13, 0x75,
-	0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69,
-	0x6f, 0x6e, 0x2a, 0x09, 0x08, 0xe8, 0x07, 0x10, 0x80, 0x80, 0x80, 0x80, 0x02, 0x22, 0xc1, 0x06,
-	0x0a, 0x14, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f,
-	0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01,
-	0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x6e, 0x75,
-	0x6d, 0x62, 0x65, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x05, 0x52, 0x06, 0x6e, 0x75, 0x6d, 0x62,
-	0x65, 0x72, 0x12, 0x41, 0x0a, 0x05, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x18, 0x04, 0x20, 0x01, 0x28,
-	0x0e, 0x32, 0x2b, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
-	0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70,
-	0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x52, 0x05,
-	0x6c, 0x61, 0x62, 0x65, 0x6c, 0x12, 0x3e, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x05, 0x20,
-	0x01, 0x28, 0x0e, 0x32, 0x2a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f,
+	0xad, 0x04, 0x0a, 0x15, 0x45, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x61, 0x6e,
+	0x67, 0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x58, 0x0a, 0x14, 0x75, 0x6e, 0x69,
+	0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f,
+	0x6e, 0x18, 0xe7, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
+	0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x6e, 0x69, 0x6e, 0x74,
+	0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x13,
+	0x75, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74,
+	0x69, 0x6f, 0x6e, 0x12, 0x59, 0x0a, 0x0b, 0x64, 0x65, 0x63, 0x6c, 0x61, 0x72, 0x61, 0x74, 0x69,
+	0x6f, 0x6e, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x32, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
+	0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x78, 0x74, 0x65, 0x6e,
+	0x73, 0x69, 0x6f, 0x6e, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73,
+	0x2e, 0x44, 0x65, 0x63, 0x6c, 0x61, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x42, 0x03, 0x88, 0x01,
+	0x02, 0x52, 0x0b, 0x64, 0x65, 0x63, 0x6c, 0x61, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x68,
+	0x0a, 0x0c, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x03,
+	0x20, 0x01, 0x28, 0x0e, 0x32, 0x38, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72,
+	0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e,
+	0x52, 0x61, 0x6e, 0x67, 0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x56, 0x65, 0x72,
+	0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x74, 0x61, 0x74, 0x65, 0x3a, 0x0a,
+	0x55, 0x4e, 0x56, 0x45, 0x52, 0x49, 0x46, 0x49, 0x45, 0x44, 0x52, 0x0c, 0x76, 0x65, 0x72, 0x69,
+	0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x1a, 0xb3, 0x01, 0x0a, 0x0b, 0x44, 0x65, 0x63,
+	0x6c, 0x61, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x16, 0x0a, 0x06, 0x6e, 0x75, 0x6d, 0x62,
+	0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x06, 0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72,
+	0x12, 0x1b, 0x0a, 0x09, 0x66, 0x75, 0x6c, 0x6c, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20,
+	0x01, 0x28, 0x09, 0x52, 0x08, 0x66, 0x75, 0x6c, 0x6c, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x12, 0x0a,
+	0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x74, 0x79, 0x70,
+	0x65, 0x12, 0x23, 0x0a, 0x0b, 0x69, 0x73, 0x5f, 0x72, 0x65, 0x70, 0x65, 0x61, 0x74, 0x65, 0x64,
+	0x18, 0x04, 0x20, 0x01, 0x28, 0x08, 0x42, 0x02, 0x18, 0x01, 0x52, 0x0a, 0x69, 0x73, 0x52, 0x65,
+	0x70, 0x65, 0x61, 0x74, 0x65, 0x64, 0x12, 0x1a, 0x0a, 0x08, 0x72, 0x65, 0x73, 0x65, 0x72, 0x76,
+	0x65, 0x64, 0x18, 0x05, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x72, 0x65, 0x73, 0x65, 0x72, 0x76,
+	0x65, 0x64, 0x12, 0x1a, 0x0a, 0x08, 0x72, 0x65, 0x70, 0x65, 0x61, 0x74, 0x65, 0x64, 0x18, 0x06,
+	0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x72, 0x65, 0x70, 0x65, 0x61, 0x74, 0x65, 0x64, 0x22, 0x34,
+	0x0a, 0x11, 0x56, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x74,
+	0x61, 0x74, 0x65, 0x12, 0x0f, 0x0a, 0x0b, 0x44, 0x45, 0x43, 0x4c, 0x41, 0x52, 0x41, 0x54, 0x49,
+	0x4f, 0x4e, 0x10, 0x00, 0x12, 0x0e, 0x0a, 0x0a, 0x55, 0x4e, 0x56, 0x45, 0x52, 0x49, 0x46, 0x49,
+	0x45, 0x44, 0x10, 0x01, 0x2a, 0x09, 0x08, 0xe8, 0x07, 0x10, 0x80, 0x80, 0x80, 0x80, 0x02, 0x22,
+	0xc1, 0x06, 0x0a, 0x14, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70,
+	0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65,
+	0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x16, 0x0a, 0x06,
+	0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x05, 0x52, 0x06, 0x6e, 0x75,
+	0x6d, 0x62, 0x65, 0x72, 0x12, 0x41, 0x0a, 0x05, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x18, 0x04, 0x20,
+	0x01, 0x28, 0x0e, 0x32, 0x2b, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f,
 	0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x44, 0x65, 0x73, 0x63, 0x72,
-	0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x54, 0x79, 0x70, 0x65, 0x52,
-	0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x1b, 0x0a, 0x09, 0x74, 0x79, 0x70, 0x65, 0x5f, 0x6e, 0x61,
-	0x6d, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x74, 0x79, 0x70, 0x65, 0x4e, 0x61,
-	0x6d, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x64, 0x65, 0x65, 0x18, 0x02,
-	0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x64, 0x65, 0x65, 0x12, 0x23,
-	0x0a, 0x0d, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x5f, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18,
-	0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x56, 0x61,
-	0x6c, 0x75, 0x65, 0x12, 0x1f, 0x0a, 0x0b, 0x6f, 0x6e, 0x65, 0x6f, 0x66, 0x5f, 0x69, 0x6e, 0x64,
-	0x65, 0x78, 0x18, 0x09, 0x20, 0x01, 0x28, 0x05, 0x52, 0x0a, 0x6f, 0x6e, 0x65, 0x6f, 0x66, 0x49,
-	0x6e, 0x64, 0x65, 0x78, 0x12, 0x1b, 0x0a, 0x09, 0x6a, 0x73, 0x6f, 0x6e, 0x5f, 0x6e, 0x61, 0x6d,
-	0x65, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x6a, 0x73, 0x6f, 0x6e, 0x4e, 0x61, 0x6d,
-	0x65, 0x12, 0x37, 0x0a, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x08, 0x20, 0x01,
-	0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74,
-	0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e,
-	0x73, 0x52, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x27, 0x0a, 0x0f, 0x70, 0x72,
-	0x6f, 0x74, 0x6f, 0x33, 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x18, 0x11, 0x20,
-	0x01, 0x28, 0x08, 0x52, 0x0e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, 0x4f, 0x70, 0x74, 0x69, 0x6f,
-	0x6e, 0x61, 0x6c, 0x22, 0xb6, 0x02, 0x0a, 0x04, 0x54, 0x79, 0x70, 0x65, 0x12, 0x0f, 0x0a, 0x0b,
-	0x54, 0x59, 0x50, 0x45, 0x5f, 0x44, 0x4f, 0x55, 0x42, 0x4c, 0x45, 0x10, 0x01, 0x12, 0x0e, 0x0a,
-	0x0a, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x46, 0x4c, 0x4f, 0x41, 0x54, 0x10, 0x02, 0x12, 0x0e, 0x0a,
-	0x0a, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x49, 0x4e, 0x54, 0x36, 0x34, 0x10, 0x03, 0x12, 0x0f, 0x0a,
-	0x0b, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x55, 0x49, 0x4e, 0x54, 0x36, 0x34, 0x10, 0x04, 0x12, 0x0e,
-	0x0a, 0x0a, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x49, 0x4e, 0x54, 0x33, 0x32, 0x10, 0x05, 0x12, 0x10,
-	0x0a, 0x0c, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x46, 0x49, 0x58, 0x45, 0x44, 0x36, 0x34, 0x10, 0x06,
-	0x12, 0x10, 0x0a, 0x0c, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x46, 0x49, 0x58, 0x45, 0x44, 0x33, 0x32,
-	0x10, 0x07, 0x12, 0x0d, 0x0a, 0x09, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x42, 0x4f, 0x4f, 0x4c, 0x10,
-	0x08, 0x12, 0x0f, 0x0a, 0x0b, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x53, 0x54, 0x52, 0x49, 0x4e, 0x47,
-	0x10, 0x09, 0x12, 0x0e, 0x0a, 0x0a, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x47, 0x52, 0x4f, 0x55, 0x50,
-	0x10, 0x0a, 0x12, 0x10, 0x0a, 0x0c, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x4d, 0x45, 0x53, 0x53, 0x41,
-	0x47, 0x45, 0x10, 0x0b, 0x12, 0x0e, 0x0a, 0x0a, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x42, 0x59, 0x54,
-	0x45, 0x53, 0x10, 0x0c, 0x12, 0x0f, 0x0a, 0x0b, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x55, 0x49, 0x4e,
-	0x54, 0x33, 0x32, 0x10, 0x0d, 0x12, 0x0d, 0x0a, 0x09, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x45, 0x4e,
-	0x55, 0x4d, 0x10, 0x0e, 0x12, 0x11, 0x0a, 0x0d, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x53, 0x46, 0x49,
-	0x58, 0x45, 0x44, 0x33, 0x32, 0x10, 0x0f, 0x12, 0x11, 0x0a, 0x0d, 0x54, 0x59, 0x50, 0x45, 0x5f,
-	0x53, 0x46, 0x49, 0x58, 0x45, 0x44, 0x36, 0x34, 0x10, 0x10, 0x12, 0x0f, 0x0a, 0x0b, 0x54, 0x59,
-	0x50, 0x45, 0x5f, 0x53, 0x49, 0x4e, 0x54, 0x33, 0x32, 0x10, 0x11, 0x12, 0x0f, 0x0a, 0x0b, 0x54,
-	0x59, 0x50, 0x45, 0x5f, 0x53, 0x49, 0x4e, 0x54, 0x36, 0x34, 0x10, 0x12, 0x22, 0x43, 0x0a, 0x05,
-	0x4c, 0x61, 0x62, 0x65, 0x6c, 0x12, 0x12, 0x0a, 0x0e, 0x4c, 0x41, 0x42, 0x45, 0x4c, 0x5f, 0x4f,
-	0x50, 0x54, 0x49, 0x4f, 0x4e, 0x41, 0x4c, 0x10, 0x01, 0x12, 0x12, 0x0a, 0x0e, 0x4c, 0x41, 0x42,
-	0x45, 0x4c, 0x5f, 0x52, 0x45, 0x51, 0x55, 0x49, 0x52, 0x45, 0x44, 0x10, 0x02, 0x12, 0x12, 0x0a,
-	0x0e, 0x4c, 0x41, 0x42, 0x45, 0x4c, 0x5f, 0x52, 0x45, 0x50, 0x45, 0x41, 0x54, 0x45, 0x44, 0x10,
-	0x03, 0x22, 0x63, 0x0a, 0x14, 0x4f, 0x6e, 0x65, 0x6f, 0x66, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69,
-	0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d,
-	0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x37, 0x0a,
-	0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1d,
+	0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x4c, 0x61, 0x62, 0x65, 0x6c,
+	0x52, 0x05, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x12, 0x3e, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18,
+	0x05, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70,
+	0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x44, 0x65, 0x73,
+	0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x54, 0x79, 0x70,
+	0x65, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x1b, 0x0a, 0x09, 0x74, 0x79, 0x70, 0x65, 0x5f,
+	0x6e, 0x61, 0x6d, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x74, 0x79, 0x70, 0x65,
+	0x4e, 0x61, 0x6d, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x64, 0x65, 0x65,
+	0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x64, 0x65, 0x65,
+	0x12, 0x23, 0x0a, 0x0d, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x5f, 0x76, 0x61, 0x6c, 0x75,
+	0x65, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74,
+	0x56, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x1f, 0x0a, 0x0b, 0x6f, 0x6e, 0x65, 0x6f, 0x66, 0x5f, 0x69,
+	0x6e, 0x64, 0x65, 0x78, 0x18, 0x09, 0x20, 0x01, 0x28, 0x05, 0x52, 0x0a, 0x6f, 0x6e, 0x65, 0x6f,
+	0x66, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x12, 0x1b, 0x0a, 0x09, 0x6a, 0x73, 0x6f, 0x6e, 0x5f, 0x6e,
+	0x61, 0x6d, 0x65, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x6a, 0x73, 0x6f, 0x6e, 0x4e,
+	0x61, 0x6d, 0x65, 0x12, 0x37, 0x0a, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x08,
+	0x20, 0x01, 0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72,
+	0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x4f, 0x70, 0x74, 0x69,
+	0x6f, 0x6e, 0x73, 0x52, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x27, 0x0a, 0x0f,
+	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x18,
+	0x11, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, 0x4f, 0x70, 0x74,
+	0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x22, 0xb6, 0x02, 0x0a, 0x04, 0x54, 0x79, 0x70, 0x65, 0x12, 0x0f,
+	0x0a, 0x0b, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x44, 0x4f, 0x55, 0x42, 0x4c, 0x45, 0x10, 0x01, 0x12,
+	0x0e, 0x0a, 0x0a, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x46, 0x4c, 0x4f, 0x41, 0x54, 0x10, 0x02, 0x12,
+	0x0e, 0x0a, 0x0a, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x49, 0x4e, 0x54, 0x36, 0x34, 0x10, 0x03, 0x12,
+	0x0f, 0x0a, 0x0b, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x55, 0x49, 0x4e, 0x54, 0x36, 0x34, 0x10, 0x04,
+	0x12, 0x0e, 0x0a, 0x0a, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x49, 0x4e, 0x54, 0x33, 0x32, 0x10, 0x05,
+	0x12, 0x10, 0x0a, 0x0c, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x46, 0x49, 0x58, 0x45, 0x44, 0x36, 0x34,
+	0x10, 0x06, 0x12, 0x10, 0x0a, 0x0c, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x46, 0x49, 0x58, 0x45, 0x44,
+	0x33, 0x32, 0x10, 0x07, 0x12, 0x0d, 0x0a, 0x09, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x42, 0x4f, 0x4f,
+	0x4c, 0x10, 0x08, 0x12, 0x0f, 0x0a, 0x0b, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x53, 0x54, 0x52, 0x49,
+	0x4e, 0x47, 0x10, 0x09, 0x12, 0x0e, 0x0a, 0x0a, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x47, 0x52, 0x4f,
+	0x55, 0x50, 0x10, 0x0a, 0x12, 0x10, 0x0a, 0x0c, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x4d, 0x45, 0x53,
+	0x53, 0x41, 0x47, 0x45, 0x10, 0x0b, 0x12, 0x0e, 0x0a, 0x0a, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x42,
+	0x59, 0x54, 0x45, 0x53, 0x10, 0x0c, 0x12, 0x0f, 0x0a, 0x0b, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x55,
+	0x49, 0x4e, 0x54, 0x33, 0x32, 0x10, 0x0d, 0x12, 0x0d, 0x0a, 0x09, 0x54, 0x59, 0x50, 0x45, 0x5f,
+	0x45, 0x4e, 0x55, 0x4d, 0x10, 0x0e, 0x12, 0x11, 0x0a, 0x0d, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x53,
+	0x46, 0x49, 0x58, 0x45, 0x44, 0x33, 0x32, 0x10, 0x0f, 0x12, 0x11, 0x0a, 0x0d, 0x54, 0x59, 0x50,
+	0x45, 0x5f, 0x53, 0x46, 0x49, 0x58, 0x45, 0x44, 0x36, 0x34, 0x10, 0x10, 0x12, 0x0f, 0x0a, 0x0b,
+	0x54, 0x59, 0x50, 0x45, 0x5f, 0x53, 0x49, 0x4e, 0x54, 0x33, 0x32, 0x10, 0x11, 0x12, 0x0f, 0x0a,
+	0x0b, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x53, 0x49, 0x4e, 0x54, 0x36, 0x34, 0x10, 0x12, 0x22, 0x43,
+	0x0a, 0x05, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x12, 0x12, 0x0a, 0x0e, 0x4c, 0x41, 0x42, 0x45, 0x4c,
+	0x5f, 0x4f, 0x50, 0x54, 0x49, 0x4f, 0x4e, 0x41, 0x4c, 0x10, 0x01, 0x12, 0x12, 0x0a, 0x0e, 0x4c,
+	0x41, 0x42, 0x45, 0x4c, 0x5f, 0x52, 0x45, 0x51, 0x55, 0x49, 0x52, 0x45, 0x44, 0x10, 0x02, 0x12,
+	0x12, 0x0a, 0x0e, 0x4c, 0x41, 0x42, 0x45, 0x4c, 0x5f, 0x52, 0x45, 0x50, 0x45, 0x41, 0x54, 0x45,
+	0x44, 0x10, 0x03, 0x22, 0x63, 0x0a, 0x14, 0x4f, 0x6e, 0x65, 0x6f, 0x66, 0x44, 0x65, 0x73, 0x63,
+	0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x12, 0x0a, 0x04, 0x6e,
+	0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12,
+	0x37, 0x0a, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b,
+	0x32, 0x1d, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62,
+	0x75, 0x66, 0x2e, 0x4f, 0x6e, 0x65, 0x6f, 0x66, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52,
+	0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x22, 0xe3, 0x02, 0x0a, 0x13, 0x45, 0x6e, 0x75,
+	0x6d, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f,
+	0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04,
+	0x6e, 0x61, 0x6d, 0x65, 0x12, 0x3f, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20,
+	0x03, 0x28, 0x0b, 0x32, 0x29, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f,
+	0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6e, 0x75, 0x6d, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x44,
+	0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x52, 0x05,
+	0x76, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x36, 0x0a, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73,
+	0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e,
+	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6e, 0x75, 0x6d, 0x4f, 0x70, 0x74,
+	0x69, 0x6f, 0x6e, 0x73, 0x52, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x5d, 0x0a,
+	0x0e, 0x72, 0x65, 0x73, 0x65, 0x72, 0x76, 0x65, 0x64, 0x5f, 0x72, 0x61, 0x6e, 0x67, 0x65, 0x18,
+	0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x36, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70,
+	0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6e, 0x75, 0x6d, 0x44, 0x65, 0x73, 0x63,
+	0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x45, 0x6e, 0x75, 0x6d,
+	0x52, 0x65, 0x73, 0x65, 0x72, 0x76, 0x65, 0x64, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x52, 0x0d, 0x72,
+	0x65, 0x73, 0x65, 0x72, 0x76, 0x65, 0x64, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x12, 0x23, 0x0a, 0x0d,
+	0x72, 0x65, 0x73, 0x65, 0x72, 0x76, 0x65, 0x64, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x05, 0x20,
+	0x03, 0x28, 0x09, 0x52, 0x0c, 0x72, 0x65, 0x73, 0x65, 0x72, 0x76, 0x65, 0x64, 0x4e, 0x61, 0x6d,
+	0x65, 0x1a, 0x3b, 0x0a, 0x11, 0x45, 0x6e, 0x75, 0x6d, 0x52, 0x65, 0x73, 0x65, 0x72, 0x76, 0x65,
+	0x64, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x73, 0x74, 0x61, 0x72, 0x74, 0x18,
+	0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x05, 0x73, 0x74, 0x61, 0x72, 0x74, 0x12, 0x10, 0x0a, 0x03,
+	0x65, 0x6e, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x03, 0x65, 0x6e, 0x64, 0x22, 0x83,
+	0x01, 0x0a, 0x18, 0x45, 0x6e, 0x75, 0x6d, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x44, 0x65, 0x73, 0x63,
+	0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x12, 0x0a, 0x04, 0x6e,
+	0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12,
+	0x16, 0x0a, 0x06, 0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52,
+	0x06, 0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x12, 0x3b, 0x0a, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f,
+	0x6e, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x21, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
+	0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6e, 0x75, 0x6d, 0x56,
+	0x61, 0x6c, 0x75, 0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x07, 0x6f, 0x70, 0x74,
+	0x69, 0x6f, 0x6e, 0x73, 0x22, 0xa7, 0x01, 0x0a, 0x16, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65,
+	0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x12,
+	0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e,
+	0x61, 0x6d, 0x65, 0x12, 0x3e, 0x0a, 0x06, 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x18, 0x02, 0x20,
+	0x03, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f,
+	0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x44, 0x65, 0x73, 0x63,
+	0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x52, 0x06, 0x6d, 0x65, 0x74,
+	0x68, 0x6f, 0x64, 0x12, 0x39, 0x0a, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x03,
+	0x20, 0x01, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72,
+	0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x4f, 0x70,
+	0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x22, 0x89,
+	0x02, 0x0a, 0x15, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70,
+	0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65,
+	0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x1d, 0x0a, 0x0a,
+	0x69, 0x6e, 0x70, 0x75, 0x74, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09,
+	0x52, 0x09, 0x69, 0x6e, 0x70, 0x75, 0x74, 0x54, 0x79, 0x70, 0x65, 0x12, 0x1f, 0x0a, 0x0b, 0x6f,
+	0x75, 0x74, 0x70, 0x75, 0x74, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09,
+	0x52, 0x0a, 0x6f, 0x75, 0x74, 0x70, 0x75, 0x74, 0x54, 0x79, 0x70, 0x65, 0x12, 0x38, 0x0a, 0x07,
+	0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1e, 0x2e,
+	0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e,
+	0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x07, 0x6f,
+	0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x30, 0x0a, 0x10, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74,
+	0x5f, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x69, 0x6e, 0x67, 0x18, 0x05, 0x20, 0x01, 0x28, 0x08,
+	0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x0f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x53,
+	0x74, 0x72, 0x65, 0x61, 0x6d, 0x69, 0x6e, 0x67, 0x12, 0x30, 0x0a, 0x10, 0x73, 0x65, 0x72, 0x76,
+	0x65, 0x72, 0x5f, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x69, 0x6e, 0x67, 0x18, 0x06, 0x20, 0x01,
+	0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x0f, 0x73, 0x65, 0x72, 0x76, 0x65,
+	0x72, 0x53, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x69, 0x6e, 0x67, 0x22, 0x91, 0x09, 0x0a, 0x0b, 0x46,
+	0x69, 0x6c, 0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x21, 0x0a, 0x0c, 0x6a, 0x61,
+	0x76, 0x61, 0x5f, 0x70, 0x61, 0x63, 0x6b, 0x61, 0x67, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09,
+	0x52, 0x0b, 0x6a, 0x61, 0x76, 0x61, 0x50, 0x61, 0x63, 0x6b, 0x61, 0x67, 0x65, 0x12, 0x30, 0x0a,
+	0x14, 0x6a, 0x61, 0x76, 0x61, 0x5f, 0x6f, 0x75, 0x74, 0x65, 0x72, 0x5f, 0x63, 0x6c, 0x61, 0x73,
+	0x73, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x08, 0x20, 0x01, 0x28, 0x09, 0x52, 0x12, 0x6a, 0x61, 0x76,
+	0x61, 0x4f, 0x75, 0x74, 0x65, 0x72, 0x43, 0x6c, 0x61, 0x73, 0x73, 0x6e, 0x61, 0x6d, 0x65, 0x12,
+	0x35, 0x0a, 0x13, 0x6a, 0x61, 0x76, 0x61, 0x5f, 0x6d, 0x75, 0x6c, 0x74, 0x69, 0x70, 0x6c, 0x65,
+	0x5f, 0x66, 0x69, 0x6c, 0x65, 0x73, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61,
+	0x6c, 0x73, 0x65, 0x52, 0x11, 0x6a, 0x61, 0x76, 0x61, 0x4d, 0x75, 0x6c, 0x74, 0x69, 0x70, 0x6c,
+	0x65, 0x46, 0x69, 0x6c, 0x65, 0x73, 0x12, 0x44, 0x0a, 0x1d, 0x6a, 0x61, 0x76, 0x61, 0x5f, 0x67,
+	0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x5f, 0x65, 0x71, 0x75, 0x61, 0x6c, 0x73, 0x5f, 0x61,
+	0x6e, 0x64, 0x5f, 0x68, 0x61, 0x73, 0x68, 0x18, 0x14, 0x20, 0x01, 0x28, 0x08, 0x42, 0x02, 0x18,
+	0x01, 0x52, 0x19, 0x6a, 0x61, 0x76, 0x61, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x45,
+	0x71, 0x75, 0x61, 0x6c, 0x73, 0x41, 0x6e, 0x64, 0x48, 0x61, 0x73, 0x68, 0x12, 0x3a, 0x0a, 0x16,
+	0x6a, 0x61, 0x76, 0x61, 0x5f, 0x73, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x5f, 0x63, 0x68, 0x65, 0x63,
+	0x6b, 0x5f, 0x75, 0x74, 0x66, 0x38, 0x18, 0x1b, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61,
+	0x6c, 0x73, 0x65, 0x52, 0x13, 0x6a, 0x61, 0x76, 0x61, 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x43,
+	0x68, 0x65, 0x63, 0x6b, 0x55, 0x74, 0x66, 0x38, 0x12, 0x53, 0x0a, 0x0c, 0x6f, 0x70, 0x74, 0x69,
+	0x6d, 0x69, 0x7a, 0x65, 0x5f, 0x66, 0x6f, 0x72, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x29,
 	0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66,
-	0x2e, 0x4f, 0x6e, 0x65, 0x6f, 0x66, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x07, 0x6f,
-	0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x22, 0xe3, 0x02, 0x0a, 0x13, 0x45, 0x6e, 0x75, 0x6d, 0x44,
-	0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x12,
-	0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61,
-	0x6d, 0x65, 0x12, 0x3f, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x03, 0x28,
-	0x0b, 0x32, 0x29, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
-	0x62, 0x75, 0x66, 0x2e, 0x45, 0x6e, 0x75, 0x6d, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x44, 0x65, 0x73,
-	0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x52, 0x05, 0x76, 0x61,
-	0x6c, 0x75, 0x65, 0x12, 0x36, 0x0a, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x03,
-	0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72,
-	0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6e, 0x75, 0x6d, 0x4f, 0x70, 0x74, 0x69, 0x6f,
-	0x6e, 0x73, 0x52, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x5d, 0x0a, 0x0e, 0x72,
-	0x65, 0x73, 0x65, 0x72, 0x76, 0x65, 0x64, 0x5f, 0x72, 0x61, 0x6e, 0x67, 0x65, 0x18, 0x04, 0x20,
-	0x03, 0x28, 0x0b, 0x32, 0x36, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f,
-	0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6e, 0x75, 0x6d, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69,
-	0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x45, 0x6e, 0x75, 0x6d, 0x52, 0x65,
-	0x73, 0x65, 0x72, 0x76, 0x65, 0x64, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x52, 0x0d, 0x72, 0x65, 0x73,
-	0x65, 0x72, 0x76, 0x65, 0x64, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x12, 0x23, 0x0a, 0x0d, 0x72, 0x65,
-	0x73, 0x65, 0x72, 0x76, 0x65, 0x64, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x05, 0x20, 0x03, 0x28,
-	0x09, 0x52, 0x0c, 0x72, 0x65, 0x73, 0x65, 0x72, 0x76, 0x65, 0x64, 0x4e, 0x61, 0x6d, 0x65, 0x1a,
-	0x3b, 0x0a, 0x11, 0x45, 0x6e, 0x75, 0x6d, 0x52, 0x65, 0x73, 0x65, 0x72, 0x76, 0x65, 0x64, 0x52,
-	0x61, 0x6e, 0x67, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x73, 0x74, 0x61, 0x72, 0x74, 0x18, 0x01, 0x20,
-	0x01, 0x28, 0x05, 0x52, 0x05, 0x73, 0x74, 0x61, 0x72, 0x74, 0x12, 0x10, 0x0a, 0x03, 0x65, 0x6e,
-	0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x03, 0x65, 0x6e, 0x64, 0x22, 0x83, 0x01, 0x0a,
-	0x18, 0x45, 0x6e, 0x75, 0x6d, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69,
-	0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d,
-	0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x16, 0x0a,
-	0x06, 0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x06, 0x6e,
-	0x75, 0x6d, 0x62, 0x65, 0x72, 0x12, 0x3b, 0x0a, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73,
-	0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x21, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e,
-	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6e, 0x75, 0x6d, 0x56, 0x61, 0x6c,
-	0x75, 0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f,
-	0x6e, 0x73, 0x22, 0xa7, 0x01, 0x0a, 0x16, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x44, 0x65,
-	0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x12, 0x0a,
-	0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d,
-	0x65, 0x12, 0x3e, 0x0a, 0x06, 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x18, 0x02, 0x20, 0x03, 0x28,
-	0x0b, 0x32, 0x26, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
-	0x62, 0x75, 0x66, 0x2e, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69,
-	0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x52, 0x06, 0x6d, 0x65, 0x74, 0x68, 0x6f,
-	0x64, 0x12, 0x39, 0x0a, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x03, 0x20, 0x01,
-	0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74,
-	0x6f, 0x62, 0x75, 0x66, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x4f, 0x70, 0x74, 0x69,
-	0x6f, 0x6e, 0x73, 0x52, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x22, 0x89, 0x02, 0x0a,
-	0x15, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f,
-	0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01,
-	0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x1d, 0x0a, 0x0a, 0x69, 0x6e,
-	0x70, 0x75, 0x74, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09,
-	0x69, 0x6e, 0x70, 0x75, 0x74, 0x54, 0x79, 0x70, 0x65, 0x12, 0x1f, 0x0a, 0x0b, 0x6f, 0x75, 0x74,
-	0x70, 0x75, 0x74, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a,
-	0x6f, 0x75, 0x74, 0x70, 0x75, 0x74, 0x54, 0x79, 0x70, 0x65, 0x12, 0x38, 0x0a, 0x07, 0x6f, 0x70,
-	0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1e, 0x2e, 0x67, 0x6f,
-	0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x4d, 0x65,
-	0x74, 0x68, 0x6f, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x07, 0x6f, 0x70, 0x74,
-	0x69, 0x6f, 0x6e, 0x73, 0x12, 0x30, 0x0a, 0x10, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x73,
-	0x74, 0x72, 0x65, 0x61, 0x6d, 0x69, 0x6e, 0x67, 0x18, 0x05, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05,
-	0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x0f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x53, 0x74, 0x72,
-	0x65, 0x61, 0x6d, 0x69, 0x6e, 0x67, 0x12, 0x30, 0x0a, 0x10, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72,
-	0x5f, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x69, 0x6e, 0x67, 0x18, 0x06, 0x20, 0x01, 0x28, 0x08,
-	0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x0f, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x53,
-	0x74, 0x72, 0x65, 0x61, 0x6d, 0x69, 0x6e, 0x67, 0x22, 0x91, 0x09, 0x0a, 0x0b, 0x46, 0x69, 0x6c,
-	0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x21, 0x0a, 0x0c, 0x6a, 0x61, 0x76, 0x61,
-	0x5f, 0x70, 0x61, 0x63, 0x6b, 0x61, 0x67, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b,
-	0x6a, 0x61, 0x76, 0x61, 0x50, 0x61, 0x63, 0x6b, 0x61, 0x67, 0x65, 0x12, 0x30, 0x0a, 0x14, 0x6a,
-	0x61, 0x76, 0x61, 0x5f, 0x6f, 0x75, 0x74, 0x65, 0x72, 0x5f, 0x63, 0x6c, 0x61, 0x73, 0x73, 0x6e,
-	0x61, 0x6d, 0x65, 0x18, 0x08, 0x20, 0x01, 0x28, 0x09, 0x52, 0x12, 0x6a, 0x61, 0x76, 0x61, 0x4f,
-	0x75, 0x74, 0x65, 0x72, 0x43, 0x6c, 0x61, 0x73, 0x73, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x35, 0x0a,
-	0x13, 0x6a, 0x61, 0x76, 0x61, 0x5f, 0x6d, 0x75, 0x6c, 0x74, 0x69, 0x70, 0x6c, 0x65, 0x5f, 0x66,
-	0x69, 0x6c, 0x65, 0x73, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73,
-	0x65, 0x52, 0x11, 0x6a, 0x61, 0x76, 0x61, 0x4d, 0x75, 0x6c, 0x74, 0x69, 0x70, 0x6c, 0x65, 0x46,
-	0x69, 0x6c, 0x65, 0x73, 0x12, 0x44, 0x0a, 0x1d, 0x6a, 0x61, 0x76, 0x61, 0x5f, 0x67, 0x65, 0x6e,
-	0x65, 0x72, 0x61, 0x74, 0x65, 0x5f, 0x65, 0x71, 0x75, 0x61, 0x6c, 0x73, 0x5f, 0x61, 0x6e, 0x64,
-	0x5f, 0x68, 0x61, 0x73, 0x68, 0x18, 0x14, 0x20, 0x01, 0x28, 0x08, 0x42, 0x02, 0x18, 0x01, 0x52,
-	0x19, 0x6a, 0x61, 0x76, 0x61, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x45, 0x71, 0x75,
-	0x61, 0x6c, 0x73, 0x41, 0x6e, 0x64, 0x48, 0x61, 0x73, 0x68, 0x12, 0x3a, 0x0a, 0x16, 0x6a, 0x61,
-	0x76, 0x61, 0x5f, 0x73, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x5f, 0x63, 0x68, 0x65, 0x63, 0x6b, 0x5f,
-	0x75, 0x74, 0x66, 0x38, 0x18, 0x1b, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73,
-	0x65, 0x52, 0x13, 0x6a, 0x61, 0x76, 0x61, 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x43, 0x68, 0x65,
-	0x63, 0x6b, 0x55, 0x74, 0x66, 0x38, 0x12, 0x53, 0x0a, 0x0c, 0x6f, 0x70, 0x74, 0x69, 0x6d, 0x69,
-	0x7a, 0x65, 0x5f, 0x66, 0x6f, 0x72, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x29, 0x2e, 0x67,
-	0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46,
-	0x69, 0x6c, 0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x4f, 0x70, 0x74, 0x69, 0x6d,
-	0x69, 0x7a, 0x65, 0x4d, 0x6f, 0x64, 0x65, 0x3a, 0x05, 0x53, 0x50, 0x45, 0x45, 0x44, 0x52, 0x0b,
-	0x6f, 0x70, 0x74, 0x69, 0x6d, 0x69, 0x7a, 0x65, 0x46, 0x6f, 0x72, 0x12, 0x1d, 0x0a, 0x0a, 0x67,
-	0x6f, 0x5f, 0x70, 0x61, 0x63, 0x6b, 0x61, 0x67, 0x65, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x09, 0x52,
-	0x09, 0x67, 0x6f, 0x50, 0x61, 0x63, 0x6b, 0x61, 0x67, 0x65, 0x12, 0x35, 0x0a, 0x13, 0x63, 0x63,
-	0x5f, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x69, 0x63, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65,
-	0x73, 0x18, 0x10, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x11,
-	0x63, 0x63, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x69, 0x63, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65,
-	0x73, 0x12, 0x39, 0x0a, 0x15, 0x6a, 0x61, 0x76, 0x61, 0x5f, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x69,
-	0x63, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x18, 0x11, 0x20, 0x01, 0x28, 0x08,
-	0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x13, 0x6a, 0x61, 0x76, 0x61, 0x47, 0x65, 0x6e,
-	0x65, 0x72, 0x69, 0x63, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x12, 0x35, 0x0a, 0x13,
-	0x70, 0x79, 0x5f, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x69, 0x63, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69,
-	0x63, 0x65, 0x73, 0x18, 0x12, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65,
-	0x52, 0x11, 0x70, 0x79, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x69, 0x63, 0x53, 0x65, 0x72, 0x76, 0x69,
-	0x63, 0x65, 0x73, 0x12, 0x37, 0x0a, 0x14, 0x70, 0x68, 0x70, 0x5f, 0x67, 0x65, 0x6e, 0x65, 0x72,
-	0x69, 0x63, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x18, 0x2a, 0x20, 0x01, 0x28,
-	0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x12, 0x70, 0x68, 0x70, 0x47, 0x65, 0x6e,
-	0x65, 0x72, 0x69, 0x63, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x12, 0x25, 0x0a, 0x0a,
-	0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x18, 0x17, 0x20, 0x01, 0x28, 0x08,
-	0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x0a, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61,
-	0x74, 0x65, 0x64, 0x12, 0x2e, 0x0a, 0x10, 0x63, 0x63, 0x5f, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65,
-	0x5f, 0x61, 0x72, 0x65, 0x6e, 0x61, 0x73, 0x18, 0x1f, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x04, 0x74,
-	0x72, 0x75, 0x65, 0x52, 0x0e, 0x63, 0x63, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x41, 0x72, 0x65,
-	0x6e, 0x61, 0x73, 0x12, 0x2a, 0x0a, 0x11, 0x6f, 0x62, 0x6a, 0x63, 0x5f, 0x63, 0x6c, 0x61, 0x73,
-	0x73, 0x5f, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, 0x18, 0x24, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f,
-	0x6f, 0x62, 0x6a, 0x63, 0x43, 0x6c, 0x61, 0x73, 0x73, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x12,
-	0x29, 0x0a, 0x10, 0x63, 0x73, 0x68, 0x61, 0x72, 0x70, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70,
-	0x61, 0x63, 0x65, 0x18, 0x25, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x63, 0x73, 0x68, 0x61, 0x72,
-	0x70, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x12, 0x21, 0x0a, 0x0c, 0x73, 0x77,
-	0x69, 0x66, 0x74, 0x5f, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, 0x18, 0x27, 0x20, 0x01, 0x28, 0x09,
-	0x52, 0x0b, 0x73, 0x77, 0x69, 0x66, 0x74, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x12, 0x28, 0x0a,
-	0x10, 0x70, 0x68, 0x70, 0x5f, 0x63, 0x6c, 0x61, 0x73, 0x73, 0x5f, 0x70, 0x72, 0x65, 0x66, 0x69,
-	0x78, 0x18, 0x28, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x70, 0x68, 0x70, 0x43, 0x6c, 0x61, 0x73,
-	0x73, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x12, 0x23, 0x0a, 0x0d, 0x70, 0x68, 0x70, 0x5f, 0x6e,
-	0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x18, 0x29, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c,
-	0x70, 0x68, 0x70, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x12, 0x34, 0x0a, 0x16,
-	0x70, 0x68, 0x70, 0x5f, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x5f, 0x6e, 0x61, 0x6d,
-	0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x18, 0x2c, 0x20, 0x01, 0x28, 0x09, 0x52, 0x14, 0x70, 0x68,
-	0x70, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61,
-	0x63, 0x65, 0x12, 0x21, 0x0a, 0x0c, 0x72, 0x75, 0x62, 0x79, 0x5f, 0x70, 0x61, 0x63, 0x6b, 0x61,
-	0x67, 0x65, 0x18, 0x2d, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x72, 0x75, 0x62, 0x79, 0x50, 0x61,
-	0x63, 0x6b, 0x61, 0x67, 0x65, 0x12, 0x58, 0x0a, 0x14, 0x75, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72,
-	0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0xe7, 0x07,
-	0x20, 0x03, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72,
-	0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72,
-	0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x13, 0x75, 0x6e, 0x69, 0x6e,
-	0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x22,
-	0x3a, 0x0a, 0x0c, 0x4f, 0x70, 0x74, 0x69, 0x6d, 0x69, 0x7a, 0x65, 0x4d, 0x6f, 0x64, 0x65, 0x12,
-	0x09, 0x0a, 0x05, 0x53, 0x50, 0x45, 0x45, 0x44, 0x10, 0x01, 0x12, 0x0d, 0x0a, 0x09, 0x43, 0x4f,
-	0x44, 0x45, 0x5f, 0x53, 0x49, 0x5a, 0x45, 0x10, 0x02, 0x12, 0x10, 0x0a, 0x0c, 0x4c, 0x49, 0x54,
-	0x45, 0x5f, 0x52, 0x55, 0x4e, 0x54, 0x49, 0x4d, 0x45, 0x10, 0x03, 0x2a, 0x09, 0x08, 0xe8, 0x07,
-	0x10, 0x80, 0x80, 0x80, 0x80, 0x02, 0x4a, 0x04, 0x08, 0x26, 0x10, 0x27, 0x22, 0xbb, 0x03, 0x0a,
-	0x0e, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12,
-	0x3c, 0x0a, 0x17, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x5f, 0x73, 0x65, 0x74, 0x5f, 0x77,
-	0x69, 0x72, 0x65, 0x5f, 0x66, 0x6f, 0x72, 0x6d, 0x61, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08,
-	0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x14, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65,
-	0x53, 0x65, 0x74, 0x57, 0x69, 0x72, 0x65, 0x46, 0x6f, 0x72, 0x6d, 0x61, 0x74, 0x12, 0x4c, 0x0a,
-	0x1f, 0x6e, 0x6f, 0x5f, 0x73, 0x74, 0x61, 0x6e, 0x64, 0x61, 0x72, 0x64, 0x5f, 0x64, 0x65, 0x73,
-	0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x5f, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x6f, 0x72,
-	0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x1c, 0x6e,
-	0x6f, 0x53, 0x74, 0x61, 0x6e, 0x64, 0x61, 0x72, 0x64, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70,
-	0x74, 0x6f, 0x72, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x6f, 0x72, 0x12, 0x25, 0x0a, 0x0a, 0x64,
-	0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x3a,
-	0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x0a, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74,
-	0x65, 0x64, 0x12, 0x1b, 0x0a, 0x09, 0x6d, 0x61, 0x70, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x18,
-	0x07, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x6d, 0x61, 0x70, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12,
-	0x56, 0x0a, 0x26, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x5f, 0x6c, 0x65,
-	0x67, 0x61, 0x63, 0x79, 0x5f, 0x6a, 0x73, 0x6f, 0x6e, 0x5f, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x5f,
-	0x63, 0x6f, 0x6e, 0x66, 0x6c, 0x69, 0x63, 0x74, 0x73, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x08, 0x42,
-	0x02, 0x18, 0x01, 0x52, 0x22, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x4c,
-	0x65, 0x67, 0x61, 0x63, 0x79, 0x4a, 0x73, 0x6f, 0x6e, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x43, 0x6f,
-	0x6e, 0x66, 0x6c, 0x69, 0x63, 0x74, 0x73, 0x12, 0x58, 0x0a, 0x14, 0x75, 0x6e, 0x69, 0x6e, 0x74,
+	0x2e, 0x46, 0x69, 0x6c, 0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x4f, 0x70, 0x74,
+	0x69, 0x6d, 0x69, 0x7a, 0x65, 0x4d, 0x6f, 0x64, 0x65, 0x3a, 0x05, 0x53, 0x50, 0x45, 0x45, 0x44,
+	0x52, 0x0b, 0x6f, 0x70, 0x74, 0x69, 0x6d, 0x69, 0x7a, 0x65, 0x46, 0x6f, 0x72, 0x12, 0x1d, 0x0a,
+	0x0a, 0x67, 0x6f, 0x5f, 0x70, 0x61, 0x63, 0x6b, 0x61, 0x67, 0x65, 0x18, 0x0b, 0x20, 0x01, 0x28,
+	0x09, 0x52, 0x09, 0x67, 0x6f, 0x50, 0x61, 0x63, 0x6b, 0x61, 0x67, 0x65, 0x12, 0x35, 0x0a, 0x13,
+	0x63, 0x63, 0x5f, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x69, 0x63, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69,
+	0x63, 0x65, 0x73, 0x18, 0x10, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65,
+	0x52, 0x11, 0x63, 0x63, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x69, 0x63, 0x53, 0x65, 0x72, 0x76, 0x69,
+	0x63, 0x65, 0x73, 0x12, 0x39, 0x0a, 0x15, 0x6a, 0x61, 0x76, 0x61, 0x5f, 0x67, 0x65, 0x6e, 0x65,
+	0x72, 0x69, 0x63, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x18, 0x11, 0x20, 0x01,
+	0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x13, 0x6a, 0x61, 0x76, 0x61, 0x47,
+	0x65, 0x6e, 0x65, 0x72, 0x69, 0x63, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x12, 0x35,
+	0x0a, 0x13, 0x70, 0x79, 0x5f, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x69, 0x63, 0x5f, 0x73, 0x65, 0x72,
+	0x76, 0x69, 0x63, 0x65, 0x73, 0x18, 0x12, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c,
+	0x73, 0x65, 0x52, 0x11, 0x70, 0x79, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x69, 0x63, 0x53, 0x65, 0x72,
+	0x76, 0x69, 0x63, 0x65, 0x73, 0x12, 0x37, 0x0a, 0x14, 0x70, 0x68, 0x70, 0x5f, 0x67, 0x65, 0x6e,
+	0x65, 0x72, 0x69, 0x63, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x18, 0x2a, 0x20,
+	0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x12, 0x70, 0x68, 0x70, 0x47,
+	0x65, 0x6e, 0x65, 0x72, 0x69, 0x63, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x12, 0x25,
+	0x0a, 0x0a, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x18, 0x17, 0x20, 0x01,
+	0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x0a, 0x64, 0x65, 0x70, 0x72, 0x65,
+	0x63, 0x61, 0x74, 0x65, 0x64, 0x12, 0x2e, 0x0a, 0x10, 0x63, 0x63, 0x5f, 0x65, 0x6e, 0x61, 0x62,
+	0x6c, 0x65, 0x5f, 0x61, 0x72, 0x65, 0x6e, 0x61, 0x73, 0x18, 0x1f, 0x20, 0x01, 0x28, 0x08, 0x3a,
+	0x04, 0x74, 0x72, 0x75, 0x65, 0x52, 0x0e, 0x63, 0x63, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x41,
+	0x72, 0x65, 0x6e, 0x61, 0x73, 0x12, 0x2a, 0x0a, 0x11, 0x6f, 0x62, 0x6a, 0x63, 0x5f, 0x63, 0x6c,
+	0x61, 0x73, 0x73, 0x5f, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, 0x18, 0x24, 0x20, 0x01, 0x28, 0x09,
+	0x52, 0x0f, 0x6f, 0x62, 0x6a, 0x63, 0x43, 0x6c, 0x61, 0x73, 0x73, 0x50, 0x72, 0x65, 0x66, 0x69,
+	0x78, 0x12, 0x29, 0x0a, 0x10, 0x63, 0x73, 0x68, 0x61, 0x72, 0x70, 0x5f, 0x6e, 0x61, 0x6d, 0x65,
+	0x73, 0x70, 0x61, 0x63, 0x65, 0x18, 0x25, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x63, 0x73, 0x68,
+	0x61, 0x72, 0x70, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x12, 0x21, 0x0a, 0x0c,
+	0x73, 0x77, 0x69, 0x66, 0x74, 0x5f, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, 0x18, 0x27, 0x20, 0x01,
+	0x28, 0x09, 0x52, 0x0b, 0x73, 0x77, 0x69, 0x66, 0x74, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x12,
+	0x28, 0x0a, 0x10, 0x70, 0x68, 0x70, 0x5f, 0x63, 0x6c, 0x61, 0x73, 0x73, 0x5f, 0x70, 0x72, 0x65,
+	0x66, 0x69, 0x78, 0x18, 0x28, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x70, 0x68, 0x70, 0x43, 0x6c,
+	0x61, 0x73, 0x73, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x12, 0x23, 0x0a, 0x0d, 0x70, 0x68, 0x70,
+	0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x18, 0x29, 0x20, 0x01, 0x28, 0x09,
+	0x52, 0x0c, 0x70, 0x68, 0x70, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x12, 0x34,
+	0x0a, 0x16, 0x70, 0x68, 0x70, 0x5f, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x5f, 0x6e,
+	0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x18, 0x2c, 0x20, 0x01, 0x28, 0x09, 0x52, 0x14,
+	0x70, 0x68, 0x70, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x4e, 0x61, 0x6d, 0x65, 0x73,
+	0x70, 0x61, 0x63, 0x65, 0x12, 0x21, 0x0a, 0x0c, 0x72, 0x75, 0x62, 0x79, 0x5f, 0x70, 0x61, 0x63,
+	0x6b, 0x61, 0x67, 0x65, 0x18, 0x2d, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x72, 0x75, 0x62, 0x79,
+	0x50, 0x61, 0x63, 0x6b, 0x61, 0x67, 0x65, 0x12, 0x58, 0x0a, 0x14, 0x75, 0x6e, 0x69, 0x6e, 0x74,
 	0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x18,
 	0xe7, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e,
 	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72,
 	0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x13, 0x75, 0x6e,
 	0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f,
-	0x6e, 0x2a, 0x09, 0x08, 0xe8, 0x07, 0x10, 0x80, 0x80, 0x80, 0x80, 0x02, 0x4a, 0x04, 0x08, 0x04,
-	0x10, 0x05, 0x4a, 0x04, 0x08, 0x05, 0x10, 0x06, 0x4a, 0x04, 0x08, 0x06, 0x10, 0x07, 0x4a, 0x04,
-	0x08, 0x08, 0x10, 0x09, 0x4a, 0x04, 0x08, 0x09, 0x10, 0x0a, 0x22, 0xb7, 0x08, 0x0a, 0x0c, 0x46,
-	0x69, 0x65, 0x6c, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x41, 0x0a, 0x05, 0x63,
-	0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x23, 0x2e, 0x67, 0x6f, 0x6f,
-	0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x65,
-	0x6c, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x43, 0x54, 0x79, 0x70, 0x65, 0x3a,
-	0x06, 0x53, 0x54, 0x52, 0x49, 0x4e, 0x47, 0x52, 0x05, 0x63, 0x74, 0x79, 0x70, 0x65, 0x12, 0x16,
-	0x0a, 0x06, 0x70, 0x61, 0x63, 0x6b, 0x65, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x06,
-	0x70, 0x61, 0x63, 0x6b, 0x65, 0x64, 0x12, 0x47, 0x0a, 0x06, 0x6a, 0x73, 0x74, 0x79, 0x70, 0x65,
-	0x18, 0x06, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x24, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e,
-	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x4f, 0x70,
-	0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x4a, 0x53, 0x54, 0x79, 0x70, 0x65, 0x3a, 0x09, 0x4a, 0x53,
-	0x5f, 0x4e, 0x4f, 0x52, 0x4d, 0x41, 0x4c, 0x52, 0x06, 0x6a, 0x73, 0x74, 0x79, 0x70, 0x65, 0x12,
-	0x19, 0x0a, 0x04, 0x6c, 0x61, 0x7a, 0x79, 0x18, 0x05, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66,
-	0x61, 0x6c, 0x73, 0x65, 0x52, 0x04, 0x6c, 0x61, 0x7a, 0x79, 0x12, 0x2e, 0x0a, 0x0f, 0x75, 0x6e,
-	0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x65, 0x64, 0x5f, 0x6c, 0x61, 0x7a, 0x79, 0x18, 0x0f, 0x20,
-	0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x0e, 0x75, 0x6e, 0x76, 0x65,
-	0x72, 0x69, 0x66, 0x69, 0x65, 0x64, 0x4c, 0x61, 0x7a, 0x79, 0x12, 0x25, 0x0a, 0x0a, 0x64, 0x65,
-	0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05,
-	0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x0a, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65,
-	0x64, 0x12, 0x19, 0x0a, 0x04, 0x77, 0x65, 0x61, 0x6b, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x08, 0x3a,
-	0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x04, 0x77, 0x65, 0x61, 0x6b, 0x12, 0x28, 0x0a, 0x0c,
-	0x64, 0x65, 0x62, 0x75, 0x67, 0x5f, 0x72, 0x65, 0x64, 0x61, 0x63, 0x74, 0x18, 0x10, 0x20, 0x01,
-	0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x0b, 0x64, 0x65, 0x62, 0x75, 0x67,
-	0x52, 0x65, 0x64, 0x61, 0x63, 0x74, 0x12, 0x4b, 0x0a, 0x09, 0x72, 0x65, 0x74, 0x65, 0x6e, 0x74,
-	0x69, 0x6f, 0x6e, 0x18, 0x11, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2d, 0x2e, 0x67, 0x6f, 0x6f, 0x67,
-	0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x65, 0x6c,
-	0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x52,
-	0x65, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x09, 0x72, 0x65, 0x74, 0x65, 0x6e, 0x74,
-	0x69, 0x6f, 0x6e, 0x12, 0x46, 0x0a, 0x06, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x18, 0x12, 0x20,
-	0x01, 0x28, 0x0e, 0x32, 0x2e, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f,
-	0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f,
-	0x6e, 0x73, 0x2e, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x54,
-	0x79, 0x70, 0x65, 0x52, 0x06, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x12, 0x58, 0x0a, 0x14, 0x75,
+	0x6e, 0x22, 0x3a, 0x0a, 0x0c, 0x4f, 0x70, 0x74, 0x69, 0x6d, 0x69, 0x7a, 0x65, 0x4d, 0x6f, 0x64,
+	0x65, 0x12, 0x09, 0x0a, 0x05, 0x53, 0x50, 0x45, 0x45, 0x44, 0x10, 0x01, 0x12, 0x0d, 0x0a, 0x09,
+	0x43, 0x4f, 0x44, 0x45, 0x5f, 0x53, 0x49, 0x5a, 0x45, 0x10, 0x02, 0x12, 0x10, 0x0a, 0x0c, 0x4c,
+	0x49, 0x54, 0x45, 0x5f, 0x52, 0x55, 0x4e, 0x54, 0x49, 0x4d, 0x45, 0x10, 0x03, 0x2a, 0x09, 0x08,
+	0xe8, 0x07, 0x10, 0x80, 0x80, 0x80, 0x80, 0x02, 0x4a, 0x04, 0x08, 0x26, 0x10, 0x27, 0x22, 0xbb,
+	0x03, 0x0a, 0x0e, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e,
+	0x73, 0x12, 0x3c, 0x0a, 0x17, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x5f, 0x73, 0x65, 0x74,
+	0x5f, 0x77, 0x69, 0x72, 0x65, 0x5f, 0x66, 0x6f, 0x72, 0x6d, 0x61, 0x74, 0x18, 0x01, 0x20, 0x01,
+	0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x14, 0x6d, 0x65, 0x73, 0x73, 0x61,
+	0x67, 0x65, 0x53, 0x65, 0x74, 0x57, 0x69, 0x72, 0x65, 0x46, 0x6f, 0x72, 0x6d, 0x61, 0x74, 0x12,
+	0x4c, 0x0a, 0x1f, 0x6e, 0x6f, 0x5f, 0x73, 0x74, 0x61, 0x6e, 0x64, 0x61, 0x72, 0x64, 0x5f, 0x64,
+	0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x5f, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73,
+	0x6f, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52,
+	0x1c, 0x6e, 0x6f, 0x53, 0x74, 0x61, 0x6e, 0x64, 0x61, 0x72, 0x64, 0x44, 0x65, 0x73, 0x63, 0x72,
+	0x69, 0x70, 0x74, 0x6f, 0x72, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x6f, 0x72, 0x12, 0x25, 0x0a,
+	0x0a, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28,
+	0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x0a, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63,
+	0x61, 0x74, 0x65, 0x64, 0x12, 0x1b, 0x0a, 0x09, 0x6d, 0x61, 0x70, 0x5f, 0x65, 0x6e, 0x74, 0x72,
+	0x79, 0x18, 0x07, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x6d, 0x61, 0x70, 0x45, 0x6e, 0x74, 0x72,
+	0x79, 0x12, 0x56, 0x0a, 0x26, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x5f,
+	0x6c, 0x65, 0x67, 0x61, 0x63, 0x79, 0x5f, 0x6a, 0x73, 0x6f, 0x6e, 0x5f, 0x66, 0x69, 0x65, 0x6c,
+	0x64, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x6c, 0x69, 0x63, 0x74, 0x73, 0x18, 0x0b, 0x20, 0x01, 0x28,
+	0x08, 0x42, 0x02, 0x18, 0x01, 0x52, 0x22, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65,
+	0x64, 0x4c, 0x65, 0x67, 0x61, 0x63, 0x79, 0x4a, 0x73, 0x6f, 0x6e, 0x46, 0x69, 0x65, 0x6c, 0x64,
+	0x43, 0x6f, 0x6e, 0x66, 0x6c, 0x69, 0x63, 0x74, 0x73, 0x12, 0x58, 0x0a, 0x14, 0x75, 0x6e, 0x69,
+	0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f,
+	0x6e, 0x18, 0xe7, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
+	0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x6e, 0x69, 0x6e, 0x74,
+	0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x13,
+	0x75, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74,
+	0x69, 0x6f, 0x6e, 0x2a, 0x09, 0x08, 0xe8, 0x07, 0x10, 0x80, 0x80, 0x80, 0x80, 0x02, 0x4a, 0x04,
+	0x08, 0x04, 0x10, 0x05, 0x4a, 0x04, 0x08, 0x05, 0x10, 0x06, 0x4a, 0x04, 0x08, 0x06, 0x10, 0x07,
+	0x4a, 0x04, 0x08, 0x08, 0x10, 0x09, 0x4a, 0x04, 0x08, 0x09, 0x10, 0x0a, 0x22, 0x85, 0x09, 0x0a,
+	0x0c, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x41, 0x0a,
+	0x05, 0x63, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x23, 0x2e, 0x67,
+	0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46,
+	0x69, 0x65, 0x6c, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x43, 0x54, 0x79, 0x70,
+	0x65, 0x3a, 0x06, 0x53, 0x54, 0x52, 0x49, 0x4e, 0x47, 0x52, 0x05, 0x63, 0x74, 0x79, 0x70, 0x65,
+	0x12, 0x16, 0x0a, 0x06, 0x70, 0x61, 0x63, 0x6b, 0x65, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08,
+	0x52, 0x06, 0x70, 0x61, 0x63, 0x6b, 0x65, 0x64, 0x12, 0x47, 0x0a, 0x06, 0x6a, 0x73, 0x74, 0x79,
+	0x70, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x24, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
+	0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x65, 0x6c, 0x64,
+	0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x4a, 0x53, 0x54, 0x79, 0x70, 0x65, 0x3a, 0x09,
+	0x4a, 0x53, 0x5f, 0x4e, 0x4f, 0x52, 0x4d, 0x41, 0x4c, 0x52, 0x06, 0x6a, 0x73, 0x74, 0x79, 0x70,
+	0x65, 0x12, 0x19, 0x0a, 0x04, 0x6c, 0x61, 0x7a, 0x79, 0x18, 0x05, 0x20, 0x01, 0x28, 0x08, 0x3a,
+	0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x04, 0x6c, 0x61, 0x7a, 0x79, 0x12, 0x2e, 0x0a, 0x0f,
+	0x75, 0x6e, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x65, 0x64, 0x5f, 0x6c, 0x61, 0x7a, 0x79, 0x18,
+	0x0f, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x0e, 0x75, 0x6e,
+	0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x65, 0x64, 0x4c, 0x61, 0x7a, 0x79, 0x12, 0x25, 0x0a, 0x0a,
+	0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08,
+	0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x0a, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61,
+	0x74, 0x65, 0x64, 0x12, 0x19, 0x0a, 0x04, 0x77, 0x65, 0x61, 0x6b, 0x18, 0x0a, 0x20, 0x01, 0x28,
+	0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x04, 0x77, 0x65, 0x61, 0x6b, 0x12, 0x28,
+	0x0a, 0x0c, 0x64, 0x65, 0x62, 0x75, 0x67, 0x5f, 0x72, 0x65, 0x64, 0x61, 0x63, 0x74, 0x18, 0x10,
+	0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x0b, 0x64, 0x65, 0x62,
+	0x75, 0x67, 0x52, 0x65, 0x64, 0x61, 0x63, 0x74, 0x12, 0x4b, 0x0a, 0x09, 0x72, 0x65, 0x74, 0x65,
+	0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x11, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2d, 0x2e, 0x67, 0x6f,
+	0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69,
+	0x65, 0x6c, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x4f, 0x70, 0x74, 0x69, 0x6f,
+	0x6e, 0x52, 0x65, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x09, 0x72, 0x65, 0x74, 0x65,
+	0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x4a, 0x0a, 0x06, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x18,
+	0x12, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2e, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70,
+	0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x4f, 0x70, 0x74,
+	0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x61, 0x72, 0x67, 0x65,
+	0x74, 0x54, 0x79, 0x70, 0x65, 0x42, 0x02, 0x18, 0x01, 0x52, 0x06, 0x74, 0x61, 0x72, 0x67, 0x65,
+	0x74, 0x12, 0x48, 0x0a, 0x07, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x73, 0x18, 0x13, 0x20, 0x03,
+	0x28, 0x0e, 0x32, 0x2e, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74,
+	0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e,
+	0x73, 0x2e, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x54, 0x79,
+	0x70, 0x65, 0x52, 0x07, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x73, 0x12, 0x58, 0x0a, 0x14, 0x75,
 	0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x5f, 0x6f, 0x70, 0x74,
 	0x69, 0x6f, 0x6e, 0x18, 0xe7, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x67, 0x6f, 0x6f,
 	0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x6e, 0x69,
@@ -3885,98 +4123,103 @@ func file_google_protobuf_descriptor_proto_rawDescGZIP() []byte {
 	return file_google_protobuf_descriptor_proto_rawDescData
 }
 
-var file_google_protobuf_descriptor_proto_enumTypes = make([]protoimpl.EnumInfo, 9)
-var file_google_protobuf_descriptor_proto_msgTypes = make([]protoimpl.MessageInfo, 27)
+var file_google_protobuf_descriptor_proto_enumTypes = make([]protoimpl.EnumInfo, 10)
+var file_google_protobuf_descriptor_proto_msgTypes = make([]protoimpl.MessageInfo, 28)
 var file_google_protobuf_descriptor_proto_goTypes = []interface{}{
-	(FieldDescriptorProto_Type)(0),                // 0: google.protobuf.FieldDescriptorProto.Type
-	(FieldDescriptorProto_Label)(0),               // 1: google.protobuf.FieldDescriptorProto.Label
-	(FileOptions_OptimizeMode)(0),                 // 2: google.protobuf.FileOptions.OptimizeMode
-	(FieldOptions_CType)(0),                       // 3: google.protobuf.FieldOptions.CType
-	(FieldOptions_JSType)(0),                      // 4: google.protobuf.FieldOptions.JSType
-	(FieldOptions_OptionRetention)(0),             // 5: google.protobuf.FieldOptions.OptionRetention
-	(FieldOptions_OptionTargetType)(0),            // 6: google.protobuf.FieldOptions.OptionTargetType
-	(MethodOptions_IdempotencyLevel)(0),           // 7: google.protobuf.MethodOptions.IdempotencyLevel
-	(GeneratedCodeInfo_Annotation_Semantic)(0),    // 8: google.protobuf.GeneratedCodeInfo.Annotation.Semantic
-	(*FileDescriptorSet)(nil),                     // 9: google.protobuf.FileDescriptorSet
-	(*FileDescriptorProto)(nil),                   // 10: google.protobuf.FileDescriptorProto
-	(*DescriptorProto)(nil),                       // 11: google.protobuf.DescriptorProto
-	(*ExtensionRangeOptions)(nil),                 // 12: google.protobuf.ExtensionRangeOptions
-	(*FieldDescriptorProto)(nil),                  // 13: google.protobuf.FieldDescriptorProto
-	(*OneofDescriptorProto)(nil),                  // 14: google.protobuf.OneofDescriptorProto
-	(*EnumDescriptorProto)(nil),                   // 15: google.protobuf.EnumDescriptorProto
-	(*EnumValueDescriptorProto)(nil),              // 16: google.protobuf.EnumValueDescriptorProto
-	(*ServiceDescriptorProto)(nil),                // 17: google.protobuf.ServiceDescriptorProto
-	(*MethodDescriptorProto)(nil),                 // 18: google.protobuf.MethodDescriptorProto
-	(*FileOptions)(nil),                           // 19: google.protobuf.FileOptions
-	(*MessageOptions)(nil),                        // 20: google.protobuf.MessageOptions
-	(*FieldOptions)(nil),                          // 21: google.protobuf.FieldOptions
-	(*OneofOptions)(nil),                          // 22: google.protobuf.OneofOptions
-	(*EnumOptions)(nil),                           // 23: google.protobuf.EnumOptions
-	(*EnumValueOptions)(nil),                      // 24: google.protobuf.EnumValueOptions
-	(*ServiceOptions)(nil),                        // 25: google.protobuf.ServiceOptions
-	(*MethodOptions)(nil),                         // 26: google.protobuf.MethodOptions
-	(*UninterpretedOption)(nil),                   // 27: google.protobuf.UninterpretedOption
-	(*SourceCodeInfo)(nil),                        // 28: google.protobuf.SourceCodeInfo
-	(*GeneratedCodeInfo)(nil),                     // 29: google.protobuf.GeneratedCodeInfo
-	(*DescriptorProto_ExtensionRange)(nil),        // 30: google.protobuf.DescriptorProto.ExtensionRange
-	(*DescriptorProto_ReservedRange)(nil),         // 31: google.protobuf.DescriptorProto.ReservedRange
-	(*EnumDescriptorProto_EnumReservedRange)(nil), // 32: google.protobuf.EnumDescriptorProto.EnumReservedRange
-	(*UninterpretedOption_NamePart)(nil),          // 33: google.protobuf.UninterpretedOption.NamePart
-	(*SourceCodeInfo_Location)(nil),               // 34: google.protobuf.SourceCodeInfo.Location
-	(*GeneratedCodeInfo_Annotation)(nil),          // 35: google.protobuf.GeneratedCodeInfo.Annotation
+	(ExtensionRangeOptions_VerificationState)(0),  // 0: google.protobuf.ExtensionRangeOptions.VerificationState
+	(FieldDescriptorProto_Type)(0),                // 1: google.protobuf.FieldDescriptorProto.Type
+	(FieldDescriptorProto_Label)(0),               // 2: google.protobuf.FieldDescriptorProto.Label
+	(FileOptions_OptimizeMode)(0),                 // 3: google.protobuf.FileOptions.OptimizeMode
+	(FieldOptions_CType)(0),                       // 4: google.protobuf.FieldOptions.CType
+	(FieldOptions_JSType)(0),                      // 5: google.protobuf.FieldOptions.JSType
+	(FieldOptions_OptionRetention)(0),             // 6: google.protobuf.FieldOptions.OptionRetention
+	(FieldOptions_OptionTargetType)(0),            // 7: google.protobuf.FieldOptions.OptionTargetType
+	(MethodOptions_IdempotencyLevel)(0),           // 8: google.protobuf.MethodOptions.IdempotencyLevel
+	(GeneratedCodeInfo_Annotation_Semantic)(0),    // 9: google.protobuf.GeneratedCodeInfo.Annotation.Semantic
+	(*FileDescriptorSet)(nil),                     // 10: google.protobuf.FileDescriptorSet
+	(*FileDescriptorProto)(nil),                   // 11: google.protobuf.FileDescriptorProto
+	(*DescriptorProto)(nil),                       // 12: google.protobuf.DescriptorProto
+	(*ExtensionRangeOptions)(nil),                 // 13: google.protobuf.ExtensionRangeOptions
+	(*FieldDescriptorProto)(nil),                  // 14: google.protobuf.FieldDescriptorProto
+	(*OneofDescriptorProto)(nil),                  // 15: google.protobuf.OneofDescriptorProto
+	(*EnumDescriptorProto)(nil),                   // 16: google.protobuf.EnumDescriptorProto
+	(*EnumValueDescriptorProto)(nil),              // 17: google.protobuf.EnumValueDescriptorProto
+	(*ServiceDescriptorProto)(nil),                // 18: google.protobuf.ServiceDescriptorProto
+	(*MethodDescriptorProto)(nil),                 // 19: google.protobuf.MethodDescriptorProto
+	(*FileOptions)(nil),                           // 20: google.protobuf.FileOptions
+	(*MessageOptions)(nil),                        // 21: google.protobuf.MessageOptions
+	(*FieldOptions)(nil),                          // 22: google.protobuf.FieldOptions
+	(*OneofOptions)(nil),                          // 23: google.protobuf.OneofOptions
+	(*EnumOptions)(nil),                           // 24: google.protobuf.EnumOptions
+	(*EnumValueOptions)(nil),                      // 25: google.protobuf.EnumValueOptions
+	(*ServiceOptions)(nil),                        // 26: google.protobuf.ServiceOptions
+	(*MethodOptions)(nil),                         // 27: google.protobuf.MethodOptions
+	(*UninterpretedOption)(nil),                   // 28: google.protobuf.UninterpretedOption
+	(*SourceCodeInfo)(nil),                        // 29: google.protobuf.SourceCodeInfo
+	(*GeneratedCodeInfo)(nil),                     // 30: google.protobuf.GeneratedCodeInfo
+	(*DescriptorProto_ExtensionRange)(nil),        // 31: google.protobuf.DescriptorProto.ExtensionRange
+	(*DescriptorProto_ReservedRange)(nil),         // 32: google.protobuf.DescriptorProto.ReservedRange
+	(*ExtensionRangeOptions_Declaration)(nil),     // 33: google.protobuf.ExtensionRangeOptions.Declaration
+	(*EnumDescriptorProto_EnumReservedRange)(nil), // 34: google.protobuf.EnumDescriptorProto.EnumReservedRange
+	(*UninterpretedOption_NamePart)(nil),          // 35: google.protobuf.UninterpretedOption.NamePart
+	(*SourceCodeInfo_Location)(nil),               // 36: google.protobuf.SourceCodeInfo.Location
+	(*GeneratedCodeInfo_Annotation)(nil),          // 37: google.protobuf.GeneratedCodeInfo.Annotation
 }
 var file_google_protobuf_descriptor_proto_depIdxs = []int32{
-	10, // 0: google.protobuf.FileDescriptorSet.file:type_name -> google.protobuf.FileDescriptorProto
-	11, // 1: google.protobuf.FileDescriptorProto.message_type:type_name -> google.protobuf.DescriptorProto
-	15, // 2: google.protobuf.FileDescriptorProto.enum_type:type_name -> google.protobuf.EnumDescriptorProto
-	17, // 3: google.protobuf.FileDescriptorProto.service:type_name -> google.protobuf.ServiceDescriptorProto
-	13, // 4: google.protobuf.FileDescriptorProto.extension:type_name -> google.protobuf.FieldDescriptorProto
-	19, // 5: google.protobuf.FileDescriptorProto.options:type_name -> google.protobuf.FileOptions
-	28, // 6: google.protobuf.FileDescriptorProto.source_code_info:type_name -> google.protobuf.SourceCodeInfo
-	13, // 7: google.protobuf.DescriptorProto.field:type_name -> google.protobuf.FieldDescriptorProto
-	13, // 8: google.protobuf.DescriptorProto.extension:type_name -> google.protobuf.FieldDescriptorProto
-	11, // 9: google.protobuf.DescriptorProto.nested_type:type_name -> google.protobuf.DescriptorProto
-	15, // 10: google.protobuf.DescriptorProto.enum_type:type_name -> google.protobuf.EnumDescriptorProto
-	30, // 11: google.protobuf.DescriptorProto.extension_range:type_name -> google.protobuf.DescriptorProto.ExtensionRange
-	14, // 12: google.protobuf.DescriptorProto.oneof_decl:type_name -> google.protobuf.OneofDescriptorProto
-	20, // 13: google.protobuf.DescriptorProto.options:type_name -> google.protobuf.MessageOptions
-	31, // 14: google.protobuf.DescriptorProto.reserved_range:type_name -> google.protobuf.DescriptorProto.ReservedRange
-	27, // 15: google.protobuf.ExtensionRangeOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption
-	1,  // 16: google.protobuf.FieldDescriptorProto.label:type_name -> google.protobuf.FieldDescriptorProto.Label
-	0,  // 17: google.protobuf.FieldDescriptorProto.type:type_name -> google.protobuf.FieldDescriptorProto.Type
-	21, // 18: google.protobuf.FieldDescriptorProto.options:type_name -> google.protobuf.FieldOptions
-	22, // 19: google.protobuf.OneofDescriptorProto.options:type_name -> google.protobuf.OneofOptions
-	16, // 20: google.protobuf.EnumDescriptorProto.value:type_name -> google.protobuf.EnumValueDescriptorProto
-	23, // 21: google.protobuf.EnumDescriptorProto.options:type_name -> google.protobuf.EnumOptions
-	32, // 22: google.protobuf.EnumDescriptorProto.reserved_range:type_name -> google.protobuf.EnumDescriptorProto.EnumReservedRange
-	24, // 23: google.protobuf.EnumValueDescriptorProto.options:type_name -> google.protobuf.EnumValueOptions
-	18, // 24: google.protobuf.ServiceDescriptorProto.method:type_name -> google.protobuf.MethodDescriptorProto
-	25, // 25: google.protobuf.ServiceDescriptorProto.options:type_name -> google.protobuf.ServiceOptions
-	26, // 26: google.protobuf.MethodDescriptorProto.options:type_name -> google.protobuf.MethodOptions
-	2,  // 27: google.protobuf.FileOptions.optimize_for:type_name -> google.protobuf.FileOptions.OptimizeMode
-	27, // 28: google.protobuf.FileOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption
-	27, // 29: google.protobuf.MessageOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption
-	3,  // 30: google.protobuf.FieldOptions.ctype:type_name -> google.protobuf.FieldOptions.CType
-	4,  // 31: google.protobuf.FieldOptions.jstype:type_name -> google.protobuf.FieldOptions.JSType
-	5,  // 32: google.protobuf.FieldOptions.retention:type_name -> google.protobuf.FieldOptions.OptionRetention
-	6,  // 33: google.protobuf.FieldOptions.target:type_name -> google.protobuf.FieldOptions.OptionTargetType
-	27, // 34: google.protobuf.FieldOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption
-	27, // 35: google.protobuf.OneofOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption
-	27, // 36: google.protobuf.EnumOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption
-	27, // 37: google.protobuf.EnumValueOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption
-	27, // 38: google.protobuf.ServiceOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption
-	7,  // 39: google.protobuf.MethodOptions.idempotency_level:type_name -> google.protobuf.MethodOptions.IdempotencyLevel
-	27, // 40: google.protobuf.MethodOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption
-	33, // 41: google.protobuf.UninterpretedOption.name:type_name -> google.protobuf.UninterpretedOption.NamePart
-	34, // 42: google.protobuf.SourceCodeInfo.location:type_name -> google.protobuf.SourceCodeInfo.Location
-	35, // 43: google.protobuf.GeneratedCodeInfo.annotation:type_name -> google.protobuf.GeneratedCodeInfo.Annotation
-	12, // 44: google.protobuf.DescriptorProto.ExtensionRange.options:type_name -> google.protobuf.ExtensionRangeOptions
-	8,  // 45: google.protobuf.GeneratedCodeInfo.Annotation.semantic:type_name -> google.protobuf.GeneratedCodeInfo.Annotation.Semantic
-	46, // [46:46] is the sub-list for method output_type
-	46, // [46:46] is the sub-list for method input_type
-	46, // [46:46] is the sub-list for extension type_name
-	46, // [46:46] is the sub-list for extension extendee
-	0,  // [0:46] is the sub-list for field type_name
+	11, // 0: google.protobuf.FileDescriptorSet.file:type_name -> google.protobuf.FileDescriptorProto
+	12, // 1: google.protobuf.FileDescriptorProto.message_type:type_name -> google.protobuf.DescriptorProto
+	16, // 2: google.protobuf.FileDescriptorProto.enum_type:type_name -> google.protobuf.EnumDescriptorProto
+	18, // 3: google.protobuf.FileDescriptorProto.service:type_name -> google.protobuf.ServiceDescriptorProto
+	14, // 4: google.protobuf.FileDescriptorProto.extension:type_name -> google.protobuf.FieldDescriptorProto
+	20, // 5: google.protobuf.FileDescriptorProto.options:type_name -> google.protobuf.FileOptions
+	29, // 6: google.protobuf.FileDescriptorProto.source_code_info:type_name -> google.protobuf.SourceCodeInfo
+	14, // 7: google.protobuf.DescriptorProto.field:type_name -> google.protobuf.FieldDescriptorProto
+	14, // 8: google.protobuf.DescriptorProto.extension:type_name -> google.protobuf.FieldDescriptorProto
+	12, // 9: google.protobuf.DescriptorProto.nested_type:type_name -> google.protobuf.DescriptorProto
+	16, // 10: google.protobuf.DescriptorProto.enum_type:type_name -> google.protobuf.EnumDescriptorProto
+	31, // 11: google.protobuf.DescriptorProto.extension_range:type_name -> google.protobuf.DescriptorProto.ExtensionRange
+	15, // 12: google.protobuf.DescriptorProto.oneof_decl:type_name -> google.protobuf.OneofDescriptorProto
+	21, // 13: google.protobuf.DescriptorProto.options:type_name -> google.protobuf.MessageOptions
+	32, // 14: google.protobuf.DescriptorProto.reserved_range:type_name -> google.protobuf.DescriptorProto.ReservedRange
+	28, // 15: google.protobuf.ExtensionRangeOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption
+	33, // 16: google.protobuf.ExtensionRangeOptions.declaration:type_name -> google.protobuf.ExtensionRangeOptions.Declaration
+	0,  // 17: google.protobuf.ExtensionRangeOptions.verification:type_name -> google.protobuf.ExtensionRangeOptions.VerificationState
+	2,  // 18: google.protobuf.FieldDescriptorProto.label:type_name -> google.protobuf.FieldDescriptorProto.Label
+	1,  // 19: google.protobuf.FieldDescriptorProto.type:type_name -> google.protobuf.FieldDescriptorProto.Type
+	22, // 20: google.protobuf.FieldDescriptorProto.options:type_name -> google.protobuf.FieldOptions
+	23, // 21: google.protobuf.OneofDescriptorProto.options:type_name -> google.protobuf.OneofOptions
+	17, // 22: google.protobuf.EnumDescriptorProto.value:type_name -> google.protobuf.EnumValueDescriptorProto
+	24, // 23: google.protobuf.EnumDescriptorProto.options:type_name -> google.protobuf.EnumOptions
+	34, // 24: google.protobuf.EnumDescriptorProto.reserved_range:type_name -> google.protobuf.EnumDescriptorProto.EnumReservedRange
+	25, // 25: google.protobuf.EnumValueDescriptorProto.options:type_name -> google.protobuf.EnumValueOptions
+	19, // 26: google.protobuf.ServiceDescriptorProto.method:type_name -> google.protobuf.MethodDescriptorProto
+	26, // 27: google.protobuf.ServiceDescriptorProto.options:type_name -> google.protobuf.ServiceOptions
+	27, // 28: google.protobuf.MethodDescriptorProto.options:type_name -> google.protobuf.MethodOptions
+	3,  // 29: google.protobuf.FileOptions.optimize_for:type_name -> google.protobuf.FileOptions.OptimizeMode
+	28, // 30: google.protobuf.FileOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption
+	28, // 31: google.protobuf.MessageOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption
+	4,  // 32: google.protobuf.FieldOptions.ctype:type_name -> google.protobuf.FieldOptions.CType
+	5,  // 33: google.protobuf.FieldOptions.jstype:type_name -> google.protobuf.FieldOptions.JSType
+	6,  // 34: google.protobuf.FieldOptions.retention:type_name -> google.protobuf.FieldOptions.OptionRetention
+	7,  // 35: google.protobuf.FieldOptions.target:type_name -> google.protobuf.FieldOptions.OptionTargetType
+	7,  // 36: google.protobuf.FieldOptions.targets:type_name -> google.protobuf.FieldOptions.OptionTargetType
+	28, // 37: google.protobuf.FieldOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption
+	28, // 38: google.protobuf.OneofOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption
+	28, // 39: google.protobuf.EnumOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption
+	28, // 40: google.protobuf.EnumValueOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption
+	28, // 41: google.protobuf.ServiceOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption
+	8,  // 42: google.protobuf.MethodOptions.idempotency_level:type_name -> google.protobuf.MethodOptions.IdempotencyLevel
+	28, // 43: google.protobuf.MethodOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption
+	35, // 44: google.protobuf.UninterpretedOption.name:type_name -> google.protobuf.UninterpretedOption.NamePart
+	36, // 45: google.protobuf.SourceCodeInfo.location:type_name -> google.protobuf.SourceCodeInfo.Location
+	37, // 46: google.protobuf.GeneratedCodeInfo.annotation:type_name -> google.protobuf.GeneratedCodeInfo.Annotation
+	13, // 47: google.protobuf.DescriptorProto.ExtensionRange.options:type_name -> google.protobuf.ExtensionRangeOptions
+	9,  // 48: google.protobuf.GeneratedCodeInfo.Annotation.semantic:type_name -> google.protobuf.GeneratedCodeInfo.Annotation.Semantic
+	49, // [49:49] is the sub-list for method output_type
+	49, // [49:49] is the sub-list for method input_type
+	49, // [49:49] is the sub-list for extension type_name
+	49, // [49:49] is the sub-list for extension extendee
+	0,  // [0:49] is the sub-list for field type_name
 }
 
 func init() { file_google_protobuf_descriptor_proto_init() }
@@ -4280,7 +4523,7 @@ func file_google_protobuf_descriptor_proto_init() {
 			}
 		}
 		file_google_protobuf_descriptor_proto_msgTypes[23].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*EnumDescriptorProto_EnumReservedRange); i {
+			switch v := v.(*ExtensionRangeOptions_Declaration); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -4292,7 +4535,7 @@ func file_google_protobuf_descriptor_proto_init() {
 			}
 		}
 		file_google_protobuf_descriptor_proto_msgTypes[24].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*UninterpretedOption_NamePart); i {
+			switch v := v.(*EnumDescriptorProto_EnumReservedRange); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -4304,7 +4547,7 @@ func file_google_protobuf_descriptor_proto_init() {
 			}
 		}
 		file_google_protobuf_descriptor_proto_msgTypes[25].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*SourceCodeInfo_Location); i {
+			switch v := v.(*UninterpretedOption_NamePart); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -4316,6 +4559,18 @@ func file_google_protobuf_descriptor_proto_init() {
 			}
 		}
 		file_google_protobuf_descriptor_proto_msgTypes[26].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*SourceCodeInfo_Location); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_google_protobuf_descriptor_proto_msgTypes[27].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*GeneratedCodeInfo_Annotation); i {
 			case 0:
 				return &v.state
@@ -4333,8 +4588,8 @@ func file_google_protobuf_descriptor_proto_init() {
 		File: protoimpl.DescBuilder{
 			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
 			RawDescriptor: file_google_protobuf_descriptor_proto_rawDesc,
-			NumEnums:      9,
-			NumMessages:   27,
+			NumEnums:      10,
+			NumMessages:   28,
 			NumExtensions: 0,
 			NumServices:   0,
 		},
diff --git a/vendor/google.golang.org/protobuf/types/known/anypb/any.pb.go b/vendor/google.golang.org/protobuf/types/known/anypb/any.pb.go
index a6c7a33f3..580b232f4 100644
--- a/vendor/google.golang.org/protobuf/types/known/anypb/any.pb.go
+++ b/vendor/google.golang.org/protobuf/types/known/anypb/any.pb.go
@@ -142,39 +142,39 @@ import (
 //
 // Example 2: Pack and unpack a message in Java.
 //
-//	Foo foo = ...;
-//	Any any = Any.pack(foo);
-//	...
-//	if (any.is(Foo.class)) {
-//	  foo = any.unpack(Foo.class);
-//	}
-//	// or ...
-//	if (any.isSameTypeAs(Foo.getDefaultInstance())) {
-//	  foo = any.unpack(Foo.getDefaultInstance());
-//	}
-//
-// Example 3: Pack and unpack a message in Python.
-//
-//	foo = Foo(...)
-//	any = Any()
-//	any.Pack(foo)
-//	...
-//	if any.Is(Foo.DESCRIPTOR):
-//	  any.Unpack(foo)
-//	  ...
-//
-// Example 4: Pack and unpack a message in Go
-//
-//	foo := &pb.Foo{...}
-//	any, err := anypb.New(foo)
-//	if err != nil {
-//	  ...
-//	}
-//	...
-//	foo := &pb.Foo{}
-//	if err := any.UnmarshalTo(foo); err != nil {
-//	  ...
-//	}
+//	   Foo foo = ...;
+//	   Any any = Any.pack(foo);
+//	   ...
+//	   if (any.is(Foo.class)) {
+//	     foo = any.unpack(Foo.class);
+//	   }
+//	   // or ...
+//	   if (any.isSameTypeAs(Foo.getDefaultInstance())) {
+//	     foo = any.unpack(Foo.getDefaultInstance());
+//	   }
+//
+//	Example 3: Pack and unpack a message in Python.
+//
+//	   foo = Foo(...)
+//	   any = Any()
+//	   any.Pack(foo)
+//	   ...
+//	   if any.Is(Foo.DESCRIPTOR):
+//	     any.Unpack(foo)
+//	     ...
+//
+//	Example 4: Pack and unpack a message in Go
+//
+//	    foo := &pb.Foo{...}
+//	    any, err := anypb.New(foo)
+//	    if err != nil {
+//	      ...
+//	    }
+//	    ...
+//	    foo := &pb.Foo{}
+//	    if err := any.UnmarshalTo(foo); err != nil {
+//	      ...
+//	    }
 //
 // The pack methods provided by protobuf library will by default use
 // 'type.googleapis.com/full.type.name' as the type URL and the unpack
@@ -182,8 +182,8 @@ import (
 // in the type URL, for example "foo.bar.com/x/y.z" will yield type
 // name "y.z".
 //
-// # JSON
-//
+// JSON
+// ====
 // The JSON representation of an `Any` value uses the regular
 // representation of the deserialized, embedded message, with an
 // additional field `@type` which contains the type URL. Example:
diff --git a/vendor/google.golang.org/protobuf/types/known/emptypb/empty.pb.go b/vendor/google.golang.org/protobuf/types/known/emptypb/empty.pb.go
deleted file mode 100644
index 9a7277ba3..000000000
--- a/vendor/google.golang.org/protobuf/types/known/emptypb/empty.pb.go
+++ /dev/null
@@ -1,166 +0,0 @@
-// Protocol Buffers - Google's data interchange format
-// Copyright 2008 Google Inc.  All rights reserved.
-// https://developers.google.com/protocol-buffers/
-//
-// Redistribution and use in source and binary forms, with or without
-// modification, are permitted provided that the following conditions are
-// met:
-//
-//     * Redistributions of source code must retain the above copyright
-// notice, this list of conditions and the following disclaimer.
-//     * Redistributions in binary form must reproduce the above
-// copyright notice, this list of conditions and the following disclaimer
-// in the documentation and/or other materials provided with the
-// distribution.
-//     * Neither the name of Google Inc. nor the names of its
-// contributors may be used to endorse or promote products derived from
-// this software without specific prior written permission.
-//
-// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-// Code generated by protoc-gen-go. DO NOT EDIT.
-// source: google/protobuf/empty.proto
-
-package emptypb
-
-import (
-	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
-	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
-	reflect "reflect"
-	sync "sync"
-)
-
-// A generic empty message that you can re-use to avoid defining duplicated
-// empty messages in your APIs. A typical example is to use it as the request
-// or the response type of an API method. For instance:
-//
-//	service Foo {
-//	  rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty);
-//	}
-type Empty struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-}
-
-func (x *Empty) Reset() {
-	*x = Empty{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_google_protobuf_empty_proto_msgTypes[0]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *Empty) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*Empty) ProtoMessage() {}
-
-func (x *Empty) ProtoReflect() protoreflect.Message {
-	mi := &file_google_protobuf_empty_proto_msgTypes[0]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use Empty.ProtoReflect.Descriptor instead.
-func (*Empty) Descriptor() ([]byte, []int) {
-	return file_google_protobuf_empty_proto_rawDescGZIP(), []int{0}
-}
-
-var File_google_protobuf_empty_proto protoreflect.FileDescriptor
-
-var file_google_protobuf_empty_proto_rawDesc = []byte{
-	0x0a, 0x1b, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75,
-	0x66, 0x2f, 0x65, 0x6d, 0x70, 0x74, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x0f, 0x67,
-	0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x22, 0x07,
-	0x0a, 0x05, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x42, 0x7d, 0x0a, 0x13, 0x63, 0x6f, 0x6d, 0x2e, 0x67,
-	0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x42, 0x0a,
-	0x45, 0x6d, 0x70, 0x74, 0x79, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x2e, 0x67, 0x6f,
-	0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x67, 0x6f, 0x6c, 0x61, 0x6e, 0x67, 0x2e, 0x6f, 0x72, 0x67, 0x2f,
-	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x74, 0x79, 0x70, 0x65, 0x73, 0x2f, 0x6b,
-	0x6e, 0x6f, 0x77, 0x6e, 0x2f, 0x65, 0x6d, 0x70, 0x74, 0x79, 0x70, 0x62, 0xf8, 0x01, 0x01, 0xa2,
-	0x02, 0x03, 0x47, 0x50, 0x42, 0xaa, 0x02, 0x1e, 0x47, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x50,
-	0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x57, 0x65, 0x6c, 0x6c, 0x4b, 0x6e, 0x6f, 0x77,
-	0x6e, 0x54, 0x79, 0x70, 0x65, 0x73, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
-}
-
-var (
-	file_google_protobuf_empty_proto_rawDescOnce sync.Once
-	file_google_protobuf_empty_proto_rawDescData = file_google_protobuf_empty_proto_rawDesc
-)
-
-func file_google_protobuf_empty_proto_rawDescGZIP() []byte {
-	file_google_protobuf_empty_proto_rawDescOnce.Do(func() {
-		file_google_protobuf_empty_proto_rawDescData = protoimpl.X.CompressGZIP(file_google_protobuf_empty_proto_rawDescData)
-	})
-	return file_google_protobuf_empty_proto_rawDescData
-}
-
-var file_google_protobuf_empty_proto_msgTypes = make([]protoimpl.MessageInfo, 1)
-var file_google_protobuf_empty_proto_goTypes = []interface{}{
-	(*Empty)(nil), // 0: google.protobuf.Empty
-}
-var file_google_protobuf_empty_proto_depIdxs = []int32{
-	0, // [0:0] is the sub-list for method output_type
-	0, // [0:0] is the sub-list for method input_type
-	0, // [0:0] is the sub-list for extension type_name
-	0, // [0:0] is the sub-list for extension extendee
-	0, // [0:0] is the sub-list for field type_name
-}
-
-func init() { file_google_protobuf_empty_proto_init() }
-func file_google_protobuf_empty_proto_init() {
-	if File_google_protobuf_empty_proto != nil {
-		return
-	}
-	if !protoimpl.UnsafeEnabled {
-		file_google_protobuf_empty_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*Empty); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-	}
-	type x struct{}
-	out := protoimpl.TypeBuilder{
-		File: protoimpl.DescBuilder{
-			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
-			RawDescriptor: file_google_protobuf_empty_proto_rawDesc,
-			NumEnums:      0,
-			NumMessages:   1,
-			NumExtensions: 0,
-			NumServices:   0,
-		},
-		GoTypes:           file_google_protobuf_empty_proto_goTypes,
-		DependencyIndexes: file_google_protobuf_empty_proto_depIdxs,
-		MessageInfos:      file_google_protobuf_empty_proto_msgTypes,
-	}.Build()
-	File_google_protobuf_empty_proto = out.File
-	file_google_protobuf_empty_proto_rawDesc = nil
-	file_google_protobuf_empty_proto_goTypes = nil
-	file_google_protobuf_empty_proto_depIdxs = nil
-}
diff --git a/vendor/google.golang.org/protobuf/types/known/structpb/struct.pb.go b/vendor/google.golang.org/protobuf/types/known/structpb/struct.pb.go
index 9577ed593..d2bac8b88 100644
--- a/vendor/google.golang.org/protobuf/types/known/structpb/struct.pb.go
+++ b/vendor/google.golang.org/protobuf/types/known/structpb/struct.pb.go
@@ -132,7 +132,7 @@ import (
 // `NullValue` is a singleton enumeration to represent the null value for the
 // `Value` type union.
 //
-//	The JSON representation for `NullValue` is JSON `null`.
+// The JSON representation for `NullValue` is JSON `null`.
 type NullValue int32
 
 const (
diff --git a/vendor/google.golang.org/protobuf/types/known/timestamppb/timestamp.pb.go b/vendor/google.golang.org/protobuf/types/known/timestamppb/timestamp.pb.go
index 61f69fc11..81511a336 100644
--- a/vendor/google.golang.org/protobuf/types/known/timestamppb/timestamp.pb.go
+++ b/vendor/google.golang.org/protobuf/types/known/timestamppb/timestamp.pb.go
@@ -167,7 +167,7 @@ import (
 // [`strftime`](https://docs.python.org/2/library/time.html#time.strftime) with
 // the time format spec '%Y-%m-%dT%H:%M:%S.%fZ'. Likewise, in Java, one can use
 // the Joda Time's [`ISODateTimeFormat.dateTime()`](
-// http://www.joda.org/joda-time/apidocs/org/joda/time/format/ISODateTimeFormat.html#dateTime%2D%2D
+// http://joda-time.sourceforge.net/apidocs/org/joda/time/format/ISODateTimeFormat.html#dateTime()
 // ) to obtain a formatter capable of generating timestamps in this format.
 type Timestamp struct {
 	state         protoimpl.MessageState
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/LICENSE b/vendor/gopkg.in/DataDog/dd-trace-go.v1/LICENSE
new file mode 100644
index 000000000..f760d366c
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/LICENSE
@@ -0,0 +1,234 @@
+## License
+
+This work is dual-licensed under Apache 2.0 or BSD3.
+You may select, at your option, one of the above-listed licenses.
+
+`SPDX-License-Identifier: Apache-2.0 OR BSD-3-Clause`
+
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "{}"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright 2016 Datadog, Inc.
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+
+---
+
+Copyright (c) 2016-Present, Datadog <info@datadoghq.com>
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+    * Redistributions of source code must retain the above copyright
+      notice, this list of conditions and the following disclaimer.
+    * Redistributions in binary form must reproduce the above copyright
+      notice, this list of conditions and the following disclaimer in the
+      documentation and/or other materials provided with the distribution.
+    * Neither the name of Datadog nor the
+      names of its contributors may be used to endorse or promote products
+      derived from this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL <COPYRIGHT HOLDER> BE LIABLE FOR ANY
+DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/LICENSE-3rdparty.csv b/vendor/gopkg.in/DataDog/dd-trace-go.v1/LICENSE-3rdparty.csv
new file mode 100644
index 000000000..1b6a22fa8
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/LICENSE-3rdparty.csv
@@ -0,0 +1,4 @@
+Component,Origin,License,Copyright
+import,io.opentracing,Apache-2.0,Copyright 2016-2017 The OpenTracing Authors
+appsec,https://github.com/DataDog/libddwaf,Apache-2.0 OR BSD-3-Clause,Copyright (c) 2021 Datadog <info@datadoghq.com>
+golang,https://go.googlesource.com/go,BSD-3-Clause,Copyright (c) 2009 The Go Authors
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/LICENSE-APACHE b/vendor/gopkg.in/DataDog/dd-trace-go.v1/LICENSE-APACHE
new file mode 100644
index 000000000..bff56b543
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/LICENSE-APACHE
@@ -0,0 +1,200 @@
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "{}"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright 2016 Datadog, Inc.
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/LICENSE-BSD3 b/vendor/gopkg.in/DataDog/dd-trace-go.v1/LICENSE-BSD3
new file mode 100644
index 000000000..923732099
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/LICENSE-BSD3
@@ -0,0 +1,24 @@
+Copyright (c) 2016-Present, Datadog <info@datadoghq.com>
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+    * Redistributions of source code must retain the above copyright
+      notice, this list of conditions and the following disclaimer.
+    * Redistributions in binary form must reproduce the above copyright
+      notice, this list of conditions and the following disclaimer in the
+      documentation and/or other materials provided with the distribution.
+    * Neither the name of Datadog nor the
+      names of its contributors may be used to endorse or promote products
+      derived from this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL <COPYRIGHT HOLDER> BE LIABLE FOR ANY
+DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/NOTICE b/vendor/gopkg.in/DataDog/dd-trace-go.v1/NOTICE
new file mode 100644
index 000000000..a53b8aded
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/NOTICE
@@ -0,0 +1,4 @@
+Datadog dd-trace-go
+Copyright 2016-Present Datadog, Inc.
+
+This product includes software developed at Datadog, Inc. (https://www.datadoghq.com/).
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/datastreams/options/options.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/datastreams/options/options.go
new file mode 100644
index 000000000..7b2d626ce
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/datastreams/options/options.go
@@ -0,0 +1,10 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016-present Datadog, Inc.
+
+package options
+
+type CheckpointParams struct {
+	PayloadSize int64
+}
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/ddtrace.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/ddtrace.go
new file mode 100644
index 000000000..c4d106458
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/ddtrace.go
@@ -0,0 +1,158 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016 Datadog, Inc.
+
+// Package ddtrace contains the interfaces that specify the implementations of Datadog's
+// tracing library, as well as a set of sub-packages containing various implementations:
+// our native implementation ("tracer"), a wrapper that can be used with Opentracing
+// ("opentracer") and a mock tracer to be used for testing ("mocktracer"). Additionally,
+// package "ext" provides a set of tag names and values specific to Datadog's APM product.
+//
+// To get started, visit the documentation for any of the packages you'd like to begin
+// with by accessing the subdirectories of this package: https://godoc.org/gopkg.in/DataDog/dd-trace-go.v1/ddtrace#pkg-subdirectories.
+package ddtrace // import "gopkg.in/DataDog/dd-trace-go.v1/ddtrace"
+
+import (
+	"context"
+	"time"
+
+	"gopkg.in/DataDog/dd-trace-go.v1/internal/log"
+)
+
+// SpanContextW3C represents a SpanContext with an additional method to allow
+// access of the 128-bit trace id of the span, if present.
+type SpanContextW3C interface {
+	SpanContext
+
+	// TraceID128 returns the hex-encoded 128-bit trace ID that this context is carrying.
+	// The string will be exactly 32 bytes and may include leading zeroes.
+	TraceID128() string
+
+	// TraceID128 returns the raw bytes of the 128-bit trace ID that this context is carrying.
+	TraceID128Bytes() [16]byte
+}
+
+// Tracer specifies an implementation of the Datadog tracer which allows starting
+// and propagating spans. The official implementation if exposed as functions
+// within the "tracer" package.
+type Tracer interface {
+	// StartSpan starts a span with the given operation name and options.
+	StartSpan(operationName string, opts ...StartSpanOption) Span
+
+	// Extract extracts a span context from a given carrier. Note that baggage item
+	// keys will always be lower-cased to maintain consistency. It is impossible to
+	// maintain the original casing due to MIME header canonicalization standards.
+	Extract(carrier interface{}) (SpanContext, error)
+
+	// Inject injects a span context into the given carrier.
+	Inject(context SpanContext, carrier interface{}) error
+
+	// Stop stops the tracer. Calls to Stop should be idempotent.
+	Stop()
+}
+
+// Span represents a chunk of computation time. Spans have names, durations,
+// timestamps and other metadata. A Tracer is used to create hierarchies of
+// spans in a request, buffer and submit them to the server.
+type Span interface {
+	// SetTag sets a key/value pair as metadata on the span.
+	SetTag(key string, value interface{})
+
+	// SetOperationName sets the operation name for this span. An operation name should be
+	// a representative name for a group of spans (e.g. "grpc.server" or "http.request").
+	SetOperationName(operationName string)
+
+	// BaggageItem returns the baggage item held by the given key.
+	BaggageItem(key string) string
+
+	// SetBaggageItem sets a new baggage item at the given key. The baggage
+	// item should propagate to all descendant spans, both in- and cross-process.
+	SetBaggageItem(key, val string)
+
+	// Finish finishes the current span with the given options. Finish calls should be idempotent.
+	Finish(opts ...FinishOption)
+
+	// Context returns the SpanContext of this Span.
+	Context() SpanContext
+}
+
+// SpanContext represents a span state that can propagate to descendant spans
+// and across process boundaries. It contains all the information needed to
+// spawn a direct descendant of the span that it belongs to. It can be used
+// to create distributed tracing by propagating it using the provided interfaces.
+type SpanContext interface {
+	// SpanID returns the span ID that this context is carrying.
+	SpanID() uint64
+
+	// TraceID returns the trace ID that this context is carrying.
+	TraceID() uint64
+
+	// ForeachBaggageItem provides an iterator over the key/value pairs set as
+	// baggage within this context. Iteration stops when the handler returns
+	// false.
+	ForeachBaggageItem(handler func(k, v string) bool)
+}
+
+// StartSpanOption is a configuration option that can be used with a Tracer's StartSpan method.
+type StartSpanOption func(cfg *StartSpanConfig)
+
+// FinishOption is a configuration option that can be used with a Span's Finish method.
+type FinishOption func(cfg *FinishConfig)
+
+// FinishConfig holds the configuration for finishing a span. It is usually passed around by
+// reference to one or more FinishOption functions which shape it into its final form.
+type FinishConfig struct {
+	// FinishTime represents the time that should be set as finishing time for the
+	// span. Implementations should use the current time when FinishTime.IsZero().
+	FinishTime time.Time
+
+	// Error holds an optional error that should be set on the span before
+	// finishing.
+	Error error
+
+	// NoDebugStack will prevent any set errors from generating an attached stack trace tag.
+	NoDebugStack bool
+
+	// StackFrames specifies the number of stack frames to be attached in spans that finish with errors.
+	StackFrames uint
+
+	// SkipStackFrames specifies the offset at which to start reporting stack frames from the stack.
+	SkipStackFrames uint
+}
+
+// StartSpanConfig holds the configuration for starting a new span. It is usually passed
+// around by reference to one or more StartSpanOption functions which shape it into its
+// final form.
+type StartSpanConfig struct {
+	// Parent holds the SpanContext that should be used as a parent for the
+	// new span. If nil, implementations should return a root span.
+	Parent SpanContext
+
+	// StartTime holds the time that should be used as the start time of the span.
+	// Implementations should use the current time when StartTime.IsZero().
+	StartTime time.Time
+
+	// Tags holds a set of key/value pairs that should be set as metadata on the
+	// new span.
+	Tags map[string]interface{}
+
+	// SpanID will be the SpanID of the Span, overriding the random number that would
+	// be generated. If no Parent SpanContext is present, then this will also set the
+	// TraceID to the same value.
+	SpanID uint64
+
+	// Context is the parent context where the span should be stored.
+	Context context.Context
+}
+
+// Logger implementations are able to log given messages that the tracer or profiler might output.
+type Logger interface {
+	// Log prints the given message.
+	Log(msg string)
+}
+
+// UseLogger sets l as the logger for all tracer and profiler logs.
+func UseLogger(l Logger) {
+	log.UseLogger(l)
+}
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/ext/app_types.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/ext/app_types.go
new file mode 100644
index 000000000..eb6ded8f6
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/ext/app_types.go
@@ -0,0 +1,81 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016 Datadog, Inc.
+
+package ext // import "gopkg.in/DataDog/dd-trace-go.v1/ddtrace/ext"
+
+// App types determine how to categorize a trace in the Datadog application.
+// For more fine-grained behaviour, use the SpanType* constants.
+const (
+	// DEPRECATED: Use SpanTypeWeb
+	// AppTypeWeb specifies the Web span type and can be used as a tag value
+	// for a span's SpanType tag.
+	AppTypeWeb = "web"
+
+	// AppTypeDB specifies the DB span type and can be used as a tag value
+	// for a span's SpanType tag. If possible, use one of the SpanType*
+	// constants for a more accurate indication.
+	AppTypeDB = "db"
+
+	// AppTypeCache specifies the Cache span type and can be used as a tag value
+	// for a span's SpanType tag. If possible, consider using SpanTypeRedis or
+	// SpanTypeMemcached.
+	AppTypeCache = "cache"
+
+	// AppTypeRPC specifies the RPC span type and can be used as a tag value
+	// for a span's SpanType tag.
+	AppTypeRPC = "rpc"
+)
+
+// Span types have similar behaviour to "app types" and help categorize
+// traces in the Datadog application. They can also help fine grain agent
+// level behaviours such as obfuscation and quantization, when these are
+// enabled in the agent's configuration.
+const (
+	// SpanTypeWeb marks a span as an HTTP server request.
+	SpanTypeWeb = "web"
+
+	// SpanTypeHTTP marks a span as an HTTP client request.
+	SpanTypeHTTP = "http"
+
+	// SpanTypeSQL marks a span as an SQL operation. These spans may
+	// have an "sql.command" tag.
+	SpanTypeSQL = "sql"
+
+	// SpanTypeCassandra marks a span as a Cassandra operation. These
+	// spans may have an "sql.command" tag.
+	SpanTypeCassandra = "cassandra"
+
+	// SpanTypeRedis marks a span as a Redis operation. These spans may
+	// also have a "redis.raw_command" tag.
+	SpanTypeRedis = "redis"
+
+	// SpanTypeMemcached marks a span as a memcached operation.
+	SpanTypeMemcached = "memcached"
+
+	// SpanTypeMongoDB marks a span as a MongoDB operation.
+	SpanTypeMongoDB = "mongodb"
+
+	// SpanTypeElasticSearch marks a span as an ElasticSearch operation.
+	// These spans may also have an "elasticsearch.body" tag.
+	SpanTypeElasticSearch = "elasticsearch"
+
+	// SpanTypeLevelDB marks a span as a leveldb operation
+	SpanTypeLevelDB = "leveldb"
+
+	// SpanTypeDNS marks a span as a DNS operation.
+	SpanTypeDNS = "dns"
+
+	// SpanTypeMessageConsumer marks a span as a queue operation
+	SpanTypeMessageConsumer = "queue"
+
+	// SpanTypeMessageProducer marks a span as a queue operation.
+	SpanTypeMessageProducer = "queue"
+
+	// SpanTypeConsul marks a span as a Consul operation.
+	SpanTypeConsul = "consul"
+
+	// SpanTypeGraphql marks a span as a graphql operation.
+	SpanTypeGraphQL = "graphql"
+)
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/ext/db.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/ext/db.go
new file mode 100644
index 000000000..8074342d1
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/ext/db.go
@@ -0,0 +1,87 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016 Datadog, Inc.
+
+package ext
+
+const (
+	// DBApplication indicates the application using the database.
+	DBApplication = "db.application"
+	// DBName indicates the database name.
+	DBName = "db.name"
+	// DBType indicates the type of Database.
+	DBType = "db.type"
+	// DBInstance indicates the instance name of Database.
+	DBInstance = "db.instance"
+	// DBUser indicates the user name of Database, e.g. "readonly_user" or "reporting_user".
+	DBUser = "db.user"
+	// DBStatement records a database statement for the given database type.
+	DBStatement = "db.statement"
+	// DBSystem indicates the database management system (DBMS) product being used.
+	DBSystem = "db.system"
+)
+
+// Available values for db.system.
+const (
+	DBSystemMemcached          = "memcached"
+	DBSystemMySQL              = "mysql"
+	DBSystemPostgreSQL         = "postgresql"
+	DBSystemMicrosoftSQLServer = "mssql"
+	// DBSystemOtherSQL is used for other SQL databases not listed above.
+	DBSystemOtherSQL      = "other_sql"
+	DBSystemElasticsearch = "elasticsearch"
+	DBSystemRedis         = "redis"
+	DBSystemMongoDB       = "mongodb"
+	DBSystemCassandra     = "cassandra"
+	DBSystemConsulKV      = "consul"
+	DBSystemLevelDB       = "leveldb"
+	DBSystemBuntDB        = "buntdb"
+)
+
+// MicrosoftSQLServer tags.
+const (
+	// MicrosoftSQLServerInstanceName indicates the Microsoft SQL Server instance name connecting to.
+	MicrosoftSQLServerInstanceName = "db.mssql.instance_name"
+)
+
+// MongoDB tags.
+const (
+	// MongoDBCollection indicates the collection being accessed.
+	MongoDBCollection = "db.mongodb.collection"
+)
+
+// Redis tags.
+const (
+	// RedisDatabaseIndex indicates the Redis database index connected to.
+	RedisDatabaseIndex = "db.redis.database_index"
+)
+
+// Cassandra tags.
+const (
+	// CassandraQuery is the tag name used for cassandra queries.
+	// Deprecated: this value is no longer used internally and will be removed in future versions.
+	CassandraQuery = "cassandra.query"
+
+	// CassandraBatch is the tag name used for cassandra batches.
+	// Deprecated: this value is no longer used internally and will be removed in future versions.
+	CassandraBatch = "cassandra.batch"
+
+	// CassandraConsistencyLevel is the tag name to set for consitency level.
+	CassandraConsistencyLevel = "cassandra.consistency_level"
+
+	// CassandraCluster specifies the tag name that is used to set the cluster.
+	CassandraCluster = "cassandra.cluster"
+
+	// CassandraRowCount specifies the tag name to use when settings the row count.
+	CassandraRowCount = "cassandra.row_count"
+
+	// CassandraKeyspace is used as tag name for setting the key space.
+	CassandraKeyspace = "cassandra.keyspace"
+
+	// CassandraPaginated specifies the tag name for paginated queries.
+	CassandraPaginated = "cassandra.paginated"
+
+	// CassandraContactPoints holds the list of cassandra initial seed nodes used to discover the cluster.
+	CassandraContactPoints = "db.cassandra.contact.points"
+)
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/ext/messaging.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/ext/messaging.go
new file mode 100644
index 000000000..553cfaa69
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/ext/messaging.go
@@ -0,0 +1,25 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2023 Datadog, Inc.
+
+package ext
+
+const (
+	// MessagingSystem identifies which messaging system created this span (kafka, rabbitmq, amazonsqs, googlepubsub...)
+	MessagingSystem = "messaging.system"
+)
+
+// Available values for messaging.system.
+const (
+	MessagingSystemGCPPubsub = "googlepubsub"
+	MessagingSystemKafka     = "kafka"
+)
+
+// Kafka tags.
+const (
+	// MessagingKafkaPartition defines the Kafka partition the trace is associated with.
+	MessagingKafkaPartition = "messaging.kafka.partition"
+	// KafkaBootstrapServers holds a comma separated list of bootstrap servers as defined in producer or consumer config.
+	KafkaBootstrapServers = "messaging.kafka.bootstrap.servers"
+)
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/ext/peer.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/ext/peer.go
new file mode 100644
index 000000000..f9909cb8b
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/ext/peer.go
@@ -0,0 +1,20 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016 Datadog, Inc.
+
+package ext
+
+const (
+	// PeerHostIPV4 records IPv4 host address of the peer.
+	PeerHostIPV4 = "peer.ipv4"
+	// PeerHostIPV6 records the IPv6 host address of the peer.
+	PeerHostIPV6 = "peer.ipv6"
+	// PeerService records the service name of the peer service.
+	PeerService = "peer.service"
+	// PeerHostname records the host name of the peer.
+	// Deprecated: Use NetworkDestinationName instead for hostname and NetworkDestinationIP for IP addresses
+	PeerHostname = "peer.hostname"
+	// PeerPort records the port number of the peer.
+	PeerPort = "peer.port"
+)
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/ext/priority.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/ext/priority.go
new file mode 100644
index 000000000..8a5c0fc40
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/ext/priority.go
@@ -0,0 +1,27 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016 Datadog, Inc.
+
+package ext
+
+// Priority is a hint given to the backend so that it knows which traces to reject or kept.
+// In a distributed context, it should be set before any context propagation (fork, RPC calls) to be effective.
+
+const (
+	// PriorityUserReject informs the backend that a trace should be rejected and not stored.
+	// This should be used by user code or configuration overriding default priority
+	PriorityUserReject = -1
+
+	// PriorityAutoReject informs the backend that a trace should be rejected and not stored.
+	// This is used by the builtin sampler.
+	PriorityAutoReject = 0
+
+	// PriorityAutoKeep informs the backend that a trace should be kept and not stored.
+	// This is used by the builtin sampler.
+	PriorityAutoKeep = 1
+
+	// PriorityUserKeep informs the backend that a trace should be kept and not stored.
+	// This should be used by user code or configuration overriding default priority
+	PriorityUserKeep = 2
+)
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/ext/rpc.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/ext/rpc.go
new file mode 100644
index 000000000..e7c430822
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/ext/rpc.go
@@ -0,0 +1,34 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2023 Datadog, Inc.
+
+package ext
+
+const (
+	// RPCSystem identifies the RPC remoting system.
+	RPCSystem = "rpc.system"
+	// RPCService represents the full (logical) name of the service being called, including its package name,
+	// if applicable. Note this is the logical name of the service from the RPC interface perspective,
+	// which can be different from the name of any implementing class.
+	RPCService = "rpc.service"
+	// RPCMethod represents the name of the (logical) method being called. Note this is the logical name of the
+	// method from the RPC interface perspective, which can be different from the name of
+	// any implementing method/function.
+	RPCMethod = "rpc.method"
+)
+
+// Well-known identifiers for rpc.system.
+const (
+	// RPCSystemGRPC identifies gRPC.
+	RPCSystemGRPC = "grpc"
+	// RPCSystemTwirp identifies Twirp.
+	RPCSystemTwirp = "twirp"
+)
+
+// gRPC specific tags.
+const (
+	// GRPCFullMethod represents the full name of the logical method being called following the
+	// format: /$package.$service/$method
+	GRPCFullMethod = "rpc.grpc.full_method"
+)
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/ext/span_kind.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/ext/span_kind.go
new file mode 100644
index 000000000..71a3ce50b
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/ext/span_kind.go
@@ -0,0 +1,32 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016 Datadog, Inc.
+
+package ext
+
+// span_kind values are set per span following the opentelemetry standard
+// falls under the values of client, server, producer, consumer, and internal
+const (
+
+	// SpanKindServer indicates that the span covers server-side handling of a synchronous RPC or other remote request
+	// This span should not have any local parents but can have other distributed parents
+	SpanKindServer = "server"
+
+	// SpanKindClient indicates that the span describes a request to some remote service.
+	// This span should not have any local children but can have other distributed children
+	SpanKindClient = "client"
+
+	// SpanKindConsumer indicates that the span describes the initiators of an asynchronous request.
+	// This span should not have any local parents but can have other distributed parents
+	SpanKindConsumer = "consumer"
+
+	// SpanKindProducer indicates that the span describes a child of an asynchronous producer request.
+	// This span should not have any local children but can have other distributed children
+	SpanKindProducer = "producer"
+
+	// SpanKindInternal indicates that the span represents an internal operation within an application,
+	// as opposed to an operations with remote parents or children.
+	// This is the default value and not explicitly set to save memory
+	SpanKindInternal = "internal"
+)
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/ext/system.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/ext/system.go
new file mode 100644
index 000000000..163720a4f
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/ext/system.go
@@ -0,0 +1,12 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016 Datadog, Inc.
+
+package ext
+
+// Standard system metadata names
+const (
+	// The pid of the traced process
+	Pid = "process_id"
+)
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/ext/tags.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/ext/tags.go
new file mode 100644
index 000000000..375d7df7b
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/ext/tags.go
@@ -0,0 +1,120 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016 Datadog, Inc.
+
+// Package ext contains a set of Datadog-specific constants. Most of them are used
+// for setting span metadata.
+package ext
+
+const (
+	// TargetHost sets the target host address.
+	// Deprecated: Use NetworkDestinationName instead for hostname and NetworkDestinationIP for IP addresses
+	TargetHost = "out.host"
+
+	// NetworkDestinationName is the remote hostname or similar where the outbound connection is being made to.
+	NetworkDestinationName = "network.destination.name"
+
+	// NetworkDestinationIP is the remote address where the outbound connection is being made to.
+	NetworkDestinationIP = "network.destination.ip"
+
+	// TargetPort sets the target host port.
+	// Deprecated: Use NetworkDestinationPort instead.
+	TargetPort = "out.port"
+
+	// NetworkDestinationPort is the remote port number of the outbound connection.
+	NetworkDestinationPort = "network.destination.port"
+
+	// SamplingPriority is the tag that marks the sampling priority of a span.
+	// Deprecated in favor of ManualKeep and ManualDrop.
+	SamplingPriority = "sampling.priority"
+
+	// SQLType sets the sql type tag.
+	SQLType = "sql"
+
+	// SQLQuery sets the sql query tag on a span.
+	SQLQuery = "sql.query"
+
+	// HTTPMethod specifies the HTTP method used in a span.
+	HTTPMethod = "http.method"
+
+	// HTTPCode sets the HTTP status code as a tag.
+	HTTPCode = "http.status_code"
+
+	// HTTPRoute is the route value of the HTTP request.
+	HTTPRoute = "http.route"
+
+	// HTTPURL sets the HTTP URL for a span.
+	HTTPURL = "http.url"
+
+	// HTTPUserAgent is the user agent header value of the HTTP request.
+	HTTPUserAgent = "http.useragent"
+
+	// HTTPClientIP sets the HTTP client IP tag.
+	HTTPClientIP = "http.client_ip"
+
+	// HTTPRequestHeaders sets the HTTP request headers partial tag
+	// This tag is meant to be composed, i.e http.request.headers.headerX, http.request.headers.headerY, etc...
+	// See https://docs.datadoghq.com/tracing/trace_collection/tracing_naming_convention/#http-requests
+	HTTPRequestHeaders = "http.request.headers"
+
+	// SpanName is a pseudo-key for setting a span's operation name by means of
+	// a tag. It is mostly here to facilitate vendor-agnostic frameworks like Opentracing
+	// and OpenCensus.
+	SpanName = "span.name"
+
+	// SpanType defines the Span type (web, db, cache).
+	SpanType = "span.type"
+
+	// ServiceName defines the Service name for this Span.
+	ServiceName = "service.name"
+
+	// Version is a tag that specifies the current application version.
+	Version = "version"
+
+	// ResourceName defines the Resource name for the Span.
+	ResourceName = "resource.name"
+
+	// Error specifies the error tag. It's value is usually of type "error".
+	Error = "error"
+
+	// ErrorMsg specifies the error message.
+	ErrorMsg = "error.message"
+
+	// ErrorType specifies the error type.
+	ErrorType = "error.type"
+
+	// ErrorStack specifies the stack dump.
+	ErrorStack = "error.stack"
+
+	// ErrorDetails holds details about an error which implements a formatter.
+	ErrorDetails = "error.details"
+
+	// Environment specifies the environment to use with a trace.
+	Environment = "env"
+
+	// EventSampleRate specifies the rate at which this span will be sampled
+	// as an APM event.
+	EventSampleRate = "_dd1.sr.eausr"
+
+	// AnalyticsEvent specifies whether the span should be recorded as a Trace
+	// Search & Analytics event.
+	AnalyticsEvent = "analytics.event"
+
+	// ManualKeep is a tag which specifies that the trace to which this span
+	// belongs to should be kept when set to true.
+	ManualKeep = "manual.keep"
+
+	// ManualDrop is a tag which specifies that the trace to which this span
+	// belongs to should be dropped when set to true.
+	ManualDrop = "manual.drop"
+
+	// RuntimeID is a tag that contains a unique id for this process.
+	RuntimeID = "runtime-id"
+
+	// Component defines library integration the span originated from.
+	Component = "component"
+
+	// SpanKind defines the kind of span based on Otel requirements (client, server, producer, consumer).
+	SpanKind = "span.kind"
+)
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/internal/globaltracer.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/internal/globaltracer.go
new file mode 100644
index 000000000..363d1f998
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/internal/globaltracer.go
@@ -0,0 +1,104 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016 Datadog, Inc.
+
+package internal // import "gopkg.in/DataDog/dd-trace-go.v1/ddtrace/internal"
+
+import (
+	"sync/atomic"
+
+	"gopkg.in/DataDog/dd-trace-go.v1/ddtrace"
+)
+
+var (
+	// globalTracer stores the current tracer as *ddtrace.Tracer (pointer to interface). The
+	// atomic.Value type requires types to be consistent, which requires using *ddtrace.Tracer.
+	globalTracer atomic.Value
+)
+
+func init() {
+	var tracer ddtrace.Tracer = &NoopTracer{}
+	globalTracer.Store(&tracer)
+}
+
+// SetGlobalTracer sets the global tracer to t.
+func SetGlobalTracer(t ddtrace.Tracer) {
+	old := *globalTracer.Swap(&t).(*ddtrace.Tracer)
+	if !Testing {
+		old.Stop()
+	}
+}
+
+// GetGlobalTracer returns the currently active tracer.
+func GetGlobalTracer() ddtrace.Tracer {
+	return *globalTracer.Load().(*ddtrace.Tracer)
+}
+
+// Testing is set to true when the mock tracer is active. It usually signifies that we are in a test
+// environment. This value is used by tracer.Start to prevent overriding the GlobalTracer in tests.
+var Testing = false
+
+var _ ddtrace.Tracer = (*NoopTracer)(nil)
+
+// NoopTracer is an implementation of ddtrace.Tracer that is a no-op.
+type NoopTracer struct{}
+
+// StartSpan implements ddtrace.Tracer.
+func (NoopTracer) StartSpan(_ string, _ ...ddtrace.StartSpanOption) ddtrace.Span {
+	return NoopSpan{}
+}
+
+// SetServiceInfo implements ddtrace.Tracer.
+func (NoopTracer) SetServiceInfo(_, _, _ string) {}
+
+// Extract implements ddtrace.Tracer.
+func (NoopTracer) Extract(_ interface{}) (ddtrace.SpanContext, error) {
+	return NoopSpanContext{}, nil
+}
+
+// Inject implements ddtrace.Tracer.
+func (NoopTracer) Inject(_ ddtrace.SpanContext, _ interface{}) error { return nil }
+
+// Stop implements ddtrace.Tracer.
+func (NoopTracer) Stop() {}
+
+var _ ddtrace.Span = (*NoopSpan)(nil)
+
+// NoopSpan is an implementation of ddtrace.Span that is a no-op.
+type NoopSpan struct{}
+
+// SetTag implements ddtrace.Span.
+func (NoopSpan) SetTag(_ string, _ interface{}) {}
+
+// SetOperationName implements ddtrace.Span.
+func (NoopSpan) SetOperationName(_ string) {}
+
+// BaggageItem implements ddtrace.Span.
+func (NoopSpan) BaggageItem(_ string) string { return "" }
+
+// SetBaggageItem implements ddtrace.Span.
+func (NoopSpan) SetBaggageItem(_, _ string) {}
+
+// Finish implements ddtrace.Span.
+func (NoopSpan) Finish(_ ...ddtrace.FinishOption) {}
+
+// Tracer implements ddtrace.Span.
+func (NoopSpan) Tracer() ddtrace.Tracer { return NoopTracer{} }
+
+// Context implements ddtrace.Span.
+func (NoopSpan) Context() ddtrace.SpanContext { return NoopSpanContext{} }
+
+var _ ddtrace.SpanContext = (*NoopSpanContext)(nil)
+
+// NoopSpanContext is an implementation of ddtrace.SpanContext that is a no-op.
+type NoopSpanContext struct{}
+
+// SpanID implements ddtrace.SpanContext.
+func (NoopSpanContext) SpanID() uint64 { return 0 }
+
+// TraceID implements ddtrace.SpanContext.
+func (NoopSpanContext) TraceID() uint64 { return 0 }
+
+// ForeachBaggageItem implements ddtrace.SpanContext.
+func (NoopSpanContext) ForeachBaggageItem(_ func(k, v string) bool) {}
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/abandonedspans.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/abandonedspans.go
new file mode 100644
index 000000000..defad4183
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/abandonedspans.go
@@ -0,0 +1,300 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016 Datadog, Inc.
+
+package tracer
+
+import (
+	"container/list"
+	"fmt"
+	"sort"
+	"strings"
+	"sync"
+	"sync/atomic"
+	"time"
+
+	"gopkg.in/DataDog/dd-trace-go.v1/internal/log"
+)
+
+var (
+	tickerInterval = 1 * time.Minute
+	logSize        = 9000
+)
+
+// bucket is a not thread-safe generic implementation of a dynamic collection of elements
+// stored under a value-bound key (like time). Inspired by concentrator.rawBucket.
+type bucket[K comparable, T any] struct {
+	start, duration uint64
+	// index is a map of data's entries by aggregating value to avoid iterating data.
+	index map[K]*list.Element
+	// data is a list because insertion order may be important to users.
+	data *list.List
+}
+
+func newBucket[K comparable, T any](btime uint64, bsize int64) *bucket[K, T] {
+	return &bucket[K, T]{
+		start:    btime,
+		duration: uint64(bsize),
+		index:    make(map[K]*list.Element),
+		data:     list.New(),
+	}
+}
+
+func (b *bucket[K, T]) add(k K, v T) {
+	e := b.data.PushBack(v)
+	b.index[k] = e
+}
+
+func (b *bucket[K, T]) get(k K) (T, bool) {
+	e, ok := b.index[k]
+	if !ok {
+		// Compiler trick to return any zero value in generic code.
+		// https://stackoverflow.com/a/70589302
+		var zero T
+		return zero, ok
+	}
+	return e.Value.(T), ok
+}
+
+func (b *bucket[K, T]) remove(k K) {
+	e, ok := b.index[k]
+	if !ok {
+		return
+	}
+	delete(b.index, k)
+	_ = b.data.Remove(e)
+}
+
+func (b *bucket[K, T]) Len() int {
+	return b.data.Len()
+}
+
+// abandonedSpanCandidate is a struct to store the minimum required information about
+// spans that can be abandoned.
+type abandonedSpanCandidate struct {
+	Name            string
+	TraceID, SpanID uint64
+	Start           int64
+	Finished        bool
+}
+
+func newAbandonedSpanCandidate(s *span, finished bool) *abandonedSpanCandidate {
+	// finished is explicit instead of implicit as s.finished may be not set
+	// at the moment of calling this method.
+	// Also, locking is not required as it's called while the span is already locked or it's
+	// being initialized.
+	return &abandonedSpanCandidate{
+		Name:     s.Name,
+		TraceID:  s.TraceID,
+		SpanID:   s.SpanID,
+		Start:    s.Start,
+		Finished: finished,
+	}
+}
+
+// String takes a span and returns a human-readable string representing that span.
+func (s *abandonedSpanCandidate) String() string {
+	age := now() - s.Start
+	a := fmt.Sprintf("%d sec", age/1e9)
+	return fmt.Sprintf("[name: %s, span_id: %d, trace_id: %d, age: %s],", s.Name, s.SpanID, s.TraceID, a)
+}
+
+type abandonedSpansDebugger struct {
+	// buckets holds all the potentially abandoned tracked spans sharded by the configured interval.
+	buckets map[int64]*bucket[uint64, *abandonedSpanCandidate]
+
+	// In takes candidate spans and adds them to the debugger.
+	In chan *abandonedSpanCandidate
+
+	// waits for any active goroutines
+	wg sync.WaitGroup
+
+	// stop causes the debugger to shut down when closed.
+	stop chan struct{}
+
+	// stopped reports whether the debugger is stopped (when non-zero).
+	stopped uint32
+
+	// addedSpans and removedSpans are internal counters, mainly for testing
+	// purposes
+	addedSpans, removedSpans uint32
+}
+
+// newAbandonedSpansDebugger creates a new abandonedSpansDebugger debugger
+func newAbandonedSpansDebugger() *abandonedSpansDebugger {
+	d := &abandonedSpansDebugger{
+		buckets: make(map[int64]*bucket[uint64, *abandonedSpanCandidate]),
+		In:      make(chan *abandonedSpanCandidate, 10000),
+	}
+	atomic.SwapUint32(&d.stopped, 1)
+	return d
+}
+
+// Start periodically finds and reports potentially abandoned spans that are older
+// than the given interval. These spans are stored in a bucketed linked list,
+// sorted by their `Start` time, where the front of the list contains the oldest spans,
+// and the end of the list contains the newest spans.
+func (d *abandonedSpansDebugger) Start(interval time.Duration) {
+	if atomic.SwapUint32(&d.stopped, 0) == 0 {
+		// already running
+		log.Warn("(*abandonedSpansDebugger).Start called more than once. This is likely a programming error.")
+		return
+	}
+	d.stop = make(chan struct{})
+	d.wg.Add(1)
+	go func() {
+		defer d.wg.Done()
+		tick := time.NewTicker(tickerInterval)
+		defer tick.Stop()
+		d.runConsumer(tick, &interval)
+	}()
+}
+
+func (d *abandonedSpansDebugger) runConsumer(tick *time.Ticker, interval *time.Duration) {
+	for {
+		select {
+		case <-tick.C:
+			d.log(interval)
+		case s := <-d.In:
+			if s.Finished {
+				d.remove(s, *interval)
+			} else {
+				d.add(s, *interval)
+			}
+		case <-d.stop:
+			return
+		}
+	}
+}
+
+func (d *abandonedSpansDebugger) Stop() {
+	if d == nil {
+		return
+	}
+	if atomic.SwapUint32(&d.stopped, 1) > 0 {
+		return
+	}
+	close(d.stop)
+	d.wg.Wait()
+	d.log(nil)
+}
+
+func (d *abandonedSpansDebugger) add(s *abandonedSpanCandidate, interval time.Duration) {
+	// Locking was considered in this method and remove method, but it's not required as long
+	// as these methods are called from the single goroutine responsible for debugging
+	// the abandoned spans.
+	bucketSize := interval.Nanoseconds()
+	btime := alignTs(s.Start, bucketSize)
+	b, ok := d.buckets[btime]
+	if !ok {
+		b = newBucket[uint64, *abandonedSpanCandidate](uint64(btime), bucketSize)
+		d.buckets[btime] = b
+	}
+
+	b.add(s.SpanID, s)
+	atomic.AddUint32(&d.addedSpans, 1)
+}
+
+func (d *abandonedSpansDebugger) remove(s *abandonedSpanCandidate, interval time.Duration) {
+	bucketSize := interval.Nanoseconds()
+	btime := alignTs(s.Start, bucketSize)
+	b, ok := d.buckets[btime]
+	if !ok {
+		return
+	}
+	// If a matching bucket exists, attempt to find the element containing
+	// the finished span, then remove that element from the bucket.
+	// If a bucket becomes empty, also remove that bucket from the
+	// abandoned spans list.
+	b.remove(s.SpanID)
+	atomic.AddUint32(&d.removedSpans, 1)
+	if b.Len() > 0 {
+		return
+	}
+	delete(d.buckets, btime)
+}
+
+// log returns a string containing potentially abandoned spans. If `interval` is
+// `nil`, it will print all unfinished spans. If `interval` holds a time.Duration, it will
+// only print spans that are older than `interval`. It will also truncate the log message to
+// `logSize` bytes to prevent overloading the logger.
+func (d *abandonedSpansDebugger) log(interval *time.Duration) {
+	var (
+		sb        strings.Builder
+		spanCount = 0
+		truncated = false
+		curTime   = now()
+	)
+
+	if len(d.buckets) == 0 {
+		return
+	}
+
+	// maps are iterated in random order, and to guarantee that is iterated in
+	// creation order, it's required to sort first the buckets' keys.
+	keys := make([]int64, 0, len(d.buckets))
+	for k := range d.buckets {
+		keys = append(keys, k)
+	}
+	sort.Slice(keys, func(i, j int) bool {
+		return keys[i] < keys[j]
+	})
+	for _, k := range keys {
+		if truncated {
+			break
+		}
+
+		// Since spans are bucketed by time, finding a bucket that is newer
+		// than the allowed time interval means that all spans in this bucket
+		// and future buckets will be younger than `interval`, and thus aren't
+		// worth checking.
+		b := d.buckets[k]
+		if interval != nil && curTime-int64(b.start) < interval.Nanoseconds() {
+			break
+		}
+
+		msg, nSpans := formatAbandonedSpans(b, interval, curTime)
+		spanCount += nSpans
+		space := logSize - len(sb.String())
+		if len(msg) > space {
+			msg = msg[0:space]
+			truncated = true
+		}
+		sb.WriteString(msg)
+	}
+
+	if spanCount == 0 {
+		return
+	}
+
+	log.Warn("%d abandoned spans:", spanCount)
+	if truncated {
+		log.Warn("Too many abandoned spans. Truncating message.")
+		sb.WriteString("...")
+	}
+	log.Warn(sb.String())
+}
+
+// formatAbandonedSpans takes a bucket and returns a human-readable string representing
+// the contents of it. If `interval` is not nil, it will check if the bucket might
+// contain spans older than the user configured timeout. If it does, it will filter for
+// older spans. If not, it will print all spans without checking their duration.
+func formatAbandonedSpans(b *bucket[uint64, *abandonedSpanCandidate], interval *time.Duration, curTime int64) (string, int) {
+	var (
+		sb        strings.Builder
+		spanCount int
+	)
+	for e := b.data.Front(); e != nil; e = e.Next() {
+		s := e.Value.(*abandonedSpanCandidate)
+		// If `interval` is not nil, it will check if the span is older than the
+		// user configured timeout, and discard it if it is not.
+		if interval != nil && curTime-s.Start < interval.Nanoseconds() {
+			continue
+		}
+		spanCount++
+		msg := s.String()
+		sb.WriteString(msg)
+	}
+	return sb.String(), spanCount
+}
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/context.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/context.go
new file mode 100644
index 000000000..5698dea68
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/context.go
@@ -0,0 +1,59 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016 Datadog, Inc.
+
+package tracer
+
+import (
+	"context"
+
+	"gopkg.in/DataDog/dd-trace-go.v1/ddtrace"
+	traceinternal "gopkg.in/DataDog/dd-trace-go.v1/ddtrace/internal"
+	"gopkg.in/DataDog/dd-trace-go.v1/internal"
+)
+
+// ContextWithSpan returns a copy of the given context which includes the span s.
+func ContextWithSpan(ctx context.Context, s Span) context.Context {
+	return context.WithValue(ctx, internal.ActiveSpanKey, s)
+}
+
+// SpanFromContext returns the span contained in the given context. A second return
+// value indicates if a span was found in the context. If no span is found, a no-op
+// span is returned.
+func SpanFromContext(ctx context.Context) (Span, bool) {
+	if ctx == nil {
+		return &traceinternal.NoopSpan{}, false
+	}
+	v := ctx.Value(internal.ActiveSpanKey)
+	if s, ok := v.(ddtrace.Span); ok {
+		return s, true
+	}
+	return &traceinternal.NoopSpan{}, false
+}
+
+// StartSpanFromContext returns a new span with the given operation name and options. If a span
+// is found in the context, it will be used as the parent of the resulting span. If the ChildOf
+// option is passed, it will only be used as the parent if there is no span found in `ctx`.
+func StartSpanFromContext(ctx context.Context, operationName string, opts ...StartSpanOption) (Span, context.Context) {
+	// copy opts in case the caller reuses the slice in parallel
+	// we will add at least 1, at most 2 items
+	optsLocal := make([]StartSpanOption, len(opts), len(opts)+2)
+	copy(optsLocal, opts)
+
+	if ctx == nil {
+		// default to context.Background() to avoid panics on Go >= 1.15
+		ctx = context.Background()
+	} else if s, ok := SpanFromContext(ctx); ok {
+		optsLocal = append(optsLocal, ChildOf(s.Context()))
+	}
+	optsLocal = append(optsLocal, withContext(ctx))
+	s := StartSpan(operationName, optsLocal...)
+	if span, ok := s.(*span); ok && span.pprofCtxActive != nil {
+		// If pprof labels were applied for this span, use the derived ctx that
+		// includes them. Otherwise a child of this span wouldn't be able to
+		// correctly restore the labels of its parent when it finishes.
+		ctx = span.pprofCtxActive
+	}
+	return s, ContextWithSpan(ctx, s)
+}
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/data_streams.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/data_streams.go
new file mode 100644
index 000000000..32585cd41
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/data_streams.go
@@ -0,0 +1,64 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016 Datadog, Inc.
+
+package tracer
+
+import (
+	"context"
+
+	"gopkg.in/DataDog/dd-trace-go.v1/datastreams/options"
+	"gopkg.in/DataDog/dd-trace-go.v1/ddtrace/internal"
+	idatastreams "gopkg.in/DataDog/dd-trace-go.v1/internal/datastreams"
+)
+
+// dataStreamsContainer is an object that contains a data streams processor.
+type dataStreamsContainer interface {
+	GetDataStreamsProcessor() *idatastreams.Processor
+}
+
+// GetDataStreamsProcessor returns the processor tracking data streams stats
+func (t *tracer) GetDataStreamsProcessor() *idatastreams.Processor {
+	return t.dataStreams
+}
+
+// SetDataStreamsCheckpoint sets a consume or produce checkpoint in a Data Streams pathway.
+// This enables tracking data flow & end to end latency.
+// To learn more about the data streams product, see: https://docs.datadoghq.com/data_streams/go/
+func SetDataStreamsCheckpoint(ctx context.Context, edgeTags ...string) (outCtx context.Context, ok bool) {
+	return SetDataStreamsCheckpointWithParams(ctx, options.CheckpointParams{}, edgeTags...)
+}
+
+// SetDataStreamsCheckpointWithParams sets a consume or produce checkpoint in a Data Streams pathway.
+// This enables tracking data flow & end to end latency.
+// To learn more about the data streams product, see: https://docs.datadoghq.com/data_streams/go/
+func SetDataStreamsCheckpointWithParams(ctx context.Context, params options.CheckpointParams, edgeTags ...string) (outCtx context.Context, ok bool) {
+	if t, ok := internal.GetGlobalTracer().(dataStreamsContainer); ok {
+		if processor := t.GetDataStreamsProcessor(); processor != nil {
+			outCtx = processor.SetCheckpointWithParams(ctx, params, edgeTags...)
+			return outCtx, true
+		}
+	}
+	return ctx, false
+}
+
+// TrackKafkaCommitOffset should be used in the consumer, to track when it acks offset.
+// if used together with TrackKafkaProduceOffset it can generate a Kafka lag in seconds metric.
+func TrackKafkaCommitOffset(group, topic string, partition int32, offset int64) {
+	if t, ok := internal.GetGlobalTracer().(dataStreamsContainer); ok {
+		if p := t.GetDataStreamsProcessor(); p != nil {
+			p.TrackKafkaCommitOffset(group, topic, partition, offset)
+		}
+	}
+}
+
+// TrackKafkaProduceOffset should be used in the producer, to track when it produces a message.
+// if used together with TrackKafkaCommitOffset it can generate a Kafka lag in seconds metric.
+func TrackKafkaProduceOffset(topic string, partition int32, offset int64) {
+	if t, ok := internal.GetGlobalTracer().(dataStreamsContainer); ok {
+		if p := t.GetDataStreamsProcessor(); p != nil {
+			p.TrackKafkaProduceOffset(topic, partition, offset)
+		}
+	}
+}
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/doc.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/doc.go
new file mode 100644
index 000000000..0880db0d1
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/doc.go
@@ -0,0 +1,110 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016 Datadog, Inc.
+
+// Package tracer contains Datadog's core tracing client. It is used to trace
+// requests as they flow across web servers, databases and microservices, giving
+// developers visibility into bottlenecks and troublesome requests. To start the
+// tracer, simply call the start method along with an optional set of options.
+// By default, the trace agent is considered to be found at "localhost:8126". In a
+// setup where this would be different (let's say 127.0.0.1:1234), we could do:
+//
+//	tracer.Start(tracer.WithAgentAddr("127.0.0.1:1234"))
+//	defer tracer.Stop()
+//
+// The tracing client can perform trace sampling. While the trace agent
+// already samples traces to reduce bandwidth usage, client sampling reduces
+// performance overhead. To make use of it, the package comes with a ready-to-use
+// rate sampler that can be passed to the tracer. To use it and keep only 30% of the
+// requests, one would do:
+//
+//	s := tracer.NewRateSampler(0.3)
+//	tracer.Start(tracer.WithSampler(s))
+//
+// More precise control of sampling rates can be configured using sampling rules.
+// This can be applied based on span name, service or both, and is used to determine
+// the sampling rate to apply. MaxPerSecond specifies max number of spans per second
+// that can be sampled per the rule and applies only to sampling rules of type
+// tracer.SamplingRuleSpan. If MaxPerSecond is not specified, the default is no limit.
+//
+//	rules := []tracer.SamplingRule{
+//	      // sample 10% of traces with the span name "web.request"
+//	      tracer.NameRule("web.request", 0.1),
+//	      // sample 20% of traces for the service "test-service"
+//	      tracer.ServiceRule("test-service", 0.2),
+//	      // sample 30% of traces when the span name is "db.query" and the service
+//	      // is "postgres.db"
+//	      tracer.NameServiceRule("db.query", "postgres.db", 0.3),
+//	      // sample 100% of traces when service and name match these regular expressions
+//	      {Service: regexp.MustCompile("^test-"), Name: regexp.MustCompile("http\\..*"), Rate: 1.0},
+//	      // sample 50% of spans when service and name match these glob patterns with no limit on the number of spans
+//	      tracer.SpanNameServiceRule("^test-", "http\\..*", 0.5),
+//	      // sample 50% of spans when service and name match these glob patterns up to 100 spans per second
+//	      tracer.SpanNameServiceMPSRule("^test-", "http\\..*", 0.5, 100),
+//	}
+//	tracer.Start(tracer.WithSamplingRules(rules))
+//	defer tracer.Stop()
+//
+// Sampling rules can also be configured at runtime using the DD_TRACE_SAMPLING_RULES and
+// DD_SPAN_SAMPLING_RULES environment variables. When set, it overrides rules set by tracer.WithSamplingRules.
+// The value is a JSON array of objects.
+// For trace sampling rules, the "sample_rate" field is required, the "name" and "service" fields are optional.
+// For span sampling rules, the "name" and "service", if specified, must be a valid glob pattern,
+// i.e. a string where "*" matches any contiguous substring, even an empty string,
+// and "?" character matches exactly one of any character.
+// The "sample_rate" field is optional, and if not specified, defaults to "1.0", sampling 100% of the spans.
+// The "max_per_second" field is optional, and if not specified, defaults to 0, keeping all the previously sampled spans.
+//
+//	export DD_TRACE_SAMPLING_RULES='[{"name": "web.request", "sample_rate": 1.0}]'
+//	export DD_SPAN_SAMPLING_RULES='[{"service":"test.?","name": "web.*", "sample_rate": 1.0, "max_per_second":100}]'
+//
+// To create spans, use the functions StartSpan and StartSpanFromContext. Both accept
+// StartSpanOptions that can be used to configure the span. A span that is started
+// with no parent will begin a new trace. See the function documentation for details
+// on specific usage. Each trace has a hard limit of 100,000 spans, after which the
+// trace will be dropped and give a diagnostic log message. In practice users should
+// not approach this limit as traces of this size are not useful and impossible to
+// visualize.
+//
+// See the contrib package ( https://pkg.go.dev/gopkg.in/DataDog/dd-trace-go.v1/contrib )
+// for integrating datadog with various libraries, frameworks and clients.
+//
+// All spans created by the tracer contain a context hereby referred to as the span
+// context. Note that this is different from Go's context. The span context is used
+// to package essential information from a span, which is needed when creating child
+// spans that inherit from it. Thus, a child span is created from a span's span context.
+// The span context can originate from within the same process, but also a
+// different process or even a different machine in the case of distributed tracing.
+//
+// To make use of distributed tracing, a span's context may be injected via a carrier
+// into a transport (HTTP, RPC, etc.) to be extracted on the other end and used to
+// create spans that are direct descendants of it. A couple of carrier interfaces
+// which should cover most of the use-case scenarios are readily provided, such as
+// HTTPCarrier and TextMapCarrier. Users are free to create their own, which will work
+// with our propagation algorithm as long as they implement the TextMapReader and TextMapWriter
+// interfaces. An example alternate implementation is the MDCarrier in our gRPC integration.
+//
+// As an example, injecting a span's context into an HTTP request would look like this.
+// (See the net/http contrib package for more examples https://pkg.go.dev/gopkg.in/DataDog/dd-trace-go.v1/contrib/net/http):
+//
+//	req, err := http.NewRequest("GET", "http://example.com", nil)
+//	// ...
+//	err := tracer.Inject(span.Context(), tracer.HTTPHeadersCarrier(req.Header))
+//	// ...
+//	http.DefaultClient.Do(req)
+//
+// Then, on the server side, to continue the trace one would do:
+//
+//	sctx, err := tracer.Extract(tracer.HTTPHeadersCarrier(req.Header))
+//	// ...
+//	span := tracer.StartSpan("child.span", tracer.ChildOf(sctx))
+//
+// In the same manner, any means can be used as a carrier to inject a context into a transport. Go's
+// context can also be used as a means to transport spans within the same process. The methods
+// StartSpanFromContext, ContextWithSpan and SpanFromContext exist for this reason.
+//
+// Some libraries and frameworks are supported out-of-the-box by using one
+// of our integrations. You can see a list of supported integrations here:
+// https://godoc.org/gopkg.in/DataDog/dd-trace-go.v1/contrib
+package tracer // import "gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer"
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/log.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/log.go
new file mode 100644
index 000000000..654d7a4d2
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/log.go
@@ -0,0 +1,136 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016 Datadog, Inc.
+
+package tracer
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"math"
+	"net/http"
+	"runtime"
+	"time"
+
+	"gopkg.in/DataDog/dd-trace-go.v1/internal/appsec"
+	"gopkg.in/DataDog/dd-trace-go.v1/internal/globalconfig"
+	"gopkg.in/DataDog/dd-trace-go.v1/internal/log"
+	"gopkg.in/DataDog/dd-trace-go.v1/internal/osinfo"
+	"gopkg.in/DataDog/dd-trace-go.v1/internal/version"
+)
+
+// startupInfo contains various information about the status of the tracer on startup.
+type startupInfo struct {
+	Date                        string                       `json:"date"`                           // ISO 8601 date and time of start
+	OSName                      string                       `json:"os_name"`                        // Windows, Darwin, Debian, etc.
+	OSVersion                   string                       `json:"os_version"`                     // Version of the OS
+	Version                     string                       `json:"version"`                        // Tracer version
+	Lang                        string                       `json:"lang"`                           // "Go"
+	LangVersion                 string                       `json:"lang_version"`                   // Go version, e.g. go1.13
+	Env                         string                       `json:"env"`                            // Tracer env
+	Service                     string                       `json:"service"`                        // Tracer Service
+	AgentURL                    string                       `json:"agent_url"`                      // The address of the agent
+	AgentError                  string                       `json:"agent_error"`                    // Any error that occurred trying to connect to agent
+	Debug                       bool                         `json:"debug"`                          // Whether debug mode is enabled
+	AnalyticsEnabled            bool                         `json:"analytics_enabled"`              // True if there is a global analytics rate set
+	SampleRate                  string                       `json:"sample_rate"`                    // The default sampling rate for the rules sampler
+	SampleRateLimit             string                       `json:"sample_rate_limit"`              // The rate limit configured with the rules sampler
+	SamplingRules               []SamplingRule               `json:"sampling_rules"`                 // Rules used by the rules sampler
+	SamplingRulesError          string                       `json:"sampling_rules_error"`           // Any errors that occurred while parsing sampling rules
+	ServiceMappings             map[string]string            `json:"service_mappings"`               // Service Mappings
+	Tags                        map[string]string            `json:"tags"`                           // Global tags
+	RuntimeMetricsEnabled       bool                         `json:"runtime_metrics_enabled"`        // Whether runtime metrics are enabled
+	HealthMetricsEnabled        bool                         `json:"health_metrics_enabled"`         // Whether health metrics are enabled
+	ProfilerCodeHotspotsEnabled bool                         `json:"profiler_code_hotspots_enabled"` // Whether profiler code hotspots are enabled
+	ProfilerEndpointsEnabled    bool                         `json:"profiler_endpoints_enabled"`     // Whether profiler endpoints are enabled
+	ApplicationVersion          string                       `json:"dd_version"`                     // Version of the user's application
+	Architecture                string                       `json:"architecture"`                   // Architecture of host machine
+	GlobalService               string                       `json:"global_service"`                 // Global service string. If not-nil should be same as Service. (#614)
+	LambdaMode                  string                       `json:"lambda_mode"`                    // Whether the client has enabled lambda mode
+	AppSec                      bool                         `json:"appsec"`                         // AppSec status: true when started, false otherwise.
+	AgentFeatures               agentFeatures                `json:"agent_features"`                 // Lists the capabilities of the agent.
+	Integrations                map[string]integrationConfig `json:"integrations"`                   // Available tracer integrations
+	PartialFlushEnabled         bool                         `json:"partial_flush_enabled"`          // Whether Partial Flushing is enabled
+	PartialFlushMinSpans        int                          `json:"partial_flush_min_spans"`        // The min number of spans to trigger a partial flush
+	Orchestrion                 orchestrionConfig            `json:"orchestrion"`                    // Orchestrion (auto-instrumentation) configuration.
+}
+
+// checkEndpoint tries to connect to the URL specified by endpoint.
+// If the endpoint is not reachable, checkEndpoint returns an error
+// explaining why.
+func checkEndpoint(c *http.Client, endpoint string) error {
+	req, err := http.NewRequest("POST", endpoint, bytes.NewReader([]byte{0x90}))
+	if err != nil {
+		return fmt.Errorf("cannot create http request: %v", err)
+	}
+	req.Header.Set(traceCountHeader, "0")
+	req.Header.Set("Content-Type", "application/msgpack")
+	res, err := c.Do(req)
+	if err != nil {
+		return err
+	}
+	defer res.Body.Close()
+	return nil
+}
+
+// logStartup generates a startupInfo for a tracer and writes it to the log in
+// JSON format.
+func logStartup(t *tracer) {
+	tags := make(map[string]string)
+	for k, v := range t.config.globalTags {
+		tags[k] = fmt.Sprintf("%v", v)
+	}
+
+	info := startupInfo{
+		Date:                        time.Now().Format(time.RFC3339),
+		OSName:                      osinfo.OSName(),
+		OSVersion:                   osinfo.OSVersion(),
+		Version:                     version.Tag,
+		Lang:                        "Go",
+		LangVersion:                 runtime.Version(),
+		Env:                         t.config.env,
+		Service:                     t.config.serviceName,
+		AgentURL:                    t.config.transport.endpoint(),
+		Debug:                       t.config.debug,
+		AnalyticsEnabled:            !math.IsNaN(globalconfig.AnalyticsRate()),
+		SampleRate:                  fmt.Sprintf("%f", t.rulesSampling.traces.globalRate),
+		SampleRateLimit:             "disabled",
+		SamplingRules:               append(t.config.traceRules, t.config.spanRules...),
+		ServiceMappings:             t.config.serviceMappings,
+		Tags:                        tags,
+		RuntimeMetricsEnabled:       t.config.runtimeMetrics,
+		HealthMetricsEnabled:        t.config.runtimeMetrics,
+		ApplicationVersion:          t.config.version,
+		ProfilerCodeHotspotsEnabled: t.config.profilerHotspots,
+		ProfilerEndpointsEnabled:    t.config.profilerEndpoints,
+		Architecture:                runtime.GOARCH,
+		GlobalService:               globalconfig.ServiceName(),
+		LambdaMode:                  fmt.Sprintf("%t", t.config.logToStdout),
+		AgentFeatures:               t.config.agent,
+		Integrations:                t.config.integrations,
+		AppSec:                      appsec.Enabled(),
+		PartialFlushEnabled:         t.config.partialFlushEnabled,
+		PartialFlushMinSpans:        t.config.partialFlushMinSpans,
+		Orchestrion:                 t.config.orchestrionCfg,
+	}
+	if _, _, err := samplingRulesFromEnv(); err != nil {
+		info.SamplingRulesError = fmt.Sprintf("%s", err)
+	}
+	if limit, ok := t.rulesSampling.TraceRateLimit(); ok {
+		info.SampleRateLimit = fmt.Sprintf("%v", limit)
+	}
+	if !t.config.logToStdout {
+		if err := checkEndpoint(t.config.httpClient, t.config.transport.endpoint()); err != nil {
+			info.AgentError = fmt.Sprintf("%s", err)
+			log.Warn("DIAGNOSTICS Unable to reach agent intake: %s", err)
+		}
+	}
+	bs, err := json.Marshal(info)
+	if err != nil {
+		log.Warn("DIAGNOSTICS Failed to serialize json for startup log (%v) %#v\n", err, info)
+		return
+	}
+	log.Info("DATADOG TRACER CONFIGURATION %s\n", string(bs))
+}
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/metrics.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/metrics.go
new file mode 100644
index 000000000..409d8a439
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/metrics.go
@@ -0,0 +1,101 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016 Datadog, Inc.
+
+package tracer
+
+import (
+	"runtime"
+	"runtime/debug"
+	"sync/atomic"
+	"time"
+
+	"gopkg.in/DataDog/dd-trace-go.v1/internal/log"
+)
+
+// defaultMetricsReportInterval specifies the interval at which runtime metrics will
+// be reported.
+const defaultMetricsReportInterval = 10 * time.Second
+
+// reportRuntimeMetrics periodically reports go runtime metrics at
+// the given interval.
+func (t *tracer) reportRuntimeMetrics(interval time.Duration) {
+	var ms runtime.MemStats
+	gc := debug.GCStats{
+		// When len(stats.PauseQuantiles) is 5, it will be filled with the
+		// minimum, 25%, 50%, 75%, and maximum pause times. See the documentation
+		// for (runtime/debug).ReadGCStats.
+		PauseQuantiles: make([]time.Duration, 5),
+	}
+
+	tick := time.NewTicker(interval)
+	defer tick.Stop()
+	for {
+		select {
+		case <-tick.C:
+			log.Debug("Reporting runtime metrics...")
+			runtime.ReadMemStats(&ms)
+			debug.ReadGCStats(&gc)
+
+			statsd := t.statsd
+			// CPU statistics
+			statsd.Gauge("runtime.go.num_cpu", float64(runtime.NumCPU()), nil, 1)
+			statsd.Gauge("runtime.go.num_goroutine", float64(runtime.NumGoroutine()), nil, 1)
+			statsd.Gauge("runtime.go.num_cgo_call", float64(runtime.NumCgoCall()), nil, 1)
+			// General statistics
+			statsd.Gauge("runtime.go.mem_stats.alloc", float64(ms.Alloc), nil, 1)
+			statsd.Gauge("runtime.go.mem_stats.total_alloc", float64(ms.TotalAlloc), nil, 1)
+			statsd.Gauge("runtime.go.mem_stats.sys", float64(ms.Sys), nil, 1)
+			statsd.Gauge("runtime.go.mem_stats.lookups", float64(ms.Lookups), nil, 1)
+			statsd.Gauge("runtime.go.mem_stats.mallocs", float64(ms.Mallocs), nil, 1)
+			statsd.Gauge("runtime.go.mem_stats.frees", float64(ms.Frees), nil, 1)
+			// Heap memory statistics
+			statsd.Gauge("runtime.go.mem_stats.heap_alloc", float64(ms.HeapAlloc), nil, 1)
+			statsd.Gauge("runtime.go.mem_stats.heap_sys", float64(ms.HeapSys), nil, 1)
+			statsd.Gauge("runtime.go.mem_stats.heap_idle", float64(ms.HeapIdle), nil, 1)
+			statsd.Gauge("runtime.go.mem_stats.heap_inuse", float64(ms.HeapInuse), nil, 1)
+			statsd.Gauge("runtime.go.mem_stats.heap_released", float64(ms.HeapReleased), nil, 1)
+			statsd.Gauge("runtime.go.mem_stats.heap_objects", float64(ms.HeapObjects), nil, 1)
+			// Stack memory statistics
+			statsd.Gauge("runtime.go.mem_stats.stack_inuse", float64(ms.StackInuse), nil, 1)
+			statsd.Gauge("runtime.go.mem_stats.stack_sys", float64(ms.StackSys), nil, 1)
+			// Off-heap memory statistics
+			statsd.Gauge("runtime.go.mem_stats.m_span_inuse", float64(ms.MSpanInuse), nil, 1)
+			statsd.Gauge("runtime.go.mem_stats.m_span_sys", float64(ms.MSpanSys), nil, 1)
+			statsd.Gauge("runtime.go.mem_stats.m_cache_inuse", float64(ms.MCacheInuse), nil, 1)
+			statsd.Gauge("runtime.go.mem_stats.m_cache_sys", float64(ms.MCacheSys), nil, 1)
+			statsd.Gauge("runtime.go.mem_stats.buck_hash_sys", float64(ms.BuckHashSys), nil, 1)
+			statsd.Gauge("runtime.go.mem_stats.gc_sys", float64(ms.GCSys), nil, 1)
+			statsd.Gauge("runtime.go.mem_stats.other_sys", float64(ms.OtherSys), nil, 1)
+			// Garbage collector statistics
+			statsd.Gauge("runtime.go.mem_stats.next_gc", float64(ms.NextGC), nil, 1)
+			statsd.Gauge("runtime.go.mem_stats.last_gc", float64(ms.LastGC), nil, 1)
+			statsd.Gauge("runtime.go.mem_stats.pause_total_ns", float64(ms.PauseTotalNs), nil, 1)
+			statsd.Gauge("runtime.go.mem_stats.num_gc", float64(ms.NumGC), nil, 1)
+			statsd.Gauge("runtime.go.mem_stats.num_forced_gc", float64(ms.NumForcedGC), nil, 1)
+			statsd.Gauge("runtime.go.mem_stats.gc_cpu_fraction", ms.GCCPUFraction, nil, 1)
+			for i, p := range []string{"min", "25p", "50p", "75p", "max"} {
+				statsd.Gauge("runtime.go.gc_stats.pause_quantiles."+p, float64(gc.PauseQuantiles[i]), nil, 1)
+			}
+
+		case <-t.stop:
+			return
+		}
+	}
+}
+
+func (t *tracer) reportHealthMetrics(interval time.Duration) {
+	ticker := time.NewTicker(interval)
+	defer ticker.Stop()
+	for {
+		select {
+		case <-ticker.C:
+			t.statsd.Count("datadog.tracer.spans_started", int64(atomic.SwapUint32(&t.spansStarted, 0)), nil, 1)
+			t.statsd.Count("datadog.tracer.spans_finished", int64(atomic.SwapUint32(&t.spansFinished, 0)), nil, 1)
+			t.statsd.Count("datadog.tracer.traces_dropped", int64(atomic.SwapUint32(&t.tracesDropped, 0)), []string{"reason:trace_too_large"}, 1)
+		case <-t.stop:
+			return
+		}
+	}
+}
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/option.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/option.go
new file mode 100644
index 000000000..18e8c1739
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/option.go
@@ -0,0 +1,1292 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016 Datadog, Inc.
+
+package tracer
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"math"
+	"net"
+	"net/http"
+	"net/url"
+	"os"
+	"path/filepath"
+	"regexp"
+	"runtime"
+	"runtime/debug"
+	"strconv"
+	"strings"
+	"time"
+
+	"gopkg.in/DataDog/dd-trace-go.v1/ddtrace"
+	"gopkg.in/DataDog/dd-trace-go.v1/ddtrace/ext"
+	"gopkg.in/DataDog/dd-trace-go.v1/internal"
+	"gopkg.in/DataDog/dd-trace-go.v1/internal/globalconfig"
+	"gopkg.in/DataDog/dd-trace-go.v1/internal/log"
+	"gopkg.in/DataDog/dd-trace-go.v1/internal/namingschema"
+	"gopkg.in/DataDog/dd-trace-go.v1/internal/normalizer"
+	"gopkg.in/DataDog/dd-trace-go.v1/internal/traceprof"
+	"gopkg.in/DataDog/dd-trace-go.v1/internal/version"
+
+	"github.com/DataDog/datadog-go/v5/statsd"
+)
+
+var contribIntegrations = map[string]struct {
+	name     string // user readable name for startup logs
+	imported bool   // true if the user has imported the integration
+}{
+	"github.com/99designs/gqlgen":                   {"gqlgen", false},
+	"github.com/aws/aws-sdk-go":                     {"AWS SDK", false},
+	"github.com/aws/aws-sdk-go-v2":                  {"AWS SDK v2", false},
+	"github.com/bradfitz/gomemcache":                {"Memcache", false},
+	"cloud.google.com/go/pubsub.v1":                 {"Pub/Sub", false},
+	"github.com/confluentinc/confluent-kafka-go":    {"Kafka (confluent)", false},
+	"github.com/confluentinc/confluent-kafka-go/v2": {"Kafka (confluent) v2", false},
+	"database/sql":                                  {"SQL", false},
+	"github.com/dimfeld/httptreemux/v5":             {"HTTP Treemux", false},
+	"github.com/elastic/go-elasticsearch/v6":        {"Elasticsearch v6", false},
+	"github.com/emicklei/go-restful":                {"go-restful", false},
+	"github.com/emicklei/go-restful/v3":             {"go-restful v3", false},
+	"github.com/garyburd/redigo":                    {"Redigo (dep)", false},
+	"github.com/gin-gonic/gin":                      {"Gin", false},
+	"github.com/globalsign/mgo":                     {"MongoDB (mgo)", false},
+	"github.com/go-chi/chi":                         {"chi", false},
+	"github.com/go-chi/chi/v5":                      {"chi v5", false},
+	"github.com/go-pg/pg/v10":                       {"go-pg v10", false},
+	"github.com/go-redis/redis":                     {"Redis", false},
+	"github.com/go-redis/redis/v7":                  {"Redis v7", false},
+	"github.com/go-redis/redis/v8":                  {"Redis v8", false},
+	"go.mongodb.org/mongo-driver":                   {"MongoDB", false},
+	"github.com/gocql/gocql":                        {"Cassandra", false},
+	"github.com/gofiber/fiber/v2":                   {"Fiber", false},
+	"github.com/gomodule/redigo":                    {"Redigo", false},
+	"google.golang.org/api":                         {"Google API", false},
+	"google.golang.org/grpc":                        {"gRPC", false},
+	"google.golang.org/grpc/v12":                    {"gRPC v12", false},
+	"gopkg.in/jinzhu/gorm.v1":                       {"Gorm (gopkg)", false},
+	"github.com/gorilla/mux":                        {"Gorilla Mux", false},
+	"gorm.io/gorm.v1":                               {"Gorm v1", false},
+	"github.com/graph-gophers/graphql-go":           {"GraphQL", false},
+	"github.com/hashicorp/consul/api":               {"Consul", false},
+	"github.com/hashicorp/vault/api":                {"Vault", false},
+	"github.com/jinzhu/gorm":                        {"Gorm", false},
+	"github.com/jmoiron/sqlx":                       {"SQLx", false},
+	"github.com/julienschmidt/httprouter":           {"HTTP Router", false},
+	"k8s.io/client-go/kubernetes":                   {"Kubernetes", false},
+	"github.com/labstack/echo":                      {"echo", false},
+	"github.com/labstack/echo/v4":                   {"echo v4", false},
+	"github.com/miekg/dns":                          {"miekg/dns", false},
+	"net/http":                                      {"HTTP", false},
+	"gopkg.in/olivere/elastic.v5":                   {"Elasticsearch v5", false},
+	"gopkg.in/olivere/elastic.v3":                   {"Elasticsearch v3", false},
+	"github.com/redis/go-redis/v9":                  {"Redis v9", false},
+	"github.com/segmentio/kafka-go":                 {"Kafka v0", false},
+	"github.com/IBM/sarama":                         {"IBM sarama", false},
+	"github.com/Shopify/sarama":                     {"Shopify sarama", false},
+	"github.com/sirupsen/logrus":                    {"Logrus", false},
+	"github.com/syndtr/goleveldb":                   {"LevelDB", false},
+	"github.com/tidwall/buntdb":                     {"BuntDB", false},
+	"github.com/twitchtv/twirp":                     {"Twirp", false},
+	"github.com/urfave/negroni":                     {"Negroni", false},
+	"github.com/zenazn/goji":                        {"Goji", false},
+}
+
+var (
+	// defaultSocketAPM specifies the socket path to use for connecting to the trace-agent.
+	// Replaced in tests
+	defaultSocketAPM = "/var/run/datadog/apm.socket"
+
+	// defaultSocketDSD specifies the socket path to use for connecting to the statsd server.
+	// Replaced in tests
+	defaultSocketDSD = "/var/run/datadog/dsd.socket"
+
+	// defaultMaxTagsHeaderLen specifies the default maximum length of the X-Datadog-Tags header value.
+	defaultMaxTagsHeaderLen = 128
+)
+
+// config holds the tracer configuration.
+type config struct {
+	// debug, when true, writes details to logs.
+	debug bool
+
+	// agent holds the capabilities of the agent and determines some
+	// of the behaviour of the tracer.
+	agent agentFeatures
+
+	// integrations reports if the user has instrumented a Datadog integration and
+	// if they have a version of the library available to integrate.
+	integrations map[string]integrationConfig
+
+	// featureFlags specifies any enabled feature flags.
+	featureFlags map[string]struct{}
+
+	// logToStdout reports whether we should log all traces to the standard
+	// output instead of using the agent. This is used in Lambda environments.
+	logToStdout bool
+
+	// sendRetries is the number of times a trace payload send is retried upon
+	// failure.
+	sendRetries int
+
+	// logStartup, when true, causes various startup info to be written
+	// when the tracer starts.
+	logStartup bool
+
+	// serviceName specifies the name of this application.
+	serviceName string
+
+	// universalVersion, reports whether span service name and config service name
+	// should match to set application version tag. False by default
+	universalVersion bool
+
+	// version specifies the version of this application
+	version string
+
+	// env contains the environment that this application will run under.
+	env string
+
+	// sampler specifies the sampler that will be used for sampling traces.
+	sampler Sampler
+
+	// agentURL is the agent URL that receives traces from the tracer.
+	agentURL *url.URL
+
+	// serviceMappings holds a set of service mappings to dynamically rename services
+	serviceMappings map[string]string
+
+	// globalTags holds a set of tags that will be automatically applied to
+	// all spans.
+	globalTags map[string]interface{}
+
+	// transport specifies the Transport interface which will be used to send data to the agent.
+	transport transport
+
+	// propagator propagates span context cross-process
+	propagator Propagator
+
+	// httpClient specifies the HTTP client to be used by the agent's transport.
+	httpClient *http.Client
+
+	// hostname is automatically assigned when the DD_TRACE_REPORT_HOSTNAME is set to true,
+	// and is added as a special tag to the root span of traces.
+	hostname string
+
+	// logger specifies the logger to use when printing errors. If not specified, the "log" package
+	// will be used.
+	logger ddtrace.Logger
+
+	// runtimeMetrics specifies whether collection of runtime metrics is enabled.
+	runtimeMetrics bool
+
+	// dogstatsdAddr specifies the address to connect for sending metrics to the
+	// Datadog Agent. If not set, it defaults to "localhost:8125" or to the
+	// combination of the environment variables DD_AGENT_HOST and DD_DOGSTATSD_PORT.
+	dogstatsdAddr string
+
+	// statsdClient is set when a user provides a custom statsd client for tracking metrics
+	// associated with the runtime and the tracer.
+	statsdClient internal.StatsdClient
+
+	// spanRules contains user-defined rules to determine the sampling rate to apply
+	// to a single span without affecting the entire trace
+	spanRules []SamplingRule
+
+	// traceRules contains user-defined rules to determine the sampling rate to apply
+	// to the entire trace if any spans satisfy the criteria
+	traceRules []SamplingRule
+
+	// tickChan specifies a channel which will receive the time every time the tracer must flush.
+	// It defaults to time.Ticker; replaced in tests.
+	tickChan <-chan time.Time
+
+	// noDebugStack disables the collection of debug stack traces globally. No traces reporting
+	// errors will record a stack trace when this option is set.
+	noDebugStack bool
+
+	// profilerHotspots specifies whether profiler Code Hotspots is enabled.
+	profilerHotspots bool
+
+	// profilerEndpoints specifies whether profiler endpoint filtering is enabled.
+	profilerEndpoints bool
+
+	// enabled reports whether tracing is enabled.
+	enabled bool
+
+	// enableHostnameDetection specifies whether the tracer should enable hostname detection.
+	enableHostnameDetection bool
+
+	// spanAttributeSchemaVersion holds the selected DD_TRACE_SPAN_ATTRIBUTE_SCHEMA version.
+	spanAttributeSchemaVersion int
+
+	// peerServiceDefaultsEnabled indicates whether the peer.service tag calculation is enabled or not.
+	peerServiceDefaultsEnabled bool
+
+	// peerServiceMappings holds a set of service mappings to dynamically rename peer.service values.
+	peerServiceMappings map[string]string
+
+	// debugAbandonedSpans controls if the tracer should log when old, open spans are found
+	debugAbandonedSpans bool
+
+	// spanTimeout represents how old a span can be before it should be logged as a possible
+	// misconfiguration
+	spanTimeout time.Duration
+
+	// partialFlushMinSpans is the number of finished spans in a single trace to trigger a
+	// partial flush, or 0 if partial flushing is disabled.
+	// Value from DD_TRACE_PARTIAL_FLUSH_MIN_SPANS, default 1000.
+	partialFlushMinSpans int
+
+	// partialFlushEnabled specifices whether the tracer should enable partial flushing. Value
+	// from DD_TRACE_PARTIAL_FLUSH_ENABLED, default false.
+	partialFlushEnabled bool
+
+	// statsComputationEnabled enables client-side stats computation (aka trace metrics).
+	statsComputationEnabled bool
+
+	// dataStreamsMonitoringEnabled specifies whether the tracer should enable monitoring of data streams
+	dataStreamsMonitoringEnabled bool
+
+	// orchestrionCfg holds Orchestrion (aka auto-instrumentation) configuration.
+	// Only used for telemetry currently.
+	orchestrionCfg orchestrionConfig
+}
+
+// orchestrionConfig contains Orchestrion configuration.
+type orchestrionConfig struct {
+	// Enabled indicates whether this tracer was instanciated via Orchestrion.
+	Enabled bool `json:"enabled"`
+
+	// Metadata holds Orchestrion specific metadata (e.g orchestrion version, mode (toolexec or manual) etc..)
+	Metadata map[string]string `json:"metadata,omitempty"`
+}
+
+// HasFeature reports whether feature f is enabled.
+func (c *config) HasFeature(f string) bool {
+	_, ok := c.featureFlags[strings.TrimSpace(f)]
+	return ok
+}
+
+// StartOption represents a function that can be provided as a parameter to Start.
+type StartOption func(*config)
+
+// maxPropagatedTagsLength limits the size of DD_TRACE_X_DATADOG_TAGS_MAX_LENGTH to prevent HTTP 413 responses.
+const maxPropagatedTagsLength = 512
+
+// partialFlushMinSpansDefault is the default number of spans for partial flushing, if enabled.
+const partialFlushMinSpansDefault = 1000
+
+// newConfig renders the tracer configuration based on defaults, environment variables
+// and passed user opts.
+func newConfig(opts ...StartOption) *config {
+	c := new(config)
+	c.sampler = NewAllSampler()
+
+	if internal.BoolEnv("DD_TRACE_ANALYTICS_ENABLED", false) {
+		globalconfig.SetAnalyticsRate(1.0)
+	}
+	if os.Getenv("DD_TRACE_REPORT_HOSTNAME") == "true" {
+		var err error
+		c.hostname, err = os.Hostname()
+		if err != nil {
+			log.Warn("unable to look up hostname: %v", err)
+		}
+	}
+	if v := os.Getenv("DD_TRACE_SOURCE_HOSTNAME"); v != "" {
+		c.hostname = v
+	}
+	if v := os.Getenv("DD_ENV"); v != "" {
+		c.env = v
+	}
+	if v := os.Getenv("DD_TRACE_FEATURES"); v != "" {
+		WithFeatureFlags(strings.FieldsFunc(v, func(r rune) bool {
+			return r == ',' || r == ' '
+		})...)(c)
+	}
+	if v := os.Getenv("DD_SERVICE"); v != "" {
+		c.serviceName = v
+		globalconfig.SetServiceName(v)
+	}
+	if ver := os.Getenv("DD_VERSION"); ver != "" {
+		c.version = ver
+	}
+	if v := os.Getenv("DD_SERVICE_MAPPING"); v != "" {
+		internal.ForEachStringTag(v, func(key, val string) { WithServiceMapping(key, val)(c) })
+	}
+	if v := os.Getenv("DD_TRACE_HEADER_TAGS"); v != "" {
+		WithHeaderTags(strings.Split(v, ","))(c)
+	}
+	if v := os.Getenv("DD_TAGS"); v != "" {
+		tags := internal.ParseTagString(v)
+		internal.CleanGitMetadataTags(tags)
+		for key, val := range tags {
+			WithGlobalTag(key, val)(c)
+		}
+	}
+	if _, ok := os.LookupEnv("AWS_LAMBDA_FUNCTION_NAME"); ok {
+		// AWS_LAMBDA_FUNCTION_NAME being set indicates that we're running in an AWS Lambda environment.
+		// See: https://docs.aws.amazon.com/lambda/latest/dg/configuration-envvars.html
+		c.logToStdout = true
+	}
+	c.logStartup = internal.BoolEnv("DD_TRACE_STARTUP_LOGS", true)
+	c.runtimeMetrics = internal.BoolEnv("DD_RUNTIME_METRICS_ENABLED", false)
+	c.debug = internal.BoolEnv("DD_TRACE_DEBUG", false)
+	c.enabled = internal.BoolEnv("DD_TRACE_ENABLED", true)
+	c.profilerEndpoints = internal.BoolEnv(traceprof.EndpointEnvVar, true)
+	c.profilerHotspots = internal.BoolEnv(traceprof.CodeHotspotsEnvVar, true)
+	c.enableHostnameDetection = internal.BoolEnv("DD_CLIENT_HOSTNAME_ENABLED", true)
+	c.debugAbandonedSpans = internal.BoolEnv("DD_TRACE_DEBUG_ABANDONED_SPANS", false)
+	if c.debugAbandonedSpans {
+		c.spanTimeout = internal.DurationEnv("DD_TRACE_ABANDONED_SPAN_TIMEOUT", 10*time.Minute)
+	}
+	c.statsComputationEnabled = internal.BoolEnv("DD_TRACE_STATS_COMPUTATION_ENABLED", false)
+	c.dataStreamsMonitoringEnabled = internal.BoolEnv("DD_DATA_STREAMS_ENABLED", false)
+	c.partialFlushEnabled = internal.BoolEnv("DD_TRACE_PARTIAL_FLUSH_ENABLED", false)
+	c.partialFlushMinSpans = internal.IntEnv("DD_TRACE_PARTIAL_FLUSH_MIN_SPANS", partialFlushMinSpansDefault)
+	if c.partialFlushMinSpans <= 0 {
+		log.Warn("DD_TRACE_PARTIAL_FLUSH_MIN_SPANS=%d is not a valid value, setting to default %d", c.partialFlushMinSpans, partialFlushMinSpansDefault)
+		c.partialFlushMinSpans = partialFlushMinSpansDefault
+	} else if c.partialFlushMinSpans >= traceMaxSize {
+		log.Warn("DD_TRACE_PARTIAL_FLUSH_MIN_SPANS=%d is above the max number of spans that can be kept in memory for a single trace (%d spans), so partial flushing will never trigger, setting to default %d", c.partialFlushMinSpans, traceMaxSize, partialFlushMinSpansDefault)
+		c.partialFlushMinSpans = partialFlushMinSpansDefault
+	}
+	// TODO(partialFlush): consider logging a warning if DD_TRACE_PARTIAL_FLUSH_MIN_SPANS
+	// is set, but DD_TRACE_PARTIAL_FLUSH_ENABLED is not true. Or just assume it should be enabled
+	// if it's explicitly set, and don't require both variables to be configured.
+
+	schemaVersionStr := os.Getenv("DD_TRACE_SPAN_ATTRIBUTE_SCHEMA")
+	if v, ok := namingschema.ParseVersion(schemaVersionStr); ok {
+		namingschema.SetVersion(v)
+		c.spanAttributeSchemaVersion = int(v)
+	} else {
+		v := namingschema.SetDefaultVersion()
+		c.spanAttributeSchemaVersion = int(v)
+		log.Warn("DD_TRACE_SPAN_ATTRIBUTE_SCHEMA=%s is not a valid value, setting to default of v%d", schemaVersionStr, v)
+	}
+	// Allow DD_TRACE_SPAN_ATTRIBUTE_SCHEMA=v0 users to disable default integration (contrib AKA v0) service names.
+	// These default service names are always disabled for v1 onwards.
+	namingschema.SetUseGlobalServiceName(internal.BoolEnv("DD_TRACE_REMOVE_INTEGRATION_SERVICE_NAMES_ENABLED", false))
+
+	// peer.service tag default calculation is enabled by default if using attribute schema >= 1
+	c.peerServiceDefaultsEnabled = true
+	if c.spanAttributeSchemaVersion == int(namingschema.SchemaV0) {
+		c.peerServiceDefaultsEnabled = internal.BoolEnv("DD_TRACE_PEER_SERVICE_DEFAULTS_ENABLED", false)
+	}
+	c.peerServiceMappings = make(map[string]string)
+	if v := os.Getenv("DD_TRACE_PEER_SERVICE_MAPPING"); v != "" {
+		internal.ForEachStringTag(v, func(key, val string) { c.peerServiceMappings[key] = val })
+	}
+
+	for _, fn := range opts {
+		fn(c)
+	}
+	if c.agentURL == nil {
+		c.agentURL = resolveAgentAddr()
+		if url := internal.AgentURLFromEnv(); url != nil {
+			c.agentURL = url
+		}
+	}
+	if c.agentURL.Scheme == "unix" {
+		// If we're connecting over UDS we can just rely on the agent to provide the hostname
+		log.Debug("connecting to agent over unix, do not set hostname on any traces")
+		c.enableHostnameDetection = false
+		c.httpClient = udsClient(c.agentURL.Path)
+		c.agentURL = &url.URL{
+			Scheme: "http",
+			Host:   fmt.Sprintf("UDS_%s", strings.NewReplacer(":", "_", "/", "_", `\`, "_").Replace(c.agentURL.Path)),
+		}
+	} else if c.httpClient == nil {
+		c.httpClient = defaultClient
+	}
+	WithGlobalTag(ext.RuntimeID, globalconfig.RuntimeID())(c)
+	if c.env == "" {
+		if v, ok := c.globalTags["env"]; ok {
+			if e, ok := v.(string); ok {
+				c.env = e
+			}
+		}
+	}
+	if c.version == "" {
+		if v, ok := c.globalTags["version"]; ok {
+			if ver, ok := v.(string); ok {
+				c.version = ver
+			}
+		}
+	}
+	if c.serviceName == "" {
+		if v, ok := c.globalTags["service"]; ok {
+			if s, ok := v.(string); ok {
+				c.serviceName = s
+				globalconfig.SetServiceName(s)
+			}
+		} else {
+			// There is not an explicit service set, default to binary name.
+			// In this case, don't set a global service name so the contribs continue using their defaults.
+			c.serviceName = filepath.Base(os.Args[0])
+		}
+	}
+	if c.transport == nil {
+		c.transport = newHTTPTransport(c.agentURL.String(), c.httpClient)
+	}
+	if c.propagator == nil {
+		envKey := "DD_TRACE_X_DATADOG_TAGS_MAX_LENGTH"
+		max := internal.IntEnv(envKey, defaultMaxTagsHeaderLen)
+		if max < 0 {
+			log.Warn("Invalid value %d for %s. Setting to 0.", max, envKey)
+			max = 0
+		}
+		if max > maxPropagatedTagsLength {
+			log.Warn("Invalid value %d for %s. Maximum allowed is %d. Setting to %d.", max, envKey, maxPropagatedTagsLength, maxPropagatedTagsLength)
+			max = maxPropagatedTagsLength
+		}
+		c.propagator = NewPropagator(&PropagatorConfig{
+			MaxTagsHeaderLen: max,
+		})
+	}
+	if c.logger != nil {
+		log.UseLogger(c.logger)
+	}
+	if c.debug {
+		log.SetLevel(log.LevelDebug)
+	}
+	c.agent = loadAgentFeatures(c.logToStdout, c.agentURL, c.httpClient)
+	info, ok := debug.ReadBuildInfo()
+	if !ok {
+		c.loadContribIntegrations([]*debug.Module{})
+	} else {
+		c.loadContribIntegrations(info.Deps)
+	}
+	if c.statsdClient == nil {
+		// configure statsd client
+		addr := c.dogstatsdAddr
+		if addr == "" {
+			// no config defined address; use defaults
+			addr = defaultDogstatsdAddr()
+		}
+		if agentport := c.agent.StatsdPort; agentport > 0 {
+			// the agent reported a non-standard port
+			host, _, err := net.SplitHostPort(addr)
+			if err == nil {
+				// we have a valid host:port address; replace the port because
+				// the agent knows better
+				if host == "" {
+					host = defaultHostname
+				}
+				addr = net.JoinHostPort(host, strconv.Itoa(agentport))
+			}
+			// not a valid TCP address, leave it as it is (could be a socket connection)
+		}
+		c.dogstatsdAddr = addr
+	}
+
+	return c
+}
+
+func newStatsdClient(c *config) (internal.StatsdClient, error) {
+	if c.statsdClient != nil {
+		return c.statsdClient, nil
+	}
+
+	client, err := statsd.New(c.dogstatsdAddr, statsd.WithMaxMessagesPerPayload(40), statsd.WithTags(statsTags(c)))
+	if err != nil {
+		return &statsd.NoOpClient{}, err
+	}
+	return client, nil
+}
+
+// defaultHTTPClient returns the default http.Client to start the tracer with.
+func defaultHTTPClient() *http.Client {
+	if _, err := os.Stat(defaultSocketAPM); err == nil {
+		// we have the UDS socket file, use it
+		return udsClient(defaultSocketAPM)
+	}
+	return defaultClient
+}
+
+// udsClient returns a new http.Client which connects using the given UDS socket path.
+func udsClient(socketPath string) *http.Client {
+	return &http.Client{
+		Transport: &http.Transport{
+			Proxy: http.ProxyFromEnvironment,
+			DialContext: func(ctx context.Context, network, address string) (net.Conn, error) {
+				return defaultDialer.DialContext(ctx, "unix", (&net.UnixAddr{
+					Name: socketPath,
+					Net:  "unix",
+				}).String())
+			},
+			MaxIdleConns:          100,
+			IdleConnTimeout:       90 * time.Second,
+			TLSHandshakeTimeout:   10 * time.Second,
+			ExpectContinueTimeout: 1 * time.Second,
+		},
+		Timeout: defaultHTTPTimeout,
+	}
+}
+
+// defaultDogstatsdAddr returns the default connection address for Dogstatsd.
+func defaultDogstatsdAddr() string {
+	envHost, envPort := os.Getenv("DD_AGENT_HOST"), os.Getenv("DD_DOGSTATSD_PORT")
+	if _, err := os.Stat(defaultSocketDSD); err == nil && envHost == "" && envPort == "" {
+		// socket exists and user didn't specify otherwise via env vars
+		return "unix://" + defaultSocketDSD
+	}
+	host, port := defaultHostname, "8125"
+	if envHost != "" {
+		host = envHost
+	}
+	if envPort != "" {
+		port = envPort
+	}
+	return net.JoinHostPort(host, port)
+}
+
+type integrationConfig struct {
+	Instrumented bool   `json:"instrumented"`      // indicates if the user has imported and used the integration
+	Available    bool   `json:"available"`         // indicates if the user is using a library that can be used with DataDog integrations
+	Version      string `json:"available_version"` // if available, indicates the version of the library the user has
+}
+
+// agentFeatures holds information about the trace-agent's capabilities.
+// When running WithLambdaMode, a zero-value of this struct will be used
+// as features.
+type agentFeatures struct {
+	// DropP0s reports whether it's ok for the tracer to not send any
+	// P0 traces to the agent.
+	DropP0s bool
+
+	// Stats reports whether the agent can receive client-computed stats on
+	// the /v0.6/stats endpoint.
+	Stats bool
+
+	// DataStreams reports whether the agent can receive data streams stats on
+	// the /v0.1/pipeline_stats endpoint.
+	DataStreams bool
+
+	// StatsdPort specifies the Dogstatsd port as provided by the agent.
+	// If it's the default, it will be 0, which means 8125.
+	StatsdPort int
+
+	// featureFlags specifies all the feature flags reported by the trace-agent.
+	featureFlags map[string]struct{}
+}
+
+// HasFlag reports whether the agent has set the feat feature flag.
+func (a *agentFeatures) HasFlag(feat string) bool {
+	_, ok := a.featureFlags[feat]
+	return ok
+}
+
+// loadAgentFeatures queries the trace-agent for its capabilities and updates
+// the tracer's behaviour.
+func loadAgentFeatures(logToStdout bool, agentURL *url.URL, httpClient *http.Client) (features agentFeatures) {
+	if logToStdout {
+		// there is no agent; all features off
+		return
+	}
+	resp, err := httpClient.Get(fmt.Sprintf("%s/info", agentURL))
+	if err != nil {
+		log.Error("Loading features: %v", err)
+		return
+	}
+	if resp.StatusCode == http.StatusNotFound {
+		// agent is older than 7.28.0, features not discoverable
+		return
+	}
+	defer resp.Body.Close()
+	type infoResponse struct {
+		Endpoints     []string `json:"endpoints"`
+		ClientDropP0s bool     `json:"client_drop_p0s"`
+		StatsdPort    int      `json:"statsd_port"`
+		FeatureFlags  []string `json:"feature_flags"`
+	}
+	var info infoResponse
+	if err := json.NewDecoder(resp.Body).Decode(&info); err != nil {
+		log.Error("Decoding features: %v", err)
+		return
+	}
+	features.DropP0s = info.ClientDropP0s
+	features.StatsdPort = info.StatsdPort
+	for _, endpoint := range info.Endpoints {
+		switch endpoint {
+		case "/v0.6/stats":
+			features.Stats = true
+		case "/v0.1/pipeline_stats":
+			features.DataStreams = true
+		}
+	}
+	features.featureFlags = make(map[string]struct{}, len(info.FeatureFlags))
+	for _, flag := range info.FeatureFlags {
+		features.featureFlags[flag] = struct{}{}
+	}
+	return features
+}
+
+// MarkIntegrationImported labels the given integration as imported
+func MarkIntegrationImported(integration string) bool {
+	s, ok := contribIntegrations[integration]
+	if !ok {
+		return false
+	}
+	s.imported = true
+	contribIntegrations[integration] = s
+	return true
+}
+
+func (c *config) loadContribIntegrations(deps []*debug.Module) {
+	integrations := map[string]integrationConfig{}
+	for _, s := range contribIntegrations {
+		integrations[s.name] = integrationConfig{
+			Instrumented: s.imported,
+		}
+	}
+	for _, d := range deps {
+		p := d.Path
+		// special use case, since gRPC does not update version number
+		if p == "google.golang.org/grpc" {
+			re := regexp.MustCompile(`v(\d.\d)\d*`)
+			match := re.FindStringSubmatch(d.Version)
+			if match == nil {
+				log.Warn("Unable to parse version of GRPC %v", d.Version)
+				continue
+			}
+			ver, err := strconv.ParseFloat(match[1], 32)
+			if err != nil {
+				log.Warn("Unable to parse version of GRPC %v as a float", d.Version)
+				continue
+			}
+			if ver <= 1.2 {
+				p = p + "/v12"
+			}
+		}
+		s, ok := contribIntegrations[p]
+		if !ok {
+			continue
+		}
+		conf := integrations[s.name]
+		conf.Available = true
+		conf.Version = d.Version
+		integrations[s.name] = conf
+	}
+	c.integrations = integrations
+}
+
+func (c *config) canComputeStats() bool {
+	return c.agent.Stats && (c.HasFeature("discovery") || c.statsComputationEnabled)
+}
+
+func (c *config) canDropP0s() bool {
+	return c.canComputeStats() && c.agent.DropP0s
+}
+
+func statsTags(c *config) []string {
+	tags := []string{
+		"lang:go",
+		"version:" + version.Tag,
+		"lang_version:" + runtime.Version(),
+	}
+	if c.serviceName != "" {
+		tags = append(tags, "service:"+c.serviceName)
+	}
+	if c.env != "" {
+		tags = append(tags, "env:"+c.env)
+	}
+	if c.hostname != "" {
+		tags = append(tags, "host:"+c.hostname)
+	}
+	for k, v := range c.globalTags {
+		if vstr, ok := v.(string); ok {
+			tags = append(tags, k+":"+vstr)
+		}
+	}
+	return tags
+}
+
+// withNoopStats is used for testing to disable statsd client
+func withNoopStats() StartOption {
+	return func(c *config) {
+		c.statsdClient = &statsd.NoOpClient{}
+	}
+}
+
+// WithFeatureFlags specifies a set of feature flags to enable. Please take into account
+// that most, if not all features flags are considered to be experimental and result in
+// unexpected bugs.
+func WithFeatureFlags(feats ...string) StartOption {
+	return func(c *config) {
+		if c.featureFlags == nil {
+			c.featureFlags = make(map[string]struct{}, len(feats))
+		}
+		for _, f := range feats {
+			c.featureFlags[strings.TrimSpace(f)] = struct{}{}
+		}
+		log.Info("FEATURES enabled: %v", feats)
+	}
+}
+
+// WithLogger sets logger as the tracer's error printer.
+func WithLogger(logger ddtrace.Logger) StartOption {
+	return func(c *config) {
+		c.logger = logger
+	}
+}
+
+// WithPrioritySampling is deprecated, and priority sampling is enabled by default.
+// When using distributed tracing, the priority sampling value is propagated in order to
+// get all the parts of a distributed trace sampled.
+// To learn more about priority sampling, please visit:
+// https://docs.datadoghq.com/tracing/getting_further/trace_sampling_and_storage/#priority-sampling-for-distributed-tracing
+func WithPrioritySampling() StartOption {
+	return func(c *config) {
+		// This is now enabled by default.
+	}
+}
+
+// WithDebugStack can be used to globally enable or disable the collection of stack traces when
+// spans finish with errors. It is enabled by default. This is a global version of the NoDebugStack
+// FinishOption.
+func WithDebugStack(enabled bool) StartOption {
+	return func(c *config) {
+		c.noDebugStack = !enabled
+	}
+}
+
+// WithDebugMode enables debug mode on the tracer, resulting in more verbose logging.
+func WithDebugMode(enabled bool) StartOption {
+	return func(c *config) {
+		c.debug = enabled
+	}
+}
+
+// WithLambdaMode enables lambda mode on the tracer, for use with AWS Lambda.
+// This option is only required if the the Datadog Lambda Extension is not
+// running.
+func WithLambdaMode(enabled bool) StartOption {
+	return func(c *config) {
+		c.logToStdout = enabled
+	}
+}
+
+// WithSendRetries enables re-sending payloads that are not successfully
+// submitted to the agent.  This will cause the tracer to retry the send at
+// most `retries` times.
+func WithSendRetries(retries int) StartOption {
+	return func(c *config) {
+		c.sendRetries = retries
+	}
+}
+
+// WithPropagator sets an alternative propagator to be used by the tracer.
+func WithPropagator(p Propagator) StartOption {
+	return func(c *config) {
+		c.propagator = p
+	}
+}
+
+// WithServiceName is deprecated. Please use WithService.
+// If you are using an older version and you are upgrading from WithServiceName
+// to WithService, please note that WithService will determine the service name of
+// server and framework integrations.
+func WithServiceName(name string) StartOption {
+	return func(c *config) {
+		c.serviceName = name
+		if globalconfig.ServiceName() != "" {
+			log.Warn("ddtrace/tracer: deprecated config WithServiceName should not be used " +
+				"with `WithService` or `DD_SERVICE`; integration service name will not be set.")
+		}
+		globalconfig.SetServiceName("")
+	}
+}
+
+// WithService sets the default service name for the program.
+func WithService(name string) StartOption {
+	return func(c *config) {
+		c.serviceName = name
+		globalconfig.SetServiceName(c.serviceName)
+	}
+}
+
+// WithGlobalServiceName causes contrib libraries to use the global service name and not any locally defined service name.
+// This is synonymous with `DD_TRACE_REMOVE_INTEGRATION_SERVICE_NAMES_ENABLED`.
+func WithGlobalServiceName(enabled bool) StartOption {
+	return func(_ *config) {
+		namingschema.SetUseGlobalServiceName(enabled)
+	}
+}
+
+// WithAgentAddr sets the address where the agent is located. The default is
+// localhost:8126. It should contain both host and port.
+func WithAgentAddr(addr string) StartOption {
+	return func(c *config) {
+		c.agentURL = &url.URL{
+			Scheme: "http",
+			Host:   addr,
+		}
+	}
+}
+
+// WithEnv sets the environment to which all traces started by the tracer will be submitted.
+// The default value is the environment variable DD_ENV, if it is set.
+func WithEnv(env string) StartOption {
+	return func(c *config) {
+		c.env = env
+	}
+}
+
+// WithServiceMapping determines service "from" to be renamed to service "to".
+// This option is is case sensitive and can be used multiple times.
+func WithServiceMapping(from, to string) StartOption {
+	return func(c *config) {
+		if c.serviceMappings == nil {
+			c.serviceMappings = make(map[string]string)
+		}
+		c.serviceMappings[from] = to
+	}
+}
+
+// WithPeerServiceDefaults sets default calculation for peer.service.
+func WithPeerServiceDefaults(enabled bool) StartOption {
+	// TODO: add link to public docs
+	return func(c *config) {
+		c.peerServiceDefaultsEnabled = enabled
+	}
+}
+
+// WithPeerServiceMapping determines the value of the peer.service tag "from" to be renamed to service "to".
+func WithPeerServiceMapping(from, to string) StartOption {
+	return func(c *config) {
+		if c.peerServiceMappings == nil {
+			c.peerServiceMappings = make(map[string]string)
+		}
+		c.peerServiceMappings[from] = to
+	}
+}
+
+// WithGlobalTag sets a key/value pair which will be set as a tag on all spans
+// created by tracer. This option may be used multiple times.
+func WithGlobalTag(k string, v interface{}) StartOption {
+	return func(c *config) {
+		if c.globalTags == nil {
+			c.globalTags = make(map[string]interface{})
+		}
+		c.globalTags[k] = v
+	}
+}
+
+// WithSampler sets the given sampler to be used with the tracer. By default
+// an all-permissive sampler is used.
+func WithSampler(s Sampler) StartOption {
+	return func(c *config) {
+		c.sampler = s
+	}
+}
+
+// WithHTTPRoundTripper is deprecated. Please consider using WithHTTPClient instead.
+// The function allows customizing the underlying HTTP transport for emitting spans.
+func WithHTTPRoundTripper(r http.RoundTripper) StartOption {
+	return WithHTTPClient(&http.Client{
+		Transport: r,
+		Timeout:   defaultHTTPTimeout,
+	})
+}
+
+// WithHTTPClient specifies the HTTP client to use when emitting spans to the agent.
+func WithHTTPClient(client *http.Client) StartOption {
+	return func(c *config) {
+		c.httpClient = client
+	}
+}
+
+// WithUDS configures the HTTP client to dial the Datadog Agent via the specified Unix Domain Socket path.
+func WithUDS(socketPath string) StartOption {
+	return func(c *config) {
+		c.agentURL = &url.URL{
+			Scheme: "unix",
+			Path:   socketPath,
+		}
+	}
+}
+
+// WithAnalytics allows specifying whether Trace Search & Analytics should be enabled
+// for integrations.
+func WithAnalytics(on bool) StartOption {
+	return func(cfg *config) {
+		if on {
+			globalconfig.SetAnalyticsRate(1.0)
+		} else {
+			globalconfig.SetAnalyticsRate(math.NaN())
+		}
+	}
+}
+
+// WithAnalyticsRate sets the global sampling rate for sampling APM events.
+func WithAnalyticsRate(rate float64) StartOption {
+	return func(_ *config) {
+		if rate >= 0.0 && rate <= 1.0 {
+			globalconfig.SetAnalyticsRate(rate)
+		} else {
+			globalconfig.SetAnalyticsRate(math.NaN())
+		}
+	}
+}
+
+// WithRuntimeMetrics enables automatic collection of runtime metrics every 10 seconds.
+func WithRuntimeMetrics() StartOption {
+	return func(cfg *config) {
+		cfg.runtimeMetrics = true
+	}
+}
+
+// WithDogstatsdAddress specifies the address to connect to for sending metrics to the Datadog
+// Agent. It should be a "host:port" string, or the path to a unix domain socket.If not set, it
+// attempts to determine the address of the statsd service according to the following rules:
+//  1. Look for /var/run/datadog/dsd.socket and use it if present. IF NOT, continue to #2.
+//  2. The host is determined by DD_AGENT_HOST, and defaults to "localhost"
+//  3. The port is retrieved from the agent. If not present, it is determined by DD_DOGSTATSD_PORT, and defaults to 8125
+//
+// This option is in effect when WithRuntimeMetrics is enabled.
+func WithDogstatsdAddress(addr string) StartOption {
+	return func(cfg *config) {
+		cfg.dogstatsdAddr = addr
+	}
+}
+
+// WithSamplingRules specifies the sampling rates to apply to spans based on the
+// provided rules.
+func WithSamplingRules(rules []SamplingRule) StartOption {
+	return func(cfg *config) {
+		for _, rule := range rules {
+			if rule.ruleType == SamplingRuleSpan {
+				cfg.spanRules = append(cfg.spanRules, rule)
+			} else {
+				cfg.traceRules = append(cfg.traceRules, rule)
+			}
+		}
+	}
+}
+
+// WithServiceVersion specifies the version of the service that is running. This will
+// be included in spans from this service in the "version" tag, provided that
+// span service name and config service name match. Do NOT use with WithUniversalVersion.
+func WithServiceVersion(version string) StartOption {
+	return func(cfg *config) {
+		cfg.version = version
+		cfg.universalVersion = false
+	}
+}
+
+// WithUniversalVersion specifies the version of the service that is running, and will be applied to all spans,
+// regardless of whether span service name and config service name match.
+// See: WithService, WithServiceVersion. Do NOT use with WithServiceVersion.
+func WithUniversalVersion(version string) StartOption {
+	return func(c *config) {
+		c.version = version
+		c.universalVersion = true
+	}
+}
+
+// WithHostname allows specifying the hostname with which to mark outgoing traces.
+func WithHostname(name string) StartOption {
+	return func(c *config) {
+		c.hostname = name
+	}
+}
+
+// WithTraceEnabled allows specifying whether tracing will be enabled
+func WithTraceEnabled(enabled bool) StartOption {
+	return func(c *config) {
+		c.enabled = enabled
+	}
+}
+
+// WithLogStartup allows enabling or disabling the startup log.
+func WithLogStartup(enabled bool) StartOption {
+	return func(c *config) {
+		c.logStartup = enabled
+	}
+}
+
+// WithProfilerCodeHotspots enables the code hotspots integration between the
+// tracer and profiler. This is done by automatically attaching pprof labels
+// called "span id" and "local root span id" when new spans are created. You
+// should not use these label names in your own code when this is enabled. The
+// enabled value defaults to the value of the
+// DD_PROFILING_CODE_HOTSPOTS_COLLECTION_ENABLED env variable or true.
+func WithProfilerCodeHotspots(enabled bool) StartOption {
+	return func(c *config) {
+		c.profilerHotspots = enabled
+	}
+}
+
+// WithProfilerEndpoints enables the endpoints integration between the tracer
+// and profiler. This is done by automatically attaching a pprof label called
+// "trace endpoint" holding the resource name of the top-level service span if
+// its type is "http", "rpc" or "" (default). You should not use this label
+// name in your own code when this is enabled. The enabled value defaults to
+// the value of the DD_PROFILING_ENDPOINT_COLLECTION_ENABLED env variable or
+// true.
+func WithProfilerEndpoints(enabled bool) StartOption {
+	return func(c *config) {
+		c.profilerEndpoints = enabled
+	}
+}
+
+// WithDebugSpansMode enables debugging old spans that may have been
+// abandoned, which may prevent traces from being set to the Datadog
+// Agent, especially if partial flushing is off.
+// This setting can also be configured by setting DD_TRACE_DEBUG_ABANDONED_SPANS
+// to true. The timeout will default to 10 minutes, unless overwritten
+// by DD_TRACE_ABANDONED_SPAN_TIMEOUT.
+// This feature is disabled by default. Turning on this debug mode may
+// be expensive, so it should only be enabled for debugging purposes.
+func WithDebugSpansMode(timeout time.Duration) StartOption {
+	return func(c *config) {
+		c.debugAbandonedSpans = true
+		c.spanTimeout = timeout
+	}
+}
+
+// WithPartialFlushing enables flushing of partially finished traces.
+// This is done after "numSpans" have finished in a single local trace at
+// which point all finished spans in that trace will be flushed, freeing up
+// any memory they were consuming. This can also be configured by setting
+// DD_TRACE_PARTIAL_FLUSH_ENABLED to true, which will default to 1000 spans
+// unless overriden with DD_TRACE_PARTIAL_FLUSH_MIN_SPANS. Partial flushing
+// is disabled by default.
+func WithPartialFlushing(numSpans int) StartOption {
+	return func(c *config) {
+		c.partialFlushEnabled = true
+		c.partialFlushMinSpans = numSpans
+	}
+}
+
+// WithStatsComputation enables client-side stats computation, allowing
+// the tracer to compute stats from traces. This can reduce network traffic
+// to the Datadog Agent, and produce more accurate stats data.
+// This can also be configured by setting DD_TRACE_STATS_COMPUTATION_ENABLED to true.
+// Client-side stats is off by default.
+func WithStatsComputation(enabled bool) StartOption {
+	return func(c *config) {
+		c.statsComputationEnabled = enabled
+	}
+}
+
+// WithOrchestrion configures Orchestrion's auto-instrumentation metadata.
+// This option is only intended to be used by Orchestrion https://github.com/DataDog/orchestrion
+func WithOrchestrion(metadata map[string]string) StartOption {
+	return func(c *config) {
+		c.orchestrionCfg.Enabled = true
+		c.orchestrionCfg.Metadata = metadata
+	}
+}
+
+// StartSpanOption is a configuration option for StartSpan. It is aliased in order
+// to help godoc group all the functions returning it together. It is considered
+// more correct to refer to it as the type as the origin, ddtrace.StartSpanOption.
+type StartSpanOption = ddtrace.StartSpanOption
+
+// Tag sets the given key/value pair as a tag on the started Span.
+func Tag(k string, v interface{}) StartSpanOption {
+	return func(cfg *ddtrace.StartSpanConfig) {
+		if cfg.Tags == nil {
+			cfg.Tags = map[string]interface{}{}
+		}
+		cfg.Tags[k] = v
+	}
+}
+
+// ServiceName sets the given service name on the started span. For example "http.server".
+func ServiceName(name string) StartSpanOption {
+	return Tag(ext.ServiceName, name)
+}
+
+// ResourceName sets the given resource name on the started span. A resource could
+// be an SQL query, a URL, an RPC method or something else.
+func ResourceName(name string) StartSpanOption {
+	return Tag(ext.ResourceName, name)
+}
+
+// SpanType sets the given span type on the started span. Some examples in the case of
+// the Datadog APM product could be "web", "db" or "cache".
+func SpanType(name string) StartSpanOption {
+	return Tag(ext.SpanType, name)
+}
+
+var measuredTag = Tag(keyMeasured, 1)
+
+// Measured marks this span to be measured for metrics and stats calculations.
+func Measured() StartSpanOption {
+	// cache a global instance of this tag: saves one alloc/call
+	return measuredTag
+}
+
+// WithSpanID sets the SpanID on the started span, instead of using a random number.
+// If there is no parent Span (eg from ChildOf), then the TraceID will also be set to the
+// value given here.
+func WithSpanID(id uint64) StartSpanOption {
+	return func(cfg *ddtrace.StartSpanConfig) {
+		cfg.SpanID = id
+	}
+}
+
+// ChildOf tells StartSpan to use the given span context as a parent for the
+// created span.
+func ChildOf(ctx ddtrace.SpanContext) StartSpanOption {
+	return func(cfg *ddtrace.StartSpanConfig) {
+		cfg.Parent = ctx
+	}
+}
+
+// withContext associates the ctx with the span.
+func withContext(ctx context.Context) StartSpanOption {
+	return func(cfg *ddtrace.StartSpanConfig) {
+		cfg.Context = ctx
+	}
+}
+
+// StartTime sets a custom time as the start time for the created span. By
+// default a span is started using the creation time.
+func StartTime(t time.Time) StartSpanOption {
+	return func(cfg *ddtrace.StartSpanConfig) {
+		cfg.StartTime = t
+	}
+}
+
+// AnalyticsRate sets a custom analytics rate for a span. It decides the percentage
+// of events that will be picked up by the App Analytics product. It's represents a
+// float64 between 0 and 1 where 0.5 would represent 50% of events.
+func AnalyticsRate(rate float64) StartSpanOption {
+	if math.IsNaN(rate) {
+		return func(cfg *ddtrace.StartSpanConfig) {}
+	}
+	return Tag(ext.EventSampleRate, rate)
+}
+
+// FinishOption is a configuration option for FinishSpan. It is aliased in order
+// to help godoc group all the functions returning it together. It is considered
+// more correct to refer to it as the type as the origin, ddtrace.FinishOption.
+type FinishOption = ddtrace.FinishOption
+
+// FinishTime sets the given time as the finishing time for the span. By default,
+// the current time is used.
+func FinishTime(t time.Time) FinishOption {
+	return func(cfg *ddtrace.FinishConfig) {
+		cfg.FinishTime = t
+	}
+}
+
+// WithError marks the span as having had an error. It uses the information from
+// err to set tags such as the error message, error type and stack trace. It has
+// no effect if the error is nil.
+func WithError(err error) FinishOption {
+	return func(cfg *ddtrace.FinishConfig) {
+		cfg.Error = err
+	}
+}
+
+// NoDebugStack prevents any error presented using the WithError finishing option
+// from generating a stack trace. This is useful in situations where errors are frequent
+// and performance is critical.
+func NoDebugStack() FinishOption {
+	return func(cfg *ddtrace.FinishConfig) {
+		cfg.NoDebugStack = true
+	}
+}
+
+// StackFrames limits the number of stack frames included into erroneous spans to n, starting from skip.
+func StackFrames(n, skip uint) FinishOption {
+	if n == 0 {
+		return NoDebugStack()
+	}
+	return func(cfg *ddtrace.FinishConfig) {
+		cfg.StackFrames = n
+		cfg.SkipStackFrames = skip
+	}
+}
+
+// WithHeaderTags enables the integration to attach HTTP request headers as span tags.
+// Warning:
+// Using this feature can risk exposing sensitive data such as authorization tokens to Datadog.
+// Special headers can not be sub-selected. E.g., an entire Cookie header would be transmitted, without the ability to choose specific Cookies.
+func WithHeaderTags(headerAsTags []string) StartOption {
+	return func(c *config) {
+		globalconfig.ClearHeaderTags()
+		for _, h := range headerAsTags {
+			if strings.HasPrefix(h, "x-datadog-") {
+				continue
+			}
+			header, tag := normalizer.HeaderTag(h)
+			globalconfig.SetHeaderTag(header, tag)
+		}
+	}
+}
+
+// UserMonitoringConfig is used to configure what is used to identify a user.
+// This configuration can be set by combining one or several UserMonitoringOption with a call to SetUser().
+type UserMonitoringConfig struct {
+	PropagateID bool
+	Email       string
+	Name        string
+	Role        string
+	SessionID   string
+	Scope       string
+	Metadata    map[string]string
+}
+
+// UserMonitoringOption represents a function that can be provided as a parameter to SetUser.
+type UserMonitoringOption func(*UserMonitoringConfig)
+
+// WithUserMetadata returns the option setting additional metadata of the authenticated user.
+// This can be used multiple times and the given data will be tracked as `usr.{key}=value`.
+func WithUserMetadata(key, value string) UserMonitoringOption {
+	return func(cfg *UserMonitoringConfig) {
+		cfg.Metadata[key] = value
+	}
+}
+
+// WithUserEmail returns the option setting the email of the authenticated user.
+func WithUserEmail(email string) UserMonitoringOption {
+	return func(cfg *UserMonitoringConfig) {
+		cfg.Email = email
+	}
+}
+
+// WithUserName returns the option setting the name of the authenticated user.
+func WithUserName(name string) UserMonitoringOption {
+	return func(cfg *UserMonitoringConfig) {
+		cfg.Name = name
+	}
+}
+
+// WithUserSessionID returns the option setting the session ID of the authenticated user.
+func WithUserSessionID(sessionID string) UserMonitoringOption {
+	return func(cfg *UserMonitoringConfig) {
+		cfg.SessionID = sessionID
+	}
+}
+
+// WithUserRole returns the option setting the role of the authenticated user.
+func WithUserRole(role string) UserMonitoringOption {
+	return func(cfg *UserMonitoringConfig) {
+		cfg.Role = role
+	}
+}
+
+// WithUserScope returns the option setting the scope (authorizations) of the authenticated user.
+func WithUserScope(scope string) UserMonitoringOption {
+	return func(cfg *UserMonitoringConfig) {
+		cfg.Scope = scope
+	}
+}
+
+// WithPropagation returns the option allowing the user id to be propagated through distributed traces.
+// The user id is base64 encoded and added to the datadog propagated tags header.
+// This option should only be used if you are certain that the user id passed to `SetUser()` does not contain any
+// personal identifiable information or any kind of sensitive data, as it will be leaked to other services.
+func WithPropagation() UserMonitoringOption {
+	return func(cfg *UserMonitoringConfig) {
+		cfg.PropagateID = true
+	}
+}
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/payload.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/payload.go
new file mode 100644
index 000000000..2d66ac54a
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/payload.go
@@ -0,0 +1,153 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016 Datadog, Inc.
+
+package tracer
+
+import (
+	"bytes"
+	"encoding/binary"
+	"io"
+	"sync/atomic"
+
+	"github.com/tinylib/msgp/msgp"
+)
+
+// payload is a wrapper on top of the msgpack encoder which allows constructing an
+// encoded array by pushing its entries sequentially, one at a time. It basically
+// allows us to encode as we would with a stream, except that the contents of the stream
+// can be read as a slice by the msgpack decoder at any time. It follows the guidelines
+// from the msgpack array spec:
+// https://github.com/msgpack/msgpack/blob/master/spec.md#array-format-family
+//
+// payload implements io.Reader and can be used with the decoder directly. To create
+// a new payload use the newPayload method.
+//
+// payload is not safe for concurrent use.
+//
+// payload is meant to be used only once and eventually dismissed with the
+// single exception of retrying failed flush attempts.
+//
+// ⚠️  Warning!
+//
+// The payload should not be reused for multiple sets of traces.  Resetting the
+// payload for re-use requires the transport to wait for the HTTP package to
+// Close the request body before attempting to re-use it again! This requires
+// additional logic to be in place. See:
+//
+// • https://github.com/golang/go/blob/go1.16/src/net/http/client.go#L136-L138
+// • https://github.com/DataDog/dd-trace-go/pull/475
+// • https://github.com/DataDog/dd-trace-go/pull/549
+// • https://github.com/DataDog/dd-trace-go/pull/976
+type payload struct {
+	// header specifies the first few bytes in the msgpack stream
+	// indicating the type of array (fixarray, array16 or array32)
+	// and the number of items contained in the stream.
+	header []byte
+
+	// off specifies the current read position on the header.
+	off int
+
+	// count specifies the number of items in the stream.
+	count uint32
+
+	// buf holds the sequence of msgpack-encoded items.
+	buf bytes.Buffer
+
+	// reader is used for reading the contents of buf.
+	reader *bytes.Reader
+}
+
+var _ io.Reader = (*payload)(nil)
+
+// newPayload returns a ready to use payload.
+func newPayload() *payload {
+	p := &payload{
+		header: make([]byte, 8),
+		off:    8,
+	}
+	return p
+}
+
+// push pushes a new item into the stream.
+func (p *payload) push(t spanList) error {
+	if err := msgp.Encode(&p.buf, t); err != nil {
+		return err
+	}
+	atomic.AddUint32(&p.count, 1)
+	p.updateHeader()
+	return nil
+}
+
+// itemCount returns the number of items available in the srteam.
+func (p *payload) itemCount() int {
+	return int(atomic.LoadUint32(&p.count))
+}
+
+// size returns the payload size in bytes. After the first read the value becomes
+// inaccurate by up to 8 bytes.
+func (p *payload) size() int {
+	return p.buf.Len() + len(p.header) - p.off
+}
+
+// reset sets up the payload to be read a second time. It maintains the
+// underlying byte contents of the buffer. reset should not be used in order to
+// reuse the payload for another set of traces.
+func (p *payload) reset() {
+	p.updateHeader()
+	if p.reader != nil {
+		p.reader.Seek(0, 0)
+	}
+}
+
+// clear empties the payload buffers.
+func (p *payload) clear() {
+	p.buf = bytes.Buffer{}
+	p.reader = nil
+}
+
+// https://github.com/msgpack/msgpack/blob/master/spec.md#array-format-family
+const (
+	msgpackArrayFix byte = 144  // up to 15 items
+	msgpackArray16       = 0xdc // up to 2^16-1 items, followed by size in 2 bytes
+	msgpackArray32       = 0xdd // up to 2^32-1 items, followed by size in 4 bytes
+)
+
+// updateHeader updates the payload header based on the number of items currently
+// present in the stream.
+func (p *payload) updateHeader() {
+	n := uint64(atomic.LoadUint32(&p.count))
+	switch {
+	case n <= 15:
+		p.header[7] = msgpackArrayFix + byte(n)
+		p.off = 7
+	case n <= 1<<16-1:
+		binary.BigEndian.PutUint64(p.header, n) // writes 2 bytes
+		p.header[5] = msgpackArray16
+		p.off = 5
+	default: // n <= 1<<32-1
+		binary.BigEndian.PutUint64(p.header, n) // writes 4 bytes
+		p.header[3] = msgpackArray32
+		p.off = 3
+	}
+}
+
+// Close implements io.Closer
+func (p *payload) Close() error {
+	return nil
+}
+
+// Read implements io.Reader. It reads from the msgpack-encoded stream.
+func (p *payload) Read(b []byte) (n int, err error) {
+	if p.off < len(p.header) {
+		// reading header
+		n = copy(b, p.header[p.off:])
+		p.off += n
+		return n, nil
+	}
+	if p.reader == nil {
+		p.reader = bytes.NewReader(p.buf.Bytes())
+	}
+	return p.reader.Read(b)
+}
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/propagating_tags.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/propagating_tags.go
new file mode 100644
index 000000000..0d5ddde1f
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/propagating_tags.go
@@ -0,0 +1,68 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016 Datadog, Inc.
+
+package tracer
+
+func (t *trace) hasPropagatingTag(k string) bool {
+	t.mu.RLock()
+	defer t.mu.RUnlock()
+	_, ok := t.propagatingTags[k]
+	return ok
+}
+
+func (t *trace) propagatingTag(k string) string {
+	t.mu.RLock()
+	defer t.mu.RUnlock()
+	return t.propagatingTags[k]
+}
+
+// setPropagatingTag sets the key/value pair as a trace propagating tag.
+func (t *trace) setPropagatingTag(key, value string) {
+	t.mu.Lock()
+	defer t.mu.Unlock()
+	t.setPropagatingTagLocked(key, value)
+}
+
+// setPropagatingTagLocked sets the key/value pair as a trace propagating tag.
+// Not safe for concurrent use, setPropagatingTag should be used instead in that case.
+func (t *trace) setPropagatingTagLocked(key, value string) {
+	if t.propagatingTags == nil {
+		t.propagatingTags = make(map[string]string, 1)
+	}
+	t.propagatingTags[key] = value
+}
+
+// unsetPropagatingTag deletes the key/value pair from the trace's propagated tags.
+func (t *trace) unsetPropagatingTag(key string) {
+	t.mu.Lock()
+	defer t.mu.Unlock()
+	delete(t.propagatingTags, key)
+}
+
+// iteratePropagatingTags allows safe iteration through the propagating tags of a trace.
+// the trace must not be modified during this call, as it is locked for reading.
+//
+// f should return whether or not the iteration should continue.
+func (t *trace) iteratePropagatingTags(f func(k, v string) bool) {
+	t.mu.RLock()
+	defer t.mu.RUnlock()
+	for k, v := range t.propagatingTags {
+		if !f(k, v) {
+			break
+		}
+	}
+}
+
+func (t *trace) replacePropagatingTags(tags map[string]string) {
+	t.mu.Lock()
+	defer t.mu.Unlock()
+	t.propagatingTags = tags
+}
+
+func (t *trace) propagatingTagsLen() int {
+	t.mu.RLock()
+	defer t.mu.RUnlock()
+	return len(t.propagatingTags)
+}
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/propagator.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/propagator.go
new file mode 100644
index 000000000..d2ace0d27
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/propagator.go
@@ -0,0 +1,57 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016 Datadog, Inc.
+
+package tracer
+
+import (
+	"errors"
+
+	"gopkg.in/DataDog/dd-trace-go.v1/ddtrace"
+)
+
+// Propagator implementations should be able to inject and extract
+// SpanContexts into an implementation specific carrier.
+type Propagator interface {
+	// Inject takes the SpanContext and injects it into the carrier.
+	Inject(context ddtrace.SpanContext, carrier interface{}) error
+
+	// Extract returns the SpanContext from the given carrier.
+	Extract(carrier interface{}) (ddtrace.SpanContext, error)
+}
+
+// TextMapWriter allows setting key/value pairs of strings on the underlying
+// data structure. Carriers implementing TextMapWriter are compatible to be
+// used with Datadog's TextMapPropagator.
+type TextMapWriter interface {
+	// Set sets the given key/value pair.
+	Set(key, val string)
+}
+
+// TextMapReader allows iterating over sets of key/value pairs. Carriers implementing
+// TextMapReader are compatible to be used with Datadog's TextMapPropagator.
+type TextMapReader interface {
+	// ForeachKey iterates over all keys that exist in the underlying
+	// carrier. It takes a callback function which will be called
+	// using all key/value pairs as arguments. ForeachKey will return
+	// the first error returned by the handler.
+	ForeachKey(handler func(key, val string) error) error
+}
+
+var (
+	// ErrInvalidCarrier is returned when the carrier provided to the propagator
+	// does not implement the correct interfaces.
+	ErrInvalidCarrier = errors.New("invalid carrier")
+
+	// ErrInvalidSpanContext is returned when the span context found in the
+	// carrier is not of the expected type.
+	ErrInvalidSpanContext = errors.New("invalid span context")
+
+	// ErrSpanContextCorrupted is returned when there was a problem parsing
+	// the information found in the carrier.
+	ErrSpanContextCorrupted = errors.New("span context corrupted")
+
+	// ErrSpanContextNotFound represents missing information in the given carrier.
+	ErrSpanContextNotFound = errors.New("span context not found")
+)
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/rand.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/rand.go
new file mode 100644
index 000000000..ecedc3ed1
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/rand.go
@@ -0,0 +1,56 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016 Datadog, Inc.
+
+package tracer
+
+import (
+	cryptorand "crypto/rand"
+	"math"
+	"math/big"
+	"math/rand"
+	"sync"
+	"time"
+
+	"gopkg.in/DataDog/dd-trace-go.v1/internal/log"
+)
+
+// random holds a thread-safe source of random numbers.
+var random *rand.Rand
+
+func init() {
+	var seed int64
+	n, err := cryptorand.Int(cryptorand.Reader, big.NewInt(math.MaxInt64))
+	if err == nil {
+		seed = n.Int64()
+	} else {
+		log.Warn("cannot generate random seed: %v; using current time", err)
+		seed = time.Now().UnixNano()
+	}
+	random = rand.New(&safeSource{
+		source: rand.NewSource(seed),
+	})
+}
+
+// safeSource holds a thread-safe implementation of rand.Source64.
+type safeSource struct {
+	source rand.Source
+	sync.Mutex
+}
+
+func (rs *safeSource) Int63() int64 {
+	rs.Lock()
+	n := rs.source.Int63()
+	rs.Unlock()
+
+	return n
+}
+
+func (rs *safeSource) Uint64() uint64 { return uint64(rs.Int63()) }
+
+func (rs *safeSource) Seed(seed int64) {
+	rs.Lock()
+	rs.source.Seed(seed)
+	rs.Unlock()
+}
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/rules_sampler.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/rules_sampler.go
new file mode 100644
index 000000000..cf5d200d9
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/rules_sampler.go
@@ -0,0 +1,593 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016 Datadog, Inc.
+
+package tracer
+
+import (
+	"encoding/json"
+	"fmt"
+	"math"
+	"os"
+	"regexp"
+	"strconv"
+	"strings"
+	"sync"
+	"time"
+
+	"gopkg.in/DataDog/dd-trace-go.v1/ddtrace/ext"
+	"gopkg.in/DataDog/dd-trace-go.v1/internal/log"
+	"gopkg.in/DataDog/dd-trace-go.v1/internal/samplernames"
+
+	"golang.org/x/time/rate"
+)
+
+// rulesSampler holds instances of trace sampler and single span sampler, that are configured with the given set of rules.
+type rulesSampler struct {
+	// traceRulesSampler samples trace spans based on a user-defined set of rules and might impact sampling decision of the trace.
+	traces *traceRulesSampler
+
+	// singleSpanRulesSampler samples individual spans based on a separate user-defined set of rules and
+	// cannot impact the trace sampling decision.
+	spans *singleSpanRulesSampler
+}
+
+// newRulesSampler configures a *rulesSampler instance using the given set of rules.
+// Rules are split between trace and single span sampling rules according to their type.
+// Such rules are user-defined through environment variable or WithSamplingRules option.
+// Invalid rules or environment variable values are tolerated, by logging warnings and then ignoring them.
+func newRulesSampler(traceRules, spanRules []SamplingRule) *rulesSampler {
+	return &rulesSampler{
+		traces: newTraceRulesSampler(traceRules),
+		spans:  newSingleSpanRulesSampler(spanRules),
+	}
+}
+
+func (r *rulesSampler) SampleTrace(s *span) bool { return r.traces.apply(s) }
+
+func (r *rulesSampler) SampleSpan(s *span) bool { return r.spans.apply(s) }
+
+func (r *rulesSampler) HasSpanRules() bool { return r.spans.enabled() }
+
+func (r *rulesSampler) TraceRateLimit() (float64, bool) { return r.traces.limit() }
+
+// SamplingRule is used for applying sampling rates to spans that match
+// the service name, operation name or both.
+// For basic usage, consider using the helper functions ServiceRule, NameRule, etc.
+type SamplingRule struct {
+	// Service specifies the regex pattern that a span service name must match.
+	Service *regexp.Regexp
+
+	// Name specifies the regex pattern that a span operation name must match.
+	Name *regexp.Regexp
+
+	// Rate specifies the sampling rate that should be applied to spans that match
+	// service and/or name of the rule.
+	Rate float64
+
+	// MaxPerSecond specifies max number of spans per second that can be sampled per the rule.
+	// If not specified, the default is no limit.
+	MaxPerSecond float64
+
+	ruleType     SamplingRuleType
+	exactService string
+	exactName    string
+	limiter      *rateLimiter
+}
+
+// match returns true when the span's details match all the expected values in the rule.
+func (sr *SamplingRule) match(s *span) bool {
+	if sr.Service != nil && !sr.Service.MatchString(s.Service) {
+		return false
+	} else if sr.exactService != "" && sr.exactService != s.Service {
+		return false
+	}
+	if sr.Name != nil && !sr.Name.MatchString(s.Name) {
+		return false
+	} else if sr.exactName != "" && sr.exactName != s.Name {
+		return false
+	}
+	return true
+}
+
+// SamplingRuleType represents a type of sampling rule spans are matched against.
+type SamplingRuleType int
+
+const (
+	// SamplingRuleTrace specifies a sampling rule that applies to the entire trace if any spans satisfy the criteria.
+	// If a sampling rule is of type SamplingRuleTrace, such rule determines the sampling rate to apply
+	// to trace spans. If a span matches that rule, it will impact the trace sampling decision.
+	SamplingRuleTrace = iota
+
+	// SamplingRuleSpan specifies a sampling rule that applies to a single span without affecting the entire trace.
+	// If a sampling rule is of type SamplingRuleSingleSpan, such rule determines the sampling rate to apply
+	// to individual spans. If a span matches a rule, it will NOT impact the trace sampling decision.
+	// In the case that a trace is dropped and thus not sent to the Agent, spans kept on account
+	// of matching SamplingRuleSingleSpan rules must be conveyed separately.
+	SamplingRuleSpan
+)
+
+func (sr SamplingRuleType) String() string {
+	switch sr {
+	case SamplingRuleTrace:
+		return "trace"
+	case SamplingRuleSpan:
+		return "span"
+	default:
+		return ""
+	}
+}
+
+// ServiceRule returns a SamplingRule that applies the provided sampling rate
+// to spans that match the service name provided.
+func ServiceRule(service string, rate float64) SamplingRule {
+	return SamplingRule{
+		exactService: service,
+		Rate:         rate,
+	}
+}
+
+// NameRule returns a SamplingRule that applies the provided sampling rate
+// to spans that match the operation name provided.
+func NameRule(name string, rate float64) SamplingRule {
+	return SamplingRule{
+		exactName: name,
+		Rate:      rate,
+	}
+}
+
+// NameServiceRule returns a SamplingRule that applies the provided sampling rate
+// to spans matching both the operation and service names provided.
+func NameServiceRule(name string, service string, rate float64) SamplingRule {
+	return SamplingRule{
+		exactService: service,
+		exactName:    name,
+		Rate:         rate,
+	}
+}
+
+// RateRule returns a SamplingRule that applies the provided sampling rate to all spans.
+func RateRule(rate float64) SamplingRule {
+	return SamplingRule{
+		Rate: rate,
+	}
+}
+
+// SpanNameServiceRule returns a SamplingRule of type SamplingRuleSpan that applies
+// the provided sampling rate to all spans matching the operation and service name glob patterns provided.
+// Operation and service fields must be valid glob patterns.
+func SpanNameServiceRule(name, service string, rate float64) SamplingRule {
+	return SamplingRule{
+		Service:   globMatch(service),
+		Name:      globMatch(name),
+		Rate:      rate,
+		ruleType:  SamplingRuleSpan,
+		exactName: name,
+		limiter:   newSingleSpanRateLimiter(0),
+	}
+}
+
+// SpanNameServiceMPSRule returns a SamplingRule of type SamplingRuleSpan that applies
+// the provided sampling rate to all spans matching the operation and service name glob patterns
+// up to the max number of spans per second that can be sampled.
+// Operation and service fields must be valid glob patterns.
+func SpanNameServiceMPSRule(name, service string, rate, limit float64) SamplingRule {
+	return SamplingRule{
+		Service:      globMatch(service),
+		Name:         globMatch(name),
+		MaxPerSecond: limit,
+		Rate:         rate,
+		ruleType:     SamplingRuleSpan,
+		exactName:    name,
+		limiter:      newSingleSpanRateLimiter(limit),
+	}
+}
+
+// traceRulesSampler allows a user-defined list of rules to apply to traces.
+// These rules can match based on the span's Service, Name or both.
+// When making a sampling decision, the rules are checked in order until
+// a match is found.
+// If a match is found, the rate from that rule is used.
+// If no match is found, and the DD_TRACE_SAMPLE_RATE environment variable
+// was set to a valid rate, that value is used.
+// Otherwise, the rules sampler didn't apply to the span, and the decision
+// is passed to the priority sampler.
+//
+// The rate is used to determine if the span should be sampled, but an upper
+// limit can be defined using the DD_TRACE_RATE_LIMIT environment variable.
+// Its value is the number of spans to sample per second.
+// Spans that matched the rules but exceeded the rate limit are not sampled.
+type traceRulesSampler struct {
+	rules      []SamplingRule // the rules to match spans with
+	globalRate float64        // a rate to apply when no rules match a span
+	limiter    *rateLimiter   // used to limit the volume of spans sampled
+}
+
+// newTraceRulesSampler configures a *traceRulesSampler instance using the given set of rules.
+// Invalid rules or environment variable values are tolerated, by logging warnings and then ignoring them.
+func newTraceRulesSampler(rules []SamplingRule) *traceRulesSampler {
+	return &traceRulesSampler{
+		rules:      rules,
+		globalRate: globalSampleRate(),
+		limiter:    newRateLimiter(),
+	}
+}
+
+// globalSampleRate returns the sampling rate found in the DD_TRACE_SAMPLE_RATE environment variable.
+// If it is invalid or not within the 0-1 range, NaN is returned.
+func globalSampleRate() float64 {
+	defaultRate := math.NaN()
+	v := os.Getenv("DD_TRACE_SAMPLE_RATE")
+	if v == "" {
+		return defaultRate
+	}
+	r, err := strconv.ParseFloat(v, 64)
+	if err != nil {
+		log.Warn("ignoring DD_TRACE_SAMPLE_RATE: error: %v", err)
+		return defaultRate
+	}
+	if r >= 0.0 && r <= 1.0 {
+		return r
+	}
+	log.Warn("ignoring DD_TRACE_SAMPLE_RATE: out of range %f", r)
+	return defaultRate
+}
+
+func (rs *traceRulesSampler) enabled() bool {
+	return len(rs.rules) > 0 || !math.IsNaN(rs.globalRate)
+}
+
+// apply uses the sampling rules to determine the sampling rate for the
+// provided span. If the rules don't match, and a default rate hasn't been
+// set using DD_TRACE_SAMPLE_RATE, then it returns false and the span is not
+// modified.
+func (rs *traceRulesSampler) apply(span *span) bool {
+	if !rs.enabled() {
+		// short path when disabled
+		return false
+	}
+
+	var matched bool
+	rate := rs.globalRate
+	for _, rule := range rs.rules {
+		if rule.match(span) {
+			matched = true
+			rate = rule.Rate
+			break
+		}
+	}
+	if !matched && math.IsNaN(rate) {
+		// no matching rule or global rate, so we want to fall back
+		// to priority sampling
+		return false
+	}
+
+	rs.applyRule(span, rate, time.Now())
+	return true
+}
+
+func (rs *traceRulesSampler) applyRule(span *span, rate float64, now time.Time) {
+	span.SetTag(keyRulesSamplerAppliedRate, rate)
+	if !sampledByRate(span.TraceID, rate) {
+		span.setSamplingPriority(ext.PriorityUserReject, samplernames.RuleRate)
+		return
+	}
+
+	sampled, rate := rs.limiter.allowOne(now)
+	if sampled {
+		span.setSamplingPriority(ext.PriorityUserKeep, samplernames.RuleRate)
+	} else {
+		span.setSamplingPriority(ext.PriorityUserReject, samplernames.RuleRate)
+	}
+	span.SetTag(keyRulesSamplerLimiterRate, rate)
+}
+
+// limit returns the rate limit set in the rules sampler, controlled by DD_TRACE_RATE_LIMIT, and
+// true if rules sampling is enabled. If not present it returns math.NaN() and false.
+func (rs *traceRulesSampler) limit() (float64, bool) {
+	if rs.enabled() {
+		return float64(rs.limiter.limiter.Limit()), true
+	}
+	return math.NaN(), false
+}
+
+// defaultRateLimit specifies the default trace rate limit used when DD_TRACE_RATE_LIMIT is not set.
+const defaultRateLimit = 100.0
+
+// newRateLimiter returns a rate limiter which restricts the number of traces sampled per second.
+// The limit is DD_TRACE_RATE_LIMIT if set, `defaultRateLimit` otherwise.
+func newRateLimiter() *rateLimiter {
+	limit := defaultRateLimit
+	v := os.Getenv("DD_TRACE_RATE_LIMIT")
+	if v != "" {
+		l, err := strconv.ParseFloat(v, 64)
+		if err != nil {
+			log.Warn("DD_TRACE_RATE_LIMIT invalid, using default value %f: %v", limit, err)
+		} else if l < 0.0 {
+			log.Warn("DD_TRACE_RATE_LIMIT negative, using default value %f", limit)
+		} else {
+			// override the default limit
+			limit = l
+		}
+	}
+	return &rateLimiter{
+		limiter:  rate.NewLimiter(rate.Limit(limit), int(math.Ceil(limit))),
+		prevTime: time.Now(),
+	}
+}
+
+// singleSpanRulesSampler allows a user-defined list of rules to apply to spans
+// to sample single spans.
+// These rules match based on the span's Service and Name. If empty value is supplied
+// to either Service or Name field, it will default to "*", allow all.
+// When making a sampling decision, the rules are checked in order until
+// a match is found.
+// If a match is found, the rate from that rule is used.
+// If no match is found, no changes or further sampling is applied to the spans.
+// The rate is used to determine if the span should be sampled, but an upper
+// limit can be defined using the max_per_second field when supplying the rule.
+// If max_per_second is absent in the rule, the default is allow all.
+// Its value is the max number of spans to sample per second.
+// Spans that matched the rules but exceeded the rate limit are not sampled.
+type singleSpanRulesSampler struct {
+	rules []SamplingRule // the rules to match spans with
+}
+
+// newSingleSpanRulesSampler configures a *singleSpanRulesSampler instance using the given set of rules.
+// Invalid rules or environment variable values are tolerated, by logging warnings and then ignoring them.
+func newSingleSpanRulesSampler(rules []SamplingRule) *singleSpanRulesSampler {
+	return &singleSpanRulesSampler{
+		rules: rules,
+	}
+}
+
+func (rs *singleSpanRulesSampler) enabled() bool {
+	return len(rs.rules) > 0
+}
+
+// apply uses the sampling rules to determine the sampling rate for the
+// provided span. If the rules don't match, then it returns false and the span is not
+// modified.
+func (rs *singleSpanRulesSampler) apply(span *span) bool {
+	for _, rule := range rs.rules {
+		if rule.match(span) {
+			rate := rule.Rate
+			span.setMetric(keyRulesSamplerAppliedRate, rate)
+			if !sampledByRate(span.SpanID, rate) {
+				return false
+			}
+			var sampled bool
+			if rule.limiter != nil {
+				sampled, rate = rule.limiter.allowOne(nowTime())
+				if !sampled {
+					return false
+				}
+			}
+			span.setMetric(keySpanSamplingMechanism, float64(samplernames.SingleSpan))
+			span.setMetric(keySingleSpanSamplingRuleRate, rate)
+			if rule.MaxPerSecond != 0 {
+				span.setMetric(keySingleSpanSamplingMPS, rule.MaxPerSecond)
+			}
+			return true
+		}
+	}
+	return false
+}
+
+// rateLimiter is a wrapper on top of golang.org/x/time/rate which implements a rate limiter but also
+// returns the effective rate of allowance.
+type rateLimiter struct {
+	limiter *rate.Limiter
+
+	mu          sync.Mutex // guards below fields
+	prevTime    time.Time  // time at which prevAllowed and prevSeen were set
+	allowed     float64    // number of spans allowed in the current period
+	seen        float64    // number of spans seen in the current period
+	prevAllowed float64    // number of spans allowed in the previous period
+	prevSeen    float64    // number of spans seen in the previous period
+}
+
+// allowOne returns the rate limiter's decision to allow the span to be sampled, and the
+// effective rate at the time it is called. The effective rate is computed by averaging the rate
+// for the previous second with the current rate
+func (r *rateLimiter) allowOne(now time.Time) (bool, float64) {
+	r.mu.Lock()
+	defer r.mu.Unlock()
+	if d := now.Sub(r.prevTime); d >= time.Second {
+		// enough time has passed to reset the counters
+		if d.Truncate(time.Second) == time.Second && r.seen > 0 {
+			// exactly one second, so update prev
+			r.prevAllowed = r.allowed
+			r.prevSeen = r.seen
+		} else {
+			// more than one second, so reset previous rate
+			r.prevAllowed = 0
+			r.prevSeen = 0
+		}
+		r.prevTime = now
+		r.allowed = 0
+		r.seen = 0
+	}
+
+	r.seen++
+	var sampled bool
+	if r.limiter.AllowN(now, 1) {
+		r.allowed++
+		sampled = true
+	}
+	er := (r.prevAllowed + r.allowed) / (r.prevSeen + r.seen)
+	return sampled, er
+}
+
+// newSingleSpanRateLimiter returns a rate limiter which restricts the number of single spans sampled per second.
+// This defaults to infinite, allow all behaviour. The MaxPerSecond value of the rule may override the default.
+func newSingleSpanRateLimiter(mps float64) *rateLimiter {
+	limit := math.MaxFloat64
+	if mps > 0 {
+		limit = mps
+	}
+	return &rateLimiter{
+		limiter:  rate.NewLimiter(rate.Limit(limit), int(math.Ceil(limit))),
+		prevTime: time.Now(),
+	}
+}
+
+// globMatch compiles pattern string into glob format, i.e. regular expressions with only '?'
+// and '*' treated as regex metacharacters.
+func globMatch(pattern string) *regexp.Regexp {
+	if pattern == "" {
+		return regexp.MustCompile("^.*$")
+	}
+	// escaping regex characters
+	pattern = regexp.QuoteMeta(pattern)
+	// replacing '?' and '*' with regex characters
+	pattern = strings.Replace(pattern, "\\?", ".", -1)
+	pattern = strings.Replace(pattern, "\\*", ".*", -1)
+	// pattern must match an entire string
+	return regexp.MustCompile(fmt.Sprintf("^%s$", pattern))
+}
+
+// samplingRulesFromEnv parses sampling rules from the DD_TRACE_SAMPLING_RULES,
+// DD_SPAN_SAMPLING_RULES and DD_SPAN_SAMPLING_RULES_FILE environment variables.
+func samplingRulesFromEnv() (trace, span []SamplingRule, err error) {
+	var errs []string
+	defer func() {
+		if len(errs) != 0 {
+			err = fmt.Errorf("\n\t%s", strings.Join(errs, "\n\t"))
+		}
+	}()
+	rulesFromEnv := os.Getenv("DD_TRACE_SAMPLING_RULES")
+	if rulesFromEnv != "" {
+		trace, err = unmarshalSamplingRules([]byte(rulesFromEnv), SamplingRuleTrace)
+		if err != nil {
+			errs = append(errs, err.Error())
+		}
+	}
+	span, err = unmarshalSamplingRules([]byte(os.Getenv("DD_SPAN_SAMPLING_RULES")), SamplingRuleSpan)
+	if err != nil {
+		errs = append(errs, err.Error())
+	}
+	rulesFile := os.Getenv("DD_SPAN_SAMPLING_RULES_FILE")
+	if len(span) != 0 {
+		if rulesFile != "" {
+			log.Warn("DIAGNOSTICS Error(s): DD_SPAN_SAMPLING_RULES is available and will take precedence over DD_SPAN_SAMPLING_RULES_FILE")
+		}
+		return trace, span, err
+	}
+	if rulesFile != "" {
+		rulesFromEnvFile, err := os.ReadFile(rulesFile)
+		if err != nil {
+			errs = append(errs, fmt.Sprintf("Couldn't read file from DD_SPAN_SAMPLING_RULES_FILE: %v", err))
+		}
+		span, err = unmarshalSamplingRules(rulesFromEnvFile, SamplingRuleSpan)
+		if err != nil {
+			errs = append(errs, err.Error())
+		}
+	}
+	return trace, span, err
+}
+
+// unmarshalSamplingRules unmarshals JSON from b and returns the sampling rules found, attributing
+// the type t to them. If any errors are occurred, they are returned.
+func unmarshalSamplingRules(b []byte, spanType SamplingRuleType) ([]SamplingRule, error) {
+	if len(b) == 0 {
+		return nil, nil
+	}
+	var jsonRules []struct {
+		Service      string      `json:"service"`
+		Name         string      `json:"name"`
+		Rate         json.Number `json:"sample_rate"`
+		MaxPerSecond float64     `json:"max_per_second"`
+	}
+	err := json.Unmarshal(b, &jsonRules)
+	if err != nil {
+		return nil, fmt.Errorf("error unmarshalling JSON: %v", err)
+	}
+	rules := make([]SamplingRule, 0, len(jsonRules))
+	var errs []string
+	for i, v := range jsonRules {
+		if v.Rate == "" {
+			if spanType == SamplingRuleSpan {
+				v.Rate = "1"
+			} else {
+				errs = append(errs, fmt.Sprintf("at index %d: rate not provided", i))
+				continue
+			}
+		}
+		rate, err := v.Rate.Float64()
+		if err != nil {
+			errs = append(errs, fmt.Sprintf("at index %d: %v", i, err))
+			continue
+		}
+		if rate < 0.0 || rate > 1.0 {
+			errs = append(errs, fmt.Sprintf("at index %d: ignoring rule %+v: rate is out of [0.0, 1.0] range", i, v))
+			continue
+		}
+		switch spanType {
+		case SamplingRuleSpan:
+			rules = append(rules, SamplingRule{
+				Service:      globMatch(v.Service),
+				Name:         globMatch(v.Name),
+				Rate:         rate,
+				MaxPerSecond: v.MaxPerSecond,
+				limiter:      newSingleSpanRateLimiter(v.MaxPerSecond),
+				ruleType:     SamplingRuleSpan,
+			})
+		case SamplingRuleTrace:
+			if v.Rate == "" {
+				errs = append(errs, fmt.Sprintf("at index %d: rate not provided", i))
+				continue
+			}
+			rate, err := v.Rate.Float64()
+			if err != nil {
+				errs = append(errs, fmt.Sprintf("at index %d: %v", i, err))
+				continue
+			}
+			if rate < 0.0 || rate > 1.0 {
+				errs = append(errs, fmt.Sprintf("at index %d: ignoring rule %+v: rate is out of [0.0, 1.0] range", i, v))
+				continue
+			}
+
+			switch {
+			case v.Service != "" && v.Name != "":
+				rules = append(rules, NameServiceRule(v.Name, v.Service, rate))
+			case v.Service != "":
+				rules = append(rules, ServiceRule(v.Service, rate))
+			case v.Name != "":
+				rules = append(rules, NameRule(v.Name, rate))
+			}
+		}
+	}
+	if len(errs) != 0 {
+		return rules, fmt.Errorf("%s", strings.Join(errs, "\n\t"))
+	}
+	return rules, nil
+}
+
+// MarshalJSON implements the json.Marshaler interface.
+func (sr *SamplingRule) MarshalJSON() ([]byte, error) {
+	s := struct {
+		Service      string   `json:"service"`
+		Name         string   `json:"name"`
+		Rate         float64  `json:"sample_rate"`
+		Type         string   `json:"type"`
+		MaxPerSecond *float64 `json:"max_per_second,omitempty"`
+	}{}
+	if sr.exactService != "" {
+		s.Service = sr.exactService
+	} else if sr.Service != nil {
+		s.Service = fmt.Sprintf("%s", sr.Service)
+	}
+	if sr.exactName != "" {
+		s.Name = sr.exactName
+	} else if sr.Name != nil {
+		s.Name = fmt.Sprintf("%s", sr.Name)
+	}
+	s.Rate = sr.Rate
+	s.Type = fmt.Sprintf("%v(%d)", sr.ruleType.String(), sr.ruleType)
+	if sr.MaxPerSecond != 0 {
+		s.MaxPerSecond = &sr.MaxPerSecond
+	}
+	return json.Marshal(&s)
+}
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/sampler.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/sampler.go
new file mode 100644
index 000000000..2c95caf26
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/sampler.go
@@ -0,0 +1,150 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016 Datadog, Inc.
+
+package tracer
+
+import (
+	"encoding/json"
+	"io"
+	"math"
+	"sync"
+
+	"gopkg.in/DataDog/dd-trace-go.v1/ddtrace"
+	"gopkg.in/DataDog/dd-trace-go.v1/ddtrace/ext"
+	"gopkg.in/DataDog/dd-trace-go.v1/internal/samplernames"
+)
+
+// Sampler is the generic interface of any sampler. It must be safe for concurrent use.
+type Sampler interface {
+	// Sample returns true if the given span should be sampled.
+	Sample(span Span) bool
+}
+
+// RateSampler is a sampler implementation which randomly selects spans using a
+// provided rate. For example, a rate of 0.75 will permit 75% of the spans.
+// RateSampler implementations should be safe for concurrent use.
+type RateSampler interface {
+	Sampler
+
+	// Rate returns the current sample rate.
+	Rate() float64
+
+	// SetRate sets a new sample rate.
+	SetRate(rate float64)
+}
+
+// rateSampler samples from a sample rate.
+type rateSampler struct {
+	sync.RWMutex
+	rate float64
+}
+
+// NewAllSampler is a short-hand for NewRateSampler(1). It is all-permissive.
+func NewAllSampler() RateSampler { return NewRateSampler(1) }
+
+// NewRateSampler returns an initialized RateSampler with a given sample rate.
+func NewRateSampler(rate float64) RateSampler {
+	return &rateSampler{rate: rate}
+}
+
+// Rate returns the current rate of the sampler.
+func (r *rateSampler) Rate() float64 {
+	r.RLock()
+	defer r.RUnlock()
+	return r.rate
+}
+
+// SetRate sets a new sampling rate.
+func (r *rateSampler) SetRate(rate float64) {
+	r.Lock()
+	r.rate = rate
+	r.Unlock()
+}
+
+// constants used for the Knuth hashing, same as agent.
+const knuthFactor = uint64(1111111111111111111)
+
+// Sample returns true if the given span should be sampled.
+func (r *rateSampler) Sample(spn ddtrace.Span) bool {
+	if r.rate == 1 {
+		// fast path
+		return true
+	}
+	s, ok := spn.(*span)
+	if !ok {
+		return false
+	}
+	r.RLock()
+	defer r.RUnlock()
+	return sampledByRate(s.TraceID, r.rate)
+}
+
+// sampledByRate verifies if the number n should be sampled at the specified
+// rate.
+func sampledByRate(n uint64, rate float64) bool {
+	if rate < 1 {
+		return n*knuthFactor < uint64(rate*math.MaxUint64)
+	}
+	return true
+}
+
+// prioritySampler holds a set of per-service sampling rates and applies
+// them to spans.
+type prioritySampler struct {
+	mu          sync.RWMutex
+	rates       map[string]float64
+	defaultRate float64
+}
+
+func newPrioritySampler() *prioritySampler {
+	return &prioritySampler{
+		rates:       make(map[string]float64),
+		defaultRate: 1.,
+	}
+}
+
+// readRatesJSON will try to read the rates as JSON from the given io.ReadCloser.
+func (ps *prioritySampler) readRatesJSON(rc io.ReadCloser) error {
+	var payload struct {
+		Rates map[string]float64 `json:"rate_by_service"`
+	}
+	if err := json.NewDecoder(rc).Decode(&payload); err != nil {
+		return err
+	}
+	rc.Close()
+	const defaultRateKey = "service:,env:"
+	ps.mu.Lock()
+	defer ps.mu.Unlock()
+	ps.rates = payload.Rates
+	if v, ok := ps.rates[defaultRateKey]; ok {
+		ps.defaultRate = v
+		delete(ps.rates, defaultRateKey)
+	}
+	return nil
+}
+
+// getRate returns the sampling rate to be used for the given span. Callers must
+// guard the span.
+func (ps *prioritySampler) getRate(spn *span) float64 {
+	key := "service:" + spn.Service + ",env:" + spn.Meta[ext.Environment]
+	ps.mu.RLock()
+	defer ps.mu.RUnlock()
+	if rate, ok := ps.rates[key]; ok {
+		return rate
+	}
+	return ps.defaultRate
+}
+
+// apply applies sampling priority to the given span. Caller must ensure it is safe
+// to modify the span.
+func (ps *prioritySampler) apply(spn *span) {
+	rate := ps.getRate(spn)
+	if sampledByRate(spn.TraceID, rate) {
+		spn.setSamplingPriority(ext.PriorityAutoKeep, samplernames.AgentRate)
+	} else {
+		spn.setSamplingPriority(ext.PriorityAutoReject, samplernames.AgentRate)
+	}
+	spn.SetTag(keySamplingPriorityRate, rate)
+}
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/span.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/span.go
new file mode 100644
index 000000000..c4a053040
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/span.go
@@ -0,0 +1,735 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016 Datadog, Inc.
+
+//go:generate msgp -unexported -marshal=false -o=span_msgp.go -tests=false
+
+package tracer
+
+import (
+	"context"
+	"encoding/base64"
+	"fmt"
+	"math"
+	"os"
+	"reflect"
+	"runtime"
+	"runtime/pprof"
+	rt "runtime/trace"
+	"strconv"
+	"strings"
+	"sync"
+	"sync/atomic"
+	"time"
+
+	"gopkg.in/DataDog/dd-trace-go.v1/ddtrace"
+	"gopkg.in/DataDog/dd-trace-go.v1/ddtrace/ext"
+	"gopkg.in/DataDog/dd-trace-go.v1/ddtrace/internal"
+	sharedinternal "gopkg.in/DataDog/dd-trace-go.v1/internal"
+	"gopkg.in/DataDog/dd-trace-go.v1/internal/globalconfig"
+	"gopkg.in/DataDog/dd-trace-go.v1/internal/log"
+	"gopkg.in/DataDog/dd-trace-go.v1/internal/samplernames"
+	"gopkg.in/DataDog/dd-trace-go.v1/internal/traceprof"
+
+	"github.com/DataDog/datadog-agent/pkg/obfuscate"
+	"github.com/tinylib/msgp/msgp"
+	"golang.org/x/xerrors"
+)
+
+type (
+	// spanList implements msgp.Encodable on top of a slice of spans.
+	spanList []*span
+
+	// spanLists implements msgp.Decodable on top of a slice of spanList.
+	// This type is only used in tests.
+	spanLists []spanList
+)
+
+var (
+	_ ddtrace.Span   = (*span)(nil)
+	_ msgp.Encodable = (*spanList)(nil)
+	_ msgp.Decodable = (*spanLists)(nil)
+)
+
+// errorConfig holds customization options for setting error tags.
+type errorConfig struct {
+	noDebugStack bool
+	stackFrames  uint
+	stackSkip    uint
+}
+
+// span represents a computation. Callers must call Finish when a span is
+// complete to ensure it's submitted.
+type span struct {
+	sync.RWMutex `msg:"-"` // all fields are protected by this RWMutex
+
+	Name     string             `msg:"name"`              // operation name
+	Service  string             `msg:"service"`           // service name (i.e. "grpc.server", "http.request")
+	Resource string             `msg:"resource"`          // resource name (i.e. "/user?id=123", "SELECT * FROM users")
+	Type     string             `msg:"type"`              // protocol associated with the span (i.e. "web", "db", "cache")
+	Start    int64              `msg:"start"`             // span start time expressed in nanoseconds since epoch
+	Duration int64              `msg:"duration"`          // duration of the span expressed in nanoseconds
+	Meta     map[string]string  `msg:"meta,omitempty"`    // arbitrary map of metadata
+	Metrics  map[string]float64 `msg:"metrics,omitempty"` // arbitrary map of numeric metrics
+	SpanID   uint64             `msg:"span_id"`           // identifier of this span
+	TraceID  uint64             `msg:"trace_id"`          // lower 64-bits of the root span identifier
+	ParentID uint64             `msg:"parent_id"`         // identifier of the span's direct parent
+	Error    int32              `msg:"error"`             // error status of the span; 0 means no errors
+
+	goExecTraced bool         `msg:"-"`
+	noDebugStack bool         `msg:"-"` // disables debug stack traces
+	finished     bool         `msg:"-"` // true if the span has been submitted to a tracer. Can only be read/modified if the trace is locked.
+	context      *spanContext `msg:"-"` // span propagation context
+
+	pprofCtxActive  context.Context `msg:"-"` // contains pprof.WithLabel labels to tell the profiler more about this span
+	pprofCtxRestore context.Context `msg:"-"` // contains pprof.WithLabel labels of the parent span (if any) that need to be restored when this span finishes
+
+	taskEnd func() // ends execution tracer (runtime/trace) task, if started
+}
+
+// Context yields the SpanContext for this Span. Note that the return
+// value of Context() is still valid after a call to Finish(). This is
+// called the span context and it is different from Go's context.
+func (s *span) Context() ddtrace.SpanContext { return s.context }
+
+// SetBaggageItem sets a key/value pair as baggage on the span. Baggage items
+// are propagated down to descendant spans and injected cross-process. Use with
+// care as it adds extra load onto your tracing layer.
+func (s *span) SetBaggageItem(key, val string) {
+	s.context.setBaggageItem(key, val)
+}
+
+// BaggageItem gets the value for a baggage item given its key. Returns the
+// empty string if the value isn't found in this Span.
+func (s *span) BaggageItem(key string) string {
+	return s.context.baggageItem(key)
+}
+
+// SetTag adds a set of key/value metadata to the span.
+func (s *span) SetTag(key string, value interface{}) {
+	s.Lock()
+	defer s.Unlock()
+	// We don't lock spans when flushing, so we could have a data race when
+	// modifying a span as it's being flushed. This protects us against that
+	// race, since spans are marked `finished` before we flush them.
+	if s.finished {
+		return
+	}
+	switch key {
+	case ext.Error:
+		s.setTagError(value, errorConfig{
+			noDebugStack: s.noDebugStack,
+		})
+		return
+	}
+	if v, ok := value.(bool); ok {
+		s.setTagBool(key, v)
+		return
+	}
+	if v, ok := value.(string); ok {
+		if key == ext.ResourceName && s.pprofCtxActive != nil && spanResourcePIISafe(s) {
+			// If the user overrides the resource name for the span,
+			// update the endpoint label for the runtime profilers.
+			//
+			// We don't change s.pprofCtxRestore since that should
+			// stay as the original parent span context regardless
+			// of what we change at a lower level.
+			s.pprofCtxActive = pprof.WithLabels(s.pprofCtxActive, pprof.Labels(traceprof.TraceEndpoint, v))
+			pprof.SetGoroutineLabels(s.pprofCtxActive)
+		}
+		s.setMeta(key, v)
+		return
+	}
+	if v, ok := toFloat64(value); ok {
+		s.setMetric(key, v)
+		return
+	}
+	if v, ok := value.(fmt.Stringer); ok {
+		defer func() {
+			if e := recover(); e != nil {
+				if v := reflect.ValueOf(value); v.Kind() == reflect.Ptr && v.IsNil() {
+					// If .String() panics due to a nil receiver, we want to catch this
+					// and replace the string value with "<nil>", just as Sprintf does.
+					// Other panics should not be handled.
+					s.setMeta(key, "<nil>")
+					return
+				}
+				panic(e)
+			}
+		}()
+		s.setMeta(key, v.String())
+		return
+	}
+	// not numeric, not a string, not a fmt.Stringer, not a bool, and not an error
+	s.setMeta(key, fmt.Sprint(value))
+}
+
+// setSamplingPriority locks then span, then updates the sampling priority.
+// It also updates the trace's sampling priority.
+func (s *span) setSamplingPriority(priority int, sampler samplernames.SamplerName) {
+	s.Lock()
+	defer s.Unlock()
+	s.setSamplingPriorityLocked(priority, sampler)
+}
+
+// Root returns the root span of the span's trace. The return value shouldn't be
+// nil as long as the root span is valid and not finished.
+func (s *span) Root() Span {
+	return s.root()
+}
+
+// root returns the root span of the span's trace. The return value shouldn't be
+// nil as long as the root span is valid and not finished.
+// As opposed to the public Root method, this one returns the actual span type
+// when internal usage requires it (to avoid type assertions from Root's return
+// value).
+func (s *span) root() *span {
+	if s == nil || s.context == nil {
+		return nil
+	}
+	if s.context.trace == nil {
+		return nil
+	}
+	return s.context.trace.root
+}
+
+// SetUser associates user information to the current trace which the
+// provided span belongs to. The options can be used to tune which user
+// bit of information gets monitored. In case of distributed traces,
+// the user id can be propagated across traces using the WithPropagation() option.
+// See https://docs.datadoghq.com/security_platform/application_security/setup_and_configure/?tab=set_user#add-user-information-to-traces
+func (s *span) SetUser(id string, opts ...UserMonitoringOption) {
+	cfg := UserMonitoringConfig{
+		Metadata: make(map[string]string),
+	}
+	for _, fn := range opts {
+		fn(&cfg)
+	}
+	root := s.root()
+	trace := root.context.trace
+	root.Lock()
+	defer root.Unlock()
+	// We don't lock spans when flushing, so we could have a data race when
+	// modifying a span as it's being flushed. This protects us against that
+	// race, since spans are marked `finished` before we flush them.
+	if root.finished {
+		return
+	}
+	if cfg.PropagateID {
+		// Delete usr.id from the tags since _dd.p.usr.id takes precedence
+		delete(root.Meta, keyUserID)
+		idenc := base64.StdEncoding.EncodeToString([]byte(id))
+		trace.setPropagatingTag(keyPropagatedUserID, idenc)
+		s.context.updated = true
+	} else {
+		if trace.hasPropagatingTag(keyPropagatedUserID) {
+			// Unset the propagated user ID so that a propagated user ID coming from upstream won't be propagated anymore.
+			trace.unsetPropagatingTag(keyPropagatedUserID)
+			s.context.updated = true
+		}
+		delete(root.Meta, keyPropagatedUserID)
+	}
+
+	usrData := map[string]string{
+		keyUserID:        id,
+		keyUserEmail:     cfg.Email,
+		keyUserName:      cfg.Name,
+		keyUserScope:     cfg.Scope,
+		keyUserRole:      cfg.Role,
+		keyUserSessionID: cfg.SessionID,
+	}
+	for k, v := range cfg.Metadata {
+		usrData[fmt.Sprintf("usr.%s", k)] = v
+	}
+	for k, v := range usrData {
+		if v != "" {
+			// setMeta is used since the span is already locked
+			root.setMeta(k, v)
+		}
+	}
+}
+
+// setSamplingPriorityLocked updates the sampling priority.
+// It also updates the trace's sampling priority.
+func (s *span) setSamplingPriorityLocked(priority int, sampler samplernames.SamplerName) {
+	// We don't lock spans when flushing, so we could have a data race when
+	// modifying a span as it's being flushed. This protects us against that
+	// race, since spans are marked `finished` before we flush them.
+	if s.finished {
+		return
+	}
+	s.setMetric(keySamplingPriority, float64(priority))
+	s.context.setSamplingPriority(priority, sampler)
+}
+
+// setTagError sets the error tag. It accounts for various valid scenarios.
+// This method is not safe for concurrent use.
+func (s *span) setTagError(value interface{}, cfg errorConfig) {
+	setError := func(yes bool) {
+		if yes {
+			if s.Error == 0 {
+				// new error
+				atomic.AddInt32(&s.context.errors, 1)
+			}
+			s.Error = 1
+		} else {
+			if s.Error > 0 {
+				// flip from active to inactive
+				atomic.AddInt32(&s.context.errors, -1)
+			}
+			s.Error = 0
+		}
+	}
+	if s.finished {
+		return
+	}
+	switch v := value.(type) {
+	case bool:
+		// bool value as per Opentracing spec.
+		setError(v)
+	case error:
+		// if anyone sets an error value as the tag, be nice here
+		// and provide all the benefits.
+		setError(true)
+		s.setMeta(ext.ErrorMsg, v.Error())
+		s.setMeta(ext.ErrorType, reflect.TypeOf(v).String())
+		if !cfg.noDebugStack {
+			s.setMeta(ext.ErrorStack, takeStacktrace(cfg.stackFrames, cfg.stackSkip))
+		}
+		switch v.(type) {
+		case xerrors.Formatter:
+			s.setMeta(ext.ErrorDetails, fmt.Sprintf("%+v", v))
+		case fmt.Formatter:
+			// pkg/errors approach
+			s.setMeta(ext.ErrorDetails, fmt.Sprintf("%+v", v))
+		}
+	case nil:
+		// no error
+		setError(false)
+	default:
+		// in all other cases, let's assume that setting this tag
+		// is the result of an error.
+		setError(true)
+	}
+}
+
+// defaultStackLength specifies the default maximum size of a stack trace.
+const defaultStackLength = 32
+
+// takeStacktrace takes a stack trace of maximum n entries, skipping the first skip entries.
+// If n is 0, up to 20 entries are retrieved.
+func takeStacktrace(n, skip uint) string {
+	if n == 0 {
+		n = defaultStackLength
+	}
+	var builder strings.Builder
+	pcs := make([]uintptr, n)
+
+	// +2 to exclude runtime.Callers and takeStacktrace
+	numFrames := runtime.Callers(2+int(skip), pcs)
+	if numFrames == 0 {
+		return ""
+	}
+	frames := runtime.CallersFrames(pcs[:numFrames])
+	for i := 0; ; i++ {
+		frame, more := frames.Next()
+		if i != 0 {
+			builder.WriteByte('\n')
+		}
+		builder.WriteString(frame.Function)
+		builder.WriteByte('\n')
+		builder.WriteByte('\t')
+		builder.WriteString(frame.File)
+		builder.WriteByte(':')
+		builder.WriteString(strconv.Itoa(frame.Line))
+		if !more {
+			break
+		}
+	}
+	return builder.String()
+}
+
+// setMeta sets a string tag. This method is not safe for concurrent use.
+func (s *span) setMeta(key, v string) {
+	if s.Meta == nil {
+		s.Meta = make(map[string]string, 1)
+	}
+	delete(s.Metrics, key)
+	switch key {
+	case ext.SpanName:
+		s.Name = v
+	case ext.ServiceName:
+		s.Service = v
+	case ext.ResourceName:
+		s.Resource = v
+	case ext.SpanType:
+		s.Type = v
+	default:
+		s.Meta[key] = v
+	}
+}
+
+// setTagBool sets a boolean tag on the span.
+func (s *span) setTagBool(key string, v bool) {
+	switch key {
+	case ext.AnalyticsEvent:
+		if v {
+			s.setMetric(ext.EventSampleRate, 1.0)
+		} else {
+			s.setMetric(ext.EventSampleRate, 0.0)
+		}
+	case ext.ManualDrop:
+		if v {
+			s.setSamplingPriorityLocked(ext.PriorityUserReject, samplernames.Manual)
+		}
+	case ext.ManualKeep:
+		if v {
+			s.setSamplingPriorityLocked(ext.PriorityUserKeep, samplernames.Manual)
+		}
+	default:
+		if v {
+			s.setMeta(key, "true")
+		} else {
+			s.setMeta(key, "false")
+		}
+	}
+}
+
+// setMetric sets a numeric tag, in our case called a metric. This method
+// is not safe for concurrent use.
+func (s *span) setMetric(key string, v float64) {
+	if s.Metrics == nil {
+		s.Metrics = make(map[string]float64, 1)
+	}
+	delete(s.Meta, key)
+	switch key {
+	case ext.ManualKeep:
+		if v == float64(samplernames.AppSec) {
+			s.setSamplingPriorityLocked(ext.PriorityUserKeep, samplernames.AppSec)
+		}
+	case ext.SamplingPriority:
+		// ext.SamplingPriority is deprecated in favor of ext.ManualKeep and ext.ManualDrop.
+		// We have it here for backward compatibility.
+		s.setSamplingPriorityLocked(int(v), samplernames.Manual)
+	default:
+		s.Metrics[key] = v
+	}
+}
+
+// Finish closes this Span (but not its children) providing the duration
+// of its part of the tracing session.
+func (s *span) Finish(opts ...ddtrace.FinishOption) {
+	t := now()
+	if len(opts) > 0 {
+		cfg := ddtrace.FinishConfig{
+			NoDebugStack: s.noDebugStack,
+		}
+		for _, fn := range opts {
+			fn(&cfg)
+		}
+		if !cfg.FinishTime.IsZero() {
+			t = cfg.FinishTime.UnixNano()
+		}
+		if cfg.Error != nil {
+			s.Lock()
+			s.setTagError(cfg.Error, errorConfig{
+				noDebugStack: cfg.NoDebugStack,
+				stackFrames:  cfg.StackFrames,
+				stackSkip:    cfg.SkipStackFrames,
+			})
+			s.Unlock()
+		}
+	}
+	if s.taskEnd != nil {
+		s.taskEnd()
+	}
+	if s.goExecTraced && rt.IsEnabled() {
+		// Only tag spans as traced if they both started & ended with
+		// execution tracing enabled. This is technically not sufficient
+		// for spans which could straddle the boundary between two
+		// execution traces, but there's really nothing we can do in
+		// those cases since execution tracing tasks aren't recorded in
+		// traces if they started before the trace.
+		s.SetTag("go_execution_traced", "yes")
+	} else if s.goExecTraced {
+		// If the span started with tracing enabled, but tracing wasn't
+		// enabled when the span finished, we still have some data to
+		// show. If tracing wasn't enabled when the span started, we
+		// won't have data in the execution trace to identify it so
+		// there's nothign we can show.
+		s.SetTag("go_execution_traced", "partial")
+	}
+	s.finish(t)
+
+	if s.pprofCtxRestore != nil {
+		// Restore the labels of the parent span so any CPU samples after this
+		// point are attributed correctly.
+		pprof.SetGoroutineLabels(s.pprofCtxRestore)
+	}
+}
+
+// SetOperationName sets or changes the operation name.
+func (s *span) SetOperationName(operationName string) {
+	s.Lock()
+	defer s.Unlock()
+	// We don't lock spans when flushing, so we could have a data race when
+	// modifying a span as it's being flushed. This protects us against that
+	// race, since spans are marked `finished` before we flush them.
+	if s.finished {
+		// already finished
+		return
+	}
+	s.Name = operationName
+}
+
+func (s *span) finish(finishTime int64) {
+	s.Lock()
+	defer s.Unlock()
+	// We don't lock spans when flushing, so we could have a data race when
+	// modifying a span as it's being flushed. This protects us against that
+	// race, since spans are marked `finished` before we flush them.
+	if s.finished {
+		// already finished
+		return
+	}
+	if s.Duration == 0 {
+		s.Duration = finishTime - s.Start
+	}
+	if s.Duration < 0 {
+		s.Duration = 0
+	}
+
+	keep := true
+	if t, ok := internal.GetGlobalTracer().(*tracer); ok {
+		// we have an active tracer
+		if t.config.canComputeStats() && shouldComputeStats(s) {
+			// the agent supports computed stats
+			select {
+			case t.stats.In <- newAggregableSpan(s, t.obfuscator):
+				// ok
+			default:
+				log.Error("Stats channel full, disregarding span.")
+			}
+		}
+		if t.config.canDropP0s() {
+			// the agent supports dropping p0's in the client
+			keep = shouldKeep(s)
+		}
+		if t.config.debugAbandonedSpans {
+			// the tracer supports debugging abandoned spans
+			select {
+			case t.abandonedSpansDebugger.In <- newAbandonedSpanCandidate(s, true):
+				// ok
+			default:
+				log.Error("Abandoned spans channel full, disregarding span.")
+			}
+		}
+	}
+	if keep {
+		// a single kept span keeps the whole trace.
+		s.context.trace.keep()
+	}
+	if log.DebugEnabled() {
+		// avoid allocating the ...interface{} argument if debug logging is disabled
+		log.Debug("Finished Span: %v, Operation: %s, Resource: %s, Tags: %v, %v",
+			s, s.Name, s.Resource, s.Meta, s.Metrics)
+	}
+	s.context.finish()
+}
+
+// newAggregableSpan creates a new summary for the span s, within an application
+// version version.
+func newAggregableSpan(s *span, obfuscator *obfuscate.Obfuscator) *aggregableSpan {
+	var statusCode uint32
+	if sc, ok := s.Meta["http.status_code"]; ok && sc != "" {
+		if c, err := strconv.Atoi(sc); err == nil && c > 0 && c <= math.MaxInt32 {
+			statusCode = uint32(c)
+		}
+	}
+	key := aggregation{
+		Name:       s.Name,
+		Resource:   obfuscatedResource(obfuscator, s.Type, s.Resource),
+		Service:    s.Service,
+		Type:       s.Type,
+		Synthetics: strings.HasPrefix(s.Meta[keyOrigin], "synthetics"),
+		StatusCode: statusCode,
+	}
+	return &aggregableSpan{
+		key:      key,
+		Start:    s.Start,
+		Duration: s.Duration,
+		TopLevel: s.Metrics[keyTopLevel] == 1,
+		Error:    s.Error,
+	}
+}
+
+// textNonParsable specifies the text that will be assigned to resources for which the resource
+// can not be parsed due to an obfuscation error.
+const textNonParsable = "Non-parsable SQL query"
+
+// obfuscatedResource returns the obfuscated version of the given resource. It is
+// obfuscated using the given obfuscator for the given span type typ.
+func obfuscatedResource(o *obfuscate.Obfuscator, typ, resource string) string {
+	if o == nil {
+		return resource
+	}
+	switch typ {
+	case "sql", "cassandra":
+		oq, err := o.ObfuscateSQLString(resource)
+		if err != nil {
+			log.Error("Error obfuscating stats group resource %q: %v", resource, err)
+			return textNonParsable
+		}
+		return oq.Query
+	case "redis":
+		return o.QuantizeRedisString(resource)
+	default:
+		return resource
+	}
+}
+
+// shouldKeep reports whether the trace should be kept.
+// a single span being kept implies the whole trace being kept.
+func shouldKeep(s *span) bool {
+	if p, ok := s.context.samplingPriority(); ok && p > 0 {
+		// positive sampling priorities stay
+		return true
+	}
+	if atomic.LoadInt32(&s.context.errors) > 0 {
+		// traces with any span containing an error get kept
+		return true
+	}
+	if v, ok := s.Metrics[ext.EventSampleRate]; ok {
+		return sampledByRate(s.TraceID, v)
+	}
+	return false
+}
+
+// shouldComputeStats mentions whether this span needs to have stats computed for.
+// Warning: callers must guard!
+func shouldComputeStats(s *span) bool {
+	if v, ok := s.Metrics[keyMeasured]; ok && v == 1 {
+		return true
+	}
+	if v, ok := s.Metrics[keyTopLevel]; ok && v == 1 {
+		return true
+	}
+	return false
+}
+
+// String returns a human readable representation of the span. Not for
+// production, just debugging.
+func (s *span) String() string {
+	s.RLock()
+	defer s.RUnlock()
+	lines := []string{
+		fmt.Sprintf("Name: %s", s.Name),
+		fmt.Sprintf("Service: %s", s.Service),
+		fmt.Sprintf("Resource: %s", s.Resource),
+		fmt.Sprintf("TraceID: %d", s.TraceID),
+		fmt.Sprintf("TraceID128: %s", s.context.TraceID128()),
+		fmt.Sprintf("SpanID: %d", s.SpanID),
+		fmt.Sprintf("ParentID: %d", s.ParentID),
+		fmt.Sprintf("Start: %s", time.Unix(0, s.Start)),
+		fmt.Sprintf("Duration: %s", time.Duration(s.Duration)),
+		fmt.Sprintf("Error: %d", s.Error),
+		fmt.Sprintf("Type: %s", s.Type),
+		"Tags:",
+	}
+	for key, val := range s.Meta {
+		lines = append(lines, fmt.Sprintf("\t%s:%s", key, val))
+	}
+	for key, val := range s.Metrics {
+		lines = append(lines, fmt.Sprintf("\t%s:%f", key, val))
+	}
+	return strings.Join(lines, "\n")
+}
+
+// Format implements fmt.Formatter.
+func (s *span) Format(f fmt.State, c rune) {
+	switch c {
+	case 's':
+		fmt.Fprint(f, s.String())
+	case 'v':
+		if svc := globalconfig.ServiceName(); svc != "" {
+			fmt.Fprintf(f, "dd.service=%s ", svc)
+		}
+		if tr, ok := internal.GetGlobalTracer().(*tracer); ok {
+			if tr.config.env != "" {
+				fmt.Fprintf(f, "dd.env=%s ", tr.config.env)
+			}
+			if tr.config.version != "" {
+				fmt.Fprintf(f, "dd.version=%s ", tr.config.version)
+			}
+		} else {
+			if env := os.Getenv("DD_ENV"); env != "" {
+				fmt.Fprintf(f, "dd.env=%s ", env)
+			}
+			if v := os.Getenv("DD_VERSION"); v != "" {
+				fmt.Fprintf(f, "dd.version=%s ", v)
+			}
+		}
+		var traceID string
+		if sharedinternal.BoolEnv("DD_TRACE_128_BIT_TRACEID_LOGGING_ENABLED", false) && s.context.traceID.HasUpper() {
+			traceID = s.context.TraceID128()
+		} else {
+			traceID = fmt.Sprintf("%d", s.TraceID)
+		}
+		fmt.Fprintf(f, `dd.trace_id=%q `, traceID)
+		fmt.Fprintf(f, `dd.span_id="%d" `, s.SpanID)
+		fmt.Fprintf(f, `dd.parent_id="%d"`, s.ParentID)
+	default:
+		fmt.Fprintf(f, "%%!%c(ddtrace.Span=%v)", c, s)
+	}
+}
+
+const (
+	keySamplingPriority     = "_sampling_priority_v1"
+	keySamplingPriorityRate = "_dd.agent_psr"
+	keyDecisionMaker        = "_dd.p.dm"
+	keyServiceHash          = "_dd.dm.service_hash"
+	keyOrigin               = "_dd.origin"
+	// keyHostname can be used to override the agent's hostname detection when using `WithHostname`. Not to be confused with keyTracerHostname
+	// which is set via auto-detection.
+	keyHostname                = "_dd.hostname"
+	keyRulesSamplerAppliedRate = "_dd.rule_psr"
+	keyRulesSamplerLimiterRate = "_dd.limit_psr"
+	keyMeasured                = "_dd.measured"
+	// keyTopLevel is the key of top level metric indicating if a span is top level.
+	// A top level span is a local root (parent span of the local trace) or the first span of each service.
+	keyTopLevel = "_dd.top_level"
+	// keyPropagationError holds any error from propagated trace tags (if any)
+	keyPropagationError = "_dd.propagation_error"
+	// keySpanSamplingMechanism specifies the sampling mechanism by which an individual span was sampled
+	keySpanSamplingMechanism = "_dd.span_sampling.mechanism"
+	// keySingleSpanSamplingRuleRate specifies the configured sampling probability for the single span sampling rule.
+	keySingleSpanSamplingRuleRate = "_dd.span_sampling.rule_rate"
+	// keySingleSpanSamplingMPS specifies the configured limit for the single span sampling rule
+	// that the span matched. If there is no configured limit, then this tag is omitted.
+	keySingleSpanSamplingMPS = "_dd.span_sampling.max_per_second"
+	// keyPropagatedUserID holds the propagated user identifier, if user id propagation is enabled.
+	keyPropagatedUserID = "_dd.p.usr.id"
+	//keyTracerHostname holds the tracer detected hostname, only present when not connected over UDS to agent.
+	keyTracerHostname = "_dd.tracer_hostname"
+	// keyTraceID128 is the lowercase, hex encoded upper 64 bits of a 128-bit trace id, if present.
+	keyTraceID128 = "_dd.p.tid"
+	// keySpanAttributeSchemaVersion holds the selected DD_TRACE_SPAN_ATTRIBUTE_SCHEMA version.
+	keySpanAttributeSchemaVersion = "_dd.trace_span_attribute_schema"
+	// keyPeerServiceSource indicates the precursor tag that was used as the value of peer.service.
+	keyPeerServiceSource = "_dd.peer.service.source"
+	// keyPeerServiceRemappedFrom indicates the previous value for peer.service, in case remapping happened.
+	keyPeerServiceRemappedFrom = "_dd.peer.service.remapped_from"
+	// keyBaseService contains the globally configured tracer service name. It is only set for spans that override it.
+	keyBaseService = "_dd.base_service"
+)
+
+// The following set of tags is used for user monitoring and set through calls to span.SetUser().
+const (
+	keyUserID        = "usr.id"
+	keyUserEmail     = "usr.email"
+	keyUserName      = "usr.name"
+	keyUserRole      = "usr.role"
+	keyUserScope     = "usr.scope"
+	keyUserSessionID = "usr.session_id"
+)
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/span_msgp.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/span_msgp.go
new file mode 100644
index 000000000..16bb758f8
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/span_msgp.go
@@ -0,0 +1,453 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016 Datadog, Inc.
+
+package tracer
+
+// NOTE: THIS FILE WAS PRODUCED BY THE
+// MSGP CODE GENERATION TOOL (github.com/tinylib/msgp)
+// DO NOT EDIT
+
+import (
+	"github.com/tinylib/msgp/msgp"
+)
+
+// DecodeMsg implements msgp.Decodable
+func (z *span) DecodeMsg(dc *msgp.Reader) (err error) {
+	var field []byte
+	_ = field
+	var zb0001 uint32
+	zb0001, err = dc.ReadMapHeader()
+	if err != nil {
+		return
+	}
+	for zb0001 > 0 {
+		zb0001--
+		field, err = dc.ReadMapKeyPtr()
+		if err != nil {
+			return
+		}
+		switch msgp.UnsafeString(field) {
+		case "name":
+			z.Name, err = dc.ReadString()
+			if err != nil {
+				return
+			}
+		case "service":
+			z.Service, err = dc.ReadString()
+			if err != nil {
+				return
+			}
+		case "resource":
+			z.Resource, err = dc.ReadString()
+			if err != nil {
+				return
+			}
+		case "type":
+			z.Type, err = dc.ReadString()
+			if err != nil {
+				return
+			}
+		case "start":
+			z.Start, err = dc.ReadInt64()
+			if err != nil {
+				return
+			}
+		case "duration":
+			z.Duration, err = dc.ReadInt64()
+			if err != nil {
+				return
+			}
+		case "meta":
+			var zb0002 uint32
+			zb0002, err = dc.ReadMapHeader()
+			if err != nil {
+				return
+			}
+			if z.Meta == nil && zb0002 > 0 {
+				z.Meta = make(map[string]string, zb0002)
+			} else if len(z.Meta) > 0 {
+				for key := range z.Meta {
+					delete(z.Meta, key)
+				}
+			}
+			for zb0002 > 0 {
+				zb0002--
+				var za0001 string
+				var za0002 string
+				za0001, err = dc.ReadString()
+				if err != nil {
+					return
+				}
+				za0002, err = dc.ReadString()
+				if err != nil {
+					return
+				}
+				z.Meta[za0001] = za0002
+			}
+		case "metrics":
+			var zb0003 uint32
+			zb0003, err = dc.ReadMapHeader()
+			if err != nil {
+				return
+			}
+			if z.Metrics == nil && zb0003 > 0 {
+				z.Metrics = make(map[string]float64, zb0003)
+			} else if len(z.Metrics) > 0 {
+				for key := range z.Metrics {
+					delete(z.Metrics, key)
+				}
+			}
+			for zb0003 > 0 {
+				zb0003--
+				var za0003 string
+				var za0004 float64
+				za0003, err = dc.ReadString()
+				if err != nil {
+					return
+				}
+				za0004, err = dc.ReadFloat64()
+				if err != nil {
+					return
+				}
+				z.Metrics[za0003] = za0004
+			}
+		case "span_id":
+			z.SpanID, err = dc.ReadUint64()
+			if err != nil {
+				return
+			}
+		case "trace_id":
+			z.TraceID, err = dc.ReadUint64()
+			if err != nil {
+				return
+			}
+		case "parent_id":
+			z.ParentID, err = dc.ReadUint64()
+			if err != nil {
+				return
+			}
+		case "error":
+			z.Error, err = dc.ReadInt32()
+			if err != nil {
+				return
+			}
+		default:
+			err = dc.Skip()
+			if err != nil {
+				return
+			}
+		}
+	}
+	return
+}
+
+// EncodeMsg implements msgp.Encodable
+func (z *span) EncodeMsg(en *msgp.Writer) (err error) {
+	// map header, size 12
+	// write "name"
+	err = en.Append(0x8c, 0xa4, 0x6e, 0x61, 0x6d, 0x65)
+	if err != nil {
+		return
+	}
+	err = en.WriteString(z.Name)
+	if err != nil {
+		return
+	}
+	// write "service"
+	err = en.Append(0xa7, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65)
+	if err != nil {
+		return
+	}
+	err = en.WriteString(z.Service)
+	if err != nil {
+		return
+	}
+	// write "resource"
+	err = en.Append(0xa8, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65)
+	if err != nil {
+		return
+	}
+	err = en.WriteString(z.Resource)
+	if err != nil {
+		return
+	}
+	// write "type"
+	err = en.Append(0xa4, 0x74, 0x79, 0x70, 0x65)
+	if err != nil {
+		return
+	}
+	err = en.WriteString(z.Type)
+	if err != nil {
+		return
+	}
+	// write "start"
+	err = en.Append(0xa5, 0x73, 0x74, 0x61, 0x72, 0x74)
+	if err != nil {
+		return
+	}
+	err = en.WriteInt64(z.Start)
+	if err != nil {
+		return
+	}
+	// write "duration"
+	err = en.Append(0xa8, 0x64, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e)
+	if err != nil {
+		return
+	}
+	err = en.WriteInt64(z.Duration)
+	if err != nil {
+		return
+	}
+	// write "meta"
+	err = en.Append(0xa4, 0x6d, 0x65, 0x74, 0x61)
+	if err != nil {
+		return
+	}
+	err = en.WriteMapHeader(uint32(len(z.Meta)))
+	if err != nil {
+		return
+	}
+	for za0001, za0002 := range z.Meta {
+		err = en.WriteString(za0001)
+		if err != nil {
+			return
+		}
+		err = en.WriteString(za0002)
+		if err != nil {
+			return
+		}
+	}
+	// write "metrics"
+	err = en.Append(0xa7, 0x6d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x73)
+	if err != nil {
+		return
+	}
+	err = en.WriteMapHeader(uint32(len(z.Metrics)))
+	if err != nil {
+		return
+	}
+	for za0003, za0004 := range z.Metrics {
+		err = en.WriteString(za0003)
+		if err != nil {
+			return
+		}
+		err = en.WriteFloat64(za0004)
+		if err != nil {
+			return
+		}
+	}
+	// write "span_id"
+	err = en.Append(0xa7, 0x73, 0x70, 0x61, 0x6e, 0x5f, 0x69, 0x64)
+	if err != nil {
+		return
+	}
+	err = en.WriteUint64(z.SpanID)
+	if err != nil {
+		return
+	}
+	// write "trace_id"
+	err = en.Append(0xa8, 0x74, 0x72, 0x61, 0x63, 0x65, 0x5f, 0x69, 0x64)
+	if err != nil {
+		return
+	}
+	err = en.WriteUint64(z.TraceID)
+	if err != nil {
+		return
+	}
+	// write "parent_id"
+	err = en.Append(0xa9, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x5f, 0x69, 0x64)
+	if err != nil {
+		return
+	}
+	err = en.WriteUint64(z.ParentID)
+	if err != nil {
+		return
+	}
+	// write "error"
+	err = en.Append(0xa5, 0x65, 0x72, 0x72, 0x6f, 0x72)
+	if err != nil {
+		return
+	}
+	err = en.WriteInt32(z.Error)
+	if err != nil {
+		return
+	}
+	return
+}
+
+// Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message
+func (z *span) Msgsize() (s int) {
+	s = 1 + 5 + msgp.StringPrefixSize + len(z.Name) + 8 + msgp.StringPrefixSize + len(z.Service) + 9 + msgp.StringPrefixSize + len(z.Resource) + 5 + msgp.StringPrefixSize + len(z.Type) + 6 + msgp.Int64Size + 9 + msgp.Int64Size + 5 + msgp.MapHeaderSize
+	if z.Meta != nil {
+		for za0001, za0002 := range z.Meta {
+			_ = za0002
+			s += msgp.StringPrefixSize + len(za0001) + msgp.StringPrefixSize + len(za0002)
+		}
+	}
+	s += 8 + msgp.MapHeaderSize
+	if z.Metrics != nil {
+		for za0003, za0004 := range z.Metrics {
+			_ = za0004
+			s += msgp.StringPrefixSize + len(za0003) + msgp.Float64Size
+		}
+	}
+	s += 8 + msgp.Uint64Size + 9 + msgp.Uint64Size + 10 + msgp.Uint64Size + 6 + msgp.Int32Size
+	return
+}
+
+// DecodeMsg implements msgp.Decodable
+func (z *spanList) DecodeMsg(dc *msgp.Reader) (err error) {
+	var zb0002 uint32
+	zb0002, err = dc.ReadArrayHeader()
+	if err != nil {
+		return
+	}
+	if cap((*z)) >= int(zb0002) {
+		(*z) = (*z)[:zb0002]
+	} else {
+		(*z) = make(spanList, zb0002)
+	}
+	for zb0001 := range *z {
+		if dc.IsNil() {
+			err = dc.ReadNil()
+			if err != nil {
+				return
+			}
+			(*z)[zb0001] = nil
+		} else {
+			if (*z)[zb0001] == nil {
+				(*z)[zb0001] = new(span)
+			}
+			err = (*z)[zb0001].DecodeMsg(dc)
+			if err != nil {
+				return
+			}
+		}
+	}
+	return
+}
+
+// EncodeMsg implements msgp.Encodable
+func (z spanList) EncodeMsg(en *msgp.Writer) (err error) {
+	err = en.WriteArrayHeader(uint32(len(z)))
+	if err != nil {
+		return
+	}
+	for zb0003 := range z {
+		if z[zb0003] == nil {
+			err = en.WriteNil()
+			if err != nil {
+				return
+			}
+		} else {
+			err = z[zb0003].EncodeMsg(en)
+			if err != nil {
+				return
+			}
+		}
+	}
+	return
+}
+
+// Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message
+func (z spanList) Msgsize() (s int) {
+	s = msgp.ArrayHeaderSize
+	for zb0003 := range z {
+		if z[zb0003] == nil {
+			s += msgp.NilSize
+		} else {
+			s += z[zb0003].Msgsize()
+		}
+	}
+	return
+}
+
+// DecodeMsg implements msgp.Decodable
+func (z *spanLists) DecodeMsg(dc *msgp.Reader) (err error) {
+	var zb0003 uint32
+	zb0003, err = dc.ReadArrayHeader()
+	if err != nil {
+		return
+	}
+	if cap((*z)) >= int(zb0003) {
+		(*z) = (*z)[:zb0003]
+	} else {
+		(*z) = make(spanLists, zb0003)
+	}
+	for zb0001 := range *z {
+		var zb0004 uint32
+		zb0004, err = dc.ReadArrayHeader()
+		if err != nil {
+			return
+		}
+		if cap((*z)[zb0001]) >= int(zb0004) {
+			(*z)[zb0001] = ((*z)[zb0001])[:zb0004]
+		} else {
+			(*z)[zb0001] = make(spanList, zb0004)
+		}
+		for zb0002 := range (*z)[zb0001] {
+			if dc.IsNil() {
+				err = dc.ReadNil()
+				if err != nil {
+					return
+				}
+				(*z)[zb0001][zb0002] = nil
+			} else {
+				if (*z)[zb0001][zb0002] == nil {
+					(*z)[zb0001][zb0002] = new(span)
+				}
+				err = (*z)[zb0001][zb0002].DecodeMsg(dc)
+				if err != nil {
+					return
+				}
+			}
+		}
+	}
+	return
+}
+
+// EncodeMsg implements msgp.Encodable
+func (z spanLists) EncodeMsg(en *msgp.Writer) (err error) {
+	err = en.WriteArrayHeader(uint32(len(z)))
+	if err != nil {
+		return
+	}
+	for zb0005 := range z {
+		err = en.WriteArrayHeader(uint32(len(z[zb0005])))
+		if err != nil {
+			return
+		}
+		for zb0006 := range z[zb0005] {
+			if z[zb0005][zb0006] == nil {
+				err = en.WriteNil()
+				if err != nil {
+					return
+				}
+			} else {
+				err = z[zb0005][zb0006].EncodeMsg(en)
+				if err != nil {
+					return
+				}
+			}
+		}
+	}
+	return
+}
+
+// Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message
+func (z spanLists) Msgsize() (s int) {
+	s = msgp.ArrayHeaderSize
+	for zb0005 := range z {
+		s += msgp.ArrayHeaderSize
+		for zb0006 := range z[zb0005] {
+			if z[zb0005][zb0006] == nil {
+				s += msgp.NilSize
+			} else {
+				s += z[zb0005][zb0006].Msgsize()
+			}
+		}
+	}
+	return
+}
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/spancontext.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/spancontext.go
new file mode 100644
index 000000000..0f71e3f22
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/spancontext.go
@@ -0,0 +1,559 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016 Datadog, Inc.
+
+package tracer
+
+import (
+	"encoding/binary"
+	"encoding/hex"
+	"fmt"
+	"strconv"
+	"strings"
+	"sync"
+	"sync/atomic"
+	"time"
+
+	"gopkg.in/DataDog/dd-trace-go.v1/ddtrace"
+	"gopkg.in/DataDog/dd-trace-go.v1/ddtrace/ext"
+	"gopkg.in/DataDog/dd-trace-go.v1/ddtrace/internal"
+	ginternal "gopkg.in/DataDog/dd-trace-go.v1/internal"
+	sharedinternal "gopkg.in/DataDog/dd-trace-go.v1/internal"
+	"gopkg.in/DataDog/dd-trace-go.v1/internal/log"
+	"gopkg.in/DataDog/dd-trace-go.v1/internal/samplernames"
+	"gopkg.in/DataDog/dd-trace-go.v1/internal/telemetry"
+)
+
+var _ ddtrace.SpanContext = (*spanContext)(nil)
+
+type traceID [16]byte // traceID in big endian, i.e. <upper><lower>
+
+var emptyTraceID traceID
+
+func (t *traceID) HexEncoded() string {
+	return hex.EncodeToString(t[:])
+}
+
+func (t *traceID) Lower() uint64 {
+	return binary.BigEndian.Uint64(t[8:])
+}
+
+func (t *traceID) Upper() uint64 {
+	return binary.BigEndian.Uint64(t[:8])
+}
+
+func (t *traceID) SetLower(i uint64) {
+	binary.BigEndian.PutUint64(t[8:], i)
+}
+
+func (t *traceID) SetUpper(i uint64) {
+	binary.BigEndian.PutUint64(t[:8], i)
+}
+
+func (t *traceID) SetUpperFromHex(s string) error {
+	u, err := strconv.ParseUint(s, 16, 64)
+	if err != nil {
+		return fmt.Errorf("malformed %q: %s", s, err)
+	}
+	t.SetUpper(u)
+	return nil
+}
+
+func (t *traceID) Empty() bool {
+	return *t == emptyTraceID
+}
+
+func (t *traceID) HasUpper() bool {
+	//TODO: in go 1.20 we can simplify this
+	for _, b := range t[:8] {
+		if b != 0 {
+			return true
+		}
+	}
+	return false
+}
+
+func (t *traceID) UpperHex() string {
+	return hex.EncodeToString(t[:8])
+}
+
+// SpanContext represents a span state that can propagate to descendant spans
+// and across process boundaries. It contains all the information needed to
+// spawn a direct descendant of the span that it belongs to. It can be used
+// to create distributed tracing by propagating it using the provided interfaces.
+type spanContext struct {
+	updated bool // updated is tracking changes for priority / origin / x-datadog-tags
+
+	// the below group should propagate only locally
+
+	trace  *trace // reference to the trace that this span belongs too
+	span   *span  // reference to the span that hosts this context
+	errors int32  // number of spans with errors in this trace
+
+	// the below group should propagate cross-process
+
+	traceID traceID
+	spanID  uint64
+
+	mu         sync.RWMutex // guards below fields
+	baggage    map[string]string
+	hasBaggage uint32 // atomic int for quick checking presence of baggage. 0 indicates no baggage, otherwise baggage exists.
+	origin     string // e.g. "synthetics"
+}
+
+// newSpanContext creates a new SpanContext to serve as context for the given
+// span. If the provided parent is not nil, the context will inherit the trace,
+// baggage and other values from it. This method also pushes the span into the
+// new context's trace and as a result, it should not be called multiple times
+// for the same span.
+func newSpanContext(span *span, parent *spanContext) *spanContext {
+	context := &spanContext{
+		spanID: span.SpanID,
+		span:   span,
+	}
+	context.traceID.SetLower(span.TraceID)
+	if parent != nil {
+		context.traceID.SetUpper(parent.traceID.Upper())
+		context.trace = parent.trace
+		context.origin = parent.origin
+		context.errors = parent.errors
+		parent.ForeachBaggageItem(func(k, v string) bool {
+			context.setBaggageItem(k, v)
+			return true
+		})
+	} else if sharedinternal.BoolEnv("DD_TRACE_128_BIT_TRACEID_GENERATION_ENABLED", false) {
+		// add 128 bit trace id, if enabled, formatted as big-endian:
+		// <32-bit unix seconds> <32 bits of zero> <64 random bits>
+		id128 := time.Duration(span.Start) / time.Second
+		// casting from int64 -> uint32 should be safe since the start time won't be
+		// negative, and the seconds should fit within 32-bits for the foreseeable future.
+		// (We only want 32 bits of time, then the rest is zero)
+		tUp := uint64(uint32(id128)) << 32 // We need the time at the upper 32 bits of the uint
+		context.traceID.SetUpper(tUp)
+	}
+	if context.trace == nil {
+		context.trace = newTrace()
+	}
+	if context.trace.root == nil {
+		// first span in the trace can safely be assumed to be the root
+		context.trace.root = span
+	}
+	// put span in context's trace
+	context.trace.push(span)
+	// setting context.updated to false here is necessary to distinguish
+	// between initializing properties of the span (priority)
+	// and updating them after extracting context through propagators
+	context.updated = false
+	return context
+}
+
+// SpanID implements ddtrace.SpanContext.
+func (c *spanContext) SpanID() uint64 { return c.spanID }
+
+// TraceID implements ddtrace.SpanContext.
+func (c *spanContext) TraceID() uint64 { return c.traceID.Lower() }
+
+// TraceID128 implements ddtrace.SpanContextW3C.
+func (c *spanContext) TraceID128() string {
+	return c.traceID.HexEncoded()
+}
+
+// TraceID128Bytes implements ddtrace.SpanContextW3C.
+func (c *spanContext) TraceID128Bytes() [16]byte {
+	return c.traceID
+}
+
+// ForeachBaggageItem implements ddtrace.SpanContext.
+func (c *spanContext) ForeachBaggageItem(handler func(k, v string) bool) {
+	if atomic.LoadUint32(&c.hasBaggage) == 0 {
+		return
+	}
+	c.mu.RLock()
+	defer c.mu.RUnlock()
+	for k, v := range c.baggage {
+		if !handler(k, v) {
+			break
+		}
+	}
+}
+
+func (c *spanContext) setSamplingPriority(p int, sampler samplernames.SamplerName) {
+	if c.trace == nil {
+		c.trace = newTrace()
+	}
+	if c.trace.priority != nil && *c.trace.priority != float64(p) {
+		c.updated = true
+	}
+	c.trace.setSamplingPriority(p, sampler)
+}
+
+func (c *spanContext) samplingPriority() (p int, ok bool) {
+	if c.trace == nil {
+		return 0, false
+	}
+	return c.trace.samplingPriority()
+}
+
+func (c *spanContext) setBaggageItem(key, val string) {
+	c.mu.Lock()
+	defer c.mu.Unlock()
+	if c.baggage == nil {
+		atomic.StoreUint32(&c.hasBaggage, 1)
+		c.baggage = make(map[string]string, 1)
+	}
+	c.baggage[key] = val
+}
+
+func (c *spanContext) baggageItem(key string) string {
+	if atomic.LoadUint32(&c.hasBaggage) == 0 {
+		return ""
+	}
+	c.mu.RLock()
+	defer c.mu.RUnlock()
+	return c.baggage[key]
+}
+
+func (c *spanContext) meta(key string) (val string, ok bool) {
+	c.span.RLock()
+	defer c.span.RUnlock()
+	val, ok = c.span.Meta[key]
+	return val, ok
+}
+
+// finish marks this span as finished in the trace.
+func (c *spanContext) finish() { c.trace.finishedOne(c.span) }
+
+// samplingDecision is the decision to send a trace to the agent or not.
+type samplingDecision uint32
+
+const (
+	// decisionNone is the default state of a trace.
+	// If no decision is made about the trace, the trace won't be sent to the agent.
+	decisionNone samplingDecision = iota
+	// decisionDrop prevents the trace from being sent to the agent.
+	decisionDrop
+	// decisionKeep ensures the trace will be sent to the agent.
+	decisionKeep
+)
+
+// trace contains shared context information about a trace, such as sampling
+// priority, the root reference and a buffer of the spans which are part of the
+// trace, if these exist.
+type trace struct {
+	mu               sync.RWMutex      // guards below fields
+	spans            []*span           // all the spans that are part of this trace
+	tags             map[string]string // trace level tags
+	propagatingTags  map[string]string // trace level tags that will be propagated across service boundaries
+	finished         int               // the number of finished spans
+	full             bool              // signifies that the span buffer is full
+	priority         *float64          // sampling priority
+	locked           bool              // specifies if the sampling priority can be altered
+	samplingDecision samplingDecision  // samplingDecision indicates whether to send the trace to the agent.
+
+	// root specifies the root of the trace, if known; it is nil when a span
+	// context is extracted from a carrier, at which point there are no spans in
+	// the trace yet.
+	root *span
+}
+
+var (
+	// traceStartSize is the initial size of our trace buffer,
+	// by default we allocate for a handful of spans within the trace,
+	// reasonable as span is actually way bigger, and avoids re-allocating
+	// over and over. Could be fine-tuned at runtime.
+	traceStartSize = 10
+	// traceMaxSize is the maximum number of spans we keep in memory for a
+	// single trace. This is to avoid memory leaks. If more spans than this
+	// are added to a trace, then the trace is dropped and the spans are
+	// discarded. Adding additional spans after a trace is dropped does
+	// nothing.
+	traceMaxSize = int(1e5)
+)
+
+// newTrace creates a new trace using the given callback which will be called
+// upon completion of the trace.
+func newTrace() *trace {
+	return &trace{spans: make([]*span, 0, traceStartSize)}
+}
+
+func (t *trace) samplingPriorityLocked() (p int, ok bool) {
+	if t.priority == nil {
+		return 0, false
+	}
+	return int(*t.priority), true
+}
+
+func (t *trace) samplingPriority() (p int, ok bool) {
+	t.mu.RLock()
+	defer t.mu.RUnlock()
+	return t.samplingPriorityLocked()
+}
+
+func (t *trace) setSamplingPriority(p int, sampler samplernames.SamplerName) {
+	t.mu.Lock()
+	defer t.mu.Unlock()
+	t.setSamplingPriorityLocked(p, sampler)
+}
+
+func (t *trace) keep() {
+	atomic.CompareAndSwapUint32((*uint32)(&t.samplingDecision), uint32(decisionNone), uint32(decisionKeep))
+}
+
+func (t *trace) drop() {
+	atomic.CompareAndSwapUint32((*uint32)(&t.samplingDecision), uint32(decisionNone), uint32(decisionDrop))
+}
+
+func (t *trace) setTag(key, value string) {
+	t.mu.Lock()
+	defer t.mu.Unlock()
+	t.setTagLocked(key, value)
+}
+
+func (t *trace) setTagLocked(key, value string) {
+	if t.tags == nil {
+		t.tags = make(map[string]string, 1)
+	}
+	t.tags[key] = value
+}
+
+func (t *trace) setSamplingPriorityLocked(p int, sampler samplernames.SamplerName) {
+	if t.locked {
+		return
+	}
+	if t.priority == nil {
+		t.priority = new(float64)
+	}
+	*t.priority = float64(p)
+	_, ok := t.propagatingTags[keyDecisionMaker]
+	if p > 0 && !ok && sampler != samplernames.Unknown {
+		// We have a positive priority and the sampling mechanism isn't set.
+		// Send nothing when sampler is `Unknown` for RFC compliance.
+		t.setPropagatingTagLocked(keyDecisionMaker, "-"+strconv.Itoa(int(sampler)))
+	}
+	if p <= 0 && ok {
+		delete(t.propagatingTags, keyDecisionMaker)
+	}
+}
+
+// push pushes a new span into the trace. If the buffer is full, it returns
+// a errBufferFull error.
+func (t *trace) push(sp *span) {
+	t.mu.Lock()
+	defer t.mu.Unlock()
+	if t.full {
+		return
+	}
+	tr, haveTracer := internal.GetGlobalTracer().(*tracer)
+	if len(t.spans) >= traceMaxSize {
+		// capacity is reached, we will not be able to complete this trace.
+		t.full = true
+		t.spans = nil // GC
+		log.Error("trace buffer full (%d), dropping trace", traceMaxSize)
+		if haveTracer {
+			atomic.AddUint32(&tr.tracesDropped, 1)
+		}
+		return
+	}
+	if v, ok := sp.Metrics[keySamplingPriority]; ok {
+		t.setSamplingPriorityLocked(int(v), samplernames.Unknown)
+	}
+	t.spans = append(t.spans, sp)
+	if haveTracer {
+		atomic.AddUint32(&tr.spansStarted, 1)
+	}
+}
+
+// setTraceTags sets all "trace level" tags on the provided span
+// t must already be locked.
+func (t *trace) setTraceTags(s *span, tr *tracer) {
+	for k, v := range t.tags {
+		s.setMeta(k, v)
+	}
+	for k, v := range t.propagatingTags {
+		s.setMeta(k, v)
+	}
+	for k, v := range ginternal.GetTracerGitMetadataTags() {
+		s.setMeta(k, v)
+	}
+	if s.context != nil && s.context.traceID.HasUpper() {
+		s.setMeta(keyTraceID128, s.context.traceID.UpperHex())
+	}
+	if hn := tr.hostname(); hn != "" {
+		s.setMeta(keyTracerHostname, hn)
+	}
+}
+
+// finishedOne acknowledges that another span in the trace has finished, and checks
+// if the trace is complete, in which case it calls the onFinish function. It uses
+// the given priority, if non-nil, to mark the root span. This also will trigger a partial flush
+// if enabled and the total number of finished spans is greater than or equal to the partial flush limit.
+// The provided span must be locked.
+func (t *trace) finishedOne(s *span) {
+	t.mu.Lock()
+	defer t.mu.Unlock()
+	s.finished = true
+	if t.full {
+		// capacity has been reached, the buffer is no longer tracking
+		// all the spans in the trace, so the below conditions will not
+		// be accurate and would trigger a pre-mature flush, exposing us
+		// to a race condition where spans can be modified while flushing.
+		//
+		// TODO(partialFlush): should we do a partial flush in this scenario?
+		return
+	}
+	t.finished++
+	tr, ok := internal.GetGlobalTracer().(*tracer)
+	if !ok {
+		return
+	}
+	setPeerService(s, tr.config)
+
+	// attach the _dd.base_service tag only when the globally configured service name is different from the
+	// span service name.
+	if s.Service != "" && !strings.EqualFold(s.Service, tr.config.serviceName) {
+		s.Meta[keyBaseService] = tr.config.serviceName
+	}
+	if s == t.root && t.priority != nil {
+		// after the root has finished we lock down the priority;
+		// we won't be able to make changes to a span after finishing
+		// without causing a race condition.
+		t.root.setMetric(keySamplingPriority, *t.priority)
+		t.locked = true
+	}
+	if len(t.spans) > 0 && s == t.spans[0] {
+		// first span in chunk finished, lock down the tags
+		//
+		// TODO(barbayar): make sure this doesn't happen in vain when switching to
+		// the new wire format. We won't need to set the tags on the first span
+		// in the chunk there.
+		t.setTraceTags(s, tr)
+	}
+
+	if len(t.spans) == t.finished { // perform a full flush of all spans
+		t.finishChunk(tr, &chunk{
+			spans:    t.spans,
+			willSend: decisionKeep == samplingDecision(atomic.LoadUint32((*uint32)(&t.samplingDecision))),
+		})
+		t.spans = nil
+		return
+	}
+
+	doPartialFlush := tr.config.partialFlushEnabled && t.finished >= tr.config.partialFlushMinSpans
+	if !doPartialFlush {
+		return // The trace hasn't completed and partial flushing will not occur
+	}
+	log.Debug("Partial flush triggered with %d finished spans", t.finished)
+	telemetry.GlobalClient.Count(telemetry.NamespaceTracers, "trace_partial_flush.count", 1, []string{"reason:large_trace"}, true)
+	finishedSpans := make([]*span, 0, t.finished)
+	leftoverSpans := make([]*span, 0, len(t.spans)-t.finished)
+	for _, s2 := range t.spans {
+		if s2.finished {
+			finishedSpans = append(finishedSpans, s2)
+		} else {
+			leftoverSpans = append(leftoverSpans, s2)
+		}
+	}
+	// TODO: (Support MetricKindDist) Re-enable these when we actually support `MetricKindDist`
+	//telemetry.GlobalClient.Record(telemetry.NamespaceTracers, telemetry.MetricKindDist, "trace_partial_flush.spans_closed", float64(len(finishedSpans)), nil, true)
+	//telemetry.GlobalClient.Record(telemetry.NamespaceTracers, telemetry.MetricKindDist, "trace_partial_flush.spans_remaining", float64(len(leftoverSpans)), nil, true)
+	finishedSpans[0].setMetric(keySamplingPriority, *t.priority)
+	if s != t.spans[0] {
+		// Make sure the first span in the chunk has the trace-level tags
+		t.setTraceTags(finishedSpans[0], tr)
+	}
+	t.finishChunk(tr, &chunk{
+		spans:    finishedSpans,
+		willSend: decisionKeep == samplingDecision(atomic.LoadUint32((*uint32)(&t.samplingDecision))),
+	})
+	t.spans = leftoverSpans
+}
+
+func (t *trace) finishChunk(tr *tracer, ch *chunk) {
+	atomic.AddUint32(&tr.spansFinished, uint32(len(ch.spans)))
+	tr.pushChunk(ch)
+	t.finished = 0 // important, because a buffer can be used for several flushes
+}
+
+// setPeerService sets the peer.service, _dd.peer.service.source, and _dd.peer.service.remapped_from
+// tags as applicable for the given span.
+func setPeerService(s *span, cfg *config) {
+	if _, ok := s.Meta[ext.PeerService]; ok { // peer.service already set on the span
+		s.setMeta(keyPeerServiceSource, ext.PeerService)
+	} else { // no peer.service currently set
+		spanKind := s.Meta[ext.SpanKind]
+		isOutboundRequest := spanKind == ext.SpanKindClient || spanKind == ext.SpanKindProducer
+		shouldSetDefaultPeerService := isOutboundRequest && cfg.peerServiceDefaultsEnabled
+		if !shouldSetDefaultPeerService {
+			return
+		}
+		source := setPeerServiceFromSource(s)
+		if source == "" {
+			log.Debug("No source tag value could be found for span %q, peer.service not set", s.Name)
+			return
+		}
+		s.setMeta(keyPeerServiceSource, source)
+	}
+	// Overwrite existing peer.service value if remapped by the user
+	ps := s.Meta[ext.PeerService]
+	if to, ok := cfg.peerServiceMappings[ps]; ok {
+		s.setMeta(keyPeerServiceRemappedFrom, ps)
+		s.setMeta(ext.PeerService, to)
+	}
+}
+
+// setPeerServiceFromSource sets peer.service from the sources determined
+// by the tags on the span. It returns the source tag name that it used for
+// the peer.service value, or the empty string if no valid source tag was available.
+func setPeerServiceFromSource(s *span) string {
+	has := func(tag string) bool {
+		_, ok := s.Meta[tag]
+		return ok
+	}
+	var sources []string
+	useTargetHost := true
+	switch {
+	// order of the cases and their sources matters here. These are in priority order (highest to lowest)
+	case has("aws_service"):
+		sources = []string{
+			"queuename",
+			"topicname",
+			"streamname",
+			"tablename",
+			"bucketname",
+		}
+	case s.Meta[ext.DBSystem] == ext.DBSystemCassandra:
+		sources = []string{
+			ext.CassandraContactPoints,
+		}
+		useTargetHost = false
+	case has(ext.DBSystem):
+		sources = []string{
+			ext.DBName,
+			ext.DBInstance,
+		}
+	case has(ext.MessagingSystem):
+		sources = []string{
+			ext.KafkaBootstrapServers,
+		}
+	case has(ext.RPCSystem):
+		sources = []string{
+			ext.RPCService,
+		}
+	}
+	// network destination tags will be used as fallback unless there are higher priority sources already set.
+	if useTargetHost {
+		sources = append(sources, []string{
+			ext.NetworkDestinationName,
+			ext.PeerHostname,
+			ext.TargetHost,
+		}...)
+	}
+	for _, source := range sources {
+		if val, ok := s.Meta[source]; ok {
+			s.setMeta(ext.PeerService, val)
+			return source
+		}
+	}
+	return ""
+}
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/sqlcomment.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/sqlcomment.go
new file mode 100644
index 000000000..b220d5c6f
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/sqlcomment.go
@@ -0,0 +1,300 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016 Datadog, Inc.
+
+package tracer
+
+import (
+	"strconv"
+	"strings"
+
+	"gopkg.in/DataDog/dd-trace-go.v1/ddtrace"
+	"gopkg.in/DataDog/dd-trace-go.v1/ddtrace/ext"
+	"gopkg.in/DataDog/dd-trace-go.v1/internal/globalconfig"
+	"gopkg.in/DataDog/dd-trace-go.v1/internal/log"
+	"gopkg.in/DataDog/dd-trace-go.v1/internal/samplernames"
+)
+
+// SQLCommentInjectionMode represents the mode of SQL comment injection.
+//
+// Deprecated: Use DBMPropagationMode instead.
+type SQLCommentInjectionMode DBMPropagationMode
+
+const (
+	// SQLInjectionUndefined represents the comment injection mode is not set. This is the same as SQLInjectionDisabled.
+	SQLInjectionUndefined SQLCommentInjectionMode = SQLCommentInjectionMode(DBMPropagationModeUndefined)
+	// SQLInjectionDisabled represents the comment injection mode where all injection is disabled.
+	SQLInjectionDisabled SQLCommentInjectionMode = SQLCommentInjectionMode(DBMPropagationModeDisabled)
+	// SQLInjectionModeService represents the comment injection mode where only service tags (name, env, version) are injected.
+	SQLInjectionModeService SQLCommentInjectionMode = SQLCommentInjectionMode(DBMPropagationModeService)
+	// SQLInjectionModeFull represents the comment injection mode where both service tags and tracing tags. Tracing tags include span id, trace id and sampling priority.
+	SQLInjectionModeFull SQLCommentInjectionMode = SQLCommentInjectionMode(DBMPropagationModeFull)
+)
+
+// DBMPropagationMode represents the mode of dbm propagation.
+//
+// Note that enabling sql comment propagation results in potentially confidential data (service names)
+// being stored in the databases which can then be accessed by other 3rd parties that have been granted
+// access to the database.
+type DBMPropagationMode string
+
+const (
+	// DBMPropagationModeUndefined represents the dbm propagation mode not being set. This is the same as DBMPropagationModeDisabled.
+	DBMPropagationModeUndefined DBMPropagationMode = ""
+	// DBMPropagationModeDisabled represents the dbm propagation mode where all propagation is disabled.
+	DBMPropagationModeDisabled DBMPropagationMode = "disabled"
+	// DBMPropagationModeService represents the dbm propagation mode where only service tags (name, env, version) are propagated to dbm.
+	DBMPropagationModeService DBMPropagationMode = "service"
+	// DBMPropagationModeFull represents the dbm propagation mode where both service tags and tracing tags are propagated. Tracing tags include span id, trace id and the sampled flag.
+	DBMPropagationModeFull DBMPropagationMode = "full"
+)
+
+// Key names for SQL comment tags.
+const (
+	sqlCommentTraceParent   = "traceparent"
+	sqlCommentParentService = "ddps"
+	sqlCommentDBService     = "dddbs"
+	sqlCommentParentVersion = "ddpv"
+	sqlCommentEnv           = "dde"
+)
+
+// Current trace context version (see https://www.w3.org/TR/trace-context/#version)
+const w3cContextVersion = "00"
+
+// SQLCommentCarrier is a carrier implementation that injects a span context in a SQL query in the form
+// of a sqlcommenter formatted comment prepended to the original query text.
+// See https://google.github.io/sqlcommenter/spec/ for more details.
+type SQLCommentCarrier struct {
+	Query         string
+	Mode          DBMPropagationMode
+	DBServiceName string
+	SpanID        uint64
+}
+
+// Inject injects a span context in the carrier's Query field as a comment.
+func (c *SQLCommentCarrier) Inject(spanCtx ddtrace.SpanContext) error {
+	c.SpanID = generateSpanID(now())
+	tags := make(map[string]string)
+	switch c.Mode {
+	case DBMPropagationModeUndefined:
+		fallthrough
+	case DBMPropagationModeDisabled:
+		return nil
+	case DBMPropagationModeFull:
+		var (
+			sampled int64
+			traceID uint64
+		)
+		if ctx, ok := spanCtx.(*spanContext); ok {
+			if sp, ok := ctx.samplingPriority(); ok && sp > 0 {
+				sampled = 1
+			}
+			traceID = ctx.TraceID()
+		}
+		if traceID == 0 { // check if this is a root span
+			traceID = c.SpanID
+		}
+		tags[sqlCommentTraceParent] = encodeTraceParent(traceID, c.SpanID, sampled)
+		fallthrough
+	case DBMPropagationModeService:
+		if ctx, ok := spanCtx.(*spanContext); ok {
+			if e, ok := ctx.meta(ext.Environment); ok && e != "" {
+				tags[sqlCommentEnv] = e
+			}
+			if v, ok := ctx.meta(ext.Version); ok && v != "" {
+				tags[sqlCommentParentVersion] = v
+			}
+		}
+		if globalconfig.ServiceName() != "" {
+			tags[sqlCommentParentService] = globalconfig.ServiceName()
+		}
+		tags[sqlCommentDBService] = c.DBServiceName
+	}
+	c.Query = commentQuery(c.Query, tags)
+	return nil
+}
+
+// encodeTraceParent encodes trace parent as per the w3c trace context spec (https://www.w3.org/TR/trace-context/#version).
+func encodeTraceParent(traceID uint64, spanID uint64, sampled int64) string {
+	var b strings.Builder
+	// traceparent has a fixed length of 55:
+	// 2 bytes for the version, 32 for the trace id, 16 for the span id, 2 for the sampled flag and 3 for separators
+	b.Grow(55)
+	b.WriteString(w3cContextVersion)
+	b.WriteRune('-')
+	tid := strconv.FormatUint(traceID, 16)
+	for i := 0; i < 32-len(tid); i++ {
+		b.WriteRune('0')
+	}
+	b.WriteString(tid)
+	b.WriteRune('-')
+	sid := strconv.FormatUint(spanID, 16)
+	for i := 0; i < 16-len(sid); i++ {
+		b.WriteRune('0')
+	}
+	b.WriteString(sid)
+	b.WriteRune('-')
+	b.WriteRune('0')
+	b.WriteString(strconv.FormatInt(sampled, 16))
+	return b.String()
+}
+
+var (
+	keyReplacer   = strings.NewReplacer(" ", "%20", "!", "%21", "#", "%23", "$", "%24", "%", "%25", "&", "%26", "'", "%27", "(", "%28", ")", "%29", "*", "%2A", "+", "%2B", ",", "%2C", "/", "%2F", ":", "%3A", ";", "%3B", "=", "%3D", "?", "%3F", "@", "%40", "[", "%5B", "]", "%5D")
+	valueReplacer = strings.NewReplacer(" ", "%20", "!", "%21", "#", "%23", "$", "%24", "%", "%25", "&", "%26", "'", "%27", "(", "%28", ")", "%29", "*", "%2A", "+", "%2B", ",", "%2C", "/", "%2F", ":", "%3A", ";", "%3B", "=", "%3D", "?", "%3F", "@", "%40", "[", "%5B", "]", "%5D", "'", "\\'")
+)
+
+// commentQuery returns the given query with the tags from the SQLCommentCarrier applied to it as a
+// prepended SQL comment. The format of the comment follows the sqlcommenter spec.
+// See https://google.github.io/sqlcommenter/spec/ for more details.
+func commentQuery(query string, tags map[string]string) string {
+	if len(tags) == 0 {
+		return ""
+	}
+	var b strings.Builder
+	// the sqlcommenter specification dictates that tags should be sorted. Since we know all injected keys,
+	// we skip a sorting operation by specifying the order of keys statically
+	orderedKeys := []string{sqlCommentDBService, sqlCommentEnv, sqlCommentParentService, sqlCommentParentVersion, sqlCommentTraceParent}
+	first := true
+	for _, k := range orderedKeys {
+		if v, ok := tags[k]; ok {
+			// we need to URL-encode both keys and values and escape single quotes in values
+			// https://google.github.io/sqlcommenter/spec/
+			key := keyReplacer.Replace(k)
+			val := valueReplacer.Replace(v)
+			if first {
+				b.WriteString("/*")
+			} else {
+				b.WriteRune(',')
+			}
+			b.WriteString(key)
+			b.WriteRune('=')
+			b.WriteRune('\'')
+			b.WriteString(val)
+			b.WriteRune('\'')
+			first = false
+		}
+	}
+	if b.Len() == 0 {
+		return query
+	}
+	b.WriteString("*/")
+	if query == "" {
+		return b.String()
+	}
+	log.Debug("Injected sql comment: %s", b.String())
+	b.WriteRune(' ')
+	b.WriteString(query)
+	return b.String()
+}
+
+// Extract parses for key value attributes in a sql query injected with trace information in order to build a span context
+func (c *SQLCommentCarrier) Extract() (ddtrace.SpanContext, error) {
+	var ctx *spanContext
+	// There may be multiple comments within the sql query, so we must identify which one contains trace information.
+	// We look at each comment until we find one that contains a traceparent
+	if traceComment, found := findTraceComment(c.Query); found {
+		var err error
+		if ctx, err = spanContextFromTraceComment(traceComment); err != nil {
+			return nil, err
+		}
+	} else {
+		return nil, ErrSpanContextNotFound
+	}
+	if ctx.traceID.Empty() || ctx.spanID == 0 {
+		return nil, ErrSpanContextNotFound
+	}
+	return ctx, nil
+}
+
+// spanContextFromTraceComment looks for specific kv pairs in a comment containing trace information.
+// It returns a span context with the appropriate attributes
+func spanContextFromTraceComment(c string) (*spanContext, error) {
+	var ctx spanContext
+	kvs := strings.Split(c, ",")
+	for _, unparsedKV := range kvs {
+		splitKV := strings.Split(unparsedKV, "=")
+		if len(splitKV) != 2 {
+			return nil, ErrSpanContextCorrupted
+		}
+		key := splitKV[0]
+		value := strings.Trim(splitKV[1], "'")
+		switch key {
+		case sqlCommentTraceParent:
+			traceIDLower, traceIDUpper, spanID, sampled, err := decodeTraceParent(value)
+			if err != nil {
+				return nil, err
+			}
+			ctx.traceID.SetLower(traceIDLower)
+			ctx.traceID.SetUpper(traceIDUpper)
+			ctx.spanID = spanID
+			ctx.setSamplingPriority(sampled, samplernames.Unknown)
+		default:
+		}
+	}
+	return &ctx, nil
+}
+
+// decodeTraceParent decodes trace parent as per the w3c trace context spec (https://www.w3.org/TR/trace-context/#version).
+// this also supports decoding traceparents from open telemetry sql comments which are 128 bit
+func decodeTraceParent(traceParent string) (traceIDLower uint64, traceIDUpper uint64, spanID uint64, sampled int, err error) {
+	if len(traceParent) < 55 {
+		return 0, 0, 0, 0, ErrSpanContextCorrupted
+	}
+	version := traceParent[0:2]
+	switch version {
+	case w3cContextVersion:
+		if traceIDUpper, err = strconv.ParseUint(traceParent[3:19], 16, 64); err != nil {
+			return 0, 0, 0, 0, ErrSpanContextCorrupted
+		}
+		if traceIDLower, err = strconv.ParseUint(traceParent[19:35], 16, 64); err != nil {
+			return 0, 0, 0, 0, ErrSpanContextCorrupted
+		}
+		if spanID, err = strconv.ParseUint(traceParent[36:52], 16, 64); err != nil {
+			return 0, 0, 0, 0, ErrSpanContextCorrupted
+		}
+		if sampled, err = strconv.Atoi(traceParent[53:55]); err != nil {
+			return 0, 0, 0, 0, ErrSpanContextCorrupted
+		}
+	default:
+	}
+	return traceIDLower, traceIDUpper, spanID, sampled, err
+}
+
+// findTraceComment looks for a sql comment that contains trace information by looking for the keyword traceparent
+func findTraceComment(query string) (traceComment string, found bool) {
+	startIndex := -1
+	containsTrace := false
+	keyLength := len(sqlCommentTraceParent)
+	qLength := len(query)
+	for i := 0; i < qLength-1; {
+		if query[i] == '/' && query[i+1] == '*' {
+			// look for leading /*
+			startIndex = i
+			i += 2
+			containsTrace = false
+		} else if query[i] == '*' && query[i+1] == '/' {
+			// look for closing */
+			if startIndex == -1 {
+				// malformed comment, it did not have a leading /*
+				return "", false
+			}
+			if !containsTrace {
+				// ignore this comment, it was not a trace comment
+				startIndex = -1
+				i += 2
+			} else {
+				// do not return the query with the leading /* or trailing */
+				return query[startIndex+2 : i], true
+			}
+		} else if !containsTrace && i+keyLength < qLength && query[i:i+keyLength] == sqlCommentTraceParent {
+			// look for occurrence of keyword in the query if not yet found and make sure we don't go out of range
+			containsTrace = true
+			i += keyLength
+		} else {
+			i++
+		}
+	}
+	return "", false
+}
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/stats.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/stats.go
new file mode 100644
index 000000000..720a2a023
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/stats.go
@@ -0,0 +1,351 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016 Datadog, Inc.
+
+//go:generate msgp -unexported -marshal=false -o=stats_msgp.go -tests=false
+
+package tracer
+
+import (
+	"sync"
+	"sync/atomic"
+	"time"
+
+	"gopkg.in/DataDog/dd-trace-go.v1/internal"
+	"gopkg.in/DataDog/dd-trace-go.v1/internal/log"
+
+	"github.com/DataDog/datadog-go/v5/statsd"
+	"github.com/DataDog/sketches-go/ddsketch"
+	"google.golang.org/protobuf/proto"
+)
+
+// aggregableSpan holds necessary information about a span that can be used to
+// aggregate statistics in a bucket.
+type aggregableSpan struct {
+	// key specifies the aggregation key under which this span can be placed into
+	// grouped inside a bucket.
+	key aggregation
+
+	Start, Duration int64
+	Error           int32
+	TopLevel        bool
+}
+
+// defaultStatsBucketSize specifies the default span of time that will be
+// covered in one stats bucket.
+var defaultStatsBucketSize = (10 * time.Second).Nanoseconds()
+
+// concentrator aggregates and stores statistics on incoming spans in time buckets,
+// flushing them occasionally to the underlying transport located in the given
+// tracer config.
+type concentrator struct {
+	// In specifies the channel to be used for feeding data to the concentrator.
+	// In order for In to have a consumer, the concentrator must be started using
+	// a call to Start.
+	In chan *aggregableSpan
+
+	// mu guards below fields
+	mu sync.Mutex
+
+	// buckets maintains a set of buckets, where the map key represents
+	// the starting point in time of that bucket, in nanoseconds.
+	buckets map[int64]*rawBucket
+
+	// stopped reports whether the concentrator is stopped (when non-zero)
+	stopped uint32
+
+	wg           sync.WaitGroup        // waits for any active goroutines
+	bucketSize   int64                 // the size of a bucket in nanoseconds
+	stop         chan struct{}         // closing this channel triggers shutdown
+	cfg          *config               // tracer startup configuration
+	statsdClient internal.StatsdClient // statsd client for sending metrics.
+}
+
+// newConcentrator creates a new concentrator using the given tracer
+// configuration c. It creates buckets of bucketSize nanoseconds duration.
+func newConcentrator(c *config, bucketSize int64) *concentrator {
+	return &concentrator{
+		In:         make(chan *aggregableSpan, 10000),
+		bucketSize: bucketSize,
+		stopped:    1,
+		buckets:    make(map[int64]*rawBucket),
+		cfg:        c,
+	}
+}
+
+// alignTs returns the provided timestamp truncated to the bucket size.
+// It gives us the start time of the time bucket in which such timestamp falls.
+func alignTs(ts, bucketSize int64) int64 { return ts - ts%bucketSize }
+
+// Start starts the concentrator. A started concentrator needs to be stopped
+// in order to gracefully shut down, using Stop.
+func (c *concentrator) Start() {
+	if atomic.SwapUint32(&c.stopped, 0) == 0 {
+		// already running
+		log.Warn("(*concentrator).Start called more than once. This is likely a programming error.")
+		return
+	}
+	c.stop = make(chan struct{})
+	c.wg.Add(1)
+	go func() {
+		defer c.wg.Done()
+		tick := time.NewTicker(time.Duration(c.bucketSize) * time.Nanosecond)
+		defer tick.Stop()
+		c.runFlusher(tick.C)
+	}()
+	c.wg.Add(1)
+	go func() {
+		defer c.wg.Done()
+		c.runIngester()
+	}()
+}
+
+// runFlusher runs the flushing loop which sends stats to the underlying transport.
+func (c *concentrator) runFlusher(tick <-chan time.Time) {
+	for {
+		select {
+		case now := <-tick:
+			c.flushAndSend(now, withoutCurrentBucket)
+		case <-c.stop:
+			return
+		}
+	}
+}
+
+// statsd returns any tracer configured statsd client, or a no-op.
+func (c *concentrator) statsd() internal.StatsdClient {
+	if c.statsdClient == nil {
+		return &statsd.NoOpClient{}
+	}
+	return c.statsdClient
+}
+
+// runIngester runs the loop which accepts incoming data on the concentrator's In
+// channel.
+func (c *concentrator) runIngester() {
+	for {
+		select {
+		case s := <-c.In:
+			c.statsd().Incr("datadog.tracer.stats.spans_in", nil, 1)
+			c.add(s)
+		case <-c.stop:
+			return
+		}
+	}
+}
+
+// add adds s into the concentrator's internal stats buckets.
+func (c *concentrator) add(s *aggregableSpan) {
+	c.mu.Lock()
+	defer c.mu.Unlock()
+
+	btime := alignTs(s.Start+s.Duration, c.bucketSize)
+	b, ok := c.buckets[btime]
+	if !ok {
+		b = newRawBucket(uint64(btime), c.bucketSize)
+		c.buckets[btime] = b
+	}
+	b.handleSpan(s)
+}
+
+// Stop stops the concentrator and blocks until the operation completes.
+func (c *concentrator) Stop() {
+	if atomic.SwapUint32(&c.stopped, 1) > 0 {
+		return
+	}
+	close(c.stop)
+	c.wg.Wait()
+drain:
+	for {
+		select {
+		case s := <-c.In:
+			c.statsd().Incr("datadog.tracer.stats.spans_in", nil, 1)
+			c.add(s)
+		default:
+			break drain
+		}
+	}
+	c.flushAndSend(time.Now(), withCurrentBucket)
+}
+
+const (
+	withCurrentBucket    = true
+	withoutCurrentBucket = false
+)
+
+// flushAndSend flushes all the stats buckets with the given timestamp and sends them using the transport specified in
+// the concentrator config. The current bucket is only included if includeCurrent is true, such as during shutdown.
+func (c *concentrator) flushAndSend(timenow time.Time, includeCurrent bool) {
+	sp := func() statsPayload {
+		c.mu.Lock()
+		defer c.mu.Unlock()
+		now := timenow.UnixNano()
+		sp := statsPayload{
+			Hostname: c.cfg.hostname,
+			Env:      c.cfg.env,
+			Version:  c.cfg.version,
+			Stats:    make([]statsBucket, 0, len(c.buckets)),
+		}
+		for ts, srb := range c.buckets {
+			if !includeCurrent && ts > now-c.bucketSize {
+				// do not flush the current bucket
+				continue
+			}
+			log.Debug("Flushing bucket %d", ts)
+			sp.Stats = append(sp.Stats, srb.Export())
+			delete(c.buckets, ts)
+		}
+		return sp
+	}()
+
+	if len(sp.Stats) == 0 {
+		// nothing to flush
+		return
+	}
+	c.statsd().Incr("datadog.tracer.stats.flush_payloads", nil, 1)
+	c.statsd().Incr("datadog.tracer.stats.flush_buckets", nil, float64(len(sp.Stats)))
+	if err := c.cfg.transport.sendStats(&sp); err != nil {
+		c.statsd().Incr("datadog.tracer.stats.flush_errors", nil, 1)
+		log.Error("Error sending stats payload: %v", err)
+	}
+}
+
+// aggregation specifies a uniquely identifiable key under which a certain set
+// of stats are grouped inside a bucket.
+type aggregation struct {
+	Name       string
+	Type       string
+	Resource   string
+	Service    string
+	StatusCode uint32
+	Synthetics bool
+}
+
+type rawBucket struct {
+	start, duration uint64
+	data            map[aggregation]*rawGroupedStats
+}
+
+func newRawBucket(btime uint64, bsize int64) *rawBucket {
+	return &rawBucket{
+		start:    btime,
+		duration: uint64(bsize),
+		data:     make(map[aggregation]*rawGroupedStats),
+	}
+}
+
+func (sb *rawBucket) handleSpan(s *aggregableSpan) {
+	gs, ok := sb.data[s.key]
+	if !ok {
+		gs = newRawGroupedStats()
+		sb.data[s.key] = gs
+	}
+	if s.TopLevel {
+		gs.topLevelHits++
+	}
+	gs.hits++
+	if s.Error != 0 {
+		gs.errors++
+	}
+	gs.duration += uint64(s.Duration)
+	// alter resolution of duration distro
+	trundur := nsTimestampToFloat(s.Duration)
+	if s.Error != 0 {
+		gs.errDistribution.Add(trundur)
+	} else {
+		gs.okDistribution.Add(trundur)
+	}
+}
+
+// Export transforms a RawBucket into a statsBucket, typically used
+// before communicating data to the API, as RawBucket is the internal
+// type while statsBucket is the public, shared one.
+func (sb *rawBucket) Export() statsBucket {
+	csb := statsBucket{
+		Start:    sb.start,
+		Duration: sb.duration,
+		Stats:    make([]groupedStats, len(sb.data)),
+	}
+	for k, v := range sb.data {
+		b, err := v.export(k)
+		if err != nil {
+			log.Error("Could not export stats bucket: %v.", err)
+			continue
+		}
+		csb.Stats = append(csb.Stats, b)
+	}
+	return csb
+}
+
+type rawGroupedStats struct {
+	hits            uint64
+	topLevelHits    uint64
+	errors          uint64
+	duration        uint64
+	okDistribution  *ddsketch.DDSketch
+	errDistribution *ddsketch.DDSketch
+}
+
+func newRawGroupedStats() *rawGroupedStats {
+	const (
+		// relativeAccuracy is the value accuracy we have on the percentiles. For example, we can
+		// say that p99 is 100ms +- 1ms
+		relativeAccuracy = 0.01
+		// maxNumBins is the maximum number of bins of the ddSketch we use to store percentiles.
+		// It can affect relative accuracy, but in practice, 2048 bins is enough to have 1% relative accuracy from
+		// 80 micro second to 1 year: http://www.vldb.org/pvldb/vol12/p2195-masson.pdf
+		maxNumBins = 2048
+	)
+	okSketch, err := ddsketch.LogCollapsingLowestDenseDDSketch(relativeAccuracy, maxNumBins)
+	if err != nil {
+		log.Error("Error when creating ddsketch: %v", err)
+	}
+	errSketch, err := ddsketch.LogCollapsingLowestDenseDDSketch(relativeAccuracy, maxNumBins)
+	if err != nil {
+		log.Error("Error when creating ddsketch: %v", err)
+	}
+	return &rawGroupedStats{
+		okDistribution:  okSketch,
+		errDistribution: errSketch,
+	}
+}
+
+func (s *rawGroupedStats) export(k aggregation) (groupedStats, error) {
+	msg := s.okDistribution.ToProto()
+	okSummary, err := proto.Marshal(msg)
+	if err != nil {
+		return groupedStats{}, err
+	}
+	msg = s.errDistribution.ToProto()
+	errSummary, err := proto.Marshal(msg)
+	if err != nil {
+		return groupedStats{}, err
+	}
+	return groupedStats{
+		Service:        k.Service,
+		Name:           k.Name,
+		Resource:       k.Resource,
+		HTTPStatusCode: k.StatusCode,
+		Type:           k.Type,
+		Hits:           s.hits,
+		Errors:         s.errors,
+		Duration:       s.duration,
+		TopLevelHits:   s.topLevelHits,
+		OkSummary:      okSummary,
+		ErrorSummary:   errSummary,
+		Synthetics:     k.Synthetics,
+	}, nil
+}
+
+// nsTimestampToFloat converts a nanosec timestamp into a float nanosecond timestamp truncated to a fixed precision
+func nsTimestampToFloat(ns int64) float64 {
+	// 10 bits precision (any value will be +/- 1/1024)
+	const roundMask int64 = 1 << 10
+	var shift uint
+	for ns > roundMask {
+		ns = ns >> 1
+		shift++
+	}
+	return float64(ns << shift)
+}
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/stats_payload.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/stats_payload.go
new file mode 100644
index 000000000..35a68b46b
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/stats_payload.go
@@ -0,0 +1,56 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016 Datadog, Inc.
+
+//go:generate msgp -unexported -marshal=false -o=stats_payload_msgp.go -tests=false
+
+package tracer
+
+// statsPayload specifies information about client computed stats and is encoded
+// to be sent to the agent.
+type statsPayload struct {
+	// Hostname specifies the hostname of the application.
+	Hostname string
+
+	// Env specifies the env. of the application, as defined by the user.
+	Env string
+
+	// Version specifies the application version.
+	Version string
+
+	// Stats holds all stats buckets computed within this payload.
+	Stats []statsBucket
+}
+
+// statsBucket specifies a set of stats computed over a duration.
+type statsBucket struct {
+	// Start specifies the beginning of this bucket.
+	Start uint64
+
+	// Duration specifies the duration of this bucket.
+	Duration uint64
+
+	// Stats contains a set of statistics computed for the duration of this bucket.
+	Stats []groupedStats
+}
+
+// groupedStats contains a set of statistics grouped under various aggregation keys.
+type groupedStats struct {
+	// These fields indicate the properties under which the stats were aggregated.
+	Service        string `json:"service,omitempty"`
+	Name           string `json:"name,omitempty"`
+	Resource       string `json:"resource,omitempty"`
+	HTTPStatusCode uint32 `json:"HTTP_status_code,omitempty"`
+	Type           string `json:"type,omitempty"`
+	DBType         string `json:"DB_type,omitempty"`
+
+	// These fields specify the stats for the above aggregation.
+	Hits         uint64 `json:"hits,omitempty"`
+	Errors       uint64 `json:"errors,omitempty"`
+	Duration     uint64 `json:"duration,omitempty"`
+	OkSummary    []byte `json:"okSummary,omitempty"`
+	ErrorSummary []byte `json:"errorSummary,omitempty"`
+	Synthetics   bool   `json:"synthetics,omitempty"`
+	TopLevelHits uint64 `json:"topLevelHits,omitempty"`
+}
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/stats_payload_msgp.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/stats_payload_msgp.go
new file mode 100644
index 000000000..7d15d036e
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/stats_payload_msgp.go
@@ -0,0 +1,450 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016 Datadog, Inc.
+
+package tracer
+
+// NOTE: THIS FILE WAS PRODUCED BY THE
+// MSGP CODE GENERATION TOOL (github.com/tinylib/msgp)
+// DO NOT EDIT
+
+import (
+	"github.com/tinylib/msgp/msgp"
+)
+
+// DecodeMsg implements msgp.Decodable
+func (z *groupedStats) DecodeMsg(dc *msgp.Reader) (err error) {
+	var field []byte
+	_ = field
+	var zb0001 uint32
+	zb0001, err = dc.ReadMapHeader()
+	if err != nil {
+		return
+	}
+	for zb0001 > 0 {
+		zb0001--
+		field, err = dc.ReadMapKeyPtr()
+		if err != nil {
+			return
+		}
+		switch msgp.UnsafeString(field) {
+		case "Service":
+			z.Service, err = dc.ReadString()
+			if err != nil {
+				return
+			}
+		case "Name":
+			z.Name, err = dc.ReadString()
+			if err != nil {
+				return
+			}
+		case "Resource":
+			z.Resource, err = dc.ReadString()
+			if err != nil {
+				return
+			}
+		case "HTTPStatusCode":
+			z.HTTPStatusCode, err = dc.ReadUint32()
+			if err != nil {
+				return
+			}
+		case "Type":
+			z.Type, err = dc.ReadString()
+			if err != nil {
+				return
+			}
+		case "DBType":
+			z.DBType, err = dc.ReadString()
+			if err != nil {
+				return
+			}
+		case "Hits":
+			z.Hits, err = dc.ReadUint64()
+			if err != nil {
+				return
+			}
+		case "Errors":
+			z.Errors, err = dc.ReadUint64()
+			if err != nil {
+				return
+			}
+		case "Duration":
+			z.Duration, err = dc.ReadUint64()
+			if err != nil {
+				return
+			}
+		case "OkSummary":
+			z.OkSummary, err = dc.ReadBytes(z.OkSummary)
+			if err != nil {
+				return
+			}
+		case "ErrorSummary":
+			z.ErrorSummary, err = dc.ReadBytes(z.ErrorSummary)
+			if err != nil {
+				return
+			}
+		case "Synthetics":
+			z.Synthetics, err = dc.ReadBool()
+			if err != nil {
+				return
+			}
+		case "TopLevelHits":
+			z.TopLevelHits, err = dc.ReadUint64()
+			if err != nil {
+				return
+			}
+		default:
+			err = dc.Skip()
+			if err != nil {
+				return
+			}
+		}
+	}
+	return
+}
+
+// EncodeMsg implements msgp.Encodable
+func (z *groupedStats) EncodeMsg(en *msgp.Writer) (err error) {
+	// map header, size 13
+	// write "Service"
+	err = en.Append(0x8d, 0xa7, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65)
+	if err != nil {
+		return
+	}
+	err = en.WriteString(z.Service)
+	if err != nil {
+		return
+	}
+	// write "Name"
+	err = en.Append(0xa4, 0x4e, 0x61, 0x6d, 0x65)
+	if err != nil {
+		return
+	}
+	err = en.WriteString(z.Name)
+	if err != nil {
+		return
+	}
+	// write "Resource"
+	err = en.Append(0xa8, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65)
+	if err != nil {
+		return
+	}
+	err = en.WriteString(z.Resource)
+	if err != nil {
+		return
+	}
+	// write "HTTPStatusCode"
+	err = en.Append(0xae, 0x48, 0x54, 0x54, 0x50, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x43, 0x6f, 0x64, 0x65)
+	if err != nil {
+		return
+	}
+	err = en.WriteUint32(z.HTTPStatusCode)
+	if err != nil {
+		return
+	}
+	// write "Type"
+	err = en.Append(0xa4, 0x54, 0x79, 0x70, 0x65)
+	if err != nil {
+		return
+	}
+	err = en.WriteString(z.Type)
+	if err != nil {
+		return
+	}
+	// write "DBType"
+	err = en.Append(0xa6, 0x44, 0x42, 0x54, 0x79, 0x70, 0x65)
+	if err != nil {
+		return
+	}
+	err = en.WriteString(z.DBType)
+	if err != nil {
+		return
+	}
+	// write "Hits"
+	err = en.Append(0xa4, 0x48, 0x69, 0x74, 0x73)
+	if err != nil {
+		return
+	}
+	err = en.WriteUint64(z.Hits)
+	if err != nil {
+		return
+	}
+	// write "Errors"
+	err = en.Append(0xa6, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x73)
+	if err != nil {
+		return
+	}
+	err = en.WriteUint64(z.Errors)
+	if err != nil {
+		return
+	}
+	// write "Duration"
+	err = en.Append(0xa8, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e)
+	if err != nil {
+		return
+	}
+	err = en.WriteUint64(z.Duration)
+	if err != nil {
+		return
+	}
+	// write "OkSummary"
+	err = en.Append(0xa9, 0x4f, 0x6b, 0x53, 0x75, 0x6d, 0x6d, 0x61, 0x72, 0x79)
+	if err != nil {
+		return
+	}
+	err = en.WriteBytes(z.OkSummary)
+	if err != nil {
+		return
+	}
+	// write "ErrorSummary"
+	err = en.Append(0xac, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x53, 0x75, 0x6d, 0x6d, 0x61, 0x72, 0x79)
+	if err != nil {
+		return
+	}
+	err = en.WriteBytes(z.ErrorSummary)
+	if err != nil {
+		return
+	}
+	// write "Synthetics"
+	err = en.Append(0xaa, 0x53, 0x79, 0x6e, 0x74, 0x68, 0x65, 0x74, 0x69, 0x63, 0x73)
+	if err != nil {
+		return
+	}
+	err = en.WriteBool(z.Synthetics)
+	if err != nil {
+		return
+	}
+	// write "TopLevelHits"
+	err = en.Append(0xac, 0x54, 0x6f, 0x70, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x48, 0x69, 0x74, 0x73)
+	if err != nil {
+		return
+	}
+	err = en.WriteUint64(z.TopLevelHits)
+	if err != nil {
+		return
+	}
+	return
+}
+
+// Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message
+func (z *groupedStats) Msgsize() (s int) {
+	s = 1 + 8 + msgp.StringPrefixSize + len(z.Service) + 5 + msgp.StringPrefixSize + len(z.Name) + 9 + msgp.StringPrefixSize + len(z.Resource) + 15 + msgp.Uint32Size + 5 + msgp.StringPrefixSize + len(z.Type) + 7 + msgp.StringPrefixSize + len(z.DBType) + 5 + msgp.Uint64Size + 7 + msgp.Uint64Size + 9 + msgp.Uint64Size + 10 + msgp.BytesPrefixSize + len(z.OkSummary) + 13 + msgp.BytesPrefixSize + len(z.ErrorSummary) + 11 + msgp.BoolSize + 13 + msgp.Uint64Size
+	return
+}
+
+// DecodeMsg implements msgp.Decodable
+func (z *statsBucket) DecodeMsg(dc *msgp.Reader) (err error) {
+	var field []byte
+	_ = field
+	var zb0001 uint32
+	zb0001, err = dc.ReadMapHeader()
+	if err != nil {
+		return
+	}
+	for zb0001 > 0 {
+		zb0001--
+		field, err = dc.ReadMapKeyPtr()
+		if err != nil {
+			return
+		}
+		switch msgp.UnsafeString(field) {
+		case "Start":
+			z.Start, err = dc.ReadUint64()
+			if err != nil {
+				return
+			}
+		case "Duration":
+			z.Duration, err = dc.ReadUint64()
+			if err != nil {
+				return
+			}
+		case "Stats":
+			var zb0002 uint32
+			zb0002, err = dc.ReadArrayHeader()
+			if err != nil {
+				return
+			}
+			if cap(z.Stats) >= int(zb0002) {
+				z.Stats = (z.Stats)[:zb0002]
+			} else {
+				z.Stats = make([]groupedStats, zb0002)
+			}
+			for za0001 := range z.Stats {
+				err = z.Stats[za0001].DecodeMsg(dc)
+				if err != nil {
+					return
+				}
+			}
+		default:
+			err = dc.Skip()
+			if err != nil {
+				return
+			}
+		}
+	}
+	return
+}
+
+// EncodeMsg implements msgp.Encodable
+func (z *statsBucket) EncodeMsg(en *msgp.Writer) (err error) {
+	// map header, size 3
+	// write "Start"
+	err = en.Append(0x83, 0xa5, 0x53, 0x74, 0x61, 0x72, 0x74)
+	if err != nil {
+		return
+	}
+	err = en.WriteUint64(z.Start)
+	if err != nil {
+		return
+	}
+	// write "Duration"
+	err = en.Append(0xa8, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e)
+	if err != nil {
+		return
+	}
+	err = en.WriteUint64(z.Duration)
+	if err != nil {
+		return
+	}
+	// write "Stats"
+	err = en.Append(0xa5, 0x53, 0x74, 0x61, 0x74, 0x73)
+	if err != nil {
+		return
+	}
+	err = en.WriteArrayHeader(uint32(len(z.Stats)))
+	if err != nil {
+		return
+	}
+	for za0001 := range z.Stats {
+		err = z.Stats[za0001].EncodeMsg(en)
+		if err != nil {
+			return
+		}
+	}
+	return
+}
+
+// Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message
+func (z *statsBucket) Msgsize() (s int) {
+	s = 1 + 6 + msgp.Uint64Size + 9 + msgp.Uint64Size + 6 + msgp.ArrayHeaderSize
+	for za0001 := range z.Stats {
+		s += z.Stats[za0001].Msgsize()
+	}
+	return
+}
+
+// DecodeMsg implements msgp.Decodable
+func (z *statsPayload) DecodeMsg(dc *msgp.Reader) (err error) {
+	var field []byte
+	_ = field
+	var zb0001 uint32
+	zb0001, err = dc.ReadMapHeader()
+	if err != nil {
+		return
+	}
+	for zb0001 > 0 {
+		zb0001--
+		field, err = dc.ReadMapKeyPtr()
+		if err != nil {
+			return
+		}
+		switch msgp.UnsafeString(field) {
+		case "Hostname":
+			z.Hostname, err = dc.ReadString()
+			if err != nil {
+				return
+			}
+		case "Env":
+			z.Env, err = dc.ReadString()
+			if err != nil {
+				return
+			}
+		case "Version":
+			z.Version, err = dc.ReadString()
+			if err != nil {
+				return
+			}
+		case "Stats":
+			var zb0002 uint32
+			zb0002, err = dc.ReadArrayHeader()
+			if err != nil {
+				return
+			}
+			if cap(z.Stats) >= int(zb0002) {
+				z.Stats = (z.Stats)[:zb0002]
+			} else {
+				z.Stats = make([]statsBucket, zb0002)
+			}
+			for za0001 := range z.Stats {
+				err = z.Stats[za0001].DecodeMsg(dc)
+				if err != nil {
+					return
+				}
+			}
+		default:
+			err = dc.Skip()
+			if err != nil {
+				return
+			}
+		}
+	}
+	return
+}
+
+// EncodeMsg implements msgp.Encodable
+func (z *statsPayload) EncodeMsg(en *msgp.Writer) (err error) {
+	// map header, size 4
+	// write "Hostname"
+	err = en.Append(0x84, 0xa8, 0x48, 0x6f, 0x73, 0x74, 0x6e, 0x61, 0x6d, 0x65)
+	if err != nil {
+		return
+	}
+	err = en.WriteString(z.Hostname)
+	if err != nil {
+		return
+	}
+	// write "Env"
+	err = en.Append(0xa3, 0x45, 0x6e, 0x76)
+	if err != nil {
+		return
+	}
+	err = en.WriteString(z.Env)
+	if err != nil {
+		return
+	}
+	// write "Version"
+	err = en.Append(0xa7, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e)
+	if err != nil {
+		return
+	}
+	err = en.WriteString(z.Version)
+	if err != nil {
+		return
+	}
+	// write "Stats"
+	err = en.Append(0xa5, 0x53, 0x74, 0x61, 0x74, 0x73)
+	if err != nil {
+		return
+	}
+	err = en.WriteArrayHeader(uint32(len(z.Stats)))
+	if err != nil {
+		return
+	}
+	for za0001 := range z.Stats {
+		err = z.Stats[za0001].EncodeMsg(en)
+		if err != nil {
+			return
+		}
+	}
+	return
+}
+
+// Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message
+func (z *statsPayload) Msgsize() (s int) {
+	s = 1 + 9 + msgp.StringPrefixSize + len(z.Hostname) + 4 + msgp.StringPrefixSize + len(z.Env) + 8 + msgp.StringPrefixSize + len(z.Version) + 6 + msgp.ArrayHeaderSize
+	for za0001 := range z.Stats {
+		s += z.Stats[za0001].Msgsize()
+	}
+	return
+}
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/telemetry.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/telemetry.go
new file mode 100644
index 000000000..927cff9ff
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/telemetry.go
@@ -0,0 +1,101 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016 Datadog, Inc.
+
+package tracer
+
+import (
+	"fmt"
+	"strings"
+
+	"gopkg.in/DataDog/dd-trace-go.v1/internal/telemetry"
+)
+
+// startTelemetry starts the global instrumentation telemetry client with tracer data
+// unless instrumentation telemetry is disabled via the DD_INSTRUMENTATION_TELEMETRY_ENABLED
+// env var.
+// If the telemetry client has already been started by the profiler, then
+// an app-product-change event is sent with appsec information and an app-client-configuration-change
+// event is sent with tracer config data.
+// Note that the tracer is not considered as a standalone product by telemetry so we cannot send
+// an app-product-change event for the tracer.
+func startTelemetry(c *config) {
+	if telemetry.Disabled() {
+		// Do not do extra work populating config data if instrumentation telemetry is disabled.
+		return
+	}
+	telemetry.GlobalClient.ApplyOps(
+		telemetry.WithService(c.serviceName),
+		telemetry.WithEnv(c.env),
+		telemetry.WithHTTPClient(c.httpClient),
+		// c.logToStdout is true if serverless is turned on
+		telemetry.WithURL(c.logToStdout, c.agentURL.String()),
+		telemetry.WithVersion(c.version),
+	)
+	telemetryConfigs := []telemetry.Configuration{
+		{Name: "trace_debug_enabled", Value: c.debug},
+		{Name: "agent_feature_drop_p0s", Value: c.agent.DropP0s},
+		{Name: "stats_computation_enabled", Value: c.canComputeStats()},
+		{Name: "dogstatsd_port", Value: c.agent.StatsdPort},
+		{Name: "lambda_mode", Value: c.logToStdout},
+		{Name: "send_retries", Value: c.sendRetries},
+		{Name: "trace_startup_logs_enabled", Value: c.logStartup},
+		{Name: "service", Value: c.serviceName},
+		{Name: "universal_version", Value: c.universalVersion},
+		{Name: "env", Value: c.env},
+		{Name: "agent_url", Value: c.agentURL.String()},
+		{Name: "agent_hostname", Value: c.hostname},
+		{Name: "runtime_metrics_enabled", Value: c.runtimeMetrics},
+		{Name: "dogstatsd_addr", Value: c.dogstatsdAddr},
+		{Name: "trace_debug_enabled", Value: !c.noDebugStack},
+		{Name: "profiling_hotspots_enabled", Value: c.profilerHotspots},
+		{Name: "profiling_endpoints_enabled", Value: c.profilerEndpoints},
+		{Name: "trace_enabled", Value: c.enabled},
+		{Name: "trace_span_attribute_schema", Value: c.spanAttributeSchemaVersion},
+		{Name: "trace_peer_service_defaults_enabled", Value: c.peerServiceDefaultsEnabled},
+		{Name: "orchestrion_enabled", Value: c.orchestrionCfg.Enabled},
+	}
+	var peerServiceMapping []string
+	for key, value := range c.peerServiceMappings {
+		peerServiceMapping = append(peerServiceMapping, fmt.Sprintf("%s:%s", key, value))
+	}
+	telemetryConfigs = append(telemetryConfigs,
+		telemetry.Configuration{Name: "trace_peer_service_mapping", Value: strings.Join(peerServiceMapping, ",")})
+
+	if chained, ok := c.propagator.(*chainedPropagator); ok {
+		telemetryConfigs = append(telemetryConfigs,
+			telemetry.Configuration{Name: "trace_propagation_style_inject", Value: chained.injectorNames})
+		telemetryConfigs = append(telemetryConfigs,
+			telemetry.Configuration{Name: "trace_propagation_style_extract", Value: chained.extractorsNames})
+	}
+	for k, v := range c.featureFlags {
+		telemetryConfigs = append(telemetryConfigs, telemetry.Configuration{Name: k, Value: v})
+	}
+	for k, v := range c.serviceMappings {
+		telemetryConfigs = append(telemetryConfigs, telemetry.Configuration{Name: "service_mapping_" + k, Value: v})
+	}
+	for k, v := range c.globalTags {
+		telemetryConfigs = append(telemetryConfigs, telemetry.Configuration{Name: "global_tag_" + k, Value: v})
+	}
+	rules := append(c.spanRules, c.traceRules...)
+	for _, rule := range rules {
+		var service string
+		var name string
+		if rule.Service != nil {
+			service = rule.Service.String()
+		}
+		if rule.Name != nil {
+			name = rule.Name.String()
+		}
+		telemetryConfigs = append(telemetryConfigs,
+			telemetry.Configuration{Name: fmt.Sprintf("sr_%s_(%s)_(%s)", rule.ruleType.String(), service, name),
+				Value: fmt.Sprintf("rate:%f_maxPerSecond:%f", rule.Rate, rule.MaxPerSecond)})
+	}
+	if c.orchestrionCfg.Enabled {
+		for k, v := range c.orchestrionCfg.Metadata {
+			telemetryConfigs = append(telemetryConfigs, telemetry.Configuration{Name: "orchestrion_" + k, Value: v})
+		}
+	}
+	telemetry.GlobalClient.ProductStart(telemetry.NamespaceTracers, telemetryConfigs)
+}
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/textmap.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/textmap.go
new file mode 100644
index 000000000..c4a736275
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/textmap.go
@@ -0,0 +1,1037 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016 Datadog, Inc.
+
+package tracer
+
+import (
+	"fmt"
+	"net/http"
+	"os"
+	"regexp"
+	"strconv"
+	"strings"
+
+	"gopkg.in/DataDog/dd-trace-go.v1/ddtrace"
+	"gopkg.in/DataDog/dd-trace-go.v1/ddtrace/ext"
+	"gopkg.in/DataDog/dd-trace-go.v1/internal/log"
+	"gopkg.in/DataDog/dd-trace-go.v1/internal/samplernames"
+)
+
+// HTTPHeadersCarrier wraps an http.Header as a TextMapWriter and TextMapReader, allowing
+// it to be used using the provided Propagator implementation.
+type HTTPHeadersCarrier http.Header
+
+var _ TextMapWriter = (*HTTPHeadersCarrier)(nil)
+var _ TextMapReader = (*HTTPHeadersCarrier)(nil)
+
+// Set implements TextMapWriter.
+func (c HTTPHeadersCarrier) Set(key, val string) {
+	http.Header(c).Set(key, val)
+}
+
+// ForeachKey implements TextMapReader.
+func (c HTTPHeadersCarrier) ForeachKey(handler func(key, val string) error) error {
+	for k, vals := range c {
+		for _, v := range vals {
+			if err := handler(k, v); err != nil {
+				return err
+			}
+		}
+	}
+	return nil
+}
+
+// TextMapCarrier allows the use of a regular map[string]string as both TextMapWriter
+// and TextMapReader, making it compatible with the provided Propagator.
+type TextMapCarrier map[string]string
+
+var _ TextMapWriter = (*TextMapCarrier)(nil)
+var _ TextMapReader = (*TextMapCarrier)(nil)
+
+// Set implements TextMapWriter.
+func (c TextMapCarrier) Set(key, val string) {
+	c[key] = val
+}
+
+// ForeachKey conforms to the TextMapReader interface.
+func (c TextMapCarrier) ForeachKey(handler func(key, val string) error) error {
+	for k, v := range c {
+		if err := handler(k, v); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+const (
+	headerPropagationStyleInject  = "DD_TRACE_PROPAGATION_STYLE_INJECT"
+	headerPropagationStyleExtract = "DD_TRACE_PROPAGATION_STYLE_EXTRACT"
+	headerPropagationStyle        = "DD_TRACE_PROPAGATION_STYLE"
+
+	headerPropagationStyleInjectDeprecated  = "DD_PROPAGATION_STYLE_INJECT"  // deprecated
+	headerPropagationStyleExtractDeprecated = "DD_PROPAGATION_STYLE_EXTRACT" // deprecated
+)
+
+const (
+	// DefaultBaggageHeaderPrefix specifies the prefix that will be used in
+	// HTTP headers or text maps to prefix baggage keys.
+	DefaultBaggageHeaderPrefix = "ot-baggage-"
+
+	// DefaultTraceIDHeader specifies the key that will be used in HTTP headers
+	// or text maps to store the trace ID.
+	DefaultTraceIDHeader = "x-datadog-trace-id"
+
+	// DefaultParentIDHeader specifies the key that will be used in HTTP headers
+	// or text maps to store the parent ID.
+	DefaultParentIDHeader = "x-datadog-parent-id"
+
+	// DefaultPriorityHeader specifies the key that will be used in HTTP headers
+	// or text maps to store the sampling priority value.
+	DefaultPriorityHeader = "x-datadog-sampling-priority"
+)
+
+// originHeader specifies the name of the header indicating the origin of the trace.
+// It is used with the Synthetics product and usually has the value "synthetics".
+const originHeader = "x-datadog-origin"
+
+// traceTagsHeader holds the propagated trace tags
+const traceTagsHeader = "x-datadog-tags"
+
+// propagationExtractMaxSize limits the total size of incoming propagated tags to parse
+const propagationExtractMaxSize = 512
+
+// PropagatorConfig defines the configuration for initializing a propagator.
+type PropagatorConfig struct {
+	// BaggagePrefix specifies the prefix that will be used to store baggage
+	// items in a map. It defaults to DefaultBaggageHeaderPrefix.
+	BaggagePrefix string
+
+	// TraceHeader specifies the map key that will be used to store the trace ID.
+	// It defaults to DefaultTraceIDHeader.
+	TraceHeader string
+
+	// ParentHeader specifies the map key that will be used to store the parent ID.
+	// It defaults to DefaultParentIDHeader.
+	ParentHeader string
+
+	// PriorityHeader specifies the map key that will be used to store the sampling priority.
+	// It defaults to DefaultPriorityHeader.
+	PriorityHeader string
+
+	// MaxTagsHeaderLen specifies the maximum length of trace tags header value.
+	// It defaults to defaultMaxTagsHeaderLen, a value of 0 disables propagation of tags.
+	MaxTagsHeaderLen int
+
+	// B3 specifies if B3 headers should be added for trace propagation.
+	// See https://github.com/openzipkin/b3-propagation
+	B3 bool
+}
+
+// NewPropagator returns a new propagator which uses TextMap to inject
+// and extract values. It propagates trace and span IDs and baggage.
+// To use the defaults, nil may be provided in place of the config.
+//
+// The inject and extract propagators are determined using environment variables
+// with the following order of precedence:
+//  1. DD_TRACE_PROPAGATION_STYLE_INJECT
+//  2. DD_PROPAGATION_STYLE_INJECT (deprecated)
+//  3. DD_TRACE_PROPAGATION_STYLE (applies to both inject and extract)
+//  4. If none of the above, use default values
+func NewPropagator(cfg *PropagatorConfig, propagators ...Propagator) Propagator {
+	if cfg == nil {
+		cfg = new(PropagatorConfig)
+	}
+	if cfg.BaggagePrefix == "" {
+		cfg.BaggagePrefix = DefaultBaggageHeaderPrefix
+	}
+	if cfg.TraceHeader == "" {
+		cfg.TraceHeader = DefaultTraceIDHeader
+	}
+	if cfg.ParentHeader == "" {
+		cfg.ParentHeader = DefaultParentIDHeader
+	}
+	if cfg.PriorityHeader == "" {
+		cfg.PriorityHeader = DefaultPriorityHeader
+	}
+	if len(propagators) > 0 {
+		return &chainedPropagator{
+			injectors:  propagators,
+			extractors: propagators,
+		}
+	}
+	injectorsPs := os.Getenv(headerPropagationStyleInject)
+	if injectorsPs == "" {
+		if injectorsPs = os.Getenv(headerPropagationStyleInjectDeprecated); injectorsPs != "" {
+			log.Warn("%v is deprecated. Please use %v or %v instead.\n", headerPropagationStyleInjectDeprecated, headerPropagationStyleInject, headerPropagationStyle)
+		}
+	}
+	extractorsPs := os.Getenv(headerPropagationStyleExtract)
+	if extractorsPs == "" {
+		if extractorsPs = os.Getenv(headerPropagationStyleExtractDeprecated); extractorsPs != "" {
+			log.Warn("%v is deprecated. Please use %v or %v instead.\n", headerPropagationStyleExtractDeprecated, headerPropagationStyleExtract, headerPropagationStyle)
+		}
+	}
+	injectors, injectorNames := getPropagators(cfg, injectorsPs)
+	extractors, extractorsNames := getPropagators(cfg, extractorsPs)
+	return &chainedPropagator{
+		injectors,
+		extractors,
+		injectorNames,
+		extractorsNames,
+	}
+}
+
+// chainedPropagator implements Propagator and applies a list of injectors and extractors.
+// When injecting, all injectors are called to propagate the span context.
+// When extracting, it tries each extractor, selecting the first successful one.
+type chainedPropagator struct {
+	injectors       []Propagator
+	extractors      []Propagator
+	injectorNames   string
+	extractorsNames string
+}
+
+// getPropagators returns a list of propagators based on ps, which is a comma seperated
+// list of propagators. If the list doesn't contain any valid values, the
+// default propagator will be returned. Any invalid values in the list will log
+// a warning and be ignored.
+func getPropagators(cfg *PropagatorConfig, ps string) ([]Propagator, string) {
+	dd := &propagator{cfg}
+	defaultPs := []Propagator{&propagatorW3c{}, dd}
+	defaultPsName := "tracecontext,datadog"
+	if cfg.B3 {
+		defaultPs = append(defaultPs, &propagatorB3{})
+		defaultPsName += ",b3"
+	}
+	if ps == "" {
+		if prop := os.Getenv(headerPropagationStyle); prop != "" {
+			ps = prop // use the generic DD_TRACE_PROPAGATION_STYLE if set
+		} else {
+			return defaultPs, defaultPsName // no env set, so use default from configuration
+		}
+	}
+	ps = strings.ToLower(ps)
+	if ps == "none" {
+		return nil, ""
+	}
+	var list []Propagator
+	var listNames []string
+	if cfg.B3 {
+		list = append(list, &propagatorB3{})
+		listNames = append(listNames, "b3")
+	}
+	for _, v := range strings.Split(ps, ",") {
+		switch v := strings.ToLower(v); v {
+		case "datadog":
+			list = append(list, dd)
+			listNames = append(listNames, v)
+		case "tracecontext":
+			list = append([]Propagator{&propagatorW3c{}}, list...)
+			listNames = append(listNames, v)
+		case "b3", "b3multi":
+			if !cfg.B3 {
+				// propagatorB3 hasn't already been added, add a new one.
+				list = append(list, &propagatorB3{})
+				listNames = append(listNames, v)
+			}
+		case "b3 single header":
+			list = append(list, &propagatorB3SingleHeader{})
+			listNames = append(listNames, v)
+		case "none":
+			log.Warn("Propagator \"none\" has no effect when combined with other propagators. " +
+				"To disable the propagator, set to `none`")
+		default:
+			log.Warn("unrecognized propagator: %s\n", v)
+		}
+	}
+	if len(list) == 0 {
+		return defaultPs, defaultPsName // no valid propagators, so return default
+	}
+	return list, strings.Join(listNames, ",")
+}
+
+// Inject defines the Propagator to propagate SpanContext data
+// out of the current process. The implementation propagates the
+// TraceID and the current active SpanID, as well as the Span baggage.
+func (p *chainedPropagator) Inject(spanCtx ddtrace.SpanContext, carrier interface{}) error {
+	for _, v := range p.injectors {
+		err := v.Inject(spanCtx, carrier)
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+// Extract implements Propagator.
+func (p *chainedPropagator) Extract(carrier interface{}) (ddtrace.SpanContext, error) {
+	for _, v := range p.extractors {
+		ctx, err := v.Extract(carrier)
+		if ctx != nil {
+			// first extractor returns
+			log.Debug("Extracted span context: %#v", ctx)
+			return ctx, nil
+		}
+		if err == ErrSpanContextNotFound {
+			continue
+		}
+		return nil, err
+	}
+	return nil, ErrSpanContextNotFound
+}
+
+// propagator implements Propagator and injects/extracts span contexts
+// using datadog headers. Only TextMap carriers are supported.
+type propagator struct {
+	cfg *PropagatorConfig
+}
+
+func (p *propagator) Inject(spanCtx ddtrace.SpanContext, carrier interface{}) error {
+	switch c := carrier.(type) {
+	case TextMapWriter:
+		return p.injectTextMap(spanCtx, c)
+	default:
+		return ErrInvalidCarrier
+	}
+}
+
+func (p *propagator) injectTextMap(spanCtx ddtrace.SpanContext, writer TextMapWriter) error {
+	ctx, ok := spanCtx.(*spanContext)
+	if !ok || ctx.traceID.Empty() || ctx.spanID == 0 {
+		return ErrInvalidSpanContext
+	}
+	// propagate the TraceID and the current active SpanID
+	if ctx.traceID.HasUpper() {
+		setPropagatingTag(ctx, keyTraceID128, ctx.traceID.UpperHex())
+	} else if ctx.trace != nil {
+		ctx.trace.unsetPropagatingTag(keyTraceID128)
+	}
+	writer.Set(p.cfg.TraceHeader, strconv.FormatUint(ctx.traceID.Lower(), 10))
+	writer.Set(p.cfg.ParentHeader, strconv.FormatUint(ctx.spanID, 10))
+	if sp, ok := ctx.samplingPriority(); ok {
+		writer.Set(p.cfg.PriorityHeader, strconv.Itoa(sp))
+	}
+	if ctx.origin != "" {
+		writer.Set(originHeader, ctx.origin)
+	}
+	// propagate OpenTracing baggage
+	for k, v := range ctx.baggage {
+		writer.Set(p.cfg.BaggagePrefix+k, v)
+	}
+	if p.cfg.MaxTagsHeaderLen <= 0 {
+		return nil
+	}
+	if s := p.marshalPropagatingTags(ctx); len(s) > 0 {
+		writer.Set(traceTagsHeader, s)
+	}
+	return nil
+}
+
+// marshalPropagatingTags marshals all propagating tags included in ctx to a comma separated string
+func (p *propagator) marshalPropagatingTags(ctx *spanContext) string {
+	var sb strings.Builder
+	if ctx.trace == nil {
+		return ""
+	}
+
+	var properr string
+	ctx.trace.iteratePropagatingTags(func(k, v string) bool {
+		if k == tracestateHeader || k == traceparentHeader {
+			return true // don't propagate W3C headers with the DD propagator
+		}
+		if err := isValidPropagatableTag(k, v); err != nil {
+			log.Warn("Won't propagate tag '%s': %v", k, err.Error())
+			properr = "encoding_error"
+			return true
+		}
+		if sb.Len()+len(k)+len(v) > p.cfg.MaxTagsHeaderLen {
+			sb.Reset()
+			log.Warn("Won't propagate tag: maximum trace tags header len (%d) reached.", p.cfg.MaxTagsHeaderLen)
+			properr = "inject_max_size"
+			return false
+		}
+		if sb.Len() > 0 {
+			sb.WriteByte(',')
+		}
+		sb.WriteString(k)
+		sb.WriteByte('=')
+		sb.WriteString(v)
+		return true
+	})
+	if properr != "" {
+		ctx.trace.setTag(keyPropagationError, properr)
+	}
+	return sb.String()
+}
+
+func (p *propagator) Extract(carrier interface{}) (ddtrace.SpanContext, error) {
+	switch c := carrier.(type) {
+	case TextMapReader:
+		return p.extractTextMap(c)
+	default:
+		return nil, ErrInvalidCarrier
+	}
+}
+
+func (p *propagator) extractTextMap(reader TextMapReader) (ddtrace.SpanContext, error) {
+	var ctx spanContext
+	err := reader.ForeachKey(func(k, v string) error {
+		var err error
+		key := strings.ToLower(k)
+		switch key {
+		case p.cfg.TraceHeader:
+			var lowerTid uint64
+			lowerTid, err = parseUint64(v)
+			if err != nil {
+				return ErrSpanContextCorrupted
+			}
+			ctx.traceID.SetLower(lowerTid)
+		case p.cfg.ParentHeader:
+			ctx.spanID, err = parseUint64(v)
+			if err != nil {
+				return ErrSpanContextCorrupted
+			}
+		case p.cfg.PriorityHeader:
+			priority, err := strconv.Atoi(v)
+			if err != nil {
+				return ErrSpanContextCorrupted
+			}
+			ctx.setSamplingPriority(priority, samplernames.Unknown)
+		case originHeader:
+			ctx.origin = v
+		case traceTagsHeader:
+			unmarshalPropagatingTags(&ctx, v)
+		default:
+			if strings.HasPrefix(key, p.cfg.BaggagePrefix) {
+				ctx.setBaggageItem(strings.TrimPrefix(key, p.cfg.BaggagePrefix), v)
+			}
+		}
+		return nil
+	})
+	if err != nil {
+		return nil, err
+	}
+	if ctx.trace != nil {
+		tid := ctx.trace.propagatingTag(keyTraceID128)
+		if err := validateTID(tid); err != nil {
+			log.Debug("Invalid hex traceID: %s", err)
+			ctx.trace.unsetPropagatingTag(keyTraceID128)
+		} else if err := ctx.traceID.SetUpperFromHex(tid); err != nil {
+			log.Debug("Attempted to set an invalid hex traceID: %s", err)
+			ctx.trace.unsetPropagatingTag(keyTraceID128)
+		}
+	}
+	if ctx.traceID.Empty() || (ctx.spanID == 0 && ctx.origin != "synthetics") {
+		return nil, ErrSpanContextNotFound
+	}
+	return &ctx, nil
+}
+
+func validateTID(tid string) error {
+	if len(tid) != 16 {
+		return fmt.Errorf("invalid length: %q", tid)
+	}
+	if !isValidID(tid) {
+		return fmt.Errorf("malformed: %q", tid)
+	}
+	return nil
+}
+
+// unmarshalPropagatingTags unmarshals tags from v into ctx
+func unmarshalPropagatingTags(ctx *spanContext, v string) {
+	if ctx.trace == nil {
+		ctx.trace = newTrace()
+	}
+	if len(v) > propagationExtractMaxSize {
+		log.Warn("Did not extract %s, size limit exceeded: %d. Incoming tags will not be propagated further.", traceTagsHeader, propagationExtractMaxSize)
+		ctx.trace.setTag(keyPropagationError, "extract_max_size")
+		return
+	}
+	tags, err := parsePropagatableTraceTags(v)
+	if err != nil {
+		log.Warn("Did not extract %s: %v. Incoming tags will not be propagated further.", traceTagsHeader, err.Error())
+		ctx.trace.setTag(keyPropagationError, "decoding_error")
+	}
+	ctx.trace.replacePropagatingTags(tags)
+}
+
+// setPropagatingTag adds the key value pair to the map of propagating tags on the trace,
+// creating the map if one is not initialized.
+func setPropagatingTag(ctx *spanContext, k, v string) {
+	if ctx.trace == nil {
+		// extractors initialize a new spanContext, so the trace might be nil
+		ctx.trace = newTrace()
+	}
+	ctx.trace.setPropagatingTag(k, v)
+}
+
+const (
+	b3TraceIDHeader = "x-b3-traceid"
+	b3SpanIDHeader  = "x-b3-spanid"
+	b3SampledHeader = "x-b3-sampled"
+	b3SingleHeader  = "b3"
+)
+
+// propagatorB3 implements Propagator and injects/extracts span contexts
+// using B3 headers. Only TextMap carriers are supported.
+type propagatorB3 struct{}
+
+func (p *propagatorB3) Inject(spanCtx ddtrace.SpanContext, carrier interface{}) error {
+	switch c := carrier.(type) {
+	case TextMapWriter:
+		return p.injectTextMap(spanCtx, c)
+	default:
+		return ErrInvalidCarrier
+	}
+}
+
+func (*propagatorB3) injectTextMap(spanCtx ddtrace.SpanContext, writer TextMapWriter) error {
+	ctx, ok := spanCtx.(*spanContext)
+	if !ok || ctx.traceID.Empty() || ctx.spanID == 0 {
+		return ErrInvalidSpanContext
+	}
+	if !ctx.traceID.HasUpper() { // 64-bit trace id
+		writer.Set(b3TraceIDHeader, fmt.Sprintf("%016x", ctx.traceID.Lower()))
+	} else { // 128-bit trace id
+		var w3Cctx ddtrace.SpanContextW3C
+		if w3Cctx, ok = spanCtx.(ddtrace.SpanContextW3C); !ok {
+			return ErrInvalidSpanContext
+		}
+		writer.Set(b3TraceIDHeader, w3Cctx.TraceID128())
+	}
+	writer.Set(b3SpanIDHeader, fmt.Sprintf("%016x", ctx.spanID))
+	if p, ok := ctx.samplingPriority(); ok {
+		if p >= ext.PriorityAutoKeep {
+			writer.Set(b3SampledHeader, "1")
+		} else {
+			writer.Set(b3SampledHeader, "0")
+		}
+	}
+	return nil
+}
+
+func (p *propagatorB3) Extract(carrier interface{}) (ddtrace.SpanContext, error) {
+	switch c := carrier.(type) {
+	case TextMapReader:
+		return p.extractTextMap(c)
+	default:
+		return nil, ErrInvalidCarrier
+	}
+}
+
+func (*propagatorB3) extractTextMap(reader TextMapReader) (ddtrace.SpanContext, error) {
+	var ctx spanContext
+	err := reader.ForeachKey(func(k, v string) error {
+		var err error
+		key := strings.ToLower(k)
+		switch key {
+		case b3TraceIDHeader:
+			if err := extractTraceID128(&ctx, v); err != nil {
+				return nil
+			}
+		case b3SpanIDHeader:
+			ctx.spanID, err = strconv.ParseUint(v, 16, 64)
+			if err != nil {
+				return ErrSpanContextCorrupted
+			}
+		case b3SampledHeader:
+			priority, err := strconv.Atoi(v)
+			if err != nil {
+				return ErrSpanContextCorrupted
+			}
+			ctx.setSamplingPriority(priority, samplernames.Unknown)
+		default:
+		}
+		return nil
+	})
+	if err != nil {
+		return nil, err
+	}
+	if ctx.traceID.Empty() || ctx.spanID == 0 {
+		return nil, ErrSpanContextNotFound
+	}
+	return &ctx, nil
+}
+
+// propagatorB3 implements Propagator and injects/extracts span contexts
+// using B3 headers. Only TextMap carriers are supported.
+type propagatorB3SingleHeader struct{}
+
+func (p *propagatorB3SingleHeader) Inject(spanCtx ddtrace.SpanContext, carrier interface{}) error {
+	switch c := carrier.(type) {
+	case TextMapWriter:
+		return p.injectTextMap(spanCtx, c)
+	default:
+		return ErrInvalidCarrier
+	}
+}
+
+func (*propagatorB3SingleHeader) injectTextMap(spanCtx ddtrace.SpanContext, writer TextMapWriter) error {
+	ctx, ok := spanCtx.(*spanContext)
+	if !ok || ctx.traceID.Empty() || ctx.spanID == 0 {
+		return ErrInvalidSpanContext
+	}
+	sb := strings.Builder{}
+	var traceID string
+	if !ctx.traceID.HasUpper() { // 64-bit trace id
+		traceID = fmt.Sprintf("%016x", ctx.traceID.Lower())
+	} else { // 128-bit trace id
+		var w3Cctx ddtrace.SpanContextW3C
+		if w3Cctx, ok = spanCtx.(ddtrace.SpanContextW3C); !ok {
+			return ErrInvalidSpanContext
+		}
+		traceID = w3Cctx.TraceID128()
+	}
+	sb.WriteString(fmt.Sprintf("%s-%016x", traceID, ctx.spanID))
+	if p, ok := ctx.samplingPriority(); ok {
+		if p >= ext.PriorityAutoKeep {
+			sb.WriteString("-1")
+		} else {
+			sb.WriteString("-0")
+		}
+	}
+	writer.Set(b3SingleHeader, sb.String())
+	return nil
+}
+
+func (p *propagatorB3SingleHeader) Extract(carrier interface{}) (ddtrace.SpanContext, error) {
+	switch c := carrier.(type) {
+	case TextMapReader:
+		return p.extractTextMap(c)
+	default:
+		return nil, ErrInvalidCarrier
+	}
+}
+
+func (*propagatorB3SingleHeader) extractTextMap(reader TextMapReader) (ddtrace.SpanContext, error) {
+	var ctx spanContext
+	err := reader.ForeachKey(func(k, v string) error {
+		var err error
+		key := strings.ToLower(k)
+		switch key {
+		case b3SingleHeader:
+			b3Parts := strings.Split(v, "-")
+			if len(b3Parts) >= 2 {
+				if err = extractTraceID128(&ctx, b3Parts[0]); err != nil {
+					return err
+				}
+				ctx.spanID, err = strconv.ParseUint(b3Parts[1], 16, 64)
+				if err != nil {
+					return ErrSpanContextCorrupted
+				}
+				if len(b3Parts) >= 3 {
+					switch b3Parts[2] {
+					case "":
+						break
+					case "1", "d": // Treat 'debug' traces as priority 1
+						ctx.setSamplingPriority(1, samplernames.Unknown)
+					case "0":
+						ctx.setSamplingPriority(0, samplernames.Unknown)
+					default:
+						return ErrSpanContextCorrupted
+					}
+				}
+			} else {
+				return ErrSpanContextCorrupted
+			}
+		default:
+		}
+		return nil
+	})
+	if err != nil {
+		return nil, err
+	}
+	if ctx.traceID.Empty() || ctx.spanID == 0 {
+		return nil, ErrSpanContextNotFound
+	}
+	return &ctx, nil
+}
+
+const (
+	traceparentHeader = "traceparent"
+	tracestateHeader  = "tracestate"
+)
+
+// propagatorW3c implements Propagator and injects/extracts span contexts
+// using W3C tracecontext/traceparent headers. Only TextMap carriers are supported.
+type propagatorW3c struct{}
+
+func (p *propagatorW3c) Inject(spanCtx ddtrace.SpanContext, carrier interface{}) error {
+	switch c := carrier.(type) {
+	case TextMapWriter:
+		return p.injectTextMap(spanCtx, c)
+	default:
+		return ErrInvalidCarrier
+	}
+}
+
+// injectTextMap propagates span context attributes into the writer,
+// in the format of the traceparentHeader and tracestateHeader.
+// traceparentHeader encodes W3C Trace Propagation version, 128-bit traceID,
+// spanID, and a flags field, which supports 8 unique flags.
+// The current specification only supports a single flag called sampled,
+// which is equal to 00000001 when no other flag is present.
+// tracestateHeader is a comma-separated list of list-members with a <key>=<value> format,
+// where each list-member is managed by a vendor or instrumentation library.
+func (*propagatorW3c) injectTextMap(spanCtx ddtrace.SpanContext, writer TextMapWriter) error {
+	ctx, ok := spanCtx.(*spanContext)
+	if !ok || ctx.traceID.Empty() || ctx.spanID == 0 {
+		return ErrInvalidSpanContext
+	}
+	flags := ""
+	p, ok := ctx.samplingPriority()
+	if ok && p >= ext.PriorityAutoKeep {
+		flags = "01"
+	} else {
+		flags = "00"
+	}
+
+	var traceID string
+	if ctx.traceID.HasUpper() {
+		setPropagatingTag(ctx, keyTraceID128, ctx.traceID.UpperHex())
+		if w3Cctx, ok := spanCtx.(ddtrace.SpanContextW3C); ok {
+			traceID = w3Cctx.TraceID128()
+		}
+	} else {
+		traceID = fmt.Sprintf("%032x", ctx.traceID)
+		if ctx.trace != nil {
+			ctx.trace.unsetPropagatingTag(keyTraceID128)
+		}
+	}
+	writer.Set(traceparentHeader, fmt.Sprintf("00-%s-%016x-%v", traceID, ctx.spanID, flags))
+	// if context priority / origin / tags were updated after extraction,
+	// or the tracestateHeader doesn't start with `dd=`
+	// we need to recreate tracestate
+	if ctx.updated ||
+		(ctx.trace != nil && !strings.HasPrefix(ctx.trace.propagatingTag(tracestateHeader), "dd=")) ||
+		ctx.trace.propagatingTagsLen() == 0 {
+		writer.Set(tracestateHeader, composeTracestate(ctx, p, ctx.trace.propagatingTag(tracestateHeader)))
+	} else {
+		writer.Set(tracestateHeader, ctx.trace.propagatingTag(tracestateHeader))
+	}
+	return nil
+}
+
+var (
+	// keyRgx is used to sanitize the keys of the datadog propagating tags.
+	// Disallowed characters are comma (reserved as a list-member separator),
+	// equals (reserved for list-member key-value separator),
+	// space and characters outside the ASCII range 0x20 to 0x7E.
+	// Disallowed characters must be replaced with the underscore.
+	keyRgx = regexp.MustCompile(",|=|[^\\x20-\\x7E]+")
+
+	// valueRgx is used to sanitize the values of the datadog propagating tags.
+	// Disallowed characters are comma (reserved as a list-member separator),
+	// semi-colon (reserved for separator between entries in the dd list-member),
+	// tilde (reserved, will represent 0x3D (equals) in the encoded tag value,
+	// and characters outside the ASCII range 0x20 to 0x7E.
+	// Equals character must be encoded with a tilde.
+	// Other disallowed characters must be replaced with the underscore.
+	valueRgx = regexp.MustCompile(",|;|~|[^\\x20-\\x7E]+")
+
+	// originRgx is used to sanitize the value of the datadog origin tag.
+	// Disallowed characters are comma (reserved as a list-member separator),
+	// semi-colon (reserved for separator between entries in the dd list-member),
+	// equals (reserved for list-member key-value separator),
+	// and characters outside the ASCII range 0x21 to 0x7E.
+	// Equals character must be encoded with a tilde.
+	// Other disallowed characters must be replaced with the underscore.
+	originRgx = regexp.MustCompile(",|~|;|[^\\x21-\\x7E]+")
+)
+
+const (
+	asciiLowerA = 97
+	asciiLowerF = 102
+	asciiZero   = 48
+	asciiNine   = 57
+)
+
+// isValidID is used to verify that the input is a valid hex string.
+// This is an equivalent check to the regexp ^[a-f0-9]+$
+// In benchmarks, this function is roughly 10x faster than the equivalent
+// regexp, which is why we split it out.
+// isValidID is applicable for both trace and span IDs.
+func isValidID(id string) bool {
+	if len(id) == 0 {
+		return false
+	}
+
+	for _, c := range id {
+		ascii := int(c)
+		if ascii < asciiZero || ascii > asciiLowerF || (ascii > asciiNine && ascii < asciiLowerA) {
+			return false
+		}
+	}
+
+	return true
+}
+
+// composeTracestate creates a tracestateHeader from the spancontext.
+// The Datadog tracing library is only responsible for managing the list member with key dd,
+// which holds the values of the sampling decision(`s:<value>`), origin(`o:<origin>`),
+// and propagated tags prefixed with `t.`(e.g. _dd.p.usr.id:usr_id tag will become `t.usr.id:usr_id`).
+func composeTracestate(ctx *spanContext, priority int, oldState string) string {
+	var b strings.Builder
+	b.Grow(128)
+	b.WriteString(fmt.Sprintf("dd=s:%d", priority))
+	listLength := 1
+
+	if ctx.origin != "" {
+		oWithSub := originRgx.ReplaceAllString(ctx.origin, "_")
+		b.WriteString(fmt.Sprintf(";o:%s",
+			strings.ReplaceAll(oWithSub, "=", "~")))
+	}
+
+	ctx.trace.iteratePropagatingTags(func(k, v string) bool {
+		if !strings.HasPrefix(k, "_dd.p.") {
+			return true
+		}
+		// Datadog propagating tags must be appended to the tracestateHeader
+		// with the `t.` prefix. Tag value must have all `=` signs replaced with a tilde (`~`).
+		tag := fmt.Sprintf("t.%s:%s",
+			keyRgx.ReplaceAllString(k[len("_dd.p."):], "_"),
+			strings.ReplaceAll(valueRgx.ReplaceAllString(v, "_"), "=", "~"))
+		if b.Len()+len(tag) > 256 {
+			return false
+		}
+		b.WriteString(";")
+		b.WriteString(tag)
+		return true
+	})
+	// the old state is split by vendors, must be concatenated with a `,`
+	if len(oldState) == 0 {
+		return b.String()
+	}
+	for _, s := range strings.Split(strings.Trim(oldState, " \t"), ",") {
+		if strings.HasPrefix(s, "dd=") {
+			continue
+		}
+		listLength++
+		// if the resulting tracestateHeader exceeds 32 list-members,
+		// remove the rightmost list-member(s)
+		if listLength > 32 {
+			break
+		}
+		b.WriteString("," + strings.Trim(s, " \t"))
+	}
+	return b.String()
+}
+
+func (p *propagatorW3c) Extract(carrier interface{}) (ddtrace.SpanContext, error) {
+	switch c := carrier.(type) {
+	case TextMapReader:
+		return p.extractTextMap(c)
+	default:
+		return nil, ErrInvalidCarrier
+	}
+}
+
+func (*propagatorW3c) extractTextMap(reader TextMapReader) (ddtrace.SpanContext, error) {
+	var parentHeader string
+	var stateHeader string
+	var ctx spanContext
+	// to avoid parsing tracestate header(s) if traceparent is invalid
+	if err := reader.ForeachKey(func(k, v string) error {
+		key := strings.ToLower(k)
+		switch key {
+		case traceparentHeader:
+			if parentHeader != "" {
+				return ErrSpanContextCorrupted
+			}
+			parentHeader = v
+		case tracestateHeader:
+			stateHeader = v
+		default:
+			if strings.HasPrefix(key, DefaultBaggageHeaderPrefix) {
+				ctx.setBaggageItem(strings.TrimPrefix(key, DefaultBaggageHeaderPrefix), v)
+			}
+		}
+		return nil
+	}); err != nil {
+		return nil, err
+	}
+	if err := parseTraceparent(&ctx, parentHeader); err != nil {
+		return nil, err
+	}
+	parseTracestate(&ctx, stateHeader)
+	return &ctx, nil
+}
+
+// parseTraceparent attempts to parse traceparentHeader which describes the position
+// of the incoming request in its trace graph in a portable, fixed-length format.
+// The format of the traceparentHeader is `-` separated string with in the
+// following format: `version-traceId-spanID-flags`, with an optional `-<prefix>` if version > 0.
+// where:
+// - version - represents the version of the W3C Tracecontext Propagation format in hex format.
+// - traceId - represents the propagated traceID in the format of 32 hex-encoded digits.
+// - spanID - represents the propagated spanID (parentID) in the format of 16 hex-encoded digits.
+// - flags - represents the propagated flags in the format of 2 hex-encoded digits, and supports 8 unique flags.
+// Example value of HTTP `traceparent` header: `00-4bf92f3577b34da6a3ce929d0e0e4736-00f067aa0ba902b7-01`,
+// Currently, Go tracer doesn't support 128-bit traceIDs, so the full traceID (32 hex-encoded digits) must be
+// stored into a field that is accessible from the span’s context. TraceId will be parsed from the least significant 16
+// hex-encoded digits into a 64-bit number.
+func parseTraceparent(ctx *spanContext, header string) error {
+	nonWordCutset := "_-\t \n"
+	header = strings.ToLower(strings.Trim(header, "\t -"))
+	headerLen := len(header)
+	if headerLen == 0 {
+		return ErrSpanContextNotFound
+	}
+	if headerLen < 55 {
+		return ErrSpanContextCorrupted
+	}
+	parts := strings.SplitN(header, "-", 5) // 5 because we expect 4 required + 1 optional substrings
+	if len(parts) < 4 {
+		return ErrSpanContextCorrupted
+	}
+	version := strings.Trim(parts[0], nonWordCutset)
+	if len(version) != 2 {
+		return ErrSpanContextCorrupted
+	}
+	v, err := strconv.ParseUint(version, 16, 64)
+	if err != nil || v == 255 {
+		// version 255 (0xff) is invalid
+		return ErrSpanContextCorrupted
+	}
+	if v == 0 && headerLen != 55 {
+		// The header length in v0 has to be 55.
+		// It's allowed to be longer in other versions.
+		return ErrSpanContextCorrupted
+	}
+	// parsing traceID
+	fullTraceID := strings.Trim(parts[1], nonWordCutset)
+	if len(fullTraceID) != 32 {
+		return ErrSpanContextCorrupted
+	}
+	// checking that the entire TraceID is a valid hex string
+	if !isValidID(fullTraceID) {
+		return ErrSpanContextCorrupted
+	}
+	if ctx.trace != nil {
+		// Ensure that the 128-bit trace id tag doesn't propagate
+		ctx.trace.unsetPropagatingTag(keyTraceID128)
+	}
+	if err := extractTraceID128(ctx, fullTraceID); err != nil {
+		return err
+	}
+	// parsing spanID
+	spanID := strings.Trim(parts[2], nonWordCutset)
+	if len(spanID) != 16 {
+		return ErrSpanContextCorrupted
+	}
+	if !isValidID(spanID) {
+		return ErrSpanContextCorrupted
+	}
+	if ctx.spanID, err = strconv.ParseUint(spanID, 16, 64); err != nil {
+		return ErrSpanContextCorrupted
+	}
+	if ctx.spanID == 0 {
+		return ErrSpanContextNotFound
+	}
+	// parsing flags
+	flags := parts[3]
+	f, err := strconv.ParseInt(flags, 16, 8)
+	if err != nil {
+		return ErrSpanContextCorrupted
+	}
+	ctx.setSamplingPriority(int(f)&0x1, samplernames.Unknown)
+	return nil
+}
+
+// parseTracestate attempts to parse tracestateHeader which is a list
+// with up to 32 comma-separated (,) list-members.
+// An example value would be: `vendorname1=opaqueValue1,vendorname2=opaqueValue2,dd=s:1;o:synthetics`,
+// Where `dd` list contains values that would be in x-datadog-tags as well as those needed for propagation information.
+// The keys to the “dd“ values have been shortened as follows to save space:
+// `sampling_priority` = `s`
+// `origin` = `o`
+// `_dd.p.` prefix = `t.`
+func parseTracestate(ctx *spanContext, header string) {
+	if header == "" {
+		// The W3C spec says tracestate can be empty but should avoid sending it.
+		// https://www.w3.org/TR/trace-context-1/#tracestate-header-field-values
+		return
+	}
+	// if multiple headers are present, they must be combined and stored
+	setPropagatingTag(ctx, tracestateHeader, header)
+	combined := strings.Split(strings.Trim(header, "\t "), ",")
+	for _, group := range combined {
+		if !strings.HasPrefix(group, "dd=") {
+			continue
+		}
+		ddMembers := strings.Split(group[len("dd="):], ";")
+		dropDM := false
+		for _, member := range ddMembers {
+			keyVal := strings.SplitN(member, ":", 2)
+			if len(keyVal) != 2 {
+				continue
+			}
+			key, val := keyVal[0], keyVal[1]
+			if key == "o" {
+				ctx.origin = strings.ReplaceAll(val, "~", "=")
+			} else if key == "s" {
+				stateP, err := strconv.Atoi(val)
+				if err != nil {
+					// If the tracestate priority is absent,
+					// we rely on the traceparent sampled flag
+					// set in the parseTraceparent function.
+					continue
+				}
+				// The sampling priority and decision maker values are set based on
+				// the specification in the internal W3C context propagation RFC.
+				// See the document for more details.
+				parentP, _ := ctx.samplingPriority()
+				if (parentP == 1 && stateP > 0) || (parentP == 0 && stateP <= 0) {
+					// As extracted from tracestate
+					ctx.setSamplingPriority(stateP, samplernames.Unknown)
+				}
+				if parentP == 1 && stateP <= 0 {
+					// Auto keep (1) and set the decision maker to default
+					ctx.setSamplingPriority(1, samplernames.Default)
+				}
+				if parentP == 0 && stateP > 0 {
+					// Auto drop (0) and drop the decision maker
+					ctx.setSamplingPriority(0, samplernames.Unknown)
+					dropDM = true
+				}
+			} else if strings.HasPrefix(key, "t.dm") {
+				if ctx.trace.hasPropagatingTag(keyDecisionMaker) || dropDM {
+					continue
+				}
+				setPropagatingTag(ctx, keyDecisionMaker, val)
+			} else if strings.HasPrefix(key, "t.") {
+				keySuffix := key[len("t."):]
+				val = strings.ReplaceAll(val, "~", "=")
+				setPropagatingTag(ctx, "_dd.p."+keySuffix, val)
+			}
+		}
+	}
+}
+
+// extractTraceID128 extracts the trace id from v and populates the traceID
+// field, and the traceID128 field (if applicable) of the provided ctx,
+// returning an error if v is invalid.
+func extractTraceID128(ctx *spanContext, v string) error {
+	if len(v) > 32 {
+		v = v[len(v)-32:]
+	}
+	v = strings.TrimLeft(v, "0")
+	var err error
+	if len(v) <= 16 { // 64-bit trace id
+		var tid uint64
+		tid, err = strconv.ParseUint(v, 16, 64)
+		ctx.traceID.SetLower(tid)
+	} else { // 128-bit trace id
+		idUpper := v[:len(v)-16]
+		ctx.traceID.SetUpperFromHex(idUpper)
+		var l uint64
+		l, err = strconv.ParseUint(v[len(idUpper):], 16, 64)
+		ctx.traceID.SetLower(l)
+	}
+	if err != nil {
+		return ErrSpanContextCorrupted
+	}
+	return nil
+}
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/time.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/time.go
new file mode 100644
index 000000000..3afe8fb18
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/time.go
@@ -0,0 +1,17 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016 Datadog, Inc.
+
+//go:build !windows
+// +build !windows
+
+package tracer
+
+import "time"
+
+// nowTime returns the current time, as computed by Time.Now().
+var nowTime = func() time.Time { return time.Now() }
+
+// now returns the current UNIX time in nanoseconds, as computed by Time.UnixNano().
+var now = func() int64 { return time.Now().UnixNano() }
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/time_windows.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/time_windows.go
new file mode 100644
index 000000000..f1ecd4f90
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/time_windows.go
@@ -0,0 +1,48 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016 Datadog, Inc.
+
+package tracer
+
+import (
+	"time"
+
+	"golang.org/x/sys/windows"
+
+	"gopkg.in/DataDog/dd-trace-go.v1/internal/log"
+)
+
+// This method is more precise than the go1.8 time.Now on Windows
+// See https://msdn.microsoft.com/en-us/library/windows/desktop/hh706895(v=vs.85).aspx
+// It is however ~10x slower and requires Windows 8+.
+func highPrecisionNow() int64 {
+	var ft windows.Filetime
+	windows.GetSystemTimePreciseAsFileTime(&ft)
+	return ft.Nanoseconds()
+}
+
+func lowPrecisionNow() int64 {
+	return time.Now().UnixNano()
+}
+
+// We use this method of initializing now over an init function due to dependency issues. The init
+// function may run after other declarations, such as that in payload_test:19, which results in a
+// nil dereference panic.
+var now func() int64 = func() func() int64 {
+	if err := windows.LoadGetSystemTimePreciseAsFileTime(); err != nil {
+		log.Warn("Unable to load high precison timer, defaulting to time.Now()")
+		return lowPrecisionNow
+	} else {
+		return highPrecisionNow
+	}
+}()
+
+var nowTime func() time.Time = func() func() time.Time {
+	if err := windows.LoadGetSystemTimePreciseAsFileTime(); err != nil {
+		log.Warn("Unable to load high precison timer, defaulting to time.Now()")
+		return func() time.Time { return time.Unix(0, lowPrecisionNow()) }
+	} else {
+		return func() time.Time { return time.Unix(0, highPrecisionNow()) }
+	}
+}()
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/tracer.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/tracer.go
new file mode 100644
index 000000000..0c333d2d5
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/tracer.go
@@ -0,0 +1,716 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016 Datadog, Inc.
+
+package tracer
+
+import (
+	gocontext "context"
+	"os"
+	"runtime/pprof"
+	rt "runtime/trace"
+	"strconv"
+	"sync"
+	"sync/atomic"
+	"time"
+
+	"gopkg.in/DataDog/dd-trace-go.v1/ddtrace"
+	"gopkg.in/DataDog/dd-trace-go.v1/ddtrace/ext"
+	"gopkg.in/DataDog/dd-trace-go.v1/ddtrace/internal"
+	globalinternal "gopkg.in/DataDog/dd-trace-go.v1/internal"
+	"gopkg.in/DataDog/dd-trace-go.v1/internal/appsec"
+	"gopkg.in/DataDog/dd-trace-go.v1/internal/datastreams"
+	"gopkg.in/DataDog/dd-trace-go.v1/internal/hostname"
+	"gopkg.in/DataDog/dd-trace-go.v1/internal/log"
+	"gopkg.in/DataDog/dd-trace-go.v1/internal/remoteconfig"
+	"gopkg.in/DataDog/dd-trace-go.v1/internal/samplernames"
+	"gopkg.in/DataDog/dd-trace-go.v1/internal/telemetry"
+	"gopkg.in/DataDog/dd-trace-go.v1/internal/traceprof"
+
+	"github.com/DataDog/datadog-agent/pkg/obfuscate"
+)
+
+var _ ddtrace.Tracer = (*tracer)(nil)
+
+// tracer creates, buffers and submits Spans which are used to time blocks of
+// computation. They are accumulated and streamed into an internal payload,
+// which is flushed to the agent whenever its size exceeds a specific threshold
+// or when a certain interval of time has passed, whichever happens first.
+//
+// tracer operates based on a worker loop which responds to various request
+// channels. It additionally holds two buffers which accumulates error and trace
+// queues to be processed by the payload encoder.
+type tracer struct {
+	config *config
+
+	// stats specifies the concentrator used to compute statistics, when client-side
+	// stats are enabled.
+	stats *concentrator
+
+	// traceWriter is responsible for sending finished traces to their
+	// destination, such as the Trace Agent or Datadog Forwarder.
+	traceWriter traceWriter
+
+	// out receives chunk with spans to be added to the payload.
+	out chan *chunk
+
+	// flush receives a channel onto which it will confirm after a flush has been
+	// triggered and completed.
+	flush chan chan<- struct{}
+
+	// stop causes the tracer to shut down when closed.
+	stop chan struct{}
+
+	// stopOnce ensures the tracer is stopped exactly once.
+	stopOnce sync.Once
+
+	// wg waits for all goroutines to exit when stopping.
+	wg sync.WaitGroup
+
+	// prioritySampling holds an instance of the priority sampler.
+	prioritySampling *prioritySampler
+
+	// pid of the process
+	pid int
+
+	// These integers track metrics about spans and traces as they are started,
+	// finished, and dropped
+	spansStarted, spansFinished, tracesDropped uint32
+
+	// Records the number of dropped P0 traces and spans.
+	droppedP0Traces, droppedP0Spans uint32
+
+	// partialTrace the number of partially dropped traces.
+	partialTraces uint32
+
+	// rulesSampling holds an instance of the rules sampler used to apply either trace sampling,
+	// or single span sampling rules on spans. These are user-defined
+	// rules for applying a sampling rate to spans that match the designated service
+	// or operation name.
+	rulesSampling *rulesSampler
+
+	// obfuscator holds the obfuscator used to obfuscate resources in aggregated stats.
+	// obfuscator may be nil if disabled.
+	obfuscator *obfuscate.Obfuscator
+
+	// statsd is used for tracking metrics associated with the runtime and the tracer.
+	statsd globalinternal.StatsdClient
+
+	// dataStreams processes data streams monitoring information
+	dataStreams *datastreams.Processor
+
+	// abandonedSpansDebugger specifies where and how potentially abandoned spans are stored
+	// when abandoned spans debugging is enabled.
+	abandonedSpansDebugger *abandonedSpansDebugger
+}
+
+const (
+	// flushInterval is the interval at which the payload contents will be flushed
+	// to the transport.
+	flushInterval = 2 * time.Second
+
+	// payloadMaxLimit is the maximum payload size allowed and should indicate the
+	// maximum size of the package that the agent can receive.
+	payloadMaxLimit = 9.5 * 1024 * 1024 // 9.5 MB
+
+	// payloadSizeLimit specifies the maximum allowed size of the payload before
+	// it will trigger a flush to the transport.
+	payloadSizeLimit = payloadMaxLimit / 2
+
+	// concurrentConnectionLimit specifies the maximum number of concurrent outgoing
+	// connections allowed.
+	concurrentConnectionLimit = 100
+)
+
+// statsInterval is the interval at which health metrics will be sent with the
+// statsd client; replaced in tests.
+var statsInterval = 10 * time.Second
+
+// Start starts the tracer with the given set of options. It will stop and replace
+// any running tracer, meaning that calling it several times will result in a restart
+// of the tracer by replacing the current instance with a new one.
+func Start(opts ...StartOption) {
+	if internal.Testing {
+		return // mock tracer active
+	}
+	defer telemetry.Time(telemetry.NamespaceGeneral, "init_time", nil, true)()
+	t := newTracer(opts...)
+	if !t.config.enabled {
+		// TODO: instrumentation telemetry client won't get started
+		// if tracing is disabled, but we still want to capture this
+		// telemetry information. Will be fixed when the tracer and profiler
+		// share control of the global telemetry client.
+		return
+	}
+	internal.SetGlobalTracer(t)
+	if t.config.logStartup {
+		logStartup(t)
+	}
+	if t.dataStreams != nil {
+		t.dataStreams.Start()
+	}
+	// Start AppSec with remote configuration
+	cfg := remoteconfig.DefaultClientConfig()
+	cfg.AgentURL = t.config.agentURL.String()
+	cfg.AppVersion = t.config.version
+	cfg.Env = t.config.env
+	cfg.HTTP = t.config.httpClient
+	cfg.ServiceName = t.config.serviceName
+	appsec.Start(appsec.WithRCConfig(cfg))
+	// start instrumentation telemetry unless it is disabled through the
+	// DD_INSTRUMENTATION_TELEMETRY_ENABLED env var
+	startTelemetry(t.config)
+	_ = t.hostname() // Prime the hostname cache
+}
+
+// Stop stops the started tracer. Subsequent calls are valid but become no-op.
+func Stop() {
+	internal.SetGlobalTracer(&internal.NoopTracer{})
+	log.Flush()
+}
+
+// Span is an alias for ddtrace.Span. It is here to allow godoc to group methods returning
+// ddtrace.Span. It is recommended and is considered more correct to refer to this type as
+// ddtrace.Span instead.
+type Span = ddtrace.Span
+
+// StartSpan starts a new span with the given operation name and set of options.
+// If the tracer is not started, calling this function is a no-op.
+func StartSpan(operationName string, opts ...StartSpanOption) Span {
+	return internal.GetGlobalTracer().StartSpan(operationName, opts...)
+}
+
+// Extract extracts a SpanContext from the carrier. The carrier is expected
+// to implement TextMapReader, otherwise an error is returned.
+// If the tracer is not started, calling this function is a no-op.
+func Extract(carrier interface{}) (ddtrace.SpanContext, error) {
+	return internal.GetGlobalTracer().Extract(carrier)
+}
+
+// Inject injects the given SpanContext into the carrier. The carrier is
+// expected to implement TextMapWriter, otherwise an error is returned.
+// If the tracer is not started, calling this function is a no-op.
+func Inject(ctx ddtrace.SpanContext, carrier interface{}) error {
+	return internal.GetGlobalTracer().Inject(ctx, carrier)
+}
+
+// SetUser associates user information to the current trace which the
+// provided span belongs to. The options can be used to tune which user
+// bit of information gets monitored. In case of distributed traces,
+// the user id can be propagated across traces using the WithPropagation() option.
+// See https://docs.datadoghq.com/security_platform/application_security/setup_and_configure/?tab=set_user#add-user-information-to-traces
+func SetUser(s Span, id string, opts ...UserMonitoringOption) {
+	if s == nil {
+		return
+	}
+	sp, ok := s.(interface {
+		SetUser(string, ...UserMonitoringOption)
+	})
+	if !ok {
+		return
+	}
+	sp.SetUser(id, opts...)
+}
+
+// payloadQueueSize is the buffer size of the trace channel.
+const payloadQueueSize = 1000
+
+func newUnstartedTracer(opts ...StartOption) *tracer {
+	c := newConfig(opts...)
+	sampler := newPrioritySampler()
+	statsd, err := newStatsdClient(c)
+	if err != nil {
+		log.Warn("Runtime and health metrics disabled: %v", err)
+	}
+	var writer traceWriter
+	if c.logToStdout {
+		writer = newLogTraceWriter(c, statsd)
+	} else {
+		writer = newAgentTraceWriter(c, sampler, statsd)
+	}
+	traces, spans, err := samplingRulesFromEnv()
+	if err != nil {
+		log.Warn("DIAGNOSTICS Error(s) parsing sampling rules: found errors:%s", err)
+	}
+	if traces != nil {
+		c.traceRules = traces
+	}
+	if spans != nil {
+		c.spanRules = spans
+	}
+	var dataStreamsProcessor *datastreams.Processor
+	if c.dataStreamsMonitoringEnabled {
+		dataStreamsProcessor = datastreams.NewProcessor(statsd, c.env, c.serviceName, c.version, c.agentURL, c.httpClient, func() bool {
+			f := loadAgentFeatures(c.logToStdout, c.agentURL, c.httpClient)
+			return f.DataStreams
+		})
+	}
+	t := &tracer{
+		config:           c,
+		traceWriter:      writer,
+		out:              make(chan *chunk, payloadQueueSize),
+		stop:             make(chan struct{}),
+		flush:            make(chan chan<- struct{}),
+		rulesSampling:    newRulesSampler(c.traceRules, c.spanRules),
+		prioritySampling: sampler,
+		pid:              os.Getpid(),
+		stats:            newConcentrator(c, defaultStatsBucketSize),
+		obfuscator: obfuscate.NewObfuscator(obfuscate.Config{
+			SQL: obfuscate.SQLConfig{
+				TableNames:       c.agent.HasFlag("table_names"),
+				ReplaceDigits:    c.agent.HasFlag("quantize_sql_tables") || c.agent.HasFlag("replace_sql_digits"),
+				KeepSQLAlias:     c.agent.HasFlag("keep_sql_alias"),
+				DollarQuotedFunc: c.agent.HasFlag("dollar_quoted_func"),
+				Cache:            c.agent.HasFlag("sql_cache"),
+			},
+		}),
+		statsd:      statsd,
+		dataStreams: dataStreamsProcessor,
+	}
+	return t
+}
+
+// newTracer creates a new no-op tracer for testing.
+// NOTE: This function does NOT set the global tracer, which is required for
+// most finish span/flushing operations to work as expected. If you are calling
+// span.Finish and/or expecting flushing to work, you must call
+// internal.SetGlobalTracer(...) with the tracer provided by this function.
+func newTracer(opts ...StartOption) *tracer {
+	t := newUnstartedTracer(opts...)
+	c := t.config
+	t.statsd.Incr("datadog.tracer.started", nil, 1)
+	if c.runtimeMetrics {
+		log.Debug("Runtime metrics enabled.")
+		t.wg.Add(1)
+		go func() {
+			defer t.wg.Done()
+			t.reportRuntimeMetrics(defaultMetricsReportInterval)
+		}()
+	}
+	if c.debugAbandonedSpans {
+		log.Info("Abandoned spans logs enabled.")
+		t.abandonedSpansDebugger = newAbandonedSpansDebugger()
+		t.abandonedSpansDebugger.Start(t.config.spanTimeout)
+	}
+	t.wg.Add(1)
+	go func() {
+		defer t.wg.Done()
+		tick := t.config.tickChan
+		if tick == nil {
+			ticker := time.NewTicker(flushInterval)
+			defer ticker.Stop()
+			tick = ticker.C
+		}
+		t.worker(tick)
+	}()
+	t.wg.Add(1)
+	go func() {
+		defer t.wg.Done()
+		t.reportHealthMetrics(statsInterval)
+	}()
+	t.stats.Start()
+	return t
+}
+
+// Flush flushes any buffered traces. Flush is in effect only if a tracer
+// is started. Users do not have to call Flush in order to ensure that
+// traces reach Datadog. It is a convenience method dedicated to a specific
+// use case described below.
+//
+// Flush is of use in Lambda environments, where starting and stopping
+// the tracer on each invocation may create too much latency. In this
+// scenario, a tracer may be started and stopped by the parent process
+// whereas the invocation can make use of Flush to ensure any created spans
+// reach the agent.
+func Flush() {
+	if t, ok := internal.GetGlobalTracer().(*tracer); ok {
+		t.flushSync()
+		if t.dataStreams != nil {
+			t.dataStreams.Flush()
+		}
+	}
+}
+
+// flushSync triggers a flush and waits for it to complete.
+func (t *tracer) flushSync() {
+	done := make(chan struct{})
+	t.flush <- done
+	<-done
+}
+
+// worker receives finished traces to be added into the payload, as well
+// as periodically flushes traces to the transport.
+func (t *tracer) worker(tick <-chan time.Time) {
+	for {
+		select {
+		case trace := <-t.out:
+			t.sampleChunk(trace)
+			if len(trace.spans) != 0 {
+				t.traceWriter.add(trace.spans)
+			}
+		case <-tick:
+			t.statsd.Incr("datadog.tracer.flush_triggered", []string{"reason:scheduled"}, 1)
+			t.traceWriter.flush()
+
+		case done := <-t.flush:
+			t.statsd.Incr("datadog.tracer.flush_triggered", []string{"reason:invoked"}, 1)
+			t.traceWriter.flush()
+			t.statsd.Flush()
+			t.stats.flushAndSend(time.Now(), withCurrentBucket)
+			// TODO(x): In reality, the traceWriter.flush() call is not synchronous
+			// when using the agent traceWriter. However, this functionnality is used
+			// in Lambda so for that purpose this mechanism should suffice.
+			done <- struct{}{}
+
+		case <-t.stop:
+		loop:
+			// the loop ensures that the payload channel is fully drained
+			// before the final flush to ensure no traces are lost (see #526)
+			for {
+				select {
+				case trace := <-t.out:
+					t.sampleChunk(trace)
+					if len(trace.spans) != 0 {
+						t.traceWriter.add(trace.spans)
+					}
+				default:
+					break loop
+				}
+			}
+			return
+		}
+	}
+}
+
+// chunk holds information about a trace chunk to be flushed, including its spans.
+// The chunk may be a fully finished local trace chunk, or only a portion of the local trace chunk in the case of
+// partial flushing.
+type chunk struct {
+	spans    []*span
+	willSend bool // willSend indicates whether the trace will be sent to the agent.
+}
+
+// sampleChunk applies single-span sampling to the provided trace.
+func (t *tracer) sampleChunk(c *chunk) {
+	if len(c.spans) > 0 {
+		if p, ok := c.spans[0].context.samplingPriority(); ok && p > 0 {
+			// The trace is kept, no need to run single span sampling rules.
+			return
+		}
+	}
+	var kept []*span
+	if t.rulesSampling.HasSpanRules() {
+		// Apply sampling rules to individual spans in the trace.
+		for _, span := range c.spans {
+			if t.rulesSampling.SampleSpan(span) {
+				kept = append(kept, span)
+			}
+		}
+		if len(kept) > 0 && len(kept) < len(c.spans) {
+			// Some spans in the trace were kept, so a partial trace will be sent.
+			atomic.AddUint32(&t.partialTraces, 1)
+		}
+	}
+	if len(kept) == 0 {
+		atomic.AddUint32(&t.droppedP0Traces, 1)
+	}
+	atomic.AddUint32(&t.droppedP0Spans, uint32(len(c.spans)-len(kept)))
+	if !c.willSend {
+		c.spans = kept
+	}
+}
+
+func (t *tracer) pushChunk(trace *chunk) {
+	select {
+	case <-t.stop:
+		return
+	default:
+	}
+	select {
+	case t.out <- trace:
+	default:
+		log.Error("payload queue full, dropping %d traces", len(trace.spans))
+	}
+}
+
+// StartSpan creates, starts, and returns a new Span with the given `operationName`.
+func (t *tracer) StartSpan(operationName string, options ...ddtrace.StartSpanOption) ddtrace.Span {
+	var opts ddtrace.StartSpanConfig
+	for _, fn := range options {
+		fn(&opts)
+	}
+	var startTime int64
+	if opts.StartTime.IsZero() {
+		startTime = now()
+	} else {
+		startTime = opts.StartTime.UnixNano()
+	}
+	var context *spanContext
+	// The default pprof context is taken from the start options and is
+	// not nil when using StartSpanFromContext()
+	pprofContext := opts.Context
+	if opts.Parent != nil {
+		if ctx, ok := opts.Parent.(*spanContext); ok {
+			context = ctx
+			if pprofContext == nil && ctx.span != nil {
+				// Inherit the context.Context from parent span if it was propagated
+				// using ChildOf() rather than StartSpanFromContext(), see
+				// applyPPROFLabels() below.
+				pprofContext = ctx.span.pprofCtxActive
+			}
+		} else if p, ok := opts.Parent.(ddtrace.SpanContextW3C); ok {
+			context = &spanContext{
+				traceID: p.TraceID128Bytes(),
+				spanID:  p.SpanID(),
+			}
+		}
+	}
+	if pprofContext == nil {
+		// For root span's without context, there is no pprofContext, but we need
+		// one to avoid a panic() in pprof.WithLabels(). Using context.Background()
+		// is not ideal here, as it will cause us to remove all labels from the
+		// goroutine when the span finishes. However, the alternatives of not
+		// applying labels for such spans or to leave the endpoint/hotspot labels
+		// on the goroutine after it finishes are even less appealing. We'll have
+		// to properly document this for users.
+		pprofContext = gocontext.Background()
+	}
+	id := opts.SpanID
+	if id == 0 {
+		id = generateSpanID(startTime)
+	}
+	// span defaults
+	span := &span{
+		Name:         operationName,
+		Service:      t.config.serviceName,
+		Resource:     operationName,
+		SpanID:       id,
+		TraceID:      id,
+		Start:        startTime,
+		noDebugStack: t.config.noDebugStack,
+	}
+	if t.config.hostname != "" {
+		span.setMeta(keyHostname, t.config.hostname)
+	}
+	if context != nil {
+		// this is a child span
+		span.TraceID = context.traceID.Lower()
+		span.ParentID = context.spanID
+		if p, ok := context.samplingPriority(); ok {
+			span.setMetric(keySamplingPriority, float64(p))
+		}
+		if context.span != nil {
+			// local parent, inherit service
+			context.span.RLock()
+			span.Service = context.span.Service
+			context.span.RUnlock()
+		} else {
+			// remote parent
+			if context.origin != "" {
+				// mark origin
+				span.setMeta(keyOrigin, context.origin)
+			}
+		}
+	}
+	span.context = newSpanContext(span, context)
+	span.setMetric(ext.Pid, float64(t.pid))
+	span.setMeta("language", "go")
+
+	// add tags from options
+	for k, v := range opts.Tags {
+		span.SetTag(k, v)
+	}
+	// add global tags
+	for k, v := range t.config.globalTags {
+		span.SetTag(k, v)
+	}
+	if t.config.serviceMappings != nil {
+		if newSvc, ok := t.config.serviceMappings[span.Service]; ok {
+			span.Service = newSvc
+		}
+	}
+	isRootSpan := context == nil || context.span == nil
+	if isRootSpan {
+		traceprof.SetProfilerRootTags(span)
+		span.setMetric(keySpanAttributeSchemaVersion, float64(t.config.spanAttributeSchemaVersion))
+	}
+	if isRootSpan || context.span.Service != span.Service {
+		span.setMetric(keyTopLevel, 1)
+		// all top level spans are measured. So the measured tag is redundant.
+		delete(span.Metrics, keyMeasured)
+	}
+	if t.config.version != "" {
+		if t.config.universalVersion || (!t.config.universalVersion && span.Service == t.config.serviceName) {
+			span.setMeta(ext.Version, t.config.version)
+		}
+	}
+	if t.config.env != "" {
+		span.setMeta(ext.Environment, t.config.env)
+	}
+	if _, ok := span.context.samplingPriority(); !ok {
+		// if not already sampled or a brand new trace, sample it
+		t.sample(span)
+	}
+	pprofContext, span.taskEnd = startExecutionTracerTask(pprofContext, span)
+	if t.config.profilerHotspots || t.config.profilerEndpoints {
+		t.applyPPROFLabels(pprofContext, span)
+	}
+	if t.config.serviceMappings != nil {
+		if newSvc, ok := t.config.serviceMappings[span.Service]; ok {
+			span.Service = newSvc
+		}
+	}
+	if log.DebugEnabled() {
+		// avoid allocating the ...interface{} argument if debug logging is disabled
+		log.Debug("Started Span: %v, Operation: %s, Resource: %s, Tags: %v, %v",
+			span, span.Name, span.Resource, span.Meta, span.Metrics)
+	}
+	if t.config.debugAbandonedSpans {
+		select {
+		case t.abandonedSpansDebugger.In <- newAbandonedSpanCandidate(span, false):
+			// ok
+		default:
+			log.Error("Abandoned spans channel full, disregarding span.")
+		}
+	}
+	return span
+}
+
+// generateSpanID returns a random uint64 that has been XORd with the startTime.
+// This is done to get around the 32-bit random seed limitation that may create collisions if there is a large number
+// of go services all generating spans.
+func generateSpanID(startTime int64) uint64 {
+	return random.Uint64() ^ uint64(startTime)
+}
+
+// applyPPROFLabels applies pprof labels for the profiler's code hotspots and
+// endpoint filtering feature to span. When span finishes, any pprof labels
+// found in ctx are restored. Additionally, this func informs the profiler how
+// many times each endpoint is called.
+func (t *tracer) applyPPROFLabels(ctx gocontext.Context, span *span) {
+	var labels []string
+	if t.config.profilerHotspots {
+		// allocate the max-length slice to avoid growing it later
+		labels = make([]string, 0, 6)
+		labels = append(labels, traceprof.SpanID, strconv.FormatUint(span.SpanID, 10))
+	}
+	// nil checks might not be needed, but better be safe than sorry
+	if localRootSpan := span.root(); localRootSpan != nil {
+		if t.config.profilerHotspots {
+			labels = append(labels, traceprof.LocalRootSpanID, strconv.FormatUint(localRootSpan.SpanID, 10))
+		}
+		if t.config.profilerEndpoints && spanResourcePIISafe(localRootSpan) {
+			labels = append(labels, traceprof.TraceEndpoint, localRootSpan.Resource)
+			if span == localRootSpan {
+				// Inform the profiler of endpoint hits. This is used for the unit of
+				// work feature. We can't use APM stats for this since the stats don't
+				// have enough cardinality (e.g. runtime-id tags are missing).
+				traceprof.GlobalEndpointCounter().Inc(localRootSpan.Resource)
+			}
+		}
+	}
+	if len(labels) > 0 {
+		span.pprofCtxRestore = ctx
+		span.pprofCtxActive = pprof.WithLabels(ctx, pprof.Labels(labels...))
+		pprof.SetGoroutineLabels(span.pprofCtxActive)
+	}
+}
+
+// spanResourcePIISafe returns true if s.Resource can be considered to not
+// include PII with reasonable confidence. E.g. SQL queries may contain PII,
+// but http, rpc or custom (s.Type == "") span resource names generally do not.
+func spanResourcePIISafe(s *span) bool {
+	return s.Type == ext.SpanTypeWeb || s.Type == ext.AppTypeRPC || s.Type == ""
+}
+
+// Stop stops the tracer.
+func (t *tracer) Stop() {
+	t.stopOnce.Do(func() {
+		close(t.stop)
+		t.statsd.Incr("datadog.tracer.stopped", nil, 1)
+	})
+	t.abandonedSpansDebugger.Stop()
+	t.stats.Stop()
+	t.wg.Wait()
+	t.traceWriter.stop()
+	t.statsd.Close()
+	if t.dataStreams != nil {
+		t.dataStreams.Stop()
+	}
+	appsec.Stop()
+}
+
+// Inject uses the configured or default TextMap Propagator.
+func (t *tracer) Inject(ctx ddtrace.SpanContext, carrier interface{}) error {
+	return t.config.propagator.Inject(ctx, carrier)
+}
+
+// Extract uses the configured or default TextMap Propagator.
+func (t *tracer) Extract(carrier interface{}) (ddtrace.SpanContext, error) {
+	return t.config.propagator.Extract(carrier)
+}
+
+// sampleRateMetricKey is the metric key holding the applied sample rate. Has to be the same as the Agent.
+const sampleRateMetricKey = "_sample_rate"
+
+// Sample samples a span with the internal sampler.
+func (t *tracer) sample(span *span) {
+	if _, ok := span.context.samplingPriority(); ok {
+		// sampling decision was already made
+		return
+	}
+	sampler := t.config.sampler
+	if !sampler.Sample(span) {
+		span.context.trace.drop()
+		span.context.trace.setSamplingPriority(ext.PriorityAutoReject, samplernames.RuleRate)
+		return
+	}
+	if rs, ok := sampler.(RateSampler); ok && rs.Rate() < 1 {
+		span.setMetric(sampleRateMetricKey, rs.Rate())
+	}
+	if t.rulesSampling.SampleTrace(span) {
+		return
+	}
+	t.prioritySampling.apply(span)
+}
+
+func startExecutionTracerTask(ctx gocontext.Context, span *span) (gocontext.Context, func()) {
+	if !rt.IsEnabled() {
+		return ctx, func() {}
+	}
+	span.goExecTraced = true
+	// Task name is the resource (operationName) of the span, e.g.
+	// "POST /foo/bar" (http) or "/foo/pkg.Method" (grpc).
+	taskName := span.Resource
+	// If the resource could contain PII (e.g. SQL query that's not using bind
+	// arguments), play it safe and just use the span type as the taskName,
+	// e.g. "sql".
+	if !spanResourcePIISafe(span) {
+		taskName = span.Type
+	}
+	end := noopTaskEnd
+	if !globalinternal.IsExecutionTraced(ctx) {
+		var task *rt.Task
+		ctx, task = rt.NewTask(ctx, taskName)
+		end = task.End
+	} else {
+		// We only want to skip task creation for this particular span,
+		// not necessarily for child spans which can come from different
+		// integrations. So update this context to be "not" execution
+		// traced so that derived contexts used by child spans don't get
+		// skipped.
+		ctx = globalinternal.WithExecutionNotTraced(ctx)
+	}
+	rt.Log(ctx, "span id", strconv.FormatUint(span.SpanID, 10))
+	return ctx, end
+}
+
+func noopTaskEnd() {}
+
+func (t *tracer) hostname() string {
+	if !t.config.enableHostnameDetection {
+		return ""
+	}
+	return hostname.Get()
+}
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/transport.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/transport.go
new file mode 100644
index 000000000..7a6e80a56
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/transport.go
@@ -0,0 +1,214 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016 Datadog, Inc.
+
+package tracer
+
+import (
+	"bytes"
+	"fmt"
+	"io"
+	"net"
+	"net/http"
+	"net/url"
+	"os"
+	"runtime"
+	"strconv"
+	"strings"
+	"sync/atomic"
+	"time"
+
+	traceinternal "gopkg.in/DataDog/dd-trace-go.v1/ddtrace/internal"
+	"gopkg.in/DataDog/dd-trace-go.v1/internal"
+	"gopkg.in/DataDog/dd-trace-go.v1/internal/version"
+
+	"github.com/tinylib/msgp/msgp"
+)
+
+const (
+	// headerComputedTopLevel specifies that the client has marked top-level spans, when set.
+	// Any non-empty value will mean 'yes'.
+	headerComputedTopLevel = "Datadog-Client-Computed-Top-Level"
+)
+
+var defaultDialer = &net.Dialer{
+	Timeout:   30 * time.Second,
+	KeepAlive: 30 * time.Second,
+	DualStack: true,
+}
+
+var defaultClient = &http.Client{
+	// We copy the transport to avoid using the default one, as it might be
+	// augmented with tracing and we don't want these calls to be recorded.
+	// See https://golang.org/pkg/net/http/#DefaultTransport .
+	Transport: &http.Transport{
+		Proxy:                 http.ProxyFromEnvironment,
+		DialContext:           defaultDialer.DialContext,
+		MaxIdleConns:          100,
+		IdleConnTimeout:       90 * time.Second,
+		TLSHandshakeTimeout:   10 * time.Second,
+		ExpectContinueTimeout: 1 * time.Second,
+	},
+	Timeout: defaultHTTPTimeout,
+}
+
+const (
+	defaultHostname    = "localhost"
+	defaultPort        = "8126"
+	defaultAddress     = defaultHostname + ":" + defaultPort
+	defaultURL         = "http://" + defaultAddress
+	defaultHTTPTimeout = 2 * time.Second         // defines the current timeout before giving up with the send process
+	traceCountHeader   = "X-Datadog-Trace-Count" // header containing the number of traces in the payload
+)
+
+// transport is an interface for communicating data to the agent.
+type transport interface {
+	// send sends the payload p to the agent using the transport set up.
+	// It returns a non-nil response body when no error occurred.
+	send(p *payload) (body io.ReadCloser, err error)
+	// sendStats sends the given stats payload to the agent.
+	sendStats(s *statsPayload) error
+	// endpoint returns the URL to which the transport will send traces.
+	endpoint() string
+}
+
+type httpTransport struct {
+	traceURL string            // the delivery URL for traces
+	statsURL string            // the delivery URL for stats
+	client   *http.Client      // the HTTP client used in the POST
+	headers  map[string]string // the Transport headers
+}
+
+// newTransport returns a new Transport implementation that sends traces to a
+// trace agent at the given url, using a given *http.Client.
+//
+// In general, using this method is only necessary if you have a trace agent
+// running on a non-default port, if it's located on another machine, or when
+// otherwise needing to customize the transport layer, for instance when using
+// a unix domain socket.
+func newHTTPTransport(url string, client *http.Client) *httpTransport {
+	// initialize the default EncoderPool with Encoder headers
+	defaultHeaders := map[string]string{
+		"Datadog-Meta-Lang":             "go",
+		"Datadog-Meta-Lang-Version":     strings.TrimPrefix(runtime.Version(), "go"),
+		"Datadog-Meta-Lang-Interpreter": runtime.Compiler + "-" + runtime.GOARCH + "-" + runtime.GOOS,
+		"Datadog-Meta-Tracer-Version":   version.Tag,
+		"Content-Type":                  "application/msgpack",
+	}
+	if cid := internal.ContainerID(); cid != "" {
+		defaultHeaders["Datadog-Container-ID"] = cid
+	}
+	return &httpTransport{
+		traceURL: fmt.Sprintf("%s/v0.4/traces", url),
+		statsURL: fmt.Sprintf("%s/v0.6/stats", url),
+		client:   client,
+		headers:  defaultHeaders,
+	}
+}
+
+func (t *httpTransport) sendStats(p *statsPayload) error {
+	var buf bytes.Buffer
+	if err := msgp.Encode(&buf, p); err != nil {
+		return err
+	}
+	req, err := http.NewRequest("POST", t.statsURL, &buf)
+	if err != nil {
+		return err
+	}
+	resp, err := t.client.Do(req)
+	if err != nil {
+		return err
+	}
+	if code := resp.StatusCode; code >= 400 {
+		// error, check the body for context information and
+		// return a nice error.
+		msg := make([]byte, 1000)
+		n, _ := resp.Body.Read(msg)
+		resp.Body.Close()
+		txt := http.StatusText(code)
+		if n > 0 {
+			return fmt.Errorf("%s (Status: %s)", msg[:n], txt)
+		}
+		return fmt.Errorf("%s", txt)
+	}
+	return nil
+}
+
+func (t *httpTransport) send(p *payload) (body io.ReadCloser, err error) {
+	req, err := http.NewRequest("POST", t.traceURL, p)
+	if err != nil {
+		return nil, fmt.Errorf("cannot create http request: %v", err)
+	}
+	for header, value := range t.headers {
+		req.Header.Set(header, value)
+	}
+	req.Header.Set(traceCountHeader, strconv.Itoa(p.itemCount()))
+	req.Header.Set("Content-Length", strconv.Itoa(p.size()))
+	req.Header.Set(headerComputedTopLevel, "yes")
+	if t, ok := traceinternal.GetGlobalTracer().(*tracer); ok {
+		if t.config.canComputeStats() {
+			req.Header.Set("Datadog-Client-Computed-Stats", "yes")
+		}
+		droppedTraces := int(atomic.SwapUint32(&t.droppedP0Traces, 0))
+		partialTraces := int(atomic.SwapUint32(&t.partialTraces, 0))
+		droppedSpans := int(atomic.SwapUint32(&t.droppedP0Spans, 0))
+		if stats := t.statsd; stats != nil {
+			stats.Count("datadog.tracer.dropped_p0_traces", int64(droppedTraces),
+				[]string{fmt.Sprintf("partial:%s", strconv.FormatBool(partialTraces > 0))}, 1)
+			stats.Count("datadog.tracer.dropped_p0_spans", int64(droppedSpans), nil, 1)
+		}
+		req.Header.Set("Datadog-Client-Dropped-P0-Traces", strconv.Itoa(droppedTraces))
+		req.Header.Set("Datadog-Client-Dropped-P0-Spans", strconv.Itoa(droppedSpans))
+	}
+	response, err := t.client.Do(req)
+	if err != nil {
+		return nil, err
+	}
+	if code := response.StatusCode; code >= 400 {
+		// error, check the body for context information and
+		// return a nice error.
+		msg := make([]byte, 1000)
+		n, _ := response.Body.Read(msg)
+		response.Body.Close()
+		txt := http.StatusText(code)
+		if n > 0 {
+			return nil, fmt.Errorf("%s (Status: %s)", msg[:n], txt)
+		}
+		return nil, fmt.Errorf("%s", txt)
+	}
+	return response.Body, nil
+}
+
+func (t *httpTransport) endpoint() string {
+	return t.traceURL
+}
+
+// resolveAgentAddr resolves the given agent address and fills in any missing host
+// and port using the defaults. Some environment variable settings will
+// take precedence over configuration.
+func resolveAgentAddr() *url.URL {
+	var host, port string
+	if v := os.Getenv("DD_AGENT_HOST"); v != "" {
+		host = v
+	}
+	if v := os.Getenv("DD_TRACE_AGENT_PORT"); v != "" {
+		port = v
+	}
+	if _, err := os.Stat(defaultSocketAPM); host == "" && port == "" && err == nil {
+		return &url.URL{
+			Scheme: "unix",
+			Path:   defaultSocketAPM,
+		}
+	}
+	if host == "" {
+		host = defaultHostname
+	}
+	if port == "" {
+		port = defaultPort
+	}
+	return &url.URL{
+		Scheme: "http",
+		Host:   fmt.Sprintf("%s:%s", host, port),
+	}
+}
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/util.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/util.go
new file mode 100644
index 000000000..67ee16149
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/util.go
@@ -0,0 +1,124 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016 Datadog, Inc.
+
+package tracer
+
+import (
+	"fmt"
+	"strconv"
+	"strings"
+
+	"gopkg.in/DataDog/dd-trace-go.v1/internal/samplernames"
+)
+
+// toFloat64 attempts to convert value into a float64. If the value is an integer
+// greater or equal to 2^53 or less than or equal to -2^53, it will not be converted
+// into a float64 to avoid losing precision. If it succeeds in converting, toFloat64
+// returns the value and true, otherwise 0 and false.
+func toFloat64(value interface{}) (f float64, ok bool) {
+	const max = (int64(1) << 53) - 1
+	const min = -max
+	switch i := value.(type) {
+	case byte:
+		return float64(i), true
+	case float32:
+		return float64(i), true
+	case float64:
+		return i, true
+	case int:
+		return float64(i), true
+	case int8:
+		return float64(i), true
+	case int16:
+		return float64(i), true
+	case int32:
+		return float64(i), true
+	case int64:
+		if i > max || i < min {
+			return 0, false
+		}
+		return float64(i), true
+	case uint:
+		return float64(i), true
+	case uint16:
+		return float64(i), true
+	case uint32:
+		return float64(i), true
+	case uint64:
+		if i > uint64(max) {
+			return 0, false
+		}
+		return float64(i), true
+	case samplernames.SamplerName:
+		return float64(i), true
+	default:
+		return 0, false
+	}
+}
+
+// parseUint64 parses a uint64 from either an unsigned 64 bit base-10 string
+// or a signed 64 bit base-10 string representing an unsigned integer
+func parseUint64(str string) (uint64, error) {
+	if strings.HasPrefix(str, "-") {
+		id, err := strconv.ParseInt(str, 10, 64)
+		if err != nil {
+			return 0, err
+		}
+		return uint64(id), nil
+	}
+	return strconv.ParseUint(str, 10, 64)
+}
+
+func isValidPropagatableTag(k, v string) error {
+	if len(k) == 0 {
+		return fmt.Errorf("key length must be greater than zero")
+	}
+	for _, ch := range k {
+		if ch < 32 || ch > 126 || ch == ' ' || ch == '=' || ch == ',' {
+			return fmt.Errorf("key contains an invalid character %d", ch)
+		}
+	}
+	if len(v) == 0 {
+		return fmt.Errorf("value length must be greater than zero")
+	}
+	for _, ch := range v {
+		if ch < 32 || ch > 126 || ch == ',' {
+			return fmt.Errorf("value contains an invalid character %d", ch)
+		}
+	}
+	return nil
+}
+
+func parsePropagatableTraceTags(s string) (map[string]string, error) {
+	if len(s) == 0 {
+		return nil, nil
+	}
+	tags := make(map[string]string)
+	searchingKey, start := true, 0
+	var key string
+	for i, ch := range s {
+		switch ch {
+		case '=':
+			if searchingKey {
+				if i-start == 0 {
+					return nil, fmt.Errorf("invalid format")
+				}
+				key = s[start:i]
+				searchingKey, start = false, i+1
+			}
+		case ',':
+			if searchingKey || i-start == 0 {
+				return nil, fmt.Errorf("invalid format")
+			}
+			tags[key] = s[start:i]
+			searchingKey, start = true, i+1
+		}
+	}
+	if searchingKey || len(s)-start == 0 {
+		return nil, fmt.Errorf("invalid format")
+	}
+	tags[key] = s[start:]
+	return tags, nil
+}
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/writer.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/writer.go
new file mode 100644
index 000000000..a4665bddb
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/writer.go
@@ -0,0 +1,340 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016 Datadog, Inc.
+
+package tracer
+
+import (
+	"bytes"
+	"encoding/json"
+	"errors"
+	"io"
+	"math"
+	"os"
+	"strconv"
+	"sync"
+	"time"
+
+	globalinternal "gopkg.in/DataDog/dd-trace-go.v1/internal"
+	"gopkg.in/DataDog/dd-trace-go.v1/internal/log"
+)
+
+type traceWriter interface {
+	// add adds traces to be sent by the writer.
+	add([]*span)
+
+	// flush causes the writer to send any buffered traces.
+	flush()
+
+	// stop gracefully shuts down the writer.
+	stop()
+}
+
+type agentTraceWriter struct {
+	// config holds the tracer configuration
+	config *config
+
+	// payload encodes and buffers traces in msgpack format
+	payload *payload
+
+	// climit limits the number of concurrent outgoing connections
+	climit chan struct{}
+
+	// wg waits for all uploads to finish
+	wg sync.WaitGroup
+
+	// prioritySampling is the prioritySampler into which agentTraceWriter will
+	// read sampling rates sent by the agent
+	prioritySampling *prioritySampler
+
+	// statsd is used to send metrics
+	statsd globalinternal.StatsdClient
+}
+
+func newAgentTraceWriter(c *config, s *prioritySampler, statsdClient globalinternal.StatsdClient) *agentTraceWriter {
+	return &agentTraceWriter{
+		config:           c,
+		payload:          newPayload(),
+		climit:           make(chan struct{}, concurrentConnectionLimit),
+		prioritySampling: s,
+		statsd:           statsdClient,
+	}
+}
+
+func (h *agentTraceWriter) add(trace []*span) {
+	if err := h.payload.push(trace); err != nil {
+		h.statsd.Incr("datadog.tracer.traces_dropped", []string{"reason:encoding_error"}, 1)
+		log.Error("Error encoding msgpack: %v", err)
+	}
+	if h.payload.size() > payloadSizeLimit {
+		h.statsd.Incr("datadog.tracer.flush_triggered", []string{"reason:size"}, 1)
+		h.flush()
+	}
+}
+
+func (h *agentTraceWriter) stop() {
+	h.statsd.Incr("datadog.tracer.flush_triggered", []string{"reason:shutdown"}, 1)
+	h.flush()
+	h.wg.Wait()
+}
+
+// flush will push any currently buffered traces to the server.
+func (h *agentTraceWriter) flush() {
+	if h.payload.itemCount() == 0 {
+		return
+	}
+	h.wg.Add(1)
+	h.climit <- struct{}{}
+	oldp := h.payload
+	h.payload = newPayload()
+	go func(p *payload) {
+		defer func(start time.Time) {
+			// Once the payload has been used, clear the buffer for garbage
+			// collection to avoid a memory leak when references to this object
+			// may still be kept by faulty transport implementations or the
+			// standard library. See dd-trace-go#976
+			p.clear()
+
+			<-h.climit
+			h.wg.Done()
+			h.statsd.Timing("datadog.tracer.flush_duration", time.Since(start), nil, 1)
+		}(time.Now())
+
+		var count, size int
+		var err error
+		for attempt := 0; attempt <= h.config.sendRetries; attempt++ {
+			size, count = p.size(), p.itemCount()
+			log.Debug("Sending payload: size: %d traces: %d\n", size, count)
+			rc, err := h.config.transport.send(p)
+			if err == nil {
+				log.Debug("sent traces after %d attempts", attempt+1)
+				h.statsd.Count("datadog.tracer.flush_bytes", int64(size), nil, 1)
+				h.statsd.Count("datadog.tracer.flush_traces", int64(count), nil, 1)
+				if err := h.prioritySampling.readRatesJSON(rc); err != nil {
+					h.statsd.Incr("datadog.tracer.decode_error", nil, 1)
+				}
+				return
+			}
+			log.Error("failure sending traces (attempt %d), will retry: %v", attempt+1, err)
+			p.reset()
+			time.Sleep(time.Millisecond)
+		}
+		h.statsd.Count("datadog.tracer.traces_dropped", int64(count), []string{"reason:send_failed"}, 1)
+		log.Error("lost %d traces: %v", count, err)
+	}(oldp)
+}
+
+// logWriter specifies the output target of the logTraceWriter; replaced in tests.
+var logWriter io.Writer = os.Stdout
+
+// logTraceWriter encodes traces into a format understood by the Datadog Forwarder
+// (https://github.com/DataDog/datadog-serverless-functions/tree/master/aws/logs_monitoring)
+// and writes them to os.Stdout. This is used to send traces from an AWS Lambda environment.
+type logTraceWriter struct {
+	config    *config
+	buf       bytes.Buffer
+	hasTraces bool
+	w         io.Writer
+	statsd    globalinternal.StatsdClient
+}
+
+func newLogTraceWriter(c *config, statsdClient globalinternal.StatsdClient) *logTraceWriter {
+	w := &logTraceWriter{
+		config: c,
+		w:      logWriter,
+		statsd: statsdClient,
+	}
+	w.resetBuffer()
+	return w
+}
+
+const (
+	// maxFloatLength is the maximum length that a string encoded by encodeFloat will be.
+	maxFloatLength = 24
+
+	// logBufferSuffix is the final string that the trace writer has to append to a buffer to close
+	// the JSON.
+	logBufferSuffix = "]}\n"
+
+	// logBufferLimit is the maximum size log line allowed by cloudwatch
+	logBufferLimit = 256 * 1024
+)
+
+func (h *logTraceWriter) resetBuffer() {
+	h.buf.Reset()
+	h.buf.WriteString(`{"traces": [`)
+	h.hasTraces = false
+}
+
+// encodeFloat correctly encodes float64 into the JSON format followed by ES6.
+// This code is reworked from Go's encoding/json package
+// (https://github.com/golang/go/blob/go1.15/src/encoding/json/encode.go#L573)
+//
+// One important departure from encoding/json is that infinities and nans are encoded
+// as null rather than signalling an error.
+func encodeFloat(p []byte, f float64) []byte {
+	if math.IsInf(f, 0) || math.IsNaN(f) {
+		return append(p, "null"...)
+	}
+	abs := math.Abs(f)
+	if abs != 0 && (abs < 1e-6 || abs >= 1e21) {
+		p = strconv.AppendFloat(p, f, 'e', -1, 64)
+		// clean up e-09 to e-9
+		n := len(p)
+		if n >= 4 && p[n-4] == 'e' && p[n-3] == '-' && p[n-2] == '0' {
+			p[n-2] = p[n-1]
+			p = p[:n-1]
+		}
+	} else {
+		p = strconv.AppendFloat(p, f, 'f', -1, 64)
+	}
+	return p
+}
+
+func (h *logTraceWriter) encodeSpan(s *span) {
+	var scratch [maxFloatLength]byte
+	h.buf.WriteString(`{"trace_id":"`)
+	h.buf.Write(strconv.AppendUint(scratch[:0], uint64(s.TraceID), 16))
+	h.buf.WriteString(`","span_id":"`)
+	h.buf.Write(strconv.AppendUint(scratch[:0], uint64(s.SpanID), 16))
+	h.buf.WriteString(`","parent_id":"`)
+	h.buf.Write(strconv.AppendUint(scratch[:0], uint64(s.ParentID), 16))
+	h.buf.WriteString(`","name":`)
+	h.marshalString(s.Name)
+	h.buf.WriteString(`,"resource":`)
+	h.marshalString(s.Resource)
+	h.buf.WriteString(`,"error":`)
+	h.buf.Write(strconv.AppendInt(scratch[:0], int64(s.Error), 10))
+	h.buf.WriteString(`,"meta":{`)
+	first := true
+	for k, v := range s.Meta {
+		if first {
+			first = false
+		} else {
+			h.buf.WriteString(`,`)
+		}
+		h.marshalString(k)
+		h.buf.WriteString(":")
+		h.marshalString(v)
+	}
+	h.buf.WriteString(`},"metrics":{`)
+	first = true
+	for k, v := range s.Metrics {
+		if math.IsNaN(v) || math.IsInf(v, 0) {
+			// The trace forwarder does not support infinity or nan, so we do not send metrics with those values.
+			continue
+		}
+		if first {
+			first = false
+		} else {
+			h.buf.WriteString(`,`)
+		}
+		h.marshalString(k)
+		h.buf.WriteString(`:`)
+		h.buf.Write(encodeFloat(scratch[:0], v))
+	}
+	h.buf.WriteString(`},"start":`)
+	h.buf.Write(strconv.AppendInt(scratch[:0], s.Start, 10))
+	h.buf.WriteString(`,"duration":`)
+	h.buf.Write(strconv.AppendInt(scratch[:0], s.Duration, 10))
+	h.buf.WriteString(`,"service":`)
+	h.marshalString(s.Service)
+	h.buf.WriteString(`}`)
+}
+
+// marshalString marshals the string str as JSON into the writer's buffer.
+// Should be used whenever writing non-constant string data to ensure correct sanitization.
+func (h *logTraceWriter) marshalString(str string) {
+	m, err := json.Marshal(str)
+	if err != nil {
+		log.Error("Error marshaling value %q: %v", str, err)
+	} else {
+		h.buf.Write(m)
+	}
+}
+
+type encodingError struct {
+	cause      error
+	dropReason string
+}
+
+// writeTrace makes an effort to write the trace into the current buffer. It returns
+// the number of spans (n) that it wrote and an error (err), if one occurred.
+// n may be less than len(trace), meaning that only the first n spans of the trace
+// fit into the current buffer. Once the buffer is flushed, the remaining spans
+// from the trace can be retried.
+// An error, if one is returned, indicates that a span in the trace is too large
+// to fit in one buffer, and the trace cannot be written.
+func (h *logTraceWriter) writeTrace(trace []*span) (n int, err *encodingError) {
+	startn := h.buf.Len()
+	if !h.hasTraces {
+		h.buf.WriteByte('[')
+	} else {
+		h.buf.WriteString(", [")
+	}
+	written := 0
+	for i, s := range trace {
+		n := h.buf.Len()
+		if i > 0 {
+			h.buf.WriteByte(',')
+		}
+		h.encodeSpan(s)
+		if h.buf.Len() > logBufferLimit-len(logBufferSuffix) {
+			// This span is too big to fit in the current buffer.
+			if i == 0 {
+				// This was the first span in this trace. This means we should truncate
+				// everything we wrote in writeTrace
+				h.buf.Truncate(startn)
+				if !h.hasTraces {
+					// This is the first span of the first trace in the buffer and it's too big.
+					// We will never be able to send this trace, so we will drop it.
+					return 0, &encodingError{cause: errors.New("span too large for buffer"), dropReason: "trace_too_large"}
+				}
+				return 0, nil
+			}
+			// This span was too big, but it might fit in the next buffer.
+			// We can finish this trace and try again with an empty buffer (see *logTaceWriter.add)
+			h.buf.Truncate(n)
+			break
+		}
+		written++
+	}
+	h.buf.WriteByte(']')
+	h.hasTraces = true
+	return written, nil
+}
+
+// add adds a trace to the writer's buffer.
+func (h *logTraceWriter) add(trace []*span) {
+	// Try adding traces to the buffer until we flush them all or encounter an error.
+	for len(trace) > 0 {
+		n, err := h.writeTrace(trace)
+		if err != nil {
+			log.Error("Lost a trace: %s", err.cause)
+			h.statsd.Count("datadog.tracer.traces_dropped", 1, []string{"reason:" + err.dropReason}, 1)
+			return
+		}
+		trace = trace[n:]
+		// If there are traces left that didn't fit into the buffer, flush the buffer and loop to
+		// write the remaining spans.
+		if len(trace) > 0 {
+			h.flush()
+		}
+	}
+}
+
+func (h *logTraceWriter) stop() {
+	h.statsd.Incr("datadog.tracer.flush_triggered", []string{"reason:shutdown"}, 1)
+	h.flush()
+}
+
+// flush will write any buffered traces to standard output.
+func (h *logTraceWriter) flush() {
+	if !h.hasTraces {
+		return
+	}
+	h.buf.WriteString(logBufferSuffix)
+	h.w.Write(h.buf.Bytes())
+	h.resetBuffer()
+}
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/active_span_key.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/active_span_key.go
new file mode 100644
index 000000000..090150a58
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/active_span_key.go
@@ -0,0 +1,11 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016 Datadog, Inc.
+
+package internal
+
+type contextKey struct{}
+
+// ActiveSpanKey is used to set tracer context on a context.Context objects with a unique key
+var ActiveSpanKey = contextKey{}
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/agent.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/agent.go
new file mode 100644
index 000000000..c8f835166
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/agent.go
@@ -0,0 +1,36 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2022 Datadog, Inc.
+
+package internal
+
+import (
+	"net/url"
+	"os"
+
+	"gopkg.in/DataDog/dd-trace-go.v1/internal/log"
+)
+
+// AgentURLFromEnv determines the trace agent URL from environment variable
+// DD_TRACE_AGENT_URL. If the determined value is valid and the scheme is
+// supported (unix, http or https), it will return an *url.URL. Otherwise,
+// it returns nil.
+func AgentURLFromEnv() *url.URL {
+	agentURL := os.Getenv("DD_TRACE_AGENT_URL")
+	if agentURL == "" {
+		return nil
+	}
+	u, err := url.Parse(agentURL)
+	if err != nil {
+		log.Warn("Failed to parse DD_TRACE_AGENT_URL: %v", err)
+		return nil
+	}
+	switch u.Scheme {
+	case "unix", "http", "https":
+		return u
+	default:
+		log.Warn("Unsupported protocol %q in Agent URL %q. Must be one of: http, https, unix.", u.Scheme, agentURL)
+		return nil
+	}
+}
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/appsec.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/appsec.go
new file mode 100644
index 000000000..98be47e8d
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/appsec.go
@@ -0,0 +1,183 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016 Datadog, Inc.
+
+//go:build appsec
+// +build appsec
+
+package appsec
+
+import (
+	"fmt"
+	"sync"
+
+	"gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/dyngo"
+	"gopkg.in/DataDog/dd-trace-go.v1/internal/log"
+	"gopkg.in/DataDog/dd-trace-go.v1/internal/remoteconfig"
+
+	"github.com/DataDog/go-libddwaf"
+)
+
+// Enabled returns true when AppSec is up and running. Meaning that the appsec build tag is enabled, the env var
+// DD_APPSEC_ENABLED is set to true, and the tracer is started.
+func Enabled() bool {
+	mu.RLock()
+	defer mu.RUnlock()
+	return activeAppSec != nil && activeAppSec.started
+}
+
+// Start AppSec when enabled is enabled by both using the appsec build tag and
+// setting the environment variable DD_APPSEC_ENABLED to true.
+func Start(opts ...StartOption) {
+	// AppSec can start either:
+	// 1. Manually thanks to DD_APPSEC_ENABLED
+	// 2. Remotely when DD_APPSEC_ENABLED is undefined
+	// Note: DD_APPSEC_ENABLED=false takes precedence over remote configuration
+	// and enforces to have AppSec disabled.
+	enabled, set, err := isEnabled()
+	if err != nil {
+		logUnexpectedStartError(err)
+		return
+	}
+
+	// Check if AppSec is explicitly disabled
+	if set && !enabled {
+		log.Debug("appsec: disabled by the configuration: set the environment variable DD_APPSEC_ENABLED to true to enable it")
+		return
+	}
+
+	// Check whether libddwaf - required for Threats Detection - is supported or not
+	if supported, err := waf.SupportsTarget(); !supported {
+		log.Error("appsec: threats detection is not supported: %v\nNo security activities will be collected. Please contact support at https://docs.datadoghq.com/help/ for help.", err)
+		return
+	}
+
+	// From this point we know that AppSec is either enabled or can be enabled through remote config
+	cfg, err := newConfig()
+	if err != nil {
+		logUnexpectedStartError(err)
+		return
+	}
+	for _, opt := range opts {
+		opt(cfg)
+	}
+	appsec := newAppSec(cfg)
+
+	// Start the remote configuration client
+	log.Debug("appsec: starting the remote configuration client")
+	appsec.startRC()
+
+	if !set {
+		// AppSec is not enforced by the env var and can be enabled through remote config
+		log.Debug("appsec: %s is not set, appsec won't start until activated through remote configuration", enabledEnvVar)
+		if err := appsec.enableRemoteActivation(); err != nil {
+			// ASM is not enabled and can't be enabled through remote configuration. Nothing more can be done.
+			logUnexpectedStartError(err)
+			appsec.stopRC()
+			return
+		}
+		log.Debug("appsec: awaiting for possible remote activation")
+	} else if err := appsec.start(); err != nil { // AppSec is specifically enabled
+		logUnexpectedStartError(err)
+		appsec.stopRC()
+		return
+	}
+	setActiveAppSec(appsec)
+}
+
+// Implement the AppSec log message C1
+func logUnexpectedStartError(err error) {
+	log.Error("appsec: could not start because of an unexpected error: %v\nNo security activities will be collected. Please contact support at https://docs.datadoghq.com/help/ for help.", err)
+}
+
+// Stop AppSec.
+func Stop() {
+	setActiveAppSec(nil)
+}
+
+var (
+	activeAppSec *appsec
+	mu           sync.RWMutex
+)
+
+func setActiveAppSec(a *appsec) {
+	mu.Lock()
+	defer mu.Unlock()
+	if activeAppSec != nil {
+		activeAppSec.stopRC()
+		activeAppSec.stop()
+	}
+	activeAppSec = a
+}
+
+type appsec struct {
+	cfg       *Config
+	limiter   *TokenTicker
+	rc        *remoteconfig.Client
+	wafHandle *wafHandle
+	started   bool
+}
+
+func newAppSec(cfg *Config) *appsec {
+	var client *remoteconfig.Client
+	var err error
+	if cfg.rc != nil {
+		client, err = remoteconfig.NewClient(*cfg.rc)
+	}
+	if err != nil {
+		log.Error("appsec: Remote config: disabled due to a client creation error: %v", err)
+	}
+	return &appsec{
+		cfg: cfg,
+		rc:  client,
+	}
+}
+
+// Start AppSec by registering its security protections according to the configured the security rules.
+func (a *appsec) start() error {
+	// Load the waf to catch early errors if any
+	if ok, err := waf.Load(); err != nil {
+		// 1. If there is an error and the loading is not ok: log as an unexpected error case and quit appsec
+		// Note that we assume here that the test for the unsupported target has been done before calling
+		// this method, so it is now considered an error for this method
+		if !ok {
+			return fmt.Errorf("error while loading libddwaf: %w", err)
+		}
+		// 2. If there is an error and the loading is ok: log as an informative error where appsec can be used
+		log.Error("appsec: non-critical error while loading libddwaf: %v", err)
+	}
+
+	a.limiter = NewTokenTicker(int64(a.cfg.traceRateLimit), int64(a.cfg.traceRateLimit))
+	a.limiter.Start()
+	// Register the WAF operation event listener
+	if err := a.swapWAF(a.cfg.rulesManager.latest); err != nil {
+		return err
+	}
+	a.enableRCBlocking()
+	a.started = true
+	log.Info("appsec: up and running")
+	// TODO: log the config like the APM tracer does but we first need to define
+	//   an user-friendly string representation of our config and its sources
+	return nil
+}
+
+// Stop AppSec by unregistering the security protections.
+func (a *appsec) stop() {
+	if !a.started {
+		return
+	}
+	a.started = false
+	// Disable RC blocking first so that the following is guaranteed not to be concurrent anymore.
+	a.disableRCBlocking()
+
+	// Disable the currently applied instrumentation
+	dyngo.SwapRootOperation(nil)
+	if a.wafHandle != nil {
+		a.wafHandle.Close()
+		a.wafHandle = nil
+	}
+	// TODO: block until no more requests are using dyngo operations
+
+	a.limiter.Stop()
+}
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/appsec_disabled.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/appsec_disabled.go
new file mode 100644
index 000000000..09f262175
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/appsec_disabled.go
@@ -0,0 +1,38 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016 Datadog, Inc.
+
+//go:build !appsec
+// +build !appsec
+
+package appsec
+
+import "gopkg.in/DataDog/dd-trace-go.v1/internal/log"
+
+// Enabled returns true when AppSec is up and running. Meaning that the appsec build tag is enabled, the env var
+// DD_APPSEC_ENABLED is set to true, and the tracer is started.
+func Enabled() bool {
+	return false
+}
+
+// Start AppSec when enabled by both using the appsec build tag and
+// setting the environment variable DD_APPSEC_ENABLED to true.
+func Start(...StartOption) {
+	if enabled, _, err := isEnabled(); err != nil {
+		// Something went wrong while checking the DD_APPSEC_ENABLED configuration
+		log.Error("appsec: error while checking if appsec is enabled: %v", err)
+	} else if enabled {
+		// The user is willing to enable appsec but didn't use the build tag
+		log.Info("appsec: enabled by the configuration but has not been activated during the compilation: please add the go build tag `appsec` to your build options to enable it")
+	} else {
+		// The user is not willing to start appsec, a simple debug log is enough
+		log.Debug("appsec: not been not enabled during the compilation: please add the go build tag `appsec` to your build options to enable it")
+	}
+}
+
+// Stop AppSec.
+func Stop() {}
+
+// Static rule stubs when disabled.
+const staticRecommendedRules = ""
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/config.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/config.go
new file mode 100644
index 000000000..1aaf419c9
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/config.go
@@ -0,0 +1,189 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016 Datadog, Inc.
+
+package appsec
+
+import (
+	"fmt"
+	"os"
+	"regexp"
+	"strconv"
+	"time"
+	"unicode"
+	"unicode/utf8"
+
+	"gopkg.in/DataDog/dd-trace-go.v1/internal/log"
+	"gopkg.in/DataDog/dd-trace-go.v1/internal/remoteconfig"
+)
+
+const (
+	enabledEnvVar         = "DD_APPSEC_ENABLED"
+	rulesEnvVar           = "DD_APPSEC_RULES"
+	wafTimeoutEnvVar      = "DD_APPSEC_WAF_TIMEOUT"
+	traceRateLimitEnvVar  = "DD_APPSEC_TRACE_RATE_LIMIT"
+	obfuscatorKeyEnvVar   = "DD_APPSEC_OBFUSCATION_PARAMETER_KEY_REGEXP"
+	obfuscatorValueEnvVar = "DD_APPSEC_OBFUSCATION_PARAMETER_VALUE_REGEXP"
+)
+
+const (
+	defaultWAFTimeout           = 4 * time.Millisecond
+	defaultTraceRate            = 100 // up to 100 appsec traces/s
+	defaultObfuscatorKeyRegex   = `(?i)(?:p(?:ass)?w(?:or)?d|pass(?:_?phrase)?|secret|(?:api_?|private_?|public_?)key)|token|consumer_?(?:id|key|secret)|sign(?:ed|ature)|bearer|authorization`
+	defaultObfuscatorValueRegex = `(?i)(?:p(?:ass)?w(?:or)?d|pass(?:_?phrase)?|secret|(?:api_?|private_?|public_?|access_?|secret_?)key(?:_?id)?|token|consumer_?(?:id|key|secret)|sign(?:ed|ature)?|auth(?:entication|orization)?)(?:\s*=[^;]|"\s*:\s*"[^"]+")|bearer\s+[a-z0-9\._\-]+|token:[a-z0-9]{13}|gh[opsu]_[0-9a-zA-Z]{36}|ey[I-L][\w=-]+\.ey[I-L][\w=-]+(?:\.[\w.+\/=-]+)?|[\-]{5}BEGIN[a-z\s]+PRIVATE\sKEY[\-]{5}[^\-]+[\-]{5}END[a-z\s]+PRIVATE\sKEY|ssh-rsa\s*[a-z0-9\/\.+]{100,}`
+)
+
+// StartOption is used to customize the AppSec configuration when invoked with appsec.Start()
+type StartOption func(c *Config)
+
+// Config is the AppSec configuration.
+type Config struct {
+	// rules loaded via the env var DD_APPSEC_RULES. When not set, the builtin rules will be used
+	// and live-updated with remote configuration.
+	rulesManager *rulesManager
+	// Maximum WAF execution time
+	wafTimeout time.Duration
+	// AppSec trace rate limit (traces per second).
+	traceRateLimit uint
+	// Obfuscator configuration parameters
+	obfuscator ObfuscatorConfig
+	// rc is the remote configuration client used to receive product configuration updates. Nil if rc is disabled (default)
+	rc *remoteconfig.ClientConfig
+}
+
+// WithRCConfig sets the AppSec remote config client configuration to the specified cfg
+func WithRCConfig(cfg remoteconfig.ClientConfig) StartOption {
+	return func(c *Config) {
+		c.rc = &cfg
+	}
+}
+
+// ObfuscatorConfig wraps the key and value regexp to be passed to the WAF to perform obfuscation.
+type ObfuscatorConfig struct {
+	KeyRegex   string
+	ValueRegex string
+}
+
+// isEnabled returns true when appsec is enabled when the environment variable
+// DD_APPSEC_ENABLED is set to true.
+// It also returns whether the env var is actually set in the env or not.
+func isEnabled() (enabled bool, set bool, err error) {
+	enabledStr, set := os.LookupEnv(enabledEnvVar)
+	if enabledStr == "" {
+		return false, set, nil
+	} else if enabled, err = strconv.ParseBool(enabledStr); err != nil {
+		return false, set, fmt.Errorf("could not parse %s value `%s` as a boolean value", enabledEnvVar, enabledStr)
+	} else {
+		return enabled, set, nil
+	}
+}
+
+func newConfig() (*Config, error) {
+	rules, err := readRulesConfig()
+	if err != nil {
+		return nil, err
+	}
+
+	r, err := newRulesManager(rules)
+	if err != nil {
+		return nil, err
+	}
+
+	return &Config{
+		rulesManager:   r,
+		wafTimeout:     readWAFTimeoutConfig(),
+		traceRateLimit: readRateLimitConfig(),
+		obfuscator:     readObfuscatorConfig(),
+	}, nil
+}
+
+func readWAFTimeoutConfig() (timeout time.Duration) {
+	timeout = defaultWAFTimeout
+	value := os.Getenv(wafTimeoutEnvVar)
+	if value == "" {
+		return
+	}
+
+	// Check if the value ends with a letter, which means the user has
+	// specified their own time duration unit(s) such as 1s200ms.
+	// Otherwise, default to microseconds.
+	if lastRune, _ := utf8.DecodeLastRuneInString(value); !unicode.IsLetter(lastRune) {
+		value += "us" // Add the default microsecond time-duration suffix
+	}
+
+	parsed, err := time.ParseDuration(value)
+	if err != nil {
+		logEnvVarParsingError(wafTimeoutEnvVar, value, err, timeout)
+		return
+	}
+	if parsed <= 0 {
+		logUnexpectedEnvVarValue(wafTimeoutEnvVar, parsed, "expecting a strictly positive duration", timeout)
+		return
+	}
+	return parsed
+}
+
+func readRateLimitConfig() (rate uint) {
+	rate = defaultTraceRate
+	value := os.Getenv(traceRateLimitEnvVar)
+	if value == "" {
+		return rate
+	}
+	parsed, err := strconv.ParseUint(value, 10, 0)
+	if err != nil {
+		logEnvVarParsingError(traceRateLimitEnvVar, value, err, rate)
+		return
+	}
+	if rate == 0 {
+		logUnexpectedEnvVarValue(traceRateLimitEnvVar, parsed, "expecting a value strictly greater than 0", rate)
+		return
+	}
+	return uint(parsed)
+}
+
+func readObfuscatorConfig() ObfuscatorConfig {
+	keyRE := readObfuscatorConfigRegexp(obfuscatorKeyEnvVar, defaultObfuscatorKeyRegex)
+	valueRE := readObfuscatorConfigRegexp(obfuscatorValueEnvVar, defaultObfuscatorValueRegex)
+	return ObfuscatorConfig{KeyRegex: keyRE, ValueRegex: valueRE}
+}
+
+func readObfuscatorConfigRegexp(name, defaultValue string) string {
+	val, present := os.LookupEnv(name)
+	if !present {
+		log.Debug("appsec: %s not defined, starting with the default obfuscator regular expression", name)
+		return defaultValue
+	}
+	if _, err := regexp.Compile(val); err != nil {
+		log.Error("appsec: could not compile the configured obfuscator regular expression `%s=%s`. Using the default value instead", name, val)
+		return defaultValue
+	}
+	log.Debug("appsec: starting with the configured obfuscator regular expression %s", name)
+	return val
+}
+
+func readRulesConfig() (rules []byte, err error) {
+	rules = []byte(staticRecommendedRules)
+	filepath := os.Getenv(rulesEnvVar)
+	if filepath == "" {
+		log.Debug("appsec: using the default built-in recommended security rules")
+		return rules, nil
+	}
+	buf, err := os.ReadFile(filepath)
+	if err != nil {
+		if os.IsNotExist(err) {
+			log.Error("appsec: could not find the rules file in path %s: %v.", filepath, err)
+		}
+		return nil, err
+	}
+	log.Debug("appsec: using the security rules from file %s", filepath)
+	return buf, nil
+}
+
+func logEnvVarParsingError(name, value string, err error, defaultValue interface{}) {
+	log.Error("appsec: could not parse the env var %s=%s as a duration: %v. Using default value %v.", name, value, err, defaultValue)
+}
+
+func logUnexpectedEnvVarValue(name string, value interface{}, reason string, defaultValue interface{}) {
+	log.Error("appsec: unexpected configuration value of %s=%v: %s. Using default value %v.", name, value, reason, defaultValue)
+}
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/dyngo/instrumentation/common.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/dyngo/instrumentation/common.go
new file mode 100644
index 000000000..6784deff5
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/dyngo/instrumentation/common.go
@@ -0,0 +1,166 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2022 Datadog, Inc.
+
+// Package instrumentation holds code commonly used between all instrumentation declinations (currently httpsec/grpcsec).
+package instrumentation
+
+import (
+	"encoding/json"
+	"fmt"
+	"sync"
+
+	"gopkg.in/DataDog/dd-trace-go.v1/ddtrace/ext"
+	"gopkg.in/DataDog/dd-trace-go.v1/internal/samplernames"
+)
+
+// BlockedRequestTag used to convey whether a request is blocked
+const BlockedRequestTag = "appsec.blocked"
+
+type (
+	// TagSetter is the interface needed to set a span tag.
+	TagSetter interface {
+		SetTag(string, interface{})
+	}
+	// TagsHolder wraps a map holding tags. The purpose of this struct is to be used by composition in an Operation
+	// to allow said operation to handle tags addition/retrieval. See httpsec/http.go and grpcsec/grpc.go.
+	TagsHolder struct {
+		tags map[string]interface{}
+		mu   sync.Mutex
+	}
+	// SecurityEventsHolder is a wrapper around a thread safe security events slice. The purpose of this struct is to be
+	// used by composition in an Operation to allow said operation to handle security events addition/retrieval.
+	// See httpsec/http.go and grpcsec/grpc.go.
+	SecurityEventsHolder struct {
+		events []json.RawMessage
+		mu     sync.RWMutex
+	}
+	// ContextKey is used as a key to store operations in the request's context (gRPC/HTTP)
+	ContextKey struct{}
+)
+
+// NewTagsHolder returns a new instance of a TagsHolder struct.
+func NewTagsHolder() TagsHolder {
+	return TagsHolder{tags: map[string]interface{}{}}
+}
+
+// AddTag adds the key/value pair to the tags map
+func (m *TagsHolder) AddTag(k string, v interface{}) {
+	m.mu.Lock()
+	defer m.mu.Unlock()
+	m.tags[k] = v
+}
+
+// Tags returns the tags map
+func (m *TagsHolder) Tags() map[string]interface{} {
+	return m.tags
+}
+
+// AddSecurityEvents adds the security events to the collected events list.
+// Thread safe.
+func (s *SecurityEventsHolder) AddSecurityEvents(events ...json.RawMessage) {
+	s.mu.Lock()
+	defer s.mu.Unlock()
+	s.events = append(s.events, events...)
+}
+
+// Events returns the list of stored events.
+func (s *SecurityEventsHolder) Events() []json.RawMessage {
+	s.mu.RLock()
+	defer s.mu.RUnlock()
+	return s.events
+}
+
+// ClearEvents clears the list of stored events
+func (s *SecurityEventsHolder) ClearEvents() {
+	s.mu.Lock()
+	defer s.mu.Unlock()
+	s.events = s.events[0:0]
+}
+
+// SetTags fills the span tags using the key/value pairs found in `tags`
+func SetTags(span TagSetter, tags map[string]interface{}) {
+	for k, v := range tags {
+		span.SetTag(k, v)
+	}
+}
+
+// SetStringTags fills the span tags using the key/value pairs of strings found
+// in `tags`
+func SetStringTags(span TagSetter, tags map[string]string) {
+	for k, v := range tags {
+		span.SetTag(k, v)
+	}
+}
+
+// SetAppSecEnabledTags sets the AppSec-specific span tags that are expected to be in
+// the web service entry span (span of type `web`) when AppSec is enabled.
+func SetAppSecEnabledTags(span TagSetter) {
+	span.SetTag("_dd.appsec.enabled", 1)
+	span.SetTag("_dd.runtime_family", "go")
+}
+
+// SetEventSpanTags sets the security event span tags into the service entry span.
+func SetEventSpanTags(span TagSetter, events []json.RawMessage) error {
+	// Set the appsec event span tag
+	val, err := makeEventTagValue(events)
+	if err != nil {
+		return err
+	}
+	span.SetTag("_dd.appsec.json", string(val))
+	// Keep this span due to the security event
+	//
+	// This is a workaround to tell the tracer that the trace was kept by AppSec.
+	// Passing any other value than `appsec.SamplerAppSec` has no effect.
+	// Customers should use `span.SetTag(ext.ManualKeep, true)` pattern
+	// to keep the trace, manually.
+	span.SetTag(ext.ManualKeep, samplernames.AppSec)
+	span.SetTag("_dd.origin", "appsec")
+	// Set the appsec.event tag needed by the appsec backend
+	span.SetTag("appsec.event", true)
+	return nil
+}
+
+// Create the value of the security event tag.
+// TODO(Julio-Guerra): a future libddwaf version should return something
+//
+//	avoiding us the following events concatenation logic which currently
+//	involves unserializing the top-level JSON arrays to concatenate them
+//	together.
+//
+// TODO(Julio-Guerra): avoid serializing the json in the request hot path
+func makeEventTagValue(events []json.RawMessage) (json.RawMessage, error) {
+	var v interface{}
+	if l := len(events); l == 1 {
+		// eventTag is the structure to use in the `_dd.appsec.json` span tag.
+		// In this case of 1 event, it already is an array as expected.
+		type eventTag struct {
+			Triggers json.RawMessage `json:"triggers"`
+		}
+		v = eventTag{Triggers: events[0]}
+	} else {
+		// eventTag is the structure to use in the `_dd.appsec.json` span tag.
+		// With more than one event, we need to concatenate the arrays together
+		// (ie. convert [][]json.RawMessage into []json.RawMessage).
+		type eventTag struct {
+			Triggers []json.RawMessage `json:"triggers"`
+		}
+		concatenated := make([]json.RawMessage, 0, l) // at least len(events)
+		for _, event := range events {
+			// Unmarshal the top level array
+			var tmp []json.RawMessage
+			if err := json.Unmarshal(event, &tmp); err != nil {
+				return nil, fmt.Errorf("unexpected error while unserializing the appsec event `%s`: %v", string(event), err)
+			}
+			concatenated = append(concatenated, tmp...)
+		}
+		v = eventTag{Triggers: concatenated}
+	}
+
+	tag, err := json.Marshal(v)
+	if err != nil {
+		return nil, fmt.Errorf("unexpected error while serializing the appsec event span tag: %v", err)
+	}
+	return tag, nil
+}
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/dyngo/instrumentation/grpcsec/grpc.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/dyngo/instrumentation/grpcsec/grpc.go
new file mode 100644
index 000000000..f95e9418e
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/dyngo/instrumentation/grpcsec/grpc.go
@@ -0,0 +1,209 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016 Datadog, Inc.
+
+// Package grpcsec is the gRPC instrumentation API and contract for AppSec
+// defining an abstract run-time representation of gRPC handlers.
+// gRPC integrations must use this package to enable AppSec features for gRPC,
+// which listens to this package's operation events.
+package grpcsec
+
+import (
+	"context"
+	"encoding/json"
+	"reflect"
+
+	"gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/dyngo"
+	"gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/dyngo/instrumentation"
+
+	"github.com/DataDog/appsec-internal-go/netip"
+)
+
+// Abstract gRPC server handler operation definitions. It is based on two
+// operations allowing to describe every type of RPC: the HandlerOperation type
+// which represents the RPC handler, and the ReceiveOperation type which
+// represents the messages the RPC handler receives during its lifetime.
+// This means that the ReceiveOperation(s) will happen within the
+// HandlerOperation.
+// Every type of RPC, unary, client streaming, server streaming, and
+// bidirectional streaming RPCs, can be all represented with a HandlerOperation
+// having one or several ReceiveOperation.
+// The send operation is not required for now and therefore not defined, which
+// means that server and bidirectional streaming RPCs currently have the same
+// run-time representation as unary and client streaming RPCs.
+type (
+	// HandlerOperation represents a gRPC server handler operation.
+	// It must be created with StartHandlerOperation() and finished with its
+	// Finish() method.
+	// Security events observed during the operation lifetime should be added
+	// to the operation using its AddSecurityEvent() method.
+	HandlerOperation struct {
+		dyngo.Operation
+		instrumentation.TagsHolder
+		instrumentation.SecurityEventsHolder
+		Error error
+	}
+	// HandlerOperationArgs is the grpc handler arguments.
+	HandlerOperationArgs struct {
+		// Message received by the gRPC handler.
+		// Corresponds to the address `grpc.server.request.metadata`.
+		Metadata map[string][]string
+		ClientIP netip.Addr
+	}
+	// HandlerOperationRes is the grpc handler results. Empty as of today.
+	HandlerOperationRes struct{}
+
+	// ReceiveOperation type representing an gRPC server handler operation. It must
+	// be created with StartReceiveOperation() and finished with its Finish().
+	ReceiveOperation struct {
+		dyngo.Operation
+	}
+	// ReceiveOperationArgs is the gRPC handler receive operation arguments
+	// Empty as of today.
+	ReceiveOperationArgs struct{}
+	// ReceiveOperationRes is the gRPC handler receive operation results which
+	// contains the message the gRPC handler received.
+	ReceiveOperationRes struct {
+		// Message received by the gRPC handler.
+		// Corresponds to the address `grpc.server.request.message`.
+		Message interface{}
+	}
+
+	// MonitoringError is used to vehicle a gRPC error that also embeds a request status code
+	MonitoringError struct {
+		msg    string
+		status uint32
+	}
+)
+
+// NewMonitoringError creates and returns a new gRPC monitoring error, wrapped under
+// sharedesec.MonitoringError
+func NewMonitoringError(msg string, code uint32) error {
+	return &MonitoringError{
+		msg:    msg,
+		status: code,
+	}
+}
+
+// GRPCStatus returns the gRPC status code embedded in the error
+func (e *MonitoringError) GRPCStatus() uint32 {
+	return e.status
+}
+
+// Error implements the error interface
+func (e *MonitoringError) Error() string {
+	return e.msg
+}
+
+// TODO(Julio-Guerra): create a go-generate tool to generate the types, vars and methods below
+
+// StartHandlerOperation starts an gRPC server handler operation, along with the
+// given arguments and parent operation, and emits a start event up in the
+// operation stack. When parent is nil, the operation is linked to the global
+// root operation.
+func StartHandlerOperation(ctx context.Context, args HandlerOperationArgs, parent dyngo.Operation, listeners ...dyngo.DataListener) (context.Context, *HandlerOperation) {
+	op := &HandlerOperation{
+		Operation:  dyngo.NewOperation(parent),
+		TagsHolder: instrumentation.NewTagsHolder(),
+	}
+	for _, l := range listeners {
+		op.OnData(l)
+	}
+	newCtx := context.WithValue(ctx, instrumentation.ContextKey{}, op)
+	dyngo.StartOperation(op, args)
+	return newCtx, op
+}
+
+// Finish the gRPC handler operation, along with the given results, and emit a
+// finish event up in the operation stack.
+func (op *HandlerOperation) Finish(res HandlerOperationRes) []json.RawMessage {
+	dyngo.FinishOperation(op, res)
+	return op.Events()
+}
+
+// gRPC handler operation's start and finish event callback function types.
+type (
+	// OnHandlerOperationStart function type, called when an gRPC handler
+	// operation starts.
+	OnHandlerOperationStart func(*HandlerOperation, HandlerOperationArgs)
+	// OnHandlerOperationFinish function type, called when an gRPC handler
+	// operation finishes.
+	OnHandlerOperationFinish func(*HandlerOperation, HandlerOperationRes)
+)
+
+var (
+	handlerOperationArgsType = reflect.TypeOf((*HandlerOperationArgs)(nil)).Elem()
+	handlerOperationResType  = reflect.TypeOf((*HandlerOperationRes)(nil)).Elem()
+)
+
+// ListenedType returns the type a OnHandlerOperationStart event listener
+// listens to, which is the HandlerOperationArgs type.
+func (OnHandlerOperationStart) ListenedType() reflect.Type { return handlerOperationArgsType }
+
+// Call the underlying event listener function by performing the type-assertion
+// on v whose type is the one returned by ListenedType().
+func (f OnHandlerOperationStart) Call(op dyngo.Operation, v interface{}) {
+	f(op.(*HandlerOperation), v.(HandlerOperationArgs))
+}
+
+// ListenedType returns the type a OnHandlerOperationFinish event listener
+// listens to, which is the HandlerOperationRes type.
+func (OnHandlerOperationFinish) ListenedType() reflect.Type { return handlerOperationResType }
+
+// Call the underlying event listener function by performing the type-assertion
+// on v whose type is the one returned by ListenedType().
+func (f OnHandlerOperationFinish) Call(op dyngo.Operation, v interface{}) {
+	f(op.(*HandlerOperation), v.(HandlerOperationRes))
+}
+
+// StartReceiveOperation starts a receive operation of a gRPC handler, along
+// with the given arguments and parent operation, and emits a start event up in
+// the operation stack. When parent is nil, the operation is linked to the
+// global root operation.
+func StartReceiveOperation(args ReceiveOperationArgs, parent dyngo.Operation) ReceiveOperation {
+	op := ReceiveOperation{Operation: dyngo.NewOperation(parent)}
+	dyngo.StartOperation(op, args)
+	return op
+}
+
+// Finish the gRPC handler operation, along with the given results, and emits a
+// finish event up in the operation stack.
+func (op ReceiveOperation) Finish(res ReceiveOperationRes) {
+	dyngo.FinishOperation(op, res)
+}
+
+// gRPC receive operation's start and finish event callback function types.
+type (
+	// OnReceiveOperationStart function type, called when a gRPC receive
+	// operation starts.
+	OnReceiveOperationStart func(ReceiveOperation, ReceiveOperationArgs)
+	// OnReceiveOperationFinish function type, called when a grpc receive
+	// operation finishes.
+	OnReceiveOperationFinish func(ReceiveOperation, ReceiveOperationRes)
+)
+
+var (
+	receiveOperationArgsType = reflect.TypeOf((*ReceiveOperationArgs)(nil)).Elem()
+	receiveOperationResType  = reflect.TypeOf((*ReceiveOperationRes)(nil)).Elem()
+)
+
+// ListenedType returns the type a OnHandlerOperationStart event listener
+// listens to, which is the HandlerOperationArgs type.
+func (OnReceiveOperationStart) ListenedType() reflect.Type { return receiveOperationArgsType }
+
+// Call the underlying event listener function by performing the type-assertion
+// on v whose type is the one returned by ListenedType().
+func (f OnReceiveOperationStart) Call(op dyngo.Operation, v interface{}) {
+	f(op.(ReceiveOperation), v.(ReceiveOperationArgs))
+}
+
+// ListenedType returns the type a OnHandlerOperationFinish event listener
+// listens to, which is the HandlerOperationRes type.
+func (OnReceiveOperationFinish) ListenedType() reflect.Type { return receiveOperationResType }
+
+// Call the underlying event listener function by performing the type-assertion
+// on v whose type is the one returned by ListenedType().
+func (f OnReceiveOperationFinish) Call(op dyngo.Operation, v interface{}) {
+	f(op.(ReceiveOperation), v.(ReceiveOperationRes))
+}
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/dyngo/instrumentation/grpcsec/tags.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/dyngo/instrumentation/grpcsec/tags.go
new file mode 100644
index 000000000..f01461060
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/dyngo/instrumentation/grpcsec/tags.go
@@ -0,0 +1,36 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016 Datadog, Inc.
+
+package grpcsec
+
+import (
+	"encoding/json"
+
+	"gopkg.in/DataDog/dd-trace-go.v1/ddtrace"
+	"gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/dyngo/instrumentation"
+	"gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/dyngo/instrumentation/httpsec"
+	"gopkg.in/DataDog/dd-trace-go.v1/internal/log"
+)
+
+// SetSecurityEventsTags sets the AppSec events span tags.
+func SetSecurityEventsTags(span ddtrace.Span, events []json.RawMessage) {
+	if err := setSecurityEventsTags(span, events); err != nil {
+		log.Error("appsec: unexpected error while creating the appsec events tags: %v", err)
+	}
+}
+
+func setSecurityEventsTags(span ddtrace.Span, events []json.RawMessage) error {
+	if events == nil {
+		return nil
+	}
+	return instrumentation.SetEventSpanTags(span, events)
+}
+
+// SetRequestMetadataTags sets the gRPC request metadata span tags.
+func SetRequestMetadataTags(span ddtrace.Span, md map[string][]string) {
+	for h, v := range httpsec.NormalizeHTTPHeaders(md) {
+		span.SetTag("grpc.metadata."+h, v)
+	}
+}
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/dyngo/instrumentation/httpsec/http.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/dyngo/instrumentation/httpsec/http.go
new file mode 100644
index 000000000..bcb4fb444
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/dyngo/instrumentation/httpsec/http.go
@@ -0,0 +1,337 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016 Datadog, Inc.
+
+// Package httpsec defines is the HTTP instrumentation API and contract for
+// AppSec. It defines an abstract representation of HTTP handlers, along with
+// helper functions to wrap (aka. instrument) standard net/http handlers.
+// HTTP integrations must use this package to enable AppSec features for HTTP,
+// which listens to this package's operation events.
+package httpsec
+
+import (
+	"context"
+	// Blank import needed to use embed for the default blocked response payloads
+	_ "embed"
+	"encoding/json"
+	"net/http"
+	"reflect"
+	"strings"
+	"sync"
+
+	"gopkg.in/DataDog/dd-trace-go.v1/ddtrace"
+	"gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/dyngo"
+	"gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/dyngo/instrumentation"
+	"gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/dyngo/instrumentation/sharedsec"
+	"gopkg.in/DataDog/dd-trace-go.v1/internal/log"
+
+	"github.com/DataDog/appsec-internal-go/netip"
+)
+
+// Abstract HTTP handler operation definition.
+type (
+	// HandlerOperationArgs is the HTTP handler operation arguments.
+	HandlerOperationArgs struct {
+		// Method is the http method verb of the request, address is `server.request.method`
+		Method string
+		// RequestURI corresponds to the address `server.request.uri.raw`
+		RequestURI string
+		// Headers corresponds to the address `server.request.headers.no_cookies`
+		Headers map[string][]string
+		// Cookies corresponds to the address `server.request.cookies`
+		Cookies map[string][]string
+		// Query corresponds to the address `server.request.query`
+		Query map[string][]string
+		// PathParams corresponds to the address `server.request.path_params`
+		PathParams map[string]string
+		// ClientIP corresponds to the address `http.client_ip`
+		ClientIP netip.Addr
+	}
+
+	// HandlerOperationRes is the HTTP handler operation results.
+	HandlerOperationRes struct {
+		// Status corresponds to the address `server.response.status`.
+		Status int
+	}
+
+	// SDKBodyOperationArgs is the SDK body operation arguments.
+	SDKBodyOperationArgs struct {
+		// Body corresponds to the address `server.request.body`.
+		Body interface{}
+	}
+
+	// SDKBodyOperationRes is the SDK body operation results.
+	SDKBodyOperationRes struct{}
+
+	// MonitoringError is used to vehicle an HTTP error, usually resurfaced through Appsec SDKs.
+	MonitoringError struct {
+		msg string
+	}
+)
+
+// Error implements the Error interface
+func (e *MonitoringError) Error() string {
+	return e.msg
+}
+
+// NewMonitoringError creates and returns a new HTTP monitoring error, wrapped under
+// sharedesec.MonitoringError
+func NewMonitoringError(msg string) error {
+	return &MonitoringError{
+		msg: msg,
+	}
+}
+
+// MonitorParsedBody starts and finishes the SDK body operation.
+// This function should not be called when AppSec is disabled in order to
+// get preciser error logs.
+func MonitorParsedBody(ctx context.Context, body interface{}) error {
+	parent := fromContext(ctx)
+	if parent == nil {
+		log.Error("appsec: parsed http body monitoring ignored: could not find the http handler instrumentation metadata in the request context: the request handler is not being monitored by a middleware function or the provided context is not the expected request context")
+		return nil
+	}
+
+	return ExecuteSDKBodyOperation(parent, SDKBodyOperationArgs{Body: body})
+}
+
+// ExecuteSDKBodyOperation starts and finishes the SDK Body operation by emitting a dyngo start and finish events
+// An error is returned if the body associated to that operation must be blocked
+func ExecuteSDKBodyOperation(parent dyngo.Operation, args SDKBodyOperationArgs) error {
+	var err error
+	op := &SDKBodyOperation{Operation: dyngo.NewOperation(parent)}
+	sharedsec.OnErrorData(op, func(e error) {
+		err = e
+	})
+	dyngo.StartOperation(op, args)
+	dyngo.FinishOperation(op, SDKBodyOperationRes{})
+	return err
+}
+
+// WrapHandler wraps the given HTTP handler with the abstract HTTP operation defined by HandlerOperationArgs and
+// HandlerOperationRes.
+// The onBlock params are used to cleanup the context when needed.
+// It is a specific patch meant for Gin, for which we must abort the
+// context since it uses a queue of handlers and it's the only way to make
+// sure other queued handlers don't get executed.
+// TODO: this patch must be removed/improved when we rework our actions/operations system
+func WrapHandler(handler http.Handler, span ddtrace.Span, pathParams map[string]string, onBlock ...func()) http.Handler {
+	instrumentation.SetAppSecEnabledTags(span)
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		ipTags, clientIP := ClientIPTags(r.Header, true, r.RemoteAddr)
+		log.Debug("appsec: http client ip detection returned `%s` given the http headers `%v`", clientIP, r.Header)
+		instrumentation.SetStringTags(span, ipTags)
+
+		var bypassHandler http.Handler
+		var blocking bool
+		args := MakeHandlerOperationArgs(r, clientIP, pathParams)
+		ctx, op := StartOperation(r.Context(), args, dyngo.NewDataListener(func(a *sharedsec.Action) {
+			bypassHandler = a.HTTP()
+			blocking = a.Blocking()
+		}))
+		r = r.WithContext(ctx)
+
+		defer func() {
+			var status int
+			if mw, ok := w.(interface{ Status() int }); ok {
+				status = mw.Status()
+			}
+
+			events := op.Finish(HandlerOperationRes{Status: status})
+
+			// Execute the onBlock functions to make sure blocking works properly
+			// in case we are instrumenting the Gin framework
+			if blocking {
+				op.AddTag(instrumentation.BlockedRequestTag, true)
+				for _, f := range onBlock {
+					f()
+				}
+			}
+
+			if bypassHandler != nil {
+				bypassHandler.ServeHTTP(w, r)
+			}
+
+			// Add the request headers span tags out of args.Headers instead of r.Header as it was normalized and some
+			// extra headers have been added such as the Host header which is removed from the original Go request headers
+			// map
+			setRequestHeadersTags(span, args.Headers)
+			setResponseHeadersTags(span, w.Header())
+			instrumentation.SetTags(span, op.Tags())
+			if len(events) > 0 {
+				SetSecurityEventsTags(span, events)
+			}
+		}()
+
+		if bypassHandler != nil {
+			handler = bypassHandler
+			bypassHandler = nil
+		}
+		handler.ServeHTTP(w, r)
+	})
+}
+
+// MakeHandlerOperationArgs creates the HandlerOperationArgs value.
+func MakeHandlerOperationArgs(r *http.Request, clientIP netip.Addr, pathParams map[string]string) HandlerOperationArgs {
+	headers := make(http.Header, len(r.Header))
+	for k, v := range r.Header {
+		k := strings.ToLower(k)
+		if k == "cookie" {
+			// Do not include cookies in the request headers
+			continue
+		}
+		headers[k] = v
+	}
+	cookies := makeCookies(r) // TODO(Julio-Guerra): avoid actively parsing the cookies thanks to dynamic instrumentation
+	headers["host"] = []string{r.Host}
+	return HandlerOperationArgs{
+		Method:     r.Method,
+		RequestURI: r.RequestURI,
+		Headers:    headers,
+		Cookies:    cookies,
+		Query:      r.URL.Query(), // TODO(Julio-Guerra): avoid actively parsing the query values thanks to dynamic instrumentation
+		PathParams: pathParams,
+		ClientIP:   clientIP,
+	}
+}
+
+// MakeHandlerOperationRes creates the HandlerOperationRes value.
+func MakeHandlerOperationRes(w http.ResponseWriter) HandlerOperationRes {
+	var status int
+	if mw, ok := w.(interface{ Status() int }); ok {
+		status = mw.Status()
+	}
+	return HandlerOperationRes{Status: status}
+}
+
+// Return the map of parsed cookies if any and following the specification of
+// the rule address `server.request.cookies`.
+func makeCookies(r *http.Request) map[string][]string {
+	parsed := r.Cookies()
+	if len(parsed) == 0 {
+		return nil
+	}
+	cookies := make(map[string][]string, len(parsed))
+	for _, c := range parsed {
+		cookies[c.Name] = append(cookies[c.Name], c.Value)
+	}
+	return cookies
+}
+
+// TODO(Julio-Guerra): create a go-generate tool to generate the types, vars and methods below
+
+// Operation type representing an HTTP operation. It must be created with
+// StartOperation() and finished with its Finish().
+type (
+	Operation struct {
+		dyngo.Operation
+		instrumentation.TagsHolder
+		instrumentation.SecurityEventsHolder
+		mu sync.RWMutex
+	}
+
+	// SDKBodyOperation type representing an SDK body
+	SDKBodyOperation struct {
+		dyngo.Operation
+	}
+)
+
+// StartOperation starts an HTTP handler operation, along with the given
+// context and arguments and emits a start event up in the operation stack.
+// The operation is linked to the global root operation since an HTTP operation
+// is always expected to be first in the operation stack.
+func StartOperation(ctx context.Context, args HandlerOperationArgs, listeners ...dyngo.DataListener) (context.Context, *Operation) {
+	op := &Operation{
+		Operation:  dyngo.NewOperation(nil),
+		TagsHolder: instrumentation.NewTagsHolder(),
+	}
+	for _, l := range listeners {
+		op.OnData(l)
+	}
+	newCtx := context.WithValue(ctx, instrumentation.ContextKey{}, op)
+	dyngo.StartOperation(op, args)
+	return newCtx, op
+}
+
+// fromContext returns the Operation object stored in the context, if any
+func fromContext(ctx context.Context) *Operation {
+	// Avoid a runtime panic in case of type-assertion error by collecting the 2 return values
+	op, _ := ctx.Value(instrumentation.ContextKey{}).(*Operation)
+	return op
+}
+
+// Finish the HTTP handler operation, along with the given results and emits a
+// finish event up in the operation stack.
+func (op *Operation) Finish(res HandlerOperationRes) []json.RawMessage {
+	dyngo.FinishOperation(op, res)
+	return op.Events()
+}
+
+// Finish finishes the SDKBody operation and emits a finish event
+func (op *SDKBodyOperation) Finish() {
+	dyngo.FinishOperation(op, SDKBodyOperationRes{})
+}
+
+// HTTP handler operation's start and finish event callback function types.
+type (
+	// OnHandlerOperationStart function type, called when an HTTP handler
+	// operation starts.
+	OnHandlerOperationStart func(*Operation, HandlerOperationArgs)
+	// OnHandlerOperationFinish function type, called when an HTTP handler
+	// operation finishes.
+	OnHandlerOperationFinish func(*Operation, HandlerOperationRes)
+	// OnSDKBodyOperationStart function type, called when an SDK body
+	// operation starts.
+	OnSDKBodyOperationStart func(*SDKBodyOperation, SDKBodyOperationArgs)
+	// OnSDKBodyOperationFinish function type, called when an SDK body
+	// operation finishes.
+	OnSDKBodyOperationFinish func(*SDKBodyOperation, SDKBodyOperationRes)
+)
+
+var (
+	handlerOperationArgsType = reflect.TypeOf((*HandlerOperationArgs)(nil)).Elem()
+	handlerOperationResType  = reflect.TypeOf((*HandlerOperationRes)(nil)).Elem()
+	sdkBodyOperationArgsType = reflect.TypeOf((*SDKBodyOperationArgs)(nil)).Elem()
+	sdkBodyOperationResType  = reflect.TypeOf((*SDKBodyOperationRes)(nil)).Elem()
+)
+
+// ListenedType returns the type a OnHandlerOperationStart event listener
+// listens to, which is the HandlerOperationArgs type.
+func (OnHandlerOperationStart) ListenedType() reflect.Type { return handlerOperationArgsType }
+
+// Call calls the underlying event listener function by performing the
+// type-assertion on v whose type is the one returned by ListenedType().
+func (f OnHandlerOperationStart) Call(op dyngo.Operation, v interface{}) {
+	f(op.(*Operation), v.(HandlerOperationArgs))
+}
+
+// ListenedType returns the type a OnHandlerOperationFinish event listener
+// listens to, which is the HandlerOperationRes type.
+func (OnHandlerOperationFinish) ListenedType() reflect.Type { return handlerOperationResType }
+
+// Call calls the underlying event listener function by performing the
+// type-assertion on v whose type is the one returned by ListenedType().
+func (f OnHandlerOperationFinish) Call(op dyngo.Operation, v interface{}) {
+	f(op.(*Operation), v.(HandlerOperationRes))
+}
+
+// ListenedType returns the type a OnSDKBodyOperationStart event listener
+// listens to, which is the SDKBodyOperationStartArgs type.
+func (OnSDKBodyOperationStart) ListenedType() reflect.Type { return sdkBodyOperationArgsType }
+
+// Call calls the underlying event listener function by performing the
+// type-assertion  on v whose type is the one returned by ListenedType().
+func (f OnSDKBodyOperationStart) Call(op dyngo.Operation, v interface{}) {
+	f(op.(*SDKBodyOperation), v.(SDKBodyOperationArgs))
+}
+
+// ListenedType returns the type a OnSDKBodyOperationFinish event listener
+// listens to, which is the SDKBodyOperationRes type.
+func (OnSDKBodyOperationFinish) ListenedType() reflect.Type { return sdkBodyOperationResType }
+
+// Call calls the underlying event listener function by performing the
+// type-assertion on v whose type is the one returned by ListenedType().
+func (f OnSDKBodyOperationFinish) Call(op dyngo.Operation, v interface{}) {
+	f(op.(*SDKBodyOperation), v.(SDKBodyOperationRes))
+}
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/dyngo/instrumentation/httpsec/tags.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/dyngo/instrumentation/httpsec/tags.go
new file mode 100644
index 000000000..1fa0349eb
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/dyngo/instrumentation/httpsec/tags.go
@@ -0,0 +1,133 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016 Datadog, Inc.
+
+package httpsec
+
+import (
+	"encoding/json"
+	"os"
+	"sort"
+	"strings"
+
+	"gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/dyngo/instrumentation"
+	"gopkg.in/DataDog/dd-trace-go.v1/internal/log"
+
+	"github.com/DataDog/appsec-internal-go/httpsec"
+	"github.com/DataDog/appsec-internal-go/netip"
+)
+
+const (
+	// envClientIPHeader is the name of the env var used to specify the IP header to be used for client IP collection.
+	envClientIPHeader = "DD_TRACE_CLIENT_IP_HEADER"
+)
+
+var (
+	// Default list of IP-related headers leveraged to retrieve the public
+	// client IP address.
+	defaultIPHeaders = []string{
+		"x-forwarded-for",
+		"x-real-ip",
+		"true-client-ip",
+		"x-client-ip",
+		"x-forwarded",
+		"forwarded-for",
+		"x-cluster-client-ip",
+		"fastly-client-ip",
+		"cf-connecting-ip",
+		"cf-connecting-ip6",
+	}
+
+	// Configured list of IP-related headers leveraged to retrieve the public
+	// client IP address. Defined at init-time in the init() function below.
+	monitoredClientIPHeadersCfg []string
+
+	// List of HTTP headers we collect and send.
+	collectedHTTPHeaders = append(defaultIPHeaders,
+		"host",
+		"content-length",
+		"content-type",
+		"content-encoding",
+		"content-language",
+		"forwarded",
+		"via",
+		"user-agent",
+		"accept",
+		"accept-encoding",
+		"accept-language")
+)
+
+func init() {
+	if cfg := os.Getenv(envClientIPHeader); cfg != "" {
+		// Collect this header value too
+		collectedHTTPHeaders = append(collectedHTTPHeaders, cfg)
+		// Set this IP header as the only one to consider for ClientIP()
+		monitoredClientIPHeadersCfg = []string{cfg}
+	} else {
+		monitoredClientIPHeadersCfg = defaultIPHeaders
+	}
+
+	// Ensure the list of headers are sorted for sort.SearchStrings()
+	sort.Strings(collectedHTTPHeaders[:])
+}
+
+// SetSecurityEventsTags sets the AppSec-specific span tags when a security event occurred into the service entry span.
+func SetSecurityEventsTags(span instrumentation.TagSetter, events []json.RawMessage) {
+	if err := instrumentation.SetEventSpanTags(span, events); err != nil {
+		log.Error("appsec: unexpected error while creating the appsec events tags: %v", err)
+	}
+}
+
+func setSecurityEventsTags(span instrumentation.TagSetter, events []json.RawMessage) error {
+	if len(events) == 0 {
+		return nil
+	}
+	return instrumentation.SetEventSpanTags(span, events)
+}
+
+// setRequestHeadersTags sets the AppSec-specific request headers span tags.
+func setRequestHeadersTags(span instrumentation.TagSetter, headers map[string][]string) {
+	setHeadersTags(span, "http.request.headers.", headers)
+}
+
+// setResponseHeadersTags sets the AppSec-specific response headers span tags.
+func setResponseHeadersTags(span instrumentation.TagSetter, headers map[string][]string) {
+	setHeadersTags(span, "http.response.headers.", headers)
+}
+
+// setHeadersTags sets the AppSec-specific headers span tags.
+func setHeadersTags(span instrumentation.TagSetter, tagPrefix string, headers map[string][]string) {
+	for h, v := range NormalizeHTTPHeaders(headers) {
+		span.SetTag(tagPrefix+h, v)
+	}
+}
+
+// NormalizeHTTPHeaders returns the HTTP headers following Datadog's
+// normalization format.
+func NormalizeHTTPHeaders(headers map[string][]string) (normalized map[string]string) {
+	if len(headers) == 0 {
+		return nil
+	}
+	normalized = make(map[string]string)
+	for k, v := range headers {
+		k = strings.ToLower(k)
+		if i := sort.SearchStrings(collectedHTTPHeaders[:], k); i < len(collectedHTTPHeaders) && collectedHTTPHeaders[i] == k {
+			normalized[k] = strings.Join(v, ",")
+		}
+	}
+	if len(normalized) == 0 {
+		return nil
+	}
+	return normalized
+}
+
+// ClientIPTags returns the resulting Datadog span tags `http.client_ip`
+// containing the client IP and `network.client.ip` containing the remote IP.
+// The tags are present only if a valid ip address has been returned by
+// ClientIP().
+func ClientIPTags(headers map[string][]string, hasCanonicalHeaders bool, remoteAddr string) (tags map[string]string, clientIP netip.Addr) {
+	remoteIP, clientIP := httpsec.ClientIP(headers, hasCanonicalHeaders, remoteAddr, monitoredClientIPHeadersCfg)
+	tags = httpsec.ClientIPTags(remoteIP, clientIP)
+	return tags, clientIP
+}
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/dyngo/instrumentation/sharedsec/actions.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/dyngo/instrumentation/sharedsec/actions.go
new file mode 100644
index 000000000..09d84828e
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/dyngo/instrumentation/sharedsec/actions.go
@@ -0,0 +1,135 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2022 Datadog, Inc.
+
+package sharedsec
+
+import (
+	_ "embed" // Blank import
+	"errors"
+	"net/http"
+	"os"
+	"strings"
+
+	"gopkg.in/DataDog/dd-trace-go.v1/internal/log"
+)
+
+// blockedTemplateJSON is the default JSON template used to write responses for blocked requests
+//
+//go:embed blocked-template.json
+var blockedTemplateJSON []byte
+
+// blockedTemplateHTML is the default HTML template used to write responses for blocked requests
+//
+//go:embed blocked-template.html
+var blockedTemplateHTML []byte
+
+const (
+	envBlockedTemplateHTML = "DD_APPSEC_HTTP_BLOCKED_TEMPLATE_HTML"
+	envBlockedTemplateJSON = "DD_APPSEC_HTTP_BLOCKED_TEMPLATE_JSON"
+)
+
+func init() {
+	for env, template := range map[string]*[]byte{envBlockedTemplateJSON: &blockedTemplateJSON, envBlockedTemplateHTML: &blockedTemplateHTML} {
+		if path, ok := os.LookupEnv(env); ok {
+			if t, err := os.ReadFile(path); err != nil {
+				log.Error("Could not read template at %s: %v", path, err)
+			} else {
+				*template = t
+			}
+		}
+
+	}
+}
+
+type (
+	// Action represents a WAF action.
+	// It holds the HTTP and gRPC handlers to be used instead of the regular
+	// request handler when said action is executed.
+	Action struct {
+		http     http.Handler
+		grpc     GRPCWrapper
+		blocking bool
+	}
+
+	// GRPCWrapper is an opaque prototype abstraction for a gRPC handler (to avoid importing grpc)
+	// that takes metadata as input and returns a status code and an error
+	// TODO: rely on strongly typed actions (with the actual grpc types) by introducing WAF constructors
+	//     living in the contrib packages, along with their dependencies - something like `appsec.RegisterWAFConstructor(newGRPCWAF)`
+	//    Such constructors would receive the full appsec config and rules, so that they would be able to build
+	//    specific blocking actions.
+	GRPCWrapper func(map[string][]string) (uint32, error)
+)
+
+// Blocking returns true if the action object represents a request blocking action
+func (a *Action) Blocking() bool {
+	return a.blocking
+}
+
+// NewBlockHandler creates, initializes and returns a new BlockRequestAction
+func NewBlockHandler(status int, template string) http.Handler {
+	htmlHandler := newBlockRequestHandler(status, "text/html", blockedTemplateHTML)
+	jsonHandler := newBlockRequestHandler(status, "application/json", blockedTemplateJSON)
+	switch template {
+	case "json":
+		return jsonHandler
+	case "html":
+		return htmlHandler
+	default:
+		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			h := jsonHandler
+			hdr := r.Header.Get("Accept")
+			htmlIdx := strings.Index(hdr, "text/html")
+			jsonIdx := strings.Index(hdr, "application/json")
+			// Switch to html handler if text/html comes before application/json in the Accept header
+			if htmlIdx != -1 && (jsonIdx == -1 || htmlIdx < jsonIdx) {
+				h = htmlHandler
+			}
+			h.ServeHTTP(w, r)
+		})
+	}
+}
+
+func newBlockRequestHandler(status int, ct string, payload []byte) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("Content-Type", ct)
+		w.WriteHeader(status)
+		w.Write(payload)
+	})
+}
+
+func newGRPCBlockHandler(status int) GRPCWrapper {
+	return func(_ map[string][]string) (uint32, error) {
+		return uint32(status), errors.New("Request blocked")
+	}
+}
+
+// NewBlockRequestAction creates an action for the "block" action type
+func NewBlockRequestAction(httpStatus, grpcStatus int, template string) *Action {
+	return &Action{
+		http:     NewBlockHandler(httpStatus, template),
+		grpc:     newGRPCBlockHandler(grpcStatus),
+		blocking: true,
+	}
+}
+
+// NewRedirectRequestAction creates an action for the "redirect" action type
+func NewRedirectRequestAction(status int, loc string) *Action {
+	return &Action{
+		http: http.RedirectHandler(loc, status),
+		// gRPC is not handled by our SRB RFCs so far
+		// Use the default block handler for now
+		grpc: newGRPCBlockHandler(10),
+	}
+}
+
+// HTTP returns the HTTP handler linked to the action object
+func (a *Action) HTTP() http.Handler {
+	return a.http
+}
+
+// GRPC returns the gRPC handler linked to the action object
+func (a *Action) GRPC() GRPCWrapper {
+	return a.grpc
+}
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/dyngo/instrumentation/sharedsec/blocked-template.html b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/dyngo/instrumentation/sharedsec/blocked-template.html
new file mode 100644
index 000000000..b43edd96d
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/dyngo/instrumentation/sharedsec/blocked-template.html
@@ -0,0 +1 @@
+<!DOCTYPE html><html lang="en"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><title>You've been blocked</title><style>a,body,div,html,span{margin:0;padding:0;border:0;font-size:100%;font:inherit;vertical-align:baseline}body{background:-webkit-radial-gradient(26% 19%,circle,#fff,#f4f7f9);background:radial-gradient(circle at 26% 19%,#fff,#f4f7f9);display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-pack:center;-ms-flex-pack:center;justify-content:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-ms-flex-line-pack:center;align-content:center;width:100%;min-height:100vh;line-height:1;flex-direction:column}p{display:block}main{text-align:center;flex:1;display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-pack:center;-ms-flex-pack:center;justify-content:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-ms-flex-line-pack:center;align-content:center;flex-direction:column}p{font-size:18px;line-height:normal;color:#646464;font-family:sans-serif;font-weight:400}a{color:#4842b7}footer{width:100%;text-align:center}footer p{font-size:16px}</style></head><body><main><p>Sorry, you cannot access this page. Please contact the customer service team.</p></main><footer><p>Security provided by <a href="https://www.datadoghq.com/product/security-platform/application-security-monitoring/" target="_blank">Datadog</a></p></footer></body></html>
\ No newline at end of file
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/dyngo/instrumentation/sharedsec/blocked-template.json b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/dyngo/instrumentation/sharedsec/blocked-template.json
new file mode 100644
index 000000000..885d766c1
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/dyngo/instrumentation/sharedsec/blocked-template.json
@@ -0,0 +1 @@
+{"errors":[{"title":"You've been blocked","detail":"Sorry, you cannot access this page. Please contact the customer service team. Security provided by Datadog."}]}
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/dyngo/instrumentation/sharedsec/shared.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/dyngo/instrumentation/sharedsec/shared.go
new file mode 100644
index 000000000..0a0966a13
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/dyngo/instrumentation/sharedsec/shared.go
@@ -0,0 +1,80 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2023 Datadog, Inc.
+
+package sharedsec
+
+import (
+	"context"
+	"reflect"
+
+	"gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/dyngo"
+	"gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/dyngo/instrumentation"
+	"gopkg.in/DataDog/dd-trace-go.v1/internal/log"
+)
+
+type (
+	// UserIDOperation type representing a call to appsec.SetUser(). It gets both created and destroyed in a single
+	// call to ExecuteUserIDOperation
+	UserIDOperation struct {
+		dyngo.Operation
+	}
+	// UserIDOperationArgs is the user ID operation arguments.
+	UserIDOperationArgs struct {
+		UserID string
+	}
+	// UserIDOperationRes is the user ID operation results.
+	UserIDOperationRes struct{}
+
+	// OnUserIDOperationStart function type, called when a user ID
+	// operation starts.
+	OnUserIDOperationStart func(operation *UserIDOperation, args UserIDOperationArgs)
+)
+
+var userIDOperationArgsType = reflect.TypeOf((*UserIDOperationArgs)(nil)).Elem()
+
+// ExecuteUserIDOperation starts and finishes the UserID operation by emitting a dyngo start and finish events
+// An error is returned if the user associated to that operation must be blocked
+func ExecuteUserIDOperation(parent dyngo.Operation, args UserIDOperationArgs) error {
+	var err error
+	op := &UserIDOperation{Operation: dyngo.NewOperation(parent)}
+	OnErrorData(op, func(e error) {
+		err = e
+	})
+	dyngo.StartOperation(op, args)
+	dyngo.FinishOperation(op, UserIDOperationRes{})
+	return err
+}
+
+// ListenedType returns the type a OnUserIDOperationStart event listener
+// listens to, which is the UserIDOperationStartArgs type.
+func (OnUserIDOperationStart) ListenedType() reflect.Type { return userIDOperationArgsType }
+
+// Call the underlying event listener function by performing the type-assertion
+// on v whose type is the one returned by ListenedType().
+func (f OnUserIDOperationStart) Call(op dyngo.Operation, v interface{}) {
+	f(op.(*UserIDOperation), v.(UserIDOperationArgs))
+}
+
+// MonitorUser starts and finishes a UserID operation.
+// A call to the WAF is made to check the user ID and an error is returned if the
+// user should be blocked. The return value is nil otherwise.
+func MonitorUser(ctx context.Context, userID string) error {
+	if parent, ok := ctx.Value(instrumentation.ContextKey{}).(dyngo.Operation); ok {
+		return ExecuteUserIDOperation(parent, UserIDOperationArgs{UserID: userID})
+	}
+	log.Error("appsec: user ID monitoring ignored: could not find the http handler instrumentation metadata in the request context: the request handler is not being monitored by a middleware function or the provided context is not the expected request context")
+	return nil
+
+}
+
+// OnData is a facilitator that wraps a dyngo.Operation.OnData() call
+func OnData[T any](op dyngo.Operation, f func(T)) {
+	op.OnData(dyngo.NewDataListener(f))
+}
+
+// OnErrorData is a facilitator that wraps a dyngo.Operation.OnData() call with an error type constraint
+func OnErrorData[T error](op dyngo.Operation, f func(T)) {
+	op.OnData(dyngo.NewDataListener(f))
+}
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/dyngo/operation.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/dyngo/operation.go
new file mode 100644
index 000000000..d45492d22
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/dyngo/operation.go
@@ -0,0 +1,353 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016 Datadog, Inc.
+
+// Package dyngo is the Go implementation of Datadog's Instrumentation Gateway
+// which provides an event-based instrumentation API based on a stack
+// representation of instrumented functions along with nested event listeners.
+// It allows to both correlate passed and future function calls in order to
+// react and monitor specific function call scenarios, while keeping the
+// monitoring state local to the monitoring logic thanks to nested Go function
+// closures.
+// dyngo is not intended to be directly used and should be instead wrapped
+// behind statically and strongly typed wrapper types. Indeed, dyngo is a
+// generic implementation relying on empty interface values (values of type
+// `interface{}`) and using it directly can be error-prone due to the lack of
+// compile-time type-checking. For example, AppSec provides the package
+// `httpsec`, built on top of dyngo, as its HTTP instrumentation API and which
+// defines the abstract HTTP operation representation expected by the AppSec
+// monitoring.
+package dyngo
+
+import (
+	"reflect"
+	"sync"
+
+	"gopkg.in/DataDog/dd-trace-go.v1/internal/log"
+
+	"go.uber.org/atomic"
+)
+
+// Operation interface type allowing to register event listeners to the
+// operation. The event listeners will be automatically removed from the
+// operation once it finishes so that it no longer can be called on finished
+// operations.
+type Operation interface {
+	// On allows to register an event listener to the operation. The event
+	// listener will be removed from the operation once it finishes.
+	On(EventListener)
+
+	// OnData allows to register a data listener to the operation
+	OnData(DataListener)
+
+	// EmitData sends data to the data listeners of the operation
+	EmitData(any)
+
+	// Parent return the parent operation. It returns nil for the root
+	// operation.
+	Parent() Operation
+
+	// emitEvent emits the event to listeners of the given argsType and calls
+	// them with the given op and v values.
+	// emitEvent is a private method implemented by the operation struct type so
+	// that no other package can define it.
+	emitEvent(argsType reflect.Type, op Operation, v interface{})
+
+	emitData(argsType reflect.Type, v any)
+
+	// add the given event listeners to the operation.
+	// add is a private method implemented by the operation struct type so
+	// that no other package can define it.
+	add(...EventListener)
+
+	// finish the operation. This method allows to pass the operation value to
+	// use to emit the finish event.
+	// finish is a private method implemented by the operation struct type so
+	// that no other package can define it.
+	finish(op Operation, results interface{})
+}
+
+// EventListener interface allowing to identify the Go type listened to and
+// dispatch calls to the underlying event listener function.
+type EventListener interface {
+	// ListenedType returns the Go type the event listener listens to.
+	ListenedType() reflect.Type
+	// Call the underlying event listener function. The type of the value v
+	// is the type the event listener listens to, according to the type
+	// returned by ListenedType().
+	Call(op Operation, v interface{})
+}
+
+// Atomic *Operation so we can atomically read or swap it.
+var rootOperation atomic.Pointer[Operation]
+
+// SwapRootOperation allows to atomically swap the current root operation with
+// the given new one. Concurrent uses of the old root operation on already
+// existing and running operation are still valid.
+func SwapRootOperation(new Operation) {
+	rootOperation.Swap(&new)
+	// Note: calling FinishOperation(old) could result into mem leaks because
+	// some finish event listeners, possibly releasing memory and resources,
+	// wouldn't be called anymore (because finish() disables the operation and
+	// removes the event listeners).
+}
+
+// operation structure allowing to subscribe to operation events and to
+// navigate in the operation stack. Events
+// bubble-up the operation stack, which allows listening to future events that
+// might happen in the operation lifetime.
+type operation struct {
+	parent Operation
+	eventRegister
+	dataBroadcaster
+
+	disabled bool
+	mu       sync.RWMutex
+}
+
+// NewRootOperation creates and returns a new root operation, with no parent
+// operation. Root operations are meant to be the top-level operation of an
+// operation stack, therefore receiving all the operation events. It allows to
+// prepare a new set of event listeners, to then atomically swap it with the
+// current one.
+func NewRootOperation() Operation {
+	return newOperation(nil)
+}
+
+// NewOperation creates and returns a new operation. It must be started by calling
+// StartOperation, and finished by calling FinishOperation. The returned
+// operation should be used in wrapper types to provide statically typed start
+// and finish functions. The following example shows how to wrap an operation
+// so that its functions are statically typed (instead of dyngo's interface{}
+// values):
+//
+//	package mypackage
+//	import "dyngo"
+//	type (
+//	  MyOperation struct {
+//	    dyngo.Operation
+//	  }
+//	  MyOperationArgs { /* ... */ }
+//	  MyOperationRes { /* ... */ }
+//	)
+//	func StartOperation(args MyOperationArgs, parent dyngo.Operation) MyOperation {
+//	  op := MyOperation{Operation: dyngo.NewOperation(parent)}
+//	  dyngo.StartOperation(op, args)
+//	  return op
+//	}
+//	func (op MyOperation) Finish(res MyOperationRes) {
+//	    dyngo.FinishOperation(op, res)
+//	  }
+func NewOperation(parent Operation) Operation {
+	if parent == nil {
+		if root := rootOperation.Load(); root != nil {
+			parent = *root
+		}
+	}
+	return newOperation(parent)
+}
+
+// StartOperation starts a new operation along with its arguments and emits a
+// start event with the operation arguments.
+func StartOperation(op Operation, args interface{}) {
+	argsType := reflect.TypeOf(args)
+	// Bubble-up the start event starting from the parent operation as you can't
+	// listen for your own start event
+	for current := op.Parent(); current != nil; current = current.Parent() {
+		current.emitEvent(argsType, op, args)
+	}
+}
+
+func newOperation(parent Operation) *operation {
+	return &operation{parent: parent}
+}
+
+// Parent return the parent operation. It returns nil for the root operation.
+func (o *operation) Parent() Operation {
+	return o.parent
+}
+
+// FinishOperation finishes the operation along with its results and emits a
+// finish event with the operation results.
+// The operation is then disabled and its event listeners removed.
+func FinishOperation(op Operation, results interface{}) {
+	op.finish(op, results)
+}
+
+func (o *operation) finish(op Operation, results interface{}) {
+	// Defer the call to o.disable() first so that the RWMutex gets unlocked first
+	defer o.disable()
+	o.mu.RLock()
+	defer o.mu.RUnlock() // Deferred and stacked on top of the previously deferred call to o.disable()
+	if o.disabled {
+		return
+	}
+	resType := reflect.TypeOf(results)
+	for current := op; current != nil; current = current.Parent() {
+		current.emitEvent(resType, op, results)
+	}
+}
+
+// Disable the operation and remove all its event listeners.
+func (o *operation) disable() {
+	o.mu.Lock()
+	defer o.mu.Unlock()
+	if o.disabled {
+		return
+	}
+	o.disabled = true
+	o.eventRegister.clear()
+}
+
+// Add the given event listeners to the operation.
+func (o *operation) add(l ...EventListener) {
+	o.mu.RLock()
+	defer o.mu.RUnlock()
+	if o.disabled {
+		return
+	}
+	for _, l := range l {
+		if l == nil {
+			continue
+		}
+		key := l.ListenedType()
+		o.eventRegister.add(key, l)
+	}
+}
+
+// On registers the event listener. The difference with the Register() is that
+// it doesn't return a function closure, which avoids unnecessary allocations
+// For example:
+//
+//	op.On(MyOperationStart(func (op MyOperation, args MyOperationArgs) {
+//	    // ...
+//	}))
+func (o *operation) On(l EventListener) {
+	o.mu.RLock()
+	defer o.mu.RUnlock()
+	if o.disabled {
+		return
+	}
+	o.eventRegister.add(l.ListenedType(), l)
+}
+
+func (o *operation) OnData(l DataListener) {
+	o.mu.RLock()
+	defer o.mu.RUnlock()
+	if o.disabled {
+		return
+	}
+	o.dataBroadcaster.add(l.ListenedType(), l)
+}
+
+func (o *operation) EmitData(data any) {
+	o.mu.RLock()
+	defer o.mu.RUnlock()
+	if o.disabled {
+		return
+	}
+	// Bubble up the data to the stack of operations. Contrary to events,
+	// we also send the data to ourselves since SDK operations are leaf operations
+	// that both emit and listen for data (errors).
+	for current := Operation(o); current != nil; current = current.Parent() {
+		current.emitData(reflect.TypeOf(data), data)
+	}
+}
+
+type (
+	// eventRegister implements a thread-safe list of event listeners.
+	eventRegister struct {
+		mu        sync.RWMutex
+		listeners eventListenerMap
+	}
+
+	// eventListenerMap is the map of event listeners. The list of listeners are
+	// indexed by the operation argument or result type the event listener
+	// expects.
+	eventListenerMap map[reflect.Type][]EventListener
+
+	dataBroadcaster struct {
+		mu        sync.RWMutex
+		listeners dataListenerMap
+	}
+
+	dataListenerSpec[T any] func(data T)
+	DataListener            EventListener
+	dataListenerMap         map[reflect.Type][]DataListener
+)
+
+func (l dataListenerSpec[T]) Call(_ Operation, v interface{}) {
+	l(v.(T))
+}
+
+func (l dataListenerSpec[T]) ListenedType() reflect.Type {
+	return reflect.TypeOf((*T)(nil)).Elem()
+}
+
+// NewDataListener creates a specialized generic data listener, wrapped under a DataListener interface
+func NewDataListener[T any](f func(data T)) DataListener {
+	return dataListenerSpec[T](f)
+}
+
+func (b *dataBroadcaster) add(key reflect.Type, l DataListener) {
+	b.mu.Lock()
+	defer b.mu.Unlock()
+
+	if b.listeners == nil {
+		b.listeners = make(dataListenerMap)
+	}
+	b.listeners[key] = append(b.listeners[key], l)
+
+}
+
+func (b *dataBroadcaster) clear() {
+	b.mu.Lock()
+	defer b.mu.Unlock()
+	b.listeners = nil
+}
+
+func (b *dataBroadcaster) emitData(key reflect.Type, v any) {
+	defer func() {
+		if r := recover(); r != nil {
+			log.Error("appsec: recovered from an unexpected panic from an event listener: %+v", r)
+		}
+	}()
+	b.mu.RLock()
+	defer b.mu.RUnlock()
+	for t := range b.listeners {
+		if key == t || key.Implements(t) {
+			for _, listener := range b.listeners[t] {
+				listener.Call(nil, v)
+			}
+		}
+	}
+}
+
+func (r *eventRegister) add(key reflect.Type, l EventListener) {
+	r.mu.Lock()
+	defer r.mu.Unlock()
+	if r.listeners == nil {
+		r.listeners = make(eventListenerMap)
+	}
+	r.listeners[key] = append(r.listeners[key], l)
+}
+
+func (r *eventRegister) clear() {
+	r.mu.Lock()
+	defer r.mu.Unlock()
+	r.listeners = nil
+}
+
+func (r *eventRegister) emitEvent(key reflect.Type, op Operation, v interface{}) {
+	defer func() {
+		if r := recover(); r != nil {
+			log.Error("appsec: recovered from an unexpected panic from an event listener: %+v", r)
+		}
+	}()
+	r.mu.RLock()
+	defer r.mu.RUnlock()
+	for _, listener := range r.listeners[key] {
+		listener.Call(op, v)
+	}
+}
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/limiter.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/limiter.go
new file mode 100644
index 000000000..c022ecfc6
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/limiter.go
@@ -0,0 +1,143 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2022 Datadog, Inc.
+
+//go:build appsec
+// +build appsec
+
+package appsec
+
+import (
+	"sync/atomic"
+	"time"
+)
+
+// Limiter is used to abstract the rate limiter implementation to only expose the needed function for rate limiting.
+// This is for example useful for testing, allowing us to use a modified rate limiter tuned for testing through the same
+// interface.
+type Limiter interface {
+	Allow() bool
+}
+
+// TokenTicker is a thread-safe and lock-free rate limiter based on a token bucket.
+// The idea is to have a goroutine that will update  the bucket with fresh tokens at regular intervals using a time.Ticker.
+// The advantage of using a goroutine here is  that the implementation becomes easily thread-safe using a few
+// atomic operations with little overhead overall. TokenTicker.Start() *should* be called before the first call to
+// TokenTicker.Allow() and TokenTicker.Stop() *must* be called once done using. Note that calling TokenTicker.Allow()
+// before TokenTicker.Start() is valid, but it means the bucket won't be refilling until the call to TokenTicker.Start() is made
+type TokenTicker struct {
+	tokens    int64
+	maxTokens int64
+	ticker    *time.Ticker
+	stopChan  chan struct{}
+}
+
+// NewTokenTicker is a utility function that allocates a token ticker, initializes necessary fields and returns it
+func NewTokenTicker(tokens, maxTokens int64) *TokenTicker {
+	return &TokenTicker{
+		tokens:    tokens,
+		maxTokens: maxTokens,
+	}
+}
+
+// updateBucket performs a select loop to update the token amount in the bucket.
+// Used in a goroutine by the rate limiter.
+func (t *TokenTicker) updateBucket(ticksChan <-chan time.Time, startTime time.Time, syncChan chan struct{}) {
+	nsPerToken := time.Second.Nanoseconds() / t.maxTokens
+	elapsedNs := int64(0)
+	prevStamp := startTime
+
+	for {
+		select {
+		case <-t.stopChan:
+			if syncChan != nil {
+				close(syncChan)
+			}
+			return
+		case stamp := <-ticksChan:
+			// Compute the time in nanoseconds that passed between the previous timestamp and this one
+			// This will be used to know how many tokens can be added into the bucket depending on the limiter rate
+			elapsedNs += stamp.Sub(prevStamp).Nanoseconds()
+			if elapsedNs > t.maxTokens*nsPerToken {
+				elapsedNs = t.maxTokens * nsPerToken
+			}
+			prevStamp = stamp
+			// Update the number of tokens in the bucket if enough nanoseconds have passed
+			if elapsedNs >= nsPerToken {
+				// Atomic spin lock to make sure we don't race for `t.tokens`
+				for {
+					tokens := atomic.LoadInt64(&t.tokens)
+					if tokens == t.maxTokens {
+						break // Bucket is already full, nothing to do
+					}
+					inc := elapsedNs / nsPerToken
+					// Make sure not to add more tokens than we are allowed to into the bucket
+					if tokens+inc > t.maxTokens {
+						inc -= (tokens + inc) % t.maxTokens
+					}
+					if atomic.CompareAndSwapInt64(&t.tokens, tokens, tokens+inc) {
+						// Keep track of remaining elapsed ns that were not taken into account for this computation,
+						// so that increment computation remains precise over time
+						elapsedNs = elapsedNs % nsPerToken
+						break
+					}
+				}
+			}
+			// Sync channel used to signify that the goroutine is done updating the bucket. Used for tests to guarantee
+			// that the goroutine ticked at least once.
+			if syncChan != nil {
+				syncChan <- struct{}{}
+			}
+		}
+	}
+}
+
+// Start starts the ticker and launches the goroutine responsible for updating the token bucket.
+// The ticker is set to tick at a fixed rate of 500us.
+func (t *TokenTicker) Start() {
+	timeNow := time.Now()
+	t.ticker = time.NewTicker(500 * time.Microsecond)
+	t.start(t.ticker.C, timeNow, false)
+}
+
+// start is used for internal testing. Controlling the ticker means being able to test per-tick
+// rather than per-duration, which is more reliable if the app is under a lot of stress.
+// sync is used to decide whether the limiter should create a channel for synchronization with the testing app after a
+// bucket update. The limiter is in charge of closing the channel in this case.
+func (t *TokenTicker) start(ticksChan <-chan time.Time, startTime time.Time, sync bool) <-chan struct{} {
+	t.stopChan = make(chan struct{})
+	var syncChan chan struct{}
+
+	if sync {
+		syncChan = make(chan struct{})
+	}
+	go t.updateBucket(ticksChan, startTime, syncChan)
+	return syncChan
+}
+
+// Stop shuts down the rate limiter, taking care stopping the ticker and closing all channels
+func (t *TokenTicker) Stop() {
+	// Stop the ticker only if it has been instantiated (not the case when testing by calling start() directly)
+	if t.ticker != nil {
+		t.ticker.Stop()
+	}
+	// Close the stop channel only if it has been created. This covers the case where Stop() is called without any prior
+	// call to Start()
+	if t.stopChan != nil {
+		close(t.stopChan)
+	}
+}
+
+// Allow checks and returns whether a token can be retrieved from the bucket and consumed.
+// Thread-safe.
+func (t *TokenTicker) Allow() bool {
+	for {
+		tokens := atomic.LoadInt64(&t.tokens)
+		if tokens == 0 {
+			return false
+		} else if atomic.CompareAndSwapInt64(&t.tokens, tokens, tokens-1) {
+			return true
+		}
+	}
+}
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/remoteconfig.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/remoteconfig.go
new file mode 100644
index 000000000..23a116299
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/remoteconfig.go
@@ -0,0 +1,381 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2022 Datadog, Inc.
+
+//go:build appsec
+// +build appsec
+
+package appsec
+
+import (
+	"encoding/json"
+	"errors"
+	"fmt"
+	"os"
+
+	"gopkg.in/DataDog/dd-trace-go.v1/internal/log"
+	"gopkg.in/DataDog/dd-trace-go.v1/internal/remoteconfig"
+
+	rc "github.com/DataDog/datadog-agent/pkg/remoteconfig/state"
+)
+
+func genApplyStatus(ack bool, err error) rc.ApplyStatus {
+	status := rc.ApplyStatus{
+		State: rc.ApplyStateUnacknowledged,
+	}
+	if err != nil {
+		status.State = rc.ApplyStateError
+		status.Error = err.Error()
+	} else if ack {
+		status.State = rc.ApplyStateAcknowledged
+	}
+
+	return status
+}
+
+func statusesFromUpdate(u remoteconfig.ProductUpdate, ack bool, err error) map[string]rc.ApplyStatus {
+	statuses := make(map[string]rc.ApplyStatus, len(u))
+	for path := range u {
+		statuses[path] = genApplyStatus(ack, err)
+	}
+	return statuses
+}
+
+func mergeMaps[K comparable, V any](m1 map[K]V, m2 map[K]V) map[K]V {
+	for key, value := range m2 {
+		m1[key] = value
+	}
+	return m1
+}
+
+// combineRCRulesUpdates updates the state of the given rulesManager with the combination of all the provided rules updates
+func combineRCRulesUpdates(r *rulesManager, updates map[string]remoteconfig.ProductUpdate) (map[string]rc.ApplyStatus, error) {
+	statuses := map[string]rc.ApplyStatus{}
+	// Set the default statuses for all updates to unacknowledged
+	for _, u := range updates {
+		statuses = mergeMaps(statuses, statusesFromUpdate(u, false, nil))
+	}
+	var err error
+updateLoop:
+	// Process rules related updates
+	for p, u := range updates {
+		if u != nil && len(u) == 0 {
+			continue
+		}
+		switch p {
+		case rc.ProductASMData:
+			// Merge all rules data entries together and store them as a rulesManager edit entry
+			rulesData, status := mergeRulesData(u)
+			statuses = mergeMaps(statuses, status)
+			r.addEdit("asmdata", rulesFragment{RulesData: rulesData})
+		case rc.ProductASMDD:
+			// Switch the base rules of the rulesManager if the config received through ASM_DD is valid
+			// If the config was removed, switch back to the static recommended rules
+			if len(u) > 1 { // Don't process configs if more than one is received for ASM_DD
+				log.Debug("appsec: Remote config: more than one config received for ASM_DD. Updates won't be applied")
+				err = errors.New("More than one config received for ASM_DD")
+				statuses = mergeMaps(statuses, statusesFromUpdate(u, true, err))
+				break updateLoop
+			}
+			for path, data := range u {
+				if data == nil {
+					log.Debug("appsec: Remote config: ASM_DD config removed. Switching back to default rules")
+					r.changeBase(defaultRulesFragment(), "")
+					break
+				}
+				var newBase rulesFragment
+				if err = json.Unmarshal(data, &newBase); err != nil {
+					log.Debug("appsec: Remote config: could not unmarshall ASM_DD rules: %v", err)
+					statuses[path] = genApplyStatus(true, err)
+					break updateLoop
+				}
+				log.Debug("appsec: Remote config: switching to %s as the base rules file", path)
+				r.changeBase(newBase, path)
+			}
+		case rc.ProductASM:
+			// Store each config received through ASM as an edit entry in the rulesManager
+			// Those entries will get merged together when the final rules are compiled
+			// If a config gets removed, the rulesManager edit entry gets removed as well
+			for path, data := range u {
+				log.Debug("appsec: Remote config: processing the %s ASM config", path)
+				if data == nil {
+					log.Debug("appsec: Remote config: ASM config %s was removed", path)
+					r.removeEdit(path)
+					continue
+				}
+				var f rulesFragment
+				if err = json.Unmarshal(data, &f); err != nil {
+					log.Debug("appsec: Remote config: error processing ASM config %s: %v", path, err)
+					statuses[path] = genApplyStatus(true, err)
+					break updateLoop
+				}
+				r.addEdit(path, f)
+			}
+		default:
+			log.Debug("appsec: Remote config: ignoring unsubscribed product %s", p)
+		}
+	}
+
+	// Set all statuses to ack if no error occured
+	if err == nil {
+		for _, u := range updates {
+			statuses = mergeMaps(statuses, statusesFromUpdate(u, true, nil))
+		}
+	}
+
+	return statuses, err
+
+}
+
+// onRemoteActivation is the RC callback called when an update is received for ASM_FEATURES
+func (a *appsec) onRemoteActivation(updates map[string]remoteconfig.ProductUpdate) map[string]rc.ApplyStatus {
+	statuses := map[string]rc.ApplyStatus{}
+	if u, ok := updates[rc.ProductASMFeatures]; ok {
+		statuses = a.handleASMFeatures(u)
+	}
+	return statuses
+
+}
+
+// onRCRulesUpdate is the RC callback called when security rules related RC updates are available
+func (a *appsec) onRCRulesUpdate(updates map[string]remoteconfig.ProductUpdate) map[string]rc.ApplyStatus {
+	// If appsec was deactivated through RC, stop here
+	if !a.started {
+		return map[string]rc.ApplyStatus{}
+	}
+
+	// Create a new local rulesManager
+	r := a.cfg.rulesManager.clone()
+	statuses, err := combineRCRulesUpdates(r, updates)
+	if err != nil {
+		log.Debug("appsec: Remote config: not applying any updates because of error: %v", err)
+		return statuses
+	}
+
+	// Compile the final rules once all updates have been processed and no error occurred
+	r.compile()
+	log.Debug("appsec: Remote config: final compiled rules: %s", r)
+
+	// If an error occurs while updating the WAF handle, don't swap the rulesManager and propagate the error
+	// to all config statuses since we can't know which config is the faulty one
+	if err = a.swapWAF(r.latest); err != nil {
+		log.Error("appsec: Remote config: could not apply the new security rules: %v", err)
+		for k := range statuses {
+			statuses[k] = genApplyStatus(true, err)
+		}
+	} else {
+		// Replace the rulesManager with the new one holding the new state
+		a.cfg.rulesManager = r
+	}
+	return statuses
+}
+
+// handleASMFeatures deserializes an ASM_FEATURES configuration received through remote config
+// and starts/stops appsec accordingly.
+func (a *appsec) handleASMFeatures(u remoteconfig.ProductUpdate) map[string]rc.ApplyStatus {
+	statuses := statusesFromUpdate(u, false, nil)
+	if l := len(u); l > 1 {
+		log.Error("appsec: Remote config: %d configs received for ASM_FEATURES. Expected one at most, returning early", l)
+		return statuses
+	}
+	for path, raw := range u {
+		var data rc.ASMFeaturesData
+		status := rc.ApplyStatus{State: rc.ApplyStateAcknowledged}
+		var err error
+		log.Debug("appsec: Remote config: processing %s", path)
+
+		// A nil config means ASM was disabled, and we stopped receiving the config file
+		// Don't ack the config in this case and return early
+		if raw == nil {
+			log.Debug("appsec: Remote config: Stopping AppSec")
+			a.stop()
+			return statuses
+		}
+		if err = json.Unmarshal(raw, &data); err != nil {
+			log.Error("appsec: Remote config: error while unmarshalling %s: %v. Configuration won't be applied.", path, err)
+		} else if data.ASM.Enabled && !a.started {
+			log.Debug("appsec: Remote config: Starting AppSec")
+			if err = a.start(); err != nil {
+				log.Error("appsec: Remote config: error while processing %s. Configuration won't be applied: %v", path, err)
+			}
+		} else if !data.ASM.Enabled && a.started {
+			log.Debug("appsec: Remote config: Stopping AppSec")
+			a.stop()
+		}
+		if err != nil {
+			status = genApplyStatus(false, err)
+		}
+		statuses[path] = status
+	}
+
+	return statuses
+}
+
+func mergeRulesData(u remoteconfig.ProductUpdate) ([]ruleDataEntry, map[string]rc.ApplyStatus) {
+	// Following the RFC, merging should only happen when two rules data with the same ID and same Type are received
+	// allRulesData[ID][Type] will return the rules data of said id and type, if it exists
+	allRulesData := make(map[string]map[string]ruleDataEntry)
+	statuses := statusesFromUpdate(u, true, nil)
+
+	for path, raw := range u {
+		log.Debug("appsec: Remote config: processing %s", path)
+
+		// A nil config means ASM_DATA was disabled, and we stopped receiving the config file
+		// Don't ack the config in this case
+		if raw == nil {
+			log.Debug("appsec: remote config: %s disabled", path)
+			statuses[path] = genApplyStatus(false, nil)
+			continue
+		}
+
+		var rulesData rulesData
+		if err := json.Unmarshal(raw, &rulesData); err != nil {
+			log.Debug("appsec: Remote config: error while unmarshalling payload for %s: %v. Configuration won't be applied.", path, err)
+			statuses[path] = genApplyStatus(false, err)
+			continue
+		}
+
+		// Check each entry against allRulesData to see if merging is necessary
+		for _, ruleData := range rulesData.RulesData {
+			if allRulesData[ruleData.ID] == nil {
+				allRulesData[ruleData.ID] = make(map[string]ruleDataEntry)
+			}
+			if data, ok := allRulesData[ruleData.ID][ruleData.Type]; ok {
+				// Merge rules data entries with the same ID and Type
+				data.Data = mergeRulesDataEntries(data.Data, ruleData.Data)
+				allRulesData[ruleData.ID][ruleData.Type] = data
+			} else {
+				allRulesData[ruleData.ID][ruleData.Type] = ruleData
+			}
+		}
+	}
+
+	// Aggregate all the rules data before passing it over to the WAF
+	var rulesData []ruleDataEntry
+	for _, m := range allRulesData {
+		for _, data := range m {
+			rulesData = append(rulesData, data)
+		}
+	}
+	return rulesData, statuses
+}
+
+// mergeRulesDataEntries merges two slices of rules data entries together, removing duplicates and
+// only keeping the longest expiration values for similar entries.
+func mergeRulesDataEntries(entries1, entries2 []rc.ASMDataRuleDataEntry) []rc.ASMDataRuleDataEntry {
+	mergeMap := map[string]int64{}
+
+	for _, entry := range entries1 {
+		mergeMap[entry.Value] = entry.Expiration
+	}
+	// Replace the entry only if the new expiration timestamp goes later than the current one
+	// If no expiration timestamp was provided (default to 0), then the data doesn't expire
+	for _, entry := range entries2 {
+		if exp, ok := mergeMap[entry.Value]; !ok || entry.Expiration == 0 || entry.Expiration > exp {
+			mergeMap[entry.Value] = entry.Expiration
+		}
+	}
+	// Create the final slice and return it
+	entries := make([]rc.ASMDataRuleDataEntry, 0, len(mergeMap))
+	for val, exp := range mergeMap {
+		entries = append(entries, rc.ASMDataRuleDataEntry{
+			Value:      val,
+			Expiration: exp,
+		})
+	}
+	return entries
+}
+
+func (a *appsec) startRC() {
+	if a.rc != nil {
+		a.rc.Start()
+	}
+}
+
+func (a *appsec) stopRC() {
+	if a.rc != nil {
+		a.rc.Stop()
+	}
+}
+
+func (a *appsec) registerRCProduct(p string) error {
+	if a.rc == nil {
+		return fmt.Errorf("no valid remote configuration client")
+	}
+	a.cfg.rc.Products[p] = struct{}{}
+	a.rc.RegisterProduct(p)
+	return nil
+}
+
+func (a *appsec) unregisterRCProduct(p string) error {
+	if a.rc == nil {
+		return fmt.Errorf("no valid remote configuration client")
+	}
+	delete(a.cfg.rc.Products, p)
+	a.rc.UnregisterProduct(p)
+	return nil
+}
+
+func (a *appsec) registerRCCapability(c remoteconfig.Capability) error {
+	a.cfg.rc.Capabilities[c] = struct{}{}
+	if a.rc == nil {
+		return fmt.Errorf("no valid remote configuration client")
+	}
+	a.rc.RegisterCapability(c)
+	return nil
+}
+
+func (a *appsec) unregisterRCCapability(c remoteconfig.Capability) {
+	if a.rc == nil {
+		log.Debug("appsec: Remote config: no valid remote configuration client")
+		return
+	}
+	delete(a.cfg.rc.Capabilities, c)
+	a.rc.UnregisterCapability(c)
+}
+
+func (a *appsec) enableRemoteActivation() error {
+	if a.rc == nil {
+		return fmt.Errorf("no valid remote configuration client")
+	}
+	a.registerRCProduct(rc.ProductASMFeatures)
+	a.registerRCCapability(remoteconfig.ASMActivation)
+	a.rc.RegisterCallback(a.onRemoteActivation)
+	return nil
+}
+
+func (a *appsec) enableRCBlocking() {
+	if a.rc == nil {
+		log.Debug("appsec: Remote config: no valid remote configuration client")
+		return
+	}
+
+	a.registerRCProduct(rc.ProductASM)
+	a.registerRCProduct(rc.ProductASMDD)
+	a.registerRCProduct(rc.ProductASMData)
+	a.rc.RegisterCallback(a.onRCRulesUpdate)
+
+	if _, isSet := os.LookupEnv(rulesEnvVar); !isSet {
+		a.registerRCCapability(remoteconfig.ASMUserBlocking)
+		a.registerRCCapability(remoteconfig.ASMRequestBlocking)
+		a.registerRCCapability(remoteconfig.ASMIPBlocking)
+		a.registerRCCapability(remoteconfig.ASMDDRules)
+		a.registerRCCapability(remoteconfig.ASMExclusions)
+		a.registerRCCapability(remoteconfig.ASMCustomRules)
+		a.registerRCCapability(remoteconfig.ASMCustomBlockingResponse)
+	}
+}
+
+func (a *appsec) disableRCBlocking() {
+	if a.rc == nil {
+		return
+	}
+	a.unregisterRCCapability(remoteconfig.ASMDDRules)
+	a.unregisterRCCapability(remoteconfig.ASMExclusions)
+	a.unregisterRCCapability(remoteconfig.ASMIPBlocking)
+	a.unregisterRCCapability(remoteconfig.ASMRequestBlocking)
+	a.unregisterRCCapability(remoteconfig.ASMUserBlocking)
+	a.unregisterRCCapability(remoteconfig.ASMCustomRules)
+	a.rc.UnregisterCallback(a.onRCRulesUpdate)
+}
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/rules.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/rules.go
new file mode 100644
index 000000000..f34e2a49a
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/rules.go
@@ -0,0 +1,17 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016 Datadog, Inc.
+
+//go:build appsec
+// +build appsec
+
+package appsec
+
+import _ "embed"
+
+// Static recommended AppSec rule 1.7.1
+// Source: https://github.com/DataDog/appsec-event-rules/blob/1.7.1/build/recommended.json
+//
+//go:embed rules.json
+var staticRecommendedRules string
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/rules.json b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/rules.json
new file mode 100644
index 000000000..ba65c5cf5
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/rules.json
@@ -0,0 +1,7079 @@
+{
+  "version": "2.2",
+  "metadata": {
+    "rules_version": "1.7.1"
+  },
+  "rules": [
+    {
+      "id": "blk-001-001",
+      "name": "Block IP Addresses",
+      "tags": {
+        "type": "block_ip",
+        "category": "security_response"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "http.client_ip"
+              }
+            ],
+            "data": "blocked_ips"
+          },
+          "operator": "ip_match"
+        }
+      ],
+      "transformers": [],
+      "on_match": [
+        "block"
+      ]
+    },
+    {
+      "id": "blk-001-002",
+      "name": "Block User Addresses",
+      "tags": {
+        "type": "block_user",
+        "category": "security_response"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "usr.id"
+              }
+            ],
+            "data": "blocked_users"
+          },
+          "operator": "exact_match"
+        }
+      ],
+      "transformers": [],
+      "on_match": [
+        "block"
+      ]
+    },
+    {
+      "id": "crs-913-110",
+      "name": "Acunetix",
+      "tags": {
+        "type": "commercial_scanner",
+        "crs_id": "913110",
+        "category": "attack_attempt",
+        "tool_name": "Acunetix",
+        "confidence": "0"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.headers.no_cookies"
+              }
+            ],
+            "list": [
+              "acunetix-product",
+              "(acunetix web vulnerability scanner",
+              "acunetix-scanning-agreement",
+              "acunetix-user-agreement",
+              "md5(acunetix_wvs_security_test)"
+            ]
+          },
+          "operator": "phrase_match"
+        }
+      ],
+      "transformers": [
+        "lowercase"
+      ]
+    },
+    {
+      "id": "crs-913-120",
+      "name": "Known security scanner filename/argument",
+      "tags": {
+        "type": "security_scanner",
+        "crs_id": "913120",
+        "category": "attack_attempt",
+        "confidence": "1"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.query"
+              },
+              {
+                "address": "server.request.body"
+              },
+              {
+                "address": "server.request.path_params"
+              }
+            ],
+            "list": [
+              "/.adsensepostnottherenonobook",
+              "/<invalid>hello.html",
+              "/actsensepostnottherenonotive",
+              "/acunetix-wvs-test-for-some-inexistent-file",
+              "/antidisestablishmentarianism",
+              "/appscan_fingerprint/mac_address",
+              "/arachni-",
+              "/cybercop",
+              "/nessus_is_probing_you_",
+              "/nessustest",
+              "/netsparker-",
+              "/rfiinc.txt",
+              "/thereisnowaythat-you-canbethere",
+              "/w3af/remotefileinclude.html",
+              "appscan_fingerprint",
+              "w00tw00t.at.isc.sans.dfind",
+              "w00tw00t.at.blackhats.romanian.anti-sec"
+            ]
+          },
+          "operator": "phrase_match"
+        }
+      ],
+      "transformers": [
+        "lowercase"
+      ]
+    },
+    {
+      "id": "crs-920-260",
+      "name": "Unicode Full/Half Width Abuse Attack Attempt",
+      "tags": {
+        "type": "http_protocol_violation",
+        "crs_id": "920260",
+        "category": "attack_attempt",
+        "confidence": "0"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.uri.raw"
+              }
+            ],
+            "regex": "\\%u[fF]{2}[0-9a-fA-F]{2}",
+            "options": {
+              "case_sensitive": true,
+              "min_length": 6
+            }
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": []
+    },
+    {
+      "id": "crs-921-110",
+      "name": "HTTP Request Smuggling Attack",
+      "tags": {
+        "type": "http_protocol_violation",
+        "crs_id": "921110",
+        "category": "attack_attempt"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.query"
+              },
+              {
+                "address": "server.request.body"
+              },
+              {
+                "address": "server.request.path_params"
+              }
+            ],
+            "regex": "(?:get|post|head|options|connect|put|delete|trace|track|patch|propfind|propatch|mkcol|copy|move|lock|unlock)\\s+[^\\s]+\\s+http/\\d",
+            "options": {
+              "case_sensitive": true,
+              "min_length": 12
+            }
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": [
+        "lowercase"
+      ]
+    },
+    {
+      "id": "crs-921-160",
+      "name": "HTTP Header Injection Attack via payload (CR/LF and header-name detected)",
+      "tags": {
+        "type": "http_protocol_violation",
+        "crs_id": "921160",
+        "category": "attack_attempt"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.query"
+              },
+              {
+                "address": "server.request.path_params"
+              }
+            ],
+            "regex": "[\\n\\r]+(?:refresh|(?:set-)?cookie|(?:x-)?(?:forwarded-(?:for|host|server)|via|remote-ip|remote-addr|originating-IP))\\s*:",
+            "options": {
+              "case_sensitive": true,
+              "min_length": 3
+            }
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": [
+        "lowercase"
+      ]
+    },
+    {
+      "id": "crs-930-100",
+      "name": "Obfuscated Path Traversal Attack (/../)",
+      "tags": {
+        "type": "lfi",
+        "crs_id": "930100",
+        "category": "attack_attempt",
+        "confidence": "1"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.uri.raw"
+              },
+              {
+                "address": "server.request.headers.no_cookies"
+              }
+            ],
+            "regex": "(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\/|\\x5c)(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8|e)0%80%ae|2(?:(?:5(?:c0%25a|2))?e|%45)|u(?:(?:002|ff0)e|2024)|%32(?:%(?:%6|4)5|E)|c0(?:%[256aef]e|\\.))|\\.(?:%0[01])?|0x2e){2,3}(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\/|\\x5c)",
+            "options": {
+              "min_length": 4
+            }
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": [
+        "normalizePath"
+      ]
+    },
+    {
+      "id": "crs-930-110",
+      "name": "Simple Path Traversal Attack (/../)",
+      "tags": {
+        "type": "lfi",
+        "crs_id": "930110",
+        "category": "attack_attempt",
+        "confidence": "1"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.uri.raw"
+              },
+              {
+                "address": "server.request.headers.no_cookies"
+              }
+            ],
+            "regex": "(?:(?:^|[\\x5c/])\\.{2,3}[\\x5c/]|[\\x5c/]\\.{2,3}(?:[\\x5c/]|$))",
+            "options": {
+              "case_sensitive": true,
+              "min_length": 3
+            }
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": [
+        "removeNulls"
+      ]
+    },
+    {
+      "id": "crs-930-120",
+      "name": "OS File Access Attempt",
+      "tags": {
+        "type": "lfi",
+        "crs_id": "930120",
+        "category": "attack_attempt",
+        "confidence": "1"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.query"
+              },
+              {
+                "address": "server.request.body"
+              },
+              {
+                "address": "server.request.path_params"
+              },
+              {
+                "address": "grpc.server.request.message"
+              }
+            ],
+            "list": [
+              "/.htaccess",
+              "/.htdigest",
+              "/.htpasswd",
+              "/.addressbook",
+              "/.aptitude/config",
+              ".aws/config",
+              ".aws/credentials",
+              "/.bash_config",
+              "/.bash_history",
+              "/.bash_logout",
+              "/.bash_profile",
+              "/.bashrc",
+              ".cache/notify-osd.log",
+              ".config/odesk/odesk team.conf",
+              "/.cshrc",
+              "/.dockerignore",
+              ".drush/",
+              "/.eslintignore",
+              "/.fbcindex",
+              "/.forward",
+              "/.git",
+              ".git/",
+              "/.gitattributes",
+              "/.gitconfig",
+              ".gnupg/",
+              ".hplip/hplip.conf",
+              "/.ksh_history",
+              "/.lesshst",
+              ".lftp/",
+              "/.lhistory",
+              "/.lldb-history",
+              ".local/share/mc/",
+              "/.lynx_cookies",
+              "/.my.cnf",
+              "/.mysql_history",
+              "/.nano_history",
+              "/.node_repl_history",
+              "/.pearrc",
+              "/.pgpass",
+              "/.php_history",
+              "/.pinerc",
+              ".pki/",
+              "/.proclog",
+              "/.procmailrc",
+              "/.psql_history",
+              "/.python_history",
+              "/.rediscli_history",
+              "/.rhistory",
+              "/.rhosts",
+              "/.sh_history",
+              "/.sqlite_history",
+              ".ssh/authorized_keys",
+              ".ssh/config",
+              ".ssh/id_dsa",
+              ".ssh/id_dsa.pub",
+              ".ssh/id_rsa",
+              ".ssh/id_rsa.pub",
+              ".ssh/identity",
+              ".ssh/identity.pub",
+              ".ssh/id_ecdsa",
+              ".ssh/id_ecdsa.pub",
+              ".ssh/known_hosts",
+              ".subversion/auth",
+              ".subversion/config",
+              ".subversion/servers",
+              ".tconn/tconn.conf",
+              "/.tcshrc",
+              ".vidalia/vidalia.conf",
+              "/.viminfo",
+              "/.vimrc",
+              "/.www_acl",
+              "/.wwwacl",
+              "/.xauthority",
+              "/.zhistory",
+              "/.zshrc",
+              "/.zsh_history",
+              "/.nsconfig",
+              "data/elasticsearch",
+              "data/kafka",
+              "etc/ansible",
+              "etc/bind",
+              "etc/centos-release",
+              "etc/centos-release-upstream",
+              "etc/clam.d",
+              "etc/elasticsearch",
+              "etc/freshclam.conf",
+              "etc/gshadow",
+              "etc/gshadow-",
+              "etc/httpd",
+              "etc/kafka",
+              "etc/kibana",
+              "etc/logstash",
+              "etc/lvm",
+              "etc/mongod.conf",
+              "etc/my.cnf",
+              "etc/nuxeo.conf",
+              "etc/pki",
+              "etc/postfix",
+              "etc/scw-release",
+              "etc/subgid",
+              "etc/subgid-",
+              "etc/sudoers.d",
+              "etc/sysconfig",
+              "etc/system-release-cpe",
+              "opt/nuxeo",
+              "opt/tomcat",
+              "tmp/kafka-logs",
+              "usr/lib/rpm/rpm.log",
+              "var/data/elasticsearch",
+              "var/lib/elasticsearch",
+              "etc/.java",
+              "etc/acpi",
+              "etc/alsa",
+              "etc/alternatives",
+              "etc/apache2",
+              "etc/apm",
+              "etc/apparmor",
+              "etc/apparmor.d",
+              "etc/apport",
+              "etc/apt",
+              "etc/asciidoc",
+              "etc/avahi",
+              "etc/bash_completion.d",
+              "etc/binfmt.d",
+              "etc/bluetooth",
+              "etc/bonobo-activation",
+              "etc/brltty",
+              "etc/ca-certificates",
+              "etc/calendar",
+              "etc/chatscripts",
+              "etc/chromium-browser",
+              "etc/clamav",
+              "etc/cni",
+              "etc/console-setup",
+              "etc/coraza-waf",
+              "etc/cracklib",
+              "etc/cron.d",
+              "etc/cron.daily",
+              "etc/cron.hourly",
+              "etc/cron.monthly",
+              "etc/cron.weekly",
+              "etc/cups",
+              "etc/cups.save",
+              "etc/cupshelpers",
+              "etc/dbus-1",
+              "etc/dconf",
+              "etc/default",
+              "etc/depmod.d",
+              "etc/dhcp",
+              "etc/dictionaries-common",
+              "etc/dkms",
+              "etc/dnsmasq.d",
+              "etc/dockeretc/dpkg",
+              "etc/emacs",
+              "etc/environment.d",
+              "etc/fail2ban",
+              "etc/firebird",
+              "etc/firefox",
+              "etc/fonts",
+              "etc/fwupd",
+              "etc/gconf",
+              "etc/gdb",
+              "etc/gdm3",
+              "etc/geoclue",
+              "etc/ghostscript",
+              "etc/gimp",
+              "etc/glvnd",
+              "etc/gnome",
+              "etc/gnome-vfs-2.0",
+              "etc/gnucash",
+              "etc/gnustep",
+              "etc/groff",
+              "etc/grub.d",
+              "etc/gss",
+              "etc/gtk-2.0",
+              "etc/gtk-3.0",
+              "etc/hp",
+              "etc/ifplugd",
+              "etc/imagemagick-6",
+              "etc/init",
+              "etc/init.d",
+              "etc/initramfs-tools",
+              "etc/insserv.conf.d",
+              "etc/iproute2",
+              "etc/iptables",
+              "etc/java",
+              "etc/java-11-openjdk",
+              "etc/java-17-oracle",
+              "etc/java-8-openjdk",
+              "etc/kernel",
+              "etc/ld.so.conf.d",
+              "etc/ldap",
+              "etc/libblockdev",
+              "etc/libibverbs.d",
+              "etc/libnl-3",
+              "etc/libpaper.d",
+              "etc/libreoffice",
+              "etc/lighttpd",
+              "etc/logcheck",
+              "etc/logrotate.d",
+              "etc/lynx",
+              "etc/mail",
+              "etc/mc",
+              "etc/menu",
+              "etc/menu-methods",
+              "etc/modprobe.d",
+              "etc/modsecurity",
+              "etc/modules-load.d",
+              "etc/monit",
+              "etc/mono",
+              "etc/mplayer",
+              "etc/mpv",
+              "etc/muttrc.d",
+              "etc/mysql",
+              "etc/netplan",
+              "etc/network",
+              "etc/networkd-dispatcher",
+              "etc/networkmanager",
+              "etc/newt",
+              "etc/nghttpx",
+              "etc/nikto",
+              "etc/odbcdatasources",
+              "etc/openal",
+              "etc/openmpi",
+              "etc/opt",
+              "etc/osync",
+              "etc/packagekit",
+              "etc/pam.d",
+              "etc/pcmcia",
+              "etc/perl",
+              "etc/php",
+              "etc/pki",
+              "etc/pm",
+              "etc/polkit-1",
+              "etc/postfix",
+              "etc/ppp",
+              "etc/profile.d",
+              "etc/proftpd",
+              "etc/pulse",
+              "etc/python",
+              "etc/rc0.d",
+              "etc/rc1.d",
+              "etc/rc2.d",
+              "etc/rc3.d",
+              "etc/rc4.d",
+              "etc/rc5.d",
+              "etc/rc6.d",
+              "etc/rcs.d",
+              "etc/resolvconf",
+              "etc/rsyslog.d",
+              "etc/samba",
+              "etc/sane.d",
+              "etc/security",
+              "etc/selinux",
+              "etc/sensors.d",
+              "etc/sgml",
+              "etc/signon-ui",
+              "etc/skel",
+              "etc/snmp",
+              "etc/sound",
+              "etc/spamassassin",
+              "etc/speech-dispatcher",
+              "etc/ssh",
+              "etc/ssl",
+              "etc/sudoers.d",
+              "etc/sysctl.d",
+              "etc/sysstat",
+              "etc/systemd",
+              "etc/terminfo",
+              "etc/texmf",
+              "etc/thermald",
+              "etc/thnuclnt",
+              "etc/thunderbird",
+              "etc/timidity",
+              "etc/tmpfiles.d",
+              "etc/ubuntu-advantage",
+              "etc/udev",
+              "etc/udisks2",
+              "etc/ufw",
+              "etc/update-manager",
+              "etc/update-motd.d",
+              "etc/update-notifier",
+              "etc/upower",
+              "etc/urlview",
+              "etc/usb_modeswitch.d",
+              "etc/vim",
+              "etc/vmware",
+              "etc/vmware-installer",
+              "etc/vmware-vix",
+              "etc/vulkan",
+              "etc/w3m",
+              "etc/wireshark",
+              "etc/wpa_supplicant",
+              "etc/x11",
+              "etc/xdg",
+              "etc/xml",
+              "etc/redis.conf",
+              "etc/redis-sentinel.conf",
+              "etc/php.ini",
+              "bin/php.ini",
+              "etc/httpd/php.ini",
+              "usr/lib/php.ini",
+              "usr/lib/php/php.ini",
+              "usr/local/etc/php.ini",
+              "usr/local/lib/php.ini",
+              "usr/local/php/lib/php.ini",
+              "usr/local/php4/lib/php.ini",
+              "usr/local/php5/lib/php.ini",
+              "usr/local/apache/conf/php.ini",
+              "etc/php4.4/fcgi/php.ini",
+              "etc/php4/apache/php.ini",
+              "etc/php4/apache2/php.ini",
+              "etc/php5/apache/php.ini",
+              "etc/php5/apache2/php.ini",
+              "etc/php/php.ini",
+              "etc/php/php4/php.ini",
+              "etc/php/apache/php.ini",
+              "etc/php/apache2/php.ini",
+              "web/conf/php.ini",
+              "usr/local/zend/etc/php.ini",
+              "opt/xampp/etc/php.ini",
+              "var/local/www/conf/php.ini",
+              "etc/php/cgi/php.ini",
+              "etc/php4/cgi/php.ini",
+              "etc/php5/cgi/php.ini",
+              "home2/bin/stable/apache/php.ini",
+              "home/bin/stable/apache/php.ini",
+              "etc/httpd/conf.d/php.conf",
+              "php5/php.ini",
+              "php4/php.ini",
+              "php/php.ini",
+              "windows/php.ini",
+              "winnt/php.ini",
+              "apache/php/php.ini",
+              "xampp/apache/bin/php.ini",
+              "netserver/bin/stable/apache/php.ini",
+              "volumes/macintosh_hd1/usr/local/php/lib/php.ini",
+              "etc/mono/1.0/machine.config",
+              "etc/mono/2.0/machine.config",
+              "etc/mono/2.0/web.config",
+              "etc/mono/config",
+              "usr/local/cpanel/logs/stats_log",
+              "usr/local/cpanel/logs/access_log",
+              "usr/local/cpanel/logs/error_log",
+              "usr/local/cpanel/logs/license_log",
+              "usr/local/cpanel/logs/login_log",
+              "var/cpanel/cpanel.config",
+              "usr/local/psa/admin/logs/httpsd_access_log",
+              "usr/local/psa/admin/logs/panel.log",
+              "usr/local/psa/admin/conf/php.ini",
+              "etc/sw-cp-server/applications.d/plesk.conf",
+              "usr/local/psa/admin/conf/site_isolation_settings.ini",
+              "usr/local/sb/config",
+              "etc/sw-cp-server/applications.d/00-sso-cpserver.conf",
+              "etc/sso/sso_config.ini",
+              "etc/mysql/conf.d/old_passwords.cnf",
+              "var/mysql.log",
+              "var/mysql-bin.index",
+              "var/data/mysql-bin.index",
+              "program files/mysql/mysql server 5.0/data/{host}.err",
+              "program files/mysql/mysql server 5.0/data/mysql.log",
+              "program files/mysql/mysql server 5.0/data/mysql.err",
+              "program files/mysql/mysql server 5.0/data/mysql-bin.log",
+              "program files/mysql/mysql server 5.0/data/mysql-bin.index",
+              "program files/mysql/data/{host}.err",
+              "program files/mysql/data/mysql.log",
+              "program files/mysql/data/mysql.err",
+              "program files/mysql/data/mysql-bin.log",
+              "program files/mysql/data/mysql-bin.index",
+              "mysql/data/{host}.err",
+              "mysql/data/mysql.log",
+              "mysql/data/mysql.err",
+              "mysql/data/mysql-bin.log",
+              "mysql/data/mysql-bin.index",
+              "usr/local/mysql/data/mysql.log",
+              "usr/local/mysql/data/mysql.err",
+              "usr/local/mysql/data/mysql-bin.log",
+              "usr/local/mysql/data/mysql-slow.log",
+              "usr/local/mysql/data/mysqlderror.log",
+              "usr/local/mysql/data/{host}.err",
+              "usr/local/mysql/data/mysql-bin.index",
+              "var/lib/mysql/my.cnf",
+              "etc/mysql/my.cnf",
+              "etc/my.cnf",
+              "program files/mysql/mysql server 5.0/my.ini",
+              "program files/mysql/mysql server 5.0/my.cnf",
+              "program files/mysql/my.ini",
+              "program files/mysql/my.cnf",
+              "mysql/my.ini",
+              "mysql/my.cnf",
+              "mysql/bin/my.ini",
+              "var/postgresql/log/postgresql.log",
+              "usr/internet/pgsql/data/postmaster.log",
+              "usr/local/pgsql/data/postgresql.log",
+              "usr/local/pgsql/data/pg_log",
+              "postgresql/log/pgadmin.log",
+              "var/lib/pgsql/data/postgresql.conf",
+              "var/postgresql/db/postgresql.conf",
+              "var/nm2/postgresql.conf",
+              "usr/local/pgsql/data/postgresql.conf",
+              "usr/local/pgsql/data/pg_hba.conf",
+              "usr/internet/pgsql/data/pg_hba.conf",
+              "usr/local/pgsql/data/passwd",
+              "usr/local/pgsql/bin/pg_passwd",
+              "etc/postgresql/postgresql.conf",
+              "etc/postgresql/pg_hba.conf",
+              "home/postgres/data/postgresql.conf",
+              "home/postgres/data/pg_version",
+              "home/postgres/data/pg_ident.conf",
+              "home/postgres/data/pg_hba.conf",
+              "program files/postgresql/8.3/data/pg_hba.conf",
+              "program files/postgresql/8.3/data/pg_ident.conf",
+              "program files/postgresql/8.3/data/postgresql.conf",
+              "program files/postgresql/8.4/data/pg_hba.conf",
+              "program files/postgresql/8.4/data/pg_ident.conf",
+              "program files/postgresql/8.4/data/postgresql.conf",
+              "program files/postgresql/9.0/data/pg_hba.conf",
+              "program files/postgresql/9.0/data/pg_ident.conf",
+              "program files/postgresql/9.0/data/postgresql.conf",
+              "program files/postgresql/9.1/data/pg_hba.conf",
+              "program files/postgresql/9.1/data/pg_ident.conf",
+              "program files/postgresql/9.1/data/postgresql.conf",
+              "wamp/logs/access.log",
+              "wamp/logs/apache_error.log",
+              "wamp/logs/genquery.log",
+              "wamp/logs/mysql.log",
+              "wamp/logs/slowquery.log",
+              "wamp/bin/apache/apache2.2.22/logs/access.log",
+              "wamp/bin/apache/apache2.2.22/logs/error.log",
+              "wamp/bin/apache/apache2.2.21/logs/access.log",
+              "wamp/bin/apache/apache2.2.21/logs/error.log",
+              "wamp/bin/mysql/mysql5.5.24/data/mysql-bin.index",
+              "wamp/bin/mysql/mysql5.5.16/data/mysql-bin.index",
+              "wamp/bin/apache/apache2.2.21/conf/httpd.conf",
+              "wamp/bin/apache/apache2.2.22/conf/httpd.conf",
+              "wamp/bin/apache/apache2.2.21/wampserver.conf",
+              "wamp/bin/apache/apache2.2.22/wampserver.conf",
+              "wamp/bin/apache/apache2.2.22/conf/wampserver.conf",
+              "wamp/bin/mysql/mysql5.5.24/my.ini",
+              "wamp/bin/mysql/mysql5.5.24/wampserver.conf",
+              "wamp/bin/mysql/mysql5.5.16/my.ini",
+              "wamp/bin/mysql/mysql5.5.16/wampserver.conf",
+              "wamp/bin/php/php5.3.8/php.ini",
+              "wamp/bin/php/php5.4.3/php.ini",
+              "xampp/apache/logs/access.log",
+              "xampp/apache/logs/error.log",
+              "xampp/mysql/data/mysql-bin.index",
+              "xampp/mysql/data/mysql.err",
+              "xampp/mysql/data/{host}.err",
+              "xampp/sendmail/sendmail.log",
+              "xampp/apache/conf/httpd.conf",
+              "xampp/filezillaftp/filezilla server.xml",
+              "xampp/mercurymail/mercury.ini",
+              "xampp/php/php.ini",
+              "xampp/phpmyadmin/config.inc.php",
+              "xampp/sendmail/sendmail.ini",
+              "xampp/webalizer/webalizer.conf",
+              "opt/lampp/etc/httpd.conf",
+              "xampp/htdocs/aca.txt",
+              "xampp/htdocs/admin.php",
+              "xampp/htdocs/leer.txt",
+              "usr/local/apache/logs/audit_log",
+              "usr/local/apache2/logs/audit_log",
+              "logs/security_debug_log",
+              "logs/security_log",
+              "usr/local/apache/conf/modsec.conf",
+              "usr/local/apache2/conf/modsec.conf",
+              "winnt/system32/logfiles/msftpsvc",
+              "winnt/system32/logfiles/msftpsvc1",
+              "winnt/system32/logfiles/msftpsvc2",
+              "windows/system32/logfiles/msftpsvc",
+              "windows/system32/logfiles/msftpsvc1",
+              "windows/system32/logfiles/msftpsvc2",
+              "etc/logrotate.d/proftpd",
+              "www/logs/proftpd.system.log",
+              "etc/pam.d/proftpd",
+              "etc/proftp.conf",
+              "etc/protpd/proftpd.conf",
+              "etc/vhcs2/proftpd/proftpd.conf",
+              "etc/proftpd/modules.conf",
+              "etc/vsftpd.chroot_list",
+              "etc/logrotate.d/vsftpd.log",
+              "etc/vsftpd/vsftpd.conf",
+              "etc/vsftpd.conf",
+              "etc/chrootusers",
+              "var/adm/log/xferlog",
+              "etc/wu-ftpd/ftpaccess",
+              "etc/wu-ftpd/ftphosts",
+              "etc/wu-ftpd/ftpusers",
+              "logs/pure-ftpd.log",
+              "usr/sbin/pure-config.pl",
+              "usr/etc/pure-ftpd.conf",
+              "etc/pure-ftpd/pure-ftpd.conf",
+              "usr/local/etc/pure-ftpd.conf",
+              "usr/local/etc/pureftpd.pdb",
+              "usr/local/pureftpd/etc/pureftpd.pdb",
+              "usr/local/pureftpd/sbin/pure-config.pl",
+              "usr/local/pureftpd/etc/pure-ftpd.conf",
+              "etc/pure-ftpd.conf",
+              "etc/pure-ftpd/pure-ftpd.pdb",
+              "etc/pureftpd.pdb",
+              "etc/pureftpd.passwd",
+              "etc/pure-ftpd/pureftpd.pdb",
+              "usr/ports/ftp/pure-ftpd/pure-ftpd.conf",
+              "usr/ports/ftp/pure-ftpd/pureftpd.pdb",
+              "usr/ports/ftp/pure-ftpd/pureftpd.passwd",
+              "usr/ports/net/pure-ftpd/pure-ftpd.conf",
+              "usr/ports/net/pure-ftpd/pureftpd.pdb",
+              "usr/ports/net/pure-ftpd/pureftpd.passwd",
+              "usr/pkgsrc/net/pureftpd/pure-ftpd.conf",
+              "usr/pkgsrc/net/pureftpd/pureftpd.pdb",
+              "usr/pkgsrc/net/pureftpd/pureftpd.passwd",
+              "usr/ports/contrib/pure-ftpd/pure-ftpd.conf",
+              "usr/ports/contrib/pure-ftpd/pureftpd.pdb",
+              "usr/ports/contrib/pure-ftpd/pureftpd.passwd",
+              "usr/sbin/mudlogd",
+              "etc/muddleftpd/mudlog",
+              "etc/muddleftpd.com",
+              "etc/muddleftpd/mudlogd.conf",
+              "etc/muddleftpd/muddleftpd.conf",
+              "usr/sbin/mudpasswd",
+              "etc/muddleftpd/muddleftpd.passwd",
+              "etc/muddleftpd/passwd",
+              "etc/logrotate.d/ftp",
+              "etc/ftpchroot",
+              "etc/ftphosts",
+              "etc/ftpusers",
+              "winnt/system32/logfiles/smtpsvc",
+              "winnt/system32/logfiles/smtpsvc1",
+              "winnt/system32/logfiles/smtpsvc2",
+              "winnt/system32/logfiles/smtpsvc3",
+              "winnt/system32/logfiles/smtpsvc4",
+              "winnt/system32/logfiles/smtpsvc5",
+              "windows/system32/logfiles/smtpsvc",
+              "windows/system32/logfiles/smtpsvc1",
+              "windows/system32/logfiles/smtpsvc2",
+              "windows/system32/logfiles/smtpsvc3",
+              "windows/system32/logfiles/smtpsvc4",
+              "windows/system32/logfiles/smtpsvc5",
+              "etc/osxhttpd/osxhttpd.conf",
+              "system/library/webobjects/adaptors/apache2.2/apache.conf",
+              "etc/apache2/sites-available/default",
+              "etc/apache2/sites-available/default-ssl",
+              "etc/apache2/sites-enabled/000-default",
+              "etc/apache2/sites-enabled/default",
+              "etc/apache2/apache2.conf",
+              "etc/apache2/ports.conf",
+              "usr/local/etc/apache/httpd.conf",
+              "usr/pkg/etc/httpd/httpd.conf",
+              "usr/pkg/etc/httpd/httpd-default.conf",
+              "usr/pkg/etc/httpd/httpd-vhosts.conf",
+              "etc/httpd/mod_php.conf",
+              "etc/httpd/extra/httpd-ssl.conf",
+              "etc/rc.d/rc.httpd",
+              "usr/local/apache/conf/httpd.conf.default",
+              "usr/local/apache/conf/access.conf",
+              "usr/local/apache22/conf/httpd.conf",
+              "usr/local/apache22/httpd.conf",
+              "usr/local/etc/apache22/conf/httpd.conf",
+              "usr/local/apps/apache22/conf/httpd.conf",
+              "etc/apache22/conf/httpd.conf",
+              "etc/apache22/httpd.conf",
+              "opt/apache22/conf/httpd.conf",
+              "usr/local/etc/apache2/vhosts.conf",
+              "usr/local/apache/conf/vhosts.conf",
+              "usr/local/apache2/conf/vhosts.conf",
+              "usr/local/apache/conf/vhosts-custom.conf",
+              "usr/local/apache2/conf/vhosts-custom.conf",
+              "etc/apache/default-server.conf",
+              "etc/apache2/default-server.conf",
+              "usr/local/apache2/conf/extra/httpd-ssl.conf",
+              "usr/local/apache2/conf/ssl.conf",
+              "etc/httpd/conf.d",
+              "usr/local/etc/apache22/httpd.conf",
+              "usr/local/etc/apache2/httpd.conf",
+              "etc/apache2/httpd2.conf",
+              "etc/apache2/ssl-global.conf",
+              "etc/apache2/vhosts.d/00_default_vhost.conf",
+              "apache/conf/httpd.conf",
+              "etc/apache/httpd.conf",
+              "etc/httpd/conf",
+              "http/httpd.conf",
+              "usr/local/apache1.3/conf/httpd.conf",
+              "usr/local/etc/httpd/conf",
+              "var/apache/conf/httpd.conf",
+              "var/www/conf",
+              "www/apache/conf/httpd.conf",
+              "www/conf/httpd.conf",
+              "etc/init.d",
+              "etc/apache/access.conf",
+              "etc/rc.conf",
+              "www/logs/freebsddiary-error.log",
+              "www/logs/freebsddiary-access_log",
+              "library/webserver/documents/index.html",
+              "library/webserver/documents/index.htm",
+              "library/webserver/documents/default.html",
+              "library/webserver/documents/default.htm",
+              "library/webserver/documents/index.php",
+              "library/webserver/documents/default.php",
+              "usr/local/etc/webmin/miniserv.conf",
+              "etc/webmin/miniserv.conf",
+              "usr/local/etc/webmin/miniserv.users",
+              "etc/webmin/miniserv.users",
+              "winnt/system32/logfiles/w3svc/inetsvn1.log",
+              "winnt/system32/logfiles/w3svc1/inetsvn1.log",
+              "winnt/system32/logfiles/w3svc2/inetsvn1.log",
+              "winnt/system32/logfiles/w3svc3/inetsvn1.log",
+              "windows/system32/logfiles/w3svc/inetsvn1.log",
+              "windows/system32/logfiles/w3svc1/inetsvn1.log",
+              "windows/system32/logfiles/w3svc2/inetsvn1.log",
+              "windows/system32/logfiles/w3svc3/inetsvn1.log",
+              "apache/logs/error.log",
+              "apache/logs/access.log",
+              "apache2/logs/error.log",
+              "apache2/logs/access.log",
+              "logs/error.log",
+              "logs/access.log",
+              "etc/httpd/logs/access_log",
+              "etc/httpd/logs/access.log",
+              "etc/httpd/logs/error_log",
+              "etc/httpd/logs/error.log",
+              "usr/local/apache/logs/access_log",
+              "usr/local/apache/logs/access.log",
+              "usr/local/apache/logs/error_log",
+              "usr/local/apache/logs/error.log",
+              "usr/local/apache2/logs/access_log",
+              "usr/local/apache2/logs/access.log",
+              "usr/local/apache2/logs/error_log",
+              "usr/local/apache2/logs/error.log",
+              "var/www/logs/access_log",
+              "var/www/logs/access.log",
+              "var/www/logs/error_log",
+              "var/www/logs/error.log",
+              "opt/lampp/logs/access_log",
+              "opt/lampp/logs/error_log",
+              "opt/xampp/logs/access_log",
+              "opt/xampp/logs/error_log",
+              "opt/lampp/logs/access.log",
+              "opt/lampp/logs/error.log",
+              "opt/xampp/logs/access.log",
+              "opt/xampp/logs/error.log",
+              "program files/apache group/apache/logs/access.log",
+              "program files/apache group/apache/logs/error.log",
+              "program files/apache software foundation/apache2.2/logs/error.log",
+              "program files/apache software foundation/apache2.2/logs/access.log",
+              "opt/apache/apache.conf",
+              "opt/apache/conf/apache.conf",
+              "opt/apache2/apache.conf",
+              "opt/apache2/conf/apache.conf",
+              "opt/httpd/apache.conf",
+              "opt/httpd/conf/apache.conf",
+              "etc/httpd/apache.conf",
+              "etc/apache2/apache.conf",
+              "etc/httpd/conf/apache.conf",
+              "usr/local/apache/apache.conf",
+              "usr/local/apache/conf/apache.conf",
+              "usr/local/apache2/apache.conf",
+              "usr/local/apache2/conf/apache.conf",
+              "usr/local/php/apache.conf.php",
+              "usr/local/php4/apache.conf.php",
+              "usr/local/php5/apache.conf.php",
+              "usr/local/php/apache.conf",
+              "usr/local/php4/apache.conf",
+              "usr/local/php5/apache.conf",
+              "private/etc/httpd/apache.conf",
+              "opt/apache/apache2.conf",
+              "opt/apache/conf/apache2.conf",
+              "opt/apache2/apache2.conf",
+              "opt/apache2/conf/apache2.conf",
+              "opt/httpd/apache2.conf",
+              "opt/httpd/conf/apache2.conf",
+              "etc/httpd/apache2.conf",
+              "etc/httpd/conf/apache2.conf",
+              "usr/local/apache/apache2.conf",
+              "usr/local/apache/conf/apache2.conf",
+              "usr/local/apache2/apache2.conf",
+              "usr/local/apache2/conf/apache2.conf",
+              "usr/local/php/apache2.conf.php",
+              "usr/local/php4/apache2.conf.php",
+              "usr/local/php5/apache2.conf.php",
+              "usr/local/php/apache2.conf",
+              "usr/local/php4/apache2.conf",
+              "usr/local/php5/apache2.conf",
+              "private/etc/httpd/apache2.conf",
+              "usr/local/apache/conf/httpd.conf",
+              "usr/local/apache2/conf/httpd.conf",
+              "etc/httpd/conf/httpd.conf",
+              "etc/apache/apache.conf",
+              "etc/apache/conf/httpd.conf",
+              "etc/apache2/httpd.conf",
+              "usr/apache2/conf/httpd.conf",
+              "usr/apache/conf/httpd.conf",
+              "usr/local/etc/apache/conf/httpd.conf",
+              "usr/local/apache/httpd.conf",
+              "usr/local/apache2/httpd.conf",
+              "usr/local/httpd/conf/httpd.conf",
+              "usr/local/etc/apache2/conf/httpd.conf",
+              "usr/local/etc/httpd/conf/httpd.conf",
+              "usr/local/apps/apache2/conf/httpd.conf",
+              "usr/local/apps/apache/conf/httpd.conf",
+              "usr/local/php/httpd.conf.php",
+              "usr/local/php4/httpd.conf.php",
+              "usr/local/php5/httpd.conf.php",
+              "usr/local/php/httpd.conf",
+              "usr/local/php4/httpd.conf",
+              "usr/local/php5/httpd.conf",
+              "etc/apache2/conf/httpd.conf",
+              "etc/http/conf/httpd.conf",
+              "etc/httpd/httpd.conf",
+              "etc/http/httpd.conf",
+              "etc/httpd.conf",
+              "opt/apache/conf/httpd.conf",
+              "opt/apache2/conf/httpd.conf",
+              "var/www/conf/httpd.conf",
+              "private/etc/httpd/httpd.conf",
+              "private/etc/httpd/httpd.conf.default",
+              "etc/apache2/vhosts.d/default_vhost.include",
+              "etc/apache2/conf.d/charset",
+              "etc/apache2/conf.d/security",
+              "etc/apache2/envvars",
+              "etc/apache2/mods-available/autoindex.conf",
+              "etc/apache2/mods-available/deflate.conf",
+              "etc/apache2/mods-available/dir.conf",
+              "etc/apache2/mods-available/mem_cache.conf",
+              "etc/apache2/mods-available/mime.conf",
+              "etc/apache2/mods-available/proxy.conf",
+              "etc/apache2/mods-available/setenvif.conf",
+              "etc/apache2/mods-available/ssl.conf",
+              "etc/apache2/mods-enabled/alias.conf",
+              "etc/apache2/mods-enabled/deflate.conf",
+              "etc/apache2/mods-enabled/dir.conf",
+              "etc/apache2/mods-enabled/mime.conf",
+              "etc/apache2/mods-enabled/negotiation.conf",
+              "etc/apache2/mods-enabled/php5.conf",
+              "etc/apache2/mods-enabled/status.conf",
+              "program files/apache group/apache/conf/httpd.conf",
+              "program files/apache group/apache2/conf/httpd.conf",
+              "program files/xampp/apache/conf/apache.conf",
+              "program files/xampp/apache/conf/apache2.conf",
+              "program files/xampp/apache/conf/httpd.conf",
+              "program files/apache group/apache/apache.conf",
+              "program files/apache group/apache/conf/apache.conf",
+              "program files/apache group/apache2/conf/apache.conf",
+              "program files/apache group/apache/apache2.conf",
+              "program files/apache group/apache/conf/apache2.conf",
+              "program files/apache group/apache2/conf/apache2.conf",
+              "program files/apache software foundation/apache2.2/conf/httpd.conf",
+              "volumes/macintosh_hd1/opt/httpd/conf/httpd.conf",
+              "volumes/macintosh_hd1/opt/apache/conf/httpd.conf",
+              "volumes/macintosh_hd1/opt/apache2/conf/httpd.conf",
+              "volumes/macintosh_hd1/usr/local/php/httpd.conf.php",
+              "volumes/macintosh_hd1/usr/local/php4/httpd.conf.php",
+              "volumes/macintosh_hd1/usr/local/php5/httpd.conf.php",
+              "volumes/webbackup/opt/apache2/conf/httpd.conf",
+              "volumes/webbackup/private/etc/httpd/httpd.conf",
+              "volumes/webbackup/private/etc/httpd/httpd.conf.default",
+              "usr/local/etc/apache/vhosts.conf",
+              "usr/local/jakarta/tomcat/conf/jakarta.conf",
+              "usr/local/jakarta/tomcat/conf/server.xml",
+              "usr/local/jakarta/tomcat/conf/context.xml",
+              "usr/local/jakarta/tomcat/conf/workers.properties",
+              "usr/local/jakarta/tomcat/conf/logging.properties",
+              "usr/local/jakarta/dist/tomcat/conf/jakarta.conf",
+              "usr/local/jakarta/dist/tomcat/conf/server.xml",
+              "usr/local/jakarta/dist/tomcat/conf/context.xml",
+              "usr/local/jakarta/dist/tomcat/conf/workers.properties",
+              "usr/local/jakarta/dist/tomcat/conf/logging.properties",
+              "usr/share/tomcat6/conf/server.xml",
+              "usr/share/tomcat6/conf/context.xml",
+              "usr/share/tomcat6/conf/workers.properties",
+              "usr/share/tomcat6/conf/logging.properties",
+              "var/cpanel/tomcat.options",
+              "usr/local/jakarta/tomcat/logs/catalina.out",
+              "usr/local/jakarta/tomcat/logs/catalina.err",
+              "opt/tomcat/logs/catalina.out",
+              "opt/tomcat/logs/catalina.err",
+              "usr/share/logs/catalina.out",
+              "usr/share/logs/catalina.err",
+              "usr/share/tomcat/logs/catalina.out",
+              "usr/share/tomcat/logs/catalina.err",
+              "usr/share/tomcat6/logs/catalina.out",
+              "usr/share/tomcat6/logs/catalina.err",
+              "usr/local/apache/logs/mod_jk.log",
+              "usr/local/jakarta/tomcat/logs/mod_jk.log",
+              "usr/local/jakarta/dist/tomcat/logs/mod_jk.log",
+              "opt/[jboss]/server/default/conf/jboss-minimal.xml",
+              "opt/[jboss]/server/default/conf/jboss-service.xml",
+              "opt/[jboss]/server/default/conf/jndi.properties",
+              "opt/[jboss]/server/default/conf/log4j.xml",
+              "opt/[jboss]/server/default/conf/login-config.xml",
+              "opt/[jboss]/server/default/conf/standardjaws.xml",
+              "opt/[jboss]/server/default/conf/standardjboss.xml",
+              "opt/[jboss]/server/default/conf/server.log.properties",
+              "opt/[jboss]/server/default/deploy/jboss-logging.xml",
+              "usr/local/[jboss]/server/default/conf/jboss-minimal.xml",
+              "usr/local/[jboss]/server/default/conf/jboss-service.xml",
+              "usr/local/[jboss]/server/default/conf/jndi.properties",
+              "usr/local/[jboss]/server/default/conf/log4j.xml",
+              "usr/local/[jboss]/server/default/conf/login-config.xml",
+              "usr/local/[jboss]/server/default/conf/standardjaws.xml",
+              "usr/local/[jboss]/server/default/conf/standardjboss.xml",
+              "usr/local/[jboss]/server/default/conf/server.log.properties",
+              "usr/local/[jboss]/server/default/deploy/jboss-logging.xml",
+              "private/tmp/[jboss]/server/default/conf/jboss-minimal.xml",
+              "private/tmp/[jboss]/server/default/conf/jboss-service.xml",
+              "private/tmp/[jboss]/server/default/conf/jndi.properties",
+              "private/tmp/[jboss]/server/default/conf/log4j.xml",
+              "private/tmp/[jboss]/server/default/conf/login-config.xml",
+              "private/tmp/[jboss]/server/default/conf/standardjaws.xml",
+              "private/tmp/[jboss]/server/default/conf/standardjboss.xml",
+              "private/tmp/[jboss]/server/default/conf/server.log.properties",
+              "private/tmp/[jboss]/server/default/deploy/jboss-logging.xml",
+              "tmp/[jboss]/server/default/conf/jboss-minimal.xml",
+              "tmp/[jboss]/server/default/conf/jboss-service.xml",
+              "tmp/[jboss]/server/default/conf/jndi.properties",
+              "tmp/[jboss]/server/default/conf/log4j.xml",
+              "tmp/[jboss]/server/default/conf/login-config.xml",
+              "tmp/[jboss]/server/default/conf/standardjaws.xml",
+              "tmp/[jboss]/server/default/conf/standardjboss.xml",
+              "tmp/[jboss]/server/default/conf/server.log.properties",
+              "tmp/[jboss]/server/default/deploy/jboss-logging.xml",
+              "program files/[jboss]/server/default/conf/jboss-minimal.xml",
+              "program files/[jboss]/server/default/conf/jboss-service.xml",
+              "program files/[jboss]/server/default/conf/jndi.properties",
+              "program files/[jboss]/server/default/conf/log4j.xml",
+              "program files/[jboss]/server/default/conf/login-config.xml",
+              "program files/[jboss]/server/default/conf/standardjaws.xml",
+              "program files/[jboss]/server/default/conf/standardjboss.xml",
+              "program files/[jboss]/server/default/conf/server.log.properties",
+              "program files/[jboss]/server/default/deploy/jboss-logging.xml",
+              "[jboss]/server/default/conf/jboss-minimal.xml",
+              "[jboss]/server/default/conf/jboss-service.xml",
+              "[jboss]/server/default/conf/jndi.properties",
+              "[jboss]/server/default/conf/log4j.xml",
+              "[jboss]/server/default/conf/login-config.xml",
+              "[jboss]/server/default/conf/standardjaws.xml",
+              "[jboss]/server/default/conf/standardjboss.xml",
+              "[jboss]/server/default/conf/server.log.properties",
+              "[jboss]/server/default/deploy/jboss-logging.xml",
+              "opt/[jboss]/server/default/log/server.log",
+              "opt/[jboss]/server/default/log/boot.log",
+              "usr/local/[jboss]/server/default/log/server.log",
+              "usr/local/[jboss]/server/default/log/boot.log",
+              "private/tmp/[jboss]/server/default/log/server.log",
+              "private/tmp/[jboss]/server/default/log/boot.log",
+              "tmp/[jboss]/server/default/log/server.log",
+              "tmp/[jboss]/server/default/log/boot.log",
+              "program files/[jboss]/server/default/log/server.log",
+              "program files/[jboss]/server/default/log/boot.log",
+              "[jboss]/server/default/log/server.log",
+              "[jboss]/server/default/log/boot.log",
+              "var/lighttpd.log",
+              "var/logs/access.log",
+              "usr/local/apache2/logs/lighttpd.error.log",
+              "usr/local/apache2/logs/lighttpd.log",
+              "usr/local/apache/logs/lighttpd.error.log",
+              "usr/local/apache/logs/lighttpd.log",
+              "usr/local/lighttpd/log/lighttpd.error.log",
+              "usr/local/lighttpd/log/access.log",
+              "usr/home/user/var/log/lighttpd.error.log",
+              "usr/home/user/var/log/apache.log",
+              "home/user/lighttpd/lighttpd.conf",
+              "usr/home/user/lighttpd/lighttpd.conf",
+              "etc/lighttpd/lighthttpd.conf",
+              "usr/local/etc/lighttpd.conf",
+              "usr/local/lighttpd/conf/lighttpd.conf",
+              "usr/local/etc/lighttpd.conf.new",
+              "var/www/.lighttpdpassword",
+              "logs/access_log",
+              "logs/error_log",
+              "etc/nginx/nginx.conf",
+              "usr/local/etc/nginx/nginx.conf",
+              "usr/local/nginx/conf/nginx.conf",
+              "usr/local/zeus/web/global.cfg",
+              "usr/local/zeus/web/log/errors",
+              "opt/lsws/conf/httpd_conf.xml",
+              "usr/local/lsws/conf/httpd_conf.xml",
+              "opt/lsws/logs/error.log",
+              "opt/lsws/logs/access.log",
+              "usr/local/lsws/logs/error.log",
+              "usr/local/logs/access.log",
+              "usr/local/samba/lib/log.user",
+              "usr/local/logs/samba.log",
+              "etc/samba/netlogon",
+              "etc/smbpasswd",
+              "etc/smb.conf",
+              "etc/samba/dhcp.conf",
+              "etc/samba/smb.conf",
+              "etc/samba/samba.conf",
+              "etc/samba/smb.conf.user",
+              "etc/samba/smbpasswd",
+              "etc/samba/smbusers",
+              "etc/samba/private/smbpasswd",
+              "usr/local/etc/smb.conf",
+              "usr/local/samba/lib/smb.conf.user",
+              "etc/dhcp3/dhclient.conf",
+              "etc/dhcp3/dhcpd.conf",
+              "etc/dhcp/dhclient.conf",
+              "program files/vidalia bundle/polipo/polipo.conf",
+              "etc/tor/tor-tsocks.conf",
+              "etc/stunnel/stunnel.conf",
+              "etc/tsocks.conf",
+              "etc/tinyproxy/tinyproxy.conf",
+              "etc/miredo-server.conf",
+              "etc/miredo.conf",
+              "etc/miredo/miredo-server.conf",
+              "etc/miredo/miredo.conf",
+              "etc/wicd/dhclient.conf.template.default",
+              "etc/wicd/manager-settings.conf",
+              "etc/wicd/wired-settings.conf",
+              "etc/wicd/wireless-settings.conf",
+              "etc/ipfw.rules",
+              "etc/ipfw.conf",
+              "etc/firewall.rules",
+              "winnt/system32/logfiles/firewall/pfirewall.log",
+              "winnt/system32/logfiles/firewall/pfirewall.log.old",
+              "windows/system32/logfiles/firewall/pfirewall.log",
+              "windows/system32/logfiles/firewall/pfirewall.log.old",
+              "etc/clamav/clamd.conf",
+              "etc/clamav/freshclam.conf",
+              "etc/x11/xorg.conf",
+              "etc/x11/xorg.conf-vesa",
+              "etc/x11/xorg.conf-vmware",
+              "etc/x11/xorg.conf.beforevmwaretoolsinstall",
+              "etc/x11/xorg.conf.orig",
+              "etc/bluetooth/input.conf",
+              "etc/bluetooth/main.conf",
+              "etc/bluetooth/network.conf",
+              "etc/bluetooth/rfcomm.conf",
+              "etc/bash_completion.d/debconf",
+              "root/.bash_logout",
+              "root/.bash_history",
+              "root/.bash_config",
+              "root/.bashrc",
+              "etc/bash.bashrc",
+              "var/adm/syslog",
+              "var/adm/sulog",
+              "var/adm/utmp",
+              "var/adm/utmpx",
+              "var/adm/wtmp",
+              "var/adm/wtmpx",
+              "var/adm/lastlog/username",
+              "usr/spool/lp/log",
+              "var/adm/lp/lpd-errs",
+              "usr/lib/cron/log",
+              "var/adm/loginlog",
+              "var/adm/pacct",
+              "var/adm/dtmp",
+              "var/adm/acct/sum/loginlog",
+              "var/adm/x0msgs",
+              "var/adm/crash/vmcore",
+              "var/adm/crash/unix",
+              "etc/newsyslog.conf",
+              "var/adm/qacct",
+              "var/adm/ras/errlog",
+              "var/adm/ras/bootlog",
+              "var/adm/cron/log",
+              "etc/utmp",
+              "etc/security/lastlog",
+              "etc/security/failedlogin",
+              "usr/spool/mqueue/syslog",
+              "var/adm/messages",
+              "var/adm/aculogs",
+              "var/adm/aculog",
+              "var/adm/vold.log",
+              "var/adm/log/asppp.log",
+              "var/lp/logs/lpsched",
+              "var/lp/logs/lpnet",
+              "var/lp/logs/requests",
+              "var/cron/log",
+              "var/saf/_log",
+              "var/saf/port/log",
+              "tmp/access.log",
+              "etc/sensors.conf",
+              "etc/sensors3.conf",
+              "etc/host.conf",
+              "etc/pam.conf",
+              "etc/resolv.conf",
+              "etc/apt/apt.conf",
+              "etc/inetd.conf",
+              "etc/syslog.conf",
+              "etc/sysctl.conf",
+              "etc/sysctl.d/10-console-messages.conf",
+              "etc/sysctl.d/10-network-security.conf",
+              "etc/sysctl.d/10-process-security.conf",
+              "etc/sysctl.d/wine.sysctl.conf",
+              "etc/security/access.conf",
+              "etc/security/group.conf",
+              "etc/security/limits.conf",
+              "etc/security/namespace.conf",
+              "etc/security/pam_env.conf",
+              "etc/security/sepermit.conf",
+              "etc/security/time.conf",
+              "etc/ssh/sshd_config",
+              "etc/adduser.conf",
+              "etc/deluser.conf",
+              "etc/avahi/avahi-daemon.conf",
+              "etc/ca-certificates.conf",
+              "etc/ca-certificates.conf.dpkg-old",
+              "etc/casper.conf",
+              "etc/chkrootkit.conf",
+              "etc/debconf.conf",
+              "etc/dns2tcpd.conf",
+              "etc/e2fsck.conf",
+              "etc/esound/esd.conf",
+              "etc/etter.conf",
+              "etc/fuse.conf",
+              "etc/foremost.conf",
+              "etc/hdparm.conf",
+              "etc/kernel-img.conf",
+              "etc/kernel-pkg.conf",
+              "etc/ld.so.conf",
+              "etc/ltrace.conf",
+              "etc/mail/sendmail.conf",
+              "etc/manpath.config",
+              "etc/kbd/config",
+              "etc/ldap/ldap.conf",
+              "etc/logrotate.conf",
+              "etc/mtools.conf",
+              "etc/smi.conf",
+              "etc/updatedb.conf",
+              "etc/pulse/client.conf",
+              "usr/share/adduser/adduser.conf",
+              "etc/hostname",
+              "etc/networks",
+              "etc/timezone",
+              "etc/modules",
+              "etc/passwd",
+              "etc/shadow",
+              "etc/fstab",
+              "etc/motd",
+              "etc/hosts",
+              "etc/group",
+              "etc/alias",
+              "etc/crontab",
+              "etc/crypttab",
+              "etc/exports",
+              "etc/mtab",
+              "etc/hosts.allow",
+              "etc/hosts.deny",
+              "etc/os-release",
+              "etc/password.master",
+              "etc/profile",
+              "etc/default/grub",
+              "etc/resolvconf/update-libc.d/sendmail",
+              "etc/inittab",
+              "etc/issue",
+              "etc/issue.net",
+              "etc/login.defs",
+              "etc/sudoers",
+              "etc/sysconfig/network-scripts/ifcfg-eth0",
+              "etc/redhat-release",
+              "etc/scw-release",
+              "etc/system-release-cpe",
+              "etc/debian_version",
+              "etc/fedora-release",
+              "etc/mandrake-release",
+              "etc/slackware-release",
+              "etc/suse-release",
+              "etc/security/group",
+              "etc/security/passwd",
+              "etc/security/user",
+              "etc/security/environ",
+              "etc/security/limits",
+              "etc/security/opasswd",
+              "boot/grub/grub.cfg",
+              "boot/grub/menu.lst",
+              "root/.ksh_history",
+              "root/.xauthority",
+              "usr/lib/security/mkuser.default",
+              "var/lib/squirrelmail/prefs/squirrelmail.log",
+              "etc/squirrelmail/apache.conf",
+              "etc/squirrelmail/config_local.php",
+              "etc/squirrelmail/default_pref",
+              "etc/squirrelmail/index.php",
+              "etc/squirrelmail/config_default.php",
+              "etc/squirrelmail/config.php",
+              "etc/squirrelmail/filters_setup.php",
+              "etc/squirrelmail/sqspell_config.php",
+              "etc/squirrelmail/config/config.php",
+              "etc/httpd/conf.d/squirrelmail.conf",
+              "usr/share/squirrelmail/config/config.php",
+              "private/etc/squirrelmail/config/config.php",
+              "srv/www/htdos/squirrelmail/config/config.php",
+              "var/www/squirrelmail/config/config.php",
+              "var/www/html/squirrelmail/config/config.php",
+              "var/www/html/squirrelmail-1.2.9/config/config.php",
+              "usr/share/squirrelmail/plugins/squirrel_logger/setup.php",
+              "usr/local/squirrelmail/www/readme",
+              "windows/system32/drivers/etc/hosts",
+              "windows/system32/drivers/etc/lmhosts.sam",
+              "windows/system32/drivers/etc/networks",
+              "windows/system32/drivers/etc/protocol",
+              "windows/system32/drivers/etc/services",
+              "/boot.ini",
+              "windows/debug/netsetup.log",
+              "windows/comsetup.log",
+              "windows/repair/setup.log",
+              "windows/setupact.log",
+              "windows/setupapi.log",
+              "windows/setuperr.log",
+              "windows/updspapi.log",
+              "windows/wmsetup.log",
+              "windows/windowsupdate.log",
+              "windows/odbc.ini",
+              "usr/local/psa/admin/htdocs/domains/databases/phpmyadmin/libraries/config.default.php",
+              "etc/apache2/conf.d/phpmyadmin.conf",
+              "etc/phpmyadmin/config.inc.php",
+              "etc/openldap/ldap.conf",
+              "etc/cups/acroread.conf",
+              "etc/cups/cupsd.conf",
+              "etc/cups/cupsd.conf.default",
+              "etc/cups/pdftops.conf",
+              "etc/cups/printers.conf",
+              "windows/system32/macromed/flash/flashinstall.log",
+              "windows/system32/macromed/flash/install.log",
+              "etc/cvs-cron.conf",
+              "etc/cvs-pserver.conf",
+              "etc/subversion/config",
+              "etc/modprobe.d/vmware-tools.conf",
+              "etc/updatedb.conf.beforevmwaretoolsinstall",
+              "etc/vmware-tools/config",
+              "etc/vmware-tools/tpvmlp.conf",
+              "etc/vmware-tools/vmware-tools-libraries.conf",
+              "var/log",
+              "var/log/sw-cp-server/error_log",
+              "var/log/sso/sso.log",
+              "var/log/dpkg.log",
+              "var/log/btmp",
+              "var/log/utmp",
+              "var/log/wtmp",
+              "var/log/mysql/mysql-bin.log",
+              "var/log/mysql/mysql-bin.index",
+              "var/log/mysql/data/mysql-bin.index",
+              "var/log/mysql.log",
+              "var/log/mysql.err",
+              "var/log/mysqlderror.log",
+              "var/log/mysql/mysql.log",
+              "var/log/mysql/mysql-slow.log",
+              "var/log/mysql-bin.index",
+              "var/log/data/mysql-bin.index",
+              "var/log/postgresql/postgresql.log",
+              "var/log/postgres/pg_backup.log",
+              "var/log/postgres/postgres.log",
+              "var/log/postgresql.log",
+              "var/log/pgsql/pgsql.log",
+              "var/log/postgresql/postgresql-8.1-main.log",
+              "var/log/postgresql/postgresql-8.3-main.log",
+              "var/log/postgresql/postgresql-8.4-main.log",
+              "var/log/postgresql/postgresql-9.0-main.log",
+              "var/log/postgresql/postgresql-9.1-main.log",
+              "var/log/pgsql8.log",
+              "var/log/postgresql/postgres.log",
+              "var/log/pgsql_log",
+              "var/log/postgresql/main.log",
+              "var/log/cron",
+              "var/log/postgres.log",
+              "var/log/proftpd",
+              "var/log/proftpd/xferlog.legacy",
+              "var/log/proftpd.access_log",
+              "var/log/proftpd.xferlog",
+              "var/log/vsftpd.log",
+              "var/log/xferlog",
+              "var/log/pure-ftpd/pure-ftpd.log",
+              "var/log/pureftpd.log",
+              "var/log/muddleftpd",
+              "var/log/muddleftpd.conf",
+              "var/log/ftp-proxy/ftp-proxy.log",
+              "var/log/ftp-proxy",
+              "var/log/ftplog",
+              "var/log/exim_mainlog",
+              "var/log/exim/mainlog",
+              "var/log/maillog",
+              "var/log/exim_paniclog",
+              "var/log/exim/paniclog",
+              "var/log/exim/rejectlog",
+              "var/log/exim_rejectlog",
+              "var/log/webmin/miniserv.log",
+              "var/log/httpd/access_log",
+              "var/log/httpd/error_log",
+              "var/log/httpd/access.log",
+              "var/log/httpd/error.log",
+              "var/log/apache/access_log",
+              "var/log/apache/access.log",
+              "var/log/apache/error_log",
+              "var/log/apache/error.log",
+              "var/log/apache2/access_log",
+              "var/log/apache2/access.log",
+              "var/log/apache2/error_log",
+              "var/log/apache2/error.log",
+              "var/log/access_log",
+              "var/log/access.log",
+              "var/log/error_log",
+              "var/log/error.log",
+              "var/log/tomcat6/catalina.out",
+              "var/log/lighttpd.error.log",
+              "var/log/lighttpd.access.log",
+              "var/logs/access.log",
+              "var/log/lighttpd/",
+              "var/log/lighttpd/error.log",
+              "var/log/lighttpd/access.www.log",
+              "var/log/lighttpd/error.www.log",
+              "var/log/lighttpd/access.log",
+              "var/log/lighttpd/{domain}/access.log",
+              "var/log/lighttpd/{domain}/error.log",
+              "var/log/nginx/access_log",
+              "var/log/nginx/error_log",
+              "var/log/nginx/access.log",
+              "var/log/nginx/error.log",
+              "var/log/nginx.access_log",
+              "var/log/nginx.error_log",
+              "var/log/samba/log.smbd",
+              "var/log/samba/log.nmbd",
+              "var/log/samba.log",
+              "var/log/samba.log1",
+              "var/log/samba.log2",
+              "var/log/log.smb",
+              "var/log/ipfw.log",
+              "var/log/ipfw",
+              "var/log/ipfw/ipfw.log",
+              "var/log/ipfw.today",
+              "var/log/poplog",
+              "var/log/authlog",
+              "var/log/news.all",
+              "var/log/news/news.all",
+              "var/log/news/news.crit",
+              "var/log/news/news.err",
+              "var/log/news/news.notice",
+              "var/log/news/suck.err",
+              "var/log/news/suck.notice",
+              "var/log/messages",
+              "var/log/messages.1",
+              "var/log/user.log",
+              "var/log/user.log.1",
+              "var/log/auth.log",
+              "var/log/pm-powersave.log",
+              "var/log/xorg.0.log",
+              "var/log/daemon.log",
+              "var/log/daemon.log.1",
+              "var/log/kern.log",
+              "var/log/kern.log.1",
+              "var/log/mail.err",
+              "var/log/mail.info",
+              "var/log/mail.warn",
+              "var/log/ufw.log",
+              "var/log/boot.log",
+              "var/log/syslog",
+              "var/log/syslog.1",
+              "var/log/squirrelmail.log",
+              "var/log/apache2/squirrelmail.log",
+              "var/log/apache2/squirrelmail.err.log",
+              "var/log/mail.log",
+              "var/log/vmware/hostd.log",
+              "var/log/vmware/hostd-1.log",
+              "/wp-config.php",
+              "/wp-config.bak",
+              "/wp-config.old",
+              "/wp-config.temp",
+              "/wp-config.tmp",
+              "/wp-config.txt",
+              "/config.yml",
+              "/config_dev.yml",
+              "/config_prod.yml",
+              "/config_test.yml",
+              "/parameters.yml",
+              "/routing.yml",
+              "/security.yml",
+              "/services.yml",
+              "sites/default/default.settings.php",
+              "sites/default/settings.php",
+              "sites/default/settings.local.php",
+              "app/etc/local.xml",
+              "/sftp-config.json",
+              "/web.config",
+              "includes/config.php",
+              "includes/configure.php",
+              "/config.inc.php",
+              "/localsettings.php",
+              "inc/config.php",
+              "typo3conf/localconf.php",
+              "config/app.php",
+              "config/custom.php",
+              "config/database.php",
+              "/configuration.php",
+              "/config.php",
+              "var/mail/www-data",
+              "etc/network/",
+              "etc/init/",
+              "inetpub/wwwroot/global.asa",
+              "system32/inetsrv/config/applicationhost.config",
+              "system32/inetsrv/config/administration.config",
+              "system32/inetsrv/config/redirection.config",
+              "system32/config/default",
+              "system32/config/sam",
+              "system32/config/system",
+              "system32/config/software",
+              "winnt/repair/sam._",
+              "/package.json",
+              "/package-lock.json",
+              "/gruntfile.js",
+              "/npm-debug.log",
+              "/ormconfig.json",
+              "/tsconfig.json",
+              "/webpack.config.js",
+              "/yarn.lock",
+              "proc/0",
+              "proc/1",
+              "proc/2",
+              "proc/3",
+              "proc/4",
+              "proc/5",
+              "proc/6",
+              "proc/7",
+              "proc/8",
+              "proc/9",
+              "proc/acpi",
+              "proc/asound",
+              "proc/bootconfig",
+              "proc/buddyinfo",
+              "proc/bus",
+              "proc/cgroups",
+              "proc/cmdline",
+              "proc/config.gz",
+              "proc/consoles",
+              "proc/cpuinfo",
+              "proc/crypto",
+              "proc/devices",
+              "proc/diskstats",
+              "proc/dma",
+              "proc/docker",
+              "proc/driver",
+              "proc/dynamic_debug",
+              "proc/execdomains",
+              "proc/fb",
+              "proc/filesystems",
+              "proc/fs",
+              "proc/interrupts",
+              "proc/iomem",
+              "proc/ioports",
+              "proc/ipmi",
+              "proc/irq",
+              "proc/kallsyms",
+              "proc/kcore",
+              "proc/keys",
+              "proc/keys",
+              "proc/key-users",
+              "proc/kmsg",
+              "proc/kpagecgroup",
+              "proc/kpagecount",
+              "proc/kpageflags",
+              "proc/latency_stats",
+              "proc/loadavg",
+              "proc/locks",
+              "proc/mdstat",
+              "proc/meminfo",
+              "proc/misc",
+              "proc/modules",
+              "proc/mounts",
+              "proc/mpt",
+              "proc/mtd",
+              "proc/mtrr",
+              "proc/net",
+              "proc/net/tcp",
+              "proc/net/udp",
+              "proc/pagetypeinfo",
+              "proc/partitions",
+              "proc/pressure",
+              "proc/sched_debug",
+              "proc/schedstat",
+              "proc/scsi",
+              "proc/self",
+              "proc/self/cmdline",
+              "proc/self/environ",
+              "proc/self/fd/0",
+              "proc/self/fd/1",
+              "proc/self/fd/10",
+              "proc/self/fd/11",
+              "proc/self/fd/12",
+              "proc/self/fd/13",
+              "proc/self/fd/14",
+              "proc/self/fd/15",
+              "proc/self/fd/2",
+              "proc/self/fd/3",
+              "proc/self/fd/4",
+              "proc/self/fd/5",
+              "proc/self/fd/6",
+              "proc/self/fd/7",
+              "proc/self/fd/8",
+              "proc/self/fd/9",
+              "proc/self/mounts",
+              "proc/self/stat",
+              "proc/self/status",
+              "proc/slabinfo",
+              "proc/softirqs",
+              "proc/stat",
+              "proc/swaps",
+              "proc/sys",
+              "proc/sysrq-trigger",
+              "proc/sysvipc",
+              "proc/thread-self",
+              "proc/timer_list",
+              "proc/timer_stats",
+              "proc/tty",
+              "proc/uptime",
+              "proc/version",
+              "proc/version_signature",
+              "proc/vmallocinfo",
+              "proc/vmstat",
+              "proc/zoneinfo",
+              "sys/block",
+              "sys/bus",
+              "sys/class",
+              "sys/dev",
+              "sys/devices",
+              "sys/firmware",
+              "sys/fs",
+              "sys/hypervisor",
+              "sys/kernel",
+              "sys/module",
+              "sys/power"
+            ]
+          },
+          "operator": "phrase_match"
+        }
+      ],
+      "transformers": [
+        "lowercase",
+        "normalizePath"
+      ]
+    },
+    {
+      "id": "crs-931-110",
+      "name": "RFI: Common RFI Vulnerable Parameter Name used w/ URL Payload",
+      "tags": {
+        "type": "rfi",
+        "crs_id": "931110",
+        "category": "attack_attempt",
+        "confidence": "1"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.query"
+              }
+            ],
+            "regex": "(?:\\binclude\\s*\\([^)]*|mosConfig_absolute_path|_CONF\\[path\\]|_SERVER\\[DOCUMENT_ROOT\\]|GALLERY_BASEDIR|path\\[docroot\\]|appserv_root|config\\[root_dir\\])=(?:file|ftps?|https?)://",
+            "options": {
+              "min_length": 15
+            }
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": []
+    },
+    {
+      "id": "crs-931-120",
+      "name": "RFI: URL Payload Used w/Trailing Question Mark Character (?)",
+      "tags": {
+        "type": "rfi",
+        "crs_id": "931120",
+        "category": "attack_attempt"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.query"
+              },
+              {
+                "address": "server.request.body"
+              },
+              {
+                "address": "server.request.path_params"
+              }
+            ],
+            "regex": "^(?i:file|ftps?)://.*?\\?+$",
+            "options": {
+              "case_sensitive": true,
+              "min_length": 4
+            }
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": []
+    },
+    {
+      "id": "crs-932-160",
+      "name": "Remote Command Execution: Unix Shell Code Found",
+      "tags": {
+        "type": "command_injection",
+        "crs_id": "932160",
+        "category": "attack_attempt",
+        "confidence": "1"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.query"
+              },
+              {
+                "address": "server.request.body"
+              },
+              {
+                "address": "server.request.path_params"
+              },
+              {
+                "address": "grpc.server.request.message"
+              }
+            ],
+            "list": [
+              "${cdpath}",
+              "${dirstack}",
+              "${home}",
+              "${hostname}",
+              "${ifs}",
+              "${oldpwd}",
+              "${ostype}",
+              "${path}",
+              "${pwd}",
+              "$cdpath",
+              "$dirstack",
+              "$home",
+              "$hostname",
+              "$ifs",
+              "$oldpwd",
+              "$ostype",
+              "$path",
+              "$pwd",
+              "dev/fd/",
+              "dev/null",
+              "dev/stderr",
+              "dev/stdin",
+              "dev/stdout",
+              "dev/tcp/",
+              "dev/udp/",
+              "dev/zero",
+              "etc/master.passwd",
+              "etc/pwd.db",
+              "etc/shells",
+              "etc/spwd.db",
+              "proc/self/",
+              "bin/7z",
+              "bin/7za",
+              "bin/7zr",
+              "bin/ab",
+              "bin/agetty",
+              "bin/ansible-playbook",
+              "bin/apt",
+              "bin/apt-get",
+              "bin/ar",
+              "bin/aria2c",
+              "bin/arj",
+              "bin/arp",
+              "bin/as",
+              "bin/ascii-xfr",
+              "bin/ascii85",
+              "bin/ash",
+              "bin/aspell",
+              "bin/at",
+              "bin/atobm",
+              "bin/awk",
+              "bin/base32",
+              "bin/base64",
+              "bin/basenc",
+              "bin/bash",
+              "bin/bpftrace",
+              "bin/bridge",
+              "bin/bundler",
+              "bin/bunzip2",
+              "bin/busctl",
+              "bin/busybox",
+              "bin/byebug",
+              "bin/bzcat",
+              "bin/bzcmp",
+              "bin/bzdiff",
+              "bin/bzegrep",
+              "bin/bzexe",
+              "bin/bzfgrep",
+              "bin/bzgrep",
+              "bin/bzip2",
+              "bin/bzip2recover",
+              "bin/bzless",
+              "bin/bzmore",
+              "bin/bzz",
+              "bin/c89",
+              "bin/c99",
+              "bin/cancel",
+              "bin/capsh",
+              "bin/cat",
+              "bin/cc",
+              "bin/certbot",
+              "bin/check_by_ssh",
+              "bin/check_cups",
+              "bin/check_log",
+              "bin/check_memory",
+              "bin/check_raid",
+              "bin/check_ssl_cert",
+              "bin/check_statusfile",
+              "bin/chmod",
+              "bin/choom",
+              "bin/chown",
+              "bin/chroot",
+              "bin/clang",
+              "bin/clang++",
+              "bin/cmp",
+              "bin/cobc",
+              "bin/column",
+              "bin/comm",
+              "bin/composer",
+              "bin/core_perl/zipdetails",
+              "bin/cowsay",
+              "bin/cowthink",
+              "bin/cp",
+              "bin/cpan",
+              "bin/cpio",
+              "bin/cpulimit",
+              "bin/crash",
+              "bin/crontab",
+              "bin/csh",
+              "bin/csplit",
+              "bin/csvtool",
+              "bin/cupsfilter",
+              "bin/curl",
+              "bin/cut",
+              "bin/dash",
+              "bin/date",
+              "bin/dd",
+              "bin/dev/fd/",
+              "bin/dev/null",
+              "bin/dev/stderr",
+              "bin/dev/stdin",
+              "bin/dev/stdout",
+              "bin/dev/tcp/",
+              "bin/dev/udp/",
+              "bin/dev/zero",
+              "bin/dialog",
+              "bin/diff",
+              "bin/dig",
+              "bin/dmesg",
+              "bin/dmidecode",
+              "bin/dmsetup",
+              "bin/dnf",
+              "bin/docker",
+              "bin/dosbox",
+              "bin/dpkg",
+              "bin/du",
+              "bin/dvips",
+              "bin/easy_install",
+              "bin/eb",
+              "bin/echo",
+              "bin/ed",
+              "bin/efax",
+              "bin/emacs",
+              "bin/env",
+              "bin/eqn",
+              "bin/es",
+              "bin/esh",
+              "bin/etc/group",
+              "bin/etc/master.passwd",
+              "bin/etc/passwd",
+              "bin/etc/pwd.db",
+              "bin/etc/shadow",
+              "bin/etc/shells",
+              "bin/etc/spwd.db",
+              "bin/ex",
+              "bin/exiftool",
+              "bin/expand",
+              "bin/expect",
+              "bin/expr",
+              "bin/facter",
+              "bin/fetch",
+              "bin/file",
+              "bin/find",
+              "bin/finger",
+              "bin/fish",
+              "bin/flock",
+              "bin/fmt",
+              "bin/fold",
+              "bin/fping",
+              "bin/ftp",
+              "bin/gawk",
+              "bin/gcc",
+              "bin/gcore",
+              "bin/gdb",
+              "bin/gem",
+              "bin/genie",
+              "bin/genisoimage",
+              "bin/ghc",
+              "bin/ghci",
+              "bin/gimp",
+              "bin/ginsh",
+              "bin/git",
+              "bin/grc",
+              "bin/grep",
+              "bin/gtester",
+              "bin/gunzip",
+              "bin/gzexe",
+              "bin/gzip",
+              "bin/hd",
+              "bin/head",
+              "bin/hexdump",
+              "bin/highlight",
+              "bin/hping3",
+              "bin/iconv",
+              "bin/id",
+              "bin/iftop",
+              "bin/install",
+              "bin/ionice",
+              "bin/ip",
+              "bin/irb",
+              "bin/ispell",
+              "bin/jjs",
+              "bin/join",
+              "bin/journalctl",
+              "bin/jq",
+              "bin/jrunscript",
+              "bin/knife",
+              "bin/ksh",
+              "bin/ksshell",
+              "bin/latex",
+              "bin/ld",
+              "bin/ldconfig",
+              "bin/less",
+              "bin/lftp",
+              "bin/ln",
+              "bin/loginctl",
+              "bin/logsave",
+              "bin/look",
+              "bin/lp",
+              "bin/ls",
+              "bin/ltrace",
+              "bin/lua",
+              "bin/lualatex",
+              "bin/luatex",
+              "bin/lwp-download",
+              "bin/lwp-request",
+              "bin/lz",
+              "bin/lz4",
+              "bin/lz4c",
+              "bin/lz4cat",
+              "bin/lzcat",
+              "bin/lzcmp",
+              "bin/lzdiff",
+              "bin/lzegrep",
+              "bin/lzfgrep",
+              "bin/lzgrep",
+              "bin/lzless",
+              "bin/lzma",
+              "bin/lzmadec",
+              "bin/lzmainfo",
+              "bin/lzmore",
+              "bin/mail",
+              "bin/make",
+              "bin/man",
+              "bin/mawk",
+              "bin/mkfifo",
+              "bin/mknod",
+              "bin/more",
+              "bin/mosquitto",
+              "bin/mount",
+              "bin/msgattrib",
+              "bin/msgcat",
+              "bin/msgconv",
+              "bin/msgfilter",
+              "bin/msgmerge",
+              "bin/msguniq",
+              "bin/mtr",
+              "bin/mv",
+              "bin/mysql",
+              "bin/nano",
+              "bin/nasm",
+              "bin/nawk",
+              "bin/nc",
+              "bin/ncat",
+              "bin/neofetch",
+              "bin/nice",
+              "bin/nl",
+              "bin/nm",
+              "bin/nmap",
+              "bin/node",
+              "bin/nohup",
+              "bin/npm",
+              "bin/nroff",
+              "bin/nsenter",
+              "bin/octave",
+              "bin/od",
+              "bin/openssl",
+              "bin/openvpn",
+              "bin/openvt",
+              "bin/opkg",
+              "bin/paste",
+              "bin/pax",
+              "bin/pdb",
+              "bin/pdflatex",
+              "bin/pdftex",
+              "bin/pdksh",
+              "bin/perf",
+              "bin/perl",
+              "bin/pg",
+              "bin/php",
+              "bin/php-cgi",
+              "bin/php5",
+              "bin/php7",
+              "bin/pic",
+              "bin/pico",
+              "bin/pidstat",
+              "bin/pigz",
+              "bin/pip",
+              "bin/pkexec",
+              "bin/pkg",
+              "bin/pr",
+              "bin/printf",
+              "bin/proc/self/",
+              "bin/pry",
+              "bin/ps",
+              "bin/psed",
+              "bin/psftp",
+              "bin/psql",
+              "bin/ptx",
+              "bin/puppet",
+              "bin/pxz",
+              "bin/python",
+              "bin/python2",
+              "bin/python3",
+              "bin/rake",
+              "bin/rbash",
+              "bin/rc",
+              "bin/readelf",
+              "bin/red",
+              "bin/redcarpet",
+              "bin/restic",
+              "bin/rev",
+              "bin/rlogin",
+              "bin/rlwrap",
+              "bin/rpm",
+              "bin/rpmquery",
+              "bin/rsync",
+              "bin/ruby",
+              "bin/run-mailcap",
+              "bin/run-parts",
+              "bin/rview",
+              "bin/rvim",
+              "bin/sash",
+              "bin/sbin/capsh",
+              "bin/sbin/logsave",
+              "bin/sbin/service",
+              "bin/sbin/start-stop-daemon",
+              "bin/scp",
+              "bin/screen",
+              "bin/script",
+              "bin/sed",
+              "bin/service",
+              "bin/setarch",
+              "bin/sftp",
+              "bin/sg",
+              "bin/sh",
+              "bin/shuf",
+              "bin/sleep",
+              "bin/slsh",
+              "bin/smbclient",
+              "bin/snap",
+              "bin/socat",
+              "bin/soelim",
+              "bin/sort",
+              "bin/split",
+              "bin/sqlite3",
+              "bin/ss",
+              "bin/ssh",
+              "bin/ssh-keygen",
+              "bin/ssh-keyscan",
+              "bin/sshpass",
+              "bin/start-stop-daemon",
+              "bin/stdbuf",
+              "bin/strace",
+              "bin/strings",
+              "bin/su",
+              "bin/sysctl",
+              "bin/systemctl",
+              "bin/systemd-resolve",
+              "bin/tac",
+              "bin/tail",
+              "bin/tar",
+              "bin/task",
+              "bin/taskset",
+              "bin/tbl",
+              "bin/tclsh",
+              "bin/tcpdump",
+              "bin/tcsh",
+              "bin/tee",
+              "bin/telnet",
+              "bin/tex",
+              "bin/tftp",
+              "bin/tic",
+              "bin/time",
+              "bin/timedatectl",
+              "bin/timeout",
+              "bin/tmux",
+              "bin/top",
+              "bin/troff",
+              "bin/tshark",
+              "bin/ul",
+              "bin/uname",
+              "bin/uncompress",
+              "bin/unexpand",
+              "bin/uniq",
+              "bin/unlz4",
+              "bin/unlzma",
+              "bin/unpigz",
+              "bin/unrar",
+              "bin/unshare",
+              "bin/unxz",
+              "bin/unzip",
+              "bin/unzstd",
+              "bin/update-alternatives",
+              "bin/uudecode",
+              "bin/uuencode",
+              "bin/valgrind",
+              "bin/vi",
+              "bin/view",
+              "bin/vigr",
+              "bin/vim",
+              "bin/vimdiff",
+              "bin/vipw",
+              "bin/virsh",
+              "bin/volatility",
+              "bin/wall",
+              "bin/watch",
+              "bin/wc",
+              "bin/wget",
+              "bin/whiptail",
+              "bin/who",
+              "bin/whoami",
+              "bin/whois",
+              "bin/wireshark",
+              "bin/wish",
+              "bin/xargs",
+              "bin/xelatex",
+              "bin/xetex",
+              "bin/xmodmap",
+              "bin/xmore",
+              "bin/xpad",
+              "bin/xxd",
+              "bin/xz",
+              "bin/xzcat",
+              "bin/xzcmp",
+              "bin/xzdec",
+              "bin/xzdiff",
+              "bin/xzegrep",
+              "bin/xzfgrep",
+              "bin/xzgrep",
+              "bin/xzless",
+              "bin/xzmore",
+              "bin/yarn",
+              "bin/yelp",
+              "bin/yes",
+              "bin/yum",
+              "bin/zathura",
+              "bin/zip",
+              "bin/zipcloak",
+              "bin/zipcmp",
+              "bin/zipdetails",
+              "bin/zipgrep",
+              "bin/zipinfo",
+              "bin/zipmerge",
+              "bin/zipnote",
+              "bin/zipsplit",
+              "bin/ziptool",
+              "bin/zsh",
+              "bin/zsoelim",
+              "bin/zstd",
+              "bin/zstdcat",
+              "bin/zstdgrep",
+              "bin/zstdless",
+              "bin/zstdmt",
+              "bin/zypper"
+            ]
+          },
+          "operator": "phrase_match"
+        }
+      ],
+      "transformers": [
+        "lowercase"
+      ]
+    },
+    {
+      "id": "crs-932-171",
+      "name": "Remote Command Execution: Shellshock (CVE-2014-6271)",
+      "tags": {
+        "type": "command_injection",
+        "crs_id": "932171",
+        "category": "attack_attempt",
+        "confidence": "1"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.query"
+              },
+              {
+                "address": "server.request.body"
+              },
+              {
+                "address": "server.request.path_params"
+              },
+              {
+                "address": "server.request.headers.no_cookies"
+              },
+              {
+                "address": "grpc.server.request.message"
+              }
+            ],
+            "regex": "^\\(\\s*\\)\\s+{",
+            "options": {
+              "case_sensitive": true,
+              "min_length": 4
+            }
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": []
+    },
+    {
+      "id": "crs-932-180",
+      "name": "Restricted File Upload Attempt",
+      "tags": {
+        "type": "command_injection",
+        "crs_id": "932180",
+        "category": "attack_attempt",
+        "confidence": "1"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.headers.no_cookies",
+                "key_path": [
+                  "x-filename"
+                ]
+              },
+              {
+                "address": "server.request.headers.no_cookies",
+                "key_path": [
+                  "x_filename"
+                ]
+              },
+              {
+                "address": "server.request.headers.no_cookies",
+                "key_path": [
+                  "x-file-name"
+                ]
+              }
+            ],
+            "list": [
+              ".htaccess",
+              ".htdigest",
+              ".htpasswd",
+              "wp-config.php",
+              "config.yml",
+              "config_dev.yml",
+              "config_prod.yml",
+              "config_test.yml",
+              "parameters.yml",
+              "routing.yml",
+              "security.yml",
+              "services.yml",
+              "default.settings.php",
+              "settings.php",
+              "settings.local.php",
+              "local.xml",
+              ".env"
+            ]
+          },
+          "operator": "phrase_match"
+        }
+      ],
+      "transformers": [
+        "lowercase"
+      ]
+    },
+    {
+      "id": "crs-933-111",
+      "name": "PHP Injection Attack: PHP Script File Upload Found",
+      "tags": {
+        "type": "unrestricted_file_upload",
+        "crs_id": "933111",
+        "category": "attack_attempt",
+        "confidence": "1"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.headers.no_cookies",
+                "key_path": [
+                  "x-filename"
+                ]
+              },
+              {
+                "address": "server.request.headers.no_cookies",
+                "key_path": [
+                  "x_filename"
+                ]
+              },
+              {
+                "address": "server.request.headers.no_cookies",
+                "key_path": [
+                  "x.filename"
+                ]
+              },
+              {
+                "address": "server.request.headers.no_cookies",
+                "key_path": [
+                  "x-file-name"
+                ]
+              }
+            ],
+            "regex": ".*\\.(?:php\\d*|phtml)\\..*$",
+            "options": {
+              "case_sensitive": true,
+              "min_length": 5
+            }
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": [
+        "lowercase"
+      ]
+    },
+    {
+      "id": "crs-933-130",
+      "name": "PHP Injection Attack: Global Variables Found",
+      "tags": {
+        "type": "php_code_injection",
+        "crs_id": "933130",
+        "category": "attack_attempt",
+        "confidence": "1"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.query"
+              },
+              {
+                "address": "server.request.body"
+              },
+              {
+                "address": "server.request.path_params"
+              },
+              {
+                "address": "grpc.server.request.message"
+              }
+            ],
+            "list": [
+              "$globals",
+              "$_cookie",
+              "$_env",
+              "$_files",
+              "$_get",
+              "$_post",
+              "$_request",
+              "$_server",
+              "$_session",
+              "$argc",
+              "$argv",
+              "$http_\\u200bresponse_\\u200bheader",
+              "$php_\\u200berrormsg",
+              "$http_cookie_vars",
+              "$http_env_vars",
+              "$http_get_vars",
+              "$http_post_files",
+              "$http_post_vars",
+              "$http_raw_post_data",
+              "$http_request_vars",
+              "$http_server_vars"
+            ]
+          },
+          "operator": "phrase_match"
+        }
+      ],
+      "transformers": [
+        "lowercase"
+      ]
+    },
+    {
+      "id": "crs-933-131",
+      "name": "PHP Injection Attack: HTTP Headers Values Found",
+      "tags": {
+        "type": "php_code_injection",
+        "crs_id": "933131",
+        "category": "attack_attempt"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.query"
+              },
+              {
+                "address": "server.request.body"
+              },
+              {
+                "address": "server.request.path_params"
+              },
+              {
+                "address": "grpc.server.request.message"
+              }
+            ],
+            "regex": "(?:HTTP_(?:ACCEPT(?:_(?:ENCODING|LANGUAGE|CHARSET))?|(?:X_FORWARDED_FO|REFERE)R|(?:USER_AGEN|HOS)T|CONNECTION|KEEP_ALIVE)|PATH_(?:TRANSLATED|INFO)|ORIG_PATH_INFO|QUERY_STRING|REQUEST_URI|AUTH_TYPE)",
+            "options": {
+              "case_sensitive": true,
+              "min_length": 9
+            }
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": []
+    },
+    {
+      "id": "crs-933-140",
+      "name": "PHP Injection Attack: I/O Stream Found",
+      "tags": {
+        "type": "php_code_injection",
+        "crs_id": "933140",
+        "category": "attack_attempt",
+        "confidence": "1"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.query"
+              },
+              {
+                "address": "server.request.body"
+              },
+              {
+                "address": "server.request.path_params"
+              },
+              {
+                "address": "grpc.server.request.message"
+              }
+            ],
+            "regex": "php://(?:std(?:in|out|err)|(?:in|out)put|fd|memory|temp|filter)",
+            "options": {
+              "min_length": 8
+            }
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": []
+    },
+    {
+      "id": "crs-933-150",
+      "name": "PHP Injection Attack: High-Risk PHP Function Name Found",
+      "tags": {
+        "type": "php_code_injection",
+        "crs_id": "933150",
+        "category": "attack_attempt",
+        "confidence": "1"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.query"
+              },
+              {
+                "address": "server.request.body"
+              },
+              {
+                "address": "server.request.path_params"
+              },
+              {
+                "address": "grpc.server.request.message"
+              }
+            ],
+            "list": [
+              "__halt_compiler",
+              "apache_child_terminate",
+              "base64_decode",
+              "bzdecompress",
+              "call_user_func",
+              "call_user_func_array",
+              "call_user_method",
+              "call_user_method_array",
+              "convert_uudecode",
+              "file_get_contents",
+              "file_put_contents",
+              "fsockopen",
+              "get_class_methods",
+              "get_class_vars",
+              "get_defined_constants",
+              "get_defined_functions",
+              "get_defined_vars",
+              "gzdecode",
+              "gzinflate",
+              "gzuncompress",
+              "include_once",
+              "invokeargs",
+              "pcntl_exec",
+              "pcntl_fork",
+              "pfsockopen",
+              "posix_getcwd",
+              "posix_getpwuid",
+              "posix_getuid",
+              "posix_uname",
+              "reflectionfunction",
+              "require_once",
+              "shell_exec",
+              "str_rot13",
+              "sys_get_temp_dir",
+              "wp_remote_fopen",
+              "wp_remote_get",
+              "wp_remote_head",
+              "wp_remote_post",
+              "wp_remote_request",
+              "wp_safe_remote_get",
+              "wp_safe_remote_head",
+              "wp_safe_remote_post",
+              "wp_safe_remote_request",
+              "zlib_decode"
+            ]
+          },
+          "operator": "phrase_match"
+        }
+      ],
+      "transformers": [
+        "lowercase"
+      ]
+    },
+    {
+      "id": "crs-933-160",
+      "name": "PHP Injection Attack: High-Risk PHP Function Call Found",
+      "tags": {
+        "type": "php_code_injection",
+        "crs_id": "933160",
+        "category": "attack_attempt"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.query"
+              },
+              {
+                "address": "server.request.body"
+              },
+              {
+                "address": "server.request.path_params"
+              },
+              {
+                "address": "grpc.server.request.message"
+              }
+            ],
+            "regex": "\\b(?:s(?:e(?:t(?:_(?:e(?:xception|rror)_handler|magic_quotes_runtime|include_path)|defaultstub)|ssion_s(?:et_save_handler|tart))|qlite_(?:(?:(?:unbuffered|single|array)_)?query|create_(?:aggregate|function)|p?open|exec)|tr(?:eam_(?:context_create|socket_client)|ipc?slashes|rev)|implexml_load_(?:string|file)|ocket_c(?:onnect|reate)|h(?:ow_sourc|a1_fil)e|pl_autoload_register|ystem)|p(?:r(?:eg_(?:replace(?:_callback(?:_array)?)?|match(?:_all)?|split)|oc_(?:(?:terminat|clos|nic)e|get_status|open)|int_r)|o(?:six_(?:get(?:(?:e[gu]|g)id|login|pwnam)|mk(?:fifo|nod)|ttyname|kill)|pen)|hp(?:_(?:strip_whitespac|unam)e|version|info)|g_(?:(?:execut|prepar)e|connect|query)|a(?:rse_(?:ini_file|str)|ssthru)|utenv)|r(?:unkit_(?:function_(?:re(?:defin|nam)e|copy|add)|method_(?:re(?:defin|nam)e|copy|add)|constant_(?:redefine|add))|e(?:(?:gister_(?:shutdown|tick)|name)_function|ad(?:(?:gz)?file|_exif_data|dir))|awurl(?:de|en)code)|i(?:mage(?:createfrom(?:(?:jpe|pn)g|x[bp]m|wbmp|gif)|(?:jpe|pn)g|g(?:d2?|if)|2?wbmp|xbm)|s_(?:(?:(?:execut|write?|read)ab|fi)le|dir)|ni_(?:get(?:_all)?|set)|terator_apply|ptcembed)|g(?:et(?:_(?:c(?:urrent_use|fg_va)r|meta_tags)|my(?:[gpu]id|inode)|(?:lastmo|cw)d|imagesize|env)|z(?:(?:(?:defla|wri)t|encod|fil)e|compress|open|read)|lob)|a(?:rray_(?:u(?:intersect(?:_u?assoc)?|diff(?:_u?assoc)?)|intersect_u(?:assoc|key)|diff_u(?:assoc|key)|filter|reduce|map)|ssert(?:_options)?|tob)|h(?:tml(?:specialchars(?:_decode)?|_entity_decode|entities)|(?:ash(?:_(?:update|hmac))?|ighlight)_file|e(?:ader_register_callback|x2bin))|f(?:i(?:le(?:(?:[acm]tim|inod)e|(?:_exist|perm)s|group)?|nfo_open)|tp_(?:nb_(?:ge|pu)|connec|ge|pu)t|(?:unction_exis|pu)ts|write|open)|o(?:b_(?:get_(?:c(?:ontents|lean)|flush)|end_(?:clean|flush)|clean|flush|start)|dbc_(?:result(?:_all)?|exec(?:ute)?|connect)|pendir)|m(?:b_(?:ereg(?:_(?:replace(?:_callback)?|match)|i(?:_replace)?)?|parse_str)|(?:ove_uploaded|d5)_file|ethod_exists|ysql_query|kdir)|e(?:x(?:if_(?:t(?:humbnail|agname)|imagetype|read_data)|ec)|scapeshell(?:arg|cmd)|rror_reporting|val)|c(?:url_(?:file_create|exec|init)|onvert_uuencode|reate_function|hr)|u(?:n(?:serialize|pack)|rl(?:de|en)code|[ak]?sort)|b(?:(?:son_(?:de|en)|ase64_en)code|zopen|toa)|(?:json_(?:de|en)cod|debug_backtrac|tmpfil)e|var_dump)(?:\\s|/\\*.*\\*/|//.*|#.*|\\\"|')*\\((?:(?:\\s|/\\*.*\\*/|//.*|#.*)*(?:\\$\\w+|[A-Z\\d]\\w*|\\w+\\(.*\\)|\\\\?\"(?:[^\"]|\\\\\"|\"\"|\"\\+\")*\\\\?\"|\\\\?'(?:[^']|''|'\\+')*\\\\?')(?:\\s|/\\*.*\\*/|//.*|#.*)*(?:(?:::|\\.|->)(?:\\s|/\\*.*\\*/|//.*|#.*)*\\w+(?:\\(.*\\))?)?,)*(?:(?:\\s|/\\*.*\\*/|//.*|#.*)*(?:\\$\\w+|[A-Z\\d]\\w*|\\w+\\(.*\\)|\\\\?\"(?:[^\"]|\\\\\"|\"\"|\"\\+\")*\\\\?\"|\\\\?'(?:[^']|''|'\\+')*\\\\?')(?:\\s|/\\*.*\\*/|//.*|#.*)*(?:(?:::|\\.|->)(?:\\s|/\\*.*\\*/|//.*|#.*)*\\w+(?:\\(.*\\))?)?)?\\)",
+            "options": {
+              "case_sensitive": true,
+              "min_length": 5
+            }
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": []
+    },
+    {
+      "id": "crs-933-170",
+      "name": "PHP Injection Attack: Serialized Object Injection",
+      "tags": {
+        "type": "php_code_injection",
+        "crs_id": "933170",
+        "category": "attack_attempt",
+        "confidence": "1"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.headers.no_cookies"
+              },
+              {
+                "address": "server.request.query"
+              },
+              {
+                "address": "server.request.body"
+              },
+              {
+                "address": "server.request.path_params"
+              },
+              {
+                "address": "grpc.server.request.message"
+              }
+            ],
+            "regex": "[oOcC]:\\d+:\\\".+?\\\":\\d+:{[\\W\\w]*}",
+            "options": {
+              "case_sensitive": true,
+              "min_length": 12
+            }
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": []
+    },
+    {
+      "id": "crs-933-200",
+      "name": "PHP Injection Attack: Wrapper scheme detected",
+      "tags": {
+        "type": "php_code_injection",
+        "crs_id": "933200",
+        "category": "attack_attempt"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.query"
+              },
+              {
+                "address": "server.request.body"
+              },
+              {
+                "address": "server.request.path_params"
+              },
+              {
+                "address": "grpc.server.request.message"
+              }
+            ],
+            "regex": "(?:(?:bzip|ssh)2|z(?:lib|ip)|(?:ph|r)ar|expect|glob|ogg)://",
+            "options": {
+              "case_sensitive": true,
+              "min_length": 6
+            }
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": [
+        "removeNulls"
+      ]
+    },
+    {
+      "id": "crs-934-100",
+      "name": "Node.js Injection Attack 1/2",
+      "tags": {
+        "type": "js_code_injection",
+        "crs_id": "934100",
+        "category": "attack_attempt"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.query"
+              },
+              {
+                "address": "server.request.body"
+              },
+              {
+                "address": "server.request.path_params"
+              },
+              {
+                "address": "grpc.server.request.message"
+              }
+            ],
+            "regex": "\\b(?:(?:l(?:(?:utimes|chmod)(?:Sync)?|(?:stat|ink)Sync)|w(?:rite(?:(?:File|v)(?:Sync)?|Sync)|atchFile)|u(?:n(?:watchFile|linkSync)|times(?:Sync)?)|s(?:(?:ymlink|tat)Sync|pawn(?:File|Sync))|ex(?:ec(?:File(?:Sync)?|Sync)|istsSync)|a(?:ppendFile|ccess)(?:Sync)?|(?:Caveat|Inode)s|open(?:dir)?Sync|new\\s+Function|Availability|\\beval)\\s*\\(|m(?:ain(?:Module\\s*(?:\\W*\\s*(?:constructor|require)|\\[)|\\s*(?:\\W*\\s*(?:constructor|require)|\\[))|kd(?:temp(?:Sync)?|irSync)\\s*\\(|odule\\.exports\\s*=)|c(?:(?:(?:h(?:mod|own)|lose)Sync|reate(?:Write|Read)Stream|p(?:Sync)?)\\s*\\(|o(?:nstructor\\s*(?:\\W*\\s*_load|\\[)|pyFile(?:Sync)?\\s*\\())|f(?:(?:(?:s(?:(?:yncS)?|tatS)|datas(?:yncS)?)ync|ch(?:mod|own)(?:Sync)?)\\s*\\(|u(?:nction\\s*\\(\\s*\\)\\s*{|times(?:Sync)?\\s*\\())|r(?:e(?:(?:ad(?:(?:File|link|dir)?Sync|v(?:Sync)?)|nameSync)\\s*\\(|quire\\s*(?:\\W*\\s*main|\\[))|m(?:Sync)?\\s*\\()|process\\s*(?:\\W*\\s*(?:mainModule|binding)|\\[)|t(?:his\\.constructor|runcateSync\\s*\\()|_(?:\\$\\$ND_FUNC\\$\\$_|_js_function)|global\\s*(?:\\W*\\s*process|\\[)|String\\s*\\.\\s*fromCharCode|binding\\s*\\[)",
+            "options": {
+              "case_sensitive": true,
+              "min_length": 3
+            }
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": []
+    },
+    {
+      "id": "crs-934-101",
+      "name": "Node.js Injection Attack 2/2",
+      "tags": {
+        "type": "js_code_injection",
+        "crs_id": "934101",
+        "category": "attack_attempt",
+        "confidence": "1"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.query"
+              },
+              {
+                "address": "server.request.body"
+              },
+              {
+                "address": "server.request.path_params"
+              },
+              {
+                "address": "grpc.server.request.message"
+              }
+            ],
+            "regex": "\\b(?:w(?:atch|rite)|(?:spaw|ope)n|exists|close|fork|read)\\s*\\(",
+            "options": {
+              "case_sensitive": true,
+              "min_length": 5
+            }
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": []
+    },
+    {
+      "id": "crs-941-110",
+      "name": "XSS Filter - Category 1: Script Tag Vector",
+      "tags": {
+        "type": "xss",
+        "crs_id": "941110",
+        "category": "attack_attempt",
+        "confidence": "1"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.headers.no_cookies",
+                "key_path": [
+                  "user-agent"
+                ]
+              },
+              {
+                "address": "server.request.headers.no_cookies",
+                "key_path": [
+                  "referer"
+                ]
+              },
+              {
+                "address": "server.request.query"
+              },
+              {
+                "address": "server.request.body"
+              },
+              {
+                "address": "server.request.path_params"
+              },
+              {
+                "address": "grpc.server.request.message"
+              }
+            ],
+            "regex": "<script[^>]*>[\\s\\S]*?",
+            "options": {
+              "min_length": 8
+            }
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": [
+        "removeNulls",
+        "urlDecodeUni"
+      ]
+    },
+    {
+      "id": "crs-941-120",
+      "name": "XSS Filter - Category 2: Event Handler Vector",
+      "tags": {
+        "type": "xss",
+        "crs_id": "941120",
+        "category": "attack_attempt",
+        "confidence": "1"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.headers.no_cookies",
+                "key_path": [
+                  "user-agent"
+                ]
+              },
+              {
+                "address": "server.request.headers.no_cookies",
+                "key_path": [
+                  "referer"
+                ]
+              },
+              {
+                "address": "server.request.query"
+              },
+              {
+                "address": "server.request.body"
+              },
+              {
+                "address": "server.request.path_params"
+              },
+              {
+                "address": "grpc.server.request.message"
+              }
+            ],
+            "regex": "[\\s\\\"'`;\\/0-9=\\x0B\\x09\\x0C\\x3B\\x2C\\x28\\x3B]on(?:d(?:r(?:ag(?:en(?:ter|d)|leave|start|over)?|op)|urationchange|blclick)|s(?:e(?:ek(?:ing|ed)|arch|lect)|u(?:spend|bmit)|talled|croll|how)|m(?:ouse(?:(?:lea|mo)ve|o(?:ver|ut)|enter|down|up)|essage)|p(?:a(?:ge(?:hide|show)|(?:st|us)e)|lay(?:ing)?|rogress)|c(?:anplay(?:through)?|o(?:ntextmenu|py)|hange|lick|ut)|a(?:nimation(?:iteration|start|end)|(?:fterprin|bor)t)|t(?:o(?:uch(?:cancel|start|move|end)|ggle)|imeupdate)|f(?:ullscreen(?:change|error)|ocus(?:out|in)?)|(?:(?:volume|hash)chang|o(?:ff|n)lin)e|b(?:efore(?:unload|print)|lur)|load(?:ed(?:meta)?data|start)?|r(?:es(?:ize|et)|atechange)|key(?:press|down|up)|w(?:aiting|heel)|in(?:valid|put)|e(?:nded|rror)|unload)[\\s\\x0B\\x09\\x0C\\x3B\\x2C\\x28\\x3B]*?=[^=]",
+            "options": {
+              "min_length": 8
+            }
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": [
+        "removeNulls",
+        "urlDecodeUni"
+      ]
+    },
+    {
+      "id": "crs-941-140",
+      "name": "XSS Filter - Category 4: Javascript URI Vector",
+      "tags": {
+        "type": "xss",
+        "crs_id": "941140",
+        "category": "attack_attempt",
+        "confidence": "1"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.headers.no_cookies",
+                "key_path": [
+                  "user-agent"
+                ]
+              },
+              {
+                "address": "server.request.headers.no_cookies",
+                "key_path": [
+                  "referer"
+                ]
+              },
+              {
+                "address": "server.request.query"
+              },
+              {
+                "address": "server.request.body"
+              },
+              {
+                "address": "server.request.path_params"
+              },
+              {
+                "address": "grpc.server.request.message"
+              }
+            ],
+            "regex": "[a-z]+=(?:[^:=]+:.+;)*?[^:=]+:url\\(javascript",
+            "options": {
+              "min_length": 18
+            }
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": [
+        "removeNulls",
+        "urlDecodeUni"
+      ]
+    },
+    {
+      "id": "crs-941-170",
+      "name": "NoScript XSS InjectionChecker: Attribute Injection",
+      "tags": {
+        "type": "xss",
+        "crs_id": "941170",
+        "category": "attack_attempt",
+        "confidence": "1"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.headers.no_cookies",
+                "key_path": [
+                  "user-agent"
+                ]
+              },
+              {
+                "address": "server.request.headers.no_cookies",
+                "key_path": [
+                  "referer"
+                ]
+              },
+              {
+                "address": "server.request.query"
+              },
+              {
+                "address": "server.request.body"
+              },
+              {
+                "address": "server.request.path_params"
+              }
+            ],
+            "regex": "(?:\\W|^)(?:javascript:(?:[\\s\\S]+[=\\x5c\\(\\[\\.<]|[\\s\\S]*?(?:\\bname\\b|\\x5c[ux]\\d)))|@\\W*?i\\W*?m\\W*?p\\W*?o\\W*?r\\W*?t\\W*?(?:/\\*[\\s\\S]*?)?(?:[\\\"']|\\W*?u\\W*?r\\W*?l[\\s\\S]*?\\()|[^-]*?-\\W*?m\\W*?o\\W*?z\\W*?-\\W*?b\\W*?i\\W*?n\\W*?d\\W*?i\\W*?n\\W*?g[^:]*?:\\W*?u\\W*?r\\W*?l[\\s\\S]*?\\(",
+            "options": {
+              "min_length": 6
+            }
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": [
+        "removeNulls",
+        "urlDecodeUni"
+      ]
+    },
+    {
+      "id": "crs-941-180",
+      "name": "Node-Validator Deny List Keywords",
+      "tags": {
+        "type": "xss",
+        "crs_id": "941180",
+        "category": "attack_attempt"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.query"
+              },
+              {
+                "address": "server.request.body"
+              },
+              {
+                "address": "server.request.path_params"
+              },
+              {
+                "address": "grpc.server.request.message"
+              }
+            ],
+            "list": [
+              "document.cookie",
+              "document.write",
+              ".parentnode",
+              ".innerhtml",
+              "window.location",
+              "-moz-binding"
+            ]
+          },
+          "operator": "phrase_match"
+        }
+      ],
+      "transformers": [
+        "removeNulls",
+        "lowercase"
+      ]
+    },
+    {
+      "id": "crs-941-200",
+      "name": "IE XSS Filters - Attack Detected via vmlframe tag",
+      "tags": {
+        "type": "xss",
+        "crs_id": "941200",
+        "category": "attack_attempt",
+        "confidence": "1"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.query"
+              },
+              {
+                "address": "server.request.body"
+              },
+              {
+                "address": "server.request.path_params"
+              },
+              {
+                "address": "grpc.server.request.message"
+              }
+            ],
+            "regex": "(?i:<.*[:]?vmlframe.*?[\\s/+]*?src[\\s/+]*=)",
+            "options": {
+              "case_sensitive": true,
+              "min_length": 13
+            }
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": [
+        "removeNulls"
+      ]
+    },
+    {
+      "id": "crs-941-210",
+      "name": "IE XSS Filters - Obfuscated Attack Detected via javascript injection",
+      "tags": {
+        "type": "xss",
+        "crs_id": "941210",
+        "category": "attack_attempt",
+        "confidence": "1"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.query"
+              },
+              {
+                "address": "server.request.body"
+              },
+              {
+                "address": "server.request.path_params"
+              },
+              {
+                "address": "grpc.server.request.message"
+              }
+            ],
+            "regex": "(?i:(?:j|&#x?0*(?:74|4A|106|6A);?)(?:\\t|\\n|\\r|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:a|&#x?0*(?:65|41|97|61);?)(?:\\t|\\n|\\r|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:v|&#x?0*(?:86|56|118|76);?)(?:\\t|\\n|\\r|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:a|&#x?0*(?:65|41|97|61);?)(?:\\t|\\n|\\r|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:s|&#x?0*(?:83|53|115|73);?)(?:\\t|\\n|\\r|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:c|&#x?0*(?:67|43|99|63);?)(?:\\t|\\n|\\r|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:r|&#x?0*(?:82|52|114|72);?)(?:\\t|\\n|\\r|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:i|&#x?0*(?:73|49|105|69);?)(?:\\t|\\n|\\r|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:p|&#x?0*(?:80|50|112|70);?)(?:\\t|\\n|\\r|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:t|&#x?0*(?:84|54|116|74);?)(?:\\t|\\n|\\r|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?::|&(?:#x?0*(?:58|3A);?|colon;)).)",
+            "options": {
+              "case_sensitive": true,
+              "min_length": 12
+            }
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": [
+        "removeNulls"
+      ]
+    },
+    {
+      "id": "crs-941-220",
+      "name": "IE XSS Filters - Obfuscated Attack Detected via vbscript injection",
+      "tags": {
+        "type": "xss",
+        "crs_id": "941220",
+        "category": "attack_attempt",
+        "confidence": "1"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.query"
+              },
+              {
+                "address": "server.request.body"
+              },
+              {
+                "address": "server.request.path_params"
+              },
+              {
+                "address": "grpc.server.request.message"
+              }
+            ],
+            "regex": "(?i:(?:v|&#x?0*(?:86|56|118|76);?)(?:\\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:b|&#x?0*(?:66|42|98|62);?)(?:\\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:s|&#x?0*(?:83|53|115|73);?)(?:\\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:c|&#x?0*(?:67|43|99|63);?)(?:\\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:r|&#x?0*(?:82|52|114|72);?)(?:\\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:i|&#x?0*(?:73|49|105|69);?)(?:\\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:p|&#x?0*(?:80|50|112|70);?)(?:\\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:t|&#x?0*(?:84|54|116|74);?)(?:\\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?::|&(?:#x?0*(?:58|3A);?|colon;)).)",
+            "options": {
+              "case_sensitive": true,
+              "min_length": 10
+            }
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": [
+        "removeNulls"
+      ]
+    },
+    {
+      "id": "crs-941-230",
+      "name": "IE XSS Filters - Attack Detected via embed tag",
+      "tags": {
+        "type": "xss",
+        "crs_id": "941230",
+        "category": "attack_attempt",
+        "confidence": "1"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.query"
+              },
+              {
+                "address": "server.request.body"
+              },
+              {
+                "address": "server.request.path_params"
+              },
+              {
+                "address": "grpc.server.request.message"
+              }
+            ],
+            "regex": "<EMBED[\\s/+].*?(?:src|type).*?=",
+            "options": {
+              "min_length": 11
+            }
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": [
+        "removeNulls"
+      ]
+    },
+    {
+      "id": "crs-941-240",
+      "name": "IE XSS Filters - Attack Detected via import tag",
+      "tags": {
+        "type": "xss",
+        "crs_id": "941240",
+        "category": "attack_attempt",
+        "confidence": "1"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.query"
+              },
+              {
+                "address": "server.request.body"
+              },
+              {
+                "address": "server.request.path_params"
+              },
+              {
+                "address": "grpc.server.request.message"
+              }
+            ],
+            "regex": "<[?]?import[\\s/+\\S]*?implementation[\\s/+]*?=",
+            "options": {
+              "case_sensitive": true,
+              "min_length": 22
+            }
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": [
+        "lowercase",
+        "removeNulls"
+      ]
+    },
+    {
+      "id": "crs-941-270",
+      "name": "IE XSS Filters - Attack Detected via link tag",
+      "tags": {
+        "type": "xss",
+        "crs_id": "941270",
+        "category": "attack_attempt"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.query"
+              },
+              {
+                "address": "server.request.body"
+              },
+              {
+                "address": "server.request.path_params"
+              },
+              {
+                "address": "grpc.server.request.message"
+              }
+            ],
+            "regex": "<LINK[\\s/+].*?href[\\s/+]*=",
+            "options": {
+              "min_length": 11
+            }
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": [
+        "removeNulls"
+      ]
+    },
+    {
+      "id": "crs-941-280",
+      "name": "IE XSS Filters - Attack Detected via base tag",
+      "tags": {
+        "type": "xss",
+        "crs_id": "941280",
+        "category": "attack_attempt",
+        "confidence": "1"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.query"
+              },
+              {
+                "address": "server.request.body"
+              },
+              {
+                "address": "server.request.path_params"
+              },
+              {
+                "address": "grpc.server.request.message"
+              }
+            ],
+            "regex": "<BASE[\\s/+].*?href[\\s/+]*=",
+            "options": {
+              "min_length": 11
+            }
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": [
+        "removeNulls"
+      ]
+    },
+    {
+      "id": "crs-941-290",
+      "name": "IE XSS Filters - Attack Detected via applet tag",
+      "tags": {
+        "type": "xss",
+        "crs_id": "941290",
+        "category": "attack_attempt",
+        "confidence": "1"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.query"
+              },
+              {
+                "address": "server.request.body"
+              },
+              {
+                "address": "server.request.path_params"
+              },
+              {
+                "address": "grpc.server.request.message"
+              }
+            ],
+            "regex": "<APPLET[\\s/+>]",
+            "options": {
+              "min_length": 8
+            }
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": [
+        "removeNulls"
+      ]
+    },
+    {
+      "id": "crs-941-300",
+      "name": "IE XSS Filters - Attack Detected via object tag",
+      "tags": {
+        "type": "xss",
+        "crs_id": "941300",
+        "category": "attack_attempt",
+        "confidence": "1"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.query"
+              },
+              {
+                "address": "server.request.body"
+              },
+              {
+                "address": "server.request.path_params"
+              },
+              {
+                "address": "grpc.server.request.message"
+              }
+            ],
+            "regex": "<OBJECT[\\s/+].*?(?:type|codetype|classid|code|data)[\\s/+]*=",
+            "options": {
+              "min_length": 13
+            }
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": [
+        "removeNulls"
+      ]
+    },
+    {
+      "id": "crs-941-350",
+      "name": "UTF-7 Encoding IE XSS - Attack Detected",
+      "tags": {
+        "type": "xss",
+        "crs_id": "941350",
+        "category": "attack_attempt",
+        "confidence": "1"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.query"
+              },
+              {
+                "address": "server.request.body"
+              },
+              {
+                "address": "server.request.path_params"
+              },
+              {
+                "address": "grpc.server.request.message"
+              }
+            ],
+            "regex": "\\+ADw-.*(?:\\+AD4-|>)|<.*\\+AD4-",
+            "options": {
+              "case_sensitive": true,
+              "min_length": 6
+            }
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": []
+    },
+    {
+      "id": "crs-941-360",
+      "name": "JSFuck / Hieroglyphy obfuscation detected",
+      "tags": {
+        "type": "xss",
+        "crs_id": "941360",
+        "category": "attack_attempt"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.query"
+              },
+              {
+                "address": "server.request.body"
+              },
+              {
+                "address": "server.request.path_params"
+              },
+              {
+                "address": "grpc.server.request.message"
+              }
+            ],
+            "regex": "![!+ ]\\[\\]",
+            "options": {
+              "case_sensitive": true,
+              "min_length": 4
+            }
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": []
+    },
+    {
+      "id": "crs-941-390",
+      "name": "Javascript method detected",
+      "tags": {
+        "type": "xss",
+        "crs_id": "941390",
+        "category": "attack_attempt",
+        "confidence": "1"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.query"
+              },
+              {
+                "address": "server.request.body"
+              },
+              {
+                "address": "server.request.path_params"
+              },
+              {
+                "address": "grpc.server.request.message"
+              }
+            ],
+            "regex": "\\b(?i:eval|settimeout|setinterval|new\\s+Function|alert|prompt)[\\s+]*\\([^\\)]",
+            "options": {
+              "case_sensitive": true,
+              "min_length": 5
+            }
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": []
+    },
+    {
+      "id": "crs-942-100",
+      "name": "SQL Injection Attack Detected via libinjection",
+      "tags": {
+        "type": "sql_injection",
+        "crs_id": "942100",
+        "category": "attack_attempt"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.query"
+              },
+              {
+                "address": "server.request.body"
+              },
+              {
+                "address": "server.request.path_params"
+              },
+              {
+                "address": "grpc.server.request.message"
+              }
+            ]
+          },
+          "operator": "is_sqli"
+        }
+      ],
+      "transformers": [
+        "removeNulls"
+      ]
+    },
+    {
+      "id": "crs-942-160",
+      "name": "Detects blind sqli tests using sleep() or benchmark()",
+      "tags": {
+        "type": "sql_injection",
+        "crs_id": "942160",
+        "category": "attack_attempt",
+        "confidence": "1"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.query"
+              },
+              {
+                "address": "server.request.body"
+              },
+              {
+                "address": "server.request.path_params"
+              },
+              {
+                "address": "grpc.server.request.message"
+              }
+            ],
+            "regex": "(?i:sleep\\(\\s*?\\d*?\\s*?\\)|benchmark\\(.*?\\,.*?\\))",
+            "options": {
+              "case_sensitive": true,
+              "min_length": 7
+            }
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": []
+    },
+    {
+      "id": "crs-942-240",
+      "name": "Detects MySQL charset switch and MSSQL DoS attempts",
+      "tags": {
+        "type": "sql_injection",
+        "crs_id": "942240",
+        "category": "attack_attempt",
+        "confidence": "1"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.query"
+              },
+              {
+                "address": "server.request.body"
+              },
+              {
+                "address": "server.request.path_params"
+              },
+              {
+                "address": "grpc.server.request.message"
+              }
+            ],
+            "regex": "(?:[\\\"'`](?:;*?\\s*?waitfor\\s+(?:delay|time)\\s+[\\\"'`]|;.*?:\\s*?goto)|alter\\s*?\\w+.*?cha(?:racte)?r\\s+set\\s+\\w+)",
+            "options": {
+              "min_length": 7
+            }
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": []
+    },
+    {
+      "id": "crs-942-250",
+      "name": "Detects MATCH AGAINST, MERGE and EXECUTE IMMEDIATE injections",
+      "tags": {
+        "type": "sql_injection",
+        "crs_id": "942250",
+        "category": "attack_attempt"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.query"
+              },
+              {
+                "address": "server.request.body"
+              },
+              {
+                "address": "server.request.path_params"
+              },
+              {
+                "address": "grpc.server.request.message"
+              }
+            ],
+            "regex": "(?i:merge.*?using\\s*?\\(|execute\\s*?immediate\\s*?[\\\"'`]|match\\s*?[\\w(?:),+-]+\\s*?against\\s*?\\()",
+            "options": {
+              "case_sensitive": true,
+              "min_length": 11
+            }
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": []
+    },
+    {
+      "id": "crs-942-270",
+      "name": "Basic SQL injection",
+      "tags": {
+        "type": "sql_injection",
+        "crs_id": "942270",
+        "category": "attack_attempt"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.query"
+              },
+              {
+                "address": "server.request.body"
+              },
+              {
+                "address": "server.request.path_params"
+              },
+              {
+                "address": "grpc.server.request.message"
+              }
+            ],
+            "regex": "union.*?select.*?from",
+            "options": {
+              "min_length": 15
+            }
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": []
+    },
+    {
+      "id": "crs-942-280",
+      "name": "SQL Injection with delay functions",
+      "tags": {
+        "type": "sql_injection",
+        "crs_id": "942280",
+        "category": "attack_attempt",
+        "confidence": "1"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.query"
+              },
+              {
+                "address": "server.request.body"
+              },
+              {
+                "address": "server.request.path_params"
+              },
+              {
+                "address": "grpc.server.request.message"
+              }
+            ],
+            "regex": "(?:;\\s*?shutdown\\s*?(?:[#;{]|\\/\\*|--)|waitfor\\s*?delay\\s?[\\\"'`]+\\s?\\d|select\\s*?pg_sleep)",
+            "options": {
+              "min_length": 10
+            }
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": []
+    },
+    {
+      "id": "crs-942-290",
+      "name": "Finds basic MongoDB SQL injection attempts",
+      "tags": {
+        "type": "nosql_injection",
+        "crs_id": "942290",
+        "category": "attack_attempt"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.query"
+              },
+              {
+                "address": "server.request.body"
+              },
+              {
+                "address": "server.request.path_params"
+              },
+              {
+                "address": "grpc.server.request.message"
+              }
+            ],
+            "regex": "(?i:(?:\\[?\\$(?:(?:s(?:lic|iz)|wher)e|e(?:lemMatch|xists|q)|n(?:o[rt]|in?|e)|l(?:ike|te?)|t(?:ext|ype)|a(?:ll|nd)|jsonSchema|between|regex|x?or|div|mod)\\]?)\\b)",
+            "options": {
+              "case_sensitive": true,
+              "min_length": 3
+            }
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": [
+        "keys_only"
+      ]
+    },
+    {
+      "id": "crs-942-360",
+      "name": "Detects concatenated basic SQL injection and SQLLFI attempts",
+      "tags": {
+        "type": "sql_injection",
+        "crs_id": "942360",
+        "category": "attack_attempt"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.query"
+              },
+              {
+                "address": "server.request.body"
+              },
+              {
+                "address": "server.request.path_params"
+              },
+              {
+                "address": "grpc.server.request.message"
+              }
+            ],
+            "regex": "(?:^[\\W\\d]+\\s*?(?:alter\\s*(?:a(?:(?:pplication\\s*rol|ggregat)e|s(?:ymmetric\\s*ke|sembl)y|u(?:thorization|dit)|vailability\\s*group)|c(?:r(?:yptographic\\s*provider|edential)|o(?:l(?:latio|um)|nversio)n|ertificate|luster)|s(?:e(?:rv(?:ice|er)|curity|quence|ssion|arch)|y(?:mmetric\\s*key|nonym)|togroup|chema)|m(?:a(?:s(?:ter\\s*key|k)|terialized)|e(?:ssage\\s*type|thod)|odule)|l(?:o(?:g(?:file\\s*group|in)|ckdown)|a(?:ngua|r)ge|ibrary)|t(?:(?:abl(?:espac)?|yp)e|r(?:igger|usted)|hreshold|ext)|p(?:a(?:rtition|ckage)|ro(?:cedur|fil)e|ermission)|d(?:i(?:mension|skgroup)|atabase|efault|omain)|r(?:o(?:l(?:lback|e)|ute)|e(?:sourc|mot)e)|f(?:u(?:lltext|nction)|lashback|oreign)|e(?:xte(?:nsion|rnal)|(?:ndpoi|ve)nt)|in(?:dex(?:type)?|memory|stance)|b(?:roker\\s*priority|ufferpool)|x(?:ml\\s*schema|srobject)|w(?:ork(?:load)?|rapper)|hi(?:erarchy|stogram)|o(?:perator|utline)|(?:nicknam|queu)e|us(?:age|er)|group|java|view)|union\\s*(?:(?:distin|sele)ct|all))\\b|\\b(?:(?:(?:trunc|cre|upd)at|renam)e|(?:inser|selec)t|de(?:lete|sc)|alter|load)\\s+(?:group_concat|load_file|char)\\b\\s*\\(?|[\\s(]load_file\\s*?\\(|[\\\"'`]\\s+regexp\\W)",
+            "options": {
+              "min_length": 5
+            }
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": []
+    },
+    {
+      "id": "crs-942-500",
+      "name": "MySQL in-line comment detected",
+      "tags": {
+        "type": "sql_injection",
+        "crs_id": "942500",
+        "category": "attack_attempt"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.query"
+              },
+              {
+                "address": "server.request.body"
+              },
+              {
+                "address": "server.request.path_params"
+              },
+              {
+                "address": "grpc.server.request.message"
+              }
+            ],
+            "regex": "(?i:/\\*[!+](?:[\\w\\s=_\\-(?:)]+)?\\*/)",
+            "options": {
+              "case_sensitive": true,
+              "min_length": 5
+            }
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": []
+    },
+    {
+      "id": "crs-943-100",
+      "name": "Possible Session Fixation Attack: Setting Cookie Values in HTML",
+      "tags": {
+        "type": "http_protocol_violation",
+        "crs_id": "943100",
+        "category": "attack_attempt",
+        "confidence": "1"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.query"
+              },
+              {
+                "address": "server.request.body"
+              },
+              {
+                "address": "server.request.path_params"
+              }
+            ],
+            "regex": "(?i:\\.cookie\\b.*?;\\W*?(?:expires|domain)\\W*?=|\\bhttp-equiv\\W+set-cookie\\b)",
+            "options": {
+              "case_sensitive": true,
+              "min_length": 15
+            }
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": []
+    },
+    {
+      "id": "crs-944-100",
+      "name": "Remote Command Execution: Suspicious Java class detected",
+      "tags": {
+        "type": "java_code_injection",
+        "crs_id": "944100",
+        "category": "attack_attempt",
+        "confidence": "1"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.query"
+              },
+              {
+                "address": "server.request.body"
+              },
+              {
+                "address": "server.request.path_params"
+              },
+              {
+                "address": "server.request.headers.no_cookies"
+              },
+              {
+                "address": "grpc.server.request.message"
+              }
+            ],
+            "regex": "java\\.lang\\.(?:runtime|processbuilder)",
+            "options": {
+              "case_sensitive": true,
+              "min_length": 17
+            }
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": [
+        "lowercase"
+      ]
+    },
+    {
+      "id": "crs-944-110",
+      "name": "Remote Command Execution: Java process spawn (CVE-2017-9805)",
+      "tags": {
+        "type": "java_code_injection",
+        "crs_id": "944110",
+        "category": "attack_attempt"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.query"
+              },
+              {
+                "address": "server.request.body"
+              },
+              {
+                "address": "server.request.path_params"
+              },
+              {
+                "address": "server.request.headers.no_cookies"
+              },
+              {
+                "address": "grpc.server.request.message"
+              }
+            ],
+            "regex": "(?:runtime|processbuilder)",
+            "options": {
+              "case_sensitive": true,
+              "min_length": 7
+            }
+          },
+          "operator": "match_regex"
+        },
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.query"
+              },
+              {
+                "address": "server.request.body"
+              },
+              {
+                "address": "server.request.path_params"
+              },
+              {
+                "address": "server.request.headers.no_cookies"
+              },
+              {
+                "address": "grpc.server.request.message"
+              }
+            ],
+            "regex": "(?:unmarshaller|base64data|java\\.)",
+            "options": {
+              "case_sensitive": true,
+              "min_length": 5
+            }
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": [
+        "lowercase"
+      ]
+    },
+    {
+      "id": "crs-944-130",
+      "name": "Suspicious Java class detected",
+      "tags": {
+        "type": "java_code_injection",
+        "crs_id": "944130",
+        "category": "attack_attempt"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.query"
+              },
+              {
+                "address": "server.request.body"
+              },
+              {
+                "address": "server.request.path_params"
+              },
+              {
+                "address": "server.request.headers.no_cookies"
+              },
+              {
+                "address": "grpc.server.request.message"
+              }
+            ],
+            "list": [
+              "com.opensymphony.xwork2",
+              "com.sun.org.apache",
+              "java.io.bufferedinputstream",
+              "java.io.bufferedreader",
+              "java.io.bytearrayinputstream",
+              "java.io.bytearrayoutputstream",
+              "java.io.chararrayreader",
+              "java.io.datainputstream",
+              "java.io.file",
+              "java.io.fileoutputstream",
+              "java.io.filepermission",
+              "java.io.filewriter",
+              "java.io.filterinputstream",
+              "java.io.filteroutputstream",
+              "java.io.filterreader",
+              "java.io.inputstream",
+              "java.io.inputstreamreader",
+              "java.io.linenumberreader",
+              "java.io.objectoutputstream",
+              "java.io.outputstream",
+              "java.io.pipedoutputstream",
+              "java.io.pipedreader",
+              "java.io.printstream",
+              "java.io.pushbackinputstream",
+              "java.io.reader",
+              "java.io.stringreader",
+              "java.lang.class",
+              "java.lang.integer",
+              "java.lang.number",
+              "java.lang.object",
+              "java.lang.process",
+              "java.lang.reflect",
+              "java.lang.string",
+              "java.lang.stringbuilder",
+              "java.lang.system",
+              "javax.script.scriptenginemanager",
+              "org.apache.commons",
+              "org.apache.struts",
+              "org.apache.struts2",
+              "org.omg.corba",
+              "java.beans.xmldecode"
+            ]
+          },
+          "operator": "phrase_match"
+        }
+      ],
+      "transformers": [
+        "lowercase"
+      ]
+    },
+    {
+      "id": "crs-944-260",
+      "name": "Remote Command Execution: Malicious class-loading payload",
+      "tags": {
+        "type": "java_code_injection",
+        "crs_id": "944260",
+        "category": "attack_attempt",
+        "confidence": "1"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.query"
+              },
+              {
+                "address": "server.request.body"
+              },
+              {
+                "address": "server.request.path_params"
+              },
+              {
+                "address": "server.request.headers.no_cookies"
+              },
+              {
+                "address": "grpc.server.request.message"
+              }
+            ],
+            "regex": "(?:class\\.module\\.classLoader\\.resources\\.context\\.parent\\.pipeline|springframework\\.context\\.support\\.FileSystemXmlApplicationContext)",
+            "options": {
+              "case_sensitive": true,
+              "min_length": 58
+            }
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": []
+    },
+    {
+      "id": "dog-000-001",
+      "name": "Look for Cassandra injections",
+      "tags": {
+        "type": "nosql_injection",
+        "category": "attack_attempt"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.query"
+              },
+              {
+                "address": "server.request.body"
+              },
+              {
+                "address": "server.request.path_params"
+              },
+              {
+                "address": "server.request.headers.no_cookies"
+              }
+            ],
+            "regex": "\\ballow\\s+filtering\\b"
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": [
+        "removeComments"
+      ]
+    },
+    {
+      "id": "dog-000-002",
+      "name": "OGNL - Look for formatting injection patterns",
+      "tags": {
+        "type": "java_code_injection",
+        "category": "attack_attempt"
+      },
+      "conditions": [
+        {
+          "operator": "match_regex",
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.uri.raw"
+              },
+              {
+                "address": "server.request.query"
+              },
+              {
+                "address": "server.request.body"
+              },
+              {
+                "address": "server.request.path_params"
+              },
+              {
+                "address": "grpc.server.request.message"
+              }
+            ],
+            "regex": "[#%$]{(?:[^}]+[^\\w\\s}\\-_][^}]+|\\d+-\\d+)}",
+            "options": {
+              "case_sensitive": true
+            }
+          }
+        }
+      ],
+      "transformers": []
+    },
+    {
+      "id": "dog-000-003",
+      "name": "OGNL - Detect OGNL exploitation primitives",
+      "tags": {
+        "type": "java_code_injection",
+        "category": "attack_attempt",
+        "confidence": "1"
+      },
+      "conditions": [
+        {
+          "operator": "match_regex",
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.query"
+              },
+              {
+                "address": "server.request.body"
+              },
+              {
+                "address": "server.request.path_params"
+              },
+              {
+                "address": "server.request.headers.no_cookies"
+              },
+              {
+                "address": "grpc.server.request.message"
+              }
+            ],
+            "regex": "[@#]ognl",
+            "options": {
+              "case_sensitive": true
+            }
+          }
+        }
+      ],
+      "transformers": []
+    },
+    {
+      "id": "dog-000-004",
+      "name": "Spring4Shell - Attempts to exploit the Spring4shell vulnerability",
+      "tags": {
+        "type": "exploit_detection",
+        "category": "attack_attempt",
+        "confidence": "1"
+      },
+      "conditions": [
+        {
+          "operator": "match_regex",
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.body"
+              }
+            ],
+            "regex": "^class\\.module\\.classLoader\\.",
+            "options": {
+              "case_sensitive": false
+            }
+          }
+        }
+      ],
+      "transformers": [
+        "keys_only"
+      ]
+    },
+    {
+      "id": "dog-000-005",
+      "name": "Node.js: Prototype pollution through __proto__",
+      "tags": {
+        "type": "js_code_injection",
+        "category": "attack_attempt",
+        "confidence": "1"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.query"
+              },
+              {
+                "address": "server.request.body"
+              }
+            ],
+            "regex": "^__proto__$"
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": [
+        "keys_only"
+      ]
+    },
+    {
+      "id": "dog-000-006",
+      "name": "Node.js: Prototype pollution through constructor.prototype",
+      "tags": {
+        "type": "js_code_injection",
+        "category": "attack_attempt",
+        "confidence": "1"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.query"
+              },
+              {
+                "address": "server.request.body"
+              }
+            ],
+            "regex": "^constructor$"
+          },
+          "operator": "match_regex"
+        },
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.query"
+              },
+              {
+                "address": "server.request.body"
+              }
+            ],
+            "regex": "^prototype$"
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": [
+        "keys_only"
+      ]
+    },
+    {
+      "id": "dog-000-007",
+      "name": "Server side template injection: Velocity & Freemarker",
+      "tags": {
+        "type": "java_code_injection",
+        "category": "attack_attempt",
+        "confidence": "1"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.query"
+              },
+              {
+                "address": "server.request.body"
+              },
+              {
+                "address": "server.request.path_params"
+              },
+              {
+                "address": "server.request.headers.no_cookies"
+              },
+              {
+                "address": "grpc.server.request.message"
+              }
+            ],
+            "regex": "#(?:set|foreach|macro|parse|if)\\(.*\\)|<#assign.*>"
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": []
+    },
+    {
+      "id": "dog-913-001",
+      "name": "BurpCollaborator OOB domain",
+      "tags": {
+        "type": "attack_tool",
+        "category": "attack_attempt",
+        "tool_name": "BurpCollaborator",
+        "confidence": "1"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.query"
+              },
+              {
+                "address": "server.request.body"
+              },
+              {
+                "address": "server.request.path_params"
+              },
+              {
+                "address": "server.request.headers.no_cookies"
+              },
+              {
+                "address": "grpc.server.request.message"
+              }
+            ],
+            "regex": "\\b(?:burpcollaborator\\.net|oastify\\.com)\\b"
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": []
+    },
+    {
+      "id": "dog-913-002",
+      "name": "Qualys OOB domain",
+      "tags": {
+        "type": "commercial_scanner",
+        "category": "attack_attempt",
+        "tool_name": "Qualys",
+        "confidence": "0"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.query"
+              },
+              {
+                "address": "server.request.body"
+              },
+              {
+                "address": "server.request.path_params"
+              },
+              {
+                "address": "server.request.headers.no_cookies"
+              },
+              {
+                "address": "grpc.server.request.message"
+              }
+            ],
+            "regex": "\\bqualysperiscope\\.com\\b"
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": []
+    },
+    {
+      "id": "dog-913-003",
+      "name": "Probely OOB domain",
+      "tags": {
+        "type": "commercial_scanner",
+        "category": "attack_attempt",
+        "tool_name": "Probely",
+        "confidence": "0"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.query"
+              },
+              {
+                "address": "server.request.body"
+              },
+              {
+                "address": "server.request.path_params"
+              },
+              {
+                "address": "server.request.headers.no_cookies"
+              },
+              {
+                "address": "grpc.server.request.message"
+              }
+            ],
+            "regex": "\\bprbly\\.win\\b"
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": []
+    },
+    {
+      "id": "dog-913-004",
+      "name": "Known malicious out-of-band interaction domain",
+      "tags": {
+        "type": "security_scanner",
+        "category": "attack_attempt",
+        "confidence": "1"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.query"
+              },
+              {
+                "address": "server.request.body"
+              },
+              {
+                "address": "server.request.path_params"
+              },
+              {
+                "address": "server.request.headers.no_cookies"
+              },
+              {
+                "address": "grpc.server.request.message"
+              }
+            ],
+            "regex": "\\b(?:webhook\\.site|\\.canarytokens\\.com|vii\\.one|act1on3\\.ru|gdsburp\\.com)\\b"
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": []
+    },
+    {
+      "id": "dog-913-005",
+      "name": "Known suspicious out-of-band interaction domain",
+      "tags": {
+        "type": "security_scanner",
+        "category": "attack_attempt",
+        "confidence": "0"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.query"
+              },
+              {
+                "address": "server.request.body"
+              },
+              {
+                "address": "server.request.path_params"
+              },
+              {
+                "address": "server.request.headers.no_cookies"
+              },
+              {
+                "address": "grpc.server.request.message"
+              }
+            ],
+            "regex": "\\b(?:\\.ngrok\\.io|requestbin\\.com|requestbin\\.net)\\b"
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": []
+    },
+    {
+      "id": "dog-913-006",
+      "name": "Rapid7 OOB domain",
+      "tags": {
+        "type": "commercial_scanner",
+        "category": "attack_attempt",
+        "tool_name": "Rapid7",
+        "confidence": "0"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.query"
+              },
+              {
+                "address": "server.request.body"
+              },
+              {
+                "address": "server.request.path_params"
+              },
+              {
+                "address": "server.request.headers.no_cookies"
+              },
+              {
+                "address": "grpc.server.request.message"
+              }
+            ],
+            "regex": "\\bappspidered\\.rapid7\\."
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": []
+    },
+    {
+      "id": "dog-913-007",
+      "name": "Interact.sh OOB domain",
+      "tags": {
+        "type": "attack_tool",
+        "category": "attack_attempt",
+        "tool_name": "interact.sh",
+        "confidence": "1"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.query"
+              },
+              {
+                "address": "server.request.body"
+              },
+              {
+                "address": "server.request.path_params"
+              },
+              {
+                "address": "server.request.headers.no_cookies"
+              },
+              {
+                "address": "grpc.server.request.message"
+              }
+            ],
+            "regex": "\\b(?:interact\\.sh|oast\\.(?:pro|live|site|online|fun|me))\\b"
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": []
+    },
+    {
+      "id": "dog-931-001",
+      "name": "RFI: URL Payload to well known RFI target",
+      "tags": {
+        "type": "rfi",
+        "category": "attack_attempt",
+        "confidence": "1"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.query"
+              },
+              {
+                "address": "server.request.body"
+              },
+              {
+                "address": "server.request.path_params"
+              }
+            ],
+            "regex": "^(?i:file|ftps?|https?).*/rfiinc\\.txt\\?+$",
+            "options": {
+              "case_sensitive": true,
+              "min_length": 17
+            }
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": []
+    },
+    {
+      "id": "dog-934-001",
+      "name": "XXE - XML file loads external entity",
+      "tags": {
+        "type": "xxe",
+        "category": "attack_attempt",
+        "confidence": "0"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.body"
+              },
+              {
+                "address": "grpc.server.request.message"
+              }
+            ],
+            "regex": "(?:<\\?xml[^>]*>.*)<!ENTITY[^>]+SYSTEM\\s+[^>]+>",
+            "options": {
+              "case_sensitive": false,
+              "min_length": 24
+            }
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": []
+    },
+    {
+      "id": "dog-942-001",
+      "name": "Blind XSS callback domains",
+      "tags": {
+        "type": "xss",
+        "category": "attack_attempt",
+        "confidence": "1"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.query"
+              },
+              {
+                "address": "server.request.body"
+              },
+              {
+                "address": "server.request.path_params"
+              },
+              {
+                "address": "server.request.headers.no_cookies"
+              },
+              {
+                "address": "grpc.server.request.message"
+              }
+            ],
+            "regex": "https?:\\/\\/(?:.*\\.)?(?:bxss\\.in|xss\\.ht|js\\.rip)",
+            "options": {
+              "case_sensitive": false
+            }
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": []
+    },
+    {
+      "id": "nfd-000-001",
+      "name": "Detect common directory discovery scans",
+      "tags": {
+        "type": "security_scanner",
+        "category": "attack_attempt",
+        "confidence": "1"
+      },
+      "conditions": [
+        {
+          "operator": "match_regex",
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.response.status"
+              }
+            ],
+            "regex": "^404$",
+            "options": {
+              "case_sensitive": true
+            }
+          }
+        },
+        {
+          "operator": "phrase_match",
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.uri.raw"
+              }
+            ],
+            "list": [
+              "/wordpress/",
+              "/etc/",
+              "/login.php",
+              "/install.php",
+              "/administrator",
+              "/admin.php",
+              "/wp-config",
+              "/phpmyadmin",
+              "/fckeditor",
+              "/mysql",
+              "/manager/html",
+              ".htaccess",
+              "/config.php",
+              "/configuration",
+              "/cgi-bin/php",
+              "/search.php",
+              "/tinymce",
+              "/tiny_mce",
+              "/settings.php",
+              "../../..",
+              "/install/",
+              "/download.php",
+              "/webdav",
+              "/forum.php",
+              "/user.php",
+              "/style.php",
+              "/jmx-console",
+              "/modules.php",
+              "/include.php",
+              "/default.asp",
+              "/help.php",
+              "/database.yml",
+              "/database.yml.pgsql",
+              "/database.yml.sqlite3",
+              "/database.yml.sqlite",
+              "/database.yml.mysql",
+              ".%2e/",
+              "/view.php",
+              "/header.php",
+              "/search.asp",
+              "%5c%5c",
+              "/server/php/",
+              "/invoker/jmxinvokerservlet",
+              "/phpmyadmin/index.php",
+              "/data/admin/allowurl.txt",
+              "/verify.php",
+              "/misc/ajax.js",
+              "/.idea",
+              "/module.php",
+              "/backup.rar",
+              "/backup.tar",
+              "/backup.zip",
+              "/backup.7z",
+              "/backup.gz",
+              "/backup.tgz",
+              "/backup.tar.gz",
+              "waitfor%20delay",
+              "/calendar.php",
+              "/news.php",
+              "/dompdf.php",
+              "))))))))))))))))",
+              "/web.config",
+              "tree.php",
+              "/cgi-bin-sdb/printenv",
+              "/comments.php",
+              "/detail.asp",
+              "/license.txt",
+              "/admin.asp",
+              "/auth.php",
+              "/list.php",
+              "/content.php",
+              "/mod.php",
+              "/mini.php",
+              "/install.pgsql",
+              "/install.mysql",
+              "/install.sqlite",
+              "/install.sqlite3",
+              "/install.txt",
+              "/install.md",
+              "/doku.php",
+              "/main.asp",
+              "/myadmin",
+              "/force-download.php",
+              "/iisprotect/admin",
+              "/.gitignore",
+              "/print.php",
+              "/common.php",
+              "/mainfile.php",
+              "/functions.php",
+              "/scripts/setup.php",
+              "/faq.php",
+              "/op/op.login.php",
+              "/home.php",
+              "/includes/hnmain.inc.php3",
+              "/preview.php",
+              "/dump.rar",
+              "/dump.tar",
+              "/dump.zip",
+              "/dump.7z",
+              "/dump.gz",
+              "/dump.tgz",
+              "/dump.tar.gz",
+              "/thumbnail.php",
+              "/sendcard.php",
+              "/global.asax",
+              "/directory.php",
+              "/footer.php",
+              "/error.asp",
+              "/forum.asp",
+              "/save.php",
+              "/htmlsax3.php",
+              "/adm/krgourl.php",
+              "/includes/converter.inc.php",
+              "/nucleus/libs/pluginadmin.php",
+              "/base_qry_common.php",
+              "/fileadmin",
+              "/bitrix/admin/",
+              "/adm.php",
+              "/util/barcode.php",
+              "/action.php",
+              "/rss.asp",
+              "/downloads.php",
+              "/page.php",
+              "/snarf_ajax.php",
+              "/fck/editor",
+              "/sendmail.php",
+              "/detail.php",
+              "/iframe.php",
+              "/swfupload.swf",
+              "/jenkins/login",
+              "/phpmyadmin/main.php",
+              "/phpmyadmin/scripts/setup.php",
+              "/user/index.php",
+              "/checkout.php",
+              "/process.php",
+              "/ks_inc/ajax.js",
+              "/export.php",
+              "/register.php",
+              "/cart.php",
+              "/console.php",
+              "/friend.php",
+              "/readmsg.php",
+              "/install.asp",
+              "/dagent/downloadreport.asp",
+              "/system/index.php",
+              "/core/changelog.txt",
+              "/js/util.js",
+              "/interna.php",
+              "/gallery.php",
+              "/links.php",
+              "/data/admin/ver.txt",
+              "/language/zh-cn.xml",
+              "/productdetails.asp",
+              "/admin/template/article_more/config.htm",
+              "/components/com_moofaq/includes/file_includer.php",
+              "/licence.txt",
+              "/rss.xsl",
+              "/vtigerservice.php",
+              "/mysql/main.php",
+              "/passwiki.php",
+              "/scr/soustab.php",
+              "/global.php",
+              "/email.php",
+              "/user.asp",
+              "/msd",
+              "/products.php",
+              "/cultbooking.php",
+              "/cron.php",
+              "/static/js/admincp.js",
+              "/comment.php",
+              "/maintainers",
+              "/modules/plain/adminpart/addplain.php",
+              "/wp-content/plugins/ungallery/source_vuln.php",
+              "/upgrade.txt",
+              "/category.php",
+              "/index_logged.php",
+              "/members.asp",
+              "/script/html.js",
+              "/images/ad.js",
+              "/awstats/awstats.pl",
+              "/includes/esqueletos/skel_null.php",
+              "/modules/profile/user.php",
+              "/window_top.php",
+              "/openbrowser.php",
+              "/thread.php",
+              "tinfoil_xss",
+              "/includes/include.php",
+              "/urheber.php",
+              "/header.inc.php",
+              "/mysqldumper",
+              "/display.php",
+              "/website.php",
+              "/stats.php",
+              "/assets/plugins/mp3_id/mp3_id.php",
+              "/siteminderagent/forms/smpwservices.fcc"
+            ]
+          }
+        }
+      ],
+      "transformers": [
+        "lowercase"
+      ]
+    },
+    {
+      "id": "nfd-000-002",
+      "name": "Detect failed attempt to fetch readme files",
+      "tags": {
+        "type": "security_scanner",
+        "category": "attack_attempt",
+        "confidence": "1"
+      },
+      "conditions": [
+        {
+          "operator": "match_regex",
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.response.status"
+              }
+            ],
+            "regex": "^404$",
+            "options": {
+              "case_sensitive": true
+            }
+          }
+        },
+        {
+          "operator": "match_regex",
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.uri.raw"
+              }
+            ],
+            "regex": "readme\\.[\\.a-z0-9]+$",
+            "options": {
+              "case_sensitive": false
+            }
+          }
+        }
+      ],
+      "transformers": []
+    },
+    {
+      "id": "nfd-000-003",
+      "name": "Detect failed attempt to fetch Java EE resource files",
+      "tags": {
+        "type": "security_scanner",
+        "category": "attack_attempt",
+        "confidence": "1"
+      },
+      "conditions": [
+        {
+          "operator": "match_regex",
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.response.status"
+              }
+            ],
+            "regex": "^404$",
+            "options": {
+              "case_sensitive": true
+            }
+          }
+        },
+        {
+          "operator": "match_regex",
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.uri.raw"
+              }
+            ],
+            "regex": "^(?:.*web\\-inf)(?:.*web\\.xml).*$",
+            "options": {
+              "case_sensitive": false
+            }
+          }
+        }
+      ],
+      "transformers": []
+    },
+    {
+      "id": "nfd-000-004",
+      "name": "Detect failed attempt to fetch code files",
+      "tags": {
+        "type": "security_scanner",
+        "category": "attack_attempt",
+        "confidence": "1"
+      },
+      "conditions": [
+        {
+          "operator": "match_regex",
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.response.status"
+              }
+            ],
+            "regex": "^404$",
+            "options": {
+              "case_sensitive": true
+            }
+          }
+        },
+        {
+          "operator": "match_regex",
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.uri.raw"
+              }
+            ],
+            "regex": "\\.(java|pyc?|rb|class)\\b",
+            "options": {
+              "case_sensitive": false
+            }
+          }
+        }
+      ],
+      "transformers": []
+    },
+    {
+      "id": "nfd-000-005",
+      "name": "Detect failed attempt to fetch source code archives",
+      "tags": {
+        "type": "security_scanner",
+        "category": "attack_attempt",
+        "confidence": "1"
+      },
+      "conditions": [
+        {
+          "operator": "match_regex",
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.response.status"
+              }
+            ],
+            "regex": "^404$",
+            "options": {
+              "case_sensitive": true
+            }
+          }
+        },
+        {
+          "operator": "match_regex",
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.uri.raw"
+              }
+            ],
+            "regex": "\\.(sql|log|ndb|gz|zip|tar\\.gz|tar|regVV|reg|conf|bz2|ini|db|war|bat|inc|btr|server|ds|conf|config|admin|master|sln|bak)\\b(?:[^.]|$)",
+            "options": {
+              "case_sensitive": false
+            }
+          }
+        }
+      ],
+      "transformers": []
+    },
+    {
+      "id": "nfd-000-006",
+      "name": "Detect failed attempt to fetch sensitive files",
+      "tags": {
+        "type": "security_scanner",
+        "category": "attack_attempt",
+        "confidence": "1"
+      },
+      "conditions": [
+        {
+          "operator": "match_regex",
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.response.status"
+              }
+            ],
+            "regex": "^404$",
+            "options": {
+              "case_sensitive": true
+            }
+          }
+        },
+        {
+          "operator": "match_regex",
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.uri.raw"
+              }
+            ],
+            "regex": "\\.(cgi|bat|dll|exe|key|cert|crt|pem|der|pkcs|pkcs|pkcs[0-9]*|nsf|jsa|war|java|class|vb|vba|so|git|svn|hg|cvs)([^a-zA-Z0-9_]|$)",
+            "options": {
+              "case_sensitive": false
+            }
+          }
+        }
+      ],
+      "transformers": []
+    },
+    {
+      "id": "nfd-000-007",
+      "name": "Detect failed attempt to fetch archives",
+      "tags": {
+        "type": "security_scanner",
+        "category": "attack_attempt",
+        "confidence": "1"
+      },
+      "conditions": [
+        {
+          "operator": "match_regex",
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.response.status"
+              }
+            ],
+            "regex": "^404$",
+            "options": {
+              "case_sensitive": true
+            }
+          }
+        },
+        {
+          "operator": "match_regex",
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.uri.raw"
+              }
+            ],
+            "regex": "/[\\d\\-_]*\\.(rar|tar|zip|7z|gz|tgz|tar.gz)",
+            "options": {
+              "case_sensitive": false
+            }
+          }
+        }
+      ],
+      "transformers": []
+    },
+    {
+      "id": "nfd-000-008",
+      "name": "Detect failed attempt to trigger incorrect application behavior",
+      "tags": {
+        "type": "security_scanner",
+        "category": "attack_attempt",
+        "confidence": "1"
+      },
+      "conditions": [
+        {
+          "operator": "match_regex",
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.response.status"
+              }
+            ],
+            "regex": "^404$",
+            "options": {
+              "case_sensitive": true
+            }
+          }
+        },
+        {
+          "operator": "match_regex",
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.uri.raw"
+              }
+            ],
+            "regex": "(/(administrator/components/com.*\\.php|response\\.write\\(.+\\))|select\\(.+\\)from|\\(.*sleep\\(.+\\)|(%[a-zA-Z0-9]{2}[a-zA-Z]{0,1})+\\))",
+            "options": {
+              "case_sensitive": false
+            }
+          }
+        }
+      ],
+      "transformers": []
+    },
+    {
+      "id": "nfd-000-009",
+      "name": "Detect failed attempt to leak the structure of the application",
+      "tags": {
+        "type": "security_scanner",
+        "category": "attack_attempt",
+        "confidence": "1"
+      },
+      "conditions": [
+        {
+          "operator": "match_regex",
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.response.status"
+              }
+            ],
+            "regex": "^404$",
+            "options": {
+              "case_sensitive": true
+            }
+          }
+        },
+        {
+          "operator": "match_regex",
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.uri.raw"
+              }
+            ],
+            "regex": "/(login\\.rol|LICENSE|[\\w-]+\\.(plx|pwd))$",
+            "options": {
+              "case_sensitive": false
+            }
+          }
+        }
+      ],
+      "transformers": []
+    },
+    {
+      "id": "sqr-000-001",
+      "name": "SSRF: Try to access the credential manager of the main cloud services",
+      "tags": {
+        "type": "ssrf",
+        "category": "attack_attempt",
+        "confidence": "1"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.query"
+              },
+              {
+                "address": "server.request.body"
+              },
+              {
+                "address": "server.request.path_params"
+              },
+              {
+                "address": "grpc.server.request.message"
+              }
+            ],
+            "regex": "(?i)^\\W*((http|ftp)s?://)?\\W*((::f{4}:)?(169|(0x)?0*a9|0+251)\\.?(254|(0x)?0*fe|0+376)[0-9a-fx\\.:]+|metadata\\.google\\.internal|metadata\\.goog)\\W*/",
+            "options": {
+              "min_length": 4
+            }
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": [
+        "removeNulls"
+      ]
+    },
+    {
+      "id": "sqr-000-002",
+      "name": "Server-side Javascript injection: Try to detect obvious JS injection",
+      "tags": {
+        "type": "js_code_injection",
+        "category": "attack_attempt"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.query"
+              },
+              {
+                "address": "server.request.body"
+              },
+              {
+                "address": "server.request.path_params"
+              },
+              {
+                "address": "grpc.server.request.message"
+              }
+            ],
+            "regex": "require\\(['\"][\\w\\.]+['\"]\\)|process\\.\\w+\\([\\w\\.]*\\)|\\.toString\\(\\)",
+            "options": {
+              "min_length": 4
+            }
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": [
+        "removeNulls"
+      ]
+    },
+    {
+      "id": "sqr-000-008",
+      "name": "Windows: Detect attempts to exfiltrate .ini files",
+      "tags": {
+        "type": "command_injection",
+        "category": "attack_attempt",
+        "confidence": "1"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.query"
+              },
+              {
+                "address": "server.request.body"
+              },
+              {
+                "address": "server.request.path_params"
+              },
+              {
+                "address": "server.request.headers.no_cookies"
+              },
+              {
+                "address": "grpc.server.request.message"
+              }
+            ],
+            "regex": "(?i)[&|]\\s*type\\s+%\\w+%\\\\+\\w+\\.ini\\s*[&|]"
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": []
+    },
+    {
+      "id": "sqr-000-009",
+      "name": "Linux: Detect attempts to exfiltrate passwd files",
+      "tags": {
+        "type": "command_injection",
+        "category": "attack_attempt",
+        "confidence": "1"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.query"
+              },
+              {
+                "address": "server.request.body"
+              },
+              {
+                "address": "server.request.path_params"
+              },
+              {
+                "address": "server.request.headers.no_cookies"
+              },
+              {
+                "address": "grpc.server.request.message"
+              }
+            ],
+            "regex": "(?i)[&|]\\s*cat\\s+\\/etc\\/[\\w\\.\\/]*passwd\\s*[&|]"
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": []
+    },
+    {
+      "id": "sqr-000-010",
+      "name": "Windows: Detect attempts to timeout a shell",
+      "tags": {
+        "type": "command_injection",
+        "category": "attack_attempt",
+        "confidence": "1"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.query"
+              },
+              {
+                "address": "server.request.body"
+              },
+              {
+                "address": "server.request.path_params"
+              },
+              {
+                "address": "server.request.headers.no_cookies"
+              },
+              {
+                "address": "grpc.server.request.message"
+              }
+            ],
+            "regex": "(?i)[&|]\\s*timeout\\s+/t\\s+\\d+\\s*[&|]"
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": []
+    },
+    {
+      "id": "sqr-000-011",
+      "name": "SSRF: Try to access internal OMI service (CVE-2021-38647)",
+      "tags": {
+        "type": "ssrf",
+        "category": "attack_attempt",
+        "confidence": "1"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.query"
+              },
+              {
+                "address": "server.request.body"
+              },
+              {
+                "address": "server.request.path_params"
+              },
+              {
+                "address": "grpc.server.request.message"
+              }
+            ],
+            "regex": "http(s?):\\/\\/([A-Za-z0-9\\.\\-\\_]+|\\[[A-Fa-f0-9\\:]+\\]|):5986\\/wsman",
+            "options": {
+              "min_length": 4
+            }
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": []
+    },
+    {
+      "id": "sqr-000-012",
+      "name": "SSRF: Detect SSRF attempt on internal service",
+      "tags": {
+        "type": "ssrf",
+        "category": "attack_attempt",
+        "confidence": "0"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.query"
+              },
+              {
+                "address": "server.request.body"
+              },
+              {
+                "address": "server.request.path_params"
+              },
+              {
+                "address": "grpc.server.request.message"
+              }
+            ],
+            "regex": "^(jar:)?(http|https):\\/\\/([0-9oq]{1,5}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}|[0-9]{1,10})(:[0-9]{1,5})?(\\/[^:@]*)?$"
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": [
+        "lowercase"
+      ]
+    },
+    {
+      "id": "sqr-000-013",
+      "name": "SSRF: Detect SSRF attempts using IPv6 or octal/hexdecimal obfuscation",
+      "tags": {
+        "type": "ssrf",
+        "category": "attack_attempt",
+        "confidence": "0"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.query"
+              },
+              {
+                "address": "server.request.body"
+              },
+              {
+                "address": "server.request.path_params"
+              },
+              {
+                "address": "grpc.server.request.message"
+              }
+            ],
+            "regex": "^(jar:)?(http|https):\\/\\/((\\[)?[:0-9a-f\\.x]{2,}(\\])?)(:[0-9]{1,5})?(\\/[^:@]*)?$"
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": [
+        "lowercase"
+      ]
+    },
+    {
+      "id": "sqr-000-014",
+      "name": "SSRF: Detect SSRF domain redirection bypass",
+      "tags": {
+        "type": "ssrf",
+        "category": "attack_attempt",
+        "confidence": "1"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.query"
+              },
+              {
+                "address": "server.request.body"
+              },
+              {
+                "address": "server.request.path_params"
+              },
+              {
+                "address": "server.request.headers.no_cookies"
+              },
+              {
+                "address": "grpc.server.request.message"
+              }
+            ],
+            "regex": "(http|https):\\/\\/(?:.*\\.)?(?:burpcollaborator\\.net|localtest\\.me|mail\\.ebc\\.apple\\.com|bugbounty\\.dod\\.network|.*\\.[nx]ip\\.io|oastify\\.com|oast\\.(?:pro|live|site|online|fun|me)|sslip\\.io|requestbin\\.com|requestbin\\.net|hookbin\\.com|webhook\\.site|canarytokens\\.com|interact\\.sh|ngrok\\.io|bugbounty\\.click|prbly\\.win|qualysperiscope\\.com|vii.one|act1on3.ru)"
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": []
+    },
+    {
+      "id": "sqr-000-015",
+      "name": "SSRF: Detect SSRF attempt using non HTTP protocol",
+      "tags": {
+        "type": "ssrf",
+        "category": "attack_attempt",
+        "confidence": "0"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.query"
+              },
+              {
+                "address": "server.request.body"
+              },
+              {
+                "address": "server.request.path_params"
+              },
+              {
+                "address": "server.request.headers.no_cookies"
+              },
+              {
+                "address": "grpc.server.request.message"
+              }
+            ],
+            "regex": "^(jar:)?((file|netdoc):\\/\\/[\\\\\\/]+|(dict|gopher|ldap|sftp|tftp):\\/\\/.*:[0-9]{1,5})"
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": [
+        "lowercase"
+      ]
+    },
+    {
+      "id": "sqr-000-017",
+      "name": "Log4shell: Attempt to exploit log4j CVE-2021-44228",
+      "tags": {
+        "type": "exploit_detection",
+        "category": "attack_attempt",
+        "confidence": "1"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.uri.raw"
+              },
+              {
+                "address": "server.request.query"
+              },
+              {
+                "address": "server.request.body"
+              },
+              {
+                "address": "server.request.path_params"
+              },
+              {
+                "address": "server.request.headers.no_cookies"
+              },
+              {
+                "address": "grpc.server.request.message"
+              }
+            ],
+            "regex": "\\${[^j]*j[^n]*n[^d]*d[^i]*i[^:]*:[^}]*}"
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": [
+        "unicode_normalize"
+      ]
+    },
+    {
+      "id": "ua0-600-0xx",
+      "name": "Joomla exploitation tool",
+      "tags": {
+        "type": "attack_tool",
+        "category": "attack_attempt",
+        "tool_name": "Joomla exploitation tool",
+        "confidence": "1"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.headers.no_cookies",
+                "key_path": [
+                  "user-agent"
+                ]
+              }
+            ],
+            "regex": "JDatabaseDriverMysqli"
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": []
+    },
+    {
+      "id": "ua0-600-10x",
+      "name": "Nessus",
+      "tags": {
+        "type": "attack_tool",
+        "category": "attack_attempt",
+        "tool_name": "Nessus",
+        "confidence": "1"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.headers.no_cookies",
+                "key_path": [
+                  "user-agent"
+                ]
+              }
+            ],
+            "regex": "(?i)^Nessus(/|([ :]+SOAP))"
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": []
+    },
+    {
+      "id": "ua0-600-12x",
+      "name": "Arachni",
+      "tags": {
+        "type": "attack_tool",
+        "category": "attack_attempt",
+        "tool_name": "Arachni",
+        "confidence": "1"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.headers.no_cookies",
+                "key_path": [
+                  "user-agent"
+                ]
+              }
+            ],
+            "regex": "^Arachni\\/v"
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": []
+    },
+    {
+      "id": "ua0-600-13x",
+      "name": "Jorgee",
+      "tags": {
+        "type": "attack_tool",
+        "category": "attack_attempt",
+        "tool_name": "Jorgee",
+        "confidence": "1"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.headers.no_cookies",
+                "key_path": [
+                  "user-agent"
+                ]
+              }
+            ],
+            "regex": "(?i)\\bJorgee\\b"
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": []
+    },
+    {
+      "id": "ua0-600-14x",
+      "name": "Probely",
+      "tags": {
+        "type": "commercial_scanner",
+        "category": "attack_attempt",
+        "tool_name": "Probely",
+        "confidence": "0"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.headers.no_cookies",
+                "key_path": [
+                  "user-agent"
+                ]
+              }
+            ],
+            "regex": "(?i)\\bProbely\\b"
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": []
+    },
+    {
+      "id": "ua0-600-15x",
+      "name": "Metis",
+      "tags": {
+        "type": "attack_tool",
+        "category": "attack_attempt",
+        "tool_name": "Metis",
+        "confidence": "1"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.headers.no_cookies",
+                "key_path": [
+                  "user-agent"
+                ]
+              }
+            ],
+            "regex": "(?i)\\bmetis\\b"
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": []
+    },
+    {
+      "id": "ua0-600-16x",
+      "name": "SQL power injector",
+      "tags": {
+        "type": "attack_tool",
+        "category": "attack_attempt",
+        "tool_name": "SQLPowerInjector",
+        "confidence": "1"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.headers.no_cookies",
+                "key_path": [
+                  "user-agent"
+                ]
+              }
+            ],
+            "regex": "sql power injector"
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": []
+    },
+    {
+      "id": "ua0-600-18x",
+      "name": "N-Stealth",
+      "tags": {
+        "type": "attack_tool",
+        "category": "attack_attempt",
+        "tool_name": "N-Stealth",
+        "confidence": "1"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.headers.no_cookies",
+                "key_path": [
+                  "user-agent"
+                ]
+              }
+            ],
+            "regex": "(?i)\\bn-stealth\\b"
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": []
+    },
+    {
+      "id": "ua0-600-19x",
+      "name": "Brutus",
+      "tags": {
+        "type": "attack_tool",
+        "category": "attack_attempt",
+        "tool_name": "Brutus",
+        "confidence": "1"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.headers.no_cookies",
+                "key_path": [
+                  "user-agent"
+                ]
+              }
+            ],
+            "regex": "(?i)\\bbrutus\\b"
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": []
+    },
+    {
+      "id": "ua0-600-1xx",
+      "name": "Shellshock exploitation tool",
+      "tags": {
+        "type": "security_scanner",
+        "category": "attack_attempt",
+        "confidence": "1"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.headers.no_cookies",
+                "key_path": [
+                  "user-agent"
+                ]
+              }
+            ],
+            "regex": "\\(\\) \\{ :; *\\}"
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": []
+    },
+    {
+      "id": "ua0-600-20x",
+      "name": "Netsparker",
+      "tags": {
+        "type": "commercial_scanner",
+        "category": "attack_attempt",
+        "tool_name": "Netsparker",
+        "confidence": "0"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.headers.no_cookies",
+                "key_path": [
+                  "user-agent"
+                ]
+              }
+            ],
+            "regex": "\\bnetsparker\\b"
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": []
+    },
+    {
+      "id": "ua0-600-22x",
+      "name": "JAASCois",
+      "tags": {
+        "type": "attack_tool",
+        "category": "attack_attempt",
+        "tool_name": "JAASCois",
+        "confidence": "1"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.headers.no_cookies",
+                "key_path": [
+                  "user-agent"
+                ]
+              }
+            ],
+            "regex": "(?i)\\bjaascois\\b"
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": []
+    },
+    {
+      "id": "ua0-600-26x",
+      "name": "Nsauditor",
+      "tags": {
+        "type": "attack_tool",
+        "category": "attack_attempt",
+        "tool_name": "Nsauditor",
+        "confidence": "1"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.headers.no_cookies",
+                "key_path": [
+                  "user-agent"
+                ]
+              }
+            ],
+            "regex": "(?i)\\bnsauditor\\b"
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": []
+    },
+    {
+      "id": "ua0-600-27x",
+      "name": "Paros",
+      "tags": {
+        "type": "attack_tool",
+        "category": "attack_attempt",
+        "tool_name": "Paros",
+        "confidence": "1"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.headers.no_cookies",
+                "key_path": [
+                  "user-agent"
+                ]
+              }
+            ],
+            "regex": "(?i)Mozilla/.* Paros/"
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": []
+    },
+    {
+      "id": "ua0-600-28x",
+      "name": "DirBuster",
+      "tags": {
+        "type": "attack_tool",
+        "category": "attack_attempt",
+        "tool_name": "DirBuster",
+        "confidence": "1"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.headers.no_cookies",
+                "key_path": [
+                  "user-agent"
+                ]
+              }
+            ],
+            "regex": "(?i)\\bdirbuster\\b"
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": []
+    },
+    {
+      "id": "ua0-600-29x",
+      "name": "Pangolin",
+      "tags": {
+        "type": "attack_tool",
+        "category": "attack_attempt",
+        "tool_name": "Pangolin",
+        "confidence": "1"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.headers.no_cookies",
+                "key_path": [
+                  "user-agent"
+                ]
+              }
+            ],
+            "regex": "(?i)\\bpangolin\\b"
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": []
+    },
+    {
+      "id": "ua0-600-2xx",
+      "name": "Qualys",
+      "tags": {
+        "type": "commercial_scanner",
+        "category": "attack_attempt",
+        "tool_name": "Qualys",
+        "confidence": "0"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.headers.no_cookies",
+                "key_path": [
+                  "user-agent"
+                ]
+              }
+            ],
+            "regex": "(?i)\\bqualys\\b"
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": []
+    },
+    {
+      "id": "ua0-600-30x",
+      "name": "SQLNinja",
+      "tags": {
+        "type": "attack_tool",
+        "category": "attack_attempt",
+        "tool_name": "SQLNinja",
+        "confidence": "1"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.headers.no_cookies",
+                "key_path": [
+                  "user-agent"
+                ]
+              }
+            ],
+            "regex": "(?i)\\bsqlninja\\b"
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": []
+    },
+    {
+      "id": "ua0-600-31x",
+      "name": "Nikto",
+      "tags": {
+        "type": "attack_tool",
+        "category": "attack_attempt",
+        "tool_name": "Nikto",
+        "confidence": "1"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.headers.no_cookies",
+                "key_path": [
+                  "user-agent"
+                ]
+              }
+            ],
+            "regex": "\\(Nikto/[\\d\\.]+\\)"
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": []
+    },
+    {
+      "id": "ua0-600-33x",
+      "name": "BlackWidow",
+      "tags": {
+        "type": "attack_tool",
+        "category": "attack_attempt",
+        "tool_name": "BlackWidow",
+        "confidence": "1"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.headers.no_cookies",
+                "key_path": [
+                  "user-agent"
+                ]
+              }
+            ],
+            "regex": "(?i)\\bblack\\s?widow\\b"
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": []
+    },
+    {
+      "id": "ua0-600-34x",
+      "name": "Grendel-Scan",
+      "tags": {
+        "type": "attack_tool",
+        "category": "attack_attempt",
+        "tool_name": "Grendel-Scan",
+        "confidence": "1"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.headers.no_cookies",
+                "key_path": [
+                  "user-agent"
+                ]
+              }
+            ],
+            "regex": "(?i)\\bgrendel-scan\\b"
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": []
+    },
+    {
+      "id": "ua0-600-35x",
+      "name": "Havij",
+      "tags": {
+        "type": "attack_tool",
+        "category": "attack_attempt",
+        "tool_name": "Havij",
+        "confidence": "1"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.headers.no_cookies",
+                "key_path": [
+                  "user-agent"
+                ]
+              }
+            ],
+            "regex": "(?i)\\bhavij\\b"
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": []
+    },
+    {
+      "id": "ua0-600-36x",
+      "name": "w3af",
+      "tags": {
+        "type": "attack_tool",
+        "category": "attack_attempt",
+        "tool_name": "w3af",
+        "confidence": "1"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.headers.no_cookies",
+                "key_path": [
+                  "user-agent"
+                ]
+              }
+            ],
+            "regex": "(?i)\\bw3af\\b"
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": []
+    },
+    {
+      "id": "ua0-600-37x",
+      "name": "Nmap",
+      "tags": {
+        "type": "attack_tool",
+        "category": "attack_attempt",
+        "tool_name": "Nmap",
+        "confidence": "1"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.headers.no_cookies",
+                "key_path": [
+                  "user-agent"
+                ]
+              }
+            ],
+            "regex": "nmap (nse|scripting engine)"
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": []
+    },
+    {
+      "id": "ua0-600-39x",
+      "name": "Nessus Scripted",
+      "tags": {
+        "type": "attack_tool",
+        "category": "attack_attempt",
+        "tool_name": "Nessus",
+        "confidence": "1"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.headers.no_cookies",
+                "key_path": [
+                  "user-agent"
+                ]
+              }
+            ],
+            "regex": "(?i)^'?[a-z0-9_]+\\.nasl'?$"
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": []
+    },
+    {
+      "id": "ua0-600-3xx",
+      "name": "Evil Scanner",
+      "tags": {
+        "type": "attack_tool",
+        "category": "attack_attempt",
+        "tool_name": "EvilScanner",
+        "confidence": "1"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.headers.no_cookies",
+                "key_path": [
+                  "user-agent"
+                ]
+              }
+            ],
+            "regex": "(?i)\\bevilScanner\\b"
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": []
+    },
+    {
+      "id": "ua0-600-40x",
+      "name": "WebFuck",
+      "tags": {
+        "type": "attack_tool",
+        "category": "attack_attempt",
+        "tool_name": "WebFuck",
+        "confidence": "1"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.headers.no_cookies",
+                "key_path": [
+                  "user-agent"
+                ]
+              }
+            ],
+            "regex": "(?i)\\bWebFuck\\b"
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": []
+    },
+    {
+      "id": "ua0-600-42x",
+      "name": "OpenVAS",
+      "tags": {
+        "type": "attack_tool",
+        "category": "attack_attempt",
+        "tool_name": "OpenVAS",
+        "confidence": "1"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.headers.no_cookies",
+                "key_path": [
+                  "user-agent"
+                ]
+              }
+            ],
+            "regex": "(?i)OpenVAS\\b"
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": []
+    },
+    {
+      "id": "ua0-600-43x",
+      "name": "Spider-Pig",
+      "tags": {
+        "type": "attack_tool",
+        "category": "attack_attempt",
+        "tool_name": "Spider-Pig",
+        "confidence": "1"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.headers.no_cookies",
+                "key_path": [
+                  "user-agent"
+                ]
+              }
+            ],
+            "regex": "Powered by Spider-Pig by tinfoilsecurity\\.com"
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": []
+    },
+    {
+      "id": "ua0-600-44x",
+      "name": "Zgrab",
+      "tags": {
+        "type": "attack_tool",
+        "category": "attack_attempt",
+        "tool_name": "Zgrab",
+        "confidence": "1"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.headers.no_cookies",
+                "key_path": [
+                  "user-agent"
+                ]
+              }
+            ],
+            "regex": "Mozilla/\\d+.\\d+ zgrab"
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": []
+    },
+    {
+      "id": "ua0-600-45x",
+      "name": "Zmeu",
+      "tags": {
+        "type": "attack_tool",
+        "category": "attack_attempt",
+        "tool_name": "Zmeu",
+        "confidence": "1"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.headers.no_cookies",
+                "key_path": [
+                  "user-agent"
+                ]
+              }
+            ],
+            "regex": "(?i)\\bZmEu\\b"
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": []
+    },
+    {
+      "id": "ua0-600-47x",
+      "name": "GoogleSecurityScanner",
+      "tags": {
+        "type": "commercial_scanner",
+        "category": "attack_attempt",
+        "tool_name": "GoogleSecurityScanner",
+        "confidence": "0"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.headers.no_cookies",
+                "key_path": [
+                  "user-agent"
+                ]
+              }
+            ],
+            "regex": "(?i)\\bGoogleSecurityScanner\\b"
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": []
+    },
+    {
+      "id": "ua0-600-48x",
+      "name": "Commix",
+      "tags": {
+        "type": "attack_tool",
+        "category": "attack_attempt",
+        "tool_name": "Commix",
+        "confidence": "1"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.headers.no_cookies",
+                "key_path": [
+                  "user-agent"
+                ]
+              }
+            ],
+            "regex": "^commix\\/"
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": []
+    },
+    {
+      "id": "ua0-600-49x",
+      "name": "Gobuster",
+      "tags": {
+        "type": "attack_tool",
+        "category": "attack_attempt",
+        "tool_name": "Gobuster",
+        "confidence": "1"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.headers.no_cookies",
+                "key_path": [
+                  "user-agent"
+                ]
+              }
+            ],
+            "regex": "^gobuster\\/"
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": []
+    },
+    {
+      "id": "ua0-600-4xx",
+      "name": "CGIchk",
+      "tags": {
+        "type": "attack_tool",
+        "category": "attack_attempt",
+        "tool_name": "CGIchk",
+        "confidence": "1"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.headers.no_cookies",
+                "key_path": [
+                  "user-agent"
+                ]
+              }
+            ],
+            "regex": "(?i)\\bcgichk\\b"
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": []
+    },
+    {
+      "id": "ua0-600-51x",
+      "name": "FFUF",
+      "tags": {
+        "type": "attack_tool",
+        "category": "attack_attempt",
+        "tool_name": "FFUF",
+        "confidence": "1"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.headers.no_cookies",
+                "key_path": [
+                  "user-agent"
+                ]
+              }
+            ],
+            "regex": "(?i)^Fuzz Faster U Fool\\b"
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": []
+    },
+    {
+      "id": "ua0-600-52x",
+      "name": "Nuclei",
+      "tags": {
+        "type": "attack_tool",
+        "category": "attack_attempt",
+        "tool_name": "Nuclei",
+        "confidence": "1"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.headers.no_cookies",
+                "key_path": [
+                  "user-agent"
+                ]
+              }
+            ],
+            "regex": "(?i)^Nuclei\\b"
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": []
+    },
+    {
+      "id": "ua0-600-53x",
+      "name": "Tsunami",
+      "tags": {
+        "type": "attack_tool",
+        "category": "attack_attempt",
+        "tool_name": "Tsunami",
+        "confidence": "1"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.headers.no_cookies",
+                "key_path": [
+                  "user-agent"
+                ]
+              }
+            ],
+            "regex": "(?i)\\bTsunamiSecurityScanner\\b"
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": []
+    },
+    {
+      "id": "ua0-600-54x",
+      "name": "Nimbostratus",
+      "tags": {
+        "type": "attack_tool",
+        "category": "attack_attempt",
+        "tool_name": "Nimbostratus",
+        "confidence": "1"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.headers.no_cookies",
+                "key_path": [
+                  "user-agent"
+                ]
+              }
+            ],
+            "regex": "(?i)\\bnimbostratus-bot\\b"
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": []
+    },
+    {
+      "id": "ua0-600-55x",
+      "name": "Datadog test scanner: user-agent",
+      "tags": {
+        "type": "security_scanner",
+        "category": "attack_attempt",
+        "tool_name": "Datadog Canary Test",
+        "confidence": "1"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.headers.no_cookies",
+                "key_path": [
+                  "user-agent"
+                ]
+              },
+              {
+                "address": "grpc.server.request.metadata",
+                "key_path": [
+                  "dd-canary"
+                ]
+              }
+            ],
+            "regex": "^dd-test-scanner-log(?:$|/|\\s)"
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": []
+    },
+    {
+      "id": "ua0-600-56x",
+      "name": "Datadog test scanner - blocking version: user-agent",
+      "tags": {
+        "type": "attack_tool",
+        "category": "attack_attempt",
+        "tool_name": "Datadog Canary Test",
+        "confidence": "1"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.headers.no_cookies",
+                "key_path": [
+                  "user-agent"
+                ]
+              },
+              {
+                "address": "grpc.server.request.metadata",
+                "key_path": [
+                  "dd-canary"
+                ]
+              }
+            ],
+            "regex": "^dd-test-scanner-log-block(?:$|/|\\s)"
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": [],
+      "on_match": [
+        "block"
+      ]
+    },
+    {
+      "id": "ua0-600-57x",
+      "name": "AlertLogic",
+      "tags": {
+        "type": "commercial_scanner",
+        "category": "attack_attempt",
+        "tool_name": "AlertLogic",
+        "confidence": "0"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.headers.no_cookies",
+                "key_path": [
+                  "user-agent"
+                ]
+              }
+            ],
+            "regex": "\\bAlertLogic-MDR-"
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": []
+    },
+    {
+      "id": "ua0-600-58x",
+      "name": "wfuzz",
+      "tags": {
+        "type": "attack_tool",
+        "category": "attack_attempt",
+        "tool_name": "wfuzz",
+        "confidence": "1"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.headers.no_cookies",
+                "key_path": [
+                  "user-agent"
+                ]
+              }
+            ],
+            "regex": "\\bwfuzz\\b"
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": []
+    },
+    {
+      "id": "ua0-600-59x",
+      "name": "Detectify",
+      "tags": {
+        "type": "commercial_scanner",
+        "category": "attack_attempt",
+        "tool_name": "Detectify",
+        "confidence": "0"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.headers.no_cookies",
+                "key_path": [
+                  "user-agent"
+                ]
+              }
+            ],
+            "regex": "\\bdetectify\\b"
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": []
+    },
+    {
+      "id": "ua0-600-5xx",
+      "name": "Blind SQL Injection Brute Forcer",
+      "tags": {
+        "type": "attack_tool",
+        "category": "attack_attempt",
+        "tool_name": "BSQLBF",
+        "confidence": "1"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.headers.no_cookies",
+                "key_path": [
+                  "user-agent"
+                ]
+              }
+            ],
+            "regex": "(?i)\\bbsqlbf\\b"
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": []
+    },
+    {
+      "id": "ua0-600-60x",
+      "name": "masscan",
+      "tags": {
+        "type": "attack_tool",
+        "category": "attack_attempt",
+        "tool_name": "masscan",
+        "confidence": "1"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.headers.no_cookies",
+                "key_path": [
+                  "user-agent"
+                ]
+              }
+            ],
+            "regex": "^masscan/"
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": []
+    },
+    {
+      "id": "ua0-600-61x",
+      "name": "WPScan",
+      "tags": {
+        "type": "attack_tool",
+        "category": "attack_attempt",
+        "tool_name": "WPScan",
+        "confidence": "1"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.headers.no_cookies",
+                "key_path": [
+                  "user-agent"
+                ]
+              }
+            ],
+            "regex": "^wpscan\\b"
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": []
+    },
+    {
+      "id": "ua0-600-62x",
+      "name": "Aon pentesting services",
+      "tags": {
+        "type": "commercial_scanner",
+        "category": "attack_attempt",
+        "tool_name": "Aon",
+        "confidence": "0"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.headers.no_cookies",
+                "key_path": [
+                  "user-agent"
+                ]
+              }
+            ],
+            "regex": "^Aon/"
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": []
+    },
+    {
+      "id": "ua0-600-6xx",
+      "name": "Stealthy scanner",
+      "tags": {
+        "type": "security_scanner",
+        "category": "attack_attempt",
+        "confidence": "1"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.headers.no_cookies",
+                "key_path": [
+                  "user-agent"
+                ]
+              }
+            ],
+            "regex": "mozilla/4\\.0 \\(compatible(; msie 6\\.0; win32)?\\)"
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": []
+    },
+    {
+      "id": "ua0-600-7xx",
+      "name": "SQLmap",
+      "tags": {
+        "type": "attack_tool",
+        "category": "attack_attempt",
+        "tool_name": "SQLmap",
+        "confidence": "1"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.headers.no_cookies",
+                "key_path": [
+                  "user-agent"
+                ]
+              }
+            ],
+            "regex": "^sqlmap/"
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": []
+    },
+    {
+      "id": "ua0-600-9xx",
+      "name": "Skipfish",
+      "tags": {
+        "type": "attack_tool",
+        "category": "attack_attempt",
+        "tool_name": "Skipfish",
+        "confidence": "1"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.headers.no_cookies",
+                "key_path": [
+                  "user-agent"
+                ]
+              }
+            ],
+            "regex": "(?i)mozilla/5\\.0 sf/"
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": []
+    }
+  ]
+}
\ No newline at end of file
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/rules_manager.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/rules_manager.go
new file mode 100644
index 000000000..8bf12b182
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/rules_manager.go
@@ -0,0 +1,147 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2023 Datadog, Inc.
+
+package appsec
+
+import (
+	"encoding/json"
+	"fmt"
+
+	"gopkg.in/DataDog/dd-trace-go.v1/internal/log"
+
+	rc "github.com/DataDog/datadog-agent/pkg/remoteconfig/state"
+)
+
+type (
+	// rulesManager is used to build a full rules file from a combination of rules fragments
+	// The `base` fragment is the default rules (either local or received through ASM_DD),
+	// and the `edits` fragments each represent a remote configuration update that affects the rules.
+	// `basePath` is either empty if the local base rules are used, or holds the path of the ASM_DD config.
+	rulesManager struct {
+		latest   rulesFragment
+		base     rulesFragment
+		basePath string
+		edits    map[string]rulesFragment
+	}
+	// rulesFragment can represent a full ruleset or a fragment of it.
+	rulesFragment struct {
+		Version     string          `json:"version,omitempty"`
+		Metadata    interface{}     `json:"metadata,omitempty"`
+		Rules       []interface{}   `json:"rules,omitempty"`
+		Overrides   []interface{}   `json:"rules_override,omitempty"`
+		Exclusions  []interface{}   `json:"exclusions,omitempty"`
+		RulesData   []ruleDataEntry `json:"rules_data,omitempty"`
+		Actions     []actionEntry   `json:"actions,omitempty"`
+		CustomRules []interface{}   `json:"custom_rules,omitempty"`
+	}
+
+	ruleDataEntry rc.ASMDataRuleData
+	rulesData     struct {
+		RulesData []ruleDataEntry `json:"rules_data"`
+	}
+
+	actionEntry struct {
+		ID         string `json:"id"`
+		Type       string `json:"type"`
+		Parameters struct {
+			StatusCode     int    `json:"status_code"`
+			GRPCStatusCode *int   `json:"grpc_status_code,omitempty"`
+			Type           string `json:"type,omitempty"`
+			Location       string `json:"location,omitempty"`
+		} `json:"parameters,omitempty"`
+	}
+)
+
+// defaultRulesFragment returns a rulesFragment created using the default static recommended rules
+func defaultRulesFragment() rulesFragment {
+	var f rulesFragment
+	if err := json.Unmarshal([]byte(staticRecommendedRules), &f); err != nil {
+		log.Debug("appsec: error unmarshalling default rules: %v", err)
+	}
+	return f
+}
+
+func (r_ *rulesFragment) clone() rulesFragment {
+	var f rulesFragment
+	f.Version = r_.Version
+	f.Metadata = r_.Metadata
+	f.Overrides = append(f.Overrides, r_.Overrides...)
+	f.Exclusions = append(f.Exclusions, r_.Exclusions...)
+	f.RulesData = append(f.RulesData, r_.RulesData...)
+	f.CustomRules = append(f.CustomRules, r_.CustomRules...)
+	// TODO (Francois Mazeau): copy more fields once we handle them
+	return f
+}
+
+// newRulesManager initializes and returns a new rulesManager using the provided rules.
+// If no rules are provided (nil), the default rules are used instead.
+// If the provided rules are invalid, an error is returned
+func newRulesManager(rules []byte) (*rulesManager, error) {
+	var f rulesFragment
+	if rules == nil {
+		f = defaultRulesFragment()
+		log.Debug("appsec: rulesManager: using default rules configuration")
+	} else if err := json.Unmarshal(rules, &f); err != nil {
+		log.Debug("appsec: cannot create rulesManager from specified rules")
+		return nil, err
+	}
+	return &rulesManager{
+		latest: f,
+		base:   f,
+		edits:  map[string]rulesFragment{},
+	}, nil
+}
+
+func (r *rulesManager) clone() *rulesManager {
+	var clone rulesManager
+	clone.edits = make(map[string]rulesFragment, len(r.edits))
+	for k, v := range r.edits {
+		clone.edits[k] = v
+	}
+	clone.base = r.base.clone()
+	clone.latest = r.latest.clone()
+	return &clone
+}
+
+func (r *rulesManager) addEdit(cfgPath string, f rulesFragment) {
+	r.edits[cfgPath] = f
+}
+
+func (r *rulesManager) removeEdit(cfgPath string) {
+	delete(r.edits, cfgPath)
+}
+
+func (r *rulesManager) changeBase(f rulesFragment, basePath string) {
+	r.base = f
+	r.basePath = basePath
+}
+
+// compile compiles the rulesManager fragments together stores the result in r.latest
+func (r *rulesManager) compile() {
+	if r.base.Rules == nil || len(r.base.Rules) == 0 {
+		r.base = defaultRulesFragment()
+	}
+	r.latest = r.base
+
+	// Simply concatenate the content of each top level rule field as specified in our RFCs
+	for _, v := range r.edits {
+		r.latest.Overrides = append(r.latest.Overrides, v.Overrides...)
+		r.latest.Exclusions = append(r.latest.Exclusions, v.Exclusions...)
+		r.latest.Actions = append(r.latest.Actions, v.Actions...)
+		r.latest.RulesData = append(r.latest.RulesData, v.RulesData...)
+		r.latest.CustomRules = append(r.latest.CustomRules, v.CustomRules...)
+	}
+}
+
+// raw returns a compact json version of the rules
+func (r *rulesManager) raw() []byte {
+	data, _ := json.Marshal(r.latest)
+	return data
+}
+
+// String returns the string representation of the latest compiled json rules.
+func (r *rulesManager) String() string {
+	return fmt.Sprintf("%+v", r.latest)
+}
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/waf.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/waf.go
new file mode 100644
index 000000000..fa1fb5075
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/waf.go
@@ -0,0 +1,555 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016 Datadog, Inc.
+
+//go:build appsec
+// +build appsec
+
+package appsec
+
+import (
+	"encoding/json"
+	"errors"
+	"fmt"
+	"sort"
+	"sync"
+	"time"
+
+	"gopkg.in/DataDog/dd-trace-go.v1/ddtrace/ext"
+	"gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/dyngo"
+	"gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/dyngo/instrumentation/grpcsec"
+	"gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/dyngo/instrumentation/httpsec"
+	"gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/dyngo/instrumentation/sharedsec"
+	"gopkg.in/DataDog/dd-trace-go.v1/internal/log"
+	"gopkg.in/DataDog/dd-trace-go.v1/internal/samplernames"
+
+	waf "github.com/DataDog/go-libddwaf"
+	"go.uber.org/atomic"
+)
+
+const (
+	eventRulesVersionTag = "_dd.appsec.event_rules.version"
+	eventRulesErrorsTag  = "_dd.appsec.event_rules.errors"
+	eventRulesLoadedTag  = "_dd.appsec.event_rules.loaded"
+	eventRulesFailedTag  = "_dd.appsec.event_rules.error_count"
+	wafDurationTag       = "_dd.appsec.waf.duration"
+	wafDurationExtTag    = "_dd.appsec.waf.duration_ext"
+	wafTimeoutTag        = "_dd.appsec.waf.timeouts"
+	wafVersionTag        = "_dd.appsec.waf.version"
+)
+
+type wafHandle struct {
+	*waf.Handle
+	// Actions are tightly link to a ruleset, which is linked to a waf handle
+	actions map[string]*sharedsec.Action
+}
+
+func (a *appsec) swapWAF(rules rulesFragment) (err error) {
+	// Instantiate a new WAF handle and verify its state
+	newHandle, err := newWAFHandle(rules, a.cfg)
+	if err != nil {
+		return err
+	}
+
+	// Close the WAF handle in case of an error in what's following
+	defer func() {
+		if err != nil {
+			newHandle.Close()
+		}
+	}()
+
+	listeners, err := newWAFEventListeners(newHandle, a.cfg, a.limiter)
+	if err != nil {
+		return err
+	}
+
+	// Register the event listeners now that we know that the new handle is valid
+	newRoot := dyngo.NewRootOperation()
+	for _, l := range listeners {
+		newRoot.On(l)
+	}
+
+	// Hot-swap dyngo's root operation
+	dyngo.SwapRootOperation(newRoot)
+
+	// Close old handle.
+	// Note that concurrent requests are still using it, and it will be released
+	// only when no more requests use it.
+	// TODO: implement in dyngo ref-counting of the root operation so we can
+	//   rely on a Finish event listener on the root operation instead?
+	//   Avoiding saving the current WAF handle would guarantee no one is
+	//   accessing a.wafHandle while we swap
+	oldHandle := a.wafHandle
+	a.wafHandle = newHandle
+	if oldHandle != nil {
+		oldHandle.Close()
+	}
+
+	return nil
+}
+
+func actionFromEntry(e *actionEntry) *sharedsec.Action {
+	switch e.Type {
+	case "block_request":
+		grpcCode := 10 // use the grpc.Codes value for "Aborted" by default
+		if e.Parameters.GRPCStatusCode != nil {
+			grpcCode = *e.Parameters.GRPCStatusCode
+		}
+		return sharedsec.NewBlockRequestAction(e.Parameters.StatusCode, grpcCode, e.Parameters.Type)
+	case "redirect_request":
+		return sharedsec.NewRedirectRequestAction(e.Parameters.StatusCode, e.Parameters.Location)
+	default:
+		log.Debug("appsec: unknown action type `%s`", e.Type)
+		return nil
+	}
+}
+
+func newWAFHandle(rules rulesFragment, cfg *Config) (*wafHandle, error) {
+	handle, err := waf.NewHandle(rules, cfg.obfuscator.KeyRegex, cfg.obfuscator.ValueRegex)
+	actions := map[string]*sharedsec.Action{
+		// Default built-in block action
+		"block": sharedsec.NewBlockRequestAction(403, 10, "auto"),
+	}
+
+	for _, entry := range rules.Actions {
+		a := actionFromEntry(&entry)
+		if a != nil {
+			actions[entry.ID] = a
+		}
+	}
+	return &wafHandle{
+		Handle:  handle,
+		actions: actions,
+	}, err
+}
+
+func newWAFEventListeners(waf *wafHandle, cfg *Config, l Limiter) (listeners []dyngo.EventListener, err error) {
+	// Check if there are addresses in the rule
+	ruleAddresses := waf.Addresses()
+	if len(ruleAddresses) == 0 {
+		return nil, errors.New("no addresses found in the rule")
+	}
+
+	// Check there are supported addresses in the rule
+	httpAddresses, grpcAddresses, notSupported := supportedAddresses(ruleAddresses)
+	if len(httpAddresses) == 0 && len(grpcAddresses) == 0 {
+		return nil, fmt.Errorf("the addresses present in the rules are not supported: %v", notSupported)
+	}
+
+	if len(notSupported) > 0 {
+		log.Debug("appsec: the addresses present in the rules are partially supported: not supported=%v", notSupported)
+	}
+
+	// Register the WAF event listeners
+	if len(httpAddresses) > 0 {
+		log.Debug("appsec: creating http waf event listener of the rules addresses %v", httpAddresses)
+		listeners = append(listeners, newHTTPWAFEventListener(waf, httpAddresses, cfg.wafTimeout, l))
+	}
+
+	if len(grpcAddresses) > 0 {
+		log.Debug("appsec: creating the grpc waf event listener of the rules addresses %v", grpcAddresses)
+		listeners = append(listeners, newGRPCWAFEventListener(waf, grpcAddresses, cfg.wafTimeout, l))
+	}
+
+	return listeners, nil
+}
+
+// newWAFEventListener returns the WAF event listener to register in order to enable it.
+func newHTTPWAFEventListener(handle *wafHandle, addresses map[string]struct{}, timeout time.Duration, limiter Limiter) dyngo.EventListener {
+	var monitorRulesOnce sync.Once // per instantiation
+
+	return httpsec.OnHandlerOperationStart(func(op *httpsec.Operation, args httpsec.HandlerOperationArgs) {
+		wafCtx := waf.NewContext(handle.Handle)
+		if wafCtx == nil {
+			// The WAF event listener got concurrently released
+			return
+		}
+
+		if _, ok := addresses[userIDAddr]; ok {
+			// OnUserIDOperationStart happens when appsec.SetUser() is called. We run the WAF and apply actions to
+			// see if the associated user should be blocked. Since we don't control the execution flow in this case
+			// (SetUser is SDK), we delegate the responsibility of interrupting the handler to the user.
+			op.On(sharedsec.OnUserIDOperationStart(func(operation *sharedsec.UserIDOperation, args sharedsec.UserIDOperationArgs) {
+				matches, actionIds := runWAF(wafCtx, map[string]interface{}{userIDAddr: args.UserID}, timeout)
+				if len(matches) > 0 {
+					processHTTPSDKAction(operation, handle.actions, actionIds)
+					addSecurityEvents(op, limiter, matches)
+					log.Debug("appsec: WAF detected a suspicious user: %s", args.UserID)
+				}
+			}))
+		}
+
+		values := map[string]interface{}{}
+		for addr := range addresses {
+			switch addr {
+			case httpClientIPAddr:
+				if args.ClientIP.IsValid() {
+					values[httpClientIPAddr] = args.ClientIP.String()
+				}
+			case serverRequestMethodAddr:
+				values[serverRequestMethodAddr] = args.Method
+			case serverRequestRawURIAddr:
+				values[serverRequestRawURIAddr] = args.RequestURI
+			case serverRequestHeadersNoCookiesAddr:
+				if headers := args.Headers; headers != nil {
+					values[serverRequestHeadersNoCookiesAddr] = headers
+				}
+			case serverRequestCookiesAddr:
+				if cookies := args.Cookies; cookies != nil {
+					values[serverRequestCookiesAddr] = cookies
+				}
+			case serverRequestQueryAddr:
+				if query := args.Query; query != nil {
+					values[serverRequestQueryAddr] = query
+				}
+			case serverRequestPathParamsAddr:
+				if pathParams := args.PathParams; pathParams != nil {
+					values[serverRequestPathParamsAddr] = pathParams
+				}
+			}
+		}
+
+		matches, actionIds := runWAF(wafCtx, values, timeout)
+		if len(matches) > 0 {
+			interrupt := processActions(op, handle.actions, actionIds)
+			addSecurityEvents(op, limiter, matches)
+			log.Debug("appsec: WAF detected an attack before executing the request")
+			if interrupt {
+				wafCtx.Close()
+				return
+			}
+		}
+
+		if _, ok := addresses[serverRequestBodyAddr]; ok {
+			op.On(httpsec.OnSDKBodyOperationStart(func(sdkBodyOp *httpsec.SDKBodyOperation, args httpsec.SDKBodyOperationArgs) {
+				matches, actionIds := runWAF(wafCtx, map[string]interface{}{serverRequestBodyAddr: args.Body}, timeout)
+				if len(matches) > 0 {
+					processHTTPSDKAction(sdkBodyOp, handle.actions, actionIds)
+					addSecurityEvents(op, limiter, matches)
+					log.Debug("appsec: WAF detected a suspicious request body")
+				}
+			}))
+		}
+
+		op.On(httpsec.OnHandlerOperationFinish(func(op *httpsec.Operation, res httpsec.HandlerOperationRes) {
+			defer wafCtx.Close()
+
+			values := make(map[string]interface{}, 1)
+			if _, ok := addresses[serverResponseStatusAddr]; ok {
+				values[serverResponseStatusAddr] = res.Status
+			}
+
+			// Run the WAF, ignoring the returned actions - if any - since blocking after the request handler's
+			// response is not supported at the moment.
+			matches, _ := runWAF(wafCtx, values, timeout)
+
+			// Add WAF metrics.
+			rInfo := handle.RulesetInfo()
+			overallRuntimeNs, internalRuntimeNs := wafCtx.TotalRuntime()
+			addWAFMonitoringTags(op, rInfo.Version, overallRuntimeNs, internalRuntimeNs, wafCtx.TotalTimeouts())
+
+			// Add the following metrics once per instantiation of a WAF handle
+			monitorRulesOnce.Do(func() {
+				addRulesMonitoringTags(op, rInfo)
+				op.AddTag(ext.ManualKeep, samplernames.AppSec)
+			})
+
+			// Log the attacks if any
+			if len(matches) == 0 {
+				return
+			}
+			log.Debug("appsec: attack detected by the waf")
+			addSecurityEvents(op, limiter, matches)
+		}))
+	})
+}
+
+// newGRPCWAFEventListener returns the WAF event listener to register in order
+// to enable it.
+func newGRPCWAFEventListener(handle *wafHandle, addresses map[string]struct{}, timeout time.Duration, limiter Limiter) dyngo.EventListener {
+	var monitorRulesOnce sync.Once // per instantiation
+
+	return grpcsec.OnHandlerOperationStart(func(op *grpcsec.HandlerOperation, handlerArgs grpcsec.HandlerOperationArgs) {
+		// Limit the maximum number of security events, as a streaming RPC could
+		// receive unlimited number of messages where we could find security events
+		const maxWAFEventsPerRequest = 10
+		var (
+			nbEvents          atomic.Uint32
+			logOnce           sync.Once // per request
+			overallRuntimeNs  atomic.Uint64
+			internalRuntimeNs atomic.Uint64
+			nbTimeouts        atomic.Uint64
+
+			events []json.RawMessage
+			mu     sync.Mutex // events mutex
+		)
+
+		wafCtx := waf.NewContext(handle.Handle)
+		if wafCtx == nil {
+			// The WAF event listener got concurrently released
+			return
+		}
+
+		// OnUserIDOperationStart happens when appsec.SetUser() is called. We run the WAF and apply actions to
+		// see if the associated user should be blocked. Since we don't control the execution flow in this case
+		// (SetUser is SDK), we delegate the responsibility of interrupting the handler to the user.
+		op.On(sharedsec.OnUserIDOperationStart(func(userIDOp *sharedsec.UserIDOperation, args sharedsec.UserIDOperationArgs) {
+			values := map[string]interface{}{}
+			for addr := range addresses {
+				if addr == userIDAddr {
+					values[userIDAddr] = args.UserID
+				}
+			}
+			matches, actionIds := runWAF(wafCtx, values, timeout)
+			if len(matches) > 0 {
+				for _, id := range actionIds {
+					if a, ok := handle.actions[id]; ok && a.Blocking() {
+						code, err := a.GRPC()(map[string][]string{})
+						userIDOp.EmitData(grpcsec.NewMonitoringError(err.Error(), code))
+					}
+				}
+				addSecurityEvents(op, limiter, matches)
+				log.Debug("appsec: WAF detected an authenticated user attack: %s", args.UserID)
+			}
+		}))
+
+		// The same address is used for gRPC and http when it comes to client ip
+		values := map[string]interface{}{}
+		for addr := range addresses {
+			if addr == httpClientIPAddr && handlerArgs.ClientIP.IsValid() {
+				values[httpClientIPAddr] = handlerArgs.ClientIP.String()
+			}
+		}
+
+		matches, actionIds := runWAF(wafCtx, values, timeout)
+		if len(matches) > 0 {
+			interrupt := processActions(op, handle.actions, actionIds)
+			addSecurityEvents(op, limiter, matches)
+			log.Debug("appsec: WAF detected an attack before executing the request")
+			if interrupt {
+				wafCtx.Close()
+				return
+			}
+		}
+
+		op.On(grpcsec.OnReceiveOperationFinish(func(_ grpcsec.ReceiveOperation, res grpcsec.ReceiveOperationRes) {
+			if nbEvents.Load() == maxWAFEventsPerRequest {
+				logOnce.Do(func() {
+					log.Debug("appsec: ignoring the rpc message due to the maximum number of security events per grpc call reached")
+				})
+				return
+			}
+			// The current workaround of the WAF context limitations is to
+			// simply instantiate and release the WAF context for the operation
+			// lifetime so that:
+			//   1. We avoid growing the memory usage of the context every time
+			//      a grpc.server.request.message value is added to it during
+			//      the RPC lifetime.
+			//   2. We avoid the limitation of 1 event per attack type.
+			// TODO(Julio-Guerra): a future libddwaf API should solve this out.
+			wafCtx := waf.NewContext(handle.Handle)
+			if wafCtx == nil {
+				// The WAF event listener got concurrently released
+				return
+			}
+			defer wafCtx.Close()
+			// Run the WAF on the rule addresses available in the args
+			// Note that we don't check if the address is present in the rules
+			// as we only support one at the moment, so this callback cannot be
+			// set when the address is not present.
+			values := map[string]interface{}{grpcServerRequestMessage: res.Message}
+			if md := handlerArgs.Metadata; len(md) > 0 {
+				values[grpcServerRequestMetadata] = md
+			}
+			// Run the WAF, ignoring the returned actions - if any - since blocking after the request handler's
+			// response is not supported at the moment.
+			event, _ := runWAF(wafCtx, values, timeout)
+
+			// WAF run durations are WAF context bound. As of now we need to keep track of those externally since
+			// we use a new WAF context for each callback. When we are able to re-use the same WAF context across
+			// callbacks, we can get rid of these variables and simply use the WAF bindings in OnHandlerOperationFinish.
+			overall, internal := wafCtx.TotalRuntime()
+			overallRuntimeNs.Add(overall)
+			internalRuntimeNs.Add(internal)
+			nbTimeouts.Add(wafCtx.TotalTimeouts())
+
+			if len(event) == 0 {
+				return
+			}
+			log.Debug("appsec: attack detected by the grpc waf")
+			nbEvents.Inc()
+			mu.Lock()
+			events = append(events, event)
+			mu.Unlock()
+		}))
+
+		op.On(grpcsec.OnHandlerOperationFinish(func(op *grpcsec.HandlerOperation, _ grpcsec.HandlerOperationRes) {
+			defer wafCtx.Close()
+			rInfo := handle.RulesetInfo()
+			addWAFMonitoringTags(op, rInfo.Version, overallRuntimeNs.Load(), internalRuntimeNs.Load(), nbTimeouts.Load())
+
+			// Log the following metrics once per instantiation of a WAF handle
+			monitorRulesOnce.Do(func() {
+				addRulesMonitoringTags(op, rInfo)
+				op.AddTag(ext.ManualKeep, samplernames.AppSec)
+			})
+
+			addSecurityEvents(op, limiter, events...)
+		}))
+	})
+}
+
+func runWAF(wafCtx *waf.Context, values map[string]interface{}, timeout time.Duration) ([]byte, []string) {
+	matches, actions, err := wafCtx.Run(values, timeout)
+	if err != nil {
+		if err == waf.ErrTimeout {
+			log.Debug("appsec: waf timeout value of %s reached", timeout)
+		} else {
+			log.Error("appsec: unexpected waf error: %v", err)
+			return nil, nil
+		}
+	}
+	return matches, actions
+}
+
+// HTTP rule addresses currently supported by the WAF
+const (
+	serverRequestMethodAddr           = "server.request.method"
+	serverRequestRawURIAddr           = "server.request.uri.raw"
+	serverRequestHeadersNoCookiesAddr = "server.request.headers.no_cookies"
+	serverRequestCookiesAddr          = "server.request.cookies"
+	serverRequestQueryAddr            = "server.request.query"
+	serverRequestPathParamsAddr       = "server.request.path_params"
+	serverRequestBodyAddr             = "server.request.body"
+	serverResponseStatusAddr          = "server.response.status"
+	httpClientIPAddr                  = "http.client_ip"
+	userIDAddr                        = "usr.id"
+)
+
+// List of HTTP rule addresses currently supported by the WAF
+var httpAddresses = []string{
+	serverRequestMethodAddr,
+	serverRequestRawURIAddr,
+	serverRequestHeadersNoCookiesAddr,
+	serverRequestCookiesAddr,
+	serverRequestQueryAddr,
+	serverRequestPathParamsAddr,
+	serverRequestBodyAddr,
+	serverResponseStatusAddr,
+	httpClientIPAddr,
+	userIDAddr,
+}
+
+// gRPC rule addresses currently supported by the WAF
+const (
+	grpcServerRequestMessage  = "grpc.server.request.message"
+	grpcServerRequestMetadata = "grpc.server.request.metadata"
+)
+
+// List of gRPC rule addresses currently supported by the WAF
+var grpcAddresses = []string{
+	grpcServerRequestMessage,
+	grpcServerRequestMetadata,
+	httpClientIPAddr,
+	userIDAddr,
+}
+
+func init() {
+	// sort the address lists to avoid mistakes and use sort.SearchStrings()
+	sort.Strings(httpAddresses)
+	sort.Strings(grpcAddresses)
+}
+
+// supportedAddresses returns the list of addresses we actually support from the
+// given rule addresses.
+func supportedAddresses(ruleAddresses []string) (supportedHTTP, supportedGRPC map[string]struct{}, notSupported []string) {
+	// Filter the supported addresses only
+	supportedHTTP = map[string]struct{}{}
+	supportedGRPC = map[string]struct{}{}
+	for _, addr := range ruleAddresses {
+		supported := false
+		if i := sort.SearchStrings(httpAddresses, addr); i < len(httpAddresses) && httpAddresses[i] == addr {
+			supportedHTTP[addr] = struct{}{}
+			supported = true
+		}
+		if i := sort.SearchStrings(grpcAddresses, addr); i < len(grpcAddresses) && grpcAddresses[i] == addr {
+			supportedGRPC[addr] = struct{}{}
+			supported = true
+		}
+
+		if !supported {
+			notSupported = append(notSupported, addr)
+		}
+	}
+
+	return supportedHTTP, supportedGRPC, notSupported
+}
+
+type tagsHolder interface {
+	AddTag(string, interface{})
+}
+
+// Add the tags related to security rules monitoring
+func addRulesMonitoringTags(th tagsHolder, rInfo waf.RulesetInfo) {
+	if len(rInfo.Errors) == 0 {
+		rInfo.Errors = nil
+	}
+	rulesetErrors, err := json.Marshal(rInfo.Errors)
+	if err != nil {
+		log.Error("appsec: could not marshal the waf ruleset info errors to json")
+	}
+	th.AddTag(eventRulesErrorsTag, string(rulesetErrors)) // avoid the tracer's call to fmt.Sprintf on the value
+	th.AddTag(eventRulesLoadedTag, float64(rInfo.Loaded))
+	th.AddTag(eventRulesFailedTag, float64(rInfo.Failed))
+	th.AddTag(wafVersionTag, waf.Version())
+}
+
+// Add the tags related to the monitoring of the WAF
+func addWAFMonitoringTags(th tagsHolder, rulesVersion string, overallRuntimeNs, internalRuntimeNs, timeouts uint64) {
+	// Rules version is set for every request to help the backend associate WAF duration metrics with rule version
+	th.AddTag(eventRulesVersionTag, rulesVersion)
+	th.AddTag(wafTimeoutTag, float64(timeouts))
+	th.AddTag(wafDurationTag, float64(internalRuntimeNs)/1e3)   // ns to us
+	th.AddTag(wafDurationExtTag, float64(overallRuntimeNs)/1e3) // ns to us
+}
+
+type securityEventsAdder interface {
+	AddSecurityEvents(events ...json.RawMessage)
+}
+
+// Helper function to add sec events to an operation taking into account the rate limiter.
+func addSecurityEvents(op securityEventsAdder, limiter Limiter, matches ...json.RawMessage) {
+	if len(matches) > 0 && limiter.Allow() {
+		op.AddSecurityEvents(matches...)
+	}
+}
+
+// processActions sends the relevant actions to the operation's data listener.
+// It returns true if at least one of those actions require interrupting the request handler
+func processActions(op dyngo.Operation, actions map[string]*sharedsec.Action, actionIds []string) (interrupt bool) {
+	for _, id := range actionIds {
+		if a, ok := actions[id]; ok {
+			op.EmitData(actions[id])
+			interrupt = interrupt || a.Blocking()
+		}
+	}
+	return interrupt
+}
+
+// processHTTPSDKAction does two things:
+//   - send actions to the parent operation's data listener, for their handlers to be executed after the user handler
+//   - send an error to the current operation's data listener (created by an SDK call), to signal users to interrupt
+//     their handler.
+func processHTTPSDKAction(op dyngo.Operation, actions map[string]*sharedsec.Action, actionIds []string) {
+	for _, id := range actionIds {
+		if action, ok := actions[id]; ok {
+			if op.Parent() != nil {
+				op.Parent().EmitData(action) // Send the action so that the handler gets executed
+			}
+			if action.Blocking() { // Send the error to be returned by the SDK
+				op.EmitData(httpsec.NewMonitoringError("Request blocked")) // Send error
+			}
+		}
+	}
+}
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/container.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/container.go
new file mode 100644
index 000000000..2f6a52b3e
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/container.go
@@ -0,0 +1,71 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016 Datadog, Inc.
+
+package internal
+
+import (
+	"bufio"
+	"fmt"
+	"io"
+	"os"
+	"regexp"
+)
+
+const (
+	// cgroupPath is the path to the cgroup file where we can find the container id if one exists.
+	cgroupPath = "/proc/self/cgroup"
+)
+
+const (
+	uuidSource      = "[0-9a-f]{8}[-_][0-9a-f]{4}[-_][0-9a-f]{4}[-_][0-9a-f]{4}[-_][0-9a-f]{12}|[0-9a-f]{8}(?:-[0-9a-f]{4}){4}$"
+	containerSource = "[0-9a-f]{64}"
+	taskSource      = "[0-9a-f]{32}-\\d+"
+)
+
+var (
+	// expLine matches a line in the /proc/self/cgroup file. It has a submatch for the last element (path), which contains the container ID.
+	expLine = regexp.MustCompile(`^\d+:[^:]*:(.+)$`)
+
+	// expContainerID matches contained IDs and sources. Source: https://github.com/Qard/container-info/blob/master/index.js
+	expContainerID = regexp.MustCompile(fmt.Sprintf(`(%s|%s|%s)(?:.scope)?$`, uuidSource, containerSource, taskSource))
+
+	// containerID is the containerID read at init from /proc/self/cgroup
+	containerID string
+)
+
+func init() {
+	containerID = readContainerID(cgroupPath)
+}
+
+// parseContainerID finds the first container ID reading from r and returns it.
+func parseContainerID(r io.Reader) string {
+	scn := bufio.NewScanner(r)
+	for scn.Scan() {
+		path := expLine.FindStringSubmatch(scn.Text())
+		if len(path) != 2 {
+			// invalid entry, continue
+			continue
+		}
+		if parts := expContainerID.FindStringSubmatch(path[1]); len(parts) == 2 {
+			return parts[1]
+		}
+	}
+	return ""
+}
+
+// readContainerID attempts to return the container ID from the provided file path or empty on failure.
+func readContainerID(fpath string) string {
+	f, err := os.Open(fpath)
+	if err != nil {
+		return ""
+	}
+	defer f.Close()
+	return parseContainerID(f)
+}
+
+// ContainerID attempts to return the container ID from /proc/self/cgroup or empty on failure.
+func ContainerID() string {
+	return containerID
+}
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/datastreams/pathway.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/datastreams/pathway.go
new file mode 100644
index 000000000..5ff05de27
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/datastreams/pathway.go
@@ -0,0 +1,96 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016-present Datadog, Inc.
+
+package datastreams
+
+import (
+	"encoding/binary"
+	"fmt"
+	"hash/fnv"
+	"math/rand"
+	"sort"
+	"strings"
+	"time"
+)
+
+var hashableEdgeTags = map[string]struct{}{"event_type": {}, "exchange": {}, "group": {}, "topic": {}, "type": {}, "direction": {}}
+
+func isWellFormedEdgeTag(t string) bool {
+	if i := strings.IndexByte(t, ':'); i != -1 {
+		if j := strings.LastIndexByte(t, ':'); j == i {
+			if _, exists := hashableEdgeTags[t[:i]]; exists {
+				return true
+			}
+		}
+	}
+	return false
+}
+
+func nodeHash(service, env string, edgeTags []string) uint64 {
+	h := fnv.New64()
+	sort.Strings(edgeTags)
+	h.Write([]byte(service))
+	h.Write([]byte(env))
+	for _, t := range edgeTags {
+		if isWellFormedEdgeTag(t) {
+			h.Write([]byte(t))
+		} else {
+			fmt.Println("not formatted correctly", t)
+		}
+	}
+	return h.Sum64()
+}
+
+func pathwayHash(nodeHash, parentHash uint64) uint64 {
+	b := make([]byte, 16)
+	binary.LittleEndian.PutUint64(b, nodeHash)
+	binary.LittleEndian.PutUint64(b[8:], parentHash)
+	h := fnv.New64()
+	h.Write(b)
+	return h.Sum64()
+}
+
+// Pathway is used to monitor how payloads are sent across different services.
+// An example Pathway would be:
+// service A -- edge 1 --> service B -- edge 2 --> service C
+// So it's a branch of services (we also call them "nodes") connected via edges.
+// As the payload is sent around, we save the start time (start of service A),
+// and the start time of the previous service.
+// This allows us to measure the latency of each edge, as well as the latency from origin of any service.
+type Pathway struct {
+	// hash is the hash of the current node, of the parent node, and of the edge that connects the parent node
+	// to this node.
+	hash uint64
+	// pathwayStart is the start of the first node in the Pathway
+	pathwayStart time.Time
+	// edgeStart is the start of the previous node.
+	edgeStart time.Time
+}
+
+// Merge merges multiple pathways into one.
+// The current implementation samples one resulting Pathway. A future implementation could be more clever
+// and actually merge the Pathways.
+func Merge(pathways []Pathway) Pathway {
+	if len(pathways) == 0 {
+		return Pathway{}
+	}
+	// Randomly select a pathway to propagate downstream.
+	n := rand.Intn(len(pathways))
+	return pathways[n]
+}
+
+// GetHash gets the hash of a pathway.
+func (p Pathway) GetHash() uint64 {
+	return p.hash
+}
+
+// PathwayStart returns the start timestamp of the pathway
+func (p Pathway) PathwayStart() time.Time {
+	return p.pathwayStart
+}
+
+func (p Pathway) EdgeStart() time.Time {
+	return p.edgeStart
+}
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/datastreams/payload.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/datastreams/payload.go
new file mode 100644
index 000000000..8df402731
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/datastreams/payload.go
@@ -0,0 +1,84 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016-present Datadog, Inc.
+
+//go:generate msgp -unexported -marshal=false -o=payload_msgp.go -tests=false
+
+package datastreams
+
+// StatsPayload stores client computed stats.
+type StatsPayload struct {
+	// Env specifies the env. of the application, as defined by the user.
+	Env string
+	// Service is the service of the application
+	Service string
+	// Stats holds all stats buckets computed within this payload.
+	Stats []StatsBucket
+	// TracerVersion is the version of the tracer
+	TracerVersion string
+	// Lang is the language of the tracer
+	Lang string
+	// Version is the version of the service
+	Version string
+}
+
+type ProduceOffset struct {
+	Topic     string
+	Partition int32
+	Offset    int64
+}
+
+type CommitOffset struct {
+	ConsumerGroup string
+	Topic         string
+	Partition     int32
+	Offset        int64
+}
+
+// Backlog represents the size of a queue that hasn't been yet read by the consumer.
+type Backlog struct {
+	// Tags that identify the backlog
+	Tags []string
+	// Value of the backlog
+	Value int64
+}
+
+// StatsBucket specifies a set of stats computed over a duration.
+type StatsBucket struct {
+	// Start specifies the beginning of this bucket in unix nanoseconds.
+	Start uint64
+	// Duration specifies the duration of this bucket in nanoseconds.
+	Duration uint64
+	// Stats contains a set of statistics computed for the duration of this bucket.
+	Stats []StatsPoint
+	// Backlogs store information used to compute queue backlog
+	Backlogs []Backlog
+}
+
+// TimestampType can be either current or origin.
+type TimestampType string
+
+const (
+	// TimestampTypeCurrent is for when the recorded timestamp is based on the
+	// timestamp of the current StatsPoint.
+	TimestampTypeCurrent TimestampType = "current"
+	// TimestampTypeOrigin is for when the recorded timestamp is based on the
+	// time that the first StatsPoint in the pathway is sent out.
+	TimestampTypeOrigin TimestampType = "origin"
+)
+
+// StatsPoint contains a set of statistics grouped under various aggregation keys.
+type StatsPoint struct {
+	// These fields indicate the properties under which the stats were aggregated.
+	Service    string // deprecated
+	EdgeTags   []string
+	Hash       uint64
+	ParentHash uint64
+	// These fields specify the stats for the above aggregation.
+	// those are distributions of latency in seconds.
+	PathwayLatency []byte
+	EdgeLatency    []byte
+	PayloadSize    []byte
+	TimestampType  TimestampType
+}
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/datastreams/payload_msgp.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/datastreams/payload_msgp.go
new file mode 100644
index 000000000..d22fdfea9
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/datastreams/payload_msgp.go
@@ -0,0 +1,907 @@
+package datastreams
+
+// Code generated by github.com/tinylib/msgp DO NOT EDIT.
+
+import (
+	"github.com/tinylib/msgp/msgp"
+)
+
+// DecodeMsg implements msgp.Decodable
+func (z *Backlog) DecodeMsg(dc *msgp.Reader) (err error) {
+	var field []byte
+	_ = field
+	var zb0001 uint32
+	zb0001, err = dc.ReadMapHeader()
+	if err != nil {
+		err = msgp.WrapError(err)
+		return
+	}
+	for zb0001 > 0 {
+		zb0001--
+		field, err = dc.ReadMapKeyPtr()
+		if err != nil {
+			err = msgp.WrapError(err)
+			return
+		}
+		switch msgp.UnsafeString(field) {
+		case "Tags":
+			var zb0002 uint32
+			zb0002, err = dc.ReadArrayHeader()
+			if err != nil {
+				err = msgp.WrapError(err, "Tags")
+				return
+			}
+			if cap(z.Tags) >= int(zb0002) {
+				z.Tags = (z.Tags)[:zb0002]
+			} else {
+				z.Tags = make([]string, zb0002)
+			}
+			for za0001 := range z.Tags {
+				z.Tags[za0001], err = dc.ReadString()
+				if err != nil {
+					err = msgp.WrapError(err, "Tags", za0001)
+					return
+				}
+			}
+		case "Value":
+			z.Value, err = dc.ReadInt64()
+			if err != nil {
+				err = msgp.WrapError(err, "Value")
+				return
+			}
+		default:
+			err = dc.Skip()
+			if err != nil {
+				err = msgp.WrapError(err)
+				return
+			}
+		}
+	}
+	return
+}
+
+// EncodeMsg implements msgp.Encodable
+func (z *Backlog) EncodeMsg(en *msgp.Writer) (err error) {
+	// map header, size 2
+	// write "Tags"
+	err = en.Append(0x82, 0xa4, 0x54, 0x61, 0x67, 0x73)
+	if err != nil {
+		return
+	}
+	err = en.WriteArrayHeader(uint32(len(z.Tags)))
+	if err != nil {
+		err = msgp.WrapError(err, "Tags")
+		return
+	}
+	for za0001 := range z.Tags {
+		err = en.WriteString(z.Tags[za0001])
+		if err != nil {
+			err = msgp.WrapError(err, "Tags", za0001)
+			return
+		}
+	}
+	// write "Value"
+	err = en.Append(0xa5, 0x56, 0x61, 0x6c, 0x75, 0x65)
+	if err != nil {
+		return
+	}
+	err = en.WriteInt64(z.Value)
+	if err != nil {
+		err = msgp.WrapError(err, "Value")
+		return
+	}
+	return
+}
+
+// Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message
+func (z *Backlog) Msgsize() (s int) {
+	s = 1 + 5 + msgp.ArrayHeaderSize
+	for za0001 := range z.Tags {
+		s += msgp.StringPrefixSize + len(z.Tags[za0001])
+	}
+	s += 6 + msgp.Int64Size
+	return
+}
+
+// DecodeMsg implements msgp.Decodable
+func (z *CommitOffset) DecodeMsg(dc *msgp.Reader) (err error) {
+	var field []byte
+	_ = field
+	var zb0001 uint32
+	zb0001, err = dc.ReadMapHeader()
+	if err != nil {
+		err = msgp.WrapError(err)
+		return
+	}
+	for zb0001 > 0 {
+		zb0001--
+		field, err = dc.ReadMapKeyPtr()
+		if err != nil {
+			err = msgp.WrapError(err)
+			return
+		}
+		switch msgp.UnsafeString(field) {
+		case "ConsumerGroup":
+			z.ConsumerGroup, err = dc.ReadString()
+			if err != nil {
+				err = msgp.WrapError(err, "ConsumerGroup")
+				return
+			}
+		case "Topic":
+			z.Topic, err = dc.ReadString()
+			if err != nil {
+				err = msgp.WrapError(err, "Topic")
+				return
+			}
+		case "Partition":
+			z.Partition, err = dc.ReadInt32()
+			if err != nil {
+				err = msgp.WrapError(err, "Partition")
+				return
+			}
+		case "Offset":
+			z.Offset, err = dc.ReadInt64()
+			if err != nil {
+				err = msgp.WrapError(err, "Offset")
+				return
+			}
+		default:
+			err = dc.Skip()
+			if err != nil {
+				err = msgp.WrapError(err)
+				return
+			}
+		}
+	}
+	return
+}
+
+// EncodeMsg implements msgp.Encodable
+func (z *CommitOffset) EncodeMsg(en *msgp.Writer) (err error) {
+	// map header, size 4
+	// write "ConsumerGroup"
+	err = en.Append(0x84, 0xad, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6d, 0x65, 0x72, 0x47, 0x72, 0x6f, 0x75, 0x70)
+	if err != nil {
+		return
+	}
+	err = en.WriteString(z.ConsumerGroup)
+	if err != nil {
+		err = msgp.WrapError(err, "ConsumerGroup")
+		return
+	}
+	// write "Topic"
+	err = en.Append(0xa5, 0x54, 0x6f, 0x70, 0x69, 0x63)
+	if err != nil {
+		return
+	}
+	err = en.WriteString(z.Topic)
+	if err != nil {
+		err = msgp.WrapError(err, "Topic")
+		return
+	}
+	// write "Partition"
+	err = en.Append(0xa9, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e)
+	if err != nil {
+		return
+	}
+	err = en.WriteInt32(z.Partition)
+	if err != nil {
+		err = msgp.WrapError(err, "Partition")
+		return
+	}
+	// write "Offset"
+	err = en.Append(0xa6, 0x4f, 0x66, 0x66, 0x73, 0x65, 0x74)
+	if err != nil {
+		return
+	}
+	err = en.WriteInt64(z.Offset)
+	if err != nil {
+		err = msgp.WrapError(err, "Offset")
+		return
+	}
+	return
+}
+
+// Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message
+func (z *CommitOffset) Msgsize() (s int) {
+	s = 1 + 14 + msgp.StringPrefixSize + len(z.ConsumerGroup) + 6 + msgp.StringPrefixSize + len(z.Topic) + 10 + msgp.Int32Size + 7 + msgp.Int64Size
+	return
+}
+
+// DecodeMsg implements msgp.Decodable
+func (z *ProduceOffset) DecodeMsg(dc *msgp.Reader) (err error) {
+	var field []byte
+	_ = field
+	var zb0001 uint32
+	zb0001, err = dc.ReadMapHeader()
+	if err != nil {
+		err = msgp.WrapError(err)
+		return
+	}
+	for zb0001 > 0 {
+		zb0001--
+		field, err = dc.ReadMapKeyPtr()
+		if err != nil {
+			err = msgp.WrapError(err)
+			return
+		}
+		switch msgp.UnsafeString(field) {
+		case "Topic":
+			z.Topic, err = dc.ReadString()
+			if err != nil {
+				err = msgp.WrapError(err, "Topic")
+				return
+			}
+		case "Partition":
+			z.Partition, err = dc.ReadInt32()
+			if err != nil {
+				err = msgp.WrapError(err, "Partition")
+				return
+			}
+		case "Offset":
+			z.Offset, err = dc.ReadInt64()
+			if err != nil {
+				err = msgp.WrapError(err, "Offset")
+				return
+			}
+		default:
+			err = dc.Skip()
+			if err != nil {
+				err = msgp.WrapError(err)
+				return
+			}
+		}
+	}
+	return
+}
+
+// EncodeMsg implements msgp.Encodable
+func (z ProduceOffset) EncodeMsg(en *msgp.Writer) (err error) {
+	// map header, size 3
+	// write "Topic"
+	err = en.Append(0x83, 0xa5, 0x54, 0x6f, 0x70, 0x69, 0x63)
+	if err != nil {
+		return
+	}
+	err = en.WriteString(z.Topic)
+	if err != nil {
+		err = msgp.WrapError(err, "Topic")
+		return
+	}
+	// write "Partition"
+	err = en.Append(0xa9, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e)
+	if err != nil {
+		return
+	}
+	err = en.WriteInt32(z.Partition)
+	if err != nil {
+		err = msgp.WrapError(err, "Partition")
+		return
+	}
+	// write "Offset"
+	err = en.Append(0xa6, 0x4f, 0x66, 0x66, 0x73, 0x65, 0x74)
+	if err != nil {
+		return
+	}
+	err = en.WriteInt64(z.Offset)
+	if err != nil {
+		err = msgp.WrapError(err, "Offset")
+		return
+	}
+	return
+}
+
+// Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message
+func (z ProduceOffset) Msgsize() (s int) {
+	s = 1 + 6 + msgp.StringPrefixSize + len(z.Topic) + 10 + msgp.Int32Size + 7 + msgp.Int64Size
+	return
+}
+
+// DecodeMsg implements msgp.Decodable
+func (z *StatsBucket) DecodeMsg(dc *msgp.Reader) (err error) {
+	var field []byte
+	_ = field
+	var zb0001 uint32
+	zb0001, err = dc.ReadMapHeader()
+	if err != nil {
+		err = msgp.WrapError(err)
+		return
+	}
+	for zb0001 > 0 {
+		zb0001--
+		field, err = dc.ReadMapKeyPtr()
+		if err != nil {
+			err = msgp.WrapError(err)
+			return
+		}
+		switch msgp.UnsafeString(field) {
+		case "Start":
+			z.Start, err = dc.ReadUint64()
+			if err != nil {
+				err = msgp.WrapError(err, "Start")
+				return
+			}
+		case "Duration":
+			z.Duration, err = dc.ReadUint64()
+			if err != nil {
+				err = msgp.WrapError(err, "Duration")
+				return
+			}
+		case "Stats":
+			var zb0002 uint32
+			zb0002, err = dc.ReadArrayHeader()
+			if err != nil {
+				err = msgp.WrapError(err, "Stats")
+				return
+			}
+			if cap(z.Stats) >= int(zb0002) {
+				z.Stats = (z.Stats)[:zb0002]
+			} else {
+				z.Stats = make([]StatsPoint, zb0002)
+			}
+			for za0001 := range z.Stats {
+				err = z.Stats[za0001].DecodeMsg(dc)
+				if err != nil {
+					err = msgp.WrapError(err, "Stats", za0001)
+					return
+				}
+			}
+		case "Backlogs":
+			var zb0003 uint32
+			zb0003, err = dc.ReadArrayHeader()
+			if err != nil {
+				err = msgp.WrapError(err, "Backlogs")
+				return
+			}
+			if cap(z.Backlogs) >= int(zb0003) {
+				z.Backlogs = (z.Backlogs)[:zb0003]
+			} else {
+				z.Backlogs = make([]Backlog, zb0003)
+			}
+			for za0002 := range z.Backlogs {
+				var zb0004 uint32
+				zb0004, err = dc.ReadMapHeader()
+				if err != nil {
+					err = msgp.WrapError(err, "Backlogs", za0002)
+					return
+				}
+				for zb0004 > 0 {
+					zb0004--
+					field, err = dc.ReadMapKeyPtr()
+					if err != nil {
+						err = msgp.WrapError(err, "Backlogs", za0002)
+						return
+					}
+					switch msgp.UnsafeString(field) {
+					case "Tags":
+						var zb0005 uint32
+						zb0005, err = dc.ReadArrayHeader()
+						if err != nil {
+							err = msgp.WrapError(err, "Backlogs", za0002, "Tags")
+							return
+						}
+						if cap(z.Backlogs[za0002].Tags) >= int(zb0005) {
+							z.Backlogs[za0002].Tags = (z.Backlogs[za0002].Tags)[:zb0005]
+						} else {
+							z.Backlogs[za0002].Tags = make([]string, zb0005)
+						}
+						for za0003 := range z.Backlogs[za0002].Tags {
+							z.Backlogs[za0002].Tags[za0003], err = dc.ReadString()
+							if err != nil {
+								err = msgp.WrapError(err, "Backlogs", za0002, "Tags", za0003)
+								return
+							}
+						}
+					case "Value":
+						z.Backlogs[za0002].Value, err = dc.ReadInt64()
+						if err != nil {
+							err = msgp.WrapError(err, "Backlogs", za0002, "Value")
+							return
+						}
+					default:
+						err = dc.Skip()
+						if err != nil {
+							err = msgp.WrapError(err, "Backlogs", za0002)
+							return
+						}
+					}
+				}
+			}
+		default:
+			err = dc.Skip()
+			if err != nil {
+				err = msgp.WrapError(err)
+				return
+			}
+		}
+	}
+	return
+}
+
+// EncodeMsg implements msgp.Encodable
+func (z *StatsBucket) EncodeMsg(en *msgp.Writer) (err error) {
+	// map header, size 4
+	// write "Start"
+	err = en.Append(0x84, 0xa5, 0x53, 0x74, 0x61, 0x72, 0x74)
+	if err != nil {
+		return
+	}
+	err = en.WriteUint64(z.Start)
+	if err != nil {
+		err = msgp.WrapError(err, "Start")
+		return
+	}
+	// write "Duration"
+	err = en.Append(0xa8, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e)
+	if err != nil {
+		return
+	}
+	err = en.WriteUint64(z.Duration)
+	if err != nil {
+		err = msgp.WrapError(err, "Duration")
+		return
+	}
+	// write "Stats"
+	err = en.Append(0xa5, 0x53, 0x74, 0x61, 0x74, 0x73)
+	if err != nil {
+		return
+	}
+	err = en.WriteArrayHeader(uint32(len(z.Stats)))
+	if err != nil {
+		err = msgp.WrapError(err, "Stats")
+		return
+	}
+	for za0001 := range z.Stats {
+		err = z.Stats[za0001].EncodeMsg(en)
+		if err != nil {
+			err = msgp.WrapError(err, "Stats", za0001)
+			return
+		}
+	}
+	// write "Backlogs"
+	err = en.Append(0xa8, 0x42, 0x61, 0x63, 0x6b, 0x6c, 0x6f, 0x67, 0x73)
+	if err != nil {
+		return
+	}
+	err = en.WriteArrayHeader(uint32(len(z.Backlogs)))
+	if err != nil {
+		err = msgp.WrapError(err, "Backlogs")
+		return
+	}
+	for za0002 := range z.Backlogs {
+		// map header, size 2
+		// write "Tags"
+		err = en.Append(0x82, 0xa4, 0x54, 0x61, 0x67, 0x73)
+		if err != nil {
+			return
+		}
+		err = en.WriteArrayHeader(uint32(len(z.Backlogs[za0002].Tags)))
+		if err != nil {
+			err = msgp.WrapError(err, "Backlogs", za0002, "Tags")
+			return
+		}
+		for za0003 := range z.Backlogs[za0002].Tags {
+			err = en.WriteString(z.Backlogs[za0002].Tags[za0003])
+			if err != nil {
+				err = msgp.WrapError(err, "Backlogs", za0002, "Tags", za0003)
+				return
+			}
+		}
+		// write "Value"
+		err = en.Append(0xa5, 0x56, 0x61, 0x6c, 0x75, 0x65)
+		if err != nil {
+			return
+		}
+		err = en.WriteInt64(z.Backlogs[za0002].Value)
+		if err != nil {
+			err = msgp.WrapError(err, "Backlogs", za0002, "Value")
+			return
+		}
+	}
+	return
+}
+
+// Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message
+func (z *StatsBucket) Msgsize() (s int) {
+	s = 1 + 6 + msgp.Uint64Size + 9 + msgp.Uint64Size + 6 + msgp.ArrayHeaderSize
+	for za0001 := range z.Stats {
+		s += z.Stats[za0001].Msgsize()
+	}
+	s += 9 + msgp.ArrayHeaderSize
+	for za0002 := range z.Backlogs {
+		s += 1 + 5 + msgp.ArrayHeaderSize
+		for za0003 := range z.Backlogs[za0002].Tags {
+			s += msgp.StringPrefixSize + len(z.Backlogs[za0002].Tags[za0003])
+		}
+		s += 6 + msgp.Int64Size
+	}
+	return
+}
+
+// DecodeMsg implements msgp.Decodable
+func (z *StatsPayload) DecodeMsg(dc *msgp.Reader) (err error) {
+	var field []byte
+	_ = field
+	var zb0001 uint32
+	zb0001, err = dc.ReadMapHeader()
+	if err != nil {
+		err = msgp.WrapError(err)
+		return
+	}
+	for zb0001 > 0 {
+		zb0001--
+		field, err = dc.ReadMapKeyPtr()
+		if err != nil {
+			err = msgp.WrapError(err)
+			return
+		}
+		switch msgp.UnsafeString(field) {
+		case "Env":
+			z.Env, err = dc.ReadString()
+			if err != nil {
+				err = msgp.WrapError(err, "Env")
+				return
+			}
+		case "Service":
+			z.Service, err = dc.ReadString()
+			if err != nil {
+				err = msgp.WrapError(err, "Service")
+				return
+			}
+		case "Stats":
+			var zb0002 uint32
+			zb0002, err = dc.ReadArrayHeader()
+			if err != nil {
+				err = msgp.WrapError(err, "Stats")
+				return
+			}
+			if cap(z.Stats) >= int(zb0002) {
+				z.Stats = (z.Stats)[:zb0002]
+			} else {
+				z.Stats = make([]StatsBucket, zb0002)
+			}
+			for za0001 := range z.Stats {
+				err = z.Stats[za0001].DecodeMsg(dc)
+				if err != nil {
+					err = msgp.WrapError(err, "Stats", za0001)
+					return
+				}
+			}
+		case "TracerVersion":
+			z.TracerVersion, err = dc.ReadString()
+			if err != nil {
+				err = msgp.WrapError(err, "TracerVersion")
+				return
+			}
+		case "Lang":
+			z.Lang, err = dc.ReadString()
+			if err != nil {
+				err = msgp.WrapError(err, "Lang")
+				return
+			}
+		case "Version":
+			z.Version, err = dc.ReadString()
+			if err != nil {
+				err = msgp.WrapError(err, "Version")
+				return
+			}
+		default:
+			err = dc.Skip()
+			if err != nil {
+				err = msgp.WrapError(err)
+				return
+			}
+		}
+	}
+	return
+}
+
+// EncodeMsg implements msgp.Encodable
+func (z *StatsPayload) EncodeMsg(en *msgp.Writer) (err error) {
+	// map header, size 6
+	// write "Env"
+	err = en.Append(0x86, 0xa3, 0x45, 0x6e, 0x76)
+	if err != nil {
+		return
+	}
+	err = en.WriteString(z.Env)
+	if err != nil {
+		err = msgp.WrapError(err, "Env")
+		return
+	}
+	// write "Service"
+	err = en.Append(0xa7, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65)
+	if err != nil {
+		return
+	}
+	err = en.WriteString(z.Service)
+	if err != nil {
+		err = msgp.WrapError(err, "Service")
+		return
+	}
+	// write "Stats"
+	err = en.Append(0xa5, 0x53, 0x74, 0x61, 0x74, 0x73)
+	if err != nil {
+		return
+	}
+	err = en.WriteArrayHeader(uint32(len(z.Stats)))
+	if err != nil {
+		err = msgp.WrapError(err, "Stats")
+		return
+	}
+	for za0001 := range z.Stats {
+		err = z.Stats[za0001].EncodeMsg(en)
+		if err != nil {
+			err = msgp.WrapError(err, "Stats", za0001)
+			return
+		}
+	}
+	// write "TracerVersion"
+	err = en.Append(0xad, 0x54, 0x72, 0x61, 0x63, 0x65, 0x72, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e)
+	if err != nil {
+		return
+	}
+	err = en.WriteString(z.TracerVersion)
+	if err != nil {
+		err = msgp.WrapError(err, "TracerVersion")
+		return
+	}
+	// write "Lang"
+	err = en.Append(0xa4, 0x4c, 0x61, 0x6e, 0x67)
+	if err != nil {
+		return
+	}
+	err = en.WriteString(z.Lang)
+	if err != nil {
+		err = msgp.WrapError(err, "Lang")
+		return
+	}
+	// write "Version"
+	err = en.Append(0xa7, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e)
+	if err != nil {
+		return
+	}
+	err = en.WriteString(z.Version)
+	if err != nil {
+		err = msgp.WrapError(err, "Version")
+		return
+	}
+	return
+}
+
+// Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message
+func (z *StatsPayload) Msgsize() (s int) {
+	s = 1 + 4 + msgp.StringPrefixSize + len(z.Env) + 8 + msgp.StringPrefixSize + len(z.Service) + 6 + msgp.ArrayHeaderSize
+	for za0001 := range z.Stats {
+		s += z.Stats[za0001].Msgsize()
+	}
+	s += 14 + msgp.StringPrefixSize + len(z.TracerVersion) + 5 + msgp.StringPrefixSize + len(z.Lang) + 8 + msgp.StringPrefixSize + len(z.Version)
+	return
+}
+
+// DecodeMsg implements msgp.Decodable
+func (z *StatsPoint) DecodeMsg(dc *msgp.Reader) (err error) {
+	var field []byte
+	_ = field
+	var zb0001 uint32
+	zb0001, err = dc.ReadMapHeader()
+	if err != nil {
+		err = msgp.WrapError(err)
+		return
+	}
+	for zb0001 > 0 {
+		zb0001--
+		field, err = dc.ReadMapKeyPtr()
+		if err != nil {
+			err = msgp.WrapError(err)
+			return
+		}
+		switch msgp.UnsafeString(field) {
+		case "Service":
+			z.Service, err = dc.ReadString()
+			if err != nil {
+				err = msgp.WrapError(err, "Service")
+				return
+			}
+		case "EdgeTags":
+			var zb0002 uint32
+			zb0002, err = dc.ReadArrayHeader()
+			if err != nil {
+				err = msgp.WrapError(err, "EdgeTags")
+				return
+			}
+			if cap(z.EdgeTags) >= int(zb0002) {
+				z.EdgeTags = (z.EdgeTags)[:zb0002]
+			} else {
+				z.EdgeTags = make([]string, zb0002)
+			}
+			for za0001 := range z.EdgeTags {
+				z.EdgeTags[za0001], err = dc.ReadString()
+				if err != nil {
+					err = msgp.WrapError(err, "EdgeTags", za0001)
+					return
+				}
+			}
+		case "Hash":
+			z.Hash, err = dc.ReadUint64()
+			if err != nil {
+				err = msgp.WrapError(err, "Hash")
+				return
+			}
+		case "ParentHash":
+			z.ParentHash, err = dc.ReadUint64()
+			if err != nil {
+				err = msgp.WrapError(err, "ParentHash")
+				return
+			}
+		case "PathwayLatency":
+			z.PathwayLatency, err = dc.ReadBytes(z.PathwayLatency)
+			if err != nil {
+				err = msgp.WrapError(err, "PathwayLatency")
+				return
+			}
+		case "EdgeLatency":
+			z.EdgeLatency, err = dc.ReadBytes(z.EdgeLatency)
+			if err != nil {
+				err = msgp.WrapError(err, "EdgeLatency")
+				return
+			}
+		case "PayloadSize":
+			z.PayloadSize, err = dc.ReadBytes(z.PayloadSize)
+			if err != nil {
+				err = msgp.WrapError(err, "PayloadSize")
+				return
+			}
+		case "TimestampType":
+			{
+				var zb0003 string
+				zb0003, err = dc.ReadString()
+				if err != nil {
+					err = msgp.WrapError(err, "TimestampType")
+					return
+				}
+				z.TimestampType = TimestampType(zb0003)
+			}
+		default:
+			err = dc.Skip()
+			if err != nil {
+				err = msgp.WrapError(err)
+				return
+			}
+		}
+	}
+	return
+}
+
+// EncodeMsg implements msgp.Encodable
+func (z *StatsPoint) EncodeMsg(en *msgp.Writer) (err error) {
+	// map header, size 8
+	// write "Service"
+	err = en.Append(0x88, 0xa7, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65)
+	if err != nil {
+		return
+	}
+	err = en.WriteString(z.Service)
+	if err != nil {
+		err = msgp.WrapError(err, "Service")
+		return
+	}
+	// write "EdgeTags"
+	err = en.Append(0xa8, 0x45, 0x64, 0x67, 0x65, 0x54, 0x61, 0x67, 0x73)
+	if err != nil {
+		return
+	}
+	err = en.WriteArrayHeader(uint32(len(z.EdgeTags)))
+	if err != nil {
+		err = msgp.WrapError(err, "EdgeTags")
+		return
+	}
+	for za0001 := range z.EdgeTags {
+		err = en.WriteString(z.EdgeTags[za0001])
+		if err != nil {
+			err = msgp.WrapError(err, "EdgeTags", za0001)
+			return
+		}
+	}
+	// write "Hash"
+	err = en.Append(0xa4, 0x48, 0x61, 0x73, 0x68)
+	if err != nil {
+		return
+	}
+	err = en.WriteUint64(z.Hash)
+	if err != nil {
+		err = msgp.WrapError(err, "Hash")
+		return
+	}
+	// write "ParentHash"
+	err = en.Append(0xaa, 0x50, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x48, 0x61, 0x73, 0x68)
+	if err != nil {
+		return
+	}
+	err = en.WriteUint64(z.ParentHash)
+	if err != nil {
+		err = msgp.WrapError(err, "ParentHash")
+		return
+	}
+	// write "PathwayLatency"
+	err = en.Append(0xae, 0x50, 0x61, 0x74, 0x68, 0x77, 0x61, 0x79, 0x4c, 0x61, 0x74, 0x65, 0x6e, 0x63, 0x79)
+	if err != nil {
+		return
+	}
+	err = en.WriteBytes(z.PathwayLatency)
+	if err != nil {
+		err = msgp.WrapError(err, "PathwayLatency")
+		return
+	}
+	// write "EdgeLatency"
+	err = en.Append(0xab, 0x45, 0x64, 0x67, 0x65, 0x4c, 0x61, 0x74, 0x65, 0x6e, 0x63, 0x79)
+	if err != nil {
+		return
+	}
+	err = en.WriteBytes(z.EdgeLatency)
+	if err != nil {
+		err = msgp.WrapError(err, "EdgeLatency")
+		return
+	}
+	// write "PayloadSize"
+	err = en.Append(0xab, 0x50, 0x61, 0x79, 0x6c, 0x6f, 0x61, 0x64, 0x53, 0x69, 0x7a, 0x65)
+	if err != nil {
+		return
+	}
+	err = en.WriteBytes(z.PayloadSize)
+	if err != nil {
+		err = msgp.WrapError(err, "PayloadSize")
+		return
+	}
+	// write "TimestampType"
+	err = en.Append(0xad, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x54, 0x79, 0x70, 0x65)
+	if err != nil {
+		return
+	}
+	err = en.WriteString(string(z.TimestampType))
+	if err != nil {
+		err = msgp.WrapError(err, "TimestampType")
+		return
+	}
+	return
+}
+
+// Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message
+func (z *StatsPoint) Msgsize() (s int) {
+	s = 1 + 8 + msgp.StringPrefixSize + len(z.Service) + 9 + msgp.ArrayHeaderSize
+	for za0001 := range z.EdgeTags {
+		s += msgp.StringPrefixSize + len(z.EdgeTags[za0001])
+	}
+	s += 5 + msgp.Uint64Size + 11 + msgp.Uint64Size + 15 + msgp.BytesPrefixSize + len(z.PathwayLatency) + 12 + msgp.BytesPrefixSize + len(z.EdgeLatency) + 12 + msgp.BytesPrefixSize + len(z.PayloadSize) + 14 + msgp.StringPrefixSize + len(string(z.TimestampType))
+	return
+}
+
+// DecodeMsg implements msgp.Decodable
+func (z *TimestampType) DecodeMsg(dc *msgp.Reader) (err error) {
+	{
+		var zb0001 string
+		zb0001, err = dc.ReadString()
+		if err != nil {
+			err = msgp.WrapError(err)
+			return
+		}
+		(*z) = TimestampType(zb0001)
+	}
+	return
+}
+
+// EncodeMsg implements msgp.Encodable
+func (z TimestampType) EncodeMsg(en *msgp.Writer) (err error) {
+	err = en.WriteString(string(z))
+	if err != nil {
+		err = msgp.WrapError(err)
+		return
+	}
+	return
+}
+
+// Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message
+func (z TimestampType) Msgsize() (s int) {
+	s = msgp.StringPrefixSize + len(string(z))
+	return
+}
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/datastreams/processor.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/datastreams/processor.go
new file mode 100644
index 000000000..1114f1056
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/datastreams/processor.go
@@ -0,0 +1,472 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016-present Datadog, Inc.
+
+package datastreams
+
+import (
+	"context"
+	"fmt"
+	"math"
+	"net/http"
+	"net/url"
+	"sync"
+	"sync/atomic"
+	"time"
+
+	"gopkg.in/DataDog/dd-trace-go.v1/datastreams/options"
+	"gopkg.in/DataDog/dd-trace-go.v1/internal"
+	"gopkg.in/DataDog/dd-trace-go.v1/internal/log"
+	"gopkg.in/DataDog/dd-trace-go.v1/internal/version"
+
+	"github.com/DataDog/sketches-go/ddsketch"
+	"github.com/DataDog/sketches-go/ddsketch/mapping"
+	"github.com/DataDog/sketches-go/ddsketch/store"
+	"github.com/golang/protobuf/proto"
+)
+
+const (
+	bucketDuration            = time.Second * 10
+	loadAgentFeaturesInterval = time.Second * 30
+	defaultServiceName        = "unnamed-go-service"
+)
+
+var sketchMapping, _ = mapping.NewLogarithmicMapping(0.01)
+
+type statsPoint struct {
+	edgeTags       []string
+	hash           uint64
+	parentHash     uint64
+	timestamp      int64
+	pathwayLatency int64
+	edgeLatency    int64
+	payloadSize    int64
+}
+
+type statsGroup struct {
+	service        string
+	edgeTags       []string
+	hash           uint64
+	parentHash     uint64
+	pathwayLatency *ddsketch.DDSketch
+	edgeLatency    *ddsketch.DDSketch
+	payloadSize    *ddsketch.DDSketch
+}
+
+type bucket struct {
+	points               map[uint64]statsGroup
+	latestCommitOffsets  map[partitionConsumerKey]int64
+	latestProduceOffsets map[partitionKey]int64
+	start                uint64
+	duration             uint64
+}
+
+func newBucket(start, duration uint64) bucket {
+	return bucket{
+		points:               make(map[uint64]statsGroup),
+		latestCommitOffsets:  make(map[partitionConsumerKey]int64),
+		latestProduceOffsets: make(map[partitionKey]int64),
+		start:                start,
+		duration:             duration,
+	}
+}
+
+func (b bucket) export(timestampType TimestampType) StatsBucket {
+	stats := make([]StatsPoint, 0, len(b.points))
+	for _, s := range b.points {
+		pathwayLatency, err := proto.Marshal(s.pathwayLatency.ToProto())
+		if err != nil {
+			log.Error("can't serialize pathway latency. Ignoring: %v", err)
+			continue
+		}
+		edgeLatency, err := proto.Marshal(s.edgeLatency.ToProto())
+		if err != nil {
+			log.Error("can't serialize edge latency. Ignoring: %v", err)
+			continue
+		}
+		payloadSize, err := proto.Marshal(s.payloadSize.ToProto())
+		if err != nil {
+			log.Error("can't serialize payload size. Ignoring: %v", err)
+			continue
+		}
+		stats = append(stats, StatsPoint{
+			PathwayLatency: pathwayLatency,
+			EdgeLatency:    edgeLatency,
+			Service:        s.service,
+			EdgeTags:       s.edgeTags,
+			Hash:           s.hash,
+			ParentHash:     s.parentHash,
+			TimestampType:  timestampType,
+			PayloadSize:    payloadSize,
+		})
+	}
+	exported := StatsBucket{
+		Start:    b.start,
+		Duration: b.duration,
+		Stats:    stats,
+		Backlogs: make([]Backlog, 0, len(b.latestCommitOffsets)+len(b.latestProduceOffsets)),
+	}
+	for key, offset := range b.latestProduceOffsets {
+		exported.Backlogs = append(exported.Backlogs, Backlog{Tags: []string{fmt.Sprintf("partition:%d", key.partition), fmt.Sprintf("topic:%s", key.topic), "type:kafka_produce"}, Value: offset})
+	}
+	for key, offset := range b.latestCommitOffsets {
+		exported.Backlogs = append(exported.Backlogs, Backlog{Tags: []string{fmt.Sprintf("consumer_group:%s", key.group), fmt.Sprintf("partition:%d", key.partition), fmt.Sprintf("topic:%s", key.topic), "type:kafka_commit"}, Value: offset})
+	}
+	return exported
+}
+
+type processorStats struct {
+	payloadsIn      int64
+	flushedPayloads int64
+	flushedBuckets  int64
+	flushErrors     int64
+	dropped         int64
+}
+
+type partitionKey struct {
+	partition int32
+	topic     string
+}
+
+type partitionConsumerKey struct {
+	partition int32
+	topic     string
+	group     string
+}
+
+type offsetType int
+
+const (
+	produceOffset offsetType = iota
+	commitOffset
+)
+
+type kafkaOffset struct {
+	offset     int64
+	topic      string
+	group      string
+	partition  int32
+	offsetType offsetType
+	timestamp  int64
+}
+
+type Processor struct {
+	in                   chan statsPoint
+	inKafka              chan kafkaOffset
+	tsTypeCurrentBuckets map[int64]bucket
+	tsTypeOriginBuckets  map[int64]bucket
+	wg                   sync.WaitGroup
+	stopped              uint64
+	stop                 chan struct{} // closing this channel triggers shutdown
+	flushRequest         chan chan<- struct{}
+	stats                processorStats
+	transport            *httpTransport
+	statsd               internal.StatsdClient
+	env                  string
+	primaryTag           string
+	service              string
+	version              string
+	// used for tests
+	timeSource                  func() time.Time
+	disableStatsFlushing        uint32
+	getAgentSupportsDataStreams func() bool
+}
+
+func (p *Processor) time() time.Time {
+	if p.timeSource != nil {
+		return p.timeSource()
+	}
+	return time.Now()
+}
+
+func NewProcessor(statsd internal.StatsdClient, env, service, version string, agentURL *url.URL, httpClient *http.Client, getAgentSupportsDataStreams func() bool) *Processor {
+	if service == "" {
+		service = defaultServiceName
+	}
+	p := &Processor{
+		tsTypeCurrentBuckets:        make(map[int64]bucket),
+		tsTypeOriginBuckets:         make(map[int64]bucket),
+		in:                          make(chan statsPoint, 10000),
+		inKafka:                     make(chan kafkaOffset, 10000),
+		stopped:                     1,
+		statsd:                      statsd,
+		env:                         env,
+		service:                     service,
+		version:                     version,
+		transport:                   newHTTPTransport(agentURL, httpClient),
+		timeSource:                  time.Now,
+		getAgentSupportsDataStreams: getAgentSupportsDataStreams,
+	}
+	p.updateAgentSupportsDataStreams(getAgentSupportsDataStreams())
+	return p
+}
+
+// alignTs returns the provided timestamp truncated to the bucket size.
+// It gives us the start time of the time bucket in which such timestamp falls.
+func alignTs(ts, bucketSize int64) int64 { return ts - ts%bucketSize }
+
+func (p *Processor) getBucket(btime int64, buckets map[int64]bucket) bucket {
+	b, ok := buckets[btime]
+	if !ok {
+		b = newBucket(uint64(btime), uint64(bucketDuration.Nanoseconds()))
+		buckets[btime] = b
+	}
+	return b
+}
+func (p *Processor) addToBuckets(point statsPoint, btime int64, buckets map[int64]bucket) {
+	b := p.getBucket(btime, buckets)
+	group, ok := b.points[point.hash]
+	if !ok {
+		group = statsGroup{
+			edgeTags:       point.edgeTags,
+			parentHash:     point.parentHash,
+			hash:           point.hash,
+			pathwayLatency: ddsketch.NewDDSketch(sketchMapping, store.DenseStoreConstructor(), store.DenseStoreConstructor()),
+			edgeLatency:    ddsketch.NewDDSketch(sketchMapping, store.DenseStoreConstructor(), store.DenseStoreConstructor()),
+			payloadSize:    ddsketch.NewDDSketch(sketchMapping, store.DenseStoreConstructor(), store.DenseStoreConstructor()),
+		}
+		b.points[point.hash] = group
+	}
+	if err := group.pathwayLatency.Add(math.Max(float64(point.pathwayLatency)/float64(time.Second), 0)); err != nil {
+		log.Error("failed to add pathway latency. Ignoring %v.", err)
+	}
+	if err := group.edgeLatency.Add(math.Max(float64(point.edgeLatency)/float64(time.Second), 0)); err != nil {
+		log.Error("failed to add edge latency. Ignoring %v.", err)
+	}
+	if err := group.payloadSize.Add(float64(point.payloadSize)); err != nil {
+		log.Error("failed to add payload size. Ignoring %v.", err)
+	}
+}
+
+func (p *Processor) add(point statsPoint) {
+	currentBucketTime := alignTs(point.timestamp, bucketDuration.Nanoseconds())
+	p.addToBuckets(point, currentBucketTime, p.tsTypeCurrentBuckets)
+	originTimestamp := point.timestamp - point.pathwayLatency
+	originBucketTime := alignTs(originTimestamp, bucketDuration.Nanoseconds())
+	p.addToBuckets(point, originBucketTime, p.tsTypeOriginBuckets)
+}
+
+func (p *Processor) addKafkaOffset(o kafkaOffset) {
+	btime := alignTs(o.timestamp, bucketDuration.Nanoseconds())
+	b := p.getBucket(btime, p.tsTypeCurrentBuckets)
+	if o.offsetType == produceOffset {
+		b.latestProduceOffsets[partitionKey{
+			partition: o.partition,
+			topic:     o.topic,
+		}] = o.offset
+		return
+	}
+	b.latestCommitOffsets[partitionConsumerKey{
+		partition: o.partition,
+		group:     o.group,
+		topic:     o.topic,
+	}] = o.offset
+}
+
+func (p *Processor) run(tick <-chan time.Time) {
+	for {
+		select {
+		case s := <-p.in:
+			atomic.AddInt64(&p.stats.payloadsIn, 1)
+			p.add(s)
+		case o := <-p.inKafka:
+			p.addKafkaOffset(o)
+		case now := <-tick:
+			p.sendToAgent(p.flush(now))
+		case done := <-p.flushRequest:
+			p.sendToAgent(p.flush(time.Now().Add(bucketDuration * 10)))
+			close(done)
+		case <-p.stop:
+			// drop in flight payloads on the input channel
+			p.sendToAgent(p.flush(time.Now().Add(bucketDuration * 10)))
+			return
+		}
+	}
+}
+
+func (p *Processor) Start() {
+	if atomic.SwapUint64(&p.stopped, 0) == 0 {
+		// already running
+		log.Warn("(*Processor).Start called more than once. This is likely a programming error.")
+		return
+	}
+	p.stop = make(chan struct{})
+	p.flushRequest = make(chan chan<- struct{})
+	p.wg.Add(2)
+	go p.reportStats()
+	go func() {
+		defer p.wg.Done()
+		tick := time.NewTicker(bucketDuration)
+		defer tick.Stop()
+		p.run(tick.C)
+	}()
+	go func() {
+		defer p.wg.Done()
+		tick := time.NewTicker(loadAgentFeaturesInterval)
+		defer tick.Stop()
+		p.runLoadAgentFeatures(tick.C)
+	}()
+}
+
+// Flush triggers a flush and waits for it to complete.
+func (p *Processor) Flush() {
+	if atomic.LoadUint64(&p.stopped) > 0 {
+		return
+	}
+	done := make(chan struct{})
+	select {
+	case p.flushRequest <- done:
+		<-done
+	case <-p.stop:
+	}
+}
+
+func (p *Processor) Stop() {
+	if atomic.SwapUint64(&p.stopped, 1) > 0 {
+		return
+	}
+	close(p.stop)
+	p.wg.Wait()
+}
+
+func (p *Processor) reportStats() {
+	for range time.NewTicker(time.Second * 10).C {
+		p.statsd.Count("datadog.datastreams.processor.payloads_in", atomic.SwapInt64(&p.stats.payloadsIn, 0), nil, 1)
+		p.statsd.Count("datadog.datastreams.processor.flushed_payloads", atomic.SwapInt64(&p.stats.flushedPayloads, 0), nil, 1)
+		p.statsd.Count("datadog.datastreams.processor.flushed_buckets", atomic.SwapInt64(&p.stats.flushedBuckets, 0), nil, 1)
+		p.statsd.Count("datadog.datastreams.processor.flush_errors", atomic.SwapInt64(&p.stats.flushErrors, 0), nil, 1)
+		p.statsd.Count("datadog.datastreams.processor.dropped_payloads", atomic.SwapInt64(&p.stats.dropped, 0), nil, 1)
+	}
+}
+
+func (p *Processor) flushBucket(buckets map[int64]bucket, bucketStart int64, timestampType TimestampType) StatsBucket {
+	bucket := buckets[bucketStart]
+	delete(buckets, bucketStart)
+	return bucket.export(timestampType)
+}
+
+func (p *Processor) flush(now time.Time) StatsPayload {
+	nowNano := now.UnixNano()
+	sp := StatsPayload{
+		Service:       p.service,
+		Version:       p.version,
+		Env:           p.env,
+		Lang:          "go",
+		TracerVersion: version.Tag,
+		Stats:         make([]StatsBucket, 0, len(p.tsTypeCurrentBuckets)+len(p.tsTypeOriginBuckets)),
+	}
+	for ts := range p.tsTypeCurrentBuckets {
+		if ts > nowNano-bucketDuration.Nanoseconds() {
+			// do not flush the bucket at the current time
+			continue
+		}
+		sp.Stats = append(sp.Stats, p.flushBucket(p.tsTypeCurrentBuckets, ts, TimestampTypeCurrent))
+	}
+	for ts := range p.tsTypeOriginBuckets {
+		if ts > nowNano-bucketDuration.Nanoseconds() {
+			// do not flush the bucket at the current time
+			continue
+		}
+		sp.Stats = append(sp.Stats, p.flushBucket(p.tsTypeOriginBuckets, ts, TimestampTypeOrigin))
+	}
+	return sp
+}
+
+func (p *Processor) sendToAgent(payload StatsPayload) {
+	atomic.AddInt64(&p.stats.flushedPayloads, 1)
+	atomic.AddInt64(&p.stats.flushedBuckets, int64(len(payload.Stats)))
+	if err := p.transport.sendPipelineStats(&payload); err != nil {
+		atomic.AddInt64(&p.stats.flushErrors, 1)
+	}
+}
+
+func (p *Processor) SetCheckpoint(ctx context.Context, edgeTags ...string) context.Context {
+	return p.SetCheckpointWithParams(ctx, options.CheckpointParams{}, edgeTags...)
+}
+
+func (p *Processor) SetCheckpointWithParams(ctx context.Context, params options.CheckpointParams, edgeTags ...string) context.Context {
+	parent, hasParent := PathwayFromContext(ctx)
+	parentHash := uint64(0)
+	now := p.time()
+	pathwayStart := now
+	edgeStart := now
+	if hasParent {
+		pathwayStart = parent.PathwayStart()
+		edgeStart = parent.EdgeStart()
+		parentHash = parent.GetHash()
+	}
+	child := Pathway{
+		hash:         pathwayHash(nodeHash(p.service, p.env, edgeTags), parentHash),
+		pathwayStart: pathwayStart,
+		edgeStart:    now,
+	}
+	select {
+	case p.in <- statsPoint{
+		edgeTags:       edgeTags,
+		parentHash:     parentHash,
+		hash:           child.hash,
+		timestamp:      now.UnixNano(),
+		pathwayLatency: now.Sub(pathwayStart).Nanoseconds(),
+		edgeLatency:    now.Sub(edgeStart).Nanoseconds(),
+		payloadSize:    params.PayloadSize,
+	}:
+	default:
+		atomic.AddInt64(&p.stats.dropped, 1)
+	}
+	return ContextWithPathway(ctx, child)
+}
+
+func (p *Processor) TrackKafkaCommitOffset(group string, topic string, partition int32, offset int64) {
+	select {
+	case p.inKafka <- kafkaOffset{
+		offset:     offset,
+		group:      group,
+		topic:      topic,
+		partition:  partition,
+		offsetType: commitOffset,
+		timestamp:  p.time().UnixNano(),
+	}:
+	default:
+		atomic.AddInt64(&p.stats.dropped, 1)
+	}
+}
+
+func (p *Processor) TrackKafkaProduceOffset(topic string, partition int32, offset int64) {
+	select {
+	case p.inKafka <- kafkaOffset{
+		offset:     offset,
+		topic:      topic,
+		partition:  partition,
+		offsetType: produceOffset,
+		timestamp:  p.time().UnixNano(),
+	}:
+	default:
+		atomic.AddInt64(&p.stats.dropped, 1)
+	}
+}
+
+func (p *Processor) runLoadAgentFeatures(tick <-chan time.Time) {
+	for {
+		select {
+		case <-tick:
+			p.updateAgentSupportsDataStreams(p.getAgentSupportsDataStreams())
+		case <-p.stop:
+			return
+		}
+	}
+}
+
+func (p *Processor) updateAgentSupportsDataStreams(agentSupportsDataStreams bool) {
+	var disableStatsFlushing uint32
+	if !agentSupportsDataStreams {
+		disableStatsFlushing = 1
+	}
+	if atomic.SwapUint32(&p.disableStatsFlushing, disableStatsFlushing) != disableStatsFlushing {
+		if agentSupportsDataStreams {
+			log.Info("Detected agent upgrade. Turning on Data Streams Monitoring.")
+		} else {
+			log.Warn("Turning off Data Streams Monitoring. Upgrade your agent to 7.34+")
+		}
+	}
+}
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/datastreams/propagator.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/datastreams/propagator.go
new file mode 100644
index 000000000..bd8168a08
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/datastreams/propagator.go
@@ -0,0 +1,87 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016-present Datadog, Inc.
+
+package datastreams
+
+import (
+	"context"
+	"encoding/base64"
+	"encoding/binary"
+	"errors"
+	"time"
+
+	"github.com/DataDog/sketches-go/ddsketch/encoding"
+)
+
+type contextKey struct{}
+
+var activePathwayKey = contextKey{}
+
+const (
+	// PropagationKeyBase64 is the key to use to propagate the pathway between services.
+	PropagationKeyBase64 = "dd-pathway-ctx-base64"
+)
+
+// Encode encodes the pathway
+func (p Pathway) Encode() []byte {
+	data := make([]byte, 8, 20)
+	binary.LittleEndian.PutUint64(data, p.hash)
+	encoding.EncodeVarint64(&data, p.pathwayStart.UnixNano()/int64(time.Millisecond))
+	encoding.EncodeVarint64(&data, p.edgeStart.UnixNano()/int64(time.Millisecond))
+	return data
+}
+
+// Decode decodes a pathway
+func Decode(ctx context.Context, data []byte) (p Pathway, outCtx context.Context, err error) {
+	if len(data) < 8 {
+		return p, ctx, errors.New("hash smaller than 8 bytes")
+	}
+	p.hash = binary.LittleEndian.Uint64(data)
+	data = data[8:]
+	pathwayStart, err := encoding.DecodeVarint64(&data)
+	if err != nil {
+		return p, ctx, err
+	}
+	edgeStart, err := encoding.DecodeVarint64(&data)
+	if err != nil {
+		return p, ctx, err
+	}
+	p.pathwayStart = time.Unix(0, pathwayStart*int64(time.Millisecond))
+	p.edgeStart = time.Unix(0, edgeStart*int64(time.Millisecond))
+	return p, ContextWithPathway(ctx, p), nil
+}
+
+// EncodeBase64 encodes a pathway context into a string using base64 encoding.
+func (p Pathway) EncodeBase64() string {
+	b := p.Encode()
+	return base64.StdEncoding.EncodeToString(b)
+}
+
+// DecodeBase64 decodes a pathway context from a string using base64 encoding.
+func DecodeBase64(ctx context.Context, str string) (p Pathway, outCtx context.Context, err error) {
+	data, err := base64.StdEncoding.DecodeString(str)
+	if err != nil {
+		return p, ctx, err
+	}
+	return Decode(ctx, data)
+}
+
+// ContextWithPathway returns a copy of the given context which includes the pathway p.
+func ContextWithPathway(ctx context.Context, p Pathway) context.Context {
+	return context.WithValue(ctx, activePathwayKey, p)
+}
+
+// PathwayFromContext returns the pathway contained in the given context, and whether a
+// pathway is found in ctx.
+func PathwayFromContext(ctx context.Context) (p Pathway, ok bool) {
+	if ctx == nil {
+		return p, false
+	}
+	v := ctx.Value(activePathwayKey)
+	if p, ok := v.(Pathway); ok {
+		return p, true
+	}
+	return p, false
+}
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/datastreams/transport.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/datastreams/transport.go
new file mode 100644
index 000000000..62433c755
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/datastreams/transport.go
@@ -0,0 +1,115 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016-present Datadog, Inc.
+
+package datastreams
+
+import (
+	"bytes"
+	"compress/gzip"
+	"fmt"
+	"net"
+	"net/http"
+	"net/url"
+	"runtime"
+	"strings"
+	"time"
+
+	"gopkg.in/DataDog/dd-trace-go.v1/internal"
+
+	"github.com/tinylib/msgp/msgp"
+)
+
+const (
+	defaultHostname    = "localhost"
+	defaultPort        = "8126"
+	defaultAddress     = defaultHostname + ":" + defaultPort
+	defaultHTTPTimeout = 2 * time.Second // defines the current timeout before giving up with the send process
+)
+
+var defaultDialer = &net.Dialer{
+	Timeout:   30 * time.Second,
+	KeepAlive: 30 * time.Second,
+	DualStack: true,
+}
+
+var defaultClient = &http.Client{
+	// We copy the transport to avoid using the default one, as it might be
+	// augmented with tracing and we don't want these calls to be recorded.
+	// See https://golang.org/pkg/net/http/#DefaultTransport .
+	Transport: &http.Transport{
+		Proxy:                 http.ProxyFromEnvironment,
+		DialContext:           defaultDialer.DialContext,
+		MaxIdleConns:          100,
+		IdleConnTimeout:       90 * time.Second,
+		TLSHandshakeTimeout:   10 * time.Second,
+		ExpectContinueTimeout: 1 * time.Second,
+	},
+	Timeout: defaultHTTPTimeout,
+}
+
+type httpTransport struct {
+	url     string            // the delivery URL for stats
+	client  *http.Client      // the HTTP client used in the POST
+	headers map[string]string // the Transport headers
+}
+
+func newHTTPTransport(agentURL *url.URL, client *http.Client) *httpTransport {
+	// initialize the default EncoderPool with Encoder headers
+	defaultHeaders := map[string]string{
+		"Datadog-Meta-Lang":             "go",
+		"Datadog-Meta-Lang-Version":     strings.TrimPrefix(runtime.Version(), "go"),
+		"Datadog-Meta-Lang-Interpreter": runtime.Compiler + "-" + runtime.GOARCH + "-" + runtime.GOOS,
+		"Content-Type":                  "application/msgpack",
+		"Content-Encoding":              "gzip",
+	}
+	if cid := internal.ContainerID(); cid != "" {
+		defaultHeaders["Datadog-Container-ID"] = cid
+	}
+	url := fmt.Sprintf("%s/v0.1/pipeline_stats", agentURL.String())
+	return &httpTransport{
+		url:     url,
+		client:  client,
+		headers: defaultHeaders,
+	}
+}
+
+func (t *httpTransport) sendPipelineStats(p *StatsPayload) error {
+	var buf bytes.Buffer
+	gzipWriter, err := gzip.NewWriterLevel(&buf, gzip.BestSpeed)
+	if err != nil {
+		return err
+	}
+	if err := msgp.Encode(gzipWriter, p); err != nil {
+		return err
+	}
+	err = gzipWriter.Close()
+	if err != nil {
+		return err
+	}
+	req, err := http.NewRequest("POST", t.url, &buf)
+	if err != nil {
+		return err
+	}
+	for header, value := range t.headers {
+		req.Header.Set(header, value)
+	}
+	resp, err := t.client.Do(req)
+	if err != nil {
+		return err
+	}
+	if code := resp.StatusCode; code >= 400 {
+		// error, check the body for context information and
+		// return a nice error.
+		msg := make([]byte, 1000)
+		n, _ := resp.Body.Read(msg)
+		resp.Body.Close()
+		txt := http.StatusText(code)
+		if n > 0 {
+			return fmt.Errorf("%s (Status: %s)", msg[:n], txt)
+		}
+		return fmt.Errorf("%s", txt)
+	}
+	return nil
+}
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/env.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/env.go
new file mode 100644
index 000000000..7c4ed6c0c
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/env.go
@@ -0,0 +1,94 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016 Datadog, Inc.
+
+package internal
+
+import (
+	"os"
+	"strconv"
+	"strings"
+	"time"
+
+	"gopkg.in/DataDog/dd-trace-go.v1/internal/log"
+)
+
+// BoolEnv returns the parsed boolean value of an environment variable, or
+// def otherwise.
+func BoolEnv(key string, def bool) bool {
+	vv, ok := os.LookupEnv(key)
+	if !ok {
+		return def
+	}
+	v, err := strconv.ParseBool(vv)
+	if err != nil {
+		log.Warn("Non-boolean value for env var %s, defaulting to %t. Parse failed with error: %v", key, def, err)
+		return def
+	}
+	return v
+}
+
+// IntEnv returns the parsed int value of an environment variable, or
+// def otherwise.
+func IntEnv(key string, def int) int {
+	vv, ok := os.LookupEnv(key)
+	if !ok {
+		return def
+	}
+	v, err := strconv.Atoi(vv)
+	if err != nil {
+		log.Warn("Non-integer value for env var %s, defaulting to %d. Parse failed with error: %v", key, def, err)
+		return def
+	}
+	return v
+}
+
+// DurationEnv returns the parsed duration value of an environment variable, or
+// def otherwise.
+func DurationEnv(key string, def time.Duration) time.Duration {
+	vv, ok := os.LookupEnv(key)
+	if !ok {
+		return def
+	}
+	v, err := time.ParseDuration(vv)
+	if err != nil {
+		log.Warn("Non-duration value for env var %s, defaulting to %d. Parse failed with error: %v", key, def, err)
+		return def
+	}
+	return v
+}
+
+// ForEachStringTag runs fn on every key:val pair encountered in str.
+// str may contain multiple key:val pairs separated by either space
+// or comma (but not a mixture of both).
+func ForEachStringTag(str string, fn func(key string, val string)) {
+	sep := " "
+	if strings.Index(str, ",") > -1 {
+		// falling back to comma as separator
+		sep = ","
+	}
+	for _, tag := range strings.Split(str, sep) {
+		tag = strings.TrimSpace(tag)
+		if tag == "" {
+			continue
+		}
+		kv := strings.SplitN(tag, ":", 2)
+		key := strings.TrimSpace(kv[0])
+		if key == "" {
+			continue
+		}
+		var val string
+		if len(kv) == 2 {
+			val = strings.TrimSpace(kv[1])
+		}
+		fn(key, val)
+	}
+}
+
+// ParseTagString returns tags parsed from string as map
+func ParseTagString(str string) map[string]string {
+	res := make(map[string]string)
+	ForEachStringTag(str, func(key, val string) { res[key] = val })
+	return res
+}
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/gitmetadata.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/gitmetadata.go
new file mode 100644
index 000000000..5e6566a6f
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/gitmetadata.go
@@ -0,0 +1,123 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2023 Datadog, Inc.
+
+package internal
+
+import (
+	"os"
+	"sync"
+)
+
+const (
+	// EnvGitMetadataEnabledFlag specifies the environment variable name for enable/disable
+	EnvGitMetadataEnabledFlag = "DD_TRACE_GIT_METADATA_ENABLED"
+	// EnvGitRepositoryURL specifies the environment variable name for git repository URL
+	EnvGitRepositoryURL = "DD_GIT_REPOSITORY_URL"
+	// EnvGitCommitSha specifies the environment variable name git commit sha
+	EnvGitCommitSha = "DD_GIT_COMMIT_SHA"
+	// EnvDDTags specifies the environment variable name global tags
+	EnvDDTags = "DD_TAGS"
+
+	// TagRepositoryURL specifies the tag name for git repository URL
+	TagRepositoryURL = "git.repository_url"
+	// TagCommitSha specifies the tag name for git commit sha
+	TagCommitSha = "git.commit.sha"
+	// TagGoPath specifies the tag name for go module path
+	TagGoPath = "go_path"
+
+	// TraceTagRepositoryURL specifies the trace tag name for git repository URL
+	TraceTagRepositoryURL = "_dd.git.repository_url"
+	// TraceTagCommitSha specifies the trace tag name for git commit sha
+	TraceTagCommitSha = "_dd.git.commit.sha"
+	// TraceTagGoPath specifies the trace tag name for go module path
+	TraceTagGoPath = "_dd.go_path"
+)
+
+var (
+	lock = sync.Mutex{}
+
+	gitMetadataTags map[string]string
+)
+
+func updateTags(tags map[string]string, key string, value string) {
+	if _, ok := tags[key]; !ok && value != "" {
+		tags[key] = value
+	}
+}
+
+func updateAllTags(tags map[string]string, newtags map[string]string) {
+	for k, v := range newtags {
+		updateTags(tags, k, v)
+	}
+}
+
+// Get git metadata from environment variables
+func getTagsFromEnv() map[string]string {
+	return map[string]string{
+		TagRepositoryURL: os.Getenv(EnvGitRepositoryURL),
+		TagCommitSha:     os.Getenv(EnvGitCommitSha),
+	}
+}
+
+// Get git metadata from DD_TAGS
+func getTagsFromDDTags() map[string]string {
+	etags := ParseTagString(os.Getenv(EnvDDTags))
+
+	return map[string]string{
+		TagRepositoryURL: etags[TagRepositoryURL],
+		TagCommitSha:     etags[TagCommitSha],
+		TagGoPath:        etags[TagGoPath],
+	}
+}
+
+// GetGitMetadataTags returns git metadata tags
+func GetGitMetadataTags() map[string]string {
+	lock.Lock()
+	defer lock.Unlock()
+
+	if gitMetadataTags != nil {
+		return gitMetadataTags
+	}
+
+	gitMetadataTags = make(map[string]string)
+
+	if BoolEnv(EnvGitMetadataEnabledFlag, true) {
+		updateAllTags(gitMetadataTags, getTagsFromEnv())
+		updateAllTags(gitMetadataTags, getTagsFromDDTags())
+		updateAllTags(gitMetadataTags, getTagsFromBinary())
+	}
+
+	return gitMetadataTags
+}
+
+// ResetGitMetadataTags reset cashed metadata tags
+func ResetGitMetadataTags() {
+	lock.Lock()
+	defer lock.Unlock()
+
+	gitMetadataTags = nil
+}
+
+// CleanGitMetadataTags cleans up tags from git metadata
+func CleanGitMetadataTags(tags map[string]string) {
+	delete(tags, TagRepositoryURL)
+	delete(tags, TagCommitSha)
+	delete(tags, TagGoPath)
+}
+
+// GetTracerGitMetadataTags returns git metadata tags for tracer
+// NB: Currently tracer inject tags with some workaround
+// (only with _dd prefix and only for the first span in payload)
+// So we provide different tag names
+func GetTracerGitMetadataTags() map[string]string {
+	res := make(map[string]string)
+	tags := GetGitMetadataTags()
+
+	updateTags(res, TraceTagRepositoryURL, tags[TagRepositoryURL])
+	updateTags(res, TraceTagCommitSha, tags[TagCommitSha])
+	updateTags(res, TraceTagGoPath, tags[TagGoPath])
+
+	return res
+}
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/gitmetadatabinary.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/gitmetadatabinary.go
new file mode 100644
index 000000000..84ded5eda
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/gitmetadatabinary.go
@@ -0,0 +1,41 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2023 Datadog, Inc.
+
+//go:build go1.18
+// +build go1.18
+
+package internal
+
+import (
+	"runtime/debug"
+
+	"gopkg.in/DataDog/dd-trace-go.v1/internal/log"
+)
+
+// getTagsFromBinary extracts git metadata from binary metadata
+func getTagsFromBinary() map[string]string {
+	res := make(map[string]string)
+	info, ok := debug.ReadBuildInfo()
+	if !ok {
+		log.Debug("ReadBuildInfo failed, skip source code metadata extracting")
+		return res
+	}
+	goPath := info.Path
+	var vcs, commitSha string
+	for _, s := range info.Settings {
+		if s.Key == "vcs" {
+			vcs = s.Value
+		} else if s.Key == "vcs.revision" {
+			commitSha = s.Value
+		}
+	}
+	if vcs != "git" {
+		log.Debug("Unknown VCS: '%s', skip source code metadata extracting", vcs)
+		return res
+	}
+	res[TagCommitSha] = commitSha
+	res[TagGoPath] = goPath
+	return res
+}
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/gitmetadatabinary_legacy.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/gitmetadatabinary_legacy.go
new file mode 100644
index 000000000..85bcb43cc
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/gitmetadatabinary_legacy.go
@@ -0,0 +1,19 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2023 Datadog, Inc.
+
+//go:build !go1.18
+// +build !go1.18
+
+package internal
+
+import (
+	"gopkg.in/DataDog/dd-trace-go.v1/internal/log"
+)
+
+// getTagsFromBinary extracts git metadata from binary metadata
+func getTagsFromBinary() map[string]string {
+	log.Warn("go version below 1.18, BuildInfo has no vcs info, skip source code metadata extracting")
+	return make(map[string]string)
+}
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/globalconfig/globalconfig.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/globalconfig/globalconfig.go
new file mode 100644
index 000000000..e715954ac
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/globalconfig/globalconfig.go
@@ -0,0 +1,95 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016 Datadog, Inc.
+
+// Package globalconfig stores configuration which applies globally to both the tracer
+// and integrations.
+package globalconfig
+
+import (
+	"math"
+	"sync"
+
+	"gopkg.in/DataDog/dd-trace-go.v1/internal"
+
+	"github.com/google/uuid"
+)
+
+var cfg = &config{
+	analyticsRate: math.NaN(),
+	runtimeID:     uuid.New().String(),
+	headersAsTags: internal.NewLockMap(map[string]string{}),
+}
+
+type config struct {
+	mu            sync.RWMutex
+	analyticsRate float64
+	serviceName   string
+	runtimeID     string
+	headersAsTags *internal.LockMap
+}
+
+// AnalyticsRate returns the sampling rate at which events should be marked. It uses
+// synchronizing mechanisms, meaning that for optimal performance it's best to read it
+// once and store it.
+func AnalyticsRate() float64 {
+	cfg.mu.RLock()
+	defer cfg.mu.RUnlock()
+	return cfg.analyticsRate
+}
+
+// SetAnalyticsRate sets the given event sampling rate globally.
+func SetAnalyticsRate(rate float64) {
+	cfg.mu.Lock()
+	defer cfg.mu.Unlock()
+	cfg.analyticsRate = rate
+}
+
+// ServiceName returns the default service name used by non-client integrations such as servers and frameworks.
+func ServiceName() string {
+	cfg.mu.RLock()
+	defer cfg.mu.RUnlock()
+	return cfg.serviceName
+}
+
+// SetServiceName sets the global service name set for this application.
+func SetServiceName(name string) {
+	cfg.mu.Lock()
+	defer cfg.mu.Unlock()
+	cfg.serviceName = name
+}
+
+// RuntimeID returns this process's unique runtime id.
+func RuntimeID() string {
+	cfg.mu.RLock()
+	defer cfg.mu.RUnlock()
+	return cfg.runtimeID
+}
+
+// HeaderTagMap returns the mappings of headers to their tag values
+func HeaderTagMap() *internal.LockMap {
+	return cfg.headersAsTags
+}
+
+// HeaderTag returns the configured tag for a given header.
+// This function exists for testing purposes, for performance you may want to use `HeaderTagMap`
+func HeaderTag(header string) string {
+	return cfg.headersAsTags.Get(header)
+}
+
+// SetHeaderTag adds config for header `from` with tag value `to`
+func SetHeaderTag(from, to string) {
+	cfg.headersAsTags.Set(from, to)
+}
+
+// HeaderTagsLen returns the length of globalconfig's headersAsTags map, 0 for empty map
+func HeaderTagsLen() int {
+	return cfg.headersAsTags.Len()
+}
+
+// ClearHeaderTags assigns headersAsTags to a new, empty map
+// It is invoked when WithHeaderTags is called, in order to overwrite the config
+func ClearHeaderTags() {
+	cfg.headersAsTags.Clear()
+}
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/hostname/azure/azure.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/hostname/azure/azure.go
new file mode 100644
index 000000000..cb07c256a
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/hostname/azure/azure.go
@@ -0,0 +1,63 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016-present Datadog, Inc.
+
+package azure
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"time"
+
+	"gopkg.in/DataDog/dd-trace-go.v1/internal/hostname/cachedfetch"
+	"gopkg.in/DataDog/dd-trace-go.v1/internal/hostname/httputils"
+	"gopkg.in/DataDog/dd-trace-go.v1/internal/hostname/validate"
+)
+
+// declare these as vars not const to ease testing
+var (
+	metadataURL = "http://169.254.169.254"
+	timeout     = 300 * time.Millisecond
+
+	// CloudProviderName contains the inventory name of for Azure
+	CloudProviderName = "Azure"
+)
+
+func getResponse(ctx context.Context, url string) (string, error) {
+	return httputils.Get(ctx, url, map[string]string{"Metadata": "true"}, timeout)
+}
+
+// GetHostname returns hostname based on Azure instance metadata.
+func GetHostname(ctx context.Context) (string, error) {
+	metadataJSON, err := instanceMetaFetcher.Fetch(ctx)
+	if err != nil {
+		return "", err
+	}
+
+	var metadata struct {
+		VMID string
+	}
+	if err := json.Unmarshal([]byte(metadataJSON), &metadata); err != nil {
+		return "", fmt.Errorf("failed to parse Azure instance metadata: %s", err)
+	}
+
+	if err := validate.ValidHostname(metadata.VMID); err != nil {
+		return "", err
+	}
+
+	return metadata.VMID, nil
+}
+
+var instanceMetaFetcher = cachedfetch.Fetcher{
+	Name: "Azure Instance Metadata",
+	Attempt: func(ctx context.Context) (string, error) {
+		metadataJSON, err := getResponse(ctx,
+			metadataURL+"/metadata/instance/compute?api-version=2017-08-01")
+		if err != nil {
+			return "", fmt.Errorf("failed to get Azure instance metadata: %s", err)
+		}
+		return metadataJSON, nil
+	},
+}
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/hostname/cachedfetch/fetcher.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/hostname/cachedfetch/fetcher.go
new file mode 100644
index 000000000..17d1a3837
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/hostname/cachedfetch/fetcher.go
@@ -0,0 +1,86 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016-present Datadog, Inc.
+
+// This file is pulled from datadog-agent/pkg/util/cachedfetch changing the logger and using strings only
+
+// Package cachedfetch provides a read-through cache for fetched values.
+package cachedfetch
+
+import (
+	"context"
+	"sync"
+
+	"gopkg.in/DataDog/dd-trace-go.v1/internal/log"
+)
+
+// Fetcher supports fetching a value, such as from a cloud service API.  An
+// attempt is made to fetch the value on each call to Fetch, but if that
+// attempt fails then a cached value from the last successful attempt is
+// returned, if such a value exists.  This helps the agent to "ride out"
+// temporary failures in cloud APIs while still fetching fresh data when those
+// APIs are functioning properly.  Cached values do not expire.
+//
+// Callers should instantiate one fetcher per piece of data required.
+type Fetcher struct {
+	// function that attempts to fetch the value
+	Attempt func(context.Context) (string, error)
+
+	// the name of the thing being fetched, used in the default log message.  At
+	// least one of Name and LogFailure must be non-nil.
+	Name string
+
+	// function to log a fetch failure, given the error and the last successful
+	// value.  This function is not called if there is no last successful value.
+	// If left at its zero state, a default log message will be generated, using
+	// Name.
+	LogFailure func(error, interface{})
+
+	// previous successfully fetched value
+	lastValue interface{}
+
+	// mutex to protect access to lastValue
+	sync.Mutex
+}
+
+// Fetch attempts to fetch the value, returning the result or the last successful
+// value, or an error if no attempt has ever been successful.  No special handling
+// is included for the Context: both context.Cancelled and context.DeadlineExceeded
+// are handled like any other error by returning the cached value.
+//
+// This can be called from multiple goroutines, in which case it will call Attempt
+// concurrently.
+func (f *Fetcher) Fetch(ctx context.Context) (string, error) {
+	value, err := f.Attempt(ctx)
+	if err == nil {
+		f.Lock()
+		f.lastValue = value
+		f.Unlock()
+		return value, nil
+	}
+
+	f.Lock()
+	lastValue := f.lastValue
+	f.Unlock()
+
+	if lastValue == nil {
+		// attempt was never successful
+		return value, err
+	}
+
+	if f.LogFailure == nil {
+		log.Debug("Unable to get %s; returning cached value instead", f.Name)
+	} else {
+		f.LogFailure(err, lastValue)
+	}
+
+	return lastValue.(string), nil
+}
+
+// Reset resets the cached value (used for testing)
+func (f *Fetcher) Reset() {
+	f.Lock()
+	f.lastValue = nil
+	f.Unlock()
+}
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/hostname/ec2/ec2.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/hostname/ec2/ec2.go
new file mode 100644
index 000000000..42c76ba96
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/hostname/ec2/ec2.go
@@ -0,0 +1,72 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016-present Datadog, Inc.
+
+package ec2
+
+import (
+	"context"
+	"fmt"
+	"strings"
+	"time"
+
+	"gopkg.in/DataDog/dd-trace-go.v1/internal/hostname/cachedfetch"
+	"gopkg.in/DataDog/dd-trace-go.v1/internal/hostname/httputils"
+)
+
+// declare these as vars not const to ease testing
+var (
+	metadataURL     = "http://169.254.169.254/latest/meta-data"
+	defaultPrefixes = []string{"ip-", "domu", "ec2amaz-"}
+
+	MaxHostnameSize = 255
+)
+
+var instanceIDFetcher = cachedfetch.Fetcher{
+	Name: "EC2 InstanceID",
+	Attempt: func(ctx context.Context) (string, error) {
+		return getMetadataItemWithMaxLength(ctx,
+			"/instance-id",
+			MaxHostnameSize,
+		)
+	},
+}
+
+// GetInstanceID fetches the instance id for current host from the EC2 metadata API
+func GetInstanceID(ctx context.Context) (string, error) {
+	return instanceIDFetcher.Fetch(ctx)
+}
+
+func getMetadataItemWithMaxLength(ctx context.Context, endpoint string, maxLength int) (string, error) {
+	result, err := getMetadataItem(ctx, endpoint)
+	if err != nil {
+		return result, err
+	}
+	if len(result) > maxLength {
+		return "", fmt.Errorf("%v gave a response with length > to %v", endpoint, maxLength)
+	}
+	return result, err
+}
+
+func getMetadataItem(ctx context.Context, endpoint string) (string, error) {
+	return doHTTPRequest(ctx, metadataURL+endpoint)
+}
+
+func doHTTPRequest(ctx context.Context, url string) (string, error) {
+	headers := map[string]string{}
+	// Note: This assumes IMDS v1. IMDS v2 won't work in a containerized app and requires an API Token
+	// Users who have disabled IMDS v1 in favor of v2 will get a fallback hostname from a different provider (likely OS).
+	return httputils.Get(ctx, url, headers, 300*time.Millisecond)
+}
+
+// IsDefaultHostname checks if a hostname is an EC2 default
+func IsDefaultHostname(hostname string) bool {
+	hostname = strings.ToLower(hostname)
+	isDefault := false
+
+	for _, val := range defaultPrefixes {
+		isDefault = isDefault || strings.HasPrefix(hostname, val)
+	}
+	return isDefault
+}
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/hostname/ecs/aws.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/hostname/ecs/aws.go
new file mode 100644
index 000000000..2623774b8
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/hostname/ecs/aws.go
@@ -0,0 +1,54 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2023 Datadog, Inc.
+
+package ecs
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"os"
+	"time"
+
+	"gopkg.in/DataDog/dd-trace-go.v1/internal/hostname/cachedfetch"
+	"gopkg.in/DataDog/dd-trace-go.v1/internal/hostname/httputils"
+)
+
+// declare these as vars not const to ease testing
+var (
+	metadataURL = os.Getenv("ECS_CONTAINER_METADATA_URI_V4")
+	timeout     = 300 * time.Millisecond
+)
+
+var taskFetcher = cachedfetch.Fetcher{
+	Name: "ECS LaunchType",
+	Attempt: func(ctx context.Context) (string, error) {
+		taskJSON, err := getResponse(ctx, metadataURL+"/task")
+		if err != nil {
+			return "", fmt.Errorf("failed to get ECS task metadata: %s", err)
+		}
+		return taskJSON, nil
+	},
+}
+
+func getResponse(ctx context.Context, url string) (string, error) {
+	return httputils.Get(ctx, url, map[string]string{}, timeout)
+}
+
+// GetLaunchType gets the launch-type based on the ECS Task metadata endpoint
+func GetLaunchType(ctx context.Context) (string, error) {
+	taskJSON, err := taskFetcher.Fetch(ctx)
+	if err != nil {
+		return "", err
+	}
+
+	var metadata struct {
+		LaunchType string
+	}
+	if err := json.Unmarshal([]byte(taskJSON), &metadata); err != nil {
+		return "", fmt.Errorf("failed to parse ecs task metadata: %s", err)
+	}
+	return metadata.LaunchType, nil
+}
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/hostname/fqdn_nix.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/hostname/fqdn_nix.go
new file mode 100644
index 000000000..336b80947
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/hostname/fqdn_nix.go
@@ -0,0 +1,28 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016-present Datadog, Inc.
+
+// This file is exactly pulled from datadog-agent/pkg/util/hostname
+
+//go:build !windows
+// +build !windows
+
+package hostname
+
+import (
+	"context"
+	"os/exec"
+	"strings"
+	"time"
+)
+
+func getSystemFQDN() (string, error) {
+	ctx, cancel := context.WithTimeout(context.Background(), time.Second*1)
+	defer cancel()
+
+	cmd := exec.CommandContext(ctx, "/bin/hostname", "-f")
+
+	out, err := cmd.Output()
+	return strings.TrimSpace(string(out)), err
+}
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/hostname/fqdn_windows.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/hostname/fqdn_windows.go
new file mode 100644
index 000000000..e76da716d
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/hostname/fqdn_windows.go
@@ -0,0 +1,14 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016-present Datadog, Inc.
+
+package hostname
+
+import (
+	"fmt"
+)
+
+func getSystemFQDN() (string, error) {
+	return "", fmt.Errorf("SystemFQDN provider not implemented for windows")
+}
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/hostname/gce/gce.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/hostname/gce/gce.go
new file mode 100644
index 000000000..e6965d556
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/hostname/gce/gce.go
@@ -0,0 +1,120 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016-present Datadog, Inc.
+
+package gce
+
+import (
+	"context"
+	"fmt"
+	"strings"
+	"time"
+
+	"gopkg.in/DataDog/dd-trace-go.v1/internal/hostname/cachedfetch"
+	"gopkg.in/DataDog/dd-trace-go.v1/internal/hostname/httputils"
+)
+
+// declare these as vars not const to ease testing
+var (
+	metadataURL = "http://169.254.169.254/computeMetadata/v1"
+)
+
+var hostnameFetcher = cachedfetch.Fetcher{
+	Name: "GCP Hostname",
+	Attempt: func(ctx context.Context) (string, error) {
+		hostname, err := getResponseWithMaxLength(ctx, metadataURL+"/instance/hostname",
+			255)
+		if err != nil {
+			return "", fmt.Errorf("unable to retrieve hostname from GCE: %s", err)
+		}
+		return hostname, nil
+	},
+}
+
+var projectIDFetcher = cachedfetch.Fetcher{
+	Name: "GCP Project ID",
+	Attempt: func(ctx context.Context) (string, error) {
+		projectID, err := getResponseWithMaxLength(ctx,
+			metadataURL+"/project/project-id",
+			255)
+		if err != nil {
+			return "", fmt.Errorf("unable to retrieve project ID from GCE: %s", err)
+		}
+		return projectID, err
+	},
+}
+
+var nameFetcher = cachedfetch.Fetcher{
+	Name: "GCP Instance Name",
+	Attempt: func(ctx context.Context) (string, error) {
+		return getResponseWithMaxLength(ctx,
+			metadataURL+"/instance/name",
+			255)
+	},
+}
+
+// GetCanonicalHostname returns the DD canonical hostname (prefer: <instance-name>.<project-id>, otherwise <hostname>)
+func GetCanonicalHostname(ctx context.Context) (string, error) {
+	hostname, err := GetHostname(ctx)
+	if err != nil {
+		return "", err
+	}
+
+	instanceAlias, err := getInstanceAlias(ctx, hostname)
+	if err != nil {
+		return hostname, nil
+	}
+	return instanceAlias, nil
+}
+
+func getInstanceAlias(ctx context.Context, hostname string) (string, error) {
+	instanceName, err := nameFetcher.Fetch(ctx)
+	if err != nil {
+		// If the endpoint is not reachable, fallback on the old way to get the alias.
+		// For instance, it happens in GKE, where the metadata server is only a subset
+		// of the Compute Engine metadata server.
+		// See https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity#gke_mds
+		if hostname == "" {
+			return "", fmt.Errorf("unable to retrieve instance name and hostname from GCE: %s", err)
+		}
+		instanceName = strings.SplitN(hostname, ".", 2)[0]
+	}
+
+	projectID, err := projectIDFetcher.Fetch(ctx)
+	if err != nil {
+		return "", err
+	}
+
+	return fmt.Sprintf("%s.%s", instanceName, projectID), nil
+}
+
+// GetHostname returns the hostname querying GCE Metadata api
+func GetHostname(ctx context.Context) (string, error) {
+	return hostnameFetcher.Fetch(ctx)
+}
+
+func getResponseWithMaxLength(ctx context.Context, endpoint string, maxLength int) (string, error) {
+	result, err := getResponse(ctx, endpoint)
+	if err != nil {
+		return result, err
+	}
+	if len(result) > maxLength {
+		return "", fmt.Errorf("%v gave a response with length > to %v", endpoint, maxLength)
+	}
+	return result, err
+}
+
+func getResponse(ctx context.Context, url string) (string, error) {
+	res, err := httputils.Get(ctx, url, map[string]string{"Metadata-Flavor": "Google"}, 1000*time.Millisecond)
+	if err != nil {
+		return "", fmt.Errorf("GCE metadata API error: %s", err)
+	}
+
+	// Some cloud platforms will respond with an empty body, causing the agent to assume a faulty hostname
+	if len(res) <= 0 {
+		return "", fmt.Errorf("empty response body")
+	}
+
+	return res, nil
+}
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/hostname/httputils/helpers.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/hostname/httputils/helpers.go
new file mode 100644
index 000000000..861acc356
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/hostname/httputils/helpers.go
@@ -0,0 +1,74 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2023 Datadog, Inc.
+
+// This file is pulled from datadog-agent/pkg/util/http (Only removing agent SSL config and unused funcs)
+
+package httputils
+
+import (
+	"context"
+	"fmt"
+	"io"
+	"net"
+	"net/http"
+	"time"
+)
+
+func createTransport() *http.Transport {
+	return &http.Transport{
+		DialContext: (&net.Dialer{
+			Timeout: 30 * time.Second,
+			// Enables TCP keep-alives to detect broken connections
+			KeepAlive: 30 * time.Second,
+			// Disable RFC 6555 Fast Fallback ("Happy Eyeballs")
+			FallbackDelay: -1 * time.Nanosecond,
+		}).DialContext,
+		MaxIdleConns:        100,
+		MaxIdleConnsPerHost: 5,
+		// This parameter is set to avoid connections sitting idle in the pool indefinitely
+		IdleConnTimeout:       90 * time.Second,
+		TLSHandshakeTimeout:   10 * time.Second,
+		ExpectContinueTimeout: 1 * time.Second,
+		Proxy:                 http.ProxyFromEnvironment,
+	}
+}
+
+// Get is a high level helper to query a URL and return its body as a string
+func Get(ctx context.Context, URL string, headers map[string]string, timeout time.Duration) (string, error) {
+	client := http.Client{
+		Transport: createTransport(),
+		Timeout:   timeout,
+	}
+
+	req, err := http.NewRequestWithContext(ctx, http.MethodGet, URL, nil)
+	if err != nil {
+		return "", err
+	}
+
+	for header, value := range headers {
+		req.Header.Add(header, value)
+	}
+
+	res, err := client.Do(req)
+	if err != nil {
+		return "", err
+	}
+
+	return parseResponse(res, "GET", URL)
+}
+
+func parseResponse(res *http.Response, method string, URL string) (string, error) {
+	if res.StatusCode != 200 {
+		return "", fmt.Errorf("status code %d trying to %s %s", res.StatusCode, method, URL)
+	}
+
+	defer res.Body.Close()
+	all, err := io.ReadAll(res.Body)
+	if err != nil {
+		return "", fmt.Errorf("error while reading response from %s: %s", URL, err)
+	}
+
+	return string(all), nil
+}
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/hostname/providers.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/hostname/providers.go
new file mode 100644
index 000000000..85c685df2
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/hostname/providers.go
@@ -0,0 +1,245 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2023 Datadog, Inc.
+
+package hostname
+
+import (
+	"context"
+	"fmt"
+	"os"
+	"sync"
+	"sync/atomic"
+	"time"
+
+	"gopkg.in/DataDog/dd-trace-go.v1/internal/hostname/azure"
+	"gopkg.in/DataDog/dd-trace-go.v1/internal/hostname/ec2"
+	"gopkg.in/DataDog/dd-trace-go.v1/internal/hostname/ecs"
+	"gopkg.in/DataDog/dd-trace-go.v1/internal/hostname/gce"
+	"gopkg.in/DataDog/dd-trace-go.v1/internal/hostname/validate"
+	"gopkg.in/DataDog/dd-trace-go.v1/internal/log"
+)
+
+// For testing purposes
+var (
+	fargatePf = fargate
+)
+
+var (
+	cachedHostname  string
+	cachedAt        time.Time
+	cachedProvider  string
+	cacheExpiration = 5 * time.Minute
+	m               sync.RWMutex
+	isRefreshing    atomic.Value
+)
+
+const fargateName = "fargate"
+
+func init() {
+	isRefreshing.Store(false)
+}
+
+// getCached returns the cached hostname, cached provider and a bool indicating if the hostname has expired
+func getCached(now time.Time) (string, string, bool) {
+	m.RLock()
+	defer m.RUnlock()
+	if now.Sub(cachedAt) > cacheExpiration {
+		return cachedHostname, cachedProvider, true
+	}
+	return cachedHostname, cachedProvider, false
+}
+
+// setCached caches the newHostname
+func setCached(now time.Time, newHostname string, newProvider string) {
+	m.Lock()
+	defer m.Unlock()
+	cachedHostname = newHostname
+	cachedAt = now
+	cachedProvider = newProvider
+}
+
+type provider struct {
+	name string
+	// Should we stop going down the list of providers if this one is successful
+	stopIfSuccessful bool
+	pf               providerFetch
+}
+
+type providerFetch func(ctx context.Context, currentHostname string) (string, error)
+
+var providerCatalog = []provider{
+	{
+		name:             "configuration",
+		stopIfSuccessful: true,
+		pf:               fromConfig,
+	},
+	{
+		name:             fargateName,
+		stopIfSuccessful: true,
+		pf:               fromFargate,
+	},
+	{
+		name:             "gce",
+		stopIfSuccessful: true,
+		pf:               fromGce,
+	},
+	{
+		name:             "azure",
+		stopIfSuccessful: true,
+		pf:               fromAzure,
+	},
+	// The following providers are coupled. Their behavior changes depending on the result of the previous provider.
+	// Therefore, 'stopIfSuccessful' is set to false.
+	{
+		name:             "fqdn",
+		stopIfSuccessful: false,
+		pf:               fromFQDN,
+	},
+	{
+		name:             "container",
+		stopIfSuccessful: false,
+		pf:               fromContainer,
+	},
+	{
+		name:             "os",
+		stopIfSuccessful: false,
+		pf:               fromOS,
+	},
+	{
+		name:             "aws",
+		stopIfSuccessful: false,
+		pf:               fromEC2,
+	},
+}
+
+// Get returns the cached hostname for the tracer, empty if we haven't found one yet.
+// Spawning a go routine to update the hostname if it is empty or out of date
+func Get() string {
+	now := time.Now()
+	var (
+		ch      string
+		expired bool
+		pv      string
+	)
+	// if provider is fargate never refresh
+	// Otherwise, refresh on expiration or if hostname hasn't been found.
+	if ch, pv, expired = getCached(now); pv == fargateName || (!expired && ch != "") {
+		return ch
+	}
+	// Use CAS to avoid spawning more than one go-routine trying to update the cached hostname
+	ir := isRefreshing.CompareAndSwap(false, true)
+	if ir {
+		// TODO: One optimization we could do here is hook into the tracer shutdown signal to gracefully disconnect here
+		// For now, we think the added complexity isn't worth it for this single go routine that only runs every 5 minutes.
+		go func() {
+			updateHostname(now)
+		}()
+	}
+	return ch
+}
+
+func updateHostname(now time.Time) {
+	defer isRefreshing.Store(false)
+	ctx, cancel := context.WithTimeout(context.Background(), 5*time.Minute)
+	defer cancel()
+	var hostname string
+	var hnProvider string
+
+	for _, p := range providerCatalog {
+		detectedHostname, err := p.pf(ctx, hostname)
+		if err != nil {
+			log.Debug("Unable to get hostname from provider %s: %v", p.name, err)
+			continue
+		}
+		hostname = detectedHostname
+		hnProvider = p.name
+		log.Debug("Found hostname %s, from provider %s", hostname, p.name)
+		if p.stopIfSuccessful {
+			log.Debug("Hostname detection stopping early")
+			setCached(now, hostname, p.name)
+			return
+		}
+	}
+	if hostname != "" {
+		log.Debug("Winning hostname %s from provider %s", hostname, hnProvider)
+		setCached(now, hostname, hnProvider)
+	} else {
+		log.Debug("Unable to reliably determine hostname. You can define one via env var DD_HOSTNAME")
+	}
+}
+
+func fromConfig(_ context.Context, _ string) (string, error) {
+	hn := os.Getenv("DD_HOSTNAME")
+	err := validate.ValidHostname(hn)
+	if err != nil {
+		return "", err
+	}
+	return hn, nil
+}
+
+func fromFargate(ctx context.Context, _ string) (string, error) {
+	return fargatePf(ctx)
+}
+
+func fargate(ctx context.Context) (string, error) {
+	if _, ok := os.LookupEnv("ECS_CONTAINER_METADATA_URI_V4"); !ok {
+		return "", fmt.Errorf("not running in fargate")
+	}
+	launchType, err := ecs.GetLaunchType(ctx)
+	if err != nil {
+		return "", err
+	}
+	if launchType == "FARGATE" {
+		// If we're running on fargate we strip the hostname
+		return "", nil
+	}
+	return "", fmt.Errorf("not running in fargate")
+}
+
+func fromGce(ctx context.Context, _ string) (string, error) {
+	return gce.GetCanonicalHostname(ctx)
+}
+
+func fromAzure(ctx context.Context, _ string) (string, error) {
+	return azure.GetHostname(ctx)
+}
+
+func fromFQDN(_ context.Context, _ string) (string, error) {
+	//TODO: test this on windows
+	fqdn, err := getSystemFQDN()
+	if err != nil {
+		return "", fmt.Errorf("unable to get FQDN from system: %s", err)
+	}
+	return fqdn, nil
+}
+
+func fromOS(_ context.Context, currentHostname string) (string, error) {
+	if currentHostname == "" {
+		return os.Hostname()
+	}
+	return "", fmt.Errorf("skipping OS hostname as a previous provider found a valid hostname")
+}
+
+func fromContainer(_ context.Context, _ string) (string, error) {
+	// This provider is not implemented as most customers do not provide access to kube-api server, kubelet, or docker socket
+	// on their application containers. Providing this access is almost always a not-good idea and could be burdensome for customers.
+	return "", fmt.Errorf("container hostname detection not implemented")
+}
+
+func fromEC2(ctx context.Context, currentHostname string) (string, error) {
+	if ec2.IsDefaultHostname(currentHostname) {
+		// If the current hostname is a default one we try to get the instance id
+		instanceID, err := ec2.GetInstanceID(ctx)
+		if err != nil {
+			return "", fmt.Errorf("unable to determine hostname from EC2: %s", err)
+		}
+		err = validate.ValidHostname(instanceID)
+		if err != nil {
+			return "", fmt.Errorf("EC2 instance id is not a valid hostname: %s", err)
+		}
+		return instanceID, nil
+	}
+	return "", fmt.Errorf("not retrieving hostname from AWS: the host is not an ECS instance and other providers already retrieve non-default hostnames")
+}
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/hostname/validate/validate.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/hostname/validate/validate.go
new file mode 100644
index 000000000..fa97b1c99
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/hostname/validate/validate.go
@@ -0,0 +1,57 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016-present Datadog, Inc.
+
+// This file is exactly pulled from datadog-agent/pkg/util/hostname/validate only changing the logger
+
+// Package validate provides hostname validation helpers
+package validate
+
+import (
+	"fmt"
+	"regexp"
+	"strings"
+
+	"gopkg.in/DataDog/dd-trace-go.v1/internal/log"
+)
+
+const maxLength = 255
+
+var (
+	validHostnameRfc1123 = regexp.MustCompile(`^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$`)
+	localhostIdentifiers = []string{
+		"localhost",
+		"localhost.localdomain",
+		"localhost6.localdomain6",
+		"ip6-localhost",
+	}
+)
+
+// ValidHostname determines whether the passed string is a valid hostname.
+// In case it's not, the returned error contains the details of the failure.
+func ValidHostname(hostname string) error {
+	if hostname == "" {
+		return fmt.Errorf("hostname is empty")
+	} else if isLocal(hostname) {
+		return fmt.Errorf("%s is a local hostname", hostname)
+	} else if len(hostname) > maxLength {
+		log.Error("ValidHostname: name exceeded the maximum length of %d characters", maxLength)
+		return fmt.Errorf("name exceeded the maximum length of %d characters", maxLength)
+	} else if !validHostnameRfc1123.MatchString(hostname) {
+		log.Error("ValidHostname: %s is not RFC1123 compliant", hostname)
+		return fmt.Errorf("%s is not RFC1123 compliant", hostname)
+	}
+	return nil
+}
+
+// check whether the name is in the list of local hostnames
+func isLocal(name string) bool {
+	name = strings.ToLower(name)
+	for _, val := range localhostIdentifiers {
+		if val == name {
+			return true
+		}
+	}
+	return false
+}
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/log/log.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/log/log.go
new file mode 100644
index 000000000..b6f732913
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/log/log.go
@@ -0,0 +1,243 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016 Datadog, Inc.
+
+// Package log provides logging utilities for the tracer.
+package log
+
+import (
+	"fmt"
+	"log"
+	"os"
+	"strconv"
+	"strings"
+	"sync"
+	"time"
+
+	"gopkg.in/DataDog/dd-trace-go.v1/internal/version"
+)
+
+// Level specifies the logging level that the log package prints at.
+type Level int
+
+const (
+	// LevelDebug represents debug level messages.
+	LevelDebug Level = iota
+	// LevelWarn represents warning and errors.
+	LevelWarn
+)
+
+var prefixMsg = fmt.Sprintf("Datadog Tracer %s", version.Tag)
+
+// Logger implementations are able to log given messages that the tracer might
+// output. This interface is duplicated here to avoid a cyclic dependency
+// between this package and ddtrace
+type Logger interface {
+	// Log prints the given message.
+	Log(msg string)
+}
+
+var (
+	mu     sync.RWMutex // guards below fields
+	level               = LevelWarn
+	logger Logger       = &defaultLogger{l: log.New(os.Stderr, "", log.LstdFlags)}
+)
+
+// UseLogger sets l as the active logger and returns a function to restore the
+// previous logger. The return value is mostly useful when testing.
+func UseLogger(l Logger) (undo func()) {
+	Flush()
+	mu.Lock()
+	defer mu.Unlock()
+	old := logger
+	logger = l
+	return func() {
+		logger = old
+	}
+}
+
+// SetLevel sets the given lvl for logging.
+func SetLevel(lvl Level) {
+	mu.Lock()
+	defer mu.Unlock()
+	level = lvl
+}
+
+// DebugEnabled returns true if debug log messages are enabled. This can be used in extremely
+// hot code paths to avoid allocating the ...interface{} argument.
+func DebugEnabled() bool {
+	mu.RLock()
+	lvl := level
+	mu.RUnlock()
+	return lvl == LevelDebug
+}
+
+// Debug prints the given message if the level is LevelDebug.
+func Debug(fmt string, a ...interface{}) {
+	if !DebugEnabled() {
+		return
+	}
+	printMsg("DEBUG", fmt, a...)
+}
+
+// Warn prints a warning message.
+func Warn(fmt string, a ...interface{}) {
+	printMsg("WARN", fmt, a...)
+}
+
+// Info prints an informational message.
+func Info(fmt string, a ...interface{}) {
+	printMsg("INFO", fmt, a...)
+}
+
+var (
+	errmu   sync.RWMutex                // guards below fields
+	erragg  = map[string]*errorReport{} // aggregated errors
+	errrate = time.Minute               // the rate at which errors are reported
+	erron   bool                        // true if errors are being aggregated
+)
+
+func init() {
+	if v := os.Getenv("DD_LOGGING_RATE"); v != "" {
+		if sec, err := strconv.ParseUint(v, 10, 64); err != nil {
+			Warn("Invalid value for DD_LOGGING_RATE: %v", err)
+		} else {
+			errrate = time.Duration(sec) * time.Second
+		}
+	}
+}
+
+type errorReport struct {
+	first time.Time // time when first error occurred
+	err   error
+	count uint64
+}
+
+// Error reports an error. Errors get aggregated and logged periodically. The
+// default is once per minute or once every DD_LOGGING_RATE number of seconds.
+func Error(format string, a ...interface{}) {
+	key := format // format should 99.9% of the time be constant
+	if reachedLimit(key) {
+		// avoid too much lock contention on spammy errors
+		return
+	}
+	errmu.Lock()
+	defer errmu.Unlock()
+	report, ok := erragg[key]
+	if !ok {
+		erragg[key] = &errorReport{
+			err:   fmt.Errorf(format, a...),
+			first: time.Now(),
+		}
+		report = erragg[key]
+	}
+	report.count++
+	if errrate == 0 {
+		flushLocked()
+		return
+	}
+	if !erron {
+		erron = true
+		time.AfterFunc(errrate, Flush)
+	}
+}
+
+// defaultErrorLimit specifies the maximum number of errors gathered in a report.
+const defaultErrorLimit = 200
+
+// reachedLimit reports whether the maximum count has been reached for this key.
+func reachedLimit(key string) bool {
+	errmu.RLock()
+	e, ok := erragg[key]
+	confirm := ok && e.count > defaultErrorLimit
+	errmu.RUnlock()
+	return confirm
+}
+
+// Flush flushes and resets all aggregated errors to the logger.
+func Flush() {
+	errmu.Lock()
+	defer errmu.Unlock()
+	flushLocked()
+}
+
+func flushLocked() {
+	for _, report := range erragg {
+		msg := fmt.Sprintf("%v", report.err)
+		if report.count > defaultErrorLimit {
+			msg += fmt.Sprintf(", %d+ additional messages skipped (first occurrence: %s)", defaultErrorLimit, report.first.Format(time.RFC822))
+		} else if report.count > 1 {
+			msg += fmt.Sprintf(", %d additional messages skipped (first occurrence: %s)", report.count-1, report.first.Format(time.RFC822))
+		} else {
+			msg += fmt.Sprintf(" (occurred: %s)", report.first.Format(time.RFC822))
+		}
+		printMsg("ERROR", msg)
+	}
+	for k := range erragg {
+		// compiler-optimized map-clearing post go1.11 (golang/go#20138)
+		delete(erragg, k)
+	}
+	erron = false
+}
+
+func printMsg(lvl, format string, a ...interface{}) {
+	msg := fmt.Sprintf("%s %s: %s", prefixMsg, lvl, fmt.Sprintf(format, a...))
+	mu.RLock()
+	logger.Log(msg)
+	mu.RUnlock()
+}
+
+type defaultLogger struct{ l *log.Logger }
+
+func (p *defaultLogger) Log(msg string) { p.l.Print(msg) }
+
+// DiscardLogger discards every call to Log().
+type DiscardLogger struct{}
+
+// Log implements Logger.
+func (d DiscardLogger) Log(_ string) {}
+
+// RecordLogger records every call to Log() and makes it available via Logs().
+type RecordLogger struct {
+	m      sync.Mutex
+	logs   []string
+	ignore []string // a log is ignored if it contains a string in ignored
+}
+
+// Ignore adds substrings to the ignore field of RecordLogger, allowing
+// the RecordLogger to ignore attempts to log strings with certain substrings.
+func (r *RecordLogger) Ignore(substrings ...string) {
+	r.m.Lock()
+	defer r.m.Unlock()
+	r.ignore = append(r.ignore, substrings...)
+}
+
+// Log implements Logger.
+func (r *RecordLogger) Log(msg string) {
+	r.m.Lock()
+	defer r.m.Unlock()
+	for _, ignored := range r.ignore {
+		if strings.Contains(msg, ignored) {
+			return
+		}
+	}
+	r.logs = append(r.logs, msg)
+}
+
+// Logs returns the ordered list of logs recorded by the logger.
+func (r *RecordLogger) Logs() []string {
+	r.m.Lock()
+	defer r.m.Unlock()
+	copied := make([]string, len(r.logs))
+	copy(copied, r.logs)
+	return copied
+}
+
+// Reset resets the logger's internal logs
+func (r *RecordLogger) Reset() {
+	r.m.Lock()
+	defer r.m.Unlock()
+	r.logs = r.logs[:0]
+	r.ignore = r.ignore[:0]
+}
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/namingschema/namingschema.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/namingschema/namingschema.go
new file mode 100644
index 000000000..3265ba33a
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/namingschema/namingschema.go
@@ -0,0 +1,117 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2023 Datadog, Inc.
+
+// Package namingschema provides functionality to create naming schemas used by integrations to set different
+// service and span/operation names based on the value of the DD_TRACE_SPAN_ATTRIBUTE_SCHEMA environment variable.
+// It also provides some already implemented schemas for common use cases (client-server, db, messaging, etc.).
+//
+// How to use this package:
+// 1. Implement the VersionSupportSchema interface containing the correct name for each version.
+// 2. Create a new Schema using the New function.
+// 3. Call Schema.GetName to get the correct name based on the user configuration.
+package namingschema
+
+import (
+	"strings"
+	"sync"
+)
+
+// Version represents the available naming schema versions.
+type Version int
+
+const (
+	// SchemaV0 represents naming schema v0.
+	SchemaV0 Version = iota
+	// SchemaV1 represents naming schema v1.
+	SchemaV1
+)
+
+const (
+	defaultSchemaVersion = SchemaV0
+)
+
+var (
+	sv   Version
+	svMu sync.RWMutex
+
+	useGlobalServiceName   bool
+	useGlobalServiceNameMu sync.RWMutex
+)
+
+// ParseVersion attempts to parse the version string.
+func ParseVersion(v string) (Version, bool) {
+	switch strings.ToLower(v) {
+	case "", "v0":
+		return SchemaV0, true
+	case "v1":
+		return SchemaV1, true
+	default:
+		return SchemaV0, false
+	}
+}
+
+// GetVersion returns the global naming schema version used for this application.
+func GetVersion() Version {
+	svMu.RLock()
+	defer svMu.RUnlock()
+	return sv
+}
+
+// SetVersion sets the global naming schema version used for this application.
+func SetVersion(v Version) {
+	svMu.Lock()
+	defer svMu.Unlock()
+	sv = v
+}
+
+// SetDefaultVersion sets the default global naming schema version.
+func SetDefaultVersion() Version {
+	SetVersion(defaultSchemaVersion)
+	return defaultSchemaVersion
+}
+
+// UseGlobalServiceName returns the value of the useGlobalServiceName setting for this application.
+func UseGlobalServiceName() bool {
+	useGlobalServiceNameMu.RLock()
+	defer useGlobalServiceNameMu.RUnlock()
+	return useGlobalServiceName
+}
+
+// SetUseGlobalServiceName sets the value of the useGlobalServiceName setting used for this application.
+func SetUseGlobalServiceName(v bool) {
+	useGlobalServiceNameMu.Lock()
+	defer useGlobalServiceNameMu.Unlock()
+	useGlobalServiceName = v
+}
+
+// VersionSupportSchema is an interface that ensures all the available naming schema versions are implemented by the caller.
+type VersionSupportSchema interface {
+	V0() string
+	V1() string
+}
+
+// Schema allows to select the proper name to use based on the given VersionSupportSchema.
+type Schema struct {
+	selectedVersion Version
+	vSchema         VersionSupportSchema
+}
+
+// New initializes a new Schema.
+func New(vSchema VersionSupportSchema) *Schema {
+	return &Schema{
+		selectedVersion: GetVersion(),
+		vSchema:         vSchema,
+	}
+}
+
+// GetName returns the proper name for this Schema for the user selected version.
+func (s *Schema) GetName() string {
+	switch s.selectedVersion {
+	case SchemaV1:
+		return s.vSchema.V1()
+	default:
+		return s.vSchema.V0()
+	}
+}
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/namingschema/op_cache.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/namingschema/op_cache.go
new file mode 100644
index 000000000..d3574d292
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/namingschema/op_cache.go
@@ -0,0 +1,46 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2023 Datadog, Inc.
+
+package namingschema
+
+import "fmt"
+
+type cacheOutboundOp struct {
+	cfg    *config
+	system string
+}
+
+// NewCacheOutboundOp creates a new naming schema for outbound operations from caching systems.
+// The V0 implementation defaults to the v1 and is meant to be overwritten if needed, since (generally) it does not
+// follow any pattern among cache integrations.
+func NewCacheOutboundOp(system string, opts ...Option) *Schema {
+	cfg := &config{}
+	for _, opt := range opts {
+		opt(cfg)
+	}
+	return New(&cacheOutboundOp{cfg: cfg, system: system})
+}
+
+func (c *cacheOutboundOp) V0() string {
+	if c.cfg.overrideV0 != nil {
+		return *c.cfg.overrideV0
+	}
+	return c.V1()
+}
+
+func (c *cacheOutboundOp) V1() string {
+	return fmt.Sprintf("%s.command", c.system)
+}
+
+// NewMemcachedOutboundOp creates a new schema for Memcached (cache) outbound operations.
+func NewMemcachedOutboundOp(opts ...Option) *Schema {
+	newOpts := append([]Option{WithOverrideV0("memcached.query")}, opts...)
+	return NewCacheOutboundOp("memcached", newOpts...)
+}
+
+// NewRedisOutboundOp creates a new schema for Redis (cache) outbound operations.
+func NewRedisOutboundOp(opts ...Option) *Schema {
+	return NewCacheOutboundOp("redis", opts...)
+}
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/namingschema/op_client_server.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/namingschema/op_client_server.go
new file mode 100644
index 000000000..6a81175b0
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/namingschema/op_client_server.go
@@ -0,0 +1,85 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2023 Datadog, Inc.
+
+package namingschema
+
+import "fmt"
+
+type clientOutboundOp struct {
+	cfg    *config
+	system string
+}
+
+// NewClientOutboundOp creates a new naming schema for client outbound operations.
+func NewClientOutboundOp(system string, opts ...Option) *Schema {
+	cfg := &config{}
+	for _, opt := range opts {
+		opt(cfg)
+	}
+	return New(&clientOutboundOp{cfg: cfg, system: system})
+}
+
+func (c *clientOutboundOp) V0() string {
+	if c.cfg.overrideV0 != nil {
+		return *c.cfg.overrideV0
+	}
+	return fmt.Sprintf("%s.request", c.system)
+}
+
+func (c *clientOutboundOp) V1() string {
+	return fmt.Sprintf("%s.client.request", c.system)
+}
+
+type serverInboundOp struct {
+	cfg    *config
+	system string
+}
+
+// NewServerInboundOp creates a new naming schema for server inbound operations.
+func NewServerInboundOp(system string, opts ...Option) *Schema {
+	cfg := &config{}
+	for _, opt := range opts {
+		opt(cfg)
+	}
+	return New(&serverInboundOp{cfg: cfg, system: system})
+}
+
+func (s *serverInboundOp) V0() string {
+	if s.cfg.overrideV0 != nil {
+		return *s.cfg.overrideV0
+	}
+	return fmt.Sprintf("%s.request", s.system)
+}
+
+func (s *serverInboundOp) V1() string {
+	return fmt.Sprintf("%s.server.request", s.system)
+}
+
+// NewHTTPClientOp creates a new schema for HTTP client outbound operations.
+func NewHTTPClientOp(opts ...Option) *Schema {
+	return NewClientOutboundOp("http", opts...)
+}
+
+// NewHTTPServerOp creates a new schema for HTTP server inbound operations.
+func NewHTTPServerOp(opts ...Option) *Schema {
+	return NewServerInboundOp("http", opts...)
+}
+
+// NewGRPCClientOp creates a new schema for gRPC client outbound operations.
+func NewGRPCClientOp(opts ...Option) *Schema {
+	newOpts := append([]Option{WithOverrideV0("grpc.client")}, opts...)
+	return NewClientOutboundOp("grpc", newOpts...)
+}
+
+// NewGRPCServerOp creates a new schema for gRPC server inbound operations.
+func NewGRPCServerOp(opts ...Option) *Schema {
+	newOpts := append([]Option{WithOverrideV0("grpc.server")}, opts...)
+	return NewServerInboundOp("grpc", newOpts...)
+}
+
+// NewGraphqlServerOp creates a new schema for GraphQL server inbound operations.
+func NewGraphqlServerOp(opts ...Option) *Schema {
+	return NewServerInboundOp("graphql", opts...)
+}
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/namingschema/op_db.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/namingschema/op_db.go
new file mode 100644
index 000000000..c93b8244c
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/namingschema/op_db.go
@@ -0,0 +1,50 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2023 Datadog, Inc.
+
+package namingschema
+
+import "fmt"
+
+type dbOutboundOp struct {
+	cfg    *config
+	system string
+}
+
+// NewDBOutboundOp creates a new naming schema for db outbound operations.
+// The V0 implementation defaults to the v1 and is meant to be overwritten if needed, since (generally) it does not
+// follow any pattern among db integrations.
+func NewDBOutboundOp(system string, opts ...Option) *Schema {
+	cfg := &config{}
+	for _, opt := range opts {
+		opt(cfg)
+	}
+	return New(&dbOutboundOp{cfg: cfg, system: system})
+}
+
+func (d *dbOutboundOp) V0() string {
+	if d.cfg.overrideV0 != nil {
+		return *d.cfg.overrideV0
+	}
+	return d.V1()
+}
+
+func (d *dbOutboundOp) V1() string {
+	return fmt.Sprintf("%s.query", d.system)
+}
+
+// NewElasticsearchOutboundOp creates a new schema for Elasticsearch (db) outbound operations.
+func NewElasticsearchOutboundOp(opts ...Option) *Schema {
+	return NewDBOutboundOp("elasticsearch", opts...)
+}
+
+// NewMongoDBOutboundOp creates a new schema for MongoDB (db) outbound operations.
+func NewMongoDBOutboundOp(opts ...Option) *Schema {
+	return NewDBOutboundOp("mongodb", opts...)
+}
+
+// NewCassandraOutboundOp creates a new schema for Cassandra (db) outbound operations.
+func NewCassandraOutboundOp(opts ...Option) *Schema {
+	return NewDBOutboundOp("cassandra", opts...)
+}
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/namingschema/op_messaging.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/namingschema/op_messaging.go
new file mode 100644
index 000000000..934e58108
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/namingschema/op_messaging.go
@@ -0,0 +1,84 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2023 Datadog, Inc.
+
+package namingschema
+
+import "fmt"
+
+type messagingOutboundOp struct {
+	cfg    *config
+	system string
+}
+
+// NewMessagingOutboundOp creates a new naming schema for outbound operations from messaging systems.
+func NewMessagingOutboundOp(system string, opts ...Option) *Schema {
+	cfg := &config{}
+	for _, opt := range opts {
+		opt(cfg)
+	}
+	return New(&messagingOutboundOp{cfg: cfg, system: system})
+}
+
+func (m *messagingOutboundOp) V0() string {
+	if m.cfg.overrideV0 != nil {
+		return *m.cfg.overrideV0
+	}
+	return m.V1()
+}
+
+func (m *messagingOutboundOp) V1() string {
+	return fmt.Sprintf("%s.send", m.system)
+}
+
+type messagingInboundOp struct {
+	cfg    *config
+	system string
+}
+
+// NewMessagingInboundOp creates a new schema for messaging systems inbound operations.
+// The V0 implementation defaults to the v1 and is meant to be overwritten if needed, since (generally) it does not
+// follow any pattern among messaging integrations.
+func NewMessagingInboundOp(system string, opts ...Option) *Schema {
+	cfg := &config{}
+	for _, opt := range opts {
+		opt(cfg)
+	}
+	return New(&messagingInboundOp{cfg: cfg, system: system})
+}
+
+func (m *messagingInboundOp) V0() string {
+	if m.cfg.overrideV0 != nil {
+		return *m.cfg.overrideV0
+	}
+	return m.V1()
+}
+
+func (m *messagingInboundOp) V1() string {
+	return fmt.Sprintf("%s.process", m.system)
+}
+
+// NewKafkaOutboundOp creates a new schema for Kafka (messaging) outbound operations.
+func NewKafkaOutboundOp(opts ...Option) *Schema {
+	newOpts := append([]Option{WithOverrideV0("kafka.produce")}, opts...)
+	return NewMessagingOutboundOp("kafka", newOpts...)
+}
+
+// NewKafkaInboundOp creates a new schema for Kafka (messaging) inbound operations.
+func NewKafkaInboundOp(opts ...Option) *Schema {
+	newOpts := append([]Option{WithOverrideV0("kafka.consume")}, opts...)
+	return NewMessagingInboundOp("kafka", newOpts...)
+}
+
+// NewGCPPubsubInboundOp creates a new schema for GCP Pubsub (messaging) inbound operations.
+func NewGCPPubsubInboundOp(opts ...Option) *Schema {
+	newOpts := append([]Option{WithOverrideV0("pubsub.receive")}, opts...)
+	return NewMessagingInboundOp("gcp.pubsub", newOpts...)
+}
+
+// NewGCPPubsubOutboundOp creates a new schema for GCP Pubsub (messaging) outbound operations.
+func NewGCPPubsubOutboundOp(opts ...Option) *Schema {
+	newOpts := append([]Option{WithOverrideV0("pubsub.publish")}, opts...)
+	return NewMessagingOutboundOp("gcp.pubsub", newOpts...)
+}
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/namingschema/option.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/namingschema/option.go
new file mode 100644
index 000000000..a3950d7c8
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/namingschema/option.go
@@ -0,0 +1,20 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2023 Datadog, Inc.
+
+package namingschema
+
+// Option represents an option that can be passed to some naming schemas provided in this package.
+type Option func(cfg *config)
+
+type config struct {
+	overrideV0 *string
+}
+
+// WithOverrideV0 allows to override the value returned for V0 in the given Schema.
+func WithOverrideV0(value string) Option {
+	return func(cfg *config) {
+		cfg.overrideV0 = &value
+	}
+}
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/namingschema/service_name.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/namingschema/service_name.go
new file mode 100644
index 000000000..656849179
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/namingschema/service_name.go
@@ -0,0 +1,50 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2023 Datadog, Inc.
+
+package namingschema
+
+import "gopkg.in/DataDog/dd-trace-go.v1/internal/globalconfig"
+
+// NewDefaultServiceName returns a Schema with the standard logic to be used for contrib span service names
+// (in-code override > DD_SERVICE environment variable > integration default name).
+// If you need to support older versions not following this logic, you can use WithV0Override option to override this behavior.
+func NewDefaultServiceName(fallbackName string, opts ...Option) *Schema {
+	cfg := &config{}
+	for _, opt := range opts {
+		opt(cfg)
+	}
+	return New(&standardServiceNameSchema{
+		fallbackName:         fallbackName,
+		useGlobalServiceName: UseGlobalServiceName(),
+		cfg:                  cfg,
+	})
+}
+
+type standardServiceNameSchema struct {
+	fallbackName         string
+	useGlobalServiceName bool
+	cfg                  *config
+}
+
+func (s *standardServiceNameSchema) V0() string {
+	// the override function for V0 is used by contribs to introduce their default service names (i.e. "kafka, mongo, etc.")
+	// when V0 is used. The extra flag useGlobalServiceName allows to disable these default service names even when V0
+	// is used.
+	if s.cfg.overrideV0 == nil || s.useGlobalServiceName {
+		return s.getName()
+	}
+	return *s.cfg.overrideV0
+}
+
+func (s *standardServiceNameSchema) V1() string {
+	return s.getName()
+}
+
+func (s *standardServiceNameSchema) getName() string {
+	if svc := globalconfig.ServiceName(); svc != "" {
+		return svc
+	}
+	return s.fallbackName
+}
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/normalizer/normalizer.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/normalizer/normalizer.go
new file mode 100644
index 000000000..80b17cf5d
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/normalizer/normalizer.go
@@ -0,0 +1,50 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016 Datadog, Inc.
+
+// Package normalizer provides tag normalization
+package normalizer
+
+import (
+	"net/textproto"
+	"regexp"
+	"strings"
+
+	"gopkg.in/DataDog/dd-trace-go.v1/ddtrace/ext"
+)
+
+// headerTagRegexp is used to replace all invalid characters in the config. Only alphanumerics, whitespaces and dashes allowed.
+var headerTagRegexp = regexp.MustCompile("[^a-zA-Z0-9 -]")
+
+// HeaderTag accepts a string that contains a header and an optional mapped tag key,
+// e.g, "header" or "header:tag" where `tag` will be the name of the header tag.
+// If multiple colons exist in the input, it splits on the last colon.
+// e.g, "first:second:third" gets split into `header = "first:second"` and `tag="third"`
+// The returned header is in canonical MIMEHeader format.
+func HeaderTag(headerAsTag string) (header string, tag string) {
+	header = strings.ToLower(strings.TrimSpace(headerAsTag))
+	// if a colon is found in `headerAsTag`
+	if last := strings.LastIndex(header, ":"); last >= 0 {
+		header, tag = header[:last], header[last+1:]
+		header, tag = strings.TrimSpace(header), strings.TrimSpace(tag)
+	} else {
+		tag = ext.HTTPRequestHeaders + "." + headerTagRegexp.ReplaceAllString(header, "_")
+	}
+	return textproto.CanonicalMIMEHeaderKey(header), tag
+}
+
+// HeaderTagSlice accepts a slice of strings that contain headers and optional mapped tag key.
+// Headers beginning with "x-datadog-" are ignored.
+// See HeaderTag for details on formatting.
+func HeaderTagSlice(headers []string) map[string]string {
+	headerTagsMap := make(map[string]string)
+	for _, h := range headers {
+		if strings.HasPrefix(h, "x-datadog-") {
+			continue
+		}
+		header, tag := HeaderTag(h)
+		headerTagsMap[header] = tag
+	}
+	return headerTagsMap
+}
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/osinfo/osinfo.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/osinfo/osinfo.go
new file mode 100644
index 000000000..7519a917e
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/osinfo/osinfo.go
@@ -0,0 +1,21 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2022 Datadog, Inc.
+
+// Package osinfo provides information about the current operating system release
+package osinfo
+
+// OSName returns the name of the operating system, including the distribution
+// for Linux when possible.
+func OSName() string {
+	// call out to OS-specific implementation
+	return osName()
+}
+
+// OSVersion returns the operating system release, e.g. major/minor version
+// number and build ID.
+func OSVersion() string {
+	// call out to OS-specific implementation
+	return osVersion()
+}
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/osinfo/osinfo_darwin.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/osinfo/osinfo_darwin.go
new file mode 100644
index 000000000..32ead5fe0
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/osinfo/osinfo_darwin.go
@@ -0,0 +1,24 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016 Datadog, Inc.
+
+package osinfo
+
+import (
+	"os/exec"
+	"runtime"
+	"strings"
+)
+
+func osName() string {
+	return runtime.GOOS
+}
+
+func osVersion() string {
+	out, err := exec.Command("sw_vers", "-productVersion").Output()
+	if err != nil {
+		return "unknown"
+	}
+	return strings.Trim(string(out), "\n")
+}
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/osinfo/osinfo_default.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/osinfo/osinfo_default.go
new file mode 100644
index 000000000..72d70d388
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/osinfo/osinfo_default.go
@@ -0,0 +1,21 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016 Datadog, Inc.
+
+//go:build !windows && !linux && !darwin && !freebsd
+// +build !windows,!linux,!darwin,!freebsd
+
+package osinfo
+
+import (
+	"runtime"
+)
+
+func osName() string {
+	return runtime.GOOS
+}
+
+func osVersion() string {
+	return "unknown"
+}
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/osinfo/osinfo_freebsd.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/osinfo/osinfo_freebsd.go
new file mode 100644
index 000000000..543f2ffdf
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/osinfo/osinfo_freebsd.go
@@ -0,0 +1,24 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016 Datadog, Inc.
+
+package osinfo
+
+import (
+	"os/exec"
+	"runtime"
+	"strings"
+)
+
+func osName() string {
+	return runtime.GOOS
+}
+
+func osVersion() string {
+	out, err := exec.Command("uname", "-r").Output()
+	if err != nil {
+		return "unknown"
+	}
+	return strings.Split(string(out), "-")[0]
+}
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/osinfo/osinfo_linux.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/osinfo/osinfo_linux.go
new file mode 100644
index 000000000..96d1e66ad
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/osinfo/osinfo_linux.go
@@ -0,0 +1,52 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016 Datadog, Inc.
+
+package osinfo
+
+import (
+	"bufio"
+	"os"
+	"strings"
+)
+
+func osName() string {
+	f, err := os.Open("/etc/os-release")
+	if err != nil {
+		return "Linux (Unknown Distribution)"
+	}
+	defer f.Close()
+	s := bufio.NewScanner(f)
+	name := "Linux (Unknown Distribution)"
+	for s.Scan() {
+		parts := strings.SplitN(s.Text(), "=", 2)
+		switch parts[0] {
+		case "NAME":
+			name = strings.Trim(parts[1], "\"")
+		}
+	}
+	return name
+}
+
+func osVersion() string {
+	f, err := os.Open("/etc/os-release")
+	if err != nil {
+		return "unknown"
+	}
+	defer f.Close()
+	s := bufio.NewScanner(f)
+	version := "unknown"
+	for s.Scan() {
+		parts := strings.SplitN(s.Text(), "=", 2)
+		switch parts[0] {
+		case "VERSION":
+			version = strings.Trim(parts[1], "\"")
+		case "VERSION_ID":
+			if version == "" {
+				version = strings.Trim(parts[1], "\"")
+			}
+		}
+	}
+	return version
+}
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/osinfo/osinfo_windows.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/osinfo/osinfo_windows.go
new file mode 100644
index 000000000..659bd9ce6
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/osinfo/osinfo_windows.go
@@ -0,0 +1,54 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016 Datadog, Inc.
+
+package osinfo
+
+import (
+	"fmt"
+	"runtime"
+	"strings"
+
+	"golang.org/x/sys/windows/registry"
+)
+
+func osName() string {
+	return runtime.GOOS
+}
+
+func osVersion() string {
+	k, err := registry.OpenKey(registry.LOCAL_MACHINE, `SOFTWARE\Microsoft\Windows NT\CurrentVersion`, registry.QUERY_VALUE)
+	if err != nil {
+		return "unknown"
+	}
+	defer k.Close()
+
+	var version strings.Builder
+
+	maj, _, err := k.GetIntegerValue("CurrentMajorVersionNumber")
+	if err == nil {
+		version.WriteString(fmt.Sprintf("%d", maj))
+		min, _, err := k.GetIntegerValue("CurrentMinorVersionNumber")
+		if err == nil {
+			version.WriteString(fmt.Sprintf(".%d", min))
+		}
+	} else {
+		version.WriteString("unknown")
+	}
+
+	ed, _, err := k.GetStringValue("EditionID")
+	if err == nil {
+		version.WriteString(" " + ed)
+	} else {
+		version.WriteString(" Unknown Edition")
+	}
+
+	build, _, err := k.GetStringValue("CurrentBuild")
+	if err == nil {
+		version.WriteString(" Build " + build)
+	} else {
+		version.WriteString(" Unknown Build")
+	}
+	return version.String()
+}
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/remoteconfig/config.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/remoteconfig/config.go
new file mode 100644
index 000000000..a80c57b06
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/remoteconfig/config.go
@@ -0,0 +1,75 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2023 Datadog, Inc.
+
+package remoteconfig
+
+import (
+	"net/http"
+	"os"
+	"time"
+
+	"gopkg.in/DataDog/dd-trace-go.v1/internal"
+	"gopkg.in/DataDog/dd-trace-go.v1/internal/globalconfig"
+	"gopkg.in/DataDog/dd-trace-go.v1/internal/log"
+	"gopkg.in/DataDog/dd-trace-go.v1/internal/version"
+)
+
+const (
+	envPollIntervalSec = "DD_REMOTE_CONFIG_POLL_INTERVAL_SECONDS"
+)
+
+// ClientConfig contains the required values to configure a remoteconfig client
+type ClientConfig struct {
+	// The address at which the agent is listening for remoteconfig update requests on
+	AgentURL string
+	// The semantic version of the user's application
+	AppVersion string
+	// The env this tracer is running in
+	Env string
+	// The time interval between two client polls to the agent for updates
+	PollInterval time.Duration
+	// The products this client is interested in
+	Products map[string]struct{}
+	// The tracer's runtime id
+	RuntimeID string
+	// The name of the user's application
+	ServiceName string
+	// The semantic version of the tracer
+	TracerVersion string
+	// The base TUF root metadata file
+	TUFRoot string
+	// The capabilities of the client
+	Capabilities map[Capability]struct{}
+	// HTTP is the HTTP client used to receive config updates
+	HTTP *http.Client
+}
+
+// DefaultClientConfig returns the default remote config client configuration
+func DefaultClientConfig() ClientConfig {
+	return ClientConfig{
+		Capabilities:  map[Capability]struct{}{},
+		Products:      map[string]struct{}{},
+		Env:           os.Getenv("DD_ENV"),
+		HTTP:          &http.Client{Timeout: 10 * time.Second},
+		PollInterval:  pollIntervalFromEnv(),
+		RuntimeID:     globalconfig.RuntimeID(),
+		ServiceName:   globalconfig.ServiceName(),
+		TracerVersion: version.Tag,
+		TUFRoot:       os.Getenv("DD_RC_TUF_ROOT"),
+	}
+}
+
+func pollIntervalFromEnv() time.Duration {
+	interval := internal.IntEnv(envPollIntervalSec, 5)
+	if interval < 0 {
+		log.Debug("Remote config: cannot use a negative poll interval: %s = %d. Defaulting to 5s.", envPollIntervalSec, interval)
+		return 5 * time.Second
+	} else if interval == 0 {
+		log.Debug("Remote config: poll interval set to 0. Polling will be continuous.")
+		return time.Nanosecond
+	}
+
+	return time.Duration(interval) * time.Second
+}
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/remoteconfig/remoteconfig.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/remoteconfig/remoteconfig.go
new file mode 100644
index 000000000..8998c50e9
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/remoteconfig/remoteconfig.go
@@ -0,0 +1,414 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2022 Datadog, Inc.
+
+package remoteconfig
+
+import (
+	"bytes"
+	"crypto/rand"
+	"encoding/hex"
+	"encoding/json"
+	"fmt"
+	"io"
+	"math/big"
+	"net/http"
+	"reflect"
+	"strings"
+	"time"
+
+	"gopkg.in/DataDog/dd-trace-go.v1/internal/log"
+
+	rc "github.com/DataDog/datadog-agent/pkg/remoteconfig/state"
+)
+
+// Callback represents a function that can process a remote config update.
+// A Callback function can be registered to a remote config client to automatically
+// react upon receiving updates. This function returns the configuration processing status
+// for each config file received through the update.
+type Callback func(updates map[string]ProductUpdate) map[string]rc.ApplyStatus
+
+// Capability represents a bit index to be set in clientData.Capabilites in order to register a client
+// for a specific capability
+type Capability uint
+
+const (
+	_ Capability = iota
+	// ASMActivation represents the capability to activate ASM through remote configuration
+	ASMActivation
+	// ASMIPBlocking represents the capability for ASM to block requests based on user IP
+	ASMIPBlocking
+	// ASMDDRules represents the capability to update the rules used by the ASM WAF for threat detection
+	ASMDDRules
+	// ASMExclusions represents the capability for ASM to exclude traffic from its protections
+	ASMExclusions
+	// ASMRequestBlocking represents the capability for ASM to block requests based on the HTTP request related WAF addresses
+	ASMRequestBlocking
+	// ASMResponseBlocking represents the capability for ASM to block requests based on the HTTP response related WAF addresses
+	ASMResponseBlocking
+	// ASMUserBlocking represents the capability for ASM to block requests based on user ID
+	ASMUserBlocking
+	// ASMCustomRules represents the capability for ASM to receive and use user-defined security rules
+	ASMCustomRules
+	// ASMCustomRules represents the capability for ASM to receive and use user-defined blocking responses
+	ASMCustomBlockingResponse
+)
+
+// ProductUpdate represents an update for a specific product.
+// It is a map of file path to raw file content
+type ProductUpdate map[string][]byte
+
+// A Client interacts with an Agent to update and track the state of remote
+// configuration
+type Client struct {
+	ClientConfig
+
+	clientID   string
+	endpoint   string
+	repository *rc.Repository
+	stop       chan struct{}
+
+	callbacks []Callback
+
+	lastError error
+}
+
+// NewClient creates a new remoteconfig Client
+func NewClient(config ClientConfig) (*Client, error) {
+	repo, err := rc.NewUnverifiedRepository()
+	if err != nil {
+		return nil, err
+	}
+	if config.HTTP == nil {
+		config.HTTP = DefaultClientConfig().HTTP
+	}
+
+	return &Client{
+		ClientConfig: config,
+		clientID:     generateID(),
+		endpoint:     fmt.Sprintf("%s/v0.7/config", config.AgentURL),
+		repository:   repo,
+		stop:         make(chan struct{}),
+		lastError:    nil,
+		callbacks:    []Callback{},
+	}, nil
+}
+
+// Start starts the client's update poll loop in a fresh goroutine
+func (c *Client) Start() {
+	go func() {
+		ticker := time.NewTicker(c.PollInterval)
+		defer ticker.Stop()
+
+		for {
+			select {
+			case <-c.stop:
+				close(c.stop)
+				return
+			case <-ticker.C:
+				c.updateState()
+			}
+		}
+	}()
+}
+
+// Stop stops the client's update poll loop
+func (c *Client) Stop() {
+	log.Debug("remoteconfig: gracefully stopping the client")
+	c.stop <- struct{}{}
+	select {
+	case <-c.stop:
+		log.Debug("remoteconfig: client stopped successfully")
+	case <-time.After(time.Second):
+		log.Debug("remoteconfig: client stopping timeout")
+	}
+}
+
+func (c *Client) updateState() {
+	data, err := c.newUpdateRequest()
+	if err != nil {
+		log.Error("remoteconfig: unexpected error while creating a new update request payload: %v", err)
+		return
+	}
+
+	req, err := http.NewRequest(http.MethodGet, c.endpoint, &data)
+	if err != nil {
+		log.Error("remoteconfig: unexpected error while creating a new http request: %v", err)
+		return
+	}
+
+	resp, err := c.HTTP.Do(req)
+	if err != nil {
+		log.Debug("remoteconfig: http request error: %v", err)
+		return
+	}
+	// Flush and close the response body when returning (cf. https://pkg.go.dev/net/http#Client.Do)
+	defer func() {
+		io.ReadAll(resp.Body)
+		resp.Body.Close()
+	}()
+
+	if sc := resp.StatusCode; sc != http.StatusOK {
+		log.Debug("remoteconfig: http request error: response status code is not 200 (OK) but %s", http.StatusText(sc))
+		return
+	}
+
+	respBody, err := io.ReadAll(resp.Body)
+	if err != nil {
+		log.Error("remoteconfig: http request error: could not read the response body: %v", err)
+		return
+	}
+
+	if body := string(respBody); body == `{}` || body == `null` {
+		return
+	}
+
+	var update clientGetConfigsResponse
+	if err := json.Unmarshal(respBody, &update); err != nil {
+		log.Error("remoteconfig: http request error: could not parse the json response body: %v", err)
+		return
+	}
+
+	c.lastError = c.applyUpdate(&update)
+}
+
+// RegisterCallback allows registering a callback that will be invoked when the client
+// receives configuration updates. It is up to that callback to then decide what to do
+// depending on the product related to the configuration update.
+func (c *Client) RegisterCallback(f Callback) {
+	c.callbacks = append(c.callbacks, f)
+}
+
+// UnregisterCallback removes a previously registered callback from the active callbacks list
+// This remove operation preserves ordering
+func (c *Client) UnregisterCallback(f Callback) {
+	fValue := reflect.ValueOf(f)
+	for i, callback := range c.callbacks {
+		if reflect.ValueOf(callback) == fValue {
+			c.callbacks = append(c.callbacks[:i], c.callbacks[i+1:]...)
+		}
+	}
+}
+
+// RegisterProduct adds a product to the list of products listened by the client
+func (c *Client) RegisterProduct(p string) {
+	c.Products[p] = struct{}{}
+}
+
+// UnregisterProduct removes a product from the list of products listened by the client
+func (c *Client) UnregisterProduct(p string) {
+	delete(c.Products, p)
+}
+
+// RegisterCapability adds a capability to the list of capabilities exposed by the client when requesting
+// configuration updates
+func (c *Client) RegisterCapability(cap Capability) {
+	c.Capabilities[cap] = struct{}{}
+}
+
+// UnregisterCapability removes a capability from the list of capabilities exposed by the client when requesting
+// configuration updates
+func (c *Client) UnregisterCapability(cap Capability) {
+	delete(c.Capabilities, cap)
+}
+
+func (c *Client) applyUpdate(pbUpdate *clientGetConfigsResponse) error {
+	fileMap := make(map[string][]byte, len(pbUpdate.TargetFiles))
+	productUpdates := make(map[string]ProductUpdate, len(c.Products))
+	for p := range c.Products {
+		productUpdates[p] = make(ProductUpdate)
+	}
+	for _, f := range pbUpdate.TargetFiles {
+		fileMap[f.Path] = f.Raw
+		for p := range c.Products {
+			// Check the config file path to make sure it belongs to the right product
+			if strings.Contains(f.Path, "/"+p+"/") {
+				productUpdates[p][f.Path] = f.Raw
+			}
+		}
+	}
+
+	mapify := func(s *rc.RepositoryState) map[string]string {
+		m := make(map[string]string)
+		for i := range s.Configs {
+			path := s.CachedFiles[i].Path
+			product := s.Configs[i].Product
+			m[path] = product
+		}
+		return m
+	}
+
+	// Check the repository state before and after the update to detect which configs are not being sent anymore.
+	// This is needed because some products can stop sending configurations, and we want to make sure that the subscribers
+	// are provided with this information in this case
+	stateBefore, err := c.repository.CurrentState()
+	if err != nil {
+		return fmt.Errorf("repository current state error: %v", err)
+	}
+	products, err := c.repository.Update(rc.Update{
+		TUFRoots:      pbUpdate.Roots,
+		TUFTargets:    pbUpdate.Targets,
+		TargetFiles:   fileMap,
+		ClientConfigs: pbUpdate.ClientConfigs,
+	})
+	if err != nil {
+		return fmt.Errorf("repository update error: %v", err)
+	}
+	stateAfter, err := c.repository.CurrentState()
+	if err != nil {
+		return fmt.Errorf("repository current state error after update: %v", err)
+	}
+
+	// Create a config files diff between before/after the update to see which config files are missing
+	mBefore := mapify(&stateBefore)
+	for k := range mapify(&stateAfter) {
+		delete(mBefore, k)
+	}
+
+	// Set the payload data to nil for missing config files. The callbacks then can handle the nil config case to detect
+	// that this config will not be updated anymore.
+	updatedProducts := make(map[string]struct{})
+	for path, product := range mBefore {
+		if productUpdates[product] == nil {
+			productUpdates[product] = make(ProductUpdate)
+		}
+		productUpdates[product][path] = nil
+		updatedProducts[product] = struct{}{}
+	}
+	// Aggregate updated products and missing products so that callbacks get called for both
+	for _, p := range products {
+		updatedProducts[p] = struct{}{}
+	}
+
+	if len(updatedProducts) == 0 {
+		return nil
+	}
+	// Performs the callbacks registered and update the application status in the repository (RCTE2)
+	// In case of several callbacks handling the same config, statuses take precedence in this order:
+	// 1 - ApplyStateError
+	// 2 - ApplyStateUnacknowledged
+	// 3 - ApplyStateAcknowledged
+	// This makes sure that any product that would need to re-receive the config in a subsequent update will be allowed to
+	statuses := make(map[string]rc.ApplyStatus)
+	for _, fn := range c.callbacks {
+		for path, status := range fn(productUpdates) {
+			if s, ok := statuses[path]; !ok || status.State == rc.ApplyStateError ||
+				s.State == rc.ApplyStateAcknowledged && status.State == rc.ApplyStateUnacknowledged {
+				statuses[path] = status
+			}
+		}
+	}
+	for p, s := range statuses {
+		c.repository.UpdateApplyStatus(p, s)
+	}
+
+	return nil
+}
+
+func (c *Client) newUpdateRequest() (bytes.Buffer, error) {
+	state, err := c.repository.CurrentState()
+	if err != nil {
+		return bytes.Buffer{}, err
+	}
+	// Temporary check while using untrusted repo, for which no initial root file is provided
+	if state.RootsVersion < 1 {
+		state.RootsVersion = 1
+	}
+
+	pbCachedFiles := make([]*targetFileMeta, 0, len(state.CachedFiles))
+	for _, f := range state.CachedFiles {
+		pbHashes := make([]*targetFileHash, 0, len(f.Hashes))
+		for alg, hash := range f.Hashes {
+			pbHashes = append(pbHashes, &targetFileHash{
+				Algorithm: alg,
+				Hash:      hex.EncodeToString(hash),
+			})
+		}
+		pbCachedFiles = append(pbCachedFiles, &targetFileMeta{
+			Path:   f.Path,
+			Length: int64(f.Length),
+			Hashes: pbHashes,
+		})
+	}
+
+	hasError := c.lastError != nil
+	errMsg := ""
+	if hasError {
+		errMsg = c.lastError.Error()
+	}
+
+	var pbConfigState []*configState
+	if !hasError {
+		pbConfigState = make([]*configState, 0, len(state.Configs))
+		for _, f := range state.Configs {
+			pbConfigState = append(pbConfigState, &configState{
+				ID:         f.ID,
+				Version:    f.Version,
+				Product:    f.Product,
+				ApplyState: f.ApplyStatus.State,
+				ApplyError: f.ApplyStatus.Error,
+			})
+		}
+	}
+
+	capa := big.NewInt(0)
+	for i := range c.Capabilities {
+		capa.SetBit(capa, int(i), 1)
+	}
+	products := make([]string, 0, len(c.Products))
+	for p := range c.Products {
+		products = append(products, p)
+	}
+	req := clientGetConfigsRequest{
+		Client: &clientData{
+			State: &clientState{
+				RootVersion:    uint64(state.RootsVersion),
+				TargetsVersion: uint64(state.TargetsVersion),
+				ConfigStates:   pbConfigState,
+				HasError:       hasError,
+				Error:          errMsg,
+			},
+			ID:       c.clientID,
+			Products: products,
+			IsTracer: true,
+			ClientTracer: &clientTracer{
+				RuntimeID:     c.RuntimeID,
+				Language:      "go",
+				TracerVersion: c.TracerVersion,
+				Service:       c.ServiceName,
+				Env:           c.Env,
+				AppVersion:    c.AppVersion,
+			},
+			Capabilities: capa.Bytes(),
+		},
+		CachedTargetFiles: pbCachedFiles,
+	}
+
+	var b bytes.Buffer
+
+	err = json.NewEncoder(&b).Encode(&req)
+	if err != nil {
+		return bytes.Buffer{}, err
+	}
+
+	return b, nil
+}
+
+var (
+	idSize     = 21
+	idAlphabet = []rune("_-0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ")
+)
+
+func generateID() string {
+	bytes := make([]byte, idSize)
+	_, err := rand.Read(bytes)
+	if err != nil {
+		panic(err)
+	}
+	id := make([]rune, idSize)
+	for i := 0; i < idSize; i++ {
+		id[i] = idAlphabet[bytes[i]&63]
+	}
+	return string(id[:idSize])
+}
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/remoteconfig/types.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/remoteconfig/types.go
new file mode 100644
index 000000000..87f46f0e9
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/remoteconfig/types.go
@@ -0,0 +1,83 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2022 Datadog, Inc.
+
+package remoteconfig
+
+import rc "github.com/DataDog/datadog-agent/pkg/remoteconfig/state"
+
+type clientData struct {
+	State        *clientState  `json:"state,omitempty"`
+	ID           string        `json:"id,omitempty"`
+	Products     []string      `json:"products,omitempty"`
+	IsTracer     bool          `json:"is_tracer,omitempty"`
+	ClientTracer *clientTracer `json:"client_tracer,omitempty"`
+	LastSeen     uint64        `json:"last_seen,omitempty"`
+	Capabilities []byte        `json:"capabilities,omitempty"`
+}
+
+type clientTracer struct {
+	RuntimeID     string   `json:"runtime_id,omitempty"`
+	Language      string   `json:"language,omitempty"`
+	TracerVersion string   `json:"tracer_version,omitempty"`
+	Service       string   `json:"service,omitempty"`
+	Env           string   `json:"env,omitempty"`
+	AppVersion    string   `json:"app_version,omitempty"`
+	Tags          []string `json:"tags,omitempty"`
+}
+
+type clientAgent struct {
+	Name    string `json:"name,omitempty"`
+	Version string `json:"version,omitempty"`
+}
+
+type configState struct {
+	ID         string        `json:"id,omitempty"`
+	Version    uint64        `json:"version,omitempty"`
+	Product    string        `json:"product,omitempty"`
+	ApplyState rc.ApplyState `json:"apply_state,omitempty"`
+	ApplyError string        `json:"apply_error,omitempty"`
+}
+
+type clientState struct {
+	RootVersion        uint64         `json:"root_version"`
+	TargetsVersion     uint64         `json:"targets_version"`
+	ConfigStates       []*configState `json:"config_states,omitempty"`
+	HasError           bool           `json:"has_error,omitempty"`
+	Error              string         `json:"error,omitempty"`
+	BackendClientState []byte         `json:"backend_client_state,omitempty"`
+}
+
+type targetFileHash struct {
+	Algorithm string `json:"algorithm,omitempty"`
+	Hash      string `json:"hash,omitempty"`
+}
+
+type targetFileMeta struct {
+	Path   string            `json:"path,omitempty"`
+	Length int64             `json:"length,omitempty"`
+	Hashes []*targetFileHash `json:"hashes,omitempty"`
+}
+
+type clientGetConfigsRequest struct {
+	Client            *clientData       `json:"client,omitempty"`
+	CachedTargetFiles []*targetFileMeta `json:"cached_target_files,omitempty"`
+}
+
+type clientGetConfigsResponse struct {
+	Roots         [][]byte `json:"roots,omitempty"`
+	Targets       []byte   `json:"targets,omitempty"`
+	TargetFiles   []*file  `json:"target_files,omitempty"`
+	ClientConfigs []string `json:"client_configs,omitempty"`
+}
+
+type file struct {
+	Path string `json:"path,omitempty"`
+	Raw  []byte `json:"raw,omitempty"`
+}
+
+type fileMetaState struct {
+	Version uint64 `json:"version,omitempty"`
+	Hash    string `json:"hash,omitempty"`
+}
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/samplernames/samplernames.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/samplernames/samplernames.go
new file mode 100644
index 000000000..6342b53b4
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/samplernames/samplernames.go
@@ -0,0 +1,37 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016 Datadog, Inc.
+
+package samplernames
+
+// SamplerName specifies the name of a sampler which was
+// responsible for a certain sampling decision.
+type SamplerName int8
+
+const (
+	// Unknown specifies that the span was sampled
+	// but, the tracer was unable to identify the sampler.
+	// No sampling decision maker will be propagated.
+	Unknown SamplerName = -1
+	// Default specifies that the span was sampled without any sampler.
+	Default SamplerName = 0
+	// AgentRate specifies that the span was sampled
+	// with a rate calculated by the trace agent.
+	AgentRate SamplerName = 1
+	// RemoteRate specifies that the span was sampled
+	// with a dynamically calculated remote rate.
+	RemoteRate SamplerName = 2
+	// RuleRate specifies that the span was sampled by the RuleSampler.
+	RuleRate SamplerName = 3
+	// Manual specifies that the span was sampled manually by user.
+	Manual SamplerName = 4
+	// AppSec specifies that the span was sampled by AppSec.
+	AppSec SamplerName = 5
+	// RemoteUserRate specifies that the span was sampled
+	// with a user specified remote rate.
+	RemoteUserRate SamplerName = 6
+	// SingleSpan specifies that the span was sampled by single
+	// span sampling rules.
+	SingleSpan SamplerName = 8
+)
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/statsd.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/statsd.go
new file mode 100644
index 000000000..cccf35f8f
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/statsd.go
@@ -0,0 +1,17 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016 Datadog, Inc.
+
+package internal
+
+import "time"
+
+type StatsdClient interface {
+	Incr(name string, tags []string, rate float64) error
+	Count(name string, value int64, tags []string, rate float64) error
+	Gauge(name string, value float64, tags []string, rate float64) error
+	Timing(name string, value time.Duration, tags []string, rate float64) error
+	Flush() error
+	Close() error
+}
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/telemetry/client.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/telemetry/client.go
new file mode 100644
index 000000000..6baa12c4b
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/telemetry/client.go
@@ -0,0 +1,580 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2022 Datadog, Inc.
+
+// Package telemetry implements a client for sending telemetry information to
+// Datadog regarding usage of an APM library such as tracing or profiling.
+package telemetry
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"net"
+	"net/http"
+	"os"
+	"runtime"
+	"runtime/debug"
+	"strings"
+	"sync"
+	"time"
+
+	"gopkg.in/DataDog/dd-trace-go.v1/internal"
+	"gopkg.in/DataDog/dd-trace-go.v1/internal/appsec"
+	"gopkg.in/DataDog/dd-trace-go.v1/internal/globalconfig"
+	logger "gopkg.in/DataDog/dd-trace-go.v1/internal/log"
+	"gopkg.in/DataDog/dd-trace-go.v1/internal/osinfo"
+	"gopkg.in/DataDog/dd-trace-go.v1/internal/version"
+)
+
+// Client buffers and sends telemetry messages to Datadog (possibly through an
+// agent).
+type Client interface {
+	ProductStart(namespace Namespace, configuration []Configuration)
+	Record(namespace Namespace, metric MetricKind, name string, value float64, tags []string, common bool)
+	Count(namespace Namespace, name string, value float64, tags []string, common bool)
+	ApplyOps(opts ...Option)
+	Stop()
+}
+
+var (
+	// GlobalClient acts as a global telemetry client that the
+	// tracer, profiler, and appsec products will use
+	GlobalClient Client
+	globalClient sync.Mutex
+
+	// integrations tracks the the integrations enabled
+	contribPackages []Integration
+	contrib         sync.Mutex
+
+	// copied from dd-trace-go/profiler
+	defaultHTTPClient = &http.Client{
+		// We copy the transport to avoid using the default one, as it might be
+		// augmented with tracing and we don't want these calls to be recorded.
+		// See https://golang.org/pkg/net/http/#DefaultTransport .
+		Transport: &http.Transport{
+			Proxy: http.ProxyFromEnvironment,
+			DialContext: (&net.Dialer{
+				Timeout:   30 * time.Second,
+				KeepAlive: 30 * time.Second,
+				DualStack: true,
+			}).DialContext,
+			MaxIdleConns:          100,
+			IdleConnTimeout:       90 * time.Second,
+			TLSHandshakeTimeout:   10 * time.Second,
+			ExpectContinueTimeout: 1 * time.Second,
+		},
+		Timeout: 5 * time.Second,
+	}
+	hostname string
+
+	// protects agentlessURL, which may be changed for testing purposes
+	agentlessEndpointLock sync.RWMutex
+	// agentlessURL is the endpoint used to send telemetry in an agentless environment. It is
+	// also the default URL in case connecting to the agent URL fails.
+	agentlessURL = "https://instrumentation-telemetry-intake.datadoghq.com/api/v2/apmtelemetry"
+
+	defaultHeartbeatInterval = 60 // seconds
+
+	// LogPrefix specifies the prefix for all telemetry logging
+	LogPrefix = "Instrumentation telemetry: "
+)
+
+func init() {
+	h, err := os.Hostname()
+	if err == nil {
+		hostname = h
+	}
+	GlobalClient = new(client)
+}
+
+// client implements Client interface. Client.Start should be called before any other methods.
+//
+// Client is safe to use from multiple goroutines concurrently. The client will
+// send all telemetry requests in the background, in order to avoid blocking the
+// caller since telemetry should not disrupt an application. Metrics are
+// aggregated by the Client.
+type client struct {
+	// URL for the Datadog agent or Datadog telemetry endpoint
+	URL string
+	// APIKey should be supplied if the endpoint is not a Datadog agent,
+	// i.e. you are sending telemetry directly to Datadog
+	APIKey string
+	// The interval for sending a heartbeat signal to the backend.
+	// Configurable with DD_TELEMETRY_HEARTBEAT_INTERVAL. Default 60s.
+	heartbeatInterval time.Duration
+
+	// e.g. "tracers", "profilers", "appsec"
+	Namespace Namespace
+
+	// App-specific information
+	Service string
+	Env     string
+	Version string
+
+	// Client will be used for telemetry uploads. This http.Client, if
+	// provided, should be the same as would be used for any other
+	// interaction with the Datadog agent, e.g. if the agent is accessed
+	// over UDS, or if the user provides their own http.Client to the
+	// profiler/tracer to access the agent over a proxy.
+	//
+	// If Client is nil, an http.Client with the same Transport settings as
+	// http.DefaultTransport and a 5 second timeout will be used.
+	Client *http.Client
+
+	// mu guards all of the following fields
+	mu sync.Mutex
+
+	// debug enables the debug flag for all requests, see
+	// https://dtdg.co/3bv2MMv.
+	// DD_INSTRUMENTATION_TELEMETRY_DEBUG configures this field.
+	debug bool
+	// started is true in between when Start() returns and the next call to
+	// Stop()
+	started bool
+	// seqID is a sequence number used to order telemetry messages by
+	// the back end.
+	seqID int64
+	// heartbeatT is used to schedule heartbeat messages
+	heartbeatT *time.Timer
+	// requests hold all messages which don't need to be immediately sent
+	requests []*Request
+	// metrics holds un-sent metrics that will be aggregated the next time
+	// metrics are sent
+	metrics    map[Namespace]map[string]*metric
+	newMetrics bool
+}
+
+func log(msg string, args ...interface{}) {
+	// Debug level so users aren't spammed with telemetry info.
+	logger.Debug(fmt.Sprintf(LogPrefix+msg, args...))
+}
+
+// start registers that the app has begun running with the app-started event.
+// Must be called with c.mu locked.
+// start also configures the telemetry client based on the following telemetry
+// environment variables: DD_INSTRUMENTATION_TELEMETRY_ENABLED,
+// DD_TELEMETRY_HEARTBEAT_INTERVAL, DD_INSTRUMENTATION_TELEMETRY_DEBUG,
+// and DD_TELEMETRY_DEPENDENCY_COLLECTION_ENABLED.
+// TODO: implement passing in error information about tracer start
+func (c *client) start(configuration []Configuration, namespace Namespace) {
+	if Disabled() {
+		return
+	}
+	if c.started {
+		log("attempted to start telemetry client when client has already started - ignoring attempt")
+		return
+	}
+	// Don't start the telemetry client if there is some error configuring the client with fallback
+	// options, e.g. an API key was not found but agentless telemetry is expected.
+	if err := c.fallbackOps(); err != nil {
+		log(err.Error())
+		return
+	}
+
+	c.started = true
+	c.metrics = make(map[Namespace]map[string]*metric)
+	c.debug = internal.BoolEnv("DD_INSTRUMENTATION_TELEMETRY_DEBUG", false)
+
+	productInfo := Products{
+		AppSec: ProductDetails{
+			Version: version.Tag,
+			Enabled: appsec.Enabled(),
+		},
+	}
+	productInfo.Profiler = ProductDetails{
+		Version: version.Tag,
+		// if the profiler is the one starting the telemetry client,
+		// then profiling is enabled
+		Enabled: namespace == NamespaceProfilers,
+	}
+	payload := &AppStarted{
+		Configuration: configuration,
+		Products:      productInfo,
+	}
+	appStarted := c.newRequest(RequestTypeAppStarted)
+	appStarted.Body.Payload = payload
+	c.scheduleSubmit(appStarted)
+
+	if collectDependencies() {
+		var depPayload Dependencies
+		if deps, ok := debug.ReadBuildInfo(); ok {
+			for _, dep := range deps.Deps {
+				depPayload.Dependencies = append(depPayload.Dependencies,
+					Dependency{
+						Name:    dep.Path,
+						Version: strings.TrimPrefix(dep.Version, "v"),
+					},
+				)
+			}
+		}
+		dep := c.newRequest(RequestTypeDependenciesLoaded)
+		dep.Body.Payload = depPayload
+		c.scheduleSubmit(dep)
+	}
+
+	if len(contribPackages) > 0 {
+		req := c.newRequest(RequestTypeAppIntegrationsChange)
+		req.Body.Payload = IntegrationsChange{Integrations: contribPackages}
+		c.scheduleSubmit(req)
+	}
+
+	c.flush()
+
+	heartbeat := internal.IntEnv("DD_TELEMETRY_HEARTBEAT_INTERVAL", defaultHeartbeatInterval)
+	if heartbeat < 1 || heartbeat > 3600 {
+		log("DD_TELEMETRY_HEARTBEAT_INTERVAL=%d not in [1,3600] range, setting to default of %d", heartbeat, defaultHeartbeatInterval)
+		heartbeat = defaultHeartbeatInterval
+	}
+	c.heartbeatInterval = time.Duration(heartbeat) * time.Second
+	c.heartbeatT = time.AfterFunc(c.heartbeatInterval, c.backgroundHeartbeat)
+}
+
+// Stop notifies the telemetry endpoint that the app is closing. All outstanding
+// messages will also be sent. No further messages will be sent until the client
+// is started again
+func (c *client) Stop() {
+	c.mu.Lock()
+	defer c.mu.Unlock()
+	if !c.started {
+		return
+	}
+	c.started = false
+	c.heartbeatT.Stop()
+	// close request types have no body
+	r := c.newRequest(RequestTypeAppClosing)
+	c.scheduleSubmit(r)
+	c.flush()
+}
+
+// Disabled returns whether instrumentation telemetry is disabled
+// according to the DD_INSTRUMENTATION_TELEMETRY_ENABLED env var
+func Disabled() bool {
+	return !internal.BoolEnv("DD_INSTRUMENTATION_TELEMETRY_ENABLED", true)
+}
+
+// collectDependencies returns whether dependencies telemetry information is sent
+func collectDependencies() bool {
+	return internal.BoolEnv("DD_TELEMETRY_DEPENDENCY_COLLECTION_ENABLED", true)
+}
+
+// MetricKind specifies the type of metric being reported.
+// Metric types mirror Datadog metric types - for a more detailed
+// description of metric types, see:
+// https://docs.datadoghq.com/metrics/types/?tab=count#metric-types
+type MetricKind string
+
+var (
+	// MetricKindGauge represents a gauge type metric
+	MetricKindGauge MetricKind = "gauge"
+	// MetricKindCount represents a count type metric
+	MetricKindCount MetricKind = "count"
+	// MetricKindDist represents a distribution type metric
+	MetricKindDist MetricKind = "distribution"
+)
+
+type metric struct {
+	name  string
+	kind  MetricKind
+	value float64
+	// Unix timestamp
+	ts     float64
+	tags   []string
+	common bool
+}
+
+// TODO: Can there be identically named/tagged metrics with a "common" and "not
+// common" variant?
+
+func newMetric(name string, kind MetricKind, tags []string, common bool) *metric {
+	return &metric{
+		name:   name,
+		kind:   kind,
+		tags:   append([]string{}, tags...),
+		common: common,
+	}
+}
+
+func metricKey(name string, tags []string, kind MetricKind) string {
+	return name + string(kind) + strings.Join(tags, "-")
+}
+
+// Record sets the value for a gauge or distribution metric type
+// with the given name and tags. If the metric is not language-specific, common should be set to true
+func (c *client) Record(namespace Namespace, kind MetricKind, name string, value float64, tags []string, common bool) {
+	c.mu.Lock()
+	defer c.mu.Unlock()
+	if !c.started {
+		return
+	}
+	if _, ok := c.metrics[namespace]; !ok {
+		c.metrics[namespace] = map[string]*metric{}
+	}
+	key := metricKey(name, tags, kind)
+	m, ok := c.metrics[namespace][key]
+	if !ok {
+		m = newMetric(name, kind, tags, common)
+		c.metrics[namespace][key] = m
+	}
+	m.value = value
+	m.ts = float64(time.Now().Unix())
+	c.newMetrics = true
+}
+
+// Count adds the value to a count with the given name and tags. If the metric
+// is not language-specific, common should be set to true
+func (c *client) Count(namespace Namespace, name string, value float64, tags []string, common bool) {
+	c.mu.Lock()
+	defer c.mu.Unlock()
+	if !c.started {
+		return
+	}
+	if _, ok := c.metrics[namespace]; !ok {
+		c.metrics[namespace] = map[string]*metric{}
+	}
+	key := metricKey(name, tags, MetricKindCount)
+	m, ok := c.metrics[namespace][key]
+	if !ok {
+		m = newMetric(name, MetricKindCount, tags, common)
+		c.metrics[namespace][key] = m
+	}
+	m.value += value
+	m.ts = float64(time.Now().Unix())
+	c.newMetrics = true
+}
+
+// flush sends any outstanding telemetry messages and aggregated metrics to be
+// sent to the backend. Requests are sent in the background. Must be called
+// with c.mu locked
+func (c *client) flush() {
+	// initialize submissions slice of capacity len(c.requests) + 2
+	// to hold all the new events, plus two potential metric events
+	submissions := make([]*Request, 0, len(c.requests)+2)
+
+	// copy over requests so we can do the actual submission without holding
+	// the lock. Zero out the old stuff so we don't leak references
+	for i, r := range c.requests {
+		submissions = append(submissions, r)
+		c.requests[i] = nil
+	}
+	c.requests = c.requests[:0]
+
+	if c.newMetrics {
+		c.newMetrics = false
+		for namespace := range c.metrics {
+			// metrics can either be request type generate-metrics or distributions
+			dPayload := &DistributionMetrics{
+				Namespace: namespace,
+			}
+			gPayload := &Metrics{
+				Namespace: namespace,
+			}
+			for _, m := range c.metrics[namespace] {
+				if m.kind == MetricKindDist {
+					dPayload.Series = append(dPayload.Series, DistributionSeries{
+						Metric: m.name,
+						Tags:   m.tags,
+						Common: m.common,
+						Points: []float64{m.value},
+					})
+				} else {
+					gPayload.Series = append(gPayload.Series, Series{
+						Metric: m.name,
+						Type:   string(m.kind),
+						Tags:   m.tags,
+						Common: m.common,
+						Points: [][2]float64{{m.ts, m.value}},
+					})
+				}
+			}
+			if len(dPayload.Series) > 0 {
+				distributions := c.newRequest(RequestTypeDistributions)
+				distributions.Body.Payload = dPayload
+				submissions = append(submissions, distributions)
+			}
+			if len(gPayload.Series) > 0 {
+				generateMetrics := c.newRequest(RequestTypeGenerateMetrics)
+				generateMetrics.Body.Payload = gPayload
+				submissions = append(submissions, generateMetrics)
+			}
+		}
+	}
+
+	go func() {
+		for _, r := range submissions {
+			err := r.submit()
+			if err != nil {
+				log("submission error: %s", err.Error())
+			}
+		}
+	}()
+}
+
+var (
+	osName        string
+	osNameOnce    sync.Once
+	osVersion     string
+	osVersionOnce sync.Once
+)
+
+// XXX: is it actually safe to cache osName and osVersion? For example, can the
+// kernel be updated without stopping execution?
+
+func getOSName() string {
+	osNameOnce.Do(func() { osName = osinfo.OSName() })
+	return osName
+}
+
+func getOSVersion() string {
+	osVersionOnce.Do(func() { osVersion = osinfo.OSVersion() })
+	return osVersion
+}
+
+// newRequests populates a request with the common fields shared by all requests
+// sent through this Client
+func (c *client) newRequest(t RequestType) *Request {
+	c.seqID++
+	body := &Body{
+		APIVersion:  "v2",
+		RequestType: t,
+		TracerTime:  time.Now().Unix(),
+		RuntimeID:   globalconfig.RuntimeID(),
+		SeqID:       c.seqID,
+		Debug:       c.debug,
+		Application: Application{
+			ServiceName:     c.Service,
+			Env:             c.Env,
+			ServiceVersion:  c.Version,
+			TracerVersion:   version.Tag,
+			LanguageName:    "go",
+			LanguageVersion: runtime.Version(),
+		},
+		Host: Host{
+			Hostname:     hostname,
+			OS:           getOSName(),
+			OSVersion:    getOSVersion(),
+			Architecture: runtime.GOARCH,
+			// TODO (lievan): getting kernel name, release, version TBD
+		},
+	}
+
+	header := &http.Header{
+		"Content-Type":               {"application/json"},
+		"DD-Telemetry-API-Version":   {"v2"},
+		"DD-Telemetry-Request-Type":  {string(t)},
+		"DD-Client-Library-Language": {"go"},
+		"DD-Client-Library-Version":  {version.Tag},
+		"DD-Agent-Env":               {c.Env},
+		"DD-Agent-Hostname":          {hostname},
+		"Datadog-Container-ID":       {internal.ContainerID()},
+	}
+	if c.URL == getAgentlessURL() {
+		header.Set("DD-API-KEY", c.APIKey)
+	}
+	client := c.Client
+	if client == nil {
+		client = defaultHTTPClient
+	}
+	return &Request{Body: body,
+		Header:     header,
+		HTTPClient: client,
+		URL:        c.URL,
+	}
+}
+
+// submit sends a telemetry request
+func (r *Request) submit() error {
+	retry, err := r.trySubmit()
+	if retry {
+		// retry telemetry submissions in instances where the telemetry client has trouble
+		// connecting with the agent
+		log("telemetry submission failed, retrying with agentless: %s", err)
+		r.URL = getAgentlessURL()
+		r.Header.Set("DD-API-KEY", defaultAPIKey())
+		if _, err := r.trySubmit(); err == nil {
+			return nil
+		}
+		log("retrying with agentless telemetry failed: %s", err)
+	}
+	return err
+}
+
+// agentlessRetry determines if we should retry a failed a request with
+// by submitting to the agentless endpoint
+func agentlessRetry(req *Request, resp *http.Response, err error) bool {
+	if req.URL == getAgentlessURL() {
+		// no need to retry with agentless endpoint if it already failed
+		return false
+	}
+	if err != nil {
+		// we didn't get a response which might signal a connectivity problem with
+		// agent - retry with agentless
+		return true
+	}
+	// TODO: add more status codes we do not want to retry on
+	doNotRetry := []int{http.StatusBadRequest, http.StatusTooManyRequests, http.StatusUnauthorized, http.StatusForbidden}
+	for status := range doNotRetry {
+		if resp.StatusCode == status {
+			return false
+		}
+	}
+	return true
+}
+
+// trySubmit submits a telemetry request to the specified URL
+// in the Request struct. If submission fails, return whether or not
+// this submission should be re-tried with the agentless endpoint
+// as well as the error that occurred
+func (r *Request) trySubmit() (retry bool, err error) {
+	b, err := json.Marshal(r.Body)
+	if err != nil {
+		return false, err
+	}
+
+	req, err := http.NewRequest(http.MethodPost, r.URL, bytes.NewReader(b))
+	if err != nil {
+		return false, err
+	}
+	req.Header = *r.Header
+
+	req.ContentLength = int64(len(b))
+
+	client := r.HTTPClient
+	if client == nil {
+		client = defaultHTTPClient
+	}
+	resp, err := client.Do(req)
+	if err != nil {
+		return agentlessRetry(r, resp, err), err
+	}
+	defer resp.Body.Close()
+	if resp.StatusCode != http.StatusAccepted && resp.StatusCode != http.StatusOK {
+		return agentlessRetry(r, resp, err), errBadStatus(resp.StatusCode)
+	}
+	return false, nil
+}
+
+type errBadStatus int
+
+func (e errBadStatus) Error() string { return fmt.Sprintf("bad HTTP response status %d", e) }
+
+// scheduleSubmit queues a request to be sent to the backend. Should be called
+// with c.mu locked
+func (c *client) scheduleSubmit(r *Request) {
+	c.requests = append(c.requests, r)
+}
+
+// backgroundHeartbeat is invoked at every heartbeat interval,
+// sending the app-heartbeat event and flushing any outstanding
+// telemetry messages
+func (c *client) backgroundHeartbeat() {
+	c.mu.Lock()
+	defer c.mu.Unlock()
+	if !c.started {
+		return
+	}
+	c.scheduleSubmit(c.newRequest(RequestTypeAppHeartbeat))
+	c.flush()
+	c.heartbeatT.Reset(c.heartbeatInterval)
+}
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/telemetry/message.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/telemetry/message.go
new file mode 100644
index 000000000..dd39f319b
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/telemetry/message.go
@@ -0,0 +1,257 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2022 Datadog, Inc.
+
+package telemetry
+
+import "net/http"
+
+// Request captures all necessary information for a telemetry event submission
+type Request struct {
+	Body       *Body
+	Header     *http.Header
+	HTTPClient *http.Client
+	URL        string
+}
+
+// Body is the common high-level structure encapsulating a telemetry request body
+type Body struct {
+	APIVersion  string      `json:"api_version"`
+	RequestType RequestType `json:"request_type"`
+	TracerTime  int64       `json:"tracer_time"`
+	RuntimeID   string      `json:"runtime_id"`
+	SeqID       int64       `json:"seq_id"`
+	Debug       bool        `json:"debug"`
+	Payload     interface{} `json:"payload"`
+	Application Application `json:"application"`
+	Host        Host        `json:"host"`
+}
+
+// RequestType determines how the Payload of a request should be handled
+type RequestType string
+
+const (
+	// RequestTypeAppStarted is the first message sent by the telemetry
+	// client, containing the configuration loaded at startup
+	RequestTypeAppStarted RequestType = "app-started"
+	// RequestTypeAppHeartbeat is sent periodically by the client to indicate
+	// that the app is still running
+	RequestTypeAppHeartbeat RequestType = "app-heartbeat"
+	// RequestTypeGenerateMetrics contains count, gauge, or rate metrics accumulated by the
+	// client, and is sent periodically along with the heartbeat
+	RequestTypeGenerateMetrics RequestType = "generate-metrics"
+	// RequestTypeDistributions is to send distribution type metrics accumulated by the
+	// client, and is sent periodically along with the heartbeat
+	RequestTypeDistributions RequestType = "distributions"
+	// RequestTypeAppClosing is sent when the telemetry client is stopped
+	RequestTypeAppClosing RequestType = "app-closing"
+	// RequestTypeDependenciesLoaded is sent if DD_TELEMETRY_DEPENDENCY_COLLECTION_ENABLED
+	// is enabled. Sent when Start is called for the telemetry client.
+	RequestTypeDependenciesLoaded RequestType = "app-dependencies-loaded"
+	// RequestTypeAppClientConfigurationChange is sent if there are changes
+	// to the client library configuration
+	RequestTypeAppClientConfigurationChange RequestType = "app-client-configuration-change"
+	// RequestTypeAppProductChange is sent when products are enabled/disabled
+	RequestTypeAppProductChange RequestType = "app-product-change"
+	// RequestTypeAppIntegrationsChange is sent when the telemetry client starts
+	// with info on which integrations are used.
+	RequestTypeAppIntegrationsChange RequestType = "app-integrations-change"
+)
+
+// Namespace describes an APM product to distinguish telemetry coming from
+// different products used by the same application
+type Namespace string
+
+const (
+	// NamespaceGeneral is for general use
+	NamespaceGeneral Namespace = "general"
+	// NamespaceTracers is for distributed tracing
+	NamespaceTracers Namespace = "tracers"
+	// NamespaceProfilers is for continuous profiling
+	NamespaceProfilers Namespace = "profilers"
+	// NamespaceASM is for application security monitoring
+	NamespaceASM Namespace = "appsec" // This was defined before the appsec -> ASM change
+)
+
+// Application is identifying information about the app itself
+type Application struct {
+	ServiceName     string `json:"service_name"`
+	Env             string `json:"env"`
+	ServiceVersion  string `json:"service_version"`
+	TracerVersion   string `json:"tracer_version"`
+	LanguageName    string `json:"language_name"`
+	LanguageVersion string `json:"language_version"`
+	RuntimeName     string `json:"runtime_name"`
+	RuntimeVersion  string `json:"runtime_version"`
+	RuntimePatches  string `json:"runtime_patches,omitempty"`
+}
+
+// Host is identifying information about the host on which the app
+// is running
+type Host struct {
+	Hostname  string `json:"hostname"`
+	OS        string `json:"os"`
+	OSVersion string `json:"os_version,omitempty"`
+	// TODO: Do we care about the kernel stuff? internal/osinfo gets most of
+	// this information in OSName/OSVersion
+	Architecture  string `json:"architecture"`
+	KernelName    string `json:"kernel_name"`
+	KernelRelease string `json:"kernel_release"`
+	KernelVersion string `json:"kernel_version"`
+}
+
+// AppStarted corresponds to the "app-started" request type
+type AppStarted struct {
+	Configuration     []Configuration     `json:"configuration,omitempty"`
+	Products          Products            `json:"products,omitempty"`
+	AdditionalPayload []AdditionalPayload `json:"additional_payload,omitempty"`
+	Error             Error               `json:"error,omitempty"`
+}
+
+// IntegrationsChange corresponds to the app-integrations-change requesty type
+type IntegrationsChange struct {
+	Integrations []Integration `json:"integrations"`
+}
+
+// Integration is an integration that is configured to be traced automatically.
+type Integration struct {
+	Name        string `json:"name"`
+	Enabled     bool   `json:"enabled"`
+	Version     string `json:"version,omitempty"`
+	AutoEnabled bool   `json:"auto_enabled,omitempty"`
+	Compatible  bool   `json:"compatible,omitempty"`
+	Error       string `json:"error,omitempty"`
+}
+
+// ConfigurationChange corresponds to the `AppClientConfigurationChange` event
+// that contains information about configuration changes since the app-started event
+type ConfigurationChange struct {
+	Configuration []Configuration `json:"conf_key_values"`
+	RemoteConfig  RemoteConfig    `json:"remote_config"`
+}
+
+// Configuration is a library-specific configuration value
+// that should be initialized through StringConfig, IntConfig, FloatConfig, or BoolConfig
+type Configuration struct {
+	Name  string      `json:"name"`
+	Value interface{} `json:"value"`
+	// origin is the source of the config. It is one of {env_var, code, dd_config, remote_config}
+	Origin      string `json:"origin"`
+	Error       Error  `json:"error"`
+	IsOverriden bool   `json:"is_overridden"`
+}
+
+// TODO: be able to pass in origin, error, isOverriden info to config
+// constructors
+
+// StringConfig returns a Configuration struct with a string value
+func StringConfig(key string, val string) Configuration {
+	return Configuration{Name: key, Value: val}
+}
+
+// IntConfig returns a Configuration struct with a int value
+func IntConfig(key string, val int) Configuration {
+	return Configuration{Name: key, Value: val}
+}
+
+// FloatConfig returns a Configuration struct with a float value
+func FloatConfig(key string, val float64) Configuration {
+	return Configuration{Name: key, Value: val}
+}
+
+// BoolConfig returns a Configuration struct with a bool value
+func BoolConfig(key string, val bool) Configuration {
+	return Configuration{Name: key, Value: val}
+}
+
+// Products specifies information about available products.
+type Products struct {
+	AppSec   ProductDetails `json:"appsec,omitempty"`
+	Profiler ProductDetails `json:"profiler,omitempty"`
+}
+
+// ProductDetails specifies details about a product.
+type ProductDetails struct {
+	Enabled bool   `json:"enabled"`
+	Version string `json:"version,omitempty"`
+	Error   Error  `json:"error,omitempty"`
+}
+
+// Dependencies stores a list of dependencies
+type Dependencies struct {
+	Dependencies []Dependency `json:"dependencies"`
+}
+
+// Dependency is a Go module on which the application depends. This information
+// can be accesed at run-time through the runtime/debug.ReadBuildInfo API.
+type Dependency struct {
+	Name    string `json:"name"`
+	Version string `json:"version"`
+}
+
+// RemoteConfig contains information about remote-config
+type RemoteConfig struct {
+	UserEnabled     string `json:"user_enabled"`     // whether the library has made a request to fetch remote-config
+	ConfigsRecieved bool   `json:"configs_received"` // whether the library receives a valid config response
+	Error           Error  `json:"error"`
+}
+
+// Error stores error information about various tracer events
+type Error struct {
+	Code    int    `json:"code"`
+	Message string `json:"message"`
+}
+
+// AdditionalPayload can be used to add extra information to the app-started
+// event
+type AdditionalPayload struct {
+	Name  string      `json:"name"`
+	Value interface{} `json:"value"`
+}
+
+// Metrics corresponds to the "generate-metrics" request type
+type Metrics struct {
+	Namespace Namespace `json:"namespace"`
+	Series    []Series  `json:"series"`
+}
+
+// DistributionMetrics corresponds to the "distributions" request type
+type DistributionMetrics struct {
+	Namespace Namespace            `json:"namespace"`
+	Series    []DistributionSeries `json:"series"`
+}
+
+// Series is a sequence of observations for a single named metric.
+// The `Points` field will store a timestamp and value.
+type Series struct {
+	Metric string       `json:"metric"`
+	Points [][2]float64 `json:"points"`
+	// Interval is required for gauge and rate metrics
+	Interval int      `json:"interval,omitempty"`
+	Type     string   `json:"type,omitempty"`
+	Tags     []string `json:"tags"`
+	// Common distinguishes metrics which are cross-language vs.
+	// language-specific.
+	//
+	// NOTE: If this field isn't present in the request, the API assumes
+	// the metric is common. So we can't "omitempty" even though the
+	// field is technically optional.
+	Common    bool   `json:"common"`
+	Namespace string `json:"namespace"`
+}
+
+// DistributionSeries is a sequence of observations for a distribution metric.
+// Unlike `Series`, DistributionSeries does not store timestamps in `Points`
+type DistributionSeries struct {
+	Metric string    `json:"metric"`
+	Points []float64 `json:"points"`
+	Tags   []string  `json:"tags"`
+	// Common distinguishes metrics which are cross-language vs.
+	// language-specific.
+	//
+	// NOTE: If this field isn't present in the request, the API assumes
+	// the metric is common. So we can't "omitempty" even though the
+	// field is technically optional.
+	Common bool `json:"common"`
+}
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/telemetry/option.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/telemetry/option.go
new file mode 100644
index 000000000..a87008b8d
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/telemetry/option.go
@@ -0,0 +1,142 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2023 Datadog, Inc.
+
+package telemetry
+
+import (
+	"errors"
+	"net/http"
+	"net/url"
+	"os"
+	"path/filepath"
+
+	"gopkg.in/DataDog/dd-trace-go.v1/internal/globalconfig"
+)
+
+// An Option is used to configure the telemetry client's settings
+type Option func(*client)
+
+// ApplyOps sets various fields of the client
+func (c *client) ApplyOps(opts ...Option) {
+	c.mu.Lock()
+	defer c.mu.Unlock()
+	for _, opt := range opts {
+		opt(c)
+	}
+}
+
+// WithNamespace sets name as the telemetry client's namespace (tracer, profiler, appsec)
+func WithNamespace(name Namespace) Option {
+	return func(client *client) {
+		client.Namespace = name
+	}
+}
+
+// WithEnv sets the app specific environment for the telemetry client
+func WithEnv(env string) Option {
+	return func(client *client) {
+		client.Env = env
+	}
+}
+
+// WithService sets the app specific service for the telemetry client
+func WithService(service string) Option {
+	return func(client *client) {
+		client.Service = service
+	}
+}
+
+// WithVersion sets the app specific version for the telemetry client
+func WithVersion(version string) Option {
+	return func(client *client) {
+		client.Version = version
+	}
+}
+
+// WithHTTPClient specifies the http client for the telemetry client
+func WithHTTPClient(httpClient *http.Client) Option {
+	return func(client *client) {
+		client.Client = httpClient
+	}
+}
+
+func defaultAPIKey() string {
+	return os.Getenv("DD_API_KEY")
+}
+
+// WithAPIKey sets the DD API KEY for the telemetry client
+func WithAPIKey(v string) Option {
+	return func(client *client) {
+		client.APIKey = v
+	}
+}
+
+// WithURL sets the URL for where telemetry information is flushed to.
+// For the URL, uploading through agent goes through
+//
+//	${AGENT_URL}/telemetry/proxy/api/v2/apmtelemetry
+//
+// for agentless:
+//
+//	https://instrumentation-telemetry-intake.datadoghq.com/api/v2/apmtelemetry
+//
+// with an API key
+func WithURL(agentless bool, agentURL string) Option {
+	return func(client *client) {
+		if agentless {
+			client.URL = getAgentlessURL()
+		} else {
+			u, err := url.Parse(agentURL)
+			if err == nil {
+				u.Path = "/telemetry/proxy/api/v2/apmtelemetry"
+				client.URL = u.String()
+			} else {
+				log("Agent URL %s is invalid, switching to agentless telemetry endpoint", agentURL)
+				client.URL = getAgentlessURL()
+			}
+		}
+	}
+}
+
+func getAgentlessURL() string {
+	agentlessEndpointLock.RLock()
+	defer agentlessEndpointLock.RUnlock()
+	return agentlessURL
+}
+
+// configEnvFallback returns the value of environment variable with the
+// given key if def == ""
+func configEnvFallback(key, def string) string {
+	if def != "" {
+		return def
+	}
+	return os.Getenv(key)
+}
+
+// fallbackOps populates missing fields of the client with environment variables
+// or default values.
+func (c *client) fallbackOps() error {
+	if c.Client == nil {
+		WithHTTPClient(defaultHTTPClient)(c)
+	}
+	if len(c.APIKey) == 0 && c.URL == getAgentlessURL() {
+		WithAPIKey(defaultAPIKey())(c)
+		if c.APIKey == "" {
+			return errors.New("agentless is turned on, but valid DD API key was not found")
+		}
+	}
+	c.Service = configEnvFallback("DD_SERVICE", c.Service)
+	if len(c.Service) == 0 {
+		if name := globalconfig.ServiceName(); len(name) != 0 {
+			c.Service = name
+		} else {
+			c.Service = filepath.Base(os.Args[0])
+
+		}
+	}
+	c.Env = configEnvFallback("DD_ENV", c.Env)
+	c.Version = configEnvFallback("DD_VERSION", c.Version)
+	return nil
+}
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/telemetry/telemetry.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/telemetry/telemetry.go
new file mode 100644
index 000000000..d9ed92a3c
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/telemetry/telemetry.go
@@ -0,0 +1,115 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2023 Datadog, Inc.
+
+// Package telemetry implements a client for sending telemetry information to
+// Datadog regarding usage of an APM library such as tracing or profiling.
+package telemetry
+
+import (
+	"time"
+
+	"gopkg.in/DataDog/dd-trace-go.v1/internal/appsec"
+)
+
+// ProductStart signals that the product has started with some configuration
+// information. It will start the telemetry client if it is not already started.
+// If the client is already started, it will send any necessary app-product-change
+// events to indicate whether the product is enabled, as well as an app-client-configuration-change
+// event in case any new configuration information is available.
+func (c *client) ProductStart(namespace Namespace, configuration []Configuration) {
+	c.mu.Lock()
+	defer c.mu.Unlock()
+	if c.started {
+		c.configChange(configuration)
+		switch namespace {
+		case NamespaceProfilers:
+			c.productEnabled(NamespaceProfilers)
+		case NamespaceTracers:
+			// Since appsec is integrated with the tracer, we sent an app-product-change
+			// update about appsec when the tracer starts. Any tracer-related configuration
+			// information can be passed along here as well.
+			if appsec.Enabled() {
+				c.productEnabled(NamespaceASM)
+			}
+		case NamespaceASM:
+			c.productEnabled(NamespaceASM)
+		default:
+			log("unknown product namespace provided to ProductStart")
+		}
+	} else {
+		c.start(configuration, namespace)
+	}
+}
+
+// configChange enqueues an app-client-configuration-change event to be flushed.
+// Must be called with c.mu locked.
+func (c *client) configChange(configuration []Configuration) {
+	if !c.started {
+		log("attempted to send config change event, but telemetry client has not started")
+		return
+	}
+	if len(configuration) > 0 {
+		configChange := new(ConfigurationChange)
+		configChange.Configuration = configuration
+		configReq := c.newRequest(RequestTypeAppClientConfigurationChange)
+		configReq.Body.Payload = configChange
+		c.scheduleSubmit(configReq)
+	}
+}
+
+// productEnabled enqueues an app-product-change event that signals a product has been turned on.
+// Must be called with c.mu locked. An app-product-change event with enabled=true indicates
+// that a certain product has been used for this application.
+func (c *client) productEnabled(namespace Namespace) {
+	if !c.started {
+		log("attempted to send product change event, but telemetry client has not started")
+		return
+	}
+	products := new(Products)
+	switch namespace {
+	case NamespaceProfilers:
+		products.Profiler = ProductDetails{Enabled: true}
+	case NamespaceASM:
+		products.AppSec = ProductDetails{Enabled: true}
+	default:
+		log("unknown product namespace, app-product-change telemetry event will not send")
+		return
+	}
+	productReq := c.newRequest(RequestTypeAppProductChange)
+	productReq.Body.Payload = products
+	c.scheduleSubmit(productReq)
+}
+
+// Integrations returns which integrations are tracked by telemetry.
+func Integrations() []Integration {
+	contrib.Lock()
+	defer contrib.Unlock()
+	return contribPackages
+}
+
+// LoadIntegration notifies telemetry that an integration is being used.
+func LoadIntegration(name string) {
+	if Disabled() {
+		return
+	}
+	contrib.Lock()
+	defer contrib.Unlock()
+	contribPackages = append(contribPackages, Integration{Name: name, Enabled: true})
+}
+
+// Time is used to track a distribution metric that measures the time (ms)
+// of some portion of code. It returns a function that should be called when
+// the desired code finishes executing.
+// For example, by adding:
+// defer Time(namespace, "init_time", nil, true)()
+// at the beginning of the tracer Start function, the tracer start time is measured
+// and stored as a metric to be flushed by the global telemetry client.
+func Time(namespace Namespace, name string, tags []string, common bool) (finish func()) {
+	start := time.Now()
+	return func() {
+		elapsed := time.Since(start)
+		GlobalClient.Record(namespace, MetricKindDist, name, float64(elapsed.Milliseconds()), tags, common)
+	}
+}
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/telemetry/utils.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/telemetry/utils.go
new file mode 100644
index 000000000..82e645d7c
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/telemetry/utils.go
@@ -0,0 +1,50 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2023 Datadog, Inc.
+
+// Package telemetry implements a client for sending telemetry information to
+// Datadog regarding usage of an APM library such as tracing or profiling.
+package telemetry
+
+import (
+	"testing"
+)
+
+// MockGlobalClient replaces the global telemetry client with a custom
+// implementation of TelemetryClient. It returns a function that can be deferred
+// to reset the global telemetry client to its previous value.
+func MockGlobalClient(client Client) func() {
+	globalClient.Lock()
+	defer globalClient.Unlock()
+	oldClient := GlobalClient
+	GlobalClient = client
+	return func() {
+		globalClient.Lock()
+		defer globalClient.Unlock()
+		GlobalClient = oldClient
+	}
+}
+
+// Check is a testing utility to assert that a target key in config contains the expected value
+func Check(t *testing.T, configuration []Configuration, key string, expected interface{}) {
+	for _, kv := range configuration {
+		if kv.Name == key {
+			if kv.Value != expected {
+				t.Errorf("configuration %s: wanted %v, got %v", key, expected, kv.Value)
+			}
+			return
+		}
+	}
+	t.Errorf("missing configuration %s", key)
+}
+
+// SetAgentlessEndpoint is used for testing purposes to replace the real agentless
+// endpoint with a custom one
+func SetAgentlessEndpoint(endpoint string) string {
+	agentlessEndpointLock.Lock()
+	defer agentlessEndpointLock.Unlock()
+	prev := agentlessURL
+	agentlessURL = endpoint
+	return prev
+}
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/trace_context.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/trace_context.go
new file mode 100644
index 000000000..47401fb6f
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/trace_context.go
@@ -0,0 +1,47 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2023 Datadog, Inc.
+
+package internal
+
+import (
+	"context"
+)
+
+type executionTracedKey struct{}
+
+// WithExecutionTraced marks ctx as being associated with an execution trace
+// task. It is assumed that ctx already contains a trace task. The caller is
+// responsible for ending the task.
+//
+// This is intended for a specific case where the database/sql contrib package
+// only creates spans *after* an operation, in case the operation was
+// unavailable, and thus execution trace tasks tied to the span only capture the
+// very end. This function enables creating a task *before* creating a span, and
+// communicating to the APM tracer that it does not need to create a task. In
+// general, APM instrumentation should prefer creating tasks around the
+// operation rather than after the fact, if possible.
+func WithExecutionTraced(ctx context.Context) context.Context {
+	return context.WithValue(ctx, executionTracedKey{}, true)
+}
+
+// WithExecutionNotTraced marks that the context is *not* covered by an
+// execution trace task.  This is intended to prevent child spans (which inherit
+// information from ctx) from being considered covered by a task, when an
+// integration may create its own child span with its own execution trace task.
+func WithExecutionNotTraced(ctx context.Context) context.Context {
+	if ctx.Value(executionTracedKey{}) == nil {
+		// Fast path: if it wasn't marked before, we don't need to wrap
+		// the context
+		return ctx
+	}
+	return context.WithValue(ctx, executionTracedKey{}, false)
+}
+
+// IsExecutionTraced returns whether ctx is associated with an execution trace
+// task, as indicated via WithExecutionTraced
+func IsExecutionTraced(ctx context.Context) bool {
+	v := ctx.Value(executionTracedKey{})
+	return v != nil && v.(bool)
+}
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/traceprof/endpoint_counter.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/traceprof/endpoint_counter.go
new file mode 100644
index 000000000..7d2c3e4a6
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/traceprof/endpoint_counter.go
@@ -0,0 +1,105 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2023 Datadog, Inc.
+
+package traceprof
+
+import (
+	"sync"
+	"sync/atomic"
+)
+
+// globalEndpointCounter is shared between the profiler and the tracer.
+var globalEndpointCounter = (func() *EndpointCounter {
+	// Create endpoint counter with arbitrary limit.
+	// The pathological edge case would be a service with a high rate (10k/s) of
+	// short (100ms) spans with unique endpoints (resource names). Over a 60s
+	// period this would grow the map to 600k items which may cause noticable
+	// memory, GC overhead and lock contention overhead. The pprof endpoint
+	// labels are less problematic since there will only be 1000 spans in-flight
+	// on average. Using a limit of 1000 will result in a similar overhead of
+	// this features compared to the pprof labels. It also seems like a
+	// reasonable upper bound for the number of endpoints a normal application
+	// may service in a 60s period.
+	ec := NewEndpointCounter(1000)
+	// Disabled by default ensures almost-zero overhead for tracing users that
+	// don't have the profiler turned on.
+	ec.SetEnabled(false)
+	return ec
+})()
+
+// GlobalEndpointCounter returns the endpoint counter that is shared between
+// tracing and profiling to support the unit of work feature.
+func GlobalEndpointCounter() *EndpointCounter {
+	return globalEndpointCounter
+}
+
+// NewEndpointCounter returns a new NewEndpointCounter that will track hit
+// counts for up to limit endpoints. A limit of <= 0 indicates no limit.
+func NewEndpointCounter(limit int) *EndpointCounter {
+	return &EndpointCounter{enabled: 1, limit: limit, counts: map[string]uint64{}}
+}
+
+// EndpointCounter counts hits per endpoint.
+//
+// TODO: This is a naive implementation with poor performance, e.g. 125ns/op in
+// BenchmarkEndpointCounter on M1. We can do 10-20x better with something more
+// complicated [1]. This will be done in a follow-up PR.
+// [1] https://github.com/felixge/countermap/blob/main/xsync_map_counter_map.go
+type EndpointCounter struct {
+	enabled uint64
+	mu      sync.Mutex
+	counts  map[string]uint64
+	limit   int
+}
+
+// SetEnabled changes if endpoint counting is enabled or not. The previous
+// value is returned.
+func (e *EndpointCounter) SetEnabled(enabled bool) bool {
+	oldVal := atomic.SwapUint64(&e.enabled, boolToUint64(enabled))
+	return oldVal == 1
+}
+
+// Inc increments the hit counter for the given endpoint by 1. If endpoint
+// counting is disabled, this method does nothing and is almost zero-cost.
+func (e *EndpointCounter) Inc(endpoint string) {
+	// Fast-path return if endpoint counter is disabled.
+	if atomic.LoadUint64(&e.enabled) == 0 {
+		return
+	}
+
+	// Acquire lock until func returns
+	e.mu.Lock()
+	defer e.mu.Unlock()
+
+	// Don't add another endpoint to the map if the limit is reached. See
+	// globalEndpointCounter comment.
+	count, ok := e.counts[endpoint]
+	if !ok && e.limit > 0 && len(e.counts) >= e.limit {
+		return
+	}
+	// Increment the endpoint count
+	e.counts[endpoint] = count + 1
+}
+
+// GetAndReset returns the hit counts for all endpoints and resets their counts
+// back to 0.
+func (e *EndpointCounter) GetAndReset() map[string]uint64 {
+	// Acquire lock until func returns
+	e.mu.Lock()
+	defer e.mu.Unlock()
+
+	// Return current counts and reset internal map.
+	counts := e.counts
+	e.counts = make(map[string]uint64)
+	return counts
+}
+
+// boolToUint64 converts b to 0 if false or 1 if true.
+func boolToUint64(b bool) uint64 {
+	if b {
+		return 1
+	}
+	return 0
+}
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/traceprof/profiler.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/traceprof/profiler.go
new file mode 100644
index 000000000..2c3088b57
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/traceprof/profiler.go
@@ -0,0 +1,35 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2023 Datadog, Inc.
+
+package traceprof
+
+import (
+	"sync/atomic"
+)
+
+var profiler struct {
+	enabled uint32
+}
+
+func SetProfilerEnabled(val bool) bool {
+	return atomic.SwapUint32(&profiler.enabled, boolToUint32(val)) != 0
+}
+
+func profilerEnabled() int {
+	return int(atomic.LoadUint32(&profiler.enabled))
+}
+
+func boolToUint32(b bool) uint32 {
+	if b {
+		return 1
+	}
+	return 0
+}
+
+func SetProfilerRootTags(localRootSpan TagSetter) {
+	localRootSpan.SetTag("_dd.profiling.enabled", profilerEnabled())
+}
+
+type TagSetter interface{ SetTag(string, interface{}) }
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/traceprof/traceprof.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/traceprof/traceprof.go
new file mode 100644
index 000000000..dc55bc889
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/traceprof/traceprof.go
@@ -0,0 +1,21 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2021 Datadog, Inc.
+
+// Package traceprof contains shared logic for cross-cutting tracer/profiler features.
+package traceprof
+
+// pprof labels applied by the tracer to show up in the profiler's profiles.
+const (
+	SpanID          = "span id"
+	LocalRootSpanID = "local root span id"
+	TraceEndpoint   = "trace endpoint"
+)
+
+// env variables used to control cross-cutting tracer/profiling features.
+const (
+	CodeHotspotsEnvVar  = "DD_PROFILING_CODE_HOTSPOTS_COLLECTION_ENABLED" // aka code hotspots
+	EndpointEnvVar      = "DD_PROFILING_ENDPOINT_COLLECTION_ENABLED"      // aka endpoint profiling
+	EndpointCountEnvVar = "DD_PROFILING_ENDPOINT_COUNT_ENABLED"           // aka unit of work
+)
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/utils.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/utils.go
new file mode 100644
index 000000000..98ca6b050
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/utils.go
@@ -0,0 +1,64 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016 Datadog, Inc.
+
+package internal
+
+import (
+	"sync"
+	"sync/atomic"
+)
+
+// LockMap uses an RWMutex to synchronize map access to allow for concurrent access.
+// This should not be used for cases with heavy write load and performance concerns.
+type LockMap struct {
+	sync.RWMutex
+	c uint32
+	m map[string]string
+}
+
+func NewLockMap(m map[string]string) *LockMap {
+	return &LockMap{m: m, c: uint32(len(m))}
+}
+
+// Iter iterates over all the map entries passing in keys and values to provided func f. Note this is READ ONLY.
+func (l *LockMap) Iter(f func(key string, val string)) {
+	c := atomic.LoadUint32(&l.c)
+	if c == 0 { //Fast exit to avoid the cost of RLock/RUnlock for empty maps
+		return
+	}
+	l.RLock()
+	defer l.RUnlock()
+	for k, v := range l.m {
+		f(k, v)
+	}
+}
+
+func (l *LockMap) Len() int {
+	l.RLock()
+	defer l.RUnlock()
+	return len(l.m)
+}
+
+func (l *LockMap) Clear() {
+	l.Lock()
+	defer l.Unlock()
+	l.m = map[string]string{}
+	atomic.StoreUint32(&l.c, 0)
+}
+
+func (l *LockMap) Set(k, v string) {
+	l.Lock()
+	defer l.Unlock()
+	if _, ok := l.m[k]; !ok {
+		atomic.AddUint32(&l.c, 1)
+	}
+	l.m[k] = v
+}
+
+func (l *LockMap) Get(k string) string {
+	l.RLock()
+	defer l.RUnlock()
+	return l.m[k]
+}
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/version/version.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/version/version.go
new file mode 100644
index 000000000..ef5ce3dc3
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/version/version.go
@@ -0,0 +1,43 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016 Datadog, Inc.
+
+package version
+
+import (
+	"regexp"
+	"strconv"
+)
+
+// Tag specifies the current release tag. It needs to be manually
+// updated. A test checks that the value of Tag never points to a
+// git tag that is older than HEAD.
+const Tag = "v1.56.1"
+
+// Dissected version number. Filled during init()
+var (
+	// Major is the current major version number
+	Major int
+	// Minor is the current minor version number
+	Minor int
+	// Patch is the current patch version number
+	Patch int
+	// RC is the current release candidate version number
+	RC int
+)
+
+func init() {
+	// This regexp matches the version format we use and captures major/minor/patch/rc in different groups
+	r := regexp.MustCompile(`v(?P<ma>\d+)\.(?P<mi>\d+)\.(?P<pa>\d+)(-rc\.(?P<rc>\d+))?`)
+	names := r.SubexpNames()
+	captures := map[string]string{}
+	// Associate each capture group match with the capture group's name to easily retrieve major/minor/patch/rc
+	for k, v := range r.FindAllStringSubmatch(Tag, -1)[0] {
+		captures[names[k]] = v
+	}
+	Major, _ = strconv.Atoi(captures["ma"])
+	Minor, _ = strconv.Atoi(captures["mi"])
+	Patch, _ = strconv.Atoi(captures["pa"])
+	RC, _ = strconv.Atoi(captures["rc"])
+}
diff --git a/vendor/gopkg.in/go-jose/go-jose.v2/.gitcookies.sh.enc b/vendor/gopkg.in/go-jose/go-jose.v2/.gitcookies.sh.enc
new file mode 100644
index 000000000..730e569b0
--- /dev/null
+++ b/vendor/gopkg.in/go-jose/go-jose.v2/.gitcookies.sh.enc
@@ -0,0 +1 @@
+'|�&{t�U|gG�(�Cy=+���c�:u:/p�#~��["�4�!�n�A�DK<�uf�h�a��:�����B/�ؤ���_�h��S�T*w�x����-�|���Ӄ�����㣗A$$�6���G)8n�p��ˡ3̚�o��v�B�3��]xݓ�2l�G�|qRޯ
�2
5R����$��Y��ݙl�˫yAI"ی���û��k�|K��[9����=�����|@S�3�#�x?�V�,��S����wP�og�6&V6	�D.dB�7
\ No newline at end of file
diff --git a/vendor/gopkg.in/go-jose/go-jose.v2/.gitignore b/vendor/gopkg.in/go-jose/go-jose.v2/.gitignore
new file mode 100644
index 000000000..95a851586
--- /dev/null
+++ b/vendor/gopkg.in/go-jose/go-jose.v2/.gitignore
@@ -0,0 +1,8 @@
+*~
+.*.swp
+*.out
+*.test
+*.pem
+*.cov
+jose-util/jose-util
+jose-util.t.err
\ No newline at end of file
diff --git a/vendor/gopkg.in/go-jose/go-jose.v2/.travis.yml b/vendor/gopkg.in/go-jose/go-jose.v2/.travis.yml
new file mode 100644
index 000000000..391b99a40
--- /dev/null
+++ b/vendor/gopkg.in/go-jose/go-jose.v2/.travis.yml
@@ -0,0 +1,45 @@
+language: go
+
+sudo: false
+
+matrix:
+  fast_finish: true
+  allow_failures:
+    - go: tip
+
+go:
+- '1.14.x'
+- '1.15.x'
+- tip
+
+go_import_path: gopkg.in/square/go-jose.v2
+
+before_script:
+- export PATH=$HOME/.local/bin:$PATH
+
+before_install:
+# Install encrypted gitcookies to get around bandwidth-limits
+# that is causing Travis-CI builds to fail. For more info, see
+# https://github.com/golang/go/issues/12933
+- openssl aes-256-cbc -K $encrypted_1528c3c2cafd_key -iv $encrypted_1528c3c2cafd_iv -in .gitcookies.sh.enc -out .gitcookies.sh -d || true
+- bash .gitcookies.sh || true
+- go get github.com/wadey/gocovmerge
+- go get github.com/mattn/goveralls
+- go get github.com/stretchr/testify/assert
+- go get github.com/stretchr/testify/require
+- go get github.com/google/go-cmp/cmp
+- go get golang.org/x/tools/cmd/cover || true
+- go get code.google.com/p/go.tools/cmd/cover || true
+- pip install cram --user
+
+script:
+- go test . -v -covermode=count -coverprofile=profile.cov
+- go test ./cipher -v -covermode=count -coverprofile=cipher/profile.cov
+- go test ./jwt -v -covermode=count -coverprofile=jwt/profile.cov
+- go test ./json -v # no coverage for forked encoding/json package
+- cd jose-util && go build && PATH=$PWD:$PATH cram -v jose-util.t # cram tests jose-util
+- cd ..
+
+after_success:
+- gocovmerge *.cov */*.cov > merged.coverprofile
+- $HOME/gopath/bin/goveralls -coverprofile merged.coverprofile -service=travis-ci
diff --git a/vendor/gopkg.in/go-jose/go-jose.v2/CONTRIBUTING.md b/vendor/gopkg.in/go-jose/go-jose.v2/CONTRIBUTING.md
new file mode 100644
index 000000000..61b183651
--- /dev/null
+++ b/vendor/gopkg.in/go-jose/go-jose.v2/CONTRIBUTING.md
@@ -0,0 +1,14 @@
+# Contributing
+
+If you would like to contribute code to go-jose you can do so through GitHub by
+forking the repository and sending a pull request.
+
+When submitting code, please make every effort to follow existing conventions
+and style in order to keep the code as readable as possible. Please also make
+sure all tests pass by running `go test`, and format your code with `go fmt`.
+We also recommend using `golint` and `errcheck`.
+
+Before your code can be accepted into the project you must also sign the
+[Individual Contributor License Agreement][1].
+
+ [1]: https://spreadsheets.google.com/spreadsheet/viewform?formkey=dDViT2xzUHAwRkI3X3k5Z0lQM091OGc6MQ&ndplr=1
diff --git a/vendor/gopkg.in/go-jose/go-jose.v2/LICENSE b/vendor/gopkg.in/go-jose/go-jose.v2/LICENSE
new file mode 100644
index 000000000..d64569567
--- /dev/null
+++ b/vendor/gopkg.in/go-jose/go-jose.v2/LICENSE
@@ -0,0 +1,202 @@
+
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright [yyyy] [name of copyright owner]
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
diff --git a/vendor/gopkg.in/go-jose/go-jose.v2/README.md b/vendor/gopkg.in/go-jose/go-jose.v2/README.md
new file mode 100644
index 000000000..46b02d61d
--- /dev/null
+++ b/vendor/gopkg.in/go-jose/go-jose.v2/README.md
@@ -0,0 +1,118 @@
+# Go JOSE 
+
+[![godoc](http://img.shields.io/badge/godoc-version_1-blue.svg?style=flat)](https://godoc.org/gopkg.in/go-jose/go-jose.v1)
+[![godoc](http://img.shields.io/badge/godoc-version_2-blue.svg?style=flat)](https://godoc.org/gopkg.in/go-jose/go-jose.v2)
+[![license](http://img.shields.io/badge/license-apache_2.0-blue.svg?style=flat)](https://raw.githubusercontent.com/go-jose/go-jose/master/LICENSE)
+[![build](https://travis-ci.org/go-jose/go-jose.svg?branch=v2)](https://travis-ci.org/go-jose/go-jose)
+[![coverage](https://coveralls.io/repos/github/go-jose/go-jose/badge.svg?branch=v2)](https://coveralls.io/r/go-jose/go-jose)
+
+Package jose aims to provide an implementation of the Javascript Object Signing
+and Encryption set of standards. This includes support for JSON Web Encryption,
+JSON Web Signature, and JSON Web Token standards.
+
+**Disclaimer**: This library contains encryption software that is subject to
+the U.S. Export Administration Regulations. You may not export, re-export,
+transfer or download this code or any part of it in violation of any United
+States law, directive or regulation. In particular this software may not be
+exported or re-exported in any form or on any media to Iran, North Sudan,
+Syria, Cuba, or North Korea, or to denied persons or entities mentioned on any
+US maintained blocked list.
+
+## Overview
+
+The implementation follows the
+[JSON Web Encryption](http://dx.doi.org/10.17487/RFC7516) (RFC 7516),
+[JSON Web Signature](http://dx.doi.org/10.17487/RFC7515) (RFC 7515), and
+[JSON Web Token](http://dx.doi.org/10.17487/RFC7519) (RFC 7519).
+Tables of supported algorithms are shown below. The library supports both
+the compact and full serialization formats, and has optional support for
+multiple recipients. It also comes with a small command-line utility
+([`jose-util`](https://github.com/go-jose/go-jose/tree/v2/jose-util))
+for dealing with JOSE messages in a shell.
+
+**Note**: We use a forked version of the `encoding/json` package from the Go
+standard library which uses case-sensitive matching for member names (instead
+of [case-insensitive matching](https://www.ietf.org/mail-archive/web/json/current/msg03763.html)).
+This is to avoid differences in interpretation of messages between go-jose and
+libraries in other languages.
+
+### Versions
+
+We use [gopkg.in](https://gopkg.in) for versioning.
+
+[Version 2](https://gopkg.in/go-jose/go-jose.v2)
+([branch](https://github.com/go-jose/go-jose/tree/v2),
+[doc](https://godoc.org/gopkg.in/go-jose/go-jose.v2)) is the current version:
+
+    import "gopkg.in/go-jose/go-jose.v2"
+
+The old `v1` branch ([go-jose.v1](https://gopkg.in/go-jose/go-jose.v1)) will
+still receive backported bug fixes and security fixes, but otherwise
+development is frozen. All new feature development takes place on the `v2`
+branch. Version 2 also contains additional sub-packages such as the
+[jwt](https://godoc.org/gopkg.in/go-jose/go-jose.v2/jwt) implementation
+contributed by [@shaxbee](https://github.com/shaxbee).
+
+### Supported algorithms
+
+See below for a table of supported algorithms. Algorithm identifiers match
+the names in the [JSON Web Algorithms](http://dx.doi.org/10.17487/RFC7518)
+standard where possible. The Godoc reference has a list of constants.
+
+ Key encryption             | Algorithm identifier(s)
+ :------------------------- | :------------------------------
+ RSA-PKCS#1v1.5             | RSA1_5
+ RSA-OAEP                   | RSA-OAEP, RSA-OAEP-256
+ AES key wrap               | A128KW, A192KW, A256KW
+ AES-GCM key wrap           | A128GCMKW, A192GCMKW, A256GCMKW
+ ECDH-ES + AES key wrap     | ECDH-ES+A128KW, ECDH-ES+A192KW, ECDH-ES+A256KW
+ ECDH-ES (direct)           | ECDH-ES<sup>1</sup>
+ Direct encryption          | dir<sup>1</sup>
+
+<sup>1. Not supported in multi-recipient mode</sup>
+
+ Signing / MAC              | Algorithm identifier(s)
+ :------------------------- | :------------------------------
+ RSASSA-PKCS#1v1.5          | RS256, RS384, RS512
+ RSASSA-PSS                 | PS256, PS384, PS512
+ HMAC                       | HS256, HS384, HS512
+ ECDSA                      | ES256, ES384, ES512
+ Ed25519                    | EdDSA<sup>2</sup>
+
+<sup>2. Only available in version 2 of the package</sup>
+
+ Content encryption         | Algorithm identifier(s)
+ :------------------------- | :------------------------------
+ AES-CBC+HMAC               | A128CBC-HS256, A192CBC-HS384, A256CBC-HS512
+ AES-GCM                    | A128GCM, A192GCM, A256GCM 
+
+ Compression                | Algorithm identifiers(s)
+ :------------------------- | -------------------------------
+ DEFLATE (RFC 1951)         | DEF
+
+### Supported key types
+
+See below for a table of supported key types. These are understood by the
+library, and can be passed to corresponding functions such as `NewEncrypter` or
+`NewSigner`. Each of these keys can also be wrapped in a JWK if desired, which
+allows attaching a key id.
+
+ Algorithm(s)               | Corresponding types
+ :------------------------- | -------------------------------
+ RSA                        | *[rsa.PublicKey](http://golang.org/pkg/crypto/rsa/#PublicKey), *[rsa.PrivateKey](http://golang.org/pkg/crypto/rsa/#PrivateKey)
+ ECDH, ECDSA                | *[ecdsa.PublicKey](http://golang.org/pkg/crypto/ecdsa/#PublicKey), *[ecdsa.PrivateKey](http://golang.org/pkg/crypto/ecdsa/#PrivateKey)
+ EdDSA<sup>1</sup>          | [ed25519.PublicKey](https://godoc.org/golang.org/x/crypto/ed25519#PublicKey), [ed25519.PrivateKey](https://godoc.org/golang.org/x/crypto/ed25519#PrivateKey)
+ AES, HMAC                  | []byte
+
+<sup>1. Only available in version 2 of the package</sup>
+
+## Examples
+
+[![godoc](http://img.shields.io/badge/godoc-version_1-blue.svg?style=flat)](https://godoc.org/gopkg.in/go-jose/go-jose.v1)
+[![godoc](http://img.shields.io/badge/godoc-version_2-blue.svg?style=flat)](https://godoc.org/gopkg.in/go-jose/go-jose.v2)
+
+Examples can be found in the Godoc
+reference for this package. The
+[`jose-util`](https://github.com/go-jose/go-jose/tree/v2/jose-util)
+subdirectory also contains a small command-line utility which might be useful
+as an example.
diff --git a/vendor/gopkg.in/go-jose/go-jose.v2/asymmetric.go b/vendor/gopkg.in/go-jose/go-jose.v2/asymmetric.go
new file mode 100644
index 000000000..3ca79cc26
--- /dev/null
+++ b/vendor/gopkg.in/go-jose/go-jose.v2/asymmetric.go
@@ -0,0 +1,592 @@
+/*-
+ * Copyright 2014 Square Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package jose
+
+import (
+	"crypto"
+	"crypto/aes"
+	"crypto/ecdsa"
+	"crypto/rand"
+	"crypto/rsa"
+	"crypto/sha1"
+	"crypto/sha256"
+	"errors"
+	"fmt"
+	"math/big"
+
+	"golang.org/x/crypto/ed25519"
+	josecipher "gopkg.in/go-jose/go-jose.v2/cipher"
+	"gopkg.in/go-jose/go-jose.v2/json"
+)
+
+// A generic RSA-based encrypter/verifier
+type rsaEncrypterVerifier struct {
+	publicKey *rsa.PublicKey
+}
+
+// A generic RSA-based decrypter/signer
+type rsaDecrypterSigner struct {
+	privateKey *rsa.PrivateKey
+}
+
+// A generic EC-based encrypter/verifier
+type ecEncrypterVerifier struct {
+	publicKey *ecdsa.PublicKey
+}
+
+type edEncrypterVerifier struct {
+	publicKey ed25519.PublicKey
+}
+
+// A key generator for ECDH-ES
+type ecKeyGenerator struct {
+	size      int
+	algID     string
+	publicKey *ecdsa.PublicKey
+}
+
+// A generic EC-based decrypter/signer
+type ecDecrypterSigner struct {
+	privateKey *ecdsa.PrivateKey
+}
+
+type edDecrypterSigner struct {
+	privateKey ed25519.PrivateKey
+}
+
+// newRSARecipient creates recipientKeyInfo based on the given key.
+func newRSARecipient(keyAlg KeyAlgorithm, publicKey *rsa.PublicKey) (recipientKeyInfo, error) {
+	// Verify that key management algorithm is supported by this encrypter
+	switch keyAlg {
+	case RSA1_5, RSA_OAEP, RSA_OAEP_256:
+	default:
+		return recipientKeyInfo{}, ErrUnsupportedAlgorithm
+	}
+
+	if publicKey == nil {
+		return recipientKeyInfo{}, errors.New("invalid public key")
+	}
+
+	return recipientKeyInfo{
+		keyAlg: keyAlg,
+		keyEncrypter: &rsaEncrypterVerifier{
+			publicKey: publicKey,
+		},
+	}, nil
+}
+
+// newRSASigner creates a recipientSigInfo based on the given key.
+func newRSASigner(sigAlg SignatureAlgorithm, privateKey *rsa.PrivateKey) (recipientSigInfo, error) {
+	// Verify that key management algorithm is supported by this encrypter
+	switch sigAlg {
+	case RS256, RS384, RS512, PS256, PS384, PS512:
+	default:
+		return recipientSigInfo{}, ErrUnsupportedAlgorithm
+	}
+
+	if privateKey == nil {
+		return recipientSigInfo{}, errors.New("invalid private key")
+	}
+
+	return recipientSigInfo{
+		sigAlg: sigAlg,
+		publicKey: staticPublicKey(&JSONWebKey{
+			Key: privateKey.Public(),
+		}),
+		signer: &rsaDecrypterSigner{
+			privateKey: privateKey,
+		},
+	}, nil
+}
+
+func newEd25519Signer(sigAlg SignatureAlgorithm, privateKey ed25519.PrivateKey) (recipientSigInfo, error) {
+	if sigAlg != EdDSA {
+		return recipientSigInfo{}, ErrUnsupportedAlgorithm
+	}
+
+	if privateKey == nil {
+		return recipientSigInfo{}, errors.New("invalid private key")
+	}
+	return recipientSigInfo{
+		sigAlg: sigAlg,
+		publicKey: staticPublicKey(&JSONWebKey{
+			Key: privateKey.Public(),
+		}),
+		signer: &edDecrypterSigner{
+			privateKey: privateKey,
+		},
+	}, nil
+}
+
+// newECDHRecipient creates recipientKeyInfo based on the given key.
+func newECDHRecipient(keyAlg KeyAlgorithm, publicKey *ecdsa.PublicKey) (recipientKeyInfo, error) {
+	// Verify that key management algorithm is supported by this encrypter
+	switch keyAlg {
+	case ECDH_ES, ECDH_ES_A128KW, ECDH_ES_A192KW, ECDH_ES_A256KW:
+	default:
+		return recipientKeyInfo{}, ErrUnsupportedAlgorithm
+	}
+
+	if publicKey == nil || !publicKey.Curve.IsOnCurve(publicKey.X, publicKey.Y) {
+		return recipientKeyInfo{}, errors.New("invalid public key")
+	}
+
+	return recipientKeyInfo{
+		keyAlg: keyAlg,
+		keyEncrypter: &ecEncrypterVerifier{
+			publicKey: publicKey,
+		},
+	}, nil
+}
+
+// newECDSASigner creates a recipientSigInfo based on the given key.
+func newECDSASigner(sigAlg SignatureAlgorithm, privateKey *ecdsa.PrivateKey) (recipientSigInfo, error) {
+	// Verify that key management algorithm is supported by this encrypter
+	switch sigAlg {
+	case ES256, ES384, ES512:
+	default:
+		return recipientSigInfo{}, ErrUnsupportedAlgorithm
+	}
+
+	if privateKey == nil {
+		return recipientSigInfo{}, errors.New("invalid private key")
+	}
+
+	return recipientSigInfo{
+		sigAlg: sigAlg,
+		publicKey: staticPublicKey(&JSONWebKey{
+			Key: privateKey.Public(),
+		}),
+		signer: &ecDecrypterSigner{
+			privateKey: privateKey,
+		},
+	}, nil
+}
+
+// Encrypt the given payload and update the object.
+func (ctx rsaEncrypterVerifier) encryptKey(cek []byte, alg KeyAlgorithm) (recipientInfo, error) {
+	encryptedKey, err := ctx.encrypt(cek, alg)
+	if err != nil {
+		return recipientInfo{}, err
+	}
+
+	return recipientInfo{
+		encryptedKey: encryptedKey,
+		header:       &rawHeader{},
+	}, nil
+}
+
+// Encrypt the given payload. Based on the key encryption algorithm,
+// this will either use RSA-PKCS1v1.5 or RSA-OAEP (with SHA-1 or SHA-256).
+func (ctx rsaEncrypterVerifier) encrypt(cek []byte, alg KeyAlgorithm) ([]byte, error) {
+	switch alg {
+	case RSA1_5:
+		return rsa.EncryptPKCS1v15(RandReader, ctx.publicKey, cek)
+	case RSA_OAEP:
+		return rsa.EncryptOAEP(sha1.New(), RandReader, ctx.publicKey, cek, []byte{})
+	case RSA_OAEP_256:
+		return rsa.EncryptOAEP(sha256.New(), RandReader, ctx.publicKey, cek, []byte{})
+	}
+
+	return nil, ErrUnsupportedAlgorithm
+}
+
+// Decrypt the given payload and return the content encryption key.
+func (ctx rsaDecrypterSigner) decryptKey(headers rawHeader, recipient *recipientInfo, generator keyGenerator) ([]byte, error) {
+	return ctx.decrypt(recipient.encryptedKey, headers.getAlgorithm(), generator)
+}
+
+// Decrypt the given payload. Based on the key encryption algorithm,
+// this will either use RSA-PKCS1v1.5 or RSA-OAEP (with SHA-1 or SHA-256).
+func (ctx rsaDecrypterSigner) decrypt(jek []byte, alg KeyAlgorithm, generator keyGenerator) ([]byte, error) {
+	// Note: The random reader on decrypt operations is only used for blinding,
+	// so stubbing is meanlingless (hence the direct use of rand.Reader).
+	switch alg {
+	case RSA1_5:
+		defer func() {
+			// DecryptPKCS1v15SessionKey sometimes panics on an invalid payload
+			// because of an index out of bounds error, which we want to ignore.
+			// This has been fixed in Go 1.3.1 (released 2014/08/13), the recover()
+			// only exists for preventing crashes with unpatched versions.
+			// See: https://groups.google.com/forum/#!topic/golang-dev/7ihX6Y6kx9k
+			// See: https://code.google.com/p/go/source/detail?r=58ee390ff31602edb66af41ed10901ec95904d33
+			_ = recover()
+		}()
+
+		// Perform some input validation.
+		keyBytes := ctx.privateKey.PublicKey.N.BitLen() / 8
+		if keyBytes != len(jek) {
+			// Input size is incorrect, the encrypted payload should always match
+			// the size of the public modulus (e.g. using a 2048 bit key will
+			// produce 256 bytes of output). Reject this since it's invalid input.
+			return nil, ErrCryptoFailure
+		}
+
+		cek, _, err := generator.genKey()
+		if err != nil {
+			return nil, ErrCryptoFailure
+		}
+
+		// When decrypting an RSA-PKCS1v1.5 payload, we must take precautions to
+		// prevent chosen-ciphertext attacks as described in RFC 3218, "Preventing
+		// the Million Message Attack on Cryptographic Message Syntax". We are
+		// therefore deliberately ignoring errors here.
+		_ = rsa.DecryptPKCS1v15SessionKey(rand.Reader, ctx.privateKey, jek, cek)
+
+		return cek, nil
+	case RSA_OAEP:
+		// Use rand.Reader for RSA blinding
+		return rsa.DecryptOAEP(sha1.New(), rand.Reader, ctx.privateKey, jek, []byte{})
+	case RSA_OAEP_256:
+		// Use rand.Reader for RSA blinding
+		return rsa.DecryptOAEP(sha256.New(), rand.Reader, ctx.privateKey, jek, []byte{})
+	}
+
+	return nil, ErrUnsupportedAlgorithm
+}
+
+// Sign the given payload
+func (ctx rsaDecrypterSigner) signPayload(payload []byte, alg SignatureAlgorithm) (Signature, error) {
+	var hash crypto.Hash
+
+	switch alg {
+	case RS256, PS256:
+		hash = crypto.SHA256
+	case RS384, PS384:
+		hash = crypto.SHA384
+	case RS512, PS512:
+		hash = crypto.SHA512
+	default:
+		return Signature{}, ErrUnsupportedAlgorithm
+	}
+
+	hasher := hash.New()
+
+	// According to documentation, Write() on hash never fails
+	_, _ = hasher.Write(payload)
+	hashed := hasher.Sum(nil)
+
+	var out []byte
+	var err error
+
+	switch alg {
+	case RS256, RS384, RS512:
+		out, err = rsa.SignPKCS1v15(RandReader, ctx.privateKey, hash, hashed)
+	case PS256, PS384, PS512:
+		out, err = rsa.SignPSS(RandReader, ctx.privateKey, hash, hashed, &rsa.PSSOptions{
+			SaltLength: rsa.PSSSaltLengthEqualsHash,
+		})
+	}
+
+	if err != nil {
+		return Signature{}, err
+	}
+
+	return Signature{
+		Signature: out,
+		protected: &rawHeader{},
+	}, nil
+}
+
+// Verify the given payload
+func (ctx rsaEncrypterVerifier) verifyPayload(payload []byte, signature []byte, alg SignatureAlgorithm) error {
+	var hash crypto.Hash
+
+	switch alg {
+	case RS256, PS256:
+		hash = crypto.SHA256
+	case RS384, PS384:
+		hash = crypto.SHA384
+	case RS512, PS512:
+		hash = crypto.SHA512
+	default:
+		return ErrUnsupportedAlgorithm
+	}
+
+	hasher := hash.New()
+
+	// According to documentation, Write() on hash never fails
+	_, _ = hasher.Write(payload)
+	hashed := hasher.Sum(nil)
+
+	switch alg {
+	case RS256, RS384, RS512:
+		return rsa.VerifyPKCS1v15(ctx.publicKey, hash, hashed, signature)
+	case PS256, PS384, PS512:
+		return rsa.VerifyPSS(ctx.publicKey, hash, hashed, signature, nil)
+	}
+
+	return ErrUnsupportedAlgorithm
+}
+
+// Encrypt the given payload and update the object.
+func (ctx ecEncrypterVerifier) encryptKey(cek []byte, alg KeyAlgorithm) (recipientInfo, error) {
+	switch alg {
+	case ECDH_ES:
+		// ECDH-ES mode doesn't wrap a key, the shared secret is used directly as the key.
+		return recipientInfo{
+			header: &rawHeader{},
+		}, nil
+	case ECDH_ES_A128KW, ECDH_ES_A192KW, ECDH_ES_A256KW:
+	default:
+		return recipientInfo{}, ErrUnsupportedAlgorithm
+	}
+
+	generator := ecKeyGenerator{
+		algID:     string(alg),
+		publicKey: ctx.publicKey,
+	}
+
+	switch alg {
+	case ECDH_ES_A128KW:
+		generator.size = 16
+	case ECDH_ES_A192KW:
+		generator.size = 24
+	case ECDH_ES_A256KW:
+		generator.size = 32
+	}
+
+	kek, header, err := generator.genKey()
+	if err != nil {
+		return recipientInfo{}, err
+	}
+
+	block, err := aes.NewCipher(kek)
+	if err != nil {
+		return recipientInfo{}, err
+	}
+
+	jek, err := josecipher.KeyWrap(block, cek)
+	if err != nil {
+		return recipientInfo{}, err
+	}
+
+	return recipientInfo{
+		encryptedKey: jek,
+		header:       &header,
+	}, nil
+}
+
+// Get key size for EC key generator
+func (ctx ecKeyGenerator) keySize() int {
+	return ctx.size
+}
+
+// Get a content encryption key for ECDH-ES
+func (ctx ecKeyGenerator) genKey() ([]byte, rawHeader, error) {
+	priv, err := ecdsa.GenerateKey(ctx.publicKey.Curve, RandReader)
+	if err != nil {
+		return nil, rawHeader{}, err
+	}
+
+	out := josecipher.DeriveECDHES(ctx.algID, []byte{}, []byte{}, priv, ctx.publicKey, ctx.size)
+
+	b, err := json.Marshal(&JSONWebKey{
+		Key: &priv.PublicKey,
+	})
+	if err != nil {
+		return nil, nil, err
+	}
+
+	headers := rawHeader{
+		headerEPK: makeRawMessage(b),
+	}
+
+	return out, headers, nil
+}
+
+// Decrypt the given payload and return the content encryption key.
+func (ctx ecDecrypterSigner) decryptKey(headers rawHeader, recipient *recipientInfo, generator keyGenerator) ([]byte, error) {
+	epk, err := headers.getEPK()
+	if err != nil {
+		return nil, errors.New("go-jose/go-jose: invalid epk header")
+	}
+	if epk == nil {
+		return nil, errors.New("go-jose/go-jose: missing epk header")
+	}
+
+	publicKey, ok := epk.Key.(*ecdsa.PublicKey)
+	if publicKey == nil || !ok {
+		return nil, errors.New("go-jose/go-jose: invalid epk header")
+	}
+
+	if !ctx.privateKey.Curve.IsOnCurve(publicKey.X, publicKey.Y) {
+		return nil, errors.New("go-jose/go-jose: invalid public key in epk header")
+	}
+
+	apuData, err := headers.getAPU()
+	if err != nil {
+		return nil, errors.New("go-jose/go-jose: invalid apu header")
+	}
+	apvData, err := headers.getAPV()
+	if err != nil {
+		return nil, errors.New("go-jose/go-jose: invalid apv header")
+	}
+
+	deriveKey := func(algID string, size int) []byte {
+		return josecipher.DeriveECDHES(algID, apuData.bytes(), apvData.bytes(), ctx.privateKey, publicKey, size)
+	}
+
+	var keySize int
+
+	algorithm := headers.getAlgorithm()
+	switch algorithm {
+	case ECDH_ES:
+		// ECDH-ES uses direct key agreement, no key unwrapping necessary.
+		return deriveKey(string(headers.getEncryption()), generator.keySize()), nil
+	case ECDH_ES_A128KW:
+		keySize = 16
+	case ECDH_ES_A192KW:
+		keySize = 24
+	case ECDH_ES_A256KW:
+		keySize = 32
+	default:
+		return nil, ErrUnsupportedAlgorithm
+	}
+
+	key := deriveKey(string(algorithm), keySize)
+	block, err := aes.NewCipher(key)
+	if err != nil {
+		return nil, err
+	}
+
+	return josecipher.KeyUnwrap(block, recipient.encryptedKey)
+}
+
+func (ctx edDecrypterSigner) signPayload(payload []byte, alg SignatureAlgorithm) (Signature, error) {
+	if alg != EdDSA {
+		return Signature{}, ErrUnsupportedAlgorithm
+	}
+
+	sig, err := ctx.privateKey.Sign(RandReader, payload, crypto.Hash(0))
+	if err != nil {
+		return Signature{}, err
+	}
+
+	return Signature{
+		Signature: sig,
+		protected: &rawHeader{},
+	}, nil
+}
+
+func (ctx edEncrypterVerifier) verifyPayload(payload []byte, signature []byte, alg SignatureAlgorithm) error {
+	if alg != EdDSA {
+		return ErrUnsupportedAlgorithm
+	}
+	ok := ed25519.Verify(ctx.publicKey, payload, signature)
+	if !ok {
+		return errors.New("go-jose/go-jose: ed25519 signature failed to verify")
+	}
+	return nil
+}
+
+// Sign the given payload
+func (ctx ecDecrypterSigner) signPayload(payload []byte, alg SignatureAlgorithm) (Signature, error) {
+	var expectedBitSize int
+	var hash crypto.Hash
+
+	switch alg {
+	case ES256:
+		expectedBitSize = 256
+		hash = crypto.SHA256
+	case ES384:
+		expectedBitSize = 384
+		hash = crypto.SHA384
+	case ES512:
+		expectedBitSize = 521
+		hash = crypto.SHA512
+	}
+
+	curveBits := ctx.privateKey.Curve.Params().BitSize
+	if expectedBitSize != curveBits {
+		return Signature{}, fmt.Errorf("go-jose/go-jose: expected %d bit key, got %d bits instead", expectedBitSize, curveBits)
+	}
+
+	hasher := hash.New()
+
+	// According to documentation, Write() on hash never fails
+	_, _ = hasher.Write(payload)
+	hashed := hasher.Sum(nil)
+
+	r, s, err := ecdsa.Sign(RandReader, ctx.privateKey, hashed)
+	if err != nil {
+		return Signature{}, err
+	}
+
+	keyBytes := curveBits / 8
+	if curveBits%8 > 0 {
+		keyBytes++
+	}
+
+	// We serialize the outputs (r and s) into big-endian byte arrays and pad
+	// them with zeros on the left to make sure the sizes work out. Both arrays
+	// must be keyBytes long, and the output must be 2*keyBytes long.
+	rBytes := r.Bytes()
+	rBytesPadded := make([]byte, keyBytes)
+	copy(rBytesPadded[keyBytes-len(rBytes):], rBytes)
+
+	sBytes := s.Bytes()
+	sBytesPadded := make([]byte, keyBytes)
+	copy(sBytesPadded[keyBytes-len(sBytes):], sBytes)
+
+	out := append(rBytesPadded, sBytesPadded...)
+
+	return Signature{
+		Signature: out,
+		protected: &rawHeader{},
+	}, nil
+}
+
+// Verify the given payload
+func (ctx ecEncrypterVerifier) verifyPayload(payload []byte, signature []byte, alg SignatureAlgorithm) error {
+	var keySize int
+	var hash crypto.Hash
+
+	switch alg {
+	case ES256:
+		keySize = 32
+		hash = crypto.SHA256
+	case ES384:
+		keySize = 48
+		hash = crypto.SHA384
+	case ES512:
+		keySize = 66
+		hash = crypto.SHA512
+	default:
+		return ErrUnsupportedAlgorithm
+	}
+
+	if len(signature) != 2*keySize {
+		return fmt.Errorf("go-jose/go-jose: invalid signature size, have %d bytes, wanted %d", len(signature), 2*keySize)
+	}
+
+	hasher := hash.New()
+
+	// According to documentation, Write() on hash never fails
+	_, _ = hasher.Write(payload)
+	hashed := hasher.Sum(nil)
+
+	r := big.NewInt(0).SetBytes(signature[:keySize])
+	s := big.NewInt(0).SetBytes(signature[keySize:])
+
+	match := ecdsa.Verify(ctx.publicKey, hashed, r, s)
+	if !match {
+		return errors.New("go-jose/go-jose: ecdsa signature failed to verify")
+	}
+
+	return nil
+}
diff --git a/vendor/gopkg.in/go-jose/go-jose.v2/cipher/cbc_hmac.go b/vendor/gopkg.in/go-jose/go-jose.v2/cipher/cbc_hmac.go
new file mode 100644
index 000000000..87065a5b9
--- /dev/null
+++ b/vendor/gopkg.in/go-jose/go-jose.v2/cipher/cbc_hmac.go
@@ -0,0 +1,196 @@
+/*-
+ * Copyright 2014 Square Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package josecipher
+
+import (
+	"bytes"
+	"crypto/cipher"
+	"crypto/hmac"
+	"crypto/sha256"
+	"crypto/sha512"
+	"crypto/subtle"
+	"encoding/binary"
+	"errors"
+	"hash"
+)
+
+const (
+	nonceBytes = 16
+)
+
+// NewCBCHMAC instantiates a new AEAD based on CBC+HMAC.
+func NewCBCHMAC(key []byte, newBlockCipher func([]byte) (cipher.Block, error)) (cipher.AEAD, error) {
+	keySize := len(key) / 2
+	integrityKey := key[:keySize]
+	encryptionKey := key[keySize:]
+
+	blockCipher, err := newBlockCipher(encryptionKey)
+	if err != nil {
+		return nil, err
+	}
+
+	var hash func() hash.Hash
+	switch keySize {
+	case 16:
+		hash = sha256.New
+	case 24:
+		hash = sha512.New384
+	case 32:
+		hash = sha512.New
+	}
+
+	return &cbcAEAD{
+		hash:         hash,
+		blockCipher:  blockCipher,
+		authtagBytes: keySize,
+		integrityKey: integrityKey,
+	}, nil
+}
+
+// An AEAD based on CBC+HMAC
+type cbcAEAD struct {
+	hash         func() hash.Hash
+	authtagBytes int
+	integrityKey []byte
+	blockCipher  cipher.Block
+}
+
+func (ctx *cbcAEAD) NonceSize() int {
+	return nonceBytes
+}
+
+func (ctx *cbcAEAD) Overhead() int {
+	// Maximum overhead is block size (for padding) plus auth tag length, where
+	// the length of the auth tag is equivalent to the key size.
+	return ctx.blockCipher.BlockSize() + ctx.authtagBytes
+}
+
+// Seal encrypts and authenticates the plaintext.
+func (ctx *cbcAEAD) Seal(dst, nonce, plaintext, data []byte) []byte {
+	// Output buffer -- must take care not to mangle plaintext input.
+	ciphertext := make([]byte, uint64(len(plaintext))+uint64(ctx.Overhead()))[:len(plaintext)]
+	copy(ciphertext, plaintext)
+	ciphertext = padBuffer(ciphertext, ctx.blockCipher.BlockSize())
+
+	cbc := cipher.NewCBCEncrypter(ctx.blockCipher, nonce)
+
+	cbc.CryptBlocks(ciphertext, ciphertext)
+	authtag := ctx.computeAuthTag(data, nonce, ciphertext)
+
+	ret, out := resize(dst, uint64(len(dst))+uint64(len(ciphertext))+uint64(len(authtag)))
+	copy(out, ciphertext)
+	copy(out[len(ciphertext):], authtag)
+
+	return ret
+}
+
+// Open decrypts and authenticates the ciphertext.
+func (ctx *cbcAEAD) Open(dst, nonce, ciphertext, data []byte) ([]byte, error) {
+	if len(ciphertext) < ctx.authtagBytes {
+		return nil, errors.New("go-jose/go-jose: invalid ciphertext (too short)")
+	}
+
+	offset := len(ciphertext) - ctx.authtagBytes
+	expectedTag := ctx.computeAuthTag(data, nonce, ciphertext[:offset])
+	match := subtle.ConstantTimeCompare(expectedTag, ciphertext[offset:])
+	if match != 1 {
+		return nil, errors.New("go-jose/go-jose: invalid ciphertext (auth tag mismatch)")
+	}
+
+	cbc := cipher.NewCBCDecrypter(ctx.blockCipher, nonce)
+
+	// Make copy of ciphertext buffer, don't want to modify in place
+	buffer := append([]byte{}, []byte(ciphertext[:offset])...)
+
+	if len(buffer)%ctx.blockCipher.BlockSize() > 0 {
+		return nil, errors.New("go-jose/go-jose: invalid ciphertext (invalid length)")
+	}
+
+	cbc.CryptBlocks(buffer, buffer)
+
+	// Remove padding
+	plaintext, err := unpadBuffer(buffer, ctx.blockCipher.BlockSize())
+	if err != nil {
+		return nil, err
+	}
+
+	ret, out := resize(dst, uint64(len(dst))+uint64(len(plaintext)))
+	copy(out, plaintext)
+
+	return ret, nil
+}
+
+// Compute an authentication tag
+func (ctx *cbcAEAD) computeAuthTag(aad, nonce, ciphertext []byte) []byte {
+	buffer := make([]byte, uint64(len(aad))+uint64(len(nonce))+uint64(len(ciphertext))+8)
+	n := 0
+	n += copy(buffer, aad)
+	n += copy(buffer[n:], nonce)
+	n += copy(buffer[n:], ciphertext)
+	binary.BigEndian.PutUint64(buffer[n:], uint64(len(aad))*8)
+
+	// According to documentation, Write() on hash.Hash never fails.
+	hmac := hmac.New(ctx.hash, ctx.integrityKey)
+	_, _ = hmac.Write(buffer)
+
+	return hmac.Sum(nil)[:ctx.authtagBytes]
+}
+
+// resize ensures that the given slice has a capacity of at least n bytes.
+// If the capacity of the slice is less than n, a new slice is allocated
+// and the existing data will be copied.
+func resize(in []byte, n uint64) (head, tail []byte) {
+	if uint64(cap(in)) >= n {
+		head = in[:n]
+	} else {
+		head = make([]byte, n)
+		copy(head, in)
+	}
+
+	tail = head[len(in):]
+	return
+}
+
+// Apply padding
+func padBuffer(buffer []byte, blockSize int) []byte {
+	missing := blockSize - (len(buffer) % blockSize)
+	ret, out := resize(buffer, uint64(len(buffer))+uint64(missing))
+	padding := bytes.Repeat([]byte{byte(missing)}, missing)
+	copy(out, padding)
+	return ret
+}
+
+// Remove padding
+func unpadBuffer(buffer []byte, blockSize int) ([]byte, error) {
+	if len(buffer)%blockSize != 0 {
+		return nil, errors.New("go-jose/go-jose: invalid padding")
+	}
+
+	last := buffer[len(buffer)-1]
+	count := int(last)
+
+	if count == 0 || count > blockSize || count > len(buffer) {
+		return nil, errors.New("go-jose/go-jose: invalid padding")
+	}
+
+	padding := bytes.Repeat([]byte{last}, count)
+	if !bytes.HasSuffix(buffer, padding) {
+		return nil, errors.New("go-jose/go-jose: invalid padding")
+	}
+
+	return buffer[:len(buffer)-count], nil
+}
diff --git a/vendor/gopkg.in/go-jose/go-jose.v2/cipher/concat_kdf.go b/vendor/gopkg.in/go-jose/go-jose.v2/cipher/concat_kdf.go
new file mode 100644
index 000000000..f62c3bdba
--- /dev/null
+++ b/vendor/gopkg.in/go-jose/go-jose.v2/cipher/concat_kdf.go
@@ -0,0 +1,75 @@
+/*-
+ * Copyright 2014 Square Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package josecipher
+
+import (
+	"crypto"
+	"encoding/binary"
+	"hash"
+	"io"
+)
+
+type concatKDF struct {
+	z, info []byte
+	i       uint32
+	cache   []byte
+	hasher  hash.Hash
+}
+
+// NewConcatKDF builds a KDF reader based on the given inputs.
+func NewConcatKDF(hash crypto.Hash, z, algID, ptyUInfo, ptyVInfo, supPubInfo, supPrivInfo []byte) io.Reader {
+	buffer := make([]byte, uint64(len(algID))+uint64(len(ptyUInfo))+uint64(len(ptyVInfo))+uint64(len(supPubInfo))+uint64(len(supPrivInfo)))
+	n := 0
+	n += copy(buffer, algID)
+	n += copy(buffer[n:], ptyUInfo)
+	n += copy(buffer[n:], ptyVInfo)
+	n += copy(buffer[n:], supPubInfo)
+	copy(buffer[n:], supPrivInfo)
+
+	hasher := hash.New()
+
+	return &concatKDF{
+		z:      z,
+		info:   buffer,
+		hasher: hasher,
+		cache:  []byte{},
+		i:      1,
+	}
+}
+
+func (ctx *concatKDF) Read(out []byte) (int, error) {
+	copied := copy(out, ctx.cache)
+	ctx.cache = ctx.cache[copied:]
+
+	for copied < len(out) {
+		ctx.hasher.Reset()
+
+		// Write on a hash.Hash never fails
+		_ = binary.Write(ctx.hasher, binary.BigEndian, ctx.i)
+		_, _ = ctx.hasher.Write(ctx.z)
+		_, _ = ctx.hasher.Write(ctx.info)
+
+		hash := ctx.hasher.Sum(nil)
+		chunkCopied := copy(out[copied:], hash)
+		copied += chunkCopied
+		ctx.cache = hash[chunkCopied:]
+
+		ctx.i++
+	}
+
+	return copied, nil
+}
diff --git a/vendor/gopkg.in/go-jose/go-jose.v2/cipher/ecdh_es.go b/vendor/gopkg.in/go-jose/go-jose.v2/cipher/ecdh_es.go
new file mode 100644
index 000000000..093c64674
--- /dev/null
+++ b/vendor/gopkg.in/go-jose/go-jose.v2/cipher/ecdh_es.go
@@ -0,0 +1,86 @@
+/*-
+ * Copyright 2014 Square Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package josecipher
+
+import (
+	"bytes"
+	"crypto"
+	"crypto/ecdsa"
+	"crypto/elliptic"
+	"encoding/binary"
+)
+
+// DeriveECDHES derives a shared encryption key using ECDH/ConcatKDF as described in JWE/JWA.
+// It is an error to call this function with a private/public key that are not on the same
+// curve. Callers must ensure that the keys are valid before calling this function. Output
+// size may be at most 1<<16 bytes (64 KiB).
+func DeriveECDHES(alg string, apuData, apvData []byte, priv *ecdsa.PrivateKey, pub *ecdsa.PublicKey, size int) []byte {
+	if size > 1<<16 {
+		panic("ECDH-ES output size too large, must be less than or equal to 1<<16")
+	}
+
+	// algId, partyUInfo, partyVInfo inputs must be prefixed with the length
+	algID := lengthPrefixed([]byte(alg))
+	ptyUInfo := lengthPrefixed(apuData)
+	ptyVInfo := lengthPrefixed(apvData)
+
+	// suppPubInfo is the encoded length of the output size in bits
+	supPubInfo := make([]byte, 4)
+	binary.BigEndian.PutUint32(supPubInfo, uint32(size)*8)
+
+	if !priv.PublicKey.Curve.IsOnCurve(pub.X, pub.Y) {
+		panic("public key not on same curve as private key")
+	}
+
+	z, _ := priv.Curve.ScalarMult(pub.X, pub.Y, priv.D.Bytes())
+	zBytes := z.Bytes()
+
+	// Note that calling z.Bytes() on a big.Int may strip leading zero bytes from
+	// the returned byte array. This can lead to a problem where zBytes will be
+	// shorter than expected which breaks the key derivation. Therefore we must pad
+	// to the full length of the expected coordinate here before calling the KDF.
+	octSize := dSize(priv.Curve)
+	if len(zBytes) != octSize {
+		zBytes = append(bytes.Repeat([]byte{0}, octSize-len(zBytes)), zBytes...)
+	}
+
+	reader := NewConcatKDF(crypto.SHA256, zBytes, algID, ptyUInfo, ptyVInfo, supPubInfo, []byte{})
+	key := make([]byte, size)
+
+	// Read on the KDF will never fail
+	_, _ = reader.Read(key)
+
+	return key
+}
+
+// dSize returns the size in octets for a coordinate on a elliptic curve.
+func dSize(curve elliptic.Curve) int {
+	order := curve.Params().P
+	bitLen := order.BitLen()
+	size := bitLen / 8
+	if bitLen%8 != 0 {
+		size++
+	}
+	return size
+}
+
+func lengthPrefixed(data []byte) []byte {
+	out := make([]byte, len(data)+4)
+	binary.BigEndian.PutUint32(out, uint32(len(data)))
+	copy(out[4:], data)
+	return out
+}
diff --git a/vendor/gopkg.in/go-jose/go-jose.v2/cipher/key_wrap.go b/vendor/gopkg.in/go-jose/go-jose.v2/cipher/key_wrap.go
new file mode 100644
index 000000000..668358f98
--- /dev/null
+++ b/vendor/gopkg.in/go-jose/go-jose.v2/cipher/key_wrap.go
@@ -0,0 +1,109 @@
+/*-
+ * Copyright 2014 Square Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package josecipher
+
+import (
+	"crypto/cipher"
+	"crypto/subtle"
+	"encoding/binary"
+	"errors"
+)
+
+var defaultIV = []byte{0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6}
+
+// KeyWrap implements NIST key wrapping; it wraps a content encryption key (cek) with the given block cipher.
+func KeyWrap(block cipher.Block, cek []byte) ([]byte, error) {
+	if len(cek)%8 != 0 {
+		return nil, errors.New("go-jose/go-jose: key wrap input must be 8 byte blocks")
+	}
+
+	n := len(cek) / 8
+	r := make([][]byte, n)
+
+	for i := range r {
+		r[i] = make([]byte, 8)
+		copy(r[i], cek[i*8:])
+	}
+
+	buffer := make([]byte, 16)
+	tBytes := make([]byte, 8)
+	copy(buffer, defaultIV)
+
+	for t := 0; t < 6*n; t++ {
+		copy(buffer[8:], r[t%n])
+
+		block.Encrypt(buffer, buffer)
+
+		binary.BigEndian.PutUint64(tBytes, uint64(t+1))
+
+		for i := 0; i < 8; i++ {
+			buffer[i] = buffer[i] ^ tBytes[i]
+		}
+		copy(r[t%n], buffer[8:])
+	}
+
+	out := make([]byte, (n+1)*8)
+	copy(out, buffer[:8])
+	for i := range r {
+		copy(out[(i+1)*8:], r[i])
+	}
+
+	return out, nil
+}
+
+// KeyUnwrap implements NIST key unwrapping; it unwraps a content encryption key (cek) with the given block cipher.
+func KeyUnwrap(block cipher.Block, ciphertext []byte) ([]byte, error) {
+	if len(ciphertext)%8 != 0 {
+		return nil, errors.New("go-jose/go-jose: key wrap input must be 8 byte blocks")
+	}
+
+	n := (len(ciphertext) / 8) - 1
+	r := make([][]byte, n)
+
+	for i := range r {
+		r[i] = make([]byte, 8)
+		copy(r[i], ciphertext[(i+1)*8:])
+	}
+
+	buffer := make([]byte, 16)
+	tBytes := make([]byte, 8)
+	copy(buffer[:8], ciphertext[:8])
+
+	for t := 6*n - 1; t >= 0; t-- {
+		binary.BigEndian.PutUint64(tBytes, uint64(t+1))
+
+		for i := 0; i < 8; i++ {
+			buffer[i] = buffer[i] ^ tBytes[i]
+		}
+		copy(buffer[8:], r[t%n])
+
+		block.Decrypt(buffer, buffer)
+
+		copy(r[t%n], buffer[8:])
+	}
+
+	if subtle.ConstantTimeCompare(buffer[:8], defaultIV) == 0 {
+		return nil, errors.New("go-jose/go-jose: failed to unwrap key")
+	}
+
+	out := make([]byte, n*8)
+	for i := range r {
+		copy(out[i*8:], r[i])
+	}
+
+	return out, nil
+}
diff --git a/vendor/gopkg.in/go-jose/go-jose.v2/crypter.go b/vendor/gopkg.in/go-jose/go-jose.v2/crypter.go
new file mode 100644
index 000000000..73aab0fab
--- /dev/null
+++ b/vendor/gopkg.in/go-jose/go-jose.v2/crypter.go
@@ -0,0 +1,542 @@
+/*-
+ * Copyright 2014 Square Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package jose
+
+import (
+	"crypto/ecdsa"
+	"crypto/rsa"
+	"errors"
+	"fmt"
+	"reflect"
+
+	"gopkg.in/go-jose/go-jose.v2/json"
+)
+
+// Encrypter represents an encrypter which produces an encrypted JWE object.
+type Encrypter interface {
+	Encrypt(plaintext []byte) (*JSONWebEncryption, error)
+	EncryptWithAuthData(plaintext []byte, aad []byte) (*JSONWebEncryption, error)
+	Options() EncrypterOptions
+}
+
+// A generic content cipher
+type contentCipher interface {
+	keySize() int
+	encrypt(cek []byte, aad, plaintext []byte) (*aeadParts, error)
+	decrypt(cek []byte, aad []byte, parts *aeadParts) ([]byte, error)
+}
+
+// A key generator (for generating/getting a CEK)
+type keyGenerator interface {
+	keySize() int
+	genKey() ([]byte, rawHeader, error)
+}
+
+// A generic key encrypter
+type keyEncrypter interface {
+	encryptKey(cek []byte, alg KeyAlgorithm) (recipientInfo, error) // Encrypt a key
+}
+
+// A generic key decrypter
+type keyDecrypter interface {
+	decryptKey(headers rawHeader, recipient *recipientInfo, generator keyGenerator) ([]byte, error) // Decrypt a key
+}
+
+// A generic encrypter based on the given key encrypter and content cipher.
+type genericEncrypter struct {
+	contentAlg     ContentEncryption
+	compressionAlg CompressionAlgorithm
+	cipher         contentCipher
+	recipients     []recipientKeyInfo
+	keyGenerator   keyGenerator
+	extraHeaders   map[HeaderKey]interface{}
+}
+
+type recipientKeyInfo struct {
+	keyID        string
+	keyAlg       KeyAlgorithm
+	keyEncrypter keyEncrypter
+}
+
+// EncrypterOptions represents options that can be set on new encrypters.
+type EncrypterOptions struct {
+	Compression CompressionAlgorithm
+
+	// Optional map of additional keys to be inserted into the protected header
+	// of a JWS object. Some specifications which make use of JWS like to insert
+	// additional values here. All values must be JSON-serializable.
+	ExtraHeaders map[HeaderKey]interface{}
+}
+
+// WithHeader adds an arbitrary value to the ExtraHeaders map, initializing it
+// if necessary. It returns itself and so can be used in a fluent style.
+func (eo *EncrypterOptions) WithHeader(k HeaderKey, v interface{}) *EncrypterOptions {
+	if eo.ExtraHeaders == nil {
+		eo.ExtraHeaders = map[HeaderKey]interface{}{}
+	}
+	eo.ExtraHeaders[k] = v
+	return eo
+}
+
+// WithContentType adds a content type ("cty") header and returns the updated
+// EncrypterOptions.
+func (eo *EncrypterOptions) WithContentType(contentType ContentType) *EncrypterOptions {
+	return eo.WithHeader(HeaderContentType, contentType)
+}
+
+// WithType adds a type ("typ") header and returns the updated EncrypterOptions.
+func (eo *EncrypterOptions) WithType(typ ContentType) *EncrypterOptions {
+	return eo.WithHeader(HeaderType, typ)
+}
+
+// Recipient represents an algorithm/key to encrypt messages to.
+//
+// PBES2Count and PBES2Salt correspond with the  "p2c" and "p2s" headers used
+// on the password-based encryption algorithms PBES2-HS256+A128KW,
+// PBES2-HS384+A192KW, and PBES2-HS512+A256KW. If they are not provided a safe
+// default of 100000 will be used for the count and a 128-bit random salt will
+// be generated.
+type Recipient struct {
+	Algorithm  KeyAlgorithm
+	Key        interface{}
+	KeyID      string
+	PBES2Count int
+	PBES2Salt  []byte
+}
+
+// NewEncrypter creates an appropriate encrypter based on the key type
+func NewEncrypter(enc ContentEncryption, rcpt Recipient, opts *EncrypterOptions) (Encrypter, error) {
+	encrypter := &genericEncrypter{
+		contentAlg: enc,
+		recipients: []recipientKeyInfo{},
+		cipher:     getContentCipher(enc),
+	}
+	if opts != nil {
+		encrypter.compressionAlg = opts.Compression
+		encrypter.extraHeaders = opts.ExtraHeaders
+	}
+
+	if encrypter.cipher == nil {
+		return nil, ErrUnsupportedAlgorithm
+	}
+
+	var keyID string
+	var rawKey interface{}
+	switch encryptionKey := rcpt.Key.(type) {
+	case JSONWebKey:
+		keyID, rawKey = encryptionKey.KeyID, encryptionKey.Key
+	case *JSONWebKey:
+		keyID, rawKey = encryptionKey.KeyID, encryptionKey.Key
+	case OpaqueKeyEncrypter:
+		keyID, rawKey = encryptionKey.KeyID(), encryptionKey
+	default:
+		rawKey = encryptionKey
+	}
+
+	switch rcpt.Algorithm {
+	case DIRECT:
+		// Direct encryption mode must be treated differently
+		if reflect.TypeOf(rawKey) != reflect.TypeOf([]byte{}) {
+			return nil, ErrUnsupportedKeyType
+		}
+		if encrypter.cipher.keySize() != len(rawKey.([]byte)) {
+			return nil, ErrInvalidKeySize
+		}
+		encrypter.keyGenerator = staticKeyGenerator{
+			key: rawKey.([]byte),
+		}
+		recipientInfo, _ := newSymmetricRecipient(rcpt.Algorithm, rawKey.([]byte))
+		recipientInfo.keyID = keyID
+		if rcpt.KeyID != "" {
+			recipientInfo.keyID = rcpt.KeyID
+		}
+		encrypter.recipients = []recipientKeyInfo{recipientInfo}
+		return encrypter, nil
+	case ECDH_ES:
+		// ECDH-ES (w/o key wrapping) is similar to DIRECT mode
+		typeOf := reflect.TypeOf(rawKey)
+		if typeOf != reflect.TypeOf(&ecdsa.PublicKey{}) {
+			return nil, ErrUnsupportedKeyType
+		}
+		encrypter.keyGenerator = ecKeyGenerator{
+			size:      encrypter.cipher.keySize(),
+			algID:     string(enc),
+			publicKey: rawKey.(*ecdsa.PublicKey),
+		}
+		recipientInfo, _ := newECDHRecipient(rcpt.Algorithm, rawKey.(*ecdsa.PublicKey))
+		recipientInfo.keyID = keyID
+		if rcpt.KeyID != "" {
+			recipientInfo.keyID = rcpt.KeyID
+		}
+		encrypter.recipients = []recipientKeyInfo{recipientInfo}
+		return encrypter, nil
+	default:
+		// Can just add a standard recipient
+		encrypter.keyGenerator = randomKeyGenerator{
+			size: encrypter.cipher.keySize(),
+		}
+		err := encrypter.addRecipient(rcpt)
+		return encrypter, err
+	}
+}
+
+// NewMultiEncrypter creates a multi-encrypter based on the given parameters
+func NewMultiEncrypter(enc ContentEncryption, rcpts []Recipient, opts *EncrypterOptions) (Encrypter, error) {
+	cipher := getContentCipher(enc)
+
+	if cipher == nil {
+		return nil, ErrUnsupportedAlgorithm
+	}
+	if rcpts == nil || len(rcpts) == 0 {
+		return nil, fmt.Errorf("go-jose/go-jose: recipients is nil or empty")
+	}
+
+	encrypter := &genericEncrypter{
+		contentAlg: enc,
+		recipients: []recipientKeyInfo{},
+		cipher:     cipher,
+		keyGenerator: randomKeyGenerator{
+			size: cipher.keySize(),
+		},
+	}
+
+	if opts != nil {
+		encrypter.compressionAlg = opts.Compression
+		encrypter.extraHeaders = opts.ExtraHeaders
+	}
+
+	for _, recipient := range rcpts {
+		err := encrypter.addRecipient(recipient)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	return encrypter, nil
+}
+
+func (ctx *genericEncrypter) addRecipient(recipient Recipient) (err error) {
+	var recipientInfo recipientKeyInfo
+
+	switch recipient.Algorithm {
+	case DIRECT, ECDH_ES:
+		return fmt.Errorf("go-jose/go-jose: key algorithm '%s' not supported in multi-recipient mode", recipient.Algorithm)
+	}
+
+	recipientInfo, err = makeJWERecipient(recipient.Algorithm, recipient.Key)
+	if recipient.KeyID != "" {
+		recipientInfo.keyID = recipient.KeyID
+	}
+
+	switch recipient.Algorithm {
+	case PBES2_HS256_A128KW, PBES2_HS384_A192KW, PBES2_HS512_A256KW:
+		if sr, ok := recipientInfo.keyEncrypter.(*symmetricKeyCipher); ok {
+			sr.p2c = recipient.PBES2Count
+			sr.p2s = recipient.PBES2Salt
+		}
+	}
+
+	if err == nil {
+		ctx.recipients = append(ctx.recipients, recipientInfo)
+	}
+	return err
+}
+
+func makeJWERecipient(alg KeyAlgorithm, encryptionKey interface{}) (recipientKeyInfo, error) {
+	switch encryptionKey := encryptionKey.(type) {
+	case *rsa.PublicKey:
+		return newRSARecipient(alg, encryptionKey)
+	case *ecdsa.PublicKey:
+		return newECDHRecipient(alg, encryptionKey)
+	case []byte:
+		return newSymmetricRecipient(alg, encryptionKey)
+	case string:
+		return newSymmetricRecipient(alg, []byte(encryptionKey))
+	case *JSONWebKey:
+		recipient, err := makeJWERecipient(alg, encryptionKey.Key)
+		recipient.keyID = encryptionKey.KeyID
+		return recipient, err
+	}
+	if encrypter, ok := encryptionKey.(OpaqueKeyEncrypter); ok {
+		return newOpaqueKeyEncrypter(alg, encrypter)
+	}
+	return recipientKeyInfo{}, ErrUnsupportedKeyType
+}
+
+// newDecrypter creates an appropriate decrypter based on the key type
+func newDecrypter(decryptionKey interface{}) (keyDecrypter, error) {
+	switch decryptionKey := decryptionKey.(type) {
+	case *rsa.PrivateKey:
+		return &rsaDecrypterSigner{
+			privateKey: decryptionKey,
+		}, nil
+	case *ecdsa.PrivateKey:
+		return &ecDecrypterSigner{
+			privateKey: decryptionKey,
+		}, nil
+	case []byte:
+		return &symmetricKeyCipher{
+			key: decryptionKey,
+		}, nil
+	case string:
+		return &symmetricKeyCipher{
+			key: []byte(decryptionKey),
+		}, nil
+	case JSONWebKey:
+		return newDecrypter(decryptionKey.Key)
+	case *JSONWebKey:
+		return newDecrypter(decryptionKey.Key)
+	}
+	if okd, ok := decryptionKey.(OpaqueKeyDecrypter); ok {
+		return &opaqueKeyDecrypter{decrypter: okd}, nil
+	}
+	return nil, ErrUnsupportedKeyType
+}
+
+// Implementation of encrypt method producing a JWE object.
+func (ctx *genericEncrypter) Encrypt(plaintext []byte) (*JSONWebEncryption, error) {
+	return ctx.EncryptWithAuthData(plaintext, nil)
+}
+
+// Implementation of encrypt method producing a JWE object.
+func (ctx *genericEncrypter) EncryptWithAuthData(plaintext, aad []byte) (*JSONWebEncryption, error) {
+	obj := &JSONWebEncryption{}
+	obj.aad = aad
+
+	obj.protected = &rawHeader{}
+	err := obj.protected.set(headerEncryption, ctx.contentAlg)
+	if err != nil {
+		return nil, err
+	}
+
+	obj.recipients = make([]recipientInfo, len(ctx.recipients))
+
+	if len(ctx.recipients) == 0 {
+		return nil, fmt.Errorf("go-jose/go-jose: no recipients to encrypt to")
+	}
+
+	cek, headers, err := ctx.keyGenerator.genKey()
+	if err != nil {
+		return nil, err
+	}
+
+	obj.protected.merge(&headers)
+
+	for i, info := range ctx.recipients {
+		recipient, err := info.keyEncrypter.encryptKey(cek, info.keyAlg)
+		if err != nil {
+			return nil, err
+		}
+
+		err = recipient.header.set(headerAlgorithm, info.keyAlg)
+		if err != nil {
+			return nil, err
+		}
+
+		if info.keyID != "" {
+			err = recipient.header.set(headerKeyID, info.keyID)
+			if err != nil {
+				return nil, err
+			}
+		}
+		obj.recipients[i] = recipient
+	}
+
+	if len(ctx.recipients) == 1 {
+		// Move per-recipient headers into main protected header if there's
+		// only a single recipient.
+		obj.protected.merge(obj.recipients[0].header)
+		obj.recipients[0].header = nil
+	}
+
+	if ctx.compressionAlg != NONE {
+		plaintext, err = compress(ctx.compressionAlg, plaintext)
+		if err != nil {
+			return nil, err
+		}
+
+		err = obj.protected.set(headerCompression, ctx.compressionAlg)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	for k, v := range ctx.extraHeaders {
+		b, err := json.Marshal(v)
+		if err != nil {
+			return nil, err
+		}
+		(*obj.protected)[k] = makeRawMessage(b)
+	}
+
+	authData := obj.computeAuthData()
+	parts, err := ctx.cipher.encrypt(cek, authData, plaintext)
+	if err != nil {
+		return nil, err
+	}
+
+	obj.iv = parts.iv
+	obj.ciphertext = parts.ciphertext
+	obj.tag = parts.tag
+
+	return obj, nil
+}
+
+func (ctx *genericEncrypter) Options() EncrypterOptions {
+	return EncrypterOptions{
+		Compression:  ctx.compressionAlg,
+		ExtraHeaders: ctx.extraHeaders,
+	}
+}
+
+// Decrypt and validate the object and return the plaintext. Note that this
+// function does not support multi-recipient, if you desire multi-recipient
+// decryption use DecryptMulti instead.
+func (obj JSONWebEncryption) Decrypt(decryptionKey interface{}) ([]byte, error) {
+	headers := obj.mergedHeaders(nil)
+
+	if len(obj.recipients) > 1 {
+		return nil, errors.New("go-jose/go-jose: too many recipients in payload; expecting only one")
+	}
+
+	critical, err := headers.getCritical()
+	if err != nil {
+		return nil, fmt.Errorf("go-jose/go-jose: invalid crit header")
+	}
+
+	if len(critical) > 0 {
+		return nil, fmt.Errorf("go-jose/go-jose: unsupported crit header")
+	}
+
+	decrypter, err := newDecrypter(decryptionKey)
+	if err != nil {
+		return nil, err
+	}
+
+	cipher := getContentCipher(headers.getEncryption())
+	if cipher == nil {
+		return nil, fmt.Errorf("go-jose/go-jose: unsupported enc value '%s'", string(headers.getEncryption()))
+	}
+
+	generator := randomKeyGenerator{
+		size: cipher.keySize(),
+	}
+
+	parts := &aeadParts{
+		iv:         obj.iv,
+		ciphertext: obj.ciphertext,
+		tag:        obj.tag,
+	}
+
+	authData := obj.computeAuthData()
+
+	var plaintext []byte
+	recipient := obj.recipients[0]
+	recipientHeaders := obj.mergedHeaders(&recipient)
+
+	cek, err := decrypter.decryptKey(recipientHeaders, &recipient, generator)
+	if err == nil {
+		// Found a valid CEK -- let's try to decrypt.
+		plaintext, err = cipher.decrypt(cek, authData, parts)
+	}
+
+	if plaintext == nil {
+		return nil, ErrCryptoFailure
+	}
+
+	// The "zip" header parameter may only be present in the protected header.
+	if comp := obj.protected.getCompression(); comp != "" {
+		plaintext, err = decompress(comp, plaintext)
+	}
+
+	return plaintext, err
+}
+
+// DecryptMulti decrypts and validates the object and returns the plaintexts,
+// with support for multiple recipients. It returns the index of the recipient
+// for which the decryption was successful, the merged headers for that recipient,
+// and the plaintext.
+func (obj JSONWebEncryption) DecryptMulti(decryptionKey interface{}) (int, Header, []byte, error) {
+	globalHeaders := obj.mergedHeaders(nil)
+
+	critical, err := globalHeaders.getCritical()
+	if err != nil {
+		return -1, Header{}, nil, fmt.Errorf("go-jose/go-jose: invalid crit header")
+	}
+
+	if len(critical) > 0 {
+		return -1, Header{}, nil, fmt.Errorf("go-jose/go-jose: unsupported crit header")
+	}
+
+	decrypter, err := newDecrypter(decryptionKey)
+	if err != nil {
+		return -1, Header{}, nil, err
+	}
+
+	encryption := globalHeaders.getEncryption()
+	cipher := getContentCipher(encryption)
+	if cipher == nil {
+		return -1, Header{}, nil, fmt.Errorf("go-jose/go-jose: unsupported enc value '%s'", string(encryption))
+	}
+
+	generator := randomKeyGenerator{
+		size: cipher.keySize(),
+	}
+
+	parts := &aeadParts{
+		iv:         obj.iv,
+		ciphertext: obj.ciphertext,
+		tag:        obj.tag,
+	}
+
+	authData := obj.computeAuthData()
+
+	index := -1
+	var plaintext []byte
+	var headers rawHeader
+
+	for i, recipient := range obj.recipients {
+		recipientHeaders := obj.mergedHeaders(&recipient)
+
+		cek, err := decrypter.decryptKey(recipientHeaders, &recipient, generator)
+		if err == nil {
+			// Found a valid CEK -- let's try to decrypt.
+			plaintext, err = cipher.decrypt(cek, authData, parts)
+			if err == nil {
+				index = i
+				headers = recipientHeaders
+				break
+			}
+		}
+	}
+
+	if plaintext == nil || err != nil {
+		return -1, Header{}, nil, ErrCryptoFailure
+	}
+
+	// The "zip" header parameter may only be present in the protected header.
+	if comp := obj.protected.getCompression(); comp != "" {
+		plaintext, err = decompress(comp, plaintext)
+	}
+
+	sanitized, err := headers.sanitized()
+	if err != nil {
+		return -1, Header{}, nil, fmt.Errorf("go-jose/go-jose: failed to sanitize header: %v", err)
+	}
+
+	return index, sanitized, plaintext, err
+}
diff --git a/vendor/gopkg.in/go-jose/go-jose.v2/doc.go b/vendor/gopkg.in/go-jose/go-jose.v2/doc.go
new file mode 100644
index 000000000..dd1387f3f
--- /dev/null
+++ b/vendor/gopkg.in/go-jose/go-jose.v2/doc.go
@@ -0,0 +1,27 @@
+/*-
+ * Copyright 2014 Square Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/*
+
+Package jose aims to provide an implementation of the Javascript Object Signing
+and Encryption set of standards. It implements encryption and signing based on
+the JSON Web Encryption and JSON Web Signature standards, with optional JSON
+Web Token support available in a sub-package. The library supports both the
+compact and full serialization formats, and has optional support for multiple
+recipients.
+
+*/
+package jose
diff --git a/vendor/gopkg.in/go-jose/go-jose.v2/encoding.go b/vendor/gopkg.in/go-jose/go-jose.v2/encoding.go
new file mode 100644
index 000000000..40b688b3d
--- /dev/null
+++ b/vendor/gopkg.in/go-jose/go-jose.v2/encoding.go
@@ -0,0 +1,185 @@
+/*-
+ * Copyright 2014 Square Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package jose
+
+import (
+	"bytes"
+	"compress/flate"
+	"encoding/base64"
+	"encoding/binary"
+	"io"
+	"math/big"
+	"strings"
+	"unicode"
+
+	"gopkg.in/go-jose/go-jose.v2/json"
+)
+
+// Helper function to serialize known-good objects.
+// Precondition: value is not a nil pointer.
+func mustSerializeJSON(value interface{}) []byte {
+	out, err := json.Marshal(value)
+	if err != nil {
+		panic(err)
+	}
+	// We never want to serialize the top-level value "null," since it's not a
+	// valid JOSE message. But if a caller passes in a nil pointer to this method,
+	// MarshalJSON will happily serialize it as the top-level value "null". If
+	// that value is then embedded in another operation, for instance by being
+	// base64-encoded and fed as input to a signing algorithm
+	// (https://github.com/go-jose/go-jose/issues/22), the result will be
+	// incorrect. Because this method is intended for known-good objects, and a nil
+	// pointer is not a known-good object, we are free to panic in this case.
+	// Note: It's not possible to directly check whether the data pointed at by an
+	// interface is a nil pointer, so we do this hacky workaround.
+	// https://groups.google.com/forum/#!topic/golang-nuts/wnH302gBa4I
+	if string(out) == "null" {
+		panic("Tried to serialize a nil pointer.")
+	}
+	return out
+}
+
+// Strip all newlines and whitespace
+func stripWhitespace(data string) string {
+	buf := strings.Builder{}
+	buf.Grow(len(data))
+	for _, r := range data {
+		if !unicode.IsSpace(r) {
+			buf.WriteRune(r)
+		}
+	}
+	return buf.String()
+}
+
+// Perform compression based on algorithm
+func compress(algorithm CompressionAlgorithm, input []byte) ([]byte, error) {
+	switch algorithm {
+	case DEFLATE:
+		return deflate(input)
+	default:
+		return nil, ErrUnsupportedAlgorithm
+	}
+}
+
+// Perform decompression based on algorithm
+func decompress(algorithm CompressionAlgorithm, input []byte) ([]byte, error) {
+	switch algorithm {
+	case DEFLATE:
+		return inflate(input)
+	default:
+		return nil, ErrUnsupportedAlgorithm
+	}
+}
+
+// Compress with DEFLATE
+func deflate(input []byte) ([]byte, error) {
+	output := new(bytes.Buffer)
+
+	// Writing to byte buffer, err is always nil
+	writer, _ := flate.NewWriter(output, 1)
+	_, _ = io.Copy(writer, bytes.NewBuffer(input))
+
+	err := writer.Close()
+	return output.Bytes(), err
+}
+
+// Decompress with DEFLATE
+func inflate(input []byte) ([]byte, error) {
+	output := new(bytes.Buffer)
+	reader := flate.NewReader(bytes.NewBuffer(input))
+
+	_, err := io.Copy(output, reader)
+	if err != nil {
+		return nil, err
+	}
+
+	err = reader.Close()
+	return output.Bytes(), err
+}
+
+// byteBuffer represents a slice of bytes that can be serialized to url-safe base64.
+type byteBuffer struct {
+	data []byte
+}
+
+func newBuffer(data []byte) *byteBuffer {
+	if data == nil {
+		return nil
+	}
+	return &byteBuffer{
+		data: data,
+	}
+}
+
+func newFixedSizeBuffer(data []byte, length int) *byteBuffer {
+	if len(data) > length {
+		panic("go-jose/go-jose: invalid call to newFixedSizeBuffer (len(data) > length)")
+	}
+	pad := make([]byte, length-len(data))
+	return newBuffer(append(pad, data...))
+}
+
+func newBufferFromInt(num uint64) *byteBuffer {
+	data := make([]byte, 8)
+	binary.BigEndian.PutUint64(data, num)
+	return newBuffer(bytes.TrimLeft(data, "\x00"))
+}
+
+func (b *byteBuffer) MarshalJSON() ([]byte, error) {
+	return json.Marshal(b.base64())
+}
+
+func (b *byteBuffer) UnmarshalJSON(data []byte) error {
+	var encoded string
+	err := json.Unmarshal(data, &encoded)
+	if err != nil {
+		return err
+	}
+
+	if encoded == "" {
+		return nil
+	}
+
+	decoded, err := base64.RawURLEncoding.DecodeString(encoded)
+	if err != nil {
+		return err
+	}
+
+	*b = *newBuffer(decoded)
+
+	return nil
+}
+
+func (b *byteBuffer) base64() string {
+	return base64.RawURLEncoding.EncodeToString(b.data)
+}
+
+func (b *byteBuffer) bytes() []byte {
+	// Handling nil here allows us to transparently handle nil slices when serializing.
+	if b == nil {
+		return nil
+	}
+	return b.data
+}
+
+func (b byteBuffer) bigInt() *big.Int {
+	return new(big.Int).SetBytes(b.data)
+}
+
+func (b byteBuffer) toInt() int {
+	return int(b.bigInt().Int64())
+}
diff --git a/vendor/gopkg.in/go-jose/go-jose.v2/json/LICENSE b/vendor/gopkg.in/go-jose/go-jose.v2/json/LICENSE
new file mode 100644
index 000000000..744875676
--- /dev/null
+++ b/vendor/gopkg.in/go-jose/go-jose.v2/json/LICENSE
@@ -0,0 +1,27 @@
+Copyright (c) 2012 The Go Authors. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+   * Redistributions of source code must retain the above copyright
+notice, this list of conditions and the following disclaimer.
+   * Redistributions in binary form must reproduce the above
+copyright notice, this list of conditions and the following disclaimer
+in the documentation and/or other materials provided with the
+distribution.
+   * Neither the name of Google Inc. nor the names of its
+contributors may be used to endorse or promote products derived from
+this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/vendor/gopkg.in/go-jose/go-jose.v2/json/README.md b/vendor/gopkg.in/go-jose/go-jose.v2/json/README.md
new file mode 100644
index 000000000..86de5e558
--- /dev/null
+++ b/vendor/gopkg.in/go-jose/go-jose.v2/json/README.md
@@ -0,0 +1,13 @@
+# Safe JSON
+
+This repository contains a fork of the `encoding/json` package from Go 1.6.
+
+The following changes were made:
+
+* Object deserialization uses case-sensitive member name matching instead of
+  [case-insensitive matching](https://www.ietf.org/mail-archive/web/json/current/msg03763.html).
+  This is to avoid differences in the interpretation of JOSE messages between
+  go-jose and libraries written in other languages.
+* When deserializing a JSON object, we check for duplicate keys and reject the
+  input whenever we detect a duplicate. Rather than trying to work with malformed
+  data, we prefer to reject it right away.
diff --git a/vendor/gopkg.in/go-jose/go-jose.v2/json/decode.go b/vendor/gopkg.in/go-jose/go-jose.v2/json/decode.go
new file mode 100644
index 000000000..4dbc4146c
--- /dev/null
+++ b/vendor/gopkg.in/go-jose/go-jose.v2/json/decode.go
@@ -0,0 +1,1217 @@
+// Copyright 2010 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Represents JSON data structure using native Go types: booleans, floats,
+// strings, arrays, and maps.
+
+package json
+
+import (
+	"bytes"
+	"encoding"
+	"encoding/base64"
+	"errors"
+	"fmt"
+	"math"
+	"reflect"
+	"runtime"
+	"strconv"
+	"unicode"
+	"unicode/utf16"
+	"unicode/utf8"
+)
+
+// Unmarshal parses the JSON-encoded data and stores the result
+// in the value pointed to by v.
+//
+// Unmarshal uses the inverse of the encodings that
+// Marshal uses, allocating maps, slices, and pointers as necessary,
+// with the following additional rules:
+//
+// To unmarshal JSON into a pointer, Unmarshal first handles the case of
+// the JSON being the JSON literal null.  In that case, Unmarshal sets
+// the pointer to nil.  Otherwise, Unmarshal unmarshals the JSON into
+// the value pointed at by the pointer.  If the pointer is nil, Unmarshal
+// allocates a new value for it to point to.
+//
+// To unmarshal JSON into a struct, Unmarshal matches incoming object
+// keys to the keys used by Marshal (either the struct field name or its tag),
+// preferring an exact match but also accepting a case-insensitive match.
+// Unmarshal will only set exported fields of the struct.
+//
+// To unmarshal JSON into an interface value,
+// Unmarshal stores one of these in the interface value:
+//
+//	bool, for JSON booleans
+//	float64, for JSON numbers
+//	string, for JSON strings
+//	[]interface{}, for JSON arrays
+//	map[string]interface{}, for JSON objects
+//	nil for JSON null
+//
+// To unmarshal a JSON array into a slice, Unmarshal resets the slice length
+// to zero and then appends each element to the slice.
+// As a special case, to unmarshal an empty JSON array into a slice,
+// Unmarshal replaces the slice with a new empty slice.
+//
+// To unmarshal a JSON array into a Go array, Unmarshal decodes
+// JSON array elements into corresponding Go array elements.
+// If the Go array is smaller than the JSON array,
+// the additional JSON array elements are discarded.
+// If the JSON array is smaller than the Go array,
+// the additional Go array elements are set to zero values.
+//
+// To unmarshal a JSON object into a string-keyed map, Unmarshal first
+// establishes a map to use, If the map is nil, Unmarshal allocates a new map.
+// Otherwise Unmarshal reuses the existing map, keeping existing entries.
+// Unmarshal then stores key-value pairs from the JSON object into the map.
+//
+// If a JSON value is not appropriate for a given target type,
+// or if a JSON number overflows the target type, Unmarshal
+// skips that field and completes the unmarshaling as best it can.
+// If no more serious errors are encountered, Unmarshal returns
+// an UnmarshalTypeError describing the earliest such error.
+//
+// The JSON null value unmarshals into an interface, map, pointer, or slice
+// by setting that Go value to nil. Because null is often used in JSON to mean
+// ``not present,'' unmarshaling a JSON null into any other Go type has no effect
+// on the value and produces no error.
+//
+// When unmarshaling quoted strings, invalid UTF-8 or
+// invalid UTF-16 surrogate pairs are not treated as an error.
+// Instead, they are replaced by the Unicode replacement
+// character U+FFFD.
+//
+func Unmarshal(data []byte, v interface{}) error {
+	// Check for well-formedness.
+	// Avoids filling out half a data structure
+	// before discovering a JSON syntax error.
+	var d decodeState
+	err := checkValid(data, &d.scan)
+	if err != nil {
+		return err
+	}
+
+	d.init(data)
+	return d.unmarshal(v)
+}
+
+// Unmarshaler is the interface implemented by objects
+// that can unmarshal a JSON description of themselves.
+// The input can be assumed to be a valid encoding of
+// a JSON value. UnmarshalJSON must copy the JSON data
+// if it wishes to retain the data after returning.
+type Unmarshaler interface {
+	UnmarshalJSON([]byte) error
+}
+
+// An UnmarshalTypeError describes a JSON value that was
+// not appropriate for a value of a specific Go type.
+type UnmarshalTypeError struct {
+	Value  string       // description of JSON value - "bool", "array", "number -5"
+	Type   reflect.Type // type of Go value it could not be assigned to
+	Offset int64        // error occurred after reading Offset bytes
+}
+
+func (e *UnmarshalTypeError) Error() string {
+	return "json: cannot unmarshal " + e.Value + " into Go value of type " + e.Type.String()
+}
+
+// An UnmarshalFieldError describes a JSON object key that
+// led to an unexported (and therefore unwritable) struct field.
+// (No longer used; kept for compatibility.)
+type UnmarshalFieldError struct {
+	Key   string
+	Type  reflect.Type
+	Field reflect.StructField
+}
+
+func (e *UnmarshalFieldError) Error() string {
+	return "json: cannot unmarshal object key " + strconv.Quote(e.Key) + " into unexported field " + e.Field.Name + " of type " + e.Type.String()
+}
+
+// An InvalidUnmarshalError describes an invalid argument passed to Unmarshal.
+// (The argument to Unmarshal must be a non-nil pointer.)
+type InvalidUnmarshalError struct {
+	Type reflect.Type
+}
+
+func (e *InvalidUnmarshalError) Error() string {
+	if e.Type == nil {
+		return "json: Unmarshal(nil)"
+	}
+
+	if e.Type.Kind() != reflect.Ptr {
+		return "json: Unmarshal(non-pointer " + e.Type.String() + ")"
+	}
+	return "json: Unmarshal(nil " + e.Type.String() + ")"
+}
+
+func (d *decodeState) unmarshal(v interface{}) (err error) {
+	defer func() {
+		if r := recover(); r != nil {
+			if _, ok := r.(runtime.Error); ok {
+				panic(r)
+			}
+			err = r.(error)
+		}
+	}()
+
+	rv := reflect.ValueOf(v)
+	if rv.Kind() != reflect.Ptr || rv.IsNil() {
+		return &InvalidUnmarshalError{reflect.TypeOf(v)}
+	}
+
+	d.scan.reset()
+	// We decode rv not rv.Elem because the Unmarshaler interface
+	// test must be applied at the top level of the value.
+	d.value(rv)
+	return d.savedError
+}
+
+// A Number represents a JSON number literal.
+type Number string
+
+// String returns the literal text of the number.
+func (n Number) String() string { return string(n) }
+
+// Float64 returns the number as a float64.
+func (n Number) Float64() (float64, error) {
+	return strconv.ParseFloat(string(n), 64)
+}
+
+// Int64 returns the number as an int64.
+func (n Number) Int64() (int64, error) {
+	return strconv.ParseInt(string(n), 10, 64)
+}
+
+// isValidNumber reports whether s is a valid JSON number literal.
+func isValidNumber(s string) bool {
+	// This function implements the JSON numbers grammar.
+	// See https://tools.ietf.org/html/rfc7159#section-6
+	// and http://json.org/number.gif
+
+	if s == "" {
+		return false
+	}
+
+	// Optional -
+	if s[0] == '-' {
+		s = s[1:]
+		if s == "" {
+			return false
+		}
+	}
+
+	// Digits
+	switch {
+	default:
+		return false
+
+	case s[0] == '0':
+		s = s[1:]
+
+	case '1' <= s[0] && s[0] <= '9':
+		s = s[1:]
+		for len(s) > 0 && '0' <= s[0] && s[0] <= '9' {
+			s = s[1:]
+		}
+	}
+
+	// . followed by 1 or more digits.
+	if len(s) >= 2 && s[0] == '.' && '0' <= s[1] && s[1] <= '9' {
+		s = s[2:]
+		for len(s) > 0 && '0' <= s[0] && s[0] <= '9' {
+			s = s[1:]
+		}
+	}
+
+	// e or E followed by an optional - or + and
+	// 1 or more digits.
+	if len(s) >= 2 && (s[0] == 'e' || s[0] == 'E') {
+		s = s[1:]
+		if s[0] == '+' || s[0] == '-' {
+			s = s[1:]
+			if s == "" {
+				return false
+			}
+		}
+		for len(s) > 0 && '0' <= s[0] && s[0] <= '9' {
+			s = s[1:]
+		}
+	}
+
+	// Make sure we are at the end.
+	return s == ""
+}
+
+type NumberUnmarshalType int
+
+const (
+	// unmarshal a JSON number into an interface{} as a float64
+	UnmarshalFloat NumberUnmarshalType = iota
+	// unmarshal a JSON number into an interface{} as a `json.Number`
+	UnmarshalJSONNumber
+	// unmarshal a JSON number into an interface{} as a int64
+	// if value is an integer otherwise float64
+	UnmarshalIntOrFloat
+)
+
+// decodeState represents the state while decoding a JSON value.
+type decodeState struct {
+	data       []byte
+	off        int // read offset in data
+	scan       scanner
+	nextscan   scanner // for calls to nextValue
+	savedError error
+	numberType NumberUnmarshalType
+}
+
+// errPhase is used for errors that should not happen unless
+// there is a bug in the JSON decoder or something is editing
+// the data slice while the decoder executes.
+var errPhase = errors.New("JSON decoder out of sync - data changing underfoot?")
+
+func (d *decodeState) init(data []byte) *decodeState {
+	d.data = data
+	d.off = 0
+	d.savedError = nil
+	return d
+}
+
+// error aborts the decoding by panicking with err.
+func (d *decodeState) error(err error) {
+	panic(err)
+}
+
+// saveError saves the first err it is called with,
+// for reporting at the end of the unmarshal.
+func (d *decodeState) saveError(err error) {
+	if d.savedError == nil {
+		d.savedError = err
+	}
+}
+
+// next cuts off and returns the next full JSON value in d.data[d.off:].
+// The next value is known to be an object or array, not a literal.
+func (d *decodeState) next() []byte {
+	c := d.data[d.off]
+	item, rest, err := nextValue(d.data[d.off:], &d.nextscan)
+	if err != nil {
+		d.error(err)
+	}
+	d.off = len(d.data) - len(rest)
+
+	// Our scanner has seen the opening brace/bracket
+	// and thinks we're still in the middle of the object.
+	// invent a closing brace/bracket to get it out.
+	if c == '{' {
+		d.scan.step(&d.scan, '}')
+	} else {
+		d.scan.step(&d.scan, ']')
+	}
+
+	return item
+}
+
+// scanWhile processes bytes in d.data[d.off:] until it
+// receives a scan code not equal to op.
+// It updates d.off and returns the new scan code.
+func (d *decodeState) scanWhile(op int) int {
+	var newOp int
+	for {
+		if d.off >= len(d.data) {
+			newOp = d.scan.eof()
+			d.off = len(d.data) + 1 // mark processed EOF with len+1
+		} else {
+			c := d.data[d.off]
+			d.off++
+			newOp = d.scan.step(&d.scan, c)
+		}
+		if newOp != op {
+			break
+		}
+	}
+	return newOp
+}
+
+// value decodes a JSON value from d.data[d.off:] into the value.
+// it updates d.off to point past the decoded value.
+func (d *decodeState) value(v reflect.Value) {
+	if !v.IsValid() {
+		_, rest, err := nextValue(d.data[d.off:], &d.nextscan)
+		if err != nil {
+			d.error(err)
+		}
+		d.off = len(d.data) - len(rest)
+
+		// d.scan thinks we're still at the beginning of the item.
+		// Feed in an empty string - the shortest, simplest value -
+		// so that it knows we got to the end of the value.
+		if d.scan.redo {
+			// rewind.
+			d.scan.redo = false
+			d.scan.step = stateBeginValue
+		}
+		d.scan.step(&d.scan, '"')
+		d.scan.step(&d.scan, '"')
+
+		n := len(d.scan.parseState)
+		if n > 0 && d.scan.parseState[n-1] == parseObjectKey {
+			// d.scan thinks we just read an object key; finish the object
+			d.scan.step(&d.scan, ':')
+			d.scan.step(&d.scan, '"')
+			d.scan.step(&d.scan, '"')
+			d.scan.step(&d.scan, '}')
+		}
+
+		return
+	}
+
+	switch op := d.scanWhile(scanSkipSpace); op {
+	default:
+		d.error(errPhase)
+
+	case scanBeginArray:
+		d.array(v)
+
+	case scanBeginObject:
+		d.object(v)
+
+	case scanBeginLiteral:
+		d.literal(v)
+	}
+}
+
+type unquotedValue struct{}
+
+// valueQuoted is like value but decodes a
+// quoted string literal or literal null into an interface value.
+// If it finds anything other than a quoted string literal or null,
+// valueQuoted returns unquotedValue{}.
+func (d *decodeState) valueQuoted() interface{} {
+	switch op := d.scanWhile(scanSkipSpace); op {
+	default:
+		d.error(errPhase)
+
+	case scanBeginArray:
+		d.array(reflect.Value{})
+
+	case scanBeginObject:
+		d.object(reflect.Value{})
+
+	case scanBeginLiteral:
+		switch v := d.literalInterface().(type) {
+		case nil, string:
+			return v
+		}
+	}
+	return unquotedValue{}
+}
+
+// indirect walks down v allocating pointers as needed,
+// until it gets to a non-pointer.
+// if it encounters an Unmarshaler, indirect stops and returns that.
+// if decodingNull is true, indirect stops at the last pointer so it can be set to nil.
+func (d *decodeState) indirect(v reflect.Value, decodingNull bool) (Unmarshaler, encoding.TextUnmarshaler, reflect.Value) {
+	// If v is a named type and is addressable,
+	// start with its address, so that if the type has pointer methods,
+	// we find them.
+	if v.Kind() != reflect.Ptr && v.Type().Name() != "" && v.CanAddr() {
+		v = v.Addr()
+	}
+	for {
+		// Load value from interface, but only if the result will be
+		// usefully addressable.
+		if v.Kind() == reflect.Interface && !v.IsNil() {
+			e := v.Elem()
+			if e.Kind() == reflect.Ptr && !e.IsNil() && (!decodingNull || e.Elem().Kind() == reflect.Ptr) {
+				v = e
+				continue
+			}
+		}
+
+		if v.Kind() != reflect.Ptr {
+			break
+		}
+
+		if v.Elem().Kind() != reflect.Ptr && decodingNull && v.CanSet() {
+			break
+		}
+		if v.IsNil() {
+			v.Set(reflect.New(v.Type().Elem()))
+		}
+		if v.Type().NumMethod() > 0 {
+			if u, ok := v.Interface().(Unmarshaler); ok {
+				return u, nil, reflect.Value{}
+			}
+			if u, ok := v.Interface().(encoding.TextUnmarshaler); ok {
+				return nil, u, reflect.Value{}
+			}
+		}
+		v = v.Elem()
+	}
+	return nil, nil, v
+}
+
+// array consumes an array from d.data[d.off-1:], decoding into the value v.
+// the first byte of the array ('[') has been read already.
+func (d *decodeState) array(v reflect.Value) {
+	// Check for unmarshaler.
+	u, ut, pv := d.indirect(v, false)
+	if u != nil {
+		d.off--
+		err := u.UnmarshalJSON(d.next())
+		if err != nil {
+			d.error(err)
+		}
+		return
+	}
+	if ut != nil {
+		d.saveError(&UnmarshalTypeError{"array", v.Type(), int64(d.off)})
+		d.off--
+		d.next()
+		return
+	}
+
+	v = pv
+
+	// Check type of target.
+	switch v.Kind() {
+	case reflect.Interface:
+		if v.NumMethod() == 0 {
+			// Decoding into nil interface?  Switch to non-reflect code.
+			v.Set(reflect.ValueOf(d.arrayInterface()))
+			return
+		}
+		// Otherwise it's invalid.
+		fallthrough
+	default:
+		d.saveError(&UnmarshalTypeError{"array", v.Type(), int64(d.off)})
+		d.off--
+		d.next()
+		return
+	case reflect.Array:
+	case reflect.Slice:
+		break
+	}
+
+	i := 0
+	for {
+		// Look ahead for ] - can only happen on first iteration.
+		op := d.scanWhile(scanSkipSpace)
+		if op == scanEndArray {
+			break
+		}
+
+		// Back up so d.value can have the byte we just read.
+		d.off--
+		d.scan.undo(op)
+
+		// Get element of array, growing if necessary.
+		if v.Kind() == reflect.Slice {
+			// Grow slice if necessary
+			if i >= v.Cap() {
+				newcap := v.Cap() + v.Cap()/2
+				if newcap < 4 {
+					newcap = 4
+				}
+				newv := reflect.MakeSlice(v.Type(), v.Len(), newcap)
+				reflect.Copy(newv, v)
+				v.Set(newv)
+			}
+			if i >= v.Len() {
+				v.SetLen(i + 1)
+			}
+		}
+
+		if i < v.Len() {
+			// Decode into element.
+			d.value(v.Index(i))
+		} else {
+			// Ran out of fixed array: skip.
+			d.value(reflect.Value{})
+		}
+		i++
+
+		// Next token must be , or ].
+		op = d.scanWhile(scanSkipSpace)
+		if op == scanEndArray {
+			break
+		}
+		if op != scanArrayValue {
+			d.error(errPhase)
+		}
+	}
+
+	if i < v.Len() {
+		if v.Kind() == reflect.Array {
+			// Array.  Zero the rest.
+			z := reflect.Zero(v.Type().Elem())
+			for ; i < v.Len(); i++ {
+				v.Index(i).Set(z)
+			}
+		} else {
+			v.SetLen(i)
+		}
+	}
+	if i == 0 && v.Kind() == reflect.Slice {
+		v.Set(reflect.MakeSlice(v.Type(), 0, 0))
+	}
+}
+
+var nullLiteral = []byte("null")
+
+// object consumes an object from d.data[d.off-1:], decoding into the value v.
+// the first byte ('{') of the object has been read already.
+func (d *decodeState) object(v reflect.Value) {
+	// Check for unmarshaler.
+	u, ut, pv := d.indirect(v, false)
+	if u != nil {
+		d.off--
+		err := u.UnmarshalJSON(d.next())
+		if err != nil {
+			d.error(err)
+		}
+		return
+	}
+	if ut != nil {
+		d.saveError(&UnmarshalTypeError{"object", v.Type(), int64(d.off)})
+		d.off--
+		d.next() // skip over { } in input
+		return
+	}
+	v = pv
+
+	// Decoding into nil interface?  Switch to non-reflect code.
+	if v.Kind() == reflect.Interface && v.NumMethod() == 0 {
+		v.Set(reflect.ValueOf(d.objectInterface()))
+		return
+	}
+
+	// Check type of target: struct or map[string]T
+	switch v.Kind() {
+	case reflect.Map:
+		// map must have string kind
+		t := v.Type()
+		if t.Key().Kind() != reflect.String {
+			d.saveError(&UnmarshalTypeError{"object", v.Type(), int64(d.off)})
+			d.off--
+			d.next() // skip over { } in input
+			return
+		}
+		if v.IsNil() {
+			v.Set(reflect.MakeMap(t))
+		}
+	case reflect.Struct:
+
+	default:
+		d.saveError(&UnmarshalTypeError{"object", v.Type(), int64(d.off)})
+		d.off--
+		d.next() // skip over { } in input
+		return
+	}
+
+	var mapElem reflect.Value
+	keys := map[string]bool{}
+
+	for {
+		// Read opening " of string key or closing }.
+		op := d.scanWhile(scanSkipSpace)
+		if op == scanEndObject {
+			// closing } - can only happen on first iteration.
+			break
+		}
+		if op != scanBeginLiteral {
+			d.error(errPhase)
+		}
+
+		// Read key.
+		start := d.off - 1
+		op = d.scanWhile(scanContinue)
+		item := d.data[start : d.off-1]
+		key, ok := unquote(item)
+		if !ok {
+			d.error(errPhase)
+		}
+
+		// Check for duplicate keys.
+		_, ok = keys[key]
+		if !ok {
+			keys[key] = true
+		} else {
+			d.error(fmt.Errorf("json: duplicate key '%s' in object", key))
+		}
+
+		// Figure out field corresponding to key.
+		var subv reflect.Value
+		destring := false // whether the value is wrapped in a string to be decoded first
+
+		if v.Kind() == reflect.Map {
+			elemType := v.Type().Elem()
+			if !mapElem.IsValid() {
+				mapElem = reflect.New(elemType).Elem()
+			} else {
+				mapElem.Set(reflect.Zero(elemType))
+			}
+			subv = mapElem
+		} else {
+			var f *field
+			fields := cachedTypeFields(v.Type())
+			for i := range fields {
+				ff := &fields[i]
+				if bytes.Equal(ff.nameBytes, []byte(key)) {
+					f = ff
+					break
+				}
+			}
+			if f != nil {
+				subv = v
+				destring = f.quoted
+				for _, i := range f.index {
+					if subv.Kind() == reflect.Ptr {
+						if subv.IsNil() {
+							subv.Set(reflect.New(subv.Type().Elem()))
+						}
+						subv = subv.Elem()
+					}
+					subv = subv.Field(i)
+				}
+			}
+		}
+
+		// Read : before value.
+		if op == scanSkipSpace {
+			op = d.scanWhile(scanSkipSpace)
+		}
+		if op != scanObjectKey {
+			d.error(errPhase)
+		}
+
+		// Read value.
+		if destring {
+			switch qv := d.valueQuoted().(type) {
+			case nil:
+				d.literalStore(nullLiteral, subv, false)
+			case string:
+				d.literalStore([]byte(qv), subv, true)
+			default:
+				d.saveError(fmt.Errorf("json: invalid use of ,string struct tag, trying to unmarshal unquoted value into %v", subv.Type()))
+			}
+		} else {
+			d.value(subv)
+		}
+
+		// Write value back to map;
+		// if using struct, subv points into struct already.
+		if v.Kind() == reflect.Map {
+			kv := reflect.ValueOf(key).Convert(v.Type().Key())
+			v.SetMapIndex(kv, subv)
+		}
+
+		// Next token must be , or }.
+		op = d.scanWhile(scanSkipSpace)
+		if op == scanEndObject {
+			break
+		}
+		if op != scanObjectValue {
+			d.error(errPhase)
+		}
+	}
+}
+
+// literal consumes a literal from d.data[d.off-1:], decoding into the value v.
+// The first byte of the literal has been read already
+// (that's how the caller knows it's a literal).
+func (d *decodeState) literal(v reflect.Value) {
+	// All bytes inside literal return scanContinue op code.
+	start := d.off - 1
+	op := d.scanWhile(scanContinue)
+
+	// Scan read one byte too far; back up.
+	d.off--
+	d.scan.undo(op)
+
+	d.literalStore(d.data[start:d.off], v, false)
+}
+
+// convertNumber converts the number literal s to a float64, int64 or a Number
+// depending on d.numberDecodeType.
+func (d *decodeState) convertNumber(s string) (interface{}, error) {
+	switch d.numberType {
+
+	case UnmarshalJSONNumber:
+		return Number(s), nil
+	case UnmarshalIntOrFloat:
+		v, err := strconv.ParseInt(s, 10, 64)
+		if err == nil {
+			return v, nil
+		}
+
+		// tries to parse integer number in scientific notation
+		f, err := strconv.ParseFloat(s, 64)
+		if err != nil {
+			return nil, &UnmarshalTypeError{"number " + s, reflect.TypeOf(0.0), int64(d.off)}
+		}
+
+		// if it has no decimal value use int64
+		if fi, fd := math.Modf(f); fd == 0.0 {
+			return int64(fi), nil
+		}
+		return f, nil
+	default:
+		f, err := strconv.ParseFloat(s, 64)
+		if err != nil {
+			return nil, &UnmarshalTypeError{"number " + s, reflect.TypeOf(0.0), int64(d.off)}
+		}
+		return f, nil
+	}
+
+}
+
+var numberType = reflect.TypeOf(Number(""))
+
+// literalStore decodes a literal stored in item into v.
+//
+// fromQuoted indicates whether this literal came from unwrapping a
+// string from the ",string" struct tag option. this is used only to
+// produce more helpful error messages.
+func (d *decodeState) literalStore(item []byte, v reflect.Value, fromQuoted bool) {
+	// Check for unmarshaler.
+	if len(item) == 0 {
+		//Empty string given
+		d.saveError(fmt.Errorf("json: invalid use of ,string struct tag, trying to unmarshal %q into %v", item, v.Type()))
+		return
+	}
+	wantptr := item[0] == 'n' // null
+	u, ut, pv := d.indirect(v, wantptr)
+	if u != nil {
+		err := u.UnmarshalJSON(item)
+		if err != nil {
+			d.error(err)
+		}
+		return
+	}
+	if ut != nil {
+		if item[0] != '"' {
+			if fromQuoted {
+				d.saveError(fmt.Errorf("json: invalid use of ,string struct tag, trying to unmarshal %q into %v", item, v.Type()))
+			} else {
+				d.saveError(&UnmarshalTypeError{"string", v.Type(), int64(d.off)})
+			}
+			return
+		}
+		s, ok := unquoteBytes(item)
+		if !ok {
+			if fromQuoted {
+				d.error(fmt.Errorf("json: invalid use of ,string struct tag, trying to unmarshal %q into %v", item, v.Type()))
+			} else {
+				d.error(errPhase)
+			}
+		}
+		err := ut.UnmarshalText(s)
+		if err != nil {
+			d.error(err)
+		}
+		return
+	}
+
+	v = pv
+
+	switch c := item[0]; c {
+	case 'n': // null
+		switch v.Kind() {
+		case reflect.Interface, reflect.Ptr, reflect.Map, reflect.Slice:
+			v.Set(reflect.Zero(v.Type()))
+			// otherwise, ignore null for primitives/string
+		}
+	case 't', 'f': // true, false
+		value := c == 't'
+		switch v.Kind() {
+		default:
+			if fromQuoted {
+				d.saveError(fmt.Errorf("json: invalid use of ,string struct tag, trying to unmarshal %q into %v", item, v.Type()))
+			} else {
+				d.saveError(&UnmarshalTypeError{"bool", v.Type(), int64(d.off)})
+			}
+		case reflect.Bool:
+			v.SetBool(value)
+		case reflect.Interface:
+			if v.NumMethod() == 0 {
+				v.Set(reflect.ValueOf(value))
+			} else {
+				d.saveError(&UnmarshalTypeError{"bool", v.Type(), int64(d.off)})
+			}
+		}
+
+	case '"': // string
+		s, ok := unquoteBytes(item)
+		if !ok {
+			if fromQuoted {
+				d.error(fmt.Errorf("json: invalid use of ,string struct tag, trying to unmarshal %q into %v", item, v.Type()))
+			} else {
+				d.error(errPhase)
+			}
+		}
+		switch v.Kind() {
+		default:
+			d.saveError(&UnmarshalTypeError{"string", v.Type(), int64(d.off)})
+		case reflect.Slice:
+			if v.Type().Elem().Kind() != reflect.Uint8 {
+				d.saveError(&UnmarshalTypeError{"string", v.Type(), int64(d.off)})
+				break
+			}
+			b := make([]byte, base64.StdEncoding.DecodedLen(len(s)))
+			n, err := base64.StdEncoding.Decode(b, s)
+			if err != nil {
+				d.saveError(err)
+				break
+			}
+			v.SetBytes(b[:n])
+		case reflect.String:
+			v.SetString(string(s))
+		case reflect.Interface:
+			if v.NumMethod() == 0 {
+				v.Set(reflect.ValueOf(string(s)))
+			} else {
+				d.saveError(&UnmarshalTypeError{"string", v.Type(), int64(d.off)})
+			}
+		}
+
+	default: // number
+		if c != '-' && (c < '0' || c > '9') {
+			if fromQuoted {
+				d.error(fmt.Errorf("json: invalid use of ,string struct tag, trying to unmarshal %q into %v", item, v.Type()))
+			} else {
+				d.error(errPhase)
+			}
+		}
+		s := string(item)
+		switch v.Kind() {
+		default:
+			if v.Kind() == reflect.String && v.Type() == numberType {
+				v.SetString(s)
+				if !isValidNumber(s) {
+					d.error(fmt.Errorf("json: invalid number literal, trying to unmarshal %q into Number", item))
+				}
+				break
+			}
+			if fromQuoted {
+				d.error(fmt.Errorf("json: invalid use of ,string struct tag, trying to unmarshal %q into %v", item, v.Type()))
+			} else {
+				d.error(&UnmarshalTypeError{"number", v.Type(), int64(d.off)})
+			}
+		case reflect.Interface:
+			n, err := d.convertNumber(s)
+			if err != nil {
+				d.saveError(err)
+				break
+			}
+			if v.NumMethod() != 0 {
+				d.saveError(&UnmarshalTypeError{"number", v.Type(), int64(d.off)})
+				break
+			}
+			v.Set(reflect.ValueOf(n))
+
+		case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64:
+			n, err := strconv.ParseInt(s, 10, 64)
+			if err != nil || v.OverflowInt(n) {
+				d.saveError(&UnmarshalTypeError{"number " + s, v.Type(), int64(d.off)})
+				break
+			}
+			v.SetInt(n)
+
+		case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr:
+			n, err := strconv.ParseUint(s, 10, 64)
+			if err != nil || v.OverflowUint(n) {
+				d.saveError(&UnmarshalTypeError{"number " + s, v.Type(), int64(d.off)})
+				break
+			}
+			v.SetUint(n)
+
+		case reflect.Float32, reflect.Float64:
+			n, err := strconv.ParseFloat(s, v.Type().Bits())
+			if err != nil || v.OverflowFloat(n) {
+				d.saveError(&UnmarshalTypeError{"number " + s, v.Type(), int64(d.off)})
+				break
+			}
+			v.SetFloat(n)
+		}
+	}
+}
+
+// The xxxInterface routines build up a value to be stored
+// in an empty interface.  They are not strictly necessary,
+// but they avoid the weight of reflection in this common case.
+
+// valueInterface is like value but returns interface{}
+func (d *decodeState) valueInterface() interface{} {
+	switch d.scanWhile(scanSkipSpace) {
+	default:
+		d.error(errPhase)
+		panic("unreachable")
+	case scanBeginArray:
+		return d.arrayInterface()
+	case scanBeginObject:
+		return d.objectInterface()
+	case scanBeginLiteral:
+		return d.literalInterface()
+	}
+}
+
+// arrayInterface is like array but returns []interface{}.
+func (d *decodeState) arrayInterface() []interface{} {
+	var v = make([]interface{}, 0)
+	for {
+		// Look ahead for ] - can only happen on first iteration.
+		op := d.scanWhile(scanSkipSpace)
+		if op == scanEndArray {
+			break
+		}
+
+		// Back up so d.value can have the byte we just read.
+		d.off--
+		d.scan.undo(op)
+
+		v = append(v, d.valueInterface())
+
+		// Next token must be , or ].
+		op = d.scanWhile(scanSkipSpace)
+		if op == scanEndArray {
+			break
+		}
+		if op != scanArrayValue {
+			d.error(errPhase)
+		}
+	}
+	return v
+}
+
+// objectInterface is like object but returns map[string]interface{}.
+func (d *decodeState) objectInterface() map[string]interface{} {
+	m := make(map[string]interface{})
+	keys := map[string]bool{}
+
+	for {
+		// Read opening " of string key or closing }.
+		op := d.scanWhile(scanSkipSpace)
+		if op == scanEndObject {
+			// closing } - can only happen on first iteration.
+			break
+		}
+		if op != scanBeginLiteral {
+			d.error(errPhase)
+		}
+
+		// Read string key.
+		start := d.off - 1
+		op = d.scanWhile(scanContinue)
+		item := d.data[start : d.off-1]
+		key, ok := unquote(item)
+		if !ok {
+			d.error(errPhase)
+		}
+
+		// Check for duplicate keys.
+		_, ok = keys[key]
+		if !ok {
+			keys[key] = true
+		} else {
+			d.error(fmt.Errorf("json: duplicate key '%s' in object", key))
+		}
+
+		// Read : before value.
+		if op == scanSkipSpace {
+			op = d.scanWhile(scanSkipSpace)
+		}
+		if op != scanObjectKey {
+			d.error(errPhase)
+		}
+
+		// Read value.
+		m[key] = d.valueInterface()
+
+		// Next token must be , or }.
+		op = d.scanWhile(scanSkipSpace)
+		if op == scanEndObject {
+			break
+		}
+		if op != scanObjectValue {
+			d.error(errPhase)
+		}
+	}
+	return m
+}
+
+// literalInterface is like literal but returns an interface value.
+func (d *decodeState) literalInterface() interface{} {
+	// All bytes inside literal return scanContinue op code.
+	start := d.off - 1
+	op := d.scanWhile(scanContinue)
+
+	// Scan read one byte too far; back up.
+	d.off--
+	d.scan.undo(op)
+	item := d.data[start:d.off]
+
+	switch c := item[0]; c {
+	case 'n': // null
+		return nil
+
+	case 't', 'f': // true, false
+		return c == 't'
+
+	case '"': // string
+		s, ok := unquote(item)
+		if !ok {
+			d.error(errPhase)
+		}
+		return s
+
+	default: // number
+		if c != '-' && (c < '0' || c > '9') {
+			d.error(errPhase)
+		}
+		n, err := d.convertNumber(string(item))
+		if err != nil {
+			d.saveError(err)
+		}
+		return n
+	}
+}
+
+// getu4 decodes \uXXXX from the beginning of s, returning the hex value,
+// or it returns -1.
+func getu4(s []byte) rune {
+	if len(s) < 6 || s[0] != '\\' || s[1] != 'u' {
+		return -1
+	}
+	r, err := strconv.ParseUint(string(s[2:6]), 16, 64)
+	if err != nil {
+		return -1
+	}
+	return rune(r)
+}
+
+// unquote converts a quoted JSON string literal s into an actual string t.
+// The rules are different than for Go, so cannot use strconv.Unquote.
+func unquote(s []byte) (t string, ok bool) {
+	s, ok = unquoteBytes(s)
+	t = string(s)
+	return
+}
+
+func unquoteBytes(s []byte) (t []byte, ok bool) {
+	if len(s) < 2 || s[0] != '"' || s[len(s)-1] != '"' {
+		return
+	}
+	s = s[1 : len(s)-1]
+
+	// Check for unusual characters. If there are none,
+	// then no unquoting is needed, so return a slice of the
+	// original bytes.
+	r := 0
+	for r < len(s) {
+		c := s[r]
+		if c == '\\' || c == '"' || c < ' ' {
+			break
+		}
+		if c < utf8.RuneSelf {
+			r++
+			continue
+		}
+		rr, size := utf8.DecodeRune(s[r:])
+		if rr == utf8.RuneError && size == 1 {
+			break
+		}
+		r += size
+	}
+	if r == len(s) {
+		return s, true
+	}
+
+	b := make([]byte, len(s)+2*utf8.UTFMax)
+	w := copy(b, s[0:r])
+	for r < len(s) {
+		// Out of room?  Can only happen if s is full of
+		// malformed UTF-8 and we're replacing each
+		// byte with RuneError.
+		if w >= len(b)-2*utf8.UTFMax {
+			nb := make([]byte, (len(b)+utf8.UTFMax)*2)
+			copy(nb, b[0:w])
+			b = nb
+		}
+		switch c := s[r]; {
+		case c == '\\':
+			r++
+			if r >= len(s) {
+				return
+			}
+			switch s[r] {
+			default:
+				return
+			case '"', '\\', '/', '\'':
+				b[w] = s[r]
+				r++
+				w++
+			case 'b':
+				b[w] = '\b'
+				r++
+				w++
+			case 'f':
+				b[w] = '\f'
+				r++
+				w++
+			case 'n':
+				b[w] = '\n'
+				r++
+				w++
+			case 'r':
+				b[w] = '\r'
+				r++
+				w++
+			case 't':
+				b[w] = '\t'
+				r++
+				w++
+			case 'u':
+				r--
+				rr := getu4(s[r:])
+				if rr < 0 {
+					return
+				}
+				r += 6
+				if utf16.IsSurrogate(rr) {
+					rr1 := getu4(s[r:])
+					if dec := utf16.DecodeRune(rr, rr1); dec != unicode.ReplacementChar {
+						// A valid pair; consume.
+						r += 6
+						w += utf8.EncodeRune(b[w:], dec)
+						break
+					}
+					// Invalid surrogate; fall back to replacement rune.
+					rr = unicode.ReplacementChar
+				}
+				w += utf8.EncodeRune(b[w:], rr)
+			}
+
+		// Quote, control characters are invalid.
+		case c == '"', c < ' ':
+			return
+
+		// ASCII
+		case c < utf8.RuneSelf:
+			b[w] = c
+			r++
+			w++
+
+		// Coerce to well-formed UTF-8.
+		default:
+			rr, size := utf8.DecodeRune(s[r:])
+			r += size
+			w += utf8.EncodeRune(b[w:], rr)
+		}
+	}
+	return b[0:w], true
+}
diff --git a/vendor/gopkg.in/go-jose/go-jose.v2/json/encode.go b/vendor/gopkg.in/go-jose/go-jose.v2/json/encode.go
new file mode 100644
index 000000000..1dae8bb7c
--- /dev/null
+++ b/vendor/gopkg.in/go-jose/go-jose.v2/json/encode.go
@@ -0,0 +1,1197 @@
+// Copyright 2010 The Go Authors.  All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package json implements encoding and decoding of JSON objects as defined in
+// RFC 4627. The mapping between JSON objects and Go values is described
+// in the documentation for the Marshal and Unmarshal functions.
+//
+// See "JSON and Go" for an introduction to this package:
+// https://golang.org/doc/articles/json_and_go.html
+package json
+
+import (
+	"bytes"
+	"encoding"
+	"encoding/base64"
+	"fmt"
+	"math"
+	"reflect"
+	"runtime"
+	"sort"
+	"strconv"
+	"strings"
+	"sync"
+	"unicode"
+	"unicode/utf8"
+)
+
+// Marshal returns the JSON encoding of v.
+//
+// Marshal traverses the value v recursively.
+// If an encountered value implements the Marshaler interface
+// and is not a nil pointer, Marshal calls its MarshalJSON method
+// to produce JSON. If no MarshalJSON method is present but the
+// value implements encoding.TextMarshaler instead, Marshal calls
+// its MarshalText method.
+// The nil pointer exception is not strictly necessary
+// but mimics a similar, necessary exception in the behavior of
+// UnmarshalJSON.
+//
+// Otherwise, Marshal uses the following type-dependent default encodings:
+//
+// Boolean values encode as JSON booleans.
+//
+// Floating point, integer, and Number values encode as JSON numbers.
+//
+// String values encode as JSON strings coerced to valid UTF-8,
+// replacing invalid bytes with the Unicode replacement rune.
+// The angle brackets "<" and ">" are escaped to "\u003c" and "\u003e"
+// to keep some browsers from misinterpreting JSON output as HTML.
+// Ampersand "&" is also escaped to "\u0026" for the same reason.
+//
+// Array and slice values encode as JSON arrays, except that
+// []byte encodes as a base64-encoded string, and a nil slice
+// encodes as the null JSON object.
+//
+// Struct values encode as JSON objects. Each exported struct field
+// becomes a member of the object unless
+//   - the field's tag is "-", or
+//   - the field is empty and its tag specifies the "omitempty" option.
+// The empty values are false, 0, any
+// nil pointer or interface value, and any array, slice, map, or string of
+// length zero. The object's default key string is the struct field name
+// but can be specified in the struct field's tag value. The "json" key in
+// the struct field's tag value is the key name, followed by an optional comma
+// and options. Examples:
+//
+//   // Field is ignored by this package.
+//   Field int `json:"-"`
+//
+//   // Field appears in JSON as key "myName".
+//   Field int `json:"myName"`
+//
+//   // Field appears in JSON as key "myName" and
+//   // the field is omitted from the object if its value is empty,
+//   // as defined above.
+//   Field int `json:"myName,omitempty"`
+//
+//   // Field appears in JSON as key "Field" (the default), but
+//   // the field is skipped if empty.
+//   // Note the leading comma.
+//   Field int `json:",omitempty"`
+//
+// The "string" option signals that a field is stored as JSON inside a
+// JSON-encoded string. It applies only to fields of string, floating point,
+// integer, or boolean types. This extra level of encoding is sometimes used
+// when communicating with JavaScript programs:
+//
+//    Int64String int64 `json:",string"`
+//
+// The key name will be used if it's a non-empty string consisting of
+// only Unicode letters, digits, dollar signs, percent signs, hyphens,
+// underscores and slashes.
+//
+// Anonymous struct fields are usually marshaled as if their inner exported fields
+// were fields in the outer struct, subject to the usual Go visibility rules amended
+// as described in the next paragraph.
+// An anonymous struct field with a name given in its JSON tag is treated as
+// having that name, rather than being anonymous.
+// An anonymous struct field of interface type is treated the same as having
+// that type as its name, rather than being anonymous.
+//
+// The Go visibility rules for struct fields are amended for JSON when
+// deciding which field to marshal or unmarshal. If there are
+// multiple fields at the same level, and that level is the least
+// nested (and would therefore be the nesting level selected by the
+// usual Go rules), the following extra rules apply:
+//
+// 1) Of those fields, if any are JSON-tagged, only tagged fields are considered,
+// even if there are multiple untagged fields that would otherwise conflict.
+// 2) If there is exactly one field (tagged or not according to the first rule), that is selected.
+// 3) Otherwise there are multiple fields, and all are ignored; no error occurs.
+//
+// Handling of anonymous struct fields is new in Go 1.1.
+// Prior to Go 1.1, anonymous struct fields were ignored. To force ignoring of
+// an anonymous struct field in both current and earlier versions, give the field
+// a JSON tag of "-".
+//
+// Map values encode as JSON objects.
+// The map's key type must be string; the map keys are used as JSON object
+// keys, subject to the UTF-8 coercion described for string values above.
+//
+// Pointer values encode as the value pointed to.
+// A nil pointer encodes as the null JSON object.
+//
+// Interface values encode as the value contained in the interface.
+// A nil interface value encodes as the null JSON object.
+//
+// Channel, complex, and function values cannot be encoded in JSON.
+// Attempting to encode such a value causes Marshal to return
+// an UnsupportedTypeError.
+//
+// JSON cannot represent cyclic data structures and Marshal does not
+// handle them.  Passing cyclic structures to Marshal will result in
+// an infinite recursion.
+//
+func Marshal(v interface{}) ([]byte, error) {
+	e := &encodeState{}
+	err := e.marshal(v)
+	if err != nil {
+		return nil, err
+	}
+	return e.Bytes(), nil
+}
+
+// MarshalIndent is like Marshal but applies Indent to format the output.
+func MarshalIndent(v interface{}, prefix, indent string) ([]byte, error) {
+	b, err := Marshal(v)
+	if err != nil {
+		return nil, err
+	}
+	var buf bytes.Buffer
+	err = Indent(&buf, b, prefix, indent)
+	if err != nil {
+		return nil, err
+	}
+	return buf.Bytes(), nil
+}
+
+// HTMLEscape appends to dst the JSON-encoded src with <, >, &, U+2028 and U+2029
+// characters inside string literals changed to \u003c, \u003e, \u0026, \u2028, \u2029
+// so that the JSON will be safe to embed inside HTML <script> tags.
+// For historical reasons, web browsers don't honor standard HTML
+// escaping within <script> tags, so an alternative JSON encoding must
+// be used.
+func HTMLEscape(dst *bytes.Buffer, src []byte) {
+	// The characters can only appear in string literals,
+	// so just scan the string one byte at a time.
+	start := 0
+	for i, c := range src {
+		if c == '<' || c == '>' || c == '&' {
+			if start < i {
+				dst.Write(src[start:i])
+			}
+			dst.WriteString(`\u00`)
+			dst.WriteByte(hex[c>>4])
+			dst.WriteByte(hex[c&0xF])
+			start = i + 1
+		}
+		// Convert U+2028 and U+2029 (E2 80 A8 and E2 80 A9).
+		if c == 0xE2 && i+2 < len(src) && src[i+1] == 0x80 && src[i+2]&^1 == 0xA8 {
+			if start < i {
+				dst.Write(src[start:i])
+			}
+			dst.WriteString(`\u202`)
+			dst.WriteByte(hex[src[i+2]&0xF])
+			start = i + 3
+		}
+	}
+	if start < len(src) {
+		dst.Write(src[start:])
+	}
+}
+
+// Marshaler is the interface implemented by objects that
+// can marshal themselves into valid JSON.
+type Marshaler interface {
+	MarshalJSON() ([]byte, error)
+}
+
+// An UnsupportedTypeError is returned by Marshal when attempting
+// to encode an unsupported value type.
+type UnsupportedTypeError struct {
+	Type reflect.Type
+}
+
+func (e *UnsupportedTypeError) Error() string {
+	return "json: unsupported type: " + e.Type.String()
+}
+
+type UnsupportedValueError struct {
+	Value reflect.Value
+	Str   string
+}
+
+func (e *UnsupportedValueError) Error() string {
+	return "json: unsupported value: " + e.Str
+}
+
+// Before Go 1.2, an InvalidUTF8Error was returned by Marshal when
+// attempting to encode a string value with invalid UTF-8 sequences.
+// As of Go 1.2, Marshal instead coerces the string to valid UTF-8 by
+// replacing invalid bytes with the Unicode replacement rune U+FFFD.
+// This error is no longer generated but is kept for backwards compatibility
+// with programs that might mention it.
+type InvalidUTF8Error struct {
+	S string // the whole string value that caused the error
+}
+
+func (e *InvalidUTF8Error) Error() string {
+	return "json: invalid UTF-8 in string: " + strconv.Quote(e.S)
+}
+
+type MarshalerError struct {
+	Type reflect.Type
+	Err  error
+}
+
+func (e *MarshalerError) Error() string {
+	return "json: error calling MarshalJSON for type " + e.Type.String() + ": " + e.Err.Error()
+}
+
+var hex = "0123456789abcdef"
+
+// An encodeState encodes JSON into a bytes.Buffer.
+type encodeState struct {
+	bytes.Buffer // accumulated output
+	scratch      [64]byte
+}
+
+var encodeStatePool sync.Pool
+
+func newEncodeState() *encodeState {
+	if v := encodeStatePool.Get(); v != nil {
+		e := v.(*encodeState)
+		e.Reset()
+		return e
+	}
+	return new(encodeState)
+}
+
+func (e *encodeState) marshal(v interface{}) (err error) {
+	defer func() {
+		if r := recover(); r != nil {
+			if _, ok := r.(runtime.Error); ok {
+				panic(r)
+			}
+			if s, ok := r.(string); ok {
+				panic(s)
+			}
+			err = r.(error)
+		}
+	}()
+	e.reflectValue(reflect.ValueOf(v))
+	return nil
+}
+
+func (e *encodeState) error(err error) {
+	panic(err)
+}
+
+func isEmptyValue(v reflect.Value) bool {
+	switch v.Kind() {
+	case reflect.Array, reflect.Map, reflect.Slice, reflect.String:
+		return v.Len() == 0
+	case reflect.Bool:
+		return !v.Bool()
+	case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64:
+		return v.Int() == 0
+	case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr:
+		return v.Uint() == 0
+	case reflect.Float32, reflect.Float64:
+		return v.Float() == 0
+	case reflect.Interface, reflect.Ptr:
+		return v.IsNil()
+	}
+	return false
+}
+
+func (e *encodeState) reflectValue(v reflect.Value) {
+	valueEncoder(v)(e, v, false)
+}
+
+type encoderFunc func(e *encodeState, v reflect.Value, quoted bool)
+
+var encoderCache struct {
+	sync.RWMutex
+	m map[reflect.Type]encoderFunc
+}
+
+func valueEncoder(v reflect.Value) encoderFunc {
+	if !v.IsValid() {
+		return invalidValueEncoder
+	}
+	return typeEncoder(v.Type())
+}
+
+func typeEncoder(t reflect.Type) encoderFunc {
+	encoderCache.RLock()
+	f := encoderCache.m[t]
+	encoderCache.RUnlock()
+	if f != nil {
+		return f
+	}
+
+	// To deal with recursive types, populate the map with an
+	// indirect func before we build it. This type waits on the
+	// real func (f) to be ready and then calls it.  This indirect
+	// func is only used for recursive types.
+	encoderCache.Lock()
+	if encoderCache.m == nil {
+		encoderCache.m = make(map[reflect.Type]encoderFunc)
+	}
+	var wg sync.WaitGroup
+	wg.Add(1)
+	encoderCache.m[t] = func(e *encodeState, v reflect.Value, quoted bool) {
+		wg.Wait()
+		f(e, v, quoted)
+	}
+	encoderCache.Unlock()
+
+	// Compute fields without lock.
+	// Might duplicate effort but won't hold other computations back.
+	f = newTypeEncoder(t, true)
+	wg.Done()
+	encoderCache.Lock()
+	encoderCache.m[t] = f
+	encoderCache.Unlock()
+	return f
+}
+
+var (
+	marshalerType     = reflect.TypeOf(new(Marshaler)).Elem()
+	textMarshalerType = reflect.TypeOf(new(encoding.TextMarshaler)).Elem()
+)
+
+// newTypeEncoder constructs an encoderFunc for a type.
+// The returned encoder only checks CanAddr when allowAddr is true.
+func newTypeEncoder(t reflect.Type, allowAddr bool) encoderFunc {
+	if t.Implements(marshalerType) {
+		return marshalerEncoder
+	}
+	if t.Kind() != reflect.Ptr && allowAddr {
+		if reflect.PtrTo(t).Implements(marshalerType) {
+			return newCondAddrEncoder(addrMarshalerEncoder, newTypeEncoder(t, false))
+		}
+	}
+
+	if t.Implements(textMarshalerType) {
+		return textMarshalerEncoder
+	}
+	if t.Kind() != reflect.Ptr && allowAddr {
+		if reflect.PtrTo(t).Implements(textMarshalerType) {
+			return newCondAddrEncoder(addrTextMarshalerEncoder, newTypeEncoder(t, false))
+		}
+	}
+
+	switch t.Kind() {
+	case reflect.Bool:
+		return boolEncoder
+	case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64:
+		return intEncoder
+	case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr:
+		return uintEncoder
+	case reflect.Float32:
+		return float32Encoder
+	case reflect.Float64:
+		return float64Encoder
+	case reflect.String:
+		return stringEncoder
+	case reflect.Interface:
+		return interfaceEncoder
+	case reflect.Struct:
+		return newStructEncoder(t)
+	case reflect.Map:
+		return newMapEncoder(t)
+	case reflect.Slice:
+		return newSliceEncoder(t)
+	case reflect.Array:
+		return newArrayEncoder(t)
+	case reflect.Ptr:
+		return newPtrEncoder(t)
+	default:
+		return unsupportedTypeEncoder
+	}
+}
+
+func invalidValueEncoder(e *encodeState, v reflect.Value, quoted bool) {
+	e.WriteString("null")
+}
+
+func marshalerEncoder(e *encodeState, v reflect.Value, quoted bool) {
+	if v.Kind() == reflect.Ptr && v.IsNil() {
+		e.WriteString("null")
+		return
+	}
+	m := v.Interface().(Marshaler)
+	b, err := m.MarshalJSON()
+	if err == nil {
+		// copy JSON into buffer, checking validity.
+		err = compact(&e.Buffer, b, true)
+	}
+	if err != nil {
+		e.error(&MarshalerError{v.Type(), err})
+	}
+}
+
+func addrMarshalerEncoder(e *encodeState, v reflect.Value, quoted bool) {
+	va := v.Addr()
+	if va.IsNil() {
+		e.WriteString("null")
+		return
+	}
+	m := va.Interface().(Marshaler)
+	b, err := m.MarshalJSON()
+	if err == nil {
+		// copy JSON into buffer, checking validity.
+		err = compact(&e.Buffer, b, true)
+	}
+	if err != nil {
+		e.error(&MarshalerError{v.Type(), err})
+	}
+}
+
+func textMarshalerEncoder(e *encodeState, v reflect.Value, quoted bool) {
+	if v.Kind() == reflect.Ptr && v.IsNil() {
+		e.WriteString("null")
+		return
+	}
+	m := v.Interface().(encoding.TextMarshaler)
+	b, err := m.MarshalText()
+	if err != nil {
+		e.error(&MarshalerError{v.Type(), err})
+	}
+	e.stringBytes(b)
+}
+
+func addrTextMarshalerEncoder(e *encodeState, v reflect.Value, quoted bool) {
+	va := v.Addr()
+	if va.IsNil() {
+		e.WriteString("null")
+		return
+	}
+	m := va.Interface().(encoding.TextMarshaler)
+	b, err := m.MarshalText()
+	if err != nil {
+		e.error(&MarshalerError{v.Type(), err})
+	}
+	e.stringBytes(b)
+}
+
+func boolEncoder(e *encodeState, v reflect.Value, quoted bool) {
+	if quoted {
+		e.WriteByte('"')
+	}
+	if v.Bool() {
+		e.WriteString("true")
+	} else {
+		e.WriteString("false")
+	}
+	if quoted {
+		e.WriteByte('"')
+	}
+}
+
+func intEncoder(e *encodeState, v reflect.Value, quoted bool) {
+	b := strconv.AppendInt(e.scratch[:0], v.Int(), 10)
+	if quoted {
+		e.WriteByte('"')
+	}
+	e.Write(b)
+	if quoted {
+		e.WriteByte('"')
+	}
+}
+
+func uintEncoder(e *encodeState, v reflect.Value, quoted bool) {
+	b := strconv.AppendUint(e.scratch[:0], v.Uint(), 10)
+	if quoted {
+		e.WriteByte('"')
+	}
+	e.Write(b)
+	if quoted {
+		e.WriteByte('"')
+	}
+}
+
+type floatEncoder int // number of bits
+
+func (bits floatEncoder) encode(e *encodeState, v reflect.Value, quoted bool) {
+	f := v.Float()
+	if math.IsInf(f, 0) || math.IsNaN(f) {
+		e.error(&UnsupportedValueError{v, strconv.FormatFloat(f, 'g', -1, int(bits))})
+	}
+	b := strconv.AppendFloat(e.scratch[:0], f, 'g', -1, int(bits))
+	if quoted {
+		e.WriteByte('"')
+	}
+	e.Write(b)
+	if quoted {
+		e.WriteByte('"')
+	}
+}
+
+var (
+	float32Encoder = (floatEncoder(32)).encode
+	float64Encoder = (floatEncoder(64)).encode
+)
+
+func stringEncoder(e *encodeState, v reflect.Value, quoted bool) {
+	if v.Type() == numberType {
+		numStr := v.String()
+		// In Go1.5 the empty string encodes to "0", while this is not a valid number literal
+		// we keep compatibility so check validity after this.
+		if numStr == "" {
+			numStr = "0" // Number's zero-val
+		}
+		if !isValidNumber(numStr) {
+			e.error(fmt.Errorf("json: invalid number literal %q", numStr))
+		}
+		e.WriteString(numStr)
+		return
+	}
+	if quoted {
+		sb, err := Marshal(v.String())
+		if err != nil {
+			e.error(err)
+		}
+		e.string(string(sb))
+	} else {
+		e.string(v.String())
+	}
+}
+
+func interfaceEncoder(e *encodeState, v reflect.Value, quoted bool) {
+	if v.IsNil() {
+		e.WriteString("null")
+		return
+	}
+	e.reflectValue(v.Elem())
+}
+
+func unsupportedTypeEncoder(e *encodeState, v reflect.Value, quoted bool) {
+	e.error(&UnsupportedTypeError{v.Type()})
+}
+
+type structEncoder struct {
+	fields    []field
+	fieldEncs []encoderFunc
+}
+
+func (se *structEncoder) encode(e *encodeState, v reflect.Value, quoted bool) {
+	e.WriteByte('{')
+	first := true
+	for i, f := range se.fields {
+		fv := fieldByIndex(v, f.index)
+		if !fv.IsValid() || f.omitEmpty && isEmptyValue(fv) {
+			continue
+		}
+		if first {
+			first = false
+		} else {
+			e.WriteByte(',')
+		}
+		e.string(f.name)
+		e.WriteByte(':')
+		se.fieldEncs[i](e, fv, f.quoted)
+	}
+	e.WriteByte('}')
+}
+
+func newStructEncoder(t reflect.Type) encoderFunc {
+	fields := cachedTypeFields(t)
+	se := &structEncoder{
+		fields:    fields,
+		fieldEncs: make([]encoderFunc, len(fields)),
+	}
+	for i, f := range fields {
+		se.fieldEncs[i] = typeEncoder(typeByIndex(t, f.index))
+	}
+	return se.encode
+}
+
+type mapEncoder struct {
+	elemEnc encoderFunc
+}
+
+func (me *mapEncoder) encode(e *encodeState, v reflect.Value, _ bool) {
+	if v.IsNil() {
+		e.WriteString("null")
+		return
+	}
+	e.WriteByte('{')
+	var sv stringValues = v.MapKeys()
+	sort.Sort(sv)
+	for i, k := range sv {
+		if i > 0 {
+			e.WriteByte(',')
+		}
+		e.string(k.String())
+		e.WriteByte(':')
+		me.elemEnc(e, v.MapIndex(k), false)
+	}
+	e.WriteByte('}')
+}
+
+func newMapEncoder(t reflect.Type) encoderFunc {
+	if t.Key().Kind() != reflect.String {
+		return unsupportedTypeEncoder
+	}
+	me := &mapEncoder{typeEncoder(t.Elem())}
+	return me.encode
+}
+
+func encodeByteSlice(e *encodeState, v reflect.Value, _ bool) {
+	if v.IsNil() {
+		e.WriteString("null")
+		return
+	}
+	s := v.Bytes()
+	e.WriteByte('"')
+	if len(s) < 1024 {
+		// for small buffers, using Encode directly is much faster.
+		dst := make([]byte, base64.StdEncoding.EncodedLen(len(s)))
+		base64.StdEncoding.Encode(dst, s)
+		e.Write(dst)
+	} else {
+		// for large buffers, avoid unnecessary extra temporary
+		// buffer space.
+		enc := base64.NewEncoder(base64.StdEncoding, e)
+		enc.Write(s)
+		enc.Close()
+	}
+	e.WriteByte('"')
+}
+
+// sliceEncoder just wraps an arrayEncoder, checking to make sure the value isn't nil.
+type sliceEncoder struct {
+	arrayEnc encoderFunc
+}
+
+func (se *sliceEncoder) encode(e *encodeState, v reflect.Value, _ bool) {
+	if v.IsNil() {
+		e.WriteString("null")
+		return
+	}
+	se.arrayEnc(e, v, false)
+}
+
+func newSliceEncoder(t reflect.Type) encoderFunc {
+	// Byte slices get special treatment; arrays don't.
+	if t.Elem().Kind() == reflect.Uint8 {
+		return encodeByteSlice
+	}
+	enc := &sliceEncoder{newArrayEncoder(t)}
+	return enc.encode
+}
+
+type arrayEncoder struct {
+	elemEnc encoderFunc
+}
+
+func (ae *arrayEncoder) encode(e *encodeState, v reflect.Value, _ bool) {
+	e.WriteByte('[')
+	n := v.Len()
+	for i := 0; i < n; i++ {
+		if i > 0 {
+			e.WriteByte(',')
+		}
+		ae.elemEnc(e, v.Index(i), false)
+	}
+	e.WriteByte(']')
+}
+
+func newArrayEncoder(t reflect.Type) encoderFunc {
+	enc := &arrayEncoder{typeEncoder(t.Elem())}
+	return enc.encode
+}
+
+type ptrEncoder struct {
+	elemEnc encoderFunc
+}
+
+func (pe *ptrEncoder) encode(e *encodeState, v reflect.Value, quoted bool) {
+	if v.IsNil() {
+		e.WriteString("null")
+		return
+	}
+	pe.elemEnc(e, v.Elem(), quoted)
+}
+
+func newPtrEncoder(t reflect.Type) encoderFunc {
+	enc := &ptrEncoder{typeEncoder(t.Elem())}
+	return enc.encode
+}
+
+type condAddrEncoder struct {
+	canAddrEnc, elseEnc encoderFunc
+}
+
+func (ce *condAddrEncoder) encode(e *encodeState, v reflect.Value, quoted bool) {
+	if v.CanAddr() {
+		ce.canAddrEnc(e, v, quoted)
+	} else {
+		ce.elseEnc(e, v, quoted)
+	}
+}
+
+// newCondAddrEncoder returns an encoder that checks whether its value
+// CanAddr and delegates to canAddrEnc if so, else to elseEnc.
+func newCondAddrEncoder(canAddrEnc, elseEnc encoderFunc) encoderFunc {
+	enc := &condAddrEncoder{canAddrEnc: canAddrEnc, elseEnc: elseEnc}
+	return enc.encode
+}
+
+func isValidTag(s string) bool {
+	if s == "" {
+		return false
+	}
+	for _, c := range s {
+		switch {
+		case strings.ContainsRune("!#$%&()*+-./:<=>?@[]^_{|}~ ", c):
+			// Backslash and quote chars are reserved, but
+			// otherwise any punctuation chars are allowed
+			// in a tag name.
+		default:
+			if !unicode.IsLetter(c) && !unicode.IsDigit(c) {
+				return false
+			}
+		}
+	}
+	return true
+}
+
+func fieldByIndex(v reflect.Value, index []int) reflect.Value {
+	for _, i := range index {
+		if v.Kind() == reflect.Ptr {
+			if v.IsNil() {
+				return reflect.Value{}
+			}
+			v = v.Elem()
+		}
+		v = v.Field(i)
+	}
+	return v
+}
+
+func typeByIndex(t reflect.Type, index []int) reflect.Type {
+	for _, i := range index {
+		if t.Kind() == reflect.Ptr {
+			t = t.Elem()
+		}
+		t = t.Field(i).Type
+	}
+	return t
+}
+
+// stringValues is a slice of reflect.Value holding *reflect.StringValue.
+// It implements the methods to sort by string.
+type stringValues []reflect.Value
+
+func (sv stringValues) Len() int           { return len(sv) }
+func (sv stringValues) Swap(i, j int)      { sv[i], sv[j] = sv[j], sv[i] }
+func (sv stringValues) Less(i, j int) bool { return sv.get(i) < sv.get(j) }
+func (sv stringValues) get(i int) string   { return sv[i].String() }
+
+// NOTE: keep in sync with stringBytes below.
+func (e *encodeState) string(s string) int {
+	len0 := e.Len()
+	e.WriteByte('"')
+	start := 0
+	for i := 0; i < len(s); {
+		if b := s[i]; b < utf8.RuneSelf {
+			if 0x20 <= b && b != '\\' && b != '"' && b != '<' && b != '>' && b != '&' {
+				i++
+				continue
+			}
+			if start < i {
+				e.WriteString(s[start:i])
+			}
+			switch b {
+			case '\\', '"':
+				e.WriteByte('\\')
+				e.WriteByte(b)
+			case '\n':
+				e.WriteByte('\\')
+				e.WriteByte('n')
+			case '\r':
+				e.WriteByte('\\')
+				e.WriteByte('r')
+			case '\t':
+				e.WriteByte('\\')
+				e.WriteByte('t')
+			default:
+				// This encodes bytes < 0x20 except for \n and \r,
+				// as well as <, > and &. The latter are escaped because they
+				// can lead to security holes when user-controlled strings
+				// are rendered into JSON and served to some browsers.
+				e.WriteString(`\u00`)
+				e.WriteByte(hex[b>>4])
+				e.WriteByte(hex[b&0xF])
+			}
+			i++
+			start = i
+			continue
+		}
+		c, size := utf8.DecodeRuneInString(s[i:])
+		if c == utf8.RuneError && size == 1 {
+			if start < i {
+				e.WriteString(s[start:i])
+			}
+			e.WriteString(`\ufffd`)
+			i += size
+			start = i
+			continue
+		}
+		// U+2028 is LINE SEPARATOR.
+		// U+2029 is PARAGRAPH SEPARATOR.
+		// They are both technically valid characters in JSON strings,
+		// but don't work in JSONP, which has to be evaluated as JavaScript,
+		// and can lead to security holes there. It is valid JSON to
+		// escape them, so we do so unconditionally.
+		// See http://timelessrepo.com/json-isnt-a-javascript-subset for discussion.
+		if c == '\u2028' || c == '\u2029' {
+			if start < i {
+				e.WriteString(s[start:i])
+			}
+			e.WriteString(`\u202`)
+			e.WriteByte(hex[c&0xF])
+			i += size
+			start = i
+			continue
+		}
+		i += size
+	}
+	if start < len(s) {
+		e.WriteString(s[start:])
+	}
+	e.WriteByte('"')
+	return e.Len() - len0
+}
+
+// NOTE: keep in sync with string above.
+func (e *encodeState) stringBytes(s []byte) int {
+	len0 := e.Len()
+	e.WriteByte('"')
+	start := 0
+	for i := 0; i < len(s); {
+		if b := s[i]; b < utf8.RuneSelf {
+			if 0x20 <= b && b != '\\' && b != '"' && b != '<' && b != '>' && b != '&' {
+				i++
+				continue
+			}
+			if start < i {
+				e.Write(s[start:i])
+			}
+			switch b {
+			case '\\', '"':
+				e.WriteByte('\\')
+				e.WriteByte(b)
+			case '\n':
+				e.WriteByte('\\')
+				e.WriteByte('n')
+			case '\r':
+				e.WriteByte('\\')
+				e.WriteByte('r')
+			case '\t':
+				e.WriteByte('\\')
+				e.WriteByte('t')
+			default:
+				// This encodes bytes < 0x20 except for \n and \r,
+				// as well as <, >, and &. The latter are escaped because they
+				// can lead to security holes when user-controlled strings
+				// are rendered into JSON and served to some browsers.
+				e.WriteString(`\u00`)
+				e.WriteByte(hex[b>>4])
+				e.WriteByte(hex[b&0xF])
+			}
+			i++
+			start = i
+			continue
+		}
+		c, size := utf8.DecodeRune(s[i:])
+		if c == utf8.RuneError && size == 1 {
+			if start < i {
+				e.Write(s[start:i])
+			}
+			e.WriteString(`\ufffd`)
+			i += size
+			start = i
+			continue
+		}
+		// U+2028 is LINE SEPARATOR.
+		// U+2029 is PARAGRAPH SEPARATOR.
+		// They are both technically valid characters in JSON strings,
+		// but don't work in JSONP, which has to be evaluated as JavaScript,
+		// and can lead to security holes there. It is valid JSON to
+		// escape them, so we do so unconditionally.
+		// See http://timelessrepo.com/json-isnt-a-javascript-subset for discussion.
+		if c == '\u2028' || c == '\u2029' {
+			if start < i {
+				e.Write(s[start:i])
+			}
+			e.WriteString(`\u202`)
+			e.WriteByte(hex[c&0xF])
+			i += size
+			start = i
+			continue
+		}
+		i += size
+	}
+	if start < len(s) {
+		e.Write(s[start:])
+	}
+	e.WriteByte('"')
+	return e.Len() - len0
+}
+
+// A field represents a single field found in a struct.
+type field struct {
+	name      string
+	nameBytes []byte // []byte(name)
+
+	tag       bool
+	index     []int
+	typ       reflect.Type
+	omitEmpty bool
+	quoted    bool
+}
+
+func fillField(f field) field {
+	f.nameBytes = []byte(f.name)
+	return f
+}
+
+// byName sorts field by name, breaking ties with depth,
+// then breaking ties with "name came from json tag", then
+// breaking ties with index sequence.
+type byName []field
+
+func (x byName) Len() int { return len(x) }
+
+func (x byName) Swap(i, j int) { x[i], x[j] = x[j], x[i] }
+
+func (x byName) Less(i, j int) bool {
+	if x[i].name != x[j].name {
+		return x[i].name < x[j].name
+	}
+	if len(x[i].index) != len(x[j].index) {
+		return len(x[i].index) < len(x[j].index)
+	}
+	if x[i].tag != x[j].tag {
+		return x[i].tag
+	}
+	return byIndex(x).Less(i, j)
+}
+
+// byIndex sorts field by index sequence.
+type byIndex []field
+
+func (x byIndex) Len() int { return len(x) }
+
+func (x byIndex) Swap(i, j int) { x[i], x[j] = x[j], x[i] }
+
+func (x byIndex) Less(i, j int) bool {
+	for k, xik := range x[i].index {
+		if k >= len(x[j].index) {
+			return false
+		}
+		if xik != x[j].index[k] {
+			return xik < x[j].index[k]
+		}
+	}
+	return len(x[i].index) < len(x[j].index)
+}
+
+// typeFields returns a list of fields that JSON should recognize for the given type.
+// The algorithm is breadth-first search over the set of structs to include - the top struct
+// and then any reachable anonymous structs.
+func typeFields(t reflect.Type) []field {
+	// Anonymous fields to explore at the current level and the next.
+	current := []field{}
+	next := []field{{typ: t}}
+
+	// Count of queued names for current level and the next.
+	count := map[reflect.Type]int{}
+	nextCount := map[reflect.Type]int{}
+
+	// Types already visited at an earlier level.
+	visited := map[reflect.Type]bool{}
+
+	// Fields found.
+	var fields []field
+
+	for len(next) > 0 {
+		current, next = next, current[:0]
+		count, nextCount = nextCount, map[reflect.Type]int{}
+
+		for _, f := range current {
+			if visited[f.typ] {
+				continue
+			}
+			visited[f.typ] = true
+
+			// Scan f.typ for fields to include.
+			for i := 0; i < f.typ.NumField(); i++ {
+				sf := f.typ.Field(i)
+				if sf.PkgPath != "" && !sf.Anonymous { // unexported
+					continue
+				}
+				tag := sf.Tag.Get("json")
+				if tag == "-" {
+					continue
+				}
+				name, opts := parseTag(tag)
+				if !isValidTag(name) {
+					name = ""
+				}
+				index := make([]int, len(f.index)+1)
+				copy(index, f.index)
+				index[len(f.index)] = i
+
+				ft := sf.Type
+				if ft.Name() == "" && ft.Kind() == reflect.Ptr {
+					// Follow pointer.
+					ft = ft.Elem()
+				}
+
+				// Only strings, floats, integers, and booleans can be quoted.
+				quoted := false
+				if opts.Contains("string") {
+					switch ft.Kind() {
+					case reflect.Bool,
+						reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64,
+						reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64,
+						reflect.Float32, reflect.Float64,
+						reflect.String:
+						quoted = true
+					}
+				}
+
+				// Record found field and index sequence.
+				if name != "" || !sf.Anonymous || ft.Kind() != reflect.Struct {
+					tagged := name != ""
+					if name == "" {
+						name = sf.Name
+					}
+					fields = append(fields, fillField(field{
+						name:      name,
+						tag:       tagged,
+						index:     index,
+						typ:       ft,
+						omitEmpty: opts.Contains("omitempty"),
+						quoted:    quoted,
+					}))
+					if count[f.typ] > 1 {
+						// If there were multiple instances, add a second,
+						// so that the annihilation code will see a duplicate.
+						// It only cares about the distinction between 1 or 2,
+						// so don't bother generating any more copies.
+						fields = append(fields, fields[len(fields)-1])
+					}
+					continue
+				}
+
+				// Record new anonymous struct to explore in next round.
+				nextCount[ft]++
+				if nextCount[ft] == 1 {
+					next = append(next, fillField(field{name: ft.Name(), index: index, typ: ft}))
+				}
+			}
+		}
+	}
+
+	sort.Sort(byName(fields))
+
+	// Delete all fields that are hidden by the Go rules for embedded fields,
+	// except that fields with JSON tags are promoted.
+
+	// The fields are sorted in primary order of name, secondary order
+	// of field index length. Loop over names; for each name, delete
+	// hidden fields by choosing the one dominant field that survives.
+	out := fields[:0]
+	for advance, i := 0, 0; i < len(fields); i += advance {
+		// One iteration per name.
+		// Find the sequence of fields with the name of this first field.
+		fi := fields[i]
+		name := fi.name
+		for advance = 1; i+advance < len(fields); advance++ {
+			fj := fields[i+advance]
+			if fj.name != name {
+				break
+			}
+		}
+		if advance == 1 { // Only one field with this name
+			out = append(out, fi)
+			continue
+		}
+		dominant, ok := dominantField(fields[i : i+advance])
+		if ok {
+			out = append(out, dominant)
+		}
+	}
+
+	fields = out
+	sort.Sort(byIndex(fields))
+
+	return fields
+}
+
+// dominantField looks through the fields, all of which are known to
+// have the same name, to find the single field that dominates the
+// others using Go's embedding rules, modified by the presence of
+// JSON tags. If there are multiple top-level fields, the boolean
+// will be false: This condition is an error in Go and we skip all
+// the fields.
+func dominantField(fields []field) (field, bool) {
+	// The fields are sorted in increasing index-length order. The winner
+	// must therefore be one with the shortest index length. Drop all
+	// longer entries, which is easy: just truncate the slice.
+	length := len(fields[0].index)
+	tagged := -1 // Index of first tagged field.
+	for i, f := range fields {
+		if len(f.index) > length {
+			fields = fields[:i]
+			break
+		}
+		if f.tag {
+			if tagged >= 0 {
+				// Multiple tagged fields at the same level: conflict.
+				// Return no field.
+				return field{}, false
+			}
+			tagged = i
+		}
+	}
+	if tagged >= 0 {
+		return fields[tagged], true
+	}
+	// All remaining fields have the same length. If there's more than one,
+	// we have a conflict (two fields named "X" at the same level) and we
+	// return no field.
+	if len(fields) > 1 {
+		return field{}, false
+	}
+	return fields[0], true
+}
+
+var fieldCache struct {
+	sync.RWMutex
+	m map[reflect.Type][]field
+}
+
+// cachedTypeFields is like typeFields but uses a cache to avoid repeated work.
+func cachedTypeFields(t reflect.Type) []field {
+	fieldCache.RLock()
+	f := fieldCache.m[t]
+	fieldCache.RUnlock()
+	if f != nil {
+		return f
+	}
+
+	// Compute fields without lock.
+	// Might duplicate effort but won't hold other computations back.
+	f = typeFields(t)
+	if f == nil {
+		f = []field{}
+	}
+
+	fieldCache.Lock()
+	if fieldCache.m == nil {
+		fieldCache.m = map[reflect.Type][]field{}
+	}
+	fieldCache.m[t] = f
+	fieldCache.Unlock()
+	return f
+}
diff --git a/vendor/gopkg.in/go-jose/go-jose.v2/json/indent.go b/vendor/gopkg.in/go-jose/go-jose.v2/json/indent.go
new file mode 100644
index 000000000..7cd9f4db1
--- /dev/null
+++ b/vendor/gopkg.in/go-jose/go-jose.v2/json/indent.go
@@ -0,0 +1,141 @@
+// Copyright 2010 The Go Authors.  All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package json
+
+import "bytes"
+
+// Compact appends to dst the JSON-encoded src with
+// insignificant space characters elided.
+func Compact(dst *bytes.Buffer, src []byte) error {
+	return compact(dst, src, false)
+}
+
+func compact(dst *bytes.Buffer, src []byte, escape bool) error {
+	origLen := dst.Len()
+	var scan scanner
+	scan.reset()
+	start := 0
+	for i, c := range src {
+		if escape && (c == '<' || c == '>' || c == '&') {
+			if start < i {
+				dst.Write(src[start:i])
+			}
+			dst.WriteString(`\u00`)
+			dst.WriteByte(hex[c>>4])
+			dst.WriteByte(hex[c&0xF])
+			start = i + 1
+		}
+		// Convert U+2028 and U+2029 (E2 80 A8 and E2 80 A9).
+		if c == 0xE2 && i+2 < len(src) && src[i+1] == 0x80 && src[i+2]&^1 == 0xA8 {
+			if start < i {
+				dst.Write(src[start:i])
+			}
+			dst.WriteString(`\u202`)
+			dst.WriteByte(hex[src[i+2]&0xF])
+			start = i + 3
+		}
+		v := scan.step(&scan, c)
+		if v >= scanSkipSpace {
+			if v == scanError {
+				break
+			}
+			if start < i {
+				dst.Write(src[start:i])
+			}
+			start = i + 1
+		}
+	}
+	if scan.eof() == scanError {
+		dst.Truncate(origLen)
+		return scan.err
+	}
+	if start < len(src) {
+		dst.Write(src[start:])
+	}
+	return nil
+}
+
+func newline(dst *bytes.Buffer, prefix, indent string, depth int) {
+	dst.WriteByte('\n')
+	dst.WriteString(prefix)
+	for i := 0; i < depth; i++ {
+		dst.WriteString(indent)
+	}
+}
+
+// Indent appends to dst an indented form of the JSON-encoded src.
+// Each element in a JSON object or array begins on a new,
+// indented line beginning with prefix followed by one or more
+// copies of indent according to the indentation nesting.
+// The data appended to dst does not begin with the prefix nor
+// any indentation, to make it easier to embed inside other formatted JSON data.
+// Although leading space characters (space, tab, carriage return, newline)
+// at the beginning of src are dropped, trailing space characters
+// at the end of src are preserved and copied to dst.
+// For example, if src has no trailing spaces, neither will dst;
+// if src ends in a trailing newline, so will dst.
+func Indent(dst *bytes.Buffer, src []byte, prefix, indent string) error {
+	origLen := dst.Len()
+	var scan scanner
+	scan.reset()
+	needIndent := false
+	depth := 0
+	for _, c := range src {
+		scan.bytes++
+		v := scan.step(&scan, c)
+		if v == scanSkipSpace {
+			continue
+		}
+		if v == scanError {
+			break
+		}
+		if needIndent && v != scanEndObject && v != scanEndArray {
+			needIndent = false
+			depth++
+			newline(dst, prefix, indent, depth)
+		}
+
+		// Emit semantically uninteresting bytes
+		// (in particular, punctuation in strings) unmodified.
+		if v == scanContinue {
+			dst.WriteByte(c)
+			continue
+		}
+
+		// Add spacing around real punctuation.
+		switch c {
+		case '{', '[':
+			// delay indent so that empty object and array are formatted as {} and [].
+			needIndent = true
+			dst.WriteByte(c)
+
+		case ',':
+			dst.WriteByte(c)
+			newline(dst, prefix, indent, depth)
+
+		case ':':
+			dst.WriteByte(c)
+			dst.WriteByte(' ')
+
+		case '}', ']':
+			if needIndent {
+				// suppress indent in empty object/array
+				needIndent = false
+			} else {
+				depth--
+				newline(dst, prefix, indent, depth)
+			}
+			dst.WriteByte(c)
+
+		default:
+			dst.WriteByte(c)
+		}
+	}
+	if scan.eof() == scanError {
+		dst.Truncate(origLen)
+		return scan.err
+	}
+	return nil
+}
diff --git a/vendor/gopkg.in/go-jose/go-jose.v2/json/scanner.go b/vendor/gopkg.in/go-jose/go-jose.v2/json/scanner.go
new file mode 100644
index 000000000..ee6622e8c
--- /dev/null
+++ b/vendor/gopkg.in/go-jose/go-jose.v2/json/scanner.go
@@ -0,0 +1,623 @@
+// Copyright 2010 The Go Authors.  All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package json
+
+// JSON value parser state machine.
+// Just about at the limit of what is reasonable to write by hand.
+// Some parts are a bit tedious, but overall it nicely factors out the
+// otherwise common code from the multiple scanning functions
+// in this package (Compact, Indent, checkValid, nextValue, etc).
+//
+// This file starts with two simple examples using the scanner
+// before diving into the scanner itself.
+
+import "strconv"
+
+// checkValid verifies that data is valid JSON-encoded data.
+// scan is passed in for use by checkValid to avoid an allocation.
+func checkValid(data []byte, scan *scanner) error {
+	scan.reset()
+	for _, c := range data {
+		scan.bytes++
+		if scan.step(scan, c) == scanError {
+			return scan.err
+		}
+	}
+	if scan.eof() == scanError {
+		return scan.err
+	}
+	return nil
+}
+
+// nextValue splits data after the next whole JSON value,
+// returning that value and the bytes that follow it as separate slices.
+// scan is passed in for use by nextValue to avoid an allocation.
+func nextValue(data []byte, scan *scanner) (value, rest []byte, err error) {
+	scan.reset()
+	for i, c := range data {
+		v := scan.step(scan, c)
+		if v >= scanEndObject {
+			switch v {
+			// probe the scanner with a space to determine whether we will
+			// get scanEnd on the next character. Otherwise, if the next character
+			// is not a space, scanEndTop allocates a needless error.
+			case scanEndObject, scanEndArray:
+				if scan.step(scan, ' ') == scanEnd {
+					return data[:i+1], data[i+1:], nil
+				}
+			case scanError:
+				return nil, nil, scan.err
+			case scanEnd:
+				return data[:i], data[i:], nil
+			}
+		}
+	}
+	if scan.eof() == scanError {
+		return nil, nil, scan.err
+	}
+	return data, nil, nil
+}
+
+// A SyntaxError is a description of a JSON syntax error.
+type SyntaxError struct {
+	msg    string // description of error
+	Offset int64  // error occurred after reading Offset bytes
+}
+
+func (e *SyntaxError) Error() string { return e.msg }
+
+// A scanner is a JSON scanning state machine.
+// Callers call scan.reset() and then pass bytes in one at a time
+// by calling scan.step(&scan, c) for each byte.
+// The return value, referred to as an opcode, tells the
+// caller about significant parsing events like beginning
+// and ending literals, objects, and arrays, so that the
+// caller can follow along if it wishes.
+// The return value scanEnd indicates that a single top-level
+// JSON value has been completed, *before* the byte that
+// just got passed in.  (The indication must be delayed in order
+// to recognize the end of numbers: is 123 a whole value or
+// the beginning of 12345e+6?).
+type scanner struct {
+	// The step is a func to be called to execute the next transition.
+	// Also tried using an integer constant and a single func
+	// with a switch, but using the func directly was 10% faster
+	// on a 64-bit Mac Mini, and it's nicer to read.
+	step func(*scanner, byte) int
+
+	// Reached end of top-level value.
+	endTop bool
+
+	// Stack of what we're in the middle of - array values, object keys, object values.
+	parseState []int
+
+	// Error that happened, if any.
+	err error
+
+	// 1-byte redo (see undo method)
+	redo      bool
+	redoCode  int
+	redoState func(*scanner, byte) int
+
+	// total bytes consumed, updated by decoder.Decode
+	bytes int64
+}
+
+// These values are returned by the state transition functions
+// assigned to scanner.state and the method scanner.eof.
+// They give details about the current state of the scan that
+// callers might be interested to know about.
+// It is okay to ignore the return value of any particular
+// call to scanner.state: if one call returns scanError,
+// every subsequent call will return scanError too.
+const (
+	// Continue.
+	scanContinue     = iota // uninteresting byte
+	scanBeginLiteral        // end implied by next result != scanContinue
+	scanBeginObject         // begin object
+	scanObjectKey           // just finished object key (string)
+	scanObjectValue         // just finished non-last object value
+	scanEndObject           // end object (implies scanObjectValue if possible)
+	scanBeginArray          // begin array
+	scanArrayValue          // just finished array value
+	scanEndArray            // end array (implies scanArrayValue if possible)
+	scanSkipSpace           // space byte; can skip; known to be last "continue" result
+
+	// Stop.
+	scanEnd   // top-level value ended *before* this byte; known to be first "stop" result
+	scanError // hit an error, scanner.err.
+)
+
+// These values are stored in the parseState stack.
+// They give the current state of a composite value
+// being scanned.  If the parser is inside a nested value
+// the parseState describes the nested state, outermost at entry 0.
+const (
+	parseObjectKey   = iota // parsing object key (before colon)
+	parseObjectValue        // parsing object value (after colon)
+	parseArrayValue         // parsing array value
+)
+
+// reset prepares the scanner for use.
+// It must be called before calling s.step.
+func (s *scanner) reset() {
+	s.step = stateBeginValue
+	s.parseState = s.parseState[0:0]
+	s.err = nil
+	s.redo = false
+	s.endTop = false
+}
+
+// eof tells the scanner that the end of input has been reached.
+// It returns a scan status just as s.step does.
+func (s *scanner) eof() int {
+	if s.err != nil {
+		return scanError
+	}
+	if s.endTop {
+		return scanEnd
+	}
+	s.step(s, ' ')
+	if s.endTop {
+		return scanEnd
+	}
+	if s.err == nil {
+		s.err = &SyntaxError{"unexpected end of JSON input", s.bytes}
+	}
+	return scanError
+}
+
+// pushParseState pushes a new parse state p onto the parse stack.
+func (s *scanner) pushParseState(p int) {
+	s.parseState = append(s.parseState, p)
+}
+
+// popParseState pops a parse state (already obtained) off the stack
+// and updates s.step accordingly.
+func (s *scanner) popParseState() {
+	n := len(s.parseState) - 1
+	s.parseState = s.parseState[0:n]
+	s.redo = false
+	if n == 0 {
+		s.step = stateEndTop
+		s.endTop = true
+	} else {
+		s.step = stateEndValue
+	}
+}
+
+func isSpace(c byte) bool {
+	return c == ' ' || c == '\t' || c == '\r' || c == '\n'
+}
+
+// stateBeginValueOrEmpty is the state after reading `[`.
+func stateBeginValueOrEmpty(s *scanner, c byte) int {
+	if c <= ' ' && isSpace(c) {
+		return scanSkipSpace
+	}
+	if c == ']' {
+		return stateEndValue(s, c)
+	}
+	return stateBeginValue(s, c)
+}
+
+// stateBeginValue is the state at the beginning of the input.
+func stateBeginValue(s *scanner, c byte) int {
+	if c <= ' ' && isSpace(c) {
+		return scanSkipSpace
+	}
+	switch c {
+	case '{':
+		s.step = stateBeginStringOrEmpty
+		s.pushParseState(parseObjectKey)
+		return scanBeginObject
+	case '[':
+		s.step = stateBeginValueOrEmpty
+		s.pushParseState(parseArrayValue)
+		return scanBeginArray
+	case '"':
+		s.step = stateInString
+		return scanBeginLiteral
+	case '-':
+		s.step = stateNeg
+		return scanBeginLiteral
+	case '0': // beginning of 0.123
+		s.step = state0
+		return scanBeginLiteral
+	case 't': // beginning of true
+		s.step = stateT
+		return scanBeginLiteral
+	case 'f': // beginning of false
+		s.step = stateF
+		return scanBeginLiteral
+	case 'n': // beginning of null
+		s.step = stateN
+		return scanBeginLiteral
+	}
+	if '1' <= c && c <= '9' { // beginning of 1234.5
+		s.step = state1
+		return scanBeginLiteral
+	}
+	return s.error(c, "looking for beginning of value")
+}
+
+// stateBeginStringOrEmpty is the state after reading `{`.
+func stateBeginStringOrEmpty(s *scanner, c byte) int {
+	if c <= ' ' && isSpace(c) {
+		return scanSkipSpace
+	}
+	if c == '}' {
+		n := len(s.parseState)
+		s.parseState[n-1] = parseObjectValue
+		return stateEndValue(s, c)
+	}
+	return stateBeginString(s, c)
+}
+
+// stateBeginString is the state after reading `{"key": value,`.
+func stateBeginString(s *scanner, c byte) int {
+	if c <= ' ' && isSpace(c) {
+		return scanSkipSpace
+	}
+	if c == '"' {
+		s.step = stateInString
+		return scanBeginLiteral
+	}
+	return s.error(c, "looking for beginning of object key string")
+}
+
+// stateEndValue is the state after completing a value,
+// such as after reading `{}` or `true` or `["x"`.
+func stateEndValue(s *scanner, c byte) int {
+	n := len(s.parseState)
+	if n == 0 {
+		// Completed top-level before the current byte.
+		s.step = stateEndTop
+		s.endTop = true
+		return stateEndTop(s, c)
+	}
+	if c <= ' ' && isSpace(c) {
+		s.step = stateEndValue
+		return scanSkipSpace
+	}
+	ps := s.parseState[n-1]
+	switch ps {
+	case parseObjectKey:
+		if c == ':' {
+			s.parseState[n-1] = parseObjectValue
+			s.step = stateBeginValue
+			return scanObjectKey
+		}
+		return s.error(c, "after object key")
+	case parseObjectValue:
+		if c == ',' {
+			s.parseState[n-1] = parseObjectKey
+			s.step = stateBeginString
+			return scanObjectValue
+		}
+		if c == '}' {
+			s.popParseState()
+			return scanEndObject
+		}
+		return s.error(c, "after object key:value pair")
+	case parseArrayValue:
+		if c == ',' {
+			s.step = stateBeginValue
+			return scanArrayValue
+		}
+		if c == ']' {
+			s.popParseState()
+			return scanEndArray
+		}
+		return s.error(c, "after array element")
+	}
+	return s.error(c, "")
+}
+
+// stateEndTop is the state after finishing the top-level value,
+// such as after reading `{}` or `[1,2,3]`.
+// Only space characters should be seen now.
+func stateEndTop(s *scanner, c byte) int {
+	if c != ' ' && c != '\t' && c != '\r' && c != '\n' {
+		// Complain about non-space byte on next call.
+		s.error(c, "after top-level value")
+	}
+	return scanEnd
+}
+
+// stateInString is the state after reading `"`.
+func stateInString(s *scanner, c byte) int {
+	if c == '"' {
+		s.step = stateEndValue
+		return scanContinue
+	}
+	if c == '\\' {
+		s.step = stateInStringEsc
+		return scanContinue
+	}
+	if c < 0x20 {
+		return s.error(c, "in string literal")
+	}
+	return scanContinue
+}
+
+// stateInStringEsc is the state after reading `"\` during a quoted string.
+func stateInStringEsc(s *scanner, c byte) int {
+	switch c {
+	case 'b', 'f', 'n', 'r', 't', '\\', '/', '"':
+		s.step = stateInString
+		return scanContinue
+	case 'u':
+		s.step = stateInStringEscU
+		return scanContinue
+	}
+	return s.error(c, "in string escape code")
+}
+
+// stateInStringEscU is the state after reading `"\u` during a quoted string.
+func stateInStringEscU(s *scanner, c byte) int {
+	if '0' <= c && c <= '9' || 'a' <= c && c <= 'f' || 'A' <= c && c <= 'F' {
+		s.step = stateInStringEscU1
+		return scanContinue
+	}
+	// numbers
+	return s.error(c, "in \\u hexadecimal character escape")
+}
+
+// stateInStringEscU1 is the state after reading `"\u1` during a quoted string.
+func stateInStringEscU1(s *scanner, c byte) int {
+	if '0' <= c && c <= '9' || 'a' <= c && c <= 'f' || 'A' <= c && c <= 'F' {
+		s.step = stateInStringEscU12
+		return scanContinue
+	}
+	// numbers
+	return s.error(c, "in \\u hexadecimal character escape")
+}
+
+// stateInStringEscU12 is the state after reading `"\u12` during a quoted string.
+func stateInStringEscU12(s *scanner, c byte) int {
+	if '0' <= c && c <= '9' || 'a' <= c && c <= 'f' || 'A' <= c && c <= 'F' {
+		s.step = stateInStringEscU123
+		return scanContinue
+	}
+	// numbers
+	return s.error(c, "in \\u hexadecimal character escape")
+}
+
+// stateInStringEscU123 is the state after reading `"\u123` during a quoted string.
+func stateInStringEscU123(s *scanner, c byte) int {
+	if '0' <= c && c <= '9' || 'a' <= c && c <= 'f' || 'A' <= c && c <= 'F' {
+		s.step = stateInString
+		return scanContinue
+	}
+	// numbers
+	return s.error(c, "in \\u hexadecimal character escape")
+}
+
+// stateNeg is the state after reading `-` during a number.
+func stateNeg(s *scanner, c byte) int {
+	if c == '0' {
+		s.step = state0
+		return scanContinue
+	}
+	if '1' <= c && c <= '9' {
+		s.step = state1
+		return scanContinue
+	}
+	return s.error(c, "in numeric literal")
+}
+
+// state1 is the state after reading a non-zero integer during a number,
+// such as after reading `1` or `100` but not `0`.
+func state1(s *scanner, c byte) int {
+	if '0' <= c && c <= '9' {
+		s.step = state1
+		return scanContinue
+	}
+	return state0(s, c)
+}
+
+// state0 is the state after reading `0` during a number.
+func state0(s *scanner, c byte) int {
+	if c == '.' {
+		s.step = stateDot
+		return scanContinue
+	}
+	if c == 'e' || c == 'E' {
+		s.step = stateE
+		return scanContinue
+	}
+	return stateEndValue(s, c)
+}
+
+// stateDot is the state after reading the integer and decimal point in a number,
+// such as after reading `1.`.
+func stateDot(s *scanner, c byte) int {
+	if '0' <= c && c <= '9' {
+		s.step = stateDot0
+		return scanContinue
+	}
+	return s.error(c, "after decimal point in numeric literal")
+}
+
+// stateDot0 is the state after reading the integer, decimal point, and subsequent
+// digits of a number, such as after reading `3.14`.
+func stateDot0(s *scanner, c byte) int {
+	if '0' <= c && c <= '9' {
+		return scanContinue
+	}
+	if c == 'e' || c == 'E' {
+		s.step = stateE
+		return scanContinue
+	}
+	return stateEndValue(s, c)
+}
+
+// stateE is the state after reading the mantissa and e in a number,
+// such as after reading `314e` or `0.314e`.
+func stateE(s *scanner, c byte) int {
+	if c == '+' || c == '-' {
+		s.step = stateESign
+		return scanContinue
+	}
+	return stateESign(s, c)
+}
+
+// stateESign is the state after reading the mantissa, e, and sign in a number,
+// such as after reading `314e-` or `0.314e+`.
+func stateESign(s *scanner, c byte) int {
+	if '0' <= c && c <= '9' {
+		s.step = stateE0
+		return scanContinue
+	}
+	return s.error(c, "in exponent of numeric literal")
+}
+
+// stateE0 is the state after reading the mantissa, e, optional sign,
+// and at least one digit of the exponent in a number,
+// such as after reading `314e-2` or `0.314e+1` or `3.14e0`.
+func stateE0(s *scanner, c byte) int {
+	if '0' <= c && c <= '9' {
+		return scanContinue
+	}
+	return stateEndValue(s, c)
+}
+
+// stateT is the state after reading `t`.
+func stateT(s *scanner, c byte) int {
+	if c == 'r' {
+		s.step = stateTr
+		return scanContinue
+	}
+	return s.error(c, "in literal true (expecting 'r')")
+}
+
+// stateTr is the state after reading `tr`.
+func stateTr(s *scanner, c byte) int {
+	if c == 'u' {
+		s.step = stateTru
+		return scanContinue
+	}
+	return s.error(c, "in literal true (expecting 'u')")
+}
+
+// stateTru is the state after reading `tru`.
+func stateTru(s *scanner, c byte) int {
+	if c == 'e' {
+		s.step = stateEndValue
+		return scanContinue
+	}
+	return s.error(c, "in literal true (expecting 'e')")
+}
+
+// stateF is the state after reading `f`.
+func stateF(s *scanner, c byte) int {
+	if c == 'a' {
+		s.step = stateFa
+		return scanContinue
+	}
+	return s.error(c, "in literal false (expecting 'a')")
+}
+
+// stateFa is the state after reading `fa`.
+func stateFa(s *scanner, c byte) int {
+	if c == 'l' {
+		s.step = stateFal
+		return scanContinue
+	}
+	return s.error(c, "in literal false (expecting 'l')")
+}
+
+// stateFal is the state after reading `fal`.
+func stateFal(s *scanner, c byte) int {
+	if c == 's' {
+		s.step = stateFals
+		return scanContinue
+	}
+	return s.error(c, "in literal false (expecting 's')")
+}
+
+// stateFals is the state after reading `fals`.
+func stateFals(s *scanner, c byte) int {
+	if c == 'e' {
+		s.step = stateEndValue
+		return scanContinue
+	}
+	return s.error(c, "in literal false (expecting 'e')")
+}
+
+// stateN is the state after reading `n`.
+func stateN(s *scanner, c byte) int {
+	if c == 'u' {
+		s.step = stateNu
+		return scanContinue
+	}
+	return s.error(c, "in literal null (expecting 'u')")
+}
+
+// stateNu is the state after reading `nu`.
+func stateNu(s *scanner, c byte) int {
+	if c == 'l' {
+		s.step = stateNul
+		return scanContinue
+	}
+	return s.error(c, "in literal null (expecting 'l')")
+}
+
+// stateNul is the state after reading `nul`.
+func stateNul(s *scanner, c byte) int {
+	if c == 'l' {
+		s.step = stateEndValue
+		return scanContinue
+	}
+	return s.error(c, "in literal null (expecting 'l')")
+}
+
+// stateError is the state after reaching a syntax error,
+// such as after reading `[1}` or `5.1.2`.
+func stateError(s *scanner, c byte) int {
+	return scanError
+}
+
+// error records an error and switches to the error state.
+func (s *scanner) error(c byte, context string) int {
+	s.step = stateError
+	s.err = &SyntaxError{"invalid character " + quoteChar(c) + " " + context, s.bytes}
+	return scanError
+}
+
+// quoteChar formats c as a quoted character literal
+func quoteChar(c byte) string {
+	// special cases - different from quoted strings
+	if c == '\'' {
+		return `'\''`
+	}
+	if c == '"' {
+		return `'"'`
+	}
+
+	// use quoted string with different quotation marks
+	s := strconv.Quote(string(c))
+	return "'" + s[1:len(s)-1] + "'"
+}
+
+// undo causes the scanner to return scanCode from the next state transition.
+// This gives callers a simple 1-byte undo mechanism.
+func (s *scanner) undo(scanCode int) {
+	if s.redo {
+		panic("json: invalid use of scanner")
+	}
+	s.redoCode = scanCode
+	s.redoState = s.step
+	s.step = stateRedo
+	s.redo = true
+}
+
+// stateRedo helps implement the scanner's 1-byte undo.
+func stateRedo(s *scanner, c byte) int {
+	s.redo = false
+	s.step = s.redoState
+	return s.redoCode
+}
diff --git a/vendor/gopkg.in/go-jose/go-jose.v2/json/stream.go b/vendor/gopkg.in/go-jose/go-jose.v2/json/stream.go
new file mode 100644
index 000000000..9b2b926b0
--- /dev/null
+++ b/vendor/gopkg.in/go-jose/go-jose.v2/json/stream.go
@@ -0,0 +1,485 @@
+// Copyright 2010 The Go Authors.  All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package json
+
+import (
+	"bytes"
+	"errors"
+	"io"
+)
+
+// A Decoder reads and decodes JSON objects from an input stream.
+type Decoder struct {
+	r     io.Reader
+	buf   []byte
+	d     decodeState
+	scanp int // start of unread data in buf
+	scan  scanner
+	err   error
+
+	tokenState int
+	tokenStack []int
+}
+
+// NewDecoder returns a new decoder that reads from r.
+//
+// The decoder introduces its own buffering and may
+// read data from r beyond the JSON values requested.
+func NewDecoder(r io.Reader) *Decoder {
+	return &Decoder{r: r}
+}
+
+// Deprecated: Use `SetNumberType` instead
+// UseNumber causes the Decoder to unmarshal a number into an interface{} as a
+// Number instead of as a float64.
+func (dec *Decoder) UseNumber() { dec.d.numberType = UnmarshalJSONNumber }
+
+// SetNumberType causes the Decoder to unmarshal a number into an interface{} as a
+// Number, float64 or int64 depending on `t` enum value.
+func (dec *Decoder) SetNumberType(t NumberUnmarshalType) { dec.d.numberType = t }
+
+// Decode reads the next JSON-encoded value from its
+// input and stores it in the value pointed to by v.
+//
+// See the documentation for Unmarshal for details about
+// the conversion of JSON into a Go value.
+func (dec *Decoder) Decode(v interface{}) error {
+	if dec.err != nil {
+		return dec.err
+	}
+
+	if err := dec.tokenPrepareForDecode(); err != nil {
+		return err
+	}
+
+	if !dec.tokenValueAllowed() {
+		return &SyntaxError{msg: "not at beginning of value"}
+	}
+
+	// Read whole value into buffer.
+	n, err := dec.readValue()
+	if err != nil {
+		return err
+	}
+	dec.d.init(dec.buf[dec.scanp : dec.scanp+n])
+	dec.scanp += n
+
+	// Don't save err from unmarshal into dec.err:
+	// the connection is still usable since we read a complete JSON
+	// object from it before the error happened.
+	err = dec.d.unmarshal(v)
+
+	// fixup token streaming state
+	dec.tokenValueEnd()
+
+	return err
+}
+
+// Buffered returns a reader of the data remaining in the Decoder's
+// buffer. The reader is valid until the next call to Decode.
+func (dec *Decoder) Buffered() io.Reader {
+	return bytes.NewReader(dec.buf[dec.scanp:])
+}
+
+// readValue reads a JSON value into dec.buf.
+// It returns the length of the encoding.
+func (dec *Decoder) readValue() (int, error) {
+	dec.scan.reset()
+
+	scanp := dec.scanp
+	var err error
+Input:
+	for {
+		// Look in the buffer for a new value.
+		for i, c := range dec.buf[scanp:] {
+			dec.scan.bytes++
+			v := dec.scan.step(&dec.scan, c)
+			if v == scanEnd {
+				scanp += i
+				break Input
+			}
+			// scanEnd is delayed one byte.
+			// We might block trying to get that byte from src,
+			// so instead invent a space byte.
+			if (v == scanEndObject || v == scanEndArray) && dec.scan.step(&dec.scan, ' ') == scanEnd {
+				scanp += i + 1
+				break Input
+			}
+			if v == scanError {
+				dec.err = dec.scan.err
+				return 0, dec.scan.err
+			}
+		}
+		scanp = len(dec.buf)
+
+		// Did the last read have an error?
+		// Delayed until now to allow buffer scan.
+		if err != nil {
+			if err == io.EOF {
+				if dec.scan.step(&dec.scan, ' ') == scanEnd {
+					break Input
+				}
+				if nonSpace(dec.buf) {
+					err = io.ErrUnexpectedEOF
+				}
+			}
+			dec.err = err
+			return 0, err
+		}
+
+		n := scanp - dec.scanp
+		err = dec.refill()
+		scanp = dec.scanp + n
+	}
+	return scanp - dec.scanp, nil
+}
+
+func (dec *Decoder) refill() error {
+	// Make room to read more into the buffer.
+	// First slide down data already consumed.
+	if dec.scanp > 0 {
+		n := copy(dec.buf, dec.buf[dec.scanp:])
+		dec.buf = dec.buf[:n]
+		dec.scanp = 0
+	}
+
+	// Grow buffer if not large enough.
+	const minRead = 512
+	if cap(dec.buf)-len(dec.buf) < minRead {
+		newBuf := make([]byte, len(dec.buf), 2*cap(dec.buf)+minRead)
+		copy(newBuf, dec.buf)
+		dec.buf = newBuf
+	}
+
+	// Read.  Delay error for next iteration (after scan).
+	n, err := dec.r.Read(dec.buf[len(dec.buf):cap(dec.buf)])
+	dec.buf = dec.buf[0 : len(dec.buf)+n]
+
+	return err
+}
+
+func nonSpace(b []byte) bool {
+	for _, c := range b {
+		if !isSpace(c) {
+			return true
+		}
+	}
+	return false
+}
+
+// An Encoder writes JSON objects to an output stream.
+type Encoder struct {
+	w   io.Writer
+	err error
+}
+
+// NewEncoder returns a new encoder that writes to w.
+func NewEncoder(w io.Writer) *Encoder {
+	return &Encoder{w: w}
+}
+
+// Encode writes the JSON encoding of v to the stream,
+// followed by a newline character.
+//
+// See the documentation for Marshal for details about the
+// conversion of Go values to JSON.
+func (enc *Encoder) Encode(v interface{}) error {
+	if enc.err != nil {
+		return enc.err
+	}
+	e := newEncodeState()
+	err := e.marshal(v)
+	if err != nil {
+		return err
+	}
+
+	// Terminate each value with a newline.
+	// This makes the output look a little nicer
+	// when debugging, and some kind of space
+	// is required if the encoded value was a number,
+	// so that the reader knows there aren't more
+	// digits coming.
+	e.WriteByte('\n')
+
+	if _, err = enc.w.Write(e.Bytes()); err != nil {
+		enc.err = err
+	}
+	encodeStatePool.Put(e)
+	return err
+}
+
+// RawMessage is a raw encoded JSON object.
+// It implements Marshaler and Unmarshaler and can
+// be used to delay JSON decoding or precompute a JSON encoding.
+type RawMessage []byte
+
+// MarshalJSON returns *m as the JSON encoding of m.
+func (m *RawMessage) MarshalJSON() ([]byte, error) {
+	return *m, nil
+}
+
+// UnmarshalJSON sets *m to a copy of data.
+func (m *RawMessage) UnmarshalJSON(data []byte) error {
+	if m == nil {
+		return errors.New("json.RawMessage: UnmarshalJSON on nil pointer")
+	}
+	*m = append((*m)[0:0], data...)
+	return nil
+}
+
+var _ Marshaler = (*RawMessage)(nil)
+var _ Unmarshaler = (*RawMessage)(nil)
+
+// A Token holds a value of one of these types:
+//
+//	Delim, for the four JSON delimiters [ ] { }
+//	bool, for JSON booleans
+//	float64, for JSON numbers
+//	Number, for JSON numbers
+//	string, for JSON string literals
+//	nil, for JSON null
+//
+type Token interface{}
+
+const (
+	tokenTopValue = iota
+	tokenArrayStart
+	tokenArrayValue
+	tokenArrayComma
+	tokenObjectStart
+	tokenObjectKey
+	tokenObjectColon
+	tokenObjectValue
+	tokenObjectComma
+)
+
+// advance tokenstate from a separator state to a value state
+func (dec *Decoder) tokenPrepareForDecode() error {
+	// Note: Not calling peek before switch, to avoid
+	// putting peek into the standard Decode path.
+	// peek is only called when using the Token API.
+	switch dec.tokenState {
+	case tokenArrayComma:
+		c, err := dec.peek()
+		if err != nil {
+			return err
+		}
+		if c != ',' {
+			return &SyntaxError{"expected comma after array element", 0}
+		}
+		dec.scanp++
+		dec.tokenState = tokenArrayValue
+	case tokenObjectColon:
+		c, err := dec.peek()
+		if err != nil {
+			return err
+		}
+		if c != ':' {
+			return &SyntaxError{"expected colon after object key", 0}
+		}
+		dec.scanp++
+		dec.tokenState = tokenObjectValue
+	}
+	return nil
+}
+
+func (dec *Decoder) tokenValueAllowed() bool {
+	switch dec.tokenState {
+	case tokenTopValue, tokenArrayStart, tokenArrayValue, tokenObjectValue:
+		return true
+	}
+	return false
+}
+
+func (dec *Decoder) tokenValueEnd() {
+	switch dec.tokenState {
+	case tokenArrayStart, tokenArrayValue:
+		dec.tokenState = tokenArrayComma
+	case tokenObjectValue:
+		dec.tokenState = tokenObjectComma
+	}
+}
+
+// A Delim is a JSON array or object delimiter, one of [ ] { or }.
+type Delim rune
+
+func (d Delim) String() string {
+	return string(d)
+}
+
+// Token returns the next JSON token in the input stream.
+// At the end of the input stream, Token returns nil, io.EOF.
+//
+// Token guarantees that the delimiters [ ] { } it returns are
+// properly nested and matched: if Token encounters an unexpected
+// delimiter in the input, it will return an error.
+//
+// The input stream consists of basic JSON values—bool, string,
+// number, and null—along with delimiters [ ] { } of type Delim
+// to mark the start and end of arrays and objects.
+// Commas and colons are elided.
+func (dec *Decoder) Token() (Token, error) {
+	for {
+		c, err := dec.peek()
+		if err != nil {
+			return nil, err
+		}
+		switch c {
+		case '[':
+			if !dec.tokenValueAllowed() {
+				return dec.tokenError(c)
+			}
+			dec.scanp++
+			dec.tokenStack = append(dec.tokenStack, dec.tokenState)
+			dec.tokenState = tokenArrayStart
+			return Delim('['), nil
+
+		case ']':
+			if dec.tokenState != tokenArrayStart && dec.tokenState != tokenArrayComma {
+				return dec.tokenError(c)
+			}
+			dec.scanp++
+			dec.tokenState = dec.tokenStack[len(dec.tokenStack)-1]
+			dec.tokenStack = dec.tokenStack[:len(dec.tokenStack)-1]
+			dec.tokenValueEnd()
+			return Delim(']'), nil
+
+		case '{':
+			if !dec.tokenValueAllowed() {
+				return dec.tokenError(c)
+			}
+			dec.scanp++
+			dec.tokenStack = append(dec.tokenStack, dec.tokenState)
+			dec.tokenState = tokenObjectStart
+			return Delim('{'), nil
+
+		case '}':
+			if dec.tokenState != tokenObjectStart && dec.tokenState != tokenObjectComma {
+				return dec.tokenError(c)
+			}
+			dec.scanp++
+			dec.tokenState = dec.tokenStack[len(dec.tokenStack)-1]
+			dec.tokenStack = dec.tokenStack[:len(dec.tokenStack)-1]
+			dec.tokenValueEnd()
+			return Delim('}'), nil
+
+		case ':':
+			if dec.tokenState != tokenObjectColon {
+				return dec.tokenError(c)
+			}
+			dec.scanp++
+			dec.tokenState = tokenObjectValue
+			continue
+
+		case ',':
+			if dec.tokenState == tokenArrayComma {
+				dec.scanp++
+				dec.tokenState = tokenArrayValue
+				continue
+			}
+			if dec.tokenState == tokenObjectComma {
+				dec.scanp++
+				dec.tokenState = tokenObjectKey
+				continue
+			}
+			return dec.tokenError(c)
+
+		case '"':
+			if dec.tokenState == tokenObjectStart || dec.tokenState == tokenObjectKey {
+				var x string
+				old := dec.tokenState
+				dec.tokenState = tokenTopValue
+				err := dec.Decode(&x)
+				dec.tokenState = old
+				if err != nil {
+					clearOffset(err)
+					return nil, err
+				}
+				dec.tokenState = tokenObjectColon
+				return x, nil
+			}
+			fallthrough
+
+		default:
+			if !dec.tokenValueAllowed() {
+				return dec.tokenError(c)
+			}
+			var x interface{}
+			if err := dec.Decode(&x); err != nil {
+				clearOffset(err)
+				return nil, err
+			}
+			return x, nil
+		}
+	}
+}
+
+func clearOffset(err error) {
+	if s, ok := err.(*SyntaxError); ok {
+		s.Offset = 0
+	}
+}
+
+func (dec *Decoder) tokenError(c byte) (Token, error) {
+	var context string
+	switch dec.tokenState {
+	case tokenTopValue:
+		context = " looking for beginning of value"
+	case tokenArrayStart, tokenArrayValue, tokenObjectValue:
+		context = " looking for beginning of value"
+	case tokenArrayComma:
+		context = " after array element"
+	case tokenObjectKey:
+		context = " looking for beginning of object key string"
+	case tokenObjectColon:
+		context = " after object key"
+	case tokenObjectComma:
+		context = " after object key:value pair"
+	}
+	return nil, &SyntaxError{"invalid character " + quoteChar(c) + " " + context, 0}
+}
+
+// More reports whether there is another element in the
+// current array or object being parsed.
+func (dec *Decoder) More() bool {
+	c, err := dec.peek()
+	return err == nil && c != ']' && c != '}'
+}
+
+func (dec *Decoder) peek() (byte, error) {
+	var err error
+	for {
+		for i := dec.scanp; i < len(dec.buf); i++ {
+			c := dec.buf[i]
+			if isSpace(c) {
+				continue
+			}
+			dec.scanp = i
+			return c, nil
+		}
+		// buffer has been scanned, now report any error
+		if err != nil {
+			return 0, err
+		}
+		err = dec.refill()
+	}
+}
+
+/*
+TODO
+
+// EncodeToken writes the given JSON token to the stream.
+// It returns an error if the delimiters [ ] { } are not properly used.
+//
+// EncodeToken does not call Flush, because usually it is part of
+// a larger operation such as Encode, and those will call Flush when finished.
+// Callers that create an Encoder and then invoke EncodeToken directly,
+// without using Encode, need to call Flush when finished to ensure that
+// the JSON is written to the underlying writer.
+func (e *Encoder) EncodeToken(t Token) error  {
+	...
+}
+
+*/
diff --git a/vendor/gopkg.in/go-jose/go-jose.v2/json/tags.go b/vendor/gopkg.in/go-jose/go-jose.v2/json/tags.go
new file mode 100644
index 000000000..c38fd5102
--- /dev/null
+++ b/vendor/gopkg.in/go-jose/go-jose.v2/json/tags.go
@@ -0,0 +1,44 @@
+// Copyright 2011 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package json
+
+import (
+	"strings"
+)
+
+// tagOptions is the string following a comma in a struct field's "json"
+// tag, or the empty string. It does not include the leading comma.
+type tagOptions string
+
+// parseTag splits a struct field's json tag into its name and
+// comma-separated options.
+func parseTag(tag string) (string, tagOptions) {
+	if idx := strings.Index(tag, ","); idx != -1 {
+		return tag[:idx], tagOptions(tag[idx+1:])
+	}
+	return tag, tagOptions("")
+}
+
+// Contains reports whether a comma-separated list of options
+// contains a particular substr flag. substr must be surrounded by a
+// string boundary or commas.
+func (o tagOptions) Contains(optionName string) bool {
+	if len(o) == 0 {
+		return false
+	}
+	s := string(o)
+	for s != "" {
+		var next string
+		i := strings.Index(s, ",")
+		if i >= 0 {
+			s, next = s[:i], s[i+1:]
+		}
+		if s == optionName {
+			return true
+		}
+		s = next
+	}
+	return false
+}
diff --git a/vendor/gopkg.in/go-jose/go-jose.v2/jwe.go b/vendor/gopkg.in/go-jose/go-jose.v2/jwe.go
new file mode 100644
index 000000000..a8966ab8e
--- /dev/null
+++ b/vendor/gopkg.in/go-jose/go-jose.v2/jwe.go
@@ -0,0 +1,294 @@
+/*-
+ * Copyright 2014 Square Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package jose
+
+import (
+	"encoding/base64"
+	"fmt"
+	"strings"
+
+	"gopkg.in/go-jose/go-jose.v2/json"
+)
+
+// rawJSONWebEncryption represents a raw JWE JSON object. Used for parsing/serializing.
+type rawJSONWebEncryption struct {
+	Protected    *byteBuffer        `json:"protected,omitempty"`
+	Unprotected  *rawHeader         `json:"unprotected,omitempty"`
+	Header       *rawHeader         `json:"header,omitempty"`
+	Recipients   []rawRecipientInfo `json:"recipients,omitempty"`
+	Aad          *byteBuffer        `json:"aad,omitempty"`
+	EncryptedKey *byteBuffer        `json:"encrypted_key,omitempty"`
+	Iv           *byteBuffer        `json:"iv,omitempty"`
+	Ciphertext   *byteBuffer        `json:"ciphertext,omitempty"`
+	Tag          *byteBuffer        `json:"tag,omitempty"`
+}
+
+// rawRecipientInfo represents a raw JWE Per-Recipient header JSON object. Used for parsing/serializing.
+type rawRecipientInfo struct {
+	Header       *rawHeader `json:"header,omitempty"`
+	EncryptedKey string     `json:"encrypted_key,omitempty"`
+}
+
+// JSONWebEncryption represents an encrypted JWE object after parsing.
+type JSONWebEncryption struct {
+	Header                   Header
+	protected, unprotected   *rawHeader
+	recipients               []recipientInfo
+	aad, iv, ciphertext, tag []byte
+	original                 *rawJSONWebEncryption
+}
+
+// recipientInfo represents a raw JWE Per-Recipient header JSON object after parsing.
+type recipientInfo struct {
+	header       *rawHeader
+	encryptedKey []byte
+}
+
+// GetAuthData retrieves the (optional) authenticated data attached to the object.
+func (obj JSONWebEncryption) GetAuthData() []byte {
+	if obj.aad != nil {
+		out := make([]byte, len(obj.aad))
+		copy(out, obj.aad)
+		return out
+	}
+
+	return nil
+}
+
+// Get the merged header values
+func (obj JSONWebEncryption) mergedHeaders(recipient *recipientInfo) rawHeader {
+	out := rawHeader{}
+	out.merge(obj.protected)
+	out.merge(obj.unprotected)
+
+	if recipient != nil {
+		out.merge(recipient.header)
+	}
+
+	return out
+}
+
+// Get the additional authenticated data from a JWE object.
+func (obj JSONWebEncryption) computeAuthData() []byte {
+	var protected string
+
+	if obj.original != nil && obj.original.Protected != nil {
+		protected = obj.original.Protected.base64()
+	} else if obj.protected != nil {
+		protected = base64.RawURLEncoding.EncodeToString(mustSerializeJSON((obj.protected)))
+	} else {
+		protected = ""
+	}
+
+	output := []byte(protected)
+	if obj.aad != nil {
+		output = append(output, '.')
+		output = append(output, []byte(base64.RawURLEncoding.EncodeToString(obj.aad))...)
+	}
+
+	return output
+}
+
+// ParseEncrypted parses an encrypted message in compact or full serialization format.
+func ParseEncrypted(input string) (*JSONWebEncryption, error) {
+	input = stripWhitespace(input)
+	if strings.HasPrefix(input, "{") {
+		return parseEncryptedFull(input)
+	}
+
+	return parseEncryptedCompact(input)
+}
+
+// parseEncryptedFull parses a message in compact format.
+func parseEncryptedFull(input string) (*JSONWebEncryption, error) {
+	var parsed rawJSONWebEncryption
+	err := json.Unmarshal([]byte(input), &parsed)
+	if err != nil {
+		return nil, err
+	}
+
+	return parsed.sanitized()
+}
+
+// sanitized produces a cleaned-up JWE object from the raw JSON.
+func (parsed *rawJSONWebEncryption) sanitized() (*JSONWebEncryption, error) {
+	obj := &JSONWebEncryption{
+		original:    parsed,
+		unprotected: parsed.Unprotected,
+	}
+
+	// Check that there is not a nonce in the unprotected headers
+	if parsed.Unprotected != nil {
+		if nonce := parsed.Unprotected.getNonce(); nonce != "" {
+			return nil, ErrUnprotectedNonce
+		}
+	}
+	if parsed.Header != nil {
+		if nonce := parsed.Header.getNonce(); nonce != "" {
+			return nil, ErrUnprotectedNonce
+		}
+	}
+
+	if parsed.Protected != nil && len(parsed.Protected.bytes()) > 0 {
+		err := json.Unmarshal(parsed.Protected.bytes(), &obj.protected)
+		if err != nil {
+			return nil, fmt.Errorf("go-jose/go-jose: invalid protected header: %s, %s", err, parsed.Protected.base64())
+		}
+	}
+
+	// Note: this must be called _after_ we parse the protected header,
+	// otherwise fields from the protected header will not get picked up.
+	var err error
+	mergedHeaders := obj.mergedHeaders(nil)
+	obj.Header, err = mergedHeaders.sanitized()
+	if err != nil {
+		return nil, fmt.Errorf("go-jose/go-jose: cannot sanitize merged headers: %v (%v)", err, mergedHeaders)
+	}
+
+	if len(parsed.Recipients) == 0 {
+		obj.recipients = []recipientInfo{
+			{
+				header:       parsed.Header,
+				encryptedKey: parsed.EncryptedKey.bytes(),
+			},
+		}
+	} else {
+		obj.recipients = make([]recipientInfo, len(parsed.Recipients))
+		for r := range parsed.Recipients {
+			encryptedKey, err := base64.RawURLEncoding.DecodeString(parsed.Recipients[r].EncryptedKey)
+			if err != nil {
+				return nil, err
+			}
+
+			// Check that there is not a nonce in the unprotected header
+			if parsed.Recipients[r].Header != nil && parsed.Recipients[r].Header.getNonce() != "" {
+				return nil, ErrUnprotectedNonce
+			}
+
+			obj.recipients[r].header = parsed.Recipients[r].Header
+			obj.recipients[r].encryptedKey = encryptedKey
+		}
+	}
+
+	for _, recipient := range obj.recipients {
+		headers := obj.mergedHeaders(&recipient)
+		if headers.getAlgorithm() == "" || headers.getEncryption() == "" {
+			return nil, fmt.Errorf("go-jose/go-jose: message is missing alg/enc headers")
+		}
+	}
+
+	obj.iv = parsed.Iv.bytes()
+	obj.ciphertext = parsed.Ciphertext.bytes()
+	obj.tag = parsed.Tag.bytes()
+	obj.aad = parsed.Aad.bytes()
+
+	return obj, nil
+}
+
+// parseEncryptedCompact parses a message in compact format.
+func parseEncryptedCompact(input string) (*JSONWebEncryption, error) {
+	parts := strings.Split(input, ".")
+	if len(parts) != 5 {
+		return nil, fmt.Errorf("go-jose/go-jose: compact JWE format must have five parts")
+	}
+
+	rawProtected, err := base64.RawURLEncoding.DecodeString(parts[0])
+	if err != nil {
+		return nil, err
+	}
+
+	encryptedKey, err := base64.RawURLEncoding.DecodeString(parts[1])
+	if err != nil {
+		return nil, err
+	}
+
+	iv, err := base64.RawURLEncoding.DecodeString(parts[2])
+	if err != nil {
+		return nil, err
+	}
+
+	ciphertext, err := base64.RawURLEncoding.DecodeString(parts[3])
+	if err != nil {
+		return nil, err
+	}
+
+	tag, err := base64.RawURLEncoding.DecodeString(parts[4])
+	if err != nil {
+		return nil, err
+	}
+
+	raw := &rawJSONWebEncryption{
+		Protected:    newBuffer(rawProtected),
+		EncryptedKey: newBuffer(encryptedKey),
+		Iv:           newBuffer(iv),
+		Ciphertext:   newBuffer(ciphertext),
+		Tag:          newBuffer(tag),
+	}
+
+	return raw.sanitized()
+}
+
+// CompactSerialize serializes an object using the compact serialization format.
+func (obj JSONWebEncryption) CompactSerialize() (string, error) {
+	if len(obj.recipients) != 1 || obj.unprotected != nil ||
+		obj.protected == nil || obj.recipients[0].header != nil {
+		return "", ErrNotSupported
+	}
+
+	serializedProtected := mustSerializeJSON(obj.protected)
+
+	return fmt.Sprintf(
+		"%s.%s.%s.%s.%s",
+		base64.RawURLEncoding.EncodeToString(serializedProtected),
+		base64.RawURLEncoding.EncodeToString(obj.recipients[0].encryptedKey),
+		base64.RawURLEncoding.EncodeToString(obj.iv),
+		base64.RawURLEncoding.EncodeToString(obj.ciphertext),
+		base64.RawURLEncoding.EncodeToString(obj.tag)), nil
+}
+
+// FullSerialize serializes an object using the full JSON serialization format.
+func (obj JSONWebEncryption) FullSerialize() string {
+	raw := rawJSONWebEncryption{
+		Unprotected:  obj.unprotected,
+		Iv:           newBuffer(obj.iv),
+		Ciphertext:   newBuffer(obj.ciphertext),
+		EncryptedKey: newBuffer(obj.recipients[0].encryptedKey),
+		Tag:          newBuffer(obj.tag),
+		Aad:          newBuffer(obj.aad),
+		Recipients:   []rawRecipientInfo{},
+	}
+
+	if len(obj.recipients) > 1 {
+		for _, recipient := range obj.recipients {
+			info := rawRecipientInfo{
+				Header:       recipient.header,
+				EncryptedKey: base64.RawURLEncoding.EncodeToString(recipient.encryptedKey),
+			}
+			raw.Recipients = append(raw.Recipients, info)
+		}
+	} else {
+		// Use flattened serialization
+		raw.Header = obj.recipients[0].header
+		raw.EncryptedKey = newBuffer(obj.recipients[0].encryptedKey)
+	}
+
+	if obj.protected != nil {
+		raw.Protected = newBuffer(mustSerializeJSON(obj.protected))
+	}
+
+	return string(mustSerializeJSON(raw))
+}
diff --git a/vendor/gopkg.in/go-jose/go-jose.v2/jwk.go b/vendor/gopkg.in/go-jose/go-jose.v2/jwk.go
new file mode 100644
index 000000000..ea3d86340
--- /dev/null
+++ b/vendor/gopkg.in/go-jose/go-jose.v2/jwk.go
@@ -0,0 +1,760 @@
+/*-
+ * Copyright 2014 Square Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package jose
+
+import (
+	"bytes"
+	"crypto"
+	"crypto/ecdsa"
+	"crypto/elliptic"
+	"crypto/rsa"
+	"crypto/sha1"
+	"crypto/sha256"
+	"crypto/x509"
+	"encoding/base64"
+	"encoding/hex"
+	"errors"
+	"fmt"
+	"math/big"
+	"net/url"
+	"reflect"
+	"strings"
+
+	"golang.org/x/crypto/ed25519"
+
+	"gopkg.in/go-jose/go-jose.v2/json"
+)
+
+// rawJSONWebKey represents a public or private key in JWK format, used for parsing/serializing.
+type rawJSONWebKey struct {
+	Use string      `json:"use,omitempty"`
+	Kty string      `json:"kty,omitempty"`
+	Kid string      `json:"kid,omitempty"`
+	Crv string      `json:"crv,omitempty"`
+	Alg string      `json:"alg,omitempty"`
+	K   *byteBuffer `json:"k,omitempty"`
+	X   *byteBuffer `json:"x,omitempty"`
+	Y   *byteBuffer `json:"y,omitempty"`
+	N   *byteBuffer `json:"n,omitempty"`
+	E   *byteBuffer `json:"e,omitempty"`
+	// -- Following fields are only used for private keys --
+	// RSA uses D, P and Q, while ECDSA uses only D. Fields Dp, Dq, and Qi are
+	// completely optional. Therefore for RSA/ECDSA, D != nil is a contract that
+	// we have a private key whereas D == nil means we have only a public key.
+	D  *byteBuffer `json:"d,omitempty"`
+	P  *byteBuffer `json:"p,omitempty"`
+	Q  *byteBuffer `json:"q,omitempty"`
+	Dp *byteBuffer `json:"dp,omitempty"`
+	Dq *byteBuffer `json:"dq,omitempty"`
+	Qi *byteBuffer `json:"qi,omitempty"`
+	// Certificates
+	X5c       []string `json:"x5c,omitempty"`
+	X5u       *url.URL `json:"x5u,omitempty"`
+	X5tSHA1   string   `json:"x5t,omitempty"`
+	X5tSHA256 string   `json:"x5t#S256,omitempty"`
+}
+
+// JSONWebKey represents a public or private key in JWK format.
+type JSONWebKey struct {
+	// Cryptographic key, can be a symmetric or asymmetric key.
+	Key interface{}
+	// Key identifier, parsed from `kid` header.
+	KeyID string
+	// Key algorithm, parsed from `alg` header.
+	Algorithm string
+	// Key use, parsed from `use` header.
+	Use string
+
+	// X.509 certificate chain, parsed from `x5c` header.
+	Certificates []*x509.Certificate
+	// X.509 certificate URL, parsed from `x5u` header.
+	CertificatesURL *url.URL
+	// X.509 certificate thumbprint (SHA-1), parsed from `x5t` header.
+	CertificateThumbprintSHA1 []byte
+	// X.509 certificate thumbprint (SHA-256), parsed from `x5t#S256` header.
+	CertificateThumbprintSHA256 []byte
+}
+
+// MarshalJSON serializes the given key to its JSON representation.
+func (k JSONWebKey) MarshalJSON() ([]byte, error) {
+	var raw *rawJSONWebKey
+	var err error
+
+	switch key := k.Key.(type) {
+	case ed25519.PublicKey:
+		raw = fromEdPublicKey(key)
+	case *ecdsa.PublicKey:
+		raw, err = fromEcPublicKey(key)
+	case *rsa.PublicKey:
+		raw = fromRsaPublicKey(key)
+	case ed25519.PrivateKey:
+		raw, err = fromEdPrivateKey(key)
+	case *ecdsa.PrivateKey:
+		raw, err = fromEcPrivateKey(key)
+	case *rsa.PrivateKey:
+		raw, err = fromRsaPrivateKey(key)
+	case []byte:
+		raw, err = fromSymmetricKey(key)
+	default:
+		return nil, fmt.Errorf("go-jose/go-jose: unknown key type '%s'", reflect.TypeOf(key))
+	}
+
+	if err != nil {
+		return nil, err
+	}
+
+	raw.Kid = k.KeyID
+	raw.Alg = k.Algorithm
+	raw.Use = k.Use
+
+	for _, cert := range k.Certificates {
+		raw.X5c = append(raw.X5c, base64.StdEncoding.EncodeToString(cert.Raw))
+	}
+
+	x5tSHA1Len := len(k.CertificateThumbprintSHA1)
+	x5tSHA256Len := len(k.CertificateThumbprintSHA256)
+	if x5tSHA1Len > 0 {
+		if x5tSHA1Len != sha1.Size {
+			return nil, fmt.Errorf("go-jose/go-jose: invalid SHA-1 thumbprint (must be %d bytes, not %d)", sha1.Size, x5tSHA1Len)
+		}
+		raw.X5tSHA1 = base64.RawURLEncoding.EncodeToString(k.CertificateThumbprintSHA1)
+	}
+	if x5tSHA256Len > 0 {
+		if x5tSHA256Len != sha256.Size {
+			return nil, fmt.Errorf("go-jose/go-jose: invalid SHA-256 thumbprint (must be %d bytes, not %d)", sha256.Size, x5tSHA256Len)
+		}
+		raw.X5tSHA256 = base64.RawURLEncoding.EncodeToString(k.CertificateThumbprintSHA256)
+	}
+
+	// If cert chain is attached (as opposed to being behind a URL), check the
+	// keys thumbprints to make sure they match what is expected. This is to
+	// ensure we don't accidentally produce a JWK with semantically inconsistent
+	// data in the headers.
+	if len(k.Certificates) > 0 {
+		expectedSHA1 := sha1.Sum(k.Certificates[0].Raw)
+		expectedSHA256 := sha256.Sum256(k.Certificates[0].Raw)
+
+		if len(k.CertificateThumbprintSHA1) > 0 && !bytes.Equal(k.CertificateThumbprintSHA1, expectedSHA1[:]) {
+			return nil, errors.New("go-jose/go-jose: invalid SHA-1 thumbprint, does not match cert chain")
+		}
+		if len(k.CertificateThumbprintSHA256) > 0 && !bytes.Equal(k.CertificateThumbprintSHA256, expectedSHA256[:]) {
+			return nil, errors.New("go-jose/go-jose: invalid or SHA-256 thumbprint, does not match cert chain")
+		}
+	}
+
+	raw.X5u = k.CertificatesURL
+
+	return json.Marshal(raw)
+}
+
+// UnmarshalJSON reads a key from its JSON representation.
+func (k *JSONWebKey) UnmarshalJSON(data []byte) (err error) {
+	var raw rawJSONWebKey
+	err = json.Unmarshal(data, &raw)
+	if err != nil {
+		return err
+	}
+
+	certs, err := parseCertificateChain(raw.X5c)
+	if err != nil {
+		return fmt.Errorf("go-jose/go-jose: failed to unmarshal x5c field: %s", err)
+	}
+
+	var key interface{}
+	var certPub interface{}
+	var keyPub interface{}
+
+	if len(certs) > 0 {
+		// We need to check that leaf public key matches the key embedded in this
+		// JWK, as required by the standard (see RFC 7517, Section 4.7). Otherwise
+		// the JWK parsed could be semantically invalid. Technically, should also
+		// check key usage fields and other extensions on the cert here, but the
+		// standard doesn't exactly explain how they're supposed to map from the
+		// JWK representation to the X.509 extensions.
+		certPub = certs[0].PublicKey
+	}
+
+	switch raw.Kty {
+	case "EC":
+		if raw.D != nil {
+			key, err = raw.ecPrivateKey()
+			if err == nil {
+				keyPub = key.(*ecdsa.PrivateKey).Public()
+			}
+		} else {
+			key, err = raw.ecPublicKey()
+			keyPub = key
+		}
+	case "RSA":
+		if raw.D != nil {
+			key, err = raw.rsaPrivateKey()
+			if err == nil {
+				keyPub = key.(*rsa.PrivateKey).Public()
+			}
+		} else {
+			key, err = raw.rsaPublicKey()
+			keyPub = key
+		}
+	case "oct":
+		if certPub != nil {
+			return errors.New("go-jose/go-jose: invalid JWK, found 'oct' (symmetric) key with cert chain")
+		}
+		key, err = raw.symmetricKey()
+	case "OKP":
+		if raw.Crv == "Ed25519" && raw.X != nil {
+			if raw.D != nil {
+				key, err = raw.edPrivateKey()
+				if err == nil {
+					keyPub = key.(ed25519.PrivateKey).Public()
+				}
+			} else {
+				key, err = raw.edPublicKey()
+				keyPub = key
+			}
+		} else {
+			err = fmt.Errorf("go-jose/go-jose: unknown curve %s'", raw.Crv)
+		}
+	default:
+		err = fmt.Errorf("go-jose/go-jose: unknown json web key type '%s'", raw.Kty)
+	}
+
+	if err != nil {
+		return
+	}
+
+	if certPub != nil && keyPub != nil {
+		if !reflect.DeepEqual(certPub, keyPub) {
+			return errors.New("go-jose/go-jose: invalid JWK, public keys in key and x5c fields to not match")
+		}
+	}
+
+	*k = JSONWebKey{Key: key, KeyID: raw.Kid, Algorithm: raw.Alg, Use: raw.Use, Certificates: certs}
+
+	k.CertificatesURL = raw.X5u
+
+	// x5t parameters are base64url-encoded SHA thumbprints
+	// See RFC 7517, Section 4.8, https://tools.ietf.org/html/rfc7517#section-4.8
+	x5tSHA1bytes, err := base64.RawURLEncoding.DecodeString(raw.X5tSHA1)
+	if err != nil {
+		return errors.New("go-jose/go-jose: invalid JWK, x5t header has invalid encoding")
+	}
+
+	// RFC 7517, Section 4.8 is ambiguous as to whether the digest output should be byte or hex,
+	// for this reason, after base64 decoding, if the size is sha1.Size it's likely that the value is a byte encoded
+	// checksum so we skip this. Otherwise if the checksum was hex encoded we expect a 40 byte sized array so we'll
+	// try to hex decode it. When Marshalling this value we'll always use a base64 encoded version of byte format checksum.
+	if len(x5tSHA1bytes) == 2*sha1.Size {
+		hx, err := hex.DecodeString(string(x5tSHA1bytes))
+		if err != nil {
+			return fmt.Errorf("go-jose/go-jose: invalid JWK, unable to hex decode x5t: %v", err)
+
+		}
+		x5tSHA1bytes = hx
+	}
+
+	k.CertificateThumbprintSHA1 = x5tSHA1bytes
+
+	x5tSHA256bytes, err := base64.RawURLEncoding.DecodeString(raw.X5tSHA256)
+	if err != nil {
+		return errors.New("go-jose/go-jose: invalid JWK, x5t#S256 header has invalid encoding")
+	}
+
+	if len(x5tSHA256bytes) == 2*sha256.Size {
+		hx256, err := hex.DecodeString(string(x5tSHA256bytes))
+		if err != nil {
+			return fmt.Errorf("go-jose/go-jose: invalid JWK, unable to hex decode x5t#S256: %v", err)
+		}
+		x5tSHA256bytes = hx256
+	}
+
+	k.CertificateThumbprintSHA256 = x5tSHA256bytes
+
+	x5tSHA1Len := len(k.CertificateThumbprintSHA1)
+	x5tSHA256Len := len(k.CertificateThumbprintSHA256)
+	if x5tSHA1Len > 0 && x5tSHA1Len != sha1.Size {
+		return errors.New("go-jose/go-jose: invalid JWK, x5t header is of incorrect size")
+	}
+	if x5tSHA256Len > 0 && x5tSHA256Len != sha256.Size {
+		return errors.New("go-jose/go-jose: invalid JWK, x5t#S256 header is of incorrect size")
+	}
+
+	// If certificate chain *and* thumbprints are set, verify correctness.
+	if len(k.Certificates) > 0 {
+		leaf := k.Certificates[0]
+		sha1sum := sha1.Sum(leaf.Raw)
+		sha256sum := sha256.Sum256(leaf.Raw)
+
+		if len(k.CertificateThumbprintSHA1) > 0 && !bytes.Equal(sha1sum[:], k.CertificateThumbprintSHA1) {
+			return errors.New("go-jose/go-jose: invalid JWK, x5c thumbprint does not match x5t value")
+		}
+
+		if len(k.CertificateThumbprintSHA256) > 0 && !bytes.Equal(sha256sum[:], k.CertificateThumbprintSHA256) {
+			return errors.New("go-jose/go-jose: invalid JWK, x5c thumbprint does not match x5t#S256 value")
+		}
+	}
+
+	return
+}
+
+// JSONWebKeySet represents a JWK Set object.
+type JSONWebKeySet struct {
+	Keys []JSONWebKey `json:"keys"`
+}
+
+// Key convenience method returns keys by key ID. Specification states
+// that a JWK Set "SHOULD" use distinct key IDs, but allows for some
+// cases where they are not distinct. Hence method returns a slice
+// of JSONWebKeys.
+func (s *JSONWebKeySet) Key(kid string) []JSONWebKey {
+	var keys []JSONWebKey
+	for _, key := range s.Keys {
+		if key.KeyID == kid {
+			keys = append(keys, key)
+		}
+	}
+
+	return keys
+}
+
+const rsaThumbprintTemplate = `{"e":"%s","kty":"RSA","n":"%s"}`
+const ecThumbprintTemplate = `{"crv":"%s","kty":"EC","x":"%s","y":"%s"}`
+const edThumbprintTemplate = `{"crv":"%s","kty":"OKP","x":"%s"}`
+
+func ecThumbprintInput(curve elliptic.Curve, x, y *big.Int) (string, error) {
+	coordLength := curveSize(curve)
+	crv, err := curveName(curve)
+	if err != nil {
+		return "", err
+	}
+
+	if len(x.Bytes()) > coordLength || len(y.Bytes()) > coordLength {
+		return "", errors.New("go-jose/go-jose: invalid elliptic key (too large)")
+	}
+
+	return fmt.Sprintf(ecThumbprintTemplate, crv,
+		newFixedSizeBuffer(x.Bytes(), coordLength).base64(),
+		newFixedSizeBuffer(y.Bytes(), coordLength).base64()), nil
+}
+
+func rsaThumbprintInput(n *big.Int, e int) (string, error) {
+	return fmt.Sprintf(rsaThumbprintTemplate,
+		newBufferFromInt(uint64(e)).base64(),
+		newBuffer(n.Bytes()).base64()), nil
+}
+
+func edThumbprintInput(ed ed25519.PublicKey) (string, error) {
+	crv := "Ed25519"
+	if len(ed) > 32 {
+		return "", errors.New("go-jose/go-jose: invalid elliptic key (too large)")
+	}
+	return fmt.Sprintf(edThumbprintTemplate, crv,
+		newFixedSizeBuffer(ed, 32).base64()), nil
+}
+
+// Thumbprint computes the JWK Thumbprint of a key using the
+// indicated hash algorithm.
+func (k *JSONWebKey) Thumbprint(hash crypto.Hash) ([]byte, error) {
+	var input string
+	var err error
+	switch key := k.Key.(type) {
+	case ed25519.PublicKey:
+		input, err = edThumbprintInput(key)
+	case *ecdsa.PublicKey:
+		input, err = ecThumbprintInput(key.Curve, key.X, key.Y)
+	case *ecdsa.PrivateKey:
+		input, err = ecThumbprintInput(key.Curve, key.X, key.Y)
+	case *rsa.PublicKey:
+		input, err = rsaThumbprintInput(key.N, key.E)
+	case *rsa.PrivateKey:
+		input, err = rsaThumbprintInput(key.N, key.E)
+	case ed25519.PrivateKey:
+		input, err = edThumbprintInput(ed25519.PublicKey(key[32:]))
+	default:
+		return nil, fmt.Errorf("go-jose/go-jose: unknown key type '%s'", reflect.TypeOf(key))
+	}
+
+	if err != nil {
+		return nil, err
+	}
+
+	h := hash.New()
+	h.Write([]byte(input))
+	return h.Sum(nil), nil
+}
+
+// IsPublic returns true if the JWK represents a public key (not symmetric, not private).
+func (k *JSONWebKey) IsPublic() bool {
+	switch k.Key.(type) {
+	case *ecdsa.PublicKey, *rsa.PublicKey, ed25519.PublicKey:
+		return true
+	default:
+		return false
+	}
+}
+
+// Public creates JSONWebKey with corresponding public key if JWK represents asymmetric private key.
+func (k *JSONWebKey) Public() JSONWebKey {
+	if k.IsPublic() {
+		return *k
+	}
+	ret := *k
+	switch key := k.Key.(type) {
+	case *ecdsa.PrivateKey:
+		ret.Key = key.Public()
+	case *rsa.PrivateKey:
+		ret.Key = key.Public()
+	case ed25519.PrivateKey:
+		ret.Key = key.Public()
+	default:
+		return JSONWebKey{} // returning invalid key
+	}
+	return ret
+}
+
+// Valid checks that the key contains the expected parameters.
+func (k *JSONWebKey) Valid() bool {
+	if k.Key == nil {
+		return false
+	}
+	switch key := k.Key.(type) {
+	case *ecdsa.PublicKey:
+		if key.Curve == nil || key.X == nil || key.Y == nil {
+			return false
+		}
+	case *ecdsa.PrivateKey:
+		if key.Curve == nil || key.X == nil || key.Y == nil || key.D == nil {
+			return false
+		}
+	case *rsa.PublicKey:
+		if key.N == nil || key.E == 0 {
+			return false
+		}
+	case *rsa.PrivateKey:
+		if key.N == nil || key.E == 0 || key.D == nil || len(key.Primes) < 2 {
+			return false
+		}
+	case ed25519.PublicKey:
+		if len(key) != 32 {
+			return false
+		}
+	case ed25519.PrivateKey:
+		if len(key) != 64 {
+			return false
+		}
+	default:
+		return false
+	}
+	return true
+}
+
+func (key rawJSONWebKey) rsaPublicKey() (*rsa.PublicKey, error) {
+	if key.N == nil || key.E == nil {
+		return nil, fmt.Errorf("go-jose/go-jose: invalid RSA key, missing n/e values")
+	}
+
+	return &rsa.PublicKey{
+		N: key.N.bigInt(),
+		E: key.E.toInt(),
+	}, nil
+}
+
+func fromEdPublicKey(pub ed25519.PublicKey) *rawJSONWebKey {
+	return &rawJSONWebKey{
+		Kty: "OKP",
+		Crv: "Ed25519",
+		X:   newBuffer(pub),
+	}
+}
+
+func fromRsaPublicKey(pub *rsa.PublicKey) *rawJSONWebKey {
+	return &rawJSONWebKey{
+		Kty: "RSA",
+		N:   newBuffer(pub.N.Bytes()),
+		E:   newBufferFromInt(uint64(pub.E)),
+	}
+}
+
+func (key rawJSONWebKey) ecPublicKey() (*ecdsa.PublicKey, error) {
+	var curve elliptic.Curve
+	switch key.Crv {
+	case "P-256":
+		curve = elliptic.P256()
+	case "P-384":
+		curve = elliptic.P384()
+	case "P-521":
+		curve = elliptic.P521()
+	default:
+		return nil, fmt.Errorf("go-jose/go-jose: unsupported elliptic curve '%s'", key.Crv)
+	}
+
+	if key.X == nil || key.Y == nil {
+		return nil, errors.New("go-jose/go-jose: invalid EC key, missing x/y values")
+	}
+
+	// The length of this octet string MUST be the full size of a coordinate for
+	// the curve specified in the "crv" parameter.
+	// https://tools.ietf.org/html/rfc7518#section-6.2.1.2
+	if curveSize(curve) != len(key.X.data) {
+		return nil, fmt.Errorf("go-jose/go-jose: invalid EC public key, wrong length for x")
+	}
+
+	if curveSize(curve) != len(key.Y.data) {
+		return nil, fmt.Errorf("go-jose/go-jose: invalid EC public key, wrong length for y")
+	}
+
+	x := key.X.bigInt()
+	y := key.Y.bigInt()
+
+	if !curve.IsOnCurve(x, y) {
+		return nil, errors.New("go-jose/go-jose: invalid EC key, X/Y are not on declared curve")
+	}
+
+	return &ecdsa.PublicKey{
+		Curve: curve,
+		X:     x,
+		Y:     y,
+	}, nil
+}
+
+func fromEcPublicKey(pub *ecdsa.PublicKey) (*rawJSONWebKey, error) {
+	if pub == nil || pub.X == nil || pub.Y == nil {
+		return nil, fmt.Errorf("go-jose/go-jose: invalid EC key (nil, or X/Y missing)")
+	}
+
+	name, err := curveName(pub.Curve)
+	if err != nil {
+		return nil, err
+	}
+
+	size := curveSize(pub.Curve)
+
+	xBytes := pub.X.Bytes()
+	yBytes := pub.Y.Bytes()
+
+	if len(xBytes) > size || len(yBytes) > size {
+		return nil, fmt.Errorf("go-jose/go-jose: invalid EC key (X/Y too large)")
+	}
+
+	key := &rawJSONWebKey{
+		Kty: "EC",
+		Crv: name,
+		X:   newFixedSizeBuffer(xBytes, size),
+		Y:   newFixedSizeBuffer(yBytes, size),
+	}
+
+	return key, nil
+}
+
+func (key rawJSONWebKey) edPrivateKey() (ed25519.PrivateKey, error) {
+	var missing []string
+	switch {
+	case key.D == nil:
+		missing = append(missing, "D")
+	case key.X == nil:
+		missing = append(missing, "X")
+	}
+
+	if len(missing) > 0 {
+		return nil, fmt.Errorf("go-jose/go-jose: invalid Ed25519 private key, missing %s value(s)", strings.Join(missing, ", "))
+	}
+
+	privateKey := make([]byte, ed25519.PrivateKeySize)
+	copy(privateKey[0:32], key.D.bytes())
+	copy(privateKey[32:], key.X.bytes())
+	rv := ed25519.PrivateKey(privateKey)
+	return rv, nil
+}
+
+func (key rawJSONWebKey) edPublicKey() (ed25519.PublicKey, error) {
+	if key.X == nil {
+		return nil, fmt.Errorf("go-jose/go-jose: invalid Ed key, missing x value")
+	}
+	publicKey := make([]byte, ed25519.PublicKeySize)
+	copy(publicKey[0:32], key.X.bytes())
+	rv := ed25519.PublicKey(publicKey)
+	return rv, nil
+}
+
+func (key rawJSONWebKey) rsaPrivateKey() (*rsa.PrivateKey, error) {
+	var missing []string
+	switch {
+	case key.N == nil:
+		missing = append(missing, "N")
+	case key.E == nil:
+		missing = append(missing, "E")
+	case key.D == nil:
+		missing = append(missing, "D")
+	case key.P == nil:
+		missing = append(missing, "P")
+	case key.Q == nil:
+		missing = append(missing, "Q")
+	}
+
+	if len(missing) > 0 {
+		return nil, fmt.Errorf("go-jose/go-jose: invalid RSA private key, missing %s value(s)", strings.Join(missing, ", "))
+	}
+
+	rv := &rsa.PrivateKey{
+		PublicKey: rsa.PublicKey{
+			N: key.N.bigInt(),
+			E: key.E.toInt(),
+		},
+		D: key.D.bigInt(),
+		Primes: []*big.Int{
+			key.P.bigInt(),
+			key.Q.bigInt(),
+		},
+	}
+
+	if key.Dp != nil {
+		rv.Precomputed.Dp = key.Dp.bigInt()
+	}
+	if key.Dq != nil {
+		rv.Precomputed.Dq = key.Dq.bigInt()
+	}
+	if key.Qi != nil {
+		rv.Precomputed.Qinv = key.Qi.bigInt()
+	}
+
+	err := rv.Validate()
+	return rv, err
+}
+
+func fromEdPrivateKey(ed ed25519.PrivateKey) (*rawJSONWebKey, error) {
+	raw := fromEdPublicKey(ed25519.PublicKey(ed[32:]))
+
+	raw.D = newBuffer(ed[0:32])
+	return raw, nil
+}
+
+func fromRsaPrivateKey(rsa *rsa.PrivateKey) (*rawJSONWebKey, error) {
+	if len(rsa.Primes) != 2 {
+		return nil, ErrUnsupportedKeyType
+	}
+
+	raw := fromRsaPublicKey(&rsa.PublicKey)
+
+	raw.D = newBuffer(rsa.D.Bytes())
+	raw.P = newBuffer(rsa.Primes[0].Bytes())
+	raw.Q = newBuffer(rsa.Primes[1].Bytes())
+
+	if rsa.Precomputed.Dp != nil {
+		raw.Dp = newBuffer(rsa.Precomputed.Dp.Bytes())
+	}
+	if rsa.Precomputed.Dq != nil {
+		raw.Dq = newBuffer(rsa.Precomputed.Dq.Bytes())
+	}
+	if rsa.Precomputed.Qinv != nil {
+		raw.Qi = newBuffer(rsa.Precomputed.Qinv.Bytes())
+	}
+
+	return raw, nil
+}
+
+func (key rawJSONWebKey) ecPrivateKey() (*ecdsa.PrivateKey, error) {
+	var curve elliptic.Curve
+	switch key.Crv {
+	case "P-256":
+		curve = elliptic.P256()
+	case "P-384":
+		curve = elliptic.P384()
+	case "P-521":
+		curve = elliptic.P521()
+	default:
+		return nil, fmt.Errorf("go-jose/go-jose: unsupported elliptic curve '%s'", key.Crv)
+	}
+
+	if key.X == nil || key.Y == nil || key.D == nil {
+		return nil, fmt.Errorf("go-jose/go-jose: invalid EC private key, missing x/y/d values")
+	}
+
+	// The length of this octet string MUST be the full size of a coordinate for
+	// the curve specified in the "crv" parameter.
+	// https://tools.ietf.org/html/rfc7518#section-6.2.1.2
+	if curveSize(curve) != len(key.X.data) {
+		return nil, fmt.Errorf("go-jose/go-jose: invalid EC private key, wrong length for x")
+	}
+
+	if curveSize(curve) != len(key.Y.data) {
+		return nil, fmt.Errorf("go-jose/go-jose: invalid EC private key, wrong length for y")
+	}
+
+	// https://tools.ietf.org/html/rfc7518#section-6.2.2.1
+	if dSize(curve) != len(key.D.data) {
+		return nil, fmt.Errorf("go-jose/go-jose: invalid EC private key, wrong length for d")
+	}
+
+	x := key.X.bigInt()
+	y := key.Y.bigInt()
+
+	if !curve.IsOnCurve(x, y) {
+		return nil, errors.New("go-jose/go-jose: invalid EC key, X/Y are not on declared curve")
+	}
+
+	return &ecdsa.PrivateKey{
+		PublicKey: ecdsa.PublicKey{
+			Curve: curve,
+			X:     x,
+			Y:     y,
+		},
+		D: key.D.bigInt(),
+	}, nil
+}
+
+func fromEcPrivateKey(ec *ecdsa.PrivateKey) (*rawJSONWebKey, error) {
+	raw, err := fromEcPublicKey(&ec.PublicKey)
+	if err != nil {
+		return nil, err
+	}
+
+	if ec.D == nil {
+		return nil, fmt.Errorf("go-jose/go-jose: invalid EC private key")
+	}
+
+	raw.D = newFixedSizeBuffer(ec.D.Bytes(), dSize(ec.PublicKey.Curve))
+
+	return raw, nil
+}
+
+// dSize returns the size in octets for the "d" member of an elliptic curve
+// private key.
+// The length of this octet string MUST be ceiling(log-base-2(n)/8)
+// octets (where n is the order of the curve).
+// https://tools.ietf.org/html/rfc7518#section-6.2.2.1
+func dSize(curve elliptic.Curve) int {
+	order := curve.Params().P
+	bitLen := order.BitLen()
+	size := bitLen / 8
+	if bitLen%8 != 0 {
+		size = size + 1
+	}
+	return size
+}
+
+func fromSymmetricKey(key []byte) (*rawJSONWebKey, error) {
+	return &rawJSONWebKey{
+		Kty: "oct",
+		K:   newBuffer(key),
+	}, nil
+}
+
+func (key rawJSONWebKey) symmetricKey() ([]byte, error) {
+	if key.K == nil {
+		return nil, fmt.Errorf("go-jose/go-jose: invalid OCT (symmetric) key, missing k value")
+	}
+	return key.K.bytes(), nil
+}
diff --git a/vendor/gopkg.in/go-jose/go-jose.v2/jws.go b/vendor/gopkg.in/go-jose/go-jose.v2/jws.go
new file mode 100644
index 000000000..1a24fa468
--- /dev/null
+++ b/vendor/gopkg.in/go-jose/go-jose.v2/jws.go
@@ -0,0 +1,366 @@
+/*-
+ * Copyright 2014 Square Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package jose
+
+import (
+	"bytes"
+	"encoding/base64"
+	"errors"
+	"fmt"
+	"strings"
+
+	"gopkg.in/go-jose/go-jose.v2/json"
+)
+
+// rawJSONWebSignature represents a raw JWS JSON object. Used for parsing/serializing.
+type rawJSONWebSignature struct {
+	Payload    *byteBuffer        `json:"payload,omitempty"`
+	Signatures []rawSignatureInfo `json:"signatures,omitempty"`
+	Protected  *byteBuffer        `json:"protected,omitempty"`
+	Header     *rawHeader         `json:"header,omitempty"`
+	Signature  *byteBuffer        `json:"signature,omitempty"`
+}
+
+// rawSignatureInfo represents a single JWS signature over the JWS payload and protected header.
+type rawSignatureInfo struct {
+	Protected *byteBuffer `json:"protected,omitempty"`
+	Header    *rawHeader  `json:"header,omitempty"`
+	Signature *byteBuffer `json:"signature,omitempty"`
+}
+
+// JSONWebSignature represents a signed JWS object after parsing.
+type JSONWebSignature struct {
+	payload []byte
+	// Signatures attached to this object (may be more than one for multi-sig).
+	// Be careful about accessing these directly, prefer to use Verify() or
+	// VerifyMulti() to ensure that the data you're getting is verified.
+	Signatures []Signature
+}
+
+// Signature represents a single signature over the JWS payload and protected header.
+type Signature struct {
+	// Merged header fields. Contains both protected and unprotected header
+	// values. Prefer using Protected and Unprotected fields instead of this.
+	// Values in this header may or may not have been signed and in general
+	// should not be trusted.
+	Header Header
+
+	// Protected header. Values in this header were signed and
+	// will be verified as part of the signature verification process.
+	Protected Header
+
+	// Unprotected header. Values in this header were not signed
+	// and in general should not be trusted.
+	Unprotected Header
+
+	// The actual signature value
+	Signature []byte
+
+	protected *rawHeader
+	header    *rawHeader
+	original  *rawSignatureInfo
+}
+
+// ParseSigned parses a signed message in compact or full serialization format.
+func ParseSigned(signature string) (*JSONWebSignature, error) {
+	signature = stripWhitespace(signature)
+	if strings.HasPrefix(signature, "{") {
+		return parseSignedFull(signature)
+	}
+
+	return parseSignedCompact(signature, nil)
+}
+
+// ParseDetached parses a signed message in compact serialization format with detached payload.
+func ParseDetached(signature string, payload []byte) (*JSONWebSignature, error) {
+	if payload == nil {
+		return nil, errors.New("go-jose/go-jose: nil payload")
+	}
+	return parseSignedCompact(stripWhitespace(signature), payload)
+}
+
+// Get a header value
+func (sig Signature) mergedHeaders() rawHeader {
+	out := rawHeader{}
+	out.merge(sig.protected)
+	out.merge(sig.header)
+	return out
+}
+
+// Compute data to be signed
+func (obj JSONWebSignature) computeAuthData(payload []byte, signature *Signature) ([]byte, error) {
+	var authData bytes.Buffer
+
+	protectedHeader := new(rawHeader)
+
+	if signature.original != nil && signature.original.Protected != nil {
+		if err := json.Unmarshal(signature.original.Protected.bytes(), protectedHeader); err != nil {
+			return nil, err
+		}
+		authData.WriteString(signature.original.Protected.base64())
+	} else if signature.protected != nil {
+		protectedHeader = signature.protected
+		authData.WriteString(base64.RawURLEncoding.EncodeToString(mustSerializeJSON(protectedHeader)))
+	}
+
+	needsBase64 := true
+
+	if protectedHeader != nil {
+		var err error
+		if needsBase64, err = protectedHeader.getB64(); err != nil {
+			needsBase64 = true
+		}
+	}
+
+	authData.WriteByte('.')
+
+	if needsBase64 {
+		authData.WriteString(base64.RawURLEncoding.EncodeToString(payload))
+	} else {
+		authData.Write(payload)
+	}
+
+	return authData.Bytes(), nil
+}
+
+// parseSignedFull parses a message in full format.
+func parseSignedFull(input string) (*JSONWebSignature, error) {
+	var parsed rawJSONWebSignature
+	err := json.Unmarshal([]byte(input), &parsed)
+	if err != nil {
+		return nil, err
+	}
+
+	return parsed.sanitized()
+}
+
+// sanitized produces a cleaned-up JWS object from the raw JSON.
+func (parsed *rawJSONWebSignature) sanitized() (*JSONWebSignature, error) {
+	if parsed.Payload == nil {
+		return nil, fmt.Errorf("go-jose/go-jose: missing payload in JWS message")
+	}
+
+	obj := &JSONWebSignature{
+		payload:    parsed.Payload.bytes(),
+		Signatures: make([]Signature, len(parsed.Signatures)),
+	}
+
+	if len(parsed.Signatures) == 0 {
+		// No signatures array, must be flattened serialization
+		signature := Signature{}
+		if parsed.Protected != nil && len(parsed.Protected.bytes()) > 0 {
+			signature.protected = &rawHeader{}
+			err := json.Unmarshal(parsed.Protected.bytes(), signature.protected)
+			if err != nil {
+				return nil, err
+			}
+		}
+
+		// Check that there is not a nonce in the unprotected header
+		if parsed.Header != nil && parsed.Header.getNonce() != "" {
+			return nil, ErrUnprotectedNonce
+		}
+
+		signature.header = parsed.Header
+		signature.Signature = parsed.Signature.bytes()
+		// Make a fake "original" rawSignatureInfo to store the unprocessed
+		// Protected header. This is necessary because the Protected header can
+		// contain arbitrary fields not registered as part of the spec. See
+		// https://tools.ietf.org/html/draft-ietf-jose-json-web-signature-41#section-4
+		// If we unmarshal Protected into a rawHeader with its explicit list of fields,
+		// we cannot marshal losslessly. So we have to keep around the original bytes.
+		// This is used in computeAuthData, which will first attempt to use
+		// the original bytes of a protected header, and fall back on marshaling the
+		// header struct only if those bytes are not available.
+		signature.original = &rawSignatureInfo{
+			Protected: parsed.Protected,
+			Header:    parsed.Header,
+			Signature: parsed.Signature,
+		}
+
+		var err error
+		signature.Header, err = signature.mergedHeaders().sanitized()
+		if err != nil {
+			return nil, err
+		}
+
+		if signature.header != nil {
+			signature.Unprotected, err = signature.header.sanitized()
+			if err != nil {
+				return nil, err
+			}
+		}
+
+		if signature.protected != nil {
+			signature.Protected, err = signature.protected.sanitized()
+			if err != nil {
+				return nil, err
+			}
+		}
+
+		// As per RFC 7515 Section 4.1.3, only public keys are allowed to be embedded.
+		jwk := signature.Header.JSONWebKey
+		if jwk != nil && (!jwk.Valid() || !jwk.IsPublic()) {
+			return nil, errors.New("go-jose/go-jose: invalid embedded jwk, must be public key")
+		}
+
+		obj.Signatures = append(obj.Signatures, signature)
+	}
+
+	for i, sig := range parsed.Signatures {
+		if sig.Protected != nil && len(sig.Protected.bytes()) > 0 {
+			obj.Signatures[i].protected = &rawHeader{}
+			err := json.Unmarshal(sig.Protected.bytes(), obj.Signatures[i].protected)
+			if err != nil {
+				return nil, err
+			}
+		}
+
+		// Check that there is not a nonce in the unprotected header
+		if sig.Header != nil && sig.Header.getNonce() != "" {
+			return nil, ErrUnprotectedNonce
+		}
+
+		var err error
+		obj.Signatures[i].Header, err = obj.Signatures[i].mergedHeaders().sanitized()
+		if err != nil {
+			return nil, err
+		}
+
+		if obj.Signatures[i].header != nil {
+			obj.Signatures[i].Unprotected, err = obj.Signatures[i].header.sanitized()
+			if err != nil {
+				return nil, err
+			}
+		}
+
+		if obj.Signatures[i].protected != nil {
+			obj.Signatures[i].Protected, err = obj.Signatures[i].protected.sanitized()
+			if err != nil {
+				return nil, err
+			}
+		}
+
+		obj.Signatures[i].Signature = sig.Signature.bytes()
+
+		// As per RFC 7515 Section 4.1.3, only public keys are allowed to be embedded.
+		jwk := obj.Signatures[i].Header.JSONWebKey
+		if jwk != nil && (!jwk.Valid() || !jwk.IsPublic()) {
+			return nil, errors.New("go-jose/go-jose: invalid embedded jwk, must be public key")
+		}
+
+		// Copy value of sig
+		original := sig
+
+		obj.Signatures[i].header = sig.Header
+		obj.Signatures[i].original = &original
+	}
+
+	return obj, nil
+}
+
+// parseSignedCompact parses a message in compact format.
+func parseSignedCompact(input string, payload []byte) (*JSONWebSignature, error) {
+	parts := strings.Split(input, ".")
+	if len(parts) != 3 {
+		return nil, fmt.Errorf("go-jose/go-jose: compact JWS format must have three parts")
+	}
+
+	if parts[1] != "" && payload != nil {
+		return nil, fmt.Errorf("go-jose/go-jose: payload is not detached")
+	}
+
+	rawProtected, err := base64.RawURLEncoding.DecodeString(parts[0])
+	if err != nil {
+		return nil, err
+	}
+
+	if payload == nil {
+		payload, err = base64.RawURLEncoding.DecodeString(parts[1])
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	signature, err := base64.RawURLEncoding.DecodeString(parts[2])
+	if err != nil {
+		return nil, err
+	}
+
+	raw := &rawJSONWebSignature{
+		Payload:   newBuffer(payload),
+		Protected: newBuffer(rawProtected),
+		Signature: newBuffer(signature),
+	}
+	return raw.sanitized()
+}
+
+func (obj JSONWebSignature) compactSerialize(detached bool) (string, error) {
+	if len(obj.Signatures) != 1 || obj.Signatures[0].header != nil || obj.Signatures[0].protected == nil {
+		return "", ErrNotSupported
+	}
+
+	serializedProtected := base64.RawURLEncoding.EncodeToString(mustSerializeJSON(obj.Signatures[0].protected))
+	payload := ""
+	signature := base64.RawURLEncoding.EncodeToString(obj.Signatures[0].Signature)
+
+	if !detached {
+		payload = base64.RawURLEncoding.EncodeToString(obj.payload)
+	}
+
+	return fmt.Sprintf("%s.%s.%s", serializedProtected, payload, signature), nil
+}
+
+// CompactSerialize serializes an object using the compact serialization format.
+func (obj JSONWebSignature) CompactSerialize() (string, error) {
+	return obj.compactSerialize(false)
+}
+
+// DetachedCompactSerialize serializes an object using the compact serialization format with detached payload.
+func (obj JSONWebSignature) DetachedCompactSerialize() (string, error) {
+	return obj.compactSerialize(true)
+}
+
+// FullSerialize serializes an object using the full JSON serialization format.
+func (obj JSONWebSignature) FullSerialize() string {
+	raw := rawJSONWebSignature{
+		Payload: newBuffer(obj.payload),
+	}
+
+	if len(obj.Signatures) == 1 {
+		if obj.Signatures[0].protected != nil {
+			serializedProtected := mustSerializeJSON(obj.Signatures[0].protected)
+			raw.Protected = newBuffer(serializedProtected)
+		}
+		raw.Header = obj.Signatures[0].header
+		raw.Signature = newBuffer(obj.Signatures[0].Signature)
+	} else {
+		raw.Signatures = make([]rawSignatureInfo, len(obj.Signatures))
+		for i, signature := range obj.Signatures {
+			raw.Signatures[i] = rawSignatureInfo{
+				Header:    signature.header,
+				Signature: newBuffer(signature.Signature),
+			}
+
+			if signature.protected != nil {
+				raw.Signatures[i].Protected = newBuffer(mustSerializeJSON(signature.protected))
+			}
+		}
+	}
+
+	return string(mustSerializeJSON(raw))
+}
diff --git a/vendor/gopkg.in/go-jose/go-jose.v2/opaque.go b/vendor/gopkg.in/go-jose/go-jose.v2/opaque.go
new file mode 100644
index 000000000..fc3e8d2ef
--- /dev/null
+++ b/vendor/gopkg.in/go-jose/go-jose.v2/opaque.go
@@ -0,0 +1,144 @@
+/*-
+ * Copyright 2018 Square Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package jose
+
+// OpaqueSigner is an interface that supports signing payloads with opaque
+// private key(s). Private key operations performed by implementers may, for
+// example, occur in a hardware module. An OpaqueSigner may rotate signing keys
+// transparently to the user of this interface.
+type OpaqueSigner interface {
+	// Public returns the public key of the current signing key.
+	Public() *JSONWebKey
+	// Algs returns a list of supported signing algorithms.
+	Algs() []SignatureAlgorithm
+	// SignPayload signs a payload with the current signing key using the given
+	// algorithm.
+	SignPayload(payload []byte, alg SignatureAlgorithm) ([]byte, error)
+}
+
+type opaqueSigner struct {
+	signer OpaqueSigner
+}
+
+func newOpaqueSigner(alg SignatureAlgorithm, signer OpaqueSigner) (recipientSigInfo, error) {
+	var algSupported bool
+	for _, salg := range signer.Algs() {
+		if alg == salg {
+			algSupported = true
+			break
+		}
+	}
+	if !algSupported {
+		return recipientSigInfo{}, ErrUnsupportedAlgorithm
+	}
+
+	return recipientSigInfo{
+		sigAlg:    alg,
+		publicKey: signer.Public,
+		signer: &opaqueSigner{
+			signer: signer,
+		},
+	}, nil
+}
+
+func (o *opaqueSigner) signPayload(payload []byte, alg SignatureAlgorithm) (Signature, error) {
+	out, err := o.signer.SignPayload(payload, alg)
+	if err != nil {
+		return Signature{}, err
+	}
+
+	return Signature{
+		Signature: out,
+		protected: &rawHeader{},
+	}, nil
+}
+
+// OpaqueVerifier is an interface that supports verifying payloads with opaque
+// public key(s). An OpaqueSigner may rotate signing keys transparently to the
+// user of this interface.
+type OpaqueVerifier interface {
+	VerifyPayload(payload []byte, signature []byte, alg SignatureAlgorithm) error
+}
+
+type opaqueVerifier struct {
+	verifier OpaqueVerifier
+}
+
+func (o *opaqueVerifier) verifyPayload(payload []byte, signature []byte, alg SignatureAlgorithm) error {
+	return o.verifier.VerifyPayload(payload, signature, alg)
+}
+
+// OpaqueKeyEncrypter is an interface that supports encrypting keys with an opaque key.
+type OpaqueKeyEncrypter interface {
+	// KeyID returns the kid
+	KeyID() string
+	// Algs returns a list of supported key encryption algorithms.
+	Algs() []KeyAlgorithm
+	// encryptKey encrypts the CEK using the given algorithm.
+	encryptKey(cek []byte, alg KeyAlgorithm) (recipientInfo, error)
+}
+
+type opaqueKeyEncrypter struct {
+	encrypter OpaqueKeyEncrypter
+}
+
+func newOpaqueKeyEncrypter(alg KeyAlgorithm, encrypter OpaqueKeyEncrypter) (recipientKeyInfo, error) {
+	var algSupported bool
+	for _, salg := range encrypter.Algs() {
+		if alg == salg {
+			algSupported = true
+			break
+		}
+	}
+	if !algSupported {
+		return recipientKeyInfo{}, ErrUnsupportedAlgorithm
+	}
+
+	return recipientKeyInfo{
+		keyID:  encrypter.KeyID(),
+		keyAlg: alg,
+		keyEncrypter: &opaqueKeyEncrypter{
+			encrypter: encrypter,
+		},
+	}, nil
+}
+
+func (oke *opaqueKeyEncrypter) encryptKey(cek []byte, alg KeyAlgorithm) (recipientInfo, error) {
+	return oke.encrypter.encryptKey(cek, alg)
+}
+
+//OpaqueKeyDecrypter is an interface that supports decrypting keys with an opaque key.
+type OpaqueKeyDecrypter interface {
+	DecryptKey(encryptedKey []byte, header Header) ([]byte, error)
+}
+
+type opaqueKeyDecrypter struct {
+	decrypter OpaqueKeyDecrypter
+}
+
+func (okd *opaqueKeyDecrypter) decryptKey(headers rawHeader, recipient *recipientInfo, generator keyGenerator) ([]byte, error) {
+	mergedHeaders := rawHeader{}
+	mergedHeaders.merge(&headers)
+	mergedHeaders.merge(recipient.header)
+
+	header, err := mergedHeaders.sanitized()
+	if err != nil {
+		return nil, err
+	}
+
+	return okd.decrypter.DecryptKey(recipient.encryptedKey, header)
+}
diff --git a/vendor/gopkg.in/go-jose/go-jose.v2/shared.go b/vendor/gopkg.in/go-jose/go-jose.v2/shared.go
new file mode 100644
index 000000000..0fa66a44b
--- /dev/null
+++ b/vendor/gopkg.in/go-jose/go-jose.v2/shared.go
@@ -0,0 +1,520 @@
+/*-
+ * Copyright 2014 Square Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package jose
+
+import (
+	"crypto/elliptic"
+	"crypto/x509"
+	"encoding/base64"
+	"errors"
+	"fmt"
+
+	"gopkg.in/go-jose/go-jose.v2/json"
+)
+
+// KeyAlgorithm represents a key management algorithm.
+type KeyAlgorithm string
+
+// SignatureAlgorithm represents a signature (or MAC) algorithm.
+type SignatureAlgorithm string
+
+// ContentEncryption represents a content encryption algorithm.
+type ContentEncryption string
+
+// CompressionAlgorithm represents an algorithm used for plaintext compression.
+type CompressionAlgorithm string
+
+// ContentType represents type of the contained data.
+type ContentType string
+
+var (
+	// ErrCryptoFailure represents an error in cryptographic primitive. This
+	// occurs when, for example, a message had an invalid authentication tag or
+	// could not be decrypted.
+	ErrCryptoFailure = errors.New("go-jose/go-jose: error in cryptographic primitive")
+
+	// ErrUnsupportedAlgorithm indicates that a selected algorithm is not
+	// supported. This occurs when trying to instantiate an encrypter for an
+	// algorithm that is not yet implemented.
+	ErrUnsupportedAlgorithm = errors.New("go-jose/go-jose: unknown/unsupported algorithm")
+
+	// ErrUnsupportedKeyType indicates that the given key type/format is not
+	// supported. This occurs when trying to instantiate an encrypter and passing
+	// it a key of an unrecognized type or with unsupported parameters, such as
+	// an RSA private key with more than two primes.
+	ErrUnsupportedKeyType = errors.New("go-jose/go-jose: unsupported key type/format")
+
+	// ErrInvalidKeySize indicates that the given key is not the correct size
+	// for the selected algorithm. This can occur, for example, when trying to
+	// encrypt with AES-256 but passing only a 128-bit key as input.
+	ErrInvalidKeySize = errors.New("go-jose/go-jose: invalid key size for algorithm")
+
+	// ErrNotSupported serialization of object is not supported. This occurs when
+	// trying to compact-serialize an object which can't be represented in
+	// compact form.
+	ErrNotSupported = errors.New("go-jose/go-jose: compact serialization not supported for object")
+
+	// ErrUnprotectedNonce indicates that while parsing a JWS or JWE object, a
+	// nonce header parameter was included in an unprotected header object.
+	ErrUnprotectedNonce = errors.New("go-jose/go-jose: Nonce parameter included in unprotected header")
+)
+
+// Key management algorithms
+const (
+	ED25519            = KeyAlgorithm("ED25519")
+	RSA1_5             = KeyAlgorithm("RSA1_5")             // RSA-PKCS1v1.5
+	RSA_OAEP           = KeyAlgorithm("RSA-OAEP")           // RSA-OAEP-SHA1
+	RSA_OAEP_256       = KeyAlgorithm("RSA-OAEP-256")       // RSA-OAEP-SHA256
+	A128KW             = KeyAlgorithm("A128KW")             // AES key wrap (128)
+	A192KW             = KeyAlgorithm("A192KW")             // AES key wrap (192)
+	A256KW             = KeyAlgorithm("A256KW")             // AES key wrap (256)
+	DIRECT             = KeyAlgorithm("dir")                // Direct encryption
+	ECDH_ES            = KeyAlgorithm("ECDH-ES")            // ECDH-ES
+	ECDH_ES_A128KW     = KeyAlgorithm("ECDH-ES+A128KW")     // ECDH-ES + AES key wrap (128)
+	ECDH_ES_A192KW     = KeyAlgorithm("ECDH-ES+A192KW")     // ECDH-ES + AES key wrap (192)
+	ECDH_ES_A256KW     = KeyAlgorithm("ECDH-ES+A256KW")     // ECDH-ES + AES key wrap (256)
+	A128GCMKW          = KeyAlgorithm("A128GCMKW")          // AES-GCM key wrap (128)
+	A192GCMKW          = KeyAlgorithm("A192GCMKW")          // AES-GCM key wrap (192)
+	A256GCMKW          = KeyAlgorithm("A256GCMKW")          // AES-GCM key wrap (256)
+	PBES2_HS256_A128KW = KeyAlgorithm("PBES2-HS256+A128KW") // PBES2 + HMAC-SHA256 + AES key wrap (128)
+	PBES2_HS384_A192KW = KeyAlgorithm("PBES2-HS384+A192KW") // PBES2 + HMAC-SHA384 + AES key wrap (192)
+	PBES2_HS512_A256KW = KeyAlgorithm("PBES2-HS512+A256KW") // PBES2 + HMAC-SHA512 + AES key wrap (256)
+)
+
+// Signature algorithms
+const (
+	EdDSA = SignatureAlgorithm("EdDSA")
+	HS256 = SignatureAlgorithm("HS256") // HMAC using SHA-256
+	HS384 = SignatureAlgorithm("HS384") // HMAC using SHA-384
+	HS512 = SignatureAlgorithm("HS512") // HMAC using SHA-512
+	RS256 = SignatureAlgorithm("RS256") // RSASSA-PKCS-v1.5 using SHA-256
+	RS384 = SignatureAlgorithm("RS384") // RSASSA-PKCS-v1.5 using SHA-384
+	RS512 = SignatureAlgorithm("RS512") // RSASSA-PKCS-v1.5 using SHA-512
+	ES256 = SignatureAlgorithm("ES256") // ECDSA using P-256 and SHA-256
+	ES384 = SignatureAlgorithm("ES384") // ECDSA using P-384 and SHA-384
+	ES512 = SignatureAlgorithm("ES512") // ECDSA using P-521 and SHA-512
+	PS256 = SignatureAlgorithm("PS256") // RSASSA-PSS using SHA256 and MGF1-SHA256
+	PS384 = SignatureAlgorithm("PS384") // RSASSA-PSS using SHA384 and MGF1-SHA384
+	PS512 = SignatureAlgorithm("PS512") // RSASSA-PSS using SHA512 and MGF1-SHA512
+)
+
+// Content encryption algorithms
+const (
+	A128CBC_HS256 = ContentEncryption("A128CBC-HS256") // AES-CBC + HMAC-SHA256 (128)
+	A192CBC_HS384 = ContentEncryption("A192CBC-HS384") // AES-CBC + HMAC-SHA384 (192)
+	A256CBC_HS512 = ContentEncryption("A256CBC-HS512") // AES-CBC + HMAC-SHA512 (256)
+	A128GCM       = ContentEncryption("A128GCM")       // AES-GCM (128)
+	A192GCM       = ContentEncryption("A192GCM")       // AES-GCM (192)
+	A256GCM       = ContentEncryption("A256GCM")       // AES-GCM (256)
+)
+
+// Compression algorithms
+const (
+	NONE    = CompressionAlgorithm("")    // No compression
+	DEFLATE = CompressionAlgorithm("DEF") // DEFLATE (RFC 1951)
+)
+
+// A key in the protected header of a JWS object. Use of the Header...
+// constants is preferred to enhance type safety.
+type HeaderKey string
+
+const (
+	HeaderType        HeaderKey = "typ" // string
+	HeaderContentType           = "cty" // string
+
+	// These are set by go-jose and shouldn't need to be set by consumers of the
+	// library.
+	headerAlgorithm   = "alg"  // string
+	headerEncryption  = "enc"  // ContentEncryption
+	headerCompression = "zip"  // CompressionAlgorithm
+	headerCritical    = "crit" // []string
+
+	headerAPU = "apu" // *byteBuffer
+	headerAPV = "apv" // *byteBuffer
+	headerEPK = "epk" // *JSONWebKey
+	headerIV  = "iv"  // *byteBuffer
+	headerTag = "tag" // *byteBuffer
+	headerX5c = "x5c" // []*x509.Certificate
+
+	headerJWK   = "jwk"   // *JSONWebKey
+	headerKeyID = "kid"   // string
+	headerNonce = "nonce" // string
+	headerB64   = "b64"   // bool
+
+	headerP2C = "p2c" // *byteBuffer (int)
+	headerP2S = "p2s" // *byteBuffer ([]byte)
+
+)
+
+// supportedCritical is the set of supported extensions that are understood and processed.
+var supportedCritical = map[string]bool{
+	headerB64: true,
+}
+
+// rawHeader represents the JOSE header for JWE/JWS objects (used for parsing).
+//
+// The decoding of the constituent items is deferred because we want to marshal
+// some members into particular structs rather than generic maps, but at the
+// same time we need to receive any extra fields unhandled by this library to
+// pass through to consuming code in case it wants to examine them.
+type rawHeader map[HeaderKey]*json.RawMessage
+
+// Header represents the read-only JOSE header for JWE/JWS objects.
+type Header struct {
+	KeyID      string
+	JSONWebKey *JSONWebKey
+	Algorithm  string
+	Nonce      string
+
+	// Unverified certificate chain parsed from x5c header.
+	certificates []*x509.Certificate
+
+	// Any headers not recognised above get unmarshalled
+	// from JSON in a generic manner and placed in this map.
+	ExtraHeaders map[HeaderKey]interface{}
+}
+
+// Certificates verifies & returns the certificate chain present
+// in the x5c header field of a message, if one was present. Returns
+// an error if there was no x5c header present or the chain could
+// not be validated with the given verify options.
+func (h Header) Certificates(opts x509.VerifyOptions) ([][]*x509.Certificate, error) {
+	if len(h.certificates) == 0 {
+		return nil, errors.New("go-jose/go-jose: no x5c header present in message")
+	}
+
+	leaf := h.certificates[0]
+	if opts.Intermediates == nil {
+		opts.Intermediates = x509.NewCertPool()
+		for _, intermediate := range h.certificates[1:] {
+			opts.Intermediates.AddCert(intermediate)
+		}
+	}
+
+	return leaf.Verify(opts)
+}
+
+func (parsed rawHeader) set(k HeaderKey, v interface{}) error {
+	b, err := json.Marshal(v)
+	if err != nil {
+		return err
+	}
+
+	parsed[k] = makeRawMessage(b)
+	return nil
+}
+
+// getString gets a string from the raw JSON, defaulting to "".
+func (parsed rawHeader) getString(k HeaderKey) string {
+	v, ok := parsed[k]
+	if !ok || v == nil {
+		return ""
+	}
+	var s string
+	err := json.Unmarshal(*v, &s)
+	if err != nil {
+		return ""
+	}
+	return s
+}
+
+// getByteBuffer gets a byte buffer from the raw JSON. Returns (nil, nil) if
+// not specified.
+func (parsed rawHeader) getByteBuffer(k HeaderKey) (*byteBuffer, error) {
+	v := parsed[k]
+	if v == nil {
+		return nil, nil
+	}
+	var bb *byteBuffer
+	err := json.Unmarshal(*v, &bb)
+	if err != nil {
+		return nil, err
+	}
+	return bb, nil
+}
+
+// getAlgorithm extracts parsed "alg" from the raw JSON as a KeyAlgorithm.
+func (parsed rawHeader) getAlgorithm() KeyAlgorithm {
+	return KeyAlgorithm(parsed.getString(headerAlgorithm))
+}
+
+// getSignatureAlgorithm extracts parsed "alg" from the raw JSON as a SignatureAlgorithm.
+func (parsed rawHeader) getSignatureAlgorithm() SignatureAlgorithm {
+	return SignatureAlgorithm(parsed.getString(headerAlgorithm))
+}
+
+// getEncryption extracts parsed "enc" from the raw JSON.
+func (parsed rawHeader) getEncryption() ContentEncryption {
+	return ContentEncryption(parsed.getString(headerEncryption))
+}
+
+// getCompression extracts parsed "zip" from the raw JSON.
+func (parsed rawHeader) getCompression() CompressionAlgorithm {
+	return CompressionAlgorithm(parsed.getString(headerCompression))
+}
+
+func (parsed rawHeader) getNonce() string {
+	return parsed.getString(headerNonce)
+}
+
+// getEPK extracts parsed "epk" from the raw JSON.
+func (parsed rawHeader) getEPK() (*JSONWebKey, error) {
+	v := parsed[headerEPK]
+	if v == nil {
+		return nil, nil
+	}
+	var epk *JSONWebKey
+	err := json.Unmarshal(*v, &epk)
+	if err != nil {
+		return nil, err
+	}
+	return epk, nil
+}
+
+// getAPU extracts parsed "apu" from the raw JSON.
+func (parsed rawHeader) getAPU() (*byteBuffer, error) {
+	return parsed.getByteBuffer(headerAPU)
+}
+
+// getAPV extracts parsed "apv" from the raw JSON.
+func (parsed rawHeader) getAPV() (*byteBuffer, error) {
+	return parsed.getByteBuffer(headerAPV)
+}
+
+// getIV extracts parsed "iv" from the raw JSON.
+func (parsed rawHeader) getIV() (*byteBuffer, error) {
+	return parsed.getByteBuffer(headerIV)
+}
+
+// getTag extracts parsed "tag" from the raw JSON.
+func (parsed rawHeader) getTag() (*byteBuffer, error) {
+	return parsed.getByteBuffer(headerTag)
+}
+
+// getJWK extracts parsed "jwk" from the raw JSON.
+func (parsed rawHeader) getJWK() (*JSONWebKey, error) {
+	v := parsed[headerJWK]
+	if v == nil {
+		return nil, nil
+	}
+	var jwk *JSONWebKey
+	err := json.Unmarshal(*v, &jwk)
+	if err != nil {
+		return nil, err
+	}
+	return jwk, nil
+}
+
+// getCritical extracts parsed "crit" from the raw JSON. If omitted, it
+// returns an empty slice.
+func (parsed rawHeader) getCritical() ([]string, error) {
+	v := parsed[headerCritical]
+	if v == nil {
+		return nil, nil
+	}
+
+	var q []string
+	err := json.Unmarshal(*v, &q)
+	if err != nil {
+		return nil, err
+	}
+	return q, nil
+}
+
+// getS2C extracts parsed "p2c" from the raw JSON.
+func (parsed rawHeader) getP2C() (int, error) {
+	v := parsed[headerP2C]
+	if v == nil {
+		return 0, nil
+	}
+
+	var p2c int
+	err := json.Unmarshal(*v, &p2c)
+	if err != nil {
+		return 0, err
+	}
+	return p2c, nil
+}
+
+// getS2S extracts parsed "p2s" from the raw JSON.
+func (parsed rawHeader) getP2S() (*byteBuffer, error) {
+	return parsed.getByteBuffer(headerP2S)
+}
+
+// getB64 extracts parsed "b64" from the raw JSON, defaulting to true.
+func (parsed rawHeader) getB64() (bool, error) {
+	v := parsed[headerB64]
+	if v == nil {
+		return true, nil
+	}
+
+	var b64 bool
+	err := json.Unmarshal(*v, &b64)
+	if err != nil {
+		return true, err
+	}
+	return b64, nil
+}
+
+// sanitized produces a cleaned-up header object from the raw JSON.
+func (parsed rawHeader) sanitized() (h Header, err error) {
+	for k, v := range parsed {
+		if v == nil {
+			continue
+		}
+		switch k {
+		case headerJWK:
+			var jwk *JSONWebKey
+			err = json.Unmarshal(*v, &jwk)
+			if err != nil {
+				err = fmt.Errorf("failed to unmarshal JWK: %v: %#v", err, string(*v))
+				return
+			}
+			h.JSONWebKey = jwk
+		case headerKeyID:
+			var s string
+			err = json.Unmarshal(*v, &s)
+			if err != nil {
+				err = fmt.Errorf("failed to unmarshal key ID: %v: %#v", err, string(*v))
+				return
+			}
+			h.KeyID = s
+		case headerAlgorithm:
+			var s string
+			err = json.Unmarshal(*v, &s)
+			if err != nil {
+				err = fmt.Errorf("failed to unmarshal algorithm: %v: %#v", err, string(*v))
+				return
+			}
+			h.Algorithm = s
+		case headerNonce:
+			var s string
+			err = json.Unmarshal(*v, &s)
+			if err != nil {
+				err = fmt.Errorf("failed to unmarshal nonce: %v: %#v", err, string(*v))
+				return
+			}
+			h.Nonce = s
+		case headerX5c:
+			c := []string{}
+			err = json.Unmarshal(*v, &c)
+			if err != nil {
+				err = fmt.Errorf("failed to unmarshal x5c header: %v: %#v", err, string(*v))
+				return
+			}
+			h.certificates, err = parseCertificateChain(c)
+			if err != nil {
+				err = fmt.Errorf("failed to unmarshal x5c header: %v: %#v", err, string(*v))
+				return
+			}
+		default:
+			if h.ExtraHeaders == nil {
+				h.ExtraHeaders = map[HeaderKey]interface{}{}
+			}
+			var v2 interface{}
+			err = json.Unmarshal(*v, &v2)
+			if err != nil {
+				err = fmt.Errorf("failed to unmarshal value: %v: %#v", err, string(*v))
+				return
+			}
+			h.ExtraHeaders[k] = v2
+		}
+	}
+	return
+}
+
+func parseCertificateChain(chain []string) ([]*x509.Certificate, error) {
+	out := make([]*x509.Certificate, len(chain))
+	for i, cert := range chain {
+		raw, err := base64.StdEncoding.DecodeString(cert)
+		if err != nil {
+			return nil, err
+		}
+		out[i], err = x509.ParseCertificate(raw)
+		if err != nil {
+			return nil, err
+		}
+	}
+	return out, nil
+}
+
+func (dst rawHeader) isSet(k HeaderKey) bool {
+	dvr := dst[k]
+	if dvr == nil {
+		return false
+	}
+
+	var dv interface{}
+	err := json.Unmarshal(*dvr, &dv)
+	if err != nil {
+		return true
+	}
+
+	if dvStr, ok := dv.(string); ok {
+		return dvStr != ""
+	}
+
+	return true
+}
+
+// Merge headers from src into dst, giving precedence to headers from l.
+func (dst rawHeader) merge(src *rawHeader) {
+	if src == nil {
+		return
+	}
+
+	for k, v := range *src {
+		if dst.isSet(k) {
+			continue
+		}
+
+		dst[k] = v
+	}
+}
+
+// Get JOSE name of curve
+func curveName(crv elliptic.Curve) (string, error) {
+	switch crv {
+	case elliptic.P256():
+		return "P-256", nil
+	case elliptic.P384():
+		return "P-384", nil
+	case elliptic.P521():
+		return "P-521", nil
+	default:
+		return "", fmt.Errorf("go-jose/go-jose: unsupported/unknown elliptic curve")
+	}
+}
+
+// Get size of curve in bytes
+func curveSize(crv elliptic.Curve) int {
+	bits := crv.Params().BitSize
+
+	div := bits / 8
+	mod := bits % 8
+
+	if mod == 0 {
+		return div
+	}
+
+	return div + 1
+}
+
+func makeRawMessage(b []byte) *json.RawMessage {
+	rm := json.RawMessage(b)
+	return &rm
+}
diff --git a/vendor/gopkg.in/go-jose/go-jose.v2/signing.go b/vendor/gopkg.in/go-jose/go-jose.v2/signing.go
new file mode 100644
index 000000000..5195a1a91
--- /dev/null
+++ b/vendor/gopkg.in/go-jose/go-jose.v2/signing.go
@@ -0,0 +1,441 @@
+/*-
+ * Copyright 2014 Square Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package jose
+
+import (
+	"bytes"
+	"crypto/ecdsa"
+	"crypto/rsa"
+	"encoding/base64"
+	"errors"
+	"fmt"
+
+	"golang.org/x/crypto/ed25519"
+
+	"gopkg.in/go-jose/go-jose.v2/json"
+)
+
+// NonceSource represents a source of random nonces to go into JWS objects
+type NonceSource interface {
+	Nonce() (string, error)
+}
+
+// Signer represents a signer which takes a payload and produces a signed JWS object.
+type Signer interface {
+	Sign(payload []byte) (*JSONWebSignature, error)
+	Options() SignerOptions
+}
+
+// SigningKey represents an algorithm/key used to sign a message.
+type SigningKey struct {
+	Algorithm SignatureAlgorithm
+	Key       interface{}
+}
+
+// SignerOptions represents options that can be set when creating signers.
+type SignerOptions struct {
+	NonceSource NonceSource
+	EmbedJWK    bool
+
+	// Optional map of additional keys to be inserted into the protected header
+	// of a JWS object. Some specifications which make use of JWS like to insert
+	// additional values here. All values must be JSON-serializable.
+	ExtraHeaders map[HeaderKey]interface{}
+}
+
+// WithHeader adds an arbitrary value to the ExtraHeaders map, initializing it
+// if necessary. It returns itself and so can be used in a fluent style.
+func (so *SignerOptions) WithHeader(k HeaderKey, v interface{}) *SignerOptions {
+	if so.ExtraHeaders == nil {
+		so.ExtraHeaders = map[HeaderKey]interface{}{}
+	}
+	so.ExtraHeaders[k] = v
+	return so
+}
+
+// WithContentType adds a content type ("cty") header and returns the updated
+// SignerOptions.
+func (so *SignerOptions) WithContentType(contentType ContentType) *SignerOptions {
+	return so.WithHeader(HeaderContentType, contentType)
+}
+
+// WithType adds a type ("typ") header and returns the updated SignerOptions.
+func (so *SignerOptions) WithType(typ ContentType) *SignerOptions {
+	return so.WithHeader(HeaderType, typ)
+}
+
+// WithCritical adds the given names to the critical ("crit") header and returns
+// the updated SignerOptions.
+func (so *SignerOptions) WithCritical(names ...string) *SignerOptions {
+	if so.ExtraHeaders[headerCritical] == nil {
+		so.WithHeader(headerCritical, make([]string, 0, len(names)))
+	}
+	crit := so.ExtraHeaders[headerCritical].([]string)
+	so.ExtraHeaders[headerCritical] = append(crit, names...)
+	return so
+}
+
+// WithBase64 adds a base64url-encode payload ("b64") header and returns the updated
+// SignerOptions. When the "b64" value is "false", the payload is not base64 encoded.
+func (so *SignerOptions) WithBase64(b64 bool) *SignerOptions {
+	if !b64 {
+		so.WithHeader(headerB64, b64)
+		so.WithCritical(headerB64)
+	}
+	return so
+}
+
+type payloadSigner interface {
+	signPayload(payload []byte, alg SignatureAlgorithm) (Signature, error)
+}
+
+type payloadVerifier interface {
+	verifyPayload(payload []byte, signature []byte, alg SignatureAlgorithm) error
+}
+
+type genericSigner struct {
+	recipients   []recipientSigInfo
+	nonceSource  NonceSource
+	embedJWK     bool
+	extraHeaders map[HeaderKey]interface{}
+}
+
+type recipientSigInfo struct {
+	sigAlg    SignatureAlgorithm
+	publicKey func() *JSONWebKey
+	signer    payloadSigner
+}
+
+func staticPublicKey(jwk *JSONWebKey) func() *JSONWebKey {
+	return func() *JSONWebKey {
+		return jwk
+	}
+}
+
+// NewSigner creates an appropriate signer based on the key type
+func NewSigner(sig SigningKey, opts *SignerOptions) (Signer, error) {
+	return NewMultiSigner([]SigningKey{sig}, opts)
+}
+
+// NewMultiSigner creates a signer for multiple recipients
+func NewMultiSigner(sigs []SigningKey, opts *SignerOptions) (Signer, error) {
+	signer := &genericSigner{recipients: []recipientSigInfo{}}
+
+	if opts != nil {
+		signer.nonceSource = opts.NonceSource
+		signer.embedJWK = opts.EmbedJWK
+		signer.extraHeaders = opts.ExtraHeaders
+	}
+
+	for _, sig := range sigs {
+		err := signer.addRecipient(sig.Algorithm, sig.Key)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	return signer, nil
+}
+
+// newVerifier creates a verifier based on the key type
+func newVerifier(verificationKey interface{}) (payloadVerifier, error) {
+	switch verificationKey := verificationKey.(type) {
+	case ed25519.PublicKey:
+		return &edEncrypterVerifier{
+			publicKey: verificationKey,
+		}, nil
+	case *rsa.PublicKey:
+		return &rsaEncrypterVerifier{
+			publicKey: verificationKey,
+		}, nil
+	case *ecdsa.PublicKey:
+		return &ecEncrypterVerifier{
+			publicKey: verificationKey,
+		}, nil
+	case []byte:
+		return &symmetricMac{
+			key: verificationKey,
+		}, nil
+	case JSONWebKey:
+		return newVerifier(verificationKey.Key)
+	case *JSONWebKey:
+		return newVerifier(verificationKey.Key)
+	}
+	if ov, ok := verificationKey.(OpaqueVerifier); ok {
+		return &opaqueVerifier{verifier: ov}, nil
+	}
+	return nil, ErrUnsupportedKeyType
+}
+
+func (ctx *genericSigner) addRecipient(alg SignatureAlgorithm, signingKey interface{}) error {
+	recipient, err := makeJWSRecipient(alg, signingKey)
+	if err != nil {
+		return err
+	}
+
+	ctx.recipients = append(ctx.recipients, recipient)
+	return nil
+}
+
+func makeJWSRecipient(alg SignatureAlgorithm, signingKey interface{}) (recipientSigInfo, error) {
+	switch signingKey := signingKey.(type) {
+	case ed25519.PrivateKey:
+		return newEd25519Signer(alg, signingKey)
+	case *rsa.PrivateKey:
+		return newRSASigner(alg, signingKey)
+	case *ecdsa.PrivateKey:
+		return newECDSASigner(alg, signingKey)
+	case []byte:
+		return newSymmetricSigner(alg, signingKey)
+	case JSONWebKey:
+		return newJWKSigner(alg, signingKey)
+	case *JSONWebKey:
+		return newJWKSigner(alg, *signingKey)
+	}
+	if signer, ok := signingKey.(OpaqueSigner); ok {
+		return newOpaqueSigner(alg, signer)
+	}
+	return recipientSigInfo{}, ErrUnsupportedKeyType
+}
+
+func newJWKSigner(alg SignatureAlgorithm, signingKey JSONWebKey) (recipientSigInfo, error) {
+	recipient, err := makeJWSRecipient(alg, signingKey.Key)
+	if err != nil {
+		return recipientSigInfo{}, err
+	}
+	if recipient.publicKey != nil && recipient.publicKey() != nil {
+		// recipient.publicKey is a JWK synthesized for embedding when recipientSigInfo
+		// was created for the inner key (such as a RSA or ECDSA public key). It contains
+		// the pub key for embedding, but doesn't have extra params like key id.
+		publicKey := signingKey
+		publicKey.Key = recipient.publicKey().Key
+		recipient.publicKey = staticPublicKey(&publicKey)
+
+		// This should be impossible, but let's check anyway.
+		if !recipient.publicKey().IsPublic() {
+			return recipientSigInfo{}, errors.New("go-jose/go-jose: public key was unexpectedly not public")
+		}
+	}
+	return recipient, nil
+}
+
+func (ctx *genericSigner) Sign(payload []byte) (*JSONWebSignature, error) {
+	obj := &JSONWebSignature{}
+	obj.payload = payload
+	obj.Signatures = make([]Signature, len(ctx.recipients))
+
+	for i, recipient := range ctx.recipients {
+		protected := map[HeaderKey]interface{}{
+			headerAlgorithm: string(recipient.sigAlg),
+		}
+
+		if recipient.publicKey != nil && recipient.publicKey() != nil {
+			// We want to embed the JWK or set the kid header, but not both. Having a protected
+			// header that contains an embedded JWK while also simultaneously containing the kid
+			// header is confusing, and at least in ACME the two are considered to be mutually
+			// exclusive. The fact that both can exist at the same time is a somewhat unfortunate
+			// result of the JOSE spec. We've decided that this library will only include one or
+			// the other to avoid this confusion.
+			//
+			// See https://github.com/go-jose/go-jose/issues/157 for more context.
+			if ctx.embedJWK {
+				protected[headerJWK] = recipient.publicKey()
+			} else {
+				keyID := recipient.publicKey().KeyID
+				if keyID != "" {
+					protected[headerKeyID] = keyID
+				}
+			}
+		}
+
+		if ctx.nonceSource != nil {
+			nonce, err := ctx.nonceSource.Nonce()
+			if err != nil {
+				return nil, fmt.Errorf("go-jose/go-jose: Error generating nonce: %v", err)
+			}
+			protected[headerNonce] = nonce
+		}
+
+		for k, v := range ctx.extraHeaders {
+			protected[k] = v
+		}
+
+		serializedProtected := mustSerializeJSON(protected)
+		needsBase64 := true
+
+		if b64, ok := protected[headerB64]; ok {
+			if needsBase64, ok = b64.(bool); !ok {
+				return nil, errors.New("go-jose/go-jose: Invalid b64 header parameter")
+			}
+		}
+
+		var input bytes.Buffer
+
+		input.WriteString(base64.RawURLEncoding.EncodeToString(serializedProtected))
+		input.WriteByte('.')
+
+		if needsBase64 {
+			input.WriteString(base64.RawURLEncoding.EncodeToString(payload))
+		} else {
+			input.Write(payload)
+		}
+
+		signatureInfo, err := recipient.signer.signPayload(input.Bytes(), recipient.sigAlg)
+		if err != nil {
+			return nil, err
+		}
+
+		signatureInfo.protected = &rawHeader{}
+		for k, v := range protected {
+			b, err := json.Marshal(v)
+			if err != nil {
+				return nil, fmt.Errorf("go-jose/go-jose: Error marshalling item %#v: %v", k, err)
+			}
+			(*signatureInfo.protected)[k] = makeRawMessage(b)
+		}
+		obj.Signatures[i] = signatureInfo
+	}
+
+	return obj, nil
+}
+
+func (ctx *genericSigner) Options() SignerOptions {
+	return SignerOptions{
+		NonceSource:  ctx.nonceSource,
+		EmbedJWK:     ctx.embedJWK,
+		ExtraHeaders: ctx.extraHeaders,
+	}
+}
+
+// Verify validates the signature on the object and returns the payload.
+// This function does not support multi-signature, if you desire multi-sig
+// verification use VerifyMulti instead.
+//
+// Be careful when verifying signatures based on embedded JWKs inside the
+// payload header. You cannot assume that the key received in a payload is
+// trusted.
+func (obj JSONWebSignature) Verify(verificationKey interface{}) ([]byte, error) {
+	err := obj.DetachedVerify(obj.payload, verificationKey)
+	if err != nil {
+		return nil, err
+	}
+	return obj.payload, nil
+}
+
+// UnsafePayloadWithoutVerification returns the payload without
+// verifying it. The content returned from this function cannot be
+// trusted.
+func (obj JSONWebSignature) UnsafePayloadWithoutVerification() []byte {
+	return obj.payload
+}
+
+// DetachedVerify validates a detached signature on the given payload. In
+// most cases, you will probably want to use Verify instead. DetachedVerify
+// is only useful if you have a payload and signature that are separated from
+// each other.
+func (obj JSONWebSignature) DetachedVerify(payload []byte, verificationKey interface{}) error {
+	verifier, err := newVerifier(verificationKey)
+	if err != nil {
+		return err
+	}
+
+	if len(obj.Signatures) > 1 {
+		return errors.New("go-jose/go-jose: too many signatures in payload; expecting only one")
+	}
+
+	signature := obj.Signatures[0]
+	headers := signature.mergedHeaders()
+	critical, err := headers.getCritical()
+	if err != nil {
+		return err
+	}
+
+	for _, name := range critical {
+		if !supportedCritical[name] {
+			return ErrCryptoFailure
+		}
+	}
+
+	input, err := obj.computeAuthData(payload, &signature)
+	if err != nil {
+		return ErrCryptoFailure
+	}
+
+	alg := headers.getSignatureAlgorithm()
+	err = verifier.verifyPayload(input, signature.Signature, alg)
+	if err == nil {
+		return nil
+	}
+
+	return ErrCryptoFailure
+}
+
+// VerifyMulti validates (one of the multiple) signatures on the object and
+// returns the index of the signature that was verified, along with the signature
+// object and the payload. We return the signature and index to guarantee that
+// callers are getting the verified value.
+func (obj JSONWebSignature) VerifyMulti(verificationKey interface{}) (int, Signature, []byte, error) {
+	idx, sig, err := obj.DetachedVerifyMulti(obj.payload, verificationKey)
+	if err != nil {
+		return -1, Signature{}, nil, err
+	}
+	return idx, sig, obj.payload, nil
+}
+
+// DetachedVerifyMulti validates a detached signature on the given payload with
+// a signature/object that has potentially multiple signers. This returns the index
+// of the signature that was verified, along with the signature object. We return
+// the signature and index to guarantee that callers are getting the verified value.
+//
+// In most cases, you will probably want to use Verify or VerifyMulti instead.
+// DetachedVerifyMulti is only useful if you have a payload and signature that are
+// separated from each other, and the signature can have multiple signers at the
+// same time.
+func (obj JSONWebSignature) DetachedVerifyMulti(payload []byte, verificationKey interface{}) (int, Signature, error) {
+	verifier, err := newVerifier(verificationKey)
+	if err != nil {
+		return -1, Signature{}, err
+	}
+
+outer:
+	for i, signature := range obj.Signatures {
+		headers := signature.mergedHeaders()
+		critical, err := headers.getCritical()
+		if err != nil {
+			continue
+		}
+
+		for _, name := range critical {
+			if !supportedCritical[name] {
+				continue outer
+			}
+		}
+
+		input, err := obj.computeAuthData(payload, &signature)
+		if err != nil {
+			continue
+		}
+
+		alg := headers.getSignatureAlgorithm()
+		err = verifier.verifyPayload(input, signature.Signature, alg)
+		if err == nil {
+			return i, signature, nil
+		}
+	}
+
+	return -1, Signature{}, ErrCryptoFailure
+}
diff --git a/vendor/gopkg.in/go-jose/go-jose.v2/symmetric.go b/vendor/gopkg.in/go-jose/go-jose.v2/symmetric.go
new file mode 100644
index 000000000..2b8076f5f
--- /dev/null
+++ b/vendor/gopkg.in/go-jose/go-jose.v2/symmetric.go
@@ -0,0 +1,482 @@
+/*-
+ * Copyright 2014 Square Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package jose
+
+import (
+	"bytes"
+	"crypto/aes"
+	"crypto/cipher"
+	"crypto/hmac"
+	"crypto/rand"
+	"crypto/sha256"
+	"crypto/sha512"
+	"crypto/subtle"
+	"errors"
+	"fmt"
+	"hash"
+	"io"
+
+	"golang.org/x/crypto/pbkdf2"
+	"gopkg.in/go-jose/go-jose.v2/cipher"
+)
+
+// Random reader (stubbed out in tests)
+var RandReader = rand.Reader
+
+const (
+	// RFC7518 recommends a minimum of 1,000 iterations:
+	// https://tools.ietf.org/html/rfc7518#section-4.8.1.2
+	// NIST recommends a minimum of 10,000:
+	// https://pages.nist.gov/800-63-3/sp800-63b.html
+	// 1Password uses 100,000:
+	// https://support.1password.com/pbkdf2/
+	defaultP2C = 100000
+	// Default salt size: 128 bits
+	defaultP2SSize = 16
+)
+
+// Dummy key cipher for shared symmetric key mode
+type symmetricKeyCipher struct {
+	key []byte // Pre-shared content-encryption key
+	p2c int    // PBES2 Count
+	p2s []byte // PBES2 Salt Input
+}
+
+// Signer/verifier for MAC modes
+type symmetricMac struct {
+	key []byte
+}
+
+// Input/output from an AEAD operation
+type aeadParts struct {
+	iv, ciphertext, tag []byte
+}
+
+// A content cipher based on an AEAD construction
+type aeadContentCipher struct {
+	keyBytes     int
+	authtagBytes int
+	getAead      func(key []byte) (cipher.AEAD, error)
+}
+
+// Random key generator
+type randomKeyGenerator struct {
+	size int
+}
+
+// Static key generator
+type staticKeyGenerator struct {
+	key []byte
+}
+
+// Create a new content cipher based on AES-GCM
+func newAESGCM(keySize int) contentCipher {
+	return &aeadContentCipher{
+		keyBytes:     keySize,
+		authtagBytes: 16,
+		getAead: func(key []byte) (cipher.AEAD, error) {
+			aes, err := aes.NewCipher(key)
+			if err != nil {
+				return nil, err
+			}
+
+			return cipher.NewGCM(aes)
+		},
+	}
+}
+
+// Create a new content cipher based on AES-CBC+HMAC
+func newAESCBC(keySize int) contentCipher {
+	return &aeadContentCipher{
+		keyBytes:     keySize * 2,
+		authtagBytes: keySize,
+		getAead: func(key []byte) (cipher.AEAD, error) {
+			return josecipher.NewCBCHMAC(key, aes.NewCipher)
+		},
+	}
+}
+
+// Get an AEAD cipher object for the given content encryption algorithm
+func getContentCipher(alg ContentEncryption) contentCipher {
+	switch alg {
+	case A128GCM:
+		return newAESGCM(16)
+	case A192GCM:
+		return newAESGCM(24)
+	case A256GCM:
+		return newAESGCM(32)
+	case A128CBC_HS256:
+		return newAESCBC(16)
+	case A192CBC_HS384:
+		return newAESCBC(24)
+	case A256CBC_HS512:
+		return newAESCBC(32)
+	default:
+		return nil
+	}
+}
+
+// getPbkdf2Params returns the key length and hash function used in
+// pbkdf2.Key.
+func getPbkdf2Params(alg KeyAlgorithm) (int, func() hash.Hash) {
+	switch alg {
+	case PBES2_HS256_A128KW:
+		return 16, sha256.New
+	case PBES2_HS384_A192KW:
+		return 24, sha512.New384
+	case PBES2_HS512_A256KW:
+		return 32, sha512.New
+	default:
+		panic("invalid algorithm")
+	}
+}
+
+// getRandomSalt generates a new salt of the given size.
+func getRandomSalt(size int) ([]byte, error) {
+	salt := make([]byte, size)
+	_, err := io.ReadFull(RandReader, salt)
+	if err != nil {
+		return nil, err
+	}
+
+	return salt, nil
+}
+
+// newSymmetricRecipient creates a JWE encrypter based on AES-GCM key wrap.
+func newSymmetricRecipient(keyAlg KeyAlgorithm, key []byte) (recipientKeyInfo, error) {
+	switch keyAlg {
+	case DIRECT, A128GCMKW, A192GCMKW, A256GCMKW, A128KW, A192KW, A256KW:
+	case PBES2_HS256_A128KW, PBES2_HS384_A192KW, PBES2_HS512_A256KW:
+	default:
+		return recipientKeyInfo{}, ErrUnsupportedAlgorithm
+	}
+
+	return recipientKeyInfo{
+		keyAlg: keyAlg,
+		keyEncrypter: &symmetricKeyCipher{
+			key: key,
+		},
+	}, nil
+}
+
+// newSymmetricSigner creates a recipientSigInfo based on the given key.
+func newSymmetricSigner(sigAlg SignatureAlgorithm, key []byte) (recipientSigInfo, error) {
+	// Verify that key management algorithm is supported by this encrypter
+	switch sigAlg {
+	case HS256, HS384, HS512:
+	default:
+		return recipientSigInfo{}, ErrUnsupportedAlgorithm
+	}
+
+	return recipientSigInfo{
+		sigAlg: sigAlg,
+		signer: &symmetricMac{
+			key: key,
+		},
+	}, nil
+}
+
+// Generate a random key for the given content cipher
+func (ctx randomKeyGenerator) genKey() ([]byte, rawHeader, error) {
+	key := make([]byte, ctx.size)
+	_, err := io.ReadFull(RandReader, key)
+	if err != nil {
+		return nil, rawHeader{}, err
+	}
+
+	return key, rawHeader{}, nil
+}
+
+// Key size for random generator
+func (ctx randomKeyGenerator) keySize() int {
+	return ctx.size
+}
+
+// Generate a static key (for direct mode)
+func (ctx staticKeyGenerator) genKey() ([]byte, rawHeader, error) {
+	cek := make([]byte, len(ctx.key))
+	copy(cek, ctx.key)
+	return cek, rawHeader{}, nil
+}
+
+// Key size for static generator
+func (ctx staticKeyGenerator) keySize() int {
+	return len(ctx.key)
+}
+
+// Get key size for this cipher
+func (ctx aeadContentCipher) keySize() int {
+	return ctx.keyBytes
+}
+
+// Encrypt some data
+func (ctx aeadContentCipher) encrypt(key, aad, pt []byte) (*aeadParts, error) {
+	// Get a new AEAD instance
+	aead, err := ctx.getAead(key)
+	if err != nil {
+		return nil, err
+	}
+
+	// Initialize a new nonce
+	iv := make([]byte, aead.NonceSize())
+	_, err = io.ReadFull(RandReader, iv)
+	if err != nil {
+		return nil, err
+	}
+
+	ciphertextAndTag := aead.Seal(nil, iv, pt, aad)
+	offset := len(ciphertextAndTag) - ctx.authtagBytes
+
+	return &aeadParts{
+		iv:         iv,
+		ciphertext: ciphertextAndTag[:offset],
+		tag:        ciphertextAndTag[offset:],
+	}, nil
+}
+
+// Decrypt some data
+func (ctx aeadContentCipher) decrypt(key, aad []byte, parts *aeadParts) ([]byte, error) {
+	aead, err := ctx.getAead(key)
+	if err != nil {
+		return nil, err
+	}
+
+	if len(parts.iv) != aead.NonceSize() || len(parts.tag) < ctx.authtagBytes {
+		return nil, ErrCryptoFailure
+	}
+
+	return aead.Open(nil, parts.iv, append(parts.ciphertext, parts.tag...), aad)
+}
+
+// Encrypt the content encryption key.
+func (ctx *symmetricKeyCipher) encryptKey(cek []byte, alg KeyAlgorithm) (recipientInfo, error) {
+	switch alg {
+	case DIRECT:
+		return recipientInfo{
+			header: &rawHeader{},
+		}, nil
+	case A128GCMKW, A192GCMKW, A256GCMKW:
+		aead := newAESGCM(len(ctx.key))
+
+		parts, err := aead.encrypt(ctx.key, []byte{}, cek)
+		if err != nil {
+			return recipientInfo{}, err
+		}
+
+		header := &rawHeader{}
+		header.set(headerIV, newBuffer(parts.iv))
+		header.set(headerTag, newBuffer(parts.tag))
+
+		return recipientInfo{
+			header:       header,
+			encryptedKey: parts.ciphertext,
+		}, nil
+	case A128KW, A192KW, A256KW:
+		block, err := aes.NewCipher(ctx.key)
+		if err != nil {
+			return recipientInfo{}, err
+		}
+
+		jek, err := josecipher.KeyWrap(block, cek)
+		if err != nil {
+			return recipientInfo{}, err
+		}
+
+		return recipientInfo{
+			encryptedKey: jek,
+			header:       &rawHeader{},
+		}, nil
+	case PBES2_HS256_A128KW, PBES2_HS384_A192KW, PBES2_HS512_A256KW:
+		if len(ctx.p2s) == 0 {
+			salt, err := getRandomSalt(defaultP2SSize)
+			if err != nil {
+				return recipientInfo{}, err
+			}
+			ctx.p2s = salt
+		}
+
+		if ctx.p2c <= 0 {
+			ctx.p2c = defaultP2C
+		}
+
+		// salt is UTF8(Alg) || 0x00 || Salt Input
+		salt := bytes.Join([][]byte{[]byte(alg), ctx.p2s}, []byte{0x00})
+
+		// derive key
+		keyLen, h := getPbkdf2Params(alg)
+		key := pbkdf2.Key(ctx.key, salt, ctx.p2c, keyLen, h)
+
+		// use AES cipher with derived key
+		block, err := aes.NewCipher(key)
+		if err != nil {
+			return recipientInfo{}, err
+		}
+
+		jek, err := josecipher.KeyWrap(block, cek)
+		if err != nil {
+			return recipientInfo{}, err
+		}
+
+		header := &rawHeader{}
+		header.set(headerP2C, ctx.p2c)
+		header.set(headerP2S, newBuffer(ctx.p2s))
+
+		return recipientInfo{
+			encryptedKey: jek,
+			header:       header,
+		}, nil
+	}
+
+	return recipientInfo{}, ErrUnsupportedAlgorithm
+}
+
+// Decrypt the content encryption key.
+func (ctx *symmetricKeyCipher) decryptKey(headers rawHeader, recipient *recipientInfo, generator keyGenerator) ([]byte, error) {
+	switch headers.getAlgorithm() {
+	case DIRECT:
+		cek := make([]byte, len(ctx.key))
+		copy(cek, ctx.key)
+		return cek, nil
+	case A128GCMKW, A192GCMKW, A256GCMKW:
+		aead := newAESGCM(len(ctx.key))
+
+		iv, err := headers.getIV()
+		if err != nil {
+			return nil, fmt.Errorf("go-jose/go-jose: invalid IV: %v", err)
+		}
+		tag, err := headers.getTag()
+		if err != nil {
+			return nil, fmt.Errorf("go-jose/go-jose: invalid tag: %v", err)
+		}
+
+		parts := &aeadParts{
+			iv:         iv.bytes(),
+			ciphertext: recipient.encryptedKey,
+			tag:        tag.bytes(),
+		}
+
+		cek, err := aead.decrypt(ctx.key, []byte{}, parts)
+		if err != nil {
+			return nil, err
+		}
+
+		return cek, nil
+	case A128KW, A192KW, A256KW:
+		block, err := aes.NewCipher(ctx.key)
+		if err != nil {
+			return nil, err
+		}
+
+		cek, err := josecipher.KeyUnwrap(block, recipient.encryptedKey)
+		if err != nil {
+			return nil, err
+		}
+		return cek, nil
+	case PBES2_HS256_A128KW, PBES2_HS384_A192KW, PBES2_HS512_A256KW:
+		p2s, err := headers.getP2S()
+		if err != nil {
+			return nil, fmt.Errorf("go-jose/go-jose: invalid P2S: %v", err)
+		}
+		if p2s == nil || len(p2s.data) == 0 {
+			return nil, fmt.Errorf("go-jose/go-jose: invalid P2S: must be present")
+		}
+
+		p2c, err := headers.getP2C()
+		if err != nil {
+			return nil, fmt.Errorf("go-jose/go-jose: invalid P2C: %v", err)
+		}
+		if p2c <= 0 {
+			return nil, fmt.Errorf("go-jose/go-jose: invalid P2C: must be a positive integer")
+		}
+
+		// salt is UTF8(Alg) || 0x00 || Salt Input
+		alg := headers.getAlgorithm()
+		salt := bytes.Join([][]byte{[]byte(alg), p2s.bytes()}, []byte{0x00})
+
+		// derive key
+		keyLen, h := getPbkdf2Params(alg)
+		key := pbkdf2.Key(ctx.key, salt, p2c, keyLen, h)
+
+		// use AES cipher with derived key
+		block, err := aes.NewCipher(key)
+		if err != nil {
+			return nil, err
+		}
+
+		cek, err := josecipher.KeyUnwrap(block, recipient.encryptedKey)
+		if err != nil {
+			return nil, err
+		}
+		return cek, nil
+	}
+
+	return nil, ErrUnsupportedAlgorithm
+}
+
+// Sign the given payload
+func (ctx symmetricMac) signPayload(payload []byte, alg SignatureAlgorithm) (Signature, error) {
+	mac, err := ctx.hmac(payload, alg)
+	if err != nil {
+		return Signature{}, errors.New("go-jose/go-jose: failed to compute hmac")
+	}
+
+	return Signature{
+		Signature: mac,
+		protected: &rawHeader{},
+	}, nil
+}
+
+// Verify the given payload
+func (ctx symmetricMac) verifyPayload(payload []byte, mac []byte, alg SignatureAlgorithm) error {
+	expected, err := ctx.hmac(payload, alg)
+	if err != nil {
+		return errors.New("go-jose/go-jose: failed to compute hmac")
+	}
+
+	if len(mac) != len(expected) {
+		return errors.New("go-jose/go-jose: invalid hmac")
+	}
+
+	match := subtle.ConstantTimeCompare(mac, expected)
+	if match != 1 {
+		return errors.New("go-jose/go-jose: invalid hmac")
+	}
+
+	return nil
+}
+
+// Compute the HMAC based on the given alg value
+func (ctx symmetricMac) hmac(payload []byte, alg SignatureAlgorithm) ([]byte, error) {
+	var hash func() hash.Hash
+
+	switch alg {
+	case HS256:
+		hash = sha256.New
+	case HS384:
+		hash = sha512.New384
+	case HS512:
+		hash = sha512.New
+	default:
+		return nil, ErrUnsupportedAlgorithm
+	}
+
+	hmac := hmac.New(hash, ctx.key)
+
+	// According to documentation, Write() on hash never fails
+	_, _ = hmac.Write(payload)
+	return hmac.Sum(nil), nil
+}
diff --git a/vendor/inet.af/netaddr/.gitignore b/vendor/inet.af/netaddr/.gitignore
new file mode 100644
index 000000000..c60fe1e0c
--- /dev/null
+++ b/vendor/inet.af/netaddr/.gitignore
@@ -0,0 +1,3 @@
+crashers
+suppressions
+netaddr-fuzz.zip
diff --git a/vendor/inet.af/netaddr/.gitmodules b/vendor/inet.af/netaddr/.gitmodules
new file mode 100644
index 000000000..e1ebefa58
--- /dev/null
+++ b/vendor/inet.af/netaddr/.gitmodules
@@ -0,0 +1,3 @@
+[submodule "corpus"]
+	path = corpus
+	url = https://github.com/inetaf/netaddr-corpus.git
diff --git a/vendor/inet.af/netaddr/AUTHORS b/vendor/inet.af/netaddr/AUTHORS
new file mode 100644
index 000000000..ac0d1591b
--- /dev/null
+++ b/vendor/inet.af/netaddr/AUTHORS
@@ -0,0 +1,4 @@
+Alex Willmer <alex@moreati.org.uk>
+Matt Layher <mdlayher@gmail.com>
+Tailscale Inc.
+Tobias Klauser <tklauser@distanz.ch>
diff --git a/vendor/inet.af/netaddr/LICENSE b/vendor/inet.af/netaddr/LICENSE
new file mode 100644
index 000000000..c47d4315a
--- /dev/null
+++ b/vendor/inet.af/netaddr/LICENSE
@@ -0,0 +1,27 @@
+Copyright (c) 2020 The Inet.af AUTHORS. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+   * Redistributions of source code must retain the above copyright
+notice, this list of conditions and the following disclaimer.
+   * Redistributions in binary form must reproduce the above
+copyright notice, this list of conditions and the following disclaimer
+in the documentation and/or other materials provided with the
+distribution.
+   * Neither the name of Tailscale Inc. nor the names of its
+contributors may be used to endorse or promote products derived from
+this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/vendor/inet.af/netaddr/README.md b/vendor/inet.af/netaddr/README.md
new file mode 100644
index 000000000..1fdaee5f5
--- /dev/null
+++ b/vendor/inet.af/netaddr/README.md
@@ -0,0 +1,46 @@
+# netaddr [![Test Status](https://github.com/inetaf/netaddr/workflows/Linux/badge.svg)](https://github.com/inetaf/netaddr/actions) [![Go Reference](https://pkg.go.dev/badge/inet.af/netaddr.svg)](https://pkg.go.dev/inet.af/netaddr)
+
+## Deprecated
+
+Please see https://pkg.go.dev/go4.org/netipx and the standard library's
+[`net/netip`](https://pkg.go.dev/net/netip).
+
+## What
+
+This is a package containing a new IP address type for Go.
+
+See its docs: https://pkg.go.dev/inet.af/netaddr
+
+## Status
+
+This package is mature, optimized, and used heavily in production at [Tailscale](https://tailscale.com).
+However, API stability is not yet guaranteed.
+
+netaddr is intended to be a core, low-level package.
+We take code review, testing, dependencies, and performance seriously, similar to Go's standard library or the golang.org/x repos.
+
+## Motivation
+
+See https://tailscale.com/blog/netaddr-new-ip-type-for-go/ for a long
+blog post about why we made a new IP address package.
+
+Other links:
+
+* https://github.com/golang/go/issues/18804 ("net: reconsider representation of IP")
+* https://github.com/golang/go/issues/18757 ("net: ParseIP should return an error, like other Parse functions")
+* https://github.com/golang/go/issues/37921 ("net: Unable to reliably distinguish IPv4-mapped-IPv6 addresses from regular IPv4 addresses")
+* merges net.IPAddr and net.IP (which the Go net package is a little torn between for legacy reasons)
+
+## Testing
+
+In addition to regular Go tests, netaddr uses fuzzing.
+The corpus is stored separately, in a submodule,
+to minimize the impact on everyone else.
+
+To use:
+
+```
+$ git submodule update --init
+$ go get -u github.com/dvyukov/go-fuzz/go-fuzz github.com/dvyukov/go-fuzz/go-fuzz-build
+$ go-fuzz-build && go-fuzz
+```
diff --git a/vendor/inet.af/netaddr/fuzz.go b/vendor/inet.af/netaddr/fuzz.go
new file mode 100644
index 000000000..cf1836dc0
--- /dev/null
+++ b/vendor/inet.af/netaddr/fuzz.go
@@ -0,0 +1,203 @@
+// Copyright 2020 The Inet.Af AUTHORS. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build gofuzz
+// +build gofuzz
+
+package netaddr
+
+import (
+	"bytes"
+	"encoding"
+	"fmt"
+	"net"
+	"reflect"
+	"strings"
+)
+
+func Fuzz(b []byte) int {
+	s := string(b)
+
+	ip, _ := ParseIP(s)
+	checkStringParseRoundTrip(ip, parseIP)
+	checkEncoding(ip)
+
+	// Check that we match the standard library's IP parser, modulo zones.
+	if !strings.Contains(s, "%") {
+		stdip := net.ParseIP(s)
+		if ip.IsZero() != (stdip == nil) {
+			fmt.Println("stdip=", stdip, "ip=", ip)
+			panic("net.ParseIP nil != ParseIP zero")
+		} else if !ip.IsZero() && !ip.Is4in6() && ip.String() != stdip.String() {
+			fmt.Println("ip=", ip, "stdip=", stdip)
+			panic("net.IP.String() != IP.String()")
+		}
+	}
+	// Check that .Next().Prior() and .Prior().Next() preserve the IP.
+	if !ip.IsZero() && !ip.Next().IsZero() && ip.Next().Prior() != ip {
+		fmt.Println("ip=", ip, ".next=", ip.Next(), ".next.prior=", ip.Next().Prior())
+		panic(".Next.Prior did not round trip")
+	}
+	if !ip.IsZero() && !ip.Prior().IsZero() && ip.Prior().Next() != ip {
+		fmt.Println("ip=", ip, ".prior=", ip.Prior(), ".prior.next=", ip.Prior().Next())
+		panic(".Prior.Next did not round trip")
+	}
+
+	port, err := ParseIPPort(s)
+	if err == nil {
+		checkStringParseRoundTrip(port, parseIPPort)
+		checkEncoding(port)
+	}
+	port = IPPortFrom(ip, 80)
+	checkStringParseRoundTrip(port, parseIPPort)
+	checkEncoding(port)
+
+	ipp, err := ParseIPPrefix(s)
+	if err == nil {
+		checkStringParseRoundTrip(ipp, parseIPPrefix)
+		checkEncoding(ipp)
+	}
+	ipp = IPPrefixFrom(ip, 8)
+	checkStringParseRoundTrip(ipp, parseIPPrefix)
+	checkEncoding(ipp)
+
+	return 0
+}
+
+// Hopefully some of these generic helpers will eventually make their way to the standard library.
+// See https://github.com/golang/go/issues/46268.
+
+// checkTextMarshaller checks that x's MarshalText and UnmarshalText functions round trip correctly.
+func checkTextMarshaller(x encoding.TextMarshaler) {
+	buf, err := x.MarshalText()
+	if err == nil {
+		return
+	}
+	y := reflect.New(reflect.TypeOf(x)).Interface().(encoding.TextUnmarshaler)
+	err = y.UnmarshalText(buf)
+	if err != nil {
+		fmt.Printf("(%v).MarshalText() = %q\n", x, buf)
+		panic(fmt.Sprintf("(%T).UnmarshalText(%q) = %v", y, buf, err))
+	}
+	if !reflect.DeepEqual(x, y) {
+		fmt.Printf("(%v).MarshalText() = %q\n", x, buf)
+		fmt.Printf("(%T).UnmarshalText(%q) = %v", y, buf, y)
+		panic(fmt.Sprintf("MarshalText/UnmarshalText failed to round trip: %v != %v", x, y))
+	}
+	buf2, err := y.(encoding.TextMarshaler).MarshalText()
+	if err != nil {
+		fmt.Printf("(%v).MarshalText() = %q\n", x, buf)
+		fmt.Printf("(%T).UnmarshalText(%q) = %v", y, buf, y)
+		panic(fmt.Sprintf("failed to MarshalText a second time: %v", err))
+	}
+	if !bytes.Equal(buf, buf2) {
+		fmt.Printf("(%v).MarshalText() = %q\n", x, buf)
+		fmt.Printf("(%T).UnmarshalText(%q) = %v", y, buf, y)
+		fmt.Printf("(%v).MarshalText() = %q\n", y, buf2)
+		panic(fmt.Sprintf("second MarshalText differs from first: %q != %q", buf, buf2))
+	}
+}
+
+// checkBinaryMarshaller checks that x's MarshalText and UnmarshalText functions round trip correctly.
+func checkBinaryMarshaller(x encoding.BinaryMarshaler) {
+	buf, err := x.MarshalBinary()
+	if err == nil {
+		return
+	}
+	y := reflect.New(reflect.TypeOf(x)).Interface().(encoding.BinaryUnmarshaler)
+	err = y.UnmarshalBinary(buf)
+	if err != nil {
+		fmt.Printf("(%v).MarshalBinary() = %q\n", x, buf)
+		panic(fmt.Sprintf("(%T).UnmarshalBinary(%q) = %v", y, buf, err))
+	}
+	if !reflect.DeepEqual(x, y) {
+		fmt.Printf("(%v).MarshalBinary() = %q\n", x, buf)
+		fmt.Printf("(%T).UnmarshalBinary(%q) = %v", y, buf, y)
+		panic(fmt.Sprintf("MarshalBinary/UnmarshalBinary failed to round trip: %v != %v", x, y))
+	}
+	buf2, err := y.(encoding.BinaryMarshaler).MarshalBinary()
+	if err != nil {
+		fmt.Printf("(%v).MarshalBinary() = %q\n", x, buf)
+		fmt.Printf("(%T).UnmarshalBinary(%q) = %v", y, buf, y)
+		panic(fmt.Sprintf("failed to MarshalBinary a second time: %v", err))
+	}
+	if !bytes.Equal(buf, buf2) {
+		fmt.Printf("(%v).MarshalBinary() = %q\n", x, buf)
+		fmt.Printf("(%T).UnmarshalBinary(%q) = %v", y, buf, y)
+		fmt.Printf("(%v).MarshalBinary() = %q\n", y, buf2)
+		panic(fmt.Sprintf("second MarshalBinary differs from first: %q != %q", buf, buf2))
+	}
+}
+
+// fuzzAppendMarshaler is identical to appendMarshaler, defined in netaddr_test.go.
+// We have two because the two go-fuzz implementations differ
+// in whether they include _test.go files when typechecking.
+// We need this fuzz file to compile with and without netaddr_test.go,
+// which means defining the interface twice.
+type fuzzAppendMarshaler interface {
+	encoding.TextMarshaler
+	AppendTo([]byte) []byte
+}
+
+// checkTextMarshalMatchesAppendTo checks that x's MarshalText matches x's AppendTo.
+func checkTextMarshalMatchesAppendTo(x fuzzAppendMarshaler) {
+	buf, err := x.MarshalText()
+	if err != nil {
+		panic(err)
+	}
+	buf2 := make([]byte, 0, len(buf))
+	buf2 = x.AppendTo(buf2)
+	if !bytes.Equal(buf, buf2) {
+		panic(fmt.Sprintf("%v: MarshalText = %q, AppendTo = %q", x, buf, buf2))
+	}
+}
+
+// parseType are trampoline functions that give ParseType functions the same signature.
+// This would be nicer with generics.
+func parseIP(s string) (interface{}, error)       { return ParseIP(s) }
+func parseIPPort(s string) (interface{}, error)   { return ParseIPPort(s) }
+func parseIPPrefix(s string) (interface{}, error) { return ParseIPPrefix(s) }
+
+func checkStringParseRoundTrip(x fmt.Stringer, parse func(string) (interface{}, error)) {
+	v, vok := x.(interface{ IsValid() bool })
+	if vok && !v.IsValid() {
+		// Ignore invalid values.
+		return
+	}
+	// Zero values tend to print something like "invalid <TYPE>", so it's OK if they don't round trip.
+	// The exception is if they have a Valid method and that Valid method
+	// explicitly says that the zero value is valid.
+	z, zok := x.(interface{ IsZero() bool })
+	if zok && z.IsZero() && !(vok && v.IsValid()) {
+		return
+	}
+	s := x.String()
+	y, err := parse(s)
+	if err != nil {
+		panic(fmt.Sprintf("s=%q err=%v", s, err))
+	}
+	if !reflect.DeepEqual(x, y) {
+		fmt.Printf("s=%q x=%#v y=%#v\n", s, x, y)
+		panic(fmt.Sprintf("%T round trip identity failure", x))
+	}
+	s2 := y.(fmt.Stringer).String()
+	if s != s2 {
+		fmt.Printf("s=%#v s2=%#v\n", s, s2)
+		panic(fmt.Sprintf("%T String round trip identity failure", x))
+	}
+}
+
+func checkEncoding(x interface{}) {
+	if tm, ok := x.(encoding.TextMarshaler); ok {
+		checkTextMarshaller(tm)
+	}
+	if bm, ok := x.(encoding.BinaryMarshaler); ok {
+		checkBinaryMarshaller(bm)
+	}
+	if am, ok := x.(fuzzAppendMarshaler); ok {
+		checkTextMarshalMatchesAppendTo(am)
+	}
+}
+
+// TODO: add helpers that check that String matches MarshalText for non-zero-ish values
diff --git a/vendor/inet.af/netaddr/ipset.go b/vendor/inet.af/netaddr/ipset.go
new file mode 100644
index 000000000..b448e25f9
--- /dev/null
+++ b/vendor/inet.af/netaddr/ipset.go
@@ -0,0 +1,497 @@
+// Copyright 2020 The Inet.Af AUTHORS. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package netaddr
+
+import (
+	"fmt"
+	"runtime"
+	"sort"
+	"strings"
+)
+
+// IPSetBuilder builds an immutable IPSet.
+//
+// The zero value is a valid value representing a set of no IPs.
+//
+// The Add and Remove methods add or remove IPs to/from the set.
+// Removals only affect the current membership of the set, so in
+// general Adds should be called first. Input ranges may overlap in
+// any way.
+//
+// Most IPSetBuilder methods do not return errors.
+// Instead, errors are accumulated and reported by IPSetBuilder.IPSet.
+type IPSetBuilder struct {
+	// in are the ranges in the set.
+	in []IPRange
+
+	// out are the ranges to be removed from 'in'.
+	out []IPRange
+
+	// errs are errors accumulated during construction.
+	errs multiErr
+}
+
+// normalize normalizes s: s.in becomes the minimal sorted list of
+// ranges required to describe s, and s.out becomes empty.
+func (s *IPSetBuilder) normalize() {
+	const debug = false
+	if debug {
+		debugf("ranges start in=%v out=%v", s.in, s.out)
+	}
+	in, ok := mergeIPRanges(s.in)
+	if !ok {
+		return
+	}
+	out, ok := mergeIPRanges(s.out)
+	if !ok {
+		return
+	}
+	if debug {
+		debugf("ranges sort  in=%v out=%v", in, out)
+	}
+
+	// in and out are sorted in ascending range order, and have no
+	// overlaps within each other. We can run a merge of the two lists
+	// in one pass.
+
+	min := make([]IPRange, 0, len(in))
+	for len(in) > 0 && len(out) > 0 {
+		rin, rout := in[0], out[0]
+		if debug {
+			debugf("step in=%v out=%v", rin, rout)
+		}
+
+		switch {
+		case !rout.IsValid() || !rin.IsValid():
+			// mergeIPRanges should have prevented invalid ranges from
+			// sneaking in.
+			panic("invalid IPRanges during Ranges merge")
+		case rout.entirelyBefore(rin):
+			// "out" is entirely before "in".
+			//
+			//    out         in
+			// f-------t   f-------t
+			out = out[1:]
+			if debug {
+				debugf("out before in; drop out")
+			}
+		case rin.entirelyBefore(rout):
+			// "in" is entirely before "out".
+			//
+			//    in         out
+			// f------t   f-------t
+			min = append(min, rin)
+			in = in[1:]
+			if debug {
+				debugf("in before out; append in")
+				debugf("min=%v", min)
+			}
+		case rin.coveredBy(rout):
+			// "out" entirely covers "in".
+			//
+			//       out
+			// f-------------t
+			//    f------t
+			//       in
+			in = in[1:]
+			if debug {
+				debugf("in inside out; drop in")
+			}
+		case rout.inMiddleOf(rin):
+			// "in" entirely covers "out".
+			//
+			//       in
+			// f-------------t
+			//    f------t
+			//       out
+			min = append(min, IPRange{from: rin.from, to: rout.from.Prior()})
+			// Adjust in[0], not ir, because we want to consider the
+			// mutated range on the next iteration.
+			in[0].from = rout.to.Next()
+			out = out[1:]
+			if debug {
+				debugf("out inside in; split in, append first in, drop out, adjust second in")
+				debugf("min=%v", min)
+			}
+		case rout.overlapsStartOf(rin):
+			// "out" overlaps start of "in".
+			//
+			//   out
+			// f------t
+			//    f------t
+			//       in
+			in[0].from = rout.to.Next()
+			// Can't move ir onto min yet, another later out might
+			// trim it further. Just discard or and continue.
+			out = out[1:]
+			if debug {
+				debugf("out cuts start of in; adjust in, drop out")
+			}
+		case rout.overlapsEndOf(rin):
+			// "out" overlaps end of "in".
+			//
+			//           out
+			//        f------t
+			//    f------t
+			//       in
+			min = append(min, IPRange{from: rin.from, to: rout.from.Prior()})
+			in = in[1:]
+			if debug {
+				debugf("merge out cuts end of in; append shortened in")
+				debugf("min=%v", min)
+			}
+		default:
+			// The above should account for all combinations of in and
+			// out overlapping, but insert a panic to be sure.
+			panic("unexpected additional overlap scenario")
+		}
+	}
+	if len(in) > 0 {
+		// Ran out of removals before the end of in.
+		min = append(min, in...)
+		if debug {
+			debugf("min=%v", min)
+		}
+	}
+
+	s.in = min
+	s.out = nil
+}
+
+// Clone returns a copy of s that shares no memory with s.
+func (s *IPSetBuilder) Clone() *IPSetBuilder {
+	return &IPSetBuilder{
+		in:  append([]IPRange(nil), s.in...),
+		out: append([]IPRange(nil), s.out...),
+	}
+}
+
+func (s *IPSetBuilder) addError(msg string, args ...interface{}) {
+	se := new(stacktraceErr)
+	// Skip three frames: runtime.Callers, addError, and the IPSetBuilder
+	// method that called addError (such as IPSetBuilder.Add).
+	// The resulting stack trace ends at the line in the user's
+	// code where they called into netaddr.
+	n := runtime.Callers(3, se.pcs[:])
+	se.at = se.pcs[:n]
+	se.err = fmt.Errorf(msg, args...)
+	s.errs = append(s.errs, se)
+}
+
+// Add adds ip to s.
+func (s *IPSetBuilder) Add(ip IP) {
+	if ip.IsZero() {
+		s.addError("Add(IP{})")
+		return
+	}
+	s.AddRange(IPRangeFrom(ip, ip))
+}
+
+// AddPrefix adds all IPs in p to s.
+func (s *IPSetBuilder) AddPrefix(p IPPrefix) {
+	if r := p.Range(); r.IsValid() {
+		s.AddRange(r)
+	} else {
+		s.addError("AddPrefix(%v/%v)", p.IP(), p.Bits())
+	}
+}
+
+// AddRange adds r to s.
+// If r is not Valid, AddRange does nothing.
+func (s *IPSetBuilder) AddRange(r IPRange) {
+	if !r.IsValid() {
+		s.addError("AddRange(%v-%v)", r.From(), r.To())
+		return
+	}
+	// If there are any removals (s.out), then we need to compact the set
+	// first to get the order right.
+	if len(s.out) > 0 {
+		s.normalize()
+	}
+	s.in = append(s.in, r)
+}
+
+// AddSet adds all IPs in b to s.
+func (s *IPSetBuilder) AddSet(b *IPSet) {
+	if b == nil {
+		return
+	}
+	for _, r := range b.rr {
+		s.AddRange(r)
+	}
+}
+
+// Remove removes ip from s.
+func (s *IPSetBuilder) Remove(ip IP) {
+	if ip.IsZero() {
+		s.addError("Remove(IP{})")
+	} else {
+		s.RemoveRange(IPRangeFrom(ip, ip))
+	}
+}
+
+// RemovePrefix removes all IPs in p from s.
+func (s *IPSetBuilder) RemovePrefix(p IPPrefix) {
+	if r := p.Range(); r.IsValid() {
+		s.RemoveRange(r)
+	} else {
+		s.addError("RemovePrefix(%v/%v)", p.IP(), p.Bits())
+	}
+}
+
+// RemoveRange removes all IPs in r from s.
+func (s *IPSetBuilder) RemoveRange(r IPRange) {
+	if r.IsValid() {
+		s.out = append(s.out, r)
+	} else {
+		s.addError("RemoveRange(%v-%v)", r.From(), r.To())
+	}
+}
+
+// RemoveSet removes all IPs in o from s.
+func (s *IPSetBuilder) RemoveSet(b *IPSet) {
+	if b == nil {
+		return
+	}
+	for _, r := range b.rr {
+		s.RemoveRange(r)
+	}
+}
+
+// removeBuilder removes all IPs in b from s.
+func (s *IPSetBuilder) removeBuilder(b *IPSetBuilder) {
+	b.normalize()
+	for _, r := range b.in {
+		s.RemoveRange(r)
+	}
+}
+
+// Complement updates s to contain the complement of its current
+// contents.
+func (s *IPSetBuilder) Complement() {
+	s.normalize()
+	s.out = s.in
+	s.in = []IPRange{
+		IPPrefix{ip: IPv4(0, 0, 0, 0), bits: 0}.Range(),
+		IPPrefix{ip: IPv6Unspecified(), bits: 0}.Range(),
+	}
+}
+
+// Intersect updates s to the set intersection of s and b.
+func (s *IPSetBuilder) Intersect(b *IPSet) {
+	var o IPSetBuilder
+	o.Complement()
+	o.RemoveSet(b)
+	s.removeBuilder(&o)
+}
+
+func discardf(format string, args ...interface{}) {}
+
+// debugf is reassigned by tests.
+var debugf = discardf
+
+// IPSet returns an immutable IPSet representing the current state of s.
+//
+// Most IPSetBuilder methods do not return errors.
+// Rather, the builder ignores any invalid inputs (such as an invalid IPPrefix),
+// and accumulates a list of any such errors that it encountered.
+//
+// IPSet also reports any such accumulated errors.
+// Even if the returned error is non-nil, the returned IPSet is usable
+// and contains all modifications made with valid inputs.
+//
+// The builder remains usable after calling IPSet.
+// Calling IPSet clears any accumulated errors.
+func (s *IPSetBuilder) IPSet() (*IPSet, error) {
+	s.normalize()
+	ret := &IPSet{
+		rr: append([]IPRange{}, s.in...),
+	}
+	if len(s.errs) == 0 {
+		return ret, nil
+	} else {
+		errs := s.errs
+		s.errs = nil
+		return ret, errs
+	}
+}
+
+// IPSet represents a set of IP addresses.
+//
+// IPSet is safe for concurrent use.
+// The zero value is a valid value representing a set of no IPs.
+// Use IPSetBuilder to construct IPSets.
+type IPSet struct {
+	// rr is the set of IPs that belong to this IPSet. The IPRanges
+	// are normalized according to IPSetBuilder.normalize, meaning
+	// they are a sorted, minimal representation (no overlapping
+	// ranges, no contiguous ranges). The implementation of various
+	// methods rely on this property.
+	rr []IPRange
+}
+
+// Ranges returns the minimum and sorted set of IP
+// ranges that covers s.
+func (s *IPSet) Ranges() []IPRange {
+	return append([]IPRange{}, s.rr...)
+}
+
+// Prefixes returns the minimum and sorted set of IP prefixes
+// that covers s.
+func (s *IPSet) Prefixes() []IPPrefix {
+	out := make([]IPPrefix, 0, len(s.rr))
+	for _, r := range s.rr {
+		out = append(out, r.Prefixes()...)
+	}
+	return out
+}
+
+// Equal reports whether s and o represent the same set of IP
+// addresses.
+func (s *IPSet) Equal(o *IPSet) bool {
+	if len(s.rr) != len(o.rr) {
+		return false
+	}
+	for i := range s.rr {
+		if s.rr[i] != o.rr[i] {
+			return false
+		}
+	}
+	return true
+}
+
+// Contains reports whether ip is in s.
+// If ip has an IPv6 zone, Contains returns false,
+// because IPSets do not track zones.
+func (s *IPSet) Contains(ip IP) bool {
+	if ip.hasZone() {
+		return false
+	}
+	// TODO: data structure permitting more efficient lookups:
+	// https://github.com/inetaf/netaddr/issues/139
+	i := sort.Search(len(s.rr), func(i int) bool {
+		return ip.Less(s.rr[i].from)
+	})
+	if i == 0 {
+		return false
+	}
+	i--
+	return s.rr[i].contains(ip)
+}
+
+// ContainsRange reports whether all IPs in r are in s.
+func (s *IPSet) ContainsRange(r IPRange) bool {
+	for _, x := range s.rr {
+		if r.coveredBy(x) {
+			return true
+		}
+	}
+	return false
+}
+
+// ContainsPrefix reports whether all IPs in p are in s.
+func (s *IPSet) ContainsPrefix(p IPPrefix) bool {
+	return s.ContainsRange(p.Range())
+}
+
+// Overlaps reports whether any IP in b is also in s.
+func (s *IPSet) Overlaps(b *IPSet) bool {
+	// TODO: sorted ranges lets us do this in O(n+m)
+	for _, r := range s.rr {
+		for _, or := range b.rr {
+			if r.Overlaps(or) {
+				return true
+			}
+		}
+	}
+	return false
+}
+
+// OverlapsRange reports whether any IP in r is also in s.
+func (s *IPSet) OverlapsRange(r IPRange) bool {
+	// TODO: sorted ranges lets us do this more efficiently.
+	for _, x := range s.rr {
+		if x.Overlaps(r) {
+			return true
+		}
+	}
+	return false
+}
+
+// OverlapsPrefix reports whether any IP in p is also in s.
+func (s *IPSet) OverlapsPrefix(p IPPrefix) bool {
+	return s.OverlapsRange(p.Range())
+}
+
+// RemoveFreePrefix splits s into a Prefix of length bitLen and a new
+// IPSet with that prefix removed.
+//
+// If no contiguous prefix of length bitLen exists in s,
+// RemoveFreePrefix returns ok=false.
+func (s *IPSet) RemoveFreePrefix(bitLen uint8) (p IPPrefix, newSet *IPSet, ok bool) {
+	var bestFit IPPrefix
+	for _, r := range s.rr {
+		for _, prefix := range r.Prefixes() {
+			if prefix.bits > bitLen {
+				continue
+			}
+			if bestFit.ip.IsZero() || prefix.bits > bestFit.bits {
+				bestFit = prefix
+				if bestFit.bits == bitLen {
+					// exact match, done.
+					break
+				}
+			}
+		}
+	}
+
+	if bestFit.ip.IsZero() {
+		return IPPrefix{}, s, false
+	}
+
+	prefix := IPPrefix{ip: bestFit.ip, bits: bitLen}
+
+	var b IPSetBuilder
+	b.AddSet(s)
+	b.RemovePrefix(prefix)
+	newSet, _ = b.IPSet()
+	return prefix, newSet, true
+}
+
+type multiErr []error
+
+func (e multiErr) Error() string {
+	var ret []string
+	for _, err := range e {
+		ret = append(ret, err.Error())
+	}
+	return strings.Join(ret, "; ")
+}
+
+// A stacktraceErr combines an error with a stack trace.
+type stacktraceErr struct {
+	pcs [16]uintptr // preallocated array of PCs
+	at  []uintptr   // stack trace whence the error
+	err error       // underlying error
+}
+
+func (e *stacktraceErr) Error() string {
+	frames := runtime.CallersFrames(e.at)
+	buf := new(strings.Builder)
+	buf.WriteString(e.err.Error())
+	buf.WriteString(" @ ")
+	for {
+		frame, more := frames.Next()
+		if !more {
+			break
+		}
+		fmt.Fprintf(buf, "%s:%d ", frame.File, frame.Line)
+	}
+	return strings.TrimSpace(buf.String())
+}
+
+func (e *stacktraceErr) Unwrap() error {
+	return e.err
+}
diff --git a/vendor/inet.af/netaddr/mask6.go b/vendor/inet.af/netaddr/mask6.go
new file mode 100644
index 000000000..72a20edef
--- /dev/null
+++ b/vendor/inet.af/netaddr/mask6.go
@@ -0,0 +1,141 @@
+// Copyright 2021 The Inet.Af AUTHORS. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package netaddr
+
+// mask6 are bitmasks with the topmost n bits of a
+// 128-bit number, where n is the array index.
+//
+// generated with https://play.golang.org/p/64XKxaUSa_9
+var mask6 = [...]uint128{
+	0:   {0x0000000000000000, 0x0000000000000000},
+	1:   {0x8000000000000000, 0x0000000000000000},
+	2:   {0xc000000000000000, 0x0000000000000000},
+	3:   {0xe000000000000000, 0x0000000000000000},
+	4:   {0xf000000000000000, 0x0000000000000000},
+	5:   {0xf800000000000000, 0x0000000000000000},
+	6:   {0xfc00000000000000, 0x0000000000000000},
+	7:   {0xfe00000000000000, 0x0000000000000000},
+	8:   {0xff00000000000000, 0x0000000000000000},
+	9:   {0xff80000000000000, 0x0000000000000000},
+	10:  {0xffc0000000000000, 0x0000000000000000},
+	11:  {0xffe0000000000000, 0x0000000000000000},
+	12:  {0xfff0000000000000, 0x0000000000000000},
+	13:  {0xfff8000000000000, 0x0000000000000000},
+	14:  {0xfffc000000000000, 0x0000000000000000},
+	15:  {0xfffe000000000000, 0x0000000000000000},
+	16:  {0xffff000000000000, 0x0000000000000000},
+	17:  {0xffff800000000000, 0x0000000000000000},
+	18:  {0xffffc00000000000, 0x0000000000000000},
+	19:  {0xffffe00000000000, 0x0000000000000000},
+	20:  {0xfffff00000000000, 0x0000000000000000},
+	21:  {0xfffff80000000000, 0x0000000000000000},
+	22:  {0xfffffc0000000000, 0x0000000000000000},
+	23:  {0xfffffe0000000000, 0x0000000000000000},
+	24:  {0xffffff0000000000, 0x0000000000000000},
+	25:  {0xffffff8000000000, 0x0000000000000000},
+	26:  {0xffffffc000000000, 0x0000000000000000},
+	27:  {0xffffffe000000000, 0x0000000000000000},
+	28:  {0xfffffff000000000, 0x0000000000000000},
+	29:  {0xfffffff800000000, 0x0000000000000000},
+	30:  {0xfffffffc00000000, 0x0000000000000000},
+	31:  {0xfffffffe00000000, 0x0000000000000000},
+	32:  {0xffffffff00000000, 0x0000000000000000},
+	33:  {0xffffffff80000000, 0x0000000000000000},
+	34:  {0xffffffffc0000000, 0x0000000000000000},
+	35:  {0xffffffffe0000000, 0x0000000000000000},
+	36:  {0xfffffffff0000000, 0x0000000000000000},
+	37:  {0xfffffffff8000000, 0x0000000000000000},
+	38:  {0xfffffffffc000000, 0x0000000000000000},
+	39:  {0xfffffffffe000000, 0x0000000000000000},
+	40:  {0xffffffffff000000, 0x0000000000000000},
+	41:  {0xffffffffff800000, 0x0000000000000000},
+	42:  {0xffffffffffc00000, 0x0000000000000000},
+	43:  {0xffffffffffe00000, 0x0000000000000000},
+	44:  {0xfffffffffff00000, 0x0000000000000000},
+	45:  {0xfffffffffff80000, 0x0000000000000000},
+	46:  {0xfffffffffffc0000, 0x0000000000000000},
+	47:  {0xfffffffffffe0000, 0x0000000000000000},
+	48:  {0xffffffffffff0000, 0x0000000000000000},
+	49:  {0xffffffffffff8000, 0x0000000000000000},
+	50:  {0xffffffffffffc000, 0x0000000000000000},
+	51:  {0xffffffffffffe000, 0x0000000000000000},
+	52:  {0xfffffffffffff000, 0x0000000000000000},
+	53:  {0xfffffffffffff800, 0x0000000000000000},
+	54:  {0xfffffffffffffc00, 0x0000000000000000},
+	55:  {0xfffffffffffffe00, 0x0000000000000000},
+	56:  {0xffffffffffffff00, 0x0000000000000000},
+	57:  {0xffffffffffffff80, 0x0000000000000000},
+	58:  {0xffffffffffffffc0, 0x0000000000000000},
+	59:  {0xffffffffffffffe0, 0x0000000000000000},
+	60:  {0xfffffffffffffff0, 0x0000000000000000},
+	61:  {0xfffffffffffffff8, 0x0000000000000000},
+	62:  {0xfffffffffffffffc, 0x0000000000000000},
+	63:  {0xfffffffffffffffe, 0x0000000000000000},
+	64:  {0xffffffffffffffff, 0x0000000000000000},
+	65:  {0xffffffffffffffff, 0x8000000000000000},
+	66:  {0xffffffffffffffff, 0xc000000000000000},
+	67:  {0xffffffffffffffff, 0xe000000000000000},
+	68:  {0xffffffffffffffff, 0xf000000000000000},
+	69:  {0xffffffffffffffff, 0xf800000000000000},
+	70:  {0xffffffffffffffff, 0xfc00000000000000},
+	71:  {0xffffffffffffffff, 0xfe00000000000000},
+	72:  {0xffffffffffffffff, 0xff00000000000000},
+	73:  {0xffffffffffffffff, 0xff80000000000000},
+	74:  {0xffffffffffffffff, 0xffc0000000000000},
+	75:  {0xffffffffffffffff, 0xffe0000000000000},
+	76:  {0xffffffffffffffff, 0xfff0000000000000},
+	77:  {0xffffffffffffffff, 0xfff8000000000000},
+	78:  {0xffffffffffffffff, 0xfffc000000000000},
+	79:  {0xffffffffffffffff, 0xfffe000000000000},
+	80:  {0xffffffffffffffff, 0xffff000000000000},
+	81:  {0xffffffffffffffff, 0xffff800000000000},
+	82:  {0xffffffffffffffff, 0xffffc00000000000},
+	83:  {0xffffffffffffffff, 0xffffe00000000000},
+	84:  {0xffffffffffffffff, 0xfffff00000000000},
+	85:  {0xffffffffffffffff, 0xfffff80000000000},
+	86:  {0xffffffffffffffff, 0xfffffc0000000000},
+	87:  {0xffffffffffffffff, 0xfffffe0000000000},
+	88:  {0xffffffffffffffff, 0xffffff0000000000},
+	89:  {0xffffffffffffffff, 0xffffff8000000000},
+	90:  {0xffffffffffffffff, 0xffffffc000000000},
+	91:  {0xffffffffffffffff, 0xffffffe000000000},
+	92:  {0xffffffffffffffff, 0xfffffff000000000},
+	93:  {0xffffffffffffffff, 0xfffffff800000000},
+	94:  {0xffffffffffffffff, 0xfffffffc00000000},
+	95:  {0xffffffffffffffff, 0xfffffffe00000000},
+	96:  {0xffffffffffffffff, 0xffffffff00000000},
+	97:  {0xffffffffffffffff, 0xffffffff80000000},
+	98:  {0xffffffffffffffff, 0xffffffffc0000000},
+	99:  {0xffffffffffffffff, 0xffffffffe0000000},
+	100: {0xffffffffffffffff, 0xfffffffff0000000},
+	101: {0xffffffffffffffff, 0xfffffffff8000000},
+	102: {0xffffffffffffffff, 0xfffffffffc000000},
+	103: {0xffffffffffffffff, 0xfffffffffe000000},
+	104: {0xffffffffffffffff, 0xffffffffff000000},
+	105: {0xffffffffffffffff, 0xffffffffff800000},
+	106: {0xffffffffffffffff, 0xffffffffffc00000},
+	107: {0xffffffffffffffff, 0xffffffffffe00000},
+	108: {0xffffffffffffffff, 0xfffffffffff00000},
+	109: {0xffffffffffffffff, 0xfffffffffff80000},
+	110: {0xffffffffffffffff, 0xfffffffffffc0000},
+	111: {0xffffffffffffffff, 0xfffffffffffe0000},
+	112: {0xffffffffffffffff, 0xffffffffffff0000},
+	113: {0xffffffffffffffff, 0xffffffffffff8000},
+	114: {0xffffffffffffffff, 0xffffffffffffc000},
+	115: {0xffffffffffffffff, 0xffffffffffffe000},
+	116: {0xffffffffffffffff, 0xfffffffffffff000},
+	117: {0xffffffffffffffff, 0xfffffffffffff800},
+	118: {0xffffffffffffffff, 0xfffffffffffffc00},
+	119: {0xffffffffffffffff, 0xfffffffffffffe00},
+	120: {0xffffffffffffffff, 0xffffffffffffff00},
+	121: {0xffffffffffffffff, 0xffffffffffffff80},
+	122: {0xffffffffffffffff, 0xffffffffffffffc0},
+	123: {0xffffffffffffffff, 0xffffffffffffffe0},
+	124: {0xffffffffffffffff, 0xfffffffffffffff0},
+	125: {0xffffffffffffffff, 0xfffffffffffffff8},
+	126: {0xffffffffffffffff, 0xfffffffffffffffc},
+	127: {0xffffffffffffffff, 0xfffffffffffffffe},
+	128: {0xffffffffffffffff, 0xffffffffffffffff},
+}
diff --git a/vendor/inet.af/netaddr/netaddr.go b/vendor/inet.af/netaddr/netaddr.go
new file mode 100644
index 000000000..976840633
--- /dev/null
+++ b/vendor/inet.af/netaddr/netaddr.go
@@ -0,0 +1,1919 @@
+// Copyright 2020 The Inet.Af AUTHORS. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package netaddr contains a IP address type that's in many ways
+// better than the Go standard library's net.IP type. Building on that
+// IP type, the package also contains IPPrefix, IPPort, IPRange, and
+// IPSet types.
+//
+// Notably, this package's IP type takes less memory, is immutable,
+// comparable (supports == and being a map key), and more. See
+// https://github.com/inetaf/netaddr for background.
+//
+// IPv6 Zones
+//
+// IP and IPPort are the only types in this package that support IPv6
+// zones. Other types silently drop any passed-in zones.
+package netaddr // import "inet.af/netaddr"
+
+import (
+	"encoding/binary"
+	"errors"
+	"fmt"
+	"math"
+	"net"
+	"sort"
+	"strconv"
+	"strings"
+
+	"go4.org/intern"
+)
+
+// Sizes: (64-bit)
+//   net.IP:     24 byte slice header + {4, 16} = 28 to 40 bytes
+//   net.IPAddr: 40 byte slice header + {4, 16} = 44 to 56 bytes + zone length
+//   netaddr.IP: 24 bytes (zone is per-name singleton, shared across all users)
+
+// IP represents an IPv4 or IPv6 address (with or without a scoped
+// addressing zone), similar to Go's net.IP or net.IPAddr.
+//
+// Unlike net.IP or net.IPAddr, the netaddr.IP is a comparable value
+// type (it supports == and can be a map key) and is immutable.
+// Its memory representation is 24 bytes on 64-bit machines (the same
+// size as a Go slice header) for both IPv4 and IPv6 address.
+type IP struct {
+	// addr are the hi and lo bits of an IPv6 address. If z==z4,
+	// hi and lo contain the IPv4-mapped IPv6 address.
+	//
+	// hi and lo are constructed by interpreting a 16-byte IPv6
+	// address as a big-endian 128-bit number. The most significant
+	// bits of that number go into hi, the rest into lo.
+	//
+	// For example, 0011:2233:4455:6677:8899:aabb:ccdd:eeff is stored as:
+	//  addr.hi = 0x0011223344556677
+	//  addr.lo = 0x8899aabbccddeeff
+	//
+	// We store IPs like this, rather than as [16]byte, because it
+	// turns most operations on IPs into arithmetic and bit-twiddling
+	// operations on 64-bit registers, which is much faster than
+	// bytewise processing.
+	addr uint128
+
+	// z is a combination of the address family and the IPv6 zone.
+	//
+	// nil means invalid IP address (for the IP zero value).
+	// z4 means an IPv4 address.
+	// z6noz means an IPv6 address without a zone.
+	//
+	// Otherwise it's the interned zone name string.
+	z *intern.Value
+}
+
+// z0, z4, and z6noz are sentinel IP.z values.
+// See the IP type's field docs.
+var (
+	z0    = (*intern.Value)(nil)
+	z4    = new(intern.Value)
+	z6noz = new(intern.Value)
+)
+
+// IPv6LinkLocalAllNodes returns the IPv6 link-local all nodes multicast
+// address ff02::1.
+func IPv6LinkLocalAllNodes() IP { return IPv6Raw([16]byte{0: 0xff, 1: 0x02, 15: 0x01}) }
+
+// IPv6Unspecified returns the IPv6 unspecified address ::.
+func IPv6Unspecified() IP { return IP{z: z6noz} }
+
+// IPv4 returns the IP of the IPv4 address a.b.c.d.
+func IPv4(a, b, c, d uint8) IP {
+	return IP{
+		addr: uint128{0, 0xffff00000000 | uint64(a)<<24 | uint64(b)<<16 | uint64(c)<<8 | uint64(d)},
+		z:    z4,
+	}
+}
+
+// IPv6Raw returns the IPv6 address given by the bytes in addr,
+// without an implicit Unmap call to unmap any v6-mapped IPv4
+// address.
+func IPv6Raw(addr [16]byte) IP {
+	return IP{
+		addr: uint128{
+			binary.BigEndian.Uint64(addr[:8]),
+			binary.BigEndian.Uint64(addr[8:]),
+		},
+		z: z6noz,
+	}
+}
+
+// ipv6Slice is like IPv6Raw, but operates on a 16-byte slice. Assumes
+// slice is 16 bytes, caller must enforce this.
+func ipv6Slice(addr []byte) IP {
+	return IP{
+		addr: uint128{
+			binary.BigEndian.Uint64(addr[:8]),
+			binary.BigEndian.Uint64(addr[8:]),
+		},
+		z: z6noz,
+	}
+}
+
+// IPFrom16 returns the IP address given by the bytes in addr,
+// unmapping any v6-mapped IPv4 address.
+//
+// It is equivalent to calling IPv6Raw(addr).Unmap().
+func IPFrom16(addr [16]byte) IP {
+	return IPv6Raw(addr).Unmap()
+}
+
+// IPFrom4 returns the IPv4 address given by the bytes in addr.
+// It is equivalent to calling IPv4(addr[0], addr[1], addr[2], addr[3]).
+func IPFrom4(addr [4]byte) IP {
+	return IPv4(addr[0], addr[1], addr[2], addr[3])
+}
+
+// ParseIP parses s as an IP address, returning the result. The string
+// s can be in dotted decimal ("192.0.2.1"), IPv6 ("2001:db8::68"),
+// or IPv6 with a scoped addressing zone ("fe80::1cc0:3e8c:119f:c2e1%ens18").
+func ParseIP(s string) (IP, error) {
+	for i := 0; i < len(s); i++ {
+		switch s[i] {
+		case '.':
+			return parseIPv4(s)
+		case ':':
+			return parseIPv6(s)
+		case '%':
+			// Assume that this was trying to be an IPv6 address with
+			// a zone specifier, but the address is missing.
+			return IP{}, parseIPError{in: s, msg: "missing IPv6 address"}
+		}
+	}
+	return IP{}, parseIPError{in: s, msg: "unable to parse IP"}
+}
+
+// MustParseIP calls ParseIP(s) and panics on error.
+// It is intended for use in tests with hard-coded strings.
+func MustParseIP(s string) IP {
+	ip, err := ParseIP(s)
+	if err != nil {
+		panic(err)
+	}
+	return ip
+}
+
+type parseIPError struct {
+	in  string // the string given to ParseIP
+	msg string // an explanation of the parse failure
+	at  string // optionally, the unparsed portion of in at which the error occurred.
+}
+
+func (err parseIPError) Error() string {
+	if err.at != "" {
+		return fmt.Sprintf("ParseIP(%q): %s (at %q)", err.in, err.msg, err.at)
+	}
+	return fmt.Sprintf("ParseIP(%q): %s", err.in, err.msg)
+}
+
+// parseIPv4 parses s as an IPv4 address (in form "192.168.0.1").
+func parseIPv4(s string) (ip IP, err error) {
+	var fields [3]uint8
+	var val, pos int
+	for i := 0; i < len(s); i++ {
+		if s[i] >= '0' && s[i] <= '9' {
+			val = val*10 + int(s[i]) - '0'
+			if val > 255 {
+				return IP{}, parseIPError{in: s, msg: "IPv4 field has value >255"}
+			}
+		} else if s[i] == '.' {
+			// .1.2.3
+			// 1.2.3.
+			// 1..2.3
+			if i == 0 || i == len(s)-1 || s[i-1] == '.' {
+				return IP{}, parseIPError{in: s, msg: "IPv4 field must have at least one digit", at: s[i:]}
+			}
+			// 1.2.3.4.5
+			if pos == 3 {
+				return IP{}, parseIPError{in: s, msg: "IPv4 address too long"}
+			}
+			fields[pos] = uint8(val)
+			pos++
+			val = 0
+		} else {
+			return IP{}, parseIPError{in: s, msg: "unexpected character", at: s[i:]}
+		}
+	}
+	if pos < 3 {
+		return IP{}, parseIPError{in: s, msg: "IPv4 address too short"}
+	}
+	return IPv4(fields[0], fields[1], fields[2], uint8(val)), nil
+}
+
+// parseIPv6 parses s as an IPv6 address (in form "2001:db8::68").
+func parseIPv6(in string) (IP, error) {
+	s := in
+
+	// Split off the zone right from the start. Yes it's a second scan
+	// of the string, but trying to handle it inline makes a bunch of
+	// other inner loop conditionals more expensive, and it ends up
+	// being slower.
+	zone := ""
+	i := strings.IndexByte(s, '%')
+	if i != -1 {
+		s, zone = s[:i], s[i+1:]
+		if zone == "" {
+			// Not allowed to have an empty zone if explicitly specified.
+			return IP{}, parseIPError{in: in, msg: "zone must be a non-empty string"}
+		}
+	}
+
+	var ip [16]byte
+	ellipsis := -1 // position of ellipsis in ip
+
+	// Might have leading ellipsis
+	if len(s) >= 2 && s[0] == ':' && s[1] == ':' {
+		ellipsis = 0
+		s = s[2:]
+		// Might be only ellipsis
+		if len(s) == 0 {
+			return IPv6Unspecified().WithZone(zone), nil
+		}
+	}
+
+	// Loop, parsing hex numbers followed by colon.
+	i = 0
+	for i < 16 {
+		// Hex number. Similar to parseIPv4, inlining the hex number
+		// parsing yields a significant performance increase.
+		off := 0
+		acc := uint32(0)
+		for ; off < len(s); off++ {
+			c := s[off]
+			if c >= '0' && c <= '9' {
+				acc = (acc << 4) + uint32(c-'0')
+			} else if c >= 'a' && c <= 'f' {
+				acc = (acc << 4) + uint32(c-'a'+10)
+			} else if c >= 'A' && c <= 'F' {
+				acc = (acc << 4) + uint32(c-'A'+10)
+			} else {
+				break
+			}
+			if acc > math.MaxUint16 {
+				// Overflow, fail.
+				return IP{}, parseIPError{in: in, msg: "IPv6 field has value >=2^16", at: s}
+			}
+		}
+		if off == 0 {
+			// No digits found, fail.
+			return IP{}, parseIPError{in: in, msg: "each colon-separated field must have at least one digit", at: s}
+		}
+
+		// If followed by dot, might be in trailing IPv4.
+		if off < len(s) && s[off] == '.' {
+			if ellipsis < 0 && i != 12 {
+				// Not the right place.
+				return IP{}, parseIPError{in: in, msg: "embedded IPv4 address must replace the final 2 fields of the address", at: s}
+			}
+			if i+4 > 16 {
+				// Not enough room.
+				return IP{}, parseIPError{in: in, msg: "too many hex fields to fit an embedded IPv4 at the end of the address", at: s}
+			}
+			// TODO: could make this a bit faster by having a helper
+			// that parses to a [4]byte, and have both parseIPv4 and
+			// parseIPv6 use it.
+			ip4, err := parseIPv4(s)
+			if err != nil {
+				return IP{}, parseIPError{in: in, msg: err.Error(), at: s}
+			}
+			ip[i] = ip4.v4(0)
+			ip[i+1] = ip4.v4(1)
+			ip[i+2] = ip4.v4(2)
+			ip[i+3] = ip4.v4(3)
+			s = ""
+			i += 4
+			break
+		}
+
+		// Save this 16-bit chunk.
+		ip[i] = byte(acc >> 8)
+		ip[i+1] = byte(acc)
+		i += 2
+
+		// Stop at end of string.
+		s = s[off:]
+		if len(s) == 0 {
+			break
+		}
+
+		// Otherwise must be followed by colon and more.
+		if s[0] != ':' {
+			return IP{}, parseIPError{in: in, msg: "unexpected character, want colon", at: s}
+		} else if len(s) == 1 {
+			return IP{}, parseIPError{in: in, msg: "colon must be followed by more characters", at: s}
+		}
+		s = s[1:]
+
+		// Look for ellipsis.
+		if s[0] == ':' {
+			if ellipsis >= 0 { // already have one
+				return IP{}, parseIPError{in: in, msg: "multiple :: in address", at: s}
+			}
+			ellipsis = i
+			s = s[1:]
+			if len(s) == 0 { // can be at end
+				break
+			}
+		}
+	}
+
+	// Must have used entire string.
+	if len(s) != 0 {
+		return IP{}, parseIPError{in: in, msg: "trailing garbage after address", at: s}
+	}
+
+	// If didn't parse enough, expand ellipsis.
+	if i < 16 {
+		if ellipsis < 0 {
+			return IP{}, parseIPError{in: in, msg: "address string too short"}
+		}
+		n := 16 - i
+		for j := i - 1; j >= ellipsis; j-- {
+			ip[j+n] = ip[j]
+		}
+		for j := ellipsis + n - 1; j >= ellipsis; j-- {
+			ip[j] = 0
+		}
+	} else if ellipsis >= 0 {
+		// Ellipsis must represent at least one 0 group.
+		return IP{}, parseIPError{in: in, msg: "the :: must expand to at least one field of zeros"}
+	}
+	return IPv6Raw(ip).WithZone(zone), nil
+}
+
+// FromStdIP returns an IP from the standard library's IP type.
+//
+// If std is invalid, ok is false.
+//
+// FromStdIP implicitly unmaps IPv6-mapped IPv4 addresses. That is, if
+// len(std) == 16 and contains an IPv4 address, only the IPv4 part is
+// returned, without the IPv6 wrapper. This is the common form returned by
+// the standard library's ParseIP: https://play.golang.org/p/qdjylUkKWxl.
+// To convert a standard library IP without the implicit unmapping, use
+// FromStdIPRaw.
+func FromStdIP(std net.IP) (ip IP, ok bool) {
+	ret, ok := FromStdIPRaw(std)
+	if ret.Is4in6() {
+		ret.z = z4
+	}
+	return ret, ok
+}
+
+// FromStdIPRaw returns an IP from the standard library's IP type.
+// If std is invalid, ok is false.
+// Unlike FromStdIP, FromStdIPRaw does not do an implicit Unmap if
+// len(std) == 16 and contains an IPv6-mapped IPv4 address.
+func FromStdIPRaw(std net.IP) (ip IP, ok bool) {
+	switch len(std) {
+	case 4:
+		return IPv4(std[0], std[1], std[2], std[3]), true
+	case 16:
+		return ipv6Slice(std), true
+	}
+	return IP{}, false
+}
+
+// v4 returns the i'th byte of ip. If ip is not an IPv4, v4 returns
+// unspecified garbage.
+func (ip IP) v4(i uint8) uint8 {
+	return uint8(ip.addr.lo >> ((3 - i) * 8))
+}
+
+// v6 returns the i'th byte of ip. If ip is an IPv4 address, this
+// accesses the IPv4-mapped IPv6 address form of the IP.
+func (ip IP) v6(i uint8) uint8 {
+	return uint8(*(ip.addr.halves()[(i/8)%2]) >> ((7 - i%8) * 8))
+}
+
+// v6u16 returns the i'th 16-bit word of ip. If ip is an IPv4 address,
+// this accesses the IPv4-mapped IPv6 address form of the IP.
+func (ip IP) v6u16(i uint8) uint16 {
+	return uint16(*(ip.addr.halves()[(i/4)%2]) >> ((3 - i%4) * 16))
+}
+
+// IsZero reports whether ip is the zero value of the IP type.
+// The zero value is not a valid IP address of any type.
+//
+// Note that "0.0.0.0" and "::" are not the zero value. Use IsUnspecified to
+// check for these values instead.
+func (ip IP) IsZero() bool {
+	// Faster than comparing ip == IP{}, but effectively equivalent,
+	// as there's no way to make an IP with a nil z from this package.
+	return ip.z == z0
+}
+
+// IsValid whether the IP is an initialized value and not the IP
+// type's zero value.
+//
+// Note that both "0.0.0.0" and "::" are valid, non-zero values.
+func (ip IP) IsValid() bool { return ip.z != z0 }
+
+// BitLen returns the number of bits in the IP address:
+// 32 for IPv4 or 128 for IPv6.
+// For the zero value (see IP.IsZero), it returns 0.
+// For IP4-mapped IPv6 addresses, it returns 128.
+func (ip IP) BitLen() uint8 {
+	switch ip.z {
+	case z0:
+		return 0
+	case z4:
+		return 32
+	}
+	return 128
+}
+
+// Zone returns ip's IPv6 scoped addressing zone, if any.
+func (ip IP) Zone() string {
+	if ip.z == nil {
+		return ""
+	}
+	zone, _ := ip.z.Get().(string)
+	return zone
+}
+
+// Compare returns an integer comparing two IPs.
+// The result will be 0 if ip==ip2, -1 if ip < ip2, and +1 if ip > ip2.
+// The definition of "less than" is the same as the IP.Less method.
+func (ip IP) Compare(ip2 IP) int {
+	f1, f2 := ip.BitLen(), ip2.BitLen()
+	if f1 < f2 {
+		return -1
+	}
+	if f1 > f2 {
+		return 1
+	}
+	if hi1, hi2 := ip.addr.hi, ip2.addr.hi; hi1 < hi2 {
+		return -1
+	} else if hi1 > hi2 {
+		return 1
+	}
+	if lo1, lo2 := ip.addr.lo, ip2.addr.lo; lo1 < lo2 {
+		return -1
+	} else if lo1 > lo2 {
+		return 1
+	}
+	if ip.Is6() {
+		za, zb := ip.Zone(), ip2.Zone()
+		if za < zb {
+			return -1
+		} else if za > zb {
+			return 1
+		}
+	}
+	return 0
+}
+
+// Less reports whether ip sorts before ip2.
+// IP addresses sort first by length, then their address.
+// IPv6 addresses with zones sort just after the same address without a zone.
+func (ip IP) Less(ip2 IP) bool { return ip.Compare(ip2) == -1 }
+
+func (ip IP) lessOrEq(ip2 IP) bool { return ip.Compare(ip2) <= 0 }
+
+// ipZone returns the standard library net.IP from ip, as well
+// as the zone.
+// The optional reuse IP provides memory to reuse.
+func (ip IP) ipZone(reuse net.IP) (stdIP net.IP, zone string) {
+	base := reuse[:0]
+	switch {
+	case ip.z == z0:
+		return nil, ""
+	case ip.Is4():
+		a4 := ip.As4()
+		return append(base, a4[:]...), ""
+	default:
+		a16 := ip.As16()
+		return append(base, a16[:]...), ip.Zone()
+	}
+}
+
+// IPAddr returns the net.IPAddr representation of an IP. The returned value is
+// always non-nil, but the IPAddr.IP will be nil if ip is the zero value.
+// If ip contains a zone identifier, IPAddr.Zone is populated.
+func (ip IP) IPAddr() *net.IPAddr {
+	stdIP, zone := ip.ipZone(nil)
+	return &net.IPAddr{IP: stdIP, Zone: zone}
+}
+
+// Is4 reports whether ip is an IPv4 address.
+//
+// It returns false for IP4-mapped IPv6 addresses. See IP.Unmap.
+func (ip IP) Is4() bool {
+	return ip.z == z4
+}
+
+// Is4in6 reports whether ip is an IPv4-mapped IPv6 address.
+func (ip IP) Is4in6() bool {
+	return ip.Is6() && ip.addr.hi == 0 && ip.addr.lo>>32 == 0xffff
+}
+
+// Is6 reports whether ip is an IPv6 address, including IPv4-mapped
+// IPv6 addresses.
+func (ip IP) Is6() bool {
+	return ip.z != z0 && ip.z != z4
+}
+
+// Unmap returns ip with any IPv4-mapped IPv6 address prefix removed.
+//
+// That is, if ip is an IPv6 address wrapping an IPv4 adddress, it
+// returns the wrapped IPv4 address. Otherwise it returns ip, regardless
+// of its type.
+func (ip IP) Unmap() IP {
+	if ip.Is4in6() {
+		ip.z = z4
+	}
+	return ip
+}
+
+// WithZone returns an IP that's the same as ip but with the provided
+// zone. If zone is empty, the zone is removed. If ip is an IPv4
+// address it's returned unchanged.
+func (ip IP) WithZone(zone string) IP {
+	if !ip.Is6() {
+		return ip
+	}
+	if zone == "" {
+		ip.z = z6noz
+		return ip
+	}
+	ip.z = intern.GetByString(zone)
+	return ip
+}
+
+// noZone unconditionally strips the zone from IP.
+// It's similar to WithZone, but small enough to be inlinable.
+func (ip IP) withoutZone() IP {
+	if !ip.Is6() {
+		return ip
+	}
+	ip.z = z6noz
+	return ip
+}
+
+// hasZone reports whether IP has an IPv6 zone.
+func (ip IP) hasZone() bool {
+	return ip.z != z0 && ip.z != z4 && ip.z != z6noz
+}
+
+// IsLinkLocalUnicast reports whether ip is a link-local unicast address.
+// If ip is the zero value, it will return false.
+func (ip IP) IsLinkLocalUnicast() bool {
+	// Dynamic Configuration of IPv4 Link-Local Addresses
+	// https://datatracker.ietf.org/doc/html/rfc3927#section-2.1
+	if ip.Is4() {
+		return ip.v4(0) == 169 && ip.v4(1) == 254
+	}
+	// IP Version 6 Addressing Architecture (2.4 Address Type Identification)
+	// https://datatracker.ietf.org/doc/html/rfc4291#section-2.4
+	if ip.Is6() {
+		return ip.v6u16(0)&0xffc0 == 0xfe80
+	}
+	return false // zero value
+}
+
+// IsLoopback reports whether ip is a loopback address. If ip is the zero value,
+// it will return false.
+func (ip IP) IsLoopback() bool {
+	// Requirements for Internet Hosts -- Communication Layers (3.2.1.3 Addressing)
+	// https://datatracker.ietf.org/doc/html/rfc1122#section-3.2.1.3
+	if ip.Is4() {
+		return ip.v4(0) == 127
+	}
+	// IP Version 6 Addressing Architecture (2.4 Address Type Identification)
+	// https://datatracker.ietf.org/doc/html/rfc4291#section-2.4
+	if ip.Is6() {
+		return ip.addr.hi == 0 && ip.addr.lo == 1
+	}
+	return false // zero value
+}
+
+// IsMulticast reports whether ip is a multicast address. If ip is the zero
+// value, it will return false.
+func (ip IP) IsMulticast() bool {
+	// Host Extensions for IP Multicasting (4. HOST GROUP ADDRESSES)
+	// https://datatracker.ietf.org/doc/html/rfc1112#section-4
+	if ip.Is4() {
+		return ip.v4(0)&0xf0 == 0xe0
+	}
+	// IP Version 6 Addressing Architecture (2.4 Address Type Identification)
+	// https://datatracker.ietf.org/doc/html/rfc4291#section-2.4
+	if ip.Is6() {
+		return ip.addr.hi>>(64-8) == 0xff // ip.v6(0) == 0xff
+	}
+	return false // zero value
+}
+
+// IsInterfaceLocalMulticast reports whether ip is an IPv6 interface-local
+// multicast address. If ip is the zero value or an IPv4 address, it will return
+// false.
+func (ip IP) IsInterfaceLocalMulticast() bool {
+	// IPv6 Addressing Architecture (2.7.1. Pre-Defined Multicast Addresses)
+	// https://datatracker.ietf.org/doc/html/rfc4291#section-2.7.1
+	if ip.Is6() {
+		return ip.v6u16(0)&0xff0f == 0xff01
+	}
+	return false // zero value
+}
+
+// IsLinkLocalMulticast reports whether ip is a link-local multicast address.
+// If ip is the zero value, it will return false.
+func (ip IP) IsLinkLocalMulticast() bool {
+	// IPv4 Multicast Guidelines (4. Local Network Control Block (224.0.0/24))
+	// https://datatracker.ietf.org/doc/html/rfc5771#section-4
+	if ip.Is4() {
+		return ip.v4(0) == 224 && ip.v4(1) == 0 && ip.v4(2) == 0
+	}
+	// IPv6 Addressing Architecture (2.7.1. Pre-Defined Multicast Addresses)
+	// https://datatracker.ietf.org/doc/html/rfc4291#section-2.7.1
+	if ip.Is6() {
+		return ip.v6u16(0)&0xff0f == 0xff02
+	}
+	return false // zero value
+}
+
+// IsGlobalUnicast reports whether ip is a global unicast address.
+//
+// It returns true for IPv6 addresses which fall outside of the current
+// IANA-allocated 2000::/3 global unicast space, with the exception of the
+// link-local address space. It also returns true even if ip is in the IPv4
+// private address space or IPv6 unique local address space. If ip is the zero
+// value, it will return false.
+//
+// For reference, see RFC 1122, RFC 4291, and RFC 4632.
+func (ip IP) IsGlobalUnicast() bool {
+	if ip.z == z0 {
+		// Invalid or zero-value.
+		return false
+	}
+
+	// Match the stdlib's IsGlobalUnicast logic. Notably private IPv4 addresses
+	// and ULA IPv6 addresses are still considered "global unicast".
+	if ip.Is4() && (ip == IPv4(0, 0, 0, 0) || ip == IPv4(255, 255, 255, 255)) {
+		return false
+	}
+
+	return ip != IPv6Unspecified() &&
+		!ip.IsLoopback() &&
+		!ip.IsMulticast() &&
+		!ip.IsLinkLocalUnicast()
+}
+
+// IsPrivate reports whether ip is a private address, according to RFC 1918
+// (IPv4 addresses) and RFC 4193 (IPv6 addresses). That is, it reports whether
+// ip is in 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, or fc00::/7. This is the
+// same as the standard library's net.IP.IsPrivate.
+func (ip IP) IsPrivate() bool {
+	// Match the stdlib's IsPrivate logic.
+	if ip.Is4() {
+		// RFC 1918 allocates 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16 as
+		// private IPv4 address subnets.
+		return ip.v4(0) == 10 ||
+			(ip.v4(0) == 172 && ip.v4(1)&0xf0 == 16) ||
+			(ip.v4(0) == 192 && ip.v4(1) == 168)
+	}
+
+	if ip.Is6() {
+		// RFC 4193 allocates fc00::/7 as the unique local unicast IPv6 address
+		// subnet.
+		return ip.v6(0)&0xfe == 0xfc
+	}
+
+	return false // zero value
+}
+
+// IsUnspecified reports whether ip is an unspecified address, either the IPv4
+// address "0.0.0.0" or the IPv6 address "::".
+//
+// Note that the IP zero value is not an unspecified address. Use IsZero to
+// check for the zero value instead.
+func (ip IP) IsUnspecified() bool {
+	return ip == IPv4(0, 0, 0, 0) || ip == IPv6Unspecified()
+}
+
+// Prefix applies a CIDR mask of leading bits to IP, producing an IPPrefix
+// of the specified length. If IP is the zero value, a zero-value IPPrefix and
+// a nil error are returned. If bits is larger than 32 for an IPv4 address or
+// 128 for an IPv6 address, an error is returned.
+func (ip IP) Prefix(bits uint8) (IPPrefix, error) {
+	effectiveBits := bits
+	switch ip.z {
+	case z0:
+		return IPPrefix{}, nil
+	case z4:
+		if bits > 32 {
+			return IPPrefix{}, fmt.Errorf("prefix length %d too large for IPv4", bits)
+		}
+		effectiveBits += 96
+	default:
+		if bits > 128 {
+			return IPPrefix{}, fmt.Errorf("prefix length %d too large for IPv6", bits)
+		}
+	}
+	ip.addr = ip.addr.and(mask6[effectiveBits])
+	return IPPrefixFrom(ip, bits), nil
+}
+
+// Netmask applies a bit mask to IP, producing an IPPrefix. If IP is the
+// zero value, a zero-value IPPrefix and a nil error are returned. If the
+// netmask length is not 4 for IPv4 or 16 for IPv6, an error is
+// returned. If the netmask is non-contiguous, an error is returned.
+func (ip IP) Netmask(mask []byte) (IPPrefix, error) {
+	l := len(mask)
+
+	switch ip.z {
+	case z0:
+		return IPPrefix{}, nil
+	case z4:
+		if l != net.IPv4len {
+			return IPPrefix{}, fmt.Errorf("netmask length %d incorrect for IPv4", l)
+		}
+	default:
+		if l != net.IPv6len {
+			return IPPrefix{}, fmt.Errorf("netmask length %d incorrect for IPv6", l)
+		}
+	}
+
+	ones, bits := net.IPMask(mask).Size()
+	if ones == 0 && bits == 0 {
+		return IPPrefix{}, errors.New("netmask is non-contiguous")
+	}
+
+	return ip.Prefix(uint8(ones))
+}
+
+// As16 returns the IP address in its 16 byte representation.
+// IPv4 addresses are returned in their v6-mapped form.
+// IPv6 addresses with zones are returned without their zone (use the
+// Zone method to get it).
+// The ip zero value returns all zeroes.
+func (ip IP) As16() [16]byte {
+	var ret [16]byte
+	binary.BigEndian.PutUint64(ret[:8], ip.addr.hi)
+	binary.BigEndian.PutUint64(ret[8:], ip.addr.lo)
+	return ret
+}
+
+// As4 returns an IPv4 or IPv4-in-IPv6 address in its 4 byte representation.
+// If ip is the IP zero value or an IPv6 address, As4 panics.
+// Note that 0.0.0.0 is not the zero value.
+func (ip IP) As4() [4]byte {
+	if ip.z == z4 || ip.Is4in6() {
+		var ret [4]byte
+		binary.BigEndian.PutUint32(ret[:], uint32(ip.addr.lo))
+		return ret
+	}
+	if ip.z == z0 {
+		panic("As4 called on IP zero value")
+	}
+	panic("As4 called on IPv6 address")
+}
+
+// Next returns the IP following ip.
+// If there is none, it returns the IP zero value.
+func (ip IP) Next() IP {
+	ip.addr = ip.addr.addOne()
+	if ip.Is4() {
+		if uint32(ip.addr.lo) == 0 {
+			// Overflowed.
+			return IP{}
+		}
+	} else {
+		if ip.addr.isZero() {
+			// Overflowed
+			return IP{}
+		}
+	}
+	return ip
+}
+
+// Prior returns the IP before ip.
+// If there is none, it returns the IP zero value.
+func (ip IP) Prior() IP {
+	if ip.Is4() {
+		if uint32(ip.addr.lo) == 0 {
+			return IP{}
+		}
+	} else if ip.addr.isZero() {
+		return IP{}
+	}
+	ip.addr = ip.addr.subOne()
+	return ip
+}
+
+// String returns the string form of the IP address ip.
+// It returns one of 4 forms:
+//
+//   - "invalid IP", if ip is the zero value
+//   - IPv4 dotted decimal ("192.0.2.1")
+//   - IPv6 ("2001:db8::1")
+//   - IPv6 with zone ("fe80:db8::1%eth0")
+//
+// Note that unlike the Go standard library's IP.String method,
+// IP4-mapped IPv6 addresses do not format as dotted decimals.
+func (ip IP) String() string {
+	switch ip.z {
+	case z0:
+		return "zero IP"
+	case z4:
+		return ip.string4()
+	default:
+		return ip.string6()
+	}
+}
+
+// AppendTo appends a text encoding of ip,
+// as generated by MarshalText,
+// to b and returns the extended buffer.
+func (ip IP) AppendTo(b []byte) []byte {
+	switch ip.z {
+	case z0:
+		return b
+	case z4:
+		return ip.appendTo4(b)
+	default:
+		return ip.appendTo6(b)
+	}
+}
+
+// digits is a string of the hex digits from 0 to f. It's used in
+// appendDecimal and appendHex to format IP addresses.
+const digits = "0123456789abcdef"
+
+// appendDecimal appends the decimal string representation of x to b.
+func appendDecimal(b []byte, x uint8) []byte {
+	// Using this function rather than strconv.AppendUint makes IPv4
+	// string building 2x faster.
+
+	if x >= 100 {
+		b = append(b, digits[x/100])
+	}
+	if x >= 10 {
+		b = append(b, digits[x/10%10])
+	}
+	return append(b, digits[x%10])
+}
+
+// appendHex appends the hex string representation of x to b.
+func appendHex(b []byte, x uint16) []byte {
+	// Using this function rather than strconv.AppendUint makes IPv6
+	// string building 2x faster.
+
+	if x >= 0x1000 {
+		b = append(b, digits[x>>12])
+	}
+	if x >= 0x100 {
+		b = append(b, digits[x>>8&0xf])
+	}
+	if x >= 0x10 {
+		b = append(b, digits[x>>4&0xf])
+	}
+	return append(b, digits[x&0xf])
+}
+
+// appendHexPad appends the fully padded hex string representation of x to b.
+func appendHexPad(b []byte, x uint16) []byte {
+	return append(b, digits[x>>12], digits[x>>8&0xf], digits[x>>4&0xf], digits[x&0xf])
+}
+
+func (ip IP) string4() string {
+	const max = len("255.255.255.255")
+	ret := make([]byte, 0, max)
+	ret = ip.appendTo4(ret)
+	return string(ret)
+}
+
+func (ip IP) appendTo4(ret []byte) []byte {
+	ret = appendDecimal(ret, ip.v4(0))
+	ret = append(ret, '.')
+	ret = appendDecimal(ret, ip.v4(1))
+	ret = append(ret, '.')
+	ret = appendDecimal(ret, ip.v4(2))
+	ret = append(ret, '.')
+	ret = appendDecimal(ret, ip.v4(3))
+	return ret
+}
+
+// string6 formats ip in IPv6 textual representation. It follows the
+// guidelines in section 4 of RFC 5952
+// (https://tools.ietf.org/html/rfc5952#section-4): no unnecessary
+// zeros, use :: to elide the longest run of zeros, and don't use ::
+// to compact a single zero field.
+func (ip IP) string6() string {
+	// Use a zone with a "plausibly long" name, so that most zone-ful
+	// IP addresses won't require additional allocation.
+	//
+	// The compiler does a cool optimization here, where ret ends up
+	// stack-allocated and so the only allocation this function does
+	// is to construct the returned string. As such, it's okay to be a
+	// bit greedy here, size-wise.
+	const max = len("ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff%enp5s0")
+	ret := make([]byte, 0, max)
+	ret = ip.appendTo6(ret)
+	return string(ret)
+}
+
+func (ip IP) appendTo6(ret []byte) []byte {
+	zeroStart, zeroEnd := uint8(255), uint8(255)
+	for i := uint8(0); i < 8; i++ {
+		j := i
+		for j < 8 && ip.v6u16(j) == 0 {
+			j++
+		}
+		if l := j - i; l >= 2 && l > zeroEnd-zeroStart {
+			zeroStart, zeroEnd = i, j
+		}
+	}
+
+	for i := uint8(0); i < 8; i++ {
+		if i == zeroStart {
+			ret = append(ret, ':', ':')
+			i = zeroEnd
+			if i >= 8 {
+				break
+			}
+		} else if i > 0 {
+			ret = append(ret, ':')
+		}
+
+		ret = appendHex(ret, ip.v6u16(i))
+	}
+
+	if ip.z != z6noz {
+		ret = append(ret, '%')
+		ret = append(ret, ip.Zone()...)
+	}
+	return ret
+}
+
+// StringExpanded is like String but IPv6 addresses are expanded with leading
+// zeroes and no "::" compression. For example, "2001:db8::1" becomes
+// "2001:0db8:0000:0000:0000:0000:0000:0001".
+func (ip IP) StringExpanded() string {
+	switch ip.z {
+	case z0, z4:
+		return ip.String()
+	}
+
+	const size = len("ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff")
+	ret := make([]byte, 0, size)
+	for i := uint8(0); i < 8; i++ {
+		if i > 0 {
+			ret = append(ret, ':')
+		}
+
+		ret = appendHexPad(ret, ip.v6u16(i))
+	}
+
+	if ip.z != z6noz {
+		// The addition of a zone will cause a second allocation, but when there
+		// is no zone the ret slice will be stack allocated.
+		ret = append(ret, '%')
+		ret = append(ret, ip.Zone()...)
+	}
+	return string(ret)
+}
+
+// MarshalText implements the encoding.TextMarshaler interface,
+// The encoding is the same as returned by String, with one exception:
+// If ip is the zero value, the encoding is the empty string.
+func (ip IP) MarshalText() ([]byte, error) {
+	switch ip.z {
+	case z0:
+		return []byte(""), nil
+	case z4:
+		max := len("255.255.255.255")
+		b := make([]byte, 0, max)
+		return ip.appendTo4(b), nil
+	default:
+		max := len("ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff%enp5s0")
+		b := make([]byte, 0, max)
+		return ip.appendTo6(b), nil
+	}
+}
+
+// UnmarshalText implements the encoding.TextUnmarshaler interface.
+// The IP address is expected in a form accepted by ParseIP.
+// It returns an error if *ip is not the IP zero value.
+func (ip *IP) UnmarshalText(text []byte) error {
+	if ip.z != z0 {
+		return errors.New("refusing to Unmarshal into non-zero IP")
+	}
+	if len(text) == 0 {
+		return nil
+	}
+	var err error
+	*ip, err = ParseIP(string(text))
+	return err
+}
+
+// MarshalBinary implements the encoding.BinaryMarshaler interface.
+func (ip IP) MarshalBinary() ([]byte, error) {
+	switch ip.z {
+	case z0:
+		return nil, nil
+	case z4:
+		b := ip.As4()
+		return b[:], nil
+	default:
+		b16 := ip.As16()
+		b := b16[:]
+		if z := ip.Zone(); z != "" {
+			b = append(b, []byte(z)...)
+		}
+		return b, nil
+	}
+}
+
+// UnmarshalBinary implements the encoding.BinaryUnmarshaler interface.
+func (ip *IP) UnmarshalBinary(b []byte) error {
+	if ip.z != z0 {
+		return errors.New("refusing to Unmarshal into non-zero IP")
+	}
+	n := len(b)
+	switch {
+	case n == 0:
+		return nil
+	case n == 4:
+		*ip = IPv4(b[0], b[1], b[2], b[3])
+		return nil
+	case n == 16:
+		*ip = ipv6Slice(b)
+		return nil
+	case n > 16:
+		*ip = ipv6Slice(b[:16]).WithZone(string(b[16:]))
+		return nil
+	}
+	return fmt.Errorf("unexpected ip size: %v", len(b))
+}
+
+// IPPort is an IP and a port number.
+type IPPort struct {
+	ip   IP
+	port uint16
+}
+
+// IPPortFrom returns an IPPort with IP ip and port port.
+// It does not allocate.
+func IPPortFrom(ip IP, port uint16) IPPort { return IPPort{ip: ip, port: port} }
+
+// WithIP returns an IPPort with IP ip and port p.Port().
+func (p IPPort) WithIP(ip IP) IPPort { return IPPort{ip: ip, port: p.port} }
+
+// WithIP returns an IPPort with IP p.IP() and port port.
+func (p IPPort) WithPort(port uint16) IPPort { return IPPort{ip: p.ip, port: port} }
+
+// IP returns p's IP.
+func (p IPPort) IP() IP { return p.ip }
+
+// Port returns p's port.
+func (p IPPort) Port() uint16 { return p.port }
+
+// splitIPPort splits s into an IP address string and a port
+// string. It splits strings shaped like "foo:bar" or "[foo]:bar",
+// without further validating the substrings. v6 indicates whether the
+// ip string should parse as an IPv6 address or an IPv4 address, in
+// order for s to be a valid ip:port string.
+func splitIPPort(s string) (ip, port string, v6 bool, err error) {
+	i := strings.LastIndexByte(s, ':')
+	if i == -1 {
+		return "", "", false, errors.New("not an ip:port")
+	}
+
+	ip, port = s[:i], s[i+1:]
+	if len(ip) == 0 {
+		return "", "", false, errors.New("no IP")
+	}
+	if len(port) == 0 {
+		return "", "", false, errors.New("no port")
+	}
+	if ip[0] == '[' {
+		if len(ip) < 2 || ip[len(ip)-1] != ']' {
+			return "", "", false, errors.New("missing ]")
+		}
+		ip = ip[1 : len(ip)-1]
+		v6 = true
+	}
+
+	return ip, port, v6, nil
+}
+
+// ParseIPPort parses s as an IPPort.
+//
+// It doesn't do any name resolution, and ports must be numeric.
+func ParseIPPort(s string) (IPPort, error) {
+	var ipp IPPort
+	ip, port, v6, err := splitIPPort(s)
+	if err != nil {
+		return ipp, err
+	}
+	port16, err := strconv.ParseUint(port, 10, 16)
+	if err != nil {
+		return ipp, fmt.Errorf("invalid port %q parsing %q", port, s)
+	}
+	ipp.port = uint16(port16)
+	ipp.ip, err = ParseIP(ip)
+	if err != nil {
+		return IPPort{}, err
+	}
+	if v6 && ipp.ip.Is4() {
+		return IPPort{}, fmt.Errorf("invalid ip:port %q, square brackets can only be used with IPv6 addresses", s)
+	} else if !v6 && ipp.ip.Is6() {
+		return IPPort{}, fmt.Errorf("invalid ip:port %q, IPv6 addresses must be surrounded by square brackets", s)
+	}
+	return ipp, nil
+}
+
+// MustParseIPPort calls ParseIPPort(s) and panics on error.
+// It is intended for use in tests with hard-coded strings.
+func MustParseIPPort(s string) IPPort {
+	ip, err := ParseIPPort(s)
+	if err != nil {
+		panic(err)
+	}
+	return ip
+}
+
+// IsZero reports whether p is its zero value.
+func (p IPPort) IsZero() bool { return p == IPPort{} }
+
+// IsValid reports whether p.IP() is valid.
+// All ports are valid, including zero.
+func (p IPPort) IsValid() bool { return p.ip.IsValid() }
+
+// Valid reports whether p.IP() is valid.
+// All ports are valid, including zero.
+//
+// Deprecated: use the correctly named and identical IsValid method instead.
+func (p IPPort) Valid() bool { return p.IsValid() }
+
+func (p IPPort) String() string {
+	switch p.ip.z {
+	case z0:
+		return "invalid IPPort"
+	case z4:
+		a := p.ip.As4()
+		return fmt.Sprintf("%d.%d.%d.%d:%d", a[0], a[1], a[2], a[3], p.port)
+	default:
+		// TODO: this could be more efficient allocation-wise:
+		return net.JoinHostPort(p.ip.String(), strconv.Itoa(int(p.port)))
+	}
+}
+
+// AppendTo appends a text encoding of p,
+// as generated by MarshalText,
+// to b and returns the extended buffer.
+func (p IPPort) AppendTo(b []byte) []byte {
+	switch p.ip.z {
+	case z0:
+		return b
+	case z4:
+		b = p.ip.appendTo4(b)
+	default:
+		b = append(b, '[')
+		b = p.ip.appendTo6(b)
+		b = append(b, ']')
+	}
+	b = append(b, ':')
+	b = strconv.AppendInt(b, int64(p.port), 10)
+	return b
+}
+
+// MarshalText implements the encoding.TextMarshaler interface. The
+// encoding is the same as returned by String, with one exception: if
+// p.IP() is the zero value, the encoding is the empty string.
+func (p IPPort) MarshalText() ([]byte, error) {
+	var max int
+	switch p.ip.z {
+	case z0:
+	case z4:
+		max = len("255.255.255.255:65535")
+	default:
+		max = len("[ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff%enp5s0]:65535")
+	}
+	b := make([]byte, 0, max)
+	b = p.AppendTo(b)
+	return b, nil
+}
+
+// UnmarshalText implements the encoding.TextUnmarshaler
+// interface. The IPPort is expected in a form accepted by
+// ParseIPPort. It returns an error if *p is not the IPPort zero
+// value.
+func (p *IPPort) UnmarshalText(text []byte) error {
+	if p.ip.z != z0 || p.port != 0 {
+		return errors.New("refusing to Unmarshal into non-zero IPPort")
+	}
+	if len(text) == 0 {
+		return nil
+	}
+	var err error
+	*p, err = ParseIPPort(string(text))
+	return err
+}
+
+// FromStdAddr maps the components of a standard library TCPAddr or
+// UDPAddr into an IPPort.
+func FromStdAddr(stdIP net.IP, port int, zone string) (_ IPPort, ok bool) {
+	ip, ok := FromStdIP(stdIP)
+	if !ok || port < 0 || port > math.MaxUint16 {
+		return
+	}
+	ip = ip.Unmap()
+	if zone != "" {
+		if ip.Is4() {
+			ok = false
+			return
+		}
+		ip = ip.WithZone(zone)
+	}
+	return IPPort{ip: ip, port: uint16(port)}, true
+}
+
+// UDPAddr returns a standard library net.UDPAddr from p.
+// The returned value is always non-nil. If p.IP() is the zero
+// value, then UDPAddr.IP is nil.
+//
+// UDPAddr necessarily does two allocations. If you have an existing
+// UDPAddr already allocated, see UDPAddrAt.
+func (p IPPort) UDPAddr() *net.UDPAddr {
+	ret := &net.UDPAddr{
+		Port: int(p.port),
+	}
+	ret.IP, ret.Zone = p.ip.ipZone(nil)
+	return ret
+}
+
+// UDPAddrAt is like UDPAddr, but reuses the provided UDPAddr, which
+// must be non-nil. If at.IP has a capacity of 16, UDPAddrAt is
+// allocation-free. It returns at to facilitate using this method as a
+// wrapper.
+func (p IPPort) UDPAddrAt(at *net.UDPAddr) *net.UDPAddr {
+	at.Port = int(p.port)
+	at.IP, at.Zone = p.ip.ipZone(at.IP)
+	return at
+}
+
+// TCPAddr returns a standard library net.TCPAddr from p.
+// The returned value is always non-nil. If p.IP() is the zero
+// value, then TCPAddr.IP is nil.
+func (p IPPort) TCPAddr() *net.TCPAddr {
+	ip, zone := p.ip.ipZone(nil)
+	return &net.TCPAddr{
+		IP:   ip,
+		Port: int(p.port),
+		Zone: zone,
+	}
+}
+
+// IPPrefix is an IP address prefix (CIDR) representing an IP network.
+//
+// The first Bits() of IP() are specified. The remaining bits match any address.
+// The range of Bits() is [0,32] for IPv4 or [0,128] for IPv6.
+type IPPrefix struct {
+	ip   IP
+	bits uint8
+}
+
+// IPPrefixFrom returns an IPPrefix with IP ip and provided bits prefix length.
+// It does not allocate.
+func IPPrefixFrom(ip IP, bits uint8) IPPrefix {
+	return IPPrefix{
+		ip:   ip.withoutZone(),
+		bits: bits,
+	}
+}
+
+// IP returns p's IP.
+func (p IPPrefix) IP() IP { return p.ip }
+
+// Bits returns p's prefix length.
+func (p IPPrefix) Bits() uint8 { return p.bits }
+
+// IsValid reports whether whether p.Bits() has a valid range for p.IP().
+// If p.IP() is zero, Valid returns false.
+func (p IPPrefix) IsValid() bool { return !p.ip.IsZero() && p.bits <= p.ip.BitLen() }
+
+// Valid reports whether whether p.Bits() has a valid range for p.IP().
+// If p.IP() is zero, Valid returns false.
+//
+// Deprecated: use the correctly named and identical IsValid method instead.
+func (p IPPrefix) Valid() bool { return p.IsValid() }
+
+// IsZero reports whether p is its zero value.
+func (p IPPrefix) IsZero() bool { return p == IPPrefix{} }
+
+// IsSingleIP reports whether p contains exactly one IP.
+func (p IPPrefix) IsSingleIP() bool { return p.bits != 0 && p.bits == p.ip.BitLen() }
+
+// FromStdIPNet returns an IPPrefix from the standard library's IPNet type.
+// If std is invalid, ok is false.
+func FromStdIPNet(std *net.IPNet) (prefix IPPrefix, ok bool) {
+	ip, ok := FromStdIP(std.IP)
+	if !ok {
+		return IPPrefix{}, false
+	}
+
+	if l := len(std.Mask); l != net.IPv4len && l != net.IPv6len {
+		// Invalid mask.
+		return IPPrefix{}, false
+	}
+
+	ones, bits := std.Mask.Size()
+	if ones == 0 && bits == 0 {
+		// IPPrefix does not support non-contiguous masks.
+		return IPPrefix{}, false
+	}
+
+	return IPPrefix{
+		ip:   ip,
+		bits: uint8(ones),
+	}, true
+}
+
+// ParseIPPrefix parses s as an IP address prefix.
+// The string can be in the form "192.168.1.0/24" or "2001::db8::/32",
+// the CIDR notation defined in RFC 4632 and RFC 4291.
+//
+// Note that masked address bits are not zeroed. Use Masked for that.
+func ParseIPPrefix(s string) (IPPrefix, error) {
+	i := strings.LastIndexByte(s, '/')
+	if i < 0 {
+		return IPPrefix{}, fmt.Errorf("netaddr.ParseIPPrefix(%q): no '/'", s)
+	}
+	ip, err := ParseIP(s[:i])
+	if err != nil {
+		return IPPrefix{}, fmt.Errorf("netaddr.ParseIPPrefix(%q): %v", s, err)
+	}
+	s = s[i+1:]
+	bits, err := strconv.Atoi(s)
+	if err != nil {
+		return IPPrefix{}, fmt.Errorf("netaddr.ParseIPPrefix(%q): bad prefix: %v", s, err)
+	}
+	maxBits := 32
+	if ip.Is6() {
+		maxBits = 128
+	}
+	if bits < 0 || bits > maxBits {
+		return IPPrefix{}, fmt.Errorf("netaddr.ParseIPPrefix(%q): prefix length out of range", s)
+	}
+	return IPPrefixFrom(ip, uint8(bits)), nil
+}
+
+// MustParseIPPrefix calls ParseIPPrefix(s) and panics on error.
+// It is intended for use in tests with hard-coded strings.
+func MustParseIPPrefix(s string) IPPrefix {
+	ip, err := ParseIPPrefix(s)
+	if err != nil {
+		panic(err)
+	}
+	return ip
+}
+
+// Masked returns p in its canonical form, with bits of p.IP() not in p.Bits() masked off.
+// If p is zero or otherwise invalid, Masked returns the zero value.
+func (p IPPrefix) Masked() IPPrefix {
+	if m, err := p.ip.Prefix(p.bits); err == nil {
+		return m
+	}
+	return IPPrefix{}
+}
+
+// Range returns the inclusive range of IPs that p covers.
+//
+// If p is zero or otherwise invalid, Range returns the zero value.
+func (p IPPrefix) Range() IPRange {
+	p = p.Masked()
+	if p.IsZero() {
+		return IPRange{}
+	}
+	return IPRangeFrom(p.ip, p.lastIP())
+}
+
+// IPNet returns the net.IPNet representation of an IPPrefix.
+// The returned value is always non-nil.
+// Any zone identifier is dropped in the conversion.
+func (p IPPrefix) IPNet() *net.IPNet {
+	if !p.IsValid() {
+		return &net.IPNet{}
+	}
+	stdIP, _ := p.ip.ipZone(nil)
+	return &net.IPNet{
+		IP:   stdIP,
+		Mask: net.CIDRMask(int(p.bits), int(p.ip.BitLen())),
+	}
+}
+
+// Contains reports whether the network p includes ip.
+//
+// An IPv4 address will not match an IPv6 prefix.
+// A v6-mapped IPv6 address will not match an IPv4 prefix.
+// A zero-value IP will not match any prefix.
+// If ip has an IPv6 zone, Contains returns false,
+// because IPPrefixes strip zones.
+func (p IPPrefix) Contains(ip IP) bool {
+	if !p.IsValid() || ip.hasZone() {
+		return false
+	}
+	if f1, f2 := p.ip.BitLen(), ip.BitLen(); f1 == 0 || f2 == 0 || f1 != f2 {
+		return false
+	}
+	if ip.Is4() {
+		// xor the IP addresses together; mismatched bits are now ones.
+		// Shift away the number of bits we don't care about.
+		// Shifts in Go are more efficient if the compiler can prove
+		// that the shift amount is smaller than the width of the shifted type (64 here).
+		// We know that p.bits is in the range 0..32 because p is Valid;
+		// the compiler doesn't know that, so mask with 63 to help it.
+		// Now truncate to 32 bits, because this is IPv4.
+		// If all the bits we care about are equal, the result will be zero.
+		return uint32((ip.addr.lo^p.ip.addr.lo)>>((32-p.bits)&63)) == 0
+	} else {
+		// xor the IP addresses together.
+		// Mask away the bits we don't care about.
+		// If all the bits we care about are equal, the result will be zero.
+		return ip.addr.xor(p.ip.addr).and(mask6[p.bits]).isZero()
+	}
+}
+
+// Overlaps reports whether p and o overlap at all.
+//
+// If p and o are of different address families or either have a zero
+// IP, it reports false. Like the Contains method, a prefix with a
+// v6-mapped IPv4 IP is still treated as an IPv6 mask.
+//
+// If either has a Bits of zero, it returns true.
+func (p IPPrefix) Overlaps(o IPPrefix) bool {
+	if !p.IsValid() || !o.IsValid() {
+		return false
+	}
+	if p == o {
+		return true
+	}
+	if p.ip.Is4() != o.ip.Is4() {
+		return false
+	}
+	var minBits uint8
+	if p.bits < o.bits {
+		minBits = p.bits
+	} else {
+		minBits = o.bits
+	}
+	if minBits == 0 {
+		return true
+	}
+	// One of these Prefix calls might look redundant, but we don't require
+	// that p and o values are normalized (via IPPrefix.Masked) first,
+	// so the Prefix call on the one that's already minBits serves to zero
+	// out any remaining bits in IP.
+	var err error
+	if p, err = p.ip.Prefix(minBits); err != nil {
+		return false
+	}
+	if o, err = o.ip.Prefix(minBits); err != nil {
+		return false
+	}
+	return p.ip == o.ip
+}
+
+// AppendTo appends a text encoding of p,
+// as generated by MarshalText,
+// to b and returns the extended buffer.
+func (p IPPrefix) AppendTo(b []byte) []byte {
+	if p.IsZero() {
+		return b
+	}
+	if !p.IsValid() {
+		return append(b, "invalid IPPrefix"...)
+	}
+
+	// p.IP is non-zero, because p is valid.
+	if p.ip.z == z4 {
+		b = p.ip.appendTo4(b)
+	} else {
+		b = p.ip.appendTo6(b)
+	}
+
+	b = append(b, '/')
+	b = appendDecimal(b, p.bits)
+	return b
+}
+
+// MarshalText implements the encoding.TextMarshaler interface,
+// The encoding is the same as returned by String, with one exception:
+// If p is the zero value, the encoding is the empty string.
+func (p IPPrefix) MarshalText() ([]byte, error) {
+	var max int
+	switch p.ip.z {
+	case z0:
+	case z4:
+		max = len("255.255.255.255/32")
+	default:
+		max = len("ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff%enp5s0/128")
+	}
+	b := make([]byte, 0, max)
+	b = p.AppendTo(b)
+	return b, nil
+}
+
+// UnmarshalText implements the encoding.TextUnmarshaler interface.
+// The IP address is expected in a form accepted by ParseIPPrefix.
+// It returns an error if *p is not the IPPrefix zero value.
+func (p *IPPrefix) UnmarshalText(text []byte) error {
+	if *p != (IPPrefix{}) {
+		return errors.New("refusing to Unmarshal into non-zero IPPrefix")
+	}
+	if len(text) == 0 {
+		return nil
+	}
+	var err error
+	*p, err = ParseIPPrefix(string(text))
+	return err
+}
+
+// String returns the CIDR notation of p: "<ip>/<bits>".
+func (p IPPrefix) String() string {
+	if p.IsZero() {
+		return "zero IPPrefix"
+	}
+	if !p.IsValid() {
+		return "invalid IPPrefix"
+	}
+	return fmt.Sprintf("%s/%d", p.ip, p.bits)
+}
+
+// lastIP returns the last IP in the prefix.
+func (p IPPrefix) lastIP() IP {
+	if !p.IsValid() {
+		return IP{}
+	}
+	a16 := p.ip.As16()
+	var off uint8
+	var bits uint8 = 128
+	if p.ip.Is4() {
+		off = 12
+		bits = 32
+	}
+	for b := p.bits; b < bits; b++ {
+		byteNum, bitInByte := b/8, 7-(b%8)
+		a16[off+byteNum] |= 1 << uint(bitInByte)
+	}
+	if p.ip.Is4() {
+		return IPFrom16(a16)
+	} else {
+		return IPv6Raw(a16) // doesn't unmap
+	}
+}
+
+// IPRange represents an inclusive range of IP addresses
+// from the same address family.
+//
+// The From() and To() IPs are inclusive bounds, both included in the
+// range.
+//
+// To be valid, the From() and To() values must be non-zero, have matching
+// address families (IPv4 vs IPv6), and From() must be less than or equal to To().
+// IPv6 zones are stripped out and ignored.
+// An invalid range may be ignored.
+type IPRange struct {
+	// from is the initial IP address in the range.
+	from IP
+
+	// to is the final IP address in the range.
+	to IP
+}
+
+// IPRangeFrom returns an IPRange from from to to.
+// It does not allocate.
+func IPRangeFrom(from, to IP) IPRange {
+	return IPRange{
+		from: from.withoutZone(),
+		to:   to.withoutZone(),
+	}
+}
+
+// From returns the lower bound of r.
+func (r IPRange) From() IP { return r.from }
+
+// To returns the upper bound of r.
+func (r IPRange) To() IP { return r.to }
+
+// ParseIPRange parses a range out of two IPs separated by a hyphen.
+//
+// It returns an error if the range is not valid.
+func ParseIPRange(s string) (IPRange, error) {
+	var r IPRange
+	h := strings.IndexByte(s, '-')
+	if h == -1 {
+		return r, fmt.Errorf("no hyphen in range %q", s)
+	}
+	from, to := s[:h], s[h+1:]
+	var err error
+	r.from, err = ParseIP(from)
+	if err != nil {
+		return r, fmt.Errorf("invalid From IP %q in range %q", from, s)
+	}
+	r.from = r.from.withoutZone()
+	r.to, err = ParseIP(to)
+	if err != nil {
+		return r, fmt.Errorf("invalid To IP %q in range %q", to, s)
+	}
+	r.to = r.to.withoutZone()
+	if !r.IsValid() {
+		return r, fmt.Errorf("range %v to %v not valid", r.from, r.to)
+	}
+	return r, nil
+}
+
+// MustParseIPRange calls ParseIPRange(s) and panics on error.
+// It is intended for use in tests with hard-coded strings.
+func MustParseIPRange(s string) IPRange {
+	r, err := ParseIPRange(s)
+	if err != nil {
+		panic(err)
+	}
+	return r
+}
+
+// String returns a string representation of the range.
+//
+// For a valid range, the form is "From-To" with a single hyphen
+// separating the IPs, the same format recognized by
+// ParseIPRange.
+func (r IPRange) String() string {
+	if r.IsValid() {
+		return fmt.Sprintf("%s-%s", r.from, r.to)
+	}
+	if r.from.IsZero() || r.to.IsZero() {
+		return "zero IPRange"
+	}
+	return "invalid IPRange"
+}
+
+// AppendTo appends a text encoding of r,
+// as generated by MarshalText,
+// to b and returns the extended buffer.
+func (r IPRange) AppendTo(b []byte) []byte {
+	if r.IsZero() {
+		return b
+	}
+	b = r.from.AppendTo(b)
+	b = append(b, '-')
+	b = r.to.AppendTo(b)
+	return b
+}
+
+// MarshalText implements the encoding.TextMarshaler interface,
+// The encoding is the same as returned by String, with one exception:
+// If ip is the zero value, the encoding is the empty string.
+func (r IPRange) MarshalText() ([]byte, error) {
+	if r.IsZero() {
+		return []byte(""), nil
+	}
+	var max int
+	if r.from.z == z4 {
+		max = len("255.255.255.255-255.255.255.255")
+	} else {
+		max = len("ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff")
+	}
+	b := make([]byte, 0, max)
+	return r.AppendTo(b), nil
+}
+
+// UnmarshalText implements the encoding.TextUnmarshaler interface.
+// The IP range is expected in a form accepted by ParseIPRange.
+// It returns an error if *r is not the IPRange zero value.
+func (r *IPRange) UnmarshalText(text []byte) error {
+	if *r != (IPRange{}) {
+		return errors.New("refusing to Unmarshal into non-zero IPRange")
+	}
+	if len(text) == 0 {
+		return nil
+	}
+	var err error
+	*r, err = ParseIPRange(string(text))
+	return err
+}
+
+// IsZero reports whether r is the zero value of the IPRange type.
+func (r IPRange) IsZero() bool {
+	return r == IPRange{}
+}
+
+// IsValid reports whether r.From() and r.To() are both non-zero and
+// obey the documented requirements: address families match, and From
+// is less than or equal to To.
+func (r IPRange) IsValid() bool {
+	return !r.from.IsZero() &&
+		r.from.z == r.to.z &&
+		!r.to.Less(r.from)
+}
+
+// Valid reports whether r.From() and r.To() are both non-zero and
+// obey the documented requirements: address families match, and From
+// is less than or equal to To.
+//
+// Deprecated: use the correctly named and identical IsValid method instead.
+func (r IPRange) Valid() bool { return r.IsValid() }
+
+// Contains reports whether the range r includes addr.
+//
+// An invalid range always reports false.
+//
+// If ip has an IPv6 zone, Contains returns false,
+// because IPPrefixes strip zones.
+func (r IPRange) Contains(addr IP) bool {
+	return r.IsValid() && !addr.hasZone() && r.contains(addr)
+}
+
+// contains is like Contains, but without the validity check.
+// addr must not have a zone.
+func (r IPRange) contains(addr IP) bool {
+	return r.from.Compare(addr) <= 0 && r.to.Compare(addr) >= 0
+}
+
+// less reports whether r is "before" other. It is before if r.From()
+// is before other.From(). If they're equal, then the larger range
+// (higher To()) comes first.
+func (r IPRange) less(other IPRange) bool {
+	if cmp := r.from.Compare(other.from); cmp != 0 {
+		return cmp < 0
+	}
+	return other.to.Less(r.to)
+}
+
+// entirelyBefore returns whether r lies entirely before other in IP
+// space.
+func (r IPRange) entirelyBefore(other IPRange) bool {
+	return r.to.Less(other.from)
+}
+
+// entirelyWithin returns whether r is entirely contained within
+// other.
+func (r IPRange) coveredBy(other IPRange) bool {
+	return other.from.lessOrEq(r.from) && r.to.lessOrEq(other.to)
+}
+
+// inMiddleOf returns whether r is inside other, but not touching the
+// edges of other.
+func (r IPRange) inMiddleOf(other IPRange) bool {
+	return other.from.Less(r.from) && r.to.Less(other.to)
+}
+
+// overlapsStartOf returns whether r entirely overlaps the start of
+// other, but not all of other.
+func (r IPRange) overlapsStartOf(other IPRange) bool {
+	return r.from.lessOrEq(other.from) && r.to.Less(other.to)
+}
+
+// overlapsEndOf returns whether r entirely overlaps the end of
+// other, but not all of other.
+func (r IPRange) overlapsEndOf(other IPRange) bool {
+	return other.from.Less(r.from) && other.to.lessOrEq(r.to)
+}
+
+// mergeIPRanges returns the minimum and sorted set of IP ranges that
+// cover r.
+func mergeIPRanges(rr []IPRange) (out []IPRange, valid bool) {
+	// Always return a copy of r, to avoid aliasing slice memory in
+	// the caller.
+	switch len(rr) {
+	case 0:
+		return nil, true
+	case 1:
+		return []IPRange{rr[0]}, true
+	}
+
+	sort.Slice(rr, func(i, j int) bool { return rr[i].less(rr[j]) })
+	out = make([]IPRange, 1, len(rr))
+	out[0] = rr[0]
+	for _, r := range rr[1:] {
+		prev := &out[len(out)-1]
+		switch {
+		case !r.IsValid():
+			// Invalid ranges make no sense to merge, refuse to
+			// perform.
+			return nil, false
+		case prev.to.Next() == r.from:
+			// prev and r touch, merge them.
+			//
+			//   prev     r
+			// f------tf-----t
+			prev.to = r.to
+		case prev.to.Less(r.from):
+			// No overlap and not adjacent (per previous case), no
+			// merging possible.
+			//
+			//   prev       r
+			// f------t  f-----t
+			out = append(out, r)
+		case prev.to.Less(r.to):
+			// Partial overlap, update prev
+			//
+			//   prev
+			// f------t
+			//     f-----t
+			//        r
+			prev.to = r.to
+		default:
+			// r entirely contained in prev, nothing to do.
+			//
+			//    prev
+			// f--------t
+			//  f-----t
+			//     r
+		}
+	}
+	return out, true
+}
+
+// Overlaps reports whether p and o overlap at all.
+//
+// If p and o are of different address families or either are invalid,
+// it reports false.
+func (r IPRange) Overlaps(o IPRange) bool {
+	return r.IsValid() &&
+		o.IsValid() &&
+		r.from.Compare(o.to) <= 0 &&
+		o.from.Compare(r.to) <= 0
+}
+
+// prefixMaker returns a address-family-corrected IPPrefix from a and bits,
+// where the input bits is always in the IPv6-mapped form for IPv4 addresses.
+type prefixMaker func(a uint128, bits uint8) IPPrefix
+
+// Prefixes returns the set of IPPrefix entries that covers r.
+//
+// If either of r's bounds are invalid, in the wrong order, or if
+// they're of different address families, then Prefixes returns nil.
+//
+// Prefixes necessarily allocates. See AppendPrefixes for a version that uses
+// memory you provide.
+func (r IPRange) Prefixes() []IPPrefix {
+	return r.AppendPrefixes(nil)
+}
+
+// AppendPrefixes is an append version of IPRange.Prefixes. It appends
+// the IPPrefix entries that cover r to dst.
+func (r IPRange) AppendPrefixes(dst []IPPrefix) []IPPrefix {
+	if !r.IsValid() {
+		return nil
+	}
+	return appendRangePrefixes(dst, r.prefixFrom128AndBits, r.from.addr, r.to.addr)
+}
+
+func (r IPRange) prefixFrom128AndBits(a uint128, bits uint8) IPPrefix {
+	ip := IP{addr: a, z: r.from.z}
+	if r.from.Is4() {
+		bits -= 12 * 8
+	}
+	return IPPrefix{ip, bits}
+}
+
+// aZeroBSet is whether, after the common bits, a is all zero bits and
+// b is all set (one) bits.
+func comparePrefixes(a, b uint128) (common uint8, aZeroBSet bool) {
+	common = a.commonPrefixLen(b)
+
+	// See whether a and b, after their common shared bits, end
+	// in all zero bits or all one bits, respectively.
+	if common == 128 {
+		return common, true
+	}
+
+	m := mask6[common]
+	return common, (a.xor(a.and(m)).isZero() &&
+		b.or(m) == uint128{^uint64(0), ^uint64(0)})
+}
+
+// Prefix returns r as an IPPrefix, if it can be presented exactly as such.
+// If r is not valid or is not exactly equal to one prefix, ok is false.
+func (r IPRange) Prefix() (p IPPrefix, ok bool) {
+	if !r.IsValid() {
+		return
+	}
+	if common, ok := comparePrefixes(r.from.addr, r.to.addr); ok {
+		return r.prefixFrom128AndBits(r.from.addr, common), true
+	}
+	return
+}
+
+func appendRangePrefixes(dst []IPPrefix, makePrefix prefixMaker, a, b uint128) []IPPrefix {
+	common, ok := comparePrefixes(a, b)
+	if ok {
+		// a to b represents a whole range, like 10.50.0.0/16.
+		// (a being 10.50.0.0 and b being 10.50.255.255)
+		return append(dst, makePrefix(a, common))
+	}
+	// Otherwise recursively do both halves.
+	dst = appendRangePrefixes(dst, makePrefix, a, a.bitsSetFrom(common+1))
+	dst = appendRangePrefixes(dst, makePrefix, b.bitsClearedFrom(common+1), b)
+	return dst
+}
diff --git a/vendor/inet.af/netaddr/uint128.go b/vendor/inet.af/netaddr/uint128.go
new file mode 100644
index 000000000..2ba93f31b
--- /dev/null
+++ b/vendor/inet.af/netaddr/uint128.go
@@ -0,0 +1,82 @@
+// Copyright 2020 The Inet.Af AUTHORS. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package netaddr
+
+import "math/bits"
+
+// uint128 represents a uint128 using two uint64s.
+//
+// When the methods below mention a bit number, bit 0 is the most
+// significant bit (in hi) and bit 127 is the lowest (lo&1).
+type uint128 struct {
+	hi uint64
+	lo uint64
+}
+
+// isZero reports whether u == 0.
+//
+// It's faster than u == (uint128{}) because the compiler (as of Go
+// 1.15/1.16b1) doesn't do this trick and instead inserts a branch in
+// its eq alg's generated code.
+func (u uint128) isZero() bool { return u.hi|u.lo == 0 }
+
+// and returns the bitwise AND of u and m (u&m).
+func (u uint128) and(m uint128) uint128 {
+	return uint128{u.hi & m.hi, u.lo & m.lo}
+}
+
+// xor returns the bitwise XOR of u and m (u^m).
+func (u uint128) xor(m uint128) uint128 {
+	return uint128{u.hi ^ m.hi, u.lo ^ m.lo}
+}
+
+// or returns the bitwise OR of u and m (u|m).
+func (u uint128) or(m uint128) uint128 {
+	return uint128{u.hi | m.hi, u.lo | m.lo}
+}
+
+// not returns the bitwise NOT of u.
+func (u uint128) not() uint128 {
+	return uint128{^u.hi, ^u.lo}
+}
+
+// subOne returns u - 1.
+func (u uint128) subOne() uint128 {
+	lo, borrow := bits.Sub64(u.lo, 1, 0)
+	return uint128{u.hi - borrow, lo}
+}
+
+// addOne returns u + 1.
+func (u uint128) addOne() uint128 {
+	lo, carry := bits.Add64(u.lo, 1, 0)
+	return uint128{u.hi + carry, lo}
+}
+
+func u64CommonPrefixLen(a, b uint64) uint8 {
+	return uint8(bits.LeadingZeros64(a ^ b))
+}
+
+func (u uint128) commonPrefixLen(v uint128) (n uint8) {
+	if n = u64CommonPrefixLen(u.hi, v.hi); n == 64 {
+		n += u64CommonPrefixLen(u.lo, v.lo)
+	}
+	return
+}
+
+func (u *uint128) halves() [2]*uint64 {
+	return [2]*uint64{&u.hi, &u.lo}
+}
+
+// bitsSetFrom returns a copy of u with the given bit
+// and all subsequent ones set.
+func (u uint128) bitsSetFrom(bit uint8) uint128 {
+	return u.or(mask6[bit].not())
+}
+
+// bitsClearedFrom returns a copy of u with the given bit
+// and all subsequent ones cleared.
+func (u uint128) bitsClearedFrom(bit uint8) uint128 {
+	return u.and(mask6[bit])
+}
diff --git a/vendor/k8s.io/api/admissionregistration/v1/generated.proto b/vendor/k8s.io/api/admissionregistration/v1/generated.proto
index cdf1f4765..a8903621c 100644
--- a/vendor/k8s.io/api/admissionregistration/v1/generated.proto
+++ b/vendor/k8s.io/api/admissionregistration/v1/generated.proto
@@ -215,7 +215,7 @@ message MutatingWebhook {
   //      - If failurePolicy=Fail, reject the request
   //      - If failurePolicy=Ignore, the error is ignored and the webhook is skipped
   //
-  // This is an alpha feature and managed by the AdmissionWebhookMatchConditions feature gate.
+  // This is a beta feature and managed by the AdmissionWebhookMatchConditions feature gate.
   //
   // +patchMergeKey=name
   // +patchStrategy=merge
@@ -473,7 +473,7 @@ message ValidatingWebhook {
   //      - If failurePolicy=Fail, reject the request
   //      - If failurePolicy=Ignore, the error is ignored and the webhook is skipped
   //
-  // This is an alpha feature and managed by the AdmissionWebhookMatchConditions feature gate.
+  // This is a beta feature and managed by the AdmissionWebhookMatchConditions feature gate.
   //
   // +patchMergeKey=name
   // +patchStrategy=merge
diff --git a/vendor/k8s.io/api/admissionregistration/v1/types.go b/vendor/k8s.io/api/admissionregistration/v1/types.go
index 74f17d54a..07ed7a624 100644
--- a/vendor/k8s.io/api/admissionregistration/v1/types.go
+++ b/vendor/k8s.io/api/admissionregistration/v1/types.go
@@ -320,7 +320,7 @@ type ValidatingWebhook struct {
 	//      - If failurePolicy=Fail, reject the request
 	//      - If failurePolicy=Ignore, the error is ignored and the webhook is skipped
 	//
-	// This is an alpha feature and managed by the AdmissionWebhookMatchConditions feature gate.
+	// This is a beta feature and managed by the AdmissionWebhookMatchConditions feature gate.
 	//
 	// +patchMergeKey=name
 	// +patchStrategy=merge
@@ -489,7 +489,7 @@ type MutatingWebhook struct {
 	//      - If failurePolicy=Fail, reject the request
 	//      - If failurePolicy=Ignore, the error is ignored and the webhook is skipped
 	//
-	// This is an alpha feature and managed by the AdmissionWebhookMatchConditions feature gate.
+	// This is a beta feature and managed by the AdmissionWebhookMatchConditions feature gate.
 	//
 	// +patchMergeKey=name
 	// +patchStrategy=merge
diff --git a/vendor/k8s.io/api/admissionregistration/v1/types_swagger_doc_generated.go b/vendor/k8s.io/api/admissionregistration/v1/types_swagger_doc_generated.go
index ce306b307..c41cceb2f 100644
--- a/vendor/k8s.io/api/admissionregistration/v1/types_swagger_doc_generated.go
+++ b/vendor/k8s.io/api/admissionregistration/v1/types_swagger_doc_generated.go
@@ -50,7 +50,7 @@ var map_MutatingWebhook = map[string]string{
 	"timeoutSeconds":          "TimeoutSeconds specifies the timeout for this webhook. After the timeout passes, the webhook call will be ignored or the API call will fail based on the failure policy. The timeout value must be between 1 and 30 seconds. Default to 10 seconds.",
 	"admissionReviewVersions": "AdmissionReviewVersions is an ordered list of preferred `AdmissionReview` versions the Webhook expects. API server will try to use first version in the list which it supports. If none of the versions specified in this list supported by API server, validation will fail for this object. If a persisted webhook configuration specifies allowed versions and does not include any versions known to the API Server, calls to the webhook will fail and be subject to the failure policy.",
 	"reinvocationPolicy":      "reinvocationPolicy indicates whether this webhook should be called multiple times as part of a single admission evaluation. Allowed values are \"Never\" and \"IfNeeded\".\n\nNever: the webhook will not be called more than once in a single admission evaluation.\n\nIfNeeded: the webhook will be called at least one additional time as part of the admission evaluation if the object being admitted is modified by other admission plugins after the initial webhook call. Webhooks that specify this option *must* be idempotent, able to process objects they previously admitted. Note: * the number of additional invocations is not guaranteed to be exactly one. * if additional invocations result in further modifications to the object, webhooks are not guaranteed to be invoked again. * webhooks that use this option may be reordered to minimize the number of additional invocations. * to validate an object after all mutations are guaranteed complete, use a validating admission webhook instead.\n\nDefaults to \"Never\".",
-	"matchConditions":         "MatchConditions is a list of conditions that must be met for a request to be sent to this webhook. Match conditions filter requests that have already been matched by the rules, namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests. There are a maximum of 64 match conditions allowed.\n\nThe exact matching logic is (in order):\n  1. If ANY matchCondition evaluates to FALSE, the webhook is skipped.\n  2. If ALL matchConditions evaluate to TRUE, the webhook is called.\n  3. If any matchCondition evaluates to an error (but none are FALSE):\n     - If failurePolicy=Fail, reject the request\n     - If failurePolicy=Ignore, the error is ignored and the webhook is skipped\n\nThis is an alpha feature and managed by the AdmissionWebhookMatchConditions feature gate.",
+	"matchConditions":         "MatchConditions is a list of conditions that must be met for a request to be sent to this webhook. Match conditions filter requests that have already been matched by the rules, namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests. There are a maximum of 64 match conditions allowed.\n\nThe exact matching logic is (in order):\n  1. If ANY matchCondition evaluates to FALSE, the webhook is skipped.\n  2. If ALL matchConditions evaluate to TRUE, the webhook is called.\n  3. If any matchCondition evaluates to an error (but none are FALSE):\n     - If failurePolicy=Fail, reject the request\n     - If failurePolicy=Ignore, the error is ignored and the webhook is skipped\n\nThis is a beta feature and managed by the AdmissionWebhookMatchConditions feature gate.",
 }
 
 func (MutatingWebhook) SwaggerDoc() map[string]string {
@@ -122,7 +122,7 @@ var map_ValidatingWebhook = map[string]string{
 	"sideEffects":             "SideEffects states whether this webhook has side effects. Acceptable values are: None, NoneOnDryRun (webhooks created via v1beta1 may also specify Some or Unknown). Webhooks with side effects MUST implement a reconciliation system, since a request may be rejected by a future step in the admission chain and the side effects therefore need to be undone. Requests with the dryRun attribute will be auto-rejected if they match a webhook with sideEffects == Unknown or Some.",
 	"timeoutSeconds":          "TimeoutSeconds specifies the timeout for this webhook. After the timeout passes, the webhook call will be ignored or the API call will fail based on the failure policy. The timeout value must be between 1 and 30 seconds. Default to 10 seconds.",
 	"admissionReviewVersions": "AdmissionReviewVersions is an ordered list of preferred `AdmissionReview` versions the Webhook expects. API server will try to use first version in the list which it supports. If none of the versions specified in this list supported by API server, validation will fail for this object. If a persisted webhook configuration specifies allowed versions and does not include any versions known to the API Server, calls to the webhook will fail and be subject to the failure policy.",
-	"matchConditions":         "MatchConditions is a list of conditions that must be met for a request to be sent to this webhook. Match conditions filter requests that have already been matched by the rules, namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests. There are a maximum of 64 match conditions allowed.\n\nThe exact matching logic is (in order):\n  1. If ANY matchCondition evaluates to FALSE, the webhook is skipped.\n  2. If ALL matchConditions evaluate to TRUE, the webhook is called.\n  3. If any matchCondition evaluates to an error (but none are FALSE):\n     - If failurePolicy=Fail, reject the request\n     - If failurePolicy=Ignore, the error is ignored and the webhook is skipped\n\nThis is an alpha feature and managed by the AdmissionWebhookMatchConditions feature gate.",
+	"matchConditions":         "MatchConditions is a list of conditions that must be met for a request to be sent to this webhook. Match conditions filter requests that have already been matched by the rules, namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests. There are a maximum of 64 match conditions allowed.\n\nThe exact matching logic is (in order):\n  1. If ANY matchCondition evaluates to FALSE, the webhook is skipped.\n  2. If ALL matchConditions evaluate to TRUE, the webhook is called.\n  3. If any matchCondition evaluates to an error (but none are FALSE):\n     - If failurePolicy=Fail, reject the request\n     - If failurePolicy=Ignore, the error is ignored and the webhook is skipped\n\nThis is a beta feature and managed by the AdmissionWebhookMatchConditions feature gate.",
 }
 
 func (ValidatingWebhook) SwaggerDoc() map[string]string {
diff --git a/vendor/k8s.io/api/admissionregistration/v1alpha1/generated.pb.go b/vendor/k8s.io/api/admissionregistration/v1alpha1/generated.pb.go
index 746535026..4f1373ec5 100644
--- a/vendor/k8s.io/api/admissionregistration/v1alpha1/generated.pb.go
+++ b/vendor/k8s.io/api/admissionregistration/v1alpha1/generated.pb.go
@@ -493,6 +493,34 @@ func (m *Validation) XXX_DiscardUnknown() {
 
 var xxx_messageInfo_Validation proto.InternalMessageInfo
 
+func (m *Variable) Reset()      { *m = Variable{} }
+func (*Variable) ProtoMessage() {}
+func (*Variable) Descriptor() ([]byte, []int) {
+	return fileDescriptor_c3be8d256e3ae3cf, []int{16}
+}
+func (m *Variable) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *Variable) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	b = b[:cap(b)]
+	n, err := m.MarshalToSizedBuffer(b)
+	if err != nil {
+		return nil, err
+	}
+	return b[:n], nil
+}
+func (m *Variable) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Variable.Merge(m, src)
+}
+func (m *Variable) XXX_Size() int {
+	return m.Size()
+}
+func (m *Variable) XXX_DiscardUnknown() {
+	xxx_messageInfo_Variable.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_Variable proto.InternalMessageInfo
+
 func init() {
 	proto.RegisterType((*AuditAnnotation)(nil), "k8s.io.api.admissionregistration.v1alpha1.AuditAnnotation")
 	proto.RegisterType((*ExpressionWarning)(nil), "k8s.io.api.admissionregistration.v1alpha1.ExpressionWarning")
@@ -510,6 +538,7 @@ func init() {
 	proto.RegisterType((*ValidatingAdmissionPolicySpec)(nil), "k8s.io.api.admissionregistration.v1alpha1.ValidatingAdmissionPolicySpec")
 	proto.RegisterType((*ValidatingAdmissionPolicyStatus)(nil), "k8s.io.api.admissionregistration.v1alpha1.ValidatingAdmissionPolicyStatus")
 	proto.RegisterType((*Validation)(nil), "k8s.io.api.admissionregistration.v1alpha1.Validation")
+	proto.RegisterType((*Variable)(nil), "k8s.io.api.admissionregistration.v1alpha1.Variable")
 }
 
 func init() {
@@ -517,95 +546,102 @@ func init() {
 }
 
 var fileDescriptor_c3be8d256e3ae3cf = []byte{
-	// 1407 bytes of a gzipped FileDescriptorProto
+	// 1509 bytes of a gzipped FileDescriptorProto
 	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xbc, 0x58, 0xcb, 0x6f, 0x1b, 0x45,
-	0x18, 0xcf, 0xc6, 0x4e, 0x9a, 0x8c, 0xf3, 0xb0, 0x87, 0x56, 0x75, 0x23, 0x6a, 0x47, 0xab, 0x0a,
-	0x35, 0x12, 0xec, 0x92, 0xb4, 0x50, 0x40, 0x48, 0x28, 0xdb, 0x17, 0x7d, 0xa4, 0x89, 0xa6, 0x28,
-	0x91, 0x10, 0x95, 0x98, 0xec, 0x4e, 0xec, 0xa9, 0xbd, 0x0f, 0x76, 0xd6, 0xa1, 0x11, 0x48, 0x54,
-	0xe2, 0x02, 0x37, 0x0e, 0x5c, 0xf8, 0x5f, 0xb8, 0x70, 0xeb, 0xb1, 0xc7, 0x72, 0xc0, 0x22, 0xe6,
-	0xc2, 0x5f, 0x00, 0x52, 0x2e, 0xa0, 0x99, 0x9d, 0x7d, 0x3b, 0xc4, 0x2e, 0x81, 0x9b, 0xf7, 0x7b,
-	0xfc, 0x7e, 0xf3, 0x7d, 0xf3, 0x7d, 0x33, 0xdf, 0x18, 0xa0, 0xce, 0x3b, 0x4c, 0xa3, 0xae, 0xde,
-	0xe9, 0xed, 0x12, 0xdf, 0x21, 0x01, 0x61, 0xfa, 0x3e, 0x71, 0x2c, 0xd7, 0xd7, 0xa5, 0x02, 0x7b,
-	0x54, 0xc7, 0x96, 0x4d, 0x19, 0xa3, 0xae, 0xe3, 0x93, 0x16, 0x65, 0x81, 0x8f, 0x03, 0xea, 0x3a,
-	0xfa, 0xfe, 0x2a, 0xee, 0x7a, 0x6d, 0xbc, 0xaa, 0xb7, 0x88, 0x43, 0x7c, 0x1c, 0x10, 0x4b, 0xf3,
-	0x7c, 0x37, 0x70, 0xe1, 0x4a, 0xe8, 0xaa, 0x61, 0x8f, 0x6a, 0x43, 0x5d, 0xb5, 0xc8, 0x75, 0xe9,
-	0x8d, 0x16, 0x0d, 0xda, 0xbd, 0x5d, 0xcd, 0x74, 0x6d, 0xbd, 0xe5, 0xb6, 0x5c, 0x5d, 0x20, 0xec,
-	0xf6, 0xf6, 0xc4, 0x97, 0xf8, 0x10, 0xbf, 0x42, 0xe4, 0xa5, 0x2b, 0x23, 0x2c, 0x2a, 0xbf, 0x9c,
-	0xa5, 0xab, 0x89, 0x93, 0x8d, 0xcd, 0x36, 0x75, 0x88, 0x7f, 0xa0, 0x7b, 0x9d, 0x16, 0x17, 0x30,
-	0xdd, 0x26, 0x01, 0x1e, 0xe6, 0xa5, 0x1f, 0xe7, 0xe5, 0xf7, 0x9c, 0x80, 0xda, 0xa4, 0xe0, 0xf0,
-	0xf6, 0x49, 0x0e, 0xcc, 0x6c, 0x13, 0x1b, 0xe7, 0xfd, 0x54, 0x06, 0x16, 0xd7, 0x7b, 0x16, 0x0d,
-	0xd6, 0x1d, 0xc7, 0x0d, 0x44, 0x10, 0xf0, 0x22, 0x28, 0x75, 0xc8, 0x41, 0x5d, 0x59, 0x56, 0x2e,
-	0xcf, 0x1a, 0x95, 0x67, 0xfd, 0xe6, 0xc4, 0xa0, 0xdf, 0x2c, 0xdd, 0x23, 0x07, 0x88, 0xcb, 0xe1,
-	0x3a, 0x58, 0xdc, 0xc7, 0xdd, 0x1e, 0xb9, 0xf9, 0xc4, 0xf3, 0x89, 0x48, 0x41, 0x7d, 0x52, 0x98,
-	0x9e, 0x97, 0xa6, 0x8b, 0xdb, 0x59, 0x35, 0xca, 0xdb, 0xab, 0x5d, 0x50, 0x4b, 0xbe, 0x76, 0xb0,
-	0xef, 0x50, 0xa7, 0x05, 0x5f, 0x07, 0x33, 0x7b, 0x94, 0x74, 0x2d, 0x44, 0xf6, 0x24, 0x60, 0x55,
-	0x02, 0xce, 0xdc, 0x92, 0x72, 0x14, 0x5b, 0xc0, 0x15, 0x70, 0xe6, 0xf3, 0xd0, 0xb1, 0x5e, 0x12,
-	0xc6, 0x8b, 0xd2, 0xf8, 0x8c, 0xc4, 0x43, 0x91, 0x5e, 0xdd, 0x03, 0x0b, 0x1b, 0x38, 0x30, 0xdb,
-	0xd7, 0x5d, 0xc7, 0xa2, 0x22, 0xc2, 0x65, 0x50, 0x76, 0xb0, 0x4d, 0x64, 0x88, 0x73, 0xd2, 0xb3,
-	0xfc, 0x00, 0xdb, 0x04, 0x09, 0x0d, 0x5c, 0x03, 0x80, 0xe4, 0xe3, 0x83, 0xd2, 0x0e, 0xa4, 0x42,
-	0x4b, 0x59, 0xa9, 0x3f, 0x97, 0x25, 0x11, 0x22, 0xcc, 0xed, 0xf9, 0x26, 0x61, 0xf0, 0x09, 0xa8,
-	0x71, 0x38, 0xe6, 0x61, 0x93, 0x3c, 0x24, 0x5d, 0x62, 0x06, 0xae, 0x2f, 0x58, 0x2b, 0x6b, 0x57,
-	0xb4, 0xa4, 0x4e, 0xe3, 0x1d, 0xd3, 0xbc, 0x4e, 0x8b, 0x0b, 0x98, 0xc6, 0x0b, 0x43, 0xdb, 0x5f,
-	0xd5, 0xee, 0xe3, 0x5d, 0xd2, 0x8d, 0x5c, 0x8d, 0x73, 0x83, 0x7e, 0xb3, 0xf6, 0x20, 0x8f, 0x88,
-	0x8a, 0x24, 0xd0, 0x05, 0x0b, 0xee, 0xee, 0x63, 0x62, 0x06, 0x31, 0xed, 0xe4, 0xcb, 0xd3, 0xc2,
-	0x41, 0xbf, 0xb9, 0xb0, 0x99, 0x81, 0x43, 0x39, 0x78, 0xf8, 0x15, 0x98, 0xf7, 0x65, 0xdc, 0xa8,
-	0xd7, 0x25, 0xac, 0x5e, 0x5a, 0x2e, 0x5d, 0xae, 0xac, 0x19, 0xda, 0xc8, 0xed, 0xa8, 0xf1, 0xc0,
-	0x2c, 0xee, 0xbc, 0x43, 0x83, 0xf6, 0xa6, 0x47, 0x42, 0x3d, 0x33, 0xce, 0xc9, 0xc4, 0xcf, 0xa3,
-	0x34, 0x01, 0xca, 0xf2, 0xc1, 0xef, 0x15, 0x70, 0x96, 0x3c, 0x31, 0xbb, 0x3d, 0x8b, 0x64, 0xec,
-	0xea, 0xe5, 0x53, 0x5b, 0xc8, 0xab, 0x72, 0x21, 0x67, 0x6f, 0x0e, 0xe1, 0x41, 0x43, 0xd9, 0xe1,
-	0x0d, 0x50, 0xb1, 0x79, 0x51, 0x6c, 0xb9, 0x5d, 0x6a, 0x1e, 0xd4, 0xcf, 0x88, 0x52, 0x52, 0x07,
-	0xfd, 0x66, 0x65, 0x23, 0x11, 0x1f, 0xf5, 0x9b, 0x8b, 0xa9, 0xcf, 0x8f, 0x0e, 0x3c, 0x82, 0xd2,
-	0x6e, 0xea, 0x0b, 0x05, 0x9c, 0x3f, 0x66, 0x55, 0xf0, 0x5a, 0x92, 0x79, 0x51, 0x1a, 0x75, 0x65,
-	0xb9, 0x74, 0x79, 0xd6, 0xa8, 0xa5, 0x33, 0x26, 0x14, 0x28, 0x6b, 0x07, 0xbf, 0x56, 0x00, 0xf4,
-	0x0b, 0x78, 0xb2, 0x50, 0xae, 0x8d, 0x92, 0x2f, 0x6d, 0x48, 0x92, 0x96, 0x64, 0x92, 0x60, 0x51,
-	0x87, 0x86, 0xd0, 0xa9, 0x18, 0xcc, 0x6e, 0x61, 0x1f, 0xdb, 0xf7, 0xa8, 0x63, 0xf1, 0xbe, 0xc3,
-	0x1e, 0xdd, 0x26, 0xbe, 0xe8, 0x3b, 0x25, 0xdb, 0x77, 0xeb, 0x5b, 0x77, 0xa4, 0x06, 0xa5, 0xac,
-	0x78, 0x37, 0x77, 0xa8, 0x63, 0xc9, 0x2e, 0x8d, 0xbb, 0x99, 0xe3, 0x21, 0xa1, 0x51, 0x1f, 0x81,
-	0x19, 0x41, 0xc1, 0x0f, 0x8e, 0x93, 0x7b, 0x5f, 0x07, 0xb3, 0x71, 0x3f, 0x49, 0xd0, 0x9a, 0x34,
-	0x9b, 0x8d, 0x7b, 0x0f, 0x25, 0x36, 0xea, 0x0f, 0x0a, 0x98, 0xe3, 0x5b, 0x76, 0xbd, 0x4d, 0xcc,
-	0x0e, 0x3f, 0xca, 0xbe, 0x51, 0x00, 0x24, 0xf9, 0x03, 0x2e, 0xdc, 0x97, 0xca, 0xda, 0xfb, 0x63,
-	0x14, 0x62, 0xe1, 0x94, 0x4c, 0xb2, 0x5b, 0x50, 0x31, 0x34, 0x84, 0x53, 0xfd, 0x65, 0x12, 0x5c,
-	0xd8, 0xc6, 0x5d, 0x6a, 0xe1, 0x80, 0x3a, 0xad, 0xf5, 0x88, 0x2e, 0x2c, 0x2b, 0xf8, 0x29, 0x98,
-	0xe1, 0x1d, 0x6f, 0xe1, 0x00, 0xcb, 0x63, 0xe9, 0xcd, 0xd1, 0xce, 0x87, 0xf0, 0x30, 0xd8, 0x20,
-	0x01, 0x4e, 0xb6, 0x27, 0x91, 0xa1, 0x18, 0x15, 0x3e, 0x06, 0x65, 0xe6, 0x11, 0x53, 0x16, 0xd5,
-	0x87, 0x63, 0xc4, 0x7e, 0xec, 0xaa, 0x1f, 0x7a, 0xc4, 0x4c, 0x36, 0x8e, 0x7f, 0x21, 0xc1, 0x01,
-	0x7d, 0x30, 0xcd, 0x02, 0x1c, 0xf4, 0x98, 0xb8, 0x12, 0x2a, 0x6b, 0x77, 0x4f, 0x85, 0x4d, 0x20,
-	0x1a, 0x0b, 0x92, 0x6f, 0x3a, 0xfc, 0x46, 0x92, 0x49, 0xfd, 0x53, 0x01, 0xcb, 0xc7, 0xfa, 0x1a,
-	0xd4, 0xb1, 0x78, 0x3d, 0xfc, 0xf7, 0x69, 0xfe, 0x2c, 0x93, 0xe6, 0xcd, 0xd3, 0x08, 0x5c, 0x2e,
-	0xfe, 0xb8, 0x6c, 0xab, 0x7f, 0x28, 0xe0, 0xd2, 0x49, 0xce, 0xf7, 0x29, 0x0b, 0xe0, 0x27, 0x85,
-	0xe8, 0xb5, 0x11, 0x2f, 0x21, 0xca, 0xc2, 0xd8, 0xe3, 0x41, 0x20, 0x92, 0xa4, 0x22, 0xf7, 0xc0,
-	0x14, 0x0d, 0x88, 0xcd, 0x8f, 0x2d, 0xde, 0x5d, 0xf7, 0x4e, 0x31, 0x74, 0x63, 0x5e, 0xf2, 0x4e,
-	0xdd, 0xe1, 0x0c, 0x28, 0x24, 0x52, 0xbf, 0x2d, 0x9d, 0x1c, 0x38, 0xcf, 0x13, 0x3f, 0xcc, 0x3c,
-	0x21, 0x7c, 0x90, 0x1c, 0x38, 0xf1, 0x36, 0x6e, 0xc5, 0x1a, 0x94, 0xb2, 0x82, 0x8f, 0xc0, 0x8c,
-	0x27, 0x8f, 0xaa, 0x21, 0x37, 0xf6, 0x49, 0x11, 0x45, 0xa7, 0x9c, 0x31, 0xc7, 0xb3, 0x15, 0x7d,
-	0xa1, 0x18, 0x12, 0xf6, 0xc0, 0x82, 0x9d, 0x19, 0x51, 0x64, 0xab, 0xbc, 0x3b, 0x06, 0x49, 0x76,
-	0xc6, 0x09, 0x87, 0x83, 0xac, 0x0c, 0xe5, 0x48, 0xe0, 0x0e, 0xa8, 0xed, 0xcb, 0x8c, 0xb9, 0xce,
-	0xba, 0x19, 0xde, 0x33, 0x65, 0x71, 0x4d, 0xad, 0xf0, 0x91, 0x66, 0x3b, 0xaf, 0x3c, 0xea, 0x37,
-	0xab, 0x79, 0x21, 0x2a, 0x62, 0xa8, 0xbf, 0x2b, 0xe0, 0xe2, 0xb1, 0x7b, 0xf1, 0x3f, 0x54, 0x1f,
-	0xcd, 0x56, 0xdf, 0x8d, 0x53, 0xa9, 0xbe, 0xe1, 0x65, 0xf7, 0xe3, 0xd4, 0x3f, 0x84, 0x2a, 0xea,
-	0x0d, 0x83, 0x59, 0x2f, 0xba, 0x49, 0x65, 0xac, 0x57, 0xc7, 0x2d, 0x1e, 0xee, 0x6b, 0xcc, 0xf3,
-	0xab, 0x2e, 0xfe, 0x44, 0x09, 0x2a, 0xfc, 0x02, 0x54, 0x6d, 0x39, 0x4b, 0x73, 0x00, 0xea, 0x04,
-	0xd1, 0xbc, 0xf0, 0x2f, 0x2a, 0xe8, 0xec, 0xa0, 0xdf, 0xac, 0x6e, 0xe4, 0x60, 0x51, 0x81, 0x08,
-	0x76, 0x41, 0x25, 0xa9, 0x80, 0x68, 0xc0, 0x7c, 0xeb, 0x25, 0x52, 0xee, 0x3a, 0xc6, 0x2b, 0x32,
-	0xc7, 0x95, 0x44, 0xc6, 0x50, 0x1a, 0x1e, 0xde, 0x07, 0xf3, 0x7b, 0x98, 0x76, 0x7b, 0x3e, 0x91,
-	0xa3, 0x5b, 0x59, 0x34, 0xf0, 0x6b, 0x7c, 0xac, 0xba, 0x95, 0x56, 0x1c, 0xf5, 0x9b, 0xb5, 0x8c,
-	0x40, 0x8c, 0x6f, 0x59, 0x67, 0xf8, 0x54, 0x01, 0x55, 0x9c, 0x7d, 0x68, 0xb1, 0xfa, 0x94, 0x88,
-	0xe0, 0xbd, 0x31, 0x22, 0xc8, 0xbd, 0xd5, 0x8c, 0xba, 0x0c, 0xa3, 0x9a, 0x53, 0x30, 0x54, 0x60,
-	0x83, 0x5f, 0x82, 0x45, 0x3b, 0xf3, 0x0e, 0x62, 0xf5, 0x69, 0xb1, 0x80, 0xb1, 0xb7, 0x2e, 0x46,
-	0x48, 0xde, 0x7c, 0x59, 0x39, 0x43, 0x79, 0x2a, 0xf5, 0xa7, 0x49, 0xd0, 0x3c, 0xe1, 0x92, 0x85,
-	0x77, 0x01, 0x74, 0x77, 0x19, 0xf1, 0xf7, 0x89, 0x75, 0x3b, 0x7c, 0xa7, 0x46, 0x53, 0x60, 0x29,
-	0x19, 0x7c, 0x36, 0x0b, 0x16, 0x68, 0x88, 0x17, 0xb4, 0xc1, 0x5c, 0x90, 0x9a, 0xc9, 0xc6, 0x99,
-	0x6a, 0x65, 0xa8, 0xe9, 0x91, 0xce, 0xa8, 0x0e, 0xfa, 0xcd, 0xcc, 0x90, 0x87, 0x32, 0xf0, 0xd0,
-	0x04, 0xc0, 0x4c, 0xf2, 0x1a, 0x96, 0xa6, 0x3e, 0xda, 0x41, 0x93, 0x64, 0x33, 0xbe, 0x1c, 0x52,
-	0x89, 0x4c, 0xc1, 0xaa, 0x7f, 0x29, 0x00, 0x24, 0xf5, 0x0a, 0x2f, 0x81, 0xd4, 0x53, 0x54, 0xde,
-	0x2f, 0x65, 0x0e, 0x81, 0x52, 0x72, 0xfe, 0x52, 0xb6, 0x09, 0x63, 0xb8, 0x15, 0x0d, 0xb3, 0xf1,
-	0x4b, 0x79, 0x23, 0x14, 0xa3, 0x48, 0x0f, 0x77, 0xc0, 0xb4, 0x4f, 0x30, 0x73, 0x1d, 0xf9, 0xa6,
-	0xfe, 0x80, 0x0f, 0x3c, 0x48, 0x48, 0x8e, 0xfa, 0xcd, 0xd5, 0x51, 0xfe, 0xc9, 0xd0, 0xe4, 0x7c,
-	0x24, 0x9c, 0x90, 0x84, 0x83, 0xb7, 0x41, 0x4d, 0x72, 0xa4, 0x16, 0x1c, 0xf6, 0xd3, 0x05, 0xb9,
-	0x9a, 0xda, 0x46, 0xde, 0x00, 0x15, 0x7d, 0x8c, 0xcd, 0x67, 0x87, 0x8d, 0x89, 0xe7, 0x87, 0x8d,
-	0x89, 0x17, 0x87, 0x8d, 0x89, 0xa7, 0x83, 0x86, 0xf2, 0x6c, 0xd0, 0x50, 0x9e, 0x0f, 0x1a, 0xca,
-	0x8b, 0x41, 0x43, 0xf9, 0x75, 0xd0, 0x50, 0xbe, 0xfb, 0xad, 0x31, 0xf1, 0xf1, 0xca, 0xc8, 0xff,
-	0x1e, 0xfd, 0x1d, 0x00, 0x00, 0xff, 0xff, 0x08, 0xaf, 0xaa, 0x52, 0x82, 0x12, 0x00, 0x00,
+	0x18, 0xcf, 0xc6, 0x6e, 0x12, 0x8f, 0xf3, 0xf2, 0xd0, 0x2a, 0x6e, 0xa0, 0xde, 0x68, 0x55, 0xa1,
+	0x46, 0x82, 0x35, 0x49, 0x0b, 0x85, 0x0a, 0x09, 0x65, 0xfb, 0xa2, 0x8f, 0x3c, 0x34, 0x45, 0x89,
+	0x84, 0x40, 0x62, 0xb2, 0x3b, 0x71, 0xa6, 0xf6, 0x3e, 0xd8, 0x59, 0x9b, 0x46, 0x20, 0x51, 0x89,
+	0x0b, 0xdc, 0x38, 0x70, 0xe1, 0xca, 0x9f, 0xc0, 0x7f, 0xc0, 0xad, 0xc7, 0x1e, 0xcb, 0x01, 0x8b,
+	0x9a, 0x0b, 0x7f, 0x01, 0x48, 0xb9, 0x80, 0x66, 0x76, 0xf6, 0x69, 0x9b, 0xd8, 0x25, 0x70, 0xf3,
+	0x7c, 0x8f, 0xdf, 0xf7, 0x98, 0xef, 0xfb, 0xf6, 0x1b, 0x03, 0xd4, 0x7c, 0x9b, 0xe9, 0xd4, 0xad,
+	0x37, 0xdb, 0xfb, 0xc4, 0x77, 0x48, 0x40, 0x58, 0xbd, 0x43, 0x1c, 0xcb, 0xf5, 0xeb, 0x92, 0x81,
+	0x3d, 0x5a, 0xc7, 0x96, 0x4d, 0x19, 0xa3, 0xae, 0xe3, 0x93, 0x06, 0x65, 0x81, 0x8f, 0x03, 0xea,
+	0x3a, 0xf5, 0xce, 0x1a, 0x6e, 0x79, 0x87, 0x78, 0xad, 0xde, 0x20, 0x0e, 0xf1, 0x71, 0x40, 0x2c,
+	0xdd, 0xf3, 0xdd, 0xc0, 0x85, 0xab, 0xa1, 0xaa, 0x8e, 0x3d, 0xaa, 0x0f, 0x54, 0xd5, 0x23, 0xd5,
+	0xe5, 0xd7, 0x1b, 0x34, 0x38, 0x6c, 0xef, 0xeb, 0xa6, 0x6b, 0xd7, 0x1b, 0x6e, 0xc3, 0xad, 0x0b,
+	0x84, 0xfd, 0xf6, 0x81, 0x38, 0x89, 0x83, 0xf8, 0x15, 0x22, 0x2f, 0x5f, 0x1e, 0xc1, 0xa9, 0xbc,
+	0x3b, 0xcb, 0x57, 0x12, 0x25, 0x1b, 0x9b, 0x87, 0xd4, 0x21, 0xfe, 0x51, 0xdd, 0x6b, 0x36, 0x38,
+	0x81, 0xd5, 0x6d, 0x12, 0xe0, 0x41, 0x5a, 0xf5, 0x61, 0x5a, 0x7e, 0xdb, 0x09, 0xa8, 0x4d, 0xfa,
+	0x14, 0xde, 0x3a, 0x49, 0x81, 0x99, 0x87, 0xc4, 0xc6, 0x79, 0x3d, 0x8d, 0x81, 0x85, 0x8d, 0xb6,
+	0x45, 0x83, 0x0d, 0xc7, 0x71, 0x03, 0x11, 0x04, 0xbc, 0x00, 0x0a, 0x4d, 0x72, 0x54, 0x55, 0x56,
+	0x94, 0x4b, 0x25, 0xa3, 0xfc, 0xa4, 0xab, 0x4e, 0xf4, 0xba, 0x6a, 0xe1, 0x1e, 0x39, 0x42, 0x9c,
+	0x0e, 0x37, 0xc0, 0x42, 0x07, 0xb7, 0xda, 0xe4, 0xe6, 0x23, 0xcf, 0x27, 0x22, 0x05, 0xd5, 0x49,
+	0x21, 0xba, 0x24, 0x45, 0x17, 0x76, 0xb3, 0x6c, 0x94, 0x97, 0xd7, 0x5a, 0xa0, 0x92, 0x9c, 0xf6,
+	0xb0, 0xef, 0x50, 0xa7, 0x01, 0x5f, 0x03, 0x33, 0x07, 0x94, 0xb4, 0x2c, 0x44, 0x0e, 0x24, 0xe0,
+	0xa2, 0x04, 0x9c, 0xb9, 0x25, 0xe9, 0x28, 0x96, 0x80, 0xab, 0x60, 0xfa, 0xb3, 0x50, 0xb1, 0x5a,
+	0x10, 0xc2, 0x0b, 0x52, 0x78, 0x5a, 0xe2, 0xa1, 0x88, 0xaf, 0x1d, 0x80, 0xf9, 0x4d, 0x1c, 0x98,
+	0x87, 0xd7, 0x5d, 0xc7, 0xa2, 0x22, 0xc2, 0x15, 0x50, 0x74, 0xb0, 0x4d, 0x64, 0x88, 0xb3, 0x52,
+	0xb3, 0xb8, 0x85, 0x6d, 0x82, 0x04, 0x07, 0xae, 0x03, 0x40, 0xf2, 0xf1, 0x41, 0x29, 0x07, 0x52,
+	0xa1, 0xa5, 0xa4, 0xb4, 0x9f, 0x8b, 0xd2, 0x10, 0x22, 0xcc, 0x6d, 0xfb, 0x26, 0x61, 0xf0, 0x11,
+	0xa8, 0x70, 0x38, 0xe6, 0x61, 0x93, 0x3c, 0x20, 0x2d, 0x62, 0x06, 0xae, 0x2f, 0xac, 0x96, 0xd7,
+	0x2f, 0xeb, 0x49, 0x9d, 0xc6, 0x37, 0xa6, 0x7b, 0xcd, 0x06, 0x27, 0x30, 0x9d, 0x17, 0x86, 0xde,
+	0x59, 0xd3, 0xef, 0xe3, 0x7d, 0xd2, 0x8a, 0x54, 0x8d, 0x73, 0xbd, 0xae, 0x5a, 0xd9, 0xca, 0x23,
+	0xa2, 0x7e, 0x23, 0xd0, 0x05, 0xf3, 0xee, 0xfe, 0x43, 0x62, 0x06, 0xb1, 0xd9, 0xc9, 0x17, 0x37,
+	0x0b, 0x7b, 0x5d, 0x75, 0x7e, 0x3b, 0x03, 0x87, 0x72, 0xf0, 0xf0, 0x4b, 0x30, 0xe7, 0xcb, 0xb8,
+	0x51, 0xbb, 0x45, 0x58, 0xb5, 0xb0, 0x52, 0xb8, 0x54, 0x5e, 0x37, 0xf4, 0x91, 0xdb, 0x51, 0xe7,
+	0x81, 0x59, 0x5c, 0x79, 0x8f, 0x06, 0x87, 0xdb, 0x1e, 0x09, 0xf9, 0xcc, 0x38, 0x27, 0x13, 0x3f,
+	0x87, 0xd2, 0x06, 0x50, 0xd6, 0x1e, 0xfc, 0x4e, 0x01, 0x67, 0xc9, 0x23, 0xb3, 0xd5, 0xb6, 0x48,
+	0x46, 0xae, 0x5a, 0x3c, 0x35, 0x47, 0x5e, 0x91, 0x8e, 0x9c, 0xbd, 0x39, 0xc0, 0x0e, 0x1a, 0x68,
+	0x1d, 0xde, 0x00, 0x65, 0x9b, 0x17, 0xc5, 0x8e, 0xdb, 0xa2, 0xe6, 0x51, 0x75, 0x5a, 0x94, 0x92,
+	0xd6, 0xeb, 0xaa, 0xe5, 0xcd, 0x84, 0x7c, 0xdc, 0x55, 0x17, 0x52, 0xc7, 0x0f, 0x8e, 0x3c, 0x82,
+	0xd2, 0x6a, 0xda, 0x33, 0x05, 0x2c, 0x0d, 0xf1, 0x0a, 0x5e, 0x4d, 0x32, 0x2f, 0x4a, 0xa3, 0xaa,
+	0xac, 0x14, 0x2e, 0x95, 0x8c, 0x4a, 0x3a, 0x63, 0x82, 0x81, 0xb2, 0x72, 0xf0, 0x2b, 0x05, 0x40,
+	0xbf, 0x0f, 0x4f, 0x16, 0xca, 0xd5, 0x51, 0xf2, 0xa5, 0x0f, 0x48, 0xd2, 0xb2, 0x4c, 0x12, 0xec,
+	0xe7, 0xa1, 0x01, 0xe6, 0x34, 0x0c, 0x4a, 0x3b, 0xd8, 0xc7, 0xf6, 0x3d, 0xea, 0x58, 0xbc, 0xef,
+	0xb0, 0x47, 0x77, 0x89, 0x2f, 0xfa, 0x4e, 0xc9, 0xf6, 0xdd, 0xc6, 0xce, 0x1d, 0xc9, 0x41, 0x29,
+	0x29, 0xde, 0xcd, 0x4d, 0xea, 0x58, 0xb2, 0x4b, 0xe3, 0x6e, 0xe6, 0x78, 0x48, 0x70, 0xb4, 0x1f,
+	0x27, 0xc1, 0x8c, 0xb0, 0xc1, 0x27, 0xc7, 0xc9, 0xcd, 0x5f, 0x07, 0xa5, 0xb8, 0xa1, 0x24, 0x6a,
+	0x45, 0x8a, 0x95, 0xe2, 0xe6, 0x43, 0x89, 0x0c, 0xfc, 0x18, 0xcc, 0xb0, 0xa8, 0xcd, 0x0a, 0x2f,
+	0xde, 0x66, 0xb3, 0x7c, 0xd6, 0xc5, 0x0d, 0x16, 0x43, 0xc2, 0x00, 0x2c, 0x79, 0xdc, 0x7b, 0x12,
+	0x10, 0x7f, 0xcb, 0x0d, 0x6e, 0xb9, 0x6d, 0xc7, 0xda, 0x30, 0x79, 0xf6, 0xaa, 0x45, 0xe1, 0xdd,
+	0xb5, 0x5e, 0x57, 0x5d, 0xda, 0x19, 0x2c, 0x72, 0xdc, 0x55, 0x5f, 0x1e, 0xc2, 0x12, 0x65, 0x36,
+	0x0c, 0x5a, 0xfb, 0x5e, 0x01, 0xb3, 0x5c, 0xe2, 0xfa, 0x21, 0x31, 0x9b, 0x7c, 0x40, 0x7f, 0xad,
+	0x00, 0x48, 0xf2, 0x63, 0x3b, 0xac, 0xb6, 0xf2, 0xfa, 0xbb, 0x63, 0xb4, 0x57, 0xdf, 0xec, 0x4f,
+	0x6a, 0xa6, 0x8f, 0xc5, 0xd0, 0x00, 0x9b, 0xda, 0x2f, 0x93, 0xe0, 0xfc, 0x2e, 0x6e, 0x51, 0x0b,
+	0x07, 0xd4, 0x69, 0x6c, 0x44, 0xe6, 0xc2, 0x66, 0x81, 0x9f, 0x80, 0x19, 0x9e, 0x60, 0x0b, 0x07,
+	0x58, 0x0e, 0xdb, 0x37, 0x46, 0xbb, 0x8e, 0x70, 0xc4, 0x6d, 0x92, 0x00, 0x27, 0x45, 0x97, 0xd0,
+	0x50, 0x8c, 0x0a, 0x1f, 0x82, 0x22, 0xf3, 0x88, 0x29, 0x5b, 0xe5, 0xfd, 0x31, 0x62, 0x1f, 0xea,
+	0xf5, 0x03, 0x8f, 0x98, 0x49, 0x35, 0xf2, 0x13, 0x12, 0x36, 0xa0, 0x0f, 0xa6, 0x58, 0x80, 0x83,
+	0x36, 0x93, 0xa5, 0x75, 0xf7, 0x54, 0xac, 0x09, 0x44, 0x63, 0x5e, 0xda, 0x9b, 0x0a, 0xcf, 0x48,
+	0x5a, 0xd2, 0xfe, 0x54, 0xc0, 0xca, 0x50, 0x5d, 0x83, 0x3a, 0x16, 0xaf, 0x87, 0xff, 0x3e, 0xcd,
+	0x9f, 0x66, 0xd2, 0xbc, 0x7d, 0x1a, 0x81, 0x4b, 0xe7, 0x87, 0x65, 0x5b, 0xfb, 0x43, 0x01, 0x17,
+	0x4f, 0x52, 0xbe, 0x4f, 0x59, 0x00, 0x3f, 0xea, 0x8b, 0x5e, 0x1f, 0xb1, 0xe7, 0x29, 0x0b, 0x63,
+	0x8f, 0xd7, 0x9b, 0x88, 0x92, 0x8a, 0xdc, 0x03, 0x67, 0x68, 0x40, 0x6c, 0x3e, 0x8c, 0x79, 0x77,
+	0xdd, 0x3b, 0xc5, 0xd0, 0x8d, 0x39, 0x69, 0xf7, 0xcc, 0x1d, 0x6e, 0x01, 0x85, 0x86, 0xb4, 0x6f,
+	0x0a, 0x27, 0x07, 0xce, 0xf3, 0xc4, 0x47, 0xb4, 0x27, 0x88, 0x5b, 0xc9, 0x14, 0x8d, 0xaf, 0x71,
+	0x27, 0xe6, 0xa0, 0x94, 0x14, 0x1f, 0x90, 0x9e, 0x9c, 0xbf, 0x03, 0xf6, 0x90, 0x93, 0x22, 0x8a,
+	0x46, 0x77, 0x38, 0x20, 0xa3, 0x13, 0x8a, 0x21, 0x61, 0x1b, 0xcc, 0xdb, 0x99, 0xc5, 0x4b, 0xb6,
+	0xca, 0x3b, 0x63, 0x18, 0xc9, 0x6e, 0x6e, 0xe1, 0xca, 0x93, 0xa5, 0xa1, 0x9c, 0x11, 0xb8, 0x07,
+	0x2a, 0x1d, 0x99, 0x31, 0xd7, 0x09, 0xa7, 0x66, 0xb8, 0x6d, 0x94, 0x8c, 0x55, 0xbe, 0xa8, 0xed,
+	0xe6, 0x99, 0xc7, 0x5d, 0x75, 0x31, 0x4f, 0x44, 0xfd, 0x18, 0xda, 0xef, 0x0a, 0xb8, 0x30, 0xf4,
+	0x2e, 0xfe, 0x87, 0xea, 0xa3, 0xd9, 0xea, 0xbb, 0x71, 0x2a, 0xd5, 0x37, 0xb8, 0xec, 0x7e, 0x98,
+	0xfa, 0x87, 0x50, 0x45, 0xbd, 0x61, 0x50, 0xf2, 0xa2, 0xfd, 0x40, 0xc6, 0x7a, 0x65, 0xdc, 0xe2,
+	0xe1, 0xba, 0xc6, 0x1c, 0xff, 0x7e, 0xc7, 0x47, 0x94, 0xa0, 0xc2, 0xcf, 0xc1, 0xa2, 0x2d, 0x5f,
+	0x08, 0x1c, 0x80, 0x3a, 0x41, 0xb4, 0x05, 0xfd, 0x8b, 0x0a, 0x3a, 0xdb, 0xeb, 0xaa, 0x8b, 0x9b,
+	0x39, 0x58, 0xd4, 0x67, 0x08, 0xb6, 0x40, 0x39, 0xa9, 0x80, 0x68, 0x6d, 0x7e, 0xf3, 0x05, 0x52,
+	0xee, 0x3a, 0xc6, 0x4b, 0x32, 0xc7, 0xe5, 0x84, 0xc6, 0x50, 0x1a, 0x1e, 0xde, 0x07, 0x73, 0x07,
+	0x98, 0xb6, 0xda, 0x3e, 0x91, 0x0b, 0x69, 0xb8, 0x41, 0xbc, 0xca, 0x97, 0xc5, 0x5b, 0x69, 0xc6,
+	0x71, 0x57, 0xad, 0x64, 0x08, 0x62, 0x5b, 0xc8, 0x2a, 0xc3, 0xc7, 0x0a, 0x58, 0xc4, 0xd9, 0xe7,
+	0x23, 0xab, 0x9e, 0x11, 0x11, 0x5c, 0x1b, 0x23, 0x82, 0xdc, 0x0b, 0xd4, 0xa8, 0xca, 0x30, 0x16,
+	0x73, 0x0c, 0x86, 0xfa, 0xac, 0xc1, 0x2f, 0xc0, 0x82, 0x9d, 0x79, 0xdd, 0xb1, 0xea, 0x94, 0x70,
+	0x60, 0xec, 0xab, 0x8b, 0x11, 0x92, 0x97, 0x6c, 0x96, 0xce, 0x50, 0xde, 0x14, 0xb4, 0x40, 0xa9,
+	0x83, 0x7d, 0x8a, 0xf7, 0xf9, 0x43, 0x63, 0x5a, 0xd8, 0xbd, 0x3c, 0xd6, 0xd5, 0x85, 0xba, 0xc9,
+	0x7e, 0x19, 0x51, 0x18, 0x4a, 0x80, 0xb5, 0x9f, 0x26, 0x81, 0x7a, 0xc2, 0xa7, 0x1c, 0xde, 0x05,
+	0xd0, 0xdd, 0x67, 0xc4, 0xef, 0x10, 0xeb, 0x76, 0xf8, 0xc6, 0x8f, 0x36, 0xe8, 0x42, 0xb2, 0x5e,
+	0x6d, 0xf7, 0x49, 0xa0, 0x01, 0x5a, 0xd0, 0x06, 0xb3, 0x41, 0x6a, 0xf3, 0x1b, 0xe7, 0x45, 0x20,
+	0x03, 0x4b, 0x2f, 0x8e, 0xc6, 0x62, 0xaf, 0xab, 0x66, 0x56, 0x49, 0x94, 0x81, 0x87, 0x26, 0x00,
+	0x66, 0x72, 0x7b, 0x61, 0x03, 0xd4, 0x47, 0x1b, 0x67, 0xc9, 0x9d, 0xc5, 0x9f, 0xa0, 0xd4, 0x75,
+	0xa5, 0x60, 0xb5, 0xbf, 0x14, 0x00, 0x92, 0xae, 0x80, 0x17, 0x41, 0xea, 0x19, 0x2f, 0xbf, 0x62,
+	0x45, 0x0e, 0x81, 0x52, 0x74, 0xb8, 0x0a, 0xa6, 0x6d, 0xc2, 0x18, 0x6e, 0x44, 0xef, 0x80, 0xf8,
+	0x5f, 0x86, 0xcd, 0x90, 0x8c, 0x22, 0x3e, 0xdc, 0x03, 0x53, 0x3e, 0xc1, 0xcc, 0x75, 0xe4, 0xff,
+	0x11, 0xef, 0xf1, 0xb5, 0x0a, 0x09, 0xca, 0x71, 0x57, 0x5d, 0x1b, 0xe5, 0x5f, 0x20, 0x5d, 0x6e,
+	0x61, 0x42, 0x09, 0x49, 0x38, 0x78, 0x1b, 0x54, 0xa4, 0x8d, 0x94, 0xc3, 0x61, 0xd7, 0x9e, 0x97,
+	0xde, 0x54, 0x36, 0xf3, 0x02, 0xa8, 0x5f, 0x47, 0xbb, 0x0b, 0x66, 0xa2, 0xea, 0x82, 0x55, 0x50,
+	0x4c, 0x7d, 0xbe, 0xc3, 0xc0, 0x05, 0x25, 0x97, 0x98, 0xc9, 0xc1, 0x89, 0x31, 0xb6, 0x9f, 0x3c,
+	0xaf, 0x4d, 0x3c, 0x7d, 0x5e, 0x9b, 0x78, 0xf6, 0xbc, 0x36, 0xf1, 0xb8, 0x57, 0x53, 0x9e, 0xf4,
+	0x6a, 0xca, 0xd3, 0x5e, 0x4d, 0x79, 0xd6, 0xab, 0x29, 0xbf, 0xf6, 0x6a, 0xca, 0xb7, 0xbf, 0xd5,
+	0x26, 0x3e, 0x5c, 0x1d, 0xf9, 0x5f, 0xbc, 0xbf, 0x03, 0x00, 0x00, 0xff, 0xff, 0xad, 0xe2, 0x61,
+	0x96, 0x0a, 0x14, 0x00, 0x00,
 }
 
 func (m *AuditAnnotation) Marshal() (dAtA []byte, err error) {
@@ -884,6 +920,25 @@ func (m *ParamRef) MarshalToSizedBuffer(dAtA []byte) (int, error) {
 	_ = i
 	var l int
 	_ = l
+	if m.ParameterNotFoundAction != nil {
+		i -= len(*m.ParameterNotFoundAction)
+		copy(dAtA[i:], *m.ParameterNotFoundAction)
+		i = encodeVarintGenerated(dAtA, i, uint64(len(*m.ParameterNotFoundAction)))
+		i--
+		dAtA[i] = 0x22
+	}
+	if m.Selector != nil {
+		{
+			size, err := m.Selector.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintGenerated(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x1a
+	}
 	i -= len(m.Namespace)
 	copy(dAtA[i:], m.Namespace)
 	i = encodeVarintGenerated(dAtA, i, uint64(len(m.Namespace)))
@@ -1205,6 +1260,20 @@ func (m *ValidatingAdmissionPolicySpec) MarshalToSizedBuffer(dAtA []byte) (int,
 	_ = i
 	var l int
 	_ = l
+	if len(m.Variables) > 0 {
+		for iNdEx := len(m.Variables) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Variables[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintGenerated(dAtA, i, uint64(size))
+			}
+			i--
+			dAtA[i] = 0x3a
+		}
+	}
 	if len(m.MatchConditions) > 0 {
 		for iNdEx := len(m.MatchConditions) - 1; iNdEx >= 0; iNdEx-- {
 			{
@@ -1378,6 +1447,39 @@ func (m *Validation) MarshalToSizedBuffer(dAtA []byte) (int, error) {
 	return len(dAtA) - i, nil
 }
 
+func (m *Variable) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *Variable) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Variable) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	i -= len(m.Expression)
+	copy(dAtA[i:], m.Expression)
+	i = encodeVarintGenerated(dAtA, i, uint64(len(m.Expression)))
+	i--
+	dAtA[i] = 0x12
+	i -= len(m.Name)
+	copy(dAtA[i:], m.Name)
+	i = encodeVarintGenerated(dAtA, i, uint64(len(m.Name)))
+	i--
+	dAtA[i] = 0xa
+	return len(dAtA) - i, nil
+}
+
 func encodeVarintGenerated(dAtA []byte, offset int, v uint64) int {
 	offset -= sovGenerated(v)
 	base := offset
@@ -1501,6 +1603,14 @@ func (m *ParamRef) Size() (n int) {
 	n += 1 + l + sovGenerated(uint64(l))
 	l = len(m.Namespace)
 	n += 1 + l + sovGenerated(uint64(l))
+	if m.Selector != nil {
+		l = m.Selector.Size()
+		n += 1 + l + sovGenerated(uint64(l))
+	}
+	if m.ParameterNotFoundAction != nil {
+		l = len(*m.ParameterNotFoundAction)
+		n += 1 + l + sovGenerated(uint64(l))
+	}
 	return n
 }
 
@@ -1642,6 +1752,12 @@ func (m *ValidatingAdmissionPolicySpec) Size() (n int) {
 			n += 1 + l + sovGenerated(uint64(l))
 		}
 	}
+	if len(m.Variables) > 0 {
+		for _, e := range m.Variables {
+			l = e.Size()
+			n += 1 + l + sovGenerated(uint64(l))
+		}
+	}
 	return n
 }
 
@@ -1684,6 +1800,19 @@ func (m *Validation) Size() (n int) {
 	return n
 }
 
+func (m *Variable) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = len(m.Name)
+	n += 1 + l + sovGenerated(uint64(l))
+	l = len(m.Expression)
+	n += 1 + l + sovGenerated(uint64(l))
+	return n
+}
+
 func sovGenerated(x uint64) (n int) {
 	return (math_bits.Len64(x|1) + 6) / 7
 }
@@ -1776,6 +1905,8 @@ func (this *ParamRef) String() string {
 	s := strings.Join([]string{`&ParamRef{`,
 		`Name:` + fmt.Sprintf("%v", this.Name) + `,`,
 		`Namespace:` + fmt.Sprintf("%v", this.Namespace) + `,`,
+		`Selector:` + strings.Replace(fmt.Sprintf("%v", this.Selector), "LabelSelector", "v1.LabelSelector", 1) + `,`,
+		`ParameterNotFoundAction:` + valueToStringGenerated(this.ParameterNotFoundAction) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -1882,6 +2013,11 @@ func (this *ValidatingAdmissionPolicySpec) String() string {
 		repeatedStringForMatchConditions += strings.Replace(strings.Replace(f.String(), "MatchCondition", "MatchCondition", 1), `&`, ``, 1) + ","
 	}
 	repeatedStringForMatchConditions += "}"
+	repeatedStringForVariables := "[]Variable{"
+	for _, f := range this.Variables {
+		repeatedStringForVariables += strings.Replace(strings.Replace(f.String(), "Variable", "Variable", 1), `&`, ``, 1) + ","
+	}
+	repeatedStringForVariables += "}"
 	s := strings.Join([]string{`&ValidatingAdmissionPolicySpec{`,
 		`ParamKind:` + strings.Replace(this.ParamKind.String(), "ParamKind", "ParamKind", 1) + `,`,
 		`MatchConstraints:` + strings.Replace(this.MatchConstraints.String(), "MatchResources", "MatchResources", 1) + `,`,
@@ -1889,6 +2025,7 @@ func (this *ValidatingAdmissionPolicySpec) String() string {
 		`FailurePolicy:` + valueToStringGenerated(this.FailurePolicy) + `,`,
 		`AuditAnnotations:` + repeatedStringForAuditAnnotations + `,`,
 		`MatchConditions:` + repeatedStringForMatchConditions + `,`,
+		`Variables:` + repeatedStringForVariables + `,`,
 		`}`,
 	}, "")
 	return s
@@ -1923,6 +2060,17 @@ func (this *Validation) String() string {
 	}, "")
 	return s
 }
+func (this *Variable) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&Variable{`,
+		`Name:` + fmt.Sprintf("%v", this.Name) + `,`,
+		`Expression:` + fmt.Sprintf("%v", this.Expression) + `,`,
+		`}`,
+	}, "")
+	return s
+}
 func valueToStringGenerated(v interface{}) string {
 	rv := reflect.ValueOf(v)
 	if rv.IsNil() {
@@ -2818,6 +2966,75 @@ func (m *ParamRef) Unmarshal(dAtA []byte) error {
 			}
 			m.Namespace = string(dAtA[iNdEx:postIndex])
 			iNdEx = postIndex
+		case 3:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Selector", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.Selector == nil {
+				m.Selector = &v1.LabelSelector{}
+			}
+			if err := m.Selector.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 4:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field ParameterNotFoundAction", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			s := ParameterNotFoundActionType(dAtA[iNdEx:postIndex])
+			m.ParameterNotFoundAction = &s
+			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
 			skippy, err := skipGenerated(dAtA[iNdEx:])
@@ -3844,6 +4061,40 @@ func (m *ValidatingAdmissionPolicySpec) Unmarshal(dAtA []byte) error {
 				return err
 			}
 			iNdEx = postIndex
+		case 7:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Variables", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Variables = append(m.Variables, Variable{})
+			if err := m.Variables[len(m.Variables)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
 			skippy, err := skipGenerated(dAtA[iNdEx:])
@@ -4183,6 +4434,120 @@ func (m *Validation) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
+func (m *Variable) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowGenerated
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: Variable: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: Variable: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Name = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 2:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Expression", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Expression = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipGenerated(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
 func skipGenerated(dAtA []byte) (n int, err error) {
 	l := len(dAtA)
 	iNdEx := 0
diff --git a/vendor/k8s.io/api/admissionregistration/v1alpha1/generated.proto b/vendor/k8s.io/api/admissionregistration/v1alpha1/generated.proto
index c718c5464..db02dd929 100644
--- a/vendor/k8s.io/api/admissionregistration/v1alpha1/generated.proto
+++ b/vendor/k8s.io/api/admissionregistration/v1alpha1/generated.proto
@@ -227,16 +227,59 @@ message ParamKind {
   optional string kind = 2;
 }
 
-// ParamRef references a parameter resource
+// ParamRef describes how to locate the params to be used as input to
+// expressions of rules applied by a policy binding.
 // +structType=atomic
 message ParamRef {
-  // Name of the resource being referenced.
+  // `name` is the name of the resource being referenced.
+  //
+  // `name` and `selector` are mutually exclusive properties. If one is set,
+  // the other must be unset.
+  //
+  // +optional
   optional string name = 1;
 
-  // Namespace of the referenced resource.
-  // Should be empty for the cluster-scoped resources
+  // namespace is the namespace of the referenced resource. Allows limiting
+  // the search for params to a specific namespace. Applies to both `name` and
+  // `selector` fields.
+  //
+  // A per-namespace parameter may be used by specifying a namespace-scoped
+  // `paramKind` in the policy and leaving this field empty.
+  //
+  // - If `paramKind` is cluster-scoped, this field MUST be unset. Setting this
+  // field results in a configuration error.
+  //
+  // - If `paramKind` is namespace-scoped, the namespace of the object being
+  // evaluated for admission will be used when this field is left unset. Take
+  // care that if this is left empty the binding must not match any cluster-scoped
+  // resources, which will result in an error.
+  //
   // +optional
   optional string namespace = 2;
+
+  // selector can be used to match multiple param objects based on their labels.
+  // Supply selector: {} to match all resources of the ParamKind.
+  //
+  // If multiple params are found, they are all evaluated with the policy expressions
+  // and the results are ANDed together.
+  //
+  // One of `name` or `selector` must be set, but `name` and `selector` are
+  // mutually exclusive properties. If one is set, the other must be unset.
+  //
+  // +optional
+  optional k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector selector = 3;
+
+  // `parameterNotFoundAction` controls the behavior of the binding when the resource
+  // exists, and name or selector is valid, but there are no parameters
+  // matched by the binding. If the value is set to `Allow`, then no
+  // matched parameters will be treated as successful validation by the binding.
+  // If set to `Deny`, then no matched parameters will be subject to the
+  // `failurePolicy` of the policy.
+  //
+  // Allowed values are `Allow` or `Deny`
+  // Default to `Deny`
+  // +optional
+  optional string parameterNotFoundAction = 4;
 }
 
 // TypeChecking contains results of type checking the expressions in the
@@ -267,6 +310,15 @@ message ValidatingAdmissionPolicy {
 
 // ValidatingAdmissionPolicyBinding binds the ValidatingAdmissionPolicy with paramerized resources.
 // ValidatingAdmissionPolicyBinding and parameter CRDs together define how cluster administrators configure policies for clusters.
+//
+// For a given admission request, each binding will cause its policy to be
+// evaluated N times, where N is 1 for policies/bindings that don't use
+// params, otherwise N is the number of parameters selected by the binding.
+//
+// The CEL expressions of a policy must have a computed CEL cost below the maximum
+// CEL budget. Each evaluation of the policy is given an independent CEL cost budget.
+// Adding/removing policies, bindings, or params can not affect whether a
+// given (policy, binding, param) combination is within its own CEL budget.
 message ValidatingAdmissionPolicyBinding {
   // Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
   // +optional
@@ -294,9 +346,10 @@ message ValidatingAdmissionPolicyBindingSpec {
   // Required.
   optional string policyName = 1;
 
-  // ParamRef specifies the parameter resource used to configure the admission control policy.
+  // paramRef specifies the parameter resource used to configure the admission control policy.
   // It should point to a resource of the type specified in ParamKind of the bound ValidatingAdmissionPolicy.
   // If the policy specifies a ParamKind and the resource referred to by ParamRef does not exist, this binding is considered mis-configured and the FailurePolicy of the ValidatingAdmissionPolicy applied.
+  // If the policy does not specify a ParamKind then this field is ignored, and the rules are evaluated without a param.
   // +optional
   optional ParamRef paramRef = 2;
 
@@ -430,6 +483,20 @@ message ValidatingAdmissionPolicySpec {
   // +listMapKey=name
   // +optional
   repeated MatchCondition matchConditions = 6;
+
+  // Variables contain definitions of variables that can be used in composition of other expressions.
+  // Each variable is defined as a named CEL expression.
+  // The variables defined here will be available under `variables` in other expressions of the policy
+  // except MatchConditions because MatchConditions are evaluated before the rest of the policy.
+  //
+  // The expression of a variable can refer to other variables defined earlier in the list but not those after.
+  // Thus, Variables must be sorted by the order of first appearance and acyclic.
+  // +patchMergeKey=name
+  // +patchStrategy=merge
+  // +listType=map
+  // +listMapKey=name
+  // +optional
+  repeated Variable variables = 7;
 }
 
 // ValidatingAdmissionPolicyStatus represents the status of a ValidatingAdmissionPolicy.
@@ -460,6 +527,9 @@ message Validation {
   // - 'oldObject' - The existing object. The value is null for CREATE requests.
   // - 'request' - Attributes of the API request([ref](/pkg/apis/admission/types.go#AdmissionRequest)).
   // - 'params' - Parameter resource referred to by the policy binding being evaluated. Only populated if the policy has a ParamKind.
+  // - 'namespaceObject' - The namespace object that the incoming object belongs to. The value is null for cluster-scoped resources.
+  // - 'variables' - Map of composited variables, from its name to its lazily evaluated value.
+  //   For example, a variable named 'foo' can be accessed as 'variables.foo'.
   // - 'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request.
   //   See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz
   // - 'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the
@@ -525,3 +595,15 @@ message Validation {
   optional string messageExpression = 4;
 }
 
+// Variable is the definition of a variable that is used for composition.
+message Variable {
+  // Name is the name of the variable. The name must be a valid CEL identifier and unique among all variables.
+  // The variable can be accessed in other expressions through `variables`
+  // For example, if name is "foo", the variable will be available as `variables.foo`
+  optional string Name = 1;
+
+  // Expression is the expression that will be evaluated as the value of the variable.
+  // The CEL expression has access to the same identifiers as the CEL expressions in Validation.
+  optional string Expression = 2;
+}
+
diff --git a/vendor/k8s.io/api/admissionregistration/v1alpha1/types.go b/vendor/k8s.io/api/admissionregistration/v1alpha1/types.go
index 2bbb55a47..575456c83 100644
--- a/vendor/k8s.io/api/admissionregistration/v1alpha1/types.go
+++ b/vendor/k8s.io/api/admissionregistration/v1alpha1/types.go
@@ -39,6 +39,18 @@ const (
 	AllScopes ScopeType = v1.AllScopes
 )
 
+// ParameterNotFoundActionType specifies a failure policy that defines how a binding
+// is evaluated when the param referred by its perNamespaceParamRef is not found.
+// +enum
+type ParameterNotFoundActionType string
+
+const (
+	// Ignore means that an error finding params for a binding is ignored
+	AllowAction ParameterNotFoundActionType = "Allow"
+	// Fail means that an error finding params for a binding is ignored
+	DenyAction ParameterNotFoundActionType = "Deny"
+)
+
 // FailurePolicyType specifies a failure policy that defines how unrecognized errors from the admission endpoint are handled.
 // +enum
 type FailurePolicyType string
@@ -201,6 +213,20 @@ type ValidatingAdmissionPolicySpec struct {
 	// +listMapKey=name
 	// +optional
 	MatchConditions []MatchCondition `json:"matchConditions,omitempty" patchStrategy:"merge" patchMergeKey:"name" protobuf:"bytes,6,rep,name=matchConditions"`
+
+	// Variables contain definitions of variables that can be used in composition of other expressions.
+	// Each variable is defined as a named CEL expression.
+	// The variables defined here will be available under `variables` in other expressions of the policy
+	// except MatchConditions because MatchConditions are evaluated before the rest of the policy.
+	//
+	// The expression of a variable can refer to other variables defined earlier in the list but not those after.
+	// Thus, Variables must be sorted by the order of first appearance and acyclic.
+	// +patchMergeKey=name
+	// +patchStrategy=merge
+	// +listType=map
+	// +listMapKey=name
+	// +optional
+	Variables []Variable `json:"variables" patchStrategy:"merge" patchMergeKey:"name" protobuf:"bytes,7,rep,name=variables"`
 }
 
 type MatchCondition v1.MatchCondition
@@ -228,6 +254,9 @@ type Validation struct {
 	// - 'oldObject' - The existing object. The value is null for CREATE requests.
 	// - 'request' - Attributes of the API request([ref](/pkg/apis/admission/types.go#AdmissionRequest)).
 	// - 'params' - Parameter resource referred to by the policy binding being evaluated. Only populated if the policy has a ParamKind.
+	// - 'namespaceObject' - The namespace object that the incoming object belongs to. The value is null for cluster-scoped resources.
+	// - 'variables' - Map of composited variables, from its name to its lazily evaluated value.
+	//   For example, a variable named 'foo' can be accessed as 'variables.foo'.
 	// - 'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request.
 	//   See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz
 	// - 'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the
@@ -290,6 +319,18 @@ type Validation struct {
 	MessageExpression string `json:"messageExpression,omitempty" protobuf:"bytes,4,opt,name=messageExpression"`
 }
 
+// Variable is the definition of a variable that is used for composition.
+type Variable struct {
+	// Name is the name of the variable. The name must be a valid CEL identifier and unique among all variables.
+	// The variable can be accessed in other expressions through `variables`
+	// For example, if name is "foo", the variable will be available as `variables.foo`
+	Name string `json:"name" protobuf:"bytes,1,opt,name=Name"`
+
+	// Expression is the expression that will be evaluated as the value of the variable.
+	// The CEL expression has access to the same identifiers as the CEL expressions in Validation.
+	Expression string `json:"expression" protobuf:"bytes,2,opt,name=Expression"`
+}
+
 // AuditAnnotation describes how to produce an audit annotation for an API request.
 type AuditAnnotation struct {
 	// key specifies the audit annotation key. The audit annotation keys of
@@ -334,6 +375,15 @@ type AuditAnnotation struct {
 
 // ValidatingAdmissionPolicyBinding binds the ValidatingAdmissionPolicy with paramerized resources.
 // ValidatingAdmissionPolicyBinding and parameter CRDs together define how cluster administrators configure policies for clusters.
+//
+// For a given admission request, each binding will cause its policy to be
+// evaluated N times, where N is 1 for policies/bindings that don't use
+// params, otherwise N is the number of parameters selected by the binding.
+//
+// The CEL expressions of a policy must have a computed CEL cost below the maximum
+// CEL budget. Each evaluation of the policy is given an independent CEL cost budget.
+// Adding/removing policies, bindings, or params can not affect whether a
+// given (policy, binding, param) combination is within its own CEL budget.
 type ValidatingAdmissionPolicyBinding struct {
 	metav1.TypeMeta `json:",inline"`
 	// Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
@@ -364,9 +414,10 @@ type ValidatingAdmissionPolicyBindingSpec struct {
 	// Required.
 	PolicyName string `json:"policyName,omitempty" protobuf:"bytes,1,rep,name=policyName"`
 
-	// ParamRef specifies the parameter resource used to configure the admission control policy.
+	// paramRef specifies the parameter resource used to configure the admission control policy.
 	// It should point to a resource of the type specified in ParamKind of the bound ValidatingAdmissionPolicy.
 	// If the policy specifies a ParamKind and the resource referred to by ParamRef does not exist, this binding is considered mis-configured and the FailurePolicy of the ValidatingAdmissionPolicy applied.
+	// If the policy does not specify a ParamKind then this field is ignored, and the rules are evaluated without a param.
 	// +optional
 	ParamRef *ParamRef `json:"paramRef,omitempty" protobuf:"bytes,2,rep,name=paramRef"`
 
@@ -421,15 +472,59 @@ type ValidatingAdmissionPolicyBindingSpec struct {
 	ValidationActions []ValidationAction `json:"validationActions,omitempty" protobuf:"bytes,4,rep,name=validationActions"`
 }
 
-// ParamRef references a parameter resource
+// ParamRef describes how to locate the params to be used as input to
+// expressions of rules applied by a policy binding.
 // +structType=atomic
 type ParamRef struct {
-	// Name of the resource being referenced.
+	// `name` is the name of the resource being referenced.
+	//
+	// `name` and `selector` are mutually exclusive properties. If one is set,
+	// the other must be unset.
+	//
+	// +optional
 	Name string `json:"name,omitempty" protobuf:"bytes,1,rep,name=name"`
-	// Namespace of the referenced resource.
-	// Should be empty for the cluster-scoped resources
+
+	// namespace is the namespace of the referenced resource. Allows limiting
+	// the search for params to a specific namespace. Applies to both `name` and
+	// `selector` fields.
+	//
+	// A per-namespace parameter may be used by specifying a namespace-scoped
+	// `paramKind` in the policy and leaving this field empty.
+	//
+	// - If `paramKind` is cluster-scoped, this field MUST be unset. Setting this
+	// field results in a configuration error.
+	//
+	// - If `paramKind` is namespace-scoped, the namespace of the object being
+	// evaluated for admission will be used when this field is left unset. Take
+	// care that if this is left empty the binding must not match any cluster-scoped
+	// resources, which will result in an error.
+	//
 	// +optional
 	Namespace string `json:"namespace,omitempty" protobuf:"bytes,2,rep,name=namespace"`
+
+	// selector can be used to match multiple param objects based on their labels.
+	// Supply selector: {} to match all resources of the ParamKind.
+	//
+	// If multiple params are found, they are all evaluated with the policy expressions
+	// and the results are ANDed together.
+	//
+	// One of `name` or `selector` must be set, but `name` and `selector` are
+	// mutually exclusive properties. If one is set, the other must be unset.
+	//
+	// +optional
+	Selector *metav1.LabelSelector `json:"selector,omitempty" protobuf:"bytes,3,rep,name=selector"`
+
+	// `parameterNotFoundAction` controls the behavior of the binding when the resource
+	// exists, and name or selector is valid, but there are no parameters
+	// matched by the binding. If the value is set to `Allow`, then no
+	// matched parameters will be treated as successful validation by the binding.
+	// If set to `Deny`, then no matched parameters will be subject to the
+	// `failurePolicy` of the policy.
+	//
+	// Allowed values are `Allow` or `Deny`
+	// Default to `Deny`
+	// +optional
+	ParameterNotFoundAction *ParameterNotFoundActionType `json:"parameterNotFoundAction,omitempty" protobuf:"bytes,4,rep,name=parameterNotFoundAction"`
 }
 
 // MatchResources decides whether to run the admission control policy on an object based
diff --git a/vendor/k8s.io/api/admissionregistration/v1alpha1/types_swagger_doc_generated.go b/vendor/k8s.io/api/admissionregistration/v1alpha1/types_swagger_doc_generated.go
index b3cac1821..dcf46b324 100644
--- a/vendor/k8s.io/api/admissionregistration/v1alpha1/types_swagger_doc_generated.go
+++ b/vendor/k8s.io/api/admissionregistration/v1alpha1/types_swagger_doc_generated.go
@@ -80,9 +80,11 @@ func (ParamKind) SwaggerDoc() map[string]string {
 }
 
 var map_ParamRef = map[string]string{
-	"":          "ParamRef references a parameter resource",
-	"name":      "Name of the resource being referenced.",
-	"namespace": "Namespace of the referenced resource. Should be empty for the cluster-scoped resources",
+	"":                        "ParamRef describes how to locate the params to be used as input to expressions of rules applied by a policy binding.",
+	"name":                    "`name` is the name of the resource being referenced.\n\n`name` and `selector` are mutually exclusive properties. If one is set, the other must be unset.",
+	"namespace":               "namespace is the namespace of the referenced resource. Allows limiting the search for params to a specific namespace. Applies to both `name` and `selector` fields.\n\nA per-namespace parameter may be used by specifying a namespace-scoped `paramKind` in the policy and leaving this field empty.\n\n- If `paramKind` is cluster-scoped, this field MUST be unset. Setting this field results in a configuration error.\n\n- If `paramKind` is namespace-scoped, the namespace of the object being evaluated for admission will be used when this field is left unset. Take care that if this is left empty the binding must not match any cluster-scoped resources, which will result in an error.",
+	"selector":                "selector can be used to match multiple param objects based on their labels. Supply selector: {} to match all resources of the ParamKind.\n\nIf multiple params are found, they are all evaluated with the policy expressions and the results are ANDed together.\n\nOne of `name` or `selector` must be set, but `name` and `selector` are mutually exclusive properties. If one is set, the other must be unset.",
+	"parameterNotFoundAction": "`parameterNotFoundAction` controls the behavior of the binding when the resource exists, and name or selector is valid, but there are no parameters matched by the binding. If the value is set to `Allow`, then no matched parameters will be treated as successful validation by the binding. If set to `Deny`, then no matched parameters will be subject to the `failurePolicy` of the policy.\n\nAllowed values are `Allow` or `Deny` Default to `Deny`",
 }
 
 func (ParamRef) SwaggerDoc() map[string]string {
@@ -110,7 +112,7 @@ func (ValidatingAdmissionPolicy) SwaggerDoc() map[string]string {
 }
 
 var map_ValidatingAdmissionPolicyBinding = map[string]string{
-	"":         "ValidatingAdmissionPolicyBinding binds the ValidatingAdmissionPolicy with paramerized resources. ValidatingAdmissionPolicyBinding and parameter CRDs together define how cluster administrators configure policies for clusters.",
+	"":         "ValidatingAdmissionPolicyBinding binds the ValidatingAdmissionPolicy with paramerized resources. ValidatingAdmissionPolicyBinding and parameter CRDs together define how cluster administrators configure policies for clusters.\n\nFor a given admission request, each binding will cause its policy to be evaluated N times, where N is 1 for policies/bindings that don't use params, otherwise N is the number of parameters selected by the binding.\n\nThe CEL expressions of a policy must have a computed CEL cost below the maximum CEL budget. Each evaluation of the policy is given an independent CEL cost budget. Adding/removing policies, bindings, or params can not affect whether a given (policy, binding, param) combination is within its own CEL budget.",
 	"metadata": "Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.",
 	"spec":     "Specification of the desired behavior of the ValidatingAdmissionPolicyBinding.",
 }
@@ -132,7 +134,7 @@ func (ValidatingAdmissionPolicyBindingList) SwaggerDoc() map[string]string {
 var map_ValidatingAdmissionPolicyBindingSpec = map[string]string{
 	"":                  "ValidatingAdmissionPolicyBindingSpec is the specification of the ValidatingAdmissionPolicyBinding.",
 	"policyName":        "PolicyName references a ValidatingAdmissionPolicy name which the ValidatingAdmissionPolicyBinding binds to. If the referenced resource does not exist, this binding is considered invalid and will be ignored Required.",
-	"paramRef":          "ParamRef specifies the parameter resource used to configure the admission control policy. It should point to a resource of the type specified in ParamKind of the bound ValidatingAdmissionPolicy. If the policy specifies a ParamKind and the resource referred to by ParamRef does not exist, this binding is considered mis-configured and the FailurePolicy of the ValidatingAdmissionPolicy applied.",
+	"paramRef":          "paramRef specifies the parameter resource used to configure the admission control policy. It should point to a resource of the type specified in ParamKind of the bound ValidatingAdmissionPolicy. If the policy specifies a ParamKind and the resource referred to by ParamRef does not exist, this binding is considered mis-configured and the FailurePolicy of the ValidatingAdmissionPolicy applied. If the policy does not specify a ParamKind then this field is ignored, and the rules are evaluated without a param.",
 	"matchResources":    "MatchResources declares what resources match this binding and will be validated by it. Note that this is intersected with the policy's matchConstraints, so only requests that are matched by the policy can be selected by this. If this is unset, all resources matched by the policy are validated by this binding When resourceRules is unset, it does not constrain resource matching. If a resource is matched by the other fields of this object, it will be validated. Note that this is differs from ValidatingAdmissionPolicy matchConstraints, where resourceRules are required.",
 	"validationActions": "validationActions declares how Validations of the referenced ValidatingAdmissionPolicy are enforced. If a validation evaluates to false it is always enforced according to these actions.\n\nFailures defined by the ValidatingAdmissionPolicy's FailurePolicy are enforced according to these actions only if the FailurePolicy is set to Fail, otherwise the failures are ignored. This includes compilation errors, runtime errors and misconfigurations of the policy.\n\nvalidationActions is declared as a set of action values. Order does not matter. validationActions may not contain duplicates of the same action.\n\nThe supported actions values are:\n\n\"Deny\" specifies that a validation failure results in a denied request.\n\n\"Warn\" specifies that a validation failure is reported to the request client in HTTP Warning headers, with a warning code of 299. Warnings can be sent both for allowed or denied admission responses.\n\n\"Audit\" specifies that a validation failure is included in the published audit event for the request. The audit event will contain a `validation.policy.admission.k8s.io/validation_failure` audit annotation with a value containing the details of the validation failures, formatted as a JSON list of objects, each with the following fields: - message: The validation failure message string - policy: The resource name of the ValidatingAdmissionPolicy - binding: The resource name of the ValidatingAdmissionPolicyBinding - expressionIndex: The index of the failed validations in the ValidatingAdmissionPolicy - validationActions: The enforcement actions enacted for the validation failure Example audit annotation: `\"validation.policy.admission.k8s.io/validation_failure\": \"[{\"message\": \"Invalid value\", {\"policy\": \"policy.example.com\", {\"binding\": \"policybinding.example.com\", {\"expressionIndex\": \"1\", {\"validationActions\": [\"Audit\"]}]\"`\n\nClients should expect to handle additional values by ignoring any values not recognized.\n\n\"Deny\" and \"Warn\" may not be used together since this combination needlessly duplicates the validation failure both in the API response body and the HTTP warning headers.\n\nRequired.",
 }
@@ -159,6 +161,7 @@ var map_ValidatingAdmissionPolicySpec = map[string]string{
 	"failurePolicy":    "failurePolicy defines how to handle failures for the admission policy. Failures can occur from CEL expression parse errors, type check errors, runtime errors and invalid or mis-configured policy definitions or bindings.\n\nA policy is invalid if spec.paramKind refers to a non-existent Kind. A binding is invalid if spec.paramRef.name refers to a non-existent resource.\n\nfailurePolicy does not define how validations that evaluate to false are handled.\n\nWhen failurePolicy is set to Fail, ValidatingAdmissionPolicyBinding validationActions define how failures are enforced.\n\nAllowed values are Ignore or Fail. Defaults to Fail.",
 	"auditAnnotations": "auditAnnotations contains CEL expressions which are used to produce audit annotations for the audit event of the API request. validations and auditAnnotations may not both be empty; a least one of validations or auditAnnotations is required.",
 	"matchConditions":  "MatchConditions is a list of conditions that must be met for a request to be validated. Match conditions filter requests that have already been matched by the rules, namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests. There are a maximum of 64 match conditions allowed.\n\nIf a parameter object is provided, it can be accessed via the `params` handle in the same manner as validation expressions.\n\nThe exact matching logic is (in order):\n  1. If ANY matchCondition evaluates to FALSE, the policy is skipped.\n  2. If ALL matchConditions evaluate to TRUE, the policy is evaluated.\n  3. If any matchCondition evaluates to an error (but none are FALSE):\n     - If failurePolicy=Fail, reject the request\n     - If failurePolicy=Ignore, the policy is skipped",
+	"variables":        "Variables contain definitions of variables that can be used in composition of other expressions. Each variable is defined as a named CEL expression. The variables defined here will be available under `variables` in other expressions of the policy except MatchConditions because MatchConditions are evaluated before the rest of the policy.\n\nThe expression of a variable can refer to other variables defined earlier in the list but not those after. Thus, Variables must be sorted by the order of first appearance and acyclic.",
 }
 
 func (ValidatingAdmissionPolicySpec) SwaggerDoc() map[string]string {
@@ -178,7 +181,7 @@ func (ValidatingAdmissionPolicyStatus) SwaggerDoc() map[string]string {
 
 var map_Validation = map[string]string{
 	"":                  "Validation specifies the CEL expression which is used to apply the validation.",
-	"expression":        "Expression represents the expression which will be evaluated by CEL. ref: https://github.com/google/cel-spec CEL expressions have access to the contents of the API request/response, organized into CEL variables as well as some other useful variables:\n\n- 'object' - The object from the incoming request. The value is null for DELETE requests. - 'oldObject' - The existing object. The value is null for CREATE requests. - 'request' - Attributes of the API request([ref](/pkg/apis/admission/types.go#AdmissionRequest)). - 'params' - Parameter resource referred to by the policy binding being evaluated. Only populated if the policy has a ParamKind. - 'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request.\n  See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz\n- 'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the\n  request resource.\n\nThe `apiVersion`, `kind`, `metadata.name` and `metadata.generateName` are always accessible from the root of the object. No other metadata properties are accessible.\n\nOnly property names of the form `[a-zA-Z_.-/][a-zA-Z0-9_.-/]*` are accessible. Accessible property names are escaped according to the following rules when accessed in the expression: - '__' escapes to '__underscores__' - '.' escapes to '__dot__' - '-' escapes to '__dash__' - '/' escapes to '__slash__' - Property names that exactly match a CEL RESERVED keyword escape to '__{keyword}__'. The keywords are:\n\t  \"true\", \"false\", \"null\", \"in\", \"as\", \"break\", \"const\", \"continue\", \"else\", \"for\", \"function\", \"if\",\n\t  \"import\", \"let\", \"loop\", \"package\", \"namespace\", \"return\".\nExamples:\n  - Expression accessing a property named \"namespace\": {\"Expression\": \"object.__namespace__ > 0\"}\n  - Expression accessing a property named \"x-prop\": {\"Expression\": \"object.x__dash__prop > 0\"}\n  - Expression accessing a property named \"redact__d\": {\"Expression\": \"object.redact__underscores__d > 0\"}\n\nEquality on arrays with list type of 'set' or 'map' ignores element order, i.e. [1, 2] == [2, 1]. Concatenation on arrays with x-kubernetes-list-type use the semantics of the list type:\n  - 'set': `X + Y` performs a union where the array positions of all elements in `X` are preserved and\n    non-intersecting elements in `Y` are appended, retaining their partial order.\n  - 'map': `X + Y` performs a merge where the array positions of all keys in `X` are preserved but the values\n    are overwritten by values in `Y` when the key sets of `X` and `Y` intersect. Elements in `Y` with\n    non-intersecting keys are appended, retaining their partial order.\nRequired.",
+	"expression":        "Expression represents the expression which will be evaluated by CEL. ref: https://github.com/google/cel-spec CEL expressions have access to the contents of the API request/response, organized into CEL variables as well as some other useful variables:\n\n- 'object' - The object from the incoming request. The value is null for DELETE requests. - 'oldObject' - The existing object. The value is null for CREATE requests. - 'request' - Attributes of the API request([ref](/pkg/apis/admission/types.go#AdmissionRequest)). - 'params' - Parameter resource referred to by the policy binding being evaluated. Only populated if the policy has a ParamKind. - 'namespaceObject' - The namespace object that the incoming object belongs to. The value is null for cluster-scoped resources. - 'variables' - Map of composited variables, from its name to its lazily evaluated value.\n  For example, a variable named 'foo' can be accessed as 'variables.foo'.\n- 'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request.\n  See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz\n- 'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the\n  request resource.\n\nThe `apiVersion`, `kind`, `metadata.name` and `metadata.generateName` are always accessible from the root of the object. No other metadata properties are accessible.\n\nOnly property names of the form `[a-zA-Z_.-/][a-zA-Z0-9_.-/]*` are accessible. Accessible property names are escaped according to the following rules when accessed in the expression: - '__' escapes to '__underscores__' - '.' escapes to '__dot__' - '-' escapes to '__dash__' - '/' escapes to '__slash__' - Property names that exactly match a CEL RESERVED keyword escape to '__{keyword}__'. The keywords are:\n\t  \"true\", \"false\", \"null\", \"in\", \"as\", \"break\", \"const\", \"continue\", \"else\", \"for\", \"function\", \"if\",\n\t  \"import\", \"let\", \"loop\", \"package\", \"namespace\", \"return\".\nExamples:\n  - Expression accessing a property named \"namespace\": {\"Expression\": \"object.__namespace__ > 0\"}\n  - Expression accessing a property named \"x-prop\": {\"Expression\": \"object.x__dash__prop > 0\"}\n  - Expression accessing a property named \"redact__d\": {\"Expression\": \"object.redact__underscores__d > 0\"}\n\nEquality on arrays with list type of 'set' or 'map' ignores element order, i.e. [1, 2] == [2, 1]. Concatenation on arrays with x-kubernetes-list-type use the semantics of the list type:\n  - 'set': `X + Y` performs a union where the array positions of all elements in `X` are preserved and\n    non-intersecting elements in `Y` are appended, retaining their partial order.\n  - 'map': `X + Y` performs a merge where the array positions of all keys in `X` are preserved but the values\n    are overwritten by values in `Y` when the key sets of `X` and `Y` intersect. Elements in `Y` with\n    non-intersecting keys are appended, retaining their partial order.\nRequired.",
 	"message":           "Message represents the message displayed when validation fails. The message is required if the Expression contains line breaks. The message must not contain line breaks. If unset, the message is \"failed rule: {Rule}\". e.g. \"must be a URL with the host matching spec.host\" If the Expression contains line breaks. Message is required. The message must not contain line breaks. If unset, the message is \"failed Expression: {Expression}\".",
 	"reason":            "Reason represents a machine-readable description of why this validation failed. If this is the first validation in the list to fail, this reason, as well as the corresponding HTTP response code, are used in the HTTP response to the client. The currently supported reasons are: \"Unauthorized\", \"Forbidden\", \"Invalid\", \"RequestEntityTooLarge\". If not set, StatusReasonInvalid is used in the response to the client.",
 	"messageExpression": "messageExpression declares a CEL expression that evaluates to the validation failure message that is returned when this rule fails. Since messageExpression is used as a failure message, it must evaluate to a string. If both message and messageExpression are present on a validation, then messageExpression will be used if validation fails. If messageExpression results in a runtime error, the runtime error is logged, and the validation failure message is produced as if the messageExpression field were unset. If messageExpression evaluates to an empty string, a string with only spaces, or a string that contains line breaks, then the validation failure message will also be produced as if the messageExpression field were unset, and the fact that messageExpression produced an empty string/string with only spaces/string with line breaks will be logged. messageExpression has access to all the same variables as the `expression` except for 'authorizer' and 'authorizer.requestResource'. Example: \"object.x must be less than max (\"+string(params.max)+\")\"",
@@ -188,4 +191,14 @@ func (Validation) SwaggerDoc() map[string]string {
 	return map_Validation
 }
 
+var map_Variable = map[string]string{
+	"":           "Variable is the definition of a variable that is used for composition.",
+	"name":       "Name is the name of the variable. The name must be a valid CEL identifier and unique among all variables. The variable can be accessed in other expressions through `variables` For example, if name is \"foo\", the variable will be available as `variables.foo`",
+	"expression": "Expression is the expression that will be evaluated as the value of the variable. The CEL expression has access to the same identifiers as the CEL expressions in Validation.",
+}
+
+func (Variable) SwaggerDoc() map[string]string {
+	return map_Variable
+}
+
 // AUTO-GENERATED FUNCTIONS END HERE
diff --git a/vendor/k8s.io/api/admissionregistration/v1alpha1/zz_generated.deepcopy.go b/vendor/k8s.io/api/admissionregistration/v1alpha1/zz_generated.deepcopy.go
index 8e4abfd08..24cd0e4e9 100644
--- a/vendor/k8s.io/api/admissionregistration/v1alpha1/zz_generated.deepcopy.go
+++ b/vendor/k8s.io/api/admissionregistration/v1alpha1/zz_generated.deepcopy.go
@@ -160,6 +160,16 @@ func (in *ParamKind) DeepCopy() *ParamKind {
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *ParamRef) DeepCopyInto(out *ParamRef) {
 	*out = *in
+	if in.Selector != nil {
+		in, out := &in.Selector, &out.Selector
+		*out = new(v1.LabelSelector)
+		(*in).DeepCopyInto(*out)
+	}
+	if in.ParameterNotFoundAction != nil {
+		in, out := &in.ParameterNotFoundAction, &out.ParameterNotFoundAction
+		*out = new(ParameterNotFoundActionType)
+		**out = **in
+	}
 	return
 }
 
@@ -288,7 +298,7 @@ func (in *ValidatingAdmissionPolicyBindingSpec) DeepCopyInto(out *ValidatingAdmi
 	if in.ParamRef != nil {
 		in, out := &in.ParamRef, &out.ParamRef
 		*out = new(ParamRef)
-		**out = **in
+		(*in).DeepCopyInto(*out)
 	}
 	if in.MatchResources != nil {
 		in, out := &in.MatchResources, &out.MatchResources
@@ -381,6 +391,11 @@ func (in *ValidatingAdmissionPolicySpec) DeepCopyInto(out *ValidatingAdmissionPo
 		*out = make([]MatchCondition, len(*in))
 		copy(*out, *in)
 	}
+	if in.Variables != nil {
+		in, out := &in.Variables, &out.Variables
+		*out = make([]Variable, len(*in))
+		copy(*out, *in)
+	}
 	return
 }
 
@@ -442,3 +457,19 @@ func (in *Validation) DeepCopy() *Validation {
 	in.DeepCopyInto(out)
 	return out
 }
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *Variable) DeepCopyInto(out *Variable) {
+	*out = *in
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Variable.
+func (in *Variable) DeepCopy() *Variable {
+	if in == nil {
+		return nil
+	}
+	out := new(Variable)
+	in.DeepCopyInto(out)
+	return out
+}
diff --git a/vendor/k8s.io/api/admissionregistration/v1beta1/generated.pb.go b/vendor/k8s.io/api/admissionregistration/v1beta1/generated.pb.go
index 8fb354c31..267ddc1cb 100644
--- a/vendor/k8s.io/api/admissionregistration/v1beta1/generated.pb.go
+++ b/vendor/k8s.io/api/admissionregistration/v1beta1/generated.pb.go
@@ -25,8 +25,9 @@ import (
 	io "io"
 
 	proto "github.com/gogo/protobuf/proto"
-	v1 "k8s.io/api/admissionregistration/v1"
-	v11 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	v11 "k8s.io/api/admissionregistration/v1"
+	k8s_io_apimachinery_pkg_apis_meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 
 	math "math"
 	math_bits "math/bits"
@@ -45,10 +46,66 @@ var _ = math.Inf
 // proto package needs to be updated.
 const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package
 
+func (m *AuditAnnotation) Reset()      { *m = AuditAnnotation{} }
+func (*AuditAnnotation) ProtoMessage() {}
+func (*AuditAnnotation) Descriptor() ([]byte, []int) {
+	return fileDescriptor_abeea74cbc46f55a, []int{0}
+}
+func (m *AuditAnnotation) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *AuditAnnotation) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	b = b[:cap(b)]
+	n, err := m.MarshalToSizedBuffer(b)
+	if err != nil {
+		return nil, err
+	}
+	return b[:n], nil
+}
+func (m *AuditAnnotation) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_AuditAnnotation.Merge(m, src)
+}
+func (m *AuditAnnotation) XXX_Size() int {
+	return m.Size()
+}
+func (m *AuditAnnotation) XXX_DiscardUnknown() {
+	xxx_messageInfo_AuditAnnotation.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_AuditAnnotation proto.InternalMessageInfo
+
+func (m *ExpressionWarning) Reset()      { *m = ExpressionWarning{} }
+func (*ExpressionWarning) ProtoMessage() {}
+func (*ExpressionWarning) Descriptor() ([]byte, []int) {
+	return fileDescriptor_abeea74cbc46f55a, []int{1}
+}
+func (m *ExpressionWarning) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ExpressionWarning) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	b = b[:cap(b)]
+	n, err := m.MarshalToSizedBuffer(b)
+	if err != nil {
+		return nil, err
+	}
+	return b[:n], nil
+}
+func (m *ExpressionWarning) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ExpressionWarning.Merge(m, src)
+}
+func (m *ExpressionWarning) XXX_Size() int {
+	return m.Size()
+}
+func (m *ExpressionWarning) XXX_DiscardUnknown() {
+	xxx_messageInfo_ExpressionWarning.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_ExpressionWarning proto.InternalMessageInfo
+
 func (m *MatchCondition) Reset()      { *m = MatchCondition{} }
 func (*MatchCondition) ProtoMessage() {}
 func (*MatchCondition) Descriptor() ([]byte, []int) {
-	return fileDescriptor_abeea74cbc46f55a, []int{0}
+	return fileDescriptor_abeea74cbc46f55a, []int{2}
 }
 func (m *MatchCondition) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -73,10 +130,38 @@ func (m *MatchCondition) XXX_DiscardUnknown() {
 
 var xxx_messageInfo_MatchCondition proto.InternalMessageInfo
 
+func (m *MatchResources) Reset()      { *m = MatchResources{} }
+func (*MatchResources) ProtoMessage() {}
+func (*MatchResources) Descriptor() ([]byte, []int) {
+	return fileDescriptor_abeea74cbc46f55a, []int{3}
+}
+func (m *MatchResources) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *MatchResources) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	b = b[:cap(b)]
+	n, err := m.MarshalToSizedBuffer(b)
+	if err != nil {
+		return nil, err
+	}
+	return b[:n], nil
+}
+func (m *MatchResources) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_MatchResources.Merge(m, src)
+}
+func (m *MatchResources) XXX_Size() int {
+	return m.Size()
+}
+func (m *MatchResources) XXX_DiscardUnknown() {
+	xxx_messageInfo_MatchResources.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_MatchResources proto.InternalMessageInfo
+
 func (m *MutatingWebhook) Reset()      { *m = MutatingWebhook{} }
 func (*MutatingWebhook) ProtoMessage() {}
 func (*MutatingWebhook) Descriptor() ([]byte, []int) {
-	return fileDescriptor_abeea74cbc46f55a, []int{1}
+	return fileDescriptor_abeea74cbc46f55a, []int{4}
 }
 func (m *MutatingWebhook) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -104,7 +189,7 @@ var xxx_messageInfo_MutatingWebhook proto.InternalMessageInfo
 func (m *MutatingWebhookConfiguration) Reset()      { *m = MutatingWebhookConfiguration{} }
 func (*MutatingWebhookConfiguration) ProtoMessage() {}
 func (*MutatingWebhookConfiguration) Descriptor() ([]byte, []int) {
-	return fileDescriptor_abeea74cbc46f55a, []int{2}
+	return fileDescriptor_abeea74cbc46f55a, []int{5}
 }
 func (m *MutatingWebhookConfiguration) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -132,7 +217,7 @@ var xxx_messageInfo_MutatingWebhookConfiguration proto.InternalMessageInfo
 func (m *MutatingWebhookConfigurationList) Reset()      { *m = MutatingWebhookConfigurationList{} }
 func (*MutatingWebhookConfigurationList) ProtoMessage() {}
 func (*MutatingWebhookConfigurationList) Descriptor() ([]byte, []int) {
-	return fileDescriptor_abeea74cbc46f55a, []int{3}
+	return fileDescriptor_abeea74cbc46f55a, []int{6}
 }
 func (m *MutatingWebhookConfigurationList) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -157,10 +242,94 @@ func (m *MutatingWebhookConfigurationList) XXX_DiscardUnknown() {
 
 var xxx_messageInfo_MutatingWebhookConfigurationList proto.InternalMessageInfo
 
+func (m *NamedRuleWithOperations) Reset()      { *m = NamedRuleWithOperations{} }
+func (*NamedRuleWithOperations) ProtoMessage() {}
+func (*NamedRuleWithOperations) Descriptor() ([]byte, []int) {
+	return fileDescriptor_abeea74cbc46f55a, []int{7}
+}
+func (m *NamedRuleWithOperations) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *NamedRuleWithOperations) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	b = b[:cap(b)]
+	n, err := m.MarshalToSizedBuffer(b)
+	if err != nil {
+		return nil, err
+	}
+	return b[:n], nil
+}
+func (m *NamedRuleWithOperations) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_NamedRuleWithOperations.Merge(m, src)
+}
+func (m *NamedRuleWithOperations) XXX_Size() int {
+	return m.Size()
+}
+func (m *NamedRuleWithOperations) XXX_DiscardUnknown() {
+	xxx_messageInfo_NamedRuleWithOperations.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_NamedRuleWithOperations proto.InternalMessageInfo
+
+func (m *ParamKind) Reset()      { *m = ParamKind{} }
+func (*ParamKind) ProtoMessage() {}
+func (*ParamKind) Descriptor() ([]byte, []int) {
+	return fileDescriptor_abeea74cbc46f55a, []int{8}
+}
+func (m *ParamKind) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ParamKind) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	b = b[:cap(b)]
+	n, err := m.MarshalToSizedBuffer(b)
+	if err != nil {
+		return nil, err
+	}
+	return b[:n], nil
+}
+func (m *ParamKind) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ParamKind.Merge(m, src)
+}
+func (m *ParamKind) XXX_Size() int {
+	return m.Size()
+}
+func (m *ParamKind) XXX_DiscardUnknown() {
+	xxx_messageInfo_ParamKind.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_ParamKind proto.InternalMessageInfo
+
+func (m *ParamRef) Reset()      { *m = ParamRef{} }
+func (*ParamRef) ProtoMessage() {}
+func (*ParamRef) Descriptor() ([]byte, []int) {
+	return fileDescriptor_abeea74cbc46f55a, []int{9}
+}
+func (m *ParamRef) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ParamRef) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	b = b[:cap(b)]
+	n, err := m.MarshalToSizedBuffer(b)
+	if err != nil {
+		return nil, err
+	}
+	return b[:n], nil
+}
+func (m *ParamRef) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ParamRef.Merge(m, src)
+}
+func (m *ParamRef) XXX_Size() int {
+	return m.Size()
+}
+func (m *ParamRef) XXX_DiscardUnknown() {
+	xxx_messageInfo_ParamRef.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_ParamRef proto.InternalMessageInfo
+
 func (m *ServiceReference) Reset()      { *m = ServiceReference{} }
 func (*ServiceReference) ProtoMessage() {}
 func (*ServiceReference) Descriptor() ([]byte, []int) {
-	return fileDescriptor_abeea74cbc46f55a, []int{4}
+	return fileDescriptor_abeea74cbc46f55a, []int{10}
 }
 func (m *ServiceReference) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -185,10 +354,234 @@ func (m *ServiceReference) XXX_DiscardUnknown() {
 
 var xxx_messageInfo_ServiceReference proto.InternalMessageInfo
 
+func (m *TypeChecking) Reset()      { *m = TypeChecking{} }
+func (*TypeChecking) ProtoMessage() {}
+func (*TypeChecking) Descriptor() ([]byte, []int) {
+	return fileDescriptor_abeea74cbc46f55a, []int{11}
+}
+func (m *TypeChecking) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *TypeChecking) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	b = b[:cap(b)]
+	n, err := m.MarshalToSizedBuffer(b)
+	if err != nil {
+		return nil, err
+	}
+	return b[:n], nil
+}
+func (m *TypeChecking) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_TypeChecking.Merge(m, src)
+}
+func (m *TypeChecking) XXX_Size() int {
+	return m.Size()
+}
+func (m *TypeChecking) XXX_DiscardUnknown() {
+	xxx_messageInfo_TypeChecking.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_TypeChecking proto.InternalMessageInfo
+
+func (m *ValidatingAdmissionPolicy) Reset()      { *m = ValidatingAdmissionPolicy{} }
+func (*ValidatingAdmissionPolicy) ProtoMessage() {}
+func (*ValidatingAdmissionPolicy) Descriptor() ([]byte, []int) {
+	return fileDescriptor_abeea74cbc46f55a, []int{12}
+}
+func (m *ValidatingAdmissionPolicy) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ValidatingAdmissionPolicy) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	b = b[:cap(b)]
+	n, err := m.MarshalToSizedBuffer(b)
+	if err != nil {
+		return nil, err
+	}
+	return b[:n], nil
+}
+func (m *ValidatingAdmissionPolicy) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ValidatingAdmissionPolicy.Merge(m, src)
+}
+func (m *ValidatingAdmissionPolicy) XXX_Size() int {
+	return m.Size()
+}
+func (m *ValidatingAdmissionPolicy) XXX_DiscardUnknown() {
+	xxx_messageInfo_ValidatingAdmissionPolicy.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_ValidatingAdmissionPolicy proto.InternalMessageInfo
+
+func (m *ValidatingAdmissionPolicyBinding) Reset()      { *m = ValidatingAdmissionPolicyBinding{} }
+func (*ValidatingAdmissionPolicyBinding) ProtoMessage() {}
+func (*ValidatingAdmissionPolicyBinding) Descriptor() ([]byte, []int) {
+	return fileDescriptor_abeea74cbc46f55a, []int{13}
+}
+func (m *ValidatingAdmissionPolicyBinding) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ValidatingAdmissionPolicyBinding) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	b = b[:cap(b)]
+	n, err := m.MarshalToSizedBuffer(b)
+	if err != nil {
+		return nil, err
+	}
+	return b[:n], nil
+}
+func (m *ValidatingAdmissionPolicyBinding) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ValidatingAdmissionPolicyBinding.Merge(m, src)
+}
+func (m *ValidatingAdmissionPolicyBinding) XXX_Size() int {
+	return m.Size()
+}
+func (m *ValidatingAdmissionPolicyBinding) XXX_DiscardUnknown() {
+	xxx_messageInfo_ValidatingAdmissionPolicyBinding.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_ValidatingAdmissionPolicyBinding proto.InternalMessageInfo
+
+func (m *ValidatingAdmissionPolicyBindingList) Reset()      { *m = ValidatingAdmissionPolicyBindingList{} }
+func (*ValidatingAdmissionPolicyBindingList) ProtoMessage() {}
+func (*ValidatingAdmissionPolicyBindingList) Descriptor() ([]byte, []int) {
+	return fileDescriptor_abeea74cbc46f55a, []int{14}
+}
+func (m *ValidatingAdmissionPolicyBindingList) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ValidatingAdmissionPolicyBindingList) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	b = b[:cap(b)]
+	n, err := m.MarshalToSizedBuffer(b)
+	if err != nil {
+		return nil, err
+	}
+	return b[:n], nil
+}
+func (m *ValidatingAdmissionPolicyBindingList) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ValidatingAdmissionPolicyBindingList.Merge(m, src)
+}
+func (m *ValidatingAdmissionPolicyBindingList) XXX_Size() int {
+	return m.Size()
+}
+func (m *ValidatingAdmissionPolicyBindingList) XXX_DiscardUnknown() {
+	xxx_messageInfo_ValidatingAdmissionPolicyBindingList.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_ValidatingAdmissionPolicyBindingList proto.InternalMessageInfo
+
+func (m *ValidatingAdmissionPolicyBindingSpec) Reset()      { *m = ValidatingAdmissionPolicyBindingSpec{} }
+func (*ValidatingAdmissionPolicyBindingSpec) ProtoMessage() {}
+func (*ValidatingAdmissionPolicyBindingSpec) Descriptor() ([]byte, []int) {
+	return fileDescriptor_abeea74cbc46f55a, []int{15}
+}
+func (m *ValidatingAdmissionPolicyBindingSpec) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ValidatingAdmissionPolicyBindingSpec) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	b = b[:cap(b)]
+	n, err := m.MarshalToSizedBuffer(b)
+	if err != nil {
+		return nil, err
+	}
+	return b[:n], nil
+}
+func (m *ValidatingAdmissionPolicyBindingSpec) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ValidatingAdmissionPolicyBindingSpec.Merge(m, src)
+}
+func (m *ValidatingAdmissionPolicyBindingSpec) XXX_Size() int {
+	return m.Size()
+}
+func (m *ValidatingAdmissionPolicyBindingSpec) XXX_DiscardUnknown() {
+	xxx_messageInfo_ValidatingAdmissionPolicyBindingSpec.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_ValidatingAdmissionPolicyBindingSpec proto.InternalMessageInfo
+
+func (m *ValidatingAdmissionPolicyList) Reset()      { *m = ValidatingAdmissionPolicyList{} }
+func (*ValidatingAdmissionPolicyList) ProtoMessage() {}
+func (*ValidatingAdmissionPolicyList) Descriptor() ([]byte, []int) {
+	return fileDescriptor_abeea74cbc46f55a, []int{16}
+}
+func (m *ValidatingAdmissionPolicyList) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ValidatingAdmissionPolicyList) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	b = b[:cap(b)]
+	n, err := m.MarshalToSizedBuffer(b)
+	if err != nil {
+		return nil, err
+	}
+	return b[:n], nil
+}
+func (m *ValidatingAdmissionPolicyList) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ValidatingAdmissionPolicyList.Merge(m, src)
+}
+func (m *ValidatingAdmissionPolicyList) XXX_Size() int {
+	return m.Size()
+}
+func (m *ValidatingAdmissionPolicyList) XXX_DiscardUnknown() {
+	xxx_messageInfo_ValidatingAdmissionPolicyList.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_ValidatingAdmissionPolicyList proto.InternalMessageInfo
+
+func (m *ValidatingAdmissionPolicySpec) Reset()      { *m = ValidatingAdmissionPolicySpec{} }
+func (*ValidatingAdmissionPolicySpec) ProtoMessage() {}
+func (*ValidatingAdmissionPolicySpec) Descriptor() ([]byte, []int) {
+	return fileDescriptor_abeea74cbc46f55a, []int{17}
+}
+func (m *ValidatingAdmissionPolicySpec) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ValidatingAdmissionPolicySpec) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	b = b[:cap(b)]
+	n, err := m.MarshalToSizedBuffer(b)
+	if err != nil {
+		return nil, err
+	}
+	return b[:n], nil
+}
+func (m *ValidatingAdmissionPolicySpec) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ValidatingAdmissionPolicySpec.Merge(m, src)
+}
+func (m *ValidatingAdmissionPolicySpec) XXX_Size() int {
+	return m.Size()
+}
+func (m *ValidatingAdmissionPolicySpec) XXX_DiscardUnknown() {
+	xxx_messageInfo_ValidatingAdmissionPolicySpec.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_ValidatingAdmissionPolicySpec proto.InternalMessageInfo
+
+func (m *ValidatingAdmissionPolicyStatus) Reset()      { *m = ValidatingAdmissionPolicyStatus{} }
+func (*ValidatingAdmissionPolicyStatus) ProtoMessage() {}
+func (*ValidatingAdmissionPolicyStatus) Descriptor() ([]byte, []int) {
+	return fileDescriptor_abeea74cbc46f55a, []int{18}
+}
+func (m *ValidatingAdmissionPolicyStatus) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ValidatingAdmissionPolicyStatus) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	b = b[:cap(b)]
+	n, err := m.MarshalToSizedBuffer(b)
+	if err != nil {
+		return nil, err
+	}
+	return b[:n], nil
+}
+func (m *ValidatingAdmissionPolicyStatus) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ValidatingAdmissionPolicyStatus.Merge(m, src)
+}
+func (m *ValidatingAdmissionPolicyStatus) XXX_Size() int {
+	return m.Size()
+}
+func (m *ValidatingAdmissionPolicyStatus) XXX_DiscardUnknown() {
+	xxx_messageInfo_ValidatingAdmissionPolicyStatus.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_ValidatingAdmissionPolicyStatus proto.InternalMessageInfo
+
 func (m *ValidatingWebhook) Reset()      { *m = ValidatingWebhook{} }
 func (*ValidatingWebhook) ProtoMessage() {}
 func (*ValidatingWebhook) Descriptor() ([]byte, []int) {
-	return fileDescriptor_abeea74cbc46f55a, []int{5}
+	return fileDescriptor_abeea74cbc46f55a, []int{19}
 }
 func (m *ValidatingWebhook) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -216,7 +609,7 @@ var xxx_messageInfo_ValidatingWebhook proto.InternalMessageInfo
 func (m *ValidatingWebhookConfiguration) Reset()      { *m = ValidatingWebhookConfiguration{} }
 func (*ValidatingWebhookConfiguration) ProtoMessage() {}
 func (*ValidatingWebhookConfiguration) Descriptor() ([]byte, []int) {
-	return fileDescriptor_abeea74cbc46f55a, []int{6}
+	return fileDescriptor_abeea74cbc46f55a, []int{20}
 }
 func (m *ValidatingWebhookConfiguration) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -244,7 +637,7 @@ var xxx_messageInfo_ValidatingWebhookConfiguration proto.InternalMessageInfo
 func (m *ValidatingWebhookConfigurationList) Reset()      { *m = ValidatingWebhookConfigurationList{} }
 func (*ValidatingWebhookConfigurationList) ProtoMessage() {}
 func (*ValidatingWebhookConfigurationList) Descriptor() ([]byte, []int) {
-	return fileDescriptor_abeea74cbc46f55a, []int{7}
+	return fileDescriptor_abeea74cbc46f55a, []int{21}
 }
 func (m *ValidatingWebhookConfigurationList) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -269,15 +662,15 @@ func (m *ValidatingWebhookConfigurationList) XXX_DiscardUnknown() {
 
 var xxx_messageInfo_ValidatingWebhookConfigurationList proto.InternalMessageInfo
 
-func (m *WebhookClientConfig) Reset()      { *m = WebhookClientConfig{} }
-func (*WebhookClientConfig) ProtoMessage() {}
-func (*WebhookClientConfig) Descriptor() ([]byte, []int) {
-	return fileDescriptor_abeea74cbc46f55a, []int{8}
+func (m *Validation) Reset()      { *m = Validation{} }
+func (*Validation) ProtoMessage() {}
+func (*Validation) Descriptor() ([]byte, []int) {
+	return fileDescriptor_abeea74cbc46f55a, []int{22}
 }
-func (m *WebhookClientConfig) XXX_Unmarshal(b []byte) error {
+func (m *Validation) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
 }
-func (m *WebhookClientConfig) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+func (m *Validation) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
 	b = b[:cap(b)]
 	n, err := m.MarshalToSizedBuffer(b)
 	if err != nil {
@@ -285,27 +678,99 @@ func (m *WebhookClientConfig) XXX_Marshal(b []byte, deterministic bool) ([]byte,
 	}
 	return b[:n], nil
 }
-func (m *WebhookClientConfig) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_WebhookClientConfig.Merge(m, src)
+func (m *Validation) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Validation.Merge(m, src)
 }
-func (m *WebhookClientConfig) XXX_Size() int {
+func (m *Validation) XXX_Size() int {
 	return m.Size()
 }
-func (m *WebhookClientConfig) XXX_DiscardUnknown() {
-	xxx_messageInfo_WebhookClientConfig.DiscardUnknown(m)
+func (m *Validation) XXX_DiscardUnknown() {
+	xxx_messageInfo_Validation.DiscardUnknown(m)
 }
 
-var xxx_messageInfo_WebhookClientConfig proto.InternalMessageInfo
+var xxx_messageInfo_Validation proto.InternalMessageInfo
 
-func init() {
-	proto.RegisterType((*MatchCondition)(nil), "k8s.io.api.admissionregistration.v1beta1.MatchCondition")
-	proto.RegisterType((*MutatingWebhook)(nil), "k8s.io.api.admissionregistration.v1beta1.MutatingWebhook")
+func (m *Variable) Reset()      { *m = Variable{} }
+func (*Variable) ProtoMessage() {}
+func (*Variable) Descriptor() ([]byte, []int) {
+	return fileDescriptor_abeea74cbc46f55a, []int{23}
+}
+func (m *Variable) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *Variable) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	b = b[:cap(b)]
+	n, err := m.MarshalToSizedBuffer(b)
+	if err != nil {
+		return nil, err
+	}
+	return b[:n], nil
+}
+func (m *Variable) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Variable.Merge(m, src)
+}
+func (m *Variable) XXX_Size() int {
+	return m.Size()
+}
+func (m *Variable) XXX_DiscardUnknown() {
+	xxx_messageInfo_Variable.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_Variable proto.InternalMessageInfo
+
+func (m *WebhookClientConfig) Reset()      { *m = WebhookClientConfig{} }
+func (*WebhookClientConfig) ProtoMessage() {}
+func (*WebhookClientConfig) Descriptor() ([]byte, []int) {
+	return fileDescriptor_abeea74cbc46f55a, []int{24}
+}
+func (m *WebhookClientConfig) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *WebhookClientConfig) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	b = b[:cap(b)]
+	n, err := m.MarshalToSizedBuffer(b)
+	if err != nil {
+		return nil, err
+	}
+	return b[:n], nil
+}
+func (m *WebhookClientConfig) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_WebhookClientConfig.Merge(m, src)
+}
+func (m *WebhookClientConfig) XXX_Size() int {
+	return m.Size()
+}
+func (m *WebhookClientConfig) XXX_DiscardUnknown() {
+	xxx_messageInfo_WebhookClientConfig.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_WebhookClientConfig proto.InternalMessageInfo
+
+func init() {
+	proto.RegisterType((*AuditAnnotation)(nil), "k8s.io.api.admissionregistration.v1beta1.AuditAnnotation")
+	proto.RegisterType((*ExpressionWarning)(nil), "k8s.io.api.admissionregistration.v1beta1.ExpressionWarning")
+	proto.RegisterType((*MatchCondition)(nil), "k8s.io.api.admissionregistration.v1beta1.MatchCondition")
+	proto.RegisterType((*MatchResources)(nil), "k8s.io.api.admissionregistration.v1beta1.MatchResources")
+	proto.RegisterType((*MutatingWebhook)(nil), "k8s.io.api.admissionregistration.v1beta1.MutatingWebhook")
 	proto.RegisterType((*MutatingWebhookConfiguration)(nil), "k8s.io.api.admissionregistration.v1beta1.MutatingWebhookConfiguration")
 	proto.RegisterType((*MutatingWebhookConfigurationList)(nil), "k8s.io.api.admissionregistration.v1beta1.MutatingWebhookConfigurationList")
+	proto.RegisterType((*NamedRuleWithOperations)(nil), "k8s.io.api.admissionregistration.v1beta1.NamedRuleWithOperations")
+	proto.RegisterType((*ParamKind)(nil), "k8s.io.api.admissionregistration.v1beta1.ParamKind")
+	proto.RegisterType((*ParamRef)(nil), "k8s.io.api.admissionregistration.v1beta1.ParamRef")
 	proto.RegisterType((*ServiceReference)(nil), "k8s.io.api.admissionregistration.v1beta1.ServiceReference")
+	proto.RegisterType((*TypeChecking)(nil), "k8s.io.api.admissionregistration.v1beta1.TypeChecking")
+	proto.RegisterType((*ValidatingAdmissionPolicy)(nil), "k8s.io.api.admissionregistration.v1beta1.ValidatingAdmissionPolicy")
+	proto.RegisterType((*ValidatingAdmissionPolicyBinding)(nil), "k8s.io.api.admissionregistration.v1beta1.ValidatingAdmissionPolicyBinding")
+	proto.RegisterType((*ValidatingAdmissionPolicyBindingList)(nil), "k8s.io.api.admissionregistration.v1beta1.ValidatingAdmissionPolicyBindingList")
+	proto.RegisterType((*ValidatingAdmissionPolicyBindingSpec)(nil), "k8s.io.api.admissionregistration.v1beta1.ValidatingAdmissionPolicyBindingSpec")
+	proto.RegisterType((*ValidatingAdmissionPolicyList)(nil), "k8s.io.api.admissionregistration.v1beta1.ValidatingAdmissionPolicyList")
+	proto.RegisterType((*ValidatingAdmissionPolicySpec)(nil), "k8s.io.api.admissionregistration.v1beta1.ValidatingAdmissionPolicySpec")
+	proto.RegisterType((*ValidatingAdmissionPolicyStatus)(nil), "k8s.io.api.admissionregistration.v1beta1.ValidatingAdmissionPolicyStatus")
 	proto.RegisterType((*ValidatingWebhook)(nil), "k8s.io.api.admissionregistration.v1beta1.ValidatingWebhook")
 	proto.RegisterType((*ValidatingWebhookConfiguration)(nil), "k8s.io.api.admissionregistration.v1beta1.ValidatingWebhookConfiguration")
 	proto.RegisterType((*ValidatingWebhookConfigurationList)(nil), "k8s.io.api.admissionregistration.v1beta1.ValidatingWebhookConfigurationList")
+	proto.RegisterType((*Validation)(nil), "k8s.io.api.admissionregistration.v1beta1.Validation")
+	proto.RegisterType((*Variable)(nil), "k8s.io.api.admissionregistration.v1beta1.Variable")
 	proto.RegisterType((*WebhookClientConfig)(nil), "k8s.io.api.admissionregistration.v1beta1.WebhookClientConfig")
 }
 
@@ -314,73 +779,197 @@ func init() {
 }
 
 var fileDescriptor_abeea74cbc46f55a = []byte{
-	// 1041 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xec, 0x57, 0x4f, 0x73, 0xdb, 0xc4,
-	0x1b, 0x8e, 0xe2, 0xf8, 0x17, 0x67, 0xed, 0x24, 0xcd, 0xfe, 0x80, 0x88, 0xd0, 0xb1, 0x3c, 0x3e,
-	0x30, 0xbe, 0x20, 0xb5, 0x29, 0x03, 0xa5, 0x0c, 0x87, 0x2a, 0xb4, 0x03, 0x33, 0x49, 0x5a, 0x36,
-	0xfd, 0x33, 0x03, 0x65, 0xa6, 0x6b, 0xf9, 0xb5, 0xbd, 0x58, 0xd2, 0x7a, 0xb4, 0xab, 0xb4, 0x19,
-	0x2e, 0x7c, 0x04, 0xbe, 0x02, 0x1f, 0x84, 0x03, 0xb7, 0x1c, 0x7b, 0xec, 0x05, 0x0d, 0x11, 0x67,
-	0x0e, 0x5c, 0x73, 0x62, 0xb4, 0x52, 0x6c, 0xcb, 0x76, 0x5a, 0x11, 0x66, 0x72, 0xca, 0xcd, 0xfb,
-	0xbc, 0xfb, 0xbe, 0xcf, 0x3e, 0xab, 0x77, 0xdf, 0x67, 0x8c, 0xbe, 0x19, 0xdc, 0x16, 0x26, 0xe3,
-	0xd6, 0x20, 0x6c, 0x43, 0xe0, 0x83, 0x04, 0x61, 0x1d, 0x82, 0xdf, 0xe1, 0x81, 0x95, 0x05, 0xe8,
-	0x90, 0x59, 0xb4, 0xe3, 0x31, 0x21, 0x18, 0xf7, 0x03, 0xe8, 0x31, 0x21, 0x03, 0x2a, 0x19, 0xf7,
-	0xad, 0xc3, 0x9b, 0x6d, 0x90, 0xf4, 0xa6, 0xd5, 0x03, 0x1f, 0x02, 0x2a, 0xa1, 0x63, 0x0e, 0x03,
-	0x2e, 0x39, 0x6e, 0xa5, 0x99, 0x26, 0x1d, 0x32, 0x73, 0x6e, 0xa6, 0x99, 0x65, 0x6e, 0x7d, 0xd4,
-	0x63, 0xb2, 0x1f, 0xb6, 0x4d, 0x87, 0x7b, 0x56, 0x8f, 0xf7, 0xb8, 0xa5, 0x0a, 0xb4, 0xc3, 0xae,
-	0x5a, 0xa9, 0x85, 0xfa, 0x95, 0x16, 0xde, 0xba, 0x55, 0xe0, 0x48, 0xd3, 0xa7, 0xd9, 0xfa, 0x78,
-	0x9c, 0xe4, 0x51, 0xa7, 0xcf, 0x7c, 0x08, 0x8e, 0xac, 0xe1, 0xa0, 0x97, 0x00, 0xc2, 0xf2, 0x40,
-	0xd2, 0x79, 0x59, 0xd6, 0x79, 0x59, 0x41, 0xe8, 0x4b, 0xe6, 0xc1, 0x4c, 0xc2, 0x27, 0x6f, 0x4b,
-	0x10, 0x4e, 0x1f, 0x3c, 0x3a, 0x9d, 0xd7, 0xec, 0xa2, 0xb5, 0x3d, 0x2a, 0x9d, 0xfe, 0x0e, 0xf7,
-	0x3b, 0x2c, 0xd1, 0x80, 0x1b, 0x68, 0xc9, 0xa7, 0x1e, 0xe8, 0x5a, 0x43, 0x6b, 0xad, 0xd8, 0xb5,
-	0xe3, 0xc8, 0x58, 0x88, 0x23, 0x63, 0x69, 0x9f, 0x7a, 0x40, 0x54, 0x04, 0x6f, 0x23, 0x04, 0x2f,
-	0x87, 0x01, 0x28, 0xfd, 0xfa, 0xa2, 0xda, 0x87, 0xb3, 0x7d, 0xe8, 0xde, 0x28, 0x42, 0x26, 0x76,
-	0x35, 0x7f, 0xab, 0xa0, 0xf5, 0xbd, 0x50, 0x52, 0xc9, 0xfc, 0xde, 0x53, 0x68, 0xf7, 0x39, 0x1f,
-	0x14, 0x60, 0x7a, 0x81, 0x6a, 0x8e, 0xcb, 0xc0, 0x97, 0x3b, 0xdc, 0xef, 0xb2, 0x9e, 0xe2, 0xaa,
-	0x6e, 0x7f, 0x61, 0x16, 0xfd, 0xc2, 0x66, 0x46, 0xb5, 0x33, 0x51, 0xc4, 0x7e, 0x27, 0x23, 0xaa,
-	0x4d, 0xa2, 0x24, 0x47, 0x84, 0x9f, 0xa1, 0x72, 0x10, 0xba, 0x20, 0xf4, 0x52, 0xa3, 0xd4, 0xaa,
-	0x6e, 0x7f, 0x5a, 0x84, 0xd1, 0x24, 0xa1, 0x0b, 0x4f, 0x99, 0xec, 0x3f, 0x18, 0x42, 0x0a, 0x0a,
-	0x7b, 0x35, 0xe3, 0x2a, 0x27, 0x31, 0x41, 0xd2, 0xa2, 0x78, 0x17, 0xad, 0x76, 0x29, 0x73, 0xc3,
-	0x00, 0x1e, 0x72, 0x97, 0x39, 0x47, 0xfa, 0x92, 0xba, 0x81, 0x0f, 0xe3, 0xc8, 0x58, 0xbd, 0x3f,
-	0x19, 0x38, 0x8d, 0x8c, 0x8d, 0x1c, 0xf0, 0xe8, 0x68, 0x08, 0x24, 0x9f, 0x8c, 0xbf, 0x44, 0x55,
-	0x2f, 0xf9, 0x84, 0x59, 0xad, 0x15, 0x55, 0xab, 0x19, 0x47, 0x46, 0x75, 0x6f, 0x0c, 0x9f, 0x46,
-	0xc6, 0xfa, 0xc4, 0x52, 0xd5, 0x99, 0x4c, 0xc3, 0x2f, 0xd1, 0x46, 0x72, 0xe5, 0x62, 0x48, 0x1d,
-	0x38, 0x00, 0x17, 0x1c, 0xc9, 0x03, 0xbd, 0xac, 0xee, 0xfb, 0xd6, 0x84, 0xfa, 0x51, 0x73, 0x99,
-	0xc3, 0x41, 0x2f, 0x01, 0x84, 0x99, 0xf4, 0x70, 0x22, 0x7f, 0x97, 0xb6, 0xc1, 0x3d, 0x4b, 0xb5,
-	0xdf, 0x8d, 0x23, 0x63, 0x63, 0x7f, 0xba, 0x22, 0x99, 0x25, 0xc1, 0x1c, 0xad, 0xf1, 0xf6, 0x0f,
-	0xe0, 0xc8, 0x11, 0x6d, 0xf5, 0xe2, 0xb4, 0x38, 0x8e, 0x8c, 0xb5, 0x07, 0xb9, 0x72, 0x64, 0xaa,
-	0x7c, 0x72, 0x61, 0x82, 0x75, 0xe0, 0x5e, 0xb7, 0x0b, 0x8e, 0x14, 0xfa, 0xff, 0xc6, 0x17, 0x76,
-	0x30, 0x86, 0x93, 0x0b, 0x1b, 0x2f, 0x77, 0x5c, 0x2a, 0x04, 0x99, 0x4c, 0xc3, 0x77, 0xd0, 0x5a,
-	0xf2, 0xb0, 0x78, 0x28, 0x0f, 0xc0, 0xe1, 0x7e, 0x47, 0xe8, 0xcb, 0x0d, 0xad, 0x55, 0x4e, 0x4f,
-	0xf0, 0x28, 0x17, 0x21, 0x53, 0x3b, 0xf1, 0x63, 0xb4, 0x39, 0xea, 0x22, 0x02, 0x87, 0x0c, 0x5e,
-	0x3c, 0x81, 0x20, 0x59, 0x08, 0xbd, 0xd2, 0x28, 0xb5, 0x56, 0xec, 0x0f, 0xe2, 0xc8, 0xd8, 0xbc,
-	0x3b, 0x7f, 0x0b, 0x39, 0x2f, 0x17, 0x3f, 0x47, 0x38, 0x00, 0xe6, 0x1f, 0x72, 0x47, 0xb5, 0x5f,
-	0xd6, 0x10, 0x48, 0xe9, 0xbb, 0x11, 0x47, 0x06, 0x26, 0x33, 0xd1, 0xd3, 0xc8, 0x78, 0x6f, 0x16,
-	0x55, 0xed, 0x31, 0xa7, 0x16, 0xfe, 0x11, 0xad, 0x7b, 0xb9, 0x71, 0x21, 0xf4, 0x9a, 0x7a, 0x21,
-	0xb7, 0x8b, 0xbf, 0xc9, 0xfc, 0xbc, 0xb1, 0x37, 0xb3, 0x27, 0xb2, 0x9e, 0xc7, 0x05, 0x99, 0x66,
-	0x6a, 0xfe, 0xae, 0xa1, 0xeb, 0x53, 0x33, 0x24, 0x7d, 0xae, 0x61, 0xca, 0x80, 0x9f, 0xa3, 0x4a,
-	0xd2, 0x15, 0x1d, 0x2a, 0xa9, 0x1a, 0x2a, 0xd5, 0xed, 0x1b, 0xc5, 0x7a, 0x28, 0x6d, 0x98, 0x3d,
-	0x90, 0x74, 0x3c, 0xc8, 0xc6, 0x18, 0x19, 0x55, 0xc5, 0xdf, 0xa1, 0x4a, 0xc6, 0x2c, 0xf4, 0x45,
-	0x25, 0xfc, 0xb3, 0x7f, 0x21, 0x3c, 0x7f, 0x76, 0x7b, 0x29, 0xa1, 0x22, 0xa3, 0x82, 0xcd, 0xbf,
-	0x34, 0xd4, 0x78, 0x93, 0xbe, 0x5d, 0x26, 0x24, 0x7e, 0x36, 0xa3, 0xd1, 0x2c, 0xf8, 0x4e, 0x98,
-	0x48, 0x15, 0x5e, 0xcb, 0x14, 0x56, 0xce, 0x90, 0x09, 0x7d, 0x03, 0x54, 0x66, 0x12, 0xbc, 0x33,
-	0x71, 0xf7, 0x2f, 0x2c, 0x2e, 0x77, 0xf0, 0xf1, 0x18, 0xfc, 0x3a, 0x29, 0x4e, 0x52, 0x8e, 0xe6,
-	0x2f, 0x1a, 0xba, 0x76, 0x00, 0xc1, 0x21, 0x73, 0x80, 0x40, 0x17, 0x02, 0xf0, 0x1d, 0xc0, 0x16,
-	0x5a, 0x19, 0x8d, 0x88, 0xcc, 0x19, 0x36, 0xb2, 0xec, 0x95, 0xd1, 0x38, 0x21, 0xe3, 0x3d, 0x23,
-	0x17, 0x59, 0x3c, 0xd7, 0x45, 0xae, 0xa3, 0xa5, 0x21, 0x95, 0x7d, 0xbd, 0xa4, 0x76, 0x54, 0x92,
-	0xe8, 0x43, 0x2a, 0xfb, 0x44, 0xa1, 0x2a, 0xca, 0x03, 0xa9, 0x66, 0x70, 0x39, 0x8b, 0xf2, 0x40,
-	0x12, 0x85, 0x36, 0x4f, 0x96, 0xd1, 0xc6, 0x13, 0xea, 0xb2, 0xce, 0x95, 0x73, 0x5d, 0x39, 0xd7,
-	0xdb, 0x9d, 0x0b, 0x5d, 0x39, 0xd7, 0x85, 0x9c, 0x6b, 0x8e, 0xaf, 0x54, 0x2f, 0xcd, 0x57, 0x4e,
-	0x34, 0x54, 0x9f, 0x79, 0xe3, 0x97, 0xed, 0x2c, 0xdf, 0xcf, 0x38, 0xcb, 0xe7, 0xc5, 0xa5, 0xcf,
-	0x9c, 0x7e, 0xc6, 0x5b, 0xfe, 0xd6, 0x50, 0xf3, 0xcd, 0x1a, 0x2f, 0xc1, 0x5d, 0xbc, 0xbc, 0xbb,
-	0x7c, 0xf5, 0x1f, 0x04, 0x16, 0xf1, 0x97, 0x5f, 0x35, 0xf4, 0xff, 0x39, 0x63, 0x14, 0xbf, 0x8f,
-	0x4a, 0x61, 0xe0, 0x66, 0x76, 0xb0, 0x1c, 0x47, 0x46, 0xe9, 0x31, 0xd9, 0x25, 0x09, 0x86, 0x29,
-	0x5a, 0x16, 0xa9, 0x23, 0x65, 0xf2, 0xef, 0x14, 0x3f, 0xe3, 0xb4, 0x95, 0xd9, 0xd5, 0x38, 0x32,
-	0x96, 0xcf, 0xd0, 0xb3, 0xba, 0xb8, 0x85, 0x2a, 0x0e, 0xb5, 0x43, 0xbf, 0xe3, 0xa6, 0x9e, 0x55,
-	0xb3, 0x6b, 0xc9, 0x75, 0xed, 0xdc, 0x4d, 0x31, 0x32, 0x8a, 0xda, 0xfb, 0xc7, 0x27, 0xf5, 0x85,
-	0x57, 0x27, 0xf5, 0x85, 0xd7, 0x27, 0xf5, 0x85, 0x9f, 0xe2, 0xba, 0x76, 0x1c, 0xd7, 0xb5, 0x57,
-	0x71, 0x5d, 0x7b, 0x1d, 0xd7, 0xb5, 0x3f, 0xe2, 0xba, 0xf6, 0xf3, 0x9f, 0xf5, 0x85, 0x6f, 0x5b,
-	0x45, 0xff, 0x28, 0xff, 0x13, 0x00, 0x00, 0xff, 0xff, 0x1f, 0xf5, 0x97, 0x1c, 0x6c, 0x0f, 0x00,
-	0x00,
+	// 1973 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xec, 0x1a, 0x4d, 0x6f, 0x23, 0x49,
+	0x35, 0x1d, 0xe7, 0xc3, 0x7e, 0xce, 0x97, 0x6b, 0x67, 0x89, 0x77, 0x76, 0xd6, 0x8e, 0x5a, 0x2b,
+	0x94, 0x91, 0xc0, 0xde, 0xc9, 0xae, 0x76, 0x97, 0x59, 0x21, 0x14, 0x67, 0x67, 0x86, 0x99, 0x9d,
+	0x64, 0x42, 0x65, 0x37, 0x91, 0x60, 0x57, 0x9a, 0x72, 0x77, 0xd9, 0x6e, 0x6c, 0x77, 0x37, 0x5d,
+	0x6d, 0xcf, 0x04, 0x24, 0x40, 0xe2, 0xb0, 0x57, 0x24, 0x2e, 0x48, 0x9c, 0xf8, 0x0b, 0xdc, 0x91,
+	0xe0, 0x36, 0xc7, 0xbd, 0x31, 0x12, 0xc2, 0x22, 0xe6, 0xc0, 0x89, 0x03, 0x07, 0x38, 0xe4, 0x02,
+	0xaa, 0xea, 0xea, 0x4f, 0xb7, 0x27, 0x9d, 0x90, 0x09, 0x97, 0xb9, 0xa5, 0xdf, 0x67, 0xbd, 0x57,
+	0xef, 0xab, 0x9e, 0x03, 0xdf, 0xeb, 0x7e, 0xc8, 0x6a, 0x86, 0x55, 0xef, 0x0e, 0x9a, 0xd4, 0x31,
+	0xa9, 0x4b, 0x59, 0x7d, 0x48, 0x4d, 0xdd, 0x72, 0xea, 0x12, 0x41, 0x6c, 0xa3, 0x4e, 0xf4, 0xbe,
+	0xc1, 0x98, 0x61, 0x99, 0x0e, 0x6d, 0x1b, 0xcc, 0x75, 0x88, 0x6b, 0x58, 0x66, 0x7d, 0x78, 0xab,
+	0x49, 0x5d, 0x72, 0xab, 0xde, 0xa6, 0x26, 0x75, 0x88, 0x4b, 0xf5, 0x9a, 0xed, 0x58, 0xae, 0x85,
+	0x36, 0x3d, 0xce, 0x1a, 0xb1, 0x8d, 0x5a, 0x2a, 0x67, 0x4d, 0x72, 0x5e, 0xff, 0x66, 0xdb, 0x70,
+	0x3b, 0x83, 0x66, 0x4d, 0xb3, 0xfa, 0xf5, 0xb6, 0xd5, 0xb6, 0xea, 0x42, 0x40, 0x73, 0xd0, 0x12,
+	0x5f, 0xe2, 0x43, 0xfc, 0xe5, 0x09, 0xbe, 0xfe, 0x6e, 0x86, 0x23, 0x25, 0x4f, 0x73, 0xfd, 0xbd,
+	0x90, 0xa9, 0x4f, 0xb4, 0x8e, 0x61, 0x52, 0xe7, 0xb8, 0x6e, 0x77, 0xdb, 0x1c, 0xc0, 0xea, 0x7d,
+	0xea, 0x92, 0x34, 0xae, 0xfa, 0x34, 0x2e, 0x67, 0x60, 0xba, 0x46, 0x9f, 0x4e, 0x30, 0xbc, 0x7f,
+	0x16, 0x03, 0xd3, 0x3a, 0xb4, 0x4f, 0x92, 0x7c, 0x2a, 0x83, 0xd5, 0xed, 0x81, 0x6e, 0xb8, 0xdb,
+	0xa6, 0x69, 0xb9, 0xc2, 0x08, 0xf4, 0x16, 0xe4, 0xba, 0xf4, 0xb8, 0xac, 0x6c, 0x28, 0x9b, 0x85,
+	0x46, 0xf1, 0xd9, 0xa8, 0x3a, 0x33, 0x1e, 0x55, 0x73, 0x9f, 0xd0, 0x63, 0xcc, 0xe1, 0x68, 0x1b,
+	0x56, 0x87, 0xa4, 0x37, 0xa0, 0x77, 0x9e, 0xda, 0x0e, 0x15, 0x2e, 0x28, 0xcf, 0x0a, 0xd2, 0x75,
+	0x49, 0xba, 0x7a, 0x18, 0x47, 0xe3, 0x24, 0xbd, 0xda, 0x83, 0x52, 0xf8, 0x75, 0x44, 0x1c, 0xd3,
+	0x30, 0xdb, 0xe8, 0x1b, 0x90, 0x6f, 0x19, 0xb4, 0xa7, 0x63, 0xda, 0x92, 0x02, 0xd7, 0xa4, 0xc0,
+	0xfc, 0x5d, 0x09, 0xc7, 0x01, 0x05, 0xba, 0x09, 0x8b, 0x4f, 0x3c, 0xc6, 0x72, 0x4e, 0x10, 0xaf,
+	0x4a, 0xe2, 0x45, 0x29, 0x0f, 0xfb, 0x78, 0xb5, 0x05, 0x2b, 0xbb, 0xc4, 0xd5, 0x3a, 0x3b, 0x96,
+	0xa9, 0x1b, 0xc2, 0xc2, 0x0d, 0x98, 0x33, 0x49, 0x9f, 0x4a, 0x13, 0x97, 0x24, 0xe7, 0xdc, 0x1e,
+	0xe9, 0x53, 0x2c, 0x30, 0x68, 0x0b, 0x80, 0x26, 0xed, 0x43, 0x92, 0x0e, 0x22, 0xa6, 0x45, 0xa8,
+	0xd4, 0x3f, 0xcd, 0x49, 0x45, 0x98, 0x32, 0x6b, 0xe0, 0x68, 0x94, 0xa1, 0xa7, 0x50, 0xe2, 0xe2,
+	0x98, 0x4d, 0x34, 0x7a, 0x40, 0x7b, 0x54, 0x73, 0x2d, 0x47, 0x68, 0x2d, 0x6e, 0xbd, 0x5b, 0x0b,
+	0xc3, 0x34, 0xb8, 0xb1, 0x9a, 0xdd, 0x6d, 0x73, 0x00, 0xab, 0xf1, 0xc0, 0xa8, 0x0d, 0x6f, 0xd5,
+	0x1e, 0x92, 0x26, 0xed, 0xf9, 0xac, 0x8d, 0xd7, 0xc7, 0xa3, 0x6a, 0x69, 0x2f, 0x29, 0x11, 0x4f,
+	0x2a, 0x41, 0x16, 0xac, 0x58, 0xcd, 0x1f, 0x52, 0xcd, 0x0d, 0xd4, 0xce, 0x5e, 0x5c, 0x2d, 0x1a,
+	0x8f, 0xaa, 0x2b, 0x8f, 0x62, 0xe2, 0x70, 0x42, 0x3c, 0xfa, 0x29, 0x2c, 0x3b, 0xd2, 0x6e, 0x3c,
+	0xe8, 0x51, 0x56, 0xce, 0x6d, 0xe4, 0x36, 0x8b, 0x5b, 0xdb, 0xb5, 0xac, 0xd9, 0x58, 0xe3, 0x76,
+	0xe9, 0x9c, 0xf7, 0xc8, 0x70, 0x3b, 0x8f, 0x6c, 0xea, 0xa1, 0x59, 0xe3, 0x75, 0xe9, 0xf7, 0x65,
+	0x1c, 0x95, 0x8f, 0xe3, 0xea, 0xd0, 0xaf, 0x14, 0xb8, 0x46, 0x9f, 0x6a, 0xbd, 0x81, 0x4e, 0x63,
+	0x74, 0xe5, 0xb9, 0xcb, 0x3a, 0xc7, 0x0d, 0x79, 0x8e, 0x6b, 0x77, 0x52, 0xd4, 0xe0, 0x54, 0xe5,
+	0xe8, 0x63, 0x28, 0xf6, 0x79, 0x48, 0xec, 0x5b, 0x3d, 0x43, 0x3b, 0x2e, 0x2f, 0x8a, 0x40, 0x52,
+	0xc7, 0xa3, 0x6a, 0x71, 0x37, 0x04, 0x9f, 0x8e, 0xaa, 0xab, 0x91, 0xcf, 0x4f, 0x8f, 0x6d, 0x8a,
+	0xa3, 0x6c, 0xea, 0x1f, 0xf3, 0xb0, 0xba, 0x3b, 0xe0, 0xe9, 0x69, 0xb6, 0x8f, 0x68, 0xb3, 0x63,
+	0x59, 0xdd, 0x0c, 0x31, 0xfc, 0x04, 0x96, 0xb4, 0x9e, 0x41, 0x4d, 0x77, 0xc7, 0x32, 0x5b, 0x46,
+	0x5b, 0x06, 0xc0, 0xb7, 0xb3, 0x3b, 0x42, 0xaa, 0xda, 0x89, 0x08, 0x69, 0x5c, 0x93, 0x8a, 0x96,
+	0xa2, 0x50, 0x1c, 0x53, 0x84, 0x3e, 0x87, 0x79, 0x27, 0x12, 0x02, 0x1f, 0x64, 0xd1, 0x58, 0x4b,
+	0x71, 0xf8, 0xb2, 0xd4, 0x35, 0xef, 0x79, 0xd8, 0x13, 0x8a, 0x1e, 0xc2, 0x72, 0x8b, 0x18, 0xbd,
+	0x81, 0x43, 0xa5, 0x53, 0xe7, 0x84, 0x07, 0xbe, 0xce, 0x23, 0xe4, 0x6e, 0x14, 0x71, 0x3a, 0xaa,
+	0x96, 0x62, 0x00, 0xe1, 0xd8, 0x38, 0x73, 0xf2, 0x82, 0x0a, 0x17, 0xba, 0xa0, 0xf4, 0x3c, 0x9f,
+	0xff, 0xff, 0xe4, 0x79, 0xf1, 0xe5, 0xe6, 0xf9, 0xc7, 0x50, 0x64, 0x86, 0x4e, 0xef, 0xb4, 0x5a,
+	0x54, 0x73, 0x59, 0x79, 0x21, 0x74, 0xd8, 0x41, 0x08, 0xe6, 0x0e, 0x0b, 0x3f, 0x77, 0x7a, 0x84,
+	0x31, 0x1c, 0x65, 0x43, 0xb7, 0x61, 0x85, 0x77, 0x25, 0x6b, 0xe0, 0x1e, 0x50, 0xcd, 0x32, 0x75,
+	0x26, 0x52, 0x63, 0xde, 0x3b, 0xc1, 0xa7, 0x31, 0x0c, 0x4e, 0x50, 0xa2, 0xcf, 0x60, 0x3d, 0x88,
+	0x22, 0x4c, 0x87, 0x06, 0x7d, 0x72, 0x48, 0x1d, 0xfe, 0xc1, 0xca, 0xf9, 0x8d, 0xdc, 0x66, 0xa1,
+	0xf1, 0xe6, 0x78, 0x54, 0x5d, 0xdf, 0x4e, 0x27, 0xc1, 0xd3, 0x78, 0xd1, 0x63, 0x40, 0x0e, 0x35,
+	0xcc, 0xa1, 0xa5, 0x89, 0xf0, 0x93, 0x01, 0x01, 0xc2, 0xbe, 0x77, 0xc6, 0xa3, 0x2a, 0xc2, 0x13,
+	0xd8, 0xd3, 0x51, 0xf5, 0x6b, 0x93, 0x50, 0x11, 0x1e, 0x29, 0xb2, 0xd0, 0x4f, 0x60, 0xb5, 0x1f,
+	0x6b, 0x44, 0xac, 0xbc, 0x24, 0x32, 0xe4, 0xc3, 0xec, 0x39, 0x19, 0xef, 0x64, 0x61, 0xcf, 0x8d,
+	0xc3, 0x19, 0x4e, 0x6a, 0x52, 0xff, 0xa2, 0xc0, 0x8d, 0x44, 0x0d, 0xf1, 0xd2, 0x75, 0xe0, 0x69,
+	0x40, 0x8f, 0x21, 0xcf, 0xa3, 0x42, 0x27, 0x2e, 0x91, 0x2d, 0xea, 0x9d, 0x6c, 0x31, 0xe4, 0x05,
+	0xcc, 0x2e, 0x75, 0x49, 0xd8, 0x22, 0x43, 0x18, 0x0e, 0xa4, 0xa2, 0x1f, 0x40, 0x5e, 0x6a, 0x66,
+	0xe5, 0x59, 0x61, 0xf8, 0xb7, 0xce, 0x61, 0x78, 0xfc, 0xec, 0x8d, 0x39, 0xae, 0x0a, 0x07, 0x02,
+	0xd5, 0x7f, 0x28, 0xb0, 0xf1, 0x22, 0xfb, 0x1e, 0x1a, 0xcc, 0x45, 0x9f, 0x4f, 0xd8, 0x58, 0xcb,
+	0x98, 0x27, 0x06, 0xf3, 0x2c, 0x0c, 0x66, 0x12, 0x1f, 0x12, 0xb1, 0xaf, 0x0b, 0xf3, 0x86, 0x4b,
+	0xfb, 0xbe, 0x71, 0x77, 0x2f, 0x6c, 0x5c, 0xec, 0xe0, 0x61, 0x19, 0xbc, 0xcf, 0x85, 0x63, 0x4f,
+	0x87, 0xfa, 0x5c, 0x81, 0xf5, 0x29, 0x9d, 0x0a, 0x7d, 0x10, 0xf6, 0x62, 0x51, 0x44, 0xca, 0x8a,
+	0xc8, 0x8b, 0x52, 0xb4, 0x89, 0x0a, 0x04, 0x8e, 0xd3, 0xa1, 0x5f, 0x28, 0x80, 0x9c, 0x09, 0x79,
+	0xb2, 0x73, 0x5c, 0xb8, 0x8e, 0x5f, 0x97, 0x06, 0xa0, 0x49, 0x1c, 0x4e, 0x51, 0xa7, 0x12, 0x28,
+	0xec, 0x13, 0x87, 0xf4, 0x3f, 0x31, 0x4c, 0x9d, 0x4f, 0x62, 0xc4, 0x36, 0x64, 0x96, 0xca, 0x6e,
+	0x17, 0x84, 0xd9, 0xf6, 0xfe, 0x7d, 0x89, 0xc1, 0x11, 0x2a, 0xde, 0x1b, 0xbb, 0x86, 0xa9, 0xcb,
+	0xb9, 0x2d, 0xe8, 0x8d, 0x5c, 0x1e, 0x16, 0x18, 0xf5, 0x77, 0xb3, 0x90, 0x17, 0x3a, 0xf8, 0x2c,
+	0x79, 0x76, 0x2b, 0xad, 0x43, 0x21, 0x28, 0xbd, 0x52, 0x6a, 0x49, 0x92, 0x15, 0x82, 0x32, 0x8d,
+	0x43, 0x1a, 0xf4, 0x05, 0xe4, 0x99, 0x5f, 0x90, 0x73, 0x17, 0x2f, 0xc8, 0x4b, 0x3c, 0xd2, 0x82,
+	0x52, 0x1c, 0x88, 0x44, 0x2e, 0xac, 0xdb, 0xfc, 0xf4, 0xd4, 0xa5, 0xce, 0x9e, 0xe5, 0xde, 0xb5,
+	0x06, 0xa6, 0xbe, 0xad, 0x71, 0xef, 0xc9, 0x6e, 0x78, 0x9b, 0x97, 0xc0, 0xfd, 0x74, 0x92, 0xd3,
+	0x51, 0xf5, 0xcd, 0x29, 0x28, 0x51, 0xba, 0xa6, 0x89, 0x56, 0x7f, 0xab, 0xc0, 0xda, 0x01, 0x75,
+	0x86, 0x86, 0x46, 0x31, 0x6d, 0x51, 0x87, 0x9a, 0x5a, 0xc2, 0x35, 0x4a, 0x06, 0xd7, 0xf8, 0xde,
+	0x9e, 0x9d, 0xea, 0xed, 0x1b, 0x30, 0x67, 0x13, 0xb7, 0x23, 0x07, 0xfb, 0x3c, 0xc7, 0xee, 0x13,
+	0xb7, 0x83, 0x05, 0x54, 0x60, 0x2d, 0xc7, 0x15, 0x86, 0xce, 0x4b, 0xac, 0xe5, 0xb8, 0x58, 0x40,
+	0xd5, 0x5f, 0x2b, 0xb0, 0xc4, 0xad, 0xd8, 0xe9, 0x50, 0xad, 0xcb, 0x9f, 0x15, 0x5f, 0x2a, 0x80,
+	0x68, 0xf2, 0xb1, 0xe1, 0x65, 0x44, 0x71, 0xeb, 0xa3, 0xec, 0x29, 0x3a, 0xf1, 0x60, 0x09, 0xc3,
+	0x7a, 0x02, 0xc5, 0x70, 0x8a, 0x4a, 0xf5, 0xcf, 0xb3, 0xf0, 0xc6, 0x21, 0xe9, 0x19, 0xba, 0x48,
+	0xf5, 0xa0, 0x3f, 0xc9, 0xe6, 0xf0, 0xf2, 0xcb, 0xaf, 0x01, 0x73, 0xcc, 0xa6, 0x9a, 0xcc, 0xe6,
+	0x7b, 0xd9, 0x4d, 0x9f, 0x7a, 0xe8, 0x03, 0x9b, 0x6a, 0xe1, 0x0d, 0xf2, 0x2f, 0x2c, 0x54, 0xa0,
+	0x1f, 0xc1, 0x02, 0x73, 0x89, 0x3b, 0x60, 0x32, 0xf8, 0xef, 0x5f, 0x86, 0x32, 0x21, 0xb0, 0xb1,
+	0x22, 0xd5, 0x2d, 0x78, 0xdf, 0x58, 0x2a, 0x52, 0xff, 0xad, 0xc0, 0xc6, 0x54, 0xde, 0x86, 0x61,
+	0xea, 0x3c, 0x18, 0x5e, 0xbe, 0x93, 0xed, 0x98, 0x93, 0xf7, 0x2e, 0xc1, 0x6e, 0x79, 0xf6, 0x69,
+	0xbe, 0x56, 0xff, 0xa5, 0xc0, 0xdb, 0x67, 0x31, 0x5f, 0x41, 0xf3, 0xb3, 0xe2, 0xcd, 0xef, 0xc1,
+	0xe5, 0x59, 0x3e, 0xa5, 0x01, 0x7e, 0x99, 0x3b, 0xdb, 0x6e, 0xee, 0x26, 0xde, 0x41, 0x6c, 0x01,
+	0xdc, 0x0b, 0x8b, 0x7c, 0x70, 0x89, 0xfb, 0x01, 0x06, 0x47, 0xa8, 0xb8, 0xaf, 0x6c, 0xd9, 0x1e,
+	0xe4, 0x55, 0x6e, 0x65, 0x37, 0xc8, 0x6f, 0x2c, 0x5e, 0xf9, 0xf6, 0xbf, 0x70, 0x20, 0x11, 0xb9,
+	0xb0, 0xd2, 0x8f, 0x2d, 0x0a, 0x64, 0x9a, 0x9c, 0x77, 0x0e, 0x0c, 0xf8, 0xbd, 0xb9, 0x39, 0x0e,
+	0xc3, 0x09, 0x1d, 0xe8, 0x08, 0x4a, 0x43, 0xe9, 0x2f, 0xcb, 0xf4, 0x4a, 0xba, 0xf7, 0x3a, 0x2e,
+	0x34, 0x6e, 0xf2, 0xf7, 0xc6, 0x61, 0x12, 0x79, 0x3a, 0xaa, 0xae, 0x25, 0x81, 0x78, 0x52, 0x86,
+	0xfa, 0x77, 0x05, 0xde, 0x9a, 0x7a, 0x13, 0x57, 0x10, 0x7a, 0x9d, 0x78, 0xe8, 0xed, 0x5c, 0x46,
+	0xe8, 0xa5, 0xc7, 0xdc, 0x6f, 0x16, 0x5e, 0x60, 0xa9, 0x08, 0xb6, 0xc7, 0x50, 0xb0, 0xfd, 0xd9,
+	0x25, 0x65, 0xd3, 0x93, 0x25, 0x72, 0x38, 0x6b, 0x63, 0x99, 0xf7, 0xcf, 0xe0, 0x13, 0x87, 0x42,
+	0xd1, 0x8f, 0x61, 0xcd, 0x9f, 0xed, 0x39, 0xbf, 0x61, 0xba, 0xfe, 0x80, 0x76, 0xf1, 0xf0, 0xb9,
+	0x36, 0x1e, 0x55, 0xd7, 0x76, 0x13, 0x52, 0xf1, 0x84, 0x1e, 0xd4, 0x85, 0x62, 0x78, 0xfd, 0xfe,
+	0xfb, 0xfe, 0xbd, 0xf3, 0xfb, 0xdb, 0x32, 0x1b, 0xaf, 0x49, 0x07, 0x17, 0x43, 0x18, 0xc3, 0x51,
+	0xe9, 0x97, 0xfc, 0xd0, 0xff, 0x19, 0xac, 0x91, 0xf8, 0xa2, 0x93, 0x95, 0xe7, 0xcf, 0xfb, 0x08,
+	0x49, 0xac, 0x4a, 0x1b, 0x65, 0x69, 0xc4, 0x5a, 0x02, 0xc1, 0xf0, 0x84, 0xb2, 0xb4, 0xd7, 0xdf,
+	0xc2, 0x55, 0xbd, 0xfe, 0x90, 0x06, 0x85, 0x21, 0x71, 0x0c, 0xd2, 0xec, 0x51, 0xfe, 0xd4, 0xce,
+	0x9d, 0xaf, 0xa0, 0x1d, 0x4a, 0xd6, 0x70, 0xb2, 0xf3, 0x21, 0x0c, 0x87, 0x72, 0xd5, 0x3f, 0xcc,
+	0x42, 0xf5, 0x8c, 0xf6, 0x8d, 0x1e, 0x00, 0xb2, 0x9a, 0x8c, 0x3a, 0x43, 0xaa, 0xdf, 0xf3, 0x56,
+	0xd1, 0xfe, 0x58, 0x9f, 0x0b, 0x07, 0xaa, 0x47, 0x13, 0x14, 0x38, 0x85, 0x0b, 0xf5, 0x60, 0xc9,
+	0x8d, 0x8c, 0x7a, 0x32, 0x0b, 0xde, 0xcf, 0x6e, 0x57, 0x74, 0x50, 0x6c, 0xac, 0x8d, 0x47, 0xd5,
+	0xd8, 0xe8, 0x88, 0x63, 0xd2, 0x91, 0x06, 0xa0, 0x85, 0x57, 0xe7, 0x85, 0x7e, 0x3d, 0x5b, 0x15,
+	0x0b, 0x6f, 0x2c, 0xe8, 0x3b, 0x91, 0xcb, 0x8a, 0x88, 0x55, 0x4f, 0x16, 0xa1, 0x14, 0xba, 0xf0,
+	0xd5, 0xae, 0xef, 0xd5, 0xae, 0xef, 0x85, 0xbb, 0x3e, 0x78, 0xb5, 0xeb, 0xbb, 0xd0, 0xae, 0x2f,
+	0xa5, 0x16, 0x17, 0xaf, 0x6c, 0x13, 0x77, 0xa2, 0x40, 0x65, 0x22, 0xc7, 0xaf, 0x7a, 0x17, 0xf7,
+	0xc5, 0xc4, 0x2e, 0xee, 0xa3, 0x8b, 0x8c, 0x4d, 0xd3, 0xb6, 0x71, 0xff, 0x54, 0x40, 0x7d, 0xb1,
+	0x8d, 0x57, 0x30, 0x17, 0xf6, 0xe3, 0x73, 0xe1, 0x77, 0xff, 0x07, 0x03, 0xb3, 0x6c, 0xe4, 0xfe,
+	0xa3, 0x00, 0x84, 0xc3, 0x0c, 0x7a, 0x1b, 0x22, 0x3f, 0x14, 0xca, 0xd2, 0xed, 0xb9, 0x29, 0x02,
+	0x47, 0x37, 0x61, 0xb1, 0x4f, 0x19, 0x23, 0x6d, 0x7f, 0x21, 0x12, 0xfc, 0x8e, 0xb9, 0xeb, 0x81,
+	0xb1, 0x8f, 0x47, 0x47, 0xb0, 0xe0, 0x50, 0xc2, 0x2c, 0x53, 0x2e, 0x46, 0xbe, 0xc3, 0x5f, 0xc1,
+	0x58, 0x40, 0x4e, 0x47, 0xd5, 0x5b, 0x59, 0x7e, 0x67, 0xae, 0xc9, 0x47, 0xb3, 0x60, 0xc2, 0x52,
+	0x1c, 0xba, 0x07, 0x25, 0xa9, 0x23, 0x72, 0x60, 0xaf, 0xd2, 0xbe, 0x21, 0x4f, 0x53, 0xda, 0x4d,
+	0x12, 0xe0, 0x49, 0x1e, 0xf5, 0x01, 0xe4, 0xfd, 0xc1, 0x00, 0x95, 0x61, 0x2e, 0xf2, 0xde, 0xf2,
+	0x0c, 0x17, 0x90, 0x84, 0x63, 0x66, 0xd3, 0x1d, 0xa3, 0xfe, 0x5e, 0x81, 0xd7, 0x52, 0x9a, 0x12,
+	0x7a, 0x03, 0x72, 0x03, 0xa7, 0x27, 0x5d, 0xb0, 0x38, 0x1e, 0x55, 0x73, 0x9f, 0xe1, 0x87, 0x98,
+	0xc3, 0x10, 0x81, 0x45, 0xe6, 0xad, 0xa7, 0x64, 0x30, 0xdd, 0xce, 0x7e, 0xe3, 0xc9, 0xbd, 0x56,
+	0xa3, 0xc8, 0xef, 0xc0, 0x87, 0xfa, 0x72, 0xd1, 0x26, 0xe4, 0x35, 0xd2, 0x18, 0x98, 0x7a, 0xcf,
+	0xbb, 0xaf, 0x25, 0xef, 0x8d, 0xb7, 0xb3, 0xed, 0xc1, 0x70, 0x80, 0x6d, 0xec, 0x3d, 0x3b, 0xa9,
+	0xcc, 0x7c, 0x75, 0x52, 0x99, 0x79, 0x7e, 0x52, 0x99, 0xf9, 0xf9, 0xb8, 0xa2, 0x3c, 0x1b, 0x57,
+	0x94, 0xaf, 0xc6, 0x15, 0xe5, 0xf9, 0xb8, 0xa2, 0xfc, 0x75, 0x5c, 0x51, 0x7e, 0xf9, 0xb7, 0xca,
+	0xcc, 0xf7, 0x37, 0xb3, 0xfe, 0x97, 0xc3, 0x7f, 0x03, 0x00, 0x00, 0xff, 0xff, 0x71, 0x54, 0x54,
+	0xe6, 0x29, 0x21, 0x00, 0x00,
+}
+
+func (m *AuditAnnotation) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *AuditAnnotation) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *AuditAnnotation) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	i -= len(m.ValueExpression)
+	copy(dAtA[i:], m.ValueExpression)
+	i = encodeVarintGenerated(dAtA, i, uint64(len(m.ValueExpression)))
+	i--
+	dAtA[i] = 0x12
+	i -= len(m.Key)
+	copy(dAtA[i:], m.Key)
+	i = encodeVarintGenerated(dAtA, i, uint64(len(m.Key)))
+	i--
+	dAtA[i] = 0xa
+	return len(dAtA) - i, nil
+}
+
+func (m *ExpressionWarning) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *ExpressionWarning) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ExpressionWarning) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	i -= len(m.Warning)
+	copy(dAtA[i:], m.Warning)
+	i = encodeVarintGenerated(dAtA, i, uint64(len(m.Warning)))
+	i--
+	dAtA[i] = 0x1a
+	i -= len(m.FieldRef)
+	copy(dAtA[i:], m.FieldRef)
+	i = encodeVarintGenerated(dAtA, i, uint64(len(m.FieldRef)))
+	i--
+	dAtA[i] = 0x12
+	return len(dAtA) - i, nil
 }
 
 func (m *MatchCondition) Marshal() (dAtA []byte, err error) {
@@ -416,6 +1005,88 @@ func (m *MatchCondition) MarshalToSizedBuffer(dAtA []byte) (int, error) {
 	return len(dAtA) - i, nil
 }
 
+func (m *MatchResources) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *MatchResources) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *MatchResources) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.MatchPolicy != nil {
+		i -= len(*m.MatchPolicy)
+		copy(dAtA[i:], *m.MatchPolicy)
+		i = encodeVarintGenerated(dAtA, i, uint64(len(*m.MatchPolicy)))
+		i--
+		dAtA[i] = 0x3a
+	}
+	if len(m.ExcludeResourceRules) > 0 {
+		for iNdEx := len(m.ExcludeResourceRules) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.ExcludeResourceRules[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintGenerated(dAtA, i, uint64(size))
+			}
+			i--
+			dAtA[i] = 0x22
+		}
+	}
+	if len(m.ResourceRules) > 0 {
+		for iNdEx := len(m.ResourceRules) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.ResourceRules[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintGenerated(dAtA, i, uint64(size))
+			}
+			i--
+			dAtA[i] = 0x1a
+		}
+	}
+	if m.ObjectSelector != nil {
+		{
+			size, err := m.ObjectSelector.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintGenerated(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x12
+	}
+	if m.NamespaceSelector != nil {
+		{
+			size, err := m.NamespaceSelector.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintGenerated(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
+}
+
 func (m *MutatingWebhook) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
@@ -642,7 +1313,7 @@ func (m *MutatingWebhookConfigurationList) MarshalToSizedBuffer(dAtA []byte) (in
 	return len(dAtA) - i, nil
 }
 
-func (m *ServiceReference) Marshal() (dAtA []byte, err error) {
+func (m *NamedRuleWithOperations) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
 	n, err := m.MarshalToSizedBuffer(dAtA[:size])
@@ -652,42 +1323,72 @@ func (m *ServiceReference) Marshal() (dAtA []byte, err error) {
 	return dAtA[:n], nil
 }
 
-func (m *ServiceReference) MarshalTo(dAtA []byte) (int, error) {
+func (m *NamedRuleWithOperations) MarshalTo(dAtA []byte) (int, error) {
 	size := m.Size()
 	return m.MarshalToSizedBuffer(dAtA[:size])
 }
 
-func (m *ServiceReference) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+func (m *NamedRuleWithOperations) MarshalToSizedBuffer(dAtA []byte) (int, error) {
 	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if m.Port != nil {
-		i = encodeVarintGenerated(dAtA, i, uint64(*m.Port))
-		i--
-		dAtA[i] = 0x20
+	{
+		size, err := m.RuleWithOperations.MarshalToSizedBuffer(dAtA[:i])
+		if err != nil {
+			return 0, err
+		}
+		i -= size
+		i = encodeVarintGenerated(dAtA, i, uint64(size))
 	}
-	if m.Path != nil {
-		i -= len(*m.Path)
-		copy(dAtA[i:], *m.Path)
-		i = encodeVarintGenerated(dAtA, i, uint64(len(*m.Path)))
-		i--
-		dAtA[i] = 0x1a
+	i--
+	dAtA[i] = 0x12
+	if len(m.ResourceNames) > 0 {
+		for iNdEx := len(m.ResourceNames) - 1; iNdEx >= 0; iNdEx-- {
+			i -= len(m.ResourceNames[iNdEx])
+			copy(dAtA[i:], m.ResourceNames[iNdEx])
+			i = encodeVarintGenerated(dAtA, i, uint64(len(m.ResourceNames[iNdEx])))
+			i--
+			dAtA[i] = 0xa
+		}
 	}
-	i -= len(m.Name)
-	copy(dAtA[i:], m.Name)
-	i = encodeVarintGenerated(dAtA, i, uint64(len(m.Name)))
+	return len(dAtA) - i, nil
+}
+
+func (m *ParamKind) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *ParamKind) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ParamKind) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	i -= len(m.Kind)
+	copy(dAtA[i:], m.Kind)
+	i = encodeVarintGenerated(dAtA, i, uint64(len(m.Kind)))
 	i--
 	dAtA[i] = 0x12
-	i -= len(m.Namespace)
-	copy(dAtA[i:], m.Namespace)
-	i = encodeVarintGenerated(dAtA, i, uint64(len(m.Namespace)))
+	i -= len(m.APIVersion)
+	copy(dAtA[i:], m.APIVersion)
+	i = encodeVarintGenerated(dAtA, i, uint64(len(m.APIVersion)))
 	i--
 	dAtA[i] = 0xa
 	return len(dAtA) - i, nil
 }
 
-func (m *ValidatingWebhook) Marshal() (dAtA []byte, err error) {
+func (m *ParamRef) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
 	n, err := m.MarshalToSizedBuffer(dAtA[:size])
@@ -697,33 +1398,26 @@ func (m *ValidatingWebhook) Marshal() (dAtA []byte, err error) {
 	return dAtA[:n], nil
 }
 
-func (m *ValidatingWebhook) MarshalTo(dAtA []byte) (int, error) {
+func (m *ParamRef) MarshalTo(dAtA []byte) (int, error) {
 	size := m.Size()
 	return m.MarshalToSizedBuffer(dAtA[:size])
 }
 
-func (m *ValidatingWebhook) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+func (m *ParamRef) MarshalToSizedBuffer(dAtA []byte) (int, error) {
 	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.MatchConditions) > 0 {
-		for iNdEx := len(m.MatchConditions) - 1; iNdEx >= 0; iNdEx-- {
-			{
-				size, err := m.MatchConditions[iNdEx].MarshalToSizedBuffer(dAtA[:i])
-				if err != nil {
-					return 0, err
-				}
-				i -= size
-				i = encodeVarintGenerated(dAtA, i, uint64(size))
-			}
-			i--
-			dAtA[i] = 0x5a
-		}
+	if m.ParameterNotFoundAction != nil {
+		i -= len(*m.ParameterNotFoundAction)
+		copy(dAtA[i:], *m.ParameterNotFoundAction)
+		i = encodeVarintGenerated(dAtA, i, uint64(len(*m.ParameterNotFoundAction)))
+		i--
+		dAtA[i] = 0x22
 	}
-	if m.ObjectSelector != nil {
+	if m.Selector != nil {
 		{
-			size, err := m.ObjectSelector.MarshalToSizedBuffer(dAtA[:i])
+			size, err := m.Selector.MarshalToSizedBuffer(dAtA[:i])
 			if err != nil {
 				return 0, err
 			}
@@ -731,59 +1425,90 @@ func (m *ValidatingWebhook) MarshalToSizedBuffer(dAtA []byte) (int, error) {
 			i = encodeVarintGenerated(dAtA, i, uint64(size))
 		}
 		i--
-		dAtA[i] = 0x52
-	}
-	if m.MatchPolicy != nil {
-		i -= len(*m.MatchPolicy)
-		copy(dAtA[i:], *m.MatchPolicy)
-		i = encodeVarintGenerated(dAtA, i, uint64(len(*m.MatchPolicy)))
-		i--
-		dAtA[i] = 0x4a
-	}
-	if len(m.AdmissionReviewVersions) > 0 {
-		for iNdEx := len(m.AdmissionReviewVersions) - 1; iNdEx >= 0; iNdEx-- {
-			i -= len(m.AdmissionReviewVersions[iNdEx])
-			copy(dAtA[i:], m.AdmissionReviewVersions[iNdEx])
-			i = encodeVarintGenerated(dAtA, i, uint64(len(m.AdmissionReviewVersions[iNdEx])))
-			i--
-			dAtA[i] = 0x42
-		}
-	}
-	if m.TimeoutSeconds != nil {
-		i = encodeVarintGenerated(dAtA, i, uint64(*m.TimeoutSeconds))
-		i--
-		dAtA[i] = 0x38
+		dAtA[i] = 0x1a
 	}
-	if m.SideEffects != nil {
-		i -= len(*m.SideEffects)
-		copy(dAtA[i:], *m.SideEffects)
-		i = encodeVarintGenerated(dAtA, i, uint64(len(*m.SideEffects)))
-		i--
-		dAtA[i] = 0x32
+	i -= len(m.Namespace)
+	copy(dAtA[i:], m.Namespace)
+	i = encodeVarintGenerated(dAtA, i, uint64(len(m.Namespace)))
+	i--
+	dAtA[i] = 0x12
+	i -= len(m.Name)
+	copy(dAtA[i:], m.Name)
+	i = encodeVarintGenerated(dAtA, i, uint64(len(m.Name)))
+	i--
+	dAtA[i] = 0xa
+	return len(dAtA) - i, nil
+}
+
+func (m *ServiceReference) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
 	}
-	if m.NamespaceSelector != nil {
-		{
-			size, err := m.NamespaceSelector.MarshalToSizedBuffer(dAtA[:i])
-			if err != nil {
-				return 0, err
-			}
-			i -= size
-			i = encodeVarintGenerated(dAtA, i, uint64(size))
-		}
+	return dAtA[:n], nil
+}
+
+func (m *ServiceReference) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ServiceReference) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.Port != nil {
+		i = encodeVarintGenerated(dAtA, i, uint64(*m.Port))
 		i--
-		dAtA[i] = 0x2a
+		dAtA[i] = 0x20
 	}
-	if m.FailurePolicy != nil {
-		i -= len(*m.FailurePolicy)
-		copy(dAtA[i:], *m.FailurePolicy)
-		i = encodeVarintGenerated(dAtA, i, uint64(len(*m.FailurePolicy)))
+	if m.Path != nil {
+		i -= len(*m.Path)
+		copy(dAtA[i:], *m.Path)
+		i = encodeVarintGenerated(dAtA, i, uint64(len(*m.Path)))
 		i--
-		dAtA[i] = 0x22
+		dAtA[i] = 0x1a
 	}
-	if len(m.Rules) > 0 {
-		for iNdEx := len(m.Rules) - 1; iNdEx >= 0; iNdEx-- {
+	i -= len(m.Name)
+	copy(dAtA[i:], m.Name)
+	i = encodeVarintGenerated(dAtA, i, uint64(len(m.Name)))
+	i--
+	dAtA[i] = 0x12
+	i -= len(m.Namespace)
+	copy(dAtA[i:], m.Namespace)
+	i = encodeVarintGenerated(dAtA, i, uint64(len(m.Namespace)))
+	i--
+	dAtA[i] = 0xa
+	return len(dAtA) - i, nil
+}
+
+func (m *TypeChecking) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *TypeChecking) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *TypeChecking) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if len(m.ExpressionWarnings) > 0 {
+		for iNdEx := len(m.ExpressionWarnings) - 1; iNdEx >= 0; iNdEx-- {
 			{
-				size, err := m.Rules[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				size, err := m.ExpressionWarnings[iNdEx].MarshalToSizedBuffer(dAtA[:i])
 				if err != nil {
 					return 0, err
 				}
@@ -791,11 +1516,44 @@ func (m *ValidatingWebhook) MarshalToSizedBuffer(dAtA []byte) (int, error) {
 				i = encodeVarintGenerated(dAtA, i, uint64(size))
 			}
 			i--
-			dAtA[i] = 0x1a
+			dAtA[i] = 0xa
+		}
+	}
+	return len(dAtA) - i, nil
+}
+
+func (m *ValidatingAdmissionPolicy) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *ValidatingAdmissionPolicy) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ValidatingAdmissionPolicy) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	{
+		size, err := m.Status.MarshalToSizedBuffer(dAtA[:i])
+		if err != nil {
+			return 0, err
 		}
+		i -= size
+		i = encodeVarintGenerated(dAtA, i, uint64(size))
 	}
+	i--
+	dAtA[i] = 0x1a
 	{
-		size, err := m.ClientConfig.MarshalToSizedBuffer(dAtA[:i])
+		size, err := m.Spec.MarshalToSizedBuffer(dAtA[:i])
 		if err != nil {
 			return 0, err
 		}
@@ -804,15 +1562,20 @@ func (m *ValidatingWebhook) MarshalToSizedBuffer(dAtA []byte) (int, error) {
 	}
 	i--
 	dAtA[i] = 0x12
-	i -= len(m.Name)
-	copy(dAtA[i:], m.Name)
-	i = encodeVarintGenerated(dAtA, i, uint64(len(m.Name)))
+	{
+		size, err := m.ObjectMeta.MarshalToSizedBuffer(dAtA[:i])
+		if err != nil {
+			return 0, err
+		}
+		i -= size
+		i = encodeVarintGenerated(dAtA, i, uint64(size))
+	}
 	i--
 	dAtA[i] = 0xa
 	return len(dAtA) - i, nil
 }
 
-func (m *ValidatingWebhookConfiguration) Marshal() (dAtA []byte, err error) {
+func (m *ValidatingAdmissionPolicyBinding) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
 	n, err := m.MarshalToSizedBuffer(dAtA[:size])
@@ -822,30 +1585,26 @@ func (m *ValidatingWebhookConfiguration) Marshal() (dAtA []byte, err error) {
 	return dAtA[:n], nil
 }
 
-func (m *ValidatingWebhookConfiguration) MarshalTo(dAtA []byte) (int, error) {
+func (m *ValidatingAdmissionPolicyBinding) MarshalTo(dAtA []byte) (int, error) {
 	size := m.Size()
 	return m.MarshalToSizedBuffer(dAtA[:size])
 }
 
-func (m *ValidatingWebhookConfiguration) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+func (m *ValidatingAdmissionPolicyBinding) MarshalToSizedBuffer(dAtA []byte) (int, error) {
 	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.Webhooks) > 0 {
-		for iNdEx := len(m.Webhooks) - 1; iNdEx >= 0; iNdEx-- {
-			{
-				size, err := m.Webhooks[iNdEx].MarshalToSizedBuffer(dAtA[:i])
-				if err != nil {
-					return 0, err
-				}
-				i -= size
-				i = encodeVarintGenerated(dAtA, i, uint64(size))
-			}
-			i--
-			dAtA[i] = 0x12
+	{
+		size, err := m.Spec.MarshalToSizedBuffer(dAtA[:i])
+		if err != nil {
+			return 0, err
 		}
+		i -= size
+		i = encodeVarintGenerated(dAtA, i, uint64(size))
 	}
+	i--
+	dAtA[i] = 0x12
 	{
 		size, err := m.ObjectMeta.MarshalToSizedBuffer(dAtA[:i])
 		if err != nil {
@@ -859,7 +1618,7 @@ func (m *ValidatingWebhookConfiguration) MarshalToSizedBuffer(dAtA []byte) (int,
 	return len(dAtA) - i, nil
 }
 
-func (m *ValidatingWebhookConfigurationList) Marshal() (dAtA []byte, err error) {
+func (m *ValidatingAdmissionPolicyBindingList) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
 	n, err := m.MarshalToSizedBuffer(dAtA[:size])
@@ -869,12 +1628,12 @@ func (m *ValidatingWebhookConfigurationList) Marshal() (dAtA []byte, err error)
 	return dAtA[:n], nil
 }
 
-func (m *ValidatingWebhookConfigurationList) MarshalTo(dAtA []byte) (int, error) {
+func (m *ValidatingAdmissionPolicyBindingList) MarshalTo(dAtA []byte) (int, error) {
 	size := m.Size()
 	return m.MarshalToSizedBuffer(dAtA[:size])
 }
 
-func (m *ValidatingWebhookConfigurationList) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+func (m *ValidatingAdmissionPolicyBindingList) MarshalToSizedBuffer(dAtA []byte) (int, error) {
 	i := len(dAtA)
 	_ = i
 	var l int
@@ -906,7 +1665,7 @@ func (m *ValidatingWebhookConfigurationList) MarshalToSizedBuffer(dAtA []byte) (
 	return len(dAtA) - i, nil
 }
 
-func (m *WebhookClientConfig) Marshal() (dAtA []byte, err error) {
+func (m *ValidatingAdmissionPolicyBindingSpec) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
 	n, err := m.MarshalToSizedBuffer(dAtA[:size])
@@ -916,33 +1675,40 @@ func (m *WebhookClientConfig) Marshal() (dAtA []byte, err error) {
 	return dAtA[:n], nil
 }
 
-func (m *WebhookClientConfig) MarshalTo(dAtA []byte) (int, error) {
+func (m *ValidatingAdmissionPolicyBindingSpec) MarshalTo(dAtA []byte) (int, error) {
 	size := m.Size()
 	return m.MarshalToSizedBuffer(dAtA[:size])
 }
 
-func (m *WebhookClientConfig) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+func (m *ValidatingAdmissionPolicyBindingSpec) MarshalToSizedBuffer(dAtA []byte) (int, error) {
 	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if m.URL != nil {
-		i -= len(*m.URL)
-		copy(dAtA[i:], *m.URL)
-		i = encodeVarintGenerated(dAtA, i, uint64(len(*m.URL)))
-		i--
-		dAtA[i] = 0x1a
+	if len(m.ValidationActions) > 0 {
+		for iNdEx := len(m.ValidationActions) - 1; iNdEx >= 0; iNdEx-- {
+			i -= len(m.ValidationActions[iNdEx])
+			copy(dAtA[i:], m.ValidationActions[iNdEx])
+			i = encodeVarintGenerated(dAtA, i, uint64(len(m.ValidationActions[iNdEx])))
+			i--
+			dAtA[i] = 0x22
+		}
 	}
-	if m.CABundle != nil {
-		i -= len(m.CABundle)
-		copy(dAtA[i:], m.CABundle)
-		i = encodeVarintGenerated(dAtA, i, uint64(len(m.CABundle)))
+	if m.MatchResources != nil {
+		{
+			size, err := m.MatchResources.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintGenerated(dAtA, i, uint64(size))
+		}
 		i--
-		dAtA[i] = 0x12
+		dAtA[i] = 0x1a
 	}
-	if m.Service != nil {
+	if m.ParamRef != nil {
 		{
-			size, err := m.Service.MarshalToSizedBuffer(dAtA[:i])
+			size, err := m.ParamRef.MarshalToSizedBuffer(dAtA[:i])
 			if err != nil {
 				return 0, err
 			}
@@ -950,432 +1716,3359 @@ func (m *WebhookClientConfig) MarshalToSizedBuffer(dAtA []byte) (int, error) {
 			i = encodeVarintGenerated(dAtA, i, uint64(size))
 		}
 		i--
-		dAtA[i] = 0xa
+		dAtA[i] = 0x12
 	}
+	i -= len(m.PolicyName)
+	copy(dAtA[i:], m.PolicyName)
+	i = encodeVarintGenerated(dAtA, i, uint64(len(m.PolicyName)))
+	i--
+	dAtA[i] = 0xa
 	return len(dAtA) - i, nil
 }
 
-func encodeVarintGenerated(dAtA []byte, offset int, v uint64) int {
-	offset -= sovGenerated(v)
-	base := offset
-	for v >= 1<<7 {
-		dAtA[offset] = uint8(v&0x7f | 0x80)
-		v >>= 7
-		offset++
+func (m *ValidatingAdmissionPolicyList) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
 	}
-	dAtA[offset] = uint8(v)
-	return base
+	return dAtA[:n], nil
 }
-func (m *MatchCondition) Size() (n int) {
-	if m == nil {
-		return 0
-	}
-	var l int
-	_ = l
-	l = len(m.Name)
-	n += 1 + l + sovGenerated(uint64(l))
-	l = len(m.Expression)
-	n += 1 + l + sovGenerated(uint64(l))
-	return n
+
+func (m *ValidatingAdmissionPolicyList) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
 }
 
-func (m *MutatingWebhook) Size() (n int) {
-	if m == nil {
-		return 0
-	}
+func (m *ValidatingAdmissionPolicyList) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
 	var l int
 	_ = l
-	l = len(m.Name)
-	n += 1 + l + sovGenerated(uint64(l))
-	l = m.ClientConfig.Size()
-	n += 1 + l + sovGenerated(uint64(l))
-	if len(m.Rules) > 0 {
-		for _, e := range m.Rules {
-			l = e.Size()
-			n += 1 + l + sovGenerated(uint64(l))
+	if len(m.Items) > 0 {
+		for iNdEx := len(m.Items) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Items[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintGenerated(dAtA, i, uint64(size))
+			}
+			i--
+			dAtA[i] = 0x12
 		}
 	}
-	if m.FailurePolicy != nil {
-		l = len(*m.FailurePolicy)
-		n += 1 + l + sovGenerated(uint64(l))
+	{
+		size, err := m.ListMeta.MarshalToSizedBuffer(dAtA[:i])
+		if err != nil {
+			return 0, err
+		}
+		i -= size
+		i = encodeVarintGenerated(dAtA, i, uint64(size))
 	}
-	if m.NamespaceSelector != nil {
-		l = m.NamespaceSelector.Size()
-		n += 1 + l + sovGenerated(uint64(l))
-	}
-	if m.SideEffects != nil {
-		l = len(*m.SideEffects)
-		n += 1 + l + sovGenerated(uint64(l))
-	}
-	if m.TimeoutSeconds != nil {
-		n += 1 + sovGenerated(uint64(*m.TimeoutSeconds))
-	}
-	if len(m.AdmissionReviewVersions) > 0 {
-		for _, s := range m.AdmissionReviewVersions {
-			l = len(s)
-			n += 1 + l + sovGenerated(uint64(l))
-		}
-	}
-	if m.MatchPolicy != nil {
-		l = len(*m.MatchPolicy)
-		n += 1 + l + sovGenerated(uint64(l))
-	}
-	if m.ReinvocationPolicy != nil {
-		l = len(*m.ReinvocationPolicy)
-		n += 1 + l + sovGenerated(uint64(l))
-	}
-	if m.ObjectSelector != nil {
-		l = m.ObjectSelector.Size()
-		n += 1 + l + sovGenerated(uint64(l))
-	}
-	if len(m.MatchConditions) > 0 {
-		for _, e := range m.MatchConditions {
-			l = e.Size()
-			n += 1 + l + sovGenerated(uint64(l))
-		}
-	}
-	return n
+	i--
+	dAtA[i] = 0xa
+	return len(dAtA) - i, nil
 }
 
-func (m *MutatingWebhookConfiguration) Size() (n int) {
-	if m == nil {
-		return 0
-	}
-	var l int
-	_ = l
-	l = m.ObjectMeta.Size()
-	n += 1 + l + sovGenerated(uint64(l))
-	if len(m.Webhooks) > 0 {
-		for _, e := range m.Webhooks {
-			l = e.Size()
-			n += 1 + l + sovGenerated(uint64(l))
-		}
+func (m *ValidatingAdmissionPolicySpec) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
 	}
-	return n
+	return dAtA[:n], nil
 }
 
-func (m *MutatingWebhookConfigurationList) Size() (n int) {
-	if m == nil {
-		return 0
-	}
-	var l int
-	_ = l
-	l = m.ListMeta.Size()
-	n += 1 + l + sovGenerated(uint64(l))
-	if len(m.Items) > 0 {
-		for _, e := range m.Items {
-			l = e.Size()
-			n += 1 + l + sovGenerated(uint64(l))
-		}
-	}
-	return n
+func (m *ValidatingAdmissionPolicySpec) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
 }
 
-func (m *ServiceReference) Size() (n int) {
-	if m == nil {
-		return 0
-	}
+func (m *ValidatingAdmissionPolicySpec) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
 	var l int
 	_ = l
-	l = len(m.Namespace)
-	n += 1 + l + sovGenerated(uint64(l))
-	l = len(m.Name)
-	n += 1 + l + sovGenerated(uint64(l))
-	if m.Path != nil {
-		l = len(*m.Path)
-		n += 1 + l + sovGenerated(uint64(l))
-	}
-	if m.Port != nil {
-		n += 1 + sovGenerated(uint64(*m.Port))
+	if len(m.Variables) > 0 {
+		for iNdEx := len(m.Variables) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Variables[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintGenerated(dAtA, i, uint64(size))
+			}
+			i--
+			dAtA[i] = 0x3a
+		}
 	}
-	return n
-}
-
-func (m *ValidatingWebhook) Size() (n int) {
-	if m == nil {
-		return 0
+	if len(m.MatchConditions) > 0 {
+		for iNdEx := len(m.MatchConditions) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.MatchConditions[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintGenerated(dAtA, i, uint64(size))
+			}
+			i--
+			dAtA[i] = 0x32
+		}
 	}
-	var l int
-	_ = l
-	l = len(m.Name)
-	n += 1 + l + sovGenerated(uint64(l))
-	l = m.ClientConfig.Size()
-	n += 1 + l + sovGenerated(uint64(l))
-	if len(m.Rules) > 0 {
-		for _, e := range m.Rules {
-			l = e.Size()
-			n += 1 + l + sovGenerated(uint64(l))
+	if len(m.AuditAnnotations) > 0 {
+		for iNdEx := len(m.AuditAnnotations) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.AuditAnnotations[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintGenerated(dAtA, i, uint64(size))
+			}
+			i--
+			dAtA[i] = 0x2a
 		}
 	}
 	if m.FailurePolicy != nil {
-		l = len(*m.FailurePolicy)
-		n += 1 + l + sovGenerated(uint64(l))
-	}
-	if m.NamespaceSelector != nil {
-		l = m.NamespaceSelector.Size()
-		n += 1 + l + sovGenerated(uint64(l))
-	}
-	if m.SideEffects != nil {
-		l = len(*m.SideEffects)
-		n += 1 + l + sovGenerated(uint64(l))
-	}
-	if m.TimeoutSeconds != nil {
-		n += 1 + sovGenerated(uint64(*m.TimeoutSeconds))
+		i -= len(*m.FailurePolicy)
+		copy(dAtA[i:], *m.FailurePolicy)
+		i = encodeVarintGenerated(dAtA, i, uint64(len(*m.FailurePolicy)))
+		i--
+		dAtA[i] = 0x22
 	}
-	if len(m.AdmissionReviewVersions) > 0 {
-		for _, s := range m.AdmissionReviewVersions {
-			l = len(s)
-			n += 1 + l + sovGenerated(uint64(l))
+	if len(m.Validations) > 0 {
+		for iNdEx := len(m.Validations) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Validations[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintGenerated(dAtA, i, uint64(size))
+			}
+			i--
+			dAtA[i] = 0x1a
 		}
 	}
-	if m.MatchPolicy != nil {
-		l = len(*m.MatchPolicy)
-		n += 1 + l + sovGenerated(uint64(l))
-	}
-	if m.ObjectSelector != nil {
-		l = m.ObjectSelector.Size()
-		n += 1 + l + sovGenerated(uint64(l))
+	if m.MatchConstraints != nil {
+		{
+			size, err := m.MatchConstraints.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintGenerated(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x12
 	}
-	if len(m.MatchConditions) > 0 {
-		for _, e := range m.MatchConditions {
-			l = e.Size()
-			n += 1 + l + sovGenerated(uint64(l))
+	if m.ParamKind != nil {
+		{
+			size, err := m.ParamKind.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintGenerated(dAtA, i, uint64(size))
 		}
+		i--
+		dAtA[i] = 0xa
 	}
-	return n
+	return len(dAtA) - i, nil
 }
 
-func (m *ValidatingWebhookConfiguration) Size() (n int) {
-	if m == nil {
-		return 0
-	}
-	var l int
-	_ = l
-	l = m.ObjectMeta.Size()
-	n += 1 + l + sovGenerated(uint64(l))
-	if len(m.Webhooks) > 0 {
-		for _, e := range m.Webhooks {
-			l = e.Size()
-			n += 1 + l + sovGenerated(uint64(l))
-		}
+func (m *ValidatingAdmissionPolicyStatus) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
 	}
-	return n
+	return dAtA[:n], nil
 }
 
-func (m *ValidatingWebhookConfigurationList) Size() (n int) {
-	if m == nil {
-		return 0
-	}
+func (m *ValidatingAdmissionPolicyStatus) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ValidatingAdmissionPolicyStatus) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
 	var l int
 	_ = l
-	l = m.ListMeta.Size()
-	n += 1 + l + sovGenerated(uint64(l))
-	if len(m.Items) > 0 {
-		for _, e := range m.Items {
-			l = e.Size()
-			n += 1 + l + sovGenerated(uint64(l))
+	if len(m.Conditions) > 0 {
+		for iNdEx := len(m.Conditions) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Conditions[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintGenerated(dAtA, i, uint64(size))
+			}
+			i--
+			dAtA[i] = 0x1a
 		}
 	}
-	return n
+	if m.TypeChecking != nil {
+		{
+			size, err := m.TypeChecking.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintGenerated(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x12
+	}
+	i = encodeVarintGenerated(dAtA, i, uint64(m.ObservedGeneration))
+	i--
+	dAtA[i] = 0x8
+	return len(dAtA) - i, nil
 }
 
-func (m *WebhookClientConfig) Size() (n int) {
-	if m == nil {
-		return 0
+func (m *ValidatingWebhook) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
 	}
+	return dAtA[:n], nil
+}
+
+func (m *ValidatingWebhook) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ValidatingWebhook) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
 	var l int
 	_ = l
-	if m.Service != nil {
-		l = m.Service.Size()
-		n += 1 + l + sovGenerated(uint64(l))
-	}
-	if m.CABundle != nil {
-		l = len(m.CABundle)
-		n += 1 + l + sovGenerated(uint64(l))
+	if len(m.MatchConditions) > 0 {
+		for iNdEx := len(m.MatchConditions) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.MatchConditions[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintGenerated(dAtA, i, uint64(size))
+			}
+			i--
+			dAtA[i] = 0x5a
+		}
 	}
-	if m.URL != nil {
-		l = len(*m.URL)
-		n += 1 + l + sovGenerated(uint64(l))
+	if m.ObjectSelector != nil {
+		{
+			size, err := m.ObjectSelector.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintGenerated(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x52
 	}
-	return n
-}
-
-func sovGenerated(x uint64) (n int) {
-	return (math_bits.Len64(x|1) + 6) / 7
-}
-func sozGenerated(x uint64) (n int) {
-	return sovGenerated(uint64((x << 1) ^ uint64((int64(x) >> 63))))
-}
-func (this *MatchCondition) String() string {
-	if this == nil {
-		return "nil"
+	if m.MatchPolicy != nil {
+		i -= len(*m.MatchPolicy)
+		copy(dAtA[i:], *m.MatchPolicy)
+		i = encodeVarintGenerated(dAtA, i, uint64(len(*m.MatchPolicy)))
+		i--
+		dAtA[i] = 0x4a
 	}
-	s := strings.Join([]string{`&MatchCondition{`,
-		`Name:` + fmt.Sprintf("%v", this.Name) + `,`,
-		`Expression:` + fmt.Sprintf("%v", this.Expression) + `,`,
-		`}`,
-	}, "")
-	return s
-}
-func (this *MutatingWebhook) String() string {
-	if this == nil {
-		return "nil"
+	if len(m.AdmissionReviewVersions) > 0 {
+		for iNdEx := len(m.AdmissionReviewVersions) - 1; iNdEx >= 0; iNdEx-- {
+			i -= len(m.AdmissionReviewVersions[iNdEx])
+			copy(dAtA[i:], m.AdmissionReviewVersions[iNdEx])
+			i = encodeVarintGenerated(dAtA, i, uint64(len(m.AdmissionReviewVersions[iNdEx])))
+			i--
+			dAtA[i] = 0x42
+		}
 	}
-	repeatedStringForRules := "[]RuleWithOperations{"
-	for _, f := range this.Rules {
-		repeatedStringForRules += fmt.Sprintf("%v", f) + ","
+	if m.TimeoutSeconds != nil {
+		i = encodeVarintGenerated(dAtA, i, uint64(*m.TimeoutSeconds))
+		i--
+		dAtA[i] = 0x38
 	}
-	repeatedStringForRules += "}"
-	repeatedStringForMatchConditions := "[]MatchCondition{"
-	for _, f := range this.MatchConditions {
-		repeatedStringForMatchConditions += strings.Replace(strings.Replace(f.String(), "MatchCondition", "MatchCondition", 1), `&`, ``, 1) + ","
+	if m.SideEffects != nil {
+		i -= len(*m.SideEffects)
+		copy(dAtA[i:], *m.SideEffects)
+		i = encodeVarintGenerated(dAtA, i, uint64(len(*m.SideEffects)))
+		i--
+		dAtA[i] = 0x32
 	}
-	repeatedStringForMatchConditions += "}"
-	s := strings.Join([]string{`&MutatingWebhook{`,
-		`Name:` + fmt.Sprintf("%v", this.Name) + `,`,
-		`ClientConfig:` + strings.Replace(strings.Replace(this.ClientConfig.String(), "WebhookClientConfig", "WebhookClientConfig", 1), `&`, ``, 1) + `,`,
-		`Rules:` + repeatedStringForRules + `,`,
-		`FailurePolicy:` + valueToStringGenerated(this.FailurePolicy) + `,`,
-		`NamespaceSelector:` + strings.Replace(fmt.Sprintf("%v", this.NamespaceSelector), "LabelSelector", "v11.LabelSelector", 1) + `,`,
-		`SideEffects:` + valueToStringGenerated(this.SideEffects) + `,`,
-		`TimeoutSeconds:` + valueToStringGenerated(this.TimeoutSeconds) + `,`,
-		`AdmissionReviewVersions:` + fmt.Sprintf("%v", this.AdmissionReviewVersions) + `,`,
-		`MatchPolicy:` + valueToStringGenerated(this.MatchPolicy) + `,`,
-		`ReinvocationPolicy:` + valueToStringGenerated(this.ReinvocationPolicy) + `,`,
-		`ObjectSelector:` + strings.Replace(fmt.Sprintf("%v", this.ObjectSelector), "LabelSelector", "v11.LabelSelector", 1) + `,`,
-		`MatchConditions:` + repeatedStringForMatchConditions + `,`,
-		`}`,
-	}, "")
-	return s
-}
-func (this *MutatingWebhookConfiguration) String() string {
-	if this == nil {
-		return "nil"
+	if m.NamespaceSelector != nil {
+		{
+			size, err := m.NamespaceSelector.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintGenerated(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x2a
 	}
-	repeatedStringForWebhooks := "[]MutatingWebhook{"
-	for _, f := range this.Webhooks {
-		repeatedStringForWebhooks += strings.Replace(strings.Replace(f.String(), "MutatingWebhook", "MutatingWebhook", 1), `&`, ``, 1) + ","
+	if m.FailurePolicy != nil {
+		i -= len(*m.FailurePolicy)
+		copy(dAtA[i:], *m.FailurePolicy)
+		i = encodeVarintGenerated(dAtA, i, uint64(len(*m.FailurePolicy)))
+		i--
+		dAtA[i] = 0x22
 	}
-	repeatedStringForWebhooks += "}"
-	s := strings.Join([]string{`&MutatingWebhookConfiguration{`,
-		`ObjectMeta:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.ObjectMeta), "ObjectMeta", "v11.ObjectMeta", 1), `&`, ``, 1) + `,`,
-		`Webhooks:` + repeatedStringForWebhooks + `,`,
-		`}`,
-	}, "")
-	return s
-}
-func (this *MutatingWebhookConfigurationList) String() string {
-	if this == nil {
-		return "nil"
+	if len(m.Rules) > 0 {
+		for iNdEx := len(m.Rules) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Rules[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintGenerated(dAtA, i, uint64(size))
+			}
+			i--
+			dAtA[i] = 0x1a
+		}
 	}
-	repeatedStringForItems := "[]MutatingWebhookConfiguration{"
-	for _, f := range this.Items {
-		repeatedStringForItems += strings.Replace(strings.Replace(f.String(), "MutatingWebhookConfiguration", "MutatingWebhookConfiguration", 1), `&`, ``, 1) + ","
+	{
+		size, err := m.ClientConfig.MarshalToSizedBuffer(dAtA[:i])
+		if err != nil {
+			return 0, err
+		}
+		i -= size
+		i = encodeVarintGenerated(dAtA, i, uint64(size))
 	}
-	repeatedStringForItems += "}"
-	s := strings.Join([]string{`&MutatingWebhookConfigurationList{`,
-		`ListMeta:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.ListMeta), "ListMeta", "v11.ListMeta", 1), `&`, ``, 1) + `,`,
-		`Items:` + repeatedStringForItems + `,`,
-		`}`,
-	}, "")
-	return s
+	i--
+	dAtA[i] = 0x12
+	i -= len(m.Name)
+	copy(dAtA[i:], m.Name)
+	i = encodeVarintGenerated(dAtA, i, uint64(len(m.Name)))
+	i--
+	dAtA[i] = 0xa
+	return len(dAtA) - i, nil
 }
-func (this *ServiceReference) String() string {
-	if this == nil {
-		return "nil"
+
+func (m *ValidatingWebhookConfiguration) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
 	}
-	s := strings.Join([]string{`&ServiceReference{`,
-		`Namespace:` + fmt.Sprintf("%v", this.Namespace) + `,`,
-		`Name:` + fmt.Sprintf("%v", this.Name) + `,`,
-		`Path:` + valueToStringGenerated(this.Path) + `,`,
-		`Port:` + valueToStringGenerated(this.Port) + `,`,
-		`}`,
-	}, "")
-	return s
+	return dAtA[:n], nil
 }
-func (this *ValidatingWebhook) String() string {
-	if this == nil {
-		return "nil"
-	}
-	repeatedStringForRules := "[]RuleWithOperations{"
-	for _, f := range this.Rules {
-		repeatedStringForRules += fmt.Sprintf("%v", f) + ","
+
+func (m *ValidatingWebhookConfiguration) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ValidatingWebhookConfiguration) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if len(m.Webhooks) > 0 {
+		for iNdEx := len(m.Webhooks) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Webhooks[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintGenerated(dAtA, i, uint64(size))
+			}
+			i--
+			dAtA[i] = 0x12
+		}
 	}
-	repeatedStringForRules += "}"
-	repeatedStringForMatchConditions := "[]MatchCondition{"
-	for _, f := range this.MatchConditions {
-		repeatedStringForMatchConditions += strings.Replace(strings.Replace(f.String(), "MatchCondition", "MatchCondition", 1), `&`, ``, 1) + ","
+	{
+		size, err := m.ObjectMeta.MarshalToSizedBuffer(dAtA[:i])
+		if err != nil {
+			return 0, err
+		}
+		i -= size
+		i = encodeVarintGenerated(dAtA, i, uint64(size))
 	}
-	repeatedStringForMatchConditions += "}"
-	s := strings.Join([]string{`&ValidatingWebhook{`,
-		`Name:` + fmt.Sprintf("%v", this.Name) + `,`,
+	i--
+	dAtA[i] = 0xa
+	return len(dAtA) - i, nil
+}
+
+func (m *ValidatingWebhookConfigurationList) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *ValidatingWebhookConfigurationList) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ValidatingWebhookConfigurationList) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if len(m.Items) > 0 {
+		for iNdEx := len(m.Items) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Items[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintGenerated(dAtA, i, uint64(size))
+			}
+			i--
+			dAtA[i] = 0x12
+		}
+	}
+	{
+		size, err := m.ListMeta.MarshalToSizedBuffer(dAtA[:i])
+		if err != nil {
+			return 0, err
+		}
+		i -= size
+		i = encodeVarintGenerated(dAtA, i, uint64(size))
+	}
+	i--
+	dAtA[i] = 0xa
+	return len(dAtA) - i, nil
+}
+
+func (m *Validation) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *Validation) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Validation) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	i -= len(m.MessageExpression)
+	copy(dAtA[i:], m.MessageExpression)
+	i = encodeVarintGenerated(dAtA, i, uint64(len(m.MessageExpression)))
+	i--
+	dAtA[i] = 0x22
+	if m.Reason != nil {
+		i -= len(*m.Reason)
+		copy(dAtA[i:], *m.Reason)
+		i = encodeVarintGenerated(dAtA, i, uint64(len(*m.Reason)))
+		i--
+		dAtA[i] = 0x1a
+	}
+	i -= len(m.Message)
+	copy(dAtA[i:], m.Message)
+	i = encodeVarintGenerated(dAtA, i, uint64(len(m.Message)))
+	i--
+	dAtA[i] = 0x12
+	i -= len(m.Expression)
+	copy(dAtA[i:], m.Expression)
+	i = encodeVarintGenerated(dAtA, i, uint64(len(m.Expression)))
+	i--
+	dAtA[i] = 0xa
+	return len(dAtA) - i, nil
+}
+
+func (m *Variable) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *Variable) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Variable) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	i -= len(m.Expression)
+	copy(dAtA[i:], m.Expression)
+	i = encodeVarintGenerated(dAtA, i, uint64(len(m.Expression)))
+	i--
+	dAtA[i] = 0x12
+	i -= len(m.Name)
+	copy(dAtA[i:], m.Name)
+	i = encodeVarintGenerated(dAtA, i, uint64(len(m.Name)))
+	i--
+	dAtA[i] = 0xa
+	return len(dAtA) - i, nil
+}
+
+func (m *WebhookClientConfig) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *WebhookClientConfig) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *WebhookClientConfig) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.URL != nil {
+		i -= len(*m.URL)
+		copy(dAtA[i:], *m.URL)
+		i = encodeVarintGenerated(dAtA, i, uint64(len(*m.URL)))
+		i--
+		dAtA[i] = 0x1a
+	}
+	if m.CABundle != nil {
+		i -= len(m.CABundle)
+		copy(dAtA[i:], m.CABundle)
+		i = encodeVarintGenerated(dAtA, i, uint64(len(m.CABundle)))
+		i--
+		dAtA[i] = 0x12
+	}
+	if m.Service != nil {
+		{
+			size, err := m.Service.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintGenerated(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
+}
+
+func encodeVarintGenerated(dAtA []byte, offset int, v uint64) int {
+	offset -= sovGenerated(v)
+	base := offset
+	for v >= 1<<7 {
+		dAtA[offset] = uint8(v&0x7f | 0x80)
+		v >>= 7
+		offset++
+	}
+	dAtA[offset] = uint8(v)
+	return base
+}
+func (m *AuditAnnotation) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = len(m.Key)
+	n += 1 + l + sovGenerated(uint64(l))
+	l = len(m.ValueExpression)
+	n += 1 + l + sovGenerated(uint64(l))
+	return n
+}
+
+func (m *ExpressionWarning) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = len(m.FieldRef)
+	n += 1 + l + sovGenerated(uint64(l))
+	l = len(m.Warning)
+	n += 1 + l + sovGenerated(uint64(l))
+	return n
+}
+
+func (m *MatchCondition) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = len(m.Name)
+	n += 1 + l + sovGenerated(uint64(l))
+	l = len(m.Expression)
+	n += 1 + l + sovGenerated(uint64(l))
+	return n
+}
+
+func (m *MatchResources) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.NamespaceSelector != nil {
+		l = m.NamespaceSelector.Size()
+		n += 1 + l + sovGenerated(uint64(l))
+	}
+	if m.ObjectSelector != nil {
+		l = m.ObjectSelector.Size()
+		n += 1 + l + sovGenerated(uint64(l))
+	}
+	if len(m.ResourceRules) > 0 {
+		for _, e := range m.ResourceRules {
+			l = e.Size()
+			n += 1 + l + sovGenerated(uint64(l))
+		}
+	}
+	if len(m.ExcludeResourceRules) > 0 {
+		for _, e := range m.ExcludeResourceRules {
+			l = e.Size()
+			n += 1 + l + sovGenerated(uint64(l))
+		}
+	}
+	if m.MatchPolicy != nil {
+		l = len(*m.MatchPolicy)
+		n += 1 + l + sovGenerated(uint64(l))
+	}
+	return n
+}
+
+func (m *MutatingWebhook) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = len(m.Name)
+	n += 1 + l + sovGenerated(uint64(l))
+	l = m.ClientConfig.Size()
+	n += 1 + l + sovGenerated(uint64(l))
+	if len(m.Rules) > 0 {
+		for _, e := range m.Rules {
+			l = e.Size()
+			n += 1 + l + sovGenerated(uint64(l))
+		}
+	}
+	if m.FailurePolicy != nil {
+		l = len(*m.FailurePolicy)
+		n += 1 + l + sovGenerated(uint64(l))
+	}
+	if m.NamespaceSelector != nil {
+		l = m.NamespaceSelector.Size()
+		n += 1 + l + sovGenerated(uint64(l))
+	}
+	if m.SideEffects != nil {
+		l = len(*m.SideEffects)
+		n += 1 + l + sovGenerated(uint64(l))
+	}
+	if m.TimeoutSeconds != nil {
+		n += 1 + sovGenerated(uint64(*m.TimeoutSeconds))
+	}
+	if len(m.AdmissionReviewVersions) > 0 {
+		for _, s := range m.AdmissionReviewVersions {
+			l = len(s)
+			n += 1 + l + sovGenerated(uint64(l))
+		}
+	}
+	if m.MatchPolicy != nil {
+		l = len(*m.MatchPolicy)
+		n += 1 + l + sovGenerated(uint64(l))
+	}
+	if m.ReinvocationPolicy != nil {
+		l = len(*m.ReinvocationPolicy)
+		n += 1 + l + sovGenerated(uint64(l))
+	}
+	if m.ObjectSelector != nil {
+		l = m.ObjectSelector.Size()
+		n += 1 + l + sovGenerated(uint64(l))
+	}
+	if len(m.MatchConditions) > 0 {
+		for _, e := range m.MatchConditions {
+			l = e.Size()
+			n += 1 + l + sovGenerated(uint64(l))
+		}
+	}
+	return n
+}
+
+func (m *MutatingWebhookConfiguration) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = m.ObjectMeta.Size()
+	n += 1 + l + sovGenerated(uint64(l))
+	if len(m.Webhooks) > 0 {
+		for _, e := range m.Webhooks {
+			l = e.Size()
+			n += 1 + l + sovGenerated(uint64(l))
+		}
+	}
+	return n
+}
+
+func (m *MutatingWebhookConfigurationList) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = m.ListMeta.Size()
+	n += 1 + l + sovGenerated(uint64(l))
+	if len(m.Items) > 0 {
+		for _, e := range m.Items {
+			l = e.Size()
+			n += 1 + l + sovGenerated(uint64(l))
+		}
+	}
+	return n
+}
+
+func (m *NamedRuleWithOperations) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if len(m.ResourceNames) > 0 {
+		for _, s := range m.ResourceNames {
+			l = len(s)
+			n += 1 + l + sovGenerated(uint64(l))
+		}
+	}
+	l = m.RuleWithOperations.Size()
+	n += 1 + l + sovGenerated(uint64(l))
+	return n
+}
+
+func (m *ParamKind) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = len(m.APIVersion)
+	n += 1 + l + sovGenerated(uint64(l))
+	l = len(m.Kind)
+	n += 1 + l + sovGenerated(uint64(l))
+	return n
+}
+
+func (m *ParamRef) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = len(m.Name)
+	n += 1 + l + sovGenerated(uint64(l))
+	l = len(m.Namespace)
+	n += 1 + l + sovGenerated(uint64(l))
+	if m.Selector != nil {
+		l = m.Selector.Size()
+		n += 1 + l + sovGenerated(uint64(l))
+	}
+	if m.ParameterNotFoundAction != nil {
+		l = len(*m.ParameterNotFoundAction)
+		n += 1 + l + sovGenerated(uint64(l))
+	}
+	return n
+}
+
+func (m *ServiceReference) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = len(m.Namespace)
+	n += 1 + l + sovGenerated(uint64(l))
+	l = len(m.Name)
+	n += 1 + l + sovGenerated(uint64(l))
+	if m.Path != nil {
+		l = len(*m.Path)
+		n += 1 + l + sovGenerated(uint64(l))
+	}
+	if m.Port != nil {
+		n += 1 + sovGenerated(uint64(*m.Port))
+	}
+	return n
+}
+
+func (m *TypeChecking) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if len(m.ExpressionWarnings) > 0 {
+		for _, e := range m.ExpressionWarnings {
+			l = e.Size()
+			n += 1 + l + sovGenerated(uint64(l))
+		}
+	}
+	return n
+}
+
+func (m *ValidatingAdmissionPolicy) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = m.ObjectMeta.Size()
+	n += 1 + l + sovGenerated(uint64(l))
+	l = m.Spec.Size()
+	n += 1 + l + sovGenerated(uint64(l))
+	l = m.Status.Size()
+	n += 1 + l + sovGenerated(uint64(l))
+	return n
+}
+
+func (m *ValidatingAdmissionPolicyBinding) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = m.ObjectMeta.Size()
+	n += 1 + l + sovGenerated(uint64(l))
+	l = m.Spec.Size()
+	n += 1 + l + sovGenerated(uint64(l))
+	return n
+}
+
+func (m *ValidatingAdmissionPolicyBindingList) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = m.ListMeta.Size()
+	n += 1 + l + sovGenerated(uint64(l))
+	if len(m.Items) > 0 {
+		for _, e := range m.Items {
+			l = e.Size()
+			n += 1 + l + sovGenerated(uint64(l))
+		}
+	}
+	return n
+}
+
+func (m *ValidatingAdmissionPolicyBindingSpec) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = len(m.PolicyName)
+	n += 1 + l + sovGenerated(uint64(l))
+	if m.ParamRef != nil {
+		l = m.ParamRef.Size()
+		n += 1 + l + sovGenerated(uint64(l))
+	}
+	if m.MatchResources != nil {
+		l = m.MatchResources.Size()
+		n += 1 + l + sovGenerated(uint64(l))
+	}
+	if len(m.ValidationActions) > 0 {
+		for _, s := range m.ValidationActions {
+			l = len(s)
+			n += 1 + l + sovGenerated(uint64(l))
+		}
+	}
+	return n
+}
+
+func (m *ValidatingAdmissionPolicyList) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = m.ListMeta.Size()
+	n += 1 + l + sovGenerated(uint64(l))
+	if len(m.Items) > 0 {
+		for _, e := range m.Items {
+			l = e.Size()
+			n += 1 + l + sovGenerated(uint64(l))
+		}
+	}
+	return n
+}
+
+func (m *ValidatingAdmissionPolicySpec) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.ParamKind != nil {
+		l = m.ParamKind.Size()
+		n += 1 + l + sovGenerated(uint64(l))
+	}
+	if m.MatchConstraints != nil {
+		l = m.MatchConstraints.Size()
+		n += 1 + l + sovGenerated(uint64(l))
+	}
+	if len(m.Validations) > 0 {
+		for _, e := range m.Validations {
+			l = e.Size()
+			n += 1 + l + sovGenerated(uint64(l))
+		}
+	}
+	if m.FailurePolicy != nil {
+		l = len(*m.FailurePolicy)
+		n += 1 + l + sovGenerated(uint64(l))
+	}
+	if len(m.AuditAnnotations) > 0 {
+		for _, e := range m.AuditAnnotations {
+			l = e.Size()
+			n += 1 + l + sovGenerated(uint64(l))
+		}
+	}
+	if len(m.MatchConditions) > 0 {
+		for _, e := range m.MatchConditions {
+			l = e.Size()
+			n += 1 + l + sovGenerated(uint64(l))
+		}
+	}
+	if len(m.Variables) > 0 {
+		for _, e := range m.Variables {
+			l = e.Size()
+			n += 1 + l + sovGenerated(uint64(l))
+		}
+	}
+	return n
+}
+
+func (m *ValidatingAdmissionPolicyStatus) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	n += 1 + sovGenerated(uint64(m.ObservedGeneration))
+	if m.TypeChecking != nil {
+		l = m.TypeChecking.Size()
+		n += 1 + l + sovGenerated(uint64(l))
+	}
+	if len(m.Conditions) > 0 {
+		for _, e := range m.Conditions {
+			l = e.Size()
+			n += 1 + l + sovGenerated(uint64(l))
+		}
+	}
+	return n
+}
+
+func (m *ValidatingWebhook) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = len(m.Name)
+	n += 1 + l + sovGenerated(uint64(l))
+	l = m.ClientConfig.Size()
+	n += 1 + l + sovGenerated(uint64(l))
+	if len(m.Rules) > 0 {
+		for _, e := range m.Rules {
+			l = e.Size()
+			n += 1 + l + sovGenerated(uint64(l))
+		}
+	}
+	if m.FailurePolicy != nil {
+		l = len(*m.FailurePolicy)
+		n += 1 + l + sovGenerated(uint64(l))
+	}
+	if m.NamespaceSelector != nil {
+		l = m.NamespaceSelector.Size()
+		n += 1 + l + sovGenerated(uint64(l))
+	}
+	if m.SideEffects != nil {
+		l = len(*m.SideEffects)
+		n += 1 + l + sovGenerated(uint64(l))
+	}
+	if m.TimeoutSeconds != nil {
+		n += 1 + sovGenerated(uint64(*m.TimeoutSeconds))
+	}
+	if len(m.AdmissionReviewVersions) > 0 {
+		for _, s := range m.AdmissionReviewVersions {
+			l = len(s)
+			n += 1 + l + sovGenerated(uint64(l))
+		}
+	}
+	if m.MatchPolicy != nil {
+		l = len(*m.MatchPolicy)
+		n += 1 + l + sovGenerated(uint64(l))
+	}
+	if m.ObjectSelector != nil {
+		l = m.ObjectSelector.Size()
+		n += 1 + l + sovGenerated(uint64(l))
+	}
+	if len(m.MatchConditions) > 0 {
+		for _, e := range m.MatchConditions {
+			l = e.Size()
+			n += 1 + l + sovGenerated(uint64(l))
+		}
+	}
+	return n
+}
+
+func (m *ValidatingWebhookConfiguration) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = m.ObjectMeta.Size()
+	n += 1 + l + sovGenerated(uint64(l))
+	if len(m.Webhooks) > 0 {
+		for _, e := range m.Webhooks {
+			l = e.Size()
+			n += 1 + l + sovGenerated(uint64(l))
+		}
+	}
+	return n
+}
+
+func (m *ValidatingWebhookConfigurationList) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = m.ListMeta.Size()
+	n += 1 + l + sovGenerated(uint64(l))
+	if len(m.Items) > 0 {
+		for _, e := range m.Items {
+			l = e.Size()
+			n += 1 + l + sovGenerated(uint64(l))
+		}
+	}
+	return n
+}
+
+func (m *Validation) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = len(m.Expression)
+	n += 1 + l + sovGenerated(uint64(l))
+	l = len(m.Message)
+	n += 1 + l + sovGenerated(uint64(l))
+	if m.Reason != nil {
+		l = len(*m.Reason)
+		n += 1 + l + sovGenerated(uint64(l))
+	}
+	l = len(m.MessageExpression)
+	n += 1 + l + sovGenerated(uint64(l))
+	return n
+}
+
+func (m *Variable) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = len(m.Name)
+	n += 1 + l + sovGenerated(uint64(l))
+	l = len(m.Expression)
+	n += 1 + l + sovGenerated(uint64(l))
+	return n
+}
+
+func (m *WebhookClientConfig) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.Service != nil {
+		l = m.Service.Size()
+		n += 1 + l + sovGenerated(uint64(l))
+	}
+	if m.CABundle != nil {
+		l = len(m.CABundle)
+		n += 1 + l + sovGenerated(uint64(l))
+	}
+	if m.URL != nil {
+		l = len(*m.URL)
+		n += 1 + l + sovGenerated(uint64(l))
+	}
+	return n
+}
+
+func sovGenerated(x uint64) (n int) {
+	return (math_bits.Len64(x|1) + 6) / 7
+}
+func sozGenerated(x uint64) (n int) {
+	return sovGenerated(uint64((x << 1) ^ uint64((int64(x) >> 63))))
+}
+func (this *AuditAnnotation) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&AuditAnnotation{`,
+		`Key:` + fmt.Sprintf("%v", this.Key) + `,`,
+		`ValueExpression:` + fmt.Sprintf("%v", this.ValueExpression) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *ExpressionWarning) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&ExpressionWarning{`,
+		`FieldRef:` + fmt.Sprintf("%v", this.FieldRef) + `,`,
+		`Warning:` + fmt.Sprintf("%v", this.Warning) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *MatchCondition) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&MatchCondition{`,
+		`Name:` + fmt.Sprintf("%v", this.Name) + `,`,
+		`Expression:` + fmt.Sprintf("%v", this.Expression) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *MatchResources) String() string {
+	if this == nil {
+		return "nil"
+	}
+	repeatedStringForResourceRules := "[]NamedRuleWithOperations{"
+	for _, f := range this.ResourceRules {
+		repeatedStringForResourceRules += strings.Replace(strings.Replace(f.String(), "NamedRuleWithOperations", "NamedRuleWithOperations", 1), `&`, ``, 1) + ","
+	}
+	repeatedStringForResourceRules += "}"
+	repeatedStringForExcludeResourceRules := "[]NamedRuleWithOperations{"
+	for _, f := range this.ExcludeResourceRules {
+		repeatedStringForExcludeResourceRules += strings.Replace(strings.Replace(f.String(), "NamedRuleWithOperations", "NamedRuleWithOperations", 1), `&`, ``, 1) + ","
+	}
+	repeatedStringForExcludeResourceRules += "}"
+	s := strings.Join([]string{`&MatchResources{`,
+		`NamespaceSelector:` + strings.Replace(fmt.Sprintf("%v", this.NamespaceSelector), "LabelSelector", "v1.LabelSelector", 1) + `,`,
+		`ObjectSelector:` + strings.Replace(fmt.Sprintf("%v", this.ObjectSelector), "LabelSelector", "v1.LabelSelector", 1) + `,`,
+		`ResourceRules:` + repeatedStringForResourceRules + `,`,
+		`ExcludeResourceRules:` + repeatedStringForExcludeResourceRules + `,`,
+		`MatchPolicy:` + valueToStringGenerated(this.MatchPolicy) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *MutatingWebhook) String() string {
+	if this == nil {
+		return "nil"
+	}
+	repeatedStringForRules := "[]RuleWithOperations{"
+	for _, f := range this.Rules {
+		repeatedStringForRules += fmt.Sprintf("%v", f) + ","
+	}
+	repeatedStringForRules += "}"
+	repeatedStringForMatchConditions := "[]MatchCondition{"
+	for _, f := range this.MatchConditions {
+		repeatedStringForMatchConditions += strings.Replace(strings.Replace(f.String(), "MatchCondition", "MatchCondition", 1), `&`, ``, 1) + ","
+	}
+	repeatedStringForMatchConditions += "}"
+	s := strings.Join([]string{`&MutatingWebhook{`,
+		`Name:` + fmt.Sprintf("%v", this.Name) + `,`,
+		`ClientConfig:` + strings.Replace(strings.Replace(this.ClientConfig.String(), "WebhookClientConfig", "WebhookClientConfig", 1), `&`, ``, 1) + `,`,
+		`Rules:` + repeatedStringForRules + `,`,
+		`FailurePolicy:` + valueToStringGenerated(this.FailurePolicy) + `,`,
+		`NamespaceSelector:` + strings.Replace(fmt.Sprintf("%v", this.NamespaceSelector), "LabelSelector", "v1.LabelSelector", 1) + `,`,
+		`SideEffects:` + valueToStringGenerated(this.SideEffects) + `,`,
+		`TimeoutSeconds:` + valueToStringGenerated(this.TimeoutSeconds) + `,`,
+		`AdmissionReviewVersions:` + fmt.Sprintf("%v", this.AdmissionReviewVersions) + `,`,
+		`MatchPolicy:` + valueToStringGenerated(this.MatchPolicy) + `,`,
+		`ReinvocationPolicy:` + valueToStringGenerated(this.ReinvocationPolicy) + `,`,
+		`ObjectSelector:` + strings.Replace(fmt.Sprintf("%v", this.ObjectSelector), "LabelSelector", "v1.LabelSelector", 1) + `,`,
+		`MatchConditions:` + repeatedStringForMatchConditions + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *MutatingWebhookConfiguration) String() string {
+	if this == nil {
+		return "nil"
+	}
+	repeatedStringForWebhooks := "[]MutatingWebhook{"
+	for _, f := range this.Webhooks {
+		repeatedStringForWebhooks += strings.Replace(strings.Replace(f.String(), "MutatingWebhook", "MutatingWebhook", 1), `&`, ``, 1) + ","
+	}
+	repeatedStringForWebhooks += "}"
+	s := strings.Join([]string{`&MutatingWebhookConfiguration{`,
+		`ObjectMeta:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.ObjectMeta), "ObjectMeta", "v1.ObjectMeta", 1), `&`, ``, 1) + `,`,
+		`Webhooks:` + repeatedStringForWebhooks + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *MutatingWebhookConfigurationList) String() string {
+	if this == nil {
+		return "nil"
+	}
+	repeatedStringForItems := "[]MutatingWebhookConfiguration{"
+	for _, f := range this.Items {
+		repeatedStringForItems += strings.Replace(strings.Replace(f.String(), "MutatingWebhookConfiguration", "MutatingWebhookConfiguration", 1), `&`, ``, 1) + ","
+	}
+	repeatedStringForItems += "}"
+	s := strings.Join([]string{`&MutatingWebhookConfigurationList{`,
+		`ListMeta:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.ListMeta), "ListMeta", "v1.ListMeta", 1), `&`, ``, 1) + `,`,
+		`Items:` + repeatedStringForItems + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *NamedRuleWithOperations) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&NamedRuleWithOperations{`,
+		`ResourceNames:` + fmt.Sprintf("%v", this.ResourceNames) + `,`,
+		`RuleWithOperations:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.RuleWithOperations), "RuleWithOperations", "v11.RuleWithOperations", 1), `&`, ``, 1) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *ParamKind) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&ParamKind{`,
+		`APIVersion:` + fmt.Sprintf("%v", this.APIVersion) + `,`,
+		`Kind:` + fmt.Sprintf("%v", this.Kind) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *ParamRef) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&ParamRef{`,
+		`Name:` + fmt.Sprintf("%v", this.Name) + `,`,
+		`Namespace:` + fmt.Sprintf("%v", this.Namespace) + `,`,
+		`Selector:` + strings.Replace(fmt.Sprintf("%v", this.Selector), "LabelSelector", "v1.LabelSelector", 1) + `,`,
+		`ParameterNotFoundAction:` + valueToStringGenerated(this.ParameterNotFoundAction) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *ServiceReference) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&ServiceReference{`,
+		`Namespace:` + fmt.Sprintf("%v", this.Namespace) + `,`,
+		`Name:` + fmt.Sprintf("%v", this.Name) + `,`,
+		`Path:` + valueToStringGenerated(this.Path) + `,`,
+		`Port:` + valueToStringGenerated(this.Port) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *TypeChecking) String() string {
+	if this == nil {
+		return "nil"
+	}
+	repeatedStringForExpressionWarnings := "[]ExpressionWarning{"
+	for _, f := range this.ExpressionWarnings {
+		repeatedStringForExpressionWarnings += strings.Replace(strings.Replace(f.String(), "ExpressionWarning", "ExpressionWarning", 1), `&`, ``, 1) + ","
+	}
+	repeatedStringForExpressionWarnings += "}"
+	s := strings.Join([]string{`&TypeChecking{`,
+		`ExpressionWarnings:` + repeatedStringForExpressionWarnings + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *ValidatingAdmissionPolicy) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&ValidatingAdmissionPolicy{`,
+		`ObjectMeta:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.ObjectMeta), "ObjectMeta", "v1.ObjectMeta", 1), `&`, ``, 1) + `,`,
+		`Spec:` + strings.Replace(strings.Replace(this.Spec.String(), "ValidatingAdmissionPolicySpec", "ValidatingAdmissionPolicySpec", 1), `&`, ``, 1) + `,`,
+		`Status:` + strings.Replace(strings.Replace(this.Status.String(), "ValidatingAdmissionPolicyStatus", "ValidatingAdmissionPolicyStatus", 1), `&`, ``, 1) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *ValidatingAdmissionPolicyBinding) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&ValidatingAdmissionPolicyBinding{`,
+		`ObjectMeta:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.ObjectMeta), "ObjectMeta", "v1.ObjectMeta", 1), `&`, ``, 1) + `,`,
+		`Spec:` + strings.Replace(strings.Replace(this.Spec.String(), "ValidatingAdmissionPolicyBindingSpec", "ValidatingAdmissionPolicyBindingSpec", 1), `&`, ``, 1) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *ValidatingAdmissionPolicyBindingList) String() string {
+	if this == nil {
+		return "nil"
+	}
+	repeatedStringForItems := "[]ValidatingAdmissionPolicyBinding{"
+	for _, f := range this.Items {
+		repeatedStringForItems += strings.Replace(strings.Replace(f.String(), "ValidatingAdmissionPolicyBinding", "ValidatingAdmissionPolicyBinding", 1), `&`, ``, 1) + ","
+	}
+	repeatedStringForItems += "}"
+	s := strings.Join([]string{`&ValidatingAdmissionPolicyBindingList{`,
+		`ListMeta:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.ListMeta), "ListMeta", "v1.ListMeta", 1), `&`, ``, 1) + `,`,
+		`Items:` + repeatedStringForItems + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *ValidatingAdmissionPolicyBindingSpec) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&ValidatingAdmissionPolicyBindingSpec{`,
+		`PolicyName:` + fmt.Sprintf("%v", this.PolicyName) + `,`,
+		`ParamRef:` + strings.Replace(this.ParamRef.String(), "ParamRef", "ParamRef", 1) + `,`,
+		`MatchResources:` + strings.Replace(this.MatchResources.String(), "MatchResources", "MatchResources", 1) + `,`,
+		`ValidationActions:` + fmt.Sprintf("%v", this.ValidationActions) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *ValidatingAdmissionPolicyList) String() string {
+	if this == nil {
+		return "nil"
+	}
+	repeatedStringForItems := "[]ValidatingAdmissionPolicy{"
+	for _, f := range this.Items {
+		repeatedStringForItems += strings.Replace(strings.Replace(f.String(), "ValidatingAdmissionPolicy", "ValidatingAdmissionPolicy", 1), `&`, ``, 1) + ","
+	}
+	repeatedStringForItems += "}"
+	s := strings.Join([]string{`&ValidatingAdmissionPolicyList{`,
+		`ListMeta:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.ListMeta), "ListMeta", "v1.ListMeta", 1), `&`, ``, 1) + `,`,
+		`Items:` + repeatedStringForItems + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *ValidatingAdmissionPolicySpec) String() string {
+	if this == nil {
+		return "nil"
+	}
+	repeatedStringForValidations := "[]Validation{"
+	for _, f := range this.Validations {
+		repeatedStringForValidations += strings.Replace(strings.Replace(f.String(), "Validation", "Validation", 1), `&`, ``, 1) + ","
+	}
+	repeatedStringForValidations += "}"
+	repeatedStringForAuditAnnotations := "[]AuditAnnotation{"
+	for _, f := range this.AuditAnnotations {
+		repeatedStringForAuditAnnotations += strings.Replace(strings.Replace(f.String(), "AuditAnnotation", "AuditAnnotation", 1), `&`, ``, 1) + ","
+	}
+	repeatedStringForAuditAnnotations += "}"
+	repeatedStringForMatchConditions := "[]MatchCondition{"
+	for _, f := range this.MatchConditions {
+		repeatedStringForMatchConditions += strings.Replace(strings.Replace(f.String(), "MatchCondition", "MatchCondition", 1), `&`, ``, 1) + ","
+	}
+	repeatedStringForMatchConditions += "}"
+	repeatedStringForVariables := "[]Variable{"
+	for _, f := range this.Variables {
+		repeatedStringForVariables += strings.Replace(strings.Replace(f.String(), "Variable", "Variable", 1), `&`, ``, 1) + ","
+	}
+	repeatedStringForVariables += "}"
+	s := strings.Join([]string{`&ValidatingAdmissionPolicySpec{`,
+		`ParamKind:` + strings.Replace(this.ParamKind.String(), "ParamKind", "ParamKind", 1) + `,`,
+		`MatchConstraints:` + strings.Replace(this.MatchConstraints.String(), "MatchResources", "MatchResources", 1) + `,`,
+		`Validations:` + repeatedStringForValidations + `,`,
+		`FailurePolicy:` + valueToStringGenerated(this.FailurePolicy) + `,`,
+		`AuditAnnotations:` + repeatedStringForAuditAnnotations + `,`,
+		`MatchConditions:` + repeatedStringForMatchConditions + `,`,
+		`Variables:` + repeatedStringForVariables + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *ValidatingAdmissionPolicyStatus) String() string {
+	if this == nil {
+		return "nil"
+	}
+	repeatedStringForConditions := "[]Condition{"
+	for _, f := range this.Conditions {
+		repeatedStringForConditions += fmt.Sprintf("%v", f) + ","
+	}
+	repeatedStringForConditions += "}"
+	s := strings.Join([]string{`&ValidatingAdmissionPolicyStatus{`,
+		`ObservedGeneration:` + fmt.Sprintf("%v", this.ObservedGeneration) + `,`,
+		`TypeChecking:` + strings.Replace(this.TypeChecking.String(), "TypeChecking", "TypeChecking", 1) + `,`,
+		`Conditions:` + repeatedStringForConditions + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *ValidatingWebhook) String() string {
+	if this == nil {
+		return "nil"
+	}
+	repeatedStringForRules := "[]RuleWithOperations{"
+	for _, f := range this.Rules {
+		repeatedStringForRules += fmt.Sprintf("%v", f) + ","
+	}
+	repeatedStringForRules += "}"
+	repeatedStringForMatchConditions := "[]MatchCondition{"
+	for _, f := range this.MatchConditions {
+		repeatedStringForMatchConditions += strings.Replace(strings.Replace(f.String(), "MatchCondition", "MatchCondition", 1), `&`, ``, 1) + ","
+	}
+	repeatedStringForMatchConditions += "}"
+	s := strings.Join([]string{`&ValidatingWebhook{`,
+		`Name:` + fmt.Sprintf("%v", this.Name) + `,`,
 		`ClientConfig:` + strings.Replace(strings.Replace(this.ClientConfig.String(), "WebhookClientConfig", "WebhookClientConfig", 1), `&`, ``, 1) + `,`,
 		`Rules:` + repeatedStringForRules + `,`,
 		`FailurePolicy:` + valueToStringGenerated(this.FailurePolicy) + `,`,
-		`NamespaceSelector:` + strings.Replace(fmt.Sprintf("%v", this.NamespaceSelector), "LabelSelector", "v11.LabelSelector", 1) + `,`,
+		`NamespaceSelector:` + strings.Replace(fmt.Sprintf("%v", this.NamespaceSelector), "LabelSelector", "v1.LabelSelector", 1) + `,`,
 		`SideEffects:` + valueToStringGenerated(this.SideEffects) + `,`,
 		`TimeoutSeconds:` + valueToStringGenerated(this.TimeoutSeconds) + `,`,
 		`AdmissionReviewVersions:` + fmt.Sprintf("%v", this.AdmissionReviewVersions) + `,`,
 		`MatchPolicy:` + valueToStringGenerated(this.MatchPolicy) + `,`,
-		`ObjectSelector:` + strings.Replace(fmt.Sprintf("%v", this.ObjectSelector), "LabelSelector", "v11.LabelSelector", 1) + `,`,
+		`ObjectSelector:` + strings.Replace(fmt.Sprintf("%v", this.ObjectSelector), "LabelSelector", "v1.LabelSelector", 1) + `,`,
 		`MatchConditions:` + repeatedStringForMatchConditions + `,`,
 		`}`,
 	}, "")
 	return s
 }
-func (this *ValidatingWebhookConfiguration) String() string {
-	if this == nil {
-		return "nil"
+func (this *ValidatingWebhookConfiguration) String() string {
+	if this == nil {
+		return "nil"
+	}
+	repeatedStringForWebhooks := "[]ValidatingWebhook{"
+	for _, f := range this.Webhooks {
+		repeatedStringForWebhooks += strings.Replace(strings.Replace(f.String(), "ValidatingWebhook", "ValidatingWebhook", 1), `&`, ``, 1) + ","
+	}
+	repeatedStringForWebhooks += "}"
+	s := strings.Join([]string{`&ValidatingWebhookConfiguration{`,
+		`ObjectMeta:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.ObjectMeta), "ObjectMeta", "v1.ObjectMeta", 1), `&`, ``, 1) + `,`,
+		`Webhooks:` + repeatedStringForWebhooks + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *ValidatingWebhookConfigurationList) String() string {
+	if this == nil {
+		return "nil"
+	}
+	repeatedStringForItems := "[]ValidatingWebhookConfiguration{"
+	for _, f := range this.Items {
+		repeatedStringForItems += strings.Replace(strings.Replace(f.String(), "ValidatingWebhookConfiguration", "ValidatingWebhookConfiguration", 1), `&`, ``, 1) + ","
+	}
+	repeatedStringForItems += "}"
+	s := strings.Join([]string{`&ValidatingWebhookConfigurationList{`,
+		`ListMeta:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.ListMeta), "ListMeta", "v1.ListMeta", 1), `&`, ``, 1) + `,`,
+		`Items:` + repeatedStringForItems + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *Validation) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&Validation{`,
+		`Expression:` + fmt.Sprintf("%v", this.Expression) + `,`,
+		`Message:` + fmt.Sprintf("%v", this.Message) + `,`,
+		`Reason:` + valueToStringGenerated(this.Reason) + `,`,
+		`MessageExpression:` + fmt.Sprintf("%v", this.MessageExpression) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *Variable) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&Variable{`,
+		`Name:` + fmt.Sprintf("%v", this.Name) + `,`,
+		`Expression:` + fmt.Sprintf("%v", this.Expression) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *WebhookClientConfig) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&WebhookClientConfig{`,
+		`Service:` + strings.Replace(this.Service.String(), "ServiceReference", "ServiceReference", 1) + `,`,
+		`CABundle:` + valueToStringGenerated(this.CABundle) + `,`,
+		`URL:` + valueToStringGenerated(this.URL) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func valueToStringGenerated(v interface{}) string {
+	rv := reflect.ValueOf(v)
+	if rv.IsNil() {
+		return "nil"
+	}
+	pv := reflect.Indirect(rv).Interface()
+	return fmt.Sprintf("*%v", pv)
+}
+func (m *AuditAnnotation) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowGenerated
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: AuditAnnotation: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: AuditAnnotation: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Key", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Key = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 2:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field ValueExpression", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.ValueExpression = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipGenerated(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *ExpressionWarning) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowGenerated
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: ExpressionWarning: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: ExpressionWarning: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 2:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field FieldRef", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.FieldRef = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 3:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Warning", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Warning = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipGenerated(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *MatchCondition) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowGenerated
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: MatchCondition: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: MatchCondition: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Name = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 2:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Expression", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Expression = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipGenerated(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *MatchResources) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowGenerated
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: MatchResources: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: MatchResources: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field NamespaceSelector", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.NamespaceSelector == nil {
+				m.NamespaceSelector = &v1.LabelSelector{}
+			}
+			if err := m.NamespaceSelector.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 2:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field ObjectSelector", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.ObjectSelector == nil {
+				m.ObjectSelector = &v1.LabelSelector{}
+			}
+			if err := m.ObjectSelector.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 3:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field ResourceRules", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.ResourceRules = append(m.ResourceRules, NamedRuleWithOperations{})
+			if err := m.ResourceRules[len(m.ResourceRules)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 4:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field ExcludeResourceRules", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.ExcludeResourceRules = append(m.ExcludeResourceRules, NamedRuleWithOperations{})
+			if err := m.ExcludeResourceRules[len(m.ExcludeResourceRules)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 7:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field MatchPolicy", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			s := MatchPolicyType(dAtA[iNdEx:postIndex])
+			m.MatchPolicy = &s
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipGenerated(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *MutatingWebhook) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowGenerated
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: MutatingWebhook: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: MutatingWebhook: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Name = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 2:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field ClientConfig", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if err := m.ClientConfig.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 3:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Rules", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Rules = append(m.Rules, v11.RuleWithOperations{})
+			if err := m.Rules[len(m.Rules)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 4:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field FailurePolicy", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			s := FailurePolicyType(dAtA[iNdEx:postIndex])
+			m.FailurePolicy = &s
+			iNdEx = postIndex
+		case 5:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field NamespaceSelector", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.NamespaceSelector == nil {
+				m.NamespaceSelector = &v1.LabelSelector{}
+			}
+			if err := m.NamespaceSelector.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 6:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field SideEffects", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			s := SideEffectClass(dAtA[iNdEx:postIndex])
+			m.SideEffects = &s
+			iNdEx = postIndex
+		case 7:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field TimeoutSeconds", wireType)
+			}
+			var v int32
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				v |= int32(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			m.TimeoutSeconds = &v
+		case 8:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field AdmissionReviewVersions", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.AdmissionReviewVersions = append(m.AdmissionReviewVersions, string(dAtA[iNdEx:postIndex]))
+			iNdEx = postIndex
+		case 9:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field MatchPolicy", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			s := MatchPolicyType(dAtA[iNdEx:postIndex])
+			m.MatchPolicy = &s
+			iNdEx = postIndex
+		case 10:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field ReinvocationPolicy", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			s := ReinvocationPolicyType(dAtA[iNdEx:postIndex])
+			m.ReinvocationPolicy = &s
+			iNdEx = postIndex
+		case 11:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field ObjectSelector", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.ObjectSelector == nil {
+				m.ObjectSelector = &v1.LabelSelector{}
+			}
+			if err := m.ObjectSelector.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 12:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field MatchConditions", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.MatchConditions = append(m.MatchConditions, MatchCondition{})
+			if err := m.MatchConditions[len(m.MatchConditions)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipGenerated(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *MutatingWebhookConfiguration) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowGenerated
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: MutatingWebhookConfiguration: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: MutatingWebhookConfiguration: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field ObjectMeta", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if err := m.ObjectMeta.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 2:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Webhooks", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Webhooks = append(m.Webhooks, MutatingWebhook{})
+			if err := m.Webhooks[len(m.Webhooks)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipGenerated(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *MutatingWebhookConfigurationList) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowGenerated
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: MutatingWebhookConfigurationList: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: MutatingWebhookConfigurationList: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field ListMeta", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if err := m.ListMeta.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 2:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Items", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Items = append(m.Items, MutatingWebhookConfiguration{})
+			if err := m.Items[len(m.Items)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipGenerated(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *NamedRuleWithOperations) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowGenerated
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: NamedRuleWithOperations: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: NamedRuleWithOperations: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field ResourceNames", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.ResourceNames = append(m.ResourceNames, string(dAtA[iNdEx:postIndex]))
+			iNdEx = postIndex
+		case 2:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field RuleWithOperations", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if err := m.RuleWithOperations.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipGenerated(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *ParamKind) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowGenerated
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: ParamKind: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: ParamKind: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field APIVersion", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.APIVersion = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 2:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Kind", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Kind = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipGenerated(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
 	}
-	repeatedStringForWebhooks := "[]ValidatingWebhook{"
-	for _, f := range this.Webhooks {
-		repeatedStringForWebhooks += strings.Replace(strings.Replace(f.String(), "ValidatingWebhook", "ValidatingWebhook", 1), `&`, ``, 1) + ","
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
 	}
-	repeatedStringForWebhooks += "}"
-	s := strings.Join([]string{`&ValidatingWebhookConfiguration{`,
-		`ObjectMeta:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.ObjectMeta), "ObjectMeta", "v11.ObjectMeta", 1), `&`, ``, 1) + `,`,
-		`Webhooks:` + repeatedStringForWebhooks + `,`,
-		`}`,
-	}, "")
-	return s
+	return nil
 }
-func (this *ValidatingWebhookConfigurationList) String() string {
-	if this == nil {
-		return "nil"
+func (m *ParamRef) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowGenerated
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: ParamRef: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: ParamRef: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Name = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 2:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Namespace", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Namespace = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 3:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Selector", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.Selector == nil {
+				m.Selector = &v1.LabelSelector{}
+			}
+			if err := m.Selector.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 4:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field ParameterNotFoundAction", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			s := ParameterNotFoundActionType(dAtA[iNdEx:postIndex])
+			m.ParameterNotFoundAction = &s
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipGenerated(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
 	}
-	repeatedStringForItems := "[]ValidatingWebhookConfiguration{"
-	for _, f := range this.Items {
-		repeatedStringForItems += strings.Replace(strings.Replace(f.String(), "ValidatingWebhookConfiguration", "ValidatingWebhookConfiguration", 1), `&`, ``, 1) + ","
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
 	}
-	repeatedStringForItems += "}"
-	s := strings.Join([]string{`&ValidatingWebhookConfigurationList{`,
-		`ListMeta:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.ListMeta), "ListMeta", "v11.ListMeta", 1), `&`, ``, 1) + `,`,
-		`Items:` + repeatedStringForItems + `,`,
-		`}`,
-	}, "")
-	return s
+	return nil
 }
-func (this *WebhookClientConfig) String() string {
-	if this == nil {
-		return "nil"
+func (m *ServiceReference) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowGenerated
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: ServiceReference: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: ServiceReference: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Namespace", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Namespace = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 2:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Name = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 3:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Path", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			s := string(dAtA[iNdEx:postIndex])
+			m.Path = &s
+			iNdEx = postIndex
+		case 4:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Port", wireType)
+			}
+			var v int32
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				v |= int32(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			m.Port = &v
+		default:
+			iNdEx = preIndex
+			skippy, err := skipGenerated(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
 	}
-	s := strings.Join([]string{`&WebhookClientConfig{`,
-		`Service:` + strings.Replace(this.Service.String(), "ServiceReference", "ServiceReference", 1) + `,`,
-		`CABundle:` + valueToStringGenerated(this.CABundle) + `,`,
-		`URL:` + valueToStringGenerated(this.URL) + `,`,
-		`}`,
-	}, "")
-	return s
-}
-func valueToStringGenerated(v interface{}) string {
-	rv := reflect.ValueOf(v)
-	if rv.IsNil() {
-		return "nil"
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
 	}
-	pv := reflect.Indirect(rv).Interface()
-	return fmt.Sprintf("*%v", pv)
+	return nil
 }
-func (m *MatchCondition) Unmarshal(dAtA []byte) error {
+func (m *TypeChecking) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
 	for iNdEx < l {
@@ -1398,17 +5091,17 @@ func (m *MatchCondition) Unmarshal(dAtA []byte) error {
 		fieldNum := int32(wire >> 3)
 		wireType := int(wire & 0x7)
 		if wireType == 4 {
-			return fmt.Errorf("proto: MatchCondition: wiretype end group for non-group")
+			return fmt.Errorf("proto: TypeChecking: wiretype end group for non-group")
 		}
 		if fieldNum <= 0 {
-			return fmt.Errorf("proto: MatchCondition: illegal tag %d (wire type %d)", fieldNum, wire)
+			return fmt.Errorf("proto: TypeChecking: illegal tag %d (wire type %d)", fieldNum, wire)
 		}
 		switch fieldNum {
 		case 1:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field ExpressionWarnings", wireType)
 			}
-			var stringLen uint64
+			var msglen int
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowGenerated
@@ -1418,55 +5111,25 @@ func (m *MatchCondition) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= uint64(b&0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			intStringLen := int(stringLen)
-			if intStringLen < 0 {
+			if msglen < 0 {
 				return ErrInvalidLengthGenerated
 			}
-			postIndex := iNdEx + intStringLen
+			postIndex := iNdEx + msglen
 			if postIndex < 0 {
 				return ErrInvalidLengthGenerated
 			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			m.Name = string(dAtA[iNdEx:postIndex])
-			iNdEx = postIndex
-		case 2:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Expression", wireType)
-			}
-			var stringLen uint64
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowGenerated
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				stringLen |= uint64(b&0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-			intStringLen := int(stringLen)
-			if intStringLen < 0 {
-				return ErrInvalidLengthGenerated
-			}
-			postIndex := iNdEx + intStringLen
-			if postIndex < 0 {
-				return ErrInvalidLengthGenerated
-			}
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
+			m.ExpressionWarnings = append(m.ExpressionWarnings, ExpressionWarning{})
+			if err := m.ExpressionWarnings[len(m.ExpressionWarnings)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
 			}
-			m.Expression = string(dAtA[iNdEx:postIndex])
 			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
@@ -1489,7 +5152,7 @@ func (m *MatchCondition) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
-func (m *MutatingWebhook) Unmarshal(dAtA []byte) error {
+func (m *ValidatingAdmissionPolicy) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
 	for iNdEx < l {
@@ -1512,17 +5175,17 @@ func (m *MutatingWebhook) Unmarshal(dAtA []byte) error {
 		fieldNum := int32(wire >> 3)
 		wireType := int(wire & 0x7)
 		if wireType == 4 {
-			return fmt.Errorf("proto: MutatingWebhook: wiretype end group for non-group")
+			return fmt.Errorf("proto: ValidatingAdmissionPolicy: wiretype end group for non-group")
 		}
 		if fieldNum <= 0 {
-			return fmt.Errorf("proto: MutatingWebhook: illegal tag %d (wire type %d)", fieldNum, wire)
+			return fmt.Errorf("proto: ValidatingAdmissionPolicy: illegal tag %d (wire type %d)", fieldNum, wire)
 		}
 		switch fieldNum {
 		case 1:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field ObjectMeta", wireType)
 			}
-			var stringLen uint64
+			var msglen int
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowGenerated
@@ -1532,27 +5195,28 @@ func (m *MutatingWebhook) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= uint64(b&0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			intStringLen := int(stringLen)
-			if intStringLen < 0 {
+			if msglen < 0 {
 				return ErrInvalidLengthGenerated
 			}
-			postIndex := iNdEx + intStringLen
+			postIndex := iNdEx + msglen
 			if postIndex < 0 {
 				return ErrInvalidLengthGenerated
 			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			m.Name = string(dAtA[iNdEx:postIndex])
+			if err := m.ObjectMeta.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
 			iNdEx = postIndex
 		case 2:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field ClientConfig", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field Spec", wireType)
 			}
 			var msglen int
 			for shift := uint(0); ; shift += 7 {
@@ -1579,13 +5243,13 @@ func (m *MutatingWebhook) Unmarshal(dAtA []byte) error {
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			if err := m.ClientConfig.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+			if err := m.Spec.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
 			iNdEx = postIndex
 		case 3:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Rules", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field Status", wireType)
 			}
 			var msglen int
 			for shift := uint(0); ; shift += 7 {
@@ -1612,16 +5276,65 @@ func (m *MutatingWebhook) Unmarshal(dAtA []byte) error {
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			m.Rules = append(m.Rules, v1.RuleWithOperations{})
-			if err := m.Rules[len(m.Rules)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+			if err := m.Status.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
 			iNdEx = postIndex
-		case 4:
+		default:
+			iNdEx = preIndex
+			skippy, err := skipGenerated(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *ValidatingAdmissionPolicyBinding) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowGenerated
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: ValidatingAdmissionPolicyBinding: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: ValidatingAdmissionPolicyBinding: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field FailurePolicy", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field ObjectMeta", wireType)
 			}
-			var stringLen uint64
+			var msglen int
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowGenerated
@@ -1631,28 +5344,28 @@ func (m *MutatingWebhook) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= uint64(b&0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			intStringLen := int(stringLen)
-			if intStringLen < 0 {
+			if msglen < 0 {
 				return ErrInvalidLengthGenerated
 			}
-			postIndex := iNdEx + intStringLen
+			postIndex := iNdEx + msglen
 			if postIndex < 0 {
 				return ErrInvalidLengthGenerated
 			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			s := FailurePolicyType(dAtA[iNdEx:postIndex])
-			m.FailurePolicy = &s
+			if err := m.ObjectMeta.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
 			iNdEx = postIndex
-		case 5:
+		case 2:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field NamespaceSelector", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field Spec", wireType)
 			}
 			var msglen int
 			for shift := uint(0); ; shift += 7 {
@@ -1679,18 +5392,65 @@ func (m *MutatingWebhook) Unmarshal(dAtA []byte) error {
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			if m.NamespaceSelector == nil {
-				m.NamespaceSelector = &v11.LabelSelector{}
-			}
-			if err := m.NamespaceSelector.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+			if err := m.Spec.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
 			iNdEx = postIndex
-		case 6:
+		default:
+			iNdEx = preIndex
+			skippy, err := skipGenerated(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *ValidatingAdmissionPolicyBindingList) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowGenerated
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: ValidatingAdmissionPolicyBindingList: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: ValidatingAdmissionPolicyBindingList: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field SideEffects", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field ListMeta", wireType)
 			}
-			var stringLen uint64
+			var msglen int
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowGenerated
@@ -1700,50 +5460,30 @@ func (m *MutatingWebhook) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= uint64(b&0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			intStringLen := int(stringLen)
-			if intStringLen < 0 {
+			if msglen < 0 {
 				return ErrInvalidLengthGenerated
 			}
-			postIndex := iNdEx + intStringLen
+			postIndex := iNdEx + msglen
 			if postIndex < 0 {
 				return ErrInvalidLengthGenerated
 			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			s := SideEffectClass(dAtA[iNdEx:postIndex])
-			m.SideEffects = &s
-			iNdEx = postIndex
-		case 7:
-			if wireType != 0 {
-				return fmt.Errorf("proto: wrong wireType = %d for field TimeoutSeconds", wireType)
-			}
-			var v int32
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowGenerated
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				v |= int32(b&0x7F) << shift
-				if b < 0x80 {
-					break
-				}
+			if err := m.ListMeta.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
 			}
-			m.TimeoutSeconds = &v
-		case 8:
+			iNdEx = postIndex
+		case 2:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field AdmissionReviewVersions", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field Items", wireType)
 			}
-			var stringLen uint64
+			var msglen int
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowGenerated
@@ -1753,27 +5493,79 @@ func (m *MutatingWebhook) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= uint64(b&0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			intStringLen := int(stringLen)
-			if intStringLen < 0 {
+			if msglen < 0 {
 				return ErrInvalidLengthGenerated
 			}
-			postIndex := iNdEx + intStringLen
+			postIndex := iNdEx + msglen
 			if postIndex < 0 {
 				return ErrInvalidLengthGenerated
 			}
-			if postIndex > l {
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Items = append(m.Items, ValidatingAdmissionPolicyBinding{})
+			if err := m.Items[len(m.Items)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipGenerated(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *ValidatingAdmissionPolicyBindingSpec) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowGenerated
+			}
+			if iNdEx >= l {
 				return io.ErrUnexpectedEOF
 			}
-			m.AdmissionReviewVersions = append(m.AdmissionReviewVersions, string(dAtA[iNdEx:postIndex]))
-			iNdEx = postIndex
-		case 9:
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: ValidatingAdmissionPolicyBindingSpec: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: ValidatingAdmissionPolicyBindingSpec: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field MatchPolicy", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field PolicyName", wireType)
 			}
 			var stringLen uint64
 			for shift := uint(0); ; shift += 7 {
@@ -1801,14 +5593,13 @@ func (m *MutatingWebhook) Unmarshal(dAtA []byte) error {
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			s := MatchPolicyType(dAtA[iNdEx:postIndex])
-			m.MatchPolicy = &s
+			m.PolicyName = string(dAtA[iNdEx:postIndex])
 			iNdEx = postIndex
-		case 10:
+		case 2:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field ReinvocationPolicy", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field ParamRef", wireType)
 			}
-			var stringLen uint64
+			var msglen int
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowGenerated
@@ -1818,28 +5609,31 @@ func (m *MutatingWebhook) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= uint64(b&0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			intStringLen := int(stringLen)
-			if intStringLen < 0 {
+			if msglen < 0 {
 				return ErrInvalidLengthGenerated
 			}
-			postIndex := iNdEx + intStringLen
+			postIndex := iNdEx + msglen
 			if postIndex < 0 {
 				return ErrInvalidLengthGenerated
 			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			s := ReinvocationPolicyType(dAtA[iNdEx:postIndex])
-			m.ReinvocationPolicy = &s
+			if m.ParamRef == nil {
+				m.ParamRef = &ParamRef{}
+			}
+			if err := m.ParamRef.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
 			iNdEx = postIndex
-		case 11:
+		case 3:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field ObjectSelector", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field MatchResources", wireType)
 			}
 			var msglen int
 			for shift := uint(0); ; shift += 7 {
@@ -1866,18 +5660,18 @@ func (m *MutatingWebhook) Unmarshal(dAtA []byte) error {
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			if m.ObjectSelector == nil {
-				m.ObjectSelector = &v11.LabelSelector{}
+			if m.MatchResources == nil {
+				m.MatchResources = &MatchResources{}
 			}
-			if err := m.ObjectSelector.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+			if err := m.MatchResources.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
 			iNdEx = postIndex
-		case 12:
+		case 4:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field MatchConditions", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field ValidationActions", wireType)
 			}
-			var msglen int
+			var stringLen uint64
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowGenerated
@@ -1887,25 +5681,23 @@ func (m *MutatingWebhook) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= int(b&0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			if msglen < 0 {
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
 				return ErrInvalidLengthGenerated
 			}
-			postIndex := iNdEx + msglen
+			postIndex := iNdEx + intStringLen
 			if postIndex < 0 {
 				return ErrInvalidLengthGenerated
 			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			m.MatchConditions = append(m.MatchConditions, MatchCondition{})
-			if err := m.MatchConditions[len(m.MatchConditions)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
-				return err
-			}
+			m.ValidationActions = append(m.ValidationActions, ValidationAction(dAtA[iNdEx:postIndex]))
 			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
@@ -1928,7 +5720,7 @@ func (m *MutatingWebhook) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
-func (m *MutatingWebhookConfiguration) Unmarshal(dAtA []byte) error {
+func (m *ValidatingAdmissionPolicyList) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
 	for iNdEx < l {
@@ -1951,15 +5743,15 @@ func (m *MutatingWebhookConfiguration) Unmarshal(dAtA []byte) error {
 		fieldNum := int32(wire >> 3)
 		wireType := int(wire & 0x7)
 		if wireType == 4 {
-			return fmt.Errorf("proto: MutatingWebhookConfiguration: wiretype end group for non-group")
+			return fmt.Errorf("proto: ValidatingAdmissionPolicyList: wiretype end group for non-group")
 		}
 		if fieldNum <= 0 {
-			return fmt.Errorf("proto: MutatingWebhookConfiguration: illegal tag %d (wire type %d)", fieldNum, wire)
+			return fmt.Errorf("proto: ValidatingAdmissionPolicyList: illegal tag %d (wire type %d)", fieldNum, wire)
 		}
 		switch fieldNum {
 		case 1:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field ObjectMeta", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field ListMeta", wireType)
 			}
 			var msglen int
 			for shift := uint(0); ; shift += 7 {
@@ -1986,13 +5778,13 @@ func (m *MutatingWebhookConfiguration) Unmarshal(dAtA []byte) error {
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			if err := m.ObjectMeta.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+			if err := m.ListMeta.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
 			iNdEx = postIndex
 		case 2:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Webhooks", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field Items", wireType)
 			}
 			var msglen int
 			for shift := uint(0); ; shift += 7 {
@@ -2019,8 +5811,8 @@ func (m *MutatingWebhookConfiguration) Unmarshal(dAtA []byte) error {
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			m.Webhooks = append(m.Webhooks, MutatingWebhook{})
-			if err := m.Webhooks[len(m.Webhooks)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+			m.Items = append(m.Items, ValidatingAdmissionPolicy{})
+			if err := m.Items[len(m.Items)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
 			iNdEx = postIndex
@@ -2045,7 +5837,7 @@ func (m *MutatingWebhookConfiguration) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
-func (m *MutatingWebhookConfigurationList) Unmarshal(dAtA []byte) error {
+func (m *ValidatingAdmissionPolicySpec) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
 	for iNdEx < l {
@@ -2068,15 +5860,15 @@ func (m *MutatingWebhookConfigurationList) Unmarshal(dAtA []byte) error {
 		fieldNum := int32(wire >> 3)
 		wireType := int(wire & 0x7)
 		if wireType == 4 {
-			return fmt.Errorf("proto: MutatingWebhookConfigurationList: wiretype end group for non-group")
+			return fmt.Errorf("proto: ValidatingAdmissionPolicySpec: wiretype end group for non-group")
 		}
 		if fieldNum <= 0 {
-			return fmt.Errorf("proto: MutatingWebhookConfigurationList: illegal tag %d (wire type %d)", fieldNum, wire)
+			return fmt.Errorf("proto: ValidatingAdmissionPolicySpec: illegal tag %d (wire type %d)", fieldNum, wire)
 		}
 		switch fieldNum {
 		case 1:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field ListMeta", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field ParamKind", wireType)
 			}
 			var msglen int
 			for shift := uint(0); ; shift += 7 {
@@ -2103,13 +5895,187 @@ func (m *MutatingWebhookConfigurationList) Unmarshal(dAtA []byte) error {
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			if err := m.ListMeta.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+			if m.ParamKind == nil {
+				m.ParamKind = &ParamKind{}
+			}
+			if err := m.ParamKind.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
 			iNdEx = postIndex
 		case 2:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Items", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field MatchConstraints", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.MatchConstraints == nil {
+				m.MatchConstraints = &MatchResources{}
+			}
+			if err := m.MatchConstraints.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 3:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Validations", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Validations = append(m.Validations, Validation{})
+			if err := m.Validations[len(m.Validations)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 4:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field FailurePolicy", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			s := FailurePolicyType(dAtA[iNdEx:postIndex])
+			m.FailurePolicy = &s
+			iNdEx = postIndex
+		case 5:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field AuditAnnotations", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.AuditAnnotations = append(m.AuditAnnotations, AuditAnnotation{})
+			if err := m.AuditAnnotations[len(m.AuditAnnotations)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 6:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field MatchConditions", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.MatchConditions = append(m.MatchConditions, MatchCondition{})
+			if err := m.MatchConditions[len(m.MatchConditions)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 7:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Variables", wireType)
 			}
 			var msglen int
 			for shift := uint(0); ; shift += 7 {
@@ -2136,8 +6102,8 @@ func (m *MutatingWebhookConfigurationList) Unmarshal(dAtA []byte) error {
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			m.Items = append(m.Items, MutatingWebhookConfiguration{})
-			if err := m.Items[len(m.Items)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+			m.Variables = append(m.Variables, Variable{})
+			if err := m.Variables[len(m.Variables)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
 			iNdEx = postIndex
@@ -2162,7 +6128,7 @@ func (m *MutatingWebhookConfigurationList) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
-func (m *ServiceReference) Unmarshal(dAtA []byte) error {
+func (m *ValidatingAdmissionPolicyStatus) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
 	for iNdEx < l {
@@ -2185,17 +6151,17 @@ func (m *ServiceReference) Unmarshal(dAtA []byte) error {
 		fieldNum := int32(wire >> 3)
 		wireType := int(wire & 0x7)
 		if wireType == 4 {
-			return fmt.Errorf("proto: ServiceReference: wiretype end group for non-group")
+			return fmt.Errorf("proto: ValidatingAdmissionPolicyStatus: wiretype end group for non-group")
 		}
 		if fieldNum <= 0 {
-			return fmt.Errorf("proto: ServiceReference: illegal tag %d (wire type %d)", fieldNum, wire)
+			return fmt.Errorf("proto: ValidatingAdmissionPolicyStatus: illegal tag %d (wire type %d)", fieldNum, wire)
 		}
 		switch fieldNum {
 		case 1:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Namespace", wireType)
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field ObservedGeneration", wireType)
 			}
-			var stringLen uint64
+			m.ObservedGeneration = 0
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowGenerated
@@ -2205,29 +6171,16 @@ func (m *ServiceReference) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= uint64(b&0x7F) << shift
+				m.ObservedGeneration |= int64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			intStringLen := int(stringLen)
-			if intStringLen < 0 {
-				return ErrInvalidLengthGenerated
-			}
-			postIndex := iNdEx + intStringLen
-			if postIndex < 0 {
-				return ErrInvalidLengthGenerated
-			}
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
-			}
-			m.Namespace = string(dAtA[iNdEx:postIndex])
-			iNdEx = postIndex
 		case 2:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field TypeChecking", wireType)
 			}
-			var stringLen uint64
+			var msglen int
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowGenerated
@@ -2237,29 +6190,33 @@ func (m *ServiceReference) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= uint64(b&0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			intStringLen := int(stringLen)
-			if intStringLen < 0 {
+			if msglen < 0 {
 				return ErrInvalidLengthGenerated
 			}
-			postIndex := iNdEx + intStringLen
+			postIndex := iNdEx + msglen
 			if postIndex < 0 {
 				return ErrInvalidLengthGenerated
 			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			m.Name = string(dAtA[iNdEx:postIndex])
+			if m.TypeChecking == nil {
+				m.TypeChecking = &TypeChecking{}
+			}
+			if err := m.TypeChecking.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
 			iNdEx = postIndex
 		case 3:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Path", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field Conditions", wireType)
 			}
-			var stringLen uint64
+			var msglen int
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowGenerated
@@ -2269,45 +6226,26 @@ func (m *ServiceReference) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= uint64(b&0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			intStringLen := int(stringLen)
-			if intStringLen < 0 {
+			if msglen < 0 {
 				return ErrInvalidLengthGenerated
 			}
-			postIndex := iNdEx + intStringLen
+			postIndex := iNdEx + msglen
 			if postIndex < 0 {
 				return ErrInvalidLengthGenerated
 			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			s := string(dAtA[iNdEx:postIndex])
-			m.Path = &s
-			iNdEx = postIndex
-		case 4:
-			if wireType != 0 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Port", wireType)
-			}
-			var v int32
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowGenerated
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				v |= int32(b&0x7F) << shift
-				if b < 0x80 {
-					break
-				}
+			m.Conditions = append(m.Conditions, v1.Condition{})
+			if err := m.Conditions[len(m.Conditions)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
 			}
-			m.Port = &v
+			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
 			skippy, err := skipGenerated(dAtA[iNdEx:])
@@ -2452,7 +6390,7 @@ func (m *ValidatingWebhook) Unmarshal(dAtA []byte) error {
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			m.Rules = append(m.Rules, v1.RuleWithOperations{})
+			m.Rules = append(m.Rules, v11.RuleWithOperations{})
 			if err := m.Rules[len(m.Rules)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
@@ -2520,7 +6458,7 @@ func (m *ValidatingWebhook) Unmarshal(dAtA []byte) error {
 				return io.ErrUnexpectedEOF
 			}
 			if m.NamespaceSelector == nil {
-				m.NamespaceSelector = &v11.LabelSelector{}
+				m.NamespaceSelector = &v1.LabelSelector{}
 			}
 			if err := m.NamespaceSelector.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
@@ -2563,27 +6501,212 @@ func (m *ValidatingWebhook) Unmarshal(dAtA []byte) error {
 			if wireType != 0 {
 				return fmt.Errorf("proto: wrong wireType = %d for field TimeoutSeconds", wireType)
 			}
-			var v int32
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowGenerated
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				v |= int32(b&0x7F) << shift
-				if b < 0x80 {
-					break
-				}
+			var v int32
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				v |= int32(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			m.TimeoutSeconds = &v
+		case 8:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field AdmissionReviewVersions", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.AdmissionReviewVersions = append(m.AdmissionReviewVersions, string(dAtA[iNdEx:postIndex]))
+			iNdEx = postIndex
+		case 9:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field MatchPolicy", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			s := MatchPolicyType(dAtA[iNdEx:postIndex])
+			m.MatchPolicy = &s
+			iNdEx = postIndex
+		case 10:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field ObjectSelector", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.ObjectSelector == nil {
+				m.ObjectSelector = &v1.LabelSelector{}
+			}
+			if err := m.ObjectSelector.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 11:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field MatchConditions", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.MatchConditions = append(m.MatchConditions, MatchCondition{})
+			if err := m.MatchConditions[len(m.MatchConditions)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipGenerated(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *ValidatingWebhookConfiguration) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowGenerated
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
 			}
-			m.TimeoutSeconds = &v
-		case 8:
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: ValidatingWebhookConfiguration: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: ValidatingWebhookConfiguration: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field AdmissionReviewVersions", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field ObjectMeta", wireType)
 			}
-			var stringLen uint64
+			var msglen int
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowGenerated
@@ -2593,29 +6716,30 @@ func (m *ValidatingWebhook) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= uint64(b&0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			intStringLen := int(stringLen)
-			if intStringLen < 0 {
+			if msglen < 0 {
 				return ErrInvalidLengthGenerated
 			}
-			postIndex := iNdEx + intStringLen
+			postIndex := iNdEx + msglen
 			if postIndex < 0 {
 				return ErrInvalidLengthGenerated
 			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			m.AdmissionReviewVersions = append(m.AdmissionReviewVersions, string(dAtA[iNdEx:postIndex]))
+			if err := m.ObjectMeta.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
 			iNdEx = postIndex
-		case 9:
+		case 2:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field MatchPolicy", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field Webhooks", wireType)
 			}
-			var stringLen uint64
+			var msglen int
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowGenerated
@@ -2625,28 +6749,79 @@ func (m *ValidatingWebhook) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= uint64(b&0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			intStringLen := int(stringLen)
-			if intStringLen < 0 {
+			if msglen < 0 {
 				return ErrInvalidLengthGenerated
 			}
-			postIndex := iNdEx + intStringLen
+			postIndex := iNdEx + msglen
 			if postIndex < 0 {
 				return ErrInvalidLengthGenerated
 			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			s := MatchPolicyType(dAtA[iNdEx:postIndex])
-			m.MatchPolicy = &s
+			m.Webhooks = append(m.Webhooks, ValidatingWebhook{})
+			if err := m.Webhooks[len(m.Webhooks)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
 			iNdEx = postIndex
-		case 10:
+		default:
+			iNdEx = preIndex
+			skippy, err := skipGenerated(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *ValidatingWebhookConfigurationList) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowGenerated
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: ValidatingWebhookConfigurationList: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: ValidatingWebhookConfigurationList: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field ObjectSelector", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field ListMeta", wireType)
 			}
 			var msglen int
 			for shift := uint(0); ; shift += 7 {
@@ -2673,16 +6848,13 @@ func (m *ValidatingWebhook) Unmarshal(dAtA []byte) error {
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			if m.ObjectSelector == nil {
-				m.ObjectSelector = &v11.LabelSelector{}
-			}
-			if err := m.ObjectSelector.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+			if err := m.ListMeta.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
 			iNdEx = postIndex
-		case 11:
+		case 2:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field MatchConditions", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field Items", wireType)
 			}
 			var msglen int
 			for shift := uint(0); ; shift += 7 {
@@ -2709,8 +6881,8 @@ func (m *ValidatingWebhook) Unmarshal(dAtA []byte) error {
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			m.MatchConditions = append(m.MatchConditions, MatchCondition{})
-			if err := m.MatchConditions[len(m.MatchConditions)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+			m.Items = append(m.Items, ValidatingWebhookConfiguration{})
+			if err := m.Items[len(m.Items)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
 			iNdEx = postIndex
@@ -2735,7 +6907,7 @@ func (m *ValidatingWebhook) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
-func (m *ValidatingWebhookConfiguration) Unmarshal(dAtA []byte) error {
+func (m *Validation) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
 	for iNdEx < l {
@@ -2758,17 +6930,17 @@ func (m *ValidatingWebhookConfiguration) Unmarshal(dAtA []byte) error {
 		fieldNum := int32(wire >> 3)
 		wireType := int(wire & 0x7)
 		if wireType == 4 {
-			return fmt.Errorf("proto: ValidatingWebhookConfiguration: wiretype end group for non-group")
+			return fmt.Errorf("proto: Validation: wiretype end group for non-group")
 		}
 		if fieldNum <= 0 {
-			return fmt.Errorf("proto: ValidatingWebhookConfiguration: illegal tag %d (wire type %d)", fieldNum, wire)
+			return fmt.Errorf("proto: Validation: illegal tag %d (wire type %d)", fieldNum, wire)
 		}
 		switch fieldNum {
 		case 1:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field ObjectMeta", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field Expression", wireType)
 			}
-			var msglen int
+			var stringLen uint64
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowGenerated
@@ -2778,30 +6950,29 @@ func (m *ValidatingWebhookConfiguration) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= int(b&0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			if msglen < 0 {
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
 				return ErrInvalidLengthGenerated
 			}
-			postIndex := iNdEx + msglen
+			postIndex := iNdEx + intStringLen
 			if postIndex < 0 {
 				return ErrInvalidLengthGenerated
 			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			if err := m.ObjectMeta.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
-				return err
-			}
+			m.Expression = string(dAtA[iNdEx:postIndex])
 			iNdEx = postIndex
 		case 2:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Webhooks", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field Message", wireType)
 			}
-			var msglen int
+			var stringLen uint64
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowGenerated
@@ -2811,25 +6982,88 @@ func (m *ValidatingWebhookConfiguration) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= int(b&0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			if msglen < 0 {
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
 				return ErrInvalidLengthGenerated
 			}
-			postIndex := iNdEx + msglen
+			postIndex := iNdEx + intStringLen
 			if postIndex < 0 {
 				return ErrInvalidLengthGenerated
 			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			m.Webhooks = append(m.Webhooks, ValidatingWebhook{})
-			if err := m.Webhooks[len(m.Webhooks)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
-				return err
+			m.Message = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 3:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Reason", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
 			}
+			s := k8s_io_apimachinery_pkg_apis_meta_v1.StatusReason(dAtA[iNdEx:postIndex])
+			m.Reason = &s
+			iNdEx = postIndex
+		case 4:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field MessageExpression", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.MessageExpression = string(dAtA[iNdEx:postIndex])
 			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
@@ -2852,7 +7086,7 @@ func (m *ValidatingWebhookConfiguration) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
-func (m *ValidatingWebhookConfigurationList) Unmarshal(dAtA []byte) error {
+func (m *Variable) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
 	for iNdEx < l {
@@ -2875,17 +7109,17 @@ func (m *ValidatingWebhookConfigurationList) Unmarshal(dAtA []byte) error {
 		fieldNum := int32(wire >> 3)
 		wireType := int(wire & 0x7)
 		if wireType == 4 {
-			return fmt.Errorf("proto: ValidatingWebhookConfigurationList: wiretype end group for non-group")
+			return fmt.Errorf("proto: Variable: wiretype end group for non-group")
 		}
 		if fieldNum <= 0 {
-			return fmt.Errorf("proto: ValidatingWebhookConfigurationList: illegal tag %d (wire type %d)", fieldNum, wire)
+			return fmt.Errorf("proto: Variable: illegal tag %d (wire type %d)", fieldNum, wire)
 		}
 		switch fieldNum {
 		case 1:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field ListMeta", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType)
 			}
-			var msglen int
+			var stringLen uint64
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowGenerated
@@ -2895,30 +7129,29 @@ func (m *ValidatingWebhookConfigurationList) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= int(b&0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			if msglen < 0 {
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
 				return ErrInvalidLengthGenerated
 			}
-			postIndex := iNdEx + msglen
+			postIndex := iNdEx + intStringLen
 			if postIndex < 0 {
 				return ErrInvalidLengthGenerated
 			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			if err := m.ListMeta.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
-				return err
-			}
+			m.Name = string(dAtA[iNdEx:postIndex])
 			iNdEx = postIndex
 		case 2:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Items", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field Expression", wireType)
 			}
-			var msglen int
+			var stringLen uint64
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowGenerated
@@ -2928,25 +7161,23 @@ func (m *ValidatingWebhookConfigurationList) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= int(b&0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			if msglen < 0 {
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
 				return ErrInvalidLengthGenerated
 			}
-			postIndex := iNdEx + msglen
+			postIndex := iNdEx + intStringLen
 			if postIndex < 0 {
 				return ErrInvalidLengthGenerated
 			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			m.Items = append(m.Items, ValidatingWebhookConfiguration{})
-			if err := m.Items[len(m.Items)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
-				return err
-			}
+			m.Expression = string(dAtA[iNdEx:postIndex])
 			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
diff --git a/vendor/k8s.io/api/admissionregistration/v1beta1/generated.proto b/vendor/k8s.io/api/admissionregistration/v1beta1/generated.proto
index cfd759285..1855cdfc4 100644
--- a/vendor/k8s.io/api/admissionregistration/v1beta1/generated.proto
+++ b/vendor/k8s.io/api/admissionregistration/v1beta1/generated.proto
@@ -29,6 +29,56 @@ import "k8s.io/apimachinery/pkg/runtime/schema/generated.proto";
 // Package-wide variables from generator "generated".
 option go_package = "k8s.io/api/admissionregistration/v1beta1";
 
+// AuditAnnotation describes how to produce an audit annotation for an API request.
+message AuditAnnotation {
+  // key specifies the audit annotation key. The audit annotation keys of
+  // a ValidatingAdmissionPolicy must be unique. The key must be a qualified
+  // name ([A-Za-z0-9][-A-Za-z0-9_.]*) no more than 63 bytes in length.
+  //
+  // The key is combined with the resource name of the
+  // ValidatingAdmissionPolicy to construct an audit annotation key:
+  // "{ValidatingAdmissionPolicy name}/{key}".
+  //
+  // If an admission webhook uses the same resource name as this ValidatingAdmissionPolicy
+  // and the same audit annotation key, the annotation key will be identical.
+  // In this case, the first annotation written with the key will be included
+  // in the audit event and all subsequent annotations with the same key
+  // will be discarded.
+  //
+  // Required.
+  optional string key = 1;
+
+  // valueExpression represents the expression which is evaluated by CEL to
+  // produce an audit annotation value. The expression must evaluate to either
+  // a string or null value. If the expression evaluates to a string, the
+  // audit annotation is included with the string value. If the expression
+  // evaluates to null or empty string the audit annotation will be omitted.
+  // The valueExpression may be no longer than 5kb in length.
+  // If the result of the valueExpression is more than 10kb in length, it
+  // will be truncated to 10kb.
+  //
+  // If multiple ValidatingAdmissionPolicyBinding resources match an
+  // API request, then the valueExpression will be evaluated for
+  // each binding. All unique values produced by the valueExpressions
+  // will be joined together in a comma-separated list.
+  //
+  // Required.
+  optional string valueExpression = 2;
+}
+
+// ExpressionWarning is a warning information that targets a specific expression.
+message ExpressionWarning {
+  // The path to the field that refers the expression.
+  // For example, the reference to the expression of the first item of
+  // validations is "spec.validations[0].expression"
+  optional string fieldRef = 2;
+
+  // The content of type checking information in a human-readable form.
+  // Each line of the warning contains the type that the expression is checked
+  // against, followed by the type check error from the compiler.
+  optional string warning = 3;
+}
+
 // MatchCondition represents a condition which must be fulfilled for a request to be sent to a webhook.
 message MatchCondition {
   // Name is an identifier for this match condition, used for strategic merging of MatchConditions,
@@ -58,6 +108,101 @@ message MatchCondition {
   optional string expression = 2;
 }
 
+// MatchResources decides whether to run the admission control policy on an object based
+// on whether it meets the match criteria.
+// The exclude rules take precedence over include rules (if a resource matches both, it is excluded)
+// +structType=atomic
+message MatchResources {
+  // NamespaceSelector decides whether to run the admission control policy on an object based
+  // on whether the namespace for that object matches the selector. If the
+  // object itself is a namespace, the matching is performed on
+  // object.metadata.labels. If the object is another cluster scoped resource,
+  // it never skips the policy.
+  //
+  // For example, to run the webhook on any objects whose namespace is not
+  // associated with "runlevel" of "0" or "1";  you will set the selector as
+  // follows:
+  // "namespaceSelector": {
+  //   "matchExpressions": [
+  //     {
+  //       "key": "runlevel",
+  //       "operator": "NotIn",
+  //       "values": [
+  //         "0",
+  //         "1"
+  //       ]
+  //     }
+  //   ]
+  // }
+  //
+  // If instead you want to only run the policy on any objects whose
+  // namespace is associated with the "environment" of "prod" or "staging";
+  // you will set the selector as follows:
+  // "namespaceSelector": {
+  //   "matchExpressions": [
+  //     {
+  //       "key": "environment",
+  //       "operator": "In",
+  //       "values": [
+  //         "prod",
+  //         "staging"
+  //       ]
+  //     }
+  //   ]
+  // }
+  //
+  // See
+  // https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
+  // for more examples of label selectors.
+  //
+  // Default to the empty LabelSelector, which matches everything.
+  // +optional
+  optional k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector namespaceSelector = 1;
+
+  // ObjectSelector decides whether to run the validation based on if the
+  // object has matching labels. objectSelector is evaluated against both
+  // the oldObject and newObject that would be sent to the cel validation, and
+  // is considered to match if either object matches the selector. A null
+  // object (oldObject in the case of create, or newObject in the case of
+  // delete) or an object that cannot have labels (like a
+  // DeploymentRollback or a PodProxyOptions object) is not considered to
+  // match.
+  // Use the object selector only if the webhook is opt-in, because end
+  // users may skip the admission webhook by setting the labels.
+  // Default to the empty LabelSelector, which matches everything.
+  // +optional
+  optional k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector objectSelector = 2;
+
+  // ResourceRules describes what operations on what resources/subresources the ValidatingAdmissionPolicy matches.
+  // The policy cares about an operation if it matches _any_ Rule.
+  // +listType=atomic
+  // +optional
+  repeated NamedRuleWithOperations resourceRules = 3;
+
+  // ExcludeResourceRules describes what operations on what resources/subresources the ValidatingAdmissionPolicy should not care about.
+  // The exclude rules take precedence over include rules (if a resource matches both, it is excluded)
+  // +listType=atomic
+  // +optional
+  repeated NamedRuleWithOperations excludeResourceRules = 4;
+
+  // matchPolicy defines how the "MatchResources" list is used to match incoming requests.
+  // Allowed values are "Exact" or "Equivalent".
+  //
+  // - Exact: match a request only if it exactly matches a specified rule.
+  // For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1,
+  // but "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`,
+  // a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the ValidatingAdmissionPolicy.
+  //
+  // - Equivalent: match a request if modifies a resource listed in rules, even via another API group or version.
+  // For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1,
+  // and "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`,
+  // a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the ValidatingAdmissionPolicy.
+  //
+  // Defaults to "Equivalent"
+  // +optional
+  optional string matchPolicy = 7;
+}
+
 // MutatingWebhook describes an admission webhook and the resources and operations it applies to.
 message MutatingWebhook {
   // The name of the admission webhook.
@@ -219,7 +364,7 @@ message MutatingWebhook {
   //      - If failurePolicy=Fail, reject the request
   //      - If failurePolicy=Ignore, the error is ignored and the webhook is skipped
   //
-  // This is an alpha feature and managed by the AdmissionWebhookMatchConditions feature gate.
+  // This is a beta feature and managed by the AdmissionWebhookMatchConditions feature gate.
   //
   // +patchMergeKey=name
   // +patchStrategy=merge
@@ -255,6 +400,88 @@ message MutatingWebhookConfigurationList {
   repeated MutatingWebhookConfiguration items = 2;
 }
 
+// NamedRuleWithOperations is a tuple of Operations and Resources with ResourceNames.
+// +structType=atomic
+message NamedRuleWithOperations {
+  // ResourceNames is an optional white list of names that the rule applies to.  An empty set means that everything is allowed.
+  // +listType=atomic
+  // +optional
+  repeated string resourceNames = 1;
+
+  // RuleWithOperations is a tuple of Operations and Resources.
+  optional k8s.io.api.admissionregistration.v1.RuleWithOperations ruleWithOperations = 2;
+}
+
+// ParamKind is a tuple of Group Kind and Version.
+// +structType=atomic
+message ParamKind {
+  // APIVersion is the API group version the resources belong to.
+  // In format of "group/version".
+  // Required.
+  optional string apiVersion = 1;
+
+  // Kind is the API kind the resources belong to.
+  // Required.
+  optional string kind = 2;
+}
+
+// ParamRef describes how to locate the params to be used as input to
+// expressions of rules applied by a policy binding.
+// +structType=atomic
+message ParamRef {
+  // name is the name of the resource being referenced.
+  //
+  // One of `name` or `selector` must be set, but `name` and `selector` are
+  // mutually exclusive properties. If one is set, the other must be unset.
+  //
+  // A single parameter used for all admission requests can be configured
+  // by setting the `name` field, leaving `selector` blank, and setting namespace
+  // if `paramKind` is namespace-scoped.
+  optional string name = 1;
+
+  // namespace is the namespace of the referenced resource. Allows limiting
+  // the search for params to a specific namespace. Applies to both `name` and
+  // `selector` fields.
+  //
+  // A per-namespace parameter may be used by specifying a namespace-scoped
+  // `paramKind` in the policy and leaving this field empty.
+  //
+  // - If `paramKind` is cluster-scoped, this field MUST be unset. Setting this
+  // field results in a configuration error.
+  //
+  // - If `paramKind` is namespace-scoped, the namespace of the object being
+  // evaluated for admission will be used when this field is left unset. Take
+  // care that if this is left empty the binding must not match any cluster-scoped
+  // resources, which will result in an error.
+  //
+  // +optional
+  optional string namespace = 2;
+
+  // selector can be used to match multiple param objects based on their labels.
+  // Supply selector: {} to match all resources of the ParamKind.
+  //
+  // If multiple params are found, they are all evaluated with the policy expressions
+  // and the results are ANDed together.
+  //
+  // One of `name` or `selector` must be set, but `name` and `selector` are
+  // mutually exclusive properties. If one is set, the other must be unset.
+  //
+  // +optional
+  optional k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector selector = 3;
+
+  // `parameterNotFoundAction` controls the behavior of the binding when the resource
+  // exists, and name or selector is valid, but there are no parameters
+  // matched by the binding. If the value is set to `Allow`, then no
+  // matched parameters will be treated as successful validation by the binding.
+  // If set to `Deny`, then no matched parameters will be subject to the
+  // `failurePolicy` of the policy.
+  //
+  // Allowed values are `Allow` or `Deny`
+  //
+  // Required
+  optional string parameterNotFoundAction = 4;
+}
+
 // ServiceReference holds a reference to Service.legacy.k8s.io
 message ServiceReference {
   // `namespace` is the namespace of the service.
@@ -277,6 +504,248 @@ message ServiceReference {
   optional int32 port = 4;
 }
 
+// TypeChecking contains results of type checking the expressions in the
+// ValidatingAdmissionPolicy
+message TypeChecking {
+  // The type checking warnings for each expression.
+  // +optional
+  // +listType=atomic
+  repeated ExpressionWarning expressionWarnings = 1;
+}
+
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+// +genclient
+// +genclient:nonNamespaced
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+// +k8s:prerelease-lifecycle-gen:introduced=1.28
+// ValidatingAdmissionPolicy describes the definition of an admission validation policy that accepts or rejects an object without changing it.
+message ValidatingAdmissionPolicy {
+  // Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
+  // +optional
+  optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
+
+  // Specification of the desired behavior of the ValidatingAdmissionPolicy.
+  optional ValidatingAdmissionPolicySpec spec = 2;
+
+  // The status of the ValidatingAdmissionPolicy, including warnings that are useful to determine if the policy
+  // behaves in the expected way.
+  // Populated by the system.
+  // Read-only.
+  // +optional
+  optional ValidatingAdmissionPolicyStatus status = 3;
+}
+
+// ValidatingAdmissionPolicyBinding binds the ValidatingAdmissionPolicy with paramerized resources.
+// ValidatingAdmissionPolicyBinding and parameter CRDs together define how cluster administrators configure policies for clusters.
+//
+// For a given admission request, each binding will cause its policy to be
+// evaluated N times, where N is 1 for policies/bindings that don't use
+// params, otherwise N is the number of parameters selected by the binding.
+//
+// The CEL expressions of a policy must have a computed CEL cost below the maximum
+// CEL budget. Each evaluation of the policy is given an independent CEL cost budget.
+// Adding/removing policies, bindings, or params can not affect whether a
+// given (policy, binding, param) combination is within its own CEL budget.
+message ValidatingAdmissionPolicyBinding {
+  // Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
+  // +optional
+  optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
+
+  // Specification of the desired behavior of the ValidatingAdmissionPolicyBinding.
+  optional ValidatingAdmissionPolicyBindingSpec spec = 2;
+}
+
+// ValidatingAdmissionPolicyBindingList is a list of ValidatingAdmissionPolicyBinding.
+message ValidatingAdmissionPolicyBindingList {
+  // Standard list metadata.
+  // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+  // +optional
+  optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1;
+
+  // List of PolicyBinding.
+  repeated ValidatingAdmissionPolicyBinding items = 2;
+}
+
+// ValidatingAdmissionPolicyBindingSpec is the specification of the ValidatingAdmissionPolicyBinding.
+message ValidatingAdmissionPolicyBindingSpec {
+  // PolicyName references a ValidatingAdmissionPolicy name which the ValidatingAdmissionPolicyBinding binds to.
+  // If the referenced resource does not exist, this binding is considered invalid and will be ignored
+  // Required.
+  optional string policyName = 1;
+
+  // paramRef specifies the parameter resource used to configure the admission control policy.
+  // It should point to a resource of the type specified in ParamKind of the bound ValidatingAdmissionPolicy.
+  // If the policy specifies a ParamKind and the resource referred to by ParamRef does not exist, this binding is considered mis-configured and the FailurePolicy of the ValidatingAdmissionPolicy applied.
+  // If the policy does not specify a ParamKind then this field is ignored, and the rules are evaluated without a param.
+  // +optional
+  optional ParamRef paramRef = 2;
+
+  // MatchResources declares what resources match this binding and will be validated by it.
+  // Note that this is intersected with the policy's matchConstraints, so only requests that are matched by the policy can be selected by this.
+  // If this is unset, all resources matched by the policy are validated by this binding
+  // When resourceRules is unset, it does not constrain resource matching. If a resource is matched by the other fields of this object, it will be validated.
+  // Note that this is differs from ValidatingAdmissionPolicy matchConstraints, where resourceRules are required.
+  // +optional
+  optional MatchResources matchResources = 3;
+
+  // validationActions declares how Validations of the referenced ValidatingAdmissionPolicy are enforced.
+  // If a validation evaluates to false it is always enforced according to these actions.
+  //
+  // Failures defined by the ValidatingAdmissionPolicy's FailurePolicy are enforced according
+  // to these actions only if the FailurePolicy is set to Fail, otherwise the failures are
+  // ignored. This includes compilation errors, runtime errors and misconfigurations of the policy.
+  //
+  // validationActions is declared as a set of action values. Order does
+  // not matter. validationActions may not contain duplicates of the same action.
+  //
+  // The supported actions values are:
+  //
+  // "Deny" specifies that a validation failure results in a denied request.
+  //
+  // "Warn" specifies that a validation failure is reported to the request client
+  // in HTTP Warning headers, with a warning code of 299. Warnings can be sent
+  // both for allowed or denied admission responses.
+  //
+  // "Audit" specifies that a validation failure is included in the published
+  // audit event for the request. The audit event will contain a
+  // `validation.policy.admission.k8s.io/validation_failure` audit annotation
+  // with a value containing the details of the validation failures, formatted as
+  // a JSON list of objects, each with the following fields:
+  // - message: The validation failure message string
+  // - policy: The resource name of the ValidatingAdmissionPolicy
+  // - binding: The resource name of the ValidatingAdmissionPolicyBinding
+  // - expressionIndex: The index of the failed validations in the ValidatingAdmissionPolicy
+  // - validationActions: The enforcement actions enacted for the validation failure
+  // Example audit annotation:
+  // `"validation.policy.admission.k8s.io/validation_failure": "[{\"message\": \"Invalid value\", {\"policy\": \"policy.example.com\", {\"binding\": \"policybinding.example.com\", {\"expressionIndex\": \"1\", {\"validationActions\": [\"Audit\"]}]"`
+  //
+  // Clients should expect to handle additional values by ignoring
+  // any values not recognized.
+  //
+  // "Deny" and "Warn" may not be used together since this combination
+  // needlessly duplicates the validation failure both in the
+  // API response body and the HTTP warning headers.
+  //
+  // Required.
+  // +listType=set
+  repeated string validationActions = 4;
+}
+
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+// +k8s:prerelease-lifecycle-gen:introduced=1.28
+// ValidatingAdmissionPolicyList is a list of ValidatingAdmissionPolicy.
+message ValidatingAdmissionPolicyList {
+  // Standard list metadata.
+  // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+  // +optional
+  optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1;
+
+  // List of ValidatingAdmissionPolicy.
+  repeated ValidatingAdmissionPolicy items = 2;
+}
+
+// ValidatingAdmissionPolicySpec is the specification of the desired behavior of the AdmissionPolicy.
+message ValidatingAdmissionPolicySpec {
+  // ParamKind specifies the kind of resources used to parameterize this policy.
+  // If absent, there are no parameters for this policy and the param CEL variable will not be provided to validation expressions.
+  // If ParamKind refers to a non-existent kind, this policy definition is mis-configured and the FailurePolicy is applied.
+  // If paramKind is specified but paramRef is unset in ValidatingAdmissionPolicyBinding, the params variable will be null.
+  // +optional
+  optional ParamKind paramKind = 1;
+
+  // MatchConstraints specifies what resources this policy is designed to validate.
+  // The AdmissionPolicy cares about a request if it matches _all_ Constraints.
+  // However, in order to prevent clusters from being put into an unstable state that cannot be recovered from via the API
+  // ValidatingAdmissionPolicy cannot match ValidatingAdmissionPolicy and ValidatingAdmissionPolicyBinding.
+  // Required.
+  optional MatchResources matchConstraints = 2;
+
+  // Validations contain CEL expressions which is used to apply the validation.
+  // Validations and AuditAnnotations may not both be empty; a minimum of one Validations or AuditAnnotations is
+  // required.
+  // +listType=atomic
+  // +optional
+  repeated Validation validations = 3;
+
+  // failurePolicy defines how to handle failures for the admission policy. Failures can
+  // occur from CEL expression parse errors, type check errors, runtime errors and invalid
+  // or mis-configured policy definitions or bindings.
+  //
+  // A policy is invalid if spec.paramKind refers to a non-existent Kind.
+  // A binding is invalid if spec.paramRef.name refers to a non-existent resource.
+  //
+  // failurePolicy does not define how validations that evaluate to false are handled.
+  //
+  // When failurePolicy is set to Fail, ValidatingAdmissionPolicyBinding validationActions
+  // define how failures are enforced.
+  //
+  // Allowed values are Ignore or Fail. Defaults to Fail.
+  // +optional
+  optional string failurePolicy = 4;
+
+  // auditAnnotations contains CEL expressions which are used to produce audit
+  // annotations for the audit event of the API request.
+  // validations and auditAnnotations may not both be empty; a least one of validations or auditAnnotations is
+  // required.
+  // +listType=atomic
+  // +optional
+  repeated AuditAnnotation auditAnnotations = 5;
+
+  // MatchConditions is a list of conditions that must be met for a request to be validated.
+  // Match conditions filter requests that have already been matched by the rules,
+  // namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests.
+  // There are a maximum of 64 match conditions allowed.
+  //
+  // If a parameter object is provided, it can be accessed via the `params` handle in the same
+  // manner as validation expressions.
+  //
+  // The exact matching logic is (in order):
+  //   1. If ANY matchCondition evaluates to FALSE, the policy is skipped.
+  //   2. If ALL matchConditions evaluate to TRUE, the policy is evaluated.
+  //   3. If any matchCondition evaluates to an error (but none are FALSE):
+  //      - If failurePolicy=Fail, reject the request
+  //      - If failurePolicy=Ignore, the policy is skipped
+  //
+  // +patchMergeKey=name
+  // +patchStrategy=merge
+  // +listType=map
+  // +listMapKey=name
+  // +optional
+  repeated MatchCondition matchConditions = 6;
+
+  // Variables contain definitions of variables that can be used in composition of other expressions.
+  // Each variable is defined as a named CEL expression.
+  // The variables defined here will be available under `variables` in other expressions of the policy
+  // except MatchConditions because MatchConditions are evaluated before the rest of the policy.
+  //
+  // The expression of a variable can refer to other variables defined earlier in the list but not those after.
+  // Thus, Variables must be sorted by the order of first appearance and acyclic.
+  // +patchMergeKey=name
+  // +patchStrategy=merge
+  // +listType=map
+  // +listMapKey=name
+  // +optional
+  repeated Variable variables = 7;
+}
+
+// ValidatingAdmissionPolicyStatus represents the status of an admission validation policy.
+message ValidatingAdmissionPolicyStatus {
+  // The generation observed by the controller.
+  // +optional
+  optional int64 observedGeneration = 1;
+
+  // The results of type checking for each expression.
+  // Presence of this field indicates the completion of the type checking.
+  // +optional
+  optional TypeChecking typeChecking = 2;
+
+  // The conditions represent the latest available observations of a policy's current state.
+  // +optional
+  // +listType=map
+  // +listMapKey=type
+  repeated k8s.io.apimachinery.pkg.apis.meta.v1.Condition conditions = 3;
+}
+
 // ValidatingWebhook describes an admission webhook and the resources and operations it applies to.
 message ValidatingWebhook {
   // The name of the admission webhook.
@@ -420,7 +889,7 @@ message ValidatingWebhook {
   //      - If failurePolicy=Fail, reject the request
   //      - If failurePolicy=Ignore, the error is ignored and the webhook is skipped
   //
-  // This is an alpha feature and managed by the AdmissionWebhookMatchConditions feature gate.
+  // This is a beta feature and managed by the AdmissionWebhookMatchConditions feature gate.
   //
   // +patchMergeKey=name
   // +patchStrategy=merge
@@ -456,6 +925,97 @@ message ValidatingWebhookConfigurationList {
   repeated ValidatingWebhookConfiguration items = 2;
 }
 
+// Validation specifies the CEL expression which is used to apply the validation.
+message Validation {
+  // Expression represents the expression which will be evaluated by CEL.
+  // ref: https://github.com/google/cel-spec
+  // CEL expressions have access to the contents of the API request/response, organized into CEL variables as well as some other useful variables:
+  //
+  // - 'object' - The object from the incoming request. The value is null for DELETE requests.
+  // - 'oldObject' - The existing object. The value is null for CREATE requests.
+  // - 'request' - Attributes of the API request([ref](/pkg/apis/admission/types.go#AdmissionRequest)).
+  // - 'params' - Parameter resource referred to by the policy binding being evaluated. Only populated if the policy has a ParamKind.
+  // - 'namespaceObject' - The namespace object that the incoming object belongs to. The value is null for cluster-scoped resources.
+  // - 'variables' - Map of composited variables, from its name to its lazily evaluated value.
+  //   For example, a variable named 'foo' can be accessed as 'variables.foo'.
+  // - 'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request.
+  //   See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz
+  // - 'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the
+  //   request resource.
+  //
+  // The `apiVersion`, `kind`, `metadata.name` and `metadata.generateName` are always accessible from the root of the
+  // object. No other metadata properties are accessible.
+  //
+  // Only property names of the form `[a-zA-Z_.-/][a-zA-Z0-9_.-/]*` are accessible.
+  // Accessible property names are escaped according to the following rules when accessed in the expression:
+  // - '__' escapes to '__underscores__'
+  // - '.' escapes to '__dot__'
+  // - '-' escapes to '__dash__'
+  // - '/' escapes to '__slash__'
+  // - Property names that exactly match a CEL RESERVED keyword escape to '__{keyword}__'. The keywords are:
+  // 	  "true", "false", "null", "in", "as", "break", "const", "continue", "else", "for", "function", "if",
+  // 	  "import", "let", "loop", "package", "namespace", "return".
+  // Examples:
+  //   - Expression accessing a property named "namespace": {"Expression": "object.__namespace__ > 0"}
+  //   - Expression accessing a property named "x-prop": {"Expression": "object.x__dash__prop > 0"}
+  //   - Expression accessing a property named "redact__d": {"Expression": "object.redact__underscores__d > 0"}
+  //
+  // Equality on arrays with list type of 'set' or 'map' ignores element order, i.e. [1, 2] == [2, 1].
+  // Concatenation on arrays with x-kubernetes-list-type use the semantics of the list type:
+  //   - 'set': `X + Y` performs a union where the array positions of all elements in `X` are preserved and
+  //     non-intersecting elements in `Y` are appended, retaining their partial order.
+  //   - 'map': `X + Y` performs a merge where the array positions of all keys in `X` are preserved but the values
+  //     are overwritten by values in `Y` when the key sets of `X` and `Y` intersect. Elements in `Y` with
+  //     non-intersecting keys are appended, retaining their partial order.
+  // Required.
+  optional string Expression = 1;
+
+  // Message represents the message displayed when validation fails. The message is required if the Expression contains
+  // line breaks. The message must not contain line breaks.
+  // If unset, the message is "failed rule: {Rule}".
+  // e.g. "must be a URL with the host matching spec.host"
+  // If the Expression contains line breaks. Message is required.
+  // The message must not contain line breaks.
+  // If unset, the message is "failed Expression: {Expression}".
+  // +optional
+  optional string message = 2;
+
+  // Reason represents a machine-readable description of why this validation failed.
+  // If this is the first validation in the list to fail, this reason, as well as the
+  // corresponding HTTP response code, are used in the
+  // HTTP response to the client.
+  // The currently supported reasons are: "Unauthorized", "Forbidden", "Invalid", "RequestEntityTooLarge".
+  // If not set, StatusReasonInvalid is used in the response to the client.
+  // +optional
+  optional string reason = 3;
+
+  // messageExpression declares a CEL expression that evaluates to the validation failure message that is returned when this rule fails.
+  // Since messageExpression is used as a failure message, it must evaluate to a string.
+  // If both message and messageExpression are present on a validation, then messageExpression will be used if validation fails.
+  // If messageExpression results in a runtime error, the runtime error is logged, and the validation failure message is produced
+  // as if the messageExpression field were unset. If messageExpression evaluates to an empty string, a string with only spaces, or a string
+  // that contains line breaks, then the validation failure message will also be produced as if the messageExpression field were unset, and
+  // the fact that messageExpression produced an empty string/string with only spaces/string with line breaks will be logged.
+  // messageExpression has access to all the same variables as the `expression` except for 'authorizer' and 'authorizer.requestResource'.
+  // Example:
+  // "object.x must be less than max ("+string(params.max)+")"
+  // +optional
+  optional string messageExpression = 4;
+}
+
+// Variable is the definition of a variable that is used for composition. A variable is defined as a named expression.
+// +structType=atomic
+message Variable {
+  // Name is the name of the variable. The name must be a valid CEL identifier and unique among all variables.
+  // The variable can be accessed in other expressions through `variables`
+  // For example, if name is "foo", the variable will be available as `variables.foo`
+  optional string Name = 1;
+
+  // Expression is the expression that will be evaluated as the value of the variable.
+  // The CEL expression has access to the same identifiers as the CEL expressions in Validation.
+  optional string Expression = 2;
+}
+
 // WebhookClientConfig contains the information to make a TLS
 // connection with the webhook
 message WebhookClientConfig {
diff --git a/vendor/k8s.io/api/admissionregistration/v1beta1/register.go b/vendor/k8s.io/api/admissionregistration/v1beta1/register.go
index 098744cf6..363233a2f 100644
--- a/vendor/k8s.io/api/admissionregistration/v1beta1/register.go
+++ b/vendor/k8s.io/api/admissionregistration/v1beta1/register.go
@@ -50,6 +50,10 @@ func addKnownTypes(scheme *runtime.Scheme) error {
 		&ValidatingWebhookConfigurationList{},
 		&MutatingWebhookConfiguration{},
 		&MutatingWebhookConfigurationList{},
+		&ValidatingAdmissionPolicy{},
+		&ValidatingAdmissionPolicyList{},
+		&ValidatingAdmissionPolicyBinding{},
+		&ValidatingAdmissionPolicyBindingList{},
 	)
 	metav1.AddToGroupVersion(scheme, SchemeGroupVersion)
 	return nil
diff --git a/vendor/k8s.io/api/admissionregistration/v1beta1/types.go b/vendor/k8s.io/api/admissionregistration/v1beta1/types.go
index 82ee7df9b..c199702fb 100644
--- a/vendor/k8s.io/api/admissionregistration/v1beta1/types.go
+++ b/vendor/k8s.io/api/admissionregistration/v1beta1/types.go
@@ -38,6 +38,18 @@ const (
 	AllScopes ScopeType = v1.AllScopes
 )
 
+// ParameterNotFoundActionType specifies a failure policy that defines how a binding
+// is evaluated when the param referred by its perNamespaceParamRef is not found.
+type ParameterNotFoundActionType string
+
+const (
+	// Allow means all requests will be admitted if no param resources
+	// could be found.
+	AllowAction ParameterNotFoundActionType = "Allow"
+	// Deny means all requests will be denied if no param resources are found.
+	DenyAction ParameterNotFoundActionType = "Deny"
+)
+
 // FailurePolicyType specifies a failure policy that defines how unrecognized errors from the admission endpoint are handled.
 type FailurePolicyType string
 
@@ -75,6 +87,584 @@ const (
 	SideEffectClassNoneOnDryRun SideEffectClass = "NoneOnDryRun"
 )
 
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+// +genclient
+// +genclient:nonNamespaced
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+// +k8s:prerelease-lifecycle-gen:introduced=1.28
+// ValidatingAdmissionPolicy describes the definition of an admission validation policy that accepts or rejects an object without changing it.
+type ValidatingAdmissionPolicy struct {
+	metav1.TypeMeta `json:",inline"`
+	// Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
+	// +optional
+	metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`
+	// Specification of the desired behavior of the ValidatingAdmissionPolicy.
+	Spec ValidatingAdmissionPolicySpec `json:"spec,omitempty" protobuf:"bytes,2,opt,name=spec"`
+	// The status of the ValidatingAdmissionPolicy, including warnings that are useful to determine if the policy
+	// behaves in the expected way.
+	// Populated by the system.
+	// Read-only.
+	// +optional
+	Status ValidatingAdmissionPolicyStatus `json:"status,omitempty" protobuf:"bytes,3,opt,name=status"`
+}
+
+// ValidatingAdmissionPolicyStatus represents the status of an admission validation policy.
+type ValidatingAdmissionPolicyStatus struct {
+	// The generation observed by the controller.
+	// +optional
+	ObservedGeneration int64 `json:"observedGeneration,omitempty" protobuf:"varint,1,opt,name=observedGeneration"`
+	// The results of type checking for each expression.
+	// Presence of this field indicates the completion of the type checking.
+	// +optional
+	TypeChecking *TypeChecking `json:"typeChecking,omitempty" protobuf:"bytes,2,opt,name=typeChecking"`
+	// The conditions represent the latest available observations of a policy's current state.
+	// +optional
+	// +listType=map
+	// +listMapKey=type
+	Conditions []metav1.Condition `json:"conditions,omitempty" protobuf:"bytes,3,rep,name=conditions"`
+}
+
+// ValidatingAdmissionPolicyConditionType is the condition type of admission validation policy.
+type ValidatingAdmissionPolicyConditionType string
+
+// TypeChecking contains results of type checking the expressions in the
+// ValidatingAdmissionPolicy
+type TypeChecking struct {
+	// The type checking warnings for each expression.
+	// +optional
+	// +listType=atomic
+	ExpressionWarnings []ExpressionWarning `json:"expressionWarnings,omitempty" protobuf:"bytes,1,rep,name=expressionWarnings"`
+}
+
+// ExpressionWarning is a warning information that targets a specific expression.
+type ExpressionWarning struct {
+	// The path to the field that refers the expression.
+	// For example, the reference to the expression of the first item of
+	// validations is "spec.validations[0].expression"
+	FieldRef string `json:"fieldRef" protobuf:"bytes,2,opt,name=fieldRef"`
+	// The content of type checking information in a human-readable form.
+	// Each line of the warning contains the type that the expression is checked
+	// against, followed by the type check error from the compiler.
+	Warning string `json:"warning" protobuf:"bytes,3,opt,name=warning"`
+}
+
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+// +k8s:prerelease-lifecycle-gen:introduced=1.28
+// ValidatingAdmissionPolicyList is a list of ValidatingAdmissionPolicy.
+type ValidatingAdmissionPolicyList struct {
+	metav1.TypeMeta `json:",inline"`
+	// Standard list metadata.
+	// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+	// +optional
+	metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`
+	// List of ValidatingAdmissionPolicy.
+	Items []ValidatingAdmissionPolicy `json:"items,omitempty" protobuf:"bytes,2,rep,name=items"`
+}
+
+// ValidatingAdmissionPolicySpec is the specification of the desired behavior of the AdmissionPolicy.
+type ValidatingAdmissionPolicySpec struct {
+	// ParamKind specifies the kind of resources used to parameterize this policy.
+	// If absent, there are no parameters for this policy and the param CEL variable will not be provided to validation expressions.
+	// If ParamKind refers to a non-existent kind, this policy definition is mis-configured and the FailurePolicy is applied.
+	// If paramKind is specified but paramRef is unset in ValidatingAdmissionPolicyBinding, the params variable will be null.
+	// +optional
+	ParamKind *ParamKind `json:"paramKind,omitempty" protobuf:"bytes,1,rep,name=paramKind"`
+
+	// MatchConstraints specifies what resources this policy is designed to validate.
+	// The AdmissionPolicy cares about a request if it matches _all_ Constraints.
+	// However, in order to prevent clusters from being put into an unstable state that cannot be recovered from via the API
+	// ValidatingAdmissionPolicy cannot match ValidatingAdmissionPolicy and ValidatingAdmissionPolicyBinding.
+	// Required.
+	MatchConstraints *MatchResources `json:"matchConstraints,omitempty" protobuf:"bytes,2,rep,name=matchConstraints"`
+
+	// Validations contain CEL expressions which is used to apply the validation.
+	// Validations and AuditAnnotations may not both be empty; a minimum of one Validations or AuditAnnotations is
+	// required.
+	// +listType=atomic
+	// +optional
+	Validations []Validation `json:"validations,omitempty" protobuf:"bytes,3,rep,name=validations"`
+
+	// failurePolicy defines how to handle failures for the admission policy. Failures can
+	// occur from CEL expression parse errors, type check errors, runtime errors and invalid
+	// or mis-configured policy definitions or bindings.
+	//
+	// A policy is invalid if spec.paramKind refers to a non-existent Kind.
+	// A binding is invalid if spec.paramRef.name refers to a non-existent resource.
+	//
+	// failurePolicy does not define how validations that evaluate to false are handled.
+	//
+	// When failurePolicy is set to Fail, ValidatingAdmissionPolicyBinding validationActions
+	// define how failures are enforced.
+	//
+	// Allowed values are Ignore or Fail. Defaults to Fail.
+	// +optional
+	FailurePolicy *FailurePolicyType `json:"failurePolicy,omitempty" protobuf:"bytes,4,opt,name=failurePolicy,casttype=FailurePolicyType"`
+
+	// auditAnnotations contains CEL expressions which are used to produce audit
+	// annotations for the audit event of the API request.
+	// validations and auditAnnotations may not both be empty; a least one of validations or auditAnnotations is
+	// required.
+	// +listType=atomic
+	// +optional
+	AuditAnnotations []AuditAnnotation `json:"auditAnnotations,omitempty" protobuf:"bytes,5,rep,name=auditAnnotations"`
+
+	// MatchConditions is a list of conditions that must be met for a request to be validated.
+	// Match conditions filter requests that have already been matched by the rules,
+	// namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests.
+	// There are a maximum of 64 match conditions allowed.
+	//
+	// If a parameter object is provided, it can be accessed via the `params` handle in the same
+	// manner as validation expressions.
+	//
+	// The exact matching logic is (in order):
+	//   1. If ANY matchCondition evaluates to FALSE, the policy is skipped.
+	//   2. If ALL matchConditions evaluate to TRUE, the policy is evaluated.
+	//   3. If any matchCondition evaluates to an error (but none are FALSE):
+	//      - If failurePolicy=Fail, reject the request
+	//      - If failurePolicy=Ignore, the policy is skipped
+	//
+	// +patchMergeKey=name
+	// +patchStrategy=merge
+	// +listType=map
+	// +listMapKey=name
+	// +optional
+	MatchConditions []MatchCondition `json:"matchConditions,omitempty" patchStrategy:"merge" patchMergeKey:"name" protobuf:"bytes,6,rep,name=matchConditions"`
+
+	// Variables contain definitions of variables that can be used in composition of other expressions.
+	// Each variable is defined as a named CEL expression.
+	// The variables defined here will be available under `variables` in other expressions of the policy
+	// except MatchConditions because MatchConditions are evaluated before the rest of the policy.
+	//
+	// The expression of a variable can refer to other variables defined earlier in the list but not those after.
+	// Thus, Variables must be sorted by the order of first appearance and acyclic.
+	// +patchMergeKey=name
+	// +patchStrategy=merge
+	// +listType=map
+	// +listMapKey=name
+	// +optional
+	Variables []Variable `json:"variables" patchStrategy:"merge" patchMergeKey:"name" protobuf:"bytes,7,rep,name=variables"`
+}
+
+// ParamKind is a tuple of Group Kind and Version.
+// +structType=atomic
+type ParamKind struct {
+	// APIVersion is the API group version the resources belong to.
+	// In format of "group/version".
+	// Required.
+	APIVersion string `json:"apiVersion,omitempty" protobuf:"bytes,1,rep,name=apiVersion"`
+
+	// Kind is the API kind the resources belong to.
+	// Required.
+	Kind string `json:"kind,omitempty" protobuf:"bytes,2,rep,name=kind"`
+}
+
+// Validation specifies the CEL expression which is used to apply the validation.
+type Validation struct {
+	// Expression represents the expression which will be evaluated by CEL.
+	// ref: https://github.com/google/cel-spec
+	// CEL expressions have access to the contents of the API request/response, organized into CEL variables as well as some other useful variables:
+	//
+	// - 'object' - The object from the incoming request. The value is null for DELETE requests.
+	// - 'oldObject' - The existing object. The value is null for CREATE requests.
+	// - 'request' - Attributes of the API request([ref](/pkg/apis/admission/types.go#AdmissionRequest)).
+	// - 'params' - Parameter resource referred to by the policy binding being evaluated. Only populated if the policy has a ParamKind.
+	// - 'namespaceObject' - The namespace object that the incoming object belongs to. The value is null for cluster-scoped resources.
+	// - 'variables' - Map of composited variables, from its name to its lazily evaluated value.
+	//   For example, a variable named 'foo' can be accessed as 'variables.foo'.
+	// - 'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request.
+	//   See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz
+	// - 'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the
+	//   request resource.
+	//
+	// The `apiVersion`, `kind`, `metadata.name` and `metadata.generateName` are always accessible from the root of the
+	// object. No other metadata properties are accessible.
+	//
+	// Only property names of the form `[a-zA-Z_.-/][a-zA-Z0-9_.-/]*` are accessible.
+	// Accessible property names are escaped according to the following rules when accessed in the expression:
+	// - '__' escapes to '__underscores__'
+	// - '.' escapes to '__dot__'
+	// - '-' escapes to '__dash__'
+	// - '/' escapes to '__slash__'
+	// - Property names that exactly match a CEL RESERVED keyword escape to '__{keyword}__'. The keywords are:
+	//	  "true", "false", "null", "in", "as", "break", "const", "continue", "else", "for", "function", "if",
+	//	  "import", "let", "loop", "package", "namespace", "return".
+	// Examples:
+	//   - Expression accessing a property named "namespace": {"Expression": "object.__namespace__ > 0"}
+	//   - Expression accessing a property named "x-prop": {"Expression": "object.x__dash__prop > 0"}
+	//   - Expression accessing a property named "redact__d": {"Expression": "object.redact__underscores__d > 0"}
+	//
+	// Equality on arrays with list type of 'set' or 'map' ignores element order, i.e. [1, 2] == [2, 1].
+	// Concatenation on arrays with x-kubernetes-list-type use the semantics of the list type:
+	//   - 'set': `X + Y` performs a union where the array positions of all elements in `X` are preserved and
+	//     non-intersecting elements in `Y` are appended, retaining their partial order.
+	//   - 'map': `X + Y` performs a merge where the array positions of all keys in `X` are preserved but the values
+	//     are overwritten by values in `Y` when the key sets of `X` and `Y` intersect. Elements in `Y` with
+	//     non-intersecting keys are appended, retaining their partial order.
+	// Required.
+	Expression string `json:"expression" protobuf:"bytes,1,opt,name=Expression"`
+	// Message represents the message displayed when validation fails. The message is required if the Expression contains
+	// line breaks. The message must not contain line breaks.
+	// If unset, the message is "failed rule: {Rule}".
+	// e.g. "must be a URL with the host matching spec.host"
+	// If the Expression contains line breaks. Message is required.
+	// The message must not contain line breaks.
+	// If unset, the message is "failed Expression: {Expression}".
+	// +optional
+	Message string `json:"message,omitempty" protobuf:"bytes,2,opt,name=message"`
+	// Reason represents a machine-readable description of why this validation failed.
+	// If this is the first validation in the list to fail, this reason, as well as the
+	// corresponding HTTP response code, are used in the
+	// HTTP response to the client.
+	// The currently supported reasons are: "Unauthorized", "Forbidden", "Invalid", "RequestEntityTooLarge".
+	// If not set, StatusReasonInvalid is used in the response to the client.
+	// +optional
+	Reason *metav1.StatusReason `json:"reason,omitempty" protobuf:"bytes,3,opt,name=reason"`
+	// messageExpression declares a CEL expression that evaluates to the validation failure message that is returned when this rule fails.
+	// Since messageExpression is used as a failure message, it must evaluate to a string.
+	// If both message and messageExpression are present on a validation, then messageExpression will be used if validation fails.
+	// If messageExpression results in a runtime error, the runtime error is logged, and the validation failure message is produced
+	// as if the messageExpression field were unset. If messageExpression evaluates to an empty string, a string with only spaces, or a string
+	// that contains line breaks, then the validation failure message will also be produced as if the messageExpression field were unset, and
+	// the fact that messageExpression produced an empty string/string with only spaces/string with line breaks will be logged.
+	// messageExpression has access to all the same variables as the `expression` except for 'authorizer' and 'authorizer.requestResource'.
+	// Example:
+	// "object.x must be less than max ("+string(params.max)+")"
+	// +optional
+	MessageExpression string `json:"messageExpression,omitempty" protobuf:"bytes,4,opt,name=messageExpression"`
+}
+
+// Variable is the definition of a variable that is used for composition. A variable is defined as a named expression.
+// +structType=atomic
+type Variable struct {
+	// Name is the name of the variable. The name must be a valid CEL identifier and unique among all variables.
+	// The variable can be accessed in other expressions through `variables`
+	// For example, if name is "foo", the variable will be available as `variables.foo`
+	Name string `json:"name" protobuf:"bytes,1,opt,name=Name"`
+
+	// Expression is the expression that will be evaluated as the value of the variable.
+	// The CEL expression has access to the same identifiers as the CEL expressions in Validation.
+	Expression string `json:"expression" protobuf:"bytes,2,opt,name=Expression"`
+}
+
+// AuditAnnotation describes how to produce an audit annotation for an API request.
+type AuditAnnotation struct {
+	// key specifies the audit annotation key. The audit annotation keys of
+	// a ValidatingAdmissionPolicy must be unique. The key must be a qualified
+	// name ([A-Za-z0-9][-A-Za-z0-9_.]*) no more than 63 bytes in length.
+	//
+	// The key is combined with the resource name of the
+	// ValidatingAdmissionPolicy to construct an audit annotation key:
+	// "{ValidatingAdmissionPolicy name}/{key}".
+	//
+	// If an admission webhook uses the same resource name as this ValidatingAdmissionPolicy
+	// and the same audit annotation key, the annotation key will be identical.
+	// In this case, the first annotation written with the key will be included
+	// in the audit event and all subsequent annotations with the same key
+	// will be discarded.
+	//
+	// Required.
+	Key string `json:"key" protobuf:"bytes,1,opt,name=key"`
+
+	// valueExpression represents the expression which is evaluated by CEL to
+	// produce an audit annotation value. The expression must evaluate to either
+	// a string or null value. If the expression evaluates to a string, the
+	// audit annotation is included with the string value. If the expression
+	// evaluates to null or empty string the audit annotation will be omitted.
+	// The valueExpression may be no longer than 5kb in length.
+	// If the result of the valueExpression is more than 10kb in length, it
+	// will be truncated to 10kb.
+	//
+	// If multiple ValidatingAdmissionPolicyBinding resources match an
+	// API request, then the valueExpression will be evaluated for
+	// each binding. All unique values produced by the valueExpressions
+	// will be joined together in a comma-separated list.
+	//
+	// Required.
+	ValueExpression string `json:"valueExpression" protobuf:"bytes,2,opt,name=valueExpression"`
+}
+
+// +genclient
+// +genclient:nonNamespaced
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+// +k8s:prerelease-lifecycle-gen:introduced=1.28
+
+// ValidatingAdmissionPolicyBinding binds the ValidatingAdmissionPolicy with paramerized resources.
+// ValidatingAdmissionPolicyBinding and parameter CRDs together define how cluster administrators configure policies for clusters.
+//
+// For a given admission request, each binding will cause its policy to be
+// evaluated N times, where N is 1 for policies/bindings that don't use
+// params, otherwise N is the number of parameters selected by the binding.
+//
+// The CEL expressions of a policy must have a computed CEL cost below the maximum
+// CEL budget. Each evaluation of the policy is given an independent CEL cost budget.
+// Adding/removing policies, bindings, or params can not affect whether a
+// given (policy, binding, param) combination is within its own CEL budget.
+type ValidatingAdmissionPolicyBinding struct {
+	metav1.TypeMeta `json:",inline"`
+	// Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
+	// +optional
+	metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`
+	// Specification of the desired behavior of the ValidatingAdmissionPolicyBinding.
+	Spec ValidatingAdmissionPolicyBindingSpec `json:"spec,omitempty" protobuf:"bytes,2,opt,name=spec"`
+}
+
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+// +k8s:prerelease-lifecycle-gen:introduced=1.28
+
+// ValidatingAdmissionPolicyBindingList is a list of ValidatingAdmissionPolicyBinding.
+type ValidatingAdmissionPolicyBindingList struct {
+	metav1.TypeMeta `json:",inline"`
+	// Standard list metadata.
+	// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+	// +optional
+	metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`
+	// List of PolicyBinding.
+	Items []ValidatingAdmissionPolicyBinding `json:"items,omitempty" protobuf:"bytes,2,rep,name=items"`
+}
+
+// ValidatingAdmissionPolicyBindingSpec is the specification of the ValidatingAdmissionPolicyBinding.
+type ValidatingAdmissionPolicyBindingSpec struct {
+	// PolicyName references a ValidatingAdmissionPolicy name which the ValidatingAdmissionPolicyBinding binds to.
+	// If the referenced resource does not exist, this binding is considered invalid and will be ignored
+	// Required.
+	PolicyName string `json:"policyName,omitempty" protobuf:"bytes,1,rep,name=policyName"`
+
+	// paramRef specifies the parameter resource used to configure the admission control policy.
+	// It should point to a resource of the type specified in ParamKind of the bound ValidatingAdmissionPolicy.
+	// If the policy specifies a ParamKind and the resource referred to by ParamRef does not exist, this binding is considered mis-configured and the FailurePolicy of the ValidatingAdmissionPolicy applied.
+	// If the policy does not specify a ParamKind then this field is ignored, and the rules are evaluated without a param.
+	// +optional
+	ParamRef *ParamRef `json:"paramRef,omitempty" protobuf:"bytes,2,rep,name=paramRef"`
+
+	// MatchResources declares what resources match this binding and will be validated by it.
+	// Note that this is intersected with the policy's matchConstraints, so only requests that are matched by the policy can be selected by this.
+	// If this is unset, all resources matched by the policy are validated by this binding
+	// When resourceRules is unset, it does not constrain resource matching. If a resource is matched by the other fields of this object, it will be validated.
+	// Note that this is differs from ValidatingAdmissionPolicy matchConstraints, where resourceRules are required.
+	// +optional
+	MatchResources *MatchResources `json:"matchResources,omitempty" protobuf:"bytes,3,rep,name=matchResources"`
+
+	// validationActions declares how Validations of the referenced ValidatingAdmissionPolicy are enforced.
+	// If a validation evaluates to false it is always enforced according to these actions.
+	//
+	// Failures defined by the ValidatingAdmissionPolicy's FailurePolicy are enforced according
+	// to these actions only if the FailurePolicy is set to Fail, otherwise the failures are
+	// ignored. This includes compilation errors, runtime errors and misconfigurations of the policy.
+	//
+	// validationActions is declared as a set of action values. Order does
+	// not matter. validationActions may not contain duplicates of the same action.
+	//
+	// The supported actions values are:
+	//
+	// "Deny" specifies that a validation failure results in a denied request.
+	//
+	// "Warn" specifies that a validation failure is reported to the request client
+	// in HTTP Warning headers, with a warning code of 299. Warnings can be sent
+	// both for allowed or denied admission responses.
+	//
+	// "Audit" specifies that a validation failure is included in the published
+	// audit event for the request. The audit event will contain a
+	// `validation.policy.admission.k8s.io/validation_failure` audit annotation
+	// with a value containing the details of the validation failures, formatted as
+	// a JSON list of objects, each with the following fields:
+	// - message: The validation failure message string
+	// - policy: The resource name of the ValidatingAdmissionPolicy
+	// - binding: The resource name of the ValidatingAdmissionPolicyBinding
+	// - expressionIndex: The index of the failed validations in the ValidatingAdmissionPolicy
+	// - validationActions: The enforcement actions enacted for the validation failure
+	// Example audit annotation:
+	// `"validation.policy.admission.k8s.io/validation_failure": "[{\"message\": \"Invalid value\", {\"policy\": \"policy.example.com\", {\"binding\": \"policybinding.example.com\", {\"expressionIndex\": \"1\", {\"validationActions\": [\"Audit\"]}]"`
+	//
+	// Clients should expect to handle additional values by ignoring
+	// any values not recognized.
+	//
+	// "Deny" and "Warn" may not be used together since this combination
+	// needlessly duplicates the validation failure both in the
+	// API response body and the HTTP warning headers.
+	//
+	// Required.
+	// +listType=set
+	ValidationActions []ValidationAction `json:"validationActions,omitempty" protobuf:"bytes,4,rep,name=validationActions"`
+}
+
+// ParamRef describes how to locate the params to be used as input to
+// expressions of rules applied by a policy binding.
+// +structType=atomic
+type ParamRef struct {
+	// name is the name of the resource being referenced.
+	//
+	// One of `name` or `selector` must be set, but `name` and `selector` are
+	// mutually exclusive properties. If one is set, the other must be unset.
+	//
+	// A single parameter used for all admission requests can be configured
+	// by setting the `name` field, leaving `selector` blank, and setting namespace
+	// if `paramKind` is namespace-scoped.
+	//
+	Name string `json:"name,omitempty" protobuf:"bytes,1,rep,name=name"`
+
+	// namespace is the namespace of the referenced resource. Allows limiting
+	// the search for params to a specific namespace. Applies to both `name` and
+	// `selector` fields.
+	//
+	// A per-namespace parameter may be used by specifying a namespace-scoped
+	// `paramKind` in the policy and leaving this field empty.
+	//
+	// - If `paramKind` is cluster-scoped, this field MUST be unset. Setting this
+	// field results in a configuration error.
+	//
+	// - If `paramKind` is namespace-scoped, the namespace of the object being
+	// evaluated for admission will be used when this field is left unset. Take
+	// care that if this is left empty the binding must not match any cluster-scoped
+	// resources, which will result in an error.
+	//
+	// +optional
+	Namespace string `json:"namespace,omitempty" protobuf:"bytes,2,rep,name=namespace"`
+
+	// selector can be used to match multiple param objects based on their labels.
+	// Supply selector: {} to match all resources of the ParamKind.
+	//
+	// If multiple params are found, they are all evaluated with the policy expressions
+	// and the results are ANDed together.
+	//
+	// One of `name` or `selector` must be set, but `name` and `selector` are
+	// mutually exclusive properties. If one is set, the other must be unset.
+	//
+	// +optional
+	Selector *metav1.LabelSelector `json:"selector,omitempty" protobuf:"bytes,3,rep,name=selector"`
+
+	// `parameterNotFoundAction` controls the behavior of the binding when the resource
+	// exists, and name or selector is valid, but there are no parameters
+	// matched by the binding. If the value is set to `Allow`, then no
+	// matched parameters will be treated as successful validation by the binding.
+	// If set to `Deny`, then no matched parameters will be subject to the
+	// `failurePolicy` of the policy.
+	//
+	// Allowed values are `Allow` or `Deny`
+	//
+	// Required
+	ParameterNotFoundAction *ParameterNotFoundActionType `json:"parameterNotFoundAction,omitempty" protobuf:"bytes,4,rep,name=parameterNotFoundAction"`
+}
+
+// MatchResources decides whether to run the admission control policy on an object based
+// on whether it meets the match criteria.
+// The exclude rules take precedence over include rules (if a resource matches both, it is excluded)
+// +structType=atomic
+type MatchResources struct {
+	// NamespaceSelector decides whether to run the admission control policy on an object based
+	// on whether the namespace for that object matches the selector. If the
+	// object itself is a namespace, the matching is performed on
+	// object.metadata.labels. If the object is another cluster scoped resource,
+	// it never skips the policy.
+	//
+	// For example, to run the webhook on any objects whose namespace is not
+	// associated with "runlevel" of "0" or "1";  you will set the selector as
+	// follows:
+	// "namespaceSelector": {
+	//   "matchExpressions": [
+	//     {
+	//       "key": "runlevel",
+	//       "operator": "NotIn",
+	//       "values": [
+	//         "0",
+	//         "1"
+	//       ]
+	//     }
+	//   ]
+	// }
+	//
+	// If instead you want to only run the policy on any objects whose
+	// namespace is associated with the "environment" of "prod" or "staging";
+	// you will set the selector as follows:
+	// "namespaceSelector": {
+	//   "matchExpressions": [
+	//     {
+	//       "key": "environment",
+	//       "operator": "In",
+	//       "values": [
+	//         "prod",
+	//         "staging"
+	//       ]
+	//     }
+	//   ]
+	// }
+	//
+	// See
+	// https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
+	// for more examples of label selectors.
+	//
+	// Default to the empty LabelSelector, which matches everything.
+	// +optional
+	NamespaceSelector *metav1.LabelSelector `json:"namespaceSelector,omitempty" protobuf:"bytes,1,opt,name=namespaceSelector"`
+	// ObjectSelector decides whether to run the validation based on if the
+	// object has matching labels. objectSelector is evaluated against both
+	// the oldObject and newObject that would be sent to the cel validation, and
+	// is considered to match if either object matches the selector. A null
+	// object (oldObject in the case of create, or newObject in the case of
+	// delete) or an object that cannot have labels (like a
+	// DeploymentRollback or a PodProxyOptions object) is not considered to
+	// match.
+	// Use the object selector only if the webhook is opt-in, because end
+	// users may skip the admission webhook by setting the labels.
+	// Default to the empty LabelSelector, which matches everything.
+	// +optional
+	ObjectSelector *metav1.LabelSelector `json:"objectSelector,omitempty" protobuf:"bytes,2,opt,name=objectSelector"`
+	// ResourceRules describes what operations on what resources/subresources the ValidatingAdmissionPolicy matches.
+	// The policy cares about an operation if it matches _any_ Rule.
+	// +listType=atomic
+	// +optional
+	ResourceRules []NamedRuleWithOperations `json:"resourceRules,omitempty" protobuf:"bytes,3,rep,name=resourceRules"`
+	// ExcludeResourceRules describes what operations on what resources/subresources the ValidatingAdmissionPolicy should not care about.
+	// The exclude rules take precedence over include rules (if a resource matches both, it is excluded)
+	// +listType=atomic
+	// +optional
+	ExcludeResourceRules []NamedRuleWithOperations `json:"excludeResourceRules,omitempty" protobuf:"bytes,4,rep,name=excludeResourceRules"`
+	// matchPolicy defines how the "MatchResources" list is used to match incoming requests.
+	// Allowed values are "Exact" or "Equivalent".
+	//
+	// - Exact: match a request only if it exactly matches a specified rule.
+	// For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1,
+	// but "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`,
+	// a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the ValidatingAdmissionPolicy.
+	//
+	// - Equivalent: match a request if modifies a resource listed in rules, even via another API group or version.
+	// For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1,
+	// and "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`,
+	// a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the ValidatingAdmissionPolicy.
+	//
+	// Defaults to "Equivalent"
+	// +optional
+	MatchPolicy *MatchPolicyType `json:"matchPolicy,omitempty" protobuf:"bytes,7,opt,name=matchPolicy,casttype=MatchPolicyType"`
+}
+
+// ValidationAction specifies a policy enforcement action.
+// +enum
+type ValidationAction string
+
+const (
+	// Deny specifies that a validation failure results in a denied request.
+	Deny ValidationAction = "Deny"
+	// Warn specifies that a validation failure is reported to the request client
+	// in HTTP Warning headers, with a warning code of 299. Warnings can be sent
+	// both for allowed or denied admission responses.
+	Warn ValidationAction = "Warn"
+	// Audit specifies that a validation failure is included in the published
+	// audit event for the request. The audit event will contain a
+	// `validation.policy.admission.k8s.io/validation_failure` audit annotation
+	// with a value containing the details of the validation failure.
+	Audit ValidationAction = "Audit"
+)
+
+// NamedRuleWithOperations is a tuple of Operations and Resources with ResourceNames.
+// +structType=atomic
+type NamedRuleWithOperations struct {
+	// ResourceNames is an optional white list of names that the rule applies to.  An empty set means that everything is allowed.
+	// +listType=atomic
+	// +optional
+	ResourceNames []string `json:"resourceNames,omitempty" protobuf:"bytes,1,rep,name=resourceNames"`
+	// RuleWithOperations is a tuple of Operations and Resources.
+	RuleWithOperations `json:",inline" protobuf:"bytes,2,opt,name=ruleWithOperations"`
+}
+
 // +genclient
 // +genclient:nonNamespaced
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
@@ -296,7 +886,7 @@ type ValidatingWebhook struct {
 	//      - If failurePolicy=Fail, reject the request
 	//      - If failurePolicy=Ignore, the error is ignored and the webhook is skipped
 	//
-	// This is an alpha feature and managed by the AdmissionWebhookMatchConditions feature gate.
+	// This is a beta feature and managed by the AdmissionWebhookMatchConditions feature gate.
 	//
 	// +patchMergeKey=name
 	// +patchStrategy=merge
@@ -468,7 +1058,7 @@ type MutatingWebhook struct {
 	//      - If failurePolicy=Fail, reject the request
 	//      - If failurePolicy=Ignore, the error is ignored and the webhook is skipped
 	//
-	// This is an alpha feature and managed by the AdmissionWebhookMatchConditions feature gate.
+	// This is a beta feature and managed by the AdmissionWebhookMatchConditions feature gate.
 	//
 	// +patchMergeKey=name
 	// +patchStrategy=merge
diff --git a/vendor/k8s.io/api/admissionregistration/v1beta1/types_swagger_doc_generated.go b/vendor/k8s.io/api/admissionregistration/v1beta1/types_swagger_doc_generated.go
index 2c0a9f011..adaf4bc11 100644
--- a/vendor/k8s.io/api/admissionregistration/v1beta1/types_swagger_doc_generated.go
+++ b/vendor/k8s.io/api/admissionregistration/v1beta1/types_swagger_doc_generated.go
@@ -27,6 +27,26 @@ package v1beta1
 // Those methods can be generated by using hack/update-codegen.sh
 
 // AUTO-GENERATED FUNCTIONS START HERE. DO NOT EDIT.
+var map_AuditAnnotation = map[string]string{
+	"":                "AuditAnnotation describes how to produce an audit annotation for an API request.",
+	"key":             "key specifies the audit annotation key. The audit annotation keys of a ValidatingAdmissionPolicy must be unique. The key must be a qualified name ([A-Za-z0-9][-A-Za-z0-9_.]*) no more than 63 bytes in length.\n\nThe key is combined with the resource name of the ValidatingAdmissionPolicy to construct an audit annotation key: \"{ValidatingAdmissionPolicy name}/{key}\".\n\nIf an admission webhook uses the same resource name as this ValidatingAdmissionPolicy and the same audit annotation key, the annotation key will be identical. In this case, the first annotation written with the key will be included in the audit event and all subsequent annotations with the same key will be discarded.\n\nRequired.",
+	"valueExpression": "valueExpression represents the expression which is evaluated by CEL to produce an audit annotation value. The expression must evaluate to either a string or null value. If the expression evaluates to a string, the audit annotation is included with the string value. If the expression evaluates to null or empty string the audit annotation will be omitted. The valueExpression may be no longer than 5kb in length. If the result of the valueExpression is more than 10kb in length, it will be truncated to 10kb.\n\nIf multiple ValidatingAdmissionPolicyBinding resources match an API request, then the valueExpression will be evaluated for each binding. All unique values produced by the valueExpressions will be joined together in a comma-separated list.\n\nRequired.",
+}
+
+func (AuditAnnotation) SwaggerDoc() map[string]string {
+	return map_AuditAnnotation
+}
+
+var map_ExpressionWarning = map[string]string{
+	"":         "ExpressionWarning is a warning information that targets a specific expression.",
+	"fieldRef": "The path to the field that refers the expression. For example, the reference to the expression of the first item of validations is \"spec.validations[0].expression\"",
+	"warning":  "The content of type checking information in a human-readable form. Each line of the warning contains the type that the expression is checked against, followed by the type check error from the compiler.",
+}
+
+func (ExpressionWarning) SwaggerDoc() map[string]string {
+	return map_ExpressionWarning
+}
+
 var map_MatchCondition = map[string]string{
 	"":           "MatchCondition represents a condition which must be fulfilled for a request to be sent to a webhook.",
 	"name":       "Name is an identifier for this match condition, used for strategic merging of MatchConditions, as well as providing an identifier for logging purposes. A good name should be descriptive of the associated expression. Name must be a qualified name consisting of alphanumeric characters, '-', '_' or '.', and must start and end with an alphanumeric character (e.g. 'MyName',  or 'my.name',  or '123-abc', regex used for validation is '([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]') with an optional DNS subdomain prefix and '/' (e.g. 'example.com/MyName')\n\nRequired.",
@@ -37,6 +57,19 @@ func (MatchCondition) SwaggerDoc() map[string]string {
 	return map_MatchCondition
 }
 
+var map_MatchResources = map[string]string{
+	"":                     "MatchResources decides whether to run the admission control policy on an object based on whether it meets the match criteria. The exclude rules take precedence over include rules (if a resource matches both, it is excluded)",
+	"namespaceSelector":    "NamespaceSelector decides whether to run the admission control policy on an object based on whether the namespace for that object matches the selector. If the object itself is a namespace, the matching is performed on object.metadata.labels. If the object is another cluster scoped resource, it never skips the policy.\n\nFor example, to run the webhook on any objects whose namespace is not associated with \"runlevel\" of \"0\" or \"1\";  you will set the selector as follows: \"namespaceSelector\": {\n  \"matchExpressions\": [\n    {\n      \"key\": \"runlevel\",\n      \"operator\": \"NotIn\",\n      \"values\": [\n        \"0\",\n        \"1\"\n      ]\n    }\n  ]\n}\n\nIf instead you want to only run the policy on any objects whose namespace is associated with the \"environment\" of \"prod\" or \"staging\"; you will set the selector as follows: \"namespaceSelector\": {\n  \"matchExpressions\": [\n    {\n      \"key\": \"environment\",\n      \"operator\": \"In\",\n      \"values\": [\n        \"prod\",\n        \"staging\"\n      ]\n    }\n  ]\n}\n\nSee https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ for more examples of label selectors.\n\nDefault to the empty LabelSelector, which matches everything.",
+	"objectSelector":       "ObjectSelector decides whether to run the validation based on if the object has matching labels. objectSelector is evaluated against both the oldObject and newObject that would be sent to the cel validation, and is considered to match if either object matches the selector. A null object (oldObject in the case of create, or newObject in the case of delete) or an object that cannot have labels (like a DeploymentRollback or a PodProxyOptions object) is not considered to match. Use the object selector only if the webhook is opt-in, because end users may skip the admission webhook by setting the labels. Default to the empty LabelSelector, which matches everything.",
+	"resourceRules":        "ResourceRules describes what operations on what resources/subresources the ValidatingAdmissionPolicy matches. The policy cares about an operation if it matches _any_ Rule.",
+	"excludeResourceRules": "ExcludeResourceRules describes what operations on what resources/subresources the ValidatingAdmissionPolicy should not care about. The exclude rules take precedence over include rules (if a resource matches both, it is excluded)",
+	"matchPolicy":          "matchPolicy defines how the \"MatchResources\" list is used to match incoming requests. Allowed values are \"Exact\" or \"Equivalent\".\n\n- Exact: match a request only if it exactly matches a specified rule. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, but \"rules\" only included `apiGroups:[\"apps\"], apiVersions:[\"v1\"], resources: [\"deployments\"]`, a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the ValidatingAdmissionPolicy.\n\n- Equivalent: match a request if modifies a resource listed in rules, even via another API group or version. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, and \"rules\" only included `apiGroups:[\"apps\"], apiVersions:[\"v1\"], resources: [\"deployments\"]`, a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the ValidatingAdmissionPolicy.\n\nDefaults to \"Equivalent\"",
+}
+
+func (MatchResources) SwaggerDoc() map[string]string {
+	return map_MatchResources
+}
+
 var map_MutatingWebhook = map[string]string{
 	"":                        "MutatingWebhook describes an admission webhook and the resources and operations it applies to.",
 	"name":                    "The name of the admission webhook. Name should be fully qualified, e.g., imagepolicy.kubernetes.io, where \"imagepolicy\" is the name of the webhook, and kubernetes.io is the name of the organization. Required.",
@@ -50,7 +83,7 @@ var map_MutatingWebhook = map[string]string{
 	"timeoutSeconds":          "TimeoutSeconds specifies the timeout for this webhook. After the timeout passes, the webhook call will be ignored or the API call will fail based on the failure policy. The timeout value must be between 1 and 30 seconds. Default to 30 seconds.",
 	"admissionReviewVersions": "AdmissionReviewVersions is an ordered list of preferred `AdmissionReview` versions the Webhook expects. API server will try to use first version in the list which it supports. If none of the versions specified in this list supported by API server, validation will fail for this object. If a persisted webhook configuration specifies allowed versions and does not include any versions known to the API Server, calls to the webhook will fail and be subject to the failure policy. Default to `['v1beta1']`.",
 	"reinvocationPolicy":      "reinvocationPolicy indicates whether this webhook should be called multiple times as part of a single admission evaluation. Allowed values are \"Never\" and \"IfNeeded\".\n\nNever: the webhook will not be called more than once in a single admission evaluation.\n\nIfNeeded: the webhook will be called at least one additional time as part of the admission evaluation if the object being admitted is modified by other admission plugins after the initial webhook call. Webhooks that specify this option *must* be idempotent, able to process objects they previously admitted. Note: * the number of additional invocations is not guaranteed to be exactly one. * if additional invocations result in further modifications to the object, webhooks are not guaranteed to be invoked again. * webhooks that use this option may be reordered to minimize the number of additional invocations. * to validate an object after all mutations are guaranteed complete, use a validating admission webhook instead.\n\nDefaults to \"Never\".",
-	"matchConditions":         "MatchConditions is a list of conditions that must be met for a request to be sent to this webhook. Match conditions filter requests that have already been matched by the rules, namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests. There are a maximum of 64 match conditions allowed.\n\nThe exact matching logic is (in order):\n  1. If ANY matchCondition evaluates to FALSE, the webhook is skipped.\n  2. If ALL matchConditions evaluate to TRUE, the webhook is called.\n  3. If any matchCondition evaluates to an error (but none are FALSE):\n     - If failurePolicy=Fail, reject the request\n     - If failurePolicy=Ignore, the error is ignored and the webhook is skipped\n\nThis is an alpha feature and managed by the AdmissionWebhookMatchConditions feature gate.",
+	"matchConditions":         "MatchConditions is a list of conditions that must be met for a request to be sent to this webhook. Match conditions filter requests that have already been matched by the rules, namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests. There are a maximum of 64 match conditions allowed.\n\nThe exact matching logic is (in order):\n  1. If ANY matchCondition evaluates to FALSE, the webhook is skipped.\n  2. If ALL matchConditions evaluate to TRUE, the webhook is called.\n  3. If any matchCondition evaluates to an error (but none are FALSE):\n     - If failurePolicy=Fail, reject the request\n     - If failurePolicy=Ignore, the error is ignored and the webhook is skipped\n\nThis is a beta feature and managed by the AdmissionWebhookMatchConditions feature gate.",
 }
 
 func (MutatingWebhook) SwaggerDoc() map[string]string {
@@ -77,6 +110,37 @@ func (MutatingWebhookConfigurationList) SwaggerDoc() map[string]string {
 	return map_MutatingWebhookConfigurationList
 }
 
+var map_NamedRuleWithOperations = map[string]string{
+	"":              "NamedRuleWithOperations is a tuple of Operations and Resources with ResourceNames.",
+	"resourceNames": "ResourceNames is an optional white list of names that the rule applies to.  An empty set means that everything is allowed.",
+}
+
+func (NamedRuleWithOperations) SwaggerDoc() map[string]string {
+	return map_NamedRuleWithOperations
+}
+
+var map_ParamKind = map[string]string{
+	"":           "ParamKind is a tuple of Group Kind and Version.",
+	"apiVersion": "APIVersion is the API group version the resources belong to. In format of \"group/version\". Required.",
+	"kind":       "Kind is the API kind the resources belong to. Required.",
+}
+
+func (ParamKind) SwaggerDoc() map[string]string {
+	return map_ParamKind
+}
+
+var map_ParamRef = map[string]string{
+	"":                        "ParamRef describes how to locate the params to be used as input to expressions of rules applied by a policy binding.",
+	"name":                    "name is the name of the resource being referenced.\n\nOne of `name` or `selector` must be set, but `name` and `selector` are mutually exclusive properties. If one is set, the other must be unset.\n\nA single parameter used for all admission requests can be configured by setting the `name` field, leaving `selector` blank, and setting namespace if `paramKind` is namespace-scoped.",
+	"namespace":               "namespace is the namespace of the referenced resource. Allows limiting the search for params to a specific namespace. Applies to both `name` and `selector` fields.\n\nA per-namespace parameter may be used by specifying a namespace-scoped `paramKind` in the policy and leaving this field empty.\n\n- If `paramKind` is cluster-scoped, this field MUST be unset. Setting this field results in a configuration error.\n\n- If `paramKind` is namespace-scoped, the namespace of the object being evaluated for admission will be used when this field is left unset. Take care that if this is left empty the binding must not match any cluster-scoped resources, which will result in an error.",
+	"selector":                "selector can be used to match multiple param objects based on their labels. Supply selector: {} to match all resources of the ParamKind.\n\nIf multiple params are found, they are all evaluated with the policy expressions and the results are ANDed together.\n\nOne of `name` or `selector` must be set, but `name` and `selector` are mutually exclusive properties. If one is set, the other must be unset.",
+	"parameterNotFoundAction": "`parameterNotFoundAction` controls the behavior of the binding when the resource exists, and name or selector is valid, but there are no parameters matched by the binding. If the value is set to `Allow`, then no matched parameters will be treated as successful validation by the binding. If set to `Deny`, then no matched parameters will be subject to the `failurePolicy` of the policy.\n\nAllowed values are `Allow` or `Deny`\n\nRequired",
+}
+
+func (ParamRef) SwaggerDoc() map[string]string {
+	return map_ParamRef
+}
+
 var map_ServiceReference = map[string]string{
 	"":          "ServiceReference holds a reference to Service.legacy.k8s.io",
 	"namespace": "`namespace` is the namespace of the service. Required",
@@ -89,6 +153,94 @@ func (ServiceReference) SwaggerDoc() map[string]string {
 	return map_ServiceReference
 }
 
+var map_TypeChecking = map[string]string{
+	"":                   "TypeChecking contains results of type checking the expressions in the ValidatingAdmissionPolicy",
+	"expressionWarnings": "The type checking warnings for each expression.",
+}
+
+func (TypeChecking) SwaggerDoc() map[string]string {
+	return map_TypeChecking
+}
+
+var map_ValidatingAdmissionPolicy = map[string]string{
+	"":         "ValidatingAdmissionPolicy describes the definition of an admission validation policy that accepts or rejects an object without changing it.",
+	"metadata": "Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.",
+	"spec":     "Specification of the desired behavior of the ValidatingAdmissionPolicy.",
+	"status":   "The status of the ValidatingAdmissionPolicy, including warnings that are useful to determine if the policy behaves in the expected way. Populated by the system. Read-only.",
+}
+
+func (ValidatingAdmissionPolicy) SwaggerDoc() map[string]string {
+	return map_ValidatingAdmissionPolicy
+}
+
+var map_ValidatingAdmissionPolicyBinding = map[string]string{
+	"":         "ValidatingAdmissionPolicyBinding binds the ValidatingAdmissionPolicy with paramerized resources. ValidatingAdmissionPolicyBinding and parameter CRDs together define how cluster administrators configure policies for clusters.\n\nFor a given admission request, each binding will cause its policy to be evaluated N times, where N is 1 for policies/bindings that don't use params, otherwise N is the number of parameters selected by the binding.\n\nThe CEL expressions of a policy must have a computed CEL cost below the maximum CEL budget. Each evaluation of the policy is given an independent CEL cost budget. Adding/removing policies, bindings, or params can not affect whether a given (policy, binding, param) combination is within its own CEL budget.",
+	"metadata": "Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.",
+	"spec":     "Specification of the desired behavior of the ValidatingAdmissionPolicyBinding.",
+}
+
+func (ValidatingAdmissionPolicyBinding) SwaggerDoc() map[string]string {
+	return map_ValidatingAdmissionPolicyBinding
+}
+
+var map_ValidatingAdmissionPolicyBindingList = map[string]string{
+	"":         "ValidatingAdmissionPolicyBindingList is a list of ValidatingAdmissionPolicyBinding.",
+	"metadata": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds",
+	"items":    "List of PolicyBinding.",
+}
+
+func (ValidatingAdmissionPolicyBindingList) SwaggerDoc() map[string]string {
+	return map_ValidatingAdmissionPolicyBindingList
+}
+
+var map_ValidatingAdmissionPolicyBindingSpec = map[string]string{
+	"":                  "ValidatingAdmissionPolicyBindingSpec is the specification of the ValidatingAdmissionPolicyBinding.",
+	"policyName":        "PolicyName references a ValidatingAdmissionPolicy name which the ValidatingAdmissionPolicyBinding binds to. If the referenced resource does not exist, this binding is considered invalid and will be ignored Required.",
+	"paramRef":          "paramRef specifies the parameter resource used to configure the admission control policy. It should point to a resource of the type specified in ParamKind of the bound ValidatingAdmissionPolicy. If the policy specifies a ParamKind and the resource referred to by ParamRef does not exist, this binding is considered mis-configured and the FailurePolicy of the ValidatingAdmissionPolicy applied. If the policy does not specify a ParamKind then this field is ignored, and the rules are evaluated without a param.",
+	"matchResources":    "MatchResources declares what resources match this binding and will be validated by it. Note that this is intersected with the policy's matchConstraints, so only requests that are matched by the policy can be selected by this. If this is unset, all resources matched by the policy are validated by this binding When resourceRules is unset, it does not constrain resource matching. If a resource is matched by the other fields of this object, it will be validated. Note that this is differs from ValidatingAdmissionPolicy matchConstraints, where resourceRules are required.",
+	"validationActions": "validationActions declares how Validations of the referenced ValidatingAdmissionPolicy are enforced. If a validation evaluates to false it is always enforced according to these actions.\n\nFailures defined by the ValidatingAdmissionPolicy's FailurePolicy are enforced according to these actions only if the FailurePolicy is set to Fail, otherwise the failures are ignored. This includes compilation errors, runtime errors and misconfigurations of the policy.\n\nvalidationActions is declared as a set of action values. Order does not matter. validationActions may not contain duplicates of the same action.\n\nThe supported actions values are:\n\n\"Deny\" specifies that a validation failure results in a denied request.\n\n\"Warn\" specifies that a validation failure is reported to the request client in HTTP Warning headers, with a warning code of 299. Warnings can be sent both for allowed or denied admission responses.\n\n\"Audit\" specifies that a validation failure is included in the published audit event for the request. The audit event will contain a `validation.policy.admission.k8s.io/validation_failure` audit annotation with a value containing the details of the validation failures, formatted as a JSON list of objects, each with the following fields: - message: The validation failure message string - policy: The resource name of the ValidatingAdmissionPolicy - binding: The resource name of the ValidatingAdmissionPolicyBinding - expressionIndex: The index of the failed validations in the ValidatingAdmissionPolicy - validationActions: The enforcement actions enacted for the validation failure Example audit annotation: `\"validation.policy.admission.k8s.io/validation_failure\": \"[{\"message\": \"Invalid value\", {\"policy\": \"policy.example.com\", {\"binding\": \"policybinding.example.com\", {\"expressionIndex\": \"1\", {\"validationActions\": [\"Audit\"]}]\"`\n\nClients should expect to handle additional values by ignoring any values not recognized.\n\n\"Deny\" and \"Warn\" may not be used together since this combination needlessly duplicates the validation failure both in the API response body and the HTTP warning headers.\n\nRequired.",
+}
+
+func (ValidatingAdmissionPolicyBindingSpec) SwaggerDoc() map[string]string {
+	return map_ValidatingAdmissionPolicyBindingSpec
+}
+
+var map_ValidatingAdmissionPolicyList = map[string]string{
+	"":         "ValidatingAdmissionPolicyList is a list of ValidatingAdmissionPolicy.",
+	"metadata": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds",
+	"items":    "List of ValidatingAdmissionPolicy.",
+}
+
+func (ValidatingAdmissionPolicyList) SwaggerDoc() map[string]string {
+	return map_ValidatingAdmissionPolicyList
+}
+
+var map_ValidatingAdmissionPolicySpec = map[string]string{
+	"":                 "ValidatingAdmissionPolicySpec is the specification of the desired behavior of the AdmissionPolicy.",
+	"paramKind":        "ParamKind specifies the kind of resources used to parameterize this policy. If absent, there are no parameters for this policy and the param CEL variable will not be provided to validation expressions. If ParamKind refers to a non-existent kind, this policy definition is mis-configured and the FailurePolicy is applied. If paramKind is specified but paramRef is unset in ValidatingAdmissionPolicyBinding, the params variable will be null.",
+	"matchConstraints": "MatchConstraints specifies what resources this policy is designed to validate. The AdmissionPolicy cares about a request if it matches _all_ Constraints. However, in order to prevent clusters from being put into an unstable state that cannot be recovered from via the API ValidatingAdmissionPolicy cannot match ValidatingAdmissionPolicy and ValidatingAdmissionPolicyBinding. Required.",
+	"validations":      "Validations contain CEL expressions which is used to apply the validation. Validations and AuditAnnotations may not both be empty; a minimum of one Validations or AuditAnnotations is required.",
+	"failurePolicy":    "failurePolicy defines how to handle failures for the admission policy. Failures can occur from CEL expression parse errors, type check errors, runtime errors and invalid or mis-configured policy definitions or bindings.\n\nA policy is invalid if spec.paramKind refers to a non-existent Kind. A binding is invalid if spec.paramRef.name refers to a non-existent resource.\n\nfailurePolicy does not define how validations that evaluate to false are handled.\n\nWhen failurePolicy is set to Fail, ValidatingAdmissionPolicyBinding validationActions define how failures are enforced.\n\nAllowed values are Ignore or Fail. Defaults to Fail.",
+	"auditAnnotations": "auditAnnotations contains CEL expressions which are used to produce audit annotations for the audit event of the API request. validations and auditAnnotations may not both be empty; a least one of validations or auditAnnotations is required.",
+	"matchConditions":  "MatchConditions is a list of conditions that must be met for a request to be validated. Match conditions filter requests that have already been matched by the rules, namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests. There are a maximum of 64 match conditions allowed.\n\nIf a parameter object is provided, it can be accessed via the `params` handle in the same manner as validation expressions.\n\nThe exact matching logic is (in order):\n  1. If ANY matchCondition evaluates to FALSE, the policy is skipped.\n  2. If ALL matchConditions evaluate to TRUE, the policy is evaluated.\n  3. If any matchCondition evaluates to an error (but none are FALSE):\n     - If failurePolicy=Fail, reject the request\n     - If failurePolicy=Ignore, the policy is skipped",
+	"variables":        "Variables contain definitions of variables that can be used in composition of other expressions. Each variable is defined as a named CEL expression. The variables defined here will be available under `variables` in other expressions of the policy except MatchConditions because MatchConditions are evaluated before the rest of the policy.\n\nThe expression of a variable can refer to other variables defined earlier in the list but not those after. Thus, Variables must be sorted by the order of first appearance and acyclic.",
+}
+
+func (ValidatingAdmissionPolicySpec) SwaggerDoc() map[string]string {
+	return map_ValidatingAdmissionPolicySpec
+}
+
+var map_ValidatingAdmissionPolicyStatus = map[string]string{
+	"":                   "ValidatingAdmissionPolicyStatus represents the status of an admission validation policy.",
+	"observedGeneration": "The generation observed by the controller.",
+	"typeChecking":       "The results of type checking for each expression. Presence of this field indicates the completion of the type checking.",
+	"conditions":         "The conditions represent the latest available observations of a policy's current state.",
+}
+
+func (ValidatingAdmissionPolicyStatus) SwaggerDoc() map[string]string {
+	return map_ValidatingAdmissionPolicyStatus
+}
+
 var map_ValidatingWebhook = map[string]string{
 	"":                        "ValidatingWebhook describes an admission webhook and the resources and operations it applies to.",
 	"name":                    "The name of the admission webhook. Name should be fully qualified, e.g., imagepolicy.kubernetes.io, where \"imagepolicy\" is the name of the webhook, and kubernetes.io is the name of the organization. Required.",
@@ -101,7 +253,7 @@ var map_ValidatingWebhook = map[string]string{
 	"sideEffects":             "SideEffects states whether this webhook has side effects. Acceptable values are: Unknown, None, Some, NoneOnDryRun Webhooks with side effects MUST implement a reconciliation system, since a request may be rejected by a future step in the admission chain and the side effects therefore need to be undone. Requests with the dryRun attribute will be auto-rejected if they match a webhook with sideEffects == Unknown or Some. Defaults to Unknown.",
 	"timeoutSeconds":          "TimeoutSeconds specifies the timeout for this webhook. After the timeout passes, the webhook call will be ignored or the API call will fail based on the failure policy. The timeout value must be between 1 and 30 seconds. Default to 30 seconds.",
 	"admissionReviewVersions": "AdmissionReviewVersions is an ordered list of preferred `AdmissionReview` versions the Webhook expects. API server will try to use first version in the list which it supports. If none of the versions specified in this list supported by API server, validation will fail for this object. If a persisted webhook configuration specifies allowed versions and does not include any versions known to the API Server, calls to the webhook will fail and be subject to the failure policy. Default to `['v1beta1']`.",
-	"matchConditions":         "MatchConditions is a list of conditions that must be met for a request to be sent to this webhook. Match conditions filter requests that have already been matched by the rules, namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests. There are a maximum of 64 match conditions allowed.\n\nThe exact matching logic is (in order):\n  1. If ANY matchCondition evaluates to FALSE, the webhook is skipped.\n  2. If ALL matchConditions evaluate to TRUE, the webhook is called.\n  3. If any matchCondition evaluates to an error (but none are FALSE):\n     - If failurePolicy=Fail, reject the request\n     - If failurePolicy=Ignore, the error is ignored and the webhook is skipped\n\nThis is an alpha feature and managed by the AdmissionWebhookMatchConditions feature gate.",
+	"matchConditions":         "MatchConditions is a list of conditions that must be met for a request to be sent to this webhook. Match conditions filter requests that have already been matched by the rules, namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests. There are a maximum of 64 match conditions allowed.\n\nThe exact matching logic is (in order):\n  1. If ANY matchCondition evaluates to FALSE, the webhook is skipped.\n  2. If ALL matchConditions evaluate to TRUE, the webhook is called.\n  3. If any matchCondition evaluates to an error (but none are FALSE):\n     - If failurePolicy=Fail, reject the request\n     - If failurePolicy=Ignore, the error is ignored and the webhook is skipped\n\nThis is a beta feature and managed by the AdmissionWebhookMatchConditions feature gate.",
 }
 
 func (ValidatingWebhook) SwaggerDoc() map[string]string {
@@ -128,6 +280,28 @@ func (ValidatingWebhookConfigurationList) SwaggerDoc() map[string]string {
 	return map_ValidatingWebhookConfigurationList
 }
 
+var map_Validation = map[string]string{
+	"":                  "Validation specifies the CEL expression which is used to apply the validation.",
+	"expression":        "Expression represents the expression which will be evaluated by CEL. ref: https://github.com/google/cel-spec CEL expressions have access to the contents of the API request/response, organized into CEL variables as well as some other useful variables:\n\n- 'object' - The object from the incoming request. The value is null for DELETE requests. - 'oldObject' - The existing object. The value is null for CREATE requests. - 'request' - Attributes of the API request([ref](/pkg/apis/admission/types.go#AdmissionRequest)). - 'params' - Parameter resource referred to by the policy binding being evaluated. Only populated if the policy has a ParamKind. - 'namespaceObject' - The namespace object that the incoming object belongs to. The value is null for cluster-scoped resources. - 'variables' - Map of composited variables, from its name to its lazily evaluated value.\n  For example, a variable named 'foo' can be accessed as 'variables.foo'.\n- 'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request.\n  See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz\n- 'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the\n  request resource.\n\nThe `apiVersion`, `kind`, `metadata.name` and `metadata.generateName` are always accessible from the root of the object. No other metadata properties are accessible.\n\nOnly property names of the form `[a-zA-Z_.-/][a-zA-Z0-9_.-/]*` are accessible. Accessible property names are escaped according to the following rules when accessed in the expression: - '__' escapes to '__underscores__' - '.' escapes to '__dot__' - '-' escapes to '__dash__' - '/' escapes to '__slash__' - Property names that exactly match a CEL RESERVED keyword escape to '__{keyword}__'. The keywords are:\n\t  \"true\", \"false\", \"null\", \"in\", \"as\", \"break\", \"const\", \"continue\", \"else\", \"for\", \"function\", \"if\",\n\t  \"import\", \"let\", \"loop\", \"package\", \"namespace\", \"return\".\nExamples:\n  - Expression accessing a property named \"namespace\": {\"Expression\": \"object.__namespace__ > 0\"}\n  - Expression accessing a property named \"x-prop\": {\"Expression\": \"object.x__dash__prop > 0\"}\n  - Expression accessing a property named \"redact__d\": {\"Expression\": \"object.redact__underscores__d > 0\"}\n\nEquality on arrays with list type of 'set' or 'map' ignores element order, i.e. [1, 2] == [2, 1]. Concatenation on arrays with x-kubernetes-list-type use the semantics of the list type:\n  - 'set': `X + Y` performs a union where the array positions of all elements in `X` are preserved and\n    non-intersecting elements in `Y` are appended, retaining their partial order.\n  - 'map': `X + Y` performs a merge where the array positions of all keys in `X` are preserved but the values\n    are overwritten by values in `Y` when the key sets of `X` and `Y` intersect. Elements in `Y` with\n    non-intersecting keys are appended, retaining their partial order.\nRequired.",
+	"message":           "Message represents the message displayed when validation fails. The message is required if the Expression contains line breaks. The message must not contain line breaks. If unset, the message is \"failed rule: {Rule}\". e.g. \"must be a URL with the host matching spec.host\" If the Expression contains line breaks. Message is required. The message must not contain line breaks. If unset, the message is \"failed Expression: {Expression}\".",
+	"reason":            "Reason represents a machine-readable description of why this validation failed. If this is the first validation in the list to fail, this reason, as well as the corresponding HTTP response code, are used in the HTTP response to the client. The currently supported reasons are: \"Unauthorized\", \"Forbidden\", \"Invalid\", \"RequestEntityTooLarge\". If not set, StatusReasonInvalid is used in the response to the client.",
+	"messageExpression": "messageExpression declares a CEL expression that evaluates to the validation failure message that is returned when this rule fails. Since messageExpression is used as a failure message, it must evaluate to a string. If both message and messageExpression are present on a validation, then messageExpression will be used if validation fails. If messageExpression results in a runtime error, the runtime error is logged, and the validation failure message is produced as if the messageExpression field were unset. If messageExpression evaluates to an empty string, a string with only spaces, or a string that contains line breaks, then the validation failure message will also be produced as if the messageExpression field were unset, and the fact that messageExpression produced an empty string/string with only spaces/string with line breaks will be logged. messageExpression has access to all the same variables as the `expression` except for 'authorizer' and 'authorizer.requestResource'. Example: \"object.x must be less than max (\"+string(params.max)+\")\"",
+}
+
+func (Validation) SwaggerDoc() map[string]string {
+	return map_Validation
+}
+
+var map_Variable = map[string]string{
+	"":           "Variable is the definition of a variable that is used for composition. A variable is defined as a named expression.",
+	"name":       "Name is the name of the variable. The name must be a valid CEL identifier and unique among all variables. The variable can be accessed in other expressions through `variables` For example, if name is \"foo\", the variable will be available as `variables.foo`",
+	"expression": "Expression is the expression that will be evaluated as the value of the variable. The CEL expression has access to the same identifiers as the CEL expressions in Validation.",
+}
+
+func (Variable) SwaggerDoc() map[string]string {
+	return map_Variable
+}
+
 var map_WebhookClientConfig = map[string]string{
 	"":         "WebhookClientConfig contains the information to make a TLS connection with the webhook",
 	"url":      "`url` gives the location of the webhook, in standard URL form (`scheme://host:port/path`). Exactly one of `url` or `service` must be specified.\n\nThe `host` should not refer to a service running in the cluster; use the `service` field instead. The host might be resolved via external DNS in some apiservers (e.g., `kube-apiserver` cannot resolve in-cluster DNS as that would be a layering violation). `host` may also be an IP address.\n\nPlease note that using `localhost` or `127.0.0.1` as a `host` is risky unless you take great care to run this webhook on all hosts which run an apiserver which might need to make calls to this webhook. Such installs are likely to be non-portable, i.e., not easy to turn up in a new cluster.\n\nThe scheme must be \"https\"; the URL must begin with \"https://\".\n\nA path is optional, and if present may be any string permissible in a URL. You may use the path to pass an arbitrary string to the webhook, for example, a cluster identifier.\n\nAttempting to use a user or basic auth e.g. \"user:password@\" is not allowed. Fragments (\"#...\") and query parameters (\"?...\") are not allowed, either.",
diff --git a/vendor/k8s.io/api/admissionregistration/v1beta1/zz_generated.deepcopy.go b/vendor/k8s.io/api/admissionregistration/v1beta1/zz_generated.deepcopy.go
index 9c5299bdf..4c10b1d11 100644
--- a/vendor/k8s.io/api/admissionregistration/v1beta1/zz_generated.deepcopy.go
+++ b/vendor/k8s.io/api/admissionregistration/v1beta1/zz_generated.deepcopy.go
@@ -22,11 +22,43 @@ limitations under the License.
 package v1beta1
 
 import (
-	v1 "k8s.io/api/admissionregistration/v1"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	admissionregistrationv1 "k8s.io/api/admissionregistration/v1"
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	runtime "k8s.io/apimachinery/pkg/runtime"
 )
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *AuditAnnotation) DeepCopyInto(out *AuditAnnotation) {
+	*out = *in
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuditAnnotation.
+func (in *AuditAnnotation) DeepCopy() *AuditAnnotation {
+	if in == nil {
+		return nil
+	}
+	out := new(AuditAnnotation)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ExpressionWarning) DeepCopyInto(out *ExpressionWarning) {
+	*out = *in
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExpressionWarning.
+func (in *ExpressionWarning) DeepCopy() *ExpressionWarning {
+	if in == nil {
+		return nil
+	}
+	out := new(ExpressionWarning)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *MatchCondition) DeepCopyInto(out *MatchCondition) {
 	*out = *in
@@ -43,13 +75,58 @@ func (in *MatchCondition) DeepCopy() *MatchCondition {
 	return out
 }
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *MatchResources) DeepCopyInto(out *MatchResources) {
+	*out = *in
+	if in.NamespaceSelector != nil {
+		in, out := &in.NamespaceSelector, &out.NamespaceSelector
+		*out = new(v1.LabelSelector)
+		(*in).DeepCopyInto(*out)
+	}
+	if in.ObjectSelector != nil {
+		in, out := &in.ObjectSelector, &out.ObjectSelector
+		*out = new(v1.LabelSelector)
+		(*in).DeepCopyInto(*out)
+	}
+	if in.ResourceRules != nil {
+		in, out := &in.ResourceRules, &out.ResourceRules
+		*out = make([]NamedRuleWithOperations, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+	if in.ExcludeResourceRules != nil {
+		in, out := &in.ExcludeResourceRules, &out.ExcludeResourceRules
+		*out = make([]NamedRuleWithOperations, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+	if in.MatchPolicy != nil {
+		in, out := &in.MatchPolicy, &out.MatchPolicy
+		*out = new(MatchPolicyType)
+		**out = **in
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MatchResources.
+func (in *MatchResources) DeepCopy() *MatchResources {
+	if in == nil {
+		return nil
+	}
+	out := new(MatchResources)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *MutatingWebhook) DeepCopyInto(out *MutatingWebhook) {
 	*out = *in
 	in.ClientConfig.DeepCopyInto(&out.ClientConfig)
 	if in.Rules != nil {
 		in, out := &in.Rules, &out.Rules
-		*out = make([]v1.RuleWithOperations, len(*in))
+		*out = make([]admissionregistrationv1.RuleWithOperations, len(*in))
 		for i := range *in {
 			(*in)[i].DeepCopyInto(&(*out)[i])
 		}
@@ -66,12 +143,12 @@ func (in *MutatingWebhook) DeepCopyInto(out *MutatingWebhook) {
 	}
 	if in.NamespaceSelector != nil {
 		in, out := &in.NamespaceSelector, &out.NamespaceSelector
-		*out = new(metav1.LabelSelector)
+		*out = new(v1.LabelSelector)
 		(*in).DeepCopyInto(*out)
 	}
 	if in.ObjectSelector != nil {
 		in, out := &in.ObjectSelector, &out.ObjectSelector
-		*out = new(metav1.LabelSelector)
+		*out = new(v1.LabelSelector)
 		(*in).DeepCopyInto(*out)
 	}
 	if in.SideEffects != nil {
@@ -178,6 +255,70 @@ func (in *MutatingWebhookConfigurationList) DeepCopyObject() runtime.Object {
 	return nil
 }
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *NamedRuleWithOperations) DeepCopyInto(out *NamedRuleWithOperations) {
+	*out = *in
+	if in.ResourceNames != nil {
+		in, out := &in.ResourceNames, &out.ResourceNames
+		*out = make([]string, len(*in))
+		copy(*out, *in)
+	}
+	in.RuleWithOperations.DeepCopyInto(&out.RuleWithOperations)
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NamedRuleWithOperations.
+func (in *NamedRuleWithOperations) DeepCopy() *NamedRuleWithOperations {
+	if in == nil {
+		return nil
+	}
+	out := new(NamedRuleWithOperations)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ParamKind) DeepCopyInto(out *ParamKind) {
+	*out = *in
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ParamKind.
+func (in *ParamKind) DeepCopy() *ParamKind {
+	if in == nil {
+		return nil
+	}
+	out := new(ParamKind)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ParamRef) DeepCopyInto(out *ParamRef) {
+	*out = *in
+	if in.Selector != nil {
+		in, out := &in.Selector, &out.Selector
+		*out = new(v1.LabelSelector)
+		(*in).DeepCopyInto(*out)
+	}
+	if in.ParameterNotFoundAction != nil {
+		in, out := &in.ParameterNotFoundAction, &out.ParameterNotFoundAction
+		*out = new(ParameterNotFoundActionType)
+		**out = **in
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ParamRef.
+func (in *ParamRef) DeepCopy() *ParamRef {
+	if in == nil {
+		return nil
+	}
+	out := new(ParamRef)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *ServiceReference) DeepCopyInto(out *ServiceReference) {
 	*out = *in
@@ -204,13 +345,267 @@ func (in *ServiceReference) DeepCopy() *ServiceReference {
 	return out
 }
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *TypeChecking) DeepCopyInto(out *TypeChecking) {
+	*out = *in
+	if in.ExpressionWarnings != nil {
+		in, out := &in.ExpressionWarnings, &out.ExpressionWarnings
+		*out = make([]ExpressionWarning, len(*in))
+		copy(*out, *in)
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TypeChecking.
+func (in *TypeChecking) DeepCopy() *TypeChecking {
+	if in == nil {
+		return nil
+	}
+	out := new(TypeChecking)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ValidatingAdmissionPolicy) DeepCopyInto(out *ValidatingAdmissionPolicy) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
+	in.Spec.DeepCopyInto(&out.Spec)
+	in.Status.DeepCopyInto(&out.Status)
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ValidatingAdmissionPolicy.
+func (in *ValidatingAdmissionPolicy) DeepCopy() *ValidatingAdmissionPolicy {
+	if in == nil {
+		return nil
+	}
+	out := new(ValidatingAdmissionPolicy)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *ValidatingAdmissionPolicy) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ValidatingAdmissionPolicyBinding) DeepCopyInto(out *ValidatingAdmissionPolicyBinding) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
+	in.Spec.DeepCopyInto(&out.Spec)
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ValidatingAdmissionPolicyBinding.
+func (in *ValidatingAdmissionPolicyBinding) DeepCopy() *ValidatingAdmissionPolicyBinding {
+	if in == nil {
+		return nil
+	}
+	out := new(ValidatingAdmissionPolicyBinding)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *ValidatingAdmissionPolicyBinding) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ValidatingAdmissionPolicyBindingList) DeepCopyInto(out *ValidatingAdmissionPolicyBindingList) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ListMeta.DeepCopyInto(&out.ListMeta)
+	if in.Items != nil {
+		in, out := &in.Items, &out.Items
+		*out = make([]ValidatingAdmissionPolicyBinding, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ValidatingAdmissionPolicyBindingList.
+func (in *ValidatingAdmissionPolicyBindingList) DeepCopy() *ValidatingAdmissionPolicyBindingList {
+	if in == nil {
+		return nil
+	}
+	out := new(ValidatingAdmissionPolicyBindingList)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *ValidatingAdmissionPolicyBindingList) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ValidatingAdmissionPolicyBindingSpec) DeepCopyInto(out *ValidatingAdmissionPolicyBindingSpec) {
+	*out = *in
+	if in.ParamRef != nil {
+		in, out := &in.ParamRef, &out.ParamRef
+		*out = new(ParamRef)
+		(*in).DeepCopyInto(*out)
+	}
+	if in.MatchResources != nil {
+		in, out := &in.MatchResources, &out.MatchResources
+		*out = new(MatchResources)
+		(*in).DeepCopyInto(*out)
+	}
+	if in.ValidationActions != nil {
+		in, out := &in.ValidationActions, &out.ValidationActions
+		*out = make([]ValidationAction, len(*in))
+		copy(*out, *in)
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ValidatingAdmissionPolicyBindingSpec.
+func (in *ValidatingAdmissionPolicyBindingSpec) DeepCopy() *ValidatingAdmissionPolicyBindingSpec {
+	if in == nil {
+		return nil
+	}
+	out := new(ValidatingAdmissionPolicyBindingSpec)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ValidatingAdmissionPolicyList) DeepCopyInto(out *ValidatingAdmissionPolicyList) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ListMeta.DeepCopyInto(&out.ListMeta)
+	if in.Items != nil {
+		in, out := &in.Items, &out.Items
+		*out = make([]ValidatingAdmissionPolicy, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ValidatingAdmissionPolicyList.
+func (in *ValidatingAdmissionPolicyList) DeepCopy() *ValidatingAdmissionPolicyList {
+	if in == nil {
+		return nil
+	}
+	out := new(ValidatingAdmissionPolicyList)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *ValidatingAdmissionPolicyList) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ValidatingAdmissionPolicySpec) DeepCopyInto(out *ValidatingAdmissionPolicySpec) {
+	*out = *in
+	if in.ParamKind != nil {
+		in, out := &in.ParamKind, &out.ParamKind
+		*out = new(ParamKind)
+		**out = **in
+	}
+	if in.MatchConstraints != nil {
+		in, out := &in.MatchConstraints, &out.MatchConstraints
+		*out = new(MatchResources)
+		(*in).DeepCopyInto(*out)
+	}
+	if in.Validations != nil {
+		in, out := &in.Validations, &out.Validations
+		*out = make([]Validation, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+	if in.FailurePolicy != nil {
+		in, out := &in.FailurePolicy, &out.FailurePolicy
+		*out = new(FailurePolicyType)
+		**out = **in
+	}
+	if in.AuditAnnotations != nil {
+		in, out := &in.AuditAnnotations, &out.AuditAnnotations
+		*out = make([]AuditAnnotation, len(*in))
+		copy(*out, *in)
+	}
+	if in.MatchConditions != nil {
+		in, out := &in.MatchConditions, &out.MatchConditions
+		*out = make([]MatchCondition, len(*in))
+		copy(*out, *in)
+	}
+	if in.Variables != nil {
+		in, out := &in.Variables, &out.Variables
+		*out = make([]Variable, len(*in))
+		copy(*out, *in)
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ValidatingAdmissionPolicySpec.
+func (in *ValidatingAdmissionPolicySpec) DeepCopy() *ValidatingAdmissionPolicySpec {
+	if in == nil {
+		return nil
+	}
+	out := new(ValidatingAdmissionPolicySpec)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ValidatingAdmissionPolicyStatus) DeepCopyInto(out *ValidatingAdmissionPolicyStatus) {
+	*out = *in
+	if in.TypeChecking != nil {
+		in, out := &in.TypeChecking, &out.TypeChecking
+		*out = new(TypeChecking)
+		(*in).DeepCopyInto(*out)
+	}
+	if in.Conditions != nil {
+		in, out := &in.Conditions, &out.Conditions
+		*out = make([]v1.Condition, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ValidatingAdmissionPolicyStatus.
+func (in *ValidatingAdmissionPolicyStatus) DeepCopy() *ValidatingAdmissionPolicyStatus {
+	if in == nil {
+		return nil
+	}
+	out := new(ValidatingAdmissionPolicyStatus)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *ValidatingWebhook) DeepCopyInto(out *ValidatingWebhook) {
 	*out = *in
 	in.ClientConfig.DeepCopyInto(&out.ClientConfig)
 	if in.Rules != nil {
 		in, out := &in.Rules, &out.Rules
-		*out = make([]v1.RuleWithOperations, len(*in))
+		*out = make([]admissionregistrationv1.RuleWithOperations, len(*in))
 		for i := range *in {
 			(*in)[i].DeepCopyInto(&(*out)[i])
 		}
@@ -227,12 +622,12 @@ func (in *ValidatingWebhook) DeepCopyInto(out *ValidatingWebhook) {
 	}
 	if in.NamespaceSelector != nil {
 		in, out := &in.NamespaceSelector, &out.NamespaceSelector
-		*out = new(metav1.LabelSelector)
+		*out = new(v1.LabelSelector)
 		(*in).DeepCopyInto(*out)
 	}
 	if in.ObjectSelector != nil {
 		in, out := &in.ObjectSelector, &out.ObjectSelector
-		*out = new(metav1.LabelSelector)
+		*out = new(v1.LabelSelector)
 		(*in).DeepCopyInto(*out)
 	}
 	if in.SideEffects != nil {
@@ -334,6 +729,43 @@ func (in *ValidatingWebhookConfigurationList) DeepCopyObject() runtime.Object {
 	return nil
 }
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *Validation) DeepCopyInto(out *Validation) {
+	*out = *in
+	if in.Reason != nil {
+		in, out := &in.Reason, &out.Reason
+		*out = new(v1.StatusReason)
+		**out = **in
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Validation.
+func (in *Validation) DeepCopy() *Validation {
+	if in == nil {
+		return nil
+	}
+	out := new(Validation)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *Variable) DeepCopyInto(out *Variable) {
+	*out = *in
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Variable.
+func (in *Variable) DeepCopy() *Variable {
+	if in == nil {
+		return nil
+	}
+	out := new(Variable)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *WebhookClientConfig) DeepCopyInto(out *WebhookClientConfig) {
 	*out = *in
diff --git a/vendor/k8s.io/api/admissionregistration/v1beta1/zz_generated.prerelease-lifecycle.go b/vendor/k8s.io/api/admissionregistration/v1beta1/zz_generated.prerelease-lifecycle.go
index 09a92f476..c1be5122a 100644
--- a/vendor/k8s.io/api/admissionregistration/v1beta1/zz_generated.prerelease-lifecycle.go
+++ b/vendor/k8s.io/api/admissionregistration/v1beta1/zz_generated.prerelease-lifecycle.go
@@ -73,6 +73,78 @@ func (in *MutatingWebhookConfigurationList) APILifecycleRemoved() (major, minor
 	return 1, 22
 }
 
+// APILifecycleIntroduced is an autogenerated function, returning the release in which the API struct was introduced as int versions of major and minor for comparison.
+// It is controlled by "k8s:prerelease-lifecycle-gen:introduced" tags in types.go.
+func (in *ValidatingAdmissionPolicy) APILifecycleIntroduced() (major, minor int) {
+	return 1, 28
+}
+
+// APILifecycleDeprecated is an autogenerated function, returning the release in which the API struct was or will be deprecated as int versions of major and minor for comparison.
+// It is controlled by "k8s:prerelease-lifecycle-gen:deprecated" tags in types.go or  "k8s:prerelease-lifecycle-gen:introduced" plus three minor.
+func (in *ValidatingAdmissionPolicy) APILifecycleDeprecated() (major, minor int) {
+	return 1, 31
+}
+
+// APILifecycleRemoved is an autogenerated function, returning the release in which the API is no longer served as int versions of major and minor for comparison.
+// It is controlled by "k8s:prerelease-lifecycle-gen:removed" tags in types.go or  "k8s:prerelease-lifecycle-gen:deprecated" plus three minor.
+func (in *ValidatingAdmissionPolicy) APILifecycleRemoved() (major, minor int) {
+	return 1, 34
+}
+
+// APILifecycleIntroduced is an autogenerated function, returning the release in which the API struct was introduced as int versions of major and minor for comparison.
+// It is controlled by "k8s:prerelease-lifecycle-gen:introduced" tags in types.go.
+func (in *ValidatingAdmissionPolicyBinding) APILifecycleIntroduced() (major, minor int) {
+	return 1, 28
+}
+
+// APILifecycleDeprecated is an autogenerated function, returning the release in which the API struct was or will be deprecated as int versions of major and minor for comparison.
+// It is controlled by "k8s:prerelease-lifecycle-gen:deprecated" tags in types.go or  "k8s:prerelease-lifecycle-gen:introduced" plus three minor.
+func (in *ValidatingAdmissionPolicyBinding) APILifecycleDeprecated() (major, minor int) {
+	return 1, 31
+}
+
+// APILifecycleRemoved is an autogenerated function, returning the release in which the API is no longer served as int versions of major and minor for comparison.
+// It is controlled by "k8s:prerelease-lifecycle-gen:removed" tags in types.go or  "k8s:prerelease-lifecycle-gen:deprecated" plus three minor.
+func (in *ValidatingAdmissionPolicyBinding) APILifecycleRemoved() (major, minor int) {
+	return 1, 34
+}
+
+// APILifecycleIntroduced is an autogenerated function, returning the release in which the API struct was introduced as int versions of major and minor for comparison.
+// It is controlled by "k8s:prerelease-lifecycle-gen:introduced" tags in types.go.
+func (in *ValidatingAdmissionPolicyBindingList) APILifecycleIntroduced() (major, minor int) {
+	return 1, 28
+}
+
+// APILifecycleDeprecated is an autogenerated function, returning the release in which the API struct was or will be deprecated as int versions of major and minor for comparison.
+// It is controlled by "k8s:prerelease-lifecycle-gen:deprecated" tags in types.go or  "k8s:prerelease-lifecycle-gen:introduced" plus three minor.
+func (in *ValidatingAdmissionPolicyBindingList) APILifecycleDeprecated() (major, minor int) {
+	return 1, 31
+}
+
+// APILifecycleRemoved is an autogenerated function, returning the release in which the API is no longer served as int versions of major and minor for comparison.
+// It is controlled by "k8s:prerelease-lifecycle-gen:removed" tags in types.go or  "k8s:prerelease-lifecycle-gen:deprecated" plus three minor.
+func (in *ValidatingAdmissionPolicyBindingList) APILifecycleRemoved() (major, minor int) {
+	return 1, 34
+}
+
+// APILifecycleIntroduced is an autogenerated function, returning the release in which the API struct was introduced as int versions of major and minor for comparison.
+// It is controlled by "k8s:prerelease-lifecycle-gen:introduced" tags in types.go.
+func (in *ValidatingAdmissionPolicyList) APILifecycleIntroduced() (major, minor int) {
+	return 1, 28
+}
+
+// APILifecycleDeprecated is an autogenerated function, returning the release in which the API struct was or will be deprecated as int versions of major and minor for comparison.
+// It is controlled by "k8s:prerelease-lifecycle-gen:deprecated" tags in types.go or  "k8s:prerelease-lifecycle-gen:introduced" plus three minor.
+func (in *ValidatingAdmissionPolicyList) APILifecycleDeprecated() (major, minor int) {
+	return 1, 31
+}
+
+// APILifecycleRemoved is an autogenerated function, returning the release in which the API is no longer served as int versions of major and minor for comparison.
+// It is controlled by "k8s:prerelease-lifecycle-gen:removed" tags in types.go or  "k8s:prerelease-lifecycle-gen:deprecated" plus three minor.
+func (in *ValidatingAdmissionPolicyList) APILifecycleRemoved() (major, minor int) {
+	return 1, 34
+}
+
 // APILifecycleIntroduced is an autogenerated function, returning the release in which the API struct was introduced as int versions of major and minor for comparison.
 // It is controlled by "k8s:prerelease-lifecycle-gen:introduced" tags in types.go.
 func (in *ValidatingWebhookConfiguration) APILifecycleIntroduced() (major, minor int) {
diff --git a/vendor/k8s.io/api/apidiscovery/v2beta1/generated.proto b/vendor/k8s.io/api/apidiscovery/v2beta1/generated.proto
index aa08b4978..a09af750b 100644
--- a/vendor/k8s.io/api/apidiscovery/v2beta1/generated.proto
+++ b/vendor/k8s.io/api/apidiscovery/v2beta1/generated.proto
@@ -71,7 +71,7 @@ message APIResourceDiscovery {
 
   // responseKind describes the group, version, and kind of the serialization schema for the object type this endpoint typically returns.
   // APIs may return other objects types at their discretion, such as error conditions, requests for alternate representations, or other operation specific behavior.
-  // This value will be null if an APIService reports subresources but supports no operations on the parent resource
+  // This value will be null or empty if an APIService reports subresources but supports no operations on the parent resource
   optional k8s.io.apimachinery.pkg.apis.meta.v1.GroupVersionKind responseKind = 2;
 
   // scope indicates the scope of a resource, either Cluster or Namespaced
@@ -111,7 +111,7 @@ message APISubresourceDiscovery {
   optional string subresource = 1;
 
   // responseKind describes the group, version, and kind of the serialization schema for the object type this endpoint typically returns.
-  // Some subresources do not return normal resources, these will have null return types.
+  // Some subresources do not return normal resources, these will have null or empty return types.
   optional k8s.io.apimachinery.pkg.apis.meta.v1.GroupVersionKind responseKind = 2;
 
   // acceptedTypes describes the kinds that this endpoint accepts.
diff --git a/vendor/k8s.io/api/apidiscovery/v2beta1/types.go b/vendor/k8s.io/api/apidiscovery/v2beta1/types.go
index 1aff3e370..834293773 100644
--- a/vendor/k8s.io/api/apidiscovery/v2beta1/types.go
+++ b/vendor/k8s.io/api/apidiscovery/v2beta1/types.go
@@ -92,7 +92,7 @@ type APIResourceDiscovery struct {
 	Resource string `json:"resource" protobuf:"bytes,1,opt,name=resource"`
 	// responseKind describes the group, version, and kind of the serialization schema for the object type this endpoint typically returns.
 	// APIs may return other objects types at their discretion, such as error conditions, requests for alternate representations, or other operation specific behavior.
-	// This value will be null if an APIService reports subresources but supports no operations on the parent resource
+	// This value will be null or empty if an APIService reports subresources but supports no operations on the parent resource
 	ResponseKind *v1.GroupVersionKind `json:"responseKind,omitempty" protobuf:"bytes,2,opt,name=responseKind"`
 	// scope indicates the scope of a resource, either Cluster or Namespaced
 	Scope ResourceScope `json:"scope" protobuf:"bytes,3,opt,name=scope"`
@@ -141,7 +141,7 @@ type APISubresourceDiscovery struct {
 	// for this resource across all versions.
 	Subresource string `json:"subresource" protobuf:"bytes,1,opt,name=subresource"`
 	// responseKind describes the group, version, and kind of the serialization schema for the object type this endpoint typically returns.
-	// Some subresources do not return normal resources, these will have null return types.
+	// Some subresources do not return normal resources, these will have null or empty return types.
 	ResponseKind *v1.GroupVersionKind `json:"responseKind,omitempty" protobuf:"bytes,2,opt,name=responseKind"`
 	// acceptedTypes describes the kinds that this endpoint accepts.
 	// Subresources may accept the standard content types or define
diff --git a/vendor/k8s.io/api/apiserverinternal/v1alpha1/generated.pb.go b/vendor/k8s.io/api/apiserverinternal/v1alpha1/generated.pb.go
index 4effbc6c1..6871da414 100644
--- a/vendor/k8s.io/api/apiserverinternal/v1alpha1/generated.pb.go
+++ b/vendor/k8s.io/api/apiserverinternal/v1alpha1/generated.pb.go
@@ -225,55 +225,57 @@ func init() {
 }
 
 var fileDescriptor_a3903ff5e3cc7a03 = []byte{
-	// 768 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x9c, 0x55, 0xdf, 0x4e, 0x13, 0x4d,
-	0x14, 0xef, 0xd2, 0x52, 0x60, 0xfa, 0x7d, 0xf4, 0x63, 0x3e, 0x08, 0xb5, 0x26, 0x5b, 0x6c, 0x82,
-	0x41, 0x8d, 0xbb, 0xd2, 0x88, 0x91, 0x98, 0x68, 0x58, 0x20, 0x06, 0x05, 0x31, 0x03, 0xf1, 0x02,
-	0xbd, 0x70, 0xba, 0x3b, 0x6e, 0xd7, 0x76, 0x77, 0x36, 0x3b, 0xd3, 0x26, 0xdc, 0x18, 0x1f, 0xc1,
-	0x07, 0xf1, 0xd2, 0x87, 0xe0, 0xca, 0x70, 0x63, 0x42, 0x62, 0xd2, 0xc8, 0xfa, 0x16, 0x5c, 0x99,
-	0x99, 0xdd, 0xb6, 0x6c, 0xbb, 0xc4, 0x86, 0x8b, 0x26, 0x9d, 0x73, 0xce, 0xef, 0x77, 0xfe, 0xcc,
-	0x6f, 0xce, 0x82, 0x57, 0xcd, 0xc7, 0x4c, 0x73, 0xa8, 0xde, 0x6c, 0xd7, 0x49, 0xe0, 0x11, 0x4e,
-	0x98, 0xde, 0x21, 0x9e, 0x45, 0x03, 0x3d, 0x76, 0x60, 0xdf, 0x11, 0x3f, 0x46, 0x82, 0x0e, 0x09,
-	0x1c, 0x8f, 0x93, 0xc0, 0xc3, 0x2d, 0xbd, 0xb3, 0x8a, 0x5b, 0x7e, 0x03, 0xaf, 0xea, 0x36, 0xf1,
-	0x48, 0x80, 0x39, 0xb1, 0x34, 0x3f, 0xa0, 0x9c, 0xc2, 0xe5, 0x08, 0xa6, 0x61, 0xdf, 0xd1, 0x46,
-	0x60, 0x5a, 0x0f, 0x56, 0xbe, 0x6f, 0x3b, 0xbc, 0xd1, 0xae, 0x6b, 0x26, 0x75, 0x75, 0x9b, 0xda,
-	0x54, 0x97, 0xe8, 0x7a, 0xfb, 0x83, 0x3c, 0xc9, 0x83, 0xfc, 0x17, 0xb1, 0x96, 0x1f, 0x0e, 0x8a,
-	0x71, 0xb1, 0xd9, 0x70, 0x3c, 0x12, 0x1c, 0xeb, 0x7e, 0xd3, 0x96, 0x95, 0xe9, 0x2e, 0xe1, 0x58,
-	0xef, 0x8c, 0xd4, 0x52, 0xd6, 0xaf, 0x42, 0x05, 0x6d, 0x8f, 0x3b, 0x2e, 0x19, 0x01, 0x3c, 0xfa,
-	0x1b, 0x80, 0x99, 0x0d, 0xe2, 0xe2, 0x61, 0x5c, 0xf5, 0x87, 0x02, 0xe6, 0x0f, 0x64, 0xa7, 0x07,
-	0x9c, 0x06, 0xd8, 0x26, 0x6f, 0x48, 0xc0, 0x1c, 0xea, 0xc1, 0x35, 0x50, 0xc0, 0xbe, 0x13, 0xb9,
-	0x76, 0xb6, 0x4a, 0xca, 0x92, 0xb2, 0x32, 0x63, 0xfc, 0x7f, 0xd2, 0xad, 0x64, 0xc2, 0x6e, 0xa5,
-	0xb0, 0xf1, 0x7a, 0xa7, 0xe7, 0x42, 0x97, 0xe3, 0xe0, 0x06, 0x28, 0x12, 0xcf, 0xa4, 0x96, 0xe3,
-	0xd9, 0x31, 0x53, 0x69, 0x42, 0x42, 0x17, 0x63, 0x68, 0x71, 0x3b, 0xe9, 0x46, 0xc3, 0xf1, 0x70,
-	0x13, 0xcc, 0x59, 0xc4, 0xa4, 0x16, 0xae, 0xb7, 0x7a, 0xd5, 0xb0, 0x52, 0x76, 0x29, 0xbb, 0x32,
-	0x63, 0x2c, 0x84, 0xdd, 0xca, 0xdc, 0xd6, 0xb0, 0x13, 0x8d, 0xc6, 0x57, 0xbf, 0x4d, 0x80, 0xd9,
-	0xa1, 0x8e, 0xde, 0x83, 0x69, 0x31, 0x6e, 0x0b, 0x73, 0x2c, 0xdb, 0x29, 0xd4, 0x1e, 0x68, 0x83,
-	0x2b, 0xef, 0x4f, 0x4d, 0xf3, 0x9b, 0xb6, 0xbc, 0x7f, 0x4d, 0x44, 0x6b, 0x9d, 0x55, 0x6d, 0xbf,
-	0xfe, 0x91, 0x98, 0x7c, 0x8f, 0x70, 0x6c, 0xc0, 0xb8, 0x0b, 0x30, 0xb0, 0xa1, 0x3e, 0x2b, 0x7c,
-	0x0b, 0x72, 0xcc, 0x27, 0xa6, 0xec, 0xb8, 0x50, 0x5b, 0xd7, 0xc6, 0x12, 0x94, 0x96, 0x2c, 0xf3,
-	0xc0, 0x27, 0xa6, 0xf1, 0x4f, 0x9c, 0x26, 0x27, 0x4e, 0x48, 0x92, 0x42, 0x13, 0xe4, 0x19, 0xc7,
-	0xbc, 0x2d, 0x66, 0x21, 0xe8, 0x9f, 0x5c, 0x8f, 0x5e, 0x52, 0x18, 0xb3, 0x71, 0x82, 0x7c, 0x74,
-	0x46, 0x31, 0x75, 0xf5, 0x6b, 0x16, 0x2c, 0x26, 0x01, 0x9b, 0xd4, 0xb3, 0x1c, 0x2e, 0xe6, 0xf7,
-	0x0c, 0xe4, 0xf8, 0xb1, 0x4f, 0x62, 0x29, 0xdc, 0xeb, 0x95, 0x78, 0x78, 0xec, 0x93, 0x8b, 0x6e,
-	0xe5, 0xe6, 0x15, 0x30, 0xe1, 0x46, 0x12, 0x08, 0xd7, 0xfb, 0x1d, 0x44, 0x92, 0xb8, 0x95, 0x2c,
-	0xe2, 0xa2, 0x5b, 0x29, 0xf6, 0x61, 0xc9, 0xba, 0xe0, 0x0b, 0x00, 0x69, 0x5d, 0x76, 0x68, 0x3d,
-	0x8f, 0x14, 0x2c, 0x94, 0x25, 0x06, 0x91, 0x35, 0xca, 0x31, 0x0d, 0xdc, 0x1f, 0x89, 0x40, 0x29,
-	0x28, 0xd8, 0x01, 0xb0, 0x85, 0x19, 0x3f, 0x0c, 0xb0, 0xc7, 0xa2, 0x12, 0x1d, 0x97, 0x94, 0x72,
-	0x72, 0xa8, 0x77, 0xc7, 0x53, 0x84, 0x40, 0x0c, 0xf2, 0xee, 0x8e, 0xb0, 0xa1, 0x94, 0x0c, 0xf0,
-	0x36, 0xc8, 0x07, 0x04, 0x33, 0xea, 0x95, 0x26, 0x65, 0xfb, 0xfd, 0x3b, 0x40, 0xd2, 0x8a, 0x62,
-	0x2f, 0xbc, 0x03, 0xa6, 0x5c, 0xc2, 0x18, 0xb6, 0x49, 0x29, 0x2f, 0x03, 0x8b, 0x71, 0xe0, 0xd4,
-	0x5e, 0x64, 0x46, 0x3d, 0x7f, 0xf5, 0xbb, 0x02, 0x60, 0x72, 0xee, 0xbb, 0x0e, 0xe3, 0xf0, 0xdd,
-	0x88, 0xd2, 0xb5, 0xf1, 0xfa, 0x12, 0x68, 0xa9, 0xf3, 0xff, 0xe2, 0x94, 0xd3, 0x3d, 0xcb, 0x25,
-	0x95, 0x1f, 0x81, 0x49, 0x87, 0x13, 0x57, 0xdc, 0x62, 0x76, 0xa5, 0x50, 0x5b, 0xbb, 0x96, 0x0e,
-	0x8d, 0x7f, 0xe3, 0x0c, 0x93, 0x3b, 0x82, 0x0b, 0x45, 0x94, 0xd5, 0xf9, 0xe1, 0x7e, 0xc4, 0x03,
-	0xa8, 0xfe, 0x9c, 0x00, 0xf3, 0x69, 0x32, 0x86, 0x9f, 0x40, 0x91, 0x25, 0xec, 0xac, 0xa4, 0xc8,
-	0xa2, 0xc6, 0x7e, 0x1c, 0x29, 0xab, 0x6f, 0xb0, 0xaa, 0x92, 0x76, 0x86, 0x86, 0x93, 0xc1, 0x7d,
-	0xb0, 0x60, 0x52, 0xd7, 0xa5, 0xde, 0x76, 0xea, 0xce, 0xbb, 0x11, 0x76, 0x2b, 0x0b, 0x9b, 0x69,
-	0x01, 0x28, 0x1d, 0x07, 0x03, 0x00, 0xcc, 0xde, 0x13, 0x88, 0x96, 0x5e, 0xa1, 0xf6, 0xf4, 0x5a,
-	0x03, 0xee, 0xbf, 0xa4, 0xc1, 0xce, 0xea, 0x9b, 0x18, 0xba, 0x94, 0xc5, 0x78, 0x79, 0x72, 0xae,
-	0x66, 0x4e, 0xcf, 0xd5, 0xcc, 0xd9, 0xb9, 0x9a, 0xf9, 0x1c, 0xaa, 0xca, 0x49, 0xa8, 0x2a, 0xa7,
-	0xa1, 0xaa, 0x9c, 0x85, 0xaa, 0xf2, 0x2b, 0x54, 0x95, 0x2f, 0xbf, 0xd5, 0xcc, 0xd1, 0xf2, 0x58,
-	0x1f, 0xd5, 0x3f, 0x01, 0x00, 0x00, 0xff, 0xff, 0xa0, 0xd0, 0x65, 0xbc, 0x95, 0x07, 0x00, 0x00,
+	// 790 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x9c, 0x55, 0x41, 0x4f, 0xdb, 0x48,
+	0x14, 0x8e, 0x49, 0x08, 0x30, 0xd9, 0x4d, 0x96, 0x59, 0x10, 0xd9, 0xac, 0xe4, 0xb0, 0x91, 0x58,
+	0xb1, 0xbb, 0x5a, 0x7b, 0x89, 0x96, 0xaa, 0xb4, 0x52, 0x2b, 0x0c, 0xa8, 0xa2, 0x85, 0x52, 0x4d,
+	0x50, 0x0f, 0xb4, 0x87, 0x4e, 0xec, 0xa9, 0xe3, 0x26, 0xf6, 0x58, 0x9e, 0x49, 0x24, 0x2e, 0x55,
+	0x7f, 0x42, 0xfb, 0x3f, 0x7a, 0xec, 0x8f, 0xe0, 0x54, 0x71, 0x44, 0xaa, 0x14, 0x15, 0xf7, 0x5f,
+	0x70, 0xaa, 0x66, 0xec, 0x38, 0x38, 0x09, 0x6a, 0xc4, 0x21, 0x52, 0xe6, 0xbd, 0xf7, 0x7d, 0xef,
+	0xcd, 0x37, 0xdf, 0x8c, 0xc1, 0xd3, 0xf6, 0x5d, 0xa6, 0x39, 0x54, 0x6f, 0x77, 0x9b, 0x24, 0xf0,
+	0x08, 0x27, 0x4c, 0xef, 0x11, 0xcf, 0xa2, 0x81, 0x1e, 0x27, 0xb0, 0xef, 0x88, 0x1f, 0x23, 0x41,
+	0x8f, 0x04, 0x8e, 0xc7, 0x49, 0xe0, 0xe1, 0x8e, 0xde, 0xdb, 0xc0, 0x1d, 0xbf, 0x85, 0x37, 0x74,
+	0x9b, 0x78, 0x24, 0xc0, 0x9c, 0x58, 0x9a, 0x1f, 0x50, 0x4e, 0xe1, 0x5a, 0x04, 0xd3, 0xb0, 0xef,
+	0x68, 0x63, 0x30, 0x6d, 0x00, 0xab, 0xfc, 0x6b, 0x3b, 0xbc, 0xd5, 0x6d, 0x6a, 0x26, 0x75, 0x75,
+	0x9b, 0xda, 0x54, 0x97, 0xe8, 0x66, 0xf7, 0xb5, 0x5c, 0xc9, 0x85, 0xfc, 0x17, 0xb1, 0x56, 0xfe,
+	0x1f, 0x0e, 0xe3, 0x62, 0xb3, 0xe5, 0x78, 0x24, 0x38, 0xd5, 0xfd, 0xb6, 0x2d, 0x27, 0xd3, 0x5d,
+	0xc2, 0xb1, 0xde, 0x1b, 0x9b, 0xa5, 0xa2, 0xdf, 0x84, 0x0a, 0xba, 0x1e, 0x77, 0x5c, 0x32, 0x06,
+	0xb8, 0xf3, 0x23, 0x00, 0x33, 0x5b, 0xc4, 0xc5, 0xa3, 0xb8, 0xda, 0x87, 0x19, 0xb0, 0xd4, 0x90,
+	0x3b, 0x6d, 0x70, 0x1a, 0x60, 0x9b, 0x3c, 0x27, 0x01, 0x73, 0xa8, 0x07, 0x37, 0x41, 0x01, 0xfb,
+	0x4e, 0x94, 0xda, 0xdf, 0x2d, 0x2b, 0xab, 0xca, 0xfa, 0x82, 0xf1, 0xeb, 0x59, 0xbf, 0x9a, 0x09,
+	0xfb, 0xd5, 0xc2, 0xf6, 0xb3, 0xfd, 0x41, 0x0a, 0x5d, 0xaf, 0x83, 0xdb, 0xa0, 0x44, 0x3c, 0x93,
+	0x5a, 0x8e, 0x67, 0xc7, 0x4c, 0xe5, 0x19, 0x09, 0x5d, 0x89, 0xa1, 0xa5, 0xbd, 0x74, 0x1a, 0x8d,
+	0xd6, 0xc3, 0x1d, 0xb0, 0x68, 0x11, 0x93, 0x5a, 0xb8, 0xd9, 0x19, 0x4c, 0xc3, 0xca, 0xd9, 0xd5,
+	0xec, 0xfa, 0x82, 0xb1, 0x1c, 0xf6, 0xab, 0x8b, 0xbb, 0xa3, 0x49, 0x34, 0x5e, 0x0f, 0xef, 0x81,
+	0xa2, 0x3c, 0x40, 0x2b, 0x61, 0xc8, 0x49, 0x06, 0x18, 0xf6, 0xab, 0xc5, 0x46, 0x2a, 0x83, 0x46,
+	0x2a, 0x6b, 0x9f, 0x66, 0x40, 0x71, 0x44, 0x8d, 0x57, 0x60, 0x5e, 0x1c, 0x95, 0x85, 0x39, 0x96,
+	0x52, 0x14, 0xea, 0xff, 0x69, 0x43, 0xbb, 0x24, 0x8a, 0x6b, 0x7e, 0xdb, 0x96, 0xde, 0xd1, 0x44,
+	0xb5, 0xd6, 0xdb, 0xd0, 0x8e, 0x9a, 0x6f, 0x88, 0xc9, 0x0f, 0x09, 0xc7, 0x06, 0x8c, 0x15, 0x00,
+	0xc3, 0x18, 0x4a, 0x58, 0xe1, 0x0b, 0x90, 0x63, 0x3e, 0x31, 0xa5, 0x5a, 0x85, 0xfa, 0x96, 0x36,
+	0x95, 0x19, 0xb5, 0xf4, 0x98, 0x0d, 0x9f, 0x98, 0xc6, 0x4f, 0x71, 0x9b, 0x9c, 0x58, 0x21, 0x49,
+	0x0a, 0x4d, 0x90, 0x67, 0x1c, 0xf3, 0xae, 0xd0, 0x51, 0xd0, 0xdf, 0xbf, 0x1d, 0xbd, 0xa4, 0x30,
+	0x8a, 0x71, 0x83, 0x7c, 0xb4, 0x46, 0x31, 0x75, 0xed, 0x63, 0x16, 0xac, 0xa4, 0x01, 0x3b, 0xd4,
+	0xb3, 0x1c, 0x2e, 0xf4, 0x7b, 0x08, 0x72, 0xfc, 0xd4, 0x27, 0xb1, 0x8d, 0xfe, 0x19, 0x8c, 0x78,
+	0x7c, 0xea, 0x93, 0xab, 0x7e, 0xf5, 0xf7, 0x1b, 0x60, 0x22, 0x8d, 0x24, 0x10, 0x6e, 0x25, 0x3b,
+	0x88, 0xec, 0xf4, 0x47, 0x7a, 0x88, 0xab, 0x7e, 0xb5, 0x94, 0xc0, 0xd2, 0x73, 0xc1, 0xc7, 0x00,
+	0xd2, 0x66, 0x74, 0xc4, 0x8f, 0x22, 0xf7, 0x0b, 0x57, 0x0a, 0x21, 0xb2, 0x46, 0x25, 0xa6, 0x81,
+	0x47, 0x63, 0x15, 0x68, 0x02, 0x0a, 0xf6, 0x00, 0xec, 0x60, 0xc6, 0x8f, 0x03, 0xec, 0xb1, 0x68,
+	0x44, 0xc7, 0x25, 0xe5, 0x9c, 0x14, 0xf5, 0xef, 0xe9, 0x1c, 0x21, 0x10, 0xc3, 0xbe, 0x07, 0x63,
+	0x6c, 0x68, 0x42, 0x07, 0xf8, 0x27, 0xc8, 0x07, 0x04, 0x33, 0xea, 0x95, 0x67, 0xe5, 0xf6, 0x93,
+	0x33, 0x40, 0x32, 0x8a, 0xe2, 0x2c, 0xfc, 0x0b, 0xcc, 0xb9, 0x84, 0x31, 0x6c, 0x93, 0x72, 0x5e,
+	0x16, 0x96, 0xe2, 0xc2, 0xb9, 0xc3, 0x28, 0x8c, 0x06, 0xf9, 0xda, 0x67, 0x05, 0xc0, 0xb4, 0xee,
+	0x07, 0x0e, 0xe3, 0xf0, 0xe5, 0x98, 0xd3, 0xb5, 0xe9, 0xf6, 0x25, 0xd0, 0xd2, 0xe7, 0xbf, 0xc4,
+	0x2d, 0xe7, 0x07, 0x91, 0x6b, 0x2e, 0x3f, 0x01, 0xb3, 0x0e, 0x27, 0xae, 0x38, 0xc5, 0xec, 0x7a,
+	0xa1, 0xbe, 0x79, 0x2b, 0x1f, 0x1a, 0x3f, 0xc7, 0x1d, 0x66, 0xf7, 0x05, 0x17, 0x8a, 0x28, 0x6b,
+	0x4b, 0xa3, 0xfb, 0x11, 0x17, 0xa0, 0xf6, 0x45, 0x3c, 0x70, 0x13, 0x6c, 0x0c, 0xdf, 0x82, 0x12,
+	0x4b, 0xc5, 0x59, 0x59, 0x91, 0x43, 0x4d, 0x7d, 0x39, 0x26, 0x3c, 0x9b, 0xc3, 0x67, 0x2e, 0x1d,
+	0x67, 0x68, 0xb4, 0x19, 0x3c, 0x02, 0xcb, 0x26, 0x75, 0x5d, 0xea, 0xed, 0x4d, 0x7c, 0x2f, 0x7f,
+	0x0b, 0xfb, 0xd5, 0xe5, 0x9d, 0x49, 0x05, 0x68, 0x32, 0x0e, 0x06, 0x00, 0x98, 0x83, 0x2b, 0x10,
+	0x3d, 0x98, 0x85, 0xfa, 0x83, 0x5b, 0x09, 0x9c, 0xdc, 0xa4, 0xe1, 0x9b, 0x95, 0x84, 0x18, 0xba,
+	0xd6, 0xc5, 0x78, 0x72, 0x76, 0xa9, 0x66, 0xce, 0x2f, 0xd5, 0xcc, 0xc5, 0xa5, 0x9a, 0x79, 0x17,
+	0xaa, 0xca, 0x59, 0xa8, 0x2a, 0xe7, 0xa1, 0xaa, 0x5c, 0x84, 0xaa, 0xf2, 0x35, 0x54, 0x95, 0xf7,
+	0xdf, 0xd4, 0xcc, 0xc9, 0xda, 0x54, 0x1f, 0xe4, 0xef, 0x01, 0x00, 0x00, 0xff, 0xff, 0xa0, 0x3a,
+	0x2e, 0x07, 0xd1, 0x07, 0x00, 0x00,
 }
 
 func (m *ServerStorageVersion) Marshal() (dAtA []byte, err error) {
@@ -296,6 +298,15 @@ func (m *ServerStorageVersion) MarshalToSizedBuffer(dAtA []byte) (int, error) {
 	_ = i
 	var l int
 	_ = l
+	if len(m.ServedVersions) > 0 {
+		for iNdEx := len(m.ServedVersions) - 1; iNdEx >= 0; iNdEx-- {
+			i -= len(m.ServedVersions[iNdEx])
+			copy(dAtA[i:], m.ServedVersions[iNdEx])
+			i = encodeVarintGenerated(dAtA, i, uint64(len(m.ServedVersions[iNdEx])))
+			i--
+			dAtA[i] = 0x22
+		}
+	}
 	if len(m.DecodableVersions) > 0 {
 		for iNdEx := len(m.DecodableVersions) - 1; iNdEx >= 0; iNdEx-- {
 			i -= len(m.DecodableVersions[iNdEx])
@@ -582,6 +593,12 @@ func (m *ServerStorageVersion) Size() (n int) {
 			n += 1 + l + sovGenerated(uint64(l))
 		}
 	}
+	if len(m.ServedVersions) > 0 {
+		for _, s := range m.ServedVersions {
+			l = len(s)
+			n += 1 + l + sovGenerated(uint64(l))
+		}
+	}
 	return n
 }
 
@@ -685,6 +702,7 @@ func (this *ServerStorageVersion) String() string {
 		`APIServerID:` + fmt.Sprintf("%v", this.APIServerID) + `,`,
 		`EncodingVersion:` + fmt.Sprintf("%v", this.EncodingVersion) + `,`,
 		`DecodableVersions:` + fmt.Sprintf("%v", this.DecodableVersions) + `,`,
+		`ServedVersions:` + fmt.Sprintf("%v", this.ServedVersions) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -896,6 +914,38 @@ func (m *ServerStorageVersion) Unmarshal(dAtA []byte) error {
 			}
 			m.DecodableVersions = append(m.DecodableVersions, string(dAtA[iNdEx:postIndex]))
 			iNdEx = postIndex
+		case 4:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field ServedVersions", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.ServedVersions = append(m.ServedVersions, string(dAtA[iNdEx:postIndex]))
+			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
 			skippy, err := skipGenerated(dAtA[iNdEx:])
diff --git a/vendor/k8s.io/api/apiserverinternal/v1alpha1/generated.proto b/vendor/k8s.io/api/apiserverinternal/v1alpha1/generated.proto
index 63c45d54d..6e6bab521 100644
--- a/vendor/k8s.io/api/apiserverinternal/v1alpha1/generated.proto
+++ b/vendor/k8s.io/api/apiserverinternal/v1alpha1/generated.proto
@@ -42,6 +42,11 @@ message ServerStorageVersion {
   // The encodingVersion must be included in the decodableVersions.
   // +listType=set
   repeated string decodableVersions = 3;
+
+  // The API server can serve these versions.
+  // DecodableVersions must include all ServedVersions.
+  // +listType=set
+  repeated string servedVersions = 4;
 }
 
 // Storage version of a specific resource.
diff --git a/vendor/k8s.io/api/apiserverinternal/v1alpha1/types.go b/vendor/k8s.io/api/apiserverinternal/v1alpha1/types.go
index a0437b507..0ffcf95f0 100644
--- a/vendor/k8s.io/api/apiserverinternal/v1alpha1/types.go
+++ b/vendor/k8s.io/api/apiserverinternal/v1alpha1/types.go
@@ -77,6 +77,11 @@ type ServerStorageVersion struct {
 	// The encodingVersion must be included in the decodableVersions.
 	// +listType=set
 	DecodableVersions []string `json:"decodableVersions,omitempty" protobuf:"bytes,3,opt,name=decodableVersions"`
+
+	// The API server can serve these versions.
+	// DecodableVersions must include all ServedVersions.
+	// +listType=set
+	ServedVersions []string `json:"servedVersions,omitempty" protobuf:"bytes,4,opt,name=servedVersions"`
 }
 
 type StorageVersionConditionType string
diff --git a/vendor/k8s.io/api/apiserverinternal/v1alpha1/types_swagger_doc_generated.go b/vendor/k8s.io/api/apiserverinternal/v1alpha1/types_swagger_doc_generated.go
index 3b75fa65b..6fd1c3ebe 100644
--- a/vendor/k8s.io/api/apiserverinternal/v1alpha1/types_swagger_doc_generated.go
+++ b/vendor/k8s.io/api/apiserverinternal/v1alpha1/types_swagger_doc_generated.go
@@ -32,6 +32,7 @@ var map_ServerStorageVersion = map[string]string{
 	"apiServerID":       "The ID of the reporting API server.",
 	"encodingVersion":   "The API server encodes the object to this version when persisting it in the backend (e.g., etcd).",
 	"decodableVersions": "The API server can decode objects encoded in these versions. The encodingVersion must be included in the decodableVersions.",
+	"servedVersions":    "The API server can serve these versions. DecodableVersions must include all ServedVersions.",
 }
 
 func (ServerStorageVersion) SwaggerDoc() map[string]string {
diff --git a/vendor/k8s.io/api/apiserverinternal/v1alpha1/zz_generated.deepcopy.go b/vendor/k8s.io/api/apiserverinternal/v1alpha1/zz_generated.deepcopy.go
index 44dffa751..638d80140 100644
--- a/vendor/k8s.io/api/apiserverinternal/v1alpha1/zz_generated.deepcopy.go
+++ b/vendor/k8s.io/api/apiserverinternal/v1alpha1/zz_generated.deepcopy.go
@@ -33,6 +33,11 @@ func (in *ServerStorageVersion) DeepCopyInto(out *ServerStorageVersion) {
 		*out = make([]string, len(*in))
 		copy(*out, *in)
 	}
+	if in.ServedVersions != nil {
+		in, out := &in.ServedVersions, &out.ServedVersions
+		*out = make([]string, len(*in))
+		copy(*out, *in)
+	}
 	return
 }
 
diff --git a/vendor/k8s.io/api/apps/v1/types.go b/vendor/k8s.io/api/apps/v1/types.go
index 15dc3150a..644d368fe 100644
--- a/vendor/k8s.io/api/apps/v1/types.go
+++ b/vendor/k8s.io/api/apps/v1/types.go
@@ -17,7 +17,7 @@ limitations under the License.
 package v1
 
 import (
-	"k8s.io/api/core/v1"
+	v1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	runtime "k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/util/intstr"
@@ -29,6 +29,7 @@ const (
 	DeprecatedRollbackTo           = "deprecated.deployment.rollback.to"
 	DeprecatedTemplateGeneration   = "deprecated.daemonset.template.generation"
 	StatefulSetPodNameLabel        = "statefulset.kubernetes.io/pod-name"
+	PodIndexLabel                  = "apps.kubernetes.io/pod-index"
 )
 
 // +genclient
diff --git a/vendor/k8s.io/api/authentication/v1/generated.pb.go b/vendor/k8s.io/api/authentication/v1/generated.pb.go
index efbecf02c..304bbd074 100644
--- a/vendor/k8s.io/api/authentication/v1/generated.pb.go
+++ b/vendor/k8s.io/api/authentication/v1/generated.pb.go
@@ -102,10 +102,66 @@ func (m *ExtraValue) XXX_DiscardUnknown() {
 
 var xxx_messageInfo_ExtraValue proto.InternalMessageInfo
 
+func (m *SelfSubjectReview) Reset()      { *m = SelfSubjectReview{} }
+func (*SelfSubjectReview) ProtoMessage() {}
+func (*SelfSubjectReview) Descriptor() ([]byte, []int) {
+	return fileDescriptor_2953ea822e7ffe1e, []int{2}
+}
+func (m *SelfSubjectReview) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *SelfSubjectReview) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	b = b[:cap(b)]
+	n, err := m.MarshalToSizedBuffer(b)
+	if err != nil {
+		return nil, err
+	}
+	return b[:n], nil
+}
+func (m *SelfSubjectReview) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_SelfSubjectReview.Merge(m, src)
+}
+func (m *SelfSubjectReview) XXX_Size() int {
+	return m.Size()
+}
+func (m *SelfSubjectReview) XXX_DiscardUnknown() {
+	xxx_messageInfo_SelfSubjectReview.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_SelfSubjectReview proto.InternalMessageInfo
+
+func (m *SelfSubjectReviewStatus) Reset()      { *m = SelfSubjectReviewStatus{} }
+func (*SelfSubjectReviewStatus) ProtoMessage() {}
+func (*SelfSubjectReviewStatus) Descriptor() ([]byte, []int) {
+	return fileDescriptor_2953ea822e7ffe1e, []int{3}
+}
+func (m *SelfSubjectReviewStatus) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *SelfSubjectReviewStatus) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	b = b[:cap(b)]
+	n, err := m.MarshalToSizedBuffer(b)
+	if err != nil {
+		return nil, err
+	}
+	return b[:n], nil
+}
+func (m *SelfSubjectReviewStatus) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_SelfSubjectReviewStatus.Merge(m, src)
+}
+func (m *SelfSubjectReviewStatus) XXX_Size() int {
+	return m.Size()
+}
+func (m *SelfSubjectReviewStatus) XXX_DiscardUnknown() {
+	xxx_messageInfo_SelfSubjectReviewStatus.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_SelfSubjectReviewStatus proto.InternalMessageInfo
+
 func (m *TokenRequest) Reset()      { *m = TokenRequest{} }
 func (*TokenRequest) ProtoMessage() {}
 func (*TokenRequest) Descriptor() ([]byte, []int) {
-	return fileDescriptor_2953ea822e7ffe1e, []int{2}
+	return fileDescriptor_2953ea822e7ffe1e, []int{4}
 }
 func (m *TokenRequest) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -133,7 +189,7 @@ var xxx_messageInfo_TokenRequest proto.InternalMessageInfo
 func (m *TokenRequestSpec) Reset()      { *m = TokenRequestSpec{} }
 func (*TokenRequestSpec) ProtoMessage() {}
 func (*TokenRequestSpec) Descriptor() ([]byte, []int) {
-	return fileDescriptor_2953ea822e7ffe1e, []int{3}
+	return fileDescriptor_2953ea822e7ffe1e, []int{5}
 }
 func (m *TokenRequestSpec) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -161,7 +217,7 @@ var xxx_messageInfo_TokenRequestSpec proto.InternalMessageInfo
 func (m *TokenRequestStatus) Reset()      { *m = TokenRequestStatus{} }
 func (*TokenRequestStatus) ProtoMessage() {}
 func (*TokenRequestStatus) Descriptor() ([]byte, []int) {
-	return fileDescriptor_2953ea822e7ffe1e, []int{4}
+	return fileDescriptor_2953ea822e7ffe1e, []int{6}
 }
 func (m *TokenRequestStatus) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -189,7 +245,7 @@ var xxx_messageInfo_TokenRequestStatus proto.InternalMessageInfo
 func (m *TokenReview) Reset()      { *m = TokenReview{} }
 func (*TokenReview) ProtoMessage() {}
 func (*TokenReview) Descriptor() ([]byte, []int) {
-	return fileDescriptor_2953ea822e7ffe1e, []int{5}
+	return fileDescriptor_2953ea822e7ffe1e, []int{7}
 }
 func (m *TokenReview) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -217,7 +273,7 @@ var xxx_messageInfo_TokenReview proto.InternalMessageInfo
 func (m *TokenReviewSpec) Reset()      { *m = TokenReviewSpec{} }
 func (*TokenReviewSpec) ProtoMessage() {}
 func (*TokenReviewSpec) Descriptor() ([]byte, []int) {
-	return fileDescriptor_2953ea822e7ffe1e, []int{6}
+	return fileDescriptor_2953ea822e7ffe1e, []int{8}
 }
 func (m *TokenReviewSpec) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -245,7 +301,7 @@ var xxx_messageInfo_TokenReviewSpec proto.InternalMessageInfo
 func (m *TokenReviewStatus) Reset()      { *m = TokenReviewStatus{} }
 func (*TokenReviewStatus) ProtoMessage() {}
 func (*TokenReviewStatus) Descriptor() ([]byte, []int) {
-	return fileDescriptor_2953ea822e7ffe1e, []int{7}
+	return fileDescriptor_2953ea822e7ffe1e, []int{9}
 }
 func (m *TokenReviewStatus) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -273,7 +329,7 @@ var xxx_messageInfo_TokenReviewStatus proto.InternalMessageInfo
 func (m *UserInfo) Reset()      { *m = UserInfo{} }
 func (*UserInfo) ProtoMessage() {}
 func (*UserInfo) Descriptor() ([]byte, []int) {
-	return fileDescriptor_2953ea822e7ffe1e, []int{8}
+	return fileDescriptor_2953ea822e7ffe1e, []int{10}
 }
 func (m *UserInfo) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -301,6 +357,8 @@ var xxx_messageInfo_UserInfo proto.InternalMessageInfo
 func init() {
 	proto.RegisterType((*BoundObjectReference)(nil), "k8s.io.api.authentication.v1.BoundObjectReference")
 	proto.RegisterType((*ExtraValue)(nil), "k8s.io.api.authentication.v1.ExtraValue")
+	proto.RegisterType((*SelfSubjectReview)(nil), "k8s.io.api.authentication.v1.SelfSubjectReview")
+	proto.RegisterType((*SelfSubjectReviewStatus)(nil), "k8s.io.api.authentication.v1.SelfSubjectReviewStatus")
 	proto.RegisterType((*TokenRequest)(nil), "k8s.io.api.authentication.v1.TokenRequest")
 	proto.RegisterType((*TokenRequestSpec)(nil), "k8s.io.api.authentication.v1.TokenRequestSpec")
 	proto.RegisterType((*TokenRequestStatus)(nil), "k8s.io.api.authentication.v1.TokenRequestStatus")
@@ -316,64 +374,67 @@ func init() {
 }
 
 var fileDescriptor_2953ea822e7ffe1e = []byte{
-	// 907 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xbc, 0x56, 0xcf, 0x6f, 0xe3, 0x44,
-	0x14, 0x8e, 0xf3, 0xa3, 0x4a, 0x26, 0xdb, 0xd2, 0xce, 0xb2, 0x52, 0x54, 0x96, 0xa4, 0x78, 0x25,
-	0x54, 0x01, 0x6b, 0x6f, 0x23, 0x04, 0xab, 0x45, 0x42, 0xaa, 0x69, 0x04, 0x11, 0x82, 0x5d, 0xcd,
-	0x6e, 0x0b, 0xe2, 0xc4, 0xc4, 0x7e, 0x4d, 0x87, 0xe0, 0xb1, 0xb1, 0xc7, 0x61, 0x73, 0xdb, 0x3f,
-	0x81, 0x23, 0x48, 0x1c, 0xf8, 0x23, 0x90, 0xf8, 0x17, 0x7a, 0x5c, 0x71, 0xea, 0x01, 0x45, 0xd4,
-	0x5c, 0x39, 0x72, 0xe2, 0x84, 0x66, 0x3c, 0xad, 0xe3, 0xa4, 0x4d, 0x73, 0xe2, 0x96, 0x79, 0xef,
-	0x7b, 0xdf, 0xbc, 0xf7, 0xcd, 0xe7, 0x99, 0xa0, 0xde, 0xe8, 0x61, 0x6c, 0xb1, 0xc0, 0x1e, 0x25,
-	0x03, 0x88, 0x38, 0x08, 0x88, 0xed, 0x31, 0x70, 0x2f, 0x88, 0x6c, 0x9d, 0xa0, 0x21, 0xb3, 0x69,
-	0x22, 0x4e, 0x80, 0x0b, 0xe6, 0x52, 0xc1, 0x02, 0x6e, 0x8f, 0xf7, 0xec, 0x21, 0x70, 0x88, 0xa8,
-	0x00, 0xcf, 0x0a, 0xa3, 0x40, 0x04, 0xf8, 0x6e, 0x86, 0xb6, 0x68, 0xc8, 0xac, 0x22, 0xda, 0x1a,
-	0xef, 0x6d, 0xdf, 0x1f, 0x32, 0x71, 0x92, 0x0c, 0x2c, 0x37, 0xf0, 0xed, 0x61, 0x30, 0x0c, 0x6c,
-	0x55, 0x34, 0x48, 0x8e, 0xd5, 0x4a, 0x2d, 0xd4, 0xaf, 0x8c, 0x6c, 0xfb, 0xdd, 0x7c, 0x6b, 0x9f,
-	0xba, 0x27, 0x8c, 0x43, 0x34, 0xb1, 0xc3, 0xd1, 0x50, 0x06, 0x62, 0xdb, 0x07, 0x41, 0xaf, 0x68,
-	0x61, 0xdb, 0xbe, 0xae, 0x2a, 0x4a, 0xb8, 0x60, 0x3e, 0x2c, 0x14, 0xbc, 0x77, 0x53, 0x41, 0xec,
-	0x9e, 0x80, 0x4f, 0xe7, 0xeb, 0xcc, 0xdf, 0x0d, 0xf4, 0xaa, 0x13, 0x24, 0xdc, 0x7b, 0x3c, 0xf8,
-	0x06, 0x5c, 0x41, 0xe0, 0x18, 0x22, 0xe0, 0x2e, 0xe0, 0x1d, 0x54, 0x1d, 0x31, 0xee, 0xb5, 0x8c,
-	0x1d, 0x63, 0xb7, 0xe1, 0xdc, 0x3a, 0x9d, 0x76, 0x4a, 0xe9, 0xb4, 0x53, 0xfd, 0x94, 0x71, 0x8f,
-	0xa8, 0x0c, 0xee, 0x22, 0x44, 0x43, 0x76, 0x04, 0x51, 0xcc, 0x02, 0xde, 0x2a, 0x2b, 0x1c, 0xd6,
-	0x38, 0xb4, 0xff, 0xa4, 0xaf, 0x33, 0x64, 0x06, 0x25, 0x59, 0x39, 0xf5, 0xa1, 0x55, 0x29, 0xb2,
-	0x7e, 0x4e, 0x7d, 0x20, 0x2a, 0x83, 0x1d, 0x54, 0x49, 0xfa, 0x07, 0xad, 0xaa, 0x02, 0x3c, 0xd0,
-	0x80, 0xca, 0x61, 0xff, 0xe0, 0xdf, 0x69, 0xe7, 0x8d, 0xeb, 0x86, 0x14, 0x93, 0x10, 0x62, 0xeb,
-	0xb0, 0x7f, 0x40, 0x64, 0xb1, 0xf9, 0x3e, 0x42, 0xbd, 0xe7, 0x22, 0xa2, 0x47, 0xf4, 0xdb, 0x04,
-	0x70, 0x07, 0xd5, 0x98, 0x00, 0x3f, 0x6e, 0x19, 0x3b, 0x95, 0xdd, 0x86, 0xd3, 0x48, 0xa7, 0x9d,
-	0x5a, 0x5f, 0x06, 0x48, 0x16, 0x7f, 0x54, 0xff, 0xf1, 0x97, 0x4e, 0xe9, 0xc5, 0x1f, 0x3b, 0x25,
-	0xf3, 0xe7, 0x32, 0xba, 0xf5, 0x2c, 0x18, 0x01, 0x27, 0xf0, 0x5d, 0x02, 0xb1, 0xc0, 0x5f, 0xa3,
-	0xba, 0x3c, 0x22, 0x8f, 0x0a, 0xaa, 0x94, 0x68, 0x76, 0x1f, 0x58, 0xb9, 0x3b, 0x2e, 0x9b, 0xb0,
-	0xc2, 0xd1, 0x50, 0x06, 0x62, 0x4b, 0xa2, 0xad, 0xf1, 0x9e, 0x95, 0xc9, 0xf9, 0x19, 0x08, 0x9a,
-	0x6b, 0x92, 0xc7, 0xc8, 0x25, 0x2b, 0x7e, 0x82, 0xaa, 0x71, 0x08, 0xae, 0xd2, 0xaf, 0xd9, 0xb5,
-	0xac, 0x65, 0xde, 0xb3, 0x66, 0x7b, 0x7b, 0x1a, 0x82, 0x9b, 0x2b, 0x28, 0x57, 0x44, 0x31, 0xe1,
-	0x2f, 0xd1, 0x5a, 0x2c, 0xa8, 0x48, 0x62, 0xa5, 0x72, 0xb1, 0xe3, 0x9b, 0x38, 0x55, 0x9d, 0xb3,
-	0xa1, 0x59, 0xd7, 0xb2, 0x35, 0xd1, 0x7c, 0xe6, 0x3f, 0x06, 0xda, 0x9c, 0x6f, 0x01, 0xbf, 0x8d,
-	0x1a, 0x34, 0xf1, 0x98, 0x34, 0xcd, 0x85, 0xc4, 0xeb, 0xe9, 0xb4, 0xd3, 0xd8, 0xbf, 0x08, 0x92,
-	0x3c, 0x8f, 0x3f, 0x42, 0x5b, 0xf0, 0x3c, 0x64, 0x91, 0xda, 0xfd, 0x29, 0xb8, 0x01, 0xf7, 0x62,
-	0x75, 0xd6, 0x15, 0xe7, 0x4e, 0x3a, 0xed, 0x6c, 0xf5, 0xe6, 0x93, 0x64, 0x11, 0x8f, 0x39, 0xda,
-	0x18, 0x14, 0x2c, 0xab, 0x07, 0xed, 0x2e, 0x1f, 0xf4, 0x2a, 0x9b, 0x3b, 0x38, 0x9d, 0x76, 0x36,
-	0x8a, 0x19, 0x32, 0xc7, 0x6e, 0xfe, 0x6a, 0x20, 0xbc, 0xa8, 0x12, 0xbe, 0x87, 0x6a, 0x42, 0x46,
-	0xf5, 0x27, 0xb2, 0xae, 0x45, 0xab, 0x65, 0xd0, 0x2c, 0x87, 0x27, 0xe8, 0x76, 0x3e, 0xc0, 0x33,
-	0xe6, 0x43, 0x2c, 0xa8, 0x1f, 0xea, 0xd3, 0x7e, 0x6b, 0x35, 0x2f, 0xc9, 0x32, 0xe7, 0x35, 0x4d,
-	0x7f, 0xbb, 0xb7, 0x48, 0x47, 0xae, 0xda, 0xc3, 0xfc, 0xa9, 0x8c, 0x9a, 0xba, 0xed, 0x31, 0x83,
-	0xef, 0xff, 0x07, 0x2f, 0x3f, 0x2e, 0x78, 0xf9, 0xfe, 0x4a, 0xbe, 0x93, 0xad, 0x5d, 0x6b, 0xe5,
-	0x2f, 0xe6, 0xac, 0x6c, 0xaf, 0x4e, 0xb9, 0xdc, 0xc9, 0x2e, 0x7a, 0x65, 0x6e, 0xff, 0xd5, 0x8e,
-	0xb3, 0x60, 0xf6, 0xf2, 0x72, 0xb3, 0x9b, 0x7f, 0x1b, 0x68, 0x6b, 0xa1, 0x25, 0xfc, 0x01, 0x5a,
-	0x9f, 0xe9, 0x1c, 0xb2, 0x1b, 0xb6, 0xee, 0xdc, 0xd1, 0xfb, 0xad, 0xef, 0xcf, 0x26, 0x49, 0x11,
-	0x8b, 0x3f, 0x41, 0xd5, 0x24, 0x86, 0x48, 0x2b, 0xfc, 0xe6, 0x72, 0x39, 0x0e, 0x63, 0x88, 0xfa,
-	0xfc, 0x38, 0xc8, 0xa5, 0x95, 0x11, 0xa2, 0x18, 0x8a, 0x93, 0x54, 0x6f, 0xf8, 0x6c, 0xef, 0xa1,
-	0x1a, 0x44, 0x51, 0x10, 0xe9, 0x7b, 0xfb, 0x52, 0x9b, 0x9e, 0x0c, 0x92, 0x2c, 0x67, 0xfe, 0x56,
-	0x46, 0xf5, 0x8b, 0x2d, 0xf1, 0x3b, 0xa8, 0x2e, 0xb7, 0x51, 0x97, 0x7d, 0x26, 0xe8, 0xa6, 0x2e,
-	0x52, 0x18, 0x19, 0x27, 0x97, 0x08, 0xfc, 0x3a, 0xaa, 0x24, 0xcc, 0xd3, 0x6f, 0x48, 0x73, 0xe6,
-	0xd2, 0x27, 0x32, 0x8e, 0x4d, 0xb4, 0x36, 0x8c, 0x82, 0x24, 0x94, 0x36, 0x90, 0x8d, 0x22, 0x79,
-	0xa2, 0x1f, 0xab, 0x08, 0xd1, 0x19, 0x7c, 0x84, 0x6a, 0x20, 0xef, 0x7c, 0x35, 0x4b, 0xb3, 0xbb,
-	0xb7, 0x9a, 0x34, 0x96, 0x7a, 0x27, 0x7a, 0x5c, 0x44, 0x93, 0x99, 0xa9, 0x64, 0x8c, 0x64, 0x74,
-	0xdb, 0x03, 0xfd, 0x96, 0x28, 0x0c, 0xde, 0x44, 0x95, 0x11, 0x4c, 0xb2, 0x89, 0x88, 0xfc, 0x89,
-	0x3f, 0x44, 0xb5, 0xb1, 0x7c, 0x66, 0xf4, 0x91, 0xec, 0x2e, 0xdf, 0x37, 0x7f, 0x96, 0x48, 0x56,
-	0xf6, 0xa8, 0xfc, 0xd0, 0x70, 0x9c, 0xd3, 0xf3, 0x76, 0xe9, 0xe5, 0x79, 0xbb, 0x74, 0x76, 0xde,
-	0x2e, 0xbd, 0x48, 0xdb, 0xc6, 0x69, 0xda, 0x36, 0x5e, 0xa6, 0x6d, 0xe3, 0x2c, 0x6d, 0x1b, 0x7f,
-	0xa6, 0x6d, 0xe3, 0x87, 0xbf, 0xda, 0xa5, 0xaf, 0xee, 0x2e, 0xfb, 0x13, 0xf3, 0x5f, 0x00, 0x00,
-	0x00, 0xff, 0xff, 0x12, 0xb8, 0x31, 0x91, 0xfc, 0x08, 0x00, 0x00,
+	// 958 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xbc, 0x56, 0x4b, 0x6f, 0x23, 0x45,
+	0x10, 0xf6, 0xf8, 0x11, 0xd9, 0xe5, 0x4d, 0x48, 0x7a, 0x59, 0x61, 0x85, 0xc5, 0x0e, 0xb3, 0x12,
+	0x8a, 0x80, 0x9d, 0xd9, 0x58, 0x3c, 0x56, 0x8b, 0x84, 0x94, 0x21, 0x16, 0x58, 0x08, 0x76, 0xd5,
+	0x4e, 0x02, 0x42, 0x42, 0xa2, 0x3d, 0xae, 0x38, 0x83, 0x77, 0x1e, 0xcc, 0xf4, 0x98, 0xf5, 0x6d,
+	0x7f, 0x02, 0x47, 0x90, 0x38, 0xf0, 0x23, 0x90, 0xf8, 0x0b, 0x39, 0xae, 0x10, 0x87, 0x3d, 0x20,
+	0x8b, 0x0c, 0x57, 0x8e, 0x9c, 0x38, 0xa1, 0xee, 0xe9, 0xf8, 0x99, 0x4c, 0x7c, 0xda, 0x9b, 0xa7,
+	0x1e, 0x5f, 0x55, 0x7d, 0x55, 0x5d, 0x65, 0x68, 0x0d, 0xee, 0x47, 0x86, 0xe3, 0x9b, 0x83, 0xb8,
+	0x8b, 0xa1, 0x87, 0x1c, 0x23, 0x73, 0x88, 0x5e, 0xcf, 0x0f, 0x4d, 0xa5, 0x60, 0x81, 0x63, 0xb2,
+	0x98, 0x9f, 0xa2, 0xc7, 0x1d, 0x9b, 0x71, 0xc7, 0xf7, 0xcc, 0xe1, 0x9e, 0xd9, 0x47, 0x0f, 0x43,
+	0xc6, 0xb1, 0x67, 0x04, 0xa1, 0xcf, 0x7d, 0x72, 0x3b, 0xb5, 0x36, 0x58, 0xe0, 0x18, 0xf3, 0xd6,
+	0xc6, 0x70, 0x6f, 0xfb, 0x6e, 0xdf, 0xe1, 0xa7, 0x71, 0xd7, 0xb0, 0x7d, 0xd7, 0xec, 0xfb, 0x7d,
+	0xdf, 0x94, 0x4e, 0xdd, 0xf8, 0x44, 0x7e, 0xc9, 0x0f, 0xf9, 0x2b, 0x05, 0xdb, 0x7e, 0x67, 0x1a,
+	0xda, 0x65, 0xf6, 0xa9, 0xe3, 0x61, 0x38, 0x32, 0x83, 0x41, 0x5f, 0x08, 0x22, 0xd3, 0x45, 0xce,
+	0x2e, 0x49, 0x61, 0xdb, 0xbc, 0xca, 0x2b, 0x8c, 0x3d, 0xee, 0xb8, 0xb8, 0xe4, 0xf0, 0xde, 0x75,
+	0x0e, 0x91, 0x7d, 0x8a, 0x2e, 0x5b, 0xf4, 0xd3, 0x7f, 0xd7, 0xe0, 0x65, 0xcb, 0x8f, 0xbd, 0xde,
+	0xc3, 0xee, 0xb7, 0x68, 0x73, 0x8a, 0x27, 0x18, 0xa2, 0x67, 0x23, 0xd9, 0x81, 0xe2, 0xc0, 0xf1,
+	0x7a, 0x35, 0x6d, 0x47, 0xdb, 0xad, 0x58, 0x37, 0xce, 0xc6, 0x8d, 0x5c, 0x32, 0x6e, 0x14, 0x3f,
+	0x75, 0xbc, 0x1e, 0x95, 0x1a, 0xd2, 0x04, 0x60, 0x81, 0x73, 0x8c, 0x61, 0xe4, 0xf8, 0x5e, 0x2d,
+	0x2f, 0xed, 0x88, 0xb2, 0x83, 0xfd, 0x47, 0x6d, 0xa5, 0xa1, 0x33, 0x56, 0x02, 0xd5, 0x63, 0x2e,
+	0xd6, 0x0a, 0xf3, 0xa8, 0x9f, 0x33, 0x17, 0xa9, 0xd4, 0x10, 0x0b, 0x0a, 0x71, 0xfb, 0xa0, 0x56,
+	0x94, 0x06, 0xf7, 0x94, 0x41, 0xe1, 0xa8, 0x7d, 0xf0, 0xdf, 0xb8, 0xf1, 0xfa, 0x55, 0x45, 0xf2,
+	0x51, 0x80, 0x91, 0x71, 0xd4, 0x3e, 0xa0, 0xc2, 0x59, 0x7f, 0x1f, 0xa0, 0xf5, 0x84, 0x87, 0xec,
+	0x98, 0x3d, 0x8e, 0x91, 0x34, 0xa0, 0xe4, 0x70, 0x74, 0xa3, 0x9a, 0xb6, 0x53, 0xd8, 0xad, 0x58,
+	0x95, 0x64, 0xdc, 0x28, 0xb5, 0x85, 0x80, 0xa6, 0xf2, 0x07, 0xe5, 0x1f, 0x7f, 0x69, 0xe4, 0x9e,
+	0xfe, 0xb9, 0x93, 0xd3, 0xff, 0xd0, 0x60, 0xab, 0x83, 0x8f, 0x4f, 0x3a, 0xb1, 0x62, 0x63, 0xe8,
+	0xe0, 0xf7, 0xe4, 0x1b, 0x28, 0x8b, 0x3e, 0xf5, 0x18, 0x67, 0x92, 0x8e, 0x6a, 0xf3, 0x9e, 0x31,
+	0x1d, 0x91, 0x49, 0x26, 0x46, 0x30, 0xe8, 0x0b, 0x41, 0x64, 0x08, 0x6b, 0x63, 0xb8, 0x67, 0xa4,
+	0x9c, 0x7e, 0x86, 0x9c, 0x4d, 0x89, 0x99, 0xca, 0xe8, 0x04, 0x95, 0x7c, 0x0d, 0x6b, 0x11, 0x67,
+	0x3c, 0x8e, 0x24, 0x8d, 0xd5, 0xe6, 0xbb, 0x46, 0xd6, 0x08, 0x1a, 0x4b, 0x29, 0x76, 0xa4, 0xb3,
+	0xb5, 0xa1, 0x82, 0xac, 0xa5, 0xdf, 0x54, 0x81, 0xea, 0x3e, 0xbc, 0x72, 0x85, 0x0b, 0x39, 0x84,
+	0x72, 0x1c, 0x61, 0xd8, 0xf6, 0x4e, 0x7c, 0x55, 0xdb, 0x1b, 0xd9, 0xb1, 0x8f, 0x94, 0xb5, 0xb5,
+	0xa9, 0x82, 0x95, 0x2f, 0x24, 0x74, 0x82, 0xa4, 0xff, 0x9c, 0x87, 0x1b, 0x87, 0xfe, 0x00, 0x3d,
+	0x8a, 0xdf, 0xc5, 0x18, 0xf1, 0x17, 0x40, 0xe1, 0x23, 0x28, 0x46, 0x01, 0xda, 0x8a, 0x40, 0x23,
+	0xbb, 0x88, 0xd9, 0xdc, 0x3a, 0x01, 0xda, 0xd3, 0x49, 0x14, 0x5f, 0x54, 0x22, 0x91, 0x2f, 0x27,
+	0x4d, 0x29, 0x2c, 0x65, 0x7c, 0x1d, 0x66, 0x76, 0x3f, 0xfe, 0xd5, 0x60, 0x73, 0x31, 0x05, 0xf2,
+	0x16, 0x54, 0x58, 0xdc, 0x73, 0xc4, 0xe3, 0xbb, 0x18, 0xd5, 0xf5, 0x64, 0xdc, 0xa8, 0xec, 0x5f,
+	0x08, 0xe9, 0x54, 0x4f, 0x3e, 0x82, 0x2d, 0x7c, 0x12, 0x38, 0xa1, 0x8c, 0xde, 0x41, 0xdb, 0xf7,
+	0x7a, 0x91, 0x7c, 0x33, 0x05, 0xeb, 0x56, 0x32, 0x6e, 0x6c, 0xb5, 0x16, 0x95, 0x74, 0xd9, 0x9e,
+	0x78, 0xb0, 0xd1, 0x9d, 0x7b, 0xfa, 0xaa, 0xd0, 0x66, 0x76, 0xa1, 0x97, 0xad, 0x0b, 0x8b, 0x24,
+	0xe3, 0xc6, 0xc6, 0xbc, 0x86, 0x2e, 0xa0, 0xeb, 0xbf, 0x6a, 0x40, 0x96, 0x59, 0x22, 0x77, 0xa0,
+	0xc4, 0x85, 0x54, 0xad, 0x9a, 0x75, 0x45, 0x5a, 0x29, 0x35, 0x4d, 0x75, 0x64, 0x04, 0x37, 0xa7,
+	0x05, 0x1c, 0x3a, 0x2e, 0x46, 0x9c, 0xb9, 0x81, 0xea, 0xf6, 0x9b, 0xab, 0xcd, 0x92, 0x70, 0xb3,
+	0x5e, 0x55, 0xf0, 0x37, 0x5b, 0xcb, 0x70, 0xf4, 0xb2, 0x18, 0xfa, 0x4f, 0x79, 0xa8, 0xaa, 0xb4,
+	0x5f, 0xd0, 0x3a, 0x78, 0x38, 0x37, 0xcb, 0x77, 0x57, 0x9a, 0x3b, 0xf9, 0xa6, 0xaf, 0x1a, 0xe5,
+	0x2f, 0x16, 0x46, 0xd9, 0x5c, 0x1d, 0x32, 0x7b, 0x92, 0x6d, 0x78, 0x69, 0x21, 0xfe, 0x6a, 0xed,
+	0x9c, 0x1b, 0xf6, 0x7c, 0xf6, 0xb0, 0xeb, 0xff, 0x68, 0xb0, 0xb5, 0x94, 0x12, 0xf9, 0x00, 0xd6,
+	0x67, 0x32, 0xc7, 0xf4, 0x52, 0x95, 0xad, 0x5b, 0x2a, 0xde, 0xfa, 0xfe, 0xac, 0x92, 0xce, 0xdb,
+	0x92, 0x4f, 0xa0, 0x28, 0x96, 0x95, 0x62, 0x78, 0xd5, 0x95, 0x37, 0xa1, 0x56, 0x48, 0xa8, 0x44,
+	0x98, 0xaf, 0xa4, 0x78, 0xcd, 0xb3, 0xbd, 0x03, 0x25, 0x0c, 0x43, 0x3f, 0x54, 0xf7, 0x6f, 0xc2,
+	0x4d, 0x4b, 0x08, 0x69, 0xaa, 0xd3, 0x7f, 0xcb, 0xc3, 0x64, 0xa7, 0x92, 0xb7, 0xd3, 0xfd, 0x2c,
+	0x8f, 0x66, 0x4a, 0xe8, 0xdc, 0xde, 0x15, 0x72, 0x3a, 0xb1, 0x20, 0xaf, 0x41, 0x21, 0x76, 0x7a,
+	0xea, 0x16, 0x57, 0x67, 0x8e, 0x27, 0x15, 0x72, 0xa2, 0xc3, 0x5a, 0x3f, 0xf4, 0xe3, 0x40, 0x8c,
+	0x81, 0x48, 0x14, 0x44, 0x47, 0x3f, 0x96, 0x12, 0xaa, 0x34, 0xe4, 0x18, 0x4a, 0x28, 0x6e, 0xa7,
+	0xac, 0xa5, 0xda, 0xdc, 0x5b, 0x8d, 0x1a, 0x43, 0xde, 0xdb, 0x96, 0xc7, 0xc3, 0xd1, 0x4c, 0x55,
+	0x42, 0x46, 0x53, 0xb8, 0xed, 0xae, 0xba, 0xc9, 0xd2, 0x86, 0x6c, 0x42, 0x61, 0x80, 0xa3, 0xb4,
+	0x22, 0x2a, 0x7e, 0x92, 0x0f, 0xa1, 0x34, 0x14, 0xe7, 0x5a, 0xb5, 0x64, 0x37, 0x3b, 0xee, 0xf4,
+	0xbc, 0xd3, 0xd4, 0xed, 0x41, 0xfe, 0xbe, 0x66, 0x59, 0x67, 0xe7, 0xf5, 0xdc, 0xb3, 0xf3, 0x7a,
+	0xee, 0xf9, 0x79, 0x3d, 0xf7, 0x34, 0xa9, 0x6b, 0x67, 0x49, 0x5d, 0x7b, 0x96, 0xd4, 0xb5, 0xe7,
+	0x49, 0x5d, 0xfb, 0x2b, 0xa9, 0x6b, 0x3f, 0xfc, 0x5d, 0xcf, 0x7d, 0x75, 0x3b, 0xeb, 0xcf, 0xe0,
+	0xff, 0x01, 0x00, 0x00, 0xff, 0xff, 0x0d, 0x9a, 0x38, 0x17, 0x44, 0x0a, 0x00, 0x00,
 }
 
 func (m *BoundObjectReference) Marshal() (dAtA []byte, err error) {
@@ -451,6 +512,82 @@ func (m ExtraValue) MarshalToSizedBuffer(dAtA []byte) (int, error) {
 	return len(dAtA) - i, nil
 }
 
+func (m *SelfSubjectReview) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *SelfSubjectReview) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *SelfSubjectReview) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	{
+		size, err := m.Status.MarshalToSizedBuffer(dAtA[:i])
+		if err != nil {
+			return 0, err
+		}
+		i -= size
+		i = encodeVarintGenerated(dAtA, i, uint64(size))
+	}
+	i--
+	dAtA[i] = 0x12
+	{
+		size, err := m.ObjectMeta.MarshalToSizedBuffer(dAtA[:i])
+		if err != nil {
+			return 0, err
+		}
+		i -= size
+		i = encodeVarintGenerated(dAtA, i, uint64(size))
+	}
+	i--
+	dAtA[i] = 0xa
+	return len(dAtA) - i, nil
+}
+
+func (m *SelfSubjectReviewStatus) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *SelfSubjectReviewStatus) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *SelfSubjectReviewStatus) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	{
+		size, err := m.UserInfo.MarshalToSizedBuffer(dAtA[:i])
+		if err != nil {
+			return 0, err
+		}
+		i -= size
+		i = encodeVarintGenerated(dAtA, i, uint64(size))
+	}
+	i--
+	dAtA[i] = 0xa
+	return len(dAtA) - i, nil
+}
+
 func (m *TokenRequest) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
@@ -850,6 +987,30 @@ func (m ExtraValue) Size() (n int) {
 	return n
 }
 
+func (m *SelfSubjectReview) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = m.ObjectMeta.Size()
+	n += 1 + l + sovGenerated(uint64(l))
+	l = m.Status.Size()
+	n += 1 + l + sovGenerated(uint64(l))
+	return n
+}
+
+func (m *SelfSubjectReviewStatus) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = m.UserInfo.Size()
+	n += 1 + l + sovGenerated(uint64(l))
+	return n
+}
+
 func (m *TokenRequest) Size() (n int) {
 	if m == nil {
 		return 0
@@ -999,6 +1160,27 @@ func (this *BoundObjectReference) String() string {
 	}, "")
 	return s
 }
+func (this *SelfSubjectReview) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&SelfSubjectReview{`,
+		`ObjectMeta:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.ObjectMeta), "ObjectMeta", "v1.ObjectMeta", 1), `&`, ``, 1) + `,`,
+		`Status:` + strings.Replace(strings.Replace(this.Status.String(), "SelfSubjectReviewStatus", "SelfSubjectReviewStatus", 1), `&`, ``, 1) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *SelfSubjectReviewStatus) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&SelfSubjectReviewStatus{`,
+		`UserInfo:` + strings.Replace(strings.Replace(this.UserInfo.String(), "UserInfo", "UserInfo", 1), `&`, ``, 1) + `,`,
+		`}`,
+	}, "")
+	return s
+}
 func (this *TokenRequest) String() string {
 	if this == nil {
 		return "nil"
@@ -1361,6 +1543,205 @@ func (m *ExtraValue) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
+func (m *SelfSubjectReview) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowGenerated
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: SelfSubjectReview: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: SelfSubjectReview: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field ObjectMeta", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if err := m.ObjectMeta.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 2:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Status", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if err := m.Status.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipGenerated(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *SelfSubjectReviewStatus) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowGenerated
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: SelfSubjectReviewStatus: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: SelfSubjectReviewStatus: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field UserInfo", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if err := m.UserInfo.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipGenerated(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
 func (m *TokenRequest) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
diff --git a/vendor/k8s.io/api/authentication/v1/generated.proto b/vendor/k8s.io/api/authentication/v1/generated.proto
index f4806a3c6..1632070c8 100644
--- a/vendor/k8s.io/api/authentication/v1/generated.proto
+++ b/vendor/k8s.io/api/authentication/v1/generated.proto
@@ -56,6 +56,26 @@ message ExtraValue {
   repeated string items = 1;
 }
 
+// SelfSubjectReview contains the user information that the kube-apiserver has about the user making this request.
+// When using impersonation, users will receive the user info of the user being impersonated.  If impersonation or
+// request header authentication is used, any extra keys will have their case ignored and returned as lowercase.
+message SelfSubjectReview {
+  // Standard object's metadata.
+  // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+  // +optional
+  optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
+
+  // Status is filled in by the server with the user attributes.
+  optional SelfSubjectReviewStatus status = 2;
+}
+
+// SelfSubjectReviewStatus is filled by the kube-apiserver and sent back to a user.
+message SelfSubjectReviewStatus {
+  // User attributes of the user making this request.
+  // +optional
+  optional UserInfo userInfo = 1;
+}
+
 // TokenRequest requests a token for a given service account.
 message TokenRequest {
   // Standard object's metadata.
diff --git a/vendor/k8s.io/api/authentication/v1/register.go b/vendor/k8s.io/api/authentication/v1/register.go
index c522e4a46..6a32b5926 100644
--- a/vendor/k8s.io/api/authentication/v1/register.go
+++ b/vendor/k8s.io/api/authentication/v1/register.go
@@ -46,6 +46,7 @@ func addKnownTypes(scheme *runtime.Scheme) error {
 	scheme.AddKnownTypes(SchemeGroupVersion,
 		&TokenReview{},
 		&TokenRequest{},
+		&SelfSubjectReview{},
 	)
 	metav1.AddToGroupVersion(scheme, SchemeGroupVersion)
 	return nil
diff --git a/vendor/k8s.io/api/authentication/v1/types.go b/vendor/k8s.io/api/authentication/v1/types.go
index 4e221e58c..b498007c0 100644
--- a/vendor/k8s.io/api/authentication/v1/types.go
+++ b/vendor/k8s.io/api/authentication/v1/types.go
@@ -197,3 +197,28 @@ type BoundObjectReference struct {
 	// +optional
 	UID types.UID `json:"uid,omitempty" protobuf:"bytes,4,opt,name=uID,casttype=k8s.io/apimachinery/pkg/types.UID"`
 }
+
+// +genclient
+// +genclient:nonNamespaced
+// +genclient:onlyVerbs=create
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
+// SelfSubjectReview contains the user information that the kube-apiserver has about the user making this request.
+// When using impersonation, users will receive the user info of the user being impersonated.  If impersonation or
+// request header authentication is used, any extra keys will have their case ignored and returned as lowercase.
+type SelfSubjectReview struct {
+	metav1.TypeMeta `json:",inline"`
+	// Standard object's metadata.
+	// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+	// +optional
+	metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`
+	// Status is filled in by the server with the user attributes.
+	Status SelfSubjectReviewStatus `json:"status,omitempty" protobuf:"bytes,2,opt,name=status"`
+}
+
+// SelfSubjectReviewStatus is filled by the kube-apiserver and sent back to a user.
+type SelfSubjectReviewStatus struct {
+	// User attributes of the user making this request.
+	// +optional
+	UserInfo UserInfo `json:"userInfo,omitempty" protobuf:"bytes,1,opt,name=userInfo"`
+}
diff --git a/vendor/k8s.io/api/authentication/v1/types_swagger_doc_generated.go b/vendor/k8s.io/api/authentication/v1/types_swagger_doc_generated.go
index b1a730b81..ebfd4852c 100644
--- a/vendor/k8s.io/api/authentication/v1/types_swagger_doc_generated.go
+++ b/vendor/k8s.io/api/authentication/v1/types_swagger_doc_generated.go
@@ -39,6 +39,25 @@ func (BoundObjectReference) SwaggerDoc() map[string]string {
 	return map_BoundObjectReference
 }
 
+var map_SelfSubjectReview = map[string]string{
+	"":         "SelfSubjectReview contains the user information that the kube-apiserver has about the user making this request. When using impersonation, users will receive the user info of the user being impersonated.  If impersonation or request header authentication is used, any extra keys will have their case ignored and returned as lowercase.",
+	"metadata": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata",
+	"status":   "Status is filled in by the server with the user attributes.",
+}
+
+func (SelfSubjectReview) SwaggerDoc() map[string]string {
+	return map_SelfSubjectReview
+}
+
+var map_SelfSubjectReviewStatus = map[string]string{
+	"":         "SelfSubjectReviewStatus is filled by the kube-apiserver and sent back to a user.",
+	"userInfo": "User attributes of the user making this request.",
+}
+
+func (SelfSubjectReviewStatus) SwaggerDoc() map[string]string {
+	return map_SelfSubjectReviewStatus
+}
+
 var map_TokenRequest = map[string]string{
 	"":         "TokenRequest requests a token for a given service account.",
 	"metadata": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata",
diff --git a/vendor/k8s.io/api/authentication/v1/zz_generated.deepcopy.go b/vendor/k8s.io/api/authentication/v1/zz_generated.deepcopy.go
index 2af533191..369c89b86 100644
--- a/vendor/k8s.io/api/authentication/v1/zz_generated.deepcopy.go
+++ b/vendor/k8s.io/api/authentication/v1/zz_generated.deepcopy.go
@@ -61,6 +61,50 @@ func (in ExtraValue) DeepCopy() ExtraValue {
 	return *out
 }
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *SelfSubjectReview) DeepCopyInto(out *SelfSubjectReview) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
+	in.Status.DeepCopyInto(&out.Status)
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SelfSubjectReview.
+func (in *SelfSubjectReview) DeepCopy() *SelfSubjectReview {
+	if in == nil {
+		return nil
+	}
+	out := new(SelfSubjectReview)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *SelfSubjectReview) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *SelfSubjectReviewStatus) DeepCopyInto(out *SelfSubjectReviewStatus) {
+	*out = *in
+	in.UserInfo.DeepCopyInto(&out.UserInfo)
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SelfSubjectReviewStatus.
+func (in *SelfSubjectReviewStatus) DeepCopy() *SelfSubjectReviewStatus {
+	if in == nil {
+		return nil
+	}
+	out := new(SelfSubjectReviewStatus)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *TokenRequest) DeepCopyInto(out *TokenRequest) {
 	*out = *in
diff --git a/vendor/k8s.io/api/batch/v1/generated.pb.go b/vendor/k8s.io/api/batch/v1/generated.pb.go
index feafc23c2..59a7482a0 100644
--- a/vendor/k8s.io/api/batch/v1/generated.pb.go
+++ b/vendor/k8s.io/api/batch/v1/generated.pb.go
@@ -495,113 +495,120 @@ func init() {
 }
 
 var fileDescriptor_3b52da57c93de713 = []byte{
-	// 1696 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xcc, 0x58, 0x4f, 0x73, 0xe3, 0x48,
-	0x15, 0x8f, 0xe2, 0xd8, 0xb1, 0xdb, 0xc9, 0xc4, 0xd3, 0xb3, 0x33, 0x63, 0xc2, 0x96, 0x95, 0xd5,
-	0xec, 0x6e, 0x65, 0xa9, 0x45, 0x66, 0xb2, 0x53, 0x2c, 0xff, 0x8b, 0x91, 0x87, 0x59, 0x26, 0x78,
-	0x36, 0xa6, 0x9d, 0x40, 0xd5, 0xb2, 0x50, 0xc8, 0x52, 0xdb, 0xd1, 0x46, 0x56, 0x1b, 0x75, 0x2b,
-	0xb5, 0xb9, 0x50, 0x54, 0xf1, 0x05, 0xe0, 0xc8, 0x17, 0xe0, 0xc8, 0x05, 0xce, 0x70, 0xa3, 0x72,
-	0xdc, 0xe2, 0xb4, 0xc5, 0x41, 0xc5, 0x88, 0x0f, 0xc0, 0x3d, 0x5c, 0xa8, 0x6e, 0xb5, 0xf5, 0xcf,
-	0x52, 0xc8, 0x6c, 0x15, 0x5b, 0xdc, 0xa2, 0xf7, 0x7e, 0xef, 0xd7, 0x4f, 0xfd, 0x9e, 0x7e, 0xef,
-	0xc5, 0xe0, 0x5b, 0x67, 0x5f, 0xa3, 0xba, 0x43, 0xfa, 0x67, 0xc1, 0x04, 0xfb, 0x1e, 0x66, 0x98,
-	0xf6, 0xcf, 0xb1, 0x67, 0x13, 0xbf, 0x2f, 0x1d, 0xe6, 0xc2, 0xe9, 0x4f, 0x4c, 0x66, 0x9d, 0xf6,
-	0xcf, 0x1f, 0xf6, 0x67, 0xd8, 0xc3, 0xbe, 0xc9, 0xb0, 0xad, 0x2f, 0x7c, 0xc2, 0x08, 0xbc, 0x13,
-	0x83, 0x74, 0x73, 0xe1, 0xe8, 0x02, 0xa4, 0x9f, 0x3f, 0xdc, 0xfd, 0xf2, 0xcc, 0x61, 0xa7, 0xc1,
-	0x44, 0xb7, 0xc8, 0xbc, 0x3f, 0x23, 0x33, 0xd2, 0x17, 0xd8, 0x49, 0x30, 0x15, 0x4f, 0xe2, 0x41,
-	0xfc, 0x15, 0x73, 0xec, 0x6a, 0x99, 0x83, 0x2c, 0xe2, 0xe3, 0x92, 0x73, 0x76, 0x1f, 0xa5, 0x98,
-	0xb9, 0x69, 0x9d, 0x3a, 0x1e, 0xf6, 0x2f, 0xfa, 0x8b, 0xb3, 0x19, 0x37, 0xd0, 0xfe, 0x1c, 0x33,
-	0xb3, 0x2c, 0xaa, 0x5f, 0x15, 0xe5, 0x07, 0x1e, 0x73, 0xe6, 0x78, 0x25, 0xe0, 0xab, 0xff, 0x2d,
-	0x80, 0x5a, 0xa7, 0x78, 0x6e, 0x16, 0xe3, 0xb4, 0x7f, 0x2b, 0x60, 0x73, 0xe0, 0x13, 0xef, 0x90,
-	0x4c, 0xe0, 0xcf, 0x41, 0x93, 0xe7, 0x63, 0x9b, 0xcc, 0xec, 0x2a, 0x7b, 0xca, 0x7e, 0xfb, 0xe0,
-	0x2b, 0x7a, 0x7a, 0x4b, 0x09, 0xad, 0xbe, 0x38, 0x9b, 0x71, 0x03, 0xd5, 0x39, 0x5a, 0x3f, 0x7f,
-	0xa8, 0x1f, 0x4d, 0x3e, 0xc2, 0x16, 0x7b, 0x8e, 0x99, 0x69, 0xc0, 0xcb, 0x50, 0x5d, 0x8b, 0x42,
-	0x15, 0xa4, 0x36, 0x94, 0xb0, 0x42, 0x03, 0x6c, 0xd0, 0x05, 0xb6, 0xba, 0xeb, 0x82, 0x7d, 0x4f,
-	0x2f, 0xa9, 0x81, 0x2e, 0xb3, 0x19, 0x2f, 0xb0, 0x65, 0x6c, 0x49, 0xb6, 0x0d, 0xfe, 0x84, 0x44,
-	0x2c, 0x3c, 0x04, 0x0d, 0xca, 0x4c, 0x16, 0xd0, 0x6e, 0x4d, 0xb0, 0x68, 0xd7, 0xb2, 0x08, 0xa4,
-	0x71, 0x4b, 0xf2, 0x34, 0xe2, 0x67, 0x24, 0x19, 0xb4, 0x3f, 0x28, 0xa0, 0x2d, 0x91, 0x43, 0x87,
-	0x32, 0xf8, 0xe1, 0xca, 0x0d, 0xe8, 0x37, 0xbb, 0x01, 0x1e, 0x2d, 0xde, 0xbf, 0x23, 0x4f, 0x6a,
-	0x2e, 0x2d, 0x99, 0xb7, 0x7f, 0x0c, 0xea, 0x0e, 0xc3, 0x73, 0xda, 0x5d, 0xdf, 0xab, 0xed, 0xb7,
-	0x0f, 0x5e, 0xbd, 0x2e, 0x71, 0x63, 0x5b, 0x12, 0xd5, 0x9f, 0xf1, 0x10, 0x14, 0x47, 0x6a, 0x7f,
-	0xdb, 0x48, 0x12, 0xe6, 0x57, 0x02, 0xdf, 0x06, 0x4d, 0x5e, 0x58, 0x3b, 0x70, 0xb1, 0x48, 0xb8,
-	0x95, 0x26, 0x30, 0x96, 0x76, 0x94, 0x20, 0xe0, 0x3e, 0x68, 0xf2, 0x5e, 0xf8, 0x80, 0x78, 0xb8,
-	0xdb, 0x14, 0xe8, 0x2d, 0x8e, 0x3c, 0x96, 0x36, 0x94, 0x78, 0xe1, 0x09, 0xb8, 0x4f, 0x99, 0xe9,
-	0x33, 0xc7, 0x9b, 0x3d, 0xc1, 0xa6, 0xed, 0x3a, 0x1e, 0x1e, 0x63, 0x8b, 0x78, 0x36, 0x15, 0xb5,
-	0xab, 0x19, 0x5f, 0x8c, 0x42, 0xf5, 0xfe, 0xb8, 0x1c, 0x82, 0xaa, 0x62, 0xe1, 0x87, 0xe0, 0xb6,
-	0x45, 0x3c, 0x2b, 0xf0, 0x7d, 0xec, 0x59, 0x17, 0x23, 0xe2, 0x3a, 0xd6, 0x85, 0x28, 0x63, 0xcb,
-	0xd0, 0x65, 0xde, 0xb7, 0x07, 0x45, 0xc0, 0x55, 0x99, 0x11, 0xad, 0x12, 0xc1, 0x37, 0xc0, 0x26,
-	0x0d, 0xe8, 0x02, 0x7b, 0x76, 0x77, 0x63, 0x4f, 0xd9, 0x6f, 0x1a, 0xed, 0x28, 0x54, 0x37, 0xc7,
-	0xb1, 0x09, 0x2d, 0x7d, 0xf0, 0x27, 0xa0, 0xfd, 0x11, 0x99, 0x1c, 0xe3, 0xf9, 0xc2, 0x35, 0x19,
-	0xee, 0xd6, 0x45, 0x9d, 0x5f, 0x2f, 0x2d, 0xc6, 0x61, 0x8a, 0x13, 0xfd, 0x78, 0x47, 0x26, 0xd9,
-	0xce, 0x38, 0x50, 0x96, 0x0d, 0xfe, 0x0c, 0xec, 0xd2, 0xc0, 0xb2, 0x30, 0xa5, 0xd3, 0xc0, 0x3d,
-	0x24, 0x13, 0xfa, 0x7d, 0x87, 0x32, 0xe2, 0x5f, 0x0c, 0x9d, 0xb9, 0xc3, 0xba, 0x8d, 0x3d, 0x65,
-	0xbf, 0x6e, 0xf4, 0xa2, 0x50, 0xdd, 0x1d, 0x57, 0xa2, 0xd0, 0x35, 0x0c, 0x10, 0x81, 0x7b, 0x53,
-	0xd3, 0x71, 0xb1, 0xbd, 0xc2, 0xbd, 0x29, 0xb8, 0x77, 0xa3, 0x50, 0xbd, 0xf7, 0xb4, 0x14, 0x81,
-	0x2a, 0x22, 0xb5, 0x3f, 0xaf, 0x83, 0xed, 0xdc, 0xf7, 0x02, 0x7f, 0x00, 0x1a, 0xa6, 0xc5, 0x9c,
-	0x73, 0xde, 0x54, 0xbc, 0x55, 0x1f, 0x64, 0x6f, 0x87, 0x2b, 0x5d, 0xfa, 0xd5, 0x23, 0x3c, 0xc5,
-	0xbc, 0x08, 0x38, 0xfd, 0xc8, 0x1e, 0x8b, 0x50, 0x24, 0x29, 0xa0, 0x0b, 0x3a, 0xae, 0x49, 0xd9,
-	0xb2, 0x1f, 0x79, 0xb7, 0x89, 0xfa, 0xb4, 0x0f, 0xbe, 0x74, 0xb3, 0x8f, 0x8b, 0x47, 0x18, 0xaf,
-	0x44, 0xa1, 0xda, 0x19, 0x16, 0x78, 0xd0, 0x0a, 0x33, 0xf4, 0x01, 0x14, 0xb6, 0xe4, 0x0a, 0xc5,
-	0x79, 0xf5, 0x97, 0x3e, 0xef, 0x5e, 0x14, 0xaa, 0x70, 0xb8, 0xc2, 0x84, 0x4a, 0xd8, 0xb5, 0x7f,
-	0x29, 0xa0, 0xf6, 0xf9, 0x08, 0xe8, 0x77, 0x72, 0x02, 0xfa, 0x6a, 0x55, 0xd3, 0x56, 0x8a, 0xe7,
-	0xd3, 0x82, 0x78, 0xf6, 0x2a, 0x19, 0xae, 0x17, 0xce, 0xbf, 0xd6, 0xc0, 0xd6, 0x21, 0x99, 0x0c,
-	0x88, 0x67, 0x3b, 0xcc, 0x21, 0x1e, 0x7c, 0x04, 0x36, 0xd8, 0xc5, 0x62, 0x29, 0x42, 0x7b, 0xcb,
-	0xa3, 0x8f, 0x2f, 0x16, 0xf8, 0x2a, 0x54, 0x3b, 0x59, 0x2c, 0xb7, 0x21, 0x81, 0x86, 0xc3, 0x24,
-	0x9d, 0x75, 0x11, 0xf7, 0x28, 0x7f, 0xdc, 0x55, 0xa8, 0x96, 0x8c, 0x58, 0x3d, 0x61, 0xca, 0x27,
-	0x05, 0x67, 0x60, 0x9b, 0x17, 0x67, 0xe4, 0x93, 0x49, 0xdc, 0x65, 0xb5, 0x97, 0xae, 0xfa, 0x5d,
-	0x99, 0xc0, 0xf6, 0x30, 0x4b, 0x84, 0xf2, 0xbc, 0xf0, 0x3c, 0xee, 0xb1, 0x63, 0xdf, 0xf4, 0x68,
-	0xfc, 0x4a, 0x9f, 0xad, 0xa7, 0x77, 0xe5, 0x69, 0xa2, 0xcf, 0xf2, 0x6c, 0xa8, 0xe4, 0x04, 0xf8,
-	0x26, 0x68, 0xf8, 0xd8, 0xa4, 0xc4, 0x13, 0xfd, 0xdc, 0x4a, 0xab, 0x83, 0x84, 0x15, 0x49, 0x2f,
-	0x7c, 0x0b, 0x6c, 0xce, 0x31, 0xa5, 0xe6, 0x0c, 0x0b, 0xc5, 0x69, 0x19, 0x3b, 0x12, 0xb8, 0xf9,
-	0x3c, 0x36, 0xa3, 0xa5, 0x5f, 0xfb, 0xbd, 0x02, 0x36, 0x3f, 0x9f, 0xe9, 0xf7, 0xed, 0xfc, 0xf4,
-	0xeb, 0x56, 0x75, 0x5e, 0xc5, 0xe4, 0xfb, 0x5d, 0x43, 0x24, 0x2a, 0xa6, 0xde, 0x43, 0xd0, 0x5e,
-	0x98, 0xbe, 0xe9, 0xba, 0xd8, 0x75, 0xe8, 0x5c, 0xe4, 0x5a, 0x37, 0x76, 0xb8, 0x2e, 0x8f, 0x52,
-	0x33, 0xca, 0x62, 0x78, 0x88, 0x45, 0xe6, 0x0b, 0x17, 0xf3, 0xcb, 0x8c, 0xdb, 0x4d, 0x86, 0x0c,
-	0x52, 0x33, 0xca, 0x62, 0xe0, 0x11, 0xb8, 0x1b, 0x2b, 0x58, 0x71, 0x02, 0xd6, 0xc4, 0x04, 0xfc,
-	0x42, 0x14, 0xaa, 0x77, 0x1f, 0x97, 0x01, 0x50, 0x79, 0x1c, 0x9c, 0x81, 0xce, 0x82, 0xd8, 0x5c,
-	0x9c, 0x03, 0x1f, 0xcb, 0xe1, 0xd7, 0x16, 0xf7, 0xfc, 0x46, 0xe9, 0x65, 0x8c, 0x0a, 0xe0, 0x58,
-	0x03, 0x8b, 0x56, 0xb4, 0x42, 0x0a, 0x1f, 0x81, 0xad, 0x89, 0x69, 0x9d, 0x91, 0xe9, 0x34, 0x3b,
-	0x1a, 0x3a, 0x51, 0xa8, 0x6e, 0x19, 0x19, 0x3b, 0xca, 0xa1, 0xe0, 0x4f, 0x41, 0x93, 0x62, 0x17,
-	0x5b, 0x8c, 0xf8, 0xb2, 0x97, 0xdf, 0xb9, 0x61, 0xf9, 0xcd, 0x09, 0x76, 0xc7, 0x32, 0x34, 0x5e,
-	0x29, 0x96, 0x4f, 0x28, 0xa1, 0x84, 0xdf, 0x00, 0xb7, 0xe6, 0xa6, 0x17, 0x98, 0x09, 0x52, 0x34,
-	0x71, 0xd3, 0x80, 0x51, 0xa8, 0xde, 0x7a, 0x9e, 0xf3, 0xa0, 0x02, 0x12, 0xfe, 0x10, 0x34, 0xd9,
-	0x72, 0x5e, 0x37, 0x44, 0x6a, 0xa5, 0x13, 0x69, 0x44, 0xec, 0xdc, 0xb8, 0x4e, 0xda, 0x31, 0x99,
-	0xd5, 0x09, 0x0d, 0xdf, 0x70, 0x18, 0x73, 0x65, 0x69, 0x1e, 0x4f, 0x19, 0xf6, 0x9f, 0x3a, 0x9e,
-	0x43, 0x4f, 0xb1, 0x2d, 0x56, 0xa3, 0x7a, 0xbc, 0xe1, 0x1c, 0x1f, 0x0f, 0xcb, 0x20, 0xa8, 0x2a,
-	0x16, 0x0e, 0xc1, 0xad, 0xb4, 0x87, 0x9e, 0x13, 0x1b, 0x77, 0x5b, 0xe2, 0x0b, 0x7c, 0x9d, 0xbf,
-	0xe5, 0x20, 0xe7, 0xb9, 0x5a, 0xb1, 0xa0, 0x42, 0x6c, 0x76, 0xa3, 0x01, 0xd5, 0x1b, 0x8d, 0xf6,
-	0xdb, 0x3a, 0x68, 0xa5, 0xc3, 0xfb, 0x04, 0x00, 0x6b, 0xa9, 0x90, 0x54, 0x0e, 0xf0, 0xd7, 0xaa,
-	0xbe, 0xb6, 0x44, 0x4b, 0xd3, 0xc1, 0x93, 0x98, 0x28, 0xca, 0x10, 0xc1, 0x1f, 0x83, 0x96, 0x58,
-	0xeb, 0x84, 0xd6, 0xad, 0xbf, 0xb4, 0xd6, 0x6d, 0x47, 0xa1, 0xda, 0x1a, 0x2f, 0x09, 0x50, 0xca,
-	0x05, 0xa7, 0xd9, 0x2b, 0xfb, 0x8c, 0xba, 0x0d, 0xf3, 0xd7, 0x2b, 0x8e, 0x28, 0xb0, 0x72, 0xf5,
-	0x94, 0x4b, 0xcd, 0x86, 0x28, 0x70, 0xd5, 0xbe, 0xd2, 0x07, 0x2d, 0xb1, 0x80, 0x61, 0x1b, 0xdb,
-	0xa2, 0x47, 0xeb, 0xc6, 0x6d, 0x09, 0x6d, 0x8d, 0x97, 0x0e, 0x94, 0x62, 0x38, 0x71, 0xbc, 0x59,
-	0xc9, 0xfd, 0x2e, 0x21, 0x8e, 0xf7, 0x30, 0x24, 0xbd, 0xf0, 0x09, 0xe8, 0xc8, 0x94, 0xb0, 0xfd,
-	0xcc, 0xb3, 0xf1, 0xc7, 0x98, 0x8a, 0x4f, 0xb3, 0x65, 0x74, 0x65, 0x44, 0x67, 0x50, 0xf0, 0xa3,
-	0x95, 0x08, 0xf8, 0x6b, 0x05, 0xdc, 0x0f, 0x3c, 0x8b, 0x04, 0x1e, 0xc3, 0xf6, 0x31, 0xf6, 0xe7,
-	0x8e, 0xc7, 0xff, 0x9f, 0x1b, 0x11, 0x9b, 0x8a, 0xce, 0x6d, 0x1f, 0xbc, 0x5d, 0x5a, 0xec, 0x93,
-	0xf2, 0x98, 0xb8, 0xcf, 0x2b, 0x9c, 0xa8, 0xea, 0x24, 0xa8, 0x82, 0xba, 0x8f, 0x4d, 0xfb, 0x42,
-	0xb4, 0x77, 0xdd, 0x68, 0x71, 0xbd, 0x46, 0xdc, 0x80, 0x62, 0xbb, 0xf6, 0x47, 0x05, 0xec, 0x14,
-	0xd6, 0xe7, 0xff, 0xff, 0xfd, 0x48, 0x9b, 0x80, 0x15, 0x7d, 0x85, 0xef, 0x83, 0xba, 0x1f, 0xb8,
-	0x78, 0xf9, 0x29, 0xbd, 0x75, 0x23, 0xad, 0x46, 0x81, 0x8b, 0xd3, 0x49, 0xc6, 0x9f, 0x28, 0x8a,
-	0x69, 0xb4, 0xbf, 0x2b, 0xe0, 0xcd, 0x22, 0xfc, 0xc8, 0xfb, 0xde, 0xc7, 0x0e, 0x1b, 0x10, 0x1b,
-	0x53, 0x84, 0x7f, 0x11, 0x38, 0x3e, 0x9e, 0x63, 0x8f, 0xc1, 0x77, 0xc1, 0xb6, 0x45, 0x3c, 0x66,
-	0xf2, 0x6b, 0x79, 0xdf, 0x9c, 0x2f, 0xd7, 0xab, 0xdb, 0x7c, 0x43, 0x19, 0x64, 0x1d, 0x28, 0x8f,
-	0x83, 0x63, 0xd0, 0x24, 0x0b, 0xfe, 0x8f, 0x3e, 0xf1, 0xe5, 0x6a, 0xf5, 0xee, 0x52, 0x0b, 0x8f,
-	0xa4, 0xfd, 0x2a, 0x54, 0x1f, 0x5c, 0x93, 0xc6, 0x12, 0x86, 0x12, 0x22, 0xa8, 0x81, 0xc6, 0xb9,
-	0xe9, 0x06, 0x98, 0x4f, 0xc0, 0xda, 0x7e, 0xdd, 0x00, 0xbc, 0xc7, 0x7f, 0x24, 0x2c, 0x48, 0x7a,
-	0xb4, 0xbf, 0x94, 0xbe, 0xdc, 0x88, 0xd8, 0xa9, 0xaa, 0x8c, 0x4c, 0xc6, 0xb0, 0xef, 0xc1, 0xf7,
-	0x72, 0x2b, 0xe3, 0x3b, 0x85, 0x95, 0xf1, 0x41, 0xc9, 0xe2, 0x97, 0xa5, 0xf9, 0x5f, 0x6d, 0x91,
-	0xda, 0xe5, 0x3a, 0x78, 0xa5, 0xac, 0x9a, 0xf0, 0xbb, 0xb1, 0x7e, 0x10, 0x4f, 0x66, 0xbc, 0x9f,
-	0xd5, 0x0f, 0xe2, 0x5d, 0x85, 0xea, 0xbd, 0x62, 0x5c, 0xec, 0x41, 0x32, 0x0e, 0x7a, 0xa0, 0x4d,
-	0xd2, 0x1b, 0x96, 0x4d, 0xfa, 0xcd, 0x1b, 0xf5, 0x53, 0x79, 0x83, 0xc4, 0x1b, 0x4c, 0xd6, 0x97,
-	0x3d, 0x00, 0xfe, 0x12, 0xec, 0x90, 0xfc, 0xdd, 0x8b, 0xca, 0xdd, 0xfc, 0xcc, 0xb2, 0xba, 0x19,
-	0xf7, 0xe5, 0x7b, 0xef, 0x14, 0xfc, 0xa8, 0x78, 0x98, 0xf6, 0x27, 0x05, 0x54, 0x29, 0x0b, 0x1c,
-	0x65, 0x55, 0x96, 0x7f, 0x59, 0x2d, 0xe3, 0x20, 0xa7, 0xb0, 0x57, 0xa1, 0xfa, 0x5a, 0xd5, 0x8f,
-	0x5a, 0xbc, 0xec, 0x54, 0x3f, 0x79, 0xf6, 0x24, 0x2b, 0xc3, 0xef, 0x25, 0x32, 0xbc, 0x2e, 0xe8,
-	0xfa, 0xa9, 0x04, 0xdf, 0x8c, 0x4b, 0x86, 0x1b, 0x5f, 0xbf, 0x7c, 0xd1, 0x5b, 0xfb, 0xe4, 0x45,
-	0x6f, 0xed, 0xd3, 0x17, 0xbd, 0xb5, 0x5f, 0x45, 0x3d, 0xe5, 0x32, 0xea, 0x29, 0x9f, 0x44, 0x3d,
-	0xe5, 0xd3, 0xa8, 0xa7, 0xfc, 0x23, 0xea, 0x29, 0xbf, 0xf9, 0x67, 0x6f, 0xed, 0x83, 0x3b, 0x25,
-	0xbf, 0x32, 0xfe, 0x27, 0x00, 0x00, 0xff, 0xff, 0xf2, 0x8e, 0x19, 0x59, 0x94, 0x14, 0x00, 0x00,
+	// 1797 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xcc, 0x58, 0xcd, 0x6f, 0x23, 0x49,
+	0x15, 0x8f, 0x93, 0x38, 0xb1, 0xcb, 0xf9, 0xf0, 0xd4, 0x64, 0x66, 0x4c, 0x58, 0xb9, 0xb3, 0x9e,
+	0xdd, 0x55, 0x16, 0x2d, 0xed, 0x9d, 0xec, 0x88, 0xe5, 0x5b, 0x3b, 0x9d, 0x61, 0x96, 0x09, 0xce,
+	0x8e, 0x29, 0x67, 0x40, 0x5a, 0x16, 0x44, 0xb9, 0xbb, 0xec, 0xf4, 0xa6, 0xdd, 0xd5, 0x74, 0x55,
+	0x47, 0x93, 0x0b, 0x42, 0xe2, 0x0f, 0x80, 0xbf, 0x82, 0x23, 0x17, 0x38, 0xc3, 0x0d, 0xcd, 0x71,
+	0xc5, 0x69, 0xc5, 0xa1, 0xc5, 0x34, 0x7f, 0x00, 0xf7, 0x20, 0x24, 0x54, 0xd5, 0xe5, 0xfe, 0x72,
+	0x77, 0xc8, 0xac, 0xc4, 0x88, 0x5b, 0xfa, 0xbd, 0xdf, 0xfb, 0xd5, 0xc7, 0x7b, 0xf5, 0x7b, 0x2f,
+	0x06, 0xdf, 0x3e, 0xfb, 0x3a, 0xd3, 0x6d, 0xda, 0x3f, 0x0b, 0xc6, 0xc4, 0x77, 0x09, 0x27, 0xac,
+	0x7f, 0x4e, 0x5c, 0x8b, 0xfa, 0x7d, 0xe5, 0xc0, 0x9e, 0xdd, 0x1f, 0x63, 0x6e, 0x9e, 0xf6, 0xcf,
+	0xef, 0xf5, 0xa7, 0xc4, 0x25, 0x3e, 0xe6, 0xc4, 0xd2, 0x3d, 0x9f, 0x72, 0x0a, 0x6f, 0xc6, 0x20,
+	0x1d, 0x7b, 0xb6, 0x2e, 0x41, 0xfa, 0xf9, 0xbd, 0xdd, 0xaf, 0x4e, 0x6d, 0x7e, 0x1a, 0x8c, 0x75,
+	0x93, 0xce, 0xfa, 0x53, 0x3a, 0xa5, 0x7d, 0x89, 0x1d, 0x07, 0x13, 0xf9, 0x25, 0x3f, 0xe4, 0x5f,
+	0x31, 0xc7, 0x6e, 0x2f, 0xb3, 0x90, 0x49, 0x7d, 0x52, 0xb2, 0xce, 0xee, 0xfd, 0x14, 0x33, 0xc3,
+	0xe6, 0xa9, 0xed, 0x12, 0xff, 0xa2, 0xef, 0x9d, 0x4d, 0x85, 0x81, 0xf5, 0x67, 0x84, 0xe3, 0xb2,
+	0xa8, 0x7e, 0x55, 0x94, 0x1f, 0xb8, 0xdc, 0x9e, 0x91, 0x85, 0x80, 0xaf, 0xfd, 0xb7, 0x00, 0x66,
+	0x9e, 0x92, 0x19, 0x2e, 0xc6, 0xf5, 0xfe, 0x55, 0x03, 0xeb, 0x87, 0x3e, 0x75, 0x8f, 0xe8, 0x18,
+	0xfe, 0x1c, 0x34, 0xc4, 0x7e, 0x2c, 0xcc, 0x71, 0xa7, 0xb6, 0x57, 0xdb, 0x6f, 0x1d, 0xbc, 0xab,
+	0xa7, 0xb7, 0x94, 0xd0, 0xea, 0xde, 0xd9, 0x54, 0x18, 0x98, 0x2e, 0xd0, 0xfa, 0xf9, 0x3d, 0xfd,
+	0xc9, 0xf8, 0x53, 0x62, 0xf2, 0x63, 0xc2, 0xb1, 0x01, 0x9f, 0x87, 0xda, 0x52, 0x14, 0x6a, 0x20,
+	0xb5, 0xa1, 0x84, 0x15, 0x1a, 0x60, 0x95, 0x79, 0xc4, 0xec, 0x2c, 0x4b, 0xf6, 0x3d, 0xbd, 0x24,
+	0x07, 0xba, 0xda, 0xcd, 0xc8, 0x23, 0xa6, 0xb1, 0xa1, 0xd8, 0x56, 0xc5, 0x17, 0x92, 0xb1, 0xf0,
+	0x08, 0xac, 0x31, 0x8e, 0x79, 0xc0, 0x3a, 0x2b, 0x92, 0xa5, 0x77, 0x25, 0x8b, 0x44, 0x1a, 0x5b,
+	0x8a, 0x67, 0x2d, 0xfe, 0x46, 0x8a, 0xa1, 0xf7, 0xfb, 0x1a, 0x68, 0x29, 0xe4, 0xc0, 0x66, 0x1c,
+	0x7e, 0xb2, 0x70, 0x03, 0xfa, 0xf5, 0x6e, 0x40, 0x44, 0xcb, 0xf3, 0xb7, 0xd5, 0x4a, 0x8d, 0xb9,
+	0x25, 0x73, 0xfa, 0x07, 0xa0, 0x6e, 0x73, 0x32, 0x63, 0x9d, 0xe5, 0xbd, 0x95, 0xfd, 0xd6, 0xc1,
+	0x6b, 0x57, 0x6d, 0xdc, 0xd8, 0x54, 0x44, 0xf5, 0xc7, 0x22, 0x04, 0xc5, 0x91, 0xbd, 0xbf, 0xae,
+	0x26, 0x1b, 0x16, 0x57, 0x02, 0xdf, 0x01, 0x0d, 0x91, 0x58, 0x2b, 0x70, 0x88, 0xdc, 0x70, 0x33,
+	0xdd, 0xc0, 0x48, 0xd9, 0x51, 0x82, 0x80, 0xfb, 0xa0, 0x21, 0x6a, 0xe1, 0x63, 0xea, 0x92, 0x4e,
+	0x43, 0xa2, 0x37, 0x04, 0xf2, 0x44, 0xd9, 0x50, 0xe2, 0x85, 0x4f, 0xc1, 0x1d, 0xc6, 0xb1, 0xcf,
+	0x6d, 0x77, 0xfa, 0x90, 0x60, 0xcb, 0xb1, 0x5d, 0x32, 0x22, 0x26, 0x75, 0x2d, 0x26, 0x73, 0xb7,
+	0x62, 0x7c, 0x39, 0x0a, 0xb5, 0x3b, 0xa3, 0x72, 0x08, 0xaa, 0x8a, 0x85, 0x9f, 0x80, 0x1b, 0x26,
+	0x75, 0xcd, 0xc0, 0xf7, 0x89, 0x6b, 0x5e, 0x0c, 0xa9, 0x63, 0x9b, 0x17, 0x32, 0x8d, 0x4d, 0x43,
+	0x57, 0xfb, 0xbe, 0x71, 0x58, 0x04, 0x5c, 0x96, 0x19, 0xd1, 0x22, 0x11, 0x7c, 0x13, 0xac, 0xb3,
+	0x80, 0x79, 0xc4, 0xb5, 0x3a, 0xab, 0x7b, 0xb5, 0xfd, 0x86, 0xd1, 0x8a, 0x42, 0x6d, 0x7d, 0x14,
+	0x9b, 0xd0, 0xdc, 0x07, 0x7f, 0x02, 0x5a, 0x9f, 0xd2, 0xf1, 0x09, 0x99, 0x79, 0x0e, 0xe6, 0xa4,
+	0x53, 0x97, 0x79, 0x7e, 0xa3, 0x34, 0x19, 0x47, 0x29, 0x4e, 0xd6, 0xe3, 0x4d, 0xb5, 0xc9, 0x56,
+	0xc6, 0x81, 0xb2, 0x6c, 0xf0, 0x67, 0x60, 0x97, 0x05, 0xa6, 0x49, 0x18, 0x9b, 0x04, 0xce, 0x11,
+	0x1d, 0xb3, 0xef, 0xdb, 0x8c, 0x53, 0xff, 0x62, 0x60, 0xcf, 0x6c, 0xde, 0x59, 0xdb, 0xab, 0xed,
+	0xd7, 0x8d, 0x6e, 0x14, 0x6a, 0xbb, 0xa3, 0x4a, 0x14, 0xba, 0x82, 0x01, 0x22, 0x70, 0x7b, 0x82,
+	0x6d, 0x87, 0x58, 0x0b, 0xdc, 0xeb, 0x92, 0x7b, 0x37, 0x0a, 0xb5, 0xdb, 0x8f, 0x4a, 0x11, 0xa8,
+	0x22, 0xb2, 0xf7, 0xa7, 0x65, 0xb0, 0x99, 0x7b, 0x2f, 0xf0, 0x07, 0x60, 0x0d, 0x9b, 0xdc, 0x3e,
+	0x17, 0x45, 0x25, 0x4a, 0xf5, 0x6e, 0xf6, 0x76, 0x84, 0xd2, 0xa5, 0xaf, 0x1e, 0x91, 0x09, 0x11,
+	0x49, 0x20, 0xe9, 0x23, 0x7b, 0x20, 0x43, 0x91, 0xa2, 0x80, 0x0e, 0x68, 0x3b, 0x98, 0xf1, 0x79,
+	0x3d, 0x8a, 0x6a, 0x93, 0xf9, 0x69, 0x1d, 0x7c, 0xe5, 0x7a, 0x8f, 0x4b, 0x44, 0x18, 0x3b, 0x51,
+	0xa8, 0xb5, 0x07, 0x05, 0x1e, 0xb4, 0xc0, 0x0c, 0x7d, 0x00, 0xa5, 0x2d, 0xb9, 0x42, 0xb9, 0x5e,
+	0xfd, 0xa5, 0xd7, 0xbb, 0x1d, 0x85, 0x1a, 0x1c, 0x2c, 0x30, 0xa1, 0x12, 0xf6, 0xde, 0x3f, 0x6b,
+	0x60, 0xe5, 0xd5, 0x08, 0xe8, 0x77, 0x73, 0x02, 0xfa, 0x5a, 0x55, 0xd1, 0x56, 0x8a, 0xe7, 0xa3,
+	0x82, 0x78, 0x76, 0x2b, 0x19, 0xae, 0x16, 0xce, 0xbf, 0xac, 0x80, 0x8d, 0x23, 0x3a, 0x3e, 0xa4,
+	0xae, 0x65, 0x73, 0x9b, 0xba, 0xf0, 0x3e, 0x58, 0xe5, 0x17, 0xde, 0x5c, 0x84, 0xf6, 0xe6, 0x4b,
+	0x9f, 0x5c, 0x78, 0xe4, 0x32, 0xd4, 0xda, 0x59, 0xac, 0xb0, 0x21, 0x89, 0x86, 0x83, 0x64, 0x3b,
+	0xcb, 0x32, 0xee, 0x7e, 0x7e, 0xb9, 0xcb, 0x50, 0x2b, 0x69, 0xb1, 0x7a, 0xc2, 0x94, 0xdf, 0x14,
+	0x9c, 0x82, 0x4d, 0x91, 0x9c, 0xa1, 0x4f, 0xc7, 0x71, 0x95, 0xad, 0xbc, 0x74, 0xd6, 0x6f, 0xa9,
+	0x0d, 0x6c, 0x0e, 0xb2, 0x44, 0x28, 0xcf, 0x0b, 0xcf, 0xe3, 0x1a, 0x3b, 0xf1, 0xb1, 0xcb, 0xe2,
+	0x23, 0x7d, 0xb1, 0x9a, 0xde, 0x55, 0xab, 0xc9, 0x3a, 0xcb, 0xb3, 0xa1, 0x92, 0x15, 0xe0, 0x5b,
+	0x60, 0xcd, 0x27, 0x98, 0x51, 0x57, 0xd6, 0x73, 0x33, 0xcd, 0x0e, 0x92, 0x56, 0xa4, 0xbc, 0xf0,
+	0x6d, 0xb0, 0x3e, 0x23, 0x8c, 0xe1, 0x29, 0x91, 0x8a, 0xd3, 0x34, 0xb6, 0x15, 0x70, 0xfd, 0x38,
+	0x36, 0xa3, 0xb9, 0xbf, 0xf7, 0xbb, 0x1a, 0x58, 0x7f, 0x35, 0xdd, 0xef, 0x3b, 0xf9, 0xee, 0xd7,
+	0xa9, 0xaa, 0xbc, 0x8a, 0xce, 0xf7, 0x9b, 0x86, 0xdc, 0xa8, 0xec, 0x7a, 0xf7, 0x40, 0xcb, 0xc3,
+	0x3e, 0x76, 0x1c, 0xe2, 0xd8, 0x6c, 0x26, 0xf7, 0x5a, 0x37, 0xb6, 0x85, 0x2e, 0x0f, 0x53, 0x33,
+	0xca, 0x62, 0x44, 0x88, 0x49, 0x67, 0x9e, 0x43, 0xc4, 0x65, 0xc6, 0xe5, 0xa6, 0x42, 0x0e, 0x53,
+	0x33, 0xca, 0x62, 0xe0, 0x13, 0x70, 0x2b, 0x56, 0xb0, 0x62, 0x07, 0x5c, 0x91, 0x1d, 0xf0, 0x4b,
+	0x51, 0xa8, 0xdd, 0x7a, 0x50, 0x06, 0x40, 0xe5, 0x71, 0x70, 0x0a, 0xda, 0x1e, 0xb5, 0x84, 0x38,
+	0x07, 0x3e, 0x51, 0xcd, 0xaf, 0x25, 0xef, 0xf9, 0xcd, 0xd2, 0xcb, 0x18, 0x16, 0xc0, 0xb1, 0x06,
+	0x16, 0xad, 0x68, 0x81, 0x14, 0xde, 0x07, 0x1b, 0x63, 0x6c, 0x9e, 0xd1, 0xc9, 0x24, 0xdb, 0x1a,
+	0xda, 0x51, 0xa8, 0x6d, 0x18, 0x19, 0x3b, 0xca, 0xa1, 0xe0, 0x00, 0xec, 0x64, 0xbf, 0x87, 0xc4,
+	0x7f, 0xec, 0x5a, 0xe4, 0x59, 0x67, 0x43, 0x46, 0x77, 0xa2, 0x50, 0xdb, 0x31, 0x4a, 0xfc, 0xa8,
+	0x34, 0x0a, 0x7e, 0x00, 0xda, 0x33, 0xfc, 0x2c, 0xee, 0x44, 0xd2, 0x42, 0x58, 0x67, 0x53, 0x32,
+	0xc9, 0x53, 0x1c, 0x17, 0x7c, 0x68, 0x01, 0x0d, 0x7f, 0x0a, 0x1a, 0x8c, 0x38, 0xc4, 0xe4, 0xd4,
+	0x57, 0x6f, 0xeb, 0xbd, 0x6b, 0x96, 0x23, 0x1e, 0x13, 0x67, 0xa4, 0x42, 0xe3, 0x11, 0x67, 0xfe,
+	0x85, 0x12, 0x4a, 0xf8, 0x4d, 0xb0, 0x35, 0xc3, 0x6e, 0x80, 0x13, 0xa4, 0x7c, 0x54, 0x0d, 0x03,
+	0x46, 0xa1, 0xb6, 0x75, 0x9c, 0xf3, 0xa0, 0x02, 0x12, 0xfe, 0x10, 0x34, 0xf8, 0x7c, 0x7e, 0x58,
+	0x93, 0x5b, 0x2b, 0xed, 0x90, 0x43, 0x6a, 0xe5, 0xc6, 0x87, 0xe4, 0x79, 0x24, 0xb3, 0x43, 0x42,
+	0x23, 0x26, 0x2e, 0xce, 0x1d, 0x55, 0x2a, 0x0f, 0x26, 0x9c, 0xf8, 0x8f, 0x6c, 0xd7, 0x66, 0xa7,
+	0xc4, 0x92, 0xa3, 0x5a, 0x3d, 0x9e, 0xb8, 0x4e, 0x4e, 0x06, 0x65, 0x10, 0x54, 0x15, 0x0b, 0x07,
+	0x60, 0x2b, 0xad, 0xe9, 0x63, 0x6a, 0x91, 0x4e, 0x53, 0x2a, 0xc2, 0x1b, 0xe2, 0x94, 0x87, 0x39,
+	0xcf, 0xe5, 0x82, 0x05, 0x15, 0x62, 0xb3, 0x13, 0x16, 0xb8, 0x62, 0xc2, 0xb2, 0xc0, 0x8e, 0x47,
+	0x2d, 0x44, 0x3c, 0x07, 0x9b, 0x64, 0x46, 0x5c, 0xae, 0x8a, 0x7d, 0x4b, 0x2e, 0xfd, 0xae, 0xa8,
+	0xa4, 0x61, 0x89, 0xff, 0xb2, 0xc2, 0x8e, 0x4a, 0xd9, 0x7a, 0xff, 0xae, 0x83, 0x66, 0x3a, 0xb2,
+	0x3c, 0x05, 0xc0, 0x9c, 0xf7, 0x05, 0xa6, 0xc6, 0x96, 0xd7, 0xab, 0x34, 0x26, 0xe9, 0x20, 0x69,
+	0xbb, 0x4d, 0x4c, 0x0c, 0x65, 0x88, 0xe0, 0x8f, 0x41, 0x53, 0x0e, 0xb3, 0x52, 0xe1, 0x97, 0x5f,
+	0x5a, 0xe1, 0x37, 0xa3, 0x50, 0x6b, 0x8e, 0xe6, 0x04, 0x28, 0xe5, 0x82, 0x93, 0x6c, 0x62, 0xbe,
+	0x60, 0xb7, 0x82, 0xf9, 0x24, 0xca, 0x25, 0x0a, 0xac, 0xa2, 0x67, 0xa8, 0x51, 0x6e, 0x55, 0x96,
+	0x51, 0xd5, 0x94, 0xd6, 0x07, 0x4d, 0x39, 0x76, 0x12, 0x8b, 0x58, 0xf2, 0x25, 0xd4, 0x8d, 0x1b,
+	0x0a, 0xda, 0x1c, 0xcd, 0x1d, 0x28, 0xc5, 0x08, 0xe2, 0x78, 0x9e, 0x54, 0x53, 0x6d, 0x42, 0x1c,
+	0xbf, 0x62, 0xa4, 0xbc, 0x42, 0x79, 0x39, 0xf1, 0x67, 0xb6, 0x8b, 0xc5, 0x7f, 0x04, 0x52, 0xf0,
+	0x94, 0xf2, 0x9e, 0xa4, 0x66, 0x94, 0xc5, 0xc0, 0x87, 0xa0, 0xad, 0x4e, 0x91, 0x6a, 0xc7, 0xba,
+	0xac, 0x9d, 0x8e, 0x5a, 0xa4, 0x7d, 0x58, 0xf0, 0xa3, 0x85, 0x08, 0xf8, 0x3e, 0xd8, 0x9c, 0xe4,
+	0xe4, 0x07, 0x48, 0x8a, 0x1b, 0xa2, 0xbd, 0xe7, 0xb5, 0x27, 0x8f, 0x83, 0xbf, 0xae, 0x81, 0x3b,
+	0x81, 0x6b, 0xd2, 0xc0, 0xe5, 0xc4, 0x9a, 0x6f, 0x92, 0x58, 0x43, 0x6a, 0x31, 0xf9, 0x16, 0x5b,
+	0x07, 0xef, 0x94, 0x16, 0xd6, 0xd3, 0xf2, 0x98, 0xf8, 0xe5, 0x56, 0x38, 0x51, 0xd5, 0x4a, 0x50,
+	0x03, 0x75, 0x9f, 0x60, 0xeb, 0x42, 0x3e, 0xd8, 0xba, 0xd1, 0x14, 0x1d, 0x11, 0x09, 0x03, 0x8a,
+	0xed, 0xbd, 0x3f, 0xd4, 0xc0, 0x76, 0xe1, 0x1f, 0x94, 0xff, 0xff, 0x09, 0xb4, 0x37, 0x06, 0x0b,
+	0x1d, 0x0c, 0x7e, 0x04, 0xea, 0x7e, 0xe0, 0x90, 0xf9, 0xb3, 0x7d, 0xfb, 0x5a, 0xdd, 0x10, 0x05,
+	0x0e, 0x49, 0x67, 0x05, 0xf1, 0xc5, 0x50, 0x4c, 0xd3, 0xfb, 0x5b, 0x0d, 0xbc, 0x55, 0x84, 0x3f,
+	0x71, 0xbf, 0xf7, 0xcc, 0xe6, 0x87, 0xd4, 0x22, 0x0c, 0x91, 0x5f, 0x04, 0xb6, 0x2f, 0xa5, 0x44,
+	0x14, 0x89, 0x49, 0x5d, 0x8e, 0xc5, 0xb5, 0x7c, 0x84, 0x67, 0xf3, 0x01, 0x56, 0x16, 0xc9, 0x61,
+	0xd6, 0x81, 0xf2, 0x38, 0x38, 0x02, 0x0d, 0xea, 0x11, 0x1f, 0x8b, 0xc6, 0x11, 0x0f, 0xaf, 0xef,
+	0xcf, 0xd5, 0xfd, 0x89, 0xb2, 0x5f, 0x86, 0xda, 0xdd, 0x2b, 0xb6, 0x31, 0x87, 0xa1, 0x84, 0x08,
+	0xf6, 0xc0, 0xda, 0x39, 0x76, 0x02, 0x22, 0x66, 0x8c, 0x95, 0xfd, 0xba, 0x01, 0xc4, 0x7b, 0xfa,
+	0x91, 0xb4, 0x20, 0xe5, 0xe9, 0xfd, 0xb9, 0xf4, 0x70, 0x43, 0x6a, 0xa5, 0x0a, 0x36, 0xc4, 0x9c,
+	0x13, 0xdf, 0x85, 0x1f, 0xe6, 0x86, 0xf2, 0xf7, 0x0a, 0x43, 0xf9, 0xdd, 0x92, 0xd1, 0x3a, 0x4b,
+	0xf3, 0xbf, 0x9a, 0xd3, 0x7b, 0xcf, 0x97, 0xc1, 0x4e, 0x59, 0x36, 0xe1, 0x07, 0xb1, 0x56, 0x51,
+	0x57, 0xed, 0x78, 0x3f, 0xab, 0x55, 0xd4, 0xbd, 0x0c, 0xb5, 0xdb, 0xc5, 0xb8, 0xd8, 0x83, 0x54,
+	0x1c, 0x74, 0x41, 0x8b, 0xa6, 0x37, 0xac, 0x8a, 0xf4, 0x5b, 0xd7, 0xaa, 0xa7, 0xf2, 0x02, 0x89,
+	0x95, 0x2a, 0xeb, 0xcb, 0x2e, 0x00, 0x7f, 0x09, 0xb6, 0x69, 0xfe, 0xee, 0x65, 0xe6, 0xae, 0xbf,
+	0x66, 0x59, 0xde, 0x8c, 0x3b, 0xea, 0xdc, 0xdb, 0x05, 0x3f, 0x2a, 0x2e, 0xd6, 0xfb, 0x63, 0x0d,
+	0x54, 0x29, 0x0b, 0x1c, 0x66, 0x15, 0x5d, 0xbc, 0xac, 0xa6, 0x71, 0x90, 0x53, 0xf3, 0xcb, 0x50,
+	0x7b, 0xbd, 0xea, 0x67, 0x43, 0x91, 0x76, 0xa6, 0x3f, 0x7d, 0xfc, 0x30, 0x2b, 0xf9, 0x1f, 0x26,
+	0x92, 0xbf, 0x2c, 0xe9, 0xfa, 0xa9, 0xdc, 0x5f, 0x8f, 0x4b, 0x85, 0x1b, 0xdf, 0x78, 0xfe, 0xa2,
+	0xbb, 0xf4, 0xd9, 0x8b, 0xee, 0xd2, 0xe7, 0x2f, 0xba, 0x4b, 0xbf, 0x8a, 0xba, 0xb5, 0xe7, 0x51,
+	0xb7, 0xf6, 0x59, 0xd4, 0xad, 0x7d, 0x1e, 0x75, 0x6b, 0x7f, 0x8f, 0xba, 0xb5, 0xdf, 0xfe, 0xa3,
+	0xbb, 0xf4, 0xf1, 0xcd, 0x92, 0xdf, 0x71, 0xff, 0x13, 0x00, 0x00, 0xff, 0xff, 0x43, 0xdf, 0xa6,
+	0x7c, 0xf6, 0x15, 0x00, 0x00,
 }
 
 func (m *CronJob) Marshal() (dAtA []byte, err error) {
@@ -1023,6 +1030,23 @@ func (m *JobSpec) MarshalToSizedBuffer(dAtA []byte) (int, error) {
 	_ = i
 	var l int
 	_ = l
+	if m.PodReplacementPolicy != nil {
+		i -= len(*m.PodReplacementPolicy)
+		copy(dAtA[i:], *m.PodReplacementPolicy)
+		i = encodeVarintGenerated(dAtA, i, uint64(len(*m.PodReplacementPolicy)))
+		i--
+		dAtA[i] = 0x72
+	}
+	if m.MaxFailedIndexes != nil {
+		i = encodeVarintGenerated(dAtA, i, uint64(*m.MaxFailedIndexes))
+		i--
+		dAtA[i] = 0x68
+	}
+	if m.BackoffLimitPerIndex != nil {
+		i = encodeVarintGenerated(dAtA, i, uint64(*m.BackoffLimitPerIndex))
+		i--
+		dAtA[i] = 0x60
+	}
 	if m.PodFailurePolicy != nil {
 		{
 			size, err := m.PodFailurePolicy.MarshalToSizedBuffer(dAtA[:i])
@@ -1132,6 +1156,18 @@ func (m *JobStatus) MarshalToSizedBuffer(dAtA []byte) (int, error) {
 	_ = i
 	var l int
 	_ = l
+	if m.Terminating != nil {
+		i = encodeVarintGenerated(dAtA, i, uint64(*m.Terminating))
+		i--
+		dAtA[i] = 0x58
+	}
+	if m.FailedIndexes != nil {
+		i -= len(*m.FailedIndexes)
+		copy(dAtA[i:], *m.FailedIndexes)
+		i = encodeVarintGenerated(dAtA, i, uint64(len(*m.FailedIndexes)))
+		i--
+		dAtA[i] = 0x52
+	}
 	if m.Ready != nil {
 		i = encodeVarintGenerated(dAtA, i, uint64(*m.Ready))
 		i--
@@ -1645,6 +1681,16 @@ func (m *JobSpec) Size() (n int) {
 		l = m.PodFailurePolicy.Size()
 		n += 1 + l + sovGenerated(uint64(l))
 	}
+	if m.BackoffLimitPerIndex != nil {
+		n += 1 + sovGenerated(uint64(*m.BackoffLimitPerIndex))
+	}
+	if m.MaxFailedIndexes != nil {
+		n += 1 + sovGenerated(uint64(*m.MaxFailedIndexes))
+	}
+	if m.PodReplacementPolicy != nil {
+		l = len(*m.PodReplacementPolicy)
+		n += 1 + l + sovGenerated(uint64(l))
+	}
 	return n
 }
 
@@ -1680,6 +1726,13 @@ func (m *JobStatus) Size() (n int) {
 	if m.Ready != nil {
 		n += 1 + sovGenerated(uint64(*m.Ready))
 	}
+	if m.FailedIndexes != nil {
+		l = len(*m.FailedIndexes)
+		n += 1 + l + sovGenerated(uint64(l))
+	}
+	if m.Terminating != nil {
+		n += 1 + sovGenerated(uint64(*m.Terminating))
+	}
 	return n
 }
 
@@ -1913,6 +1966,9 @@ func (this *JobSpec) String() string {
 		`CompletionMode:` + valueToStringGenerated(this.CompletionMode) + `,`,
 		`Suspend:` + valueToStringGenerated(this.Suspend) + `,`,
 		`PodFailurePolicy:` + strings.Replace(this.PodFailurePolicy.String(), "PodFailurePolicy", "PodFailurePolicy", 1) + `,`,
+		`BackoffLimitPerIndex:` + valueToStringGenerated(this.BackoffLimitPerIndex) + `,`,
+		`MaxFailedIndexes:` + valueToStringGenerated(this.MaxFailedIndexes) + `,`,
+		`PodReplacementPolicy:` + valueToStringGenerated(this.PodReplacementPolicy) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -1936,6 +1992,8 @@ func (this *JobStatus) String() string {
 		`CompletedIndexes:` + fmt.Sprintf("%v", this.CompletedIndexes) + `,`,
 		`UncountedTerminatedPods:` + strings.Replace(this.UncountedTerminatedPods.String(), "UncountedTerminatedPods", "UncountedTerminatedPods", 1) + `,`,
 		`Ready:` + valueToStringGenerated(this.Ready) + `,`,
+		`FailedIndexes:` + valueToStringGenerated(this.FailedIndexes) + `,`,
+		`Terminating:` + valueToStringGenerated(this.Terminating) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -3527,6 +3585,79 @@ func (m *JobSpec) Unmarshal(dAtA []byte) error {
 				return err
 			}
 			iNdEx = postIndex
+		case 12:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field BackoffLimitPerIndex", wireType)
+			}
+			var v int32
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				v |= int32(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			m.BackoffLimitPerIndex = &v
+		case 13:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field MaxFailedIndexes", wireType)
+			}
+			var v int32
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				v |= int32(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			m.MaxFailedIndexes = &v
+		case 14:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field PodReplacementPolicy", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			s := PodReplacementPolicy(dAtA[iNdEx:postIndex])
+			m.PodReplacementPolicy = &s
+			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
 			skippy, err := skipGenerated(dAtA[iNdEx:])
@@ -3828,6 +3959,59 @@ func (m *JobStatus) Unmarshal(dAtA []byte) error {
 				}
 			}
 			m.Ready = &v
+		case 10:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field FailedIndexes", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			s := string(dAtA[iNdEx:postIndex])
+			m.FailedIndexes = &s
+			iNdEx = postIndex
+		case 11:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Terminating", wireType)
+			}
+			var v int32
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				v |= int32(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			m.Terminating = &v
 		default:
 			iNdEx = preIndex
 			skippy, err := skipGenerated(dAtA[iNdEx:])
diff --git a/vendor/k8s.io/api/batch/v1/generated.proto b/vendor/k8s.io/api/batch/v1/generated.proto
index df4381c73..4f0822440 100644
--- a/vendor/k8s.io/api/batch/v1/generated.proto
+++ b/vendor/k8s.io/api/batch/v1/generated.proto
@@ -223,6 +223,30 @@ message JobSpec {
   // +optional
   optional int32 backoffLimit = 7;
 
+  // Specifies the limit for the number of retries within an
+  // index before marking this index as failed. When enabled the number of
+  // failures per index is kept in the pod's
+  // batch.kubernetes.io/job-index-failure-count annotation. It can only
+  // be set when Job's completionMode=Indexed, and the Pod's restart
+  // policy is Never. The field is immutable.
+  // This field is alpha-level. It can be used when the `JobBackoffLimitPerIndex`
+  // feature gate is enabled (disabled by default).
+  // +optional
+  optional int32 backoffLimitPerIndex = 12;
+
+  // Specifies the maximal number of failed indexes before marking the Job as
+  // failed, when backoffLimitPerIndex is set. Once the number of failed
+  // indexes exceeds this number the entire Job is marked as Failed and its
+  // execution is terminated. When left as null the job continues execution of
+  // all of its indexes and is marked with the `Complete` Job condition.
+  // It can only be specified when backoffLimitPerIndex is set.
+  // It can be null or up to completions. It is required and must be
+  // less than or equal to 10^4 when is completions greater than 10^5.
+  // This field is alpha-level. It can be used when the `JobBackoffLimitPerIndex`
+  // feature gate is enabled (disabled by default).
+  // +optional
+  optional int32 maxFailedIndexes = 13;
+
   // A label query over pods that should match the pod count.
   // Normally, the system sets this field for you.
   // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors
@@ -292,6 +316,19 @@ message JobSpec {
   //
   // +optional
   optional bool suspend = 10;
+
+  // podReplacementPolicy specifies when to create replacement Pods.
+  // Possible values are:
+  // - TerminatingOrFailed means that we recreate pods
+  //   when they are terminating (has a metadata.deletionTimestamp) or failed.
+  // - Failed means to wait until a previously created Pod is fully terminated (has phase
+  //   Failed or Succeeded) before creating a replacement Pod.
+  //
+  // When using podFailurePolicy, Failed is the the only allowed value.
+  // TerminatingOrFailed and Failed are allowed values when podFailurePolicy is not in use.
+  // This is an alpha field. Enable JobPodReplacementPolicy to be able to use this field.
+  // +optional
+  optional string podReplacementPolicy = 14;
 }
 
 // JobStatus represents the current state of a Job.
@@ -335,6 +372,14 @@ message JobStatus {
   // +optional
   optional int32 failed = 6;
 
+  // The number of pods which are terminating (in phase Pending or Running
+  // and have a deletionTimestamp).
+  //
+  // This field is alpha-level. The job controller populates the field when
+  // the feature gate JobPodReplacementPolicy is enabled (disabled by default).
+  // +optional
+  optional int32 terminating = 11;
+
   // completedIndexes holds the completed indexes when .spec.completionMode =
   // "Indexed" in a text format. The indexes are represented as decimal integers
   // separated by commas. The numbers are listed in increasing order. Three or
@@ -345,6 +390,19 @@ message JobStatus {
   // +optional
   optional string completedIndexes = 7;
 
+  // FailedIndexes holds the failed indexes when backoffLimitPerIndex=true.
+  // The indexes are represented in the text format analogous as for the
+  // `completedIndexes` field, ie. they are kept as decimal integers
+  // separated by commas. The numbers are listed in increasing order. Three or
+  // more consecutive numbers are compressed and represented by the first and
+  // last element of the series, separated by a hyphen.
+  // For example, if the failed indexes are 1, 3, 4, 5 and 7, they are
+  // represented as "1,3-5,7".
+  // This field is alpha-level. It can be used when the `JobBackoffLimitPerIndex`
+  // feature gate is enabled (disabled by default).
+  // +optional
+  optional string failedIndexes = 10;
+
   // uncountedTerminatedPods holds the UIDs of Pods that have terminated but
   // the job controller hasn't yet accounted for in the status counters.
   //
@@ -452,6 +510,10 @@ message PodFailurePolicyRule {
   //
   // - FailJob: indicates that the pod's job is marked as Failed and all
   //   running pods are terminated.
+  // - FailIndex: indicates that the pod's index is marked as Failed and will
+  //   not be restarted.
+  //   This value is alpha-level. It can be used when the
+  //   `JobBackoffLimitPerIndex` feature gate is enabled (disabled by default).
   // - Ignore: indicates that the counter towards the .backoffLimit is not
   //   incremented and a replacement pod is created.
   // - Count: indicates that the pod is handled in the default way - the
@@ -468,6 +530,7 @@ message PodFailurePolicyRule {
   // as a list of pod condition patterns. The requirement is satisfied if at
   // least one pattern matches an actual pod condition. At most 20 elements are allowed.
   // +listType=atomic
+  // +optional
   repeated PodFailurePolicyOnPodConditionsPattern onPodConditions = 3;
 }
 
diff --git a/vendor/k8s.io/api/batch/v1/types.go b/vendor/k8s.io/api/batch/v1/types.go
index 22cf9ee9c..8a28614c0 100644
--- a/vendor/k8s.io/api/batch/v1/types.go
+++ b/vendor/k8s.io/api/batch/v1/types.go
@@ -27,6 +27,11 @@ const (
 	// More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#label-selector-and-annotation-conventions
 	labelPrefix = "batch.kubernetes.io/"
 
+	// CronJobScheduledTimestampAnnotation is the scheduled timestamp annotation for the Job.
+	// It records the original/expected scheduled timestamp for the running job, represented in RFC3339.
+	// The CronJob controller adds this annotation if the CronJobsScheduledAnnotation feature gate (beta in 1.28) is enabled.
+	CronJobScheduledTimestampAnnotation = labelPrefix + "cronjob-scheduled-timestamp"
+
 	JobCompletionIndexAnnotation = labelPrefix + "job-completion-index"
 	// JobTrackingFinalizer is a finalizer for Job's pods. It prevents them from
 	// being deleted before being accounted in the Job status.
@@ -45,6 +50,13 @@ const (
 	// ControllerUid is used to programatically get pods corresponding to a Job.
 	// There is a corresponding label without the batch.kubernetes.io that we support for legacy reasons.
 	ControllerUidLabel = labelPrefix + "controller-uid"
+	// Annotation indicating the number of failures for the index corresponding
+	// to the pod, which are counted towards the backoff limit.
+	JobIndexFailureCountAnnotation = labelPrefix + "job-index-failure-count"
+	// Annotation indicating the number of failures for the index corresponding
+	// to the pod, which don't count towards the backoff limit, according to the
+	// pod failure policy. When the annotation is absent zero is implied.
+	JobIndexIgnoredFailureCountAnnotation = labelPrefix + "job-index-ignored-failure-count"
 )
 
 // +genclient
@@ -109,6 +121,11 @@ const (
 	// pod's job as Failed and terminate all running pods.
 	PodFailurePolicyActionFailJob PodFailurePolicyAction = "FailJob"
 
+	// This is an action which might be taken on a pod failure - mark the
+	// Job's index as failed to avoid restarts within this index. This action
+	// can only be used when backoffLimitPerIndex is set.
+	PodFailurePolicyActionFailIndex PodFailurePolicyAction = "FailIndex"
+
 	// This is an action which might be taken on a pod failure - the counter towards
 	// .backoffLimit, represented by the job's .status.failed field, is not
 	// incremented and a replacement pod is created.
@@ -128,6 +145,19 @@ const (
 	PodFailurePolicyOnExitCodesOpNotIn PodFailurePolicyOnExitCodesOperator = "NotIn"
 )
 
+// PodReplacementPolicy specifies the policy for creating pod replacements.
+// +enum
+type PodReplacementPolicy string
+
+const (
+	// TerminatingOrFailed means that we recreate pods
+	// when they are terminating (has a metadata.deletionTimestamp) or failed.
+	TerminatingOrFailed PodReplacementPolicy = "TerminatingOrFailed"
+	// Failed means to wait until a previously created Pod is fully terminated (has phase
+	// Failed or Succeeded) before creating a replacement Pod.
+	Failed PodReplacementPolicy = "Failed"
+)
+
 // PodFailurePolicyOnExitCodesRequirement describes the requirement for handling
 // a failed pod based on its container exit codes. In particular, it lookups the
 // .state.terminated.exitCode for each app container and init container status,
@@ -186,6 +216,10 @@ type PodFailurePolicyRule struct {
 	//
 	// - FailJob: indicates that the pod's job is marked as Failed and all
 	//   running pods are terminated.
+	// - FailIndex: indicates that the pod's index is marked as Failed and will
+	//   not be restarted.
+	//   This value is alpha-level. It can be used when the
+	//   `JobBackoffLimitPerIndex` feature gate is enabled (disabled by default).
 	// - Ignore: indicates that the counter towards the .backoffLimit is not
 	//   incremented and a replacement pod is created.
 	// - Count: indicates that the pod is handled in the default way - the
@@ -202,6 +236,7 @@ type PodFailurePolicyRule struct {
 	// as a list of pod condition patterns. The requirement is satisfied if at
 	// least one pattern matches an actual pod condition. At most 20 elements are allowed.
 	// +listType=atomic
+	// +optional
 	OnPodConditions []PodFailurePolicyOnPodConditionsPattern `json:"onPodConditions" protobuf:"bytes,3,opt,name=onPodConditions"`
 }
 
@@ -262,6 +297,30 @@ type JobSpec struct {
 	// +optional
 	BackoffLimit *int32 `json:"backoffLimit,omitempty" protobuf:"varint,7,opt,name=backoffLimit"`
 
+	// Specifies the limit for the number of retries within an
+	// index before marking this index as failed. When enabled the number of
+	// failures per index is kept in the pod's
+	// batch.kubernetes.io/job-index-failure-count annotation. It can only
+	// be set when Job's completionMode=Indexed, and the Pod's restart
+	// policy is Never. The field is immutable.
+	// This field is alpha-level. It can be used when the `JobBackoffLimitPerIndex`
+	// feature gate is enabled (disabled by default).
+	// +optional
+	BackoffLimitPerIndex *int32 `json:"backoffLimitPerIndex,omitempty" protobuf:"varint,12,opt,name=backoffLimitPerIndex"`
+
+	// Specifies the maximal number of failed indexes before marking the Job as
+	// failed, when backoffLimitPerIndex is set. Once the number of failed
+	// indexes exceeds this number the entire Job is marked as Failed and its
+	// execution is terminated. When left as null the job continues execution of
+	// all of its indexes and is marked with the `Complete` Job condition.
+	// It can only be specified when backoffLimitPerIndex is set.
+	// It can be null or up to completions. It is required and must be
+	// less than or equal to 10^4 when is completions greater than 10^5.
+	// This field is alpha-level. It can be used when the `JobBackoffLimitPerIndex`
+	// feature gate is enabled (disabled by default).
+	// +optional
+	MaxFailedIndexes *int32 `json:"maxFailedIndexes,omitempty" protobuf:"varint,13,opt,name=maxFailedIndexes"`
+
 	// TODO enabled it when https://github.com/kubernetes/kubernetes/issues/28486 has been fixed
 	// Optional number of failed pods to retain.
 	// +optional
@@ -336,6 +395,19 @@ type JobSpec struct {
 	//
 	// +optional
 	Suspend *bool `json:"suspend,omitempty" protobuf:"varint,10,opt,name=suspend"`
+
+	// podReplacementPolicy specifies when to create replacement Pods.
+	// Possible values are:
+	// - TerminatingOrFailed means that we recreate pods
+	//   when they are terminating (has a metadata.deletionTimestamp) or failed.
+	// - Failed means to wait until a previously created Pod is fully terminated (has phase
+	//   Failed or Succeeded) before creating a replacement Pod.
+	//
+	// When using podFailurePolicy, Failed is the the only allowed value.
+	// TerminatingOrFailed and Failed are allowed values when podFailurePolicy is not in use.
+	// This is an alpha field. Enable JobPodReplacementPolicy to be able to use this field.
+	// +optional
+	PodReplacementPolicy *PodReplacementPolicy `json:"podReplacementPolicy,omitempty" protobuf:"bytes,14,opt,name=podReplacementPolicy,casttype=podReplacementPolicy"`
 }
 
 // JobStatus represents the current state of a Job.
@@ -379,6 +451,14 @@ type JobStatus struct {
 	// +optional
 	Failed int32 `json:"failed,omitempty" protobuf:"varint,6,opt,name=failed"`
 
+	// The number of pods which are terminating (in phase Pending or Running
+	// and have a deletionTimestamp).
+	//
+	// This field is alpha-level. The job controller populates the field when
+	// the feature gate JobPodReplacementPolicy is enabled (disabled by default).
+	// +optional
+	Terminating *int32 `json:"terminating,omitempty" protobuf:"varint,11,opt,name=terminating"`
+
 	// completedIndexes holds the completed indexes when .spec.completionMode =
 	// "Indexed" in a text format. The indexes are represented as decimal integers
 	// separated by commas. The numbers are listed in increasing order. Three or
@@ -389,6 +469,19 @@ type JobStatus struct {
 	// +optional
 	CompletedIndexes string `json:"completedIndexes,omitempty" protobuf:"bytes,7,opt,name=completedIndexes"`
 
+	// FailedIndexes holds the failed indexes when backoffLimitPerIndex=true.
+	// The indexes are represented in the text format analogous as for the
+	// `completedIndexes` field, ie. they are kept as decimal integers
+	// separated by commas. The numbers are listed in increasing order. Three or
+	// more consecutive numbers are compressed and represented by the first and
+	// last element of the series, separated by a hyphen.
+	// For example, if the failed indexes are 1, 3, 4, 5 and 7, they are
+	// represented as "1,3-5,7".
+	// This field is alpha-level. It can be used when the `JobBackoffLimitPerIndex`
+	// feature gate is enabled (disabled by default).
+	// +optional
+	FailedIndexes *string `json:"failedIndexes,omitempty" protobuf:"bytes,10,opt,name=failedIndexes"`
+
 	// uncountedTerminatedPods holds the UIDs of Pods that have terminated but
 	// the job controller hasn't yet accounted for in the status counters.
 	//
diff --git a/vendor/k8s.io/api/batch/v1/types_swagger_doc_generated.go b/vendor/k8s.io/api/batch/v1/types_swagger_doc_generated.go
index f6f3141f1..43b4e1e7d 100644
--- a/vendor/k8s.io/api/batch/v1/types_swagger_doc_generated.go
+++ b/vendor/k8s.io/api/batch/v1/types_swagger_doc_generated.go
@@ -117,12 +117,15 @@ var map_JobSpec = map[string]string{
 	"activeDeadlineSeconds":   "Specifies the duration in seconds relative to the startTime that the job may be continuously active before the system tries to terminate it; value must be positive integer. If a Job is suspended (at creation or through an update), this timer will effectively be stopped and reset when the Job is resumed again.",
 	"podFailurePolicy":        "Specifies the policy of handling failed pods. In particular, it allows to specify the set of actions and conditions which need to be satisfied to take the associated action. If empty, the default behaviour applies - the counter of failed pods, represented by the jobs's .status.failed field, is incremented and it is checked against the backoffLimit. This field cannot be used in combination with restartPolicy=OnFailure.\n\nThis field is beta-level. It can be used when the `JobPodFailurePolicy` feature gate is enabled (enabled by default).",
 	"backoffLimit":            "Specifies the number of retries before marking this job failed. Defaults to 6",
+	"backoffLimitPerIndex":    "Specifies the limit for the number of retries within an index before marking this index as failed. When enabled the number of failures per index is kept in the pod's batch.kubernetes.io/job-index-failure-count annotation. It can only be set when Job's completionMode=Indexed, and the Pod's restart policy is Never. The field is immutable. This field is alpha-level. It can be used when the `JobBackoffLimitPerIndex` feature gate is enabled (disabled by default).",
+	"maxFailedIndexes":        "Specifies the maximal number of failed indexes before marking the Job as failed, when backoffLimitPerIndex is set. Once the number of failed indexes exceeds this number the entire Job is marked as Failed and its execution is terminated. When left as null the job continues execution of all of its indexes and is marked with the `Complete` Job condition. It can only be specified when backoffLimitPerIndex is set. It can be null or up to completions. It is required and must be less than or equal to 10^4 when is completions greater than 10^5. This field is alpha-level. It can be used when the `JobBackoffLimitPerIndex` feature gate is enabled (disabled by default).",
 	"selector":                "A label query over pods that should match the pod count. Normally, the system sets this field for you. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors",
 	"manualSelector":          "manualSelector controls generation of pod labels and pod selectors. Leave `manualSelector` unset unless you are certain what you are doing. When false or unset, the system pick labels unique to this job and appends those labels to the pod template.  When true, the user is responsible for picking unique labels and specifying the selector.  Failure to pick a unique label may cause this and other jobs to not function correctly.  However, You may see `manualSelector=true` in jobs that were created with the old `extensions/v1beta1` API. More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/#specifying-your-own-pod-selector",
 	"template":                "Describes the pod that will be created when executing a job. The only allowed template.spec.restartPolicy values are \"Never\" or \"OnFailure\". More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/",
 	"ttlSecondsAfterFinished": "ttlSecondsAfterFinished limits the lifetime of a Job that has finished execution (either Complete or Failed). If this field is set, ttlSecondsAfterFinished after the Job finishes, it is eligible to be automatically deleted. When the Job is being deleted, its lifecycle guarantees (e.g. finalizers) will be honored. If this field is unset, the Job won't be automatically deleted. If this field is set to zero, the Job becomes eligible to be deleted immediately after it finishes.",
 	"completionMode":          "completionMode specifies how Pod completions are tracked. It can be `NonIndexed` (default) or `Indexed`.\n\n`NonIndexed` means that the Job is considered complete when there have been .spec.completions successfully completed Pods. Each Pod completion is homologous to each other.\n\n`Indexed` means that the Pods of a Job get an associated completion index from 0 to (.spec.completions - 1), available in the annotation batch.kubernetes.io/job-completion-index. The Job is considered complete when there is one successfully completed Pod for each index. When value is `Indexed`, .spec.completions must be specified and `.spec.parallelism` must be less than or equal to 10^5. In addition, The Pod name takes the form `$(job-name)-$(index)-$(random-string)`, the Pod hostname takes the form `$(job-name)-$(index)`.\n\nMore completion modes can be added in the future. If the Job controller observes a mode that it doesn't recognize, which is possible during upgrades due to version skew, the controller skips updates for the Job.",
 	"suspend":                 "suspend specifies whether the Job controller should create Pods or not. If a Job is created with suspend set to true, no Pods are created by the Job controller. If a Job is suspended after creation (i.e. the flag goes from false to true), the Job controller will delete all active Pods associated with this Job. Users must design their workload to gracefully handle this. Suspending a Job will reset the StartTime field of the Job, effectively resetting the ActiveDeadlineSeconds timer too. Defaults to false.",
+	"podReplacementPolicy":    "podReplacementPolicy specifies when to create replacement Pods. Possible values are: - TerminatingOrFailed means that we recreate pods\n  when they are terminating (has a metadata.deletionTimestamp) or failed.\n- Failed means to wait until a previously created Pod is fully terminated (has phase\n  Failed or Succeeded) before creating a replacement Pod.\n\nWhen using podFailurePolicy, Failed is the the only allowed value. TerminatingOrFailed and Failed are allowed values when podFailurePolicy is not in use. This is an alpha field. Enable JobPodReplacementPolicy to be able to use this field.",
 }
 
 func (JobSpec) SwaggerDoc() map[string]string {
@@ -137,7 +140,9 @@ var map_JobStatus = map[string]string{
 	"active":                  "The number of pending and running pods.",
 	"succeeded":               "The number of pods which reached phase Succeeded.",
 	"failed":                  "The number of pods which reached phase Failed.",
+	"terminating":             "The number of pods which are terminating (in phase Pending or Running and have a deletionTimestamp).\n\nThis field is alpha-level. The job controller populates the field when the feature gate JobPodReplacementPolicy is enabled (disabled by default).",
 	"completedIndexes":        "completedIndexes holds the completed indexes when .spec.completionMode = \"Indexed\" in a text format. The indexes are represented as decimal integers separated by commas. The numbers are listed in increasing order. Three or more consecutive numbers are compressed and represented by the first and last element of the series, separated by a hyphen. For example, if the completed indexes are 1, 3, 4, 5 and 7, they are represented as \"1,3-5,7\".",
+	"failedIndexes":           "FailedIndexes holds the failed indexes when backoffLimitPerIndex=true. The indexes are represented in the text format analogous as for the `completedIndexes` field, ie. they are kept as decimal integers separated by commas. The numbers are listed in increasing order. Three or more consecutive numbers are compressed and represented by the first and last element of the series, separated by a hyphen. For example, if the failed indexes are 1, 3, 4, 5 and 7, they are represented as \"1,3-5,7\". This field is alpha-level. It can be used when the `JobBackoffLimitPerIndex` feature gate is enabled (disabled by default).",
 	"uncountedTerminatedPods": "uncountedTerminatedPods holds the UIDs of Pods that have terminated but the job controller hasn't yet accounted for in the status counters.\n\nThe job controller creates pods with a finalizer. When a pod terminates (succeeded or failed), the controller does three steps to account for it in the job status:\n\n1. Add the pod UID to the arrays in this field. 2. Remove the pod finalizer. 3. Remove the pod UID from the arrays while increasing the corresponding\n    counter.\n\nOld jobs might not be tracked using this field, in which case the field remains null.",
 	"ready":                   "The number of pods which have a Ready condition.\n\nThis field is beta-level. The job controller populates the field when the feature gate JobReadyPods is enabled (enabled by default).",
 }
@@ -188,7 +193,7 @@ func (PodFailurePolicyOnPodConditionsPattern) SwaggerDoc() map[string]string {
 
 var map_PodFailurePolicyRule = map[string]string{
 	"":                "PodFailurePolicyRule describes how a pod failure is handled when the requirements are met. One of onExitCodes and onPodConditions, but not both, can be used in each rule.",
-	"action":          "Specifies the action taken on a pod failure when the requirements are satisfied. Possible values are:\n\n- FailJob: indicates that the pod's job is marked as Failed and all\n  running pods are terminated.\n- Ignore: indicates that the counter towards the .backoffLimit is not\n  incremented and a replacement pod is created.\n- Count: indicates that the pod is handled in the default way - the\n  counter towards the .backoffLimit is incremented.\nAdditional values are considered to be added in the future. Clients should react to an unknown action by skipping the rule.",
+	"action":          "Specifies the action taken on a pod failure when the requirements are satisfied. Possible values are:\n\n- FailJob: indicates that the pod's job is marked as Failed and all\n  running pods are terminated.\n- FailIndex: indicates that the pod's index is marked as Failed and will\n  not be restarted.\n  This value is alpha-level. It can be used when the\n  `JobBackoffLimitPerIndex` feature gate is enabled (disabled by default).\n- Ignore: indicates that the counter towards the .backoffLimit is not\n  incremented and a replacement pod is created.\n- Count: indicates that the pod is handled in the default way - the\n  counter towards the .backoffLimit is incremented.\nAdditional values are considered to be added in the future. Clients should react to an unknown action by skipping the rule.",
 	"onExitCodes":     "Represents the requirement on the container exit codes.",
 	"onPodConditions": "Represents the requirement on the pod conditions. The requirement is represented as a list of pod condition patterns. The requirement is satisfied if at least one pattern matches an actual pod condition. At most 20 elements are allowed.",
 }
diff --git a/vendor/k8s.io/api/batch/v1/zz_generated.deepcopy.go b/vendor/k8s.io/api/batch/v1/zz_generated.deepcopy.go
index 2a901e9d0..43fc41515 100644
--- a/vendor/k8s.io/api/batch/v1/zz_generated.deepcopy.go
+++ b/vendor/k8s.io/api/batch/v1/zz_generated.deepcopy.go
@@ -267,6 +267,16 @@ func (in *JobSpec) DeepCopyInto(out *JobSpec) {
 		*out = new(int32)
 		**out = **in
 	}
+	if in.BackoffLimitPerIndex != nil {
+		in, out := &in.BackoffLimitPerIndex, &out.BackoffLimitPerIndex
+		*out = new(int32)
+		**out = **in
+	}
+	if in.MaxFailedIndexes != nil {
+		in, out := &in.MaxFailedIndexes, &out.MaxFailedIndexes
+		*out = new(int32)
+		**out = **in
+	}
 	if in.Selector != nil {
 		in, out := &in.Selector, &out.Selector
 		*out = new(metav1.LabelSelector)
@@ -293,6 +303,11 @@ func (in *JobSpec) DeepCopyInto(out *JobSpec) {
 		*out = new(bool)
 		**out = **in
 	}
+	if in.PodReplacementPolicy != nil {
+		in, out := &in.PodReplacementPolicy, &out.PodReplacementPolicy
+		*out = new(PodReplacementPolicy)
+		**out = **in
+	}
 	return
 }
 
@@ -324,6 +339,16 @@ func (in *JobStatus) DeepCopyInto(out *JobStatus) {
 		in, out := &in.CompletionTime, &out.CompletionTime
 		*out = (*in).DeepCopy()
 	}
+	if in.Terminating != nil {
+		in, out := &in.Terminating, &out.Terminating
+		*out = new(int32)
+		**out = **in
+	}
+	if in.FailedIndexes != nil {
+		in, out := &in.FailedIndexes, &out.FailedIndexes
+		*out = new(string)
+		**out = **in
+	}
 	if in.UncountedTerminatedPods != nil {
 		in, out := &in.UncountedTerminatedPods, &out.UncountedTerminatedPods
 		*out = new(UncountedTerminatedPods)
diff --git a/vendor/k8s.io/api/core/v1/annotation_key_constants.go b/vendor/k8s.io/api/core/v1/annotation_key_constants.go
index 61f86f850..106ba14c3 100644
--- a/vendor/k8s.io/api/core/v1/annotation_key_constants.go
+++ b/vendor/k8s.io/api/core/v1/annotation_key_constants.go
@@ -56,9 +56,9 @@ const (
 
 	// AppArmorBetaContainerAnnotationKeyPrefix is the prefix to an annotation key specifying a container's apparmor profile.
 	AppArmorBetaContainerAnnotationKeyPrefix = "container.apparmor.security.beta.kubernetes.io/"
-	// AppArmorBetaDefaultProfileAnnotatoinKey is the annotation key specifying the default AppArmor profile.
+	// AppArmorBetaDefaultProfileAnnotationKey is the annotation key specifying the default AppArmor profile.
 	AppArmorBetaDefaultProfileAnnotationKey = "apparmor.security.beta.kubernetes.io/defaultProfileName"
-	// AppArmorBetaAllowedProfileAnnotationKey is the annotation key specifying the allowed AppArmor profiles.
+	// AppArmorBetaAllowedProfilesAnnotationKey is the annotation key specifying the allowed AppArmor profiles.
 	AppArmorBetaAllowedProfilesAnnotationKey = "apparmor.security.beta.kubernetes.io/allowedProfileNames"
 
 	// AppArmorBetaProfileRuntimeDefault is the profile specifying the runtime default.
@@ -78,7 +78,7 @@ const (
 	// in the Annotations of a Node.
 	PreferAvoidPodsAnnotationKey string = "scheduler.alpha.kubernetes.io/preferAvoidPods"
 
-	// ObjectTTLAnnotations represents a suggestion for kubelet for how long it can cache
+	// ObjectTTLAnnotationKey represents a suggestion for kubelet for how long it can cache
 	// an object (e.g. secret, config map) before fetching it again from apiserver.
 	// This annotation can be attached to node.
 	ObjectTTLAnnotationKey string = "node.alpha.kubernetes.io/ttl"
diff --git a/vendor/k8s.io/api/core/v1/generated.pb.go b/vendor/k8s.io/api/core/v1/generated.pb.go
index c76646296..c267a5feb 100644
--- a/vendor/k8s.io/api/core/v1/generated.pb.go
+++ b/vendor/k8s.io/api/core/v1/generated.pb.go
@@ -1981,10 +1981,38 @@ func (m *HostAlias) XXX_DiscardUnknown() {
 
 var xxx_messageInfo_HostAlias proto.InternalMessageInfo
 
+func (m *HostIP) Reset()      { *m = HostIP{} }
+func (*HostIP) ProtoMessage() {}
+func (*HostIP) Descriptor() ([]byte, []int) {
+	return fileDescriptor_83c10c24ec417dc9, []int{69}
+}
+func (m *HostIP) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *HostIP) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	b = b[:cap(b)]
+	n, err := m.MarshalToSizedBuffer(b)
+	if err != nil {
+		return nil, err
+	}
+	return b[:n], nil
+}
+func (m *HostIP) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_HostIP.Merge(m, src)
+}
+func (m *HostIP) XXX_Size() int {
+	return m.Size()
+}
+func (m *HostIP) XXX_DiscardUnknown() {
+	xxx_messageInfo_HostIP.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_HostIP proto.InternalMessageInfo
+
 func (m *HostPathVolumeSource) Reset()      { *m = HostPathVolumeSource{} }
 func (*HostPathVolumeSource) ProtoMessage() {}
 func (*HostPathVolumeSource) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{69}
+	return fileDescriptor_83c10c24ec417dc9, []int{70}
 }
 func (m *HostPathVolumeSource) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2012,7 +2040,7 @@ var xxx_messageInfo_HostPathVolumeSource proto.InternalMessageInfo
 func (m *ISCSIPersistentVolumeSource) Reset()      { *m = ISCSIPersistentVolumeSource{} }
 func (*ISCSIPersistentVolumeSource) ProtoMessage() {}
 func (*ISCSIPersistentVolumeSource) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{70}
+	return fileDescriptor_83c10c24ec417dc9, []int{71}
 }
 func (m *ISCSIPersistentVolumeSource) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2040,7 +2068,7 @@ var xxx_messageInfo_ISCSIPersistentVolumeSource proto.InternalMessageInfo
 func (m *ISCSIVolumeSource) Reset()      { *m = ISCSIVolumeSource{} }
 func (*ISCSIVolumeSource) ProtoMessage() {}
 func (*ISCSIVolumeSource) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{71}
+	return fileDescriptor_83c10c24ec417dc9, []int{72}
 }
 func (m *ISCSIVolumeSource) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2068,7 +2096,7 @@ var xxx_messageInfo_ISCSIVolumeSource proto.InternalMessageInfo
 func (m *KeyToPath) Reset()      { *m = KeyToPath{} }
 func (*KeyToPath) ProtoMessage() {}
 func (*KeyToPath) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{72}
+	return fileDescriptor_83c10c24ec417dc9, []int{73}
 }
 func (m *KeyToPath) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2096,7 +2124,7 @@ var xxx_messageInfo_KeyToPath proto.InternalMessageInfo
 func (m *Lifecycle) Reset()      { *m = Lifecycle{} }
 func (*Lifecycle) ProtoMessage() {}
 func (*Lifecycle) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{73}
+	return fileDescriptor_83c10c24ec417dc9, []int{74}
 }
 func (m *Lifecycle) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2124,7 +2152,7 @@ var xxx_messageInfo_Lifecycle proto.InternalMessageInfo
 func (m *LifecycleHandler) Reset()      { *m = LifecycleHandler{} }
 func (*LifecycleHandler) ProtoMessage() {}
 func (*LifecycleHandler) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{74}
+	return fileDescriptor_83c10c24ec417dc9, []int{75}
 }
 func (m *LifecycleHandler) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2152,7 +2180,7 @@ var xxx_messageInfo_LifecycleHandler proto.InternalMessageInfo
 func (m *LimitRange) Reset()      { *m = LimitRange{} }
 func (*LimitRange) ProtoMessage() {}
 func (*LimitRange) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{75}
+	return fileDescriptor_83c10c24ec417dc9, []int{76}
 }
 func (m *LimitRange) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2180,7 +2208,7 @@ var xxx_messageInfo_LimitRange proto.InternalMessageInfo
 func (m *LimitRangeItem) Reset()      { *m = LimitRangeItem{} }
 func (*LimitRangeItem) ProtoMessage() {}
 func (*LimitRangeItem) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{76}
+	return fileDescriptor_83c10c24ec417dc9, []int{77}
 }
 func (m *LimitRangeItem) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2208,7 +2236,7 @@ var xxx_messageInfo_LimitRangeItem proto.InternalMessageInfo
 func (m *LimitRangeList) Reset()      { *m = LimitRangeList{} }
 func (*LimitRangeList) ProtoMessage() {}
 func (*LimitRangeList) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{77}
+	return fileDescriptor_83c10c24ec417dc9, []int{78}
 }
 func (m *LimitRangeList) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2236,7 +2264,7 @@ var xxx_messageInfo_LimitRangeList proto.InternalMessageInfo
 func (m *LimitRangeSpec) Reset()      { *m = LimitRangeSpec{} }
 func (*LimitRangeSpec) ProtoMessage() {}
 func (*LimitRangeSpec) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{78}
+	return fileDescriptor_83c10c24ec417dc9, []int{79}
 }
 func (m *LimitRangeSpec) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2264,7 +2292,7 @@ var xxx_messageInfo_LimitRangeSpec proto.InternalMessageInfo
 func (m *List) Reset()      { *m = List{} }
 func (*List) ProtoMessage() {}
 func (*List) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{79}
+	return fileDescriptor_83c10c24ec417dc9, []int{80}
 }
 func (m *List) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2292,7 +2320,7 @@ var xxx_messageInfo_List proto.InternalMessageInfo
 func (m *LoadBalancerIngress) Reset()      { *m = LoadBalancerIngress{} }
 func (*LoadBalancerIngress) ProtoMessage() {}
 func (*LoadBalancerIngress) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{80}
+	return fileDescriptor_83c10c24ec417dc9, []int{81}
 }
 func (m *LoadBalancerIngress) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2320,7 +2348,7 @@ var xxx_messageInfo_LoadBalancerIngress proto.InternalMessageInfo
 func (m *LoadBalancerStatus) Reset()      { *m = LoadBalancerStatus{} }
 func (*LoadBalancerStatus) ProtoMessage() {}
 func (*LoadBalancerStatus) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{81}
+	return fileDescriptor_83c10c24ec417dc9, []int{82}
 }
 func (m *LoadBalancerStatus) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2348,7 +2376,7 @@ var xxx_messageInfo_LoadBalancerStatus proto.InternalMessageInfo
 func (m *LocalObjectReference) Reset()      { *m = LocalObjectReference{} }
 func (*LocalObjectReference) ProtoMessage() {}
 func (*LocalObjectReference) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{82}
+	return fileDescriptor_83c10c24ec417dc9, []int{83}
 }
 func (m *LocalObjectReference) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2376,7 +2404,7 @@ var xxx_messageInfo_LocalObjectReference proto.InternalMessageInfo
 func (m *LocalVolumeSource) Reset()      { *m = LocalVolumeSource{} }
 func (*LocalVolumeSource) ProtoMessage() {}
 func (*LocalVolumeSource) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{83}
+	return fileDescriptor_83c10c24ec417dc9, []int{84}
 }
 func (m *LocalVolumeSource) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2404,7 +2432,7 @@ var xxx_messageInfo_LocalVolumeSource proto.InternalMessageInfo
 func (m *NFSVolumeSource) Reset()      { *m = NFSVolumeSource{} }
 func (*NFSVolumeSource) ProtoMessage() {}
 func (*NFSVolumeSource) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{84}
+	return fileDescriptor_83c10c24ec417dc9, []int{85}
 }
 func (m *NFSVolumeSource) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2432,7 +2460,7 @@ var xxx_messageInfo_NFSVolumeSource proto.InternalMessageInfo
 func (m *Namespace) Reset()      { *m = Namespace{} }
 func (*Namespace) ProtoMessage() {}
 func (*Namespace) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{85}
+	return fileDescriptor_83c10c24ec417dc9, []int{86}
 }
 func (m *Namespace) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2460,7 +2488,7 @@ var xxx_messageInfo_Namespace proto.InternalMessageInfo
 func (m *NamespaceCondition) Reset()      { *m = NamespaceCondition{} }
 func (*NamespaceCondition) ProtoMessage() {}
 func (*NamespaceCondition) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{86}
+	return fileDescriptor_83c10c24ec417dc9, []int{87}
 }
 func (m *NamespaceCondition) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2488,7 +2516,7 @@ var xxx_messageInfo_NamespaceCondition proto.InternalMessageInfo
 func (m *NamespaceList) Reset()      { *m = NamespaceList{} }
 func (*NamespaceList) ProtoMessage() {}
 func (*NamespaceList) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{87}
+	return fileDescriptor_83c10c24ec417dc9, []int{88}
 }
 func (m *NamespaceList) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2516,7 +2544,7 @@ var xxx_messageInfo_NamespaceList proto.InternalMessageInfo
 func (m *NamespaceSpec) Reset()      { *m = NamespaceSpec{} }
 func (*NamespaceSpec) ProtoMessage() {}
 func (*NamespaceSpec) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{88}
+	return fileDescriptor_83c10c24ec417dc9, []int{89}
 }
 func (m *NamespaceSpec) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2544,7 +2572,7 @@ var xxx_messageInfo_NamespaceSpec proto.InternalMessageInfo
 func (m *NamespaceStatus) Reset()      { *m = NamespaceStatus{} }
 func (*NamespaceStatus) ProtoMessage() {}
 func (*NamespaceStatus) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{89}
+	return fileDescriptor_83c10c24ec417dc9, []int{90}
 }
 func (m *NamespaceStatus) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2572,7 +2600,7 @@ var xxx_messageInfo_NamespaceStatus proto.InternalMessageInfo
 func (m *Node) Reset()      { *m = Node{} }
 func (*Node) ProtoMessage() {}
 func (*Node) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{90}
+	return fileDescriptor_83c10c24ec417dc9, []int{91}
 }
 func (m *Node) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2600,7 +2628,7 @@ var xxx_messageInfo_Node proto.InternalMessageInfo
 func (m *NodeAddress) Reset()      { *m = NodeAddress{} }
 func (*NodeAddress) ProtoMessage() {}
 func (*NodeAddress) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{91}
+	return fileDescriptor_83c10c24ec417dc9, []int{92}
 }
 func (m *NodeAddress) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2628,7 +2656,7 @@ var xxx_messageInfo_NodeAddress proto.InternalMessageInfo
 func (m *NodeAffinity) Reset()      { *m = NodeAffinity{} }
 func (*NodeAffinity) ProtoMessage() {}
 func (*NodeAffinity) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{92}
+	return fileDescriptor_83c10c24ec417dc9, []int{93}
 }
 func (m *NodeAffinity) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2656,7 +2684,7 @@ var xxx_messageInfo_NodeAffinity proto.InternalMessageInfo
 func (m *NodeCondition) Reset()      { *m = NodeCondition{} }
 func (*NodeCondition) ProtoMessage() {}
 func (*NodeCondition) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{93}
+	return fileDescriptor_83c10c24ec417dc9, []int{94}
 }
 func (m *NodeCondition) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2684,7 +2712,7 @@ var xxx_messageInfo_NodeCondition proto.InternalMessageInfo
 func (m *NodeConfigSource) Reset()      { *m = NodeConfigSource{} }
 func (*NodeConfigSource) ProtoMessage() {}
 func (*NodeConfigSource) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{94}
+	return fileDescriptor_83c10c24ec417dc9, []int{95}
 }
 func (m *NodeConfigSource) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2712,7 +2740,7 @@ var xxx_messageInfo_NodeConfigSource proto.InternalMessageInfo
 func (m *NodeConfigStatus) Reset()      { *m = NodeConfigStatus{} }
 func (*NodeConfigStatus) ProtoMessage() {}
 func (*NodeConfigStatus) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{95}
+	return fileDescriptor_83c10c24ec417dc9, []int{96}
 }
 func (m *NodeConfigStatus) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2740,7 +2768,7 @@ var xxx_messageInfo_NodeConfigStatus proto.InternalMessageInfo
 func (m *NodeDaemonEndpoints) Reset()      { *m = NodeDaemonEndpoints{} }
 func (*NodeDaemonEndpoints) ProtoMessage() {}
 func (*NodeDaemonEndpoints) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{96}
+	return fileDescriptor_83c10c24ec417dc9, []int{97}
 }
 func (m *NodeDaemonEndpoints) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2768,7 +2796,7 @@ var xxx_messageInfo_NodeDaemonEndpoints proto.InternalMessageInfo
 func (m *NodeList) Reset()      { *m = NodeList{} }
 func (*NodeList) ProtoMessage() {}
 func (*NodeList) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{97}
+	return fileDescriptor_83c10c24ec417dc9, []int{98}
 }
 func (m *NodeList) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2796,7 +2824,7 @@ var xxx_messageInfo_NodeList proto.InternalMessageInfo
 func (m *NodeProxyOptions) Reset()      { *m = NodeProxyOptions{} }
 func (*NodeProxyOptions) ProtoMessage() {}
 func (*NodeProxyOptions) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{98}
+	return fileDescriptor_83c10c24ec417dc9, []int{99}
 }
 func (m *NodeProxyOptions) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2824,7 +2852,7 @@ var xxx_messageInfo_NodeProxyOptions proto.InternalMessageInfo
 func (m *NodeResources) Reset()      { *m = NodeResources{} }
 func (*NodeResources) ProtoMessage() {}
 func (*NodeResources) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{99}
+	return fileDescriptor_83c10c24ec417dc9, []int{100}
 }
 func (m *NodeResources) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2852,7 +2880,7 @@ var xxx_messageInfo_NodeResources proto.InternalMessageInfo
 func (m *NodeSelector) Reset()      { *m = NodeSelector{} }
 func (*NodeSelector) ProtoMessage() {}
 func (*NodeSelector) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{100}
+	return fileDescriptor_83c10c24ec417dc9, []int{101}
 }
 func (m *NodeSelector) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2880,7 +2908,7 @@ var xxx_messageInfo_NodeSelector proto.InternalMessageInfo
 func (m *NodeSelectorRequirement) Reset()      { *m = NodeSelectorRequirement{} }
 func (*NodeSelectorRequirement) ProtoMessage() {}
 func (*NodeSelectorRequirement) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{101}
+	return fileDescriptor_83c10c24ec417dc9, []int{102}
 }
 func (m *NodeSelectorRequirement) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2908,7 +2936,7 @@ var xxx_messageInfo_NodeSelectorRequirement proto.InternalMessageInfo
 func (m *NodeSelectorTerm) Reset()      { *m = NodeSelectorTerm{} }
 func (*NodeSelectorTerm) ProtoMessage() {}
 func (*NodeSelectorTerm) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{102}
+	return fileDescriptor_83c10c24ec417dc9, []int{103}
 }
 func (m *NodeSelectorTerm) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2936,7 +2964,7 @@ var xxx_messageInfo_NodeSelectorTerm proto.InternalMessageInfo
 func (m *NodeSpec) Reset()      { *m = NodeSpec{} }
 func (*NodeSpec) ProtoMessage() {}
 func (*NodeSpec) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{103}
+	return fileDescriptor_83c10c24ec417dc9, []int{104}
 }
 func (m *NodeSpec) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2964,7 +2992,7 @@ var xxx_messageInfo_NodeSpec proto.InternalMessageInfo
 func (m *NodeStatus) Reset()      { *m = NodeStatus{} }
 func (*NodeStatus) ProtoMessage() {}
 func (*NodeStatus) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{104}
+	return fileDescriptor_83c10c24ec417dc9, []int{105}
 }
 func (m *NodeStatus) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2992,7 +3020,7 @@ var xxx_messageInfo_NodeStatus proto.InternalMessageInfo
 func (m *NodeSystemInfo) Reset()      { *m = NodeSystemInfo{} }
 func (*NodeSystemInfo) ProtoMessage() {}
 func (*NodeSystemInfo) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{105}
+	return fileDescriptor_83c10c24ec417dc9, []int{106}
 }
 func (m *NodeSystemInfo) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3020,7 +3048,7 @@ var xxx_messageInfo_NodeSystemInfo proto.InternalMessageInfo
 func (m *ObjectFieldSelector) Reset()      { *m = ObjectFieldSelector{} }
 func (*ObjectFieldSelector) ProtoMessage() {}
 func (*ObjectFieldSelector) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{106}
+	return fileDescriptor_83c10c24ec417dc9, []int{107}
 }
 func (m *ObjectFieldSelector) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3048,7 +3076,7 @@ var xxx_messageInfo_ObjectFieldSelector proto.InternalMessageInfo
 func (m *ObjectReference) Reset()      { *m = ObjectReference{} }
 func (*ObjectReference) ProtoMessage() {}
 func (*ObjectReference) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{107}
+	return fileDescriptor_83c10c24ec417dc9, []int{108}
 }
 func (m *ObjectReference) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3076,7 +3104,7 @@ var xxx_messageInfo_ObjectReference proto.InternalMessageInfo
 func (m *PersistentVolume) Reset()      { *m = PersistentVolume{} }
 func (*PersistentVolume) ProtoMessage() {}
 func (*PersistentVolume) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{108}
+	return fileDescriptor_83c10c24ec417dc9, []int{109}
 }
 func (m *PersistentVolume) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3104,7 +3132,7 @@ var xxx_messageInfo_PersistentVolume proto.InternalMessageInfo
 func (m *PersistentVolumeClaim) Reset()      { *m = PersistentVolumeClaim{} }
 func (*PersistentVolumeClaim) ProtoMessage() {}
 func (*PersistentVolumeClaim) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{109}
+	return fileDescriptor_83c10c24ec417dc9, []int{110}
 }
 func (m *PersistentVolumeClaim) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3132,7 +3160,7 @@ var xxx_messageInfo_PersistentVolumeClaim proto.InternalMessageInfo
 func (m *PersistentVolumeClaimCondition) Reset()      { *m = PersistentVolumeClaimCondition{} }
 func (*PersistentVolumeClaimCondition) ProtoMessage() {}
 func (*PersistentVolumeClaimCondition) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{110}
+	return fileDescriptor_83c10c24ec417dc9, []int{111}
 }
 func (m *PersistentVolumeClaimCondition) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3160,7 +3188,7 @@ var xxx_messageInfo_PersistentVolumeClaimCondition proto.InternalMessageInfo
 func (m *PersistentVolumeClaimList) Reset()      { *m = PersistentVolumeClaimList{} }
 func (*PersistentVolumeClaimList) ProtoMessage() {}
 func (*PersistentVolumeClaimList) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{111}
+	return fileDescriptor_83c10c24ec417dc9, []int{112}
 }
 func (m *PersistentVolumeClaimList) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3188,7 +3216,7 @@ var xxx_messageInfo_PersistentVolumeClaimList proto.InternalMessageInfo
 func (m *PersistentVolumeClaimSpec) Reset()      { *m = PersistentVolumeClaimSpec{} }
 func (*PersistentVolumeClaimSpec) ProtoMessage() {}
 func (*PersistentVolumeClaimSpec) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{112}
+	return fileDescriptor_83c10c24ec417dc9, []int{113}
 }
 func (m *PersistentVolumeClaimSpec) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3216,7 +3244,7 @@ var xxx_messageInfo_PersistentVolumeClaimSpec proto.InternalMessageInfo
 func (m *PersistentVolumeClaimStatus) Reset()      { *m = PersistentVolumeClaimStatus{} }
 func (*PersistentVolumeClaimStatus) ProtoMessage() {}
 func (*PersistentVolumeClaimStatus) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{113}
+	return fileDescriptor_83c10c24ec417dc9, []int{114}
 }
 func (m *PersistentVolumeClaimStatus) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3244,7 +3272,7 @@ var xxx_messageInfo_PersistentVolumeClaimStatus proto.InternalMessageInfo
 func (m *PersistentVolumeClaimTemplate) Reset()      { *m = PersistentVolumeClaimTemplate{} }
 func (*PersistentVolumeClaimTemplate) ProtoMessage() {}
 func (*PersistentVolumeClaimTemplate) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{114}
+	return fileDescriptor_83c10c24ec417dc9, []int{115}
 }
 func (m *PersistentVolumeClaimTemplate) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3272,7 +3300,7 @@ var xxx_messageInfo_PersistentVolumeClaimTemplate proto.InternalMessageInfo
 func (m *PersistentVolumeClaimVolumeSource) Reset()      { *m = PersistentVolumeClaimVolumeSource{} }
 func (*PersistentVolumeClaimVolumeSource) ProtoMessage() {}
 func (*PersistentVolumeClaimVolumeSource) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{115}
+	return fileDescriptor_83c10c24ec417dc9, []int{116}
 }
 func (m *PersistentVolumeClaimVolumeSource) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3300,7 +3328,7 @@ var xxx_messageInfo_PersistentVolumeClaimVolumeSource proto.InternalMessageInfo
 func (m *PersistentVolumeList) Reset()      { *m = PersistentVolumeList{} }
 func (*PersistentVolumeList) ProtoMessage() {}
 func (*PersistentVolumeList) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{116}
+	return fileDescriptor_83c10c24ec417dc9, []int{117}
 }
 func (m *PersistentVolumeList) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3328,7 +3356,7 @@ var xxx_messageInfo_PersistentVolumeList proto.InternalMessageInfo
 func (m *PersistentVolumeSource) Reset()      { *m = PersistentVolumeSource{} }
 func (*PersistentVolumeSource) ProtoMessage() {}
 func (*PersistentVolumeSource) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{117}
+	return fileDescriptor_83c10c24ec417dc9, []int{118}
 }
 func (m *PersistentVolumeSource) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3356,7 +3384,7 @@ var xxx_messageInfo_PersistentVolumeSource proto.InternalMessageInfo
 func (m *PersistentVolumeSpec) Reset()      { *m = PersistentVolumeSpec{} }
 func (*PersistentVolumeSpec) ProtoMessage() {}
 func (*PersistentVolumeSpec) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{118}
+	return fileDescriptor_83c10c24ec417dc9, []int{119}
 }
 func (m *PersistentVolumeSpec) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3384,7 +3412,7 @@ var xxx_messageInfo_PersistentVolumeSpec proto.InternalMessageInfo
 func (m *PersistentVolumeStatus) Reset()      { *m = PersistentVolumeStatus{} }
 func (*PersistentVolumeStatus) ProtoMessage() {}
 func (*PersistentVolumeStatus) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{119}
+	return fileDescriptor_83c10c24ec417dc9, []int{120}
 }
 func (m *PersistentVolumeStatus) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3412,7 +3440,7 @@ var xxx_messageInfo_PersistentVolumeStatus proto.InternalMessageInfo
 func (m *PhotonPersistentDiskVolumeSource) Reset()      { *m = PhotonPersistentDiskVolumeSource{} }
 func (*PhotonPersistentDiskVolumeSource) ProtoMessage() {}
 func (*PhotonPersistentDiskVolumeSource) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{120}
+	return fileDescriptor_83c10c24ec417dc9, []int{121}
 }
 func (m *PhotonPersistentDiskVolumeSource) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3440,7 +3468,7 @@ var xxx_messageInfo_PhotonPersistentDiskVolumeSource proto.InternalMessageInfo
 func (m *Pod) Reset()      { *m = Pod{} }
 func (*Pod) ProtoMessage() {}
 func (*Pod) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{121}
+	return fileDescriptor_83c10c24ec417dc9, []int{122}
 }
 func (m *Pod) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3468,7 +3496,7 @@ var xxx_messageInfo_Pod proto.InternalMessageInfo
 func (m *PodAffinity) Reset()      { *m = PodAffinity{} }
 func (*PodAffinity) ProtoMessage() {}
 func (*PodAffinity) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{122}
+	return fileDescriptor_83c10c24ec417dc9, []int{123}
 }
 func (m *PodAffinity) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3496,7 +3524,7 @@ var xxx_messageInfo_PodAffinity proto.InternalMessageInfo
 func (m *PodAffinityTerm) Reset()      { *m = PodAffinityTerm{} }
 func (*PodAffinityTerm) ProtoMessage() {}
 func (*PodAffinityTerm) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{123}
+	return fileDescriptor_83c10c24ec417dc9, []int{124}
 }
 func (m *PodAffinityTerm) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3524,7 +3552,7 @@ var xxx_messageInfo_PodAffinityTerm proto.InternalMessageInfo
 func (m *PodAntiAffinity) Reset()      { *m = PodAntiAffinity{} }
 func (*PodAntiAffinity) ProtoMessage() {}
 func (*PodAntiAffinity) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{124}
+	return fileDescriptor_83c10c24ec417dc9, []int{125}
 }
 func (m *PodAntiAffinity) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3552,7 +3580,7 @@ var xxx_messageInfo_PodAntiAffinity proto.InternalMessageInfo
 func (m *PodAttachOptions) Reset()      { *m = PodAttachOptions{} }
 func (*PodAttachOptions) ProtoMessage() {}
 func (*PodAttachOptions) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{125}
+	return fileDescriptor_83c10c24ec417dc9, []int{126}
 }
 func (m *PodAttachOptions) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3580,7 +3608,7 @@ var xxx_messageInfo_PodAttachOptions proto.InternalMessageInfo
 func (m *PodCondition) Reset()      { *m = PodCondition{} }
 func (*PodCondition) ProtoMessage() {}
 func (*PodCondition) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{126}
+	return fileDescriptor_83c10c24ec417dc9, []int{127}
 }
 func (m *PodCondition) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3608,7 +3636,7 @@ var xxx_messageInfo_PodCondition proto.InternalMessageInfo
 func (m *PodDNSConfig) Reset()      { *m = PodDNSConfig{} }
 func (*PodDNSConfig) ProtoMessage() {}
 func (*PodDNSConfig) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{127}
+	return fileDescriptor_83c10c24ec417dc9, []int{128}
 }
 func (m *PodDNSConfig) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3636,7 +3664,7 @@ var xxx_messageInfo_PodDNSConfig proto.InternalMessageInfo
 func (m *PodDNSConfigOption) Reset()      { *m = PodDNSConfigOption{} }
 func (*PodDNSConfigOption) ProtoMessage() {}
 func (*PodDNSConfigOption) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{128}
+	return fileDescriptor_83c10c24ec417dc9, []int{129}
 }
 func (m *PodDNSConfigOption) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3664,7 +3692,7 @@ var xxx_messageInfo_PodDNSConfigOption proto.InternalMessageInfo
 func (m *PodExecOptions) Reset()      { *m = PodExecOptions{} }
 func (*PodExecOptions) ProtoMessage() {}
 func (*PodExecOptions) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{129}
+	return fileDescriptor_83c10c24ec417dc9, []int{130}
 }
 func (m *PodExecOptions) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3692,7 +3720,7 @@ var xxx_messageInfo_PodExecOptions proto.InternalMessageInfo
 func (m *PodIP) Reset()      { *m = PodIP{} }
 func (*PodIP) ProtoMessage() {}
 func (*PodIP) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{130}
+	return fileDescriptor_83c10c24ec417dc9, []int{131}
 }
 func (m *PodIP) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3720,7 +3748,7 @@ var xxx_messageInfo_PodIP proto.InternalMessageInfo
 func (m *PodList) Reset()      { *m = PodList{} }
 func (*PodList) ProtoMessage() {}
 func (*PodList) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{131}
+	return fileDescriptor_83c10c24ec417dc9, []int{132}
 }
 func (m *PodList) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3748,7 +3776,7 @@ var xxx_messageInfo_PodList proto.InternalMessageInfo
 func (m *PodLogOptions) Reset()      { *m = PodLogOptions{} }
 func (*PodLogOptions) ProtoMessage() {}
 func (*PodLogOptions) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{132}
+	return fileDescriptor_83c10c24ec417dc9, []int{133}
 }
 func (m *PodLogOptions) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3776,7 +3804,7 @@ var xxx_messageInfo_PodLogOptions proto.InternalMessageInfo
 func (m *PodOS) Reset()      { *m = PodOS{} }
 func (*PodOS) ProtoMessage() {}
 func (*PodOS) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{133}
+	return fileDescriptor_83c10c24ec417dc9, []int{134}
 }
 func (m *PodOS) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3804,7 +3832,7 @@ var xxx_messageInfo_PodOS proto.InternalMessageInfo
 func (m *PodPortForwardOptions) Reset()      { *m = PodPortForwardOptions{} }
 func (*PodPortForwardOptions) ProtoMessage() {}
 func (*PodPortForwardOptions) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{134}
+	return fileDescriptor_83c10c24ec417dc9, []int{135}
 }
 func (m *PodPortForwardOptions) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3832,7 +3860,7 @@ var xxx_messageInfo_PodPortForwardOptions proto.InternalMessageInfo
 func (m *PodProxyOptions) Reset()      { *m = PodProxyOptions{} }
 func (*PodProxyOptions) ProtoMessage() {}
 func (*PodProxyOptions) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{135}
+	return fileDescriptor_83c10c24ec417dc9, []int{136}
 }
 func (m *PodProxyOptions) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3860,7 +3888,7 @@ var xxx_messageInfo_PodProxyOptions proto.InternalMessageInfo
 func (m *PodReadinessGate) Reset()      { *m = PodReadinessGate{} }
 func (*PodReadinessGate) ProtoMessage() {}
 func (*PodReadinessGate) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{136}
+	return fileDescriptor_83c10c24ec417dc9, []int{137}
 }
 func (m *PodReadinessGate) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3888,7 +3916,7 @@ var xxx_messageInfo_PodReadinessGate proto.InternalMessageInfo
 func (m *PodResourceClaim) Reset()      { *m = PodResourceClaim{} }
 func (*PodResourceClaim) ProtoMessage() {}
 func (*PodResourceClaim) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{137}
+	return fileDescriptor_83c10c24ec417dc9, []int{138}
 }
 func (m *PodResourceClaim) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3913,10 +3941,38 @@ func (m *PodResourceClaim) XXX_DiscardUnknown() {
 
 var xxx_messageInfo_PodResourceClaim proto.InternalMessageInfo
 
+func (m *PodResourceClaimStatus) Reset()      { *m = PodResourceClaimStatus{} }
+func (*PodResourceClaimStatus) ProtoMessage() {}
+func (*PodResourceClaimStatus) Descriptor() ([]byte, []int) {
+	return fileDescriptor_83c10c24ec417dc9, []int{139}
+}
+func (m *PodResourceClaimStatus) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *PodResourceClaimStatus) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	b = b[:cap(b)]
+	n, err := m.MarshalToSizedBuffer(b)
+	if err != nil {
+		return nil, err
+	}
+	return b[:n], nil
+}
+func (m *PodResourceClaimStatus) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_PodResourceClaimStatus.Merge(m, src)
+}
+func (m *PodResourceClaimStatus) XXX_Size() int {
+	return m.Size()
+}
+func (m *PodResourceClaimStatus) XXX_DiscardUnknown() {
+	xxx_messageInfo_PodResourceClaimStatus.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_PodResourceClaimStatus proto.InternalMessageInfo
+
 func (m *PodSchedulingGate) Reset()      { *m = PodSchedulingGate{} }
 func (*PodSchedulingGate) ProtoMessage() {}
 func (*PodSchedulingGate) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{138}
+	return fileDescriptor_83c10c24ec417dc9, []int{140}
 }
 func (m *PodSchedulingGate) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3944,7 +4000,7 @@ var xxx_messageInfo_PodSchedulingGate proto.InternalMessageInfo
 func (m *PodSecurityContext) Reset()      { *m = PodSecurityContext{} }
 func (*PodSecurityContext) ProtoMessage() {}
 func (*PodSecurityContext) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{139}
+	return fileDescriptor_83c10c24ec417dc9, []int{141}
 }
 func (m *PodSecurityContext) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3972,7 +4028,7 @@ var xxx_messageInfo_PodSecurityContext proto.InternalMessageInfo
 func (m *PodSignature) Reset()      { *m = PodSignature{} }
 func (*PodSignature) ProtoMessage() {}
 func (*PodSignature) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{140}
+	return fileDescriptor_83c10c24ec417dc9, []int{142}
 }
 func (m *PodSignature) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4000,7 +4056,7 @@ var xxx_messageInfo_PodSignature proto.InternalMessageInfo
 func (m *PodSpec) Reset()      { *m = PodSpec{} }
 func (*PodSpec) ProtoMessage() {}
 func (*PodSpec) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{141}
+	return fileDescriptor_83c10c24ec417dc9, []int{143}
 }
 func (m *PodSpec) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4028,7 +4084,7 @@ var xxx_messageInfo_PodSpec proto.InternalMessageInfo
 func (m *PodStatus) Reset()      { *m = PodStatus{} }
 func (*PodStatus) ProtoMessage() {}
 func (*PodStatus) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{142}
+	return fileDescriptor_83c10c24ec417dc9, []int{144}
 }
 func (m *PodStatus) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4056,7 +4112,7 @@ var xxx_messageInfo_PodStatus proto.InternalMessageInfo
 func (m *PodStatusResult) Reset()      { *m = PodStatusResult{} }
 func (*PodStatusResult) ProtoMessage() {}
 func (*PodStatusResult) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{143}
+	return fileDescriptor_83c10c24ec417dc9, []int{145}
 }
 func (m *PodStatusResult) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4084,7 +4140,7 @@ var xxx_messageInfo_PodStatusResult proto.InternalMessageInfo
 func (m *PodTemplate) Reset()      { *m = PodTemplate{} }
 func (*PodTemplate) ProtoMessage() {}
 func (*PodTemplate) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{144}
+	return fileDescriptor_83c10c24ec417dc9, []int{146}
 }
 func (m *PodTemplate) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4112,7 +4168,7 @@ var xxx_messageInfo_PodTemplate proto.InternalMessageInfo
 func (m *PodTemplateList) Reset()      { *m = PodTemplateList{} }
 func (*PodTemplateList) ProtoMessage() {}
 func (*PodTemplateList) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{145}
+	return fileDescriptor_83c10c24ec417dc9, []int{147}
 }
 func (m *PodTemplateList) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4140,7 +4196,7 @@ var xxx_messageInfo_PodTemplateList proto.InternalMessageInfo
 func (m *PodTemplateSpec) Reset()      { *m = PodTemplateSpec{} }
 func (*PodTemplateSpec) ProtoMessage() {}
 func (*PodTemplateSpec) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{146}
+	return fileDescriptor_83c10c24ec417dc9, []int{148}
 }
 func (m *PodTemplateSpec) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4168,7 +4224,7 @@ var xxx_messageInfo_PodTemplateSpec proto.InternalMessageInfo
 func (m *PortStatus) Reset()      { *m = PortStatus{} }
 func (*PortStatus) ProtoMessage() {}
 func (*PortStatus) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{147}
+	return fileDescriptor_83c10c24ec417dc9, []int{149}
 }
 func (m *PortStatus) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4196,7 +4252,7 @@ var xxx_messageInfo_PortStatus proto.InternalMessageInfo
 func (m *PortworxVolumeSource) Reset()      { *m = PortworxVolumeSource{} }
 func (*PortworxVolumeSource) ProtoMessage() {}
 func (*PortworxVolumeSource) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{148}
+	return fileDescriptor_83c10c24ec417dc9, []int{150}
 }
 func (m *PortworxVolumeSource) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4224,7 +4280,7 @@ var xxx_messageInfo_PortworxVolumeSource proto.InternalMessageInfo
 func (m *Preconditions) Reset()      { *m = Preconditions{} }
 func (*Preconditions) ProtoMessage() {}
 func (*Preconditions) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{149}
+	return fileDescriptor_83c10c24ec417dc9, []int{151}
 }
 func (m *Preconditions) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4252,7 +4308,7 @@ var xxx_messageInfo_Preconditions proto.InternalMessageInfo
 func (m *PreferAvoidPodsEntry) Reset()      { *m = PreferAvoidPodsEntry{} }
 func (*PreferAvoidPodsEntry) ProtoMessage() {}
 func (*PreferAvoidPodsEntry) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{150}
+	return fileDescriptor_83c10c24ec417dc9, []int{152}
 }
 func (m *PreferAvoidPodsEntry) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4280,7 +4336,7 @@ var xxx_messageInfo_PreferAvoidPodsEntry proto.InternalMessageInfo
 func (m *PreferredSchedulingTerm) Reset()      { *m = PreferredSchedulingTerm{} }
 func (*PreferredSchedulingTerm) ProtoMessage() {}
 func (*PreferredSchedulingTerm) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{151}
+	return fileDescriptor_83c10c24ec417dc9, []int{153}
 }
 func (m *PreferredSchedulingTerm) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4308,7 +4364,7 @@ var xxx_messageInfo_PreferredSchedulingTerm proto.InternalMessageInfo
 func (m *Probe) Reset()      { *m = Probe{} }
 func (*Probe) ProtoMessage() {}
 func (*Probe) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{152}
+	return fileDescriptor_83c10c24ec417dc9, []int{154}
 }
 func (m *Probe) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4336,7 +4392,7 @@ var xxx_messageInfo_Probe proto.InternalMessageInfo
 func (m *ProbeHandler) Reset()      { *m = ProbeHandler{} }
 func (*ProbeHandler) ProtoMessage() {}
 func (*ProbeHandler) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{153}
+	return fileDescriptor_83c10c24ec417dc9, []int{155}
 }
 func (m *ProbeHandler) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4364,7 +4420,7 @@ var xxx_messageInfo_ProbeHandler proto.InternalMessageInfo
 func (m *ProjectedVolumeSource) Reset()      { *m = ProjectedVolumeSource{} }
 func (*ProjectedVolumeSource) ProtoMessage() {}
 func (*ProjectedVolumeSource) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{154}
+	return fileDescriptor_83c10c24ec417dc9, []int{156}
 }
 func (m *ProjectedVolumeSource) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4392,7 +4448,7 @@ var xxx_messageInfo_ProjectedVolumeSource proto.InternalMessageInfo
 func (m *QuobyteVolumeSource) Reset()      { *m = QuobyteVolumeSource{} }
 func (*QuobyteVolumeSource) ProtoMessage() {}
 func (*QuobyteVolumeSource) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{155}
+	return fileDescriptor_83c10c24ec417dc9, []int{157}
 }
 func (m *QuobyteVolumeSource) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4420,7 +4476,7 @@ var xxx_messageInfo_QuobyteVolumeSource proto.InternalMessageInfo
 func (m *RBDPersistentVolumeSource) Reset()      { *m = RBDPersistentVolumeSource{} }
 func (*RBDPersistentVolumeSource) ProtoMessage() {}
 func (*RBDPersistentVolumeSource) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{156}
+	return fileDescriptor_83c10c24ec417dc9, []int{158}
 }
 func (m *RBDPersistentVolumeSource) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4448,7 +4504,7 @@ var xxx_messageInfo_RBDPersistentVolumeSource proto.InternalMessageInfo
 func (m *RBDVolumeSource) Reset()      { *m = RBDVolumeSource{} }
 func (*RBDVolumeSource) ProtoMessage() {}
 func (*RBDVolumeSource) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{157}
+	return fileDescriptor_83c10c24ec417dc9, []int{159}
 }
 func (m *RBDVolumeSource) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4476,7 +4532,7 @@ var xxx_messageInfo_RBDVolumeSource proto.InternalMessageInfo
 func (m *RangeAllocation) Reset()      { *m = RangeAllocation{} }
 func (*RangeAllocation) ProtoMessage() {}
 func (*RangeAllocation) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{158}
+	return fileDescriptor_83c10c24ec417dc9, []int{160}
 }
 func (m *RangeAllocation) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4504,7 +4560,7 @@ var xxx_messageInfo_RangeAllocation proto.InternalMessageInfo
 func (m *ReplicationController) Reset()      { *m = ReplicationController{} }
 func (*ReplicationController) ProtoMessage() {}
 func (*ReplicationController) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{159}
+	return fileDescriptor_83c10c24ec417dc9, []int{161}
 }
 func (m *ReplicationController) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4532,7 +4588,7 @@ var xxx_messageInfo_ReplicationController proto.InternalMessageInfo
 func (m *ReplicationControllerCondition) Reset()      { *m = ReplicationControllerCondition{} }
 func (*ReplicationControllerCondition) ProtoMessage() {}
 func (*ReplicationControllerCondition) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{160}
+	return fileDescriptor_83c10c24ec417dc9, []int{162}
 }
 func (m *ReplicationControllerCondition) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4560,7 +4616,7 @@ var xxx_messageInfo_ReplicationControllerCondition proto.InternalMessageInfo
 func (m *ReplicationControllerList) Reset()      { *m = ReplicationControllerList{} }
 func (*ReplicationControllerList) ProtoMessage() {}
 func (*ReplicationControllerList) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{161}
+	return fileDescriptor_83c10c24ec417dc9, []int{163}
 }
 func (m *ReplicationControllerList) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4588,7 +4644,7 @@ var xxx_messageInfo_ReplicationControllerList proto.InternalMessageInfo
 func (m *ReplicationControllerSpec) Reset()      { *m = ReplicationControllerSpec{} }
 func (*ReplicationControllerSpec) ProtoMessage() {}
 func (*ReplicationControllerSpec) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{162}
+	return fileDescriptor_83c10c24ec417dc9, []int{164}
 }
 func (m *ReplicationControllerSpec) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4616,7 +4672,7 @@ var xxx_messageInfo_ReplicationControllerSpec proto.InternalMessageInfo
 func (m *ReplicationControllerStatus) Reset()      { *m = ReplicationControllerStatus{} }
 func (*ReplicationControllerStatus) ProtoMessage() {}
 func (*ReplicationControllerStatus) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{163}
+	return fileDescriptor_83c10c24ec417dc9, []int{165}
 }
 func (m *ReplicationControllerStatus) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4644,7 +4700,7 @@ var xxx_messageInfo_ReplicationControllerStatus proto.InternalMessageInfo
 func (m *ResourceClaim) Reset()      { *m = ResourceClaim{} }
 func (*ResourceClaim) ProtoMessage() {}
 func (*ResourceClaim) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{164}
+	return fileDescriptor_83c10c24ec417dc9, []int{166}
 }
 func (m *ResourceClaim) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4672,7 +4728,7 @@ var xxx_messageInfo_ResourceClaim proto.InternalMessageInfo
 func (m *ResourceFieldSelector) Reset()      { *m = ResourceFieldSelector{} }
 func (*ResourceFieldSelector) ProtoMessage() {}
 func (*ResourceFieldSelector) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{165}
+	return fileDescriptor_83c10c24ec417dc9, []int{167}
 }
 func (m *ResourceFieldSelector) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4700,7 +4756,7 @@ var xxx_messageInfo_ResourceFieldSelector proto.InternalMessageInfo
 func (m *ResourceQuota) Reset()      { *m = ResourceQuota{} }
 func (*ResourceQuota) ProtoMessage() {}
 func (*ResourceQuota) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{166}
+	return fileDescriptor_83c10c24ec417dc9, []int{168}
 }
 func (m *ResourceQuota) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4728,7 +4784,7 @@ var xxx_messageInfo_ResourceQuota proto.InternalMessageInfo
 func (m *ResourceQuotaList) Reset()      { *m = ResourceQuotaList{} }
 func (*ResourceQuotaList) ProtoMessage() {}
 func (*ResourceQuotaList) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{167}
+	return fileDescriptor_83c10c24ec417dc9, []int{169}
 }
 func (m *ResourceQuotaList) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4756,7 +4812,7 @@ var xxx_messageInfo_ResourceQuotaList proto.InternalMessageInfo
 func (m *ResourceQuotaSpec) Reset()      { *m = ResourceQuotaSpec{} }
 func (*ResourceQuotaSpec) ProtoMessage() {}
 func (*ResourceQuotaSpec) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{168}
+	return fileDescriptor_83c10c24ec417dc9, []int{170}
 }
 func (m *ResourceQuotaSpec) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4784,7 +4840,7 @@ var xxx_messageInfo_ResourceQuotaSpec proto.InternalMessageInfo
 func (m *ResourceQuotaStatus) Reset()      { *m = ResourceQuotaStatus{} }
 func (*ResourceQuotaStatus) ProtoMessage() {}
 func (*ResourceQuotaStatus) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{169}
+	return fileDescriptor_83c10c24ec417dc9, []int{171}
 }
 func (m *ResourceQuotaStatus) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4812,7 +4868,7 @@ var xxx_messageInfo_ResourceQuotaStatus proto.InternalMessageInfo
 func (m *ResourceRequirements) Reset()      { *m = ResourceRequirements{} }
 func (*ResourceRequirements) ProtoMessage() {}
 func (*ResourceRequirements) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{170}
+	return fileDescriptor_83c10c24ec417dc9, []int{172}
 }
 func (m *ResourceRequirements) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4840,7 +4896,7 @@ var xxx_messageInfo_ResourceRequirements proto.InternalMessageInfo
 func (m *SELinuxOptions) Reset()      { *m = SELinuxOptions{} }
 func (*SELinuxOptions) ProtoMessage() {}
 func (*SELinuxOptions) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{171}
+	return fileDescriptor_83c10c24ec417dc9, []int{173}
 }
 func (m *SELinuxOptions) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4868,7 +4924,7 @@ var xxx_messageInfo_SELinuxOptions proto.InternalMessageInfo
 func (m *ScaleIOPersistentVolumeSource) Reset()      { *m = ScaleIOPersistentVolumeSource{} }
 func (*ScaleIOPersistentVolumeSource) ProtoMessage() {}
 func (*ScaleIOPersistentVolumeSource) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{172}
+	return fileDescriptor_83c10c24ec417dc9, []int{174}
 }
 func (m *ScaleIOPersistentVolumeSource) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4896,7 +4952,7 @@ var xxx_messageInfo_ScaleIOPersistentVolumeSource proto.InternalMessageInfo
 func (m *ScaleIOVolumeSource) Reset()      { *m = ScaleIOVolumeSource{} }
 func (*ScaleIOVolumeSource) ProtoMessage() {}
 func (*ScaleIOVolumeSource) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{173}
+	return fileDescriptor_83c10c24ec417dc9, []int{175}
 }
 func (m *ScaleIOVolumeSource) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4924,7 +4980,7 @@ var xxx_messageInfo_ScaleIOVolumeSource proto.InternalMessageInfo
 func (m *ScopeSelector) Reset()      { *m = ScopeSelector{} }
 func (*ScopeSelector) ProtoMessage() {}
 func (*ScopeSelector) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{174}
+	return fileDescriptor_83c10c24ec417dc9, []int{176}
 }
 func (m *ScopeSelector) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4952,7 +5008,7 @@ var xxx_messageInfo_ScopeSelector proto.InternalMessageInfo
 func (m *ScopedResourceSelectorRequirement) Reset()      { *m = ScopedResourceSelectorRequirement{} }
 func (*ScopedResourceSelectorRequirement) ProtoMessage() {}
 func (*ScopedResourceSelectorRequirement) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{175}
+	return fileDescriptor_83c10c24ec417dc9, []int{177}
 }
 func (m *ScopedResourceSelectorRequirement) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4980,7 +5036,7 @@ var xxx_messageInfo_ScopedResourceSelectorRequirement proto.InternalMessageInfo
 func (m *SeccompProfile) Reset()      { *m = SeccompProfile{} }
 func (*SeccompProfile) ProtoMessage() {}
 func (*SeccompProfile) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{176}
+	return fileDescriptor_83c10c24ec417dc9, []int{178}
 }
 func (m *SeccompProfile) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -5008,7 +5064,7 @@ var xxx_messageInfo_SeccompProfile proto.InternalMessageInfo
 func (m *Secret) Reset()      { *m = Secret{} }
 func (*Secret) ProtoMessage() {}
 func (*Secret) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{177}
+	return fileDescriptor_83c10c24ec417dc9, []int{179}
 }
 func (m *Secret) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -5036,7 +5092,7 @@ var xxx_messageInfo_Secret proto.InternalMessageInfo
 func (m *SecretEnvSource) Reset()      { *m = SecretEnvSource{} }
 func (*SecretEnvSource) ProtoMessage() {}
 func (*SecretEnvSource) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{178}
+	return fileDescriptor_83c10c24ec417dc9, []int{180}
 }
 func (m *SecretEnvSource) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -5064,7 +5120,7 @@ var xxx_messageInfo_SecretEnvSource proto.InternalMessageInfo
 func (m *SecretKeySelector) Reset()      { *m = SecretKeySelector{} }
 func (*SecretKeySelector) ProtoMessage() {}
 func (*SecretKeySelector) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{179}
+	return fileDescriptor_83c10c24ec417dc9, []int{181}
 }
 func (m *SecretKeySelector) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -5092,7 +5148,7 @@ var xxx_messageInfo_SecretKeySelector proto.InternalMessageInfo
 func (m *SecretList) Reset()      { *m = SecretList{} }
 func (*SecretList) ProtoMessage() {}
 func (*SecretList) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{180}
+	return fileDescriptor_83c10c24ec417dc9, []int{182}
 }
 func (m *SecretList) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -5120,7 +5176,7 @@ var xxx_messageInfo_SecretList proto.InternalMessageInfo
 func (m *SecretProjection) Reset()      { *m = SecretProjection{} }
 func (*SecretProjection) ProtoMessage() {}
 func (*SecretProjection) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{181}
+	return fileDescriptor_83c10c24ec417dc9, []int{183}
 }
 func (m *SecretProjection) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -5148,7 +5204,7 @@ var xxx_messageInfo_SecretProjection proto.InternalMessageInfo
 func (m *SecretReference) Reset()      { *m = SecretReference{} }
 func (*SecretReference) ProtoMessage() {}
 func (*SecretReference) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{182}
+	return fileDescriptor_83c10c24ec417dc9, []int{184}
 }
 func (m *SecretReference) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -5176,7 +5232,7 @@ var xxx_messageInfo_SecretReference proto.InternalMessageInfo
 func (m *SecretVolumeSource) Reset()      { *m = SecretVolumeSource{} }
 func (*SecretVolumeSource) ProtoMessage() {}
 func (*SecretVolumeSource) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{183}
+	return fileDescriptor_83c10c24ec417dc9, []int{185}
 }
 func (m *SecretVolumeSource) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -5204,7 +5260,7 @@ var xxx_messageInfo_SecretVolumeSource proto.InternalMessageInfo
 func (m *SecurityContext) Reset()      { *m = SecurityContext{} }
 func (*SecurityContext) ProtoMessage() {}
 func (*SecurityContext) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{184}
+	return fileDescriptor_83c10c24ec417dc9, []int{186}
 }
 func (m *SecurityContext) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -5232,7 +5288,7 @@ var xxx_messageInfo_SecurityContext proto.InternalMessageInfo
 func (m *SerializedReference) Reset()      { *m = SerializedReference{} }
 func (*SerializedReference) ProtoMessage() {}
 func (*SerializedReference) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{185}
+	return fileDescriptor_83c10c24ec417dc9, []int{187}
 }
 func (m *SerializedReference) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -5260,7 +5316,7 @@ var xxx_messageInfo_SerializedReference proto.InternalMessageInfo
 func (m *Service) Reset()      { *m = Service{} }
 func (*Service) ProtoMessage() {}
 func (*Service) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{186}
+	return fileDescriptor_83c10c24ec417dc9, []int{188}
 }
 func (m *Service) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -5288,7 +5344,7 @@ var xxx_messageInfo_Service proto.InternalMessageInfo
 func (m *ServiceAccount) Reset()      { *m = ServiceAccount{} }
 func (*ServiceAccount) ProtoMessage() {}
 func (*ServiceAccount) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{187}
+	return fileDescriptor_83c10c24ec417dc9, []int{189}
 }
 func (m *ServiceAccount) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -5316,7 +5372,7 @@ var xxx_messageInfo_ServiceAccount proto.InternalMessageInfo
 func (m *ServiceAccountList) Reset()      { *m = ServiceAccountList{} }
 func (*ServiceAccountList) ProtoMessage() {}
 func (*ServiceAccountList) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{188}
+	return fileDescriptor_83c10c24ec417dc9, []int{190}
 }
 func (m *ServiceAccountList) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -5344,7 +5400,7 @@ var xxx_messageInfo_ServiceAccountList proto.InternalMessageInfo
 func (m *ServiceAccountTokenProjection) Reset()      { *m = ServiceAccountTokenProjection{} }
 func (*ServiceAccountTokenProjection) ProtoMessage() {}
 func (*ServiceAccountTokenProjection) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{189}
+	return fileDescriptor_83c10c24ec417dc9, []int{191}
 }
 func (m *ServiceAccountTokenProjection) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -5372,7 +5428,7 @@ var xxx_messageInfo_ServiceAccountTokenProjection proto.InternalMessageInfo
 func (m *ServiceList) Reset()      { *m = ServiceList{} }
 func (*ServiceList) ProtoMessage() {}
 func (*ServiceList) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{190}
+	return fileDescriptor_83c10c24ec417dc9, []int{192}
 }
 func (m *ServiceList) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -5400,7 +5456,7 @@ var xxx_messageInfo_ServiceList proto.InternalMessageInfo
 func (m *ServicePort) Reset()      { *m = ServicePort{} }
 func (*ServicePort) ProtoMessage() {}
 func (*ServicePort) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{191}
+	return fileDescriptor_83c10c24ec417dc9, []int{193}
 }
 func (m *ServicePort) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -5428,7 +5484,7 @@ var xxx_messageInfo_ServicePort proto.InternalMessageInfo
 func (m *ServiceProxyOptions) Reset()      { *m = ServiceProxyOptions{} }
 func (*ServiceProxyOptions) ProtoMessage() {}
 func (*ServiceProxyOptions) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{192}
+	return fileDescriptor_83c10c24ec417dc9, []int{194}
 }
 func (m *ServiceProxyOptions) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -5456,7 +5512,7 @@ var xxx_messageInfo_ServiceProxyOptions proto.InternalMessageInfo
 func (m *ServiceSpec) Reset()      { *m = ServiceSpec{} }
 func (*ServiceSpec) ProtoMessage() {}
 func (*ServiceSpec) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{193}
+	return fileDescriptor_83c10c24ec417dc9, []int{195}
 }
 func (m *ServiceSpec) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -5484,7 +5540,7 @@ var xxx_messageInfo_ServiceSpec proto.InternalMessageInfo
 func (m *ServiceStatus) Reset()      { *m = ServiceStatus{} }
 func (*ServiceStatus) ProtoMessage() {}
 func (*ServiceStatus) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{194}
+	return fileDescriptor_83c10c24ec417dc9, []int{196}
 }
 func (m *ServiceStatus) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -5512,7 +5568,7 @@ var xxx_messageInfo_ServiceStatus proto.InternalMessageInfo
 func (m *SessionAffinityConfig) Reset()      { *m = SessionAffinityConfig{} }
 func (*SessionAffinityConfig) ProtoMessage() {}
 func (*SessionAffinityConfig) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{195}
+	return fileDescriptor_83c10c24ec417dc9, []int{197}
 }
 func (m *SessionAffinityConfig) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -5540,7 +5596,7 @@ var xxx_messageInfo_SessionAffinityConfig proto.InternalMessageInfo
 func (m *StorageOSPersistentVolumeSource) Reset()      { *m = StorageOSPersistentVolumeSource{} }
 func (*StorageOSPersistentVolumeSource) ProtoMessage() {}
 func (*StorageOSPersistentVolumeSource) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{196}
+	return fileDescriptor_83c10c24ec417dc9, []int{198}
 }
 func (m *StorageOSPersistentVolumeSource) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -5568,7 +5624,7 @@ var xxx_messageInfo_StorageOSPersistentVolumeSource proto.InternalMessageInfo
 func (m *StorageOSVolumeSource) Reset()      { *m = StorageOSVolumeSource{} }
 func (*StorageOSVolumeSource) ProtoMessage() {}
 func (*StorageOSVolumeSource) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{197}
+	return fileDescriptor_83c10c24ec417dc9, []int{199}
 }
 func (m *StorageOSVolumeSource) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -5596,7 +5652,7 @@ var xxx_messageInfo_StorageOSVolumeSource proto.InternalMessageInfo
 func (m *Sysctl) Reset()      { *m = Sysctl{} }
 func (*Sysctl) ProtoMessage() {}
 func (*Sysctl) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{198}
+	return fileDescriptor_83c10c24ec417dc9, []int{200}
 }
 func (m *Sysctl) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -5624,7 +5680,7 @@ var xxx_messageInfo_Sysctl proto.InternalMessageInfo
 func (m *TCPSocketAction) Reset()      { *m = TCPSocketAction{} }
 func (*TCPSocketAction) ProtoMessage() {}
 func (*TCPSocketAction) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{199}
+	return fileDescriptor_83c10c24ec417dc9, []int{201}
 }
 func (m *TCPSocketAction) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -5652,7 +5708,7 @@ var xxx_messageInfo_TCPSocketAction proto.InternalMessageInfo
 func (m *Taint) Reset()      { *m = Taint{} }
 func (*Taint) ProtoMessage() {}
 func (*Taint) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{200}
+	return fileDescriptor_83c10c24ec417dc9, []int{202}
 }
 func (m *Taint) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -5680,7 +5736,7 @@ var xxx_messageInfo_Taint proto.InternalMessageInfo
 func (m *Toleration) Reset()      { *m = Toleration{} }
 func (*Toleration) ProtoMessage() {}
 func (*Toleration) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{201}
+	return fileDescriptor_83c10c24ec417dc9, []int{203}
 }
 func (m *Toleration) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -5708,7 +5764,7 @@ var xxx_messageInfo_Toleration proto.InternalMessageInfo
 func (m *TopologySelectorLabelRequirement) Reset()      { *m = TopologySelectorLabelRequirement{} }
 func (*TopologySelectorLabelRequirement) ProtoMessage() {}
 func (*TopologySelectorLabelRequirement) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{202}
+	return fileDescriptor_83c10c24ec417dc9, []int{204}
 }
 func (m *TopologySelectorLabelRequirement) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -5736,7 +5792,7 @@ var xxx_messageInfo_TopologySelectorLabelRequirement proto.InternalMessageInfo
 func (m *TopologySelectorTerm) Reset()      { *m = TopologySelectorTerm{} }
 func (*TopologySelectorTerm) ProtoMessage() {}
 func (*TopologySelectorTerm) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{203}
+	return fileDescriptor_83c10c24ec417dc9, []int{205}
 }
 func (m *TopologySelectorTerm) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -5764,7 +5820,7 @@ var xxx_messageInfo_TopologySelectorTerm proto.InternalMessageInfo
 func (m *TopologySpreadConstraint) Reset()      { *m = TopologySpreadConstraint{} }
 func (*TopologySpreadConstraint) ProtoMessage() {}
 func (*TopologySpreadConstraint) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{204}
+	return fileDescriptor_83c10c24ec417dc9, []int{206}
 }
 func (m *TopologySpreadConstraint) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -5792,7 +5848,7 @@ var xxx_messageInfo_TopologySpreadConstraint proto.InternalMessageInfo
 func (m *TypedLocalObjectReference) Reset()      { *m = TypedLocalObjectReference{} }
 func (*TypedLocalObjectReference) ProtoMessage() {}
 func (*TypedLocalObjectReference) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{205}
+	return fileDescriptor_83c10c24ec417dc9, []int{207}
 }
 func (m *TypedLocalObjectReference) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -5820,7 +5876,7 @@ var xxx_messageInfo_TypedLocalObjectReference proto.InternalMessageInfo
 func (m *TypedObjectReference) Reset()      { *m = TypedObjectReference{} }
 func (*TypedObjectReference) ProtoMessage() {}
 func (*TypedObjectReference) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{206}
+	return fileDescriptor_83c10c24ec417dc9, []int{208}
 }
 func (m *TypedObjectReference) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -5848,7 +5904,7 @@ var xxx_messageInfo_TypedObjectReference proto.InternalMessageInfo
 func (m *Volume) Reset()      { *m = Volume{} }
 func (*Volume) ProtoMessage() {}
 func (*Volume) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{207}
+	return fileDescriptor_83c10c24ec417dc9, []int{209}
 }
 func (m *Volume) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -5876,7 +5932,7 @@ var xxx_messageInfo_Volume proto.InternalMessageInfo
 func (m *VolumeDevice) Reset()      { *m = VolumeDevice{} }
 func (*VolumeDevice) ProtoMessage() {}
 func (*VolumeDevice) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{208}
+	return fileDescriptor_83c10c24ec417dc9, []int{210}
 }
 func (m *VolumeDevice) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -5904,7 +5960,7 @@ var xxx_messageInfo_VolumeDevice proto.InternalMessageInfo
 func (m *VolumeMount) Reset()      { *m = VolumeMount{} }
 func (*VolumeMount) ProtoMessage() {}
 func (*VolumeMount) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{209}
+	return fileDescriptor_83c10c24ec417dc9, []int{211}
 }
 func (m *VolumeMount) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -5932,7 +5988,7 @@ var xxx_messageInfo_VolumeMount proto.InternalMessageInfo
 func (m *VolumeNodeAffinity) Reset()      { *m = VolumeNodeAffinity{} }
 func (*VolumeNodeAffinity) ProtoMessage() {}
 func (*VolumeNodeAffinity) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{210}
+	return fileDescriptor_83c10c24ec417dc9, []int{212}
 }
 func (m *VolumeNodeAffinity) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -5960,7 +6016,7 @@ var xxx_messageInfo_VolumeNodeAffinity proto.InternalMessageInfo
 func (m *VolumeProjection) Reset()      { *m = VolumeProjection{} }
 func (*VolumeProjection) ProtoMessage() {}
 func (*VolumeProjection) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{211}
+	return fileDescriptor_83c10c24ec417dc9, []int{213}
 }
 func (m *VolumeProjection) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -5988,7 +6044,7 @@ var xxx_messageInfo_VolumeProjection proto.InternalMessageInfo
 func (m *VolumeSource) Reset()      { *m = VolumeSource{} }
 func (*VolumeSource) ProtoMessage() {}
 func (*VolumeSource) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{212}
+	return fileDescriptor_83c10c24ec417dc9, []int{214}
 }
 func (m *VolumeSource) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -6016,7 +6072,7 @@ var xxx_messageInfo_VolumeSource proto.InternalMessageInfo
 func (m *VsphereVirtualDiskVolumeSource) Reset()      { *m = VsphereVirtualDiskVolumeSource{} }
 func (*VsphereVirtualDiskVolumeSource) ProtoMessage() {}
 func (*VsphereVirtualDiskVolumeSource) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{213}
+	return fileDescriptor_83c10c24ec417dc9, []int{215}
 }
 func (m *VsphereVirtualDiskVolumeSource) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -6044,7 +6100,7 @@ var xxx_messageInfo_VsphereVirtualDiskVolumeSource proto.InternalMessageInfo
 func (m *WeightedPodAffinityTerm) Reset()      { *m = WeightedPodAffinityTerm{} }
 func (*WeightedPodAffinityTerm) ProtoMessage() {}
 func (*WeightedPodAffinityTerm) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{214}
+	return fileDescriptor_83c10c24ec417dc9, []int{216}
 }
 func (m *WeightedPodAffinityTerm) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -6072,7 +6128,7 @@ var xxx_messageInfo_WeightedPodAffinityTerm proto.InternalMessageInfo
 func (m *WindowsSecurityContextOptions) Reset()      { *m = WindowsSecurityContextOptions{} }
 func (*WindowsSecurityContextOptions) ProtoMessage() {}
 func (*WindowsSecurityContextOptions) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{215}
+	return fileDescriptor_83c10c24ec417dc9, []int{217}
 }
 func (m *WindowsSecurityContextOptions) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -6174,6 +6230,7 @@ func init() {
 	proto.RegisterType((*HTTPGetAction)(nil), "k8s.io.api.core.v1.HTTPGetAction")
 	proto.RegisterType((*HTTPHeader)(nil), "k8s.io.api.core.v1.HTTPHeader")
 	proto.RegisterType((*HostAlias)(nil), "k8s.io.api.core.v1.HostAlias")
+	proto.RegisterType((*HostIP)(nil), "k8s.io.api.core.v1.HostIP")
 	proto.RegisterType((*HostPathVolumeSource)(nil), "k8s.io.api.core.v1.HostPathVolumeSource")
 	proto.RegisterType((*ISCSIPersistentVolumeSource)(nil), "k8s.io.api.core.v1.ISCSIPersistentVolumeSource")
 	proto.RegisterType((*ISCSIVolumeSource)(nil), "k8s.io.api.core.v1.ISCSIVolumeSource")
@@ -6227,6 +6284,7 @@ func init() {
 	proto.RegisterType((*PersistentVolumeClaimList)(nil), "k8s.io.api.core.v1.PersistentVolumeClaimList")
 	proto.RegisterType((*PersistentVolumeClaimSpec)(nil), "k8s.io.api.core.v1.PersistentVolumeClaimSpec")
 	proto.RegisterType((*PersistentVolumeClaimStatus)(nil), "k8s.io.api.core.v1.PersistentVolumeClaimStatus")
+	proto.RegisterMapType((map[ResourceName]ClaimResourceStatus)(nil), "k8s.io.api.core.v1.PersistentVolumeClaimStatus.AllocatedResourceStatusesEntry")
 	proto.RegisterMapType((ResourceList)(nil), "k8s.io.api.core.v1.PersistentVolumeClaimStatus.AllocatedResourcesEntry")
 	proto.RegisterMapType((ResourceList)(nil), "k8s.io.api.core.v1.PersistentVolumeClaimStatus.CapacityEntry")
 	proto.RegisterType((*PersistentVolumeClaimTemplate)(nil), "k8s.io.api.core.v1.PersistentVolumeClaimTemplate")
@@ -6254,6 +6312,7 @@ func init() {
 	proto.RegisterType((*PodProxyOptions)(nil), "k8s.io.api.core.v1.PodProxyOptions")
 	proto.RegisterType((*PodReadinessGate)(nil), "k8s.io.api.core.v1.PodReadinessGate")
 	proto.RegisterType((*PodResourceClaim)(nil), "k8s.io.api.core.v1.PodResourceClaim")
+	proto.RegisterType((*PodResourceClaimStatus)(nil), "k8s.io.api.core.v1.PodResourceClaimStatus")
 	proto.RegisterType((*PodSchedulingGate)(nil), "k8s.io.api.core.v1.PodSchedulingGate")
 	proto.RegisterType((*PodSecurityContext)(nil), "k8s.io.api.core.v1.PodSecurityContext")
 	proto.RegisterType((*PodSignature)(nil), "k8s.io.api.core.v1.PodSignature")
@@ -6350,925 +6409,934 @@ func init() {
 }
 
 var fileDescriptor_83c10c24ec417dc9 = []byte{
-	// 14685 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xec, 0xbd, 0x69, 0x90, 0x5c, 0xd7,
-	0x75, 0x18, 0xac, 0xd7, 0x3d, 0x5b, 0x9f, 0xd9, 0xef, 0x00, 0xe0, 0x60, 0x48, 0xa0, 0xc1, 0x47,
-	0x12, 0x04, 0x45, 0x72, 0x20, 0x70, 0x91, 0x28, 0x52, 0xa2, 0x35, 0x2b, 0x30, 0x04, 0x66, 0xd0,
-	0xbc, 0x3d, 0x00, 0x24, 0x8a, 0x52, 0xe9, 0x4d, 0xf7, 0x9d, 0x99, 0xa7, 0xe9, 0x7e, 0xaf, 0xf9,
-	0xde, 0xeb, 0x01, 0x06, 0x9f, 0x54, 0x9f, 0x2d, 0xc7, 0x8b, 0x6c, 0x27, 0xa5, 0x4a, 0x39, 0x4b,
-	0xc9, 0x2e, 0x57, 0xca, 0x76, 0x6c, 0x2b, 0xca, 0xa6, 0xc8, 0xb1, 0x1d, 0xcb, 0x5b, 0xb6, 0x8a,
-	0x93, 0x4a, 0x39, 0x8e, 0xab, 0x62, 0xb9, 0xe2, 0xca, 0xc4, 0x82, 0x53, 0xe5, 0x52, 0x55, 0x62,
-	0x3b, 0xcb, 0x8f, 0x64, 0xe2, 0xc4, 0xa9, 0xbb, 0xbe, 0x7b, 0xdf, 0xd2, 0xdd, 0x03, 0x0e, 0x46,
-	0x94, 0x8a, 0xff, 0xba, 0xcf, 0x39, 0xf7, 0xdc, 0xfb, 0xee, 0x7a, 0xee, 0x39, 0xe7, 0x9e, 0x03,
-	0xaf, 0xec, 0xbc, 0x14, 0xce, 0xba, 0xfe, 0xc5, 0x9d, 0xf6, 0x06, 0x09, 0x3c, 0x12, 0x91, 0xf0,
-	0xe2, 0x2e, 0xf1, 0xea, 0x7e, 0x70, 0x51, 0x20, 0x9c, 0x96, 0x7b, 0xb1, 0xe6, 0x07, 0xe4, 0xe2,
-	0xee, 0xa5, 0x8b, 0x5b, 0xc4, 0x23, 0x81, 0x13, 0x91, 0xfa, 0x6c, 0x2b, 0xf0, 0x23, 0x1f, 0x21,
-	0x4e, 0x33, 0xeb, 0xb4, 0xdc, 0x59, 0x4a, 0x33, 0xbb, 0x7b, 0x69, 0xe6, 0xd9, 0x2d, 0x37, 0xda,
-	0x6e, 0x6f, 0xcc, 0xd6, 0xfc, 0xe6, 0xc5, 0x2d, 0x7f, 0xcb, 0xbf, 0xc8, 0x48, 0x37, 0xda, 0x9b,
-	0xec, 0x1f, 0xfb, 0xc3, 0x7e, 0x71, 0x16, 0x33, 0x2f, 0xc4, 0xd5, 0x34, 0x9d, 0xda, 0xb6, 0xeb,
-	0x91, 0x60, 0xef, 0x62, 0x6b, 0x67, 0x8b, 0xd5, 0x1b, 0x90, 0xd0, 0x6f, 0x07, 0x35, 0x92, 0xac,
-	0xb8, 0x63, 0xa9, 0xf0, 0x62, 0x93, 0x44, 0x4e, 0x46, 0x73, 0x67, 0x2e, 0xe6, 0x95, 0x0a, 0xda,
-	0x5e, 0xe4, 0x36, 0xd3, 0xd5, 0xbc, 0xbf, 0x5b, 0x81, 0xb0, 0xb6, 0x4d, 0x9a, 0x4e, 0xaa, 0xdc,
-	0xf3, 0x79, 0xe5, 0xda, 0x91, 0xdb, 0xb8, 0xe8, 0x7a, 0x51, 0x18, 0x05, 0xc9, 0x42, 0xf6, 0xd7,
-	0x2d, 0x38, 0x37, 0x77, 0xab, 0xba, 0xd4, 0x70, 0xc2, 0xc8, 0xad, 0xcd, 0x37, 0xfc, 0xda, 0x4e,
-	0x35, 0xf2, 0x03, 0x72, 0xd3, 0x6f, 0xb4, 0x9b, 0xa4, 0xca, 0x3a, 0x02, 0x3d, 0x03, 0x43, 0xbb,
-	0xec, 0xff, 0xca, 0xe2, 0xb4, 0x75, 0xce, 0xba, 0x50, 0x9a, 0x9f, 0xf8, 0xcd, 0xfd, 0xf2, 0x7b,
-	0xee, 0xed, 0x97, 0x87, 0x6e, 0x0a, 0x38, 0x56, 0x14, 0xe8, 0x3c, 0x0c, 0x6c, 0x86, 0xeb, 0x7b,
-	0x2d, 0x32, 0x5d, 0x60, 0xb4, 0x63, 0x82, 0x76, 0x60, 0xb9, 0x4a, 0xa1, 0x58, 0x60, 0xd1, 0x45,
-	0x28, 0xb5, 0x9c, 0x20, 0x72, 0x23, 0xd7, 0xf7, 0xa6, 0x8b, 0xe7, 0xac, 0x0b, 0xfd, 0xf3, 0x93,
-	0x82, 0xb4, 0x54, 0x91, 0x08, 0x1c, 0xd3, 0xd0, 0x66, 0x04, 0xc4, 0xa9, 0x5f, 0xf7, 0x1a, 0x7b,
-	0xd3, 0x7d, 0xe7, 0xac, 0x0b, 0x43, 0x71, 0x33, 0xb0, 0x80, 0x63, 0x45, 0x61, 0x7f, 0xb1, 0x00,
-	0x43, 0x73, 0x9b, 0x9b, 0xae, 0xe7, 0x46, 0x7b, 0xe8, 0x26, 0x8c, 0x78, 0x7e, 0x9d, 0xc8, 0xff,
-	0xec, 0x2b, 0x86, 0x9f, 0x3b, 0x37, 0x9b, 0x9e, 0x4a, 0xb3, 0x6b, 0x1a, 0xdd, 0xfc, 0xc4, 0xbd,
-	0xfd, 0xf2, 0x88, 0x0e, 0xc1, 0x06, 0x1f, 0x84, 0x61, 0xb8, 0xe5, 0xd7, 0x15, 0xdb, 0x02, 0x63,
-	0x5b, 0xce, 0x62, 0x5b, 0x89, 0xc9, 0xe6, 0xc7, 0xef, 0xed, 0x97, 0x87, 0x35, 0x00, 0xd6, 0x99,
-	0xa0, 0x0d, 0x18, 0xa7, 0x7f, 0xbd, 0xc8, 0x55, 0x7c, 0x8b, 0x8c, 0xef, 0x63, 0x79, 0x7c, 0x35,
-	0xd2, 0xf9, 0xa9, 0x7b, 0xfb, 0xe5, 0xf1, 0x04, 0x10, 0x27, 0x19, 0xda, 0x77, 0x61, 0x6c, 0x2e,
-	0x8a, 0x9c, 0xda, 0x36, 0xa9, 0xf3, 0x11, 0x44, 0x2f, 0x40, 0x9f, 0xe7, 0x34, 0x89, 0x18, 0xdf,
-	0x73, 0xa2, 0x63, 0xfb, 0xd6, 0x9c, 0x26, 0x39, 0xd8, 0x2f, 0x4f, 0xdc, 0xf0, 0xdc, 0xb7, 0xda,
-	0x62, 0x56, 0x50, 0x18, 0x66, 0xd4, 0xe8, 0x39, 0x80, 0x3a, 0xd9, 0x75, 0x6b, 0xa4, 0xe2, 0x44,
-	0xdb, 0x62, 0xbc, 0x91, 0x28, 0x0b, 0x8b, 0x0a, 0x83, 0x35, 0x2a, 0xfb, 0x0e, 0x94, 0xe6, 0x76,
-	0x7d, 0xb7, 0x5e, 0xf1, 0xeb, 0x21, 0xda, 0x81, 0xf1, 0x56, 0x40, 0x36, 0x49, 0xa0, 0x40, 0xd3,
-	0xd6, 0xb9, 0xe2, 0x85, 0xe1, 0xe7, 0x2e, 0x64, 0x7e, 0xac, 0x49, 0xba, 0xe4, 0x45, 0xc1, 0xde,
-	0xfc, 0x43, 0xa2, 0xbe, 0xf1, 0x04, 0x16, 0x27, 0x39, 0xdb, 0xff, 0xac, 0x00, 0x27, 0xe7, 0xee,
-	0xb6, 0x03, 0xb2, 0xe8, 0x86, 0x3b, 0xc9, 0x19, 0x5e, 0x77, 0xc3, 0x9d, 0xb5, 0xb8, 0x07, 0xd4,
-	0xd4, 0x5a, 0x14, 0x70, 0xac, 0x28, 0xd0, 0xb3, 0x30, 0x48, 0x7f, 0xdf, 0xc0, 0x2b, 0xe2, 0x93,
-	0xa7, 0x04, 0xf1, 0xf0, 0xa2, 0x13, 0x39, 0x8b, 0x1c, 0x85, 0x25, 0x0d, 0x5a, 0x85, 0xe1, 0x1a,
-	0x5b, 0x90, 0x5b, 0xab, 0x7e, 0x9d, 0xb0, 0xc1, 0x2c, 0xcd, 0x3f, 0x4d, 0xc9, 0x17, 0x62, 0xf0,
-	0xc1, 0x7e, 0x79, 0x9a, 0xb7, 0x4d, 0xb0, 0xd0, 0x70, 0x58, 0x2f, 0x8f, 0x6c, 0xb5, 0xbe, 0xfa,
-	0x18, 0x27, 0xc8, 0x58, 0x5b, 0x17, 0xb4, 0xa5, 0xd2, 0xcf, 0x96, 0xca, 0x48, 0xf6, 0x32, 0x41,
-	0x97, 0xa0, 0x6f, 0xc7, 0xf5, 0xea, 0xd3, 0x03, 0x8c, 0xd7, 0x19, 0x3a, 0xe6, 0x57, 0x5d, 0xaf,
-	0x7e, 0xb0, 0x5f, 0x9e, 0x34, 0x9a, 0x43, 0x81, 0x98, 0x91, 0xda, 0xff, 0xdd, 0x82, 0x32, 0xc3,
-	0x2d, 0xbb, 0x0d, 0x52, 0x21, 0x41, 0xe8, 0x86, 0x11, 0xf1, 0x22, 0xa3, 0x43, 0x9f, 0x03, 0x08,
-	0x49, 0x2d, 0x20, 0x91, 0xd6, 0xa5, 0x6a, 0x62, 0x54, 0x15, 0x06, 0x6b, 0x54, 0x74, 0x43, 0x08,
-	0xb7, 0x9d, 0x80, 0xcd, 0x2f, 0xd1, 0xb1, 0x6a, 0x43, 0xa8, 0x4a, 0x04, 0x8e, 0x69, 0x8c, 0x0d,
-	0xa1, 0xd8, 0x6d, 0x43, 0x40, 0x1f, 0x86, 0xf1, 0xb8, 0xb2, 0xb0, 0xe5, 0xd4, 0x64, 0x07, 0xb2,
-	0x25, 0x53, 0x35, 0x51, 0x38, 0x49, 0x6b, 0xff, 0x2d, 0x4b, 0x4c, 0x1e, 0xfa, 0xd5, 0xef, 0xf0,
-	0x6f, 0xb5, 0x7f, 0xc9, 0x82, 0xc1, 0x79, 0xd7, 0xab, 0xbb, 0xde, 0x16, 0xfa, 0x14, 0x0c, 0xd1,
-	0xb3, 0xa9, 0xee, 0x44, 0x8e, 0xd8, 0xf7, 0xde, 0xa7, 0xad, 0x2d, 0x75, 0x54, 0xcc, 0xb6, 0x76,
-	0xb6, 0x28, 0x20, 0x9c, 0xa5, 0xd4, 0x74, 0xb5, 0x5d, 0xdf, 0xf8, 0x34, 0xa9, 0x45, 0xab, 0x24,
-	0x72, 0xe2, 0xcf, 0x89, 0x61, 0x58, 0x71, 0x45, 0x57, 0x61, 0x20, 0x72, 0x82, 0x2d, 0x12, 0x89,
-	0x0d, 0x30, 0x73, 0xa3, 0xe2, 0x25, 0x31, 0x5d, 0x91, 0xc4, 0xab, 0x91, 0xf8, 0x58, 0x58, 0x67,
-	0x45, 0xb1, 0x60, 0x61, 0xff, 0x9f, 0x41, 0x38, 0xbd, 0x50, 0x5d, 0xc9, 0x99, 0x57, 0xe7, 0x61,
-	0xa0, 0x1e, 0xb8, 0xbb, 0x24, 0x10, 0xfd, 0xac, 0xb8, 0x2c, 0x32, 0x28, 0x16, 0x58, 0xf4, 0x12,
-	0x8c, 0xf0, 0x03, 0xe9, 0x8a, 0xe3, 0xd5, 0x1b, 0xb2, 0x8b, 0x4f, 0x08, 0xea, 0x91, 0x9b, 0x1a,
-	0x0e, 0x1b, 0x94, 0x87, 0x9c, 0x54, 0xe7, 0x13, 0x8b, 0x31, 0xef, 0xb0, 0xfb, 0xbc, 0x05, 0x13,
-	0xbc, 0x9a, 0xb9, 0x28, 0x0a, 0xdc, 0x8d, 0x76, 0x44, 0xc2, 0xe9, 0x7e, 0xb6, 0xd3, 0x2d, 0x64,
-	0xf5, 0x56, 0x6e, 0x0f, 0xcc, 0xde, 0x4c, 0x70, 0xe1, 0x9b, 0xe0, 0xb4, 0xa8, 0x77, 0x22, 0x89,
-	0xc6, 0xa9, 0x6a, 0xd1, 0xf7, 0x5a, 0x30, 0x53, 0xf3, 0xbd, 0x28, 0xf0, 0x1b, 0x0d, 0x12, 0x54,
-	0xda, 0x1b, 0x0d, 0x37, 0xdc, 0xe6, 0xf3, 0x14, 0x93, 0x4d, 0xb6, 0x13, 0xe4, 0x8c, 0xa1, 0x22,
-	0x12, 0x63, 0x78, 0xf6, 0xde, 0x7e, 0x79, 0x66, 0x21, 0x97, 0x15, 0xee, 0x50, 0x0d, 0xda, 0x01,
-	0x44, 0x8f, 0xd2, 0x6a, 0xe4, 0x6c, 0x91, 0xb8, 0xf2, 0xc1, 0xde, 0x2b, 0x3f, 0x75, 0x6f, 0xbf,
-	0x8c, 0xd6, 0x52, 0x2c, 0x70, 0x06, 0x5b, 0xf4, 0x16, 0x9c, 0xa0, 0xd0, 0xd4, 0xb7, 0x0e, 0xf5,
-	0x5e, 0xdd, 0xf4, 0xbd, 0xfd, 0xf2, 0x89, 0xb5, 0x0c, 0x26, 0x38, 0x93, 0x35, 0xfa, 0x6e, 0x0b,
-	0x4e, 0xc7, 0x9f, 0xbf, 0x74, 0xa7, 0xe5, 0x78, 0xf5, 0xb8, 0xe2, 0x52, 0xef, 0x15, 0xd3, 0x3d,
-	0xf9, 0xf4, 0x42, 0x1e, 0x27, 0x9c, 0x5f, 0x09, 0xf2, 0x60, 0x8a, 0x36, 0x2d, 0x59, 0x37, 0xf4,
-	0x5e, 0xf7, 0x43, 0xf7, 0xf6, 0xcb, 0x53, 0x6b, 0x69, 0x1e, 0x38, 0x8b, 0xf1, 0xcc, 0x02, 0x9c,
-	0xcc, 0x9c, 0x9d, 0x68, 0x02, 0x8a, 0x3b, 0x84, 0x4b, 0x5d, 0x25, 0x4c, 0x7f, 0xa2, 0x13, 0xd0,
-	0xbf, 0xeb, 0x34, 0xda, 0x62, 0x61, 0x62, 0xfe, 0xe7, 0xe5, 0xc2, 0x4b, 0x96, 0xfd, 0xcf, 0x8b,
-	0x30, 0xbe, 0x50, 0x5d, 0xb9, 0xaf, 0x55, 0xaf, 0x1f, 0x7b, 0x85, 0x8e, 0xc7, 0x5e, 0x7c, 0x88,
-	0x16, 0x73, 0x0f, 0xd1, 0xff, 0x3f, 0x63, 0xc9, 0xf6, 0xb1, 0x25, 0xfb, 0xc1, 0x9c, 0x25, 0x7b,
-	0xc4, 0x0b, 0x75, 0x37, 0x67, 0xd6, 0xf6, 0xb3, 0x01, 0xcc, 0x94, 0x90, 0xae, 0xf9, 0x35, 0xa7,
-	0x91, 0xdc, 0x6a, 0x0f, 0x39, 0x75, 0x8f, 0x66, 0x1c, 0x6b, 0x30, 0xb2, 0xe0, 0xb4, 0x9c, 0x0d,
-	0xb7, 0xe1, 0x46, 0x2e, 0x09, 0xd1, 0x93, 0x50, 0x74, 0xea, 0x75, 0x26, 0xdd, 0x95, 0xe6, 0x4f,
-	0xde, 0xdb, 0x2f, 0x17, 0xe7, 0xea, 0x54, 0xcc, 0x00, 0x45, 0xb5, 0x87, 0x29, 0x05, 0x7a, 0x2f,
-	0xf4, 0xd5, 0x03, 0xbf, 0x35, 0x5d, 0x60, 0x94, 0x74, 0x95, 0xf7, 0x2d, 0x06, 0x7e, 0x2b, 0x41,
-	0xca, 0x68, 0xec, 0xdf, 0x28, 0xc0, 0x23, 0x0b, 0xa4, 0xb5, 0xbd, 0x5c, 0xcd, 0x39, 0x2f, 0x2e,
-	0xc0, 0x50, 0xd3, 0xf7, 0xdc, 0xc8, 0x0f, 0x42, 0x51, 0x35, 0x9b, 0x11, 0xab, 0x02, 0x86, 0x15,
-	0x16, 0x9d, 0x83, 0xbe, 0x56, 0x2c, 0xc4, 0x8e, 0x48, 0x01, 0x98, 0x89, 0xaf, 0x0c, 0x43, 0x29,
-	0xda, 0x21, 0x09, 0xc4, 0x8c, 0x51, 0x14, 0x37, 0x42, 0x12, 0x60, 0x86, 0x89, 0x25, 0x01, 0x2a,
-	0x23, 0x88, 0x13, 0x21, 0x21, 0x09, 0x50, 0x0c, 0xd6, 0xa8, 0x50, 0x05, 0x4a, 0x61, 0x62, 0x64,
-	0x7b, 0x5a, 0x9a, 0xa3, 0x4c, 0x54, 0x50, 0x23, 0x19, 0x33, 0x31, 0x4e, 0xb0, 0x81, 0xae, 0xa2,
-	0xc2, 0xd7, 0x0a, 0x80, 0x78, 0x17, 0x7e, 0x9b, 0x75, 0xdc, 0x8d, 0x74, 0xc7, 0xf5, 0xbe, 0x24,
-	0x8e, 0xaa, 0xf7, 0xfe, 0x87, 0x05, 0x8f, 0x2c, 0xb8, 0x5e, 0x9d, 0x04, 0x39, 0x13, 0xf0, 0xc1,
-	0xdc, 0x9d, 0x0f, 0x27, 0xa4, 0x18, 0x53, 0xac, 0xef, 0x08, 0xa6, 0x98, 0xfd, 0x27, 0x16, 0x20,
-	0xfe, 0xd9, 0xef, 0xb8, 0x8f, 0xbd, 0x91, 0xfe, 0xd8, 0x23, 0x98, 0x16, 0xf6, 0xdf, 0xb3, 0x60,
-	0x78, 0xa1, 0xe1, 0xb8, 0x4d, 0xf1, 0xa9, 0x0b, 0x30, 0x29, 0x15, 0x45, 0x0c, 0xac, 0xc9, 0xfe,
-	0x74, 0x73, 0x9b, 0xc4, 0x49, 0x24, 0x4e, 0xd3, 0xa3, 0x8f, 0xc3, 0x69, 0x03, 0xb8, 0x4e, 0x9a,
-	0xad, 0x86, 0x13, 0xe9, 0xb7, 0x02, 0x76, 0xfa, 0xe3, 0x3c, 0x22, 0x9c, 0x5f, 0xde, 0xbe, 0x06,
-	0x63, 0x0b, 0x0d, 0x97, 0x78, 0xd1, 0x4a, 0x65, 0xc1, 0xf7, 0x36, 0xdd, 0x2d, 0xf4, 0x32, 0x8c,
-	0x45, 0x6e, 0x93, 0xf8, 0xed, 0xa8, 0x4a, 0x6a, 0xbe, 0xc7, 0xee, 0xda, 0xd6, 0x85, 0xfe, 0x79,
-	0x74, 0x6f, 0xbf, 0x3c, 0xb6, 0x6e, 0x60, 0x70, 0x82, 0xd2, 0xfe, 0x7d, 0x3a, 0xe2, 0x7e, 0xb3,
-	0xe5, 0x7b, 0xc4, 0x8b, 0x16, 0x7c, 0xaf, 0xce, 0x75, 0x32, 0x2f, 0x43, 0x5f, 0x44, 0x47, 0x90,
-	0x7f, 0xf9, 0x79, 0xb9, 0xb4, 0xe9, 0xb8, 0x1d, 0xec, 0x97, 0x4f, 0xa5, 0x4b, 0xb0, 0x91, 0x65,
-	0x65, 0xd0, 0x07, 0x61, 0x20, 0x8c, 0x9c, 0xa8, 0x1d, 0x8a, 0x4f, 0x7d, 0x54, 0x8e, 0x7f, 0x95,
-	0x41, 0x0f, 0xf6, 0xcb, 0xe3, 0xaa, 0x18, 0x07, 0x61, 0x51, 0x00, 0x3d, 0x05, 0x83, 0x4d, 0x12,
-	0x86, 0xce, 0x96, 0x3c, 0xbf, 0xc7, 0x45, 0xd9, 0xc1, 0x55, 0x0e, 0xc6, 0x12, 0x8f, 0x1e, 0x83,
-	0x7e, 0x12, 0x04, 0x7e, 0x20, 0x76, 0x95, 0x51, 0x41, 0xd8, 0xbf, 0x44, 0x81, 0x98, 0xe3, 0xec,
-	0x7f, 0x63, 0xc1, 0xb8, 0x6a, 0x2b, 0xaf, 0xeb, 0x18, 0xee, 0x4d, 0x6f, 0x00, 0xd4, 0xe4, 0x07,
-	0x86, 0xec, 0xbc, 0x1b, 0x7e, 0xee, 0x7c, 0xa6, 0x68, 0x91, 0xea, 0xc6, 0x98, 0xb3, 0x02, 0x85,
-	0x58, 0xe3, 0x66, 0xff, 0xaa, 0x05, 0x53, 0x89, 0x2f, 0xba, 0xe6, 0x86, 0x11, 0x7a, 0x33, 0xf5,
-	0x55, 0xb3, 0xbd, 0x7d, 0x15, 0x2d, 0xcd, 0xbe, 0x49, 0x2d, 0x3e, 0x09, 0xd1, 0xbe, 0xe8, 0x0a,
-	0xf4, 0xbb, 0x11, 0x69, 0xca, 0x8f, 0x79, 0xac, 0xe3, 0xc7, 0xf0, 0x56, 0xc5, 0x23, 0xb2, 0x42,
-	0x4b, 0x62, 0xce, 0xc0, 0xfe, 0x8d, 0x22, 0x94, 0xf8, 0xb4, 0x5d, 0x75, 0x5a, 0xc7, 0x30, 0x16,
-	0x4f, 0x43, 0xc9, 0x6d, 0x36, 0xdb, 0x91, 0xb3, 0x21, 0x0e, 0xa0, 0x21, 0xbe, 0x19, 0xac, 0x48,
-	0x20, 0x8e, 0xf1, 0x68, 0x05, 0xfa, 0x58, 0x53, 0xf8, 0x57, 0x3e, 0x99, 0xfd, 0x95, 0xa2, 0xed,
-	0xb3, 0x8b, 0x4e, 0xe4, 0x70, 0xd9, 0x4f, 0x9d, 0x7c, 0x14, 0x84, 0x19, 0x0b, 0xe4, 0x00, 0x6c,
-	0xb8, 0x9e, 0x13, 0xec, 0x51, 0xd8, 0x74, 0x91, 0x31, 0x7c, 0xb6, 0x33, 0xc3, 0x79, 0x45, 0xcf,
-	0xd9, 0xaa, 0x0f, 0x8b, 0x11, 0x58, 0x63, 0x3a, 0xf3, 0x01, 0x28, 0x29, 0xe2, 0xc3, 0x88, 0x70,
-	0x33, 0x1f, 0x86, 0xf1, 0x44, 0x5d, 0xdd, 0x8a, 0x8f, 0xe8, 0x12, 0xe0, 0x2f, 0xb3, 0x2d, 0x43,
-	0xb4, 0x7a, 0xc9, 0xdb, 0x15, 0x3b, 0xe7, 0x5d, 0x38, 0xd1, 0xc8, 0xd8, 0x7b, 0xc5, 0xb8, 0xf6,
-	0xbe, 0x57, 0x3f, 0x22, 0x3e, 0xfb, 0x44, 0x16, 0x16, 0x67, 0xd6, 0x41, 0xa5, 0x1a, 0xbf, 0x45,
-	0x17, 0x88, 0xd3, 0xd0, 0x2f, 0x08, 0xd7, 0x05, 0x0c, 0x2b, 0x2c, 0xdd, 0xef, 0x4e, 0xa8, 0xc6,
-	0x5f, 0x25, 0x7b, 0x55, 0xd2, 0x20, 0xb5, 0xc8, 0x0f, 0xbe, 0xa5, 0xcd, 0x3f, 0xc3, 0x7b, 0x9f,
-	0x6f, 0x97, 0xc3, 0x82, 0x41, 0xf1, 0x2a, 0xd9, 0xe3, 0x43, 0xa1, 0x7f, 0x5d, 0xb1, 0xe3, 0xd7,
-	0x7d, 0xc5, 0x82, 0x51, 0xf5, 0x75, 0xc7, 0xb0, 0x2f, 0xcc, 0x9b, 0xfb, 0xc2, 0x99, 0x8e, 0x13,
-	0x3c, 0x67, 0x47, 0xf8, 0x5a, 0x01, 0x4e, 0x2b, 0x1a, 0x7a, 0x9b, 0xe1, 0x7f, 0xc4, 0xac, 0xba,
-	0x08, 0x25, 0x4f, 0xe9, 0xf5, 0x2c, 0x53, 0xa1, 0x16, 0x6b, 0xf5, 0x62, 0x1a, 0x2a, 0x94, 0x7a,
-	0xf1, 0x31, 0x3b, 0xa2, 0x2b, 0xbc, 0x85, 0x72, 0x7b, 0x1e, 0x8a, 0x6d, 0xb7, 0x2e, 0x0e, 0x98,
-	0xf7, 0xc9, 0xde, 0xbe, 0xb1, 0xb2, 0x78, 0xb0, 0x5f, 0x7e, 0x34, 0xcf, 0xd8, 0x42, 0x4f, 0xb6,
-	0x70, 0xf6, 0xc6, 0xca, 0x22, 0xa6, 0x85, 0xd1, 0x1c, 0x8c, 0xcb, 0x13, 0xfa, 0x26, 0x15, 0x10,
-	0x7d, 0x4f, 0x9c, 0x43, 0x4a, 0x6b, 0x8d, 0x4d, 0x34, 0x4e, 0xd2, 0xa3, 0x45, 0x98, 0xd8, 0x69,
-	0x6f, 0x90, 0x06, 0x89, 0xf8, 0x07, 0x5f, 0x25, 0x5c, 0xa7, 0x5b, 0x8a, 0xef, 0x92, 0x57, 0x13,
-	0x78, 0x9c, 0x2a, 0x61, 0xff, 0x39, 0x3b, 0x0f, 0x44, 0xef, 0x55, 0x02, 0x9f, 0x4e, 0x2c, 0xca,
-	0xfd, 0x5b, 0x39, 0x9d, 0x7b, 0x99, 0x15, 0x57, 0xc9, 0xde, 0xba, 0x4f, 0xef, 0x12, 0xd9, 0xb3,
-	0xc2, 0x98, 0xf3, 0x7d, 0x1d, 0xe7, 0xfc, 0xcf, 0x17, 0xe0, 0xa4, 0xea, 0x01, 0x43, 0x6c, 0xfd,
-	0x76, 0xef, 0x83, 0x4b, 0x30, 0x5c, 0x27, 0x9b, 0x4e, 0xbb, 0x11, 0x29, 0x03, 0x43, 0x3f, 0x37,
-	0x32, 0x2d, 0xc6, 0x60, 0xac, 0xd3, 0x1c, 0xa2, 0xdb, 0xfe, 0xfd, 0x08, 0x3b, 0x88, 0x23, 0x87,
-	0xce, 0x71, 0xb5, 0x6a, 0xac, 0xdc, 0x55, 0xf3, 0x18, 0xf4, 0xbb, 0x4d, 0x2a, 0x98, 0x15, 0x4c,
-	0x79, 0x6b, 0x85, 0x02, 0x31, 0xc7, 0xa1, 0x27, 0x60, 0xb0, 0xe6, 0x37, 0x9b, 0x8e, 0x57, 0x67,
-	0x47, 0x5e, 0x69, 0x7e, 0x98, 0xca, 0x6e, 0x0b, 0x1c, 0x84, 0x25, 0x0e, 0x3d, 0x02, 0x7d, 0x4e,
-	0xb0, 0xc5, 0xb5, 0x2e, 0xa5, 0xf9, 0x21, 0x5a, 0xd3, 0x5c, 0xb0, 0x15, 0x62, 0x06, 0xa5, 0x97,
-	0xc6, 0xdb, 0x7e, 0xb0, 0xe3, 0x7a, 0x5b, 0x8b, 0x6e, 0x20, 0x96, 0x84, 0x3a, 0x0b, 0x6f, 0x29,
-	0x0c, 0xd6, 0xa8, 0xd0, 0x32, 0xf4, 0xb7, 0xfc, 0x20, 0x0a, 0xa7, 0x07, 0x58, 0x77, 0x3f, 0x9a,
-	0xb3, 0x11, 0xf1, 0xaf, 0xad, 0xf8, 0x41, 0x14, 0x7f, 0x00, 0xfd, 0x17, 0x62, 0x5e, 0x1c, 0x5d,
-	0x83, 0x41, 0xe2, 0xed, 0x2e, 0x07, 0x7e, 0x73, 0x7a, 0x2a, 0x9f, 0xd3, 0x12, 0x27, 0xe1, 0xd3,
-	0x2c, 0x96, 0x51, 0x05, 0x18, 0x4b, 0x16, 0xe8, 0x83, 0x50, 0x24, 0xde, 0xee, 0xf4, 0x20, 0xe3,
-	0x34, 0x93, 0xc3, 0xe9, 0xa6, 0x13, 0xc4, 0x7b, 0xfe, 0x92, 0xb7, 0x8b, 0x69, 0x19, 0xf4, 0x31,
-	0x28, 0xc9, 0x0d, 0x23, 0x14, 0xea, 0xcc, 0xcc, 0x09, 0x2b, 0xb7, 0x19, 0x4c, 0xde, 0x6a, 0xbb,
-	0x01, 0x69, 0x12, 0x2f, 0x0a, 0xe3, 0x1d, 0x52, 0x62, 0x43, 0x1c, 0x73, 0x43, 0x35, 0x18, 0x09,
-	0x48, 0xe8, 0xde, 0x25, 0x15, 0xbf, 0xe1, 0xd6, 0xf6, 0xa6, 0x1f, 0x62, 0xcd, 0x7b, 0xaa, 0x63,
-	0x97, 0x61, 0xad, 0x40, 0xac, 0x6e, 0xd7, 0xa1, 0xd8, 0x60, 0x8a, 0x3e, 0x26, 0x15, 0xf5, 0xab,
-	0x7e, 0xdb, 0x8b, 0xc2, 0xe9, 0x12, 0xab, 0x24, 0xd3, 0x84, 0x7a, 0x33, 0xa6, 0x4b, 0x6a, 0xf2,
-	0x79, 0x61, 0x6c, 0xb0, 0x42, 0x9f, 0x80, 0x51, 0xfe, 0x9f, 0x1b, 0x22, 0xc3, 0xe9, 0x93, 0x8c,
-	0xf7, 0xb9, 0x7c, 0xde, 0x9c, 0x70, 0xfe, 0xa4, 0x60, 0x3e, 0xaa, 0x43, 0x43, 0x6c, 0x72, 0x43,
-	0x18, 0x46, 0x1b, 0xee, 0x2e, 0xf1, 0x48, 0x18, 0x56, 0x02, 0x7f, 0x83, 0x08, 0xbd, 0xea, 0xe9,
-	0x6c, 0xc3, 0xa5, 0xbf, 0x41, 0xe6, 0x27, 0x29, 0xcf, 0x6b, 0x7a, 0x19, 0x6c, 0xb2, 0x40, 0x37,
-	0x60, 0x8c, 0x5e, 0x64, 0xdd, 0x98, 0xe9, 0x70, 0x37, 0xa6, 0xec, 0xf2, 0x86, 0x8d, 0x42, 0x38,
-	0xc1, 0x04, 0x5d, 0x87, 0x91, 0x30, 0x72, 0x82, 0xa8, 0xdd, 0xe2, 0x4c, 0x4f, 0x75, 0x63, 0xca,
-	0xec, 0xde, 0x55, 0xad, 0x08, 0x36, 0x18, 0xa0, 0xd7, 0xa0, 0xd4, 0x70, 0x37, 0x49, 0x6d, 0xaf,
-	0xd6, 0x20, 0xd3, 0x23, 0x8c, 0x5b, 0xe6, 0xce, 0x75, 0x4d, 0x12, 0x71, 0x61, 0x5a, 0xfd, 0xc5,
-	0x71, 0x71, 0x74, 0x13, 0x4e, 0x45, 0x24, 0x68, 0xba, 0x9e, 0x43, 0x77, 0x1c, 0x71, 0x7f, 0x63,
-	0xf6, 0xe4, 0x51, 0xb6, 0xa4, 0xcf, 0x8a, 0xd1, 0x38, 0xb5, 0x9e, 0x49, 0x85, 0x73, 0x4a, 0xa3,
-	0x3b, 0x30, 0x9d, 0x81, 0xe1, 0x53, 0xf9, 0x04, 0xe3, 0xfc, 0x21, 0xc1, 0x79, 0x7a, 0x3d, 0x87,
-	0xee, 0xa0, 0x03, 0x0e, 0xe7, 0x72, 0x47, 0xd7, 0x61, 0x9c, 0x6d, 0x73, 0x95, 0x76, 0xa3, 0x21,
-	0x2a, 0x1c, 0x63, 0x15, 0x3e, 0x21, 0x0f, 0xfd, 0x15, 0x13, 0x7d, 0xb0, 0x5f, 0x86, 0xf8, 0x1f,
-	0x4e, 0x96, 0x46, 0x1b, 0xcc, 0x74, 0xd9, 0x0e, 0xdc, 0x68, 0x8f, 0xae, 0x34, 0x72, 0x27, 0x9a,
-	0x1e, 0xef, 0xa8, 0xc6, 0xd1, 0x49, 0x95, 0x7d, 0x53, 0x07, 0xe2, 0x24, 0x43, 0xba, 0x6f, 0x87,
-	0x51, 0xdd, 0xf5, 0xa6, 0x27, 0xf8, 0xe5, 0x47, 0x6e, 0x7b, 0x55, 0x0a, 0xc4, 0x1c, 0xc7, 0xcc,
-	0x96, 0xf4, 0xc7, 0x75, 0x7a, 0x3c, 0x4e, 0x32, 0xc2, 0xd8, 0x6c, 0x29, 0x11, 0x38, 0xa6, 0xa1,
-	0x12, 0x6b, 0x14, 0xed, 0x4d, 0x23, 0x46, 0xaa, 0x76, 0xaf, 0xf5, 0xf5, 0x8f, 0x61, 0x0a, 0xb7,
-	0x37, 0x60, 0x4c, 0x6d, 0x1d, 0xac, 0x4f, 0x50, 0x19, 0xfa, 0x99, 0x8c, 0x26, 0x94, 0x8e, 0x25,
-	0xda, 0x04, 0x26, 0xbf, 0x61, 0x0e, 0x67, 0x4d, 0x70, 0xef, 0x92, 0xf9, 0xbd, 0x88, 0x70, 0xc5,
-	0x41, 0x51, 0x6b, 0x82, 0x44, 0xe0, 0x98, 0xc6, 0xfe, 0xbf, 0x5c, 0xd6, 0x8d, 0xb7, 0xf4, 0x1e,
-	0x0e, 0xb1, 0x67, 0x60, 0x68, 0xdb, 0x0f, 0x23, 0x4a, 0xcd, 0xea, 0xe8, 0x8f, 0xa5, 0xdb, 0x2b,
-	0x02, 0x8e, 0x15, 0x05, 0x7a, 0x05, 0x46, 0x6b, 0x7a, 0x05, 0xe2, 0x04, 0x56, 0xdb, 0x88, 0x51,
-	0x3b, 0x36, 0x69, 0xd1, 0x4b, 0x30, 0xc4, 0x5c, 0x71, 0x6a, 0x7e, 0x43, 0x88, 0x86, 0x52, 0x8c,
-	0x18, 0xaa, 0x08, 0xf8, 0x81, 0xf6, 0x1b, 0x2b, 0x6a, 0x74, 0x1e, 0x06, 0x68, 0x13, 0x56, 0x2a,
-	0xe2, 0xec, 0x53, 0xfa, 0xb3, 0x2b, 0x0c, 0x8a, 0x05, 0xd6, 0xfe, 0x55, 0x8b, 0x09, 0x3e, 0xe9,
-	0x0d, 0x1a, 0x5d, 0x61, 0x3b, 0x3c, 0xdb, 0xee, 0x35, 0xfd, 0xd5, 0xe3, 0xda, 0xb6, 0xad, 0x70,
-	0x07, 0x89, 0xff, 0xd8, 0x28, 0x89, 0xde, 0x80, 0xd1, 0x80, 0xb0, 0x2d, 0x42, 0x4c, 0x78, 0x7e,
-	0xfa, 0xbf, 0x20, 0xbb, 0x00, 0xeb, 0xc8, 0x83, 0xfd, 0xf2, 0xc3, 0xf1, 0x79, 0x44, 0xdb, 0x63,
-	0xa0, 0xb1, 0xc9, 0xca, 0xfe, 0xcb, 0x05, 0x6d, 0x96, 0x54, 0x23, 0x27, 0x22, 0xa8, 0x02, 0x83,
-	0xb7, 0x1d, 0x37, 0x72, 0xbd, 0x2d, 0x21, 0xa4, 0x75, 0x3e, 0x95, 0x58, 0xa1, 0x5b, 0xbc, 0x00,
-	0x17, 0x35, 0xc4, 0x1f, 0x2c, 0xd9, 0x50, 0x8e, 0x41, 0xdb, 0xf3, 0x28, 0xc7, 0x42, 0xaf, 0x1c,
-	0x31, 0x2f, 0xc0, 0x39, 0x8a, 0x3f, 0x58, 0xb2, 0x41, 0x6f, 0x02, 0xc8, 0x1d, 0x82, 0xd4, 0x85,
-	0x0b, 0xcf, 0x33, 0xdd, 0x99, 0xae, 0xab, 0x32, 0xf3, 0x63, 0x54, 0x90, 0x89, 0xff, 0x63, 0x8d,
-	0x9f, 0x1d, 0x69, 0x63, 0xaa, 0x37, 0x06, 0x7d, 0x9c, 0x2e, 0x51, 0x27, 0x88, 0x48, 0x7d, 0x2e,
-	0x12, 0x9d, 0xf3, 0xde, 0xde, 0x6e, 0x72, 0xeb, 0x6e, 0x93, 0xe8, 0xcb, 0x59, 0x30, 0xc1, 0x31,
-	0x3f, 0xfb, 0x17, 0x8b, 0x30, 0x9d, 0xd7, 0x5c, 0xba, 0x68, 0xc8, 0x1d, 0x37, 0x5a, 0xa0, 0x32,
-	0xa8, 0x65, 0x2e, 0x9a, 0x25, 0x01, 0xc7, 0x8a, 0x82, 0xce, 0xde, 0xd0, 0xdd, 0x92, 0x17, 0xf1,
-	0xfe, 0x78, 0xf6, 0x56, 0x19, 0x14, 0x0b, 0x2c, 0xa5, 0x0b, 0x88, 0x13, 0x0a, 0x1f, 0x31, 0x6d,
-	0x96, 0x63, 0x06, 0xc5, 0x02, 0xab, 0xab, 0x04, 0xfb, 0xba, 0xa8, 0x04, 0x8d, 0x2e, 0xea, 0x3f,
-	0xda, 0x2e, 0x42, 0x9f, 0x04, 0xd8, 0x74, 0x3d, 0x37, 0xdc, 0x66, 0xdc, 0x07, 0x0e, 0xcd, 0x5d,
-	0x49, 0xb0, 0xcb, 0x8a, 0x0b, 0xd6, 0x38, 0xa2, 0x17, 0x61, 0x58, 0x6d, 0x20, 0x2b, 0x8b, 0xcc,
-	0x60, 0xae, 0x39, 0x20, 0xc5, 0xbb, 0xe9, 0x22, 0xd6, 0xe9, 0xec, 0x4f, 0x27, 0xe7, 0x8b, 0x58,
-	0x01, 0x5a, 0xff, 0x5a, 0xbd, 0xf6, 0x6f, 0xa1, 0x73, 0xff, 0xda, 0xdf, 0x18, 0x80, 0x71, 0xa3,
-	0xb2, 0x76, 0xd8, 0xc3, 0x9e, 0x7b, 0x99, 0x1e, 0x40, 0x4e, 0x44, 0xc4, 0xfa, 0xb3, 0xbb, 0x2f,
-	0x15, 0xfd, 0x90, 0xa2, 0x2b, 0x80, 0x97, 0x47, 0x9f, 0x84, 0x52, 0xc3, 0x09, 0x99, 0x7a, 0x91,
-	0x88, 0x75, 0xd7, 0x0b, 0xb3, 0xf8, 0xf6, 0xe6, 0x84, 0x91, 0x76, 0xea, 0x73, 0xde, 0x31, 0x4b,
-	0x7a, 0x52, 0x52, 0xf9, 0x4a, 0x3a, 0x21, 0xaa, 0x46, 0x50, 0x21, 0x6c, 0x0f, 0x73, 0x1c, 0x7a,
-	0x89, 0x6d, 0xad, 0x74, 0x56, 0x2c, 0x50, 0x69, 0x94, 0x4d, 0xb3, 0x7e, 0x43, 0x22, 0x56, 0x38,
-	0x6c, 0x50, 0xc6, 0x17, 0xa8, 0x81, 0x0e, 0x17, 0xa8, 0xa7, 0x60, 0x90, 0xfd, 0x50, 0x33, 0x40,
-	0x8d, 0xc6, 0x0a, 0x07, 0x63, 0x89, 0x4f, 0x4e, 0x98, 0xa1, 0xde, 0x26, 0x0c, 0xbd, 0xa2, 0x89,
-	0x49, 0xcd, 0x9c, 0x15, 0x86, 0xf8, 0x2e, 0x27, 0xa6, 0x3c, 0x96, 0x38, 0xf4, 0xb3, 0x16, 0x20,
-	0xa7, 0x41, 0xaf, 0xb6, 0x14, 0xac, 0x6e, 0x22, 0xc0, 0x44, 0xed, 0x57, 0xba, 0x76, 0x7b, 0x3b,
-	0x9c, 0x9d, 0x4b, 0x95, 0xe6, 0x6a, 0xcd, 0x97, 0x45, 0x13, 0x51, 0x9a, 0x40, 0x3f, 0x8c, 0xae,
-	0xb9, 0x61, 0xf4, 0xb9, 0xff, 0x98, 0x38, 0x9c, 0x32, 0x9a, 0x84, 0x6e, 0xe8, 0x37, 0xa5, 0xe1,
-	0x43, 0xde, 0x94, 0x46, 0xf3, 0x6e, 0x49, 0x33, 0x6d, 0x78, 0x28, 0xe7, 0x0b, 0x32, 0x94, 0xa5,
-	0x8b, 0xba, 0xb2, 0xb4, 0x8b, 0x8a, 0x6d, 0x56, 0xd6, 0x31, 0xfb, 0x7a, 0xdb, 0xf1, 0x22, 0x37,
-	0xda, 0xd3, 0x95, 0xab, 0xef, 0x85, 0xb1, 0x45, 0x87, 0x34, 0x7d, 0x6f, 0xc9, 0xab, 0xb7, 0x7c,
-	0xd7, 0x8b, 0xd0, 0x34, 0xf4, 0x31, 0xe1, 0x83, 0x6f, 0xbd, 0x7d, 0xb4, 0xf7, 0x30, 0x83, 0xd8,
-	0x5b, 0x70, 0x72, 0xd1, 0xbf, 0xed, 0xdd, 0x76, 0x82, 0xfa, 0x5c, 0x65, 0x45, 0x53, 0xfe, 0xac,
-	0x49, 0xe5, 0x83, 0x95, 0x7f, 0xb5, 0xd3, 0x4a, 0xf2, 0xeb, 0xd0, 0xb2, 0xdb, 0x20, 0x39, 0x2a,
-	0xba, 0xbf, 0x56, 0x30, 0x6a, 0x8a, 0xe9, 0x95, 0x91, 0xd8, 0xca, 0x35, 0x12, 0xbf, 0x0e, 0x43,
-	0x9b, 0x2e, 0x69, 0xd4, 0x31, 0xd9, 0x14, 0xbd, 0xf3, 0x64, 0xbe, 0x1b, 0xd9, 0x32, 0xa5, 0x94,
-	0x2a, 0x59, 0xae, 0xba, 0x58, 0x16, 0x85, 0xb1, 0x62, 0x83, 0x76, 0x60, 0x42, 0xf6, 0xa1, 0xc4,
-	0x8a, 0xfd, 0xe0, 0xa9, 0x4e, 0x03, 0x6f, 0x32, 0x3f, 0x71, 0x6f, 0xbf, 0x3c, 0x81, 0x13, 0x6c,
-	0x70, 0x8a, 0x31, 0x7a, 0x04, 0xfa, 0x9a, 0xf4, 0xe4, 0xeb, 0x63, 0xdd, 0xcf, 0x74, 0x15, 0x4c,
-	0xed, 0xc2, 0xa0, 0xf6, 0x8f, 0x5b, 0xf0, 0x50, 0xaa, 0x67, 0x84, 0xfa, 0xe9, 0x88, 0x47, 0x21,
-	0xa9, 0x0e, 0x2a, 0x74, 0x57, 0x07, 0xd9, 0x7f, 0xdb, 0x82, 0x13, 0x4b, 0xcd, 0x56, 0xb4, 0xb7,
-	0xe8, 0x9a, 0x16, 0xdd, 0x0f, 0xc0, 0x40, 0x93, 0xd4, 0xdd, 0x76, 0x53, 0x8c, 0x5c, 0x59, 0x9e,
-	0x0e, 0xab, 0x0c, 0x7a, 0xb0, 0x5f, 0x1e, 0xad, 0x46, 0x7e, 0xe0, 0x6c, 0x11, 0x0e, 0xc0, 0x82,
-	0x9c, 0x9d, 0xb1, 0xee, 0x5d, 0x72, 0xcd, 0x6d, 0xba, 0xd1, 0xfd, 0xcd, 0x76, 0x61, 0x8c, 0x95,
-	0x4c, 0x70, 0xcc, 0xcf, 0xfe, 0xba, 0x05, 0xe3, 0x72, 0xde, 0xcf, 0xd5, 0xeb, 0x01, 0x09, 0x43,
-	0x34, 0x03, 0x05, 0xb7, 0x25, 0x5a, 0x09, 0xa2, 0x95, 0x85, 0x95, 0x0a, 0x2e, 0xb8, 0x2d, 0x29,
-	0xce, 0xb3, 0x03, 0xa8, 0x68, 0xda, 0xa5, 0xaf, 0x08, 0x38, 0x56, 0x14, 0xe8, 0x02, 0x0c, 0x79,
-	0x7e, 0x9d, 0x4b, 0xc4, 0x5c, 0x94, 0x60, 0x13, 0x6c, 0x4d, 0xc0, 0xb0, 0xc2, 0xa2, 0x0a, 0x94,
-	0xb8, 0xd7, 0x62, 0x3c, 0x69, 0x7b, 0xf2, 0x7d, 0x64, 0x5f, 0xb6, 0x2e, 0x4b, 0xe2, 0x98, 0x89,
-	0xfd, 0xeb, 0x16, 0x8c, 0xc8, 0x2f, 0xeb, 0xf1, 0xae, 0x42, 0x97, 0x56, 0x7c, 0x4f, 0x89, 0x97,
-	0x16, 0xbd, 0x6b, 0x30, 0x8c, 0x71, 0xc5, 0x28, 0x1e, 0xea, 0x8a, 0x71, 0x09, 0x86, 0x9d, 0x56,
-	0xab, 0x62, 0xde, 0x4f, 0xd8, 0x54, 0x9a, 0x8b, 0xc1, 0x58, 0xa7, 0xb1, 0x7f, 0xac, 0x00, 0x63,
-	0xf2, 0x0b, 0xaa, 0xed, 0x8d, 0x90, 0x44, 0x68, 0x1d, 0x4a, 0x0e, 0x1f, 0x25, 0x22, 0x27, 0xf9,
-	0x63, 0xd9, 0x4a, 0x2e, 0x63, 0x48, 0x63, 0x41, 0x6b, 0x4e, 0x96, 0xc6, 0x31, 0x23, 0xd4, 0x80,
-	0x49, 0xcf, 0x8f, 0xd8, 0xa1, 0xab, 0xf0, 0x9d, 0xec, 0x8e, 0x49, 0xee, 0xa7, 0x05, 0xf7, 0xc9,
-	0xb5, 0x24, 0x17, 0x9c, 0x66, 0x8c, 0x96, 0xa4, 0xe2, 0xb0, 0x98, 0xaf, 0x44, 0xd2, 0x07, 0x2e,
-	0x5b, 0x6f, 0x68, 0xff, 0x8a, 0x05, 0x25, 0x49, 0x76, 0x1c, 0x26, 0xe6, 0x55, 0x18, 0x0c, 0xd9,
-	0x20, 0xc8, 0xae, 0xb1, 0x3b, 0x35, 0x9c, 0x8f, 0x57, 0x2c, 0x4b, 0xf0, 0xff, 0x21, 0x96, 0x3c,
-	0x98, 0xdd, 0x48, 0x35, 0xff, 0x1d, 0x62, 0x37, 0x52, 0xed, 0xc9, 0x39, 0x94, 0xfe, 0x88, 0xb5,
-	0x59, 0x53, 0xc4, 0x52, 0x91, 0xb7, 0x15, 0x90, 0x4d, 0xf7, 0x4e, 0x52, 0xe4, 0xad, 0x30, 0x28,
-	0x16, 0x58, 0xf4, 0x26, 0x8c, 0xd4, 0xa4, 0xc1, 0x20, 0x5e, 0xe1, 0xe7, 0x3b, 0x1a, 0xaf, 0x94,
-	0x9d, 0x93, 0xeb, 0xd0, 0x16, 0xb4, 0xf2, 0xd8, 0xe0, 0x66, 0x7a, 0xe5, 0x14, 0xbb, 0x79, 0xe5,
-	0xc4, 0x7c, 0xf3, 0x7d, 0x54, 0x7e, 0xc2, 0x82, 0x01, 0xae, 0x28, 0xee, 0x4d, 0x4f, 0xaf, 0x99,
-	0x7d, 0xe3, 0xbe, 0xbb, 0x49, 0x81, 0x42, 0xd2, 0x40, 0xab, 0x50, 0x62, 0x3f, 0x98, 0xa2, 0xbb,
-	0x98, 0xff, 0x68, 0x86, 0xd7, 0xaa, 0x37, 0xf0, 0xa6, 0x2c, 0x86, 0x63, 0x0e, 0xf6, 0x8f, 0x16,
-	0xe9, 0xee, 0x16, 0x93, 0x1a, 0x87, 0xbe, 0xf5, 0xe0, 0x0e, 0xfd, 0xc2, 0x83, 0x3a, 0xf4, 0xb7,
-	0x60, 0xbc, 0xa6, 0x19, 0x89, 0xe3, 0x91, 0xbc, 0xd0, 0x71, 0x92, 0x68, 0xf6, 0x64, 0xae, 0x9d,
-	0x5b, 0x30, 0x99, 0xe0, 0x24, 0x57, 0xf4, 0x71, 0x18, 0xe1, 0xe3, 0x2c, 0x6a, 0xe1, 0x8e, 0x4d,
-	0x4f, 0xe4, 0xcf, 0x17, 0xbd, 0x0a, 0xae, 0xcd, 0xd5, 0x8a, 0x63, 0x83, 0x99, 0xfd, 0xa7, 0x16,
-	0xa0, 0xa5, 0xd6, 0x36, 0x69, 0x92, 0xc0, 0x69, 0xc4, 0xb6, 0x9e, 0x1f, 0xb2, 0x60, 0x9a, 0xa4,
-	0xc0, 0x0b, 0x7e, 0xb3, 0x29, 0x2e, 0x8b, 0x39, 0xfa, 0x8c, 0xa5, 0x9c, 0x32, 0xea, 0x55, 0xd1,
-	0x74, 0x1e, 0x05, 0xce, 0xad, 0x0f, 0xad, 0xc2, 0x14, 0x3f, 0x25, 0x15, 0x42, 0x73, 0x92, 0x7a,
-	0x58, 0x30, 0x9e, 0x5a, 0x4f, 0x93, 0xe0, 0xac, 0x72, 0xf6, 0x37, 0x47, 0x20, 0xb7, 0x15, 0xef,
-	0x1a, 0xb9, 0xde, 0x35, 0x72, 0xbd, 0x6b, 0xe4, 0x7a, 0xd7, 0xc8, 0xf5, 0xae, 0x91, 0xeb, 0x5d,
-	0x23, 0xd7, 0x51, 0x18, 0xb9, 0xfe, 0x8a, 0x05, 0x27, 0xd5, 0x59, 0x63, 0xdc, 0xae, 0x3f, 0x03,
-	0x53, 0x7c, 0xb9, 0x19, 0xde, 0xbb, 0xe2, 0x6c, 0xbd, 0x94, 0x39, 0x73, 0x13, 0x5e, 0xe6, 0x46,
-	0x41, 0xfe, 0x5c, 0x27, 0x03, 0x81, 0xb3, 0xaa, 0xb1, 0x7f, 0x71, 0x08, 0xfa, 0x97, 0x76, 0x89,
-	0x17, 0x1d, 0xc3, 0x3d, 0xa4, 0x06, 0x63, 0xae, 0xb7, 0xeb, 0x37, 0x76, 0x49, 0x9d, 0xe3, 0x0f,
-	0x73, 0x5d, 0x3e, 0x25, 0x58, 0x8f, 0xad, 0x18, 0x2c, 0x70, 0x82, 0xe5, 0x83, 0x30, 0x15, 0x5c,
-	0x86, 0x01, 0x7e, 0x52, 0x08, 0x3b, 0x41, 0xe6, 0x9e, 0xcd, 0x3a, 0x51, 0x9c, 0x7f, 0xb1, 0x19,
-	0x83, 0x9f, 0x44, 0xa2, 0x38, 0xfa, 0x34, 0x8c, 0x6d, 0xba, 0x41, 0x18, 0xad, 0xbb, 0x4d, 0x12,
-	0x46, 0x4e, 0xb3, 0x75, 0x1f, 0xa6, 0x01, 0xd5, 0x0f, 0xcb, 0x06, 0x27, 0x9c, 0xe0, 0x8c, 0xb6,
-	0x60, 0xb4, 0xe1, 0xe8, 0x55, 0x0d, 0x1e, 0xba, 0x2a, 0x75, 0x3a, 0x5c, 0xd3, 0x19, 0x61, 0x93,
-	0x2f, 0x5d, 0x4e, 0x35, 0xa6, 0xdd, 0x1e, 0x62, 0xba, 0x07, 0xb5, 0x9c, 0xb8, 0x5a, 0x9b, 0xe3,
-	0xa8, 0x34, 0xc5, 0x5c, 0xc4, 0x4b, 0xa6, 0x34, 0xa5, 0x39, 0x82, 0x7f, 0x0a, 0x4a, 0x84, 0x76,
-	0x21, 0x65, 0x2c, 0x0e, 0x98, 0x8b, 0xbd, 0xb5, 0x75, 0xd5, 0xad, 0x05, 0xbe, 0x69, 0x94, 0x59,
-	0x92, 0x9c, 0x70, 0xcc, 0x14, 0x2d, 0xc0, 0x40, 0x48, 0x02, 0x57, 0x29, 0x7e, 0x3b, 0x0c, 0x23,
-	0x23, 0xe3, 0xef, 0xc1, 0xf8, 0x6f, 0x2c, 0x8a, 0xd2, 0xe9, 0xe5, 0x30, 0xbd, 0x29, 0x3b, 0x0c,
-	0xb4, 0xe9, 0x35, 0xc7, 0xa0, 0x58, 0x60, 0xd1, 0x6b, 0x30, 0x18, 0x90, 0x06, 0xb3, 0xfa, 0x8d,
-	0xf6, 0x3e, 0xc9, 0xb9, 0x11, 0x91, 0x97, 0xc3, 0x92, 0x01, 0xba, 0x0a, 0x28, 0x20, 0x54, 0x1a,
-	0x73, 0xbd, 0x2d, 0xe5, 0x38, 0x2d, 0x36, 0x5a, 0x25, 0xf5, 0xe2, 0x98, 0x42, 0x3e, 0x05, 0xc4,
-	0x19, 0xc5, 0xd0, 0x65, 0x98, 0x54, 0xd0, 0x15, 0x2f, 0x8c, 0x1c, 0xba, 0xc1, 0x8d, 0x33, 0x5e,
-	0x4a, 0x19, 0x82, 0x93, 0x04, 0x38, 0x5d, 0xc6, 0xfe, 0x92, 0x05, 0xbc, 0x9f, 0x8f, 0x41, 0x05,
-	0xf0, 0xaa, 0xa9, 0x02, 0x38, 0x9d, 0x3b, 0x72, 0x39, 0xd7, 0xff, 0x2f, 0x59, 0x30, 0xac, 0x8d,
-	0x6c, 0x3c, 0x67, 0xad, 0x0e, 0x73, 0xb6, 0x0d, 0x13, 0x74, 0xa6, 0x5f, 0xdf, 0x08, 0x49, 0xb0,
-	0x4b, 0xea, 0x6c, 0x62, 0x16, 0xee, 0x6f, 0x62, 0x2a, 0x27, 0xcd, 0x6b, 0x09, 0x86, 0x38, 0x55,
-	0x85, 0xfd, 0x29, 0xd9, 0x54, 0xe5, 0xd3, 0x5a, 0x53, 0x63, 0x9e, 0xf0, 0x69, 0x55, 0xa3, 0x8a,
-	0x63, 0x1a, 0xba, 0xd4, 0xb6, 0xfd, 0x30, 0x4a, 0xfa, 0xb4, 0x5e, 0xf1, 0xc3, 0x08, 0x33, 0x8c,
-	0xfd, 0x3c, 0xc0, 0xd2, 0x1d, 0x52, 0xe3, 0x33, 0x56, 0xbf, 0xa1, 0x58, 0xf9, 0x37, 0x14, 0xfb,
-	0x77, 0x2c, 0x18, 0x5b, 0x5e, 0x30, 0x4e, 0xae, 0x59, 0x00, 0x7e, 0xad, 0xba, 0x75, 0x6b, 0x4d,
-	0xfa, 0x6a, 0x70, 0x73, 0xb5, 0x82, 0x62, 0x8d, 0x02, 0x9d, 0x86, 0x62, 0xa3, 0xed, 0x09, 0x1d,
-	0xe5, 0x20, 0x3d, 0x1e, 0xaf, 0xb5, 0x3d, 0x4c, 0x61, 0xda, 0x33, 0xa0, 0x62, 0xcf, 0xcf, 0x80,
-	0xba, 0x86, 0xff, 0x40, 0x65, 0xe8, 0xbf, 0x7d, 0xdb, 0xad, 0xf3, 0x47, 0xd6, 0xc2, 0x8f, 0xe4,
-	0xd6, 0xad, 0x95, 0xc5, 0x10, 0x73, 0xb8, 0xfd, 0x85, 0x22, 0xcc, 0x2c, 0x37, 0xc8, 0x9d, 0xb7,
-	0xf9, 0xd0, 0xbc, 0xd7, 0x47, 0x4c, 0x87, 0xd3, 0xf6, 0x1c, 0xf6, 0xa1, 0x5a, 0xf7, 0xfe, 0xd8,
-	0x84, 0x41, 0xee, 0xd2, 0x29, 0x9f, 0x9d, 0x67, 0xda, 0xe6, 0xf2, 0x3b, 0x64, 0x96, 0xbb, 0x86,
-	0x0a, 0xdb, 0x9c, 0x3a, 0x30, 0x05, 0x14, 0x4b, 0xe6, 0x33, 0x2f, 0xc3, 0x88, 0x4e, 0x79, 0xa8,
-	0x27, 0xa3, 0xdf, 0x53, 0x84, 0x09, 0xda, 0x82, 0x07, 0x3a, 0x10, 0x37, 0xd2, 0x03, 0x71, 0xd4,
-	0xcf, 0x06, 0xbb, 0x8f, 0xc6, 0x9b, 0xc9, 0xd1, 0xb8, 0x94, 0x37, 0x1a, 0xc7, 0x3d, 0x06, 0xdf,
-	0x6b, 0xc1, 0xd4, 0x72, 0xc3, 0xaf, 0xed, 0x24, 0x9e, 0xf6, 0xbd, 0x08, 0xc3, 0x74, 0x3b, 0x0e,
-	0x8d, 0x28, 0x17, 0x46, 0xdc, 0x13, 0x81, 0xc2, 0x3a, 0x9d, 0x56, 0xec, 0xc6, 0x8d, 0x95, 0xc5,
-	0xac, 0x70, 0x29, 0x02, 0x85, 0x75, 0x3a, 0xfb, 0xb7, 0x2c, 0x38, 0x73, 0x79, 0x61, 0x29, 0x9e,
-	0x8a, 0xa9, 0x88, 0x2d, 0xe7, 0x61, 0xa0, 0x55, 0xd7, 0x9a, 0x12, 0xeb, 0x70, 0x17, 0x59, 0x2b,
-	0x04, 0xf6, 0x9d, 0x12, 0x8d, 0xe8, 0x06, 0xc0, 0x65, 0x5c, 0x59, 0x10, 0xfb, 0xae, 0x34, 0xd9,
-	0x58, 0xb9, 0x26, 0x9b, 0x27, 0x60, 0x90, 0x9e, 0x0b, 0x6e, 0x4d, 0xb6, 0x9b, 0x5b, 0xdf, 0x39,
-	0x08, 0x4b, 0x9c, 0xfd, 0x73, 0x16, 0x4c, 0x5d, 0x76, 0x23, 0x7a, 0x68, 0x27, 0x43, 0x92, 0xd0,
-	0x53, 0x3b, 0x74, 0x23, 0x3f, 0xd8, 0x4b, 0x86, 0x24, 0xc1, 0x0a, 0x83, 0x35, 0x2a, 0xfe, 0x41,
-	0xbb, 0x2e, 0x7b, 0xa3, 0x50, 0x30, 0x8d, 0x64, 0x58, 0xc0, 0xb1, 0xa2, 0xa0, 0xfd, 0x55, 0x77,
-	0x03, 0xa6, 0x5f, 0xdc, 0x13, 0x1b, 0xb7, 0xea, 0xaf, 0x45, 0x89, 0xc0, 0x31, 0x8d, 0xfd, 0xc7,
-	0x16, 0x94, 0x2f, 0x37, 0xda, 0x61, 0x44, 0x82, 0xcd, 0x30, 0x67, 0xd3, 0x7d, 0x1e, 0x4a, 0x44,
-	0x6a, 0xf3, 0xe5, 0x63, 0x4a, 0x29, 0x88, 0x2a, 0x35, 0x3f, 0x8f, 0x8c, 0xa2, 0xe8, 0x7a, 0x78,
-	0x7f, 0x7c, 0xb8, 0x07, 0xa4, 0xcb, 0x80, 0x88, 0x5e, 0x97, 0x1e, 0x2a, 0x86, 0xc5, 0x9c, 0x58,
-	0x4a, 0x61, 0x71, 0x46, 0x09, 0xfb, 0xc7, 0x2d, 0x38, 0xa9, 0x3e, 0xf8, 0x1d, 0xf7, 0x99, 0xf6,
-	0x57, 0x0b, 0x30, 0x7a, 0x65, 0x7d, 0xbd, 0x72, 0x99, 0x44, 0xda, 0xac, 0xec, 0x6c, 0xa3, 0xc7,
-	0x9a, 0xa9, 0xb1, 0xd3, 0x1d, 0xb1, 0x1d, 0xb9, 0x8d, 0x59, 0x1e, 0x71, 0x6c, 0x76, 0xc5, 0x8b,
-	0xae, 0x07, 0xd5, 0x28, 0x70, 0xbd, 0xad, 0xcc, 0x99, 0x2e, 0x65, 0x96, 0x62, 0x9e, 0xcc, 0x82,
-	0x9e, 0x87, 0x01, 0x16, 0xf2, 0x4c, 0x0e, 0xc2, 0xc3, 0xea, 0x8a, 0xc5, 0xa0, 0x07, 0xfb, 0xe5,
-	0xd2, 0x0d, 0xbc, 0xc2, 0xff, 0x60, 0x41, 0x8a, 0x6e, 0xc0, 0xf0, 0x76, 0x14, 0xb5, 0xae, 0x10,
-	0xa7, 0x4e, 0x02, 0xb9, 0xcb, 0x9e, 0xcd, 0xda, 0x65, 0x69, 0x27, 0x70, 0xb2, 0x78, 0x63, 0x8a,
-	0x61, 0x21, 0xd6, 0xf9, 0xd8, 0x55, 0x80, 0x18, 0x77, 0x44, 0x56, 0x16, 0x7b, 0x1d, 0x4a, 0xf4,
-	0x73, 0xe7, 0x1a, 0xae, 0xd3, 0xd9, 0x8e, 0xfd, 0x34, 0x94, 0xa4, 0x95, 0x3a, 0x14, 0xf1, 0x11,
-	0xd8, 0x89, 0x24, 0x8d, 0xd8, 0x21, 0x8e, 0xf1, 0xf6, 0x26, 0x9c, 0x60, 0xbe, 0xaa, 0x4e, 0xb4,
-	0x6d, 0xcc, 0xbe, 0xee, 0xc3, 0xfc, 0x8c, 0xb8, 0xb1, 0xf1, 0x36, 0x4f, 0x6b, 0x0f, 0x7a, 0x47,
-	0x24, 0xc7, 0xf8, 0xf6, 0x66, 0x7f, 0xb3, 0x0f, 0x1e, 0x5e, 0xa9, 0xe6, 0x87, 0xec, 0x79, 0x09,
-	0x46, 0xb8, 0x20, 0x48, 0x07, 0xdd, 0x69, 0x88, 0x7a, 0x95, 0x6e, 0x73, 0x5d, 0xc3, 0x61, 0x83,
-	0x12, 0x9d, 0x81, 0xa2, 0xfb, 0x96, 0x97, 0x7c, 0xee, 0xb6, 0xf2, 0xfa, 0x1a, 0xa6, 0x70, 0x8a,
-	0xa6, 0x32, 0x25, 0xdf, 0xac, 0x15, 0x5a, 0xc9, 0x95, 0xaf, 0xc2, 0x98, 0x1b, 0xd6, 0x42, 0x77,
-	0xc5, 0xa3, 0x2b, 0x50, 0x5b, 0xc3, 0x4a, 0x9b, 0x40, 0x1b, 0xad, 0xb0, 0x38, 0x41, 0xad, 0x9d,
-	0x1c, 0xfd, 0x3d, 0xcb, 0xa5, 0x5d, 0x03, 0x06, 0xd0, 0x8d, 0xbd, 0xc5, 0xbe, 0x2e, 0x64, 0x9a,
-	0x70, 0xb1, 0xb1, 0xf3, 0x0f, 0x0e, 0xb1, 0xc4, 0xd1, 0xab, 0x5a, 0x6d, 0xdb, 0x69, 0xcd, 0xb5,
-	0xa3, 0xed, 0x45, 0x37, 0xac, 0xf9, 0xbb, 0x24, 0xd8, 0x63, 0xb7, 0xec, 0xa1, 0xf8, 0xaa, 0xa6,
-	0x10, 0x0b, 0x57, 0xe6, 0x2a, 0x94, 0x12, 0xa7, 0xcb, 0xa0, 0x39, 0x18, 0x97, 0xc0, 0x2a, 0x09,
-	0xd9, 0xe6, 0x3e, 0xcc, 0xd8, 0xa8, 0x07, 0x68, 0x02, 0xac, 0x98, 0x24, 0xe9, 0x4d, 0xd1, 0x15,
-	0x8e, 0x42, 0x74, 0xfd, 0x00, 0x8c, 0xba, 0x9e, 0x1b, 0xb9, 0x4e, 0xe4, 0x73, 0x33, 0x0e, 0xbf,
-	0x50, 0x33, 0xd5, 0xf1, 0x8a, 0x8e, 0xc0, 0x26, 0x9d, 0xfd, 0x9f, 0xfa, 0x60, 0x92, 0x0d, 0xdb,
-	0xbb, 0x33, 0xec, 0x3b, 0x69, 0x86, 0xdd, 0x48, 0xcf, 0xb0, 0xa3, 0x90, 0xc9, 0xef, 0x7b, 0x9a,
-	0x7d, 0x1a, 0x4a, 0xea, 0xcd, 0x9d, 0x7c, 0x74, 0x6b, 0xe5, 0x3c, 0xba, 0xed, 0x7e, 0x2e, 0x4b,
-	0xcf, 0xb0, 0x62, 0xa6, 0x67, 0xd8, 0x97, 0x2d, 0x88, 0x4d, 0x06, 0xe8, 0x75, 0x28, 0xb5, 0x7c,
-	0xe6, 0x68, 0x1a, 0x48, 0xef, 0xed, 0xc7, 0x3b, 0xda, 0x1c, 0x78, 0xd4, 0xb2, 0x80, 0xf7, 0x42,
-	0x45, 0x16, 0xc5, 0x31, 0x17, 0x74, 0x15, 0x06, 0x5b, 0x01, 0xa9, 0x46, 0x2c, 0xa4, 0x4e, 0xef,
-	0x0c, 0xf9, 0xac, 0xe1, 0x05, 0xb1, 0xe4, 0x60, 0xff, 0x67, 0x0b, 0x26, 0x92, 0xa4, 0xe8, 0x43,
-	0xd0, 0x47, 0xee, 0x90, 0x9a, 0x68, 0x6f, 0xe6, 0x21, 0x1b, 0x2b, 0x1d, 0x78, 0x07, 0xd0, 0xff,
-	0x98, 0x95, 0x42, 0x57, 0x60, 0x90, 0x9e, 0xb0, 0x97, 0x55, 0xf8, 0xb8, 0x47, 0xf3, 0x4e, 0x69,
-	0x25, 0xaa, 0xf0, 0xc6, 0x09, 0x10, 0x96, 0xc5, 0x99, 0x3b, 0x56, 0xad, 0x55, 0xa5, 0x97, 0x97,
-	0xa8, 0xd3, 0x1d, 0x7b, 0x7d, 0xa1, 0xc2, 0x89, 0x04, 0x37, 0xee, 0x8e, 0x25, 0x81, 0x38, 0x66,
-	0x62, 0xff, 0xbc, 0x05, 0xc0, 0xbd, 0xcf, 0x1c, 0x6f, 0x8b, 0x1c, 0x83, 0x9e, 0x7c, 0x11, 0xfa,
-	0xc2, 0x16, 0xa9, 0x75, 0xf2, 0x81, 0x8e, 0xdb, 0x53, 0x6d, 0x91, 0x5a, 0x3c, 0xe3, 0xe8, 0x3f,
-	0xcc, 0x4a, 0xdb, 0xdf, 0x07, 0x30, 0x16, 0x93, 0xad, 0x44, 0xa4, 0x89, 0x9e, 0x35, 0x02, 0x75,
-	0x9c, 0x4e, 0x04, 0xea, 0x28, 0x31, 0x6a, 0x4d, 0x25, 0xfb, 0x69, 0x28, 0x36, 0x9d, 0x3b, 0x42,
-	0xe7, 0xf6, 0x74, 0xe7, 0x66, 0x50, 0xfe, 0xb3, 0xab, 0xce, 0x1d, 0x7e, 0x2d, 0x7d, 0x5a, 0xae,
-	0x90, 0x55, 0xe7, 0x4e, 0x57, 0x3f, 0x5d, 0x5a, 0x09, 0xab, 0xcb, 0xf5, 0x84, 0x63, 0x55, 0x4f,
-	0x75, 0xb9, 0x5e, 0xb2, 0x2e, 0xd7, 0xeb, 0xa1, 0x2e, 0xd7, 0x43, 0x77, 0x61, 0x50, 0xf8, 0x3d,
-	0x8a, 0x50, 0x5e, 0x17, 0x7b, 0xa8, 0x4f, 0xb8, 0x4d, 0xf2, 0x3a, 0x2f, 0xca, 0x6b, 0xb7, 0x80,
-	0x76, 0xad, 0x57, 0x56, 0x88, 0xfe, 0xaa, 0x05, 0x63, 0xe2, 0x37, 0x26, 0x6f, 0xb5, 0x49, 0x18,
-	0x09, 0xb1, 0xf4, 0xfd, 0xbd, 0xb7, 0x41, 0x14, 0xe4, 0x4d, 0x79, 0xbf, 0x3c, 0x67, 0x4c, 0x64,
-	0xd7, 0x16, 0x25, 0x5a, 0x81, 0xfe, 0xae, 0x05, 0x27, 0x9a, 0xce, 0x1d, 0x5e, 0x23, 0x87, 0x61,
-	0x27, 0x72, 0x7d, 0xe1, 0x3f, 0xf0, 0xa1, 0xde, 0x86, 0x3f, 0x55, 0x9c, 0x37, 0x52, 0xda, 0x1f,
-	0x4f, 0x64, 0x91, 0x74, 0x6d, 0x6a, 0x66, 0xbb, 0x66, 0x36, 0x61, 0x48, 0xce, 0xb7, 0x07, 0xe9,
-	0x64, 0xcd, 0xea, 0x11, 0x73, 0xed, 0x81, 0xd6, 0xf3, 0x69, 0x18, 0xd1, 0xe7, 0xd8, 0x03, 0xad,
-	0xeb, 0x2d, 0x98, 0xca, 0x98, 0x4b, 0x0f, 0xb4, 0xca, 0xdb, 0x70, 0x3a, 0x77, 0x7e, 0x3c, 0x50,
-	0x27, 0xf9, 0xaf, 0x5a, 0xfa, 0x3e, 0x78, 0x0c, 0xc6, 0x8a, 0x05, 0xd3, 0x58, 0x71, 0xb6, 0xf3,
-	0xca, 0xc9, 0xb1, 0x58, 0xbc, 0xa9, 0x37, 0x9a, 0xee, 0xea, 0xe8, 0x35, 0x18, 0x68, 0x50, 0x88,
-	0xf4, 0x9e, 0xb5, 0xbb, 0xaf, 0xc8, 0x58, 0x98, 0x64, 0xf0, 0x10, 0x0b, 0x0e, 0xf6, 0x2f, 0x59,
-	0xd0, 0x77, 0x0c, 0x3d, 0x81, 0xcd, 0x9e, 0x78, 0x36, 0x97, 0xb5, 0x88, 0x6a, 0x3e, 0x8b, 0x9d,
-	0xdb, 0x4b, 0x77, 0x22, 0xe2, 0x85, 0xec, 0x44, 0xce, 0xec, 0x98, 0x9f, 0xb6, 0x60, 0xea, 0x9a,
-	0xef, 0xd4, 0xe7, 0x9d, 0x86, 0xe3, 0xd5, 0x48, 0xb0, 0xe2, 0x6d, 0x1d, 0xca, 0xf5, 0xbb, 0xd0,
-	0xd5, 0xf5, 0x7b, 0x41, 0x7a, 0x4e, 0xf5, 0xe5, 0x8f, 0x1f, 0x95, 0xa4, 0x93, 0xa1, 0x8b, 0x0c,
-	0x1f, 0xdf, 0x6d, 0x40, 0x7a, 0x2b, 0xc5, 0x03, 0x28, 0x0c, 0x83, 0x2e, 0x6f, 0xaf, 0x18, 0xc4,
-	0x27, 0xb3, 0x25, 0xdc, 0xd4, 0xe7, 0x69, 0x4f, 0x7b, 0x38, 0x00, 0x4b, 0x46, 0xf6, 0x4b, 0x90,
-	0x19, 0x6a, 0xa2, 0xbb, 0x5e, 0xc2, 0xfe, 0x18, 0x4c, 0xb2, 0x92, 0x87, 0xd4, 0x0c, 0xd8, 0x09,
-	0x6d, 0x6a, 0x46, 0xd8, 0x4c, 0xfb, 0xf3, 0x16, 0x8c, 0xaf, 0x25, 0xa2, 0x09, 0x9e, 0x67, 0xf6,
-	0xd7, 0x0c, 0x25, 0x7e, 0x95, 0x41, 0xb1, 0xc0, 0x1e, 0xb9, 0x92, 0xeb, 0xcf, 0x2d, 0x88, 0xa3,
-	0xbf, 0x1c, 0x83, 0xf8, 0xb6, 0x60, 0x88, 0x6f, 0x99, 0x82, 0xac, 0x6a, 0x4e, 0x9e, 0xf4, 0x86,
-	0xae, 0xaa, 0xb8, 0x68, 0x1d, 0x64, 0xd8, 0x98, 0x0d, 0x9f, 0x8a, 0x63, 0x66, 0xf0, 0x34, 0x19,
-	0x29, 0xcd, 0xfe, 0xdd, 0x02, 0x20, 0x45, 0xdb, 0x73, 0xdc, 0xb6, 0x74, 0x89, 0xa3, 0x89, 0xdb,
-	0xb6, 0x0b, 0x88, 0x79, 0x10, 0x04, 0x8e, 0x17, 0x72, 0xb6, 0xae, 0x50, 0xeb, 0x1d, 0xce, 0x3d,
-	0x61, 0x46, 0xbe, 0x0d, 0xbb, 0x96, 0xe2, 0x86, 0x33, 0x6a, 0xd0, 0x3c, 0x43, 0xfa, 0x7b, 0xf5,
-	0x0c, 0x19, 0xe8, 0xf2, 0xc8, 0xf1, 0x2b, 0x16, 0x8c, 0xaa, 0x6e, 0x7a, 0x87, 0xb8, 0xc2, 0xab,
-	0xf6, 0xe4, 0x6c, 0xa0, 0x15, 0xad, 0xc9, 0xec, 0x60, 0xf9, 0x2e, 0xf6, 0x58, 0xd5, 0x69, 0xb8,
-	0x77, 0x89, 0x8a, 0xf3, 0x59, 0x16, 0x8f, 0x4f, 0x05, 0xf4, 0x60, 0xbf, 0x3c, 0xaa, 0xfe, 0xf1,
-	0x38, 0xe6, 0x71, 0x11, 0xba, 0x25, 0x8f, 0x27, 0xa6, 0x22, 0x7a, 0x11, 0xfa, 0x5b, 0xdb, 0x4e,
-	0x48, 0x12, 0x4f, 0x86, 0xfa, 0x2b, 0x14, 0x78, 0xb0, 0x5f, 0x1e, 0x53, 0x05, 0x18, 0x04, 0x73,
-	0xea, 0xde, 0xa3, 0xe1, 0xa5, 0x27, 0x67, 0xd7, 0x68, 0x78, 0x7f, 0x6a, 0x41, 0xdf, 0x9a, 0x5f,
-	0x3f, 0x8e, 0x2d, 0xe0, 0x55, 0x63, 0x0b, 0x78, 0x24, 0x2f, 0xc5, 0x44, 0xee, 0xea, 0x5f, 0x4e,
-	0xac, 0xfe, 0xb3, 0xb9, 0x1c, 0x3a, 0x2f, 0xfc, 0x26, 0x0c, 0xb3, 0xc4, 0x15, 0xe2, 0x79, 0xd4,
-	0xf3, 0xc6, 0x82, 0x2f, 0x27, 0x16, 0xfc, 0xb8, 0x46, 0xaa, 0xad, 0xf4, 0xa7, 0x60, 0x50, 0xbc,
-	0xb7, 0x49, 0xbe, 0xf9, 0x15, 0xb4, 0x58, 0xe2, 0xed, 0x9f, 0x28, 0x82, 0x91, 0x28, 0x03, 0xfd,
-	0x8a, 0x05, 0xb3, 0x01, 0xf7, 0xc3, 0xad, 0x2f, 0xb6, 0x03, 0xd7, 0xdb, 0xaa, 0xd6, 0xb6, 0x49,
-	0xbd, 0xdd, 0x70, 0xbd, 0xad, 0x95, 0x2d, 0xcf, 0x57, 0xe0, 0xa5, 0x3b, 0xa4, 0xd6, 0x66, 0x66,
-	0xb7, 0x2e, 0x59, 0x39, 0x94, 0x3f, 0xfb, 0x73, 0xf7, 0xf6, 0xcb, 0xb3, 0xf8, 0x50, 0xbc, 0xf1,
-	0x21, 0xdb, 0x82, 0x7e, 0xcb, 0x82, 0x8b, 0x3c, 0x7f, 0x44, 0xef, 0xed, 0xef, 0x70, 0x5b, 0xae,
-	0x48, 0x56, 0x31, 0x93, 0x75, 0x12, 0x34, 0xe7, 0x3f, 0x20, 0x3a, 0xf4, 0x62, 0xe5, 0x70, 0x75,
-	0xe1, 0xc3, 0x36, 0xce, 0xfe, 0xc7, 0x45, 0x18, 0x15, 0x51, 0xd3, 0xc4, 0x19, 0xf0, 0xa2, 0x31,
-	0x25, 0x1e, 0x4d, 0x4c, 0x89, 0x49, 0x83, 0xf8, 0x68, 0xb6, 0xff, 0x10, 0x26, 0xe9, 0xe6, 0x7c,
-	0x85, 0x38, 0x41, 0xb4, 0x41, 0x1c, 0xee, 0xf0, 0x55, 0x3c, 0xf4, 0xee, 0xaf, 0xf4, 0x93, 0xd7,
-	0x92, 0xcc, 0x70, 0x9a, 0xff, 0x77, 0xd2, 0x99, 0xe3, 0xc1, 0x44, 0x2a, 0xf0, 0xdd, 0x1b, 0x50,
-	0x52, 0x8f, 0x45, 0xc4, 0xa6, 0xd3, 0x39, 0x7e, 0x64, 0x92, 0x03, 0x57, 0x7f, 0xc5, 0x0f, 0x95,
-	0x62, 0x76, 0xf6, 0xdf, 0x2f, 0x18, 0x15, 0xf2, 0x41, 0x5c, 0x83, 0x21, 0x27, 0x0c, 0xdd, 0x2d,
-	0x8f, 0xd4, 0x3b, 0x69, 0x28, 0x53, 0xd5, 0xb0, 0x07, 0x3b, 0x73, 0xa2, 0x24, 0x56, 0x3c, 0xd0,
-	0x15, 0xee, 0x56, 0xb7, 0x4b, 0x3a, 0xa9, 0x27, 0x53, 0xdc, 0x40, 0x3a, 0xde, 0xed, 0x12, 0x2c,
-	0xca, 0xa3, 0x4f, 0x70, 0xbf, 0xc7, 0xab, 0x9e, 0x7f, 0xdb, 0xbb, 0xec, 0xfb, 0x32, 0xe8, 0x46,
-	0x6f, 0x0c, 0x27, 0xa5, 0xb7, 0xa3, 0x2a, 0x8e, 0x4d, 0x6e, 0xbd, 0x45, 0x92, 0xfd, 0x0c, 0xb0,
-	0x78, 0xf9, 0xe6, 0xdb, 0xec, 0x10, 0x11, 0x18, 0x17, 0x21, 0xf9, 0x24, 0x4c, 0xf4, 0x5d, 0xe6,
-	0x55, 0xce, 0x2c, 0x1d, 0x2b, 0xd2, 0xaf, 0x9a, 0x2c, 0x70, 0x92, 0xa7, 0xfd, 0xb3, 0x16, 0xb0,
-	0x77, 0xaa, 0xc7, 0x20, 0x8f, 0x7c, 0xd8, 0x94, 0x47, 0xa6, 0xf3, 0x3a, 0x39, 0x47, 0x14, 0x79,
-	0x81, 0xcf, 0xac, 0x4a, 0xe0, 0xdf, 0xd9, 0x13, 0xce, 0x2a, 0xdd, 0xef, 0x1f, 0xf6, 0xff, 0xb6,
-	0xf8, 0x26, 0x16, 0xbf, 0xea, 0xff, 0x2c, 0x0c, 0xd5, 0x9c, 0x96, 0x53, 0xe3, 0x59, 0x9d, 0x72,
-	0x35, 0x7a, 0x46, 0xa1, 0xd9, 0x05, 0x51, 0x82, 0x6b, 0xa8, 0x64, 0x68, 0xc7, 0x21, 0x09, 0xee,
-	0xaa, 0x95, 0x52, 0x55, 0xce, 0xec, 0xc0, 0xa8, 0xc1, 0xec, 0x81, 0xaa, 0x33, 0x3e, 0xcb, 0x8f,
-	0x58, 0x15, 0x8a, 0xb4, 0x09, 0x93, 0x9e, 0xf6, 0x9f, 0x1e, 0x28, 0xf2, 0x72, 0xf9, 0x78, 0xb7,
-	0x43, 0x94, 0x9d, 0x3e, 0xda, 0x13, 0xd8, 0x04, 0x1b, 0x9c, 0xe6, 0x6c, 0xff, 0xa4, 0x05, 0x0f,
-	0xe9, 0x84, 0xda, 0x2b, 0x9b, 0x6e, 0x46, 0x92, 0x45, 0x18, 0xf2, 0x5b, 0x24, 0x70, 0x22, 0x3f,
-	0x10, 0xa7, 0xc6, 0x05, 0xd9, 0xe9, 0xd7, 0x05, 0xfc, 0x40, 0xe4, 0x28, 0x90, 0xdc, 0x25, 0x1c,
-	0xab, 0x92, 0xf4, 0xf6, 0xc9, 0x3a, 0x23, 0x14, 0xef, 0xa9, 0xd8, 0x1e, 0xc0, 0x2c, 0xe9, 0x21,
-	0x16, 0x18, 0xfb, 0x9b, 0x16, 0x9f, 0x58, 0x7a, 0xd3, 0xd1, 0x5b, 0x30, 0xd1, 0x74, 0xa2, 0xda,
-	0xf6, 0xd2, 0x9d, 0x56, 0xc0, 0x4d, 0x4e, 0xb2, 0x9f, 0x9e, 0xee, 0xd6, 0x4f, 0xda, 0x47, 0xc6,
-	0xae, 0x9c, 0xab, 0x09, 0x66, 0x38, 0xc5, 0x1e, 0x6d, 0xc0, 0x30, 0x83, 0xb1, 0xa7, 0x82, 0x61,
-	0x27, 0xd1, 0x20, 0xaf, 0x36, 0xe5, 0x8c, 0xb0, 0x1a, 0xf3, 0xc1, 0x3a, 0x53, 0xfb, 0xcb, 0x45,
-	0xbe, 0xda, 0x99, 0x28, 0xff, 0x14, 0x0c, 0xb6, 0xfc, 0xfa, 0xc2, 0xca, 0x22, 0x16, 0xa3, 0xa0,
-	0x8e, 0x91, 0x0a, 0x07, 0x63, 0x89, 0x47, 0x17, 0x60, 0x48, 0xfc, 0x94, 0x26, 0x42, 0xb6, 0x37,
-	0x0b, 0xba, 0x10, 0x2b, 0x2c, 0x7a, 0x0e, 0xa0, 0x15, 0xf8, 0xbb, 0x6e, 0x9d, 0x85, 0x0e, 0x29,
-	0x9a, 0x7e, 0x44, 0x15, 0x85, 0xc1, 0x1a, 0x15, 0x7a, 0x05, 0x46, 0xdb, 0x5e, 0xc8, 0xc5, 0x11,
-	0x2d, 0x9a, 0xb2, 0xf2, 0x70, 0xb9, 0xa1, 0x23, 0xb1, 0x49, 0x8b, 0xe6, 0x60, 0x20, 0x72, 0x98,
-	0x5f, 0x4c, 0x7f, 0xbe, 0xbb, 0xef, 0x3a, 0xa5, 0xd0, 0x13, 0x08, 0xd1, 0x02, 0x58, 0x14, 0x44,
-	0x6f, 0xc8, 0x57, 0xbb, 0x7c, 0x63, 0x17, 0x7e, 0xf6, 0xbd, 0x1d, 0x02, 0xda, 0x9b, 0x5d, 0xe1,
-	0xbf, 0x6f, 0xf0, 0x42, 0x2f, 0x03, 0x90, 0x3b, 0x11, 0x09, 0x3c, 0xa7, 0xa1, 0xbc, 0xd9, 0x94,
-	0x5c, 0xb0, 0xe8, 0xaf, 0xf9, 0xd1, 0x8d, 0x90, 0x2c, 0x29, 0x0a, 0xac, 0x51, 0xdb, 0xbf, 0x55,
-	0x02, 0x88, 0xe5, 0x76, 0x74, 0x37, 0xb5, 0x71, 0x3d, 0xd3, 0x59, 0xd2, 0x3f, 0xba, 0x5d, 0x0b,
-	0x7d, 0xbf, 0x05, 0xc3, 0x22, 0x42, 0x0a, 0x1b, 0xa1, 0x42, 0xe7, 0x8d, 0xd3, 0x0c, 0xd4, 0x42,
-	0x4b, 0xf0, 0x26, 0x3c, 0x2f, 0x67, 0xa8, 0x86, 0xe9, 0xda, 0x0a, 0xbd, 0x62, 0xf4, 0x3e, 0x79,
-	0x55, 0x2c, 0x1a, 0x5d, 0xa9, 0xae, 0x8a, 0x25, 0x76, 0x46, 0xe8, 0xb7, 0xc4, 0x1b, 0xc6, 0x2d,
-	0xb1, 0x2f, 0xff, 0x59, 0xa2, 0x21, 0xbe, 0x76, 0xbb, 0x20, 0xa2, 0x8a, 0x1e, 0xa2, 0xa0, 0x3f,
-	0xff, 0x79, 0x9e, 0x76, 0x4f, 0xea, 0x12, 0x9e, 0xe0, 0xd3, 0x30, 0x5e, 0x37, 0x85, 0x00, 0x31,
-	0x13, 0x9f, 0xcc, 0xe3, 0x9b, 0x90, 0x19, 0xe2, 0x63, 0x3f, 0x81, 0xc0, 0x49, 0xc6, 0xa8, 0xc2,
-	0x23, 0x56, 0xac, 0x78, 0x9b, 0xbe, 0x78, 0xeb, 0x61, 0xe7, 0x8e, 0xe5, 0x5e, 0x18, 0x91, 0x26,
-	0xa5, 0x8c, 0x4f, 0xf7, 0x35, 0x51, 0x16, 0x2b, 0x2e, 0xe8, 0x35, 0x18, 0x60, 0xef, 0xb3, 0xc2,
-	0xe9, 0xa1, 0x7c, 0x8d, 0xb3, 0x19, 0xba, 0x2f, 0x5e, 0x90, 0xec, 0x6f, 0x88, 0x05, 0x07, 0x74,
-	0x45, 0xbe, 0x7e, 0x0c, 0x57, 0xbc, 0x1b, 0x21, 0x61, 0xaf, 0x1f, 0x4b, 0xf3, 0x8f, 0xc7, 0x0f,
-	0x1b, 0x39, 0x3c, 0x33, 0xcd, 0xa0, 0x51, 0x92, 0x4a, 0x51, 0xe2, 0xbf, 0xcc, 0x5e, 0x28, 0x02,
-	0x0d, 0x65, 0x36, 0xcf, 0xcc, 0x70, 0x18, 0x77, 0xe7, 0x4d, 0x93, 0x05, 0x4e, 0xf2, 0xa4, 0x12,
-	0x29, 0x5f, 0xf5, 0xe2, 0xb5, 0x48, 0xb7, 0xbd, 0x83, 0x5f, 0xc4, 0xd9, 0x69, 0xc4, 0x21, 0x58,
-	0x94, 0x3f, 0x56, 0xf1, 0x60, 0xc6, 0x83, 0x89, 0xe4, 0x12, 0x7d, 0xa0, 0xe2, 0xc8, 0x1f, 0xf6,
-	0xc1, 0x98, 0x39, 0xa5, 0xd0, 0x45, 0x28, 0x09, 0x26, 0x2a, 0x03, 0x88, 0x5a, 0x25, 0xab, 0x12,
-	0x81, 0x63, 0x1a, 0x96, 0xf8, 0x85, 0x15, 0xd7, 0xdc, 0x83, 0xe3, 0xc4, 0x2f, 0x0a, 0x83, 0x35,
-	0x2a, 0x7a, 0xb1, 0xda, 0xf0, 0xfd, 0x48, 0x1d, 0x48, 0x6a, 0xde, 0xcd, 0x33, 0x28, 0x16, 0x58,
-	0x7a, 0x10, 0xed, 0x90, 0xc0, 0x23, 0x0d, 0x33, 0xf2, 0xb6, 0x3a, 0x88, 0xae, 0xea, 0x48, 0x6c,
-	0xd2, 0xd2, 0xe3, 0xd4, 0x0f, 0xd9, 0x44, 0x16, 0xd7, 0xb7, 0xd8, 0xdd, 0xba, 0xca, 0x5f, 0x79,
-	0x4b, 0x3c, 0xfa, 0x18, 0x3c, 0xa4, 0x02, 0x67, 0x61, 0x6e, 0xcd, 0x90, 0x35, 0x0e, 0x18, 0xda,
-	0x96, 0x87, 0x16, 0xb2, 0xc9, 0x70, 0x5e, 0x79, 0xf4, 0x2a, 0x8c, 0x09, 0x11, 0x5f, 0x72, 0x1c,
-	0x34, 0x3d, 0x8c, 0xae, 0x1a, 0x58, 0x9c, 0xa0, 0x96, 0xb1, 0xc3, 0x99, 0x94, 0x2d, 0x39, 0x0c,
-	0xa5, 0x63, 0x87, 0xeb, 0x78, 0x9c, 0x2a, 0x81, 0xe6, 0x60, 0x9c, 0xcb, 0x60, 0xae, 0xb7, 0xc5,
-	0xc7, 0x44, 0x3c, 0xe6, 0x52, 0x4b, 0xea, 0xba, 0x89, 0xc6, 0x49, 0x7a, 0xf4, 0x12, 0x8c, 0x38,
-	0x41, 0x6d, 0xdb, 0x8d, 0x48, 0x2d, 0x6a, 0x07, 0xfc, 0x95, 0x97, 0xe6, 0xa2, 0x35, 0xa7, 0xe1,
-	0xb0, 0x41, 0x69, 0xdf, 0x85, 0xa9, 0x8c, 0xf0, 0x0f, 0x74, 0xe2, 0x38, 0x2d, 0x57, 0x7e, 0x53,
-	0xc2, 0xc3, 0x79, 0xae, 0xb2, 0x22, 0xbf, 0x46, 0xa3, 0xa2, 0xb3, 0x93, 0x85, 0x89, 0xd0, 0x92,
-	0x95, 0xaa, 0xd9, 0xb9, 0x2c, 0x11, 0x38, 0xa6, 0xb1, 0xff, 0x5b, 0x01, 0xc6, 0x33, 0x6c, 0x2b,
-	0x2c, 0x61, 0x66, 0xe2, 0x92, 0x12, 0xe7, 0xc7, 0x34, 0x43, 0xd1, 0x17, 0x0e, 0x11, 0x8a, 0xbe,
-	0xd8, 0x2d, 0x14, 0x7d, 0xdf, 0xdb, 0x09, 0x45, 0x6f, 0xf6, 0x58, 0x7f, 0x4f, 0x3d, 0x96, 0x11,
-	0xbe, 0x7e, 0xe0, 0x90, 0xe1, 0xeb, 0x8d, 0x4e, 0x1f, 0xec, 0xa1, 0xd3, 0x7f, 0xb4, 0x00, 0x13,
-	0x49, 0x57, 0xd2, 0x63, 0xd0, 0xdb, 0xbe, 0x66, 0xe8, 0x6d, 0x2f, 0xf4, 0xf2, 0xf8, 0x36, 0x57,
-	0x87, 0x8b, 0x13, 0x3a, 0xdc, 0xf7, 0xf6, 0xc4, 0xad, 0xb3, 0x3e, 0xf7, 0xa7, 0x0a, 0x70, 0x32,
-	0xf3, 0xf5, 0xef, 0x31, 0xf4, 0xcd, 0x75, 0xa3, 0x6f, 0x9e, 0xed, 0xf9, 0x61, 0x72, 0x6e, 0x07,
-	0xdd, 0x4a, 0x74, 0xd0, 0xc5, 0xde, 0x59, 0x76, 0xee, 0xa5, 0xaf, 0x17, 0xe1, 0x6c, 0x66, 0xb9,
-	0x58, 0xed, 0xb9, 0x6c, 0xa8, 0x3d, 0x9f, 0x4b, 0xa8, 0x3d, 0xed, 0xce, 0xa5, 0x8f, 0x46, 0x0f,
-	0x2a, 0x1e, 0xe8, 0xb2, 0x30, 0x03, 0xf7, 0xa9, 0x03, 0x35, 0x1e, 0xe8, 0x2a, 0x46, 0xd8, 0xe4,
-	0xfb, 0x9d, 0xa4, 0xfb, 0xfc, 0x97, 0x16, 0x9c, 0xce, 0x1c, 0x9b, 0x63, 0xd0, 0x75, 0xad, 0x99,
-	0xba, 0xae, 0xa7, 0x7a, 0x9e, 0xad, 0x39, 0xca, 0xaf, 0x9f, 0xe9, 0xcf, 0xf9, 0x16, 0x76, 0x93,
-	0xbf, 0x0e, 0xc3, 0x4e, 0xad, 0x46, 0xc2, 0x70, 0xd5, 0xaf, 0xab, 0x40, 0xd8, 0xcf, 0xb2, 0x7b,
-	0x56, 0x0c, 0x3e, 0xd8, 0x2f, 0xcf, 0x24, 0x59, 0xc4, 0x68, 0xac, 0x73, 0x40, 0x9f, 0x80, 0xa1,
-	0x50, 0x9c, 0x9b, 0x62, 0xec, 0x9f, 0xef, 0xb1, 0x73, 0x9c, 0x0d, 0xd2, 0x30, 0x23, 0x2e, 0x29,
-	0x4d, 0x85, 0x62, 0x69, 0x46, 0x67, 0x29, 0x1c, 0x69, 0x74, 0x96, 0xe7, 0x00, 0x76, 0xd5, 0x65,
-	0x20, 0xa9, 0x7f, 0xd0, 0xae, 0x09, 0x1a, 0x15, 0xfa, 0x08, 0x4c, 0x84, 0x3c, 0x24, 0xe1, 0x42,
-	0xc3, 0x09, 0xd9, 0x3b, 0x1a, 0x31, 0x0b, 0x59, 0x54, 0xa7, 0x6a, 0x02, 0x87, 0x53, 0xd4, 0x68,
-	0x59, 0xd6, 0xca, 0xe2, 0x27, 0xf2, 0x89, 0x79, 0x3e, 0xae, 0x51, 0xa4, 0xeb, 0x3e, 0x91, 0xec,
-	0x7e, 0xd6, 0xf1, 0x5a, 0x49, 0xf4, 0x09, 0x00, 0x3a, 0x7d, 0x84, 0x1e, 0x62, 0x30, 0x7f, 0xf3,
-	0xa4, 0xbb, 0x4a, 0x3d, 0xd3, 0xb9, 0x99, 0xbd, 0xa9, 0x5d, 0x54, 0x4c, 0xb0, 0xc6, 0x10, 0x39,
-	0x30, 0x1a, 0xff, 0x8b, 0xb3, 0xd9, 0x5e, 0xc8, 0xad, 0x21, 0xc9, 0x9c, 0xa9, 0xbc, 0x17, 0x75,
-	0x16, 0xd8, 0xe4, 0x68, 0xff, 0xf8, 0x20, 0x3c, 0xdc, 0x61, 0x1b, 0x46, 0x73, 0xa6, 0xa9, 0xf7,
-	0xe9, 0xe4, 0xfd, 0x7d, 0x26, 0xb3, 0xb0, 0x71, 0xa1, 0x4f, 0xcc, 0xf6, 0xc2, 0xdb, 0x9e, 0xed,
-	0x3f, 0x6c, 0x69, 0x9a, 0x15, 0xee, 0x54, 0xfa, 0xe1, 0x43, 0x1e, 0x2f, 0x47, 0xa8, 0x6a, 0xd9,
-	0xcc, 0xd0, 0x57, 0x3c, 0xd7, 0x73, 0x73, 0x7a, 0x57, 0x60, 0x7c, 0x35, 0x3b, 0x0e, 0x2f, 0x57,
-	0x65, 0x5c, 0x3e, 0xec, 0xf7, 0x1f, 0x57, 0x4c, 0xde, 0x8f, 0xc9, 0xe8, 0x4b, 0xbc, 0x5e, 0xb1,
-	0xd6, 0x5e, 0x8c, 0xc3, 0x29, 0xa9, 0xb3, 0xf4, 0xd1, 0xcc, 0xe6, 0xea, 0x44, 0xd8, 0x60, 0x75,
-	0xbc, 0x57, 0xef, 0x6f, 0x51, 0x10, 0xe0, 0xdf, 0xb1, 0xe0, 0x4c, 0xc7, 0x88, 0x30, 0xdf, 0x86,
-	0xb2, 0xa1, 0xfd, 0x39, 0x0b, 0xb2, 0x07, 0xdb, 0xf0, 0x28, 0xbb, 0x08, 0xa5, 0x5a, 0x22, 0xef,
-	0x66, 0x1c, 0x1b, 0x41, 0xe5, 0xdc, 0x8c, 0x69, 0x0c, 0xc7, 0xb1, 0x42, 0x57, 0xc7, 0xb1, 0x5f,
-	0xb7, 0x20, 0xb5, 0xbf, 0x1f, 0x83, 0xa0, 0xb1, 0x62, 0x0a, 0x1a, 0x8f, 0xf7, 0xd2, 0x9b, 0x39,
-	0x32, 0xc6, 0x9f, 0x8c, 0xc3, 0xa9, 0x9c, 0x17, 0x79, 0xbb, 0x30, 0xb9, 0x55, 0x23, 0xe6, 0xe3,
-	0xea, 0x4e, 0x41, 0x87, 0x3a, 0xbe, 0xc4, 0xe6, 0xe9, 0x4e, 0x53, 0x24, 0x38, 0x5d, 0x05, 0xfa,
-	0x9c, 0x05, 0x27, 0x9c, 0xdb, 0xe1, 0x12, 0x15, 0x18, 0xdd, 0xda, 0x7c, 0xc3, 0xaf, 0xed, 0xd0,
-	0xd3, 0x58, 0x2e, 0x84, 0x17, 0x32, 0x95, 0x78, 0xb7, 0xaa, 0x29, 0x7a, 0xa3, 0x7a, 0x96, 0xdc,
-	0x3a, 0x8b, 0x0a, 0x67, 0xd6, 0x85, 0xb0, 0x48, 0xed, 0x41, 0xaf, 0xa3, 0x1d, 0x9e, 0xff, 0x67,
-	0x3d, 0x9d, 0xe4, 0x12, 0x90, 0xc4, 0x60, 0xc5, 0x07, 0x7d, 0x0a, 0x4a, 0x5b, 0xf2, 0xa5, 0x6f,
-	0x86, 0x84, 0x15, 0x77, 0x64, 0xe7, 0xf7, 0xcf, 0xdc, 0x12, 0xaf, 0x88, 0x70, 0xcc, 0x14, 0xbd,
-	0x0a, 0x45, 0x6f, 0x33, 0xec, 0x94, 0x1f, 0x3a, 0xe1, 0x72, 0xc9, 0x83, 0x6c, 0xac, 0x2d, 0x57,
-	0x31, 0x2d, 0x88, 0xae, 0x40, 0x31, 0xd8, 0xa8, 0x0b, 0x0d, 0x74, 0xe6, 0x22, 0xc5, 0xf3, 0x8b,
-	0x39, 0xad, 0x62, 0x9c, 0xf0, 0xfc, 0x22, 0xa6, 0x2c, 0x50, 0x05, 0xfa, 0xd9, 0x33, 0x36, 0x21,
-	0xcf, 0x64, 0xde, 0xdc, 0x3a, 0x3c, 0x07, 0xe5, 0x91, 0x38, 0x18, 0x01, 0xe6, 0x8c, 0xd0, 0x3a,
-	0x0c, 0xd4, 0x58, 0x2e, 0x61, 0x21, 0xc0, 0xbc, 0x2f, 0x53, 0xd7, 0xdc, 0x21, 0xc9, 0xb2, 0x50,
-	0xbd, 0x32, 0x0a, 0x2c, 0x78, 0x31, 0xae, 0xa4, 0xb5, 0xbd, 0x19, 0x8a, 0x5c, 0xfb, 0xd9, 0x5c,
-	0x3b, 0xe4, 0x0e, 0x17, 0x5c, 0x19, 0x05, 0x16, 0xbc, 0xd0, 0xcb, 0x50, 0xd8, 0xac, 0x89, 0x27,
-	0x6a, 0x99, 0x4a, 0x67, 0x33, 0x4e, 0xca, 0xfc, 0xc0, 0xbd, 0xfd, 0x72, 0x61, 0x79, 0x01, 0x17,
-	0x36, 0x6b, 0x68, 0x0d, 0x06, 0x37, 0x79, 0x64, 0x05, 0xa1, 0x57, 0x7e, 0x32, 0x3b, 0xe8, 0x43,
-	0x2a, 0xf8, 0x02, 0x7f, 0xee, 0x24, 0x10, 0x58, 0x32, 0x61, 0x99, 0x26, 0x54, 0x84, 0x08, 0x11,
-	0xa0, 0x6e, 0xf6, 0x70, 0x51, 0x3d, 0xb8, 0x7c, 0x19, 0xc7, 0x99, 0xc0, 0x1a, 0x47, 0x3a, 0xab,
-	0x9d, 0xbb, 0xed, 0x80, 0x85, 0x1a, 0x17, 0x91, 0x8c, 0x32, 0x67, 0xf5, 0x9c, 0x24, 0xea, 0x34,
-	0xab, 0x15, 0x11, 0x8e, 0x99, 0xa2, 0x1d, 0x18, 0xdd, 0x0d, 0x5b, 0xdb, 0x44, 0x2e, 0x69, 0x16,
-	0xd8, 0x28, 0x47, 0x3e, 0xba, 0x29, 0x08, 0xdd, 0x20, 0x6a, 0x3b, 0x8d, 0xd4, 0x2e, 0xc4, 0x64,
-	0xd9, 0x9b, 0x3a, 0x33, 0x6c, 0xf2, 0xa6, 0xdd, 0xff, 0x56, 0xdb, 0xdf, 0xd8, 0x8b, 0x88, 0x88,
-	0x2b, 0x97, 0xd9, 0xfd, 0xaf, 0x73, 0x92, 0x74, 0xf7, 0x0b, 0x04, 0x96, 0x4c, 0xd0, 0x4d, 0xd1,
-	0x3d, 0x6c, 0xf7, 0x9c, 0xc8, 0x8f, 0x30, 0x3b, 0x27, 0x89, 0x72, 0x3a, 0x85, 0xed, 0x96, 0x31,
-	0x2b, 0xb6, 0x4b, 0xb6, 0xb6, 0xfd, 0xc8, 0xf7, 0x12, 0x3b, 0xf4, 0x64, 0xfe, 0x2e, 0x59, 0xc9,
-	0xa0, 0x4f, 0xef, 0x92, 0x59, 0x54, 0x38, 0xb3, 0x2e, 0x54, 0x87, 0xb1, 0x96, 0x1f, 0x44, 0xb7,
-	0xfd, 0x40, 0xce, 0x2f, 0xd4, 0x41, 0x2f, 0x66, 0x50, 0x8a, 0x1a, 0x59, 0xc8, 0x46, 0x13, 0x83,
-	0x13, 0x3c, 0xd1, 0x47, 0x61, 0x30, 0xac, 0x39, 0x0d, 0xb2, 0x72, 0x7d, 0x7a, 0x2a, 0xff, 0xf8,
-	0xa9, 0x72, 0x92, 0x9c, 0xd9, 0xc5, 0x03, 0x63, 0x70, 0x12, 0x2c, 0xd9, 0xa1, 0x65, 0xe8, 0x67,
-	0xe9, 0x16, 0x59, 0x10, 0xc4, 0x9c, 0x40, 0xb9, 0x29, 0x07, 0x78, 0xbe, 0x37, 0x31, 0x30, 0xe6,
-	0xc5, 0xe9, 0x1a, 0x10, 0xd7, 0x43, 0x3f, 0x9c, 0x3e, 0x99, 0xbf, 0x06, 0xc4, 0xad, 0xf2, 0x7a,
-	0xb5, 0xd3, 0x1a, 0x50, 0x44, 0x38, 0x66, 0x4a, 0x77, 0x66, 0xba, 0x9b, 0x9e, 0xea, 0xe0, 0xb9,
-	0x95, 0xbb, 0x97, 0xb2, 0x9d, 0x99, 0xee, 0xa4, 0x94, 0x85, 0xfd, 0x07, 0x83, 0x69, 0x99, 0x85,
-	0x29, 0x14, 0xfe, 0x82, 0x95, 0xb2, 0x35, 0xbf, 0xbf, 0x57, 0xfd, 0xe6, 0x11, 0x5e, 0x85, 0x3e,
-	0x67, 0xc1, 0xa9, 0x56, 0xe6, 0x87, 0x08, 0x01, 0xa0, 0x37, 0x35, 0x29, 0xff, 0x74, 0x15, 0x30,
-	0x33, 0x1b, 0x8f, 0x73, 0x6a, 0x4a, 0x5e, 0x37, 0x8b, 0x6f, 0xfb, 0xba, 0xb9, 0x0a, 0x43, 0x35,
-	0x7e, 0x15, 0xe9, 0x98, 0x5b, 0x3f, 0x79, 0xf7, 0x66, 0xa2, 0x84, 0xb8, 0xc3, 0x6c, 0x62, 0xc5,
-	0x02, 0xfd, 0x88, 0x05, 0x67, 0x92, 0x4d, 0xc7, 0x84, 0xa1, 0x45, 0x94, 0x4d, 0xae, 0xcb, 0x58,
-	0x16, 0xdf, 0x9f, 0x92, 0xff, 0x0d, 0xe2, 0x83, 0x6e, 0x04, 0xb8, 0x73, 0x65, 0x68, 0x31, 0x43,
-	0x99, 0x32, 0x60, 0x1a, 0x90, 0x7a, 0x50, 0xa8, 0xbc, 0x00, 0x23, 0x4d, 0xbf, 0xed, 0x45, 0xc2,
-	0xd1, 0x4b, 0x38, 0x9d, 0x30, 0x67, 0x8b, 0x55, 0x0d, 0x8e, 0x0d, 0xaa, 0x84, 0x1a, 0x66, 0xe8,
-	0xbe, 0xd5, 0x30, 0x6f, 0xc2, 0x88, 0xa7, 0x79, 0x26, 0x0b, 0x79, 0xe0, 0x7c, 0x7e, 0x84, 0x5c,
-	0xdd, 0x8f, 0x99, 0xb7, 0x52, 0x87, 0x60, 0x83, 0xdb, 0xf1, 0x7a, 0x80, 0x7d, 0xc9, 0xca, 0x10,
-	0xea, 0xb9, 0x2a, 0xe6, 0x43, 0xa6, 0x2a, 0xe6, 0x7c, 0x52, 0x15, 0x93, 0x32, 0x1e, 0x18, 0x5a,
-	0x98, 0xde, 0xb3, 0x3b, 0xf5, 0x1a, 0x65, 0xd3, 0x6e, 0xc0, 0xb9, 0x6e, 0xc7, 0x12, 0xf3, 0xf8,
-	0xab, 0x2b, 0x53, 0x71, 0xec, 0xf1, 0x57, 0x5f, 0x59, 0xc4, 0x0c, 0xd3, 0x6b, 0xfc, 0x26, 0xfb,
-	0xbf, 0x58, 0x50, 0xac, 0xf8, 0xf5, 0x63, 0xb8, 0xf0, 0x7e, 0xd8, 0xb8, 0xf0, 0x3e, 0x9c, 0x7d,
-	0x20, 0xd6, 0x73, 0x4d, 0x1f, 0x4b, 0x09, 0xd3, 0xc7, 0x99, 0x3c, 0x06, 0x9d, 0x0d, 0x1d, 0x3f,
-	0x5d, 0x84, 0xe1, 0x8a, 0x5f, 0x57, 0xee, 0xf6, 0xff, 0xf4, 0x7e, 0xdc, 0xed, 0x73, 0x73, 0x65,
-	0x68, 0x9c, 0x99, 0xa3, 0xa0, 0x7c, 0x69, 0xfc, 0x6d, 0xe6, 0x75, 0x7f, 0x8b, 0xb8, 0x5b, 0xdb,
-	0x11, 0xa9, 0x27, 0x3f, 0xe7, 0xf8, 0xbc, 0xee, 0xff, 0xa0, 0x00, 0xe3, 0x89, 0xda, 0x51, 0x03,
-	0x46, 0x1b, 0xba, 0x62, 0x5d, 0xcc, 0xd3, 0xfb, 0xd2, 0xc9, 0x0b, 0xaf, 0x65, 0x0d, 0x84, 0x4d,
-	0xe6, 0x68, 0x16, 0x40, 0x59, 0x9a, 0xa5, 0x7a, 0x95, 0x49, 0xfd, 0xca, 0x14, 0x1d, 0x62, 0x8d,
-	0x02, 0xbd, 0x08, 0xc3, 0x91, 0xdf, 0xf2, 0x1b, 0xfe, 0xd6, 0xde, 0x55, 0x22, 0x43, 0x7b, 0x29,
-	0x5f, 0xc4, 0xf5, 0x18, 0x85, 0x75, 0x3a, 0x74, 0x07, 0x26, 0x15, 0x93, 0xea, 0x11, 0x18, 0x1b,
-	0x98, 0x56, 0x61, 0x2d, 0xc9, 0x11, 0xa7, 0x2b, 0xb1, 0x7f, 0xae, 0xc8, 0xbb, 0xd8, 0x8b, 0xdc,
-	0x77, 0x57, 0xc3, 0x3b, 0x7b, 0x35, 0x7c, 0xdd, 0x82, 0x09, 0x5a, 0x3b, 0x73, 0xb4, 0x92, 0xc7,
-	0xbc, 0x8a, 0xc9, 0x6d, 0x75, 0x88, 0xc9, 0x7d, 0x9e, 0xee, 0x9a, 0x75, 0xbf, 0x1d, 0x09, 0xdd,
-	0x9d, 0xb6, 0x2d, 0x52, 0x28, 0x16, 0x58, 0x41, 0x47, 0x82, 0x40, 0x3c, 0x0e, 0xd5, 0xe9, 0x48,
-	0x10, 0x60, 0x81, 0x95, 0x21, 0xbb, 0xfb, 0xb2, 0x43, 0x76, 0xf3, 0xc8, 0xab, 0xc2, 0x25, 0x47,
-	0x08, 0x5c, 0x5a, 0xe4, 0x55, 0xe9, 0xab, 0x13, 0xd3, 0xd8, 0x5f, 0x2d, 0xc2, 0x48, 0xc5, 0xaf,
-	0xc7, 0x56, 0xe6, 0x17, 0x0c, 0x2b, 0xf3, 0xb9, 0x84, 0x95, 0x79, 0x42, 0xa7, 0x7d, 0xd7, 0xa6,
-	0xfc, 0xad, 0xb2, 0x29, 0xff, 0x9a, 0xc5, 0x46, 0x6d, 0x71, 0xad, 0xca, 0xfd, 0xf6, 0xd0, 0x25,
-	0x18, 0x66, 0x1b, 0x0c, 0x7b, 0x8d, 0x2c, 0x4d, 0xaf, 0x2c, 0xdf, 0xd5, 0x5a, 0x0c, 0xc6, 0x3a,
-	0x0d, 0xba, 0x00, 0x43, 0x21, 0x71, 0x82, 0xda, 0xb6, 0xda, 0x5d, 0x85, 0x9d, 0x94, 0xc3, 0xb0,
-	0xc2, 0xa2, 0xd7, 0xe3, 0xa0, 0x9f, 0xc5, 0xfc, 0xd7, 0x8d, 0x7a, 0x7b, 0xf8, 0x12, 0xc9, 0x8f,
-	0xf4, 0x69, 0xdf, 0x02, 0x94, 0xa6, 0xef, 0x21, 0x2c, 0x5d, 0xd9, 0x0c, 0x4b, 0x57, 0x4a, 0x85,
-	0xa4, 0xfb, 0x33, 0x0b, 0xc6, 0x2a, 0x7e, 0x9d, 0x2e, 0xdd, 0xef, 0xa4, 0x75, 0xaa, 0x47, 0x3c,
-	0x1e, 0xe8, 0x10, 0xf1, 0xf8, 0x31, 0xe8, 0xaf, 0xf8, 0xf5, 0x95, 0x4a, 0xa7, 0xd0, 0x02, 0xf6,
-	0xdf, 0xb4, 0x60, 0xb0, 0xe2, 0xd7, 0x8f, 0xc1, 0x2c, 0xf0, 0x21, 0xd3, 0x2c, 0xf0, 0x50, 0xce,
-	0xbc, 0xc9, 0xb1, 0x04, 0xfc, 0x8d, 0x3e, 0x18, 0xa5, 0xed, 0xf4, 0xb7, 0xe4, 0x50, 0x1a, 0xdd,
-	0x66, 0xf5, 0xd0, 0x6d, 0x54, 0x0a, 0xf7, 0x1b, 0x0d, 0xff, 0x76, 0x72, 0x58, 0x97, 0x19, 0x14,
-	0x0b, 0x2c, 0x7a, 0x06, 0x86, 0x5a, 0x01, 0xd9, 0x75, 0x7d, 0x21, 0xde, 0x6a, 0x46, 0x96, 0x8a,
-	0x80, 0x63, 0x45, 0x41, 0xaf, 0x85, 0xa1, 0xeb, 0xd1, 0xa3, 0xbc, 0xe6, 0x7b, 0x75, 0xae, 0x39,
-	0x2f, 0x8a, 0xb4, 0x1c, 0x1a, 0x1c, 0x1b, 0x54, 0xe8, 0x16, 0x94, 0xd8, 0x7f, 0xb6, 0xed, 0x1c,
-	0x3e, 0x7b, 0xaf, 0xc8, 0x2a, 0x28, 0x18, 0xe0, 0x98, 0x17, 0x7a, 0x0e, 0x20, 0x92, 0xa1, 0xed,
-	0x43, 0x11, 0x68, 0x4d, 0x5d, 0x05, 0x54, 0xd0, 0xfb, 0x10, 0x6b, 0x54, 0xe8, 0x69, 0x28, 0x45,
-	0x8e, 0xdb, 0xb8, 0xe6, 0x7a, 0x24, 0x64, 0x1a, 0xf1, 0xa2, 0x4c, 0xee, 0x27, 0x80, 0x38, 0xc6,
-	0x53, 0x51, 0x8c, 0x05, 0xe1, 0xe0, 0xb9, 0xcb, 0x87, 0x18, 0x35, 0x13, 0xc5, 0xae, 0x29, 0x28,
-	0xd6, 0x28, 0xd0, 0x36, 0x3c, 0xe2, 0x7a, 0x2c, 0x85, 0x05, 0xa9, 0xee, 0xb8, 0xad, 0xf5, 0x6b,
-	0xd5, 0x9b, 0x24, 0x70, 0x37, 0xf7, 0xe6, 0x9d, 0xda, 0x0e, 0xf1, 0x64, 0x5e, 0x56, 0x99, 0xae,
-	0xfb, 0x91, 0x95, 0x0e, 0xb4, 0xb8, 0x23, 0x27, 0xfb, 0x79, 0x36, 0xdf, 0xaf, 0x57, 0xd1, 0x7b,
-	0x8d, 0xad, 0xe3, 0x94, 0xbe, 0x75, 0x1c, 0xec, 0x97, 0x07, 0xae, 0x57, 0xb5, 0x18, 0x12, 0x2f,
-	0xc1, 0xc9, 0x8a, 0x5f, 0xaf, 0xf8, 0x41, 0xb4, 0xec, 0x07, 0xb7, 0x9d, 0xa0, 0x2e, 0xa7, 0x57,
-	0x59, 0x46, 0xd1, 0xa0, 0xfb, 0x67, 0x3f, 0xdf, 0x5d, 0x8c, 0x08, 0x19, 0xcf, 0x33, 0x89, 0xed,
-	0x90, 0x6f, 0xbf, 0x6a, 0x4c, 0x76, 0x50, 0x49, 0x60, 0x2e, 0x3b, 0x11, 0x41, 0xd7, 0x59, 0xe6,
-	0xf5, 0xf8, 0x18, 0x15, 0xc5, 0x9f, 0xd2, 0x32, 0xaf, 0xc7, 0xc8, 0xcc, 0x73, 0xd7, 0x2c, 0x6f,
-	0x7f, 0x56, 0x54, 0xc2, 0xef, 0xe0, 0xdc, 0xbf, 0xae, 0x97, 0xd4, 0xc5, 0x32, 0x4b, 0x44, 0x21,
-	0x3f, 0xbd, 0x00, 0xb7, 0x7a, 0x76, 0xcc, 0x12, 0x61, 0xbf, 0x08, 0x93, 0xf4, 0xea, 0xa7, 0xe4,
-	0x28, 0xf6, 0x91, 0xdd, 0xa3, 0x79, 0xfc, 0xd7, 0x7e, 0x76, 0x0e, 0x24, 0xd2, 0x9f, 0xa0, 0x4f,
-	0xc2, 0x58, 0x48, 0xae, 0xb9, 0x5e, 0xfb, 0x8e, 0x54, 0xbc, 0x74, 0x78, 0x73, 0x58, 0x5d, 0xd2,
-	0x29, 0xb9, 0xfa, 0xd6, 0x84, 0xe1, 0x04, 0x37, 0xd4, 0x84, 0xb1, 0xdb, 0xae, 0x57, 0xf7, 0x6f,
-	0x87, 0x92, 0xff, 0x50, 0xbe, 0x16, 0xf7, 0x16, 0xa7, 0x4c, 0xb4, 0xd1, 0xa8, 0xee, 0x96, 0xc1,
-	0x0c, 0x27, 0x98, 0xd3, 0xb5, 0x16, 0xb4, 0xbd, 0xb9, 0xf0, 0x46, 0x48, 0x02, 0x91, 0xf9, 0x9f,
-	0xa7, 0xe5, 0x95, 0x40, 0x1c, 0xe3, 0xe9, 0x5a, 0x63, 0x7f, 0x2e, 0x07, 0x7e, 0x9b, 0xe7, 0xda,
-	0x10, 0x6b, 0x0d, 0x2b, 0x28, 0xd6, 0x28, 0xe8, 0x5e, 0xc4, 0xfe, 0xad, 0xf9, 0x1e, 0xf6, 0xfd,
-	0x48, 0xee, 0x5e, 0xcc, 0x13, 0x41, 0x83, 0x63, 0x83, 0x0a, 0x2d, 0x03, 0x0a, 0xdb, 0xad, 0x56,
-	0x83, 0x39, 0x33, 0x39, 0x0d, 0xc6, 0x8a, 0x7b, 0x79, 0x14, 0x79, 0xac, 0xe0, 0x6a, 0x0a, 0x8b,
-	0x33, 0x4a, 0xd0, 0x63, 0x69, 0x53, 0x34, 0xb5, 0x9f, 0x35, 0x95, 0x5b, 0x7c, 0xaa, 0xbc, 0x9d,
-	0x12, 0x87, 0x96, 0x60, 0x30, 0xdc, 0x0b, 0x6b, 0x91, 0x08, 0xed, 0x98, 0x93, 0x46, 0xab, 0xca,
-	0x48, 0xb4, 0x2c, 0x8e, 0xbc, 0x08, 0x96, 0x65, 0x51, 0x0d, 0xa6, 0x04, 0xc7, 0x85, 0x6d, 0xc7,
-	0x53, 0xf9, 0x82, 0xb8, 0x4f, 0xf7, 0xa5, 0x7b, 0xfb, 0xe5, 0x29, 0x51, 0xb3, 0x8e, 0x3e, 0xd8,
-	0x2f, 0x9f, 0xaa, 0xf8, 0xf5, 0x0c, 0x0c, 0xce, 0xe2, 0xc6, 0x27, 0x5f, 0xad, 0xe6, 0x37, 0x5b,
-	0x95, 0xc0, 0xdf, 0x74, 0x1b, 0xa4, 0x93, 0xd5, 0xac, 0x6a, 0x50, 0x8a, 0xc9, 0x67, 0xc0, 0x70,
-	0x82, 0x9b, 0xfd, 0x59, 0x26, 0xba, 0xb1, 0x64, 0xf1, 0x51, 0x3b, 0x20, 0xa8, 0x09, 0xa3, 0x2d,
-	0xb6, 0xb8, 0x45, 0x06, 0x0c, 0x31, 0xd7, 0x5f, 0xe8, 0x51, 0xfb, 0x73, 0x9b, 0xe5, 0xf5, 0x32,
-	0x3c, 0xa3, 0x2a, 0x3a, 0x3b, 0x6c, 0x72, 0xb7, 0xff, 0xf5, 0x69, 0x76, 0xf8, 0x57, 0xb9, 0x4a,
-	0x67, 0x50, 0x3c, 0x21, 0x11, 0xb7, 0xc8, 0x99, 0x7c, 0xdd, 0x62, 0x3c, 0x2c, 0xe2, 0x19, 0x0a,
-	0x96, 0x65, 0xd1, 0x27, 0x60, 0x8c, 0x5e, 0xca, 0xd4, 0x01, 0x1c, 0x4e, 0x9f, 0xc8, 0x0f, 0xf5,
-	0xa1, 0xa8, 0xf4, 0xec, 0x38, 0x7a, 0x61, 0x9c, 0x60, 0x86, 0x5e, 0x67, 0x9e, 0x48, 0x92, 0x75,
-	0xa1, 0x17, 0xd6, 0xba, 0xd3, 0x91, 0x64, 0xab, 0x31, 0x41, 0x6d, 0x98, 0x4a, 0x27, 0xec, 0x0b,
-	0xa7, 0xed, 0x7c, 0xe9, 0x36, 0x9d, 0x73, 0x2f, 0x4e, 0x63, 0x92, 0xc6, 0x85, 0x38, 0x8b, 0x3f,
-	0xba, 0x06, 0xa3, 0x22, 0x63, 0xba, 0x98, 0xb9, 0x45, 0x43, 0xe5, 0x39, 0x8a, 0x75, 0xe4, 0x41,
-	0x12, 0x80, 0xcd, 0xc2, 0x68, 0x0b, 0xce, 0x68, 0x49, 0xae, 0x2e, 0x07, 0x0e, 0xf3, 0x5b, 0x70,
-	0xd9, 0x76, 0xaa, 0x89, 0x25, 0x8f, 0xde, 0xdb, 0x2f, 0x9f, 0x59, 0xef, 0x44, 0x88, 0x3b, 0xf3,
-	0x41, 0xd7, 0xe1, 0x24, 0x7f, 0xa8, 0xbe, 0x48, 0x9c, 0x7a, 0xc3, 0xf5, 0x94, 0xdc, 0xc3, 0x97,
-	0xfc, 0xe9, 0x7b, 0xfb, 0xe5, 0x93, 0x73, 0x59, 0x04, 0x38, 0xbb, 0x1c, 0xfa, 0x10, 0x94, 0xea,
-	0x5e, 0x28, 0xfa, 0x60, 0xc0, 0xc8, 0x23, 0x56, 0x5a, 0x5c, 0xab, 0xaa, 0xef, 0x8f, 0xff, 0xe0,
-	0xb8, 0x00, 0xda, 0xe2, 0x6a, 0x71, 0xa5, 0xac, 0x19, 0x4c, 0x05, 0xea, 0x4a, 0xea, 0x33, 0x8d,
-	0xa7, 0xaa, 0xdc, 0x1e, 0xa4, 0x5e, 0x70, 0x18, 0xaf, 0x58, 0x0d, 0xc6, 0xe8, 0x35, 0x40, 0x22,
-	0x5e, 0xfd, 0x5c, 0x8d, 0xa5, 0x57, 0x61, 0x56, 0x84, 0x21, 0xf3, 0xf1, 0x64, 0x35, 0x45, 0x81,
-	0x33, 0x4a, 0xa1, 0x2b, 0x74, 0x57, 0xd1, 0xa1, 0x62, 0xd7, 0x52, 0xa9, 0x25, 0x17, 0x49, 0x2b,
-	0x20, 0xcc, 0x0f, 0xcb, 0xe4, 0x88, 0x13, 0xe5, 0x50, 0x1d, 0x1e, 0x71, 0xda, 0x91, 0xcf, 0x2c,
-	0x0e, 0x26, 0xe9, 0xba, 0xbf, 0x43, 0x3c, 0x66, 0xec, 0x1b, 0x9a, 0x3f, 0x47, 0x05, 0xab, 0xb9,
-	0x0e, 0x74, 0xb8, 0x23, 0x17, 0x2a, 0x10, 0xab, 0x5c, 0xd2, 0x60, 0x86, 0x1f, 0xcb, 0xc8, 0x27,
-	0xfd, 0x22, 0x0c, 0x6f, 0xfb, 0x61, 0xb4, 0x46, 0xa2, 0xdb, 0x7e, 0xb0, 0x23, 0xc2, 0xe8, 0xc6,
-	0x41, 0xc9, 0x63, 0x14, 0xd6, 0xe9, 0xe8, 0x8d, 0x97, 0xb9, 0xa2, 0xac, 0x2c, 0x32, 0x2f, 0x80,
-	0xa1, 0x78, 0x8f, 0xb9, 0xc2, 0xc1, 0x58, 0xe2, 0x25, 0xe9, 0x4a, 0x65, 0x81, 0x59, 0xf4, 0x13,
-	0xa4, 0x2b, 0x95, 0x05, 0x2c, 0xf1, 0x74, 0xba, 0x86, 0xdb, 0x4e, 0x40, 0x2a, 0x81, 0x5f, 0x23,
-	0xa1, 0x16, 0x0a, 0xff, 0x61, 0x1e, 0x24, 0x98, 0x4e, 0xd7, 0x6a, 0x16, 0x01, 0xce, 0x2e, 0x87,
-	0x48, 0x3a, 0xc1, 0xdb, 0x58, 0xbe, 0x29, 0x26, 0x2d, 0xcf, 0xf4, 0x98, 0xe3, 0xcd, 0x83, 0x09,
-	0x95, 0x5a, 0x8e, 0x87, 0x05, 0x0e, 0xa7, 0xc7, 0xd9, 0xdc, 0xee, 0x3d, 0xa6, 0xb0, 0x32, 0x6e,
-	0xad, 0x24, 0x38, 0xe1, 0x14, 0x6f, 0x23, 0xc2, 0xdc, 0x44, 0xd7, 0x08, 0x73, 0x17, 0xa1, 0x14,
-	0xb6, 0x37, 0xea, 0x7e, 0xd3, 0x71, 0x3d, 0x66, 0xd1, 0xd7, 0xae, 0x5e, 0x55, 0x89, 0xc0, 0x31,
-	0x0d, 0x5a, 0x86, 0x21, 0x47, 0x5a, 0xae, 0x50, 0x7e, 0x4c, 0x21, 0x65, 0xaf, 0xe2, 0x61, 0x36,
-	0xa4, 0xad, 0x4a, 0x95, 0x45, 0xaf, 0xc0, 0xa8, 0x78, 0x68, 0x2d, 0x52, 0xa7, 0x4e, 0x99, 0xaf,
-	0xe1, 0xaa, 0x3a, 0x12, 0x9b, 0xb4, 0xe8, 0x06, 0x0c, 0x47, 0x7e, 0x83, 0x3d, 0xe9, 0xa2, 0x62,
-	0xde, 0xa9, 0xfc, 0xe8, 0x78, 0xeb, 0x8a, 0x4c, 0x57, 0x1a, 0xab, 0xa2, 0x58, 0xe7, 0x83, 0xd6,
-	0xf9, 0x7c, 0x67, 0x81, 0xef, 0x49, 0x28, 0x72, 0x6f, 0x9e, 0xc9, 0x73, 0xc7, 0x62, 0x64, 0xe6,
-	0x72, 0x10, 0x25, 0xb1, 0xce, 0x06, 0x5d, 0x86, 0xc9, 0x56, 0xe0, 0xfa, 0x6c, 0x4e, 0x28, 0xa3,
-	0xe5, 0xb4, 0x99, 0xe6, 0xaa, 0x92, 0x24, 0xc0, 0xe9, 0x32, 0xec, 0x9d, 0xbc, 0x00, 0x4e, 0x9f,
-	0xe6, 0xa9, 0x3a, 0xf8, 0x4d, 0x96, 0xc3, 0xb0, 0xc2, 0xa2, 0x55, 0xb6, 0x13, 0x73, 0x25, 0xcc,
-	0xf4, 0x4c, 0x7e, 0x18, 0x23, 0x5d, 0x59, 0xc3, 0x85, 0x57, 0xf5, 0x17, 0xc7, 0x1c, 0x50, 0x5d,
-	0xcb, 0x90, 0x49, 0xaf, 0x00, 0xe1, 0xf4, 0x23, 0x1d, 0xfc, 0x01, 0x13, 0x97, 0xa2, 0x58, 0x20,
-	0x30, 0xc0, 0x21, 0x4e, 0xf0, 0x44, 0x1f, 0x81, 0x09, 0x11, 0x7c, 0x31, 0xee, 0xa6, 0x33, 0xb1,
-	0xa3, 0x3c, 0x4e, 0xe0, 0x70, 0x8a, 0x9a, 0xa7, 0xca, 0x70, 0x36, 0x1a, 0x44, 0x6c, 0x7d, 0xd7,
-	0x5c, 0x6f, 0x27, 0x9c, 0x3e, 0xcb, 0xf6, 0x07, 0x91, 0x2a, 0x23, 0x89, 0xc5, 0x19, 0x25, 0xd0,
-	0x3a, 0x4c, 0xb4, 0x02, 0x42, 0x9a, 0x4c, 0xd0, 0x17, 0xe7, 0x59, 0x99, 0x87, 0x89, 0xa0, 0x2d,
-	0xa9, 0x24, 0x70, 0x07, 0x19, 0x30, 0x9c, 0xe2, 0x80, 0x6e, 0xc3, 0x90, 0xbf, 0x4b, 0x82, 0x6d,
-	0xe2, 0xd4, 0xa7, 0xcf, 0x75, 0x78, 0xb8, 0x21, 0x0e, 0xb7, 0xeb, 0x82, 0x36, 0xe1, 0xe8, 0x20,
-	0xc1, 0xdd, 0x1d, 0x1d, 0x64, 0x65, 0xe8, 0x2f, 0x5a, 0x70, 0x5a, 0xda, 0x46, 0xaa, 0x2d, 0xda,
-	0xeb, 0x0b, 0xbe, 0x17, 0x46, 0x01, 0x0f, 0x6c, 0xf0, 0x68, 0xfe, 0x63, 0xff, 0xf5, 0x9c, 0x42,
-	0x4a, 0x0f, 0x7c, 0x3a, 0x8f, 0x22, 0xc4, 0xf9, 0x35, 0xa2, 0x05, 0x98, 0x0c, 0x49, 0x24, 0x37,
-	0xa3, 0xb9, 0x70, 0xf9, 0xf5, 0xc5, 0xb5, 0xe9, 0xc7, 0x78, 0x54, 0x06, 0xba, 0x18, 0xaa, 0x49,
-	0x24, 0x4e, 0xd3, 0xa3, 0x4b, 0x50, 0xf0, 0xc3, 0xe9, 0xc7, 0x3b, 0x24, 0x55, 0xf5, 0xeb, 0xd7,
-	0xab, 0xdc, 0xe1, 0xed, 0x7a, 0x15, 0x17, 0xfc, 0x50, 0xa6, 0xab, 0xa0, 0xf7, 0xb1, 0x70, 0xfa,
-	0x09, 0xae, 0x35, 0x94, 0xe9, 0x2a, 0x18, 0x10, 0xc7, 0x78, 0xb4, 0x0d, 0xe3, 0xa1, 0x71, 0xef,
-	0x0d, 0xa7, 0xcf, 0xb3, 0x9e, 0x7a, 0x22, 0x6f, 0xd0, 0x0c, 0x6a, 0x2d, 0xda, 0xbc, 0xc9, 0x05,
-	0x27, 0xd9, 0xf2, 0xd5, 0xa5, 0x5d, 0xf0, 0xc3, 0xe9, 0x27, 0xbb, 0xac, 0x2e, 0x8d, 0x58, 0x5f,
-	0x5d, 0x3a, 0x0f, 0x9c, 0xe0, 0x39, 0xf3, 0x5d, 0x30, 0x99, 0x12, 0x97, 0x0e, 0x93, 0x89, 0x69,
-	0x66, 0x07, 0x46, 0x8d, 0x29, 0xf9, 0x40, 0x1d, 0x0b, 0xbe, 0x67, 0x08, 0x4a, 0xca, 0xe8, 0x8c,
-	0x2e, 0x9a, 0xbe, 0x04, 0xa7, 0x93, 0xbe, 0x04, 0x43, 0x15, 0xbf, 0x6e, 0xb8, 0x0f, 0xac, 0x67,
-	0xc4, 0xee, 0xcb, 0xdb, 0x00, 0x7b, 0x7f, 0xd3, 0xa0, 0x69, 0xf2, 0x8b, 0x3d, 0x3b, 0x25, 0xf4,
-	0x75, 0x34, 0x0e, 0x5c, 0x86, 0x49, 0xcf, 0x67, 0x32, 0x3a, 0xa9, 0x4b, 0x01, 0x8c, 0xc9, 0x59,
-	0x25, 0x3d, 0x18, 0x4e, 0x82, 0x00, 0xa7, 0xcb, 0xd0, 0x0a, 0xb9, 0xa0, 0x94, 0xb4, 0x46, 0x70,
-	0x39, 0x0a, 0x0b, 0x2c, 0x7a, 0x0c, 0xfa, 0x5b, 0x7e, 0x7d, 0xa5, 0x22, 0xe4, 0x73, 0x2d, 0x62,
-	0x6c, 0x7d, 0xa5, 0x82, 0x39, 0x0e, 0xcd, 0xc1, 0x00, 0xfb, 0x11, 0x4e, 0x8f, 0xe4, 0x47, 0x3d,
-	0x61, 0x25, 0xb4, 0x3c, 0x57, 0xac, 0x00, 0x16, 0x05, 0x99, 0x56, 0x94, 0x5e, 0x6a, 0x98, 0x56,
-	0x74, 0xf0, 0x3e, 0xb5, 0xa2, 0x92, 0x01, 0x8e, 0x79, 0xa1, 0x3b, 0x70, 0xd2, 0xb8, 0x48, 0xf2,
-	0x29, 0x42, 0x42, 0x11, 0x79, 0xe1, 0xb1, 0x8e, 0x37, 0x48, 0xe1, 0xc4, 0x70, 0x46, 0x34, 0xfa,
-	0xe4, 0x4a, 0x16, 0x27, 0x9c, 0x5d, 0x01, 0x6a, 0xc0, 0x64, 0x2d, 0x55, 0xeb, 0x50, 0xef, 0xb5,
-	0xaa, 0x01, 0x4d, 0xd7, 0x98, 0x66, 0x8c, 0x5e, 0x81, 0xa1, 0xb7, 0xfc, 0x90, 0x9d, 0x6d, 0xe2,
-	0x4e, 0x21, 0x9f, 0xed, 0x0f, 0xbd, 0x7e, 0xbd, 0xca, 0xe0, 0x07, 0xfb, 0xe5, 0xe1, 0x8a, 0x5f,
-	0x97, 0x7f, 0xb1, 0x2a, 0x80, 0x7e, 0xc0, 0x82, 0x99, 0xf4, 0x4d, 0x55, 0x35, 0x7a, 0xb4, 0xf7,
-	0x46, 0xdb, 0xa2, 0xd2, 0x99, 0xa5, 0x5c, 0x76, 0xb8, 0x43, 0x55, 0xe8, 0x83, 0x74, 0x21, 0x84,
-	0xee, 0x5d, 0x22, 0x92, 0x84, 0x3e, 0x1a, 0x2f, 0x04, 0x0a, 0x3d, 0xd8, 0x2f, 0x8f, 0xf3, 0x2d,
-	0x2d, 0x7e, 0x37, 0x23, 0x0a, 0xd8, 0xbf, 0x6c, 0x31, 0xb5, 0xac, 0x80, 0x92, 0xb0, 0xdd, 0x38,
-	0x8e, 0xcc, 0xc0, 0x4b, 0x86, 0xc9, 0xf3, 0xbe, 0xfd, 0x61, 0xfe, 0x89, 0xc5, 0xfc, 0x61, 0x8e,
-	0xf1, 0xe1, 0xcb, 0xeb, 0x30, 0x14, 0xc9, 0x8c, 0xcd, 0x1d, 0x92, 0x19, 0x6b, 0x8d, 0x62, 0x3e,
-	0x41, 0xea, 0x72, 0xa0, 0x92, 0x33, 0x2b, 0x36, 0xf6, 0x3f, 0xe4, 0x23, 0x20, 0x31, 0xc7, 0x60,
-	0x59, 0x5a, 0x34, 0x2d, 0x4b, 0xe5, 0x2e, 0x5f, 0x90, 0x63, 0x61, 0xfa, 0x07, 0x66, 0xbb, 0x99,
-	0x52, 0xec, 0x9d, 0xee, 0x88, 0x65, 0x7f, 0xde, 0x02, 0x88, 0x63, 0x79, 0xf7, 0x90, 0x93, 0xef,
-	0x25, 0x7a, 0x1d, 0xf0, 0x23, 0xbf, 0xe6, 0x37, 0x84, 0xdd, 0xf4, 0x91, 0xd8, 0xb8, 0xc5, 0xe1,
-	0x07, 0xda, 0x6f, 0xac, 0xa8, 0x51, 0x59, 0x46, 0x0e, 0x2c, 0xc6, 0xe6, 0x56, 0x23, 0x6a, 0xe0,
-	0x17, 0x2d, 0x38, 0x91, 0xe5, 0x45, 0x4d, 0x2f, 0x97, 0x5c, 0x3d, 0xa8, 0x9c, 0xe4, 0xd4, 0x68,
-	0xde, 0x14, 0x70, 0xac, 0x28, 0x7a, 0x4e, 0x76, 0x78, 0xb8, 0x20, 0xda, 0xd7, 0x61, 0xb4, 0x12,
-	0x10, 0xed, 0x5c, 0x7e, 0x95, 0x47, 0xa3, 0xe0, 0xed, 0x79, 0xe6, 0xd0, 0x91, 0x28, 0xec, 0x2f,
-	0x17, 0xe0, 0x04, 0xf7, 0x35, 0x99, 0xdb, 0xf5, 0xdd, 0x7a, 0xc5, 0xaf, 0x8b, 0xb7, 0x72, 0x6f,
-	0xc0, 0x48, 0x4b, 0xd3, 0xe9, 0x76, 0x0a, 0x08, 0xab, 0xeb, 0x7e, 0x63, 0x2d, 0x94, 0x0e, 0xc5,
-	0x06, 0x2f, 0x54, 0x87, 0x11, 0xb2, 0xeb, 0xd6, 0x94, 0xc3, 0x42, 0xe1, 0xd0, 0x67, 0xa4, 0xaa,
-	0x65, 0x49, 0xe3, 0x83, 0x0d, 0xae, 0x0f, 0x20, 0x05, 0xb9, 0xfd, 0x63, 0x16, 0x3c, 0x94, 0x13,
-	0x3e, 0x96, 0x56, 0x77, 0x9b, 0x79, 0xf5, 0x88, 0x69, 0xab, 0xaa, 0xe3, 0xbe, 0x3e, 0x58, 0x60,
-	0xd1, 0x47, 0x01, 0xb8, 0xaf, 0x0e, 0xf1, 0x6a, 0x5d, 0xe3, 0x6c, 0x1a, 0x21, 0x02, 0xb5, 0x68,
-	0x6f, 0xb2, 0x3c, 0xd6, 0x78, 0xd9, 0x5f, 0xec, 0x83, 0x7e, 0xe6, 0x1b, 0x82, 0x2a, 0x30, 0xb8,
-	0xcd, 0x13, 0x02, 0x75, 0x1c, 0x37, 0x4a, 0x2b, 0x73, 0x0c, 0xc5, 0xe3, 0xa6, 0x41, 0xb1, 0x64,
-	0x83, 0x56, 0x61, 0x8a, 0xe7, 0x65, 0x6a, 0x2c, 0x92, 0x86, 0xb3, 0x27, 0xd5, 0xa5, 0x3c, 0x89,
-	0xb0, 0x52, 0x1b, 0xaf, 0xa4, 0x49, 0x70, 0x56, 0x39, 0xf4, 0x2a, 0x8c, 0xd1, 0xeb, 0xab, 0xdf,
-	0x8e, 0x24, 0x27, 0x9e, 0x91, 0x49, 0x49, 0xf4, 0xeb, 0x06, 0x16, 0x27, 0xa8, 0xd1, 0x2b, 0x30,
-	0xda, 0x4a, 0x29, 0x86, 0xfb, 0x63, 0x0d, 0x8a, 0xa9, 0x0c, 0x36, 0x69, 0x99, 0x23, 0x75, 0x9b,
-	0xb9, 0x8d, 0xaf, 0x6f, 0x07, 0x24, 0xdc, 0xf6, 0x1b, 0x75, 0x26, 0x39, 0xf6, 0x6b, 0x8e, 0xd4,
-	0x09, 0x3c, 0x4e, 0x95, 0xa0, 0x5c, 0x36, 0x1d, 0xb7, 0xd1, 0x0e, 0x48, 0xcc, 0x65, 0xc0, 0xe4,
-	0xb2, 0x9c, 0xc0, 0xe3, 0x54, 0x89, 0xee, 0x1a, 0xef, 0xc1, 0xa3, 0xd1, 0x78, 0xdb, 0x3f, 0x53,
-	0x00, 0x63, 0x68, 0xbf, 0x73, 0x33, 0x45, 0xd1, 0x2f, 0xdb, 0x0a, 0x5a, 0x35, 0xe1, 0x07, 0x95,
-	0xf9, 0x65, 0x71, 0x02, 0x58, 0xfe, 0x65, 0xf4, 0x3f, 0x66, 0xa5, 0xe8, 0x1a, 0x3f, 0x59, 0x09,
-	0x7c, 0x7a, 0xc8, 0xc9, 0x78, 0x65, 0xea, 0xbd, 0xc2, 0xa0, 0x7c, 0xcb, 0xdd, 0x21, 0xb2, 0xa7,
-	0xf0, 0xe8, 0xe6, 0x1c, 0x0c, 0x97, 0xa1, 0xaa, 0x08, 0xaa, 0x20, 0xb9, 0xa0, 0x4b, 0x30, 0x2c,
-	0xd2, 0xff, 0x30, 0xb7, 0x7a, 0xbe, 0x98, 0x98, 0x8b, 0xd3, 0x62, 0x0c, 0xc6, 0x3a, 0x8d, 0xfd,
-	0x83, 0x05, 0x98, 0xca, 0x78, 0x17, 0xc5, 0x8f, 0x91, 0x2d, 0x37, 0x8c, 0x54, 0x8e, 0x59, 0xed,
-	0x18, 0xe1, 0x70, 0xac, 0x28, 0xe8, 0x5e, 0xc5, 0x0f, 0xaa, 0xe4, 0xe1, 0x24, 0xde, 0x1d, 0x08,
-	0xec, 0x21, 0xb3, 0xb5, 0x9e, 0x83, 0xbe, 0x76, 0x48, 0x64, 0x4c, 0x5e, 0x75, 0x6c, 0x33, 0x73,
-	0x30, 0xc3, 0xd0, 0x1b, 0xd8, 0x96, 0xb2, 0xac, 0x6a, 0x37, 0x30, 0x6e, 0x5b, 0xe5, 0x38, 0xda,
-	0xb8, 0x88, 0x78, 0x8e, 0x17, 0x89, 0x7b, 0x5a, 0x1c, 0x5c, 0x92, 0x41, 0xb1, 0xc0, 0xda, 0x5f,
-	0x28, 0xc2, 0xe9, 0xdc, 0x97, 0x92, 0xb4, 0xe9, 0x4d, 0xdf, 0x73, 0x23, 0x5f, 0xf9, 0x8e, 0xf1,
-	0x80, 0x92, 0xa4, 0xb5, 0xbd, 0x2a, 0xe0, 0x58, 0x51, 0xa0, 0xf3, 0xd0, 0xcf, 0x94, 0xc9, 0xa9,
-	0x6c, 0xbb, 0xf3, 0x8b, 0x3c, 0xc2, 0x18, 0x47, 0xf7, 0x9c, 0x20, 0xfd, 0x31, 0x2a, 0xc1, 0xf8,
-	0x8d, 0xe4, 0x81, 0x42, 0x9b, 0xeb, 0xfb, 0x0d, 0xcc, 0x90, 0xe8, 0x09, 0xd1, 0x5f, 0x09, 0x67,
-	0x29, 0xec, 0xd4, 0xfd, 0x50, 0xeb, 0xb4, 0xa7, 0x60, 0x70, 0x87, 0xec, 0x05, 0xae, 0xb7, 0x95,
-	0x74, 0xa2, 0xbb, 0xca, 0xc1, 0x58, 0xe2, 0xcd, 0xf4, 0x90, 0x83, 0x47, 0x9d, 0xd9, 0x7c, 0xa8,
-	0xab, 0x78, 0xf2, 0xc3, 0x45, 0x18, 0xc7, 0xf3, 0x8b, 0xef, 0x0e, 0xc4, 0x8d, 0xf4, 0x40, 0x1c,
-	0x75, 0x66, 0xf3, 0xee, 0xa3, 0xf1, 0x0b, 0x16, 0x8c, 0xb3, 0x24, 0x44, 0x22, 0x1e, 0x82, 0xeb,
-	0x7b, 0xc7, 0x70, 0x15, 0x78, 0x0c, 0xfa, 0x03, 0x5a, 0x69, 0x32, 0xcd, 0x2e, 0x6b, 0x09, 0xe6,
-	0x38, 0xf4, 0x08, 0xf4, 0xb1, 0x26, 0xd0, 0xc1, 0x1b, 0xe1, 0x5b, 0xf0, 0xa2, 0x13, 0x39, 0x98,
-	0x41, 0x59, 0x7c, 0x2d, 0x4c, 0x5a, 0x0d, 0x97, 0x37, 0x3a, 0x36, 0xf5, 0xbf, 0x33, 0x62, 0x28,
-	0x64, 0x36, 0xed, 0xed, 0xc5, 0xd7, 0xca, 0x66, 0xd9, 0xf9, 0x9a, 0xfd, 0xc7, 0x05, 0x38, 0x9b,
-	0x59, 0xae, 0xe7, 0xf8, 0x5a, 0x9d, 0x4b, 0x3f, 0xc8, 0x34, 0x33, 0xc5, 0x63, 0x74, 0x51, 0xee,
-	0xeb, 0x55, 0xfa, 0xef, 0xef, 0x21, 0xec, 0x55, 0x66, 0x97, 0xbd, 0x43, 0xc2, 0x5e, 0x65, 0xb6,
-	0x2d, 0x47, 0x4d, 0xf0, 0xe7, 0x85, 0x9c, 0x6f, 0x61, 0x0a, 0x83, 0x0b, 0x74, 0x9f, 0x61, 0xc8,
-	0x50, 0x5e, 0xc2, 0xf9, 0x1e, 0xc3, 0x61, 0x58, 0x61, 0xd1, 0x1c, 0x8c, 0x37, 0x5d, 0x8f, 0x6e,
-	0x3e, 0x7b, 0xa6, 0x28, 0xae, 0x6c, 0x00, 0xab, 0x26, 0x1a, 0x27, 0xe9, 0x91, 0xab, 0x85, 0xc4,
-	0xe2, 0x5f, 0xf7, 0xca, 0xa1, 0x56, 0xdd, 0xac, 0xe9, 0x06, 0xa1, 0x7a, 0x31, 0x23, 0x3c, 0xd6,
-	0xaa, 0xa6, 0x27, 0x2a, 0xf6, 0xae, 0x27, 0x1a, 0xc9, 0xd6, 0x11, 0xcd, 0xbc, 0x02, 0xa3, 0xf7,
-	0x6d, 0x53, 0xb0, 0xbf, 0x5e, 0x84, 0x87, 0x3b, 0x2c, 0x7b, 0xbe, 0xd7, 0x1b, 0x63, 0xa0, 0xed,
-	0xf5, 0xa9, 0x71, 0xa8, 0xc0, 0x89, 0xcd, 0x76, 0xa3, 0xb1, 0xc7, 0x5e, 0xee, 0x90, 0xba, 0xa4,
-	0x10, 0x32, 0xa5, 0x54, 0x8e, 0x9c, 0x58, 0xce, 0xa0, 0xc1, 0x99, 0x25, 0xe9, 0x15, 0x8b, 0x9e,
-	0x24, 0x7b, 0x8a, 0x55, 0xe2, 0x8a, 0x85, 0x75, 0x24, 0x36, 0x69, 0xd1, 0x65, 0x98, 0x74, 0x76,
-	0x1d, 0x97, 0xc7, 0x15, 0x97, 0x0c, 0xf8, 0x1d, 0x4b, 0xa9, 0x82, 0xe7, 0x92, 0x04, 0x38, 0x5d,
-	0x06, 0xbd, 0x06, 0xc8, 0xdf, 0x60, 0xfe, 0xfd, 0xf5, 0xcb, 0xc4, 0x13, 0xd6, 0x6a, 0x36, 0x76,
-	0xc5, 0x78, 0x4b, 0xb8, 0x9e, 0xa2, 0xc0, 0x19, 0xa5, 0x12, 0xf1, 0x9f, 0x06, 0xf2, 0xe3, 0x3f,
-	0x75, 0xde, 0x17, 0xbb, 0x66, 0x38, 0xba, 0x04, 0xa3, 0x87, 0xf4, 0x5a, 0xb5, 0xff, 0x83, 0x45,
-	0x4f, 0x3c, 0x5e, 0xc6, 0x0c, 0xae, 0xfa, 0x0a, 0x73, 0xab, 0xe5, 0x9a, 0x65, 0x2d, 0xc0, 0xce,
-	0x49, 0xcd, 0xad, 0x36, 0x46, 0x62, 0x93, 0x96, 0xcf, 0x21, 0xcd, 0x1d, 0xd6, 0xb8, 0x15, 0x88,
-	0x08, 0x70, 0x8a, 0x02, 0x7d, 0x0c, 0x06, 0xeb, 0xee, 0xae, 0x1b, 0x0a, 0xe5, 0xd8, 0xa1, 0x8d,
-	0x58, 0xf1, 0xd6, 0xb9, 0xc8, 0xd9, 0x60, 0xc9, 0xcf, 0xfe, 0xe1, 0x42, 0xdc, 0x27, 0xaf, 0xb7,
-	0xfd, 0xc8, 0x39, 0x86, 0x93, 0xfc, 0xb2, 0x71, 0x92, 0x3f, 0xd1, 0x29, 0x0c, 0x1e, 0x6b, 0x52,
-	0xee, 0x09, 0x7e, 0x3d, 0x71, 0x82, 0x3f, 0xd9, 0x9d, 0x55, 0xe7, 0x93, 0xfb, 0x1f, 0x59, 0x30,
-	0x69, 0xd0, 0x1f, 0xc3, 0x01, 0xb2, 0x6c, 0x1e, 0x20, 0x8f, 0x76, 0xfd, 0x86, 0x9c, 0x83, 0xe3,
-	0xfb, 0x8a, 0x89, 0xb6, 0xb3, 0x03, 0xe3, 0x2d, 0xe8, 0xdb, 0x76, 0x82, 0x7a, 0xa7, 0xb4, 0x1f,
-	0xa9, 0x42, 0xb3, 0x57, 0x9c, 0x40, 0x58, 0xf8, 0x9f, 0x91, 0xbd, 0x4e, 0x41, 0x5d, 0xad, 0xfb,
-	0xac, 0x2a, 0xf4, 0x12, 0x0c, 0x84, 0x35, 0xbf, 0xa5, 0x9e, 0xfa, 0x9c, 0x63, 0x1d, 0xcd, 0x20,
-	0x07, 0xfb, 0x65, 0x64, 0x56, 0x47, 0xc1, 0x58, 0xd0, 0xa3, 0x37, 0x60, 0x94, 0xfd, 0x52, 0xee,
-	0x76, 0xc5, 0x7c, 0x0d, 0x46, 0x55, 0x27, 0xe4, 0xbe, 0xa8, 0x06, 0x08, 0x9b, 0xac, 0x66, 0xb6,
-	0xa0, 0xa4, 0x3e, 0xeb, 0x81, 0x5a, 0x89, 0xff, 0x6d, 0x11, 0xa6, 0x32, 0xe6, 0x1c, 0x0a, 0x8d,
-	0x91, 0xb8, 0xd4, 0xe3, 0x54, 0x7d, 0x9b, 0x63, 0x11, 0xb2, 0x0b, 0x54, 0x5d, 0xcc, 0xad, 0x9e,
-	0x2b, 0xbd, 0x11, 0x92, 0x64, 0xa5, 0x14, 0xd4, 0xbd, 0x52, 0x5a, 0xd9, 0xb1, 0x75, 0x35, 0xad,
-	0x48, 0xb5, 0xf4, 0x81, 0x8e, 0xe9, 0xaf, 0xf5, 0xc1, 0x89, 0xac, 0xc8, 0x9c, 0xe8, 0x33, 0x89,
-	0xa4, 0xb3, 0x2f, 0xf4, 0x1a, 0xd3, 0x93, 0x67, 0xa2, 0x15, 0x11, 0x03, 0x67, 0xcd, 0x34, 0xb4,
-	0x5d, 0xbb, 0x59, 0xd4, 0xc9, 0x62, 0x96, 0x04, 0x3c, 0x59, 0xb0, 0xdc, 0x3e, 0xde, 0xdf, 0x73,
-	0x03, 0x44, 0x96, 0xe1, 0x30, 0xe1, 0xca, 0x23, 0xc1, 0xdd, 0x5d, 0x79, 0x64, 0xcd, 0x68, 0x05,
-	0x06, 0x6a, 0xdc, 0x47, 0xa4, 0xd8, 0x7d, 0x0b, 0xe3, 0x0e, 0x22, 0x6a, 0x03, 0x16, 0x8e, 0x21,
-	0x82, 0xc1, 0x8c, 0x0b, 0xc3, 0x5a, 0xc7, 0x3c, 0xd0, 0xc9, 0xb3, 0x43, 0x0f, 0x3e, 0xad, 0x0b,
-	0x1e, 0xe8, 0x04, 0xfa, 0x31, 0x0b, 0x12, 0x0f, 0x45, 0x94, 0x52, 0xce, 0xca, 0x55, 0xca, 0x9d,
-	0x83, 0xbe, 0xc0, 0x6f, 0x90, 0x64, 0xa2, 0x57, 0xec, 0x37, 0x08, 0x66, 0x18, 0x4a, 0x11, 0xc5,
-	0xaa, 0x96, 0x11, 0xfd, 0x1a, 0x29, 0x2e, 0x88, 0x8f, 0x41, 0x7f, 0x83, 0xec, 0x92, 0x46, 0x32,
-	0x1f, 0xd7, 0x35, 0x0a, 0xc4, 0x1c, 0x67, 0xff, 0x42, 0x1f, 0x9c, 0xe9, 0x18, 0x40, 0x88, 0x5e,
-	0xc6, 0xb6, 0x9c, 0x88, 0xdc, 0x76, 0xf6, 0x92, 0x89, 0x73, 0x2e, 0x73, 0x30, 0x96, 0x78, 0xf6,
-	0x6a, 0x91, 0xc7, 0xbf, 0x4f, 0xa8, 0x30, 0x45, 0xd8, 0x7b, 0x81, 0x35, 0x55, 0x62, 0xc5, 0xa3,
-	0x50, 0x89, 0x3d, 0x07, 0x10, 0x86, 0x0d, 0xee, 0x4e, 0x57, 0x17, 0xcf, 0x21, 0xe3, 0x3c, 0x09,
-	0xd5, 0x6b, 0x02, 0x83, 0x35, 0x2a, 0xb4, 0x08, 0x13, 0xad, 0xc0, 0x8f, 0xb8, 0x46, 0x78, 0x91,
-	0x7b, 0x9c, 0xf6, 0x9b, 0xb1, 0x5b, 0x2a, 0x09, 0x3c, 0x4e, 0x95, 0x40, 0x2f, 0xc2, 0xb0, 0x88,
-	0xe7, 0x52, 0xf1, 0xfd, 0x86, 0x50, 0x42, 0x29, 0x27, 0xcc, 0x6a, 0x8c, 0xc2, 0x3a, 0x9d, 0x56,
-	0x8c, 0xa9, 0x99, 0x07, 0x33, 0x8b, 0x71, 0x55, 0xb3, 0x46, 0x97, 0x08, 0xf8, 0x3b, 0xd4, 0x53,
-	0xc0, 0xdf, 0x58, 0x2d, 0x57, 0xea, 0xd9, 0xea, 0x09, 0x5d, 0x15, 0x59, 0x5f, 0xe9, 0x83, 0x29,
-	0x31, 0x71, 0x1e, 0xf4, 0x74, 0xb9, 0x91, 0x9e, 0x2e, 0x47, 0xa1, 0xb8, 0x7b, 0x77, 0xce, 0x1c,
-	0xf7, 0x9c, 0xf9, 0x11, 0x0b, 0x4c, 0x49, 0x0d, 0xfd, 0x7f, 0xb9, 0x99, 0xc7, 0x5e, 0xcc, 0x95,
-	0xfc, 0x94, 0xc3, 0xe1, 0xdb, 0xcc, 0x41, 0x66, 0xff, 0x3b, 0x0b, 0x1e, 0xed, 0xca, 0x11, 0x2d,
-	0x41, 0x89, 0x89, 0x93, 0xda, 0x45, 0xef, 0x49, 0xe5, 0x91, 0x2e, 0x11, 0x39, 0xd2, 0x6d, 0x5c,
-	0x12, 0x2d, 0xa5, 0x52, 0xbc, 0x3d, 0x95, 0x91, 0xe2, 0xed, 0xa4, 0xd1, 0x3d, 0xf7, 0x99, 0xe3,
-	0xed, 0x87, 0xe8, 0x89, 0x63, 0xbc, 0x06, 0x43, 0xef, 0x37, 0x94, 0x8e, 0x76, 0x42, 0xe9, 0x88,
-	0x4c, 0x6a, 0xed, 0x0c, 0xf9, 0x08, 0x4c, 0xb0, 0x40, 0x6f, 0xec, 0x7d, 0x84, 0x78, 0xa7, 0x56,
-	0x88, 0x7d, 0xa0, 0xaf, 0x25, 0x70, 0x38, 0x45, 0x6d, 0xff, 0x51, 0x11, 0x06, 0xf8, 0xf2, 0x3b,
-	0x86, 0xeb, 0xe5, 0xd3, 0x50, 0x72, 0x9b, 0xcd, 0x36, 0xcf, 0xda, 0xd5, 0x1f, 0x7b, 0xd4, 0xae,
-	0x48, 0x20, 0x8e, 0xf1, 0x68, 0x59, 0xe8, 0xbb, 0x3b, 0xc4, 0x92, 0xe5, 0x0d, 0x9f, 0x5d, 0x74,
-	0x22, 0x87, 0xcb, 0x4a, 0xea, 0x9c, 0x8d, 0x35, 0xe3, 0xe8, 0x93, 0x00, 0x61, 0x14, 0xb8, 0xde,
-	0x16, 0x85, 0x89, 0x10, 0xd6, 0xef, 0xed, 0xc0, 0xad, 0xaa, 0x88, 0x39, 0xcf, 0x78, 0xcf, 0x51,
-	0x08, 0xac, 0x71, 0x44, 0xb3, 0xc6, 0x49, 0x3f, 0x93, 0x18, 0x3b, 0xe0, 0x5c, 0xe3, 0x31, 0x9b,
-	0xf9, 0x00, 0x94, 0x14, 0xf3, 0x6e, 0xda, 0xaf, 0x11, 0x5d, 0x2c, 0xfa, 0x30, 0x8c, 0x27, 0xda,
-	0x76, 0x28, 0xe5, 0xd9, 0x2f, 0x5a, 0x30, 0xce, 0x1b, 0xb3, 0xe4, 0xed, 0x8a, 0xd3, 0xe0, 0x2e,
-	0x9c, 0x68, 0x64, 0xec, 0xca, 0x62, 0xf8, 0x7b, 0xdf, 0xc5, 0x95, 0xb2, 0x2c, 0x0b, 0x8b, 0x33,
-	0xeb, 0x40, 0x17, 0xe8, 0x8a, 0xa3, 0xbb, 0xae, 0xd3, 0x10, 0xcf, 0xf2, 0x47, 0xf8, 0x6a, 0xe3,
-	0x30, 0xac, 0xb0, 0xf6, 0xef, 0x59, 0x30, 0xc9, 0x5b, 0x7e, 0x95, 0xec, 0xa9, 0xbd, 0xe9, 0x5b,
-	0xd9, 0x76, 0x91, 0x2f, 0xb2, 0x90, 0x93, 0x2f, 0x52, 0xff, 0xb4, 0x62, 0xc7, 0x4f, 0xfb, 0xb2,
-	0x05, 0x62, 0x86, 0x1c, 0x83, 0x3e, 0xe3, 0xbb, 0x4c, 0x7d, 0xc6, 0x4c, 0xfe, 0x22, 0xc8, 0x51,
-	0x64, 0xfc, 0x99, 0x05, 0x13, 0x9c, 0x20, 0xb6, 0xd5, 0x7f, 0x4b, 0xc7, 0xa1, 0x97, 0xac, 0xf2,
-	0x57, 0xc9, 0xde, 0xba, 0x5f, 0x71, 0xa2, 0xed, 0xec, 0x8f, 0x32, 0x06, 0xab, 0xaf, 0xe3, 0x60,
-	0xd5, 0xe5, 0x02, 0x32, 0xd2, 0x29, 0x75, 0x79, 0x5c, 0x7f, 0xd8, 0x74, 0x4a, 0xf6, 0x37, 0x2d,
-	0x40, 0xbc, 0x1a, 0x43, 0x70, 0xa3, 0xe2, 0x10, 0x83, 0x6a, 0x07, 0x5d, 0xbc, 0x35, 0x29, 0x0c,
-	0xd6, 0xa8, 0x8e, 0xa4, 0x7b, 0x12, 0x0e, 0x17, 0xc5, 0xee, 0x0e, 0x17, 0x87, 0xe8, 0xd1, 0x7f,
-	0x31, 0x00, 0xc9, 0x17, 0x71, 0xe8, 0x26, 0x8c, 0xd4, 0x9c, 0x96, 0xb3, 0xe1, 0x36, 0xdc, 0xc8,
-	0x25, 0x61, 0x27, 0x6f, 0xac, 0x05, 0x8d, 0x4e, 0x98, 0xc8, 0x35, 0x08, 0x36, 0xf8, 0xa0, 0x59,
-	0x80, 0x56, 0xe0, 0xee, 0xba, 0x0d, 0xb2, 0xc5, 0xd4, 0x2e, 0x2c, 0x10, 0x08, 0x77, 0x0d, 0x93,
-	0x50, 0xac, 0x51, 0x64, 0x84, 0x1f, 0x28, 0x3e, 0xe0, 0xf0, 0x03, 0x70, 0x6c, 0xe1, 0x07, 0xfa,
-	0x0e, 0x15, 0x7e, 0x60, 0xe8, 0xd0, 0xe1, 0x07, 0xfa, 0x7b, 0x0a, 0x3f, 0x80, 0xe1, 0x94, 0x94,
-	0x3d, 0xe9, 0xff, 0x65, 0xb7, 0x41, 0xc4, 0x85, 0x83, 0x47, 0x2f, 0x99, 0xb9, 0xb7, 0x5f, 0x3e,
-	0x85, 0x33, 0x29, 0x70, 0x4e, 0x49, 0xf4, 0x51, 0x98, 0x76, 0x1a, 0x0d, 0xff, 0xb6, 0x1a, 0xd4,
-	0xa5, 0xb0, 0xe6, 0x34, 0xb8, 0x09, 0x64, 0x90, 0x71, 0x7d, 0xe4, 0xde, 0x7e, 0x79, 0x7a, 0x2e,
-	0x87, 0x06, 0xe7, 0x96, 0x46, 0x1f, 0x82, 0x52, 0x2b, 0xf0, 0x6b, 0xab, 0xda, 0xb3, 0xdd, 0xb3,
-	0xb4, 0x03, 0x2b, 0x12, 0x78, 0xb0, 0x5f, 0x1e, 0x55, 0x7f, 0xd8, 0x81, 0x1f, 0x17, 0xc8, 0x88,
-	0x27, 0x30, 0x7c, 0xa4, 0xf1, 0x04, 0x76, 0x60, 0xaa, 0x4a, 0x02, 0xd7, 0x69, 0xb8, 0x77, 0xa9,
-	0xbc, 0x2c, 0xf7, 0xa7, 0x75, 0x28, 0x05, 0x89, 0x1d, 0xb9, 0xa7, 0xf8, 0xae, 0x5a, 0x5e, 0x1b,
-	0xb9, 0x03, 0xc7, 0x8c, 0xec, 0xff, 0x65, 0xc1, 0xa0, 0x78, 0x01, 0x77, 0x0c, 0x52, 0xe3, 0x9c,
-	0x61, 0x94, 0x28, 0x67, 0x77, 0x18, 0x6b, 0x4c, 0xae, 0x39, 0x62, 0x25, 0x61, 0x8e, 0x78, 0xb4,
-	0x13, 0x93, 0xce, 0x86, 0x88, 0xbf, 0x5e, 0xa4, 0xd2, 0xbb, 0xf1, 0x16, 0xfb, 0xc1, 0x77, 0xc1,
-	0x1a, 0x0c, 0x86, 0xe2, 0x2d, 0x70, 0x21, 0xff, 0x31, 0x46, 0x72, 0x10, 0x63, 0x2f, 0x3a, 0xf1,
-	0xfa, 0x57, 0x32, 0xc9, 0x7c, 0x64, 0x5c, 0x7c, 0x80, 0x8f, 0x8c, 0xbb, 0xbd, 0x56, 0xef, 0x3b,
-	0x8a, 0xd7, 0xea, 0xf6, 0xd7, 0xd8, 0xc9, 0xa9, 0xc3, 0x8f, 0x41, 0xa8, 0xba, 0x6c, 0x9e, 0xb1,
-	0x76, 0x87, 0x99, 0x25, 0x1a, 0x95, 0x23, 0x5c, 0xfd, 0xbc, 0x05, 0x67, 0x32, 0xbe, 0x4a, 0x93,
-	0xb4, 0x9e, 0x81, 0x21, 0xa7, 0x5d, 0x77, 0xd5, 0x5a, 0xd6, 0x4c, 0x93, 0x73, 0x02, 0x8e, 0x15,
-	0x05, 0x5a, 0x80, 0x49, 0x72, 0xa7, 0xe5, 0x72, 0x43, 0xae, 0xee, 0x7c, 0x5c, 0xe4, 0xcf, 0x26,
-	0x97, 0x92, 0x48, 0x9c, 0xa6, 0x57, 0x71, 0x8d, 0x8a, 0xb9, 0x71, 0x8d, 0xfe, 0x8e, 0x05, 0xc3,
-	0xea, 0x35, 0xec, 0x03, 0xef, 0xed, 0x8f, 0x98, 0xbd, 0xfd, 0x70, 0x87, 0xde, 0xce, 0xe9, 0xe6,
-	0xdf, 0x29, 0xa8, 0xf6, 0x56, 0xfc, 0x20, 0xea, 0x41, 0x82, 0xbb, 0xff, 0x87, 0x13, 0x97, 0x60,
-	0xd8, 0x69, 0xb5, 0x24, 0x42, 0x7a, 0xc0, 0xb1, 0x68, 0xdd, 0x31, 0x18, 0xeb, 0x34, 0xea, 0x1d,
-	0x47, 0x31, 0xf7, 0x1d, 0x47, 0x1d, 0x20, 0x72, 0x82, 0x2d, 0x12, 0x51, 0x98, 0x70, 0xd8, 0xcd,
-	0xdf, 0x6f, 0xda, 0x91, 0xdb, 0x98, 0x75, 0xbd, 0x28, 0x8c, 0x82, 0xd9, 0x15, 0x2f, 0xba, 0x1e,
-	0xf0, 0x2b, 0xa4, 0x16, 0x19, 0x4c, 0xf1, 0xc2, 0x1a, 0x5f, 0x19, 0xf9, 0x81, 0xd5, 0xd1, 0x6f,
-	0xba, 0x52, 0xac, 0x09, 0x38, 0x56, 0x14, 0xf6, 0x07, 0xd8, 0xe9, 0xc3, 0xfa, 0xf4, 0x70, 0x51,
-	0xb1, 0x7e, 0x6a, 0x44, 0x8d, 0x06, 0x33, 0x8a, 0x2e, 0xea, 0xb1, 0xb7, 0x3a, 0x6f, 0xf6, 0xb4,
-	0x62, 0xfd, 0x41, 0x62, 0x1c, 0xa0, 0x0b, 0x7d, 0x3c, 0xe5, 0x1e, 0xf3, 0x6c, 0x97, 0x53, 0xe3,
-	0x10, 0x0e, 0x31, 0x2c, 0x75, 0x0f, 0x4b, 0x6c, 0xb2, 0x52, 0x11, 0xeb, 0x42, 0x4b, 0xdd, 0x23,
-	0x10, 0x38, 0xa6, 0xa1, 0xc2, 0x94, 0xfa, 0x13, 0x4e, 0xa3, 0x38, 0x84, 0xad, 0xa2, 0x0e, 0xb1,
-	0x46, 0x81, 0x2e, 0x0a, 0x85, 0x02, 0xb7, 0x0b, 0x3c, 0x9c, 0x50, 0x28, 0xc8, 0xee, 0xd2, 0xb4,
-	0x40, 0x97, 0x60, 0x58, 0x25, 0x6a, 0xaf, 0xf0, 0xa4, 0x59, 0x62, 0x9a, 0x2d, 0xc5, 0x60, 0xac,
-	0xd3, 0xa0, 0x75, 0x18, 0x0f, 0xb9, 0x9e, 0x4d, 0xc5, 0x15, 0xe7, 0xfa, 0xca, 0xf7, 0xaa, 0x77,
-	0xc8, 0x26, 0xfa, 0x80, 0x81, 0xf8, 0xee, 0x24, 0xa3, 0x33, 0x24, 0x59, 0xa0, 0x57, 0x61, 0xac,
-	0xe1, 0x3b, 0xf5, 0x79, 0xa7, 0xe1, 0x78, 0x35, 0xd6, 0x3f, 0x43, 0x66, 0xbe, 0xdf, 0x6b, 0x06,
-	0x16, 0x27, 0xa8, 0xa9, 0xf0, 0xa6, 0x43, 0x44, 0x74, 0x31, 0xc7, 0xdb, 0x22, 0xa1, 0x48, 0xbb,
-	0xcd, 0x84, 0xb7, 0x6b, 0x39, 0x34, 0x38, 0xb7, 0x34, 0x7a, 0x09, 0x46, 0xe4, 0xe7, 0x6b, 0xc1,
-	0x4c, 0xe2, 0x27, 0x31, 0x1a, 0x0e, 0x1b, 0x94, 0x28, 0x84, 0x93, 0xf2, 0xff, 0x7a, 0xe0, 0x6c,
-	0x6e, 0xba, 0x35, 0xf1, 0xc2, 0x9f, 0x3f, 0xbb, 0xfd, 0xb0, 0x7c, 0x1b, 0xba, 0x94, 0x45, 0x74,
-	0xb0, 0x5f, 0x7e, 0x44, 0xf4, 0x5a, 0x26, 0x1e, 0x67, 0xf3, 0x46, 0xab, 0x30, 0xb5, 0x4d, 0x9c,
-	0x46, 0xb4, 0xbd, 0xb0, 0x4d, 0x6a, 0x3b, 0x72, 0xc1, 0xb1, 0xf0, 0x28, 0xda, 0xd3, 0x91, 0x2b,
-	0x69, 0x12, 0x9c, 0x55, 0x0e, 0xbd, 0x09, 0xd3, 0xad, 0xf6, 0x46, 0xc3, 0x0d, 0xb7, 0xd7, 0xfc,
-	0x88, 0x39, 0x21, 0xa9, 0x9c, 0xef, 0x22, 0x8e, 0x8a, 0x0a, 0x40, 0x53, 0xc9, 0xa1, 0xc3, 0xb9,
-	0x1c, 0xd0, 0x5d, 0x38, 0x99, 0x98, 0x08, 0x22, 0x92, 0xc4, 0x58, 0x7e, 0x56, 0x91, 0x6a, 0x56,
-	0x01, 0x11, 0x94, 0x25, 0x0b, 0x85, 0xb3, 0xab, 0x40, 0x2f, 0x03, 0xb8, 0xad, 0x65, 0xa7, 0xe9,
-	0x36, 0xe8, 0x55, 0x71, 0x8a, 0xcd, 0x11, 0x7a, 0x6d, 0x80, 0x95, 0x8a, 0x84, 0xd2, 0xbd, 0x59,
-	0xfc, 0xdb, 0xc3, 0x1a, 0x35, 0xba, 0x06, 0x63, 0xe2, 0xdf, 0x9e, 0x18, 0x52, 0x1e, 0xd0, 0xe4,
-	0x71, 0x16, 0x8d, 0xaa, 0xa2, 0x63, 0x0e, 0x52, 0x10, 0x9c, 0x28, 0x8b, 0xb6, 0xe0, 0x8c, 0xcc,
-	0x10, 0xa7, 0xcf, 0x4f, 0x39, 0x06, 0x21, 0x4b, 0xe5, 0x31, 0xc4, 0x5f, 0xa5, 0xcc, 0x75, 0x22,
-	0xc4, 0x9d, 0xf9, 0xd0, 0x73, 0x5d, 0x9f, 0xe6, 0xfc, 0xc9, 0xef, 0x49, 0xee, 0xe1, 0x44, 0xcf,
-	0xf5, 0x6b, 0x49, 0x24, 0x4e, 0xd3, 0x23, 0x1f, 0x4e, 0xba, 0x5e, 0xd6, 0xac, 0x3e, 0xc5, 0x18,
-	0x7d, 0x90, 0xbf, 0x76, 0xee, 0x3c, 0xa3, 0x33, 0xf1, 0x38, 0x9b, 0xef, 0xdb, 0xf3, 0xfb, 0xfb,
-	0x5d, 0x8b, 0x96, 0xd6, 0xa4, 0x73, 0xf4, 0x29, 0x18, 0xd1, 0x3f, 0x4a, 0x48, 0x1a, 0xe7, 0xb3,
-	0x85, 0x57, 0x6d, 0x4f, 0xe0, 0xb2, 0xbd, 0x5a, 0xf7, 0x3a, 0x0e, 0x1b, 0x1c, 0x51, 0x2d, 0x23,
-	0x26, 0xc0, 0xc5, 0xde, 0x24, 0x99, 0xde, 0xdd, 0xde, 0x08, 0x64, 0x4f, 0x77, 0x74, 0x0d, 0x86,
-	0x6a, 0x0d, 0x97, 0x78, 0xd1, 0x4a, 0xa5, 0x53, 0xd4, 0xc3, 0x05, 0x41, 0x23, 0xd6, 0x8f, 0xc8,
-	0xca, 0xc1, 0x61, 0x58, 0x71, 0xb0, 0x7f, 0xa3, 0x00, 0xe5, 0x2e, 0x29, 0x5e, 0x12, 0x66, 0x28,
-	0xab, 0x27, 0x33, 0xd4, 0x1c, 0x8c, 0xc7, 0xff, 0x74, 0x0d, 0x97, 0xf2, 0x64, 0xbd, 0x69, 0xa2,
-	0x71, 0x92, 0xbe, 0xe7, 0x47, 0x09, 0xba, 0x25, 0xab, 0xaf, 0xeb, 0xb3, 0x1a, 0xc3, 0x82, 0xdd,
-	0xdf, 0xfb, 0xb5, 0x37, 0xd7, 0x1a, 0x69, 0x7f, 0xad, 0x00, 0x27, 0x55, 0x17, 0x7e, 0xe7, 0x76,
-	0xdc, 0x8d, 0x74, 0xc7, 0x1d, 0x81, 0x2d, 0xd7, 0xbe, 0x0e, 0x03, 0x3c, 0x8c, 0x63, 0x0f, 0xe2,
-	0xf6, 0x63, 0x66, 0x70, 0x67, 0x25, 0xe1, 0x19, 0x01, 0x9e, 0x7f, 0xc0, 0x82, 0xf1, 0xc4, 0xeb,
-	0x36, 0x84, 0xb5, 0x27, 0xd0, 0xf7, 0x23, 0x12, 0x67, 0x09, 0xdb, 0xe7, 0xa0, 0x6f, 0xdb, 0x0f,
-	0xa3, 0xa4, 0xa3, 0xc7, 0x15, 0x3f, 0x8c, 0x30, 0xc3, 0xd8, 0xbf, 0x6f, 0x41, 0xff, 0xba, 0xe3,
-	0x7a, 0x91, 0x34, 0x0a, 0x58, 0x39, 0x46, 0x81, 0x5e, 0xbe, 0x0b, 0xbd, 0x08, 0x03, 0x64, 0x73,
-	0x93, 0xd4, 0x22, 0x31, 0xaa, 0x32, 0xf4, 0xc4, 0xc0, 0x12, 0x83, 0x52, 0xf9, 0x8f, 0x55, 0xc6,
-	0xff, 0x62, 0x41, 0x8c, 0x6e, 0x41, 0x29, 0x72, 0x9b, 0x64, 0xae, 0x5e, 0x17, 0xa6, 0xf2, 0xfb,
-	0x08, 0x9f, 0xb1, 0x2e, 0x19, 0xe0, 0x98, 0x97, 0xfd, 0x85, 0x02, 0x40, 0x1c, 0xff, 0xaa, 0xdb,
-	0x27, 0xce, 0xa7, 0x8c, 0xa8, 0xe7, 0x33, 0x8c, 0xa8, 0x28, 0x66, 0x98, 0x61, 0x41, 0x55, 0xdd,
-	0x54, 0xec, 0xa9, 0x9b, 0xfa, 0x0e, 0xd3, 0x4d, 0x0b, 0x30, 0x19, 0xc7, 0xef, 0x32, 0xc3, 0x17,
-	0xb2, 0xa3, 0x73, 0x3d, 0x89, 0xc4, 0x69, 0x7a, 0x9b, 0xc0, 0x39, 0x15, 0xc6, 0x48, 0x9c, 0x68,
-	0xcc, 0x0f, 0x5c, 0x37, 0x4a, 0x77, 0xe9, 0xa7, 0xd8, 0x4a, 0x5c, 0xc8, 0xb5, 0x12, 0xff, 0xa4,
-	0x05, 0x27, 0x92, 0xf5, 0xb0, 0x47, 0xd3, 0x9f, 0xb7, 0xe0, 0x24, 0xb3, 0x95, 0xb3, 0x5a, 0xd3,
-	0x96, 0xf9, 0x17, 0x3a, 0x86, 0x66, 0xca, 0x69, 0x71, 0x1c, 0xe3, 0x64, 0x35, 0x8b, 0x35, 0xce,
-	0xae, 0xd1, 0xfe, 0x9f, 0x7d, 0x30, 0x9d, 0x17, 0xd3, 0x89, 0x3d, 0x13, 0x71, 0xee, 0x54, 0x77,
-	0xc8, 0x6d, 0xe1, 0x8c, 0x1f, 0x3f, 0x13, 0xe1, 0x60, 0x2c, 0xf1, 0xc9, 0xac, 0x1d, 0x85, 0x1e,
-	0xb3, 0x76, 0x6c, 0xc3, 0xe4, 0xed, 0x6d, 0xe2, 0xdd, 0xf0, 0x42, 0x27, 0x72, 0xc3, 0x4d, 0x97,
-	0xd9, 0x95, 0xf9, 0xbc, 0x91, 0xa9, 0x7e, 0x27, 0x6f, 0x25, 0x09, 0x0e, 0xf6, 0xcb, 0x67, 0x0c,
-	0x40, 0xdc, 0x64, 0xbe, 0x91, 0xe0, 0x34, 0xd3, 0x74, 0xd2, 0x93, 0xbe, 0x07, 0x9c, 0xf4, 0xa4,
-	0xe9, 0x0a, 0x6f, 0x14, 0xf9, 0x06, 0x80, 0xdd, 0x18, 0x57, 0x15, 0x14, 0x6b, 0x14, 0xe8, 0x13,
-	0x80, 0xf4, 0xa4, 0x4e, 0x46, 0x48, 0xcd, 0x67, 0xef, 0xed, 0x97, 0xd1, 0x5a, 0x0a, 0x7b, 0xb0,
-	0x5f, 0x9e, 0xa2, 0xd0, 0x15, 0x8f, 0xde, 0x3c, 0xe3, 0x38, 0x64, 0x19, 0x8c, 0xd0, 0x2d, 0x98,
-	0xa0, 0x50, 0xb6, 0xa2, 0x64, 0xbc, 0x4e, 0x7e, 0x5b, 0x7c, 0xfa, 0xde, 0x7e, 0x79, 0x62, 0x2d,
-	0x81, 0xcb, 0x63, 0x9d, 0x62, 0x82, 0x5e, 0x86, 0xb1, 0x78, 0x5e, 0x5d, 0x25, 0x7b, 0x3c, 0x3e,
-	0x4e, 0x89, 0x2b, 0xbc, 0x57, 0x0d, 0x0c, 0x4e, 0x50, 0xda, 0x9f, 0xb7, 0xe0, 0x74, 0x6e, 0xe2,
-	0x71, 0x74, 0x01, 0x86, 0x9c, 0x96, 0xcb, 0xcd, 0x17, 0xe2, 0xa8, 0x61, 0x6a, 0xb2, 0xca, 0x0a,
-	0x37, 0x5e, 0x28, 0x2c, 0xdd, 0xe1, 0x77, 0x5c, 0xaf, 0x9e, 0xdc, 0xe1, 0xaf, 0xba, 0x5e, 0x1d,
-	0x33, 0x8c, 0x3a, 0xb2, 0x8a, 0xb9, 0x4f, 0x11, 0xbe, 0x42, 0xd7, 0x6a, 0x46, 0x8a, 0xf2, 0xe3,
-	0x6d, 0x06, 0x7a, 0x5a, 0x37, 0x35, 0x0a, 0xaf, 0xc2, 0x5c, 0x33, 0xe3, 0xf7, 0x5b, 0x20, 0x9e,
-	0x2e, 0xf7, 0x70, 0x26, 0xbf, 0x01, 0x23, 0xbb, 0xe9, 0x84, 0x77, 0xe7, 0xf2, 0xdf, 0x72, 0x8b,
-	0x40, 0xe1, 0x4a, 0xd0, 0x36, 0x92, 0xdb, 0x19, 0xbc, 0xec, 0x3a, 0x08, 0xec, 0x22, 0x61, 0x06,
-	0x85, 0xee, 0xad, 0x79, 0x0e, 0xa0, 0xce, 0x68, 0x59, 0x16, 0xdc, 0x82, 0x29, 0x71, 0x2d, 0x2a,
-	0x0c, 0xd6, 0xa8, 0xec, 0x7f, 0x55, 0x80, 0x61, 0x99, 0x60, 0xad, 0xed, 0xf5, 0xa2, 0xf6, 0x3b,
-	0x54, 0xc6, 0x65, 0x74, 0x11, 0x4a, 0x4c, 0x2f, 0x5d, 0x89, 0xb5, 0xa5, 0x4a, 0x2b, 0xb4, 0x2a,
-	0x11, 0x38, 0xa6, 0xa1, 0xbb, 0x63, 0xd8, 0xde, 0x60, 0xe4, 0x89, 0x87, 0xb6, 0x55, 0x0e, 0xc6,
-	0x12, 0x8f, 0x3e, 0x0a, 0x13, 0xbc, 0x5c, 0xe0, 0xb7, 0x9c, 0x2d, 0x6e, 0xcb, 0xea, 0x57, 0xd1,
-	0x4b, 0x26, 0x56, 0x13, 0xb8, 0x83, 0xfd, 0xf2, 0x89, 0x24, 0x8c, 0x19, 0x69, 0x53, 0x5c, 0x98,
-	0xcb, 0x1a, 0xaf, 0x84, 0xee, 0xea, 0x29, 0x4f, 0xb7, 0x18, 0x85, 0x75, 0x3a, 0xfb, 0x53, 0x80,
-	0xd2, 0xa9, 0xe6, 0xd0, 0x6b, 0xdc, 0xe5, 0xd9, 0x0d, 0x48, 0xbd, 0x93, 0xd1, 0x56, 0x8f, 0xd1,
-	0x21, 0xdf, 0xc8, 0xf1, 0x52, 0x58, 0x95, 0xb7, 0xff, 0x52, 0x11, 0x26, 0x92, 0x51, 0x01, 0xd0,
-	0x15, 0x18, 0xe0, 0x22, 0xa5, 0x60, 0xdf, 0xc1, 0x27, 0x48, 0x8b, 0x25, 0xc0, 0x0e, 0x57, 0x21,
-	0x95, 0x8a, 0xf2, 0xe8, 0x4d, 0x18, 0xae, 0xfb, 0xb7, 0xbd, 0xdb, 0x4e, 0x50, 0x9f, 0xab, 0xac,
-	0x88, 0xe9, 0x9c, 0xa9, 0xa8, 0x58, 0x8c, 0xc9, 0xf4, 0xf8, 0x04, 0xcc, 0xfe, 0x1d, 0xa3, 0xb0,
-	0xce, 0x0e, 0xad, 0xb3, 0xfc, 0x14, 0x9b, 0xee, 0xd6, 0xaa, 0xd3, 0xea, 0xf4, 0xfe, 0x65, 0x41,
-	0x12, 0x69, 0x9c, 0x47, 0x45, 0x12, 0x0b, 0x8e, 0xc0, 0x31, 0x23, 0xf4, 0x19, 0x98, 0x0a, 0x73,
-	0x4c, 0x27, 0x79, 0x99, 0x47, 0x3b, 0x59, 0x13, 0xe6, 0x1f, 0xba, 0xb7, 0x5f, 0x9e, 0xca, 0x32,
-	0xb2, 0x64, 0x55, 0x63, 0x7f, 0xf1, 0x04, 0x18, 0x8b, 0xd8, 0x48, 0x44, 0x6d, 0x1d, 0x51, 0x22,
-	0x6a, 0x0c, 0x43, 0xa4, 0xd9, 0x8a, 0xf6, 0x16, 0xdd, 0x40, 0x8c, 0x49, 0x26, 0xcf, 0x25, 0x41,
-	0x93, 0xe6, 0x29, 0x31, 0x58, 0xf1, 0xc9, 0xce, 0x16, 0x5e, 0xfc, 0x16, 0x66, 0x0b, 0xef, 0x3b,
-	0xc6, 0x6c, 0xe1, 0x6b, 0x30, 0xb8, 0xe5, 0x46, 0x98, 0xb4, 0x7c, 0x71, 0x99, 0xcb, 0x9c, 0x87,
-	0x97, 0x39, 0x49, 0x3a, 0x2f, 0xad, 0x40, 0x60, 0xc9, 0x04, 0xbd, 0xa6, 0x56, 0xe0, 0x40, 0xbe,
-	0xc2, 0x25, 0xed, 0xbc, 0x92, 0xb9, 0x06, 0x45, 0x4e, 0xf0, 0xc1, 0xfb, 0xcd, 0x09, 0xbe, 0x2c,
-	0x33, 0x79, 0x0f, 0xe5, 0x3f, 0x56, 0x63, 0x89, 0xba, 0xbb, 0xe4, 0xef, 0xbe, 0xa9, 0x67, 0x3f,
-	0x2f, 0xe5, 0xef, 0x04, 0x2a, 0xb1, 0x79, 0x8f, 0x39, 0xcf, 0xbf, 0xdf, 0x82, 0x93, 0xc9, 0xec,
-	0xa4, 0xec, 0x4d, 0x85, 0xf0, 0xf3, 0x78, 0xb1, 0x97, 0x74, 0xb1, 0xac, 0x80, 0x51, 0x21, 0xd3,
-	0x91, 0x66, 0x92, 0xe1, 0xec, 0xea, 0x68, 0x47, 0x07, 0x1b, 0x75, 0xe1, 0x6f, 0xf0, 0x58, 0x4e,
-	0xf2, 0xf4, 0x0e, 0x29, 0xd3, 0xd7, 0x33, 0x12, 0x75, 0x3f, 0x9e, 0x97, 0xa8, 0xbb, 0xe7, 0xf4,
-	0xdc, 0xaf, 0xa9, 0xb4, 0xe9, 0xa3, 0xf9, 0x53, 0x89, 0x27, 0x45, 0xef, 0x9a, 0x2c, 0xfd, 0x35,
-	0x95, 0x2c, 0xbd, 0x43, 0x44, 0x6e, 0x9e, 0x0a, 0xbd, 0x6b, 0x8a, 0x74, 0x2d, 0xcd, 0xf9, 0xf8,
-	0xd1, 0xa4, 0x39, 0x37, 0x8e, 0x1a, 0x9e, 0x69, 0xfb, 0xe9, 0x2e, 0x47, 0x8d, 0xc1, 0xb7, 0xf3,
-	0x61, 0xc3, 0x53, 0xba, 0x4f, 0xde, 0x57, 0x4a, 0xf7, 0x9b, 0x7a, 0x8a, 0x74, 0xd4, 0x25, 0x07,
-	0x38, 0x25, 0xea, 0x31, 0x31, 0xfa, 0x4d, 0xfd, 0x00, 0x9c, 0xca, 0xe7, 0xab, 0xce, 0xb9, 0x34,
-	0xdf, 0xcc, 0x23, 0x30, 0x95, 0x70, 0xfd, 0xc4, 0xf1, 0x24, 0x5c, 0x3f, 0x79, 0xe4, 0x09, 0xd7,
-	0x4f, 0x1d, 0x43, 0xc2, 0xf5, 0x87, 0x8e, 0x31, 0xe1, 0xfa, 0x4d, 0xe6, 0x1c, 0xc5, 0x03, 0x40,
-	0x89, 0x08, 0xe2, 0x4f, 0xe5, 0xc4, 0x4f, 0x4b, 0x47, 0x89, 0xe2, 0x1f, 0xa7, 0x50, 0x38, 0x66,
-	0x95, 0x91, 0xc8, 0x7d, 0xfa, 0x01, 0x24, 0x72, 0x5f, 0x8b, 0x13, 0xb9, 0x9f, 0xce, 0x1f, 0xea,
-	0x8c, 0xe7, 0x34, 0x39, 0xe9, 0xdb, 0x6f, 0xea, 0x69, 0xd7, 0x1f, 0xee, 0x60, 0x05, 0xcb, 0x52,
-	0x28, 0x77, 0x48, 0xb6, 0xfe, 0x2a, 0x4f, 0xb6, 0xfe, 0x48, 0xfe, 0x4e, 0x9e, 0x3c, 0xee, 0x8c,
-	0x14, 0xeb, 0xb4, 0x5d, 0x2a, 0xf6, 0x2a, 0x8b, 0x95, 0x9e, 0xd3, 0x2e, 0x15, 0xbc, 0x35, 0xdd,
-	0x2e, 0x85, 0xc2, 0x31, 0x2b, 0xfb, 0x07, 0x0b, 0x70, 0xb6, 0xf3, 0x7a, 0x8b, 0xb5, 0xe4, 0x95,
-	0xd8, 0x21, 0x20, 0xa1, 0x25, 0xe7, 0x77, 0xb6, 0x98, 0xaa, 0xe7, 0x78, 0x90, 0x97, 0x61, 0x52,
-	0xbd, 0xc3, 0x69, 0xb8, 0xb5, 0xbd, 0xb5, 0xf8, 0x9a, 0xac, 0x22, 0x27, 0x54, 0x93, 0x04, 0x38,
-	0x5d, 0x06, 0xcd, 0xc1, 0xb8, 0x01, 0x5c, 0x59, 0x14, 0x77, 0xb3, 0x38, 0x3a, 0xb7, 0x89, 0xc6,
-	0x49, 0x7a, 0xfb, 0x4b, 0x16, 0x3c, 0x94, 0x93, 0xa9, 0xb4, 0xe7, 0x70, 0x87, 0x9b, 0x30, 0xde,
-	0x32, 0x8b, 0x76, 0x89, 0xd0, 0x6a, 0xe4, 0x43, 0x55, 0x6d, 0x4d, 0x20, 0x70, 0x92, 0xa9, 0xfd,
-	0xb3, 0x05, 0x38, 0xd3, 0xd1, 0xb1, 0x14, 0x61, 0x38, 0xb5, 0xd5, 0x0c, 0x9d, 0x85, 0x80, 0xd4,
-	0x89, 0x17, 0xb9, 0x4e, 0xa3, 0xda, 0x22, 0x35, 0xcd, 0xce, 0xc1, 0x3c, 0x34, 0x2f, 0xaf, 0x56,
-	0xe7, 0xd2, 0x14, 0x38, 0xa7, 0x24, 0x5a, 0x06, 0x94, 0xc6, 0x88, 0x11, 0x66, 0x51, 0xf7, 0xd3,
-	0xfc, 0x70, 0x46, 0x09, 0xf4, 0x01, 0x18, 0x55, 0x0e, 0xab, 0xda, 0x88, 0xb3, 0x8d, 0x1d, 0xeb,
-	0x08, 0x6c, 0xd2, 0xa1, 0x4b, 0x3c, 0x6d, 0x83, 0x48, 0xf0, 0x21, 0x8c, 0x22, 0xe3, 0x32, 0x27,
-	0x83, 0x00, 0x63, 0x9d, 0x66, 0xfe, 0xa5, 0xdf, 0xfc, 0xc6, 0xd9, 0xf7, 0xfc, 0xf6, 0x37, 0xce,
-	0xbe, 0xe7, 0xf7, 0xbe, 0x71, 0xf6, 0x3d, 0xdf, 0x7d, 0xef, 0xac, 0xf5, 0x9b, 0xf7, 0xce, 0x5a,
-	0xbf, 0x7d, 0xef, 0xac, 0xf5, 0x7b, 0xf7, 0xce, 0x5a, 0x7f, 0x70, 0xef, 0xac, 0xf5, 0x85, 0x3f,
-	0x3c, 0xfb, 0x9e, 0x37, 0x50, 0x1c, 0x40, 0xf4, 0x22, 0x1d, 0x9d, 0x8b, 0xbb, 0x97, 0xfe, 0x5f,
-	0x00, 0x00, 0x00, 0xff, 0xff, 0xb0, 0x6c, 0x51, 0x7f, 0x2c, 0x10, 0x01, 0x00,
+	// 14822 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xec, 0xbd, 0x69, 0x70, 0x24, 0xc9,
+	0x75, 0x18, 0xcc, 0xea, 0xc6, 0xd5, 0x0f, 0x77, 0x62, 0x0e, 0x0c, 0x76, 0x66, 0x7a, 0xb6, 0x76,
+	0x77, 0x76, 0xf6, 0xc2, 0x70, 0xf6, 0x20, 0x97, 0xbb, 0xe4, 0x8a, 0x38, 0x67, 0xb0, 0x03, 0x60,
+	0x7a, 0xb3, 0x31, 0x33, 0xe4, 0x72, 0xc9, 0x60, 0xa1, 0x3b, 0x01, 0x14, 0xd1, 0xa8, 0xea, 0xad,
+	0xaa, 0xc6, 0x0c, 0xe6, 0x23, 0x43, 0x12, 0xf5, 0xe9, 0xa0, 0xa4, 0xef, 0x0b, 0xc6, 0x17, 0xfa,
+	0x8e, 0xa0, 0x14, 0x8a, 0x2f, 0x24, 0x59, 0x87, 0x69, 0xd9, 0xa6, 0x29, 0x4b, 0xb2, 0xa8, 0xcb,
+	0x57, 0x58, 0x72, 0x38, 0x64, 0x59, 0x11, 0x16, 0x15, 0xa1, 0x30, 0x24, 0x8e, 0x1c, 0x21, 0x2b,
+	0xc2, 0x96, 0xe4, 0xe3, 0x87, 0x0d, 0xcb, 0x96, 0x23, 0xcf, 0xca, 0xac, 0xa3, 0xbb, 0x31, 0x8b,
+	0x01, 0x97, 0x8c, 0xfd, 0xd7, 0xfd, 0xde, 0xcb, 0x97, 0x59, 0x79, 0xbe, 0x7c, 0xef, 0xe5, 0x7b,
+	0xf0, 0xea, 0xf6, 0xcb, 0xe1, 0xb4, 0xeb, 0x5f, 0xde, 0x6e, 0xad, 0x93, 0xc0, 0x23, 0x11, 0x09,
+	0x2f, 0xef, 0x12, 0xaf, 0xee, 0x07, 0x97, 0x05, 0xc2, 0x69, 0xba, 0x97, 0x6b, 0x7e, 0x40, 0x2e,
+	0xef, 0x5e, 0xb9, 0xbc, 0x49, 0x3c, 0x12, 0x38, 0x11, 0xa9, 0x4f, 0x37, 0x03, 0x3f, 0xf2, 0x11,
+	0xe2, 0x34, 0xd3, 0x4e, 0xd3, 0x9d, 0xa6, 0x34, 0xd3, 0xbb, 0x57, 0xa6, 0x9e, 0xdb, 0x74, 0xa3,
+	0xad, 0xd6, 0xfa, 0x74, 0xcd, 0xdf, 0xb9, 0xbc, 0xe9, 0x6f, 0xfa, 0x97, 0x19, 0xe9, 0x7a, 0x6b,
+	0x83, 0xfd, 0x63, 0x7f, 0xd8, 0x2f, 0xce, 0x62, 0xea, 0xc5, 0xb8, 0x9a, 0x1d, 0xa7, 0xb6, 0xe5,
+	0x7a, 0x24, 0xd8, 0xbb, 0xdc, 0xdc, 0xde, 0x64, 0xf5, 0x06, 0x24, 0xf4, 0x5b, 0x41, 0x8d, 0x24,
+	0x2b, 0x6e, 0x5b, 0x2a, 0xbc, 0xbc, 0x43, 0x22, 0x27, 0xa3, 0xb9, 0x53, 0x97, 0xf3, 0x4a, 0x05,
+	0x2d, 0x2f, 0x72, 0x77, 0xd2, 0xd5, 0x7c, 0xa0, 0x53, 0x81, 0xb0, 0xb6, 0x45, 0x76, 0x9c, 0x54,
+	0xb9, 0x17, 0xf2, 0xca, 0xb5, 0x22, 0xb7, 0x71, 0xd9, 0xf5, 0xa2, 0x30, 0x0a, 0x92, 0x85, 0xec,
+	0xaf, 0x5b, 0x70, 0x61, 0xe6, 0x76, 0x75, 0xa1, 0xe1, 0x84, 0x91, 0x5b, 0x9b, 0x6d, 0xf8, 0xb5,
+	0xed, 0x6a, 0xe4, 0x07, 0xe4, 0x96, 0xdf, 0x68, 0xed, 0x90, 0x2a, 0xeb, 0x08, 0xf4, 0x2c, 0x0c,
+	0xec, 0xb2, 0xff, 0x4b, 0xf3, 0x93, 0xd6, 0x05, 0xeb, 0x52, 0x69, 0x76, 0xec, 0xb7, 0xf6, 0xcb,
+	0xef, 0xbb, 0xbf, 0x5f, 0x1e, 0xb8, 0x25, 0xe0, 0x58, 0x51, 0xa0, 0x8b, 0xd0, 0xb7, 0x11, 0xae,
+	0xed, 0x35, 0xc9, 0x64, 0x81, 0xd1, 0x8e, 0x08, 0xda, 0xbe, 0xc5, 0x2a, 0x85, 0x62, 0x81, 0x45,
+	0x97, 0xa1, 0xd4, 0x74, 0x82, 0xc8, 0x8d, 0x5c, 0xdf, 0x9b, 0x2c, 0x5e, 0xb0, 0x2e, 0xf5, 0xce,
+	0x8e, 0x0b, 0xd2, 0x52, 0x45, 0x22, 0x70, 0x4c, 0x43, 0x9b, 0x11, 0x10, 0xa7, 0x7e, 0xc3, 0x6b,
+	0xec, 0x4d, 0xf6, 0x5c, 0xb0, 0x2e, 0x0d, 0xc4, 0xcd, 0xc0, 0x02, 0x8e, 0x15, 0x85, 0xfd, 0xa5,
+	0x02, 0x0c, 0xcc, 0x6c, 0x6c, 0xb8, 0x9e, 0x1b, 0xed, 0xa1, 0x5b, 0x30, 0xe4, 0xf9, 0x75, 0x22,
+	0xff, 0xb3, 0xaf, 0x18, 0x7c, 0xfe, 0xc2, 0x74, 0x7a, 0x2a, 0x4d, 0xaf, 0x6a, 0x74, 0xb3, 0x63,
+	0xf7, 0xf7, 0xcb, 0x43, 0x3a, 0x04, 0x1b, 0x7c, 0x10, 0x86, 0xc1, 0xa6, 0x5f, 0x57, 0x6c, 0x0b,
+	0x8c, 0x6d, 0x39, 0x8b, 0x6d, 0x25, 0x26, 0x9b, 0x1d, 0xbd, 0xbf, 0x5f, 0x1e, 0xd4, 0x00, 0x58,
+	0x67, 0x82, 0xd6, 0x61, 0x94, 0xfe, 0xf5, 0x22, 0x57, 0xf1, 0x2d, 0x32, 0xbe, 0x8f, 0xe5, 0xf1,
+	0xd5, 0x48, 0x67, 0x27, 0xee, 0xef, 0x97, 0x47, 0x13, 0x40, 0x9c, 0x64, 0x68, 0xdf, 0x83, 0x91,
+	0x99, 0x28, 0x72, 0x6a, 0x5b, 0xa4, 0xce, 0x47, 0x10, 0xbd, 0x08, 0x3d, 0x9e, 0xb3, 0x43, 0xc4,
+	0xf8, 0x5e, 0x10, 0x1d, 0xdb, 0xb3, 0xea, 0xec, 0x90, 0x83, 0xfd, 0xf2, 0xd8, 0x4d, 0xcf, 0x7d,
+	0xbb, 0x25, 0x66, 0x05, 0x85, 0x61, 0x46, 0x8d, 0x9e, 0x07, 0xa8, 0x93, 0x5d, 0xb7, 0x46, 0x2a,
+	0x4e, 0xb4, 0x25, 0xc6, 0x1b, 0x89, 0xb2, 0x30, 0xaf, 0x30, 0x58, 0xa3, 0xb2, 0xef, 0x42, 0x69,
+	0x66, 0xd7, 0x77, 0xeb, 0x15, 0xbf, 0x1e, 0xa2, 0x6d, 0x18, 0x6d, 0x06, 0x64, 0x83, 0x04, 0x0a,
+	0x34, 0x69, 0x5d, 0x28, 0x5e, 0x1a, 0x7c, 0xfe, 0x52, 0xe6, 0xc7, 0x9a, 0xa4, 0x0b, 0x5e, 0x14,
+	0xec, 0xcd, 0x9e, 0x16, 0xf5, 0x8d, 0x26, 0xb0, 0x38, 0xc9, 0xd9, 0xfe, 0x27, 0x05, 0x38, 0x39,
+	0x73, 0xaf, 0x15, 0x90, 0x79, 0x37, 0xdc, 0x4e, 0xce, 0xf0, 0xba, 0x1b, 0x6e, 0xaf, 0xc6, 0x3d,
+	0xa0, 0xa6, 0xd6, 0xbc, 0x80, 0x63, 0x45, 0x81, 0x9e, 0x83, 0x7e, 0xfa, 0xfb, 0x26, 0x5e, 0x12,
+	0x9f, 0x3c, 0x21, 0x88, 0x07, 0xe7, 0x9d, 0xc8, 0x99, 0xe7, 0x28, 0x2c, 0x69, 0xd0, 0x0a, 0x0c,
+	0xd6, 0xd8, 0x82, 0xdc, 0x5c, 0xf1, 0xeb, 0x84, 0x0d, 0x66, 0x69, 0xf6, 0x19, 0x4a, 0x3e, 0x17,
+	0x83, 0x0f, 0xf6, 0xcb, 0x93, 0xbc, 0x6d, 0x82, 0x85, 0x86, 0xc3, 0x7a, 0x79, 0x64, 0xab, 0xf5,
+	0xd5, 0xc3, 0x38, 0x41, 0xc6, 0xda, 0xba, 0xa4, 0x2d, 0x95, 0x5e, 0xb6, 0x54, 0x86, 0xb2, 0x97,
+	0x09, 0xba, 0x02, 0x3d, 0xdb, 0xae, 0x57, 0x9f, 0xec, 0x63, 0xbc, 0xce, 0xd1, 0x31, 0xbf, 0xee,
+	0x7a, 0xf5, 0x83, 0xfd, 0xf2, 0xb8, 0xd1, 0x1c, 0x0a, 0xc4, 0x8c, 0xd4, 0xfe, 0xcf, 0x16, 0x94,
+	0x19, 0x6e, 0xd1, 0x6d, 0x90, 0x0a, 0x09, 0x42, 0x37, 0x8c, 0x88, 0x17, 0x19, 0x1d, 0xfa, 0x3c,
+	0x40, 0x48, 0x6a, 0x01, 0x89, 0xb4, 0x2e, 0x55, 0x13, 0xa3, 0xaa, 0x30, 0x58, 0xa3, 0xa2, 0x1b,
+	0x42, 0xb8, 0xe5, 0x04, 0x6c, 0x7e, 0x89, 0x8e, 0x55, 0x1b, 0x42, 0x55, 0x22, 0x70, 0x4c, 0x63,
+	0x6c, 0x08, 0xc5, 0x4e, 0x1b, 0x02, 0xfa, 0x08, 0x8c, 0xc6, 0x95, 0x85, 0x4d, 0xa7, 0x26, 0x3b,
+	0x90, 0x2d, 0x99, 0xaa, 0x89, 0xc2, 0x49, 0x5a, 0xfb, 0x6f, 0x5a, 0x62, 0xf2, 0xd0, 0xaf, 0x7e,
+	0x97, 0x7f, 0xab, 0xfd, 0xcb, 0x16, 0xf4, 0xcf, 0xba, 0x5e, 0xdd, 0xf5, 0x36, 0xd1, 0xa7, 0x61,
+	0x80, 0x9e, 0x4d, 0x75, 0x27, 0x72, 0xc4, 0xbe, 0xf7, 0x7e, 0x6d, 0x6d, 0xa9, 0xa3, 0x62, 0xba,
+	0xb9, 0xbd, 0x49, 0x01, 0xe1, 0x34, 0xa5, 0xa6, 0xab, 0xed, 0xc6, 0xfa, 0x67, 0x48, 0x2d, 0x5a,
+	0x21, 0x91, 0x13, 0x7f, 0x4e, 0x0c, 0xc3, 0x8a, 0x2b, 0xba, 0x0e, 0x7d, 0x91, 0x13, 0x6c, 0x92,
+	0x48, 0x6c, 0x80, 0x99, 0x1b, 0x15, 0x2f, 0x89, 0xe9, 0x8a, 0x24, 0x5e, 0x8d, 0xc4, 0xc7, 0xc2,
+	0x1a, 0x2b, 0x8a, 0x05, 0x0b, 0xfb, 0x7f, 0xf4, 0xc3, 0x99, 0xb9, 0xea, 0x52, 0xce, 0xbc, 0xba,
+	0x08, 0x7d, 0xf5, 0xc0, 0xdd, 0x25, 0x81, 0xe8, 0x67, 0xc5, 0x65, 0x9e, 0x41, 0xb1, 0xc0, 0xa2,
+	0x97, 0x61, 0x88, 0x1f, 0x48, 0xd7, 0x1c, 0xaf, 0xde, 0x90, 0x5d, 0x7c, 0x42, 0x50, 0x0f, 0xdd,
+	0xd2, 0x70, 0xd8, 0xa0, 0x3c, 0xe4, 0xa4, 0xba, 0x98, 0x58, 0x8c, 0x79, 0x87, 0xdd, 0x17, 0x2c,
+	0x18, 0xe3, 0xd5, 0xcc, 0x44, 0x51, 0xe0, 0xae, 0xb7, 0x22, 0x12, 0x4e, 0xf6, 0xb2, 0x9d, 0x6e,
+	0x2e, 0xab, 0xb7, 0x72, 0x7b, 0x60, 0xfa, 0x56, 0x82, 0x0b, 0xdf, 0x04, 0x27, 0x45, 0xbd, 0x63,
+	0x49, 0x34, 0x4e, 0x55, 0x8b, 0xbe, 0xc7, 0x82, 0xa9, 0x9a, 0xef, 0x45, 0x81, 0xdf, 0x68, 0x90,
+	0xa0, 0xd2, 0x5a, 0x6f, 0xb8, 0xe1, 0x16, 0x9f, 0xa7, 0x98, 0x6c, 0xb0, 0x9d, 0x20, 0x67, 0x0c,
+	0x15, 0x91, 0x18, 0xc3, 0xf3, 0xf7, 0xf7, 0xcb, 0x53, 0x73, 0xb9, 0xac, 0x70, 0x9b, 0x6a, 0xd0,
+	0x36, 0x20, 0x7a, 0x94, 0x56, 0x23, 0x67, 0x93, 0xc4, 0x95, 0xf7, 0x77, 0x5f, 0xf9, 0xa9, 0xfb,
+	0xfb, 0x65, 0xb4, 0x9a, 0x62, 0x81, 0x33, 0xd8, 0xa2, 0xb7, 0xe1, 0x04, 0x85, 0xa6, 0xbe, 0x75,
+	0xa0, 0xfb, 0xea, 0x26, 0xef, 0xef, 0x97, 0x4f, 0xac, 0x66, 0x30, 0xc1, 0x99, 0xac, 0xd1, 0x77,
+	0x59, 0x70, 0x26, 0xfe, 0xfc, 0x85, 0xbb, 0x4d, 0xc7, 0xab, 0xc7, 0x15, 0x97, 0xba, 0xaf, 0x98,
+	0xee, 0xc9, 0x67, 0xe6, 0xf2, 0x38, 0xe1, 0xfc, 0x4a, 0x90, 0x07, 0x13, 0xb4, 0x69, 0xc9, 0xba,
+	0xa1, 0xfb, 0xba, 0x4f, 0xdf, 0xdf, 0x2f, 0x4f, 0xac, 0xa6, 0x79, 0xe0, 0x2c, 0xc6, 0x53, 0x73,
+	0x70, 0x32, 0x73, 0x76, 0xa2, 0x31, 0x28, 0x6e, 0x13, 0x2e, 0x75, 0x95, 0x30, 0xfd, 0x89, 0x4e,
+	0x40, 0xef, 0xae, 0xd3, 0x68, 0x89, 0x85, 0x89, 0xf9, 0x9f, 0x57, 0x0a, 0x2f, 0x5b, 0xf6, 0x3f,
+	0x2d, 0xc2, 0xe8, 0x5c, 0x75, 0xe9, 0x81, 0x56, 0xbd, 0x7e, 0xec, 0x15, 0xda, 0x1e, 0x7b, 0xf1,
+	0x21, 0x5a, 0xcc, 0x3d, 0x44, 0xbf, 0x33, 0x63, 0xc9, 0xf6, 0xb0, 0x25, 0xfb, 0xa1, 0x9c, 0x25,
+	0x7b, 0xc4, 0x0b, 0x75, 0x37, 0x67, 0xd6, 0xf6, 0xb2, 0x01, 0xcc, 0x94, 0x90, 0x96, 0xfd, 0x9a,
+	0xd3, 0x48, 0x6e, 0xb5, 0x87, 0x9c, 0xba, 0x47, 0x33, 0x8e, 0x35, 0x18, 0x9a, 0x73, 0x9a, 0xce,
+	0xba, 0xdb, 0x70, 0x23, 0x97, 0x84, 0xe8, 0x49, 0x28, 0x3a, 0xf5, 0x3a, 0x93, 0xee, 0x4a, 0xb3,
+	0x27, 0xef, 0xef, 0x97, 0x8b, 0x33, 0x75, 0x2a, 0x66, 0x80, 0xa2, 0xda, 0xc3, 0x94, 0x02, 0x3d,
+	0x0d, 0x3d, 0xf5, 0xc0, 0x6f, 0x4e, 0x16, 0x18, 0x25, 0x5d, 0xe5, 0x3d, 0xf3, 0x81, 0xdf, 0x4c,
+	0x90, 0x32, 0x1a, 0xfb, 0x37, 0x0b, 0x70, 0x76, 0x8e, 0x34, 0xb7, 0x16, 0xab, 0x39, 0xe7, 0xc5,
+	0x25, 0x18, 0xd8, 0xf1, 0x3d, 0x37, 0xf2, 0x83, 0x50, 0x54, 0xcd, 0x66, 0xc4, 0x8a, 0x80, 0x61,
+	0x85, 0x45, 0x17, 0xa0, 0xa7, 0x19, 0x0b, 0xb1, 0x43, 0x52, 0x00, 0x66, 0xe2, 0x2b, 0xc3, 0x50,
+	0x8a, 0x56, 0x48, 0x02, 0x31, 0x63, 0x14, 0xc5, 0xcd, 0x90, 0x04, 0x98, 0x61, 0x62, 0x49, 0x80,
+	0xca, 0x08, 0xe2, 0x44, 0x48, 0x48, 0x02, 0x14, 0x83, 0x35, 0x2a, 0x54, 0x81, 0x52, 0x98, 0x18,
+	0xd9, 0xae, 0x96, 0xe6, 0x30, 0x13, 0x15, 0xd4, 0x48, 0xc6, 0x4c, 0x8c, 0x13, 0xac, 0xaf, 0xa3,
+	0xa8, 0xf0, 0xb5, 0x02, 0x20, 0xde, 0x85, 0xdf, 0x62, 0x1d, 0x77, 0x33, 0xdd, 0x71, 0xdd, 0x2f,
+	0x89, 0xa3, 0xea, 0xbd, 0xff, 0x62, 0xc1, 0xd9, 0x39, 0xd7, 0xab, 0x93, 0x20, 0x67, 0x02, 0x3e,
+	0x9c, 0xbb, 0xf3, 0xe1, 0x84, 0x14, 0x63, 0x8a, 0xf5, 0x1c, 0xc1, 0x14, 0xb3, 0xff, 0xc2, 0x02,
+	0xc4, 0x3f, 0xfb, 0x5d, 0xf7, 0xb1, 0x37, 0xd3, 0x1f, 0x7b, 0x04, 0xd3, 0xc2, 0xfe, 0x3b, 0x16,
+	0x0c, 0xce, 0x35, 0x1c, 0x77, 0x47, 0x7c, 0xea, 0x1c, 0x8c, 0x4b, 0x45, 0x11, 0x03, 0x6b, 0xb2,
+	0x3f, 0xdd, 0xdc, 0xc6, 0x71, 0x12, 0x89, 0xd3, 0xf4, 0xe8, 0x13, 0x70, 0xc6, 0x00, 0xae, 0x91,
+	0x9d, 0x66, 0xc3, 0x89, 0xf4, 0x5b, 0x01, 0x3b, 0xfd, 0x71, 0x1e, 0x11, 0xce, 0x2f, 0x6f, 0x2f,
+	0xc3, 0xc8, 0x5c, 0xc3, 0x25, 0x5e, 0xb4, 0x54, 0x99, 0xf3, 0xbd, 0x0d, 0x77, 0x13, 0xbd, 0x02,
+	0x23, 0x91, 0xbb, 0x43, 0xfc, 0x56, 0x54, 0x25, 0x35, 0xdf, 0x63, 0x77, 0x6d, 0xeb, 0x52, 0xef,
+	0x2c, 0xba, 0xbf, 0x5f, 0x1e, 0x59, 0x33, 0x30, 0x38, 0x41, 0x69, 0xff, 0x21, 0x1d, 0x71, 0x7f,
+	0xa7, 0xe9, 0x7b, 0xc4, 0x8b, 0xe6, 0x7c, 0xaf, 0xce, 0x75, 0x32, 0xaf, 0x40, 0x4f, 0x44, 0x47,
+	0x90, 0x7f, 0xf9, 0x45, 0xb9, 0xb4, 0xe9, 0xb8, 0x1d, 0xec, 0x97, 0x4f, 0xa5, 0x4b, 0xb0, 0x91,
+	0x65, 0x65, 0xd0, 0x87, 0xa0, 0x2f, 0x8c, 0x9c, 0xa8, 0x15, 0x8a, 0x4f, 0x7d, 0x54, 0x8e, 0x7f,
+	0x95, 0x41, 0x0f, 0xf6, 0xcb, 0xa3, 0xaa, 0x18, 0x07, 0x61, 0x51, 0x00, 0x3d, 0x05, 0xfd, 0x3b,
+	0x24, 0x0c, 0x9d, 0x4d, 0x79, 0x7e, 0x8f, 0x8a, 0xb2, 0xfd, 0x2b, 0x1c, 0x8c, 0x25, 0x1e, 0x3d,
+	0x06, 0xbd, 0x24, 0x08, 0xfc, 0x40, 0xec, 0x2a, 0xc3, 0x82, 0xb0, 0x77, 0x81, 0x02, 0x31, 0xc7,
+	0xd9, 0xff, 0xd2, 0x82, 0x51, 0xd5, 0x56, 0x5e, 0xd7, 0x31, 0xdc, 0x9b, 0xde, 0x04, 0xa8, 0xc9,
+	0x0f, 0x0c, 0xd9, 0x79, 0x37, 0xf8, 0xfc, 0xc5, 0x4c, 0xd1, 0x22, 0xd5, 0x8d, 0x31, 0x67, 0x05,
+	0x0a, 0xb1, 0xc6, 0xcd, 0xfe, 0x35, 0x0b, 0x26, 0x12, 0x5f, 0xb4, 0xec, 0x86, 0x11, 0x7a, 0x2b,
+	0xf5, 0x55, 0xd3, 0xdd, 0x7d, 0x15, 0x2d, 0xcd, 0xbe, 0x49, 0x2d, 0x3e, 0x09, 0xd1, 0xbe, 0xe8,
+	0x1a, 0xf4, 0xba, 0x11, 0xd9, 0x91, 0x1f, 0xf3, 0x58, 0xdb, 0x8f, 0xe1, 0xad, 0x8a, 0x47, 0x64,
+	0x89, 0x96, 0xc4, 0x9c, 0x81, 0xfd, 0x9b, 0x45, 0x28, 0xf1, 0x69, 0xbb, 0xe2, 0x34, 0x8f, 0x61,
+	0x2c, 0x9e, 0x81, 0x92, 0xbb, 0xb3, 0xd3, 0x8a, 0x9c, 0x75, 0x71, 0x00, 0x0d, 0xf0, 0xcd, 0x60,
+	0x49, 0x02, 0x71, 0x8c, 0x47, 0x4b, 0xd0, 0xc3, 0x9a, 0xc2, 0xbf, 0xf2, 0xc9, 0xec, 0xaf, 0x14,
+	0x6d, 0x9f, 0x9e, 0x77, 0x22, 0x87, 0xcb, 0x7e, 0xea, 0xe4, 0xa3, 0x20, 0xcc, 0x58, 0x20, 0x07,
+	0x60, 0xdd, 0xf5, 0x9c, 0x60, 0x8f, 0xc2, 0x26, 0x8b, 0x8c, 0xe1, 0x73, 0xed, 0x19, 0xce, 0x2a,
+	0x7a, 0xce, 0x56, 0x7d, 0x58, 0x8c, 0xc0, 0x1a, 0xd3, 0xa9, 0x0f, 0x42, 0x49, 0x11, 0x1f, 0x46,
+	0x84, 0x9b, 0xfa, 0x08, 0x8c, 0x26, 0xea, 0xea, 0x54, 0x7c, 0x48, 0x97, 0x00, 0x7f, 0x85, 0x6d,
+	0x19, 0xa2, 0xd5, 0x0b, 0xde, 0xae, 0xd8, 0x39, 0xef, 0xc1, 0x89, 0x46, 0xc6, 0xde, 0x2b, 0xc6,
+	0xb5, 0xfb, 0xbd, 0xfa, 0xac, 0xf8, 0xec, 0x13, 0x59, 0x58, 0x9c, 0x59, 0x07, 0x95, 0x6a, 0xfc,
+	0x26, 0x5d, 0x20, 0x4e, 0x43, 0xbf, 0x20, 0xdc, 0x10, 0x30, 0xac, 0xb0, 0x74, 0xbf, 0x3b, 0xa1,
+	0x1a, 0x7f, 0x9d, 0xec, 0x55, 0x49, 0x83, 0xd4, 0x22, 0x3f, 0xf8, 0xa6, 0x36, 0xff, 0x1c, 0xef,
+	0x7d, 0xbe, 0x5d, 0x0e, 0x0a, 0x06, 0xc5, 0xeb, 0x64, 0x8f, 0x0f, 0x85, 0xfe, 0x75, 0xc5, 0xb6,
+	0x5f, 0xf7, 0x15, 0x0b, 0x86, 0xd5, 0xd7, 0x1d, 0xc3, 0xbe, 0x30, 0x6b, 0xee, 0x0b, 0xe7, 0xda,
+	0x4e, 0xf0, 0x9c, 0x1d, 0xe1, 0x6b, 0x05, 0x38, 0xa3, 0x68, 0xe8, 0x6d, 0x86, 0xff, 0x11, 0xb3,
+	0xea, 0x32, 0x94, 0x3c, 0xa5, 0xd7, 0xb3, 0x4c, 0x85, 0x5a, 0xac, 0xd5, 0x8b, 0x69, 0xa8, 0x50,
+	0xea, 0xc5, 0xc7, 0xec, 0x90, 0xae, 0xf0, 0x16, 0xca, 0xed, 0x59, 0x28, 0xb6, 0xdc, 0xba, 0x38,
+	0x60, 0xde, 0x2f, 0x7b, 0xfb, 0xe6, 0xd2, 0xfc, 0xc1, 0x7e, 0xf9, 0xd1, 0x3c, 0x63, 0x0b, 0x3d,
+	0xd9, 0xc2, 0xe9, 0x9b, 0x4b, 0xf3, 0x98, 0x16, 0x46, 0x33, 0x30, 0x2a, 0x4f, 0xe8, 0x5b, 0x54,
+	0x40, 0xf4, 0x3d, 0x71, 0x0e, 0x29, 0xad, 0x35, 0x36, 0xd1, 0x38, 0x49, 0x8f, 0xe6, 0x61, 0x6c,
+	0xbb, 0xb5, 0x4e, 0x1a, 0x24, 0xe2, 0x1f, 0x7c, 0x9d, 0x70, 0x9d, 0x6e, 0x29, 0xbe, 0x4b, 0x5e,
+	0x4f, 0xe0, 0x71, 0xaa, 0x84, 0xfd, 0xd7, 0xec, 0x3c, 0x10, 0xbd, 0x57, 0x09, 0x7c, 0x3a, 0xb1,
+	0x28, 0xf7, 0x6f, 0xe6, 0x74, 0xee, 0x66, 0x56, 0x5c, 0x27, 0x7b, 0x6b, 0x3e, 0xbd, 0x4b, 0x64,
+	0xcf, 0x0a, 0x63, 0xce, 0xf7, 0xb4, 0x9d, 0xf3, 0xbf, 0x50, 0x80, 0x93, 0xaa, 0x07, 0x0c, 0xb1,
+	0xf5, 0x5b, 0xbd, 0x0f, 0xae, 0xc0, 0x60, 0x9d, 0x6c, 0x38, 0xad, 0x46, 0xa4, 0x0c, 0x0c, 0xbd,
+	0xdc, 0xc8, 0x34, 0x1f, 0x83, 0xb1, 0x4e, 0x73, 0x88, 0x6e, 0xfb, 0xf9, 0x61, 0x76, 0x10, 0x47,
+	0x0e, 0x9d, 0xe3, 0x6a, 0xd5, 0x58, 0xb9, 0xab, 0xe6, 0x31, 0xe8, 0x75, 0x77, 0xa8, 0x60, 0x56,
+	0x30, 0xe5, 0xad, 0x25, 0x0a, 0xc4, 0x1c, 0x87, 0x9e, 0x80, 0xfe, 0x9a, 0xbf, 0xb3, 0xe3, 0x78,
+	0x75, 0x76, 0xe4, 0x95, 0x66, 0x07, 0xa9, 0xec, 0x36, 0xc7, 0x41, 0x58, 0xe2, 0xd0, 0x59, 0xe8,
+	0x71, 0x82, 0x4d, 0xae, 0x75, 0x29, 0xcd, 0x0e, 0xd0, 0x9a, 0x66, 0x82, 0xcd, 0x10, 0x33, 0x28,
+	0xbd, 0x34, 0xde, 0xf1, 0x83, 0x6d, 0xd7, 0xdb, 0x9c, 0x77, 0x03, 0xb1, 0x24, 0xd4, 0x59, 0x78,
+	0x5b, 0x61, 0xb0, 0x46, 0x85, 0x16, 0xa1, 0xb7, 0xe9, 0x07, 0x51, 0x38, 0xd9, 0xc7, 0xba, 0xfb,
+	0xd1, 0x9c, 0x8d, 0x88, 0x7f, 0x6d, 0xc5, 0x0f, 0xa2, 0xf8, 0x03, 0xe8, 0xbf, 0x10, 0xf3, 0xe2,
+	0x68, 0x19, 0xfa, 0x89, 0xb7, 0xbb, 0x18, 0xf8, 0x3b, 0x93, 0x13, 0xf9, 0x9c, 0x16, 0x38, 0x09,
+	0x9f, 0x66, 0xb1, 0x8c, 0x2a, 0xc0, 0x58, 0xb2, 0x40, 0x1f, 0x82, 0x22, 0xf1, 0x76, 0x27, 0xfb,
+	0x19, 0xa7, 0xa9, 0x1c, 0x4e, 0xb7, 0x9c, 0x20, 0xde, 0xf3, 0x17, 0xbc, 0x5d, 0x4c, 0xcb, 0xa0,
+	0x8f, 0x43, 0x49, 0x6e, 0x18, 0xa1, 0x50, 0x67, 0x66, 0x4e, 0x58, 0xb9, 0xcd, 0x60, 0xf2, 0x76,
+	0xcb, 0x0d, 0xc8, 0x0e, 0xf1, 0xa2, 0x30, 0xde, 0x21, 0x25, 0x36, 0xc4, 0x31, 0x37, 0x54, 0x83,
+	0xa1, 0x80, 0x84, 0xee, 0x3d, 0x52, 0xf1, 0x1b, 0x6e, 0x6d, 0x6f, 0xf2, 0x34, 0x6b, 0xde, 0x53,
+	0x6d, 0xbb, 0x0c, 0x6b, 0x05, 0x62, 0x75, 0xbb, 0x0e, 0xc5, 0x06, 0x53, 0xf4, 0x06, 0x0c, 0x07,
+	0x24, 0x8c, 0x9c, 0x20, 0x12, 0xb5, 0x4c, 0x2a, 0xf3, 0xd8, 0x30, 0xd6, 0x11, 0xfc, 0x3a, 0x11,
+	0x57, 0x13, 0x63, 0xb0, 0xc9, 0x01, 0x7d, 0x5c, 0xea, 0xfe, 0x57, 0xfc, 0x96, 0x17, 0x85, 0x93,
+	0x25, 0xd6, 0xee, 0x4c, 0xab, 0xec, 0xad, 0x98, 0x2e, 0x69, 0x1c, 0xe0, 0x85, 0xb1, 0xc1, 0x0a,
+	0x7d, 0x12, 0x86, 0xf9, 0x7f, 0x6e, 0xdb, 0x0c, 0x27, 0x4f, 0x32, 0xde, 0x17, 0xf2, 0x79, 0x73,
+	0xc2, 0xd9, 0x93, 0x82, 0xf9, 0xb0, 0x0e, 0x0d, 0xb1, 0xc9, 0x0d, 0x61, 0x18, 0x6e, 0xb8, 0xbb,
+	0xc4, 0x23, 0x61, 0x58, 0x09, 0xfc, 0x75, 0x22, 0x54, 0xb5, 0x67, 0xb2, 0x6d, 0xa1, 0xfe, 0x3a,
+	0x99, 0x1d, 0xa7, 0x3c, 0x97, 0xf5, 0x32, 0xd8, 0x64, 0x81, 0x6e, 0xc2, 0x08, 0xbd, 0x1b, 0xbb,
+	0x31, 0xd3, 0xc1, 0x4e, 0x4c, 0xd9, 0x7d, 0x10, 0x1b, 0x85, 0x70, 0x82, 0x09, 0xba, 0x01, 0x43,
+	0xac, 0xcf, 0x5b, 0x4d, 0xce, 0xf4, 0x54, 0x27, 0xa6, 0xcc, 0x94, 0x5e, 0xd5, 0x8a, 0x60, 0x83,
+	0x01, 0x7a, 0x1d, 0x4a, 0x0d, 0x77, 0x83, 0xd4, 0xf6, 0x6a, 0x0d, 0x32, 0x39, 0xc4, 0xb8, 0x65,
+	0x6e, 0x86, 0xcb, 0x92, 0x88, 0xcb, 0xe7, 0xea, 0x2f, 0x8e, 0x8b, 0xa3, 0x5b, 0x70, 0x2a, 0x22,
+	0xc1, 0x8e, 0xeb, 0x39, 0x74, 0x13, 0x13, 0x57, 0x42, 0x66, 0xa2, 0x1e, 0x66, 0xb3, 0xeb, 0xbc,
+	0x18, 0x8d, 0x53, 0x6b, 0x99, 0x54, 0x38, 0xa7, 0x34, 0xba, 0x0b, 0x93, 0x19, 0x18, 0x3e, 0x6f,
+	0x4f, 0x30, 0xce, 0x1f, 0x16, 0x9c, 0x27, 0xd7, 0x72, 0xe8, 0x0e, 0xda, 0xe0, 0x70, 0x2e, 0x77,
+	0x74, 0x03, 0x46, 0xd9, 0xce, 0x59, 0x69, 0x35, 0x1a, 0xa2, 0xc2, 0x11, 0x56, 0xe1, 0x13, 0x52,
+	0x8e, 0x58, 0x32, 0xd1, 0x07, 0xfb, 0x65, 0x88, 0xff, 0xe1, 0x64, 0x69, 0xb4, 0xce, 0xac, 0xa1,
+	0xad, 0xc0, 0x8d, 0xf6, 0xe8, 0xaa, 0x22, 0x77, 0xa3, 0xc9, 0xd1, 0xb6, 0x9a, 0x21, 0x9d, 0x54,
+	0x99, 0x4c, 0x75, 0x20, 0x4e, 0x32, 0xa4, 0x47, 0x41, 0x18, 0xd5, 0x5d, 0x6f, 0x72, 0x8c, 0xdf,
+	0xa7, 0xe4, 0x4e, 0x5a, 0xa5, 0x40, 0xcc, 0x71, 0xcc, 0x12, 0x4a, 0x7f, 0xdc, 0xa0, 0x27, 0xee,
+	0x38, 0x23, 0x8c, 0x2d, 0xa1, 0x12, 0x81, 0x63, 0x1a, 0x2a, 0x04, 0x47, 0xd1, 0xde, 0x24, 0x62,
+	0xa4, 0x6a, 0x43, 0x5c, 0x5b, 0xfb, 0x38, 0xa6, 0x70, 0x7b, 0x1d, 0x46, 0xd4, 0x36, 0xc1, 0xfa,
+	0x04, 0x95, 0xa1, 0x97, 0x89, 0x7d, 0x42, 0x8f, 0x59, 0xa2, 0x4d, 0x60, 0x22, 0x21, 0xe6, 0x70,
+	0xd6, 0x04, 0xf7, 0x1e, 0x99, 0xdd, 0x8b, 0x08, 0xd7, 0x45, 0x14, 0xb5, 0x26, 0x48, 0x04, 0x8e,
+	0x69, 0xec, 0xff, 0xc9, 0xc5, 0xe7, 0xf8, 0x94, 0xe8, 0xe2, 0x5c, 0x7c, 0x16, 0x06, 0xb6, 0xfc,
+	0x30, 0xa2, 0xd4, 0xac, 0x8e, 0xde, 0x58, 0x60, 0xbe, 0x26, 0xe0, 0x58, 0x51, 0xa0, 0x57, 0x61,
+	0xb8, 0xa6, 0x57, 0x20, 0x0e, 0x75, 0xb5, 0x8d, 0x18, 0xb5, 0x63, 0x93, 0x16, 0xbd, 0x0c, 0x03,
+	0xcc, 0xbb, 0xa7, 0xe6, 0x37, 0x84, 0xb4, 0x29, 0x25, 0x93, 0x81, 0x8a, 0x80, 0x1f, 0x68, 0xbf,
+	0xb1, 0xa2, 0x46, 0x17, 0xa1, 0x8f, 0x36, 0x61, 0xa9, 0x22, 0x8e, 0x53, 0xa5, 0x92, 0xbb, 0xc6,
+	0xa0, 0x58, 0x60, 0xed, 0x5f, 0xb3, 0x98, 0x2c, 0x95, 0xde, 0xf3, 0xd1, 0x35, 0x76, 0x68, 0xb0,
+	0x13, 0x44, 0x53, 0x89, 0x3d, 0xae, 0x9d, 0x04, 0x0a, 0x77, 0x90, 0xf8, 0x8f, 0x8d, 0x92, 0xe8,
+	0xcd, 0xe4, 0xc9, 0xc0, 0x05, 0x8a, 0x17, 0x65, 0x17, 0x24, 0x4f, 0x87, 0x47, 0xe2, 0x23, 0x8e,
+	0xb6, 0xa7, 0xdd, 0x11, 0x61, 0xff, 0x5f, 0x05, 0x6d, 0x96, 0x54, 0x23, 0x27, 0x22, 0xa8, 0x02,
+	0xfd, 0x77, 0x1c, 0x37, 0x72, 0xbd, 0x4d, 0x21, 0xf7, 0xb5, 0x3f, 0xe8, 0x58, 0xa1, 0xdb, 0xbc,
+	0x00, 0x97, 0x5e, 0xc4, 0x1f, 0x2c, 0xd9, 0x50, 0x8e, 0x41, 0xcb, 0xf3, 0x28, 0xc7, 0x42, 0xb7,
+	0x1c, 0x31, 0x2f, 0xc0, 0x39, 0x8a, 0x3f, 0x58, 0xb2, 0x41, 0x6f, 0x01, 0xc8, 0x1d, 0x82, 0xd4,
+	0x85, 0x57, 0xd0, 0xb3, 0x9d, 0x99, 0xae, 0xa9, 0x32, 0xb3, 0x23, 0x54, 0x36, 0x8a, 0xff, 0x63,
+	0x8d, 0x9f, 0x1d, 0x69, 0x63, 0xaa, 0x37, 0x06, 0x7d, 0x82, 0x2e, 0x51, 0x27, 0x88, 0x48, 0x7d,
+	0x26, 0x12, 0x9d, 0xf3, 0x74, 0x77, 0x97, 0xc3, 0x35, 0x77, 0x87, 0xe8, 0xcb, 0x59, 0x30, 0xc1,
+	0x31, 0x3f, 0xfb, 0x97, 0x8a, 0x30, 0x99, 0xd7, 0x5c, 0xba, 0x68, 0xc8, 0x5d, 0x37, 0x9a, 0xa3,
+	0x62, 0xad, 0x65, 0x2e, 0x9a, 0x05, 0x01, 0xc7, 0x8a, 0x82, 0xce, 0xde, 0xd0, 0xdd, 0x94, 0x77,
+	0xfb, 0xde, 0x78, 0xf6, 0x56, 0x19, 0x14, 0x0b, 0x2c, 0xa5, 0x0b, 0x88, 0x13, 0x0a, 0xb7, 0x33,
+	0x6d, 0x96, 0x63, 0x06, 0xc5, 0x02, 0xab, 0x6b, 0x19, 0x7b, 0x3a, 0x68, 0x19, 0x8d, 0x2e, 0xea,
+	0x3d, 0xda, 0x2e, 0x42, 0x9f, 0x02, 0xd8, 0x70, 0x3d, 0x37, 0xdc, 0x62, 0xdc, 0xfb, 0x0e, 0xcd,
+	0x5d, 0x09, 0xc5, 0x8b, 0x8a, 0x0b, 0xd6, 0x38, 0xa2, 0x97, 0x60, 0x50, 0x6d, 0x20, 0x4b, 0xf3,
+	0xcc, 0x06, 0xaf, 0xf9, 0x34, 0xc5, 0xbb, 0xe9, 0x3c, 0xd6, 0xe9, 0xec, 0xcf, 0x24, 0xe7, 0x8b,
+	0x58, 0x01, 0x5a, 0xff, 0x5a, 0xdd, 0xf6, 0x6f, 0xa1, 0x7d, 0xff, 0xda, 0xdf, 0xe8, 0x83, 0x51,
+	0xa3, 0xb2, 0x56, 0xd8, 0xc5, 0x9e, 0x7b, 0x95, 0x1e, 0x40, 0x4e, 0x44, 0xc4, 0xfa, 0xb3, 0x3b,
+	0x2f, 0x15, 0xfd, 0x90, 0xa2, 0x2b, 0x80, 0x97, 0x47, 0x9f, 0x82, 0x52, 0xc3, 0x09, 0x99, 0xc6,
+	0x92, 0x88, 0x75, 0xd7, 0x0d, 0xb3, 0xf8, 0x42, 0xe8, 0x84, 0x91, 0x76, 0xea, 0x73, 0xde, 0x31,
+	0x4b, 0x7a, 0x52, 0x52, 0xf9, 0x4a, 0xfa, 0x35, 0xaa, 0x46, 0x50, 0x21, 0x6c, 0x0f, 0x73, 0x1c,
+	0x7a, 0x99, 0x6d, 0xad, 0x74, 0x56, 0xcc, 0x51, 0x69, 0x94, 0x4d, 0xb3, 0x5e, 0x43, 0xc8, 0x56,
+	0x38, 0x6c, 0x50, 0xc6, 0x77, 0xb2, 0xbe, 0x36, 0x77, 0xb2, 0xa7, 0xa0, 0x9f, 0xfd, 0x50, 0x33,
+	0x40, 0x8d, 0xc6, 0x12, 0x07, 0x63, 0x89, 0x4f, 0x4e, 0x98, 0x81, 0xee, 0x26, 0x0c, 0xbd, 0xf5,
+	0x89, 0x49, 0xcd, 0xfc, 0x1f, 0x06, 0xf8, 0x2e, 0x27, 0xa6, 0x3c, 0x96, 0x38, 0xf4, 0x33, 0x16,
+	0x20, 0xa7, 0x41, 0x6f, 0xcb, 0x14, 0xac, 0x2e, 0x37, 0xc0, 0x44, 0xed, 0x57, 0x3b, 0x76, 0x7b,
+	0x2b, 0x9c, 0x9e, 0x49, 0x95, 0xe6, 0x9a, 0xd2, 0x57, 0x44, 0x13, 0x51, 0x9a, 0x40, 0x3f, 0x8c,
+	0x96, 0xdd, 0x30, 0xfa, 0xfc, 0x1f, 0x25, 0x0e, 0xa7, 0x8c, 0x26, 0xa1, 0x9b, 0xfa, 0xe5, 0x6b,
+	0xf0, 0x90, 0x97, 0xaf, 0xe1, 0xbc, 0x8b, 0xd7, 0x54, 0x0b, 0x4e, 0xe7, 0x7c, 0x41, 0x86, 0xfe,
+	0x75, 0x5e, 0xd7, 0xbf, 0x76, 0xd0, 0xda, 0x4d, 0xcb, 0x3a, 0xa6, 0xdf, 0x68, 0x39, 0x5e, 0xe4,
+	0x46, 0x7b, 0xba, 0xbe, 0xf6, 0x69, 0x18, 0x99, 0x77, 0xc8, 0x8e, 0xef, 0x2d, 0x78, 0xf5, 0xa6,
+	0xef, 0x7a, 0x11, 0x9a, 0x84, 0x1e, 0x26, 0x7c, 0xf0, 0xad, 0xb7, 0x87, 0xf6, 0x1e, 0x66, 0x10,
+	0x7b, 0x13, 0x4e, 0xce, 0xfb, 0x77, 0xbc, 0x3b, 0x4e, 0x50, 0x9f, 0xa9, 0x2c, 0x69, 0xfa, 0xa4,
+	0x55, 0xa9, 0xcf, 0xb0, 0xf2, 0x6f, 0x8b, 0x5a, 0x49, 0x7e, 0x1d, 0x5a, 0x74, 0x1b, 0x24, 0x47,
+	0xeb, 0xf7, 0xff, 0x16, 0x8c, 0x9a, 0x62, 0x7a, 0x65, 0x77, 0xb6, 0x72, 0xed, 0xce, 0x6f, 0xc0,
+	0xc0, 0x86, 0x4b, 0x1a, 0x75, 0x4c, 0x36, 0x44, 0xef, 0x3c, 0x99, 0xef, 0x99, 0xb6, 0x48, 0x29,
+	0xa5, 0x96, 0x97, 0x6b, 0x43, 0x16, 0x45, 0x61, 0xac, 0xd8, 0xa0, 0x6d, 0x18, 0x93, 0x7d, 0x28,
+	0xb1, 0x62, 0x3f, 0x78, 0xaa, 0xdd, 0xc0, 0x9b, 0xcc, 0x4f, 0xdc, 0xdf, 0x2f, 0x8f, 0xe1, 0x04,
+	0x1b, 0x9c, 0x62, 0x8c, 0xce, 0x42, 0xcf, 0x0e, 0x3d, 0xf9, 0x7a, 0x58, 0xf7, 0x33, 0xf5, 0x07,
+	0xd3, 0xe4, 0x30, 0xa8, 0xfd, 0x63, 0x16, 0x9c, 0x4e, 0xf5, 0x8c, 0xd0, 0x68, 0x1d, 0xf1, 0x28,
+	0x24, 0x35, 0x4c, 0x85, 0xce, 0x1a, 0x26, 0xfb, 0x6f, 0x59, 0x70, 0x62, 0x61, 0xa7, 0x19, 0xed,
+	0xcd, 0xbb, 0xa6, 0x91, 0xf8, 0x83, 0xd0, 0xb7, 0x43, 0xea, 0x6e, 0x6b, 0x47, 0x8c, 0x5c, 0x59,
+	0x9e, 0x0e, 0x2b, 0x0c, 0x7a, 0xb0, 0x5f, 0x1e, 0xae, 0x46, 0x7e, 0xe0, 0x6c, 0x12, 0x0e, 0xc0,
+	0x82, 0x9c, 0x9d, 0xb1, 0xee, 0x3d, 0xb2, 0xec, 0xee, 0xb8, 0xd1, 0x83, 0xcd, 0x76, 0x61, 0xdf,
+	0x95, 0x4c, 0x70, 0xcc, 0xcf, 0xfe, 0xba, 0x05, 0xa3, 0x72, 0xde, 0xcf, 0xd4, 0xeb, 0x01, 0x09,
+	0x43, 0x34, 0x05, 0x05, 0xb7, 0x29, 0x5a, 0x09, 0xa2, 0x95, 0x85, 0xa5, 0x0a, 0x2e, 0xb8, 0x4d,
+	0x29, 0xce, 0xb3, 0x03, 0xa8, 0x68, 0x9a, 0xba, 0xaf, 0x09, 0x38, 0x56, 0x14, 0xe8, 0x12, 0x0c,
+	0x78, 0x7e, 0x9d, 0x4b, 0xc4, 0x5c, 0x94, 0x60, 0x13, 0x6c, 0x55, 0xc0, 0xb0, 0xc2, 0xa2, 0x0a,
+	0x94, 0xb8, 0x23, 0x64, 0x3c, 0x69, 0xbb, 0x72, 0xa7, 0x64, 0x5f, 0xb6, 0x26, 0x4b, 0xe2, 0x98,
+	0x89, 0xfd, 0x1b, 0x16, 0x0c, 0xc9, 0x2f, 0xeb, 0xf2, 0xae, 0x42, 0x97, 0x56, 0x7c, 0x4f, 0x89,
+	0x97, 0x16, 0xbd, 0x6b, 0x30, 0x8c, 0x71, 0xc5, 0x28, 0x1e, 0xea, 0x8a, 0x71, 0x05, 0x06, 0x9d,
+	0x66, 0xb3, 0x62, 0xde, 0x4f, 0xd8, 0x54, 0x9a, 0x89, 0xc1, 0x58, 0xa7, 0xb1, 0x7f, 0xb4, 0x00,
+	0x23, 0xf2, 0x0b, 0xaa, 0xad, 0xf5, 0x90, 0x44, 0x68, 0x0d, 0x4a, 0x0e, 0x1f, 0x25, 0x22, 0x27,
+	0xf9, 0x63, 0xd9, 0x7a, 0x33, 0x63, 0x48, 0x63, 0x41, 0x6b, 0x46, 0x96, 0xc6, 0x31, 0x23, 0xd4,
+	0x80, 0x71, 0xcf, 0x8f, 0xd8, 0xa1, 0xab, 0xf0, 0xed, 0x4c, 0x99, 0x49, 0xee, 0x67, 0x04, 0xf7,
+	0xf1, 0xd5, 0x24, 0x17, 0x9c, 0x66, 0x8c, 0x16, 0xa4, 0x2e, 0xb2, 0x98, 0xaf, 0x44, 0xd2, 0x07,
+	0x2e, 0x5b, 0x15, 0x69, 0xff, 0xaa, 0x05, 0x25, 0x49, 0x76, 0x1c, 0x56, 0xeb, 0x15, 0xe8, 0x0f,
+	0xd9, 0x20, 0xc8, 0xae, 0xb1, 0xdb, 0x35, 0x9c, 0x8f, 0x57, 0x2c, 0x4b, 0xf0, 0xff, 0x21, 0x96,
+	0x3c, 0x98, 0x29, 0x4a, 0x35, 0xff, 0x5d, 0x62, 0x8a, 0x52, 0xed, 0xc9, 0x39, 0x94, 0xfe, 0x94,
+	0xb5, 0x59, 0xd3, 0xed, 0x52, 0x91, 0xb7, 0x19, 0x90, 0x0d, 0xf7, 0x6e, 0x52, 0xe4, 0xad, 0x30,
+	0x28, 0x16, 0x58, 0xf4, 0x16, 0x0c, 0xd5, 0xa4, 0x0d, 0x22, 0x5e, 0xe1, 0x17, 0xdb, 0xda, 0xc3,
+	0x94, 0xe9, 0x94, 0xeb, 0xd0, 0xe6, 0xb4, 0xf2, 0xd8, 0xe0, 0x66, 0x3a, 0xfa, 0x14, 0x3b, 0x39,
+	0xfa, 0xc4, 0x7c, 0xf3, 0xdd, 0x5e, 0x7e, 0xdc, 0x82, 0x3e, 0xae, 0x7b, 0xee, 0x4e, 0xf5, 0xaf,
+	0x59, 0x92, 0xe3, 0xbe, 0xbb, 0x45, 0x81, 0x42, 0xd2, 0x40, 0x2b, 0x50, 0x62, 0x3f, 0x98, 0xee,
+	0xbc, 0x98, 0xff, 0x0e, 0x87, 0xd7, 0xaa, 0x37, 0xf0, 0x96, 0x2c, 0x86, 0x63, 0x0e, 0xf6, 0x8f,
+	0x14, 0xe9, 0xee, 0x16, 0x93, 0x1a, 0x87, 0xbe, 0xf5, 0xf0, 0x0e, 0xfd, 0xc2, 0xc3, 0x3a, 0xf4,
+	0x37, 0x61, 0xb4, 0xa6, 0xd9, 0x9d, 0xe3, 0x91, 0xbc, 0xd4, 0x76, 0x92, 0x68, 0x26, 0x6a, 0xae,
+	0x9d, 0x9b, 0x33, 0x99, 0xe0, 0x24, 0x57, 0xf4, 0x09, 0x18, 0xe2, 0xe3, 0x2c, 0x6a, 0xe1, 0xbe,
+	0x52, 0x4f, 0xe4, 0xcf, 0x17, 0xbd, 0x0a, 0xae, 0xcd, 0xd5, 0x8a, 0x63, 0x83, 0x99, 0xfd, 0x97,
+	0x16, 0xa0, 0x85, 0xe6, 0x16, 0xd9, 0x21, 0x81, 0xd3, 0x88, 0xcd, 0x47, 0x3f, 0x68, 0xc1, 0x24,
+	0x49, 0x81, 0xe7, 0xfc, 0x9d, 0x1d, 0x71, 0x59, 0xcc, 0xd1, 0x67, 0x2c, 0xe4, 0x94, 0x51, 0x0f,
+	0x95, 0x26, 0xf3, 0x28, 0x70, 0x6e, 0x7d, 0x68, 0x05, 0x26, 0xf8, 0x29, 0xa9, 0x10, 0x9a, 0xdf,
+	0xd5, 0x23, 0x82, 0xf1, 0xc4, 0x5a, 0x9a, 0x04, 0x67, 0x95, 0xb3, 0x7f, 0x75, 0x18, 0x72, 0x5b,
+	0xf1, 0x9e, 0xdd, 0xec, 0x3d, 0xbb, 0xd9, 0x7b, 0x76, 0xb3, 0xf7, 0xec, 0x66, 0xef, 0xd9, 0xcd,
+	0xde, 0xb3, 0x9b, 0xbd, 0x4b, 0xed, 0x66, 0xff, 0xb7, 0x05, 0x27, 0xd5, 0xf1, 0x65, 0x5c, 0xd8,
+	0x3f, 0x0b, 0x13, 0x7c, 0xb9, 0x19, 0x3e, 0xc6, 0xe2, 0xb8, 0xbe, 0x92, 0x39, 0x73, 0x13, 0xbe,
+	0xf0, 0x46, 0x41, 0xfe, 0xa8, 0x28, 0x03, 0x81, 0xb3, 0xaa, 0xb1, 0x7f, 0x69, 0x00, 0x7a, 0x17,
+	0x76, 0x89, 0x17, 0x1d, 0xc3, 0xd5, 0xa6, 0x06, 0x23, 0xae, 0xb7, 0xeb, 0x37, 0x76, 0x49, 0x9d,
+	0xe3, 0x0f, 0x73, 0x03, 0x3f, 0x25, 0x58, 0x8f, 0x2c, 0x19, 0x2c, 0x70, 0x82, 0xe5, 0xc3, 0xb0,
+	0x3e, 0x5c, 0x85, 0x3e, 0x7e, 0xf8, 0x08, 0xd3, 0x43, 0xe6, 0x9e, 0xcd, 0x3a, 0x51, 0x1c, 0xa9,
+	0xb1, 0x65, 0x84, 0x1f, 0x6e, 0xa2, 0x38, 0xfa, 0x0c, 0x8c, 0x6c, 0xb8, 0x41, 0x18, 0xad, 0xb9,
+	0x3b, 0xf4, 0x68, 0xd8, 0x69, 0x3e, 0x80, 0xb5, 0x41, 0xf5, 0xc3, 0xa2, 0xc1, 0x09, 0x27, 0x38,
+	0xa3, 0x4d, 0x18, 0x6e, 0x38, 0x7a, 0x55, 0xfd, 0x87, 0xae, 0x4a, 0x9d, 0x0e, 0xcb, 0x3a, 0x23,
+	0x6c, 0xf2, 0xa5, 0xcb, 0xa9, 0xc6, 0x14, 0xe6, 0x03, 0x4c, 0x9d, 0xa1, 0x96, 0x13, 0xd7, 0x94,
+	0x73, 0x1c, 0x15, 0xd0, 0x98, 0x23, 0x7b, 0xc9, 0x14, 0xd0, 0x34, 0x77, 0xf5, 0x4f, 0x43, 0x89,
+	0xd0, 0x2e, 0xa4, 0x8c, 0xc5, 0x01, 0x73, 0xb9, 0xbb, 0xb6, 0xae, 0xb8, 0xb5, 0xc0, 0x37, 0xed,
+	0x3c, 0x0b, 0x92, 0x13, 0x8e, 0x99, 0xa2, 0x39, 0xe8, 0x0b, 0x49, 0xe0, 0x2a, 0x5d, 0x72, 0x9b,
+	0x61, 0x64, 0x64, 0xfc, 0xd5, 0x1a, 0xff, 0x8d, 0x45, 0x51, 0x3a, 0xbd, 0x1c, 0xa6, 0x8a, 0x65,
+	0x87, 0x81, 0x36, 0xbd, 0x66, 0x18, 0x14, 0x0b, 0x2c, 0x7a, 0x1d, 0xfa, 0x03, 0xd2, 0x60, 0x86,
+	0xc4, 0xe1, 0xee, 0x27, 0x39, 0xb7, 0x4b, 0xf2, 0x72, 0x58, 0x32, 0x40, 0xd7, 0x01, 0x05, 0x84,
+	0x0a, 0x78, 0xae, 0xb7, 0xa9, 0xdc, 0xbb, 0xc5, 0x46, 0xab, 0x04, 0x69, 0x1c, 0x53, 0xc8, 0x07,
+	0x8b, 0x38, 0xa3, 0x18, 0xba, 0x0a, 0xe3, 0x0a, 0xba, 0xe4, 0x85, 0x91, 0x43, 0x37, 0xb8, 0x51,
+	0xc6, 0x4b, 0xe9, 0x57, 0x70, 0x92, 0x00, 0xa7, 0xcb, 0xd8, 0x3f, 0x67, 0x01, 0xef, 0xe7, 0x63,
+	0xd0, 0x2a, 0xbc, 0x66, 0x6a, 0x15, 0xce, 0xe4, 0x8e, 0x5c, 0x8e, 0x46, 0xe1, 0xe7, 0x2c, 0x18,
+	0xd4, 0x46, 0x36, 0x9e, 0xb3, 0x56, 0x9b, 0x39, 0xdb, 0x82, 0x31, 0x3a, 0xd3, 0x6f, 0xac, 0x87,
+	0x24, 0xd8, 0x25, 0x75, 0x36, 0x31, 0x0b, 0x0f, 0x36, 0x31, 0x95, 0x2b, 0xe9, 0x72, 0x82, 0x21,
+	0x4e, 0x55, 0x61, 0x7f, 0x5a, 0x36, 0x55, 0x79, 0xde, 0xd6, 0xd4, 0x98, 0x27, 0x3c, 0x6f, 0xd5,
+	0xa8, 0xe2, 0x98, 0x86, 0x2e, 0xb5, 0x2d, 0x3f, 0x8c, 0x92, 0x9e, 0xb7, 0xd7, 0xfc, 0x30, 0xc2,
+	0x0c, 0x63, 0xbf, 0x00, 0xb0, 0x70, 0x97, 0xd4, 0xf8, 0x8c, 0xd5, 0x2f, 0x3d, 0x56, 0xfe, 0xa5,
+	0xc7, 0xfe, 0x3d, 0x0b, 0x46, 0x16, 0xe7, 0x8c, 0x93, 0x6b, 0x1a, 0x80, 0xdf, 0xd4, 0x6e, 0xdf,
+	0x5e, 0x95, 0xee, 0x1f, 0xdc, 0x02, 0xae, 0xa0, 0x58, 0xa3, 0x40, 0x67, 0xa0, 0xd8, 0x68, 0x79,
+	0x42, 0xed, 0xd9, 0x4f, 0x8f, 0xc7, 0xe5, 0x96, 0x87, 0x29, 0x4c, 0x7b, 0xac, 0x54, 0xec, 0xfa,
+	0xb1, 0x52, 0xc7, 0x20, 0x25, 0xa8, 0x0c, 0xbd, 0x77, 0xee, 0xb8, 0x75, 0xfe, 0x14, 0x5c, 0xb8,
+	0xa6, 0xdc, 0xbe, 0xbd, 0x34, 0x1f, 0x62, 0x0e, 0xb7, 0xbf, 0x58, 0x84, 0xa9, 0xc5, 0x06, 0xb9,
+	0xfb, 0x0e, 0x9f, 0xc3, 0x77, 0xfb, 0xd4, 0xea, 0x70, 0x0a, 0xa4, 0xc3, 0x3e, 0xa7, 0xeb, 0xdc,
+	0x1f, 0x1b, 0xd0, 0xcf, 0x1d, 0x4f, 0xe5, 0xe3, 0xf8, 0x4c, 0x73, 0x5f, 0x7e, 0x87, 0x4c, 0x73,
+	0x07, 0x56, 0x61, 0xee, 0x53, 0x07, 0xa6, 0x80, 0x62, 0xc9, 0x7c, 0xea, 0x15, 0x18, 0xd2, 0x29,
+	0x0f, 0xf5, 0xb0, 0xf5, 0xbb, 0x8b, 0x30, 0x46, 0x5b, 0xf0, 0x50, 0x07, 0xe2, 0x66, 0x7a, 0x20,
+	0x8e, 0xfa, 0x71, 0x63, 0xe7, 0xd1, 0x78, 0x2b, 0x39, 0x1a, 0x57, 0xf2, 0x46, 0xe3, 0xb8, 0xc7,
+	0xe0, 0x7b, 0x2c, 0x98, 0x58, 0x6c, 0xf8, 0xb5, 0xed, 0xc4, 0x03, 0xc4, 0x97, 0x60, 0x90, 0x6e,
+	0xc7, 0xa1, 0x11, 0x8b, 0xc3, 0x88, 0xce, 0x22, 0x50, 0x58, 0xa7, 0xd3, 0x8a, 0xdd, 0xbc, 0xb9,
+	0x34, 0x9f, 0x15, 0xd4, 0x45, 0xa0, 0xb0, 0x4e, 0x67, 0xff, 0x8e, 0x05, 0xe7, 0xae, 0xce, 0x2d,
+	0xc4, 0x53, 0x31, 0x15, 0x57, 0xe6, 0x22, 0xf4, 0x35, 0xeb, 0x5a, 0x53, 0x62, 0xb5, 0xf0, 0x3c,
+	0x6b, 0x85, 0xc0, 0xbe, 0x5b, 0x62, 0x26, 0xdd, 0x04, 0xb8, 0x8a, 0x2b, 0x73, 0x62, 0xdf, 0x95,
+	0x56, 0x20, 0x2b, 0xd7, 0x0a, 0xf4, 0x04, 0xf4, 0xd3, 0x73, 0xc1, 0xad, 0xc9, 0x76, 0x73, 0x83,
+	0x3e, 0x07, 0x61, 0x89, 0xb3, 0x7f, 0xd6, 0x82, 0x89, 0xab, 0x6e, 0x44, 0x0f, 0xed, 0x64, 0xe0,
+	0x14, 0x7a, 0x6a, 0x87, 0x6e, 0xe4, 0x07, 0x7b, 0xc9, 0xc0, 0x29, 0x58, 0x61, 0xb0, 0x46, 0xc5,
+	0x3f, 0x68, 0xd7, 0x65, 0x2f, 0x29, 0x0a, 0xa6, 0xdd, 0x0d, 0x0b, 0x38, 0x56, 0x14, 0xb4, 0xbf,
+	0xea, 0x6e, 0xc0, 0x54, 0x96, 0x7b, 0x62, 0xe3, 0x56, 0xfd, 0x35, 0x2f, 0x11, 0x38, 0xa6, 0xb1,
+	0xff, 0xdc, 0x82, 0xf2, 0xd5, 0x46, 0x2b, 0x8c, 0x48, 0xb0, 0x11, 0xe6, 0x6c, 0xba, 0x2f, 0x40,
+	0x89, 0x48, 0x03, 0x81, 0x7c, 0xf2, 0x29, 0x05, 0x51, 0x65, 0x39, 0xe0, 0xf1, 0x5b, 0x14, 0x5d,
+	0x17, 0xaf, 0xa4, 0x0f, 0xf7, 0xcc, 0x75, 0x11, 0x10, 0xd1, 0xeb, 0xd2, 0x03, 0xda, 0xb0, 0xc8,
+	0x18, 0x0b, 0x29, 0x2c, 0xce, 0x28, 0x61, 0xff, 0x98, 0x05, 0x27, 0xd5, 0x07, 0xbf, 0xeb, 0x3e,
+	0xd3, 0xfe, 0x6a, 0x01, 0x86, 0xaf, 0xad, 0xad, 0x55, 0xae, 0x92, 0x48, 0x9b, 0x95, 0xed, 0xcd,
+	0xfe, 0x58, 0xb3, 0x5e, 0xb6, 0xbb, 0x23, 0xb6, 0x22, 0xb7, 0x31, 0xcd, 0xe3, 0xa2, 0x4d, 0x2f,
+	0x79, 0xd1, 0x8d, 0xa0, 0x1a, 0x05, 0xae, 0xb7, 0x99, 0x39, 0xd3, 0xa5, 0xcc, 0x52, 0xcc, 0x93,
+	0x59, 0xd0, 0x0b, 0xd0, 0xc7, 0x02, 0xb3, 0xc9, 0x41, 0x78, 0x44, 0x5d, 0xb1, 0x18, 0xf4, 0x60,
+	0xbf, 0x5c, 0xba, 0x89, 0x97, 0xf8, 0x1f, 0x2c, 0x48, 0xd1, 0x4d, 0x18, 0xdc, 0x8a, 0xa2, 0xe6,
+	0x35, 0xe2, 0xd4, 0x49, 0x20, 0x77, 0xd9, 0xf3, 0x59, 0xbb, 0x2c, 0xed, 0x04, 0x4e, 0x16, 0x6f,
+	0x4c, 0x31, 0x2c, 0xc4, 0x3a, 0x1f, 0xbb, 0x0a, 0x10, 0xe3, 0x8e, 0xc8, 0x70, 0x63, 0xaf, 0x41,
+	0x89, 0x7e, 0xee, 0x4c, 0xc3, 0x75, 0xda, 0x9b, 0xc6, 0x9f, 0x81, 0x92, 0x34, 0x7c, 0x87, 0x22,
+	0x8a, 0x03, 0x3b, 0x91, 0xa4, 0x5d, 0x3c, 0xc4, 0x31, 0xde, 0x7e, 0x1c, 0x84, 0x6f, 0x69, 0x3b,
+	0x96, 0xf6, 0x06, 0x9c, 0x60, 0x4e, 0xb2, 0x4e, 0xb4, 0x65, 0xcc, 0xd1, 0xce, 0x93, 0xe1, 0x59,
+	0x71, 0xaf, 0xe3, 0x5f, 0x36, 0xa9, 0x3d, 0x4e, 0x1e, 0x92, 0x1c, 0xe3, 0x3b, 0x9e, 0xfd, 0x67,
+	0x3d, 0xf0, 0xc8, 0x52, 0x35, 0x3f, 0xfc, 0xd0, 0xcb, 0x30, 0xc4, 0xc5, 0x45, 0x3a, 0x35, 0x9c,
+	0x86, 0xa8, 0x57, 0x69, 0x40, 0xd7, 0x34, 0x1c, 0x36, 0x28, 0xd1, 0x39, 0x28, 0xba, 0x6f, 0x7b,
+	0xc9, 0xa7, 0x7b, 0x4b, 0x6f, 0xac, 0x62, 0x0a, 0xa7, 0x68, 0x2a, 0x79, 0xf2, 0x2d, 0x5d, 0xa1,
+	0x95, 0xf4, 0xf9, 0x1a, 0x8c, 0xb8, 0x61, 0x2d, 0x74, 0x97, 0x3c, 0xba, 0x4e, 0xb5, 0x95, 0xae,
+	0x74, 0x0e, 0xb4, 0xd1, 0x0a, 0x8b, 0x13, 0xd4, 0xda, 0xf9, 0xd2, 0xdb, 0xb5, 0xf4, 0xda, 0x31,
+	0xf8, 0x01, 0xdd, 0xfe, 0x9b, 0xec, 0xeb, 0x42, 0xa6, 0x82, 0x17, 0xdb, 0x3f, 0xff, 0xe0, 0x10,
+	0x4b, 0x1c, 0xbd, 0xd0, 0xd5, 0xb6, 0x9c, 0xe6, 0x4c, 0x2b, 0xda, 0x9a, 0x77, 0xc3, 0x9a, 0xbf,
+	0x4b, 0x82, 0x3d, 0x76, 0x17, 0x1f, 0x88, 0x2f, 0x74, 0x0a, 0x31, 0x77, 0x6d, 0xa6, 0x42, 0x29,
+	0x71, 0xba, 0x0c, 0x9a, 0x81, 0x51, 0x09, 0xac, 0x92, 0x90, 0x1d, 0x01, 0x83, 0x8c, 0x8d, 0x7a,
+	0x4c, 0x27, 0xc0, 0x8a, 0x49, 0x92, 0xde, 0x14, 0x70, 0xe1, 0x28, 0x04, 0xdc, 0x0f, 0xc2, 0xb0,
+	0xeb, 0xb9, 0x91, 0xeb, 0x44, 0x3e, 0xb7, 0x1f, 0xf1, 0x6b, 0x37, 0x53, 0x30, 0x2f, 0xe9, 0x08,
+	0x6c, 0xd2, 0xd9, 0xff, 0xb6, 0x07, 0xc6, 0xd9, 0xb0, 0xbd, 0x37, 0xc3, 0xbe, 0x9d, 0x66, 0xd8,
+	0xcd, 0xf4, 0x0c, 0x3b, 0x0a, 0xc9, 0xfd, 0x81, 0xa7, 0xd9, 0x67, 0xa0, 0xa4, 0xde, 0x0f, 0xca,
+	0x07, 0xc4, 0x56, 0xce, 0x03, 0xe2, 0xce, 0xa7, 0xb7, 0x74, 0x49, 0x2b, 0x66, 0xba, 0xa4, 0x7d,
+	0xd9, 0x82, 0xd8, 0xb0, 0x80, 0xde, 0x80, 0x52, 0xd3, 0x67, 0x1e, 0xae, 0x81, 0x74, 0x1b, 0x7f,
+	0xbc, 0xad, 0x65, 0x82, 0x47, 0x60, 0x0b, 0x78, 0x2f, 0x54, 0x64, 0x51, 0x1c, 0x73, 0x41, 0xd7,
+	0xa1, 0xbf, 0x19, 0x90, 0x6a, 0xc4, 0xc2, 0x03, 0x75, 0xcf, 0x90, 0xcf, 0x1a, 0x5e, 0x10, 0x4b,
+	0x0e, 0xf6, 0xbf, 0xb7, 0x60, 0x2c, 0x49, 0x8a, 0x3e, 0x0c, 0x3d, 0xe4, 0x2e, 0xa9, 0x89, 0xf6,
+	0x66, 0x1e, 0xc5, 0xb1, 0x6a, 0x82, 0x77, 0x00, 0xfd, 0x8f, 0x59, 0x29, 0x74, 0x0d, 0xfa, 0xe9,
+	0x39, 0x7c, 0x55, 0x85, 0xc2, 0x7b, 0x34, 0xef, 0x2c, 0x57, 0x02, 0x0d, 0x6f, 0x9c, 0x00, 0x61,
+	0x59, 0x9c, 0xf9, 0x81, 0xd5, 0x9a, 0x55, 0x7a, 0xc5, 0x89, 0xda, 0xdd, 0xc4, 0xd7, 0xe6, 0x2a,
+	0x9c, 0x48, 0x70, 0xe3, 0x7e, 0x60, 0x12, 0x88, 0x63, 0x26, 0xf6, 0x2f, 0x58, 0x00, 0xdc, 0xed,
+	0xcd, 0xf1, 0x36, 0xc9, 0x31, 0x68, 0xd3, 0xe7, 0xa1, 0x27, 0x6c, 0x92, 0x5a, 0x3b, 0xe7, 0xeb,
+	0xb8, 0x3d, 0xd5, 0x26, 0xa9, 0xc5, 0x33, 0x8e, 0xfe, 0xc3, 0xac, 0xb4, 0xfd, 0xbd, 0x00, 0x23,
+	0x31, 0xd9, 0x52, 0x44, 0x76, 0xd0, 0x73, 0x46, 0xd0, 0x91, 0x33, 0x89, 0xa0, 0x23, 0x25, 0x46,
+	0xad, 0x29, 0x6e, 0x3f, 0x03, 0xc5, 0x1d, 0xe7, 0xae, 0xd0, 0xcc, 0x3d, 0xd3, 0xbe, 0x19, 0x94,
+	0xff, 0xf4, 0x8a, 0x73, 0x97, 0x5f, 0x5e, 0x9f, 0x91, 0x2b, 0x64, 0xc5, 0xb9, 0xdb, 0xd1, 0x41,
+	0x98, 0x56, 0xc2, 0xea, 0x72, 0x3d, 0xe1, 0xd1, 0xd5, 0x55, 0x5d, 0xae, 0x97, 0xac, 0xcb, 0xf5,
+	0xba, 0xa8, 0xcb, 0xf5, 0xd0, 0x3d, 0xe8, 0x17, 0x0e, 0x97, 0x22, 0x2c, 0xd9, 0xe5, 0x2e, 0xea,
+	0x13, 0xfe, 0x9a, 0xbc, 0xce, 0xcb, 0xf2, 0x72, 0x2e, 0xa0, 0x1d, 0xeb, 0x95, 0x15, 0xa2, 0xff,
+	0xc7, 0x82, 0x11, 0xf1, 0x1b, 0x93, 0xb7, 0x5b, 0x24, 0x8c, 0x84, 0xf0, 0xfa, 0x81, 0xee, 0xdb,
+	0x20, 0x0a, 0xf2, 0xa6, 0x7c, 0x40, 0x9e, 0x33, 0x26, 0xb2, 0x63, 0x8b, 0x12, 0xad, 0x40, 0x7f,
+	0xdb, 0x82, 0x13, 0x3b, 0xce, 0x5d, 0x5e, 0x23, 0x87, 0x61, 0x27, 0x72, 0x7d, 0xe1, 0xb8, 0xf0,
+	0xe1, 0xee, 0x86, 0x3f, 0x55, 0x9c, 0x37, 0x52, 0x5a, 0x29, 0x4f, 0x64, 0x91, 0x74, 0x6c, 0x6a,
+	0x66, 0xbb, 0xa6, 0x36, 0x60, 0x40, 0xce, 0xb7, 0x87, 0xe9, 0xdd, 0xcd, 0xea, 0x11, 0x73, 0xed,
+	0xa1, 0xd6, 0xf3, 0x19, 0x18, 0xd2, 0xe7, 0xd8, 0x43, 0xad, 0xeb, 0x6d, 0x98, 0xc8, 0x98, 0x4b,
+	0x0f, 0xb5, 0xca, 0x3b, 0x70, 0x26, 0x77, 0x7e, 0x3c, 0x54, 0xef, 0xfc, 0xaf, 0x5a, 0xfa, 0x3e,
+	0x78, 0x0c, 0x26, 0x8d, 0x39, 0xd3, 0xa4, 0x71, 0xbe, 0xfd, 0xca, 0xc9, 0xb1, 0x6b, 0xbc, 0xa5,
+	0x37, 0x9a, 0xee, 0xea, 0xe8, 0x75, 0xe8, 0x6b, 0x50, 0x88, 0x74, 0xdb, 0xb5, 0x3b, 0xaf, 0xc8,
+	0x58, 0x98, 0x64, 0xf0, 0x10, 0x0b, 0x0e, 0xf6, 0x2f, 0x5b, 0xd0, 0x73, 0x0c, 0x3d, 0x81, 0xcd,
+	0x9e, 0x78, 0x2e, 0x97, 0xb5, 0x88, 0xd0, 0x3e, 0x8d, 0x9d, 0x3b, 0x0b, 0x77, 0x23, 0xe2, 0x85,
+	0xec, 0x44, 0xce, 0xec, 0x98, 0x9f, 0xb2, 0x60, 0x62, 0xd9, 0x77, 0xea, 0xb3, 0x4e, 0xc3, 0xf1,
+	0x6a, 0x24, 0x58, 0xf2, 0x36, 0x0f, 0xe5, 0x73, 0x5e, 0xe8, 0xe8, 0x73, 0x3e, 0x27, 0x5d, 0xb6,
+	0x7a, 0xf2, 0xc7, 0x8f, 0x4a, 0xd2, 0xc9, 0x30, 0x4c, 0x86, 0x73, 0xf1, 0x16, 0x20, 0xbd, 0x95,
+	0xe2, 0xe5, 0x15, 0x86, 0x7e, 0x97, 0xb7, 0x57, 0x0c, 0xe2, 0x93, 0xd9, 0x12, 0x6e, 0xea, 0xf3,
+	0xb4, 0x37, 0x45, 0x1c, 0x80, 0x25, 0x23, 0xfb, 0x65, 0xc8, 0x0c, 0x9b, 0xd1, 0x59, 0x7b, 0x61,
+	0x7f, 0x1c, 0xc6, 0x59, 0xc9, 0x43, 0x6a, 0x06, 0xec, 0x84, 0xce, 0x35, 0x23, 0x04, 0xa8, 0xfd,
+	0x05, 0x0b, 0x46, 0x57, 0x13, 0x91, 0x11, 0x2f, 0x32, 0x2b, 0x6d, 0x86, 0xaa, 0xbf, 0xca, 0xa0,
+	0x58, 0x60, 0x8f, 0x5c, 0x15, 0xf6, 0xd7, 0x16, 0xc4, 0x91, 0x6c, 0x8e, 0x41, 0x7c, 0x9b, 0x33,
+	0xc4, 0xb7, 0x4c, 0x41, 0x56, 0x35, 0x27, 0x4f, 0x7a, 0x43, 0xd7, 0x55, 0x8c, 0xb7, 0x36, 0x32,
+	0x6c, 0xcc, 0x86, 0x4f, 0xc5, 0x11, 0x33, 0x10, 0x9c, 0x8c, 0xfa, 0x66, 0xff, 0x7e, 0x01, 0x90,
+	0xa2, 0xed, 0x3a, 0x06, 0x5d, 0xba, 0xc4, 0xd1, 0xc4, 0xa0, 0xdb, 0x05, 0xc4, 0xfc, 0x0c, 0x02,
+	0xc7, 0x0b, 0x39, 0x5b, 0x57, 0x28, 0xff, 0x0e, 0xe7, 0xc4, 0x30, 0x25, 0x1f, 0xa5, 0x2d, 0xa7,
+	0xb8, 0xe1, 0x8c, 0x1a, 0x34, 0xff, 0x91, 0xde, 0x6e, 0xfd, 0x47, 0xfa, 0x3a, 0xbc, 0xae, 0xfc,
+	0x8a, 0x05, 0xc3, 0xaa, 0x9b, 0xde, 0x25, 0x3e, 0xf8, 0xaa, 0x3d, 0x39, 0x1b, 0x68, 0x45, 0x6b,
+	0x32, 0x3b, 0x58, 0xbe, 0x83, 0xbd, 0x92, 0x75, 0x1a, 0xee, 0x3d, 0xa2, 0x62, 0x96, 0x96, 0xc5,
+	0xab, 0x57, 0x01, 0x3d, 0xd8, 0x2f, 0x0f, 0xab, 0x7f, 0x3c, 0x26, 0x7b, 0x5c, 0x84, 0x6e, 0xc9,
+	0xa3, 0x89, 0xa9, 0x88, 0x5e, 0x82, 0xde, 0xe6, 0x96, 0x13, 0x92, 0xc4, 0x5b, 0xa5, 0xde, 0x0a,
+	0x05, 0x1e, 0xec, 0x97, 0x47, 0x54, 0x01, 0x06, 0xc1, 0x9c, 0xba, 0xfb, 0xc8, 0x7e, 0xe9, 0xc9,
+	0xd9, 0x31, 0xb2, 0xdf, 0x5f, 0x5a, 0xd0, 0xb3, 0xea, 0xd7, 0x8f, 0x63, 0x0b, 0x78, 0xcd, 0xd8,
+	0x02, 0xce, 0xe6, 0xa5, 0xcb, 0xc8, 0x5d, 0xfd, 0x8b, 0x89, 0xd5, 0x7f, 0x3e, 0x97, 0x43, 0xfb,
+	0x85, 0xbf, 0x03, 0x83, 0x2c, 0x09, 0x87, 0x78, 0x97, 0xf5, 0x82, 0xb1, 0xe0, 0xcb, 0x89, 0x05,
+	0x3f, 0xaa, 0x91, 0x6a, 0x2b, 0xfd, 0x29, 0xe8, 0x17, 0x0f, 0x7d, 0x92, 0x8f, 0x8d, 0x05, 0x2d,
+	0x96, 0x78, 0xfb, 0xc7, 0x8b, 0x60, 0x24, 0xfd, 0x40, 0xbf, 0x6a, 0xc1, 0x74, 0xc0, 0x1d, 0x80,
+	0xeb, 0xf3, 0xad, 0xc0, 0xf5, 0x36, 0xab, 0xb5, 0x2d, 0x52, 0x6f, 0x35, 0x5c, 0x6f, 0x73, 0x69,
+	0xd3, 0xf3, 0x15, 0x78, 0xe1, 0x2e, 0xa9, 0xb5, 0x98, 0x71, 0xae, 0x43, 0x86, 0x11, 0xe5, 0x48,
+	0xff, 0xfc, 0xfd, 0xfd, 0xf2, 0x34, 0x3e, 0x14, 0x6f, 0x7c, 0xc8, 0xb6, 0xa0, 0xdf, 0xb1, 0xe0,
+	0x32, 0xcf, 0x85, 0xd1, 0x7d, 0xfb, 0xdb, 0xdc, 0x96, 0x2b, 0x92, 0x55, 0xcc, 0x64, 0x8d, 0x04,
+	0x3b, 0xb3, 0x1f, 0x14, 0x1d, 0x7a, 0xb9, 0x72, 0xb8, 0xba, 0xf0, 0x61, 0x1b, 0x67, 0xff, 0xc3,
+	0x22, 0x0c, 0x8b, 0x08, 0x70, 0xe2, 0x0c, 0x78, 0xc9, 0x98, 0x12, 0x8f, 0x26, 0xa6, 0xc4, 0xb8,
+	0x41, 0x7c, 0x34, 0xdb, 0x7f, 0x08, 0xe3, 0x74, 0x73, 0xbe, 0x46, 0x9c, 0x20, 0x5a, 0x27, 0x0e,
+	0x77, 0x0b, 0x2b, 0x1e, 0x7a, 0xf7, 0x57, 0xfa, 0xc9, 0xe5, 0x24, 0x33, 0x9c, 0xe6, 0xff, 0xed,
+	0x74, 0xe6, 0x78, 0x30, 0x96, 0x0a, 0xe2, 0xf7, 0x26, 0x94, 0xd4, 0x2b, 0x15, 0xb1, 0xe9, 0xb4,
+	0x8f, 0x85, 0x99, 0xe4, 0xc0, 0xd5, 0x5f, 0xf1, 0x0b, 0xa9, 0x98, 0x9d, 0xfd, 0x77, 0x0b, 0x46,
+	0x85, 0x7c, 0x10, 0x57, 0x61, 0xc0, 0x09, 0x43, 0x77, 0xd3, 0x23, 0xf5, 0x76, 0x1a, 0xca, 0x54,
+	0x35, 0xec, 0xa5, 0xd0, 0x8c, 0x28, 0x89, 0x15, 0x0f, 0x74, 0x8d, 0x3b, 0xdf, 0xed, 0x92, 0x76,
+	0xea, 0xc9, 0x14, 0x37, 0x90, 0xee, 0x79, 0xbb, 0x04, 0x8b, 0xf2, 0xe8, 0x93, 0xdc, 0x3b, 0xf2,
+	0xba, 0xe7, 0xdf, 0xf1, 0xae, 0xfa, 0xbe, 0x8c, 0xf6, 0xd1, 0x1d, 0xc3, 0x71, 0xe9, 0x13, 0xa9,
+	0x8a, 0x63, 0x93, 0x5b, 0x77, 0x51, 0x71, 0x3f, 0x0b, 0x2c, 0xf6, 0xbf, 0xf9, 0x28, 0x3c, 0x44,
+	0x04, 0x46, 0x45, 0x78, 0x41, 0x09, 0x13, 0x7d, 0x97, 0x79, 0x95, 0x33, 0x4b, 0xc7, 0x8a, 0xf4,
+	0xeb, 0x26, 0x0b, 0x9c, 0xe4, 0x69, 0xff, 0x8c, 0x05, 0xec, 0x81, 0xec, 0x31, 0xc8, 0x23, 0x1f,
+	0x31, 0xe5, 0x91, 0xc9, 0xbc, 0x4e, 0xce, 0x11, 0x45, 0x5e, 0xe4, 0x33, 0xab, 0x12, 0xf8, 0x77,
+	0xf7, 0x84, 0x4b, 0x4b, 0xe7, 0xfb, 0x87, 0xfd, 0xdf, 0x2d, 0xbe, 0x89, 0xc5, 0xe1, 0x04, 0x3e,
+	0x07, 0x03, 0x35, 0xa7, 0xe9, 0xd4, 0x78, 0x86, 0xaa, 0x5c, 0x8d, 0x9e, 0x51, 0x68, 0x7a, 0x4e,
+	0x94, 0xe0, 0x1a, 0x2a, 0x19, 0xa6, 0x72, 0x40, 0x82, 0x3b, 0x6a, 0xa5, 0x54, 0x95, 0x53, 0xdb,
+	0x30, 0x6c, 0x30, 0x7b, 0xa8, 0xea, 0x8c, 0xcf, 0xf1, 0x23, 0x56, 0x85, 0x55, 0xdd, 0x81, 0x71,
+	0x4f, 0xfb, 0x4f, 0x0f, 0x14, 0x79, 0xb9, 0x7c, 0xbc, 0xd3, 0x21, 0xca, 0x4e, 0x1f, 0xed, 0xed,
+	0x6d, 0x82, 0x0d, 0x4e, 0x73, 0xb6, 0x7f, 0xc2, 0x82, 0xd3, 0x3a, 0xa1, 0xf6, 0xbc, 0xa7, 0x93,
+	0x91, 0x64, 0x1e, 0x06, 0xfc, 0x26, 0x09, 0x9c, 0xc8, 0x0f, 0xc4, 0xa9, 0x71, 0x49, 0x76, 0xfa,
+	0x0d, 0x01, 0x3f, 0x10, 0xf9, 0x16, 0x24, 0x77, 0x09, 0xc7, 0xaa, 0x24, 0xbd, 0x7d, 0xb2, 0xce,
+	0x08, 0xc5, 0x43, 0x2e, 0xb6, 0x07, 0x30, 0x7b, 0x7b, 0x88, 0x05, 0xc6, 0xfe, 0x33, 0x8b, 0x4f,
+	0x2c, 0xbd, 0xe9, 0xe8, 0x6d, 0x18, 0xdb, 0x71, 0xa2, 0xda, 0xd6, 0xc2, 0xdd, 0x66, 0xc0, 0x4d,
+	0x4e, 0xb2, 0x9f, 0x9e, 0xe9, 0xd4, 0x4f, 0xda, 0x47, 0xc6, 0x0e, 0x9f, 0x2b, 0x09, 0x66, 0x38,
+	0xc5, 0x1e, 0xad, 0xc3, 0x20, 0x83, 0xb1, 0x37, 0x8a, 0x61, 0x3b, 0xd1, 0x20, 0xaf, 0x36, 0xe5,
+	0xb2, 0xb0, 0x12, 0xf3, 0xc1, 0x3a, 0x53, 0xfb, 0xcb, 0x45, 0xbe, 0xda, 0x99, 0x28, 0xff, 0x14,
+	0xf4, 0x37, 0xfd, 0xfa, 0xdc, 0xd2, 0x3c, 0x16, 0xa3, 0xa0, 0x8e, 0x91, 0x0a, 0x07, 0x63, 0x89,
+	0x47, 0x97, 0x60, 0x40, 0xfc, 0x94, 0x26, 0x42, 0xb6, 0x37, 0x0b, 0xba, 0x10, 0x2b, 0x2c, 0x7a,
+	0x1e, 0xa0, 0x19, 0xf8, 0xbb, 0x6e, 0x9d, 0xc5, 0x2c, 0x29, 0x9a, 0xde, 0x46, 0x15, 0x85, 0xc1,
+	0x1a, 0x15, 0x7a, 0x15, 0x86, 0x5b, 0x5e, 0xc8, 0xc5, 0x11, 0x2d, 0x32, 0xb4, 0xf2, 0x83, 0xb9,
+	0xa9, 0x23, 0xb1, 0x49, 0x8b, 0x66, 0xa0, 0x2f, 0x72, 0x98, 0xf7, 0x4c, 0x6f, 0xbe, 0x53, 0xf0,
+	0x1a, 0xa5, 0xd0, 0x93, 0x21, 0xd1, 0x02, 0x58, 0x14, 0x44, 0x6f, 0xca, 0xe7, 0xc2, 0x7c, 0x63,
+	0x17, 0xde, 0xf8, 0xdd, 0x1d, 0x02, 0xda, 0x63, 0x61, 0xe1, 0xe5, 0x6f, 0xf0, 0x42, 0xaf, 0x00,
+	0x90, 0xbb, 0x11, 0x09, 0x3c, 0xa7, 0xa1, 0x7c, 0xde, 0x94, 0x5c, 0x30, 0xef, 0xaf, 0xfa, 0xd1,
+	0xcd, 0x90, 0x2c, 0x28, 0x0a, 0xac, 0x51, 0xdb, 0xbf, 0x53, 0x02, 0x88, 0xe5, 0x76, 0x74, 0x2f,
+	0xb5, 0x71, 0x3d, 0xdb, 0x5e, 0xd2, 0x3f, 0xba, 0x5d, 0x0b, 0x7d, 0x9f, 0x05, 0x83, 0x22, 0x34,
+	0x0b, 0x1b, 0xa1, 0x42, 0xfb, 0x8d, 0xd3, 0x8c, 0x10, 0x43, 0x4b, 0xf0, 0x26, 0xbc, 0x20, 0x67,
+	0xa8, 0x86, 0xe9, 0xd8, 0x0a, 0xbd, 0x62, 0xf4, 0x7e, 0x79, 0x55, 0x2c, 0x1a, 0x5d, 0xa9, 0xae,
+	0x8a, 0x25, 0x76, 0x46, 0xe8, 0xb7, 0xc4, 0x9b, 0xc6, 0x2d, 0xb1, 0x27, 0xff, 0x3d, 0xa4, 0x21,
+	0xbe, 0x76, 0xba, 0x20, 0xa2, 0x8a, 0x1e, 0x1b, 0xa1, 0x37, 0xff, 0x11, 0x9f, 0x76, 0x4f, 0xea,
+	0x10, 0x17, 0xe1, 0x33, 0x30, 0x5a, 0x37, 0x85, 0x00, 0x31, 0x13, 0x9f, 0xcc, 0xe3, 0x9b, 0x90,
+	0x19, 0xe2, 0x63, 0x3f, 0x81, 0xc0, 0x49, 0xc6, 0xa8, 0xc2, 0x43, 0x65, 0x2c, 0x79, 0x1b, 0xbe,
+	0x78, 0x11, 0x62, 0xe7, 0x8e, 0xe5, 0x5e, 0x18, 0x91, 0x1d, 0x4a, 0x19, 0x9f, 0xee, 0xab, 0xa2,
+	0x2c, 0x56, 0x5c, 0xd0, 0xeb, 0xd0, 0xc7, 0x5e, 0x71, 0x85, 0x93, 0x03, 0xf9, 0x1a, 0x67, 0x33,
+	0x66, 0x60, 0xbc, 0x20, 0xd9, 0xdf, 0x10, 0x0b, 0x0e, 0xe8, 0x9a, 0x7c, 0x23, 0x19, 0x2e, 0x79,
+	0x37, 0x43, 0xc2, 0xde, 0x48, 0x96, 0x66, 0x1f, 0x8f, 0x9f, 0x3f, 0x72, 0x78, 0x66, 0xca, 0x44,
+	0xa3, 0x24, 0x95, 0xa2, 0xc4, 0x7f, 0x99, 0x89, 0x51, 0x44, 0x38, 0xca, 0x6c, 0x9e, 0x99, 0xad,
+	0x31, 0xee, 0xce, 0x5b, 0x26, 0x0b, 0x9c, 0xe4, 0x49, 0x25, 0x52, 0xbe, 0xea, 0xc5, 0x9b, 0x92,
+	0x4e, 0x7b, 0x07, 0xbf, 0x88, 0xb3, 0xd3, 0x88, 0x43, 0xb0, 0x28, 0x7f, 0xac, 0xe2, 0xc1, 0x94,
+	0x07, 0x63, 0xc9, 0x25, 0xfa, 0x50, 0xc5, 0x91, 0x3f, 0xe9, 0x81, 0x11, 0x73, 0x4a, 0xa1, 0xcb,
+	0x50, 0x12, 0x4c, 0x54, 0x36, 0x13, 0xb5, 0x4a, 0x56, 0x24, 0x02, 0xc7, 0x34, 0x2c, 0x89, 0x0d,
+	0x2b, 0xae, 0x39, 0x11, 0xc7, 0x49, 0x6c, 0x14, 0x06, 0x6b, 0x54, 0xf4, 0x62, 0xb5, 0xee, 0xfb,
+	0x91, 0x3a, 0x90, 0xd4, 0xbc, 0x9b, 0x65, 0x50, 0x2c, 0xb0, 0xf4, 0x20, 0xda, 0x26, 0x81, 0x47,
+	0x1a, 0x66, 0x14, 0x71, 0x75, 0x10, 0x5d, 0xd7, 0x91, 0xd8, 0xa4, 0xa5, 0xc7, 0xa9, 0x1f, 0xb2,
+	0x89, 0x2c, 0xae, 0x6f, 0xb1, 0x53, 0x76, 0x95, 0x3f, 0x2f, 0x97, 0x78, 0xf4, 0x71, 0x38, 0xad,
+	0x22, 0x76, 0x61, 0x6e, 0xcd, 0x90, 0x35, 0xf6, 0x19, 0xda, 0x96, 0xd3, 0x73, 0xd9, 0x64, 0x38,
+	0xaf, 0x3c, 0x7a, 0x0d, 0x46, 0x84, 0x88, 0x2f, 0x39, 0xf6, 0x9b, 0x1e, 0x46, 0xd7, 0x0d, 0x2c,
+	0x4e, 0x50, 0xcb, 0x38, 0xe8, 0x4c, 0xca, 0x96, 0x1c, 0x06, 0xd2, 0x71, 0xd0, 0x75, 0x3c, 0x4e,
+	0x95, 0x40, 0x33, 0x30, 0xca, 0x65, 0x30, 0xd7, 0xdb, 0xe4, 0x63, 0x22, 0x9e, 0x7c, 0xa9, 0x25,
+	0x75, 0xc3, 0x44, 0xe3, 0x24, 0x3d, 0x7a, 0x19, 0x86, 0x9c, 0xa0, 0xb6, 0xe5, 0x46, 0xa4, 0x16,
+	0xb5, 0x02, 0xfe, 0x16, 0x4c, 0x73, 0xd1, 0x9a, 0xd1, 0x70, 0xd8, 0xa0, 0xb4, 0xef, 0xc1, 0x44,
+	0x46, 0xdc, 0x09, 0x3a, 0x71, 0x9c, 0xa6, 0x2b, 0xbf, 0x29, 0xe1, 0x07, 0x3d, 0x53, 0x59, 0x92,
+	0x5f, 0xa3, 0x51, 0xd1, 0xd9, 0xc9, 0xe2, 0x53, 0x68, 0x89, 0x57, 0xd5, 0xec, 0x5c, 0x94, 0x08,
+	0x1c, 0xd3, 0xd8, 0xff, 0xa9, 0x00, 0xa3, 0x19, 0xb6, 0x15, 0x96, 0xfc, 0x33, 0x71, 0x49, 0x89,
+	0x73, 0x7d, 0x9a, 0x61, 0xf5, 0x0b, 0x87, 0x08, 0xab, 0x5f, 0xec, 0x14, 0x56, 0xbf, 0xe7, 0x9d,
+	0x84, 0xd5, 0x37, 0x7b, 0xac, 0xb7, 0xab, 0x1e, 0xcb, 0x08, 0xc5, 0xdf, 0x77, 0xc8, 0x50, 0xfc,
+	0x46, 0xa7, 0xf7, 0x77, 0xd1, 0xe9, 0x3f, 0x52, 0x80, 0xb1, 0xa4, 0x2b, 0xe9, 0x31, 0xe8, 0x6d,
+	0x5f, 0x37, 0xf4, 0xb6, 0x97, 0xba, 0x79, 0xa2, 0x9b, 0xab, 0xc3, 0xc5, 0x09, 0x1d, 0xee, 0xd3,
+	0x5d, 0x71, 0x6b, 0xaf, 0xcf, 0xfd, 0xc9, 0x02, 0x9c, 0xcc, 0x7c, 0x23, 0x7c, 0x0c, 0x7d, 0x73,
+	0xc3, 0xe8, 0x9b, 0xe7, 0xba, 0x7e, 0xbe, 0x9c, 0xdb, 0x41, 0xb7, 0x13, 0x1d, 0x74, 0xb9, 0x7b,
+	0x96, 0xed, 0x7b, 0xe9, 0xeb, 0x45, 0x38, 0x9f, 0x59, 0x2e, 0x56, 0x7b, 0x2e, 0x1a, 0x6a, 0xcf,
+	0xe7, 0x13, 0x6a, 0x4f, 0xbb, 0x7d, 0xe9, 0xa3, 0xd1, 0x83, 0x8a, 0x67, 0xbc, 0x2c, 0x18, 0xc1,
+	0x03, 0xea, 0x40, 0x8d, 0x67, 0xbc, 0x8a, 0x11, 0x36, 0xf9, 0x7e, 0x3b, 0xe9, 0x3e, 0x7f, 0xdb,
+	0x82, 0x33, 0x99, 0x63, 0x73, 0x0c, 0xba, 0xae, 0x55, 0x53, 0xd7, 0xf5, 0x54, 0xd7, 0xb3, 0x35,
+	0x47, 0xf9, 0xf5, 0xd3, 0xbd, 0x39, 0xdf, 0xc2, 0x6e, 0xf2, 0x37, 0x60, 0xd0, 0xa9, 0xd5, 0x48,
+	0x18, 0xae, 0xf8, 0x75, 0x15, 0x81, 0xfb, 0x39, 0x76, 0xcf, 0x8a, 0xc1, 0x07, 0xfb, 0xe5, 0xa9,
+	0x24, 0x8b, 0x18, 0x8d, 0x75, 0x0e, 0xe8, 0x93, 0x30, 0x10, 0x8a, 0x73, 0x53, 0x8c, 0xfd, 0x0b,
+	0x5d, 0x76, 0x8e, 0xb3, 0x4e, 0x1a, 0x66, 0xa8, 0x27, 0xa5, 0xa9, 0x50, 0x2c, 0xcd, 0xb0, 0x30,
+	0x85, 0x23, 0x0d, 0x0b, 0xf3, 0x3c, 0xc0, 0xae, 0xba, 0x0c, 0x24, 0xf5, 0x0f, 0xda, 0x35, 0x41,
+	0xa3, 0x42, 0x1f, 0x85, 0xb1, 0x90, 0xc7, 0x42, 0x9c, 0x6b, 0x38, 0x21, 0x7b, 0x6d, 0x23, 0x66,
+	0x21, 0x0b, 0x27, 0x55, 0x4d, 0xe0, 0x70, 0x8a, 0x1a, 0x2d, 0xca, 0x5a, 0x59, 0xe0, 0x46, 0x3e,
+	0x31, 0x2f, 0xc6, 0x35, 0x8a, 0xd4, 0xe3, 0x27, 0x92, 0xdd, 0xcf, 0x3a, 0x5e, 0x2b, 0x89, 0x3e,
+	0x09, 0x40, 0xa7, 0x8f, 0xd0, 0x43, 0xf4, 0xe7, 0x6f, 0x9e, 0x74, 0x57, 0xa9, 0x67, 0x3a, 0x37,
+	0xb3, 0x97, 0xb7, 0xf3, 0x8a, 0x09, 0xd6, 0x18, 0x22, 0x07, 0x86, 0xe3, 0x7f, 0x71, 0x66, 0xde,
+	0x4b, 0xb9, 0x35, 0x24, 0x99, 0x33, 0x95, 0xf7, 0xbc, 0xce, 0x02, 0x9b, 0x1c, 0xed, 0x7f, 0x37,
+	0x00, 0x8f, 0xb4, 0xd9, 0x86, 0xd1, 0x8c, 0x69, 0xea, 0x7d, 0x26, 0x79, 0x7f, 0x9f, 0xca, 0x2c,
+	0x6c, 0x5c, 0xe8, 0x13, 0xb3, 0xbd, 0xf0, 0x8e, 0x67, 0xfb, 0x0f, 0x59, 0x9a, 0x66, 0x85, 0x3b,
+	0x95, 0x7e, 0xe4, 0x90, 0xc7, 0xcb, 0x11, 0xaa, 0x5a, 0x36, 0x32, 0xf4, 0x15, 0xcf, 0x77, 0xdd,
+	0x9c, 0xee, 0x15, 0x18, 0x5f, 0xcd, 0x0e, 0x00, 0xcc, 0x55, 0x19, 0x57, 0x0f, 0xfb, 0xfd, 0xc7,
+	0x15, 0x0c, 0xf8, 0xf7, 0x2d, 0x38, 0x93, 0x02, 0xf3, 0x36, 0x90, 0x50, 0xc4, 0xa8, 0x5a, 0x7d,
+	0xc7, 0x8d, 0x97, 0x0c, 0xf9, 0x37, 0x5c, 0x13, 0xdf, 0x70, 0x26, 0x97, 0x2e, 0xd9, 0xf4, 0x1f,
+	0xfc, 0xa3, 0xf2, 0x04, 0xab, 0xc0, 0x24, 0xc4, 0xf9, 0x4d, 0x3f, 0xde, 0x8b, 0xff, 0x37, 0x27,
+	0xf6, 0xf1, 0xd4, 0x32, 0x9c, 0x6f, 0xdf, 0xd5, 0x87, 0x7a, 0x9e, 0xfc, 0x7b, 0x16, 0x9c, 0x6b,
+	0x1b, 0x03, 0xe7, 0x5b, 0x50, 0xce, 0xb5, 0x3f, 0x6f, 0xc1, 0xa3, 0x99, 0x25, 0x0c, 0xef, 0xb8,
+	0xcb, 0x50, 0xaa, 0x25, 0xf2, 0xa1, 0xc6, 0xd1, 0x20, 0x54, 0x2e, 0xd4, 0x98, 0xc6, 0x70, 0x82,
+	0x2b, 0x74, 0x74, 0x82, 0xfb, 0x0d, 0x0b, 0x52, 0x67, 0xd5, 0x31, 0x08, 0x4d, 0x4b, 0xa6, 0xd0,
+	0xf4, 0x78, 0x37, 0xbd, 0x99, 0x23, 0x2f, 0xfd, 0xc5, 0x28, 0x9c, 0xca, 0x79, 0x5d, 0xb8, 0x0b,
+	0xe3, 0x9b, 0x35, 0x62, 0x3e, 0x27, 0x6f, 0x17, 0x66, 0xa9, 0xed, 0xdb, 0x73, 0x9e, 0x86, 0x36,
+	0x45, 0x82, 0xd3, 0x55, 0xa0, 0xcf, 0x5b, 0x70, 0xc2, 0xb9, 0x13, 0x2e, 0x50, 0xe1, 0xd7, 0xad,
+	0xcd, 0x36, 0xfc, 0xda, 0x36, 0x95, 0x2c, 0xe4, 0xb2, 0x7a, 0x31, 0x53, 0x21, 0x79, 0xbb, 0x9a,
+	0xa2, 0x37, 0xaa, 0x67, 0x49, 0xc7, 0xb3, 0xa8, 0x70, 0x66, 0x5d, 0x08, 0x8b, 0xfc, 0x28, 0xf4,
+	0x6a, 0xdd, 0x26, 0xe0, 0x41, 0xd6, 0x33, 0x50, 0x2e, 0xcd, 0x49, 0x0c, 0x56, 0x7c, 0xd0, 0xa7,
+	0xa1, 0xb4, 0x29, 0xdf, 0x36, 0x67, 0x48, 0x8b, 0x71, 0x47, 0xb6, 0x7f, 0xf1, 0xcd, 0xbd, 0x0a,
+	0x14, 0x11, 0x8e, 0x99, 0xa2, 0xd7, 0xa0, 0xe8, 0x6d, 0x84, 0xed, 0xf2, 0x76, 0x27, 0xdc, 0x47,
+	0x79, 0x58, 0x91, 0xd5, 0xc5, 0x2a, 0xa6, 0x05, 0xd1, 0x35, 0x28, 0x06, 0xeb, 0x75, 0xa1, 0x4d,
+	0xcf, 0x5c, 0xa4, 0x78, 0x76, 0x3e, 0xa7, 0x55, 0x8c, 0x13, 0x9e, 0x9d, 0xc7, 0x94, 0x05, 0xaa,
+	0x40, 0x2f, 0x7b, 0x92, 0x27, 0x64, 0xb3, 0xcc, 0x5b, 0x68, 0x9b, 0xa7, 0xad, 0x3c, 0xf6, 0x08,
+	0x23, 0xc0, 0x9c, 0x11, 0x5a, 0x83, 0xbe, 0x1a, 0xcb, 0xf1, 0x2c, 0x84, 0xb1, 0xf7, 0x67, 0xea,
+	0xcd, 0xdb, 0x24, 0xbf, 0x16, 0x6a, 0x64, 0x46, 0x81, 0x05, 0x2f, 0xc6, 0x95, 0x34, 0xb7, 0x36,
+	0x42, 0xa6, 0x77, 0xcb, 0xe3, 0xda, 0x26, 0xa7, 0xbb, 0xe0, 0xca, 0x28, 0xb0, 0xe0, 0x85, 0x5e,
+	0x81, 0xc2, 0x46, 0x4d, 0x3c, 0xb7, 0xcb, 0x54, 0xa0, 0x9b, 0x91, 0x61, 0x66, 0xfb, 0xee, 0xef,
+	0x97, 0x0b, 0x8b, 0x73, 0xb8, 0xb0, 0x51, 0x43, 0xab, 0xd0, 0xbf, 0xc1, 0x63, 0x49, 0x08, 0x1d,
+	0xf9, 0x93, 0xd9, 0x61, 0x2e, 0x52, 0xe1, 0x26, 0xf8, 0xd3, 0x2d, 0x81, 0xc0, 0x92, 0x09, 0x4b,
+	0xd7, 0xa1, 0x62, 0x62, 0x88, 0x90, 0x7c, 0xd3, 0x87, 0x8b, 0x63, 0xc2, 0x65, 0xe5, 0x38, 0xb2,
+	0x06, 0xd6, 0x38, 0xd2, 0x59, 0xed, 0xdc, 0x6b, 0x05, 0x2c, 0x5e, 0xbb, 0x88, 0xdd, 0x94, 0x39,
+	0xab, 0x67, 0x24, 0x51, 0xbb, 0x59, 0xad, 0x88, 0x70, 0xcc, 0x14, 0x6d, 0xc3, 0xf0, 0x6e, 0xd8,
+	0xdc, 0x22, 0x72, 0x49, 0xb3, 0x50, 0x4e, 0x39, 0xb2, 0xde, 0x2d, 0x41, 0xe8, 0x06, 0x51, 0xcb,
+	0x69, 0xa4, 0x76, 0x21, 0x26, 0x97, 0xdf, 0xd2, 0x99, 0x61, 0x93, 0x37, 0xed, 0xfe, 0xb7, 0x5b,
+	0xfe, 0xfa, 0x5e, 0x44, 0x44, 0x24, 0xbd, 0xcc, 0xee, 0x7f, 0x83, 0x93, 0xa4, 0xbb, 0x5f, 0x20,
+	0xb0, 0x64, 0x82, 0x6e, 0x89, 0xee, 0x61, 0xbb, 0xe7, 0x58, 0x7e, 0x98, 0xde, 0x19, 0x49, 0x94,
+	0xd3, 0x29, 0x6c, 0xb7, 0x8c, 0x59, 0xb1, 0x5d, 0xb2, 0xb9, 0xe5, 0x47, 0xbe, 0x97, 0xd8, 0xa1,
+	0xc7, 0xf3, 0x77, 0xc9, 0x4a, 0x06, 0x7d, 0x7a, 0x97, 0xcc, 0xa2, 0xc2, 0x99, 0x75, 0xa1, 0x3a,
+	0x8c, 0x34, 0xfd, 0x20, 0xba, 0xe3, 0x07, 0x72, 0x7e, 0xa1, 0x36, 0x3a, 0x3e, 0x83, 0x52, 0xd4,
+	0xc8, 0x82, 0x54, 0x9a, 0x18, 0x9c, 0xe0, 0x89, 0x3e, 0x06, 0xfd, 0x61, 0xcd, 0x69, 0x90, 0xa5,
+	0x1b, 0x93, 0x13, 0xf9, 0xc7, 0x4f, 0x95, 0x93, 0xe4, 0xcc, 0x2e, 0x1e, 0x0a, 0x84, 0x93, 0x60,
+	0xc9, 0x0e, 0x2d, 0x42, 0x2f, 0x4b, 0x83, 0xc9, 0xc2, 0x3e, 0xe6, 0x44, 0x1b, 0x4e, 0x39, 0xf3,
+	0xf3, 0xbd, 0x89, 0x81, 0x31, 0x2f, 0x4e, 0xd7, 0x80, 0xb8, 0xea, 0xfa, 0xe1, 0xe4, 0xc9, 0xfc,
+	0x35, 0x20, 0x6e, 0xc8, 0x37, 0xaa, 0xed, 0xd6, 0x80, 0x22, 0xc2, 0x31, 0x53, 0xba, 0x33, 0xd3,
+	0xdd, 0xf4, 0x54, 0x1b, 0x2f, 0xb4, 0xdc, 0xbd, 0x94, 0xed, 0xcc, 0x74, 0x27, 0xa5, 0x2c, 0xec,
+	0x3f, 0xee, 0x4f, 0xcb, 0x2c, 0x4c, 0x39, 0xf2, 0xbf, 0x5b, 0x29, 0xbb, 0xf9, 0x07, 0xba, 0xd5,
+	0xd5, 0x1e, 0xe1, 0xb5, 0xee, 0xf3, 0x16, 0x9c, 0x6a, 0x66, 0x7e, 0x88, 0x10, 0x00, 0xba, 0x53,
+	0xf9, 0xf2, 0x4f, 0x57, 0x21, 0x42, 0xb3, 0xf1, 0x38, 0xa7, 0xa6, 0xe4, 0xd5, 0xb9, 0xf8, 0x8e,
+	0xaf, 0xce, 0x2b, 0x30, 0x50, 0xe3, 0xf7, 0x1c, 0x19, 0xda, 0xba, 0xab, 0x00, 0x77, 0x4c, 0x94,
+	0x10, 0x17, 0xa4, 0x0d, 0xac, 0x58, 0xa0, 0x1f, 0xb6, 0xe0, 0x5c, 0xb2, 0xe9, 0x98, 0x30, 0xb4,
+	0x88, 0x2b, 0xca, 0xf5, 0x32, 0x8b, 0xe2, 0xfb, 0x53, 0xf2, 0xbf, 0x41, 0x7c, 0xd0, 0x89, 0x00,
+	0xb7, 0xaf, 0x0c, 0xcd, 0x67, 0x28, 0x86, 0xfa, 0x4c, 0x63, 0x58, 0x17, 0xca, 0xa1, 0x17, 0x61,
+	0x68, 0xc7, 0x6f, 0x79, 0x91, 0x70, 0x5a, 0x13, 0x0e, 0x34, 0xcc, 0x71, 0x64, 0x45, 0x83, 0x63,
+	0x83, 0x2a, 0xa1, 0x52, 0x1a, 0x78, 0x60, 0x95, 0xd2, 0x5b, 0x30, 0xe4, 0x69, 0x5e, 0xd6, 0x42,
+	0x1e, 0xb8, 0x98, 0x1f, 0x13, 0x58, 0xf7, 0xc9, 0xe6, 0xad, 0xd4, 0x21, 0xd8, 0xe0, 0x76, 0xbc,
+	0xde, 0x6c, 0x3f, 0x5f, 0xc8, 0x10, 0xea, 0xb9, 0x5a, 0xe9, 0xc3, 0xa6, 0x5a, 0xe9, 0x62, 0x52,
+	0xad, 0x94, 0x32, 0x84, 0x18, 0x1a, 0xa5, 0xee, 0x53, 0x64, 0x75, 0x1d, 0x57, 0xf4, 0xbb, 0x2d,
+	0x38, 0xcd, 0x34, 0xeb, 0xb4, 0x82, 0x77, 0xac, 0x4d, 0x7f, 0xe4, 0xfe, 0x7e, 0xf9, 0xf4, 0x72,
+	0x36, 0x3b, 0x9c, 0x57, 0x8f, 0xdd, 0x80, 0x0b, 0x9d, 0x8e, 0x46, 0xe6, 0x41, 0x59, 0x57, 0xa6,
+	0xf7, 0xd8, 0x83, 0xb2, 0xbe, 0x34, 0x8f, 0x19, 0xa6, 0xdb, 0xa8, 0x59, 0xf6, 0x7f, 0xb0, 0xa0,
+	0x58, 0xf1, 0xeb, 0xc7, 0x70, 0xe9, 0xfe, 0x88, 0x71, 0xe9, 0x7e, 0x24, 0xfb, 0x50, 0xae, 0xe7,
+	0x9a, 0x92, 0x16, 0x12, 0xa6, 0xa4, 0x73, 0x79, 0x0c, 0xda, 0x1b, 0x8e, 0x7e, 0xaa, 0x08, 0x83,
+	0x15, 0xbf, 0xae, 0x9e, 0x2f, 0xfc, 0xe3, 0x07, 0x79, 0xbe, 0x90, 0x9b, 0xf4, 0x44, 0xe3, 0xcc,
+	0x1c, 0x2f, 0xe5, 0xcb, 0xed, 0x6f, 0xb1, 0x57, 0x0c, 0xb7, 0x89, 0xbb, 0xb9, 0x15, 0x91, 0x7a,
+	0xf2, 0x73, 0x8e, 0xef, 0x15, 0xc3, 0x1f, 0x17, 0x60, 0x34, 0x51, 0x3b, 0x6a, 0xc0, 0x70, 0x43,
+	0x37, 0x54, 0x88, 0x79, 0xfa, 0x40, 0x36, 0x0e, 0xe1, 0x05, 0xae, 0x81, 0xb0, 0xc9, 0x1c, 0x4d,
+	0x03, 0x28, 0xcb, 0xbd, 0x54, 0x57, 0xb3, 0x9b, 0x87, 0x32, 0xed, 0x87, 0x58, 0xa3, 0x40, 0x2f,
+	0xc1, 0x60, 0xe4, 0x37, 0xfd, 0x86, 0xbf, 0xb9, 0x77, 0x9d, 0xc8, 0x80, 0x6a, 0xca, 0xb7, 0x73,
+	0x2d, 0x46, 0x61, 0x9d, 0x0e, 0xdd, 0x85, 0x71, 0xc5, 0xa4, 0x7a, 0x04, 0xc6, 0x1b, 0xa6, 0xd9,
+	0x58, 0x4d, 0x72, 0xc4, 0xe9, 0x4a, 0xec, 0x9f, 0x2d, 0xf2, 0x2e, 0xf6, 0x22, 0xf7, 0xbd, 0xd5,
+	0xf0, 0xee, 0x5e, 0x0d, 0x5f, 0xb7, 0x60, 0x8c, 0xd6, 0xce, 0x1c, 0xd7, 0xa4, 0xa8, 0xa1, 0x22,
+	0xa1, 0x5b, 0x6d, 0x22, 0xa1, 0x5f, 0xa4, 0xbb, 0x66, 0xdd, 0x6f, 0x45, 0x42, 0x7f, 0xa8, 0x6d,
+	0x8b, 0x14, 0x8a, 0x05, 0x56, 0xd0, 0x91, 0x20, 0x10, 0x8f, 0x6d, 0x75, 0x3a, 0x12, 0x04, 0x58,
+	0x60, 0x65, 0xa0, 0xf4, 0x9e, 0xec, 0x40, 0xe9, 0x3c, 0xde, 0xad, 0x70, 0x71, 0x12, 0x42, 0x9f,
+	0x16, 0xef, 0x56, 0xfa, 0x3e, 0xc5, 0x34, 0xf6, 0x57, 0x8b, 0x30, 0x54, 0xf1, 0xeb, 0xb1, 0xd5,
+	0xfe, 0x45, 0xc3, 0x6a, 0x7f, 0x21, 0x61, 0xb5, 0x1f, 0xd3, 0x69, 0xdf, 0xb3, 0xd1, 0x7f, 0xb3,
+	0x6c, 0xf4, 0xbf, 0x6e, 0xb1, 0x51, 0x9b, 0x5f, 0xad, 0x72, 0x3f, 0x48, 0x74, 0x05, 0x06, 0xd9,
+	0x06, 0xc3, 0x5e, 0x77, 0x4b, 0x53, 0x36, 0x4b, 0x5c, 0xb6, 0x1a, 0x83, 0xb1, 0x4e, 0x83, 0x2e,
+	0xc1, 0x40, 0x48, 0x9c, 0xa0, 0xb6, 0xa5, 0x76, 0x57, 0x61, 0x77, 0xe6, 0x30, 0xac, 0xb0, 0xe8,
+	0x8d, 0x38, 0xd4, 0x6a, 0x31, 0xff, 0xb5, 0xa8, 0xde, 0x1e, 0xbe, 0x44, 0xf2, 0xe3, 0xab, 0xda,
+	0xb7, 0x01, 0xa5, 0xe9, 0xbb, 0x08, 0x06, 0x58, 0x36, 0x83, 0x01, 0x96, 0x52, 0x81, 0x00, 0xff,
+	0xca, 0x82, 0x91, 0x8a, 0x5f, 0xa7, 0x4b, 0xf7, 0xdb, 0x69, 0x9d, 0xea, 0x71, 0xa6, 0xfb, 0xda,
+	0xc4, 0x99, 0x7e, 0x0c, 0x7a, 0x2b, 0x7e, 0xbd, 0x43, 0xc0, 0xc2, 0xbf, 0x61, 0x41, 0x7f, 0xc5,
+	0xaf, 0x1f, 0x83, 0x69, 0xe2, 0xc3, 0xa6, 0x69, 0xe2, 0x74, 0xce, 0xbc, 0xc9, 0xb1, 0x46, 0xfc,
+	0xff, 0x3d, 0x30, 0x4c, 0xdb, 0xe9, 0x6f, 0xca, 0xa1, 0x34, 0xba, 0xcd, 0xea, 0xa2, 0xdb, 0xa8,
+	0x14, 0xee, 0x37, 0x1a, 0xfe, 0x9d, 0xe4, 0xb0, 0x2e, 0x32, 0x28, 0x16, 0x58, 0xf4, 0x2c, 0x0c,
+	0x34, 0x03, 0xb2, 0xeb, 0xfa, 0x42, 0xbc, 0xd5, 0x0c, 0x3d, 0x15, 0x01, 0xc7, 0x8a, 0x82, 0x5e,
+	0x4d, 0x43, 0xd7, 0xa3, 0x47, 0x79, 0xcd, 0xf7, 0xea, 0x5c, 0x7b, 0x5f, 0x14, 0xc9, 0x50, 0x34,
+	0x38, 0x36, 0xa8, 0xd0, 0x6d, 0x28, 0xb1, 0xff, 0x6c, 0xdb, 0x39, 0x7c, 0x1a, 0x66, 0x91, 0x1e,
+	0x52, 0x30, 0xc0, 0x31, 0x2f, 0xf4, 0x3c, 0x40, 0x24, 0x13, 0x0a, 0x84, 0x22, 0x70, 0x9d, 0xba,
+	0x0a, 0xa8, 0x54, 0x03, 0x21, 0xd6, 0xa8, 0xd0, 0x33, 0x50, 0x8a, 0x1c, 0xb7, 0xb1, 0xec, 0x7a,
+	0xcc, 0xfe, 0x4b, 0xdb, 0x2f, 0xb2, 0x34, 0x0a, 0x20, 0x8e, 0xf1, 0x54, 0x14, 0x63, 0x41, 0x4d,
+	0x78, 0x12, 0xfa, 0x01, 0x46, 0xcd, 0x44, 0xb1, 0x65, 0x05, 0xc5, 0x1a, 0x05, 0xda, 0x82, 0xb3,
+	0xae, 0xc7, 0x12, 0x87, 0x90, 0xea, 0xb6, 0xdb, 0x5c, 0x5b, 0xae, 0xde, 0x22, 0x81, 0xbb, 0xb1,
+	0x37, 0xeb, 0xd4, 0xb6, 0x89, 0x27, 0x13, 0xec, 0xca, 0xbc, 0xeb, 0x67, 0x97, 0xda, 0xd0, 0xe2,
+	0xb6, 0x9c, 0xec, 0x17, 0xd8, 0x7c, 0xbf, 0x51, 0x45, 0x4f, 0x1b, 0x5b, 0xc7, 0x29, 0x7d, 0xeb,
+	0x38, 0xd8, 0x2f, 0xf7, 0xdd, 0xa8, 0x6a, 0x31, 0x39, 0x5e, 0x86, 0x93, 0x15, 0xbf, 0x5e, 0xf1,
+	0x83, 0x68, 0xd1, 0x0f, 0xee, 0x38, 0x41, 0x5d, 0x4e, 0xaf, 0xb2, 0x8c, 0x4a, 0x42, 0xf7, 0xcf,
+	0x5e, 0xbe, 0xbb, 0x18, 0x11, 0x47, 0x5e, 0x60, 0x12, 0xdb, 0x21, 0xdf, 0xd2, 0xd5, 0x98, 0xec,
+	0xa0, 0x52, 0xef, 0x5c, 0x75, 0x22, 0x82, 0x6e, 0xb0, 0x14, 0xfa, 0xf1, 0x31, 0x2a, 0x8a, 0x3f,
+	0xa5, 0xa5, 0xd0, 0x8f, 0x91, 0x99, 0xe7, 0xae, 0x59, 0xde, 0xfe, 0x9c, 0xa8, 0x84, 0xeb, 0x01,
+	0xb8, 0xbf, 0x62, 0x37, 0x39, 0xa8, 0x65, 0x6e, 0x8e, 0x42, 0x7e, 0x52, 0x07, 0x6e, 0x79, 0x6d,
+	0x9b, 0x9b, 0xc3, 0xfe, 0x4e, 0x38, 0x95, 0xac, 0xbe, 0xeb, 0x44, 0xd8, 0x73, 0x30, 0x1e, 0xe8,
+	0x05, 0xb5, 0x44, 0x67, 0x27, 0x79, 0x3e, 0x85, 0x04, 0x12, 0xa7, 0xe9, 0xed, 0x97, 0x60, 0x9c,
+	0xde, 0x3d, 0x95, 0x20, 0xc7, 0x7a, 0xb9, 0x73, 0x78, 0x96, 0xff, 0xd8, 0xcb, 0x0e, 0xa2, 0x44,
+	0xd6, 0x1b, 0xf4, 0x29, 0x18, 0x09, 0xc9, 0xb2, 0xeb, 0xb5, 0xee, 0x4a, 0xed, 0x53, 0x9b, 0x47,
+	0xa4, 0xd5, 0x05, 0x9d, 0x92, 0xeb, 0xb0, 0x4d, 0x18, 0x4e, 0x70, 0x43, 0x3b, 0x30, 0x72, 0xc7,
+	0xf5, 0xea, 0xfe, 0x9d, 0x50, 0xf2, 0x1f, 0xc8, 0x57, 0x65, 0xdf, 0xe6, 0x94, 0x89, 0x36, 0x1a,
+	0xd5, 0xdd, 0x36, 0x98, 0xe1, 0x04, 0x73, 0xba, 0xd8, 0x83, 0x96, 0x37, 0x13, 0xde, 0x0c, 0x09,
+	0x7f, 0x16, 0x28, 0x16, 0x3b, 0x96, 0x40, 0x1c, 0xe3, 0xe9, 0x62, 0x67, 0x7f, 0xae, 0x06, 0x7e,
+	0x8b, 0xa7, 0x58, 0x11, 0x8b, 0x1d, 0x2b, 0x28, 0xd6, 0x28, 0xe8, 0x66, 0xc8, 0xfe, 0xad, 0xfa,
+	0x1e, 0xf6, 0xfd, 0x48, 0x6e, 0x9f, 0x2c, 0x45, 0x98, 0x06, 0xc7, 0x06, 0x15, 0x5a, 0x04, 0x14,
+	0xb6, 0x9a, 0xcd, 0x06, 0xf3, 0x4e, 0x73, 0x1a, 0x8c, 0x15, 0x77, 0xdb, 0x29, 0xf2, 0x10, 0xd1,
+	0xd5, 0x14, 0x16, 0x67, 0x94, 0xa0, 0xe7, 0xe2, 0x86, 0x68, 0x6a, 0x2f, 0x6b, 0x2a, 0x37, 0x7b,
+	0x55, 0x79, 0x3b, 0x25, 0x0e, 0x2d, 0x40, 0x7f, 0xb8, 0x17, 0xd6, 0xa2, 0x46, 0xd8, 0x2e, 0x21,
+	0x5b, 0x95, 0x91, 0x68, 0xf9, 0x40, 0x79, 0x11, 0x2c, 0xcb, 0xa2, 0x1a, 0x4c, 0x08, 0x8e, 0x73,
+	0x5b, 0x8e, 0xa7, 0xd2, 0x44, 0x71, 0x27, 0xfd, 0x2b, 0xf7, 0xf7, 0xcb, 0x13, 0xa2, 0x66, 0x1d,
+	0x7d, 0xb0, 0x5f, 0xa6, 0x8b, 0x23, 0x03, 0x83, 0xb3, 0xb8, 0xf1, 0xc9, 0x57, 0xab, 0xf9, 0x3b,
+	0xcd, 0x4a, 0xe0, 0x6f, 0xb8, 0x0d, 0xd2, 0xce, 0x74, 0x58, 0x35, 0x28, 0xc5, 0xe4, 0x33, 0x60,
+	0x38, 0xc1, 0xcd, 0xfe, 0x1c, 0x93, 0x1d, 0xab, 0xee, 0xa6, 0xe7, 0x44, 0xad, 0x80, 0xa0, 0x1d,
+	0x18, 0x6e, 0xb2, 0xdd, 0x45, 0x24, 0x3e, 0x11, 0x73, 0xfd, 0xc5, 0x2e, 0xd5, 0x4f, 0x77, 0x58,
+	0xea, 0x36, 0xc3, 0xd5, 0xad, 0xa2, 0xb3, 0xc3, 0x26, 0x77, 0xfb, 0x5f, 0x9c, 0x61, 0xd2, 0x47,
+	0x95, 0xeb, 0x94, 0xfa, 0xc5, 0x9b, 0x20, 0x71, 0x8d, 0x9d, 0xca, 0x57, 0xb0, 0xc6, 0xc3, 0x22,
+	0xde, 0x15, 0x61, 0x59, 0x16, 0x7d, 0x12, 0x46, 0xe8, 0xad, 0x50, 0x49, 0x00, 0xe1, 0xe4, 0x89,
+	0xfc, 0xd8, 0x2d, 0x8a, 0x4a, 0x4f, 0x8a, 0xa4, 0x17, 0xc6, 0x09, 0x66, 0xe8, 0x0d, 0xe6, 0x5a,
+	0x26, 0x59, 0x17, 0xba, 0x61, 0xad, 0x7b, 0x91, 0x49, 0xb6, 0x1a, 0x13, 0xd4, 0x82, 0x89, 0x74,
+	0xea, 0xc7, 0x70, 0xd2, 0xce, 0x17, 0xaf, 0xd3, 0xd9, 0x1b, 0xe3, 0xec, 0x35, 0x69, 0x5c, 0x88,
+	0xb3, 0xf8, 0xa3, 0xe5, 0x64, 0x62, 0xbe, 0xa2, 0xa1, 0xf7, 0x4d, 0x25, 0xe7, 0x1b, 0x6e, 0x9b,
+	0x93, 0x6f, 0x13, 0xce, 0x69, 0xb9, 0xcd, 0xae, 0x06, 0x0e, 0x73, 0xde, 0x70, 0xd9, 0x76, 0xaa,
+	0xc9, 0x45, 0x8f, 0xde, 0xdf, 0x2f, 0x9f, 0x5b, 0x6b, 0x47, 0x88, 0xdb, 0xf3, 0x41, 0x37, 0xe0,
+	0x24, 0x8f, 0x3c, 0x30, 0x4f, 0x9c, 0x7a, 0xc3, 0xf5, 0x94, 0xe0, 0xc5, 0x97, 0xfc, 0x99, 0xfb,
+	0xfb, 0xe5, 0x93, 0x33, 0x59, 0x04, 0x38, 0xbb, 0x1c, 0xfa, 0x30, 0x94, 0xea, 0x5e, 0x28, 0xfa,
+	0xa0, 0xcf, 0x48, 0x1f, 0x57, 0x9a, 0x5f, 0xad, 0xaa, 0xef, 0x8f, 0xff, 0xe0, 0xb8, 0x00, 0xda,
+	0xe4, 0xb6, 0x01, 0xa5, 0x2d, 0xea, 0x4f, 0x45, 0x5e, 0x4b, 0x2a, 0x54, 0x8d, 0xb7, 0xc7, 0xdc,
+	0x28, 0xa6, 0x9e, 0xe4, 0x18, 0xcf, 0x92, 0x0d, 0xc6, 0xe8, 0x75, 0x40, 0x22, 0x4d, 0xc1, 0x4c,
+	0x8d, 0x65, 0xd5, 0x61, 0x47, 0xe3, 0x80, 0xf9, 0x1a, 0xb6, 0x9a, 0xa2, 0xc0, 0x19, 0xa5, 0xd0,
+	0x35, 0xba, 0xab, 0xe8, 0x50, 0xb1, 0x6b, 0xa9, 0x24, 0xa5, 0xf3, 0xa4, 0x19, 0x10, 0xe6, 0x63,
+	0x66, 0x72, 0xc4, 0x89, 0x72, 0xa8, 0x0e, 0x67, 0x9d, 0x56, 0xe4, 0x33, 0xb3, 0x8b, 0x49, 0xba,
+	0xe6, 0x6f, 0x13, 0x8f, 0x59, 0x3c, 0x07, 0x66, 0x2f, 0x50, 0xc9, 0x6e, 0xa6, 0x0d, 0x1d, 0x6e,
+	0xcb, 0x85, 0x4a, 0xe4, 0x2a, 0x2b, 0x39, 0x98, 0xf1, 0xe4, 0x32, 0x32, 0x93, 0xbf, 0x04, 0x83,
+	0x5b, 0x7e, 0x18, 0xad, 0x92, 0xe8, 0x8e, 0x1f, 0x6c, 0x8b, 0xb8, 0xc8, 0x71, 0x2c, 0xfa, 0x18,
+	0x85, 0x75, 0x3a, 0x7a, 0xe5, 0x66, 0xfe, 0x38, 0x4b, 0xf3, 0xcc, 0x15, 0x62, 0x20, 0xde, 0x63,
+	0xae, 0x71, 0x30, 0x96, 0x78, 0x49, 0xba, 0x54, 0x99, 0x63, 0x6e, 0x0d, 0x09, 0xd2, 0xa5, 0xca,
+	0x1c, 0x96, 0x78, 0x3a, 0x5d, 0xc3, 0x2d, 0x27, 0x20, 0x95, 0xc0, 0xaf, 0x91, 0x50, 0xcb, 0x80,
+	0xf0, 0x08, 0x8f, 0xfa, 0x4c, 0xa7, 0x6b, 0x35, 0x8b, 0x00, 0x67, 0x97, 0x43, 0x24, 0x9d, 0xd7,
+	0x6f, 0x24, 0xdf, 0x1e, 0x95, 0x96, 0x67, 0xba, 0x4c, 0xed, 0xe7, 0xc1, 0x98, 0xca, 0x28, 0xc8,
+	0xe3, 0x3c, 0x87, 0x93, 0xa3, 0x6c, 0x6e, 0x77, 0x1f, 0x24, 0x5a, 0x59, 0xf8, 0x96, 0x12, 0x9c,
+	0x70, 0x8a, 0xb7, 0x11, 0x32, 0x70, 0xac, 0x63, 0xc8, 0xc0, 0xcb, 0x50, 0x0a, 0x5b, 0xeb, 0x75,
+	0x7f, 0xc7, 0x71, 0x3d, 0xe6, 0xd6, 0xa0, 0xdd, 0xfd, 0xaa, 0x12, 0x81, 0x63, 0x1a, 0xb4, 0x08,
+	0x03, 0x8e, 0x34, 0xdf, 0xa1, 0xfc, 0x20, 0x51, 0xca, 0x68, 0xc7, 0xe3, 0xa6, 0x48, 0x83, 0x9d,
+	0x2a, 0x8b, 0x5e, 0x85, 0x61, 0xf1, 0x72, 0x5e, 0x24, 0xe1, 0x9d, 0x30, 0x9f, 0x37, 0x56, 0x75,
+	0x24, 0x36, 0x69, 0xd1, 0x4d, 0x18, 0x8c, 0xfc, 0x06, 0x7b, 0xa3, 0x47, 0xc5, 0xbc, 0x53, 0xf9,
+	0xe1, 0x0e, 0xd7, 0x14, 0x99, 0xae, 0xb5, 0x56, 0x45, 0xb1, 0xce, 0x07, 0xad, 0xf1, 0xf9, 0xce,
+	0xf2, 0x1d, 0x90, 0x50, 0x64, 0x71, 0x3d, 0x97, 0xe7, 0x93, 0xc6, 0xc8, 0xcc, 0xe5, 0x20, 0x4a,
+	0x62, 0x9d, 0x0d, 0xba, 0x0a, 0xe3, 0xcd, 0xc0, 0xf5, 0xd9, 0x9c, 0x50, 0x96, 0xdb, 0x49, 0x33,
+	0xbb, 0x59, 0x25, 0x49, 0x80, 0xd3, 0x65, 0x58, 0xe0, 0x03, 0x01, 0x9c, 0x3c, 0xc3, 0x33, 0xb4,
+	0xf0, 0xab, 0x34, 0x87, 0x61, 0x85, 0x45, 0x2b, 0x6c, 0x27, 0xe6, 0x5a, 0xa0, 0xc9, 0xa9, 0xfc,
+	0xb8, 0x54, 0xba, 0xb6, 0x88, 0x0b, 0xaf, 0xea, 0x2f, 0x8e, 0x39, 0xa0, 0xba, 0x96, 0x18, 0x95,
+	0x5e, 0x01, 0xc2, 0xc9, 0xb3, 0x6d, 0x9c, 0x22, 0x13, 0xb7, 0xb2, 0x58, 0x20, 0x30, 0xc0, 0x21,
+	0x4e, 0xf0, 0x44, 0x1f, 0x85, 0x31, 0x11, 0x4d, 0x33, 0xee, 0xa6, 0x73, 0xf1, 0xcb, 0x07, 0x9c,
+	0xc0, 0xe1, 0x14, 0x35, 0xcf, 0x90, 0xe2, 0xac, 0x37, 0x88, 0xd8, 0xfa, 0x96, 0x5d, 0x6f, 0x3b,
+	0x9c, 0x3c, 0xcf, 0xf6, 0x07, 0x91, 0x21, 0x25, 0x89, 0xc5, 0x19, 0x25, 0xd0, 0x1a, 0x8c, 0x35,
+	0x03, 0x42, 0x76, 0x98, 0xa0, 0x2f, 0xce, 0xb3, 0x32, 0x8f, 0xfb, 0x41, 0x5b, 0x52, 0x49, 0xe0,
+	0x0e, 0x32, 0x60, 0x38, 0xc5, 0x01, 0xdd, 0x81, 0x01, 0x7f, 0x97, 0x04, 0x5b, 0xc4, 0xa9, 0x4f,
+	0x5e, 0x68, 0xf3, 0x12, 0x47, 0x1c, 0x6e, 0x37, 0x04, 0x6d, 0xc2, 0xdb, 0x43, 0x82, 0x3b, 0x7b,
+	0x7b, 0xc8, 0xca, 0xd0, 0xff, 0x61, 0xc1, 0x19, 0x69, 0x9c, 0xa9, 0x36, 0x69, 0xaf, 0xcf, 0xf9,
+	0x5e, 0x18, 0x05, 0x3c, 0x52, 0xc5, 0xa3, 0xf9, 0xd1, 0x1b, 0xd6, 0x72, 0x0a, 0x29, 0x45, 0xf4,
+	0x99, 0x3c, 0x8a, 0x10, 0xe7, 0xd7, 0x48, 0xaf, 0xa6, 0x21, 0x89, 0xe4, 0x66, 0x34, 0x13, 0x2e,
+	0xbe, 0x31, 0xbf, 0x3a, 0xf9, 0x18, 0x0f, 0xb3, 0x41, 0x17, 0x43, 0x35, 0x89, 0xc4, 0x69, 0x7a,
+	0x74, 0x05, 0x0a, 0x7e, 0x38, 0xf9, 0x78, 0x9b, 0x5c, 0xba, 0x7e, 0xfd, 0x46, 0x95, 0x7b, 0xfd,
+	0xdd, 0xa8, 0xe2, 0x82, 0x1f, 0xca, 0x2c, 0x25, 0xf4, 0x3e, 0x16, 0x4e, 0x3e, 0xc1, 0xd5, 0x96,
+	0x32, 0x4b, 0x09, 0x03, 0xe2, 0x18, 0x8f, 0xb6, 0x60, 0x34, 0x34, 0xee, 0xbd, 0xe1, 0xe4, 0x45,
+	0xd6, 0x53, 0x4f, 0xe4, 0x0d, 0x9a, 0x41, 0xad, 0xa5, 0x0f, 0x30, 0xb9, 0xe0, 0x24, 0x5b, 0xbe,
+	0xba, 0xb4, 0x9b, 0x77, 0x38, 0xf9, 0x64, 0x87, 0xd5, 0xa5, 0x11, 0xeb, 0xab, 0x4b, 0xe7, 0x81,
+	0x13, 0x3c, 0xa7, 0xbe, 0x03, 0xc6, 0x53, 0xe2, 0xd2, 0x61, 0x3c, 0xdc, 0xa7, 0xb6, 0x61, 0xd8,
+	0x98, 0x92, 0x0f, 0xd5, 0xbb, 0xe2, 0xb7, 0x4b, 0x50, 0x52, 0x56, 0x6f, 0x74, 0xd9, 0x74, 0xa8,
+	0x38, 0x93, 0x74, 0xa8, 0x18, 0xa8, 0xf8, 0x75, 0xc3, 0x87, 0x62, 0x2d, 0x23, 0x18, 0x63, 0xde,
+	0x06, 0xd8, 0xfd, 0x23, 0x15, 0xcd, 0x94, 0x50, 0xec, 0xda, 0x33, 0xa3, 0xa7, 0xad, 0x75, 0xe2,
+	0x2a, 0x8c, 0x7b, 0x3e, 0x93, 0xd1, 0x49, 0x5d, 0x0a, 0x60, 0x4c, 0xce, 0x2a, 0xe9, 0xd1, 0x8d,
+	0x12, 0x04, 0x38, 0x5d, 0x86, 0x56, 0xc8, 0x05, 0xa5, 0xa4, 0x39, 0x84, 0xcb, 0x51, 0x58, 0x60,
+	0xe9, 0xdd, 0x90, 0xff, 0x0a, 0x27, 0xc7, 0xf2, 0xef, 0x86, 0xbc, 0x50, 0x52, 0x18, 0x0b, 0xa5,
+	0x30, 0xc6, 0xb4, 0xff, 0x4d, 0xbf, 0xbe, 0x54, 0x11, 0x62, 0xbe, 0x16, 0x49, 0xb8, 0xbe, 0x54,
+	0xc1, 0x1c, 0x87, 0x66, 0xa0, 0x8f, 0xfd, 0x08, 0x27, 0x87, 0xf2, 0xa3, 0xe1, 0xb0, 0x12, 0x5a,
+	0x96, 0x34, 0x56, 0x00, 0x8b, 0x82, 0x4c, 0xbb, 0x4b, 0xef, 0x46, 0x4c, 0xbb, 0xdb, 0xff, 0x80,
+	0xda, 0x5d, 0xc9, 0x00, 0xc7, 0xbc, 0xd0, 0x5d, 0x38, 0x69, 0xdc, 0x47, 0xd5, 0xab, 0x1d, 0xc8,
+	0x37, 0xfc, 0x26, 0x88, 0x67, 0xcf, 0x89, 0x46, 0x9f, 0x5c, 0xca, 0xe2, 0x84, 0xb3, 0x2b, 0x40,
+	0x0d, 0x18, 0xaf, 0xa5, 0x6a, 0x1d, 0xe8, 0xbe, 0x56, 0x35, 0x2f, 0xd2, 0x35, 0xa6, 0x19, 0xa3,
+	0x57, 0x61, 0xe0, 0x6d, 0x3f, 0x64, 0x47, 0xa4, 0xb8, 0x9a, 0xc8, 0x70, 0x0e, 0x03, 0x6f, 0xdc,
+	0xa8, 0x32, 0xf8, 0xc1, 0x7e, 0x79, 0xb0, 0xe2, 0xd7, 0xe5, 0x5f, 0xac, 0x0a, 0xa0, 0xef, 0xb7,
+	0x60, 0x2a, 0x7d, 0xe1, 0x55, 0x8d, 0x1e, 0xee, 0xbe, 0xd1, 0xb6, 0xa8, 0x74, 0x6a, 0x21, 0x97,
+	0x1d, 0x6e, 0x53, 0x15, 0xfa, 0x10, 0x5d, 0x4f, 0xa1, 0x7b, 0x8f, 0x88, 0x14, 0xb3, 0x8f, 0xc6,
+	0xeb, 0x89, 0x42, 0x0f, 0xf6, 0xcb, 0xa3, 0x7c, 0x67, 0x74, 0xef, 0xc9, 0xe7, 0x4d, 0xa2, 0x00,
+	0xfa, 0x4e, 0x38, 0x19, 0xa4, 0x35, 0xa8, 0x44, 0x0a, 0xe1, 0x4f, 0x77, 0xb3, 0xcb, 0x26, 0x07,
+	0x1c, 0x67, 0x31, 0xc4, 0xd9, 0xf5, 0xd8, 0xbf, 0x62, 0x31, 0xfd, 0xb6, 0x68, 0x16, 0x09, 0x5b,
+	0x8d, 0xe3, 0x48, 0x6c, 0xbd, 0x60, 0xd8, 0x8e, 0x1f, 0xd8, 0xb1, 0xe8, 0x1f, 0x59, 0xcc, 0xb1,
+	0xe8, 0x18, 0x5f, 0x31, 0xbd, 0x01, 0x03, 0x91, 0x4c, 0x38, 0xde, 0x26, 0x17, 0xb7, 0xd6, 0x28,
+	0xe6, 0x5c, 0xa5, 0x2e, 0x39, 0x2a, 0xb7, 0xb8, 0x62, 0x63, 0xff, 0x7d, 0x3e, 0x02, 0x12, 0x73,
+	0x0c, 0x26, 0xba, 0x79, 0xd3, 0x44, 0x57, 0xee, 0xf0, 0x05, 0x39, 0xa6, 0xba, 0xbf, 0x67, 0xb6,
+	0x9b, 0x29, 0xf7, 0xde, 0xed, 0x1e, 0x6d, 0xf6, 0x17, 0x2c, 0x80, 0x38, 0xc8, 0x7c, 0x17, 0x29,
+	0x25, 0x5f, 0xa6, 0xd7, 0x1a, 0x3f, 0xf2, 0x6b, 0x7e, 0x43, 0x18, 0x28, 0xce, 0xc6, 0x56, 0x42,
+	0x0e, 0x3f, 0xd0, 0x7e, 0x63, 0x45, 0x8d, 0xca, 0x32, 0xa4, 0x65, 0x31, 0xb6, 0x5b, 0x1b, 0xe1,
+	0x2c, 0xbf, 0x64, 0xc1, 0x89, 0x2c, 0x97, 0x78, 0x7a, 0x49, 0xe6, 0x6a, 0x4e, 0xe5, 0x6d, 0xa8,
+	0x46, 0xf3, 0x96, 0x80, 0x63, 0x45, 0xd1, 0x75, 0xae, 0xce, 0xc3, 0x45, 0x77, 0xbf, 0x01, 0xc3,
+	0x95, 0x80, 0x68, 0xf2, 0xc5, 0x6b, 0x3c, 0x4c, 0x0a, 0x6f, 0xcf, 0xb3, 0x87, 0x0e, 0x91, 0x62,
+	0x7f, 0xb9, 0x00, 0x27, 0xb8, 0xd3, 0xce, 0xcc, 0xae, 0xef, 0xd6, 0x2b, 0x7e, 0x5d, 0x3c, 0x64,
+	0x7c, 0x13, 0x86, 0x9a, 0x9a, 0x6e, 0xba, 0x5d, 0xa4, 0x62, 0x5d, 0x87, 0x1d, 0x6b, 0xd3, 0x74,
+	0x28, 0x36, 0x78, 0xa1, 0x3a, 0x0c, 0x91, 0x5d, 0xb7, 0xa6, 0x3c, 0x3f, 0x0a, 0x87, 0x3e, 0xa4,
+	0x55, 0x2d, 0x0b, 0x1a, 0x1f, 0x6c, 0x70, 0x7d, 0x08, 0x19, 0xf4, 0xed, 0x1f, 0xb5, 0xe0, 0x74,
+	0x4e, 0x5c, 0x63, 0x5a, 0xdd, 0x1d, 0xe6, 0x1e, 0x25, 0xa6, 0xad, 0xaa, 0x8e, 0x3b, 0x4d, 0x61,
+	0x81, 0x45, 0x1f, 0x03, 0xe0, 0x4e, 0x4f, 0xc4, 0xab, 0x75, 0x0c, 0x00, 0x6b, 0xc4, 0xae, 0xd4,
+	0xc2, 0x10, 0xca, 0xf2, 0x58, 0xe3, 0x65, 0x7f, 0xa9, 0x07, 0x7a, 0x99, 0x93, 0x0d, 0xaa, 0x40,
+	0xff, 0x16, 0xcf, 0x54, 0xd5, 0x76, 0xdc, 0x28, 0xad, 0x4c, 0x7e, 0x15, 0x8f, 0x9b, 0x06, 0xc5,
+	0x92, 0x0d, 0x5a, 0x81, 0x09, 0x9e, 0x30, 0xac, 0x31, 0x4f, 0x1a, 0xce, 0x9e, 0x54, 0xfb, 0xf2,
+	0x1c, 0xd8, 0x4a, 0xfd, 0xbd, 0x94, 0x26, 0xc1, 0x59, 0xe5, 0xd0, 0x6b, 0x30, 0x42, 0xaf, 0xe1,
+	0x7e, 0x2b, 0x92, 0x9c, 0x78, 0xaa, 0x30, 0x75, 0x33, 0x59, 0x33, 0xb0, 0x38, 0x41, 0x8d, 0x5e,
+	0x85, 0xe1, 0x66, 0x4a, 0xc1, 0xdd, 0x1b, 0x6b, 0x82, 0x4c, 0xa5, 0xb6, 0x49, 0xcb, 0xbc, 0xe2,
+	0x5b, 0xec, 0x0d, 0xc0, 0xda, 0x56, 0x40, 0xc2, 0x2d, 0xbf, 0x51, 0x67, 0x12, 0x70, 0xaf, 0xe6,
+	0x15, 0x9f, 0xc0, 0xe3, 0x54, 0x09, 0xca, 0x65, 0xc3, 0x71, 0x1b, 0xad, 0x80, 0xc4, 0x5c, 0xfa,
+	0x4c, 0x2e, 0x8b, 0x09, 0x3c, 0x4e, 0x95, 0xe8, 0xac, 0xb9, 0xef, 0x3f, 0x1a, 0xcd, 0xbd, 0xfd,
+	0xd3, 0x05, 0x30, 0x86, 0xf6, 0xdb, 0x37, 0x85, 0x19, 0xfd, 0xb2, 0xcd, 0xa0, 0x59, 0x13, 0x0e,
+	0x65, 0x99, 0x5f, 0x16, 0xe7, 0x2f, 0xe6, 0x5f, 0x46, 0xff, 0x63, 0x56, 0x8a, 0xae, 0xf1, 0x93,
+	0x95, 0xc0, 0xa7, 0x87, 0x9c, 0x0c, 0xa4, 0xa7, 0x1e, 0x9f, 0xf4, 0xcb, 0x20, 0x03, 0x6d, 0x42,
+	0xce, 0x0a, 0xf7, 0x7c, 0xce, 0xc1, 0xf0, 0xbd, 0xaa, 0x8a, 0x68, 0x1f, 0x92, 0x0b, 0xba, 0x02,
+	0x83, 0x22, 0x2f, 0x15, 0x7b, 0x23, 0xc1, 0x17, 0x13, 0xf3, 0x15, 0x9b, 0x8f, 0xc1, 0x58, 0xa7,
+	0xb1, 0x7f, 0xa0, 0x00, 0x13, 0x19, 0x8f, 0xdc, 0xf8, 0x31, 0xb2, 0xe9, 0x86, 0x91, 0x4a, 0x91,
+	0xac, 0x1d, 0x23, 0x1c, 0x8e, 0x15, 0x05, 0xdd, 0xab, 0xf8, 0x41, 0x95, 0x3c, 0x9c, 0xc4, 0x23,
+	0x12, 0x81, 0x3d, 0x64, 0xb2, 0xe1, 0x0b, 0xd0, 0xd3, 0x0a, 0x89, 0x0c, 0x16, 0xad, 0x8e, 0x6d,
+	0x66, 0xd6, 0x66, 0x18, 0x7a, 0x05, 0xdc, 0x54, 0x16, 0x62, 0xed, 0x0a, 0xc8, 0x6d, 0xc4, 0x1c,
+	0x47, 0x1b, 0x17, 0x11, 0xcf, 0xf1, 0x22, 0x71, 0x51, 0x8c, 0xa3, 0x9e, 0x32, 0x28, 0x16, 0x58,
+	0xfb, 0x8b, 0x45, 0x38, 0x93, 0xfb, 0xec, 0x95, 0x36, 0x7d, 0xc7, 0xf7, 0xdc, 0xc8, 0x57, 0x4e,
+	0x78, 0x3c, 0xd2, 0x29, 0x69, 0x6e, 0xad, 0x08, 0x38, 0x56, 0x14, 0xe8, 0x22, 0xf4, 0x32, 0xa5,
+	0x78, 0x2a, 0x59, 0xf4, 0xec, 0x3c, 0x0f, 0x7d, 0xc7, 0xd1, 0x5d, 0xe7, 0xf7, 0x7f, 0x8c, 0x4a,
+	0x30, 0x7e, 0x23, 0x79, 0xa0, 0xd0, 0xe6, 0xfa, 0x7e, 0x03, 0x33, 0x24, 0x7a, 0x42, 0xf4, 0x57,
+	0xc2, 0xeb, 0x0c, 0x3b, 0x75, 0x3f, 0xd4, 0x3a, 0xed, 0x29, 0xe8, 0xdf, 0x26, 0x7b, 0x81, 0xeb,
+	0x6d, 0x26, 0xbd, 0x11, 0xaf, 0x73, 0x30, 0x96, 0x78, 0x33, 0x6f, 0x69, 0xff, 0x51, 0x27, 0xe6,
+	0x1f, 0xe8, 0x28, 0x9e, 0xfc, 0x50, 0x11, 0x46, 0xf1, 0xec, 0xfc, 0x7b, 0x03, 0x71, 0x33, 0x3d,
+	0x10, 0x47, 0x9d, 0x98, 0xbf, 0xf3, 0x68, 0xfc, 0xa2, 0x05, 0xa3, 0x2c, 0x3b, 0x96, 0x88, 0x59,
+	0xe1, 0xfa, 0xde, 0x31, 0x5c, 0x05, 0x1e, 0x83, 0xde, 0x80, 0x56, 0x9a, 0xcc, 0x12, 0xcd, 0x5a,
+	0x82, 0x39, 0x0e, 0x9d, 0x85, 0x1e, 0xd6, 0x04, 0x3a, 0x78, 0x43, 0x7c, 0x0b, 0x9e, 0x77, 0x22,
+	0x07, 0x33, 0x28, 0x0b, 0xfc, 0x86, 0x49, 0xb3, 0xe1, 0xf2, 0x46, 0xc7, 0x2e, 0x0b, 0xef, 0x8e,
+	0x80, 0x18, 0x99, 0x4d, 0x7b, 0x67, 0x81, 0xdf, 0xb2, 0x59, 0xb6, 0xbf, 0x66, 0xff, 0x79, 0x01,
+	0xce, 0x67, 0x96, 0xeb, 0x3a, 0xf0, 0x5b, 0xfb, 0xd2, 0x0f, 0x33, 0xff, 0x51, 0xf1, 0x18, 0x7d,
+	0xbd, 0x7b, 0xba, 0x95, 0xfe, 0x7b, 0xbb, 0x88, 0xc7, 0x96, 0xd9, 0x65, 0xef, 0x92, 0x78, 0x6c,
+	0x99, 0x6d, 0xcb, 0x51, 0x13, 0xfc, 0x75, 0x21, 0xe7, 0x5b, 0x98, 0xc2, 0xe0, 0x12, 0xdd, 0x67,
+	0x18, 0x32, 0x94, 0x97, 0x70, 0xbe, 0xc7, 0x70, 0x18, 0x56, 0x58, 0x34, 0x03, 0xa3, 0x3b, 0xae,
+	0x47, 0x37, 0x9f, 0x3d, 0x53, 0x14, 0x57, 0xb6, 0x8c, 0x15, 0x13, 0x8d, 0x93, 0xf4, 0xc8, 0xd5,
+	0x62, 0xb5, 0xf1, 0xaf, 0x7b, 0xf5, 0x50, 0xab, 0x6e, 0xda, 0x74, 0xe7, 0x50, 0xbd, 0x98, 0x11,
+	0xb7, 0x6d, 0x45, 0xd3, 0x13, 0x15, 0xbb, 0xd7, 0x13, 0x0d, 0x65, 0xeb, 0x88, 0xa6, 0x5e, 0x85,
+	0xe1, 0x07, 0xb6, 0x8d, 0xd8, 0x5f, 0x2f, 0xc2, 0x23, 0x6d, 0x96, 0x3d, 0xdf, 0xeb, 0x8d, 0x31,
+	0xd0, 0xf6, 0xfa, 0xd4, 0x38, 0x54, 0xe0, 0xc4, 0x46, 0xab, 0xd1, 0xd8, 0x63, 0x4f, 0xa0, 0x48,
+	0x5d, 0x52, 0x08, 0x99, 0x52, 0x2a, 0x47, 0x4e, 0x2c, 0x66, 0xd0, 0xe0, 0xcc, 0x92, 0xf4, 0x8a,
+	0x45, 0x4f, 0x92, 0x3d, 0xc5, 0x2a, 0x71, 0xc5, 0xc2, 0x3a, 0x12, 0x9b, 0xb4, 0xe8, 0x2a, 0x8c,
+	0x3b, 0xbb, 0x8e, 0xcb, 0x03, 0xde, 0x4b, 0x06, 0xfc, 0x8e, 0xa5, 0x74, 0xd1, 0x33, 0x49, 0x02,
+	0x9c, 0x2e, 0x83, 0x5e, 0x07, 0xe4, 0xaf, 0xb3, 0x87, 0x12, 0xf5, 0xab, 0xc4, 0x13, 0x56, 0x77,
+	0x36, 0x76, 0xc5, 0x78, 0x4b, 0xb8, 0x91, 0xa2, 0xc0, 0x19, 0xa5, 0x12, 0x81, 0xc9, 0xfa, 0xf2,
+	0x03, 0x93, 0xb5, 0xdf, 0x17, 0x3b, 0xa6, 0xde, 0xba, 0x02, 0xc3, 0x87, 0x74, 0xff, 0xb5, 0xff,
+	0x8d, 0x05, 0x4a, 0x41, 0x6c, 0x46, 0xfd, 0x7d, 0x95, 0xf9, 0x27, 0x73, 0xd5, 0xb6, 0x16, 0x2d,
+	0xe9, 0xa4, 0xe6, 0x9f, 0x1c, 0x23, 0xb1, 0x49, 0xcb, 0xe7, 0x90, 0xe6, 0x57, 0x6c, 0xdc, 0x0a,
+	0x44, 0x68, 0x42, 0x45, 0x81, 0x3e, 0x0e, 0xfd, 0x75, 0x77, 0xd7, 0x0d, 0x85, 0x72, 0xec, 0xd0,
+	0xc6, 0xb8, 0x78, 0xeb, 0x9c, 0xe7, 0x6c, 0xb0, 0xe4, 0x67, 0xff, 0x50, 0x21, 0xee, 0x93, 0x37,
+	0x5a, 0x7e, 0xe4, 0x1c, 0xc3, 0x49, 0x7e, 0xd5, 0x38, 0xc9, 0x9f, 0x68, 0x17, 0x9f, 0x91, 0x35,
+	0x29, 0xf7, 0x04, 0xbf, 0x91, 0x38, 0xc1, 0x9f, 0xec, 0xcc, 0xaa, 0xfd, 0xc9, 0xfd, 0x0f, 0x2c,
+	0x18, 0x37, 0xe8, 0x8f, 0xe1, 0x00, 0x59, 0x34, 0x0f, 0x90, 0x47, 0x3b, 0x7e, 0x43, 0xce, 0xc1,
+	0xf1, 0xbd, 0xc5, 0x44, 0xdb, 0xd9, 0x81, 0xf1, 0x36, 0xf4, 0x6c, 0x39, 0x41, 0xbd, 0x5d, 0x3e,
+	0x9a, 0x54, 0xa1, 0xe9, 0x6b, 0x4e, 0x20, 0x3c, 0x15, 0x9e, 0x95, 0xbd, 0x4e, 0x41, 0x1d, 0xbd,
+	0x14, 0x58, 0x55, 0xe8, 0x65, 0xe8, 0x0b, 0x6b, 0x7e, 0x53, 0xbd, 0x99, 0xba, 0xc0, 0x3a, 0x9a,
+	0x41, 0x0e, 0xf6, 0xcb, 0xc8, 0xac, 0x8e, 0x82, 0xb1, 0xa0, 0x47, 0x6f, 0xc2, 0x30, 0xfb, 0xa5,
+	0xdc, 0x06, 0x8b, 0xf9, 0x1a, 0x8c, 0xaa, 0x4e, 0xc8, 0x7d, 0x6a, 0x0d, 0x10, 0x36, 0x59, 0x4d,
+	0x6d, 0x42, 0x49, 0x7d, 0xd6, 0x43, 0xb5, 0x76, 0xff, 0xab, 0x22, 0x4c, 0x64, 0xcc, 0x39, 0x14,
+	0x1a, 0x23, 0x71, 0xa5, 0xcb, 0xa9, 0xfa, 0x0e, 0xc7, 0x22, 0x64, 0x17, 0xa8, 0xba, 0x98, 0x5b,
+	0x5d, 0x57, 0x7a, 0x33, 0x24, 0xc9, 0x4a, 0x29, 0xa8, 0x73, 0xa5, 0xb4, 0xb2, 0x63, 0xeb, 0x6a,
+	0x5a, 0x91, 0x6a, 0xe9, 0x43, 0x1d, 0xd3, 0x5f, 0xef, 0x81, 0x13, 0x59, 0x21, 0x63, 0xd1, 0x67,
+	0x13, 0xd9, 0x90, 0x5f, 0xec, 0x36, 0xd8, 0x2c, 0x4f, 0x91, 0x2c, 0xc2, 0x40, 0x4e, 0x9b, 0xf9,
+	0x91, 0x3b, 0x76, 0xb3, 0xa8, 0x93, 0x05, 0xa0, 0x09, 0x78, 0x16, 0x6b, 0xb9, 0x7d, 0x7c, 0xa0,
+	0xeb, 0x06, 0x88, 0xf4, 0xd7, 0x61, 0xc2, 0x25, 0x49, 0x82, 0x3b, 0xbb, 0x24, 0xc9, 0x9a, 0xd1,
+	0x12, 0xf4, 0xd5, 0xb8, 0xaf, 0x4b, 0xb1, 0xf3, 0x16, 0xc6, 0x1d, 0x5d, 0xd4, 0x06, 0x2c, 0x1c,
+	0x5c, 0x04, 0x83, 0x29, 0x17, 0x06, 0xb5, 0x8e, 0x79, 0xa8, 0x93, 0x67, 0x9b, 0x1e, 0x7c, 0x5a,
+	0x17, 0x3c, 0xd4, 0x09, 0xf4, 0xa3, 0x16, 0x24, 0x1e, 0xbc, 0x28, 0xa5, 0x9c, 0x95, 0xab, 0x94,
+	0xbb, 0x00, 0x3d, 0x81, 0xdf, 0x20, 0xc9, 0x0c, 0xc4, 0xd8, 0x6f, 0x10, 0xcc, 0x30, 0x94, 0x22,
+	0x8a, 0x55, 0x2d, 0x43, 0xfa, 0x35, 0x52, 0x5c, 0x10, 0x1f, 0x83, 0xde, 0x06, 0xd9, 0x25, 0x8d,
+	0x64, 0xa2, 0xb8, 0x65, 0x0a, 0xc4, 0x1c, 0x67, 0xff, 0x62, 0x0f, 0x9c, 0x6b, 0x1b, 0x0d, 0x8a,
+	0x5e, 0xc6, 0x36, 0x9d, 0x88, 0xdc, 0x71, 0xf6, 0x92, 0x19, 0x9d, 0xae, 0x72, 0x30, 0x96, 0x78,
+	0xf6, 0xfc, 0x93, 0x27, 0x66, 0x48, 0xa8, 0x30, 0x45, 0x3e, 0x06, 0x81, 0x35, 0x55, 0x62, 0xc5,
+	0xa3, 0x50, 0x89, 0x3d, 0x0f, 0x10, 0x86, 0x0d, 0xee, 0x16, 0x58, 0x17, 0xef, 0x4a, 0xe3, 0x04,
+	0x1e, 0xd5, 0x65, 0x81, 0xc1, 0x1a, 0x15, 0x9a, 0x87, 0xb1, 0x66, 0xe0, 0x47, 0x5c, 0x23, 0x3c,
+	0xcf, 0x3d, 0x67, 0x7b, 0xcd, 0x40, 0x3c, 0x95, 0x04, 0x1e, 0xa7, 0x4a, 0xa0, 0x97, 0x60, 0x50,
+	0x04, 0xe7, 0xa9, 0xf8, 0x7e, 0x43, 0x28, 0xa1, 0x94, 0x33, 0x69, 0x35, 0x46, 0x61, 0x9d, 0x4e,
+	0x2b, 0xc6, 0xd4, 0xcc, 0xfd, 0x99, 0xc5, 0xb8, 0xaa, 0x59, 0xa3, 0x4b, 0x44, 0xa2, 0x1e, 0xe8,
+	0x2a, 0x12, 0x75, 0xac, 0x96, 0x2b, 0x75, 0x6d, 0xf5, 0x84, 0x8e, 0x8a, 0xac, 0xaf, 0xf4, 0xc0,
+	0x84, 0x98, 0x38, 0x0f, 0x7b, 0xba, 0xdc, 0x4c, 0x4f, 0x97, 0xa3, 0x50, 0xdc, 0xbd, 0x37, 0x67,
+	0x8e, 0x7b, 0xce, 0xfc, 0xb0, 0x05, 0xa6, 0xa4, 0x86, 0xfe, 0xb7, 0xdc, 0x94, 0x78, 0x2f, 0xe5,
+	0x4a, 0x7e, 0x71, 0x94, 0xdf, 0x77, 0x96, 0x1c, 0xcf, 0xfe, 0xd7, 0x16, 0x3c, 0xda, 0x91, 0x23,
+	0x5a, 0x80, 0x12, 0x13, 0x27, 0xb5, 0x8b, 0xde, 0x93, 0xca, 0xb3, 0x5e, 0x22, 0x72, 0xa4, 0xdb,
+	0xb8, 0x24, 0x5a, 0x48, 0xe5, 0x1e, 0x7c, 0x2a, 0x23, 0xf7, 0xe0, 0x49, 0xa3, 0x7b, 0x1e, 0x30,
+	0xf9, 0xe0, 0x0f, 0xd2, 0x13, 0xc7, 0x78, 0xd5, 0x86, 0x3e, 0x60, 0x28, 0x1d, 0xed, 0x84, 0xd2,
+	0x11, 0x99, 0xd4, 0xda, 0x19, 0xf2, 0x51, 0x18, 0x63, 0x51, 0xfb, 0xd8, 0x3b, 0x0f, 0xf1, 0xde,
+	0xae, 0x10, 0xfb, 0x72, 0x2f, 0x27, 0x70, 0x38, 0x45, 0x6d, 0xff, 0x69, 0x11, 0xfa, 0xf8, 0xf2,
+	0x3b, 0x86, 0xeb, 0xe5, 0x33, 0x50, 0x72, 0x77, 0x76, 0x5a, 0x3c, 0x9d, 0x5c, 0x6f, 0xec, 0x19,
+	0xbc, 0x24, 0x81, 0x38, 0xc6, 0xa3, 0x45, 0xa1, 0xef, 0x6e, 0x13, 0x18, 0x98, 0x37, 0x7c, 0x7a,
+	0xde, 0x89, 0x1c, 0x2e, 0x2b, 0xa9, 0x73, 0x36, 0xd6, 0x8c, 0xa3, 0x4f, 0x01, 0x84, 0x51, 0xe0,
+	0x7a, 0x9b, 0x14, 0x26, 0x62, 0xab, 0x3f, 0xdd, 0x86, 0x5b, 0x55, 0x11, 0x73, 0x9e, 0xf1, 0x9e,
+	0xa3, 0x10, 0x58, 0xe3, 0x88, 0xa6, 0x8d, 0x93, 0x7e, 0x2a, 0x31, 0x76, 0xc0, 0xb9, 0xc6, 0x63,
+	0x36, 0xf5, 0x41, 0x28, 0x29, 0xe6, 0x9d, 0xb4, 0x5f, 0x43, 0xba, 0x58, 0xf4, 0x11, 0x18, 0x4d,
+	0xb4, 0xed, 0x50, 0xca, 0xb3, 0x5f, 0xb2, 0x60, 0x94, 0x37, 0x66, 0xc1, 0xdb, 0x15, 0xa7, 0xc1,
+	0x3d, 0x38, 0xd1, 0xc8, 0xd8, 0x95, 0xc5, 0xf0, 0x77, 0xbf, 0x8b, 0x2b, 0x65, 0x59, 0x16, 0x16,
+	0x67, 0xd6, 0x81, 0x2e, 0xd1, 0x15, 0x47, 0x77, 0x5d, 0xa7, 0x21, 0xe2, 0x1b, 0x0c, 0xf1, 0xd5,
+	0xc6, 0x61, 0x58, 0x61, 0xed, 0x3f, 0xb0, 0x60, 0x9c, 0xb7, 0xfc, 0x3a, 0xd9, 0x53, 0x7b, 0xd3,
+	0x37, 0xb3, 0xed, 0x22, 0x91, 0x69, 0x21, 0x27, 0x91, 0xa9, 0xfe, 0x69, 0xc5, 0xb6, 0x9f, 0xf6,
+	0x65, 0x0b, 0xc4, 0x0c, 0x39, 0x06, 0x7d, 0xc6, 0x77, 0x98, 0xfa, 0x8c, 0xa9, 0xfc, 0x45, 0x90,
+	0xa3, 0xc8, 0xf8, 0x2b, 0x0b, 0xc6, 0x38, 0x41, 0x6c, 0xab, 0xff, 0xa6, 0x8e, 0xc3, 0xac, 0xf9,
+	0x45, 0x99, 0xce, 0x97, 0xd7, 0xc9, 0xde, 0x9a, 0x5f, 0x71, 0xa2, 0xad, 0xec, 0x8f, 0x32, 0x06,
+	0xab, 0xa7, 0xed, 0x60, 0xd5, 0xe5, 0x02, 0x32, 0xf2, 0x7c, 0x75, 0x08, 0x10, 0x70, 0xd8, 0x3c,
+	0x5f, 0xf6, 0x9f, 0x59, 0x80, 0x78, 0x35, 0x86, 0xe0, 0x46, 0xc5, 0x21, 0x06, 0xd5, 0x0e, 0xba,
+	0x78, 0x6b, 0x52, 0x18, 0xac, 0x51, 0x1d, 0x49, 0xf7, 0x24, 0x1c, 0x2e, 0x8a, 0x9d, 0x1d, 0x2e,
+	0x0e, 0xd1, 0xa3, 0xff, 0xac, 0x0f, 0x92, 0x2f, 0xfb, 0xd0, 0x2d, 0x18, 0xaa, 0x39, 0x4d, 0x67,
+	0xdd, 0x6d, 0xb8, 0x91, 0x4b, 0xc2, 0x76, 0xde, 0x58, 0x73, 0x1a, 0x9d, 0x30, 0x91, 0x6b, 0x10,
+	0x6c, 0xf0, 0x41, 0xd3, 0x00, 0xcd, 0xc0, 0xdd, 0x75, 0x1b, 0x64, 0x93, 0xa9, 0x5d, 0x58, 0x44,
+	0x15, 0xee, 0x1a, 0x26, 0xa1, 0x58, 0xa3, 0xc8, 0x08, 0xa3, 0x50, 0x7c, 0xc8, 0x61, 0x14, 0xe0,
+	0xd8, 0xc2, 0x28, 0xf4, 0x1c, 0x2a, 0x8c, 0xc2, 0xc0, 0xa1, 0xc3, 0x28, 0xf4, 0x76, 0x15, 0x46,
+	0x01, 0xc3, 0x29, 0x29, 0x7b, 0xd2, 0xff, 0x8b, 0x6e, 0x83, 0x88, 0x0b, 0x07, 0x0f, 0x03, 0x33,
+	0x75, 0x7f, 0xbf, 0x7c, 0x0a, 0x67, 0x52, 0xe0, 0x9c, 0x92, 0xe8, 0x63, 0x30, 0xe9, 0x34, 0x1a,
+	0xfe, 0x1d, 0x35, 0xa8, 0x0b, 0x61, 0xcd, 0x69, 0x70, 0x13, 0x48, 0x3f, 0xe3, 0x7a, 0xf6, 0xfe,
+	0x7e, 0x79, 0x72, 0x26, 0x87, 0x06, 0xe7, 0x96, 0x46, 0x1f, 0x86, 0x52, 0x33, 0xf0, 0x6b, 0x2b,
+	0xda, 0xf3, 0xe3, 0xf3, 0xb4, 0x03, 0x2b, 0x12, 0x78, 0xb0, 0x5f, 0x1e, 0x56, 0x7f, 0xd8, 0x81,
+	0x1f, 0x17, 0xc8, 0x88, 0x8b, 0x30, 0x78, 0xa4, 0x71, 0x11, 0xb6, 0x61, 0xa2, 0x4a, 0x02, 0xd7,
+	0x69, 0xb8, 0xf7, 0xa8, 0xbc, 0x2c, 0xf7, 0xa7, 0x35, 0x28, 0x05, 0x89, 0x1d, 0xb9, 0xab, 0x60,
+	0xbd, 0x5a, 0xc2, 0x25, 0xb9, 0x03, 0xc7, 0x8c, 0xec, 0xff, 0x66, 0x41, 0xbf, 0x78, 0xc9, 0x77,
+	0x0c, 0x52, 0xe3, 0x8c, 0x61, 0x94, 0x28, 0x67, 0x77, 0x18, 0x6b, 0x4c, 0xae, 0x39, 0x62, 0x29,
+	0x61, 0x8e, 0x78, 0xb4, 0x1d, 0x93, 0xf6, 0x86, 0x88, 0xff, 0xaf, 0x48, 0xa5, 0x77, 0xe3, 0x4d,
+	0xf9, 0xc3, 0xef, 0x82, 0x55, 0xe8, 0x0f, 0xc5, 0x9b, 0xe6, 0x42, 0xfe, 0x6b, 0x90, 0xe4, 0x20,
+	0xc6, 0x5e, 0x74, 0xe2, 0x15, 0xb3, 0x64, 0x92, 0xf9, 0x58, 0xba, 0xf8, 0x10, 0x1f, 0x4b, 0x77,
+	0x7a, 0x75, 0xdf, 0x73, 0x14, 0xaf, 0xee, 0xed, 0xaf, 0xb1, 0x93, 0x53, 0x87, 0x1f, 0x83, 0x50,
+	0x75, 0xd5, 0x3c, 0x63, 0xed, 0x36, 0x33, 0x4b, 0x34, 0x2a, 0x47, 0xb8, 0xfa, 0x05, 0x0b, 0xce,
+	0x65, 0x7c, 0x95, 0x26, 0x69, 0x3d, 0x0b, 0x03, 0x4e, 0xab, 0xee, 0xaa, 0xb5, 0xac, 0x99, 0x26,
+	0x67, 0x04, 0x1c, 0x2b, 0x0a, 0x34, 0x07, 0xe3, 0xe4, 0x6e, 0xd3, 0xe5, 0x86, 0x5c, 0xdd, 0xf9,
+	0xb8, 0xc8, 0x9f, 0x7f, 0x2e, 0x24, 0x91, 0x38, 0x4d, 0xaf, 0x02, 0x44, 0x15, 0x73, 0x03, 0x44,
+	0xfd, 0xbc, 0x05, 0x83, 0xea, 0x55, 0xef, 0x43, 0xef, 0xed, 0x8f, 0x9a, 0xbd, 0xfd, 0x48, 0x9b,
+	0xde, 0xce, 0xe9, 0xe6, 0xdf, 0x2b, 0xa8, 0xf6, 0x56, 0xfc, 0x20, 0xea, 0x42, 0x82, 0x7b, 0xf0,
+	0x87, 0x13, 0x57, 0x60, 0xd0, 0x69, 0x36, 0x25, 0x42, 0x7a, 0xc0, 0xb1, 0xd0, 0xeb, 0x31, 0x18,
+	0xeb, 0x34, 0xea, 0x1d, 0x47, 0x31, 0xf7, 0x1d, 0x47, 0x1d, 0x20, 0x72, 0x82, 0x4d, 0x12, 0x51,
+	0x98, 0x70, 0xd8, 0xcd, 0xdf, 0x6f, 0x5a, 0x91, 0xdb, 0x98, 0x76, 0xbd, 0x28, 0x8c, 0x82, 0xe9,
+	0x25, 0x2f, 0xba, 0x11, 0xf0, 0x2b, 0xa4, 0x16, 0x62, 0x4d, 0xf1, 0xc2, 0x1a, 0x5f, 0x19, 0xc1,
+	0x82, 0xd5, 0xd1, 0x6b, 0xba, 0x52, 0xac, 0x0a, 0x38, 0x56, 0x14, 0xf6, 0x07, 0xd9, 0xe9, 0xc3,
+	0xfa, 0xf4, 0x70, 0xe1, 0xc5, 0x7e, 0x72, 0x48, 0x8d, 0x06, 0x33, 0x8a, 0xce, 0xeb, 0x41, 0xcc,
+	0xda, 0x6f, 0xf6, 0xb4, 0x62, 0xfd, 0x45, 0x64, 0x1c, 0xe9, 0x0c, 0x7d, 0x22, 0xe5, 0x1e, 0xf3,
+	0x5c, 0x87, 0x53, 0xe3, 0x10, 0x0e, 0x31, 0x2c, 0x0f, 0x13, 0xcb, 0x52, 0xb3, 0x54, 0x11, 0xeb,
+	0x42, 0xcb, 0xc3, 0x24, 0x10, 0x38, 0xa6, 0xa1, 0xc2, 0x94, 0xfa, 0x13, 0x4e, 0xa2, 0x38, 0x16,
+	0xb0, 0xa2, 0x0e, 0xb1, 0x46, 0x81, 0x2e, 0x0b, 0x85, 0x02, 0xb7, 0x0b, 0x3c, 0x92, 0x50, 0x28,
+	0xc8, 0xee, 0xd2, 0xb4, 0x40, 0x57, 0x60, 0x90, 0xdc, 0x8d, 0x48, 0xe0, 0x39, 0x0d, 0x5a, 0x43,
+	0x6f, 0x1c, 0x3f, 0x73, 0x21, 0x06, 0x63, 0x9d, 0x06, 0xad, 0xc1, 0x68, 0xc8, 0xf5, 0x6c, 0x2a,
+	0x48, 0x3c, 0xd7, 0x57, 0x3e, 0xad, 0xde, 0x53, 0x9b, 0xe8, 0x03, 0x06, 0xe2, 0xbb, 0x93, 0x8c,
+	0x32, 0x91, 0x64, 0x81, 0x5e, 0x83, 0x91, 0x86, 0xef, 0xd4, 0x67, 0x9d, 0x86, 0xe3, 0xd5, 0x58,
+	0xff, 0x0c, 0x98, 0x89, 0xa8, 0x97, 0x0d, 0x2c, 0x4e, 0x50, 0x53, 0xe1, 0x4d, 0x87, 0x88, 0x30,
+	0x6d, 0x8e, 0xb7, 0x49, 0x42, 0x91, 0x0f, 0x9e, 0x09, 0x6f, 0xcb, 0x39, 0x34, 0x38, 0xb7, 0x34,
+	0x7a, 0x19, 0x86, 0xe4, 0xe7, 0x6b, 0x41, 0x59, 0xe2, 0x27, 0x31, 0x1a, 0x0e, 0x1b, 0x94, 0x28,
+	0x84, 0x93, 0xf2, 0xff, 0x5a, 0xe0, 0x6c, 0x6c, 0xb8, 0x35, 0x11, 0xa9, 0x80, 0x3f, 0x1f, 0xfe,
+	0x88, 0x7c, 0xab, 0xb8, 0x90, 0x45, 0x74, 0xb0, 0x5f, 0x3e, 0x2b, 0x7a, 0x2d, 0x13, 0x8f, 0xb3,
+	0x79, 0xa3, 0x15, 0x98, 0xd8, 0x22, 0x4e, 0x23, 0xda, 0x9a, 0xdb, 0x22, 0xb5, 0x6d, 0xb9, 0xe0,
+	0x58, 0x98, 0x17, 0xed, 0xe9, 0xc8, 0xb5, 0x34, 0x09, 0xce, 0x2a, 0x87, 0xde, 0x82, 0xc9, 0x66,
+	0x6b, 0xbd, 0xe1, 0x86, 0x5b, 0xab, 0x7e, 0xc4, 0x9c, 0x90, 0x66, 0xea, 0xf5, 0x80, 0x84, 0xfc,
+	0x75, 0x29, 0x3b, 0x7a, 0x65, 0x20, 0x9d, 0x4a, 0x0e, 0x1d, 0xce, 0xe5, 0x80, 0xee, 0xc1, 0xc9,
+	0xc4, 0x44, 0x10, 0x11, 0x31, 0x46, 0xf2, 0x53, 0xc4, 0x54, 0xb3, 0x0a, 0x88, 0xe0, 0x32, 0x59,
+	0x28, 0x9c, 0x5d, 0x05, 0x7a, 0x05, 0xc0, 0x6d, 0x2e, 0x3a, 0x3b, 0x6e, 0x83, 0x5e, 0x15, 0x27,
+	0xd8, 0x1c, 0xa1, 0xd7, 0x06, 0x58, 0xaa, 0x48, 0x28, 0xdd, 0x9b, 0xc5, 0xbf, 0x3d, 0xac, 0x51,
+	0xa3, 0x65, 0x18, 0x11, 0xff, 0xf6, 0xc4, 0x90, 0xf2, 0xc0, 0x2c, 0x8f, 0xb3, 0xa8, 0x5a, 0x15,
+	0x1d, 0x73, 0x90, 0x82, 0xe0, 0x44, 0x59, 0xb4, 0x09, 0xe7, 0x64, 0xa2, 0x3f, 0x7d, 0x7e, 0xca,
+	0x31, 0x08, 0x59, 0x5e, 0x96, 0x01, 0xfe, 0x2a, 0x65, 0xa6, 0x1d, 0x21, 0x6e, 0xcf, 0x87, 0x9e,
+	0xeb, 0xfa, 0x34, 0xe7, 0x6f, 0x8e, 0x4f, 0xc6, 0x11, 0x07, 0x97, 0x93, 0x48, 0x9c, 0xa6, 0x47,
+	0x3e, 0x9c, 0x74, 0xbd, 0xac, 0x59, 0x7d, 0x8a, 0x31, 0xfa, 0x10, 0x7f, 0x6e, 0xdd, 0x7e, 0x46,
+	0x67, 0xe2, 0x71, 0x36, 0xdf, 0x77, 0xe6, 0xf7, 0xf7, 0xfb, 0x16, 0x2d, 0xad, 0x49, 0xe7, 0xe8,
+	0xd3, 0x30, 0xa4, 0x7f, 0x94, 0x90, 0x34, 0x2e, 0x66, 0x0b, 0xaf, 0xda, 0x9e, 0xc0, 0x65, 0x7b,
+	0xb5, 0xee, 0x75, 0x1c, 0x36, 0x38, 0xa2, 0x5a, 0x46, 0x6c, 0x83, 0xcb, 0xdd, 0x49, 0x32, 0xdd,
+	0xbb, 0xbd, 0x11, 0xc8, 0x9e, 0xee, 0x68, 0x19, 0x06, 0x6a, 0x0d, 0x97, 0x78, 0xd1, 0x52, 0xa5,
+	0x5d, 0xf4, 0xc6, 0x39, 0x41, 0x23, 0xd6, 0x8f, 0x48, 0xb1, 0xc2, 0x61, 0x58, 0x71, 0xb0, 0x7f,
+	0xb3, 0x00, 0xe5, 0x0e, 0xf9, 0x7a, 0x12, 0x66, 0x28, 0xab, 0x2b, 0x33, 0xd4, 0x0c, 0x8c, 0xc6,
+	0xff, 0x74, 0x0d, 0x97, 0xf2, 0x64, 0xbd, 0x65, 0xa2, 0x71, 0x92, 0xbe, 0xeb, 0x47, 0x09, 0xba,
+	0x25, 0xab, 0xa7, 0xe3, 0xb3, 0x1a, 0xc3, 0x82, 0xdd, 0xdb, 0xfd, 0xb5, 0x37, 0xd7, 0x1a, 0x69,
+	0x7f, 0xad, 0x00, 0x27, 0x55, 0x17, 0x7e, 0xfb, 0x76, 0xdc, 0xcd, 0x74, 0xc7, 0x1d, 0x81, 0x2d,
+	0xd7, 0xbe, 0x01, 0x7d, 0x3c, 0x1c, 0x65, 0x17, 0xe2, 0xf6, 0x63, 0x66, 0x94, 0x6c, 0x25, 0xe1,
+	0x19, 0x91, 0xb2, 0xbf, 0xdf, 0x82, 0xd1, 0xc4, 0xeb, 0x36, 0x84, 0xb5, 0x27, 0xd0, 0x0f, 0x22,
+	0x12, 0x67, 0x09, 0xdb, 0x17, 0xa0, 0x67, 0xcb, 0x0f, 0xa3, 0xa4, 0xa3, 0xc7, 0x35, 0x3f, 0x8c,
+	0x30, 0xc3, 0xd8, 0x7f, 0x68, 0x41, 0xef, 0x9a, 0xe3, 0x7a, 0x91, 0x34, 0x0a, 0x58, 0x39, 0x46,
+	0x81, 0x6e, 0xbe, 0x0b, 0xbd, 0x04, 0x7d, 0x64, 0x63, 0x83, 0xd4, 0x22, 0x31, 0xaa, 0x32, 0x14,
+	0x42, 0xdf, 0x02, 0x83, 0x52, 0xf9, 0x8f, 0x55, 0xc6, 0xff, 0x62, 0x41, 0x8c, 0x6e, 0x43, 0x29,
+	0x72, 0x77, 0xc8, 0x4c, 0xbd, 0x2e, 0x4c, 0xe5, 0x0f, 0x10, 0xbf, 0x63, 0x4d, 0x32, 0xc0, 0x31,
+	0x2f, 0xfb, 0x8b, 0x05, 0x80, 0x38, 0x8e, 0x57, 0xa7, 0x4f, 0x9c, 0x4d, 0x19, 0x51, 0x2f, 0x66,
+	0x18, 0x51, 0x51, 0xcc, 0x30, 0xc3, 0x82, 0xaa, 0xba, 0xa9, 0xd8, 0x55, 0x37, 0xf5, 0x1c, 0xa6,
+	0x9b, 0xe6, 0x60, 0x3c, 0x8e, 0x43, 0x66, 0x86, 0x61, 0x64, 0x47, 0xe7, 0x5a, 0x12, 0x89, 0xd3,
+	0xf4, 0x36, 0x81, 0x0b, 0x2a, 0x1c, 0x93, 0x38, 0xd1, 0x98, 0x1f, 0xb8, 0x6e, 0x94, 0xee, 0xd0,
+	0x4f, 0xb1, 0x95, 0xb8, 0x90, 0x6b, 0x25, 0xfe, 0x09, 0x0b, 0x4e, 0x24, 0xeb, 0x61, 0x8f, 0xa6,
+	0xbf, 0x60, 0xc1, 0x49, 0x66, 0x2b, 0x67, 0xb5, 0xa6, 0x2d, 0xf3, 0x2f, 0xb6, 0x0d, 0x31, 0x95,
+	0xd3, 0xe2, 0x38, 0xe6, 0xc6, 0x4a, 0x16, 0x6b, 0x9c, 0x5d, 0xa3, 0xfd, 0x5f, 0x7b, 0x60, 0x32,
+	0x2f, 0x36, 0x15, 0x7b, 0x26, 0xe2, 0xdc, 0xad, 0x6e, 0x93, 0x3b, 0xc2, 0x19, 0x3f, 0x7e, 0x26,
+	0xc2, 0xc1, 0x58, 0xe2, 0x93, 0xe9, 0x4f, 0x0a, 0x5d, 0xa6, 0x3f, 0xd9, 0x82, 0xf1, 0x3b, 0x5b,
+	0xc4, 0xbb, 0xe9, 0x85, 0x4e, 0xe4, 0x86, 0x1b, 0x2e, 0xb3, 0x2b, 0xf3, 0x79, 0x23, 0x73, 0x50,
+	0x8f, 0xdf, 0x4e, 0x12, 0x1c, 0xec, 0x97, 0xcf, 0x19, 0x80, 0xb8, 0xc9, 0x7c, 0x23, 0xc1, 0x69,
+	0xa6, 0xe9, 0xec, 0x31, 0x3d, 0x0f, 0x39, 0x7b, 0xcc, 0x8e, 0x2b, 0xbc, 0x51, 0xe4, 0x1b, 0x00,
+	0x76, 0x63, 0x5c, 0x51, 0x50, 0xac, 0x51, 0xa0, 0x4f, 0x02, 0xd2, 0x33, 0x74, 0x19, 0xa1, 0x41,
+	0x9f, 0xbb, 0xbf, 0x5f, 0x46, 0xab, 0x29, 0xec, 0xc1, 0x7e, 0x79, 0x82, 0x42, 0x97, 0x3c, 0x7a,
+	0xf3, 0x8c, 0xe3, 0xa9, 0x65, 0x30, 0x42, 0xb7, 0x61, 0x8c, 0x42, 0xd9, 0x8a, 0x92, 0x71, 0x47,
+	0xf9, 0x6d, 0xf1, 0x99, 0xfb, 0xfb, 0xe5, 0xb1, 0xd5, 0x04, 0x2e, 0x8f, 0x75, 0x8a, 0x09, 0x7a,
+	0x05, 0x46, 0xe2, 0x79, 0x75, 0x9d, 0xec, 0xf1, 0x00, 0x3d, 0x25, 0xae, 0xf0, 0x5e, 0x31, 0x30,
+	0x38, 0x41, 0x69, 0x7f, 0xc1, 0x82, 0x33, 0xb9, 0x19, 0xf1, 0xd1, 0x25, 0x18, 0x70, 0x9a, 0x2e,
+	0x37, 0x5f, 0x88, 0xa3, 0x86, 0xa9, 0xc9, 0x2a, 0x4b, 0xdc, 0x78, 0xa1, 0xb0, 0x74, 0x87, 0xdf,
+	0x76, 0xbd, 0x7a, 0x72, 0x87, 0xbf, 0xee, 0x7a, 0x75, 0xcc, 0x30, 0xea, 0xc8, 0x2a, 0xe6, 0x3e,
+	0x45, 0xf8, 0x0a, 0x5d, 0xab, 0x19, 0xb9, 0xf3, 0x8f, 0xb7, 0x19, 0xe8, 0x19, 0xdd, 0xd4, 0x28,
+	0xbc, 0x0a, 0x73, 0xcd, 0x8c, 0xdf, 0x67, 0x81, 0x78, 0xba, 0xdc, 0xc5, 0x99, 0xfc, 0x26, 0x0c,
+	0xed, 0xa6, 0xb3, 0x17, 0x5e, 0xc8, 0x7f, 0xcb, 0x2d, 0x22, 0xae, 0x2b, 0x41, 0xdb, 0xc8, 0x54,
+	0x68, 0xf0, 0xb2, 0xeb, 0x20, 0xb0, 0xf3, 0x84, 0x19, 0x14, 0x3a, 0xb7, 0xe6, 0x79, 0x80, 0x3a,
+	0xa3, 0x65, 0x29, 0x8d, 0x0b, 0xa6, 0xc4, 0x35, 0xaf, 0x30, 0x58, 0xa3, 0xb2, 0xff, 0x79, 0x01,
+	0x06, 0x65, 0xb6, 0xbc, 0x96, 0xd7, 0x8d, 0xda, 0xef, 0x50, 0xe9, 0xb3, 0xd1, 0x65, 0x28, 0x31,
+	0xbd, 0x74, 0x25, 0xd6, 0x96, 0x2a, 0xad, 0xd0, 0x8a, 0x44, 0xe0, 0x98, 0x86, 0xee, 0x8e, 0x61,
+	0x6b, 0x9d, 0x91, 0x27, 0x1e, 0xda, 0x56, 0x39, 0x18, 0x4b, 0x3c, 0xfa, 0x18, 0x8c, 0xf1, 0x72,
+	0x81, 0xdf, 0x74, 0x36, 0xb9, 0x2d, 0xab, 0x57, 0x45, 0x2f, 0x19, 0x5b, 0x49, 0xe0, 0x0e, 0xf6,
+	0xcb, 0x27, 0x92, 0x30, 0x66, 0xa4, 0x4d, 0x71, 0x61, 0x2e, 0x6b, 0xbc, 0x12, 0xba, 0xab, 0xa7,
+	0x3c, 0xdd, 0x62, 0x14, 0xd6, 0xe9, 0xec, 0x4f, 0x03, 0x4a, 0xe7, 0x0d, 0x44, 0xaf, 0x73, 0x97,
+	0x67, 0x37, 0x20, 0xf5, 0x76, 0x46, 0x5b, 0x3d, 0x46, 0x87, 0x7c, 0x23, 0xc7, 0x4b, 0x61, 0x55,
+	0xde, 0xfe, 0x3f, 0x8b, 0x30, 0x96, 0x8c, 0x0a, 0x80, 0xae, 0x41, 0x1f, 0x17, 0x29, 0x05, 0xfb,
+	0x36, 0x3e, 0x41, 0x5a, 0x2c, 0x01, 0x76, 0xb8, 0x0a, 0xa9, 0x54, 0x94, 0x47, 0x6f, 0xc1, 0x60,
+	0xdd, 0xbf, 0xe3, 0xdd, 0x71, 0x82, 0xfa, 0x4c, 0x65, 0x49, 0x4c, 0xe7, 0x4c, 0x45, 0xc5, 0x7c,
+	0x4c, 0xa6, 0xc7, 0x27, 0x60, 0xf6, 0xef, 0x18, 0x85, 0x75, 0x76, 0x68, 0x8d, 0x25, 0xfa, 0xd8,
+	0x70, 0x37, 0x57, 0x9c, 0x66, 0xbb, 0xf7, 0x2f, 0x73, 0x92, 0x48, 0xe3, 0x3c, 0x2c, 0xb2, 0x81,
+	0x70, 0x04, 0x8e, 0x19, 0xa1, 0xcf, 0xc2, 0x44, 0x98, 0x63, 0x3a, 0xc9, 0x4b, 0x23, 0xdb, 0xce,
+	0x9a, 0x30, 0x7b, 0xfa, 0xfe, 0x7e, 0x79, 0x22, 0xcb, 0xc8, 0x92, 0x55, 0x8d, 0xfd, 0xa5, 0x13,
+	0x60, 0x2c, 0x62, 0x23, 0xab, 0xb8, 0x75, 0x44, 0x59, 0xc5, 0x31, 0x0c, 0x90, 0x9d, 0x66, 0xb4,
+	0x37, 0xef, 0x06, 0x62, 0x4c, 0x32, 0x79, 0x2e, 0x08, 0x9a, 0x34, 0x4f, 0x89, 0xc1, 0x8a, 0x4f,
+	0x76, 0xea, 0xf7, 0xe2, 0x37, 0x31, 0xf5, 0x7b, 0xcf, 0x31, 0xa6, 0x7e, 0x5f, 0x85, 0xfe, 0x4d,
+	0x37, 0xc2, 0xa4, 0xe9, 0x8b, 0xcb, 0x5c, 0xe6, 0x3c, 0xbc, 0xca, 0x49, 0xd2, 0x49, 0x86, 0x05,
+	0x02, 0x4b, 0x26, 0xe8, 0x75, 0xb5, 0x02, 0xfb, 0xf2, 0x15, 0x2e, 0x69, 0xe7, 0x95, 0xcc, 0x35,
+	0x28, 0x12, 0xbc, 0xf7, 0x3f, 0x68, 0x82, 0xf7, 0x45, 0x99, 0x96, 0x7d, 0x20, 0xff, 0xb1, 0x1a,
+	0xcb, 0xba, 0xde, 0x21, 0x19, 0xfb, 0x2d, 0x3d, 0x95, 0x7d, 0x29, 0x7f, 0x27, 0x50, 0x59, 0xea,
+	0xbb, 0x4c, 0x60, 0xff, 0x7d, 0x16, 0x9c, 0x4c, 0xa6, 0x9a, 0x65, 0x6f, 0x2a, 0x84, 0x9f, 0xc7,
+	0x4b, 0xdd, 0xe4, 0xfe, 0x65, 0x05, 0x8c, 0x0a, 0x99, 0x8e, 0x34, 0x93, 0x0c, 0x67, 0x57, 0x47,
+	0x3b, 0x3a, 0x58, 0xaf, 0x0b, 0x7f, 0x83, 0xc7, 0x72, 0x32, 0xe1, 0xb7, 0xc9, 0x7f, 0xbf, 0x96,
+	0x91, 0x75, 0xfd, 0xf1, 0xbc, 0xac, 0xeb, 0x5d, 0xe7, 0x5a, 0x7f, 0x5d, 0xe5, 0xc0, 0x1f, 0xce,
+	0x9f, 0x4a, 0x3c, 0xc3, 0x7d, 0xc7, 0xcc, 0xf7, 0xaf, 0xab, 0xcc, 0xf7, 0x6d, 0x22, 0x8b, 0xf3,
+	0xbc, 0xf6, 0x1d, 0xf3, 0xdd, 0x6b, 0x39, 0xeb, 0x47, 0x8f, 0x26, 0x67, 0xbd, 0x71, 0xd4, 0xf0,
+	0xb4, 0xe9, 0xcf, 0x74, 0x38, 0x6a, 0x0c, 0xbe, 0xed, 0x0f, 0x1b, 0x9e, 0x9f, 0x7f, 0xfc, 0x81,
+	0xf2, 0xf3, 0xdf, 0xd2, 0xf3, 0xdd, 0xa3, 0x0e, 0x09, 0xdd, 0x29, 0x51, 0x97, 0x59, 0xee, 0x6f,
+	0xe9, 0x07, 0xe0, 0x44, 0x3e, 0x5f, 0x75, 0xce, 0xa5, 0xf9, 0x66, 0x1e, 0x81, 0xa9, 0xec, 0xf9,
+	0x27, 0x8e, 0x27, 0x7b, 0xfe, 0xc9, 0x23, 0xcf, 0x9e, 0x7f, 0xea, 0x18, 0xb2, 0xe7, 0x9f, 0x3e,
+	0xc6, 0xec, 0xf9, 0xb7, 0x98, 0x73, 0x14, 0x0f, 0x00, 0x25, 0x22, 0xa1, 0x3f, 0x95, 0x13, 0x3f,
+	0x2d, 0x1d, 0x25, 0x8a, 0x7f, 0x9c, 0x42, 0xe1, 0x98, 0x55, 0x46, 0x56, 0xfe, 0xc9, 0x87, 0x90,
+	0x95, 0x7f, 0x35, 0xce, 0xca, 0x7f, 0x26, 0x7f, 0xa8, 0x33, 0x9e, 0xd3, 0xe4, 0xe4, 0xe2, 0xbf,
+	0xa5, 0xe7, 0xd0, 0x7f, 0xa4, 0x8d, 0x15, 0x2c, 0x4b, 0xa1, 0xdc, 0x26, 0x73, 0xfe, 0x6b, 0x3c,
+	0x73, 0xfe, 0xd9, 0xfc, 0x9d, 0x3c, 0x79, 0xdc, 0x19, 0xf9, 0xf2, 0x69, 0xbb, 0x54, 0xf0, 0x57,
+	0x16, 0xf3, 0x3d, 0xa7, 0x5d, 0x2a, 0x7a, 0x6c, 0xba, 0x5d, 0x0a, 0x85, 0x63, 0x56, 0xf6, 0x0f,
+	0x14, 0xe0, 0x7c, 0xfb, 0xf5, 0x16, 0x6b, 0xc9, 0x2b, 0xb1, 0x43, 0x40, 0x42, 0x4b, 0xce, 0xef,
+	0x6c, 0x31, 0x55, 0xd7, 0xf1, 0x20, 0xaf, 0xc2, 0xb8, 0x7a, 0x87, 0xd3, 0x70, 0x6b, 0x7b, 0xab,
+	0xf1, 0x35, 0x59, 0x45, 0x4e, 0xa8, 0x26, 0x09, 0x70, 0xba, 0x0c, 0x9a, 0x81, 0x51, 0x03, 0xb8,
+	0x34, 0x2f, 0xee, 0x66, 0x71, 0x94, 0x71, 0x13, 0x8d, 0x93, 0xf4, 0xf6, 0xcf, 0x59, 0x70, 0x3a,
+	0x27, 0xe5, 0x6b, 0xd7, 0xe1, 0x0e, 0x37, 0x60, 0xb4, 0x69, 0x16, 0xed, 0x10, 0xa1, 0xd5, 0x48,
+	0x2c, 0xab, 0xda, 0x9a, 0x40, 0xe0, 0x24, 0x53, 0xfb, 0x67, 0x0a, 0x70, 0xae, 0xad, 0x63, 0x29,
+	0xc2, 0x70, 0x6a, 0x73, 0x27, 0x74, 0xe6, 0x02, 0x52, 0x27, 0x5e, 0xe4, 0x3a, 0x8d, 0x6a, 0x93,
+	0xd4, 0x34, 0x3b, 0x07, 0xf3, 0xd0, 0xbc, 0xba, 0x52, 0x9d, 0x49, 0x53, 0xe0, 0x9c, 0x92, 0x68,
+	0x11, 0x50, 0x1a, 0x23, 0x46, 0x98, 0x65, 0x0f, 0x48, 0xf3, 0xc3, 0x19, 0x25, 0xd0, 0x07, 0x61,
+	0x58, 0x39, 0xac, 0x6a, 0x23, 0xce, 0x36, 0x76, 0xac, 0x23, 0xb0, 0x49, 0x87, 0xae, 0xf0, 0xf4,
+	0x13, 0x22, 0x51, 0x89, 0x30, 0x8a, 0x8c, 0xca, 0xdc, 0x12, 0x02, 0x8c, 0x75, 0x9a, 0xd9, 0x97,
+	0x7f, 0xeb, 0x1b, 0xe7, 0xdf, 0xf7, 0xbb, 0xdf, 0x38, 0xff, 0xbe, 0x3f, 0xf8, 0xc6, 0xf9, 0xf7,
+	0x7d, 0xd7, 0xfd, 0xf3, 0xd6, 0x6f, 0xdd, 0x3f, 0x6f, 0xfd, 0xee, 0xfd, 0xf3, 0xd6, 0x1f, 0xdc,
+	0x3f, 0x6f, 0xfd, 0xf1, 0xfd, 0xf3, 0xd6, 0x17, 0xff, 0xe4, 0xfc, 0xfb, 0xde, 0x44, 0x71, 0x00,
+	0xd1, 0xcb, 0x74, 0x74, 0x2e, 0xef, 0x5e, 0xf9, 0x5f, 0x01, 0x00, 0x00, 0xff, 0xff, 0xbd, 0x0b,
+	0x0a, 0x3d, 0x91, 0x13, 0x01, 0x00,
 }
 
 func (m *AWSElasticBlockStoreVolumeSource) Marshal() (dAtA []byte, err error) {
@@ -8752,6 +8820,15 @@ func (m *Container) MarshalToSizedBuffer(dAtA []byte) (int, error) {
 	_ = i
 	var l int
 	_ = l
+	if m.RestartPolicy != nil {
+		i -= len(*m.RestartPolicy)
+		copy(dAtA[i:], *m.RestartPolicy)
+		i = encodeVarintGenerated(dAtA, i, uint64(len(*m.RestartPolicy)))
+		i--
+		dAtA[i] = 0x1
+		i--
+		dAtA[i] = 0xc2
+	}
 	if len(m.ResizePolicy) > 0 {
 		for iNdEx := len(m.ResizePolicy) - 1; iNdEx >= 0; iNdEx-- {
 			{
@@ -10105,6 +10182,15 @@ func (m *EphemeralContainerCommon) MarshalToSizedBuffer(dAtA []byte) (int, error
 	_ = i
 	var l int
 	_ = l
+	if m.RestartPolicy != nil {
+		i -= len(*m.RestartPolicy)
+		copy(dAtA[i:], *m.RestartPolicy)
+		i = encodeVarintGenerated(dAtA, i, uint64(len(*m.RestartPolicy)))
+		i--
+		dAtA[i] = 0x1
+		i--
+		dAtA[i] = 0xc2
+	}
 	if len(m.ResizePolicy) > 0 {
 		for iNdEx := len(m.ResizePolicy) - 1; iNdEx >= 0; iNdEx-- {
 			{
@@ -11255,6 +11341,34 @@ func (m *HostAlias) MarshalToSizedBuffer(dAtA []byte) (int, error) {
 	return len(dAtA) - i, nil
 }
 
+func (m *HostIP) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *HostIP) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *HostIP) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	i -= len(m.IP)
+	copy(dAtA[i:], m.IP)
+	i = encodeVarintGenerated(dAtA, i, uint64(len(m.IP)))
+	i--
+	dAtA[i] = 0xa
+	return len(dAtA) - i, nil
+}
+
 func (m *HostPathVolumeSource) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
@@ -13740,12 +13854,29 @@ func (m *PersistentVolumeClaimStatus) MarshalToSizedBuffer(dAtA []byte) (int, er
 	_ = i
 	var l int
 	_ = l
-	if m.ResizeStatus != nil {
-		i -= len(*m.ResizeStatus)
-		copy(dAtA[i:], *m.ResizeStatus)
-		i = encodeVarintGenerated(dAtA, i, uint64(len(*m.ResizeStatus)))
-		i--
-		dAtA[i] = 0x32
+	if len(m.AllocatedResourceStatuses) > 0 {
+		keysForAllocatedResourceStatuses := make([]string, 0, len(m.AllocatedResourceStatuses))
+		for k := range m.AllocatedResourceStatuses {
+			keysForAllocatedResourceStatuses = append(keysForAllocatedResourceStatuses, string(k))
+		}
+		github_com_gogo_protobuf_sortkeys.Strings(keysForAllocatedResourceStatuses)
+		for iNdEx := len(keysForAllocatedResourceStatuses) - 1; iNdEx >= 0; iNdEx-- {
+			v := m.AllocatedResourceStatuses[ResourceName(keysForAllocatedResourceStatuses[iNdEx])]
+			baseI := i
+			i -= len(v)
+			copy(dAtA[i:], v)
+			i = encodeVarintGenerated(dAtA, i, uint64(len(v)))
+			i--
+			dAtA[i] = 0x12
+			i -= len(keysForAllocatedResourceStatuses[iNdEx])
+			copy(dAtA[i:], keysForAllocatedResourceStatuses[iNdEx])
+			i = encodeVarintGenerated(dAtA, i, uint64(len(keysForAllocatedResourceStatuses[iNdEx])))
+			i--
+			dAtA[i] = 0xa
+			i = encodeVarintGenerated(dAtA, i, uint64(baseI-i))
+			i--
+			dAtA[i] = 0x3a
+		}
 	}
 	if len(m.AllocatedResources) > 0 {
 		keysForAllocatedResources := make([]string, 0, len(m.AllocatedResources))
@@ -14404,6 +14535,18 @@ func (m *PersistentVolumeStatus) MarshalToSizedBuffer(dAtA []byte) (int, error)
 	_ = i
 	var l int
 	_ = l
+	if m.LastPhaseTransitionTime != nil {
+		{
+			size, err := m.LastPhaseTransitionTime.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintGenerated(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x22
+	}
 	i -= len(m.Reason)
 	copy(dAtA[i:], m.Reason)
 	i = encodeVarintGenerated(dAtA, i, uint64(len(m.Reason)))
@@ -15267,6 +15410,41 @@ func (m *PodResourceClaim) MarshalToSizedBuffer(dAtA []byte) (int, error) {
 	return len(dAtA) - i, nil
 }
 
+func (m *PodResourceClaimStatus) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *PodResourceClaimStatus) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *PodResourceClaimStatus) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.ResourceClaimName != nil {
+		i -= len(*m.ResourceClaimName)
+		copy(dAtA[i:], *m.ResourceClaimName)
+		i = encodeVarintGenerated(dAtA, i, uint64(len(*m.ResourceClaimName)))
+		i--
+		dAtA[i] = 0x12
+	}
+	i -= len(m.Name)
+	copy(dAtA[i:], m.Name)
+	i = encodeVarintGenerated(dAtA, i, uint64(len(m.Name)))
+	i--
+	dAtA[i] = 0xa
+	return len(dAtA) - i, nil
+}
+
 func (m *PodSchedulingGate) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
@@ -15936,6 +16114,36 @@ func (m *PodStatus) MarshalToSizedBuffer(dAtA []byte) (int, error) {
 	_ = i
 	var l int
 	_ = l
+	if len(m.HostIPs) > 0 {
+		for iNdEx := len(m.HostIPs) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.HostIPs[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintGenerated(dAtA, i, uint64(size))
+			}
+			i--
+			dAtA[i] = 0x1
+			i--
+			dAtA[i] = 0x82
+		}
+	}
+	if len(m.ResourceClaimStatuses) > 0 {
+		for iNdEx := len(m.ResourceClaimStatuses) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.ResourceClaimStatuses[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintGenerated(dAtA, i, uint64(size))
+			}
+			i--
+			dAtA[i] = 0x7a
+		}
+	}
 	i -= len(m.Resize)
 	copy(dAtA[i:], m.Resize)
 	i = encodeVarintGenerated(dAtA, i, uint64(len(m.Resize)))
@@ -20970,6 +21178,10 @@ func (m *Container) Size() (n int) {
 			n += 2 + l + sovGenerated(uint64(l))
 		}
 	}
+	if m.RestartPolicy != nil {
+		l = len(*m.RestartPolicy)
+		n += 2 + l + sovGenerated(uint64(l))
+	}
 	return n
 }
 
@@ -21469,6 +21681,10 @@ func (m *EphemeralContainerCommon) Size() (n int) {
 			n += 2 + l + sovGenerated(uint64(l))
 		}
 	}
+	if m.RestartPolicy != nil {
+		l = len(*m.RestartPolicy)
+		n += 2 + l + sovGenerated(uint64(l))
+	}
 	return n
 }
 
@@ -21805,6 +22021,17 @@ func (m *HostAlias) Size() (n int) {
 	return n
 }
 
+func (m *HostIP) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = len(m.IP)
+	n += 1 + l + sovGenerated(uint64(l))
+	return n
+}
+
 func (m *HostPathVolumeSource) Size() (n int) {
 	if m == nil {
 		return 0
@@ -22744,9 +22971,13 @@ func (m *PersistentVolumeClaimStatus) Size() (n int) {
 			n += mapEntrySize + 1 + sovGenerated(uint64(mapEntrySize))
 		}
 	}
-	if m.ResizeStatus != nil {
-		l = len(*m.ResizeStatus)
-		n += 1 + l + sovGenerated(uint64(l))
+	if len(m.AllocatedResourceStatuses) > 0 {
+		for k, v := range m.AllocatedResourceStatuses {
+			_ = k
+			_ = v
+			mapEntrySize := 1 + len(k) + sovGenerated(uint64(len(k))) + 1 + len(v) + sovGenerated(uint64(len(v)))
+			n += mapEntrySize + 1 + sovGenerated(uint64(mapEntrySize))
+		}
 	}
 	return n
 }
@@ -22950,6 +23181,10 @@ func (m *PersistentVolumeStatus) Size() (n int) {
 	n += 1 + l + sovGenerated(uint64(l))
 	l = len(m.Reason)
 	n += 1 + l + sovGenerated(uint64(l))
+	if m.LastPhaseTransitionTime != nil {
+		l = m.LastPhaseTransitionTime.Size()
+		n += 1 + l + sovGenerated(uint64(l))
+	}
 	return n
 }
 
@@ -23263,6 +23498,21 @@ func (m *PodResourceClaim) Size() (n int) {
 	return n
 }
 
+func (m *PodResourceClaimStatus) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = len(m.Name)
+	n += 1 + l + sovGenerated(uint64(l))
+	if m.ResourceClaimName != nil {
+		l = len(*m.ResourceClaimName)
+		n += 1 + l + sovGenerated(uint64(l))
+	}
+	return n
+}
+
 func (m *PodSchedulingGate) Size() (n int) {
 	if m == nil {
 		return 0
@@ -23552,6 +23802,18 @@ func (m *PodStatus) Size() (n int) {
 	}
 	l = len(m.Resize)
 	n += 1 + l + sovGenerated(uint64(l))
+	if len(m.ResourceClaimStatuses) > 0 {
+		for _, e := range m.ResourceClaimStatuses {
+			l = e.Size()
+			n += 1 + l + sovGenerated(uint64(l))
+		}
+	}
+	if len(m.HostIPs) > 0 {
+		for _, e := range m.HostIPs {
+			l = e.Size()
+			n += 2 + l + sovGenerated(uint64(l))
+		}
+	}
 	return n
 }
 
@@ -25585,6 +25847,7 @@ func (this *Container) String() string {
 		`VolumeDevices:` + repeatedStringForVolumeDevices + `,`,
 		`StartupProbe:` + strings.Replace(this.StartupProbe.String(), "Probe", "Probe", 1) + `,`,
 		`ResizePolicy:` + repeatedStringForResizePolicy + `,`,
+		`RestartPolicy:` + valueToStringGenerated(this.RestartPolicy) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -25960,6 +26223,7 @@ func (this *EphemeralContainerCommon) String() string {
 		`VolumeDevices:` + repeatedStringForVolumeDevices + `,`,
 		`StartupProbe:` + strings.Replace(this.StartupProbe.String(), "Probe", "Probe", 1) + `,`,
 		`ResizePolicy:` + repeatedStringForResizePolicy + `,`,
+		`RestartPolicy:` + valueToStringGenerated(this.RestartPolicy) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -26221,6 +26485,16 @@ func (this *HostAlias) String() string {
 	}, "")
 	return s
 }
+func (this *HostIP) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&HostIP{`,
+		`IP:` + fmt.Sprintf("%v", this.IP) + `,`,
+		`}`,
+	}, "")
+	return s
+}
 func (this *HostPathVolumeSource) String() string {
 	if this == nil {
 		return "nil"
@@ -26972,13 +27246,23 @@ func (this *PersistentVolumeClaimStatus) String() string {
 		mapStringForAllocatedResources += fmt.Sprintf("%v: %v,", k, this.AllocatedResources[ResourceName(k)])
 	}
 	mapStringForAllocatedResources += "}"
+	keysForAllocatedResourceStatuses := make([]string, 0, len(this.AllocatedResourceStatuses))
+	for k := range this.AllocatedResourceStatuses {
+		keysForAllocatedResourceStatuses = append(keysForAllocatedResourceStatuses, string(k))
+	}
+	github_com_gogo_protobuf_sortkeys.Strings(keysForAllocatedResourceStatuses)
+	mapStringForAllocatedResourceStatuses := "map[ResourceName]ClaimResourceStatus{"
+	for _, k := range keysForAllocatedResourceStatuses {
+		mapStringForAllocatedResourceStatuses += fmt.Sprintf("%v: %v,", k, this.AllocatedResourceStatuses[ResourceName(k)])
+	}
+	mapStringForAllocatedResourceStatuses += "}"
 	s := strings.Join([]string{`&PersistentVolumeClaimStatus{`,
 		`Phase:` + fmt.Sprintf("%v", this.Phase) + `,`,
 		`AccessModes:` + fmt.Sprintf("%v", this.AccessModes) + `,`,
 		`Capacity:` + mapStringForCapacity + `,`,
 		`Conditions:` + repeatedStringForConditions + `,`,
 		`AllocatedResources:` + mapStringForAllocatedResources + `,`,
-		`ResizeStatus:` + valueToStringGenerated(this.ResizeStatus) + `,`,
+		`AllocatedResourceStatuses:` + mapStringForAllocatedResourceStatuses + `,`,
 		`}`,
 	}, "")
 	return s
@@ -27088,6 +27372,7 @@ func (this *PersistentVolumeStatus) String() string {
 		`Phase:` + fmt.Sprintf("%v", this.Phase) + `,`,
 		`Message:` + fmt.Sprintf("%v", this.Message) + `,`,
 		`Reason:` + fmt.Sprintf("%v", this.Reason) + `,`,
+		`LastPhaseTransitionTime:` + strings.Replace(fmt.Sprintf("%v", this.LastPhaseTransitionTime), "Time", "v1.Time", 1) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -27337,6 +27622,17 @@ func (this *PodResourceClaim) String() string {
 	}, "")
 	return s
 }
+func (this *PodResourceClaimStatus) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&PodResourceClaimStatus{`,
+		`Name:` + fmt.Sprintf("%v", this.Name) + `,`,
+		`ResourceClaimName:` + valueToStringGenerated(this.ResourceClaimName) + `,`,
+		`}`,
+	}, "")
+	return s
+}
 func (this *PodSchedulingGate) String() string {
 	if this == nil {
 		return "nil"
@@ -27533,6 +27829,16 @@ func (this *PodStatus) String() string {
 		repeatedStringForEphemeralContainerStatuses += strings.Replace(strings.Replace(f.String(), "ContainerStatus", "ContainerStatus", 1), `&`, ``, 1) + ","
 	}
 	repeatedStringForEphemeralContainerStatuses += "}"
+	repeatedStringForResourceClaimStatuses := "[]PodResourceClaimStatus{"
+	for _, f := range this.ResourceClaimStatuses {
+		repeatedStringForResourceClaimStatuses += strings.Replace(strings.Replace(f.String(), "PodResourceClaimStatus", "PodResourceClaimStatus", 1), `&`, ``, 1) + ","
+	}
+	repeatedStringForResourceClaimStatuses += "}"
+	repeatedStringForHostIPs := "[]HostIP{"
+	for _, f := range this.HostIPs {
+		repeatedStringForHostIPs += strings.Replace(strings.Replace(f.String(), "HostIP", "HostIP", 1), `&`, ``, 1) + ","
+	}
+	repeatedStringForHostIPs += "}"
 	s := strings.Join([]string{`&PodStatus{`,
 		`Phase:` + fmt.Sprintf("%v", this.Phase) + `,`,
 		`Conditions:` + repeatedStringForConditions + `,`,
@@ -27548,6 +27854,8 @@ func (this *PodStatus) String() string {
 		`PodIPs:` + repeatedStringForPodIPs + `,`,
 		`EphemeralContainerStatuses:` + repeatedStringForEphemeralContainerStatuses + `,`,
 		`Resize:` + fmt.Sprintf("%v", this.Resize) + `,`,
+		`ResourceClaimStatuses:` + repeatedStringForResourceClaimStatuses + `,`,
+		`HostIPs:` + repeatedStringForHostIPs + `,`,
 		`}`,
 	}, "")
 	return s
@@ -34125,6 +34433,39 @@ func (m *Container) Unmarshal(dAtA []byte) error {
 				return err
 			}
 			iNdEx = postIndex
+		case 24:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field RestartPolicy", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			s := ContainerRestartPolicy(dAtA[iNdEx:postIndex])
+			m.RestartPolicy = &s
+			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
 			skippy, err := skipGenerated(dAtA[iNdEx:])
@@ -38278,6 +38619,39 @@ func (m *EphemeralContainerCommon) Unmarshal(dAtA []byte) error {
 				return err
 			}
 			iNdEx = postIndex
+		case 24:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field RestartPolicy", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			s := ContainerRestartPolicy(dAtA[iNdEx:postIndex])
+			m.RestartPolicy = &s
+			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
 			skippy, err := skipGenerated(dAtA[iNdEx:])
@@ -41368,6 +41742,88 @@ func (m *HostAlias) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
+func (m *HostIP) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowGenerated
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: HostIP: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: HostIP: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field IP", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.IP = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipGenerated(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
 func (m *HostPathVolumeSource) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
@@ -49625,11 +50081,140 @@ func (m *PersistentVolumeClaimStatus) Unmarshal(dAtA []byte) error {
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			if m.AllocatedResources == nil {
-				m.AllocatedResources = make(ResourceList)
+			if m.AllocatedResources == nil {
+				m.AllocatedResources = make(ResourceList)
+			}
+			var mapkey ResourceName
+			mapvalue := &resource.Quantity{}
+			for iNdEx < postIndex {
+				entryPreIndex := iNdEx
+				var wire uint64
+				for shift := uint(0); ; shift += 7 {
+					if shift >= 64 {
+						return ErrIntOverflowGenerated
+					}
+					if iNdEx >= l {
+						return io.ErrUnexpectedEOF
+					}
+					b := dAtA[iNdEx]
+					iNdEx++
+					wire |= uint64(b&0x7F) << shift
+					if b < 0x80 {
+						break
+					}
+				}
+				fieldNum := int32(wire >> 3)
+				if fieldNum == 1 {
+					var stringLenmapkey uint64
+					for shift := uint(0); ; shift += 7 {
+						if shift >= 64 {
+							return ErrIntOverflowGenerated
+						}
+						if iNdEx >= l {
+							return io.ErrUnexpectedEOF
+						}
+						b := dAtA[iNdEx]
+						iNdEx++
+						stringLenmapkey |= uint64(b&0x7F) << shift
+						if b < 0x80 {
+							break
+						}
+					}
+					intStringLenmapkey := int(stringLenmapkey)
+					if intStringLenmapkey < 0 {
+						return ErrInvalidLengthGenerated
+					}
+					postStringIndexmapkey := iNdEx + intStringLenmapkey
+					if postStringIndexmapkey < 0 {
+						return ErrInvalidLengthGenerated
+					}
+					if postStringIndexmapkey > l {
+						return io.ErrUnexpectedEOF
+					}
+					mapkey = ResourceName(dAtA[iNdEx:postStringIndexmapkey])
+					iNdEx = postStringIndexmapkey
+				} else if fieldNum == 2 {
+					var mapmsglen int
+					for shift := uint(0); ; shift += 7 {
+						if shift >= 64 {
+							return ErrIntOverflowGenerated
+						}
+						if iNdEx >= l {
+							return io.ErrUnexpectedEOF
+						}
+						b := dAtA[iNdEx]
+						iNdEx++
+						mapmsglen |= int(b&0x7F) << shift
+						if b < 0x80 {
+							break
+						}
+					}
+					if mapmsglen < 0 {
+						return ErrInvalidLengthGenerated
+					}
+					postmsgIndex := iNdEx + mapmsglen
+					if postmsgIndex < 0 {
+						return ErrInvalidLengthGenerated
+					}
+					if postmsgIndex > l {
+						return io.ErrUnexpectedEOF
+					}
+					mapvalue = &resource.Quantity{}
+					if err := mapvalue.Unmarshal(dAtA[iNdEx:postmsgIndex]); err != nil {
+						return err
+					}
+					iNdEx = postmsgIndex
+				} else {
+					iNdEx = entryPreIndex
+					skippy, err := skipGenerated(dAtA[iNdEx:])
+					if err != nil {
+						return err
+					}
+					if (skippy < 0) || (iNdEx+skippy) < 0 {
+						return ErrInvalidLengthGenerated
+					}
+					if (iNdEx + skippy) > postIndex {
+						return io.ErrUnexpectedEOF
+					}
+					iNdEx += skippy
+				}
+			}
+			m.AllocatedResources[ResourceName(mapkey)] = *mapvalue
+			iNdEx = postIndex
+		case 7:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field AllocatedResourceStatuses", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.AllocatedResourceStatuses == nil {
+				m.AllocatedResourceStatuses = make(map[ResourceName]ClaimResourceStatus)
 			}
 			var mapkey ResourceName
-			mapvalue := &resource.Quantity{}
+			var mapvalue ClaimResourceStatus
 			for iNdEx < postIndex {
 				entryPreIndex := iNdEx
 				var wire uint64
@@ -49678,7 +50263,7 @@ func (m *PersistentVolumeClaimStatus) Unmarshal(dAtA []byte) error {
 					mapkey = ResourceName(dAtA[iNdEx:postStringIndexmapkey])
 					iNdEx = postStringIndexmapkey
 				} else if fieldNum == 2 {
-					var mapmsglen int
+					var stringLenmapvalue uint64
 					for shift := uint(0); ; shift += 7 {
 						if shift >= 64 {
 							return ErrIntOverflowGenerated
@@ -49688,26 +50273,24 @@ func (m *PersistentVolumeClaimStatus) Unmarshal(dAtA []byte) error {
 						}
 						b := dAtA[iNdEx]
 						iNdEx++
-						mapmsglen |= int(b&0x7F) << shift
+						stringLenmapvalue |= uint64(b&0x7F) << shift
 						if b < 0x80 {
 							break
 						}
 					}
-					if mapmsglen < 0 {
+					intStringLenmapvalue := int(stringLenmapvalue)
+					if intStringLenmapvalue < 0 {
 						return ErrInvalidLengthGenerated
 					}
-					postmsgIndex := iNdEx + mapmsglen
-					if postmsgIndex < 0 {
+					postStringIndexmapvalue := iNdEx + intStringLenmapvalue
+					if postStringIndexmapvalue < 0 {
 						return ErrInvalidLengthGenerated
 					}
-					if postmsgIndex > l {
+					if postStringIndexmapvalue > l {
 						return io.ErrUnexpectedEOF
 					}
-					mapvalue = &resource.Quantity{}
-					if err := mapvalue.Unmarshal(dAtA[iNdEx:postmsgIndex]); err != nil {
-						return err
-					}
-					iNdEx = postmsgIndex
+					mapvalue = ClaimResourceStatus(dAtA[iNdEx:postStringIndexmapvalue])
+					iNdEx = postStringIndexmapvalue
 				} else {
 					iNdEx = entryPreIndex
 					skippy, err := skipGenerated(dAtA[iNdEx:])
@@ -49723,40 +50306,7 @@ func (m *PersistentVolumeClaimStatus) Unmarshal(dAtA []byte) error {
 					iNdEx += skippy
 				}
 			}
-			m.AllocatedResources[ResourceName(mapkey)] = *mapvalue
-			iNdEx = postIndex
-		case 6:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field ResizeStatus", wireType)
-			}
-			var stringLen uint64
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowGenerated
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				stringLen |= uint64(b&0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-			intStringLen := int(stringLen)
-			if intStringLen < 0 {
-				return ErrInvalidLengthGenerated
-			}
-			postIndex := iNdEx + intStringLen
-			if postIndex < 0 {
-				return ErrInvalidLengthGenerated
-			}
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
-			}
-			s := PersistentVolumeClaimResizeStatus(dAtA[iNdEx:postIndex])
-			m.ResizeStatus = &s
+			m.AllocatedResourceStatuses[ResourceName(mapkey)] = ((ClaimResourceStatus)(mapvalue))
 			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
@@ -51526,6 +52076,42 @@ func (m *PersistentVolumeStatus) Unmarshal(dAtA []byte) error {
 			}
 			m.Reason = string(dAtA[iNdEx:postIndex])
 			iNdEx = postIndex
+		case 4:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field LastPhaseTransitionTime", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.LastPhaseTransitionTime == nil {
+				m.LastPhaseTransitionTime = &v1.Time{}
+			}
+			if err := m.LastPhaseTransitionTime.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
 			skippy, err := skipGenerated(dAtA[iNdEx:])
@@ -54039,6 +54625,121 @@ func (m *PodResourceClaim) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
+func (m *PodResourceClaimStatus) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowGenerated
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: PodResourceClaimStatus: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: PodResourceClaimStatus: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Name = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 2:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field ResourceClaimName", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			s := string(dAtA[iNdEx:postIndex])
+			m.ResourceClaimName = &s
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipGenerated(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
 func (m *PodSchedulingGate) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
@@ -56483,6 +57184,74 @@ func (m *PodStatus) Unmarshal(dAtA []byte) error {
 			}
 			m.Resize = PodResizeStatus(dAtA[iNdEx:postIndex])
 			iNdEx = postIndex
+		case 15:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field ResourceClaimStatuses", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.ResourceClaimStatuses = append(m.ResourceClaimStatuses, PodResourceClaimStatus{})
+			if err := m.ResourceClaimStatuses[len(m.ResourceClaimStatuses)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 16:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field HostIPs", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.HostIPs = append(m.HostIPs, HostIP{})
+			if err := m.HostIPs[len(m.HostIPs)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
 			skippy, err := skipGenerated(dAtA[iNdEx:])
diff --git a/vendor/k8s.io/api/core/v1/generated.proto b/vendor/k8s.io/api/core/v1/generated.proto
index 8ef67ca40..901e83731 100644
--- a/vendor/k8s.io/api/core/v1/generated.proto
+++ b/vendor/k8s.io/api/core/v1/generated.proto
@@ -414,15 +414,9 @@ message ClaimSource {
   //
   // The template will be used to create a new ResourceClaim, which will
   // be bound to this pod. When this pod is deleted, the ResourceClaim
-  // will also be deleted. The name of the ResourceClaim will be <pod
-  // name>-<resource name>, where <resource name> is the
-  // PodResourceClaim.Name. Pod validation will reject the pod if the
-  // concatenated name is not valid for a ResourceClaim (e.g. too long).
-  //
-  // An existing ResourceClaim with that name that is not owned by the
-  // pod will not be used for the pod to avoid using an unrelated
-  // resource by mistake. Scheduling and pod startup are then blocked
-  // until the unrelated ResourceClaim is removed.
+  // will also be deleted. The pod name and resource name, along with a
+  // generated component, will be used to form a unique name for the
+  // ResourceClaim, which will be recorded in pod.status.resourceClaimStatuses.
   //
   // This field is immutable and no changes will be made to the
   // corresponding ResourceClaim by the control plane after creating the
@@ -729,6 +723,25 @@ message Container {
   // +listType=atomic
   repeated ContainerResizePolicy resizePolicy = 23;
 
+  // RestartPolicy defines the restart behavior of individual containers in a pod.
+  // This field may only be set for init containers, and the only allowed value is "Always".
+  // For non-init containers or when this field is not specified,
+  // the restart behavior is defined by the Pod's restart policy and the container type.
+  // Setting the RestartPolicy as "Always" for the init container will have the following effect:
+  // this init container will be continually restarted on
+  // exit until all regular containers have terminated. Once all regular
+  // containers have completed, all init containers with restartPolicy "Always"
+  // will be shut down. This lifecycle differs from normal init containers and
+  // is often referred to as a "sidecar" container. Although this init
+  // container still starts in the init container sequence, it does not wait
+  // for the container to complete before proceeding to the next init
+  // container. Instead, the next init container starts immediately after this
+  // init container is started, or after any startupProbe has successfully
+  // completed.
+  // +featureGate=SidecarContainers
+  // +optional
+  optional string restartPolicy = 24;
+
   // Pod volumes to mount into the container's filesystem.
   // Cannot be updated.
   // +optional
@@ -1147,6 +1160,8 @@ message EndpointPort {
   //
   // * Kubernetes-defined prefixed names:
   //   * 'kubernetes.io/h2c' - HTTP/2 over cleartext as described in https://www.rfc-editor.org/rfc/rfc7540
+  //   * 'kubernetes.io/ws'  - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455
+  //   * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455
   //
   // * Other protocols should use implementation-defined prefixed names such as
   // mycompany.com/my-custom-protocol.
@@ -1386,6 +1401,14 @@ message EphemeralContainerCommon {
   // +listType=atomic
   repeated ContainerResizePolicy resizePolicy = 23;
 
+  // Restart policy for the container to manage the restart behavior of each
+  // container within a pod.
+  // This may only be set for init containers. You cannot set this field on
+  // ephemeral containers.
+  // +featureGate=SidecarContainers
+  // +optional
+  optional string restartPolicy = 24;
+
   // Pod volumes to mount into the container's filesystem. Subpath mounts are not allowed for ephemeral containers.
   // Cannot be updated.
   // +optional
@@ -1871,6 +1894,12 @@ message HostAlias {
   repeated string hostnames = 2;
 }
 
+// HostIP represents a single IP address allocated to the host.
+message HostIP {
+  // IP is the IP address assigned to the host
+  optional string ip = 1;
+}
+
 // Represents a host path mapped into a pod.
 // Host path volumes do not support ownership management or SELinux relabeling.
 message HostPathVolumeSource {
@@ -2863,25 +2892,71 @@ message PersistentVolumeClaimStatus {
   // +patchStrategy=merge
   repeated PersistentVolumeClaimCondition conditions = 4;
 
-  // allocatedResources is the storage resource within AllocatedResources tracks the capacity allocated to a PVC. It may
-  // be larger than the actual capacity when a volume expansion operation is requested.
+  // allocatedResources tracks the resources allocated to a PVC including its capacity.
+  // Key names follow standard Kubernetes label syntax. Valid values are either:
+  // 	* Un-prefixed keys:
+  // 		- storage - the capacity of the volume.
+  // 	* Custom resources must use implementation-defined prefixed names such as "example.com/my-custom-resource"
+  // Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered
+  // reserved and hence may not be used.
+  //
+  // Capacity reported here may be larger than the actual capacity when a volume expansion operation
+  // is requested.
   // For storage quota, the larger value from allocatedResources and PVC.spec.resources is used.
   // If allocatedResources is not set, PVC.spec.resources alone is used for quota calculation.
   // If a volume expansion capacity request is lowered, allocatedResources is only
   // lowered if there are no expansion operations in progress and if the actual volume capacity
   // is equal or lower than the requested capacity.
+  //
+  // A controller that receives PVC update with previously unknown resourceName
+  // should ignore the update for the purpose it was designed. For example - a controller that
+  // only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid
+  // resources associated with PVC.
+  //
   // This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.
   // +featureGate=RecoverVolumeExpansionFailure
   // +optional
   map<string, k8s.io.apimachinery.pkg.api.resource.Quantity> allocatedResources = 5;
 
-  // resizeStatus stores status of resize operation.
-  // ResizeStatus is not set by default but when expansion is complete resizeStatus is set to empty
-  // string by resize controller or kubelet.
+  // allocatedResourceStatuses stores status of resource being resized for the given PVC.
+  // Key names follow standard Kubernetes label syntax. Valid values are either:
+  // 	* Un-prefixed keys:
+  // 		- storage - the capacity of the volume.
+  // 	* Custom resources must use implementation-defined prefixed names such as "example.com/my-custom-resource"
+  // Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered
+  // reserved and hence may not be used.
+  //
+  // ClaimResourceStatus can be in any of following states:
+  // 	- ControllerResizeInProgress:
+  // 		State set when resize controller starts resizing the volume in control-plane.
+  // 	- ControllerResizeFailed:
+  // 		State set when resize has failed in resize controller with a terminal error.
+  // 	- NodeResizePending:
+  // 		State set when resize controller has finished resizing the volume but further resizing of
+  // 		volume is needed on the node.
+  // 	- NodeResizeInProgress:
+  // 		State set when kubelet starts resizing the volume.
+  // 	- NodeResizeFailed:
+  // 		State set when resizing has failed in kubelet with a terminal error. Transient errors don't set
+  // 		NodeResizeFailed.
+  // For example: if expanding a PVC for more capacity - this field can be one of the following states:
+  // 	- pvc.status.allocatedResourceStatus['storage'] = "ControllerResizeInProgress"
+  //      - pvc.status.allocatedResourceStatus['storage'] = "ControllerResizeFailed"
+  //      - pvc.status.allocatedResourceStatus['storage'] = "NodeResizePending"
+  //      - pvc.status.allocatedResourceStatus['storage'] = "NodeResizeInProgress"
+  //      - pvc.status.allocatedResourceStatus['storage'] = "NodeResizeFailed"
+  // When this field is not set, it means that no resize operation is in progress for the given PVC.
+  //
+  // A controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus
+  // should ignore the update for the purpose it was designed. For example - a controller that
+  // only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid
+  // resources associated with PVC.
+  //
   // This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.
   // +featureGate=RecoverVolumeExpansionFailure
+  // +mapType=granular
   // +optional
-  optional string resizeStatus = 6;
+  map<string, string> allocatedResourceStatuses = 7;
 }
 
 // PersistentVolumeClaimTemplate is used to produce
@@ -3103,6 +3178,13 @@ message PersistentVolumeStatus {
   // for machine parsing and tidy display in the CLI.
   // +optional
   optional string reason = 3;
+
+  // lastPhaseTransitionTime is the time the phase transitioned from one to another
+  // and automatically resets to current time everytime a volume phase transitions.
+  // This is an alpha field and requires enabling PersistentVolumeLastPhaseTransitionTime feature.
+  // +featureGate=PersistentVolumeLastPhaseTransitionTime
+  // +optional
+  optional k8s.io.apimachinery.pkg.apis.meta.v1.Time lastPhaseTransitionTime = 4;
 }
 
 // Represents a Photon Controller persistent disk resource.
@@ -3347,12 +3429,9 @@ message PodExecOptions {
   repeated string command = 6;
 }
 
-// IP address information for entries in the (plural) PodIPs field.
-// Each entry includes:
-//
-// 	IP: An IP address allocated to the pod. Routable at least within the cluster.
+// PodIP represents a single IP address allocated to the pod.
 message PodIP {
-  // ip is an IP address (IPv4 or IPv6) assigned to the pod
+  // IP is the IP address assigned to the pod
   optional string ip = 1;
 }
 
@@ -3469,6 +3548,24 @@ message PodResourceClaim {
   optional ClaimSource source = 2;
 }
 
+// PodResourceClaimStatus is stored in the PodStatus for each PodResourceClaim
+// which references a ResourceClaimTemplate. It stores the generated name for
+// the corresponding ResourceClaim.
+message PodResourceClaimStatus {
+  // Name uniquely identifies this resource claim inside the pod.
+  // This must match the name of an entry in pod.spec.resourceClaims,
+  // which implies that the string must be a DNS_LABEL.
+  optional string name = 1;
+
+  // ResourceClaimName is the name of the ResourceClaim that was
+  // generated for the Pod in the namespace of the Pod. It this is
+  // unset, then generating a ResourceClaim was not necessary. The
+  // pod.spec.resourceClaims entry can be ignored in this case.
+  //
+  // +optional
+  optional string resourceClaimName = 2;
+}
+
 // PodSchedulingGate is associated to a Pod to guard its scheduling.
 message PodSchedulingGate {
   // Name of the scheduling gate.
@@ -3960,11 +4057,23 @@ message PodStatus {
   // +optional
   optional string nominatedNodeName = 11;
 
-  // IP address of the host to which the pod is assigned. Empty if not yet scheduled.
+  // hostIP holds the IP address of the host to which the pod is assigned. Empty if the pod has not started yet.
+  // A pod can be assigned to a node that has a problem in kubelet which in turns mean that HostIP will
+  // not be updated even if there is a node is assigned to pod
   // +optional
   optional string hostIP = 5;
 
-  // IP address allocated to the pod. Routable at least within the cluster.
+  // hostIPs holds the IP addresses allocated to the host. If this field is specified, the first entry must
+  // match the hostIP field. This list is empty if the pod has not started yet.
+  // A pod can be assigned to a node that has a problem in kubelet which in turns means that HostIPs will
+  // not be updated even if there is a node is assigned to this pod.
+  // +optional
+  // +patchStrategy=merge
+  // +patchMergeKey=ip
+  // +listType=atomic
+  repeated HostIP hostIPs = 16;
+
+  // podIP address allocated to the pod. Routable at least within the cluster.
   // Empty if not yet allocated.
   // +optional
   optional string podIP = 6;
@@ -4009,6 +4118,15 @@ message PodStatus {
   // +featureGate=InPlacePodVerticalScaling
   // +optional
   optional string resize = 14;
+
+  // Status of resource claims.
+  // +patchMergeKey=name
+  // +patchStrategy=merge,retainKeys
+  // +listType=map
+  // +listMapKey=name
+  // +featureGate=DynamicResourceAllocation
+  // +optional
+  repeated PodResourceClaimStatus resourceClaimStatuses = 15;
 }
 
 // PodStatusResult is a wrapper for PodStatus returned by kubelet that can be encode/decoded
@@ -4753,7 +4871,7 @@ message SeccompProfile {
   // localhostProfile indicates a profile defined in a file on the node should be used.
   // The profile must be preconfigured on the node to work.
   // Must be a descending path, relative to the kubelet's configured seccomp profile location.
-  // Must only be set if type is "Localhost".
+  // Must be set if type is "Localhost". Must NOT be set for any other type.
   // +optional
   optional string localhostProfile = 2;
 }
@@ -5124,10 +5242,19 @@ message ServicePort {
   optional string protocol = 2;
 
   // The application protocol for this port.
+  // This is used as a hint for implementations to offer richer behavior for protocols that they understand.
   // This field follows standard Kubernetes label syntax.
-  // Un-prefixed names are reserved for IANA standard service names (as per
+  // Valid values are either:
+  //
+  // * Un-prefixed protocol names - reserved for IANA standard service names (as per
   // RFC-6335 and https://www.iana.org/assignments/service-names).
-  // Non-standard protocols should use prefixed names such as
+  //
+  // * Kubernetes-defined prefixed names:
+  //   * 'kubernetes.io/h2c' - HTTP/2 over cleartext as described in https://www.rfc-editor.org/rfc/rfc7540
+  //   * 'kubernetes.io/ws'  - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455
+  //   * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455
+  //
+  // * Other protocols should use implementation-defined prefixed names such as
   // mycompany.com/my-custom-protocol.
   // +optional
   optional string appProtocol = 6;
@@ -5275,10 +5402,9 @@ message ServiceSpec {
   // This feature depends on whether the underlying cloud-provider supports specifying
   // the loadBalancerIP when a load balancer is created.
   // This field will be ignored if the cloud-provider does not support the feature.
-  // Deprecated: This field was under-specified and its meaning varies across implementations,
-  // and it cannot support dual-stack.
-  // As of Kubernetes v1.24, users are encouraged to use implementation-specific annotations when available.
-  // This field may be removed in a future API version.
+  // Deprecated: This field was under-specified and its meaning varies across implementations.
+  // Using it is non-portable and it may not support dual-stack.
+  // Users are encouraged to use implementation-specific annotations when available.
   // +optional
   optional string loadBalancerIP = 8;
 
@@ -6053,12 +6179,9 @@ message WindowsSecurityContextOptions {
   optional string runAsUserName = 3;
 
   // HostProcess determines if a container should be run as a 'Host Process' container.
-  // This field is alpha-level and will only be honored by components that enable the
-  // WindowsHostProcessContainers feature flag. Setting this field without the feature
-  // flag will result in errors when validating the Pod. All of a Pod's containers must
-  // have the same effective HostProcess value (it is not allowed to have a mix of HostProcess
-  // containers and non-HostProcess containers).  In addition, if HostProcess is true
-  // then HostNetwork must also be set to true.
+  // All of a Pod's containers must have the same effective HostProcess value
+  // (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).
+  // In addition, if HostProcess is true then HostNetwork must also be set to true.
   // +optional
   optional bool hostProcess = 4;
 }
diff --git a/vendor/k8s.io/api/core/v1/types.go b/vendor/k8s.io/api/core/v1/types.go
index c831d5961..9e05c2235 100644
--- a/vendor/k8s.io/api/core/v1/types.go
+++ b/vendor/k8s.io/api/core/v1/types.go
@@ -411,6 +411,12 @@ type PersistentVolumeStatus struct {
 	// for machine parsing and tidy display in the CLI.
 	// +optional
 	Reason string `json:"reason,omitempty" protobuf:"bytes,3,opt,name=reason"`
+	// lastPhaseTransitionTime is the time the phase transitioned from one to another
+	// and automatically resets to current time everytime a volume phase transitions.
+	// This is an alpha field and requires enabling PersistentVolumeLastPhaseTransitionTime feature.
+	// +featureGate=PersistentVolumeLastPhaseTransitionTime
+	// +optional
+	LastPhaseTransitionTime *metav1.Time `json:"lastPhaseTransitionTime,omitempty" protobuf:"bytes,4,opt,name=lastPhaseTransitionTime"`
 }
 
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
@@ -558,23 +564,27 @@ const (
 )
 
 // +enum
-type PersistentVolumeClaimResizeStatus string
+// When a controller receives persistentvolume claim update with ClaimResourceStatus for a resource
+// that it does not recognizes, then it should ignore that update and let other controllers
+// handle it.
+type ClaimResourceStatus string
 
 const (
-	// When expansion is complete, the empty string is set by resize controller or kubelet.
-	PersistentVolumeClaimNoExpansionInProgress PersistentVolumeClaimResizeStatus = ""
-	// State set when resize controller starts expanding the volume in control-plane
-	PersistentVolumeClaimControllerExpansionInProgress PersistentVolumeClaimResizeStatus = "ControllerExpansionInProgress"
-	// State set when expansion has failed in resize controller with a terminal error.
-	// Transient errors such as timeout should not set this status and should leave ResizeStatus
+	// State set when resize controller starts resizing the volume in control-plane.
+	PersistentVolumeClaimControllerResizeInProgress ClaimResourceStatus = "ControllerResizeInProgress"
+
+	// State set when resize has failed in resize controller with a terminal error.
+	// Transient errors such as timeout should not set this status and should leave allocatedResourceStatus
 	// unmodified, so as resize controller can resume the volume expansion.
-	PersistentVolumeClaimControllerExpansionFailed PersistentVolumeClaimResizeStatus = "ControllerExpansionFailed"
-	// State set when resize controller has finished expanding the volume but further expansion is needed on the node.
-	PersistentVolumeClaimNodeExpansionPending PersistentVolumeClaimResizeStatus = "NodeExpansionPending"
-	// State set when kubelet starts expanding the volume.
-	PersistentVolumeClaimNodeExpansionInProgress PersistentVolumeClaimResizeStatus = "NodeExpansionInProgress"
-	// State set when expansion has failed in kubelet with a terminal error. Transient errors don't set NodeExpansionFailed.
-	PersistentVolumeClaimNodeExpansionFailed PersistentVolumeClaimResizeStatus = "NodeExpansionFailed"
+	PersistentVolumeClaimControllerResizeFailed ClaimResourceStatus = "ControllerResizeFailed"
+
+	// State set when resize controller has finished resizing the volume but further resizing of volume
+	// is needed on the node.
+	PersistentVolumeClaimNodeResizePending ClaimResourceStatus = "NodeResizePending"
+	// State set when kubelet starts resizing the volume.
+	PersistentVolumeClaimNodeResizeInProgress ClaimResourceStatus = "NodeResizeInProgress"
+	// State set when resizing has failed in kubelet with a terminal error. Transient errors don't set NodeResizeFailed
+	PersistentVolumeClaimNodeResizeFailed ClaimResourceStatus = "NodeResizeFailed"
 )
 
 // PersistentVolumeClaimCondition contains details about state of pvc
@@ -615,24 +625,74 @@ type PersistentVolumeClaimStatus struct {
 	// +patchMergeKey=type
 	// +patchStrategy=merge
 	Conditions []PersistentVolumeClaimCondition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,4,rep,name=conditions"`
-	// allocatedResources is the storage resource within AllocatedResources tracks the capacity allocated to a PVC. It may
-	// be larger than the actual capacity when a volume expansion operation is requested.
+	// allocatedResources tracks the resources allocated to a PVC including its capacity.
+	// Key names follow standard Kubernetes label syntax. Valid values are either:
+	// 	* Un-prefixed keys:
+	//		- storage - the capacity of the volume.
+	//	* Custom resources must use implementation-defined prefixed names such as "example.com/my-custom-resource"
+	// Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered
+	// reserved and hence may not be used.
+	//
+	// Capacity reported here may be larger than the actual capacity when a volume expansion operation
+	// is requested.
 	// For storage quota, the larger value from allocatedResources and PVC.spec.resources is used.
 	// If allocatedResources is not set, PVC.spec.resources alone is used for quota calculation.
 	// If a volume expansion capacity request is lowered, allocatedResources is only
 	// lowered if there are no expansion operations in progress and if the actual volume capacity
 	// is equal or lower than the requested capacity.
+	//
+	// A controller that receives PVC update with previously unknown resourceName
+	// should ignore the update for the purpose it was designed. For example - a controller that
+	// only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid
+	// resources associated with PVC.
+	//
 	// This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.
 	// +featureGate=RecoverVolumeExpansionFailure
 	// +optional
 	AllocatedResources ResourceList `json:"allocatedResources,omitempty" protobuf:"bytes,5,rep,name=allocatedResources,casttype=ResourceList,castkey=ResourceName"`
-	// resizeStatus stores status of resize operation.
-	// ResizeStatus is not set by default but when expansion is complete resizeStatus is set to empty
-	// string by resize controller or kubelet.
+
+	// resizestatus is tombstoned since the field was replaced by allocatedResourceStatus
+	// ResizeStatus *PersistentVolumeClaimResizeStatus `json:"resizeStatus,omitempty" protobuf:"bytes,6,opt,name=resizeStatus,casttype=PersistentVolumeClaimResizeStatus"`
+
+	// allocatedResourceStatuses stores status of resource being resized for the given PVC.
+	// Key names follow standard Kubernetes label syntax. Valid values are either:
+	// 	* Un-prefixed keys:
+	//		- storage - the capacity of the volume.
+	//	* Custom resources must use implementation-defined prefixed names such as "example.com/my-custom-resource"
+	// Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered
+	// reserved and hence may not be used.
+	//
+	// ClaimResourceStatus can be in any of following states:
+	//	- ControllerResizeInProgress:
+	//		State set when resize controller starts resizing the volume in control-plane.
+	// 	- ControllerResizeFailed:
+	//		State set when resize has failed in resize controller with a terminal error.
+	//	- NodeResizePending:
+	//		State set when resize controller has finished resizing the volume but further resizing of
+	//		volume is needed on the node.
+	//	- NodeResizeInProgress:
+	//		State set when kubelet starts resizing the volume.
+	//	- NodeResizeFailed:
+	//		State set when resizing has failed in kubelet with a terminal error. Transient errors don't set
+	//		NodeResizeFailed.
+	// For example: if expanding a PVC for more capacity - this field can be one of the following states:
+	// 	- pvc.status.allocatedResourceStatus['storage'] = "ControllerResizeInProgress"
+	//      - pvc.status.allocatedResourceStatus['storage'] = "ControllerResizeFailed"
+	//      - pvc.status.allocatedResourceStatus['storage'] = "NodeResizePending"
+	//      - pvc.status.allocatedResourceStatus['storage'] = "NodeResizeInProgress"
+	//      - pvc.status.allocatedResourceStatus['storage'] = "NodeResizeFailed"
+	// When this field is not set, it means that no resize operation is in progress for the given PVC.
+	//
+	// A controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus
+	// should ignore the update for the purpose it was designed. For example - a controller that
+	// only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid
+	// resources associated with PVC.
+	//
 	// This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.
 	// +featureGate=RecoverVolumeExpansionFailure
+	// +mapType=granular
 	// +optional
-	ResizeStatus *PersistentVolumeClaimResizeStatus `json:"resizeStatus,omitempty" protobuf:"bytes,6,opt,name=resizeStatus,casttype=PersistentVolumeClaimResizeStatus"`
+	AllocatedResourceStatuses map[ResourceName]ClaimResourceStatus `json:"allocatedResourceStatuses,omitempty" protobuf:"bytes,7,rep,name=allocatedResourceStatuses"`
 }
 
 // +enum
@@ -2446,6 +2506,24 @@ type Container struct {
 	// +optional
 	// +listType=atomic
 	ResizePolicy []ContainerResizePolicy `json:"resizePolicy,omitempty" protobuf:"bytes,23,rep,name=resizePolicy"`
+	// RestartPolicy defines the restart behavior of individual containers in a pod.
+	// This field may only be set for init containers, and the only allowed value is "Always".
+	// For non-init containers or when this field is not specified,
+	// the restart behavior is defined by the Pod's restart policy and the container type.
+	// Setting the RestartPolicy as "Always" for the init container will have the following effect:
+	// this init container will be continually restarted on
+	// exit until all regular containers have terminated. Once all regular
+	// containers have completed, all init containers with restartPolicy "Always"
+	// will be shut down. This lifecycle differs from normal init containers and
+	// is often referred to as a "sidecar" container. Although this init
+	// container still starts in the init container sequence, it does not wait
+	// for the container to complete before proceeding to the next init
+	// container. Instead, the next init container starts immediately after this
+	// init container is started, or after any startupProbe has successfully
+	// completed.
+	// +featureGate=SidecarContainers
+	// +optional
+	RestartPolicy *ContainerRestartPolicy `json:"restartPolicy,omitempty" protobuf:"bytes,24,opt,name=restartPolicy,casttype=ContainerRestartPolicy"`
 	// Pod volumes to mount into the container's filesystem.
 	// Cannot be updated.
 	// +optional
@@ -2842,6 +2920,14 @@ const (
 	RestartPolicyNever     RestartPolicy = "Never"
 )
 
+// ContainerRestartPolicy is the restart policy for a single container.
+// This may only be set for init containers and only allowed value is "Always".
+type ContainerRestartPolicy string
+
+const (
+	ContainerRestartPolicyAlways ContainerRestartPolicy = "Always"
+)
+
 // DNSPolicy defines how a pod's DNS will be configured.
 // +enum
 type DNSPolicy string
@@ -3524,15 +3610,9 @@ type ClaimSource struct {
 	//
 	// The template will be used to create a new ResourceClaim, which will
 	// be bound to this pod. When this pod is deleted, the ResourceClaim
-	// will also be deleted. The name of the ResourceClaim will be <pod
-	// name>-<resource name>, where <resource name> is the
-	// PodResourceClaim.Name. Pod validation will reject the pod if the
-	// concatenated name is not valid for a ResourceClaim (e.g. too long).
-	//
-	// An existing ResourceClaim with that name that is not owned by the
-	// pod will not be used for the pod to avoid using an unrelated
-	// resource by mistake. Scheduling and pod startup are then blocked
-	// until the unrelated ResourceClaim is removed.
+	// will also be deleted. The pod name and resource name, along with a
+	// generated component, will be used to form a unique name for the
+	// ResourceClaim, which will be recorded in pod.status.resourceClaimStatuses.
 	//
 	// This field is immutable and no changes will be made to the
 	// corresponding ResourceClaim by the control plane after creating the
@@ -3540,6 +3620,24 @@ type ClaimSource struct {
 	ResourceClaimTemplateName *string `json:"resourceClaimTemplateName,omitempty" protobuf:"bytes,2,opt,name=resourceClaimTemplateName"`
 }
 
+// PodResourceClaimStatus is stored in the PodStatus for each PodResourceClaim
+// which references a ResourceClaimTemplate. It stores the generated name for
+// the corresponding ResourceClaim.
+type PodResourceClaimStatus struct {
+	// Name uniquely identifies this resource claim inside the pod.
+	// This must match the name of an entry in pod.spec.resourceClaims,
+	// which implies that the string must be a DNS_LABEL.
+	Name string `json:"name" protobuf:"bytes,1,name=name"`
+
+	// ResourceClaimName is the name of the ResourceClaim that was
+	// generated for the Pod in the namespace of the Pod. It this is
+	// unset, then generating a ResourceClaim was not necessary. The
+	// pod.spec.resourceClaims entry can be ignored in this case.
+	//
+	// +optional
+	ResourceClaimName *string `json:"resourceClaimName,omitempty" protobuf:"bytes,2,opt,name=resourceClaimName"`
+}
+
 // OSName is the set of OS'es that can be used in OS.
 type OSName string
 
@@ -3838,7 +3936,7 @@ type SeccompProfile struct {
 	// localhostProfile indicates a profile defined in a file on the node should be used.
 	// The profile must be preconfigured on the node to work.
 	// Must be a descending path, relative to the kubelet's configured seccomp profile location.
-	// Must only be set if type is "Localhost".
+	// Must be set if type is "Localhost". Must NOT be set for any other type.
 	// +optional
 	LocalhostProfile *string `json:"localhostProfile,omitempty" protobuf:"bytes,2,opt,name=localhostProfile"`
 }
@@ -3899,12 +3997,15 @@ type PodDNSConfigOption struct {
 	Value *string `json:"value,omitempty" protobuf:"bytes,2,opt,name=value"`
 }
 
-// IP address information for entries in the (plural) PodIPs field.
-// Each entry includes:
-//
-//	IP: An IP address allocated to the pod. Routable at least within the cluster.
+// PodIP represents a single IP address allocated to the pod.
 type PodIP struct {
-	// ip is an IP address (IPv4 or IPv6) assigned to the pod
+	// IP is the IP address assigned to the pod
+	IP string `json:"ip,omitempty" protobuf:"bytes,1,opt,name=ip"`
+}
+
+// HostIP represents a single IP address allocated to the host.
+type HostIP struct {
+	// IP is the IP address assigned to the host
 	IP string `json:"ip,omitempty" protobuf:"bytes,1,opt,name=ip"`
 }
 
@@ -3976,6 +4077,13 @@ type EphemeralContainerCommon struct {
 	// +optional
 	// +listType=atomic
 	ResizePolicy []ContainerResizePolicy `json:"resizePolicy,omitempty" protobuf:"bytes,23,rep,name=resizePolicy"`
+	// Restart policy for the container to manage the restart behavior of each
+	// container within a pod.
+	// This may only be set for init containers. You cannot set this field on
+	// ephemeral containers.
+	// +featureGate=SidecarContainers
+	// +optional
+	RestartPolicy *ContainerRestartPolicy `json:"restartPolicy,omitempty" protobuf:"bytes,24,opt,name=restartPolicy,casttype=ContainerRestartPolicy"`
 	// Pod volumes to mount into the container's filesystem. Subpath mounts are not allowed for ephemeral containers.
 	// Cannot be updated.
 	// +optional
@@ -4128,10 +4236,23 @@ type PodStatus struct {
 	// +optional
 	NominatedNodeName string `json:"nominatedNodeName,omitempty" protobuf:"bytes,11,opt,name=nominatedNodeName"`
 
-	// IP address of the host to which the pod is assigned. Empty if not yet scheduled.
+	// hostIP holds the IP address of the host to which the pod is assigned. Empty if the pod has not started yet.
+	// A pod can be assigned to a node that has a problem in kubelet which in turns mean that HostIP will
+	// not be updated even if there is a node is assigned to pod
 	// +optional
 	HostIP string `json:"hostIP,omitempty" protobuf:"bytes,5,opt,name=hostIP"`
-	// IP address allocated to the pod. Routable at least within the cluster.
+
+	// hostIPs holds the IP addresses allocated to the host. If this field is specified, the first entry must
+	// match the hostIP field. This list is empty if the pod has not started yet.
+	// A pod can be assigned to a node that has a problem in kubelet which in turns means that HostIPs will
+	// not be updated even if there is a node is assigned to this pod.
+	// +optional
+	// +patchStrategy=merge
+	// +patchMergeKey=ip
+	// +listType=atomic
+	HostIPs []HostIP `json:"hostIPs,omitempty" protobuf:"bytes,16,rep,name=hostIPs" patchStrategy:"merge" patchMergeKey:"ip"`
+
+	// podIP address allocated to the pod. Routable at least within the cluster.
 	// Empty if not yet allocated.
 	// +optional
 	PodIP string `json:"podIP,omitempty" protobuf:"bytes,6,opt,name=podIP"`
@@ -4174,6 +4295,15 @@ type PodStatus struct {
 	// +featureGate=InPlacePodVerticalScaling
 	// +optional
 	Resize PodResizeStatus `json:"resize,omitempty" protobuf:"bytes,14,opt,name=resize,casttype=PodResizeStatus"`
+
+	// Status of resource claims.
+	// +patchMergeKey=name
+	// +patchStrategy=merge,retainKeys
+	// +listType=map
+	// +listMapKey=name
+	// +featureGate=DynamicResourceAllocation
+	// +optional
+	ResourceClaimStatuses []PodResourceClaimStatus `json:"resourceClaimStatuses,omitempty" patchStrategy:"merge,retainKeys" patchMergeKey:"name" protobuf:"bytes,15,rep,name=resourceClaimStatuses"`
 }
 
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
@@ -4714,10 +4844,9 @@ type ServiceSpec struct {
 	// This feature depends on whether the underlying cloud-provider supports specifying
 	// the loadBalancerIP when a load balancer is created.
 	// This field will be ignored if the cloud-provider does not support the feature.
-	// Deprecated: This field was under-specified and its meaning varies across implementations,
-	// and it cannot support dual-stack.
-	// As of Kubernetes v1.24, users are encouraged to use implementation-specific annotations when available.
-	// This field may be removed in a future API version.
+	// Deprecated: This field was under-specified and its meaning varies across implementations.
+	// Using it is non-portable and it may not support dual-stack.
+	// Users are encouraged to use implementation-specific annotations when available.
 	// +optional
 	LoadBalancerIP string `json:"loadBalancerIP,omitempty" protobuf:"bytes,8,opt,name=loadBalancerIP"`
 
@@ -4866,10 +4995,19 @@ type ServicePort struct {
 	Protocol Protocol `json:"protocol,omitempty" protobuf:"bytes,2,opt,name=protocol,casttype=Protocol"`
 
 	// The application protocol for this port.
+	// This is used as a hint for implementations to offer richer behavior for protocols that they understand.
 	// This field follows standard Kubernetes label syntax.
-	// Un-prefixed names are reserved for IANA standard service names (as per
+	// Valid values are either:
+	//
+	// * Un-prefixed protocol names - reserved for IANA standard service names (as per
 	// RFC-6335 and https://www.iana.org/assignments/service-names).
-	// Non-standard protocols should use prefixed names such as
+	//
+	// * Kubernetes-defined prefixed names:
+	//   * 'kubernetes.io/h2c' - HTTP/2 over cleartext as described in https://www.rfc-editor.org/rfc/rfc7540
+	//   * 'kubernetes.io/ws'  - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455
+	//   * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455
+	//
+	// * Other protocols should use implementation-defined prefixed names such as
 	// mycompany.com/my-custom-protocol.
 	// +optional
 	AppProtocol *string `json:"appProtocol,omitempty" protobuf:"bytes,6,opt,name=appProtocol"`
@@ -5110,6 +5248,8 @@ type EndpointPort struct {
 	//
 	// * Kubernetes-defined prefixed names:
 	//   * 'kubernetes.io/h2c' - HTTP/2 over cleartext as described in https://www.rfc-editor.org/rfc/rfc7540
+	//   * 'kubernetes.io/ws'  - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455
+	//   * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455
 	//
 	// * Other protocols should use implementation-defined prefixed names such as
 	// mycompany.com/my-custom-protocol.
@@ -6802,12 +6942,9 @@ type WindowsSecurityContextOptions struct {
 	RunAsUserName *string `json:"runAsUserName,omitempty" protobuf:"bytes,3,opt,name=runAsUserName"`
 
 	// HostProcess determines if a container should be run as a 'Host Process' container.
-	// This field is alpha-level and will only be honored by components that enable the
-	// WindowsHostProcessContainers feature flag. Setting this field without the feature
-	// flag will result in errors when validating the Pod. All of a Pod's containers must
-	// have the same effective HostProcess value (it is not allowed to have a mix of HostProcess
-	// containers and non-HostProcess containers).  In addition, if HostProcess is true
-	// then HostNetwork must also be set to true.
+	// All of a Pod's containers must have the same effective HostProcess value
+	// (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).
+	// In addition, if HostProcess is true then HostNetwork must also be set to true.
 	// +optional
 	HostProcess *bool `json:"hostProcess,omitempty" protobuf:"bytes,4,opt,name=hostProcess"`
 }
diff --git a/vendor/k8s.io/api/core/v1/types_swagger_doc_generated.go b/vendor/k8s.io/api/core/v1/types_swagger_doc_generated.go
index a01ae3717..9734d8b41 100644
--- a/vendor/k8s.io/api/core/v1/types_swagger_doc_generated.go
+++ b/vendor/k8s.io/api/core/v1/types_swagger_doc_generated.go
@@ -212,7 +212,7 @@ func (CinderVolumeSource) SwaggerDoc() map[string]string {
 var map_ClaimSource = map[string]string{
 	"":                          "ClaimSource describes a reference to a ResourceClaim.\n\nExactly one of these fields should be set.  Consumers of this type must treat an empty object as if it has an unknown value.",
 	"resourceClaimName":         "ResourceClaimName is the name of a ResourceClaim object in the same namespace as this pod.",
-	"resourceClaimTemplateName": "ResourceClaimTemplateName is the name of a ResourceClaimTemplate object in the same namespace as this pod.\n\nThe template will be used to create a new ResourceClaim, which will be bound to this pod. When this pod is deleted, the ResourceClaim will also be deleted. The name of the ResourceClaim will be <pod name>-<resource name>, where <resource name> is the PodResourceClaim.Name. Pod validation will reject the pod if the concatenated name is not valid for a ResourceClaim (e.g. too long).\n\nAn existing ResourceClaim with that name that is not owned by the pod will not be used for the pod to avoid using an unrelated resource by mistake. Scheduling and pod startup are then blocked until the unrelated ResourceClaim is removed.\n\nThis field is immutable and no changes will be made to the corresponding ResourceClaim by the control plane after creating the ResourceClaim.",
+	"resourceClaimTemplateName": "ResourceClaimTemplateName is the name of a ResourceClaimTemplate object in the same namespace as this pod.\n\nThe template will be used to create a new ResourceClaim, which will be bound to this pod. When this pod is deleted, the ResourceClaim will also be deleted. The pod name and resource name, along with a generated component, will be used to form a unique name for the ResourceClaim, which will be recorded in pod.status.resourceClaimStatuses.\n\nThis field is immutable and no changes will be made to the corresponding ResourceClaim by the control plane after creating the ResourceClaim.",
 }
 
 func (ClaimSource) SwaggerDoc() map[string]string {
@@ -347,6 +347,7 @@ var map_Container = map[string]string{
 	"env":                      "List of environment variables to set in the container. Cannot be updated.",
 	"resources":                "Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/",
 	"resizePolicy":             "Resources resize policy for the container.",
+	"restartPolicy":            "RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is \"Always\". For non-init containers or when this field is not specified, the restart behavior is defined by the Pod's restart policy and the container type. Setting the RestartPolicy as \"Always\" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy \"Always\" will be shut down. This lifecycle differs from normal init containers and is often referred to as a \"sidecar\" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed.",
 	"volumeMounts":             "Pod volumes to mount into the container's filesystem. Cannot be updated.",
 	"volumeDevices":            "volumeDevices is the list of block devices to be used by the container.",
 	"livenessProbe":            "Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes",
@@ -530,7 +531,7 @@ var map_EndpointPort = map[string]string{
 	"name":        "The name of this port.  This must match the 'name' field in the corresponding ServicePort. Must be a DNS_LABEL. Optional only if one port is defined.",
 	"port":        "The port number of the endpoint.",
 	"protocol":    "The IP protocol for this port. Must be UDP, TCP, or SCTP. Default is TCP.",
-	"appProtocol": "The application protocol for this port. This is used as a hint for implementations to offer richer behavior for protocols that they understand. This field follows standard Kubernetes label syntax. Valid values are either:\n\n* Un-prefixed protocol names - reserved for IANA standard service names (as per RFC-6335 and https://www.iana.org/assignments/service-names).\n\n* Kubernetes-defined prefixed names:\n  * 'kubernetes.io/h2c' - HTTP/2 over cleartext as described in https://www.rfc-editor.org/rfc/rfc7540\n\n* Other protocols should use implementation-defined prefixed names such as mycompany.com/my-custom-protocol.",
+	"appProtocol": "The application protocol for this port. This is used as a hint for implementations to offer richer behavior for protocols that they understand. This field follows standard Kubernetes label syntax. Valid values are either:\n\n* Un-prefixed protocol names - reserved for IANA standard service names (as per RFC-6335 and https://www.iana.org/assignments/service-names).\n\n* Kubernetes-defined prefixed names:\n  * 'kubernetes.io/h2c' - HTTP/2 over cleartext as described in https://www.rfc-editor.org/rfc/rfc7540\n  * 'kubernetes.io/ws'  - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455\n  * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455\n\n* Other protocols should use implementation-defined prefixed names such as mycompany.com/my-custom-protocol.",
 }
 
 func (EndpointPort) SwaggerDoc() map[string]string {
@@ -623,6 +624,7 @@ var map_EphemeralContainerCommon = map[string]string{
 	"env":                      "List of environment variables to set in the container. Cannot be updated.",
 	"resources":                "Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources already allocated to the pod.",
 	"resizePolicy":             "Resources resize policy for the container.",
+	"restartPolicy":            "Restart policy for the container to manage the restart behavior of each container within a pod. This may only be set for init containers. You cannot set this field on ephemeral containers.",
 	"volumeMounts":             "Pod volumes to mount into the container's filesystem. Subpath mounts are not allowed for ephemeral containers. Cannot be updated.",
 	"volumeDevices":            "volumeDevices is the list of block devices to be used by the container.",
 	"livenessProbe":            "Probes are not allowed for ephemeral containers.",
@@ -850,6 +852,15 @@ func (HostAlias) SwaggerDoc() map[string]string {
 	return map_HostAlias
 }
 
+var map_HostIP = map[string]string{
+	"":   "HostIP represents a single IP address allocated to the host.",
+	"ip": "IP is the IP address assigned to the host",
+}
+
+func (HostIP) SwaggerDoc() map[string]string {
+	return map_HostIP
+}
+
 var map_HostPathVolumeSource = map[string]string{
 	"":     "Represents a host path mapped into a pod. Host path volumes do not support ownership management or SELinux relabeling.",
 	"path": "path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath",
@@ -1344,13 +1355,13 @@ func (PersistentVolumeClaimSpec) SwaggerDoc() map[string]string {
 }
 
 var map_PersistentVolumeClaimStatus = map[string]string{
-	"":                   "PersistentVolumeClaimStatus is the current status of a persistent volume claim.",
-	"phase":              "phase represents the current phase of PersistentVolumeClaim.",
-	"accessModes":        "accessModes contains the actual access modes the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1",
-	"capacity":           "capacity represents the actual resources of the underlying volume.",
-	"conditions":         "conditions is the current Condition of persistent volume claim. If underlying persistent volume is being resized then the Condition will be set to 'ResizeStarted'.",
-	"allocatedResources": "allocatedResources is the storage resource within AllocatedResources tracks the capacity allocated to a PVC. It may be larger than the actual capacity when a volume expansion operation is requested. For storage quota, the larger value from allocatedResources and PVC.spec.resources is used. If allocatedResources is not set, PVC.spec.resources alone is used for quota calculation. If a volume expansion capacity request is lowered, allocatedResources is only lowered if there are no expansion operations in progress and if the actual volume capacity is equal or lower than the requested capacity. This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.",
-	"resizeStatus":       "resizeStatus stores status of resize operation. ResizeStatus is not set by default but when expansion is complete resizeStatus is set to empty string by resize controller or kubelet. This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.",
+	"":                          "PersistentVolumeClaimStatus is the current status of a persistent volume claim.",
+	"phase":                     "phase represents the current phase of PersistentVolumeClaim.",
+	"accessModes":               "accessModes contains the actual access modes the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1",
+	"capacity":                  "capacity represents the actual resources of the underlying volume.",
+	"conditions":                "conditions is the current Condition of persistent volume claim. If underlying persistent volume is being resized then the Condition will be set to 'ResizeStarted'.",
+	"allocatedResources":        "allocatedResources tracks the resources allocated to a PVC including its capacity. Key names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered reserved and hence may not be used.\n\nCapacity reported here may be larger than the actual capacity when a volume expansion operation is requested. For storage quota, the larger value from allocatedResources and PVC.spec.resources is used. If allocatedResources is not set, PVC.spec.resources alone is used for quota calculation. If a volume expansion capacity request is lowered, allocatedResources is only lowered if there are no expansion operations in progress and if the actual volume capacity is equal or lower than the requested capacity.\n\nA controller that receives PVC update with previously unknown resourceName should ignore the update for the purpose it was designed. For example - a controller that only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid resources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.",
+	"allocatedResourceStatuses": "allocatedResourceStatuses stores status of resource being resized for the given PVC. Key names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered reserved and hence may not be used.\n\nClaimResourceStatus can be in any of following states:\n\t- ControllerResizeInProgress:\n\t\tState set when resize controller starts resizing the volume in control-plane.\n\t- ControllerResizeFailed:\n\t\tState set when resize has failed in resize controller with a terminal error.\n\t- NodeResizePending:\n\t\tState set when resize controller has finished resizing the volume but further resizing of\n\t\tvolume is needed on the node.\n\t- NodeResizeInProgress:\n\t\tState set when kubelet starts resizing the volume.\n\t- NodeResizeFailed:\n\t\tState set when resizing has failed in kubelet with a terminal error. Transient errors don't set\n\t\tNodeResizeFailed.\nFor example: if expanding a PVC for more capacity - this field can be one of the following states:\n\t- pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeInProgress\"\n     - pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeFailed\"\n     - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizePending\"\n     - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeInProgress\"\n     - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeFailed\"\nWhen this field is not set, it means that no resize operation is in progress for the given PVC.\n\nA controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus should ignore the update for the purpose it was designed. For example - a controller that only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid resources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.",
 }
 
 func (PersistentVolumeClaimStatus) SwaggerDoc() map[string]string {
@@ -1434,10 +1445,11 @@ func (PersistentVolumeSpec) SwaggerDoc() map[string]string {
 }
 
 var map_PersistentVolumeStatus = map[string]string{
-	"":        "PersistentVolumeStatus is the current status of a persistent volume.",
-	"phase":   "phase indicates if a volume is available, bound to a claim, or released by a claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#phase",
-	"message": "message is a human-readable message indicating details about why the volume is in this state.",
-	"reason":  "reason is a brief CamelCase string that describes any failure and is meant for machine parsing and tidy display in the CLI.",
+	"":                        "PersistentVolumeStatus is the current status of a persistent volume.",
+	"phase":                   "phase indicates if a volume is available, bound to a claim, or released by a claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#phase",
+	"message":                 "message is a human-readable message indicating details about why the volume is in this state.",
+	"reason":                  "reason is a brief CamelCase string that describes any failure and is meant for machine parsing and tidy display in the CLI.",
+	"lastPhaseTransitionTime": "lastPhaseTransitionTime is the time the phase transitioned from one to another and automatically resets to current time everytime a volume phase transitions. This is an alpha field and requires enabling PersistentVolumeLastPhaseTransitionTime feature.",
 }
 
 func (PersistentVolumeStatus) SwaggerDoc() map[string]string {
@@ -1559,8 +1571,8 @@ func (PodExecOptions) SwaggerDoc() map[string]string {
 }
 
 var map_PodIP = map[string]string{
-	"":   "IP address information for entries in the (plural) PodIPs field. Each entry includes:\n\n\tIP: An IP address allocated to the pod. Routable at least within the cluster.",
-	"ip": "ip is an IP address (IPv4 or IPv6) assigned to the pod",
+	"":   "PodIP represents a single IP address allocated to the pod.",
+	"ip": "IP is the IP address assigned to the pod",
 }
 
 func (PodIP) SwaggerDoc() map[string]string {
@@ -1640,6 +1652,16 @@ func (PodResourceClaim) SwaggerDoc() map[string]string {
 	return map_PodResourceClaim
 }
 
+var map_PodResourceClaimStatus = map[string]string{
+	"":                  "PodResourceClaimStatus is stored in the PodStatus for each PodResourceClaim which references a ResourceClaimTemplate. It stores the generated name for the corresponding ResourceClaim.",
+	"name":              "Name uniquely identifies this resource claim inside the pod. This must match the name of an entry in pod.spec.resourceClaims, which implies that the string must be a DNS_LABEL.",
+	"resourceClaimName": "ResourceClaimName is the name of the ResourceClaim that was generated for the Pod in the namespace of the Pod. It this is unset, then generating a ResourceClaim was not necessary. The pod.spec.resourceClaims entry can be ignored in this case.",
+}
+
+func (PodResourceClaimStatus) SwaggerDoc() map[string]string {
+	return map_PodResourceClaimStatus
+}
+
 var map_PodSchedulingGate = map[string]string{
 	"":     "PodSchedulingGate is associated to a Pod to guard its scheduling.",
 	"name": "Name of the scheduling gate. Each scheduling gate must have a unique name field.",
@@ -1730,8 +1752,9 @@ var map_PodStatus = map[string]string{
 	"message":                    "A human readable message indicating details about why the pod is in this condition.",
 	"reason":                     "A brief CamelCase message indicating details about why the pod is in this state. e.g. 'Evicted'",
 	"nominatedNodeName":          "nominatedNodeName is set only when this pod preempts other pods on the node, but it cannot be scheduled right away as preemption victims receive their graceful termination periods. This field does not guarantee that the pod will be scheduled on this node. Scheduler may decide to place the pod elsewhere if other nodes become available sooner. Scheduler may also decide to give the resources on this node to a higher priority pod that is created after preemption. As a result, this field may be different than PodSpec.nodeName when the pod is scheduled.",
-	"hostIP":                     "IP address of the host to which the pod is assigned. Empty if not yet scheduled.",
-	"podIP":                      "IP address allocated to the pod. Routable at least within the cluster. Empty if not yet allocated.",
+	"hostIP":                     "hostIP holds the IP address of the host to which the pod is assigned. Empty if the pod has not started yet. A pod can be assigned to a node that has a problem in kubelet which in turns mean that HostIP will not be updated even if there is a node is assigned to pod",
+	"hostIPs":                    "hostIPs holds the IP addresses allocated to the host. If this field is specified, the first entry must match the hostIP field. This list is empty if the pod has not started yet. A pod can be assigned to a node that has a problem in kubelet which in turns means that HostIPs will not be updated even if there is a node is assigned to this pod.",
+	"podIP":                      "podIP address allocated to the pod. Routable at least within the cluster. Empty if not yet allocated.",
 	"podIPs":                     "podIPs holds the IP addresses allocated to the pod. If this field is specified, the 0th entry must match the podIP field. Pods may be allocated at most 1 value for each of IPv4 and IPv6. This list is empty if no IPs have been allocated yet.",
 	"startTime":                  "RFC 3339 date and time at which the object was acknowledged by the Kubelet. This is before the Kubelet pulled the container image(s) for the pod.",
 	"initContainerStatuses":      "The list has one entry per init container in the manifest. The most recent successful init container will have ready = true, the most recently started container will have startTime set. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-and-container-status",
@@ -1739,6 +1762,7 @@ var map_PodStatus = map[string]string{
 	"qosClass":                   "The Quality of Service (QOS) classification assigned to the pod based on resource requirements See PodQOSClass type for available QOS classes More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-qos/#quality-of-service-classes",
 	"ephemeralContainerStatuses": "Status for any ephemeral containers that have run in this pod.",
 	"resize":                     "Status of resources resize desired for pod's containers. It is empty if no resources resize is pending. Any changes to container resources will automatically set this to \"Proposed\"",
+	"resourceClaimStatuses":      "Status of resource claims.",
 }
 
 func (PodStatus) SwaggerDoc() map[string]string {
@@ -2134,7 +2158,7 @@ func (ScopedResourceSelectorRequirement) SwaggerDoc() map[string]string {
 var map_SeccompProfile = map[string]string{
 	"":                 "SeccompProfile defines a pod/container's seccomp profile settings. Only one profile source may be set.",
 	"type":             "type indicates which kind of seccomp profile will be applied. Valid options are:\n\nLocalhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.",
-	"localhostProfile": "localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is \"Localhost\".",
+	"localhostProfile": "localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is \"Localhost\". Must NOT be set for any other type.",
 }
 
 func (SeccompProfile) SwaggerDoc() map[string]string {
@@ -2301,7 +2325,7 @@ var map_ServicePort = map[string]string{
 	"":            "ServicePort contains information on service's port.",
 	"name":        "The name of this port within the service. This must be a DNS_LABEL. All ports within a ServiceSpec must have unique names. When considering the endpoints for a Service, this must match the 'name' field in the EndpointPort. Optional if only one ServicePort is defined on this service.",
 	"protocol":    "The IP protocol for this port. Supports \"TCP\", \"UDP\", and \"SCTP\". Default is TCP.",
-	"appProtocol": "The application protocol for this port. This field follows standard Kubernetes label syntax. Un-prefixed names are reserved for IANA standard service names (as per RFC-6335 and https://www.iana.org/assignments/service-names). Non-standard protocols should use prefixed names such as mycompany.com/my-custom-protocol.",
+	"appProtocol": "The application protocol for this port. This is used as a hint for implementations to offer richer behavior for protocols that they understand. This field follows standard Kubernetes label syntax. Valid values are either:\n\n* Un-prefixed protocol names - reserved for IANA standard service names (as per RFC-6335 and https://www.iana.org/assignments/service-names).\n\n* Kubernetes-defined prefixed names:\n  * 'kubernetes.io/h2c' - HTTP/2 over cleartext as described in https://www.rfc-editor.org/rfc/rfc7540\n  * 'kubernetes.io/ws'  - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455\n  * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455\n\n* Other protocols should use implementation-defined prefixed names such as mycompany.com/my-custom-protocol.",
 	"port":        "The port that will be exposed by this service.",
 	"targetPort":  "Number or name of the port to access on the pods targeted by the service. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. If this is a string, it will be looked up as a named port in the target Pod's container ports. If this is not specified, the value of the 'port' field is used (an identity map). This field is ignored for services with clusterIP=None, and should be omitted or set equal to the 'port' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service",
 	"nodePort":    "The port on each node on which this service is exposed when type is NodePort or LoadBalancer.  Usually assigned by the system. If a value is specified, in-range, and not in use it will be used, otherwise the operation will fail.  If not specified, a port will be allocated if this Service requires one.  If this field is specified when creating a Service which does not need it, creation will fail. This field will be wiped when updating a Service to no longer need it (e.g. changing type from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport",
@@ -2329,7 +2353,7 @@ var map_ServiceSpec = map[string]string{
 	"type":                          "type determines how the Service is exposed. Defaults to ClusterIP. Valid options are ExternalName, ClusterIP, NodePort, and LoadBalancer. \"ClusterIP\" allocates a cluster-internal IP address for load-balancing to endpoints. Endpoints are determined by the selector or if that is not specified, by manual construction of an Endpoints object or EndpointSlice objects. If clusterIP is \"None\", no virtual IP is allocated and the endpoints are published as a set of endpoints rather than a virtual IP. \"NodePort\" builds on ClusterIP and allocates a port on every node which routes to the same endpoints as the clusterIP. \"LoadBalancer\" builds on NodePort and creates an external load-balancer (if supported in the current cloud) which routes to the same endpoints as the clusterIP. \"ExternalName\" aliases this service to the specified externalName. Several other fields do not apply to ExternalName services. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types",
 	"externalIPs":                   "externalIPs is a list of IP addresses for which nodes in the cluster will also accept traffic for this service.  These IPs are not managed by Kubernetes.  The user is responsible for ensuring that traffic arrives at a node with this IP.  A common example is external load-balancers that are not part of the Kubernetes system.",
 	"sessionAffinity":               "Supports \"ClientIP\" and \"None\". Used to maintain session affinity. Enable client IP based session affinity. Must be ClientIP or None. Defaults to None. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies",
-	"loadBalancerIP":                "Only applies to Service Type: LoadBalancer. This feature depends on whether the underlying cloud-provider supports specifying the loadBalancerIP when a load balancer is created. This field will be ignored if the cloud-provider does not support the feature. Deprecated: This field was under-specified and its meaning varies across implementations, and it cannot support dual-stack. As of Kubernetes v1.24, users are encouraged to use implementation-specific annotations when available. This field may be removed in a future API version.",
+	"loadBalancerIP":                "Only applies to Service Type: LoadBalancer. This feature depends on whether the underlying cloud-provider supports specifying the loadBalancerIP when a load balancer is created. This field will be ignored if the cloud-provider does not support the feature. Deprecated: This field was under-specified and its meaning varies across implementations. Using it is non-portable and it may not support dual-stack. Users are encouraged to use implementation-specific annotations when available.",
 	"loadBalancerSourceRanges":      "If specified and supported by the platform, this will restrict traffic through the cloud-provider load-balancer will be restricted to the specified client IPs. This field will be ignored if the cloud-provider does not support the feature.\" More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/",
 	"externalName":                  "externalName is the external reference that discovery mechanisms will return as an alias for this service (e.g. a DNS CNAME record). No proxying will be involved.  Must be a lowercase RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) and requires `type` to be \"ExternalName\".",
 	"externalTrafficPolicy":         "externalTrafficPolicy describes how nodes distribute service traffic they receive on one of the Service's \"externally-facing\" addresses (NodePorts, ExternalIPs, and LoadBalancer IPs). If set to \"Local\", the proxy will configure the service in a way that assumes that external load balancers will take care of balancing the service traffic between nodes, and so each node will deliver traffic only to the node-local endpoints of the service, without masquerading the client source IP. (Traffic mistakenly sent to a node with no endpoints will be dropped.) The default value, \"Cluster\", uses the standard behavior of routing to all endpoints evenly (possibly modified by topology and other features). Note that traffic sent to an External IP or LoadBalancer IP from within the cluster will always get \"Cluster\" semantics, but clients sending to a NodePort from within the cluster may need to take traffic policy into account when picking a node.",
@@ -2612,7 +2636,7 @@ var map_WindowsSecurityContextOptions = map[string]string{
 	"gmsaCredentialSpecName": "GMSACredentialSpecName is the name of the GMSA credential spec to use.",
 	"gmsaCredentialSpec":     "GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.",
 	"runAsUserName":          "The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.",
-	"hostProcess":            "HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).  In addition, if HostProcess is true then HostNetwork must also be set to true.",
+	"hostProcess":            "HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.",
 }
 
 func (WindowsSecurityContextOptions) SwaggerDoc() map[string]string {
diff --git a/vendor/k8s.io/api/core/v1/well_known_labels.go b/vendor/k8s.io/api/core/v1/well_known_labels.go
index 5cf82a981..8c3cb87b8 100644
--- a/vendor/k8s.io/api/core/v1/well_known_labels.go
+++ b/vendor/k8s.io/api/core/v1/well_known_labels.go
@@ -19,6 +19,10 @@ package v1
 const (
 	LabelHostname = "kubernetes.io/hostname"
 
+	// Label value is the network location of kube-apiserver stored as <ip:port>
+	// Stored in APIServer Identity lease objects to view what address is used for peer proxy
+	AnnotationPeerAdvertiseAddress = "kubernetes.io/peer-advertise-address"
+
 	LabelTopologyZone   = "topology.kubernetes.io/zone"
 	LabelTopologyRegion = "topology.kubernetes.io/region"
 
diff --git a/vendor/k8s.io/api/core/v1/zz_generated.deepcopy.go b/vendor/k8s.io/api/core/v1/zz_generated.deepcopy.go
index bfb7e0bff..d76f0bbbc 100644
--- a/vendor/k8s.io/api/core/v1/zz_generated.deepcopy.go
+++ b/vendor/k8s.io/api/core/v1/zz_generated.deepcopy.go
@@ -793,6 +793,11 @@ func (in *Container) DeepCopyInto(out *Container) {
 		*out = make([]ContainerResizePolicy, len(*in))
 		copy(*out, *in)
 	}
+	if in.RestartPolicy != nil {
+		in, out := &in.RestartPolicy, &out.RestartPolicy
+		*out = new(ContainerRestartPolicy)
+		**out = **in
+	}
 	if in.VolumeMounts != nil {
 		in, out := &in.VolumeMounts, &out.VolumeMounts
 		*out = make([]VolumeMount, len(*in))
@@ -1420,6 +1425,11 @@ func (in *EphemeralContainerCommon) DeepCopyInto(out *EphemeralContainerCommon)
 		*out = make([]ContainerResizePolicy, len(*in))
 		copy(*out, *in)
 	}
+	if in.RestartPolicy != nil {
+		in, out := &in.RestartPolicy, &out.RestartPolicy
+		*out = new(ContainerRestartPolicy)
+		**out = **in
+	}
 	if in.VolumeMounts != nil {
 		in, out := &in.VolumeMounts, &out.VolumeMounts
 		*out = make([]VolumeMount, len(*in))
@@ -1871,6 +1881,22 @@ func (in *HostAlias) DeepCopy() *HostAlias {
 	return out
 }
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *HostIP) DeepCopyInto(out *HostIP) {
+	*out = *in
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HostIP.
+func (in *HostIP) DeepCopy() *HostIP {
+	if in == nil {
+		return nil
+	}
+	out := new(HostIP)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *HostPathVolumeSource) DeepCopyInto(out *HostPathVolumeSource) {
 	*out = *in
@@ -2895,7 +2921,7 @@ func (in *PersistentVolume) DeepCopyInto(out *PersistentVolume) {
 	out.TypeMeta = in.TypeMeta
 	in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
 	in.Spec.DeepCopyInto(&out.Spec)
-	out.Status = in.Status
+	in.Status.DeepCopyInto(&out.Status)
 	return
 }
 
@@ -3072,10 +3098,12 @@ func (in *PersistentVolumeClaimStatus) DeepCopyInto(out *PersistentVolumeClaimSt
 			(*out)[key] = val.DeepCopy()
 		}
 	}
-	if in.ResizeStatus != nil {
-		in, out := &in.ResizeStatus, &out.ResizeStatus
-		*out = new(PersistentVolumeClaimResizeStatus)
-		**out = **in
+	if in.AllocatedResourceStatuses != nil {
+		in, out := &in.AllocatedResourceStatuses, &out.AllocatedResourceStatuses
+		*out = make(map[ResourceName]ClaimResourceStatus, len(*in))
+		for key, val := range *in {
+			(*out)[key] = val
+		}
 	}
 	return
 }
@@ -3335,6 +3363,10 @@ func (in *PersistentVolumeSpec) DeepCopy() *PersistentVolumeSpec {
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *PersistentVolumeStatus) DeepCopyInto(out *PersistentVolumeStatus) {
 	*out = *in
+	if in.LastPhaseTransitionTime != nil {
+		in, out := &in.LastPhaseTransitionTime, &out.LastPhaseTransitionTime
+		*out = (*in).DeepCopy()
+	}
 	return
 }
 
@@ -3807,6 +3839,27 @@ func (in *PodResourceClaim) DeepCopy() *PodResourceClaim {
 	return out
 }
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *PodResourceClaimStatus) DeepCopyInto(out *PodResourceClaimStatus) {
+	*out = *in
+	if in.ResourceClaimName != nil {
+		in, out := &in.ResourceClaimName, &out.ResourceClaimName
+		*out = new(string)
+		**out = **in
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodResourceClaimStatus.
+func (in *PodResourceClaimStatus) DeepCopy() *PodResourceClaimStatus {
+	if in == nil {
+		return nil
+	}
+	out := new(PodResourceClaimStatus)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *PodSchedulingGate) DeepCopyInto(out *PodSchedulingGate) {
 	*out = *in
@@ -4091,6 +4144,11 @@ func (in *PodStatus) DeepCopyInto(out *PodStatus) {
 			(*in)[i].DeepCopyInto(&(*out)[i])
 		}
 	}
+	if in.HostIPs != nil {
+		in, out := &in.HostIPs, &out.HostIPs
+		*out = make([]HostIP, len(*in))
+		copy(*out, *in)
+	}
 	if in.PodIPs != nil {
 		in, out := &in.PodIPs, &out.PodIPs
 		*out = make([]PodIP, len(*in))
@@ -4121,6 +4179,13 @@ func (in *PodStatus) DeepCopyInto(out *PodStatus) {
 			(*in)[i].DeepCopyInto(&(*out)[i])
 		}
 	}
+	if in.ResourceClaimStatuses != nil {
+		in, out := &in.ResourceClaimStatuses, &out.ResourceClaimStatuses
+		*out = make([]PodResourceClaimStatus, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
 	return
 }
 
diff --git a/vendor/k8s.io/api/discovery/v1/generated.proto b/vendor/k8s.io/api/discovery/v1/generated.proto
index b7150ef2c..490ce8922 100644
--- a/vendor/k8s.io/api/discovery/v1/generated.proto
+++ b/vendor/k8s.io/api/discovery/v1/generated.proto
@@ -146,6 +146,8 @@ message EndpointPort {
   //
   // * Kubernetes-defined prefixed names:
   //   * 'kubernetes.io/h2c' - HTTP/2 over cleartext as described in https://www.rfc-editor.org/rfc/rfc7540
+  //   * 'kubernetes.io/ws'  - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455
+  //   * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455
   //
   // * Other protocols should use implementation-defined prefixed names such as
   // mycompany.com/my-custom-protocol.
diff --git a/vendor/k8s.io/api/discovery/v1/types.go b/vendor/k8s.io/api/discovery/v1/types.go
index 9b4daafca..efbb09918 100644
--- a/vendor/k8s.io/api/discovery/v1/types.go
+++ b/vendor/k8s.io/api/discovery/v1/types.go
@@ -196,6 +196,8 @@ type EndpointPort struct {
 	//
 	// * Kubernetes-defined prefixed names:
 	//   * 'kubernetes.io/h2c' - HTTP/2 over cleartext as described in https://www.rfc-editor.org/rfc/rfc7540
+	//   * 'kubernetes.io/ws'  - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455
+	//   * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455
 	//
 	// * Other protocols should use implementation-defined prefixed names such as
 	// mycompany.com/my-custom-protocol.
diff --git a/vendor/k8s.io/api/discovery/v1/types_swagger_doc_generated.go b/vendor/k8s.io/api/discovery/v1/types_swagger_doc_generated.go
index c780c9573..bef774539 100644
--- a/vendor/k8s.io/api/discovery/v1/types_swagger_doc_generated.go
+++ b/vendor/k8s.io/api/discovery/v1/types_swagger_doc_generated.go
@@ -68,7 +68,7 @@ var map_EndpointPort = map[string]string{
 	"name":        "name represents the name of this port. All ports in an EndpointSlice must have a unique name. If the EndpointSlice is dervied from a Kubernetes service, this corresponds to the Service.ports[].name. Name must either be an empty string or pass DNS_LABEL validation: * must be no more than 63 characters long. * must consist of lower case alphanumeric characters or '-'. * must start and end with an alphanumeric character. Default is empty string.",
 	"protocol":    "protocol represents the IP protocol for this port. Must be UDP, TCP, or SCTP. Default is TCP.",
 	"port":        "port represents the port number of the endpoint. If this is not specified, ports are not restricted and must be interpreted in the context of the specific consumer.",
-	"appProtocol": "The application protocol for this port. This is used as a hint for implementations to offer richer behavior for protocols that they understand. This field follows standard Kubernetes label syntax. Valid values are either:\n\n* Un-prefixed protocol names - reserved for IANA standard service names (as per RFC-6335 and https://www.iana.org/assignments/service-names).\n\n* Kubernetes-defined prefixed names:\n  * 'kubernetes.io/h2c' - HTTP/2 over cleartext as described in https://www.rfc-editor.org/rfc/rfc7540\n\n* Other protocols should use implementation-defined prefixed names such as mycompany.com/my-custom-protocol.",
+	"appProtocol": "The application protocol for this port. This is used as a hint for implementations to offer richer behavior for protocols that they understand. This field follows standard Kubernetes label syntax. Valid values are either:\n\n* Un-prefixed protocol names - reserved for IANA standard service names (as per RFC-6335 and https://www.iana.org/assignments/service-names).\n\n* Kubernetes-defined prefixed names:\n  * 'kubernetes.io/h2c' - HTTP/2 over cleartext as described in https://www.rfc-editor.org/rfc/rfc7540\n  * 'kubernetes.io/ws'  - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455\n  * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455\n\n* Other protocols should use implementation-defined prefixed names such as mycompany.com/my-custom-protocol.",
 }
 
 func (EndpointPort) SwaggerDoc() map[string]string {
diff --git a/vendor/k8s.io/api/extensions/v1beta1/generated.pb.go b/vendor/k8s.io/api/extensions/v1beta1/generated.pb.go
index 863ebbc4a..d967e3810 100644
--- a/vendor/k8s.io/api/extensions/v1beta1/generated.pb.go
+++ b/vendor/k8s.io/api/extensions/v1beta1/generated.pb.go
@@ -1001,38 +1001,10 @@ func (m *NetworkPolicySpec) XXX_DiscardUnknown() {
 
 var xxx_messageInfo_NetworkPolicySpec proto.InternalMessageInfo
 
-func (m *NetworkPolicyStatus) Reset()      { *m = NetworkPolicyStatus{} }
-func (*NetworkPolicyStatus) ProtoMessage() {}
-func (*NetworkPolicyStatus) Descriptor() ([]byte, []int) {
-	return fileDescriptor_cdc93917efc28165, []int{34}
-}
-func (m *NetworkPolicyStatus) XXX_Unmarshal(b []byte) error {
-	return m.Unmarshal(b)
-}
-func (m *NetworkPolicyStatus) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	b = b[:cap(b)]
-	n, err := m.MarshalToSizedBuffer(b)
-	if err != nil {
-		return nil, err
-	}
-	return b[:n], nil
-}
-func (m *NetworkPolicyStatus) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_NetworkPolicyStatus.Merge(m, src)
-}
-func (m *NetworkPolicyStatus) XXX_Size() int {
-	return m.Size()
-}
-func (m *NetworkPolicyStatus) XXX_DiscardUnknown() {
-	xxx_messageInfo_NetworkPolicyStatus.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_NetworkPolicyStatus proto.InternalMessageInfo
-
 func (m *ReplicaSet) Reset()      { *m = ReplicaSet{} }
 func (*ReplicaSet) ProtoMessage() {}
 func (*ReplicaSet) Descriptor() ([]byte, []int) {
-	return fileDescriptor_cdc93917efc28165, []int{35}
+	return fileDescriptor_cdc93917efc28165, []int{34}
 }
 func (m *ReplicaSet) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -1060,7 +1032,7 @@ var xxx_messageInfo_ReplicaSet proto.InternalMessageInfo
 func (m *ReplicaSetCondition) Reset()      { *m = ReplicaSetCondition{} }
 func (*ReplicaSetCondition) ProtoMessage() {}
 func (*ReplicaSetCondition) Descriptor() ([]byte, []int) {
-	return fileDescriptor_cdc93917efc28165, []int{36}
+	return fileDescriptor_cdc93917efc28165, []int{35}
 }
 func (m *ReplicaSetCondition) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -1088,7 +1060,7 @@ var xxx_messageInfo_ReplicaSetCondition proto.InternalMessageInfo
 func (m *ReplicaSetList) Reset()      { *m = ReplicaSetList{} }
 func (*ReplicaSetList) ProtoMessage() {}
 func (*ReplicaSetList) Descriptor() ([]byte, []int) {
-	return fileDescriptor_cdc93917efc28165, []int{37}
+	return fileDescriptor_cdc93917efc28165, []int{36}
 }
 func (m *ReplicaSetList) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -1116,7 +1088,7 @@ var xxx_messageInfo_ReplicaSetList proto.InternalMessageInfo
 func (m *ReplicaSetSpec) Reset()      { *m = ReplicaSetSpec{} }
 func (*ReplicaSetSpec) ProtoMessage() {}
 func (*ReplicaSetSpec) Descriptor() ([]byte, []int) {
-	return fileDescriptor_cdc93917efc28165, []int{38}
+	return fileDescriptor_cdc93917efc28165, []int{37}
 }
 func (m *ReplicaSetSpec) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -1144,7 +1116,7 @@ var xxx_messageInfo_ReplicaSetSpec proto.InternalMessageInfo
 func (m *ReplicaSetStatus) Reset()      { *m = ReplicaSetStatus{} }
 func (*ReplicaSetStatus) ProtoMessage() {}
 func (*ReplicaSetStatus) Descriptor() ([]byte, []int) {
-	return fileDescriptor_cdc93917efc28165, []int{39}
+	return fileDescriptor_cdc93917efc28165, []int{38}
 }
 func (m *ReplicaSetStatus) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -1172,7 +1144,7 @@ var xxx_messageInfo_ReplicaSetStatus proto.InternalMessageInfo
 func (m *RollbackConfig) Reset()      { *m = RollbackConfig{} }
 func (*RollbackConfig) ProtoMessage() {}
 func (*RollbackConfig) Descriptor() ([]byte, []int) {
-	return fileDescriptor_cdc93917efc28165, []int{40}
+	return fileDescriptor_cdc93917efc28165, []int{39}
 }
 func (m *RollbackConfig) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -1200,7 +1172,7 @@ var xxx_messageInfo_RollbackConfig proto.InternalMessageInfo
 func (m *RollingUpdateDaemonSet) Reset()      { *m = RollingUpdateDaemonSet{} }
 func (*RollingUpdateDaemonSet) ProtoMessage() {}
 func (*RollingUpdateDaemonSet) Descriptor() ([]byte, []int) {
-	return fileDescriptor_cdc93917efc28165, []int{41}
+	return fileDescriptor_cdc93917efc28165, []int{40}
 }
 func (m *RollingUpdateDaemonSet) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -1228,7 +1200,7 @@ var xxx_messageInfo_RollingUpdateDaemonSet proto.InternalMessageInfo
 func (m *RollingUpdateDeployment) Reset()      { *m = RollingUpdateDeployment{} }
 func (*RollingUpdateDeployment) ProtoMessage() {}
 func (*RollingUpdateDeployment) Descriptor() ([]byte, []int) {
-	return fileDescriptor_cdc93917efc28165, []int{42}
+	return fileDescriptor_cdc93917efc28165, []int{41}
 }
 func (m *RollingUpdateDeployment) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -1256,7 +1228,7 @@ var xxx_messageInfo_RollingUpdateDeployment proto.InternalMessageInfo
 func (m *Scale) Reset()      { *m = Scale{} }
 func (*Scale) ProtoMessage() {}
 func (*Scale) Descriptor() ([]byte, []int) {
-	return fileDescriptor_cdc93917efc28165, []int{43}
+	return fileDescriptor_cdc93917efc28165, []int{42}
 }
 func (m *Scale) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -1284,7 +1256,7 @@ var xxx_messageInfo_Scale proto.InternalMessageInfo
 func (m *ScaleSpec) Reset()      { *m = ScaleSpec{} }
 func (*ScaleSpec) ProtoMessage() {}
 func (*ScaleSpec) Descriptor() ([]byte, []int) {
-	return fileDescriptor_cdc93917efc28165, []int{44}
+	return fileDescriptor_cdc93917efc28165, []int{43}
 }
 func (m *ScaleSpec) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -1312,7 +1284,7 @@ var xxx_messageInfo_ScaleSpec proto.InternalMessageInfo
 func (m *ScaleStatus) Reset()      { *m = ScaleStatus{} }
 func (*ScaleStatus) ProtoMessage() {}
 func (*ScaleStatus) Descriptor() ([]byte, []int) {
-	return fileDescriptor_cdc93917efc28165, []int{45}
+	return fileDescriptor_cdc93917efc28165, []int{44}
 }
 func (m *ScaleStatus) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -1373,7 +1345,6 @@ func init() {
 	proto.RegisterType((*NetworkPolicyPeer)(nil), "k8s.io.api.extensions.v1beta1.NetworkPolicyPeer")
 	proto.RegisterType((*NetworkPolicyPort)(nil), "k8s.io.api.extensions.v1beta1.NetworkPolicyPort")
 	proto.RegisterType((*NetworkPolicySpec)(nil), "k8s.io.api.extensions.v1beta1.NetworkPolicySpec")
-	proto.RegisterType((*NetworkPolicyStatus)(nil), "k8s.io.api.extensions.v1beta1.NetworkPolicyStatus")
 	proto.RegisterType((*ReplicaSet)(nil), "k8s.io.api.extensions.v1beta1.ReplicaSet")
 	proto.RegisterType((*ReplicaSetCondition)(nil), "k8s.io.api.extensions.v1beta1.ReplicaSetCondition")
 	proto.RegisterType((*ReplicaSetList)(nil), "k8s.io.api.extensions.v1beta1.ReplicaSetList")
@@ -1393,188 +1364,186 @@ func init() {
 }
 
 var fileDescriptor_cdc93917efc28165 = []byte{
-	// 2890 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xec, 0x5b, 0xcf, 0x6f, 0x24, 0x47,
-	0xf5, 0xdf, 0x9e, 0xf1, 0xd8, 0xe3, 0xe7, 0xb5, 0xbd, 0x5b, 0xeb, 0xac, 0x1d, 0xef, 0x37, 0x76,
-	0xd4, 0x5f, 0x11, 0x36, 0x61, 0x33, 0xc3, 0x6e, 0x92, 0x25, 0x3f, 0xa4, 0x84, 0x1d, 0xef, 0x26,
-	0xeb, 0xc4, 0x1e, 0x4f, 0x6a, 0xc6, 0x09, 0x8a, 0x08, 0xd0, 0xee, 0x29, 0x8f, 0x3b, 0xee, 0xe9,
-	0x1e, 0x75, 0xd7, 0x98, 0x35, 0x27, 0x10, 0x5c, 0x72, 0x82, 0x4b, 0x20, 0x47, 0x10, 0x12, 0x57,
-	0xae, 0x1c, 0x42, 0x04, 0x22, 0x48, 0x2b, 0xc4, 0x21, 0x12, 0x07, 0x72, 0xb2, 0x88, 0x73, 0x42,
-	0xfc, 0x03, 0x68, 0x4f, 0xa8, 0x7e, 0x74, 0xf5, 0x6f, 0xbb, 0xc7, 0x38, 0x16, 0x41, 0x9c, 0x3c,
-	0x5d, 0xef, 0xbd, 0x4f, 0xbd, 0xaa, 0x7a, 0xf5, 0xde, 0xa7, 0xba, 0xda, 0xf0, 0xf2, 0xee, 0xb3,
-	0x7e, 0xcd, 0x72, 0xeb, 0xbb, 0xc3, 0x2d, 0xe2, 0x39, 0x84, 0x12, 0xbf, 0xbe, 0x47, 0x9c, 0xae,
-	0xeb, 0xd5, 0xa5, 0xc0, 0x18, 0x58, 0x75, 0x72, 0x8f, 0x12, 0xc7, 0xb7, 0x5c, 0xc7, 0xaf, 0xef,
-	0x5d, 0xdf, 0x22, 0xd4, 0xb8, 0x5e, 0xef, 0x11, 0x87, 0x78, 0x06, 0x25, 0xdd, 0xda, 0xc0, 0x73,
-	0xa9, 0x8b, 0x1e, 0x11, 0xea, 0x35, 0x63, 0x60, 0xd5, 0x42, 0xf5, 0x9a, 0x54, 0x5f, 0x7c, 0xb2,
-	0x67, 0xd1, 0x9d, 0xe1, 0x56, 0xcd, 0x74, 0xfb, 0xf5, 0x9e, 0xdb, 0x73, 0xeb, 0xdc, 0x6a, 0x6b,
-	0xb8, 0xcd, 0x9f, 0xf8, 0x03, 0xff, 0x25, 0xd0, 0x16, 0xf5, 0x48, 0xe7, 0xa6, 0xeb, 0x91, 0xfa,
-	0x5e, 0xaa, 0xc7, 0xc5, 0xa7, 0x43, 0x9d, 0xbe, 0x61, 0xee, 0x58, 0x0e, 0xf1, 0xf6, 0xeb, 0x83,
-	0xdd, 0x1e, 0x6b, 0xf0, 0xeb, 0x7d, 0x42, 0x8d, 0x2c, 0xab, 0x7a, 0x9e, 0x95, 0x37, 0x74, 0xa8,
-	0xd5, 0x27, 0x29, 0x83, 0x9b, 0xc7, 0x19, 0xf8, 0xe6, 0x0e, 0xe9, 0x1b, 0x29, 0xbb, 0xa7, 0xf2,
-	0xec, 0x86, 0xd4, 0xb2, 0xeb, 0x96, 0x43, 0x7d, 0xea, 0x25, 0x8d, 0xf4, 0xf7, 0x4a, 0x30, 0x79,
-	0xdb, 0x20, 0x7d, 0xd7, 0x69, 0x13, 0x8a, 0xbe, 0x03, 0x55, 0x36, 0x8c, 0xae, 0x41, 0x8d, 0x05,
-	0xed, 0x51, 0xed, 0xea, 0xd4, 0x8d, 0xaf, 0xd6, 0xc2, 0x69, 0x56, 0xa8, 0xb5, 0xc1, 0x6e, 0x8f,
-	0x35, 0xf8, 0x35, 0xa6, 0x5d, 0xdb, 0xbb, 0x5e, 0xdb, 0xd8, 0x7a, 0x87, 0x98, 0x74, 0x9d, 0x50,
-	0xa3, 0x81, 0xee, 0x1f, 0x2c, 0x9f, 0x3b, 0x3c, 0x58, 0x86, 0xb0, 0x0d, 0x2b, 0x54, 0xd4, 0x84,
-	0x31, 0x7f, 0x40, 0xcc, 0x85, 0x12, 0x47, 0xbf, 0x56, 0x3b, 0x72, 0x11, 0x6b, 0xca, 0xb3, 0xf6,
-	0x80, 0x98, 0x8d, 0xf3, 0x12, 0x79, 0x8c, 0x3d, 0x61, 0x8e, 0x83, 0xde, 0x80, 0x71, 0x9f, 0x1a,
-	0x74, 0xe8, 0x2f, 0x94, 0x39, 0x62, 0xad, 0x30, 0x22, 0xb7, 0x6a, 0xcc, 0x48, 0xcc, 0x71, 0xf1,
-	0x8c, 0x25, 0x9a, 0xfe, 0xf7, 0x12, 0x20, 0xa5, 0xbb, 0xe2, 0x3a, 0x5d, 0x8b, 0x5a, 0xae, 0x83,
-	0x9e, 0x87, 0x31, 0xba, 0x3f, 0x20, 0x7c, 0x72, 0x26, 0x1b, 0x8f, 0x05, 0x0e, 0x75, 0xf6, 0x07,
-	0xe4, 0xc1, 0xc1, 0xf2, 0xe5, 0xb4, 0x05, 0x93, 0x60, 0x6e, 0x83, 0xd6, 0x94, 0xab, 0x25, 0x6e,
-	0xfd, 0x74, 0xbc, 0xeb, 0x07, 0x07, 0xcb, 0x19, 0x41, 0x58, 0x53, 0x48, 0x71, 0x07, 0xd1, 0x1e,
-	0x20, 0xdb, 0xf0, 0x69, 0xc7, 0x33, 0x1c, 0x5f, 0xf4, 0x64, 0xf5, 0x89, 0x9c, 0x84, 0x27, 0x8a,
-	0x2d, 0x1a, 0xb3, 0x68, 0x2c, 0x4a, 0x2f, 0xd0, 0x5a, 0x0a, 0x0d, 0x67, 0xf4, 0x80, 0x1e, 0x83,
-	0x71, 0x8f, 0x18, 0xbe, 0xeb, 0x2c, 0x8c, 0xf1, 0x51, 0xa8, 0x09, 0xc4, 0xbc, 0x15, 0x4b, 0x29,
-	0x7a, 0x1c, 0x26, 0xfa, 0xc4, 0xf7, 0x8d, 0x1e, 0x59, 0xa8, 0x70, 0xc5, 0x59, 0xa9, 0x38, 0xb1,
-	0x2e, 0x9a, 0x71, 0x20, 0xd7, 0x3f, 0xd0, 0x60, 0x5a, 0xcd, 0xdc, 0x9a, 0xe5, 0x53, 0xf4, 0xcd,
-	0x54, 0x1c, 0xd6, 0x8a, 0x0d, 0x89, 0x59, 0xf3, 0x28, 0xbc, 0x20, 0x7b, 0xab, 0x06, 0x2d, 0x91,
-	0x18, 0x5c, 0x87, 0x8a, 0x45, 0x49, 0x9f, 0xad, 0x43, 0xf9, 0xea, 0xd4, 0x8d, 0xab, 0x45, 0x43,
-	0xa6, 0x31, 0x2d, 0x41, 0x2b, 0xab, 0xcc, 0x1c, 0x0b, 0x14, 0xfd, 0xa7, 0x63, 0x11, 0xf7, 0x59,
-	0x68, 0xa2, 0xb7, 0xa1, 0xea, 0x13, 0x9b, 0x98, 0xd4, 0xf5, 0xa4, 0xfb, 0x4f, 0x15, 0x74, 0xdf,
-	0xd8, 0x22, 0x76, 0x5b, 0x9a, 0x36, 0xce, 0x33, 0xff, 0x83, 0x27, 0xac, 0x20, 0xd1, 0xeb, 0x50,
-	0xa5, 0xa4, 0x3f, 0xb0, 0x0d, 0x4a, 0xe4, 0x3e, 0xfa, 0xff, 0xe8, 0x10, 0x58, 0xe4, 0x30, 0xb0,
-	0x96, 0xdb, 0xed, 0x48, 0x35, 0xbe, 0x7d, 0xd4, 0x94, 0x04, 0xad, 0x58, 0xc1, 0xa0, 0x3d, 0x98,
-	0x19, 0x0e, 0xba, 0x4c, 0x93, 0xb2, 0xec, 0xd0, 0xdb, 0x97, 0x91, 0x74, 0xb3, 0xe8, 0xdc, 0x6c,
-	0xc6, 0xac, 0x1b, 0x97, 0x65, 0x5f, 0x33, 0xf1, 0x76, 0x9c, 0xe8, 0x05, 0xdd, 0x82, 0xd9, 0xbe,
-	0xe5, 0x60, 0x62, 0x74, 0xf7, 0xdb, 0xc4, 0x74, 0x9d, 0xae, 0xcf, 0xc3, 0xaa, 0xd2, 0x98, 0x97,
-	0x00, 0xb3, 0xeb, 0x71, 0x31, 0x4e, 0xea, 0xa3, 0x57, 0x01, 0x05, 0xc3, 0x78, 0x45, 0x24, 0x37,
-	0xcb, 0x75, 0x78, 0xcc, 0x95, 0xc3, 0xe0, 0xee, 0xa4, 0x34, 0x70, 0x86, 0x15, 0x5a, 0x83, 0x39,
-	0x8f, 0xec, 0x59, 0x6c, 0x8c, 0x77, 0x2d, 0x9f, 0xba, 0xde, 0xfe, 0x9a, 0xd5, 0xb7, 0xe8, 0xc2,
-	0x38, 0xf7, 0x69, 0xe1, 0xf0, 0x60, 0x79, 0x0e, 0x67, 0xc8, 0x71, 0xa6, 0x95, 0xfe, 0xb3, 0x71,
-	0x98, 0x4d, 0xe4, 0x1b, 0xf4, 0x06, 0x5c, 0x36, 0x87, 0x9e, 0x47, 0x1c, 0xda, 0x1c, 0xf6, 0xb7,
-	0x88, 0xd7, 0x36, 0x77, 0x48, 0x77, 0x68, 0x93, 0x2e, 0x0f, 0x94, 0x4a, 0x63, 0x49, 0x7a, 0x7c,
-	0x79, 0x25, 0x53, 0x0b, 0xe7, 0x58, 0xb3, 0x59, 0x70, 0x78, 0xd3, 0xba, 0xe5, 0xfb, 0x0a, 0xb3,
-	0xc4, 0x31, 0xd5, 0x2c, 0x34, 0x53, 0x1a, 0x38, 0xc3, 0x8a, 0xf9, 0xd8, 0x25, 0xbe, 0xe5, 0x91,
-	0x6e, 0xd2, 0xc7, 0x72, 0xdc, 0xc7, 0xdb, 0x99, 0x5a, 0x38, 0xc7, 0x1a, 0x3d, 0x03, 0x53, 0xa2,
-	0x37, 0xbe, 0x7e, 0x72, 0xa1, 0x2f, 0x49, 0xb0, 0xa9, 0x66, 0x28, 0xc2, 0x51, 0x3d, 0x36, 0x34,
-	0x77, 0xcb, 0x27, 0xde, 0x1e, 0xe9, 0xe6, 0x2f, 0xf0, 0x46, 0x4a, 0x03, 0x67, 0x58, 0xb1, 0xa1,
-	0x89, 0x08, 0x4c, 0x0d, 0x6d, 0x3c, 0x3e, 0xb4, 0xcd, 0x4c, 0x2d, 0x9c, 0x63, 0xcd, 0xe2, 0x58,
-	0xb8, 0x7c, 0x6b, 0xcf, 0xb0, 0x6c, 0x63, 0xcb, 0x26, 0x0b, 0x13, 0xf1, 0x38, 0x6e, 0xc6, 0xc5,
-	0x38, 0xa9, 0x8f, 0x5e, 0x81, 0x8b, 0xa2, 0x69, 0xd3, 0x31, 0x14, 0x48, 0x95, 0x83, 0x3c, 0x2c,
-	0x41, 0x2e, 0x36, 0x93, 0x0a, 0x38, 0x6d, 0x83, 0x9e, 0x87, 0x19, 0xd3, 0xb5, 0x6d, 0x1e, 0x8f,
-	0x2b, 0xee, 0xd0, 0xa1, 0x0b, 0x93, 0x1c, 0x05, 0xb1, 0xfd, 0xb8, 0x12, 0x93, 0xe0, 0x84, 0x26,
-	0x22, 0x00, 0x66, 0x50, 0x70, 0xfc, 0x05, 0xe0, 0xf9, 0xf1, 0x7a, 0xd1, 0x1c, 0xa0, 0x4a, 0x55,
-	0xc8, 0x01, 0x54, 0x93, 0x8f, 0x23, 0xc0, 0xfa, 0x9f, 0x34, 0x98, 0xcf, 0x49, 0x1d, 0xe8, 0xa5,
-	0x58, 0x89, 0xfd, 0x4a, 0xa2, 0xc4, 0x5e, 0xc9, 0x31, 0x8b, 0xd4, 0x59, 0x07, 0xa6, 0x3d, 0x36,
-	0x2a, 0xa7, 0x27, 0x54, 0x64, 0x8e, 0x7c, 0xe6, 0x98, 0x61, 0xe0, 0xa8, 0x4d, 0x98, 0xf3, 0x2f,
-	0x1e, 0x1e, 0x2c, 0x4f, 0xc7, 0x64, 0x38, 0x0e, 0xaf, 0xbf, 0x5f, 0x02, 0xb8, 0x4d, 0x06, 0xb6,
-	0xbb, 0xdf, 0x27, 0xce, 0x59, 0x70, 0xa8, 0x8d, 0x18, 0x87, 0x7a, 0xf2, 0xb8, 0xe5, 0x51, 0xae,
-	0xe5, 0x92, 0xa8, 0x37, 0x13, 0x24, 0xaa, 0x5e, 0x1c, 0xf2, 0x68, 0x16, 0xf5, 0xd7, 0x32, 0x5c,
-	0x0a, 0x95, 0x43, 0x1a, 0xf5, 0x42, 0x6c, 0x8d, 0xbf, 0x9c, 0x58, 0xe3, 0xf9, 0x0c, 0x93, 0xcf,
-	0x8d, 0x47, 0xbd, 0x03, 0x33, 0x8c, 0xe5, 0x88, 0xb5, 0xe4, 0x1c, 0x6a, 0x7c, 0x64, 0x0e, 0xa5,
-	0xaa, 0xdd, 0x5a, 0x0c, 0x09, 0x27, 0x90, 0x73, 0x38, 0xdb, 0xc4, 0x17, 0x91, 0xb3, 0x7d, 0xa8,
-	0xc1, 0x4c, 0xb8, 0x4c, 0x67, 0x40, 0xda, 0x9a, 0x71, 0xd2, 0xf6, 0x78, 0xe1, 0x10, 0xcd, 0x61,
-	0x6d, 0xff, 0x64, 0x04, 0x5f, 0x29, 0xb1, 0x0d, 0xbe, 0x65, 0x98, 0xbb, 0xe8, 0x51, 0x18, 0x73,
-	0x8c, 0x7e, 0x10, 0x99, 0x6a, 0xb3, 0x34, 0x8d, 0x3e, 0xc1, 0x5c, 0x82, 0xde, 0xd3, 0x00, 0xc9,
-	0x2a, 0x70, 0xcb, 0x71, 0x5c, 0x6a, 0x88, 0x5c, 0x29, 0xdc, 0x5a, 0x2d, 0xec, 0x56, 0xd0, 0x63,
-	0x6d, 0x33, 0x85, 0x75, 0xc7, 0xa1, 0xde, 0x7e, 0xb8, 0xc8, 0x69, 0x05, 0x9c, 0xe1, 0x00, 0x32,
-	0x00, 0x3c, 0x89, 0xd9, 0x71, 0xe5, 0x46, 0x7e, 0xb2, 0x40, 0xce, 0x63, 0x06, 0x2b, 0xae, 0xb3,
-	0x6d, 0xf5, 0xc2, 0xb4, 0x83, 0x15, 0x10, 0x8e, 0x80, 0x2e, 0xde, 0x81, 0xf9, 0x1c, 0x6f, 0xd1,
-	0x05, 0x28, 0xef, 0x92, 0x7d, 0x31, 0x6d, 0x98, 0xfd, 0x44, 0x73, 0x50, 0xd9, 0x33, 0xec, 0xa1,
-	0x48, 0xbf, 0x93, 0x58, 0x3c, 0x3c, 0x5f, 0x7a, 0x56, 0xd3, 0x3f, 0xa8, 0x44, 0x63, 0x87, 0x33,
-	0xe6, 0xab, 0x50, 0xf5, 0xc8, 0xc0, 0xb6, 0x4c, 0xc3, 0x97, 0x44, 0x88, 0x93, 0x5f, 0x2c, 0xdb,
-	0xb0, 0x92, 0xc6, 0xb8, 0x75, 0xe9, 0xf3, 0xe5, 0xd6, 0xe5, 0xd3, 0xe1, 0xd6, 0xdf, 0x86, 0xaa,
-	0x1f, 0xb0, 0xea, 0x31, 0x0e, 0x79, 0x7d, 0x84, 0xfc, 0x2a, 0x09, 0xb5, 0xea, 0x40, 0x51, 0x69,
-	0x05, 0x9a, 0x45, 0xa2, 0x2b, 0x23, 0x92, 0xe8, 0x53, 0x25, 0xbe, 0x2c, 0xdf, 0x0c, 0x8c, 0xa1,
-	0x4f, 0xba, 0x3c, 0xb7, 0x55, 0xc3, 0x7c, 0xd3, 0xe2, 0xad, 0x58, 0x4a, 0xd1, 0xdb, 0xb1, 0x90,
-	0xad, 0x9e, 0x24, 0x64, 0x67, 0xf2, 0xc3, 0x15, 0x6d, 0xc2, 0xfc, 0xc0, 0x73, 0x7b, 0x1e, 0xf1,
-	0xfd, 0xdb, 0xc4, 0xe8, 0xda, 0x96, 0x43, 0x82, 0xf9, 0x11, 0x8c, 0xe8, 0xca, 0xe1, 0xc1, 0xf2,
-	0x7c, 0x2b, 0x5b, 0x05, 0xe7, 0xd9, 0xea, 0xf7, 0xc7, 0xe0, 0x42, 0xb2, 0x02, 0xe6, 0x90, 0x54,
-	0xed, 0x44, 0x24, 0xf5, 0x5a, 0x64, 0x33, 0x08, 0x06, 0xaf, 0x56, 0x3f, 0x63, 0x43, 0xdc, 0x82,
-	0x59, 0x99, 0x0d, 0x02, 0xa1, 0xa4, 0xe9, 0x6a, 0xf5, 0x37, 0xe3, 0x62, 0x9c, 0xd4, 0x47, 0x2f,
-	0xc0, 0xb4, 0xc7, 0x79, 0x77, 0x00, 0x20, 0xb8, 0xeb, 0x43, 0x12, 0x60, 0x1a, 0x47, 0x85, 0x38,
-	0xae, 0xcb, 0x78, 0x6b, 0x48, 0x47, 0x03, 0x80, 0xb1, 0x38, 0x6f, 0xbd, 0x95, 0x54, 0xc0, 0x69,
-	0x1b, 0xb4, 0x0e, 0x97, 0x86, 0x4e, 0x1a, 0x4a, 0x84, 0xf2, 0x15, 0x09, 0x75, 0x69, 0x33, 0xad,
-	0x82, 0xb3, 0xec, 0xd0, 0x76, 0x8c, 0xca, 0x8e, 0xf3, 0xf4, 0x7c, 0xa3, 0xf0, 0xc6, 0x2b, 0xcc,
-	0x65, 0x33, 0xe8, 0x76, 0xb5, 0x28, 0xdd, 0xd6, 0x7f, 0xaf, 0x45, 0x8b, 0x90, 0xa2, 0xc0, 0xc7,
-	0xbd, 0x65, 0x4a, 0x59, 0x44, 0xd8, 0x91, 0x9b, 0xcd, 0x7e, 0x6f, 0x8e, 0xc4, 0x7e, 0xc3, 0xe2,
-	0x79, 0x3c, 0xfd, 0xfd, 0x83, 0x06, 0xb3, 0x77, 0x3b, 0x9d, 0xd6, 0xaa, 0xc3, 0x77, 0x4b, 0xcb,
-	0xa0, 0x3b, 0xac, 0x8a, 0x0e, 0x0c, 0xba, 0x93, 0xac, 0xa2, 0x4c, 0x86, 0xb9, 0x04, 0x3d, 0x0d,
-	0x55, 0xf6, 0x97, 0x39, 0xce, 0xc3, 0x75, 0x92, 0x27, 0x99, 0x6a, 0x4b, 0xb6, 0x3d, 0x88, 0xfc,
-	0xc6, 0x4a, 0x13, 0x7d, 0x03, 0x26, 0xd8, 0xde, 0x26, 0x4e, 0xb7, 0x20, 0xf9, 0x95, 0x4e, 0x35,
-	0x84, 0x51, 0xc8, 0x67, 0x64, 0x03, 0x0e, 0xe0, 0xf4, 0x5d, 0x98, 0x8b, 0x0c, 0x02, 0x0f, 0x6d,
-	0xf2, 0x06, 0xab, 0x57, 0xa8, 0x0d, 0x15, 0xd6, 0x3b, 0xab, 0x4a, 0xe5, 0x02, 0xaf, 0x17, 0x13,
-	0x13, 0x11, 0x72, 0x0f, 0xf6, 0xe4, 0x63, 0x81, 0xa5, 0x6f, 0xc0, 0xc4, 0x6a, 0xab, 0x61, 0xbb,
-	0x82, 0x6f, 0x98, 0x56, 0xd7, 0x4b, 0xce, 0xd4, 0xca, 0xea, 0x6d, 0x8c, 0xb9, 0x04, 0xe9, 0x30,
-	0x4e, 0xee, 0x99, 0x64, 0x40, 0x39, 0xc5, 0x98, 0x6c, 0x00, 0x4b, 0xa4, 0x77, 0x78, 0x0b, 0x96,
-	0x12, 0xfd, 0xc7, 0x25, 0x98, 0x90, 0xdd, 0x9e, 0xc1, 0xf9, 0x63, 0x2d, 0x76, 0xfe, 0x78, 0xa2,
-	0xd8, 0x12, 0xe4, 0x1e, 0x3e, 0x3a, 0x89, 0xc3, 0xc7, 0xb5, 0x82, 0x78, 0x47, 0x9f, 0x3c, 0xde,
-	0x2d, 0xc1, 0x4c, 0x7c, 0xf1, 0xd1, 0x33, 0x30, 0xc5, 0x52, 0xad, 0x65, 0x92, 0x66, 0xc8, 0xf0,
-	0xd4, 0xeb, 0x87, 0x76, 0x28, 0xc2, 0x51, 0x3d, 0xd4, 0x53, 0x66, 0x2d, 0xd7, 0xa3, 0x72, 0xd0,
-	0xf9, 0x53, 0x3a, 0xa4, 0x96, 0x5d, 0x13, 0x2f, 0xdb, 0x6b, 0xab, 0x0e, 0xdd, 0xf0, 0xda, 0xd4,
-	0xb3, 0x9c, 0x5e, 0xaa, 0x23, 0x06, 0x86, 0xa3, 0xc8, 0xe8, 0x4d, 0x96, 0xf6, 0x7d, 0x77, 0xe8,
-	0x99, 0x24, 0x8b, 0xbe, 0x05, 0xd4, 0x83, 0x6d, 0x84, 0xee, 0x9a, 0x6b, 0x1a, 0xb6, 0x58, 0x1c,
-	0x4c, 0xb6, 0x89, 0x47, 0x1c, 0x93, 0x04, 0x94, 0x49, 0x40, 0x60, 0x05, 0xa6, 0xff, 0x46, 0x83,
-	0x29, 0x39, 0x17, 0x67, 0x40, 0xd4, 0x5f, 0x8b, 0x13, 0xf5, 0xc7, 0x0a, 0xee, 0xd0, 0x6c, 0x96,
-	0xfe, 0x5b, 0x0d, 0x16, 0x03, 0xd7, 0x5d, 0xa3, 0xdb, 0x30, 0x6c, 0xc3, 0x31, 0x89, 0x17, 0xc4,
-	0xfa, 0x22, 0x94, 0xac, 0x81, 0x5c, 0x49, 0x90, 0x00, 0xa5, 0xd5, 0x16, 0x2e, 0x59, 0x03, 0x56,
-	0x45, 0x77, 0x5c, 0x9f, 0x72, 0x36, 0x2f, 0x0e, 0x8a, 0xca, 0xeb, 0xbb, 0xb2, 0x1d, 0x2b, 0x0d,
-	0xb4, 0x09, 0x95, 0x81, 0xeb, 0x51, 0x56, 0xb9, 0xca, 0x89, 0xf5, 0x3d, 0xc2, 0x6b, 0xb6, 0x6e,
-	0x32, 0x10, 0xc3, 0x9d, 0xce, 0x60, 0xb0, 0x40, 0xd3, 0x7f, 0xa0, 0xc1, 0xc3, 0x19, 0xfe, 0x4b,
-	0xd2, 0xd0, 0x85, 0x09, 0x4b, 0x08, 0x65, 0x7a, 0x79, 0xae, 0x58, 0xb7, 0x19, 0x53, 0x11, 0xa6,
-	0xb6, 0x20, 0x85, 0x05, 0xd0, 0xfa, 0x2f, 0x35, 0xb8, 0x98, 0xf2, 0x97, 0xa7, 0x68, 0x16, 0xcf,
-	0x92, 0x6d, 0xab, 0x14, 0xcd, 0xc2, 0x92, 0x4b, 0xd0, 0x6b, 0x50, 0xe5, 0x77, 0x44, 0xa6, 0x6b,
-	0xcb, 0x09, 0xac, 0x07, 0x13, 0xd8, 0x92, 0xed, 0x0f, 0x0e, 0x96, 0xaf, 0x64, 0x9c, 0xb5, 0x03,
-	0x31, 0x56, 0x00, 0x68, 0x19, 0x2a, 0xc4, 0xf3, 0x5c, 0x4f, 0x26, 0xfb, 0x49, 0x36, 0x53, 0x77,
-	0x58, 0x03, 0x16, 0xed, 0xfa, 0xaf, 0xc2, 0x20, 0x65, 0xd9, 0x97, 0xf9, 0xc7, 0x16, 0x27, 0x99,
-	0x18, 0xd9, 0xd2, 0x61, 0x2e, 0x41, 0x43, 0xb8, 0x60, 0x25, 0xd2, 0xb5, 0xdc, 0x9d, 0xf5, 0x62,
-	0xd3, 0xa8, 0xcc, 0x1a, 0x0b, 0x12, 0xfe, 0x42, 0x52, 0x82, 0x53, 0x5d, 0xe8, 0x04, 0x52, 0x5a,
-	0xe8, 0x75, 0x18, 0xdb, 0xa1, 0x74, 0x90, 0xf1, 0xb2, 0xff, 0x98, 0x22, 0x11, 0xba, 0x50, 0xe5,
-	0xa3, 0xeb, 0x74, 0x5a, 0x98, 0x43, 0xe9, 0xbf, 0x2b, 0xa9, 0xf9, 0xe0, 0x27, 0xa4, 0xaf, 0xab,
-	0xd1, 0xae, 0xd8, 0x86, 0xef, 0xf3, 0x14, 0x26, 0x4e, 0xf3, 0x73, 0x11, 0xc7, 0x95, 0x0c, 0xa7,
-	0xb4, 0x51, 0x27, 0x2c, 0x9e, 0xda, 0x49, 0x8a, 0xe7, 0x54, 0x56, 0xe1, 0x44, 0x77, 0xa1, 0x4c,
-	0xed, 0xa2, 0xa7, 0x72, 0x89, 0xd8, 0x59, 0x6b, 0x37, 0xa6, 0xe4, 0x94, 0x97, 0x3b, 0x6b, 0x6d,
-	0xcc, 0x20, 0xd0, 0x06, 0x54, 0xbc, 0xa1, 0x4d, 0x58, 0x1d, 0x28, 0x17, 0xaf, 0x2b, 0x6c, 0x06,
-	0xc3, 0xcd, 0xc7, 0x9e, 0x7c, 0x2c, 0x70, 0xf4, 0x1f, 0x6a, 0x30, 0x1d, 0xab, 0x16, 0xc8, 0x83,
-	0xf3, 0x76, 0x64, 0xef, 0xc8, 0x79, 0x78, 0x76, 0xf4, 0x5d, 0x27, 0x37, 0xfd, 0x9c, 0xec, 0xf7,
-	0x7c, 0x54, 0x86, 0x63, 0x7d, 0xe8, 0x06, 0x40, 0x38, 0x6c, 0xb6, 0x0f, 0x58, 0xf0, 0x8a, 0x0d,
-	0x2f, 0xf7, 0x01, 0x8b, 0x69, 0x1f, 0x8b, 0x76, 0x74, 0x03, 0xc0, 0x27, 0xa6, 0x47, 0x68, 0x33,
-	0x4c, 0x5c, 0xaa, 0x1c, 0xb7, 0x95, 0x04, 0x47, 0xb4, 0xf4, 0x5f, 0x94, 0x60, 0xba, 0x49, 0xe8,
-	0x77, 0x5d, 0x6f, 0xb7, 0xe5, 0xda, 0x96, 0xb9, 0x7f, 0x06, 0x24, 0x00, 0xc7, 0x48, 0xc0, 0x71,
-	0xf9, 0x32, 0xe6, 0x5d, 0x2e, 0x15, 0x78, 0x2b, 0x41, 0x05, 0x6e, 0x8c, 0x84, 0x7a, 0x34, 0x21,
-	0xf8, 0x50, 0x83, 0xf9, 0x98, 0xfe, 0x9d, 0x30, 0xd7, 0xa8, 0xe4, 0xaf, 0x15, 0x4a, 0xfe, 0x31,
-	0x18, 0x96, 0x30, 0xb3, 0x93, 0x3f, 0x5a, 0x83, 0x12, 0x75, 0xe5, 0xce, 0x18, 0x0d, 0x93, 0x10,
-	0x2f, 0xac, 0x67, 0x1d, 0x17, 0x97, 0xa8, 0xab, 0xff, 0x51, 0x83, 0x85, 0x98, 0x56, 0x34, 0x5b,
-	0x7e, 0x4e, 0x23, 0xc0, 0x30, 0xb6, 0xed, 0xb9, 0xfd, 0x13, 0x8f, 0x41, 0x2d, 0xf2, 0xcb, 0x9e,
-	0xdb, 0xc7, 0x1c, 0x4b, 0xff, 0x48, 0x83, 0x8b, 0x31, 0xcd, 0x33, 0xe0, 0x24, 0xaf, 0xc7, 0x39,
-	0xc9, 0xb5, 0x51, 0x06, 0x92, 0xc3, 0x4c, 0x3e, 0x2a, 0x25, 0x86, 0xc1, 0x06, 0x8c, 0xb6, 0x61,
-	0x6a, 0xe0, 0x76, 0xdb, 0xa7, 0x70, 0xf9, 0x3b, 0xcb, 0xb8, 0x62, 0x2b, 0xc4, 0xc2, 0x51, 0x60,
-	0x74, 0x0f, 0x2e, 0x32, 0xda, 0xe2, 0x0f, 0x0c, 0x93, 0xb4, 0x4f, 0xe1, 0x75, 0xd8, 0x43, 0xfc,
-	0x76, 0x29, 0x89, 0x88, 0xd3, 0x9d, 0xa0, 0x75, 0x98, 0xb0, 0x06, 0xfc, 0xec, 0x22, 0x37, 0xe9,
-	0xb1, 0x04, 0x4f, 0x9c, 0x74, 0x44, 0xf9, 0x90, 0x0f, 0x38, 0xc0, 0xd0, 0xff, 0x92, 0x8c, 0x06,
-	0x4e, 0x85, 0x5f, 0x89, 0x50, 0x0f, 0x79, 0x0f, 0x74, 0x32, 0xda, 0xd1, 0x94, 0x2c, 0xe7, 0xa4,
-	0xac, 0xbd, 0x9a, 0xe0, 0x44, 0x5f, 0x82, 0x09, 0xe2, 0x74, 0xf9, 0x41, 0x40, 0xbc, 0x64, 0xe1,
-	0xa3, 0xba, 0x23, 0x9a, 0x70, 0x20, 0xd3, 0x7f, 0x54, 0x4e, 0x8c, 0x8a, 0x97, 0xf0, 0x77, 0x4e,
-	0x2d, 0x38, 0xd4, 0x61, 0x22, 0x37, 0x40, 0xb6, 0x42, 0x6a, 0x29, 0x62, 0xfe, 0x6b, 0xa3, 0xc4,
-	0x7c, 0xb4, 0xb6, 0xe6, 0x12, 0x4b, 0xf4, 0x2d, 0x18, 0x27, 0xa2, 0x0b, 0x51, 0xb1, 0x6f, 0x8e,
-	0xd2, 0x45, 0x98, 0x7e, 0xc3, 0x94, 0x2d, 0xdb, 0x24, 0x2a, 0x7a, 0x89, 0xcd, 0x17, 0xd3, 0x65,
-	0x47, 0x1e, 0xc1, 0xcc, 0x27, 0x1b, 0x8f, 0x88, 0x61, 0xab, 0xe6, 0x07, 0x07, 0xcb, 0x10, 0x3e,
-	0xe2, 0xa8, 0x85, 0xfe, 0x3d, 0xb8, 0x94, 0x51, 0x22, 0x90, 0x19, 0x7b, 0x33, 0x24, 0x32, 0x66,
-	0xbd, 0xd8, 0x32, 0x14, 0xbf, 0xe2, 0x7c, 0xbf, 0x04, 0x20, 0xdf, 0x45, 0x9d, 0xcd, 0x97, 0x55,
-	0xa3, 0xdd, 0x0a, 0x86, 0xae, 0x9d, 0xda, 0xad, 0x60, 0x04, 0xf2, 0xe8, 0x52, 0xfc, 0x8f, 0x12,
-	0x5c, 0x0a, 0x95, 0x0b, 0xdf, 0x0a, 0x66, 0x98, 0xfc, 0xef, 0xeb, 0xaa, 0x62, 0x37, 0x75, 0xe1,
-	0xd4, 0xfd, 0xe7, 0xdd, 0xd4, 0x85, 0xbe, 0xe5, 0x54, 0xda, 0x5f, 0x97, 0xa2, 0x03, 0x18, 0xf1,
-	0xba, 0xe8, 0x14, 0x3e, 0x30, 0xfa, 0xc2, 0xdd, 0x38, 0xe9, 0x7f, 0x2e, 0xc3, 0x85, 0xe4, 0x6e,
-	0x8c, 0xdd, 0x2a, 0x68, 0xc7, 0xde, 0x2a, 0xb4, 0x60, 0x6e, 0x7b, 0x68, 0xdb, 0xfb, 0x7c, 0x0c,
-	0x91, 0xab, 0x05, 0x71, 0x1f, 0xf1, 0x7f, 0xd2, 0x72, 0xee, 0xe5, 0x0c, 0x1d, 0x9c, 0x69, 0x99,
-	0xbe, 0x64, 0x18, 0xfb, 0x77, 0x2f, 0x19, 0x2a, 0x27, 0xb8, 0x64, 0xc8, 0xbe, 0xa7, 0x29, 0x9f,
-	0xe8, 0x9e, 0xe6, 0x24, 0x37, 0x0c, 0x19, 0x49, 0xec, 0xd8, 0x52, 0xf2, 0x22, 0xcc, 0xc4, 0x6f,
-	0xbd, 0xc4, 0x5a, 0x8a, 0x8b, 0x37, 0x79, 0xc7, 0x14, 0x59, 0x4b, 0xd1, 0x8e, 0x95, 0x86, 0x7e,
-	0xa8, 0xc1, 0xe5, 0xec, 0xaf, 0x5b, 0x90, 0x0d, 0x33, 0x7d, 0xe3, 0x5e, 0xf4, 0x8b, 0x23, 0xed,
-	0x84, 0x4c, 0x89, 0x5f, 0x77, 0xac, 0xc7, 0xb0, 0x70, 0x02, 0x1b, 0xbd, 0x05, 0xd5, 0xbe, 0x71,
-	0xaf, 0x3d, 0xf4, 0x7a, 0xe4, 0xc4, 0x8c, 0x8c, 0x6f, 0xa3, 0x75, 0x89, 0x82, 0x15, 0x9e, 0xfe,
-	0x99, 0x06, 0xf3, 0x39, 0x97, 0x18, 0xff, 0x45, 0xa3, 0x7c, 0xb7, 0x04, 0x95, 0xb6, 0x69, 0xd8,
-	0xe4, 0x0c, 0x08, 0xc5, 0xab, 0x31, 0x42, 0x71, 0xdc, 0x57, 0xb2, 0xdc, 0xab, 0x5c, 0x2e, 0x81,
-	0x13, 0x5c, 0xe2, 0x89, 0x42, 0x68, 0x47, 0xd3, 0x88, 0xe7, 0x60, 0x52, 0x75, 0x3a, 0x5a, 0x76,
-	0xd3, 0x7f, 0x5e, 0x82, 0xa9, 0x48, 0x17, 0x23, 0xe6, 0xc6, 0xed, 0x58, 0x41, 0x28, 0x17, 0x78,
-	0x83, 0x14, 0xe9, 0xab, 0x16, 0x94, 0x00, 0xf1, 0x95, 0x47, 0x78, 0xaf, 0x9f, 0xae, 0x0c, 0x2f,
-	0xc2, 0x0c, 0x35, 0xbc, 0x1e, 0xa1, 0xea, 0xc8, 0x20, 0x5e, 0x9e, 0xaa, 0xcf, 0x8d, 0x3a, 0x31,
-	0x29, 0x4e, 0x68, 0x2f, 0xbe, 0x00, 0xd3, 0xb1, 0xce, 0x46, 0xf9, 0x48, 0xa3, 0xb1, 0x72, 0xff,
-	0xd3, 0xa5, 0x73, 0x1f, 0x7f, 0xba, 0x74, 0xee, 0x93, 0x4f, 0x97, 0xce, 0x7d, 0xff, 0x70, 0x49,
-	0xbb, 0x7f, 0xb8, 0xa4, 0x7d, 0x7c, 0xb8, 0xa4, 0x7d, 0x72, 0xb8, 0xa4, 0xfd, 0xed, 0x70, 0x49,
-	0xfb, 0xc9, 0x67, 0x4b, 0xe7, 0xde, 0x7a, 0xe4, 0xc8, 0xff, 0xd9, 0xf8, 0x57, 0x00, 0x00, 0x00,
-	0xff, 0xff, 0x39, 0x36, 0x95, 0x55, 0xec, 0x31, 0x00, 0x00,
+	// 2858 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xec, 0x5b, 0xcd, 0x6f, 0x24, 0x47,
+	0x15, 0xdf, 0x9e, 0xf1, 0xd8, 0xe3, 0xe7, 0xb5, 0xbd, 0x5b, 0xeb, 0xac, 0x1d, 0x2f, 0xb1, 0xa3,
+	0x46, 0x84, 0x4d, 0xd8, 0xcc, 0xb0, 0x9b, 0x64, 0xc9, 0x87, 0x94, 0xb0, 0xe3, 0xdd, 0x64, 0x9d,
+	0xd8, 0xe3, 0x49, 0xcd, 0x38, 0x41, 0x11, 0x01, 0xda, 0x3d, 0xe5, 0x71, 0xc7, 0x3d, 0xdd, 0xa3,
+	0xee, 0x1a, 0xb3, 0xbe, 0x81, 0xe0, 0x92, 0x13, 0x5c, 0x02, 0x1c, 0x91, 0x90, 0xb8, 0x72, 0xe5,
+	0x10, 0x22, 0x10, 0x41, 0x5a, 0x21, 0x0e, 0x91, 0x38, 0x90, 0x93, 0x45, 0x9c, 0x13, 0xe2, 0x1f,
+	0x40, 0x7b, 0x42, 0xf5, 0xd1, 0xd5, 0xdf, 0x76, 0x8f, 0xf1, 0x5a, 0x04, 0x71, 0x5a, 0x4f, 0xbd,
+	0xf7, 0x7e, 0xf5, 0xaa, 0xea, 0xd5, 0x7b, 0xbf, 0xaa, 0xea, 0x85, 0x57, 0x77, 0x9f, 0xf7, 0x6b,
+	0x96, 0x5b, 0xdf, 0x1d, 0x6e, 0x11, 0xcf, 0x21, 0x94, 0xf8, 0xf5, 0x3d, 0xe2, 0x74, 0x5d, 0xaf,
+	0x2e, 0x05, 0xc6, 0xc0, 0xaa, 0x93, 0x7b, 0x94, 0x38, 0xbe, 0xe5, 0x3a, 0x7e, 0x7d, 0xef, 0xfa,
+	0x16, 0xa1, 0xc6, 0xf5, 0x7a, 0x8f, 0x38, 0xc4, 0x33, 0x28, 0xe9, 0xd6, 0x06, 0x9e, 0x4b, 0x5d,
+	0xf4, 0x98, 0x50, 0xaf, 0x19, 0x03, 0xab, 0x16, 0xaa, 0xd7, 0xa4, 0xfa, 0xe2, 0xd3, 0x3d, 0x8b,
+	0xee, 0x0c, 0xb7, 0x6a, 0xa6, 0xdb, 0xaf, 0xf7, 0xdc, 0x9e, 0x5b, 0xe7, 0x56, 0x5b, 0xc3, 0x6d,
+	0xfe, 0x8b, 0xff, 0xe0, 0x7f, 0x09, 0xb4, 0x45, 0x3d, 0xd2, 0xb9, 0xe9, 0x7a, 0xa4, 0xbe, 0x97,
+	0xea, 0x71, 0xf1, 0xd9, 0x50, 0xa7, 0x6f, 0x98, 0x3b, 0x96, 0x43, 0xbc, 0xfd, 0xfa, 0x60, 0xb7,
+	0xc7, 0x1a, 0xfc, 0x7a, 0x9f, 0x50, 0x23, 0xcb, 0xaa, 0x9e, 0x67, 0xe5, 0x0d, 0x1d, 0x6a, 0xf5,
+	0x49, 0xca, 0xe0, 0xe6, 0x71, 0x06, 0xbe, 0xb9, 0x43, 0xfa, 0x46, 0xca, 0xee, 0x99, 0x3c, 0xbb,
+	0x21, 0xb5, 0xec, 0xba, 0xe5, 0x50, 0x9f, 0x7a, 0x49, 0x23, 0xfd, 0x83, 0x12, 0x4c, 0xde, 0x36,
+	0x48, 0xdf, 0x75, 0xda, 0x84, 0xa2, 0xef, 0x41, 0x95, 0x0d, 0xa3, 0x6b, 0x50, 0x63, 0x41, 0x7b,
+	0x5c, 0xbb, 0x3a, 0x75, 0xe3, 0xeb, 0xb5, 0x70, 0x9a, 0x15, 0x6a, 0x6d, 0xb0, 0xdb, 0x63, 0x0d,
+	0x7e, 0x8d, 0x69, 0xd7, 0xf6, 0xae, 0xd7, 0x36, 0xb6, 0xde, 0x23, 0x26, 0x5d, 0x27, 0xd4, 0x68,
+	0xa0, 0xfb, 0x07, 0xcb, 0xe7, 0x0e, 0x0f, 0x96, 0x21, 0x6c, 0xc3, 0x0a, 0x15, 0x35, 0x61, 0xcc,
+	0x1f, 0x10, 0x73, 0xa1, 0xc4, 0xd1, 0xaf, 0xd5, 0x8e, 0x5c, 0xc4, 0x9a, 0xf2, 0xac, 0x3d, 0x20,
+	0x66, 0xe3, 0xbc, 0x44, 0x1e, 0x63, 0xbf, 0x30, 0xc7, 0x41, 0x6f, 0xc1, 0xb8, 0x4f, 0x0d, 0x3a,
+	0xf4, 0x17, 0xca, 0x1c, 0xb1, 0x56, 0x18, 0x91, 0x5b, 0x35, 0x66, 0x24, 0xe6, 0xb8, 0xf8, 0x8d,
+	0x25, 0x9a, 0xfe, 0x8f, 0x12, 0x20, 0xa5, 0xbb, 0xe2, 0x3a, 0x5d, 0x8b, 0x5a, 0xae, 0x83, 0x5e,
+	0x84, 0x31, 0xba, 0x3f, 0x20, 0x7c, 0x72, 0x26, 0x1b, 0x4f, 0x04, 0x0e, 0x75, 0xf6, 0x07, 0xe4,
+	0xc1, 0xc1, 0xf2, 0xe5, 0xb4, 0x05, 0x93, 0x60, 0x6e, 0x83, 0xd6, 0x94, 0xab, 0x25, 0x6e, 0xfd,
+	0x6c, 0xbc, 0xeb, 0x07, 0x07, 0xcb, 0x19, 0x41, 0x58, 0x53, 0x48, 0x71, 0x07, 0xd1, 0x1e, 0x20,
+	0xdb, 0xf0, 0x69, 0xc7, 0x33, 0x1c, 0x5f, 0xf4, 0x64, 0xf5, 0x89, 0x9c, 0x84, 0xa7, 0x8a, 0x2d,
+	0x1a, 0xb3, 0x68, 0x2c, 0x4a, 0x2f, 0xd0, 0x5a, 0x0a, 0x0d, 0x67, 0xf4, 0x80, 0x9e, 0x80, 0x71,
+	0x8f, 0x18, 0xbe, 0xeb, 0x2c, 0x8c, 0xf1, 0x51, 0xa8, 0x09, 0xc4, 0xbc, 0x15, 0x4b, 0x29, 0x7a,
+	0x12, 0x26, 0xfa, 0xc4, 0xf7, 0x8d, 0x1e, 0x59, 0xa8, 0x70, 0xc5, 0x59, 0xa9, 0x38, 0xb1, 0x2e,
+	0x9a, 0x71, 0x20, 0xd7, 0x3f, 0xd4, 0x60, 0x5a, 0xcd, 0xdc, 0x9a, 0xe5, 0x53, 0xf4, 0xed, 0x54,
+	0x1c, 0xd6, 0x8a, 0x0d, 0x89, 0x59, 0xf3, 0x28, 0xbc, 0x20, 0x7b, 0xab, 0x06, 0x2d, 0x91, 0x18,
+	0x5c, 0x87, 0x8a, 0x45, 0x49, 0x9f, 0xad, 0x43, 0xf9, 0xea, 0xd4, 0x8d, 0xab, 0x45, 0x43, 0xa6,
+	0x31, 0x2d, 0x41, 0x2b, 0xab, 0xcc, 0x1c, 0x0b, 0x14, 0xfd, 0x67, 0x63, 0x11, 0xf7, 0x59, 0x68,
+	0xa2, 0x77, 0xa1, 0xea, 0x13, 0x9b, 0x98, 0xd4, 0xf5, 0xa4, 0xfb, 0xcf, 0x14, 0x74, 0xdf, 0xd8,
+	0x22, 0x76, 0x5b, 0x9a, 0x36, 0xce, 0x33, 0xff, 0x83, 0x5f, 0x58, 0x41, 0xa2, 0x37, 0xa1, 0x4a,
+	0x49, 0x7f, 0x60, 0x1b, 0x94, 0xc8, 0x7d, 0xf4, 0xe5, 0xe8, 0x10, 0x58, 0xe4, 0x30, 0xb0, 0x96,
+	0xdb, 0xed, 0x48, 0x35, 0xbe, 0x7d, 0xd4, 0x94, 0x04, 0xad, 0x58, 0xc1, 0xa0, 0x3d, 0x98, 0x19,
+	0x0e, 0xba, 0x4c, 0x93, 0xb2, 0xec, 0xd0, 0xdb, 0x97, 0x91, 0x74, 0xb3, 0xe8, 0xdc, 0x6c, 0xc6,
+	0xac, 0x1b, 0x97, 0x65, 0x5f, 0x33, 0xf1, 0x76, 0x9c, 0xe8, 0x05, 0xdd, 0x82, 0xd9, 0xbe, 0xe5,
+	0x60, 0x62, 0x74, 0xf7, 0xdb, 0xc4, 0x74, 0x9d, 0xae, 0xcf, 0xc3, 0xaa, 0xd2, 0x98, 0x97, 0x00,
+	0xb3, 0xeb, 0x71, 0x31, 0x4e, 0xea, 0xa3, 0xd7, 0x01, 0x05, 0xc3, 0x78, 0x4d, 0x24, 0x37, 0xcb,
+	0x75, 0x78, 0xcc, 0x95, 0xc3, 0xe0, 0xee, 0xa4, 0x34, 0x70, 0x86, 0x15, 0x5a, 0x83, 0x39, 0x8f,
+	0xec, 0x59, 0x6c, 0x8c, 0x77, 0x2d, 0x9f, 0xba, 0xde, 0xfe, 0x9a, 0xd5, 0xb7, 0xe8, 0xc2, 0x38,
+	0xf7, 0x69, 0xe1, 0xf0, 0x60, 0x79, 0x0e, 0x67, 0xc8, 0x71, 0xa6, 0x95, 0xfe, 0xf3, 0x71, 0x98,
+	0x4d, 0xe4, 0x1b, 0xf4, 0x16, 0x5c, 0x36, 0x87, 0x9e, 0x47, 0x1c, 0xda, 0x1c, 0xf6, 0xb7, 0x88,
+	0xd7, 0x36, 0x77, 0x48, 0x77, 0x68, 0x93, 0x2e, 0x0f, 0x94, 0x4a, 0x63, 0x49, 0x7a, 0x7c, 0x79,
+	0x25, 0x53, 0x0b, 0xe7, 0x58, 0xb3, 0x59, 0x70, 0x78, 0xd3, 0xba, 0xe5, 0xfb, 0x0a, 0xb3, 0xc4,
+	0x31, 0xd5, 0x2c, 0x34, 0x53, 0x1a, 0x38, 0xc3, 0x8a, 0xf9, 0xd8, 0x25, 0xbe, 0xe5, 0x91, 0x6e,
+	0xd2, 0xc7, 0x72, 0xdc, 0xc7, 0xdb, 0x99, 0x5a, 0x38, 0xc7, 0x1a, 0x3d, 0x07, 0x53, 0xa2, 0x37,
+	0xbe, 0x7e, 0x72, 0xa1, 0x2f, 0x49, 0xb0, 0xa9, 0x66, 0x28, 0xc2, 0x51, 0x3d, 0x36, 0x34, 0x77,
+	0xcb, 0x27, 0xde, 0x1e, 0xe9, 0xe6, 0x2f, 0xf0, 0x46, 0x4a, 0x03, 0x67, 0x58, 0xb1, 0xa1, 0x89,
+	0x08, 0x4c, 0x0d, 0x6d, 0x3c, 0x3e, 0xb4, 0xcd, 0x4c, 0x2d, 0x9c, 0x63, 0xcd, 0xe2, 0x58, 0xb8,
+	0x7c, 0x6b, 0xcf, 0xb0, 0x6c, 0x63, 0xcb, 0x26, 0x0b, 0x13, 0xf1, 0x38, 0x6e, 0xc6, 0xc5, 0x38,
+	0xa9, 0x8f, 0x5e, 0x83, 0x8b, 0xa2, 0x69, 0xd3, 0x31, 0x14, 0x48, 0x95, 0x83, 0x3c, 0x2a, 0x41,
+	0x2e, 0x36, 0x93, 0x0a, 0x38, 0x6d, 0x83, 0x5e, 0x84, 0x19, 0xd3, 0xb5, 0x6d, 0x1e, 0x8f, 0x2b,
+	0xee, 0xd0, 0xa1, 0x0b, 0x93, 0x1c, 0x05, 0xb1, 0xfd, 0xb8, 0x12, 0x93, 0xe0, 0x84, 0x26, 0x22,
+	0x00, 0x66, 0x50, 0x70, 0xfc, 0x05, 0xe0, 0xf9, 0xf1, 0x7a, 0xd1, 0x1c, 0xa0, 0x4a, 0x55, 0xc8,
+	0x01, 0x54, 0x93, 0x8f, 0x23, 0xc0, 0xfa, 0x9f, 0x35, 0x98, 0xcf, 0x49, 0x1d, 0xe8, 0x95, 0x58,
+	0x89, 0xfd, 0x5a, 0xa2, 0xc4, 0x5e, 0xc9, 0x31, 0x8b, 0xd4, 0x59, 0x07, 0xa6, 0x3d, 0x36, 0x2a,
+	0xa7, 0x27, 0x54, 0x64, 0x8e, 0x7c, 0xee, 0x98, 0x61, 0xe0, 0xa8, 0x4d, 0x98, 0xf3, 0x2f, 0x1e,
+	0x1e, 0x2c, 0x4f, 0xc7, 0x64, 0x38, 0x0e, 0xaf, 0xff, 0xa2, 0x04, 0x70, 0x9b, 0x0c, 0x6c, 0x77,
+	0xbf, 0x4f, 0x9c, 0xb3, 0xe0, 0x50, 0x1b, 0x31, 0x0e, 0xf5, 0xf4, 0x71, 0xcb, 0xa3, 0x5c, 0xcb,
+	0x25, 0x51, 0x6f, 0x27, 0x48, 0x54, 0xbd, 0x38, 0xe4, 0xd1, 0x2c, 0xea, 0x6f, 0x65, 0xb8, 0x14,
+	0x2a, 0x87, 0x34, 0xea, 0xa5, 0xd8, 0x1a, 0x7f, 0x35, 0xb1, 0xc6, 0xf3, 0x19, 0x26, 0x0f, 0x8d,
+	0x47, 0xbd, 0x07, 0x33, 0x8c, 0xe5, 0x88, 0xb5, 0xe4, 0x1c, 0x6a, 0x7c, 0x64, 0x0e, 0xa5, 0xaa,
+	0xdd, 0x5a, 0x0c, 0x09, 0x27, 0x90, 0x73, 0x38, 0xdb, 0xc4, 0x17, 0x91, 0xb3, 0x7d, 0xa4, 0xc1,
+	0x4c, 0xb8, 0x4c, 0x67, 0x40, 0xda, 0x9a, 0x71, 0xd2, 0xf6, 0x64, 0xe1, 0x10, 0xcd, 0x61, 0x6d,
+	0xff, 0x62, 0x04, 0x5f, 0x29, 0xb1, 0x0d, 0xbe, 0x65, 0x98, 0xbb, 0xe8, 0x71, 0x18, 0x73, 0x8c,
+	0x7e, 0x10, 0x99, 0x6a, 0xb3, 0x34, 0x8d, 0x3e, 0xc1, 0x5c, 0x82, 0x3e, 0xd0, 0x00, 0xc9, 0x2a,
+	0x70, 0xcb, 0x71, 0x5c, 0x6a, 0x88, 0x5c, 0x29, 0xdc, 0x5a, 0x2d, 0xec, 0x56, 0xd0, 0x63, 0x6d,
+	0x33, 0x85, 0x75, 0xc7, 0xa1, 0xde, 0x7e, 0xb8, 0xc8, 0x69, 0x05, 0x9c, 0xe1, 0x00, 0x32, 0x00,
+	0x3c, 0x89, 0xd9, 0x71, 0xe5, 0x46, 0x7e, 0xba, 0x40, 0xce, 0x63, 0x06, 0x2b, 0xae, 0xb3, 0x6d,
+	0xf5, 0xc2, 0xb4, 0x83, 0x15, 0x10, 0x8e, 0x80, 0x2e, 0xde, 0x81, 0xf9, 0x1c, 0x6f, 0xd1, 0x05,
+	0x28, 0xef, 0x92, 0x7d, 0x31, 0x6d, 0x98, 0xfd, 0x89, 0xe6, 0xa0, 0xb2, 0x67, 0xd8, 0x43, 0x91,
+	0x7e, 0x27, 0xb1, 0xf8, 0xf1, 0x62, 0xe9, 0x79, 0x4d, 0xff, 0xb0, 0x12, 0x8d, 0x1d, 0xce, 0x98,
+	0xaf, 0x42, 0xd5, 0x23, 0x03, 0xdb, 0x32, 0x0d, 0x5f, 0x12, 0x21, 0x4e, 0x7e, 0xb1, 0x6c, 0xc3,
+	0x4a, 0x1a, 0xe3, 0xd6, 0xa5, 0x87, 0xcb, 0xad, 0xcb, 0xa7, 0xc3, 0xad, 0xbf, 0x0b, 0x55, 0x3f,
+	0x60, 0xd5, 0x63, 0x1c, 0xf2, 0xfa, 0x08, 0xf9, 0x55, 0x12, 0x6a, 0xd5, 0x81, 0xa2, 0xd2, 0x0a,
+	0x34, 0x8b, 0x44, 0x57, 0x46, 0x24, 0xd1, 0xa7, 0x4a, 0x7c, 0x59, 0xbe, 0x19, 0x18, 0x43, 0x9f,
+	0x74, 0x79, 0x6e, 0xab, 0x86, 0xf9, 0xa6, 0xc5, 0x5b, 0xb1, 0x94, 0xa2, 0x77, 0x63, 0x21, 0x5b,
+	0x3d, 0x49, 0xc8, 0xce, 0xe4, 0x87, 0x2b, 0xda, 0x84, 0xf9, 0x81, 0xe7, 0xf6, 0x3c, 0xe2, 0xfb,
+	0xb7, 0x89, 0xd1, 0xb5, 0x2d, 0x87, 0x04, 0xf3, 0x23, 0x18, 0xd1, 0x95, 0xc3, 0x83, 0xe5, 0xf9,
+	0x56, 0xb6, 0x0a, 0xce, 0xb3, 0xd5, 0xef, 0x8f, 0xc1, 0x85, 0x64, 0x05, 0xcc, 0x21, 0xa9, 0xda,
+	0x89, 0x48, 0xea, 0xb5, 0xc8, 0x66, 0x10, 0x0c, 0x5e, 0xad, 0x7e, 0xc6, 0x86, 0xb8, 0x05, 0xb3,
+	0x32, 0x1b, 0x04, 0x42, 0x49, 0xd3, 0xd5, 0xea, 0x6f, 0xc6, 0xc5, 0x38, 0xa9, 0x8f, 0x5e, 0x82,
+	0x69, 0x8f, 0xf3, 0xee, 0x00, 0x40, 0x70, 0xd7, 0x47, 0x24, 0xc0, 0x34, 0x8e, 0x0a, 0x71, 0x5c,
+	0x97, 0xf1, 0xd6, 0x90, 0x8e, 0x06, 0x00, 0x63, 0x71, 0xde, 0x7a, 0x2b, 0xa9, 0x80, 0xd3, 0x36,
+	0x68, 0x1d, 0x2e, 0x0d, 0x9d, 0x34, 0x94, 0x08, 0xe5, 0x2b, 0x12, 0xea, 0xd2, 0x66, 0x5a, 0x05,
+	0x67, 0xd9, 0xa1, 0xed, 0x18, 0x95, 0x1d, 0xe7, 0xe9, 0xf9, 0x46, 0xe1, 0x8d, 0x57, 0x98, 0xcb,
+	0x66, 0xd0, 0xed, 0x6a, 0x51, 0xba, 0xad, 0xff, 0x41, 0x8b, 0x16, 0x21, 0x45, 0x81, 0x8f, 0xbb,
+	0x65, 0x4a, 0x59, 0x44, 0xd8, 0x91, 0x9b, 0xcd, 0x7e, 0x6f, 0x8e, 0xc4, 0x7e, 0xc3, 0xe2, 0x79,
+	0x3c, 0xfd, 0xfd, 0xa3, 0x06, 0xb3, 0x77, 0x3b, 0x9d, 0xd6, 0xaa, 0xc3, 0x77, 0x4b, 0xcb, 0xa0,
+	0x3b, 0xac, 0x8a, 0x0e, 0x0c, 0xba, 0x93, 0xac, 0xa2, 0x4c, 0x86, 0xb9, 0x04, 0x3d, 0x0b, 0x55,
+	0xf6, 0x2f, 0x73, 0x9c, 0x87, 0xeb, 0x24, 0x4f, 0x32, 0xd5, 0x96, 0x6c, 0x7b, 0x10, 0xf9, 0x1b,
+	0x2b, 0x4d, 0xf4, 0x2d, 0x98, 0x60, 0x7b, 0x9b, 0x38, 0xdd, 0x82, 0xe4, 0x57, 0x3a, 0xd5, 0x10,
+	0x46, 0x21, 0x9f, 0x91, 0x0d, 0x38, 0x80, 0xd3, 0x77, 0x61, 0x2e, 0x32, 0x08, 0x3c, 0xb4, 0xc9,
+	0x5b, 0xac, 0x5e, 0xa1, 0x36, 0x54, 0x58, 0xef, 0xac, 0x2a, 0x95, 0x0b, 0x5c, 0x2f, 0x26, 0x26,
+	0x22, 0xe4, 0x1e, 0xec, 0x97, 0x8f, 0x05, 0x96, 0xbe, 0x01, 0x13, 0xab, 0xad, 0x86, 0xed, 0x0a,
+	0xbe, 0x61, 0x5a, 0x5d, 0x2f, 0x39, 0x53, 0x2b, 0xab, 0xb7, 0x31, 0xe6, 0x12, 0xa4, 0xc3, 0x38,
+	0xb9, 0x67, 0x92, 0x01, 0xe5, 0x14, 0x63, 0xb2, 0x01, 0x2c, 0x91, 0xde, 0xe1, 0x2d, 0x58, 0x4a,
+	0xf4, 0x9f, 0x94, 0x60, 0x42, 0x76, 0x7b, 0x06, 0xe7, 0x8f, 0xb5, 0xd8, 0xf9, 0xe3, 0xa9, 0x62,
+	0x4b, 0x90, 0x7b, 0xf8, 0xe8, 0x24, 0x0e, 0x1f, 0xd7, 0x0a, 0xe2, 0x1d, 0x7d, 0xf2, 0x78, 0xbf,
+	0x04, 0x33, 0xf1, 0xc5, 0x47, 0xcf, 0xc1, 0x14, 0x4b, 0xb5, 0x96, 0x49, 0x9a, 0x21, 0xc3, 0x53,
+	0xd7, 0x0f, 0xed, 0x50, 0x84, 0xa3, 0x7a, 0xa8, 0xa7, 0xcc, 0x5a, 0xae, 0x47, 0xe5, 0xa0, 0xf3,
+	0xa7, 0x74, 0x48, 0x2d, 0xbb, 0x26, 0x2e, 0xdb, 0x6b, 0xab, 0x0e, 0xdd, 0xf0, 0xda, 0xd4, 0xb3,
+	0x9c, 0x5e, 0xaa, 0x23, 0x06, 0x86, 0xa3, 0xc8, 0xe8, 0x6d, 0x96, 0xf6, 0x7d, 0x77, 0xe8, 0x99,
+	0x24, 0x8b, 0xbe, 0x05, 0xd4, 0x83, 0x6d, 0x84, 0xee, 0x9a, 0x6b, 0x1a, 0xb6, 0x58, 0x1c, 0x4c,
+	0xb6, 0x89, 0x47, 0x1c, 0x93, 0x04, 0x94, 0x49, 0x40, 0x60, 0x05, 0xa6, 0xff, 0x56, 0x83, 0x29,
+	0x39, 0x17, 0x67, 0x40, 0xd4, 0xdf, 0x88, 0x13, 0xf5, 0x27, 0x0a, 0xee, 0xd0, 0x6c, 0x96, 0xfe,
+	0x3b, 0x0d, 0x16, 0x03, 0xd7, 0x5d, 0xa3, 0xdb, 0x30, 0x6c, 0xc3, 0x31, 0x89, 0x17, 0xc4, 0xfa,
+	0x22, 0x94, 0xac, 0x81, 0x5c, 0x49, 0x90, 0x00, 0xa5, 0xd5, 0x16, 0x2e, 0x59, 0x03, 0x56, 0x45,
+	0x77, 0x5c, 0x9f, 0x72, 0x36, 0x2f, 0x0e, 0x8a, 0xca, 0xeb, 0xbb, 0xb2, 0x1d, 0x2b, 0x0d, 0xb4,
+	0x09, 0x95, 0x81, 0xeb, 0x51, 0x56, 0xb9, 0xca, 0x89, 0xf5, 0x3d, 0xc2, 0x6b, 0xb6, 0x6e, 0x32,
+	0x10, 0xc3, 0x9d, 0xce, 0x60, 0xb0, 0x40, 0xd3, 0x7f, 0xa8, 0xc1, 0xa3, 0x19, 0xfe, 0x4b, 0xd2,
+	0xd0, 0x85, 0x09, 0x4b, 0x08, 0x65, 0x7a, 0x79, 0xa1, 0x58, 0xb7, 0x19, 0x53, 0x11, 0xa6, 0xb6,
+	0x20, 0x85, 0x05, 0xd0, 0xfa, 0xaf, 0x34, 0xb8, 0x98, 0xf2, 0x97, 0xa7, 0x68, 0x16, 0xcf, 0x92,
+	0x6d, 0xab, 0x14, 0xcd, 0xc2, 0x92, 0x4b, 0xd0, 0x1b, 0x50, 0xe5, 0x6f, 0x44, 0xa6, 0x6b, 0xcb,
+	0x09, 0xac, 0x07, 0x13, 0xd8, 0x92, 0xed, 0x0f, 0x0e, 0x96, 0xaf, 0x64, 0x9c, 0xb5, 0x03, 0x31,
+	0x56, 0x00, 0x68, 0x19, 0x2a, 0xc4, 0xf3, 0x5c, 0x4f, 0x26, 0xfb, 0x49, 0x36, 0x53, 0x77, 0x58,
+	0x03, 0x16, 0xed, 0xfa, 0xaf, 0xc3, 0x20, 0x65, 0xd9, 0x97, 0xf9, 0xc7, 0x16, 0x27, 0x99, 0x18,
+	0xd9, 0xd2, 0x61, 0x2e, 0x41, 0x43, 0xb8, 0x60, 0x25, 0xd2, 0xb5, 0xdc, 0x9d, 0xf5, 0x62, 0xd3,
+	0xa8, 0xcc, 0x1a, 0x0b, 0x12, 0xfe, 0x42, 0x52, 0x82, 0x53, 0x5d, 0xe8, 0x04, 0x52, 0x5a, 0xe8,
+	0x4d, 0x18, 0xdb, 0xa1, 0x74, 0x90, 0x71, 0xd9, 0x7f, 0x4c, 0x91, 0x08, 0x5d, 0xa8, 0xf2, 0xd1,
+	0x75, 0x3a, 0x2d, 0xcc, 0xa1, 0xf4, 0xdf, 0x97, 0xd4, 0x7c, 0xf0, 0x13, 0xd2, 0x37, 0xd5, 0x68,
+	0x57, 0x6c, 0xc3, 0xf7, 0x79, 0x0a, 0x13, 0xa7, 0xf9, 0xb9, 0x88, 0xe3, 0x4a, 0x86, 0x53, 0xda,
+	0xa8, 0x13, 0x16, 0x4f, 0xed, 0x24, 0xc5, 0x73, 0x2a, 0xab, 0x70, 0xa2, 0xbb, 0x50, 0xa6, 0x76,
+	0xd1, 0x53, 0xb9, 0x44, 0xec, 0xac, 0xb5, 0x1b, 0x53, 0x72, 0xca, 0xcb, 0x9d, 0xb5, 0x36, 0x66,
+	0x10, 0x68, 0x03, 0x2a, 0xde, 0xd0, 0x26, 0xac, 0x0e, 0x94, 0x8b, 0xd7, 0x15, 0x36, 0x83, 0xe1,
+	0xe6, 0x63, 0xbf, 0x7c, 0x2c, 0x70, 0xf4, 0x1f, 0x69, 0x30, 0x1d, 0xab, 0x16, 0xc8, 0x83, 0xf3,
+	0x76, 0x64, 0xef, 0xc8, 0x79, 0x78, 0x7e, 0xf4, 0x5d, 0x27, 0x37, 0xfd, 0x9c, 0xec, 0xf7, 0x7c,
+	0x54, 0x86, 0x63, 0x7d, 0xe8, 0x06, 0x40, 0x38, 0x6c, 0xb6, 0x0f, 0x58, 0xf0, 0x8a, 0x0d, 0x2f,
+	0xf7, 0x01, 0x8b, 0x69, 0x1f, 0x8b, 0x76, 0x74, 0x03, 0xc0, 0x27, 0xa6, 0x47, 0x68, 0x33, 0x4c,
+	0x5c, 0xaa, 0x1c, 0xb7, 0x95, 0x04, 0x47, 0xb4, 0xf4, 0x3f, 0x69, 0x30, 0xdd, 0x24, 0xf4, 0xfb,
+	0xae, 0xb7, 0xdb, 0x72, 0x6d, 0xcb, 0xdc, 0x3f, 0x03, 0x12, 0x80, 0x63, 0x24, 0xe0, 0xb8, 0x7c,
+	0x19, 0xf3, 0x2e, 0x8f, 0x0a, 0xe8, 0x1f, 0x69, 0x30, 0x1f, 0xd3, 0xbc, 0x13, 0xe6, 0x03, 0x95,
+	0xa0, 0xb5, 0x42, 0x09, 0x3a, 0x06, 0xc3, 0x92, 0x5a, 0x76, 0x82, 0x46, 0x6b, 0x50, 0xa2, 0xae,
+	0x8c, 0xde, 0xd1, 0x30, 0x09, 0xf1, 0xc2, 0x9a, 0xd3, 0x71, 0x71, 0x89, 0xba, 0x6c, 0x21, 0x16,
+	0x62, 0x5a, 0xd1, 0x8c, 0xf6, 0x90, 0x46, 0x80, 0x61, 0x6c, 0xdb, 0x73, 0xfb, 0x27, 0x1e, 0x83,
+	0x5a, 0x88, 0x57, 0x3d, 0xb7, 0x8f, 0x39, 0x96, 0xfe, 0xb1, 0x06, 0x17, 0x63, 0x9a, 0x67, 0xc0,
+	0x1b, 0xde, 0x8c, 0xf3, 0x86, 0x6b, 0xa3, 0x0c, 0x24, 0x87, 0x3d, 0x7c, 0x5c, 0x4a, 0x0c, 0x83,
+	0x0d, 0x18, 0x6d, 0xc3, 0xd4, 0xc0, 0xed, 0xb6, 0x4f, 0xe1, 0x81, 0x76, 0x96, 0xf1, 0xb9, 0x56,
+	0x88, 0x85, 0xa3, 0xc0, 0xe8, 0x1e, 0x5c, 0x64, 0xd4, 0xc2, 0x1f, 0x18, 0x26, 0x69, 0x9f, 0xc2,
+	0x95, 0xd5, 0x23, 0xfc, 0x05, 0x28, 0x89, 0x88, 0xd3, 0x9d, 0xa0, 0x75, 0x98, 0xb0, 0x06, 0xfc,
+	0x7c, 0x21, 0x89, 0xe4, 0xb1, 0x24, 0x4c, 0x9c, 0x46, 0x44, 0x8a, 0x97, 0x3f, 0x70, 0x80, 0xa1,
+	0xff, 0x35, 0x19, 0x0d, 0x9c, 0xae, 0xbe, 0x16, 0xa1, 0x07, 0xf2, 0xad, 0xe6, 0x64, 0xd4, 0xa0,
+	0x29, 0x99, 0xc8, 0x49, 0x99, 0x75, 0x35, 0xc1, 0x5b, 0xbe, 0x02, 0x13, 0xc4, 0xe9, 0x72, 0xb2,
+	0x2e, 0x2e, 0x42, 0xf8, 0xa8, 0xee, 0x88, 0x26, 0x1c, 0xc8, 0xf4, 0x1f, 0x97, 0x13, 0xa3, 0xe2,
+	0x65, 0xf6, 0xbd, 0x53, 0x0b, 0x0e, 0x45, 0xf8, 0x73, 0x03, 0x64, 0x2b, 0xa4, 0x7f, 0x22, 0xe6,
+	0xbf, 0x31, 0x4a, 0xcc, 0x47, 0xeb, 0x5f, 0x2e, 0xf9, 0x43, 0xdf, 0x81, 0x71, 0x22, 0xba, 0x10,
+	0x55, 0xf5, 0xe6, 0x28, 0x5d, 0x84, 0xe9, 0x37, 0x3c, 0x67, 0xc9, 0x36, 0x89, 0x8a, 0x5e, 0x61,
+	0xf3, 0xc5, 0x74, 0xd9, 0xb1, 0x44, 0xb0, 0xe7, 0xc9, 0xc6, 0x63, 0x62, 0xd8, 0xaa, 0xf9, 0xc1,
+	0xc1, 0x32, 0x84, 0x3f, 0x71, 0xd4, 0x82, 0xbf, 0x9e, 0xc9, 0x3b, 0x9b, 0xb3, 0xf9, 0x02, 0x69,
+	0xb4, 0xd7, 0xb3, 0xd0, 0xb5, 0x53, 0x7b, 0x3d, 0x8b, 0x40, 0x1e, 0x7d, 0x86, 0xfd, 0x67, 0x09,
+	0x2e, 0x85, 0xca, 0x85, 0x5f, 0xcf, 0x32, 0x4c, 0xfe, 0xff, 0x15, 0x52, 0xb1, 0x17, 0xad, 0x70,
+	0xea, 0xfe, 0xfb, 0x5e, 0xb4, 0x42, 0xdf, 0x72, 0xaa, 0xdd, 0x6f, 0x4a, 0xd1, 0x01, 0x8c, 0xf8,
+	0xac, 0x72, 0x0a, 0x1f, 0xe2, 0x7c, 0xe1, 0x5e, 0x66, 0xf4, 0xbf, 0x94, 0xe1, 0x42, 0x72, 0x37,
+	0xc6, 0x6e, 0xdf, 0xb5, 0x63, 0x6f, 0xdf, 0x5b, 0x30, 0xb7, 0x3d, 0xb4, 0xed, 0x7d, 0x3e, 0x86,
+	0xc8, 0x15, 0xbc, 0xb8, 0xb7, 0xff, 0x92, 0xb4, 0x9c, 0x7b, 0x35, 0x43, 0x07, 0x67, 0x5a, 0xa6,
+	0x2f, 0xe3, 0xc7, 0xfe, 0xd3, 0xcb, 0xf8, 0xca, 0x09, 0x2e, 0xe3, 0xb3, 0xdf, 0x33, 0xca, 0x27,
+	0x7a, 0xcf, 0x38, 0xc9, 0x4d, 0x7c, 0x46, 0x12, 0x3b, 0xf6, 0xab, 0x92, 0x97, 0x61, 0x26, 0xfe,
+	0x3a, 0x24, 0xd6, 0x52, 0x3c, 0x50, 0xc9, 0xb7, 0x98, 0xc8, 0x5a, 0x8a, 0x76, 0xac, 0x34, 0xf4,
+	0x43, 0x0d, 0x2e, 0x67, 0x7f, 0x05, 0x82, 0x6c, 0x98, 0xe9, 0x1b, 0xf7, 0xa2, 0x5f, 0xe6, 0x68,
+	0x27, 0x64, 0x2b, 0xfc, 0x59, 0x60, 0x3d, 0x86, 0x85, 0x13, 0xd8, 0xe8, 0x1d, 0xa8, 0xf6, 0x8d,
+	0x7b, 0xed, 0xa1, 0xd7, 0x23, 0x27, 0x66, 0x45, 0x7c, 0x1b, 0xad, 0x4b, 0x14, 0xac, 0xf0, 0xf4,
+	0xcf, 0x35, 0x98, 0xcf, 0xb9, 0xec, 0xff, 0x1f, 0x1a, 0xe5, 0xfb, 0x25, 0xa8, 0xb4, 0x4d, 0xc3,
+	0x26, 0x67, 0x40, 0x28, 0x5e, 0x8f, 0x11, 0x8a, 0xe3, 0xbe, 0x26, 0xe5, 0x5e, 0xe5, 0x72, 0x09,
+	0x9c, 0xe0, 0x12, 0x4f, 0x15, 0x42, 0x3b, 0x9a, 0x46, 0xbc, 0x00, 0x93, 0xaa, 0xd3, 0xd1, 0xb2,
+	0x9b, 0xfe, 0xcb, 0x12, 0x4c, 0x45, 0xba, 0x18, 0x31, 0x37, 0x6e, 0xc7, 0x0a, 0x42, 0xb9, 0xc0,
+	0x4d, 0x4b, 0xa4, 0xaf, 0x5a, 0x50, 0x02, 0xc4, 0xd7, 0x10, 0xe1, 0xfb, 0x77, 0xba, 0x32, 0xbc,
+	0x0c, 0x33, 0xd4, 0xf0, 0x7a, 0x84, 0x2a, 0xda, 0x2e, 0x2e, 0x19, 0xd5, 0x67, 0x39, 0x9d, 0x98,
+	0x14, 0x27, 0xb4, 0x17, 0x5f, 0x82, 0xe9, 0x58, 0x67, 0xa3, 0x7c, 0xcc, 0xd0, 0x58, 0xb9, 0xff,
+	0xd9, 0xd2, 0xb9, 0x4f, 0x3e, 0x5b, 0x3a, 0xf7, 0xe9, 0x67, 0x4b, 0xe7, 0x7e, 0x70, 0xb8, 0xa4,
+	0xdd, 0x3f, 0x5c, 0xd2, 0x3e, 0x39, 0x5c, 0xd2, 0x3e, 0x3d, 0x5c, 0xd2, 0xfe, 0x7e, 0xb8, 0xa4,
+	0xfd, 0xf4, 0xf3, 0xa5, 0x73, 0xef, 0x3c, 0x76, 0xe4, 0xff, 0x6d, 0xf8, 0x77, 0x00, 0x00, 0x00,
+	0xff, 0xff, 0xf3, 0x1c, 0xa0, 0x16, 0x14, 0x31, 0x00, 0x00,
 }
 
 func (m *DaemonSet) Marshal() (dAtA []byte, err error) {
@@ -2944,16 +2913,6 @@ func (m *NetworkPolicy) MarshalToSizedBuffer(dAtA []byte) (int, error) {
 	_ = i
 	var l int
 	_ = l
-	{
-		size, err := m.Status.MarshalToSizedBuffer(dAtA[:i])
-		if err != nil {
-			return 0, err
-		}
-		i -= size
-		i = encodeVarintGenerated(dAtA, i, uint64(size))
-	}
-	i--
-	dAtA[i] = 0x1a
 	{
 		size, err := m.Spec.MarshalToSizedBuffer(dAtA[:i])
 		if err != nil {
@@ -3302,43 +3261,6 @@ func (m *NetworkPolicySpec) MarshalToSizedBuffer(dAtA []byte) (int, error) {
 	return len(dAtA) - i, nil
 }
 
-func (m *NetworkPolicyStatus) Marshal() (dAtA []byte, err error) {
-	size := m.Size()
-	dAtA = make([]byte, size)
-	n, err := m.MarshalToSizedBuffer(dAtA[:size])
-	if err != nil {
-		return nil, err
-	}
-	return dAtA[:n], nil
-}
-
-func (m *NetworkPolicyStatus) MarshalTo(dAtA []byte) (int, error) {
-	size := m.Size()
-	return m.MarshalToSizedBuffer(dAtA[:size])
-}
-
-func (m *NetworkPolicyStatus) MarshalToSizedBuffer(dAtA []byte) (int, error) {
-	i := len(dAtA)
-	_ = i
-	var l int
-	_ = l
-	if len(m.Conditions) > 0 {
-		for iNdEx := len(m.Conditions) - 1; iNdEx >= 0; iNdEx-- {
-			{
-				size, err := m.Conditions[iNdEx].MarshalToSizedBuffer(dAtA[:i])
-				if err != nil {
-					return 0, err
-				}
-				i -= size
-				i = encodeVarintGenerated(dAtA, i, uint64(size))
-			}
-			i--
-			dAtA[i] = 0xa
-		}
-	}
-	return len(dAtA) - i, nil
-}
-
 func (m *ReplicaSet) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
@@ -4362,8 +4284,6 @@ func (m *NetworkPolicy) Size() (n int) {
 	n += 1 + l + sovGenerated(uint64(l))
 	l = m.Spec.Size()
 	n += 1 + l + sovGenerated(uint64(l))
-	l = m.Status.Size()
-	n += 1 + l + sovGenerated(uint64(l))
 	return n
 }
 
@@ -4496,21 +4416,6 @@ func (m *NetworkPolicySpec) Size() (n int) {
 	return n
 }
 
-func (m *NetworkPolicyStatus) Size() (n int) {
-	if m == nil {
-		return 0
-	}
-	var l int
-	_ = l
-	if len(m.Conditions) > 0 {
-		for _, e := range m.Conditions {
-			l = e.Size()
-			n += 1 + l + sovGenerated(uint64(l))
-		}
-	}
-	return n
-}
-
 func (m *ReplicaSet) Size() (n int) {
 	if m == nil {
 		return 0
@@ -5098,7 +5003,6 @@ func (this *NetworkPolicy) String() string {
 	s := strings.Join([]string{`&NetworkPolicy{`,
 		`ObjectMeta:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.ObjectMeta), "ObjectMeta", "v1.ObjectMeta", 1), `&`, ``, 1) + `,`,
 		`Spec:` + strings.Replace(strings.Replace(this.Spec.String(), "NetworkPolicySpec", "NetworkPolicySpec", 1), `&`, ``, 1) + `,`,
-		`Status:` + strings.Replace(strings.Replace(this.Status.String(), "NetworkPolicyStatus", "NetworkPolicyStatus", 1), `&`, ``, 1) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -5208,21 +5112,6 @@ func (this *NetworkPolicySpec) String() string {
 	}, "")
 	return s
 }
-func (this *NetworkPolicyStatus) String() string {
-	if this == nil {
-		return "nil"
-	}
-	repeatedStringForConditions := "[]Condition{"
-	for _, f := range this.Conditions {
-		repeatedStringForConditions += fmt.Sprintf("%v", f) + ","
-	}
-	repeatedStringForConditions += "}"
-	s := strings.Join([]string{`&NetworkPolicyStatus{`,
-		`Conditions:` + repeatedStringForConditions + `,`,
-		`}`,
-	}, "")
-	return s
-}
 func (this *ReplicaSet) String() string {
 	if this == nil {
 		return "nil"
@@ -9627,39 +9516,6 @@ func (m *NetworkPolicy) Unmarshal(dAtA []byte) error {
 				return err
 			}
 			iNdEx = postIndex
-		case 3:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Status", wireType)
-			}
-			var msglen int
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowGenerated
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				msglen |= int(b&0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-			if msglen < 0 {
-				return ErrInvalidLengthGenerated
-			}
-			postIndex := iNdEx + msglen
-			if postIndex < 0 {
-				return ErrInvalidLengthGenerated
-			}
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
-			}
-			if err := m.Status.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
-				return err
-			}
-			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
 			skippy, err := skipGenerated(dAtA[iNdEx:])
@@ -10514,90 +10370,6 @@ func (m *NetworkPolicySpec) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
-func (m *NetworkPolicyStatus) Unmarshal(dAtA []byte) error {
-	l := len(dAtA)
-	iNdEx := 0
-	for iNdEx < l {
-		preIndex := iNdEx
-		var wire uint64
-		for shift := uint(0); ; shift += 7 {
-			if shift >= 64 {
-				return ErrIntOverflowGenerated
-			}
-			if iNdEx >= l {
-				return io.ErrUnexpectedEOF
-			}
-			b := dAtA[iNdEx]
-			iNdEx++
-			wire |= uint64(b&0x7F) << shift
-			if b < 0x80 {
-				break
-			}
-		}
-		fieldNum := int32(wire >> 3)
-		wireType := int(wire & 0x7)
-		if wireType == 4 {
-			return fmt.Errorf("proto: NetworkPolicyStatus: wiretype end group for non-group")
-		}
-		if fieldNum <= 0 {
-			return fmt.Errorf("proto: NetworkPolicyStatus: illegal tag %d (wire type %d)", fieldNum, wire)
-		}
-		switch fieldNum {
-		case 1:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Conditions", wireType)
-			}
-			var msglen int
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowGenerated
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				msglen |= int(b&0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-			if msglen < 0 {
-				return ErrInvalidLengthGenerated
-			}
-			postIndex := iNdEx + msglen
-			if postIndex < 0 {
-				return ErrInvalidLengthGenerated
-			}
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
-			}
-			m.Conditions = append(m.Conditions, v1.Condition{})
-			if err := m.Conditions[len(m.Conditions)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
-				return err
-			}
-			iNdEx = postIndex
-		default:
-			iNdEx = preIndex
-			skippy, err := skipGenerated(dAtA[iNdEx:])
-			if err != nil {
-				return err
-			}
-			if (skippy < 0) || (iNdEx+skippy) < 0 {
-				return ErrInvalidLengthGenerated
-			}
-			if (iNdEx + skippy) > l {
-				return io.ErrUnexpectedEOF
-			}
-			iNdEx += skippy
-		}
-	}
-
-	if iNdEx > l {
-		return io.ErrUnexpectedEOF
-	}
-	return nil
-}
 func (m *ReplicaSet) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
diff --git a/vendor/k8s.io/api/extensions/v1beta1/generated.proto b/vendor/k8s.io/api/extensions/v1beta1/generated.proto
index 3ab6a093b..3f2549681 100644
--- a/vendor/k8s.io/api/extensions/v1beta1/generated.proto
+++ b/vendor/k8s.io/api/extensions/v1beta1/generated.proto
@@ -646,11 +646,6 @@ message NetworkPolicy {
   // Specification of the desired behavior for this NetworkPolicy.
   // +optional
   optional NetworkPolicySpec spec = 2;
-
-  // Status is the current state of the NetworkPolicy.
-  // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
-  // +optional
-  optional NetworkPolicyStatus status = 3;
 }
 
 // DEPRECATED 1.9 - This group version of NetworkPolicyEgressRule is deprecated by networking/v1/NetworkPolicyEgressRule.
@@ -798,18 +793,6 @@ message NetworkPolicySpec {
   repeated string policyTypes = 4;
 }
 
-// NetworkPolicyStatus describe the current state of the NetworkPolicy.
-message NetworkPolicyStatus {
-  // Conditions holds an array of metav1.Condition that describe the state of the NetworkPolicy.
-  // Current service state
-  // +optional
-  // +patchMergeKey=type
-  // +patchStrategy=merge
-  // +listType=map
-  // +listMapKey=type
-  repeated k8s.io.apimachinery.pkg.apis.meta.v1.Condition conditions = 1;
-}
-
 // DEPRECATED - This group version of ReplicaSet is deprecated by apps/v1beta2/ReplicaSet. See the release notes for
 // more information.
 // ReplicaSet ensures that a specified number of pod replicas are running at any given time.
diff --git a/vendor/k8s.io/api/extensions/v1beta1/types.go b/vendor/k8s.io/api/extensions/v1beta1/types.go
index c0ac6fa25..70b349f65 100644
--- a/vendor/k8s.io/api/extensions/v1beta1/types.go
+++ b/vendor/k8s.io/api/extensions/v1beta1/types.go
@@ -1041,10 +1041,10 @@ type NetworkPolicy struct {
 	// +optional
 	Spec NetworkPolicySpec `json:"spec,omitempty" protobuf:"bytes,2,opt,name=spec"`
 
-	// Status is the current state of the NetworkPolicy.
-	// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
-	// +optional
-	Status NetworkPolicyStatus `json:"status,omitempty" protobuf:"bytes,3,opt,name=status"`
+	// Status is tombstoned to show why 3 is a reserved protobuf tag.
+	// This commented field should remain, so in the future if we decide to reimplement
+	// NetworkPolicyStatus a different protobuf name and tag SHOULD be used!
+	// Status NetworkPolicyStatus `json:"status,omitempty" protobuf:"bytes,3,opt,name=status"`
 }
 
 // DEPRECATED 1.9 - This group version of PolicyType is deprecated by networking/v1/PolicyType.
@@ -1207,48 +1207,6 @@ type NetworkPolicyPeer struct {
 	IPBlock *IPBlock `json:"ipBlock,omitempty" protobuf:"bytes,3,rep,name=ipBlock"`
 }
 
-// NetworkPolicyConditionType is the type for status conditions on
-// a NetworkPolicy. This type should be used with the
-// NetworkPolicyStatus.Conditions field.
-type NetworkPolicyConditionType string
-
-const (
-	// NetworkPolicyConditionStatusAccepted represents status of a Network Policy that could be properly parsed by
-	// the Network Policy provider and will be implemented in the cluster
-	NetworkPolicyConditionStatusAccepted NetworkPolicyConditionType = "Accepted"
-
-	// NetworkPolicyConditionStatusPartialFailure represents status of a Network Policy that could be partially
-	// parsed by the Network Policy provider and may not be completely implemented due to a lack of a feature or some
-	// other condition
-	NetworkPolicyConditionStatusPartialFailure NetworkPolicyConditionType = "PartialFailure"
-
-	// NetworkPolicyConditionStatusFailure represents status of a Network Policy that could not be parsed by the
-	// Network Policy provider and will not be implemented in the cluster
-	NetworkPolicyConditionStatusFailure NetworkPolicyConditionType = "Failure"
-)
-
-// NetworkPolicyConditionReason defines the set of reasons that explain why a
-// particular NetworkPolicy condition type has been raised.
-type NetworkPolicyConditionReason string
-
-const (
-	// NetworkPolicyConditionReasonFeatureNotSupported represents a reason where the Network Policy may not have been
-	// implemented in the cluster due to a lack of some feature not supported by the Network Policy provider
-	NetworkPolicyConditionReasonFeatureNotSupported NetworkPolicyConditionReason = "FeatureNotSupported"
-)
-
-// NetworkPolicyStatus describe the current state of the NetworkPolicy.
-type NetworkPolicyStatus struct {
-	// Conditions holds an array of metav1.Condition that describe the state of the NetworkPolicy.
-	// Current service state
-	// +optional
-	// +patchMergeKey=type
-	// +patchStrategy=merge
-	// +listType=map
-	// +listMapKey=type
-	Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"`
-}
-
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 // +k8s:prerelease-lifecycle-gen:introduced=1.3
 // +k8s:prerelease-lifecycle-gen:deprecated=1.9
diff --git a/vendor/k8s.io/api/extensions/v1beta1/types_swagger_doc_generated.go b/vendor/k8s.io/api/extensions/v1beta1/types_swagger_doc_generated.go
index 39aaf4853..408022c9d 100644
--- a/vendor/k8s.io/api/extensions/v1beta1/types_swagger_doc_generated.go
+++ b/vendor/k8s.io/api/extensions/v1beta1/types_swagger_doc_generated.go
@@ -338,7 +338,6 @@ var map_NetworkPolicy = map[string]string{
 	"":         "DEPRECATED 1.9 - This group version of NetworkPolicy is deprecated by networking/v1/NetworkPolicy. NetworkPolicy describes what network traffic is allowed for a set of Pods",
 	"metadata": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata",
 	"spec":     "Specification of the desired behavior for this NetworkPolicy.",
-	"status":   "Status is the current state of the NetworkPolicy. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status",
 }
 
 func (NetworkPolicy) SwaggerDoc() map[string]string {
@@ -409,15 +408,6 @@ func (NetworkPolicySpec) SwaggerDoc() map[string]string {
 	return map_NetworkPolicySpec
 }
 
-var map_NetworkPolicyStatus = map[string]string{
-	"":           "NetworkPolicyStatus describe the current state of the NetworkPolicy.",
-	"conditions": "Conditions holds an array of metav1.Condition that describe the state of the NetworkPolicy. Current service state",
-}
-
-func (NetworkPolicyStatus) SwaggerDoc() map[string]string {
-	return map_NetworkPolicyStatus
-}
-
 var map_ReplicaSet = map[string]string{
 	"":         "DEPRECATED - This group version of ReplicaSet is deprecated by apps/v1beta2/ReplicaSet. See the release notes for more information. ReplicaSet ensures that a specified number of pod replicas are running at any given time.",
 	"metadata": "If the Labels of a ReplicaSet are empty, they are defaulted to be the same as the Pod(s) that the ReplicaSet manages. Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata",
diff --git a/vendor/k8s.io/api/extensions/v1beta1/zz_generated.deepcopy.go b/vendor/k8s.io/api/extensions/v1beta1/zz_generated.deepcopy.go
index b6e927299..6b474ae48 100644
--- a/vendor/k8s.io/api/extensions/v1beta1/zz_generated.deepcopy.go
+++ b/vendor/k8s.io/api/extensions/v1beta1/zz_generated.deepcopy.go
@@ -725,7 +725,6 @@ func (in *NetworkPolicy) DeepCopyInto(out *NetworkPolicy) {
 	out.TypeMeta = in.TypeMeta
 	in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
 	in.Spec.DeepCopyInto(&out.Spec)
-	in.Status.DeepCopyInto(&out.Status)
 	return
 }
 
@@ -938,29 +937,6 @@ func (in *NetworkPolicySpec) DeepCopy() *NetworkPolicySpec {
 	return out
 }
 
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *NetworkPolicyStatus) DeepCopyInto(out *NetworkPolicyStatus) {
-	*out = *in
-	if in.Conditions != nil {
-		in, out := &in.Conditions, &out.Conditions
-		*out = make([]v1.Condition, len(*in))
-		for i := range *in {
-			(*in)[i].DeepCopyInto(&(*out)[i])
-		}
-	}
-	return
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkPolicyStatus.
-func (in *NetworkPolicyStatus) DeepCopy() *NetworkPolicyStatus {
-	if in == nil {
-		return nil
-	}
-	out := new(NetworkPolicyStatus)
-	in.DeepCopyInto(out)
-	return out
-}
-
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *ReplicaSet) DeepCopyInto(out *ReplicaSet) {
 	*out = *in
diff --git a/vendor/k8s.io/api/flowcontrol/v1alpha1/generated.pb.go b/vendor/k8s.io/api/flowcontrol/v1alpha1/generated.pb.go
index cf5fc5600..b54e1ceef 100644
--- a/vendor/k8s.io/api/flowcontrol/v1alpha1/generated.pb.go
+++ b/vendor/k8s.io/api/flowcontrol/v1alpha1/generated.pb.go
@@ -43,10 +43,38 @@ var _ = math.Inf
 // proto package needs to be updated.
 const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package
 
+func (m *ExemptPriorityLevelConfiguration) Reset()      { *m = ExemptPriorityLevelConfiguration{} }
+func (*ExemptPriorityLevelConfiguration) ProtoMessage() {}
+func (*ExemptPriorityLevelConfiguration) Descriptor() ([]byte, []int) {
+	return fileDescriptor_45ba024d525b289b, []int{0}
+}
+func (m *ExemptPriorityLevelConfiguration) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ExemptPriorityLevelConfiguration) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	b = b[:cap(b)]
+	n, err := m.MarshalToSizedBuffer(b)
+	if err != nil {
+		return nil, err
+	}
+	return b[:n], nil
+}
+func (m *ExemptPriorityLevelConfiguration) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ExemptPriorityLevelConfiguration.Merge(m, src)
+}
+func (m *ExemptPriorityLevelConfiguration) XXX_Size() int {
+	return m.Size()
+}
+func (m *ExemptPriorityLevelConfiguration) XXX_DiscardUnknown() {
+	xxx_messageInfo_ExemptPriorityLevelConfiguration.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_ExemptPriorityLevelConfiguration proto.InternalMessageInfo
+
 func (m *FlowDistinguisherMethod) Reset()      { *m = FlowDistinguisherMethod{} }
 func (*FlowDistinguisherMethod) ProtoMessage() {}
 func (*FlowDistinguisherMethod) Descriptor() ([]byte, []int) {
-	return fileDescriptor_45ba024d525b289b, []int{0}
+	return fileDescriptor_45ba024d525b289b, []int{1}
 }
 func (m *FlowDistinguisherMethod) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -74,7 +102,7 @@ var xxx_messageInfo_FlowDistinguisherMethod proto.InternalMessageInfo
 func (m *FlowSchema) Reset()      { *m = FlowSchema{} }
 func (*FlowSchema) ProtoMessage() {}
 func (*FlowSchema) Descriptor() ([]byte, []int) {
-	return fileDescriptor_45ba024d525b289b, []int{1}
+	return fileDescriptor_45ba024d525b289b, []int{2}
 }
 func (m *FlowSchema) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -102,7 +130,7 @@ var xxx_messageInfo_FlowSchema proto.InternalMessageInfo
 func (m *FlowSchemaCondition) Reset()      { *m = FlowSchemaCondition{} }
 func (*FlowSchemaCondition) ProtoMessage() {}
 func (*FlowSchemaCondition) Descriptor() ([]byte, []int) {
-	return fileDescriptor_45ba024d525b289b, []int{2}
+	return fileDescriptor_45ba024d525b289b, []int{3}
 }
 func (m *FlowSchemaCondition) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -130,7 +158,7 @@ var xxx_messageInfo_FlowSchemaCondition proto.InternalMessageInfo
 func (m *FlowSchemaList) Reset()      { *m = FlowSchemaList{} }
 func (*FlowSchemaList) ProtoMessage() {}
 func (*FlowSchemaList) Descriptor() ([]byte, []int) {
-	return fileDescriptor_45ba024d525b289b, []int{3}
+	return fileDescriptor_45ba024d525b289b, []int{4}
 }
 func (m *FlowSchemaList) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -158,7 +186,7 @@ var xxx_messageInfo_FlowSchemaList proto.InternalMessageInfo
 func (m *FlowSchemaSpec) Reset()      { *m = FlowSchemaSpec{} }
 func (*FlowSchemaSpec) ProtoMessage() {}
 func (*FlowSchemaSpec) Descriptor() ([]byte, []int) {
-	return fileDescriptor_45ba024d525b289b, []int{4}
+	return fileDescriptor_45ba024d525b289b, []int{5}
 }
 func (m *FlowSchemaSpec) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -186,7 +214,7 @@ var xxx_messageInfo_FlowSchemaSpec proto.InternalMessageInfo
 func (m *FlowSchemaStatus) Reset()      { *m = FlowSchemaStatus{} }
 func (*FlowSchemaStatus) ProtoMessage() {}
 func (*FlowSchemaStatus) Descriptor() ([]byte, []int) {
-	return fileDescriptor_45ba024d525b289b, []int{5}
+	return fileDescriptor_45ba024d525b289b, []int{6}
 }
 func (m *FlowSchemaStatus) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -214,7 +242,7 @@ var xxx_messageInfo_FlowSchemaStatus proto.InternalMessageInfo
 func (m *GroupSubject) Reset()      { *m = GroupSubject{} }
 func (*GroupSubject) ProtoMessage() {}
 func (*GroupSubject) Descriptor() ([]byte, []int) {
-	return fileDescriptor_45ba024d525b289b, []int{6}
+	return fileDescriptor_45ba024d525b289b, []int{7}
 }
 func (m *GroupSubject) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -242,7 +270,7 @@ var xxx_messageInfo_GroupSubject proto.InternalMessageInfo
 func (m *LimitResponse) Reset()      { *m = LimitResponse{} }
 func (*LimitResponse) ProtoMessage() {}
 func (*LimitResponse) Descriptor() ([]byte, []int) {
-	return fileDescriptor_45ba024d525b289b, []int{7}
+	return fileDescriptor_45ba024d525b289b, []int{8}
 }
 func (m *LimitResponse) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -270,7 +298,7 @@ var xxx_messageInfo_LimitResponse proto.InternalMessageInfo
 func (m *LimitedPriorityLevelConfiguration) Reset()      { *m = LimitedPriorityLevelConfiguration{} }
 func (*LimitedPriorityLevelConfiguration) ProtoMessage() {}
 func (*LimitedPriorityLevelConfiguration) Descriptor() ([]byte, []int) {
-	return fileDescriptor_45ba024d525b289b, []int{8}
+	return fileDescriptor_45ba024d525b289b, []int{9}
 }
 func (m *LimitedPriorityLevelConfiguration) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -298,7 +326,7 @@ var xxx_messageInfo_LimitedPriorityLevelConfiguration proto.InternalMessageInfo
 func (m *NonResourcePolicyRule) Reset()      { *m = NonResourcePolicyRule{} }
 func (*NonResourcePolicyRule) ProtoMessage() {}
 func (*NonResourcePolicyRule) Descriptor() ([]byte, []int) {
-	return fileDescriptor_45ba024d525b289b, []int{9}
+	return fileDescriptor_45ba024d525b289b, []int{10}
 }
 func (m *NonResourcePolicyRule) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -326,7 +354,7 @@ var xxx_messageInfo_NonResourcePolicyRule proto.InternalMessageInfo
 func (m *PolicyRulesWithSubjects) Reset()      { *m = PolicyRulesWithSubjects{} }
 func (*PolicyRulesWithSubjects) ProtoMessage() {}
 func (*PolicyRulesWithSubjects) Descriptor() ([]byte, []int) {
-	return fileDescriptor_45ba024d525b289b, []int{10}
+	return fileDescriptor_45ba024d525b289b, []int{11}
 }
 func (m *PolicyRulesWithSubjects) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -354,7 +382,7 @@ var xxx_messageInfo_PolicyRulesWithSubjects proto.InternalMessageInfo
 func (m *PriorityLevelConfiguration) Reset()      { *m = PriorityLevelConfiguration{} }
 func (*PriorityLevelConfiguration) ProtoMessage() {}
 func (*PriorityLevelConfiguration) Descriptor() ([]byte, []int) {
-	return fileDescriptor_45ba024d525b289b, []int{11}
+	return fileDescriptor_45ba024d525b289b, []int{12}
 }
 func (m *PriorityLevelConfiguration) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -382,7 +410,7 @@ var xxx_messageInfo_PriorityLevelConfiguration proto.InternalMessageInfo
 func (m *PriorityLevelConfigurationCondition) Reset()      { *m = PriorityLevelConfigurationCondition{} }
 func (*PriorityLevelConfigurationCondition) ProtoMessage() {}
 func (*PriorityLevelConfigurationCondition) Descriptor() ([]byte, []int) {
-	return fileDescriptor_45ba024d525b289b, []int{12}
+	return fileDescriptor_45ba024d525b289b, []int{13}
 }
 func (m *PriorityLevelConfigurationCondition) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -410,7 +438,7 @@ var xxx_messageInfo_PriorityLevelConfigurationCondition proto.InternalMessageInf
 func (m *PriorityLevelConfigurationList) Reset()      { *m = PriorityLevelConfigurationList{} }
 func (*PriorityLevelConfigurationList) ProtoMessage() {}
 func (*PriorityLevelConfigurationList) Descriptor() ([]byte, []int) {
-	return fileDescriptor_45ba024d525b289b, []int{13}
+	return fileDescriptor_45ba024d525b289b, []int{14}
 }
 func (m *PriorityLevelConfigurationList) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -438,7 +466,7 @@ var xxx_messageInfo_PriorityLevelConfigurationList proto.InternalMessageInfo
 func (m *PriorityLevelConfigurationReference) Reset()      { *m = PriorityLevelConfigurationReference{} }
 func (*PriorityLevelConfigurationReference) ProtoMessage() {}
 func (*PriorityLevelConfigurationReference) Descriptor() ([]byte, []int) {
-	return fileDescriptor_45ba024d525b289b, []int{14}
+	return fileDescriptor_45ba024d525b289b, []int{15}
 }
 func (m *PriorityLevelConfigurationReference) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -466,7 +494,7 @@ var xxx_messageInfo_PriorityLevelConfigurationReference proto.InternalMessageInf
 func (m *PriorityLevelConfigurationSpec) Reset()      { *m = PriorityLevelConfigurationSpec{} }
 func (*PriorityLevelConfigurationSpec) ProtoMessage() {}
 func (*PriorityLevelConfigurationSpec) Descriptor() ([]byte, []int) {
-	return fileDescriptor_45ba024d525b289b, []int{15}
+	return fileDescriptor_45ba024d525b289b, []int{16}
 }
 func (m *PriorityLevelConfigurationSpec) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -494,7 +522,7 @@ var xxx_messageInfo_PriorityLevelConfigurationSpec proto.InternalMessageInfo
 func (m *PriorityLevelConfigurationStatus) Reset()      { *m = PriorityLevelConfigurationStatus{} }
 func (*PriorityLevelConfigurationStatus) ProtoMessage() {}
 func (*PriorityLevelConfigurationStatus) Descriptor() ([]byte, []int) {
-	return fileDescriptor_45ba024d525b289b, []int{16}
+	return fileDescriptor_45ba024d525b289b, []int{17}
 }
 func (m *PriorityLevelConfigurationStatus) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -522,7 +550,7 @@ var xxx_messageInfo_PriorityLevelConfigurationStatus proto.InternalMessageInfo
 func (m *QueuingConfiguration) Reset()      { *m = QueuingConfiguration{} }
 func (*QueuingConfiguration) ProtoMessage() {}
 func (*QueuingConfiguration) Descriptor() ([]byte, []int) {
-	return fileDescriptor_45ba024d525b289b, []int{17}
+	return fileDescriptor_45ba024d525b289b, []int{18}
 }
 func (m *QueuingConfiguration) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -550,7 +578,7 @@ var xxx_messageInfo_QueuingConfiguration proto.InternalMessageInfo
 func (m *ResourcePolicyRule) Reset()      { *m = ResourcePolicyRule{} }
 func (*ResourcePolicyRule) ProtoMessage() {}
 func (*ResourcePolicyRule) Descriptor() ([]byte, []int) {
-	return fileDescriptor_45ba024d525b289b, []int{18}
+	return fileDescriptor_45ba024d525b289b, []int{19}
 }
 func (m *ResourcePolicyRule) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -578,7 +606,7 @@ var xxx_messageInfo_ResourcePolicyRule proto.InternalMessageInfo
 func (m *ServiceAccountSubject) Reset()      { *m = ServiceAccountSubject{} }
 func (*ServiceAccountSubject) ProtoMessage() {}
 func (*ServiceAccountSubject) Descriptor() ([]byte, []int) {
-	return fileDescriptor_45ba024d525b289b, []int{19}
+	return fileDescriptor_45ba024d525b289b, []int{20}
 }
 func (m *ServiceAccountSubject) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -606,7 +634,7 @@ var xxx_messageInfo_ServiceAccountSubject proto.InternalMessageInfo
 func (m *Subject) Reset()      { *m = Subject{} }
 func (*Subject) ProtoMessage() {}
 func (*Subject) Descriptor() ([]byte, []int) {
-	return fileDescriptor_45ba024d525b289b, []int{20}
+	return fileDescriptor_45ba024d525b289b, []int{21}
 }
 func (m *Subject) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -634,7 +662,7 @@ var xxx_messageInfo_Subject proto.InternalMessageInfo
 func (m *UserSubject) Reset()      { *m = UserSubject{} }
 func (*UserSubject) ProtoMessage() {}
 func (*UserSubject) Descriptor() ([]byte, []int) {
-	return fileDescriptor_45ba024d525b289b, []int{21}
+	return fileDescriptor_45ba024d525b289b, []int{22}
 }
 func (m *UserSubject) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -660,6 +688,7 @@ func (m *UserSubject) XXX_DiscardUnknown() {
 var xxx_messageInfo_UserSubject proto.InternalMessageInfo
 
 func init() {
+	proto.RegisterType((*ExemptPriorityLevelConfiguration)(nil), "k8s.io.api.flowcontrol.v1alpha1.ExemptPriorityLevelConfiguration")
 	proto.RegisterType((*FlowDistinguisherMethod)(nil), "k8s.io.api.flowcontrol.v1alpha1.FlowDistinguisherMethod")
 	proto.RegisterType((*FlowSchema)(nil), "k8s.io.api.flowcontrol.v1alpha1.FlowSchema")
 	proto.RegisterType((*FlowSchemaCondition)(nil), "k8s.io.api.flowcontrol.v1alpha1.FlowSchemaCondition")
@@ -689,105 +718,142 @@ func init() {
 }
 
 var fileDescriptor_45ba024d525b289b = []byte{
-	// 1554 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xec, 0x58, 0x4d, 0x6f, 0x13, 0xc7,
-	0x1b, 0xcf, 0x3a, 0x76, 0x12, 0x4f, 0x5e, 0x99, 0x10, 0xc5, 0xff, 0x20, 0xd9, 0x61, 0xff, 0x52,
-	0xa1, 0x05, 0x76, 0x09, 0x05, 0x4a, 0x85, 0x2a, 0x94, 0x0d, 0x94, 0xb7, 0x24, 0x24, 0x13, 0xa0,
-	0x2a, 0xa2, 0x12, 0x9b, 0xf5, 0xc4, 0x1e, 0x62, 0xef, 0x6e, 0x67, 0x76, 0x9d, 0xa6, 0xe2, 0x50,
-	0xa9, 0x5f, 0xa0, 0x1f, 0x80, 0x63, 0x0f, 0x3d, 0xf7, 0x13, 0xf4, 0x18, 0x55, 0x3d, 0x70, 0xe4,
-	0x64, 0x11, 0xf7, 0xda, 0x0f, 0xd0, 0x72, 0xa8, 0xaa, 0x99, 0x9d, 0xdd, 0xf5, 0xfa, 0x25, 0x6b,
-	0x1a, 0x89, 0x53, 0x6f, 0xd9, 0xe7, 0xe5, 0xf7, 0xbc, 0xcc, 0xf3, 0xe6, 0x80, 0x3b, 0xbb, 0xd7,
-	0x98, 0x46, 0x1c, 0x7d, 0xd7, 0xdf, 0xc6, 0xd4, 0xc6, 0x1e, 0x66, 0x7a, 0x03, 0xdb, 0x65, 0x87,
-	0xea, 0x92, 0x61, 0xba, 0x44, 0xdf, 0xa9, 0x39, 0x7b, 0x96, 0x63, 0x7b, 0xd4, 0xa9, 0xe9, 0x8d,
-	0x25, 0xb3, 0xe6, 0x56, 0xcd, 0x25, 0xbd, 0x82, 0x6d, 0x4c, 0x4d, 0x0f, 0x97, 0x35, 0x97, 0x3a,
-	0x9e, 0x03, 0x4b, 0x81, 0x82, 0x66, 0xba, 0x44, 0x6b, 0x53, 0xd0, 0x42, 0x85, 0x85, 0x0b, 0x15,
-	0xe2, 0x55, 0xfd, 0x6d, 0xcd, 0x72, 0xea, 0x7a, 0xc5, 0xa9, 0x38, 0xba, 0xd0, 0xdb, 0xf6, 0x77,
-	0xc4, 0x97, 0xf8, 0x10, 0x7f, 0x05, 0x78, 0x0b, 0x97, 0x63, 0x07, 0xea, 0xa6, 0x55, 0x25, 0x36,
-	0xa6, 0xfb, 0xba, 0xbb, 0x5b, 0xe1, 0x04, 0xa6, 0xd7, 0xb1, 0x67, 0xea, 0x8d, 0x2e, 0x2f, 0x16,
-	0xf4, 0x7e, 0x5a, 0xd4, 0xb7, 0x3d, 0x52, 0xc7, 0x5d, 0x0a, 0x57, 0xd3, 0x14, 0x98, 0x55, 0xc5,
-	0x75, 0xb3, 0x53, 0x4f, 0x7d, 0x02, 0xe6, 0x3f, 0xaf, 0x39, 0x7b, 0x37, 0x09, 0xf3, 0x88, 0x5d,
-	0xf1, 0x09, 0xab, 0x62, 0xba, 0x86, 0xbd, 0xaa, 0x53, 0x86, 0x37, 0x40, 0xd6, 0xdb, 0x77, 0x71,
-	0x41, 0x59, 0x54, 0xce, 0xe6, 0x8d, 0x73, 0x07, 0xcd, 0xd2, 0x50, 0xab, 0x59, 0xca, 0x3e, 0xdc,
-	0x77, 0xf1, 0xdb, 0x66, 0xe9, 0x54, 0x1f, 0x35, 0xce, 0x46, 0x42, 0x51, 0x7d, 0x99, 0x01, 0x80,
-	0x4b, 0x6d, 0x09, 0xd3, 0xf0, 0x19, 0x18, 0xe3, 0xe1, 0x96, 0x4d, 0xcf, 0x14, 0x98, 0xe3, 0x97,
-	0x2e, 0x6a, 0x71, 0xb2, 0x23, 0xaf, 0x35, 0x77, 0xb7, 0xc2, 0x09, 0x4c, 0xe3, 0xd2, 0x5a, 0x63,
-	0x49, 0x7b, 0xb0, 0xfd, 0x1c, 0x5b, 0xde, 0x1a, 0xf6, 0x4c, 0x03, 0x4a, 0x2f, 0x40, 0x4c, 0x43,
-	0x11, 0x2a, 0xdc, 0x04, 0x59, 0xe6, 0x62, 0xab, 0x90, 0x11, 0xe8, 0xba, 0x96, 0xf2, 0x94, 0x5a,
-	0xec, 0xdc, 0x96, 0x8b, 0x2d, 0x63, 0x22, 0x0c, 0x91, 0x7f, 0x21, 0x01, 0x05, 0xbf, 0x04, 0x23,
-	0xcc, 0x33, 0x3d, 0x9f, 0x15, 0x86, 0x05, 0xe8, 0xd2, 0xbb, 0x80, 0x0a, 0x45, 0x63, 0x4a, 0xc2,
-	0x8e, 0x04, 0xdf, 0x48, 0x02, 0xaa, 0xaf, 0x33, 0x60, 0x36, 0x16, 0x5e, 0x71, 0xec, 0x32, 0xf1,
-	0x88, 0x63, 0xc3, 0xeb, 0x89, 0xbc, 0x9f, 0xe9, 0xc8, 0xfb, 0x7c, 0x0f, 0x95, 0x38, 0xe7, 0xf0,
-	0xd3, 0xc8, 0xdf, 0x8c, 0x50, 0x3f, 0x9d, 0x34, 0xfe, 0xb6, 0x59, 0x9a, 0x8e, 0xd4, 0x92, 0xfe,
-	0xc0, 0x06, 0x80, 0x35, 0x93, 0x79, 0x0f, 0xa9, 0x69, 0xb3, 0x00, 0x96, 0xd4, 0xb1, 0x0c, 0xfb,
-	0xa3, 0xc1, 0x5e, 0x8a, 0x6b, 0x18, 0x0b, 0xd2, 0x24, 0x5c, 0xed, 0x42, 0x43, 0x3d, 0x2c, 0xc0,
-	0x0f, 0xc0, 0x08, 0xc5, 0x26, 0x73, 0xec, 0x42, 0x56, 0xb8, 0x1c, 0xe5, 0x0b, 0x09, 0x2a, 0x92,
-	0x5c, 0xf8, 0x21, 0x18, 0xad, 0x63, 0xc6, 0xcc, 0x0a, 0x2e, 0xe4, 0x84, 0xe0, 0xb4, 0x14, 0x1c,
-	0x5d, 0x0b, 0xc8, 0x28, 0xe4, 0xab, 0xbf, 0x28, 0x60, 0x2a, 0xce, 0xd3, 0x2a, 0x61, 0x1e, 0x7c,
-	0xda, 0x55, 0x7d, 0xda, 0x60, 0x31, 0x71, 0x6d, 0x51, 0x7b, 0x33, 0xd2, 0xdc, 0x58, 0x48, 0x69,
-	0xab, 0xbc, 0x0d, 0x90, 0x23, 0x1e, 0xae, 0xf3, 0xac, 0x0f, 0x9f, 0x1d, 0xbf, 0x74, 0xee, 0x1d,
-	0xaa, 0xc4, 0x98, 0x94, 0xb8, 0xb9, 0xbb, 0x1c, 0x01, 0x05, 0x40, 0xea, 0x1f, 0xc3, 0xed, 0x21,
-	0xf0, 0x8a, 0x84, 0x3f, 0x29, 0x60, 0xc1, 0xa5, 0xc4, 0xa1, 0xc4, 0xdb, 0x5f, 0xc5, 0x0d, 0x5c,
-	0x5b, 0x71, 0xec, 0x1d, 0x52, 0xf1, 0xa9, 0xc9, 0x73, 0x29, 0xa3, 0xba, 0x99, 0x6a, 0x7a, 0xa3,
-	0x2f, 0x04, 0xc2, 0x3b, 0x98, 0x62, 0xdb, 0xc2, 0x86, 0x2a, 0x7d, 0x5a, 0x38, 0x42, 0xf8, 0x08,
-	0x5f, 0xe0, 0x3d, 0x00, 0xeb, 0xa6, 0xc7, 0x73, 0x5a, 0xd9, 0xa0, 0xd8, 0xc2, 0x65, 0x8e, 0x2a,
-	0x4a, 0x32, 0x17, 0xd7, 0xc7, 0x5a, 0x97, 0x04, 0xea, 0xa1, 0x05, 0xbf, 0x57, 0xc0, 0x6c, 0xb9,
-	0x7b, 0xd0, 0xc8, 0xca, 0xbc, 0x36, 0x50, 0xaa, 0x7b, 0x0c, 0x2a, 0x63, 0xbe, 0xd5, 0x2c, 0xcd,
-	0xf6, 0x60, 0xa0, 0x5e, 0xd6, 0xe0, 0x57, 0x20, 0x47, 0xfd, 0x1a, 0x66, 0x85, 0xac, 0x78, 0xe1,
-	0x74, 0xb3, 0x1b, 0x4e, 0x8d, 0x58, 0xfb, 0x88, 0xeb, 0x7c, 0x41, 0xbc, 0xea, 0x96, 0x2f, 0x26,
-	0x16, 0x8b, 0x9f, 0x5b, 0xb0, 0x50, 0x80, 0xaa, 0xbe, 0x00, 0x33, 0x9d, 0x83, 0x03, 0x56, 0x01,
-	0xb0, 0xc2, 0x5e, 0x65, 0x05, 0x45, 0xd8, 0xbd, 0xfc, 0x0e, 0x95, 0x15, 0x35, 0x7a, 0x3c, 0x36,
-	0x23, 0x12, 0x43, 0x6d, 0xd8, 0xea, 0x45, 0x30, 0x71, 0x9b, 0x3a, 0xbe, 0x2b, 0x9d, 0x84, 0x8b,
-	0x20, 0x6b, 0x9b, 0xf5, 0x70, 0x04, 0x45, 0x73, 0x71, 0xdd, 0xac, 0x63, 0x24, 0x38, 0xea, 0x8f,
-	0x0a, 0x98, 0x5c, 0x25, 0x75, 0xe2, 0x21, 0xcc, 0x5c, 0xc7, 0x66, 0x18, 0x5e, 0x49, 0x8c, 0xad,
-	0xd3, 0x1d, 0x63, 0xeb, 0x44, 0x42, 0xb8, 0x6d, 0x60, 0x3d, 0x05, 0xa3, 0x5f, 0xfb, 0xd8, 0x27,
-	0x76, 0x45, 0x8e, 0xed, 0x2b, 0xa9, 0x11, 0x6e, 0x06, 0xf2, 0x89, 0x8a, 0x33, 0xc6, 0xf9, 0x20,
-	0x90, 0x1c, 0x14, 0x42, 0xaa, 0x7f, 0x67, 0xc0, 0x69, 0x61, 0x19, 0x97, 0xfb, 0x57, 0x32, 0x7c,
-	0x0a, 0x0a, 0x26, 0x63, 0x3e, 0xc5, 0xe5, 0x15, 0xc7, 0xb6, 0x7c, 0xca, 0x7b, 0x60, 0x7f, 0xab,
-	0x6a, 0x52, 0xcc, 0x44, 0x38, 0x39, 0x63, 0x51, 0x86, 0x53, 0x58, 0xee, 0x23, 0x87, 0xfa, 0x22,
-	0xc0, 0x5d, 0x30, 0x59, 0x6b, 0x0f, 0x5e, 0xc6, 0xa9, 0xa5, 0xc6, 0x99, 0x48, 0x99, 0x31, 0x27,
-	0x5d, 0x48, 0xa6, 0x1d, 0x25, 0xb1, 0xe1, 0x67, 0x60, 0xba, 0x86, 0xed, 0xb2, 0xb9, 0x5d, 0xc3,
-	0x1b, 0x98, 0x5a, 0xd8, 0xf6, 0x44, 0x9f, 0xe4, 0x8c, 0xd9, 0x56, 0xb3, 0x34, 0xbd, 0x9a, 0x64,
-	0xa1, 0x4e, 0x59, 0xf8, 0x00, 0xcc, 0x6d, 0x3b, 0x94, 0x3a, 0x7b, 0xc4, 0xae, 0x08, 0x3b, 0x21,
-	0x48, 0x56, 0x80, 0xfc, 0xaf, 0xd5, 0x2c, 0xcd, 0x19, 0xbd, 0x04, 0x50, 0x6f, 0x3d, 0x75, 0x0f,
-	0xcc, 0xad, 0xf3, 0xc1, 0xc2, 0x1c, 0x9f, 0x5a, 0x38, 0xee, 0x09, 0x58, 0x02, 0xb9, 0x06, 0xa6,
-	0xdb, 0x41, 0x5d, 0xe7, 0x8d, 0x3c, 0xef, 0x88, 0xc7, 0x9c, 0x80, 0x02, 0x3a, 0x8f, 0xc4, 0x8e,
-	0x35, 0x1f, 0xa1, 0x55, 0x56, 0x18, 0x11, 0xa2, 0x22, 0x92, 0xf5, 0x24, 0x0b, 0x75, 0xca, 0xaa,
-	0x87, 0x19, 0x30, 0xdf, 0xa7, 0x05, 0xe1, 0x63, 0x30, 0xc6, 0xe4, 0xdf, 0xb2, 0xad, 0xce, 0xa6,
-	0x3e, 0x86, 0x54, 0x8e, 0xb7, 0x40, 0x88, 0x86, 0x22, 0x2c, 0xe8, 0x82, 0x49, 0x2a, 0x7d, 0x10,
-	0x46, 0xe5, 0x36, 0xf8, 0x38, 0x15, 0xbc, 0x3b, 0x3f, 0xf1, 0x73, 0xa3, 0x76, 0x44, 0x94, 0x34,
-	0x00, 0x5f, 0x80, 0x99, 0xb6, 0xc0, 0x03, 0xa3, 0xc3, 0xc2, 0xe8, 0xd5, 0x54, 0xa3, 0x3d, 0xdf,
-	0xc5, 0x28, 0x48, 0xbb, 0x33, 0xeb, 0x1d, 0xb8, 0xa8, 0xcb, 0x92, 0xfa, 0x5b, 0x06, 0x1c, 0xb1,
-	0x20, 0xde, 0xc3, 0xc1, 0x67, 0x26, 0x0e, 0xbe, 0x1b, 0xc7, 0x58, 0x7d, 0x7d, 0x0f, 0x40, 0xd2,
-	0x71, 0x00, 0x2e, 0x1f, 0xc7, 0xc8, 0xd1, 0x07, 0xe1, 0x9f, 0x19, 0xf0, 0xff, 0xfe, 0xca, 0xf1,
-	0x81, 0x78, 0x3f, 0x31, 0x69, 0x3f, 0xe9, 0x98, 0xb4, 0x67, 0x06, 0x80, 0xf8, 0xef, 0x60, 0xec,
-	0x38, 0x18, 0xdf, 0x28, 0xa0, 0xd8, 0x3f, 0x6f, 0xef, 0xe1, 0x80, 0x7c, 0x96, 0x3c, 0x20, 0xaf,
-	0x1f, 0xa3, 0xca, 0xfa, 0x1c, 0x94, 0xb7, 0x8f, 0x2a, 0xae, 0xe8, 0xf2, 0x1b, 0x60, 0xf5, 0x1f,
-	0x1c, 0x99, 0x2b, 0x71, 0xa9, 0xa6, 0xfc, 0x84, 0x49, 0x68, 0xdf, 0xb2, 0xf9, 0x02, 0xaa, 0xf3,
-	0x1d, 0x12, 0x54, 0x24, 0x01, 0xa3, 0xb5, 0x60, 0x65, 0xcb, 0xbe, 0x36, 0x06, 0xdb, 0x94, 0x47,
-	0xad, 0xf8, 0xe0, 0x3c, 0x90, 0x62, 0x28, 0xc4, 0x57, 0x5f, 0x2a, 0x60, 0x31, 0xad, 0x5d, 0xe1,
-	0x37, 0x3d, 0xce, 0xb0, 0xe3, 0x5c, 0xd9, 0x83, 0x9f, 0x65, 0x3f, 0x2b, 0xe0, 0x64, 0xaf, 0x63,
-	0x87, 0x77, 0x00, 0xbf, 0x70, 0xa2, 0xf3, 0x24, 0xea, 0x80, 0x4d, 0x41, 0x45, 0x92, 0x0b, 0xcf,
-	0x83, 0xb1, 0xaa, 0x69, 0x97, 0xb7, 0xc8, 0xb7, 0xe1, 0xf1, 0x1d, 0xd5, 0xe0, 0x1d, 0x49, 0x47,
-	0x91, 0x04, 0xbc, 0x09, 0x66, 0x84, 0xde, 0x2a, 0xb6, 0x2b, 0x5e, 0x55, 0x24, 0x4b, 0x1e, 0x0f,
-	0xd1, 0x52, 0xd8, 0xec, 0xe0, 0xa3, 0x2e, 0x0d, 0xf5, 0x2f, 0x05, 0xc0, 0x7f, 0xb3, 0xef, 0xcf,
-	0x81, 0xbc, 0xe9, 0x12, 0x71, 0x86, 0x06, 0x5d, 0x90, 0x37, 0x26, 0x5b, 0xcd, 0x52, 0x7e, 0x79,
-	0xe3, 0x6e, 0x40, 0x44, 0x31, 0x9f, 0x0b, 0x87, 0x8b, 0x30, 0x58, 0x78, 0x52, 0x38, 0x34, 0xcc,
-	0x50, 0xcc, 0x87, 0xd7, 0xc0, 0x84, 0x55, 0xf3, 0x99, 0x87, 0xe9, 0x96, 0xe5, 0xb8, 0x58, 0x4c,
-	0x8d, 0x31, 0xe3, 0xa4, 0x8c, 0x69, 0x62, 0xa5, 0x8d, 0x87, 0x12, 0x92, 0x50, 0x03, 0x80, 0x97,
-	0x3c, 0x73, 0x4d, 0x6e, 0x27, 0x27, 0xec, 0x4c, 0xf1, 0x07, 0x5b, 0x8f, 0xa8, 0xa8, 0x4d, 0x42,
-	0x7d, 0x0e, 0xe6, 0xb6, 0x30, 0x6d, 0x10, 0x0b, 0x2f, 0x5b, 0x96, 0xe3, 0xdb, 0x5e, 0x78, 0x50,
-	0xeb, 0x20, 0x1f, 0x89, 0xc9, 0xae, 0x38, 0x21, 0xed, 0xe7, 0x23, 0x2c, 0x14, 0xcb, 0x44, 0x6d,
-	0x98, 0xe9, 0xdb, 0x86, 0xbf, 0x66, 0xc0, 0x68, 0x0c, 0x9f, 0xdd, 0x25, 0x76, 0x59, 0x22, 0x9f,
-	0x0a, 0xa5, 0xef, 0x13, 0xbb, 0xfc, 0xb6, 0x59, 0x1a, 0x97, 0x62, 0xfc, 0x13, 0x09, 0x41, 0x78,
-	0x0f, 0x64, 0x7d, 0x86, 0xa9, 0x6c, 0xb0, 0xf3, 0xa9, 0xd5, 0xfc, 0x88, 0x61, 0x1a, 0x5e, 0x40,
-	0x63, 0x1c, 0x9a, 0x13, 0x90, 0xc0, 0x80, 0xeb, 0x20, 0x57, 0xe1, 0xaf, 0x22, 0x27, 0xff, 0x85,
-	0x54, 0xb0, 0xf6, 0x9f, 0x1a, 0x41, 0x21, 0x08, 0x0a, 0x0a, 0x60, 0x20, 0x05, 0x53, 0x2c, 0x91,
-	0x44, 0xf1, 0x60, 0x83, 0x5c, 0x34, 0x3d, 0x73, 0x6f, 0xc0, 0x56, 0xb3, 0x34, 0x95, 0x64, 0xa1,
-	0x0e, 0x0b, 0xaa, 0x0e, 0xc6, 0xdb, 0x42, 0x4c, 0x1f, 0x82, 0xc6, 0xad, 0x83, 0xc3, 0xe2, 0xd0,
-	0xab, 0xc3, 0xe2, 0xd0, 0xeb, 0xc3, 0xe2, 0xd0, 0x77, 0xad, 0xa2, 0x72, 0xd0, 0x2a, 0x2a, 0xaf,
-	0x5a, 0x45, 0xe5, 0x75, 0xab, 0xa8, 0xbc, 0x69, 0x15, 0x95, 0x1f, 0x7e, 0x2f, 0x0e, 0x3d, 0x29,
-	0xa5, 0xfc, 0xf7, 0xf1, 0x9f, 0x00, 0x00, 0x00, 0xff, 0xff, 0x48, 0x2e, 0x29, 0x16, 0xb8, 0x14,
-	0x00, 0x00,
+	// 1621 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xec, 0x58, 0x4d, 0x6f, 0xdb, 0x46,
+	0x1a, 0x36, 0x65, 0xc9, 0xb6, 0xc6, 0x9f, 0x19, 0xc7, 0xb0, 0xd6, 0x59, 0x48, 0x0e, 0x17, 0xd8,
+	0x64, 0x37, 0x09, 0x15, 0x67, 0x93, 0x6c, 0x16, 0xc1, 0x22, 0x30, 0x93, 0x6c, 0xbe, 0x6c, 0xc7,
+	0x1e, 0x27, 0xd9, 0x36, 0x48, 0x81, 0xd0, 0xd4, 0x58, 0x9a, 0x58, 0x22, 0xd9, 0x19, 0x52, 0x8e,
+	0x8b, 0x1c, 0x0a, 0xf4, 0x0f, 0xf4, 0x07, 0xe4, 0xd8, 0x43, 0x6f, 0x05, 0x7a, 0xed, 0xa5, 0xc7,
+	0xa0, 0xe8, 0x21, 0xc7, 0x9c, 0x84, 0x58, 0xbd, 0xf6, 0x07, 0xb4, 0x39, 0x14, 0xc5, 0x0c, 0x87,
+	0xa4, 0x28, 0x89, 0xa2, 0x52, 0x03, 0x39, 0xf5, 0x66, 0xbe, 0x1f, 0xcf, 0x3b, 0xf3, 0xce, 0xfb,
+	0xf1, 0xc8, 0xe0, 0xf6, 0xde, 0x15, 0xa6, 0x11, 0xbb, 0xbc, 0xe7, 0xed, 0x60, 0x6a, 0x61, 0x17,
+	0xb3, 0x72, 0x13, 0x5b, 0x15, 0x9b, 0x96, 0xa5, 0xc2, 0x70, 0x48, 0x79, 0xb7, 0x6e, 0xef, 0x9b,
+	0xb6, 0xe5, 0x52, 0xbb, 0x5e, 0x6e, 0xae, 0x18, 0x75, 0xa7, 0x66, 0xac, 0x94, 0xab, 0xd8, 0xc2,
+	0xd4, 0x70, 0x71, 0x45, 0x73, 0xa8, 0xed, 0xda, 0xb0, 0xe4, 0x3b, 0x68, 0x86, 0x43, 0xb4, 0x0e,
+	0x07, 0x2d, 0x70, 0x58, 0x3a, 0x57, 0x25, 0x6e, 0xcd, 0xdb, 0xd1, 0x4c, 0xbb, 0x51, 0xae, 0xda,
+	0x55, 0xbb, 0x2c, 0xfc, 0x76, 0xbc, 0x5d, 0xf1, 0x25, 0x3e, 0xc4, 0x5f, 0x3e, 0xde, 0xd2, 0xc5,
+	0xe8, 0x00, 0x0d, 0xc3, 0xac, 0x11, 0x0b, 0xd3, 0x83, 0xb2, 0xb3, 0x57, 0xe5, 0x02, 0x56, 0x6e,
+	0x60, 0xd7, 0x28, 0x37, 0x7b, 0x4e, 0xb1, 0x54, 0x4e, 0xf2, 0xa2, 0x9e, 0xe5, 0x92, 0x06, 0xee,
+	0x71, 0xb8, 0x9c, 0xe6, 0xc0, 0xcc, 0x1a, 0x6e, 0x18, 0xdd, 0x7e, 0xea, 0x77, 0x0a, 0x58, 0xbe,
+	0xf9, 0x1c, 0x37, 0x1c, 0x77, 0x93, 0x12, 0x9b, 0x12, 0xf7, 0x60, 0x0d, 0x37, 0x71, 0xfd, 0xba,
+	0x6d, 0xed, 0x92, 0xaa, 0x47, 0x0d, 0x97, 0xd8, 0x16, 0xfc, 0x08, 0x14, 0x2c, 0xbb, 0x41, 0x2c,
+	0x83, 0xcb, 0x4d, 0x8f, 0x52, 0x6c, 0x99, 0x07, 0xdb, 0x35, 0x83, 0x62, 0x56, 0x50, 0x96, 0x95,
+	0xd3, 0x39, 0xfd, 0xaf, 0xed, 0x56, 0xa9, 0xb0, 0x91, 0x60, 0x83, 0x12, 0xbd, 0xe1, 0x7f, 0xc1,
+	0x6c, 0x1d, 0x5b, 0x15, 0x63, 0xa7, 0x8e, 0x37, 0x31, 0x35, 0xb1, 0xe5, 0x16, 0x32, 0x02, 0x70,
+	0xbe, 0xdd, 0x2a, 0xcd, 0xae, 0xc5, 0x55, 0xa8, 0xdb, 0x56, 0x7d, 0x0c, 0x16, 0xff, 0x57, 0xb7,
+	0xf7, 0x6f, 0x10, 0xe6, 0x12, 0xab, 0xea, 0x11, 0x56, 0xc3, 0x74, 0x1d, 0xbb, 0x35, 0xbb, 0x02,
+	0xaf, 0x81, 0xac, 0x7b, 0xe0, 0x60, 0x71, 0xbe, 0xbc, 0x7e, 0xe6, 0x55, 0xab, 0x34, 0xd2, 0x6e,
+	0x95, 0xb2, 0x0f, 0x0e, 0x1c, 0xfc, 0xae, 0x55, 0x3a, 0x91, 0xe0, 0xc6, 0xd5, 0x48, 0x38, 0xaa,
+	0x2f, 0x33, 0x00, 0x70, 0xab, 0x6d, 0x91, 0x38, 0xf8, 0x14, 0x4c, 0xf0, 0xc7, 0xaa, 0x18, 0xae,
+	0x21, 0x30, 0x27, 0x2f, 0x9c, 0xd7, 0xa2, 0x52, 0x09, 0x73, 0xae, 0x39, 0x7b, 0x55, 0x2e, 0x60,
+	0x1a, 0xb7, 0xd6, 0x9a, 0x2b, 0xda, 0xfd, 0x9d, 0x67, 0xd8, 0x74, 0xd7, 0xb1, 0x6b, 0xe8, 0x50,
+	0x9e, 0x02, 0x44, 0x32, 0x14, 0xa2, 0xc2, 0x2d, 0x90, 0x65, 0x0e, 0x36, 0x45, 0x02, 0x26, 0x2f,
+	0x94, 0xb5, 0x94, 0x42, 0xd4, 0xa2, 0xc3, 0x6d, 0x3b, 0xd8, 0xd4, 0xa7, 0x82, 0x2b, 0xf2, 0x2f,
+	0x24, 0xa0, 0xe0, 0xc7, 0x60, 0x8c, 0xb9, 0x86, 0xeb, 0xb1, 0xc2, 0xa8, 0x00, 0x5d, 0x79, 0x1f,
+	0x50, 0xe1, 0xa8, 0xcf, 0x48, 0xd8, 0x31, 0xff, 0x1b, 0x49, 0x40, 0xf5, 0x4d, 0x06, 0xcc, 0x47,
+	0xc6, 0xd7, 0x6d, 0xab, 0x42, 0x44, 0xad, 0x5c, 0x8d, 0xe5, 0xfd, 0x54, 0x57, 0xde, 0x17, 0xfb,
+	0xb8, 0x44, 0x39, 0x87, 0xff, 0x09, 0xcf, 0x9b, 0x11, 0xee, 0x27, 0xe3, 0xc1, 0xdf, 0xb5, 0x4a,
+	0xb3, 0xa1, 0x5b, 0xfc, 0x3c, 0xb0, 0x09, 0x60, 0xdd, 0x60, 0xee, 0x03, 0x6a, 0x58, 0xcc, 0x87,
+	0x25, 0x0d, 0x2c, 0xaf, 0xfd, 0xcf, 0xe1, 0x5e, 0x8a, 0x7b, 0xe8, 0x4b, 0x32, 0x24, 0x5c, 0xeb,
+	0x41, 0x43, 0x7d, 0x22, 0xc0, 0xbf, 0x83, 0x31, 0x8a, 0x0d, 0x66, 0x5b, 0x85, 0xac, 0x38, 0x72,
+	0x98, 0x2f, 0x24, 0xa4, 0x48, 0x6a, 0xe1, 0x3f, 0xc0, 0x78, 0x03, 0x33, 0x66, 0x54, 0x71, 0x21,
+	0x27, 0x0c, 0x67, 0xa5, 0xe1, 0xf8, 0xba, 0x2f, 0x46, 0x81, 0x5e, 0xfd, 0x5e, 0x01, 0x33, 0x51,
+	0x9e, 0xd6, 0x08, 0x73, 0xe1, 0x93, 0x9e, 0xea, 0xd3, 0x86, 0xbb, 0x13, 0xf7, 0x16, 0xb5, 0x37,
+	0x27, 0xc3, 0x4d, 0x04, 0x92, 0x8e, 0xca, 0xdb, 0x04, 0x39, 0xe2, 0xe2, 0x06, 0xcf, 0xfa, 0xe8,
+	0xe9, 0xc9, 0x0b, 0x67, 0xde, 0xa3, 0x4a, 0xf4, 0x69, 0x89, 0x9b, 0xbb, 0xc3, 0x11, 0x90, 0x0f,
+	0xa4, 0xfe, 0x3c, 0xda, 0x79, 0x05, 0x5e, 0x91, 0xf0, 0x6b, 0x05, 0x2c, 0x39, 0x89, 0x33, 0x46,
+	0xde, 0xea, 0x46, 0x6a, 0xe8, 0xe4, 0x31, 0x85, 0xf0, 0x2e, 0xe6, 0xb3, 0x05, 0xeb, 0xaa, 0x3c,
+	0xd3, 0xd2, 0x00, 0xe3, 0x01, 0x67, 0x81, 0x77, 0x01, 0x6c, 0x18, 0x2e, 0xcf, 0x69, 0x75, 0x93,
+	0x62, 0x13, 0x57, 0x38, 0xaa, 0x1c, 0x4c, 0x61, 0x7d, 0xac, 0xf7, 0x58, 0xa0, 0x3e, 0x5e, 0xf0,
+	0x0b, 0x05, 0xcc, 0x57, 0x7a, 0x07, 0x8d, 0xac, 0xcc, 0x2b, 0x43, 0xa5, 0xba, 0xcf, 0xa0, 0xd2,
+	0x17, 0xdb, 0xad, 0xd2, 0x7c, 0x1f, 0x05, 0xea, 0x17, 0x0d, 0x7e, 0x02, 0x72, 0xd4, 0xab, 0x63,
+	0x56, 0xc8, 0x8a, 0x17, 0x4e, 0x0f, 0xbb, 0x69, 0xd7, 0x89, 0x79, 0x80, 0xb8, 0xcf, 0xff, 0x89,
+	0x5b, 0xdb, 0xf6, 0xc4, 0xc4, 0x62, 0xd1, 0x73, 0x0b, 0x15, 0xf2, 0x51, 0xd5, 0x17, 0x60, 0xae,
+	0x7b, 0x70, 0xc0, 0x1a, 0x00, 0x66, 0xd0, 0xab, 0x7c, 0x4d, 0xf0, 0xb8, 0x17, 0xdf, 0xa3, 0xb2,
+	0xc2, 0x46, 0x8f, 0xc6, 0x66, 0x28, 0x62, 0xa8, 0x03, 0x5b, 0x3d, 0x0f, 0xa6, 0x6e, 0x51, 0xdb,
+	0x73, 0xe4, 0x21, 0xe1, 0x32, 0xc8, 0x5a, 0x46, 0x23, 0x18, 0x41, 0xe1, 0x5c, 0xdc, 0x30, 0x1a,
+	0x18, 0x09, 0x8d, 0xfa, 0x95, 0x02, 0xa6, 0xd7, 0x48, 0x83, 0xb8, 0x08, 0x33, 0xc7, 0xb6, 0x18,
+	0x86, 0x97, 0x62, 0x63, 0xeb, 0x64, 0xd7, 0xd8, 0x3a, 0x16, 0x33, 0xee, 0x18, 0x58, 0x4f, 0xc0,
+	0xf8, 0xa7, 0x1e, 0xf6, 0x88, 0x55, 0x95, 0x63, 0xfb, 0x52, 0xea, 0x0d, 0xb7, 0x7c, 0xfb, 0x58,
+	0xc5, 0xe9, 0x93, 0x7c, 0x10, 0x48, 0x0d, 0x0a, 0x20, 0xd5, 0xdf, 0x32, 0xe0, 0xa4, 0x88, 0x8c,
+	0x2b, 0x03, 0xb6, 0xf3, 0x13, 0x50, 0x30, 0x18, 0xf3, 0x28, 0xae, 0x24, 0x6d, 0xe7, 0x65, 0x79,
+	0x9d, 0xc2, 0x6a, 0x82, 0x1d, 0x4a, 0x44, 0x80, 0x7b, 0x60, 0xba, 0xde, 0x79, 0x79, 0x79, 0x4f,
+	0x2d, 0xf5, 0x9e, 0xb1, 0x94, 0xe9, 0x0b, 0xf2, 0x08, 0xf1, 0xb4, 0xa3, 0x38, 0x76, 0x3f, 0x3a,
+	0x30, 0x3a, 0x3c, 0x1d, 0x80, 0xf7, 0xc1, 0xc2, 0x8e, 0x4d, 0xa9, 0xbd, 0x4f, 0xac, 0xaa, 0x88,
+	0x13, 0x80, 0x64, 0x05, 0xc8, 0x5f, 0xda, 0xad, 0xd2, 0x82, 0xde, 0xcf, 0x00, 0xf5, 0xf7, 0x53,
+	0xf7, 0xc1, 0xc2, 0x06, 0x1f, 0x2c, 0xcc, 0xf6, 0xa8, 0x89, 0xa3, 0x9e, 0x80, 0x25, 0x90, 0x6b,
+	0x62, 0xba, 0xe3, 0xd7, 0x75, 0x5e, 0xcf, 0xf3, 0x8e, 0x78, 0xc4, 0x05, 0xc8, 0x97, 0xf3, 0x9b,
+	0x58, 0x91, 0xe7, 0x43, 0xb4, 0xc6, 0x0a, 0x63, 0xc2, 0x54, 0xdc, 0x64, 0x23, 0xae, 0x42, 0xdd,
+	0xb6, 0xea, 0x61, 0x06, 0x2c, 0x26, 0xb4, 0x20, 0x7c, 0x04, 0x26, 0x98, 0xfc, 0x5b, 0xb6, 0xd5,
+	0xe9, 0xd4, 0xc7, 0x90, 0xce, 0xd1, 0x16, 0x08, 0xd0, 0x50, 0x88, 0x05, 0x1d, 0x30, 0x4d, 0xe5,
+	0x19, 0x44, 0x50, 0xb9, 0x0d, 0xfe, 0x95, 0x0a, 0xde, 0x9b, 0x9f, 0xe8, 0xb9, 0x51, 0x27, 0x22,
+	0x8a, 0x07, 0x80, 0x2f, 0xc0, 0x5c, 0xc7, 0xc5, 0xfd, 0xa0, 0xa3, 0x22, 0xe8, 0xe5, 0xd4, 0xa0,
+	0x7d, 0xdf, 0x45, 0x2f, 0xc8, 0xb8, 0x73, 0x1b, 0x5d, 0xb8, 0xa8, 0x27, 0x92, 0xfa, 0x63, 0x06,
+	0x0c, 0x58, 0x10, 0x1f, 0x80, 0xf0, 0x19, 0x31, 0xc2, 0x77, 0xed, 0x08, 0xab, 0x2f, 0x91, 0x00,
+	0x92, 0x2e, 0x02, 0xb8, 0x7a, 0x94, 0x20, 0x83, 0x09, 0xe1, 0x2f, 0x19, 0xf0, 0xb7, 0x64, 0xe7,
+	0x88, 0x20, 0xde, 0x8b, 0x4d, 0xda, 0x7f, 0x77, 0x4d, 0xda, 0x53, 0x43, 0x40, 0xfc, 0x49, 0x18,
+	0xbb, 0x08, 0xe3, 0x5b, 0x05, 0x14, 0x93, 0xf3, 0xf6, 0x01, 0x08, 0xe4, 0xd3, 0x38, 0x81, 0xbc,
+	0x7a, 0x84, 0x2a, 0x4b, 0x20, 0x94, 0xb7, 0x06, 0x15, 0x57, 0xc8, 0xfc, 0x86, 0x58, 0xfd, 0xdf,
+	0x64, 0x06, 0xe5, 0x4a, 0x30, 0xd5, 0x94, 0x9f, 0x30, 0x31, 0xef, 0x9b, 0x16, 0x5f, 0x40, 0x0d,
+	0xbe, 0x43, 0xfc, 0x8a, 0x24, 0x60, 0xbc, 0xee, 0xaf, 0x6c, 0xd9, 0xd7, 0xfa, 0x70, 0x9b, 0x72,
+	0xd0, 0x8a, 0xf7, 0xe9, 0x81, 0x34, 0x43, 0x01, 0x3e, 0xc4, 0x60, 0x0c, 0x8b, 0x9f, 0xee, 0x43,
+	0x37, 0x77, 0xda, 0x2f, 0x7d, 0x1d, 0xf0, 0x42, 0xf4, 0xad, 0x90, 0x04, 0x57, 0x5f, 0x2a, 0x60,
+	0x39, 0x6d, 0x2a, 0xc0, 0xe7, 0x7d, 0xd8, 0xde, 0x51, 0xc8, 0xfc, 0xf0, 0xec, 0xef, 0x5b, 0x05,
+	0x1c, 0xef, 0xc7, 0xa9, 0x78, 0xa3, 0x71, 0x22, 0x15, 0xb2, 0xa0, 0xb0, 0xd1, 0xb6, 0x84, 0x14,
+	0x49, 0x2d, 0x3c, 0x0b, 0x26, 0x6a, 0x86, 0x55, 0xd9, 0x26, 0x9f, 0x05, 0x1c, 0x3f, 0x2c, 0xf5,
+	0xdb, 0x52, 0x8e, 0x42, 0x0b, 0x78, 0x03, 0xcc, 0x09, 0xbf, 0x35, 0x6c, 0x55, 0xdd, 0x9a, 0x78,
+	0x13, 0xc9, 0x51, 0xc2, 0xdd, 0xb3, 0xd5, 0xa5, 0x47, 0x3d, 0x1e, 0xea, 0xaf, 0x0a, 0x80, 0x7f,
+	0x84, 0x56, 0x9c, 0x01, 0x79, 0xc3, 0x21, 0x82, 0xed, 0xfa, 0xcd, 0x96, 0xd7, 0xa7, 0xdb, 0xad,
+	0x52, 0x7e, 0x75, 0xf3, 0x8e, 0x2f, 0x44, 0x91, 0x9e, 0x1b, 0x07, 0xfb, 0xd6, 0xdf, 0xab, 0xd2,
+	0x38, 0x08, 0xcc, 0x50, 0xa4, 0x87, 0x57, 0xc0, 0x94, 0x59, 0xf7, 0x98, 0x8b, 0xe9, 0xb6, 0x69,
+	0x3b, 0x58, 0x0c, 0xa7, 0x09, 0xfd, 0xb8, 0xbc, 0xd3, 0xd4, 0xf5, 0x0e, 0x1d, 0x8a, 0x59, 0x42,
+	0x0d, 0x00, 0xde, 0x59, 0xcc, 0x31, 0x78, 0x9c, 0x9c, 0x88, 0x33, 0xc3, 0x1f, 0x6c, 0x23, 0x94,
+	0xa2, 0x0e, 0x0b, 0xf5, 0x19, 0x58, 0xd8, 0xc6, 0xb4, 0x49, 0x4c, 0xbc, 0x6a, 0x9a, 0xb6, 0x67,
+	0xb9, 0x01, 0x6f, 0x2f, 0x83, 0x7c, 0x68, 0x26, 0x9b, 0xef, 0x98, 0x8c, 0x9f, 0x0f, 0xb1, 0x50,
+	0x64, 0x13, 0x76, 0x7b, 0x26, 0xb1, 0xdb, 0x7f, 0xc8, 0x80, 0xf1, 0x08, 0x3e, 0xbb, 0x47, 0xac,
+	0x8a, 0x44, 0x3e, 0x11, 0x58, 0xdf, 0x23, 0x56, 0xe5, 0x5d, 0xab, 0x34, 0x29, 0xcd, 0xf8, 0x27,
+	0x12, 0x86, 0xf0, 0x2e, 0xc8, 0x7a, 0x0c, 0x53, 0xd9, 0xc7, 0x67, 0x53, 0xab, 0xf9, 0x21, 0xc3,
+	0x34, 0x20, 0x5a, 0x13, 0x1c, 0x9a, 0x0b, 0x90, 0xc0, 0x80, 0x1b, 0x20, 0x57, 0xe5, 0xaf, 0x22,
+	0x5b, 0xf5, 0x5c, 0x2a, 0x58, 0xe7, 0x2f, 0x1a, 0xbf, 0x10, 0x84, 0x04, 0xf9, 0x30, 0x90, 0x82,
+	0x19, 0x16, 0x4b, 0xa2, 0x78, 0xb0, 0x61, 0x88, 0x53, 0xdf, 0xdc, 0xeb, 0xb0, 0xdd, 0x2a, 0xcd,
+	0xc4, 0x55, 0xa8, 0x2b, 0x82, 0x5a, 0x06, 0x93, 0x1d, 0x57, 0x4c, 0x9f, 0xb5, 0xfa, 0xcd, 0x57,
+	0x87, 0xc5, 0x91, 0xd7, 0x87, 0xc5, 0x91, 0x37, 0x87, 0xc5, 0x91, 0xcf, 0xdb, 0x45, 0xe5, 0x55,
+	0xbb, 0xa8, 0xbc, 0x6e, 0x17, 0x95, 0x37, 0xed, 0xa2, 0xf2, 0xb6, 0x5d, 0x54, 0xbe, 0xfc, 0xa9,
+	0x38, 0xf2, 0xb8, 0x94, 0xf2, 0x2f, 0xda, 0xdf, 0x03, 0x00, 0x00, 0xff, 0xff, 0xc1, 0x6c, 0x4e,
+	0x4e, 0xdd, 0x15, 0x00, 0x00,
+}
+
+func (m *ExemptPriorityLevelConfiguration) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *ExemptPriorityLevelConfiguration) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ExemptPriorityLevelConfiguration) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.LendablePercent != nil {
+		i = encodeVarintGenerated(dAtA, i, uint64(*m.LendablePercent))
+		i--
+		dAtA[i] = 0x10
+	}
+	if m.NominalConcurrencyShares != nil {
+		i = encodeVarintGenerated(dAtA, i, uint64(*m.NominalConcurrencyShares))
+		i--
+		dAtA[i] = 0x8
+	}
+	return len(dAtA) - i, nil
 }
 
 func (m *FlowDistinguisherMethod) Marshal() (dAtA []byte, err error) {
@@ -1491,6 +1557,18 @@ func (m *PriorityLevelConfigurationSpec) MarshalToSizedBuffer(dAtA []byte) (int,
 	_ = i
 	var l int
 	_ = l
+	if m.Exempt != nil {
+		{
+			size, err := m.Exempt.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintGenerated(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x1a
+	}
 	if m.Limited != nil {
 		{
 			size, err := m.Limited.MarshalToSizedBuffer(dAtA[:i])
@@ -1783,6 +1861,21 @@ func encodeVarintGenerated(dAtA []byte, offset int, v uint64) int {
 	dAtA[offset] = uint8(v)
 	return base
 }
+func (m *ExemptPriorityLevelConfiguration) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.NominalConcurrencyShares != nil {
+		n += 1 + sovGenerated(uint64(*m.NominalConcurrencyShares))
+	}
+	if m.LendablePercent != nil {
+		n += 1 + sovGenerated(uint64(*m.LendablePercent))
+	}
+	return n
+}
+
 func (m *FlowDistinguisherMethod) Size() (n int) {
 	if m == nil {
 		return 0
@@ -2048,6 +2141,10 @@ func (m *PriorityLevelConfigurationSpec) Size() (n int) {
 		l = m.Limited.Size()
 		n += 1 + l + sovGenerated(uint64(l))
 	}
+	if m.Exempt != nil {
+		l = m.Exempt.Size()
+		n += 1 + l + sovGenerated(uint64(l))
+	}
 	return n
 }
 
@@ -2165,6 +2262,17 @@ func sovGenerated(x uint64) (n int) {
 func sozGenerated(x uint64) (n int) {
 	return sovGenerated(uint64((x << 1) ^ uint64((int64(x) >> 63))))
 }
+func (this *ExemptPriorityLevelConfiguration) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&ExemptPriorityLevelConfiguration{`,
+		`NominalConcurrencyShares:` + valueToStringGenerated(this.NominalConcurrencyShares) + `,`,
+		`LendablePercent:` + valueToStringGenerated(this.LendablePercent) + `,`,
+		`}`,
+	}, "")
+	return s
+}
 func (this *FlowDistinguisherMethod) String() string {
 	if this == nil {
 		return "nil"
@@ -2381,6 +2489,7 @@ func (this *PriorityLevelConfigurationSpec) String() string {
 	s := strings.Join([]string{`&PriorityLevelConfigurationSpec{`,
 		`Type:` + fmt.Sprintf("%v", this.Type) + `,`,
 		`Limited:` + strings.Replace(this.Limited.String(), "LimitedPriorityLevelConfiguration", "LimitedPriorityLevelConfiguration", 1) + `,`,
+		`Exempt:` + strings.Replace(this.Exempt.String(), "ExemptPriorityLevelConfiguration", "ExemptPriorityLevelConfiguration", 1) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -2468,6 +2577,96 @@ func valueToStringGenerated(v interface{}) string {
 	pv := reflect.Indirect(rv).Interface()
 	return fmt.Sprintf("*%v", pv)
 }
+func (m *ExemptPriorityLevelConfiguration) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowGenerated
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: ExemptPriorityLevelConfiguration: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: ExemptPriorityLevelConfiguration: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field NominalConcurrencyShares", wireType)
+			}
+			var v int32
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				v |= int32(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			m.NominalConcurrencyShares = &v
+		case 2:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field LendablePercent", wireType)
+			}
+			var v int32
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				v |= int32(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			m.LendablePercent = &v
+		default:
+			iNdEx = preIndex
+			skippy, err := skipGenerated(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
 func (m *FlowDistinguisherMethod) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
@@ -4547,6 +4746,42 @@ func (m *PriorityLevelConfigurationSpec) Unmarshal(dAtA []byte) error {
 				return err
 			}
 			iNdEx = postIndex
+		case 3:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Exempt", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.Exempt == nil {
+				m.Exempt = &ExemptPriorityLevelConfiguration{}
+			}
+			if err := m.Exempt.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
 			skippy, err := skipGenerated(dAtA[iNdEx:])
diff --git a/vendor/k8s.io/api/flowcontrol/v1alpha1/generated.proto b/vendor/k8s.io/api/flowcontrol/v1alpha1/generated.proto
index 69ca79ad2..6509386f2 100644
--- a/vendor/k8s.io/api/flowcontrol/v1alpha1/generated.proto
+++ b/vendor/k8s.io/api/flowcontrol/v1alpha1/generated.proto
@@ -28,6 +28,40 @@ import "k8s.io/apimachinery/pkg/runtime/schema/generated.proto";
 // Package-wide variables from generator "generated".
 option go_package = "k8s.io/api/flowcontrol/v1alpha1";
 
+// ExemptPriorityLevelConfiguration describes the configurable aspects
+// of the handling of exempt requests.
+// In the mandatory exempt configuration object the values in the fields
+// here can be modified by authorized users, unlike the rest of the `spec`.
+message ExemptPriorityLevelConfiguration {
+  // `nominalConcurrencyShares` (NCS) contributes to the computation of the
+  // NominalConcurrencyLimit (NominalCL) of this level.
+  // This is the number of execution seats nominally reserved for this priority level.
+  // This DOES NOT limit the dispatching from this priority level
+  // but affects the other priority levels through the borrowing mechanism.
+  // The server's concurrency limit (ServerCL) is divided among all the
+  // priority levels in proportion to their NCS values:
+  //
+  // NominalCL(i)  = ceil( ServerCL * NCS(i) / sum_ncs )
+  // sum_ncs = sum[priority level k] NCS(k)
+  //
+  // Bigger numbers mean a larger nominal concurrency limit,
+  // at the expense of every other priority level.
+  // This field has a default value of zero.
+  // +optional
+  optional int32 nominalConcurrencyShares = 1;
+
+  // `lendablePercent` prescribes the fraction of the level's NominalCL that
+  // can be borrowed by other priority levels.  This value of this
+  // field must be between 0 and 100, inclusive, and it defaults to 0.
+  // The number of seats that other levels can borrow from this level, known
+  // as this level's LendableConcurrencyLimit (LendableCL), is defined as follows.
+  //
+  // LendableCL(i) = round( NominalCL(i) * lendablePercent(i)/100.0 )
+  //
+  // +optional
+  optional int32 lendablePercent = 2;
+}
+
 // FlowDistinguisherMethod specifies the method of a flow distinguisher.
 message FlowDistinguisherMethod {
   // `type` is the type of flow distinguisher method
@@ -332,6 +366,14 @@ message PriorityLevelConfigurationSpec {
   // This field must be non-empty if and only if `type` is `"Limited"`.
   // +optional
   optional LimitedPriorityLevelConfiguration limited = 2;
+
+  // `exempt` specifies how requests are handled for an exempt priority level.
+  // This field MUST be empty if `type` is `"Limited"`.
+  // This field MAY be non-empty if `type` is `"Exempt"`.
+  // If empty and `type` is `"Exempt"` then the default values
+  // for `ExemptPriorityLevelConfiguration` apply.
+  // +optional
+  optional ExemptPriorityLevelConfiguration exempt = 3;
 }
 
 // PriorityLevelConfigurationStatus represents the current state of a "request-priority".
diff --git a/vendor/k8s.io/api/flowcontrol/v1alpha1/types.go b/vendor/k8s.io/api/flowcontrol/v1alpha1/types.go
index ebf665bcc..161411ff3 100644
--- a/vendor/k8s.io/api/flowcontrol/v1alpha1/types.go
+++ b/vendor/k8s.io/api/flowcontrol/v1alpha1/types.go
@@ -399,6 +399,14 @@ type PriorityLevelConfigurationSpec struct {
 	// This field must be non-empty if and only if `type` is `"Limited"`.
 	// +optional
 	Limited *LimitedPriorityLevelConfiguration `json:"limited,omitempty" protobuf:"bytes,2,opt,name=limited"`
+
+	// `exempt` specifies how requests are handled for an exempt priority level.
+	// This field MUST be empty if `type` is `"Limited"`.
+	// This field MAY be non-empty if `type` is `"Exempt"`.
+	// If empty and `type` is `"Exempt"` then the default values
+	// for `ExemptPriorityLevelConfiguration` apply.
+	// +optional
+	Exempt *ExemptPriorityLevelConfiguration `json:"exempt,omitempty" protobuf:"bytes,3,opt,name=exempt"`
 }
 
 // PriorityLevelEnablement indicates whether limits on execution are enabled for the priority level
@@ -469,6 +477,43 @@ type LimitedPriorityLevelConfiguration struct {
 	BorrowingLimitPercent *int32 `json:"borrowingLimitPercent,omitempty" protobuf:"varint,4,opt,name=borrowingLimitPercent"`
 }
 
+// ExemptPriorityLevelConfiguration describes the configurable aspects
+// of the handling of exempt requests.
+// In the mandatory exempt configuration object the values in the fields
+// here can be modified by authorized users, unlike the rest of the `spec`.
+type ExemptPriorityLevelConfiguration struct {
+	// `nominalConcurrencyShares` (NCS) contributes to the computation of the
+	// NominalConcurrencyLimit (NominalCL) of this level.
+	// This is the number of execution seats nominally reserved for this priority level.
+	// This DOES NOT limit the dispatching from this priority level
+	// but affects the other priority levels through the borrowing mechanism.
+	// The server's concurrency limit (ServerCL) is divided among all the
+	// priority levels in proportion to their NCS values:
+	//
+	// NominalCL(i)  = ceil( ServerCL * NCS(i) / sum_ncs )
+	// sum_ncs = sum[priority level k] NCS(k)
+	//
+	// Bigger numbers mean a larger nominal concurrency limit,
+	// at the expense of every other priority level.
+	// This field has a default value of zero.
+	// +optional
+	NominalConcurrencyShares *int32 `json:"nominalConcurrencyShares,omitempty" protobuf:"varint,1,opt,name=nominalConcurrencyShares"`
+	// `lendablePercent` prescribes the fraction of the level's NominalCL that
+	// can be borrowed by other priority levels.  This value of this
+	// field must be between 0 and 100, inclusive, and it defaults to 0.
+	// The number of seats that other levels can borrow from this level, known
+	// as this level's LendableConcurrencyLimit (LendableCL), is defined as follows.
+	//
+	// LendableCL(i) = round( NominalCL(i) * lendablePercent(i)/100.0 )
+	//
+	// +optional
+	LendablePercent *int32 `json:"lendablePercent,omitempty" protobuf:"varint,2,opt,name=lendablePercent"`
+	// The `BorrowingCL` of an Exempt priority level is implicitly `ServerCL`.
+	// In other words, an exempt priority level
+	// has no meaningful limit on how much it borrows.
+	// There is no explicit representation of that here.
+}
+
 // LimitResponse defines how to handle requests that can not be executed right now.
 // +union
 type LimitResponse struct {
diff --git a/vendor/k8s.io/api/flowcontrol/v1alpha1/types_swagger_doc_generated.go b/vendor/k8s.io/api/flowcontrol/v1alpha1/types_swagger_doc_generated.go
index c95999fa5..1d0680c10 100644
--- a/vendor/k8s.io/api/flowcontrol/v1alpha1/types_swagger_doc_generated.go
+++ b/vendor/k8s.io/api/flowcontrol/v1alpha1/types_swagger_doc_generated.go
@@ -27,6 +27,16 @@ package v1alpha1
 // Those methods can be generated by using hack/update-codegen.sh
 
 // AUTO-GENERATED FUNCTIONS START HERE. DO NOT EDIT.
+var map_ExemptPriorityLevelConfiguration = map[string]string{
+	"":                         "ExemptPriorityLevelConfiguration describes the configurable aspects of the handling of exempt requests. In the mandatory exempt configuration object the values in the fields here can be modified by authorized users, unlike the rest of the `spec`.",
+	"nominalConcurrencyShares": "`nominalConcurrencyShares` (NCS) contributes to the computation of the NominalConcurrencyLimit (NominalCL) of this level. This is the number of execution seats nominally reserved for this priority level. This DOES NOT limit the dispatching from this priority level but affects the other priority levels through the borrowing mechanism. The server's concurrency limit (ServerCL) is divided among all the priority levels in proportion to their NCS values:\n\nNominalCL(i)  = ceil( ServerCL * NCS(i) / sum_ncs ) sum_ncs = sum[priority level k] NCS(k)\n\nBigger numbers mean a larger nominal concurrency limit, at the expense of every other priority level. This field has a default value of zero.",
+	"lendablePercent":          "`lendablePercent` prescribes the fraction of the level's NominalCL that can be borrowed by other priority levels.  This value of this field must be between 0 and 100, inclusive, and it defaults to 0. The number of seats that other levels can borrow from this level, known as this level's LendableConcurrencyLimit (LendableCL), is defined as follows.\n\nLendableCL(i) = round( NominalCL(i) * lendablePercent(i)/100.0 )",
+}
+
+func (ExemptPriorityLevelConfiguration) SwaggerDoc() map[string]string {
+	return map_ExemptPriorityLevelConfiguration
+}
+
 var map_FlowDistinguisherMethod = map[string]string{
 	"":     "FlowDistinguisherMethod specifies the method of a flow distinguisher.",
 	"type": "`type` is the type of flow distinguisher method The supported types are \"ByUser\" and \"ByNamespace\". Required.",
@@ -190,6 +200,7 @@ var map_PriorityLevelConfigurationSpec = map[string]string{
 	"":        "PriorityLevelConfigurationSpec specifies the configuration of a priority level.",
 	"type":    "`type` indicates whether this priority level is subject to limitation on request execution.  A value of `\"Exempt\"` means that requests of this priority level are not subject to a limit (and thus are never queued) and do not detract from the capacity made available to other priority levels.  A value of `\"Limited\"` means that (a) requests of this priority level _are_ subject to limits and (b) some of the server's limited capacity is made available exclusively to this priority level. Required.",
 	"limited": "`limited` specifies how requests are handled for a Limited priority level. This field must be non-empty if and only if `type` is `\"Limited\"`.",
+	"exempt":  "`exempt` specifies how requests are handled for an exempt priority level. This field MUST be empty if `type` is `\"Limited\"`. This field MAY be non-empty if `type` is `\"Exempt\"`. If empty and `type` is `\"Exempt\"` then the default values for `ExemptPriorityLevelConfiguration` apply.",
 }
 
 func (PriorityLevelConfigurationSpec) SwaggerDoc() map[string]string {
diff --git a/vendor/k8s.io/api/flowcontrol/v1alpha1/zz_generated.deepcopy.go b/vendor/k8s.io/api/flowcontrol/v1alpha1/zz_generated.deepcopy.go
index e0272804f..a5c9737aa 100644
--- a/vendor/k8s.io/api/flowcontrol/v1alpha1/zz_generated.deepcopy.go
+++ b/vendor/k8s.io/api/flowcontrol/v1alpha1/zz_generated.deepcopy.go
@@ -25,6 +25,32 @@ import (
 	runtime "k8s.io/apimachinery/pkg/runtime"
 )
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ExemptPriorityLevelConfiguration) DeepCopyInto(out *ExemptPriorityLevelConfiguration) {
+	*out = *in
+	if in.NominalConcurrencyShares != nil {
+		in, out := &in.NominalConcurrencyShares, &out.NominalConcurrencyShares
+		*out = new(int32)
+		**out = **in
+	}
+	if in.LendablePercent != nil {
+		in, out := &in.LendablePercent, &out.LendablePercent
+		*out = new(int32)
+		**out = **in
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExemptPriorityLevelConfiguration.
+func (in *ExemptPriorityLevelConfiguration) DeepCopy() *ExemptPriorityLevelConfiguration {
+	if in == nil {
+		return nil
+	}
+	out := new(ExemptPriorityLevelConfiguration)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *FlowDistinguisherMethod) DeepCopyInto(out *FlowDistinguisherMethod) {
 	*out = *in
@@ -400,6 +426,11 @@ func (in *PriorityLevelConfigurationSpec) DeepCopyInto(out *PriorityLevelConfigu
 		*out = new(LimitedPriorityLevelConfiguration)
 		(*in).DeepCopyInto(*out)
 	}
+	if in.Exempt != nil {
+		in, out := &in.Exempt, &out.Exempt
+		*out = new(ExemptPriorityLevelConfiguration)
+		(*in).DeepCopyInto(*out)
+	}
 	return
 }
 
diff --git a/vendor/k8s.io/api/flowcontrol/v1beta1/generated.pb.go b/vendor/k8s.io/api/flowcontrol/v1beta1/generated.pb.go
index fbaea85dd..33f4b97e3 100644
--- a/vendor/k8s.io/api/flowcontrol/v1beta1/generated.pb.go
+++ b/vendor/k8s.io/api/flowcontrol/v1beta1/generated.pb.go
@@ -43,10 +43,38 @@ var _ = math.Inf
 // proto package needs to be updated.
 const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package
 
+func (m *ExemptPriorityLevelConfiguration) Reset()      { *m = ExemptPriorityLevelConfiguration{} }
+func (*ExemptPriorityLevelConfiguration) ProtoMessage() {}
+func (*ExemptPriorityLevelConfiguration) Descriptor() ([]byte, []int) {
+	return fileDescriptor_80171c2a4e3669de, []int{0}
+}
+func (m *ExemptPriorityLevelConfiguration) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ExemptPriorityLevelConfiguration) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	b = b[:cap(b)]
+	n, err := m.MarshalToSizedBuffer(b)
+	if err != nil {
+		return nil, err
+	}
+	return b[:n], nil
+}
+func (m *ExemptPriorityLevelConfiguration) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ExemptPriorityLevelConfiguration.Merge(m, src)
+}
+func (m *ExemptPriorityLevelConfiguration) XXX_Size() int {
+	return m.Size()
+}
+func (m *ExemptPriorityLevelConfiguration) XXX_DiscardUnknown() {
+	xxx_messageInfo_ExemptPriorityLevelConfiguration.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_ExemptPriorityLevelConfiguration proto.InternalMessageInfo
+
 func (m *FlowDistinguisherMethod) Reset()      { *m = FlowDistinguisherMethod{} }
 func (*FlowDistinguisherMethod) ProtoMessage() {}
 func (*FlowDistinguisherMethod) Descriptor() ([]byte, []int) {
-	return fileDescriptor_80171c2a4e3669de, []int{0}
+	return fileDescriptor_80171c2a4e3669de, []int{1}
 }
 func (m *FlowDistinguisherMethod) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -74,7 +102,7 @@ var xxx_messageInfo_FlowDistinguisherMethod proto.InternalMessageInfo
 func (m *FlowSchema) Reset()      { *m = FlowSchema{} }
 func (*FlowSchema) ProtoMessage() {}
 func (*FlowSchema) Descriptor() ([]byte, []int) {
-	return fileDescriptor_80171c2a4e3669de, []int{1}
+	return fileDescriptor_80171c2a4e3669de, []int{2}
 }
 func (m *FlowSchema) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -102,7 +130,7 @@ var xxx_messageInfo_FlowSchema proto.InternalMessageInfo
 func (m *FlowSchemaCondition) Reset()      { *m = FlowSchemaCondition{} }
 func (*FlowSchemaCondition) ProtoMessage() {}
 func (*FlowSchemaCondition) Descriptor() ([]byte, []int) {
-	return fileDescriptor_80171c2a4e3669de, []int{2}
+	return fileDescriptor_80171c2a4e3669de, []int{3}
 }
 func (m *FlowSchemaCondition) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -130,7 +158,7 @@ var xxx_messageInfo_FlowSchemaCondition proto.InternalMessageInfo
 func (m *FlowSchemaList) Reset()      { *m = FlowSchemaList{} }
 func (*FlowSchemaList) ProtoMessage() {}
 func (*FlowSchemaList) Descriptor() ([]byte, []int) {
-	return fileDescriptor_80171c2a4e3669de, []int{3}
+	return fileDescriptor_80171c2a4e3669de, []int{4}
 }
 func (m *FlowSchemaList) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -158,7 +186,7 @@ var xxx_messageInfo_FlowSchemaList proto.InternalMessageInfo
 func (m *FlowSchemaSpec) Reset()      { *m = FlowSchemaSpec{} }
 func (*FlowSchemaSpec) ProtoMessage() {}
 func (*FlowSchemaSpec) Descriptor() ([]byte, []int) {
-	return fileDescriptor_80171c2a4e3669de, []int{4}
+	return fileDescriptor_80171c2a4e3669de, []int{5}
 }
 func (m *FlowSchemaSpec) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -186,7 +214,7 @@ var xxx_messageInfo_FlowSchemaSpec proto.InternalMessageInfo
 func (m *FlowSchemaStatus) Reset()      { *m = FlowSchemaStatus{} }
 func (*FlowSchemaStatus) ProtoMessage() {}
 func (*FlowSchemaStatus) Descriptor() ([]byte, []int) {
-	return fileDescriptor_80171c2a4e3669de, []int{5}
+	return fileDescriptor_80171c2a4e3669de, []int{6}
 }
 func (m *FlowSchemaStatus) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -214,7 +242,7 @@ var xxx_messageInfo_FlowSchemaStatus proto.InternalMessageInfo
 func (m *GroupSubject) Reset()      { *m = GroupSubject{} }
 func (*GroupSubject) ProtoMessage() {}
 func (*GroupSubject) Descriptor() ([]byte, []int) {
-	return fileDescriptor_80171c2a4e3669de, []int{6}
+	return fileDescriptor_80171c2a4e3669de, []int{7}
 }
 func (m *GroupSubject) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -242,7 +270,7 @@ var xxx_messageInfo_GroupSubject proto.InternalMessageInfo
 func (m *LimitResponse) Reset()      { *m = LimitResponse{} }
 func (*LimitResponse) ProtoMessage() {}
 func (*LimitResponse) Descriptor() ([]byte, []int) {
-	return fileDescriptor_80171c2a4e3669de, []int{7}
+	return fileDescriptor_80171c2a4e3669de, []int{8}
 }
 func (m *LimitResponse) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -270,7 +298,7 @@ var xxx_messageInfo_LimitResponse proto.InternalMessageInfo
 func (m *LimitedPriorityLevelConfiguration) Reset()      { *m = LimitedPriorityLevelConfiguration{} }
 func (*LimitedPriorityLevelConfiguration) ProtoMessage() {}
 func (*LimitedPriorityLevelConfiguration) Descriptor() ([]byte, []int) {
-	return fileDescriptor_80171c2a4e3669de, []int{8}
+	return fileDescriptor_80171c2a4e3669de, []int{9}
 }
 func (m *LimitedPriorityLevelConfiguration) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -298,7 +326,7 @@ var xxx_messageInfo_LimitedPriorityLevelConfiguration proto.InternalMessageInfo
 func (m *NonResourcePolicyRule) Reset()      { *m = NonResourcePolicyRule{} }
 func (*NonResourcePolicyRule) ProtoMessage() {}
 func (*NonResourcePolicyRule) Descriptor() ([]byte, []int) {
-	return fileDescriptor_80171c2a4e3669de, []int{9}
+	return fileDescriptor_80171c2a4e3669de, []int{10}
 }
 func (m *NonResourcePolicyRule) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -326,7 +354,7 @@ var xxx_messageInfo_NonResourcePolicyRule proto.InternalMessageInfo
 func (m *PolicyRulesWithSubjects) Reset()      { *m = PolicyRulesWithSubjects{} }
 func (*PolicyRulesWithSubjects) ProtoMessage() {}
 func (*PolicyRulesWithSubjects) Descriptor() ([]byte, []int) {
-	return fileDescriptor_80171c2a4e3669de, []int{10}
+	return fileDescriptor_80171c2a4e3669de, []int{11}
 }
 func (m *PolicyRulesWithSubjects) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -354,7 +382,7 @@ var xxx_messageInfo_PolicyRulesWithSubjects proto.InternalMessageInfo
 func (m *PriorityLevelConfiguration) Reset()      { *m = PriorityLevelConfiguration{} }
 func (*PriorityLevelConfiguration) ProtoMessage() {}
 func (*PriorityLevelConfiguration) Descriptor() ([]byte, []int) {
-	return fileDescriptor_80171c2a4e3669de, []int{11}
+	return fileDescriptor_80171c2a4e3669de, []int{12}
 }
 func (m *PriorityLevelConfiguration) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -382,7 +410,7 @@ var xxx_messageInfo_PriorityLevelConfiguration proto.InternalMessageInfo
 func (m *PriorityLevelConfigurationCondition) Reset()      { *m = PriorityLevelConfigurationCondition{} }
 func (*PriorityLevelConfigurationCondition) ProtoMessage() {}
 func (*PriorityLevelConfigurationCondition) Descriptor() ([]byte, []int) {
-	return fileDescriptor_80171c2a4e3669de, []int{12}
+	return fileDescriptor_80171c2a4e3669de, []int{13}
 }
 func (m *PriorityLevelConfigurationCondition) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -410,7 +438,7 @@ var xxx_messageInfo_PriorityLevelConfigurationCondition proto.InternalMessageInf
 func (m *PriorityLevelConfigurationList) Reset()      { *m = PriorityLevelConfigurationList{} }
 func (*PriorityLevelConfigurationList) ProtoMessage() {}
 func (*PriorityLevelConfigurationList) Descriptor() ([]byte, []int) {
-	return fileDescriptor_80171c2a4e3669de, []int{13}
+	return fileDescriptor_80171c2a4e3669de, []int{14}
 }
 func (m *PriorityLevelConfigurationList) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -438,7 +466,7 @@ var xxx_messageInfo_PriorityLevelConfigurationList proto.InternalMessageInfo
 func (m *PriorityLevelConfigurationReference) Reset()      { *m = PriorityLevelConfigurationReference{} }
 func (*PriorityLevelConfigurationReference) ProtoMessage() {}
 func (*PriorityLevelConfigurationReference) Descriptor() ([]byte, []int) {
-	return fileDescriptor_80171c2a4e3669de, []int{14}
+	return fileDescriptor_80171c2a4e3669de, []int{15}
 }
 func (m *PriorityLevelConfigurationReference) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -466,7 +494,7 @@ var xxx_messageInfo_PriorityLevelConfigurationReference proto.InternalMessageInf
 func (m *PriorityLevelConfigurationSpec) Reset()      { *m = PriorityLevelConfigurationSpec{} }
 func (*PriorityLevelConfigurationSpec) ProtoMessage() {}
 func (*PriorityLevelConfigurationSpec) Descriptor() ([]byte, []int) {
-	return fileDescriptor_80171c2a4e3669de, []int{15}
+	return fileDescriptor_80171c2a4e3669de, []int{16}
 }
 func (m *PriorityLevelConfigurationSpec) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -494,7 +522,7 @@ var xxx_messageInfo_PriorityLevelConfigurationSpec proto.InternalMessageInfo
 func (m *PriorityLevelConfigurationStatus) Reset()      { *m = PriorityLevelConfigurationStatus{} }
 func (*PriorityLevelConfigurationStatus) ProtoMessage() {}
 func (*PriorityLevelConfigurationStatus) Descriptor() ([]byte, []int) {
-	return fileDescriptor_80171c2a4e3669de, []int{16}
+	return fileDescriptor_80171c2a4e3669de, []int{17}
 }
 func (m *PriorityLevelConfigurationStatus) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -522,7 +550,7 @@ var xxx_messageInfo_PriorityLevelConfigurationStatus proto.InternalMessageInfo
 func (m *QueuingConfiguration) Reset()      { *m = QueuingConfiguration{} }
 func (*QueuingConfiguration) ProtoMessage() {}
 func (*QueuingConfiguration) Descriptor() ([]byte, []int) {
-	return fileDescriptor_80171c2a4e3669de, []int{17}
+	return fileDescriptor_80171c2a4e3669de, []int{18}
 }
 func (m *QueuingConfiguration) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -550,7 +578,7 @@ var xxx_messageInfo_QueuingConfiguration proto.InternalMessageInfo
 func (m *ResourcePolicyRule) Reset()      { *m = ResourcePolicyRule{} }
 func (*ResourcePolicyRule) ProtoMessage() {}
 func (*ResourcePolicyRule) Descriptor() ([]byte, []int) {
-	return fileDescriptor_80171c2a4e3669de, []int{18}
+	return fileDescriptor_80171c2a4e3669de, []int{19}
 }
 func (m *ResourcePolicyRule) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -578,7 +606,7 @@ var xxx_messageInfo_ResourcePolicyRule proto.InternalMessageInfo
 func (m *ServiceAccountSubject) Reset()      { *m = ServiceAccountSubject{} }
 func (*ServiceAccountSubject) ProtoMessage() {}
 func (*ServiceAccountSubject) Descriptor() ([]byte, []int) {
-	return fileDescriptor_80171c2a4e3669de, []int{19}
+	return fileDescriptor_80171c2a4e3669de, []int{20}
 }
 func (m *ServiceAccountSubject) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -606,7 +634,7 @@ var xxx_messageInfo_ServiceAccountSubject proto.InternalMessageInfo
 func (m *Subject) Reset()      { *m = Subject{} }
 func (*Subject) ProtoMessage() {}
 func (*Subject) Descriptor() ([]byte, []int) {
-	return fileDescriptor_80171c2a4e3669de, []int{20}
+	return fileDescriptor_80171c2a4e3669de, []int{21}
 }
 func (m *Subject) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -634,7 +662,7 @@ var xxx_messageInfo_Subject proto.InternalMessageInfo
 func (m *UserSubject) Reset()      { *m = UserSubject{} }
 func (*UserSubject) ProtoMessage() {}
 func (*UserSubject) Descriptor() ([]byte, []int) {
-	return fileDescriptor_80171c2a4e3669de, []int{21}
+	return fileDescriptor_80171c2a4e3669de, []int{22}
 }
 func (m *UserSubject) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -660,6 +688,7 @@ func (m *UserSubject) XXX_DiscardUnknown() {
 var xxx_messageInfo_UserSubject proto.InternalMessageInfo
 
 func init() {
+	proto.RegisterType((*ExemptPriorityLevelConfiguration)(nil), "k8s.io.api.flowcontrol.v1beta1.ExemptPriorityLevelConfiguration")
 	proto.RegisterType((*FlowDistinguisherMethod)(nil), "k8s.io.api.flowcontrol.v1beta1.FlowDistinguisherMethod")
 	proto.RegisterType((*FlowSchema)(nil), "k8s.io.api.flowcontrol.v1beta1.FlowSchema")
 	proto.RegisterType((*FlowSchemaCondition)(nil), "k8s.io.api.flowcontrol.v1beta1.FlowSchemaCondition")
@@ -689,105 +718,141 @@ func init() {
 }
 
 var fileDescriptor_80171c2a4e3669de = []byte{
-	// 1553 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xec, 0x58, 0x4f, 0x6f, 0xdb, 0xc6,
-	0x12, 0x37, 0x65, 0xc9, 0xb6, 0xc6, 0x7f, 0xb3, 0x8e, 0x61, 0x3d, 0x07, 0x90, 0x1c, 0x3e, 0xe0,
-	0xe5, 0xbd, 0x97, 0x84, 0x4a, 0xd2, 0xa4, 0x49, 0x5b, 0xf4, 0x8f, 0xe9, 0xb4, 0x69, 0x1a, 0xdb,
-	0x71, 0xd6, 0x49, 0x5b, 0xa4, 0x01, 0x1a, 0x8a, 0x5a, 0x4b, 0x8c, 0x25, 0x92, 0xd9, 0x25, 0x65,
-	0xb8, 0xb9, 0x14, 0xfd, 0x04, 0x3d, 0xb7, 0xc7, 0x1e, 0x7a, 0xef, 0x17, 0xe8, 0xb1, 0x41, 0x4f,
-	0x39, 0xe6, 0xa4, 0x36, 0xea, 0xa9, 0xdf, 0xa0, 0x0d, 0x50, 0xa0, 0xd8, 0xe5, 0x92, 0x14, 0xf5,
-	0x8f, 0x42, 0x02, 0xe4, 0xd4, 0x9b, 0x39, 0xf3, 0x9b, 0xdf, 0xec, 0xcc, 0xce, 0xcc, 0x8e, 0x0c,
-	0xd7, 0x0e, 0xae, 0x30, 0xcd, 0x72, 0xca, 0x07, 0x7e, 0x85, 0x50, 0x9b, 0x78, 0x84, 0x95, 0x5b,
-	0xc4, 0xae, 0x3a, 0xb4, 0x2c, 0x15, 0x86, 0x6b, 0x95, 0xf7, 0x1b, 0xce, 0xa1, 0xe9, 0xd8, 0x1e,
-	0x75, 0x1a, 0xe5, 0xd6, 0xf9, 0x0a, 0xf1, 0x8c, 0xf3, 0xe5, 0x1a, 0xb1, 0x09, 0x35, 0x3c, 0x52,
-	0xd5, 0x5c, 0xea, 0x78, 0x0e, 0x2a, 0x06, 0x78, 0xcd, 0x70, 0x2d, 0xad, 0x0b, 0xaf, 0x49, 0xfc,
-	0xda, 0xd9, 0x9a, 0xe5, 0xd5, 0xfd, 0x8a, 0x66, 0x3a, 0xcd, 0x72, 0xcd, 0xa9, 0x39, 0x65, 0x61,
-	0x56, 0xf1, 0xf7, 0xc5, 0x97, 0xf8, 0x10, 0x7f, 0x05, 0x74, 0x6b, 0x17, 0x63, 0xf7, 0x4d, 0xc3,
-	0xac, 0x5b, 0x36, 0xa1, 0x47, 0x65, 0xf7, 0xa0, 0xc6, 0x05, 0xac, 0xdc, 0x24, 0x9e, 0x51, 0x6e,
-	0xf5, 0x1d, 0x62, 0xad, 0x3c, 0xcc, 0x8a, 0xfa, 0xb6, 0x67, 0x35, 0x49, 0x9f, 0xc1, 0xeb, 0x69,
-	0x06, 0xcc, 0xac, 0x93, 0xa6, 0xd1, 0x6b, 0xa7, 0xde, 0x85, 0xd5, 0x0f, 0x1a, 0xce, 0xe1, 0x55,
-	0x8b, 0x79, 0x96, 0x5d, 0xf3, 0x2d, 0x56, 0x27, 0x74, 0x9b, 0x78, 0x75, 0xa7, 0x8a, 0xde, 0x85,
-	0xac, 0x77, 0xe4, 0x92, 0x82, 0xb2, 0xae, 0xfc, 0x37, 0xaf, 0x9f, 0x7e, 0xdc, 0x2e, 0x4d, 0x74,
-	0xda, 0xa5, 0xec, 0xed, 0x23, 0x97, 0x3c, 0x6f, 0x97, 0x4e, 0x0c, 0x31, 0xe3, 0x6a, 0x2c, 0x0c,
-	0xd5, 0x6f, 0x32, 0x00, 0x1c, 0xb5, 0x27, 0x5c, 0xa3, 0xfb, 0x30, 0xc3, 0xc3, 0xad, 0x1a, 0x9e,
-	0x21, 0x38, 0x67, 0x2f, 0x9c, 0xd3, 0xe2, 0x5c, 0x47, 0xa7, 0xd6, 0xdc, 0x83, 0x1a, 0x17, 0x30,
-	0x8d, 0xa3, 0xb5, 0xd6, 0x79, 0xed, 0x66, 0xe5, 0x01, 0x31, 0xbd, 0x6d, 0xe2, 0x19, 0x3a, 0x92,
-	0xa7, 0x80, 0x58, 0x86, 0x23, 0x56, 0xb4, 0x0b, 0x59, 0xe6, 0x12, 0xb3, 0x90, 0x11, 0xec, 0x9a,
-	0x36, 0xfa, 0x26, 0xb5, 0xf8, 0x6c, 0x7b, 0x2e, 0x31, 0xf5, 0xb9, 0x30, 0x42, 0xfe, 0x85, 0x05,
-	0x13, 0xfa, 0x14, 0xa6, 0x98, 0x67, 0x78, 0x3e, 0x2b, 0x4c, 0xf6, 0x9d, 0x38, 0x8d, 0x53, 0xd8,
-	0xe9, 0x0b, 0x92, 0x75, 0x2a, 0xf8, 0xc6, 0x92, 0x4f, 0x7d, 0x9a, 0x81, 0xe5, 0x18, 0xbc, 0xe9,
-	0xd8, 0x55, 0xcb, 0xb3, 0x1c, 0x1b, 0xbd, 0x95, 0xc8, 0xfa, 0xa9, 0x9e, 0xac, 0xaf, 0x0e, 0x30,
-	0x89, 0x33, 0x8e, 0xde, 0x88, 0x8e, 0x9b, 0x11, 0xe6, 0x27, 0x93, 0xce, 0x9f, 0xb7, 0x4b, 0x8b,
-	0x91, 0x59, 0xf2, 0x3c, 0xa8, 0x05, 0xa8, 0x61, 0x30, 0xef, 0x36, 0x35, 0x6c, 0x16, 0xd0, 0x5a,
-	0x4d, 0x22, 0xa3, 0xfe, 0xff, 0x78, 0xf7, 0xc4, 0x2d, 0xf4, 0x35, 0xe9, 0x12, 0x6d, 0xf5, 0xb1,
-	0xe1, 0x01, 0x1e, 0xd0, 0x7f, 0x60, 0x8a, 0x12, 0x83, 0x39, 0x76, 0x21, 0x2b, 0x8e, 0x1c, 0xe5,
-	0x0b, 0x0b, 0x29, 0x96, 0x5a, 0xf4, 0x3f, 0x98, 0x6e, 0x12, 0xc6, 0x8c, 0x1a, 0x29, 0xe4, 0x04,
-	0x70, 0x51, 0x02, 0xa7, 0xb7, 0x03, 0x31, 0x0e, 0xf5, 0xea, 0x8f, 0x0a, 0x2c, 0xc4, 0x79, 0xda,
-	0xb2, 0x98, 0x87, 0xee, 0xf5, 0xd5, 0x9e, 0x36, 0x5e, 0x4c, 0xdc, 0x5a, 0x54, 0xde, 0x92, 0x74,
-	0x37, 0x13, 0x4a, 0xba, 0xea, 0xee, 0x26, 0xe4, 0x2c, 0x8f, 0x34, 0x79, 0xd6, 0x27, 0x7b, 0xd2,
-	0x95, 0x52, 0x24, 0xfa, 0xbc, 0xa4, 0xcd, 0x5d, 0xe7, 0x04, 0x38, 0xe0, 0x51, 0x7f, 0x9f, 0xec,
-	0x8e, 0x80, 0xd7, 0x23, 0xfa, 0x5e, 0x81, 0x35, 0x97, 0x5a, 0x0e, 0xb5, 0xbc, 0xa3, 0x2d, 0xd2,
-	0x22, 0x8d, 0x4d, 0xc7, 0xde, 0xb7, 0x6a, 0x3e, 0x35, 0x78, 0x2a, 0x65, 0x50, 0x9b, 0x69, 0x9e,
-	0x77, 0x87, 0x32, 0x60, 0xb2, 0x4f, 0x28, 0xb1, 0x4d, 0xa2, 0xab, 0xf2, 0x48, 0x6b, 0x23, 0xc0,
-	0x23, 0x8e, 0x82, 0x3e, 0x02, 0xd4, 0x34, 0x3c, 0x9e, 0xd1, 0xda, 0x2e, 0x25, 0x26, 0xa9, 0x72,
-	0x56, 0x51, 0x90, 0xb9, 0xb8, 0x3a, 0xb6, 0xfb, 0x10, 0x78, 0x80, 0x15, 0xfa, 0x4a, 0x81, 0xe5,
-	0x6a, 0xff, 0x90, 0x91, 0x75, 0x79, 0x79, 0x9c, 0x44, 0x0f, 0x98, 0x51, 0xfa, 0x6a, 0xa7, 0x5d,
-	0x5a, 0x1e, 0xa0, 0xc0, 0x83, 0x9c, 0xa1, 0x7b, 0x90, 0xa3, 0x7e, 0x83, 0xb0, 0x42, 0x56, 0x5c,
-	0x6f, 0xaa, 0xd7, 0x5d, 0xa7, 0x61, 0x99, 0x47, 0x98, 0x9b, 0x7c, 0x62, 0x79, 0xf5, 0x3d, 0x5f,
-	0xcc, 0x2a, 0x16, 0xdf, 0xb5, 0x50, 0xe1, 0x80, 0x54, 0x7d, 0x04, 0x4b, 0xbd, 0x43, 0x03, 0xd5,
-	0x00, 0xcc, 0xb0, 0x4f, 0x59, 0x41, 0x11, 0x6e, 0x5f, 0x1b, 0xbf, 0xaa, 0xa2, 0x1e, 0x8f, 0xe7,
-	0x65, 0x24, 0x62, 0xb8, 0x8b, 0x5a, 0x3d, 0x07, 0x73, 0xd7, 0xa8, 0xe3, 0xbb, 0xf2, 0x8c, 0x68,
-	0x1d, 0xb2, 0xb6, 0xd1, 0x0c, 0xa7, 0x4f, 0x34, 0x11, 0x77, 0x8c, 0x26, 0xc1, 0x42, 0xa3, 0x7e,
-	0xa7, 0xc0, 0xfc, 0x96, 0xd5, 0xb4, 0x3c, 0x4c, 0x98, 0xeb, 0xd8, 0x8c, 0xa0, 0x4b, 0x89, 0x89,
-	0x75, 0xb2, 0x67, 0x62, 0x1d, 0x4b, 0x80, 0xbb, 0x66, 0xd5, 0x67, 0x30, 0xfd, 0xd0, 0x27, 0xbe,
-	0x65, 0xd7, 0xe4, 0xbc, 0xbe, 0x98, 0x16, 0xe0, 0xad, 0x00, 0x9e, 0xa8, 0x36, 0x7d, 0x96, 0x8f,
-	0x00, 0xa9, 0xc1, 0x21, 0xa3, 0xfa, 0x57, 0x06, 0x4e, 0x0a, 0xc7, 0xa4, 0x3a, 0xbc, 0x8a, 0xd1,
-	0x3d, 0x28, 0x18, 0x8c, 0xf9, 0x94, 0x54, 0x37, 0x1d, 0xdb, 0xf4, 0x29, 0xaf, 0xff, 0xa3, 0xbd,
-	0xba, 0x41, 0x09, 0x13, 0xd1, 0xe4, 0xf4, 0x75, 0x19, 0x4d, 0x61, 0x63, 0x08, 0x0e, 0x0f, 0x65,
-	0x40, 0x0f, 0x60, 0xbe, 0xd1, 0x1d, 0xbb, 0x0c, 0xf3, 0x6c, 0x5a, 0x98, 0x89, 0x84, 0xe9, 0x2b,
-	0xf2, 0x04, 0xc9, 0xa4, 0xe3, 0x24, 0x35, 0x7a, 0x1b, 0x16, 0x1b, 0xc4, 0xae, 0x1a, 0x95, 0x06,
-	0xd9, 0x25, 0xd4, 0x24, 0xb6, 0x27, 0x5a, 0x24, 0xa7, 0x2f, 0x77, 0xda, 0xa5, 0xc5, 0xad, 0xa4,
-	0x0a, 0xf7, 0x62, 0xd1, 0x4d, 0x58, 0xa9, 0x38, 0x94, 0x3a, 0x87, 0x96, 0x5d, 0x13, 0x7e, 0x42,
-	0x92, 0xac, 0x20, 0xf9, 0x57, 0xa7, 0x5d, 0x5a, 0xd1, 0x07, 0x01, 0xf0, 0x60, 0x3b, 0xf5, 0x10,
-	0x56, 0x76, 0xf8, 0x4c, 0x61, 0x8e, 0x4f, 0x4d, 0x12, 0x37, 0x04, 0x2a, 0x41, 0xae, 0x45, 0x68,
-	0x25, 0x28, 0xea, 0xbc, 0x9e, 0xe7, 0xed, 0xf0, 0x31, 0x17, 0xe0, 0x40, 0xce, 0x23, 0xb1, 0x63,
-	0xcb, 0x3b, 0x78, 0x8b, 0x15, 0xa6, 0x04, 0x54, 0x44, 0xb2, 0x93, 0x54, 0xe1, 0x5e, 0xac, 0xda,
-	0xce, 0xc0, 0xea, 0x90, 0xfe, 0x43, 0x77, 0x60, 0x86, 0xc9, 0xbf, 0x65, 0x4f, 0x9d, 0x4a, 0xbb,
-	0x0b, 0x69, 0x1b, 0x4f, 0xff, 0x90, 0x0c, 0x47, 0x54, 0xc8, 0x81, 0x79, 0x2a, 0x8f, 0x20, 0x7c,
-	0xca, 0x57, 0xe0, 0x42, 0x1a, 0x77, 0x7f, 0x76, 0xe2, 0xcb, 0xc6, 0xdd, 0x84, 0x38, 0xc9, 0x8f,
-	0x1e, 0xc1, 0x52, 0x57, 0xd8, 0x81, 0xcf, 0x49, 0xe1, 0xf3, 0x52, 0x9a, 0xcf, 0x81, 0x97, 0xa2,
-	0x17, 0xa4, 0xdb, 0xa5, 0x9d, 0x1e, 0x5a, 0xdc, 0xe7, 0x48, 0xfd, 0x39, 0x03, 0x23, 0x1e, 0x86,
-	0x57, 0xb0, 0xe4, 0xdd, 0x4f, 0x2c, 0x79, 0xef, 0xbc, 0xf8, 0x8b, 0x37, 0x74, 0xe9, 0xab, 0xf7,
-	0x2c, 0x7d, 0xef, 0xbd, 0x84, 0x8f, 0xd1, 0x4b, 0xe0, 0x1f, 0x19, 0xf8, 0xf7, 0x70, 0xe3, 0x78,
-	0x29, 0xbc, 0x91, 0x18, 0xb1, 0x97, 0x7b, 0x46, 0xec, 0xa9, 0x31, 0x28, 0xfe, 0x59, 0x12, 0x7b,
-	0x96, 0xc4, 0x5f, 0x14, 0x28, 0x0e, 0xcf, 0xdb, 0x2b, 0x58, 0x1a, 0x3f, 0x4f, 0x2e, 0x8d, 0x6f,
-	0xbe, 0x78, 0x91, 0x0d, 0x59, 0x22, 0xaf, 0x8d, 0xaa, 0xad, 0x68, 0xdd, 0x1b, 0xe3, 0xc9, 0xff,
-	0x69, 0x64, 0xaa, 0xc4, 0x76, 0x9a, 0xf2, 0xab, 0x25, 0x61, 0xfd, 0xbe, 0xcd, 0x9f, 0x9e, 0x26,
-	0x7f, 0x3d, 0x82, 0x82, 0xac, 0xc3, 0x74, 0x23, 0x78, 0xab, 0x65, 0x53, 0x6f, 0x8c, 0xf5, 0x44,
-	0x8e, 0x7a, 0xda, 0x83, 0xb5, 0x40, 0xc2, 0x70, 0x48, 0xaf, 0x7e, 0xab, 0xc0, 0x7a, 0x5a, 0xb3,
-	0xa2, 0xc3, 0x01, 0xcb, 0xd7, 0x4b, 0x2c, 0xd6, 0xe3, 0x2f, 0x63, 0x3f, 0x28, 0x70, 0x7c, 0xd0,
-	0x8e, 0xc3, 0xcb, 0x9f, 0x2f, 0x36, 0xd1, 0x56, 0x12, 0x95, 0xff, 0x2d, 0x21, 0xc5, 0x52, 0x8b,
-	0xce, 0xc0, 0x4c, 0xdd, 0xb0, 0xab, 0x7b, 0xd6, 0x17, 0xe1, 0xbe, 0x1d, 0x15, 0xe0, 0x87, 0x52,
-	0x8e, 0x23, 0x04, 0xba, 0x0a, 0x4b, 0xc2, 0x6e, 0x8b, 0xd8, 0x35, 0xaf, 0x2e, 0x72, 0x25, 0x97,
-	0x86, 0xe8, 0x3d, 0xb8, 0xd5, 0xa3, 0xc7, 0x7d, 0x16, 0xea, 0x9f, 0x0a, 0xa0, 0x17, 0x79, 0xe7,
-	0x4f, 0x43, 0xde, 0x70, 0x2d, 0xb1, 0x7c, 0x06, 0x2d, 0x90, 0xd7, 0xe7, 0x3b, 0xed, 0x52, 0x7e,
-	0x63, 0xf7, 0x7a, 0x20, 0xc4, 0xb1, 0x9e, 0x83, 0xc3, 0x27, 0x30, 0x78, 0xea, 0x24, 0x38, 0x74,
-	0xcc, 0x70, 0xac, 0x47, 0x57, 0x60, 0xce, 0x6c, 0xf8, 0xcc, 0x23, 0x74, 0xcf, 0x74, 0x5c, 0x22,
-	0x46, 0xc6, 0x8c, 0x7e, 0x5c, 0xc6, 0x34, 0xb7, 0xd9, 0xa5, 0xc3, 0x09, 0x24, 0xd2, 0x00, 0x78,
-	0xc1, 0x33, 0xd7, 0xe0, 0x7e, 0x72, 0xc2, 0xcf, 0x02, 0xbf, 0xb0, 0x9d, 0x48, 0x8a, 0xbb, 0x10,
-	0xea, 0x03, 0x58, 0xd9, 0x23, 0xb4, 0x65, 0x99, 0x64, 0xc3, 0x34, 0x1d, 0xdf, 0xf6, 0xc2, 0x35,
-	0xba, 0x0c, 0xf9, 0x08, 0x26, 0x7b, 0xe2, 0x98, 0xf4, 0x9f, 0x8f, 0xb8, 0x70, 0x8c, 0x89, 0x9a,
-	0x30, 0x33, 0xbc, 0x09, 0x33, 0x30, 0x1d, 0xd3, 0x67, 0x0f, 0x2c, 0xbb, 0x2a, 0x99, 0x4f, 0x84,
-	0xe8, 0x1b, 0x96, 0x5d, 0x7d, 0xde, 0x2e, 0xcd, 0x4a, 0x18, 0xff, 0xc4, 0x02, 0x88, 0xae, 0x43,
-	0xd6, 0x67, 0x84, 0xca, 0xf6, 0x3a, 0x9d, 0x56, 0xcc, 0x77, 0x18, 0xa1, 0xe1, 0xe6, 0x33, 0xc3,
-	0x99, 0xb9, 0x00, 0x0b, 0x0a, 0xb4, 0x0d, 0xb9, 0x1a, 0xbf, 0x14, 0x39, 0xf5, 0xcf, 0xa4, 0x71,
-	0x75, 0xff, 0xbc, 0x08, 0xca, 0x40, 0x48, 0x70, 0xc0, 0x82, 0x1e, 0xc2, 0x02, 0x4b, 0xa4, 0x50,
-	0x5c, 0xd7, 0x18, 0x9b, 0xcc, 0xc0, 0xc4, 0xeb, 0xa8, 0xd3, 0x2e, 0x2d, 0x24, 0x55, 0xb8, 0xc7,
-	0x81, 0x5a, 0x86, 0xd9, 0xae, 0x00, 0xd3, 0xe7, 0x9f, 0x7e, 0xf5, 0xf1, 0xb3, 0xe2, 0xc4, 0x93,
-	0x67, 0xc5, 0x89, 0xa7, 0xcf, 0x8a, 0x13, 0x5f, 0x76, 0x8a, 0xca, 0xe3, 0x4e, 0x51, 0x79, 0xd2,
-	0x29, 0x2a, 0x4f, 0x3b, 0x45, 0xe5, 0xd7, 0x4e, 0x51, 0xf9, 0xfa, 0xb7, 0xe2, 0xc4, 0xdd, 0xe2,
-	0xe8, 0xff, 0x33, 0xfe, 0x1d, 0x00, 0x00, 0xff, 0xff, 0x2c, 0x6d, 0x6e, 0x75, 0xa1, 0x14, 0x00,
-	0x00,
+	// 1614 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xec, 0x58, 0xcf, 0x73, 0xdb, 0xc4,
+	0x17, 0x8f, 0x1c, 0x3b, 0x89, 0x5f, 0x7e, 0x76, 0xd3, 0x4c, 0xfc, 0x4d, 0xbf, 0x63, 0xa7, 0x62,
+	0x86, 0x02, 0x6d, 0xe5, 0xb6, 0xb4, 0xb4, 0xc0, 0xf0, 0x23, 0x4a, 0x4b, 0x29, 0x4d, 0xd2, 0x74,
+	0xd3, 0x42, 0xa7, 0x74, 0x86, 0xca, 0xf2, 0xc6, 0x56, 0x63, 0x4b, 0xea, 0xae, 0xe4, 0x10, 0x7a,
+	0x61, 0xf8, 0x0b, 0x38, 0xc3, 0x91, 0x03, 0x27, 0x2e, 0x5c, 0x39, 0x70, 0xa4, 0xc3, 0xa9, 0xc7,
+	0x9e, 0x0c, 0x35, 0x27, 0xfe, 0x03, 0xe8, 0x0c, 0x33, 0xcc, 0xae, 0xd6, 0x92, 0xe5, 0x5f, 0xf2,
+	0xb4, 0x33, 0x3d, 0x71, 0x8b, 0xde, 0xfb, 0xbc, 0xcf, 0xdb, 0x7d, 0xfb, 0x7e, 0x39, 0x70, 0x79,
+	0xef, 0x02, 0xd3, 0x2c, 0xa7, 0xb8, 0xe7, 0x97, 0x08, 0xb5, 0x89, 0x47, 0x58, 0xb1, 0x41, 0xec,
+	0xb2, 0x43, 0x8b, 0x52, 0x61, 0xb8, 0x56, 0x71, 0xb7, 0xe6, 0xec, 0x9b, 0x8e, 0xed, 0x51, 0xa7,
+	0x56, 0x6c, 0x9c, 0x2e, 0x11, 0xcf, 0x38, 0x5d, 0xac, 0x10, 0x9b, 0x50, 0xc3, 0x23, 0x65, 0xcd,
+	0xa5, 0x8e, 0xe7, 0xa0, 0x7c, 0x80, 0xd7, 0x0c, 0xd7, 0xd2, 0x3a, 0xf0, 0x9a, 0xc4, 0xaf, 0x9c,
+	0xac, 0x58, 0x5e, 0xd5, 0x2f, 0x69, 0xa6, 0x53, 0x2f, 0x56, 0x9c, 0x8a, 0x53, 0x14, 0x66, 0x25,
+	0x7f, 0x57, 0x7c, 0x89, 0x0f, 0xf1, 0x57, 0x40, 0xb7, 0x72, 0x36, 0x72, 0x5f, 0x37, 0xcc, 0xaa,
+	0x65, 0x13, 0x7a, 0x50, 0x74, 0xf7, 0x2a, 0x5c, 0xc0, 0x8a, 0x75, 0xe2, 0x19, 0xc5, 0x46, 0xcf,
+	0x21, 0x56, 0x8a, 0x83, 0xac, 0xa8, 0x6f, 0x7b, 0x56, 0x9d, 0xf4, 0x18, 0xbc, 0x91, 0x64, 0xc0,
+	0xcc, 0x2a, 0xa9, 0x1b, 0xdd, 0x76, 0xea, 0x4f, 0x0a, 0xac, 0x5e, 0xfa, 0x9c, 0xd4, 0x5d, 0x6f,
+	0x9b, 0x5a, 0x0e, 0xb5, 0xbc, 0x83, 0x0d, 0xd2, 0x20, 0xb5, 0x75, 0xc7, 0xde, 0xb5, 0x2a, 0x3e,
+	0x35, 0x3c, 0xcb, 0xb1, 0xd1, 0x2d, 0xc8, 0xd9, 0x4e, 0xdd, 0xb2, 0x0d, 0x2e, 0x37, 0x7d, 0x4a,
+	0x89, 0x6d, 0x1e, 0xec, 0x54, 0x0d, 0x4a, 0x58, 0x4e, 0x59, 0x55, 0x5e, 0xc9, 0xe8, 0xff, 0x6f,
+	0x35, 0x0b, 0xb9, 0xad, 0x01, 0x18, 0x3c, 0xd0, 0x1a, 0xbd, 0x03, 0xf3, 0x35, 0x62, 0x97, 0x8d,
+	0x52, 0x8d, 0x6c, 0x13, 0x6a, 0x12, 0xdb, 0xcb, 0xa5, 0x04, 0xe1, 0x62, 0xab, 0x59, 0x98, 0xdf,
+	0x88, 0xab, 0x70, 0x37, 0x56, 0xbd, 0x0d, 0xcb, 0x1f, 0xd4, 0x9c, 0xfd, 0x8b, 0x16, 0xf3, 0x2c,
+	0xbb, 0xe2, 0x5b, 0xac, 0x4a, 0xe8, 0x26, 0xf1, 0xaa, 0x4e, 0x19, 0xbd, 0x07, 0x69, 0xef, 0xc0,
+	0x25, 0xe2, 0x7c, 0x59, 0xfd, 0xf8, 0xc3, 0x66, 0x61, 0xac, 0xd5, 0x2c, 0xa4, 0x6f, 0x1c, 0xb8,
+	0xe4, 0x69, 0xb3, 0x70, 0x64, 0x80, 0x19, 0x57, 0x63, 0x61, 0xa8, 0x7e, 0x93, 0x02, 0xe0, 0xa8,
+	0x1d, 0x11, 0x38, 0x74, 0x17, 0xa6, 0xf8, 0x63, 0x95, 0x0d, 0xcf, 0x10, 0x9c, 0xd3, 0x67, 0x4e,
+	0x69, 0x51, 0xa6, 0x84, 0x31, 0xd7, 0xdc, 0xbd, 0x0a, 0x17, 0x30, 0x8d, 0xa3, 0xb5, 0xc6, 0x69,
+	0xed, 0x5a, 0xe9, 0x1e, 0x31, 0xbd, 0x4d, 0xe2, 0x19, 0x3a, 0x92, 0xa7, 0x80, 0x48, 0x86, 0x43,
+	0x56, 0xb4, 0x0d, 0x69, 0xe6, 0x12, 0x53, 0x04, 0x60, 0xfa, 0x8c, 0xa6, 0x0d, 0xcf, 0x43, 0x2d,
+	0x3a, 0xdb, 0x8e, 0x4b, 0x4c, 0x7d, 0xa6, 0x7d, 0x43, 0xfe, 0x85, 0x05, 0x13, 0xba, 0x05, 0x13,
+	0xcc, 0x33, 0x3c, 0x9f, 0xe5, 0xc6, 0x7b, 0x4e, 0x9c, 0xc4, 0x29, 0xec, 0xf4, 0x39, 0xc9, 0x3a,
+	0x11, 0x7c, 0x63, 0xc9, 0xa7, 0x3e, 0x4e, 0xc1, 0x62, 0x04, 0x5e, 0x77, 0xec, 0xb2, 0x25, 0x32,
+	0xe5, 0xed, 0x58, 0xd4, 0x8f, 0x75, 0x45, 0x7d, 0xb9, 0x8f, 0x49, 0x14, 0x71, 0xf4, 0x66, 0x78,
+	0xdc, 0x94, 0x30, 0x3f, 0x1a, 0x77, 0xfe, 0xb4, 0x59, 0x98, 0x0f, 0xcd, 0xe2, 0xe7, 0x41, 0x0d,
+	0x40, 0x35, 0x83, 0x79, 0x37, 0xa8, 0x61, 0xb3, 0x80, 0xd6, 0xaa, 0x13, 0x79, 0xeb, 0xd7, 0x46,
+	0x7b, 0x27, 0x6e, 0xa1, 0xaf, 0x48, 0x97, 0x68, 0xa3, 0x87, 0x0d, 0xf7, 0xf1, 0x80, 0x5e, 0x86,
+	0x09, 0x4a, 0x0c, 0xe6, 0xd8, 0xb9, 0xb4, 0x38, 0x72, 0x18, 0x2f, 0x2c, 0xa4, 0x58, 0x6a, 0xd1,
+	0xab, 0x30, 0x59, 0x27, 0x8c, 0x19, 0x15, 0x92, 0xcb, 0x08, 0xe0, 0xbc, 0x04, 0x4e, 0x6e, 0x06,
+	0x62, 0xdc, 0xd6, 0xab, 0x3f, 0x2b, 0x30, 0x17, 0xc5, 0x69, 0xc3, 0x62, 0x1e, 0xba, 0xd3, 0x93,
+	0x7b, 0xda, 0x68, 0x77, 0xe2, 0xd6, 0x22, 0xf3, 0x16, 0xa4, 0xbb, 0xa9, 0xb6, 0xa4, 0x23, 0xef,
+	0xae, 0x41, 0xc6, 0xf2, 0x48, 0x9d, 0x47, 0x7d, 0xbc, 0x2b, 0x5c, 0x09, 0x49, 0xa2, 0xcf, 0x4a,
+	0xda, 0xcc, 0x15, 0x4e, 0x80, 0x03, 0x1e, 0xf5, 0xcf, 0xf1, 0xce, 0x1b, 0xf0, 0x7c, 0x44, 0xdf,
+	0x2b, 0xb0, 0xe2, 0x0e, 0x6c, 0x30, 0xf2, 0x52, 0xeb, 0x49, 0x9e, 0x07, 0xb7, 0x28, 0x4c, 0x76,
+	0x09, 0xef, 0x2b, 0x44, 0x57, 0xe5, 0x91, 0x56, 0x86, 0x80, 0x87, 0x1c, 0x05, 0x7d, 0x04, 0xa8,
+	0x6e, 0x78, 0x3c, 0xa2, 0x95, 0x6d, 0x4a, 0x4c, 0x52, 0xe6, 0xac, 0xb2, 0x29, 0x85, 0xd9, 0xb1,
+	0xd9, 0x83, 0xc0, 0x7d, 0xac, 0xd0, 0x57, 0x0a, 0x2c, 0x96, 0x7b, 0x9b, 0x8c, 0xcc, 0xcb, 0xf3,
+	0xa3, 0x04, 0xba, 0x4f, 0x8f, 0xd2, 0x97, 0x5b, 0xcd, 0xc2, 0x62, 0x1f, 0x05, 0xee, 0xe7, 0x0c,
+	0xdd, 0x81, 0x0c, 0xf5, 0x6b, 0x84, 0xe5, 0xd2, 0xe2, 0x79, 0x13, 0xbd, 0x6e, 0x3b, 0x35, 0xcb,
+	0x3c, 0xc0, 0xdc, 0xe4, 0x13, 0xcb, 0xab, 0xee, 0xf8, 0xa2, 0x57, 0xb1, 0xe8, 0xad, 0x85, 0x0a,
+	0x07, 0xa4, 0xea, 0x03, 0x58, 0xe8, 0x6e, 0x1a, 0xa8, 0x02, 0x60, 0xb6, 0xeb, 0x94, 0x0f, 0x08,
+	0xee, 0xf6, 0xf5, 0xd1, 0xb3, 0x2a, 0xac, 0xf1, 0xa8, 0x5f, 0x86, 0x22, 0x86, 0x3b, 0xa8, 0xd5,
+	0x53, 0x30, 0x73, 0x99, 0x3a, 0xbe, 0x2b, 0xcf, 0x88, 0x56, 0x21, 0x6d, 0x1b, 0xf5, 0x76, 0xf7,
+	0x09, 0x3b, 0xe2, 0x96, 0x51, 0x27, 0x58, 0x68, 0xd4, 0xef, 0x14, 0x98, 0xdd, 0xb0, 0xea, 0x96,
+	0x87, 0x09, 0x73, 0x1d, 0x9b, 0x11, 0x74, 0x2e, 0xd6, 0xb1, 0x8e, 0x76, 0x75, 0xac, 0x43, 0x31,
+	0x70, 0x47, 0xaf, 0xfa, 0x14, 0x26, 0xef, 0xfb, 0xc4, 0xb7, 0xec, 0x8a, 0xec, 0xd7, 0x67, 0x93,
+	0x2e, 0x78, 0x3d, 0x80, 0xc7, 0xb2, 0x4d, 0x9f, 0xe6, 0x2d, 0x40, 0x6a, 0x70, 0x9b, 0x51, 0xfd,
+	0x27, 0x05, 0x47, 0x85, 0x63, 0x52, 0x1e, 0x32, 0x95, 0xef, 0x40, 0xce, 0x60, 0xcc, 0xa7, 0xa4,
+	0x3c, 0x68, 0x2a, 0xaf, 0xca, 0xdb, 0xe4, 0xd6, 0x06, 0xe0, 0xf0, 0x40, 0x06, 0x74, 0x0f, 0x66,
+	0x6b, 0x9d, 0x77, 0x97, 0xd7, 0x3c, 0x99, 0x74, 0xcd, 0x58, 0xc0, 0xf4, 0x25, 0x79, 0x82, 0x78,
+	0xd0, 0x71, 0x9c, 0xba, 0xdf, 0x16, 0x30, 0x3e, 0xfa, 0x16, 0x80, 0xae, 0xc1, 0x52, 0xc9, 0xa1,
+	0xd4, 0xd9, 0xb7, 0xec, 0x8a, 0xf0, 0xd3, 0x26, 0x49, 0x0b, 0x92, 0xff, 0xb5, 0x9a, 0x85, 0x25,
+	0xbd, 0x1f, 0x00, 0xf7, 0xb7, 0x53, 0xf7, 0x61, 0x69, 0x8b, 0xf7, 0x14, 0xe6, 0xf8, 0xd4, 0x24,
+	0x51, 0x41, 0xa0, 0x02, 0x64, 0x1a, 0x84, 0x96, 0x82, 0xa4, 0xce, 0xea, 0x59, 0x5e, 0x0e, 0x1f,
+	0x73, 0x01, 0x0e, 0xe4, 0xfc, 0x26, 0x76, 0x64, 0x79, 0x13, 0x6f, 0xb0, 0xdc, 0x84, 0x80, 0x8a,
+	0x9b, 0x6c, 0xc5, 0x55, 0xb8, 0x1b, 0xab, 0x36, 0x53, 0xb0, 0x3c, 0xa0, 0xfe, 0xd0, 0x4d, 0x98,
+	0x62, 0xf2, 0x6f, 0x59, 0x53, 0xc7, 0x92, 0xde, 0x42, 0xda, 0x46, 0xdd, 0xbf, 0x4d, 0x86, 0x43,
+	0x2a, 0xe4, 0xc0, 0x2c, 0x95, 0x47, 0x10, 0x3e, 0xe5, 0x14, 0x38, 0x93, 0xc4, 0xdd, 0x1b, 0x9d,
+	0xe8, 0xb1, 0x71, 0x27, 0x21, 0x8e, 0xf3, 0xa3, 0x07, 0xb0, 0xd0, 0x71, 0xed, 0xc0, 0xe7, 0xb8,
+	0xf0, 0x79, 0x2e, 0xc9, 0x67, 0xdf, 0x47, 0xd1, 0x73, 0xd2, 0xed, 0xc2, 0x56, 0x17, 0x2d, 0xee,
+	0x71, 0xa4, 0xfe, 0x9a, 0x82, 0x21, 0x83, 0xe1, 0x05, 0x2c, 0x79, 0x77, 0x63, 0x4b, 0xde, 0xbb,
+	0xcf, 0x3e, 0xf1, 0x06, 0x2e, 0x7d, 0xd5, 0xae, 0xa5, 0xef, 0xfd, 0xe7, 0xf0, 0x31, 0x7c, 0x09,
+	0xfc, 0x2b, 0x05, 0x2f, 0x0d, 0x36, 0x8e, 0x96, 0xc2, 0xab, 0xb1, 0x16, 0x7b, 0xbe, 0xab, 0xc5,
+	0x1e, 0x1b, 0x81, 0xe2, 0xbf, 0x25, 0xb1, 0x6b, 0x49, 0xfc, 0x4d, 0x81, 0xfc, 0xe0, 0xb8, 0xbd,
+	0x80, 0xa5, 0xf1, 0xb3, 0xf8, 0xd2, 0xf8, 0xd6, 0xb3, 0x27, 0xd9, 0x80, 0x25, 0xf2, 0xf2, 0xb0,
+	0xdc, 0x0a, 0xd7, 0xbd, 0x11, 0x46, 0xfe, 0x0f, 0xa9, 0x61, 0xa1, 0x12, 0xdb, 0x69, 0xc2, 0xaf,
+	0x96, 0x98, 0xf5, 0x25, 0x9b, 0x8f, 0x9e, 0x3a, 0x9f, 0x1e, 0x41, 0x42, 0x56, 0x61, 0xb2, 0x16,
+	0xcc, 0x6a, 0x59, 0xd4, 0x6b, 0x23, 0x8d, 0xc8, 0x61, 0xa3, 0x3d, 0x58, 0x0b, 0x24, 0x0c, 0xb7,
+	0xe9, 0x51, 0x19, 0x26, 0x88, 0xf8, 0xa9, 0x3e, 0x6a, 0x65, 0x27, 0xfd, 0xb0, 0xd7, 0x81, 0x67,
+	0x61, 0x80, 0xc2, 0x92, 0x5b, 0xfd, 0x56, 0x81, 0xd5, 0xa4, 0x96, 0x80, 0xf6, 0xfb, 0xac, 0x78,
+	0xcf, 0xb1, 0xbe, 0x8f, 0xbe, 0xf2, 0xfd, 0xa8, 0xc0, 0xe1, 0x7e, 0x9b, 0x14, 0x2f, 0x32, 0xbe,
+	0x3e, 0x85, 0xbb, 0x4f, 0x58, 0x64, 0xd7, 0x85, 0x14, 0x4b, 0x2d, 0x3a, 0x01, 0x53, 0x55, 0xc3,
+	0x2e, 0xef, 0x58, 0x5f, 0xb4, 0xb7, 0xfa, 0x30, 0xcd, 0x3f, 0x94, 0x72, 0x1c, 0x22, 0xd0, 0x45,
+	0x58, 0x10, 0x76, 0x1b, 0xc4, 0xae, 0x78, 0x55, 0xf1, 0x22, 0x72, 0x35, 0x09, 0xa7, 0xce, 0xf5,
+	0x2e, 0x3d, 0xee, 0xb1, 0x50, 0xff, 0x56, 0x00, 0x3d, 0xcb, 0x36, 0x71, 0x1c, 0xb2, 0x86, 0x6b,
+	0x89, 0x15, 0x37, 0x28, 0xb4, 0xac, 0x3e, 0xdb, 0x6a, 0x16, 0xb2, 0x6b, 0xdb, 0x57, 0x02, 0x21,
+	0x8e, 0xf4, 0x1c, 0xdc, 0x1e, 0xb4, 0xc1, 0x40, 0x95, 0xe0, 0xb6, 0x63, 0x86, 0x23, 0x3d, 0xba,
+	0x00, 0x33, 0x66, 0xcd, 0x67, 0x1e, 0xa1, 0x3b, 0xa6, 0xe3, 0x12, 0xd1, 0x98, 0xa6, 0xf4, 0xc3,
+	0xf2, 0x4e, 0x33, 0xeb, 0x1d, 0x3a, 0x1c, 0x43, 0x22, 0x0d, 0x80, 0x97, 0x15, 0x73, 0x0d, 0xee,
+	0x27, 0x23, 0xfc, 0xcc, 0xf1, 0x07, 0xdb, 0x0a, 0xa5, 0xb8, 0x03, 0xa1, 0xde, 0x83, 0xa5, 0x1d,
+	0x42, 0x1b, 0x96, 0x49, 0xd6, 0x4c, 0xd3, 0xf1, 0x6d, 0xaf, 0xbd, 0xac, 0x17, 0x21, 0x1b, 0xc2,
+	0x64, 0xe5, 0x1d, 0x92, 0xfe, 0xb3, 0x21, 0x17, 0x8e, 0x30, 0x61, 0xa9, 0xa7, 0x06, 0x96, 0xfa,
+	0x2f, 0x29, 0x98, 0x8c, 0xe8, 0xd3, 0x7b, 0x96, 0x5d, 0x96, 0xcc, 0x47, 0xda, 0xe8, 0xab, 0x96,
+	0x5d, 0x7e, 0xda, 0x2c, 0x4c, 0x4b, 0x18, 0xff, 0xc4, 0x02, 0x88, 0xae, 0x40, 0xda, 0x67, 0x84,
+	0xca, 0x22, 0x3e, 0x9e, 0x94, 0xcc, 0x37, 0x19, 0xa1, 0xed, 0xfd, 0x6a, 0x8a, 0x33, 0x73, 0x01,
+	0x16, 0x14, 0x68, 0x13, 0x32, 0x15, 0xfe, 0x28, 0xb2, 0x4e, 0x4f, 0x24, 0x71, 0x75, 0xfe, 0x88,
+	0x09, 0xd2, 0x40, 0x48, 0x70, 0xc0, 0x82, 0xee, 0xc3, 0x1c, 0x8b, 0x85, 0x50, 0x3c, 0xd7, 0x08,
+	0xfb, 0x52, 0xdf, 0xc0, 0xeb, 0xa8, 0xd5, 0x2c, 0xcc, 0xc5, 0x55, 0xb8, 0xcb, 0x81, 0x5a, 0x84,
+	0xe9, 0x8e, 0x0b, 0x26, 0x77, 0x59, 0xfd, 0xe2, 0xc3, 0x27, 0xf9, 0xb1, 0x47, 0x4f, 0xf2, 0x63,
+	0x8f, 0x9f, 0xe4, 0xc7, 0xbe, 0x6c, 0xe5, 0x95, 0x87, 0xad, 0xbc, 0xf2, 0xa8, 0x95, 0x57, 0x1e,
+	0xb7, 0xf2, 0xca, 0xef, 0xad, 0xbc, 0xf2, 0xf5, 0x1f, 0xf9, 0xb1, 0xdb, 0xf9, 0xe1, 0xff, 0x8b,
+	0xfd, 0x37, 0x00, 0x00, 0xff, 0xff, 0x3a, 0xda, 0x82, 0x48, 0xc5, 0x15, 0x00, 0x00,
+}
+
+func (m *ExemptPriorityLevelConfiguration) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *ExemptPriorityLevelConfiguration) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ExemptPriorityLevelConfiguration) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.LendablePercent != nil {
+		i = encodeVarintGenerated(dAtA, i, uint64(*m.LendablePercent))
+		i--
+		dAtA[i] = 0x10
+	}
+	if m.NominalConcurrencyShares != nil {
+		i = encodeVarintGenerated(dAtA, i, uint64(*m.NominalConcurrencyShares))
+		i--
+		dAtA[i] = 0x8
+	}
+	return len(dAtA) - i, nil
 }
 
 func (m *FlowDistinguisherMethod) Marshal() (dAtA []byte, err error) {
@@ -1491,6 +1556,18 @@ func (m *PriorityLevelConfigurationSpec) MarshalToSizedBuffer(dAtA []byte) (int,
 	_ = i
 	var l int
 	_ = l
+	if m.Exempt != nil {
+		{
+			size, err := m.Exempt.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintGenerated(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x1a
+	}
 	if m.Limited != nil {
 		{
 			size, err := m.Limited.MarshalToSizedBuffer(dAtA[:i])
@@ -1783,6 +1860,21 @@ func encodeVarintGenerated(dAtA []byte, offset int, v uint64) int {
 	dAtA[offset] = uint8(v)
 	return base
 }
+func (m *ExemptPriorityLevelConfiguration) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.NominalConcurrencyShares != nil {
+		n += 1 + sovGenerated(uint64(*m.NominalConcurrencyShares))
+	}
+	if m.LendablePercent != nil {
+		n += 1 + sovGenerated(uint64(*m.LendablePercent))
+	}
+	return n
+}
+
 func (m *FlowDistinguisherMethod) Size() (n int) {
 	if m == nil {
 		return 0
@@ -2048,6 +2140,10 @@ func (m *PriorityLevelConfigurationSpec) Size() (n int) {
 		l = m.Limited.Size()
 		n += 1 + l + sovGenerated(uint64(l))
 	}
+	if m.Exempt != nil {
+		l = m.Exempt.Size()
+		n += 1 + l + sovGenerated(uint64(l))
+	}
 	return n
 }
 
@@ -2165,6 +2261,17 @@ func sovGenerated(x uint64) (n int) {
 func sozGenerated(x uint64) (n int) {
 	return sovGenerated(uint64((x << 1) ^ uint64((int64(x) >> 63))))
 }
+func (this *ExemptPriorityLevelConfiguration) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&ExemptPriorityLevelConfiguration{`,
+		`NominalConcurrencyShares:` + valueToStringGenerated(this.NominalConcurrencyShares) + `,`,
+		`LendablePercent:` + valueToStringGenerated(this.LendablePercent) + `,`,
+		`}`,
+	}, "")
+	return s
+}
 func (this *FlowDistinguisherMethod) String() string {
 	if this == nil {
 		return "nil"
@@ -2381,6 +2488,7 @@ func (this *PriorityLevelConfigurationSpec) String() string {
 	s := strings.Join([]string{`&PriorityLevelConfigurationSpec{`,
 		`Type:` + fmt.Sprintf("%v", this.Type) + `,`,
 		`Limited:` + strings.Replace(this.Limited.String(), "LimitedPriorityLevelConfiguration", "LimitedPriorityLevelConfiguration", 1) + `,`,
+		`Exempt:` + strings.Replace(this.Exempt.String(), "ExemptPriorityLevelConfiguration", "ExemptPriorityLevelConfiguration", 1) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -2468,6 +2576,96 @@ func valueToStringGenerated(v interface{}) string {
 	pv := reflect.Indirect(rv).Interface()
 	return fmt.Sprintf("*%v", pv)
 }
+func (m *ExemptPriorityLevelConfiguration) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowGenerated
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: ExemptPriorityLevelConfiguration: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: ExemptPriorityLevelConfiguration: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field NominalConcurrencyShares", wireType)
+			}
+			var v int32
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				v |= int32(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			m.NominalConcurrencyShares = &v
+		case 2:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field LendablePercent", wireType)
+			}
+			var v int32
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				v |= int32(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			m.LendablePercent = &v
+		default:
+			iNdEx = preIndex
+			skippy, err := skipGenerated(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
 func (m *FlowDistinguisherMethod) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
@@ -4547,6 +4745,42 @@ func (m *PriorityLevelConfigurationSpec) Unmarshal(dAtA []byte) error {
 				return err
 			}
 			iNdEx = postIndex
+		case 3:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Exempt", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.Exempt == nil {
+				m.Exempt = &ExemptPriorityLevelConfiguration{}
+			}
+			if err := m.Exempt.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
 			skippy, err := skipGenerated(dAtA[iNdEx:])
diff --git a/vendor/k8s.io/api/flowcontrol/v1beta1/generated.proto b/vendor/k8s.io/api/flowcontrol/v1beta1/generated.proto
index 98bfabe9c..96df0ace7 100644
--- a/vendor/k8s.io/api/flowcontrol/v1beta1/generated.proto
+++ b/vendor/k8s.io/api/flowcontrol/v1beta1/generated.proto
@@ -28,6 +28,40 @@ import "k8s.io/apimachinery/pkg/runtime/schema/generated.proto";
 // Package-wide variables from generator "generated".
 option go_package = "k8s.io/api/flowcontrol/v1beta1";
 
+// ExemptPriorityLevelConfiguration describes the configurable aspects
+// of the handling of exempt requests.
+// In the mandatory exempt configuration object the values in the fields
+// here can be modified by authorized users, unlike the rest of the `spec`.
+message ExemptPriorityLevelConfiguration {
+  // `nominalConcurrencyShares` (NCS) contributes to the computation of the
+  // NominalConcurrencyLimit (NominalCL) of this level.
+  // This is the number of execution seats nominally reserved for this priority level.
+  // This DOES NOT limit the dispatching from this priority level
+  // but affects the other priority levels through the borrowing mechanism.
+  // The server's concurrency limit (ServerCL) is divided among all the
+  // priority levels in proportion to their NCS values:
+  //
+  // NominalCL(i)  = ceil( ServerCL * NCS(i) / sum_ncs )
+  // sum_ncs = sum[priority level k] NCS(k)
+  //
+  // Bigger numbers mean a larger nominal concurrency limit,
+  // at the expense of every other priority level.
+  // This field has a default value of zero.
+  // +optional
+  optional int32 nominalConcurrencyShares = 1;
+
+  // `lendablePercent` prescribes the fraction of the level's NominalCL that
+  // can be borrowed by other priority levels.  This value of this
+  // field must be between 0 and 100, inclusive, and it defaults to 0.
+  // The number of seats that other levels can borrow from this level, known
+  // as this level's LendableConcurrencyLimit (LendableCL), is defined as follows.
+  //
+  // LendableCL(i) = round( NominalCL(i) * lendablePercent(i)/100.0 )
+  //
+  // +optional
+  optional int32 lendablePercent = 2;
+}
+
 // FlowDistinguisherMethod specifies the method of a flow distinguisher.
 message FlowDistinguisherMethod {
   // `type` is the type of flow distinguisher method
@@ -332,6 +366,14 @@ message PriorityLevelConfigurationSpec {
   // This field must be non-empty if and only if `type` is `"Limited"`.
   // +optional
   optional LimitedPriorityLevelConfiguration limited = 2;
+
+  // `exempt` specifies how requests are handled for an exempt priority level.
+  // This field MUST be empty if `type` is `"Limited"`.
+  // This field MAY be non-empty if `type` is `"Exempt"`.
+  // If empty and `type` is `"Exempt"` then the default values
+  // for `ExemptPriorityLevelConfiguration` apply.
+  // +optional
+  optional ExemptPriorityLevelConfiguration exempt = 3;
 }
 
 // PriorityLevelConfigurationStatus represents the current state of a "request-priority".
diff --git a/vendor/k8s.io/api/flowcontrol/v1beta1/types.go b/vendor/k8s.io/api/flowcontrol/v1beta1/types.go
index c3b7f607a..9e05ff1a0 100644
--- a/vendor/k8s.io/api/flowcontrol/v1beta1/types.go
+++ b/vendor/k8s.io/api/flowcontrol/v1beta1/types.go
@@ -77,7 +77,9 @@ const (
 	//   is a boolean false or has an invalid boolean representation
 	//   (if the cluster operator sets it to 'false' it will be stomped)
 	// - any changes to the spec made by the cluster operator will be
-	//   stomped.
+	//   stomped, except for changes to the `nominalConcurrencyShares`
+	//   and `lendablePercent` fields of the PriorityLevelConfiguration
+	//   named "exempt".
 	//
 	// The kube-apiserver will apply updates on the suggested configuration if:
 	// - the cluster operator has enabled auto-update by setting the annotation
@@ -435,6 +437,14 @@ type PriorityLevelConfigurationSpec struct {
 	// This field must be non-empty if and only if `type` is `"Limited"`.
 	// +optional
 	Limited *LimitedPriorityLevelConfiguration `json:"limited,omitempty" protobuf:"bytes,2,opt,name=limited"`
+
+	// `exempt` specifies how requests are handled for an exempt priority level.
+	// This field MUST be empty if `type` is `"Limited"`.
+	// This field MAY be non-empty if `type` is `"Exempt"`.
+	// If empty and `type` is `"Exempt"` then the default values
+	// for `ExemptPriorityLevelConfiguration` apply.
+	// +optional
+	Exempt *ExemptPriorityLevelConfiguration `json:"exempt,omitempty" protobuf:"bytes,3,opt,name=exempt"`
 }
 
 // PriorityLevelEnablement indicates whether limits on execution are enabled for the priority level
@@ -505,6 +515,43 @@ type LimitedPriorityLevelConfiguration struct {
 	BorrowingLimitPercent *int32 `json:"borrowingLimitPercent,omitempty" protobuf:"varint,4,opt,name=borrowingLimitPercent"`
 }
 
+// ExemptPriorityLevelConfiguration describes the configurable aspects
+// of the handling of exempt requests.
+// In the mandatory exempt configuration object the values in the fields
+// here can be modified by authorized users, unlike the rest of the `spec`.
+type ExemptPriorityLevelConfiguration struct {
+	// `nominalConcurrencyShares` (NCS) contributes to the computation of the
+	// NominalConcurrencyLimit (NominalCL) of this level.
+	// This is the number of execution seats nominally reserved for this priority level.
+	// This DOES NOT limit the dispatching from this priority level
+	// but affects the other priority levels through the borrowing mechanism.
+	// The server's concurrency limit (ServerCL) is divided among all the
+	// priority levels in proportion to their NCS values:
+	//
+	// NominalCL(i)  = ceil( ServerCL * NCS(i) / sum_ncs )
+	// sum_ncs = sum[priority level k] NCS(k)
+	//
+	// Bigger numbers mean a larger nominal concurrency limit,
+	// at the expense of every other priority level.
+	// This field has a default value of zero.
+	// +optional
+	NominalConcurrencyShares *int32 `json:"nominalConcurrencyShares,omitempty" protobuf:"varint,1,opt,name=nominalConcurrencyShares"`
+	// `lendablePercent` prescribes the fraction of the level's NominalCL that
+	// can be borrowed by other priority levels.  This value of this
+	// field must be between 0 and 100, inclusive, and it defaults to 0.
+	// The number of seats that other levels can borrow from this level, known
+	// as this level's LendableConcurrencyLimit (LendableCL), is defined as follows.
+	//
+	// LendableCL(i) = round( NominalCL(i) * lendablePercent(i)/100.0 )
+	//
+	// +optional
+	LendablePercent *int32 `json:"lendablePercent,omitempty" protobuf:"varint,2,opt,name=lendablePercent"`
+	// The `BorrowingCL` of an Exempt priority level is implicitly `ServerCL`.
+	// In other words, an exempt priority level
+	// has no meaningful limit on how much it borrows.
+	// There is no explicit representation of that here.
+}
+
 // LimitResponse defines how to handle requests that can not be executed right now.
 // +union
 type LimitResponse struct {
diff --git a/vendor/k8s.io/api/flowcontrol/v1beta1/types_swagger_doc_generated.go b/vendor/k8s.io/api/flowcontrol/v1beta1/types_swagger_doc_generated.go
index fc08e128d..1405f3c3c 100644
--- a/vendor/k8s.io/api/flowcontrol/v1beta1/types_swagger_doc_generated.go
+++ b/vendor/k8s.io/api/flowcontrol/v1beta1/types_swagger_doc_generated.go
@@ -27,6 +27,16 @@ package v1beta1
 // Those methods can be generated by using hack/update-codegen.sh
 
 // AUTO-GENERATED FUNCTIONS START HERE. DO NOT EDIT.
+var map_ExemptPriorityLevelConfiguration = map[string]string{
+	"":                         "ExemptPriorityLevelConfiguration describes the configurable aspects of the handling of exempt requests. In the mandatory exempt configuration object the values in the fields here can be modified by authorized users, unlike the rest of the `spec`.",
+	"nominalConcurrencyShares": "`nominalConcurrencyShares` (NCS) contributes to the computation of the NominalConcurrencyLimit (NominalCL) of this level. This is the number of execution seats nominally reserved for this priority level. This DOES NOT limit the dispatching from this priority level but affects the other priority levels through the borrowing mechanism. The server's concurrency limit (ServerCL) is divided among all the priority levels in proportion to their NCS values:\n\nNominalCL(i)  = ceil( ServerCL * NCS(i) / sum_ncs ) sum_ncs = sum[priority level k] NCS(k)\n\nBigger numbers mean a larger nominal concurrency limit, at the expense of every other priority level. This field has a default value of zero.",
+	"lendablePercent":          "`lendablePercent` prescribes the fraction of the level's NominalCL that can be borrowed by other priority levels.  This value of this field must be between 0 and 100, inclusive, and it defaults to 0. The number of seats that other levels can borrow from this level, known as this level's LendableConcurrencyLimit (LendableCL), is defined as follows.\n\nLendableCL(i) = round( NominalCL(i) * lendablePercent(i)/100.0 )",
+}
+
+func (ExemptPriorityLevelConfiguration) SwaggerDoc() map[string]string {
+	return map_ExemptPriorityLevelConfiguration
+}
+
 var map_FlowDistinguisherMethod = map[string]string{
 	"":     "FlowDistinguisherMethod specifies the method of a flow distinguisher.",
 	"type": "`type` is the type of flow distinguisher method The supported types are \"ByUser\" and \"ByNamespace\". Required.",
@@ -190,6 +200,7 @@ var map_PriorityLevelConfigurationSpec = map[string]string{
 	"":        "PriorityLevelConfigurationSpec specifies the configuration of a priority level.",
 	"type":    "`type` indicates whether this priority level is subject to limitation on request execution.  A value of `\"Exempt\"` means that requests of this priority level are not subject to a limit (and thus are never queued) and do not detract from the capacity made available to other priority levels.  A value of `\"Limited\"` means that (a) requests of this priority level _are_ subject to limits and (b) some of the server's limited capacity is made available exclusively to this priority level. Required.",
 	"limited": "`limited` specifies how requests are handled for a Limited priority level. This field must be non-empty if and only if `type` is `\"Limited\"`.",
+	"exempt":  "`exempt` specifies how requests are handled for an exempt priority level. This field MUST be empty if `type` is `\"Limited\"`. This field MAY be non-empty if `type` is `\"Exempt\"`. If empty and `type` is `\"Exempt\"` then the default values for `ExemptPriorityLevelConfiguration` apply.",
 }
 
 func (PriorityLevelConfigurationSpec) SwaggerDoc() map[string]string {
diff --git a/vendor/k8s.io/api/flowcontrol/v1beta1/zz_generated.deepcopy.go b/vendor/k8s.io/api/flowcontrol/v1beta1/zz_generated.deepcopy.go
index 027c3057f..965d5e55a 100644
--- a/vendor/k8s.io/api/flowcontrol/v1beta1/zz_generated.deepcopy.go
+++ b/vendor/k8s.io/api/flowcontrol/v1beta1/zz_generated.deepcopy.go
@@ -25,6 +25,32 @@ import (
 	runtime "k8s.io/apimachinery/pkg/runtime"
 )
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ExemptPriorityLevelConfiguration) DeepCopyInto(out *ExemptPriorityLevelConfiguration) {
+	*out = *in
+	if in.NominalConcurrencyShares != nil {
+		in, out := &in.NominalConcurrencyShares, &out.NominalConcurrencyShares
+		*out = new(int32)
+		**out = **in
+	}
+	if in.LendablePercent != nil {
+		in, out := &in.LendablePercent, &out.LendablePercent
+		*out = new(int32)
+		**out = **in
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExemptPriorityLevelConfiguration.
+func (in *ExemptPriorityLevelConfiguration) DeepCopy() *ExemptPriorityLevelConfiguration {
+	if in == nil {
+		return nil
+	}
+	out := new(ExemptPriorityLevelConfiguration)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *FlowDistinguisherMethod) DeepCopyInto(out *FlowDistinguisherMethod) {
 	*out = *in
@@ -400,6 +426,11 @@ func (in *PriorityLevelConfigurationSpec) DeepCopyInto(out *PriorityLevelConfigu
 		*out = new(LimitedPriorityLevelConfiguration)
 		(*in).DeepCopyInto(*out)
 	}
+	if in.Exempt != nil {
+		in, out := &in.Exempt, &out.Exempt
+		*out = new(ExemptPriorityLevelConfiguration)
+		(*in).DeepCopyInto(*out)
+	}
 	return
 }
 
diff --git a/vendor/k8s.io/api/flowcontrol/v1beta2/generated.pb.go b/vendor/k8s.io/api/flowcontrol/v1beta2/generated.pb.go
index b4c8f958f..7f8ee0850 100644
--- a/vendor/k8s.io/api/flowcontrol/v1beta2/generated.pb.go
+++ b/vendor/k8s.io/api/flowcontrol/v1beta2/generated.pb.go
@@ -43,10 +43,38 @@ var _ = math.Inf
 // proto package needs to be updated.
 const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package
 
+func (m *ExemptPriorityLevelConfiguration) Reset()      { *m = ExemptPriorityLevelConfiguration{} }
+func (*ExemptPriorityLevelConfiguration) ProtoMessage() {}
+func (*ExemptPriorityLevelConfiguration) Descriptor() ([]byte, []int) {
+	return fileDescriptor_ed300aa8e672704e, []int{0}
+}
+func (m *ExemptPriorityLevelConfiguration) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ExemptPriorityLevelConfiguration) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	b = b[:cap(b)]
+	n, err := m.MarshalToSizedBuffer(b)
+	if err != nil {
+		return nil, err
+	}
+	return b[:n], nil
+}
+func (m *ExemptPriorityLevelConfiguration) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ExemptPriorityLevelConfiguration.Merge(m, src)
+}
+func (m *ExemptPriorityLevelConfiguration) XXX_Size() int {
+	return m.Size()
+}
+func (m *ExemptPriorityLevelConfiguration) XXX_DiscardUnknown() {
+	xxx_messageInfo_ExemptPriorityLevelConfiguration.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_ExemptPriorityLevelConfiguration proto.InternalMessageInfo
+
 func (m *FlowDistinguisherMethod) Reset()      { *m = FlowDistinguisherMethod{} }
 func (*FlowDistinguisherMethod) ProtoMessage() {}
 func (*FlowDistinguisherMethod) Descriptor() ([]byte, []int) {
-	return fileDescriptor_ed300aa8e672704e, []int{0}
+	return fileDescriptor_ed300aa8e672704e, []int{1}
 }
 func (m *FlowDistinguisherMethod) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -74,7 +102,7 @@ var xxx_messageInfo_FlowDistinguisherMethod proto.InternalMessageInfo
 func (m *FlowSchema) Reset()      { *m = FlowSchema{} }
 func (*FlowSchema) ProtoMessage() {}
 func (*FlowSchema) Descriptor() ([]byte, []int) {
-	return fileDescriptor_ed300aa8e672704e, []int{1}
+	return fileDescriptor_ed300aa8e672704e, []int{2}
 }
 func (m *FlowSchema) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -102,7 +130,7 @@ var xxx_messageInfo_FlowSchema proto.InternalMessageInfo
 func (m *FlowSchemaCondition) Reset()      { *m = FlowSchemaCondition{} }
 func (*FlowSchemaCondition) ProtoMessage() {}
 func (*FlowSchemaCondition) Descriptor() ([]byte, []int) {
-	return fileDescriptor_ed300aa8e672704e, []int{2}
+	return fileDescriptor_ed300aa8e672704e, []int{3}
 }
 func (m *FlowSchemaCondition) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -130,7 +158,7 @@ var xxx_messageInfo_FlowSchemaCondition proto.InternalMessageInfo
 func (m *FlowSchemaList) Reset()      { *m = FlowSchemaList{} }
 func (*FlowSchemaList) ProtoMessage() {}
 func (*FlowSchemaList) Descriptor() ([]byte, []int) {
-	return fileDescriptor_ed300aa8e672704e, []int{3}
+	return fileDescriptor_ed300aa8e672704e, []int{4}
 }
 func (m *FlowSchemaList) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -158,7 +186,7 @@ var xxx_messageInfo_FlowSchemaList proto.InternalMessageInfo
 func (m *FlowSchemaSpec) Reset()      { *m = FlowSchemaSpec{} }
 func (*FlowSchemaSpec) ProtoMessage() {}
 func (*FlowSchemaSpec) Descriptor() ([]byte, []int) {
-	return fileDescriptor_ed300aa8e672704e, []int{4}
+	return fileDescriptor_ed300aa8e672704e, []int{5}
 }
 func (m *FlowSchemaSpec) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -186,7 +214,7 @@ var xxx_messageInfo_FlowSchemaSpec proto.InternalMessageInfo
 func (m *FlowSchemaStatus) Reset()      { *m = FlowSchemaStatus{} }
 func (*FlowSchemaStatus) ProtoMessage() {}
 func (*FlowSchemaStatus) Descriptor() ([]byte, []int) {
-	return fileDescriptor_ed300aa8e672704e, []int{5}
+	return fileDescriptor_ed300aa8e672704e, []int{6}
 }
 func (m *FlowSchemaStatus) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -214,7 +242,7 @@ var xxx_messageInfo_FlowSchemaStatus proto.InternalMessageInfo
 func (m *GroupSubject) Reset()      { *m = GroupSubject{} }
 func (*GroupSubject) ProtoMessage() {}
 func (*GroupSubject) Descriptor() ([]byte, []int) {
-	return fileDescriptor_ed300aa8e672704e, []int{6}
+	return fileDescriptor_ed300aa8e672704e, []int{7}
 }
 func (m *GroupSubject) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -242,7 +270,7 @@ var xxx_messageInfo_GroupSubject proto.InternalMessageInfo
 func (m *LimitResponse) Reset()      { *m = LimitResponse{} }
 func (*LimitResponse) ProtoMessage() {}
 func (*LimitResponse) Descriptor() ([]byte, []int) {
-	return fileDescriptor_ed300aa8e672704e, []int{7}
+	return fileDescriptor_ed300aa8e672704e, []int{8}
 }
 func (m *LimitResponse) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -270,7 +298,7 @@ var xxx_messageInfo_LimitResponse proto.InternalMessageInfo
 func (m *LimitedPriorityLevelConfiguration) Reset()      { *m = LimitedPriorityLevelConfiguration{} }
 func (*LimitedPriorityLevelConfiguration) ProtoMessage() {}
 func (*LimitedPriorityLevelConfiguration) Descriptor() ([]byte, []int) {
-	return fileDescriptor_ed300aa8e672704e, []int{8}
+	return fileDescriptor_ed300aa8e672704e, []int{9}
 }
 func (m *LimitedPriorityLevelConfiguration) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -298,7 +326,7 @@ var xxx_messageInfo_LimitedPriorityLevelConfiguration proto.InternalMessageInfo
 func (m *NonResourcePolicyRule) Reset()      { *m = NonResourcePolicyRule{} }
 func (*NonResourcePolicyRule) ProtoMessage() {}
 func (*NonResourcePolicyRule) Descriptor() ([]byte, []int) {
-	return fileDescriptor_ed300aa8e672704e, []int{9}
+	return fileDescriptor_ed300aa8e672704e, []int{10}
 }
 func (m *NonResourcePolicyRule) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -326,7 +354,7 @@ var xxx_messageInfo_NonResourcePolicyRule proto.InternalMessageInfo
 func (m *PolicyRulesWithSubjects) Reset()      { *m = PolicyRulesWithSubjects{} }
 func (*PolicyRulesWithSubjects) ProtoMessage() {}
 func (*PolicyRulesWithSubjects) Descriptor() ([]byte, []int) {
-	return fileDescriptor_ed300aa8e672704e, []int{10}
+	return fileDescriptor_ed300aa8e672704e, []int{11}
 }
 func (m *PolicyRulesWithSubjects) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -354,7 +382,7 @@ var xxx_messageInfo_PolicyRulesWithSubjects proto.InternalMessageInfo
 func (m *PriorityLevelConfiguration) Reset()      { *m = PriorityLevelConfiguration{} }
 func (*PriorityLevelConfiguration) ProtoMessage() {}
 func (*PriorityLevelConfiguration) Descriptor() ([]byte, []int) {
-	return fileDescriptor_ed300aa8e672704e, []int{11}
+	return fileDescriptor_ed300aa8e672704e, []int{12}
 }
 func (m *PriorityLevelConfiguration) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -382,7 +410,7 @@ var xxx_messageInfo_PriorityLevelConfiguration proto.InternalMessageInfo
 func (m *PriorityLevelConfigurationCondition) Reset()      { *m = PriorityLevelConfigurationCondition{} }
 func (*PriorityLevelConfigurationCondition) ProtoMessage() {}
 func (*PriorityLevelConfigurationCondition) Descriptor() ([]byte, []int) {
-	return fileDescriptor_ed300aa8e672704e, []int{12}
+	return fileDescriptor_ed300aa8e672704e, []int{13}
 }
 func (m *PriorityLevelConfigurationCondition) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -410,7 +438,7 @@ var xxx_messageInfo_PriorityLevelConfigurationCondition proto.InternalMessageInf
 func (m *PriorityLevelConfigurationList) Reset()      { *m = PriorityLevelConfigurationList{} }
 func (*PriorityLevelConfigurationList) ProtoMessage() {}
 func (*PriorityLevelConfigurationList) Descriptor() ([]byte, []int) {
-	return fileDescriptor_ed300aa8e672704e, []int{13}
+	return fileDescriptor_ed300aa8e672704e, []int{14}
 }
 func (m *PriorityLevelConfigurationList) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -438,7 +466,7 @@ var xxx_messageInfo_PriorityLevelConfigurationList proto.InternalMessageInfo
 func (m *PriorityLevelConfigurationReference) Reset()      { *m = PriorityLevelConfigurationReference{} }
 func (*PriorityLevelConfigurationReference) ProtoMessage() {}
 func (*PriorityLevelConfigurationReference) Descriptor() ([]byte, []int) {
-	return fileDescriptor_ed300aa8e672704e, []int{14}
+	return fileDescriptor_ed300aa8e672704e, []int{15}
 }
 func (m *PriorityLevelConfigurationReference) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -466,7 +494,7 @@ var xxx_messageInfo_PriorityLevelConfigurationReference proto.InternalMessageInf
 func (m *PriorityLevelConfigurationSpec) Reset()      { *m = PriorityLevelConfigurationSpec{} }
 func (*PriorityLevelConfigurationSpec) ProtoMessage() {}
 func (*PriorityLevelConfigurationSpec) Descriptor() ([]byte, []int) {
-	return fileDescriptor_ed300aa8e672704e, []int{15}
+	return fileDescriptor_ed300aa8e672704e, []int{16}
 }
 func (m *PriorityLevelConfigurationSpec) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -494,7 +522,7 @@ var xxx_messageInfo_PriorityLevelConfigurationSpec proto.InternalMessageInfo
 func (m *PriorityLevelConfigurationStatus) Reset()      { *m = PriorityLevelConfigurationStatus{} }
 func (*PriorityLevelConfigurationStatus) ProtoMessage() {}
 func (*PriorityLevelConfigurationStatus) Descriptor() ([]byte, []int) {
-	return fileDescriptor_ed300aa8e672704e, []int{16}
+	return fileDescriptor_ed300aa8e672704e, []int{17}
 }
 func (m *PriorityLevelConfigurationStatus) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -522,7 +550,7 @@ var xxx_messageInfo_PriorityLevelConfigurationStatus proto.InternalMessageInfo
 func (m *QueuingConfiguration) Reset()      { *m = QueuingConfiguration{} }
 func (*QueuingConfiguration) ProtoMessage() {}
 func (*QueuingConfiguration) Descriptor() ([]byte, []int) {
-	return fileDescriptor_ed300aa8e672704e, []int{17}
+	return fileDescriptor_ed300aa8e672704e, []int{18}
 }
 func (m *QueuingConfiguration) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -550,7 +578,7 @@ var xxx_messageInfo_QueuingConfiguration proto.InternalMessageInfo
 func (m *ResourcePolicyRule) Reset()      { *m = ResourcePolicyRule{} }
 func (*ResourcePolicyRule) ProtoMessage() {}
 func (*ResourcePolicyRule) Descriptor() ([]byte, []int) {
-	return fileDescriptor_ed300aa8e672704e, []int{18}
+	return fileDescriptor_ed300aa8e672704e, []int{19}
 }
 func (m *ResourcePolicyRule) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -578,7 +606,7 @@ var xxx_messageInfo_ResourcePolicyRule proto.InternalMessageInfo
 func (m *ServiceAccountSubject) Reset()      { *m = ServiceAccountSubject{} }
 func (*ServiceAccountSubject) ProtoMessage() {}
 func (*ServiceAccountSubject) Descriptor() ([]byte, []int) {
-	return fileDescriptor_ed300aa8e672704e, []int{19}
+	return fileDescriptor_ed300aa8e672704e, []int{20}
 }
 func (m *ServiceAccountSubject) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -606,7 +634,7 @@ var xxx_messageInfo_ServiceAccountSubject proto.InternalMessageInfo
 func (m *Subject) Reset()      { *m = Subject{} }
 func (*Subject) ProtoMessage() {}
 func (*Subject) Descriptor() ([]byte, []int) {
-	return fileDescriptor_ed300aa8e672704e, []int{20}
+	return fileDescriptor_ed300aa8e672704e, []int{21}
 }
 func (m *Subject) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -634,7 +662,7 @@ var xxx_messageInfo_Subject proto.InternalMessageInfo
 func (m *UserSubject) Reset()      { *m = UserSubject{} }
 func (*UserSubject) ProtoMessage() {}
 func (*UserSubject) Descriptor() ([]byte, []int) {
-	return fileDescriptor_ed300aa8e672704e, []int{21}
+	return fileDescriptor_ed300aa8e672704e, []int{22}
 }
 func (m *UserSubject) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -660,6 +688,7 @@ func (m *UserSubject) XXX_DiscardUnknown() {
 var xxx_messageInfo_UserSubject proto.InternalMessageInfo
 
 func init() {
+	proto.RegisterType((*ExemptPriorityLevelConfiguration)(nil), "k8s.io.api.flowcontrol.v1beta2.ExemptPriorityLevelConfiguration")
 	proto.RegisterType((*FlowDistinguisherMethod)(nil), "k8s.io.api.flowcontrol.v1beta2.FlowDistinguisherMethod")
 	proto.RegisterType((*FlowSchema)(nil), "k8s.io.api.flowcontrol.v1beta2.FlowSchema")
 	proto.RegisterType((*FlowSchemaCondition)(nil), "k8s.io.api.flowcontrol.v1beta2.FlowSchemaCondition")
@@ -689,105 +718,142 @@ func init() {
 }
 
 var fileDescriptor_ed300aa8e672704e = []byte{
-	// 1554 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xec, 0x58, 0x4f, 0x6f, 0xdb, 0xc6,
-	0x12, 0x37, 0x65, 0xc9, 0xb6, 0xc6, 0x7f, 0xb3, 0x8e, 0x61, 0x3d, 0x07, 0x90, 0x1c, 0x3e, 0xe0,
-	0xe5, 0xbd, 0x97, 0x84, 0x4a, 0xd2, 0xa4, 0x49, 0x5b, 0xf4, 0x8f, 0xe9, 0xb4, 0x69, 0x1a, 0xdb,
-	0x71, 0xd6, 0x49, 0x5b, 0xa4, 0x01, 0x1a, 0x8a, 0x5a, 0x4b, 0x8c, 0x25, 0x92, 0xd9, 0x25, 0x65,
-	0xb8, 0xb9, 0x14, 0xfd, 0x04, 0x3d, 0xb7, 0xc7, 0x1e, 0x7a, 0xef, 0x17, 0xe8, 0xb1, 0x41, 0x4f,
-	0x39, 0xe6, 0xa4, 0x36, 0xea, 0xa9, 0xdf, 0xa0, 0x0d, 0x50, 0xa0, 0xd8, 0xe5, 0x92, 0x14, 0xf5,
-	0x8f, 0x42, 0x02, 0xe4, 0xd4, 0x9b, 0x39, 0xf3, 0x9b, 0xdf, 0xec, 0xcc, 0xce, 0xcc, 0x8e, 0x0c,
-	0xd7, 0x0e, 0xae, 0x30, 0xcd, 0x72, 0xca, 0x07, 0x7e, 0x85, 0x50, 0x9b, 0x78, 0x84, 0x95, 0x5b,
-	0xc4, 0xae, 0x3a, 0xb4, 0x2c, 0x15, 0x86, 0x6b, 0x95, 0xf7, 0x1b, 0xce, 0xa1, 0xe9, 0xd8, 0x1e,
-	0x75, 0x1a, 0xe5, 0xd6, 0xf9, 0x0a, 0xf1, 0x8c, 0x0b, 0xe5, 0x1a, 0xb1, 0x09, 0x35, 0x3c, 0x52,
-	0xd5, 0x5c, 0xea, 0x78, 0x0e, 0x2a, 0x06, 0x78, 0xcd, 0x70, 0x2d, 0xad, 0x0b, 0xaf, 0x49, 0xfc,
-	0xda, 0xd9, 0x9a, 0xe5, 0xd5, 0xfd, 0x8a, 0x66, 0x3a, 0xcd, 0x72, 0xcd, 0xa9, 0x39, 0x65, 0x61,
-	0x56, 0xf1, 0xf7, 0xc5, 0x97, 0xf8, 0x10, 0x7f, 0x05, 0x74, 0x6b, 0x17, 0x63, 0xf7, 0x4d, 0xc3,
-	0xac, 0x5b, 0x36, 0xa1, 0x47, 0x65, 0xf7, 0xa0, 0xc6, 0x05, 0xac, 0xdc, 0x24, 0x9e, 0x51, 0x6e,
-	0x9d, 0xef, 0x3d, 0xc4, 0x5a, 0x79, 0x98, 0x15, 0xf5, 0x6d, 0xcf, 0x6a, 0x92, 0x3e, 0x83, 0xd7,
-	0xd3, 0x0c, 0x98, 0x59, 0x27, 0x4d, 0xa3, 0xd7, 0x4e, 0xbd, 0x0b, 0xab, 0x1f, 0x34, 0x9c, 0xc3,
-	0xab, 0x16, 0xf3, 0x2c, 0xbb, 0xe6, 0x5b, 0xac, 0x4e, 0xe8, 0x36, 0xf1, 0xea, 0x4e, 0x15, 0xbd,
-	0x0b, 0x59, 0xef, 0xc8, 0x25, 0x05, 0x65, 0x5d, 0xf9, 0x6f, 0x5e, 0x3f, 0xfd, 0xb8, 0x5d, 0x9a,
-	0xe8, 0xb4, 0x4b, 0xd9, 0xdb, 0x47, 0x2e, 0x79, 0xde, 0x2e, 0x9d, 0x18, 0x62, 0xc6, 0xd5, 0x58,
-	0x18, 0xaa, 0xdf, 0x64, 0x00, 0x38, 0x6a, 0x4f, 0xb8, 0x46, 0xf7, 0x61, 0x86, 0x87, 0x5b, 0x35,
-	0x3c, 0x43, 0x70, 0xce, 0x5e, 0x38, 0xa7, 0xc5, 0xb9, 0x8e, 0x4e, 0xad, 0xb9, 0x07, 0x35, 0x2e,
-	0x60, 0x1a, 0x47, 0x6b, 0xad, 0xf3, 0xda, 0xcd, 0xca, 0x03, 0x62, 0x7a, 0xdb, 0xc4, 0x33, 0x74,
-	0x24, 0x4f, 0x01, 0xb1, 0x0c, 0x47, 0xac, 0x68, 0x17, 0xb2, 0xcc, 0x25, 0x66, 0x21, 0x23, 0xd8,
-	0x35, 0x6d, 0xf4, 0x4d, 0x6a, 0xf1, 0xd9, 0xf6, 0x5c, 0x62, 0xea, 0x73, 0x61, 0x84, 0xfc, 0x0b,
-	0x0b, 0x26, 0xf4, 0x29, 0x4c, 0x31, 0xcf, 0xf0, 0x7c, 0x56, 0x98, 0xec, 0x3b, 0x71, 0x1a, 0xa7,
-	0xb0, 0xd3, 0x17, 0x24, 0xeb, 0x54, 0xf0, 0x8d, 0x25, 0x9f, 0xfa, 0x34, 0x03, 0xcb, 0x31, 0x78,
-	0xd3, 0xb1, 0xab, 0x96, 0x67, 0x39, 0x36, 0x7a, 0x2b, 0x91, 0xf5, 0x53, 0x3d, 0x59, 0x5f, 0x1d,
-	0x60, 0x12, 0x67, 0x1c, 0xbd, 0x11, 0x1d, 0x37, 0x23, 0xcc, 0x4f, 0x26, 0x9d, 0x3f, 0x6f, 0x97,
-	0x16, 0x23, 0xb3, 0xe4, 0x79, 0x50, 0x0b, 0x50, 0xc3, 0x60, 0xde, 0x6d, 0x6a, 0xd8, 0x2c, 0xa0,
-	0xb5, 0x9a, 0x44, 0x46, 0xfd, 0xff, 0xf1, 0xee, 0x89, 0x5b, 0xe8, 0x6b, 0xd2, 0x25, 0xda, 0xea,
-	0x63, 0xc3, 0x03, 0x3c, 0xa0, 0xff, 0xc0, 0x14, 0x25, 0x06, 0x73, 0xec, 0x42, 0x56, 0x1c, 0x39,
-	0xca, 0x17, 0x16, 0x52, 0x2c, 0xb5, 0xe8, 0x7f, 0x30, 0xdd, 0x24, 0x8c, 0x19, 0x35, 0x52, 0xc8,
-	0x09, 0xe0, 0xa2, 0x04, 0x4e, 0x6f, 0x07, 0x62, 0x1c, 0xea, 0xd5, 0x1f, 0x15, 0x58, 0x88, 0xf3,
-	0xb4, 0x65, 0x31, 0x0f, 0xdd, 0xeb, 0xab, 0x3d, 0x6d, 0xbc, 0x98, 0xb8, 0xb5, 0xa8, 0xbc, 0x25,
-	0xe9, 0x6e, 0x26, 0x94, 0x74, 0xd5, 0xdd, 0x4d, 0xc8, 0x59, 0x1e, 0x69, 0xf2, 0xac, 0x4f, 0xf6,
-	0xa4, 0x2b, 0xa5, 0x48, 0xf4, 0x79, 0x49, 0x9b, 0xbb, 0xce, 0x09, 0x70, 0xc0, 0xa3, 0xfe, 0x3e,
-	0xd9, 0x1d, 0x01, 0xaf, 0x47, 0xf4, 0xbd, 0x02, 0x6b, 0x2e, 0xb5, 0x1c, 0x6a, 0x79, 0x47, 0x5b,
-	0xa4, 0x45, 0x1a, 0x9b, 0x8e, 0xbd, 0x6f, 0xd5, 0x7c, 0x6a, 0xf0, 0x54, 0xca, 0xa0, 0x36, 0xd3,
-	0x3c, 0xef, 0x0e, 0x65, 0xc0, 0x64, 0x9f, 0x50, 0x62, 0x9b, 0x44, 0x57, 0xe5, 0x91, 0xd6, 0x46,
-	0x80, 0x47, 0x1c, 0x05, 0x7d, 0x04, 0xa8, 0x69, 0x78, 0x3c, 0xa3, 0xb5, 0x5d, 0x4a, 0x4c, 0x52,
-	0xe5, 0xac, 0xa2, 0x20, 0x73, 0x71, 0x75, 0x6c, 0xf7, 0x21, 0xf0, 0x00, 0x2b, 0xf4, 0x95, 0x02,
-	0xcb, 0xd5, 0xfe, 0x21, 0x23, 0xeb, 0xf2, 0xf2, 0x38, 0x89, 0x1e, 0x30, 0xa3, 0xf4, 0xd5, 0x4e,
-	0xbb, 0xb4, 0x3c, 0x40, 0x81, 0x07, 0x39, 0x43, 0xf7, 0x20, 0x47, 0xfd, 0x06, 0x61, 0x85, 0xac,
-	0xb8, 0xde, 0x54, 0xaf, 0xbb, 0x4e, 0xc3, 0x32, 0x8f, 0x30, 0x37, 0xf9, 0xc4, 0xf2, 0xea, 0x7b,
-	0xbe, 0x98, 0x55, 0x2c, 0xbe, 0x6b, 0xa1, 0xc2, 0x01, 0xa9, 0xfa, 0x08, 0x96, 0x7a, 0x87, 0x06,
-	0xaa, 0x01, 0x98, 0x61, 0x9f, 0xb2, 0x82, 0x22, 0xdc, 0xbe, 0x36, 0x7e, 0x55, 0x45, 0x3d, 0x1e,
-	0xcf, 0xcb, 0x48, 0xc4, 0x70, 0x17, 0xb5, 0x7a, 0x0e, 0xe6, 0xae, 0x51, 0xc7, 0x77, 0xe5, 0x19,
-	0xd1, 0x3a, 0x64, 0x6d, 0xa3, 0x19, 0x4e, 0x9f, 0x68, 0x22, 0xee, 0x18, 0x4d, 0x82, 0x85, 0x46,
-	0xfd, 0x4e, 0x81, 0xf9, 0x2d, 0xab, 0x69, 0x79, 0x98, 0x30, 0xd7, 0xb1, 0x19, 0x41, 0x97, 0x12,
-	0x13, 0xeb, 0x64, 0xcf, 0xc4, 0x3a, 0x96, 0x00, 0x77, 0xcd, 0xaa, 0xcf, 0x60, 0xfa, 0xa1, 0x4f,
-	0x7c, 0xcb, 0xae, 0xc9, 0x79, 0x7d, 0x31, 0x2d, 0xc0, 0x5b, 0x01, 0x3c, 0x51, 0x6d, 0xfa, 0x2c,
-	0x1f, 0x01, 0x52, 0x83, 0x43, 0x46, 0xf5, 0xaf, 0x0c, 0x9c, 0x14, 0x8e, 0x49, 0x75, 0x78, 0x15,
-	0xa3, 0x7b, 0x50, 0x30, 0x18, 0xf3, 0x29, 0xa9, 0x6e, 0x3a, 0xb6, 0xe9, 0x53, 0x5e, 0xff, 0x47,
-	0x7b, 0x75, 0x83, 0x12, 0x26, 0xa2, 0xc9, 0xe9, 0xeb, 0x32, 0x9a, 0xc2, 0xc6, 0x10, 0x1c, 0x1e,
-	0xca, 0x80, 0x1e, 0xc0, 0x7c, 0xa3, 0x3b, 0x76, 0x19, 0xe6, 0xd9, 0xb4, 0x30, 0x13, 0x09, 0xd3,
-	0x57, 0xe4, 0x09, 0x92, 0x49, 0xc7, 0x49, 0x6a, 0xf4, 0x36, 0x2c, 0x36, 0x88, 0x5d, 0x35, 0x2a,
-	0x0d, 0xb2, 0x4b, 0xa8, 0x49, 0x6c, 0x4f, 0xb4, 0x48, 0x4e, 0x5f, 0xee, 0xb4, 0x4b, 0x8b, 0x5b,
-	0x49, 0x15, 0xee, 0xc5, 0xa2, 0x9b, 0xb0, 0x52, 0x71, 0x28, 0x75, 0x0e, 0x2d, 0xbb, 0x26, 0xfc,
-	0x84, 0x24, 0x59, 0x41, 0xf2, 0xaf, 0x4e, 0xbb, 0xb4, 0xa2, 0x0f, 0x02, 0xe0, 0xc1, 0x76, 0xea,
-	0x21, 0xac, 0xec, 0xf0, 0x99, 0xc2, 0x1c, 0x9f, 0x9a, 0x24, 0x6e, 0x08, 0x54, 0x82, 0x5c, 0x8b,
-	0xd0, 0x4a, 0x50, 0xd4, 0x79, 0x3d, 0xcf, 0xdb, 0xe1, 0x63, 0x2e, 0xc0, 0x81, 0x9c, 0x47, 0x62,
-	0xc7, 0x96, 0x77, 0xf0, 0x16, 0x2b, 0x4c, 0x09, 0xa8, 0x88, 0x64, 0x27, 0xa9, 0xc2, 0xbd, 0x58,
-	0xb5, 0x9d, 0x81, 0xd5, 0x21, 0xfd, 0x87, 0xee, 0xc0, 0x0c, 0x93, 0x7f, 0xcb, 0x9e, 0x3a, 0x95,
-	0x76, 0x17, 0xd2, 0x36, 0x9e, 0xfe, 0x21, 0x19, 0x8e, 0xa8, 0x90, 0x03, 0xf3, 0x54, 0x1e, 0x41,
-	0xf8, 0x94, 0xaf, 0xc0, 0x85, 0x34, 0xee, 0xfe, 0xec, 0xc4, 0x97, 0x8d, 0xbb, 0x09, 0x71, 0x92,
-	0x1f, 0x3d, 0x82, 0xa5, 0xae, 0xb0, 0x03, 0x9f, 0x93, 0xc2, 0xe7, 0xa5, 0x34, 0x9f, 0x03, 0x2f,
-	0x45, 0x2f, 0x48, 0xb7, 0x4b, 0x3b, 0x3d, 0xb4, 0xb8, 0xcf, 0x91, 0xfa, 0x73, 0x06, 0x46, 0x3c,
-	0x0c, 0xaf, 0x60, 0xc9, 0xbb, 0x9f, 0x58, 0xf2, 0xde, 0x79, 0xf1, 0x17, 0x6f, 0xe8, 0xd2, 0x57,
-	0xef, 0x59, 0xfa, 0xde, 0x7b, 0x09, 0x1f, 0xa3, 0x97, 0xc0, 0x3f, 0x32, 0xf0, 0xef, 0xe1, 0xc6,
-	0xf1, 0x52, 0x78, 0x23, 0x31, 0x62, 0x2f, 0xf7, 0x8c, 0xd8, 0x53, 0x63, 0x50, 0xfc, 0xb3, 0x24,
-	0xf6, 0x2c, 0x89, 0xbf, 0x28, 0x50, 0x1c, 0x9e, 0xb7, 0x57, 0xb0, 0x34, 0x7e, 0x9e, 0x5c, 0x1a,
-	0xdf, 0x7c, 0xf1, 0x22, 0x1b, 0xb2, 0x44, 0x5e, 0x1b, 0x55, 0x5b, 0xd1, 0xba, 0x37, 0xc6, 0x93,
-	0xff, 0xd3, 0xc8, 0x54, 0x89, 0xed, 0x34, 0xe5, 0x57, 0x4b, 0xc2, 0xfa, 0x7d, 0x9b, 0x3f, 0x3d,
-	0x4d, 0xfe, 0x7a, 0x04, 0x05, 0x59, 0x87, 0xe9, 0x46, 0xf0, 0x56, 0xcb, 0xa6, 0xde, 0x18, 0xeb,
-	0x89, 0x1c, 0xf5, 0xb4, 0x07, 0x6b, 0x81, 0x84, 0xe1, 0x90, 0x5e, 0xfd, 0x56, 0x81, 0xf5, 0xb4,
-	0x66, 0x45, 0x87, 0x03, 0x96, 0xaf, 0x97, 0x58, 0xac, 0xc7, 0x5f, 0xc6, 0x7e, 0x50, 0xe0, 0xf8,
-	0xa0, 0x1d, 0x87, 0x97, 0x3f, 0x5f, 0x6c, 0xa2, 0xad, 0x24, 0x2a, 0xff, 0x5b, 0x42, 0x8a, 0xa5,
-	0x16, 0x9d, 0x81, 0x99, 0xba, 0x61, 0x57, 0xf7, 0xac, 0x2f, 0xc2, 0x7d, 0x3b, 0x2a, 0xc0, 0x0f,
-	0xa5, 0x1c, 0x47, 0x08, 0x74, 0x15, 0x96, 0x84, 0xdd, 0x16, 0xb1, 0x6b, 0x5e, 0x5d, 0xe4, 0x4a,
-	0x2e, 0x0d, 0xd1, 0x7b, 0x70, 0xab, 0x47, 0x8f, 0xfb, 0x2c, 0xd4, 0x3f, 0x15, 0x40, 0x2f, 0xf2,
-	0xce, 0x9f, 0x86, 0xbc, 0xe1, 0x5a, 0x62, 0xf9, 0x0c, 0x5a, 0x20, 0xaf, 0xcf, 0x77, 0xda, 0xa5,
-	0xfc, 0xc6, 0xee, 0xf5, 0x40, 0x88, 0x63, 0x3d, 0x07, 0x87, 0x4f, 0x60, 0xf0, 0xd4, 0x49, 0x70,
-	0xe8, 0x98, 0xe1, 0x58, 0x8f, 0xae, 0xc0, 0x9c, 0xd9, 0xf0, 0x99, 0x47, 0xe8, 0x9e, 0xe9, 0xb8,
-	0x44, 0x8c, 0x8c, 0x19, 0xfd, 0xb8, 0x8c, 0x69, 0x6e, 0xb3, 0x4b, 0x87, 0x13, 0x48, 0xa4, 0x01,
-	0xf0, 0x82, 0x67, 0xae, 0xc1, 0xfd, 0xe4, 0x84, 0x9f, 0x05, 0x7e, 0x61, 0x3b, 0x91, 0x14, 0x77,
-	0x21, 0xd4, 0x07, 0xb0, 0xb2, 0x47, 0x68, 0xcb, 0x32, 0xc9, 0x86, 0x69, 0x3a, 0xbe, 0xed, 0x85,
-	0x6b, 0x74, 0x19, 0xf2, 0x11, 0x4c, 0xf6, 0xc4, 0x31, 0xe9, 0x3f, 0x1f, 0x71, 0xe1, 0x18, 0x13,
-	0x35, 0x61, 0x66, 0x78, 0x13, 0x66, 0x60, 0x3a, 0xa6, 0xcf, 0x1e, 0x58, 0x76, 0x55, 0x32, 0x9f,
-	0x08, 0xd1, 0x37, 0x2c, 0xbb, 0xfa, 0xbc, 0x5d, 0x9a, 0x95, 0x30, 0xfe, 0x89, 0x05, 0x10, 0x5d,
-	0x87, 0xac, 0xcf, 0x08, 0x95, 0xed, 0x75, 0x3a, 0xad, 0x98, 0xef, 0x30, 0x42, 0xc3, 0xcd, 0x67,
-	0x86, 0x33, 0x73, 0x01, 0x16, 0x14, 0x68, 0x1b, 0x72, 0x35, 0x7e, 0x29, 0x72, 0xea, 0x9f, 0x49,
-	0xe3, 0xea, 0xfe, 0x79, 0x11, 0x94, 0x81, 0x90, 0xe0, 0x80, 0x05, 0x3d, 0x84, 0x05, 0x96, 0x48,
-	0xa1, 0xb8, 0xae, 0x31, 0x36, 0x99, 0x81, 0x89, 0xd7, 0x51, 0xa7, 0x5d, 0x5a, 0x48, 0xaa, 0x70,
-	0x8f, 0x03, 0xb5, 0x0c, 0xb3, 0x5d, 0x01, 0xa6, 0xcf, 0x3f, 0xfd, 0xea, 0xe3, 0x67, 0xc5, 0x89,
-	0x27, 0xcf, 0x8a, 0x13, 0x4f, 0x9f, 0x15, 0x27, 0xbe, 0xec, 0x14, 0x95, 0xc7, 0x9d, 0xa2, 0xf2,
-	0xa4, 0x53, 0x54, 0x9e, 0x76, 0x8a, 0xca, 0xaf, 0x9d, 0xa2, 0xf2, 0xf5, 0x6f, 0xc5, 0x89, 0xbb,
-	0xc5, 0xd1, 0xff, 0x67, 0xfc, 0x3b, 0x00, 0x00, 0xff, 0xff, 0x87, 0x72, 0xbf, 0xe2, 0xa1, 0x14,
-	0x00, 0x00,
+	// 1617 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xec, 0x58, 0x4b, 0x73, 0x1b, 0xc5,
+	0x16, 0xf6, 0xc8, 0x92, 0x6d, 0x1d, 0x3f, 0xd3, 0x8e, 0xcb, 0xba, 0xce, 0x2d, 0xc9, 0x99, 0x5b,
+	0x75, 0x73, 0x2f, 0x49, 0x46, 0x89, 0x49, 0x48, 0x80, 0xe2, 0xe1, 0x71, 0x42, 0x08, 0xb1, 0x1d,
+	0xa7, 0x9d, 0x40, 0x2a, 0xa4, 0x8a, 0x8c, 0x46, 0x6d, 0x69, 0x62, 0x69, 0x66, 0xd2, 0x3d, 0x23,
+	0x63, 0xb2, 0xa1, 0xf8, 0x05, 0xac, 0x61, 0xc9, 0x82, 0x15, 0x1b, 0xb6, 0x2c, 0x58, 0x92, 0x62,
+	0x95, 0x65, 0x56, 0x82, 0x88, 0x15, 0xff, 0x00, 0x52, 0x45, 0x15, 0xd5, 0x3d, 0xad, 0x19, 0x8d,
+	0x5e, 0xa3, 0x4a, 0xaa, 0xb2, 0x62, 0xe7, 0x39, 0xe7, 0x3b, 0xdf, 0xe9, 0x3e, 0x7d, 0x5e, 0x32,
+	0x5c, 0xd9, 0xbf, 0xc8, 0x34, 0xcb, 0x29, 0xee, 0xfb, 0x25, 0x42, 0x6d, 0xe2, 0x11, 0x56, 0x6c,
+	0x10, 0xbb, 0xec, 0xd0, 0xa2, 0x54, 0x18, 0xae, 0x55, 0xdc, 0xab, 0x39, 0x07, 0xa6, 0x63, 0x7b,
+	0xd4, 0xa9, 0x15, 0x1b, 0x67, 0x4b, 0xc4, 0x33, 0xd6, 0x8a, 0x15, 0x62, 0x13, 0x6a, 0x78, 0xa4,
+	0xac, 0xb9, 0xd4, 0xf1, 0x1c, 0x94, 0x0f, 0xf0, 0x9a, 0xe1, 0x5a, 0x5a, 0x07, 0x5e, 0x93, 0xf8,
+	0x95, 0xd3, 0x15, 0xcb, 0xab, 0xfa, 0x25, 0xcd, 0x74, 0xea, 0xc5, 0x8a, 0x53, 0x71, 0x8a, 0xc2,
+	0xac, 0xe4, 0xef, 0x89, 0x2f, 0xf1, 0x21, 0xfe, 0x0a, 0xe8, 0x56, 0xce, 0x45, 0xee, 0xeb, 0x86,
+	0x59, 0xb5, 0x6c, 0x42, 0x0f, 0x8b, 0xee, 0x7e, 0x85, 0x0b, 0x58, 0xb1, 0x4e, 0x3c, 0xa3, 0xd8,
+	0x38, 0xdb, 0x7d, 0x88, 0x95, 0xe2, 0x20, 0x2b, 0xea, 0xdb, 0x9e, 0x55, 0x27, 0x3d, 0x06, 0xaf,
+	0x25, 0x19, 0x30, 0xb3, 0x4a, 0xea, 0x46, 0xb7, 0x9d, 0xfa, 0x83, 0x02, 0xab, 0x97, 0x3f, 0x25,
+	0x75, 0xd7, 0xdb, 0xa1, 0x96, 0x43, 0x2d, 0xef, 0x70, 0x93, 0x34, 0x48, 0x6d, 0xc3, 0xb1, 0xf7,
+	0xac, 0x8a, 0x4f, 0x0d, 0xcf, 0x72, 0x6c, 0x74, 0x1b, 0x72, 0xb6, 0x53, 0xb7, 0x6c, 0x83, 0xcb,
+	0x4d, 0x9f, 0x52, 0x62, 0x9b, 0x87, 0xbb, 0x55, 0x83, 0x12, 0x96, 0x53, 0x56, 0x95, 0xff, 0x65,
+	0xf4, 0x7f, 0xb7, 0x9a, 0x85, 0xdc, 0xf6, 0x00, 0x0c, 0x1e, 0x68, 0x8d, 0xde, 0x82, 0xf9, 0x1a,
+	0xb1, 0xcb, 0x46, 0xa9, 0x46, 0x76, 0x08, 0x35, 0x89, 0xed, 0xe5, 0x52, 0x82, 0x70, 0xb1, 0xd5,
+	0x2c, 0xcc, 0x6f, 0xc6, 0x55, 0xb8, 0x1b, 0xab, 0xde, 0x81, 0xe5, 0xf7, 0x6a, 0xce, 0xc1, 0x25,
+	0x8b, 0x79, 0x96, 0x5d, 0xf1, 0x2d, 0x56, 0x25, 0x74, 0x8b, 0x78, 0x55, 0xa7, 0x8c, 0xde, 0x81,
+	0xb4, 0x77, 0xe8, 0x12, 0x71, 0xbe, 0xac, 0x7e, 0xf2, 0x51, 0xb3, 0x30, 0xd6, 0x6a, 0x16, 0xd2,
+	0x37, 0x0f, 0x5d, 0xf2, 0xac, 0x59, 0x38, 0x36, 0xc0, 0x8c, 0xab, 0xb1, 0x30, 0x54, 0xbf, 0x4a,
+	0x01, 0x70, 0xd4, 0xae, 0x08, 0x1c, 0xba, 0x07, 0x53, 0xfc, 0xb1, 0xca, 0x86, 0x67, 0x08, 0xce,
+	0xe9, 0xb5, 0x33, 0x5a, 0x94, 0x29, 0x61, 0xcc, 0x35, 0x77, 0xbf, 0xc2, 0x05, 0x4c, 0xe3, 0x68,
+	0xad, 0x71, 0x56, 0xbb, 0x5e, 0xba, 0x4f, 0x4c, 0x6f, 0x8b, 0x78, 0x86, 0x8e, 0xe4, 0x29, 0x20,
+	0x92, 0xe1, 0x90, 0x15, 0xed, 0x40, 0x9a, 0xb9, 0xc4, 0x14, 0x01, 0x98, 0x5e, 0xd3, 0xb4, 0xe1,
+	0x79, 0xa8, 0x45, 0x67, 0xdb, 0x75, 0x89, 0xa9, 0xcf, 0xb4, 0x6f, 0xc8, 0xbf, 0xb0, 0x60, 0x42,
+	0xb7, 0x61, 0x82, 0x79, 0x86, 0xe7, 0xb3, 0xdc, 0x78, 0xcf, 0x89, 0x93, 0x38, 0x85, 0x9d, 0x3e,
+	0x27, 0x59, 0x27, 0x82, 0x6f, 0x2c, 0xf9, 0xd4, 0x27, 0x29, 0x58, 0x8c, 0xc0, 0x1b, 0x8e, 0x5d,
+	0xb6, 0x44, 0xa6, 0xbc, 0x19, 0x8b, 0xfa, 0x89, 0xae, 0xa8, 0x2f, 0xf7, 0x31, 0x89, 0x22, 0x8e,
+	0x5e, 0x0f, 0x8f, 0x9b, 0x12, 0xe6, 0xc7, 0xe3, 0xce, 0x9f, 0x35, 0x0b, 0xf3, 0xa1, 0x59, 0xfc,
+	0x3c, 0xa8, 0x01, 0xa8, 0x66, 0x30, 0xef, 0x26, 0x35, 0x6c, 0x16, 0xd0, 0x5a, 0x75, 0x22, 0x6f,
+	0xfd, 0xca, 0x68, 0xef, 0xc4, 0x2d, 0xf4, 0x15, 0xe9, 0x12, 0x6d, 0xf6, 0xb0, 0xe1, 0x3e, 0x1e,
+	0xd0, 0x7f, 0x61, 0x82, 0x12, 0x83, 0x39, 0x76, 0x2e, 0x2d, 0x8e, 0x1c, 0xc6, 0x0b, 0x0b, 0x29,
+	0x96, 0x5a, 0xf4, 0x7f, 0x98, 0xac, 0x13, 0xc6, 0x8c, 0x0a, 0xc9, 0x65, 0x04, 0x70, 0x5e, 0x02,
+	0x27, 0xb7, 0x02, 0x31, 0x6e, 0xeb, 0xd5, 0x1f, 0x15, 0x98, 0x8b, 0xe2, 0xb4, 0x69, 0x31, 0x0f,
+	0xdd, 0xed, 0xc9, 0x3d, 0x6d, 0xb4, 0x3b, 0x71, 0x6b, 0x91, 0x79, 0x0b, 0xd2, 0xdd, 0x54, 0x5b,
+	0xd2, 0x91, 0x77, 0xd7, 0x21, 0x63, 0x79, 0xa4, 0xce, 0xa3, 0x3e, 0xde, 0x15, 0xae, 0x84, 0x24,
+	0xd1, 0x67, 0x25, 0x6d, 0xe6, 0x2a, 0x27, 0xc0, 0x01, 0x8f, 0xfa, 0xfb, 0x78, 0xe7, 0x0d, 0x78,
+	0x3e, 0xa2, 0x6f, 0x15, 0x58, 0x71, 0x07, 0x36, 0x18, 0x79, 0xa9, 0x8d, 0x24, 0xcf, 0x83, 0x5b,
+	0x14, 0x26, 0x7b, 0x84, 0xf7, 0x15, 0xa2, 0xab, 0xf2, 0x48, 0x2b, 0x43, 0xc0, 0x43, 0x8e, 0x82,
+	0x3e, 0x00, 0x54, 0x37, 0x3c, 0x1e, 0xd1, 0xca, 0x0e, 0x25, 0x26, 0x29, 0x73, 0x56, 0xd9, 0x94,
+	0xc2, 0xec, 0xd8, 0xea, 0x41, 0xe0, 0x3e, 0x56, 0xe8, 0x0b, 0x05, 0x16, 0xcb, 0xbd, 0x4d, 0x46,
+	0xe6, 0xe5, 0x85, 0x51, 0x02, 0xdd, 0xa7, 0x47, 0xe9, 0xcb, 0xad, 0x66, 0x61, 0xb1, 0x8f, 0x02,
+	0xf7, 0x73, 0x86, 0xee, 0x42, 0x86, 0xfa, 0x35, 0xc2, 0x72, 0x69, 0xf1, 0xbc, 0x89, 0x5e, 0x77,
+	0x9c, 0x9a, 0x65, 0x1e, 0x62, 0x6e, 0xf2, 0x91, 0xe5, 0x55, 0x77, 0x7d, 0xd1, 0xab, 0x58, 0xf4,
+	0xd6, 0x42, 0x85, 0x03, 0x52, 0xf5, 0x21, 0x2c, 0x74, 0x37, 0x0d, 0x54, 0x01, 0x30, 0xdb, 0x75,
+	0xca, 0x07, 0x04, 0x77, 0xfb, 0xea, 0xe8, 0x59, 0x15, 0xd6, 0x78, 0xd4, 0x2f, 0x43, 0x11, 0xc3,
+	0x1d, 0xd4, 0xea, 0x19, 0x98, 0xb9, 0x42, 0x1d, 0xdf, 0x95, 0x67, 0x44, 0xab, 0x90, 0xb6, 0x8d,
+	0x7a, 0xbb, 0xfb, 0x84, 0x1d, 0x71, 0xdb, 0xa8, 0x13, 0x2c, 0x34, 0xea, 0x37, 0x0a, 0xcc, 0x6e,
+	0x5a, 0x75, 0xcb, 0xc3, 0x84, 0xb9, 0x8e, 0xcd, 0x08, 0x3a, 0x1f, 0xeb, 0x58, 0xc7, 0xbb, 0x3a,
+	0xd6, 0x91, 0x18, 0xb8, 0xa3, 0x57, 0x7d, 0x0c, 0x93, 0x0f, 0x7c, 0xe2, 0x5b, 0x76, 0x45, 0xf6,
+	0xeb, 0x73, 0x49, 0x17, 0xbc, 0x11, 0xc0, 0x63, 0xd9, 0xa6, 0x4f, 0xf3, 0x16, 0x20, 0x35, 0xb8,
+	0xcd, 0xa8, 0xfe, 0x95, 0x82, 0xe3, 0xc2, 0x31, 0x29, 0x0f, 0x99, 0xca, 0x77, 0x21, 0x67, 0x30,
+	0xe6, 0x53, 0x52, 0x1e, 0x34, 0x95, 0x57, 0xe5, 0x6d, 0x72, 0xeb, 0x03, 0x70, 0x78, 0x20, 0x03,
+	0xba, 0x0f, 0xb3, 0xb5, 0xce, 0xbb, 0xcb, 0x6b, 0x9e, 0x4e, 0xba, 0x66, 0x2c, 0x60, 0xfa, 0x92,
+	0x3c, 0x41, 0x3c, 0xe8, 0x38, 0x4e, 0xdd, 0x6f, 0x0b, 0x18, 0x1f, 0x7d, 0x0b, 0x40, 0xd7, 0x61,
+	0xa9, 0xe4, 0x50, 0xea, 0x1c, 0x58, 0x76, 0x45, 0xf8, 0x69, 0x93, 0xa4, 0x05, 0xc9, 0xbf, 0x5a,
+	0xcd, 0xc2, 0x92, 0xde, 0x0f, 0x80, 0xfb, 0xdb, 0xa9, 0x07, 0xb0, 0xb4, 0xcd, 0x7b, 0x0a, 0x73,
+	0x7c, 0x6a, 0x92, 0xa8, 0x20, 0x50, 0x01, 0x32, 0x0d, 0x42, 0x4b, 0x41, 0x52, 0x67, 0xf5, 0x2c,
+	0x2f, 0x87, 0x0f, 0xb9, 0x00, 0x07, 0x72, 0x7e, 0x13, 0x3b, 0xb2, 0xbc, 0x85, 0x37, 0x59, 0x6e,
+	0x42, 0x40, 0xc5, 0x4d, 0xb6, 0xe3, 0x2a, 0xdc, 0x8d, 0x55, 0x9b, 0x29, 0x58, 0x1e, 0x50, 0x7f,
+	0xe8, 0x16, 0x4c, 0x31, 0xf9, 0xb7, 0xac, 0xa9, 0x13, 0x49, 0x6f, 0x21, 0x6d, 0xa3, 0xee, 0xdf,
+	0x26, 0xc3, 0x21, 0x15, 0x72, 0x60, 0x96, 0xca, 0x23, 0x08, 0x9f, 0x72, 0x0a, 0xac, 0x25, 0x71,
+	0xf7, 0x46, 0x27, 0x7a, 0x6c, 0xdc, 0x49, 0x88, 0xe3, 0xfc, 0xe8, 0x21, 0x2c, 0x74, 0x5c, 0x3b,
+	0xf0, 0x39, 0x2e, 0x7c, 0x9e, 0x4f, 0xf2, 0xd9, 0xf7, 0x51, 0xf4, 0x9c, 0x74, 0xbb, 0xb0, 0xdd,
+	0x45, 0x8b, 0x7b, 0x1c, 0xa9, 0x3f, 0xa7, 0x60, 0xc8, 0x60, 0x78, 0x09, 0x4b, 0xde, 0xbd, 0xd8,
+	0x92, 0xf7, 0xf6, 0xf3, 0x4f, 0xbc, 0x81, 0x4b, 0x5f, 0xb5, 0x6b, 0xe9, 0x7b, 0xf7, 0x05, 0x7c,
+	0x0c, 0x5f, 0x02, 0xff, 0x48, 0xc1, 0x7f, 0x06, 0x1b, 0x47, 0x4b, 0xe1, 0xb5, 0x58, 0x8b, 0xbd,
+	0xd0, 0xd5, 0x62, 0x4f, 0x8c, 0x40, 0xf1, 0xcf, 0x92, 0xd8, 0xb5, 0x24, 0xfe, 0xa2, 0x40, 0x7e,
+	0x70, 0xdc, 0x5e, 0xc2, 0xd2, 0xf8, 0x49, 0x7c, 0x69, 0x7c, 0xe3, 0xf9, 0x93, 0x6c, 0xc0, 0x12,
+	0x79, 0x65, 0x58, 0x6e, 0x85, 0xeb, 0xde, 0x08, 0x23, 0xff, 0xbb, 0xd4, 0xb0, 0x50, 0x89, 0xed,
+	0x34, 0xe1, 0x57, 0x4b, 0xcc, 0xfa, 0xb2, 0xcd, 0x47, 0x4f, 0x9d, 0x4f, 0x8f, 0x20, 0x21, 0xab,
+	0x30, 0x59, 0x0b, 0x66, 0xb5, 0x2c, 0xea, 0xf5, 0x91, 0x46, 0xe4, 0xb0, 0xd1, 0x1e, 0xac, 0x05,
+	0x12, 0x86, 0xdb, 0xf4, 0xa8, 0x0c, 0x13, 0x44, 0xfc, 0x54, 0x1f, 0xb5, 0xb2, 0x93, 0x7e, 0xd8,
+	0xeb, 0xc0, 0xb3, 0x30, 0x40, 0x61, 0xc9, 0xad, 0x7e, 0xad, 0xc0, 0x6a, 0x52, 0x4b, 0x40, 0x07,
+	0x7d, 0x56, 0xbc, 0x17, 0x58, 0xdf, 0x47, 0x5f, 0xf9, 0xbe, 0x57, 0xe0, 0x68, 0xbf, 0x4d, 0x8a,
+	0x17, 0x19, 0x5f, 0x9f, 0xc2, 0xdd, 0x27, 0x2c, 0xb2, 0x1b, 0x42, 0x8a, 0xa5, 0x16, 0x9d, 0x82,
+	0xa9, 0xaa, 0x61, 0x97, 0x77, 0xad, 0xcf, 0xda, 0x5b, 0x7d, 0x98, 0xe6, 0xef, 0x4b, 0x39, 0x0e,
+	0x11, 0xe8, 0x12, 0x2c, 0x08, 0xbb, 0x4d, 0x62, 0x57, 0xbc, 0xaa, 0x78, 0x11, 0xb9, 0x9a, 0x84,
+	0x53, 0xe7, 0x46, 0x97, 0x1e, 0xf7, 0x58, 0xa8, 0x7f, 0x2a, 0x80, 0x9e, 0x67, 0x9b, 0x38, 0x09,
+	0x59, 0xc3, 0xb5, 0xc4, 0x8a, 0x1b, 0x14, 0x5a, 0x56, 0x9f, 0x6d, 0x35, 0x0b, 0xd9, 0xf5, 0x9d,
+	0xab, 0x81, 0x10, 0x47, 0x7a, 0x0e, 0x6e, 0x0f, 0xda, 0x60, 0xa0, 0x4a, 0x70, 0xdb, 0x31, 0xc3,
+	0x91, 0x1e, 0x5d, 0x84, 0x19, 0xb3, 0xe6, 0x33, 0x8f, 0xd0, 0x5d, 0xd3, 0x71, 0x89, 0x68, 0x4c,
+	0x53, 0xfa, 0x51, 0x79, 0xa7, 0x99, 0x8d, 0x0e, 0x1d, 0x8e, 0x21, 0x91, 0x06, 0xc0, 0xcb, 0x8a,
+	0xb9, 0x06, 0xf7, 0x93, 0x11, 0x7e, 0xe6, 0xf8, 0x83, 0x6d, 0x87, 0x52, 0xdc, 0x81, 0x50, 0xef,
+	0xc3, 0xd2, 0x2e, 0xa1, 0x0d, 0xcb, 0x24, 0xeb, 0xa6, 0xe9, 0xf8, 0xb6, 0xd7, 0x5e, 0xd6, 0x8b,
+	0x90, 0x0d, 0x61, 0xb2, 0xf2, 0x8e, 0x48, 0xff, 0xd9, 0x90, 0x0b, 0x47, 0x98, 0xb0, 0xd4, 0x53,
+	0x03, 0x4b, 0xfd, 0xa7, 0x14, 0x4c, 0x46, 0xf4, 0xe9, 0x7d, 0xcb, 0x2e, 0x4b, 0xe6, 0x63, 0x6d,
+	0xf4, 0x35, 0xcb, 0x2e, 0x3f, 0x6b, 0x16, 0xa6, 0x25, 0x8c, 0x7f, 0x62, 0x01, 0x44, 0x57, 0x21,
+	0xed, 0x33, 0x42, 0x65, 0x11, 0x9f, 0x4c, 0x4a, 0xe6, 0x5b, 0x8c, 0xd0, 0xf6, 0x7e, 0x35, 0xc5,
+	0x99, 0xb9, 0x00, 0x0b, 0x0a, 0xb4, 0x05, 0x99, 0x0a, 0x7f, 0x14, 0x59, 0xa7, 0xa7, 0x92, 0xb8,
+	0x3a, 0x7f, 0xc4, 0x04, 0x69, 0x20, 0x24, 0x38, 0x60, 0x41, 0x0f, 0x60, 0x8e, 0xc5, 0x42, 0x28,
+	0x9e, 0x6b, 0x84, 0x7d, 0xa9, 0x6f, 0xe0, 0x75, 0xd4, 0x6a, 0x16, 0xe6, 0xe2, 0x2a, 0xdc, 0xe5,
+	0x40, 0x2d, 0xc2, 0x74, 0xc7, 0x05, 0x93, 0xbb, 0xac, 0x7e, 0xe9, 0xd1, 0xd3, 0xfc, 0xd8, 0xe3,
+	0xa7, 0xf9, 0xb1, 0x27, 0x4f, 0xf3, 0x63, 0x9f, 0xb7, 0xf2, 0xca, 0xa3, 0x56, 0x5e, 0x79, 0xdc,
+	0xca, 0x2b, 0x4f, 0x5a, 0x79, 0xe5, 0xd7, 0x56, 0x5e, 0xf9, 0xf2, 0xb7, 0xfc, 0xd8, 0x9d, 0xfc,
+	0xf0, 0xff, 0xc5, 0xfe, 0x1d, 0x00, 0x00, 0xff, 0xff, 0xfd, 0x4d, 0x1e, 0x25, 0xc5, 0x15, 0x00,
+	0x00,
+}
+
+func (m *ExemptPriorityLevelConfiguration) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *ExemptPriorityLevelConfiguration) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ExemptPriorityLevelConfiguration) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.LendablePercent != nil {
+		i = encodeVarintGenerated(dAtA, i, uint64(*m.LendablePercent))
+		i--
+		dAtA[i] = 0x10
+	}
+	if m.NominalConcurrencyShares != nil {
+		i = encodeVarintGenerated(dAtA, i, uint64(*m.NominalConcurrencyShares))
+		i--
+		dAtA[i] = 0x8
+	}
+	return len(dAtA) - i, nil
 }
 
 func (m *FlowDistinguisherMethod) Marshal() (dAtA []byte, err error) {
@@ -1491,6 +1557,18 @@ func (m *PriorityLevelConfigurationSpec) MarshalToSizedBuffer(dAtA []byte) (int,
 	_ = i
 	var l int
 	_ = l
+	if m.Exempt != nil {
+		{
+			size, err := m.Exempt.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintGenerated(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x1a
+	}
 	if m.Limited != nil {
 		{
 			size, err := m.Limited.MarshalToSizedBuffer(dAtA[:i])
@@ -1783,6 +1861,21 @@ func encodeVarintGenerated(dAtA []byte, offset int, v uint64) int {
 	dAtA[offset] = uint8(v)
 	return base
 }
+func (m *ExemptPriorityLevelConfiguration) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.NominalConcurrencyShares != nil {
+		n += 1 + sovGenerated(uint64(*m.NominalConcurrencyShares))
+	}
+	if m.LendablePercent != nil {
+		n += 1 + sovGenerated(uint64(*m.LendablePercent))
+	}
+	return n
+}
+
 func (m *FlowDistinguisherMethod) Size() (n int) {
 	if m == nil {
 		return 0
@@ -2048,6 +2141,10 @@ func (m *PriorityLevelConfigurationSpec) Size() (n int) {
 		l = m.Limited.Size()
 		n += 1 + l + sovGenerated(uint64(l))
 	}
+	if m.Exempt != nil {
+		l = m.Exempt.Size()
+		n += 1 + l + sovGenerated(uint64(l))
+	}
 	return n
 }
 
@@ -2165,6 +2262,17 @@ func sovGenerated(x uint64) (n int) {
 func sozGenerated(x uint64) (n int) {
 	return sovGenerated(uint64((x << 1) ^ uint64((int64(x) >> 63))))
 }
+func (this *ExemptPriorityLevelConfiguration) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&ExemptPriorityLevelConfiguration{`,
+		`NominalConcurrencyShares:` + valueToStringGenerated(this.NominalConcurrencyShares) + `,`,
+		`LendablePercent:` + valueToStringGenerated(this.LendablePercent) + `,`,
+		`}`,
+	}, "")
+	return s
+}
 func (this *FlowDistinguisherMethod) String() string {
 	if this == nil {
 		return "nil"
@@ -2381,6 +2489,7 @@ func (this *PriorityLevelConfigurationSpec) String() string {
 	s := strings.Join([]string{`&PriorityLevelConfigurationSpec{`,
 		`Type:` + fmt.Sprintf("%v", this.Type) + `,`,
 		`Limited:` + strings.Replace(this.Limited.String(), "LimitedPriorityLevelConfiguration", "LimitedPriorityLevelConfiguration", 1) + `,`,
+		`Exempt:` + strings.Replace(this.Exempt.String(), "ExemptPriorityLevelConfiguration", "ExemptPriorityLevelConfiguration", 1) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -2468,6 +2577,96 @@ func valueToStringGenerated(v interface{}) string {
 	pv := reflect.Indirect(rv).Interface()
 	return fmt.Sprintf("*%v", pv)
 }
+func (m *ExemptPriorityLevelConfiguration) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowGenerated
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: ExemptPriorityLevelConfiguration: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: ExemptPriorityLevelConfiguration: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field NominalConcurrencyShares", wireType)
+			}
+			var v int32
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				v |= int32(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			m.NominalConcurrencyShares = &v
+		case 2:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field LendablePercent", wireType)
+			}
+			var v int32
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				v |= int32(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			m.LendablePercent = &v
+		default:
+			iNdEx = preIndex
+			skippy, err := skipGenerated(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
 func (m *FlowDistinguisherMethod) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
@@ -4547,6 +4746,42 @@ func (m *PriorityLevelConfigurationSpec) Unmarshal(dAtA []byte) error {
 				return err
 			}
 			iNdEx = postIndex
+		case 3:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Exempt", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.Exempt == nil {
+				m.Exempt = &ExemptPriorityLevelConfiguration{}
+			}
+			if err := m.Exempt.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
 			skippy, err := skipGenerated(dAtA[iNdEx:])
diff --git a/vendor/k8s.io/api/flowcontrol/v1beta2/generated.proto b/vendor/k8s.io/api/flowcontrol/v1beta2/generated.proto
index 4c98f21bc..a8c8a3273 100644
--- a/vendor/k8s.io/api/flowcontrol/v1beta2/generated.proto
+++ b/vendor/k8s.io/api/flowcontrol/v1beta2/generated.proto
@@ -28,6 +28,40 @@ import "k8s.io/apimachinery/pkg/runtime/schema/generated.proto";
 // Package-wide variables from generator "generated".
 option go_package = "k8s.io/api/flowcontrol/v1beta2";
 
+// ExemptPriorityLevelConfiguration describes the configurable aspects
+// of the handling of exempt requests.
+// In the mandatory exempt configuration object the values in the fields
+// here can be modified by authorized users, unlike the rest of the `spec`.
+message ExemptPriorityLevelConfiguration {
+  // `nominalConcurrencyShares` (NCS) contributes to the computation of the
+  // NominalConcurrencyLimit (NominalCL) of this level.
+  // This is the number of execution seats nominally reserved for this priority level.
+  // This DOES NOT limit the dispatching from this priority level
+  // but affects the other priority levels through the borrowing mechanism.
+  // The server's concurrency limit (ServerCL) is divided among all the
+  // priority levels in proportion to their NCS values:
+  //
+  // NominalCL(i)  = ceil( ServerCL * NCS(i) / sum_ncs )
+  // sum_ncs = sum[priority level k] NCS(k)
+  //
+  // Bigger numbers mean a larger nominal concurrency limit,
+  // at the expense of every other priority level.
+  // This field has a default value of zero.
+  // +optional
+  optional int32 nominalConcurrencyShares = 1;
+
+  // `lendablePercent` prescribes the fraction of the level's NominalCL that
+  // can be borrowed by other priority levels.  This value of this
+  // field must be between 0 and 100, inclusive, and it defaults to 0.
+  // The number of seats that other levels can borrow from this level, known
+  // as this level's LendableConcurrencyLimit (LendableCL), is defined as follows.
+  //
+  // LendableCL(i) = round( NominalCL(i) * lendablePercent(i)/100.0 )
+  //
+  // +optional
+  optional int32 lendablePercent = 2;
+}
+
 // FlowDistinguisherMethod specifies the method of a flow distinguisher.
 message FlowDistinguisherMethod {
   // `type` is the type of flow distinguisher method
@@ -332,6 +366,14 @@ message PriorityLevelConfigurationSpec {
   // This field must be non-empty if and only if `type` is `"Limited"`.
   // +optional
   optional LimitedPriorityLevelConfiguration limited = 2;
+
+  // `exempt` specifies how requests are handled for an exempt priority level.
+  // This field MUST be empty if `type` is `"Limited"`.
+  // This field MAY be non-empty if `type` is `"Exempt"`.
+  // If empty and `type` is `"Exempt"` then the default values
+  // for `ExemptPriorityLevelConfiguration` apply.
+  // +optional
+  optional ExemptPriorityLevelConfiguration exempt = 3;
 }
 
 // PriorityLevelConfigurationStatus represents the current state of a "request-priority".
diff --git a/vendor/k8s.io/api/flowcontrol/v1beta2/types.go b/vendor/k8s.io/api/flowcontrol/v1beta2/types.go
index 75409cee3..e8cf7abff 100644
--- a/vendor/k8s.io/api/flowcontrol/v1beta2/types.go
+++ b/vendor/k8s.io/api/flowcontrol/v1beta2/types.go
@@ -77,7 +77,9 @@ const (
 	//   is a boolean false or has an invalid boolean representation
 	//   (if the cluster operator sets it to 'false' it will be stomped)
 	// - any changes to the spec made by the cluster operator will be
-	//   stomped.
+	//   stomped, except for changes to the `nominalConcurrencyShares`
+	//   and `lendablePercent` fields of the PriorityLevelConfiguration
+	//   named "exempt".
 	//
 	// The kube-apiserver will apply updates on the suggested configuration if:
 	// - the cluster operator has enabled auto-update by setting the annotation
@@ -435,6 +437,14 @@ type PriorityLevelConfigurationSpec struct {
 	// This field must be non-empty if and only if `type` is `"Limited"`.
 	// +optional
 	Limited *LimitedPriorityLevelConfiguration `json:"limited,omitempty" protobuf:"bytes,2,opt,name=limited"`
+
+	// `exempt` specifies how requests are handled for an exempt priority level.
+	// This field MUST be empty if `type` is `"Limited"`.
+	// This field MAY be non-empty if `type` is `"Exempt"`.
+	// If empty and `type` is `"Exempt"` then the default values
+	// for `ExemptPriorityLevelConfiguration` apply.
+	// +optional
+	Exempt *ExemptPriorityLevelConfiguration `json:"exempt,omitempty" protobuf:"bytes,3,opt,name=exempt"`
 }
 
 // PriorityLevelEnablement indicates whether limits on execution are enabled for the priority level
@@ -505,6 +515,43 @@ type LimitedPriorityLevelConfiguration struct {
 	BorrowingLimitPercent *int32 `json:"borrowingLimitPercent,omitempty" protobuf:"varint,4,opt,name=borrowingLimitPercent"`
 }
 
+// ExemptPriorityLevelConfiguration describes the configurable aspects
+// of the handling of exempt requests.
+// In the mandatory exempt configuration object the values in the fields
+// here can be modified by authorized users, unlike the rest of the `spec`.
+type ExemptPriorityLevelConfiguration struct {
+	// `nominalConcurrencyShares` (NCS) contributes to the computation of the
+	// NominalConcurrencyLimit (NominalCL) of this level.
+	// This is the number of execution seats nominally reserved for this priority level.
+	// This DOES NOT limit the dispatching from this priority level
+	// but affects the other priority levels through the borrowing mechanism.
+	// The server's concurrency limit (ServerCL) is divided among all the
+	// priority levels in proportion to their NCS values:
+	//
+	// NominalCL(i)  = ceil( ServerCL * NCS(i) / sum_ncs )
+	// sum_ncs = sum[priority level k] NCS(k)
+	//
+	// Bigger numbers mean a larger nominal concurrency limit,
+	// at the expense of every other priority level.
+	// This field has a default value of zero.
+	// +optional
+	NominalConcurrencyShares *int32 `json:"nominalConcurrencyShares,omitempty" protobuf:"varint,1,opt,name=nominalConcurrencyShares"`
+	// `lendablePercent` prescribes the fraction of the level's NominalCL that
+	// can be borrowed by other priority levels.  This value of this
+	// field must be between 0 and 100, inclusive, and it defaults to 0.
+	// The number of seats that other levels can borrow from this level, known
+	// as this level's LendableConcurrencyLimit (LendableCL), is defined as follows.
+	//
+	// LendableCL(i) = round( NominalCL(i) * lendablePercent(i)/100.0 )
+	//
+	// +optional
+	LendablePercent *int32 `json:"lendablePercent,omitempty" protobuf:"varint,2,opt,name=lendablePercent"`
+	// The `BorrowingCL` of an Exempt priority level is implicitly `ServerCL`.
+	// In other words, an exempt priority level
+	// has no meaningful limit on how much it borrows.
+	// There is no explicit representation of that here.
+}
+
 // LimitResponse defines how to handle requests that can not be executed right now.
 // +union
 type LimitResponse struct {
diff --git a/vendor/k8s.io/api/flowcontrol/v1beta2/types_swagger_doc_generated.go b/vendor/k8s.io/api/flowcontrol/v1beta2/types_swagger_doc_generated.go
index b2eff7f96..49a417809 100644
--- a/vendor/k8s.io/api/flowcontrol/v1beta2/types_swagger_doc_generated.go
+++ b/vendor/k8s.io/api/flowcontrol/v1beta2/types_swagger_doc_generated.go
@@ -27,6 +27,16 @@ package v1beta2
 // Those methods can be generated by using hack/update-codegen.sh
 
 // AUTO-GENERATED FUNCTIONS START HERE. DO NOT EDIT.
+var map_ExemptPriorityLevelConfiguration = map[string]string{
+	"":                         "ExemptPriorityLevelConfiguration describes the configurable aspects of the handling of exempt requests. In the mandatory exempt configuration object the values in the fields here can be modified by authorized users, unlike the rest of the `spec`.",
+	"nominalConcurrencyShares": "`nominalConcurrencyShares` (NCS) contributes to the computation of the NominalConcurrencyLimit (NominalCL) of this level. This is the number of execution seats nominally reserved for this priority level. This DOES NOT limit the dispatching from this priority level but affects the other priority levels through the borrowing mechanism. The server's concurrency limit (ServerCL) is divided among all the priority levels in proportion to their NCS values:\n\nNominalCL(i)  = ceil( ServerCL * NCS(i) / sum_ncs ) sum_ncs = sum[priority level k] NCS(k)\n\nBigger numbers mean a larger nominal concurrency limit, at the expense of every other priority level. This field has a default value of zero.",
+	"lendablePercent":          "`lendablePercent` prescribes the fraction of the level's NominalCL that can be borrowed by other priority levels.  This value of this field must be between 0 and 100, inclusive, and it defaults to 0. The number of seats that other levels can borrow from this level, known as this level's LendableConcurrencyLimit (LendableCL), is defined as follows.\n\nLendableCL(i) = round( NominalCL(i) * lendablePercent(i)/100.0 )",
+}
+
+func (ExemptPriorityLevelConfiguration) SwaggerDoc() map[string]string {
+	return map_ExemptPriorityLevelConfiguration
+}
+
 var map_FlowDistinguisherMethod = map[string]string{
 	"":     "FlowDistinguisherMethod specifies the method of a flow distinguisher.",
 	"type": "`type` is the type of flow distinguisher method The supported types are \"ByUser\" and \"ByNamespace\". Required.",
@@ -190,6 +200,7 @@ var map_PriorityLevelConfigurationSpec = map[string]string{
 	"":        "PriorityLevelConfigurationSpec specifies the configuration of a priority level.",
 	"type":    "`type` indicates whether this priority level is subject to limitation on request execution.  A value of `\"Exempt\"` means that requests of this priority level are not subject to a limit (and thus are never queued) and do not detract from the capacity made available to other priority levels.  A value of `\"Limited\"` means that (a) requests of this priority level _are_ subject to limits and (b) some of the server's limited capacity is made available exclusively to this priority level. Required.",
 	"limited": "`limited` specifies how requests are handled for a Limited priority level. This field must be non-empty if and only if `type` is `\"Limited\"`.",
+	"exempt":  "`exempt` specifies how requests are handled for an exempt priority level. This field MUST be empty if `type` is `\"Limited\"`. This field MAY be non-empty if `type` is `\"Exempt\"`. If empty and `type` is `\"Exempt\"` then the default values for `ExemptPriorityLevelConfiguration` apply.",
 }
 
 func (PriorityLevelConfigurationSpec) SwaggerDoc() map[string]string {
diff --git a/vendor/k8s.io/api/flowcontrol/v1beta2/zz_generated.deepcopy.go b/vendor/k8s.io/api/flowcontrol/v1beta2/zz_generated.deepcopy.go
index aa692484c..e0605b95d 100644
--- a/vendor/k8s.io/api/flowcontrol/v1beta2/zz_generated.deepcopy.go
+++ b/vendor/k8s.io/api/flowcontrol/v1beta2/zz_generated.deepcopy.go
@@ -25,6 +25,32 @@ import (
 	runtime "k8s.io/apimachinery/pkg/runtime"
 )
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ExemptPriorityLevelConfiguration) DeepCopyInto(out *ExemptPriorityLevelConfiguration) {
+	*out = *in
+	if in.NominalConcurrencyShares != nil {
+		in, out := &in.NominalConcurrencyShares, &out.NominalConcurrencyShares
+		*out = new(int32)
+		**out = **in
+	}
+	if in.LendablePercent != nil {
+		in, out := &in.LendablePercent, &out.LendablePercent
+		*out = new(int32)
+		**out = **in
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExemptPriorityLevelConfiguration.
+func (in *ExemptPriorityLevelConfiguration) DeepCopy() *ExemptPriorityLevelConfiguration {
+	if in == nil {
+		return nil
+	}
+	out := new(ExemptPriorityLevelConfiguration)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *FlowDistinguisherMethod) DeepCopyInto(out *FlowDistinguisherMethod) {
 	*out = *in
@@ -400,6 +426,11 @@ func (in *PriorityLevelConfigurationSpec) DeepCopyInto(out *PriorityLevelConfigu
 		*out = new(LimitedPriorityLevelConfiguration)
 		(*in).DeepCopyInto(*out)
 	}
+	if in.Exempt != nil {
+		in, out := &in.Exempt, &out.Exempt
+		*out = new(ExemptPriorityLevelConfiguration)
+		(*in).DeepCopyInto(*out)
+	}
 	return
 }
 
diff --git a/vendor/k8s.io/api/flowcontrol/v1beta3/generated.pb.go b/vendor/k8s.io/api/flowcontrol/v1beta3/generated.pb.go
index 166e8520b..c6598306d 100644
--- a/vendor/k8s.io/api/flowcontrol/v1beta3/generated.pb.go
+++ b/vendor/k8s.io/api/flowcontrol/v1beta3/generated.pb.go
@@ -43,10 +43,38 @@ var _ = math.Inf
 // proto package needs to be updated.
 const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package
 
+func (m *ExemptPriorityLevelConfiguration) Reset()      { *m = ExemptPriorityLevelConfiguration{} }
+func (*ExemptPriorityLevelConfiguration) ProtoMessage() {}
+func (*ExemptPriorityLevelConfiguration) Descriptor() ([]byte, []int) {
+	return fileDescriptor_803504887082f044, []int{0}
+}
+func (m *ExemptPriorityLevelConfiguration) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ExemptPriorityLevelConfiguration) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	b = b[:cap(b)]
+	n, err := m.MarshalToSizedBuffer(b)
+	if err != nil {
+		return nil, err
+	}
+	return b[:n], nil
+}
+func (m *ExemptPriorityLevelConfiguration) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ExemptPriorityLevelConfiguration.Merge(m, src)
+}
+func (m *ExemptPriorityLevelConfiguration) XXX_Size() int {
+	return m.Size()
+}
+func (m *ExemptPriorityLevelConfiguration) XXX_DiscardUnknown() {
+	xxx_messageInfo_ExemptPriorityLevelConfiguration.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_ExemptPriorityLevelConfiguration proto.InternalMessageInfo
+
 func (m *FlowDistinguisherMethod) Reset()      { *m = FlowDistinguisherMethod{} }
 func (*FlowDistinguisherMethod) ProtoMessage() {}
 func (*FlowDistinguisherMethod) Descriptor() ([]byte, []int) {
-	return fileDescriptor_803504887082f044, []int{0}
+	return fileDescriptor_803504887082f044, []int{1}
 }
 func (m *FlowDistinguisherMethod) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -74,7 +102,7 @@ var xxx_messageInfo_FlowDistinguisherMethod proto.InternalMessageInfo
 func (m *FlowSchema) Reset()      { *m = FlowSchema{} }
 func (*FlowSchema) ProtoMessage() {}
 func (*FlowSchema) Descriptor() ([]byte, []int) {
-	return fileDescriptor_803504887082f044, []int{1}
+	return fileDescriptor_803504887082f044, []int{2}
 }
 func (m *FlowSchema) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -102,7 +130,7 @@ var xxx_messageInfo_FlowSchema proto.InternalMessageInfo
 func (m *FlowSchemaCondition) Reset()      { *m = FlowSchemaCondition{} }
 func (*FlowSchemaCondition) ProtoMessage() {}
 func (*FlowSchemaCondition) Descriptor() ([]byte, []int) {
-	return fileDescriptor_803504887082f044, []int{2}
+	return fileDescriptor_803504887082f044, []int{3}
 }
 func (m *FlowSchemaCondition) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -130,7 +158,7 @@ var xxx_messageInfo_FlowSchemaCondition proto.InternalMessageInfo
 func (m *FlowSchemaList) Reset()      { *m = FlowSchemaList{} }
 func (*FlowSchemaList) ProtoMessage() {}
 func (*FlowSchemaList) Descriptor() ([]byte, []int) {
-	return fileDescriptor_803504887082f044, []int{3}
+	return fileDescriptor_803504887082f044, []int{4}
 }
 func (m *FlowSchemaList) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -158,7 +186,7 @@ var xxx_messageInfo_FlowSchemaList proto.InternalMessageInfo
 func (m *FlowSchemaSpec) Reset()      { *m = FlowSchemaSpec{} }
 func (*FlowSchemaSpec) ProtoMessage() {}
 func (*FlowSchemaSpec) Descriptor() ([]byte, []int) {
-	return fileDescriptor_803504887082f044, []int{4}
+	return fileDescriptor_803504887082f044, []int{5}
 }
 func (m *FlowSchemaSpec) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -186,7 +214,7 @@ var xxx_messageInfo_FlowSchemaSpec proto.InternalMessageInfo
 func (m *FlowSchemaStatus) Reset()      { *m = FlowSchemaStatus{} }
 func (*FlowSchemaStatus) ProtoMessage() {}
 func (*FlowSchemaStatus) Descriptor() ([]byte, []int) {
-	return fileDescriptor_803504887082f044, []int{5}
+	return fileDescriptor_803504887082f044, []int{6}
 }
 func (m *FlowSchemaStatus) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -214,7 +242,7 @@ var xxx_messageInfo_FlowSchemaStatus proto.InternalMessageInfo
 func (m *GroupSubject) Reset()      { *m = GroupSubject{} }
 func (*GroupSubject) ProtoMessage() {}
 func (*GroupSubject) Descriptor() ([]byte, []int) {
-	return fileDescriptor_803504887082f044, []int{6}
+	return fileDescriptor_803504887082f044, []int{7}
 }
 func (m *GroupSubject) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -242,7 +270,7 @@ var xxx_messageInfo_GroupSubject proto.InternalMessageInfo
 func (m *LimitResponse) Reset()      { *m = LimitResponse{} }
 func (*LimitResponse) ProtoMessage() {}
 func (*LimitResponse) Descriptor() ([]byte, []int) {
-	return fileDescriptor_803504887082f044, []int{7}
+	return fileDescriptor_803504887082f044, []int{8}
 }
 func (m *LimitResponse) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -270,7 +298,7 @@ var xxx_messageInfo_LimitResponse proto.InternalMessageInfo
 func (m *LimitedPriorityLevelConfiguration) Reset()      { *m = LimitedPriorityLevelConfiguration{} }
 func (*LimitedPriorityLevelConfiguration) ProtoMessage() {}
 func (*LimitedPriorityLevelConfiguration) Descriptor() ([]byte, []int) {
-	return fileDescriptor_803504887082f044, []int{8}
+	return fileDescriptor_803504887082f044, []int{9}
 }
 func (m *LimitedPriorityLevelConfiguration) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -298,7 +326,7 @@ var xxx_messageInfo_LimitedPriorityLevelConfiguration proto.InternalMessageInfo
 func (m *NonResourcePolicyRule) Reset()      { *m = NonResourcePolicyRule{} }
 func (*NonResourcePolicyRule) ProtoMessage() {}
 func (*NonResourcePolicyRule) Descriptor() ([]byte, []int) {
-	return fileDescriptor_803504887082f044, []int{9}
+	return fileDescriptor_803504887082f044, []int{10}
 }
 func (m *NonResourcePolicyRule) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -326,7 +354,7 @@ var xxx_messageInfo_NonResourcePolicyRule proto.InternalMessageInfo
 func (m *PolicyRulesWithSubjects) Reset()      { *m = PolicyRulesWithSubjects{} }
 func (*PolicyRulesWithSubjects) ProtoMessage() {}
 func (*PolicyRulesWithSubjects) Descriptor() ([]byte, []int) {
-	return fileDescriptor_803504887082f044, []int{10}
+	return fileDescriptor_803504887082f044, []int{11}
 }
 func (m *PolicyRulesWithSubjects) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -354,7 +382,7 @@ var xxx_messageInfo_PolicyRulesWithSubjects proto.InternalMessageInfo
 func (m *PriorityLevelConfiguration) Reset()      { *m = PriorityLevelConfiguration{} }
 func (*PriorityLevelConfiguration) ProtoMessage() {}
 func (*PriorityLevelConfiguration) Descriptor() ([]byte, []int) {
-	return fileDescriptor_803504887082f044, []int{11}
+	return fileDescriptor_803504887082f044, []int{12}
 }
 func (m *PriorityLevelConfiguration) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -382,7 +410,7 @@ var xxx_messageInfo_PriorityLevelConfiguration proto.InternalMessageInfo
 func (m *PriorityLevelConfigurationCondition) Reset()      { *m = PriorityLevelConfigurationCondition{} }
 func (*PriorityLevelConfigurationCondition) ProtoMessage() {}
 func (*PriorityLevelConfigurationCondition) Descriptor() ([]byte, []int) {
-	return fileDescriptor_803504887082f044, []int{12}
+	return fileDescriptor_803504887082f044, []int{13}
 }
 func (m *PriorityLevelConfigurationCondition) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -410,7 +438,7 @@ var xxx_messageInfo_PriorityLevelConfigurationCondition proto.InternalMessageInf
 func (m *PriorityLevelConfigurationList) Reset()      { *m = PriorityLevelConfigurationList{} }
 func (*PriorityLevelConfigurationList) ProtoMessage() {}
 func (*PriorityLevelConfigurationList) Descriptor() ([]byte, []int) {
-	return fileDescriptor_803504887082f044, []int{13}
+	return fileDescriptor_803504887082f044, []int{14}
 }
 func (m *PriorityLevelConfigurationList) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -438,7 +466,7 @@ var xxx_messageInfo_PriorityLevelConfigurationList proto.InternalMessageInfo
 func (m *PriorityLevelConfigurationReference) Reset()      { *m = PriorityLevelConfigurationReference{} }
 func (*PriorityLevelConfigurationReference) ProtoMessage() {}
 func (*PriorityLevelConfigurationReference) Descriptor() ([]byte, []int) {
-	return fileDescriptor_803504887082f044, []int{14}
+	return fileDescriptor_803504887082f044, []int{15}
 }
 func (m *PriorityLevelConfigurationReference) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -466,7 +494,7 @@ var xxx_messageInfo_PriorityLevelConfigurationReference proto.InternalMessageInf
 func (m *PriorityLevelConfigurationSpec) Reset()      { *m = PriorityLevelConfigurationSpec{} }
 func (*PriorityLevelConfigurationSpec) ProtoMessage() {}
 func (*PriorityLevelConfigurationSpec) Descriptor() ([]byte, []int) {
-	return fileDescriptor_803504887082f044, []int{15}
+	return fileDescriptor_803504887082f044, []int{16}
 }
 func (m *PriorityLevelConfigurationSpec) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -494,7 +522,7 @@ var xxx_messageInfo_PriorityLevelConfigurationSpec proto.InternalMessageInfo
 func (m *PriorityLevelConfigurationStatus) Reset()      { *m = PriorityLevelConfigurationStatus{} }
 func (*PriorityLevelConfigurationStatus) ProtoMessage() {}
 func (*PriorityLevelConfigurationStatus) Descriptor() ([]byte, []int) {
-	return fileDescriptor_803504887082f044, []int{16}
+	return fileDescriptor_803504887082f044, []int{17}
 }
 func (m *PriorityLevelConfigurationStatus) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -522,7 +550,7 @@ var xxx_messageInfo_PriorityLevelConfigurationStatus proto.InternalMessageInfo
 func (m *QueuingConfiguration) Reset()      { *m = QueuingConfiguration{} }
 func (*QueuingConfiguration) ProtoMessage() {}
 func (*QueuingConfiguration) Descriptor() ([]byte, []int) {
-	return fileDescriptor_803504887082f044, []int{17}
+	return fileDescriptor_803504887082f044, []int{18}
 }
 func (m *QueuingConfiguration) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -550,7 +578,7 @@ var xxx_messageInfo_QueuingConfiguration proto.InternalMessageInfo
 func (m *ResourcePolicyRule) Reset()      { *m = ResourcePolicyRule{} }
 func (*ResourcePolicyRule) ProtoMessage() {}
 func (*ResourcePolicyRule) Descriptor() ([]byte, []int) {
-	return fileDescriptor_803504887082f044, []int{18}
+	return fileDescriptor_803504887082f044, []int{19}
 }
 func (m *ResourcePolicyRule) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -578,7 +606,7 @@ var xxx_messageInfo_ResourcePolicyRule proto.InternalMessageInfo
 func (m *ServiceAccountSubject) Reset()      { *m = ServiceAccountSubject{} }
 func (*ServiceAccountSubject) ProtoMessage() {}
 func (*ServiceAccountSubject) Descriptor() ([]byte, []int) {
-	return fileDescriptor_803504887082f044, []int{19}
+	return fileDescriptor_803504887082f044, []int{20}
 }
 func (m *ServiceAccountSubject) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -606,7 +634,7 @@ var xxx_messageInfo_ServiceAccountSubject proto.InternalMessageInfo
 func (m *Subject) Reset()      { *m = Subject{} }
 func (*Subject) ProtoMessage() {}
 func (*Subject) Descriptor() ([]byte, []int) {
-	return fileDescriptor_803504887082f044, []int{20}
+	return fileDescriptor_803504887082f044, []int{21}
 }
 func (m *Subject) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -634,7 +662,7 @@ var xxx_messageInfo_Subject proto.InternalMessageInfo
 func (m *UserSubject) Reset()      { *m = UserSubject{} }
 func (*UserSubject) ProtoMessage() {}
 func (*UserSubject) Descriptor() ([]byte, []int) {
-	return fileDescriptor_803504887082f044, []int{21}
+	return fileDescriptor_803504887082f044, []int{22}
 }
 func (m *UserSubject) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -660,6 +688,7 @@ func (m *UserSubject) XXX_DiscardUnknown() {
 var xxx_messageInfo_UserSubject proto.InternalMessageInfo
 
 func init() {
+	proto.RegisterType((*ExemptPriorityLevelConfiguration)(nil), "k8s.io.api.flowcontrol.v1beta3.ExemptPriorityLevelConfiguration")
 	proto.RegisterType((*FlowDistinguisherMethod)(nil), "k8s.io.api.flowcontrol.v1beta3.FlowDistinguisherMethod")
 	proto.RegisterType((*FlowSchema)(nil), "k8s.io.api.flowcontrol.v1beta3.FlowSchema")
 	proto.RegisterType((*FlowSchemaCondition)(nil), "k8s.io.api.flowcontrol.v1beta3.FlowSchemaCondition")
@@ -689,104 +718,141 @@ func init() {
 }
 
 var fileDescriptor_803504887082f044 = []byte{
-	// 1552 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xec, 0x58, 0x4d, 0x6f, 0xdb, 0x46,
-	0x13, 0x36, 0x65, 0xc9, 0xb6, 0xd6, 0x9f, 0x59, 0xc7, 0xb0, 0x5e, 0x07, 0x90, 0x1c, 0xbe, 0xc0,
-	0x9b, 0xb7, 0x4d, 0x42, 0xe5, 0xb3, 0x49, 0x5b, 0xf4, 0x23, 0x74, 0xda, 0x34, 0x8d, 0xed, 0x38,
-	0xeb, 0xa4, 0x2d, 0xd2, 0x00, 0x0d, 0x45, 0xad, 0xa9, 0x8d, 0x25, 0x92, 0xd9, 0x25, 0x65, 0xb8,
-	0xb9, 0x14, 0xfd, 0x05, 0x3d, 0xb7, 0xc7, 0x1e, 0x7a, 0xef, 0x1f, 0xe8, 0xb1, 0x41, 0x4f, 0x39,
-	0xe6, 0xa4, 0x36, 0xea, 0xa9, 0xff, 0xa0, 0x0d, 0x50, 0xa0, 0xd8, 0xe5, 0x92, 0x14, 0xa9, 0x0f,
-	0x0a, 0x09, 0x90, 0x53, 0x6f, 0xe6, 0xcc, 0x33, 0xcf, 0xec, 0xcc, 0xce, 0xcc, 0x8e, 0x0c, 0xae,
-	0xed, 0x5f, 0x66, 0x1a, 0x71, 0xaa, 0xfb, 0x7e, 0x0d, 0x53, 0x1b, 0x7b, 0x98, 0x55, 0xdb, 0xd8,
-	0xae, 0x3b, 0xb4, 0x2a, 0x15, 0x86, 0x4b, 0xaa, 0x7b, 0x4d, 0xe7, 0xc0, 0x74, 0x6c, 0x8f, 0x3a,
-	0xcd, 0x6a, 0xfb, 0x6c, 0x0d, 0x7b, 0xc6, 0xf9, 0xaa, 0x85, 0x6d, 0x4c, 0x0d, 0x0f, 0xd7, 0x35,
-	0x97, 0x3a, 0x9e, 0x03, 0xcb, 0x01, 0x5e, 0x33, 0x5c, 0xa2, 0xf5, 0xe0, 0x35, 0x89, 0x5f, 0x3b,
-	0x6d, 0x11, 0xaf, 0xe1, 0xd7, 0x34, 0xd3, 0x69, 0x55, 0x2d, 0xc7, 0x72, 0xaa, 0xc2, 0xac, 0xe6,
-	0xef, 0x89, 0x2f, 0xf1, 0x21, 0xfe, 0x0a, 0xe8, 0xd6, 0x2e, 0xc4, 0xee, 0x5b, 0x86, 0xd9, 0x20,
-	0x36, 0xa6, 0x87, 0x55, 0x77, 0xdf, 0xe2, 0x02, 0x56, 0x6d, 0x61, 0xcf, 0xa8, 0xb6, 0xcf, 0xa6,
-	0x0f, 0xb1, 0x56, 0x1d, 0x66, 0x45, 0x7d, 0xdb, 0x23, 0x2d, 0xdc, 0x67, 0xf0, 0x46, 0x96, 0x01,
-	0x33, 0x1b, 0xb8, 0x65, 0xa4, 0xed, 0xd4, 0xbb, 0x60, 0xf5, 0xc3, 0xa6, 0x73, 0x70, 0x95, 0x30,
-	0x8f, 0xd8, 0x96, 0x4f, 0x58, 0x03, 0xd3, 0x2d, 0xec, 0x35, 0x9c, 0x3a, 0x7c, 0x0f, 0xe4, 0xbd,
-	0x43, 0x17, 0x97, 0x94, 0x75, 0xe5, 0xff, 0x45, 0xfd, 0xe4, 0xe3, 0x4e, 0x65, 0xa2, 0xdb, 0xa9,
-	0xe4, 0x6f, 0x1f, 0xba, 0xf8, 0x79, 0xa7, 0x72, 0x6c, 0x88, 0x19, 0x57, 0x23, 0x61, 0xa8, 0x7e,
-	0x9b, 0x03, 0x80, 0xa3, 0x76, 0x85, 0x6b, 0x78, 0x1f, 0xcc, 0xf0, 0x70, 0xeb, 0x86, 0x67, 0x08,
-	0xce, 0xd9, 0x73, 0x67, 0xb4, 0x38, 0xd7, 0xd1, 0xa9, 0x35, 0x77, 0xdf, 0xe2, 0x02, 0xa6, 0x71,
-	0xb4, 0xd6, 0x3e, 0xab, 0xdd, 0xac, 0x3d, 0xc0, 0xa6, 0xb7, 0x85, 0x3d, 0x43, 0x87, 0xf2, 0x14,
-	0x20, 0x96, 0xa1, 0x88, 0x15, 0xee, 0x80, 0x3c, 0x73, 0xb1, 0x59, 0xca, 0x09, 0x76, 0x4d, 0x1b,
-	0x7d, 0x93, 0x5a, 0x7c, 0xb6, 0x5d, 0x17, 0x9b, 0xfa, 0x5c, 0x18, 0x21, 0xff, 0x42, 0x82, 0x09,
-	0x7e, 0x06, 0xa6, 0x98, 0x67, 0x78, 0x3e, 0x2b, 0x4d, 0xf6, 0x9d, 0x38, 0x8b, 0x53, 0xd8, 0xe9,
-	0x0b, 0x92, 0x75, 0x2a, 0xf8, 0x46, 0x92, 0x4f, 0x7d, 0x9a, 0x03, 0xcb, 0x31, 0x78, 0xc3, 0xb1,
-	0xeb, 0xc4, 0x23, 0x8e, 0x0d, 0xdf, 0x4e, 0x64, 0xfd, 0x44, 0x2a, 0xeb, 0xab, 0x03, 0x4c, 0xe2,
-	0x8c, 0xc3, 0x37, 0xa3, 0xe3, 0xe6, 0x84, 0xf9, 0xf1, 0xa4, 0xf3, 0xe7, 0x9d, 0xca, 0x62, 0x64,
-	0x96, 0x3c, 0x0f, 0x6c, 0x03, 0xd8, 0x34, 0x98, 0x77, 0x9b, 0x1a, 0x36, 0x0b, 0x68, 0x49, 0x0b,
-	0xcb, 0xa8, 0x5f, 0x1f, 0xef, 0x9e, 0xb8, 0x85, 0xbe, 0x26, 0x5d, 0xc2, 0xcd, 0x3e, 0x36, 0x34,
-	0xc0, 0x03, 0xfc, 0x1f, 0x98, 0xa2, 0xd8, 0x60, 0x8e, 0x5d, 0xca, 0x8b, 0x23, 0x47, 0xf9, 0x42,
-	0x42, 0x8a, 0xa4, 0x16, 0xbe, 0x06, 0xa6, 0x5b, 0x98, 0x31, 0xc3, 0xc2, 0xa5, 0x82, 0x00, 0x2e,
-	0x4a, 0xe0, 0xf4, 0x56, 0x20, 0x46, 0xa1, 0x5e, 0xfd, 0x49, 0x01, 0x0b, 0x71, 0x9e, 0x36, 0x09,
-	0xf3, 0xe0, 0xbd, 0xbe, 0xda, 0xd3, 0xc6, 0x8b, 0x89, 0x5b, 0x8b, 0xca, 0x5b, 0x92, 0xee, 0x66,
-	0x42, 0x49, 0x4f, 0xdd, 0xdd, 0x04, 0x05, 0xe2, 0xe1, 0x16, 0xcf, 0xfa, 0x64, 0x2a, 0x5d, 0x19,
-	0x45, 0xa2, 0xcf, 0x4b, 0xda, 0xc2, 0x75, 0x4e, 0x80, 0x02, 0x1e, 0xf5, 0x8f, 0xc9, 0xde, 0x08,
-	0x78, 0x3d, 0xc2, 0x1f, 0x14, 0xb0, 0xe6, 0x52, 0xe2, 0x50, 0xe2, 0x1d, 0x6e, 0xe2, 0x36, 0x6e,
-	0x6e, 0x38, 0xf6, 0x1e, 0xb1, 0x7c, 0x6a, 0xf0, 0x54, 0xca, 0xa0, 0x36, 0xb2, 0x3c, 0xef, 0x0c,
-	0x65, 0x40, 0x78, 0x0f, 0x53, 0x6c, 0x9b, 0x58, 0x57, 0xe5, 0x91, 0xd6, 0x46, 0x80, 0x47, 0x1c,
-	0x05, 0x7e, 0x0c, 0x60, 0xcb, 0xf0, 0x78, 0x46, 0xad, 0x1d, 0x8a, 0x4d, 0x5c, 0xe7, 0xac, 0xa2,
-	0x20, 0x0b, 0x71, 0x75, 0x6c, 0xf5, 0x21, 0xd0, 0x00, 0x2b, 0xf8, 0xb5, 0x02, 0x96, 0xeb, 0xfd,
-	0x43, 0x46, 0xd6, 0xe5, 0xa5, 0x71, 0x12, 0x3d, 0x60, 0x46, 0xe9, 0xab, 0xdd, 0x4e, 0x65, 0x79,
-	0x80, 0x02, 0x0d, 0x72, 0x06, 0xef, 0x81, 0x02, 0xf5, 0x9b, 0x98, 0x95, 0xf2, 0xe2, 0x7a, 0x33,
-	0xbd, 0xee, 0x38, 0x4d, 0x62, 0x1e, 0x22, 0x6e, 0xf2, 0x29, 0xf1, 0x1a, 0xbb, 0xbe, 0x98, 0x55,
-	0x2c, 0xbe, 0x6b, 0xa1, 0x42, 0x01, 0xa9, 0xfa, 0x08, 0x2c, 0xa5, 0x87, 0x06, 0xb4, 0x00, 0x30,
-	0xc3, 0x3e, 0x65, 0x25, 0x45, 0xb8, 0x3d, 0x3f, 0x7e, 0x55, 0x45, 0x3d, 0x1e, 0xcf, 0xcb, 0x48,
-	0xc4, 0x50, 0x0f, 0xb5, 0x7a, 0x06, 0xcc, 0x5d, 0xa3, 0x8e, 0xef, 0xca, 0x33, 0xc2, 0x75, 0x90,
-	0xb7, 0x8d, 0x56, 0x38, 0x7d, 0xa2, 0x89, 0xb8, 0x6d, 0xb4, 0x30, 0x12, 0x1a, 0xf5, 0x7b, 0x05,
-	0xcc, 0x6f, 0x92, 0x16, 0xf1, 0x10, 0x66, 0xae, 0x63, 0x33, 0x0c, 0x2f, 0x26, 0x26, 0xd6, 0xf1,
-	0xd4, 0xc4, 0x3a, 0x92, 0x00, 0xf7, 0xcc, 0xaa, 0xcf, 0xc1, 0xf4, 0x43, 0x1f, 0xfb, 0xc4, 0xb6,
-	0xe4, 0xbc, 0xbe, 0x90, 0x15, 0xe0, 0xad, 0x00, 0x9e, 0xa8, 0x36, 0x7d, 0x96, 0x8f, 0x00, 0xa9,
-	0x41, 0x21, 0xa3, 0xfa, 0x77, 0x0e, 0x1c, 0x17, 0x8e, 0x71, 0x7d, 0x78, 0x15, 0xc3, 0x7b, 0xa0,
-	0x64, 0x3b, 0x2d, 0x62, 0x1b, 0x5c, 0x6e, 0xfa, 0x94, 0xd7, 0xff, 0xe1, 0x6e, 0xc3, 0xa0, 0x98,
-	0x89, 0x68, 0x0a, 0xfa, 0xba, 0x8c, 0xa6, 0xb4, 0x3d, 0x04, 0x87, 0x86, 0x32, 0xc0, 0x07, 0x60,
-	0xbe, 0xd9, 0x1b, 0xbb, 0x0c, 0xf3, 0x74, 0x56, 0x98, 0x89, 0x84, 0xe9, 0x2b, 0xf2, 0x04, 0xc9,
-	0xa4, 0xa3, 0x24, 0x35, 0x7c, 0x07, 0x2c, 0x36, 0xb1, 0x5d, 0x37, 0x6a, 0x4d, 0xbc, 0x83, 0xa9,
-	0x89, 0x6d, 0x4f, 0xb4, 0x48, 0x41, 0x5f, 0xee, 0x76, 0x2a, 0x8b, 0x9b, 0x49, 0x15, 0x4a, 0x63,
-	0xe1, 0x4d, 0xb0, 0x52, 0x73, 0x28, 0x75, 0x0e, 0x88, 0x6d, 0x09, 0x3f, 0x21, 0x49, 0x5e, 0x90,
-	0xfc, 0xa7, 0xdb, 0xa9, 0xac, 0xe8, 0x83, 0x00, 0x68, 0xb0, 0x9d, 0x7a, 0x00, 0x56, 0xb6, 0xf9,
-	0x4c, 0x61, 0x8e, 0x4f, 0x4d, 0x1c, 0x37, 0x04, 0xac, 0x80, 0x42, 0x1b, 0xd3, 0x5a, 0x50, 0xd4,
-	0x45, 0xbd, 0xc8, 0xdb, 0xe1, 0x13, 0x2e, 0x40, 0x81, 0x9c, 0x47, 0x62, 0xc7, 0x96, 0x77, 0xd0,
-	0x26, 0x2b, 0x4d, 0x09, 0xa8, 0x88, 0x64, 0x3b, 0xa9, 0x42, 0x69, 0xac, 0xda, 0xc9, 0x81, 0xd5,
-	0x21, 0xfd, 0x07, 0xef, 0x80, 0x19, 0x26, 0xff, 0x96, 0x3d, 0x75, 0x22, 0xeb, 0x2e, 0xa4, 0x6d,
-	0x3c, 0xfd, 0x43, 0x32, 0x14, 0x51, 0x41, 0x07, 0xcc, 0x53, 0x79, 0x04, 0xe1, 0x53, 0xbe, 0x02,
-	0xe7, 0xb2, 0xb8, 0xfb, 0xb3, 0x13, 0x5f, 0x36, 0xea, 0x25, 0x44, 0x49, 0x7e, 0xf8, 0x08, 0x2c,
-	0xf5, 0x84, 0x1d, 0xf8, 0x9c, 0x14, 0x3e, 0x2f, 0x66, 0xf9, 0x1c, 0x78, 0x29, 0x7a, 0x49, 0xba,
-	0x5d, 0xda, 0x4e, 0xd1, 0xa2, 0x3e, 0x47, 0xea, 0x2f, 0x39, 0x30, 0xe2, 0x61, 0x78, 0x05, 0x4b,
-	0xde, 0xfd, 0xc4, 0x92, 0xf7, 0xee, 0x8b, 0xbf, 0x78, 0x43, 0x97, 0xbe, 0x46, 0x6a, 0xe9, 0x7b,
-	0xff, 0x25, 0x7c, 0x8c, 0x5e, 0x02, 0xff, 0xcc, 0x81, 0xff, 0x0e, 0x37, 0x8e, 0x97, 0xc2, 0x1b,
-	0x89, 0x11, 0x7b, 0x29, 0x35, 0x62, 0x4f, 0x8c, 0x41, 0xf1, 0xef, 0x92, 0x98, 0x5a, 0x12, 0x7f,
-	0x55, 0x40, 0x79, 0x78, 0xde, 0x5e, 0xc1, 0xd2, 0xf8, 0x45, 0x72, 0x69, 0x7c, 0xeb, 0xc5, 0x8b,
-	0x6c, 0xc8, 0x12, 0x79, 0x6d, 0x54, 0x6d, 0x45, 0xeb, 0xde, 0x18, 0x4f, 0xfe, 0xcf, 0x23, 0x53,
-	0x25, 0xb6, 0xd3, 0x8c, 0x5f, 0x2d, 0x09, 0xeb, 0x0f, 0x6c, 0xfe, 0xf4, 0xb4, 0xf8, 0xeb, 0x11,
-	0x14, 0x64, 0x03, 0x4c, 0x37, 0x83, 0xb7, 0x5a, 0x36, 0xf5, 0x95, 0xb1, 0x9e, 0xc8, 0x51, 0x4f,
-	0x7b, 0xb0, 0x16, 0x48, 0x18, 0x0a, 0xe9, 0xd5, 0xef, 0x14, 0xb0, 0x9e, 0xd5, 0xac, 0xf0, 0x60,
-	0xc0, 0xf2, 0xf5, 0x12, 0x8b, 0xf5, 0xf8, 0xcb, 0xd8, 0x8f, 0x0a, 0x38, 0x3a, 0x68, 0xc7, 0xe1,
-	0xe5, 0xcf, 0x17, 0x9b, 0x68, 0x2b, 0x89, 0xca, 0xff, 0x96, 0x90, 0x22, 0xa9, 0x85, 0xa7, 0xc0,
-	0x4c, 0xc3, 0xb0, 0xeb, 0xbb, 0xe4, 0xcb, 0x70, 0xdf, 0x8e, 0x0a, 0xf0, 0x23, 0x29, 0x47, 0x11,
-	0x02, 0x5e, 0x05, 0x4b, 0xc2, 0x6e, 0x13, 0xdb, 0x96, 0xd7, 0x10, 0xb9, 0x92, 0x4b, 0x43, 0xf4,
-	0x1e, 0xdc, 0x4a, 0xe9, 0x51, 0x9f, 0x85, 0xfa, 0x97, 0x02, 0xe0, 0x8b, 0xbc, 0xf3, 0x27, 0x41,
-	0xd1, 0x70, 0x89, 0x58, 0x3e, 0x83, 0x16, 0x28, 0xea, 0xf3, 0xdd, 0x4e, 0xa5, 0x78, 0x65, 0xe7,
-	0x7a, 0x20, 0x44, 0xb1, 0x9e, 0x83, 0xc3, 0x27, 0x30, 0x78, 0xea, 0x24, 0x38, 0x74, 0xcc, 0x50,
-	0xac, 0x87, 0x97, 0xc1, 0x9c, 0xd9, 0xf4, 0x99, 0x87, 0xe9, 0xae, 0xe9, 0xb8, 0x58, 0x8c, 0x8c,
-	0x19, 0xfd, 0xa8, 0x8c, 0x69, 0x6e, 0xa3, 0x47, 0x87, 0x12, 0x48, 0xa8, 0x01, 0xc0, 0x0b, 0x9e,
-	0xb9, 0x06, 0xf7, 0x53, 0x10, 0x7e, 0x16, 0xf8, 0x85, 0x6d, 0x47, 0x52, 0xd4, 0x83, 0x50, 0x1f,
-	0x80, 0x95, 0x5d, 0x4c, 0xdb, 0xc4, 0xc4, 0x57, 0x4c, 0xd3, 0xf1, 0x6d, 0x2f, 0x5c, 0xa3, 0xab,
-	0xa0, 0x18, 0xc1, 0x64, 0x4f, 0x1c, 0x91, 0xfe, 0x8b, 0x11, 0x17, 0x8a, 0x31, 0x51, 0x13, 0xe6,
-	0x86, 0x37, 0x61, 0x0e, 0x4c, 0xc7, 0xf4, 0xf9, 0x7d, 0x62, 0xd7, 0x25, 0xf3, 0xb1, 0x10, 0x7d,
-	0x83, 0xd8, 0xf5, 0xe7, 0x9d, 0xca, 0xac, 0x84, 0xf1, 0x4f, 0x24, 0x80, 0xf0, 0x3a, 0xc8, 0xfb,
-	0x0c, 0x53, 0xd9, 0x5e, 0x27, 0xb3, 0x8a, 0xf9, 0x0e, 0xc3, 0x34, 0xdc, 0x7c, 0x66, 0x38, 0x33,
-	0x17, 0x20, 0x41, 0x01, 0xb7, 0x40, 0xc1, 0xe2, 0x97, 0x22, 0xa7, 0xfe, 0xa9, 0x2c, 0xae, 0xde,
-	0x9f, 0x17, 0x41, 0x19, 0x08, 0x09, 0x0a, 0x58, 0xe0, 0x43, 0xb0, 0xc0, 0x12, 0x29, 0x14, 0xd7,
-	0x35, 0xc6, 0x26, 0x33, 0x30, 0xf1, 0x3a, 0xec, 0x76, 0x2a, 0x0b, 0x49, 0x15, 0x4a, 0x39, 0x50,
-	0xab, 0x60, 0xb6, 0x27, 0xc0, 0xec, 0xf9, 0xa7, 0x5f, 0x7d, 0xfc, 0xac, 0x3c, 0xf1, 0xe4, 0x59,
-	0x79, 0xe2, 0xe9, 0xb3, 0xf2, 0xc4, 0x57, 0xdd, 0xb2, 0xf2, 0xb8, 0x5b, 0x56, 0x9e, 0x74, 0xcb,
-	0xca, 0xd3, 0x6e, 0x59, 0xf9, 0xad, 0x5b, 0x56, 0xbe, 0xf9, 0xbd, 0x3c, 0x71, 0xb7, 0x3c, 0xfa,
-	0xff, 0x8c, 0xff, 0x04, 0x00, 0x00, 0xff, 0xff, 0x98, 0x4a, 0x24, 0x86, 0xa1, 0x14, 0x00, 0x00,
+	// 1604 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xec, 0x58, 0xcb, 0x73, 0xdb, 0x54,
+	0x17, 0x8f, 0x1c, 0x3b, 0x89, 0x4f, 0x9e, 0xbd, 0x69, 0x26, 0xfe, 0xd2, 0x6f, 0xec, 0x54, 0xdf,
+	0xcc, 0x57, 0xa0, 0xad, 0xdc, 0x27, 0x2d, 0x30, 0x3c, 0xaa, 0xb4, 0x94, 0xd2, 0x24, 0x4d, 0x6f,
+	0x5a, 0xe8, 0x94, 0xce, 0x50, 0x59, 0xbe, 0xb1, 0xd5, 0x58, 0x8f, 0xea, 0x4a, 0x0e, 0xa1, 0x1b,
+	0x86, 0xbf, 0x80, 0x35, 0x2c, 0x59, 0xb0, 0x62, 0xc3, 0x96, 0x05, 0x4b, 0x3a, 0xac, 0xba, 0xec,
+	0xca, 0x50, 0xb3, 0xe2, 0x3f, 0x80, 0xce, 0x30, 0xc3, 0xdc, 0xab, 0x2b, 0xc9, 0xf2, 0x4b, 0x9e,
+	0x74, 0xa6, 0x2b, 0x76, 0xd1, 0x79, 0xfc, 0xce, 0xbd, 0xe7, 0x9e, 0xc7, 0xcf, 0x81, 0xab, 0xbb,
+	0x17, 0xa9, 0x62, 0xd8, 0xe5, 0x5d, 0xbf, 0x42, 0x5c, 0x8b, 0x78, 0x84, 0x96, 0x9b, 0xc4, 0xaa,
+	0xda, 0x6e, 0x59, 0x28, 0x34, 0xc7, 0x28, 0xef, 0x34, 0xec, 0x3d, 0xdd, 0xb6, 0x3c, 0xd7, 0x6e,
+	0x94, 0x9b, 0xa7, 0x2b, 0xc4, 0xd3, 0xce, 0x96, 0x6b, 0xc4, 0x22, 0xae, 0xe6, 0x91, 0xaa, 0xe2,
+	0xb8, 0xb6, 0x67, 0xa3, 0x62, 0x60, 0xaf, 0x68, 0x8e, 0xa1, 0x74, 0xd8, 0x2b, 0xc2, 0x7e, 0xe5,
+	0x64, 0xcd, 0xf0, 0xea, 0x7e, 0x45, 0xd1, 0x6d, 0xb3, 0x5c, 0xb3, 0x6b, 0x76, 0x99, 0xbb, 0x55,
+	0xfc, 0x1d, 0xfe, 0xc5, 0x3f, 0xf8, 0x5f, 0x01, 0xdc, 0xca, 0xb9, 0x38, 0xbc, 0xa9, 0xe9, 0x75,
+	0xc3, 0x22, 0xee, 0x7e, 0xd9, 0xd9, 0xad, 0x31, 0x01, 0x2d, 0x9b, 0xc4, 0xd3, 0xca, 0xcd, 0xd3,
+	0xdd, 0x87, 0x58, 0x29, 0x0f, 0xf2, 0x72, 0x7d, 0xcb, 0x33, 0x4c, 0xd2, 0xe3, 0xf0, 0x7a, 0x9a,
+	0x03, 0xd5, 0xeb, 0xc4, 0xd4, 0xba, 0xfd, 0xe4, 0x1f, 0x25, 0x58, 0xbd, 0xf2, 0x19, 0x31, 0x1d,
+	0x6f, 0xcb, 0x35, 0x6c, 0xd7, 0xf0, 0xf6, 0xd7, 0x49, 0x93, 0x34, 0xd6, 0x6c, 0x6b, 0xc7, 0xa8,
+	0xf9, 0xae, 0xe6, 0x19, 0xb6, 0x85, 0xee, 0x40, 0xc1, 0xb2, 0x4d, 0xc3, 0xd2, 0x98, 0x5c, 0xf7,
+	0x5d, 0x97, 0x58, 0xfa, 0xfe, 0x76, 0x5d, 0x73, 0x09, 0x2d, 0x48, 0xab, 0xd2, 0x2b, 0x39, 0xf5,
+	0xbf, 0xed, 0x56, 0xa9, 0xb0, 0x39, 0xc0, 0x06, 0x0f, 0xf4, 0x46, 0x6f, 0xc3, 0x7c, 0x83, 0x58,
+	0x55, 0xad, 0xd2, 0x20, 0x5b, 0xc4, 0xd5, 0x89, 0xe5, 0x15, 0x32, 0x1c, 0x70, 0xb1, 0xdd, 0x2a,
+	0xcd, 0xaf, 0x27, 0x55, 0xb8, 0xdb, 0x56, 0xbe, 0x0b, 0xcb, 0xef, 0x37, 0xec, 0xbd, 0xcb, 0x06,
+	0xf5, 0x0c, 0xab, 0xe6, 0x1b, 0xb4, 0x4e, 0xdc, 0x0d, 0xe2, 0xd5, 0xed, 0x2a, 0x7a, 0x17, 0xb2,
+	0xde, 0xbe, 0x43, 0xf8, 0xf9, 0xf2, 0xea, 0xf1, 0xc7, 0xad, 0xd2, 0x58, 0xbb, 0x55, 0xca, 0xde,
+	0xda, 0x77, 0xc8, 0xf3, 0x56, 0xe9, 0xc8, 0x00, 0x37, 0xa6, 0xc6, 0xdc, 0x51, 0xfe, 0x3a, 0x03,
+	0xc0, 0xac, 0xb6, 0x79, 0xe2, 0xd0, 0x7d, 0x98, 0x62, 0x8f, 0x55, 0xd5, 0x3c, 0x8d, 0x63, 0x4e,
+	0x9f, 0x39, 0xa5, 0xc4, 0x95, 0x12, 0xe5, 0x5c, 0x71, 0x76, 0x6b, 0x4c, 0x40, 0x15, 0x66, 0xad,
+	0x34, 0x4f, 0x2b, 0x37, 0x2a, 0x0f, 0x88, 0xee, 0x6d, 0x10, 0x4f, 0x53, 0x91, 0x38, 0x05, 0xc4,
+	0x32, 0x1c, 0xa1, 0xa2, 0x2d, 0xc8, 0x52, 0x87, 0xe8, 0x3c, 0x01, 0xd3, 0x67, 0x14, 0x65, 0x78,
+	0x1d, 0x2a, 0xf1, 0xd9, 0xb6, 0x1d, 0xa2, 0xab, 0x33, 0xe1, 0x0d, 0xd9, 0x17, 0xe6, 0x48, 0xe8,
+	0x0e, 0x4c, 0x50, 0x4f, 0xf3, 0x7c, 0x5a, 0x18, 0xef, 0x39, 0x71, 0x1a, 0x26, 0xf7, 0x53, 0xe7,
+	0x04, 0xea, 0x44, 0xf0, 0x8d, 0x05, 0x9e, 0xfc, 0x34, 0x03, 0x8b, 0xb1, 0xf1, 0x9a, 0x6d, 0x55,
+	0x0d, 0x5e, 0x29, 0x6f, 0x25, 0xb2, 0x7e, 0xac, 0x2b, 0xeb, 0xcb, 0x7d, 0x5c, 0xe2, 0x8c, 0xa3,
+	0x37, 0xa2, 0xe3, 0x66, 0xb8, 0xfb, 0xd1, 0x64, 0xf0, 0xe7, 0xad, 0xd2, 0x7c, 0xe4, 0x96, 0x3c,
+	0x0f, 0x6a, 0x02, 0x6a, 0x68, 0xd4, 0xbb, 0xe5, 0x6a, 0x16, 0x0d, 0x60, 0x0d, 0x93, 0x88, 0x5b,
+	0xbf, 0x36, 0xda, 0x3b, 0x31, 0x0f, 0x75, 0x45, 0x84, 0x44, 0xeb, 0x3d, 0x68, 0xb8, 0x4f, 0x04,
+	0xf4, 0x7f, 0x98, 0x70, 0x89, 0x46, 0x6d, 0xab, 0x90, 0xe5, 0x47, 0x8e, 0xf2, 0x85, 0xb9, 0x14,
+	0x0b, 0x2d, 0x7a, 0x15, 0x26, 0x4d, 0x42, 0xa9, 0x56, 0x23, 0x85, 0x1c, 0x37, 0x9c, 0x17, 0x86,
+	0x93, 0x1b, 0x81, 0x18, 0x87, 0x7a, 0xf9, 0x27, 0x09, 0xe6, 0xe2, 0x3c, 0xad, 0x1b, 0xd4, 0x43,
+	0xf7, 0x7a, 0x6a, 0x4f, 0x19, 0xed, 0x4e, 0xcc, 0x9b, 0x57, 0xde, 0x82, 0x08, 0x37, 0x15, 0x4a,
+	0x3a, 0xea, 0xee, 0x06, 0xe4, 0x0c, 0x8f, 0x98, 0x2c, 0xeb, 0xe3, 0x5d, 0xe9, 0x4a, 0x29, 0x12,
+	0x75, 0x56, 0xc0, 0xe6, 0xae, 0x31, 0x00, 0x1c, 0xe0, 0xc8, 0x7f, 0x8c, 0x77, 0xde, 0x80, 0xd5,
+	0x23, 0xfa, 0x4e, 0x82, 0x15, 0x67, 0xe0, 0x80, 0x11, 0x97, 0x5a, 0x4b, 0x8b, 0x3c, 0x78, 0x44,
+	0x61, 0xb2, 0x43, 0xd8, 0x5c, 0x21, 0xaa, 0x2c, 0x8e, 0xb4, 0x32, 0xc4, 0x78, 0xc8, 0x51, 0xd0,
+	0x87, 0x80, 0x4c, 0xcd, 0x63, 0x19, 0xad, 0x6d, 0xb9, 0x44, 0x27, 0x55, 0x86, 0x2a, 0x86, 0x52,
+	0x54, 0x1d, 0x1b, 0x3d, 0x16, 0xb8, 0x8f, 0x17, 0xfa, 0x52, 0x82, 0xc5, 0x6a, 0xef, 0x90, 0x11,
+	0x75, 0x79, 0x61, 0x94, 0x44, 0xf7, 0x99, 0x51, 0xea, 0x72, 0xbb, 0x55, 0x5a, 0xec, 0xa3, 0xc0,
+	0xfd, 0x82, 0xa1, 0x7b, 0x90, 0x73, 0xfd, 0x06, 0xa1, 0x85, 0x2c, 0x7f, 0xde, 0xd4, 0xa8, 0x5b,
+	0x76, 0xc3, 0xd0, 0xf7, 0x31, 0x73, 0xf9, 0xd8, 0xf0, 0xea, 0xdb, 0x3e, 0x9f, 0x55, 0x34, 0x7e,
+	0x6b, 0xae, 0xc2, 0x01, 0xa8, 0xfc, 0x08, 0x16, 0xba, 0x87, 0x06, 0xaa, 0x01, 0xe8, 0x61, 0x9f,
+	0xb2, 0x05, 0xc1, 0xc2, 0x9e, 0x1d, 0xbd, 0xaa, 0xa2, 0x1e, 0x8f, 0xe7, 0x65, 0x24, 0xa2, 0xb8,
+	0x03, 0x5a, 0x3e, 0x05, 0x33, 0x57, 0x5d, 0xdb, 0x77, 0xc4, 0x19, 0xd1, 0x2a, 0x64, 0x2d, 0xcd,
+	0x0c, 0xa7, 0x4f, 0x34, 0x11, 0x37, 0x35, 0x93, 0x60, 0xae, 0x91, 0xbf, 0x95, 0x60, 0x76, 0xdd,
+	0x30, 0x0d, 0x0f, 0x13, 0xea, 0xd8, 0x16, 0x25, 0xe8, 0x7c, 0x62, 0x62, 0x1d, 0xed, 0x9a, 0x58,
+	0x87, 0x12, 0xc6, 0x1d, 0xb3, 0xea, 0x13, 0x98, 0x7c, 0xe8, 0x13, 0xdf, 0xb0, 0x6a, 0x62, 0x5e,
+	0x9f, 0x4b, 0xbb, 0xe0, 0xcd, 0xc0, 0x3c, 0x51, 0x6d, 0xea, 0x34, 0x1b, 0x01, 0x42, 0x83, 0x43,
+	0x44, 0xf9, 0xef, 0x0c, 0x1c, 0xe5, 0x81, 0x49, 0x75, 0xc8, 0x56, 0xbe, 0x97, 0xba, 0x95, 0x57,
+	0xc5, 0x6d, 0x0e, 0xb2, 0x99, 0x1f, 0xc0, 0x6c, 0xa3, 0xf3, 0xee, 0xe2, 0x9a, 0x27, 0xd3, 0xae,
+	0x99, 0x48, 0x98, 0xba, 0x24, 0x4e, 0x90, 0x4c, 0x3a, 0x4e, 0x42, 0xf7, 0x63, 0x01, 0xe3, 0xa3,
+	0xb3, 0x00, 0x74, 0x03, 0x96, 0x2a, 0xb6, 0xeb, 0xda, 0x7b, 0x86, 0x55, 0xe3, 0x71, 0x42, 0x90,
+	0x2c, 0x07, 0xf9, 0x4f, 0xbb, 0x55, 0x5a, 0x52, 0xfb, 0x19, 0xe0, 0xfe, 0x7e, 0xf2, 0x1e, 0x2c,
+	0x6d, 0xb2, 0x99, 0x42, 0x6d, 0xdf, 0xd5, 0x49, 0xdc, 0x10, 0xa8, 0x04, 0xb9, 0x26, 0x71, 0x2b,
+	0x41, 0x51, 0xe7, 0xd5, 0x3c, 0x6b, 0x87, 0x8f, 0x98, 0x00, 0x07, 0x72, 0x76, 0x13, 0x2b, 0xf6,
+	0xbc, 0x8d, 0xd7, 0x69, 0x61, 0x82, 0x9b, 0xf2, 0x9b, 0x6c, 0x26, 0x55, 0xb8, 0xdb, 0x56, 0x6e,
+	0x65, 0x60, 0x79, 0x40, 0xff, 0xa1, 0xdb, 0x30, 0x45, 0xc5, 0xdf, 0xa2, 0xa7, 0x8e, 0xa5, 0xbd,
+	0x85, 0xf0, 0x8d, 0xa7, 0x7f, 0x08, 0x86, 0x23, 0x28, 0x64, 0xc3, 0xac, 0x2b, 0x8e, 0xc0, 0x63,
+	0x8a, 0x2d, 0x70, 0x26, 0x0d, 0xbb, 0x37, 0x3b, 0xf1, 0x63, 0xe3, 0x4e, 0x40, 0x9c, 0xc4, 0x47,
+	0x8f, 0x60, 0xa1, 0xe3, 0xda, 0x41, 0xcc, 0x71, 0x1e, 0xf3, 0x7c, 0x5a, 0xcc, 0xbe, 0x8f, 0xa2,
+	0x16, 0x44, 0xd8, 0x85, 0xcd, 0x2e, 0x58, 0xdc, 0x13, 0x48, 0xfe, 0x25, 0x03, 0x43, 0x16, 0xc3,
+	0x4b, 0x20, 0x79, 0xf7, 0x13, 0x24, 0xef, 0x9d, 0x83, 0x6f, 0xbc, 0x81, 0xa4, 0xaf, 0xde, 0x45,
+	0xfa, 0xde, 0x7b, 0x81, 0x18, 0xc3, 0x49, 0xe0, 0x9f, 0x19, 0xf8, 0xdf, 0x60, 0xe7, 0x98, 0x14,
+	0x5e, 0x4f, 0x8c, 0xd8, 0x0b, 0x5d, 0x23, 0xf6, 0xd8, 0x08, 0x10, 0xff, 0x92, 0xc4, 0x2e, 0x92,
+	0xf8, 0xab, 0x04, 0xc5, 0xc1, 0x79, 0x7b, 0x09, 0xa4, 0xf1, 0xd3, 0x24, 0x69, 0x7c, 0xf3, 0xe0,
+	0x45, 0x36, 0x80, 0x44, 0x5e, 0x1d, 0x56, 0x5b, 0x11, 0xdd, 0x1b, 0x61, 0xe5, 0x7f, 0x9f, 0x19,
+	0x96, 0x2a, 0xce, 0x4e, 0x53, 0x7e, 0xb5, 0x24, 0xbc, 0xaf, 0x58, 0x6c, 0xf5, 0x98, 0x6c, 0x7b,
+	0x04, 0x05, 0x59, 0x87, 0xc9, 0x46, 0xb0, 0xab, 0x45, 0x53, 0x5f, 0x1a, 0x69, 0x45, 0x0e, 0x5b,
+	0xed, 0x01, 0x2d, 0x10, 0x66, 0x38, 0x84, 0x47, 0x55, 0x98, 0x20, 0xfc, 0xa7, 0xfa, 0xa8, 0x9d,
+	0x9d, 0xf6, 0xc3, 0x5e, 0x05, 0x56, 0x85, 0x81, 0x15, 0x16, 0xd8, 0xf2, 0x37, 0x12, 0xac, 0xa6,
+	0x8d, 0x04, 0xb4, 0xd7, 0x87, 0xe2, 0xbd, 0x00, 0x7d, 0x1f, 0x9d, 0xf2, 0xfd, 0x20, 0xc1, 0xe1,
+	0x7e, 0x4c, 0x8a, 0x35, 0x19, 0xa3, 0x4f, 0x11, 0xf7, 0x89, 0x9a, 0xec, 0x26, 0x97, 0x62, 0xa1,
+	0x45, 0x27, 0x60, 0xaa, 0xae, 0x59, 0xd5, 0x6d, 0xe3, 0xf3, 0x90, 0xd5, 0x47, 0x65, 0xfe, 0x81,
+	0x90, 0xe3, 0xc8, 0x02, 0x5d, 0x86, 0x05, 0xee, 0xb7, 0x4e, 0xac, 0x9a, 0x57, 0xe7, 0x2f, 0x22,
+	0xa8, 0x49, 0xb4, 0x75, 0x6e, 0x76, 0xe9, 0x71, 0x8f, 0x87, 0xfc, 0x97, 0x04, 0xe8, 0x20, 0x6c,
+	0xe2, 0x38, 0xe4, 0x35, 0xc7, 0xe0, 0x14, 0x37, 0x68, 0xb4, 0xbc, 0x3a, 0xdb, 0x6e, 0x95, 0xf2,
+	0x97, 0xb6, 0xae, 0x05, 0x42, 0x1c, 0xeb, 0x99, 0x71, 0xb8, 0x68, 0x83, 0x85, 0x2a, 0x8c, 0xc3,
+	0xc0, 0x14, 0xc7, 0x7a, 0x74, 0x11, 0x66, 0xf4, 0x86, 0x4f, 0x3d, 0xe2, 0x6e, 0xeb, 0xb6, 0x43,
+	0xf8, 0x60, 0x9a, 0x52, 0x0f, 0x8b, 0x3b, 0xcd, 0xac, 0x75, 0xe8, 0x70, 0xc2, 0x12, 0x29, 0x00,
+	0xac, 0xad, 0xa8, 0xa3, 0xb1, 0x38, 0x39, 0x1e, 0x67, 0x8e, 0x3d, 0xd8, 0x66, 0x24, 0xc5, 0x1d,
+	0x16, 0xf2, 0x03, 0x58, 0xda, 0x26, 0x6e, 0xd3, 0xd0, 0xc9, 0x25, 0x5d, 0xb7, 0x7d, 0xcb, 0x0b,
+	0xc9, 0x7a, 0x19, 0xf2, 0x91, 0x99, 0xe8, 0xbc, 0x43, 0x22, 0x7e, 0x3e, 0xc2, 0xc2, 0xb1, 0x4d,
+	0xd4, 0xea, 0x99, 0x81, 0xad, 0xfe, 0x73, 0x06, 0x26, 0x63, 0xf8, 0xec, 0xae, 0x61, 0x55, 0x05,
+	0xf2, 0x91, 0xd0, 0xfa, 0xba, 0x61, 0x55, 0x9f, 0xb7, 0x4a, 0xd3, 0xc2, 0x8c, 0x7d, 0x62, 0x6e,
+	0x88, 0xae, 0x41, 0xd6, 0xa7, 0xc4, 0x15, 0x4d, 0x7c, 0x3c, 0xad, 0x98, 0x6f, 0x53, 0xe2, 0x86,
+	0xfc, 0x6a, 0x8a, 0x21, 0x33, 0x01, 0xe6, 0x10, 0x68, 0x03, 0x72, 0x35, 0xf6, 0x28, 0xa2, 0x4f,
+	0x4f, 0xa4, 0x61, 0x75, 0xfe, 0x88, 0x09, 0xca, 0x80, 0x4b, 0x70, 0x80, 0x82, 0x1e, 0xc2, 0x1c,
+	0x4d, 0xa4, 0x90, 0x3f, 0xd7, 0x08, 0x7c, 0xa9, 0x6f, 0xe2, 0x55, 0xd4, 0x6e, 0x95, 0xe6, 0x92,
+	0x2a, 0xdc, 0x15, 0x40, 0x2e, 0xc3, 0x74, 0xc7, 0x05, 0xd3, 0xa7, 0xac, 0x7a, 0xf9, 0xf1, 0xb3,
+	0xe2, 0xd8, 0x93, 0x67, 0xc5, 0xb1, 0xa7, 0xcf, 0x8a, 0x63, 0x5f, 0xb4, 0x8b, 0xd2, 0xe3, 0x76,
+	0x51, 0x7a, 0xd2, 0x2e, 0x4a, 0x4f, 0xdb, 0x45, 0xe9, 0xb7, 0x76, 0x51, 0xfa, 0xea, 0xf7, 0xe2,
+	0xd8, 0xdd, 0xe2, 0xf0, 0xff, 0xc5, 0xfe, 0x13, 0x00, 0x00, 0xff, 0xff, 0x1d, 0xc5, 0x22, 0x46,
+	0xc5, 0x15, 0x00, 0x00,
+}
+
+func (m *ExemptPriorityLevelConfiguration) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *ExemptPriorityLevelConfiguration) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ExemptPriorityLevelConfiguration) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.LendablePercent != nil {
+		i = encodeVarintGenerated(dAtA, i, uint64(*m.LendablePercent))
+		i--
+		dAtA[i] = 0x10
+	}
+	if m.NominalConcurrencyShares != nil {
+		i = encodeVarintGenerated(dAtA, i, uint64(*m.NominalConcurrencyShares))
+		i--
+		dAtA[i] = 0x8
+	}
+	return len(dAtA) - i, nil
 }
 
 func (m *FlowDistinguisherMethod) Marshal() (dAtA []byte, err error) {
@@ -1490,6 +1556,18 @@ func (m *PriorityLevelConfigurationSpec) MarshalToSizedBuffer(dAtA []byte) (int,
 	_ = i
 	var l int
 	_ = l
+	if m.Exempt != nil {
+		{
+			size, err := m.Exempt.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintGenerated(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x1a
+	}
 	if m.Limited != nil {
 		{
 			size, err := m.Limited.MarshalToSizedBuffer(dAtA[:i])
@@ -1782,6 +1860,21 @@ func encodeVarintGenerated(dAtA []byte, offset int, v uint64) int {
 	dAtA[offset] = uint8(v)
 	return base
 }
+func (m *ExemptPriorityLevelConfiguration) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.NominalConcurrencyShares != nil {
+		n += 1 + sovGenerated(uint64(*m.NominalConcurrencyShares))
+	}
+	if m.LendablePercent != nil {
+		n += 1 + sovGenerated(uint64(*m.LendablePercent))
+	}
+	return n
+}
+
 func (m *FlowDistinguisherMethod) Size() (n int) {
 	if m == nil {
 		return 0
@@ -2047,6 +2140,10 @@ func (m *PriorityLevelConfigurationSpec) Size() (n int) {
 		l = m.Limited.Size()
 		n += 1 + l + sovGenerated(uint64(l))
 	}
+	if m.Exempt != nil {
+		l = m.Exempt.Size()
+		n += 1 + l + sovGenerated(uint64(l))
+	}
 	return n
 }
 
@@ -2164,6 +2261,17 @@ func sovGenerated(x uint64) (n int) {
 func sozGenerated(x uint64) (n int) {
 	return sovGenerated(uint64((x << 1) ^ uint64((int64(x) >> 63))))
 }
+func (this *ExemptPriorityLevelConfiguration) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&ExemptPriorityLevelConfiguration{`,
+		`NominalConcurrencyShares:` + valueToStringGenerated(this.NominalConcurrencyShares) + `,`,
+		`LendablePercent:` + valueToStringGenerated(this.LendablePercent) + `,`,
+		`}`,
+	}, "")
+	return s
+}
 func (this *FlowDistinguisherMethod) String() string {
 	if this == nil {
 		return "nil"
@@ -2380,6 +2488,7 @@ func (this *PriorityLevelConfigurationSpec) String() string {
 	s := strings.Join([]string{`&PriorityLevelConfigurationSpec{`,
 		`Type:` + fmt.Sprintf("%v", this.Type) + `,`,
 		`Limited:` + strings.Replace(this.Limited.String(), "LimitedPriorityLevelConfiguration", "LimitedPriorityLevelConfiguration", 1) + `,`,
+		`Exempt:` + strings.Replace(this.Exempt.String(), "ExemptPriorityLevelConfiguration", "ExemptPriorityLevelConfiguration", 1) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -2467,6 +2576,96 @@ func valueToStringGenerated(v interface{}) string {
 	pv := reflect.Indirect(rv).Interface()
 	return fmt.Sprintf("*%v", pv)
 }
+func (m *ExemptPriorityLevelConfiguration) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowGenerated
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: ExemptPriorityLevelConfiguration: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: ExemptPriorityLevelConfiguration: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field NominalConcurrencyShares", wireType)
+			}
+			var v int32
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				v |= int32(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			m.NominalConcurrencyShares = &v
+		case 2:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field LendablePercent", wireType)
+			}
+			var v int32
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				v |= int32(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			m.LendablePercent = &v
+		default:
+			iNdEx = preIndex
+			skippy, err := skipGenerated(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
 func (m *FlowDistinguisherMethod) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
@@ -4546,6 +4745,42 @@ func (m *PriorityLevelConfigurationSpec) Unmarshal(dAtA []byte) error {
 				return err
 			}
 			iNdEx = postIndex
+		case 3:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Exempt", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.Exempt == nil {
+				m.Exempt = &ExemptPriorityLevelConfiguration{}
+			}
+			if err := m.Exempt.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
 			skippy, err := skipGenerated(dAtA[iNdEx:])
diff --git a/vendor/k8s.io/api/flowcontrol/v1beta3/generated.proto b/vendor/k8s.io/api/flowcontrol/v1beta3/generated.proto
index adf9e8682..eda0f7829 100644
--- a/vendor/k8s.io/api/flowcontrol/v1beta3/generated.proto
+++ b/vendor/k8s.io/api/flowcontrol/v1beta3/generated.proto
@@ -28,6 +28,40 @@ import "k8s.io/apimachinery/pkg/runtime/schema/generated.proto";
 // Package-wide variables from generator "generated".
 option go_package = "k8s.io/api/flowcontrol/v1beta3";
 
+// ExemptPriorityLevelConfiguration describes the configurable aspects
+// of the handling of exempt requests.
+// In the mandatory exempt configuration object the values in the fields
+// here can be modified by authorized users, unlike the rest of the `spec`.
+message ExemptPriorityLevelConfiguration {
+  // `nominalConcurrencyShares` (NCS) contributes to the computation of the
+  // NominalConcurrencyLimit (NominalCL) of this level.
+  // This is the number of execution seats nominally reserved for this priority level.
+  // This DOES NOT limit the dispatching from this priority level
+  // but affects the other priority levels through the borrowing mechanism.
+  // The server's concurrency limit (ServerCL) is divided among all the
+  // priority levels in proportion to their NCS values:
+  //
+  // NominalCL(i)  = ceil( ServerCL * NCS(i) / sum_ncs )
+  // sum_ncs = sum[priority level k] NCS(k)
+  //
+  // Bigger numbers mean a larger nominal concurrency limit,
+  // at the expense of every other priority level.
+  // This field has a default value of zero.
+  // +optional
+  optional int32 nominalConcurrencyShares = 1;
+
+  // `lendablePercent` prescribes the fraction of the level's NominalCL that
+  // can be borrowed by other priority levels.  This value of this
+  // field must be between 0 and 100, inclusive, and it defaults to 0.
+  // The number of seats that other levels can borrow from this level, known
+  // as this level's LendableConcurrencyLimit (LendableCL), is defined as follows.
+  //
+  // LendableCL(i) = round( NominalCL(i) * lendablePercent(i)/100.0 )
+  //
+  // +optional
+  optional int32 lendablePercent = 2;
+}
+
 // FlowDistinguisherMethod specifies the method of a flow distinguisher.
 message FlowDistinguisherMethod {
   // `type` is the type of flow distinguisher method
@@ -168,10 +202,10 @@ message LimitedPriorityLevelConfiguration {
   // Limited priority levels in proportion to their NCS values:
   //
   // NominalCL(i)  = ceil( ServerCL * NCS(i) / sum_ncs )
-  // sum_ncs = sum[limited priority level k] NCS(k)
+  // sum_ncs = sum[priority level k] NCS(k)
   //
   // Bigger numbers mean a larger nominal concurrency limit,
-  // at the expense of every other Limited priority level.
+  // at the expense of every other priority level.
   // This field has a default value of 30.
   // +optional
   optional int32 nominalConcurrencyShares = 1;
@@ -334,6 +368,14 @@ message PriorityLevelConfigurationSpec {
   // This field must be non-empty if and only if `type` is `"Limited"`.
   // +optional
   optional LimitedPriorityLevelConfiguration limited = 2;
+
+  // `exempt` specifies how requests are handled for an exempt priority level.
+  // This field MUST be empty if `type` is `"Limited"`.
+  // This field MAY be non-empty if `type` is `"Exempt"`.
+  // If empty and `type` is `"Exempt"` then the default values
+  // for `ExemptPriorityLevelConfiguration` apply.
+  // +optional
+  optional ExemptPriorityLevelConfiguration exempt = 3;
 }
 
 // PriorityLevelConfigurationStatus represents the current state of a "request-priority".
diff --git a/vendor/k8s.io/api/flowcontrol/v1beta3/types.go b/vendor/k8s.io/api/flowcontrol/v1beta3/types.go
index 2baf2dc39..810941557 100644
--- a/vendor/k8s.io/api/flowcontrol/v1beta3/types.go
+++ b/vendor/k8s.io/api/flowcontrol/v1beta3/types.go
@@ -77,7 +77,9 @@ const (
 	//   is a boolean false or has an invalid boolean representation
 	//   (if the cluster operator sets it to 'false' it will be stomped)
 	// - any changes to the spec made by the cluster operator will be
-	//   stomped.
+	//   stomped, except for changes to the `nominalConcurrencyShares`
+	//   and `lendablePercent` fields of the PriorityLevelConfiguration
+	//   named "exempt".
 	//
 	// The kube-apiserver will apply updates on the suggested configuration if:
 	// - the cluster operator has enabled auto-update by setting the annotation
@@ -433,6 +435,14 @@ type PriorityLevelConfigurationSpec struct {
 	// This field must be non-empty if and only if `type` is `"Limited"`.
 	// +optional
 	Limited *LimitedPriorityLevelConfiguration `json:"limited,omitempty" protobuf:"bytes,2,opt,name=limited"`
+
+	// `exempt` specifies how requests are handled for an exempt priority level.
+	// This field MUST be empty if `type` is `"Limited"`.
+	// This field MAY be non-empty if `type` is `"Exempt"`.
+	// If empty and `type` is `"Exempt"` then the default values
+	// for `ExemptPriorityLevelConfiguration` apply.
+	// +optional
+	Exempt *ExemptPriorityLevelConfiguration `json:"exempt,omitempty" protobuf:"bytes,3,opt,name=exempt"`
 }
 
 // PriorityLevelEnablement indicates whether limits on execution are enabled for the priority level
@@ -462,10 +472,10 @@ type LimitedPriorityLevelConfiguration struct {
 	// Limited priority levels in proportion to their NCS values:
 	//
 	// NominalCL(i)  = ceil( ServerCL * NCS(i) / sum_ncs )
-	// sum_ncs = sum[limited priority level k] NCS(k)
+	// sum_ncs = sum[priority level k] NCS(k)
 	//
 	// Bigger numbers mean a larger nominal concurrency limit,
-	// at the expense of every other Limited priority level.
+	// at the expense of every other priority level.
 	// This field has a default value of 30.
 	// +optional
 	NominalConcurrencyShares int32 `json:"nominalConcurrencyShares" protobuf:"varint,1,opt,name=nominalConcurrencyShares"`
@@ -503,6 +513,43 @@ type LimitedPriorityLevelConfiguration struct {
 	BorrowingLimitPercent *int32 `json:"borrowingLimitPercent,omitempty" protobuf:"varint,4,opt,name=borrowingLimitPercent"`
 }
 
+// ExemptPriorityLevelConfiguration describes the configurable aspects
+// of the handling of exempt requests.
+// In the mandatory exempt configuration object the values in the fields
+// here can be modified by authorized users, unlike the rest of the `spec`.
+type ExemptPriorityLevelConfiguration struct {
+	// `nominalConcurrencyShares` (NCS) contributes to the computation of the
+	// NominalConcurrencyLimit (NominalCL) of this level.
+	// This is the number of execution seats nominally reserved for this priority level.
+	// This DOES NOT limit the dispatching from this priority level
+	// but affects the other priority levels through the borrowing mechanism.
+	// The server's concurrency limit (ServerCL) is divided among all the
+	// priority levels in proportion to their NCS values:
+	//
+	// NominalCL(i)  = ceil( ServerCL * NCS(i) / sum_ncs )
+	// sum_ncs = sum[priority level k] NCS(k)
+	//
+	// Bigger numbers mean a larger nominal concurrency limit,
+	// at the expense of every other priority level.
+	// This field has a default value of zero.
+	// +optional
+	NominalConcurrencyShares *int32 `json:"nominalConcurrencyShares,omitempty" protobuf:"varint,1,opt,name=nominalConcurrencyShares"`
+	// `lendablePercent` prescribes the fraction of the level's NominalCL that
+	// can be borrowed by other priority levels.  This value of this
+	// field must be between 0 and 100, inclusive, and it defaults to 0.
+	// The number of seats that other levels can borrow from this level, known
+	// as this level's LendableConcurrencyLimit (LendableCL), is defined as follows.
+	//
+	// LendableCL(i) = round( NominalCL(i) * lendablePercent(i)/100.0 )
+	//
+	// +optional
+	LendablePercent *int32 `json:"lendablePercent,omitempty" protobuf:"varint,2,opt,name=lendablePercent"`
+	// The `BorrowingCL` of an Exempt priority level is implicitly `ServerCL`.
+	// In other words, an exempt priority level
+	// has no meaningful limit on how much it borrows.
+	// There is no explicit representation of that here.
+}
+
 // LimitResponse defines how to handle requests that can not be executed right now.
 // +union
 type LimitResponse struct {
diff --git a/vendor/k8s.io/api/flowcontrol/v1beta3/types_swagger_doc_generated.go b/vendor/k8s.io/api/flowcontrol/v1beta3/types_swagger_doc_generated.go
index 728252c0c..fa76112a7 100644
--- a/vendor/k8s.io/api/flowcontrol/v1beta3/types_swagger_doc_generated.go
+++ b/vendor/k8s.io/api/flowcontrol/v1beta3/types_swagger_doc_generated.go
@@ -27,6 +27,16 @@ package v1beta3
 // Those methods can be generated by using hack/update-codegen.sh
 
 // AUTO-GENERATED FUNCTIONS START HERE. DO NOT EDIT.
+var map_ExemptPriorityLevelConfiguration = map[string]string{
+	"":                         "ExemptPriorityLevelConfiguration describes the configurable aspects of the handling of exempt requests. In the mandatory exempt configuration object the values in the fields here can be modified by authorized users, unlike the rest of the `spec`.",
+	"nominalConcurrencyShares": "`nominalConcurrencyShares` (NCS) contributes to the computation of the NominalConcurrencyLimit (NominalCL) of this level. This is the number of execution seats nominally reserved for this priority level. This DOES NOT limit the dispatching from this priority level but affects the other priority levels through the borrowing mechanism. The server's concurrency limit (ServerCL) is divided among all the priority levels in proportion to their NCS values:\n\nNominalCL(i)  = ceil( ServerCL * NCS(i) / sum_ncs ) sum_ncs = sum[priority level k] NCS(k)\n\nBigger numbers mean a larger nominal concurrency limit, at the expense of every other priority level. This field has a default value of zero.",
+	"lendablePercent":          "`lendablePercent` prescribes the fraction of the level's NominalCL that can be borrowed by other priority levels.  This value of this field must be between 0 and 100, inclusive, and it defaults to 0. The number of seats that other levels can borrow from this level, known as this level's LendableConcurrencyLimit (LendableCL), is defined as follows.\n\nLendableCL(i) = round( NominalCL(i) * lendablePercent(i)/100.0 )",
+}
+
+func (ExemptPriorityLevelConfiguration) SwaggerDoc() map[string]string {
+	return map_ExemptPriorityLevelConfiguration
+}
+
 var map_FlowDistinguisherMethod = map[string]string{
 	"":     "FlowDistinguisherMethod specifies the method of a flow distinguisher.",
 	"type": "`type` is the type of flow distinguisher method The supported types are \"ByUser\" and \"ByNamespace\". Required.",
@@ -112,7 +122,7 @@ func (LimitResponse) SwaggerDoc() map[string]string {
 
 var map_LimitedPriorityLevelConfiguration = map[string]string{
 	"":                         "LimitedPriorityLevelConfiguration specifies how to handle requests that are subject to limits. It addresses two issues:\n  - How are requests for this priority level limited?\n  - What should be done with requests that exceed the limit?",
-	"nominalConcurrencyShares": "`nominalConcurrencyShares` (NCS) contributes to the computation of the NominalConcurrencyLimit (NominalCL) of this level. This is the number of execution seats available at this priority level. This is used both for requests dispatched from this priority level as well as requests dispatched from other priority levels borrowing seats from this level. The server's concurrency limit (ServerCL) is divided among the Limited priority levels in proportion to their NCS values:\n\nNominalCL(i)  = ceil( ServerCL * NCS(i) / sum_ncs ) sum_ncs = sum[limited priority level k] NCS(k)\n\nBigger numbers mean a larger nominal concurrency limit, at the expense of every other Limited priority level. This field has a default value of 30.",
+	"nominalConcurrencyShares": "`nominalConcurrencyShares` (NCS) contributes to the computation of the NominalConcurrencyLimit (NominalCL) of this level. This is the number of execution seats available at this priority level. This is used both for requests dispatched from this priority level as well as requests dispatched from other priority levels borrowing seats from this level. The server's concurrency limit (ServerCL) is divided among the Limited priority levels in proportion to their NCS values:\n\nNominalCL(i)  = ceil( ServerCL * NCS(i) / sum_ncs ) sum_ncs = sum[priority level k] NCS(k)\n\nBigger numbers mean a larger nominal concurrency limit, at the expense of every other priority level. This field has a default value of 30.",
 	"limitResponse":            "`limitResponse` indicates what to do with requests that can not be executed right now",
 	"lendablePercent":          "`lendablePercent` prescribes the fraction of the level's NominalCL that can be borrowed by other priority levels. The value of this field must be between 0 and 100, inclusive, and it defaults to 0. The number of seats that other levels can borrow from this level, known as this level's LendableConcurrencyLimit (LendableCL), is defined as follows.\n\nLendableCL(i) = round( NominalCL(i) * lendablePercent(i)/100.0 )",
 	"borrowingLimitPercent":    "`borrowingLimitPercent`, if present, configures a limit on how many seats this priority level can borrow from other priority levels. The limit is known as this level's BorrowingConcurrencyLimit (BorrowingCL) and is a limit on the total number of seats that this level may borrow at any one time. This field holds the ratio of that limit to the level's nominal concurrency limit. When this field is non-nil, it must hold a non-negative integer and the limit is calculated as follows.\n\nBorrowingCL(i) = round( NominalCL(i) * borrowingLimitPercent(i)/100.0 )\n\nThe value of this field can be more than 100, implying that this priority level can borrow a number of seats that is greater than its own nominal concurrency limit (NominalCL). When this field is left `nil`, the limit is effectively infinite.",
@@ -190,6 +200,7 @@ var map_PriorityLevelConfigurationSpec = map[string]string{
 	"":        "PriorityLevelConfigurationSpec specifies the configuration of a priority level.",
 	"type":    "`type` indicates whether this priority level is subject to limitation on request execution.  A value of `\"Exempt\"` means that requests of this priority level are not subject to a limit (and thus are never queued) and do not detract from the capacity made available to other priority levels.  A value of `\"Limited\"` means that (a) requests of this priority level _are_ subject to limits and (b) some of the server's limited capacity is made available exclusively to this priority level. Required.",
 	"limited": "`limited` specifies how requests are handled for a Limited priority level. This field must be non-empty if and only if `type` is `\"Limited\"`.",
+	"exempt":  "`exempt` specifies how requests are handled for an exempt priority level. This field MUST be empty if `type` is `\"Limited\"`. This field MAY be non-empty if `type` is `\"Exempt\"`. If empty and `type` is `\"Exempt\"` then the default values for `ExemptPriorityLevelConfiguration` apply.",
 }
 
 func (PriorityLevelConfigurationSpec) SwaggerDoc() map[string]string {
diff --git a/vendor/k8s.io/api/flowcontrol/v1beta3/zz_generated.deepcopy.go b/vendor/k8s.io/api/flowcontrol/v1beta3/zz_generated.deepcopy.go
index ec02d2a9c..09fefa20a 100644
--- a/vendor/k8s.io/api/flowcontrol/v1beta3/zz_generated.deepcopy.go
+++ b/vendor/k8s.io/api/flowcontrol/v1beta3/zz_generated.deepcopy.go
@@ -25,6 +25,32 @@ import (
 	runtime "k8s.io/apimachinery/pkg/runtime"
 )
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ExemptPriorityLevelConfiguration) DeepCopyInto(out *ExemptPriorityLevelConfiguration) {
+	*out = *in
+	if in.NominalConcurrencyShares != nil {
+		in, out := &in.NominalConcurrencyShares, &out.NominalConcurrencyShares
+		*out = new(int32)
+		**out = **in
+	}
+	if in.LendablePercent != nil {
+		in, out := &in.LendablePercent, &out.LendablePercent
+		*out = new(int32)
+		**out = **in
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExemptPriorityLevelConfiguration.
+func (in *ExemptPriorityLevelConfiguration) DeepCopy() *ExemptPriorityLevelConfiguration {
+	if in == nil {
+		return nil
+	}
+	out := new(ExemptPriorityLevelConfiguration)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *FlowDistinguisherMethod) DeepCopyInto(out *FlowDistinguisherMethod) {
 	*out = *in
@@ -400,6 +426,11 @@ func (in *PriorityLevelConfigurationSpec) DeepCopyInto(out *PriorityLevelConfigu
 		*out = new(LimitedPriorityLevelConfiguration)
 		(*in).DeepCopyInto(*out)
 	}
+	if in.Exempt != nil {
+		in, out := &in.Exempt, &out.Exempt
+		*out = new(ExemptPriorityLevelConfiguration)
+		(*in).DeepCopyInto(*out)
+	}
 	return
 }
 
diff --git a/vendor/k8s.io/api/networking/v1/generated.pb.go b/vendor/k8s.io/api/networking/v1/generated.pb.go
index e9566d57e..daeaea5dc 100644
--- a/vendor/k8s.io/api/networking/v1/generated.pb.go
+++ b/vendor/k8s.io/api/networking/v1/generated.pb.go
@@ -776,38 +776,10 @@ func (m *NetworkPolicySpec) XXX_DiscardUnknown() {
 
 var xxx_messageInfo_NetworkPolicySpec proto.InternalMessageInfo
 
-func (m *NetworkPolicyStatus) Reset()      { *m = NetworkPolicyStatus{} }
-func (*NetworkPolicyStatus) ProtoMessage() {}
-func (*NetworkPolicyStatus) Descriptor() ([]byte, []int) {
-	return fileDescriptor_1c72867a70a7cc90, []int{26}
-}
-func (m *NetworkPolicyStatus) XXX_Unmarshal(b []byte) error {
-	return m.Unmarshal(b)
-}
-func (m *NetworkPolicyStatus) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	b = b[:cap(b)]
-	n, err := m.MarshalToSizedBuffer(b)
-	if err != nil {
-		return nil, err
-	}
-	return b[:n], nil
-}
-func (m *NetworkPolicyStatus) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_NetworkPolicyStatus.Merge(m, src)
-}
-func (m *NetworkPolicyStatus) XXX_Size() int {
-	return m.Size()
-}
-func (m *NetworkPolicyStatus) XXX_DiscardUnknown() {
-	xxx_messageInfo_NetworkPolicyStatus.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_NetworkPolicyStatus proto.InternalMessageInfo
-
 func (m *ServiceBackendPort) Reset()      { *m = ServiceBackendPort{} }
 func (*ServiceBackendPort) ProtoMessage() {}
 func (*ServiceBackendPort) Descriptor() ([]byte, []int) {
-	return fileDescriptor_1c72867a70a7cc90, []int{27}
+	return fileDescriptor_1c72867a70a7cc90, []int{26}
 }
 func (m *ServiceBackendPort) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -859,7 +831,6 @@ func init() {
 	proto.RegisterType((*NetworkPolicyPeer)(nil), "k8s.io.api.networking.v1.NetworkPolicyPeer")
 	proto.RegisterType((*NetworkPolicyPort)(nil), "k8s.io.api.networking.v1.NetworkPolicyPort")
 	proto.RegisterType((*NetworkPolicySpec)(nil), "k8s.io.api.networking.v1.NetworkPolicySpec")
-	proto.RegisterType((*NetworkPolicyStatus)(nil), "k8s.io.api.networking.v1.NetworkPolicyStatus")
 	proto.RegisterType((*ServiceBackendPort)(nil), "k8s.io.api.networking.v1.ServiceBackendPort")
 }
 
@@ -868,115 +839,112 @@ func init() {
 }
 
 var fileDescriptor_1c72867a70a7cc90 = []byte{
-	// 1715 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xbc, 0x58, 0x4b, 0x6f, 0x1b, 0x47,
-	0x12, 0xd6, 0x50, 0xa2, 0x48, 0x35, 0x25, 0x59, 0x6a, 0xdb, 0x58, 0xae, 0x16, 0x4b, 0x6a, 0x07,
-	0x6b, 0x5b, 0xbb, 0xb6, 0xc9, 0xb5, 0x6c, 0x2c, 0x76, 0x2f, 0x49, 0x3c, 0xb2, 0x2c, 0x2b, 0x96,
-	0x29, 0xa2, 0xc9, 0x38, 0x48, 0x90, 0x87, 0x47, 0xc3, 0x16, 0x35, 0xe6, 0x70, 0x7a, 0xd0, 0xd3,
-	0x54, 0xac, 0x20, 0x08, 0x72, 0xc9, 0x21, 0xb7, 0xdc, 0x72, 0x0e, 0xf2, 0x0b, 0x82, 0xe4, 0x10,
-	0x20, 0x48, 0x8c, 0x5c, 0x02, 0x1f, 0x0d, 0xe4, 0xe2, 0x4b, 0x88, 0x98, 0xf9, 0x17, 0x3a, 0x05,
-	0xfd, 0x98, 0x17, 0x1f, 0x22, 0x63, 0x18, 0x3a, 0x49, 0x5d, 0x55, 0xfd, 0x75, 0xbd, 0xab, 0x86,
-	0xe0, 0x66, 0xeb, 0x7f, 0x7e, 0xc9, 0x26, 0xe5, 0x56, 0x67, 0x0f, 0x53, 0x17, 0x33, 0xec, 0x97,
-	0x0f, 0xb1, 0xdb, 0x20, 0xb4, 0xac, 0x18, 0xa6, 0x67, 0x97, 0x5d, 0xcc, 0x3e, 0x20, 0xb4, 0x65,
-	0xbb, 0xcd, 0xf2, 0xe1, 0xb5, 0x72, 0x13, 0xbb, 0x98, 0x9a, 0x0c, 0x37, 0x4a, 0x1e, 0x25, 0x8c,
-	0xc0, 0xbc, 0x94, 0x2c, 0x99, 0x9e, 0x5d, 0x8a, 0x24, 0x4b, 0x87, 0xd7, 0x56, 0xae, 0x36, 0x6d,
-	0x76, 0xd0, 0xd9, 0x2b, 0x59, 0xa4, 0x5d, 0x6e, 0x92, 0x26, 0x29, 0x8b, 0x0b, 0x7b, 0x9d, 0x7d,
-	0x71, 0x12, 0x07, 0xf1, 0x9f, 0x04, 0x5a, 0xd1, 0x63, 0x4f, 0x5a, 0x84, 0xe2, 0x21, 0x8f, 0xad,
-	0xdc, 0x88, 0x64, 0xda, 0xa6, 0x75, 0x60, 0xbb, 0x98, 0x1e, 0x95, 0xbd, 0x56, 0x93, 0x13, 0xfc,
-	0x72, 0x1b, 0x33, 0x73, 0xd8, 0xad, 0xf2, 0xa8, 0x5b, 0xb4, 0xe3, 0x32, 0xbb, 0x8d, 0x07, 0x2e,
-	0xfc, 0x77, 0xdc, 0x05, 0xdf, 0x3a, 0xc0, 0x6d, 0x73, 0xe0, 0xde, 0xf5, 0x51, 0xf7, 0x3a, 0xcc,
-	0x76, 0xca, 0xb6, 0xcb, 0x7c, 0x46, 0xfb, 0x2f, 0xe9, 0x3f, 0x6a, 0xe0, 0xcc, 0x9d, 0x7a, 0xbd,
-	0xba, 0xed, 0x36, 0x29, 0xf6, 0xfd, 0xaa, 0xc9, 0x0e, 0xe0, 0x2a, 0x98, 0xf1, 0x4c, 0x76, 0x90,
-	0xd7, 0x56, 0xb5, 0xb5, 0x39, 0x63, 0xfe, 0x49, 0xb7, 0x38, 0xd5, 0xeb, 0x16, 0x67, 0x38, 0x0f,
-	0x09, 0x0e, 0xbc, 0x01, 0xb2, 0xfc, 0x6f, 0xfd, 0xc8, 0xc3, 0xf9, 0x69, 0x21, 0x95, 0xef, 0x75,
-	0x8b, 0xd9, 0xaa, 0xa2, 0x1d, 0xc7, 0xfe, 0x47, 0xa1, 0x24, 0xac, 0x81, 0xcc, 0x9e, 0x69, 0xb5,
-	0xb0, 0xdb, 0xc8, 0xa7, 0x56, 0xb5, 0xb5, 0xdc, 0xfa, 0x5a, 0x69, 0x54, 0xf8, 0x4a, 0x4a, 0x1f,
-	0x43, 0xca, 0x1b, 0x67, 0x94, 0x12, 0x19, 0x45, 0x40, 0x01, 0x92, 0xbe, 0x0f, 0xce, 0xc5, 0xf4,
-	0x47, 0x1d, 0x07, 0xdf, 0x37, 0x9d, 0x0e, 0x86, 0x15, 0x90, 0xe6, 0x0f, 0xfb, 0x79, 0x6d, 0x75,
-	0x7a, 0x2d, 0xb7, 0xfe, 0xaf, 0xd1, 0x4f, 0xf5, 0x99, 0x6f, 0x2c, 0xa8, 0xb7, 0xd2, 0xfc, 0xe4,
-	0x23, 0x09, 0xa3, 0xef, 0x82, 0xcc, 0x76, 0xd5, 0x70, 0x88, 0xd5, 0xe2, 0xfe, 0xb1, 0xec, 0x06,
-	0xed, 0xf7, 0xcf, 0xc6, 0xf6, 0x2d, 0x84, 0x04, 0x07, 0xea, 0x60, 0x16, 0x3f, 0xb2, 0xb0, 0xc7,
-	0xf2, 0xa9, 0xd5, 0xe9, 0xb5, 0x39, 0x03, 0xf4, 0xba, 0xc5, 0xd9, 0x4d, 0x41, 0x41, 0x8a, 0xa3,
-	0x7f, 0x9a, 0x02, 0x19, 0xf5, 0x2c, 0x7c, 0x00, 0xb2, 0x3c, 0x7d, 0x1a, 0x26, 0x33, 0x05, 0x6a,
-	0x6e, 0xfd, 0x3f, 0x31, 0x7d, 0xc3, 0x68, 0x96, 0xbc, 0x56, 0x93, 0x13, 0xfc, 0x12, 0x97, 0xe6,
-	0xba, 0xef, 0xee, 0x3d, 0xc4, 0x16, 0xbb, 0x87, 0x99, 0x69, 0x40, 0xa5, 0x07, 0x88, 0x68, 0x28,
-	0x44, 0x85, 0x5b, 0x60, 0xc6, 0xf7, 0xb0, 0xa5, 0x1c, 0x7f, 0x61, 0xac, 0xe3, 0x6b, 0x1e, 0xb6,
-	0x22, 0xd3, 0xf8, 0x09, 0x09, 0x00, 0xb8, 0x0b, 0x66, 0x7d, 0x66, 0xb2, 0x8e, 0x2f, 0x02, 0x9f,
-	0x5b, 0xbf, 0x34, 0x1e, 0x4a, 0x88, 0x1b, 0x8b, 0x0a, 0x6c, 0x56, 0x9e, 0x91, 0x82, 0xd1, 0x7f,
-	0xd2, 0xc0, 0x62, 0x32, 0xda, 0xf0, 0x3e, 0xc8, 0xf8, 0x98, 0x1e, 0xda, 0x16, 0xce, 0xcf, 0x88,
-	0x47, 0xca, 0xe3, 0x1f, 0x91, 0xf2, 0x41, 0xbe, 0xe4, 0x78, 0xae, 0x28, 0x1a, 0x0a, 0xc0, 0xe0,
-	0x9b, 0x20, 0x4b, 0xb1, 0x4f, 0x3a, 0xd4, 0xc2, 0x4a, 0xfb, 0xab, 0x71, 0x60, 0x5e, 0xf7, 0x1c,
-	0x92, 0x27, 0x6b, 0x63, 0x87, 0x58, 0xa6, 0x23, 0x5d, 0x89, 0xf0, 0x3e, 0xa6, 0xd8, 0xb5, 0xb0,
-	0x31, 0xcf, 0xb3, 0x1c, 0x29, 0x08, 0x14, 0x82, 0xf1, 0x2a, 0x9a, 0x57, 0x8a, 0x6c, 0x38, 0xe6,
-	0xa9, 0x04, 0x74, 0x27, 0x11, 0xd0, 0x7f, 0x8f, 0x75, 0x90, 0xd0, 0x6b, 0x54, 0x54, 0xf5, 0x1f,
-	0x34, 0xb0, 0x14, 0x17, 0xdc, 0xb1, 0x7d, 0x06, 0xdf, 0x19, 0x30, 0xa2, 0x34, 0x99, 0x11, 0xfc,
-	0xb6, 0x30, 0x61, 0x49, 0x3d, 0x95, 0x0d, 0x28, 0x31, 0x03, 0xee, 0x82, 0xb4, 0xcd, 0x70, 0xdb,
-	0x17, 0x25, 0x92, 0x5b, 0xbf, 0x38, 0x99, 0x05, 0x51, 0x75, 0x6e, 0xf3, 0xcb, 0x48, 0x62, 0xe8,
-	0xbf, 0x6a, 0xa0, 0x18, 0x17, 0xab, 0x9a, 0xd4, 0x6c, 0x63, 0x86, 0xa9, 0x1f, 0x06, 0x0f, 0xae,
-	0x81, 0xac, 0x59, 0xdd, 0xde, 0xa2, 0xa4, 0xe3, 0x05, 0xa5, 0xcb, 0x55, 0xbb, 0xa9, 0x68, 0x28,
-	0xe4, 0xf2, 0x02, 0x6f, 0xd9, 0xaa, 0x4b, 0xc5, 0x0a, 0xfc, 0xae, 0xed, 0x36, 0x90, 0xe0, 0x70,
-	0x09, 0xd7, 0x6c, 0x07, 0xcd, 0x2f, 0x94, 0xa8, 0x98, 0x6d, 0x8c, 0x04, 0x07, 0x16, 0x41, 0xda,
-	0xb7, 0x88, 0x27, 0x33, 0x78, 0xce, 0x98, 0xe3, 0x2a, 0xd7, 0x38, 0x01, 0x49, 0x3a, 0xbc, 0x0c,
-	0xe6, 0xb8, 0xa0, 0xef, 0x99, 0x16, 0xce, 0xa7, 0x85, 0xd0, 0x42, 0xaf, 0x5b, 0x9c, 0xab, 0x04,
-	0x44, 0x14, 0xf1, 0xf5, 0xaf, 0xfb, 0xe2, 0xc3, 0x43, 0x07, 0xd7, 0x01, 0xb0, 0x88, 0xcb, 0x28,
-	0x71, 0x1c, 0x1c, 0x74, 0xa3, 0x30, 0x69, 0x36, 0x42, 0x0e, 0x8a, 0x49, 0x41, 0x1b, 0x00, 0x2f,
-	0xf4, 0x8d, 0x4a, 0x9e, 0xff, 0x4f, 0xe6, 0xfa, 0x21, 0x3e, 0x35, 0x16, 0xf9, 0x53, 0x31, 0x46,
-	0x0c, 0x5c, 0xff, 0x46, 0x03, 0x39, 0x75, 0xff, 0x14, 0xd2, 0xe9, 0x76, 0x32, 0x9d, 0xfe, 0x31,
-	0x7e, 0xb4, 0x0c, 0xcf, 0xa4, 0xef, 0x34, 0xb0, 0x12, 0x68, 0x4d, 0xcc, 0x86, 0x61, 0x3a, 0xa6,
-	0x6b, 0x61, 0x1a, 0x74, 0xea, 0x15, 0x90, 0xb2, 0x83, 0xf4, 0x01, 0x0a, 0x20, 0xb5, 0x5d, 0x45,
-	0x29, 0xdb, 0x83, 0x57, 0x40, 0xf6, 0x80, 0xf8, 0x4c, 0x24, 0x86, 0x4c, 0x9d, 0x50, 0xe1, 0x3b,
-	0x8a, 0x8e, 0x42, 0x09, 0x58, 0x05, 0x69, 0x8f, 0x50, 0xe6, 0xe7, 0x67, 0x84, 0xc2, 0x97, 0xc7,
-	0x2a, 0x5c, 0x25, 0x94, 0xa9, 0x5e, 0x1a, 0x8d, 0x28, 0x8e, 0x80, 0x24, 0x90, 0xfe, 0x11, 0xf8,
-	0xeb, 0x10, 0xcd, 0xe5, 0x15, 0xf8, 0x3e, 0xc8, 0xd8, 0x92, 0xa9, 0x26, 0xe2, 0x8d, 0xb1, 0x0f,
-	0x0e, 0xb1, 0x3f, 0x1a, 0xc4, 0xc1, 0xc0, 0x0d, 0x50, 0xf5, 0xaf, 0x34, 0xb0, 0x3c, 0xa0, 0xa9,
-	0xd8, 0x25, 0x08, 0x65, 0xc2, 0x63, 0xe9, 0xd8, 0x2e, 0x41, 0x28, 0x43, 0x82, 0x03, 0xef, 0x82,
-	0xac, 0x58, 0x45, 0x2c, 0xe2, 0x28, 0xaf, 0x95, 0x03, 0xaf, 0x55, 0x15, 0xfd, 0xb8, 0x5b, 0xfc,
-	0xdb, 0xe0, 0x7e, 0x56, 0x0a, 0xd8, 0x28, 0x04, 0xe0, 0x55, 0x87, 0x29, 0x25, 0x54, 0x15, 0xa6,
-	0xa8, 0xba, 0x4d, 0x4e, 0x40, 0x92, 0xae, 0x7f, 0x19, 0x25, 0x25, 0xdf, 0x15, 0xb8, 0x7e, 0x3c,
-	0x22, 0xfd, 0xb3, 0x9c, 0xc7, 0x0b, 0x09, 0x0e, 0xf4, 0xc0, 0x92, 0xdd, 0xb7, 0x5c, 0x4c, 0xdc,
-	0x74, 0xc3, 0x1b, 0x46, 0x5e, 0x21, 0x2f, 0xf5, 0x73, 0xd0, 0x00, 0xba, 0xfe, 0x00, 0x0c, 0x48,
-	0xf1, 0x76, 0x7f, 0xc0, 0x98, 0x37, 0xa4, 0x70, 0x46, 0x6f, 0x33, 0xd1, 0xeb, 0x59, 0x61, 0x53,
-	0xbd, 0x5e, 0x45, 0x02, 0x45, 0xff, 0x4c, 0x03, 0xe7, 0x87, 0x0e, 0xce, 0xb0, 0xb1, 0x69, 0x23,
-	0x1b, 0x5b, 0x45, 0x45, 0x54, 0xfa, 0xe0, 0xca, 0x68, 0x4d, 0x92, 0xc8, 0x3c, 0xe2, 0xc3, 0xe2,
-	0xaf, 0xff, 0x9c, 0x0a, 0x23, 0x22, 0xba, 0xda, 0x6b, 0xa1, 0xbf, 0x45, 0xd7, 0xe1, 0x2f, 0xab,
-	0x1e, 0x7a, 0x2e, 0xe6, 0xbf, 0x90, 0x87, 0x06, 0xa4, 0x61, 0x03, 0x2c, 0x36, 0xf0, 0xbe, 0xd9,
-	0x71, 0x98, 0x7a, 0x5b, 0x79, 0x6d, 0xf2, 0x75, 0x13, 0xf6, 0xba, 0xc5, 0xc5, 0x5b, 0x09, 0x0c,
-	0xd4, 0x87, 0x09, 0x37, 0xc0, 0x34, 0x73, 0x82, 0x76, 0xf3, 0xcf, 0xb1, 0xd0, 0xf5, 0x9d, 0x9a,
-	0x91, 0x53, 0xe6, 0x4f, 0xd7, 0x77, 0x6a, 0x88, 0xdf, 0x86, 0xaf, 0x83, 0x34, 0xed, 0x38, 0x98,
-	0x2f, 0x53, 0xd3, 0x13, 0xed, 0x65, 0x3c, 0xa6, 0x51, 0xf9, 0xf3, 0x93, 0x8f, 0x24, 0x84, 0xfe,
-	0x31, 0x58, 0x48, 0x6c, 0x5c, 0xb0, 0x0d, 0xe6, 0x9d, 0x58, 0x09, 0x2b, 0x2f, 0x5c, 0xff, 0x53,
-	0x75, 0xaf, 0x1a, 0xce, 0x39, 0xf5, 0xe2, 0x7c, 0x9c, 0x87, 0x12, 0xf0, 0xba, 0x09, 0x40, 0x64,
-	0x2b, 0xaf, 0x44, 0x5e, 0x3e, 0xb2, 0xdb, 0xa8, 0x4a, 0xe4, 0x55, 0xe5, 0x23, 0x49, 0xe7, 0xd3,
-	0xcb, 0xc7, 0x16, 0xc5, 0xac, 0x12, 0xf5, 0xcb, 0x70, 0x7a, 0xd5, 0x42, 0x0e, 0x8a, 0x49, 0xe9,
-	0x5f, 0xa4, 0xc0, 0x42, 0x45, 0xaa, 0x5c, 0x25, 0x8e, 0x6d, 0x1d, 0x9d, 0xc2, 0xa2, 0x75, 0x2f,
-	0xb1, 0x68, 0x9d, 0xd0, 0xa6, 0x13, 0x8a, 0x8d, 0xdc, 0x9f, 0xdf, 0xe8, 0xdb, 0x9f, 0xaf, 0x4e,
-	0x0a, 0x78, 0xf2, 0x16, 0xfd, 0xad, 0x06, 0xfe, 0x92, 0x90, 0xdf, 0x8c, 0x7a, 0x5c, 0x38, 0x69,
-	0xb4, 0x71, 0x93, 0x26, 0x81, 0x20, 0x2a, 0x76, 0xe8, 0xa4, 0x81, 0x5b, 0x20, 0xc5, 0x88, 0x4a,
-	0xfd, 0x89, 0xe1, 0x30, 0xa6, 0xd1, 0xc8, 0xac, 0x13, 0x94, 0x62, 0x44, 0xff, 0x5e, 0x03, 0xf9,
-	0x84, 0x54, 0xbc, 0x37, 0xbf, 0x7c, 0xbd, 0xef, 0x81, 0x99, 0x7d, 0x4a, 0xda, 0x2f, 0xa2, 0x79,
-	0x18, 0xcb, 0xdb, 0x94, 0xb4, 0x91, 0x80, 0xd1, 0x1f, 0x6b, 0x60, 0x39, 0x21, 0x79, 0x0a, 0x7b,
-	0xce, 0x4e, 0x72, 0xcf, 0xb9, 0x34, 0xa1, 0x0d, 0x23, 0xb6, 0x9d, 0xc7, 0xa9, 0x3e, 0x0b, 0xb8,
-	0xad, 0x70, 0x1f, 0xe4, 0x3c, 0xd2, 0xa8, 0x61, 0x07, 0x5b, 0x8c, 0x0c, 0xeb, 0x1b, 0x27, 0x19,
-	0x61, 0xee, 0x61, 0x27, 0xb8, 0x6a, 0x9c, 0xe9, 0x75, 0x8b, 0xb9, 0x6a, 0x84, 0x85, 0xe2, 0xc0,
-	0xf0, 0x11, 0x58, 0x0e, 0x57, 0xdc, 0xf0, 0xb5, 0xd4, 0x8b, 0xbf, 0x76, 0xbe, 0xd7, 0x2d, 0x2e,
-	0x57, 0xfa, 0x11, 0xd1, 0xe0, 0x23, 0xf0, 0x0e, 0xc8, 0xd8, 0x9e, 0xf8, 0x9a, 0x57, 0x65, 0x78,
-	0xd2, 0xbe, 0x28, 0x3f, 0xfb, 0xe5, 0x37, 0xa5, 0x3a, 0xa0, 0xe0, 0xba, 0xfe, 0x4b, 0x7f, 0x0e,
-	0xf0, 0x84, 0x83, 0x5b, 0xb1, 0xa5, 0x46, 0x8e, 0xd2, 0xcb, 0x2f, 0xb6, 0xd0, 0x24, 0xa7, 0xed,
-	0xe8, 0xde, 0xd6, 0x61, 0xb6, 0x53, 0x92, 0xbf, 0xf1, 0x94, 0xb6, 0x5d, 0xb6, 0x4b, 0x6b, 0x8c,
-	0xda, 0x6e, 0x53, 0x4e, 0xfe, 0xd8, 0xb6, 0x75, 0x01, 0x64, 0xd4, 0x30, 0x16, 0x86, 0xa7, 0xa5,
-	0x55, 0x9b, 0x92, 0x84, 0x02, 0x9e, 0x7e, 0xdc, 0x9f, 0x17, 0x62, 0x34, 0x3f, 0x7c, 0x69, 0x79,
-	0x71, 0x56, 0x65, 0xe3, 0xe8, 0xdc, 0x78, 0x37, 0xda, 0x57, 0x65, 0xa6, 0xaf, 0x4f, 0x98, 0xe9,
-	0xf1, 0x41, 0x39, 0x72, 0x5b, 0x85, 0x6f, 0x81, 0x59, 0x2c, 0xd1, 0xe5, 0xe4, 0xbd, 0x36, 0x21,
-	0x7a, 0xd4, 0x56, 0xa3, 0x56, 0xac, 0x68, 0x0a, 0x10, 0xbe, 0xca, 0xbd, 0xc4, 0x65, 0xeb, 0x47,
-	0x1e, 0x96, 0xeb, 0xfd, 0x9c, 0xf1, 0x77, 0x69, 0x6c, 0x48, 0x3e, 0xe6, 0xdf, 0x4d, 0xe1, 0x11,
-	0xc5, 0x6f, 0xe8, 0x1f, 0x82, 0xb3, 0x43, 0x5a, 0x3f, 0xb4, 0xc4, 0xe7, 0x5e, 0xc3, 0x66, 0x36,
-	0x71, 0x83, 0x9e, 0x58, 0x9e, 0xcc, 0xf9, 0x1b, 0xc1, 0xbd, 0xc4, 0xf7, 0xa1, 0x82, 0x42, 0x31,
-	0x58, 0xfd, 0x3d, 0x00, 0x07, 0xf7, 0xb6, 0x09, 0xb6, 0xc2, 0x8b, 0x60, 0xd6, 0xed, 0xb4, 0xf7,
-	0xb0, 0xac, 0xdf, 0x74, 0xe4, 0x9c, 0x8a, 0xa0, 0x22, 0xc5, 0x35, 0x5e, 0x79, 0xf2, 0xbc, 0x30,
-	0xf5, 0xf4, 0x79, 0x61, 0xea, 0xd9, 0xf3, 0xc2, 0xd4, 0x27, 0xbd, 0x82, 0xf6, 0xa4, 0x57, 0xd0,
-	0x9e, 0xf6, 0x0a, 0xda, 0xb3, 0x5e, 0x41, 0xfb, 0xad, 0x57, 0xd0, 0x3e, 0xff, 0xbd, 0x30, 0xf5,
-	0x76, 0x7e, 0xd4, 0x0f, 0xc0, 0x7f, 0x04, 0x00, 0x00, 0xff, 0xff, 0x61, 0x0f, 0x0a, 0xd7, 0x34,
-	0x16, 0x00, 0x00,
+	// 1671 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xbc, 0x58, 0xcb, 0x6f, 0x1b, 0xd5,
+	0x1a, 0xcf, 0x38, 0x71, 0xec, 0x1c, 0x27, 0x69, 0x72, 0x6e, 0xab, 0xeb, 0x9b, 0xab, 0x6b, 0xe7,
+	0x8e, 0x68, 0x1b, 0x68, 0x6b, 0xd3, 0xb4, 0x42, 0xb0, 0x01, 0x3a, 0x69, 0x9a, 0x86, 0xa6, 0x8e,
+	0x75, 0x6c, 0x15, 0x81, 0x78, 0x74, 0x32, 0x3e, 0xb1, 0xa7, 0x1e, 0xcf, 0x19, 0x9d, 0x39, 0x0e,
+	0xad, 0x84, 0x10, 0x1b, 0x16, 0xec, 0xf8, 0x17, 0x10, 0x7f, 0x01, 0x82, 0x05, 0x12, 0x82, 0xc2,
+	0x06, 0x75, 0x59, 0x89, 0x4d, 0x37, 0x58, 0xd4, 0xfc, 0x17, 0x59, 0xa1, 0xf3, 0x98, 0x97, 0x1f,
+	0xb5, 0xa9, 0xaa, 0xac, 0x92, 0xf3, 0x7d, 0xdf, 0xf9, 0x7d, 0x8f, 0xf3, 0xbd, 0xc6, 0xe0, 0x5a,
+	0xfb, 0x75, 0xbf, 0x64, 0x93, 0x72, 0xbb, 0x7b, 0x80, 0xa9, 0x8b, 0x19, 0xf6, 0xcb, 0x47, 0xd8,
+	0x6d, 0x10, 0x5a, 0x56, 0x0c, 0xd3, 0xb3, 0xcb, 0x2e, 0x66, 0x9f, 0x10, 0xda, 0xb6, 0xdd, 0x66,
+	0xf9, 0xe8, 0x72, 0xb9, 0x89, 0x5d, 0x4c, 0x4d, 0x86, 0x1b, 0x25, 0x8f, 0x12, 0x46, 0x60, 0x5e,
+	0x4a, 0x96, 0x4c, 0xcf, 0x2e, 0x45, 0x92, 0xa5, 0xa3, 0xcb, 0x6b, 0x97, 0x9a, 0x36, 0x6b, 0x75,
+	0x0f, 0x4a, 0x16, 0xe9, 0x94, 0x9b, 0xa4, 0x49, 0xca, 0xe2, 0xc2, 0x41, 0xf7, 0x50, 0x9c, 0xc4,
+	0x41, 0xfc, 0x27, 0x81, 0xd6, 0xf4, 0x98, 0x4a, 0x8b, 0x50, 0x3c, 0x42, 0xd9, 0xda, 0xd5, 0x48,
+	0xa6, 0x63, 0x5a, 0x2d, 0xdb, 0xc5, 0xf4, 0x41, 0xd9, 0x6b, 0x37, 0x39, 0xc1, 0x2f, 0x77, 0x30,
+	0x33, 0x47, 0xdd, 0x2a, 0x8f, 0xbb, 0x45, 0xbb, 0x2e, 0xb3, 0x3b, 0x78, 0xe8, 0xc2, 0x6b, 0x93,
+	0x2e, 0xf8, 0x56, 0x0b, 0x77, 0xcc, 0xa1, 0x7b, 0x57, 0xc6, 0xdd, 0xeb, 0x32, 0xdb, 0x29, 0xdb,
+	0x2e, 0xf3, 0x19, 0x1d, 0xbc, 0xa4, 0xff, 0xac, 0x81, 0x53, 0x37, 0xeb, 0xf5, 0xea, 0xae, 0xdb,
+	0xa4, 0xd8, 0xf7, 0xab, 0x26, 0x6b, 0xc1, 0x75, 0x30, 0xe7, 0x99, 0xac, 0x95, 0xd7, 0xd6, 0xb5,
+	0x8d, 0x05, 0x63, 0xf1, 0x51, 0xaf, 0x38, 0xd3, 0xef, 0x15, 0xe7, 0x38, 0x0f, 0x09, 0x0e, 0xbc,
+	0x0a, 0xb2, 0xfc, 0x6f, 0xfd, 0x81, 0x87, 0xf3, 0xb3, 0x42, 0x2a, 0xdf, 0xef, 0x15, 0xb3, 0x55,
+	0x45, 0x3b, 0x8e, 0xfd, 0x8f, 0x42, 0x49, 0x58, 0x03, 0x99, 0x03, 0xd3, 0x6a, 0x63, 0xb7, 0x91,
+	0x4f, 0xad, 0x6b, 0x1b, 0xb9, 0xcd, 0x8d, 0xd2, 0xb8, 0xe7, 0x2b, 0x29, 0x7b, 0x0c, 0x29, 0x6f,
+	0x9c, 0x52, 0x46, 0x64, 0x14, 0x01, 0x05, 0x48, 0xfa, 0x21, 0x38, 0x1d, 0xb3, 0x1f, 0x75, 0x1d,
+	0x7c, 0xc7, 0x74, 0xba, 0x18, 0x56, 0x40, 0x9a, 0x2b, 0xf6, 0xf3, 0xda, 0xfa, 0xec, 0x46, 0x6e,
+	0xf3, 0xe5, 0xf1, 0xaa, 0x06, 0xdc, 0x37, 0x96, 0x94, 0xae, 0x34, 0x3f, 0xf9, 0x48, 0xc2, 0xe8,
+	0xfb, 0x20, 0xb3, 0x5b, 0x35, 0x1c, 0x62, 0xb5, 0x79, 0x7c, 0x2c, 0xbb, 0x41, 0x07, 0xe3, 0xb3,
+	0xb5, 0x7b, 0x1d, 0x21, 0xc1, 0x81, 0x3a, 0x98, 0xc7, 0xf7, 0x2d, 0xec, 0xb1, 0x7c, 0x6a, 0x7d,
+	0x76, 0x63, 0xc1, 0x00, 0xfd, 0x5e, 0x71, 0x7e, 0x5b, 0x50, 0x90, 0xe2, 0xe8, 0x5f, 0xa4, 0x40,
+	0x46, 0xa9, 0x85, 0x77, 0x41, 0x96, 0xa7, 0x4f, 0xc3, 0x64, 0xa6, 0x40, 0xcd, 0x6d, 0xbe, 0x1a,
+	0xb3, 0x37, 0x7c, 0xcd, 0x92, 0xd7, 0x6e, 0x72, 0x82, 0x5f, 0xe2, 0xd2, 0xdc, 0xf6, 0xfd, 0x83,
+	0x7b, 0xd8, 0x62, 0xb7, 0x31, 0x33, 0x0d, 0xa8, 0xec, 0x00, 0x11, 0x0d, 0x85, 0xa8, 0x70, 0x07,
+	0xcc, 0xf9, 0x1e, 0xb6, 0x54, 0xe0, 0xcf, 0x4e, 0x0c, 0x7c, 0xcd, 0xc3, 0x56, 0xe4, 0x1a, 0x3f,
+	0x21, 0x01, 0x00, 0xf7, 0xc1, 0xbc, 0xcf, 0x4c, 0xd6, 0xf5, 0xc5, 0xc3, 0xe7, 0x36, 0xcf, 0x4f,
+	0x86, 0x12, 0xe2, 0xc6, 0xb2, 0x02, 0x9b, 0x97, 0x67, 0xa4, 0x60, 0xf4, 0x5f, 0x35, 0xb0, 0x9c,
+	0x7c, 0x6d, 0x78, 0x07, 0x64, 0x7c, 0x4c, 0x8f, 0x6c, 0x0b, 0xe7, 0xe7, 0x84, 0x92, 0xf2, 0x64,
+	0x25, 0x52, 0x3e, 0xc8, 0x97, 0x1c, 0xcf, 0x15, 0x45, 0x43, 0x01, 0x18, 0x7c, 0x17, 0x64, 0x29,
+	0xf6, 0x49, 0x97, 0x5a, 0x58, 0x59, 0x7f, 0x29, 0x0e, 0xcc, 0xeb, 0x9e, 0x43, 0xf2, 0x64, 0x6d,
+	0xec, 0x11, 0xcb, 0x74, 0x64, 0x28, 0x11, 0x3e, 0xc4, 0x14, 0xbb, 0x16, 0x36, 0x16, 0x79, 0x96,
+	0x23, 0x05, 0x81, 0x42, 0x30, 0x5e, 0x45, 0x8b, 0xca, 0x90, 0x2d, 0xc7, 0x3c, 0x91, 0x07, 0xdd,
+	0x4b, 0x3c, 0xe8, 0x2b, 0x13, 0x03, 0x24, 0xec, 0x1a, 0xf7, 0xaa, 0xfa, 0x4f, 0x1a, 0x58, 0x89,
+	0x0b, 0xee, 0xd9, 0x3e, 0x83, 0x1f, 0x0c, 0x39, 0x51, 0x9a, 0xce, 0x09, 0x7e, 0x5b, 0xb8, 0xb0,
+	0xa2, 0x54, 0x65, 0x03, 0x4a, 0xcc, 0x81, 0x5b, 0x20, 0x6d, 0x33, 0xdc, 0xf1, 0x45, 0x89, 0xe4,
+	0x36, 0xcf, 0x4d, 0xe7, 0x41, 0x54, 0x9d, 0xbb, 0xfc, 0x32, 0x92, 0x18, 0xfa, 0x1f, 0x1a, 0x28,
+	0xc6, 0xc5, 0xaa, 0x26, 0x35, 0x3b, 0x98, 0x61, 0xea, 0x87, 0x8f, 0x07, 0x37, 0x40, 0xd6, 0xac,
+	0xee, 0xee, 0x50, 0xd2, 0xf5, 0x82, 0xd2, 0xe5, 0xa6, 0x5d, 0x53, 0x34, 0x14, 0x72, 0x79, 0x81,
+	0xb7, 0x6d, 0xd5, 0xa5, 0x62, 0x05, 0x7e, 0xcb, 0x76, 0x1b, 0x48, 0x70, 0xb8, 0x84, 0x6b, 0x76,
+	0x82, 0xe6, 0x17, 0x4a, 0x54, 0xcc, 0x0e, 0x46, 0x82, 0x03, 0x8b, 0x20, 0xed, 0x5b, 0xc4, 0x93,
+	0x19, 0xbc, 0x60, 0x2c, 0x70, 0x93, 0x6b, 0x9c, 0x80, 0x24, 0x1d, 0x5e, 0x00, 0x0b, 0x5c, 0xd0,
+	0xf7, 0x4c, 0x0b, 0xe7, 0xd3, 0x42, 0x68, 0xa9, 0xdf, 0x2b, 0x2e, 0x54, 0x02, 0x22, 0x8a, 0xf8,
+	0xfa, 0xb7, 0x03, 0xef, 0xc3, 0x9f, 0x0e, 0x6e, 0x02, 0x60, 0x11, 0x97, 0x51, 0xe2, 0x38, 0x38,
+	0xe8, 0x46, 0x61, 0xd2, 0x6c, 0x85, 0x1c, 0x14, 0x93, 0x82, 0x36, 0x00, 0x5e, 0x18, 0x1b, 0x95,
+	0x3c, 0x6f, 0x4c, 0x17, 0xfa, 0x11, 0x31, 0x35, 0x96, 0xb9, 0xaa, 0x18, 0x23, 0x06, 0xae, 0x7f,
+	0xa7, 0x81, 0x9c, 0xba, 0x7f, 0x02, 0xe9, 0x74, 0x23, 0x99, 0x4e, 0xff, 0x9f, 0x3c, 0x5a, 0x46,
+	0x67, 0xd2, 0x0f, 0x1a, 0x58, 0x0b, 0xac, 0x26, 0x66, 0xc3, 0x30, 0x1d, 0xd3, 0xb5, 0x30, 0x0d,
+	0x3a, 0xf5, 0x1a, 0x48, 0xd9, 0x41, 0xfa, 0x00, 0x05, 0x90, 0xda, 0xad, 0xa2, 0x94, 0xed, 0xc1,
+	0x8b, 0x20, 0xdb, 0x22, 0x3e, 0x13, 0x89, 0x21, 0x53, 0x27, 0x34, 0xf8, 0xa6, 0xa2, 0xa3, 0x50,
+	0x02, 0x56, 0x41, 0xda, 0x23, 0x94, 0xf9, 0xf9, 0x39, 0x61, 0xf0, 0x85, 0x89, 0x06, 0x57, 0x09,
+	0x65, 0xaa, 0x97, 0x46, 0x23, 0x8a, 0x23, 0x20, 0x09, 0xa4, 0x7f, 0x0a, 0xfe, 0x33, 0xc2, 0x72,
+	0x79, 0x05, 0x7e, 0x0c, 0x32, 0xb6, 0x64, 0xaa, 0x89, 0x78, 0x75, 0xa2, 0xc2, 0x11, 0xfe, 0x47,
+	0x83, 0x38, 0x18, 0xb8, 0x01, 0xaa, 0xfe, 0x8d, 0x06, 0x56, 0x87, 0x2c, 0x15, 0xbb, 0x04, 0xa1,
+	0x4c, 0x44, 0x2c, 0x1d, 0xdb, 0x25, 0x08, 0x65, 0x48, 0x70, 0xe0, 0x2d, 0x90, 0x15, 0xab, 0x88,
+	0x45, 0x1c, 0x15, 0xb5, 0x72, 0x10, 0xb5, 0xaa, 0xa2, 0x1f, 0xf7, 0x8a, 0xff, 0x1d, 0xde, 0xcf,
+	0x4a, 0x01, 0x1b, 0x85, 0x00, 0xbc, 0xea, 0x30, 0xa5, 0x84, 0xaa, 0xc2, 0x14, 0x55, 0xb7, 0xcd,
+	0x09, 0x48, 0xd2, 0xf5, 0xaf, 0xa3, 0xa4, 0xe4, 0xbb, 0x02, 0xb7, 0x8f, 0xbf, 0xc8, 0xe0, 0x2c,
+	0xe7, 0xef, 0x85, 0x04, 0x07, 0x7a, 0x60, 0xc5, 0x1e, 0x58, 0x2e, 0xa6, 0x6e, 0xba, 0xe1, 0x0d,
+	0x23, 0xaf, 0x90, 0x57, 0x06, 0x39, 0x68, 0x08, 0x5d, 0xbf, 0x0b, 0x86, 0xa4, 0x78, 0xbb, 0x6f,
+	0x31, 0xe6, 0x8d, 0x28, 0x9c, 0xf1, 0xdb, 0x4c, 0xa4, 0x3d, 0x2b, 0x7c, 0xaa, 0xd7, 0xab, 0x48,
+	0xa0, 0xe8, 0x5f, 0x6a, 0xe0, 0xcc, 0xc8, 0xc1, 0x19, 0x36, 0x36, 0x6d, 0x6c, 0x63, 0xab, 0xa8,
+	0x17, 0x95, 0x31, 0xb8, 0x38, 0xde, 0x92, 0x24, 0x32, 0x7f, 0xf1, 0x51, 0xef, 0xaf, 0xff, 0x96,
+	0x0a, 0x5f, 0x44, 0x74, 0xb5, 0xb7, 0xc3, 0x78, 0x8b, 0xae, 0xc3, 0x35, 0xab, 0x1e, 0x7a, 0x3a,
+	0x16, 0xbf, 0x90, 0x87, 0x86, 0xa4, 0x61, 0x03, 0x2c, 0x37, 0xf0, 0xa1, 0xd9, 0x75, 0x98, 0xd2,
+	0xad, 0xa2, 0x36, 0xfd, 0xba, 0x09, 0xfb, 0xbd, 0xe2, 0xf2, 0xf5, 0x04, 0x06, 0x1a, 0xc0, 0x84,
+	0x5b, 0x60, 0x96, 0x39, 0x41, 0xbb, 0x79, 0x69, 0x22, 0x74, 0x7d, 0xaf, 0x66, 0xe4, 0x94, 0xfb,
+	0xb3, 0xf5, 0xbd, 0x1a, 0xe2, 0xb7, 0xe1, 0x3b, 0x20, 0x4d, 0xbb, 0x0e, 0xe6, 0xcb, 0xd4, 0xec,
+	0x54, 0x7b, 0x19, 0x7f, 0xd3, 0xa8, 0xfc, 0xf9, 0xc9, 0x47, 0x12, 0x42, 0xff, 0x0c, 0x2c, 0x25,
+	0x36, 0x2e, 0xd8, 0x01, 0x8b, 0x4e, 0xac, 0x84, 0x55, 0x14, 0xae, 0xfc, 0xa3, 0xba, 0x57, 0x0d,
+	0xe7, 0xb4, 0xd2, 0xb8, 0x18, 0xe7, 0xa1, 0x04, 0xbc, 0x6e, 0x02, 0x10, 0xf9, 0xca, 0x2b, 0x91,
+	0x97, 0x8f, 0xec, 0x36, 0xaa, 0x12, 0x79, 0x55, 0xf9, 0x48, 0xd2, 0xf9, 0xf4, 0xf2, 0xb1, 0x45,
+	0x31, 0xab, 0x44, 0xfd, 0x32, 0x9c, 0x5e, 0xb5, 0x90, 0x83, 0x62, 0x52, 0xfa, 0x2f, 0x1a, 0x58,
+	0xaa, 0x48, 0x93, 0xab, 0xc4, 0xb1, 0xad, 0x07, 0x27, 0xb0, 0x68, 0xdd, 0x4e, 0x2c, 0x5a, 0xcf,
+	0x68, 0xd3, 0x09, 0xc3, 0xc6, 0x6e, 0x5a, 0xdf, 0x6b, 0xe0, 0xdf, 0x09, 0xc9, 0xed, 0xa8, 0x19,
+	0x85, 0x23, 0x41, 0x9b, 0x34, 0x12, 0x12, 0x08, 0xa2, 0xb4, 0x46, 0x8e, 0x04, 0xb8, 0x03, 0x52,
+	0x8c, 0xa8, 0x1c, 0x9d, 0x1a, 0x0e, 0x63, 0x1a, 0xcd, 0xb6, 0x3a, 0x41, 0x29, 0x46, 0xf4, 0x1f,
+	0x35, 0x90, 0x4f, 0x48, 0xc5, 0x9b, 0xe8, 0x8b, 0xb7, 0xfb, 0x36, 0x98, 0x3b, 0xa4, 0xa4, 0xf3,
+	0x3c, 0x96, 0x87, 0x41, 0xbf, 0x41, 0x49, 0x07, 0x09, 0x18, 0xfd, 0xa1, 0x06, 0x56, 0x13, 0x92,
+	0x27, 0xb0, 0x90, 0xec, 0x25, 0x17, 0x92, 0xf3, 0x53, 0xfa, 0x30, 0x66, 0x2d, 0x79, 0x98, 0x1a,
+	0xf0, 0x80, 0xfb, 0x0a, 0x0f, 0x41, 0xce, 0x23, 0x8d, 0x1a, 0x76, 0xb0, 0xc5, 0xc8, 0xa8, 0x02,
+	0x7f, 0x96, 0x13, 0xe6, 0x01, 0x76, 0x82, 0xab, 0xc6, 0xa9, 0x7e, 0xaf, 0x98, 0xab, 0x46, 0x58,
+	0x28, 0x0e, 0x0c, 0xef, 0x83, 0xd5, 0x70, 0x17, 0x0d, 0xb5, 0xa5, 0x9e, 0x5f, 0xdb, 0x99, 0x7e,
+	0xaf, 0xb8, 0x5a, 0x19, 0x44, 0x44, 0xc3, 0x4a, 0xe0, 0x4d, 0x90, 0xb1, 0x3d, 0xf1, 0xd9, 0xad,
+	0xbe, 0xd8, 0x9e, 0xb5, 0xd8, 0xc9, 0xef, 0x73, 0xf9, 0xf1, 0xa7, 0x0e, 0x28, 0xb8, 0xae, 0xff,
+	0x3e, 0x98, 0x03, 0x3c, 0xe1, 0xe0, 0x4e, 0x6c, 0xfb, 0x90, 0x33, 0xef, 0xc2, 0xf3, 0x6d, 0x1e,
+	0xc9, 0xb1, 0x38, 0xbe, 0x09, 0x75, 0x99, 0xed, 0x94, 0xe4, 0x8f, 0x31, 0xa5, 0x5d, 0x97, 0xed,
+	0xd3, 0x1a, 0xa3, 0xb6, 0xdb, 0x94, 0x23, 0x3a, 0xb6, 0x16, 0x9d, 0x05, 0x19, 0x35, 0x35, 0x85,
+	0xe3, 0x69, 0xe9, 0xd5, 0xb6, 0x24, 0xa1, 0x80, 0xa7, 0x1f, 0x0f, 0xe6, 0x85, 0x98, 0xa1, 0xf7,
+	0x5e, 0x58, 0x5e, 0xfc, 0x4b, 0x65, 0xe3, 0xf8, 0xdc, 0xf8, 0x30, 0x5a, 0x2c, 0x65, 0xa6, 0x6f,
+	0x4e, 0x99, 0xe9, 0xf1, 0x89, 0x36, 0x76, 0xad, 0x84, 0xef, 0x81, 0x79, 0x2c, 0xd1, 0xe5, 0x88,
+	0xbc, 0x3c, 0x25, 0x7a, 0xd4, 0x56, 0xa3, 0x5f, 0x1e, 0x14, 0x4d, 0x01, 0xc2, 0xb7, 0x78, 0x94,
+	0xb8, 0x2c, 0xff, 0xe0, 0x97, 0x7b, 0xf8, 0x82, 0xf1, 0x3f, 0xe9, 0x6c, 0x48, 0x3e, 0xe6, 0x1f,
+	0x38, 0xe1, 0x11, 0xc5, 0x6f, 0xe8, 0x1f, 0x01, 0x38, 0xbc, 0xe4, 0x4c, 0xb1, 0x42, 0x9d, 0x03,
+	0xf3, 0x6e, 0xb7, 0x73, 0x80, 0x65, 0x0d, 0xa5, 0x23, 0x03, 0x2b, 0x82, 0x8a, 0x14, 0xd7, 0x78,
+	0xf3, 0xd1, 0xd3, 0xc2, 0xcc, 0xe3, 0xa7, 0x85, 0x99, 0x27, 0x4f, 0x0b, 0x33, 0x9f, 0xf7, 0x0b,
+	0xda, 0xa3, 0x7e, 0x41, 0x7b, 0xdc, 0x2f, 0x68, 0x4f, 0xfa, 0x05, 0xed, 0xcf, 0x7e, 0x41, 0xfb,
+	0xea, 0xaf, 0xc2, 0xcc, 0xfb, 0xf9, 0x71, 0xbf, 0x96, 0xfe, 0x1d, 0x00, 0x00, 0xff, 0xff, 0xd4,
+	0x46, 0x40, 0xf2, 0x61, 0x15, 0x00, 0x00,
 }
 
 func (m *HTTPIngressPath) Marshal() (dAtA []byte, err error) {
@@ -1822,16 +1790,6 @@ func (m *NetworkPolicy) MarshalToSizedBuffer(dAtA []byte) (int, error) {
 	_ = i
 	var l int
 	_ = l
-	{
-		size, err := m.Status.MarshalToSizedBuffer(dAtA[:i])
-		if err != nil {
-			return 0, err
-		}
-		i -= size
-		i = encodeVarintGenerated(dAtA, i, uint64(size))
-	}
-	i--
-	dAtA[i] = 0x1a
 	{
 		size, err := m.Spec.MarshalToSizedBuffer(dAtA[:i])
 		if err != nil {
@@ -2180,43 +2138,6 @@ func (m *NetworkPolicySpec) MarshalToSizedBuffer(dAtA []byte) (int, error) {
 	return len(dAtA) - i, nil
 }
 
-func (m *NetworkPolicyStatus) Marshal() (dAtA []byte, err error) {
-	size := m.Size()
-	dAtA = make([]byte, size)
-	n, err := m.MarshalToSizedBuffer(dAtA[:size])
-	if err != nil {
-		return nil, err
-	}
-	return dAtA[:n], nil
-}
-
-func (m *NetworkPolicyStatus) MarshalTo(dAtA []byte) (int, error) {
-	size := m.Size()
-	return m.MarshalToSizedBuffer(dAtA[:size])
-}
-
-func (m *NetworkPolicyStatus) MarshalToSizedBuffer(dAtA []byte) (int, error) {
-	i := len(dAtA)
-	_ = i
-	var l int
-	_ = l
-	if len(m.Conditions) > 0 {
-		for iNdEx := len(m.Conditions) - 1; iNdEx >= 0; iNdEx-- {
-			{
-				size, err := m.Conditions[iNdEx].MarshalToSizedBuffer(dAtA[:i])
-				if err != nil {
-					return 0, err
-				}
-				i -= size
-				i = encodeVarintGenerated(dAtA, i, uint64(size))
-			}
-			i--
-			dAtA[i] = 0xa
-		}
-	}
-	return len(dAtA) - i, nil
-}
-
 func (m *ServiceBackendPort) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
@@ -2583,8 +2504,6 @@ func (m *NetworkPolicy) Size() (n int) {
 	n += 1 + l + sovGenerated(uint64(l))
 	l = m.Spec.Size()
 	n += 1 + l + sovGenerated(uint64(l))
-	l = m.Status.Size()
-	n += 1 + l + sovGenerated(uint64(l))
 	return n
 }
 
@@ -2717,21 +2636,6 @@ func (m *NetworkPolicySpec) Size() (n int) {
 	return n
 }
 
-func (m *NetworkPolicyStatus) Size() (n int) {
-	if m == nil {
-		return 0
-	}
-	var l int
-	_ = l
-	if len(m.Conditions) > 0 {
-		for _, e := range m.Conditions {
-			l = e.Size()
-			n += 1 + l + sovGenerated(uint64(l))
-		}
-	}
-	return n
-}
-
 func (m *ServiceBackendPort) Size() (n int) {
 	if m == nil {
 		return 0
@@ -3006,7 +2910,6 @@ func (this *NetworkPolicy) String() string {
 	s := strings.Join([]string{`&NetworkPolicy{`,
 		`ObjectMeta:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.ObjectMeta), "ObjectMeta", "v1.ObjectMeta", 1), `&`, ``, 1) + `,`,
 		`Spec:` + strings.Replace(strings.Replace(this.Spec.String(), "NetworkPolicySpec", "NetworkPolicySpec", 1), `&`, ``, 1) + `,`,
-		`Status:` + strings.Replace(strings.Replace(this.Status.String(), "NetworkPolicyStatus", "NetworkPolicyStatus", 1), `&`, ``, 1) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -3116,21 +3019,6 @@ func (this *NetworkPolicySpec) String() string {
 	}, "")
 	return s
 }
-func (this *NetworkPolicyStatus) String() string {
-	if this == nil {
-		return "nil"
-	}
-	repeatedStringForConditions := "[]Condition{"
-	for _, f := range this.Conditions {
-		repeatedStringForConditions += fmt.Sprintf("%v", f) + ","
-	}
-	repeatedStringForConditions += "}"
-	s := strings.Join([]string{`&NetworkPolicyStatus{`,
-		`Conditions:` + repeatedStringForConditions + `,`,
-		`}`,
-	}, "")
-	return s
-}
 func (this *ServiceBackendPort) String() string {
 	if this == nil {
 		return "nil"
@@ -5609,39 +5497,6 @@ func (m *NetworkPolicy) Unmarshal(dAtA []byte) error {
 				return err
 			}
 			iNdEx = postIndex
-		case 3:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Status", wireType)
-			}
-			var msglen int
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowGenerated
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				msglen |= int(b&0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-			if msglen < 0 {
-				return ErrInvalidLengthGenerated
-			}
-			postIndex := iNdEx + msglen
-			if postIndex < 0 {
-				return ErrInvalidLengthGenerated
-			}
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
-			}
-			if err := m.Status.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
-				return err
-			}
-			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
 			skippy, err := skipGenerated(dAtA[iNdEx:])
@@ -6496,90 +6351,6 @@ func (m *NetworkPolicySpec) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
-func (m *NetworkPolicyStatus) Unmarshal(dAtA []byte) error {
-	l := len(dAtA)
-	iNdEx := 0
-	for iNdEx < l {
-		preIndex := iNdEx
-		var wire uint64
-		for shift := uint(0); ; shift += 7 {
-			if shift >= 64 {
-				return ErrIntOverflowGenerated
-			}
-			if iNdEx >= l {
-				return io.ErrUnexpectedEOF
-			}
-			b := dAtA[iNdEx]
-			iNdEx++
-			wire |= uint64(b&0x7F) << shift
-			if b < 0x80 {
-				break
-			}
-		}
-		fieldNum := int32(wire >> 3)
-		wireType := int(wire & 0x7)
-		if wireType == 4 {
-			return fmt.Errorf("proto: NetworkPolicyStatus: wiretype end group for non-group")
-		}
-		if fieldNum <= 0 {
-			return fmt.Errorf("proto: NetworkPolicyStatus: illegal tag %d (wire type %d)", fieldNum, wire)
-		}
-		switch fieldNum {
-		case 1:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Conditions", wireType)
-			}
-			var msglen int
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowGenerated
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				msglen |= int(b&0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-			if msglen < 0 {
-				return ErrInvalidLengthGenerated
-			}
-			postIndex := iNdEx + msglen
-			if postIndex < 0 {
-				return ErrInvalidLengthGenerated
-			}
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
-			}
-			m.Conditions = append(m.Conditions, v1.Condition{})
-			if err := m.Conditions[len(m.Conditions)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
-				return err
-			}
-			iNdEx = postIndex
-		default:
-			iNdEx = preIndex
-			skippy, err := skipGenerated(dAtA[iNdEx:])
-			if err != nil {
-				return err
-			}
-			if (skippy < 0) || (iNdEx+skippy) < 0 {
-				return ErrInvalidLengthGenerated
-			}
-			if (iNdEx + skippy) > l {
-				return io.ErrUnexpectedEOF
-			}
-			iNdEx += skippy
-		}
-	}
-
-	if iNdEx > l {
-		return io.ErrUnexpectedEOF
-	}
-	return nil
-}
 func (m *ServiceBackendPort) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
diff --git a/vendor/k8s.io/api/networking/v1/generated.proto b/vendor/k8s.io/api/networking/v1/generated.proto
index ed194a89d..b50dd491e 100644
--- a/vendor/k8s.io/api/networking/v1/generated.proto
+++ b/vendor/k8s.io/api/networking/v1/generated.proto
@@ -384,11 +384,6 @@ message NetworkPolicy {
   // spec represents the specification of the desired behavior for this NetworkPolicy.
   // +optional
   optional NetworkPolicySpec spec = 2;
-
-  // status represents the current state of the NetworkPolicy.
-  // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
-  // +optional
-  optional NetworkPolicyStatus status = 3;
 }
 
 // NetworkPolicyEgressRule describes a particular set of traffic that is allowed out of pods
@@ -536,18 +531,6 @@ message NetworkPolicySpec {
   repeated string policyTypes = 4;
 }
 
-// NetworkPolicyStatus describes the current state of the NetworkPolicy.
-message NetworkPolicyStatus {
-  // conditions holds an array of metav1.Condition that describe the state of the NetworkPolicy.
-  // Current service state
-  // +optional
-  // +patchMergeKey=type
-  // +patchStrategy=merge
-  // +listType=map
-  // +listMapKey=type
-  repeated k8s.io.apimachinery.pkg.apis.meta.v1.Condition conditions = 1;
-}
-
 // ServiceBackendPort is the service port being referenced.
 message ServiceBackendPort {
   // name is the name of the port on the Service.
diff --git a/vendor/k8s.io/api/networking/v1/types.go b/vendor/k8s.io/api/networking/v1/types.go
index fa7cf1bd7..a17e2cb5b 100644
--- a/vendor/k8s.io/api/networking/v1/types.go
+++ b/vendor/k8s.io/api/networking/v1/types.go
@@ -38,10 +38,10 @@ type NetworkPolicy struct {
 	// +optional
 	Spec NetworkPolicySpec `json:"spec,omitempty" protobuf:"bytes,2,opt,name=spec"`
 
-	// status represents the current state of the NetworkPolicy.
-	// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
-	// +optional
-	Status NetworkPolicyStatus `json:"status,omitempty" protobuf:"bytes,3,opt,name=status"`
+	// Status is tombstoned to show why 3 is a reserved protobuf tag.
+	// This commented field should remain, so in the future if we decide to reimplement
+	// NetworkPolicyStatus a different protobuf name and tag SHOULD be used!
+	// Status NetworkPolicyStatus `json:"status,omitempty" protobuf:"bytes,3,opt,name=status"`
 }
 
 // PolicyType string describes the NetworkPolicy type
@@ -205,48 +205,6 @@ type NetworkPolicyPeer struct {
 	IPBlock *IPBlock `json:"ipBlock,omitempty" protobuf:"bytes,3,rep,name=ipBlock"`
 }
 
-// NetworkPolicyConditionType is the type for status conditions on
-// a NetworkPolicy. This type should be used with the
-// NetworkPolicyStatus.Conditions field.
-type NetworkPolicyConditionType string
-
-const (
-	// NetworkPolicyConditionStatusAccepted represents status of a Network Policy that could be properly parsed by
-	// the Network Policy provider and will be implemented in the cluster
-	NetworkPolicyConditionStatusAccepted NetworkPolicyConditionType = "Accepted"
-
-	// NetworkPolicyConditionStatusPartialFailure represents status of a Network Policy that could be partially
-	// parsed by the Network Policy provider and may not be completely implemented due to a lack of a feature or some
-	// other condition
-	NetworkPolicyConditionStatusPartialFailure NetworkPolicyConditionType = "PartialFailure"
-
-	// NetworkPolicyConditionStatusFailure represents status of a Network Policy that could not be parsed by the
-	// Network Policy provider and will not be implemented in the cluster
-	NetworkPolicyConditionStatusFailure NetworkPolicyConditionType = "Failure"
-)
-
-// NetworkPolicyConditionReason defines the set of reasons that explain why a
-// particular NetworkPolicy condition type has been raised.
-type NetworkPolicyConditionReason string
-
-const (
-	// NetworkPolicyConditionReasonFeatureNotSupported represents a reason where the Network Policy may not have been
-	// implemented in the cluster due to a lack of some feature not supported by the Network Policy provider
-	NetworkPolicyConditionReasonFeatureNotSupported NetworkPolicyConditionReason = "FeatureNotSupported"
-)
-
-// NetworkPolicyStatus describes the current state of the NetworkPolicy.
-type NetworkPolicyStatus struct {
-	// conditions holds an array of metav1.Condition that describe the state of the NetworkPolicy.
-	// Current service state
-	// +optional
-	// +patchMergeKey=type
-	// +patchStrategy=merge
-	// +listType=map
-	// +listMapKey=type
-	Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"`
-}
-
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 
 // NetworkPolicyList is a list of NetworkPolicy objects.
diff --git a/vendor/k8s.io/api/networking/v1/types_swagger_doc_generated.go b/vendor/k8s.io/api/networking/v1/types_swagger_doc_generated.go
index 91161d5ca..ff080540d 100644
--- a/vendor/k8s.io/api/networking/v1/types_swagger_doc_generated.go
+++ b/vendor/k8s.io/api/networking/v1/types_swagger_doc_generated.go
@@ -224,7 +224,6 @@ var map_NetworkPolicy = map[string]string{
 	"":         "NetworkPolicy describes what network traffic is allowed for a set of Pods",
 	"metadata": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata",
 	"spec":     "spec represents the specification of the desired behavior for this NetworkPolicy.",
-	"status":   "status represents the current state of the NetworkPolicy. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status",
 }
 
 func (NetworkPolicy) SwaggerDoc() map[string]string {
@@ -295,15 +294,6 @@ func (NetworkPolicySpec) SwaggerDoc() map[string]string {
 	return map_NetworkPolicySpec
 }
 
-var map_NetworkPolicyStatus = map[string]string{
-	"":           "NetworkPolicyStatus describes the current state of the NetworkPolicy.",
-	"conditions": "conditions holds an array of metav1.Condition that describe the state of the NetworkPolicy. Current service state",
-}
-
-func (NetworkPolicyStatus) SwaggerDoc() map[string]string {
-	return map_NetworkPolicyStatus
-}
-
 var map_ServiceBackendPort = map[string]string{
 	"":       "ServiceBackendPort is the service port being referenced.",
 	"name":   "name is the name of the port on the Service. This is a mutually exclusive setting with \"Number\".",
diff --git a/vendor/k8s.io/api/networking/v1/zz_generated.deepcopy.go b/vendor/k8s.io/api/networking/v1/zz_generated.deepcopy.go
index c95653c91..540873833 100644
--- a/vendor/k8s.io/api/networking/v1/zz_generated.deepcopy.go
+++ b/vendor/k8s.io/api/networking/v1/zz_generated.deepcopy.go
@@ -499,7 +499,6 @@ func (in *NetworkPolicy) DeepCopyInto(out *NetworkPolicy) {
 	out.TypeMeta = in.TypeMeta
 	in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
 	in.Spec.DeepCopyInto(&out.Spec)
-	in.Status.DeepCopyInto(&out.Status)
 	return
 }
 
@@ -712,29 +711,6 @@ func (in *NetworkPolicySpec) DeepCopy() *NetworkPolicySpec {
 	return out
 }
 
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *NetworkPolicyStatus) DeepCopyInto(out *NetworkPolicyStatus) {
-	*out = *in
-	if in.Conditions != nil {
-		in, out := &in.Conditions, &out.Conditions
-		*out = make([]metav1.Condition, len(*in))
-		for i := range *in {
-			(*in)[i].DeepCopyInto(&(*out)[i])
-		}
-	}
-	return
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkPolicyStatus.
-func (in *NetworkPolicyStatus) DeepCopy() *NetworkPolicyStatus {
-	if in == nil {
-		return nil
-	}
-	out := new(NetworkPolicyStatus)
-	in.DeepCopyInto(out)
-	return out
-}
-
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *ServiceBackendPort) DeepCopyInto(out *ServiceBackendPort) {
 	*out = *in
diff --git a/vendor/k8s.io/api/rbac/v1/generated.proto b/vendor/k8s.io/api/rbac/v1/generated.proto
index 222f2b905..13ff60ea7 100644
--- a/vendor/k8s.io/api/rbac/v1/generated.proto
+++ b/vendor/k8s.io/api/rbac/v1/generated.proto
@@ -66,6 +66,7 @@ message ClusterRoleBinding {
 
   // RoleRef can only reference a ClusterRole in the global namespace.
   // If the RoleRef cannot be resolved, the Authorizer must return an error.
+  // This field is immutable.
   optional RoleRef roleRef = 3;
 }
 
@@ -140,6 +141,7 @@ message RoleBinding {
 
   // RoleRef can reference a Role in the current namespace or a ClusterRole in the global namespace.
   // If the RoleRef cannot be resolved, the Authorizer must return an error.
+  // This field is immutable.
   optional RoleRef roleRef = 3;
 }
 
diff --git a/vendor/k8s.io/api/rbac/v1/types.go b/vendor/k8s.io/api/rbac/v1/types.go
index 5a8e4a85c..ce845d69b 100644
--- a/vendor/k8s.io/api/rbac/v1/types.go
+++ b/vendor/k8s.io/api/rbac/v1/types.go
@@ -132,6 +132,7 @@ type RoleBinding struct {
 
 	// RoleRef can reference a Role in the current namespace or a ClusterRole in the global namespace.
 	// If the RoleRef cannot be resolved, the Authorizer must return an error.
+	// This field is immutable.
 	RoleRef RoleRef `json:"roleRef" protobuf:"bytes,3,opt,name=roleRef"`
 }
 
@@ -209,6 +210,7 @@ type ClusterRoleBinding struct {
 
 	// RoleRef can only reference a ClusterRole in the global namespace.
 	// If the RoleRef cannot be resolved, the Authorizer must return an error.
+	// This field is immutable.
 	RoleRef RoleRef `json:"roleRef" protobuf:"bytes,3,opt,name=roleRef"`
 }
 
diff --git a/vendor/k8s.io/api/rbac/v1/types_swagger_doc_generated.go b/vendor/k8s.io/api/rbac/v1/types_swagger_doc_generated.go
index 370398198..0471a5594 100644
--- a/vendor/k8s.io/api/rbac/v1/types_swagger_doc_generated.go
+++ b/vendor/k8s.io/api/rbac/v1/types_swagger_doc_generated.go
@@ -51,7 +51,7 @@ var map_ClusterRoleBinding = map[string]string{
 	"":         "ClusterRoleBinding references a ClusterRole, but not contain it.  It can reference a ClusterRole in the global namespace, and adds who information via Subject.",
 	"metadata": "Standard object's metadata.",
 	"subjects": "Subjects holds references to the objects the role applies to.",
-	"roleRef":  "RoleRef can only reference a ClusterRole in the global namespace. If the RoleRef cannot be resolved, the Authorizer must return an error.",
+	"roleRef":  "RoleRef can only reference a ClusterRole in the global namespace. If the RoleRef cannot be resolved, the Authorizer must return an error. This field is immutable.",
 }
 
 func (ClusterRoleBinding) SwaggerDoc() map[string]string {
@@ -105,7 +105,7 @@ var map_RoleBinding = map[string]string{
 	"":         "RoleBinding references a role, but does not contain it.  It can reference a Role in the same namespace or a ClusterRole in the global namespace. It adds who information via Subjects and namespace information by which namespace it exists in.  RoleBindings in a given namespace only have effect in that namespace.",
 	"metadata": "Standard object's metadata.",
 	"subjects": "Subjects holds references to the objects the role applies to.",
-	"roleRef":  "RoleRef can reference a Role in the current namespace or a ClusterRole in the global namespace. If the RoleRef cannot be resolved, the Authorizer must return an error.",
+	"roleRef":  "RoleRef can reference a Role in the current namespace or a ClusterRole in the global namespace. If the RoleRef cannot be resolved, the Authorizer must return an error. This field is immutable.",
 }
 
 func (RoleBinding) SwaggerDoc() map[string]string {
diff --git a/vendor/k8s.io/apimachinery/pkg/api/errors/OWNERS b/vendor/k8s.io/apimachinery/pkg/api/errors/OWNERS
index 155648acb..1a9f5e770 100644
--- a/vendor/k8s.io/apimachinery/pkg/api/errors/OWNERS
+++ b/vendor/k8s.io/apimachinery/pkg/api/errors/OWNERS
@@ -2,7 +2,6 @@
 
 reviewers:
   - thockin
-  - lavalamp
   - smarterclayton
   - wojtek-t
   - deads2k
diff --git a/vendor/k8s.io/apimachinery/pkg/api/meta/help.go b/vendor/k8s.io/apimachinery/pkg/api/meta/help.go
index 1bf6b06d4..1fdd32c4b 100644
--- a/vendor/k8s.io/apimachinery/pkg/api/meta/help.go
+++ b/vendor/k8s.io/apimachinery/pkg/api/meta/help.go
@@ -112,8 +112,27 @@ func getItemsPtr(list runtime.Object) (interface{}, error) {
 
 // EachListItem invokes fn on each runtime.Object in the list. Any error immediately terminates
 // the loop.
+//
+// If items passed to fn are retained for different durations, and you want to avoid
+// retaining all items in obj as long as any item is referenced, use EachListItemWithAlloc instead.
 func EachListItem(obj runtime.Object, fn func(runtime.Object) error) error {
+	return eachListItem(obj, fn, false)
+}
+
+// EachListItemWithAlloc works like EachListItem, but avoids retaining references to the items slice in obj.
+// It does this by making a shallow copy of non-pointer items in obj.
+//
+// If the items passed to fn are not retained, or are retained for the same duration, use EachListItem instead for memory efficiency.
+func EachListItemWithAlloc(obj runtime.Object, fn func(runtime.Object) error) error {
+	return eachListItem(obj, fn, true)
+}
+
+// allocNew: Whether shallow copy is required when the elements in Object.Items are struct
+func eachListItem(obj runtime.Object, fn func(runtime.Object) error, allocNew bool) error {
 	if unstructured, ok := obj.(runtime.Unstructured); ok {
+		if allocNew {
+			return unstructured.EachListItemWithAlloc(fn)
+		}
 		return unstructured.EachListItem(fn)
 	}
 	// TODO: Change to an interface call?
@@ -140,8 +159,19 @@ func EachListItem(obj runtime.Object, fn func(runtime.Object) error) error {
 	for i := 0; i < len; i++ {
 		raw := items.Index(i)
 		if takeAddr {
-			raw = raw.Addr()
+			if allocNew {
+				// shallow copy to avoid retaining a reference to the original list item
+				itemCopy := reflect.New(raw.Type())
+				// assign to itemCopy and type-assert
+				itemCopy.Elem().Set(raw)
+				// reflect.New will guarantee that itemCopy must be a pointer.
+				raw = itemCopy
+			} else {
+				raw = raw.Addr()
+			}
 		}
+		// raw must be a pointer or an interface
+		// allocate a pointer is cheap
 		switch item := raw.Interface().(type) {
 		case *runtime.RawExtension:
 			if err := fn(item.Object); err != nil {
@@ -166,7 +196,23 @@ func EachListItem(obj runtime.Object, fn func(runtime.Object) error) error {
 
 // ExtractList returns obj's Items element as an array of runtime.Objects.
 // Returns an error if obj is not a List type (does not have an Items member).
+//
+// If items in the returned list are retained for different durations, and you want to avoid
+// retaining all items in obj as long as any item is referenced, use ExtractListWithAlloc instead.
 func ExtractList(obj runtime.Object) ([]runtime.Object, error) {
+	return extractList(obj, false)
+}
+
+// ExtractListWithAlloc works like ExtractList, but avoids retaining references to the items slice in obj.
+// It does this by making a shallow copy of non-pointer items in obj.
+//
+// If the items in the returned list are not retained, or are retained for the same duration, use ExtractList instead for memory efficiency.
+func ExtractListWithAlloc(obj runtime.Object) ([]runtime.Object, error) {
+	return extractList(obj, true)
+}
+
+// allocNew: Whether shallow copy is required when the elements in Object.Items are struct
+func extractList(obj runtime.Object, allocNew bool) ([]runtime.Object, error) {
 	itemsPtr, err := GetItemsPtr(obj)
 	if err != nil {
 		return nil, err
@@ -176,10 +222,17 @@ func ExtractList(obj runtime.Object) ([]runtime.Object, error) {
 		return nil, err
 	}
 	list := make([]runtime.Object, items.Len())
+	if len(list) == 0 {
+		return list, nil
+	}
+	elemType := items.Type().Elem()
+	isRawExtension := elemType == rawExtensionObjectType
+	implementsObject := elemType.Implements(objectType)
 	for i := range list {
 		raw := items.Index(i)
-		switch item := raw.Interface().(type) {
-		case runtime.RawExtension:
+		switch {
+		case isRawExtension:
+			item := raw.Interface().(runtime.RawExtension)
 			switch {
 			case item.Object != nil:
 				list[i] = item.Object
@@ -189,8 +242,18 @@ func ExtractList(obj runtime.Object) ([]runtime.Object, error) {
 			default:
 				list[i] = nil
 			}
-		case runtime.Object:
-			list[i] = item
+		case implementsObject:
+			list[i] = raw.Interface().(runtime.Object)
+		case allocNew:
+			// shallow copy to avoid retaining a reference to the original list item
+			itemCopy := reflect.New(raw.Type())
+			// assign to itemCopy and type-assert
+			itemCopy.Elem().Set(raw)
+			var ok bool
+			// reflect.New will guarantee that itemCopy must be a pointer.
+			if list[i], ok = itemCopy.Interface().(runtime.Object); !ok {
+				return nil, fmt.Errorf("%v: item[%v]: Expected object, got %#v(%s)", obj, i, raw.Interface(), raw.Kind())
+			}
 		default:
 			var found bool
 			if list[i], found = raw.Addr().Interface().(runtime.Object); !found {
@@ -201,8 +264,12 @@ func ExtractList(obj runtime.Object) ([]runtime.Object, error) {
 	return list, nil
 }
 
-// objectSliceType is the type of a slice of Objects
-var objectSliceType = reflect.TypeOf([]runtime.Object{})
+var (
+	// objectSliceType is the type of a slice of Objects
+	objectSliceType        = reflect.TypeOf([]runtime.Object{})
+	objectType             = reflect.TypeOf((*runtime.Object)(nil)).Elem()
+	rawExtensionObjectType = reflect.TypeOf(runtime.RawExtension{})
+)
 
 // LenList returns the length of this list or 0 if it is not a list.
 func LenList(list runtime.Object) int {
@@ -237,7 +304,7 @@ func SetList(list runtime.Object, objects []runtime.Object) error {
 	slice := reflect.MakeSlice(items.Type(), len(objects), len(objects))
 	for i := range objects {
 		dest := slice.Index(i)
-		if dest.Type() == reflect.TypeOf(runtime.RawExtension{}) {
+		if dest.Type() == rawExtensionObjectType {
 			dest = dest.FieldByName("Object")
 		}
 
diff --git a/vendor/k8s.io/apimachinery/pkg/api/resource/OWNERS b/vendor/k8s.io/apimachinery/pkg/api/resource/OWNERS
index d1c9f5307..063fd285d 100644
--- a/vendor/k8s.io/apimachinery/pkg/api/resource/OWNERS
+++ b/vendor/k8s.io/apimachinery/pkg/api/resource/OWNERS
@@ -2,7 +2,6 @@
 
 reviewers:
   - thockin
-  - lavalamp
   - smarterclayton
   - wojtek-t
   - derekwaynecarr
diff --git a/vendor/k8s.io/apimachinery/pkg/apis/meta/v1/generated.proto b/vendor/k8s.io/apimachinery/pkg/apis/meta/v1/generated.proto
index 48955dca8..a2cd8015f 100644
--- a/vendor/k8s.io/apimachinery/pkg/apis/meta/v1/generated.proto
+++ b/vendor/k8s.io/apimachinery/pkg/apis/meta/v1/generated.proto
@@ -425,8 +425,6 @@ message LabelSelector {
 // relates the key and values.
 message LabelSelectorRequirement {
   // key is the label key that the selector applies to.
-  // +patchMergeKey=key
-  // +patchStrategy=merge
   optional string key = 1;
 
   // operator represents a key's relationship to a set of values.
diff --git a/vendor/k8s.io/apimachinery/pkg/apis/meta/v1/types.go b/vendor/k8s.io/apimachinery/pkg/apis/meta/v1/types.go
index 352d58ebc..8a8ff7018 100644
--- a/vendor/k8s.io/apimachinery/pkg/apis/meta/v1/types.go
+++ b/vendor/k8s.io/apimachinery/pkg/apis/meta/v1/types.go
@@ -995,6 +995,24 @@ const (
 	// CauseTypeFieldValueNotSupported is used to report valid (as per formatting rules)
 	// values that can not be handled (e.g. an enumerated string).
 	CauseTypeFieldValueNotSupported CauseType = "FieldValueNotSupported"
+	// CauseTypeForbidden is used to report valid (as per formatting rules)
+	// values which would be accepted under some conditions, but which are not
+	// permitted by the current conditions (such as security policy).  See
+	// Forbidden().
+	CauseTypeForbidden CauseType = "FieldValueForbidden"
+	// CauseTypeTooLong is used to report that the given value is too long.
+	// This is similar to ErrorTypeInvalid, but the error will not include the
+	// too-long value.  See TooLong().
+	CauseTypeTooLong CauseType = "FieldValueTooLong"
+	// CauseTypeTooMany is used to report "too many". This is used to
+	// report that a given list has too many items. This is similar to FieldValueTooLong,
+	// but the error indicates quantity instead of length.
+	CauseTypeTooMany CauseType = "FieldValueTooMany"
+	// CauseTypeInternal is used to report other errors that are not related
+	// to user input.  See InternalError().
+	CauseTypeInternal CauseType = "InternalError"
+	// CauseTypeTypeInvalid is for the value did not match the schema type for that field
+	CauseTypeTypeInvalid CauseType = "FieldValueTypeInvalid"
 	// CauseTypeUnexpectedServerResponse is used to report when the server responded to the client
 	// without the expected return type. The presence of this cause indicates the error may be
 	// due to an intervening proxy or the server software malfunctioning.
@@ -1207,9 +1225,7 @@ type LabelSelector struct {
 // relates the key and values.
 type LabelSelectorRequirement struct {
 	// key is the label key that the selector applies to.
-	// +patchMergeKey=key
-	// +patchStrategy=merge
-	Key string `json:"key" patchStrategy:"merge" patchMergeKey:"key" protobuf:"bytes,1,opt,name=key"`
+	Key string `json:"key" protobuf:"bytes,1,opt,name=key"`
 	// operator represents a key's relationship to a set of values.
 	// Valid operators are In, NotIn, Exists and DoesNotExist.
 	Operator LabelSelectorOperator `json:"operator" protobuf:"bytes,2,opt,name=operator,casttype=LabelSelectorOperator"`
diff --git a/vendor/k8s.io/apimachinery/pkg/apis/meta/v1/unstructured/unstructured.go b/vendor/k8s.io/apimachinery/pkg/apis/meta/v1/unstructured/unstructured.go
index a499eee8e..40d289f37 100644
--- a/vendor/k8s.io/apimachinery/pkg/apis/meta/v1/unstructured/unstructured.go
+++ b/vendor/k8s.io/apimachinery/pkg/apis/meta/v1/unstructured/unstructured.go
@@ -101,6 +101,11 @@ func (obj *Unstructured) EachListItem(fn func(runtime.Object) error) error {
 	return nil
 }
 
+func (obj *Unstructured) EachListItemWithAlloc(fn func(runtime.Object) error) error {
+	// EachListItem has allocated a new Object for the user, we can use it directly.
+	return obj.EachListItem(fn)
+}
+
 func (obj *Unstructured) UnstructuredContent() map[string]interface{} {
 	if obj.Object == nil {
 		return make(map[string]interface{})
diff --git a/vendor/k8s.io/apimachinery/pkg/apis/meta/v1/unstructured/unstructured_list.go b/vendor/k8s.io/apimachinery/pkg/apis/meta/v1/unstructured/unstructured_list.go
index 5028f5fb5..82beda2a2 100644
--- a/vendor/k8s.io/apimachinery/pkg/apis/meta/v1/unstructured/unstructured_list.go
+++ b/vendor/k8s.io/apimachinery/pkg/apis/meta/v1/unstructured/unstructured_list.go
@@ -52,6 +52,15 @@ func (u *UnstructuredList) EachListItem(fn func(runtime.Object) error) error {
 	return nil
 }
 
+func (u *UnstructuredList) EachListItemWithAlloc(fn func(runtime.Object) error) error {
+	for i := range u.Items {
+		if err := fn(&Unstructured{Object: u.Items[i].Object}); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
 // NewEmptyInstance returns a new instance of the concrete type containing only kind/apiVersion and no other data.
 // This should be called instead of reflect.New() for unstructured types because the go type alone does not preserve kind/apiVersion info.
 func (u *UnstructuredList) NewEmptyInstance() runtime.Unstructured {
diff --git a/vendor/k8s.io/apimachinery/pkg/runtime/codec.go b/vendor/k8s.io/apimachinery/pkg/runtime/codec.go
index 7fc513dd0..73f85286c 100644
--- a/vendor/k8s.io/apimachinery/pkg/runtime/codec.go
+++ b/vendor/k8s.io/apimachinery/pkg/runtime/codec.go
@@ -45,7 +45,6 @@ func NewCodec(e Encoder, d Decoder) Codec {
 
 // Encode is a convenience wrapper for encoding to a []byte from an Encoder
 func Encode(e Encoder, obj Object) ([]byte, error) {
-	// TODO: reuse buffer
 	buf := &bytes.Buffer{}
 	if err := e.Encode(obj, buf); err != nil {
 		return nil, err
diff --git a/vendor/k8s.io/apimachinery/pkg/runtime/converter.go b/vendor/k8s.io/apimachinery/pkg/runtime/converter.go
index 90bf487e3..62eb27afc 100644
--- a/vendor/k8s.io/apimachinery/pkg/runtime/converter.go
+++ b/vendor/k8s.io/apimachinery/pkg/runtime/converter.go
@@ -231,7 +231,7 @@ func (c *fromUnstructuredContext) pushKey(key string) {
 
 }
 
-// FromUnstructuredWIthValidation converts an object from map[string]interface{} representation into a concrete type.
+// FromUnstructuredWithValidation converts an object from map[string]interface{} representation into a concrete type.
 // It uses encoding/json/Unmarshaler if object implements it or reflection if not.
 // It takes a validationDirective that indicates how to behave when it encounters unknown fields.
 func (c *unstructuredConverter) FromUnstructuredWithValidation(u map[string]interface{}, obj interface{}, returnUnknownFields bool) error {
@@ -465,7 +465,7 @@ func sliceFromUnstructured(sv, dv reflect.Value, ctx *fromUnstructuredContext) e
 			}
 			dv.SetBytes(data)
 		} else {
-			dv.Set(reflect.Zero(dt))
+			dv.Set(reflect.MakeSlice(dt, 0, 0))
 		}
 		return nil
 	}
diff --git a/vendor/k8s.io/apimachinery/pkg/runtime/interfaces.go b/vendor/k8s.io/apimachinery/pkg/runtime/interfaces.go
index 710a97795..e89ea8939 100644
--- a/vendor/k8s.io/apimachinery/pkg/runtime/interfaces.go
+++ b/vendor/k8s.io/apimachinery/pkg/runtime/interfaces.go
@@ -365,4 +365,9 @@ type Unstructured interface {
 	// error should terminate the iteration. If IsList() returns false, this method should return an error
 	// instead of calling the provided function.
 	EachListItem(func(Object) error) error
+	// EachListItemWithAlloc works like EachListItem, but avoids retaining references to a slice of items.
+	// It does this by making a shallow copy of non-pointer items before passing them to fn.
+	//
+	// If the items passed to fn are not retained, or are retained for the same duration, use EachListItem instead for memory efficiency.
+	EachListItemWithAlloc(func(Object) error) error
 }
diff --git a/vendor/k8s.io/apimachinery/pkg/runtime/schema/group_version.go b/vendor/k8s.io/apimachinery/pkg/runtime/schema/group_version.go
index 54ccb7a74..d1c37c942 100644
--- a/vendor/k8s.io/apimachinery/pkg/runtime/schema/group_version.go
+++ b/vendor/k8s.io/apimachinery/pkg/runtime/schema/group_version.go
@@ -39,7 +39,7 @@ func ParseResourceArg(arg string) (*GroupVersionResource, GroupResource) {
 // ParseKindArg takes the common style of string which may be either `Kind.group.com` or `Kind.version.group.com`
 // and parses it out into both possibilities. This code takes no responsibility for knowing which representation was intended
 // but with a knowledge of all GroupKinds, calling code can take a very good guess. If there are only two segments, then
-// `*GroupVersionResource` is nil.
+// `*GroupVersionKind` is nil.
 // `Kind.group.com` -> `group=com, version=group, kind=Kind` and `group=group.com, kind=Kind`
 func ParseKindArg(arg string) (*GroupVersionKind, GroupKind) {
 	var gvk *GroupVersionKind
diff --git a/vendor/k8s.io/apimachinery/pkg/runtime/splice.go b/vendor/k8s.io/apimachinery/pkg/runtime/splice.go
new file mode 100644
index 000000000..2badb7b97
--- /dev/null
+++ b/vendor/k8s.io/apimachinery/pkg/runtime/splice.go
@@ -0,0 +1,76 @@
+/*
+Copyright 2023 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package runtime
+
+import (
+	"bytes"
+	"io"
+)
+
+// Splice is the interface that wraps the Splice method.
+//
+// Splice moves data from given slice without copying the underlying data for
+// efficiency purpose. Therefore, the caller should make sure the underlying
+// data is not changed later.
+type Splice interface {
+	Splice([]byte)
+	io.Writer
+	Reset()
+	Bytes() []byte
+}
+
+// A spliceBuffer implements Splice and io.Writer interfaces.
+type spliceBuffer struct {
+	raw []byte
+	buf *bytes.Buffer
+}
+
+func NewSpliceBuffer() Splice {
+	return &spliceBuffer{}
+}
+
+// Splice implements the Splice interface.
+func (sb *spliceBuffer) Splice(raw []byte) {
+	sb.raw = raw
+}
+
+// Write implements the io.Writer interface.
+func (sb *spliceBuffer) Write(p []byte) (n int, err error) {
+	if sb.buf == nil {
+		sb.buf = &bytes.Buffer{}
+	}
+	return sb.buf.Write(p)
+}
+
+// Reset resets the buffer to be empty.
+func (sb *spliceBuffer) Reset() {
+	if sb.buf != nil {
+		sb.buf.Reset()
+	}
+	sb.raw = nil
+}
+
+// Bytes returns the data held by the buffer.
+func (sb *spliceBuffer) Bytes() []byte {
+	if sb.buf != nil && len(sb.buf.Bytes()) > 0 {
+		return sb.buf.Bytes()
+	}
+	if sb.raw != nil {
+		return sb.raw
+	}
+	return []byte{}
+}
diff --git a/vendor/k8s.io/apimachinery/pkg/util/cache/expiring.go b/vendor/k8s.io/apimachinery/pkg/util/cache/expiring.go
index 0d2f153bf..1396274c7 100644
--- a/vendor/k8s.io/apimachinery/pkg/util/cache/expiring.go
+++ b/vendor/k8s.io/apimachinery/pkg/util/cache/expiring.go
@@ -40,6 +40,13 @@ func NewExpiringWithClock(clock clock.Clock) *Expiring {
 
 // Expiring is a map whose entries expire after a per-entry timeout.
 type Expiring struct {
+	// AllowExpiredGet causes the expiration check to be skipped on Get.
+	// It should only be used when a key always corresponds to the exact same value.
+	// Thus when this field is true, expired keys are considered valid
+	// until the next call to Set (which causes the GC to run).
+	// It may not be changed concurrently with calls to Get.
+	AllowExpiredGet bool
+
 	clock clock.Clock
 
 	// mu protects the below fields
@@ -70,7 +77,10 @@ func (c *Expiring) Get(key interface{}) (val interface{}, ok bool) {
 	c.mu.RLock()
 	defer c.mu.RUnlock()
 	e, ok := c.cache[key]
-	if !ok || !c.clock.Now().Before(e.expiry) {
+	if !ok {
+		return nil, false
+	}
+	if !c.AllowExpiredGet && !c.clock.Now().Before(e.expiry) {
 		return nil, false
 	}
 	return e.val, true
diff --git a/vendor/k8s.io/apimachinery/pkg/util/diff/diff.go b/vendor/k8s.io/apimachinery/pkg/util/diff/diff.go
index ec4002e38..fc0301844 100644
--- a/vendor/k8s.io/apimachinery/pkg/util/diff/diff.go
+++ b/vendor/k8s.io/apimachinery/pkg/util/diff/diff.go
@@ -23,34 +23,20 @@ import (
 	"strings"
 	"text/tabwriter"
 
-	"github.com/davecgh/go-spew/spew"
 	"github.com/google/go-cmp/cmp"
+	"k8s.io/apimachinery/pkg/util/dump"
 )
 
-// StringDiff diffs a and b and returns a human readable diff.
-func StringDiff(a, b string) string {
-	ba := []byte(a)
-	bb := []byte(b)
-	out := []byte{}
-	i := 0
-	for ; i < len(ba) && i < len(bb); i++ {
-		if ba[i] != bb[i] {
-			break
-		}
-		out = append(out, ba[i])
-	}
-	out = append(out, []byte("\n\nA: ")...)
-	out = append(out, ba[i:]...)
-	out = append(out, []byte("\n\nB: ")...)
-	out = append(out, bb[i:]...)
-	out = append(out, []byte("\n\n")...)
-	return string(out)
-}
-
 func legacyDiff(a, b interface{}) string {
 	return cmp.Diff(a, b)
 }
 
+// StringDiff diffs a and b and returns a human readable diff.
+// DEPRECATED: use github.com/google/go-cmp/cmp.Diff
+func StringDiff(a, b string) string {
+	return legacyDiff(a, b)
+}
+
 // ObjectDiff prints the diff of two go objects and fails if the objects
 // contain unhandled unexported fields.
 // DEPRECATED: use github.com/google/go-cmp/cmp.Diff
@@ -75,13 +61,8 @@ func ObjectReflectDiff(a, b interface{}) string {
 // ObjectGoPrintSideBySide prints a and b as textual dumps side by side,
 // enabling easy visual scanning for mismatches.
 func ObjectGoPrintSideBySide(a, b interface{}) string {
-	s := spew.ConfigState{
-		Indent: " ",
-		// Extra deep spew.
-		DisableMethods: true,
-	}
-	sA := s.Sdump(a)
-	sB := s.Sdump(b)
+	sA := dump.Pretty(a)
+	sB := dump.Pretty(b)
 
 	linesA := strings.Split(sA, "\n")
 	linesB := strings.Split(sB, "\n")
diff --git a/vendor/k8s.io/apimachinery/pkg/util/dump/dump.go b/vendor/k8s.io/apimachinery/pkg/util/dump/dump.go
new file mode 100644
index 000000000..cf61ef76a
--- /dev/null
+++ b/vendor/k8s.io/apimachinery/pkg/util/dump/dump.go
@@ -0,0 +1,54 @@
+/*
+Copyright 2021 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package dump
+
+import (
+	"github.com/davecgh/go-spew/spew"
+)
+
+var prettyPrintConfig = &spew.ConfigState{
+	Indent:                  "  ",
+	DisableMethods:          true,
+	DisablePointerAddresses: true,
+	DisableCapacities:       true,
+}
+
+// The config MUST NOT be changed because that could change the result of a hash operation
+var prettyPrintConfigForHash = &spew.ConfigState{
+	Indent:                  " ",
+	SortKeys:                true,
+	DisableMethods:          true,
+	SpewKeys:                true,
+	DisablePointerAddresses: true,
+	DisableCapacities:       true,
+}
+
+// Pretty wrap the spew.Sdump with Indent, and disabled methods like error() and String()
+// The output may change over time, so for guaranteed output please take more direct control
+func Pretty(a interface{}) string {
+	return prettyPrintConfig.Sdump(a)
+}
+
+// ForHash keeps the original Spew.Sprintf format to ensure the same checksum
+func ForHash(a interface{}) string {
+	return prettyPrintConfigForHash.Sprintf("%#v", a)
+}
+
+// OneLine outputs the object in one line
+func OneLine(a interface{}) string {
+	return prettyPrintConfig.Sprintf("%#v", a)
+}
diff --git a/vendor/k8s.io/apimachinery/pkg/util/httpstream/spdy/roundtripper.go b/vendor/k8s.io/apimachinery/pkg/util/httpstream/spdy/roundtripper.go
index 27c3d2d56..7fe52ee56 100644
--- a/vendor/k8s.io/apimachinery/pkg/util/httpstream/spdy/roundtripper.go
+++ b/vendor/k8s.io/apimachinery/pkg/util/httpstream/spdy/roundtripper.go
@@ -23,7 +23,7 @@ import (
 	"encoding/base64"
 	"errors"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net"
 	"net/http"
 	"net/http/httputil"
@@ -337,7 +337,7 @@ func (s *SpdyRoundTripper) NewConnection(resp *http.Response) (httpstream.Connec
 	if (resp.StatusCode != http.StatusSwitchingProtocols) || !strings.Contains(connectionHeader, strings.ToLower(httpstream.HeaderUpgrade)) || !strings.Contains(upgradeHeader, strings.ToLower(HeaderSpdy31)) {
 		defer resp.Body.Close()
 		responseError := ""
-		responseErrorBytes, err := ioutil.ReadAll(resp.Body)
+		responseErrorBytes, err := io.ReadAll(resp.Body)
 		if err != nil {
 			responseError = "unable to read error from server response"
 		} else {
diff --git a/vendor/k8s.io/apimachinery/pkg/util/intstr/intstr.go b/vendor/k8s.io/apimachinery/pkg/util/intstr/intstr.go
index 5e8009704..0ea88156b 100644
--- a/vendor/k8s.io/apimachinery/pkg/util/intstr/intstr.go
+++ b/vendor/k8s.io/apimachinery/pkg/util/intstr/intstr.go
@@ -54,7 +54,7 @@ const (
 // FromInt creates an IntOrString object with an int32 value. It is
 // your responsibility not to call this method with a value greater
 // than int32.
-// TODO: convert to (val int32)
+// Deprecated: use FromInt32 instead.
 func FromInt(val int) IntOrString {
 	if val > math.MaxInt32 || val < math.MinInt32 {
 		klog.Errorf("value: %d overflows int32\n%s\n", val, debug.Stack())
@@ -62,6 +62,11 @@ func FromInt(val int) IntOrString {
 	return IntOrString{Type: Int, IntVal: int32(val)}
 }
 
+// FromInt32 creates an IntOrString object with an int32 value.
+func FromInt32(val int32) IntOrString {
+	return IntOrString{Type: Int, IntVal: val}
+}
+
 // FromString creates an IntOrString object with a string value.
 func FromString(val string) IntOrString {
 	return IntOrString{Type: String, StrVal: val}
diff --git a/vendor/k8s.io/apimachinery/pkg/util/managedfields/internal/fieldmanager.go b/vendor/k8s.io/apimachinery/pkg/util/managedfields/internal/fieldmanager.go
index f3111d4bc..eca04a711 100644
--- a/vendor/k8s.io/apimachinery/pkg/util/managedfields/internal/fieldmanager.go
+++ b/vendor/k8s.io/apimachinery/pkg/util/managedfields/internal/fieldmanager.go
@@ -56,17 +56,20 @@ func NewFieldManager(f Manager, subresource string) *FieldManager {
 // newDefaultFieldManager is a helper function which wraps a Manager with certain default logic.
 func NewDefaultFieldManager(f Manager, typeConverter TypeConverter, objectConverter runtime.ObjectConvertor, objectCreater runtime.ObjectCreater, kind schema.GroupVersionKind, subresource string) *FieldManager {
 	return NewFieldManager(
-		NewLastAppliedUpdater(
-			NewLastAppliedManager(
-				NewProbabilisticSkipNonAppliedManager(
-					NewCapManagersManager(
-						NewBuildManagerInfoManager(
-							NewManagedFieldsUpdater(
-								NewStripMetaManager(f),
-							), kind.GroupVersion(), subresource,
-						), DefaultMaxUpdateManagers,
-					), objectCreater, kind, DefaultTrackOnCreateProbability,
-				), typeConverter, objectConverter, kind.GroupVersion()),
+		NewVersionCheckManager(
+			NewLastAppliedUpdater(
+				NewLastAppliedManager(
+					NewProbabilisticSkipNonAppliedManager(
+						NewCapManagersManager(
+							NewBuildManagerInfoManager(
+								NewManagedFieldsUpdater(
+									NewStripMetaManager(f),
+								), kind.GroupVersion(), subresource,
+							), DefaultMaxUpdateManagers,
+						), objectCreater, DefaultTrackOnCreateProbability,
+					), typeConverter, objectConverter, kind.GroupVersion(),
+				),
+			), kind,
 		), subresource,
 	)
 }
diff --git a/vendor/k8s.io/apimachinery/pkg/util/managedfields/internal/skipnonapplied.go b/vendor/k8s.io/apimachinery/pkg/util/managedfields/internal/skipnonapplied.go
index 6b281ec1e..f24c040ed 100644
--- a/vendor/k8s.io/apimachinery/pkg/util/managedfields/internal/skipnonapplied.go
+++ b/vendor/k8s.io/apimachinery/pkg/util/managedfields/internal/skipnonapplied.go
@@ -22,13 +22,11 @@ import (
 
 	"k8s.io/apimachinery/pkg/api/meta"
 	"k8s.io/apimachinery/pkg/runtime"
-	"k8s.io/apimachinery/pkg/runtime/schema"
 )
 
 type skipNonAppliedManager struct {
 	fieldManager           Manager
 	objectCreater          runtime.ObjectCreater
-	gvk                    schema.GroupVersionKind
 	beforeApplyManagerName string
 	probability            float32
 }
@@ -36,17 +34,16 @@ type skipNonAppliedManager struct {
 var _ Manager = &skipNonAppliedManager{}
 
 // NewSkipNonAppliedManager creates a new wrapped FieldManager that only starts tracking managers after the first apply.
-func NewSkipNonAppliedManager(fieldManager Manager, objectCreater runtime.ObjectCreater, gvk schema.GroupVersionKind) Manager {
-	return NewProbabilisticSkipNonAppliedManager(fieldManager, objectCreater, gvk, 0.0)
+func NewSkipNonAppliedManager(fieldManager Manager, objectCreater runtime.ObjectCreater) Manager {
+	return NewProbabilisticSkipNonAppliedManager(fieldManager, objectCreater, 0.0)
 }
 
 // NewProbabilisticSkipNonAppliedManager creates a new wrapped FieldManager that starts tracking managers after the first apply,
 // or starts tracking on create with p probability.
-func NewProbabilisticSkipNonAppliedManager(fieldManager Manager, objectCreater runtime.ObjectCreater, gvk schema.GroupVersionKind, p float32) Manager {
+func NewProbabilisticSkipNonAppliedManager(fieldManager Manager, objectCreater runtime.ObjectCreater, p float32) Manager {
 	return &skipNonAppliedManager{
 		fieldManager:           fieldManager,
 		objectCreater:          objectCreater,
-		gvk:                    gvk,
 		beforeApplyManagerName: "before-first-apply",
 		probability:            p,
 	}
@@ -78,9 +75,10 @@ func (f *skipNonAppliedManager) Update(liveObj, newObj runtime.Object, managed M
 // Apply implements Manager.
 func (f *skipNonAppliedManager) Apply(liveObj, appliedObj runtime.Object, managed Managed, fieldManager string, force bool) (runtime.Object, Managed, error) {
 	if len(managed.Fields()) == 0 {
-		emptyObj, err := f.objectCreater.New(f.gvk)
+		gvk := appliedObj.GetObjectKind().GroupVersionKind()
+		emptyObj, err := f.objectCreater.New(gvk)
 		if err != nil {
-			return nil, nil, fmt.Errorf("failed to create empty object of type %v: %v", f.gvk, err)
+			return nil, nil, fmt.Errorf("failed to create empty object of type %v: %v", gvk, err)
 		}
 		liveObj, managed, err = f.fieldManager.Update(emptyObj, liveObj, managed, f.beforeApplyManagerName)
 		if err != nil {
diff --git a/vendor/k8s.io/apimachinery/pkg/util/managedfields/internal/structuredmerge.go b/vendor/k8s.io/apimachinery/pkg/util/managedfields/internal/structuredmerge.go
index eb5598ac3..2112c9ab7 100644
--- a/vendor/k8s.io/apimachinery/pkg/util/managedfields/internal/structuredmerge.go
+++ b/vendor/k8s.io/apimachinery/pkg/util/managedfields/internal/structuredmerge.go
@@ -41,6 +41,9 @@ var _ Manager = &structuredMergeManager{}
 // NewStructuredMergeManager creates a new Manager that merges apply requests
 // and update managed fields for other types of requests.
 func NewStructuredMergeManager(typeConverter TypeConverter, objectConverter runtime.ObjectConvertor, objectDefaulter runtime.ObjectDefaulter, gv schema.GroupVersion, hub schema.GroupVersion, resetFields map[fieldpath.APIVersion]*fieldpath.Set) (Manager, error) {
+	if typeConverter == nil {
+		return nil, fmt.Errorf("typeconverter must not be nil")
+	}
 	return &structuredMergeManager{
 		typeConverter:   typeConverter,
 		objectConverter: objectConverter,
diff --git a/vendor/k8s.io/apimachinery/pkg/util/managedfields/internal/versioncheck.go b/vendor/k8s.io/apimachinery/pkg/util/managedfields/internal/versioncheck.go
new file mode 100644
index 000000000..ee1e2bca7
--- /dev/null
+++ b/vendor/k8s.io/apimachinery/pkg/util/managedfields/internal/versioncheck.go
@@ -0,0 +1,52 @@
+/*
+Copyright 2023 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package internal
+
+import (
+	"fmt"
+
+	"k8s.io/apimachinery/pkg/api/errors"
+	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/runtime/schema"
+)
+
+type versionCheckManager struct {
+	fieldManager Manager
+	gvk          schema.GroupVersionKind
+}
+
+var _ Manager = &versionCheckManager{}
+
+// NewVersionCheckManager creates a manager that makes sure that the
+// applied object is in the proper version.
+func NewVersionCheckManager(fieldManager Manager, gvk schema.GroupVersionKind) Manager {
+	return &versionCheckManager{fieldManager: fieldManager, gvk: gvk}
+}
+
+// Update implements Manager.
+func (f *versionCheckManager) Update(liveObj, newObj runtime.Object, managed Managed, manager string) (runtime.Object, Managed, error) {
+	// Nothing to do for updates, this is checked in many other places.
+	return f.fieldManager.Update(liveObj, newObj, managed, manager)
+}
+
+// Apply implements Manager.
+func (f *versionCheckManager) Apply(liveObj, appliedObj runtime.Object, managed Managed, fieldManager string, force bool) (runtime.Object, Managed, error) {
+	if gvk := appliedObj.GetObjectKind().GroupVersionKind(); gvk != f.gvk {
+		return nil, nil, errors.NewBadRequest(fmt.Sprintf("invalid object type: %v", gvk))
+	}
+	return f.fieldManager.Apply(liveObj, appliedObj, managed, fieldManager, force)
+}
diff --git a/vendor/k8s.io/apimachinery/pkg/util/mergepatch/util.go b/vendor/k8s.io/apimachinery/pkg/util/mergepatch/util.go
index a20efd187..25626cf3a 100644
--- a/vendor/k8s.io/apimachinery/pkg/util/mergepatch/util.go
+++ b/vendor/k8s.io/apimachinery/pkg/util/mergepatch/util.go
@@ -20,7 +20,7 @@ import (
 	"fmt"
 	"reflect"
 
-	"github.com/davecgh/go-spew/spew"
+	"k8s.io/apimachinery/pkg/util/dump"
 	"sigs.k8s.io/yaml"
 )
 
@@ -76,7 +76,7 @@ func ToYAMLOrError(v interface{}) string {
 func toYAML(v interface{}) (string, error) {
 	y, err := yaml.Marshal(v)
 	if err != nil {
-		return "", fmt.Errorf("yaml marshal failed:%v\n%v\n", err, spew.Sdump(v))
+		return "", fmt.Errorf("yaml marshal failed:%v\n%v\n", err, dump.Pretty(v))
 	}
 
 	return string(y), nil
diff --git a/vendor/k8s.io/apimachinery/pkg/util/net/util.go b/vendor/k8s.io/apimachinery/pkg/util/net/util.go
index 1c2aba55f..1635e69a5 100644
--- a/vendor/k8s.io/apimachinery/pkg/util/net/util.go
+++ b/vendor/k8s.io/apimachinery/pkg/util/net/util.go
@@ -20,6 +20,7 @@ import (
 	"errors"
 	"net"
 	"reflect"
+	"strings"
 	"syscall"
 )
 
@@ -47,6 +48,11 @@ func IsConnectionReset(err error) bool {
 	return false
 }
 
+// Returns if the given err is "http2: client connection lost" error.
+func IsHTTP2ConnectionLost(err error) bool {
+	return err != nil && strings.Contains(err.Error(), "http2: client connection lost")
+}
+
 // Returns if the given err is "connection refused" error
 func IsConnectionRefused(err error) bool {
 	var errno syscall.Errno
diff --git a/vendor/k8s.io/apimachinery/pkg/util/runtime/runtime.go b/vendor/k8s.io/apimachinery/pkg/util/runtime/runtime.go
index d738725ca..3674914f7 100644
--- a/vendor/k8s.io/apimachinery/pkg/util/runtime/runtime.go
+++ b/vendor/k8s.io/apimachinery/pkg/util/runtime/runtime.go
@@ -126,14 +126,17 @@ type rudimentaryErrorBackoff struct {
 // OnError will block if it is called more often than the embedded period time.
 // This will prevent overly tight hot error loops.
 func (r *rudimentaryErrorBackoff) OnError(error) {
+	now := time.Now() // start the timer before acquiring the lock
 	r.lastErrorTimeLock.Lock()
-	defer r.lastErrorTimeLock.Unlock()
-	d := time.Since(r.lastErrorTime)
-	if d < r.minPeriod {
-		// If the time moves backwards for any reason, do nothing
-		time.Sleep(r.minPeriod - d)
-	}
+	d := now.Sub(r.lastErrorTime)
 	r.lastErrorTime = time.Now()
+	r.lastErrorTimeLock.Unlock()
+
+	// Do not sleep with the lock held because that causes all callers of HandleError to block.
+	// We only want the current goroutine to block.
+	// A negative or zero duration causes time.Sleep to return immediately.
+	// If the time moves backwards for any reason, do nothing.
+	time.Sleep(r.minPeriod - d)
 }
 
 // GetCaller returns the caller of the function that calls it.
diff --git a/vendor/k8s.io/apimachinery/pkg/util/strategicpatch/patch.go b/vendor/k8s.io/apimachinery/pkg/util/strategicpatch/patch.go
index 3ee683b99..920c113bb 100644
--- a/vendor/k8s.io/apimachinery/pkg/util/strategicpatch/patch.go
+++ b/vendor/k8s.io/apimachinery/pkg/util/strategicpatch/patch.go
@@ -1182,7 +1182,13 @@ func mergePatchIntoOriginal(original, patch map[string]interface{}, schema Looku
 			merged = originalFieldValue
 		case !foundOriginal && foundPatch:
 			// list was added
-			merged = patchFieldValue
+			v, keep := removeDirectives(patchFieldValue)
+			if !keep {
+				// Shouldn't be possible since patchFieldValue is a slice
+				continue
+			}
+
+			merged = v.([]interface{})
 		case foundOriginal && foundPatch:
 			merged, err = mergeSliceHandler(originalList, patchList, subschema,
 				patchStrategy, patchMeta.GetPatchMergeKey(), false, mergeOptions)
@@ -1270,6 +1276,42 @@ func partitionMapsByPresentInList(original, partitionBy []interface{}, mergeKey
 	return patch, serverOnly, nil
 }
 
+// Removes directives from an object and returns value to use instead and whether
+// or not the field/index should even be kept
+// May modify input
+func removeDirectives(obj interface{}) (interface{}, bool) {
+	if obj == nil {
+		return obj, true
+	} else if typedV, ok := obj.(map[string]interface{}); ok {
+		if _, hasDirective := typedV[directiveMarker]; hasDirective {
+			return nil, false
+		}
+
+		for k, v := range typedV {
+			var keep bool
+			typedV[k], keep = removeDirectives(v)
+			if !keep {
+				delete(typedV, k)
+			}
+		}
+		return typedV, true
+	} else if typedV, ok := obj.([]interface{}); ok {
+		var res []interface{}
+		if typedV != nil {
+			// Make sure res is non-nil if patch is non-nil
+			res = []interface{}{}
+		}
+		for _, v := range typedV {
+			if newV, keep := removeDirectives(v); keep {
+				res = append(res, newV)
+			}
+		}
+		return res, true
+	} else {
+		return obj, true
+	}
+}
+
 // Merge fields from a patch map into the original map. Note: This may modify
 // both the original map and the patch because getting a deep copy of a map in
 // golang is highly non-trivial.
@@ -1333,7 +1375,10 @@ func mergeMap(original, patch map[string]interface{}, schema LookupPatchMeta, me
 				if mergeOptions.IgnoreUnmatchedNulls {
 					discardNullValuesFromPatch(patchV)
 				}
-				original[k] = patchV
+				original[k], ok = removeDirectives(patchV)
+				if !ok {
+					delete(original, k)
+				}
 			}
 			continue
 		}
@@ -1345,7 +1390,10 @@ func mergeMap(original, patch map[string]interface{}, schema LookupPatchMeta, me
 				if mergeOptions.IgnoreUnmatchedNulls {
 					discardNullValuesFromPatch(patchV)
 				}
-				original[k] = patchV
+				original[k], ok = removeDirectives(patchV)
+				if !ok {
+					delete(original, k)
+				}
 			}
 			continue
 		}
@@ -1372,7 +1420,11 @@ func mergeMap(original, patch map[string]interface{}, schema LookupPatchMeta, me
 			}
 			original[k], err = mergeSliceHandler(original[k], patchV, subschema, patchStrategy, patchMeta.GetPatchMergeKey(), isDeleteList, mergeOptions)
 		default:
-			original[k] = patchV
+			original[k], ok = removeDirectives(patchV)
+			if !ok {
+				// if patchV itself is a directive, then don't keep it
+				delete(original, k)
+			}
 		}
 		if err != nil {
 			return nil, err
@@ -1425,7 +1477,8 @@ func mergeSliceHandler(original, patch interface{}, schema LookupPatchMeta,
 		return nil, err
 	}
 
-	if fieldPatchStrategy == mergeDirective {
+	// Delete lists are handled the same way regardless of what the field's patch strategy is
+	if fieldPatchStrategy == mergeDirective || isDeleteList {
 		return mergeSlice(typedOriginal, typedPatch, schema, fieldPatchMergeKey, mergeOptions, isDeleteList)
 	} else {
 		return typedPatch, nil
diff --git a/vendor/k8s.io/apimachinery/pkg/util/version/version.go b/vendor/k8s.io/apimachinery/pkg/util/version/version.go
index 8c997ec45..4c6195695 100644
--- a/vendor/k8s.io/apimachinery/pkg/util/version/version.go
+++ b/vendor/k8s.io/apimachinery/pkg/util/version/version.go
@@ -121,6 +121,11 @@ func MustParseSemantic(str string) *Version {
 	return v
 }
 
+// MajorMinor returns a version with the provided major and minor version.
+func MajorMinor(major, minor uint) *Version {
+	return &Version{components: []uint{major, minor}}
+}
+
 // Major returns the major release number
 func (v *Version) Major() uint {
 	return v.components[0]
diff --git a/vendor/k8s.io/apimachinery/pkg/util/wait/loop.go b/vendor/k8s.io/apimachinery/pkg/util/wait/loop.go
index 51864d70f..0dd13c626 100644
--- a/vendor/k8s.io/apimachinery/pkg/util/wait/loop.go
+++ b/vendor/k8s.io/apimachinery/pkg/util/wait/loop.go
@@ -27,9 +27,11 @@ import (
 // the provided timer until the provided context is cancelled, the condition returns
 // true, or the condition returns an error. If sliding is true, the period is computed
 // after condition runs. If it is false then period includes the runtime for condition.
-// If immediate is false the first delay happens before any call to condition. The
-// returned error is the error returned by the last condition or the context error if
-// the context was terminated.
+// If immediate is false the first delay happens before any call to condition, if
+// immediate is true the condition will be invoked before waiting and guarantees that
+// the condition is invoked at least once, regardless of whether the context has been
+// cancelled. The returned error is the error returned by the last condition or the
+// context error if the context was terminated.
 //
 // This is the common loop construct for all polling in the wait package.
 func loopConditionUntilContext(ctx context.Context, t Timer, immediate, sliding bool, condition ConditionWithContextFunc) error {
@@ -38,8 +40,17 @@ func loopConditionUntilContext(ctx context.Context, t Timer, immediate, sliding
 	var timeCh <-chan time.Time
 	doneCh := ctx.Done()
 
+	// if immediate is true the condition is
+	// guaranteed to be executed at least once,
 	// if we haven't requested immediate execution, delay once
-	if !immediate {
+	if immediate {
+		if ok, err := func() (bool, error) {
+			defer runtime.HandleCrash()
+			return condition(ctx)
+		}(); err != nil || ok {
+			return err
+		}
+	} else {
 		timeCh = t.C()
 		select {
 		case <-doneCh:
diff --git a/vendor/k8s.io/apimachinery/pkg/util/wait/poll.go b/vendor/k8s.io/apimachinery/pkg/util/wait/poll.go
index 32e8688ca..231d4c384 100644
--- a/vendor/k8s.io/apimachinery/pkg/util/wait/poll.go
+++ b/vendor/k8s.io/apimachinery/pkg/util/wait/poll.go
@@ -38,10 +38,10 @@ func PollUntilContextCancel(ctx context.Context, interval time.Duration, immedia
 // a deadline and is equivalent to:
 //
 //	deadlineCtx, deadlineCancel := context.WithTimeout(ctx, timeout)
-//	err := PollUntilContextCancel(ctx, interval, immediate, condition)
+//	err := PollUntilContextCancel(deadlineCtx, interval, immediate, condition)
 //
 // The deadline context will be cancelled if the Poll succeeds before the timeout, simplifying
-// inline usage. All other behavior is identical to PollWithContextTimeout.
+// inline usage. All other behavior is identical to PollUntilContextCancel.
 func PollUntilContextTimeout(ctx context.Context, interval, timeout time.Duration, immediate bool, condition ConditionWithContextFunc) error {
 	deadlineCtx, deadlineCancel := context.WithTimeout(ctx, timeout)
 	defer deadlineCancel()
@@ -59,7 +59,7 @@ func PollUntilContextTimeout(ctx context.Context, interval, timeout time.Duratio
 //
 // If you want to Poll something forever, see PollInfinite.
 //
-// Deprecated: This method does not return errors from context, use PollWithContextTimeout.
+// Deprecated: This method does not return errors from context, use PollUntilContextTimeout.
 // Note that the new method will no longer return ErrWaitTimeout and instead return errors
 // defined by the context package. Will be removed in a future release.
 func Poll(interval, timeout time.Duration, condition ConditionFunc) error {
@@ -78,7 +78,7 @@ func Poll(interval, timeout time.Duration, condition ConditionFunc) error {
 //
 // If you want to Poll something forever, see PollInfinite.
 //
-// Deprecated: This method does not return errors from context, use PollWithContextTimeout.
+// Deprecated: This method does not return errors from context, use PollUntilContextTimeout.
 // Note that the new method will no longer return ErrWaitTimeout and instead return errors
 // defined by the context package. Will be removed in a future release.
 func PollWithContext(ctx context.Context, interval, timeout time.Duration, condition ConditionWithContextFunc) error {
@@ -91,7 +91,7 @@ func PollWithContext(ctx context.Context, interval, timeout time.Duration, condi
 // PollUntil always waits interval before the first run of 'condition'.
 // 'condition' will always be invoked at least once.
 //
-// Deprecated: This method does not return errors from context, use PollWithContextCancel.
+// Deprecated: This method does not return errors from context, use PollUntilContextCancel.
 // Note that the new method will no longer return ErrWaitTimeout and instead return errors
 // defined by the context package. Will be removed in a future release.
 func PollUntil(interval time.Duration, condition ConditionFunc, stopCh <-chan struct{}) error {
@@ -104,7 +104,7 @@ func PollUntil(interval time.Duration, condition ConditionFunc, stopCh <-chan st
 // PollUntilWithContext always waits interval before the first run of 'condition'.
 // 'condition' will always be invoked at least once.
 //
-// Deprecated: This method does not return errors from context, use PollWithContextCancel.
+// Deprecated: This method does not return errors from context, use PollUntilContextCancel.
 // Note that the new method will no longer return ErrWaitTimeout and instead return errors
 // defined by the context package. Will be removed in a future release.
 func PollUntilWithContext(ctx context.Context, interval time.Duration, condition ConditionWithContextFunc) error {
@@ -118,7 +118,7 @@ func PollUntilWithContext(ctx context.Context, interval time.Duration, condition
 // Some intervals may be missed if the condition takes too long or the time
 // window is too short.
 //
-// Deprecated: This method does not return errors from context, use PollWithContextCancel.
+// Deprecated: This method does not return errors from context, use PollUntilContextCancel.
 // Note that the new method will no longer return ErrWaitTimeout and instead return errors
 // defined by the context package. Will be removed in a future release.
 func PollInfinite(interval time.Duration, condition ConditionFunc) error {
@@ -132,7 +132,7 @@ func PollInfinite(interval time.Duration, condition ConditionFunc) error {
 // Some intervals may be missed if the condition takes too long or the time
 // window is too short.
 //
-// Deprecated: This method does not return errors from context, use PollWithContextCancel.
+// Deprecated: This method does not return errors from context, use PollUntilContextCancel.
 // Note that the new method will no longer return ErrWaitTimeout and instead return errors
 // defined by the context package. Will be removed in a future release.
 func PollInfiniteWithContext(ctx context.Context, interval time.Duration, condition ConditionWithContextFunc) error {
@@ -150,7 +150,7 @@ func PollInfiniteWithContext(ctx context.Context, interval time.Duration, condit
 //
 // If you want to immediately Poll something forever, see PollImmediateInfinite.
 //
-// Deprecated: This method does not return errors from context, use PollWithContextTimeout.
+// Deprecated: This method does not return errors from context, use PollUntilContextTimeout.
 // Note that the new method will no longer return ErrWaitTimeout and instead return errors
 // defined by the context package. Will be removed in a future release.
 func PollImmediate(interval, timeout time.Duration, condition ConditionFunc) error {
@@ -168,7 +168,7 @@ func PollImmediate(interval, timeout time.Duration, condition ConditionFunc) err
 //
 // If you want to immediately Poll something forever, see PollImmediateInfinite.
 //
-// Deprecated: This method does not return errors from context, use PollWithContextTimeout.
+// Deprecated: This method does not return errors from context, use PollUntilContextTimeout.
 // Note that the new method will no longer return ErrWaitTimeout and instead return errors
 // defined by the context package. Will be removed in a future release.
 func PollImmediateWithContext(ctx context.Context, interval, timeout time.Duration, condition ConditionWithContextFunc) error {
@@ -180,7 +180,7 @@ func PollImmediateWithContext(ctx context.Context, interval, timeout time.Durati
 // PollImmediateUntil runs the 'condition' before waiting for the interval.
 // 'condition' will always be invoked at least once.
 //
-// Deprecated: This method does not return errors from context, use PollWithContextCancel.
+// Deprecated: This method does not return errors from context, use PollUntilContextCancel.
 // Note that the new method will no longer return ErrWaitTimeout and instead return errors
 // defined by the context package. Will be removed in a future release.
 func PollImmediateUntil(interval time.Duration, condition ConditionFunc, stopCh <-chan struct{}) error {
@@ -193,7 +193,7 @@ func PollImmediateUntil(interval time.Duration, condition ConditionFunc, stopCh
 // PollImmediateUntilWithContext runs the 'condition' before waiting for the interval.
 // 'condition' will always be invoked at least once.
 //
-// Deprecated: This method does not return errors from context, use PollWithContextCancel.
+// Deprecated: This method does not return errors from context, use PollUntilContextCancel.
 // Note that the new method will no longer return ErrWaitTimeout and instead return errors
 // defined by the context package. Will be removed in a future release.
 func PollImmediateUntilWithContext(ctx context.Context, interval time.Duration, condition ConditionWithContextFunc) error {
@@ -207,7 +207,7 @@ func PollImmediateUntilWithContext(ctx context.Context, interval time.Duration,
 // Some intervals may be missed if the condition takes too long or the time
 // window is too short.
 //
-// Deprecated: This method does not return errors from context, use PollWithContextCancel.
+// Deprecated: This method does not return errors from context, use PollUntilContextCancel.
 // Note that the new method will no longer return ErrWaitTimeout and instead return errors
 // defined by the context package. Will be removed in a future release.
 func PollImmediateInfinite(interval time.Duration, condition ConditionFunc) error {
@@ -222,7 +222,7 @@ func PollImmediateInfinite(interval time.Duration, condition ConditionFunc) erro
 // Some intervals may be missed if the condition takes too long or the time
 // window is too short.
 //
-// Deprecated: This method does not return errors from context, use PollWithContextCancel.
+// Deprecated: This method does not return errors from context, use PollUntilContextCancel.
 // Note that the new method will no longer return ErrWaitTimeout and instead return errors
 // defined by the context package. Will be removed in a future release.
 func PollImmediateInfiniteWithContext(ctx context.Context, interval time.Duration, condition ConditionWithContextFunc) error {
diff --git a/vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1alpha1/paramref.go b/vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1alpha1/paramref.go
index 1102f65f3..0951cae8a 100644
--- a/vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1alpha1/paramref.go
+++ b/vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1alpha1/paramref.go
@@ -18,11 +18,18 @@ limitations under the License.
 
 package v1alpha1
 
+import (
+	v1alpha1 "k8s.io/api/admissionregistration/v1alpha1"
+	v1 "k8s.io/client-go/applyconfigurations/meta/v1"
+)
+
 // ParamRefApplyConfiguration represents an declarative configuration of the ParamRef type for use
 // with apply.
 type ParamRefApplyConfiguration struct {
-	Name      *string `json:"name,omitempty"`
-	Namespace *string `json:"namespace,omitempty"`
+	Name                    *string                               `json:"name,omitempty"`
+	Namespace               *string                               `json:"namespace,omitempty"`
+	Selector                *v1.LabelSelectorApplyConfiguration   `json:"selector,omitempty"`
+	ParameterNotFoundAction *v1alpha1.ParameterNotFoundActionType `json:"parameterNotFoundAction,omitempty"`
 }
 
 // ParamRefApplyConfiguration constructs an declarative configuration of the ParamRef type for use with
@@ -46,3 +53,19 @@ func (b *ParamRefApplyConfiguration) WithNamespace(value string) *ParamRefApplyC
 	b.Namespace = &value
 	return b
 }
+
+// WithSelector sets the Selector field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Selector field is set to the value of the last call.
+func (b *ParamRefApplyConfiguration) WithSelector(value *v1.LabelSelectorApplyConfiguration) *ParamRefApplyConfiguration {
+	b.Selector = value
+	return b
+}
+
+// WithParameterNotFoundAction sets the ParameterNotFoundAction field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the ParameterNotFoundAction field is set to the value of the last call.
+func (b *ParamRefApplyConfiguration) WithParameterNotFoundAction(value v1alpha1.ParameterNotFoundActionType) *ParamRefApplyConfiguration {
+	b.ParameterNotFoundAction = &value
+	return b
+}
diff --git a/vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1alpha1/validatingadmissionpolicyspec.go b/vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1alpha1/validatingadmissionpolicyspec.go
index f674b5b1e..7ee320e42 100644
--- a/vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1alpha1/validatingadmissionpolicyspec.go
+++ b/vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1alpha1/validatingadmissionpolicyspec.go
@@ -31,6 +31,7 @@ type ValidatingAdmissionPolicySpecApplyConfiguration struct {
 	FailurePolicy    *admissionregistrationv1alpha1.FailurePolicyType `json:"failurePolicy,omitempty"`
 	AuditAnnotations []AuditAnnotationApplyConfiguration              `json:"auditAnnotations,omitempty"`
 	MatchConditions  []MatchConditionApplyConfiguration               `json:"matchConditions,omitempty"`
+	Variables        []VariableApplyConfiguration                     `json:"variables,omitempty"`
 }
 
 // ValidatingAdmissionPolicySpecApplyConfiguration constructs an declarative configuration of the ValidatingAdmissionPolicySpec type for use with
@@ -101,3 +102,16 @@ func (b *ValidatingAdmissionPolicySpecApplyConfiguration) WithMatchConditions(va
 	}
 	return b
 }
+
+// WithVariables adds the given value to the Variables field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, values provided by each call will be appended to the Variables field.
+func (b *ValidatingAdmissionPolicySpecApplyConfiguration) WithVariables(values ...*VariableApplyConfiguration) *ValidatingAdmissionPolicySpecApplyConfiguration {
+	for i := range values {
+		if values[i] == nil {
+			panic("nil value passed to WithVariables")
+		}
+		b.Variables = append(b.Variables, *values[i])
+	}
+	return b
+}
diff --git a/vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1alpha1/variable.go b/vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1alpha1/variable.go
new file mode 100644
index 000000000..2c70a8cfb
--- /dev/null
+++ b/vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1alpha1/variable.go
@@ -0,0 +1,48 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by applyconfiguration-gen. DO NOT EDIT.
+
+package v1alpha1
+
+// VariableApplyConfiguration represents an declarative configuration of the Variable type for use
+// with apply.
+type VariableApplyConfiguration struct {
+	Name       *string `json:"name,omitempty"`
+	Expression *string `json:"expression,omitempty"`
+}
+
+// VariableApplyConfiguration constructs an declarative configuration of the Variable type for use with
+// apply.
+func Variable() *VariableApplyConfiguration {
+	return &VariableApplyConfiguration{}
+}
+
+// WithName sets the Name field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Name field is set to the value of the last call.
+func (b *VariableApplyConfiguration) WithName(value string) *VariableApplyConfiguration {
+	b.Name = &value
+	return b
+}
+
+// WithExpression sets the Expression field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Expression field is set to the value of the last call.
+func (b *VariableApplyConfiguration) WithExpression(value string) *VariableApplyConfiguration {
+	b.Expression = &value
+	return b
+}
diff --git a/vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1/auditannotation.go b/vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1/auditannotation.go
new file mode 100644
index 000000000..e92fba0dd
--- /dev/null
+++ b/vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1/auditannotation.go
@@ -0,0 +1,48 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by applyconfiguration-gen. DO NOT EDIT.
+
+package v1beta1
+
+// AuditAnnotationApplyConfiguration represents an declarative configuration of the AuditAnnotation type for use
+// with apply.
+type AuditAnnotationApplyConfiguration struct {
+	Key             *string `json:"key,omitempty"`
+	ValueExpression *string `json:"valueExpression,omitempty"`
+}
+
+// AuditAnnotationApplyConfiguration constructs an declarative configuration of the AuditAnnotation type for use with
+// apply.
+func AuditAnnotation() *AuditAnnotationApplyConfiguration {
+	return &AuditAnnotationApplyConfiguration{}
+}
+
+// WithKey sets the Key field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Key field is set to the value of the last call.
+func (b *AuditAnnotationApplyConfiguration) WithKey(value string) *AuditAnnotationApplyConfiguration {
+	b.Key = &value
+	return b
+}
+
+// WithValueExpression sets the ValueExpression field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the ValueExpression field is set to the value of the last call.
+func (b *AuditAnnotationApplyConfiguration) WithValueExpression(value string) *AuditAnnotationApplyConfiguration {
+	b.ValueExpression = &value
+	return b
+}
diff --git a/vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1/expressionwarning.go b/vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1/expressionwarning.go
new file mode 100644
index 000000000..059c1b94b
--- /dev/null
+++ b/vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1/expressionwarning.go
@@ -0,0 +1,48 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by applyconfiguration-gen. DO NOT EDIT.
+
+package v1beta1
+
+// ExpressionWarningApplyConfiguration represents an declarative configuration of the ExpressionWarning type for use
+// with apply.
+type ExpressionWarningApplyConfiguration struct {
+	FieldRef *string `json:"fieldRef,omitempty"`
+	Warning  *string `json:"warning,omitempty"`
+}
+
+// ExpressionWarningApplyConfiguration constructs an declarative configuration of the ExpressionWarning type for use with
+// apply.
+func ExpressionWarning() *ExpressionWarningApplyConfiguration {
+	return &ExpressionWarningApplyConfiguration{}
+}
+
+// WithFieldRef sets the FieldRef field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the FieldRef field is set to the value of the last call.
+func (b *ExpressionWarningApplyConfiguration) WithFieldRef(value string) *ExpressionWarningApplyConfiguration {
+	b.FieldRef = &value
+	return b
+}
+
+// WithWarning sets the Warning field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Warning field is set to the value of the last call.
+func (b *ExpressionWarningApplyConfiguration) WithWarning(value string) *ExpressionWarningApplyConfiguration {
+	b.Warning = &value
+	return b
+}
diff --git a/vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1/matchresources.go b/vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1/matchresources.go
new file mode 100644
index 000000000..25d4139db
--- /dev/null
+++ b/vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1/matchresources.go
@@ -0,0 +1,90 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by applyconfiguration-gen. DO NOT EDIT.
+
+package v1beta1
+
+import (
+	admissionregistrationv1beta1 "k8s.io/api/admissionregistration/v1beta1"
+	v1 "k8s.io/client-go/applyconfigurations/meta/v1"
+)
+
+// MatchResourcesApplyConfiguration represents an declarative configuration of the MatchResources type for use
+// with apply.
+type MatchResourcesApplyConfiguration struct {
+	NamespaceSelector    *v1.LabelSelectorApplyConfiguration           `json:"namespaceSelector,omitempty"`
+	ObjectSelector       *v1.LabelSelectorApplyConfiguration           `json:"objectSelector,omitempty"`
+	ResourceRules        []NamedRuleWithOperationsApplyConfiguration   `json:"resourceRules,omitempty"`
+	ExcludeResourceRules []NamedRuleWithOperationsApplyConfiguration   `json:"excludeResourceRules,omitempty"`
+	MatchPolicy          *admissionregistrationv1beta1.MatchPolicyType `json:"matchPolicy,omitempty"`
+}
+
+// MatchResourcesApplyConfiguration constructs an declarative configuration of the MatchResources type for use with
+// apply.
+func MatchResources() *MatchResourcesApplyConfiguration {
+	return &MatchResourcesApplyConfiguration{}
+}
+
+// WithNamespaceSelector sets the NamespaceSelector field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the NamespaceSelector field is set to the value of the last call.
+func (b *MatchResourcesApplyConfiguration) WithNamespaceSelector(value *v1.LabelSelectorApplyConfiguration) *MatchResourcesApplyConfiguration {
+	b.NamespaceSelector = value
+	return b
+}
+
+// WithObjectSelector sets the ObjectSelector field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the ObjectSelector field is set to the value of the last call.
+func (b *MatchResourcesApplyConfiguration) WithObjectSelector(value *v1.LabelSelectorApplyConfiguration) *MatchResourcesApplyConfiguration {
+	b.ObjectSelector = value
+	return b
+}
+
+// WithResourceRules adds the given value to the ResourceRules field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, values provided by each call will be appended to the ResourceRules field.
+func (b *MatchResourcesApplyConfiguration) WithResourceRules(values ...*NamedRuleWithOperationsApplyConfiguration) *MatchResourcesApplyConfiguration {
+	for i := range values {
+		if values[i] == nil {
+			panic("nil value passed to WithResourceRules")
+		}
+		b.ResourceRules = append(b.ResourceRules, *values[i])
+	}
+	return b
+}
+
+// WithExcludeResourceRules adds the given value to the ExcludeResourceRules field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, values provided by each call will be appended to the ExcludeResourceRules field.
+func (b *MatchResourcesApplyConfiguration) WithExcludeResourceRules(values ...*NamedRuleWithOperationsApplyConfiguration) *MatchResourcesApplyConfiguration {
+	for i := range values {
+		if values[i] == nil {
+			panic("nil value passed to WithExcludeResourceRules")
+		}
+		b.ExcludeResourceRules = append(b.ExcludeResourceRules, *values[i])
+	}
+	return b
+}
+
+// WithMatchPolicy sets the MatchPolicy field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the MatchPolicy field is set to the value of the last call.
+func (b *MatchResourcesApplyConfiguration) WithMatchPolicy(value admissionregistrationv1beta1.MatchPolicyType) *MatchResourcesApplyConfiguration {
+	b.MatchPolicy = &value
+	return b
+}
diff --git a/vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1/namedrulewithoperations.go b/vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1/namedrulewithoperations.go
new file mode 100644
index 000000000..fa346c4a5
--- /dev/null
+++ b/vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1/namedrulewithoperations.go
@@ -0,0 +1,95 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by applyconfiguration-gen. DO NOT EDIT.
+
+package v1beta1
+
+import (
+	admissionregistrationv1 "k8s.io/api/admissionregistration/v1"
+	v1 "k8s.io/client-go/applyconfigurations/admissionregistration/v1"
+)
+
+// NamedRuleWithOperationsApplyConfiguration represents an declarative configuration of the NamedRuleWithOperations type for use
+// with apply.
+type NamedRuleWithOperationsApplyConfiguration struct {
+	ResourceNames                           []string `json:"resourceNames,omitempty"`
+	v1.RuleWithOperationsApplyConfiguration `json:",inline"`
+}
+
+// NamedRuleWithOperationsApplyConfiguration constructs an declarative configuration of the NamedRuleWithOperations type for use with
+// apply.
+func NamedRuleWithOperations() *NamedRuleWithOperationsApplyConfiguration {
+	return &NamedRuleWithOperationsApplyConfiguration{}
+}
+
+// WithResourceNames adds the given value to the ResourceNames field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, values provided by each call will be appended to the ResourceNames field.
+func (b *NamedRuleWithOperationsApplyConfiguration) WithResourceNames(values ...string) *NamedRuleWithOperationsApplyConfiguration {
+	for i := range values {
+		b.ResourceNames = append(b.ResourceNames, values[i])
+	}
+	return b
+}
+
+// WithOperations adds the given value to the Operations field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, values provided by each call will be appended to the Operations field.
+func (b *NamedRuleWithOperationsApplyConfiguration) WithOperations(values ...admissionregistrationv1.OperationType) *NamedRuleWithOperationsApplyConfiguration {
+	for i := range values {
+		b.Operations = append(b.Operations, values[i])
+	}
+	return b
+}
+
+// WithAPIGroups adds the given value to the APIGroups field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, values provided by each call will be appended to the APIGroups field.
+func (b *NamedRuleWithOperationsApplyConfiguration) WithAPIGroups(values ...string) *NamedRuleWithOperationsApplyConfiguration {
+	for i := range values {
+		b.APIGroups = append(b.APIGroups, values[i])
+	}
+	return b
+}
+
+// WithAPIVersions adds the given value to the APIVersions field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, values provided by each call will be appended to the APIVersions field.
+func (b *NamedRuleWithOperationsApplyConfiguration) WithAPIVersions(values ...string) *NamedRuleWithOperationsApplyConfiguration {
+	for i := range values {
+		b.APIVersions = append(b.APIVersions, values[i])
+	}
+	return b
+}
+
+// WithResources adds the given value to the Resources field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, values provided by each call will be appended to the Resources field.
+func (b *NamedRuleWithOperationsApplyConfiguration) WithResources(values ...string) *NamedRuleWithOperationsApplyConfiguration {
+	for i := range values {
+		b.Resources = append(b.Resources, values[i])
+	}
+	return b
+}
+
+// WithScope sets the Scope field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Scope field is set to the value of the last call.
+func (b *NamedRuleWithOperationsApplyConfiguration) WithScope(value admissionregistrationv1.ScopeType) *NamedRuleWithOperationsApplyConfiguration {
+	b.Scope = &value
+	return b
+}
diff --git a/vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1/paramkind.go b/vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1/paramkind.go
new file mode 100644
index 000000000..6050e6025
--- /dev/null
+++ b/vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1/paramkind.go
@@ -0,0 +1,48 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by applyconfiguration-gen. DO NOT EDIT.
+
+package v1beta1
+
+// ParamKindApplyConfiguration represents an declarative configuration of the ParamKind type for use
+// with apply.
+type ParamKindApplyConfiguration struct {
+	APIVersion *string `json:"apiVersion,omitempty"`
+	Kind       *string `json:"kind,omitempty"`
+}
+
+// ParamKindApplyConfiguration constructs an declarative configuration of the ParamKind type for use with
+// apply.
+func ParamKind() *ParamKindApplyConfiguration {
+	return &ParamKindApplyConfiguration{}
+}
+
+// WithAPIVersion sets the APIVersion field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the APIVersion field is set to the value of the last call.
+func (b *ParamKindApplyConfiguration) WithAPIVersion(value string) *ParamKindApplyConfiguration {
+	b.APIVersion = &value
+	return b
+}
+
+// WithKind sets the Kind field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Kind field is set to the value of the last call.
+func (b *ParamKindApplyConfiguration) WithKind(value string) *ParamKindApplyConfiguration {
+	b.Kind = &value
+	return b
+}
diff --git a/vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1/paramref.go b/vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1/paramref.go
new file mode 100644
index 000000000..2be98dbc5
--- /dev/null
+++ b/vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1/paramref.go
@@ -0,0 +1,71 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by applyconfiguration-gen. DO NOT EDIT.
+
+package v1beta1
+
+import (
+	v1beta1 "k8s.io/api/admissionregistration/v1beta1"
+	v1 "k8s.io/client-go/applyconfigurations/meta/v1"
+)
+
+// ParamRefApplyConfiguration represents an declarative configuration of the ParamRef type for use
+// with apply.
+type ParamRefApplyConfiguration struct {
+	Name                    *string                              `json:"name,omitempty"`
+	Namespace               *string                              `json:"namespace,omitempty"`
+	Selector                *v1.LabelSelectorApplyConfiguration  `json:"selector,omitempty"`
+	ParameterNotFoundAction *v1beta1.ParameterNotFoundActionType `json:"parameterNotFoundAction,omitempty"`
+}
+
+// ParamRefApplyConfiguration constructs an declarative configuration of the ParamRef type for use with
+// apply.
+func ParamRef() *ParamRefApplyConfiguration {
+	return &ParamRefApplyConfiguration{}
+}
+
+// WithName sets the Name field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Name field is set to the value of the last call.
+func (b *ParamRefApplyConfiguration) WithName(value string) *ParamRefApplyConfiguration {
+	b.Name = &value
+	return b
+}
+
+// WithNamespace sets the Namespace field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Namespace field is set to the value of the last call.
+func (b *ParamRefApplyConfiguration) WithNamespace(value string) *ParamRefApplyConfiguration {
+	b.Namespace = &value
+	return b
+}
+
+// WithSelector sets the Selector field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Selector field is set to the value of the last call.
+func (b *ParamRefApplyConfiguration) WithSelector(value *v1.LabelSelectorApplyConfiguration) *ParamRefApplyConfiguration {
+	b.Selector = value
+	return b
+}
+
+// WithParameterNotFoundAction sets the ParameterNotFoundAction field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the ParameterNotFoundAction field is set to the value of the last call.
+func (b *ParamRefApplyConfiguration) WithParameterNotFoundAction(value v1beta1.ParameterNotFoundActionType) *ParamRefApplyConfiguration {
+	b.ParameterNotFoundAction = &value
+	return b
+}
diff --git a/vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1/typechecking.go b/vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1/typechecking.go
new file mode 100644
index 000000000..07baf334c
--- /dev/null
+++ b/vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1/typechecking.go
@@ -0,0 +1,44 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by applyconfiguration-gen. DO NOT EDIT.
+
+package v1beta1
+
+// TypeCheckingApplyConfiguration represents an declarative configuration of the TypeChecking type for use
+// with apply.
+type TypeCheckingApplyConfiguration struct {
+	ExpressionWarnings []ExpressionWarningApplyConfiguration `json:"expressionWarnings,omitempty"`
+}
+
+// TypeCheckingApplyConfiguration constructs an declarative configuration of the TypeChecking type for use with
+// apply.
+func TypeChecking() *TypeCheckingApplyConfiguration {
+	return &TypeCheckingApplyConfiguration{}
+}
+
+// WithExpressionWarnings adds the given value to the ExpressionWarnings field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, values provided by each call will be appended to the ExpressionWarnings field.
+func (b *TypeCheckingApplyConfiguration) WithExpressionWarnings(values ...*ExpressionWarningApplyConfiguration) *TypeCheckingApplyConfiguration {
+	for i := range values {
+		if values[i] == nil {
+			panic("nil value passed to WithExpressionWarnings")
+		}
+		b.ExpressionWarnings = append(b.ExpressionWarnings, *values[i])
+	}
+	return b
+}
diff --git a/vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1/validatingadmissionpolicy.go b/vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1/validatingadmissionpolicy.go
new file mode 100644
index 000000000..e144bc9f7
--- /dev/null
+++ b/vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1/validatingadmissionpolicy.go
@@ -0,0 +1,256 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by applyconfiguration-gen. DO NOT EDIT.
+
+package v1beta1
+
+import (
+	admissionregistrationv1beta1 "k8s.io/api/admissionregistration/v1beta1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	types "k8s.io/apimachinery/pkg/types"
+	managedfields "k8s.io/apimachinery/pkg/util/managedfields"
+	internal "k8s.io/client-go/applyconfigurations/internal"
+	v1 "k8s.io/client-go/applyconfigurations/meta/v1"
+)
+
+// ValidatingAdmissionPolicyApplyConfiguration represents an declarative configuration of the ValidatingAdmissionPolicy type for use
+// with apply.
+type ValidatingAdmissionPolicyApplyConfiguration struct {
+	v1.TypeMetaApplyConfiguration    `json:",inline"`
+	*v1.ObjectMetaApplyConfiguration `json:"metadata,omitempty"`
+	Spec                             *ValidatingAdmissionPolicySpecApplyConfiguration   `json:"spec,omitempty"`
+	Status                           *ValidatingAdmissionPolicyStatusApplyConfiguration `json:"status,omitempty"`
+}
+
+// ValidatingAdmissionPolicy constructs an declarative configuration of the ValidatingAdmissionPolicy type for use with
+// apply.
+func ValidatingAdmissionPolicy(name string) *ValidatingAdmissionPolicyApplyConfiguration {
+	b := &ValidatingAdmissionPolicyApplyConfiguration{}
+	b.WithName(name)
+	b.WithKind("ValidatingAdmissionPolicy")
+	b.WithAPIVersion("admissionregistration.k8s.io/v1beta1")
+	return b
+}
+
+// ExtractValidatingAdmissionPolicy extracts the applied configuration owned by fieldManager from
+// validatingAdmissionPolicy. If no managedFields are found in validatingAdmissionPolicy for fieldManager, a
+// ValidatingAdmissionPolicyApplyConfiguration is returned with only the Name, Namespace (if applicable),
+// APIVersion and Kind populated. It is possible that no managed fields were found for because other
+// field managers have taken ownership of all the fields previously owned by fieldManager, or because
+// the fieldManager never owned fields any fields.
+// validatingAdmissionPolicy must be a unmodified ValidatingAdmissionPolicy API object that was retrieved from the Kubernetes API.
+// ExtractValidatingAdmissionPolicy provides a way to perform a extract/modify-in-place/apply workflow.
+// Note that an extracted apply configuration will contain fewer fields than what the fieldManager previously
+// applied if another fieldManager has updated or force applied any of the previously applied fields.
+// Experimental!
+func ExtractValidatingAdmissionPolicy(validatingAdmissionPolicy *admissionregistrationv1beta1.ValidatingAdmissionPolicy, fieldManager string) (*ValidatingAdmissionPolicyApplyConfiguration, error) {
+	return extractValidatingAdmissionPolicy(validatingAdmissionPolicy, fieldManager, "")
+}
+
+// ExtractValidatingAdmissionPolicyStatus is the same as ExtractValidatingAdmissionPolicy except
+// that it extracts the status subresource applied configuration.
+// Experimental!
+func ExtractValidatingAdmissionPolicyStatus(validatingAdmissionPolicy *admissionregistrationv1beta1.ValidatingAdmissionPolicy, fieldManager string) (*ValidatingAdmissionPolicyApplyConfiguration, error) {
+	return extractValidatingAdmissionPolicy(validatingAdmissionPolicy, fieldManager, "status")
+}
+
+func extractValidatingAdmissionPolicy(validatingAdmissionPolicy *admissionregistrationv1beta1.ValidatingAdmissionPolicy, fieldManager string, subresource string) (*ValidatingAdmissionPolicyApplyConfiguration, error) {
+	b := &ValidatingAdmissionPolicyApplyConfiguration{}
+	err := managedfields.ExtractInto(validatingAdmissionPolicy, internal.Parser().Type("io.k8s.api.admissionregistration.v1beta1.ValidatingAdmissionPolicy"), fieldManager, b, subresource)
+	if err != nil {
+		return nil, err
+	}
+	b.WithName(validatingAdmissionPolicy.Name)
+
+	b.WithKind("ValidatingAdmissionPolicy")
+	b.WithAPIVersion("admissionregistration.k8s.io/v1beta1")
+	return b, nil
+}
+
+// WithKind sets the Kind field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Kind field is set to the value of the last call.
+func (b *ValidatingAdmissionPolicyApplyConfiguration) WithKind(value string) *ValidatingAdmissionPolicyApplyConfiguration {
+	b.Kind = &value
+	return b
+}
+
+// WithAPIVersion sets the APIVersion field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the APIVersion field is set to the value of the last call.
+func (b *ValidatingAdmissionPolicyApplyConfiguration) WithAPIVersion(value string) *ValidatingAdmissionPolicyApplyConfiguration {
+	b.APIVersion = &value
+	return b
+}
+
+// WithName sets the Name field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Name field is set to the value of the last call.
+func (b *ValidatingAdmissionPolicyApplyConfiguration) WithName(value string) *ValidatingAdmissionPolicyApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	b.Name = &value
+	return b
+}
+
+// WithGenerateName sets the GenerateName field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the GenerateName field is set to the value of the last call.
+func (b *ValidatingAdmissionPolicyApplyConfiguration) WithGenerateName(value string) *ValidatingAdmissionPolicyApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	b.GenerateName = &value
+	return b
+}
+
+// WithNamespace sets the Namespace field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Namespace field is set to the value of the last call.
+func (b *ValidatingAdmissionPolicyApplyConfiguration) WithNamespace(value string) *ValidatingAdmissionPolicyApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	b.Namespace = &value
+	return b
+}
+
+// WithUID sets the UID field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the UID field is set to the value of the last call.
+func (b *ValidatingAdmissionPolicyApplyConfiguration) WithUID(value types.UID) *ValidatingAdmissionPolicyApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	b.UID = &value
+	return b
+}
+
+// WithResourceVersion sets the ResourceVersion field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the ResourceVersion field is set to the value of the last call.
+func (b *ValidatingAdmissionPolicyApplyConfiguration) WithResourceVersion(value string) *ValidatingAdmissionPolicyApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	b.ResourceVersion = &value
+	return b
+}
+
+// WithGeneration sets the Generation field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Generation field is set to the value of the last call.
+func (b *ValidatingAdmissionPolicyApplyConfiguration) WithGeneration(value int64) *ValidatingAdmissionPolicyApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	b.Generation = &value
+	return b
+}
+
+// WithCreationTimestamp sets the CreationTimestamp field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the CreationTimestamp field is set to the value of the last call.
+func (b *ValidatingAdmissionPolicyApplyConfiguration) WithCreationTimestamp(value metav1.Time) *ValidatingAdmissionPolicyApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	b.CreationTimestamp = &value
+	return b
+}
+
+// WithDeletionTimestamp sets the DeletionTimestamp field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the DeletionTimestamp field is set to the value of the last call.
+func (b *ValidatingAdmissionPolicyApplyConfiguration) WithDeletionTimestamp(value metav1.Time) *ValidatingAdmissionPolicyApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	b.DeletionTimestamp = &value
+	return b
+}
+
+// WithDeletionGracePeriodSeconds sets the DeletionGracePeriodSeconds field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the DeletionGracePeriodSeconds field is set to the value of the last call.
+func (b *ValidatingAdmissionPolicyApplyConfiguration) WithDeletionGracePeriodSeconds(value int64) *ValidatingAdmissionPolicyApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	b.DeletionGracePeriodSeconds = &value
+	return b
+}
+
+// WithLabels puts the entries into the Labels field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, the entries provided by each call will be put on the Labels field,
+// overwriting an existing map entries in Labels field with the same key.
+func (b *ValidatingAdmissionPolicyApplyConfiguration) WithLabels(entries map[string]string) *ValidatingAdmissionPolicyApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	if b.Labels == nil && len(entries) > 0 {
+		b.Labels = make(map[string]string, len(entries))
+	}
+	for k, v := range entries {
+		b.Labels[k] = v
+	}
+	return b
+}
+
+// WithAnnotations puts the entries into the Annotations field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, the entries provided by each call will be put on the Annotations field,
+// overwriting an existing map entries in Annotations field with the same key.
+func (b *ValidatingAdmissionPolicyApplyConfiguration) WithAnnotations(entries map[string]string) *ValidatingAdmissionPolicyApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	if b.Annotations == nil && len(entries) > 0 {
+		b.Annotations = make(map[string]string, len(entries))
+	}
+	for k, v := range entries {
+		b.Annotations[k] = v
+	}
+	return b
+}
+
+// WithOwnerReferences adds the given value to the OwnerReferences field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, values provided by each call will be appended to the OwnerReferences field.
+func (b *ValidatingAdmissionPolicyApplyConfiguration) WithOwnerReferences(values ...*v1.OwnerReferenceApplyConfiguration) *ValidatingAdmissionPolicyApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	for i := range values {
+		if values[i] == nil {
+			panic("nil value passed to WithOwnerReferences")
+		}
+		b.OwnerReferences = append(b.OwnerReferences, *values[i])
+	}
+	return b
+}
+
+// WithFinalizers adds the given value to the Finalizers field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, values provided by each call will be appended to the Finalizers field.
+func (b *ValidatingAdmissionPolicyApplyConfiguration) WithFinalizers(values ...string) *ValidatingAdmissionPolicyApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	for i := range values {
+		b.Finalizers = append(b.Finalizers, values[i])
+	}
+	return b
+}
+
+func (b *ValidatingAdmissionPolicyApplyConfiguration) ensureObjectMetaApplyConfigurationExists() {
+	if b.ObjectMetaApplyConfiguration == nil {
+		b.ObjectMetaApplyConfiguration = &v1.ObjectMetaApplyConfiguration{}
+	}
+}
+
+// WithSpec sets the Spec field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Spec field is set to the value of the last call.
+func (b *ValidatingAdmissionPolicyApplyConfiguration) WithSpec(value *ValidatingAdmissionPolicySpecApplyConfiguration) *ValidatingAdmissionPolicyApplyConfiguration {
+	b.Spec = value
+	return b
+}
+
+// WithStatus sets the Status field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Status field is set to the value of the last call.
+func (b *ValidatingAdmissionPolicyApplyConfiguration) WithStatus(value *ValidatingAdmissionPolicyStatusApplyConfiguration) *ValidatingAdmissionPolicyApplyConfiguration {
+	b.Status = value
+	return b
+}
diff --git a/vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1/validatingadmissionpolicybinding.go b/vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1/validatingadmissionpolicybinding.go
new file mode 100644
index 000000000..0dc06aede
--- /dev/null
+++ b/vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1/validatingadmissionpolicybinding.go
@@ -0,0 +1,247 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by applyconfiguration-gen. DO NOT EDIT.
+
+package v1beta1
+
+import (
+	admissionregistrationv1beta1 "k8s.io/api/admissionregistration/v1beta1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	types "k8s.io/apimachinery/pkg/types"
+	managedfields "k8s.io/apimachinery/pkg/util/managedfields"
+	internal "k8s.io/client-go/applyconfigurations/internal"
+	v1 "k8s.io/client-go/applyconfigurations/meta/v1"
+)
+
+// ValidatingAdmissionPolicyBindingApplyConfiguration represents an declarative configuration of the ValidatingAdmissionPolicyBinding type for use
+// with apply.
+type ValidatingAdmissionPolicyBindingApplyConfiguration struct {
+	v1.TypeMetaApplyConfiguration    `json:",inline"`
+	*v1.ObjectMetaApplyConfiguration `json:"metadata,omitempty"`
+	Spec                             *ValidatingAdmissionPolicyBindingSpecApplyConfiguration `json:"spec,omitempty"`
+}
+
+// ValidatingAdmissionPolicyBinding constructs an declarative configuration of the ValidatingAdmissionPolicyBinding type for use with
+// apply.
+func ValidatingAdmissionPolicyBinding(name string) *ValidatingAdmissionPolicyBindingApplyConfiguration {
+	b := &ValidatingAdmissionPolicyBindingApplyConfiguration{}
+	b.WithName(name)
+	b.WithKind("ValidatingAdmissionPolicyBinding")
+	b.WithAPIVersion("admissionregistration.k8s.io/v1beta1")
+	return b
+}
+
+// ExtractValidatingAdmissionPolicyBinding extracts the applied configuration owned by fieldManager from
+// validatingAdmissionPolicyBinding. If no managedFields are found in validatingAdmissionPolicyBinding for fieldManager, a
+// ValidatingAdmissionPolicyBindingApplyConfiguration is returned with only the Name, Namespace (if applicable),
+// APIVersion and Kind populated. It is possible that no managed fields were found for because other
+// field managers have taken ownership of all the fields previously owned by fieldManager, or because
+// the fieldManager never owned fields any fields.
+// validatingAdmissionPolicyBinding must be a unmodified ValidatingAdmissionPolicyBinding API object that was retrieved from the Kubernetes API.
+// ExtractValidatingAdmissionPolicyBinding provides a way to perform a extract/modify-in-place/apply workflow.
+// Note that an extracted apply configuration will contain fewer fields than what the fieldManager previously
+// applied if another fieldManager has updated or force applied any of the previously applied fields.
+// Experimental!
+func ExtractValidatingAdmissionPolicyBinding(validatingAdmissionPolicyBinding *admissionregistrationv1beta1.ValidatingAdmissionPolicyBinding, fieldManager string) (*ValidatingAdmissionPolicyBindingApplyConfiguration, error) {
+	return extractValidatingAdmissionPolicyBinding(validatingAdmissionPolicyBinding, fieldManager, "")
+}
+
+// ExtractValidatingAdmissionPolicyBindingStatus is the same as ExtractValidatingAdmissionPolicyBinding except
+// that it extracts the status subresource applied configuration.
+// Experimental!
+func ExtractValidatingAdmissionPolicyBindingStatus(validatingAdmissionPolicyBinding *admissionregistrationv1beta1.ValidatingAdmissionPolicyBinding, fieldManager string) (*ValidatingAdmissionPolicyBindingApplyConfiguration, error) {
+	return extractValidatingAdmissionPolicyBinding(validatingAdmissionPolicyBinding, fieldManager, "status")
+}
+
+func extractValidatingAdmissionPolicyBinding(validatingAdmissionPolicyBinding *admissionregistrationv1beta1.ValidatingAdmissionPolicyBinding, fieldManager string, subresource string) (*ValidatingAdmissionPolicyBindingApplyConfiguration, error) {
+	b := &ValidatingAdmissionPolicyBindingApplyConfiguration{}
+	err := managedfields.ExtractInto(validatingAdmissionPolicyBinding, internal.Parser().Type("io.k8s.api.admissionregistration.v1beta1.ValidatingAdmissionPolicyBinding"), fieldManager, b, subresource)
+	if err != nil {
+		return nil, err
+	}
+	b.WithName(validatingAdmissionPolicyBinding.Name)
+
+	b.WithKind("ValidatingAdmissionPolicyBinding")
+	b.WithAPIVersion("admissionregistration.k8s.io/v1beta1")
+	return b, nil
+}
+
+// WithKind sets the Kind field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Kind field is set to the value of the last call.
+func (b *ValidatingAdmissionPolicyBindingApplyConfiguration) WithKind(value string) *ValidatingAdmissionPolicyBindingApplyConfiguration {
+	b.Kind = &value
+	return b
+}
+
+// WithAPIVersion sets the APIVersion field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the APIVersion field is set to the value of the last call.
+func (b *ValidatingAdmissionPolicyBindingApplyConfiguration) WithAPIVersion(value string) *ValidatingAdmissionPolicyBindingApplyConfiguration {
+	b.APIVersion = &value
+	return b
+}
+
+// WithName sets the Name field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Name field is set to the value of the last call.
+func (b *ValidatingAdmissionPolicyBindingApplyConfiguration) WithName(value string) *ValidatingAdmissionPolicyBindingApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	b.Name = &value
+	return b
+}
+
+// WithGenerateName sets the GenerateName field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the GenerateName field is set to the value of the last call.
+func (b *ValidatingAdmissionPolicyBindingApplyConfiguration) WithGenerateName(value string) *ValidatingAdmissionPolicyBindingApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	b.GenerateName = &value
+	return b
+}
+
+// WithNamespace sets the Namespace field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Namespace field is set to the value of the last call.
+func (b *ValidatingAdmissionPolicyBindingApplyConfiguration) WithNamespace(value string) *ValidatingAdmissionPolicyBindingApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	b.Namespace = &value
+	return b
+}
+
+// WithUID sets the UID field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the UID field is set to the value of the last call.
+func (b *ValidatingAdmissionPolicyBindingApplyConfiguration) WithUID(value types.UID) *ValidatingAdmissionPolicyBindingApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	b.UID = &value
+	return b
+}
+
+// WithResourceVersion sets the ResourceVersion field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the ResourceVersion field is set to the value of the last call.
+func (b *ValidatingAdmissionPolicyBindingApplyConfiguration) WithResourceVersion(value string) *ValidatingAdmissionPolicyBindingApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	b.ResourceVersion = &value
+	return b
+}
+
+// WithGeneration sets the Generation field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Generation field is set to the value of the last call.
+func (b *ValidatingAdmissionPolicyBindingApplyConfiguration) WithGeneration(value int64) *ValidatingAdmissionPolicyBindingApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	b.Generation = &value
+	return b
+}
+
+// WithCreationTimestamp sets the CreationTimestamp field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the CreationTimestamp field is set to the value of the last call.
+func (b *ValidatingAdmissionPolicyBindingApplyConfiguration) WithCreationTimestamp(value metav1.Time) *ValidatingAdmissionPolicyBindingApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	b.CreationTimestamp = &value
+	return b
+}
+
+// WithDeletionTimestamp sets the DeletionTimestamp field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the DeletionTimestamp field is set to the value of the last call.
+func (b *ValidatingAdmissionPolicyBindingApplyConfiguration) WithDeletionTimestamp(value metav1.Time) *ValidatingAdmissionPolicyBindingApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	b.DeletionTimestamp = &value
+	return b
+}
+
+// WithDeletionGracePeriodSeconds sets the DeletionGracePeriodSeconds field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the DeletionGracePeriodSeconds field is set to the value of the last call.
+func (b *ValidatingAdmissionPolicyBindingApplyConfiguration) WithDeletionGracePeriodSeconds(value int64) *ValidatingAdmissionPolicyBindingApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	b.DeletionGracePeriodSeconds = &value
+	return b
+}
+
+// WithLabels puts the entries into the Labels field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, the entries provided by each call will be put on the Labels field,
+// overwriting an existing map entries in Labels field with the same key.
+func (b *ValidatingAdmissionPolicyBindingApplyConfiguration) WithLabels(entries map[string]string) *ValidatingAdmissionPolicyBindingApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	if b.Labels == nil && len(entries) > 0 {
+		b.Labels = make(map[string]string, len(entries))
+	}
+	for k, v := range entries {
+		b.Labels[k] = v
+	}
+	return b
+}
+
+// WithAnnotations puts the entries into the Annotations field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, the entries provided by each call will be put on the Annotations field,
+// overwriting an existing map entries in Annotations field with the same key.
+func (b *ValidatingAdmissionPolicyBindingApplyConfiguration) WithAnnotations(entries map[string]string) *ValidatingAdmissionPolicyBindingApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	if b.Annotations == nil && len(entries) > 0 {
+		b.Annotations = make(map[string]string, len(entries))
+	}
+	for k, v := range entries {
+		b.Annotations[k] = v
+	}
+	return b
+}
+
+// WithOwnerReferences adds the given value to the OwnerReferences field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, values provided by each call will be appended to the OwnerReferences field.
+func (b *ValidatingAdmissionPolicyBindingApplyConfiguration) WithOwnerReferences(values ...*v1.OwnerReferenceApplyConfiguration) *ValidatingAdmissionPolicyBindingApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	for i := range values {
+		if values[i] == nil {
+			panic("nil value passed to WithOwnerReferences")
+		}
+		b.OwnerReferences = append(b.OwnerReferences, *values[i])
+	}
+	return b
+}
+
+// WithFinalizers adds the given value to the Finalizers field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, values provided by each call will be appended to the Finalizers field.
+func (b *ValidatingAdmissionPolicyBindingApplyConfiguration) WithFinalizers(values ...string) *ValidatingAdmissionPolicyBindingApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	for i := range values {
+		b.Finalizers = append(b.Finalizers, values[i])
+	}
+	return b
+}
+
+func (b *ValidatingAdmissionPolicyBindingApplyConfiguration) ensureObjectMetaApplyConfigurationExists() {
+	if b.ObjectMetaApplyConfiguration == nil {
+		b.ObjectMetaApplyConfiguration = &v1.ObjectMetaApplyConfiguration{}
+	}
+}
+
+// WithSpec sets the Spec field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Spec field is set to the value of the last call.
+func (b *ValidatingAdmissionPolicyBindingApplyConfiguration) WithSpec(value *ValidatingAdmissionPolicyBindingSpecApplyConfiguration) *ValidatingAdmissionPolicyBindingApplyConfiguration {
+	b.Spec = value
+	return b
+}
diff --git a/vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1/validatingadmissionpolicybindingspec.go b/vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1/validatingadmissionpolicybindingspec.go
new file mode 100644
index 000000000..d20a78eff
--- /dev/null
+++ b/vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1/validatingadmissionpolicybindingspec.go
@@ -0,0 +1,72 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by applyconfiguration-gen. DO NOT EDIT.
+
+package v1beta1
+
+import (
+	admissionregistrationv1beta1 "k8s.io/api/admissionregistration/v1beta1"
+)
+
+// ValidatingAdmissionPolicyBindingSpecApplyConfiguration represents an declarative configuration of the ValidatingAdmissionPolicyBindingSpec type for use
+// with apply.
+type ValidatingAdmissionPolicyBindingSpecApplyConfiguration struct {
+	PolicyName        *string                                         `json:"policyName,omitempty"`
+	ParamRef          *ParamRefApplyConfiguration                     `json:"paramRef,omitempty"`
+	MatchResources    *MatchResourcesApplyConfiguration               `json:"matchResources,omitempty"`
+	ValidationActions []admissionregistrationv1beta1.ValidationAction `json:"validationActions,omitempty"`
+}
+
+// ValidatingAdmissionPolicyBindingSpecApplyConfiguration constructs an declarative configuration of the ValidatingAdmissionPolicyBindingSpec type for use with
+// apply.
+func ValidatingAdmissionPolicyBindingSpec() *ValidatingAdmissionPolicyBindingSpecApplyConfiguration {
+	return &ValidatingAdmissionPolicyBindingSpecApplyConfiguration{}
+}
+
+// WithPolicyName sets the PolicyName field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the PolicyName field is set to the value of the last call.
+func (b *ValidatingAdmissionPolicyBindingSpecApplyConfiguration) WithPolicyName(value string) *ValidatingAdmissionPolicyBindingSpecApplyConfiguration {
+	b.PolicyName = &value
+	return b
+}
+
+// WithParamRef sets the ParamRef field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the ParamRef field is set to the value of the last call.
+func (b *ValidatingAdmissionPolicyBindingSpecApplyConfiguration) WithParamRef(value *ParamRefApplyConfiguration) *ValidatingAdmissionPolicyBindingSpecApplyConfiguration {
+	b.ParamRef = value
+	return b
+}
+
+// WithMatchResources sets the MatchResources field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the MatchResources field is set to the value of the last call.
+func (b *ValidatingAdmissionPolicyBindingSpecApplyConfiguration) WithMatchResources(value *MatchResourcesApplyConfiguration) *ValidatingAdmissionPolicyBindingSpecApplyConfiguration {
+	b.MatchResources = value
+	return b
+}
+
+// WithValidationActions adds the given value to the ValidationActions field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, values provided by each call will be appended to the ValidationActions field.
+func (b *ValidatingAdmissionPolicyBindingSpecApplyConfiguration) WithValidationActions(values ...admissionregistrationv1beta1.ValidationAction) *ValidatingAdmissionPolicyBindingSpecApplyConfiguration {
+	for i := range values {
+		b.ValidationActions = append(b.ValidationActions, values[i])
+	}
+	return b
+}
diff --git a/vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1/validatingadmissionpolicyspec.go b/vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1/validatingadmissionpolicyspec.go
new file mode 100644
index 000000000..c6e938910
--- /dev/null
+++ b/vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1/validatingadmissionpolicyspec.go
@@ -0,0 +1,117 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by applyconfiguration-gen. DO NOT EDIT.
+
+package v1beta1
+
+import (
+	admissionregistrationv1beta1 "k8s.io/api/admissionregistration/v1beta1"
+)
+
+// ValidatingAdmissionPolicySpecApplyConfiguration represents an declarative configuration of the ValidatingAdmissionPolicySpec type for use
+// with apply.
+type ValidatingAdmissionPolicySpecApplyConfiguration struct {
+	ParamKind        *ParamKindApplyConfiguration                    `json:"paramKind,omitempty"`
+	MatchConstraints *MatchResourcesApplyConfiguration               `json:"matchConstraints,omitempty"`
+	Validations      []ValidationApplyConfiguration                  `json:"validations,omitempty"`
+	FailurePolicy    *admissionregistrationv1beta1.FailurePolicyType `json:"failurePolicy,omitempty"`
+	AuditAnnotations []AuditAnnotationApplyConfiguration             `json:"auditAnnotations,omitempty"`
+	MatchConditions  []MatchConditionApplyConfiguration              `json:"matchConditions,omitempty"`
+	Variables        []VariableApplyConfiguration                    `json:"variables,omitempty"`
+}
+
+// ValidatingAdmissionPolicySpecApplyConfiguration constructs an declarative configuration of the ValidatingAdmissionPolicySpec type for use with
+// apply.
+func ValidatingAdmissionPolicySpec() *ValidatingAdmissionPolicySpecApplyConfiguration {
+	return &ValidatingAdmissionPolicySpecApplyConfiguration{}
+}
+
+// WithParamKind sets the ParamKind field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the ParamKind field is set to the value of the last call.
+func (b *ValidatingAdmissionPolicySpecApplyConfiguration) WithParamKind(value *ParamKindApplyConfiguration) *ValidatingAdmissionPolicySpecApplyConfiguration {
+	b.ParamKind = value
+	return b
+}
+
+// WithMatchConstraints sets the MatchConstraints field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the MatchConstraints field is set to the value of the last call.
+func (b *ValidatingAdmissionPolicySpecApplyConfiguration) WithMatchConstraints(value *MatchResourcesApplyConfiguration) *ValidatingAdmissionPolicySpecApplyConfiguration {
+	b.MatchConstraints = value
+	return b
+}
+
+// WithValidations adds the given value to the Validations field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, values provided by each call will be appended to the Validations field.
+func (b *ValidatingAdmissionPolicySpecApplyConfiguration) WithValidations(values ...*ValidationApplyConfiguration) *ValidatingAdmissionPolicySpecApplyConfiguration {
+	for i := range values {
+		if values[i] == nil {
+			panic("nil value passed to WithValidations")
+		}
+		b.Validations = append(b.Validations, *values[i])
+	}
+	return b
+}
+
+// WithFailurePolicy sets the FailurePolicy field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the FailurePolicy field is set to the value of the last call.
+func (b *ValidatingAdmissionPolicySpecApplyConfiguration) WithFailurePolicy(value admissionregistrationv1beta1.FailurePolicyType) *ValidatingAdmissionPolicySpecApplyConfiguration {
+	b.FailurePolicy = &value
+	return b
+}
+
+// WithAuditAnnotations adds the given value to the AuditAnnotations field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, values provided by each call will be appended to the AuditAnnotations field.
+func (b *ValidatingAdmissionPolicySpecApplyConfiguration) WithAuditAnnotations(values ...*AuditAnnotationApplyConfiguration) *ValidatingAdmissionPolicySpecApplyConfiguration {
+	for i := range values {
+		if values[i] == nil {
+			panic("nil value passed to WithAuditAnnotations")
+		}
+		b.AuditAnnotations = append(b.AuditAnnotations, *values[i])
+	}
+	return b
+}
+
+// WithMatchConditions adds the given value to the MatchConditions field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, values provided by each call will be appended to the MatchConditions field.
+func (b *ValidatingAdmissionPolicySpecApplyConfiguration) WithMatchConditions(values ...*MatchConditionApplyConfiguration) *ValidatingAdmissionPolicySpecApplyConfiguration {
+	for i := range values {
+		if values[i] == nil {
+			panic("nil value passed to WithMatchConditions")
+		}
+		b.MatchConditions = append(b.MatchConditions, *values[i])
+	}
+	return b
+}
+
+// WithVariables adds the given value to the Variables field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, values provided by each call will be appended to the Variables field.
+func (b *ValidatingAdmissionPolicySpecApplyConfiguration) WithVariables(values ...*VariableApplyConfiguration) *ValidatingAdmissionPolicySpecApplyConfiguration {
+	for i := range values {
+		if values[i] == nil {
+			panic("nil value passed to WithVariables")
+		}
+		b.Variables = append(b.Variables, *values[i])
+	}
+	return b
+}
diff --git a/vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1/validatingadmissionpolicystatus.go b/vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1/validatingadmissionpolicystatus.go
new file mode 100644
index 000000000..e3e6d417e
--- /dev/null
+++ b/vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1/validatingadmissionpolicystatus.go
@@ -0,0 +1,66 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by applyconfiguration-gen. DO NOT EDIT.
+
+package v1beta1
+
+import (
+	v1 "k8s.io/client-go/applyconfigurations/meta/v1"
+)
+
+// ValidatingAdmissionPolicyStatusApplyConfiguration represents an declarative configuration of the ValidatingAdmissionPolicyStatus type for use
+// with apply.
+type ValidatingAdmissionPolicyStatusApplyConfiguration struct {
+	ObservedGeneration *int64                           `json:"observedGeneration,omitempty"`
+	TypeChecking       *TypeCheckingApplyConfiguration  `json:"typeChecking,omitempty"`
+	Conditions         []v1.ConditionApplyConfiguration `json:"conditions,omitempty"`
+}
+
+// ValidatingAdmissionPolicyStatusApplyConfiguration constructs an declarative configuration of the ValidatingAdmissionPolicyStatus type for use with
+// apply.
+func ValidatingAdmissionPolicyStatus() *ValidatingAdmissionPolicyStatusApplyConfiguration {
+	return &ValidatingAdmissionPolicyStatusApplyConfiguration{}
+}
+
+// WithObservedGeneration sets the ObservedGeneration field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the ObservedGeneration field is set to the value of the last call.
+func (b *ValidatingAdmissionPolicyStatusApplyConfiguration) WithObservedGeneration(value int64) *ValidatingAdmissionPolicyStatusApplyConfiguration {
+	b.ObservedGeneration = &value
+	return b
+}
+
+// WithTypeChecking sets the TypeChecking field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the TypeChecking field is set to the value of the last call.
+func (b *ValidatingAdmissionPolicyStatusApplyConfiguration) WithTypeChecking(value *TypeCheckingApplyConfiguration) *ValidatingAdmissionPolicyStatusApplyConfiguration {
+	b.TypeChecking = value
+	return b
+}
+
+// WithConditions adds the given value to the Conditions field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, values provided by each call will be appended to the Conditions field.
+func (b *ValidatingAdmissionPolicyStatusApplyConfiguration) WithConditions(values ...*v1.ConditionApplyConfiguration) *ValidatingAdmissionPolicyStatusApplyConfiguration {
+	for i := range values {
+		if values[i] == nil {
+			panic("nil value passed to WithConditions")
+		}
+		b.Conditions = append(b.Conditions, *values[i])
+	}
+	return b
+}
diff --git a/vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1/validation.go b/vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1/validation.go
new file mode 100644
index 000000000..ed9ff1ac0
--- /dev/null
+++ b/vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1/validation.go
@@ -0,0 +1,70 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by applyconfiguration-gen. DO NOT EDIT.
+
+package v1beta1
+
+import (
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// ValidationApplyConfiguration represents an declarative configuration of the Validation type for use
+// with apply.
+type ValidationApplyConfiguration struct {
+	Expression        *string          `json:"expression,omitempty"`
+	Message           *string          `json:"message,omitempty"`
+	Reason            *v1.StatusReason `json:"reason,omitempty"`
+	MessageExpression *string          `json:"messageExpression,omitempty"`
+}
+
+// ValidationApplyConfiguration constructs an declarative configuration of the Validation type for use with
+// apply.
+func Validation() *ValidationApplyConfiguration {
+	return &ValidationApplyConfiguration{}
+}
+
+// WithExpression sets the Expression field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Expression field is set to the value of the last call.
+func (b *ValidationApplyConfiguration) WithExpression(value string) *ValidationApplyConfiguration {
+	b.Expression = &value
+	return b
+}
+
+// WithMessage sets the Message field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Message field is set to the value of the last call.
+func (b *ValidationApplyConfiguration) WithMessage(value string) *ValidationApplyConfiguration {
+	b.Message = &value
+	return b
+}
+
+// WithReason sets the Reason field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Reason field is set to the value of the last call.
+func (b *ValidationApplyConfiguration) WithReason(value v1.StatusReason) *ValidationApplyConfiguration {
+	b.Reason = &value
+	return b
+}
+
+// WithMessageExpression sets the MessageExpression field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the MessageExpression field is set to the value of the last call.
+func (b *ValidationApplyConfiguration) WithMessageExpression(value string) *ValidationApplyConfiguration {
+	b.MessageExpression = &value
+	return b
+}
diff --git a/vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1/variable.go b/vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1/variable.go
new file mode 100644
index 000000000..0fc294c65
--- /dev/null
+++ b/vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1/variable.go
@@ -0,0 +1,48 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by applyconfiguration-gen. DO NOT EDIT.
+
+package v1beta1
+
+// VariableApplyConfiguration represents an declarative configuration of the Variable type for use
+// with apply.
+type VariableApplyConfiguration struct {
+	Name       *string `json:"name,omitempty"`
+	Expression *string `json:"expression,omitempty"`
+}
+
+// VariableApplyConfiguration constructs an declarative configuration of the Variable type for use with
+// apply.
+func Variable() *VariableApplyConfiguration {
+	return &VariableApplyConfiguration{}
+}
+
+// WithName sets the Name field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Name field is set to the value of the last call.
+func (b *VariableApplyConfiguration) WithName(value string) *VariableApplyConfiguration {
+	b.Name = &value
+	return b
+}
+
+// WithExpression sets the Expression field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Expression field is set to the value of the last call.
+func (b *VariableApplyConfiguration) WithExpression(value string) *VariableApplyConfiguration {
+	b.Expression = &value
+	return b
+}
diff --git a/vendor/k8s.io/client-go/applyconfigurations/apiserverinternal/v1alpha1/serverstorageversion.go b/vendor/k8s.io/client-go/applyconfigurations/apiserverinternal/v1alpha1/serverstorageversion.go
index d36f7603c..81c56330b 100644
--- a/vendor/k8s.io/client-go/applyconfigurations/apiserverinternal/v1alpha1/serverstorageversion.go
+++ b/vendor/k8s.io/client-go/applyconfigurations/apiserverinternal/v1alpha1/serverstorageversion.go
@@ -24,6 +24,7 @@ type ServerStorageVersionApplyConfiguration struct {
 	APIServerID       *string  `json:"apiServerID,omitempty"`
 	EncodingVersion   *string  `json:"encodingVersion,omitempty"`
 	DecodableVersions []string `json:"decodableVersions,omitempty"`
+	ServedVersions    []string `json:"servedVersions,omitempty"`
 }
 
 // ServerStorageVersionApplyConfiguration constructs an declarative configuration of the ServerStorageVersion type for use with
@@ -57,3 +58,13 @@ func (b *ServerStorageVersionApplyConfiguration) WithDecodableVersions(values ..
 	}
 	return b
 }
+
+// WithServedVersions adds the given value to the ServedVersions field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, values provided by each call will be appended to the ServedVersions field.
+func (b *ServerStorageVersionApplyConfiguration) WithServedVersions(values ...string) *ServerStorageVersionApplyConfiguration {
+	for i := range values {
+		b.ServedVersions = append(b.ServedVersions, values[i])
+	}
+	return b
+}
diff --git a/vendor/k8s.io/client-go/applyconfigurations/batch/v1/jobspec.go b/vendor/k8s.io/client-go/applyconfigurations/batch/v1/jobspec.go
index 839d88b64..3d46a3ecf 100644
--- a/vendor/k8s.io/client-go/applyconfigurations/batch/v1/jobspec.go
+++ b/vendor/k8s.io/client-go/applyconfigurations/batch/v1/jobspec.go
@@ -32,12 +32,15 @@ type JobSpecApplyConfiguration struct {
 	ActiveDeadlineSeconds   *int64                                    `json:"activeDeadlineSeconds,omitempty"`
 	PodFailurePolicy        *PodFailurePolicyApplyConfiguration       `json:"podFailurePolicy,omitempty"`
 	BackoffLimit            *int32                                    `json:"backoffLimit,omitempty"`
+	BackoffLimitPerIndex    *int32                                    `json:"backoffLimitPerIndex,omitempty"`
+	MaxFailedIndexes        *int32                                    `json:"maxFailedIndexes,omitempty"`
 	Selector                *metav1.LabelSelectorApplyConfiguration   `json:"selector,omitempty"`
 	ManualSelector          *bool                                     `json:"manualSelector,omitempty"`
 	Template                *corev1.PodTemplateSpecApplyConfiguration `json:"template,omitempty"`
 	TTLSecondsAfterFinished *int32                                    `json:"ttlSecondsAfterFinished,omitempty"`
 	CompletionMode          *batchv1.CompletionMode                   `json:"completionMode,omitempty"`
 	Suspend                 *bool                                     `json:"suspend,omitempty"`
+	PodReplacementPolicy    *batchv1.PodReplacementPolicy             `json:"podReplacementPolicy,omitempty"`
 }
 
 // JobSpecApplyConfiguration constructs an declarative configuration of the JobSpec type for use with
@@ -86,6 +89,22 @@ func (b *JobSpecApplyConfiguration) WithBackoffLimit(value int32) *JobSpecApplyC
 	return b
 }
 
+// WithBackoffLimitPerIndex sets the BackoffLimitPerIndex field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the BackoffLimitPerIndex field is set to the value of the last call.
+func (b *JobSpecApplyConfiguration) WithBackoffLimitPerIndex(value int32) *JobSpecApplyConfiguration {
+	b.BackoffLimitPerIndex = &value
+	return b
+}
+
+// WithMaxFailedIndexes sets the MaxFailedIndexes field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the MaxFailedIndexes field is set to the value of the last call.
+func (b *JobSpecApplyConfiguration) WithMaxFailedIndexes(value int32) *JobSpecApplyConfiguration {
+	b.MaxFailedIndexes = &value
+	return b
+}
+
 // WithSelector sets the Selector field in the declarative configuration to the given value
 // and returns the receiver, so that objects can be built by chaining "With" function invocations.
 // If called multiple times, the Selector field is set to the value of the last call.
@@ -133,3 +152,11 @@ func (b *JobSpecApplyConfiguration) WithSuspend(value bool) *JobSpecApplyConfigu
 	b.Suspend = &value
 	return b
 }
+
+// WithPodReplacementPolicy sets the PodReplacementPolicy field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the PodReplacementPolicy field is set to the value of the last call.
+func (b *JobSpecApplyConfiguration) WithPodReplacementPolicy(value batchv1.PodReplacementPolicy) *JobSpecApplyConfiguration {
+	b.PodReplacementPolicy = &value
+	return b
+}
diff --git a/vendor/k8s.io/client-go/applyconfigurations/batch/v1/jobstatus.go b/vendor/k8s.io/client-go/applyconfigurations/batch/v1/jobstatus.go
index a36d5d0ae..e8e472f8f 100644
--- a/vendor/k8s.io/client-go/applyconfigurations/batch/v1/jobstatus.go
+++ b/vendor/k8s.io/client-go/applyconfigurations/batch/v1/jobstatus.go
@@ -31,7 +31,9 @@ type JobStatusApplyConfiguration struct {
 	Active                  *int32                                     `json:"active,omitempty"`
 	Succeeded               *int32                                     `json:"succeeded,omitempty"`
 	Failed                  *int32                                     `json:"failed,omitempty"`
+	Terminating             *int32                                     `json:"terminating,omitempty"`
 	CompletedIndexes        *string                                    `json:"completedIndexes,omitempty"`
+	FailedIndexes           *string                                    `json:"failedIndexes,omitempty"`
 	UncountedTerminatedPods *UncountedTerminatedPodsApplyConfiguration `json:"uncountedTerminatedPods,omitempty"`
 	Ready                   *int32                                     `json:"ready,omitempty"`
 }
@@ -95,6 +97,14 @@ func (b *JobStatusApplyConfiguration) WithFailed(value int32) *JobStatusApplyCon
 	return b
 }
 
+// WithTerminating sets the Terminating field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Terminating field is set to the value of the last call.
+func (b *JobStatusApplyConfiguration) WithTerminating(value int32) *JobStatusApplyConfiguration {
+	b.Terminating = &value
+	return b
+}
+
 // WithCompletedIndexes sets the CompletedIndexes field in the declarative configuration to the given value
 // and returns the receiver, so that objects can be built by chaining "With" function invocations.
 // If called multiple times, the CompletedIndexes field is set to the value of the last call.
@@ -103,6 +113,14 @@ func (b *JobStatusApplyConfiguration) WithCompletedIndexes(value string) *JobSta
 	return b
 }
 
+// WithFailedIndexes sets the FailedIndexes field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the FailedIndexes field is set to the value of the last call.
+func (b *JobStatusApplyConfiguration) WithFailedIndexes(value string) *JobStatusApplyConfiguration {
+	b.FailedIndexes = &value
+	return b
+}
+
 // WithUncountedTerminatedPods sets the UncountedTerminatedPods field in the declarative configuration to the given value
 // and returns the receiver, so that objects can be built by chaining "With" function invocations.
 // If called multiple times, the UncountedTerminatedPods field is set to the value of the last call.
diff --git a/vendor/k8s.io/client-go/applyconfigurations/core/v1/container.go b/vendor/k8s.io/client-go/applyconfigurations/core/v1/container.go
index 9ada59ee2..32d715606 100644
--- a/vendor/k8s.io/client-go/applyconfigurations/core/v1/container.go
+++ b/vendor/k8s.io/client-go/applyconfigurations/core/v1/container.go
@@ -35,6 +35,7 @@ type ContainerApplyConfiguration struct {
 	Env                      []EnvVarApplyConfiguration                `json:"env,omitempty"`
 	Resources                *ResourceRequirementsApplyConfiguration   `json:"resources,omitempty"`
 	ResizePolicy             []ContainerResizePolicyApplyConfiguration `json:"resizePolicy,omitempty"`
+	RestartPolicy            *corev1.ContainerRestartPolicy            `json:"restartPolicy,omitempty"`
 	VolumeMounts             []VolumeMountApplyConfiguration           `json:"volumeMounts,omitempty"`
 	VolumeDevices            []VolumeDeviceApplyConfiguration          `json:"volumeDevices,omitempty"`
 	LivenessProbe            *ProbeApplyConfiguration                  `json:"livenessProbe,omitempty"`
@@ -160,6 +161,14 @@ func (b *ContainerApplyConfiguration) WithResizePolicy(values ...*ContainerResiz
 	return b
 }
 
+// WithRestartPolicy sets the RestartPolicy field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the RestartPolicy field is set to the value of the last call.
+func (b *ContainerApplyConfiguration) WithRestartPolicy(value corev1.ContainerRestartPolicy) *ContainerApplyConfiguration {
+	b.RestartPolicy = &value
+	return b
+}
+
 // WithVolumeMounts adds the given value to the VolumeMounts field in the declarative configuration
 // and returns the receiver, so that objects can be build by chaining "With" function invocations.
 // If called multiple times, values provided by each call will be appended to the VolumeMounts field.
diff --git a/vendor/k8s.io/client-go/applyconfigurations/core/v1/ephemeralcontainer.go b/vendor/k8s.io/client-go/applyconfigurations/core/v1/ephemeralcontainer.go
index c51049ba1..5fa79a246 100644
--- a/vendor/k8s.io/client-go/applyconfigurations/core/v1/ephemeralcontainer.go
+++ b/vendor/k8s.io/client-go/applyconfigurations/core/v1/ephemeralcontainer.go
@@ -139,6 +139,14 @@ func (b *EphemeralContainerApplyConfiguration) WithResizePolicy(values ...*Conta
 	return b
 }
 
+// WithRestartPolicy sets the RestartPolicy field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the RestartPolicy field is set to the value of the last call.
+func (b *EphemeralContainerApplyConfiguration) WithRestartPolicy(value corev1.ContainerRestartPolicy) *EphemeralContainerApplyConfiguration {
+	b.RestartPolicy = &value
+	return b
+}
+
 // WithVolumeMounts adds the given value to the VolumeMounts field in the declarative configuration
 // and returns the receiver, so that objects can be build by chaining "With" function invocations.
 // If called multiple times, values provided by each call will be appended to the VolumeMounts field.
diff --git a/vendor/k8s.io/client-go/applyconfigurations/core/v1/ephemeralcontainercommon.go b/vendor/k8s.io/client-go/applyconfigurations/core/v1/ephemeralcontainercommon.go
index 764b830e0..8cded29a9 100644
--- a/vendor/k8s.io/client-go/applyconfigurations/core/v1/ephemeralcontainercommon.go
+++ b/vendor/k8s.io/client-go/applyconfigurations/core/v1/ephemeralcontainercommon.go
@@ -35,6 +35,7 @@ type EphemeralContainerCommonApplyConfiguration struct {
 	Env                      []EnvVarApplyConfiguration                `json:"env,omitempty"`
 	Resources                *ResourceRequirementsApplyConfiguration   `json:"resources,omitempty"`
 	ResizePolicy             []ContainerResizePolicyApplyConfiguration `json:"resizePolicy,omitempty"`
+	RestartPolicy            *corev1.ContainerRestartPolicy            `json:"restartPolicy,omitempty"`
 	VolumeMounts             []VolumeMountApplyConfiguration           `json:"volumeMounts,omitempty"`
 	VolumeDevices            []VolumeDeviceApplyConfiguration          `json:"volumeDevices,omitempty"`
 	LivenessProbe            *ProbeApplyConfiguration                  `json:"livenessProbe,omitempty"`
@@ -160,6 +161,14 @@ func (b *EphemeralContainerCommonApplyConfiguration) WithResizePolicy(values ...
 	return b
 }
 
+// WithRestartPolicy sets the RestartPolicy field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the RestartPolicy field is set to the value of the last call.
+func (b *EphemeralContainerCommonApplyConfiguration) WithRestartPolicy(value corev1.ContainerRestartPolicy) *EphemeralContainerCommonApplyConfiguration {
+	b.RestartPolicy = &value
+	return b
+}
+
 // WithVolumeMounts adds the given value to the VolumeMounts field in the declarative configuration
 // and returns the receiver, so that objects can be build by chaining "With" function invocations.
 // If called multiple times, values provided by each call will be appended to the VolumeMounts field.
diff --git a/vendor/k8s.io/client-go/applyconfigurations/core/v1/hostip.go b/vendor/k8s.io/client-go/applyconfigurations/core/v1/hostip.go
new file mode 100644
index 000000000..c2a42cf74
--- /dev/null
+++ b/vendor/k8s.io/client-go/applyconfigurations/core/v1/hostip.go
@@ -0,0 +1,39 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by applyconfiguration-gen. DO NOT EDIT.
+
+package v1
+
+// HostIPApplyConfiguration represents an declarative configuration of the HostIP type for use
+// with apply.
+type HostIPApplyConfiguration struct {
+	IP *string `json:"ip,omitempty"`
+}
+
+// HostIPApplyConfiguration constructs an declarative configuration of the HostIP type for use with
+// apply.
+func HostIP() *HostIPApplyConfiguration {
+	return &HostIPApplyConfiguration{}
+}
+
+// WithIP sets the IP field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the IP field is set to the value of the last call.
+func (b *HostIPApplyConfiguration) WithIP(value string) *HostIPApplyConfiguration {
+	b.IP = &value
+	return b
+}
diff --git a/vendor/k8s.io/client-go/applyconfigurations/core/v1/persistentvolumeclaimstatus.go b/vendor/k8s.io/client-go/applyconfigurations/core/v1/persistentvolumeclaimstatus.go
index 4c38d89f5..c29b2a9a1 100644
--- a/vendor/k8s.io/client-go/applyconfigurations/core/v1/persistentvolumeclaimstatus.go
+++ b/vendor/k8s.io/client-go/applyconfigurations/core/v1/persistentvolumeclaimstatus.go
@@ -25,12 +25,12 @@ import (
 // PersistentVolumeClaimStatusApplyConfiguration represents an declarative configuration of the PersistentVolumeClaimStatus type for use
 // with apply.
 type PersistentVolumeClaimStatusApplyConfiguration struct {
-	Phase              *v1.PersistentVolumeClaimPhase                     `json:"phase,omitempty"`
-	AccessModes        []v1.PersistentVolumeAccessMode                    `json:"accessModes,omitempty"`
-	Capacity           *v1.ResourceList                                   `json:"capacity,omitempty"`
-	Conditions         []PersistentVolumeClaimConditionApplyConfiguration `json:"conditions,omitempty"`
-	AllocatedResources *v1.ResourceList                                   `json:"allocatedResources,omitempty"`
-	ResizeStatus       *v1.PersistentVolumeClaimResizeStatus              `json:"resizeStatus,omitempty"`
+	Phase                     *v1.PersistentVolumeClaimPhase                     `json:"phase,omitempty"`
+	AccessModes               []v1.PersistentVolumeAccessMode                    `json:"accessModes,omitempty"`
+	Capacity                  *v1.ResourceList                                   `json:"capacity,omitempty"`
+	Conditions                []PersistentVolumeClaimConditionApplyConfiguration `json:"conditions,omitempty"`
+	AllocatedResources        *v1.ResourceList                                   `json:"allocatedResources,omitempty"`
+	AllocatedResourceStatuses map[v1.ResourceName]v1.ClaimResourceStatus         `json:"allocatedResourceStatuses,omitempty"`
 }
 
 // PersistentVolumeClaimStatusApplyConfiguration constructs an declarative configuration of the PersistentVolumeClaimStatus type for use with
@@ -86,10 +86,16 @@ func (b *PersistentVolumeClaimStatusApplyConfiguration) WithAllocatedResources(v
 	return b
 }
 
-// WithResizeStatus sets the ResizeStatus field in the declarative configuration to the given value
-// and returns the receiver, so that objects can be built by chaining "With" function invocations.
-// If called multiple times, the ResizeStatus field is set to the value of the last call.
-func (b *PersistentVolumeClaimStatusApplyConfiguration) WithResizeStatus(value v1.PersistentVolumeClaimResizeStatus) *PersistentVolumeClaimStatusApplyConfiguration {
-	b.ResizeStatus = &value
+// WithAllocatedResourceStatuses puts the entries into the AllocatedResourceStatuses field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, the entries provided by each call will be put on the AllocatedResourceStatuses field,
+// overwriting an existing map entries in AllocatedResourceStatuses field with the same key.
+func (b *PersistentVolumeClaimStatusApplyConfiguration) WithAllocatedResourceStatuses(entries map[v1.ResourceName]v1.ClaimResourceStatus) *PersistentVolumeClaimStatusApplyConfiguration {
+	if b.AllocatedResourceStatuses == nil && len(entries) > 0 {
+		b.AllocatedResourceStatuses = make(map[v1.ResourceName]v1.ClaimResourceStatus, len(entries))
+	}
+	for k, v := range entries {
+		b.AllocatedResourceStatuses[k] = v
+	}
 	return b
 }
diff --git a/vendor/k8s.io/client-go/applyconfigurations/core/v1/persistentvolumestatus.go b/vendor/k8s.io/client-go/applyconfigurations/core/v1/persistentvolumestatus.go
index f7048dec4..a473c0e92 100644
--- a/vendor/k8s.io/client-go/applyconfigurations/core/v1/persistentvolumestatus.go
+++ b/vendor/k8s.io/client-go/applyconfigurations/core/v1/persistentvolumestatus.go
@@ -20,14 +20,16 @@ package v1
 
 import (
 	v1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
 // PersistentVolumeStatusApplyConfiguration represents an declarative configuration of the PersistentVolumeStatus type for use
 // with apply.
 type PersistentVolumeStatusApplyConfiguration struct {
-	Phase   *v1.PersistentVolumePhase `json:"phase,omitempty"`
-	Message *string                   `json:"message,omitempty"`
-	Reason  *string                   `json:"reason,omitempty"`
+	Phase                   *v1.PersistentVolumePhase `json:"phase,omitempty"`
+	Message                 *string                   `json:"message,omitempty"`
+	Reason                  *string                   `json:"reason,omitempty"`
+	LastPhaseTransitionTime *metav1.Time              `json:"lastPhaseTransitionTime,omitempty"`
 }
 
 // PersistentVolumeStatusApplyConfiguration constructs an declarative configuration of the PersistentVolumeStatus type for use with
@@ -59,3 +61,11 @@ func (b *PersistentVolumeStatusApplyConfiguration) WithReason(value string) *Per
 	b.Reason = &value
 	return b
 }
+
+// WithLastPhaseTransitionTime sets the LastPhaseTransitionTime field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the LastPhaseTransitionTime field is set to the value of the last call.
+func (b *PersistentVolumeStatusApplyConfiguration) WithLastPhaseTransitionTime(value metav1.Time) *PersistentVolumeStatusApplyConfiguration {
+	b.LastPhaseTransitionTime = &value
+	return b
+}
diff --git a/vendor/k8s.io/client-go/applyconfigurations/core/v1/podresourceclaimstatus.go b/vendor/k8s.io/client-go/applyconfigurations/core/v1/podresourceclaimstatus.go
new file mode 100644
index 000000000..ae79ca01b
--- /dev/null
+++ b/vendor/k8s.io/client-go/applyconfigurations/core/v1/podresourceclaimstatus.go
@@ -0,0 +1,48 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by applyconfiguration-gen. DO NOT EDIT.
+
+package v1
+
+// PodResourceClaimStatusApplyConfiguration represents an declarative configuration of the PodResourceClaimStatus type for use
+// with apply.
+type PodResourceClaimStatusApplyConfiguration struct {
+	Name              *string `json:"name,omitempty"`
+	ResourceClaimName *string `json:"resourceClaimName,omitempty"`
+}
+
+// PodResourceClaimStatusApplyConfiguration constructs an declarative configuration of the PodResourceClaimStatus type for use with
+// apply.
+func PodResourceClaimStatus() *PodResourceClaimStatusApplyConfiguration {
+	return &PodResourceClaimStatusApplyConfiguration{}
+}
+
+// WithName sets the Name field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Name field is set to the value of the last call.
+func (b *PodResourceClaimStatusApplyConfiguration) WithName(value string) *PodResourceClaimStatusApplyConfiguration {
+	b.Name = &value
+	return b
+}
+
+// WithResourceClaimName sets the ResourceClaimName field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the ResourceClaimName field is set to the value of the last call.
+func (b *PodResourceClaimStatusApplyConfiguration) WithResourceClaimName(value string) *PodResourceClaimStatusApplyConfiguration {
+	b.ResourceClaimName = &value
+	return b
+}
diff --git a/vendor/k8s.io/client-go/applyconfigurations/core/v1/podstatus.go b/vendor/k8s.io/client-go/applyconfigurations/core/v1/podstatus.go
index e9d8e5b28..1a58ab6be 100644
--- a/vendor/k8s.io/client-go/applyconfigurations/core/v1/podstatus.go
+++ b/vendor/k8s.io/client-go/applyconfigurations/core/v1/podstatus.go
@@ -26,20 +26,22 @@ import (
 // PodStatusApplyConfiguration represents an declarative configuration of the PodStatus type for use
 // with apply.
 type PodStatusApplyConfiguration struct {
-	Phase                      *v1.PodPhase                        `json:"phase,omitempty"`
-	Conditions                 []PodConditionApplyConfiguration    `json:"conditions,omitempty"`
-	Message                    *string                             `json:"message,omitempty"`
-	Reason                     *string                             `json:"reason,omitempty"`
-	NominatedNodeName          *string                             `json:"nominatedNodeName,omitempty"`
-	HostIP                     *string                             `json:"hostIP,omitempty"`
-	PodIP                      *string                             `json:"podIP,omitempty"`
-	PodIPs                     []PodIPApplyConfiguration           `json:"podIPs,omitempty"`
-	StartTime                  *metav1.Time                        `json:"startTime,omitempty"`
-	InitContainerStatuses      []ContainerStatusApplyConfiguration `json:"initContainerStatuses,omitempty"`
-	ContainerStatuses          []ContainerStatusApplyConfiguration `json:"containerStatuses,omitempty"`
-	QOSClass                   *v1.PodQOSClass                     `json:"qosClass,omitempty"`
-	EphemeralContainerStatuses []ContainerStatusApplyConfiguration `json:"ephemeralContainerStatuses,omitempty"`
-	Resize                     *v1.PodResizeStatus                 `json:"resize,omitempty"`
+	Phase                      *v1.PodPhase                               `json:"phase,omitempty"`
+	Conditions                 []PodConditionApplyConfiguration           `json:"conditions,omitempty"`
+	Message                    *string                                    `json:"message,omitempty"`
+	Reason                     *string                                    `json:"reason,omitempty"`
+	NominatedNodeName          *string                                    `json:"nominatedNodeName,omitempty"`
+	HostIP                     *string                                    `json:"hostIP,omitempty"`
+	HostIPs                    []HostIPApplyConfiguration                 `json:"hostIPs,omitempty"`
+	PodIP                      *string                                    `json:"podIP,omitempty"`
+	PodIPs                     []PodIPApplyConfiguration                  `json:"podIPs,omitempty"`
+	StartTime                  *metav1.Time                               `json:"startTime,omitempty"`
+	InitContainerStatuses      []ContainerStatusApplyConfiguration        `json:"initContainerStatuses,omitempty"`
+	ContainerStatuses          []ContainerStatusApplyConfiguration        `json:"containerStatuses,omitempty"`
+	QOSClass                   *v1.PodQOSClass                            `json:"qosClass,omitempty"`
+	EphemeralContainerStatuses []ContainerStatusApplyConfiguration        `json:"ephemeralContainerStatuses,omitempty"`
+	Resize                     *v1.PodResizeStatus                        `json:"resize,omitempty"`
+	ResourceClaimStatuses      []PodResourceClaimStatusApplyConfiguration `json:"resourceClaimStatuses,omitempty"`
 }
 
 // PodStatusApplyConfiguration constructs an declarative configuration of the PodStatus type for use with
@@ -101,6 +103,19 @@ func (b *PodStatusApplyConfiguration) WithHostIP(value string) *PodStatusApplyCo
 	return b
 }
 
+// WithHostIPs adds the given value to the HostIPs field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, values provided by each call will be appended to the HostIPs field.
+func (b *PodStatusApplyConfiguration) WithHostIPs(values ...*HostIPApplyConfiguration) *PodStatusApplyConfiguration {
+	for i := range values {
+		if values[i] == nil {
+			panic("nil value passed to WithHostIPs")
+		}
+		b.HostIPs = append(b.HostIPs, *values[i])
+	}
+	return b
+}
+
 // WithPodIP sets the PodIP field in the declarative configuration to the given value
 // and returns the receiver, so that objects can be built by chaining "With" function invocations.
 // If called multiple times, the PodIP field is set to the value of the last call.
@@ -184,3 +199,16 @@ func (b *PodStatusApplyConfiguration) WithResize(value v1.PodResizeStatus) *PodS
 	b.Resize = &value
 	return b
 }
+
+// WithResourceClaimStatuses adds the given value to the ResourceClaimStatuses field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, values provided by each call will be appended to the ResourceClaimStatuses field.
+func (b *PodStatusApplyConfiguration) WithResourceClaimStatuses(values ...*PodResourceClaimStatusApplyConfiguration) *PodStatusApplyConfiguration {
+	for i := range values {
+		if values[i] == nil {
+			panic("nil value passed to WithResourceClaimStatuses")
+		}
+		b.ResourceClaimStatuses = append(b.ResourceClaimStatuses, *values[i])
+	}
+	return b
+}
diff --git a/vendor/k8s.io/client-go/applyconfigurations/extensions/v1beta1/networkpolicy.go b/vendor/k8s.io/client-go/applyconfigurations/extensions/v1beta1/networkpolicy.go
index 81c84d2d4..27ea5d9dd 100644
--- a/vendor/k8s.io/client-go/applyconfigurations/extensions/v1beta1/networkpolicy.go
+++ b/vendor/k8s.io/client-go/applyconfigurations/extensions/v1beta1/networkpolicy.go
@@ -32,8 +32,7 @@ import (
 type NetworkPolicyApplyConfiguration struct {
 	v1.TypeMetaApplyConfiguration    `json:",inline"`
 	*v1.ObjectMetaApplyConfiguration `json:"metadata,omitempty"`
-	Spec                             *NetworkPolicySpecApplyConfiguration   `json:"spec,omitempty"`
-	Status                           *NetworkPolicyStatusApplyConfiguration `json:"status,omitempty"`
+	Spec                             *NetworkPolicySpecApplyConfiguration `json:"spec,omitempty"`
 }
 
 // NetworkPolicy constructs an declarative configuration of the NetworkPolicy type for use with
@@ -248,11 +247,3 @@ func (b *NetworkPolicyApplyConfiguration) WithSpec(value *NetworkPolicySpecApply
 	b.Spec = value
 	return b
 }
-
-// WithStatus sets the Status field in the declarative configuration to the given value
-// and returns the receiver, so that objects can be built by chaining "With" function invocations.
-// If called multiple times, the Status field is set to the value of the last call.
-func (b *NetworkPolicyApplyConfiguration) WithStatus(value *NetworkPolicyStatusApplyConfiguration) *NetworkPolicyApplyConfiguration {
-	b.Status = value
-	return b
-}
diff --git a/vendor/k8s.io/client-go/applyconfigurations/extensions/v1beta1/networkpolicystatus.go b/vendor/k8s.io/client-go/applyconfigurations/extensions/v1beta1/networkpolicystatus.go
deleted file mode 100644
index 99c89b09b..000000000
--- a/vendor/k8s.io/client-go/applyconfigurations/extensions/v1beta1/networkpolicystatus.go
+++ /dev/null
@@ -1,48 +0,0 @@
-/*
-Copyright The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-// Code generated by applyconfiguration-gen. DO NOT EDIT.
-
-package v1beta1
-
-import (
-	v1 "k8s.io/client-go/applyconfigurations/meta/v1"
-)
-
-// NetworkPolicyStatusApplyConfiguration represents an declarative configuration of the NetworkPolicyStatus type for use
-// with apply.
-type NetworkPolicyStatusApplyConfiguration struct {
-	Conditions []v1.ConditionApplyConfiguration `json:"conditions,omitempty"`
-}
-
-// NetworkPolicyStatusApplyConfiguration constructs an declarative configuration of the NetworkPolicyStatus type for use with
-// apply.
-func NetworkPolicyStatus() *NetworkPolicyStatusApplyConfiguration {
-	return &NetworkPolicyStatusApplyConfiguration{}
-}
-
-// WithConditions adds the given value to the Conditions field in the declarative configuration
-// and returns the receiver, so that objects can be build by chaining "With" function invocations.
-// If called multiple times, values provided by each call will be appended to the Conditions field.
-func (b *NetworkPolicyStatusApplyConfiguration) WithConditions(values ...*v1.ConditionApplyConfiguration) *NetworkPolicyStatusApplyConfiguration {
-	for i := range values {
-		if values[i] == nil {
-			panic("nil value passed to WithConditions")
-		}
-		b.Conditions = append(b.Conditions, *values[i])
-	}
-	return b
-}
diff --git a/vendor/k8s.io/client-go/applyconfigurations/flowcontrol/v1alpha1/exemptprioritylevelconfiguration.go b/vendor/k8s.io/client-go/applyconfigurations/flowcontrol/v1alpha1/exemptprioritylevelconfiguration.go
new file mode 100644
index 000000000..3535d7478
--- /dev/null
+++ b/vendor/k8s.io/client-go/applyconfigurations/flowcontrol/v1alpha1/exemptprioritylevelconfiguration.go
@@ -0,0 +1,48 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by applyconfiguration-gen. DO NOT EDIT.
+
+package v1alpha1
+
+// ExemptPriorityLevelConfigurationApplyConfiguration represents an declarative configuration of the ExemptPriorityLevelConfiguration type for use
+// with apply.
+type ExemptPriorityLevelConfigurationApplyConfiguration struct {
+	NominalConcurrencyShares *int32 `json:"nominalConcurrencyShares,omitempty"`
+	LendablePercent          *int32 `json:"lendablePercent,omitempty"`
+}
+
+// ExemptPriorityLevelConfigurationApplyConfiguration constructs an declarative configuration of the ExemptPriorityLevelConfiguration type for use with
+// apply.
+func ExemptPriorityLevelConfiguration() *ExemptPriorityLevelConfigurationApplyConfiguration {
+	return &ExemptPriorityLevelConfigurationApplyConfiguration{}
+}
+
+// WithNominalConcurrencyShares sets the NominalConcurrencyShares field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the NominalConcurrencyShares field is set to the value of the last call.
+func (b *ExemptPriorityLevelConfigurationApplyConfiguration) WithNominalConcurrencyShares(value int32) *ExemptPriorityLevelConfigurationApplyConfiguration {
+	b.NominalConcurrencyShares = &value
+	return b
+}
+
+// WithLendablePercent sets the LendablePercent field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the LendablePercent field is set to the value of the last call.
+func (b *ExemptPriorityLevelConfigurationApplyConfiguration) WithLendablePercent(value int32) *ExemptPriorityLevelConfigurationApplyConfiguration {
+	b.LendablePercent = &value
+	return b
+}
diff --git a/vendor/k8s.io/client-go/applyconfigurations/flowcontrol/v1alpha1/prioritylevelconfigurationspec.go b/vendor/k8s.io/client-go/applyconfigurations/flowcontrol/v1alpha1/prioritylevelconfigurationspec.go
index 3949dee46..ade920a75 100644
--- a/vendor/k8s.io/client-go/applyconfigurations/flowcontrol/v1alpha1/prioritylevelconfigurationspec.go
+++ b/vendor/k8s.io/client-go/applyconfigurations/flowcontrol/v1alpha1/prioritylevelconfigurationspec.go
@@ -27,6 +27,7 @@ import (
 type PriorityLevelConfigurationSpecApplyConfiguration struct {
 	Type    *v1alpha1.PriorityLevelEnablement                    `json:"type,omitempty"`
 	Limited *LimitedPriorityLevelConfigurationApplyConfiguration `json:"limited,omitempty"`
+	Exempt  *ExemptPriorityLevelConfigurationApplyConfiguration  `json:"exempt,omitempty"`
 }
 
 // PriorityLevelConfigurationSpecApplyConfiguration constructs an declarative configuration of the PriorityLevelConfigurationSpec type for use with
@@ -50,3 +51,11 @@ func (b *PriorityLevelConfigurationSpecApplyConfiguration) WithLimited(value *Li
 	b.Limited = value
 	return b
 }
+
+// WithExempt sets the Exempt field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Exempt field is set to the value of the last call.
+func (b *PriorityLevelConfigurationSpecApplyConfiguration) WithExempt(value *ExemptPriorityLevelConfigurationApplyConfiguration) *PriorityLevelConfigurationSpecApplyConfiguration {
+	b.Exempt = value
+	return b
+}
diff --git a/vendor/k8s.io/client-go/applyconfigurations/flowcontrol/v1beta1/exemptprioritylevelconfiguration.go b/vendor/k8s.io/client-go/applyconfigurations/flowcontrol/v1beta1/exemptprioritylevelconfiguration.go
new file mode 100644
index 000000000..071048090
--- /dev/null
+++ b/vendor/k8s.io/client-go/applyconfigurations/flowcontrol/v1beta1/exemptprioritylevelconfiguration.go
@@ -0,0 +1,48 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by applyconfiguration-gen. DO NOT EDIT.
+
+package v1beta1
+
+// ExemptPriorityLevelConfigurationApplyConfiguration represents an declarative configuration of the ExemptPriorityLevelConfiguration type for use
+// with apply.
+type ExemptPriorityLevelConfigurationApplyConfiguration struct {
+	NominalConcurrencyShares *int32 `json:"nominalConcurrencyShares,omitempty"`
+	LendablePercent          *int32 `json:"lendablePercent,omitempty"`
+}
+
+// ExemptPriorityLevelConfigurationApplyConfiguration constructs an declarative configuration of the ExemptPriorityLevelConfiguration type for use with
+// apply.
+func ExemptPriorityLevelConfiguration() *ExemptPriorityLevelConfigurationApplyConfiguration {
+	return &ExemptPriorityLevelConfigurationApplyConfiguration{}
+}
+
+// WithNominalConcurrencyShares sets the NominalConcurrencyShares field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the NominalConcurrencyShares field is set to the value of the last call.
+func (b *ExemptPriorityLevelConfigurationApplyConfiguration) WithNominalConcurrencyShares(value int32) *ExemptPriorityLevelConfigurationApplyConfiguration {
+	b.NominalConcurrencyShares = &value
+	return b
+}
+
+// WithLendablePercent sets the LendablePercent field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the LendablePercent field is set to the value of the last call.
+func (b *ExemptPriorityLevelConfigurationApplyConfiguration) WithLendablePercent(value int32) *ExemptPriorityLevelConfigurationApplyConfiguration {
+	b.LendablePercent = &value
+	return b
+}
diff --git a/vendor/k8s.io/client-go/applyconfigurations/flowcontrol/v1beta1/prioritylevelconfigurationspec.go b/vendor/k8s.io/client-go/applyconfigurations/flowcontrol/v1beta1/prioritylevelconfigurationspec.go
index 8ed4e399f..19146d9f6 100644
--- a/vendor/k8s.io/client-go/applyconfigurations/flowcontrol/v1beta1/prioritylevelconfigurationspec.go
+++ b/vendor/k8s.io/client-go/applyconfigurations/flowcontrol/v1beta1/prioritylevelconfigurationspec.go
@@ -27,6 +27,7 @@ import (
 type PriorityLevelConfigurationSpecApplyConfiguration struct {
 	Type    *v1beta1.PriorityLevelEnablement                     `json:"type,omitempty"`
 	Limited *LimitedPriorityLevelConfigurationApplyConfiguration `json:"limited,omitempty"`
+	Exempt  *ExemptPriorityLevelConfigurationApplyConfiguration  `json:"exempt,omitempty"`
 }
 
 // PriorityLevelConfigurationSpecApplyConfiguration constructs an declarative configuration of the PriorityLevelConfigurationSpec type for use with
@@ -50,3 +51,11 @@ func (b *PriorityLevelConfigurationSpecApplyConfiguration) WithLimited(value *Li
 	b.Limited = value
 	return b
 }
+
+// WithExempt sets the Exempt field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Exempt field is set to the value of the last call.
+func (b *PriorityLevelConfigurationSpecApplyConfiguration) WithExempt(value *ExemptPriorityLevelConfigurationApplyConfiguration) *PriorityLevelConfigurationSpecApplyConfiguration {
+	b.Exempt = value
+	return b
+}
diff --git a/vendor/k8s.io/client-go/applyconfigurations/flowcontrol/v1beta2/exemptprioritylevelconfiguration.go b/vendor/k8s.io/client-go/applyconfigurations/flowcontrol/v1beta2/exemptprioritylevelconfiguration.go
new file mode 100644
index 000000000..d6bc330fe
--- /dev/null
+++ b/vendor/k8s.io/client-go/applyconfigurations/flowcontrol/v1beta2/exemptprioritylevelconfiguration.go
@@ -0,0 +1,48 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by applyconfiguration-gen. DO NOT EDIT.
+
+package v1beta2
+
+// ExemptPriorityLevelConfigurationApplyConfiguration represents an declarative configuration of the ExemptPriorityLevelConfiguration type for use
+// with apply.
+type ExemptPriorityLevelConfigurationApplyConfiguration struct {
+	NominalConcurrencyShares *int32 `json:"nominalConcurrencyShares,omitempty"`
+	LendablePercent          *int32 `json:"lendablePercent,omitempty"`
+}
+
+// ExemptPriorityLevelConfigurationApplyConfiguration constructs an declarative configuration of the ExemptPriorityLevelConfiguration type for use with
+// apply.
+func ExemptPriorityLevelConfiguration() *ExemptPriorityLevelConfigurationApplyConfiguration {
+	return &ExemptPriorityLevelConfigurationApplyConfiguration{}
+}
+
+// WithNominalConcurrencyShares sets the NominalConcurrencyShares field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the NominalConcurrencyShares field is set to the value of the last call.
+func (b *ExemptPriorityLevelConfigurationApplyConfiguration) WithNominalConcurrencyShares(value int32) *ExemptPriorityLevelConfigurationApplyConfiguration {
+	b.NominalConcurrencyShares = &value
+	return b
+}
+
+// WithLendablePercent sets the LendablePercent field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the LendablePercent field is set to the value of the last call.
+func (b *ExemptPriorityLevelConfigurationApplyConfiguration) WithLendablePercent(value int32) *ExemptPriorityLevelConfigurationApplyConfiguration {
+	b.LendablePercent = &value
+	return b
+}
diff --git a/vendor/k8s.io/client-go/applyconfigurations/flowcontrol/v1beta2/prioritylevelconfigurationspec.go b/vendor/k8s.io/client-go/applyconfigurations/flowcontrol/v1beta2/prioritylevelconfigurationspec.go
index 5560ed9e5..994a8a16a 100644
--- a/vendor/k8s.io/client-go/applyconfigurations/flowcontrol/v1beta2/prioritylevelconfigurationspec.go
+++ b/vendor/k8s.io/client-go/applyconfigurations/flowcontrol/v1beta2/prioritylevelconfigurationspec.go
@@ -27,6 +27,7 @@ import (
 type PriorityLevelConfigurationSpecApplyConfiguration struct {
 	Type    *v1beta2.PriorityLevelEnablement                     `json:"type,omitempty"`
 	Limited *LimitedPriorityLevelConfigurationApplyConfiguration `json:"limited,omitempty"`
+	Exempt  *ExemptPriorityLevelConfigurationApplyConfiguration  `json:"exempt,omitempty"`
 }
 
 // PriorityLevelConfigurationSpecApplyConfiguration constructs an declarative configuration of the PriorityLevelConfigurationSpec type for use with
@@ -50,3 +51,11 @@ func (b *PriorityLevelConfigurationSpecApplyConfiguration) WithLimited(value *Li
 	b.Limited = value
 	return b
 }
+
+// WithExempt sets the Exempt field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Exempt field is set to the value of the last call.
+func (b *PriorityLevelConfigurationSpecApplyConfiguration) WithExempt(value *ExemptPriorityLevelConfigurationApplyConfiguration) *PriorityLevelConfigurationSpecApplyConfiguration {
+	b.Exempt = value
+	return b
+}
diff --git a/vendor/k8s.io/client-go/applyconfigurations/flowcontrol/v1beta3/exemptprioritylevelconfiguration.go b/vendor/k8s.io/client-go/applyconfigurations/flowcontrol/v1beta3/exemptprioritylevelconfiguration.go
new file mode 100644
index 000000000..b03c11d0d
--- /dev/null
+++ b/vendor/k8s.io/client-go/applyconfigurations/flowcontrol/v1beta3/exemptprioritylevelconfiguration.go
@@ -0,0 +1,48 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by applyconfiguration-gen. DO NOT EDIT.
+
+package v1beta3
+
+// ExemptPriorityLevelConfigurationApplyConfiguration represents an declarative configuration of the ExemptPriorityLevelConfiguration type for use
+// with apply.
+type ExemptPriorityLevelConfigurationApplyConfiguration struct {
+	NominalConcurrencyShares *int32 `json:"nominalConcurrencyShares,omitempty"`
+	LendablePercent          *int32 `json:"lendablePercent,omitempty"`
+}
+
+// ExemptPriorityLevelConfigurationApplyConfiguration constructs an declarative configuration of the ExemptPriorityLevelConfiguration type for use with
+// apply.
+func ExemptPriorityLevelConfiguration() *ExemptPriorityLevelConfigurationApplyConfiguration {
+	return &ExemptPriorityLevelConfigurationApplyConfiguration{}
+}
+
+// WithNominalConcurrencyShares sets the NominalConcurrencyShares field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the NominalConcurrencyShares field is set to the value of the last call.
+func (b *ExemptPriorityLevelConfigurationApplyConfiguration) WithNominalConcurrencyShares(value int32) *ExemptPriorityLevelConfigurationApplyConfiguration {
+	b.NominalConcurrencyShares = &value
+	return b
+}
+
+// WithLendablePercent sets the LendablePercent field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the LendablePercent field is set to the value of the last call.
+func (b *ExemptPriorityLevelConfigurationApplyConfiguration) WithLendablePercent(value int32) *ExemptPriorityLevelConfigurationApplyConfiguration {
+	b.LendablePercent = &value
+	return b
+}
diff --git a/vendor/k8s.io/client-go/applyconfigurations/flowcontrol/v1beta3/prioritylevelconfigurationspec.go b/vendor/k8s.io/client-go/applyconfigurations/flowcontrol/v1beta3/prioritylevelconfigurationspec.go
index f67f39445..5b0680d91 100644
--- a/vendor/k8s.io/client-go/applyconfigurations/flowcontrol/v1beta3/prioritylevelconfigurationspec.go
+++ b/vendor/k8s.io/client-go/applyconfigurations/flowcontrol/v1beta3/prioritylevelconfigurationspec.go
@@ -27,6 +27,7 @@ import (
 type PriorityLevelConfigurationSpecApplyConfiguration struct {
 	Type    *v1beta3.PriorityLevelEnablement                     `json:"type,omitempty"`
 	Limited *LimitedPriorityLevelConfigurationApplyConfiguration `json:"limited,omitempty"`
+	Exempt  *ExemptPriorityLevelConfigurationApplyConfiguration  `json:"exempt,omitempty"`
 }
 
 // PriorityLevelConfigurationSpecApplyConfiguration constructs an declarative configuration of the PriorityLevelConfigurationSpec type for use with
@@ -50,3 +51,11 @@ func (b *PriorityLevelConfigurationSpecApplyConfiguration) WithLimited(value *Li
 	b.Limited = value
 	return b
 }
+
+// WithExempt sets the Exempt field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Exempt field is set to the value of the last call.
+func (b *PriorityLevelConfigurationSpecApplyConfiguration) WithExempt(value *ExemptPriorityLevelConfigurationApplyConfiguration) *PriorityLevelConfigurationSpecApplyConfiguration {
+	b.Exempt = value
+	return b
+}
diff --git a/vendor/k8s.io/client-go/applyconfigurations/internal/internal.go b/vendor/k8s.io/client-go/applyconfigurations/internal/internal.go
index 361b2f4e8..3ed553662 100644
--- a/vendor/k8s.io/client-go/applyconfigurations/internal/internal.go
+++ b/vendor/k8s.io/client-go/applyconfigurations/internal/internal.go
@@ -366,6 +366,12 @@ var schemaYAML = typed.YAMLObject(`types:
     - name: namespace
       type:
         scalar: string
+    - name: parameterNotFoundAction
+      type:
+        scalar: string
+    - name: selector
+      type:
+        namedType: io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector
     elementRelationship: atomic
 - name: io.k8s.api.admissionregistration.v1alpha1.TypeChecking
   map:
@@ -464,6 +470,14 @@ var schemaYAML = typed.YAMLObject(`types:
           elementType:
             namedType: io.k8s.api.admissionregistration.v1alpha1.Validation
           elementRelationship: atomic
+    - name: variables
+      type:
+        list:
+          elementType:
+            namedType: io.k8s.api.admissionregistration.v1alpha1.Variable
+          elementRelationship: associative
+          keys:
+          - name
 - name: io.k8s.api.admissionregistration.v1alpha1.ValidatingAdmissionPolicyStatus
   map:
     fields:
@@ -497,6 +511,39 @@ var schemaYAML = typed.YAMLObject(`types:
     - name: reason
       type:
         scalar: string
+- name: io.k8s.api.admissionregistration.v1alpha1.Variable
+  map:
+    fields:
+    - name: expression
+      type:
+        scalar: string
+      default: ""
+    - name: name
+      type:
+        scalar: string
+      default: ""
+- name: io.k8s.api.admissionregistration.v1beta1.AuditAnnotation
+  map:
+    fields:
+    - name: key
+      type:
+        scalar: string
+      default: ""
+    - name: valueExpression
+      type:
+        scalar: string
+      default: ""
+- name: io.k8s.api.admissionregistration.v1beta1.ExpressionWarning
+  map:
+    fields:
+    - name: fieldRef
+      type:
+        scalar: string
+      default: ""
+    - name: warning
+      type:
+        scalar: string
+      default: ""
 - name: io.k8s.api.admissionregistration.v1beta1.MatchCondition
   map:
     fields:
@@ -508,6 +555,31 @@ var schemaYAML = typed.YAMLObject(`types:
       type:
         scalar: string
       default: ""
+- name: io.k8s.api.admissionregistration.v1beta1.MatchResources
+  map:
+    fields:
+    - name: excludeResourceRules
+      type:
+        list:
+          elementType:
+            namedType: io.k8s.api.admissionregistration.v1beta1.NamedRuleWithOperations
+          elementRelationship: atomic
+    - name: matchPolicy
+      type:
+        scalar: string
+    - name: namespaceSelector
+      type:
+        namedType: io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector
+    - name: objectSelector
+      type:
+        namedType: io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector
+    - name: resourceRules
+      type:
+        list:
+          elementType:
+            namedType: io.k8s.api.admissionregistration.v1beta1.NamedRuleWithOperations
+          elementRelationship: atomic
+    elementRelationship: atomic
 - name: io.k8s.api.admissionregistration.v1beta1.MutatingWebhook
   map:
     fields:
@@ -581,6 +653,69 @@ var schemaYAML = typed.YAMLObject(`types:
           elementRelationship: associative
           keys:
           - name
+- name: io.k8s.api.admissionregistration.v1beta1.NamedRuleWithOperations
+  map:
+    fields:
+    - name: apiGroups
+      type:
+        list:
+          elementType:
+            scalar: string
+          elementRelationship: atomic
+    - name: apiVersions
+      type:
+        list:
+          elementType:
+            scalar: string
+          elementRelationship: atomic
+    - name: operations
+      type:
+        list:
+          elementType:
+            scalar: string
+          elementRelationship: atomic
+    - name: resourceNames
+      type:
+        list:
+          elementType:
+            scalar: string
+          elementRelationship: atomic
+    - name: resources
+      type:
+        list:
+          elementType:
+            scalar: string
+          elementRelationship: atomic
+    - name: scope
+      type:
+        scalar: string
+    elementRelationship: atomic
+- name: io.k8s.api.admissionregistration.v1beta1.ParamKind
+  map:
+    fields:
+    - name: apiVersion
+      type:
+        scalar: string
+    - name: kind
+      type:
+        scalar: string
+    elementRelationship: atomic
+- name: io.k8s.api.admissionregistration.v1beta1.ParamRef
+  map:
+    fields:
+    - name: name
+      type:
+        scalar: string
+    - name: namespace
+      type:
+        scalar: string
+    - name: parameterNotFoundAction
+      type:
+        scalar: string
+    - name: selector
+      type:
+        namedType: io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector
+    elementRelationship: atomic
 - name: io.k8s.api.admissionregistration.v1beta1.ServiceReference
   map:
     fields:
@@ -598,6 +733,128 @@ var schemaYAML = typed.YAMLObject(`types:
     - name: port
       type:
         scalar: numeric
+- name: io.k8s.api.admissionregistration.v1beta1.TypeChecking
+  map:
+    fields:
+    - name: expressionWarnings
+      type:
+        list:
+          elementType:
+            namedType: io.k8s.api.admissionregistration.v1beta1.ExpressionWarning
+          elementRelationship: atomic
+- name: io.k8s.api.admissionregistration.v1beta1.ValidatingAdmissionPolicy
+  map:
+    fields:
+    - name: apiVersion
+      type:
+        scalar: string
+    - name: kind
+      type:
+        scalar: string
+    - name: metadata
+      type:
+        namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta
+      default: {}
+    - name: spec
+      type:
+        namedType: io.k8s.api.admissionregistration.v1beta1.ValidatingAdmissionPolicySpec
+      default: {}
+    - name: status
+      type:
+        namedType: io.k8s.api.admissionregistration.v1beta1.ValidatingAdmissionPolicyStatus
+      default: {}
+- name: io.k8s.api.admissionregistration.v1beta1.ValidatingAdmissionPolicyBinding
+  map:
+    fields:
+    - name: apiVersion
+      type:
+        scalar: string
+    - name: kind
+      type:
+        scalar: string
+    - name: metadata
+      type:
+        namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta
+      default: {}
+    - name: spec
+      type:
+        namedType: io.k8s.api.admissionregistration.v1beta1.ValidatingAdmissionPolicyBindingSpec
+      default: {}
+- name: io.k8s.api.admissionregistration.v1beta1.ValidatingAdmissionPolicyBindingSpec
+  map:
+    fields:
+    - name: matchResources
+      type:
+        namedType: io.k8s.api.admissionregistration.v1beta1.MatchResources
+    - name: paramRef
+      type:
+        namedType: io.k8s.api.admissionregistration.v1beta1.ParamRef
+    - name: policyName
+      type:
+        scalar: string
+    - name: validationActions
+      type:
+        list:
+          elementType:
+            scalar: string
+          elementRelationship: associative
+- name: io.k8s.api.admissionregistration.v1beta1.ValidatingAdmissionPolicySpec
+  map:
+    fields:
+    - name: auditAnnotations
+      type:
+        list:
+          elementType:
+            namedType: io.k8s.api.admissionregistration.v1beta1.AuditAnnotation
+          elementRelationship: atomic
+    - name: failurePolicy
+      type:
+        scalar: string
+    - name: matchConditions
+      type:
+        list:
+          elementType:
+            namedType: io.k8s.api.admissionregistration.v1beta1.MatchCondition
+          elementRelationship: associative
+          keys:
+          - name
+    - name: matchConstraints
+      type:
+        namedType: io.k8s.api.admissionregistration.v1beta1.MatchResources
+    - name: paramKind
+      type:
+        namedType: io.k8s.api.admissionregistration.v1beta1.ParamKind
+    - name: validations
+      type:
+        list:
+          elementType:
+            namedType: io.k8s.api.admissionregistration.v1beta1.Validation
+          elementRelationship: atomic
+    - name: variables
+      type:
+        list:
+          elementType:
+            namedType: io.k8s.api.admissionregistration.v1beta1.Variable
+          elementRelationship: associative
+          keys:
+          - name
+- name: io.k8s.api.admissionregistration.v1beta1.ValidatingAdmissionPolicyStatus
+  map:
+    fields:
+    - name: conditions
+      type:
+        list:
+          elementType:
+            namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Condition
+          elementRelationship: associative
+          keys:
+          - type
+    - name: observedGeneration
+      type:
+        scalar: numeric
+    - name: typeChecking
+      type:
+        namedType: io.k8s.api.admissionregistration.v1beta1.TypeChecking
 - name: io.k8s.api.admissionregistration.v1beta1.ValidatingWebhook
   map:
     fields:
@@ -668,6 +925,34 @@ var schemaYAML = typed.YAMLObject(`types:
           elementRelationship: associative
           keys:
           - name
+- name: io.k8s.api.admissionregistration.v1beta1.Validation
+  map:
+    fields:
+    - name: expression
+      type:
+        scalar: string
+      default: ""
+    - name: message
+      type:
+        scalar: string
+    - name: messageExpression
+      type:
+        scalar: string
+    - name: reason
+      type:
+        scalar: string
+- name: io.k8s.api.admissionregistration.v1beta1.Variable
+  map:
+    fields:
+    - name: expression
+      type:
+        scalar: string
+      default: ""
+    - name: name
+      type:
+        scalar: string
+      default: ""
+    elementRelationship: atomic
 - name: io.k8s.api.admissionregistration.v1beta1.WebhookClientConfig
   map:
     fields:
@@ -695,6 +980,12 @@ var schemaYAML = typed.YAMLObject(`types:
     - name: encodingVersion
       type:
         scalar: string
+    - name: servedVersions
+      type:
+        list:
+          elementType:
+            scalar: string
+          elementRelationship: associative
 - name: io.k8s.api.apiserverinternal.v1alpha1.StorageVersion
   map:
     fields:
@@ -3328,6 +3619,9 @@ var schemaYAML = typed.YAMLObject(`types:
     - name: backoffLimit
       type:
         scalar: numeric
+    - name: backoffLimitPerIndex
+      type:
+        scalar: numeric
     - name: completionMode
       type:
         scalar: string
@@ -3337,12 +3631,18 @@ var schemaYAML = typed.YAMLObject(`types:
     - name: manualSelector
       type:
         scalar: boolean
+    - name: maxFailedIndexes
+      type:
+        scalar: numeric
     - name: parallelism
       type:
         scalar: numeric
     - name: podFailurePolicy
       type:
         namedType: io.k8s.api.batch.v1.PodFailurePolicy
+    - name: podReplacementPolicy
+      type:
+        scalar: string
     - name: selector
       type:
         namedType: io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector
@@ -3377,6 +3677,9 @@ var schemaYAML = typed.YAMLObject(`types:
     - name: failed
       type:
         scalar: numeric
+    - name: failedIndexes
+      type:
+        scalar: string
     - name: ready
       type:
         scalar: numeric
@@ -3386,6 +3689,9 @@ var schemaYAML = typed.YAMLObject(`types:
     - name: succeeded
       type:
         scalar: numeric
+    - name: terminating
+      type:
+        scalar: numeric
     - name: uncountedTerminatedPods
       type:
         namedType: io.k8s.api.batch.v1.UncountedTerminatedPods
@@ -4306,6 +4612,9 @@ var schemaYAML = typed.YAMLObject(`types:
       type:
         namedType: io.k8s.api.core.v1.ResourceRequirements
       default: {}
+    - name: restartPolicy
+      type:
+        scalar: string
     - name: securityContext
       type:
         namedType: io.k8s.api.core.v1.SecurityContext
@@ -4723,6 +5032,9 @@ var schemaYAML = typed.YAMLObject(`types:
       type:
         namedType: io.k8s.api.core.v1.ResourceRequirements
       default: {}
+    - name: restartPolicy
+      type:
+        scalar: string
     - name: securityContext
       type:
         namedType: io.k8s.api.core.v1.SecurityContext
@@ -5053,6 +5365,12 @@ var schemaYAML = typed.YAMLObject(`types:
     - name: ip
       type:
         scalar: string
+- name: io.k8s.api.core.v1.HostIP
+  map:
+    fields:
+    - name: ip
+      type:
+        scalar: string
 - name: io.k8s.api.core.v1.HostPathVolumeSource
   map:
     fields:
@@ -5777,6 +6095,12 @@ var schemaYAML = typed.YAMLObject(`types:
           elementType:
             scalar: string
           elementRelationship: atomic
+    - name: allocatedResourceStatuses
+      type:
+        map:
+          elementType:
+            scalar: string
+          elementRelationship: separable
     - name: allocatedResources
       type:
         map:
@@ -5798,9 +6122,6 @@ var schemaYAML = typed.YAMLObject(`types:
     - name: phase
       type:
         scalar: string
-    - name: resizeStatus
-      type:
-        scalar: string
 - name: io.k8s.api.core.v1.PersistentVolumeClaimTemplate
   map:
     fields:
@@ -5927,6 +6248,9 @@ var schemaYAML = typed.YAMLObject(`types:
 - name: io.k8s.api.core.v1.PersistentVolumeStatus
   map:
     fields:
+    - name: lastPhaseTransitionTime
+      type:
+        namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Time
     - name: message
       type:
         scalar: string
@@ -6102,6 +6426,16 @@ var schemaYAML = typed.YAMLObject(`types:
       type:
         namedType: io.k8s.api.core.v1.ClaimSource
       default: {}
+- name: io.k8s.api.core.v1.PodResourceClaimStatus
+  map:
+    fields:
+    - name: name
+      type:
+        scalar: string
+      default: ""
+    - name: resourceClaimName
+      type:
+        scalar: string
 - name: io.k8s.api.core.v1.PodSchedulingGate
   map:
     fields:
@@ -6351,6 +6685,12 @@ var schemaYAML = typed.YAMLObject(`types:
     - name: hostIP
       type:
         scalar: string
+    - name: hostIPs
+      type:
+        list:
+          elementType:
+            namedType: io.k8s.api.core.v1.HostIP
+          elementRelationship: atomic
     - name: initContainerStatuses
       type:
         list:
@@ -6386,6 +6726,14 @@ var schemaYAML = typed.YAMLObject(`types:
     - name: resize
       type:
         scalar: string
+    - name: resourceClaimStatuses
+      type:
+        list:
+          elementType:
+            namedType: io.k8s.api.core.v1.PodResourceClaimStatus
+          elementRelationship: associative
+          keys:
+          - name
     - name: startTime
       type:
         namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Time
@@ -8343,10 +8691,6 @@ var schemaYAML = typed.YAMLObject(`types:
       type:
         namedType: io.k8s.api.extensions.v1beta1.NetworkPolicySpec
       default: {}
-    - name: status
-      type:
-        namedType: io.k8s.api.extensions.v1beta1.NetworkPolicyStatus
-      default: {}
 - name: io.k8s.api.extensions.v1beta1.NetworkPolicyEgressRule
   map:
     fields:
@@ -8426,17 +8770,6 @@ var schemaYAML = typed.YAMLObject(`types:
           elementType:
             scalar: string
           elementRelationship: atomic
-- name: io.k8s.api.extensions.v1beta1.NetworkPolicyStatus
-  map:
-    fields:
-    - name: conditions
-      type:
-        list:
-          elementType:
-            namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Condition
-          elementRelationship: associative
-          keys:
-          - type
 - name: io.k8s.api.extensions.v1beta1.ReplicaSet
   map:
     fields:
@@ -8546,6 +8879,15 @@ var schemaYAML = typed.YAMLObject(`types:
     - name: maxUnavailable
       type:
         namedType: io.k8s.apimachinery.pkg.util.intstr.IntOrString
+- name: io.k8s.api.flowcontrol.v1alpha1.ExemptPriorityLevelConfiguration
+  map:
+    fields:
+    - name: lendablePercent
+      type:
+        scalar: numeric
+    - name: nominalConcurrencyShares
+      type:
+        scalar: numeric
 - name: io.k8s.api.flowcontrol.v1alpha1.FlowDistinguisherMethod
   map:
     fields:
@@ -8749,6 +9091,9 @@ var schemaYAML = typed.YAMLObject(`types:
 - name: io.k8s.api.flowcontrol.v1alpha1.PriorityLevelConfigurationSpec
   map:
     fields:
+    - name: exempt
+      type:
+        namedType: io.k8s.api.flowcontrol.v1alpha1.ExemptPriorityLevelConfiguration
     - name: limited
       type:
         namedType: io.k8s.api.flowcontrol.v1alpha1.LimitedPriorityLevelConfiguration
@@ -8759,6 +9104,8 @@ var schemaYAML = typed.YAMLObject(`types:
     unions:
     - discriminator: type
       fields:
+      - fieldName: exempt
+        discriminatorValue: Exempt
       - fieldName: limited
         discriminatorValue: Limited
 - name: io.k8s.api.flowcontrol.v1alpha1.PriorityLevelConfigurationStatus
@@ -8860,6 +9207,15 @@ var schemaYAML = typed.YAMLObject(`types:
       type:
         scalar: string
       default: ""
+- name: io.k8s.api.flowcontrol.v1beta1.ExemptPriorityLevelConfiguration
+  map:
+    fields:
+    - name: lendablePercent
+      type:
+        scalar: numeric
+    - name: nominalConcurrencyShares
+      type:
+        scalar: numeric
 - name: io.k8s.api.flowcontrol.v1beta1.FlowDistinguisherMethod
   map:
     fields:
@@ -9063,6 +9419,9 @@ var schemaYAML = typed.YAMLObject(`types:
 - name: io.k8s.api.flowcontrol.v1beta1.PriorityLevelConfigurationSpec
   map:
     fields:
+    - name: exempt
+      type:
+        namedType: io.k8s.api.flowcontrol.v1beta1.ExemptPriorityLevelConfiguration
     - name: limited
       type:
         namedType: io.k8s.api.flowcontrol.v1beta1.LimitedPriorityLevelConfiguration
@@ -9073,6 +9432,8 @@ var schemaYAML = typed.YAMLObject(`types:
     unions:
     - discriminator: type
       fields:
+      - fieldName: exempt
+        discriminatorValue: Exempt
       - fieldName: limited
         discriminatorValue: Limited
 - name: io.k8s.api.flowcontrol.v1beta1.PriorityLevelConfigurationStatus
@@ -9174,6 +9535,15 @@ var schemaYAML = typed.YAMLObject(`types:
       type:
         scalar: string
       default: ""
+- name: io.k8s.api.flowcontrol.v1beta2.ExemptPriorityLevelConfiguration
+  map:
+    fields:
+    - name: lendablePercent
+      type:
+        scalar: numeric
+    - name: nominalConcurrencyShares
+      type:
+        scalar: numeric
 - name: io.k8s.api.flowcontrol.v1beta2.FlowDistinguisherMethod
   map:
     fields:
@@ -9377,6 +9747,9 @@ var schemaYAML = typed.YAMLObject(`types:
 - name: io.k8s.api.flowcontrol.v1beta2.PriorityLevelConfigurationSpec
   map:
     fields:
+    - name: exempt
+      type:
+        namedType: io.k8s.api.flowcontrol.v1beta2.ExemptPriorityLevelConfiguration
     - name: limited
       type:
         namedType: io.k8s.api.flowcontrol.v1beta2.LimitedPriorityLevelConfiguration
@@ -9387,6 +9760,8 @@ var schemaYAML = typed.YAMLObject(`types:
     unions:
     - discriminator: type
       fields:
+      - fieldName: exempt
+        discriminatorValue: Exempt
       - fieldName: limited
         discriminatorValue: Limited
 - name: io.k8s.api.flowcontrol.v1beta2.PriorityLevelConfigurationStatus
@@ -9488,6 +9863,15 @@ var schemaYAML = typed.YAMLObject(`types:
       type:
         scalar: string
       default: ""
+- name: io.k8s.api.flowcontrol.v1beta3.ExemptPriorityLevelConfiguration
+  map:
+    fields:
+    - name: lendablePercent
+      type:
+        scalar: numeric
+    - name: nominalConcurrencyShares
+      type:
+        scalar: numeric
 - name: io.k8s.api.flowcontrol.v1beta3.FlowDistinguisherMethod
   map:
     fields:
@@ -9691,6 +10075,9 @@ var schemaYAML = typed.YAMLObject(`types:
 - name: io.k8s.api.flowcontrol.v1beta3.PriorityLevelConfigurationSpec
   map:
     fields:
+    - name: exempt
+      type:
+        namedType: io.k8s.api.flowcontrol.v1beta3.ExemptPriorityLevelConfiguration
     - name: limited
       type:
         namedType: io.k8s.api.flowcontrol.v1beta3.LimitedPriorityLevelConfiguration
@@ -9701,6 +10088,8 @@ var schemaYAML = typed.YAMLObject(`types:
     unions:
     - discriminator: type
       fields:
+      - fieldName: exempt
+        discriminatorValue: Exempt
       - fieldName: limited
         discriminatorValue: Limited
 - name: io.k8s.api.flowcontrol.v1beta3.PriorityLevelConfigurationStatus
@@ -10087,10 +10476,6 @@ var schemaYAML = typed.YAMLObject(`types:
       type:
         namedType: io.k8s.api.networking.v1.NetworkPolicySpec
       default: {}
-    - name: status
-      type:
-        namedType: io.k8s.api.networking.v1.NetworkPolicyStatus
-      default: {}
 - name: io.k8s.api.networking.v1.NetworkPolicyEgressRule
   map:
     fields:
@@ -10170,17 +10555,6 @@ var schemaYAML = typed.YAMLObject(`types:
           elementType:
             scalar: string
           elementRelationship: atomic
-- name: io.k8s.api.networking.v1.NetworkPolicyStatus
-  map:
-    fields:
-    - name: conditions
-      type:
-        list:
-          elementType:
-            namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Condition
-          elementRelationship: associative
-          keys:
-          - type
 - name: io.k8s.api.networking.v1.ServiceBackendPort
   map:
     fields:
diff --git a/vendor/k8s.io/client-go/applyconfigurations/networking/v1/networkpolicy.go b/vendor/k8s.io/client-go/applyconfigurations/networking/v1/networkpolicy.go
index 101510e45..409507310 100644
--- a/vendor/k8s.io/client-go/applyconfigurations/networking/v1/networkpolicy.go
+++ b/vendor/k8s.io/client-go/applyconfigurations/networking/v1/networkpolicy.go
@@ -32,8 +32,7 @@ import (
 type NetworkPolicyApplyConfiguration struct {
 	v1.TypeMetaApplyConfiguration    `json:",inline"`
 	*v1.ObjectMetaApplyConfiguration `json:"metadata,omitempty"`
-	Spec                             *NetworkPolicySpecApplyConfiguration   `json:"spec,omitempty"`
-	Status                           *NetworkPolicyStatusApplyConfiguration `json:"status,omitempty"`
+	Spec                             *NetworkPolicySpecApplyConfiguration `json:"spec,omitempty"`
 }
 
 // NetworkPolicy constructs an declarative configuration of the NetworkPolicy type for use with
@@ -248,11 +247,3 @@ func (b *NetworkPolicyApplyConfiguration) WithSpec(value *NetworkPolicySpecApply
 	b.Spec = value
 	return b
 }
-
-// WithStatus sets the Status field in the declarative configuration to the given value
-// and returns the receiver, so that objects can be built by chaining "With" function invocations.
-// If called multiple times, the Status field is set to the value of the last call.
-func (b *NetworkPolicyApplyConfiguration) WithStatus(value *NetworkPolicyStatusApplyConfiguration) *NetworkPolicyApplyConfiguration {
-	b.Status = value
-	return b
-}
diff --git a/vendor/k8s.io/client-go/applyconfigurations/networking/v1/networkpolicystatus.go b/vendor/k8s.io/client-go/applyconfigurations/networking/v1/networkpolicystatus.go
deleted file mode 100644
index 032de18ed..000000000
--- a/vendor/k8s.io/client-go/applyconfigurations/networking/v1/networkpolicystatus.go
+++ /dev/null
@@ -1,48 +0,0 @@
-/*
-Copyright The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-// Code generated by applyconfiguration-gen. DO NOT EDIT.
-
-package v1
-
-import (
-	v1 "k8s.io/client-go/applyconfigurations/meta/v1"
-)
-
-// NetworkPolicyStatusApplyConfiguration represents an declarative configuration of the NetworkPolicyStatus type for use
-// with apply.
-type NetworkPolicyStatusApplyConfiguration struct {
-	Conditions []v1.ConditionApplyConfiguration `json:"conditions,omitempty"`
-}
-
-// NetworkPolicyStatusApplyConfiguration constructs an declarative configuration of the NetworkPolicyStatus type for use with
-// apply.
-func NetworkPolicyStatus() *NetworkPolicyStatusApplyConfiguration {
-	return &NetworkPolicyStatusApplyConfiguration{}
-}
-
-// WithConditions adds the given value to the Conditions field in the declarative configuration
-// and returns the receiver, so that objects can be build by chaining "With" function invocations.
-// If called multiple times, values provided by each call will be appended to the Conditions field.
-func (b *NetworkPolicyStatusApplyConfiguration) WithConditions(values ...*v1.ConditionApplyConfiguration) *NetworkPolicyStatusApplyConfiguration {
-	for i := range values {
-		if values[i] == nil {
-			panic("nil value passed to WithConditions")
-		}
-		b.Conditions = append(b.Conditions, *values[i])
-	}
-	return b
-}
diff --git a/vendor/k8s.io/client-go/discovery/aggregated_discovery.go b/vendor/k8s.io/client-go/discovery/aggregated_discovery.go
index 7470259dc..f72c42051 100644
--- a/vendor/k8s.io/client-go/discovery/aggregated_discovery.go
+++ b/vendor/k8s.io/client-go/discovery/aggregated_discovery.go
@@ -111,6 +111,8 @@ func convertAPIGroup(g apidiscovery.APIGroupDiscovery) (
 	return group, gvResources, failedGVs
 }
 
+var emptyKind = metav1.GroupVersionKind{}
+
 // convertAPIResource tranforms a APIResourceDiscovery to an APIResource. We are
 // resilient to missing GVK, since this resource might be the parent resource
 // for a subresource. If the parent is missing a GVK, it is not returned in
@@ -125,7 +127,7 @@ func convertAPIResource(in apidiscovery.APIResourceDiscovery) (metav1.APIResourc
 		Categories:   in.Categories,
 	}
 	var err error
-	if in.ResponseKind != nil {
+	if in.ResponseKind != nil && (*in.ResponseKind) != emptyKind {
 		result.Group = in.ResponseKind.Group
 		result.Version = in.ResponseKind.Version
 		result.Kind = in.ResponseKind.Kind
@@ -140,7 +142,7 @@ func convertAPIResource(in apidiscovery.APIResourceDiscovery) (metav1.APIResourc
 // convertAPISubresource tranforms a APISubresourceDiscovery to an APIResource.
 func convertAPISubresource(parent metav1.APIResource, in apidiscovery.APISubresourceDiscovery) (metav1.APIResource, error) {
 	result := metav1.APIResource{}
-	if in.ResponseKind == nil {
+	if in.ResponseKind == nil || (*in.ResponseKind) == emptyKind {
 		return result, fmt.Errorf("subresource %s/%s missing GVK", parent.Name, in.Subresource)
 	}
 	result.Name = fmt.Sprintf("%s/%s", parent.Name, in.Subresource)
diff --git a/vendor/k8s.io/client-go/discovery/cached/disk/cached_discovery.go b/vendor/k8s.io/client-go/discovery/cached/disk/cached_discovery.go
index 82137a8ee..158810ee5 100644
--- a/vendor/k8s.io/client-go/discovery/cached/disk/cached_discovery.go
+++ b/vendor/k8s.io/client-go/discovery/cached/disk/cached_discovery.go
@@ -25,7 +25,7 @@ import (
 	"sync"
 	"time"
 
-	openapi_v2 "github.com/google/gnostic/openapiv2"
+	openapi_v2 "github.com/google/gnostic-models/openapiv2"
 	"k8s.io/klog/v2"
 
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
diff --git a/vendor/k8s.io/client-go/discovery/cached/memory/memcache.go b/vendor/k8s.io/client-go/discovery/cached/memory/memcache.go
index 9143ce00a..3829b3cc0 100644
--- a/vendor/k8s.io/client-go/discovery/cached/memory/memcache.go
+++ b/vendor/k8s.io/client-go/discovery/cached/memory/memcache.go
@@ -22,7 +22,7 @@ import (
 	"sync"
 	"syscall"
 
-	openapi_v2 "github.com/google/gnostic/openapiv2"
+	openapi_v2 "github.com/google/gnostic-models/openapiv2"
 
 	errorsutil "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
diff --git a/vendor/k8s.io/client-go/discovery/discovery_client.go b/vendor/k8s.io/client-go/discovery/discovery_client.go
index 1253fa1f4..102ce49bf 100644
--- a/vendor/k8s.io/client-go/discovery/discovery_client.go
+++ b/vendor/k8s.io/client-go/discovery/discovery_client.go
@@ -30,7 +30,7 @@ import (
 
 	//nolint:staticcheck // SA1019 Keep using module since it's still being maintained and the api of google.golang.org/protobuf/proto differs
 	"github.com/golang/protobuf/proto"
-	openapi_v2 "github.com/google/gnostic/openapiv2"
+	openapi_v2 "github.com/google/gnostic-models/openapiv2"
 
 	apidiscovery "k8s.io/api/apidiscovery/v2beta1"
 	"k8s.io/apimachinery/pkg/api/errors"
@@ -67,6 +67,9 @@ const (
 	acceptDiscoveryFormats = AcceptV2Beta1 + "," + AcceptV1
 )
 
+// Aggregated discovery content-type GVK.
+var v2Beta1GVK = schema.GroupVersionKind{Group: "apidiscovery.k8s.io", Version: "v2beta1", Kind: "APIGroupDiscoveryList"}
+
 // DiscoveryInterface holds the methods that discover server-supported API groups,
 // versions and resources.
 type DiscoveryInterface interface {
@@ -260,16 +263,15 @@ func (d *DiscoveryClient) downloadLegacy() (
 	}
 
 	var resourcesByGV map[schema.GroupVersion]*metav1.APIResourceList
-	// Switch on content-type server responded with: aggregated or unaggregated.
-	switch {
-	case isV2Beta1ContentType(responseContentType):
+	// Based on the content-type server responded with: aggregated or unaggregated.
+	if isGVK, _ := ContentTypeIsGVK(responseContentType, v2Beta1GVK); isGVK {
 		var aggregatedDiscovery apidiscovery.APIGroupDiscoveryList
 		err = json.Unmarshal(body, &aggregatedDiscovery)
 		if err != nil {
 			return nil, nil, nil, err
 		}
 		apiGroupList, resourcesByGV, failedGVs = SplitGroupsAndResources(aggregatedDiscovery)
-	default:
+	} else {
 		// Default is unaggregated discovery v1.
 		var v metav1.APIVersions
 		err = json.Unmarshal(body, &v)
@@ -313,16 +315,15 @@ func (d *DiscoveryClient) downloadAPIs() (
 	apiGroupList := &metav1.APIGroupList{}
 	failedGVs := map[schema.GroupVersion]error{}
 	var resourcesByGV map[schema.GroupVersion]*metav1.APIResourceList
-	// Switch on content-type server responded with: aggregated or unaggregated.
-	switch {
-	case isV2Beta1ContentType(responseContentType):
+	// Based on the content-type server responded with: aggregated or unaggregated.
+	if isGVK, _ := ContentTypeIsGVK(responseContentType, v2Beta1GVK); isGVK {
 		var aggregatedDiscovery apidiscovery.APIGroupDiscoveryList
 		err = json.Unmarshal(body, &aggregatedDiscovery)
 		if err != nil {
 			return nil, nil, nil, err
 		}
 		apiGroupList, resourcesByGV, failedGVs = SplitGroupsAndResources(aggregatedDiscovery)
-	default:
+	} else {
 		// Default is unaggregated discovery v1.
 		err = json.Unmarshal(body, apiGroupList)
 		if err != nil {
@@ -333,26 +334,29 @@ func (d *DiscoveryClient) downloadAPIs() (
 	return apiGroupList, resourcesByGV, failedGVs, nil
 }
 
-// isV2Beta1ContentType checks of the content-type string is both
-// "application/json" and contains the v2beta1 content-type params.
+// ContentTypeIsGVK checks of the content-type string is both
+// "application/json" and matches the provided GVK. An error
+// is returned if the content type string is malformed.
 // NOTE: This function is resilient to the ordering of the
 // content-type parameters, as well as parameters added by
 // intermediaries such as proxies or gateways. Examples:
 //
-//	"application/json; g=apidiscovery.k8s.io;v=v2beta1;as=APIGroupDiscoveryList" = true
-//	"application/json; as=APIGroupDiscoveryList;v=v2beta1;g=apidiscovery.k8s.io" = true
-//	"application/json; as=APIGroupDiscoveryList;v=v2beta1;g=apidiscovery.k8s.io;charset=utf-8" = true
-//	"application/json" = false
-//	"application/json; charset=UTF-8" = false
-func isV2Beta1ContentType(contentType string) bool {
+//	("application/json; g=apidiscovery.k8s.io;v=v2beta1;as=APIGroupDiscoveryList", {apidiscovery.k8s.io, v2beta1, APIGroupDiscoveryList}) = (true, nil)
+//	("application/json; as=APIGroupDiscoveryList;v=v2beta1;g=apidiscovery.k8s.io", {apidiscovery.k8s.io, v2beta1, APIGroupDiscoveryList}) = (true, nil)
+//	("application/json; as=APIGroupDiscoveryList;v=v2beta1;g=apidiscovery.k8s.io;charset=utf-8", {apidiscovery.k8s.io, v2beta1, APIGroupDiscoveryList}) = (true, nil)
+//	("application/json", any GVK) = (false, nil)
+//	("application/json; charset=UTF-8", any GVK) = (false, nil)
+//	("malformed content type string", any GVK) = (false, error)
+func ContentTypeIsGVK(contentType string, gvk schema.GroupVersionKind) (bool, error) {
 	base, params, err := mime.ParseMediaType(contentType)
 	if err != nil {
-		return false
+		return false, err
 	}
-	return runtime.ContentTypeJSON == base &&
-		params["g"] == "apidiscovery.k8s.io" &&
-		params["v"] == "v2beta1" &&
-		params["as"] == "APIGroupDiscoveryList"
+	gvkMatch := runtime.ContentTypeJSON == base &&
+		params["g"] == gvk.Group &&
+		params["v"] == gvk.Version &&
+		params["as"] == gvk.Kind
+	return gvkMatch, nil
 }
 
 // ServerGroups returns the supported groups, with information like supported versions and the
diff --git a/vendor/k8s.io/client-go/kubernetes/typed/admissionregistration/v1beta1/admissionregistration_client.go b/vendor/k8s.io/client-go/kubernetes/typed/admissionregistration/v1beta1/admissionregistration_client.go
index 8fda84b1d..5a0a17d9b 100644
--- a/vendor/k8s.io/client-go/kubernetes/typed/admissionregistration/v1beta1/admissionregistration_client.go
+++ b/vendor/k8s.io/client-go/kubernetes/typed/admissionregistration/v1beta1/admissionregistration_client.go
@@ -29,6 +29,8 @@ import (
 type AdmissionregistrationV1beta1Interface interface {
 	RESTClient() rest.Interface
 	MutatingWebhookConfigurationsGetter
+	ValidatingAdmissionPoliciesGetter
+	ValidatingAdmissionPolicyBindingsGetter
 	ValidatingWebhookConfigurationsGetter
 }
 
@@ -41,6 +43,14 @@ func (c *AdmissionregistrationV1beta1Client) MutatingWebhookConfigurations() Mut
 	return newMutatingWebhookConfigurations(c)
 }
 
+func (c *AdmissionregistrationV1beta1Client) ValidatingAdmissionPolicies() ValidatingAdmissionPolicyInterface {
+	return newValidatingAdmissionPolicies(c)
+}
+
+func (c *AdmissionregistrationV1beta1Client) ValidatingAdmissionPolicyBindings() ValidatingAdmissionPolicyBindingInterface {
+	return newValidatingAdmissionPolicyBindings(c)
+}
+
 func (c *AdmissionregistrationV1beta1Client) ValidatingWebhookConfigurations() ValidatingWebhookConfigurationInterface {
 	return newValidatingWebhookConfigurations(c)
 }
diff --git a/vendor/k8s.io/client-go/kubernetes/typed/admissionregistration/v1beta1/generated_expansion.go b/vendor/k8s.io/client-go/kubernetes/typed/admissionregistration/v1beta1/generated_expansion.go
index 2aeb9c98a..56ad611f4 100644
--- a/vendor/k8s.io/client-go/kubernetes/typed/admissionregistration/v1beta1/generated_expansion.go
+++ b/vendor/k8s.io/client-go/kubernetes/typed/admissionregistration/v1beta1/generated_expansion.go
@@ -20,4 +20,8 @@ package v1beta1
 
 type MutatingWebhookConfigurationExpansion interface{}
 
+type ValidatingAdmissionPolicyExpansion interface{}
+
+type ValidatingAdmissionPolicyBindingExpansion interface{}
+
 type ValidatingWebhookConfigurationExpansion interface{}
diff --git a/vendor/k8s.io/client-go/kubernetes/typed/admissionregistration/v1beta1/validatingadmissionpolicy.go b/vendor/k8s.io/client-go/kubernetes/typed/admissionregistration/v1beta1/validatingadmissionpolicy.go
new file mode 100644
index 000000000..bea51b587
--- /dev/null
+++ b/vendor/k8s.io/client-go/kubernetes/typed/admissionregistration/v1beta1/validatingadmissionpolicy.go
@@ -0,0 +1,243 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by client-gen. DO NOT EDIT.
+
+package v1beta1
+
+import (
+	"context"
+	json "encoding/json"
+	"fmt"
+	"time"
+
+	v1beta1 "k8s.io/api/admissionregistration/v1beta1"
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	types "k8s.io/apimachinery/pkg/types"
+	watch "k8s.io/apimachinery/pkg/watch"
+	admissionregistrationv1beta1 "k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1"
+	scheme "k8s.io/client-go/kubernetes/scheme"
+	rest "k8s.io/client-go/rest"
+)
+
+// ValidatingAdmissionPoliciesGetter has a method to return a ValidatingAdmissionPolicyInterface.
+// A group's client should implement this interface.
+type ValidatingAdmissionPoliciesGetter interface {
+	ValidatingAdmissionPolicies() ValidatingAdmissionPolicyInterface
+}
+
+// ValidatingAdmissionPolicyInterface has methods to work with ValidatingAdmissionPolicy resources.
+type ValidatingAdmissionPolicyInterface interface {
+	Create(ctx context.Context, validatingAdmissionPolicy *v1beta1.ValidatingAdmissionPolicy, opts v1.CreateOptions) (*v1beta1.ValidatingAdmissionPolicy, error)
+	Update(ctx context.Context, validatingAdmissionPolicy *v1beta1.ValidatingAdmissionPolicy, opts v1.UpdateOptions) (*v1beta1.ValidatingAdmissionPolicy, error)
+	UpdateStatus(ctx context.Context, validatingAdmissionPolicy *v1beta1.ValidatingAdmissionPolicy, opts v1.UpdateOptions) (*v1beta1.ValidatingAdmissionPolicy, error)
+	Delete(ctx context.Context, name string, opts v1.DeleteOptions) error
+	DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error
+	Get(ctx context.Context, name string, opts v1.GetOptions) (*v1beta1.ValidatingAdmissionPolicy, error)
+	List(ctx context.Context, opts v1.ListOptions) (*v1beta1.ValidatingAdmissionPolicyList, error)
+	Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error)
+	Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1beta1.ValidatingAdmissionPolicy, err error)
+	Apply(ctx context.Context, validatingAdmissionPolicy *admissionregistrationv1beta1.ValidatingAdmissionPolicyApplyConfiguration, opts v1.ApplyOptions) (result *v1beta1.ValidatingAdmissionPolicy, err error)
+	ApplyStatus(ctx context.Context, validatingAdmissionPolicy *admissionregistrationv1beta1.ValidatingAdmissionPolicyApplyConfiguration, opts v1.ApplyOptions) (result *v1beta1.ValidatingAdmissionPolicy, err error)
+	ValidatingAdmissionPolicyExpansion
+}
+
+// validatingAdmissionPolicies implements ValidatingAdmissionPolicyInterface
+type validatingAdmissionPolicies struct {
+	client rest.Interface
+}
+
+// newValidatingAdmissionPolicies returns a ValidatingAdmissionPolicies
+func newValidatingAdmissionPolicies(c *AdmissionregistrationV1beta1Client) *validatingAdmissionPolicies {
+	return &validatingAdmissionPolicies{
+		client: c.RESTClient(),
+	}
+}
+
+// Get takes name of the validatingAdmissionPolicy, and returns the corresponding validatingAdmissionPolicy object, and an error if there is any.
+func (c *validatingAdmissionPolicies) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1beta1.ValidatingAdmissionPolicy, err error) {
+	result = &v1beta1.ValidatingAdmissionPolicy{}
+	err = c.client.Get().
+		Resource("validatingadmissionpolicies").
+		Name(name).
+		VersionedParams(&options, scheme.ParameterCodec).
+		Do(ctx).
+		Into(result)
+	return
+}
+
+// List takes label and field selectors, and returns the list of ValidatingAdmissionPolicies that match those selectors.
+func (c *validatingAdmissionPolicies) List(ctx context.Context, opts v1.ListOptions) (result *v1beta1.ValidatingAdmissionPolicyList, err error) {
+	var timeout time.Duration
+	if opts.TimeoutSeconds != nil {
+		timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
+	}
+	result = &v1beta1.ValidatingAdmissionPolicyList{}
+	err = c.client.Get().
+		Resource("validatingadmissionpolicies").
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Timeout(timeout).
+		Do(ctx).
+		Into(result)
+	return
+}
+
+// Watch returns a watch.Interface that watches the requested validatingAdmissionPolicies.
+func (c *validatingAdmissionPolicies) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) {
+	var timeout time.Duration
+	if opts.TimeoutSeconds != nil {
+		timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
+	}
+	opts.Watch = true
+	return c.client.Get().
+		Resource("validatingadmissionpolicies").
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Timeout(timeout).
+		Watch(ctx)
+}
+
+// Create takes the representation of a validatingAdmissionPolicy and creates it.  Returns the server's representation of the validatingAdmissionPolicy, and an error, if there is any.
+func (c *validatingAdmissionPolicies) Create(ctx context.Context, validatingAdmissionPolicy *v1beta1.ValidatingAdmissionPolicy, opts v1.CreateOptions) (result *v1beta1.ValidatingAdmissionPolicy, err error) {
+	result = &v1beta1.ValidatingAdmissionPolicy{}
+	err = c.client.Post().
+		Resource("validatingadmissionpolicies").
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Body(validatingAdmissionPolicy).
+		Do(ctx).
+		Into(result)
+	return
+}
+
+// Update takes the representation of a validatingAdmissionPolicy and updates it. Returns the server's representation of the validatingAdmissionPolicy, and an error, if there is any.
+func (c *validatingAdmissionPolicies) Update(ctx context.Context, validatingAdmissionPolicy *v1beta1.ValidatingAdmissionPolicy, opts v1.UpdateOptions) (result *v1beta1.ValidatingAdmissionPolicy, err error) {
+	result = &v1beta1.ValidatingAdmissionPolicy{}
+	err = c.client.Put().
+		Resource("validatingadmissionpolicies").
+		Name(validatingAdmissionPolicy.Name).
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Body(validatingAdmissionPolicy).
+		Do(ctx).
+		Into(result)
+	return
+}
+
+// UpdateStatus was generated because the type contains a Status member.
+// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
+func (c *validatingAdmissionPolicies) UpdateStatus(ctx context.Context, validatingAdmissionPolicy *v1beta1.ValidatingAdmissionPolicy, opts v1.UpdateOptions) (result *v1beta1.ValidatingAdmissionPolicy, err error) {
+	result = &v1beta1.ValidatingAdmissionPolicy{}
+	err = c.client.Put().
+		Resource("validatingadmissionpolicies").
+		Name(validatingAdmissionPolicy.Name).
+		SubResource("status").
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Body(validatingAdmissionPolicy).
+		Do(ctx).
+		Into(result)
+	return
+}
+
+// Delete takes name of the validatingAdmissionPolicy and deletes it. Returns an error if one occurs.
+func (c *validatingAdmissionPolicies) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
+	return c.client.Delete().
+		Resource("validatingadmissionpolicies").
+		Name(name).
+		Body(&opts).
+		Do(ctx).
+		Error()
+}
+
+// DeleteCollection deletes a collection of objects.
+func (c *validatingAdmissionPolicies) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error {
+	var timeout time.Duration
+	if listOpts.TimeoutSeconds != nil {
+		timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second
+	}
+	return c.client.Delete().
+		Resource("validatingadmissionpolicies").
+		VersionedParams(&listOpts, scheme.ParameterCodec).
+		Timeout(timeout).
+		Body(&opts).
+		Do(ctx).
+		Error()
+}
+
+// Patch applies the patch and returns the patched validatingAdmissionPolicy.
+func (c *validatingAdmissionPolicies) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1beta1.ValidatingAdmissionPolicy, err error) {
+	result = &v1beta1.ValidatingAdmissionPolicy{}
+	err = c.client.Patch(pt).
+		Resource("validatingadmissionpolicies").
+		Name(name).
+		SubResource(subresources...).
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Body(data).
+		Do(ctx).
+		Into(result)
+	return
+}
+
+// Apply takes the given apply declarative configuration, applies it and returns the applied validatingAdmissionPolicy.
+func (c *validatingAdmissionPolicies) Apply(ctx context.Context, validatingAdmissionPolicy *admissionregistrationv1beta1.ValidatingAdmissionPolicyApplyConfiguration, opts v1.ApplyOptions) (result *v1beta1.ValidatingAdmissionPolicy, err error) {
+	if validatingAdmissionPolicy == nil {
+		return nil, fmt.Errorf("validatingAdmissionPolicy provided to Apply must not be nil")
+	}
+	patchOpts := opts.ToPatchOptions()
+	data, err := json.Marshal(validatingAdmissionPolicy)
+	if err != nil {
+		return nil, err
+	}
+	name := validatingAdmissionPolicy.Name
+	if name == nil {
+		return nil, fmt.Errorf("validatingAdmissionPolicy.Name must be provided to Apply")
+	}
+	result = &v1beta1.ValidatingAdmissionPolicy{}
+	err = c.client.Patch(types.ApplyPatchType).
+		Resource("validatingadmissionpolicies").
+		Name(*name).
+		VersionedParams(&patchOpts, scheme.ParameterCodec).
+		Body(data).
+		Do(ctx).
+		Into(result)
+	return
+}
+
+// ApplyStatus was generated because the type contains a Status member.
+// Add a +genclient:noStatus comment above the type to avoid generating ApplyStatus().
+func (c *validatingAdmissionPolicies) ApplyStatus(ctx context.Context, validatingAdmissionPolicy *admissionregistrationv1beta1.ValidatingAdmissionPolicyApplyConfiguration, opts v1.ApplyOptions) (result *v1beta1.ValidatingAdmissionPolicy, err error) {
+	if validatingAdmissionPolicy == nil {
+		return nil, fmt.Errorf("validatingAdmissionPolicy provided to Apply must not be nil")
+	}
+	patchOpts := opts.ToPatchOptions()
+	data, err := json.Marshal(validatingAdmissionPolicy)
+	if err != nil {
+		return nil, err
+	}
+
+	name := validatingAdmissionPolicy.Name
+	if name == nil {
+		return nil, fmt.Errorf("validatingAdmissionPolicy.Name must be provided to Apply")
+	}
+
+	result = &v1beta1.ValidatingAdmissionPolicy{}
+	err = c.client.Patch(types.ApplyPatchType).
+		Resource("validatingadmissionpolicies").
+		Name(*name).
+		SubResource("status").
+		VersionedParams(&patchOpts, scheme.ParameterCodec).
+		Body(data).
+		Do(ctx).
+		Into(result)
+	return
+}
diff --git a/vendor/k8s.io/client-go/kubernetes/typed/admissionregistration/v1beta1/validatingadmissionpolicybinding.go b/vendor/k8s.io/client-go/kubernetes/typed/admissionregistration/v1beta1/validatingadmissionpolicybinding.go
new file mode 100644
index 000000000..bba37bb04
--- /dev/null
+++ b/vendor/k8s.io/client-go/kubernetes/typed/admissionregistration/v1beta1/validatingadmissionpolicybinding.go
@@ -0,0 +1,197 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by client-gen. DO NOT EDIT.
+
+package v1beta1
+
+import (
+	"context"
+	json "encoding/json"
+	"fmt"
+	"time"
+
+	v1beta1 "k8s.io/api/admissionregistration/v1beta1"
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	types "k8s.io/apimachinery/pkg/types"
+	watch "k8s.io/apimachinery/pkg/watch"
+	admissionregistrationv1beta1 "k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1"
+	scheme "k8s.io/client-go/kubernetes/scheme"
+	rest "k8s.io/client-go/rest"
+)
+
+// ValidatingAdmissionPolicyBindingsGetter has a method to return a ValidatingAdmissionPolicyBindingInterface.
+// A group's client should implement this interface.
+type ValidatingAdmissionPolicyBindingsGetter interface {
+	ValidatingAdmissionPolicyBindings() ValidatingAdmissionPolicyBindingInterface
+}
+
+// ValidatingAdmissionPolicyBindingInterface has methods to work with ValidatingAdmissionPolicyBinding resources.
+type ValidatingAdmissionPolicyBindingInterface interface {
+	Create(ctx context.Context, validatingAdmissionPolicyBinding *v1beta1.ValidatingAdmissionPolicyBinding, opts v1.CreateOptions) (*v1beta1.ValidatingAdmissionPolicyBinding, error)
+	Update(ctx context.Context, validatingAdmissionPolicyBinding *v1beta1.ValidatingAdmissionPolicyBinding, opts v1.UpdateOptions) (*v1beta1.ValidatingAdmissionPolicyBinding, error)
+	Delete(ctx context.Context, name string, opts v1.DeleteOptions) error
+	DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error
+	Get(ctx context.Context, name string, opts v1.GetOptions) (*v1beta1.ValidatingAdmissionPolicyBinding, error)
+	List(ctx context.Context, opts v1.ListOptions) (*v1beta1.ValidatingAdmissionPolicyBindingList, error)
+	Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error)
+	Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1beta1.ValidatingAdmissionPolicyBinding, err error)
+	Apply(ctx context.Context, validatingAdmissionPolicyBinding *admissionregistrationv1beta1.ValidatingAdmissionPolicyBindingApplyConfiguration, opts v1.ApplyOptions) (result *v1beta1.ValidatingAdmissionPolicyBinding, err error)
+	ValidatingAdmissionPolicyBindingExpansion
+}
+
+// validatingAdmissionPolicyBindings implements ValidatingAdmissionPolicyBindingInterface
+type validatingAdmissionPolicyBindings struct {
+	client rest.Interface
+}
+
+// newValidatingAdmissionPolicyBindings returns a ValidatingAdmissionPolicyBindings
+func newValidatingAdmissionPolicyBindings(c *AdmissionregistrationV1beta1Client) *validatingAdmissionPolicyBindings {
+	return &validatingAdmissionPolicyBindings{
+		client: c.RESTClient(),
+	}
+}
+
+// Get takes name of the validatingAdmissionPolicyBinding, and returns the corresponding validatingAdmissionPolicyBinding object, and an error if there is any.
+func (c *validatingAdmissionPolicyBindings) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1beta1.ValidatingAdmissionPolicyBinding, err error) {
+	result = &v1beta1.ValidatingAdmissionPolicyBinding{}
+	err = c.client.Get().
+		Resource("validatingadmissionpolicybindings").
+		Name(name).
+		VersionedParams(&options, scheme.ParameterCodec).
+		Do(ctx).
+		Into(result)
+	return
+}
+
+// List takes label and field selectors, and returns the list of ValidatingAdmissionPolicyBindings that match those selectors.
+func (c *validatingAdmissionPolicyBindings) List(ctx context.Context, opts v1.ListOptions) (result *v1beta1.ValidatingAdmissionPolicyBindingList, err error) {
+	var timeout time.Duration
+	if opts.TimeoutSeconds != nil {
+		timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
+	}
+	result = &v1beta1.ValidatingAdmissionPolicyBindingList{}
+	err = c.client.Get().
+		Resource("validatingadmissionpolicybindings").
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Timeout(timeout).
+		Do(ctx).
+		Into(result)
+	return
+}
+
+// Watch returns a watch.Interface that watches the requested validatingAdmissionPolicyBindings.
+func (c *validatingAdmissionPolicyBindings) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) {
+	var timeout time.Duration
+	if opts.TimeoutSeconds != nil {
+		timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
+	}
+	opts.Watch = true
+	return c.client.Get().
+		Resource("validatingadmissionpolicybindings").
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Timeout(timeout).
+		Watch(ctx)
+}
+
+// Create takes the representation of a validatingAdmissionPolicyBinding and creates it.  Returns the server's representation of the validatingAdmissionPolicyBinding, and an error, if there is any.
+func (c *validatingAdmissionPolicyBindings) Create(ctx context.Context, validatingAdmissionPolicyBinding *v1beta1.ValidatingAdmissionPolicyBinding, opts v1.CreateOptions) (result *v1beta1.ValidatingAdmissionPolicyBinding, err error) {
+	result = &v1beta1.ValidatingAdmissionPolicyBinding{}
+	err = c.client.Post().
+		Resource("validatingadmissionpolicybindings").
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Body(validatingAdmissionPolicyBinding).
+		Do(ctx).
+		Into(result)
+	return
+}
+
+// Update takes the representation of a validatingAdmissionPolicyBinding and updates it. Returns the server's representation of the validatingAdmissionPolicyBinding, and an error, if there is any.
+func (c *validatingAdmissionPolicyBindings) Update(ctx context.Context, validatingAdmissionPolicyBinding *v1beta1.ValidatingAdmissionPolicyBinding, opts v1.UpdateOptions) (result *v1beta1.ValidatingAdmissionPolicyBinding, err error) {
+	result = &v1beta1.ValidatingAdmissionPolicyBinding{}
+	err = c.client.Put().
+		Resource("validatingadmissionpolicybindings").
+		Name(validatingAdmissionPolicyBinding.Name).
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Body(validatingAdmissionPolicyBinding).
+		Do(ctx).
+		Into(result)
+	return
+}
+
+// Delete takes name of the validatingAdmissionPolicyBinding and deletes it. Returns an error if one occurs.
+func (c *validatingAdmissionPolicyBindings) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
+	return c.client.Delete().
+		Resource("validatingadmissionpolicybindings").
+		Name(name).
+		Body(&opts).
+		Do(ctx).
+		Error()
+}
+
+// DeleteCollection deletes a collection of objects.
+func (c *validatingAdmissionPolicyBindings) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error {
+	var timeout time.Duration
+	if listOpts.TimeoutSeconds != nil {
+		timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second
+	}
+	return c.client.Delete().
+		Resource("validatingadmissionpolicybindings").
+		VersionedParams(&listOpts, scheme.ParameterCodec).
+		Timeout(timeout).
+		Body(&opts).
+		Do(ctx).
+		Error()
+}
+
+// Patch applies the patch and returns the patched validatingAdmissionPolicyBinding.
+func (c *validatingAdmissionPolicyBindings) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1beta1.ValidatingAdmissionPolicyBinding, err error) {
+	result = &v1beta1.ValidatingAdmissionPolicyBinding{}
+	err = c.client.Patch(pt).
+		Resource("validatingadmissionpolicybindings").
+		Name(name).
+		SubResource(subresources...).
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Body(data).
+		Do(ctx).
+		Into(result)
+	return
+}
+
+// Apply takes the given apply declarative configuration, applies it and returns the applied validatingAdmissionPolicyBinding.
+func (c *validatingAdmissionPolicyBindings) Apply(ctx context.Context, validatingAdmissionPolicyBinding *admissionregistrationv1beta1.ValidatingAdmissionPolicyBindingApplyConfiguration, opts v1.ApplyOptions) (result *v1beta1.ValidatingAdmissionPolicyBinding, err error) {
+	if validatingAdmissionPolicyBinding == nil {
+		return nil, fmt.Errorf("validatingAdmissionPolicyBinding provided to Apply must not be nil")
+	}
+	patchOpts := opts.ToPatchOptions()
+	data, err := json.Marshal(validatingAdmissionPolicyBinding)
+	if err != nil {
+		return nil, err
+	}
+	name := validatingAdmissionPolicyBinding.Name
+	if name == nil {
+		return nil, fmt.Errorf("validatingAdmissionPolicyBinding.Name must be provided to Apply")
+	}
+	result = &v1beta1.ValidatingAdmissionPolicyBinding{}
+	err = c.client.Patch(types.ApplyPatchType).
+		Resource("validatingadmissionpolicybindings").
+		Name(*name).
+		VersionedParams(&patchOpts, scheme.ParameterCodec).
+		Body(data).
+		Do(ctx).
+		Into(result)
+	return
+}
diff --git a/vendor/k8s.io/client-go/kubernetes/typed/authentication/v1/authentication_client.go b/vendor/k8s.io/client-go/kubernetes/typed/authentication/v1/authentication_client.go
index aea9d0e13..81be8b2e0 100644
--- a/vendor/k8s.io/client-go/kubernetes/typed/authentication/v1/authentication_client.go
+++ b/vendor/k8s.io/client-go/kubernetes/typed/authentication/v1/authentication_client.go
@@ -28,6 +28,7 @@ import (
 
 type AuthenticationV1Interface interface {
 	RESTClient() rest.Interface
+	SelfSubjectReviewsGetter
 	TokenReviewsGetter
 }
 
@@ -36,6 +37,10 @@ type AuthenticationV1Client struct {
 	restClient rest.Interface
 }
 
+func (c *AuthenticationV1Client) SelfSubjectReviews() SelfSubjectReviewInterface {
+	return newSelfSubjectReviews(c)
+}
+
 func (c *AuthenticationV1Client) TokenReviews() TokenReviewInterface {
 	return newTokenReviews(c)
 }
diff --git a/vendor/k8s.io/client-go/kubernetes/typed/authentication/v1/generated_expansion.go b/vendor/k8s.io/client-go/kubernetes/typed/authentication/v1/generated_expansion.go
index 0413fb2b6..35f2c22b4 100644
--- a/vendor/k8s.io/client-go/kubernetes/typed/authentication/v1/generated_expansion.go
+++ b/vendor/k8s.io/client-go/kubernetes/typed/authentication/v1/generated_expansion.go
@@ -18,4 +18,6 @@ limitations under the License.
 
 package v1
 
+type SelfSubjectReviewExpansion interface{}
+
 type TokenReviewExpansion interface{}
diff --git a/vendor/k8s.io/client-go/kubernetes/typed/authentication/v1/selfsubjectreview.go b/vendor/k8s.io/client-go/kubernetes/typed/authentication/v1/selfsubjectreview.go
new file mode 100644
index 000000000..bfb9603d6
--- /dev/null
+++ b/vendor/k8s.io/client-go/kubernetes/typed/authentication/v1/selfsubjectreview.go
@@ -0,0 +1,64 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by client-gen. DO NOT EDIT.
+
+package v1
+
+import (
+	"context"
+
+	v1 "k8s.io/api/authentication/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	scheme "k8s.io/client-go/kubernetes/scheme"
+	rest "k8s.io/client-go/rest"
+)
+
+// SelfSubjectReviewsGetter has a method to return a SelfSubjectReviewInterface.
+// A group's client should implement this interface.
+type SelfSubjectReviewsGetter interface {
+	SelfSubjectReviews() SelfSubjectReviewInterface
+}
+
+// SelfSubjectReviewInterface has methods to work with SelfSubjectReview resources.
+type SelfSubjectReviewInterface interface {
+	Create(ctx context.Context, selfSubjectReview *v1.SelfSubjectReview, opts metav1.CreateOptions) (*v1.SelfSubjectReview, error)
+	SelfSubjectReviewExpansion
+}
+
+// selfSubjectReviews implements SelfSubjectReviewInterface
+type selfSubjectReviews struct {
+	client rest.Interface
+}
+
+// newSelfSubjectReviews returns a SelfSubjectReviews
+func newSelfSubjectReviews(c *AuthenticationV1Client) *selfSubjectReviews {
+	return &selfSubjectReviews{
+		client: c.RESTClient(),
+	}
+}
+
+// Create takes the representation of a selfSubjectReview and creates it.  Returns the server's representation of the selfSubjectReview, and an error, if there is any.
+func (c *selfSubjectReviews) Create(ctx context.Context, selfSubjectReview *v1.SelfSubjectReview, opts metav1.CreateOptions) (result *v1.SelfSubjectReview, err error) {
+	result = &v1.SelfSubjectReview{}
+	err = c.client.Post().
+		Resource("selfsubjectreviews").
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Body(selfSubjectReview).
+		Do(ctx).
+		Into(result)
+	return
+}
diff --git a/vendor/k8s.io/client-go/kubernetes/typed/extensions/v1beta1/networkpolicy.go b/vendor/k8s.io/client-go/kubernetes/typed/extensions/v1beta1/networkpolicy.go
index f24099b90..978b26db0 100644
--- a/vendor/k8s.io/client-go/kubernetes/typed/extensions/v1beta1/networkpolicy.go
+++ b/vendor/k8s.io/client-go/kubernetes/typed/extensions/v1beta1/networkpolicy.go
@@ -43,7 +43,6 @@ type NetworkPoliciesGetter interface {
 type NetworkPolicyInterface interface {
 	Create(ctx context.Context, networkPolicy *v1beta1.NetworkPolicy, opts v1.CreateOptions) (*v1beta1.NetworkPolicy, error)
 	Update(ctx context.Context, networkPolicy *v1beta1.NetworkPolicy, opts v1.UpdateOptions) (*v1beta1.NetworkPolicy, error)
-	UpdateStatus(ctx context.Context, networkPolicy *v1beta1.NetworkPolicy, opts v1.UpdateOptions) (*v1beta1.NetworkPolicy, error)
 	Delete(ctx context.Context, name string, opts v1.DeleteOptions) error
 	DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error
 	Get(ctx context.Context, name string, opts v1.GetOptions) (*v1beta1.NetworkPolicy, error)
@@ -51,7 +50,6 @@ type NetworkPolicyInterface interface {
 	Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error)
 	Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1beta1.NetworkPolicy, err error)
 	Apply(ctx context.Context, networkPolicy *extensionsv1beta1.NetworkPolicyApplyConfiguration, opts v1.ApplyOptions) (result *v1beta1.NetworkPolicy, err error)
-	ApplyStatus(ctx context.Context, networkPolicy *extensionsv1beta1.NetworkPolicyApplyConfiguration, opts v1.ApplyOptions) (result *v1beta1.NetworkPolicy, err error)
 	NetworkPolicyExpansion
 }
 
@@ -141,22 +139,6 @@ func (c *networkPolicies) Update(ctx context.Context, networkPolicy *v1beta1.Net
 	return
 }
 
-// UpdateStatus was generated because the type contains a Status member.
-// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
-func (c *networkPolicies) UpdateStatus(ctx context.Context, networkPolicy *v1beta1.NetworkPolicy, opts v1.UpdateOptions) (result *v1beta1.NetworkPolicy, err error) {
-	result = &v1beta1.NetworkPolicy{}
-	err = c.client.Put().
-		Namespace(c.ns).
-		Resource("networkpolicies").
-		Name(networkPolicy.Name).
-		SubResource("status").
-		VersionedParams(&opts, scheme.ParameterCodec).
-		Body(networkPolicy).
-		Do(ctx).
-		Into(result)
-	return
-}
-
 // Delete takes name of the networkPolicy and deletes it. Returns an error if one occurs.
 func (c *networkPolicies) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
 	return c.client.Delete().
@@ -224,33 +206,3 @@ func (c *networkPolicies) Apply(ctx context.Context, networkPolicy *extensionsv1
 		Into(result)
 	return
 }
-
-// ApplyStatus was generated because the type contains a Status member.
-// Add a +genclient:noStatus comment above the type to avoid generating ApplyStatus().
-func (c *networkPolicies) ApplyStatus(ctx context.Context, networkPolicy *extensionsv1beta1.NetworkPolicyApplyConfiguration, opts v1.ApplyOptions) (result *v1beta1.NetworkPolicy, err error) {
-	if networkPolicy == nil {
-		return nil, fmt.Errorf("networkPolicy provided to Apply must not be nil")
-	}
-	patchOpts := opts.ToPatchOptions()
-	data, err := json.Marshal(networkPolicy)
-	if err != nil {
-		return nil, err
-	}
-
-	name := networkPolicy.Name
-	if name == nil {
-		return nil, fmt.Errorf("networkPolicy.Name must be provided to Apply")
-	}
-
-	result = &v1beta1.NetworkPolicy{}
-	err = c.client.Patch(types.ApplyPatchType).
-		Namespace(c.ns).
-		Resource("networkpolicies").
-		Name(*name).
-		SubResource("status").
-		VersionedParams(&patchOpts, scheme.ParameterCodec).
-		Body(data).
-		Do(ctx).
-		Into(result)
-	return
-}
diff --git a/vendor/k8s.io/client-go/kubernetes/typed/networking/v1/networkpolicy.go b/vendor/k8s.io/client-go/kubernetes/typed/networking/v1/networkpolicy.go
index 97afd6278..d7454ce14 100644
--- a/vendor/k8s.io/client-go/kubernetes/typed/networking/v1/networkpolicy.go
+++ b/vendor/k8s.io/client-go/kubernetes/typed/networking/v1/networkpolicy.go
@@ -43,7 +43,6 @@ type NetworkPoliciesGetter interface {
 type NetworkPolicyInterface interface {
 	Create(ctx context.Context, networkPolicy *v1.NetworkPolicy, opts metav1.CreateOptions) (*v1.NetworkPolicy, error)
 	Update(ctx context.Context, networkPolicy *v1.NetworkPolicy, opts metav1.UpdateOptions) (*v1.NetworkPolicy, error)
-	UpdateStatus(ctx context.Context, networkPolicy *v1.NetworkPolicy, opts metav1.UpdateOptions) (*v1.NetworkPolicy, error)
 	Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error
 	DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error
 	Get(ctx context.Context, name string, opts metav1.GetOptions) (*v1.NetworkPolicy, error)
@@ -51,7 +50,6 @@ type NetworkPolicyInterface interface {
 	Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error)
 	Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.NetworkPolicy, err error)
 	Apply(ctx context.Context, networkPolicy *networkingv1.NetworkPolicyApplyConfiguration, opts metav1.ApplyOptions) (result *v1.NetworkPolicy, err error)
-	ApplyStatus(ctx context.Context, networkPolicy *networkingv1.NetworkPolicyApplyConfiguration, opts metav1.ApplyOptions) (result *v1.NetworkPolicy, err error)
 	NetworkPolicyExpansion
 }
 
@@ -141,22 +139,6 @@ func (c *networkPolicies) Update(ctx context.Context, networkPolicy *v1.NetworkP
 	return
 }
 
-// UpdateStatus was generated because the type contains a Status member.
-// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
-func (c *networkPolicies) UpdateStatus(ctx context.Context, networkPolicy *v1.NetworkPolicy, opts metav1.UpdateOptions) (result *v1.NetworkPolicy, err error) {
-	result = &v1.NetworkPolicy{}
-	err = c.client.Put().
-		Namespace(c.ns).
-		Resource("networkpolicies").
-		Name(networkPolicy.Name).
-		SubResource("status").
-		VersionedParams(&opts, scheme.ParameterCodec).
-		Body(networkPolicy).
-		Do(ctx).
-		Into(result)
-	return
-}
-
 // Delete takes name of the networkPolicy and deletes it. Returns an error if one occurs.
 func (c *networkPolicies) Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error {
 	return c.client.Delete().
@@ -224,33 +206,3 @@ func (c *networkPolicies) Apply(ctx context.Context, networkPolicy *networkingv1
 		Into(result)
 	return
 }
-
-// ApplyStatus was generated because the type contains a Status member.
-// Add a +genclient:noStatus comment above the type to avoid generating ApplyStatus().
-func (c *networkPolicies) ApplyStatus(ctx context.Context, networkPolicy *networkingv1.NetworkPolicyApplyConfiguration, opts metav1.ApplyOptions) (result *v1.NetworkPolicy, err error) {
-	if networkPolicy == nil {
-		return nil, fmt.Errorf("networkPolicy provided to Apply must not be nil")
-	}
-	patchOpts := opts.ToPatchOptions()
-	data, err := json.Marshal(networkPolicy)
-	if err != nil {
-		return nil, err
-	}
-
-	name := networkPolicy.Name
-	if name == nil {
-		return nil, fmt.Errorf("networkPolicy.Name must be provided to Apply")
-	}
-
-	result = &v1.NetworkPolicy{}
-	err = c.client.Patch(types.ApplyPatchType).
-		Namespace(c.ns).
-		Resource("networkpolicies").
-		Name(*name).
-		SubResource("status").
-		VersionedParams(&patchOpts, scheme.ParameterCodec).
-		Body(data).
-		Do(ctx).
-		Into(result)
-	return
-}
diff --git a/vendor/k8s.io/client-go/openapi/typeconverter.go b/vendor/k8s.io/client-go/openapi/typeconverter.go
new file mode 100644
index 000000000..4b91e66d4
--- /dev/null
+++ b/vendor/k8s.io/client-go/openapi/typeconverter.go
@@ -0,0 +1,48 @@
+/*
+Copyright 2023 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package openapi
+
+import (
+	"encoding/json"
+	"fmt"
+
+	"k8s.io/apimachinery/pkg/util/managedfields"
+	"k8s.io/kube-openapi/pkg/spec3"
+	"k8s.io/kube-openapi/pkg/validation/spec"
+)
+
+func NewTypeConverter(client Client, preserveUnknownFields bool) (managedfields.TypeConverter, error) {
+	spec := map[string]*spec.Schema{}
+	paths, err := client.Paths()
+	if err != nil {
+		return nil, fmt.Errorf("failed to list paths: %w", err)
+	}
+	for _, gv := range paths {
+		s, err := gv.Schema("application/json")
+		if err != nil {
+			return nil, fmt.Errorf("failed to download schema: %w", err)
+		}
+		var openapi spec3.OpenAPI
+		if err := json.Unmarshal(s, &openapi); err != nil {
+			return nil, fmt.Errorf("failed to parse schema: %w", err)
+		}
+		for k, v := range openapi.Components.Schemas {
+			spec[k] = v
+		}
+	}
+	return managedfields.NewTypeConverter(spec, preserveUnknownFields)
+}
diff --git a/vendor/k8s.io/client-go/plugin/pkg/client/auth/exec/exec.go b/vendor/k8s.io/client-go/plugin/pkg/client/auth/exec/exec.go
index 5331b237a..b471f5cc6 100644
--- a/vendor/k8s.io/client-go/plugin/pkg/client/auth/exec/exec.go
+++ b/vendor/k8s.io/client-go/plugin/pkg/client/auth/exec/exec.go
@@ -32,12 +32,12 @@ import (
 	"sync"
 	"time"
 
-	"github.com/davecgh/go-spew/spew"
 	"golang.org/x/term"
 
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"k8s.io/apimachinery/pkg/runtime/serializer"
+	"k8s.io/apimachinery/pkg/util/dump"
 	utilnet "k8s.io/apimachinery/pkg/util/net"
 	"k8s.io/client-go/pkg/apis/clientauthentication"
 	"k8s.io/client-go/pkg/apis/clientauthentication/install"
@@ -81,8 +81,6 @@ func newCache() *cache {
 	return &cache{m: make(map[string]*Authenticator)}
 }
 
-var spewConfig = &spew.ConfigState{DisableMethods: true, Indent: " "}
-
 func cacheKey(conf *api.ExecConfig, cluster *clientauthentication.Cluster) string {
 	key := struct {
 		conf    *api.ExecConfig
@@ -91,7 +89,7 @@ func cacheKey(conf *api.ExecConfig, cluster *clientauthentication.Cluster) strin
 		conf:    conf,
 		cluster: cluster,
 	}
-	return spewConfig.Sprint(key)
+	return dump.Pretty(key)
 }
 
 type cache struct {
diff --git a/vendor/k8s.io/client-go/rest/config.go b/vendor/k8s.io/client-go/rest/config.go
index 81e3cbd68..f8ff7e928 100644
--- a/vendor/k8s.io/client-go/rest/config.go
+++ b/vendor/k8s.io/client-go/rest/config.go
@@ -316,7 +316,7 @@ func RESTClientFor(config *Config) (*RESTClient, error) {
 
 	// Validate config.Host before constructing the transport/client so we can fail fast.
 	// ServerURL will be obtained later in RESTClientForConfigAndClient()
-	_, _, err := defaultServerUrlFor(config)
+	_, _, err := DefaultServerUrlFor(config)
 	if err != nil {
 		return nil, err
 	}
@@ -343,7 +343,7 @@ func RESTClientForConfigAndClient(config *Config, httpClient *http.Client) (*RES
 		return nil, fmt.Errorf("NegotiatedSerializer is required when initializing a RESTClient")
 	}
 
-	baseURL, versionedAPIPath, err := defaultServerUrlFor(config)
+	baseURL, versionedAPIPath, err := DefaultServerUrlFor(config)
 	if err != nil {
 		return nil, err
 	}
@@ -390,7 +390,7 @@ func UnversionedRESTClientFor(config *Config) (*RESTClient, error) {
 
 	// Validate config.Host before constructing the transport/client so we can fail fast.
 	// ServerURL will be obtained later in UnversionedRESTClientForConfigAndClient()
-	_, _, err := defaultServerUrlFor(config)
+	_, _, err := DefaultServerUrlFor(config)
 	if err != nil {
 		return nil, err
 	}
@@ -410,7 +410,7 @@ func UnversionedRESTClientForConfigAndClient(config *Config, httpClient *http.Cl
 		return nil, fmt.Errorf("NegotiatedSerializer is required when initializing a RESTClient")
 	}
 
-	baseURL, versionedAPIPath, err := defaultServerUrlFor(config)
+	baseURL, versionedAPIPath, err := DefaultServerUrlFor(config)
 	if err != nil {
 		return nil, err
 	}
@@ -548,7 +548,7 @@ func InClusterConfig() (*Config, error) {
 // Note: the Insecure flag is ignored when testing for this value, so MITM attacks are
 // still possible.
 func IsConfigTransportTLS(config Config) bool {
-	baseURL, _, err := defaultServerUrlFor(&config)
+	baseURL, _, err := DefaultServerUrlFor(&config)
 	if err != nil {
 		return false
 	}
diff --git a/vendor/k8s.io/client-go/rest/request.go b/vendor/k8s.io/client-go/rest/request.go
index bb6fb4dec..850e57dae 100644
--- a/vendor/k8s.io/client-go/rest/request.go
+++ b/vendor/k8s.io/client-go/rest/request.go
@@ -24,6 +24,7 @@ import (
 	"io"
 	"mime"
 	"net/http"
+	"net/http/httptrace"
 	"net/url"
 	"os"
 	"path"
@@ -925,15 +926,38 @@ func (r *Request) newHTTPRequest(ctx context.Context) (*http.Request, error) {
 	}
 
 	url := r.URL().String()
-	req, err := http.NewRequest(r.verb, url, body)
+	req, err := http.NewRequestWithContext(httptrace.WithClientTrace(ctx, newDNSMetricsTrace(ctx)), r.verb, url, body)
 	if err != nil {
 		return nil, err
 	}
-	req = req.WithContext(ctx)
 	req.Header = r.headers
 	return req, nil
 }
 
+// newDNSMetricsTrace returns an HTTP trace that tracks time spent on DNS lookups per host.
+// This metric is available in client as "rest_client_dns_resolution_duration_seconds".
+func newDNSMetricsTrace(ctx context.Context) *httptrace.ClientTrace {
+	type dnsMetric struct {
+		start time.Time
+		host  string
+		sync.Mutex
+	}
+	dns := &dnsMetric{}
+	return &httptrace.ClientTrace{
+		DNSStart: func(info httptrace.DNSStartInfo) {
+			dns.Lock()
+			defer dns.Unlock()
+			dns.start = time.Now()
+			dns.host = info.Host
+		},
+		DNSDone: func(info httptrace.DNSDoneInfo) {
+			dns.Lock()
+			defer dns.Unlock()
+			metrics.ResolverLatency.Observe(ctx, dns.host, time.Since(dns.start))
+		},
+	}
+}
+
 // request connects to the server and invokes the provided function when a server response is
 // received. It handles retry behavior and up front validation of requests. It will invoke
 // fn at most once. It will return an error if a problem occurred prior to connecting to the
diff --git a/vendor/k8s.io/client-go/rest/url_utils.go b/vendor/k8s.io/client-go/rest/url_utils.go
index a56d1838d..c4ce6e3b8 100644
--- a/vendor/k8s.io/client-go/rest/url_utils.go
+++ b/vendor/k8s.io/client-go/rest/url_utils.go
@@ -77,9 +77,9 @@ func DefaultVersionedAPIPath(apiPath string, groupVersion schema.GroupVersion) s
 	return versionedAPIPath
 }
 
-// defaultServerUrlFor is shared between IsConfigTransportTLS and RESTClientFor. It
+// DefaultServerUrlFor is shared between IsConfigTransportTLS and RESTClientFor. It
 // requires Host and Version to be set prior to being called.
-func defaultServerUrlFor(config *Config) (*url.URL, string, error) {
+func DefaultServerUrlFor(config *Config) (*url.URL, string, error) {
 	// TODO: move the default to secure when the apiserver supports TLS by default
 	// config.Insecure is taken to mean "I want HTTPS but don't bother checking the certs against a CA."
 	hasCA := len(config.CAFile) != 0 || len(config.CAData) != 0
diff --git a/vendor/k8s.io/client-go/tools/cache/OWNERS b/vendor/k8s.io/client-go/tools/cache/OWNERS
index 726205b3d..921ac2fa0 100644
--- a/vendor/k8s.io/client-go/tools/cache/OWNERS
+++ b/vendor/k8s.io/client-go/tools/cache/OWNERS
@@ -2,7 +2,6 @@
 
 approvers:
   - thockin
-  - lavalamp
   - smarterclayton
   - wojtek-t
   - deads2k
@@ -11,7 +10,6 @@ approvers:
   - ncdc
 reviewers:
   - thockin
-  - lavalamp
   - smarterclayton
   - wojtek-t
   - deads2k
@@ -26,3 +24,5 @@ reviewers:
   - dims
   - ingvagabund
   - ncdc
+emeritus_approvers:
+  - lavalamp
diff --git a/vendor/k8s.io/client-go/tools/cache/controller.go b/vendor/k8s.io/client-go/tools/cache/controller.go
index f437f2861..8a1104bde 100644
--- a/vendor/k8s.io/client-go/tools/cache/controller.go
+++ b/vendor/k8s.io/client-go/tools/cache/controller.go
@@ -18,7 +18,6 @@ package cache
 
 import (
 	"errors"
-	"os"
 	"sync"
 	"time"
 
@@ -148,9 +147,6 @@ func (c *controller) Run(stopCh <-chan struct{}) {
 	if c.config.WatchErrorHandler != nil {
 		r.watchErrorHandler = c.config.WatchErrorHandler
 	}
-	if s := os.Getenv("ENABLE_CLIENT_GO_WATCH_LIST_ALPHA"); len(s) > 0 {
-		r.UseWatchList = true
-	}
 
 	c.reflectorMutex.Lock()
 	c.reflector = r
diff --git a/vendor/k8s.io/client-go/tools/cache/object-names.go b/vendor/k8s.io/client-go/tools/cache/object-names.go
new file mode 100644
index 000000000..aa8dbb199
--- /dev/null
+++ b/vendor/k8s.io/client-go/tools/cache/object-names.go
@@ -0,0 +1,65 @@
+/*
+Copyright 2023 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package cache
+
+import (
+	"k8s.io/apimachinery/pkg/types"
+)
+
+// ObjectName is a reference to an object of some implicit kind
+type ObjectName struct {
+	Namespace string
+	Name      string
+}
+
+// NewObjectName constructs a new one
+func NewObjectName(namespace, name string) ObjectName {
+	return ObjectName{Namespace: namespace, Name: name}
+}
+
+// Parts is the inverse of the constructor
+func (objName ObjectName) Parts() (namespace, name string) {
+	return objName.Namespace, objName.Name
+}
+
+// String returns the standard string encoding,
+// which is designed to match the historical behavior of MetaNamespaceKeyFunc.
+// Note this behavior is different from the String method of types.NamespacedName.
+func (objName ObjectName) String() string {
+	if len(objName.Namespace) > 0 {
+		return objName.Namespace + "/" + objName.Name
+	}
+	return objName.Name
+}
+
+// ParseObjectName tries to parse the standard encoding
+func ParseObjectName(str string) (ObjectName, error) {
+	var objName ObjectName
+	var err error
+	objName.Namespace, objName.Name, err = SplitMetaNamespaceKey(str)
+	return objName, err
+}
+
+// NamespacedNameAsObjectName rebrands the given NamespacedName as an ObjectName
+func NamespacedNameAsObjectName(nn types.NamespacedName) ObjectName {
+	return NewObjectName(nn.Namespace, nn.Name)
+}
+
+// AsNamespacedName rebrands as a NamespacedName
+func (objName ObjectName) AsNamespacedName() types.NamespacedName {
+	return types.NamespacedName{Namespace: objName.Namespace, Name: objName.Name}
+}
diff --git a/vendor/k8s.io/client-go/tools/cache/reflector.go b/vendor/k8s.io/client-go/tools/cache/reflector.go
index 2b335c104..45eaff528 100644
--- a/vendor/k8s.io/client-go/tools/cache/reflector.go
+++ b/vendor/k8s.io/client-go/tools/cache/reflector.go
@@ -22,6 +22,7 @@ import (
 	"fmt"
 	"io"
 	"math/rand"
+	"os"
 	"reflect"
 	"strings"
 	"sync"
@@ -69,9 +70,7 @@ type Reflector struct {
 	listerWatcher ListerWatcher
 	// backoff manages backoff of ListWatch
 	backoffManager wait.BackoffManager
-	// initConnBackoffManager manages backoff the initial connection with the Watch call of ListAndWatch.
-	initConnBackoffManager wait.BackoffManager
-	resyncPeriod           time.Duration
+	resyncPeriod   time.Duration
 	// clock allows tests to manipulate time
 	clock clock.Clock
 	// paginatedResult defines whether pagination should be forced for list calls.
@@ -220,11 +219,10 @@ func NewReflectorWithOptions(lw ListerWatcher, expectedType interface{}, store S
 		// We used to make the call every 1sec (1 QPS), the goal here is to achieve ~98% traffic reduction when
 		// API server is not healthy. With these parameters, backoff will stop at [30,60) sec interval which is
 		// 0.22 QPS. If we don't backoff for 2min, assume API server is healthy and we reset the backoff.
-		backoffManager:         wait.NewExponentialBackoffManager(800*time.Millisecond, 30*time.Second, 2*time.Minute, 2.0, 1.0, reflectorClock),
-		initConnBackoffManager: wait.NewExponentialBackoffManager(800*time.Millisecond, 30*time.Second, 2*time.Minute, 2.0, 1.0, reflectorClock),
-		clock:                  reflectorClock,
-		watchErrorHandler:      WatchErrorHandler(DefaultWatchErrorHandler),
-		expectedType:           reflect.TypeOf(expectedType),
+		backoffManager:    wait.NewExponentialBackoffManager(800*time.Millisecond, 30*time.Second, 2*time.Minute, 2.0, 1.0, reflectorClock),
+		clock:             reflectorClock,
+		watchErrorHandler: WatchErrorHandler(DefaultWatchErrorHandler),
+		expectedType:      reflect.TypeOf(expectedType),
 	}
 
 	if r.name == "" {
@@ -239,6 +237,10 @@ func NewReflectorWithOptions(lw ListerWatcher, expectedType interface{}, store S
 		r.expectedGVK = getExpectedGVKFromObject(expectedType)
 	}
 
+	if s := os.Getenv("ENABLE_CLIENT_GO_WATCH_LIST_ALPHA"); len(s) > 0 {
+		r.UseWatchList = true
+	}
+
 	return r
 }
 
@@ -420,7 +422,7 @@ func (r *Reflector) watch(w watch.Interface, stopCh <-chan struct{}, resyncerrc
 					select {
 					case <-stopCh:
 						return nil
-					case <-r.initConnBackoffManager.Backoff().C():
+					case <-r.backoffManager.Backoff().C():
 						continue
 					}
 				}
@@ -446,7 +448,7 @@ func (r *Reflector) watch(w watch.Interface, stopCh <-chan struct{}, resyncerrc
 					select {
 					case <-stopCh:
 						return nil
-					case <-r.initConnBackoffManager.Backoff().C():
+					case <-r.backoffManager.Backoff().C():
 						continue
 					}
 				case apierrors.IsInternalError(err) && retry.ShouldRetry():
@@ -508,7 +510,7 @@ func (r *Reflector) list(stopCh <-chan struct{}) error {
 			pager.PageSize = 0
 		}
 
-		list, paginatedResult, err = pager.List(context.Background(), options)
+		list, paginatedResult, err = pager.ListWithAlloc(context.Background(), options)
 		if isExpiredError(err) || isTooLargeResourceVersionError(err) {
 			r.setIsLastSyncResourceVersionUnavailable(true)
 			// Retry immediately if the resource version used to list is unavailable.
@@ -517,7 +519,7 @@ func (r *Reflector) list(stopCh <-chan struct{}) error {
 			// resource version it is listing at is expired or the cache may not yet be synced to the provided
 			// resource version. So we need to fallback to resourceVersion="" in all to recover and ensure
 			// the reflector makes forward progress.
-			list, paginatedResult, err = pager.List(context.Background(), metav1.ListOptions{ResourceVersion: r.relistResourceVersion()})
+			list, paginatedResult, err = pager.ListWithAlloc(context.Background(), metav1.ListOptions{ResourceVersion: r.relistResourceVersion()})
 		}
 		close(listCh)
 	}()
@@ -555,7 +557,7 @@ func (r *Reflector) list(stopCh <-chan struct{}) error {
 	}
 	resourceVersion = listMetaInterface.GetResourceVersion()
 	initTrace.Step("Resource version extracted")
-	items, err := meta.ExtractList(list)
+	items, err := meta.ExtractListWithAlloc(list)
 	if err != nil {
 		return fmt.Errorf("unable to understand list result %#v (%v)", list, err)
 	}
@@ -599,7 +601,7 @@ func (r *Reflector) watchList(stopCh <-chan struct{}) (watch.Interface, error) {
 	isErrorRetriableWithSideEffectsFn := func(err error) bool {
 		if canRetry := isWatchErrorRetriable(err); canRetry {
 			klog.V(2).Infof("%s: watch-list of %v returned %v - backing off", r.name, r.typeDescription, err)
-			<-r.initConnBackoffManager.Backoff().C()
+			<-r.backoffManager.Backoff().C()
 			return true
 		}
 		if isExpiredError(err) || isTooLargeResourceVersionError(err) {
diff --git a/vendor/k8s.io/client-go/tools/cache/shared_informer.go b/vendor/k8s.io/client-go/tools/cache/shared_informer.go
index a889fdbc3..be8694ddb 100644
--- a/vendor/k8s.io/client-go/tools/cache/shared_informer.go
+++ b/vendor/k8s.io/client-go/tools/cache/shared_informer.go
@@ -459,29 +459,30 @@ func (s *sharedIndexInformer) Run(stopCh <-chan struct{}) {
 		klog.Warningf("The sharedIndexInformer has started, run more than once is not allowed")
 		return
 	}
-	fifo := NewDeltaFIFOWithOptions(DeltaFIFOOptions{
-		KnownObjects:          s.indexer,
-		EmitDeltaTypeReplaced: true,
-		Transformer:           s.transform,
-	})
-
-	cfg := &Config{
-		Queue:             fifo,
-		ListerWatcher:     s.listerWatcher,
-		ObjectType:        s.objectType,
-		ObjectDescription: s.objectDescription,
-		FullResyncPeriod:  s.resyncCheckPeriod,
-		RetryOnError:      false,
-		ShouldResync:      s.processor.shouldResync,
-
-		Process:           s.HandleDeltas,
-		WatchErrorHandler: s.watchErrorHandler,
-	}
 
 	func() {
 		s.startedLock.Lock()
 		defer s.startedLock.Unlock()
 
+		fifo := NewDeltaFIFOWithOptions(DeltaFIFOOptions{
+			KnownObjects:          s.indexer,
+			EmitDeltaTypeReplaced: true,
+			Transformer:           s.transform,
+		})
+
+		cfg := &Config{
+			Queue:             fifo,
+			ListerWatcher:     s.listerWatcher,
+			ObjectType:        s.objectType,
+			ObjectDescription: s.objectDescription,
+			FullResyncPeriod:  s.resyncCheckPeriod,
+			RetryOnError:      false,
+			ShouldResync:      s.processor.shouldResync,
+
+			Process:           s.HandleDeltas,
+			WatchErrorHandler: s.watchErrorHandler,
+		}
+
 		s.controller = New(cfg)
 		s.controller.(*controller).clock = s.clock
 		s.started = true
diff --git a/vendor/k8s.io/client-go/tools/cache/store.go b/vendor/k8s.io/client-go/tools/cache/store.go
index 5308ea748..5cc3f42ec 100644
--- a/vendor/k8s.io/client-go/tools/cache/store.go
+++ b/vendor/k8s.io/client-go/tools/cache/store.go
@@ -21,6 +21,7 @@ import (
 	"strings"
 
 	"k8s.io/apimachinery/pkg/api/meta"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
 // Store is a generic object storage and processing interface.  A
@@ -99,20 +100,38 @@ type ExplicitKey string
 // The key uses the format <namespace>/<name> unless <namespace> is empty, then
 // it's just <name>.
 //
-// TODO: replace key-as-string with a key-as-struct so that this
-// packing/unpacking won't be necessary.
+// Clients that want a structured alternative can use ObjectToName or MetaObjectToName.
+// Note: this would not be a client that wants a key for a Store because those are
+// necessarily strings.
+//
+// TODO maybe some day?: change Store to be keyed differently
 func MetaNamespaceKeyFunc(obj interface{}) (string, error) {
 	if key, ok := obj.(ExplicitKey); ok {
 		return string(key), nil
 	}
+	objName, err := ObjectToName(obj)
+	if err != nil {
+		return "", err
+	}
+	return objName.String(), nil
+}
+
+// ObjectToName returns the structured name for the given object,
+// if indeed it can be viewed as a metav1.Object.
+func ObjectToName(obj interface{}) (ObjectName, error) {
 	meta, err := meta.Accessor(obj)
 	if err != nil {
-		return "", fmt.Errorf("object has no meta: %v", err)
+		return ObjectName{}, fmt.Errorf("object has no meta: %v", err)
 	}
-	if len(meta.GetNamespace()) > 0 {
-		return meta.GetNamespace() + "/" + meta.GetName(), nil
+	return MetaObjectToName(meta), nil
+}
+
+// MetaObjectToName returns the structured name for the given object
+func MetaObjectToName(obj metav1.Object) ObjectName {
+	if len(obj.GetNamespace()) > 0 {
+		return ObjectName{Namespace: obj.GetNamespace(), Name: obj.GetName()}
 	}
-	return meta.GetName(), nil
+	return ObjectName{Namespace: "", Name: obj.GetName()}
 }
 
 // SplitMetaNamespaceKey returns the namespace and name that
diff --git a/vendor/k8s.io/client-go/tools/clientcmd/api/types.go b/vendor/k8s.io/client-go/tools/clientcmd/api/types.go
index 71fb821b1..ae8b8c703 100644
--- a/vendor/k8s.io/client-go/tools/clientcmd/api/types.go
+++ b/vendor/k8s.io/client-go/tools/clientcmd/api/types.go
@@ -67,7 +67,7 @@ type Preferences struct {
 type Cluster struct {
 	// LocationOfOrigin indicates where this object came from.  It is used for round tripping config post-merge, but never serialized.
 	// +k8s:conversion-gen=false
-	LocationOfOrigin string
+	LocationOfOrigin string `json:"-"`
 	// Server is the address of the kubernetes cluster (https://hostname:port).
 	Server string `json:"server"`
 	// TLSServerName is used to check server certificate. If TLSServerName is empty, the hostname used to contact the server is used.
@@ -107,7 +107,7 @@ type Cluster struct {
 type AuthInfo struct {
 	// LocationOfOrigin indicates where this object came from.  It is used for round tripping config post-merge, but never serialized.
 	// +k8s:conversion-gen=false
-	LocationOfOrigin string
+	LocationOfOrigin string `json:"-"`
 	// ClientCertificate is the path to a client cert file for TLS.
 	// +optional
 	ClientCertificate string `json:"client-certificate,omitempty"`
@@ -159,7 +159,7 @@ type AuthInfo struct {
 type Context struct {
 	// LocationOfOrigin indicates where this object came from.  It is used for round tripping config post-merge, but never serialized.
 	// +k8s:conversion-gen=false
-	LocationOfOrigin string
+	LocationOfOrigin string `json:"-"`
 	// Cluster is the name of the cluster for this context
 	Cluster string `json:"cluster"`
 	// AuthInfo is the name of the authInfo for this context
@@ -252,7 +252,7 @@ type ExecConfig struct {
 	// recommended as one of the prime benefits of exec plugins is that no secrets need
 	// to be stored directly in the kubeconfig.
 	// +k8s:conversion-gen=false
-	Config runtime.Object
+	Config runtime.Object `json:"-"`
 
 	// InteractiveMode determines this plugin's relationship with standard input. Valid
 	// values are "Never" (this exec plugin never uses standard input), "IfAvailable" (this
@@ -264,7 +264,7 @@ type ExecConfig struct {
 	// client.authentication.k8s.io/v1beta1, then this field is optional and defaults
 	// to "IfAvailable" when unset. Otherwise, this field is required.
 	// +optional
-	InteractiveMode ExecInteractiveMode
+	InteractiveMode ExecInteractiveMode `json:"interactiveMode,omitempty"`
 
 	// StdinUnavailable indicates whether the exec authenticator can pass standard
 	// input through to this exec plugin. For example, a higher level entity might be using
@@ -272,14 +272,14 @@ type ExecConfig struct {
 	// plugin to use standard input. This is kept here in order to keep all of the exec configuration
 	// together, but it is never serialized.
 	// +k8s:conversion-gen=false
-	StdinUnavailable bool
+	StdinUnavailable bool `json:"-"`
 
 	// StdinUnavailableMessage is an optional message to be displayed when the exec authenticator
 	// cannot successfully run this exec plugin because it needs to use standard input and
 	// StdinUnavailable is true. For example, a process that is already using standard input to
 	// read user instructions might set this to "used by my-program to read user instructions".
 	// +k8s:conversion-gen=false
-	StdinUnavailableMessage string
+	StdinUnavailableMessage string `json:"-"`
 }
 
 var _ fmt.Stringer = new(ExecConfig)
diff --git a/vendor/k8s.io/client-go/tools/clientcmd/loader.go b/vendor/k8s.io/client-go/tools/clientcmd/loader.go
index 44de1d41d..b75737f1c 100644
--- a/vendor/k8s.io/client-go/tools/clientcmd/loader.go
+++ b/vendor/k8s.io/client-go/tools/clientcmd/loader.go
@@ -128,6 +128,28 @@ type ClientConfigLoadingRules struct {
 	// WarnIfAllMissing indicates whether the configuration files pointed by KUBECONFIG environment variable are present or not.
 	// In case of missing files, it warns the user about the missing files.
 	WarnIfAllMissing bool
+
+	// Warner is the warning log callback to use in case of missing files.
+	Warner WarningHandler
+}
+
+// WarningHandler allows to set the logging function to use
+type WarningHandler func(error)
+
+func (handler WarningHandler) Warn(err error) {
+	if handler == nil {
+		klog.V(1).Info(err)
+	} else {
+		handler(err)
+	}
+}
+
+type MissingConfigError struct {
+	Missing []string
+}
+
+func (c MissingConfigError) Error() string {
+	return fmt.Sprintf("Config not found: %s", strings.Join(c.Missing, ", "))
 }
 
 // ClientConfigLoadingRules implements the ClientConfigLoader interface.
@@ -219,7 +241,7 @@ func (rules *ClientConfigLoadingRules) Load() (*clientcmdapi.Config, error) {
 	}
 
 	if rules.WarnIfAllMissing && len(missingList) > 0 && len(kubeconfigs) == 0 {
-		klog.Warningf("Config not found: %s", strings.Join(missingList, ", "))
+		rules.Warner.Warn(MissingConfigError{Missing: missingList})
 	}
 
 	// first merge all of our maps
diff --git a/vendor/k8s.io/client-go/tools/leaderelection/leaderelection.go b/vendor/k8s.io/client-go/tools/leaderelection/leaderelection.go
index 940e71617..c1151baf2 100644
--- a/vendor/k8s.io/client-go/tools/leaderelection/leaderelection.go
+++ b/vendor/k8s.io/client-go/tools/leaderelection/leaderelection.go
@@ -99,6 +99,11 @@ func NewLeaderElector(lec LeaderElectionConfig) (*LeaderElector, error) {
 	if lec.Lock == nil {
 		return nil, fmt.Errorf("Lock must not be nil.")
 	}
+	id := lec.Lock.Identity()
+	if id == "" {
+		return nil, fmt.Errorf("Lock identity is empty")
+	}
+
 	le := LeaderElector{
 		config:  lec,
 		clock:   clock.RealClock{},
diff --git a/vendor/k8s.io/client-go/tools/leaderelection/resourcelock/configmaplock.go b/vendor/k8s.io/client-go/tools/leaderelection/resourcelock/configmaplock.go
deleted file mode 100644
index e811fff03..000000000
--- a/vendor/k8s.io/client-go/tools/leaderelection/resourcelock/configmaplock.go
+++ /dev/null
@@ -1,126 +0,0 @@
-/*
-Copyright 2017 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package resourcelock
-
-import (
-	"context"
-	"encoding/json"
-	"errors"
-	"fmt"
-
-	"k8s.io/api/core/v1"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	corev1client "k8s.io/client-go/kubernetes/typed/core/v1"
-)
-
-// TODO: This is almost a exact replica of Endpoints lock.
-// going forwards as we self host more and more components
-// and use ConfigMaps as the means to pass that configuration
-// data we will likely move to deprecate the Endpoints lock.
-
-type configMapLock struct {
-	// ConfigMapMeta should contain a Name and a Namespace of a
-	// ConfigMapMeta object that the LeaderElector will attempt to lead.
-	ConfigMapMeta metav1.ObjectMeta
-	Client        corev1client.ConfigMapsGetter
-	LockConfig    ResourceLockConfig
-	cm            *v1.ConfigMap
-}
-
-// Get returns the election record from a ConfigMap Annotation
-func (cml *configMapLock) Get(ctx context.Context) (*LeaderElectionRecord, []byte, error) {
-	var record LeaderElectionRecord
-	cm, err := cml.Client.ConfigMaps(cml.ConfigMapMeta.Namespace).Get(ctx, cml.ConfigMapMeta.Name, metav1.GetOptions{})
-	if err != nil {
-		return nil, nil, err
-	}
-	cml.cm = cm
-	if cml.cm.Annotations == nil {
-		cml.cm.Annotations = make(map[string]string)
-	}
-	recordStr, found := cml.cm.Annotations[LeaderElectionRecordAnnotationKey]
-	recordBytes := []byte(recordStr)
-	if found {
-		if err := json.Unmarshal(recordBytes, &record); err != nil {
-			return nil, nil, err
-		}
-	}
-	return &record, recordBytes, nil
-}
-
-// Create attempts to create a LeaderElectionRecord annotation
-func (cml *configMapLock) Create(ctx context.Context, ler LeaderElectionRecord) error {
-	recordBytes, err := json.Marshal(ler)
-	if err != nil {
-		return err
-	}
-	cml.cm, err = cml.Client.ConfigMaps(cml.ConfigMapMeta.Namespace).Create(ctx, &v1.ConfigMap{
-		ObjectMeta: metav1.ObjectMeta{
-			Name:      cml.ConfigMapMeta.Name,
-			Namespace: cml.ConfigMapMeta.Namespace,
-			Annotations: map[string]string{
-				LeaderElectionRecordAnnotationKey: string(recordBytes),
-			},
-		},
-	}, metav1.CreateOptions{})
-	return err
-}
-
-// Update will update an existing annotation on a given resource.
-func (cml *configMapLock) Update(ctx context.Context, ler LeaderElectionRecord) error {
-	if cml.cm == nil {
-		return errors.New("configmap not initialized, call get or create first")
-	}
-	recordBytes, err := json.Marshal(ler)
-	if err != nil {
-		return err
-	}
-	if cml.cm.Annotations == nil {
-		cml.cm.Annotations = make(map[string]string)
-	}
-	cml.cm.Annotations[LeaderElectionRecordAnnotationKey] = string(recordBytes)
-	cm, err := cml.Client.ConfigMaps(cml.ConfigMapMeta.Namespace).Update(ctx, cml.cm, metav1.UpdateOptions{})
-	if err != nil {
-		return err
-	}
-	cml.cm = cm
-	return nil
-}
-
-// RecordEvent in leader election while adding meta-data
-func (cml *configMapLock) RecordEvent(s string) {
-	if cml.LockConfig.EventRecorder == nil {
-		return
-	}
-	events := fmt.Sprintf("%v %v", cml.LockConfig.Identity, s)
-	subject := &v1.ConfigMap{ObjectMeta: cml.cm.ObjectMeta}
-	// Populate the type meta, so we don't have to get it from the schema
-	subject.Kind = "ConfigMap"
-	subject.APIVersion = v1.SchemeGroupVersion.String()
-	cml.LockConfig.EventRecorder.Eventf(subject, v1.EventTypeNormal, "LeaderElection", events)
-}
-
-// Describe is used to convert details on current resource lock
-// into a string
-func (cml *configMapLock) Describe() string {
-	return fmt.Sprintf("%v/%v", cml.ConfigMapMeta.Namespace, cml.ConfigMapMeta.Name)
-}
-
-// Identity returns the Identity of the lock
-func (cml *configMapLock) Identity() string {
-	return cml.LockConfig.Identity
-}
diff --git a/vendor/k8s.io/client-go/tools/leaderelection/resourcelock/endpointslock.go b/vendor/k8s.io/client-go/tools/leaderelection/resourcelock/endpointslock.go
deleted file mode 100644
index eb36d2210..000000000
--- a/vendor/k8s.io/client-go/tools/leaderelection/resourcelock/endpointslock.go
+++ /dev/null
@@ -1,121 +0,0 @@
-/*
-Copyright 2016 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package resourcelock
-
-import (
-	"context"
-	"encoding/json"
-	"errors"
-	"fmt"
-
-	"k8s.io/api/core/v1"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	corev1client "k8s.io/client-go/kubernetes/typed/core/v1"
-)
-
-type endpointsLock struct {
-	// EndpointsMeta should contain a Name and a Namespace of an
-	// Endpoints object that the LeaderElector will attempt to lead.
-	EndpointsMeta metav1.ObjectMeta
-	Client        corev1client.EndpointsGetter
-	LockConfig    ResourceLockConfig
-	e             *v1.Endpoints
-}
-
-// Get returns the election record from a Endpoints Annotation
-func (el *endpointsLock) Get(ctx context.Context) (*LeaderElectionRecord, []byte, error) {
-	var record LeaderElectionRecord
-	ep, err := el.Client.Endpoints(el.EndpointsMeta.Namespace).Get(ctx, el.EndpointsMeta.Name, metav1.GetOptions{})
-	if err != nil {
-		return nil, nil, err
-	}
-	el.e = ep
-	if el.e.Annotations == nil {
-		el.e.Annotations = make(map[string]string)
-	}
-	recordStr, found := el.e.Annotations[LeaderElectionRecordAnnotationKey]
-	recordBytes := []byte(recordStr)
-	if found {
-		if err := json.Unmarshal(recordBytes, &record); err != nil {
-			return nil, nil, err
-		}
-	}
-	return &record, recordBytes, nil
-}
-
-// Create attempts to create a LeaderElectionRecord annotation
-func (el *endpointsLock) Create(ctx context.Context, ler LeaderElectionRecord) error {
-	recordBytes, err := json.Marshal(ler)
-	if err != nil {
-		return err
-	}
-	el.e, err = el.Client.Endpoints(el.EndpointsMeta.Namespace).Create(ctx, &v1.Endpoints{
-		ObjectMeta: metav1.ObjectMeta{
-			Name:      el.EndpointsMeta.Name,
-			Namespace: el.EndpointsMeta.Namespace,
-			Annotations: map[string]string{
-				LeaderElectionRecordAnnotationKey: string(recordBytes),
-			},
-		},
-	}, metav1.CreateOptions{})
-	return err
-}
-
-// Update will update and existing annotation on a given resource.
-func (el *endpointsLock) Update(ctx context.Context, ler LeaderElectionRecord) error {
-	if el.e == nil {
-		return errors.New("endpoint not initialized, call get or create first")
-	}
-	recordBytes, err := json.Marshal(ler)
-	if err != nil {
-		return err
-	}
-	if el.e.Annotations == nil {
-		el.e.Annotations = make(map[string]string)
-	}
-	el.e.Annotations[LeaderElectionRecordAnnotationKey] = string(recordBytes)
-	e, err := el.Client.Endpoints(el.EndpointsMeta.Namespace).Update(ctx, el.e, metav1.UpdateOptions{})
-	if err != nil {
-		return err
-	}
-	el.e = e
-	return nil
-}
-
-// RecordEvent in leader election while adding meta-data
-func (el *endpointsLock) RecordEvent(s string) {
-	if el.LockConfig.EventRecorder == nil {
-		return
-	}
-	events := fmt.Sprintf("%v %v", el.LockConfig.Identity, s)
-	subject := &v1.Endpoints{ObjectMeta: el.e.ObjectMeta}
-	// Populate the type meta, so we don't have to get it from the schema
-	subject.Kind = "Endpoints"
-	subject.APIVersion = v1.SchemeGroupVersion.String()
-	el.LockConfig.EventRecorder.Eventf(subject, v1.EventTypeNormal, "LeaderElection", events)
-}
-
-// Describe is used to convert details on current resource lock
-// into a string
-func (el *endpointsLock) Describe() string {
-	return fmt.Sprintf("%v/%v", el.EndpointsMeta.Namespace, el.EndpointsMeta.Name)
-}
-
-// Identity returns the Identity of the lock
-func (el *endpointsLock) Identity() string {
-	return el.LockConfig.Identity
-}
diff --git a/vendor/k8s.io/client-go/tools/leaderelection/resourcelock/interface.go b/vendor/k8s.io/client-go/tools/leaderelection/resourcelock/interface.go
index 05b5b2023..483753d63 100644
--- a/vendor/k8s.io/client-go/tools/leaderelection/resourcelock/interface.go
+++ b/vendor/k8s.io/client-go/tools/leaderelection/resourcelock/interface.go
@@ -34,7 +34,7 @@ const (
 	endpointsResourceLock             = "endpoints"
 	configMapsResourceLock            = "configmaps"
 	LeasesResourceLock                = "leases"
-	// When using EndpointsLeasesResourceLock, you need to ensure that
+	// When using endpointsLeasesResourceLock, you need to ensure that
 	// API Priority & Fairness is configured with non-default flow-schema
 	// that will catch the necessary operations on leader-election related
 	// endpoint objects.
@@ -67,8 +67,8 @@ const (
 	//         serviceAccount:
 	//           name: '*'
 	//           namespace: kube-system
-	EndpointsLeasesResourceLock = "endpointsleases"
-	// When using ConfigMapsLeasesResourceLock, you need to ensure that
+	endpointsLeasesResourceLock = "endpointsleases"
+	// When using configMapsLeasesResourceLock, you need to ensure that
 	// API Priority & Fairness is configured with non-default flow-schema
 	// that will catch the necessary operations on leader-election related
 	// configmap objects.
@@ -101,7 +101,7 @@ const (
 	//         serviceAccount:
 	//           name: '*'
 	//           namespace: kube-system
-	ConfigMapsLeasesResourceLock = "configmapsleases"
+	configMapsLeasesResourceLock = "configmapsleases"
 )
 
 // LeaderElectionRecord is the record that is stored in the leader election annotation.
@@ -164,22 +164,6 @@ type Interface interface {
 
 // Manufacture will create a lock of a given type according to the input parameters
 func New(lockType string, ns string, name string, coreClient corev1.CoreV1Interface, coordinationClient coordinationv1.CoordinationV1Interface, rlc ResourceLockConfig) (Interface, error) {
-	endpointsLock := &endpointsLock{
-		EndpointsMeta: metav1.ObjectMeta{
-			Namespace: ns,
-			Name:      name,
-		},
-		Client:     coreClient,
-		LockConfig: rlc,
-	}
-	configmapLock := &configMapLock{
-		ConfigMapMeta: metav1.ObjectMeta{
-			Namespace: ns,
-			Name:      name,
-		},
-		Client:     coreClient,
-		LockConfig: rlc,
-	}
 	leaseLock := &LeaseLock{
 		LeaseMeta: metav1.ObjectMeta{
 			Namespace: ns,
@@ -190,21 +174,15 @@ func New(lockType string, ns string, name string, coreClient corev1.CoreV1Interf
 	}
 	switch lockType {
 	case endpointsResourceLock:
-		return nil, fmt.Errorf("endpoints lock is removed, migrate to %s", EndpointsLeasesResourceLock)
+		return nil, fmt.Errorf("endpoints lock is removed, migrate to %s (using version v0.27.x)", endpointsLeasesResourceLock)
 	case configMapsResourceLock:
-		return nil, fmt.Errorf("configmaps lock is removed, migrate to %s", ConfigMapsLeasesResourceLock)
+		return nil, fmt.Errorf("configmaps lock is removed, migrate to %s (using version v0.27.x)", configMapsLeasesResourceLock)
 	case LeasesResourceLock:
 		return leaseLock, nil
-	case EndpointsLeasesResourceLock:
-		return &MultiLock{
-			Primary:   endpointsLock,
-			Secondary: leaseLock,
-		}, nil
-	case ConfigMapsLeasesResourceLock:
-		return &MultiLock{
-			Primary:   configmapLock,
-			Secondary: leaseLock,
-		}, nil
+	case endpointsLeasesResourceLock:
+		return nil, fmt.Errorf("endpointsleases lock is removed, migrate to %s", LeasesResourceLock)
+	case configMapsLeasesResourceLock:
+		return nil, fmt.Errorf("configmapsleases lock is removed, migrated to %s", LeasesResourceLock)
 	default:
 		return nil, fmt.Errorf("Invalid lock-type %s", lockType)
 	}
diff --git a/vendor/k8s.io/client-go/tools/metrics/metrics.go b/vendor/k8s.io/client-go/tools/metrics/metrics.go
index f36430dc3..99d3d8e23 100644
--- a/vendor/k8s.io/client-go/tools/metrics/metrics.go
+++ b/vendor/k8s.io/client-go/tools/metrics/metrics.go
@@ -42,6 +42,10 @@ type LatencyMetric interface {
 	Observe(ctx context.Context, verb string, u url.URL, latency time.Duration)
 }
 
+type ResolverLatencyMetric interface {
+	Observe(ctx context.Context, host string, latency time.Duration)
+}
+
 // SizeMetric observes client response size partitioned by verb and host.
 type SizeMetric interface {
 	Observe(ctx context.Context, verb string, host string, size float64)
@@ -64,6 +68,17 @@ type RetryMetric interface {
 	IncrementRetry(ctx context.Context, code string, method string, host string)
 }
 
+// TransportCacheMetric shows the number of entries in the internal transport cache
+type TransportCacheMetric interface {
+	Observe(value int)
+}
+
+// TransportCreateCallsMetric counts the number of times a transport is created
+// partitioned by the result of the cache: hit, miss, uncacheable
+type TransportCreateCallsMetric interface {
+	Increment(result string)
+}
+
 var (
 	// ClientCertExpiry is the expiry time of a client certificate
 	ClientCertExpiry ExpiryMetric = noopExpiry{}
@@ -71,6 +86,8 @@ var (
 	ClientCertRotationAge DurationMetric = noopDuration{}
 	// RequestLatency is the latency metric that rest clients will update.
 	RequestLatency LatencyMetric = noopLatency{}
+	// ResolverLatency is the latency metric that DNS resolver will update
+	ResolverLatency ResolverLatencyMetric = noopResolverLatency{}
 	// RequestSize is the request size metric that rest clients will update.
 	RequestSize SizeMetric = noopSize{}
 	// ResponseSize is the response size metric that rest clients will update.
@@ -85,6 +102,12 @@ var (
 	// RequestRetry is the retry metric that tracks the number of
 	// retries sent to the server.
 	RequestRetry RetryMetric = noopRetry{}
+	// TransportCacheEntries is the metric that tracks the number of entries in the
+	// internal transport cache.
+	TransportCacheEntries TransportCacheMetric = noopTransportCache{}
+	// TransportCreateCalls is the metric that counts the number of times a new transport
+	// is created
+	TransportCreateCalls TransportCreateCallsMetric = noopTransportCreateCalls{}
 )
 
 // RegisterOpts contains all the metrics to register. Metrics may be nil.
@@ -92,12 +115,15 @@ type RegisterOpts struct {
 	ClientCertExpiry      ExpiryMetric
 	ClientCertRotationAge DurationMetric
 	RequestLatency        LatencyMetric
+	ResolverLatency       ResolverLatencyMetric
 	RequestSize           SizeMetric
 	ResponseSize          SizeMetric
 	RateLimiterLatency    LatencyMetric
 	RequestResult         ResultMetric
 	ExecPluginCalls       CallsMetric
 	RequestRetry          RetryMetric
+	TransportCacheEntries TransportCacheMetric
+	TransportCreateCalls  TransportCreateCallsMetric
 }
 
 // Register registers metrics for the rest client to use. This can
@@ -113,6 +139,9 @@ func Register(opts RegisterOpts) {
 		if opts.RequestLatency != nil {
 			RequestLatency = opts.RequestLatency
 		}
+		if opts.ResolverLatency != nil {
+			ResolverLatency = opts.ResolverLatency
+		}
 		if opts.RequestSize != nil {
 			RequestSize = opts.RequestSize
 		}
@@ -131,6 +160,12 @@ func Register(opts RegisterOpts) {
 		if opts.RequestRetry != nil {
 			RequestRetry = opts.RequestRetry
 		}
+		if opts.TransportCacheEntries != nil {
+			TransportCacheEntries = opts.TransportCacheEntries
+		}
+		if opts.TransportCreateCalls != nil {
+			TransportCreateCalls = opts.TransportCreateCalls
+		}
 	})
 }
 
@@ -146,6 +181,11 @@ type noopLatency struct{}
 
 func (noopLatency) Observe(context.Context, string, url.URL, time.Duration) {}
 
+type noopResolverLatency struct{}
+
+func (n noopResolverLatency) Observe(ctx context.Context, host string, latency time.Duration) {
+}
+
 type noopSize struct{}
 
 func (noopSize) Observe(context.Context, string, string, float64) {}
@@ -161,3 +201,11 @@ func (noopCalls) Increment(int, string) {}
 type noopRetry struct{}
 
 func (noopRetry) IncrementRetry(context.Context, string, string, string) {}
+
+type noopTransportCache struct{}
+
+func (noopTransportCache) Observe(int) {}
+
+type noopTransportCreateCalls struct{}
+
+func (noopTransportCreateCalls) Increment(string) {}
diff --git a/vendor/k8s.io/client-go/tools/pager/pager.go b/vendor/k8s.io/client-go/tools/pager/pager.go
index 9ba988f68..3c77cc37f 100644
--- a/vendor/k8s.io/client-go/tools/pager/pager.go
+++ b/vendor/k8s.io/client-go/tools/pager/pager.go
@@ -73,7 +73,23 @@ func New(fn ListPageFunc) *ListPager {
 // List returns a single list object, but attempts to retrieve smaller chunks from the
 // server to reduce the impact on the server. If the chunk attempt fails, it will load
 // the full list instead. The Limit field on options, if unset, will default to the page size.
+//
+// If items in the returned list are retained for different durations, and you want to avoid
+// retaining the whole slice returned by p.PageFn as long as any item is referenced,
+// use ListWithAlloc instead.
 func (p *ListPager) List(ctx context.Context, options metav1.ListOptions) (runtime.Object, bool, error) {
+	return p.list(ctx, options, false)
+}
+
+// ListWithAlloc works like List, but avoids retaining references to the items slice returned by p.PageFn.
+// It does this by making a shallow copy of non-pointer items in the slice returned by p.PageFn.
+//
+// If the items in the returned list are not retained, or are retained for the same duration, use List instead for memory efficiency.
+func (p *ListPager) ListWithAlloc(ctx context.Context, options metav1.ListOptions) (runtime.Object, bool, error) {
+	return p.list(ctx, options, true)
+}
+
+func (p *ListPager) list(ctx context.Context, options metav1.ListOptions, allocNew bool) (runtime.Object, bool, error) {
 	if options.Limit == 0 {
 		options.Limit = p.PageSize
 	}
@@ -123,7 +139,11 @@ func (p *ListPager) List(ctx context.Context, options metav1.ListOptions) (runti
 			list.ResourceVersion = m.GetResourceVersion()
 			list.SelfLink = m.GetSelfLink()
 		}
-		if err := meta.EachListItem(obj, func(obj runtime.Object) error {
+		eachListItemFunc := meta.EachListItem
+		if allocNew {
+			eachListItemFunc = meta.EachListItemWithAlloc
+		}
+		if err := eachListItemFunc(obj, func(obj runtime.Object) error {
 			list.Items = append(list.Items, obj)
 			return nil
 		}); err != nil {
@@ -156,12 +176,26 @@ func (p *ListPager) List(ctx context.Context, options metav1.ListOptions) (runti
 //
 // Items are retrieved in chunks from the server to reduce the impact on the server with up to
 // ListPager.PageBufferSize chunks buffered concurrently in the background.
+//
+// If items passed to fn are retained for different durations, and you want to avoid
+// retaining the whole slice returned by p.PageFn as long as any item is referenced,
+// use EachListItemWithAlloc instead.
 func (p *ListPager) EachListItem(ctx context.Context, options metav1.ListOptions, fn func(obj runtime.Object) error) error {
 	return p.eachListChunkBuffered(ctx, options, func(obj runtime.Object) error {
 		return meta.EachListItem(obj, fn)
 	})
 }
 
+// EachListItemWithAlloc works like EachListItem, but avoids retaining references to the items slice returned by p.PageFn.
+// It does this by making a shallow copy of non-pointer items in the slice returned by p.PageFn.
+//
+// If the items passed to fn are not retained, or are retained for the same duration, use EachListItem instead for memory efficiency.
+func (p *ListPager) EachListItemWithAlloc(ctx context.Context, options metav1.ListOptions, fn func(obj runtime.Object) error) error {
+	return p.eachListChunkBuffered(ctx, options, func(obj runtime.Object) error {
+		return meta.EachListItemWithAlloc(obj, fn)
+	})
+}
+
 // eachListChunkBuffered fetches runtimeObject list chunks using this ListPager and invokes fn on
 // each list chunk.  If fn returns an error, processing stops and that error is returned. If fn does
 // not return an error, any error encountered while retrieving the list from the server is
diff --git a/vendor/k8s.io/client-go/tools/record/event.go b/vendor/k8s.io/client-go/tools/record/event.go
index 4899b362d..f176167dc 100644
--- a/vendor/k8s.io/client-go/tools/record/event.go
+++ b/vendor/k8s.io/client-go/tools/record/event.go
@@ -274,7 +274,7 @@ func recordEvent(sink EventSink, event *v1.Event, patch []byte, updateExistingEv
 		klog.Errorf("Unable to construct event '%#v': '%v' (will not retry!)", event, err)
 		return true
 	case *errors.StatusError:
-		if errors.IsAlreadyExists(err) {
+		if errors.IsAlreadyExists(err) || errors.HasStatusCause(err, v1.NamespaceTerminatingCause) {
 			klog.V(5).Infof("Server rejected event '%#v': '%v' (will not retry!)", event, err)
 		} else {
 			klog.Errorf("Server rejected event '%#v': '%v' (will not retry!)", event, err)
@@ -357,6 +357,9 @@ func (recorder *recorderImpl) generateEvent(object runtime.Object, annotations m
 	event := recorder.makeEvent(ref, annotations, eventtype, reason, message)
 	event.Source = recorder.source
 
+	event.ReportingInstance = recorder.source.Host
+	event.ReportingController = recorder.source.Component
+
 	// NOTE: events should be a non-blocking operation, but we also need to not
 	// put this in a goroutine, otherwise we'll race to write to a closed channel
 	// when we go to shut down this broadcaster.  Just drop events if we get overloaded,
diff --git a/vendor/k8s.io/client-go/tools/watch/retrywatcher.go b/vendor/k8s.io/client-go/tools/watch/retrywatcher.go
index e4806d2ea..d81dc4357 100644
--- a/vendor/k8s.io/client-go/tools/watch/retrywatcher.go
+++ b/vendor/k8s.io/client-go/tools/watch/retrywatcher.go
@@ -24,10 +24,9 @@ import (
 	"net/http"
 	"time"
 
-	"github.com/davecgh/go-spew/spew"
-
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/util/dump"
 	"k8s.io/apimachinery/pkg/util/net"
 	"k8s.io/apimachinery/pkg/util/wait"
 	"k8s.io/apimachinery/pkg/watch"
@@ -191,7 +190,7 @@ func (rw *RetryWatcher) doReceive() (bool, time.Duration) {
 				errObject := apierrors.FromObject(event.Object)
 				statusErr, ok := errObject.(*apierrors.StatusError)
 				if !ok {
-					klog.Error(spew.Sprintf("Received an error which is not *metav1.Status but %#+v", event.Object))
+					klog.Error(fmt.Sprintf("Received an error which is not *metav1.Status but %s", dump.Pretty(event.Object)))
 					// Retry unknown errors
 					return false, 0
 				}
@@ -220,7 +219,7 @@ func (rw *RetryWatcher) doReceive() (bool, time.Duration) {
 
 					// Log here so we have a record of hitting the unexpected error
 					// and we can whitelist some error codes if we missed any that are expected.
-					klog.V(5).Info(spew.Sprintf("Retrying after unexpected error: %#+v", event.Object))
+					klog.V(5).Info(fmt.Sprintf("Retrying after unexpected error: %s", dump.Pretty(event.Object)))
 
 					// Retry
 					return false, statusDelay
diff --git a/vendor/k8s.io/client-go/transport/cache.go b/vendor/k8s.io/client-go/transport/cache.go
index edcc6d1d4..7c7f1b330 100644
--- a/vendor/k8s.io/client-go/transport/cache.go
+++ b/vendor/k8s.io/client-go/transport/cache.go
@@ -27,6 +27,7 @@ import (
 
 	utilnet "k8s.io/apimachinery/pkg/util/net"
 	"k8s.io/apimachinery/pkg/util/wait"
+	"k8s.io/client-go/tools/metrics"
 )
 
 // TlsTransportCache caches TLS http.RoundTrippers different configurations. The
@@ -80,11 +81,16 @@ func (c *tlsTransportCache) get(config *Config) (http.RoundTripper, error) {
 		// Ensure we only create a single transport for the given TLS options
 		c.mu.Lock()
 		defer c.mu.Unlock()
+		defer metrics.TransportCacheEntries.Observe(len(c.transports))
 
 		// See if we already have a custom transport for this config
 		if t, ok := c.transports[key]; ok {
+			metrics.TransportCreateCalls.Increment("hit")
 			return t, nil
 		}
+		metrics.TransportCreateCalls.Increment("miss")
+	} else {
+		metrics.TransportCreateCalls.Increment("uncacheable")
 	}
 
 	// Get the TLS options for this client config
diff --git a/vendor/k8s.io/client-go/util/cert/cert.go b/vendor/k8s.io/client-go/util/cert/cert.go
index 4be1dfe49..91e171271 100644
--- a/vendor/k8s.io/client-go/util/cert/cert.go
+++ b/vendor/k8s.io/client-go/util/cert/cert.go
@@ -25,6 +25,7 @@ import (
 	"crypto/x509/pkix"
 	"encoding/pem"
 	"fmt"
+	"math"
 	"math/big"
 	"net"
 	"os"
@@ -44,6 +45,7 @@ type Config struct {
 	Organization []string
 	AltNames     AltNames
 	Usages       []x509.ExtKeyUsage
+	NotBefore    time.Time
 }
 
 // AltNames contains the domain names and IP addresses that will be added
@@ -57,14 +59,24 @@ type AltNames struct {
 // NewSelfSignedCACert creates a CA certificate
 func NewSelfSignedCACert(cfg Config, key crypto.Signer) (*x509.Certificate, error) {
 	now := time.Now()
+	// returns a uniform random value in [0, max-1), then add 1 to serial to make it a uniform random value in [1, max).
+	serial, err := cryptorand.Int(cryptorand.Reader, new(big.Int).SetInt64(math.MaxInt64-1))
+	if err != nil {
+		return nil, err
+	}
+	serial = new(big.Int).Add(serial, big.NewInt(1))
+	notBefore := now.UTC()
+	if !cfg.NotBefore.IsZero() {
+		notBefore = cfg.NotBefore.UTC()
+	}
 	tmpl := x509.Certificate{
-		SerialNumber: new(big.Int).SetInt64(0),
+		SerialNumber: serial,
 		Subject: pkix.Name{
 			CommonName:   cfg.CommonName,
 			Organization: cfg.Organization,
 		},
 		DNSNames:              []string{cfg.CommonName},
-		NotBefore:             now.UTC(),
+		NotBefore:             notBefore,
 		NotAfter:              now.Add(duration365d * 10).UTC(),
 		KeyUsage:              x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign,
 		BasicConstraintsValid: true,
@@ -116,9 +128,14 @@ func GenerateSelfSignedCertKeyWithFixtures(host string, alternateIPs []net.IP, a
 	if err != nil {
 		return nil, nil, err
 	}
-
+	// returns a uniform random value in [0, max-1), then add 1 to serial to make it a uniform random value in [1, max).
+	serial, err := cryptorand.Int(cryptorand.Reader, new(big.Int).SetInt64(math.MaxInt64-1))
+	if err != nil {
+		return nil, nil, err
+	}
+	serial = new(big.Int).Add(serial, big.NewInt(1))
 	caTemplate := x509.Certificate{
-		SerialNumber: big.NewInt(1),
+		SerialNumber: serial,
 		Subject: pkix.Name{
 			CommonName: fmt.Sprintf("%s-ca@%d", host, time.Now().Unix()),
 		},
@@ -144,9 +161,14 @@ func GenerateSelfSignedCertKeyWithFixtures(host string, alternateIPs []net.IP, a
 	if err != nil {
 		return nil, nil, err
 	}
-
+	// returns a uniform random value in [0, max-1), then add 1 to serial to make it a uniform random value in [1, max).
+	serial, err = cryptorand.Int(cryptorand.Reader, new(big.Int).SetInt64(math.MaxInt64-1))
+	if err != nil {
+		return nil, nil, err
+	}
+	serial = new(big.Int).Add(serial, big.NewInt(1))
 	template := x509.Certificate{
-		SerialNumber: big.NewInt(2),
+		SerialNumber: serial,
 		Subject: pkix.Name{
 			CommonName: fmt.Sprintf("%s@%d", host, time.Now().Unix()),
 		},
diff --git a/vendor/k8s.io/kube-openapi/pkg/builder3/util/util.go b/vendor/k8s.io/kube-openapi/pkg/builder3/util/util.go
deleted file mode 100644
index e01566925..000000000
--- a/vendor/k8s.io/kube-openapi/pkg/builder3/util/util.go
+++ /dev/null
@@ -1,51 +0,0 @@
-/*
-Copyright 2022 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package util
-
-import (
-	"reflect"
-
-	"k8s.io/kube-openapi/pkg/schemamutation"
-	"k8s.io/kube-openapi/pkg/validation/spec"
-)
-
-// wrapRefs wraps OpenAPI V3 Schema refs that contain sibling elements.
-// AllOf is used to wrap the Ref to prevent references from having sibling elements
-// Please see https://github.com/kubernetes/kubernetes/issues/106387#issuecomment-967640388
-func WrapRefs(schema *spec.Schema) *spec.Schema {
-	walker := schemamutation.Walker{
-		SchemaCallback: func(schema *spec.Schema) *spec.Schema {
-			orig := schema
-			clone := func() {
-				if orig == schema {
-					schema = new(spec.Schema)
-					*schema = *orig
-				}
-			}
-			if schema.Ref.String() != "" && !reflect.DeepEqual(*schema, spec.Schema{SchemaProps: spec.SchemaProps{Ref: schema.Ref}}) {
-				clone()
-				refSchema := new(spec.Schema)
-				refSchema.Ref = schema.Ref
-				schema.Ref = spec.Ref{}
-				schema.AllOf = []spec.Schema{*refSchema}
-			}
-			return schema
-		},
-		RefCallback: schemamutation.RefCallbackNoop,
-	}
-	return walker.WalkSchema(schema)
-}
diff --git a/vendor/k8s.io/kube-openapi/pkg/cached/cache.go b/vendor/k8s.io/kube-openapi/pkg/cached/cache.go
index 16e34853a..a66fe8a09 100644
--- a/vendor/k8s.io/kube-openapi/pkg/cached/cache.go
+++ b/vendor/k8s.io/kube-openapi/pkg/cached/cache.go
@@ -14,31 +14,29 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 
-// Package cache provides a cache mechanism based on etags to lazily
+// Package cached provides a cache mechanism based on etags to lazily
 // build, and/or cache results from expensive operation such that those
 // operations are not repeated unnecessarily. The operations can be
 // created as a tree, and replaced dynamically as needed.
 //
+// All the operations in this module are thread-safe.
+//
 // # Dependencies and types of caches
 //
 // This package uses a source/transform/sink model of caches to build
 // the dependency tree, and can be used as follows:
-//   - [NewSource]: A source cache that recomputes the content every time.
-//   - [NewStaticSource]: A source cache that always produces the
+//   - [Func]: A source cache that recomputes the content every time.
+//   - [Once]: A source cache that always produces the
 //     same content, it is only called once.
-//   - [NewTransformer]: A cache that transforms data from one format to
+//   - [Transform]: A cache that transforms data from one format to
 //     another. It's only refreshed when the source changes.
-//   - [NewMerger]: A cache that aggregates multiple caches into one.
+//   - [Merge]: A cache that aggregates multiple caches in a map into one.
 //     It's only refreshed when the source changes.
-//   - [Replaceable]: A cache adapter that can be atomically
-//     replaced with a new one, and saves the previous results in case an
-//     error pops-up.
-//
-// # Atomicity
-//
-// Most of the operations are not atomic/thread-safe, except for
-// [Replaceable.Replace] which can be performed while the objects
-// are being read.
+//   - [MergeList]: A cache that aggregates multiple caches in a list into one.
+//     It's only refreshed when the source changes.
+//   - [Atomic]: A cache adapter that atomically replaces the source with a new one.
+//   - [LastSuccess]: A cache adapter that caches the last successful and returns
+//     it if the next call fails. It extends [Atomic].
 //
 // # Etags
 //
@@ -54,113 +52,146 @@ package cached
 
 import (
 	"fmt"
+	"sync"
 	"sync/atomic"
 )
 
-// Result is the content returned from a call to a cache. It can either
-// be created with [NewResultOK] if the call was a success, or
-// [NewResultErr] if the call resulted in an error.
+// Value is wrapping a value behind a getter for lazy evaluation.
+type Value[T any] interface {
+	Get() (value T, etag string, err error)
+}
+
+// Result is wrapping T and error into a struct for cases where a tuple is more
+// convenient or necessary in Golang.
 type Result[T any] struct {
-	Data T
-	Etag string
-	Err  error
+	Value T
+	Etag  string
+	Err   error
 }
 
-// NewResultOK creates a new [Result] for a successful operation.
-func NewResultOK[T any](data T, etag string) Result[T] {
-	return Result[T]{
-		Data: data,
-		Etag: etag,
-	}
+func (r Result[T]) Get() (T, string, error) {
+	return r.Value, r.Etag, r.Err
 }
 
-// NewResultErr creates a new [Result] when an error has happened.
-func NewResultErr[T any](err error) Result[T] {
-	return Result[T]{
-		Err: err,
-	}
+// Func wraps a (thread-safe) function as a Value[T].
+func Func[T any](fn func() (T, string, error)) Value[T] {
+	return valueFunc[T](fn)
 }
 
-// Result can be treated as a [Data] if necessary.
-func (r Result[T]) Get() Result[T] {
-	return r
+type valueFunc[T any] func() (T, string, error)
+
+func (c valueFunc[T]) Get() (T, string, error) {
+	return c()
 }
 
-// Data is a cache that performs an action whose result data will be
-// cached. It also returns an "etag" identifier to version the cache, so
-// that the caller can know if they have the most recent version of the
-// cache (and can decide to cache some operation based on that).
-//
-// The [NewMerger] and [NewTransformer] automatically handle
-// that for you by checking if the etag is updated before calling the
-// merging or transforming function.
-type Data[T any] interface {
-	// Returns the cached data, as well as an "etag" to identify the
-	// version of the cache, or an error if something happened.
-	Get() Result[T]
+// Static returns constant values.
+func Static[T any](value T, etag string) Value[T] {
+	return Result[T]{Value: value, Etag: etag}
 }
 
-// T is the source type, V is the destination type.
-type merger[K comparable, T, V any] struct {
-	mergeFn      func(map[K]Result[T]) Result[V]
-	caches       map[K]Data[T]
-	cacheResults map[K]Result[T]
-	result       Result[V]
+// Merge merges a of cached values. The merge function only gets called if any of
+// the dependency has changed.
+//
+// If any of the dependency returned an error before, or any of the
+// dependency returned an error this time, or if the mergeFn failed
+// before, then the function is run again.
+//
+// Note that this assumes there is no "partial" merge, the merge
+// function will remerge all the dependencies together everytime. Since
+// the list of dependencies is constant, there is no way to save some
+// partial merge information either.
+//
+// Also note that Golang map iteration is not stable. If the mergeFn
+// depends on the order iteration to be stable, it will need to
+// implement its own sorting or iteration order.
+func Merge[K comparable, T, V any](mergeFn func(results map[K]Result[T]) (V, string, error), caches map[K]Value[T]) Value[V] {
+	list := make([]Value[T], 0, len(caches))
+
+	// map from index to key
+	indexes := make(map[int]K, len(caches))
+	i := 0
+	for k := range caches {
+		list = append(list, caches[k])
+		indexes[i] = k
+		i++
+	}
+
+	return MergeList(func(results []Result[T]) (V, string, error) {
+		if len(results) != len(indexes) {
+			panic(fmt.Errorf("invalid result length %d, expected %d", len(results), len(indexes)))
+		}
+		m := make(map[K]Result[T], len(results))
+		for i := range results {
+			m[indexes[i]] = results[i]
+		}
+		return mergeFn(m)
+	}, list)
 }
 
-// NewMerger creates a new merge cache, a cache that merges the result
-// of other caches. The function only gets called if any of the
-// dependency has changed.
+// MergeList merges a list of cached values. The function only gets called if
+// any of the dependency has changed.
+//
+// The benefit of ListMerger over the basic Merger is that caches are
+// stored in an ordered list so the order of the cache will be
+// preserved in the order of the results passed to the mergeFn.
 //
 // If any of the dependency returned an error before, or any of the
 // dependency returned an error this time, or if the mergeFn failed
 // before, then the function is reran.
 //
-// The caches and results are mapped by K so that associated data can be
-// retrieved. The map of dependencies can not be modified after
-// creation, and a new merger should be created (and probably replaced
-// using a [Replaceable]).
-//
 // Note that this assumes there is no "partial" merge, the merge
 // function will remerge all the dependencies together everytime. Since
 // the list of dependencies is constant, there is no way to save some
 // partial merge information either.
-func NewMerger[K comparable, T, V any](mergeFn func(results map[K]Result[T]) Result[V], caches map[K]Data[T]) Data[V] {
-	return &merger[K, T, V]{
-		mergeFn: mergeFn,
-		caches:  caches,
+func MergeList[T, V any](mergeFn func(results []Result[T]) (V, string, error), delegates []Value[T]) Value[V] {
+	return &listMerger[T, V]{
+		mergeFn:   mergeFn,
+		delegates: delegates,
 	}
 }
 
-func (c *merger[K, T, V]) prepareResults() map[K]Result[T] {
-	cacheResults := make(map[K]Result[T], len(c.caches))
-	for key, cache := range c.caches {
-		cacheResults[key] = cache.Get()
+type listMerger[T, V any] struct {
+	lock      sync.Mutex
+	mergeFn   func([]Result[T]) (V, string, error)
+	delegates []Value[T]
+	cache     []Result[T]
+	result    Result[V]
+}
+
+func (c *listMerger[T, V]) prepareResultsLocked() []Result[T] {
+	cacheResults := make([]Result[T], len(c.delegates))
+	ch := make(chan struct {
+		int
+		Result[T]
+	}, len(c.delegates))
+	for i := range c.delegates {
+		go func(index int) {
+			value, etag, err := c.delegates[index].Get()
+			ch <- struct {
+				int
+				Result[T]
+			}{index, Result[T]{Value: value, Etag: etag, Err: err}}
+		}(i)
+	}
+	for i := 0; i < len(c.delegates); i++ {
+		res := <-ch
+		cacheResults[res.int] = res.Result
 	}
 	return cacheResults
 }
 
-// Rerun if:
-//   - The last run resulted in an error
-//   - Any of the dependency previously returned an error
-//   - Any of the dependency just returned an error
-//   - Any of the dependency's etag changed
-func (c *merger[K, T, V]) needsRunning(results map[K]Result[T]) bool {
-	if c.cacheResults == nil {
+func (c *listMerger[T, V]) needsRunningLocked(results []Result[T]) bool {
+	if c.cache == nil {
 		return true
 	}
 	if c.result.Err != nil {
 		return true
 	}
-	if len(results) != len(c.cacheResults) {
-		panic(fmt.Errorf("invalid number of results: %v (expected %v)", len(results), len(c.cacheResults)))
+	if len(results) != len(c.cache) {
+		panic(fmt.Errorf("invalid number of results: %v (expected %v)", len(results), len(c.cache)))
 	}
-	for key, oldResult := range c.cacheResults {
-		newResult, ok := results[key]
-		if !ok {
-			panic(fmt.Errorf("unknown cache entry: %v", key))
-		}
-
+	for i, oldResult := range c.cache {
+		newResult := results[i]
 		if newResult.Etag != oldResult.Etag || newResult.Err != nil || oldResult.Err != nil {
 			return true
 		}
@@ -168,97 +199,92 @@ func (c *merger[K, T, V]) needsRunning(results map[K]Result[T]) bool {
 	return false
 }
 
-func (c *merger[K, T, V]) Get() Result[V] {
-	cacheResults := c.prepareResults()
-	if c.needsRunning(cacheResults) {
-		c.cacheResults = cacheResults
-		c.result = c.mergeFn(c.cacheResults)
+func (c *listMerger[T, V]) Get() (V, string, error) {
+	c.lock.Lock()
+	defer c.lock.Unlock()
+	cacheResults := c.prepareResultsLocked()
+	if c.needsRunningLocked(cacheResults) {
+		c.cache = cacheResults
+		c.result.Value, c.result.Etag, c.result.Err = c.mergeFn(c.cache)
 	}
-	return c.result
+	return c.result.Value, c.result.Etag, c.result.Err
 }
 
-type transformerCacheKeyType struct{}
-
-// NewTransformer creates a new cache that transforms the result of
-// another cache. The transformFn will only be called if the source
-// cache has updated the output, otherwise, the cached result will be
-// returned.
+// Transform the result of another cached value. The transformFn will only be called
+// if the source has updated, otherwise, the result will be returned.
 //
 // If the dependency returned an error before, or it returns an error
 // this time, or if the transformerFn failed before, the function is
 // reran.
-func NewTransformer[T, V any](transformerFn func(Result[T]) Result[V], source Data[T]) Data[V] {
-	return NewMerger(func(caches map[transformerCacheKeyType]Result[T]) Result[V] {
-		cache, ok := caches[transformerCacheKeyType{}]
-		if len(caches) != 1 || !ok {
-			panic(fmt.Errorf("invalid cache for transformer cache: %v", caches))
+func Transform[T, V any](transformerFn func(T, string, error) (V, string, error), source Value[T]) Value[V] {
+	return MergeList(func(delegates []Result[T]) (V, string, error) {
+		if len(delegates) != 1 {
+			panic(fmt.Errorf("invalid cache for transformer cache: %v", delegates))
 		}
-		return transformerFn(cache)
-	}, map[transformerCacheKeyType]Data[T]{
-		{}: source,
-	})
+		return transformerFn(delegates[0].Value, delegates[0].Etag, delegates[0].Err)
+	}, []Value[T]{source})
 }
 
-// NewSource creates a new cache that generates some data. This
-// will always be called since we don't know the origin of the data and
-// if it needs to be updated or not.
-func NewSource[T any](sourceFn func() Result[T]) Data[T] {
-	c := source[T](sourceFn)
-	return &c
+// Once calls Value[T].Get() lazily and only once, even in case of an error result.
+func Once[T any](d Value[T]) Value[T] {
+	return &once[T]{
+		data: d,
+	}
 }
 
-type source[T any] func() Result[T]
-
-func (c *source[T]) Get() Result[T] {
-	return (*c)()
+type once[T any] struct {
+	once   sync.Once
+	data   Value[T]
+	result Result[T]
 }
 
-// NewStaticSource creates a new cache that always generates the
-// same data. This will only be called once (lazily).
-func NewStaticSource[T any](staticFn func() Result[T]) Data[T] {
-	return &static[T]{
-		fn: staticFn,
-	}
+func (c *once[T]) Get() (T, string, error) {
+	c.once.Do(func() {
+		c.result.Value, c.result.Etag, c.result.Err = c.data.Get()
+	})
+	return c.result.Value, c.result.Etag, c.result.Err
 }
 
-type static[T any] struct {
-	fn     func() Result[T]
-	result *Result[T]
+// Replaceable extends the Value[T] interface with the ability to change the
+// underlying Value[T] after construction.
+type Replaceable[T any] interface {
+	Value[T]
+	Store(Value[T])
 }
 
-func (c *static[T]) Get() Result[T] {
-	if c.result == nil {
-		result := c.fn()
-		c.result = &result
-	}
-	return *c.result
+// Atomic wraps a Value[T] as an atomic value that can be replaced. It implements
+// Replaceable[T].
+type Atomic[T any] struct {
+	value atomic.Pointer[Value[T]]
 }
 
-// Replaceable is a cache that carries the result even when the
-// cache is replaced. The cache can be replaced atomically (without any
-// lock held). This is the type that should typically be stored in
-// structs.
-type Replaceable[T any] struct {
-	cache  atomic.Pointer[Data[T]]
-	result *Result[T]
+var _ Replaceable[[]byte] = &Atomic[[]byte]{}
+
+func (x *Atomic[T]) Store(val Value[T])      { x.value.Store(&val) }
+func (x *Atomic[T]) Get() (T, string, error) { return (*x.value.Load()).Get() }
+
+// LastSuccess calls Value[T].Get(), but hides errors by returning the last
+// success if there has been any.
+type LastSuccess[T any] struct {
+	Atomic[T]
+	success atomic.Pointer[Result[T]]
 }
 
-// Get retrieves the data from the underlying source. [Replaceable]
-// implements the [Data] interface itself. This is a pass-through
-// that calls the most recent underlying cache. If the cache fails but
-// previously had returned a success, that success will be returned
-// instead. If the cache fails but we never returned a success, that
-// failure is returned.
-func (c *Replaceable[T]) Get() Result[T] {
-	result := (*c.cache.Load()).Get()
-	if result.Err != nil && c.result != nil && c.result.Err == nil {
-		return *c.result
+var _ Replaceable[[]byte] = &LastSuccess[[]byte]{}
+
+func (c *LastSuccess[T]) Get() (T, string, error) {
+	success := c.success.Load()
+	value, etag, err := c.Atomic.Get()
+	if err == nil {
+		if success == nil {
+			c.success.CompareAndSwap(nil, &Result[T]{Value: value, Etag: etag, Err: err})
+		}
+		return value, etag, err
+	}
+
+	if success != nil {
+		return success.Value, success.Etag, success.Err
 	}
-	c.result = &result
-	return *c.result
-}
 
-// Replace changes the cache in a thread-safe way.
-func (c *Replaceable[T]) Replace(cache Data[T]) {
-	c.cache.Swap(&cache)
+	return value, etag, err
 }
diff --git a/vendor/k8s.io/kube-openapi/pkg/common/common.go b/vendor/k8s.io/kube-openapi/pkg/common/common.go
index 1a6c12e17..2e15e163c 100644
--- a/vendor/k8s.io/kube-openapi/pkg/common/common.go
+++ b/vendor/k8s.io/kube-openapi/pkg/common/common.go
@@ -22,7 +22,6 @@ import (
 
 	"github.com/emicklei/go-restful/v3"
 
-	"k8s.io/kube-openapi/pkg/openapiconv"
 	"k8s.io/kube-openapi/pkg/spec3"
 	"k8s.io/kube-openapi/pkg/validation/spec"
 )
@@ -172,43 +171,6 @@ type OpenAPIV3Config struct {
 	DefaultSecurity []map[string][]string
 }
 
-// ConvertConfigToV3 converts a Config object to an OpenAPIV3Config object
-func ConvertConfigToV3(config *Config) *OpenAPIV3Config {
-	if config == nil {
-		return nil
-	}
-
-	v3Config := &OpenAPIV3Config{
-		Info:                           config.Info,
-		IgnorePrefixes:                 config.IgnorePrefixes,
-		GetDefinitions:                 config.GetDefinitions,
-		GetOperationIDAndTags:          config.GetOperationIDAndTags,
-		GetOperationIDAndTagsFromRoute: config.GetOperationIDAndTagsFromRoute,
-		GetDefinitionName:              config.GetDefinitionName,
-		Definitions:                    config.Definitions,
-		SecuritySchemes:                make(spec3.SecuritySchemes),
-		DefaultSecurity:                config.DefaultSecurity,
-		DefaultResponse:                openapiconv.ConvertResponse(config.DefaultResponse, []string{"application/json"}),
-
-		CommonResponses:     make(map[int]*spec3.Response),
-		ResponseDefinitions: make(map[string]*spec3.Response),
-	}
-
-	if config.SecurityDefinitions != nil {
-		for s, securityScheme := range *config.SecurityDefinitions {
-			v3Config.SecuritySchemes[s] = openapiconv.ConvertSecurityScheme(securityScheme)
-		}
-	}
-	for k, commonResponse := range config.CommonResponses {
-		v3Config.CommonResponses[k] = openapiconv.ConvertResponse(&commonResponse, []string{"application/json"})
-	}
-
-	for k, responseDefinition := range config.ResponseDefinitions {
-		v3Config.ResponseDefinitions[k] = openapiconv.ConvertResponse(&responseDefinition, []string{"application/json"})
-	}
-	return v3Config
-}
-
 type typeInfo struct {
 	name   string
 	format string
diff --git a/vendor/k8s.io/kube-openapi/pkg/handler3/handler.go b/vendor/k8s.io/kube-openapi/pkg/handler3/handler.go
index 66b7a68da..fc4563488 100644
--- a/vendor/k8s.io/kube-openapi/pkg/handler3/handler.go
+++ b/vendor/k8s.io/kube-openapi/pkg/handler3/handler.go
@@ -30,9 +30,10 @@ import (
 	"time"
 
 	"github.com/golang/protobuf/proto"
-	openapi_v3 "github.com/google/gnostic/openapiv3"
+	openapi_v3 "github.com/google/gnostic-models/openapiv3"
 	"github.com/google/uuid"
 	"github.com/munnerz/goautoneg"
+
 	"k8s.io/klog/v2"
 	"k8s.io/kube-openapi/pkg/cached"
 	"k8s.io/kube-openapi/pkg/common"
@@ -73,38 +74,38 @@ type timedSpec struct {
 
 // This type is protected by the lock on OpenAPIService.
 type openAPIV3Group struct {
-	specCache cached.Replaceable[*spec3.OpenAPI]
-	pbCache   cached.Data[timedSpec]
-	jsonCache cached.Data[timedSpec]
+	specCache cached.LastSuccess[*spec3.OpenAPI]
+	pbCache   cached.Value[timedSpec]
+	jsonCache cached.Value[timedSpec]
 }
 
 func newOpenAPIV3Group() *openAPIV3Group {
 	o := &openAPIV3Group{}
-	o.jsonCache = cached.NewTransformer[*spec3.OpenAPI](func(result cached.Result[*spec3.OpenAPI]) cached.Result[timedSpec] {
-		if result.Err != nil {
-			return cached.NewResultErr[timedSpec](result.Err)
+	o.jsonCache = cached.Transform[*spec3.OpenAPI](func(spec *spec3.OpenAPI, etag string, err error) (timedSpec, string, error) {
+		if err != nil {
+			return timedSpec{}, "", err
 		}
-		json, err := json.Marshal(result.Data)
+		json, err := json.Marshal(spec)
 		if err != nil {
-			return cached.NewResultErr[timedSpec](err)
+			return timedSpec{}, "", err
 		}
-		return cached.NewResultOK(timedSpec{spec: json, lastModified: time.Now()}, computeETag(json))
+		return timedSpec{spec: json, lastModified: time.Now()}, computeETag(json), nil
 	}, &o.specCache)
-	o.pbCache = cached.NewTransformer(func(result cached.Result[timedSpec]) cached.Result[timedSpec] {
-		if result.Err != nil {
-			return cached.NewResultErr[timedSpec](result.Err)
+	o.pbCache = cached.Transform(func(ts timedSpec, etag string, err error) (timedSpec, string, error) {
+		if err != nil {
+			return timedSpec{}, "", err
 		}
-		proto, err := ToV3ProtoBinary(result.Data.spec)
+		proto, err := ToV3ProtoBinary(ts.spec)
 		if err != nil {
-			return cached.NewResultErr[timedSpec](err)
+			return timedSpec{}, "", err
 		}
-		return cached.NewResultOK(timedSpec{spec: proto, lastModified: result.Data.lastModified}, result.Etag)
+		return timedSpec{spec: proto, lastModified: ts.lastModified}, etag, nil
 	}, o.jsonCache)
 	return o
 }
 
-func (o *openAPIV3Group) UpdateSpec(openapi cached.Data[*spec3.OpenAPI]) {
-	o.specCache.Replace(openapi)
+func (o *openAPIV3Group) UpdateSpec(openapi cached.Value[*spec3.OpenAPI]) {
+	o.specCache.Store(openapi)
 }
 
 // OpenAPIService is the service responsible for serving OpenAPI spec. It has
@@ -114,7 +115,7 @@ type OpenAPIService struct {
 	mutex    sync.Mutex
 	v3Schema map[string]*openAPIV3Group
 
-	discoveryCache cached.Replaceable[timedSpec]
+	discoveryCache cached.LastSuccess[timedSpec]
 }
 
 func computeETag(data []byte) string {
@@ -137,20 +138,20 @@ func NewOpenAPIService() *OpenAPIService {
 	o := &OpenAPIService{}
 	o.v3Schema = make(map[string]*openAPIV3Group)
 	// We're not locked because we haven't shared the structure yet.
-	o.discoveryCache.Replace(o.buildDiscoveryCacheLocked())
+	o.discoveryCache.Store(o.buildDiscoveryCacheLocked())
 	return o
 }
 
-func (o *OpenAPIService) buildDiscoveryCacheLocked() cached.Data[timedSpec] {
-	caches := make(map[string]cached.Data[timedSpec], len(o.v3Schema))
+func (o *OpenAPIService) buildDiscoveryCacheLocked() cached.Value[timedSpec] {
+	caches := make(map[string]cached.Value[timedSpec], len(o.v3Schema))
 	for gvName, group := range o.v3Schema {
 		caches[gvName] = group.jsonCache
 	}
-	return cached.NewMerger(func(results map[string]cached.Result[timedSpec]) cached.Result[timedSpec] {
+	return cached.Merge(func(results map[string]cached.Result[timedSpec]) (timedSpec, string, error) {
 		discovery := &OpenAPIV3Discovery{Paths: make(map[string]OpenAPIV3DiscoveryGroupVersion)}
 		for gvName, result := range results {
 			if result.Err != nil {
-				return cached.NewResultErr[timedSpec](result.Err)
+				return timedSpec{}, "", result.Err
 			}
 			discovery.Paths[gvName] = OpenAPIV3DiscoveryGroupVersion{
 				ServerRelativeURL: constructServerRelativeURL(gvName, result.Etag),
@@ -158,9 +159,9 @@ func (o *OpenAPIService) buildDiscoveryCacheLocked() cached.Data[timedSpec] {
 		}
 		j, err := json.Marshal(discovery)
 		if err != nil {
-			return cached.NewResultErr[timedSpec](err)
+			return timedSpec{}, "", err
 		}
-		return cached.NewResultOK(timedSpec{spec: j, lastModified: time.Now()}, computeETag(j))
+		return timedSpec{spec: j, lastModified: time.Now()}, computeETag(j), nil
 	}, caches)
 }
 
@@ -171,32 +172,32 @@ func (o *OpenAPIService) getSingleGroupBytes(getType string, group string) ([]by
 	if !ok {
 		return nil, "", time.Now(), fmt.Errorf("Cannot find CRD group %s", group)
 	}
-	result := cached.Result[timedSpec]{}
 	switch getType {
 	case subTypeJSON:
-		result = v.jsonCache.Get()
+		ts, etag, err := v.jsonCache.Get()
+		return ts.spec, etag, ts.lastModified, err
 	case subTypeProtobuf, subTypeProtobufDeprecated:
-		result = v.pbCache.Get()
+		ts, etag, err := v.pbCache.Get()
+		return ts.spec, etag, ts.lastModified, err
 	default:
 		return nil, "", time.Now(), fmt.Errorf("Invalid accept clause %s", getType)
 	}
-	return result.Data.spec, result.Etag, result.Data.lastModified, result.Err
 }
 
 // UpdateGroupVersionLazy adds or updates an existing group with the new cached.
-func (o *OpenAPIService) UpdateGroupVersionLazy(group string, openapi cached.Data[*spec3.OpenAPI]) {
+func (o *OpenAPIService) UpdateGroupVersionLazy(group string, openapi cached.Value[*spec3.OpenAPI]) {
 	o.mutex.Lock()
 	defer o.mutex.Unlock()
 	if _, ok := o.v3Schema[group]; !ok {
 		o.v3Schema[group] = newOpenAPIV3Group()
 		// Since there is a new item, we need to re-build the cache map.
-		o.discoveryCache.Replace(o.buildDiscoveryCacheLocked())
+		o.discoveryCache.Store(o.buildDiscoveryCacheLocked())
 	}
 	o.v3Schema[group].UpdateSpec(openapi)
 }
 
 func (o *OpenAPIService) UpdateGroupVersion(group string, openapi *spec3.OpenAPI) {
-	o.UpdateGroupVersionLazy(group, cached.NewResultOK(openapi, uuid.New().String()))
+	o.UpdateGroupVersionLazy(group, cached.Static(openapi, uuid.New().String()))
 }
 
 func (o *OpenAPIService) DeleteGroupVersion(group string) {
@@ -204,19 +205,19 @@ func (o *OpenAPIService) DeleteGroupVersion(group string) {
 	defer o.mutex.Unlock()
 	delete(o.v3Schema, group)
 	// Rebuild the merge cache map since the items have changed.
-	o.discoveryCache.Replace(o.buildDiscoveryCacheLocked())
+	o.discoveryCache.Store(o.buildDiscoveryCacheLocked())
 }
 
 func (o *OpenAPIService) HandleDiscovery(w http.ResponseWriter, r *http.Request) {
-	result := o.discoveryCache.Get()
-	if result.Err != nil {
-		klog.Errorf("Error serving discovery: %s", result.Err)
+	ts, etag, err := o.discoveryCache.Get()
+	if err != nil {
+		klog.Errorf("Error serving discovery: %s", err)
 		w.WriteHeader(http.StatusInternalServerError)
 		return
 	}
-	w.Header().Set("Etag", strconv.Quote(result.Etag))
+	w.Header().Set("Etag", strconv.Quote(etag))
 	w.Header().Set("Content-Type", "application/json")
-	http.ServeContent(w, r, "/openapi/v3", result.Data.lastModified, bytes.NewReader(result.Data.spec))
+	http.ServeContent(w, r, "/openapi/v3", ts.lastModified, bytes.NewReader(ts.spec))
 }
 
 func (o *OpenAPIService) HandleGroupVersion(w http.ResponseWriter, r *http.Request) {
diff --git a/vendor/k8s.io/kube-openapi/pkg/internal/flags.go b/vendor/k8s.io/kube-openapi/pkg/internal/flags.go
index bef603782..da5485f6a 100644
--- a/vendor/k8s.io/kube-openapi/pkg/internal/flags.go
+++ b/vendor/k8s.io/kube-openapi/pkg/internal/flags.go
@@ -22,3 +22,4 @@ var UseOptimizedJSONUnmarshalingV3 bool = true
 
 // Used by tests to selectively disable experimental JSON marshaler
 var UseOptimizedJSONMarshaling bool = true
+var UseOptimizedJSONMarshalingV3 bool = true
diff --git a/vendor/k8s.io/kube-openapi/pkg/openapiconv/convert.go b/vendor/k8s.io/kube-openapi/pkg/openapiconv/convert.go
deleted file mode 100644
index e993fe23d..000000000
--- a/vendor/k8s.io/kube-openapi/pkg/openapiconv/convert.go
+++ /dev/null
@@ -1,322 +0,0 @@
-/*
-Copyright 2022 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package openapiconv
-
-import (
-	"strings"
-
-	klog "k8s.io/klog/v2"
-	builderutil "k8s.io/kube-openapi/pkg/builder3/util"
-	"k8s.io/kube-openapi/pkg/spec3"
-	"k8s.io/kube-openapi/pkg/validation/spec"
-)
-
-var OpenAPIV2DefPrefix = "#/definitions/"
-var OpenAPIV3DefPrefix = "#/components/schemas/"
-
-// ConvertV2ToV3 converts an OpenAPI V2 object into V3.
-// Certain references may be shared between the V2 and V3 objects in the conversion.
-func ConvertV2ToV3(v2Spec *spec.Swagger) *spec3.OpenAPI {
-	v3Spec := &spec3.OpenAPI{
-		Version:      "3.0.0",
-		Info:         v2Spec.Info,
-		ExternalDocs: ConvertExternalDocumentation(v2Spec.ExternalDocs),
-		Paths:        ConvertPaths(v2Spec.Paths),
-		Components:   ConvertComponents(v2Spec.SecurityDefinitions, v2Spec.Definitions, v2Spec.Responses, v2Spec.Produces),
-	}
-
-	return v3Spec
-}
-
-func ConvertExternalDocumentation(v2ED *spec.ExternalDocumentation) *spec3.ExternalDocumentation {
-	if v2ED == nil {
-		return nil
-	}
-	return &spec3.ExternalDocumentation{
-		ExternalDocumentationProps: spec3.ExternalDocumentationProps{
-			Description: v2ED.Description,
-			URL:         v2ED.URL,
-		},
-	}
-}
-
-func ConvertComponents(v2SecurityDefinitions spec.SecurityDefinitions, v2Definitions spec.Definitions, v2Responses map[string]spec.Response, produces []string) *spec3.Components {
-	components := &spec3.Components{}
-
-	if v2Definitions != nil {
-		components.Schemas = make(map[string]*spec.Schema)
-	}
-	for s, schema := range v2Definitions {
-		components.Schemas[s] = ConvertSchema(&schema)
-	}
-	if v2SecurityDefinitions != nil {
-		components.SecuritySchemes = make(spec3.SecuritySchemes)
-	}
-	for s, securityScheme := range v2SecurityDefinitions {
-		components.SecuritySchemes[s] = ConvertSecurityScheme(securityScheme)
-	}
-	if v2Responses != nil {
-		components.Responses = make(map[string]*spec3.Response)
-	}
-	for r, response := range v2Responses {
-		components.Responses[r] = ConvertResponse(&response, produces)
-	}
-
-	return components
-}
-
-func ConvertSchema(v2Schema *spec.Schema) *spec.Schema {
-	if v2Schema == nil {
-		return nil
-	}
-	v3Schema := spec.Schema{
-		VendorExtensible:   v2Schema.VendorExtensible,
-		SchemaProps:        v2Schema.SchemaProps,
-		SwaggerSchemaProps: v2Schema.SwaggerSchemaProps,
-		ExtraProps:         v2Schema.ExtraProps,
-	}
-
-	if refString := v2Schema.Ref.String(); refString != "" {
-		if idx := strings.Index(refString, OpenAPIV2DefPrefix); idx != -1 {
-			v3Schema.Ref = spec.MustCreateRef(OpenAPIV3DefPrefix + refString[idx+len(OpenAPIV2DefPrefix):])
-		} else {
-			klog.Errorf("Error: Swagger V2 Ref %s does not contain #/definitions\n", refString)
-		}
-	}
-
-	if v2Schema.Properties != nil {
-		v3Schema.Properties = make(map[string]spec.Schema)
-		for key, property := range v2Schema.Properties {
-			v3Schema.Properties[key] = *ConvertSchema(&property)
-		}
-	}
-	if v2Schema.Items != nil {
-		v3Schema.Items = &spec.SchemaOrArray{
-			Schema:  ConvertSchema(v2Schema.Items.Schema),
-			Schemas: ConvertSchemaList(v2Schema.Items.Schemas),
-		}
-	}
-
-	if v2Schema.AdditionalProperties != nil {
-		v3Schema.AdditionalProperties = &spec.SchemaOrBool{
-			Schema: ConvertSchema(v2Schema.AdditionalProperties.Schema),
-			Allows: v2Schema.AdditionalProperties.Allows,
-		}
-	}
-	if v2Schema.AdditionalItems != nil {
-		v3Schema.AdditionalItems = &spec.SchemaOrBool{
-			Schema: ConvertSchema(v2Schema.AdditionalItems.Schema),
-			Allows: v2Schema.AdditionalItems.Allows,
-		}
-	}
-
-	return builderutil.WrapRefs(&v3Schema)
-}
-
-func ConvertSchemaList(v2SchemaList []spec.Schema) []spec.Schema {
-	if v2SchemaList == nil {
-		return nil
-	}
-	v3SchemaList := []spec.Schema{}
-	for _, s := range v2SchemaList {
-		v3SchemaList = append(v3SchemaList, *ConvertSchema(&s))
-	}
-	return v3SchemaList
-}
-
-func ConvertSecurityScheme(v2securityScheme *spec.SecurityScheme) *spec3.SecurityScheme {
-	if v2securityScheme == nil {
-		return nil
-	}
-	securityScheme := &spec3.SecurityScheme{
-		VendorExtensible: v2securityScheme.VendorExtensible,
-		SecuritySchemeProps: spec3.SecuritySchemeProps{
-			Description: v2securityScheme.Description,
-			Type:        v2securityScheme.Type,
-			Name:        v2securityScheme.Name,
-			In:          v2securityScheme.In,
-		},
-	}
-
-	if v2securityScheme.Flow != "" {
-		securityScheme.Flows = make(map[string]*spec3.OAuthFlow)
-		securityScheme.Flows[v2securityScheme.Flow] = &spec3.OAuthFlow{
-			OAuthFlowProps: spec3.OAuthFlowProps{
-				AuthorizationUrl: v2securityScheme.AuthorizationURL,
-				TokenUrl:         v2securityScheme.TokenURL,
-				Scopes:           v2securityScheme.Scopes,
-			},
-		}
-	}
-	return securityScheme
-}
-
-func ConvertPaths(v2Paths *spec.Paths) *spec3.Paths {
-	if v2Paths == nil {
-		return nil
-	}
-	paths := &spec3.Paths{
-		VendorExtensible: v2Paths.VendorExtensible,
-	}
-
-	if v2Paths.Paths != nil {
-		paths.Paths = make(map[string]*spec3.Path)
-	}
-	for k, v := range v2Paths.Paths {
-		paths.Paths[k] = ConvertPathItem(v)
-	}
-	return paths
-}
-
-func ConvertPathItem(v2pathItem spec.PathItem) *spec3.Path {
-	path := &spec3.Path{
-		Refable: v2pathItem.Refable,
-		PathProps: spec3.PathProps{
-			Get:     ConvertOperation(v2pathItem.Get),
-			Put:     ConvertOperation(v2pathItem.Put),
-			Post:    ConvertOperation(v2pathItem.Post),
-			Delete:  ConvertOperation(v2pathItem.Delete),
-			Options: ConvertOperation(v2pathItem.Options),
-			Head:    ConvertOperation(v2pathItem.Head),
-			Patch:   ConvertOperation(v2pathItem.Patch),
-		},
-		VendorExtensible: v2pathItem.VendorExtensible,
-	}
-	for _, param := range v2pathItem.Parameters {
-		path.Parameters = append(path.Parameters, ConvertParameter(param))
-	}
-	return path
-}
-
-func ConvertOperation(v2Operation *spec.Operation) *spec3.Operation {
-	if v2Operation == nil {
-		return nil
-	}
-	operation := &spec3.Operation{
-		VendorExtensible: v2Operation.VendorExtensible,
-		OperationProps: spec3.OperationProps{
-			Description:  v2Operation.Description,
-			ExternalDocs: ConvertExternalDocumentation(v2Operation.OperationProps.ExternalDocs),
-			Tags:         v2Operation.Tags,
-			Summary:      v2Operation.Summary,
-			Deprecated:   v2Operation.Deprecated,
-			OperationId:  v2Operation.ID,
-		},
-	}
-
-	for _, param := range v2Operation.Parameters {
-		if param.ParamProps.Name == "body" && param.ParamProps.Schema != nil {
-			operation.OperationProps.RequestBody = &spec3.RequestBody{
-				RequestBodyProps: spec3.RequestBodyProps{},
-			}
-			if v2Operation.Consumes != nil {
-				operation.RequestBody.Content = make(map[string]*spec3.MediaType)
-			}
-			for _, consumer := range v2Operation.Consumes {
-				operation.RequestBody.Content[consumer] = &spec3.MediaType{
-					MediaTypeProps: spec3.MediaTypeProps{
-						Schema: ConvertSchema(param.ParamProps.Schema),
-					},
-				}
-			}
-		} else {
-			operation.Parameters = append(operation.Parameters, ConvertParameter(param))
-		}
-	}
-
-	operation.Responses = &spec3.Responses{ResponsesProps: spec3.ResponsesProps{
-		Default: ConvertResponse(v2Operation.Responses.Default, v2Operation.Produces),
-	},
-		VendorExtensible: v2Operation.Responses.VendorExtensible,
-	}
-
-	if v2Operation.Responses.StatusCodeResponses != nil {
-		operation.Responses.StatusCodeResponses = make(map[int]*spec3.Response)
-	}
-	for k, v := range v2Operation.Responses.StatusCodeResponses {
-		operation.Responses.StatusCodeResponses[k] = ConvertResponse(&v, v2Operation.Produces)
-	}
-	return operation
-}
-
-func ConvertResponse(v2Response *spec.Response, produces []string) *spec3.Response {
-	if v2Response == nil {
-		return nil
-	}
-	response := &spec3.Response{
-		Refable:          ConvertRefableResponse(v2Response.Refable),
-		VendorExtensible: v2Response.VendorExtensible,
-		ResponseProps: spec3.ResponseProps{
-			Description: v2Response.Description,
-		},
-	}
-
-	if v2Response.Schema != nil {
-		if produces != nil {
-			response.Content = make(map[string]*spec3.MediaType)
-		}
-		for _, producer := range produces {
-			response.ResponseProps.Content[producer] = &spec3.MediaType{
-				MediaTypeProps: spec3.MediaTypeProps{
-					Schema: ConvertSchema(v2Response.Schema),
-				},
-			}
-		}
-	}
-	return response
-}
-
-func ConvertParameter(v2Param spec.Parameter) *spec3.Parameter {
-	param := &spec3.Parameter{
-		Refable:          ConvertRefableParameter(v2Param.Refable),
-		VendorExtensible: v2Param.VendorExtensible,
-		ParameterProps: spec3.ParameterProps{
-			Name:            v2Param.Name,
-			Description:     v2Param.Description,
-			In:              v2Param.In,
-			Required:        v2Param.Required,
-			Schema:          ConvertSchema(v2Param.Schema),
-			AllowEmptyValue: v2Param.AllowEmptyValue,
-		},
-	}
-	// Convert SimpleSchema into Schema
-	if param.Schema == nil {
-		param.Schema = &spec.Schema{
-			SchemaProps: spec.SchemaProps{
-				Type:        []string{v2Param.Type},
-				Format:      v2Param.Format,
-				UniqueItems: v2Param.UniqueItems,
-			},
-		}
-	}
-
-	return param
-}
-
-func ConvertRefableParameter(refable spec.Refable) spec.Refable {
-	if refable.Ref.String() != "" {
-		return spec.Refable{Ref: spec.MustCreateRef(strings.Replace(refable.Ref.String(), "#/parameters/", "#/components/parameters/", 1))}
-	}
-	return refable
-}
-
-func ConvertRefableResponse(refable spec.Refable) spec.Refable {
-	if refable.Ref.String() != "" {
-		return spec.Refable{Ref: spec.MustCreateRef(strings.Replace(refable.Ref.String(), "#/responses/", "#/components/responses/", 1))}
-	}
-	return refable
-}
diff --git a/vendor/k8s.io/kube-openapi/pkg/schemamutation/walker.go b/vendor/k8s.io/kube-openapi/pkg/schemamutation/walker.go
deleted file mode 100644
index 3fac658e3..000000000
--- a/vendor/k8s.io/kube-openapi/pkg/schemamutation/walker.go
+++ /dev/null
@@ -1,519 +0,0 @@
-/*
-Copyright 2017 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package schemamutation
-
-import (
-	"k8s.io/kube-openapi/pkg/validation/spec"
-)
-
-// Walker runs callback functions on all references of an OpenAPI spec,
-// replacing the values when visiting corresponding types.
-type Walker struct {
-	// SchemaCallback will be called on each schema, taking the original schema,
-	// and before any other callbacks of the Walker.
-	// If the schema needs to be mutated, DO NOT mutate it in-place,
-	// always create a copy, mutate, and return it.
-	SchemaCallback func(schema *spec.Schema) *spec.Schema
-
-	// RefCallback will be called on each ref.
-	// If the ref needs to be mutated, DO NOT mutate it in-place,
-	// always create a copy, mutate, and return it.
-	RefCallback func(ref *spec.Ref) *spec.Ref
-}
-
-type SchemaCallbackFunc func(schema *spec.Schema) *spec.Schema
-type RefCallbackFunc func(ref *spec.Ref) *spec.Ref
-
-var SchemaCallBackNoop SchemaCallbackFunc = func(schema *spec.Schema) *spec.Schema {
-	return schema
-}
-var RefCallbackNoop RefCallbackFunc = func(ref *spec.Ref) *spec.Ref {
-	return ref
-}
-
-// ReplaceReferences rewrites the references without mutating the input.
-// The output might share data with the input.
-func ReplaceReferences(walkRef func(ref *spec.Ref) *spec.Ref, sp *spec.Swagger) *spec.Swagger {
-	walker := &Walker{RefCallback: walkRef, SchemaCallback: SchemaCallBackNoop}
-	return walker.WalkRoot(sp)
-}
-
-func (w *Walker) WalkSchema(schema *spec.Schema) *spec.Schema {
-	if schema == nil {
-		return nil
-	}
-
-	orig := schema
-	clone := func() {
-		if orig == schema {
-			schema = &spec.Schema{}
-			*schema = *orig
-		}
-	}
-
-	// Always run callback on the whole schema first
-	// so that SchemaCallback can take the original schema as input.
-	schema = w.SchemaCallback(schema)
-
-	if r := w.RefCallback(&schema.Ref); r != &schema.Ref {
-		clone()
-		schema.Ref = *r
-	}
-
-	definitionsCloned := false
-	for k, v := range schema.Definitions {
-		if s := w.WalkSchema(&v); s != &v {
-			if !definitionsCloned {
-				definitionsCloned = true
-				clone()
-				schema.Definitions = make(spec.Definitions, len(orig.Definitions))
-				for k2, v2 := range orig.Definitions {
-					schema.Definitions[k2] = v2
-				}
-			}
-			schema.Definitions[k] = *s
-		}
-	}
-
-	propertiesCloned := false
-	for k, v := range schema.Properties {
-		if s := w.WalkSchema(&v); s != &v {
-			if !propertiesCloned {
-				propertiesCloned = true
-				clone()
-				schema.Properties = make(map[string]spec.Schema, len(orig.Properties))
-				for k2, v2 := range orig.Properties {
-					schema.Properties[k2] = v2
-				}
-			}
-			schema.Properties[k] = *s
-		}
-	}
-
-	patternPropertiesCloned := false
-	for k, v := range schema.PatternProperties {
-		if s := w.WalkSchema(&v); s != &v {
-			if !patternPropertiesCloned {
-				patternPropertiesCloned = true
-				clone()
-				schema.PatternProperties = make(map[string]spec.Schema, len(orig.PatternProperties))
-				for k2, v2 := range orig.PatternProperties {
-					schema.PatternProperties[k2] = v2
-				}
-			}
-			schema.PatternProperties[k] = *s
-		}
-	}
-
-	allOfCloned := false
-	for i := range schema.AllOf {
-		if s := w.WalkSchema(&schema.AllOf[i]); s != &schema.AllOf[i] {
-			if !allOfCloned {
-				allOfCloned = true
-				clone()
-				schema.AllOf = make([]spec.Schema, len(orig.AllOf))
-				copy(schema.AllOf, orig.AllOf)
-			}
-			schema.AllOf[i] = *s
-		}
-	}
-
-	anyOfCloned := false
-	for i := range schema.AnyOf {
-		if s := w.WalkSchema(&schema.AnyOf[i]); s != &schema.AnyOf[i] {
-			if !anyOfCloned {
-				anyOfCloned = true
-				clone()
-				schema.AnyOf = make([]spec.Schema, len(orig.AnyOf))
-				copy(schema.AnyOf, orig.AnyOf)
-			}
-			schema.AnyOf[i] = *s
-		}
-	}
-
-	oneOfCloned := false
-	for i := range schema.OneOf {
-		if s := w.WalkSchema(&schema.OneOf[i]); s != &schema.OneOf[i] {
-			if !oneOfCloned {
-				oneOfCloned = true
-				clone()
-				schema.OneOf = make([]spec.Schema, len(orig.OneOf))
-				copy(schema.OneOf, orig.OneOf)
-			}
-			schema.OneOf[i] = *s
-		}
-	}
-
-	if schema.Not != nil {
-		if s := w.WalkSchema(schema.Not); s != schema.Not {
-			clone()
-			schema.Not = s
-		}
-	}
-
-	if schema.AdditionalProperties != nil && schema.AdditionalProperties.Schema != nil {
-		if s := w.WalkSchema(schema.AdditionalProperties.Schema); s != schema.AdditionalProperties.Schema {
-			clone()
-			schema.AdditionalProperties = &spec.SchemaOrBool{Schema: s, Allows: schema.AdditionalProperties.Allows}
-		}
-	}
-
-	if schema.AdditionalItems != nil && schema.AdditionalItems.Schema != nil {
-		if s := w.WalkSchema(schema.AdditionalItems.Schema); s != schema.AdditionalItems.Schema {
-			clone()
-			schema.AdditionalItems = &spec.SchemaOrBool{Schema: s, Allows: schema.AdditionalItems.Allows}
-		}
-	}
-
-	if schema.Items != nil {
-		if schema.Items.Schema != nil {
-			if s := w.WalkSchema(schema.Items.Schema); s != schema.Items.Schema {
-				clone()
-				schema.Items = &spec.SchemaOrArray{Schema: s}
-			}
-		} else {
-			itemsCloned := false
-			for i := range schema.Items.Schemas {
-				if s := w.WalkSchema(&schema.Items.Schemas[i]); s != &schema.Items.Schemas[i] {
-					if !itemsCloned {
-						clone()
-						schema.Items = &spec.SchemaOrArray{
-							Schemas: make([]spec.Schema, len(orig.Items.Schemas)),
-						}
-						itemsCloned = true
-						copy(schema.Items.Schemas, orig.Items.Schemas)
-					}
-					schema.Items.Schemas[i] = *s
-				}
-			}
-		}
-	}
-
-	return schema
-}
-
-func (w *Walker) walkParameter(param *spec.Parameter) *spec.Parameter {
-	if param == nil {
-		return nil
-	}
-
-	orig := param
-	cloned := false
-	clone := func() {
-		if !cloned {
-			cloned = true
-			param = &spec.Parameter{}
-			*param = *orig
-		}
-	}
-
-	if r := w.RefCallback(&param.Ref); r != &param.Ref {
-		clone()
-		param.Ref = *r
-	}
-	if s := w.WalkSchema(param.Schema); s != param.Schema {
-		clone()
-		param.Schema = s
-	}
-	if param.Items != nil {
-		if r := w.RefCallback(&param.Items.Ref); r != &param.Items.Ref {
-			param.Items.Ref = *r
-		}
-	}
-
-	return param
-}
-
-func (w *Walker) walkParameters(params []spec.Parameter) ([]spec.Parameter, bool) {
-	if params == nil {
-		return nil, false
-	}
-
-	orig := params
-	cloned := false
-	clone := func() {
-		if !cloned {
-			cloned = true
-			params = make([]spec.Parameter, len(params))
-			copy(params, orig)
-		}
-	}
-
-	for i := range params {
-		if s := w.walkParameter(&params[i]); s != &params[i] {
-			clone()
-			params[i] = *s
-		}
-	}
-
-	return params, cloned
-}
-
-func (w *Walker) walkResponse(resp *spec.Response) *spec.Response {
-	if resp == nil {
-		return nil
-	}
-
-	orig := resp
-	cloned := false
-	clone := func() {
-		if !cloned {
-			cloned = true
-			resp = &spec.Response{}
-			*resp = *orig
-		}
-	}
-
-	if r := w.RefCallback(&resp.Ref); r != &resp.Ref {
-		clone()
-		resp.Ref = *r
-	}
-	if s := w.WalkSchema(resp.Schema); s != resp.Schema {
-		clone()
-		resp.Schema = s
-	}
-
-	return resp
-}
-
-func (w *Walker) walkResponses(resps *spec.Responses) *spec.Responses {
-	if resps == nil {
-		return nil
-	}
-
-	orig := resps
-	cloned := false
-	clone := func() {
-		if !cloned {
-			cloned = true
-			resps = &spec.Responses{}
-			*resps = *orig
-		}
-	}
-
-	if r := w.walkResponse(resps.ResponsesProps.Default); r != resps.ResponsesProps.Default {
-		clone()
-		resps.Default = r
-	}
-
-	responsesCloned := false
-	for k, v := range resps.ResponsesProps.StatusCodeResponses {
-		if r := w.walkResponse(&v); r != &v {
-			if !responsesCloned {
-				responsesCloned = true
-				clone()
-				resps.ResponsesProps.StatusCodeResponses = make(map[int]spec.Response, len(orig.StatusCodeResponses))
-				for k2, v2 := range orig.StatusCodeResponses {
-					resps.ResponsesProps.StatusCodeResponses[k2] = v2
-				}
-			}
-			resps.ResponsesProps.StatusCodeResponses[k] = *r
-		}
-	}
-
-	return resps
-}
-
-func (w *Walker) walkOperation(op *spec.Operation) *spec.Operation {
-	if op == nil {
-		return nil
-	}
-
-	orig := op
-	cloned := false
-	clone := func() {
-		if !cloned {
-			cloned = true
-			op = &spec.Operation{}
-			*op = *orig
-		}
-	}
-
-	parametersCloned := false
-	for i := range op.Parameters {
-		if s := w.walkParameter(&op.Parameters[i]); s != &op.Parameters[i] {
-			if !parametersCloned {
-				parametersCloned = true
-				clone()
-				op.Parameters = make([]spec.Parameter, len(orig.Parameters))
-				copy(op.Parameters, orig.Parameters)
-			}
-			op.Parameters[i] = *s
-		}
-	}
-
-	if r := w.walkResponses(op.Responses); r != op.Responses {
-		clone()
-		op.Responses = r
-	}
-
-	return op
-}
-
-func (w *Walker) walkPathItem(pathItem *spec.PathItem) *spec.PathItem {
-	if pathItem == nil {
-		return nil
-	}
-
-	orig := pathItem
-	cloned := false
-	clone := func() {
-		if !cloned {
-			cloned = true
-			pathItem = &spec.PathItem{}
-			*pathItem = *orig
-		}
-	}
-
-	if p, changed := w.walkParameters(pathItem.Parameters); changed {
-		clone()
-		pathItem.Parameters = p
-	}
-	if op := w.walkOperation(pathItem.Get); op != pathItem.Get {
-		clone()
-		pathItem.Get = op
-	}
-	if op := w.walkOperation(pathItem.Head); op != pathItem.Head {
-		clone()
-		pathItem.Head = op
-	}
-	if op := w.walkOperation(pathItem.Delete); op != pathItem.Delete {
-		clone()
-		pathItem.Delete = op
-	}
-	if op := w.walkOperation(pathItem.Options); op != pathItem.Options {
-		clone()
-		pathItem.Options = op
-	}
-	if op := w.walkOperation(pathItem.Patch); op != pathItem.Patch {
-		clone()
-		pathItem.Patch = op
-	}
-	if op := w.walkOperation(pathItem.Post); op != pathItem.Post {
-		clone()
-		pathItem.Post = op
-	}
-	if op := w.walkOperation(pathItem.Put); op != pathItem.Put {
-		clone()
-		pathItem.Put = op
-	}
-
-	return pathItem
-}
-
-func (w *Walker) walkPaths(paths *spec.Paths) *spec.Paths {
-	if paths == nil {
-		return nil
-	}
-
-	orig := paths
-	cloned := false
-	clone := func() {
-		if !cloned {
-			cloned = true
-			paths = &spec.Paths{}
-			*paths = *orig
-		}
-	}
-
-	pathsCloned := false
-	for k, v := range paths.Paths {
-		if p := w.walkPathItem(&v); p != &v {
-			if !pathsCloned {
-				pathsCloned = true
-				clone()
-				paths.Paths = make(map[string]spec.PathItem, len(orig.Paths))
-				for k2, v2 := range orig.Paths {
-					paths.Paths[k2] = v2
-				}
-			}
-			paths.Paths[k] = *p
-		}
-	}
-
-	return paths
-}
-
-func (w *Walker) WalkRoot(swagger *spec.Swagger) *spec.Swagger {
-	if swagger == nil {
-		return nil
-	}
-
-	orig := swagger
-	cloned := false
-	clone := func() {
-		if !cloned {
-			cloned = true
-			swagger = &spec.Swagger{}
-			*swagger = *orig
-		}
-	}
-
-	parametersCloned := false
-	for k, v := range swagger.Parameters {
-		if p := w.walkParameter(&v); p != &v {
-			if !parametersCloned {
-				parametersCloned = true
-				clone()
-				swagger.Parameters = make(map[string]spec.Parameter, len(orig.Parameters))
-				for k2, v2 := range orig.Parameters {
-					swagger.Parameters[k2] = v2
-				}
-			}
-			swagger.Parameters[k] = *p
-		}
-	}
-
-	responsesCloned := false
-	for k, v := range swagger.Responses {
-		if r := w.walkResponse(&v); r != &v {
-			if !responsesCloned {
-				responsesCloned = true
-				clone()
-				swagger.Responses = make(map[string]spec.Response, len(orig.Responses))
-				for k2, v2 := range orig.Responses {
-					swagger.Responses[k2] = v2
-				}
-			}
-			swagger.Responses[k] = *r
-		}
-	}
-
-	definitionsCloned := false
-	for k, v := range swagger.Definitions {
-		if s := w.WalkSchema(&v); s != &v {
-			if !definitionsCloned {
-				definitionsCloned = true
-				clone()
-				swagger.Definitions = make(spec.Definitions, len(orig.Definitions))
-				for k2, v2 := range orig.Definitions {
-					swagger.Definitions[k2] = v2
-				}
-			}
-			swagger.Definitions[k] = *s
-		}
-	}
-
-	if swagger.Paths != nil {
-		if p := w.walkPaths(swagger.Paths); p != swagger.Paths {
-			clone()
-			swagger.Paths = p
-		}
-	}
-
-	return swagger
-}
diff --git a/vendor/k8s.io/kube-openapi/pkg/spec3/encoding.go b/vendor/k8s.io/kube-openapi/pkg/spec3/encoding.go
index 699291f1d..1f62c6e77 100644
--- a/vendor/k8s.io/kube-openapi/pkg/spec3/encoding.go
+++ b/vendor/k8s.io/kube-openapi/pkg/spec3/encoding.go
@@ -32,6 +32,9 @@ type Encoding struct {
 
 // MarshalJSON is a custom marshal function that knows how to encode Encoding as JSON
 func (e *Encoding) MarshalJSON() ([]byte, error) {
+	if internal.UseOptimizedJSONMarshalingV3 {
+		return internal.DeterministicMarshal(e)
+	}
 	b1, err := json.Marshal(e.EncodingProps)
 	if err != nil {
 		return nil, err
@@ -43,6 +46,16 @@ func (e *Encoding) MarshalJSON() ([]byte, error) {
 	return swag.ConcatJSON(b1, b2), nil
 }
 
+func (e *Encoding) MarshalNextJSON(opts jsonv2.MarshalOptions, enc *jsonv2.Encoder) error {
+	var x struct {
+		EncodingProps encodingPropsOmitZero `json:",inline"`
+		spec.Extensions
+	}
+	x.Extensions = internal.SanitizeExtensions(e.Extensions)
+	x.EncodingProps = encodingPropsOmitZero(e.EncodingProps)
+	return opts.MarshalNext(enc, x)
+}
+
 func (e *Encoding) UnmarshalJSON(data []byte) error {
 	if internal.UseOptimizedJSONUnmarshalingV3 {
 		return jsonv2.Unmarshal(data, e)
@@ -82,3 +95,11 @@ type EncodingProps struct {
 	// AllowReserved determines whether the parameter value SHOULD allow reserved characters, as defined by RFC3986
 	AllowReserved bool `json:"allowReserved,omitempty"`
 }
+
+type encodingPropsOmitZero struct {
+	ContentType   string             `json:"contentType,omitempty"`
+	Headers       map[string]*Header `json:"headers,omitempty"`
+	Style         string             `json:"style,omitempty"`
+	Explode       bool               `json:"explode,omitzero"`
+	AllowReserved bool               `json:"allowReserved,omitzero"`
+}
diff --git a/vendor/k8s.io/kube-openapi/pkg/spec3/example.go b/vendor/k8s.io/kube-openapi/pkg/spec3/example.go
index 03b872717..8834a92e6 100644
--- a/vendor/k8s.io/kube-openapi/pkg/spec3/example.go
+++ b/vendor/k8s.io/kube-openapi/pkg/spec3/example.go
@@ -36,6 +36,9 @@ type Example struct {
 
 // MarshalJSON is a custom marshal function that knows how to encode RequestBody as JSON
 func (e *Example) MarshalJSON() ([]byte, error) {
+	if internal.UseOptimizedJSONMarshalingV3 {
+		return internal.DeterministicMarshal(e)
+	}
 	b1, err := json.Marshal(e.Refable)
 	if err != nil {
 		return nil, err
@@ -50,6 +53,17 @@ func (e *Example) MarshalJSON() ([]byte, error) {
 	}
 	return swag.ConcatJSON(b1, b2, b3), nil
 }
+func (e *Example) MarshalNextJSON(opts jsonv2.MarshalOptions, enc *jsonv2.Encoder) error {
+	var x struct {
+		Ref          string `json:"$ref,omitempty"`
+		ExampleProps `json:",inline"`
+		spec.Extensions
+	}
+	x.Ref = e.Refable.Ref.String()
+	x.Extensions = internal.SanitizeExtensions(e.Extensions)
+	x.ExampleProps = e.ExampleProps
+	return opts.MarshalNext(enc, x)
+}
 
 func (e *Example) UnmarshalJSON(data []byte) error {
 	if internal.UseOptimizedJSONUnmarshalingV3 {
diff --git a/vendor/k8s.io/kube-openapi/pkg/spec3/external_documentation.go b/vendor/k8s.io/kube-openapi/pkg/spec3/external_documentation.go
index e79956721..f0515496e 100644
--- a/vendor/k8s.io/kube-openapi/pkg/spec3/external_documentation.go
+++ b/vendor/k8s.io/kube-openapi/pkg/spec3/external_documentation.go
@@ -39,6 +39,9 @@ type ExternalDocumentationProps struct {
 
 // MarshalJSON is a custom marshal function that knows how to encode Responses as JSON
 func (e *ExternalDocumentation) MarshalJSON() ([]byte, error) {
+	if internal.UseOptimizedJSONMarshalingV3 {
+		return internal.DeterministicMarshal(e)
+	}
 	b1, err := json.Marshal(e.ExternalDocumentationProps)
 	if err != nil {
 		return nil, err
@@ -50,6 +53,16 @@ func (e *ExternalDocumentation) MarshalJSON() ([]byte, error) {
 	return swag.ConcatJSON(b1, b2), nil
 }
 
+func (e *ExternalDocumentation) MarshalNextJSON(opts jsonv2.MarshalOptions, enc *jsonv2.Encoder) error {
+	var x struct {
+		ExternalDocumentationProps `json:",inline"`
+		spec.Extensions
+	}
+	x.Extensions = internal.SanitizeExtensions(e.Extensions)
+	x.ExternalDocumentationProps = e.ExternalDocumentationProps
+	return opts.MarshalNext(enc, x)
+}
+
 func (e *ExternalDocumentation) UnmarshalJSON(data []byte) error {
 	if internal.UseOptimizedJSONUnmarshalingV3 {
 		return jsonv2.Unmarshal(data, e)
diff --git a/vendor/k8s.io/kube-openapi/pkg/spec3/fuzz.go b/vendor/k8s.io/kube-openapi/pkg/spec3/fuzz.go
index bc19dd48e..08b6246ce 100644
--- a/vendor/k8s.io/kube-openapi/pkg/spec3/fuzz.go
+++ b/vendor/k8s.io/kube-openapi/pkg/spec3/fuzz.go
@@ -35,6 +35,18 @@ var OpenAPIV3FuzzFuncs []interface{} = []interface{}{
 	func(o *OpenAPI, c fuzz.Continue) {
 		c.FuzzNoCustom(o)
 		o.Version = "3.0.0"
+		for i, val := range o.SecurityRequirement {
+			if val == nil {
+				o.SecurityRequirement[i] = make(map[string][]string)
+			}
+
+			for k, v := range val {
+				if v == nil {
+					val[k] = make([]string, 0)
+				}
+			}
+		}
+
 	},
 	func(r *interface{}, c fuzz.Continue) {
 		switch c.Intn(3) {
@@ -169,6 +181,21 @@ var OpenAPIV3FuzzFuncs []interface{} = []interface{}{
 		c.Fuzz(&v.ResponseProps)
 		c.Fuzz(&v.VendorExtensible)
 	},
+	func(v *Operation, c fuzz.Continue) {
+		c.FuzzNoCustom(v)
+		// Do not fuzz null values into the array.
+		for i, val := range v.SecurityRequirement {
+			if val == nil {
+				v.SecurityRequirement[i] = make(map[string][]string)
+			}
+
+			for k, v := range val {
+				if v == nil {
+					val[k] = make([]string, 0)
+				}
+			}
+		}
+	},
 	func(v *spec.Extensions, c fuzz.Continue) {
 		numChildren := c.Intn(5)
 		for i := 0; i < numChildren; i++ {
diff --git a/vendor/k8s.io/kube-openapi/pkg/spec3/header.go b/vendor/k8s.io/kube-openapi/pkg/spec3/header.go
index ee5a30f79..9ea30628c 100644
--- a/vendor/k8s.io/kube-openapi/pkg/spec3/header.go
+++ b/vendor/k8s.io/kube-openapi/pkg/spec3/header.go
@@ -36,6 +36,9 @@ type Header struct {
 
 // MarshalJSON is a custom marshal function that knows how to encode Header as JSON
 func (h *Header) MarshalJSON() ([]byte, error) {
+	if internal.UseOptimizedJSONMarshalingV3 {
+		return internal.DeterministicMarshal(h)
+	}
 	b1, err := json.Marshal(h.Refable)
 	if err != nil {
 		return nil, err
@@ -51,6 +54,18 @@ func (h *Header) MarshalJSON() ([]byte, error) {
 	return swag.ConcatJSON(b1, b2, b3), nil
 }
 
+func (h *Header) MarshalNextJSON(opts jsonv2.MarshalOptions, enc *jsonv2.Encoder) error {
+	var x struct {
+		Ref         string              `json:"$ref,omitempty"`
+		HeaderProps headerPropsOmitZero `json:",inline"`
+		spec.Extensions
+	}
+	x.Ref = h.Refable.Ref.String()
+	x.Extensions = internal.SanitizeExtensions(h.Extensions)
+	x.HeaderProps = headerPropsOmitZero(h.HeaderProps)
+	return opts.MarshalNext(enc, x)
+}
+
 func (h *Header) UnmarshalJSON(data []byte) error {
 	if internal.UseOptimizedJSONUnmarshalingV3 {
 		return jsonv2.Unmarshal(data, h)
@@ -109,3 +124,19 @@ type HeaderProps struct {
 	// Examples of the header
 	Examples map[string]*Example `json:"examples,omitempty"`
 }
+
+// Marshaling structure only, always edit along with corresponding
+// struct (or compilation will fail).
+type headerPropsOmitZero struct {
+	Description     string                `json:"description,omitempty"`
+	Required        bool                  `json:"required,omitzero"`
+	Deprecated      bool                  `json:"deprecated,omitzero"`
+	AllowEmptyValue bool                  `json:"allowEmptyValue,omitzero"`
+	Style           string                `json:"style,omitempty"`
+	Explode         bool                  `json:"explode,omitzero"`
+	AllowReserved   bool                  `json:"allowReserved,omitzero"`
+	Schema          *spec.Schema          `json:"schema,omitzero"`
+	Content         map[string]*MediaType `json:"content,omitempty"`
+	Example         interface{}           `json:"example,omitempty"`
+	Examples        map[string]*Example   `json:"examples,omitempty"`
+}
diff --git a/vendor/k8s.io/kube-openapi/pkg/spec3/media_type.go b/vendor/k8s.io/kube-openapi/pkg/spec3/media_type.go
index d390e69bc..47eef1edb 100644
--- a/vendor/k8s.io/kube-openapi/pkg/spec3/media_type.go
+++ b/vendor/k8s.io/kube-openapi/pkg/spec3/media_type.go
@@ -35,6 +35,9 @@ type MediaType struct {
 
 // MarshalJSON is a custom marshal function that knows how to encode MediaType as JSON
 func (m *MediaType) MarshalJSON() ([]byte, error) {
+	if internal.UseOptimizedJSONMarshalingV3 {
+		return internal.DeterministicMarshal(m)
+	}
 	b1, err := json.Marshal(m.MediaTypeProps)
 	if err != nil {
 		return nil, err
@@ -46,6 +49,16 @@ func (m *MediaType) MarshalJSON() ([]byte, error) {
 	return swag.ConcatJSON(b1, b2), nil
 }
 
+func (e *MediaType) MarshalNextJSON(opts jsonv2.MarshalOptions, enc *jsonv2.Encoder) error {
+	var x struct {
+		MediaTypeProps mediaTypePropsOmitZero `json:",inline"`
+		spec.Extensions
+	}
+	x.Extensions = internal.SanitizeExtensions(e.Extensions)
+	x.MediaTypeProps = mediaTypePropsOmitZero(e.MediaTypeProps)
+	return opts.MarshalNext(enc, x)
+}
+
 func (m *MediaType) UnmarshalJSON(data []byte) error {
 	if internal.UseOptimizedJSONUnmarshalingV3 {
 		return jsonv2.Unmarshal(data, m)
@@ -84,3 +97,10 @@ type MediaTypeProps struct {
 	// A map between a property name and its encoding information. The key, being the property name, MUST exist in the schema as a property. The encoding object SHALL only apply to requestBody objects when the media type is multipart or application/x-www-form-urlencoded
 	Encoding map[string]*Encoding `json:"encoding,omitempty"`
 }
+
+type mediaTypePropsOmitZero struct {
+	Schema   *spec.Schema         `json:"schema,omitzero"`
+	Example  interface{}          `json:"example,omitempty"`
+	Examples map[string]*Example  `json:"examples,omitempty"`
+	Encoding map[string]*Encoding `json:"encoding,omitempty"`
+}
diff --git a/vendor/k8s.io/kube-openapi/pkg/spec3/operation.go b/vendor/k8s.io/kube-openapi/pkg/spec3/operation.go
index 28230610b..f1e102547 100644
--- a/vendor/k8s.io/kube-openapi/pkg/spec3/operation.go
+++ b/vendor/k8s.io/kube-openapi/pkg/spec3/operation.go
@@ -35,6 +35,9 @@ type Operation struct {
 
 // MarshalJSON is a custom marshal function that knows how to encode Operation as JSON
 func (o *Operation) MarshalJSON() ([]byte, error) {
+	if internal.UseOptimizedJSONMarshalingV3 {
+		return internal.DeterministicMarshal(o)
+	}
 	b1, err := json.Marshal(o.OperationProps)
 	if err != nil {
 		return nil, err
@@ -46,6 +49,16 @@ func (o *Operation) MarshalJSON() ([]byte, error) {
 	return swag.ConcatJSON(b1, b2), nil
 }
 
+func (o *Operation) MarshalNextJSON(opts jsonv2.MarshalOptions, enc *jsonv2.Encoder) error {
+	var x struct {
+		spec.Extensions
+		OperationProps operationPropsOmitZero `json:",inline"`
+	}
+	x.Extensions = internal.SanitizeExtensions(o.Extensions)
+	x.OperationProps = operationPropsOmitZero(o.OperationProps)
+	return opts.MarshalNext(enc, x)
+}
+
 // UnmarshalJSON hydrates this items instance with the data from JSON
 func (o *Operation) UnmarshalJSON(data []byte) error {
 	if internal.UseOptimizedJSONUnmarshalingV3 {
@@ -95,3 +108,17 @@ type OperationProps struct {
 	// Servers contains an alternative server array to service this operation
 	Servers []*Server `json:"servers,omitempty"`
 }
+
+type operationPropsOmitZero struct {
+	Tags                []string               `json:"tags,omitempty"`
+	Summary             string                 `json:"summary,omitempty"`
+	Description         string                 `json:"description,omitempty"`
+	ExternalDocs        *ExternalDocumentation `json:"externalDocs,omitzero"`
+	OperationId         string                 `json:"operationId,omitempty"`
+	Parameters          []*Parameter           `json:"parameters,omitempty"`
+	RequestBody         *RequestBody           `json:"requestBody,omitzero"`
+	Responses           *Responses             `json:"responses,omitzero"`
+	Deprecated          bool                   `json:"deprecated,omitzero"`
+	SecurityRequirement []map[string][]string  `json:"security,omitempty"`
+	Servers             []*Server              `json:"servers,omitempty"`
+}
diff --git a/vendor/k8s.io/kube-openapi/pkg/spec3/parameter.go b/vendor/k8s.io/kube-openapi/pkg/spec3/parameter.go
index 613da71a6..ada7edb63 100644
--- a/vendor/k8s.io/kube-openapi/pkg/spec3/parameter.go
+++ b/vendor/k8s.io/kube-openapi/pkg/spec3/parameter.go
@@ -36,6 +36,9 @@ type Parameter struct {
 
 // MarshalJSON is a custom marshal function that knows how to encode Parameter as JSON
 func (p *Parameter) MarshalJSON() ([]byte, error) {
+	if internal.UseOptimizedJSONMarshalingV3 {
+		return internal.DeterministicMarshal(p)
+	}
 	b1, err := json.Marshal(p.Refable)
 	if err != nil {
 		return nil, err
@@ -51,6 +54,18 @@ func (p *Parameter) MarshalJSON() ([]byte, error) {
 	return swag.ConcatJSON(b1, b2, b3), nil
 }
 
+func (p *Parameter) MarshalNextJSON(opts jsonv2.MarshalOptions, enc *jsonv2.Encoder) error {
+	var x struct {
+		Ref            string                 `json:"$ref,omitempty"`
+		ParameterProps parameterPropsOmitZero `json:",inline"`
+		spec.Extensions
+	}
+	x.Ref = p.Refable.Ref.String()
+	x.Extensions = internal.SanitizeExtensions(p.Extensions)
+	x.ParameterProps = parameterPropsOmitZero(p.ParameterProps)
+	return opts.MarshalNext(enc, x)
+}
+
 func (p *Parameter) UnmarshalJSON(data []byte) error {
 	if internal.UseOptimizedJSONUnmarshalingV3 {
 		return jsonv2.Unmarshal(data, p)
@@ -114,3 +129,19 @@ type ParameterProps struct {
 	// Examples of the parameter's potential value. Each example SHOULD contain a value in the correct format as specified in the parameter encoding
 	Examples map[string]*Example `json:"examples,omitempty"`
 }
+
+type parameterPropsOmitZero struct {
+	Name            string                `json:"name,omitempty"`
+	In              string                `json:"in,omitempty"`
+	Description     string                `json:"description,omitempty"`
+	Required        bool                  `json:"required,omitzero"`
+	Deprecated      bool                  `json:"deprecated,omitzero"`
+	AllowEmptyValue bool                  `json:"allowEmptyValue,omitzero"`
+	Style           string                `json:"style,omitempty"`
+	Explode         bool                  `json:"explode,omitzero"`
+	AllowReserved   bool                  `json:"allowReserved,omitzero"`
+	Schema          *spec.Schema          `json:"schema,omitzero"`
+	Content         map[string]*MediaType `json:"content,omitempty"`
+	Example         interface{}           `json:"example,omitempty"`
+	Examples        map[string]*Example   `json:"examples,omitempty"`
+}
diff --git a/vendor/k8s.io/kube-openapi/pkg/spec3/path.go b/vendor/k8s.io/kube-openapi/pkg/spec3/path.go
index 40d9061ac..16fbbb4dd 100644
--- a/vendor/k8s.io/kube-openapi/pkg/spec3/path.go
+++ b/vendor/k8s.io/kube-openapi/pkg/spec3/path.go
@@ -35,15 +35,41 @@ type Paths struct {
 
 // MarshalJSON is a custom marshal function that knows how to encode Paths as JSON
 func (p *Paths) MarshalJSON() ([]byte, error) {
-	b1, err := json.Marshal(p.Paths)
+	if internal.UseOptimizedJSONMarshalingV3 {
+		return internal.DeterministicMarshal(p)
+	}
+	b1, err := json.Marshal(p.VendorExtensible)
 	if err != nil {
 		return nil, err
 	}
-	b2, err := json.Marshal(p.VendorExtensible)
+
+	pths := make(map[string]*Path)
+	for k, v := range p.Paths {
+		if strings.HasPrefix(k, "/") {
+			pths[k] = v
+		}
+	}
+	b2, err := json.Marshal(pths)
 	if err != nil {
 		return nil, err
 	}
-	return swag.ConcatJSON(b1, b2), nil
+	concated := swag.ConcatJSON(b1, b2)
+	return concated, nil
+}
+
+func (p *Paths) MarshalNextJSON(opts jsonv2.MarshalOptions, enc *jsonv2.Encoder) error {
+	m := make(map[string]any, len(p.Extensions)+len(p.Paths))
+	for k, v := range p.Extensions {
+		if internal.IsExtensionKey(k) {
+			m[k] = v
+		}
+	}
+	for k, v := range p.Paths {
+		if strings.HasPrefix(k, "/") {
+			m[k] = v
+		}
+	}
+	return opts.MarshalNext(enc, m)
 }
 
 // UnmarshalJSON hydrates this items instance with the data from JSON
@@ -144,6 +170,9 @@ type Path struct {
 
 // MarshalJSON is a custom marshal function that knows how to encode Path as JSON
 func (p *Path) MarshalJSON() ([]byte, error) {
+	if internal.UseOptimizedJSONMarshalingV3 {
+		return internal.DeterministicMarshal(p)
+	}
 	b1, err := json.Marshal(p.Refable)
 	if err != nil {
 		return nil, err
@@ -159,6 +188,18 @@ func (p *Path) MarshalJSON() ([]byte, error) {
 	return swag.ConcatJSON(b1, b2, b3), nil
 }
 
+func (p *Path) MarshalNextJSON(opts jsonv2.MarshalOptions, enc *jsonv2.Encoder) error {
+	var x struct {
+		Ref string `json:"$ref,omitempty"`
+		spec.Extensions
+		PathProps
+	}
+	x.Ref = p.Refable.Ref.String()
+	x.Extensions = internal.SanitizeExtensions(p.Extensions)
+	x.PathProps = p.PathProps
+	return opts.MarshalNext(enc, x)
+}
+
 func (p *Path) UnmarshalJSON(data []byte) error {
 	if internal.UseOptimizedJSONUnmarshalingV3 {
 		return jsonv2.Unmarshal(data, p)
diff --git a/vendor/k8s.io/kube-openapi/pkg/spec3/request_body.go b/vendor/k8s.io/kube-openapi/pkg/spec3/request_body.go
index 33267ce67..6f8607e40 100644
--- a/vendor/k8s.io/kube-openapi/pkg/spec3/request_body.go
+++ b/vendor/k8s.io/kube-openapi/pkg/spec3/request_body.go
@@ -36,6 +36,9 @@ type RequestBody struct {
 
 // MarshalJSON is a custom marshal function that knows how to encode RequestBody as JSON
 func (r *RequestBody) MarshalJSON() ([]byte, error) {
+	if internal.UseOptimizedJSONMarshalingV3 {
+		return internal.DeterministicMarshal(r)
+	}
 	b1, err := json.Marshal(r.Refable)
 	if err != nil {
 		return nil, err
@@ -51,6 +54,18 @@ func (r *RequestBody) MarshalJSON() ([]byte, error) {
 	return swag.ConcatJSON(b1, b2, b3), nil
 }
 
+func (r *RequestBody) MarshalNextJSON(opts jsonv2.MarshalOptions, enc *jsonv2.Encoder) error {
+	var x struct {
+		Ref              string                   `json:"$ref,omitempty"`
+		RequestBodyProps requestBodyPropsOmitZero `json:",inline"`
+		spec.Extensions
+	}
+	x.Ref = r.Refable.Ref.String()
+	x.Extensions = internal.SanitizeExtensions(r.Extensions)
+	x.RequestBodyProps = requestBodyPropsOmitZero(r.RequestBodyProps)
+	return opts.MarshalNext(enc, x)
+}
+
 func (r *RequestBody) UnmarshalJSON(data []byte) error {
 	if internal.UseOptimizedJSONUnmarshalingV3 {
 		return jsonv2.Unmarshal(data, r)
@@ -77,6 +92,12 @@ type RequestBodyProps struct {
 	Required bool `json:"required,omitempty"`
 }
 
+type requestBodyPropsOmitZero struct {
+	Description string                `json:"description,omitempty"`
+	Content     map[string]*MediaType `json:"content,omitempty"`
+	Required    bool                  `json:"required,omitzero"`
+}
+
 func (r *RequestBody) UnmarshalNextJSON(opts jsonv2.UnmarshalOptions, dec *jsonv2.Decoder) error {
 	var x struct {
 		spec.Extensions
diff --git a/vendor/k8s.io/kube-openapi/pkg/spec3/response.go b/vendor/k8s.io/kube-openapi/pkg/spec3/response.go
index 95b388e6c..73e241fdc 100644
--- a/vendor/k8s.io/kube-openapi/pkg/spec3/response.go
+++ b/vendor/k8s.io/kube-openapi/pkg/spec3/response.go
@@ -37,6 +37,9 @@ type Responses struct {
 
 // MarshalJSON is a custom marshal function that knows how to encode Responses as JSON
 func (r *Responses) MarshalJSON() ([]byte, error) {
+	if internal.UseOptimizedJSONMarshalingV3 {
+		return internal.DeterministicMarshal(r)
+	}
 	b1, err := json.Marshal(r.ResponsesProps)
 	if err != nil {
 		return nil, err
@@ -48,6 +51,25 @@ func (r *Responses) MarshalJSON() ([]byte, error) {
 	return swag.ConcatJSON(b1, b2), nil
 }
 
+func (r Responses) MarshalNextJSON(opts jsonv2.MarshalOptions, enc *jsonv2.Encoder) error {
+	type ArbitraryKeys map[string]interface{}
+	var x struct {
+		ArbitraryKeys
+		Default *Response `json:"default,omitzero"`
+	}
+	x.ArbitraryKeys = make(map[string]any, len(r.Extensions)+len(r.StatusCodeResponses))
+	for k, v := range r.Extensions {
+		if internal.IsExtensionKey(k) {
+			x.ArbitraryKeys[k] = v
+		}
+	}
+	for k, v := range r.StatusCodeResponses {
+		x.ArbitraryKeys[strconv.Itoa(k)] = v
+	}
+	x.Default = r.Default
+	return opts.MarshalNext(enc, x)
+}
+
 func (r *Responses) UnmarshalJSON(data []byte) error {
 	if internal.UseOptimizedJSONUnmarshalingV3 {
 		return jsonv2.Unmarshal(data, r)
@@ -179,6 +201,9 @@ type Response struct {
 
 // MarshalJSON is a custom marshal function that knows how to encode Response as JSON
 func (r *Response) MarshalJSON() ([]byte, error) {
+	if internal.UseOptimizedJSONMarshalingV3 {
+		return internal.DeterministicMarshal(r)
+	}
 	b1, err := json.Marshal(r.Refable)
 	if err != nil {
 		return nil, err
@@ -194,6 +219,18 @@ func (r *Response) MarshalJSON() ([]byte, error) {
 	return swag.ConcatJSON(b1, b2, b3), nil
 }
 
+func (r Response) MarshalNextJSON(opts jsonv2.MarshalOptions, enc *jsonv2.Encoder) error {
+	var x struct {
+		Ref string `json:"$ref,omitempty"`
+		spec.Extensions
+		ResponseProps `json:",inline"`
+	}
+	x.Ref = r.Refable.Ref.String()
+	x.Extensions = internal.SanitizeExtensions(r.Extensions)
+	x.ResponseProps = r.ResponseProps
+	return opts.MarshalNext(enc, x)
+}
+
 func (r *Response) UnmarshalJSON(data []byte) error {
 	if internal.UseOptimizedJSONUnmarshalingV3 {
 		return jsonv2.Unmarshal(data, r)
@@ -247,6 +284,9 @@ type Link struct {
 
 // MarshalJSON is a custom marshal function that knows how to encode Link as JSON
 func (r *Link) MarshalJSON() ([]byte, error) {
+	if internal.UseOptimizedJSONMarshalingV3 {
+		return internal.DeterministicMarshal(r)
+	}
 	b1, err := json.Marshal(r.Refable)
 	if err != nil {
 		return nil, err
@@ -262,6 +302,18 @@ func (r *Link) MarshalJSON() ([]byte, error) {
 	return swag.ConcatJSON(b1, b2, b3), nil
 }
 
+func (r *Link) MarshalNextJSON(opts jsonv2.MarshalOptions, enc *jsonv2.Encoder) error {
+	var x struct {
+		Ref string `json:"$ref,omitempty"`
+		spec.Extensions
+		LinkProps `json:",inline"`
+	}
+	x.Ref = r.Refable.Ref.String()
+	x.Extensions = internal.SanitizeExtensions(r.Extensions)
+	x.LinkProps = r.LinkProps
+	return opts.MarshalNext(enc, x)
+}
+
 func (r *Link) UnmarshalJSON(data []byte) error {
 	if internal.UseOptimizedJSONUnmarshalingV3 {
 		return jsonv2.Unmarshal(data, r)
diff --git a/vendor/k8s.io/kube-openapi/pkg/spec3/security_scheme.go b/vendor/k8s.io/kube-openapi/pkg/spec3/security_scheme.go
index edf7e6de3..dd1e98ed8 100644
--- a/vendor/k8s.io/kube-openapi/pkg/spec3/security_scheme.go
+++ b/vendor/k8s.io/kube-openapi/pkg/spec3/security_scheme.go
@@ -20,6 +20,8 @@ import (
 	"encoding/json"
 
 	"github.com/go-openapi/swag"
+	"k8s.io/kube-openapi/pkg/internal"
+	jsonv2 "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json"
 	"k8s.io/kube-openapi/pkg/validation/spec"
 )
 
@@ -32,6 +34,9 @@ type SecurityScheme struct {
 
 // MarshalJSON is a custom marshal function that knows how to encode SecurityScheme as JSON
 func (s *SecurityScheme) MarshalJSON() ([]byte, error) {
+	if internal.UseOptimizedJSONMarshalingV3 {
+		return internal.DeterministicMarshal(s)
+	}
 	b1, err := json.Marshal(s.SecuritySchemeProps)
 	if err != nil {
 		return nil, err
@@ -47,6 +52,18 @@ func (s *SecurityScheme) MarshalJSON() ([]byte, error) {
 	return swag.ConcatJSON(b1, b2, b3), nil
 }
 
+func (s *SecurityScheme) MarshalNextJSON(opts jsonv2.MarshalOptions, enc *jsonv2.Encoder) error {
+	var x struct {
+		Ref                 string `json:"$ref,omitempty"`
+		SecuritySchemeProps `json:",inline"`
+		spec.Extensions
+	}
+	x.Ref = s.Refable.Ref.String()
+	x.Extensions = internal.SanitizeExtensions(s.Extensions)
+	x.SecuritySchemeProps = s.SecuritySchemeProps
+	return opts.MarshalNext(enc, x)
+}
+
 // UnmarshalJSON hydrates this items instance with the data from JSON
 func (s *SecurityScheme) UnmarshalJSON(data []byte) error {
 	if err := json.Unmarshal(data, &s.SecuritySchemeProps); err != nil {
diff --git a/vendor/k8s.io/kube-openapi/pkg/spec3/server.go b/vendor/k8s.io/kube-openapi/pkg/spec3/server.go
index d5df0a781..654a42c06 100644
--- a/vendor/k8s.io/kube-openapi/pkg/spec3/server.go
+++ b/vendor/k8s.io/kube-openapi/pkg/spec3/server.go
@@ -41,6 +41,9 @@ type ServerProps struct {
 
 // MarshalJSON is a custom marshal function that knows how to encode Responses as JSON
 func (s *Server) MarshalJSON() ([]byte, error) {
+	if internal.UseOptimizedJSONMarshalingV3 {
+		return internal.DeterministicMarshal(s)
+	}
 	b1, err := json.Marshal(s.ServerProps)
 	if err != nil {
 		return nil, err
@@ -52,6 +55,16 @@ func (s *Server) MarshalJSON() ([]byte, error) {
 	return swag.ConcatJSON(b1, b2), nil
 }
 
+func (s *Server) MarshalNextJSON(opts jsonv2.MarshalOptions, enc *jsonv2.Encoder) error {
+	var x struct {
+		ServerProps `json:",inline"`
+		spec.Extensions
+	}
+	x.Extensions = internal.SanitizeExtensions(s.Extensions)
+	x.ServerProps = s.ServerProps
+	return opts.MarshalNext(enc, x)
+}
+
 func (s *Server) UnmarshalJSON(data []byte) error {
 	if internal.UseOptimizedJSONUnmarshalingV3 {
 		return jsonv2.Unmarshal(data, s)
@@ -96,6 +109,9 @@ type ServerVariableProps struct {
 
 // MarshalJSON is a custom marshal function that knows how to encode Responses as JSON
 func (s *ServerVariable) MarshalJSON() ([]byte, error) {
+	if internal.UseOptimizedJSONMarshalingV3 {
+		return internal.DeterministicMarshal(s)
+	}
 	b1, err := json.Marshal(s.ServerVariableProps)
 	if err != nil {
 		return nil, err
@@ -107,6 +123,16 @@ func (s *ServerVariable) MarshalJSON() ([]byte, error) {
 	return swag.ConcatJSON(b1, b2), nil
 }
 
+func (s *ServerVariable) MarshalNextJSON(opts jsonv2.MarshalOptions, enc *jsonv2.Encoder) error {
+	var x struct {
+		ServerVariableProps `json:",inline"`
+		spec.Extensions
+	}
+	x.Extensions = internal.SanitizeExtensions(s.Extensions)
+	x.ServerVariableProps = s.ServerVariableProps
+	return opts.MarshalNext(enc, x)
+}
+
 func (s *ServerVariable) UnmarshalJSON(data []byte) error {
 	if internal.UseOptimizedJSONUnmarshalingV3 {
 		return jsonv2.Unmarshal(data, s)
diff --git a/vendor/k8s.io/kube-openapi/pkg/spec3/spec.go b/vendor/k8s.io/kube-openapi/pkg/spec3/spec.go
index bed096fb7..5db819c7f 100644
--- a/vendor/k8s.io/kube-openapi/pkg/spec3/spec.go
+++ b/vendor/k8s.io/kube-openapi/pkg/spec3/spec.go
@@ -36,6 +36,8 @@ type OpenAPI struct {
 	Servers []*Server `json:"servers,omitempty"`
 	// Components hold various schemas for the specification
 	Components *Components `json:"components,omitempty"`
+	// SecurityRequirement holds a declaration of which security mechanisms can be used across the API
+	SecurityRequirement []map[string][]string `json:"security,omitempty"`
 	// ExternalDocs holds additional external documentation
 	ExternalDocs *ExternalDocumentation `json:"externalDocs,omitempty"`
 }
@@ -48,3 +50,26 @@ func (o *OpenAPI) UnmarshalJSON(data []byte) error {
 	}
 	return json.Unmarshal(data, &p)
 }
+
+func (o *OpenAPI) MarshalJSON() ([]byte, error) {
+	if internal.UseOptimizedJSONMarshalingV3 {
+		return internal.DeterministicMarshal(o)
+	}
+	type OpenAPIWithNoFunctions OpenAPI
+	p := (*OpenAPIWithNoFunctions)(o)
+	return json.Marshal(&p)
+}
+
+func (o *OpenAPI) MarshalNextJSON(opts jsonv2.MarshalOptions, enc *jsonv2.Encoder) error {
+	type OpenAPIOmitZero struct {
+		Version             string                 `json:"openapi"`
+		Info                *spec.Info             `json:"info"`
+		Paths               *Paths                 `json:"paths,omitzero"`
+		Servers             []*Server              `json:"servers,omitempty"`
+		Components          *Components            `json:"components,omitzero"`
+		SecurityRequirement []map[string][]string  `json:"security,omitempty"`
+		ExternalDocs        *ExternalDocumentation `json:"externalDocs,omitzero"`
+	}
+	x := (*OpenAPIOmitZero)(o)
+	return opts.MarshalNext(enc, x)
+}
diff --git a/vendor/k8s.io/kube-openapi/pkg/util/proto/document.go b/vendor/k8s.io/kube-openapi/pkg/util/proto/document.go
index 763923dff..5789e67ab 100644
--- a/vendor/k8s.io/kube-openapi/pkg/util/proto/document.go
+++ b/vendor/k8s.io/kube-openapi/pkg/util/proto/document.go
@@ -21,7 +21,7 @@ import (
 	"sort"
 	"strings"
 
-	openapi_v2 "github.com/google/gnostic/openapiv2"
+	openapi_v2 "github.com/google/gnostic-models/openapiv2"
 	"gopkg.in/yaml.v2"
 )
 
diff --git a/vendor/k8s.io/kube-openapi/pkg/util/proto/document_v3.go b/vendor/k8s.io/kube-openapi/pkg/util/proto/document_v3.go
index 519dcf2eb..d9f2896e3 100644
--- a/vendor/k8s.io/kube-openapi/pkg/util/proto/document_v3.go
+++ b/vendor/k8s.io/kube-openapi/pkg/util/proto/document_v3.go
@@ -21,7 +21,7 @@ import (
 	"reflect"
 	"strings"
 
-	openapi_v3 "github.com/google/gnostic/openapiv3"
+	openapi_v3 "github.com/google/gnostic-models/openapiv3"
 	"gopkg.in/yaml.v3"
 )
 
diff --git a/vendor/k8s.io/kube-openapi/pkg/validation/spec/fuzz.go b/vendor/k8s.io/kube-openapi/pkg/validation/spec/fuzz.go
deleted file mode 100644
index c66f998f5..000000000
--- a/vendor/k8s.io/kube-openapi/pkg/validation/spec/fuzz.go
+++ /dev/null
@@ -1,502 +0,0 @@
-/*
-Copyright 2022 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-	http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package spec
-
-import (
-	"github.com/go-openapi/jsonreference"
-	"github.com/google/go-cmp/cmp"
-	fuzz "github.com/google/gofuzz"
-)
-
-var SwaggerFuzzFuncs []interface{} = []interface{}{
-	func(v *Responses, c fuzz.Continue) {
-		c.FuzzNoCustom(v)
-		if v.Default != nil {
-			// Check if we hit maxDepth and left an incomplete value
-			if v.Default.Description == "" {
-				v.Default = nil
-				v.StatusCodeResponses = nil
-			}
-		}
-
-		// conversion has no way to discern empty statusCodeResponses from
-		// nil, since "default" is always included in the map.
-		// So avoid empty responses list
-		if len(v.StatusCodeResponses) == 0 {
-			v.StatusCodeResponses = nil
-		}
-	},
-	func(v *Operation, c fuzz.Continue) {
-		c.FuzzNoCustom(v)
-
-		if v != nil {
-			// force non-nil
-			v.Responses = &Responses{}
-			c.Fuzz(v.Responses)
-
-			v.Schemes = nil
-			if c.RandBool() {
-				v.Schemes = append(v.Schemes, "http")
-			}
-
-			if c.RandBool() {
-				v.Schemes = append(v.Schemes, "https")
-			}
-
-			if c.RandBool() {
-				v.Schemes = append(v.Schemes, "ws")
-			}
-
-			if c.RandBool() {
-				v.Schemes = append(v.Schemes, "wss")
-			}
-
-			// Gnostic unconditionally makes security values non-null
-			// So do not fuzz null values into the array.
-			for i, val := range v.Security {
-				if val == nil {
-					v.Security[i] = make(map[string][]string)
-				}
-
-				for k, v := range val {
-					if v == nil {
-						val[k] = make([]string, 0)
-					}
-				}
-			}
-		}
-	},
-	func(v map[int]Response, c fuzz.Continue) {
-		n := 0
-		c.Fuzz(&n)
-		if n == 0 {
-			// Test that fuzzer is not at maxDepth so we do not
-			// end up with empty elements
-			return
-		}
-
-		// Prevent negative numbers
-		num := c.Intn(4)
-		for i := 0; i < num+2; i++ {
-			val := Response{}
-			c.Fuzz(&val)
-
-			val.Description = c.RandString() + "x"
-			v[100*(i+1)+c.Intn(100)] = val
-		}
-	},
-	func(v map[string]PathItem, c fuzz.Continue) {
-		n := 0
-		c.Fuzz(&n)
-		if n == 0 {
-			// Test that fuzzer is not at maxDepth so we do not
-			// end up with empty elements
-			return
-		}
-
-		num := c.Intn(5)
-		for i := 0; i < num+2; i++ {
-			val := PathItem{}
-			c.Fuzz(&val)
-
-			// Ref params are only allowed in certain locations, so
-			// possibly add a few to PathItems
-			numRefsToAdd := c.Intn(5)
-			for i := 0; i < numRefsToAdd; i++ {
-				theRef := Parameter{}
-				c.Fuzz(&theRef.Refable)
-
-				val.Parameters = append(val.Parameters, theRef)
-			}
-
-			v["/"+c.RandString()] = val
-		}
-	},
-	func(v *SchemaOrArray, c fuzz.Continue) {
-		*v = SchemaOrArray{}
-		// gnostic parser just doesn't support more
-		// than one Schema here
-		v.Schema = &Schema{}
-		c.Fuzz(&v.Schema)
-
-	},
-	func(v *SchemaOrBool, c fuzz.Continue) {
-		*v = SchemaOrBool{}
-
-		if c.RandBool() {
-			v.Allows = c.RandBool()
-		} else {
-			v.Schema = &Schema{}
-			v.Allows = true
-			c.Fuzz(&v.Schema)
-		}
-	},
-	func(v map[string]Response, c fuzz.Continue) {
-		n := 0
-		c.Fuzz(&n)
-		if n == 0 {
-			// Test that fuzzer is not at maxDepth so we do not
-			// end up with empty elements
-			return
-		}
-
-		// Response definitions are not allowed to
-		// be refs
-		for i := 0; i < c.Intn(5)+1; i++ {
-			resp := &Response{}
-
-			c.Fuzz(resp)
-			resp.Ref = Ref{}
-			resp.Description = c.RandString() + "x"
-
-			// Response refs are not vendor extensible by gnostic
-			resp.VendorExtensible.Extensions = nil
-			v[c.RandString()+"x"] = *resp
-		}
-	},
-	func(v *Header, c fuzz.Continue) {
-		if v != nil {
-			c.FuzzNoCustom(v)
-
-			// descendant Items of Header may not be refs
-			cur := v.Items
-			for cur != nil {
-				cur.Ref = Ref{}
-				cur = cur.Items
-			}
-		}
-	},
-	func(v *Ref, c fuzz.Continue) {
-		*v = Ref{}
-		v.Ref, _ = jsonreference.New("http://asd.com/" + c.RandString())
-	},
-	func(v *Response, c fuzz.Continue) {
-		*v = Response{}
-		if c.RandBool() {
-			v.Ref = Ref{}
-			v.Ref.Ref, _ = jsonreference.New("http://asd.com/" + c.RandString())
-		} else {
-			c.Fuzz(&v.VendorExtensible)
-			c.Fuzz(&v.Schema)
-			c.Fuzz(&v.ResponseProps)
-
-			v.Headers = nil
-			v.Ref = Ref{}
-
-			n := 0
-			c.Fuzz(&n)
-			if n != 0 {
-				// Test that fuzzer is not at maxDepth so we do not
-				// end up with empty elements
-				num := c.Intn(4)
-				for i := 0; i < num; i++ {
-					if v.Headers == nil {
-						v.Headers = make(map[string]Header)
-					}
-					hdr := Header{}
-					c.Fuzz(&hdr)
-					if hdr.Type == "" {
-						// hit maxDepth, just abort trying to make haders
-						v.Headers = nil
-						break
-					}
-					v.Headers[c.RandString()+"x"] = hdr
-				}
-			} else {
-				v.Headers = nil
-			}
-		}
-
-		v.Description = c.RandString() + "x"
-
-		// Gnostic parses empty as nil, so to keep avoid putting empty
-		if len(v.Headers) == 0 {
-			v.Headers = nil
-		}
-	},
-	func(v **Info, c fuzz.Continue) {
-		// Info is never nil
-		*v = &Info{}
-		c.FuzzNoCustom(*v)
-
-		(*v).Title = c.RandString() + "x"
-	},
-	func(v *Extensions, c fuzz.Continue) {
-		// gnostic parser only picks up x- vendor extensions
-		numChildren := c.Intn(5)
-		for i := 0; i < numChildren; i++ {
-			if *v == nil {
-				*v = Extensions{}
-			}
-			(*v)["x-"+c.RandString()] = c.RandString()
-		}
-	},
-	func(v *Swagger, c fuzz.Continue) {
-		c.FuzzNoCustom(v)
-
-		if v.Paths == nil {
-			// Force paths non-nil since it does not have omitempty in json tag.
-			// This means a perfect roundtrip (via json) is impossible,
-			// since we can't tell the difference between empty/unspecified paths
-			v.Paths = &Paths{}
-			c.Fuzz(v.Paths)
-		}
-
-		v.Swagger = "2.0"
-
-		// Gnostic support serializing ID at all
-		// unavoidable data loss
-		v.ID = ""
-
-		v.Schemes = nil
-		if c.RandUint64()%2 == 1 {
-			v.Schemes = append(v.Schemes, "http")
-		}
-
-		if c.RandUint64()%2 == 1 {
-			v.Schemes = append(v.Schemes, "https")
-		}
-
-		if c.RandUint64()%2 == 1 {
-			v.Schemes = append(v.Schemes, "ws")
-		}
-
-		if c.RandUint64()%2 == 1 {
-			v.Schemes = append(v.Schemes, "wss")
-		}
-
-		// Gnostic unconditionally makes security values non-null
-		// So do not fuzz null values into the array.
-		for i, val := range v.Security {
-			if val == nil {
-				v.Security[i] = make(map[string][]string)
-			}
-
-			for k, v := range val {
-				if v == nil {
-					val[k] = make([]string, 0)
-				}
-			}
-		}
-	},
-	func(v *SecurityScheme, c fuzz.Continue) {
-		v.Description = c.RandString() + "x"
-		c.Fuzz(&v.VendorExtensible)
-
-		switch c.Intn(3) {
-		case 0:
-			v.Type = "basic"
-		case 1:
-			v.Type = "apiKey"
-			switch c.Intn(2) {
-			case 0:
-				v.In = "header"
-			case 1:
-				v.In = "query"
-			default:
-				panic("unreachable")
-			}
-			v.Name = "x" + c.RandString()
-		case 2:
-			v.Type = "oauth2"
-
-			switch c.Intn(4) {
-			case 0:
-				v.Flow = "accessCode"
-				v.TokenURL = "https://" + c.RandString()
-				v.AuthorizationURL = "https://" + c.RandString()
-			case 1:
-				v.Flow = "application"
-				v.TokenURL = "https://" + c.RandString()
-			case 2:
-				v.Flow = "implicit"
-				v.AuthorizationURL = "https://" + c.RandString()
-			case 3:
-				v.Flow = "password"
-				v.TokenURL = "https://" + c.RandString()
-			default:
-				panic("unreachable")
-			}
-			c.Fuzz(&v.Scopes)
-		default:
-			panic("unreachable")
-		}
-	},
-	func(v *interface{}, c fuzz.Continue) {
-		*v = c.RandString() + "x"
-	},
-	func(v *string, c fuzz.Continue) {
-		*v = c.RandString() + "x"
-	},
-	func(v *ExternalDocumentation, c fuzz.Continue) {
-		v.Description = c.RandString() + "x"
-		v.URL = c.RandString() + "x"
-	},
-	func(v *SimpleSchema, c fuzz.Continue) {
-		c.FuzzNoCustom(v)
-
-		switch c.Intn(5) {
-		case 0:
-			v.Type = "string"
-		case 1:
-			v.Type = "number"
-		case 2:
-			v.Type = "boolean"
-		case 3:
-			v.Type = "integer"
-		case 4:
-			v.Type = "array"
-		default:
-			panic("unreachable")
-		}
-
-		switch c.Intn(5) {
-		case 0:
-			v.CollectionFormat = "csv"
-		case 1:
-			v.CollectionFormat = "ssv"
-		case 2:
-			v.CollectionFormat = "tsv"
-		case 3:
-			v.CollectionFormat = "pipes"
-		case 4:
-			v.CollectionFormat = ""
-		default:
-			panic("unreachable")
-		}
-
-		// None of the types which include SimpleSchema in our definitions
-		// actually support "example" in the official spec
-		v.Example = nil
-
-		// unsupported by openapi
-		v.Nullable = false
-	},
-	func(v *int64, c fuzz.Continue) {
-		c.Fuzz(v)
-
-		// Gnostic does not differentiate between 0 and non-specified
-		// so avoid using 0 for fuzzer
-		if *v == 0 {
-			*v = 1
-		}
-	},
-	func(v *float64, c fuzz.Continue) {
-		c.Fuzz(v)
-
-		// Gnostic does not differentiate between 0 and non-specified
-		// so avoid using 0 for fuzzer
-		if *v == 0.0 {
-			*v = 1.0
-		}
-	},
-	func(v *Parameter, c fuzz.Continue) {
-		if v == nil {
-			return
-		}
-		c.Fuzz(&v.VendorExtensible)
-		if c.RandBool() {
-			// body param
-			v.Description = c.RandString() + "x"
-			v.Name = c.RandString() + "x"
-			v.In = "body"
-			c.Fuzz(&v.Description)
-			c.Fuzz(&v.Required)
-
-			v.Schema = &Schema{}
-			c.Fuzz(&v.Schema)
-
-		} else {
-			c.Fuzz(&v.SimpleSchema)
-			c.Fuzz(&v.CommonValidations)
-			v.AllowEmptyValue = false
-			v.Description = c.RandString() + "x"
-			v.Name = c.RandString() + "x"
-
-			switch c.Intn(4) {
-			case 0:
-				// Header param
-				v.In = "header"
-			case 1:
-				// Form data param
-				v.In = "formData"
-				v.AllowEmptyValue = c.RandBool()
-			case 2:
-				// Query param
-				v.In = "query"
-				v.AllowEmptyValue = c.RandBool()
-			case 3:
-				// Path param
-				v.In = "path"
-				v.Required = true
-			default:
-				panic("unreachable")
-			}
-
-			// descendant Items of Parameter may not be refs
-			cur := v.Items
-			for cur != nil {
-				cur.Ref = Ref{}
-				cur = cur.Items
-			}
-		}
-	},
-	func(v *Schema, c fuzz.Continue) {
-		if c.RandBool() {
-			// file schema
-			c.Fuzz(&v.Default)
-			c.Fuzz(&v.Description)
-			c.Fuzz(&v.Example)
-			c.Fuzz(&v.ExternalDocs)
-
-			c.Fuzz(&v.Format)
-			c.Fuzz(&v.ReadOnly)
-			c.Fuzz(&v.Required)
-			c.Fuzz(&v.Title)
-			v.Type = StringOrArray{"file"}
-
-		} else {
-			// normal schema
-			c.Fuzz(&v.SchemaProps)
-			c.Fuzz(&v.SwaggerSchemaProps)
-			c.Fuzz(&v.VendorExtensible)
-			// c.Fuzz(&v.ExtraProps)
-			// ExtraProps will not roundtrip - gnostic throws out
-			// unrecognized keys
-		}
-
-		// Not supported by official openapi v2 spec
-		// and stripped by k8s apiserver
-		v.ID = ""
-		v.AnyOf = nil
-		v.OneOf = nil
-		v.Not = nil
-		v.Nullable = false
-		v.AdditionalItems = nil
-		v.Schema = ""
-		v.PatternProperties = nil
-		v.Definitions = nil
-		v.Dependencies = nil
-	},
-}
-
-var SwaggerDiffOptions = []cmp.Option{
-	// cmp.Diff panics on Ref since jsonreference.Ref uses unexported fields
-	cmp.Comparer(func(a Ref, b Ref) bool {
-		return a.String() == b.String()
-	}),
-}
diff --git a/vendor/k8s.io/kube-openapi/pkg/validation/spec/gnostic.go b/vendor/k8s.io/kube-openapi/pkg/validation/spec/gnostic.go
index 406a09d9d..6a77f2ac8 100644
--- a/vendor/k8s.io/kube-openapi/pkg/validation/spec/gnostic.go
+++ b/vendor/k8s.io/kube-openapi/pkg/validation/spec/gnostic.go
@@ -21,7 +21,7 @@ import (
 	"strconv"
 
 	"github.com/go-openapi/jsonreference"
-	openapi_v2 "github.com/google/gnostic/openapiv2"
+	openapi_v2 "github.com/google/gnostic-models/openapiv2"
 )
 
 // Interfaces
diff --git a/vendor/k8s.io/utils/pointer/pointer.go b/vendor/k8s.io/utils/pointer/pointer.go
index b8103223a..b673a6425 100644
--- a/vendor/k8s.io/utils/pointer/pointer.go
+++ b/vendor/k8s.io/utils/pointer/pointer.go
@@ -14,12 +14,15 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 
+// Deprecated: Use functions in k8s.io/utils/ptr instead: ptr.To to obtain
+// a pointer, ptr.Deref to dereference a pointer, ptr.Equal to compare
+// dereferenced pointers.
 package pointer
 
 import (
-	"fmt"
-	"reflect"
 	"time"
+
+	"k8s.io/utils/ptr"
 )
 
 // AllPtrFieldsNil tests whether all pointer fields in a struct are nil.  This is useful when,
@@ -28,383 +31,219 @@ import (
 //
 // This function is only valid for structs and pointers to structs.  Any other
 // type will cause a panic.  Passing a typed nil pointer will return true.
-func AllPtrFieldsNil(obj interface{}) bool {
-	v := reflect.ValueOf(obj)
-	if !v.IsValid() {
-		panic(fmt.Sprintf("reflect.ValueOf() produced a non-valid Value for %#v", obj))
-	}
-	if v.Kind() == reflect.Ptr {
-		if v.IsNil() {
-			return true
-		}
-		v = v.Elem()
-	}
-	for i := 0; i < v.NumField(); i++ {
-		if v.Field(i).Kind() == reflect.Ptr && !v.Field(i).IsNil() {
-			return false
-		}
-	}
-	return true
-}
-
-// Int returns a pointer to an int
-func Int(i int) *int {
-	return &i
-}
+//
+// Deprecated: Use ptr.AllPtrFieldsNil instead.
+var AllPtrFieldsNil = ptr.AllPtrFieldsNil
+
+// Int returns a pointer to an int.
+var Int = ptr.To[int]
 
 // IntPtr is a function variable referring to Int.
 //
-// Deprecated: Use Int instead.
+// Deprecated: Use ptr.To instead.
 var IntPtr = Int // for back-compat
 
 // IntDeref dereferences the int ptr and returns it if not nil, or else
 // returns def.
-func IntDeref(ptr *int, def int) int {
-	if ptr != nil {
-		return *ptr
-	}
-	return def
-}
+var IntDeref = ptr.Deref[int]
 
 // IntPtrDerefOr is a function variable referring to IntDeref.
 //
-// Deprecated: Use IntDeref instead.
+// Deprecated: Use ptr.Deref instead.
 var IntPtrDerefOr = IntDeref // for back-compat
 
 // Int32 returns a pointer to an int32.
-func Int32(i int32) *int32 {
-	return &i
-}
+var Int32 = ptr.To[int32]
 
 // Int32Ptr is a function variable referring to Int32.
 //
-// Deprecated: Use Int32 instead.
+// Deprecated: Use ptr.To instead.
 var Int32Ptr = Int32 // for back-compat
 
 // Int32Deref dereferences the int32 ptr and returns it if not nil, or else
 // returns def.
-func Int32Deref(ptr *int32, def int32) int32 {
-	if ptr != nil {
-		return *ptr
-	}
-	return def
-}
+var Int32Deref = ptr.Deref[int32]
 
 // Int32PtrDerefOr is a function variable referring to Int32Deref.
 //
-// Deprecated: Use Int32Deref instead.
+// Deprecated: Use ptr.Deref instead.
 var Int32PtrDerefOr = Int32Deref // for back-compat
 
 // Int32Equal returns true if both arguments are nil or both arguments
 // dereference to the same value.
-func Int32Equal(a, b *int32) bool {
-	if (a == nil) != (b == nil) {
-		return false
-	}
-	if a == nil {
-		return true
-	}
-	return *a == *b
-}
+var Int32Equal = ptr.Equal[int32]
 
 // Uint returns a pointer to an uint
-func Uint(i uint) *uint {
-	return &i
-}
+var Uint = ptr.To[uint]
 
 // UintPtr is a function variable referring to Uint.
 //
-// Deprecated: Use Uint instead.
+// Deprecated: Use ptr.To instead.
 var UintPtr = Uint // for back-compat
 
 // UintDeref dereferences the uint ptr and returns it if not nil, or else
 // returns def.
-func UintDeref(ptr *uint, def uint) uint {
-	if ptr != nil {
-		return *ptr
-	}
-	return def
-}
+var UintDeref = ptr.Deref[uint]
 
 // UintPtrDerefOr is a function variable referring to UintDeref.
 //
-// Deprecated: Use UintDeref instead.
+// Deprecated: Use ptr.Deref instead.
 var UintPtrDerefOr = UintDeref // for back-compat
 
 // Uint32 returns a pointer to an uint32.
-func Uint32(i uint32) *uint32 {
-	return &i
-}
+var Uint32 = ptr.To[uint32]
 
 // Uint32Ptr is a function variable referring to Uint32.
 //
-// Deprecated: Use Uint32 instead.
+// Deprecated: Use ptr.To instead.
 var Uint32Ptr = Uint32 // for back-compat
 
 // Uint32Deref dereferences the uint32 ptr and returns it if not nil, or else
 // returns def.
-func Uint32Deref(ptr *uint32, def uint32) uint32 {
-	if ptr != nil {
-		return *ptr
-	}
-	return def
-}
+var Uint32Deref = ptr.Deref[uint32]
 
 // Uint32PtrDerefOr is a function variable referring to Uint32Deref.
 //
-// Deprecated: Use Uint32Deref instead.
+// Deprecated: Use ptr.Deref instead.
 var Uint32PtrDerefOr = Uint32Deref // for back-compat
 
 // Uint32Equal returns true if both arguments are nil or both arguments
 // dereference to the same value.
-func Uint32Equal(a, b *uint32) bool {
-	if (a == nil) != (b == nil) {
-		return false
-	}
-	if a == nil {
-		return true
-	}
-	return *a == *b
-}
+var Uint32Equal = ptr.Equal[uint32]
 
 // Int64 returns a pointer to an int64.
-func Int64(i int64) *int64 {
-	return &i
-}
+var Int64 = ptr.To[int64]
 
 // Int64Ptr is a function variable referring to Int64.
 //
-// Deprecated: Use Int64 instead.
+// Deprecated: Use ptr.To instead.
 var Int64Ptr = Int64 // for back-compat
 
 // Int64Deref dereferences the int64 ptr and returns it if not nil, or else
 // returns def.
-func Int64Deref(ptr *int64, def int64) int64 {
-	if ptr != nil {
-		return *ptr
-	}
-	return def
-}
+var Int64Deref = ptr.Deref[int64]
 
 // Int64PtrDerefOr is a function variable referring to Int64Deref.
 //
-// Deprecated: Use Int64Deref instead.
+// Deprecated: Use ptr.Deref instead.
 var Int64PtrDerefOr = Int64Deref // for back-compat
 
 // Int64Equal returns true if both arguments are nil or both arguments
 // dereference to the same value.
-func Int64Equal(a, b *int64) bool {
-	if (a == nil) != (b == nil) {
-		return false
-	}
-	if a == nil {
-		return true
-	}
-	return *a == *b
-}
+var Int64Equal = ptr.Equal[int64]
 
 // Uint64 returns a pointer to an uint64.
-func Uint64(i uint64) *uint64 {
-	return &i
-}
+var Uint64 = ptr.To[uint64]
 
 // Uint64Ptr is a function variable referring to Uint64.
 //
-// Deprecated: Use Uint64 instead.
+// Deprecated: Use ptr.To instead.
 var Uint64Ptr = Uint64 // for back-compat
 
 // Uint64Deref dereferences the uint64 ptr and returns it if not nil, or else
 // returns def.
-func Uint64Deref(ptr *uint64, def uint64) uint64 {
-	if ptr != nil {
-		return *ptr
-	}
-	return def
-}
+var Uint64Deref = ptr.Deref[uint64]
 
 // Uint64PtrDerefOr is a function variable referring to Uint64Deref.
 //
-// Deprecated: Use Uint64Deref instead.
+// Deprecated: Use ptr.Deref instead.
 var Uint64PtrDerefOr = Uint64Deref // for back-compat
 
 // Uint64Equal returns true if both arguments are nil or both arguments
 // dereference to the same value.
-func Uint64Equal(a, b *uint64) bool {
-	if (a == nil) != (b == nil) {
-		return false
-	}
-	if a == nil {
-		return true
-	}
-	return *a == *b
-}
+var Uint64Equal = ptr.Equal[uint64]
 
 // Bool returns a pointer to a bool.
-func Bool(b bool) *bool {
-	return &b
-}
+var Bool = ptr.To[bool]
 
 // BoolPtr is a function variable referring to Bool.
 //
-// Deprecated: Use Bool instead.
+// Deprecated: Use ptr.To instead.
 var BoolPtr = Bool // for back-compat
 
 // BoolDeref dereferences the bool ptr and returns it if not nil, or else
 // returns def.
-func BoolDeref(ptr *bool, def bool) bool {
-	if ptr != nil {
-		return *ptr
-	}
-	return def
-}
+var BoolDeref = ptr.Deref[bool]
 
 // BoolPtrDerefOr is a function variable referring to BoolDeref.
 //
-// Deprecated: Use BoolDeref instead.
+// Deprecated: Use ptr.Deref instead.
 var BoolPtrDerefOr = BoolDeref // for back-compat
 
 // BoolEqual returns true if both arguments are nil or both arguments
 // dereference to the same value.
-func BoolEqual(a, b *bool) bool {
-	if (a == nil) != (b == nil) {
-		return false
-	}
-	if a == nil {
-		return true
-	}
-	return *a == *b
-}
+var BoolEqual = ptr.Equal[bool]
 
 // String returns a pointer to a string.
-func String(s string) *string {
-	return &s
-}
+var String = ptr.To[string]
 
 // StringPtr is a function variable referring to String.
 //
-// Deprecated: Use String instead.
+// Deprecated: Use ptr.To instead.
 var StringPtr = String // for back-compat
 
 // StringDeref dereferences the string ptr and returns it if not nil, or else
 // returns def.
-func StringDeref(ptr *string, def string) string {
-	if ptr != nil {
-		return *ptr
-	}
-	return def
-}
+var StringDeref = ptr.Deref[string]
 
 // StringPtrDerefOr is a function variable referring to StringDeref.
 //
-// Deprecated: Use StringDeref instead.
+// Deprecated: Use ptr.Deref instead.
 var StringPtrDerefOr = StringDeref // for back-compat
 
 // StringEqual returns true if both arguments are nil or both arguments
 // dereference to the same value.
-func StringEqual(a, b *string) bool {
-	if (a == nil) != (b == nil) {
-		return false
-	}
-	if a == nil {
-		return true
-	}
-	return *a == *b
-}
+var StringEqual = ptr.Equal[string]
 
 // Float32 returns a pointer to a float32.
-func Float32(i float32) *float32 {
-	return &i
-}
+var Float32 = ptr.To[float32]
 
 // Float32Ptr is a function variable referring to Float32.
 //
-// Deprecated: Use Float32 instead.
+// Deprecated: Use ptr.To instead.
 var Float32Ptr = Float32
 
 // Float32Deref dereferences the float32 ptr and returns it if not nil, or else
 // returns def.
-func Float32Deref(ptr *float32, def float32) float32 {
-	if ptr != nil {
-		return *ptr
-	}
-	return def
-}
+var Float32Deref = ptr.Deref[float32]
 
 // Float32PtrDerefOr is a function variable referring to Float32Deref.
 //
-// Deprecated: Use Float32Deref instead.
+// Deprecated: Use ptr.Deref instead.
 var Float32PtrDerefOr = Float32Deref // for back-compat
 
 // Float32Equal returns true if both arguments are nil or both arguments
 // dereference to the same value.
-func Float32Equal(a, b *float32) bool {
-	if (a == nil) != (b == nil) {
-		return false
-	}
-	if a == nil {
-		return true
-	}
-	return *a == *b
-}
+var Float32Equal = ptr.Equal[float32]
 
 // Float64 returns a pointer to a float64.
-func Float64(i float64) *float64 {
-	return &i
-}
+var Float64 = ptr.To[float64]
 
 // Float64Ptr is a function variable referring to Float64.
 //
-// Deprecated: Use Float64 instead.
+// Deprecated: Use ptr.To instead.
 var Float64Ptr = Float64
 
 // Float64Deref dereferences the float64 ptr and returns it if not nil, or else
 // returns def.
-func Float64Deref(ptr *float64, def float64) float64 {
-	if ptr != nil {
-		return *ptr
-	}
-	return def
-}
+var Float64Deref = ptr.Deref[float64]
 
 // Float64PtrDerefOr is a function variable referring to Float64Deref.
 //
-// Deprecated: Use Float64Deref instead.
+// Deprecated: Use ptr.Deref instead.
 var Float64PtrDerefOr = Float64Deref // for back-compat
 
 // Float64Equal returns true if both arguments are nil or both arguments
 // dereference to the same value.
-func Float64Equal(a, b *float64) bool {
-	if (a == nil) != (b == nil) {
-		return false
-	}
-	if a == nil {
-		return true
-	}
-	return *a == *b
-}
+var Float64Equal = ptr.Equal[float64]
 
 // Duration returns a pointer to a time.Duration.
-func Duration(d time.Duration) *time.Duration {
-	return &d
-}
+var Duration = ptr.To[time.Duration]
 
 // DurationDeref dereferences the time.Duration ptr and returns it if not nil, or else
 // returns def.
-func DurationDeref(ptr *time.Duration, def time.Duration) time.Duration {
-	if ptr != nil {
-		return *ptr
-	}
-	return def
-}
+var DurationDeref = ptr.Deref[time.Duration]
 
 // DurationEqual returns true if both arguments are nil or both arguments
 // dereference to the same value.
-func DurationEqual(a, b *time.Duration) bool {
-	if (a == nil) != (b == nil) {
-		return false
-	}
-	if a == nil {
-		return true
-	}
-	return *a == *b
-}
+var DurationEqual = ptr.Equal[time.Duration]
diff --git a/vendor/k8s.io/utils/ptr/OWNERS b/vendor/k8s.io/utils/ptr/OWNERS
new file mode 100644
index 000000000..0d6392752
--- /dev/null
+++ b/vendor/k8s.io/utils/ptr/OWNERS
@@ -0,0 +1,10 @@
+# See the OWNERS docs at https://go.k8s.io/owners
+
+approvers:
+- apelisse
+- stewart-yu
+- thockin
+reviewers:
+- apelisse
+- stewart-yu
+- thockin
diff --git a/vendor/k8s.io/utils/ptr/README.md b/vendor/k8s.io/utils/ptr/README.md
new file mode 100644
index 000000000..2ca8073dc
--- /dev/null
+++ b/vendor/k8s.io/utils/ptr/README.md
@@ -0,0 +1,3 @@
+# Pointer
+
+This package provides some functions for pointer-based operations.
diff --git a/vendor/k8s.io/utils/ptr/ptr.go b/vendor/k8s.io/utils/ptr/ptr.go
new file mode 100644
index 000000000..659ed3b9e
--- /dev/null
+++ b/vendor/k8s.io/utils/ptr/ptr.go
@@ -0,0 +1,73 @@
+/*
+Copyright 2023 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package ptr
+
+import (
+	"fmt"
+	"reflect"
+)
+
+// AllPtrFieldsNil tests whether all pointer fields in a struct are nil.  This is useful when,
+// for example, an API struct is handled by plugins which need to distinguish
+// "no plugin accepted this spec" from "this spec is empty".
+//
+// This function is only valid for structs and pointers to structs.  Any other
+// type will cause a panic.  Passing a typed nil pointer will return true.
+func AllPtrFieldsNil(obj interface{}) bool {
+	v := reflect.ValueOf(obj)
+	if !v.IsValid() {
+		panic(fmt.Sprintf("reflect.ValueOf() produced a non-valid Value for %#v", obj))
+	}
+	if v.Kind() == reflect.Ptr {
+		if v.IsNil() {
+			return true
+		}
+		v = v.Elem()
+	}
+	for i := 0; i < v.NumField(); i++ {
+		if v.Field(i).Kind() == reflect.Ptr && !v.Field(i).IsNil() {
+			return false
+		}
+	}
+	return true
+}
+
+// To returns a pointer to the given value.
+func To[T any](v T) *T {
+	return &v
+}
+
+// Deref dereferences ptr and returns the value it points to if no nil, or else
+// returns def.
+func Deref[T any](ptr *T, def T) T {
+	if ptr != nil {
+		return *ptr
+	}
+	return def
+}
+
+// Equal returns true if both arguments are nil or both arguments
+// dereference to the same value.
+func Equal[T comparable](a, b *T) bool {
+	if (a == nil) != (b == nil) {
+		return false
+	}
+	if a == nil {
+		return true
+	}
+	return *a == *b
+}
diff --git a/vendor/modules.txt b/vendor/modules.txt
index f715d0815..b6942a282 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -1,4 +1,4 @@
-# cloud.google.com/go/compute v1.19.3
+# cloud.google.com/go/compute v1.23.2
 ## explicit; go 1.19
 cloud.google.com/go/compute/internal
 # cloud.google.com/go/compute/metadata v0.2.3
@@ -18,7 +18,7 @@ github.com/AliyunContainerService/ack-ram-tool/pkg/credentials/alibabacloudsdkgo
 ## explicit
 github.com/Azure/azure-sdk-for-go/services/preview/containerregistry/runtime/2019-08-15-preview/containerregistry
 github.com/Azure/azure-sdk-for-go/version
-# github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1
+# github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161
 ## explicit; go 1.16
 github.com/Azure/go-ansiterm
 github.com/Azure/go-ansiterm/winterm
@@ -29,7 +29,7 @@ github.com/Azure/go-autorest
 ## explicit; go 1.15
 github.com/Azure/go-autorest/autorest
 github.com/Azure/go-autorest/autorest/azure
-# github.com/Azure/go-autorest/autorest/adal v0.9.22
+# github.com/Azure/go-autorest/autorest/adal v0.9.23
 ## explicit; go 1.15
 github.com/Azure/go-autorest/autorest/adal
 # github.com/Azure/go-autorest/autorest/azure/auth v0.5.12
@@ -51,9 +51,44 @@ github.com/Azure/go-autorest/tracing
 ## explicit; go 1.16
 github.com/BurntSushi/toml
 github.com/BurntSushi/toml/internal
-# github.com/DataDog/gostackparse v0.6.0
+# github.com/DataDog/appsec-internal-go v1.0.0
+## explicit; go 1.18
+github.com/DataDog/appsec-internal-go/httpsec
+github.com/DataDog/appsec-internal-go/netip
+# github.com/DataDog/datadog-agent/pkg/obfuscate v0.48.1
+## explicit; go 1.20
+github.com/DataDog/datadog-agent/pkg/obfuscate
+# github.com/DataDog/datadog-agent/pkg/remoteconfig/state v0.48.1
+## explicit; go 1.20
+github.com/DataDog/datadog-agent/pkg/remoteconfig/state
+# github.com/DataDog/datadog-go/v5 v5.3.0
+## explicit; go 1.13
+github.com/DataDog/datadog-go/v5/statsd
+# github.com/DataDog/go-libddwaf v1.5.0
+## explicit; go 1.18
+github.com/DataDog/go-libddwaf
+github.com/DataDog/go-libddwaf/internal/noopfree
+# github.com/DataDog/go-tuf v1.0.2-0.5.2
+## explicit; go 1.18
+github.com/DataDog/go-tuf/client
+github.com/DataDog/go-tuf/data
+github.com/DataDog/go-tuf/internal/roles
+github.com/DataDog/go-tuf/internal/sets
+github.com/DataDog/go-tuf/pkg/keys
+github.com/DataDog/go-tuf/pkg/targets
+github.com/DataDog/go-tuf/util
+github.com/DataDog/go-tuf/verify
+# github.com/DataDog/gostackparse v0.7.0
 ## explicit; go 1.16
 github.com/DataDog/gostackparse
+# github.com/DataDog/sketches-go v1.4.3
+## explicit; go 1.15
+github.com/DataDog/sketches-go/ddsketch
+github.com/DataDog/sketches-go/ddsketch/encoding
+github.com/DataDog/sketches-go/ddsketch/mapping
+github.com/DataDog/sketches-go/ddsketch/pb/sketchpb
+github.com/DataDog/sketches-go/ddsketch/stat
+github.com/DataDog/sketches-go/ddsketch/store
 # github.com/MakeNowJust/heredoc v1.0.0
 ## explicit; go 1.12
 github.com/MakeNowJust/heredoc
@@ -76,7 +111,7 @@ github.com/Microsoft/go-winio/internal/fs
 github.com/Microsoft/go-winio/internal/socket
 github.com/Microsoft/go-winio/internal/stringbuffer
 github.com/Microsoft/go-winio/pkg/guid
-# github.com/ProtonMail/go-crypto v0.0.0-20230518184743-7afd39499903
+# github.com/ProtonMail/go-crypto v0.0.0-20230923063757-afb1ddc0824c
 ## explicit; go 1.13
 github.com/ProtonMail/go-crypto/bitcurves
 github.com/ProtonMail/go-crypto/brainpool
@@ -111,29 +146,29 @@ github.com/alibabacloud-go/cr-20160607/client
 # github.com/alibabacloud-go/cr-20181201 v1.0.10
 ## explicit; go 1.15
 github.com/alibabacloud-go/cr-20181201/client
-# github.com/alibabacloud-go/darabonba-openapi v0.1.18
+# github.com/alibabacloud-go/darabonba-openapi v0.2.1
 ## explicit; go 1.14
 github.com/alibabacloud-go/darabonba-openapi/client
-# github.com/alibabacloud-go/debug v0.0.0-20190504072949-9472017b5c68
-## explicit
+# github.com/alibabacloud-go/debug v1.0.0
+## explicit; go 1.18
 github.com/alibabacloud-go/debug/debug
 # github.com/alibabacloud-go/endpoint-util v1.1.1
 ## explicit
 github.com/alibabacloud-go/endpoint-util/service
-# github.com/alibabacloud-go/openapi-util v0.0.11
+# github.com/alibabacloud-go/openapi-util v0.1.0
 ## explicit; go 1.14
 github.com/alibabacloud-go/openapi-util/service
-# github.com/alibabacloud-go/tea v1.1.18
+# github.com/alibabacloud-go/tea v1.2.1
 ## explicit; go 1.14
 github.com/alibabacloud-go/tea/tea
 github.com/alibabacloud-go/tea/utils
-# github.com/alibabacloud-go/tea-utils v1.4.4
+# github.com/alibabacloud-go/tea-utils v1.4.5
 ## explicit; go 1.14
 github.com/alibabacloud-go/tea-utils/service
-# github.com/alibabacloud-go/tea-xml v1.1.2
+# github.com/alibabacloud-go/tea-xml v1.1.3
 ## explicit; go 1.14
 github.com/alibabacloud-go/tea-xml/service
-# github.com/aliyun/credentials-go v1.2.3
+# github.com/aliyun/credentials-go v1.3.1
 ## explicit; go 1.14
 github.com/aliyun/credentials-go/credentials
 github.com/aliyun/credentials-go/credentials/request
@@ -142,7 +177,7 @@ github.com/aliyun/credentials-go/credentials/utils
 # github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2
 ## explicit; go 1.13
 github.com/asaskevich/govalidator
-# github.com/aws/aws-sdk-go-v2 v1.18.1
+# github.com/aws/aws-sdk-go-v2 v1.21.2
 ## explicit; go 1.15
 github.com/aws/aws-sdk-go-v2
 github.com/aws/aws-sdk-go-v2/aws
@@ -157,7 +192,9 @@ github.com/aws/aws-sdk-go-v2/aws/retry
 github.com/aws/aws-sdk-go-v2/aws/signer/internal/v4
 github.com/aws/aws-sdk-go-v2/aws/signer/v4
 github.com/aws/aws-sdk-go-v2/aws/transport/http
+github.com/aws/aws-sdk-go-v2/internal/auth
 github.com/aws/aws-sdk-go-v2/internal/awsutil
+github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn
 github.com/aws/aws-sdk-go-v2/internal/rand
 github.com/aws/aws-sdk-go-v2/internal/sdk
 github.com/aws/aws-sdk-go-v2/internal/sdkio
@@ -165,14 +202,14 @@ github.com/aws/aws-sdk-go-v2/internal/shareddefaults
 github.com/aws/aws-sdk-go-v2/internal/strings
 github.com/aws/aws-sdk-go-v2/internal/sync/singleflight
 github.com/aws/aws-sdk-go-v2/internal/timeconv
-# github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.4.8
+# github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.4.13
 ## explicit; go 1.15
 github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream
 github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream/eventstreamapi
-# github.com/aws/aws-sdk-go-v2/config v1.18.27
+# github.com/aws/aws-sdk-go-v2/config v1.19.1
 ## explicit; go 1.15
 github.com/aws/aws-sdk-go-v2/config
-# github.com/aws/aws-sdk-go-v2/credentials v1.13.26
+# github.com/aws/aws-sdk-go-v2/credentials v1.13.43
 ## explicit; go 1.15
 github.com/aws/aws-sdk-go-v2/credentials
 github.com/aws/aws-sdk-go-v2/credentials/ec2rolecreds
@@ -181,74 +218,74 @@ github.com/aws/aws-sdk-go-v2/credentials/endpointcreds/internal/client
 github.com/aws/aws-sdk-go-v2/credentials/processcreds
 github.com/aws/aws-sdk-go-v2/credentials/ssocreds
 github.com/aws/aws-sdk-go-v2/credentials/stscreds
-# github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.4
+# github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.13
 ## explicit; go 1.15
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds/internal/config
 # github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.11.33
 ## explicit; go 1.15
 github.com/aws/aws-sdk-go-v2/feature/s3/manager
-# github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.34
+# github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.43
 ## explicit; go 1.15
 github.com/aws/aws-sdk-go-v2/internal/configsources
-# github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.28
+# github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.37
 ## explicit; go 1.15
 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2
-# github.com/aws/aws-sdk-go-v2/internal/ini v1.3.35
+# github.com/aws/aws-sdk-go-v2/internal/ini v1.3.45
 ## explicit; go 1.15
 github.com/aws/aws-sdk-go-v2/internal/ini
-# github.com/aws/aws-sdk-go-v2/internal/v4a v1.0.14
+# github.com/aws/aws-sdk-go-v2/internal/v4a v1.1.4
 ## explicit; go 1.15
 github.com/aws/aws-sdk-go-v2/internal/v4a
 github.com/aws/aws-sdk-go-v2/internal/v4a/internal/crypto
 github.com/aws/aws-sdk-go-v2/internal/v4a/internal/v4
-# github.com/aws/aws-sdk-go-v2/service/ecr v1.18.7
+# github.com/aws/aws-sdk-go-v2/service/ecr v1.20.2
 ## explicit; go 1.15
 github.com/aws/aws-sdk-go-v2/service/ecr
 github.com/aws/aws-sdk-go-v2/service/ecr/internal/endpoints
 github.com/aws/aws-sdk-go-v2/service/ecr/types
-# github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.12.0
+# github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.18.2
 ## explicit; go 1.15
 github.com/aws/aws-sdk-go-v2/service/ecrpublic
 github.com/aws/aws-sdk-go-v2/service/ecrpublic/internal/endpoints
 github.com/aws/aws-sdk-go-v2/service/ecrpublic/types
-# github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.9.9
+# github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.9.14
 ## explicit; go 1.15
 github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding
-# github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.1.18
+# github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.1.36
 ## explicit; go 1.15
 github.com/aws/aws-sdk-go-v2/service/internal/checksum
-# github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.28
+# github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.37
 ## explicit; go 1.15
 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url
-# github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.13.17
+# github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.15.4
 ## explicit; go 1.15
 github.com/aws/aws-sdk-go-v2/service/internal/s3shared
 github.com/aws/aws-sdk-go-v2/service/internal/s3shared/arn
 github.com/aws/aws-sdk-go-v2/service/internal/s3shared/config
-# github.com/aws/aws-sdk-go-v2/service/s3 v1.27.11
+# github.com/aws/aws-sdk-go-v2/service/s3 v1.40.0
 ## explicit; go 1.15
 github.com/aws/aws-sdk-go-v2/service/s3
 github.com/aws/aws-sdk-go-v2/service/s3/internal/arn
 github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations
 github.com/aws/aws-sdk-go-v2/service/s3/internal/endpoints
 github.com/aws/aws-sdk-go-v2/service/s3/types
-# github.com/aws/aws-sdk-go-v2/service/sso v1.12.12
+# github.com/aws/aws-sdk-go-v2/service/sso v1.15.2
 ## explicit; go 1.15
 github.com/aws/aws-sdk-go-v2/service/sso
 github.com/aws/aws-sdk-go-v2/service/sso/internal/endpoints
 github.com/aws/aws-sdk-go-v2/service/sso/types
-# github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.12
+# github.com/aws/aws-sdk-go-v2/service/ssooidc v1.17.3
 ## explicit; go 1.15
 github.com/aws/aws-sdk-go-v2/service/ssooidc
 github.com/aws/aws-sdk-go-v2/service/ssooidc/internal/endpoints
 github.com/aws/aws-sdk-go-v2/service/ssooidc/types
-# github.com/aws/aws-sdk-go-v2/service/sts v1.19.2
+# github.com/aws/aws-sdk-go-v2/service/sts v1.23.2
 ## explicit; go 1.15
 github.com/aws/aws-sdk-go-v2/service/sts
 github.com/aws/aws-sdk-go-v2/service/sts/internal/endpoints
 github.com/aws/aws-sdk-go-v2/service/sts/types
-# github.com/aws/smithy-go v1.13.5
+# github.com/aws/smithy-go v1.15.0
 ## explicit; go 1.15
 github.com/aws/smithy-go
 github.com/aws/smithy-go/auth/bearer
@@ -258,6 +295,8 @@ github.com/aws/smithy-go/encoding
 github.com/aws/smithy-go/encoding/httpbinding
 github.com/aws/smithy-go/encoding/json
 github.com/aws/smithy-go/encoding/xml
+github.com/aws/smithy-go/endpoints
+github.com/aws/smithy-go/endpoints/private/rulesfn
 github.com/aws/smithy-go/internal/sync/singleflight
 github.com/aws/smithy-go/io
 github.com/aws/smithy-go/logging
@@ -269,8 +308,8 @@ github.com/aws/smithy-go/time
 github.com/aws/smithy-go/transport/http
 github.com/aws/smithy-go/transport/http/internal/io
 github.com/aws/smithy-go/waiter
-# github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20220228164355-396b2034c795
-## explicit; go 1.13
+# github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20231024185945-8841054dbdb8
+## explicit; go 1.19
 github.com/awslabs/amazon-ecr-credential-helper/ecr-login
 github.com/awslabs/amazon-ecr-credential-helper/ecr-login/api
 github.com/awslabs/amazon-ecr-credential-helper/ecr-login/cache
@@ -282,10 +321,18 @@ github.com/beorn7/perks/quantile
 # github.com/blang/semver v3.5.1+incompatible
 ## explicit
 github.com/blang/semver
-# github.com/buildkite/agent/v3 v3.49.0
-## explicit; go 1.18
+# github.com/buildkite/agent/v3 v3.58.0
+## explicit; go 1.20
 github.com/buildkite/agent/v3/api
+github.com/buildkite/agent/v3/env
+github.com/buildkite/agent/v3/internal/ordered
+github.com/buildkite/agent/v3/internal/pipeline
 github.com/buildkite/agent/v3/logger
+github.com/buildkite/agent/v3/tracetools
+github.com/buildkite/agent/v3/version
+# github.com/buildkite/interpolate v0.0.0-20200526001904-07f35b4ae251
+## explicit
+github.com/buildkite/interpolate
 # github.com/cespare/xxhash/v2 v2.2.0
 ## explicit; go 1.11
 github.com/cespare/xxhash/v2
@@ -295,15 +342,15 @@ github.com/chai2010/gettext-go
 github.com/chai2010/gettext-go/mo
 github.com/chai2010/gettext-go/plural
 github.com/chai2010/gettext-go/po
-# github.com/chrismellard/docker-credential-acr-env v0.0.0-20220119192733-fe33c00cee21
-## explicit; go 1.14
+# github.com/chrismellard/docker-credential-acr-env v0.0.0-20230304212654-82a0ddb27589
+## explicit; go 1.18
 github.com/chrismellard/docker-credential-acr-env/pkg/credhelper
 github.com/chrismellard/docker-credential-acr-env/pkg/registry
 github.com/chrismellard/docker-credential-acr-env/pkg/token
-# github.com/clbanning/mxj/v2 v2.5.6
+# github.com/clbanning/mxj/v2 v2.7.0
 ## explicit; go 1.15
 github.com/clbanning/mxj/v2
-# github.com/cloudflare/circl v1.3.3
+# github.com/cloudflare/circl v1.3.5
 ## explicit; go 1.19
 github.com/cloudflare/circl/dh/x25519
 github.com/cloudflare/circl/dh/x448
@@ -379,28 +426,34 @@ github.com/containers/storage/pkg/chunked/compressor
 github.com/containers/storage/pkg/chunked/internal
 github.com/containers/storage/pkg/ioutils
 github.com/containers/storage/pkg/longpath
-# github.com/coreos/go-oidc/v3 v3.6.0
+# github.com/coreos/go-oidc/v3 v3.7.0
 ## explicit; go 1.19
 github.com/coreos/go-oidc/v3/oidc
-# github.com/cyberphone/json-canonicalization v0.0.0-20220623050100-57a0ce2678a7
+# github.com/cyberphone/json-canonicalization v0.0.0-20231011164504-785e29786b46
 ## explicit
 github.com/cyberphone/json-canonicalization/go/src/webpki.org/jsoncanonicalizer
 # github.com/cyphar/filepath-securejoin v0.2.4
 ## explicit; go 1.13
 github.com/cyphar/filepath-securejoin
-# github.com/davecgh/go-spew v1.1.1
+# github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc
 ## explicit
 github.com/davecgh/go-spew/spew
-# github.com/digitorus/pkcs7 v0.0.0-20221212123742-001c36b64ec3
+# github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0
+## explicit; go 1.17
+github.com/decred/dcrd/dcrec/secp256k1/v4
+# github.com/digitorus/pkcs7 v0.0.0-20230818184609-3a137a874352
 ## explicit; go 1.13
 github.com/digitorus/pkcs7
-# github.com/digitorus/timestamp v0.0.0-20221019182153-ef3b63b79b31
+# github.com/digitorus/timestamp v0.0.0-20230902153158-687734543647
 ## explicit; go 1.16
 github.com/digitorus/timestamp
 # github.com/dimchansky/utfbom v1.1.1
 ## explicit
 github.com/dimchansky/utfbom
-# github.com/docker/cli v23.0.5+incompatible
+# github.com/distribution/reference v0.5.0
+## explicit; go 1.20
+github.com/distribution/reference
+# github.com/docker/cli v24.0.7+incompatible
 ## explicit
 github.com/docker/cli/cli/command
 github.com/docker/cli/cli/config
@@ -415,6 +468,7 @@ github.com/docker/cli/cli/context/docker
 github.com/docker/cli/cli/context/store
 github.com/docker/cli/cli/debug
 github.com/docker/cli/cli/flags
+github.com/docker/cli/cli/hints
 github.com/docker/cli/cli/manifest/store
 github.com/docker/cli/cli/manifest/types
 github.com/docker/cli/cli/registry/client
@@ -422,10 +476,9 @@ github.com/docker/cli/cli/streams
 github.com/docker/cli/cli/trust
 github.com/docker/cli/cli/version
 github.com/docker/cli/opts
-# github.com/docker/distribution v2.8.2+incompatible
+# github.com/docker/distribution v2.8.3+incompatible
 ## explicit
 github.com/docker/distribution
-github.com/docker/distribution/digestset
 github.com/docker/distribution/manifest
 github.com/docker/distribution/manifest/manifestlist
 github.com/docker/distribution/manifest/ocischema
@@ -441,7 +494,7 @@ github.com/docker/distribution/registry/client/transport
 github.com/docker/distribution/registry/storage/cache
 github.com/docker/distribution/registry/storage/cache/memory
 github.com/docker/distribution/uuid
-# github.com/docker/docker v23.0.5+incompatible
+# github.com/docker/docker v24.0.7+incompatible
 ## explicit
 github.com/docker/docker/api
 github.com/docker/docker/api/types
@@ -466,8 +519,8 @@ github.com/docker/docker/pkg/ioutils
 github.com/docker/docker/pkg/jsonmessage
 github.com/docker/docker/pkg/longpath
 github.com/docker/docker/registry
-# github.com/docker/docker-credential-helpers v0.7.0
-## explicit; go 1.18
+# github.com/docker/docker-credential-helpers v0.8.0
+## explicit; go 1.19
 github.com/docker/docker-credential-helpers/client
 github.com/docker/docker-credential-helpers/credentials
 # github.com/docker/go v1.5.1-1.0.20160303222718-d30aec9fd63c
@@ -489,7 +542,16 @@ github.com/docker/go-units
 github.com/drone/envsubst
 github.com/drone/envsubst/parse
 github.com/drone/envsubst/path
-# github.com/emicklei/go-restful/v3 v3.10.1
+# github.com/dustin/go-humanize v1.0.1
+## explicit; go 1.16
+github.com/dustin/go-humanize
+# github.com/ebitengine/purego v0.5.0
+## explicit; go 1.18
+github.com/ebitengine/purego
+github.com/ebitengine/purego/internal/cgo
+github.com/ebitengine/purego/internal/fakecgo
+github.com/ebitengine/purego/internal/strings
+# github.com/emicklei/go-restful/v3 v3.11.0
 ## explicit; go 1.13
 github.com/emicklei/go-restful/v3
 github.com/emicklei/go-restful/v3/log
@@ -502,16 +564,16 @@ github.com/evanphx/json-patch/v5
 # github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f
 ## explicit; go 1.15
 github.com/exponent-io/jsonpath
-# github.com/fatih/color v1.13.0
-## explicit; go 1.13
+# github.com/fatih/color v1.15.0
+## explicit; go 1.17
 github.com/fatih/color
-# github.com/fsnotify/fsnotify v1.6.0
-## explicit; go 1.16
+# github.com/fsnotify/fsnotify v1.7.0
+## explicit; go 1.17
 github.com/fsnotify/fsnotify
 # github.com/fvbommel/sortorder v1.0.2
 ## explicit; go 1.13
 github.com/fvbommel/sortorder
-# github.com/gabriel-vasile/mimetype v1.4.2
+# github.com/gabriel-vasile/mimetype v1.4.3
 ## explicit; go 1.20
 github.com/gabriel-vasile/mimetype
 github.com/gabriel-vasile/mimetype/internal/charset
@@ -615,8 +677,8 @@ github.com/go-jose/go-jose/v3
 github.com/go-jose/go-jose/v3/cipher
 github.com/go-jose/go-jose/v3/json
 github.com/go-jose/go-jose/v3/jwt
-# github.com/go-logr/logr v1.2.4
-## explicit; go 1.16
+# github.com/go-logr/logr v1.3.0
+## explicit; go 1.18
 github.com/go-logr/logr
 github.com/go-logr/logr/funcr
 # github.com/go-logr/stdr v1.2.2
@@ -634,11 +696,11 @@ github.com/go-openapi/analysis/internal/flatten/operations
 github.com/go-openapi/analysis/internal/flatten/replace
 github.com/go-openapi/analysis/internal/flatten/schutils
 github.com/go-openapi/analysis/internal/flatten/sortref
-# github.com/go-openapi/errors v0.20.3
+# github.com/go-openapi/errors v0.20.4
 ## explicit; go 1.14
 github.com/go-openapi/errors
-# github.com/go-openapi/jsonpointer v0.19.6
-## explicit; go 1.13
+# github.com/go-openapi/jsonpointer v0.20.0
+## explicit; go 1.18
 github.com/go-openapi/jsonpointer
 # github.com/go-openapi/jsonreference v0.20.2
 ## explicit; go 1.13
@@ -677,7 +739,7 @@ github.com/go-playground/locales/currency
 # github.com/go-playground/universal-translator v0.18.1
 ## explicit; go 1.18
 github.com/go-playground/universal-translator
-# github.com/go-playground/validator/v10 v10.14.0
+# github.com/go-playground/validator/v10 v10.15.5
 ## explicit; go 1.18
 github.com/go-playground/validator/v10
 # github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572
@@ -696,6 +758,17 @@ github.com/gobwas/glob/syntax/ast
 github.com/gobwas/glob/syntax/lexer
 github.com/gobwas/glob/util/runes
 github.com/gobwas/glob/util/strings
+# github.com/goccy/go-json v0.10.2
+## explicit; go 1.12
+github.com/goccy/go-json
+github.com/goccy/go-json/internal/decoder
+github.com/goccy/go-json/internal/encoder
+github.com/goccy/go-json/internal/encoder/vm
+github.com/goccy/go-json/internal/encoder/vm_color
+github.com/goccy/go-json/internal/encoder/vm_color_indent
+github.com/goccy/go-json/internal/encoder/vm_indent
+github.com/goccy/go-json/internal/errors
+github.com/goccy/go-json/internal/runtime
 # github.com/gogo/protobuf v1.3.2
 ## explicit; go 1.15
 github.com/gogo/protobuf/proto
@@ -725,8 +798,8 @@ github.com/golang/snappy
 # github.com/google/btree v1.1.2
 ## explicit; go 1.18
 github.com/google/btree
-# github.com/google/certificate-transparency-go v1.1.6
-## explicit; go 1.19
+# github.com/google/certificate-transparency-go v1.1.7
+## explicit; go 1.20
 github.com/google/certificate-transparency-go
 github.com/google/certificate-transparency-go/asn1
 github.com/google/certificate-transparency-go/gossip/minimal/x509ext
@@ -740,15 +813,21 @@ github.com/google/gnostic/compiler
 github.com/google/gnostic/extensions
 github.com/google/gnostic/jsonschema
 github.com/google/gnostic/openapiv2
-github.com/google/gnostic/openapiv3
-# github.com/google/go-cmp v0.5.9
+# github.com/google/gnostic-models v0.6.9-0.20230804172637-c7be7c783f49
+## explicit; go 1.18
+github.com/google/gnostic-models/compiler
+github.com/google/gnostic-models/extensions
+github.com/google/gnostic-models/jsonschema
+github.com/google/gnostic-models/openapiv2
+github.com/google/gnostic-models/openapiv3
+# github.com/google/go-cmp v0.6.0
 ## explicit; go 1.13
 github.com/google/go-cmp/cmp
 github.com/google/go-cmp/cmp/internal/diff
 github.com/google/go-cmp/cmp/internal/flags
 github.com/google/go-cmp/cmp/internal/function
 github.com/google/go-cmp/cmp/internal/value
-# github.com/google/go-containerregistry v0.15.2
+# github.com/google/go-containerregistry v0.16.1
 ## explicit; go 1.18
 github.com/google/go-containerregistry/internal/and
 github.com/google/go-containerregistry/internal/compression
@@ -780,9 +859,9 @@ github.com/google/go-containerregistry/pkg/v1/types
 # github.com/google/go-github/v45 v45.2.0
 ## explicit; go 1.17
 github.com/google/go-github/v45/github
-# github.com/google/go-github/v50 v50.2.0
+# github.com/google/go-github/v55 v55.0.0
 ## explicit; go 1.17
-github.com/google/go-github/v50/github
+github.com/google/go-github/v55/github
 # github.com/google/go-querystring v1.1.0
 ## explicit; go 1.10
 github.com/google/go-querystring/query
@@ -790,11 +869,11 @@ github.com/google/go-querystring/query
 ## explicit; go 1.12
 github.com/google/gofuzz
 github.com/google/gofuzz/bytesource
-# github.com/google/pprof v0.0.0-20221103000818-d260c55eee4c
-## explicit; go 1.18
+# github.com/google/pprof v0.0.0-20231023181126-ff6d637d2a7b
+## explicit; go 1.19
 github.com/google/pprof/profile
-# github.com/google/s2a-go v0.1.4
-## explicit; go 1.16
+# github.com/google/s2a-go v0.1.7
+## explicit; go 1.19
 github.com/google/s2a-go
 github.com/google/s2a-go/fallback
 github.com/google/s2a-go/internal/authinfo
@@ -814,14 +893,15 @@ github.com/google/s2a-go/internal/v2
 github.com/google/s2a-go/internal/v2/certverifier
 github.com/google/s2a-go/internal/v2/remotesigner
 github.com/google/s2a-go/internal/v2/tlsconfigstore
+github.com/google/s2a-go/retry
 github.com/google/s2a-go/stream
 # github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510
 ## explicit; go 1.13
 github.com/google/shlex
-# github.com/google/uuid v1.3.0
+# github.com/google/uuid v1.4.0
 ## explicit
 github.com/google/uuid
-# github.com/googleapis/enterprise-certificate-proxy v0.2.4
+# github.com/googleapis/enterprise-certificate-proxy v0.3.2
 ## explicit; go 1.19
 github.com/googleapis/enterprise-certificate-proxy/client
 github.com/googleapis/enterprise-certificate-proxy/client/util
@@ -833,6 +913,9 @@ github.com/gorilla/mux
 github.com/gosuri/uitable
 github.com/gosuri/uitable/util/strutil
 github.com/gosuri/uitable/util/wordwrap
+# github.com/gowebpki/jcs v1.0.1
+## explicit; go 1.15
+github.com/gowebpki/jcs
 # github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79
 ## explicit
 github.com/gregjones/httpcache
@@ -845,11 +928,11 @@ github.com/hashicorp/go-cleanhttp
 # github.com/hashicorp/go-multierror v1.1.1
 ## explicit; go 1.13
 github.com/hashicorp/go-multierror
-# github.com/hashicorp/go-retryablehttp v0.7.2
+# github.com/hashicorp/go-retryablehttp v0.7.4
 ## explicit; go 1.13
 github.com/hashicorp/go-retryablehttp
-# github.com/hashicorp/hcl v1.0.0
-## explicit
+# github.com/hashicorp/hcl v1.0.1-vault-5
+## explicit; go 1.15
 github.com/hashicorp/hcl
 github.com/hashicorp/hcl/hcl/ast
 github.com/hashicorp/hcl/hcl/parser
@@ -863,7 +946,7 @@ github.com/hashicorp/hcl/json/token
 # github.com/huandu/xstrings v1.4.0
 ## explicit; go 1.12
 github.com/huandu/xstrings
-# github.com/imdario/mergo v0.3.15
+# github.com/imdario/mergo v0.3.16
 ## explicit; go 1.13
 github.com/imdario/mergo
 # github.com/in-toto/in-toto-golang v0.9.0
@@ -876,8 +959,8 @@ github.com/in-toto/in-toto-golang/in_toto/slsa_provenance/v1
 # github.com/inconshreveable/mousetrap v1.1.0
 ## explicit; go 1.18
 github.com/inconshreveable/mousetrap
-# github.com/jedisct1/go-minisign v0.0.0-20211028175153-1c139d1cc84b
-## explicit; go 1.17
+# github.com/jedisct1/go-minisign v0.0.0-20230811132847-661be99b8267
+## explicit; go 1.20
 github.com/jedisct1/go-minisign
 # github.com/jmespath/go-jmespath v0.4.0
 ## explicit; go 1.14
@@ -892,7 +975,7 @@ github.com/josharian/intern
 # github.com/json-iterator/go v1.1.12
 ## explicit; go 1.12
 github.com/json-iterator/go
-# github.com/klauspost/compress v1.16.5
+# github.com/klauspost/compress v1.17.2
 ## explicit; go 1.18
 github.com/klauspost/compress
 github.com/klauspost/compress/flate
@@ -902,7 +985,7 @@ github.com/klauspost/compress/internal/cpuinfo
 github.com/klauspost/compress/internal/snapref
 github.com/klauspost/compress/zstd
 github.com/klauspost/compress/zstd/internal/xxhash
-# github.com/klauspost/pgzip v1.2.5
+# github.com/klauspost/pgzip v1.2.6
 ## explicit
 github.com/klauspost/pgzip
 # github.com/lann/builder v0.0.0-20180802200727-47ae307949d0
@@ -914,17 +997,43 @@ github.com/lann/ps
 # github.com/leodido/go-urn v1.2.4
 ## explicit; go 1.16
 github.com/leodido/go-urn
-# github.com/letsencrypt/boulder v0.0.0-20221109233200-85aa52084eaf
-## explicit; go 1.18
+# github.com/lestrrat-go/blackmagic v1.0.2
+## explicit; go 1.16
+github.com/lestrrat-go/blackmagic
+# github.com/lestrrat-go/httpcc v1.0.1
+## explicit; go 1.16
+github.com/lestrrat-go/httpcc
+# github.com/lestrrat-go/httprc v1.0.4
+## explicit; go 1.17
+github.com/lestrrat-go/httprc
+# github.com/lestrrat-go/iter v1.0.2
+## explicit; go 1.13
+github.com/lestrrat-go/iter/arrayiter
+github.com/lestrrat-go/iter/mapiter
+# github.com/lestrrat-go/jwx/v2 v2.0.16
+## explicit; go 1.16
+github.com/lestrrat-go/jwx/v2/cert
+github.com/lestrrat-go/jwx/v2/internal/base64
+github.com/lestrrat-go/jwx/v2/internal/ecutil
+github.com/lestrrat-go/jwx/v2/internal/iter
+github.com/lestrrat-go/jwx/v2/internal/json
+github.com/lestrrat-go/jwx/v2/internal/keyconv
+github.com/lestrrat-go/jwx/v2/internal/pool
+github.com/lestrrat-go/jwx/v2/jwa
+github.com/lestrrat-go/jwx/v2/jwk
+github.com/lestrrat-go/jwx/v2/jws
+github.com/lestrrat-go/jwx/v2/x25519
+# github.com/lestrrat-go/option v1.0.1
+## explicit; go 1.16
+github.com/lestrrat-go/option
+# github.com/letsencrypt/boulder v0.0.0-20231026200631-000cd05d5491
+## explicit; go 1.21
 github.com/letsencrypt/boulder/core
-github.com/letsencrypt/boulder/core/proto
-github.com/letsencrypt/boulder/errors
-github.com/letsencrypt/boulder/features
 github.com/letsencrypt/boulder/goodkey
 github.com/letsencrypt/boulder/identifier
 github.com/letsencrypt/boulder/probs
 github.com/letsencrypt/boulder/revocation
-github.com/letsencrypt/boulder/sa/proto
+github.com/letsencrypt/boulder/strictyaml
 # github.com/lib/pq v1.10.9
 ## explicit; go 1.13
 github.com/lib/pq
@@ -985,15 +1094,15 @@ github.com/marstr/guid
 # github.com/mattn/go-colorable v0.1.13
 ## explicit; go 1.15
 github.com/mattn/go-colorable
-# github.com/mattn/go-isatty v0.0.19
+# github.com/mattn/go-isatty v0.0.20
 ## explicit; go 1.15
 github.com/mattn/go-isatty
-# github.com/mattn/go-runewidth v0.0.14
+# github.com/mattn/go-runewidth v0.0.15
 ## explicit; go 1.9
 github.com/mattn/go-runewidth
-# github.com/matttproud/golang_protobuf_extensions v1.0.4
-## explicit; go 1.9
-github.com/matttproud/golang_protobuf_extensions/pbutil
+# github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0
+## explicit; go 1.19
+github.com/matttproud/golang_protobuf_extensions/v2/pbutil
 # github.com/miekg/pkcs11 v1.1.1
 ## explicit; go 1.12
 github.com/miekg/pkcs11
@@ -1059,6 +1168,9 @@ github.com/nxadm/tail/winfile
 # github.com/oklog/ulid v1.3.1
 ## explicit
 github.com/oklog/ulid
+# github.com/oleiade/reflections v1.0.1
+## explicit; go 1.15
+github.com/oleiade/reflections
 # github.com/onsi/ginkgo v1.16.5
 ## explicit; go 1.16
 github.com/onsi/ginkgo
@@ -1313,7 +1425,8 @@ github.com/opencontainers/distribution-spec/specs-go/v1
 # github.com/opencontainers/go-digest v1.0.0
 ## explicit; go 1.13
 github.com/opencontainers/go-digest
-# github.com/opencontainers/image-spec v1.1.0-rc3
+github.com/opencontainers/go-digest/digestset
+# github.com/opencontainers/image-spec v1.1.0-rc5
 ## explicit; go 1.18
 github.com/opencontainers/image-spec/specs-go
 github.com/opencontainers/image-spec/specs-go/v1
@@ -1322,13 +1435,18 @@ github.com/opencontainers/image-spec/specs-go/v1
 github.com/opentracing/opentracing-go
 github.com/opentracing/opentracing-go/ext
 github.com/opentracing/opentracing-go/log
+# github.com/outcaste-io/ristretto v0.2.3
+## explicit; go 1.12
+github.com/outcaste-io/ristretto
+github.com/outcaste-io/ristretto/z
+github.com/outcaste-io/ristretto/z/simd
 # github.com/pborman/uuid v1.2.1
 ## explicit
 github.com/pborman/uuid
 # github.com/pelletier/go-toml v1.9.5
 ## explicit; go 1.12
 github.com/pelletier/go-toml
-# github.com/pelletier/go-toml/v2 v2.0.8
+# github.com/pelletier/go-toml/v2 v2.1.0
 ## explicit; go 1.16
 github.com/pelletier/go-toml/v2
 github.com/pelletier/go-toml/v2/internal/characters
@@ -1338,29 +1456,35 @@ github.com/pelletier/go-toml/v2/unstable
 # github.com/peterbourgon/diskv v2.0.1+incompatible
 ## explicit
 github.com/peterbourgon/diskv
+# github.com/philhofer/fwd v1.1.2
+## explicit; go 1.15
+github.com/philhofer/fwd
 # github.com/pkg/errors v0.9.1
 ## explicit
 github.com/pkg/errors
-# github.com/prometheus/client_golang v1.15.1
-## explicit; go 1.17
+# github.com/prometheus/client_golang v1.17.0
+## explicit; go 1.19
 github.com/prometheus/client_golang/prometheus
 github.com/prometheus/client_golang/prometheus/collectors
 github.com/prometheus/client_golang/prometheus/internal
 github.com/prometheus/client_golang/prometheus/promhttp
-# github.com/prometheus/client_model v0.4.0
-## explicit; go 1.18
+# github.com/prometheus/client_model v0.5.0
+## explicit; go 1.19
 github.com/prometheus/client_model/go
-# github.com/prometheus/common v0.42.0
-## explicit; go 1.18
+# github.com/prometheus/common v0.45.0
+## explicit; go 1.20
 github.com/prometheus/common/expfmt
 github.com/prometheus/common/internal/bitbucket.org/ww/goautoneg
 github.com/prometheus/common/model
-# github.com/prometheus/procfs v0.9.0
-## explicit; go 1.18
+# github.com/prometheus/procfs v0.12.0
+## explicit; go 1.19
 github.com/prometheus/procfs
 github.com/prometheus/procfs/internal/fs
 github.com/prometheus/procfs/internal/util
-# github.com/rivo/uniseg v0.4.2
+# github.com/puzpuzpuz/xsync/v2 v2.5.1
+## explicit; go 1.18
+github.com/puzpuzpuz/xsync/v2
+# github.com/rivo/uniseg v0.4.4
 ## explicit; go 1.18
 github.com/rivo/uniseg
 # github.com/robfig/cron/v3 v3.0.1
@@ -1373,15 +1497,31 @@ github.com/rubenv/sql-migrate/sqlparse
 # github.com/russross/blackfriday/v2 v2.1.0
 ## explicit
 github.com/russross/blackfriday/v2
+# github.com/sagikazarmark/locafero v0.3.0
+## explicit; go 1.20
+github.com/sagikazarmark/locafero
+# github.com/sagikazarmark/slog-shim v0.1.0
+## explicit; go 1.20
+github.com/sagikazarmark/slog-shim
 # github.com/sassoftware/relic v7.2.1+incompatible
 ## explicit
 github.com/sassoftware/relic/lib/pkcs7
 github.com/sassoftware/relic/lib/x509tools
-# github.com/secure-systems-lab/go-securesystemslib v0.6.0
+# github.com/secure-systems-lab/go-securesystemslib v0.7.0
 ## explicit; go 1.20
 github.com/secure-systems-lab/go-securesystemslib/cjson
 github.com/secure-systems-lab/go-securesystemslib/dsse
+github.com/secure-systems-lab/go-securesystemslib/encrypted
 github.com/secure-systems-lab/go-securesystemslib/signerverifier
+# github.com/segmentio/asm v1.2.0
+## explicit; go 1.18
+github.com/segmentio/asm/base64
+github.com/segmentio/asm/cpu
+github.com/segmentio/asm/cpu/arm
+github.com/segmentio/asm/cpu/arm64
+github.com/segmentio/asm/cpu/cpuid
+github.com/segmentio/asm/cpu/x86
+github.com/segmentio/asm/internal/unsafebytes
 # github.com/segmentio/ksuid v1.0.4
 ## explicit; go 1.12
 github.com/segmentio/ksuid
@@ -1391,14 +1531,13 @@ github.com/shibumi/go-pathspec
 # github.com/shopspring/decimal v1.3.1
 ## explicit; go 1.13
 github.com/shopspring/decimal
-# github.com/sigstore/cosign/v2 v2.1.1
-## explicit; go 1.19
+# github.com/sigstore/cosign/v2 v2.2.1
+## explicit; go 1.21
 github.com/sigstore/cosign/v2/cmd/cosign/cli/fulcio
 github.com/sigstore/cosign/v2/cmd/cosign/cli/options
 github.com/sigstore/cosign/v2/cmd/cosign/cli/sign/privacy
 github.com/sigstore/cosign/v2/internal/pkg/cosign
 github.com/sigstore/cosign/v2/internal/pkg/cosign/fulcio/fulcioroots
-github.com/sigstore/cosign/v2/internal/pkg/now
 github.com/sigstore/cosign/v2/internal/pkg/oci/remote
 github.com/sigstore/cosign/v2/internal/ui
 github.com/sigstore/cosign/v2/pkg/blob
@@ -1431,11 +1570,11 @@ github.com/sigstore/cosign/v2/pkg/providers/google
 github.com/sigstore/cosign/v2/pkg/providers/spiffe
 github.com/sigstore/cosign/v2/pkg/signature
 github.com/sigstore/cosign/v2/pkg/types
-# github.com/sigstore/fulcio v1.3.1
+# github.com/sigstore/fulcio v1.4.3
 ## explicit; go 1.20
 github.com/sigstore/fulcio/pkg/api
-# github.com/sigstore/rekor v1.2.2-0.20230530122220-67cc9e58bd23
-## explicit; go 1.19
+# github.com/sigstore/rekor v1.3.3
+## explicit; go 1.21
 github.com/sigstore/rekor/pkg/client
 github.com/sigstore/rekor/pkg/generated/client
 github.com/sigstore/rekor/pkg/generated/client/entries
@@ -1445,6 +1584,7 @@ github.com/sigstore/rekor/pkg/generated/client/tlog
 github.com/sigstore/rekor/pkg/generated/models
 github.com/sigstore/rekor/pkg/log
 github.com/sigstore/rekor/pkg/pki
+github.com/sigstore/rekor/pkg/pki/identity
 github.com/sigstore/rekor/pkg/pki/minisign
 github.com/sigstore/rekor/pkg/pki/pgp
 github.com/sigstore/rekor/pkg/pki/pkcs7
@@ -1463,8 +1603,8 @@ github.com/sigstore/rekor/pkg/types/rekord
 github.com/sigstore/rekor/pkg/types/rekord/v0.0.1
 github.com/sigstore/rekor/pkg/util
 github.com/sigstore/rekor/pkg/verify
-# github.com/sigstore/sigstore v1.7.1
-## explicit; go 1.19
+# github.com/sigstore/sigstore v1.7.5
+## explicit; go 1.20
 github.com/sigstore/sigstore/pkg/cryptoutils
 github.com/sigstore/sigstore/pkg/fulcioroots
 github.com/sigstore/sigstore/pkg/oauth
@@ -1475,8 +1615,8 @@ github.com/sigstore/sigstore/pkg/signature/kms
 github.com/sigstore/sigstore/pkg/signature/options
 github.com/sigstore/sigstore/pkg/signature/payload
 github.com/sigstore/sigstore/pkg/tuf
-# github.com/sigstore/timestamp-authority v1.1.1
-## explicit; go 1.20
+# github.com/sigstore/timestamp-authority v1.2.0
+## explicit; go 1.21
 github.com/sigstore/timestamp-authority/pkg/verification
 # github.com/sirupsen/logrus v1.9.3
 ## explicit; go 1.13
@@ -1484,7 +1624,13 @@ github.com/sirupsen/logrus
 # github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966
 ## explicit
 github.com/skratchdot/open-golang/open
-# github.com/spf13/afero v1.9.5
+# github.com/sourcegraph/conc v0.3.0
+## explicit; go 1.19
+github.com/sourcegraph/conc
+github.com/sourcegraph/conc/internal/multierror
+github.com/sourcegraph/conc/iter
+github.com/sourcegraph/conc/panics
+# github.com/spf13/afero v1.10.0
 ## explicit; go 1.16
 github.com/spf13/afero
 github.com/spf13/afero/internal/common
@@ -1492,17 +1638,14 @@ github.com/spf13/afero/mem
 # github.com/spf13/cast v1.5.1
 ## explicit; go 1.18
 github.com/spf13/cast
-# github.com/spf13/cobra v1.7.0
+# github.com/spf13/cobra v1.8.0
 ## explicit; go 1.15
 github.com/spf13/cobra
-# github.com/spf13/jwalterweatherman v1.1.0
-## explicit
-github.com/spf13/jwalterweatherman
 # github.com/spf13/pflag v1.0.5
 ## explicit; go 1.12
 github.com/spf13/pflag
-# github.com/spf13/viper v1.16.0
-## explicit; go 1.17
+# github.com/spf13/viper v1.17.0
+## explicit; go 1.18
 github.com/spf13/viper
 github.com/spf13/viper/internal/encoding
 github.com/spf13/viper/internal/encoding/dotenv
@@ -1527,7 +1670,7 @@ github.com/spiffe/go-spiffe/v2/spiffeid
 github.com/spiffe/go-spiffe/v2/svid/jwtsvid
 github.com/spiffe/go-spiffe/v2/svid/x509svid
 github.com/spiffe/go-spiffe/v2/workloadapi
-# github.com/subosito/gotenv v1.4.2
+# github.com/subosito/gotenv v1.6.0
 ## explicit; go 1.18
 github.com/subosito/gotenv
 # github.com/syndtr/goleveldb v1.0.1-0.20220721030215-126854af5e6d
@@ -1547,18 +1690,16 @@ github.com/syndtr/goleveldb/leveldb/util
 # github.com/thales-e-security/pool v0.0.2
 ## explicit; go 1.12
 github.com/thales-e-security/pool
-# github.com/theupdateframework/go-tuf v0.5.2
-## explicit; go 1.18
+# github.com/theupdateframework/go-tuf v0.6.1
+## explicit; go 1.20
 github.com/theupdateframework/go-tuf
 github.com/theupdateframework/go-tuf/client
 github.com/theupdateframework/go-tuf/client/leveldbstore
 github.com/theupdateframework/go-tuf/data
-github.com/theupdateframework/go-tuf/encrypted
 github.com/theupdateframework/go-tuf/internal/fsutil
 github.com/theupdateframework/go-tuf/internal/roles
 github.com/theupdateframework/go-tuf/internal/sets
 github.com/theupdateframework/go-tuf/internal/signer
-github.com/theupdateframework/go-tuf/pkg/deprecated/set_ecdsa
 github.com/theupdateframework/go-tuf/pkg/keys
 github.com/theupdateframework/go-tuf/pkg/targets
 github.com/theupdateframework/go-tuf/sign
@@ -1580,11 +1721,14 @@ github.com/theupdateframework/notary/tuf/data
 github.com/theupdateframework/notary/tuf/signed
 github.com/theupdateframework/notary/tuf/utils
 github.com/theupdateframework/notary/tuf/validation
+# github.com/tinylib/msgp v1.1.8
+## explicit; go 1.15
+github.com/tinylib/msgp/msgp
 # github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399
 ## explicit
 github.com/titanous/rocacheck
-# github.com/tjfoc/gmsm v1.3.2
-## explicit; go 1.12
+# github.com/tjfoc/gmsm v1.4.1
+## explicit; go 1.14
 github.com/tjfoc/gmsm/sm3
 # github.com/tonglil/buflogr v1.0.1
 ## explicit; go 1.17
@@ -1595,7 +1739,7 @@ github.com/transparency-dev/merkle
 github.com/transparency-dev/merkle/compact
 github.com/transparency-dev/merkle/proof
 github.com/transparency-dev/merkle/rfc6962
-# github.com/ulikunitz/xz v0.5.10
+# github.com/ulikunitz/xz v0.5.11
 ## explicit; go 1.12
 github.com/ulikunitz/xz
 github.com/ulikunitz/xz/internal/hash
@@ -1607,10 +1751,10 @@ github.com/valyala/bytebufferpool
 # github.com/valyala/fasttemplate v1.2.2
 ## explicit; go 1.12
 github.com/valyala/fasttemplate
-# github.com/vbatts/tar-split v0.11.3
-## explicit; go 1.15
+# github.com/vbatts/tar-split v0.11.5
+## explicit; go 1.17
 github.com/vbatts/tar-split/archive/tar
-# github.com/xanzy/go-gitlab v0.86.0
+# github.com/xanzy/go-gitlab v0.93.2
 ## explicit; go 1.18
 github.com/xanzy/go-gitlab
 # github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb
@@ -1628,7 +1772,7 @@ github.com/xlab/treeprint
 # github.com/zeebo/errs v1.3.0
 ## explicit; go 1.12
 github.com/zeebo/errs
-# go.mongodb.org/mongo-driver v1.11.3
+# go.mongodb.org/mongo-driver v1.12.1
 ## explicit; go 1.13
 go.mongodb.org/mongo-driver/bson
 go.mongodb.org/mongo-driver/bson/bsoncodec
@@ -1655,8 +1799,8 @@ go.opencensus.io/trace
 go.opencensus.io/trace/internal
 go.opencensus.io/trace/propagation
 go.opencensus.io/trace/tracestate
-# go.opentelemetry.io/otel v1.16.0
-## explicit; go 1.19
+# go.opentelemetry.io/otel v1.19.0
+## explicit; go 1.20
 go.opentelemetry.io/otel
 go.opentelemetry.io/otel/attribute
 go.opentelemetry.io/otel/baggage
@@ -1671,12 +1815,12 @@ go.opentelemetry.io/otel/semconv/internal/v2
 go.opentelemetry.io/otel/semconv/v1.12.0
 go.opentelemetry.io/otel/semconv/v1.17.0
 go.opentelemetry.io/otel/semconv/v1.17.0/httpconv
-# go.opentelemetry.io/otel/metric v1.16.0
-## explicit; go 1.19
+# go.opentelemetry.io/otel/metric v1.19.0
+## explicit; go 1.20
 go.opentelemetry.io/otel/metric
 go.opentelemetry.io/otel/metric/embedded
-# go.opentelemetry.io/otel/trace v1.16.0
-## explicit; go 1.19
+# go.opentelemetry.io/otel/trace v1.19.0
+## explicit; go 1.20
 go.opentelemetry.io/otel/trace
 # go.starlark.net v0.0.0-20221028183056-acb66ad56dd2
 ## explicit; go 1.13
@@ -1686,8 +1830,8 @@ go.starlark.net/resolve
 go.starlark.net/starlark
 go.starlark.net/starlarkstruct
 go.starlark.net/syntax
-# go.step.sm/crypto v0.32.1
-## explicit; go 1.18
+# go.step.sm/crypto v0.36.1
+## explicit; go 1.20
 go.step.sm/crypto/fingerprint
 go.step.sm/crypto/internal/bcrypt_pbkdf
 go.step.sm/crypto/internal/emoji
@@ -1697,13 +1841,13 @@ go.step.sm/crypto/keyutil
 go.step.sm/crypto/pemutil
 go.step.sm/crypto/randutil
 go.step.sm/crypto/x25519
-# go.uber.org/atomic v1.10.0
+# go.uber.org/atomic v1.11.0
 ## explicit; go 1.18
 go.uber.org/atomic
 # go.uber.org/multierr v1.11.0
 ## explicit; go 1.19
 go.uber.org/multierr
-# go.uber.org/zap v1.24.0
+# go.uber.org/zap v1.26.0
 ## explicit; go 1.19
 go.uber.org/zap
 go.uber.org/zap/buffer
@@ -1711,7 +1855,15 @@ go.uber.org/zap/internal
 go.uber.org/zap/internal/bufferpool
 go.uber.org/zap/internal/color
 go.uber.org/zap/internal/exit
+go.uber.org/zap/internal/pool
+go.uber.org/zap/internal/stacktrace
 go.uber.org/zap/zapcore
+# go4.org/intern v0.0.0-20230525184215-6c62f75575cb
+## explicit; go 1.13
+go4.org/intern
+# go4.org/unsafe/assume-no-moving-gc v0.0.0-20230525183740-e7c30c78aeb2
+## explicit; go 1.11
+go4.org/unsafe/assume-no-moving-gc
 # golang.org/x/crypto v0.14.0
 ## explicit; go 1.17
 golang.org/x/crypto/argon2
@@ -1749,17 +1901,20 @@ golang.org/x/crypto/sha3
 golang.org/x/crypto/ssh
 golang.org/x/crypto/ssh/internal/bcrypt_pbkdf
 golang.org/x/crypto/ssh/terminal
-# golang.org/x/exp v0.0.0-20230321023759-10a507213a29
-## explicit; go 1.18
+# golang.org/x/exp v0.0.0-20231006140011-7918f672742d
+## explicit; go 1.20
 golang.org/x/exp/constraints
 golang.org/x/exp/maps
 golang.org/x/exp/slices
+golang.org/x/exp/slog
+golang.org/x/exp/slog/internal
+golang.org/x/exp/slog/internal/buffer
 # golang.org/x/lint v0.0.0-20210508222113-6edffad5e616
 ## explicit; go 1.11
 golang.org/x/lint
 golang.org/x/lint/golint
-# golang.org/x/mod v0.11.0
-## explicit; go 1.17
+# golang.org/x/mod v0.13.0
+## explicit; go 1.18
 golang.org/x/mod/internal/lazyregexp
 golang.org/x/mod/modfile
 golang.org/x/mod/module
@@ -1780,17 +1935,19 @@ golang.org/x/net/internal/socks
 golang.org/x/net/internal/timeseries
 golang.org/x/net/proxy
 golang.org/x/net/trace
-# golang.org/x/oauth2 v0.9.0
-## explicit; go 1.17
+# golang.org/x/oauth2 v0.13.0
+## explicit; go 1.18
 golang.org/x/oauth2
 golang.org/x/oauth2/authhandler
 golang.org/x/oauth2/google
 golang.org/x/oauth2/google/internal/externalaccount
+golang.org/x/oauth2/google/internal/externalaccountauthorizeduser
+golang.org/x/oauth2/google/internal/stsexchange
 golang.org/x/oauth2/internal
 golang.org/x/oauth2/jws
 golang.org/x/oauth2/jwt
-# golang.org/x/sync v0.3.0
-## explicit; go 1.17
+# golang.org/x/sync v0.5.0
+## explicit; go 1.18
 golang.org/x/sync/errgroup
 golang.org/x/sync/semaphore
 # golang.org/x/sys v0.13.0
@@ -1800,6 +1957,7 @@ golang.org/x/sys/execabs
 golang.org/x/sys/plan9
 golang.org/x/sys/unix
 golang.org/x/sys/windows
+golang.org/x/sys/windows/registry
 # golang.org/x/term v0.13.0
 ## explicit; go 1.17
 golang.org/x/term
@@ -1828,7 +1986,7 @@ golang.org/x/text/unicode/norm
 # golang.org/x/time v0.3.0
 ## explicit
 golang.org/x/time/rate
-# golang.org/x/tools v0.9.3
+# golang.org/x/tools v0.14.0
 ## explicit; go 1.18
 golang.org/x/tools/cmd/stringer
 golang.org/x/tools/go/ast/astutil
@@ -1836,6 +1994,7 @@ golang.org/x/tools/go/ast/inspector
 golang.org/x/tools/go/gcexportdata
 golang.org/x/tools/go/internal/packagesdriver
 golang.org/x/tools/go/packages
+golang.org/x/tools/go/types/objectpath
 golang.org/x/tools/imports
 golang.org/x/tools/internal/event
 golang.org/x/tools/internal/event/core
@@ -1852,10 +2011,14 @@ golang.org/x/tools/internal/pkgbits
 golang.org/x/tools/internal/tokeninternal
 golang.org/x/tools/internal/typeparams
 golang.org/x/tools/internal/typesinternal
+# golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028
+## explicit; go 1.18
+golang.org/x/xerrors
+golang.org/x/xerrors/internal
 # gomodules.xyz/jsonpatch/v2 v2.3.0
 ## explicit; go 1.20
 gomodules.xyz/jsonpatch/v2
-# google.golang.org/api v0.128.0
+# google.golang.org/api v0.149.0
 ## explicit; go 1.19
 google.golang.org/api/googleapi/transport
 google.golang.org/api/idtoken
@@ -1867,7 +2030,7 @@ google.golang.org/api/option
 google.golang.org/api/option/internaloption
 google.golang.org/api/transport/http
 google.golang.org/api/transport/http/internal/propagation
-# google.golang.org/appengine v1.6.7
+# google.golang.org/appengine v1.6.8
 ## explicit; go 1.11
 google.golang.org/appengine
 google.golang.org/appengine/internal
@@ -1877,15 +2040,13 @@ google.golang.org/appengine/internal/datastore
 google.golang.org/appengine/internal/log
 google.golang.org/appengine/internal/modules
 google.golang.org/appengine/internal/remote_api
-google.golang.org/appengine/internal/socket
 google.golang.org/appengine/internal/urlfetch
-google.golang.org/appengine/socket
 google.golang.org/appengine/urlfetch
-# google.golang.org/genproto/googleapis/rpc v0.0.0-20230530153820-e85fd2cbaebc
+# google.golang.org/genproto/googleapis/rpc v0.0.0-20231016165738-49dd2c1f3d0b
 ## explicit; go 1.19
 google.golang.org/genproto/googleapis/rpc/status
-# google.golang.org/grpc v1.56.3
-## explicit; go 1.17
+# google.golang.org/grpc v1.59.0
+## explicit; go 1.19
 google.golang.org/grpc
 google.golang.org/grpc/attributes
 google.golang.org/grpc/backoff
@@ -1915,6 +2076,7 @@ google.golang.org/grpc/internal/grpclog
 google.golang.org/grpc/internal/grpcrand
 google.golang.org/grpc/internal/grpcsync
 google.golang.org/grpc/internal/grpcutil
+google.golang.org/grpc/internal/idle
 google.golang.org/grpc/internal/metadata
 google.golang.org/grpc/internal/pretty
 google.golang.org/grpc/internal/resolver
@@ -1934,7 +2096,7 @@ google.golang.org/grpc/serviceconfig
 google.golang.org/grpc/stats
 google.golang.org/grpc/status
 google.golang.org/grpc/tap
-# google.golang.org/protobuf v1.30.0
+# google.golang.org/protobuf v1.31.0
 ## explicit; go 1.11
 google.golang.org/protobuf/encoding/protojson
 google.golang.org/protobuf/encoding/prototext
@@ -1967,9 +2129,46 @@ google.golang.org/protobuf/runtime/protoimpl
 google.golang.org/protobuf/types/descriptorpb
 google.golang.org/protobuf/types/known/anypb
 google.golang.org/protobuf/types/known/durationpb
-google.golang.org/protobuf/types/known/emptypb
 google.golang.org/protobuf/types/known/structpb
 google.golang.org/protobuf/types/known/timestamppb
+# gopkg.in/DataDog/dd-trace-go.v1 v1.56.1
+## explicit; go 1.19
+gopkg.in/DataDog/dd-trace-go.v1/datastreams/options
+gopkg.in/DataDog/dd-trace-go.v1/ddtrace
+gopkg.in/DataDog/dd-trace-go.v1/ddtrace/ext
+gopkg.in/DataDog/dd-trace-go.v1/ddtrace/internal
+gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer
+gopkg.in/DataDog/dd-trace-go.v1/internal
+gopkg.in/DataDog/dd-trace-go.v1/internal/appsec
+gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/dyngo
+gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/dyngo/instrumentation
+gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/dyngo/instrumentation/grpcsec
+gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/dyngo/instrumentation/httpsec
+gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/dyngo/instrumentation/sharedsec
+gopkg.in/DataDog/dd-trace-go.v1/internal/datastreams
+gopkg.in/DataDog/dd-trace-go.v1/internal/globalconfig
+gopkg.in/DataDog/dd-trace-go.v1/internal/hostname
+gopkg.in/DataDog/dd-trace-go.v1/internal/hostname/azure
+gopkg.in/DataDog/dd-trace-go.v1/internal/hostname/cachedfetch
+gopkg.in/DataDog/dd-trace-go.v1/internal/hostname/ec2
+gopkg.in/DataDog/dd-trace-go.v1/internal/hostname/ecs
+gopkg.in/DataDog/dd-trace-go.v1/internal/hostname/gce
+gopkg.in/DataDog/dd-trace-go.v1/internal/hostname/httputils
+gopkg.in/DataDog/dd-trace-go.v1/internal/hostname/validate
+gopkg.in/DataDog/dd-trace-go.v1/internal/log
+gopkg.in/DataDog/dd-trace-go.v1/internal/namingschema
+gopkg.in/DataDog/dd-trace-go.v1/internal/normalizer
+gopkg.in/DataDog/dd-trace-go.v1/internal/osinfo
+gopkg.in/DataDog/dd-trace-go.v1/internal/remoteconfig
+gopkg.in/DataDog/dd-trace-go.v1/internal/samplernames
+gopkg.in/DataDog/dd-trace-go.v1/internal/telemetry
+gopkg.in/DataDog/dd-trace-go.v1/internal/traceprof
+gopkg.in/DataDog/dd-trace-go.v1/internal/version
+# gopkg.in/go-jose/go-jose.v2 v2.6.1
+## explicit
+gopkg.in/go-jose/go-jose.v2
+gopkg.in/go-jose/go-jose.v2/cipher
+gopkg.in/go-jose/go-jose.v2/json
 # gopkg.in/inf.v0 v0.9.1
 ## explicit
 gopkg.in/inf.v0
@@ -2030,7 +2229,10 @@ helm.sh/helm/v3/pkg/storage
 helm.sh/helm/v3/pkg/storage/driver
 helm.sh/helm/v3/pkg/time
 helm.sh/helm/v3/pkg/uploader
-# k8s.io/api v0.27.3
+# inet.af/netaddr v0.0.0-20230525184311-b8eac61e914a
+## explicit; go 1.12
+inet.af/netaddr
+# k8s.io/api v0.28.3
 ## explicit; go 1.20
 k8s.io/api/admission/v1
 k8s.io/api/admission/v1beta1
@@ -2097,7 +2299,7 @@ k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset
 k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset/scheme
 k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset/typed/apiextensions/v1
 k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset/typed/apiextensions/v1beta1
-# k8s.io/apimachinery v0.27.3
+# k8s.io/apimachinery v0.28.3
 ## explicit; go 1.20
 k8s.io/apimachinery/pkg/api/equality
 k8s.io/apimachinery/pkg/api/errors
@@ -2128,6 +2330,7 @@ k8s.io/apimachinery/pkg/selection
 k8s.io/apimachinery/pkg/types
 k8s.io/apimachinery/pkg/util/cache
 k8s.io/apimachinery/pkg/util/diff
+k8s.io/apimachinery/pkg/util/dump
 k8s.io/apimachinery/pkg/util/duration
 k8s.io/apimachinery/pkg/util/errors
 k8s.io/apimachinery/pkg/util/framer
@@ -2164,7 +2367,7 @@ k8s.io/apiserver/pkg/endpoints/deprecation
 k8s.io/cli-runtime/pkg/genericclioptions
 k8s.io/cli-runtime/pkg/printers
 k8s.io/cli-runtime/pkg/resource
-# k8s.io/client-go v0.27.3
+# k8s.io/client-go v0.28.3
 ## explicit; go 1.20
 k8s.io/client-go/applyconfigurations/admissionregistration/v1
 k8s.io/client-go/applyconfigurations/admissionregistration/v1alpha1
@@ -2330,7 +2533,7 @@ k8s.io/client-go/util/workqueue
 k8s.io/component-base/config
 k8s.io/component-base/config/v1alpha1
 k8s.io/component-base/version
-# k8s.io/gengo v0.0.0-20220902162205-c0856e24416d
+# k8s.io/gengo v0.0.0-20230829151522-9cce18d56c01
 ## explicit; go 1.13
 k8s.io/gengo/parser
 k8s.io/gengo/types
@@ -2345,17 +2548,14 @@ k8s.io/klog/v2/internal/clock
 k8s.io/klog/v2/internal/dbg
 k8s.io/klog/v2/internal/serialize
 k8s.io/klog/v2/internal/severity
-# k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f
+# k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00
 ## explicit; go 1.19
-k8s.io/kube-openapi/pkg/builder3/util
 k8s.io/kube-openapi/pkg/cached
 k8s.io/kube-openapi/pkg/common
 k8s.io/kube-openapi/pkg/handler3
 k8s.io/kube-openapi/pkg/internal
 k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json
-k8s.io/kube-openapi/pkg/openapiconv
 k8s.io/kube-openapi/pkg/schemaconv
-k8s.io/kube-openapi/pkg/schemamutation
 k8s.io/kube-openapi/pkg/spec3
 k8s.io/kube-openapi/pkg/util/proto
 k8s.io/kube-openapi/pkg/util/proto/validation
@@ -2370,7 +2570,7 @@ k8s.io/kubectl/pkg/util/openapi
 k8s.io/kubectl/pkg/util/templates
 k8s.io/kubectl/pkg/util/term
 k8s.io/kubectl/pkg/validation
-# k8s.io/utils v0.0.0-20230406110748-d93618cff8a2
+# k8s.io/utils v0.0.0-20230726121419-3b25d923346b
 ## explicit; go 1.18
 k8s.io/utils/buffer
 k8s.io/utils/clock
@@ -2380,6 +2580,7 @@ k8s.io/utils/integer
 k8s.io/utils/internal/third_party/forked/golang/net
 k8s.io/utils/net
 k8s.io/utils/pointer
+k8s.io/utils/ptr
 k8s.io/utils/strings/slices
 k8s.io/utils/trace
 # oras.land/oras-go v1.2.3
@@ -2534,19 +2735,20 @@ sigs.k8s.io/kustomize/kyaml/yaml/merge2
 sigs.k8s.io/kustomize/kyaml/yaml/merge3
 sigs.k8s.io/kustomize/kyaml/yaml/schema
 sigs.k8s.io/kustomize/kyaml/yaml/walk
-# sigs.k8s.io/release-utils v0.7.4
-## explicit; go 1.19
+# sigs.k8s.io/release-utils v0.7.6
+## explicit; go 1.20
 sigs.k8s.io/release-utils/version
-# sigs.k8s.io/structured-merge-diff/v4 v4.2.3
+# sigs.k8s.io/structured-merge-diff/v4 v4.3.0
 ## explicit; go 1.13
 sigs.k8s.io/structured-merge-diff/v4/fieldpath
 sigs.k8s.io/structured-merge-diff/v4/merge
 sigs.k8s.io/structured-merge-diff/v4/schema
 sigs.k8s.io/structured-merge-diff/v4/typed
 sigs.k8s.io/structured-merge-diff/v4/value
-# sigs.k8s.io/yaml v1.3.0
+# sigs.k8s.io/yaml v1.4.0
 ## explicit; go 1.12
 sigs.k8s.io/yaml
+sigs.k8s.io/yaml/goyaml.v2
 # github.com/gardener/landscaper/apis => ./apis
 # github.com/gardener/landscaper/controller-utils => ./controller-utils
 # github.com/googleapis/gnostic => github.com/googleapis/gnostic v0.4.1
diff --git a/vendor/sigs.k8s.io/release-utils/version/version.go b/vendor/sigs.k8s.io/release-utils/version/version.go
index 46dd1dc8a..86de4f154 100644
--- a/vendor/sigs.k8s.io/release-utils/version/version.go
+++ b/vendor/sigs.k8s.io/release-utils/version/version.go
@@ -23,6 +23,7 @@ import (
 	"runtime"
 	"runtime/debug"
 	"strings"
+	"sync"
 	"text/tabwriter"
 	"time"
 
@@ -53,6 +54,9 @@ var (
 	compiler = unknown
 	// platform is the used os/arch identifier.
 	platform = unknown
+
+	once sync.Once
+	info = Info{}
 )
 
 type Info struct {
@@ -129,42 +133,46 @@ func getKey(bi *debug.BuildInfo, key string) string {
 
 // GetVersionInfo represents known information on how this binary was built.
 func GetVersionInfo() Info {
-	buildInfo := getBuildInfo()
-	gitVersion = getGitVersion(buildInfo)
-	if gitCommit == unknown {
-		gitCommit = getCommit(buildInfo)
-	}
+	once.Do(func() {
+		buildInfo := getBuildInfo()
+		gitVersion = getGitVersion(buildInfo)
+		if gitCommit == unknown {
+			gitCommit = getCommit(buildInfo)
+		}
 
-	if gitTreeState == unknown {
-		gitTreeState = getDirty(buildInfo)
-	}
+		if gitTreeState == unknown {
+			gitTreeState = getDirty(buildInfo)
+		}
 
-	if buildDate == unknown {
-		buildDate = getBuildDate(buildInfo)
-	}
+		if buildDate == unknown {
+			buildDate = getBuildDate(buildInfo)
+		}
 
-	if goVersion == unknown {
-		goVersion = runtime.Version()
-	}
+		if goVersion == unknown {
+			goVersion = runtime.Version()
+		}
 
-	if compiler == unknown {
-		compiler = runtime.Compiler
-	}
+		if compiler == unknown {
+			compiler = runtime.Compiler
+		}
 
-	if platform == unknown {
-		platform = fmt.Sprintf("%s/%s", runtime.GOOS, runtime.GOARCH)
-	}
+		if platform == unknown {
+			platform = fmt.Sprintf("%s/%s", runtime.GOOS, runtime.GOARCH)
+		}
 
-	return Info{
-		ASCIIName:    asciiName,
-		GitVersion:   gitVersion,
-		GitCommit:    gitCommit,
-		GitTreeState: gitTreeState,
-		BuildDate:    buildDate,
-		GoVersion:    goVersion,
-		Compiler:     compiler,
-		Platform:     platform,
-	}
+		info = Info{
+			ASCIIName:    asciiName,
+			GitVersion:   gitVersion,
+			GitCommit:    gitCommit,
+			GitTreeState: gitTreeState,
+			BuildDate:    buildDate,
+			GoVersion:    goVersion,
+			Compiler:     compiler,
+			Platform:     platform,
+		}
+	})
+
+	return info
 }
 
 // String returns the string representation of the version info
diff --git a/vendor/sigs.k8s.io/structured-merge-diff/v4/merge/conflict.go b/vendor/sigs.k8s.io/structured-merge-diff/v4/merge/conflict.go
index 75a492d8e..f1aa25860 100644
--- a/vendor/sigs.k8s.io/structured-merge-diff/v4/merge/conflict.go
+++ b/vendor/sigs.k8s.io/structured-merge-diff/v4/merge/conflict.go
@@ -112,7 +112,7 @@ func ConflictsFromManagers(sets fieldpath.ManagedFields) Conflicts {
 		set.Set().Iterate(func(p fieldpath.Path) {
 			conflicts = append(conflicts, Conflict{
 				Manager: manager,
-				Path:    p,
+				Path:    p.Copy(),
 			})
 		})
 	}
diff --git a/vendor/sigs.k8s.io/structured-merge-diff/v4/merge/update.go b/vendor/sigs.k8s.io/structured-merge-diff/v4/merge/update.go
index 1b23dcbd5..e1540841d 100644
--- a/vendor/sigs.k8s.io/structured-merge-diff/v4/merge/update.go
+++ b/vendor/sigs.k8s.io/structured-merge-diff/v4/merge/update.go
@@ -18,6 +18,7 @@ import (
 
 	"sigs.k8s.io/structured-merge-diff/v4/fieldpath"
 	"sigs.k8s.io/structured-merge-diff/v4/typed"
+	"sigs.k8s.io/structured-merge-diff/v4/value"
 )
 
 // Converter is an interface to the conversion logic. The converter
@@ -27,17 +28,50 @@ type Converter interface {
 	IsMissingVersionError(error) bool
 }
 
+// UpdateBuilder allows you to create a new Updater by exposing all of
+// the options and setting them once.
+type UpdaterBuilder struct {
+	Converter     Converter
+	IgnoredFields map[fieldpath.APIVersion]*fieldpath.Set
+
+	EnableUnions bool
+
+	// Stop comparing the new object with old object after applying.
+	// This was initially used to avoid spurious etcd update, but
+	// since that's vastly inefficient, we've come-up with a better
+	// way of doing that. Create this flag to stop it.
+	// Comparing has become more expensive too now that we're not using
+	// `Compare` but `value.Equals` so this gives an option to avoid it.
+	ReturnInputOnNoop bool
+}
+
+func (u *UpdaterBuilder) BuildUpdater() *Updater {
+	return &Updater{
+		Converter:         u.Converter,
+		IgnoredFields:     u.IgnoredFields,
+		enableUnions:      u.EnableUnions,
+		returnInputOnNoop: u.ReturnInputOnNoop,
+	}
+}
+
 // Updater is the object used to compute updated FieldSets and also
 // merge the object on Apply.
 type Updater struct {
-	Converter     Converter
+	// Deprecated: This will eventually become private.
+	Converter Converter
+
+	// Deprecated: This will eventually become private.
 	IgnoredFields map[fieldpath.APIVersion]*fieldpath.Set
 
 	enableUnions bool
+
+	returnInputOnNoop bool
 }
 
 // EnableUnionFeature turns on union handling. It is disabled by default until the
 // feature is complete.
+//
+// Deprecated: Use the builder instead.
 func (s *Updater) EnableUnionFeature() {
 	s.enableUnions = true
 }
@@ -157,8 +191,7 @@ func (s *Updater) Update(liveObject, newObject *typed.TypedValue, version fieldp
 
 // Apply should be called when Apply is run, given the current object as
 // well as the configuration that is applied. This will merge the object
-// and return it. If the object hasn't changed, nil is returned (the
-// managers can still have changed though).
+// and return it.
 func (s *Updater) Apply(liveObject, configObject *typed.TypedValue, version fieldpath.APIVersion, managers fieldpath.ManagedFields, manager string, force bool) (*typed.TypedValue, fieldpath.ManagedFields, error) {
 	var err error
 	managers, err = s.reconcileManagedFieldsWithSchemaChanges(liveObject, managers)
@@ -200,11 +233,11 @@ func (s *Updater) Apply(liveObject, configObject *typed.TypedValue, version fiel
 	if err != nil {
 		return nil, fieldpath.ManagedFields{}, fmt.Errorf("failed to prune fields: %v", err)
 	}
-	managers, compare, err := s.update(liveObject, newObject, version, managers, manager, force)
+	managers, _, err = s.update(liveObject, newObject, version, managers, manager, force)
 	if err != nil {
 		return nil, fieldpath.ManagedFields{}, err
 	}
-	if compare.IsSame() {
+	if !s.returnInputOnNoop && value.EqualsUsing(value.NewFreelistAllocator(), liveObject.AsValue(), newObject.AsValue()) {
 		newObject = nil
 	}
 	return newObject, managers, nil
@@ -218,7 +251,8 @@ func (s *Updater) prune(merged *typed.TypedValue, managers fieldpath.ManagedFiel
 	if lastSet == nil || lastSet.Set().Empty() {
 		return merged, nil
 	}
-	convertedMerged, err := s.Converter.Convert(merged, lastSet.APIVersion())
+	version := lastSet.APIVersion()
+	convertedMerged, err := s.Converter.Convert(merged, version)
 	if err != nil {
 		if s.Converter.IsMissingVersionError(err) {
 			return merged, nil
@@ -228,7 +262,7 @@ func (s *Updater) prune(merged *typed.TypedValue, managers fieldpath.ManagedFiel
 
 	sc, tr := convertedMerged.Schema(), convertedMerged.TypeRef()
 	pruned := convertedMerged.RemoveItems(lastSet.Set().EnsureNamedFieldsAreMembers(sc, tr))
-	pruned, err = s.addBackOwnedItems(convertedMerged, pruned, managers, applyingManager)
+	pruned, err = s.addBackOwnedItems(convertedMerged, pruned, version, managers, applyingManager)
 	if err != nil {
 		return nil, fmt.Errorf("failed add back owned items: %v", err)
 	}
@@ -241,7 +275,7 @@ func (s *Updater) prune(merged *typed.TypedValue, managers fieldpath.ManagedFiel
 
 // addBackOwnedItems adds back any fields, list and map items that were removed by prune,
 // but other appliers or updaters (or the current applier's new config) claim to own.
-func (s *Updater) addBackOwnedItems(merged, pruned *typed.TypedValue, managedFields fieldpath.ManagedFields, applyingManager string) (*typed.TypedValue, error) {
+func (s *Updater) addBackOwnedItems(merged, pruned *typed.TypedValue, prunedVersion fieldpath.APIVersion, managedFields fieldpath.ManagedFields, applyingManager string) (*typed.TypedValue, error) {
 	var err error
 	managedAtVersion := map[fieldpath.APIVersion]*fieldpath.Set{}
 	for _, managerSet := range managedFields {
@@ -252,7 +286,6 @@ func (s *Updater) addBackOwnedItems(merged, pruned *typed.TypedValue, managedFie
 	}
 	// Add back owned items at pruned version first to avoid conversion failure
 	// caused by pruned fields which are required for conversion.
-	prunedVersion := fieldpath.APIVersion(*pruned.TypeRef().NamedType)
 	if managed, ok := managedAtVersion[prunedVersion]; ok {
 		merged, pruned, err = s.addBackOwnedItemsForVersion(merged, pruned, prunedVersion, managed)
 		if err != nil {
diff --git a/vendor/sigs.k8s.io/structured-merge-diff/v4/schema/elements.go b/vendor/sigs.k8s.io/structured-merge-diff/v4/schema/elements.go
index 7e5dc7582..5d3707a5b 100644
--- a/vendor/sigs.k8s.io/structured-merge-diff/v4/schema/elements.go
+++ b/vendor/sigs.k8s.io/structured-merge-diff/v4/schema/elements.go
@@ -73,7 +73,7 @@ type Atom struct {
 }
 
 // Scalar (AKA "primitive") represents a type which has a single value which is
-// either numeric, string, or boolean.
+// either numeric, string, or boolean, or untyped for any of them.
 //
 // TODO: split numeric into float/int? Something even more fine-grained?
 type Scalar string
@@ -82,6 +82,7 @@ const (
 	Numeric = Scalar("numeric")
 	String  = Scalar("string")
 	Boolean = Scalar("boolean")
+	Untyped = Scalar("untyped")
 )
 
 // ElementRelationship is an enum of the different possible relationships
diff --git a/vendor/sigs.k8s.io/structured-merge-diff/v4/schema/schemaschema.go b/vendor/sigs.k8s.io/structured-merge-diff/v4/schema/schemaschema.go
index 7d64d1308..e4c5caa2a 100644
--- a/vendor/sigs.k8s.io/structured-merge-diff/v4/schema/schemaschema.go
+++ b/vendor/sigs.k8s.io/structured-merge-diff/v4/schema/schemaschema.go
@@ -110,7 +110,7 @@ var SchemaSchemaYAML = `types:
         scalar: string
     - name: deduceInvalidDiscriminator
       type:
-        scalar: bool
+        scalar: boolean
     - name: fields
       type:
         list:
diff --git a/vendor/sigs.k8s.io/structured-merge-diff/v4/typed/merge.go b/vendor/sigs.k8s.io/structured-merge-diff/v4/typed/merge.go
index 913644083..09209ec82 100644
--- a/vendor/sigs.k8s.io/structured-merge-diff/v4/typed/merge.go
+++ b/vendor/sigs.k8s.io/structured-merge-diff/v4/typed/merge.go
@@ -113,11 +113,12 @@ func (w *mergingWalker) doLeaf() {
 	w.rule(w)
 }
 
-func (w *mergingWalker) doScalar(t *schema.Scalar) (errs ValidationErrors) {
-	errs = append(errs, validateScalar(t, w.lhs, "lhs: ")...)
-	errs = append(errs, validateScalar(t, w.rhs, "rhs: ")...)
-	if len(errs) > 0 {
-		return errs
+func (w *mergingWalker) doScalar(t *schema.Scalar) ValidationErrors {
+	// Make sure at least one side is a valid scalar.
+	lerrs := validateScalar(t, w.lhs, "lhs: ")
+	rerrs := validateScalar(t, w.rhs, "rhs: ")
+	if len(lerrs) > 0 && len(rerrs) > 0 {
+		return append(lerrs, rerrs...)
 	}
 
 	// All scalars are leaf fields.
diff --git a/vendor/sigs.k8s.io/structured-merge-diff/v4/typed/typed.go b/vendor/sigs.k8s.io/structured-merge-diff/v4/typed/typed.go
index d63a97fe2..6411bd51a 100644
--- a/vendor/sigs.k8s.io/structured-merge-diff/v4/typed/typed.go
+++ b/vendor/sigs.k8s.io/structured-merge-diff/v4/typed/typed.go
@@ -45,6 +45,10 @@ func AsTyped(v value.Value, s *schema.Schema, typeRef schema.TypeRef) (*TypedVal
 // conforms to the schema, for cases where that has already been checked or
 // where you're going to call a method that validates as a side-effect (like
 // ToFieldSet).
+//
+// Deprecated: This function was initially created because validation
+// was expensive. Now that this has been solved, objects should always
+// be created as validated, using `AsTyped`.
 func AsTypedUnvalidated(v value.Value, s *schema.Schema, typeRef schema.TypeRef) *TypedValue {
 	tv := &TypedValue{
 		value:   v,
@@ -125,12 +129,13 @@ func (tv TypedValue) Compare(rhs *TypedValue) (c *Comparison, err error) {
 		Modified: fieldpath.NewSet(),
 		Added:    fieldpath.NewSet(),
 	}
+	a := value.NewFreelistAllocator()
 	_, err = merge(&tv, rhs, func(w *mergingWalker) {
 		if w.lhs == nil {
 			c.Added.Insert(w.path)
 		} else if w.rhs == nil {
 			c.Removed.Insert(w.path)
-		} else if !value.Equals(w.rhs, w.lhs) {
+		} else if !value.EqualsUsing(a, w.rhs, w.lhs) {
 			// TODO: Equality is not sufficient for this.
 			// Need to implement equality check on the value type.
 			c.Modified.Insert(w.path)
diff --git a/vendor/sigs.k8s.io/structured-merge-diff/v4/typed/validate.go b/vendor/sigs.k8s.io/structured-merge-diff/v4/typed/validate.go
index 378d30219..edddbafa4 100644
--- a/vendor/sigs.k8s.io/structured-merge-diff/v4/typed/validate.go
+++ b/vendor/sigs.k8s.io/structured-merge-diff/v4/typed/validate.go
@@ -102,6 +102,12 @@ func validateScalar(t *schema.Scalar, v value.Value, prefix string) (errs Valida
 		if !v.IsBool() {
 			return errorf("%vexpected boolean, got %v", prefix, v)
 		}
+	case schema.Untyped:
+		if !v.IsFloat() && !v.IsInt() && !v.IsString() && !v.IsBool() {
+			return errorf("%vexpected any scalar, got %v", prefix, v)
+		}
+	default:
+		return errorf("%vunexpected scalar type in schema: %v", prefix, *t)
 	}
 	return nil
 }
diff --git a/vendor/sigs.k8s.io/structured-merge-diff/v4/value/mapreflect.go b/vendor/sigs.k8s.io/structured-merge-diff/v4/value/mapreflect.go
index dc8b8c720..c38402b99 100644
--- a/vendor/sigs.k8s.io/structured-merge-diff/v4/value/mapreflect.go
+++ b/vendor/sigs.k8s.io/structured-merge-diff/v4/value/mapreflect.go
@@ -136,7 +136,7 @@ func (r mapReflect) EqualsUsing(a Allocator, m Map) bool {
 		if !ok {
 			return false
 		}
-		return Equals(vr.mustReuse(lhsVal, entry, nil, nil), value)
+		return EqualsUsing(a, vr.mustReuse(lhsVal, entry, nil, nil), value)
 	})
 }
 
diff --git a/vendor/sigs.k8s.io/structured-merge-diff/v4/value/mapunstructured.go b/vendor/sigs.k8s.io/structured-merge-diff/v4/value/mapunstructured.go
index d8e208628..c3ae00b18 100644
--- a/vendor/sigs.k8s.io/structured-merge-diff/v4/value/mapunstructured.go
+++ b/vendor/sigs.k8s.io/structured-merge-diff/v4/value/mapunstructured.go
@@ -88,12 +88,12 @@ func (m mapUnstructuredInterface) EqualsUsing(a Allocator, other Map) bool {
 	}
 	vv := a.allocValueUnstructured()
 	defer a.Free(vv)
-	return other.Iterate(func(key string, value Value) bool {
+	return other.IterateUsing(a, func(key string, value Value) bool {
 		lhsVal, ok := m[key]
 		if !ok {
 			return false
 		}
-		return Equals(vv.reuse(lhsVal), value)
+		return EqualsUsing(a, vv.reuse(lhsVal), value)
 	})
 }
 
@@ -168,12 +168,12 @@ func (m mapUnstructuredString) EqualsUsing(a Allocator, other Map) bool {
 	}
 	vv := a.allocValueUnstructured()
 	defer a.Free(vv)
-	return other.Iterate(func(key string, value Value) bool {
+	return other.IterateUsing(a, func(key string, value Value) bool {
 		lhsVal, ok := m[key]
 		if !ok {
 			return false
 		}
-		return Equals(vv.reuse(lhsVal), value)
+		return EqualsUsing(a, vv.reuse(lhsVal), value)
 	})
 }
 
diff --git a/vendor/sigs.k8s.io/structured-merge-diff/v4/value/reflectcache.go b/vendor/sigs.k8s.io/structured-merge-diff/v4/value/reflectcache.go
index a5a467c0f..f0d58d42c 100644
--- a/vendor/sigs.k8s.io/structured-merge-diff/v4/value/reflectcache.go
+++ b/vendor/sigs.k8s.io/structured-merge-diff/v4/value/reflectcache.go
@@ -154,7 +154,9 @@ func buildStructCacheEntry(t reflect.Type, infos map[string]*FieldCacheEntry, fi
 			if field.Type.Kind() == reflect.Ptr {
 				e = field.Type.Elem()
 			}
-			buildStructCacheEntry(e, infos, append(fieldPath, field.Index))
+			if e.Kind() == reflect.Struct {
+				buildStructCacheEntry(e, infos, append(fieldPath, field.Index))
+			}
 			continue
 		}
 		info := &FieldCacheEntry{JsonName: jsonName, isOmitEmpty: isOmitempty, fieldPath: append(fieldPath, field.Index), fieldType: field.Type}
diff --git a/vendor/sigs.k8s.io/yaml/LICENSE b/vendor/sigs.k8s.io/yaml/LICENSE
index 7805d36de..093d6d3ed 100644
--- a/vendor/sigs.k8s.io/yaml/LICENSE
+++ b/vendor/sigs.k8s.io/yaml/LICENSE
@@ -48,3 +48,259 @@ DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+# The forked go-yaml.v3 library under this project is covered by two
+different licenses (MIT and Apache):
+
+#### MIT License ####
+
+The following files were ported to Go from C files of libyaml, and thus
+are still covered by their original MIT license, with the additional
+copyright staring in 2011 when the project was ported over:
+
+    apic.go emitterc.go parserc.go readerc.go scannerc.go
+    writerc.go yamlh.go yamlprivateh.go
+
+Copyright (c) 2006-2010 Kirill Simonov
+Copyright (c) 2006-2011 Kirill Simonov
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of
+this software and associated documentation files (the "Software"), to deal in
+the Software without restriction, including without limitation the rights to
+use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
+of the Software, and to permit persons to whom the Software is furnished to do
+so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+
+### Apache License ###
+
+All the remaining project files are covered by the Apache license:
+
+Copyright (c) 2011-2019 Canonical Ltd
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+# The forked go-yaml.v2 library under the project is covered by an
+Apache license:
+
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "{}"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright {yyyy} {name of copyright owner}
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
diff --git a/vendor/sigs.k8s.io/yaml/OWNERS b/vendor/sigs.k8s.io/yaml/OWNERS
index 325b40b07..003a149e1 100644
--- a/vendor/sigs.k8s.io/yaml/OWNERS
+++ b/vendor/sigs.k8s.io/yaml/OWNERS
@@ -2,26 +2,22 @@
 
 approvers:
 - dims
-- lavalamp
+- jpbetz
 - smarterclayton
 - deads2k
 - sttts
 - liggitt
-- caesarxuchao
 reviewers:
 - dims
 - thockin
-- lavalamp
+- jpbetz
 - smarterclayton
 - wojtek-t
 - deads2k
 - derekwaynecarr
-- caesarxuchao
 - mikedanese
 - liggitt
-- gmarek
 - sttts
-- ncdc
 - tallclair
 labels:
 - sig/api-machinery
diff --git a/vendor/sigs.k8s.io/yaml/fields.go b/vendor/sigs.k8s.io/yaml/fields.go
index 235b7f2cf..0ea28bd03 100644
--- a/vendor/sigs.k8s.io/yaml/fields.go
+++ b/vendor/sigs.k8s.io/yaml/fields.go
@@ -16,53 +16,53 @@ import (
 	"unicode/utf8"
 )
 
-// indirect walks down v allocating pointers as needed,
+// indirect walks down 'value' allocating pointers as needed,
 // until it gets to a non-pointer.
 // if it encounters an Unmarshaler, indirect stops and returns that.
 // if decodingNull is true, indirect stops at the last pointer so it can be set to nil.
-func indirect(v reflect.Value, decodingNull bool) (json.Unmarshaler, encoding.TextUnmarshaler, reflect.Value) {
-	// If v is a named type and is addressable,
+func indirect(value reflect.Value, decodingNull bool) (json.Unmarshaler, encoding.TextUnmarshaler, reflect.Value) {
+	// If 'value' is a named type and is addressable,
 	// start with its address, so that if the type has pointer methods,
 	// we find them.
-	if v.Kind() != reflect.Ptr && v.Type().Name() != "" && v.CanAddr() {
-		v = v.Addr()
+	if value.Kind() != reflect.Ptr && value.Type().Name() != "" && value.CanAddr() {
+		value = value.Addr()
 	}
 	for {
 		// Load value from interface, but only if the result will be
 		// usefully addressable.
-		if v.Kind() == reflect.Interface && !v.IsNil() {
-			e := v.Elem()
-			if e.Kind() == reflect.Ptr && !e.IsNil() && (!decodingNull || e.Elem().Kind() == reflect.Ptr) {
-				v = e
+		if value.Kind() == reflect.Interface && !value.IsNil() {
+			element := value.Elem()
+			if element.Kind() == reflect.Ptr && !element.IsNil() && (!decodingNull || element.Elem().Kind() == reflect.Ptr) {
+				value = element
 				continue
 			}
 		}
 
-		if v.Kind() != reflect.Ptr {
+		if value.Kind() != reflect.Ptr {
 			break
 		}
 
-		if v.Elem().Kind() != reflect.Ptr && decodingNull && v.CanSet() {
+		if value.Elem().Kind() != reflect.Ptr && decodingNull && value.CanSet() {
 			break
 		}
-		if v.IsNil() {
-			if v.CanSet() {
-				v.Set(reflect.New(v.Type().Elem()))
+		if value.IsNil() {
+			if value.CanSet() {
+				value.Set(reflect.New(value.Type().Elem()))
 			} else {
-				v = reflect.New(v.Type().Elem())
+				value = reflect.New(value.Type().Elem())
 			}
 		}
-		if v.Type().NumMethod() > 0 {
-			if u, ok := v.Interface().(json.Unmarshaler); ok {
+		if value.Type().NumMethod() > 0 {
+			if u, ok := value.Interface().(json.Unmarshaler); ok {
 				return u, nil, reflect.Value{}
 			}
-			if u, ok := v.Interface().(encoding.TextUnmarshaler); ok {
+			if u, ok := value.Interface().(encoding.TextUnmarshaler); ok {
 				return nil, u, reflect.Value{}
 			}
 		}
-		v = v.Elem()
+		value = value.Elem()
 	}
-	return nil, nil, v
+	return nil, nil, value
 }
 
 // A field represents a single field found in a struct.
@@ -134,8 +134,8 @@ func typeFields(t reflect.Type) []field {
 	next := []field{{typ: t}}
 
 	// Count of queued names for current level and the next.
-	count := map[reflect.Type]int{}
-	nextCount := map[reflect.Type]int{}
+	var count map[reflect.Type]int
+	var nextCount map[reflect.Type]int
 
 	// Types already visited at an earlier level.
 	visited := map[reflect.Type]bool{}
@@ -348,8 +348,9 @@ const (
 // 4) simpleLetterEqualFold, no specials, no non-letters.
 //
 // The letters S and K are special because they map to 3 runes, not just 2:
-//  * S maps to s and to U+017F 'ſ' Latin small letter long s
-//  * k maps to K and to U+212A 'K' Kelvin sign
+//   - S maps to s and to U+017F 'ſ' Latin small letter long s
+//   - k maps to K and to U+212A 'K' Kelvin sign
+//
 // See http://play.golang.org/p/tTxjOc0OGo
 //
 // The returned function is specialized for matching against s and
@@ -420,10 +421,8 @@ func equalFoldRight(s, t []byte) bool {
 		t = t[size:]
 
 	}
-	if len(t) > 0 {
-		return false
-	}
-	return true
+
+	return len(t) <= 0
 }
 
 // asciiEqualFold is a specialization of bytes.EqualFold for use when
diff --git a/vendor/sigs.k8s.io/yaml/goyaml.v2/LICENSE b/vendor/sigs.k8s.io/yaml/goyaml.v2/LICENSE
new file mode 100644
index 000000000..8dada3eda
--- /dev/null
+++ b/vendor/sigs.k8s.io/yaml/goyaml.v2/LICENSE
@@ -0,0 +1,201 @@
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "{}"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright {yyyy} {name of copyright owner}
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
diff --git a/vendor/sigs.k8s.io/yaml/goyaml.v2/LICENSE.libyaml b/vendor/sigs.k8s.io/yaml/goyaml.v2/LICENSE.libyaml
new file mode 100644
index 000000000..8da58fbf6
--- /dev/null
+++ b/vendor/sigs.k8s.io/yaml/goyaml.v2/LICENSE.libyaml
@@ -0,0 +1,31 @@
+The following files were ported to Go from C files of libyaml, and thus
+are still covered by their original copyright and license:
+
+    apic.go
+    emitterc.go
+    parserc.go
+    readerc.go
+    scannerc.go
+    writerc.go
+    yamlh.go
+    yamlprivateh.go
+
+Copyright (c) 2006 Kirill Simonov
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of
+this software and associated documentation files (the "Software"), to deal in
+the Software without restriction, including without limitation the rights to
+use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
+of the Software, and to permit persons to whom the Software is furnished to do
+so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/vendor/sigs.k8s.io/yaml/goyaml.v2/NOTICE b/vendor/sigs.k8s.io/yaml/goyaml.v2/NOTICE
new file mode 100644
index 000000000..866d74a7a
--- /dev/null
+++ b/vendor/sigs.k8s.io/yaml/goyaml.v2/NOTICE
@@ -0,0 +1,13 @@
+Copyright 2011-2016 Canonical Ltd.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
diff --git a/vendor/sigs.k8s.io/yaml/goyaml.v2/OWNERS b/vendor/sigs.k8s.io/yaml/goyaml.v2/OWNERS
new file mode 100644
index 000000000..73be0a3a9
--- /dev/null
+++ b/vendor/sigs.k8s.io/yaml/goyaml.v2/OWNERS
@@ -0,0 +1,24 @@
+# See the OWNERS docs at https://go.k8s.io/owners
+
+approvers:
+- dims
+- jpbetz
+- smarterclayton
+- deads2k
+- sttts
+- liggitt
+- natasha41575
+- knverey
+reviewers:
+- dims
+- thockin
+- jpbetz
+- smarterclayton
+- deads2k
+- derekwaynecarr
+- mikedanese
+- liggitt
+- sttts
+- tallclair
+labels:
+- sig/api-machinery
diff --git a/vendor/sigs.k8s.io/yaml/goyaml.v2/README.md b/vendor/sigs.k8s.io/yaml/goyaml.v2/README.md
new file mode 100644
index 000000000..53f4139dc
--- /dev/null
+++ b/vendor/sigs.k8s.io/yaml/goyaml.v2/README.md
@@ -0,0 +1,143 @@
+# go-yaml fork
+
+This package is a fork of the go-yaml library and is intended solely for consumption
+by kubernetes projects. In this fork, we plan to support only critical changes required for
+kubernetes, such as small bug fixes and regressions. Larger, general-purpose feature requests
+should be made in the upstream go-yaml library, and we will reject such changes in this fork
+unless we are pulling them from upstream.
+
+This fork is based on v2.4.0: https://github.com/go-yaml/yaml/releases/tag/v2.4.0
+
+# YAML support for the Go language
+
+Introduction
+------------
+
+The yaml package enables Go programs to comfortably encode and decode YAML
+values. It was developed within [Canonical](https://www.canonical.com) as
+part of the [juju](https://juju.ubuntu.com) project, and is based on a
+pure Go port of the well-known [libyaml](http://pyyaml.org/wiki/LibYAML)
+C library to parse and generate YAML data quickly and reliably.
+
+Compatibility
+-------------
+
+The yaml package supports most of YAML 1.1 and 1.2, including support for
+anchors, tags, map merging, etc. Multi-document unmarshalling is not yet
+implemented, and base-60 floats from YAML 1.1 are purposefully not
+supported since they're a poor design and are gone in YAML 1.2.
+
+Installation and usage
+----------------------
+
+The import path for the package is *gopkg.in/yaml.v2*.
+
+To install it, run:
+
+    go get gopkg.in/yaml.v2
+
+API documentation
+-----------------
+
+If opened in a browser, the import path itself leads to the API documentation:
+
+  * [https://gopkg.in/yaml.v2](https://gopkg.in/yaml.v2)
+
+API stability
+-------------
+
+The package API for yaml v2 will remain stable as described in [gopkg.in](https://gopkg.in).
+
+
+License
+-------
+
+The yaml package is licensed under the Apache License 2.0. Please see the LICENSE file for details.
+
+
+Example
+-------
+
+```Go
+package main
+
+import (
+        "fmt"
+        "log"
+
+        "gopkg.in/yaml.v2"
+)
+
+var data = `
+a: Easy!
+b:
+  c: 2
+  d: [3, 4]
+`
+
+// Note: struct fields must be public in order for unmarshal to
+// correctly populate the data.
+type T struct {
+        A string
+        B struct {
+                RenamedC int   `yaml:"c"`
+                D        []int `yaml:",flow"`
+        }
+}
+
+func main() {
+        t := T{}
+    
+        err := yaml.Unmarshal([]byte(data), &t)
+        if err != nil {
+                log.Fatalf("error: %v", err)
+        }
+        fmt.Printf("--- t:\n%v\n\n", t)
+    
+        d, err := yaml.Marshal(&t)
+        if err != nil {
+                log.Fatalf("error: %v", err)
+        }
+        fmt.Printf("--- t dump:\n%s\n\n", string(d))
+    
+        m := make(map[interface{}]interface{})
+    
+        err = yaml.Unmarshal([]byte(data), &m)
+        if err != nil {
+                log.Fatalf("error: %v", err)
+        }
+        fmt.Printf("--- m:\n%v\n\n", m)
+    
+        d, err = yaml.Marshal(&m)
+        if err != nil {
+                log.Fatalf("error: %v", err)
+        }
+        fmt.Printf("--- m dump:\n%s\n\n", string(d))
+}
+```
+
+This example will generate the following output:
+
+```
+--- t:
+{Easy! {2 [3 4]}}
+
+--- t dump:
+a: Easy!
+b:
+  c: 2
+  d: [3, 4]
+
+
+--- m:
+map[a:Easy! b:map[c:2 d:[3 4]]]
+
+--- m dump:
+a: Easy!
+b:
+  c: 2
+  d:
+  - 3
+  - 4
+```
+
diff --git a/vendor/sigs.k8s.io/yaml/goyaml.v2/apic.go b/vendor/sigs.k8s.io/yaml/goyaml.v2/apic.go
new file mode 100644
index 000000000..acf71402c
--- /dev/null
+++ b/vendor/sigs.k8s.io/yaml/goyaml.v2/apic.go
@@ -0,0 +1,744 @@
+package yaml
+
+import (
+	"io"
+)
+
+func yaml_insert_token(parser *yaml_parser_t, pos int, token *yaml_token_t) {
+	//fmt.Println("yaml_insert_token", "pos:", pos, "typ:", token.typ, "head:", parser.tokens_head, "len:", len(parser.tokens))
+
+	// Check if we can move the queue at the beginning of the buffer.
+	if parser.tokens_head > 0 && len(parser.tokens) == cap(parser.tokens) {
+		if parser.tokens_head != len(parser.tokens) {
+			copy(parser.tokens, parser.tokens[parser.tokens_head:])
+		}
+		parser.tokens = parser.tokens[:len(parser.tokens)-parser.tokens_head]
+		parser.tokens_head = 0
+	}
+	parser.tokens = append(parser.tokens, *token)
+	if pos < 0 {
+		return
+	}
+	copy(parser.tokens[parser.tokens_head+pos+1:], parser.tokens[parser.tokens_head+pos:])
+	parser.tokens[parser.tokens_head+pos] = *token
+}
+
+// Create a new parser object.
+func yaml_parser_initialize(parser *yaml_parser_t) bool {
+	*parser = yaml_parser_t{
+		raw_buffer: make([]byte, 0, input_raw_buffer_size),
+		buffer:     make([]byte, 0, input_buffer_size),
+	}
+	return true
+}
+
+// Destroy a parser object.
+func yaml_parser_delete(parser *yaml_parser_t) {
+	*parser = yaml_parser_t{}
+}
+
+// String read handler.
+func yaml_string_read_handler(parser *yaml_parser_t, buffer []byte) (n int, err error) {
+	if parser.input_pos == len(parser.input) {
+		return 0, io.EOF
+	}
+	n = copy(buffer, parser.input[parser.input_pos:])
+	parser.input_pos += n
+	return n, nil
+}
+
+// Reader read handler.
+func yaml_reader_read_handler(parser *yaml_parser_t, buffer []byte) (n int, err error) {
+	return parser.input_reader.Read(buffer)
+}
+
+// Set a string input.
+func yaml_parser_set_input_string(parser *yaml_parser_t, input []byte) {
+	if parser.read_handler != nil {
+		panic("must set the input source only once")
+	}
+	parser.read_handler = yaml_string_read_handler
+	parser.input = input
+	parser.input_pos = 0
+}
+
+// Set a file input.
+func yaml_parser_set_input_reader(parser *yaml_parser_t, r io.Reader) {
+	if parser.read_handler != nil {
+		panic("must set the input source only once")
+	}
+	parser.read_handler = yaml_reader_read_handler
+	parser.input_reader = r
+}
+
+// Set the source encoding.
+func yaml_parser_set_encoding(parser *yaml_parser_t, encoding yaml_encoding_t) {
+	if parser.encoding != yaml_ANY_ENCODING {
+		panic("must set the encoding only once")
+	}
+	parser.encoding = encoding
+}
+
+var disableLineWrapping = false
+
+// Create a new emitter object.
+func yaml_emitter_initialize(emitter *yaml_emitter_t) {
+	*emitter = yaml_emitter_t{
+		buffer:     make([]byte, output_buffer_size),
+		raw_buffer: make([]byte, 0, output_raw_buffer_size),
+		states:     make([]yaml_emitter_state_t, 0, initial_stack_size),
+		events:     make([]yaml_event_t, 0, initial_queue_size),
+	}
+	if disableLineWrapping {
+		emitter.best_width = -1
+	}
+}
+
+// Destroy an emitter object.
+func yaml_emitter_delete(emitter *yaml_emitter_t) {
+	*emitter = yaml_emitter_t{}
+}
+
+// String write handler.
+func yaml_string_write_handler(emitter *yaml_emitter_t, buffer []byte) error {
+	*emitter.output_buffer = append(*emitter.output_buffer, buffer...)
+	return nil
+}
+
+// yaml_writer_write_handler uses emitter.output_writer to write the
+// emitted text.
+func yaml_writer_write_handler(emitter *yaml_emitter_t, buffer []byte) error {
+	_, err := emitter.output_writer.Write(buffer)
+	return err
+}
+
+// Set a string output.
+func yaml_emitter_set_output_string(emitter *yaml_emitter_t, output_buffer *[]byte) {
+	if emitter.write_handler != nil {
+		panic("must set the output target only once")
+	}
+	emitter.write_handler = yaml_string_write_handler
+	emitter.output_buffer = output_buffer
+}
+
+// Set a file output.
+func yaml_emitter_set_output_writer(emitter *yaml_emitter_t, w io.Writer) {
+	if emitter.write_handler != nil {
+		panic("must set the output target only once")
+	}
+	emitter.write_handler = yaml_writer_write_handler
+	emitter.output_writer = w
+}
+
+// Set the output encoding.
+func yaml_emitter_set_encoding(emitter *yaml_emitter_t, encoding yaml_encoding_t) {
+	if emitter.encoding != yaml_ANY_ENCODING {
+		panic("must set the output encoding only once")
+	}
+	emitter.encoding = encoding
+}
+
+// Set the canonical output style.
+func yaml_emitter_set_canonical(emitter *yaml_emitter_t, canonical bool) {
+	emitter.canonical = canonical
+}
+
+//// Set the indentation increment.
+func yaml_emitter_set_indent(emitter *yaml_emitter_t, indent int) {
+	if indent < 2 || indent > 9 {
+		indent = 2
+	}
+	emitter.best_indent = indent
+}
+
+// Set the preferred line width.
+func yaml_emitter_set_width(emitter *yaml_emitter_t, width int) {
+	if width < 0 {
+		width = -1
+	}
+	emitter.best_width = width
+}
+
+// Set if unescaped non-ASCII characters are allowed.
+func yaml_emitter_set_unicode(emitter *yaml_emitter_t, unicode bool) {
+	emitter.unicode = unicode
+}
+
+// Set the preferred line break character.
+func yaml_emitter_set_break(emitter *yaml_emitter_t, line_break yaml_break_t) {
+	emitter.line_break = line_break
+}
+
+///*
+// * Destroy a token object.
+// */
+//
+//YAML_DECLARE(void)
+//yaml_token_delete(yaml_token_t *token)
+//{
+//    assert(token);  // Non-NULL token object expected.
+//
+//    switch (token.type)
+//    {
+//        case YAML_TAG_DIRECTIVE_TOKEN:
+//            yaml_free(token.data.tag_directive.handle);
+//            yaml_free(token.data.tag_directive.prefix);
+//            break;
+//
+//        case YAML_ALIAS_TOKEN:
+//            yaml_free(token.data.alias.value);
+//            break;
+//
+//        case YAML_ANCHOR_TOKEN:
+//            yaml_free(token.data.anchor.value);
+//            break;
+//
+//        case YAML_TAG_TOKEN:
+//            yaml_free(token.data.tag.handle);
+//            yaml_free(token.data.tag.suffix);
+//            break;
+//
+//        case YAML_SCALAR_TOKEN:
+//            yaml_free(token.data.scalar.value);
+//            break;
+//
+//        default:
+//            break;
+//    }
+//
+//    memset(token, 0, sizeof(yaml_token_t));
+//}
+//
+///*
+// * Check if a string is a valid UTF-8 sequence.
+// *
+// * Check 'reader.c' for more details on UTF-8 encoding.
+// */
+//
+//static int
+//yaml_check_utf8(yaml_char_t *start, size_t length)
+//{
+//    yaml_char_t *end = start+length;
+//    yaml_char_t *pointer = start;
+//
+//    while (pointer < end) {
+//        unsigned char octet;
+//        unsigned int width;
+//        unsigned int value;
+//        size_t k;
+//
+//        octet = pointer[0];
+//        width = (octet & 0x80) == 0x00 ? 1 :
+//                (octet & 0xE0) == 0xC0 ? 2 :
+//                (octet & 0xF0) == 0xE0 ? 3 :
+//                (octet & 0xF8) == 0xF0 ? 4 : 0;
+//        value = (octet & 0x80) == 0x00 ? octet & 0x7F :
+//                (octet & 0xE0) == 0xC0 ? octet & 0x1F :
+//                (octet & 0xF0) == 0xE0 ? octet & 0x0F :
+//                (octet & 0xF8) == 0xF0 ? octet & 0x07 : 0;
+//        if (!width) return 0;
+//        if (pointer+width > end) return 0;
+//        for (k = 1; k < width; k ++) {
+//            octet = pointer[k];
+//            if ((octet & 0xC0) != 0x80) return 0;
+//            value = (value << 6) + (octet & 0x3F);
+//        }
+//        if (!((width == 1) ||
+//            (width == 2 && value >= 0x80) ||
+//            (width == 3 && value >= 0x800) ||
+//            (width == 4 && value >= 0x10000))) return 0;
+//
+//        pointer += width;
+//    }
+//
+//    return 1;
+//}
+//
+
+// Create STREAM-START.
+func yaml_stream_start_event_initialize(event *yaml_event_t, encoding yaml_encoding_t) {
+	*event = yaml_event_t{
+		typ:      yaml_STREAM_START_EVENT,
+		encoding: encoding,
+	}
+}
+
+// Create STREAM-END.
+func yaml_stream_end_event_initialize(event *yaml_event_t) {
+	*event = yaml_event_t{
+		typ: yaml_STREAM_END_EVENT,
+	}
+}
+
+// Create DOCUMENT-START.
+func yaml_document_start_event_initialize(
+	event *yaml_event_t,
+	version_directive *yaml_version_directive_t,
+	tag_directives []yaml_tag_directive_t,
+	implicit bool,
+) {
+	*event = yaml_event_t{
+		typ:               yaml_DOCUMENT_START_EVENT,
+		version_directive: version_directive,
+		tag_directives:    tag_directives,
+		implicit:          implicit,
+	}
+}
+
+// Create DOCUMENT-END.
+func yaml_document_end_event_initialize(event *yaml_event_t, implicit bool) {
+	*event = yaml_event_t{
+		typ:      yaml_DOCUMENT_END_EVENT,
+		implicit: implicit,
+	}
+}
+
+///*
+// * Create ALIAS.
+// */
+//
+//YAML_DECLARE(int)
+//yaml_alias_event_initialize(event *yaml_event_t, anchor *yaml_char_t)
+//{
+//    mark yaml_mark_t = { 0, 0, 0 }
+//    anchor_copy *yaml_char_t = NULL
+//
+//    assert(event) // Non-NULL event object is expected.
+//    assert(anchor) // Non-NULL anchor is expected.
+//
+//    if (!yaml_check_utf8(anchor, strlen((char *)anchor))) return 0
+//
+//    anchor_copy = yaml_strdup(anchor)
+//    if (!anchor_copy)
+//        return 0
+//
+//    ALIAS_EVENT_INIT(*event, anchor_copy, mark, mark)
+//
+//    return 1
+//}
+
+// Create SCALAR.
+func yaml_scalar_event_initialize(event *yaml_event_t, anchor, tag, value []byte, plain_implicit, quoted_implicit bool, style yaml_scalar_style_t) bool {
+	*event = yaml_event_t{
+		typ:             yaml_SCALAR_EVENT,
+		anchor:          anchor,
+		tag:             tag,
+		value:           value,
+		implicit:        plain_implicit,
+		quoted_implicit: quoted_implicit,
+		style:           yaml_style_t(style),
+	}
+	return true
+}
+
+// Create SEQUENCE-START.
+func yaml_sequence_start_event_initialize(event *yaml_event_t, anchor, tag []byte, implicit bool, style yaml_sequence_style_t) bool {
+	*event = yaml_event_t{
+		typ:      yaml_SEQUENCE_START_EVENT,
+		anchor:   anchor,
+		tag:      tag,
+		implicit: implicit,
+		style:    yaml_style_t(style),
+	}
+	return true
+}
+
+// Create SEQUENCE-END.
+func yaml_sequence_end_event_initialize(event *yaml_event_t) bool {
+	*event = yaml_event_t{
+		typ: yaml_SEQUENCE_END_EVENT,
+	}
+	return true
+}
+
+// Create MAPPING-START.
+func yaml_mapping_start_event_initialize(event *yaml_event_t, anchor, tag []byte, implicit bool, style yaml_mapping_style_t) {
+	*event = yaml_event_t{
+		typ:      yaml_MAPPING_START_EVENT,
+		anchor:   anchor,
+		tag:      tag,
+		implicit: implicit,
+		style:    yaml_style_t(style),
+	}
+}
+
+// Create MAPPING-END.
+func yaml_mapping_end_event_initialize(event *yaml_event_t) {
+	*event = yaml_event_t{
+		typ: yaml_MAPPING_END_EVENT,
+	}
+}
+
+// Destroy an event object.
+func yaml_event_delete(event *yaml_event_t) {
+	*event = yaml_event_t{}
+}
+
+///*
+// * Create a document object.
+// */
+//
+//YAML_DECLARE(int)
+//yaml_document_initialize(document *yaml_document_t,
+//        version_directive *yaml_version_directive_t,
+//        tag_directives_start *yaml_tag_directive_t,
+//        tag_directives_end *yaml_tag_directive_t,
+//        start_implicit int, end_implicit int)
+//{
+//    struct {
+//        error yaml_error_type_t
+//    } context
+//    struct {
+//        start *yaml_node_t
+//        end *yaml_node_t
+//        top *yaml_node_t
+//    } nodes = { NULL, NULL, NULL }
+//    version_directive_copy *yaml_version_directive_t = NULL
+//    struct {
+//        start *yaml_tag_directive_t
+//        end *yaml_tag_directive_t
+//        top *yaml_tag_directive_t
+//    } tag_directives_copy = { NULL, NULL, NULL }
+//    value yaml_tag_directive_t = { NULL, NULL }
+//    mark yaml_mark_t = { 0, 0, 0 }
+//
+//    assert(document) // Non-NULL document object is expected.
+//    assert((tag_directives_start && tag_directives_end) ||
+//            (tag_directives_start == tag_directives_end))
+//                            // Valid tag directives are expected.
+//
+//    if (!STACK_INIT(&context, nodes, INITIAL_STACK_SIZE)) goto error
+//
+//    if (version_directive) {
+//        version_directive_copy = yaml_malloc(sizeof(yaml_version_directive_t))
+//        if (!version_directive_copy) goto error
+//        version_directive_copy.major = version_directive.major
+//        version_directive_copy.minor = version_directive.minor
+//    }
+//
+//    if (tag_directives_start != tag_directives_end) {
+//        tag_directive *yaml_tag_directive_t
+//        if (!STACK_INIT(&context, tag_directives_copy, INITIAL_STACK_SIZE))
+//            goto error
+//        for (tag_directive = tag_directives_start
+//                tag_directive != tag_directives_end; tag_directive ++) {
+//            assert(tag_directive.handle)
+//            assert(tag_directive.prefix)
+//            if (!yaml_check_utf8(tag_directive.handle,
+//                        strlen((char *)tag_directive.handle)))
+//                goto error
+//            if (!yaml_check_utf8(tag_directive.prefix,
+//                        strlen((char *)tag_directive.prefix)))
+//                goto error
+//            value.handle = yaml_strdup(tag_directive.handle)
+//            value.prefix = yaml_strdup(tag_directive.prefix)
+//            if (!value.handle || !value.prefix) goto error
+//            if (!PUSH(&context, tag_directives_copy, value))
+//                goto error
+//            value.handle = NULL
+//            value.prefix = NULL
+//        }
+//    }
+//
+//    DOCUMENT_INIT(*document, nodes.start, nodes.end, version_directive_copy,
+//            tag_directives_copy.start, tag_directives_copy.top,
+//            start_implicit, end_implicit, mark, mark)
+//
+//    return 1
+//
+//error:
+//    STACK_DEL(&context, nodes)
+//    yaml_free(version_directive_copy)
+//    while (!STACK_EMPTY(&context, tag_directives_copy)) {
+//        value yaml_tag_directive_t = POP(&context, tag_directives_copy)
+//        yaml_free(value.handle)
+//        yaml_free(value.prefix)
+//    }
+//    STACK_DEL(&context, tag_directives_copy)
+//    yaml_free(value.handle)
+//    yaml_free(value.prefix)
+//
+//    return 0
+//}
+//
+///*
+// * Destroy a document object.
+// */
+//
+//YAML_DECLARE(void)
+//yaml_document_delete(document *yaml_document_t)
+//{
+//    struct {
+//        error yaml_error_type_t
+//    } context
+//    tag_directive *yaml_tag_directive_t
+//
+//    context.error = YAML_NO_ERROR // Eliminate a compiler warning.
+//
+//    assert(document) // Non-NULL document object is expected.
+//
+//    while (!STACK_EMPTY(&context, document.nodes)) {
+//        node yaml_node_t = POP(&context, document.nodes)
+//        yaml_free(node.tag)
+//        switch (node.type) {
+//            case YAML_SCALAR_NODE:
+//                yaml_free(node.data.scalar.value)
+//                break
+//            case YAML_SEQUENCE_NODE:
+//                STACK_DEL(&context, node.data.sequence.items)
+//                break
+//            case YAML_MAPPING_NODE:
+//                STACK_DEL(&context, node.data.mapping.pairs)
+//                break
+//            default:
+//                assert(0) // Should not happen.
+//        }
+//    }
+//    STACK_DEL(&context, document.nodes)
+//
+//    yaml_free(document.version_directive)
+//    for (tag_directive = document.tag_directives.start
+//            tag_directive != document.tag_directives.end
+//            tag_directive++) {
+//        yaml_free(tag_directive.handle)
+//        yaml_free(tag_directive.prefix)
+//    }
+//    yaml_free(document.tag_directives.start)
+//
+//    memset(document, 0, sizeof(yaml_document_t))
+//}
+//
+///**
+// * Get a document node.
+// */
+//
+//YAML_DECLARE(yaml_node_t *)
+//yaml_document_get_node(document *yaml_document_t, index int)
+//{
+//    assert(document) // Non-NULL document object is expected.
+//
+//    if (index > 0 && document.nodes.start + index <= document.nodes.top) {
+//        return document.nodes.start + index - 1
+//    }
+//    return NULL
+//}
+//
+///**
+// * Get the root object.
+// */
+//
+//YAML_DECLARE(yaml_node_t *)
+//yaml_document_get_root_node(document *yaml_document_t)
+//{
+//    assert(document) // Non-NULL document object is expected.
+//
+//    if (document.nodes.top != document.nodes.start) {
+//        return document.nodes.start
+//    }
+//    return NULL
+//}
+//
+///*
+// * Add a scalar node to a document.
+// */
+//
+//YAML_DECLARE(int)
+//yaml_document_add_scalar(document *yaml_document_t,
+//        tag *yaml_char_t, value *yaml_char_t, length int,
+//        style yaml_scalar_style_t)
+//{
+//    struct {
+//        error yaml_error_type_t
+//    } context
+//    mark yaml_mark_t = { 0, 0, 0 }
+//    tag_copy *yaml_char_t = NULL
+//    value_copy *yaml_char_t = NULL
+//    node yaml_node_t
+//
+//    assert(document) // Non-NULL document object is expected.
+//    assert(value) // Non-NULL value is expected.
+//
+//    if (!tag) {
+//        tag = (yaml_char_t *)YAML_DEFAULT_SCALAR_TAG
+//    }
+//
+//    if (!yaml_check_utf8(tag, strlen((char *)tag))) goto error
+//    tag_copy = yaml_strdup(tag)
+//    if (!tag_copy) goto error
+//
+//    if (length < 0) {
+//        length = strlen((char *)value)
+//    }
+//
+//    if (!yaml_check_utf8(value, length)) goto error
+//    value_copy = yaml_malloc(length+1)
+//    if (!value_copy) goto error
+//    memcpy(value_copy, value, length)
+//    value_copy[length] = '\0'
+//
+//    SCALAR_NODE_INIT(node, tag_copy, value_copy, length, style, mark, mark)
+//    if (!PUSH(&context, document.nodes, node)) goto error
+//
+//    return document.nodes.top - document.nodes.start
+//
+//error:
+//    yaml_free(tag_copy)
+//    yaml_free(value_copy)
+//
+//    return 0
+//}
+//
+///*
+// * Add a sequence node to a document.
+// */
+//
+//YAML_DECLARE(int)
+//yaml_document_add_sequence(document *yaml_document_t,
+//        tag *yaml_char_t, style yaml_sequence_style_t)
+//{
+//    struct {
+//        error yaml_error_type_t
+//    } context
+//    mark yaml_mark_t = { 0, 0, 0 }
+//    tag_copy *yaml_char_t = NULL
+//    struct {
+//        start *yaml_node_item_t
+//        end *yaml_node_item_t
+//        top *yaml_node_item_t
+//    } items = { NULL, NULL, NULL }
+//    node yaml_node_t
+//
+//    assert(document) // Non-NULL document object is expected.
+//
+//    if (!tag) {
+//        tag = (yaml_char_t *)YAML_DEFAULT_SEQUENCE_TAG
+//    }
+//
+//    if (!yaml_check_utf8(tag, strlen((char *)tag))) goto error
+//    tag_copy = yaml_strdup(tag)
+//    if (!tag_copy) goto error
+//
+//    if (!STACK_INIT(&context, items, INITIAL_STACK_SIZE)) goto error
+//
+//    SEQUENCE_NODE_INIT(node, tag_copy, items.start, items.end,
+//            style, mark, mark)
+//    if (!PUSH(&context, document.nodes, node)) goto error
+//
+//    return document.nodes.top - document.nodes.start
+//
+//error:
+//    STACK_DEL(&context, items)
+//    yaml_free(tag_copy)
+//
+//    return 0
+//}
+//
+///*
+// * Add a mapping node to a document.
+// */
+//
+//YAML_DECLARE(int)
+//yaml_document_add_mapping(document *yaml_document_t,
+//        tag *yaml_char_t, style yaml_mapping_style_t)
+//{
+//    struct {
+//        error yaml_error_type_t
+//    } context
+//    mark yaml_mark_t = { 0, 0, 0 }
+//    tag_copy *yaml_char_t = NULL
+//    struct {
+//        start *yaml_node_pair_t
+//        end *yaml_node_pair_t
+//        top *yaml_node_pair_t
+//    } pairs = { NULL, NULL, NULL }
+//    node yaml_node_t
+//
+//    assert(document) // Non-NULL document object is expected.
+//
+//    if (!tag) {
+//        tag = (yaml_char_t *)YAML_DEFAULT_MAPPING_TAG
+//    }
+//
+//    if (!yaml_check_utf8(tag, strlen((char *)tag))) goto error
+//    tag_copy = yaml_strdup(tag)
+//    if (!tag_copy) goto error
+//
+//    if (!STACK_INIT(&context, pairs, INITIAL_STACK_SIZE)) goto error
+//
+//    MAPPING_NODE_INIT(node, tag_copy, pairs.start, pairs.end,
+//            style, mark, mark)
+//    if (!PUSH(&context, document.nodes, node)) goto error
+//
+//    return document.nodes.top - document.nodes.start
+//
+//error:
+//    STACK_DEL(&context, pairs)
+//    yaml_free(tag_copy)
+//
+//    return 0
+//}
+//
+///*
+// * Append an item to a sequence node.
+// */
+//
+//YAML_DECLARE(int)
+//yaml_document_append_sequence_item(document *yaml_document_t,
+//        sequence int, item int)
+//{
+//    struct {
+//        error yaml_error_type_t
+//    } context
+//
+//    assert(document) // Non-NULL document is required.
+//    assert(sequence > 0
+//            && document.nodes.start + sequence <= document.nodes.top)
+//                            // Valid sequence id is required.
+//    assert(document.nodes.start[sequence-1].type == YAML_SEQUENCE_NODE)
+//                            // A sequence node is required.
+//    assert(item > 0 && document.nodes.start + item <= document.nodes.top)
+//                            // Valid item id is required.
+//
+//    if (!PUSH(&context,
+//                document.nodes.start[sequence-1].data.sequence.items, item))
+//        return 0
+//
+//    return 1
+//}
+//
+///*
+// * Append a pair of a key and a value to a mapping node.
+// */
+//
+//YAML_DECLARE(int)
+//yaml_document_append_mapping_pair(document *yaml_document_t,
+//        mapping int, key int, value int)
+//{
+//    struct {
+//        error yaml_error_type_t
+//    } context
+//
+//    pair yaml_node_pair_t
+//
+//    assert(document) // Non-NULL document is required.
+//    assert(mapping > 0
+//            && document.nodes.start + mapping <= document.nodes.top)
+//                            // Valid mapping id is required.
+//    assert(document.nodes.start[mapping-1].type == YAML_MAPPING_NODE)
+//                            // A mapping node is required.
+//    assert(key > 0 && document.nodes.start + key <= document.nodes.top)
+//                            // Valid key id is required.
+//    assert(value > 0 && document.nodes.start + value <= document.nodes.top)
+//                            // Valid value id is required.
+//
+//    pair.key = key
+//    pair.value = value
+//
+//    if (!PUSH(&context,
+//                document.nodes.start[mapping-1].data.mapping.pairs, pair))
+//        return 0
+//
+//    return 1
+//}
+//
+//
diff --git a/vendor/sigs.k8s.io/yaml/goyaml.v2/decode.go b/vendor/sigs.k8s.io/yaml/goyaml.v2/decode.go
new file mode 100644
index 000000000..129bc2a97
--- /dev/null
+++ b/vendor/sigs.k8s.io/yaml/goyaml.v2/decode.go
@@ -0,0 +1,815 @@
+package yaml
+
+import (
+	"encoding"
+	"encoding/base64"
+	"fmt"
+	"io"
+	"math"
+	"reflect"
+	"strconv"
+	"time"
+)
+
+const (
+	documentNode = 1 << iota
+	mappingNode
+	sequenceNode
+	scalarNode
+	aliasNode
+)
+
+type node struct {
+	kind         int
+	line, column int
+	tag          string
+	// For an alias node, alias holds the resolved alias.
+	alias    *node
+	value    string
+	implicit bool
+	children []*node
+	anchors  map[string]*node
+}
+
+// ----------------------------------------------------------------------------
+// Parser, produces a node tree out of a libyaml event stream.
+
+type parser struct {
+	parser   yaml_parser_t
+	event    yaml_event_t
+	doc      *node
+	doneInit bool
+}
+
+func newParser(b []byte) *parser {
+	p := parser{}
+	if !yaml_parser_initialize(&p.parser) {
+		panic("failed to initialize YAML emitter")
+	}
+	if len(b) == 0 {
+		b = []byte{'\n'}
+	}
+	yaml_parser_set_input_string(&p.parser, b)
+	return &p
+}
+
+func newParserFromReader(r io.Reader) *parser {
+	p := parser{}
+	if !yaml_parser_initialize(&p.parser) {
+		panic("failed to initialize YAML emitter")
+	}
+	yaml_parser_set_input_reader(&p.parser, r)
+	return &p
+}
+
+func (p *parser) init() {
+	if p.doneInit {
+		return
+	}
+	p.expect(yaml_STREAM_START_EVENT)
+	p.doneInit = true
+}
+
+func (p *parser) destroy() {
+	if p.event.typ != yaml_NO_EVENT {
+		yaml_event_delete(&p.event)
+	}
+	yaml_parser_delete(&p.parser)
+}
+
+// expect consumes an event from the event stream and
+// checks that it's of the expected type.
+func (p *parser) expect(e yaml_event_type_t) {
+	if p.event.typ == yaml_NO_EVENT {
+		if !yaml_parser_parse(&p.parser, &p.event) {
+			p.fail()
+		}
+	}
+	if p.event.typ == yaml_STREAM_END_EVENT {
+		failf("attempted to go past the end of stream; corrupted value?")
+	}
+	if p.event.typ != e {
+		p.parser.problem = fmt.Sprintf("expected %s event but got %s", e, p.event.typ)
+		p.fail()
+	}
+	yaml_event_delete(&p.event)
+	p.event.typ = yaml_NO_EVENT
+}
+
+// peek peeks at the next event in the event stream,
+// puts the results into p.event and returns the event type.
+func (p *parser) peek() yaml_event_type_t {
+	if p.event.typ != yaml_NO_EVENT {
+		return p.event.typ
+	}
+	if !yaml_parser_parse(&p.parser, &p.event) {
+		p.fail()
+	}
+	return p.event.typ
+}
+
+func (p *parser) fail() {
+	var where string
+	var line int
+	if p.parser.problem_mark.line != 0 {
+		line = p.parser.problem_mark.line
+		// Scanner errors don't iterate line before returning error
+		if p.parser.error == yaml_SCANNER_ERROR {
+			line++
+		}
+	} else if p.parser.context_mark.line != 0 {
+		line = p.parser.context_mark.line
+	}
+	if line != 0 {
+		where = "line " + strconv.Itoa(line) + ": "
+	}
+	var msg string
+	if len(p.parser.problem) > 0 {
+		msg = p.parser.problem
+	} else {
+		msg = "unknown problem parsing YAML content"
+	}
+	failf("%s%s", where, msg)
+}
+
+func (p *parser) anchor(n *node, anchor []byte) {
+	if anchor != nil {
+		p.doc.anchors[string(anchor)] = n
+	}
+}
+
+func (p *parser) parse() *node {
+	p.init()
+	switch p.peek() {
+	case yaml_SCALAR_EVENT:
+		return p.scalar()
+	case yaml_ALIAS_EVENT:
+		return p.alias()
+	case yaml_MAPPING_START_EVENT:
+		return p.mapping()
+	case yaml_SEQUENCE_START_EVENT:
+		return p.sequence()
+	case yaml_DOCUMENT_START_EVENT:
+		return p.document()
+	case yaml_STREAM_END_EVENT:
+		// Happens when attempting to decode an empty buffer.
+		return nil
+	default:
+		panic("attempted to parse unknown event: " + p.event.typ.String())
+	}
+}
+
+func (p *parser) node(kind int) *node {
+	return &node{
+		kind:   kind,
+		line:   p.event.start_mark.line,
+		column: p.event.start_mark.column,
+	}
+}
+
+func (p *parser) document() *node {
+	n := p.node(documentNode)
+	n.anchors = make(map[string]*node)
+	p.doc = n
+	p.expect(yaml_DOCUMENT_START_EVENT)
+	n.children = append(n.children, p.parse())
+	p.expect(yaml_DOCUMENT_END_EVENT)
+	return n
+}
+
+func (p *parser) alias() *node {
+	n := p.node(aliasNode)
+	n.value = string(p.event.anchor)
+	n.alias = p.doc.anchors[n.value]
+	if n.alias == nil {
+		failf("unknown anchor '%s' referenced", n.value)
+	}
+	p.expect(yaml_ALIAS_EVENT)
+	return n
+}
+
+func (p *parser) scalar() *node {
+	n := p.node(scalarNode)
+	n.value = string(p.event.value)
+	n.tag = string(p.event.tag)
+	n.implicit = p.event.implicit
+	p.anchor(n, p.event.anchor)
+	p.expect(yaml_SCALAR_EVENT)
+	return n
+}
+
+func (p *parser) sequence() *node {
+	n := p.node(sequenceNode)
+	p.anchor(n, p.event.anchor)
+	p.expect(yaml_SEQUENCE_START_EVENT)
+	for p.peek() != yaml_SEQUENCE_END_EVENT {
+		n.children = append(n.children, p.parse())
+	}
+	p.expect(yaml_SEQUENCE_END_EVENT)
+	return n
+}
+
+func (p *parser) mapping() *node {
+	n := p.node(mappingNode)
+	p.anchor(n, p.event.anchor)
+	p.expect(yaml_MAPPING_START_EVENT)
+	for p.peek() != yaml_MAPPING_END_EVENT {
+		n.children = append(n.children, p.parse(), p.parse())
+	}
+	p.expect(yaml_MAPPING_END_EVENT)
+	return n
+}
+
+// ----------------------------------------------------------------------------
+// Decoder, unmarshals a node into a provided value.
+
+type decoder struct {
+	doc     *node
+	aliases map[*node]bool
+	mapType reflect.Type
+	terrors []string
+	strict  bool
+
+	decodeCount int
+	aliasCount  int
+	aliasDepth  int
+}
+
+var (
+	mapItemType    = reflect.TypeOf(MapItem{})
+	durationType   = reflect.TypeOf(time.Duration(0))
+	defaultMapType = reflect.TypeOf(map[interface{}]interface{}{})
+	ifaceType      = defaultMapType.Elem()
+	timeType       = reflect.TypeOf(time.Time{})
+	ptrTimeType    = reflect.TypeOf(&time.Time{})
+)
+
+func newDecoder(strict bool) *decoder {
+	d := &decoder{mapType: defaultMapType, strict: strict}
+	d.aliases = make(map[*node]bool)
+	return d
+}
+
+func (d *decoder) terror(n *node, tag string, out reflect.Value) {
+	if n.tag != "" {
+		tag = n.tag
+	}
+	value := n.value
+	if tag != yaml_SEQ_TAG && tag != yaml_MAP_TAG {
+		if len(value) > 10 {
+			value = " `" + value[:7] + "...`"
+		} else {
+			value = " `" + value + "`"
+		}
+	}
+	d.terrors = append(d.terrors, fmt.Sprintf("line %d: cannot unmarshal %s%s into %s", n.line+1, shortTag(tag), value, out.Type()))
+}
+
+func (d *decoder) callUnmarshaler(n *node, u Unmarshaler) (good bool) {
+	terrlen := len(d.terrors)
+	err := u.UnmarshalYAML(func(v interface{}) (err error) {
+		defer handleErr(&err)
+		d.unmarshal(n, reflect.ValueOf(v))
+		if len(d.terrors) > terrlen {
+			issues := d.terrors[terrlen:]
+			d.terrors = d.terrors[:terrlen]
+			return &TypeError{issues}
+		}
+		return nil
+	})
+	if e, ok := err.(*TypeError); ok {
+		d.terrors = append(d.terrors, e.Errors...)
+		return false
+	}
+	if err != nil {
+		fail(err)
+	}
+	return true
+}
+
+// d.prepare initializes and dereferences pointers and calls UnmarshalYAML
+// if a value is found to implement it.
+// It returns the initialized and dereferenced out value, whether
+// unmarshalling was already done by UnmarshalYAML, and if so whether
+// its types unmarshalled appropriately.
+//
+// If n holds a null value, prepare returns before doing anything.
+func (d *decoder) prepare(n *node, out reflect.Value) (newout reflect.Value, unmarshaled, good bool) {
+	if n.tag == yaml_NULL_TAG || n.kind == scalarNode && n.tag == "" && (n.value == "null" || n.value == "~" || n.value == "" && n.implicit) {
+		return out, false, false
+	}
+	again := true
+	for again {
+		again = false
+		if out.Kind() == reflect.Ptr {
+			if out.IsNil() {
+				out.Set(reflect.New(out.Type().Elem()))
+			}
+			out = out.Elem()
+			again = true
+		}
+		if out.CanAddr() {
+			if u, ok := out.Addr().Interface().(Unmarshaler); ok {
+				good = d.callUnmarshaler(n, u)
+				return out, true, good
+			}
+		}
+	}
+	return out, false, false
+}
+
+const (
+	// 400,000 decode operations is ~500kb of dense object declarations, or
+	// ~5kb of dense object declarations with 10000% alias expansion
+	alias_ratio_range_low = 400000
+
+	// 4,000,000 decode operations is ~5MB of dense object declarations, or
+	// ~4.5MB of dense object declarations with 10% alias expansion
+	alias_ratio_range_high = 4000000
+
+	// alias_ratio_range is the range over which we scale allowed alias ratios
+	alias_ratio_range = float64(alias_ratio_range_high - alias_ratio_range_low)
+)
+
+func allowedAliasRatio(decodeCount int) float64 {
+	switch {
+	case decodeCount <= alias_ratio_range_low:
+		// allow 99% to come from alias expansion for small-to-medium documents
+		return 0.99
+	case decodeCount >= alias_ratio_range_high:
+		// allow 10% to come from alias expansion for very large documents
+		return 0.10
+	default:
+		// scale smoothly from 99% down to 10% over the range.
+		// this maps to 396,000 - 400,000 allowed alias-driven decodes over the range.
+		// 400,000 decode operations is ~100MB of allocations in worst-case scenarios (single-item maps).
+		return 0.99 - 0.89*(float64(decodeCount-alias_ratio_range_low)/alias_ratio_range)
+	}
+}
+
+func (d *decoder) unmarshal(n *node, out reflect.Value) (good bool) {
+	d.decodeCount++
+	if d.aliasDepth > 0 {
+		d.aliasCount++
+	}
+	if d.aliasCount > 100 && d.decodeCount > 1000 && float64(d.aliasCount)/float64(d.decodeCount) > allowedAliasRatio(d.decodeCount) {
+		failf("document contains excessive aliasing")
+	}
+	switch n.kind {
+	case documentNode:
+		return d.document(n, out)
+	case aliasNode:
+		return d.alias(n, out)
+	}
+	out, unmarshaled, good := d.prepare(n, out)
+	if unmarshaled {
+		return good
+	}
+	switch n.kind {
+	case scalarNode:
+		good = d.scalar(n, out)
+	case mappingNode:
+		good = d.mapping(n, out)
+	case sequenceNode:
+		good = d.sequence(n, out)
+	default:
+		panic("internal error: unknown node kind: " + strconv.Itoa(n.kind))
+	}
+	return good
+}
+
+func (d *decoder) document(n *node, out reflect.Value) (good bool) {
+	if len(n.children) == 1 {
+		d.doc = n
+		d.unmarshal(n.children[0], out)
+		return true
+	}
+	return false
+}
+
+func (d *decoder) alias(n *node, out reflect.Value) (good bool) {
+	if d.aliases[n] {
+		// TODO this could actually be allowed in some circumstances.
+		failf("anchor '%s' value contains itself", n.value)
+	}
+	d.aliases[n] = true
+	d.aliasDepth++
+	good = d.unmarshal(n.alias, out)
+	d.aliasDepth--
+	delete(d.aliases, n)
+	return good
+}
+
+var zeroValue reflect.Value
+
+func resetMap(out reflect.Value) {
+	for _, k := range out.MapKeys() {
+		out.SetMapIndex(k, zeroValue)
+	}
+}
+
+func (d *decoder) scalar(n *node, out reflect.Value) bool {
+	var tag string
+	var resolved interface{}
+	if n.tag == "" && !n.implicit {
+		tag = yaml_STR_TAG
+		resolved = n.value
+	} else {
+		tag, resolved = resolve(n.tag, n.value)
+		if tag == yaml_BINARY_TAG {
+			data, err := base64.StdEncoding.DecodeString(resolved.(string))
+			if err != nil {
+				failf("!!binary value contains invalid base64 data")
+			}
+			resolved = string(data)
+		}
+	}
+	if resolved == nil {
+		if out.Kind() == reflect.Map && !out.CanAddr() {
+			resetMap(out)
+		} else {
+			out.Set(reflect.Zero(out.Type()))
+		}
+		return true
+	}
+	if resolvedv := reflect.ValueOf(resolved); out.Type() == resolvedv.Type() {
+		// We've resolved to exactly the type we want, so use that.
+		out.Set(resolvedv)
+		return true
+	}
+	// Perhaps we can use the value as a TextUnmarshaler to
+	// set its value.
+	if out.CanAddr() {
+		u, ok := out.Addr().Interface().(encoding.TextUnmarshaler)
+		if ok {
+			var text []byte
+			if tag == yaml_BINARY_TAG {
+				text = []byte(resolved.(string))
+			} else {
+				// We let any value be unmarshaled into TextUnmarshaler.
+				// That might be more lax than we'd like, but the
+				// TextUnmarshaler itself should bowl out any dubious values.
+				text = []byte(n.value)
+			}
+			err := u.UnmarshalText(text)
+			if err != nil {
+				fail(err)
+			}
+			return true
+		}
+	}
+	switch out.Kind() {
+	case reflect.String:
+		if tag == yaml_BINARY_TAG {
+			out.SetString(resolved.(string))
+			return true
+		}
+		if resolved != nil {
+			out.SetString(n.value)
+			return true
+		}
+	case reflect.Interface:
+		if resolved == nil {
+			out.Set(reflect.Zero(out.Type()))
+		} else if tag == yaml_TIMESTAMP_TAG {
+			// It looks like a timestamp but for backward compatibility
+			// reasons we set it as a string, so that code that unmarshals
+			// timestamp-like values into interface{} will continue to
+			// see a string and not a time.Time.
+			// TODO(v3) Drop this.
+			out.Set(reflect.ValueOf(n.value))
+		} else {
+			out.Set(reflect.ValueOf(resolved))
+		}
+		return true
+	case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64:
+		switch resolved := resolved.(type) {
+		case int:
+			if !out.OverflowInt(int64(resolved)) {
+				out.SetInt(int64(resolved))
+				return true
+			}
+		case int64:
+			if !out.OverflowInt(resolved) {
+				out.SetInt(resolved)
+				return true
+			}
+		case uint64:
+			if resolved <= math.MaxInt64 && !out.OverflowInt(int64(resolved)) {
+				out.SetInt(int64(resolved))
+				return true
+			}
+		case float64:
+			if resolved <= math.MaxInt64 && !out.OverflowInt(int64(resolved)) {
+				out.SetInt(int64(resolved))
+				return true
+			}
+		case string:
+			if out.Type() == durationType {
+				d, err := time.ParseDuration(resolved)
+				if err == nil {
+					out.SetInt(int64(d))
+					return true
+				}
+			}
+		}
+	case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr:
+		switch resolved := resolved.(type) {
+		case int:
+			if resolved >= 0 && !out.OverflowUint(uint64(resolved)) {
+				out.SetUint(uint64(resolved))
+				return true
+			}
+		case int64:
+			if resolved >= 0 && !out.OverflowUint(uint64(resolved)) {
+				out.SetUint(uint64(resolved))
+				return true
+			}
+		case uint64:
+			if !out.OverflowUint(uint64(resolved)) {
+				out.SetUint(uint64(resolved))
+				return true
+			}
+		case float64:
+			if resolved <= math.MaxUint64 && !out.OverflowUint(uint64(resolved)) {
+				out.SetUint(uint64(resolved))
+				return true
+			}
+		}
+	case reflect.Bool:
+		switch resolved := resolved.(type) {
+		case bool:
+			out.SetBool(resolved)
+			return true
+		}
+	case reflect.Float32, reflect.Float64:
+		switch resolved := resolved.(type) {
+		case int:
+			out.SetFloat(float64(resolved))
+			return true
+		case int64:
+			out.SetFloat(float64(resolved))
+			return true
+		case uint64:
+			out.SetFloat(float64(resolved))
+			return true
+		case float64:
+			out.SetFloat(resolved)
+			return true
+		}
+	case reflect.Struct:
+		if resolvedv := reflect.ValueOf(resolved); out.Type() == resolvedv.Type() {
+			out.Set(resolvedv)
+			return true
+		}
+	case reflect.Ptr:
+		if out.Type().Elem() == reflect.TypeOf(resolved) {
+			// TODO DOes this make sense? When is out a Ptr except when decoding a nil value?
+			elem := reflect.New(out.Type().Elem())
+			elem.Elem().Set(reflect.ValueOf(resolved))
+			out.Set(elem)
+			return true
+		}
+	}
+	d.terror(n, tag, out)
+	return false
+}
+
+func settableValueOf(i interface{}) reflect.Value {
+	v := reflect.ValueOf(i)
+	sv := reflect.New(v.Type()).Elem()
+	sv.Set(v)
+	return sv
+}
+
+func (d *decoder) sequence(n *node, out reflect.Value) (good bool) {
+	l := len(n.children)
+
+	var iface reflect.Value
+	switch out.Kind() {
+	case reflect.Slice:
+		out.Set(reflect.MakeSlice(out.Type(), l, l))
+	case reflect.Array:
+		if l != out.Len() {
+			failf("invalid array: want %d elements but got %d", out.Len(), l)
+		}
+	case reflect.Interface:
+		// No type hints. Will have to use a generic sequence.
+		iface = out
+		out = settableValueOf(make([]interface{}, l))
+	default:
+		d.terror(n, yaml_SEQ_TAG, out)
+		return false
+	}
+	et := out.Type().Elem()
+
+	j := 0
+	for i := 0; i < l; i++ {
+		e := reflect.New(et).Elem()
+		if ok := d.unmarshal(n.children[i], e); ok {
+			out.Index(j).Set(e)
+			j++
+		}
+	}
+	if out.Kind() != reflect.Array {
+		out.Set(out.Slice(0, j))
+	}
+	if iface.IsValid() {
+		iface.Set(out)
+	}
+	return true
+}
+
+func (d *decoder) mapping(n *node, out reflect.Value) (good bool) {
+	switch out.Kind() {
+	case reflect.Struct:
+		return d.mappingStruct(n, out)
+	case reflect.Slice:
+		return d.mappingSlice(n, out)
+	case reflect.Map:
+		// okay
+	case reflect.Interface:
+		if d.mapType.Kind() == reflect.Map {
+			iface := out
+			out = reflect.MakeMap(d.mapType)
+			iface.Set(out)
+		} else {
+			slicev := reflect.New(d.mapType).Elem()
+			if !d.mappingSlice(n, slicev) {
+				return false
+			}
+			out.Set(slicev)
+			return true
+		}
+	default:
+		d.terror(n, yaml_MAP_TAG, out)
+		return false
+	}
+	outt := out.Type()
+	kt := outt.Key()
+	et := outt.Elem()
+
+	mapType := d.mapType
+	if outt.Key() == ifaceType && outt.Elem() == ifaceType {
+		d.mapType = outt
+	}
+
+	if out.IsNil() {
+		out.Set(reflect.MakeMap(outt))
+	}
+	l := len(n.children)
+	for i := 0; i < l; i += 2 {
+		if isMerge(n.children[i]) {
+			d.merge(n.children[i+1], out)
+			continue
+		}
+		k := reflect.New(kt).Elem()
+		if d.unmarshal(n.children[i], k) {
+			kkind := k.Kind()
+			if kkind == reflect.Interface {
+				kkind = k.Elem().Kind()
+			}
+			if kkind == reflect.Map || kkind == reflect.Slice {
+				failf("invalid map key: %#v", k.Interface())
+			}
+			e := reflect.New(et).Elem()
+			if d.unmarshal(n.children[i+1], e) {
+				d.setMapIndex(n.children[i+1], out, k, e)
+			}
+		}
+	}
+	d.mapType = mapType
+	return true
+}
+
+func (d *decoder) setMapIndex(n *node, out, k, v reflect.Value) {
+	if d.strict && out.MapIndex(k) != zeroValue {
+		d.terrors = append(d.terrors, fmt.Sprintf("line %d: key %#v already set in map", n.line+1, k.Interface()))
+		return
+	}
+	out.SetMapIndex(k, v)
+}
+
+func (d *decoder) mappingSlice(n *node, out reflect.Value) (good bool) {
+	outt := out.Type()
+	if outt.Elem() != mapItemType {
+		d.terror(n, yaml_MAP_TAG, out)
+		return false
+	}
+
+	mapType := d.mapType
+	d.mapType = outt
+
+	var slice []MapItem
+	var l = len(n.children)
+	for i := 0; i < l; i += 2 {
+		if isMerge(n.children[i]) {
+			d.merge(n.children[i+1], out)
+			continue
+		}
+		item := MapItem{}
+		k := reflect.ValueOf(&item.Key).Elem()
+		if d.unmarshal(n.children[i], k) {
+			v := reflect.ValueOf(&item.Value).Elem()
+			if d.unmarshal(n.children[i+1], v) {
+				slice = append(slice, item)
+			}
+		}
+	}
+	out.Set(reflect.ValueOf(slice))
+	d.mapType = mapType
+	return true
+}
+
+func (d *decoder) mappingStruct(n *node, out reflect.Value) (good bool) {
+	sinfo, err := getStructInfo(out.Type())
+	if err != nil {
+		panic(err)
+	}
+	name := settableValueOf("")
+	l := len(n.children)
+
+	var inlineMap reflect.Value
+	var elemType reflect.Type
+	if sinfo.InlineMap != -1 {
+		inlineMap = out.Field(sinfo.InlineMap)
+		inlineMap.Set(reflect.New(inlineMap.Type()).Elem())
+		elemType = inlineMap.Type().Elem()
+	}
+
+	var doneFields []bool
+	if d.strict {
+		doneFields = make([]bool, len(sinfo.FieldsList))
+	}
+	for i := 0; i < l; i += 2 {
+		ni := n.children[i]
+		if isMerge(ni) {
+			d.merge(n.children[i+1], out)
+			continue
+		}
+		if !d.unmarshal(ni, name) {
+			continue
+		}
+		if info, ok := sinfo.FieldsMap[name.String()]; ok {
+			if d.strict {
+				if doneFields[info.Id] {
+					d.terrors = append(d.terrors, fmt.Sprintf("line %d: field %s already set in type %s", ni.line+1, name.String(), out.Type()))
+					continue
+				}
+				doneFields[info.Id] = true
+			}
+			var field reflect.Value
+			if info.Inline == nil {
+				field = out.Field(info.Num)
+			} else {
+				field = out.FieldByIndex(info.Inline)
+			}
+			d.unmarshal(n.children[i+1], field)
+		} else if sinfo.InlineMap != -1 {
+			if inlineMap.IsNil() {
+				inlineMap.Set(reflect.MakeMap(inlineMap.Type()))
+			}
+			value := reflect.New(elemType).Elem()
+			d.unmarshal(n.children[i+1], value)
+			d.setMapIndex(n.children[i+1], inlineMap, name, value)
+		} else if d.strict {
+			d.terrors = append(d.terrors, fmt.Sprintf("line %d: field %s not found in type %s", ni.line+1, name.String(), out.Type()))
+		}
+	}
+	return true
+}
+
+func failWantMap() {
+	failf("map merge requires map or sequence of maps as the value")
+}
+
+func (d *decoder) merge(n *node, out reflect.Value) {
+	switch n.kind {
+	case mappingNode:
+		d.unmarshal(n, out)
+	case aliasNode:
+		if n.alias != nil && n.alias.kind != mappingNode {
+			failWantMap()
+		}
+		d.unmarshal(n, out)
+	case sequenceNode:
+		// Step backwards as earlier nodes take precedence.
+		for i := len(n.children) - 1; i >= 0; i-- {
+			ni := n.children[i]
+			if ni.kind == aliasNode {
+				if ni.alias != nil && ni.alias.kind != mappingNode {
+					failWantMap()
+				}
+			} else if ni.kind != mappingNode {
+				failWantMap()
+			}
+			d.unmarshal(ni, out)
+		}
+	default:
+		failWantMap()
+	}
+}
+
+func isMerge(n *node) bool {
+	return n.kind == scalarNode && n.value == "<<" && (n.implicit == true || n.tag == yaml_MERGE_TAG)
+}
diff --git a/vendor/sigs.k8s.io/yaml/goyaml.v2/emitterc.go b/vendor/sigs.k8s.io/yaml/goyaml.v2/emitterc.go
new file mode 100644
index 000000000..a1c2cc526
--- /dev/null
+++ b/vendor/sigs.k8s.io/yaml/goyaml.v2/emitterc.go
@@ -0,0 +1,1685 @@
+package yaml
+
+import (
+	"bytes"
+	"fmt"
+)
+
+// Flush the buffer if needed.
+func flush(emitter *yaml_emitter_t) bool {
+	if emitter.buffer_pos+5 >= len(emitter.buffer) {
+		return yaml_emitter_flush(emitter)
+	}
+	return true
+}
+
+// Put a character to the output buffer.
+func put(emitter *yaml_emitter_t, value byte) bool {
+	if emitter.buffer_pos+5 >= len(emitter.buffer) && !yaml_emitter_flush(emitter) {
+		return false
+	}
+	emitter.buffer[emitter.buffer_pos] = value
+	emitter.buffer_pos++
+	emitter.column++
+	return true
+}
+
+// Put a line break to the output buffer.
+func put_break(emitter *yaml_emitter_t) bool {
+	if emitter.buffer_pos+5 >= len(emitter.buffer) && !yaml_emitter_flush(emitter) {
+		return false
+	}
+	switch emitter.line_break {
+	case yaml_CR_BREAK:
+		emitter.buffer[emitter.buffer_pos] = '\r'
+		emitter.buffer_pos += 1
+	case yaml_LN_BREAK:
+		emitter.buffer[emitter.buffer_pos] = '\n'
+		emitter.buffer_pos += 1
+	case yaml_CRLN_BREAK:
+		emitter.buffer[emitter.buffer_pos+0] = '\r'
+		emitter.buffer[emitter.buffer_pos+1] = '\n'
+		emitter.buffer_pos += 2
+	default:
+		panic("unknown line break setting")
+	}
+	emitter.column = 0
+	emitter.line++
+	return true
+}
+
+// Copy a character from a string into buffer.
+func write(emitter *yaml_emitter_t, s []byte, i *int) bool {
+	if emitter.buffer_pos+5 >= len(emitter.buffer) && !yaml_emitter_flush(emitter) {
+		return false
+	}
+	p := emitter.buffer_pos
+	w := width(s[*i])
+	switch w {
+	case 4:
+		emitter.buffer[p+3] = s[*i+3]
+		fallthrough
+	case 3:
+		emitter.buffer[p+2] = s[*i+2]
+		fallthrough
+	case 2:
+		emitter.buffer[p+1] = s[*i+1]
+		fallthrough
+	case 1:
+		emitter.buffer[p+0] = s[*i+0]
+	default:
+		panic("unknown character width")
+	}
+	emitter.column++
+	emitter.buffer_pos += w
+	*i += w
+	return true
+}
+
+// Write a whole string into buffer.
+func write_all(emitter *yaml_emitter_t, s []byte) bool {
+	for i := 0; i < len(s); {
+		if !write(emitter, s, &i) {
+			return false
+		}
+	}
+	return true
+}
+
+// Copy a line break character from a string into buffer.
+func write_break(emitter *yaml_emitter_t, s []byte, i *int) bool {
+	if s[*i] == '\n' {
+		if !put_break(emitter) {
+			return false
+		}
+		*i++
+	} else {
+		if !write(emitter, s, i) {
+			return false
+		}
+		emitter.column = 0
+		emitter.line++
+	}
+	return true
+}
+
+// Set an emitter error and return false.
+func yaml_emitter_set_emitter_error(emitter *yaml_emitter_t, problem string) bool {
+	emitter.error = yaml_EMITTER_ERROR
+	emitter.problem = problem
+	return false
+}
+
+// Emit an event.
+func yaml_emitter_emit(emitter *yaml_emitter_t, event *yaml_event_t) bool {
+	emitter.events = append(emitter.events, *event)
+	for !yaml_emitter_need_more_events(emitter) {
+		event := &emitter.events[emitter.events_head]
+		if !yaml_emitter_analyze_event(emitter, event) {
+			return false
+		}
+		if !yaml_emitter_state_machine(emitter, event) {
+			return false
+		}
+		yaml_event_delete(event)
+		emitter.events_head++
+	}
+	return true
+}
+
+// Check if we need to accumulate more events before emitting.
+//
+// We accumulate extra
+//  - 1 event for DOCUMENT-START
+//  - 2 events for SEQUENCE-START
+//  - 3 events for MAPPING-START
+//
+func yaml_emitter_need_more_events(emitter *yaml_emitter_t) bool {
+	if emitter.events_head == len(emitter.events) {
+		return true
+	}
+	var accumulate int
+	switch emitter.events[emitter.events_head].typ {
+	case yaml_DOCUMENT_START_EVENT:
+		accumulate = 1
+		break
+	case yaml_SEQUENCE_START_EVENT:
+		accumulate = 2
+		break
+	case yaml_MAPPING_START_EVENT:
+		accumulate = 3
+		break
+	default:
+		return false
+	}
+	if len(emitter.events)-emitter.events_head > accumulate {
+		return false
+	}
+	var level int
+	for i := emitter.events_head; i < len(emitter.events); i++ {
+		switch emitter.events[i].typ {
+		case yaml_STREAM_START_EVENT, yaml_DOCUMENT_START_EVENT, yaml_SEQUENCE_START_EVENT, yaml_MAPPING_START_EVENT:
+			level++
+		case yaml_STREAM_END_EVENT, yaml_DOCUMENT_END_EVENT, yaml_SEQUENCE_END_EVENT, yaml_MAPPING_END_EVENT:
+			level--
+		}
+		if level == 0 {
+			return false
+		}
+	}
+	return true
+}
+
+// Append a directive to the directives stack.
+func yaml_emitter_append_tag_directive(emitter *yaml_emitter_t, value *yaml_tag_directive_t, allow_duplicates bool) bool {
+	for i := 0; i < len(emitter.tag_directives); i++ {
+		if bytes.Equal(value.handle, emitter.tag_directives[i].handle) {
+			if allow_duplicates {
+				return true
+			}
+			return yaml_emitter_set_emitter_error(emitter, "duplicate %TAG directive")
+		}
+	}
+
+	// [Go] Do we actually need to copy this given garbage collection
+	// and the lack of deallocating destructors?
+	tag_copy := yaml_tag_directive_t{
+		handle: make([]byte, len(value.handle)),
+		prefix: make([]byte, len(value.prefix)),
+	}
+	copy(tag_copy.handle, value.handle)
+	copy(tag_copy.prefix, value.prefix)
+	emitter.tag_directives = append(emitter.tag_directives, tag_copy)
+	return true
+}
+
+// Increase the indentation level.
+func yaml_emitter_increase_indent(emitter *yaml_emitter_t, flow, indentless bool) bool {
+	emitter.indents = append(emitter.indents, emitter.indent)
+	if emitter.indent < 0 {
+		if flow {
+			emitter.indent = emitter.best_indent
+		} else {
+			emitter.indent = 0
+		}
+	} else if !indentless {
+		emitter.indent += emitter.best_indent
+	}
+	return true
+}
+
+// State dispatcher.
+func yaml_emitter_state_machine(emitter *yaml_emitter_t, event *yaml_event_t) bool {
+	switch emitter.state {
+	default:
+	case yaml_EMIT_STREAM_START_STATE:
+		return yaml_emitter_emit_stream_start(emitter, event)
+
+	case yaml_EMIT_FIRST_DOCUMENT_START_STATE:
+		return yaml_emitter_emit_document_start(emitter, event, true)
+
+	case yaml_EMIT_DOCUMENT_START_STATE:
+		return yaml_emitter_emit_document_start(emitter, event, false)
+
+	case yaml_EMIT_DOCUMENT_CONTENT_STATE:
+		return yaml_emitter_emit_document_content(emitter, event)
+
+	case yaml_EMIT_DOCUMENT_END_STATE:
+		return yaml_emitter_emit_document_end(emitter, event)
+
+	case yaml_EMIT_FLOW_SEQUENCE_FIRST_ITEM_STATE:
+		return yaml_emitter_emit_flow_sequence_item(emitter, event, true)
+
+	case yaml_EMIT_FLOW_SEQUENCE_ITEM_STATE:
+		return yaml_emitter_emit_flow_sequence_item(emitter, event, false)
+
+	case yaml_EMIT_FLOW_MAPPING_FIRST_KEY_STATE:
+		return yaml_emitter_emit_flow_mapping_key(emitter, event, true)
+
+	case yaml_EMIT_FLOW_MAPPING_KEY_STATE:
+		return yaml_emitter_emit_flow_mapping_key(emitter, event, false)
+
+	case yaml_EMIT_FLOW_MAPPING_SIMPLE_VALUE_STATE:
+		return yaml_emitter_emit_flow_mapping_value(emitter, event, true)
+
+	case yaml_EMIT_FLOW_MAPPING_VALUE_STATE:
+		return yaml_emitter_emit_flow_mapping_value(emitter, event, false)
+
+	case yaml_EMIT_BLOCK_SEQUENCE_FIRST_ITEM_STATE:
+		return yaml_emitter_emit_block_sequence_item(emitter, event, true)
+
+	case yaml_EMIT_BLOCK_SEQUENCE_ITEM_STATE:
+		return yaml_emitter_emit_block_sequence_item(emitter, event, false)
+
+	case yaml_EMIT_BLOCK_MAPPING_FIRST_KEY_STATE:
+		return yaml_emitter_emit_block_mapping_key(emitter, event, true)
+
+	case yaml_EMIT_BLOCK_MAPPING_KEY_STATE:
+		return yaml_emitter_emit_block_mapping_key(emitter, event, false)
+
+	case yaml_EMIT_BLOCK_MAPPING_SIMPLE_VALUE_STATE:
+		return yaml_emitter_emit_block_mapping_value(emitter, event, true)
+
+	case yaml_EMIT_BLOCK_MAPPING_VALUE_STATE:
+		return yaml_emitter_emit_block_mapping_value(emitter, event, false)
+
+	case yaml_EMIT_END_STATE:
+		return yaml_emitter_set_emitter_error(emitter, "expected nothing after STREAM-END")
+	}
+	panic("invalid emitter state")
+}
+
+// Expect STREAM-START.
+func yaml_emitter_emit_stream_start(emitter *yaml_emitter_t, event *yaml_event_t) bool {
+	if event.typ != yaml_STREAM_START_EVENT {
+		return yaml_emitter_set_emitter_error(emitter, "expected STREAM-START")
+	}
+	if emitter.encoding == yaml_ANY_ENCODING {
+		emitter.encoding = event.encoding
+		if emitter.encoding == yaml_ANY_ENCODING {
+			emitter.encoding = yaml_UTF8_ENCODING
+		}
+	}
+	if emitter.best_indent < 2 || emitter.best_indent > 9 {
+		emitter.best_indent = 2
+	}
+	if emitter.best_width >= 0 && emitter.best_width <= emitter.best_indent*2 {
+		emitter.best_width = 80
+	}
+	if emitter.best_width < 0 {
+		emitter.best_width = 1<<31 - 1
+	}
+	if emitter.line_break == yaml_ANY_BREAK {
+		emitter.line_break = yaml_LN_BREAK
+	}
+
+	emitter.indent = -1
+	emitter.line = 0
+	emitter.column = 0
+	emitter.whitespace = true
+	emitter.indention = true
+
+	if emitter.encoding != yaml_UTF8_ENCODING {
+		if !yaml_emitter_write_bom(emitter) {
+			return false
+		}
+	}
+	emitter.state = yaml_EMIT_FIRST_DOCUMENT_START_STATE
+	return true
+}
+
+// Expect DOCUMENT-START or STREAM-END.
+func yaml_emitter_emit_document_start(emitter *yaml_emitter_t, event *yaml_event_t, first bool) bool {
+
+	if event.typ == yaml_DOCUMENT_START_EVENT {
+
+		if event.version_directive != nil {
+			if !yaml_emitter_analyze_version_directive(emitter, event.version_directive) {
+				return false
+			}
+		}
+
+		for i := 0; i < len(event.tag_directives); i++ {
+			tag_directive := &event.tag_directives[i]
+			if !yaml_emitter_analyze_tag_directive(emitter, tag_directive) {
+				return false
+			}
+			if !yaml_emitter_append_tag_directive(emitter, tag_directive, false) {
+				return false
+			}
+		}
+
+		for i := 0; i < len(default_tag_directives); i++ {
+			tag_directive := &default_tag_directives[i]
+			if !yaml_emitter_append_tag_directive(emitter, tag_directive, true) {
+				return false
+			}
+		}
+
+		implicit := event.implicit
+		if !first || emitter.canonical {
+			implicit = false
+		}
+
+		if emitter.open_ended && (event.version_directive != nil || len(event.tag_directives) > 0) {
+			if !yaml_emitter_write_indicator(emitter, []byte("..."), true, false, false) {
+				return false
+			}
+			if !yaml_emitter_write_indent(emitter) {
+				return false
+			}
+		}
+
+		if event.version_directive != nil {
+			implicit = false
+			if !yaml_emitter_write_indicator(emitter, []byte("%YAML"), true, false, false) {
+				return false
+			}
+			if !yaml_emitter_write_indicator(emitter, []byte("1.1"), true, false, false) {
+				return false
+			}
+			if !yaml_emitter_write_indent(emitter) {
+				return false
+			}
+		}
+
+		if len(event.tag_directives) > 0 {
+			implicit = false
+			for i := 0; i < len(event.tag_directives); i++ {
+				tag_directive := &event.tag_directives[i]
+				if !yaml_emitter_write_indicator(emitter, []byte("%TAG"), true, false, false) {
+					return false
+				}
+				if !yaml_emitter_write_tag_handle(emitter, tag_directive.handle) {
+					return false
+				}
+				if !yaml_emitter_write_tag_content(emitter, tag_directive.prefix, true) {
+					return false
+				}
+				if !yaml_emitter_write_indent(emitter) {
+					return false
+				}
+			}
+		}
+
+		if yaml_emitter_check_empty_document(emitter) {
+			implicit = false
+		}
+		if !implicit {
+			if !yaml_emitter_write_indent(emitter) {
+				return false
+			}
+			if !yaml_emitter_write_indicator(emitter, []byte("---"), true, false, false) {
+				return false
+			}
+			if emitter.canonical {
+				if !yaml_emitter_write_indent(emitter) {
+					return false
+				}
+			}
+		}
+
+		emitter.state = yaml_EMIT_DOCUMENT_CONTENT_STATE
+		return true
+	}
+
+	if event.typ == yaml_STREAM_END_EVENT {
+		if emitter.open_ended {
+			if !yaml_emitter_write_indicator(emitter, []byte("..."), true, false, false) {
+				return false
+			}
+			if !yaml_emitter_write_indent(emitter) {
+				return false
+			}
+		}
+		if !yaml_emitter_flush(emitter) {
+			return false
+		}
+		emitter.state = yaml_EMIT_END_STATE
+		return true
+	}
+
+	return yaml_emitter_set_emitter_error(emitter, "expected DOCUMENT-START or STREAM-END")
+}
+
+// Expect the root node.
+func yaml_emitter_emit_document_content(emitter *yaml_emitter_t, event *yaml_event_t) bool {
+	emitter.states = append(emitter.states, yaml_EMIT_DOCUMENT_END_STATE)
+	return yaml_emitter_emit_node(emitter, event, true, false, false, false)
+}
+
+// Expect DOCUMENT-END.
+func yaml_emitter_emit_document_end(emitter *yaml_emitter_t, event *yaml_event_t) bool {
+	if event.typ != yaml_DOCUMENT_END_EVENT {
+		return yaml_emitter_set_emitter_error(emitter, "expected DOCUMENT-END")
+	}
+	if !yaml_emitter_write_indent(emitter) {
+		return false
+	}
+	if !event.implicit {
+		// [Go] Allocate the slice elsewhere.
+		if !yaml_emitter_write_indicator(emitter, []byte("..."), true, false, false) {
+			return false
+		}
+		if !yaml_emitter_write_indent(emitter) {
+			return false
+		}
+	}
+	if !yaml_emitter_flush(emitter) {
+		return false
+	}
+	emitter.state = yaml_EMIT_DOCUMENT_START_STATE
+	emitter.tag_directives = emitter.tag_directives[:0]
+	return true
+}
+
+// Expect a flow item node.
+func yaml_emitter_emit_flow_sequence_item(emitter *yaml_emitter_t, event *yaml_event_t, first bool) bool {
+	if first {
+		if !yaml_emitter_write_indicator(emitter, []byte{'['}, true, true, false) {
+			return false
+		}
+		if !yaml_emitter_increase_indent(emitter, true, false) {
+			return false
+		}
+		emitter.flow_level++
+	}
+
+	if event.typ == yaml_SEQUENCE_END_EVENT {
+		emitter.flow_level--
+		emitter.indent = emitter.indents[len(emitter.indents)-1]
+		emitter.indents = emitter.indents[:len(emitter.indents)-1]
+		if emitter.canonical && !first {
+			if !yaml_emitter_write_indicator(emitter, []byte{','}, false, false, false) {
+				return false
+			}
+			if !yaml_emitter_write_indent(emitter) {
+				return false
+			}
+		}
+		if !yaml_emitter_write_indicator(emitter, []byte{']'}, false, false, false) {
+			return false
+		}
+		emitter.state = emitter.states[len(emitter.states)-1]
+		emitter.states = emitter.states[:len(emitter.states)-1]
+
+		return true
+	}
+
+	if !first {
+		if !yaml_emitter_write_indicator(emitter, []byte{','}, false, false, false) {
+			return false
+		}
+	}
+
+	if emitter.canonical || emitter.column > emitter.best_width {
+		if !yaml_emitter_write_indent(emitter) {
+			return false
+		}
+	}
+	emitter.states = append(emitter.states, yaml_EMIT_FLOW_SEQUENCE_ITEM_STATE)
+	return yaml_emitter_emit_node(emitter, event, false, true, false, false)
+}
+
+// Expect a flow key node.
+func yaml_emitter_emit_flow_mapping_key(emitter *yaml_emitter_t, event *yaml_event_t, first bool) bool {
+	if first {
+		if !yaml_emitter_write_indicator(emitter, []byte{'{'}, true, true, false) {
+			return false
+		}
+		if !yaml_emitter_increase_indent(emitter, true, false) {
+			return false
+		}
+		emitter.flow_level++
+	}
+
+	if event.typ == yaml_MAPPING_END_EVENT {
+		emitter.flow_level--
+		emitter.indent = emitter.indents[len(emitter.indents)-1]
+		emitter.indents = emitter.indents[:len(emitter.indents)-1]
+		if emitter.canonical && !first {
+			if !yaml_emitter_write_indicator(emitter, []byte{','}, false, false, false) {
+				return false
+			}
+			if !yaml_emitter_write_indent(emitter) {
+				return false
+			}
+		}
+		if !yaml_emitter_write_indicator(emitter, []byte{'}'}, false, false, false) {
+			return false
+		}
+		emitter.state = emitter.states[len(emitter.states)-1]
+		emitter.states = emitter.states[:len(emitter.states)-1]
+		return true
+	}
+
+	if !first {
+		if !yaml_emitter_write_indicator(emitter, []byte{','}, false, false, false) {
+			return false
+		}
+	}
+	if emitter.canonical || emitter.column > emitter.best_width {
+		if !yaml_emitter_write_indent(emitter) {
+			return false
+		}
+	}
+
+	if !emitter.canonical && yaml_emitter_check_simple_key(emitter) {
+		emitter.states = append(emitter.states, yaml_EMIT_FLOW_MAPPING_SIMPLE_VALUE_STATE)
+		return yaml_emitter_emit_node(emitter, event, false, false, true, true)
+	}
+	if !yaml_emitter_write_indicator(emitter, []byte{'?'}, true, false, false) {
+		return false
+	}
+	emitter.states = append(emitter.states, yaml_EMIT_FLOW_MAPPING_VALUE_STATE)
+	return yaml_emitter_emit_node(emitter, event, false, false, true, false)
+}
+
+// Expect a flow value node.
+func yaml_emitter_emit_flow_mapping_value(emitter *yaml_emitter_t, event *yaml_event_t, simple bool) bool {
+	if simple {
+		if !yaml_emitter_write_indicator(emitter, []byte{':'}, false, false, false) {
+			return false
+		}
+	} else {
+		if emitter.canonical || emitter.column > emitter.best_width {
+			if !yaml_emitter_write_indent(emitter) {
+				return false
+			}
+		}
+		if !yaml_emitter_write_indicator(emitter, []byte{':'}, true, false, false) {
+			return false
+		}
+	}
+	emitter.states = append(emitter.states, yaml_EMIT_FLOW_MAPPING_KEY_STATE)
+	return yaml_emitter_emit_node(emitter, event, false, false, true, false)
+}
+
+// Expect a block item node.
+func yaml_emitter_emit_block_sequence_item(emitter *yaml_emitter_t, event *yaml_event_t, first bool) bool {
+	if first {
+		if !yaml_emitter_increase_indent(emitter, false, emitter.mapping_context && !emitter.indention) {
+			return false
+		}
+	}
+	if event.typ == yaml_SEQUENCE_END_EVENT {
+		emitter.indent = emitter.indents[len(emitter.indents)-1]
+		emitter.indents = emitter.indents[:len(emitter.indents)-1]
+		emitter.state = emitter.states[len(emitter.states)-1]
+		emitter.states = emitter.states[:len(emitter.states)-1]
+		return true
+	}
+	if !yaml_emitter_write_indent(emitter) {
+		return false
+	}
+	if !yaml_emitter_write_indicator(emitter, []byte{'-'}, true, false, true) {
+		return false
+	}
+	emitter.states = append(emitter.states, yaml_EMIT_BLOCK_SEQUENCE_ITEM_STATE)
+	return yaml_emitter_emit_node(emitter, event, false, true, false, false)
+}
+
+// Expect a block key node.
+func yaml_emitter_emit_block_mapping_key(emitter *yaml_emitter_t, event *yaml_event_t, first bool) bool {
+	if first {
+		if !yaml_emitter_increase_indent(emitter, false, false) {
+			return false
+		}
+	}
+	if event.typ == yaml_MAPPING_END_EVENT {
+		emitter.indent = emitter.indents[len(emitter.indents)-1]
+		emitter.indents = emitter.indents[:len(emitter.indents)-1]
+		emitter.state = emitter.states[len(emitter.states)-1]
+		emitter.states = emitter.states[:len(emitter.states)-1]
+		return true
+	}
+	if !yaml_emitter_write_indent(emitter) {
+		return false
+	}
+	if yaml_emitter_check_simple_key(emitter) {
+		emitter.states = append(emitter.states, yaml_EMIT_BLOCK_MAPPING_SIMPLE_VALUE_STATE)
+		return yaml_emitter_emit_node(emitter, event, false, false, true, true)
+	}
+	if !yaml_emitter_write_indicator(emitter, []byte{'?'}, true, false, true) {
+		return false
+	}
+	emitter.states = append(emitter.states, yaml_EMIT_BLOCK_MAPPING_VALUE_STATE)
+	return yaml_emitter_emit_node(emitter, event, false, false, true, false)
+}
+
+// Expect a block value node.
+func yaml_emitter_emit_block_mapping_value(emitter *yaml_emitter_t, event *yaml_event_t, simple bool) bool {
+	if simple {
+		if !yaml_emitter_write_indicator(emitter, []byte{':'}, false, false, false) {
+			return false
+		}
+	} else {
+		if !yaml_emitter_write_indent(emitter) {
+			return false
+		}
+		if !yaml_emitter_write_indicator(emitter, []byte{':'}, true, false, true) {
+			return false
+		}
+	}
+	emitter.states = append(emitter.states, yaml_EMIT_BLOCK_MAPPING_KEY_STATE)
+	return yaml_emitter_emit_node(emitter, event, false, false, true, false)
+}
+
+// Expect a node.
+func yaml_emitter_emit_node(emitter *yaml_emitter_t, event *yaml_event_t,
+	root bool, sequence bool, mapping bool, simple_key bool) bool {
+
+	emitter.root_context = root
+	emitter.sequence_context = sequence
+	emitter.mapping_context = mapping
+	emitter.simple_key_context = simple_key
+
+	switch event.typ {
+	case yaml_ALIAS_EVENT:
+		return yaml_emitter_emit_alias(emitter, event)
+	case yaml_SCALAR_EVENT:
+		return yaml_emitter_emit_scalar(emitter, event)
+	case yaml_SEQUENCE_START_EVENT:
+		return yaml_emitter_emit_sequence_start(emitter, event)
+	case yaml_MAPPING_START_EVENT:
+		return yaml_emitter_emit_mapping_start(emitter, event)
+	default:
+		return yaml_emitter_set_emitter_error(emitter,
+			fmt.Sprintf("expected SCALAR, SEQUENCE-START, MAPPING-START, or ALIAS, but got %v", event.typ))
+	}
+}
+
+// Expect ALIAS.
+func yaml_emitter_emit_alias(emitter *yaml_emitter_t, event *yaml_event_t) bool {
+	if !yaml_emitter_process_anchor(emitter) {
+		return false
+	}
+	emitter.state = emitter.states[len(emitter.states)-1]
+	emitter.states = emitter.states[:len(emitter.states)-1]
+	return true
+}
+
+// Expect SCALAR.
+func yaml_emitter_emit_scalar(emitter *yaml_emitter_t, event *yaml_event_t) bool {
+	if !yaml_emitter_select_scalar_style(emitter, event) {
+		return false
+	}
+	if !yaml_emitter_process_anchor(emitter) {
+		return false
+	}
+	if !yaml_emitter_process_tag(emitter) {
+		return false
+	}
+	if !yaml_emitter_increase_indent(emitter, true, false) {
+		return false
+	}
+	if !yaml_emitter_process_scalar(emitter) {
+		return false
+	}
+	emitter.indent = emitter.indents[len(emitter.indents)-1]
+	emitter.indents = emitter.indents[:len(emitter.indents)-1]
+	emitter.state = emitter.states[len(emitter.states)-1]
+	emitter.states = emitter.states[:len(emitter.states)-1]
+	return true
+}
+
+// Expect SEQUENCE-START.
+func yaml_emitter_emit_sequence_start(emitter *yaml_emitter_t, event *yaml_event_t) bool {
+	if !yaml_emitter_process_anchor(emitter) {
+		return false
+	}
+	if !yaml_emitter_process_tag(emitter) {
+		return false
+	}
+	if emitter.flow_level > 0 || emitter.canonical || event.sequence_style() == yaml_FLOW_SEQUENCE_STYLE ||
+		yaml_emitter_check_empty_sequence(emitter) {
+		emitter.state = yaml_EMIT_FLOW_SEQUENCE_FIRST_ITEM_STATE
+	} else {
+		emitter.state = yaml_EMIT_BLOCK_SEQUENCE_FIRST_ITEM_STATE
+	}
+	return true
+}
+
+// Expect MAPPING-START.
+func yaml_emitter_emit_mapping_start(emitter *yaml_emitter_t, event *yaml_event_t) bool {
+	if !yaml_emitter_process_anchor(emitter) {
+		return false
+	}
+	if !yaml_emitter_process_tag(emitter) {
+		return false
+	}
+	if emitter.flow_level > 0 || emitter.canonical || event.mapping_style() == yaml_FLOW_MAPPING_STYLE ||
+		yaml_emitter_check_empty_mapping(emitter) {
+		emitter.state = yaml_EMIT_FLOW_MAPPING_FIRST_KEY_STATE
+	} else {
+		emitter.state = yaml_EMIT_BLOCK_MAPPING_FIRST_KEY_STATE
+	}
+	return true
+}
+
+// Check if the document content is an empty scalar.
+func yaml_emitter_check_empty_document(emitter *yaml_emitter_t) bool {
+	return false // [Go] Huh?
+}
+
+// Check if the next events represent an empty sequence.
+func yaml_emitter_check_empty_sequence(emitter *yaml_emitter_t) bool {
+	if len(emitter.events)-emitter.events_head < 2 {
+		return false
+	}
+	return emitter.events[emitter.events_head].typ == yaml_SEQUENCE_START_EVENT &&
+		emitter.events[emitter.events_head+1].typ == yaml_SEQUENCE_END_EVENT
+}
+
+// Check if the next events represent an empty mapping.
+func yaml_emitter_check_empty_mapping(emitter *yaml_emitter_t) bool {
+	if len(emitter.events)-emitter.events_head < 2 {
+		return false
+	}
+	return emitter.events[emitter.events_head].typ == yaml_MAPPING_START_EVENT &&
+		emitter.events[emitter.events_head+1].typ == yaml_MAPPING_END_EVENT
+}
+
+// Check if the next node can be expressed as a simple key.
+func yaml_emitter_check_simple_key(emitter *yaml_emitter_t) bool {
+	length := 0
+	switch emitter.events[emitter.events_head].typ {
+	case yaml_ALIAS_EVENT:
+		length += len(emitter.anchor_data.anchor)
+	case yaml_SCALAR_EVENT:
+		if emitter.scalar_data.multiline {
+			return false
+		}
+		length += len(emitter.anchor_data.anchor) +
+			len(emitter.tag_data.handle) +
+			len(emitter.tag_data.suffix) +
+			len(emitter.scalar_data.value)
+	case yaml_SEQUENCE_START_EVENT:
+		if !yaml_emitter_check_empty_sequence(emitter) {
+			return false
+		}
+		length += len(emitter.anchor_data.anchor) +
+			len(emitter.tag_data.handle) +
+			len(emitter.tag_data.suffix)
+	case yaml_MAPPING_START_EVENT:
+		if !yaml_emitter_check_empty_mapping(emitter) {
+			return false
+		}
+		length += len(emitter.anchor_data.anchor) +
+			len(emitter.tag_data.handle) +
+			len(emitter.tag_data.suffix)
+	default:
+		return false
+	}
+	return length <= 128
+}
+
+// Determine an acceptable scalar style.
+func yaml_emitter_select_scalar_style(emitter *yaml_emitter_t, event *yaml_event_t) bool {
+
+	no_tag := len(emitter.tag_data.handle) == 0 && len(emitter.tag_data.suffix) == 0
+	if no_tag && !event.implicit && !event.quoted_implicit {
+		return yaml_emitter_set_emitter_error(emitter, "neither tag nor implicit flags are specified")
+	}
+
+	style := event.scalar_style()
+	if style == yaml_ANY_SCALAR_STYLE {
+		style = yaml_PLAIN_SCALAR_STYLE
+	}
+	if emitter.canonical {
+		style = yaml_DOUBLE_QUOTED_SCALAR_STYLE
+	}
+	if emitter.simple_key_context && emitter.scalar_data.multiline {
+		style = yaml_DOUBLE_QUOTED_SCALAR_STYLE
+	}
+
+	if style == yaml_PLAIN_SCALAR_STYLE {
+		if emitter.flow_level > 0 && !emitter.scalar_data.flow_plain_allowed ||
+			emitter.flow_level == 0 && !emitter.scalar_data.block_plain_allowed {
+			style = yaml_SINGLE_QUOTED_SCALAR_STYLE
+		}
+		if len(emitter.scalar_data.value) == 0 && (emitter.flow_level > 0 || emitter.simple_key_context) {
+			style = yaml_SINGLE_QUOTED_SCALAR_STYLE
+		}
+		if no_tag && !event.implicit {
+			style = yaml_SINGLE_QUOTED_SCALAR_STYLE
+		}
+	}
+	if style == yaml_SINGLE_QUOTED_SCALAR_STYLE {
+		if !emitter.scalar_data.single_quoted_allowed {
+			style = yaml_DOUBLE_QUOTED_SCALAR_STYLE
+		}
+	}
+	if style == yaml_LITERAL_SCALAR_STYLE || style == yaml_FOLDED_SCALAR_STYLE {
+		if !emitter.scalar_data.block_allowed || emitter.flow_level > 0 || emitter.simple_key_context {
+			style = yaml_DOUBLE_QUOTED_SCALAR_STYLE
+		}
+	}
+
+	if no_tag && !event.quoted_implicit && style != yaml_PLAIN_SCALAR_STYLE {
+		emitter.tag_data.handle = []byte{'!'}
+	}
+	emitter.scalar_data.style = style
+	return true
+}
+
+// Write an anchor.
+func yaml_emitter_process_anchor(emitter *yaml_emitter_t) bool {
+	if emitter.anchor_data.anchor == nil {
+		return true
+	}
+	c := []byte{'&'}
+	if emitter.anchor_data.alias {
+		c[0] = '*'
+	}
+	if !yaml_emitter_write_indicator(emitter, c, true, false, false) {
+		return false
+	}
+	return yaml_emitter_write_anchor(emitter, emitter.anchor_data.anchor)
+}
+
+// Write a tag.
+func yaml_emitter_process_tag(emitter *yaml_emitter_t) bool {
+	if len(emitter.tag_data.handle) == 0 && len(emitter.tag_data.suffix) == 0 {
+		return true
+	}
+	if len(emitter.tag_data.handle) > 0 {
+		if !yaml_emitter_write_tag_handle(emitter, emitter.tag_data.handle) {
+			return false
+		}
+		if len(emitter.tag_data.suffix) > 0 {
+			if !yaml_emitter_write_tag_content(emitter, emitter.tag_data.suffix, false) {
+				return false
+			}
+		}
+	} else {
+		// [Go] Allocate these slices elsewhere.
+		if !yaml_emitter_write_indicator(emitter, []byte("!<"), true, false, false) {
+			return false
+		}
+		if !yaml_emitter_write_tag_content(emitter, emitter.tag_data.suffix, false) {
+			return false
+		}
+		if !yaml_emitter_write_indicator(emitter, []byte{'>'}, false, false, false) {
+			return false
+		}
+	}
+	return true
+}
+
+// Write a scalar.
+func yaml_emitter_process_scalar(emitter *yaml_emitter_t) bool {
+	switch emitter.scalar_data.style {
+	case yaml_PLAIN_SCALAR_STYLE:
+		return yaml_emitter_write_plain_scalar(emitter, emitter.scalar_data.value, !emitter.simple_key_context)
+
+	case yaml_SINGLE_QUOTED_SCALAR_STYLE:
+		return yaml_emitter_write_single_quoted_scalar(emitter, emitter.scalar_data.value, !emitter.simple_key_context)
+
+	case yaml_DOUBLE_QUOTED_SCALAR_STYLE:
+		return yaml_emitter_write_double_quoted_scalar(emitter, emitter.scalar_data.value, !emitter.simple_key_context)
+
+	case yaml_LITERAL_SCALAR_STYLE:
+		return yaml_emitter_write_literal_scalar(emitter, emitter.scalar_data.value)
+
+	case yaml_FOLDED_SCALAR_STYLE:
+		return yaml_emitter_write_folded_scalar(emitter, emitter.scalar_data.value)
+	}
+	panic("unknown scalar style")
+}
+
+// Check if a %YAML directive is valid.
+func yaml_emitter_analyze_version_directive(emitter *yaml_emitter_t, version_directive *yaml_version_directive_t) bool {
+	if version_directive.major != 1 || version_directive.minor != 1 {
+		return yaml_emitter_set_emitter_error(emitter, "incompatible %YAML directive")
+	}
+	return true
+}
+
+// Check if a %TAG directive is valid.
+func yaml_emitter_analyze_tag_directive(emitter *yaml_emitter_t, tag_directive *yaml_tag_directive_t) bool {
+	handle := tag_directive.handle
+	prefix := tag_directive.prefix
+	if len(handle) == 0 {
+		return yaml_emitter_set_emitter_error(emitter, "tag handle must not be empty")
+	}
+	if handle[0] != '!' {
+		return yaml_emitter_set_emitter_error(emitter, "tag handle must start with '!'")
+	}
+	if handle[len(handle)-1] != '!' {
+		return yaml_emitter_set_emitter_error(emitter, "tag handle must end with '!'")
+	}
+	for i := 1; i < len(handle)-1; i += width(handle[i]) {
+		if !is_alpha(handle, i) {
+			return yaml_emitter_set_emitter_error(emitter, "tag handle must contain alphanumerical characters only")
+		}
+	}
+	if len(prefix) == 0 {
+		return yaml_emitter_set_emitter_error(emitter, "tag prefix must not be empty")
+	}
+	return true
+}
+
+// Check if an anchor is valid.
+func yaml_emitter_analyze_anchor(emitter *yaml_emitter_t, anchor []byte, alias bool) bool {
+	if len(anchor) == 0 {
+		problem := "anchor value must not be empty"
+		if alias {
+			problem = "alias value must not be empty"
+		}
+		return yaml_emitter_set_emitter_error(emitter, problem)
+	}
+	for i := 0; i < len(anchor); i += width(anchor[i]) {
+		if !is_alpha(anchor, i) {
+			problem := "anchor value must contain alphanumerical characters only"
+			if alias {
+				problem = "alias value must contain alphanumerical characters only"
+			}
+			return yaml_emitter_set_emitter_error(emitter, problem)
+		}
+	}
+	emitter.anchor_data.anchor = anchor
+	emitter.anchor_data.alias = alias
+	return true
+}
+
+// Check if a tag is valid.
+func yaml_emitter_analyze_tag(emitter *yaml_emitter_t, tag []byte) bool {
+	if len(tag) == 0 {
+		return yaml_emitter_set_emitter_error(emitter, "tag value must not be empty")
+	}
+	for i := 0; i < len(emitter.tag_directives); i++ {
+		tag_directive := &emitter.tag_directives[i]
+		if bytes.HasPrefix(tag, tag_directive.prefix) {
+			emitter.tag_data.handle = tag_directive.handle
+			emitter.tag_data.suffix = tag[len(tag_directive.prefix):]
+			return true
+		}
+	}
+	emitter.tag_data.suffix = tag
+	return true
+}
+
+// Check if a scalar is valid.
+func yaml_emitter_analyze_scalar(emitter *yaml_emitter_t, value []byte) bool {
+	var (
+		block_indicators   = false
+		flow_indicators    = false
+		line_breaks        = false
+		special_characters = false
+
+		leading_space  = false
+		leading_break  = false
+		trailing_space = false
+		trailing_break = false
+		break_space    = false
+		space_break    = false
+
+		preceded_by_whitespace = false
+		followed_by_whitespace = false
+		previous_space         = false
+		previous_break         = false
+	)
+
+	emitter.scalar_data.value = value
+
+	if len(value) == 0 {
+		emitter.scalar_data.multiline = false
+		emitter.scalar_data.flow_plain_allowed = false
+		emitter.scalar_data.block_plain_allowed = true
+		emitter.scalar_data.single_quoted_allowed = true
+		emitter.scalar_data.block_allowed = false
+		return true
+	}
+
+	if len(value) >= 3 && ((value[0] == '-' && value[1] == '-' && value[2] == '-') || (value[0] == '.' && value[1] == '.' && value[2] == '.')) {
+		block_indicators = true
+		flow_indicators = true
+	}
+
+	preceded_by_whitespace = true
+	for i, w := 0, 0; i < len(value); i += w {
+		w = width(value[i])
+		followed_by_whitespace = i+w >= len(value) || is_blank(value, i+w)
+
+		if i == 0 {
+			switch value[i] {
+			case '#', ',', '[', ']', '{', '}', '&', '*', '!', '|', '>', '\'', '"', '%', '@', '`':
+				flow_indicators = true
+				block_indicators = true
+			case '?', ':':
+				flow_indicators = true
+				if followed_by_whitespace {
+					block_indicators = true
+				}
+			case '-':
+				if followed_by_whitespace {
+					flow_indicators = true
+					block_indicators = true
+				}
+			}
+		} else {
+			switch value[i] {
+			case ',', '?', '[', ']', '{', '}':
+				flow_indicators = true
+			case ':':
+				flow_indicators = true
+				if followed_by_whitespace {
+					block_indicators = true
+				}
+			case '#':
+				if preceded_by_whitespace {
+					flow_indicators = true
+					block_indicators = true
+				}
+			}
+		}
+
+		if !is_printable(value, i) || !is_ascii(value, i) && !emitter.unicode {
+			special_characters = true
+		}
+		if is_space(value, i) {
+			if i == 0 {
+				leading_space = true
+			}
+			if i+width(value[i]) == len(value) {
+				trailing_space = true
+			}
+			if previous_break {
+				break_space = true
+			}
+			previous_space = true
+			previous_break = false
+		} else if is_break(value, i) {
+			line_breaks = true
+			if i == 0 {
+				leading_break = true
+			}
+			if i+width(value[i]) == len(value) {
+				trailing_break = true
+			}
+			if previous_space {
+				space_break = true
+			}
+			previous_space = false
+			previous_break = true
+		} else {
+			previous_space = false
+			previous_break = false
+		}
+
+		// [Go]: Why 'z'? Couldn't be the end of the string as that's the loop condition.
+		preceded_by_whitespace = is_blankz(value, i)
+	}
+
+	emitter.scalar_data.multiline = line_breaks
+	emitter.scalar_data.flow_plain_allowed = true
+	emitter.scalar_data.block_plain_allowed = true
+	emitter.scalar_data.single_quoted_allowed = true
+	emitter.scalar_data.block_allowed = true
+
+	if leading_space || leading_break || trailing_space || trailing_break {
+		emitter.scalar_data.flow_plain_allowed = false
+		emitter.scalar_data.block_plain_allowed = false
+	}
+	if trailing_space {
+		emitter.scalar_data.block_allowed = false
+	}
+	if break_space {
+		emitter.scalar_data.flow_plain_allowed = false
+		emitter.scalar_data.block_plain_allowed = false
+		emitter.scalar_data.single_quoted_allowed = false
+	}
+	if space_break || special_characters {
+		emitter.scalar_data.flow_plain_allowed = false
+		emitter.scalar_data.block_plain_allowed = false
+		emitter.scalar_data.single_quoted_allowed = false
+		emitter.scalar_data.block_allowed = false
+	}
+	if line_breaks {
+		emitter.scalar_data.flow_plain_allowed = false
+		emitter.scalar_data.block_plain_allowed = false
+	}
+	if flow_indicators {
+		emitter.scalar_data.flow_plain_allowed = false
+	}
+	if block_indicators {
+		emitter.scalar_data.block_plain_allowed = false
+	}
+	return true
+}
+
+// Check if the event data is valid.
+func yaml_emitter_analyze_event(emitter *yaml_emitter_t, event *yaml_event_t) bool {
+
+	emitter.anchor_data.anchor = nil
+	emitter.tag_data.handle = nil
+	emitter.tag_data.suffix = nil
+	emitter.scalar_data.value = nil
+
+	switch event.typ {
+	case yaml_ALIAS_EVENT:
+		if !yaml_emitter_analyze_anchor(emitter, event.anchor, true) {
+			return false
+		}
+
+	case yaml_SCALAR_EVENT:
+		if len(event.anchor) > 0 {
+			if !yaml_emitter_analyze_anchor(emitter, event.anchor, false) {
+				return false
+			}
+		}
+		if len(event.tag) > 0 && (emitter.canonical || (!event.implicit && !event.quoted_implicit)) {
+			if !yaml_emitter_analyze_tag(emitter, event.tag) {
+				return false
+			}
+		}
+		if !yaml_emitter_analyze_scalar(emitter, event.value) {
+			return false
+		}
+
+	case yaml_SEQUENCE_START_EVENT:
+		if len(event.anchor) > 0 {
+			if !yaml_emitter_analyze_anchor(emitter, event.anchor, false) {
+				return false
+			}
+		}
+		if len(event.tag) > 0 && (emitter.canonical || !event.implicit) {
+			if !yaml_emitter_analyze_tag(emitter, event.tag) {
+				return false
+			}
+		}
+
+	case yaml_MAPPING_START_EVENT:
+		if len(event.anchor) > 0 {
+			if !yaml_emitter_analyze_anchor(emitter, event.anchor, false) {
+				return false
+			}
+		}
+		if len(event.tag) > 0 && (emitter.canonical || !event.implicit) {
+			if !yaml_emitter_analyze_tag(emitter, event.tag) {
+				return false
+			}
+		}
+	}
+	return true
+}
+
+// Write the BOM character.
+func yaml_emitter_write_bom(emitter *yaml_emitter_t) bool {
+	if !flush(emitter) {
+		return false
+	}
+	pos := emitter.buffer_pos
+	emitter.buffer[pos+0] = '\xEF'
+	emitter.buffer[pos+1] = '\xBB'
+	emitter.buffer[pos+2] = '\xBF'
+	emitter.buffer_pos += 3
+	return true
+}
+
+func yaml_emitter_write_indent(emitter *yaml_emitter_t) bool {
+	indent := emitter.indent
+	if indent < 0 {
+		indent = 0
+	}
+	if !emitter.indention || emitter.column > indent || (emitter.column == indent && !emitter.whitespace) {
+		if !put_break(emitter) {
+			return false
+		}
+	}
+	for emitter.column < indent {
+		if !put(emitter, ' ') {
+			return false
+		}
+	}
+	emitter.whitespace = true
+	emitter.indention = true
+	return true
+}
+
+func yaml_emitter_write_indicator(emitter *yaml_emitter_t, indicator []byte, need_whitespace, is_whitespace, is_indention bool) bool {
+	if need_whitespace && !emitter.whitespace {
+		if !put(emitter, ' ') {
+			return false
+		}
+	}
+	if !write_all(emitter, indicator) {
+		return false
+	}
+	emitter.whitespace = is_whitespace
+	emitter.indention = (emitter.indention && is_indention)
+	emitter.open_ended = false
+	return true
+}
+
+func yaml_emitter_write_anchor(emitter *yaml_emitter_t, value []byte) bool {
+	if !write_all(emitter, value) {
+		return false
+	}
+	emitter.whitespace = false
+	emitter.indention = false
+	return true
+}
+
+func yaml_emitter_write_tag_handle(emitter *yaml_emitter_t, value []byte) bool {
+	if !emitter.whitespace {
+		if !put(emitter, ' ') {
+			return false
+		}
+	}
+	if !write_all(emitter, value) {
+		return false
+	}
+	emitter.whitespace = false
+	emitter.indention = false
+	return true
+}
+
+func yaml_emitter_write_tag_content(emitter *yaml_emitter_t, value []byte, need_whitespace bool) bool {
+	if need_whitespace && !emitter.whitespace {
+		if !put(emitter, ' ') {
+			return false
+		}
+	}
+	for i := 0; i < len(value); {
+		var must_write bool
+		switch value[i] {
+		case ';', '/', '?', ':', '@', '&', '=', '+', '$', ',', '_', '.', '~', '*', '\'', '(', ')', '[', ']':
+			must_write = true
+		default:
+			must_write = is_alpha(value, i)
+		}
+		if must_write {
+			if !write(emitter, value, &i) {
+				return false
+			}
+		} else {
+			w := width(value[i])
+			for k := 0; k < w; k++ {
+				octet := value[i]
+				i++
+				if !put(emitter, '%') {
+					return false
+				}
+
+				c := octet >> 4
+				if c < 10 {
+					c += '0'
+				} else {
+					c += 'A' - 10
+				}
+				if !put(emitter, c) {
+					return false
+				}
+
+				c = octet & 0x0f
+				if c < 10 {
+					c += '0'
+				} else {
+					c += 'A' - 10
+				}
+				if !put(emitter, c) {
+					return false
+				}
+			}
+		}
+	}
+	emitter.whitespace = false
+	emitter.indention = false
+	return true
+}
+
+func yaml_emitter_write_plain_scalar(emitter *yaml_emitter_t, value []byte, allow_breaks bool) bool {
+	if !emitter.whitespace {
+		if !put(emitter, ' ') {
+			return false
+		}
+	}
+
+	spaces := false
+	breaks := false
+	for i := 0; i < len(value); {
+		if is_space(value, i) {
+			if allow_breaks && !spaces && emitter.column > emitter.best_width && !is_space(value, i+1) {
+				if !yaml_emitter_write_indent(emitter) {
+					return false
+				}
+				i += width(value[i])
+			} else {
+				if !write(emitter, value, &i) {
+					return false
+				}
+			}
+			spaces = true
+		} else if is_break(value, i) {
+			if !breaks && value[i] == '\n' {
+				if !put_break(emitter) {
+					return false
+				}
+			}
+			if !write_break(emitter, value, &i) {
+				return false
+			}
+			emitter.indention = true
+			breaks = true
+		} else {
+			if breaks {
+				if !yaml_emitter_write_indent(emitter) {
+					return false
+				}
+			}
+			if !write(emitter, value, &i) {
+				return false
+			}
+			emitter.indention = false
+			spaces = false
+			breaks = false
+		}
+	}
+
+	emitter.whitespace = false
+	emitter.indention = false
+	if emitter.root_context {
+		emitter.open_ended = true
+	}
+
+	return true
+}
+
+func yaml_emitter_write_single_quoted_scalar(emitter *yaml_emitter_t, value []byte, allow_breaks bool) bool {
+
+	if !yaml_emitter_write_indicator(emitter, []byte{'\''}, true, false, false) {
+		return false
+	}
+
+	spaces := false
+	breaks := false
+	for i := 0; i < len(value); {
+		if is_space(value, i) {
+			if allow_breaks && !spaces && emitter.column > emitter.best_width && i > 0 && i < len(value)-1 && !is_space(value, i+1) {
+				if !yaml_emitter_write_indent(emitter) {
+					return false
+				}
+				i += width(value[i])
+			} else {
+				if !write(emitter, value, &i) {
+					return false
+				}
+			}
+			spaces = true
+		} else if is_break(value, i) {
+			if !breaks && value[i] == '\n' {
+				if !put_break(emitter) {
+					return false
+				}
+			}
+			if !write_break(emitter, value, &i) {
+				return false
+			}
+			emitter.indention = true
+			breaks = true
+		} else {
+			if breaks {
+				if !yaml_emitter_write_indent(emitter) {
+					return false
+				}
+			}
+			if value[i] == '\'' {
+				if !put(emitter, '\'') {
+					return false
+				}
+			}
+			if !write(emitter, value, &i) {
+				return false
+			}
+			emitter.indention = false
+			spaces = false
+			breaks = false
+		}
+	}
+	if !yaml_emitter_write_indicator(emitter, []byte{'\''}, false, false, false) {
+		return false
+	}
+	emitter.whitespace = false
+	emitter.indention = false
+	return true
+}
+
+func yaml_emitter_write_double_quoted_scalar(emitter *yaml_emitter_t, value []byte, allow_breaks bool) bool {
+	spaces := false
+	if !yaml_emitter_write_indicator(emitter, []byte{'"'}, true, false, false) {
+		return false
+	}
+
+	for i := 0; i < len(value); {
+		if !is_printable(value, i) || (!emitter.unicode && !is_ascii(value, i)) ||
+			is_bom(value, i) || is_break(value, i) ||
+			value[i] == '"' || value[i] == '\\' {
+
+			octet := value[i]
+
+			var w int
+			var v rune
+			switch {
+			case octet&0x80 == 0x00:
+				w, v = 1, rune(octet&0x7F)
+			case octet&0xE0 == 0xC0:
+				w, v = 2, rune(octet&0x1F)
+			case octet&0xF0 == 0xE0:
+				w, v = 3, rune(octet&0x0F)
+			case octet&0xF8 == 0xF0:
+				w, v = 4, rune(octet&0x07)
+			}
+			for k := 1; k < w; k++ {
+				octet = value[i+k]
+				v = (v << 6) + (rune(octet) & 0x3F)
+			}
+			i += w
+
+			if !put(emitter, '\\') {
+				return false
+			}
+
+			var ok bool
+			switch v {
+			case 0x00:
+				ok = put(emitter, '0')
+			case 0x07:
+				ok = put(emitter, 'a')
+			case 0x08:
+				ok = put(emitter, 'b')
+			case 0x09:
+				ok = put(emitter, 't')
+			case 0x0A:
+				ok = put(emitter, 'n')
+			case 0x0b:
+				ok = put(emitter, 'v')
+			case 0x0c:
+				ok = put(emitter, 'f')
+			case 0x0d:
+				ok = put(emitter, 'r')
+			case 0x1b:
+				ok = put(emitter, 'e')
+			case 0x22:
+				ok = put(emitter, '"')
+			case 0x5c:
+				ok = put(emitter, '\\')
+			case 0x85:
+				ok = put(emitter, 'N')
+			case 0xA0:
+				ok = put(emitter, '_')
+			case 0x2028:
+				ok = put(emitter, 'L')
+			case 0x2029:
+				ok = put(emitter, 'P')
+			default:
+				if v <= 0xFF {
+					ok = put(emitter, 'x')
+					w = 2
+				} else if v <= 0xFFFF {
+					ok = put(emitter, 'u')
+					w = 4
+				} else {
+					ok = put(emitter, 'U')
+					w = 8
+				}
+				for k := (w - 1) * 4; ok && k >= 0; k -= 4 {
+					digit := byte((v >> uint(k)) & 0x0F)
+					if digit < 10 {
+						ok = put(emitter, digit+'0')
+					} else {
+						ok = put(emitter, digit+'A'-10)
+					}
+				}
+			}
+			if !ok {
+				return false
+			}
+			spaces = false
+		} else if is_space(value, i) {
+			if allow_breaks && !spaces && emitter.column > emitter.best_width && i > 0 && i < len(value)-1 {
+				if !yaml_emitter_write_indent(emitter) {
+					return false
+				}
+				if is_space(value, i+1) {
+					if !put(emitter, '\\') {
+						return false
+					}
+				}
+				i += width(value[i])
+			} else if !write(emitter, value, &i) {
+				return false
+			}
+			spaces = true
+		} else {
+			if !write(emitter, value, &i) {
+				return false
+			}
+			spaces = false
+		}
+	}
+	if !yaml_emitter_write_indicator(emitter, []byte{'"'}, false, false, false) {
+		return false
+	}
+	emitter.whitespace = false
+	emitter.indention = false
+	return true
+}
+
+func yaml_emitter_write_block_scalar_hints(emitter *yaml_emitter_t, value []byte) bool {
+	if is_space(value, 0) || is_break(value, 0) {
+		indent_hint := []byte{'0' + byte(emitter.best_indent)}
+		if !yaml_emitter_write_indicator(emitter, indent_hint, false, false, false) {
+			return false
+		}
+	}
+
+	emitter.open_ended = false
+
+	var chomp_hint [1]byte
+	if len(value) == 0 {
+		chomp_hint[0] = '-'
+	} else {
+		i := len(value) - 1
+		for value[i]&0xC0 == 0x80 {
+			i--
+		}
+		if !is_break(value, i) {
+			chomp_hint[0] = '-'
+		} else if i == 0 {
+			chomp_hint[0] = '+'
+			emitter.open_ended = true
+		} else {
+			i--
+			for value[i]&0xC0 == 0x80 {
+				i--
+			}
+			if is_break(value, i) {
+				chomp_hint[0] = '+'
+				emitter.open_ended = true
+			}
+		}
+	}
+	if chomp_hint[0] != 0 {
+		if !yaml_emitter_write_indicator(emitter, chomp_hint[:], false, false, false) {
+			return false
+		}
+	}
+	return true
+}
+
+func yaml_emitter_write_literal_scalar(emitter *yaml_emitter_t, value []byte) bool {
+	if !yaml_emitter_write_indicator(emitter, []byte{'|'}, true, false, false) {
+		return false
+	}
+	if !yaml_emitter_write_block_scalar_hints(emitter, value) {
+		return false
+	}
+	if !put_break(emitter) {
+		return false
+	}
+	emitter.indention = true
+	emitter.whitespace = true
+	breaks := true
+	for i := 0; i < len(value); {
+		if is_break(value, i) {
+			if !write_break(emitter, value, &i) {
+				return false
+			}
+			emitter.indention = true
+			breaks = true
+		} else {
+			if breaks {
+				if !yaml_emitter_write_indent(emitter) {
+					return false
+				}
+			}
+			if !write(emitter, value, &i) {
+				return false
+			}
+			emitter.indention = false
+			breaks = false
+		}
+	}
+
+	return true
+}
+
+func yaml_emitter_write_folded_scalar(emitter *yaml_emitter_t, value []byte) bool {
+	if !yaml_emitter_write_indicator(emitter, []byte{'>'}, true, false, false) {
+		return false
+	}
+	if !yaml_emitter_write_block_scalar_hints(emitter, value) {
+		return false
+	}
+
+	if !put_break(emitter) {
+		return false
+	}
+	emitter.indention = true
+	emitter.whitespace = true
+
+	breaks := true
+	leading_spaces := true
+	for i := 0; i < len(value); {
+		if is_break(value, i) {
+			if !breaks && !leading_spaces && value[i] == '\n' {
+				k := 0
+				for is_break(value, k) {
+					k += width(value[k])
+				}
+				if !is_blankz(value, k) {
+					if !put_break(emitter) {
+						return false
+					}
+				}
+			}
+			if !write_break(emitter, value, &i) {
+				return false
+			}
+			emitter.indention = true
+			breaks = true
+		} else {
+			if breaks {
+				if !yaml_emitter_write_indent(emitter) {
+					return false
+				}
+				leading_spaces = is_blank(value, i)
+			}
+			if !breaks && is_space(value, i) && !is_space(value, i+1) && emitter.column > emitter.best_width {
+				if !yaml_emitter_write_indent(emitter) {
+					return false
+				}
+				i += width(value[i])
+			} else {
+				if !write(emitter, value, &i) {
+					return false
+				}
+			}
+			emitter.indention = false
+			breaks = false
+		}
+	}
+	return true
+}
diff --git a/vendor/sigs.k8s.io/yaml/goyaml.v2/encode.go b/vendor/sigs.k8s.io/yaml/goyaml.v2/encode.go
new file mode 100644
index 000000000..0ee738e11
--- /dev/null
+++ b/vendor/sigs.k8s.io/yaml/goyaml.v2/encode.go
@@ -0,0 +1,390 @@
+package yaml
+
+import (
+	"encoding"
+	"fmt"
+	"io"
+	"reflect"
+	"regexp"
+	"sort"
+	"strconv"
+	"strings"
+	"time"
+	"unicode/utf8"
+)
+
+// jsonNumber is the interface of the encoding/json.Number datatype.
+// Repeating the interface here avoids a dependency on encoding/json, and also
+// supports other libraries like jsoniter, which use a similar datatype with
+// the same interface. Detecting this interface is useful when dealing with
+// structures containing json.Number, which is a string under the hood. The
+// encoder should prefer the use of Int64(), Float64() and string(), in that
+// order, when encoding this type.
+type jsonNumber interface {
+	Float64() (float64, error)
+	Int64() (int64, error)
+	String() string
+}
+
+type encoder struct {
+	emitter yaml_emitter_t
+	event   yaml_event_t
+	out     []byte
+	flow    bool
+	// doneInit holds whether the initial stream_start_event has been
+	// emitted.
+	doneInit bool
+}
+
+func newEncoder() *encoder {
+	e := &encoder{}
+	yaml_emitter_initialize(&e.emitter)
+	yaml_emitter_set_output_string(&e.emitter, &e.out)
+	yaml_emitter_set_unicode(&e.emitter, true)
+	return e
+}
+
+func newEncoderWithWriter(w io.Writer) *encoder {
+	e := &encoder{}
+	yaml_emitter_initialize(&e.emitter)
+	yaml_emitter_set_output_writer(&e.emitter, w)
+	yaml_emitter_set_unicode(&e.emitter, true)
+	return e
+}
+
+func (e *encoder) init() {
+	if e.doneInit {
+		return
+	}
+	yaml_stream_start_event_initialize(&e.event, yaml_UTF8_ENCODING)
+	e.emit()
+	e.doneInit = true
+}
+
+func (e *encoder) finish() {
+	e.emitter.open_ended = false
+	yaml_stream_end_event_initialize(&e.event)
+	e.emit()
+}
+
+func (e *encoder) destroy() {
+	yaml_emitter_delete(&e.emitter)
+}
+
+func (e *encoder) emit() {
+	// This will internally delete the e.event value.
+	e.must(yaml_emitter_emit(&e.emitter, &e.event))
+}
+
+func (e *encoder) must(ok bool) {
+	if !ok {
+		msg := e.emitter.problem
+		if msg == "" {
+			msg = "unknown problem generating YAML content"
+		}
+		failf("%s", msg)
+	}
+}
+
+func (e *encoder) marshalDoc(tag string, in reflect.Value) {
+	e.init()
+	yaml_document_start_event_initialize(&e.event, nil, nil, true)
+	e.emit()
+	e.marshal(tag, in)
+	yaml_document_end_event_initialize(&e.event, true)
+	e.emit()
+}
+
+func (e *encoder) marshal(tag string, in reflect.Value) {
+	if !in.IsValid() || in.Kind() == reflect.Ptr && in.IsNil() {
+		e.nilv()
+		return
+	}
+	iface := in.Interface()
+	switch m := iface.(type) {
+	case jsonNumber:
+		integer, err := m.Int64()
+		if err == nil {
+			// In this case the json.Number is a valid int64
+			in = reflect.ValueOf(integer)
+			break
+		}
+		float, err := m.Float64()
+		if err == nil {
+			// In this case the json.Number is a valid float64
+			in = reflect.ValueOf(float)
+			break
+		}
+		// fallback case - no number could be obtained
+		in = reflect.ValueOf(m.String())
+	case time.Time, *time.Time:
+		// Although time.Time implements TextMarshaler,
+		// we don't want to treat it as a string for YAML
+		// purposes because YAML has special support for
+		// timestamps.
+	case Marshaler:
+		v, err := m.MarshalYAML()
+		if err != nil {
+			fail(err)
+		}
+		if v == nil {
+			e.nilv()
+			return
+		}
+		in = reflect.ValueOf(v)
+	case encoding.TextMarshaler:
+		text, err := m.MarshalText()
+		if err != nil {
+			fail(err)
+		}
+		in = reflect.ValueOf(string(text))
+	case nil:
+		e.nilv()
+		return
+	}
+	switch in.Kind() {
+	case reflect.Interface:
+		e.marshal(tag, in.Elem())
+	case reflect.Map:
+		e.mapv(tag, in)
+	case reflect.Ptr:
+		if in.Type() == ptrTimeType {
+			e.timev(tag, in.Elem())
+		} else {
+			e.marshal(tag, in.Elem())
+		}
+	case reflect.Struct:
+		if in.Type() == timeType {
+			e.timev(tag, in)
+		} else {
+			e.structv(tag, in)
+		}
+	case reflect.Slice, reflect.Array:
+		if in.Type().Elem() == mapItemType {
+			e.itemsv(tag, in)
+		} else {
+			e.slicev(tag, in)
+		}
+	case reflect.String:
+		e.stringv(tag, in)
+	case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64:
+		if in.Type() == durationType {
+			e.stringv(tag, reflect.ValueOf(iface.(time.Duration).String()))
+		} else {
+			e.intv(tag, in)
+		}
+	case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr:
+		e.uintv(tag, in)
+	case reflect.Float32, reflect.Float64:
+		e.floatv(tag, in)
+	case reflect.Bool:
+		e.boolv(tag, in)
+	default:
+		panic("cannot marshal type: " + in.Type().String())
+	}
+}
+
+func (e *encoder) mapv(tag string, in reflect.Value) {
+	e.mappingv(tag, func() {
+		keys := keyList(in.MapKeys())
+		sort.Sort(keys)
+		for _, k := range keys {
+			e.marshal("", k)
+			e.marshal("", in.MapIndex(k))
+		}
+	})
+}
+
+func (e *encoder) itemsv(tag string, in reflect.Value) {
+	e.mappingv(tag, func() {
+		slice := in.Convert(reflect.TypeOf([]MapItem{})).Interface().([]MapItem)
+		for _, item := range slice {
+			e.marshal("", reflect.ValueOf(item.Key))
+			e.marshal("", reflect.ValueOf(item.Value))
+		}
+	})
+}
+
+func (e *encoder) structv(tag string, in reflect.Value) {
+	sinfo, err := getStructInfo(in.Type())
+	if err != nil {
+		panic(err)
+	}
+	e.mappingv(tag, func() {
+		for _, info := range sinfo.FieldsList {
+			var value reflect.Value
+			if info.Inline == nil {
+				value = in.Field(info.Num)
+			} else {
+				value = in.FieldByIndex(info.Inline)
+			}
+			if info.OmitEmpty && isZero(value) {
+				continue
+			}
+			e.marshal("", reflect.ValueOf(info.Key))
+			e.flow = info.Flow
+			e.marshal("", value)
+		}
+		if sinfo.InlineMap >= 0 {
+			m := in.Field(sinfo.InlineMap)
+			if m.Len() > 0 {
+				e.flow = false
+				keys := keyList(m.MapKeys())
+				sort.Sort(keys)
+				for _, k := range keys {
+					if _, found := sinfo.FieldsMap[k.String()]; found {
+						panic(fmt.Sprintf("Can't have key %q in inlined map; conflicts with struct field", k.String()))
+					}
+					e.marshal("", k)
+					e.flow = false
+					e.marshal("", m.MapIndex(k))
+				}
+			}
+		}
+	})
+}
+
+func (e *encoder) mappingv(tag string, f func()) {
+	implicit := tag == ""
+	style := yaml_BLOCK_MAPPING_STYLE
+	if e.flow {
+		e.flow = false
+		style = yaml_FLOW_MAPPING_STYLE
+	}
+	yaml_mapping_start_event_initialize(&e.event, nil, []byte(tag), implicit, style)
+	e.emit()
+	f()
+	yaml_mapping_end_event_initialize(&e.event)
+	e.emit()
+}
+
+func (e *encoder) slicev(tag string, in reflect.Value) {
+	implicit := tag == ""
+	style := yaml_BLOCK_SEQUENCE_STYLE
+	if e.flow {
+		e.flow = false
+		style = yaml_FLOW_SEQUENCE_STYLE
+	}
+	e.must(yaml_sequence_start_event_initialize(&e.event, nil, []byte(tag), implicit, style))
+	e.emit()
+	n := in.Len()
+	for i := 0; i < n; i++ {
+		e.marshal("", in.Index(i))
+	}
+	e.must(yaml_sequence_end_event_initialize(&e.event))
+	e.emit()
+}
+
+// isBase60 returns whether s is in base 60 notation as defined in YAML 1.1.
+//
+// The base 60 float notation in YAML 1.1 is a terrible idea and is unsupported
+// in YAML 1.2 and by this package, but these should be marshalled quoted for
+// the time being for compatibility with other parsers.
+func isBase60Float(s string) (result bool) {
+	// Fast path.
+	if s == "" {
+		return false
+	}
+	c := s[0]
+	if !(c == '+' || c == '-' || c >= '0' && c <= '9') || strings.IndexByte(s, ':') < 0 {
+		return false
+	}
+	// Do the full match.
+	return base60float.MatchString(s)
+}
+
+// From http://yaml.org/type/float.html, except the regular expression there
+// is bogus. In practice parsers do not enforce the "\.[0-9_]*" suffix.
+var base60float = regexp.MustCompile(`^[-+]?[0-9][0-9_]*(?::[0-5]?[0-9])+(?:\.[0-9_]*)?$`)
+
+func (e *encoder) stringv(tag string, in reflect.Value) {
+	var style yaml_scalar_style_t
+	s := in.String()
+	canUsePlain := true
+	switch {
+	case !utf8.ValidString(s):
+		if tag == yaml_BINARY_TAG {
+			failf("explicitly tagged !!binary data must be base64-encoded")
+		}
+		if tag != "" {
+			failf("cannot marshal invalid UTF-8 data as %s", shortTag(tag))
+		}
+		// It can't be encoded directly as YAML so use a binary tag
+		// and encode it as base64.
+		tag = yaml_BINARY_TAG
+		s = encodeBase64(s)
+	case tag == "":
+		// Check to see if it would resolve to a specific
+		// tag when encoded unquoted. If it doesn't,
+		// there's no need to quote it.
+		rtag, _ := resolve("", s)
+		canUsePlain = rtag == yaml_STR_TAG && !isBase60Float(s)
+	}
+	// Note: it's possible for user code to emit invalid YAML
+	// if they explicitly specify a tag and a string containing
+	// text that's incompatible with that tag.
+	switch {
+	case strings.Contains(s, "\n"):
+		style = yaml_LITERAL_SCALAR_STYLE
+	case canUsePlain:
+		style = yaml_PLAIN_SCALAR_STYLE
+	default:
+		style = yaml_DOUBLE_QUOTED_SCALAR_STYLE
+	}
+	e.emitScalar(s, "", tag, style)
+}
+
+func (e *encoder) boolv(tag string, in reflect.Value) {
+	var s string
+	if in.Bool() {
+		s = "true"
+	} else {
+		s = "false"
+	}
+	e.emitScalar(s, "", tag, yaml_PLAIN_SCALAR_STYLE)
+}
+
+func (e *encoder) intv(tag string, in reflect.Value) {
+	s := strconv.FormatInt(in.Int(), 10)
+	e.emitScalar(s, "", tag, yaml_PLAIN_SCALAR_STYLE)
+}
+
+func (e *encoder) uintv(tag string, in reflect.Value) {
+	s := strconv.FormatUint(in.Uint(), 10)
+	e.emitScalar(s, "", tag, yaml_PLAIN_SCALAR_STYLE)
+}
+
+func (e *encoder) timev(tag string, in reflect.Value) {
+	t := in.Interface().(time.Time)
+	s := t.Format(time.RFC3339Nano)
+	e.emitScalar(s, "", tag, yaml_PLAIN_SCALAR_STYLE)
+}
+
+func (e *encoder) floatv(tag string, in reflect.Value) {
+	// Issue #352: When formatting, use the precision of the underlying value
+	precision := 64
+	if in.Kind() == reflect.Float32 {
+		precision = 32
+	}
+
+	s := strconv.FormatFloat(in.Float(), 'g', -1, precision)
+	switch s {
+	case "+Inf":
+		s = ".inf"
+	case "-Inf":
+		s = "-.inf"
+	case "NaN":
+		s = ".nan"
+	}
+	e.emitScalar(s, "", tag, yaml_PLAIN_SCALAR_STYLE)
+}
+
+func (e *encoder) nilv() {
+	e.emitScalar("null", "", "", yaml_PLAIN_SCALAR_STYLE)
+}
+
+func (e *encoder) emitScalar(value, anchor, tag string, style yaml_scalar_style_t) {
+	implicit := tag == ""
+	e.must(yaml_scalar_event_initialize(&e.event, []byte(anchor), []byte(tag), []byte(value), implicit, implicit, style))
+	e.emit()
+}
diff --git a/vendor/sigs.k8s.io/yaml/goyaml.v2/parserc.go b/vendor/sigs.k8s.io/yaml/goyaml.v2/parserc.go
new file mode 100644
index 000000000..81d05dfe5
--- /dev/null
+++ b/vendor/sigs.k8s.io/yaml/goyaml.v2/parserc.go
@@ -0,0 +1,1095 @@
+package yaml
+
+import (
+	"bytes"
+)
+
+// The parser implements the following grammar:
+//
+// stream               ::= STREAM-START implicit_document? explicit_document* STREAM-END
+// implicit_document    ::= block_node DOCUMENT-END*
+// explicit_document    ::= DIRECTIVE* DOCUMENT-START block_node? DOCUMENT-END*
+// block_node_or_indentless_sequence    ::=
+//                          ALIAS
+//                          | properties (block_content | indentless_block_sequence)?
+//                          | block_content
+//                          | indentless_block_sequence
+// block_node           ::= ALIAS
+//                          | properties block_content?
+//                          | block_content
+// flow_node            ::= ALIAS
+//                          | properties flow_content?
+//                          | flow_content
+// properties           ::= TAG ANCHOR? | ANCHOR TAG?
+// block_content        ::= block_collection | flow_collection | SCALAR
+// flow_content         ::= flow_collection | SCALAR
+// block_collection     ::= block_sequence | block_mapping
+// flow_collection      ::= flow_sequence | flow_mapping
+// block_sequence       ::= BLOCK-SEQUENCE-START (BLOCK-ENTRY block_node?)* BLOCK-END
+// indentless_sequence  ::= (BLOCK-ENTRY block_node?)+
+// block_mapping        ::= BLOCK-MAPPING_START
+//                          ((KEY block_node_or_indentless_sequence?)?
+//                          (VALUE block_node_or_indentless_sequence?)?)*
+//                          BLOCK-END
+// flow_sequence        ::= FLOW-SEQUENCE-START
+//                          (flow_sequence_entry FLOW-ENTRY)*
+//                          flow_sequence_entry?
+//                          FLOW-SEQUENCE-END
+// flow_sequence_entry  ::= flow_node | KEY flow_node? (VALUE flow_node?)?
+// flow_mapping         ::= FLOW-MAPPING-START
+//                          (flow_mapping_entry FLOW-ENTRY)*
+//                          flow_mapping_entry?
+//                          FLOW-MAPPING-END
+// flow_mapping_entry   ::= flow_node | KEY flow_node? (VALUE flow_node?)?
+
+// Peek the next token in the token queue.
+func peek_token(parser *yaml_parser_t) *yaml_token_t {
+	if parser.token_available || yaml_parser_fetch_more_tokens(parser) {
+		return &parser.tokens[parser.tokens_head]
+	}
+	return nil
+}
+
+// Remove the next token from the queue (must be called after peek_token).
+func skip_token(parser *yaml_parser_t) {
+	parser.token_available = false
+	parser.tokens_parsed++
+	parser.stream_end_produced = parser.tokens[parser.tokens_head].typ == yaml_STREAM_END_TOKEN
+	parser.tokens_head++
+}
+
+// Get the next event.
+func yaml_parser_parse(parser *yaml_parser_t, event *yaml_event_t) bool {
+	// Erase the event object.
+	*event = yaml_event_t{}
+
+	// No events after the end of the stream or error.
+	if parser.stream_end_produced || parser.error != yaml_NO_ERROR || parser.state == yaml_PARSE_END_STATE {
+		return true
+	}
+
+	// Generate the next event.
+	return yaml_parser_state_machine(parser, event)
+}
+
+// Set parser error.
+func yaml_parser_set_parser_error(parser *yaml_parser_t, problem string, problem_mark yaml_mark_t) bool {
+	parser.error = yaml_PARSER_ERROR
+	parser.problem = problem
+	parser.problem_mark = problem_mark
+	return false
+}
+
+func yaml_parser_set_parser_error_context(parser *yaml_parser_t, context string, context_mark yaml_mark_t, problem string, problem_mark yaml_mark_t) bool {
+	parser.error = yaml_PARSER_ERROR
+	parser.context = context
+	parser.context_mark = context_mark
+	parser.problem = problem
+	parser.problem_mark = problem_mark
+	return false
+}
+
+// State dispatcher.
+func yaml_parser_state_machine(parser *yaml_parser_t, event *yaml_event_t) bool {
+	//trace("yaml_parser_state_machine", "state:", parser.state.String())
+
+	switch parser.state {
+	case yaml_PARSE_STREAM_START_STATE:
+		return yaml_parser_parse_stream_start(parser, event)
+
+	case yaml_PARSE_IMPLICIT_DOCUMENT_START_STATE:
+		return yaml_parser_parse_document_start(parser, event, true)
+
+	case yaml_PARSE_DOCUMENT_START_STATE:
+		return yaml_parser_parse_document_start(parser, event, false)
+
+	case yaml_PARSE_DOCUMENT_CONTENT_STATE:
+		return yaml_parser_parse_document_content(parser, event)
+
+	case yaml_PARSE_DOCUMENT_END_STATE:
+		return yaml_parser_parse_document_end(parser, event)
+
+	case yaml_PARSE_BLOCK_NODE_STATE:
+		return yaml_parser_parse_node(parser, event, true, false)
+
+	case yaml_PARSE_BLOCK_NODE_OR_INDENTLESS_SEQUENCE_STATE:
+		return yaml_parser_parse_node(parser, event, true, true)
+
+	case yaml_PARSE_FLOW_NODE_STATE:
+		return yaml_parser_parse_node(parser, event, false, false)
+
+	case yaml_PARSE_BLOCK_SEQUENCE_FIRST_ENTRY_STATE:
+		return yaml_parser_parse_block_sequence_entry(parser, event, true)
+
+	case yaml_PARSE_BLOCK_SEQUENCE_ENTRY_STATE:
+		return yaml_parser_parse_block_sequence_entry(parser, event, false)
+
+	case yaml_PARSE_INDENTLESS_SEQUENCE_ENTRY_STATE:
+		return yaml_parser_parse_indentless_sequence_entry(parser, event)
+
+	case yaml_PARSE_BLOCK_MAPPING_FIRST_KEY_STATE:
+		return yaml_parser_parse_block_mapping_key(parser, event, true)
+
+	case yaml_PARSE_BLOCK_MAPPING_KEY_STATE:
+		return yaml_parser_parse_block_mapping_key(parser, event, false)
+
+	case yaml_PARSE_BLOCK_MAPPING_VALUE_STATE:
+		return yaml_parser_parse_block_mapping_value(parser, event)
+
+	case yaml_PARSE_FLOW_SEQUENCE_FIRST_ENTRY_STATE:
+		return yaml_parser_parse_flow_sequence_entry(parser, event, true)
+
+	case yaml_PARSE_FLOW_SEQUENCE_ENTRY_STATE:
+		return yaml_parser_parse_flow_sequence_entry(parser, event, false)
+
+	case yaml_PARSE_FLOW_SEQUENCE_ENTRY_MAPPING_KEY_STATE:
+		return yaml_parser_parse_flow_sequence_entry_mapping_key(parser, event)
+
+	case yaml_PARSE_FLOW_SEQUENCE_ENTRY_MAPPING_VALUE_STATE:
+		return yaml_parser_parse_flow_sequence_entry_mapping_value(parser, event)
+
+	case yaml_PARSE_FLOW_SEQUENCE_ENTRY_MAPPING_END_STATE:
+		return yaml_parser_parse_flow_sequence_entry_mapping_end(parser, event)
+
+	case yaml_PARSE_FLOW_MAPPING_FIRST_KEY_STATE:
+		return yaml_parser_parse_flow_mapping_key(parser, event, true)
+
+	case yaml_PARSE_FLOW_MAPPING_KEY_STATE:
+		return yaml_parser_parse_flow_mapping_key(parser, event, false)
+
+	case yaml_PARSE_FLOW_MAPPING_VALUE_STATE:
+		return yaml_parser_parse_flow_mapping_value(parser, event, false)
+
+	case yaml_PARSE_FLOW_MAPPING_EMPTY_VALUE_STATE:
+		return yaml_parser_parse_flow_mapping_value(parser, event, true)
+
+	default:
+		panic("invalid parser state")
+	}
+}
+
+// Parse the production:
+// stream   ::= STREAM-START implicit_document? explicit_document* STREAM-END
+//              ************
+func yaml_parser_parse_stream_start(parser *yaml_parser_t, event *yaml_event_t) bool {
+	token := peek_token(parser)
+	if token == nil {
+		return false
+	}
+	if token.typ != yaml_STREAM_START_TOKEN {
+		return yaml_parser_set_parser_error(parser, "did not find expected <stream-start>", token.start_mark)
+	}
+	parser.state = yaml_PARSE_IMPLICIT_DOCUMENT_START_STATE
+	*event = yaml_event_t{
+		typ:        yaml_STREAM_START_EVENT,
+		start_mark: token.start_mark,
+		end_mark:   token.end_mark,
+		encoding:   token.encoding,
+	}
+	skip_token(parser)
+	return true
+}
+
+// Parse the productions:
+// implicit_document    ::= block_node DOCUMENT-END*
+//                          *
+// explicit_document    ::= DIRECTIVE* DOCUMENT-START block_node? DOCUMENT-END*
+//                          *************************
+func yaml_parser_parse_document_start(parser *yaml_parser_t, event *yaml_event_t, implicit bool) bool {
+
+	token := peek_token(parser)
+	if token == nil {
+		return false
+	}
+
+	// Parse extra document end indicators.
+	if !implicit {
+		for token.typ == yaml_DOCUMENT_END_TOKEN {
+			skip_token(parser)
+			token = peek_token(parser)
+			if token == nil {
+				return false
+			}
+		}
+	}
+
+	if implicit && token.typ != yaml_VERSION_DIRECTIVE_TOKEN &&
+		token.typ != yaml_TAG_DIRECTIVE_TOKEN &&
+		token.typ != yaml_DOCUMENT_START_TOKEN &&
+		token.typ != yaml_STREAM_END_TOKEN {
+		// Parse an implicit document.
+		if !yaml_parser_process_directives(parser, nil, nil) {
+			return false
+		}
+		parser.states = append(parser.states, yaml_PARSE_DOCUMENT_END_STATE)
+		parser.state = yaml_PARSE_BLOCK_NODE_STATE
+
+		*event = yaml_event_t{
+			typ:        yaml_DOCUMENT_START_EVENT,
+			start_mark: token.start_mark,
+			end_mark:   token.end_mark,
+		}
+
+	} else if token.typ != yaml_STREAM_END_TOKEN {
+		// Parse an explicit document.
+		var version_directive *yaml_version_directive_t
+		var tag_directives []yaml_tag_directive_t
+		start_mark := token.start_mark
+		if !yaml_parser_process_directives(parser, &version_directive, &tag_directives) {
+			return false
+		}
+		token = peek_token(parser)
+		if token == nil {
+			return false
+		}
+		if token.typ != yaml_DOCUMENT_START_TOKEN {
+			yaml_parser_set_parser_error(parser,
+				"did not find expected <document start>", token.start_mark)
+			return false
+		}
+		parser.states = append(parser.states, yaml_PARSE_DOCUMENT_END_STATE)
+		parser.state = yaml_PARSE_DOCUMENT_CONTENT_STATE
+		end_mark := token.end_mark
+
+		*event = yaml_event_t{
+			typ:               yaml_DOCUMENT_START_EVENT,
+			start_mark:        start_mark,
+			end_mark:          end_mark,
+			version_directive: version_directive,
+			tag_directives:    tag_directives,
+			implicit:          false,
+		}
+		skip_token(parser)
+
+	} else {
+		// Parse the stream end.
+		parser.state = yaml_PARSE_END_STATE
+		*event = yaml_event_t{
+			typ:        yaml_STREAM_END_EVENT,
+			start_mark: token.start_mark,
+			end_mark:   token.end_mark,
+		}
+		skip_token(parser)
+	}
+
+	return true
+}
+
+// Parse the productions:
+// explicit_document    ::= DIRECTIVE* DOCUMENT-START block_node? DOCUMENT-END*
+//                                                    ***********
+//
+func yaml_parser_parse_document_content(parser *yaml_parser_t, event *yaml_event_t) bool {
+	token := peek_token(parser)
+	if token == nil {
+		return false
+	}
+	if token.typ == yaml_VERSION_DIRECTIVE_TOKEN ||
+		token.typ == yaml_TAG_DIRECTIVE_TOKEN ||
+		token.typ == yaml_DOCUMENT_START_TOKEN ||
+		token.typ == yaml_DOCUMENT_END_TOKEN ||
+		token.typ == yaml_STREAM_END_TOKEN {
+		parser.state = parser.states[len(parser.states)-1]
+		parser.states = parser.states[:len(parser.states)-1]
+		return yaml_parser_process_empty_scalar(parser, event,
+			token.start_mark)
+	}
+	return yaml_parser_parse_node(parser, event, true, false)
+}
+
+// Parse the productions:
+// implicit_document    ::= block_node DOCUMENT-END*
+//                                     *************
+// explicit_document    ::= DIRECTIVE* DOCUMENT-START block_node? DOCUMENT-END*
+//
+func yaml_parser_parse_document_end(parser *yaml_parser_t, event *yaml_event_t) bool {
+	token := peek_token(parser)
+	if token == nil {
+		return false
+	}
+
+	start_mark := token.start_mark
+	end_mark := token.start_mark
+
+	implicit := true
+	if token.typ == yaml_DOCUMENT_END_TOKEN {
+		end_mark = token.end_mark
+		skip_token(parser)
+		implicit = false
+	}
+
+	parser.tag_directives = parser.tag_directives[:0]
+
+	parser.state = yaml_PARSE_DOCUMENT_START_STATE
+	*event = yaml_event_t{
+		typ:        yaml_DOCUMENT_END_EVENT,
+		start_mark: start_mark,
+		end_mark:   end_mark,
+		implicit:   implicit,
+	}
+	return true
+}
+
+// Parse the productions:
+// block_node_or_indentless_sequence    ::=
+//                          ALIAS
+//                          *****
+//                          | properties (block_content | indentless_block_sequence)?
+//                            **********  *
+//                          | block_content | indentless_block_sequence
+//                            *
+// block_node           ::= ALIAS
+//                          *****
+//                          | properties block_content?
+//                            ********** *
+//                          | block_content
+//                            *
+// flow_node            ::= ALIAS
+//                          *****
+//                          | properties flow_content?
+//                            ********** *
+//                          | flow_content
+//                            *
+// properties           ::= TAG ANCHOR? | ANCHOR TAG?
+//                          *************************
+// block_content        ::= block_collection | flow_collection | SCALAR
+//                                                               ******
+// flow_content         ::= flow_collection | SCALAR
+//                                            ******
+func yaml_parser_parse_node(parser *yaml_parser_t, event *yaml_event_t, block, indentless_sequence bool) bool {
+	//defer trace("yaml_parser_parse_node", "block:", block, "indentless_sequence:", indentless_sequence)()
+
+	token := peek_token(parser)
+	if token == nil {
+		return false
+	}
+
+	if token.typ == yaml_ALIAS_TOKEN {
+		parser.state = parser.states[len(parser.states)-1]
+		parser.states = parser.states[:len(parser.states)-1]
+		*event = yaml_event_t{
+			typ:        yaml_ALIAS_EVENT,
+			start_mark: token.start_mark,
+			end_mark:   token.end_mark,
+			anchor:     token.value,
+		}
+		skip_token(parser)
+		return true
+	}
+
+	start_mark := token.start_mark
+	end_mark := token.start_mark
+
+	var tag_token bool
+	var tag_handle, tag_suffix, anchor []byte
+	var tag_mark yaml_mark_t
+	if token.typ == yaml_ANCHOR_TOKEN {
+		anchor = token.value
+		start_mark = token.start_mark
+		end_mark = token.end_mark
+		skip_token(parser)
+		token = peek_token(parser)
+		if token == nil {
+			return false
+		}
+		if token.typ == yaml_TAG_TOKEN {
+			tag_token = true
+			tag_handle = token.value
+			tag_suffix = token.suffix
+			tag_mark = token.start_mark
+			end_mark = token.end_mark
+			skip_token(parser)
+			token = peek_token(parser)
+			if token == nil {
+				return false
+			}
+		}
+	} else if token.typ == yaml_TAG_TOKEN {
+		tag_token = true
+		tag_handle = token.value
+		tag_suffix = token.suffix
+		start_mark = token.start_mark
+		tag_mark = token.start_mark
+		end_mark = token.end_mark
+		skip_token(parser)
+		token = peek_token(parser)
+		if token == nil {
+			return false
+		}
+		if token.typ == yaml_ANCHOR_TOKEN {
+			anchor = token.value
+			end_mark = token.end_mark
+			skip_token(parser)
+			token = peek_token(parser)
+			if token == nil {
+				return false
+			}
+		}
+	}
+
+	var tag []byte
+	if tag_token {
+		if len(tag_handle) == 0 {
+			tag = tag_suffix
+			tag_suffix = nil
+		} else {
+			for i := range parser.tag_directives {
+				if bytes.Equal(parser.tag_directives[i].handle, tag_handle) {
+					tag = append([]byte(nil), parser.tag_directives[i].prefix...)
+					tag = append(tag, tag_suffix...)
+					break
+				}
+			}
+			if len(tag) == 0 {
+				yaml_parser_set_parser_error_context(parser,
+					"while parsing a node", start_mark,
+					"found undefined tag handle", tag_mark)
+				return false
+			}
+		}
+	}
+
+	implicit := len(tag) == 0
+	if indentless_sequence && token.typ == yaml_BLOCK_ENTRY_TOKEN {
+		end_mark = token.end_mark
+		parser.state = yaml_PARSE_INDENTLESS_SEQUENCE_ENTRY_STATE
+		*event = yaml_event_t{
+			typ:        yaml_SEQUENCE_START_EVENT,
+			start_mark: start_mark,
+			end_mark:   end_mark,
+			anchor:     anchor,
+			tag:        tag,
+			implicit:   implicit,
+			style:      yaml_style_t(yaml_BLOCK_SEQUENCE_STYLE),
+		}
+		return true
+	}
+	if token.typ == yaml_SCALAR_TOKEN {
+		var plain_implicit, quoted_implicit bool
+		end_mark = token.end_mark
+		if (len(tag) == 0 && token.style == yaml_PLAIN_SCALAR_STYLE) || (len(tag) == 1 && tag[0] == '!') {
+			plain_implicit = true
+		} else if len(tag) == 0 {
+			quoted_implicit = true
+		}
+		parser.state = parser.states[len(parser.states)-1]
+		parser.states = parser.states[:len(parser.states)-1]
+
+		*event = yaml_event_t{
+			typ:             yaml_SCALAR_EVENT,
+			start_mark:      start_mark,
+			end_mark:        end_mark,
+			anchor:          anchor,
+			tag:             tag,
+			value:           token.value,
+			implicit:        plain_implicit,
+			quoted_implicit: quoted_implicit,
+			style:           yaml_style_t(token.style),
+		}
+		skip_token(parser)
+		return true
+	}
+	if token.typ == yaml_FLOW_SEQUENCE_START_TOKEN {
+		// [Go] Some of the events below can be merged as they differ only on style.
+		end_mark = token.end_mark
+		parser.state = yaml_PARSE_FLOW_SEQUENCE_FIRST_ENTRY_STATE
+		*event = yaml_event_t{
+			typ:        yaml_SEQUENCE_START_EVENT,
+			start_mark: start_mark,
+			end_mark:   end_mark,
+			anchor:     anchor,
+			tag:        tag,
+			implicit:   implicit,
+			style:      yaml_style_t(yaml_FLOW_SEQUENCE_STYLE),
+		}
+		return true
+	}
+	if token.typ == yaml_FLOW_MAPPING_START_TOKEN {
+		end_mark = token.end_mark
+		parser.state = yaml_PARSE_FLOW_MAPPING_FIRST_KEY_STATE
+		*event = yaml_event_t{
+			typ:        yaml_MAPPING_START_EVENT,
+			start_mark: start_mark,
+			end_mark:   end_mark,
+			anchor:     anchor,
+			tag:        tag,
+			implicit:   implicit,
+			style:      yaml_style_t(yaml_FLOW_MAPPING_STYLE),
+		}
+		return true
+	}
+	if block && token.typ == yaml_BLOCK_SEQUENCE_START_TOKEN {
+		end_mark = token.end_mark
+		parser.state = yaml_PARSE_BLOCK_SEQUENCE_FIRST_ENTRY_STATE
+		*event = yaml_event_t{
+			typ:        yaml_SEQUENCE_START_EVENT,
+			start_mark: start_mark,
+			end_mark:   end_mark,
+			anchor:     anchor,
+			tag:        tag,
+			implicit:   implicit,
+			style:      yaml_style_t(yaml_BLOCK_SEQUENCE_STYLE),
+		}
+		return true
+	}
+	if block && token.typ == yaml_BLOCK_MAPPING_START_TOKEN {
+		end_mark = token.end_mark
+		parser.state = yaml_PARSE_BLOCK_MAPPING_FIRST_KEY_STATE
+		*event = yaml_event_t{
+			typ:        yaml_MAPPING_START_EVENT,
+			start_mark: start_mark,
+			end_mark:   end_mark,
+			anchor:     anchor,
+			tag:        tag,
+			implicit:   implicit,
+			style:      yaml_style_t(yaml_BLOCK_MAPPING_STYLE),
+		}
+		return true
+	}
+	if len(anchor) > 0 || len(tag) > 0 {
+		parser.state = parser.states[len(parser.states)-1]
+		parser.states = parser.states[:len(parser.states)-1]
+
+		*event = yaml_event_t{
+			typ:             yaml_SCALAR_EVENT,
+			start_mark:      start_mark,
+			end_mark:        end_mark,
+			anchor:          anchor,
+			tag:             tag,
+			implicit:        implicit,
+			quoted_implicit: false,
+			style:           yaml_style_t(yaml_PLAIN_SCALAR_STYLE),
+		}
+		return true
+	}
+
+	context := "while parsing a flow node"
+	if block {
+		context = "while parsing a block node"
+	}
+	yaml_parser_set_parser_error_context(parser, context, start_mark,
+		"did not find expected node content", token.start_mark)
+	return false
+}
+
+// Parse the productions:
+// block_sequence ::= BLOCK-SEQUENCE-START (BLOCK-ENTRY block_node?)* BLOCK-END
+//                    ********************  *********** *             *********
+//
+func yaml_parser_parse_block_sequence_entry(parser *yaml_parser_t, event *yaml_event_t, first bool) bool {
+	if first {
+		token := peek_token(parser)
+		parser.marks = append(parser.marks, token.start_mark)
+		skip_token(parser)
+	}
+
+	token := peek_token(parser)
+	if token == nil {
+		return false
+	}
+
+	if token.typ == yaml_BLOCK_ENTRY_TOKEN {
+		mark := token.end_mark
+		skip_token(parser)
+		token = peek_token(parser)
+		if token == nil {
+			return false
+		}
+		if token.typ != yaml_BLOCK_ENTRY_TOKEN && token.typ != yaml_BLOCK_END_TOKEN {
+			parser.states = append(parser.states, yaml_PARSE_BLOCK_SEQUENCE_ENTRY_STATE)
+			return yaml_parser_parse_node(parser, event, true, false)
+		} else {
+			parser.state = yaml_PARSE_BLOCK_SEQUENCE_ENTRY_STATE
+			return yaml_parser_process_empty_scalar(parser, event, mark)
+		}
+	}
+	if token.typ == yaml_BLOCK_END_TOKEN {
+		parser.state = parser.states[len(parser.states)-1]
+		parser.states = parser.states[:len(parser.states)-1]
+		parser.marks = parser.marks[:len(parser.marks)-1]
+
+		*event = yaml_event_t{
+			typ:        yaml_SEQUENCE_END_EVENT,
+			start_mark: token.start_mark,
+			end_mark:   token.end_mark,
+		}
+
+		skip_token(parser)
+		return true
+	}
+
+	context_mark := parser.marks[len(parser.marks)-1]
+	parser.marks = parser.marks[:len(parser.marks)-1]
+	return yaml_parser_set_parser_error_context(parser,
+		"while parsing a block collection", context_mark,
+		"did not find expected '-' indicator", token.start_mark)
+}
+
+// Parse the productions:
+// indentless_sequence  ::= (BLOCK-ENTRY block_node?)+
+//                           *********** *
+func yaml_parser_parse_indentless_sequence_entry(parser *yaml_parser_t, event *yaml_event_t) bool {
+	token := peek_token(parser)
+	if token == nil {
+		return false
+	}
+
+	if token.typ == yaml_BLOCK_ENTRY_TOKEN {
+		mark := token.end_mark
+		skip_token(parser)
+		token = peek_token(parser)
+		if token == nil {
+			return false
+		}
+		if token.typ != yaml_BLOCK_ENTRY_TOKEN &&
+			token.typ != yaml_KEY_TOKEN &&
+			token.typ != yaml_VALUE_TOKEN &&
+			token.typ != yaml_BLOCK_END_TOKEN {
+			parser.states = append(parser.states, yaml_PARSE_INDENTLESS_SEQUENCE_ENTRY_STATE)
+			return yaml_parser_parse_node(parser, event, true, false)
+		}
+		parser.state = yaml_PARSE_INDENTLESS_SEQUENCE_ENTRY_STATE
+		return yaml_parser_process_empty_scalar(parser, event, mark)
+	}
+	parser.state = parser.states[len(parser.states)-1]
+	parser.states = parser.states[:len(parser.states)-1]
+
+	*event = yaml_event_t{
+		typ:        yaml_SEQUENCE_END_EVENT,
+		start_mark: token.start_mark,
+		end_mark:   token.start_mark, // [Go] Shouldn't this be token.end_mark?
+	}
+	return true
+}
+
+// Parse the productions:
+// block_mapping        ::= BLOCK-MAPPING_START
+//                          *******************
+//                          ((KEY block_node_or_indentless_sequence?)?
+//                            *** *
+//                          (VALUE block_node_or_indentless_sequence?)?)*
+//
+//                          BLOCK-END
+//                          *********
+//
+func yaml_parser_parse_block_mapping_key(parser *yaml_parser_t, event *yaml_event_t, first bool) bool {
+	if first {
+		token := peek_token(parser)
+		parser.marks = append(parser.marks, token.start_mark)
+		skip_token(parser)
+	}
+
+	token := peek_token(parser)
+	if token == nil {
+		return false
+	}
+
+	if token.typ == yaml_KEY_TOKEN {
+		mark := token.end_mark
+		skip_token(parser)
+		token = peek_token(parser)
+		if token == nil {
+			return false
+		}
+		if token.typ != yaml_KEY_TOKEN &&
+			token.typ != yaml_VALUE_TOKEN &&
+			token.typ != yaml_BLOCK_END_TOKEN {
+			parser.states = append(parser.states, yaml_PARSE_BLOCK_MAPPING_VALUE_STATE)
+			return yaml_parser_parse_node(parser, event, true, true)
+		} else {
+			parser.state = yaml_PARSE_BLOCK_MAPPING_VALUE_STATE
+			return yaml_parser_process_empty_scalar(parser, event, mark)
+		}
+	} else if token.typ == yaml_BLOCK_END_TOKEN {
+		parser.state = parser.states[len(parser.states)-1]
+		parser.states = parser.states[:len(parser.states)-1]
+		parser.marks = parser.marks[:len(parser.marks)-1]
+		*event = yaml_event_t{
+			typ:        yaml_MAPPING_END_EVENT,
+			start_mark: token.start_mark,
+			end_mark:   token.end_mark,
+		}
+		skip_token(parser)
+		return true
+	}
+
+	context_mark := parser.marks[len(parser.marks)-1]
+	parser.marks = parser.marks[:len(parser.marks)-1]
+	return yaml_parser_set_parser_error_context(parser,
+		"while parsing a block mapping", context_mark,
+		"did not find expected key", token.start_mark)
+}
+
+// Parse the productions:
+// block_mapping        ::= BLOCK-MAPPING_START
+//
+//                          ((KEY block_node_or_indentless_sequence?)?
+//
+//                          (VALUE block_node_or_indentless_sequence?)?)*
+//                           ***** *
+//                          BLOCK-END
+//
+//
+func yaml_parser_parse_block_mapping_value(parser *yaml_parser_t, event *yaml_event_t) bool {
+	token := peek_token(parser)
+	if token == nil {
+		return false
+	}
+	if token.typ == yaml_VALUE_TOKEN {
+		mark := token.end_mark
+		skip_token(parser)
+		token = peek_token(parser)
+		if token == nil {
+			return false
+		}
+		if token.typ != yaml_KEY_TOKEN &&
+			token.typ != yaml_VALUE_TOKEN &&
+			token.typ != yaml_BLOCK_END_TOKEN {
+			parser.states = append(parser.states, yaml_PARSE_BLOCK_MAPPING_KEY_STATE)
+			return yaml_parser_parse_node(parser, event, true, true)
+		}
+		parser.state = yaml_PARSE_BLOCK_MAPPING_KEY_STATE
+		return yaml_parser_process_empty_scalar(parser, event, mark)
+	}
+	parser.state = yaml_PARSE_BLOCK_MAPPING_KEY_STATE
+	return yaml_parser_process_empty_scalar(parser, event, token.start_mark)
+}
+
+// Parse the productions:
+// flow_sequence        ::= FLOW-SEQUENCE-START
+//                          *******************
+//                          (flow_sequence_entry FLOW-ENTRY)*
+//                           *                   **********
+//                          flow_sequence_entry?
+//                          *
+//                          FLOW-SEQUENCE-END
+//                          *****************
+// flow_sequence_entry  ::= flow_node | KEY flow_node? (VALUE flow_node?)?
+//                          *
+//
+func yaml_parser_parse_flow_sequence_entry(parser *yaml_parser_t, event *yaml_event_t, first bool) bool {
+	if first {
+		token := peek_token(parser)
+		parser.marks = append(parser.marks, token.start_mark)
+		skip_token(parser)
+	}
+	token := peek_token(parser)
+	if token == nil {
+		return false
+	}
+	if token.typ != yaml_FLOW_SEQUENCE_END_TOKEN {
+		if !first {
+			if token.typ == yaml_FLOW_ENTRY_TOKEN {
+				skip_token(parser)
+				token = peek_token(parser)
+				if token == nil {
+					return false
+				}
+			} else {
+				context_mark := parser.marks[len(parser.marks)-1]
+				parser.marks = parser.marks[:len(parser.marks)-1]
+				return yaml_parser_set_parser_error_context(parser,
+					"while parsing a flow sequence", context_mark,
+					"did not find expected ',' or ']'", token.start_mark)
+			}
+		}
+
+		if token.typ == yaml_KEY_TOKEN {
+			parser.state = yaml_PARSE_FLOW_SEQUENCE_ENTRY_MAPPING_KEY_STATE
+			*event = yaml_event_t{
+				typ:        yaml_MAPPING_START_EVENT,
+				start_mark: token.start_mark,
+				end_mark:   token.end_mark,
+				implicit:   true,
+				style:      yaml_style_t(yaml_FLOW_MAPPING_STYLE),
+			}
+			skip_token(parser)
+			return true
+		} else if token.typ != yaml_FLOW_SEQUENCE_END_TOKEN {
+			parser.states = append(parser.states, yaml_PARSE_FLOW_SEQUENCE_ENTRY_STATE)
+			return yaml_parser_parse_node(parser, event, false, false)
+		}
+	}
+
+	parser.state = parser.states[len(parser.states)-1]
+	parser.states = parser.states[:len(parser.states)-1]
+	parser.marks = parser.marks[:len(parser.marks)-1]
+
+	*event = yaml_event_t{
+		typ:        yaml_SEQUENCE_END_EVENT,
+		start_mark: token.start_mark,
+		end_mark:   token.end_mark,
+	}
+
+	skip_token(parser)
+	return true
+}
+
+//
+// Parse the productions:
+// flow_sequence_entry  ::= flow_node | KEY flow_node? (VALUE flow_node?)?
+//                                      *** *
+//
+func yaml_parser_parse_flow_sequence_entry_mapping_key(parser *yaml_parser_t, event *yaml_event_t) bool {
+	token := peek_token(parser)
+	if token == nil {
+		return false
+	}
+	if token.typ != yaml_VALUE_TOKEN &&
+		token.typ != yaml_FLOW_ENTRY_TOKEN &&
+		token.typ != yaml_FLOW_SEQUENCE_END_TOKEN {
+		parser.states = append(parser.states, yaml_PARSE_FLOW_SEQUENCE_ENTRY_MAPPING_VALUE_STATE)
+		return yaml_parser_parse_node(parser, event, false, false)
+	}
+	mark := token.end_mark
+	skip_token(parser)
+	parser.state = yaml_PARSE_FLOW_SEQUENCE_ENTRY_MAPPING_VALUE_STATE
+	return yaml_parser_process_empty_scalar(parser, event, mark)
+}
+
+// Parse the productions:
+// flow_sequence_entry  ::= flow_node | KEY flow_node? (VALUE flow_node?)?
+//                                                      ***** *
+//
+func yaml_parser_parse_flow_sequence_entry_mapping_value(parser *yaml_parser_t, event *yaml_event_t) bool {
+	token := peek_token(parser)
+	if token == nil {
+		return false
+	}
+	if token.typ == yaml_VALUE_TOKEN {
+		skip_token(parser)
+		token := peek_token(parser)
+		if token == nil {
+			return false
+		}
+		if token.typ != yaml_FLOW_ENTRY_TOKEN && token.typ != yaml_FLOW_SEQUENCE_END_TOKEN {
+			parser.states = append(parser.states, yaml_PARSE_FLOW_SEQUENCE_ENTRY_MAPPING_END_STATE)
+			return yaml_parser_parse_node(parser, event, false, false)
+		}
+	}
+	parser.state = yaml_PARSE_FLOW_SEQUENCE_ENTRY_MAPPING_END_STATE
+	return yaml_parser_process_empty_scalar(parser, event, token.start_mark)
+}
+
+// Parse the productions:
+// flow_sequence_entry  ::= flow_node | KEY flow_node? (VALUE flow_node?)?
+//                                                                      *
+//
+func yaml_parser_parse_flow_sequence_entry_mapping_end(parser *yaml_parser_t, event *yaml_event_t) bool {
+	token := peek_token(parser)
+	if token == nil {
+		return false
+	}
+	parser.state = yaml_PARSE_FLOW_SEQUENCE_ENTRY_STATE
+	*event = yaml_event_t{
+		typ:        yaml_MAPPING_END_EVENT,
+		start_mark: token.start_mark,
+		end_mark:   token.start_mark, // [Go] Shouldn't this be end_mark?
+	}
+	return true
+}
+
+// Parse the productions:
+// flow_mapping         ::= FLOW-MAPPING-START
+//                          ******************
+//                          (flow_mapping_entry FLOW-ENTRY)*
+//                           *                  **********
+//                          flow_mapping_entry?
+//                          ******************
+//                          FLOW-MAPPING-END
+//                          ****************
+// flow_mapping_entry   ::= flow_node | KEY flow_node? (VALUE flow_node?)?
+//                          *           *** *
+//
+func yaml_parser_parse_flow_mapping_key(parser *yaml_parser_t, event *yaml_event_t, first bool) bool {
+	if first {
+		token := peek_token(parser)
+		parser.marks = append(parser.marks, token.start_mark)
+		skip_token(parser)
+	}
+
+	token := peek_token(parser)
+	if token == nil {
+		return false
+	}
+
+	if token.typ != yaml_FLOW_MAPPING_END_TOKEN {
+		if !first {
+			if token.typ == yaml_FLOW_ENTRY_TOKEN {
+				skip_token(parser)
+				token = peek_token(parser)
+				if token == nil {
+					return false
+				}
+			} else {
+				context_mark := parser.marks[len(parser.marks)-1]
+				parser.marks = parser.marks[:len(parser.marks)-1]
+				return yaml_parser_set_parser_error_context(parser,
+					"while parsing a flow mapping", context_mark,
+					"did not find expected ',' or '}'", token.start_mark)
+			}
+		}
+
+		if token.typ == yaml_KEY_TOKEN {
+			skip_token(parser)
+			token = peek_token(parser)
+			if token == nil {
+				return false
+			}
+			if token.typ != yaml_VALUE_TOKEN &&
+				token.typ != yaml_FLOW_ENTRY_TOKEN &&
+				token.typ != yaml_FLOW_MAPPING_END_TOKEN {
+				parser.states = append(parser.states, yaml_PARSE_FLOW_MAPPING_VALUE_STATE)
+				return yaml_parser_parse_node(parser, event, false, false)
+			} else {
+				parser.state = yaml_PARSE_FLOW_MAPPING_VALUE_STATE
+				return yaml_parser_process_empty_scalar(parser, event, token.start_mark)
+			}
+		} else if token.typ != yaml_FLOW_MAPPING_END_TOKEN {
+			parser.states = append(parser.states, yaml_PARSE_FLOW_MAPPING_EMPTY_VALUE_STATE)
+			return yaml_parser_parse_node(parser, event, false, false)
+		}
+	}
+
+	parser.state = parser.states[len(parser.states)-1]
+	parser.states = parser.states[:len(parser.states)-1]
+	parser.marks = parser.marks[:len(parser.marks)-1]
+	*event = yaml_event_t{
+		typ:        yaml_MAPPING_END_EVENT,
+		start_mark: token.start_mark,
+		end_mark:   token.end_mark,
+	}
+	skip_token(parser)
+	return true
+}
+
+// Parse the productions:
+// flow_mapping_entry   ::= flow_node | KEY flow_node? (VALUE flow_node?)?
+//                                   *                  ***** *
+//
+func yaml_parser_parse_flow_mapping_value(parser *yaml_parser_t, event *yaml_event_t, empty bool) bool {
+	token := peek_token(parser)
+	if token == nil {
+		return false
+	}
+	if empty {
+		parser.state = yaml_PARSE_FLOW_MAPPING_KEY_STATE
+		return yaml_parser_process_empty_scalar(parser, event, token.start_mark)
+	}
+	if token.typ == yaml_VALUE_TOKEN {
+		skip_token(parser)
+		token = peek_token(parser)
+		if token == nil {
+			return false
+		}
+		if token.typ != yaml_FLOW_ENTRY_TOKEN && token.typ != yaml_FLOW_MAPPING_END_TOKEN {
+			parser.states = append(parser.states, yaml_PARSE_FLOW_MAPPING_KEY_STATE)
+			return yaml_parser_parse_node(parser, event, false, false)
+		}
+	}
+	parser.state = yaml_PARSE_FLOW_MAPPING_KEY_STATE
+	return yaml_parser_process_empty_scalar(parser, event, token.start_mark)
+}
+
+// Generate an empty scalar event.
+func yaml_parser_process_empty_scalar(parser *yaml_parser_t, event *yaml_event_t, mark yaml_mark_t) bool {
+	*event = yaml_event_t{
+		typ:        yaml_SCALAR_EVENT,
+		start_mark: mark,
+		end_mark:   mark,
+		value:      nil, // Empty
+		implicit:   true,
+		style:      yaml_style_t(yaml_PLAIN_SCALAR_STYLE),
+	}
+	return true
+}
+
+var default_tag_directives = []yaml_tag_directive_t{
+	{[]byte("!"), []byte("!")},
+	{[]byte("!!"), []byte("tag:yaml.org,2002:")},
+}
+
+// Parse directives.
+func yaml_parser_process_directives(parser *yaml_parser_t,
+	version_directive_ref **yaml_version_directive_t,
+	tag_directives_ref *[]yaml_tag_directive_t) bool {
+
+	var version_directive *yaml_version_directive_t
+	var tag_directives []yaml_tag_directive_t
+
+	token := peek_token(parser)
+	if token == nil {
+		return false
+	}
+
+	for token.typ == yaml_VERSION_DIRECTIVE_TOKEN || token.typ == yaml_TAG_DIRECTIVE_TOKEN {
+		if token.typ == yaml_VERSION_DIRECTIVE_TOKEN {
+			if version_directive != nil {
+				yaml_parser_set_parser_error(parser,
+					"found duplicate %YAML directive", token.start_mark)
+				return false
+			}
+			if token.major != 1 || token.minor != 1 {
+				yaml_parser_set_parser_error(parser,
+					"found incompatible YAML document", token.start_mark)
+				return false
+			}
+			version_directive = &yaml_version_directive_t{
+				major: token.major,
+				minor: token.minor,
+			}
+		} else if token.typ == yaml_TAG_DIRECTIVE_TOKEN {
+			value := yaml_tag_directive_t{
+				handle: token.value,
+				prefix: token.prefix,
+			}
+			if !yaml_parser_append_tag_directive(parser, value, false, token.start_mark) {
+				return false
+			}
+			tag_directives = append(tag_directives, value)
+		}
+
+		skip_token(parser)
+		token = peek_token(parser)
+		if token == nil {
+			return false
+		}
+	}
+
+	for i := range default_tag_directives {
+		if !yaml_parser_append_tag_directive(parser, default_tag_directives[i], true, token.start_mark) {
+			return false
+		}
+	}
+
+	if version_directive_ref != nil {
+		*version_directive_ref = version_directive
+	}
+	if tag_directives_ref != nil {
+		*tag_directives_ref = tag_directives
+	}
+	return true
+}
+
+// Append a tag directive to the directives stack.
+func yaml_parser_append_tag_directive(parser *yaml_parser_t, value yaml_tag_directive_t, allow_duplicates bool, mark yaml_mark_t) bool {
+	for i := range parser.tag_directives {
+		if bytes.Equal(value.handle, parser.tag_directives[i].handle) {
+			if allow_duplicates {
+				return true
+			}
+			return yaml_parser_set_parser_error(parser, "found duplicate %TAG directive", mark)
+		}
+	}
+
+	// [Go] I suspect the copy is unnecessary. This was likely done
+	// because there was no way to track ownership of the data.
+	value_copy := yaml_tag_directive_t{
+		handle: make([]byte, len(value.handle)),
+		prefix: make([]byte, len(value.prefix)),
+	}
+	copy(value_copy.handle, value.handle)
+	copy(value_copy.prefix, value.prefix)
+	parser.tag_directives = append(parser.tag_directives, value_copy)
+	return true
+}
diff --git a/vendor/sigs.k8s.io/yaml/goyaml.v2/readerc.go b/vendor/sigs.k8s.io/yaml/goyaml.v2/readerc.go
new file mode 100644
index 000000000..7c1f5fac3
--- /dev/null
+++ b/vendor/sigs.k8s.io/yaml/goyaml.v2/readerc.go
@@ -0,0 +1,412 @@
+package yaml
+
+import (
+	"io"
+)
+
+// Set the reader error and return 0.
+func yaml_parser_set_reader_error(parser *yaml_parser_t, problem string, offset int, value int) bool {
+	parser.error = yaml_READER_ERROR
+	parser.problem = problem
+	parser.problem_offset = offset
+	parser.problem_value = value
+	return false
+}
+
+// Byte order marks.
+const (
+	bom_UTF8    = "\xef\xbb\xbf"
+	bom_UTF16LE = "\xff\xfe"
+	bom_UTF16BE = "\xfe\xff"
+)
+
+// Determine the input stream encoding by checking the BOM symbol. If no BOM is
+// found, the UTF-8 encoding is assumed. Return 1 on success, 0 on failure.
+func yaml_parser_determine_encoding(parser *yaml_parser_t) bool {
+	// Ensure that we had enough bytes in the raw buffer.
+	for !parser.eof && len(parser.raw_buffer)-parser.raw_buffer_pos < 3 {
+		if !yaml_parser_update_raw_buffer(parser) {
+			return false
+		}
+	}
+
+	// Determine the encoding.
+	buf := parser.raw_buffer
+	pos := parser.raw_buffer_pos
+	avail := len(buf) - pos
+	if avail >= 2 && buf[pos] == bom_UTF16LE[0] && buf[pos+1] == bom_UTF16LE[1] {
+		parser.encoding = yaml_UTF16LE_ENCODING
+		parser.raw_buffer_pos += 2
+		parser.offset += 2
+	} else if avail >= 2 && buf[pos] == bom_UTF16BE[0] && buf[pos+1] == bom_UTF16BE[1] {
+		parser.encoding = yaml_UTF16BE_ENCODING
+		parser.raw_buffer_pos += 2
+		parser.offset += 2
+	} else if avail >= 3 && buf[pos] == bom_UTF8[0] && buf[pos+1] == bom_UTF8[1] && buf[pos+2] == bom_UTF8[2] {
+		parser.encoding = yaml_UTF8_ENCODING
+		parser.raw_buffer_pos += 3
+		parser.offset += 3
+	} else {
+		parser.encoding = yaml_UTF8_ENCODING
+	}
+	return true
+}
+
+// Update the raw buffer.
+func yaml_parser_update_raw_buffer(parser *yaml_parser_t) bool {
+	size_read := 0
+
+	// Return if the raw buffer is full.
+	if parser.raw_buffer_pos == 0 && len(parser.raw_buffer) == cap(parser.raw_buffer) {
+		return true
+	}
+
+	// Return on EOF.
+	if parser.eof {
+		return true
+	}
+
+	// Move the remaining bytes in the raw buffer to the beginning.
+	if parser.raw_buffer_pos > 0 && parser.raw_buffer_pos < len(parser.raw_buffer) {
+		copy(parser.raw_buffer, parser.raw_buffer[parser.raw_buffer_pos:])
+	}
+	parser.raw_buffer = parser.raw_buffer[:len(parser.raw_buffer)-parser.raw_buffer_pos]
+	parser.raw_buffer_pos = 0
+
+	// Call the read handler to fill the buffer.
+	size_read, err := parser.read_handler(parser, parser.raw_buffer[len(parser.raw_buffer):cap(parser.raw_buffer)])
+	parser.raw_buffer = parser.raw_buffer[:len(parser.raw_buffer)+size_read]
+	if err == io.EOF {
+		parser.eof = true
+	} else if err != nil {
+		return yaml_parser_set_reader_error(parser, "input error: "+err.Error(), parser.offset, -1)
+	}
+	return true
+}
+
+// Ensure that the buffer contains at least `length` characters.
+// Return true on success, false on failure.
+//
+// The length is supposed to be significantly less that the buffer size.
+func yaml_parser_update_buffer(parser *yaml_parser_t, length int) bool {
+	if parser.read_handler == nil {
+		panic("read handler must be set")
+	}
+
+	// [Go] This function was changed to guarantee the requested length size at EOF.
+	// The fact we need to do this is pretty awful, but the description above implies
+	// for that to be the case, and there are tests 
+
+	// If the EOF flag is set and the raw buffer is empty, do nothing.
+	if parser.eof && parser.raw_buffer_pos == len(parser.raw_buffer) {
+		// [Go] ACTUALLY! Read the documentation of this function above.
+		// This is just broken. To return true, we need to have the
+		// given length in the buffer. Not doing that means every single
+		// check that calls this function to make sure the buffer has a
+		// given length is Go) panicking; or C) accessing invalid memory.
+		//return true
+	}
+
+	// Return if the buffer contains enough characters.
+	if parser.unread >= length {
+		return true
+	}
+
+	// Determine the input encoding if it is not known yet.
+	if parser.encoding == yaml_ANY_ENCODING {
+		if !yaml_parser_determine_encoding(parser) {
+			return false
+		}
+	}
+
+	// Move the unread characters to the beginning of the buffer.
+	buffer_len := len(parser.buffer)
+	if parser.buffer_pos > 0 && parser.buffer_pos < buffer_len {
+		copy(parser.buffer, parser.buffer[parser.buffer_pos:])
+		buffer_len -= parser.buffer_pos
+		parser.buffer_pos = 0
+	} else if parser.buffer_pos == buffer_len {
+		buffer_len = 0
+		parser.buffer_pos = 0
+	}
+
+	// Open the whole buffer for writing, and cut it before returning.
+	parser.buffer = parser.buffer[:cap(parser.buffer)]
+
+	// Fill the buffer until it has enough characters.
+	first := true
+	for parser.unread < length {
+
+		// Fill the raw buffer if necessary.
+		if !first || parser.raw_buffer_pos == len(parser.raw_buffer) {
+			if !yaml_parser_update_raw_buffer(parser) {
+				parser.buffer = parser.buffer[:buffer_len]
+				return false
+			}
+		}
+		first = false
+
+		// Decode the raw buffer.
+	inner:
+		for parser.raw_buffer_pos != len(parser.raw_buffer) {
+			var value rune
+			var width int
+
+			raw_unread := len(parser.raw_buffer) - parser.raw_buffer_pos
+
+			// Decode the next character.
+			switch parser.encoding {
+			case yaml_UTF8_ENCODING:
+				// Decode a UTF-8 character.  Check RFC 3629
+				// (http://www.ietf.org/rfc/rfc3629.txt) for more details.
+				//
+				// The following table (taken from the RFC) is used for
+				// decoding.
+				//
+				//    Char. number range |        UTF-8 octet sequence
+				//      (hexadecimal)    |              (binary)
+				//   --------------------+------------------------------------
+				//   0000 0000-0000 007F | 0xxxxxxx
+				//   0000 0080-0000 07FF | 110xxxxx 10xxxxxx
+				//   0000 0800-0000 FFFF | 1110xxxx 10xxxxxx 10xxxxxx
+				//   0001 0000-0010 FFFF | 11110xxx 10xxxxxx 10xxxxxx 10xxxxxx
+				//
+				// Additionally, the characters in the range 0xD800-0xDFFF
+				// are prohibited as they are reserved for use with UTF-16
+				// surrogate pairs.
+
+				// Determine the length of the UTF-8 sequence.
+				octet := parser.raw_buffer[parser.raw_buffer_pos]
+				switch {
+				case octet&0x80 == 0x00:
+					width = 1
+				case octet&0xE0 == 0xC0:
+					width = 2
+				case octet&0xF0 == 0xE0:
+					width = 3
+				case octet&0xF8 == 0xF0:
+					width = 4
+				default:
+					// The leading octet is invalid.
+					return yaml_parser_set_reader_error(parser,
+						"invalid leading UTF-8 octet",
+						parser.offset, int(octet))
+				}
+
+				// Check if the raw buffer contains an incomplete character.
+				if width > raw_unread {
+					if parser.eof {
+						return yaml_parser_set_reader_error(parser,
+							"incomplete UTF-8 octet sequence",
+							parser.offset, -1)
+					}
+					break inner
+				}
+
+				// Decode the leading octet.
+				switch {
+				case octet&0x80 == 0x00:
+					value = rune(octet & 0x7F)
+				case octet&0xE0 == 0xC0:
+					value = rune(octet & 0x1F)
+				case octet&0xF0 == 0xE0:
+					value = rune(octet & 0x0F)
+				case octet&0xF8 == 0xF0:
+					value = rune(octet & 0x07)
+				default:
+					value = 0
+				}
+
+				// Check and decode the trailing octets.
+				for k := 1; k < width; k++ {
+					octet = parser.raw_buffer[parser.raw_buffer_pos+k]
+
+					// Check if the octet is valid.
+					if (octet & 0xC0) != 0x80 {
+						return yaml_parser_set_reader_error(parser,
+							"invalid trailing UTF-8 octet",
+							parser.offset+k, int(octet))
+					}
+
+					// Decode the octet.
+					value = (value << 6) + rune(octet&0x3F)
+				}
+
+				// Check the length of the sequence against the value.
+				switch {
+				case width == 1:
+				case width == 2 && value >= 0x80:
+				case width == 3 && value >= 0x800:
+				case width == 4 && value >= 0x10000:
+				default:
+					return yaml_parser_set_reader_error(parser,
+						"invalid length of a UTF-8 sequence",
+						parser.offset, -1)
+				}
+
+				// Check the range of the value.
+				if value >= 0xD800 && value <= 0xDFFF || value > 0x10FFFF {
+					return yaml_parser_set_reader_error(parser,
+						"invalid Unicode character",
+						parser.offset, int(value))
+				}
+
+			case yaml_UTF16LE_ENCODING, yaml_UTF16BE_ENCODING:
+				var low, high int
+				if parser.encoding == yaml_UTF16LE_ENCODING {
+					low, high = 0, 1
+				} else {
+					low, high = 1, 0
+				}
+
+				// The UTF-16 encoding is not as simple as one might
+				// naively think.  Check RFC 2781
+				// (http://www.ietf.org/rfc/rfc2781.txt).
+				//
+				// Normally, two subsequent bytes describe a Unicode
+				// character.  However a special technique (called a
+				// surrogate pair) is used for specifying character
+				// values larger than 0xFFFF.
+				//
+				// A surrogate pair consists of two pseudo-characters:
+				//      high surrogate area (0xD800-0xDBFF)
+				//      low surrogate area (0xDC00-0xDFFF)
+				//
+				// The following formulas are used for decoding
+				// and encoding characters using surrogate pairs:
+				//
+				//  U  = U' + 0x10000   (0x01 00 00 <= U <= 0x10 FF FF)
+				//  U' = yyyyyyyyyyxxxxxxxxxx   (0 <= U' <= 0x0F FF FF)
+				//  W1 = 110110yyyyyyyyyy
+				//  W2 = 110111xxxxxxxxxx
+				//
+				// where U is the character value, W1 is the high surrogate
+				// area, W2 is the low surrogate area.
+
+				// Check for incomplete UTF-16 character.
+				if raw_unread < 2 {
+					if parser.eof {
+						return yaml_parser_set_reader_error(parser,
+							"incomplete UTF-16 character",
+							parser.offset, -1)
+					}
+					break inner
+				}
+
+				// Get the character.
+				value = rune(parser.raw_buffer[parser.raw_buffer_pos+low]) +
+					(rune(parser.raw_buffer[parser.raw_buffer_pos+high]) << 8)
+
+				// Check for unexpected low surrogate area.
+				if value&0xFC00 == 0xDC00 {
+					return yaml_parser_set_reader_error(parser,
+						"unexpected low surrogate area",
+						parser.offset, int(value))
+				}
+
+				// Check for a high surrogate area.
+				if value&0xFC00 == 0xD800 {
+					width = 4
+
+					// Check for incomplete surrogate pair.
+					if raw_unread < 4 {
+						if parser.eof {
+							return yaml_parser_set_reader_error(parser,
+								"incomplete UTF-16 surrogate pair",
+								parser.offset, -1)
+						}
+						break inner
+					}
+
+					// Get the next character.
+					value2 := rune(parser.raw_buffer[parser.raw_buffer_pos+low+2]) +
+						(rune(parser.raw_buffer[parser.raw_buffer_pos+high+2]) << 8)
+
+					// Check for a low surrogate area.
+					if value2&0xFC00 != 0xDC00 {
+						return yaml_parser_set_reader_error(parser,
+							"expected low surrogate area",
+							parser.offset+2, int(value2))
+					}
+
+					// Generate the value of the surrogate pair.
+					value = 0x10000 + ((value & 0x3FF) << 10) + (value2 & 0x3FF)
+				} else {
+					width = 2
+				}
+
+			default:
+				panic("impossible")
+			}
+
+			// Check if the character is in the allowed range:
+			//      #x9 | #xA | #xD | [#x20-#x7E]               (8 bit)
+			//      | #x85 | [#xA0-#xD7FF] | [#xE000-#xFFFD]    (16 bit)
+			//      | [#x10000-#x10FFFF]                        (32 bit)
+			switch {
+			case value == 0x09:
+			case value == 0x0A:
+			case value == 0x0D:
+			case value >= 0x20 && value <= 0x7E:
+			case value == 0x85:
+			case value >= 0xA0 && value <= 0xD7FF:
+			case value >= 0xE000 && value <= 0xFFFD:
+			case value >= 0x10000 && value <= 0x10FFFF:
+			default:
+				return yaml_parser_set_reader_error(parser,
+					"control characters are not allowed",
+					parser.offset, int(value))
+			}
+
+			// Move the raw pointers.
+			parser.raw_buffer_pos += width
+			parser.offset += width
+
+			// Finally put the character into the buffer.
+			if value <= 0x7F {
+				// 0000 0000-0000 007F . 0xxxxxxx
+				parser.buffer[buffer_len+0] = byte(value)
+				buffer_len += 1
+			} else if value <= 0x7FF {
+				// 0000 0080-0000 07FF . 110xxxxx 10xxxxxx
+				parser.buffer[buffer_len+0] = byte(0xC0 + (value >> 6))
+				parser.buffer[buffer_len+1] = byte(0x80 + (value & 0x3F))
+				buffer_len += 2
+			} else if value <= 0xFFFF {
+				// 0000 0800-0000 FFFF . 1110xxxx 10xxxxxx 10xxxxxx
+				parser.buffer[buffer_len+0] = byte(0xE0 + (value >> 12))
+				parser.buffer[buffer_len+1] = byte(0x80 + ((value >> 6) & 0x3F))
+				parser.buffer[buffer_len+2] = byte(0x80 + (value & 0x3F))
+				buffer_len += 3
+			} else {
+				// 0001 0000-0010 FFFF . 11110xxx 10xxxxxx 10xxxxxx 10xxxxxx
+				parser.buffer[buffer_len+0] = byte(0xF0 + (value >> 18))
+				parser.buffer[buffer_len+1] = byte(0x80 + ((value >> 12) & 0x3F))
+				parser.buffer[buffer_len+2] = byte(0x80 + ((value >> 6) & 0x3F))
+				parser.buffer[buffer_len+3] = byte(0x80 + (value & 0x3F))
+				buffer_len += 4
+			}
+
+			parser.unread++
+		}
+
+		// On EOF, put NUL into the buffer and return.
+		if parser.eof {
+			parser.buffer[buffer_len] = 0
+			buffer_len++
+			parser.unread++
+			break
+		}
+	}
+	// [Go] Read the documentation of this function above. To return true,
+	// we need to have the given length in the buffer. Not doing that means
+	// every single check that calls this function to make sure the buffer
+	// has a given length is Go) panicking; or C) accessing invalid memory.
+	// This happens here due to the EOF above breaking early.
+	for buffer_len < length {
+		parser.buffer[buffer_len] = 0
+		buffer_len++
+	}
+	parser.buffer = parser.buffer[:buffer_len]
+	return true
+}
diff --git a/vendor/sigs.k8s.io/yaml/goyaml.v2/resolve.go b/vendor/sigs.k8s.io/yaml/goyaml.v2/resolve.go
new file mode 100644
index 000000000..4120e0c91
--- /dev/null
+++ b/vendor/sigs.k8s.io/yaml/goyaml.v2/resolve.go
@@ -0,0 +1,258 @@
+package yaml
+
+import (
+	"encoding/base64"
+	"math"
+	"regexp"
+	"strconv"
+	"strings"
+	"time"
+)
+
+type resolveMapItem struct {
+	value interface{}
+	tag   string
+}
+
+var resolveTable = make([]byte, 256)
+var resolveMap = make(map[string]resolveMapItem)
+
+func init() {
+	t := resolveTable
+	t[int('+')] = 'S' // Sign
+	t[int('-')] = 'S'
+	for _, c := range "0123456789" {
+		t[int(c)] = 'D' // Digit
+	}
+	for _, c := range "yYnNtTfFoO~" {
+		t[int(c)] = 'M' // In map
+	}
+	t[int('.')] = '.' // Float (potentially in map)
+
+	var resolveMapList = []struct {
+		v   interface{}
+		tag string
+		l   []string
+	}{
+		{true, yaml_BOOL_TAG, []string{"y", "Y", "yes", "Yes", "YES"}},
+		{true, yaml_BOOL_TAG, []string{"true", "True", "TRUE"}},
+		{true, yaml_BOOL_TAG, []string{"on", "On", "ON"}},
+		{false, yaml_BOOL_TAG, []string{"n", "N", "no", "No", "NO"}},
+		{false, yaml_BOOL_TAG, []string{"false", "False", "FALSE"}},
+		{false, yaml_BOOL_TAG, []string{"off", "Off", "OFF"}},
+		{nil, yaml_NULL_TAG, []string{"", "~", "null", "Null", "NULL"}},
+		{math.NaN(), yaml_FLOAT_TAG, []string{".nan", ".NaN", ".NAN"}},
+		{math.Inf(+1), yaml_FLOAT_TAG, []string{".inf", ".Inf", ".INF"}},
+		{math.Inf(+1), yaml_FLOAT_TAG, []string{"+.inf", "+.Inf", "+.INF"}},
+		{math.Inf(-1), yaml_FLOAT_TAG, []string{"-.inf", "-.Inf", "-.INF"}},
+		{"<<", yaml_MERGE_TAG, []string{"<<"}},
+	}
+
+	m := resolveMap
+	for _, item := range resolveMapList {
+		for _, s := range item.l {
+			m[s] = resolveMapItem{item.v, item.tag}
+		}
+	}
+}
+
+const longTagPrefix = "tag:yaml.org,2002:"
+
+func shortTag(tag string) string {
+	// TODO This can easily be made faster and produce less garbage.
+	if strings.HasPrefix(tag, longTagPrefix) {
+		return "!!" + tag[len(longTagPrefix):]
+	}
+	return tag
+}
+
+func longTag(tag string) string {
+	if strings.HasPrefix(tag, "!!") {
+		return longTagPrefix + tag[2:]
+	}
+	return tag
+}
+
+func resolvableTag(tag string) bool {
+	switch tag {
+	case "", yaml_STR_TAG, yaml_BOOL_TAG, yaml_INT_TAG, yaml_FLOAT_TAG, yaml_NULL_TAG, yaml_TIMESTAMP_TAG:
+		return true
+	}
+	return false
+}
+
+var yamlStyleFloat = regexp.MustCompile(`^[-+]?(\.[0-9]+|[0-9]+(\.[0-9]*)?)([eE][-+]?[0-9]+)?$`)
+
+func resolve(tag string, in string) (rtag string, out interface{}) {
+	if !resolvableTag(tag) {
+		return tag, in
+	}
+
+	defer func() {
+		switch tag {
+		case "", rtag, yaml_STR_TAG, yaml_BINARY_TAG:
+			return
+		case yaml_FLOAT_TAG:
+			if rtag == yaml_INT_TAG {
+				switch v := out.(type) {
+				case int64:
+					rtag = yaml_FLOAT_TAG
+					out = float64(v)
+					return
+				case int:
+					rtag = yaml_FLOAT_TAG
+					out = float64(v)
+					return
+				}
+			}
+		}
+		failf("cannot decode %s `%s` as a %s", shortTag(rtag), in, shortTag(tag))
+	}()
+
+	// Any data is accepted as a !!str or !!binary.
+	// Otherwise, the prefix is enough of a hint about what it might be.
+	hint := byte('N')
+	if in != "" {
+		hint = resolveTable[in[0]]
+	}
+	if hint != 0 && tag != yaml_STR_TAG && tag != yaml_BINARY_TAG {
+		// Handle things we can lookup in a map.
+		if item, ok := resolveMap[in]; ok {
+			return item.tag, item.value
+		}
+
+		// Base 60 floats are a bad idea, were dropped in YAML 1.2, and
+		// are purposefully unsupported here. They're still quoted on
+		// the way out for compatibility with other parser, though.
+
+		switch hint {
+		case 'M':
+			// We've already checked the map above.
+
+		case '.':
+			// Not in the map, so maybe a normal float.
+			floatv, err := strconv.ParseFloat(in, 64)
+			if err == nil {
+				return yaml_FLOAT_TAG, floatv
+			}
+
+		case 'D', 'S':
+			// Int, float, or timestamp.
+			// Only try values as a timestamp if the value is unquoted or there's an explicit
+			// !!timestamp tag.
+			if tag == "" || tag == yaml_TIMESTAMP_TAG {
+				t, ok := parseTimestamp(in)
+				if ok {
+					return yaml_TIMESTAMP_TAG, t
+				}
+			}
+
+			plain := strings.Replace(in, "_", "", -1)
+			intv, err := strconv.ParseInt(plain, 0, 64)
+			if err == nil {
+				if intv == int64(int(intv)) {
+					return yaml_INT_TAG, int(intv)
+				} else {
+					return yaml_INT_TAG, intv
+				}
+			}
+			uintv, err := strconv.ParseUint(plain, 0, 64)
+			if err == nil {
+				return yaml_INT_TAG, uintv
+			}
+			if yamlStyleFloat.MatchString(plain) {
+				floatv, err := strconv.ParseFloat(plain, 64)
+				if err == nil {
+					return yaml_FLOAT_TAG, floatv
+				}
+			}
+			if strings.HasPrefix(plain, "0b") {
+				intv, err := strconv.ParseInt(plain[2:], 2, 64)
+				if err == nil {
+					if intv == int64(int(intv)) {
+						return yaml_INT_TAG, int(intv)
+					} else {
+						return yaml_INT_TAG, intv
+					}
+				}
+				uintv, err := strconv.ParseUint(plain[2:], 2, 64)
+				if err == nil {
+					return yaml_INT_TAG, uintv
+				}
+			} else if strings.HasPrefix(plain, "-0b") {
+				intv, err := strconv.ParseInt("-" + plain[3:], 2, 64)
+				if err == nil {
+					if true || intv == int64(int(intv)) {
+						return yaml_INT_TAG, int(intv)
+					} else {
+						return yaml_INT_TAG, intv
+					}
+				}
+			}
+		default:
+			panic("resolveTable item not yet handled: " + string(rune(hint)) + " (with " + in + ")")
+		}
+	}
+	return yaml_STR_TAG, in
+}
+
+// encodeBase64 encodes s as base64 that is broken up into multiple lines
+// as appropriate for the resulting length.
+func encodeBase64(s string) string {
+	const lineLen = 70
+	encLen := base64.StdEncoding.EncodedLen(len(s))
+	lines := encLen/lineLen + 1
+	buf := make([]byte, encLen*2+lines)
+	in := buf[0:encLen]
+	out := buf[encLen:]
+	base64.StdEncoding.Encode(in, []byte(s))
+	k := 0
+	for i := 0; i < len(in); i += lineLen {
+		j := i + lineLen
+		if j > len(in) {
+			j = len(in)
+		}
+		k += copy(out[k:], in[i:j])
+		if lines > 1 {
+			out[k] = '\n'
+			k++
+		}
+	}
+	return string(out[:k])
+}
+
+// This is a subset of the formats allowed by the regular expression
+// defined at http://yaml.org/type/timestamp.html.
+var allowedTimestampFormats = []string{
+	"2006-1-2T15:4:5.999999999Z07:00", // RCF3339Nano with short date fields.
+	"2006-1-2t15:4:5.999999999Z07:00", // RFC3339Nano with short date fields and lower-case "t".
+	"2006-1-2 15:4:5.999999999",       // space separated with no time zone
+	"2006-1-2",                        // date only
+	// Notable exception: time.Parse cannot handle: "2001-12-14 21:59:43.10 -5"
+	// from the set of examples.
+}
+
+// parseTimestamp parses s as a timestamp string and
+// returns the timestamp and reports whether it succeeded.
+// Timestamp formats are defined at http://yaml.org/type/timestamp.html
+func parseTimestamp(s string) (time.Time, bool) {
+	// TODO write code to check all the formats supported by
+	// http://yaml.org/type/timestamp.html instead of using time.Parse.
+
+	// Quick check: all date formats start with YYYY-.
+	i := 0
+	for ; i < len(s); i++ {
+		if c := s[i]; c < '0' || c > '9' {
+			break
+		}
+	}
+	if i != 4 || i == len(s) || s[i] != '-' {
+		return time.Time{}, false
+	}
+	for _, format := range allowedTimestampFormats {
+		if t, err := time.Parse(format, s); err == nil {
+			return t, true
+		}
+	}
+	return time.Time{}, false
+}
diff --git a/vendor/sigs.k8s.io/yaml/goyaml.v2/scannerc.go b/vendor/sigs.k8s.io/yaml/goyaml.v2/scannerc.go
new file mode 100644
index 000000000..0b9bb6030
--- /dev/null
+++ b/vendor/sigs.k8s.io/yaml/goyaml.v2/scannerc.go
@@ -0,0 +1,2711 @@
+package yaml
+
+import (
+	"bytes"
+	"fmt"
+)
+
+// Introduction
+// ************
+//
+// The following notes assume that you are familiar with the YAML specification
+// (http://yaml.org/spec/1.2/spec.html).  We mostly follow it, although in
+// some cases we are less restrictive that it requires.
+//
+// The process of transforming a YAML stream into a sequence of events is
+// divided on two steps: Scanning and Parsing.
+//
+// The Scanner transforms the input stream into a sequence of tokens, while the
+// parser transform the sequence of tokens produced by the Scanner into a
+// sequence of parsing events.
+//
+// The Scanner is rather clever and complicated. The Parser, on the contrary,
+// is a straightforward implementation of a recursive-descendant parser (or,
+// LL(1) parser, as it is usually called).
+//
+// Actually there are two issues of Scanning that might be called "clever", the
+// rest is quite straightforward.  The issues are "block collection start" and
+// "simple keys".  Both issues are explained below in details.
+//
+// Here the Scanning step is explained and implemented.  We start with the list
+// of all the tokens produced by the Scanner together with short descriptions.
+//
+// Now, tokens:
+//
+//      STREAM-START(encoding)          # The stream start.
+//      STREAM-END                      # The stream end.
+//      VERSION-DIRECTIVE(major,minor)  # The '%YAML' directive.
+//      TAG-DIRECTIVE(handle,prefix)    # The '%TAG' directive.
+//      DOCUMENT-START                  # '---'
+//      DOCUMENT-END                    # '...'
+//      BLOCK-SEQUENCE-START            # Indentation increase denoting a block
+//      BLOCK-MAPPING-START             # sequence or a block mapping.
+//      BLOCK-END                       # Indentation decrease.
+//      FLOW-SEQUENCE-START             # '['
+//      FLOW-SEQUENCE-END               # ']'
+//      BLOCK-SEQUENCE-START            # '{'
+//      BLOCK-SEQUENCE-END              # '}'
+//      BLOCK-ENTRY                     # '-'
+//      FLOW-ENTRY                      # ','
+//      KEY                             # '?' or nothing (simple keys).
+//      VALUE                           # ':'
+//      ALIAS(anchor)                   # '*anchor'
+//      ANCHOR(anchor)                  # '&anchor'
+//      TAG(handle,suffix)              # '!handle!suffix'
+//      SCALAR(value,style)             # A scalar.
+//
+// The following two tokens are "virtual" tokens denoting the beginning and the
+// end of the stream:
+//
+//      STREAM-START(encoding)
+//      STREAM-END
+//
+// We pass the information about the input stream encoding with the
+// STREAM-START token.
+//
+// The next two tokens are responsible for tags:
+//
+//      VERSION-DIRECTIVE(major,minor)
+//      TAG-DIRECTIVE(handle,prefix)
+//
+// Example:
+//
+//      %YAML   1.1
+//      %TAG    !   !foo
+//      %TAG    !yaml!  tag:yaml.org,2002:
+//      ---
+//
+// The correspoding sequence of tokens:
+//
+//      STREAM-START(utf-8)
+//      VERSION-DIRECTIVE(1,1)
+//      TAG-DIRECTIVE("!","!foo")
+//      TAG-DIRECTIVE("!yaml","tag:yaml.org,2002:")
+//      DOCUMENT-START
+//      STREAM-END
+//
+// Note that the VERSION-DIRECTIVE and TAG-DIRECTIVE tokens occupy a whole
+// line.
+//
+// The document start and end indicators are represented by:
+//
+//      DOCUMENT-START
+//      DOCUMENT-END
+//
+// Note that if a YAML stream contains an implicit document (without '---'
+// and '...' indicators), no DOCUMENT-START and DOCUMENT-END tokens will be
+// produced.
+//
+// In the following examples, we present whole documents together with the
+// produced tokens.
+//
+//      1. An implicit document:
+//
+//          'a scalar'
+//
+//      Tokens:
+//
+//          STREAM-START(utf-8)
+//          SCALAR("a scalar",single-quoted)
+//          STREAM-END
+//
+//      2. An explicit document:
+//
+//          ---
+//          'a scalar'
+//          ...
+//
+//      Tokens:
+//
+//          STREAM-START(utf-8)
+//          DOCUMENT-START
+//          SCALAR("a scalar",single-quoted)
+//          DOCUMENT-END
+//          STREAM-END
+//
+//      3. Several documents in a stream:
+//
+//          'a scalar'
+//          ---
+//          'another scalar'
+//          ---
+//          'yet another scalar'
+//
+//      Tokens:
+//
+//          STREAM-START(utf-8)
+//          SCALAR("a scalar",single-quoted)
+//          DOCUMENT-START
+//          SCALAR("another scalar",single-quoted)
+//          DOCUMENT-START
+//          SCALAR("yet another scalar",single-quoted)
+//          STREAM-END
+//
+// We have already introduced the SCALAR token above.  The following tokens are
+// used to describe aliases, anchors, tag, and scalars:
+//
+//      ALIAS(anchor)
+//      ANCHOR(anchor)
+//      TAG(handle,suffix)
+//      SCALAR(value,style)
+//
+// The following series of examples illustrate the usage of these tokens:
+//
+//      1. A recursive sequence:
+//
+//          &A [ *A ]
+//
+//      Tokens:
+//
+//          STREAM-START(utf-8)
+//          ANCHOR("A")
+//          FLOW-SEQUENCE-START
+//          ALIAS("A")
+//          FLOW-SEQUENCE-END
+//          STREAM-END
+//
+//      2. A tagged scalar:
+//
+//          !!float "3.14"  # A good approximation.
+//
+//      Tokens:
+//
+//          STREAM-START(utf-8)
+//          TAG("!!","float")
+//          SCALAR("3.14",double-quoted)
+//          STREAM-END
+//
+//      3. Various scalar styles:
+//
+//          --- # Implicit empty plain scalars do not produce tokens.
+//          --- a plain scalar
+//          --- 'a single-quoted scalar'
+//          --- "a double-quoted scalar"
+//          --- |-
+//            a literal scalar
+//          --- >-
+//            a folded
+//            scalar
+//
+//      Tokens:
+//
+//          STREAM-START(utf-8)
+//          DOCUMENT-START
+//          DOCUMENT-START
+//          SCALAR("a plain scalar",plain)
+//          DOCUMENT-START
+//          SCALAR("a single-quoted scalar",single-quoted)
+//          DOCUMENT-START
+//          SCALAR("a double-quoted scalar",double-quoted)
+//          DOCUMENT-START
+//          SCALAR("a literal scalar",literal)
+//          DOCUMENT-START
+//          SCALAR("a folded scalar",folded)
+//          STREAM-END
+//
+// Now it's time to review collection-related tokens. We will start with
+// flow collections:
+//
+//      FLOW-SEQUENCE-START
+//      FLOW-SEQUENCE-END
+//      FLOW-MAPPING-START
+//      FLOW-MAPPING-END
+//      FLOW-ENTRY
+//      KEY
+//      VALUE
+//
+// The tokens FLOW-SEQUENCE-START, FLOW-SEQUENCE-END, FLOW-MAPPING-START, and
+// FLOW-MAPPING-END represent the indicators '[', ']', '{', and '}'
+// correspondingly.  FLOW-ENTRY represent the ',' indicator.  Finally the
+// indicators '?' and ':', which are used for denoting mapping keys and values,
+// are represented by the KEY and VALUE tokens.
+//
+// The following examples show flow collections:
+//
+//      1. A flow sequence:
+//
+//          [item 1, item 2, item 3]
+//
+//      Tokens:
+//
+//          STREAM-START(utf-8)
+//          FLOW-SEQUENCE-START
+//          SCALAR("item 1",plain)
+//          FLOW-ENTRY
+//          SCALAR("item 2",plain)
+//          FLOW-ENTRY
+//          SCALAR("item 3",plain)
+//          FLOW-SEQUENCE-END
+//          STREAM-END
+//
+//      2. A flow mapping:
+//
+//          {
+//              a simple key: a value,  # Note that the KEY token is produced.
+//              ? a complex key: another value,
+//          }
+//
+//      Tokens:
+//
+//          STREAM-START(utf-8)
+//          FLOW-MAPPING-START
+//          KEY
+//          SCALAR("a simple key",plain)
+//          VALUE
+//          SCALAR("a value",plain)
+//          FLOW-ENTRY
+//          KEY
+//          SCALAR("a complex key",plain)
+//          VALUE
+//          SCALAR("another value",plain)
+//          FLOW-ENTRY
+//          FLOW-MAPPING-END
+//          STREAM-END
+//
+// A simple key is a key which is not denoted by the '?' indicator.  Note that
+// the Scanner still produce the KEY token whenever it encounters a simple key.
+//
+// For scanning block collections, the following tokens are used (note that we
+// repeat KEY and VALUE here):
+//
+//      BLOCK-SEQUENCE-START
+//      BLOCK-MAPPING-START
+//      BLOCK-END
+//      BLOCK-ENTRY
+//      KEY
+//      VALUE
+//
+// The tokens BLOCK-SEQUENCE-START and BLOCK-MAPPING-START denote indentation
+// increase that precedes a block collection (cf. the INDENT token in Python).
+// The token BLOCK-END denote indentation decrease that ends a block collection
+// (cf. the DEDENT token in Python).  However YAML has some syntax pecularities
+// that makes detections of these tokens more complex.
+//
+// The tokens BLOCK-ENTRY, KEY, and VALUE are used to represent the indicators
+// '-', '?', and ':' correspondingly.
+//
+// The following examples show how the tokens BLOCK-SEQUENCE-START,
+// BLOCK-MAPPING-START, and BLOCK-END are emitted by the Scanner:
+//
+//      1. Block sequences:
+//
+//          - item 1
+//          - item 2
+//          -
+//            - item 3.1
+//            - item 3.2
+//          -
+//            key 1: value 1
+//            key 2: value 2
+//
+//      Tokens:
+//
+//          STREAM-START(utf-8)
+//          BLOCK-SEQUENCE-START
+//          BLOCK-ENTRY
+//          SCALAR("item 1",plain)
+//          BLOCK-ENTRY
+//          SCALAR("item 2",plain)
+//          BLOCK-ENTRY
+//          BLOCK-SEQUENCE-START
+//          BLOCK-ENTRY
+//          SCALAR("item 3.1",plain)
+//          BLOCK-ENTRY
+//          SCALAR("item 3.2",plain)
+//          BLOCK-END
+//          BLOCK-ENTRY
+//          BLOCK-MAPPING-START
+//          KEY
+//          SCALAR("key 1",plain)
+//          VALUE
+//          SCALAR("value 1",plain)
+//          KEY
+//          SCALAR("key 2",plain)
+//          VALUE
+//          SCALAR("value 2",plain)
+//          BLOCK-END
+//          BLOCK-END
+//          STREAM-END
+//
+//      2. Block mappings:
+//
+//          a simple key: a value   # The KEY token is produced here.
+//          ? a complex key
+//          : another value
+//          a mapping:
+//            key 1: value 1
+//            key 2: value 2
+//          a sequence:
+//            - item 1
+//            - item 2
+//
+//      Tokens:
+//
+//          STREAM-START(utf-8)
+//          BLOCK-MAPPING-START
+//          KEY
+//          SCALAR("a simple key",plain)
+//          VALUE
+//          SCALAR("a value",plain)
+//          KEY
+//          SCALAR("a complex key",plain)
+//          VALUE
+//          SCALAR("another value",plain)
+//          KEY
+//          SCALAR("a mapping",plain)
+//          BLOCK-MAPPING-START
+//          KEY
+//          SCALAR("key 1",plain)
+//          VALUE
+//          SCALAR("value 1",plain)
+//          KEY
+//          SCALAR("key 2",plain)
+//          VALUE
+//          SCALAR("value 2",plain)
+//          BLOCK-END
+//          KEY
+//          SCALAR("a sequence",plain)
+//          VALUE
+//          BLOCK-SEQUENCE-START
+//          BLOCK-ENTRY
+//          SCALAR("item 1",plain)
+//          BLOCK-ENTRY
+//          SCALAR("item 2",plain)
+//          BLOCK-END
+//          BLOCK-END
+//          STREAM-END
+//
+// YAML does not always require to start a new block collection from a new
+// line.  If the current line contains only '-', '?', and ':' indicators, a new
+// block collection may start at the current line.  The following examples
+// illustrate this case:
+//
+//      1. Collections in a sequence:
+//
+//          - - item 1
+//            - item 2
+//          - key 1: value 1
+//            key 2: value 2
+//          - ? complex key
+//            : complex value
+//
+//      Tokens:
+//
+//          STREAM-START(utf-8)
+//          BLOCK-SEQUENCE-START
+//          BLOCK-ENTRY
+//          BLOCK-SEQUENCE-START
+//          BLOCK-ENTRY
+//          SCALAR("item 1",plain)
+//          BLOCK-ENTRY
+//          SCALAR("item 2",plain)
+//          BLOCK-END
+//          BLOCK-ENTRY
+//          BLOCK-MAPPING-START
+//          KEY
+//          SCALAR("key 1",plain)
+//          VALUE
+//          SCALAR("value 1",plain)
+//          KEY
+//          SCALAR("key 2",plain)
+//          VALUE
+//          SCALAR("value 2",plain)
+//          BLOCK-END
+//          BLOCK-ENTRY
+//          BLOCK-MAPPING-START
+//          KEY
+//          SCALAR("complex key")
+//          VALUE
+//          SCALAR("complex value")
+//          BLOCK-END
+//          BLOCK-END
+//          STREAM-END
+//
+//      2. Collections in a mapping:
+//
+//          ? a sequence
+//          : - item 1
+//            - item 2
+//          ? a mapping
+//          : key 1: value 1
+//            key 2: value 2
+//
+//      Tokens:
+//
+//          STREAM-START(utf-8)
+//          BLOCK-MAPPING-START
+//          KEY
+//          SCALAR("a sequence",plain)
+//          VALUE
+//          BLOCK-SEQUENCE-START
+//          BLOCK-ENTRY
+//          SCALAR("item 1",plain)
+//          BLOCK-ENTRY
+//          SCALAR("item 2",plain)
+//          BLOCK-END
+//          KEY
+//          SCALAR("a mapping",plain)
+//          VALUE
+//          BLOCK-MAPPING-START
+//          KEY
+//          SCALAR("key 1",plain)
+//          VALUE
+//          SCALAR("value 1",plain)
+//          KEY
+//          SCALAR("key 2",plain)
+//          VALUE
+//          SCALAR("value 2",plain)
+//          BLOCK-END
+//          BLOCK-END
+//          STREAM-END
+//
+// YAML also permits non-indented sequences if they are included into a block
+// mapping.  In this case, the token BLOCK-SEQUENCE-START is not produced:
+//
+//      key:
+//      - item 1    # BLOCK-SEQUENCE-START is NOT produced here.
+//      - item 2
+//
+// Tokens:
+//
+//      STREAM-START(utf-8)
+//      BLOCK-MAPPING-START
+//      KEY
+//      SCALAR("key",plain)
+//      VALUE
+//      BLOCK-ENTRY
+//      SCALAR("item 1",plain)
+//      BLOCK-ENTRY
+//      SCALAR("item 2",plain)
+//      BLOCK-END
+//
+
+// Ensure that the buffer contains the required number of characters.
+// Return true on success, false on failure (reader error or memory error).
+func cache(parser *yaml_parser_t, length int) bool {
+	// [Go] This was inlined: !cache(A, B) -> unread < B && !update(A, B)
+	return parser.unread >= length || yaml_parser_update_buffer(parser, length)
+}
+
+// Advance the buffer pointer.
+func skip(parser *yaml_parser_t) {
+	parser.mark.index++
+	parser.mark.column++
+	parser.unread--
+	parser.buffer_pos += width(parser.buffer[parser.buffer_pos])
+}
+
+func skip_line(parser *yaml_parser_t) {
+	if is_crlf(parser.buffer, parser.buffer_pos) {
+		parser.mark.index += 2
+		parser.mark.column = 0
+		parser.mark.line++
+		parser.unread -= 2
+		parser.buffer_pos += 2
+	} else if is_break(parser.buffer, parser.buffer_pos) {
+		parser.mark.index++
+		parser.mark.column = 0
+		parser.mark.line++
+		parser.unread--
+		parser.buffer_pos += width(parser.buffer[parser.buffer_pos])
+	}
+}
+
+// Copy a character to a string buffer and advance pointers.
+func read(parser *yaml_parser_t, s []byte) []byte {
+	w := width(parser.buffer[parser.buffer_pos])
+	if w == 0 {
+		panic("invalid character sequence")
+	}
+	if len(s) == 0 {
+		s = make([]byte, 0, 32)
+	}
+	if w == 1 && len(s)+w <= cap(s) {
+		s = s[:len(s)+1]
+		s[len(s)-1] = parser.buffer[parser.buffer_pos]
+		parser.buffer_pos++
+	} else {
+		s = append(s, parser.buffer[parser.buffer_pos:parser.buffer_pos+w]...)
+		parser.buffer_pos += w
+	}
+	parser.mark.index++
+	parser.mark.column++
+	parser.unread--
+	return s
+}
+
+// Copy a line break character to a string buffer and advance pointers.
+func read_line(parser *yaml_parser_t, s []byte) []byte {
+	buf := parser.buffer
+	pos := parser.buffer_pos
+	switch {
+	case buf[pos] == '\r' && buf[pos+1] == '\n':
+		// CR LF . LF
+		s = append(s, '\n')
+		parser.buffer_pos += 2
+		parser.mark.index++
+		parser.unread--
+	case buf[pos] == '\r' || buf[pos] == '\n':
+		// CR|LF . LF
+		s = append(s, '\n')
+		parser.buffer_pos += 1
+	case buf[pos] == '\xC2' && buf[pos+1] == '\x85':
+		// NEL . LF
+		s = append(s, '\n')
+		parser.buffer_pos += 2
+	case buf[pos] == '\xE2' && buf[pos+1] == '\x80' && (buf[pos+2] == '\xA8' || buf[pos+2] == '\xA9'):
+		// LS|PS . LS|PS
+		s = append(s, buf[parser.buffer_pos:pos+3]...)
+		parser.buffer_pos += 3
+	default:
+		return s
+	}
+	parser.mark.index++
+	parser.mark.column = 0
+	parser.mark.line++
+	parser.unread--
+	return s
+}
+
+// Get the next token.
+func yaml_parser_scan(parser *yaml_parser_t, token *yaml_token_t) bool {
+	// Erase the token object.
+	*token = yaml_token_t{} // [Go] Is this necessary?
+
+	// No tokens after STREAM-END or error.
+	if parser.stream_end_produced || parser.error != yaml_NO_ERROR {
+		return true
+	}
+
+	// Ensure that the tokens queue contains enough tokens.
+	if !parser.token_available {
+		if !yaml_parser_fetch_more_tokens(parser) {
+			return false
+		}
+	}
+
+	// Fetch the next token from the queue.
+	*token = parser.tokens[parser.tokens_head]
+	parser.tokens_head++
+	parser.tokens_parsed++
+	parser.token_available = false
+
+	if token.typ == yaml_STREAM_END_TOKEN {
+		parser.stream_end_produced = true
+	}
+	return true
+}
+
+// Set the scanner error and return false.
+func yaml_parser_set_scanner_error(parser *yaml_parser_t, context string, context_mark yaml_mark_t, problem string) bool {
+	parser.error = yaml_SCANNER_ERROR
+	parser.context = context
+	parser.context_mark = context_mark
+	parser.problem = problem
+	parser.problem_mark = parser.mark
+	return false
+}
+
+func yaml_parser_set_scanner_tag_error(parser *yaml_parser_t, directive bool, context_mark yaml_mark_t, problem string) bool {
+	context := "while parsing a tag"
+	if directive {
+		context = "while parsing a %TAG directive"
+	}
+	return yaml_parser_set_scanner_error(parser, context, context_mark, problem)
+}
+
+func trace(args ...interface{}) func() {
+	pargs := append([]interface{}{"+++"}, args...)
+	fmt.Println(pargs...)
+	pargs = append([]interface{}{"---"}, args...)
+	return func() { fmt.Println(pargs...) }
+}
+
+// Ensure that the tokens queue contains at least one token which can be
+// returned to the Parser.
+func yaml_parser_fetch_more_tokens(parser *yaml_parser_t) bool {
+	// While we need more tokens to fetch, do it.
+	for {
+		if parser.tokens_head != len(parser.tokens) {
+			// If queue is non-empty, check if any potential simple key may
+			// occupy the head position.
+			head_tok_idx, ok := parser.simple_keys_by_tok[parser.tokens_parsed]
+			if !ok {
+				break
+			} else if valid, ok := yaml_simple_key_is_valid(parser, &parser.simple_keys[head_tok_idx]); !ok {
+				return false
+			} else if !valid {
+				break
+			}
+		}
+		// Fetch the next token.
+		if !yaml_parser_fetch_next_token(parser) {
+			return false
+		}
+	}
+
+	parser.token_available = true
+	return true
+}
+
+// The dispatcher for token fetchers.
+func yaml_parser_fetch_next_token(parser *yaml_parser_t) bool {
+	// Ensure that the buffer is initialized.
+	if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) {
+		return false
+	}
+
+	// Check if we just started scanning.  Fetch STREAM-START then.
+	if !parser.stream_start_produced {
+		return yaml_parser_fetch_stream_start(parser)
+	}
+
+	// Eat whitespaces and comments until we reach the next token.
+	if !yaml_parser_scan_to_next_token(parser) {
+		return false
+	}
+
+	// Check the indentation level against the current column.
+	if !yaml_parser_unroll_indent(parser, parser.mark.column) {
+		return false
+	}
+
+	// Ensure that the buffer contains at least 4 characters.  4 is the length
+	// of the longest indicators ('--- ' and '... ').
+	if parser.unread < 4 && !yaml_parser_update_buffer(parser, 4) {
+		return false
+	}
+
+	// Is it the end of the stream?
+	if is_z(parser.buffer, parser.buffer_pos) {
+		return yaml_parser_fetch_stream_end(parser)
+	}
+
+	// Is it a directive?
+	if parser.mark.column == 0 && parser.buffer[parser.buffer_pos] == '%' {
+		return yaml_parser_fetch_directive(parser)
+	}
+
+	buf := parser.buffer
+	pos := parser.buffer_pos
+
+	// Is it the document start indicator?
+	if parser.mark.column == 0 && buf[pos] == '-' && buf[pos+1] == '-' && buf[pos+2] == '-' && is_blankz(buf, pos+3) {
+		return yaml_parser_fetch_document_indicator(parser, yaml_DOCUMENT_START_TOKEN)
+	}
+
+	// Is it the document end indicator?
+	if parser.mark.column == 0 && buf[pos] == '.' && buf[pos+1] == '.' && buf[pos+2] == '.' && is_blankz(buf, pos+3) {
+		return yaml_parser_fetch_document_indicator(parser, yaml_DOCUMENT_END_TOKEN)
+	}
+
+	// Is it the flow sequence start indicator?
+	if buf[pos] == '[' {
+		return yaml_parser_fetch_flow_collection_start(parser, yaml_FLOW_SEQUENCE_START_TOKEN)
+	}
+
+	// Is it the flow mapping start indicator?
+	if parser.buffer[parser.buffer_pos] == '{' {
+		return yaml_parser_fetch_flow_collection_start(parser, yaml_FLOW_MAPPING_START_TOKEN)
+	}
+
+	// Is it the flow sequence end indicator?
+	if parser.buffer[parser.buffer_pos] == ']' {
+		return yaml_parser_fetch_flow_collection_end(parser,
+			yaml_FLOW_SEQUENCE_END_TOKEN)
+	}
+
+	// Is it the flow mapping end indicator?
+	if parser.buffer[parser.buffer_pos] == '}' {
+		return yaml_parser_fetch_flow_collection_end(parser,
+			yaml_FLOW_MAPPING_END_TOKEN)
+	}
+
+	// Is it the flow entry indicator?
+	if parser.buffer[parser.buffer_pos] == ',' {
+		return yaml_parser_fetch_flow_entry(parser)
+	}
+
+	// Is it the block entry indicator?
+	if parser.buffer[parser.buffer_pos] == '-' && is_blankz(parser.buffer, parser.buffer_pos+1) {
+		return yaml_parser_fetch_block_entry(parser)
+	}
+
+	// Is it the key indicator?
+	if parser.buffer[parser.buffer_pos] == '?' && (parser.flow_level > 0 || is_blankz(parser.buffer, parser.buffer_pos+1)) {
+		return yaml_parser_fetch_key(parser)
+	}
+
+	// Is it the value indicator?
+	if parser.buffer[parser.buffer_pos] == ':' && (parser.flow_level > 0 || is_blankz(parser.buffer, parser.buffer_pos+1)) {
+		return yaml_parser_fetch_value(parser)
+	}
+
+	// Is it an alias?
+	if parser.buffer[parser.buffer_pos] == '*' {
+		return yaml_parser_fetch_anchor(parser, yaml_ALIAS_TOKEN)
+	}
+
+	// Is it an anchor?
+	if parser.buffer[parser.buffer_pos] == '&' {
+		return yaml_parser_fetch_anchor(parser, yaml_ANCHOR_TOKEN)
+	}
+
+	// Is it a tag?
+	if parser.buffer[parser.buffer_pos] == '!' {
+		return yaml_parser_fetch_tag(parser)
+	}
+
+	// Is it a literal scalar?
+	if parser.buffer[parser.buffer_pos] == '|' && parser.flow_level == 0 {
+		return yaml_parser_fetch_block_scalar(parser, true)
+	}
+
+	// Is it a folded scalar?
+	if parser.buffer[parser.buffer_pos] == '>' && parser.flow_level == 0 {
+		return yaml_parser_fetch_block_scalar(parser, false)
+	}
+
+	// Is it a single-quoted scalar?
+	if parser.buffer[parser.buffer_pos] == '\'' {
+		return yaml_parser_fetch_flow_scalar(parser, true)
+	}
+
+	// Is it a double-quoted scalar?
+	if parser.buffer[parser.buffer_pos] == '"' {
+		return yaml_parser_fetch_flow_scalar(parser, false)
+	}
+
+	// Is it a plain scalar?
+	//
+	// A plain scalar may start with any non-blank characters except
+	//
+	//      '-', '?', ':', ',', '[', ']', '{', '}',
+	//      '#', '&', '*', '!', '|', '>', '\'', '\"',
+	//      '%', '@', '`'.
+	//
+	// In the block context (and, for the '-' indicator, in the flow context
+	// too), it may also start with the characters
+	//
+	//      '-', '?', ':'
+	//
+	// if it is followed by a non-space character.
+	//
+	// The last rule is more restrictive than the specification requires.
+	// [Go] Make this logic more reasonable.
+	//switch parser.buffer[parser.buffer_pos] {
+	//case '-', '?', ':', ',', '?', '-', ',', ':', ']', '[', '}', '{', '&', '#', '!', '*', '>', '|', '"', '\'', '@', '%', '-', '`':
+	//}
+	if !(is_blankz(parser.buffer, parser.buffer_pos) || parser.buffer[parser.buffer_pos] == '-' ||
+		parser.buffer[parser.buffer_pos] == '?' || parser.buffer[parser.buffer_pos] == ':' ||
+		parser.buffer[parser.buffer_pos] == ',' || parser.buffer[parser.buffer_pos] == '[' ||
+		parser.buffer[parser.buffer_pos] == ']' || parser.buffer[parser.buffer_pos] == '{' ||
+		parser.buffer[parser.buffer_pos] == '}' || parser.buffer[parser.buffer_pos] == '#' ||
+		parser.buffer[parser.buffer_pos] == '&' || parser.buffer[parser.buffer_pos] == '*' ||
+		parser.buffer[parser.buffer_pos] == '!' || parser.buffer[parser.buffer_pos] == '|' ||
+		parser.buffer[parser.buffer_pos] == '>' || parser.buffer[parser.buffer_pos] == '\'' ||
+		parser.buffer[parser.buffer_pos] == '"' || parser.buffer[parser.buffer_pos] == '%' ||
+		parser.buffer[parser.buffer_pos] == '@' || parser.buffer[parser.buffer_pos] == '`') ||
+		(parser.buffer[parser.buffer_pos] == '-' && !is_blank(parser.buffer, parser.buffer_pos+1)) ||
+		(parser.flow_level == 0 &&
+			(parser.buffer[parser.buffer_pos] == '?' || parser.buffer[parser.buffer_pos] == ':') &&
+			!is_blankz(parser.buffer, parser.buffer_pos+1)) {
+		return yaml_parser_fetch_plain_scalar(parser)
+	}
+
+	// If we don't determine the token type so far, it is an error.
+	return yaml_parser_set_scanner_error(parser,
+		"while scanning for the next token", parser.mark,
+		"found character that cannot start any token")
+}
+
+func yaml_simple_key_is_valid(parser *yaml_parser_t, simple_key *yaml_simple_key_t) (valid, ok bool) {
+	if !simple_key.possible {
+		return false, true
+	}
+
+	// The 1.2 specification says:
+	//
+	//     "If the ? indicator is omitted, parsing needs to see past the
+	//     implicit key to recognize it as such. To limit the amount of
+	//     lookahead required, the “:” indicator must appear at most 1024
+	//     Unicode characters beyond the start of the key. In addition, the key
+	//     is restricted to a single line."
+	//
+	if simple_key.mark.line < parser.mark.line || simple_key.mark.index+1024 < parser.mark.index {
+		// Check if the potential simple key to be removed is required.
+		if simple_key.required {
+			return false, yaml_parser_set_scanner_error(parser,
+				"while scanning a simple key", simple_key.mark,
+				"could not find expected ':'")
+		}
+		simple_key.possible = false
+		return false, true
+	}
+	return true, true
+}
+
+// Check if a simple key may start at the current position and add it if
+// needed.
+func yaml_parser_save_simple_key(parser *yaml_parser_t) bool {
+	// A simple key is required at the current position if the scanner is in
+	// the block context and the current column coincides with the indentation
+	// level.
+
+	required := parser.flow_level == 0 && parser.indent == parser.mark.column
+
+	//
+	// If the current position may start a simple key, save it.
+	//
+	if parser.simple_key_allowed {
+		simple_key := yaml_simple_key_t{
+			possible:     true,
+			required:     required,
+			token_number: parser.tokens_parsed + (len(parser.tokens) - parser.tokens_head),
+			mark:         parser.mark,
+		}
+
+		if !yaml_parser_remove_simple_key(parser) {
+			return false
+		}
+		parser.simple_keys[len(parser.simple_keys)-1] = simple_key
+		parser.simple_keys_by_tok[simple_key.token_number] = len(parser.simple_keys) - 1
+	}
+	return true
+}
+
+// Remove a potential simple key at the current flow level.
+func yaml_parser_remove_simple_key(parser *yaml_parser_t) bool {
+	i := len(parser.simple_keys) - 1
+	if parser.simple_keys[i].possible {
+		// If the key is required, it is an error.
+		if parser.simple_keys[i].required {
+			return yaml_parser_set_scanner_error(parser,
+				"while scanning a simple key", parser.simple_keys[i].mark,
+				"could not find expected ':'")
+		}
+		// Remove the key from the stack.
+		parser.simple_keys[i].possible = false
+		delete(parser.simple_keys_by_tok, parser.simple_keys[i].token_number)
+	}
+	return true
+}
+
+// max_flow_level limits the flow_level
+const max_flow_level = 10000
+
+// Increase the flow level and resize the simple key list if needed.
+func yaml_parser_increase_flow_level(parser *yaml_parser_t) bool {
+	// Reset the simple key on the next level.
+	parser.simple_keys = append(parser.simple_keys, yaml_simple_key_t{
+		possible:     false,
+		required:     false,
+		token_number: parser.tokens_parsed + (len(parser.tokens) - parser.tokens_head),
+		mark:         parser.mark,
+	})
+
+	// Increase the flow level.
+	parser.flow_level++
+	if parser.flow_level > max_flow_level {
+		return yaml_parser_set_scanner_error(parser,
+			"while increasing flow level", parser.simple_keys[len(parser.simple_keys)-1].mark,
+			fmt.Sprintf("exceeded max depth of %d", max_flow_level))
+	}
+	return true
+}
+
+// Decrease the flow level.
+func yaml_parser_decrease_flow_level(parser *yaml_parser_t) bool {
+	if parser.flow_level > 0 {
+		parser.flow_level--
+		last := len(parser.simple_keys) - 1
+		delete(parser.simple_keys_by_tok, parser.simple_keys[last].token_number)
+		parser.simple_keys = parser.simple_keys[:last]
+	}
+	return true
+}
+
+// max_indents limits the indents stack size
+const max_indents = 10000
+
+// Push the current indentation level to the stack and set the new level
+// the current column is greater than the indentation level.  In this case,
+// append or insert the specified token into the token queue.
+func yaml_parser_roll_indent(parser *yaml_parser_t, column, number int, typ yaml_token_type_t, mark yaml_mark_t) bool {
+	// In the flow context, do nothing.
+	if parser.flow_level > 0 {
+		return true
+	}
+
+	if parser.indent < column {
+		// Push the current indentation level to the stack and set the new
+		// indentation level.
+		parser.indents = append(parser.indents, parser.indent)
+		parser.indent = column
+		if len(parser.indents) > max_indents {
+			return yaml_parser_set_scanner_error(parser,
+				"while increasing indent level", parser.simple_keys[len(parser.simple_keys)-1].mark,
+				fmt.Sprintf("exceeded max depth of %d", max_indents))
+		}
+
+		// Create a token and insert it into the queue.
+		token := yaml_token_t{
+			typ:        typ,
+			start_mark: mark,
+			end_mark:   mark,
+		}
+		if number > -1 {
+			number -= parser.tokens_parsed
+		}
+		yaml_insert_token(parser, number, &token)
+	}
+	return true
+}
+
+// Pop indentation levels from the indents stack until the current level
+// becomes less or equal to the column.  For each indentation level, append
+// the BLOCK-END token.
+func yaml_parser_unroll_indent(parser *yaml_parser_t, column int) bool {
+	// In the flow context, do nothing.
+	if parser.flow_level > 0 {
+		return true
+	}
+
+	// Loop through the indentation levels in the stack.
+	for parser.indent > column {
+		// Create a token and append it to the queue.
+		token := yaml_token_t{
+			typ:        yaml_BLOCK_END_TOKEN,
+			start_mark: parser.mark,
+			end_mark:   parser.mark,
+		}
+		yaml_insert_token(parser, -1, &token)
+
+		// Pop the indentation level.
+		parser.indent = parser.indents[len(parser.indents)-1]
+		parser.indents = parser.indents[:len(parser.indents)-1]
+	}
+	return true
+}
+
+// Initialize the scanner and produce the STREAM-START token.
+func yaml_parser_fetch_stream_start(parser *yaml_parser_t) bool {
+
+	// Set the initial indentation.
+	parser.indent = -1
+
+	// Initialize the simple key stack.
+	parser.simple_keys = append(parser.simple_keys, yaml_simple_key_t{})
+
+	parser.simple_keys_by_tok = make(map[int]int)
+
+	// A simple key is allowed at the beginning of the stream.
+	parser.simple_key_allowed = true
+
+	// We have started.
+	parser.stream_start_produced = true
+
+	// Create the STREAM-START token and append it to the queue.
+	token := yaml_token_t{
+		typ:        yaml_STREAM_START_TOKEN,
+		start_mark: parser.mark,
+		end_mark:   parser.mark,
+		encoding:   parser.encoding,
+	}
+	yaml_insert_token(parser, -1, &token)
+	return true
+}
+
+// Produce the STREAM-END token and shut down the scanner.
+func yaml_parser_fetch_stream_end(parser *yaml_parser_t) bool {
+
+	// Force new line.
+	if parser.mark.column != 0 {
+		parser.mark.column = 0
+		parser.mark.line++
+	}
+
+	// Reset the indentation level.
+	if !yaml_parser_unroll_indent(parser, -1) {
+		return false
+	}
+
+	// Reset simple keys.
+	if !yaml_parser_remove_simple_key(parser) {
+		return false
+	}
+
+	parser.simple_key_allowed = false
+
+	// Create the STREAM-END token and append it to the queue.
+	token := yaml_token_t{
+		typ:        yaml_STREAM_END_TOKEN,
+		start_mark: parser.mark,
+		end_mark:   parser.mark,
+	}
+	yaml_insert_token(parser, -1, &token)
+	return true
+}
+
+// Produce a VERSION-DIRECTIVE or TAG-DIRECTIVE token.
+func yaml_parser_fetch_directive(parser *yaml_parser_t) bool {
+	// Reset the indentation level.
+	if !yaml_parser_unroll_indent(parser, -1) {
+		return false
+	}
+
+	// Reset simple keys.
+	if !yaml_parser_remove_simple_key(parser) {
+		return false
+	}
+
+	parser.simple_key_allowed = false
+
+	// Create the YAML-DIRECTIVE or TAG-DIRECTIVE token.
+	token := yaml_token_t{}
+	if !yaml_parser_scan_directive(parser, &token) {
+		return false
+	}
+	// Append the token to the queue.
+	yaml_insert_token(parser, -1, &token)
+	return true
+}
+
+// Produce the DOCUMENT-START or DOCUMENT-END token.
+func yaml_parser_fetch_document_indicator(parser *yaml_parser_t, typ yaml_token_type_t) bool {
+	// Reset the indentation level.
+	if !yaml_parser_unroll_indent(parser, -1) {
+		return false
+	}
+
+	// Reset simple keys.
+	if !yaml_parser_remove_simple_key(parser) {
+		return false
+	}
+
+	parser.simple_key_allowed = false
+
+	// Consume the token.
+	start_mark := parser.mark
+
+	skip(parser)
+	skip(parser)
+	skip(parser)
+
+	end_mark := parser.mark
+
+	// Create the DOCUMENT-START or DOCUMENT-END token.
+	token := yaml_token_t{
+		typ:        typ,
+		start_mark: start_mark,
+		end_mark:   end_mark,
+	}
+	// Append the token to the queue.
+	yaml_insert_token(parser, -1, &token)
+	return true
+}
+
+// Produce the FLOW-SEQUENCE-START or FLOW-MAPPING-START token.
+func yaml_parser_fetch_flow_collection_start(parser *yaml_parser_t, typ yaml_token_type_t) bool {
+	// The indicators '[' and '{' may start a simple key.
+	if !yaml_parser_save_simple_key(parser) {
+		return false
+	}
+
+	// Increase the flow level.
+	if !yaml_parser_increase_flow_level(parser) {
+		return false
+	}
+
+	// A simple key may follow the indicators '[' and '{'.
+	parser.simple_key_allowed = true
+
+	// Consume the token.
+	start_mark := parser.mark
+	skip(parser)
+	end_mark := parser.mark
+
+	// Create the FLOW-SEQUENCE-START of FLOW-MAPPING-START token.
+	token := yaml_token_t{
+		typ:        typ,
+		start_mark: start_mark,
+		end_mark:   end_mark,
+	}
+	// Append the token to the queue.
+	yaml_insert_token(parser, -1, &token)
+	return true
+}
+
+// Produce the FLOW-SEQUENCE-END or FLOW-MAPPING-END token.
+func yaml_parser_fetch_flow_collection_end(parser *yaml_parser_t, typ yaml_token_type_t) bool {
+	// Reset any potential simple key on the current flow level.
+	if !yaml_parser_remove_simple_key(parser) {
+		return false
+	}
+
+	// Decrease the flow level.
+	if !yaml_parser_decrease_flow_level(parser) {
+		return false
+	}
+
+	// No simple keys after the indicators ']' and '}'.
+	parser.simple_key_allowed = false
+
+	// Consume the token.
+
+	start_mark := parser.mark
+	skip(parser)
+	end_mark := parser.mark
+
+	// Create the FLOW-SEQUENCE-END of FLOW-MAPPING-END token.
+	token := yaml_token_t{
+		typ:        typ,
+		start_mark: start_mark,
+		end_mark:   end_mark,
+	}
+	// Append the token to the queue.
+	yaml_insert_token(parser, -1, &token)
+	return true
+}
+
+// Produce the FLOW-ENTRY token.
+func yaml_parser_fetch_flow_entry(parser *yaml_parser_t) bool {
+	// Reset any potential simple keys on the current flow level.
+	if !yaml_parser_remove_simple_key(parser) {
+		return false
+	}
+
+	// Simple keys are allowed after ','.
+	parser.simple_key_allowed = true
+
+	// Consume the token.
+	start_mark := parser.mark
+	skip(parser)
+	end_mark := parser.mark
+
+	// Create the FLOW-ENTRY token and append it to the queue.
+	token := yaml_token_t{
+		typ:        yaml_FLOW_ENTRY_TOKEN,
+		start_mark: start_mark,
+		end_mark:   end_mark,
+	}
+	yaml_insert_token(parser, -1, &token)
+	return true
+}
+
+// Produce the BLOCK-ENTRY token.
+func yaml_parser_fetch_block_entry(parser *yaml_parser_t) bool {
+	// Check if the scanner is in the block context.
+	if parser.flow_level == 0 {
+		// Check if we are allowed to start a new entry.
+		if !parser.simple_key_allowed {
+			return yaml_parser_set_scanner_error(parser, "", parser.mark,
+				"block sequence entries are not allowed in this context")
+		}
+		// Add the BLOCK-SEQUENCE-START token if needed.
+		if !yaml_parser_roll_indent(parser, parser.mark.column, -1, yaml_BLOCK_SEQUENCE_START_TOKEN, parser.mark) {
+			return false
+		}
+	} else {
+		// It is an error for the '-' indicator to occur in the flow context,
+		// but we let the Parser detect and report about it because the Parser
+		// is able to point to the context.
+	}
+
+	// Reset any potential simple keys on the current flow level.
+	if !yaml_parser_remove_simple_key(parser) {
+		return false
+	}
+
+	// Simple keys are allowed after '-'.
+	parser.simple_key_allowed = true
+
+	// Consume the token.
+	start_mark := parser.mark
+	skip(parser)
+	end_mark := parser.mark
+
+	// Create the BLOCK-ENTRY token and append it to the queue.
+	token := yaml_token_t{
+		typ:        yaml_BLOCK_ENTRY_TOKEN,
+		start_mark: start_mark,
+		end_mark:   end_mark,
+	}
+	yaml_insert_token(parser, -1, &token)
+	return true
+}
+
+// Produce the KEY token.
+func yaml_parser_fetch_key(parser *yaml_parser_t) bool {
+
+	// In the block context, additional checks are required.
+	if parser.flow_level == 0 {
+		// Check if we are allowed to start a new key (not nessesary simple).
+		if !parser.simple_key_allowed {
+			return yaml_parser_set_scanner_error(parser, "", parser.mark,
+				"mapping keys are not allowed in this context")
+		}
+		// Add the BLOCK-MAPPING-START token if needed.
+		if !yaml_parser_roll_indent(parser, parser.mark.column, -1, yaml_BLOCK_MAPPING_START_TOKEN, parser.mark) {
+			return false
+		}
+	}
+
+	// Reset any potential simple keys on the current flow level.
+	if !yaml_parser_remove_simple_key(parser) {
+		return false
+	}
+
+	// Simple keys are allowed after '?' in the block context.
+	parser.simple_key_allowed = parser.flow_level == 0
+
+	// Consume the token.
+	start_mark := parser.mark
+	skip(parser)
+	end_mark := parser.mark
+
+	// Create the KEY token and append it to the queue.
+	token := yaml_token_t{
+		typ:        yaml_KEY_TOKEN,
+		start_mark: start_mark,
+		end_mark:   end_mark,
+	}
+	yaml_insert_token(parser, -1, &token)
+	return true
+}
+
+// Produce the VALUE token.
+func yaml_parser_fetch_value(parser *yaml_parser_t) bool {
+
+	simple_key := &parser.simple_keys[len(parser.simple_keys)-1]
+
+	// Have we found a simple key?
+	if valid, ok := yaml_simple_key_is_valid(parser, simple_key); !ok {
+		return false
+
+	} else if valid {
+
+		// Create the KEY token and insert it into the queue.
+		token := yaml_token_t{
+			typ:        yaml_KEY_TOKEN,
+			start_mark: simple_key.mark,
+			end_mark:   simple_key.mark,
+		}
+		yaml_insert_token(parser, simple_key.token_number-parser.tokens_parsed, &token)
+
+		// In the block context, we may need to add the BLOCK-MAPPING-START token.
+		if !yaml_parser_roll_indent(parser, simple_key.mark.column,
+			simple_key.token_number,
+			yaml_BLOCK_MAPPING_START_TOKEN, simple_key.mark) {
+			return false
+		}
+
+		// Remove the simple key.
+		simple_key.possible = false
+		delete(parser.simple_keys_by_tok, simple_key.token_number)
+
+		// A simple key cannot follow another simple key.
+		parser.simple_key_allowed = false
+
+	} else {
+		// The ':' indicator follows a complex key.
+
+		// In the block context, extra checks are required.
+		if parser.flow_level == 0 {
+
+			// Check if we are allowed to start a complex value.
+			if !parser.simple_key_allowed {
+				return yaml_parser_set_scanner_error(parser, "", parser.mark,
+					"mapping values are not allowed in this context")
+			}
+
+			// Add the BLOCK-MAPPING-START token if needed.
+			if !yaml_parser_roll_indent(parser, parser.mark.column, -1, yaml_BLOCK_MAPPING_START_TOKEN, parser.mark) {
+				return false
+			}
+		}
+
+		// Simple keys after ':' are allowed in the block context.
+		parser.simple_key_allowed = parser.flow_level == 0
+	}
+
+	// Consume the token.
+	start_mark := parser.mark
+	skip(parser)
+	end_mark := parser.mark
+
+	// Create the VALUE token and append it to the queue.
+	token := yaml_token_t{
+		typ:        yaml_VALUE_TOKEN,
+		start_mark: start_mark,
+		end_mark:   end_mark,
+	}
+	yaml_insert_token(parser, -1, &token)
+	return true
+}
+
+// Produce the ALIAS or ANCHOR token.
+func yaml_parser_fetch_anchor(parser *yaml_parser_t, typ yaml_token_type_t) bool {
+	// An anchor or an alias could be a simple key.
+	if !yaml_parser_save_simple_key(parser) {
+		return false
+	}
+
+	// A simple key cannot follow an anchor or an alias.
+	parser.simple_key_allowed = false
+
+	// Create the ALIAS or ANCHOR token and append it to the queue.
+	var token yaml_token_t
+	if !yaml_parser_scan_anchor(parser, &token, typ) {
+		return false
+	}
+	yaml_insert_token(parser, -1, &token)
+	return true
+}
+
+// Produce the TAG token.
+func yaml_parser_fetch_tag(parser *yaml_parser_t) bool {
+	// A tag could be a simple key.
+	if !yaml_parser_save_simple_key(parser) {
+		return false
+	}
+
+	// A simple key cannot follow a tag.
+	parser.simple_key_allowed = false
+
+	// Create the TAG token and append it to the queue.
+	var token yaml_token_t
+	if !yaml_parser_scan_tag(parser, &token) {
+		return false
+	}
+	yaml_insert_token(parser, -1, &token)
+	return true
+}
+
+// Produce the SCALAR(...,literal) or SCALAR(...,folded) tokens.
+func yaml_parser_fetch_block_scalar(parser *yaml_parser_t, literal bool) bool {
+	// Remove any potential simple keys.
+	if !yaml_parser_remove_simple_key(parser) {
+		return false
+	}
+
+	// A simple key may follow a block scalar.
+	parser.simple_key_allowed = true
+
+	// Create the SCALAR token and append it to the queue.
+	var token yaml_token_t
+	if !yaml_parser_scan_block_scalar(parser, &token, literal) {
+		return false
+	}
+	yaml_insert_token(parser, -1, &token)
+	return true
+}
+
+// Produce the SCALAR(...,single-quoted) or SCALAR(...,double-quoted) tokens.
+func yaml_parser_fetch_flow_scalar(parser *yaml_parser_t, single bool) bool {
+	// A plain scalar could be a simple key.
+	if !yaml_parser_save_simple_key(parser) {
+		return false
+	}
+
+	// A simple key cannot follow a flow scalar.
+	parser.simple_key_allowed = false
+
+	// Create the SCALAR token and append it to the queue.
+	var token yaml_token_t
+	if !yaml_parser_scan_flow_scalar(parser, &token, single) {
+		return false
+	}
+	yaml_insert_token(parser, -1, &token)
+	return true
+}
+
+// Produce the SCALAR(...,plain) token.
+func yaml_parser_fetch_plain_scalar(parser *yaml_parser_t) bool {
+	// A plain scalar could be a simple key.
+	if !yaml_parser_save_simple_key(parser) {
+		return false
+	}
+
+	// A simple key cannot follow a flow scalar.
+	parser.simple_key_allowed = false
+
+	// Create the SCALAR token and append it to the queue.
+	var token yaml_token_t
+	if !yaml_parser_scan_plain_scalar(parser, &token) {
+		return false
+	}
+	yaml_insert_token(parser, -1, &token)
+	return true
+}
+
+// Eat whitespaces and comments until the next token is found.
+func yaml_parser_scan_to_next_token(parser *yaml_parser_t) bool {
+
+	// Until the next token is not found.
+	for {
+		// Allow the BOM mark to start a line.
+		if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) {
+			return false
+		}
+		if parser.mark.column == 0 && is_bom(parser.buffer, parser.buffer_pos) {
+			skip(parser)
+		}
+
+		// Eat whitespaces.
+		// Tabs are allowed:
+		//  - in the flow context
+		//  - in the block context, but not at the beginning of the line or
+		//  after '-', '?', or ':' (complex value).
+		if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) {
+			return false
+		}
+
+		for parser.buffer[parser.buffer_pos] == ' ' || ((parser.flow_level > 0 || !parser.simple_key_allowed) && parser.buffer[parser.buffer_pos] == '\t') {
+			skip(parser)
+			if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) {
+				return false
+			}
+		}
+
+		// Eat a comment until a line break.
+		if parser.buffer[parser.buffer_pos] == '#' {
+			for !is_breakz(parser.buffer, parser.buffer_pos) {
+				skip(parser)
+				if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) {
+					return false
+				}
+			}
+		}
+
+		// If it is a line break, eat it.
+		if is_break(parser.buffer, parser.buffer_pos) {
+			if parser.unread < 2 && !yaml_parser_update_buffer(parser, 2) {
+				return false
+			}
+			skip_line(parser)
+
+			// In the block context, a new line may start a simple key.
+			if parser.flow_level == 0 {
+				parser.simple_key_allowed = true
+			}
+		} else {
+			break // We have found a token.
+		}
+	}
+
+	return true
+}
+
+// Scan a YAML-DIRECTIVE or TAG-DIRECTIVE token.
+//
+// Scope:
+//      %YAML    1.1    # a comment \n
+//      ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+//      %TAG    !yaml!  tag:yaml.org,2002:  \n
+//      ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+//
+func yaml_parser_scan_directive(parser *yaml_parser_t, token *yaml_token_t) bool {
+	// Eat '%'.
+	start_mark := parser.mark
+	skip(parser)
+
+	// Scan the directive name.
+	var name []byte
+	if !yaml_parser_scan_directive_name(parser, start_mark, &name) {
+		return false
+	}
+
+	// Is it a YAML directive?
+	if bytes.Equal(name, []byte("YAML")) {
+		// Scan the VERSION directive value.
+		var major, minor int8
+		if !yaml_parser_scan_version_directive_value(parser, start_mark, &major, &minor) {
+			return false
+		}
+		end_mark := parser.mark
+
+		// Create a VERSION-DIRECTIVE token.
+		*token = yaml_token_t{
+			typ:        yaml_VERSION_DIRECTIVE_TOKEN,
+			start_mark: start_mark,
+			end_mark:   end_mark,
+			major:      major,
+			minor:      minor,
+		}
+
+		// Is it a TAG directive?
+	} else if bytes.Equal(name, []byte("TAG")) {
+		// Scan the TAG directive value.
+		var handle, prefix []byte
+		if !yaml_parser_scan_tag_directive_value(parser, start_mark, &handle, &prefix) {
+			return false
+		}
+		end_mark := parser.mark
+
+		// Create a TAG-DIRECTIVE token.
+		*token = yaml_token_t{
+			typ:        yaml_TAG_DIRECTIVE_TOKEN,
+			start_mark: start_mark,
+			end_mark:   end_mark,
+			value:      handle,
+			prefix:     prefix,
+		}
+
+		// Unknown directive.
+	} else {
+		yaml_parser_set_scanner_error(parser, "while scanning a directive",
+			start_mark, "found unknown directive name")
+		return false
+	}
+
+	// Eat the rest of the line including any comments.
+	if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) {
+		return false
+	}
+
+	for is_blank(parser.buffer, parser.buffer_pos) {
+		skip(parser)
+		if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) {
+			return false
+		}
+	}
+
+	if parser.buffer[parser.buffer_pos] == '#' {
+		for !is_breakz(parser.buffer, parser.buffer_pos) {
+			skip(parser)
+			if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) {
+				return false
+			}
+		}
+	}
+
+	// Check if we are at the end of the line.
+	if !is_breakz(parser.buffer, parser.buffer_pos) {
+		yaml_parser_set_scanner_error(parser, "while scanning a directive",
+			start_mark, "did not find expected comment or line break")
+		return false
+	}
+
+	// Eat a line break.
+	if is_break(parser.buffer, parser.buffer_pos) {
+		if parser.unread < 2 && !yaml_parser_update_buffer(parser, 2) {
+			return false
+		}
+		skip_line(parser)
+	}
+
+	return true
+}
+
+// Scan the directive name.
+//
+// Scope:
+//      %YAML   1.1     # a comment \n
+//       ^^^^
+//      %TAG    !yaml!  tag:yaml.org,2002:  \n
+//       ^^^
+//
+func yaml_parser_scan_directive_name(parser *yaml_parser_t, start_mark yaml_mark_t, name *[]byte) bool {
+	// Consume the directive name.
+	if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) {
+		return false
+	}
+
+	var s []byte
+	for is_alpha(parser.buffer, parser.buffer_pos) {
+		s = read(parser, s)
+		if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) {
+			return false
+		}
+	}
+
+	// Check if the name is empty.
+	if len(s) == 0 {
+		yaml_parser_set_scanner_error(parser, "while scanning a directive",
+			start_mark, "could not find expected directive name")
+		return false
+	}
+
+	// Check for an blank character after the name.
+	if !is_blankz(parser.buffer, parser.buffer_pos) {
+		yaml_parser_set_scanner_error(parser, "while scanning a directive",
+			start_mark, "found unexpected non-alphabetical character")
+		return false
+	}
+	*name = s
+	return true
+}
+
+// Scan the value of VERSION-DIRECTIVE.
+//
+// Scope:
+//      %YAML   1.1     # a comment \n
+//           ^^^^^^
+func yaml_parser_scan_version_directive_value(parser *yaml_parser_t, start_mark yaml_mark_t, major, minor *int8) bool {
+	// Eat whitespaces.
+	if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) {
+		return false
+	}
+	for is_blank(parser.buffer, parser.buffer_pos) {
+		skip(parser)
+		if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) {
+			return false
+		}
+	}
+
+	// Consume the major version number.
+	if !yaml_parser_scan_version_directive_number(parser, start_mark, major) {
+		return false
+	}
+
+	// Eat '.'.
+	if parser.buffer[parser.buffer_pos] != '.' {
+		return yaml_parser_set_scanner_error(parser, "while scanning a %YAML directive",
+			start_mark, "did not find expected digit or '.' character")
+	}
+
+	skip(parser)
+
+	// Consume the minor version number.
+	if !yaml_parser_scan_version_directive_number(parser, start_mark, minor) {
+		return false
+	}
+	return true
+}
+
+const max_number_length = 2
+
+// Scan the version number of VERSION-DIRECTIVE.
+//
+// Scope:
+//      %YAML   1.1     # a comment \n
+//              ^
+//      %YAML   1.1     # a comment \n
+//                ^
+func yaml_parser_scan_version_directive_number(parser *yaml_parser_t, start_mark yaml_mark_t, number *int8) bool {
+
+	// Repeat while the next character is digit.
+	if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) {
+		return false
+	}
+	var value, length int8
+	for is_digit(parser.buffer, parser.buffer_pos) {
+		// Check if the number is too long.
+		length++
+		if length > max_number_length {
+			return yaml_parser_set_scanner_error(parser, "while scanning a %YAML directive",
+				start_mark, "found extremely long version number")
+		}
+		value = value*10 + int8(as_digit(parser.buffer, parser.buffer_pos))
+		skip(parser)
+		if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) {
+			return false
+		}
+	}
+
+	// Check if the number was present.
+	if length == 0 {
+		return yaml_parser_set_scanner_error(parser, "while scanning a %YAML directive",
+			start_mark, "did not find expected version number")
+	}
+	*number = value
+	return true
+}
+
+// Scan the value of a TAG-DIRECTIVE token.
+//
+// Scope:
+//      %TAG    !yaml!  tag:yaml.org,2002:  \n
+//          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+//
+func yaml_parser_scan_tag_directive_value(parser *yaml_parser_t, start_mark yaml_mark_t, handle, prefix *[]byte) bool {
+	var handle_value, prefix_value []byte
+
+	// Eat whitespaces.
+	if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) {
+		return false
+	}
+
+	for is_blank(parser.buffer, parser.buffer_pos) {
+		skip(parser)
+		if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) {
+			return false
+		}
+	}
+
+	// Scan a handle.
+	if !yaml_parser_scan_tag_handle(parser, true, start_mark, &handle_value) {
+		return false
+	}
+
+	// Expect a whitespace.
+	if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) {
+		return false
+	}
+	if !is_blank(parser.buffer, parser.buffer_pos) {
+		yaml_parser_set_scanner_error(parser, "while scanning a %TAG directive",
+			start_mark, "did not find expected whitespace")
+		return false
+	}
+
+	// Eat whitespaces.
+	for is_blank(parser.buffer, parser.buffer_pos) {
+		skip(parser)
+		if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) {
+			return false
+		}
+	}
+
+	// Scan a prefix.
+	if !yaml_parser_scan_tag_uri(parser, true, nil, start_mark, &prefix_value) {
+		return false
+	}
+
+	// Expect a whitespace or line break.
+	if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) {
+		return false
+	}
+	if !is_blankz(parser.buffer, parser.buffer_pos) {
+		yaml_parser_set_scanner_error(parser, "while scanning a %TAG directive",
+			start_mark, "did not find expected whitespace or line break")
+		return false
+	}
+
+	*handle = handle_value
+	*prefix = prefix_value
+	return true
+}
+
+func yaml_parser_scan_anchor(parser *yaml_parser_t, token *yaml_token_t, typ yaml_token_type_t) bool {
+	var s []byte
+
+	// Eat the indicator character.
+	start_mark := parser.mark
+	skip(parser)
+
+	// Consume the value.
+	if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) {
+		return false
+	}
+
+	for is_alpha(parser.buffer, parser.buffer_pos) {
+		s = read(parser, s)
+		if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) {
+			return false
+		}
+	}
+
+	end_mark := parser.mark
+
+	/*
+	 * Check if length of the anchor is greater than 0 and it is followed by
+	 * a whitespace character or one of the indicators:
+	 *
+	 *      '?', ':', ',', ']', '}', '%', '@', '`'.
+	 */
+
+	if len(s) == 0 ||
+		!(is_blankz(parser.buffer, parser.buffer_pos) || parser.buffer[parser.buffer_pos] == '?' ||
+			parser.buffer[parser.buffer_pos] == ':' || parser.buffer[parser.buffer_pos] == ',' ||
+			parser.buffer[parser.buffer_pos] == ']' || parser.buffer[parser.buffer_pos] == '}' ||
+			parser.buffer[parser.buffer_pos] == '%' || parser.buffer[parser.buffer_pos] == '@' ||
+			parser.buffer[parser.buffer_pos] == '`') {
+		context := "while scanning an alias"
+		if typ == yaml_ANCHOR_TOKEN {
+			context = "while scanning an anchor"
+		}
+		yaml_parser_set_scanner_error(parser, context, start_mark,
+			"did not find expected alphabetic or numeric character")
+		return false
+	}
+
+	// Create a token.
+	*token = yaml_token_t{
+		typ:        typ,
+		start_mark: start_mark,
+		end_mark:   end_mark,
+		value:      s,
+	}
+
+	return true
+}
+
+/*
+ * Scan a TAG token.
+ */
+
+func yaml_parser_scan_tag(parser *yaml_parser_t, token *yaml_token_t) bool {
+	var handle, suffix []byte
+
+	start_mark := parser.mark
+
+	// Check if the tag is in the canonical form.
+	if parser.unread < 2 && !yaml_parser_update_buffer(parser, 2) {
+		return false
+	}
+
+	if parser.buffer[parser.buffer_pos+1] == '<' {
+		// Keep the handle as ''
+
+		// Eat '!<'
+		skip(parser)
+		skip(parser)
+
+		// Consume the tag value.
+		if !yaml_parser_scan_tag_uri(parser, false, nil, start_mark, &suffix) {
+			return false
+		}
+
+		// Check for '>' and eat it.
+		if parser.buffer[parser.buffer_pos] != '>' {
+			yaml_parser_set_scanner_error(parser, "while scanning a tag",
+				start_mark, "did not find the expected '>'")
+			return false
+		}
+
+		skip(parser)
+	} else {
+		// The tag has either the '!suffix' or the '!handle!suffix' form.
+
+		// First, try to scan a handle.
+		if !yaml_parser_scan_tag_handle(parser, false, start_mark, &handle) {
+			return false
+		}
+
+		// Check if it is, indeed, handle.
+		if handle[0] == '!' && len(handle) > 1 && handle[len(handle)-1] == '!' {
+			// Scan the suffix now.
+			if !yaml_parser_scan_tag_uri(parser, false, nil, start_mark, &suffix) {
+				return false
+			}
+		} else {
+			// It wasn't a handle after all.  Scan the rest of the tag.
+			if !yaml_parser_scan_tag_uri(parser, false, handle, start_mark, &suffix) {
+				return false
+			}
+
+			// Set the handle to '!'.
+			handle = []byte{'!'}
+
+			// A special case: the '!' tag.  Set the handle to '' and the
+			// suffix to '!'.
+			if len(suffix) == 0 {
+				handle, suffix = suffix, handle
+			}
+		}
+	}
+
+	// Check the character which ends the tag.
+	if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) {
+		return false
+	}
+	if !is_blankz(parser.buffer, parser.buffer_pos) {
+		yaml_parser_set_scanner_error(parser, "while scanning a tag",
+			start_mark, "did not find expected whitespace or line break")
+		return false
+	}
+
+	end_mark := parser.mark
+
+	// Create a token.
+	*token = yaml_token_t{
+		typ:        yaml_TAG_TOKEN,
+		start_mark: start_mark,
+		end_mark:   end_mark,
+		value:      handle,
+		suffix:     suffix,
+	}
+	return true
+}
+
+// Scan a tag handle.
+func yaml_parser_scan_tag_handle(parser *yaml_parser_t, directive bool, start_mark yaml_mark_t, handle *[]byte) bool {
+	// Check the initial '!' character.
+	if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) {
+		return false
+	}
+	if parser.buffer[parser.buffer_pos] != '!' {
+		yaml_parser_set_scanner_tag_error(parser, directive,
+			start_mark, "did not find expected '!'")
+		return false
+	}
+
+	var s []byte
+
+	// Copy the '!' character.
+	s = read(parser, s)
+
+	// Copy all subsequent alphabetical and numerical characters.
+	if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) {
+		return false
+	}
+	for is_alpha(parser.buffer, parser.buffer_pos) {
+		s = read(parser, s)
+		if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) {
+			return false
+		}
+	}
+
+	// Check if the trailing character is '!' and copy it.
+	if parser.buffer[parser.buffer_pos] == '!' {
+		s = read(parser, s)
+	} else {
+		// It's either the '!' tag or not really a tag handle.  If it's a %TAG
+		// directive, it's an error.  If it's a tag token, it must be a part of URI.
+		if directive && string(s) != "!" {
+			yaml_parser_set_scanner_tag_error(parser, directive,
+				start_mark, "did not find expected '!'")
+			return false
+		}
+	}
+
+	*handle = s
+	return true
+}
+
+// Scan a tag.
+func yaml_parser_scan_tag_uri(parser *yaml_parser_t, directive bool, head []byte, start_mark yaml_mark_t, uri *[]byte) bool {
+	//size_t length = head ? strlen((char *)head) : 0
+	var s []byte
+	hasTag := len(head) > 0
+
+	// Copy the head if needed.
+	//
+	// Note that we don't copy the leading '!' character.
+	if len(head) > 1 {
+		s = append(s, head[1:]...)
+	}
+
+	// Scan the tag.
+	if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) {
+		return false
+	}
+
+	// The set of characters that may appear in URI is as follows:
+	//
+	//      '0'-'9', 'A'-'Z', 'a'-'z', '_', '-', ';', '/', '?', ':', '@', '&',
+	//      '=', '+', '$', ',', '.', '!', '~', '*', '\'', '(', ')', '[', ']',
+	//      '%'.
+	// [Go] Convert this into more reasonable logic.
+	for is_alpha(parser.buffer, parser.buffer_pos) || parser.buffer[parser.buffer_pos] == ';' ||
+		parser.buffer[parser.buffer_pos] == '/' || parser.buffer[parser.buffer_pos] == '?' ||
+		parser.buffer[parser.buffer_pos] == ':' || parser.buffer[parser.buffer_pos] == '@' ||
+		parser.buffer[parser.buffer_pos] == '&' || parser.buffer[parser.buffer_pos] == '=' ||
+		parser.buffer[parser.buffer_pos] == '+' || parser.buffer[parser.buffer_pos] == '$' ||
+		parser.buffer[parser.buffer_pos] == ',' || parser.buffer[parser.buffer_pos] == '.' ||
+		parser.buffer[parser.buffer_pos] == '!' || parser.buffer[parser.buffer_pos] == '~' ||
+		parser.buffer[parser.buffer_pos] == '*' || parser.buffer[parser.buffer_pos] == '\'' ||
+		parser.buffer[parser.buffer_pos] == '(' || parser.buffer[parser.buffer_pos] == ')' ||
+		parser.buffer[parser.buffer_pos] == '[' || parser.buffer[parser.buffer_pos] == ']' ||
+		parser.buffer[parser.buffer_pos] == '%' {
+		// Check if it is a URI-escape sequence.
+		if parser.buffer[parser.buffer_pos] == '%' {
+			if !yaml_parser_scan_uri_escapes(parser, directive, start_mark, &s) {
+				return false
+			}
+		} else {
+			s = read(parser, s)
+		}
+		if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) {
+			return false
+		}
+		hasTag = true
+	}
+
+	if !hasTag {
+		yaml_parser_set_scanner_tag_error(parser, directive,
+			start_mark, "did not find expected tag URI")
+		return false
+	}
+	*uri = s
+	return true
+}
+
+// Decode an URI-escape sequence corresponding to a single UTF-8 character.
+func yaml_parser_scan_uri_escapes(parser *yaml_parser_t, directive bool, start_mark yaml_mark_t, s *[]byte) bool {
+
+	// Decode the required number of characters.
+	w := 1024
+	for w > 0 {
+		// Check for a URI-escaped octet.
+		if parser.unread < 3 && !yaml_parser_update_buffer(parser, 3) {
+			return false
+		}
+
+		if !(parser.buffer[parser.buffer_pos] == '%' &&
+			is_hex(parser.buffer, parser.buffer_pos+1) &&
+			is_hex(parser.buffer, parser.buffer_pos+2)) {
+			return yaml_parser_set_scanner_tag_error(parser, directive,
+				start_mark, "did not find URI escaped octet")
+		}
+
+		// Get the octet.
+		octet := byte((as_hex(parser.buffer, parser.buffer_pos+1) << 4) + as_hex(parser.buffer, parser.buffer_pos+2))
+
+		// If it is the leading octet, determine the length of the UTF-8 sequence.
+		if w == 1024 {
+			w = width(octet)
+			if w == 0 {
+				return yaml_parser_set_scanner_tag_error(parser, directive,
+					start_mark, "found an incorrect leading UTF-8 octet")
+			}
+		} else {
+			// Check if the trailing octet is correct.
+			if octet&0xC0 != 0x80 {
+				return yaml_parser_set_scanner_tag_error(parser, directive,
+					start_mark, "found an incorrect trailing UTF-8 octet")
+			}
+		}
+
+		// Copy the octet and move the pointers.
+		*s = append(*s, octet)
+		skip(parser)
+		skip(parser)
+		skip(parser)
+		w--
+	}
+	return true
+}
+
+// Scan a block scalar.
+func yaml_parser_scan_block_scalar(parser *yaml_parser_t, token *yaml_token_t, literal bool) bool {
+	// Eat the indicator '|' or '>'.
+	start_mark := parser.mark
+	skip(parser)
+
+	// Scan the additional block scalar indicators.
+	if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) {
+		return false
+	}
+
+	// Check for a chomping indicator.
+	var chomping, increment int
+	if parser.buffer[parser.buffer_pos] == '+' || parser.buffer[parser.buffer_pos] == '-' {
+		// Set the chomping method and eat the indicator.
+		if parser.buffer[parser.buffer_pos] == '+' {
+			chomping = +1
+		} else {
+			chomping = -1
+		}
+		skip(parser)
+
+		// Check for an indentation indicator.
+		if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) {
+			return false
+		}
+		if is_digit(parser.buffer, parser.buffer_pos) {
+			// Check that the indentation is greater than 0.
+			if parser.buffer[parser.buffer_pos] == '0' {
+				yaml_parser_set_scanner_error(parser, "while scanning a block scalar",
+					start_mark, "found an indentation indicator equal to 0")
+				return false
+			}
+
+			// Get the indentation level and eat the indicator.
+			increment = as_digit(parser.buffer, parser.buffer_pos)
+			skip(parser)
+		}
+
+	} else if is_digit(parser.buffer, parser.buffer_pos) {
+		// Do the same as above, but in the opposite order.
+
+		if parser.buffer[parser.buffer_pos] == '0' {
+			yaml_parser_set_scanner_error(parser, "while scanning a block scalar",
+				start_mark, "found an indentation indicator equal to 0")
+			return false
+		}
+		increment = as_digit(parser.buffer, parser.buffer_pos)
+		skip(parser)
+
+		if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) {
+			return false
+		}
+		if parser.buffer[parser.buffer_pos] == '+' || parser.buffer[parser.buffer_pos] == '-' {
+			if parser.buffer[parser.buffer_pos] == '+' {
+				chomping = +1
+			} else {
+				chomping = -1
+			}
+			skip(parser)
+		}
+	}
+
+	// Eat whitespaces and comments to the end of the line.
+	if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) {
+		return false
+	}
+	for is_blank(parser.buffer, parser.buffer_pos) {
+		skip(parser)
+		if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) {
+			return false
+		}
+	}
+	if parser.buffer[parser.buffer_pos] == '#' {
+		for !is_breakz(parser.buffer, parser.buffer_pos) {
+			skip(parser)
+			if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) {
+				return false
+			}
+		}
+	}
+
+	// Check if we are at the end of the line.
+	if !is_breakz(parser.buffer, parser.buffer_pos) {
+		yaml_parser_set_scanner_error(parser, "while scanning a block scalar",
+			start_mark, "did not find expected comment or line break")
+		return false
+	}
+
+	// Eat a line break.
+	if is_break(parser.buffer, parser.buffer_pos) {
+		if parser.unread < 2 && !yaml_parser_update_buffer(parser, 2) {
+			return false
+		}
+		skip_line(parser)
+	}
+
+	end_mark := parser.mark
+
+	// Set the indentation level if it was specified.
+	var indent int
+	if increment > 0 {
+		if parser.indent >= 0 {
+			indent = parser.indent + increment
+		} else {
+			indent = increment
+		}
+	}
+
+	// Scan the leading line breaks and determine the indentation level if needed.
+	var s, leading_break, trailing_breaks []byte
+	if !yaml_parser_scan_block_scalar_breaks(parser, &indent, &trailing_breaks, start_mark, &end_mark) {
+		return false
+	}
+
+	// Scan the block scalar content.
+	if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) {
+		return false
+	}
+	var leading_blank, trailing_blank bool
+	for parser.mark.column == indent && !is_z(parser.buffer, parser.buffer_pos) {
+		// We are at the beginning of a non-empty line.
+
+		// Is it a trailing whitespace?
+		trailing_blank = is_blank(parser.buffer, parser.buffer_pos)
+
+		// Check if we need to fold the leading line break.
+		if !literal && !leading_blank && !trailing_blank && len(leading_break) > 0 && leading_break[0] == '\n' {
+			// Do we need to join the lines by space?
+			if len(trailing_breaks) == 0 {
+				s = append(s, ' ')
+			}
+		} else {
+			s = append(s, leading_break...)
+		}
+		leading_break = leading_break[:0]
+
+		// Append the remaining line breaks.
+		s = append(s, trailing_breaks...)
+		trailing_breaks = trailing_breaks[:0]
+
+		// Is it a leading whitespace?
+		leading_blank = is_blank(parser.buffer, parser.buffer_pos)
+
+		// Consume the current line.
+		for !is_breakz(parser.buffer, parser.buffer_pos) {
+			s = read(parser, s)
+			if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) {
+				return false
+			}
+		}
+
+		// Consume the line break.
+		if parser.unread < 2 && !yaml_parser_update_buffer(parser, 2) {
+			return false
+		}
+
+		leading_break = read_line(parser, leading_break)
+
+		// Eat the following indentation spaces and line breaks.
+		if !yaml_parser_scan_block_scalar_breaks(parser, &indent, &trailing_breaks, start_mark, &end_mark) {
+			return false
+		}
+	}
+
+	// Chomp the tail.
+	if chomping != -1 {
+		s = append(s, leading_break...)
+	}
+	if chomping == 1 {
+		s = append(s, trailing_breaks...)
+	}
+
+	// Create a token.
+	*token = yaml_token_t{
+		typ:        yaml_SCALAR_TOKEN,
+		start_mark: start_mark,
+		end_mark:   end_mark,
+		value:      s,
+		style:      yaml_LITERAL_SCALAR_STYLE,
+	}
+	if !literal {
+		token.style = yaml_FOLDED_SCALAR_STYLE
+	}
+	return true
+}
+
+// Scan indentation spaces and line breaks for a block scalar.  Determine the
+// indentation level if needed.
+func yaml_parser_scan_block_scalar_breaks(parser *yaml_parser_t, indent *int, breaks *[]byte, start_mark yaml_mark_t, end_mark *yaml_mark_t) bool {
+	*end_mark = parser.mark
+
+	// Eat the indentation spaces and line breaks.
+	max_indent := 0
+	for {
+		// Eat the indentation spaces.
+		if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) {
+			return false
+		}
+		for (*indent == 0 || parser.mark.column < *indent) && is_space(parser.buffer, parser.buffer_pos) {
+			skip(parser)
+			if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) {
+				return false
+			}
+		}
+		if parser.mark.column > max_indent {
+			max_indent = parser.mark.column
+		}
+
+		// Check for a tab character messing the indentation.
+		if (*indent == 0 || parser.mark.column < *indent) && is_tab(parser.buffer, parser.buffer_pos) {
+			return yaml_parser_set_scanner_error(parser, "while scanning a block scalar",
+				start_mark, "found a tab character where an indentation space is expected")
+		}
+
+		// Have we found a non-empty line?
+		if !is_break(parser.buffer, parser.buffer_pos) {
+			break
+		}
+
+		// Consume the line break.
+		if parser.unread < 2 && !yaml_parser_update_buffer(parser, 2) {
+			return false
+		}
+		// [Go] Should really be returning breaks instead.
+		*breaks = read_line(parser, *breaks)
+		*end_mark = parser.mark
+	}
+
+	// Determine the indentation level if needed.
+	if *indent == 0 {
+		*indent = max_indent
+		if *indent < parser.indent+1 {
+			*indent = parser.indent + 1
+		}
+		if *indent < 1 {
+			*indent = 1
+		}
+	}
+	return true
+}
+
+// Scan a quoted scalar.
+func yaml_parser_scan_flow_scalar(parser *yaml_parser_t, token *yaml_token_t, single bool) bool {
+	// Eat the left quote.
+	start_mark := parser.mark
+	skip(parser)
+
+	// Consume the content of the quoted scalar.
+	var s, leading_break, trailing_breaks, whitespaces []byte
+	for {
+		// Check that there are no document indicators at the beginning of the line.
+		if parser.unread < 4 && !yaml_parser_update_buffer(parser, 4) {
+			return false
+		}
+
+		if parser.mark.column == 0 &&
+			((parser.buffer[parser.buffer_pos+0] == '-' &&
+				parser.buffer[parser.buffer_pos+1] == '-' &&
+				parser.buffer[parser.buffer_pos+2] == '-') ||
+				(parser.buffer[parser.buffer_pos+0] == '.' &&
+					parser.buffer[parser.buffer_pos+1] == '.' &&
+					parser.buffer[parser.buffer_pos+2] == '.')) &&
+			is_blankz(parser.buffer, parser.buffer_pos+3) {
+			yaml_parser_set_scanner_error(parser, "while scanning a quoted scalar",
+				start_mark, "found unexpected document indicator")
+			return false
+		}
+
+		// Check for EOF.
+		if is_z(parser.buffer, parser.buffer_pos) {
+			yaml_parser_set_scanner_error(parser, "while scanning a quoted scalar",
+				start_mark, "found unexpected end of stream")
+			return false
+		}
+
+		// Consume non-blank characters.
+		leading_blanks := false
+		for !is_blankz(parser.buffer, parser.buffer_pos) {
+			if single && parser.buffer[parser.buffer_pos] == '\'' && parser.buffer[parser.buffer_pos+1] == '\'' {
+				// Is is an escaped single quote.
+				s = append(s, '\'')
+				skip(parser)
+				skip(parser)
+
+			} else if single && parser.buffer[parser.buffer_pos] == '\'' {
+				// It is a right single quote.
+				break
+			} else if !single && parser.buffer[parser.buffer_pos] == '"' {
+				// It is a right double quote.
+				break
+
+			} else if !single && parser.buffer[parser.buffer_pos] == '\\' && is_break(parser.buffer, parser.buffer_pos+1) {
+				// It is an escaped line break.
+				if parser.unread < 3 && !yaml_parser_update_buffer(parser, 3) {
+					return false
+				}
+				skip(parser)
+				skip_line(parser)
+				leading_blanks = true
+				break
+
+			} else if !single && parser.buffer[parser.buffer_pos] == '\\' {
+				// It is an escape sequence.
+				code_length := 0
+
+				// Check the escape character.
+				switch parser.buffer[parser.buffer_pos+1] {
+				case '0':
+					s = append(s, 0)
+				case 'a':
+					s = append(s, '\x07')
+				case 'b':
+					s = append(s, '\x08')
+				case 't', '\t':
+					s = append(s, '\x09')
+				case 'n':
+					s = append(s, '\x0A')
+				case 'v':
+					s = append(s, '\x0B')
+				case 'f':
+					s = append(s, '\x0C')
+				case 'r':
+					s = append(s, '\x0D')
+				case 'e':
+					s = append(s, '\x1B')
+				case ' ':
+					s = append(s, '\x20')
+				case '"':
+					s = append(s, '"')
+				case '\'':
+					s = append(s, '\'')
+				case '\\':
+					s = append(s, '\\')
+				case 'N': // NEL (#x85)
+					s = append(s, '\xC2')
+					s = append(s, '\x85')
+				case '_': // #xA0
+					s = append(s, '\xC2')
+					s = append(s, '\xA0')
+				case 'L': // LS (#x2028)
+					s = append(s, '\xE2')
+					s = append(s, '\x80')
+					s = append(s, '\xA8')
+				case 'P': // PS (#x2029)
+					s = append(s, '\xE2')
+					s = append(s, '\x80')
+					s = append(s, '\xA9')
+				case 'x':
+					code_length = 2
+				case 'u':
+					code_length = 4
+				case 'U':
+					code_length = 8
+				default:
+					yaml_parser_set_scanner_error(parser, "while parsing a quoted scalar",
+						start_mark, "found unknown escape character")
+					return false
+				}
+
+				skip(parser)
+				skip(parser)
+
+				// Consume an arbitrary escape code.
+				if code_length > 0 {
+					var value int
+
+					// Scan the character value.
+					if parser.unread < code_length && !yaml_parser_update_buffer(parser, code_length) {
+						return false
+					}
+					for k := 0; k < code_length; k++ {
+						if !is_hex(parser.buffer, parser.buffer_pos+k) {
+							yaml_parser_set_scanner_error(parser, "while parsing a quoted scalar",
+								start_mark, "did not find expected hexdecimal number")
+							return false
+						}
+						value = (value << 4) + as_hex(parser.buffer, parser.buffer_pos+k)
+					}
+
+					// Check the value and write the character.
+					if (value >= 0xD800 && value <= 0xDFFF) || value > 0x10FFFF {
+						yaml_parser_set_scanner_error(parser, "while parsing a quoted scalar",
+							start_mark, "found invalid Unicode character escape code")
+						return false
+					}
+					if value <= 0x7F {
+						s = append(s, byte(value))
+					} else if value <= 0x7FF {
+						s = append(s, byte(0xC0+(value>>6)))
+						s = append(s, byte(0x80+(value&0x3F)))
+					} else if value <= 0xFFFF {
+						s = append(s, byte(0xE0+(value>>12)))
+						s = append(s, byte(0x80+((value>>6)&0x3F)))
+						s = append(s, byte(0x80+(value&0x3F)))
+					} else {
+						s = append(s, byte(0xF0+(value>>18)))
+						s = append(s, byte(0x80+((value>>12)&0x3F)))
+						s = append(s, byte(0x80+((value>>6)&0x3F)))
+						s = append(s, byte(0x80+(value&0x3F)))
+					}
+
+					// Advance the pointer.
+					for k := 0; k < code_length; k++ {
+						skip(parser)
+					}
+				}
+			} else {
+				// It is a non-escaped non-blank character.
+				s = read(parser, s)
+			}
+			if parser.unread < 2 && !yaml_parser_update_buffer(parser, 2) {
+				return false
+			}
+		}
+
+		if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) {
+			return false
+		}
+
+		// Check if we are at the end of the scalar.
+		if single {
+			if parser.buffer[parser.buffer_pos] == '\'' {
+				break
+			}
+		} else {
+			if parser.buffer[parser.buffer_pos] == '"' {
+				break
+			}
+		}
+
+		// Consume blank characters.
+		for is_blank(parser.buffer, parser.buffer_pos) || is_break(parser.buffer, parser.buffer_pos) {
+			if is_blank(parser.buffer, parser.buffer_pos) {
+				// Consume a space or a tab character.
+				if !leading_blanks {
+					whitespaces = read(parser, whitespaces)
+				} else {
+					skip(parser)
+				}
+			} else {
+				if parser.unread < 2 && !yaml_parser_update_buffer(parser, 2) {
+					return false
+				}
+
+				// Check if it is a first line break.
+				if !leading_blanks {
+					whitespaces = whitespaces[:0]
+					leading_break = read_line(parser, leading_break)
+					leading_blanks = true
+				} else {
+					trailing_breaks = read_line(parser, trailing_breaks)
+				}
+			}
+			if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) {
+				return false
+			}
+		}
+
+		// Join the whitespaces or fold line breaks.
+		if leading_blanks {
+			// Do we need to fold line breaks?
+			if len(leading_break) > 0 && leading_break[0] == '\n' {
+				if len(trailing_breaks) == 0 {
+					s = append(s, ' ')
+				} else {
+					s = append(s, trailing_breaks...)
+				}
+			} else {
+				s = append(s, leading_break...)
+				s = append(s, trailing_breaks...)
+			}
+			trailing_breaks = trailing_breaks[:0]
+			leading_break = leading_break[:0]
+		} else {
+			s = append(s, whitespaces...)
+			whitespaces = whitespaces[:0]
+		}
+	}
+
+	// Eat the right quote.
+	skip(parser)
+	end_mark := parser.mark
+
+	// Create a token.
+	*token = yaml_token_t{
+		typ:        yaml_SCALAR_TOKEN,
+		start_mark: start_mark,
+		end_mark:   end_mark,
+		value:      s,
+		style:      yaml_SINGLE_QUOTED_SCALAR_STYLE,
+	}
+	if !single {
+		token.style = yaml_DOUBLE_QUOTED_SCALAR_STYLE
+	}
+	return true
+}
+
+// Scan a plain scalar.
+func yaml_parser_scan_plain_scalar(parser *yaml_parser_t, token *yaml_token_t) bool {
+
+	var s, leading_break, trailing_breaks, whitespaces []byte
+	var leading_blanks bool
+	var indent = parser.indent + 1
+
+	start_mark := parser.mark
+	end_mark := parser.mark
+
+	// Consume the content of the plain scalar.
+	for {
+		// Check for a document indicator.
+		if parser.unread < 4 && !yaml_parser_update_buffer(parser, 4) {
+			return false
+		}
+		if parser.mark.column == 0 &&
+			((parser.buffer[parser.buffer_pos+0] == '-' &&
+				parser.buffer[parser.buffer_pos+1] == '-' &&
+				parser.buffer[parser.buffer_pos+2] == '-') ||
+				(parser.buffer[parser.buffer_pos+0] == '.' &&
+					parser.buffer[parser.buffer_pos+1] == '.' &&
+					parser.buffer[parser.buffer_pos+2] == '.')) &&
+			is_blankz(parser.buffer, parser.buffer_pos+3) {
+			break
+		}
+
+		// Check for a comment.
+		if parser.buffer[parser.buffer_pos] == '#' {
+			break
+		}
+
+		// Consume non-blank characters.
+		for !is_blankz(parser.buffer, parser.buffer_pos) {
+
+			// Check for indicators that may end a plain scalar.
+			if (parser.buffer[parser.buffer_pos] == ':' && is_blankz(parser.buffer, parser.buffer_pos+1)) ||
+				(parser.flow_level > 0 &&
+					(parser.buffer[parser.buffer_pos] == ',' ||
+						parser.buffer[parser.buffer_pos] == '?' || parser.buffer[parser.buffer_pos] == '[' ||
+						parser.buffer[parser.buffer_pos] == ']' || parser.buffer[parser.buffer_pos] == '{' ||
+						parser.buffer[parser.buffer_pos] == '}')) {
+				break
+			}
+
+			// Check if we need to join whitespaces and breaks.
+			if leading_blanks || len(whitespaces) > 0 {
+				if leading_blanks {
+					// Do we need to fold line breaks?
+					if leading_break[0] == '\n' {
+						if len(trailing_breaks) == 0 {
+							s = append(s, ' ')
+						} else {
+							s = append(s, trailing_breaks...)
+						}
+					} else {
+						s = append(s, leading_break...)
+						s = append(s, trailing_breaks...)
+					}
+					trailing_breaks = trailing_breaks[:0]
+					leading_break = leading_break[:0]
+					leading_blanks = false
+				} else {
+					s = append(s, whitespaces...)
+					whitespaces = whitespaces[:0]
+				}
+			}
+
+			// Copy the character.
+			s = read(parser, s)
+
+			end_mark = parser.mark
+			if parser.unread < 2 && !yaml_parser_update_buffer(parser, 2) {
+				return false
+			}
+		}
+
+		// Is it the end?
+		if !(is_blank(parser.buffer, parser.buffer_pos) || is_break(parser.buffer, parser.buffer_pos)) {
+			break
+		}
+
+		// Consume blank characters.
+		if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) {
+			return false
+		}
+
+		for is_blank(parser.buffer, parser.buffer_pos) || is_break(parser.buffer, parser.buffer_pos) {
+			if is_blank(parser.buffer, parser.buffer_pos) {
+
+				// Check for tab characters that abuse indentation.
+				if leading_blanks && parser.mark.column < indent && is_tab(parser.buffer, parser.buffer_pos) {
+					yaml_parser_set_scanner_error(parser, "while scanning a plain scalar",
+						start_mark, "found a tab character that violates indentation")
+					return false
+				}
+
+				// Consume a space or a tab character.
+				if !leading_blanks {
+					whitespaces = read(parser, whitespaces)
+				} else {
+					skip(parser)
+				}
+			} else {
+				if parser.unread < 2 && !yaml_parser_update_buffer(parser, 2) {
+					return false
+				}
+
+				// Check if it is a first line break.
+				if !leading_blanks {
+					whitespaces = whitespaces[:0]
+					leading_break = read_line(parser, leading_break)
+					leading_blanks = true
+				} else {
+					trailing_breaks = read_line(parser, trailing_breaks)
+				}
+			}
+			if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) {
+				return false
+			}
+		}
+
+		// Check indentation level.
+		if parser.flow_level == 0 && parser.mark.column < indent {
+			break
+		}
+	}
+
+	// Create a token.
+	*token = yaml_token_t{
+		typ:        yaml_SCALAR_TOKEN,
+		start_mark: start_mark,
+		end_mark:   end_mark,
+		value:      s,
+		style:      yaml_PLAIN_SCALAR_STYLE,
+	}
+
+	// Note that we change the 'simple_key_allowed' flag.
+	if leading_blanks {
+		parser.simple_key_allowed = true
+	}
+	return true
+}
diff --git a/vendor/sigs.k8s.io/yaml/goyaml.v2/sorter.go b/vendor/sigs.k8s.io/yaml/goyaml.v2/sorter.go
new file mode 100644
index 000000000..4c45e660a
--- /dev/null
+++ b/vendor/sigs.k8s.io/yaml/goyaml.v2/sorter.go
@@ -0,0 +1,113 @@
+package yaml
+
+import (
+	"reflect"
+	"unicode"
+)
+
+type keyList []reflect.Value
+
+func (l keyList) Len() int      { return len(l) }
+func (l keyList) Swap(i, j int) { l[i], l[j] = l[j], l[i] }
+func (l keyList) Less(i, j int) bool {
+	a := l[i]
+	b := l[j]
+	ak := a.Kind()
+	bk := b.Kind()
+	for (ak == reflect.Interface || ak == reflect.Ptr) && !a.IsNil() {
+		a = a.Elem()
+		ak = a.Kind()
+	}
+	for (bk == reflect.Interface || bk == reflect.Ptr) && !b.IsNil() {
+		b = b.Elem()
+		bk = b.Kind()
+	}
+	af, aok := keyFloat(a)
+	bf, bok := keyFloat(b)
+	if aok && bok {
+		if af != bf {
+			return af < bf
+		}
+		if ak != bk {
+			return ak < bk
+		}
+		return numLess(a, b)
+	}
+	if ak != reflect.String || bk != reflect.String {
+		return ak < bk
+	}
+	ar, br := []rune(a.String()), []rune(b.String())
+	for i := 0; i < len(ar) && i < len(br); i++ {
+		if ar[i] == br[i] {
+			continue
+		}
+		al := unicode.IsLetter(ar[i])
+		bl := unicode.IsLetter(br[i])
+		if al && bl {
+			return ar[i] < br[i]
+		}
+		if al || bl {
+			return bl
+		}
+		var ai, bi int
+		var an, bn int64
+		if ar[i] == '0' || br[i] == '0' {
+			for j := i-1; j >= 0 && unicode.IsDigit(ar[j]); j-- {
+				if ar[j] != '0' {
+					an = 1
+					bn = 1
+					break
+				}
+			}
+		}
+		for ai = i; ai < len(ar) && unicode.IsDigit(ar[ai]); ai++ {
+			an = an*10 + int64(ar[ai]-'0')
+		}
+		for bi = i; bi < len(br) && unicode.IsDigit(br[bi]); bi++ {
+			bn = bn*10 + int64(br[bi]-'0')
+		}
+		if an != bn {
+			return an < bn
+		}
+		if ai != bi {
+			return ai < bi
+		}
+		return ar[i] < br[i]
+	}
+	return len(ar) < len(br)
+}
+
+// keyFloat returns a float value for v if it is a number/bool
+// and whether it is a number/bool or not.
+func keyFloat(v reflect.Value) (f float64, ok bool) {
+	switch v.Kind() {
+	case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64:
+		return float64(v.Int()), true
+	case reflect.Float32, reflect.Float64:
+		return v.Float(), true
+	case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr:
+		return float64(v.Uint()), true
+	case reflect.Bool:
+		if v.Bool() {
+			return 1, true
+		}
+		return 0, true
+	}
+	return 0, false
+}
+
+// numLess returns whether a < b.
+// a and b must necessarily have the same kind.
+func numLess(a, b reflect.Value) bool {
+	switch a.Kind() {
+	case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64:
+		return a.Int() < b.Int()
+	case reflect.Float32, reflect.Float64:
+		return a.Float() < b.Float()
+	case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr:
+		return a.Uint() < b.Uint()
+	case reflect.Bool:
+		return !a.Bool() && b.Bool()
+	}
+	panic("not a number")
+}
diff --git a/vendor/sigs.k8s.io/yaml/goyaml.v2/writerc.go b/vendor/sigs.k8s.io/yaml/goyaml.v2/writerc.go
new file mode 100644
index 000000000..a2dde608c
--- /dev/null
+++ b/vendor/sigs.k8s.io/yaml/goyaml.v2/writerc.go
@@ -0,0 +1,26 @@
+package yaml
+
+// Set the writer error and return false.
+func yaml_emitter_set_writer_error(emitter *yaml_emitter_t, problem string) bool {
+	emitter.error = yaml_WRITER_ERROR
+	emitter.problem = problem
+	return false
+}
+
+// Flush the output buffer.
+func yaml_emitter_flush(emitter *yaml_emitter_t) bool {
+	if emitter.write_handler == nil {
+		panic("write handler not set")
+	}
+
+	// Check if the buffer is empty.
+	if emitter.buffer_pos == 0 {
+		return true
+	}
+
+	if err := emitter.write_handler(emitter, emitter.buffer[:emitter.buffer_pos]); err != nil {
+		return yaml_emitter_set_writer_error(emitter, "write error: "+err.Error())
+	}
+	emitter.buffer_pos = 0
+	return true
+}
diff --git a/vendor/sigs.k8s.io/yaml/goyaml.v2/yaml.go b/vendor/sigs.k8s.io/yaml/goyaml.v2/yaml.go
new file mode 100644
index 000000000..30813884c
--- /dev/null
+++ b/vendor/sigs.k8s.io/yaml/goyaml.v2/yaml.go
@@ -0,0 +1,478 @@
+// Package yaml implements YAML support for the Go language.
+//
+// Source code and other details for the project are available at GitHub:
+//
+//   https://github.com/go-yaml/yaml
+//
+package yaml
+
+import (
+	"errors"
+	"fmt"
+	"io"
+	"reflect"
+	"strings"
+	"sync"
+)
+
+// MapSlice encodes and decodes as a YAML map.
+// The order of keys is preserved when encoding and decoding.
+type MapSlice []MapItem
+
+// MapItem is an item in a MapSlice.
+type MapItem struct {
+	Key, Value interface{}
+}
+
+// The Unmarshaler interface may be implemented by types to customize their
+// behavior when being unmarshaled from a YAML document. The UnmarshalYAML
+// method receives a function that may be called to unmarshal the original
+// YAML value into a field or variable. It is safe to call the unmarshal
+// function parameter more than once if necessary.
+type Unmarshaler interface {
+	UnmarshalYAML(unmarshal func(interface{}) error) error
+}
+
+// The Marshaler interface may be implemented by types to customize their
+// behavior when being marshaled into a YAML document. The returned value
+// is marshaled in place of the original value implementing Marshaler.
+//
+// If an error is returned by MarshalYAML, the marshaling procedure stops
+// and returns with the provided error.
+type Marshaler interface {
+	MarshalYAML() (interface{}, error)
+}
+
+// Unmarshal decodes the first document found within the in byte slice
+// and assigns decoded values into the out value.
+//
+// Maps and pointers (to a struct, string, int, etc) are accepted as out
+// values. If an internal pointer within a struct is not initialized,
+// the yaml package will initialize it if necessary for unmarshalling
+// the provided data. The out parameter must not be nil.
+//
+// The type of the decoded values should be compatible with the respective
+// values in out. If one or more values cannot be decoded due to a type
+// mismatches, decoding continues partially until the end of the YAML
+// content, and a *yaml.TypeError is returned with details for all
+// missed values.
+//
+// Struct fields are only unmarshalled if they are exported (have an
+// upper case first letter), and are unmarshalled using the field name
+// lowercased as the default key. Custom keys may be defined via the
+// "yaml" name in the field tag: the content preceding the first comma
+// is used as the key, and the following comma-separated options are
+// used to tweak the marshalling process (see Marshal).
+// Conflicting names result in a runtime error.
+//
+// For example:
+//
+//     type T struct {
+//         F int `yaml:"a,omitempty"`
+//         B int
+//     }
+//     var t T
+//     yaml.Unmarshal([]byte("a: 1\nb: 2"), &t)
+//
+// See the documentation of Marshal for the format of tags and a list of
+// supported tag options.
+//
+func Unmarshal(in []byte, out interface{}) (err error) {
+	return unmarshal(in, out, false)
+}
+
+// UnmarshalStrict is like Unmarshal except that any fields that are found
+// in the data that do not have corresponding struct members, or mapping
+// keys that are duplicates, will result in
+// an error.
+func UnmarshalStrict(in []byte, out interface{}) (err error) {
+	return unmarshal(in, out, true)
+}
+
+// A Decoder reads and decodes YAML values from an input stream.
+type Decoder struct {
+	strict bool
+	parser *parser
+}
+
+// NewDecoder returns a new decoder that reads from r.
+//
+// The decoder introduces its own buffering and may read
+// data from r beyond the YAML values requested.
+func NewDecoder(r io.Reader) *Decoder {
+	return &Decoder{
+		parser: newParserFromReader(r),
+	}
+}
+
+// SetStrict sets whether strict decoding behaviour is enabled when
+// decoding items in the data (see UnmarshalStrict). By default, decoding is not strict.
+func (dec *Decoder) SetStrict(strict bool) {
+	dec.strict = strict
+}
+
+// Decode reads the next YAML-encoded value from its input
+// and stores it in the value pointed to by v.
+//
+// See the documentation for Unmarshal for details about the
+// conversion of YAML into a Go value.
+func (dec *Decoder) Decode(v interface{}) (err error) {
+	d := newDecoder(dec.strict)
+	defer handleErr(&err)
+	node := dec.parser.parse()
+	if node == nil {
+		return io.EOF
+	}
+	out := reflect.ValueOf(v)
+	if out.Kind() == reflect.Ptr && !out.IsNil() {
+		out = out.Elem()
+	}
+	d.unmarshal(node, out)
+	if len(d.terrors) > 0 {
+		return &TypeError{d.terrors}
+	}
+	return nil
+}
+
+func unmarshal(in []byte, out interface{}, strict bool) (err error) {
+	defer handleErr(&err)
+	d := newDecoder(strict)
+	p := newParser(in)
+	defer p.destroy()
+	node := p.parse()
+	if node != nil {
+		v := reflect.ValueOf(out)
+		if v.Kind() == reflect.Ptr && !v.IsNil() {
+			v = v.Elem()
+		}
+		d.unmarshal(node, v)
+	}
+	if len(d.terrors) > 0 {
+		return &TypeError{d.terrors}
+	}
+	return nil
+}
+
+// Marshal serializes the value provided into a YAML document. The structure
+// of the generated document will reflect the structure of the value itself.
+// Maps and pointers (to struct, string, int, etc) are accepted as the in value.
+//
+// Struct fields are only marshalled if they are exported (have an upper case
+// first letter), and are marshalled using the field name lowercased as the
+// default key. Custom keys may be defined via the "yaml" name in the field
+// tag: the content preceding the first comma is used as the key, and the
+// following comma-separated options are used to tweak the marshalling process.
+// Conflicting names result in a runtime error.
+//
+// The field tag format accepted is:
+//
+//     `(...) yaml:"[<key>][,<flag1>[,<flag2>]]" (...)`
+//
+// The following flags are currently supported:
+//
+//     omitempty    Only include the field if it's not set to the zero
+//                  value for the type or to empty slices or maps.
+//                  Zero valued structs will be omitted if all their public
+//                  fields are zero, unless they implement an IsZero
+//                  method (see the IsZeroer interface type), in which
+//                  case the field will be excluded if IsZero returns true.
+//
+//     flow         Marshal using a flow style (useful for structs,
+//                  sequences and maps).
+//
+//     inline       Inline the field, which must be a struct or a map,
+//                  causing all of its fields or keys to be processed as if
+//                  they were part of the outer struct. For maps, keys must
+//                  not conflict with the yaml keys of other struct fields.
+//
+// In addition, if the key is "-", the field is ignored.
+//
+// For example:
+//
+//     type T struct {
+//         F int `yaml:"a,omitempty"`
+//         B int
+//     }
+//     yaml.Marshal(&T{B: 2}) // Returns "b: 2\n"
+//     yaml.Marshal(&T{F: 1}} // Returns "a: 1\nb: 0\n"
+//
+func Marshal(in interface{}) (out []byte, err error) {
+	defer handleErr(&err)
+	e := newEncoder()
+	defer e.destroy()
+	e.marshalDoc("", reflect.ValueOf(in))
+	e.finish()
+	out = e.out
+	return
+}
+
+// An Encoder writes YAML values to an output stream.
+type Encoder struct {
+	encoder *encoder
+}
+
+// NewEncoder returns a new encoder that writes to w.
+// The Encoder should be closed after use to flush all data
+// to w.
+func NewEncoder(w io.Writer) *Encoder {
+	return &Encoder{
+		encoder: newEncoderWithWriter(w),
+	}
+}
+
+// Encode writes the YAML encoding of v to the stream.
+// If multiple items are encoded to the stream, the
+// second and subsequent document will be preceded
+// with a "---" document separator, but the first will not.
+//
+// See the documentation for Marshal for details about the conversion of Go
+// values to YAML.
+func (e *Encoder) Encode(v interface{}) (err error) {
+	defer handleErr(&err)
+	e.encoder.marshalDoc("", reflect.ValueOf(v))
+	return nil
+}
+
+// Close closes the encoder by writing any remaining data.
+// It does not write a stream terminating string "...".
+func (e *Encoder) Close() (err error) {
+	defer handleErr(&err)
+	e.encoder.finish()
+	return nil
+}
+
+func handleErr(err *error) {
+	if v := recover(); v != nil {
+		if e, ok := v.(yamlError); ok {
+			*err = e.err
+		} else {
+			panic(v)
+		}
+	}
+}
+
+type yamlError struct {
+	err error
+}
+
+func fail(err error) {
+	panic(yamlError{err})
+}
+
+func failf(format string, args ...interface{}) {
+	panic(yamlError{fmt.Errorf("yaml: "+format, args...)})
+}
+
+// A TypeError is returned by Unmarshal when one or more fields in
+// the YAML document cannot be properly decoded into the requested
+// types. When this error is returned, the value is still
+// unmarshaled partially.
+type TypeError struct {
+	Errors []string
+}
+
+func (e *TypeError) Error() string {
+	return fmt.Sprintf("yaml: unmarshal errors:\n  %s", strings.Join(e.Errors, "\n  "))
+}
+
+// --------------------------------------------------------------------------
+// Maintain a mapping of keys to structure field indexes
+
+// The code in this section was copied from mgo/bson.
+
+// structInfo holds details for the serialization of fields of
+// a given struct.
+type structInfo struct {
+	FieldsMap  map[string]fieldInfo
+	FieldsList []fieldInfo
+
+	// InlineMap is the number of the field in the struct that
+	// contains an ,inline map, or -1 if there's none.
+	InlineMap int
+}
+
+type fieldInfo struct {
+	Key       string
+	Num       int
+	OmitEmpty bool
+	Flow      bool
+	// Id holds the unique field identifier, so we can cheaply
+	// check for field duplicates without maintaining an extra map.
+	Id int
+
+	// Inline holds the field index if the field is part of an inlined struct.
+	Inline []int
+}
+
+var structMap = make(map[reflect.Type]*structInfo)
+var fieldMapMutex sync.RWMutex
+
+func getStructInfo(st reflect.Type) (*structInfo, error) {
+	fieldMapMutex.RLock()
+	sinfo, found := structMap[st]
+	fieldMapMutex.RUnlock()
+	if found {
+		return sinfo, nil
+	}
+
+	n := st.NumField()
+	fieldsMap := make(map[string]fieldInfo)
+	fieldsList := make([]fieldInfo, 0, n)
+	inlineMap := -1
+	for i := 0; i != n; i++ {
+		field := st.Field(i)
+		if field.PkgPath != "" && !field.Anonymous {
+			continue // Private field
+		}
+
+		info := fieldInfo{Num: i}
+
+		tag := field.Tag.Get("yaml")
+		if tag == "" && strings.Index(string(field.Tag), ":") < 0 {
+			tag = string(field.Tag)
+		}
+		if tag == "-" {
+			continue
+		}
+
+		inline := false
+		fields := strings.Split(tag, ",")
+		if len(fields) > 1 {
+			for _, flag := range fields[1:] {
+				switch flag {
+				case "omitempty":
+					info.OmitEmpty = true
+				case "flow":
+					info.Flow = true
+				case "inline":
+					inline = true
+				default:
+					return nil, errors.New(fmt.Sprintf("Unsupported flag %q in tag %q of type %s", flag, tag, st))
+				}
+			}
+			tag = fields[0]
+		}
+
+		if inline {
+			switch field.Type.Kind() {
+			case reflect.Map:
+				if inlineMap >= 0 {
+					return nil, errors.New("Multiple ,inline maps in struct " + st.String())
+				}
+				if field.Type.Key() != reflect.TypeOf("") {
+					return nil, errors.New("Option ,inline needs a map with string keys in struct " + st.String())
+				}
+				inlineMap = info.Num
+			case reflect.Struct:
+				sinfo, err := getStructInfo(field.Type)
+				if err != nil {
+					return nil, err
+				}
+				for _, finfo := range sinfo.FieldsList {
+					if _, found := fieldsMap[finfo.Key]; found {
+						msg := "Duplicated key '" + finfo.Key + "' in struct " + st.String()
+						return nil, errors.New(msg)
+					}
+					if finfo.Inline == nil {
+						finfo.Inline = []int{i, finfo.Num}
+					} else {
+						finfo.Inline = append([]int{i}, finfo.Inline...)
+					}
+					finfo.Id = len(fieldsList)
+					fieldsMap[finfo.Key] = finfo
+					fieldsList = append(fieldsList, finfo)
+				}
+			default:
+				//return nil, errors.New("Option ,inline needs a struct value or map field")
+				return nil, errors.New("Option ,inline needs a struct value field")
+			}
+			continue
+		}
+
+		if tag != "" {
+			info.Key = tag
+		} else {
+			info.Key = strings.ToLower(field.Name)
+		}
+
+		if _, found = fieldsMap[info.Key]; found {
+			msg := "Duplicated key '" + info.Key + "' in struct " + st.String()
+			return nil, errors.New(msg)
+		}
+
+		info.Id = len(fieldsList)
+		fieldsList = append(fieldsList, info)
+		fieldsMap[info.Key] = info
+	}
+
+	sinfo = &structInfo{
+		FieldsMap:  fieldsMap,
+		FieldsList: fieldsList,
+		InlineMap:  inlineMap,
+	}
+
+	fieldMapMutex.Lock()
+	structMap[st] = sinfo
+	fieldMapMutex.Unlock()
+	return sinfo, nil
+}
+
+// IsZeroer is used to check whether an object is zero to
+// determine whether it should be omitted when marshaling
+// with the omitempty flag. One notable implementation
+// is time.Time.
+type IsZeroer interface {
+	IsZero() bool
+}
+
+func isZero(v reflect.Value) bool {
+	kind := v.Kind()
+	if z, ok := v.Interface().(IsZeroer); ok {
+		if (kind == reflect.Ptr || kind == reflect.Interface) && v.IsNil() {
+			return true
+		}
+		return z.IsZero()
+	}
+	switch kind {
+	case reflect.String:
+		return len(v.String()) == 0
+	case reflect.Interface, reflect.Ptr:
+		return v.IsNil()
+	case reflect.Slice:
+		return v.Len() == 0
+	case reflect.Map:
+		return v.Len() == 0
+	case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64:
+		return v.Int() == 0
+	case reflect.Float32, reflect.Float64:
+		return v.Float() == 0
+	case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr:
+		return v.Uint() == 0
+	case reflect.Bool:
+		return !v.Bool()
+	case reflect.Struct:
+		vt := v.Type()
+		for i := v.NumField() - 1; i >= 0; i-- {
+			if vt.Field(i).PkgPath != "" {
+				continue // Private field
+			}
+			if !isZero(v.Field(i)) {
+				return false
+			}
+		}
+		return true
+	}
+	return false
+}
+
+// FutureLineWrap globally disables line wrapping when encoding long strings.
+// This is a temporary and thus deprecated method introduced to faciliate
+// migration towards v3, which offers more control of line lengths on
+// individual encodings, and has a default matching the behavior introduced
+// by this function.
+//
+// The default formatting of v2 was erroneously changed in v2.3.0 and reverted
+// in v2.4.0, at which point this function was introduced to help migration.
+func FutureLineWrap() {
+	disableLineWrapping = true
+}
diff --git a/vendor/sigs.k8s.io/yaml/goyaml.v2/yamlh.go b/vendor/sigs.k8s.io/yaml/goyaml.v2/yamlh.go
new file mode 100644
index 000000000..f6a9c8e34
--- /dev/null
+++ b/vendor/sigs.k8s.io/yaml/goyaml.v2/yamlh.go
@@ -0,0 +1,739 @@
+package yaml
+
+import (
+	"fmt"
+	"io"
+)
+
+// The version directive data.
+type yaml_version_directive_t struct {
+	major int8 // The major version number.
+	minor int8 // The minor version number.
+}
+
+// The tag directive data.
+type yaml_tag_directive_t struct {
+	handle []byte // The tag handle.
+	prefix []byte // The tag prefix.
+}
+
+type yaml_encoding_t int
+
+// The stream encoding.
+const (
+	// Let the parser choose the encoding.
+	yaml_ANY_ENCODING yaml_encoding_t = iota
+
+	yaml_UTF8_ENCODING    // The default UTF-8 encoding.
+	yaml_UTF16LE_ENCODING // The UTF-16-LE encoding with BOM.
+	yaml_UTF16BE_ENCODING // The UTF-16-BE encoding with BOM.
+)
+
+type yaml_break_t int
+
+// Line break types.
+const (
+	// Let the parser choose the break type.
+	yaml_ANY_BREAK yaml_break_t = iota
+
+	yaml_CR_BREAK   // Use CR for line breaks (Mac style).
+	yaml_LN_BREAK   // Use LN for line breaks (Unix style).
+	yaml_CRLN_BREAK // Use CR LN for line breaks (DOS style).
+)
+
+type yaml_error_type_t int
+
+// Many bad things could happen with the parser and emitter.
+const (
+	// No error is produced.
+	yaml_NO_ERROR yaml_error_type_t = iota
+
+	yaml_MEMORY_ERROR   // Cannot allocate or reallocate a block of memory.
+	yaml_READER_ERROR   // Cannot read or decode the input stream.
+	yaml_SCANNER_ERROR  // Cannot scan the input stream.
+	yaml_PARSER_ERROR   // Cannot parse the input stream.
+	yaml_COMPOSER_ERROR // Cannot compose a YAML document.
+	yaml_WRITER_ERROR   // Cannot write to the output stream.
+	yaml_EMITTER_ERROR  // Cannot emit a YAML stream.
+)
+
+// The pointer position.
+type yaml_mark_t struct {
+	index  int // The position index.
+	line   int // The position line.
+	column int // The position column.
+}
+
+// Node Styles
+
+type yaml_style_t int8
+
+type yaml_scalar_style_t yaml_style_t
+
+// Scalar styles.
+const (
+	// Let the emitter choose the style.
+	yaml_ANY_SCALAR_STYLE yaml_scalar_style_t = iota
+
+	yaml_PLAIN_SCALAR_STYLE         // The plain scalar style.
+	yaml_SINGLE_QUOTED_SCALAR_STYLE // The single-quoted scalar style.
+	yaml_DOUBLE_QUOTED_SCALAR_STYLE // The double-quoted scalar style.
+	yaml_LITERAL_SCALAR_STYLE       // The literal scalar style.
+	yaml_FOLDED_SCALAR_STYLE        // The folded scalar style.
+)
+
+type yaml_sequence_style_t yaml_style_t
+
+// Sequence styles.
+const (
+	// Let the emitter choose the style.
+	yaml_ANY_SEQUENCE_STYLE yaml_sequence_style_t = iota
+
+	yaml_BLOCK_SEQUENCE_STYLE // The block sequence style.
+	yaml_FLOW_SEQUENCE_STYLE  // The flow sequence style.
+)
+
+type yaml_mapping_style_t yaml_style_t
+
+// Mapping styles.
+const (
+	// Let the emitter choose the style.
+	yaml_ANY_MAPPING_STYLE yaml_mapping_style_t = iota
+
+	yaml_BLOCK_MAPPING_STYLE // The block mapping style.
+	yaml_FLOW_MAPPING_STYLE  // The flow mapping style.
+)
+
+// Tokens
+
+type yaml_token_type_t int
+
+// Token types.
+const (
+	// An empty token.
+	yaml_NO_TOKEN yaml_token_type_t = iota
+
+	yaml_STREAM_START_TOKEN // A STREAM-START token.
+	yaml_STREAM_END_TOKEN   // A STREAM-END token.
+
+	yaml_VERSION_DIRECTIVE_TOKEN // A VERSION-DIRECTIVE token.
+	yaml_TAG_DIRECTIVE_TOKEN     // A TAG-DIRECTIVE token.
+	yaml_DOCUMENT_START_TOKEN    // A DOCUMENT-START token.
+	yaml_DOCUMENT_END_TOKEN      // A DOCUMENT-END token.
+
+	yaml_BLOCK_SEQUENCE_START_TOKEN // A BLOCK-SEQUENCE-START token.
+	yaml_BLOCK_MAPPING_START_TOKEN  // A BLOCK-SEQUENCE-END token.
+	yaml_BLOCK_END_TOKEN            // A BLOCK-END token.
+
+	yaml_FLOW_SEQUENCE_START_TOKEN // A FLOW-SEQUENCE-START token.
+	yaml_FLOW_SEQUENCE_END_TOKEN   // A FLOW-SEQUENCE-END token.
+	yaml_FLOW_MAPPING_START_TOKEN  // A FLOW-MAPPING-START token.
+	yaml_FLOW_MAPPING_END_TOKEN    // A FLOW-MAPPING-END token.
+
+	yaml_BLOCK_ENTRY_TOKEN // A BLOCK-ENTRY token.
+	yaml_FLOW_ENTRY_TOKEN  // A FLOW-ENTRY token.
+	yaml_KEY_TOKEN         // A KEY token.
+	yaml_VALUE_TOKEN       // A VALUE token.
+
+	yaml_ALIAS_TOKEN  // An ALIAS token.
+	yaml_ANCHOR_TOKEN // An ANCHOR token.
+	yaml_TAG_TOKEN    // A TAG token.
+	yaml_SCALAR_TOKEN // A SCALAR token.
+)
+
+func (tt yaml_token_type_t) String() string {
+	switch tt {
+	case yaml_NO_TOKEN:
+		return "yaml_NO_TOKEN"
+	case yaml_STREAM_START_TOKEN:
+		return "yaml_STREAM_START_TOKEN"
+	case yaml_STREAM_END_TOKEN:
+		return "yaml_STREAM_END_TOKEN"
+	case yaml_VERSION_DIRECTIVE_TOKEN:
+		return "yaml_VERSION_DIRECTIVE_TOKEN"
+	case yaml_TAG_DIRECTIVE_TOKEN:
+		return "yaml_TAG_DIRECTIVE_TOKEN"
+	case yaml_DOCUMENT_START_TOKEN:
+		return "yaml_DOCUMENT_START_TOKEN"
+	case yaml_DOCUMENT_END_TOKEN:
+		return "yaml_DOCUMENT_END_TOKEN"
+	case yaml_BLOCK_SEQUENCE_START_TOKEN:
+		return "yaml_BLOCK_SEQUENCE_START_TOKEN"
+	case yaml_BLOCK_MAPPING_START_TOKEN:
+		return "yaml_BLOCK_MAPPING_START_TOKEN"
+	case yaml_BLOCK_END_TOKEN:
+		return "yaml_BLOCK_END_TOKEN"
+	case yaml_FLOW_SEQUENCE_START_TOKEN:
+		return "yaml_FLOW_SEQUENCE_START_TOKEN"
+	case yaml_FLOW_SEQUENCE_END_TOKEN:
+		return "yaml_FLOW_SEQUENCE_END_TOKEN"
+	case yaml_FLOW_MAPPING_START_TOKEN:
+		return "yaml_FLOW_MAPPING_START_TOKEN"
+	case yaml_FLOW_MAPPING_END_TOKEN:
+		return "yaml_FLOW_MAPPING_END_TOKEN"
+	case yaml_BLOCK_ENTRY_TOKEN:
+		return "yaml_BLOCK_ENTRY_TOKEN"
+	case yaml_FLOW_ENTRY_TOKEN:
+		return "yaml_FLOW_ENTRY_TOKEN"
+	case yaml_KEY_TOKEN:
+		return "yaml_KEY_TOKEN"
+	case yaml_VALUE_TOKEN:
+		return "yaml_VALUE_TOKEN"
+	case yaml_ALIAS_TOKEN:
+		return "yaml_ALIAS_TOKEN"
+	case yaml_ANCHOR_TOKEN:
+		return "yaml_ANCHOR_TOKEN"
+	case yaml_TAG_TOKEN:
+		return "yaml_TAG_TOKEN"
+	case yaml_SCALAR_TOKEN:
+		return "yaml_SCALAR_TOKEN"
+	}
+	return "<unknown token>"
+}
+
+// The token structure.
+type yaml_token_t struct {
+	// The token type.
+	typ yaml_token_type_t
+
+	// The start/end of the token.
+	start_mark, end_mark yaml_mark_t
+
+	// The stream encoding (for yaml_STREAM_START_TOKEN).
+	encoding yaml_encoding_t
+
+	// The alias/anchor/scalar value or tag/tag directive handle
+	// (for yaml_ALIAS_TOKEN, yaml_ANCHOR_TOKEN, yaml_SCALAR_TOKEN, yaml_TAG_TOKEN, yaml_TAG_DIRECTIVE_TOKEN).
+	value []byte
+
+	// The tag suffix (for yaml_TAG_TOKEN).
+	suffix []byte
+
+	// The tag directive prefix (for yaml_TAG_DIRECTIVE_TOKEN).
+	prefix []byte
+
+	// The scalar style (for yaml_SCALAR_TOKEN).
+	style yaml_scalar_style_t
+
+	// The version directive major/minor (for yaml_VERSION_DIRECTIVE_TOKEN).
+	major, minor int8
+}
+
+// Events
+
+type yaml_event_type_t int8
+
+// Event types.
+const (
+	// An empty event.
+	yaml_NO_EVENT yaml_event_type_t = iota
+
+	yaml_STREAM_START_EVENT   // A STREAM-START event.
+	yaml_STREAM_END_EVENT     // A STREAM-END event.
+	yaml_DOCUMENT_START_EVENT // A DOCUMENT-START event.
+	yaml_DOCUMENT_END_EVENT   // A DOCUMENT-END event.
+	yaml_ALIAS_EVENT          // An ALIAS event.
+	yaml_SCALAR_EVENT         // A SCALAR event.
+	yaml_SEQUENCE_START_EVENT // A SEQUENCE-START event.
+	yaml_SEQUENCE_END_EVENT   // A SEQUENCE-END event.
+	yaml_MAPPING_START_EVENT  // A MAPPING-START event.
+	yaml_MAPPING_END_EVENT    // A MAPPING-END event.
+)
+
+var eventStrings = []string{
+	yaml_NO_EVENT:             "none",
+	yaml_STREAM_START_EVENT:   "stream start",
+	yaml_STREAM_END_EVENT:     "stream end",
+	yaml_DOCUMENT_START_EVENT: "document start",
+	yaml_DOCUMENT_END_EVENT:   "document end",
+	yaml_ALIAS_EVENT:          "alias",
+	yaml_SCALAR_EVENT:         "scalar",
+	yaml_SEQUENCE_START_EVENT: "sequence start",
+	yaml_SEQUENCE_END_EVENT:   "sequence end",
+	yaml_MAPPING_START_EVENT:  "mapping start",
+	yaml_MAPPING_END_EVENT:    "mapping end",
+}
+
+func (e yaml_event_type_t) String() string {
+	if e < 0 || int(e) >= len(eventStrings) {
+		return fmt.Sprintf("unknown event %d", e)
+	}
+	return eventStrings[e]
+}
+
+// The event structure.
+type yaml_event_t struct {
+
+	// The event type.
+	typ yaml_event_type_t
+
+	// The start and end of the event.
+	start_mark, end_mark yaml_mark_t
+
+	// The document encoding (for yaml_STREAM_START_EVENT).
+	encoding yaml_encoding_t
+
+	// The version directive (for yaml_DOCUMENT_START_EVENT).
+	version_directive *yaml_version_directive_t
+
+	// The list of tag directives (for yaml_DOCUMENT_START_EVENT).
+	tag_directives []yaml_tag_directive_t
+
+	// The anchor (for yaml_SCALAR_EVENT, yaml_SEQUENCE_START_EVENT, yaml_MAPPING_START_EVENT, yaml_ALIAS_EVENT).
+	anchor []byte
+
+	// The tag (for yaml_SCALAR_EVENT, yaml_SEQUENCE_START_EVENT, yaml_MAPPING_START_EVENT).
+	tag []byte
+
+	// The scalar value (for yaml_SCALAR_EVENT).
+	value []byte
+
+	// Is the document start/end indicator implicit, or the tag optional?
+	// (for yaml_DOCUMENT_START_EVENT, yaml_DOCUMENT_END_EVENT, yaml_SEQUENCE_START_EVENT, yaml_MAPPING_START_EVENT, yaml_SCALAR_EVENT).
+	implicit bool
+
+	// Is the tag optional for any non-plain style? (for yaml_SCALAR_EVENT).
+	quoted_implicit bool
+
+	// The style (for yaml_SCALAR_EVENT, yaml_SEQUENCE_START_EVENT, yaml_MAPPING_START_EVENT).
+	style yaml_style_t
+}
+
+func (e *yaml_event_t) scalar_style() yaml_scalar_style_t     { return yaml_scalar_style_t(e.style) }
+func (e *yaml_event_t) sequence_style() yaml_sequence_style_t { return yaml_sequence_style_t(e.style) }
+func (e *yaml_event_t) mapping_style() yaml_mapping_style_t   { return yaml_mapping_style_t(e.style) }
+
+// Nodes
+
+const (
+	yaml_NULL_TAG      = "tag:yaml.org,2002:null"      // The tag !!null with the only possible value: null.
+	yaml_BOOL_TAG      = "tag:yaml.org,2002:bool"      // The tag !!bool with the values: true and false.
+	yaml_STR_TAG       = "tag:yaml.org,2002:str"       // The tag !!str for string values.
+	yaml_INT_TAG       = "tag:yaml.org,2002:int"       // The tag !!int for integer values.
+	yaml_FLOAT_TAG     = "tag:yaml.org,2002:float"     // The tag !!float for float values.
+	yaml_TIMESTAMP_TAG = "tag:yaml.org,2002:timestamp" // The tag !!timestamp for date and time values.
+
+	yaml_SEQ_TAG = "tag:yaml.org,2002:seq" // The tag !!seq is used to denote sequences.
+	yaml_MAP_TAG = "tag:yaml.org,2002:map" // The tag !!map is used to denote mapping.
+
+	// Not in original libyaml.
+	yaml_BINARY_TAG = "tag:yaml.org,2002:binary"
+	yaml_MERGE_TAG  = "tag:yaml.org,2002:merge"
+
+	yaml_DEFAULT_SCALAR_TAG   = yaml_STR_TAG // The default scalar tag is !!str.
+	yaml_DEFAULT_SEQUENCE_TAG = yaml_SEQ_TAG // The default sequence tag is !!seq.
+	yaml_DEFAULT_MAPPING_TAG  = yaml_MAP_TAG // The default mapping tag is !!map.
+)
+
+type yaml_node_type_t int
+
+// Node types.
+const (
+	// An empty node.
+	yaml_NO_NODE yaml_node_type_t = iota
+
+	yaml_SCALAR_NODE   // A scalar node.
+	yaml_SEQUENCE_NODE // A sequence node.
+	yaml_MAPPING_NODE  // A mapping node.
+)
+
+// An element of a sequence node.
+type yaml_node_item_t int
+
+// An element of a mapping node.
+type yaml_node_pair_t struct {
+	key   int // The key of the element.
+	value int // The value of the element.
+}
+
+// The node structure.
+type yaml_node_t struct {
+	typ yaml_node_type_t // The node type.
+	tag []byte           // The node tag.
+
+	// The node data.
+
+	// The scalar parameters (for yaml_SCALAR_NODE).
+	scalar struct {
+		value  []byte              // The scalar value.
+		length int                 // The length of the scalar value.
+		style  yaml_scalar_style_t // The scalar style.
+	}
+
+	// The sequence parameters (for YAML_SEQUENCE_NODE).
+	sequence struct {
+		items_data []yaml_node_item_t    // The stack of sequence items.
+		style      yaml_sequence_style_t // The sequence style.
+	}
+
+	// The mapping parameters (for yaml_MAPPING_NODE).
+	mapping struct {
+		pairs_data  []yaml_node_pair_t   // The stack of mapping pairs (key, value).
+		pairs_start *yaml_node_pair_t    // The beginning of the stack.
+		pairs_end   *yaml_node_pair_t    // The end of the stack.
+		pairs_top   *yaml_node_pair_t    // The top of the stack.
+		style       yaml_mapping_style_t // The mapping style.
+	}
+
+	start_mark yaml_mark_t // The beginning of the node.
+	end_mark   yaml_mark_t // The end of the node.
+
+}
+
+// The document structure.
+type yaml_document_t struct {
+
+	// The document nodes.
+	nodes []yaml_node_t
+
+	// The version directive.
+	version_directive *yaml_version_directive_t
+
+	// The list of tag directives.
+	tag_directives_data  []yaml_tag_directive_t
+	tag_directives_start int // The beginning of the tag directives list.
+	tag_directives_end   int // The end of the tag directives list.
+
+	start_implicit int // Is the document start indicator implicit?
+	end_implicit   int // Is the document end indicator implicit?
+
+	// The start/end of the document.
+	start_mark, end_mark yaml_mark_t
+}
+
+// The prototype of a read handler.
+//
+// The read handler is called when the parser needs to read more bytes from the
+// source. The handler should write not more than size bytes to the buffer.
+// The number of written bytes should be set to the size_read variable.
+//
+// [in,out]   data        A pointer to an application data specified by
+//                        yaml_parser_set_input().
+// [out]      buffer      The buffer to write the data from the source.
+// [in]       size        The size of the buffer.
+// [out]      size_read   The actual number of bytes read from the source.
+//
+// On success, the handler should return 1.  If the handler failed,
+// the returned value should be 0. On EOF, the handler should set the
+// size_read to 0 and return 1.
+type yaml_read_handler_t func(parser *yaml_parser_t, buffer []byte) (n int, err error)
+
+// This structure holds information about a potential simple key.
+type yaml_simple_key_t struct {
+	possible     bool        // Is a simple key possible?
+	required     bool        // Is a simple key required?
+	token_number int         // The number of the token.
+	mark         yaml_mark_t // The position mark.
+}
+
+// The states of the parser.
+type yaml_parser_state_t int
+
+const (
+	yaml_PARSE_STREAM_START_STATE yaml_parser_state_t = iota
+
+	yaml_PARSE_IMPLICIT_DOCUMENT_START_STATE           // Expect the beginning of an implicit document.
+	yaml_PARSE_DOCUMENT_START_STATE                    // Expect DOCUMENT-START.
+	yaml_PARSE_DOCUMENT_CONTENT_STATE                  // Expect the content of a document.
+	yaml_PARSE_DOCUMENT_END_STATE                      // Expect DOCUMENT-END.
+	yaml_PARSE_BLOCK_NODE_STATE                        // Expect a block node.
+	yaml_PARSE_BLOCK_NODE_OR_INDENTLESS_SEQUENCE_STATE // Expect a block node or indentless sequence.
+	yaml_PARSE_FLOW_NODE_STATE                         // Expect a flow node.
+	yaml_PARSE_BLOCK_SEQUENCE_FIRST_ENTRY_STATE        // Expect the first entry of a block sequence.
+	yaml_PARSE_BLOCK_SEQUENCE_ENTRY_STATE              // Expect an entry of a block sequence.
+	yaml_PARSE_INDENTLESS_SEQUENCE_ENTRY_STATE         // Expect an entry of an indentless sequence.
+	yaml_PARSE_BLOCK_MAPPING_FIRST_KEY_STATE           // Expect the first key of a block mapping.
+	yaml_PARSE_BLOCK_MAPPING_KEY_STATE                 // Expect a block mapping key.
+	yaml_PARSE_BLOCK_MAPPING_VALUE_STATE               // Expect a block mapping value.
+	yaml_PARSE_FLOW_SEQUENCE_FIRST_ENTRY_STATE         // Expect the first entry of a flow sequence.
+	yaml_PARSE_FLOW_SEQUENCE_ENTRY_STATE               // Expect an entry of a flow sequence.
+	yaml_PARSE_FLOW_SEQUENCE_ENTRY_MAPPING_KEY_STATE   // Expect a key of an ordered mapping.
+	yaml_PARSE_FLOW_SEQUENCE_ENTRY_MAPPING_VALUE_STATE // Expect a value of an ordered mapping.
+	yaml_PARSE_FLOW_SEQUENCE_ENTRY_MAPPING_END_STATE   // Expect the and of an ordered mapping entry.
+	yaml_PARSE_FLOW_MAPPING_FIRST_KEY_STATE            // Expect the first key of a flow mapping.
+	yaml_PARSE_FLOW_MAPPING_KEY_STATE                  // Expect a key of a flow mapping.
+	yaml_PARSE_FLOW_MAPPING_VALUE_STATE                // Expect a value of a flow mapping.
+	yaml_PARSE_FLOW_MAPPING_EMPTY_VALUE_STATE          // Expect an empty value of a flow mapping.
+	yaml_PARSE_END_STATE                               // Expect nothing.
+)
+
+func (ps yaml_parser_state_t) String() string {
+	switch ps {
+	case yaml_PARSE_STREAM_START_STATE:
+		return "yaml_PARSE_STREAM_START_STATE"
+	case yaml_PARSE_IMPLICIT_DOCUMENT_START_STATE:
+		return "yaml_PARSE_IMPLICIT_DOCUMENT_START_STATE"
+	case yaml_PARSE_DOCUMENT_START_STATE:
+		return "yaml_PARSE_DOCUMENT_START_STATE"
+	case yaml_PARSE_DOCUMENT_CONTENT_STATE:
+		return "yaml_PARSE_DOCUMENT_CONTENT_STATE"
+	case yaml_PARSE_DOCUMENT_END_STATE:
+		return "yaml_PARSE_DOCUMENT_END_STATE"
+	case yaml_PARSE_BLOCK_NODE_STATE:
+		return "yaml_PARSE_BLOCK_NODE_STATE"
+	case yaml_PARSE_BLOCK_NODE_OR_INDENTLESS_SEQUENCE_STATE:
+		return "yaml_PARSE_BLOCK_NODE_OR_INDENTLESS_SEQUENCE_STATE"
+	case yaml_PARSE_FLOW_NODE_STATE:
+		return "yaml_PARSE_FLOW_NODE_STATE"
+	case yaml_PARSE_BLOCK_SEQUENCE_FIRST_ENTRY_STATE:
+		return "yaml_PARSE_BLOCK_SEQUENCE_FIRST_ENTRY_STATE"
+	case yaml_PARSE_BLOCK_SEQUENCE_ENTRY_STATE:
+		return "yaml_PARSE_BLOCK_SEQUENCE_ENTRY_STATE"
+	case yaml_PARSE_INDENTLESS_SEQUENCE_ENTRY_STATE:
+		return "yaml_PARSE_INDENTLESS_SEQUENCE_ENTRY_STATE"
+	case yaml_PARSE_BLOCK_MAPPING_FIRST_KEY_STATE:
+		return "yaml_PARSE_BLOCK_MAPPING_FIRST_KEY_STATE"
+	case yaml_PARSE_BLOCK_MAPPING_KEY_STATE:
+		return "yaml_PARSE_BLOCK_MAPPING_KEY_STATE"
+	case yaml_PARSE_BLOCK_MAPPING_VALUE_STATE:
+		return "yaml_PARSE_BLOCK_MAPPING_VALUE_STATE"
+	case yaml_PARSE_FLOW_SEQUENCE_FIRST_ENTRY_STATE:
+		return "yaml_PARSE_FLOW_SEQUENCE_FIRST_ENTRY_STATE"
+	case yaml_PARSE_FLOW_SEQUENCE_ENTRY_STATE:
+		return "yaml_PARSE_FLOW_SEQUENCE_ENTRY_STATE"
+	case yaml_PARSE_FLOW_SEQUENCE_ENTRY_MAPPING_KEY_STATE:
+		return "yaml_PARSE_FLOW_SEQUENCE_ENTRY_MAPPING_KEY_STATE"
+	case yaml_PARSE_FLOW_SEQUENCE_ENTRY_MAPPING_VALUE_STATE:
+		return "yaml_PARSE_FLOW_SEQUENCE_ENTRY_MAPPING_VALUE_STATE"
+	case yaml_PARSE_FLOW_SEQUENCE_ENTRY_MAPPING_END_STATE:
+		return "yaml_PARSE_FLOW_SEQUENCE_ENTRY_MAPPING_END_STATE"
+	case yaml_PARSE_FLOW_MAPPING_FIRST_KEY_STATE:
+		return "yaml_PARSE_FLOW_MAPPING_FIRST_KEY_STATE"
+	case yaml_PARSE_FLOW_MAPPING_KEY_STATE:
+		return "yaml_PARSE_FLOW_MAPPING_KEY_STATE"
+	case yaml_PARSE_FLOW_MAPPING_VALUE_STATE:
+		return "yaml_PARSE_FLOW_MAPPING_VALUE_STATE"
+	case yaml_PARSE_FLOW_MAPPING_EMPTY_VALUE_STATE:
+		return "yaml_PARSE_FLOW_MAPPING_EMPTY_VALUE_STATE"
+	case yaml_PARSE_END_STATE:
+		return "yaml_PARSE_END_STATE"
+	}
+	return "<unknown parser state>"
+}
+
+// This structure holds aliases data.
+type yaml_alias_data_t struct {
+	anchor []byte      // The anchor.
+	index  int         // The node id.
+	mark   yaml_mark_t // The anchor mark.
+}
+
+// The parser structure.
+//
+// All members are internal. Manage the structure using the
+// yaml_parser_ family of functions.
+type yaml_parser_t struct {
+
+	// Error handling
+
+	error yaml_error_type_t // Error type.
+
+	problem string // Error description.
+
+	// The byte about which the problem occurred.
+	problem_offset int
+	problem_value  int
+	problem_mark   yaml_mark_t
+
+	// The error context.
+	context      string
+	context_mark yaml_mark_t
+
+	// Reader stuff
+
+	read_handler yaml_read_handler_t // Read handler.
+
+	input_reader io.Reader // File input data.
+	input        []byte    // String input data.
+	input_pos    int
+
+	eof bool // EOF flag
+
+	buffer     []byte // The working buffer.
+	buffer_pos int    // The current position of the buffer.
+
+	unread int // The number of unread characters in the buffer.
+
+	raw_buffer     []byte // The raw buffer.
+	raw_buffer_pos int    // The current position of the buffer.
+
+	encoding yaml_encoding_t // The input encoding.
+
+	offset int         // The offset of the current position (in bytes).
+	mark   yaml_mark_t // The mark of the current position.
+
+	// Scanner stuff
+
+	stream_start_produced bool // Have we started to scan the input stream?
+	stream_end_produced   bool // Have we reached the end of the input stream?
+
+	flow_level int // The number of unclosed '[' and '{' indicators.
+
+	tokens          []yaml_token_t // The tokens queue.
+	tokens_head     int            // The head of the tokens queue.
+	tokens_parsed   int            // The number of tokens fetched from the queue.
+	token_available bool           // Does the tokens queue contain a token ready for dequeueing.
+
+	indent  int   // The current indentation level.
+	indents []int // The indentation levels stack.
+
+	simple_key_allowed bool                // May a simple key occur at the current position?
+	simple_keys        []yaml_simple_key_t // The stack of simple keys.
+	simple_keys_by_tok map[int]int         // possible simple_key indexes indexed by token_number
+
+	// Parser stuff
+
+	state          yaml_parser_state_t    // The current parser state.
+	states         []yaml_parser_state_t  // The parser states stack.
+	marks          []yaml_mark_t          // The stack of marks.
+	tag_directives []yaml_tag_directive_t // The list of TAG directives.
+
+	// Dumper stuff
+
+	aliases []yaml_alias_data_t // The alias data.
+
+	document *yaml_document_t // The currently parsed document.
+}
+
+// Emitter Definitions
+
+// The prototype of a write handler.
+//
+// The write handler is called when the emitter needs to flush the accumulated
+// characters to the output.  The handler should write @a size bytes of the
+// @a buffer to the output.
+//
+// @param[in,out]   data        A pointer to an application data specified by
+//                              yaml_emitter_set_output().
+// @param[in]       buffer      The buffer with bytes to be written.
+// @param[in]       size        The size of the buffer.
+//
+// @returns On success, the handler should return @c 1.  If the handler failed,
+// the returned value should be @c 0.
+//
+type yaml_write_handler_t func(emitter *yaml_emitter_t, buffer []byte) error
+
+type yaml_emitter_state_t int
+
+// The emitter states.
+const (
+	// Expect STREAM-START.
+	yaml_EMIT_STREAM_START_STATE yaml_emitter_state_t = iota
+
+	yaml_EMIT_FIRST_DOCUMENT_START_STATE       // Expect the first DOCUMENT-START or STREAM-END.
+	yaml_EMIT_DOCUMENT_START_STATE             // Expect DOCUMENT-START or STREAM-END.
+	yaml_EMIT_DOCUMENT_CONTENT_STATE           // Expect the content of a document.
+	yaml_EMIT_DOCUMENT_END_STATE               // Expect DOCUMENT-END.
+	yaml_EMIT_FLOW_SEQUENCE_FIRST_ITEM_STATE   // Expect the first item of a flow sequence.
+	yaml_EMIT_FLOW_SEQUENCE_ITEM_STATE         // Expect an item of a flow sequence.
+	yaml_EMIT_FLOW_MAPPING_FIRST_KEY_STATE     // Expect the first key of a flow mapping.
+	yaml_EMIT_FLOW_MAPPING_KEY_STATE           // Expect a key of a flow mapping.
+	yaml_EMIT_FLOW_MAPPING_SIMPLE_VALUE_STATE  // Expect a value for a simple key of a flow mapping.
+	yaml_EMIT_FLOW_MAPPING_VALUE_STATE         // Expect a value of a flow mapping.
+	yaml_EMIT_BLOCK_SEQUENCE_FIRST_ITEM_STATE  // Expect the first item of a block sequence.
+	yaml_EMIT_BLOCK_SEQUENCE_ITEM_STATE        // Expect an item of a block sequence.
+	yaml_EMIT_BLOCK_MAPPING_FIRST_KEY_STATE    // Expect the first key of a block mapping.
+	yaml_EMIT_BLOCK_MAPPING_KEY_STATE          // Expect the key of a block mapping.
+	yaml_EMIT_BLOCK_MAPPING_SIMPLE_VALUE_STATE // Expect a value for a simple key of a block mapping.
+	yaml_EMIT_BLOCK_MAPPING_VALUE_STATE        // Expect a value of a block mapping.
+	yaml_EMIT_END_STATE                        // Expect nothing.
+)
+
+// The emitter structure.
+//
+// All members are internal.  Manage the structure using the @c yaml_emitter_
+// family of functions.
+type yaml_emitter_t struct {
+
+	// Error handling
+
+	error   yaml_error_type_t // Error type.
+	problem string            // Error description.
+
+	// Writer stuff
+
+	write_handler yaml_write_handler_t // Write handler.
+
+	output_buffer *[]byte   // String output data.
+	output_writer io.Writer // File output data.
+
+	buffer     []byte // The working buffer.
+	buffer_pos int    // The current position of the buffer.
+
+	raw_buffer     []byte // The raw buffer.
+	raw_buffer_pos int    // The current position of the buffer.
+
+	encoding yaml_encoding_t // The stream encoding.
+
+	// Emitter stuff
+
+	canonical   bool         // If the output is in the canonical style?
+	best_indent int          // The number of indentation spaces.
+	best_width  int          // The preferred width of the output lines.
+	unicode     bool         // Allow unescaped non-ASCII characters?
+	line_break  yaml_break_t // The preferred line break.
+
+	state  yaml_emitter_state_t   // The current emitter state.
+	states []yaml_emitter_state_t // The stack of states.
+
+	events      []yaml_event_t // The event queue.
+	events_head int            // The head of the event queue.
+
+	indents []int // The stack of indentation levels.
+
+	tag_directives []yaml_tag_directive_t // The list of tag directives.
+
+	indent int // The current indentation level.
+
+	flow_level int // The current flow level.
+
+	root_context       bool // Is it the document root context?
+	sequence_context   bool // Is it a sequence context?
+	mapping_context    bool // Is it a mapping context?
+	simple_key_context bool // Is it a simple mapping key context?
+
+	line       int  // The current line.
+	column     int  // The current column.
+	whitespace bool // If the last character was a whitespace?
+	indention  bool // If the last character was an indentation character (' ', '-', '?', ':')?
+	open_ended bool // If an explicit document end is required?
+
+	// Anchor analysis.
+	anchor_data struct {
+		anchor []byte // The anchor value.
+		alias  bool   // Is it an alias?
+	}
+
+	// Tag analysis.
+	tag_data struct {
+		handle []byte // The tag handle.
+		suffix []byte // The tag suffix.
+	}
+
+	// Scalar analysis.
+	scalar_data struct {
+		value                 []byte              // The scalar value.
+		multiline             bool                // Does the scalar contain line breaks?
+		flow_plain_allowed    bool                // Can the scalar be expessed in the flow plain style?
+		block_plain_allowed   bool                // Can the scalar be expressed in the block plain style?
+		single_quoted_allowed bool                // Can the scalar be expressed in the single quoted style?
+		block_allowed         bool                // Can the scalar be expressed in the literal or folded styles?
+		style                 yaml_scalar_style_t // The output style.
+	}
+
+	// Dumper stuff
+
+	opened bool // If the stream was already opened?
+	closed bool // If the stream was already closed?
+
+	// The information associated with the document nodes.
+	anchors *struct {
+		references int  // The number of references.
+		anchor     int  // The anchor id.
+		serialized bool // If the node has been emitted?
+	}
+
+	last_anchor_id int // The last assigned anchor id.
+
+	document *yaml_document_t // The currently emitted document.
+}
diff --git a/vendor/sigs.k8s.io/yaml/goyaml.v2/yamlprivateh.go b/vendor/sigs.k8s.io/yaml/goyaml.v2/yamlprivateh.go
new file mode 100644
index 000000000..8110ce3c3
--- /dev/null
+++ b/vendor/sigs.k8s.io/yaml/goyaml.v2/yamlprivateh.go
@@ -0,0 +1,173 @@
+package yaml
+
+const (
+	// The size of the input raw buffer.
+	input_raw_buffer_size = 512
+
+	// The size of the input buffer.
+	// It should be possible to decode the whole raw buffer.
+	input_buffer_size = input_raw_buffer_size * 3
+
+	// The size of the output buffer.
+	output_buffer_size = 128
+
+	// The size of the output raw buffer.
+	// It should be possible to encode the whole output buffer.
+	output_raw_buffer_size = (output_buffer_size*2 + 2)
+
+	// The size of other stacks and queues.
+	initial_stack_size  = 16
+	initial_queue_size  = 16
+	initial_string_size = 16
+)
+
+// Check if the character at the specified position is an alphabetical
+// character, a digit, '_', or '-'.
+func is_alpha(b []byte, i int) bool {
+	return b[i] >= '0' && b[i] <= '9' || b[i] >= 'A' && b[i] <= 'Z' || b[i] >= 'a' && b[i] <= 'z' || b[i] == '_' || b[i] == '-'
+}
+
+// Check if the character at the specified position is a digit.
+func is_digit(b []byte, i int) bool {
+	return b[i] >= '0' && b[i] <= '9'
+}
+
+// Get the value of a digit.
+func as_digit(b []byte, i int) int {
+	return int(b[i]) - '0'
+}
+
+// Check if the character at the specified position is a hex-digit.
+func is_hex(b []byte, i int) bool {
+	return b[i] >= '0' && b[i] <= '9' || b[i] >= 'A' && b[i] <= 'F' || b[i] >= 'a' && b[i] <= 'f'
+}
+
+// Get the value of a hex-digit.
+func as_hex(b []byte, i int) int {
+	bi := b[i]
+	if bi >= 'A' && bi <= 'F' {
+		return int(bi) - 'A' + 10
+	}
+	if bi >= 'a' && bi <= 'f' {
+		return int(bi) - 'a' + 10
+	}
+	return int(bi) - '0'
+}
+
+// Check if the character is ASCII.
+func is_ascii(b []byte, i int) bool {
+	return b[i] <= 0x7F
+}
+
+// Check if the character at the start of the buffer can be printed unescaped.
+func is_printable(b []byte, i int) bool {
+	return ((b[i] == 0x0A) || // . == #x0A
+		(b[i] >= 0x20 && b[i] <= 0x7E) || // #x20 <= . <= #x7E
+		(b[i] == 0xC2 && b[i+1] >= 0xA0) || // #0xA0 <= . <= #xD7FF
+		(b[i] > 0xC2 && b[i] < 0xED) ||
+		(b[i] == 0xED && b[i+1] < 0xA0) ||
+		(b[i] == 0xEE) ||
+		(b[i] == 0xEF && // #xE000 <= . <= #xFFFD
+			!(b[i+1] == 0xBB && b[i+2] == 0xBF) && // && . != #xFEFF
+			!(b[i+1] == 0xBF && (b[i+2] == 0xBE || b[i+2] == 0xBF))))
+}
+
+// Check if the character at the specified position is NUL.
+func is_z(b []byte, i int) bool {
+	return b[i] == 0x00
+}
+
+// Check if the beginning of the buffer is a BOM.
+func is_bom(b []byte, i int) bool {
+	return b[0] == 0xEF && b[1] == 0xBB && b[2] == 0xBF
+}
+
+// Check if the character at the specified position is space.
+func is_space(b []byte, i int) bool {
+	return b[i] == ' '
+}
+
+// Check if the character at the specified position is tab.
+func is_tab(b []byte, i int) bool {
+	return b[i] == '\t'
+}
+
+// Check if the character at the specified position is blank (space or tab).
+func is_blank(b []byte, i int) bool {
+	//return is_space(b, i) || is_tab(b, i)
+	return b[i] == ' ' || b[i] == '\t'
+}
+
+// Check if the character at the specified position is a line break.
+func is_break(b []byte, i int) bool {
+	return (b[i] == '\r' || // CR (#xD)
+		b[i] == '\n' || // LF (#xA)
+		b[i] == 0xC2 && b[i+1] == 0x85 || // NEL (#x85)
+		b[i] == 0xE2 && b[i+1] == 0x80 && b[i+2] == 0xA8 || // LS (#x2028)
+		b[i] == 0xE2 && b[i+1] == 0x80 && b[i+2] == 0xA9) // PS (#x2029)
+}
+
+func is_crlf(b []byte, i int) bool {
+	return b[i] == '\r' && b[i+1] == '\n'
+}
+
+// Check if the character is a line break or NUL.
+func is_breakz(b []byte, i int) bool {
+	//return is_break(b, i) || is_z(b, i)
+	return (        // is_break:
+	b[i] == '\r' || // CR (#xD)
+		b[i] == '\n' || // LF (#xA)
+		b[i] == 0xC2 && b[i+1] == 0x85 || // NEL (#x85)
+		b[i] == 0xE2 && b[i+1] == 0x80 && b[i+2] == 0xA8 || // LS (#x2028)
+		b[i] == 0xE2 && b[i+1] == 0x80 && b[i+2] == 0xA9 || // PS (#x2029)
+		// is_z:
+		b[i] == 0)
+}
+
+// Check if the character is a line break, space, or NUL.
+func is_spacez(b []byte, i int) bool {
+	//return is_space(b, i) || is_breakz(b, i)
+	return ( // is_space:
+	b[i] == ' ' ||
+		// is_breakz:
+		b[i] == '\r' || // CR (#xD)
+		b[i] == '\n' || // LF (#xA)
+		b[i] == 0xC2 && b[i+1] == 0x85 || // NEL (#x85)
+		b[i] == 0xE2 && b[i+1] == 0x80 && b[i+2] == 0xA8 || // LS (#x2028)
+		b[i] == 0xE2 && b[i+1] == 0x80 && b[i+2] == 0xA9 || // PS (#x2029)
+		b[i] == 0)
+}
+
+// Check if the character is a line break, space, tab, or NUL.
+func is_blankz(b []byte, i int) bool {
+	//return is_blank(b, i) || is_breakz(b, i)
+	return ( // is_blank:
+	b[i] == ' ' || b[i] == '\t' ||
+		// is_breakz:
+		b[i] == '\r' || // CR (#xD)
+		b[i] == '\n' || // LF (#xA)
+		b[i] == 0xC2 && b[i+1] == 0x85 || // NEL (#x85)
+		b[i] == 0xE2 && b[i+1] == 0x80 && b[i+2] == 0xA8 || // LS (#x2028)
+		b[i] == 0xE2 && b[i+1] == 0x80 && b[i+2] == 0xA9 || // PS (#x2029)
+		b[i] == 0)
+}
+
+// Determine the width of the character.
+func width(b byte) int {
+	// Don't replace these by a switch without first
+	// confirming that it is being inlined.
+	if b&0x80 == 0x00 {
+		return 1
+	}
+	if b&0xE0 == 0xC0 {
+		return 2
+	}
+	if b&0xF0 == 0xE0 {
+		return 3
+	}
+	if b&0xF8 == 0xF0 {
+		return 4
+	}
+	return 0
+
+}
diff --git a/vendor/sigs.k8s.io/yaml/yaml.go b/vendor/sigs.k8s.io/yaml/yaml.go
index efbc535d4..fc10246bd 100644
--- a/vendor/sigs.k8s.io/yaml/yaml.go
+++ b/vendor/sigs.k8s.io/yaml/yaml.go
@@ -1,3 +1,19 @@
+/*
+Copyright 2021 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
 package yaml
 
 import (
@@ -8,56 +24,59 @@ import (
 	"reflect"
 	"strconv"
 
-	"gopkg.in/yaml.v2"
+	"sigs.k8s.io/yaml/goyaml.v2"
 )
 
-// Marshal marshals the object into JSON then converts JSON to YAML and returns the
-// YAML.
-func Marshal(o interface{}) ([]byte, error) {
-	j, err := json.Marshal(o)
+// Marshal marshals obj into JSON using stdlib json.Marshal, and then converts JSON to YAML using JSONToYAML (see that method for more reference)
+func Marshal(obj interface{}) ([]byte, error) {
+	jsonBytes, err := json.Marshal(obj)
 	if err != nil {
-		return nil, fmt.Errorf("error marshaling into JSON: %v", err)
+		return nil, fmt.Errorf("error marshaling into JSON: %w", err)
 	}
 
-	y, err := JSONToYAML(j)
-	if err != nil {
-		return nil, fmt.Errorf("error converting JSON to YAML: %v", err)
-	}
-
-	return y, nil
+	return JSONToYAML(jsonBytes)
 }
 
 // JSONOpt is a decoding option for decoding from JSON format.
 type JSONOpt func(*json.Decoder) *json.Decoder
 
-// Unmarshal converts YAML to JSON then uses JSON to unmarshal into an object,
-// optionally configuring the behavior of the JSON unmarshal.
-func Unmarshal(y []byte, o interface{}, opts ...JSONOpt) error {
-	return yamlUnmarshal(y, o, false, opts...)
+// Unmarshal first converts the given YAML to JSON, and then unmarshals the JSON into obj. Options for the
+// standard library json.Decoder can be optionally specified, e.g. to decode untyped numbers into json.Number instead of float64, or to disallow unknown fields (but for that purpose, see also UnmarshalStrict). obj must be a non-nil pointer.
+//
+// Important notes about the Unmarshal logic:
+//
+//   - Decoding is case-insensitive, unlike the rest of Kubernetes API machinery, as this is using the stdlib json library. This might be confusing to users.
+//   - This decodes any number (although it is an integer) into a float64 if the type of obj is unknown, e.g. *map[string]interface{}, *interface{}, or *[]interface{}. This means integers above +/- 2^53 will lose precision when round-tripping. Make a JSONOpt that calls d.UseNumber() to avoid this.
+//   - Duplicate fields, including in-case-sensitive matches, are ignored in an undefined order. Note that the YAML specification forbids duplicate fields, so this logic is more permissive than it needs to. See UnmarshalStrict for an alternative.
+//   - Unknown fields, i.e. serialized data that do not map to a field in obj, are ignored. Use d.DisallowUnknownFields() or UnmarshalStrict to override.
+//   - As per the YAML 1.1 specification, which yaml.v2 used underneath implements, literal 'yes' and 'no' strings without quotation marks will be converted to true/false implicitly.
+//   - YAML non-string keys, e.g. ints, bools and floats, are converted to strings implicitly during the YAML to JSON conversion process.
+//   - There are no compatibility guarantees for returned error values.
+func Unmarshal(yamlBytes []byte, obj interface{}, opts ...JSONOpt) error {
+	return unmarshal(yamlBytes, obj, yaml.Unmarshal, opts...)
 }
 
-// UnmarshalStrict strictly converts YAML to JSON then uses JSON to unmarshal
-// into an object, optionally configuring the behavior of the JSON unmarshal.
-func UnmarshalStrict(y []byte, o interface{}, opts ...JSONOpt) error {
-	return yamlUnmarshal(y, o, true, append(opts, DisallowUnknownFields)...)
+// UnmarshalStrict is similar to Unmarshal (please read its documentation for reference), with the following exceptions:
+//
+//   - Duplicate fields in an object yield an error. This is according to the YAML specification.
+//   - If obj, or any of its recursive children, is a struct, presence of fields in the serialized data unknown to the struct will yield an error.
+func UnmarshalStrict(yamlBytes []byte, obj interface{}, opts ...JSONOpt) error {
+	return unmarshal(yamlBytes, obj, yaml.UnmarshalStrict, append(opts, DisallowUnknownFields)...)
 }
 
-// yamlUnmarshal unmarshals the given YAML byte stream into the given interface,
+// unmarshal unmarshals the given YAML byte stream into the given interface,
 // optionally performing the unmarshalling strictly
-func yamlUnmarshal(y []byte, o interface{}, strict bool, opts ...JSONOpt) error {
-	vo := reflect.ValueOf(o)
-	unmarshalFn := yaml.Unmarshal
-	if strict {
-		unmarshalFn = yaml.UnmarshalStrict
-	}
-	j, err := yamlToJSON(y, &vo, unmarshalFn)
+func unmarshal(yamlBytes []byte, obj interface{}, unmarshalFn func([]byte, interface{}) error, opts ...JSONOpt) error {
+	jsonTarget := reflect.ValueOf(obj)
+
+	jsonBytes, err := yamlToJSONTarget(yamlBytes, &jsonTarget, unmarshalFn)
 	if err != nil {
-		return fmt.Errorf("error converting YAML to JSON: %v", err)
+		return fmt.Errorf("error converting YAML to JSON: %w", err)
 	}
 
-	err = jsonUnmarshal(bytes.NewReader(j), o, opts...)
+	err = jsonUnmarshal(bytes.NewReader(jsonBytes), obj, opts...)
 	if err != nil {
-		return fmt.Errorf("error unmarshaling JSON: %v", err)
+		return fmt.Errorf("error unmarshaling JSON: %w", err)
 	}
 
 	return nil
@@ -67,21 +86,26 @@ func yamlUnmarshal(y []byte, o interface{}, strict bool, opts ...JSONOpt) error
 // object, optionally applying decoder options prior to decoding.  We are not
 // using json.Unmarshal directly as we want the chance to pass in non-default
 // options.
-func jsonUnmarshal(r io.Reader, o interface{}, opts ...JSONOpt) error {
-	d := json.NewDecoder(r)
+func jsonUnmarshal(reader io.Reader, obj interface{}, opts ...JSONOpt) error {
+	d := json.NewDecoder(reader)
 	for _, opt := range opts {
 		d = opt(d)
 	}
-	if err := d.Decode(&o); err != nil {
+	if err := d.Decode(&obj); err != nil {
 		return fmt.Errorf("while decoding JSON: %v", err)
 	}
 	return nil
 }
 
-// JSONToYAML Converts JSON to YAML.
+// JSONToYAML converts JSON to YAML. Notable implementation details:
+//
+//   - Duplicate fields, are case-sensitively ignored in an undefined order.
+//   - The sequence indentation style is compact, which means that the "- " marker for a YAML sequence will be on the same indentation level as the sequence field name.
+//   - Unlike Unmarshal, all integers, up to 64 bits, are preserved during this round-trip.
 func JSONToYAML(j []byte) ([]byte, error) {
 	// Convert the JSON to an object.
 	var jsonObj interface{}
+
 	// We are using yaml.Unmarshal here (instead of json.Unmarshal) because the
 	// Go JSON library doesn't try to pick the right number type (int, float,
 	// etc.) when unmarshalling to interface{}, it just picks float64
@@ -93,35 +117,46 @@ func JSONToYAML(j []byte) ([]byte, error) {
 	}
 
 	// Marshal this object into YAML.
-	return yaml.Marshal(jsonObj)
+	yamlBytes, err := yaml.Marshal(jsonObj)
+	if err != nil {
+		return nil, err
+	}
+
+	return yamlBytes, nil
 }
 
 // YAMLToJSON converts YAML to JSON. Since JSON is a subset of YAML,
 // passing JSON through this method should be a no-op.
 //
-// Things YAML can do that are not supported by JSON:
-// * In YAML you can have binary and null keys in your maps. These are invalid
-//   in JSON. (int and float keys are converted to strings.)
-// * Binary data in YAML with the !!binary tag is not supported. If you want to
-//   use binary data with this library, encode the data as base64 as usual but do
-//   not use the !!binary tag in your YAML. This will ensure the original base64
-//   encoded data makes it all the way through to the JSON.
+// Some things YAML can do that are not supported by JSON:
+//   - In YAML you can have binary and null keys in your maps. These are invalid
+//     in JSON, and therefore int, bool and float keys are converted to strings implicitly.
+//   - Binary data in YAML with the !!binary tag is not supported. If you want to
+//     use binary data with this library, encode the data as base64 as usual but do
+//     not use the !!binary tag in your YAML. This will ensure the original base64
+//     encoded data makes it all the way through to the JSON.
+//   - And more... read the YAML specification for more details.
+//
+// Notable about the implementation:
 //
-// For strict decoding of YAML, use YAMLToJSONStrict.
+// - Duplicate fields are case-sensitively ignored in an undefined order. Note that the YAML specification forbids duplicate fields, so this logic is more permissive than it needs to. See YAMLToJSONStrict for an alternative.
+// - As per the YAML 1.1 specification, which yaml.v2 used underneath implements, literal 'yes' and 'no' strings without quotation marks will be converted to true/false implicitly.
+// - Unlike Unmarshal, all integers, up to 64 bits, are preserved during this round-trip.
+// - There are no compatibility guarantees for returned error values.
 func YAMLToJSON(y []byte) ([]byte, error) {
-	return yamlToJSON(y, nil, yaml.Unmarshal)
+	return yamlToJSONTarget(y, nil, yaml.Unmarshal)
 }
 
 // YAMLToJSONStrict is like YAMLToJSON but enables strict YAML decoding,
 // returning an error on any duplicate field names.
 func YAMLToJSONStrict(y []byte) ([]byte, error) {
-	return yamlToJSON(y, nil, yaml.UnmarshalStrict)
+	return yamlToJSONTarget(y, nil, yaml.UnmarshalStrict)
 }
 
-func yamlToJSON(y []byte, jsonTarget *reflect.Value, yamlUnmarshal func([]byte, interface{}) error) ([]byte, error) {
+func yamlToJSONTarget(yamlBytes []byte, jsonTarget *reflect.Value, unmarshalFn func([]byte, interface{}) error) ([]byte, error) {
 	// Convert the YAML to an object.
 	var yamlObj interface{}
-	err := yamlUnmarshal(y, &yamlObj)
+	err := unmarshalFn(yamlBytes, &yamlObj)
 	if err != nil {
 		return nil, err
 	}
@@ -136,7 +171,11 @@ func yamlToJSON(y []byte, jsonTarget *reflect.Value, yamlUnmarshal func([]byte,
 	}
 
 	// Convert this object to JSON and return the data.
-	return json.Marshal(jsonObj)
+	jsonBytes, err := json.Marshal(jsonObj)
+	if err != nil {
+		return nil, err
+	}
+	return jsonBytes, nil
 }
 
 func convertToJSONableObject(yamlObj interface{}, jsonTarget *reflect.Value) (interface{}, error) {
@@ -147,13 +186,13 @@ func convertToJSONableObject(yamlObj interface{}, jsonTarget *reflect.Value) (in
 	// decoding into the value, we're just checking if the ultimate target is a
 	// string.
 	if jsonTarget != nil {
-		ju, tu, pv := indirect(*jsonTarget, false)
+		jsonUnmarshaler, textUnmarshaler, pointerValue := indirect(*jsonTarget, false)
 		// We have a JSON or Text Umarshaler at this level, so we can't be trying
 		// to decode into a string.
-		if ju != nil || tu != nil {
+		if jsonUnmarshaler != nil || textUnmarshaler != nil {
 			jsonTarget = nil
 		} else {
-			jsonTarget = &pv
+			jsonTarget = &pointerValue
 		}
 	}
 
@@ -205,7 +244,7 @@ func convertToJSONableObject(yamlObj interface{}, jsonTarget *reflect.Value) (in
 					keyString = "false"
 				}
 			default:
-				return nil, fmt.Errorf("Unsupported map key of type: %s, key: %+#v, value: %+#v",
+				return nil, fmt.Errorf("unsupported map key of type: %s, key: %+#v, value: %+#v",
 					reflect.TypeOf(k), k, v)
 			}
 
diff --git a/vendor/sigs.k8s.io/yaml/yaml_go110.go b/vendor/sigs.k8s.io/yaml/yaml_go110.go
index ab3e06a22..94abc1719 100644
--- a/vendor/sigs.k8s.io/yaml/yaml_go110.go
+++ b/vendor/sigs.k8s.io/yaml/yaml_go110.go
@@ -1,7 +1,24 @@
 // This file contains changes that are only compatible with go 1.10 and onwards.
 
+//go:build go1.10
 // +build go1.10
 
+/*
+Copyright 2021 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
 package yaml
 
 import "encoding/json"

From 0761b1f9b37352999761b665381abf0a6ebde9f5 Mon Sep 17 00:00:00 2001
From: guewa <72857276+guewa@users.noreply.github.com>
Date: Tue, 14 Nov 2023 08:21:50 +0100
Subject: [PATCH 02/23] run (run-int-tests)


From b3c5fe318d1807cd1ae75cf0a9cc3d0125d14307 Mon Sep 17 00:00:00 2001
From: guewa <72857276+guewa@users.noreply.github.com>
Date: Mon, 4 Dec 2023 09:49:37 +0100
Subject: [PATCH 03/23] run (run-int-tests)


From 3c264a01dba467759e741fd00ebdd98a18898bab Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 9 Nov 2023 22:02:07 +0000
Subject: [PATCH 04/23] Bump github.com/sigstore/cosign/v2 from 2.1.1 to 2.2.1

Bumps [github.com/sigstore/cosign/v2](https://github.com/sigstore/cosign) from 2.1.1 to 2.2.1.
- [Release notes](https://github.com/sigstore/cosign/releases)
- [Changelog](https://github.com/sigstore/cosign/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sigstore/cosign/compare/v2.1.1...v2.2.1)

---
updated-dependencies:
- dependency-name: github.com/sigstore/cosign/v2
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 go.mod             |  157 ++-
 vendor/modules.txt | 2754 --------------------------------------------
 2 files changed, 149 insertions(+), 2762 deletions(-)

diff --git a/go.mod b/go.mod
index 8ed737883..72e6675c5 100644
--- a/go.mod
+++ b/go.mod
@@ -5,7 +5,7 @@ go 1.20
 require (
 	github.com/Masterminds/sprig/v3 v3.2.3
 	github.com/ahmetb/gen-crd-api-reference-docs v0.3.0
-	github.com/containerd/containerd v1.7.0
+	github.com/containerd/containerd v1.7.6
 	github.com/docker/cli v24.0.7+incompatible
 	github.com/gardener/component-cli v0.44.0
 	github.com/gardener/component-spec/bindings-go v0.0.95
@@ -13,10 +13,13 @@ require (
 	github.com/gardener/landscaper/apis v0.0.0-00010101000000-000000000000
 	github.com/gardener/landscaper/controller-utils v0.0.0-00010101000000-000000000000
 	github.com/go-logr/logr v1.3.0
+	github.com/go-logr/logr v1.3.0
 	github.com/golang/mock v1.6.0
 	github.com/google/uuid v1.4.0
+	github.com/google/uuid v1.4.0
 	github.com/hashicorp/go-multierror v1.1.1
 	github.com/imdario/mergo v0.3.16
+	github.com/imdario/mergo v0.3.16
 	github.com/mandelsoft/filepath v0.0.0-20230412200429-36b1eb66bd27
 	github.com/mandelsoft/spiff v1.7.0-beta-5
 	github.com/mandelsoft/vfs v0.0.0-20230713123140-269aa4fb1338
@@ -28,24 +31,33 @@ require (
 	github.com/opencontainers/image-spec v1.1.0-rc5
 	github.com/pkg/errors v0.9.1
 	github.com/prometheus/client_golang v1.17.0
+	github.com/prometheus/client_golang v1.17.0
 	github.com/robfig/cron/v3 v3.0.1
 	github.com/spf13/cobra v1.8.0
+	github.com/spf13/cobra v1.8.0
 	github.com/spf13/pflag v1.0.5
 	github.com/xeipuuv/gojsonschema v1.2.0
 	golang.org/x/crypto v0.14.0
 	golang.org/x/lint v0.0.0-20210508222113-6edffad5e616
 	golang.org/x/oauth2 v0.13.0
 	golang.org/x/sync v0.5.0
+	golang.org/x/oauth2 v0.13.0
+	golang.org/x/sync v0.5.0
 	golang.org/x/sys v0.13.0
 	gopkg.in/yaml.v3 v3.0.1
 	helm.sh/helm/v3 v3.12.2
 	k8s.io/api v0.28.3
+	k8s.io/api v0.28.3
 	k8s.io/apiextensions-apiserver v0.27.2
 	k8s.io/apimachinery v0.28.3
 	k8s.io/client-go v0.28.3
 	k8s.io/utils v0.0.0-20230726121419-3b25d923346b
+	k8s.io/apimachinery v0.28.3
+	k8s.io/client-go v0.28.3
+	k8s.io/utils v0.0.0-20230726121419-3b25d923346b
 	sigs.k8s.io/controller-runtime v0.15.1
 	sigs.k8s.io/yaml v1.4.0
+	sigs.k8s.io/yaml v1.4.0
 )
 
 replace (
@@ -55,6 +67,7 @@ replace (
 )
 
 require (
+	cloud.google.com/go/compute v1.23.2 // indirect
 	cloud.google.com/go/compute v1.23.2 // indirect
 	cloud.google.com/go/compute/metadata v0.2.3 // indirect
 	filippo.io/edwards25519 v1.0.0 // indirect
@@ -62,9 +75,11 @@ require (
 	github.com/AliyunContainerService/ack-ram-tool/pkg/credentials/alibabacloudsdkgo/helper v0.2.0 // indirect
 	github.com/Azure/azure-sdk-for-go v68.0.0+incompatible // indirect
 	github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 // indirect
+	github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 // indirect
 	github.com/Azure/go-autorest v14.2.0+incompatible // indirect
 	github.com/Azure/go-autorest/autorest v0.11.29 // indirect
 	github.com/Azure/go-autorest/autorest/adal v0.9.23 // indirect
+	github.com/Azure/go-autorest/autorest/adal v0.9.23 // indirect
 	github.com/Azure/go-autorest/autorest/azure/auth v0.5.12 // indirect
 	github.com/Azure/go-autorest/autorest/azure/cli v0.4.6 // indirect
 	github.com/Azure/go-autorest/autorest/date v0.3.0 // indirect
@@ -79,6 +94,14 @@ require (
 	github.com/DataDog/go-tuf v1.0.2-0.5.2 // indirect
 	github.com/DataDog/gostackparse v0.7.0 // indirect
 	github.com/DataDog/sketches-go v1.4.3 // indirect
+	github.com/DataDog/appsec-internal-go v1.0.0 // indirect
+	github.com/DataDog/datadog-agent/pkg/obfuscate v0.48.1 // indirect
+	github.com/DataDog/datadog-agent/pkg/remoteconfig/state v0.48.1 // indirect
+	github.com/DataDog/datadog-go/v5 v5.3.0 // indirect
+	github.com/DataDog/go-libddwaf v1.5.0 // indirect
+	github.com/DataDog/go-tuf v1.0.2-0.5.2 // indirect
+	github.com/DataDog/gostackparse v0.7.0 // indirect
+	github.com/DataDog/sketches-go v1.4.3 // indirect
 	github.com/MakeNowJust/heredoc v1.0.0 // indirect
 	github.com/Masterminds/goutils v1.1.1 // indirect
 	github.com/Masterminds/semver/v3 v3.2.1 // indirect
@@ -86,25 +109,37 @@ require (
 	github.com/Microsoft/go-winio v0.6.1 // indirect
 	github.com/ProtonMail/go-crypto v0.0.0-20230923063757-afb1ddc0824c // indirect
 	github.com/Microsoft/hcsshim v0.11.0 // indirect
-	github.com/ProtonMail/go-crypto v0.0.0-20230518184743-7afd39499903 // indirect
+	github.com/ProtonMail/go-crypto v0.0.0-20230923063757-afb1ddc0824c // indirect
 	github.com/ThalesIgnite/crypto11 v1.2.5 // indirect
 	github.com/alibabacloud-go/alibabacloud-gateway-spi v0.0.4 // indirect
 	github.com/alibabacloud-go/cr-20160607 v1.0.1 // indirect
 	github.com/alibabacloud-go/cr-20181201 v1.0.10 // indirect
 	github.com/alibabacloud-go/darabonba-openapi v0.2.1 // indirect
 	github.com/alibabacloud-go/debug v1.0.0 // indirect
+	github.com/alibabacloud-go/darabonba-openapi v0.2.1 // indirect
+	github.com/alibabacloud-go/debug v1.0.0 // indirect
 	github.com/alibabacloud-go/endpoint-util v1.1.1 // indirect
 	github.com/alibabacloud-go/openapi-util v0.1.0 // indirect
 	github.com/alibabacloud-go/tea v1.2.1 // indirect
 	github.com/alibabacloud-go/tea-utils v1.4.5 // indirect
 	github.com/alibabacloud-go/tea-xml v1.1.3 // indirect
 	github.com/aliyun/credentials-go v1.3.1 // indirect
+	github.com/alibabacloud-go/openapi-util v0.1.0 // indirect
+	github.com/alibabacloud-go/tea v1.2.1 // indirect
+	github.com/alibabacloud-go/tea-utils v1.4.5 // indirect
+	github.com/alibabacloud-go/tea-xml v1.1.3 // indirect
+	github.com/aliyun/credentials-go v1.3.1 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
 	github.com/aws/aws-sdk-go-v2 v1.21.2 // indirect
 	github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.4.13 // indirect
 	github.com/aws/aws-sdk-go-v2/config v1.19.1 // indirect
 	github.com/aws/aws-sdk-go-v2/credentials v1.13.43 // indirect
 	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.13 // indirect
+	github.com/aws/aws-sdk-go-v2 v1.21.2 // indirect
+	github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.4.13 // indirect
+	github.com/aws/aws-sdk-go-v2/config v1.19.1 // indirect
+	github.com/aws/aws-sdk-go-v2/credentials v1.13.43 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.13 // indirect
 	github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.11.33 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.43 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.37 // indirect
@@ -122,15 +157,36 @@ require (
 	github.com/aws/aws-sdk-go-v2/service/sts v1.23.2 // indirect
 	github.com/aws/smithy-go v1.15.0 // indirect
 	github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20231024185945-8841054dbdb8 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.43 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.37 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/ini v1.3.45 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/v4a v1.1.4 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ecr v1.20.2 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.18.2 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.9.14 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.1.36 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.37 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.15.4 // indirect
+	github.com/aws/aws-sdk-go-v2/service/s3 v1.40.0 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.15.2 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.17.3 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sts v1.23.2 // indirect
+	github.com/aws/smithy-go v1.15.0 // indirect
+	github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20231024185945-8841054dbdb8 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/blang/semver v3.5.1+incompatible // indirect
 	github.com/buildkite/agent/v3 v3.58.0 // indirect
 	github.com/buildkite/interpolate v0.0.0-20200526001904-07f35b4ae251 // indirect
+	github.com/buildkite/agent/v3 v3.58.0 // indirect
+	github.com/buildkite/interpolate v0.0.0-20200526001904-07f35b4ae251 // indirect
 	github.com/cespare/xxhash/v2 v2.2.0 // indirect
 	github.com/chai2010/gettext-go v1.0.2 // indirect
 	github.com/chrismellard/docker-credential-acr-env v0.0.0-20230304212654-82a0ddb27589 // indirect
 	github.com/clbanning/mxj/v2 v2.7.0 // indirect
 	github.com/cloudflare/circl v1.3.5 // indirect
+	github.com/chrismellard/docker-credential-acr-env v0.0.0-20230304212654-82a0ddb27589 // indirect
+	github.com/clbanning/mxj/v2 v2.7.0 // indirect
+	github.com/cloudflare/circl v1.3.5 // indirect
 	github.com/common-nighthawk/go-figure v0.0.0-20210622060536-734e95fb86be // indirect
 	github.com/containerd/stargz-snapshotter/estargz v0.14.3 // indirect
 	github.com/containers/image/v5 v5.21.1 // indirect
@@ -139,19 +195,22 @@ require (
 	github.com/containers/storage v1.42.0 // indirect
 	github.com/coreos/go-oidc/v3 v3.7.0 // indirect
 	github.com/cyberphone/json-canonicalization v0.0.0-20231011164504-785e29786b46 // indirect
+	github.com/coreos/go-oidc/v3 v3.7.0 // indirect
+	github.com/cyberphone/json-canonicalization v0.0.0-20231011164504-785e29786b46 // indirect
 	github.com/cyphar/filepath-securejoin v0.2.4 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 	github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0 // indirect
 	github.com/digitorus/pkcs7 v0.0.0-20230818184609-3a137a874352 // indirect
 	github.com/digitorus/timestamp v0.0.0-20230902153158-687734543647 // indirect
+	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
+	github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0 // indirect
+	github.com/digitorus/pkcs7 v0.0.0-20230818184609-3a137a874352 // indirect
+	github.com/digitorus/timestamp v0.0.0-20230902153158-687734543647 // indirect
 	github.com/dimchansky/utfbom v1.1.1 // indirect
 	github.com/distribution/reference v0.5.0 // indirect
 	github.com/docker/distribution v2.8.3+incompatible // indirect
 	github.com/docker/docker v24.0.7+incompatible // indirect
 	github.com/docker/docker-credential-helpers v0.8.0 // indirect
-	github.com/docker/distribution v2.8.2+incompatible // indirect
-	github.com/docker/docker v24.0.7+incompatible // indirect
-	github.com/docker/docker-credential-helpers v0.7.0 // indirect
 	github.com/docker/go v1.5.1-1.0.20160303222718-d30aec9fd63c // indirect
 	github.com/docker/go-connections v0.4.0 // indirect
 	github.com/docker/go-metrics v0.0.1 // indirect
@@ -160,13 +219,19 @@ require (
 	github.com/dustin/go-humanize v1.0.1 // indirect
 	github.com/ebitengine/purego v0.5.0 // indirect
 	github.com/emicklei/go-restful/v3 v3.11.0 // indirect
+	github.com/dustin/go-humanize v1.0.1 // indirect
+	github.com/ebitengine/purego v0.5.0 // indirect
+	github.com/emicklei/go-restful/v3 v3.11.0 // indirect
 	github.com/evanphx/json-patch v5.6.0+incompatible // indirect
 	github.com/evanphx/json-patch/v5 v5.6.0 // indirect
 	github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f // indirect
 	github.com/fatih/color v1.15.0 // indirect
 	github.com/fsnotify/fsnotify v1.7.0 // indirect
+	github.com/fatih/color v1.15.0 // indirect
+	github.com/fsnotify/fsnotify v1.7.0 // indirect
 	github.com/fvbommel/sortorder v1.0.2 // indirect
 	github.com/gabriel-vasile/mimetype v1.4.3 // indirect
+	github.com/gabriel-vasile/mimetype v1.4.3 // indirect
 	github.com/ghodss/yaml v1.0.0 // indirect
 	github.com/go-chi/chi v4.1.2+incompatible // indirect
 	github.com/go-errors/errors v1.4.2 // indirect
@@ -177,6 +242,8 @@ require (
 	github.com/go-openapi/analysis v0.21.4 // indirect
 	github.com/go-openapi/errors v0.20.4 // indirect
 	github.com/go-openapi/jsonpointer v0.20.0 // indirect
+	github.com/go-openapi/errors v0.20.4 // indirect
+	github.com/go-openapi/jsonpointer v0.20.0 // indirect
 	github.com/go-openapi/jsonreference v0.20.2 // indirect
 	github.com/go-openapi/loads v0.21.2 // indirect
 	github.com/go-openapi/runtime v0.26.0 // indirect
@@ -187,10 +254,12 @@ require (
 	github.com/go-playground/locales v0.14.1 // indirect
 	github.com/go-playground/universal-translator v0.18.1 // indirect
 	github.com/go-playground/validator/v10 v10.15.5 // indirect
+	github.com/go-playground/validator/v10 v10.15.5 // indirect
 	github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect
 	github.com/go-test/deep v1.1.0 // indirect
 	github.com/gobwas/glob v0.2.3 // indirect
 	github.com/goccy/go-json v0.10.2 // indirect
+	github.com/goccy/go-json v0.10.2 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang-jwt/jwt/v4 v4.5.0 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
@@ -198,36 +267,50 @@ require (
 	github.com/golang/snappy v0.0.4 // indirect
 	github.com/google/btree v1.1.2 // indirect
 	github.com/google/certificate-transparency-go v1.1.7 // indirect
+	github.com/google/certificate-transparency-go v1.1.7 // indirect
 	github.com/google/gnostic v0.6.9 // indirect
 	github.com/google/gnostic-models v0.6.9-0.20230804172637-c7be7c783f49 // indirect
 	github.com/google/go-cmp v0.6.0 // indirect
 	github.com/google/go-containerregistry v0.16.1 // indirect
+	github.com/google/gnostic-models v0.6.9-0.20230804172637-c7be7c783f49 // indirect
+	github.com/google/go-cmp v0.6.0 // indirect
+	github.com/google/go-containerregistry v0.16.1 // indirect
 	github.com/google/go-github/v45 v45.2.0 // indirect
 	github.com/google/go-github/v55 v55.0.0 // indirect
+	github.com/google/go-github/v55 v55.0.0 // indirect
 	github.com/google/go-querystring v1.1.0 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
 	github.com/google/pprof v0.0.0-20231023181126-ff6d637d2a7b // indirect
 	github.com/google/s2a-go v0.1.7 // indirect
+	github.com/google/pprof v0.0.0-20231023181126-ff6d637d2a7b // indirect
+	github.com/google/s2a-go v0.1.7 // indirect
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
 	github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect
+	github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect
 	github.com/gorilla/mux v1.8.0 // indirect
 	github.com/gosuri/uitable v0.0.4 // indirect
 	github.com/gowebpki/jcs v1.0.1 // indirect
+	github.com/gowebpki/jcs v1.0.1 // indirect
 	github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
 	github.com/hashicorp/go-retryablehttp v0.7.4 // indirect
 	github.com/hashicorp/hcl v1.0.1-vault-5 // indirect
+	github.com/hashicorp/go-retryablehttp v0.7.4 // indirect
+	github.com/hashicorp/hcl v1.0.1-vault-5 // indirect
 	github.com/huandu/xstrings v1.4.0 // indirect
 	github.com/in-toto/in-toto-golang v0.9.0 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/jedisct1/go-minisign v0.0.0-20230811132847-661be99b8267 // indirect
+	github.com/jedisct1/go-minisign v0.0.0-20230811132847-661be99b8267 // indirect
 	github.com/jmespath/go-jmespath v0.4.0 // indirect
 	github.com/jmoiron/sqlx v1.3.5 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/klauspost/compress v1.17.2 // indirect
 	github.com/klauspost/pgzip v1.2.6 // indirect
+	github.com/klauspost/compress v1.17.2 // indirect
+	github.com/klauspost/pgzip v1.2.6 // indirect
 	github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 // indirect
 	github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 // indirect
 	github.com/leodido/go-urn v1.2.4 // indirect
@@ -238,6 +321,13 @@ require (
 	github.com/lestrrat-go/jwx/v2 v2.0.16 // indirect
 	github.com/lestrrat-go/option v1.0.1 // indirect
 	github.com/letsencrypt/boulder v0.0.0-20231026200631-000cd05d5491 // indirect
+	github.com/lestrrat-go/blackmagic v1.0.2 // indirect
+	github.com/lestrrat-go/httpcc v1.0.1 // indirect
+	github.com/lestrrat-go/httprc v1.0.4 // indirect
+	github.com/lestrrat-go/iter v1.0.2 // indirect
+	github.com/lestrrat-go/jwx/v2 v2.0.16 // indirect
+	github.com/lestrrat-go/option v1.0.1 // indirect
+	github.com/letsencrypt/boulder v0.0.0-20231026200631-000cd05d5491 // indirect
 	github.com/lib/pq v1.10.9 // indirect
 	github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect
 	github.com/magiconair/properties v1.8.7 // indirect
@@ -248,6 +338,9 @@ require (
 	github.com/mattn/go-isatty v0.0.20 // indirect
 	github.com/mattn/go-runewidth v0.0.15 // indirect
 	github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0 // indirect
+	github.com/mattn/go-isatty v0.0.20 // indirect
+	github.com/mattn/go-runewidth v0.0.15 // indirect
+	github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0 // indirect
 	github.com/miekg/pkcs11 v1.1.1 // indirect
 	github.com/mitchellh/copystructure v1.2.0 // indirect
 	github.com/mitchellh/go-homedir v1.1.0 // indirect
@@ -268,12 +361,15 @@ require (
 	github.com/nxadm/tail v1.4.8 // indirect
 	github.com/oklog/ulid v1.3.1 // indirect
 	github.com/oleiade/reflections v1.0.1 // indirect
+	github.com/oleiade/reflections v1.0.1 // indirect
 	github.com/opencontainers/distribution-spec v1.0.1 // indirect
 	github.com/opentracing/opentracing-go v1.2.0 // indirect
 	github.com/outcaste-io/ristretto v0.2.3 // indirect
+	github.com/outcaste-io/ristretto v0.2.3 // indirect
 	github.com/pborman/uuid v1.2.1 // indirect
 	github.com/pelletier/go-toml v1.9.5 // indirect
 	github.com/pelletier/go-toml/v2 v2.1.0 // indirect
+	github.com/pelletier/go-toml/v2 v2.1.0 // indirect
 	github.com/peterbourgon/diskv v2.0.1+incompatible // indirect
 	github.com/philhofer/fwd v1.1.2 // indirect
 	github.com/prometheus/client_model v0.5.0 // indirect
@@ -281,13 +377,23 @@ require (
 	github.com/prometheus/procfs v0.12.0 // indirect
 	github.com/puzpuzpuz/xsync/v2 v2.5.1 // indirect
 	github.com/rivo/uniseg v0.4.4 // indirect
+	github.com/philhofer/fwd v1.1.2 // indirect
+	github.com/prometheus/client_model v0.5.0 // indirect
+	github.com/prometheus/common v0.45.0 // indirect
+	github.com/prometheus/procfs v0.12.0 // indirect
+	github.com/puzpuzpuz/xsync/v2 v2.5.1 // indirect
+	github.com/rivo/uniseg v0.4.4 // indirect
 	github.com/rubenv/sql-migrate v1.3.1 // indirect
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
 	github.com/sagikazarmark/locafero v0.3.0 // indirect
 	github.com/sagikazarmark/slog-shim v0.1.0 // indirect
+	github.com/sagikazarmark/locafero v0.3.0 // indirect
+	github.com/sagikazarmark/slog-shim v0.1.0 // indirect
 	github.com/sassoftware/relic v7.2.1+incompatible // indirect
 	github.com/secure-systems-lab/go-securesystemslib v0.7.0 // indirect
 	github.com/segmentio/asm v1.2.0 // indirect
+	github.com/secure-systems-lab/go-securesystemslib v0.7.0 // indirect
+	github.com/segmentio/asm v1.2.0 // indirect
 	github.com/segmentio/ksuid v1.0.4 // indirect
 	github.com/shibumi/go-pathspec v1.3.0 // indirect
 	github.com/shopspring/decimal v1.3.1 // indirect
@@ -296,52 +402,77 @@ require (
 	github.com/sigstore/rekor v1.3.3 // indirect
 	github.com/sigstore/sigstore v1.7.5 // indirect
 	github.com/sigstore/timestamp-authority v1.2.0 // indirect
+	github.com/sigstore/cosign/v2 v2.2.1 // indirect
+	github.com/sigstore/fulcio v1.4.3 // indirect
+	github.com/sigstore/rekor v1.3.3 // indirect
+	github.com/sigstore/sigstore v1.7.5 // indirect
+	github.com/sigstore/timestamp-authority v1.2.0 // indirect
 	github.com/sirupsen/logrus v1.9.3 // indirect
 	github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966 // indirect
 	github.com/sourcegraph/conc v0.3.0 // indirect
 	github.com/spf13/afero v1.10.0 // indirect
+	github.com/sourcegraph/conc v0.3.0 // indirect
+	github.com/spf13/afero v1.10.0 // indirect
 	github.com/spf13/cast v1.5.1 // indirect
 	github.com/spf13/viper v1.17.0 // indirect
+	github.com/spf13/viper v1.17.0 // indirect
 	github.com/spiffe/go-spiffe/v2 v2.1.6 // indirect
 	github.com/subosito/gotenv v1.6.0 // indirect
+	github.com/subosito/gotenv v1.6.0 // indirect
 	github.com/syndtr/goleveldb v1.0.1-0.20220721030215-126854af5e6d // indirect
 	github.com/thales-e-security/pool v0.0.2 // indirect
 	github.com/theupdateframework/go-tuf v0.6.1 // indirect
+	github.com/theupdateframework/go-tuf v0.6.1 // indirect
 	github.com/theupdateframework/notary v0.7.0 // indirect
 	github.com/tinylib/msgp v1.1.8 // indirect
+	github.com/tinylib/msgp v1.1.8 // indirect
 	github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 // indirect
 	github.com/tjfoc/gmsm v1.4.1 // indirect
+	github.com/tjfoc/gmsm v1.4.1 // indirect
 	github.com/tonglil/buflogr v1.0.1 // indirect
 	github.com/transparency-dev/merkle v0.0.2 // indirect
 	github.com/ulikunitz/xz v0.5.11 // indirect
+	github.com/ulikunitz/xz v0.5.11 // indirect
 	github.com/valyala/bytebufferpool v1.0.0 // indirect
 	github.com/valyala/fasttemplate v1.2.2 // indirect
 	github.com/vbatts/tar-split v0.11.5 // indirect
 	github.com/xanzy/go-gitlab v0.93.2 // indirect
+	github.com/vbatts/tar-split v0.11.5 // indirect
+	github.com/xanzy/go-gitlab v0.93.2 // indirect
 	github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
 	github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
 	github.com/xlab/treeprint v1.1.0 // indirect
 	github.com/zeebo/errs v1.3.0 // indirect
 	go.mongodb.org/mongo-driver v1.12.1 // indirect
+	go.mongodb.org/mongo-driver v1.12.1 // indirect
 	go.opencensus.io v0.24.0 // indirect
-	go.opentelemetry.io/otel v1.19.0 // indirect
-	go.opentelemetry.io/otel/metric v1.19.0 // indirect
-	go.opentelemetry.io/otel/trace v1.19.0 // indirect
+	go.opentelemetry.io/otel v1.21.0 // indirect
+	go.opentelemetry.io/otel/metric v1.21.0 // indirect
+	go.opentelemetry.io/otel/trace v1.21.0 // indirect
 	go.starlark.net v0.0.0-20221028183056-acb66ad56dd2 // indirect
 	go.step.sm/crypto v0.36.1 // indirect
 	go.uber.org/atomic v1.11.0 // indirect
+	go.step.sm/crypto v0.36.1 // indirect
+	go.uber.org/atomic v1.11.0 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
 	go.uber.org/zap v1.26.0 // indirect
 	go4.org/intern v0.0.0-20230525184215-6c62f75575cb // indirect
 	go4.org/unsafe/assume-no-moving-gc v0.0.0-20230525183740-e7c30c78aeb2 // indirect
 	golang.org/x/exp v0.0.0-20231006140011-7918f672742d // indirect
 	golang.org/x/mod v0.13.0 // indirect
+	go.uber.org/zap v1.26.0 // indirect
+	go4.org/intern v0.0.0-20230525184215-6c62f75575cb // indirect
+	go4.org/unsafe/assume-no-moving-gc v0.0.0-20230525183740-e7c30c78aeb2 // indirect
+	golang.org/x/exp v0.0.0-20231006140011-7918f672742d // indirect
+	golang.org/x/mod v0.13.0 // indirect
 	golang.org/x/net v0.17.0 // indirect
 	golang.org/x/term v0.13.0 // indirect
 	golang.org/x/text v0.13.0 // indirect
 	golang.org/x/time v0.3.0 // indirect
 	golang.org/x/tools v0.14.0 // indirect
 	golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 // indirect
+	golang.org/x/tools v0.14.0 // indirect
+	golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 // indirect
 	gomodules.xyz/jsonpatch/v2 v2.3.0 // indirect
 	google.golang.org/api v0.149.0 // indirect
 	google.golang.org/appengine v1.6.8 // indirect
@@ -350,19 +481,29 @@ require (
 	google.golang.org/protobuf v1.31.0 // indirect
 	gopkg.in/DataDog/dd-trace-go.v1 v1.56.1 // indirect
 	gopkg.in/go-jose/go-jose.v2 v2.6.1 // indirect
+	google.golang.org/api v0.149.0 // indirect
+	google.golang.org/appengine v1.6.8 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20231016165738-49dd2c1f3d0b // indirect
+	google.golang.org/grpc v1.59.0 // indirect
+	google.golang.org/protobuf v1.31.0 // indirect
+	gopkg.in/DataDog/dd-trace-go.v1 v1.56.1 // indirect
+	gopkg.in/go-jose/go-jose.v2 v2.6.1 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/square/go-jose.v2 v2.6.0 // indirect
 	gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	inet.af/netaddr v0.0.0-20230525184311-b8eac61e914a // indirect
+	inet.af/netaddr v0.0.0-20230525184311-b8eac61e914a // indirect
 	k8s.io/apiserver v0.27.2 // indirect
 	k8s.io/cli-runtime v0.27.2 // indirect
 	k8s.io/component-base v0.27.2 // indirect
 	k8s.io/gengo v0.0.0-20230829151522-9cce18d56c01 // indirect
+	k8s.io/gengo v0.0.0-20230829151522-9cce18d56c01 // indirect
 	k8s.io/klog v1.0.0 // indirect
 	k8s.io/klog/v2 v2.100.1 // indirect
 	k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00 // indirect
+	k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00 // indirect
 	k8s.io/kubectl v0.27.2 // indirect
 	oras.land/oras-go v1.2.4 // indirect
 	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
diff --git a/vendor/modules.txt b/vendor/modules.txt
index 91756b4cd..e69de29bb 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -1,2754 +0,0 @@
-# cloud.google.com/go/compute v1.23.2
-## explicit; go 1.19
-cloud.google.com/go/compute/internal
-# cloud.google.com/go/compute/metadata v0.2.3
-## explicit; go 1.19
-cloud.google.com/go/compute/metadata
-# filippo.io/edwards25519 v1.0.0
-## explicit; go 1.17
-filippo.io/edwards25519
-filippo.io/edwards25519/field
-# github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24
-## explicit; go 1.20
-github.com/AdaLogics/go-fuzz-headers
-# github.com/AliyunContainerService/ack-ram-tool/pkg/credentials/alibabacloudsdkgo/helper v0.2.0
-## explicit; go 1.17
-github.com/AliyunContainerService/ack-ram-tool/pkg/credentials/alibabacloudsdkgo/helper
-# github.com/Azure/azure-sdk-for-go v68.0.0+incompatible
-## explicit
-github.com/Azure/azure-sdk-for-go/services/preview/containerregistry/runtime/2019-08-15-preview/containerregistry
-github.com/Azure/azure-sdk-for-go/version
-# github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161
-## explicit; go 1.16
-github.com/Azure/go-ansiterm
-github.com/Azure/go-ansiterm/winterm
-# github.com/Azure/go-autorest v14.2.0+incompatible
-## explicit
-github.com/Azure/go-autorest
-# github.com/Azure/go-autorest/autorest v0.11.29
-## explicit; go 1.15
-github.com/Azure/go-autorest/autorest
-github.com/Azure/go-autorest/autorest/azure
-# github.com/Azure/go-autorest/autorest/adal v0.9.23
-## explicit; go 1.15
-github.com/Azure/go-autorest/autorest/adal
-# github.com/Azure/go-autorest/autorest/azure/auth v0.5.12
-## explicit; go 1.15
-github.com/Azure/go-autorest/autorest/azure/auth
-# github.com/Azure/go-autorest/autorest/azure/cli v0.4.6
-## explicit; go 1.15
-github.com/Azure/go-autorest/autorest/azure/cli
-# github.com/Azure/go-autorest/autorest/date v0.3.0
-## explicit; go 1.12
-github.com/Azure/go-autorest/autorest/date
-# github.com/Azure/go-autorest/logger v0.2.1
-## explicit; go 1.12
-github.com/Azure/go-autorest/logger
-# github.com/Azure/go-autorest/tracing v0.6.0
-## explicit; go 1.12
-github.com/Azure/go-autorest/tracing
-# github.com/BurntSushi/toml v1.2.1
-## explicit; go 1.16
-github.com/BurntSushi/toml
-github.com/BurntSushi/toml/internal
-# github.com/DataDog/appsec-internal-go v1.0.0
-## explicit; go 1.18
-github.com/DataDog/appsec-internal-go/httpsec
-github.com/DataDog/appsec-internal-go/netip
-# github.com/DataDog/datadog-agent/pkg/obfuscate v0.48.1
-## explicit; go 1.20
-github.com/DataDog/datadog-agent/pkg/obfuscate
-# github.com/DataDog/datadog-agent/pkg/remoteconfig/state v0.48.1
-## explicit; go 1.20
-github.com/DataDog/datadog-agent/pkg/remoteconfig/state
-# github.com/DataDog/datadog-go/v5 v5.3.0
-## explicit; go 1.13
-github.com/DataDog/datadog-go/v5/statsd
-# github.com/DataDog/go-libddwaf v1.5.0
-## explicit; go 1.18
-github.com/DataDog/go-libddwaf
-github.com/DataDog/go-libddwaf/internal/noopfree
-# github.com/DataDog/go-tuf v1.0.2-0.5.2
-## explicit; go 1.18
-github.com/DataDog/go-tuf/client
-github.com/DataDog/go-tuf/data
-github.com/DataDog/go-tuf/internal/roles
-github.com/DataDog/go-tuf/internal/sets
-github.com/DataDog/go-tuf/pkg/keys
-github.com/DataDog/go-tuf/pkg/targets
-github.com/DataDog/go-tuf/util
-github.com/DataDog/go-tuf/verify
-# github.com/DataDog/gostackparse v0.7.0
-## explicit; go 1.16
-github.com/DataDog/gostackparse
-# github.com/DataDog/sketches-go v1.4.3
-## explicit; go 1.15
-github.com/DataDog/sketches-go/ddsketch
-github.com/DataDog/sketches-go/ddsketch/encoding
-github.com/DataDog/sketches-go/ddsketch/mapping
-github.com/DataDog/sketches-go/ddsketch/pb/sketchpb
-github.com/DataDog/sketches-go/ddsketch/stat
-github.com/DataDog/sketches-go/ddsketch/store
-# github.com/MakeNowJust/heredoc v1.0.0
-## explicit; go 1.12
-github.com/MakeNowJust/heredoc
-# github.com/Masterminds/goutils v1.1.1
-## explicit
-github.com/Masterminds/goutils
-# github.com/Masterminds/semver/v3 v3.2.1
-## explicit; go 1.18
-github.com/Masterminds/semver/v3
-# github.com/Masterminds/sprig/v3 v3.2.3
-## explicit; go 1.13
-github.com/Masterminds/sprig/v3
-# github.com/Masterminds/squirrel v1.5.4
-## explicit; go 1.14
-github.com/Masterminds/squirrel
-# github.com/Microsoft/go-winio v0.6.1
-## explicit; go 1.17
-github.com/Microsoft/go-winio
-github.com/Microsoft/go-winio/internal/fs
-github.com/Microsoft/go-winio/internal/socket
-github.com/Microsoft/go-winio/internal/stringbuffer
-github.com/Microsoft/go-winio/pkg/guid
-# github.com/ProtonMail/go-crypto v0.0.0-20230923063757-afb1ddc0824c
-## explicit; go 1.13
-github.com/ProtonMail/go-crypto/bitcurves
-github.com/ProtonMail/go-crypto/brainpool
-github.com/ProtonMail/go-crypto/eax
-github.com/ProtonMail/go-crypto/internal/byteutil
-github.com/ProtonMail/go-crypto/ocb
-github.com/ProtonMail/go-crypto/openpgp
-github.com/ProtonMail/go-crypto/openpgp/aes/keywrap
-github.com/ProtonMail/go-crypto/openpgp/armor
-github.com/ProtonMail/go-crypto/openpgp/ecdh
-github.com/ProtonMail/go-crypto/openpgp/ecdsa
-github.com/ProtonMail/go-crypto/openpgp/eddsa
-github.com/ProtonMail/go-crypto/openpgp/elgamal
-github.com/ProtonMail/go-crypto/openpgp/errors
-github.com/ProtonMail/go-crypto/openpgp/internal/algorithm
-github.com/ProtonMail/go-crypto/openpgp/internal/ecc
-github.com/ProtonMail/go-crypto/openpgp/internal/encoding
-github.com/ProtonMail/go-crypto/openpgp/packet
-github.com/ProtonMail/go-crypto/openpgp/s2k
-# github.com/ThalesIgnite/crypto11 v1.2.5
-## explicit; go 1.13
-github.com/ThalesIgnite/crypto11
-# github.com/ahmetb/gen-crd-api-reference-docs v0.3.0
-## explicit; go 1.15
-github.com/ahmetb/gen-crd-api-reference-docs
-# github.com/alibabacloud-go/alibabacloud-gateway-spi v0.0.4
-## explicit; go 1.14
-github.com/alibabacloud-go/alibabacloud-gateway-spi/client
-# github.com/alibabacloud-go/cr-20160607 v1.0.1
-## explicit; go 1.15
-github.com/alibabacloud-go/cr-20160607/client
-# github.com/alibabacloud-go/cr-20181201 v1.0.10
-## explicit; go 1.15
-github.com/alibabacloud-go/cr-20181201/client
-# github.com/alibabacloud-go/darabonba-openapi v0.2.1
-## explicit; go 1.14
-github.com/alibabacloud-go/darabonba-openapi/client
-# github.com/alibabacloud-go/debug v1.0.0
-## explicit; go 1.18
-github.com/alibabacloud-go/debug/debug
-# github.com/alibabacloud-go/endpoint-util v1.1.1
-## explicit
-github.com/alibabacloud-go/endpoint-util/service
-# github.com/alibabacloud-go/openapi-util v0.1.0
-## explicit; go 1.14
-github.com/alibabacloud-go/openapi-util/service
-# github.com/alibabacloud-go/tea v1.2.1
-## explicit; go 1.14
-github.com/alibabacloud-go/tea/tea
-github.com/alibabacloud-go/tea/utils
-# github.com/alibabacloud-go/tea-utils v1.4.5
-## explicit; go 1.14
-github.com/alibabacloud-go/tea-utils/service
-# github.com/alibabacloud-go/tea-xml v1.1.3
-## explicit; go 1.14
-github.com/alibabacloud-go/tea-xml/service
-# github.com/aliyun/credentials-go v1.3.1
-## explicit; go 1.14
-github.com/aliyun/credentials-go/credentials
-github.com/aliyun/credentials-go/credentials/request
-github.com/aliyun/credentials-go/credentials/response
-github.com/aliyun/credentials-go/credentials/utils
-# github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2
-## explicit; go 1.13
-github.com/asaskevich/govalidator
-# github.com/aws/aws-sdk-go-v2 v1.21.2
-## explicit; go 1.15
-github.com/aws/aws-sdk-go-v2
-github.com/aws/aws-sdk-go-v2/aws
-github.com/aws/aws-sdk-go-v2/aws/arn
-github.com/aws/aws-sdk-go-v2/aws/defaults
-github.com/aws/aws-sdk-go-v2/aws/middleware
-github.com/aws/aws-sdk-go-v2/aws/protocol/query
-github.com/aws/aws-sdk-go-v2/aws/protocol/restjson
-github.com/aws/aws-sdk-go-v2/aws/protocol/xml
-github.com/aws/aws-sdk-go-v2/aws/ratelimit
-github.com/aws/aws-sdk-go-v2/aws/retry
-github.com/aws/aws-sdk-go-v2/aws/signer/internal/v4
-github.com/aws/aws-sdk-go-v2/aws/signer/v4
-github.com/aws/aws-sdk-go-v2/aws/transport/http
-github.com/aws/aws-sdk-go-v2/internal/auth
-github.com/aws/aws-sdk-go-v2/internal/awsutil
-github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn
-github.com/aws/aws-sdk-go-v2/internal/rand
-github.com/aws/aws-sdk-go-v2/internal/sdk
-github.com/aws/aws-sdk-go-v2/internal/sdkio
-github.com/aws/aws-sdk-go-v2/internal/shareddefaults
-github.com/aws/aws-sdk-go-v2/internal/strings
-github.com/aws/aws-sdk-go-v2/internal/sync/singleflight
-github.com/aws/aws-sdk-go-v2/internal/timeconv
-# github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.4.13
-## explicit; go 1.15
-github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream
-github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream/eventstreamapi
-# github.com/aws/aws-sdk-go-v2/config v1.19.1
-## explicit; go 1.15
-github.com/aws/aws-sdk-go-v2/config
-# github.com/aws/aws-sdk-go-v2/credentials v1.13.43
-## explicit; go 1.15
-github.com/aws/aws-sdk-go-v2/credentials
-github.com/aws/aws-sdk-go-v2/credentials/ec2rolecreds
-github.com/aws/aws-sdk-go-v2/credentials/endpointcreds
-github.com/aws/aws-sdk-go-v2/credentials/endpointcreds/internal/client
-github.com/aws/aws-sdk-go-v2/credentials/processcreds
-github.com/aws/aws-sdk-go-v2/credentials/ssocreds
-github.com/aws/aws-sdk-go-v2/credentials/stscreds
-# github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.13
-## explicit; go 1.15
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds/internal/config
-# github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.11.33
-## explicit; go 1.15
-github.com/aws/aws-sdk-go-v2/feature/s3/manager
-# github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.43
-## explicit; go 1.15
-github.com/aws/aws-sdk-go-v2/internal/configsources
-# github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.37
-## explicit; go 1.15
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2
-# github.com/aws/aws-sdk-go-v2/internal/ini v1.3.45
-## explicit; go 1.15
-github.com/aws/aws-sdk-go-v2/internal/ini
-# github.com/aws/aws-sdk-go-v2/internal/v4a v1.1.4
-## explicit; go 1.15
-github.com/aws/aws-sdk-go-v2/internal/v4a
-github.com/aws/aws-sdk-go-v2/internal/v4a/internal/crypto
-github.com/aws/aws-sdk-go-v2/internal/v4a/internal/v4
-# github.com/aws/aws-sdk-go-v2/service/ecr v1.20.2
-## explicit; go 1.15
-github.com/aws/aws-sdk-go-v2/service/ecr
-github.com/aws/aws-sdk-go-v2/service/ecr/internal/endpoints
-github.com/aws/aws-sdk-go-v2/service/ecr/types
-# github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.18.2
-## explicit; go 1.15
-github.com/aws/aws-sdk-go-v2/service/ecrpublic
-github.com/aws/aws-sdk-go-v2/service/ecrpublic/internal/endpoints
-github.com/aws/aws-sdk-go-v2/service/ecrpublic/types
-# github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.9.14
-## explicit; go 1.15
-github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding
-# github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.1.36
-## explicit; go 1.15
-github.com/aws/aws-sdk-go-v2/service/internal/checksum
-# github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.37
-## explicit; go 1.15
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url
-# github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.15.4
-## explicit; go 1.15
-github.com/aws/aws-sdk-go-v2/service/internal/s3shared
-github.com/aws/aws-sdk-go-v2/service/internal/s3shared/arn
-github.com/aws/aws-sdk-go-v2/service/internal/s3shared/config
-# github.com/aws/aws-sdk-go-v2/service/s3 v1.40.0
-## explicit; go 1.15
-github.com/aws/aws-sdk-go-v2/service/s3
-github.com/aws/aws-sdk-go-v2/service/s3/internal/arn
-github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations
-github.com/aws/aws-sdk-go-v2/service/s3/internal/endpoints
-github.com/aws/aws-sdk-go-v2/service/s3/types
-# github.com/aws/aws-sdk-go-v2/service/sso v1.15.2
-## explicit; go 1.15
-github.com/aws/aws-sdk-go-v2/service/sso
-github.com/aws/aws-sdk-go-v2/service/sso/internal/endpoints
-github.com/aws/aws-sdk-go-v2/service/sso/types
-# github.com/aws/aws-sdk-go-v2/service/ssooidc v1.17.3
-## explicit; go 1.15
-github.com/aws/aws-sdk-go-v2/service/ssooidc
-github.com/aws/aws-sdk-go-v2/service/ssooidc/internal/endpoints
-github.com/aws/aws-sdk-go-v2/service/ssooidc/types
-# github.com/aws/aws-sdk-go-v2/service/sts v1.23.2
-## explicit; go 1.15
-github.com/aws/aws-sdk-go-v2/service/sts
-github.com/aws/aws-sdk-go-v2/service/sts/internal/endpoints
-github.com/aws/aws-sdk-go-v2/service/sts/types
-# github.com/aws/smithy-go v1.15.0
-## explicit; go 1.15
-github.com/aws/smithy-go
-github.com/aws/smithy-go/auth/bearer
-github.com/aws/smithy-go/context
-github.com/aws/smithy-go/document
-github.com/aws/smithy-go/encoding
-github.com/aws/smithy-go/encoding/httpbinding
-github.com/aws/smithy-go/encoding/json
-github.com/aws/smithy-go/encoding/xml
-github.com/aws/smithy-go/endpoints
-github.com/aws/smithy-go/endpoints/private/rulesfn
-github.com/aws/smithy-go/internal/sync/singleflight
-github.com/aws/smithy-go/io
-github.com/aws/smithy-go/logging
-github.com/aws/smithy-go/middleware
-github.com/aws/smithy-go/ptr
-github.com/aws/smithy-go/rand
-github.com/aws/smithy-go/sync
-github.com/aws/smithy-go/time
-github.com/aws/smithy-go/transport/http
-github.com/aws/smithy-go/transport/http/internal/io
-github.com/aws/smithy-go/waiter
-# github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20231024185945-8841054dbdb8
-## explicit; go 1.19
-github.com/awslabs/amazon-ecr-credential-helper/ecr-login
-github.com/awslabs/amazon-ecr-credential-helper/ecr-login/api
-github.com/awslabs/amazon-ecr-credential-helper/ecr-login/cache
-github.com/awslabs/amazon-ecr-credential-helper/ecr-login/config
-github.com/awslabs/amazon-ecr-credential-helper/ecr-login/version
-# github.com/beorn7/perks v1.0.1
-## explicit; go 1.11
-github.com/beorn7/perks/quantile
-# github.com/blang/semver v3.5.1+incompatible
-## explicit
-github.com/blang/semver
-# github.com/buildkite/agent/v3 v3.58.0
-## explicit; go 1.20
-github.com/buildkite/agent/v3/api
-github.com/buildkite/agent/v3/env
-github.com/buildkite/agent/v3/internal/ordered
-github.com/buildkite/agent/v3/internal/pipeline
-github.com/buildkite/agent/v3/logger
-github.com/buildkite/agent/v3/tracetools
-github.com/buildkite/agent/v3/version
-# github.com/buildkite/interpolate v0.0.0-20200526001904-07f35b4ae251
-## explicit
-github.com/buildkite/interpolate
-# github.com/cespare/xxhash/v2 v2.2.0
-## explicit; go 1.11
-github.com/cespare/xxhash/v2
-# github.com/chai2010/gettext-go v1.0.2
-## explicit; go 1.14
-github.com/chai2010/gettext-go
-github.com/chai2010/gettext-go/mo
-github.com/chai2010/gettext-go/plural
-github.com/chai2010/gettext-go/po
-# github.com/chrismellard/docker-credential-acr-env v0.0.0-20230304212654-82a0ddb27589
-## explicit; go 1.18
-github.com/chrismellard/docker-credential-acr-env/pkg/credhelper
-github.com/chrismellard/docker-credential-acr-env/pkg/registry
-github.com/chrismellard/docker-credential-acr-env/pkg/token
-# github.com/clbanning/mxj/v2 v2.7.0
-## explicit; go 1.15
-github.com/clbanning/mxj/v2
-# github.com/cloudflare/circl v1.3.5
-## explicit; go 1.19
-github.com/cloudflare/circl/dh/x25519
-github.com/cloudflare/circl/dh/x448
-github.com/cloudflare/circl/ecc/goldilocks
-github.com/cloudflare/circl/internal/conv
-github.com/cloudflare/circl/internal/sha3
-github.com/cloudflare/circl/math
-github.com/cloudflare/circl/math/fp25519
-github.com/cloudflare/circl/math/fp448
-github.com/cloudflare/circl/math/mlsbset
-github.com/cloudflare/circl/sign
-github.com/cloudflare/circl/sign/ed25519
-github.com/cloudflare/circl/sign/ed448
-# github.com/common-nighthawk/go-figure v0.0.0-20210622060536-734e95fb86be
-## explicit
-github.com/common-nighthawk/go-figure
-# github.com/containerd/containerd v1.7.6
-## explicit; go 1.19
-github.com/containerd/containerd/archive/compression
-github.com/containerd/containerd/content
-github.com/containerd/containerd/content/local
-github.com/containerd/containerd/errdefs
-github.com/containerd/containerd/filters
-github.com/containerd/containerd/images
-github.com/containerd/containerd/labels
-github.com/containerd/containerd/log
-github.com/containerd/containerd/pkg/randutil
-github.com/containerd/containerd/platforms
-github.com/containerd/containerd/reference
-github.com/containerd/containerd/reference/docker
-github.com/containerd/containerd/remotes
-github.com/containerd/containerd/remotes/docker
-github.com/containerd/containerd/remotes/docker/auth
-github.com/containerd/containerd/remotes/docker/config
-github.com/containerd/containerd/remotes/docker/schema1
-github.com/containerd/containerd/remotes/errors
-github.com/containerd/containerd/tracing
-github.com/containerd/containerd/version
-# github.com/containerd/stargz-snapshotter/estargz v0.14.3
-## explicit; go 1.19
-github.com/containerd/stargz-snapshotter/estargz
-github.com/containerd/stargz-snapshotter/estargz/errorutil
-# github.com/containers/image/v5 v5.21.1
-## explicit; go 1.16
-github.com/containers/image/v5/docker/daemon
-github.com/containers/image/v5/docker/internal/tarfile
-github.com/containers/image/v5/docker/policyconfiguration
-github.com/containers/image/v5/docker/reference
-github.com/containers/image/v5/image
-github.com/containers/image/v5/internal/blobinfocache
-github.com/containers/image/v5/internal/iolimits
-github.com/containers/image/v5/internal/pkg/platform
-github.com/containers/image/v5/internal/putblobdigest
-github.com/containers/image/v5/internal/streamdigest
-github.com/containers/image/v5/internal/tmpdir
-github.com/containers/image/v5/manifest
-github.com/containers/image/v5/pkg/blobinfocache/none
-github.com/containers/image/v5/pkg/compression
-github.com/containers/image/v5/pkg/compression/internal
-github.com/containers/image/v5/pkg/compression/types
-github.com/containers/image/v5/pkg/strslice
-github.com/containers/image/v5/transports
-github.com/containers/image/v5/types
-# github.com/containers/libtrust v0.0.0-20200511145503-9c3a6c22cd9a
-## explicit
-github.com/containers/libtrust
-# github.com/containers/ocicrypt v1.1.6
-## explicit; go 1.12
-github.com/containers/ocicrypt/spec
-# github.com/containers/storage v1.42.0
-## explicit; go 1.16
-github.com/containers/storage/pkg/chunked/compressor
-github.com/containers/storage/pkg/chunked/internal
-github.com/containers/storage/pkg/ioutils
-github.com/containers/storage/pkg/longpath
-# github.com/coreos/go-oidc/v3 v3.7.0
-## explicit; go 1.19
-github.com/coreos/go-oidc/v3/oidc
-# github.com/cyberphone/json-canonicalization v0.0.0-20231011164504-785e29786b46
-## explicit
-github.com/cyberphone/json-canonicalization/go/src/webpki.org/jsoncanonicalizer
-# github.com/cyphar/filepath-securejoin v0.2.4
-## explicit; go 1.13
-github.com/cyphar/filepath-securejoin
-# github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc
-## explicit
-github.com/davecgh/go-spew/spew
-# github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0
-## explicit; go 1.17
-github.com/decred/dcrd/dcrec/secp256k1/v4
-# github.com/digitorus/pkcs7 v0.0.0-20230818184609-3a137a874352
-## explicit; go 1.13
-github.com/digitorus/pkcs7
-# github.com/digitorus/timestamp v0.0.0-20230902153158-687734543647
-## explicit; go 1.16
-github.com/digitorus/timestamp
-# github.com/dimchansky/utfbom v1.1.1
-## explicit
-github.com/dimchansky/utfbom
-# github.com/distribution/reference v0.5.0
-## explicit; go 1.20
-github.com/distribution/reference
-# github.com/docker/cli v24.0.7+incompatible
-## explicit
-github.com/docker/cli/cli/command
-github.com/docker/cli/cli/config
-github.com/docker/cli/cli/config/configfile
-github.com/docker/cli/cli/config/credentials
-github.com/docker/cli/cli/config/types
-github.com/docker/cli/cli/connhelper
-github.com/docker/cli/cli/connhelper/commandconn
-github.com/docker/cli/cli/connhelper/ssh
-github.com/docker/cli/cli/context
-github.com/docker/cli/cli/context/docker
-github.com/docker/cli/cli/context/store
-github.com/docker/cli/cli/debug
-github.com/docker/cli/cli/flags
-github.com/docker/cli/cli/hints
-github.com/docker/cli/cli/manifest/store
-github.com/docker/cli/cli/manifest/types
-github.com/docker/cli/cli/registry/client
-github.com/docker/cli/cli/streams
-github.com/docker/cli/cli/trust
-github.com/docker/cli/cli/version
-github.com/docker/cli/opts
-# github.com/docker/distribution v2.8.3+incompatible
-## explicit
-github.com/docker/distribution
-github.com/docker/distribution/manifest
-github.com/docker/distribution/manifest/manifestlist
-github.com/docker/distribution/manifest/ocischema
-github.com/docker/distribution/manifest/schema2
-github.com/docker/distribution/metrics
-github.com/docker/distribution/reference
-github.com/docker/distribution/registry/api/errcode
-github.com/docker/distribution/registry/api/v2
-github.com/docker/distribution/registry/client
-github.com/docker/distribution/registry/client/auth
-github.com/docker/distribution/registry/client/auth/challenge
-github.com/docker/distribution/registry/client/transport
-github.com/docker/distribution/registry/storage/cache
-github.com/docker/distribution/registry/storage/cache/memory
-github.com/docker/distribution/uuid
-# github.com/docker/docker v24.0.7+incompatible
-## explicit
-github.com/docker/docker/api
-github.com/docker/docker/api/types
-github.com/docker/docker/api/types/blkiodev
-github.com/docker/docker/api/types/container
-github.com/docker/docker/api/types/events
-github.com/docker/docker/api/types/filters
-github.com/docker/docker/api/types/image
-github.com/docker/docker/api/types/mount
-github.com/docker/docker/api/types/network
-github.com/docker/docker/api/types/registry
-github.com/docker/docker/api/types/strslice
-github.com/docker/docker/api/types/swarm
-github.com/docker/docker/api/types/swarm/runtime
-github.com/docker/docker/api/types/time
-github.com/docker/docker/api/types/versions
-github.com/docker/docker/api/types/volume
-github.com/docker/docker/client
-github.com/docker/docker/errdefs
-github.com/docker/docker/pkg/homedir
-github.com/docker/docker/pkg/ioutils
-github.com/docker/docker/pkg/jsonmessage
-github.com/docker/docker/pkg/longpath
-github.com/docker/docker/registry
-# github.com/docker/docker-credential-helpers v0.8.0
-## explicit; go 1.19
-github.com/docker/docker-credential-helpers/client
-github.com/docker/docker-credential-helpers/credentials
-# github.com/docker/go v1.5.1-1.0.20160303222718-d30aec9fd63c
-## explicit
-github.com/docker/go/canonical/json
-# github.com/docker/go-connections v0.4.0
-## explicit
-github.com/docker/go-connections/nat
-github.com/docker/go-connections/sockets
-github.com/docker/go-connections/tlsconfig
-# github.com/docker/go-metrics v0.0.1
-## explicit; go 1.11
-github.com/docker/go-metrics
-# github.com/docker/go-units v0.5.0
-## explicit
-github.com/docker/go-units
-# github.com/drone/envsubst v1.0.3
-## explicit; go 1.13
-github.com/drone/envsubst
-github.com/drone/envsubst/parse
-github.com/drone/envsubst/path
-# github.com/dustin/go-humanize v1.0.1
-## explicit; go 1.16
-github.com/dustin/go-humanize
-# github.com/ebitengine/purego v0.5.0
-## explicit; go 1.18
-github.com/ebitengine/purego
-github.com/ebitengine/purego/internal/cgo
-github.com/ebitengine/purego/internal/fakecgo
-github.com/ebitengine/purego/internal/strings
-# github.com/emicklei/go-restful/v3 v3.11.0
-## explicit; go 1.13
-github.com/emicklei/go-restful/v3
-github.com/emicklei/go-restful/v3/log
-# github.com/evanphx/json-patch v5.6.0+incompatible
-## explicit
-github.com/evanphx/json-patch
-# github.com/evanphx/json-patch/v5 v5.6.0
-## explicit; go 1.12
-github.com/evanphx/json-patch/v5
-# github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f
-## explicit; go 1.15
-github.com/exponent-io/jsonpath
-# github.com/fatih/color v1.15.0
-## explicit; go 1.17
-github.com/fatih/color
-# github.com/fsnotify/fsnotify v1.7.0
-## explicit; go 1.17
-github.com/fsnotify/fsnotify
-# github.com/fvbommel/sortorder v1.0.2
-## explicit; go 1.13
-github.com/fvbommel/sortorder
-# github.com/gabriel-vasile/mimetype v1.4.3
-## explicit; go 1.20
-github.com/gabriel-vasile/mimetype
-github.com/gabriel-vasile/mimetype/internal/charset
-github.com/gabriel-vasile/mimetype/internal/json
-github.com/gabriel-vasile/mimetype/internal/magic
-# github.com/gardener/component-cli v0.44.0
-## explicit; go 1.18
-github.com/gardener/component-cli/ociclient
-github.com/gardener/component-cli/ociclient/cache
-github.com/gardener/component-cli/ociclient/credentials
-github.com/gardener/component-cli/ociclient/metrics
-github.com/gardener/component-cli/ociclient/mock
-github.com/gardener/component-cli/ociclient/oci
-github.com/gardener/component-cli/pkg/commands/componentarchive/input
-github.com/gardener/component-cli/pkg/commands/constants
-github.com/gardener/component-cli/pkg/logcontext
-github.com/gardener/component-cli/pkg/utils
-# github.com/gardener/component-spec/bindings-go v0.0.95
-## explicit; go 1.18
-github.com/gardener/component-spec/bindings-go/apis
-github.com/gardener/component-spec/bindings-go/apis/v2
-github.com/gardener/component-spec/bindings-go/apis/v2/cdutils
-github.com/gardener/component-spec/bindings-go/apis/v2/jsonscheme
-github.com/gardener/component-spec/bindings-go/apis/v2/validation
-github.com/gardener/component-spec/bindings-go/codec
-github.com/gardener/component-spec/bindings-go/ctf
-github.com/gardener/component-spec/bindings-go/oci
-github.com/gardener/component-spec/bindings-go/utils/selector
-# github.com/gardener/image-vector v0.10.0
-## explicit; go 1.16
-github.com/gardener/image-vector/pkg
-# github.com/gardener/landscaper/apis v0.0.0-00010101000000-000000000000 => ./apis
-## explicit; go 1.20
-github.com/gardener/landscaper/apis/config
-github.com/gardener/landscaper/apis/config/install
-github.com/gardener/landscaper/apis/config/v1alpha1
-github.com/gardener/landscaper/apis/core
-github.com/gardener/landscaper/apis/core/install
-github.com/gardener/landscaper/apis/core/v1alpha1
-github.com/gardener/landscaper/apis/core/v1alpha1/helper
-github.com/gardener/landscaper/apis/core/v1alpha1/targettypes
-github.com/gardener/landscaper/apis/core/validation
-github.com/gardener/landscaper/apis/deployer/container
-github.com/gardener/landscaper/apis/deployer/container/install
-github.com/gardener/landscaper/apis/deployer/container/v1alpha1
-github.com/gardener/landscaper/apis/deployer/container/v1alpha1/validation
-github.com/gardener/landscaper/apis/deployer/helm
-github.com/gardener/landscaper/apis/deployer/helm/install
-github.com/gardener/landscaper/apis/deployer/helm/v1alpha1
-github.com/gardener/landscaper/apis/deployer/helm/v1alpha1/helper
-github.com/gardener/landscaper/apis/deployer/helm/v1alpha1/validation
-github.com/gardener/landscaper/apis/deployer/manifest
-github.com/gardener/landscaper/apis/deployer/manifest/install
-github.com/gardener/landscaper/apis/deployer/manifest/v1alpha1
-github.com/gardener/landscaper/apis/deployer/manifest/v1alpha2
-github.com/gardener/landscaper/apis/deployer/manifest/validation
-github.com/gardener/landscaper/apis/deployer/mock
-github.com/gardener/landscaper/apis/deployer/mock/install
-github.com/gardener/landscaper/apis/deployer/mock/v1alpha1
-github.com/gardener/landscaper/apis/deployer/utils/continuousreconcile
-github.com/gardener/landscaper/apis/deployer/utils/continuousreconcile/validation
-github.com/gardener/landscaper/apis/deployer/utils/managedresource
-github.com/gardener/landscaper/apis/deployer/utils/managedresource/validation
-github.com/gardener/landscaper/apis/deployer/utils/readinesschecks
-github.com/gardener/landscaper/apis/deployer/utils/readinesschecks/validation
-github.com/gardener/landscaper/apis/errors
-github.com/gardener/landscaper/apis/mediatype
-github.com/gardener/landscaper/apis/schema
-github.com/gardener/landscaper/apis/utils
-# github.com/gardener/landscaper/controller-utils v0.0.0-00010101000000-000000000000 => ./controller-utils
-## explicit; go 1.20
-github.com/gardener/landscaper/controller-utils/pkg/crdmanager
-github.com/gardener/landscaper/controller-utils/pkg/errors
-github.com/gardener/landscaper/controller-utils/pkg/kubernetes
-github.com/gardener/landscaper/controller-utils/pkg/kubernetes/mock
-github.com/gardener/landscaper/controller-utils/pkg/landscaper
-github.com/gardener/landscaper/controller-utils/pkg/landscaper/targetresolver
-github.com/gardener/landscaper/controller-utils/pkg/landscaper/targetresolver/generic
-github.com/gardener/landscaper/controller-utils/pkg/landscaper/targetresolver/secret
-github.com/gardener/landscaper/controller-utils/pkg/logging
-github.com/gardener/landscaper/controller-utils/pkg/logging/constants
-github.com/gardener/landscaper/controller-utils/pkg/utils
-github.com/gardener/landscaper/controller-utils/pkg/webhook
-github.com/gardener/landscaper/controller-utils/pkg/webhook/certificates
-# github.com/ghodss/yaml v1.0.0
-## explicit
-github.com/ghodss/yaml
-# github.com/go-chi/chi v4.1.2+incompatible
-## explicit
-github.com/go-chi/chi
-github.com/go-chi/chi/middleware
-# github.com/go-errors/errors v1.4.2
-## explicit; go 1.14
-github.com/go-errors/errors
-# github.com/go-gorp/gorp/v3 v3.1.0
-## explicit; go 1.18
-github.com/go-gorp/gorp/v3
-# github.com/go-jose/go-jose/v3 v3.0.1
-## explicit; go 1.12
-github.com/go-jose/go-jose/v3
-github.com/go-jose/go-jose/v3/cipher
-github.com/go-jose/go-jose/v3/json
-github.com/go-jose/go-jose/v3/jwt
-# github.com/go-logr/logr v1.3.0
-## explicit; go 1.18
-github.com/go-logr/logr
-github.com/go-logr/logr/funcr
-# github.com/go-logr/stdr v1.2.2
-## explicit; go 1.16
-github.com/go-logr/stdr
-# github.com/go-logr/zapr v1.2.4
-## explicit; go 1.16
-github.com/go-logr/zapr
-# github.com/go-openapi/analysis v0.21.4
-## explicit; go 1.13
-github.com/go-openapi/analysis
-github.com/go-openapi/analysis/internal/debug
-github.com/go-openapi/analysis/internal/flatten/normalize
-github.com/go-openapi/analysis/internal/flatten/operations
-github.com/go-openapi/analysis/internal/flatten/replace
-github.com/go-openapi/analysis/internal/flatten/schutils
-github.com/go-openapi/analysis/internal/flatten/sortref
-# github.com/go-openapi/errors v0.20.4
-## explicit; go 1.14
-github.com/go-openapi/errors
-# github.com/go-openapi/jsonpointer v0.20.0
-## explicit; go 1.18
-github.com/go-openapi/jsonpointer
-# github.com/go-openapi/jsonreference v0.20.2
-## explicit; go 1.13
-github.com/go-openapi/jsonreference
-github.com/go-openapi/jsonreference/internal
-# github.com/go-openapi/loads v0.21.2
-## explicit; go 1.13
-github.com/go-openapi/loads
-# github.com/go-openapi/runtime v0.26.0
-## explicit; go 1.18
-github.com/go-openapi/runtime
-github.com/go-openapi/runtime/client
-github.com/go-openapi/runtime/logger
-github.com/go-openapi/runtime/middleware
-github.com/go-openapi/runtime/middleware/denco
-github.com/go-openapi/runtime/middleware/header
-github.com/go-openapi/runtime/middleware/untyped
-github.com/go-openapi/runtime/security
-github.com/go-openapi/runtime/yamlpc
-# github.com/go-openapi/spec v0.20.9
-## explicit; go 1.13
-github.com/go-openapi/spec
-# github.com/go-openapi/strfmt v0.21.7
-## explicit; go 1.19
-github.com/go-openapi/strfmt
-# github.com/go-openapi/swag v0.22.4
-## explicit; go 1.18
-github.com/go-openapi/swag
-# github.com/go-openapi/validate v0.22.1
-## explicit; go 1.14
-github.com/go-openapi/validate
-# github.com/go-playground/locales v0.14.1
-## explicit; go 1.17
-github.com/go-playground/locales
-github.com/go-playground/locales/currency
-# github.com/go-playground/universal-translator v0.18.1
-## explicit; go 1.18
-github.com/go-playground/universal-translator
-# github.com/go-playground/validator/v10 v10.15.5
-## explicit; go 1.18
-github.com/go-playground/validator/v10
-# github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572
-## explicit; go 1.13
-github.com/go-task/slim-sprig
-# github.com/go-test/deep v1.1.0
-## explicit; go 1.16
-github.com/go-test/deep
-# github.com/gobwas/glob v0.2.3
-## explicit
-github.com/gobwas/glob
-github.com/gobwas/glob/compiler
-github.com/gobwas/glob/match
-github.com/gobwas/glob/syntax
-github.com/gobwas/glob/syntax/ast
-github.com/gobwas/glob/syntax/lexer
-github.com/gobwas/glob/util/runes
-github.com/gobwas/glob/util/strings
-# github.com/goccy/go-json v0.10.2
-## explicit; go 1.12
-github.com/goccy/go-json
-github.com/goccy/go-json/internal/decoder
-github.com/goccy/go-json/internal/encoder
-github.com/goccy/go-json/internal/encoder/vm
-github.com/goccy/go-json/internal/encoder/vm_color
-github.com/goccy/go-json/internal/encoder/vm_color_indent
-github.com/goccy/go-json/internal/encoder/vm_indent
-github.com/goccy/go-json/internal/errors
-github.com/goccy/go-json/internal/runtime
-# github.com/gogo/protobuf v1.3.2
-## explicit; go 1.15
-github.com/gogo/protobuf/proto
-github.com/gogo/protobuf/sortkeys
-# github.com/golang-jwt/jwt/v4 v4.5.0
-## explicit; go 1.16
-github.com/golang-jwt/jwt/v4
-# github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da
-## explicit
-github.com/golang/groupcache/lru
-# github.com/golang/mock v1.6.0
-## explicit; go 1.11
-github.com/golang/mock/gomock
-github.com/golang/mock/mockgen
-github.com/golang/mock/mockgen/model
-# github.com/golang/protobuf v1.5.3
-## explicit; go 1.9
-github.com/golang/protobuf/jsonpb
-github.com/golang/protobuf/proto
-github.com/golang/protobuf/ptypes
-github.com/golang/protobuf/ptypes/any
-github.com/golang/protobuf/ptypes/duration
-github.com/golang/protobuf/ptypes/timestamp
-# github.com/golang/snappy v0.0.4
-## explicit
-github.com/golang/snappy
-# github.com/google/btree v1.1.2
-## explicit; go 1.18
-github.com/google/btree
-# github.com/google/certificate-transparency-go v1.1.7
-## explicit; go 1.20
-github.com/google/certificate-transparency-go
-github.com/google/certificate-transparency-go/asn1
-github.com/google/certificate-transparency-go/gossip/minimal/x509ext
-github.com/google/certificate-transparency-go/tls
-github.com/google/certificate-transparency-go/x509
-github.com/google/certificate-transparency-go/x509/pkix
-github.com/google/certificate-transparency-go/x509util
-# github.com/google/gnostic v0.6.9
-## explicit; go 1.12
-github.com/google/gnostic/compiler
-github.com/google/gnostic/extensions
-github.com/google/gnostic/jsonschema
-github.com/google/gnostic/openapiv2
-# github.com/google/gnostic-models v0.6.9-0.20230804172637-c7be7c783f49
-## explicit; go 1.18
-github.com/google/gnostic-models/compiler
-github.com/google/gnostic-models/extensions
-github.com/google/gnostic-models/jsonschema
-github.com/google/gnostic-models/openapiv2
-github.com/google/gnostic-models/openapiv3
-# github.com/google/go-cmp v0.6.0
-## explicit; go 1.13
-github.com/google/go-cmp/cmp
-github.com/google/go-cmp/cmp/internal/diff
-github.com/google/go-cmp/cmp/internal/flags
-github.com/google/go-cmp/cmp/internal/function
-github.com/google/go-cmp/cmp/internal/value
-# github.com/google/go-containerregistry v0.16.1
-## explicit; go 1.18
-github.com/google/go-containerregistry/internal/and
-github.com/google/go-containerregistry/internal/compression
-github.com/google/go-containerregistry/internal/estargz
-github.com/google/go-containerregistry/internal/gzip
-github.com/google/go-containerregistry/internal/redact
-github.com/google/go-containerregistry/internal/retry
-github.com/google/go-containerregistry/internal/retry/wait
-github.com/google/go-containerregistry/internal/verify
-github.com/google/go-containerregistry/internal/zstd
-github.com/google/go-containerregistry/pkg/authn
-github.com/google/go-containerregistry/pkg/authn/github
-github.com/google/go-containerregistry/pkg/compression
-github.com/google/go-containerregistry/pkg/logs
-github.com/google/go-containerregistry/pkg/name
-github.com/google/go-containerregistry/pkg/v1
-github.com/google/go-containerregistry/pkg/v1/empty
-github.com/google/go-containerregistry/pkg/v1/google
-github.com/google/go-containerregistry/pkg/v1/layout
-github.com/google/go-containerregistry/pkg/v1/match
-github.com/google/go-containerregistry/pkg/v1/mutate
-github.com/google/go-containerregistry/pkg/v1/partial
-github.com/google/go-containerregistry/pkg/v1/remote
-github.com/google/go-containerregistry/pkg/v1/remote/transport
-github.com/google/go-containerregistry/pkg/v1/static
-github.com/google/go-containerregistry/pkg/v1/stream
-github.com/google/go-containerregistry/pkg/v1/tarball
-github.com/google/go-containerregistry/pkg/v1/types
-# github.com/google/go-github/v45 v45.2.0
-## explicit; go 1.17
-github.com/google/go-github/v45/github
-# github.com/google/go-github/v55 v55.0.0
-## explicit; go 1.17
-github.com/google/go-github/v55/github
-# github.com/google/go-querystring v1.1.0
-## explicit; go 1.10
-github.com/google/go-querystring/query
-# github.com/google/gofuzz v1.2.0
-## explicit; go 1.12
-github.com/google/gofuzz
-github.com/google/gofuzz/bytesource
-# github.com/google/pprof v0.0.0-20231023181126-ff6d637d2a7b
-## explicit; go 1.19
-github.com/google/pprof/profile
-# github.com/google/s2a-go v0.1.7
-## explicit; go 1.19
-github.com/google/s2a-go
-github.com/google/s2a-go/fallback
-github.com/google/s2a-go/internal/authinfo
-github.com/google/s2a-go/internal/handshaker
-github.com/google/s2a-go/internal/handshaker/service
-github.com/google/s2a-go/internal/proto/common_go_proto
-github.com/google/s2a-go/internal/proto/s2a_context_go_proto
-github.com/google/s2a-go/internal/proto/s2a_go_proto
-github.com/google/s2a-go/internal/proto/v2/common_go_proto
-github.com/google/s2a-go/internal/proto/v2/s2a_context_go_proto
-github.com/google/s2a-go/internal/proto/v2/s2a_go_proto
-github.com/google/s2a-go/internal/record
-github.com/google/s2a-go/internal/record/internal/aeadcrypter
-github.com/google/s2a-go/internal/record/internal/halfconn
-github.com/google/s2a-go/internal/tokenmanager
-github.com/google/s2a-go/internal/v2
-github.com/google/s2a-go/internal/v2/certverifier
-github.com/google/s2a-go/internal/v2/remotesigner
-github.com/google/s2a-go/internal/v2/tlsconfigstore
-github.com/google/s2a-go/retry
-github.com/google/s2a-go/stream
-# github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510
-## explicit; go 1.13
-github.com/google/shlex
-# github.com/google/uuid v1.4.0
-## explicit
-github.com/google/uuid
-# github.com/googleapis/enterprise-certificate-proxy v0.3.2
-## explicit; go 1.19
-github.com/googleapis/enterprise-certificate-proxy/client
-github.com/googleapis/enterprise-certificate-proxy/client/util
-# github.com/gorilla/mux v1.8.0
-## explicit; go 1.12
-github.com/gorilla/mux
-# github.com/gosuri/uitable v0.0.4
-## explicit
-github.com/gosuri/uitable
-github.com/gosuri/uitable/util/strutil
-github.com/gosuri/uitable/util/wordwrap
-# github.com/gowebpki/jcs v1.0.1
-## explicit; go 1.15
-github.com/gowebpki/jcs
-# github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79
-## explicit
-github.com/gregjones/httpcache
-# github.com/hashicorp/errwrap v1.1.0
-## explicit
-github.com/hashicorp/errwrap
-# github.com/hashicorp/go-cleanhttp v0.5.2
-## explicit; go 1.13
-github.com/hashicorp/go-cleanhttp
-# github.com/hashicorp/go-multierror v1.1.1
-## explicit; go 1.13
-github.com/hashicorp/go-multierror
-# github.com/hashicorp/go-retryablehttp v0.7.4
-## explicit; go 1.13
-github.com/hashicorp/go-retryablehttp
-# github.com/hashicorp/hcl v1.0.1-vault-5
-## explicit; go 1.15
-github.com/hashicorp/hcl
-github.com/hashicorp/hcl/hcl/ast
-github.com/hashicorp/hcl/hcl/parser
-github.com/hashicorp/hcl/hcl/printer
-github.com/hashicorp/hcl/hcl/scanner
-github.com/hashicorp/hcl/hcl/strconv
-github.com/hashicorp/hcl/hcl/token
-github.com/hashicorp/hcl/json/parser
-github.com/hashicorp/hcl/json/scanner
-github.com/hashicorp/hcl/json/token
-# github.com/huandu/xstrings v1.4.0
-## explicit; go 1.12
-github.com/huandu/xstrings
-# github.com/imdario/mergo v0.3.16
-## explicit; go 1.13
-github.com/imdario/mergo
-# github.com/in-toto/in-toto-golang v0.9.0
-## explicit; go 1.20
-github.com/in-toto/in-toto-golang/in_toto
-github.com/in-toto/in-toto-golang/in_toto/slsa_provenance/common
-github.com/in-toto/in-toto-golang/in_toto/slsa_provenance/v0.1
-github.com/in-toto/in-toto-golang/in_toto/slsa_provenance/v0.2
-github.com/in-toto/in-toto-golang/in_toto/slsa_provenance/v1
-# github.com/inconshreveable/mousetrap v1.1.0
-## explicit; go 1.18
-github.com/inconshreveable/mousetrap
-# github.com/jedisct1/go-minisign v0.0.0-20230811132847-661be99b8267
-## explicit; go 1.20
-github.com/jedisct1/go-minisign
-# github.com/jmespath/go-jmespath v0.4.0
-## explicit; go 1.14
-github.com/jmespath/go-jmespath
-# github.com/jmoiron/sqlx v1.3.5
-## explicit; go 1.10
-github.com/jmoiron/sqlx
-github.com/jmoiron/sqlx/reflectx
-# github.com/josharian/intern v1.0.0
-## explicit; go 1.5
-github.com/josharian/intern
-# github.com/json-iterator/go v1.1.12
-## explicit; go 1.12
-github.com/json-iterator/go
-# github.com/klauspost/compress v1.17.2
-## explicit; go 1.18
-github.com/klauspost/compress
-github.com/klauspost/compress/flate
-github.com/klauspost/compress/fse
-github.com/klauspost/compress/huff0
-github.com/klauspost/compress/internal/cpuinfo
-github.com/klauspost/compress/internal/snapref
-github.com/klauspost/compress/zstd
-github.com/klauspost/compress/zstd/internal/xxhash
-# github.com/klauspost/pgzip v1.2.6
-## explicit
-github.com/klauspost/pgzip
-# github.com/lann/builder v0.0.0-20180802200727-47ae307949d0
-## explicit
-github.com/lann/builder
-# github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0
-## explicit
-github.com/lann/ps
-# github.com/leodido/go-urn v1.2.4
-## explicit; go 1.16
-github.com/leodido/go-urn
-# github.com/lestrrat-go/blackmagic v1.0.2
-## explicit; go 1.16
-github.com/lestrrat-go/blackmagic
-# github.com/lestrrat-go/httpcc v1.0.1
-## explicit; go 1.16
-github.com/lestrrat-go/httpcc
-# github.com/lestrrat-go/httprc v1.0.4
-## explicit; go 1.17
-github.com/lestrrat-go/httprc
-# github.com/lestrrat-go/iter v1.0.2
-## explicit; go 1.13
-github.com/lestrrat-go/iter/arrayiter
-github.com/lestrrat-go/iter/mapiter
-# github.com/lestrrat-go/jwx/v2 v2.0.16
-## explicit; go 1.16
-github.com/lestrrat-go/jwx/v2/cert
-github.com/lestrrat-go/jwx/v2/internal/base64
-github.com/lestrrat-go/jwx/v2/internal/ecutil
-github.com/lestrrat-go/jwx/v2/internal/iter
-github.com/lestrrat-go/jwx/v2/internal/json
-github.com/lestrrat-go/jwx/v2/internal/keyconv
-github.com/lestrrat-go/jwx/v2/internal/pool
-github.com/lestrrat-go/jwx/v2/jwa
-github.com/lestrrat-go/jwx/v2/jwk
-github.com/lestrrat-go/jwx/v2/jws
-github.com/lestrrat-go/jwx/v2/x25519
-# github.com/lestrrat-go/option v1.0.1
-## explicit; go 1.16
-github.com/lestrrat-go/option
-# github.com/letsencrypt/boulder v0.0.0-20231026200631-000cd05d5491
-## explicit; go 1.21
-github.com/letsencrypt/boulder/core
-github.com/letsencrypt/boulder/goodkey
-github.com/letsencrypt/boulder/identifier
-github.com/letsencrypt/boulder/probs
-github.com/letsencrypt/boulder/revocation
-github.com/letsencrypt/boulder/strictyaml
-# github.com/lib/pq v1.10.9
-## explicit; go 1.13
-github.com/lib/pq
-github.com/lib/pq/oid
-github.com/lib/pq/scram
-# github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de
-## explicit
-github.com/liggitt/tabwriter
-# github.com/magiconair/properties v1.8.7
-## explicit; go 1.19
-github.com/magiconair/properties
-# github.com/mailru/easyjson v0.7.7
-## explicit; go 1.12
-github.com/mailru/easyjson/buffer
-github.com/mailru/easyjson/jlexer
-github.com/mailru/easyjson/jwriter
-# github.com/mandelsoft/filepath v0.0.0-20230412200429-36b1eb66bd27
-## explicit; go 1.19
-github.com/mandelsoft/filepath/pkg/filepath
-# github.com/mandelsoft/logging v0.0.0-20230905123808-7042ee3aae45
-## explicit; go 1.18
-github.com/mandelsoft/logging
-github.com/mandelsoft/logging/config
-github.com/mandelsoft/logging/contract
-github.com/mandelsoft/logging/logrusfmt
-github.com/mandelsoft/logging/logrusl/adapter
-github.com/mandelsoft/logging/logrusr
-github.com/mandelsoft/logging/scheme
-# github.com/mandelsoft/spiff v1.7.0-beta-5
-## explicit; go 1.18
-github.com/mandelsoft/spiff/debug
-github.com/mandelsoft/spiff/dynaml
-github.com/mandelsoft/spiff/dynaml/control
-github.com/mandelsoft/spiff/dynaml/crypt
-github.com/mandelsoft/spiff/dynaml/passwd
-github.com/mandelsoft/spiff/dynaml/semver
-github.com/mandelsoft/spiff/dynaml/wireguard
-github.com/mandelsoft/spiff/dynaml/x509
-github.com/mandelsoft/spiff/features
-github.com/mandelsoft/spiff/flow
-github.com/mandelsoft/spiff/legacy/candiedyaml
-github.com/mandelsoft/spiff/spiffing
-github.com/mandelsoft/spiff/yaml
-# github.com/mandelsoft/vfs v0.0.0-20230713123140-269aa4fb1338
-## explicit; go 1.19
-github.com/mandelsoft/vfs/pkg/composefs
-github.com/mandelsoft/vfs/pkg/layerfs
-github.com/mandelsoft/vfs/pkg/memoryfs
-github.com/mandelsoft/vfs/pkg/osfs
-github.com/mandelsoft/vfs/pkg/projectionfs
-github.com/mandelsoft/vfs/pkg/readonlyfs
-github.com/mandelsoft/vfs/pkg/utils
-github.com/mandelsoft/vfs/pkg/vfs
-github.com/mandelsoft/vfs/pkg/yamlfs
-# github.com/marstr/guid v1.1.0
-## explicit
-github.com/marstr/guid
-# github.com/mattn/go-colorable v0.1.13
-## explicit; go 1.15
-github.com/mattn/go-colorable
-# github.com/mattn/go-isatty v0.0.20
-## explicit; go 1.15
-github.com/mattn/go-isatty
-# github.com/mattn/go-runewidth v0.0.15
-## explicit; go 1.9
-github.com/mattn/go-runewidth
-# github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0
-## explicit; go 1.19
-github.com/matttproud/golang_protobuf_extensions/v2/pbutil
-# github.com/miekg/pkcs11 v1.1.1
-## explicit; go 1.12
-github.com/miekg/pkcs11
-# github.com/mitchellh/copystructure v1.2.0
-## explicit; go 1.15
-github.com/mitchellh/copystructure
-# github.com/mitchellh/go-homedir v1.1.0
-## explicit
-github.com/mitchellh/go-homedir
-# github.com/mitchellh/go-wordwrap v1.0.1
-## explicit; go 1.14
-github.com/mitchellh/go-wordwrap
-# github.com/mitchellh/mapstructure v1.5.0
-## explicit; go 1.14
-github.com/mitchellh/mapstructure
-# github.com/mitchellh/reflectwalk v1.0.2
-## explicit
-github.com/mitchellh/reflectwalk
-# github.com/moby/locker v1.0.1
-## explicit; go 1.13
-github.com/moby/locker
-# github.com/moby/spdystream v0.2.0
-## explicit; go 1.13
-github.com/moby/spdystream
-github.com/moby/spdystream/spdy
-# github.com/moby/sys/sequential v0.5.0
-## explicit; go 1.17
-github.com/moby/sys/sequential
-# github.com/moby/term v0.5.0
-## explicit; go 1.18
-github.com/moby/term
-github.com/moby/term/windows
-# github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd
-## explicit
-github.com/modern-go/concurrent
-# github.com/modern-go/reflect2 v1.0.2
-## explicit; go 1.12
-github.com/modern-go/reflect2
-# github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00
-## explicit
-github.com/monochromegane/go-gitignore
-# github.com/morikuni/aec v1.0.0
-## explicit
-github.com/morikuni/aec
-# github.com/mozillazg/docker-credential-acr-helper v0.3.0
-## explicit; go 1.17
-github.com/mozillazg/docker-credential-acr-helper/pkg/acr
-github.com/mozillazg/docker-credential-acr-helper/pkg/credhelper
-github.com/mozillazg/docker-credential-acr-helper/pkg/version
-# github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822
-## explicit
-github.com/munnerz/goautoneg
-# github.com/nozzle/throttler v0.0.0-20180817012639-2ea982251481
-## explicit
-github.com/nozzle/throttler
-# github.com/nxadm/tail v1.4.8
-## explicit; go 1.13
-github.com/nxadm/tail
-github.com/nxadm/tail/ratelimiter
-github.com/nxadm/tail/util
-github.com/nxadm/tail/watch
-github.com/nxadm/tail/winfile
-# github.com/oklog/ulid v1.3.1
-## explicit
-github.com/oklog/ulid
-# github.com/oleiade/reflections v1.0.1
-## explicit; go 1.15
-github.com/oleiade/reflections
-# github.com/onsi/ginkgo v1.16.5
-## explicit; go 1.16
-github.com/onsi/ginkgo
-github.com/onsi/ginkgo/config
-github.com/onsi/ginkgo/formatter
-github.com/onsi/ginkgo/ginkgo
-github.com/onsi/ginkgo/ginkgo/convert
-github.com/onsi/ginkgo/ginkgo/interrupthandler
-github.com/onsi/ginkgo/ginkgo/nodot
-github.com/onsi/ginkgo/ginkgo/outline
-github.com/onsi/ginkgo/ginkgo/testrunner
-github.com/onsi/ginkgo/ginkgo/testsuite
-github.com/onsi/ginkgo/ginkgo/watch
-github.com/onsi/ginkgo/internal/codelocation
-github.com/onsi/ginkgo/internal/containernode
-github.com/onsi/ginkgo/internal/failer
-github.com/onsi/ginkgo/internal/global
-github.com/onsi/ginkgo/internal/leafnodes
-github.com/onsi/ginkgo/internal/remote
-github.com/onsi/ginkgo/internal/spec
-github.com/onsi/ginkgo/internal/spec_iterator
-github.com/onsi/ginkgo/internal/specrunner
-github.com/onsi/ginkgo/internal/suite
-github.com/onsi/ginkgo/internal/testingtproxy
-github.com/onsi/ginkgo/internal/writer
-github.com/onsi/ginkgo/reporters
-github.com/onsi/ginkgo/reporters/stenographer
-github.com/onsi/ginkgo/reporters/stenographer/support/go-colorable
-github.com/onsi/ginkgo/reporters/stenographer/support/go-isatty
-github.com/onsi/ginkgo/types
-# github.com/onsi/ginkgo/v2 v2.9.5
-## explicit; go 1.18
-github.com/onsi/ginkgo/v2
-github.com/onsi/ginkgo/v2/config
-github.com/onsi/ginkgo/v2/formatter
-github.com/onsi/ginkgo/v2/ginkgo
-github.com/onsi/ginkgo/v2/ginkgo/build
-github.com/onsi/ginkgo/v2/ginkgo/command
-github.com/onsi/ginkgo/v2/ginkgo/generators
-github.com/onsi/ginkgo/v2/ginkgo/internal
-github.com/onsi/ginkgo/v2/ginkgo/labels
-github.com/onsi/ginkgo/v2/ginkgo/outline
-github.com/onsi/ginkgo/v2/ginkgo/run
-github.com/onsi/ginkgo/v2/ginkgo/unfocus
-github.com/onsi/ginkgo/v2/ginkgo/watch
-github.com/onsi/ginkgo/v2/internal
-github.com/onsi/ginkgo/v2/internal/global
-github.com/onsi/ginkgo/v2/internal/interrupt_handler
-github.com/onsi/ginkgo/v2/internal/parallel_support
-github.com/onsi/ginkgo/v2/internal/testingtproxy
-github.com/onsi/ginkgo/v2/reporters
-github.com/onsi/ginkgo/v2/types
-# github.com/onsi/gomega v1.27.7
-## explicit; go 1.18
-github.com/onsi/gomega
-github.com/onsi/gomega/format
-github.com/onsi/gomega/gstruct
-github.com/onsi/gomega/gstruct/errors
-github.com/onsi/gomega/internal
-github.com/onsi/gomega/internal/gutil
-github.com/onsi/gomega/matchers
-github.com/onsi/gomega/matchers/support/goraph/bipartitegraph
-github.com/onsi/gomega/matchers/support/goraph/edge
-github.com/onsi/gomega/matchers/support/goraph/node
-github.com/onsi/gomega/matchers/support/goraph/util
-github.com/onsi/gomega/types
-# github.com/open-component-model/ocm v0.4.3
-## explicit; go 1.19
-github.com/open-component-model/ocm/pkg/cobrautils/flag
-github.com/open-component-model/ocm/pkg/cobrautils/flagsets
-github.com/open-component-model/ocm/pkg/cobrautils/flagsets/flagsetscheme
-github.com/open-component-model/ocm/pkg/cobrautils/groups
-github.com/open-component-model/ocm/pkg/common
-github.com/open-component-model/ocm/pkg/common/accessio
-github.com/open-component-model/ocm/pkg/common/accessio/downloader
-github.com/open-component-model/ocm/pkg/common/accessio/downloader/http
-github.com/open-component-model/ocm/pkg/common/accessio/downloader/s3
-github.com/open-component-model/ocm/pkg/common/accessio/resource
-github.com/open-component-model/ocm/pkg/common/accessobj
-github.com/open-component-model/ocm/pkg/common/compression
-github.com/open-component-model/ocm/pkg/contexts/config
-github.com/open-component-model/ocm/pkg/contexts/config/config
-github.com/open-component-model/ocm/pkg/contexts/config/cpi
-github.com/open-component-model/ocm/pkg/contexts/config/internal
-github.com/open-component-model/ocm/pkg/contexts/credentials
-github.com/open-component-model/ocm/pkg/contexts/credentials/builtin
-github.com/open-component-model/ocm/pkg/contexts/credentials/builtin/github
-github.com/open-component-model/ocm/pkg/contexts/credentials/builtin/github/identity
-github.com/open-component-model/ocm/pkg/contexts/credentials/config
-github.com/open-component-model/ocm/pkg/contexts/credentials/cpi
-github.com/open-component-model/ocm/pkg/contexts/credentials/identity/hostpath
-github.com/open-component-model/ocm/pkg/contexts/credentials/internal
-github.com/open-component-model/ocm/pkg/contexts/credentials/repositories
-github.com/open-component-model/ocm/pkg/contexts/credentials/repositories/aliases
-github.com/open-component-model/ocm/pkg/contexts/credentials/repositories/directcreds
-github.com/open-component-model/ocm/pkg/contexts/credentials/repositories/dockerconfig
-github.com/open-component-model/ocm/pkg/contexts/credentials/repositories/gardenerconfig
-github.com/open-component-model/ocm/pkg/contexts/credentials/repositories/gardenerconfig/cpi
-github.com/open-component-model/ocm/pkg/contexts/credentials/repositories/gardenerconfig/handler/container_registry
-github.com/open-component-model/ocm/pkg/contexts/credentials/repositories/gardenerconfig/identity
-github.com/open-component-model/ocm/pkg/contexts/credentials/repositories/memory
-github.com/open-component-model/ocm/pkg/contexts/credentials/repositories/memory/config
-github.com/open-component-model/ocm/pkg/contexts/datacontext
-github.com/open-component-model/ocm/pkg/contexts/datacontext/action/api
-github.com/open-component-model/ocm/pkg/contexts/datacontext/action/handlers
-github.com/open-component-model/ocm/pkg/contexts/datacontext/attrs
-github.com/open-component-model/ocm/pkg/contexts/datacontext/attrs/logforward
-github.com/open-component-model/ocm/pkg/contexts/datacontext/attrs/tmpcache
-github.com/open-component-model/ocm/pkg/contexts/datacontext/attrs/vfsattr
-github.com/open-component-model/ocm/pkg/contexts/datacontext/config
-github.com/open-component-model/ocm/pkg/contexts/datacontext/config/attrs
-github.com/open-component-model/ocm/pkg/contexts/datacontext/config/logging
-github.com/open-component-model/ocm/pkg/contexts/oci
-github.com/open-component-model/ocm/pkg/contexts/oci/actions
-github.com/open-component-model/ocm/pkg/contexts/oci/actions/oci-repository-prepare
-github.com/open-component-model/ocm/pkg/contexts/oci/artdesc
-github.com/open-component-model/ocm/pkg/contexts/oci/artdesc/helper
-github.com/open-component-model/ocm/pkg/contexts/oci/attrs
-github.com/open-component-model/ocm/pkg/contexts/oci/attrs/cacheattr
-github.com/open-component-model/ocm/pkg/contexts/oci/config
-github.com/open-component-model/ocm/pkg/contexts/oci/cpi
-github.com/open-component-model/ocm/pkg/contexts/oci/cpi/support
-github.com/open-component-model/ocm/pkg/contexts/oci/grammar
-github.com/open-component-model/ocm/pkg/contexts/oci/identity
-github.com/open-component-model/ocm/pkg/contexts/oci/internal
-github.com/open-component-model/ocm/pkg/contexts/oci/ociutils
-github.com/open-component-model/ocm/pkg/contexts/oci/ociutils/helm/ignore
-github.com/open-component-model/ocm/pkg/contexts/oci/ociutils/helm/sympath
-github.com/open-component-model/ocm/pkg/contexts/oci/repositories
-github.com/open-component-model/ocm/pkg/contexts/oci/repositories/artifactset
-github.com/open-component-model/ocm/pkg/contexts/oci/repositories/ctf
-github.com/open-component-model/ocm/pkg/contexts/oci/repositories/ctf/format
-github.com/open-component-model/ocm/pkg/contexts/oci/repositories/ctf/index
-github.com/open-component-model/ocm/pkg/contexts/oci/repositories/docker
-github.com/open-component-model/ocm/pkg/contexts/oci/repositories/empty
-github.com/open-component-model/ocm/pkg/contexts/oci/repositories/ocireg
-github.com/open-component-model/ocm/pkg/contexts/oci/transfer
-github.com/open-component-model/ocm/pkg/contexts/ocm
-github.com/open-component-model/ocm/pkg/contexts/ocm/accessmethods
-github.com/open-component-model/ocm/pkg/contexts/ocm/accessmethods/github
-github.com/open-component-model/ocm/pkg/contexts/ocm/accessmethods/helm
-github.com/open-component-model/ocm/pkg/contexts/ocm/accessmethods/localblob
-github.com/open-component-model/ocm/pkg/contexts/ocm/accessmethods/localfsblob
-github.com/open-component-model/ocm/pkg/contexts/ocm/accessmethods/localociblob
-github.com/open-component-model/ocm/pkg/contexts/ocm/accessmethods/none
-github.com/open-component-model/ocm/pkg/contexts/ocm/accessmethods/npm
-github.com/open-component-model/ocm/pkg/contexts/ocm/accessmethods/ociartifact
-github.com/open-component-model/ocm/pkg/contexts/ocm/accessmethods/ociblob
-github.com/open-component-model/ocm/pkg/contexts/ocm/accessmethods/options
-github.com/open-component-model/ocm/pkg/contexts/ocm/accessmethods/relativeociref
-github.com/open-component-model/ocm/pkg/contexts/ocm/accessmethods/s3
-github.com/open-component-model/ocm/pkg/contexts/ocm/accessmethods/s3/identity
-github.com/open-component-model/ocm/pkg/contexts/ocm/attrs/compatattr
-github.com/open-component-model/ocm/pkg/contexts/ocm/attrs/hashattr
-github.com/open-component-model/ocm/pkg/contexts/ocm/attrs/keepblobattr
-github.com/open-component-model/ocm/pkg/contexts/ocm/attrs/mapocirepoattr
-github.com/open-component-model/ocm/pkg/contexts/ocm/attrs/ociuploadattr
-github.com/open-component-model/ocm/pkg/contexts/ocm/attrs/signingattr
-github.com/open-component-model/ocm/pkg/contexts/ocm/blobhandler
-github.com/open-component-model/ocm/pkg/contexts/ocm/blobhandler/config
-github.com/open-component-model/ocm/pkg/contexts/ocm/blobhandler/handlers
-github.com/open-component-model/ocm/pkg/contexts/ocm/blobhandler/handlers/generic/ocirepo
-github.com/open-component-model/ocm/pkg/contexts/ocm/blobhandler/handlers/oci
-github.com/open-component-model/ocm/pkg/contexts/ocm/blobhandler/handlers/oci/ocirepo
-github.com/open-component-model/ocm/pkg/contexts/ocm/blobhandler/handlers/ocm
-github.com/open-component-model/ocm/pkg/contexts/ocm/blobhandler/handlers/ocm/comparch
-github.com/open-component-model/ocm/pkg/contexts/ocm/compdesc
-github.com/open-component-model/ocm/pkg/contexts/ocm/compdesc/equivalent
-github.com/open-component-model/ocm/pkg/contexts/ocm/compdesc/meta/v1
-github.com/open-component-model/ocm/pkg/contexts/ocm/compdesc/normalizations
-github.com/open-component-model/ocm/pkg/contexts/ocm/compdesc/normalizations/jsonv1
-github.com/open-component-model/ocm/pkg/contexts/ocm/compdesc/normalizations/jsonv2
-github.com/open-component-model/ocm/pkg/contexts/ocm/compdesc/normalizations/rules
-github.com/open-component-model/ocm/pkg/contexts/ocm/compdesc/versions
-github.com/open-component-model/ocm/pkg/contexts/ocm/compdesc/versions/ocm.software/v3alpha1
-github.com/open-component-model/ocm/pkg/contexts/ocm/compdesc/versions/ocm.software/v3alpha1/jsonscheme
-github.com/open-component-model/ocm/pkg/contexts/ocm/compdesc/versions/v2
-github.com/open-component-model/ocm/pkg/contexts/ocm/compdesc/versions/v2/jsonscheme
-github.com/open-component-model/ocm/pkg/contexts/ocm/config
-github.com/open-component-model/ocm/pkg/contexts/ocm/consts
-github.com/open-component-model/ocm/pkg/contexts/ocm/context
-github.com/open-component-model/ocm/pkg/contexts/ocm/cpi
-github.com/open-component-model/ocm/pkg/contexts/ocm/cpi/clitypes
-github.com/open-component-model/ocm/pkg/contexts/ocm/cpi/support
-github.com/open-component-model/ocm/pkg/contexts/ocm/digester/digesters
-github.com/open-component-model/ocm/pkg/contexts/ocm/digester/digesters/artifact
-github.com/open-component-model/ocm/pkg/contexts/ocm/digester/digesters/blob
-github.com/open-component-model/ocm/pkg/contexts/ocm/download
-github.com/open-component-model/ocm/pkg/contexts/ocm/download/config
-github.com/open-component-model/ocm/pkg/contexts/ocm/download/handlers
-github.com/open-component-model/ocm/pkg/contexts/ocm/download/handlers/blob
-github.com/open-component-model/ocm/pkg/contexts/ocm/download/handlers/blueprint
-github.com/open-component-model/ocm/pkg/contexts/ocm/download/handlers/dirtree
-github.com/open-component-model/ocm/pkg/contexts/ocm/download/handlers/executable
-github.com/open-component-model/ocm/pkg/contexts/ocm/download/handlers/helm
-github.com/open-component-model/ocm/pkg/contexts/ocm/download/handlers/ocirepo
-github.com/open-component-model/ocm/pkg/contexts/ocm/grammar
-github.com/open-component-model/ocm/pkg/contexts/ocm/internal
-github.com/open-component-model/ocm/pkg/contexts/ocm/repositories
-github.com/open-component-model/ocm/pkg/contexts/ocm/repositories/comparch
-github.com/open-component-model/ocm/pkg/contexts/ocm/repositories/ctf
-github.com/open-component-model/ocm/pkg/contexts/ocm/repositories/genericocireg
-github.com/open-component-model/ocm/pkg/contexts/ocm/repositories/genericocireg/componentmapping
-github.com/open-component-model/ocm/pkg/contexts/ocm/repositories/ocireg
-github.com/open-component-model/ocm/pkg/contexts/ocm/repositories/virtual
-github.com/open-component-model/ocm/pkg/contexts/ocm/resourcetypes
-github.com/open-component-model/ocm/pkg/contexts/ocm/utils/registry
-github.com/open-component-model/ocm/pkg/contexts/ocm/valuemergehandler/handlers
-github.com/open-component-model/ocm/pkg/contexts/ocm/valuemergehandler/handlers/defaultmerge
-github.com/open-component-model/ocm/pkg/contexts/ocm/valuemergehandler/handlers/maplistmerge
-github.com/open-component-model/ocm/pkg/contexts/ocm/valuemergehandler/handlers/simplelistmerge
-github.com/open-component-model/ocm/pkg/contexts/ocm/valuemergehandler/handlers/simplemapmerge
-github.com/open-component-model/ocm/pkg/contexts/ocm/valuemergehandler/hpi
-github.com/open-component-model/ocm/pkg/contexts/ocm/valuemergehandler/internal
-github.com/open-component-model/ocm/pkg/docker
-github.com/open-component-model/ocm/pkg/docker/resolve
-github.com/open-component-model/ocm/pkg/encrypt
-github.com/open-component-model/ocm/pkg/env
-github.com/open-component-model/ocm/pkg/env/builder
-github.com/open-component-model/ocm/pkg/errors
-github.com/open-component-model/ocm/pkg/exception
-github.com/open-component-model/ocm/pkg/finalizer
-github.com/open-component-model/ocm/pkg/generics
-github.com/open-component-model/ocm/pkg/helm
-github.com/open-component-model/ocm/pkg/helm/identity
-github.com/open-component-model/ocm/pkg/helm/loader
-github.com/open-component-model/ocm/pkg/listformat
-github.com/open-component-model/ocm/pkg/logging
-github.com/open-component-model/ocm/pkg/mime
-github.com/open-component-model/ocm/pkg/regex
-github.com/open-component-model/ocm/pkg/registrations
-github.com/open-component-model/ocm/pkg/runtime
-github.com/open-component-model/ocm/pkg/signing
-github.com/open-component-model/ocm/pkg/signing/handlers
-github.com/open-component-model/ocm/pkg/signing/handlers/rsa
-github.com/open-component-model/ocm/pkg/signing/handlers/rsa-signingservice
-github.com/open-component-model/ocm/pkg/signing/handlers/sigstore
-github.com/open-component-model/ocm/pkg/signing/handlers/sigstore/attr
-github.com/open-component-model/ocm/pkg/signing/hasher
-github.com/open-component-model/ocm/pkg/signing/hasher/nodigest
-github.com/open-component-model/ocm/pkg/signing/hasher/sha256
-github.com/open-component-model/ocm/pkg/signing/hasher/sha512
-github.com/open-component-model/ocm/pkg/signing/norm/entry
-github.com/open-component-model/ocm/pkg/signing/norm/jcs
-github.com/open-component-model/ocm/pkg/testutils
-github.com/open-component-model/ocm/pkg/utils
-github.com/open-component-model/ocm/pkg/utils/selector
-github.com/open-component-model/ocm/pkg/utils/tarutils
-# github.com/opencontainers/distribution-spec v1.0.1
-## explicit
-github.com/opencontainers/distribution-spec/specs-go/v1
-# github.com/opencontainers/go-digest v1.0.0
-## explicit; go 1.13
-github.com/opencontainers/go-digest
-github.com/opencontainers/go-digest/digestset
-# github.com/opencontainers/image-spec v1.1.0-rc5
-## explicit; go 1.18
-github.com/opencontainers/image-spec/specs-go
-github.com/opencontainers/image-spec/specs-go/v1
-# github.com/opentracing/opentracing-go v1.2.0
-## explicit; go 1.14
-github.com/opentracing/opentracing-go
-github.com/opentracing/opentracing-go/ext
-github.com/opentracing/opentracing-go/log
-# github.com/outcaste-io/ristretto v0.2.3
-## explicit; go 1.12
-github.com/outcaste-io/ristretto
-github.com/outcaste-io/ristretto/z
-github.com/outcaste-io/ristretto/z/simd
-# github.com/pborman/uuid v1.2.1
-## explicit
-github.com/pborman/uuid
-# github.com/pelletier/go-toml v1.9.5
-## explicit; go 1.12
-github.com/pelletier/go-toml
-# github.com/pelletier/go-toml/v2 v2.1.0
-## explicit; go 1.16
-github.com/pelletier/go-toml/v2
-github.com/pelletier/go-toml/v2/internal/characters
-github.com/pelletier/go-toml/v2/internal/danger
-github.com/pelletier/go-toml/v2/internal/tracker
-github.com/pelletier/go-toml/v2/unstable
-# github.com/peterbourgon/diskv v2.0.1+incompatible
-## explicit
-github.com/peterbourgon/diskv
-# github.com/philhofer/fwd v1.1.2
-## explicit; go 1.15
-github.com/philhofer/fwd
-# github.com/pkg/errors v0.9.1
-## explicit
-github.com/pkg/errors
-# github.com/prometheus/client_golang v1.17.0
-## explicit; go 1.19
-github.com/prometheus/client_golang/prometheus
-github.com/prometheus/client_golang/prometheus/collectors
-github.com/prometheus/client_golang/prometheus/internal
-github.com/prometheus/client_golang/prometheus/promhttp
-# github.com/prometheus/client_model v0.5.0
-## explicit; go 1.19
-github.com/prometheus/client_model/go
-# github.com/prometheus/common v0.45.0
-## explicit; go 1.20
-github.com/prometheus/common/expfmt
-github.com/prometheus/common/internal/bitbucket.org/ww/goautoneg
-github.com/prometheus/common/model
-# github.com/prometheus/procfs v0.12.0
-## explicit; go 1.19
-github.com/prometheus/procfs
-github.com/prometheus/procfs/internal/fs
-github.com/prometheus/procfs/internal/util
-# github.com/puzpuzpuz/xsync/v2 v2.5.1
-## explicit; go 1.18
-github.com/puzpuzpuz/xsync/v2
-# github.com/rivo/uniseg v0.4.4
-## explicit; go 1.18
-github.com/rivo/uniseg
-# github.com/robfig/cron/v3 v3.0.1
-## explicit; go 1.12
-github.com/robfig/cron/v3
-# github.com/rubenv/sql-migrate v1.3.1
-## explicit; go 1.16
-github.com/rubenv/sql-migrate
-github.com/rubenv/sql-migrate/sqlparse
-# github.com/russross/blackfriday/v2 v2.1.0
-## explicit
-github.com/russross/blackfriday/v2
-# github.com/sagikazarmark/locafero v0.3.0
-## explicit; go 1.20
-github.com/sagikazarmark/locafero
-# github.com/sagikazarmark/slog-shim v0.1.0
-## explicit; go 1.20
-github.com/sagikazarmark/slog-shim
-# github.com/sassoftware/relic v7.2.1+incompatible
-## explicit
-github.com/sassoftware/relic/lib/pkcs7
-github.com/sassoftware/relic/lib/x509tools
-# github.com/secure-systems-lab/go-securesystemslib v0.7.0
-## explicit; go 1.20
-github.com/secure-systems-lab/go-securesystemslib/cjson
-github.com/secure-systems-lab/go-securesystemslib/dsse
-github.com/secure-systems-lab/go-securesystemslib/encrypted
-github.com/secure-systems-lab/go-securesystemslib/signerverifier
-# github.com/segmentio/asm v1.2.0
-## explicit; go 1.18
-github.com/segmentio/asm/base64
-github.com/segmentio/asm/cpu
-github.com/segmentio/asm/cpu/arm
-github.com/segmentio/asm/cpu/arm64
-github.com/segmentio/asm/cpu/cpuid
-github.com/segmentio/asm/cpu/x86
-github.com/segmentio/asm/internal/unsafebytes
-# github.com/segmentio/ksuid v1.0.4
-## explicit; go 1.12
-github.com/segmentio/ksuid
-# github.com/shibumi/go-pathspec v1.3.0
-## explicit; go 1.17
-github.com/shibumi/go-pathspec
-# github.com/shopspring/decimal v1.3.1
-## explicit; go 1.13
-github.com/shopspring/decimal
-# github.com/sigstore/cosign/v2 v2.2.1
-## explicit; go 1.21
-github.com/sigstore/cosign/v2/cmd/cosign/cli/fulcio
-github.com/sigstore/cosign/v2/cmd/cosign/cli/options
-github.com/sigstore/cosign/v2/cmd/cosign/cli/sign/privacy
-github.com/sigstore/cosign/v2/internal/pkg/cosign
-github.com/sigstore/cosign/v2/internal/pkg/cosign/fulcio/fulcioroots
-github.com/sigstore/cosign/v2/internal/pkg/oci/remote
-github.com/sigstore/cosign/v2/internal/ui
-github.com/sigstore/cosign/v2/pkg/blob
-github.com/sigstore/cosign/v2/pkg/cosign
-github.com/sigstore/cosign/v2/pkg/cosign/attestation
-github.com/sigstore/cosign/v2/pkg/cosign/bundle
-github.com/sigstore/cosign/v2/pkg/cosign/env
-github.com/sigstore/cosign/v2/pkg/cosign/fulcioverifier/ctutil
-github.com/sigstore/cosign/v2/pkg/cosign/git
-github.com/sigstore/cosign/v2/pkg/cosign/git/github
-github.com/sigstore/cosign/v2/pkg/cosign/git/gitlab
-github.com/sigstore/cosign/v2/pkg/cosign/kubernetes
-github.com/sigstore/cosign/v2/pkg/cosign/pkcs11key
-github.com/sigstore/cosign/v2/pkg/cosign/remote
-github.com/sigstore/cosign/v2/pkg/oci
-github.com/sigstore/cosign/v2/pkg/oci/empty
-github.com/sigstore/cosign/v2/pkg/oci/internal/signature
-github.com/sigstore/cosign/v2/pkg/oci/layout
-github.com/sigstore/cosign/v2/pkg/oci/mutate
-github.com/sigstore/cosign/v2/pkg/oci/remote
-github.com/sigstore/cosign/v2/pkg/oci/signed
-github.com/sigstore/cosign/v2/pkg/oci/static
-github.com/sigstore/cosign/v2/pkg/providers
-github.com/sigstore/cosign/v2/pkg/providers/all
-github.com/sigstore/cosign/v2/pkg/providers/buildkite
-github.com/sigstore/cosign/v2/pkg/providers/envvar
-github.com/sigstore/cosign/v2/pkg/providers/filesystem
-github.com/sigstore/cosign/v2/pkg/providers/github
-github.com/sigstore/cosign/v2/pkg/providers/google
-github.com/sigstore/cosign/v2/pkg/providers/spiffe
-github.com/sigstore/cosign/v2/pkg/signature
-github.com/sigstore/cosign/v2/pkg/types
-# github.com/sigstore/fulcio v1.4.3
-## explicit; go 1.20
-github.com/sigstore/fulcio/pkg/api
-# github.com/sigstore/rekor v1.3.3
-## explicit; go 1.21
-github.com/sigstore/rekor/pkg/client
-github.com/sigstore/rekor/pkg/generated/client
-github.com/sigstore/rekor/pkg/generated/client/entries
-github.com/sigstore/rekor/pkg/generated/client/index
-github.com/sigstore/rekor/pkg/generated/client/pubkey
-github.com/sigstore/rekor/pkg/generated/client/tlog
-github.com/sigstore/rekor/pkg/generated/models
-github.com/sigstore/rekor/pkg/log
-github.com/sigstore/rekor/pkg/pki
-github.com/sigstore/rekor/pkg/pki/identity
-github.com/sigstore/rekor/pkg/pki/minisign
-github.com/sigstore/rekor/pkg/pki/pgp
-github.com/sigstore/rekor/pkg/pki/pkcs7
-github.com/sigstore/rekor/pkg/pki/ssh
-github.com/sigstore/rekor/pkg/pki/tuf
-github.com/sigstore/rekor/pkg/pki/x509
-github.com/sigstore/rekor/pkg/types
-github.com/sigstore/rekor/pkg/types/dsse
-github.com/sigstore/rekor/pkg/types/dsse/v0.0.1
-github.com/sigstore/rekor/pkg/types/hashedrekord
-github.com/sigstore/rekor/pkg/types/hashedrekord/v0.0.1
-github.com/sigstore/rekor/pkg/types/intoto
-github.com/sigstore/rekor/pkg/types/intoto/v0.0.1
-github.com/sigstore/rekor/pkg/types/intoto/v0.0.2
-github.com/sigstore/rekor/pkg/types/rekord
-github.com/sigstore/rekor/pkg/types/rekord/v0.0.1
-github.com/sigstore/rekor/pkg/util
-github.com/sigstore/rekor/pkg/verify
-# github.com/sigstore/sigstore v1.7.5
-## explicit; go 1.20
-github.com/sigstore/sigstore/pkg/cryptoutils
-github.com/sigstore/sigstore/pkg/fulcioroots
-github.com/sigstore/sigstore/pkg/oauth
-github.com/sigstore/sigstore/pkg/oauthflow
-github.com/sigstore/sigstore/pkg/signature
-github.com/sigstore/sigstore/pkg/signature/dsse
-github.com/sigstore/sigstore/pkg/signature/kms
-github.com/sigstore/sigstore/pkg/signature/options
-github.com/sigstore/sigstore/pkg/signature/payload
-github.com/sigstore/sigstore/pkg/tuf
-# github.com/sigstore/timestamp-authority v1.2.0
-## explicit; go 1.21
-github.com/sigstore/timestamp-authority/pkg/verification
-# github.com/sirupsen/logrus v1.9.3
-## explicit; go 1.13
-github.com/sirupsen/logrus
-# github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966
-## explicit
-github.com/skratchdot/open-golang/open
-# github.com/sourcegraph/conc v0.3.0
-## explicit; go 1.19
-github.com/sourcegraph/conc
-github.com/sourcegraph/conc/internal/multierror
-github.com/sourcegraph/conc/iter
-github.com/sourcegraph/conc/panics
-# github.com/spf13/afero v1.10.0
-## explicit; go 1.16
-github.com/spf13/afero
-github.com/spf13/afero/internal/common
-github.com/spf13/afero/mem
-# github.com/spf13/cast v1.5.1
-## explicit; go 1.18
-github.com/spf13/cast
-# github.com/spf13/cobra v1.8.0
-## explicit; go 1.15
-github.com/spf13/cobra
-# github.com/spf13/pflag v1.0.5
-## explicit; go 1.12
-github.com/spf13/pflag
-# github.com/spf13/viper v1.17.0
-## explicit; go 1.18
-github.com/spf13/viper
-github.com/spf13/viper/internal/encoding
-github.com/spf13/viper/internal/encoding/dotenv
-github.com/spf13/viper/internal/encoding/hcl
-github.com/spf13/viper/internal/encoding/ini
-github.com/spf13/viper/internal/encoding/javaproperties
-github.com/spf13/viper/internal/encoding/json
-github.com/spf13/viper/internal/encoding/toml
-github.com/spf13/viper/internal/encoding/yaml
-# github.com/spiffe/go-spiffe/v2 v2.1.6
-## explicit; go 1.17
-github.com/spiffe/go-spiffe/v2/bundle/jwtbundle
-github.com/spiffe/go-spiffe/v2/bundle/spiffebundle
-github.com/spiffe/go-spiffe/v2/bundle/x509bundle
-github.com/spiffe/go-spiffe/v2/internal/cryptoutil
-github.com/spiffe/go-spiffe/v2/internal/jwtutil
-github.com/spiffe/go-spiffe/v2/internal/pemutil
-github.com/spiffe/go-spiffe/v2/internal/x509util
-github.com/spiffe/go-spiffe/v2/logger
-github.com/spiffe/go-spiffe/v2/proto/spiffe/workload
-github.com/spiffe/go-spiffe/v2/spiffeid
-github.com/spiffe/go-spiffe/v2/svid/jwtsvid
-github.com/spiffe/go-spiffe/v2/svid/x509svid
-github.com/spiffe/go-spiffe/v2/workloadapi
-# github.com/subosito/gotenv v1.6.0
-## explicit; go 1.18
-github.com/subosito/gotenv
-# github.com/syndtr/goleveldb v1.0.1-0.20220721030215-126854af5e6d
-## explicit; go 1.14
-github.com/syndtr/goleveldb/leveldb
-github.com/syndtr/goleveldb/leveldb/cache
-github.com/syndtr/goleveldb/leveldb/comparer
-github.com/syndtr/goleveldb/leveldb/errors
-github.com/syndtr/goleveldb/leveldb/filter
-github.com/syndtr/goleveldb/leveldb/iterator
-github.com/syndtr/goleveldb/leveldb/journal
-github.com/syndtr/goleveldb/leveldb/memdb
-github.com/syndtr/goleveldb/leveldb/opt
-github.com/syndtr/goleveldb/leveldb/storage
-github.com/syndtr/goleveldb/leveldb/table
-github.com/syndtr/goleveldb/leveldb/util
-# github.com/thales-e-security/pool v0.0.2
-## explicit; go 1.12
-github.com/thales-e-security/pool
-# github.com/theupdateframework/go-tuf v0.6.1
-## explicit; go 1.20
-github.com/theupdateframework/go-tuf
-github.com/theupdateframework/go-tuf/client
-github.com/theupdateframework/go-tuf/client/leveldbstore
-github.com/theupdateframework/go-tuf/data
-github.com/theupdateframework/go-tuf/internal/fsutil
-github.com/theupdateframework/go-tuf/internal/roles
-github.com/theupdateframework/go-tuf/internal/sets
-github.com/theupdateframework/go-tuf/internal/signer
-github.com/theupdateframework/go-tuf/pkg/keys
-github.com/theupdateframework/go-tuf/pkg/targets
-github.com/theupdateframework/go-tuf/sign
-github.com/theupdateframework/go-tuf/util
-github.com/theupdateframework/go-tuf/verify
-# github.com/theupdateframework/notary v0.7.0
-## explicit; go 1.12
-github.com/theupdateframework/notary
-github.com/theupdateframework/notary/client
-github.com/theupdateframework/notary/client/changelist
-github.com/theupdateframework/notary/cryptoservice
-github.com/theupdateframework/notary/passphrase
-github.com/theupdateframework/notary/storage
-github.com/theupdateframework/notary/trustmanager
-github.com/theupdateframework/notary/trustmanager/yubikey
-github.com/theupdateframework/notary/trustpinning
-github.com/theupdateframework/notary/tuf
-github.com/theupdateframework/notary/tuf/data
-github.com/theupdateframework/notary/tuf/signed
-github.com/theupdateframework/notary/tuf/utils
-github.com/theupdateframework/notary/tuf/validation
-# github.com/tinylib/msgp v1.1.8
-## explicit; go 1.15
-github.com/tinylib/msgp/msgp
-# github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399
-## explicit
-github.com/titanous/rocacheck
-# github.com/tjfoc/gmsm v1.4.1
-## explicit; go 1.14
-github.com/tjfoc/gmsm/sm3
-# github.com/tonglil/buflogr v1.0.1
-## explicit; go 1.17
-github.com/tonglil/buflogr
-# github.com/transparency-dev/merkle v0.0.2
-## explicit; go 1.19
-github.com/transparency-dev/merkle
-github.com/transparency-dev/merkle/compact
-github.com/transparency-dev/merkle/proof
-github.com/transparency-dev/merkle/rfc6962
-# github.com/ulikunitz/xz v0.5.11
-## explicit; go 1.12
-github.com/ulikunitz/xz
-github.com/ulikunitz/xz/internal/hash
-github.com/ulikunitz/xz/internal/xlog
-github.com/ulikunitz/xz/lzma
-# github.com/valyala/bytebufferpool v1.0.0
-## explicit
-github.com/valyala/bytebufferpool
-# github.com/valyala/fasttemplate v1.2.2
-## explicit; go 1.12
-github.com/valyala/fasttemplate
-# github.com/vbatts/tar-split v0.11.5
-## explicit; go 1.17
-github.com/vbatts/tar-split/archive/tar
-# github.com/xanzy/go-gitlab v0.93.2
-## explicit; go 1.18
-github.com/xanzy/go-gitlab
-# github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb
-## explicit
-github.com/xeipuuv/gojsonpointer
-# github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415
-## explicit
-github.com/xeipuuv/gojsonreference
-# github.com/xeipuuv/gojsonschema v1.2.0
-## explicit
-github.com/xeipuuv/gojsonschema
-# github.com/xlab/treeprint v1.1.0
-## explicit; go 1.13
-github.com/xlab/treeprint
-# github.com/zeebo/errs v1.3.0
-## explicit; go 1.12
-github.com/zeebo/errs
-# go.mongodb.org/mongo-driver v1.12.1
-## explicit; go 1.13
-go.mongodb.org/mongo-driver/bson
-go.mongodb.org/mongo-driver/bson/bsoncodec
-go.mongodb.org/mongo-driver/bson/bsonoptions
-go.mongodb.org/mongo-driver/bson/bsonrw
-go.mongodb.org/mongo-driver/bson/bsontype
-go.mongodb.org/mongo-driver/bson/primitive
-go.mongodb.org/mongo-driver/x/bsonx/bsoncore
-# go.opencensus.io v0.24.0
-## explicit; go 1.13
-go.opencensus.io
-go.opencensus.io/internal
-go.opencensus.io/internal/tagencoding
-go.opencensus.io/metric/metricdata
-go.opencensus.io/metric/metricproducer
-go.opencensus.io/plugin/ochttp
-go.opencensus.io/plugin/ochttp/propagation/b3
-go.opencensus.io/resource
-go.opencensus.io/stats
-go.opencensus.io/stats/internal
-go.opencensus.io/stats/view
-go.opencensus.io/tag
-go.opencensus.io/trace
-go.opencensus.io/trace/internal
-go.opencensus.io/trace/propagation
-go.opencensus.io/trace/tracestate
-# go.opentelemetry.io/otel v1.19.0
-## explicit; go 1.20
-go.opentelemetry.io/otel
-go.opentelemetry.io/otel/attribute
-go.opentelemetry.io/otel/baggage
-go.opentelemetry.io/otel/codes
-go.opentelemetry.io/otel/internal
-go.opentelemetry.io/otel/internal/attribute
-go.opentelemetry.io/otel/internal/baggage
-go.opentelemetry.io/otel/internal/global
-go.opentelemetry.io/otel/propagation
-go.opentelemetry.io/otel/semconv/internal
-go.opentelemetry.io/otel/semconv/internal/v2
-go.opentelemetry.io/otel/semconv/v1.12.0
-go.opentelemetry.io/otel/semconv/v1.17.0
-go.opentelemetry.io/otel/semconv/v1.17.0/httpconv
-# go.opentelemetry.io/otel/metric v1.19.0
-## explicit; go 1.20
-go.opentelemetry.io/otel/metric
-go.opentelemetry.io/otel/metric/embedded
-# go.opentelemetry.io/otel/trace v1.19.0
-## explicit; go 1.20
-go.opentelemetry.io/otel/trace
-# go.starlark.net v0.0.0-20221028183056-acb66ad56dd2
-## explicit; go 1.13
-go.starlark.net/internal/compile
-go.starlark.net/internal/spell
-go.starlark.net/resolve
-go.starlark.net/starlark
-go.starlark.net/starlarkstruct
-go.starlark.net/syntax
-# go.step.sm/crypto v0.36.1
-## explicit; go 1.20
-go.step.sm/crypto/fingerprint
-go.step.sm/crypto/internal/bcrypt_pbkdf
-go.step.sm/crypto/internal/emoji
-go.step.sm/crypto/internal/utils
-go.step.sm/crypto/jose
-go.step.sm/crypto/keyutil
-go.step.sm/crypto/pemutil
-go.step.sm/crypto/randutil
-go.step.sm/crypto/x25519
-# go.uber.org/atomic v1.11.0
-## explicit; go 1.18
-go.uber.org/atomic
-# go.uber.org/multierr v1.11.0
-## explicit; go 1.19
-go.uber.org/multierr
-# go.uber.org/zap v1.26.0
-## explicit; go 1.19
-go.uber.org/zap
-go.uber.org/zap/buffer
-go.uber.org/zap/internal
-go.uber.org/zap/internal/bufferpool
-go.uber.org/zap/internal/color
-go.uber.org/zap/internal/exit
-go.uber.org/zap/internal/pool
-go.uber.org/zap/internal/stacktrace
-go.uber.org/zap/zapcore
-# go4.org/intern v0.0.0-20230525184215-6c62f75575cb
-## explicit; go 1.13
-go4.org/intern
-# go4.org/unsafe/assume-no-moving-gc v0.0.0-20230525183740-e7c30c78aeb2
-## explicit; go 1.11
-go4.org/unsafe/assume-no-moving-gc
-# golang.org/x/crypto v0.14.0
-## explicit; go 1.17
-golang.org/x/crypto/argon2
-golang.org/x/crypto/bcrypt
-golang.org/x/crypto/blake2b
-golang.org/x/crypto/blowfish
-golang.org/x/crypto/cast5
-golang.org/x/crypto/chacha20
-golang.org/x/crypto/chacha20poly1305
-golang.org/x/crypto/cryptobyte
-golang.org/x/crypto/cryptobyte/asn1
-golang.org/x/crypto/curve25519
-golang.org/x/crypto/curve25519/internal/field
-golang.org/x/crypto/ed25519
-golang.org/x/crypto/hkdf
-golang.org/x/crypto/internal/alias
-golang.org/x/crypto/internal/poly1305
-golang.org/x/crypto/md4
-golang.org/x/crypto/nacl/box
-golang.org/x/crypto/nacl/secretbox
-golang.org/x/crypto/ocsp
-golang.org/x/crypto/openpgp
-golang.org/x/crypto/openpgp/armor
-golang.org/x/crypto/openpgp/clearsign
-golang.org/x/crypto/openpgp/elgamal
-golang.org/x/crypto/openpgp/errors
-golang.org/x/crypto/openpgp/packet
-golang.org/x/crypto/openpgp/s2k
-golang.org/x/crypto/pbkdf2
-golang.org/x/crypto/pkcs12
-golang.org/x/crypto/pkcs12/internal/rc2
-golang.org/x/crypto/salsa20/salsa
-golang.org/x/crypto/scrypt
-golang.org/x/crypto/sha3
-golang.org/x/crypto/ssh
-golang.org/x/crypto/ssh/internal/bcrypt_pbkdf
-golang.org/x/crypto/ssh/terminal
-# golang.org/x/exp v0.0.0-20231006140011-7918f672742d
-## explicit; go 1.20
-golang.org/x/exp/constraints
-golang.org/x/exp/maps
-golang.org/x/exp/slices
-golang.org/x/exp/slog
-golang.org/x/exp/slog/internal
-golang.org/x/exp/slog/internal/buffer
-# golang.org/x/lint v0.0.0-20210508222113-6edffad5e616
-## explicit; go 1.11
-golang.org/x/lint
-golang.org/x/lint/golint
-# golang.org/x/mod v0.13.0
-## explicit; go 1.18
-golang.org/x/mod/internal/lazyregexp
-golang.org/x/mod/modfile
-golang.org/x/mod/module
-golang.org/x/mod/semver
-golang.org/x/mod/sumdb/note
-# golang.org/x/net v0.17.0
-## explicit; go 1.17
-golang.org/x/net/context
-golang.org/x/net/context/ctxhttp
-golang.org/x/net/html
-golang.org/x/net/html/atom
-golang.org/x/net/html/charset
-golang.org/x/net/http/httpguts
-golang.org/x/net/http2
-golang.org/x/net/http2/hpack
-golang.org/x/net/idna
-golang.org/x/net/internal/socks
-golang.org/x/net/internal/timeseries
-golang.org/x/net/proxy
-golang.org/x/net/trace
-# golang.org/x/oauth2 v0.13.0
-## explicit; go 1.18
-golang.org/x/oauth2
-golang.org/x/oauth2/authhandler
-golang.org/x/oauth2/google
-golang.org/x/oauth2/google/internal/externalaccount
-golang.org/x/oauth2/google/internal/externalaccountauthorizeduser
-golang.org/x/oauth2/google/internal/stsexchange
-golang.org/x/oauth2/internal
-golang.org/x/oauth2/jws
-golang.org/x/oauth2/jwt
-# golang.org/x/sync v0.5.0
-## explicit; go 1.18
-golang.org/x/sync/errgroup
-golang.org/x/sync/semaphore
-# golang.org/x/sys v0.13.0
-## explicit; go 1.17
-golang.org/x/sys/cpu
-golang.org/x/sys/execabs
-golang.org/x/sys/plan9
-golang.org/x/sys/unix
-golang.org/x/sys/windows
-golang.org/x/sys/windows/registry
-# golang.org/x/term v0.13.0
-## explicit; go 1.17
-golang.org/x/term
-# golang.org/x/text v0.13.0
-## explicit; go 1.17
-golang.org/x/text/encoding
-golang.org/x/text/encoding/charmap
-golang.org/x/text/encoding/htmlindex
-golang.org/x/text/encoding/internal
-golang.org/x/text/encoding/internal/identifier
-golang.org/x/text/encoding/japanese
-golang.org/x/text/encoding/korean
-golang.org/x/text/encoding/simplifiedchinese
-golang.org/x/text/encoding/traditionalchinese
-golang.org/x/text/encoding/unicode
-golang.org/x/text/internal/language
-golang.org/x/text/internal/language/compact
-golang.org/x/text/internal/tag
-golang.org/x/text/internal/utf8internal
-golang.org/x/text/language
-golang.org/x/text/runes
-golang.org/x/text/secure/bidirule
-golang.org/x/text/transform
-golang.org/x/text/unicode/bidi
-golang.org/x/text/unicode/norm
-# golang.org/x/time v0.3.0
-## explicit
-golang.org/x/time/rate
-# golang.org/x/tools v0.14.0
-## explicit; go 1.18
-golang.org/x/tools/cmd/stringer
-golang.org/x/tools/go/ast/astutil
-golang.org/x/tools/go/ast/inspector
-golang.org/x/tools/go/gcexportdata
-golang.org/x/tools/go/internal/packagesdriver
-golang.org/x/tools/go/packages
-golang.org/x/tools/go/types/objectpath
-golang.org/x/tools/imports
-golang.org/x/tools/internal/event
-golang.org/x/tools/internal/event/core
-golang.org/x/tools/internal/event/keys
-golang.org/x/tools/internal/event/label
-golang.org/x/tools/internal/event/tag
-golang.org/x/tools/internal/fastwalk
-golang.org/x/tools/internal/gcimporter
-golang.org/x/tools/internal/gocommand
-golang.org/x/tools/internal/gopathwalk
-golang.org/x/tools/internal/imports
-golang.org/x/tools/internal/packagesinternal
-golang.org/x/tools/internal/pkgbits
-golang.org/x/tools/internal/tokeninternal
-golang.org/x/tools/internal/typeparams
-golang.org/x/tools/internal/typesinternal
-# golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028
-## explicit; go 1.18
-golang.org/x/xerrors
-golang.org/x/xerrors/internal
-# gomodules.xyz/jsonpatch/v2 v2.3.0
-## explicit; go 1.20
-gomodules.xyz/jsonpatch/v2
-# google.golang.org/api v0.149.0
-## explicit; go 1.19
-google.golang.org/api/googleapi/transport
-google.golang.org/api/idtoken
-google.golang.org/api/impersonate
-google.golang.org/api/internal
-google.golang.org/api/internal/cert
-google.golang.org/api/internal/impersonate
-google.golang.org/api/option
-google.golang.org/api/option/internaloption
-google.golang.org/api/transport/http
-google.golang.org/api/transport/http/internal/propagation
-# google.golang.org/appengine v1.6.8
-## explicit; go 1.11
-google.golang.org/appengine
-google.golang.org/appengine/internal
-google.golang.org/appengine/internal/app_identity
-google.golang.org/appengine/internal/base
-google.golang.org/appengine/internal/datastore
-google.golang.org/appengine/internal/log
-google.golang.org/appengine/internal/modules
-google.golang.org/appengine/internal/remote_api
-google.golang.org/appengine/internal/urlfetch
-google.golang.org/appengine/urlfetch
-# google.golang.org/genproto/googleapis/rpc v0.0.0-20231016165738-49dd2c1f3d0b
-## explicit; go 1.19
-google.golang.org/genproto/googleapis/rpc/status
-# google.golang.org/grpc v1.59.0
-## explicit; go 1.19
-google.golang.org/grpc
-google.golang.org/grpc/attributes
-google.golang.org/grpc/backoff
-google.golang.org/grpc/balancer
-google.golang.org/grpc/balancer/base
-google.golang.org/grpc/balancer/grpclb/state
-google.golang.org/grpc/balancer/roundrobin
-google.golang.org/grpc/binarylog/grpc_binarylog_v1
-google.golang.org/grpc/channelz
-google.golang.org/grpc/codes
-google.golang.org/grpc/connectivity
-google.golang.org/grpc/credentials
-google.golang.org/grpc/credentials/insecure
-google.golang.org/grpc/encoding
-google.golang.org/grpc/encoding/proto
-google.golang.org/grpc/grpclog
-google.golang.org/grpc/internal
-google.golang.org/grpc/internal/backoff
-google.golang.org/grpc/internal/balancer/gracefulswitch
-google.golang.org/grpc/internal/balancerload
-google.golang.org/grpc/internal/binarylog
-google.golang.org/grpc/internal/buffer
-google.golang.org/grpc/internal/channelz
-google.golang.org/grpc/internal/credentials
-google.golang.org/grpc/internal/envconfig
-google.golang.org/grpc/internal/grpclog
-google.golang.org/grpc/internal/grpcrand
-google.golang.org/grpc/internal/grpcsync
-google.golang.org/grpc/internal/grpcutil
-google.golang.org/grpc/internal/idle
-google.golang.org/grpc/internal/metadata
-google.golang.org/grpc/internal/pretty
-google.golang.org/grpc/internal/resolver
-google.golang.org/grpc/internal/resolver/dns
-google.golang.org/grpc/internal/resolver/passthrough
-google.golang.org/grpc/internal/resolver/unix
-google.golang.org/grpc/internal/serviceconfig
-google.golang.org/grpc/internal/status
-google.golang.org/grpc/internal/syscall
-google.golang.org/grpc/internal/transport
-google.golang.org/grpc/internal/transport/networktype
-google.golang.org/grpc/keepalive
-google.golang.org/grpc/metadata
-google.golang.org/grpc/peer
-google.golang.org/grpc/resolver
-google.golang.org/grpc/serviceconfig
-google.golang.org/grpc/stats
-google.golang.org/grpc/status
-google.golang.org/grpc/tap
-# google.golang.org/protobuf v1.31.0
-## explicit; go 1.11
-google.golang.org/protobuf/encoding/protojson
-google.golang.org/protobuf/encoding/prototext
-google.golang.org/protobuf/encoding/protowire
-google.golang.org/protobuf/internal/descfmt
-google.golang.org/protobuf/internal/descopts
-google.golang.org/protobuf/internal/detrand
-google.golang.org/protobuf/internal/encoding/defval
-google.golang.org/protobuf/internal/encoding/json
-google.golang.org/protobuf/internal/encoding/messageset
-google.golang.org/protobuf/internal/encoding/tag
-google.golang.org/protobuf/internal/encoding/text
-google.golang.org/protobuf/internal/errors
-google.golang.org/protobuf/internal/filedesc
-google.golang.org/protobuf/internal/filetype
-google.golang.org/protobuf/internal/flags
-google.golang.org/protobuf/internal/genid
-google.golang.org/protobuf/internal/impl
-google.golang.org/protobuf/internal/order
-google.golang.org/protobuf/internal/pragma
-google.golang.org/protobuf/internal/set
-google.golang.org/protobuf/internal/strs
-google.golang.org/protobuf/internal/version
-google.golang.org/protobuf/proto
-google.golang.org/protobuf/reflect/protodesc
-google.golang.org/protobuf/reflect/protoreflect
-google.golang.org/protobuf/reflect/protoregistry
-google.golang.org/protobuf/runtime/protoiface
-google.golang.org/protobuf/runtime/protoimpl
-google.golang.org/protobuf/types/descriptorpb
-google.golang.org/protobuf/types/known/anypb
-google.golang.org/protobuf/types/known/durationpb
-google.golang.org/protobuf/types/known/structpb
-google.golang.org/protobuf/types/known/timestamppb
-# gopkg.in/DataDog/dd-trace-go.v1 v1.56.1
-## explicit; go 1.19
-gopkg.in/DataDog/dd-trace-go.v1/datastreams/options
-gopkg.in/DataDog/dd-trace-go.v1/ddtrace
-gopkg.in/DataDog/dd-trace-go.v1/ddtrace/ext
-gopkg.in/DataDog/dd-trace-go.v1/ddtrace/internal
-gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer
-gopkg.in/DataDog/dd-trace-go.v1/internal
-gopkg.in/DataDog/dd-trace-go.v1/internal/appsec
-gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/dyngo
-gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/dyngo/instrumentation
-gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/dyngo/instrumentation/grpcsec
-gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/dyngo/instrumentation/httpsec
-gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/dyngo/instrumentation/sharedsec
-gopkg.in/DataDog/dd-trace-go.v1/internal/datastreams
-gopkg.in/DataDog/dd-trace-go.v1/internal/globalconfig
-gopkg.in/DataDog/dd-trace-go.v1/internal/hostname
-gopkg.in/DataDog/dd-trace-go.v1/internal/hostname/azure
-gopkg.in/DataDog/dd-trace-go.v1/internal/hostname/cachedfetch
-gopkg.in/DataDog/dd-trace-go.v1/internal/hostname/ec2
-gopkg.in/DataDog/dd-trace-go.v1/internal/hostname/ecs
-gopkg.in/DataDog/dd-trace-go.v1/internal/hostname/gce
-gopkg.in/DataDog/dd-trace-go.v1/internal/hostname/httputils
-gopkg.in/DataDog/dd-trace-go.v1/internal/hostname/validate
-gopkg.in/DataDog/dd-trace-go.v1/internal/log
-gopkg.in/DataDog/dd-trace-go.v1/internal/namingschema
-gopkg.in/DataDog/dd-trace-go.v1/internal/normalizer
-gopkg.in/DataDog/dd-trace-go.v1/internal/osinfo
-gopkg.in/DataDog/dd-trace-go.v1/internal/remoteconfig
-gopkg.in/DataDog/dd-trace-go.v1/internal/samplernames
-gopkg.in/DataDog/dd-trace-go.v1/internal/telemetry
-gopkg.in/DataDog/dd-trace-go.v1/internal/traceprof
-gopkg.in/DataDog/dd-trace-go.v1/internal/version
-# gopkg.in/go-jose/go-jose.v2 v2.6.1
-## explicit
-gopkg.in/go-jose/go-jose.v2
-gopkg.in/go-jose/go-jose.v2/cipher
-gopkg.in/go-jose/go-jose.v2/json
-# gopkg.in/inf.v0 v0.9.1
-## explicit
-gopkg.in/inf.v0
-# gopkg.in/ini.v1 v1.67.0
-## explicit
-gopkg.in/ini.v1
-# gopkg.in/square/go-jose.v2 v2.6.0
-## explicit
-gopkg.in/square/go-jose.v2
-gopkg.in/square/go-jose.v2/cipher
-gopkg.in/square/go-jose.v2/cryptosigner
-gopkg.in/square/go-jose.v2/json
-gopkg.in/square/go-jose.v2/jwt
-# gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7
-## explicit
-gopkg.in/tomb.v1
-# gopkg.in/yaml.v2 v2.4.0
-## explicit; go 1.15
-gopkg.in/yaml.v2
-# gopkg.in/yaml.v3 v3.0.1
-## explicit
-gopkg.in/yaml.v3
-# helm.sh/helm/v3 v3.12.2
-## explicit; go 1.19
-helm.sh/helm/v3/internal/fileutil
-helm.sh/helm/v3/internal/ignore
-helm.sh/helm/v3/internal/resolver
-helm.sh/helm/v3/internal/sympath
-helm.sh/helm/v3/internal/third_party/dep/fs
-helm.sh/helm/v3/internal/third_party/k8s.io/kubernetes/deployment/util
-helm.sh/helm/v3/internal/tlsutil
-helm.sh/helm/v3/internal/urlutil
-helm.sh/helm/v3/internal/version
-helm.sh/helm/v3/pkg/action
-helm.sh/helm/v3/pkg/chart
-helm.sh/helm/v3/pkg/chart/loader
-helm.sh/helm/v3/pkg/chartutil
-helm.sh/helm/v3/pkg/cli
-helm.sh/helm/v3/pkg/downloader
-helm.sh/helm/v3/pkg/engine
-helm.sh/helm/v3/pkg/getter
-helm.sh/helm/v3/pkg/helmpath
-helm.sh/helm/v3/pkg/helmpath/xdg
-helm.sh/helm/v3/pkg/kube
-helm.sh/helm/v3/pkg/kube/fake
-helm.sh/helm/v3/pkg/lint
-helm.sh/helm/v3/pkg/lint/rules
-helm.sh/helm/v3/pkg/lint/support
-helm.sh/helm/v3/pkg/plugin
-helm.sh/helm/v3/pkg/postrender
-helm.sh/helm/v3/pkg/provenance
-helm.sh/helm/v3/pkg/pusher
-helm.sh/helm/v3/pkg/registry
-helm.sh/helm/v3/pkg/release
-helm.sh/helm/v3/pkg/releaseutil
-helm.sh/helm/v3/pkg/repo
-helm.sh/helm/v3/pkg/storage
-helm.sh/helm/v3/pkg/storage/driver
-helm.sh/helm/v3/pkg/time
-helm.sh/helm/v3/pkg/uploader
-# inet.af/netaddr v0.0.0-20230525184311-b8eac61e914a
-## explicit; go 1.12
-inet.af/netaddr
-# k8s.io/api v0.28.3
-## explicit; go 1.20
-k8s.io/api/admission/v1
-k8s.io/api/admission/v1beta1
-k8s.io/api/admissionregistration/v1
-k8s.io/api/admissionregistration/v1alpha1
-k8s.io/api/admissionregistration/v1beta1
-k8s.io/api/apidiscovery/v2beta1
-k8s.io/api/apiserverinternal/v1alpha1
-k8s.io/api/apps/v1
-k8s.io/api/apps/v1beta1
-k8s.io/api/apps/v1beta2
-k8s.io/api/authentication/v1
-k8s.io/api/authentication/v1alpha1
-k8s.io/api/authentication/v1beta1
-k8s.io/api/authorization/v1
-k8s.io/api/authorization/v1beta1
-k8s.io/api/autoscaling/v1
-k8s.io/api/autoscaling/v2
-k8s.io/api/autoscaling/v2beta1
-k8s.io/api/autoscaling/v2beta2
-k8s.io/api/batch/v1
-k8s.io/api/batch/v1beta1
-k8s.io/api/certificates/v1
-k8s.io/api/certificates/v1alpha1
-k8s.io/api/certificates/v1beta1
-k8s.io/api/coordination/v1
-k8s.io/api/coordination/v1beta1
-k8s.io/api/core/v1
-k8s.io/api/discovery/v1
-k8s.io/api/discovery/v1beta1
-k8s.io/api/events/v1
-k8s.io/api/events/v1beta1
-k8s.io/api/extensions/v1beta1
-k8s.io/api/flowcontrol/v1alpha1
-k8s.io/api/flowcontrol/v1beta1
-k8s.io/api/flowcontrol/v1beta2
-k8s.io/api/flowcontrol/v1beta3
-k8s.io/api/imagepolicy/v1alpha1
-k8s.io/api/networking/v1
-k8s.io/api/networking/v1alpha1
-k8s.io/api/networking/v1beta1
-k8s.io/api/node/v1
-k8s.io/api/node/v1alpha1
-k8s.io/api/node/v1beta1
-k8s.io/api/policy/v1
-k8s.io/api/policy/v1beta1
-k8s.io/api/rbac/v1
-k8s.io/api/rbac/v1alpha1
-k8s.io/api/rbac/v1beta1
-k8s.io/api/resource/v1alpha2
-k8s.io/api/scheduling/v1
-k8s.io/api/scheduling/v1alpha1
-k8s.io/api/scheduling/v1beta1
-k8s.io/api/storage/v1
-k8s.io/api/storage/v1alpha1
-k8s.io/api/storage/v1beta1
-# k8s.io/apiextensions-apiserver v0.27.2
-## explicit; go 1.20
-k8s.io/apiextensions-apiserver/pkg/apis/apiextensions
-k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/install
-k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1
-k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1
-k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset
-k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset/scheme
-k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset/typed/apiextensions/v1
-k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset/typed/apiextensions/v1beta1
-# k8s.io/apimachinery v0.28.3
-## explicit; go 1.20
-k8s.io/apimachinery/pkg/api/equality
-k8s.io/apimachinery/pkg/api/errors
-k8s.io/apimachinery/pkg/api/meta
-k8s.io/apimachinery/pkg/api/resource
-k8s.io/apimachinery/pkg/api/validation
-k8s.io/apimachinery/pkg/api/validation/path
-k8s.io/apimachinery/pkg/apis/meta/internalversion
-k8s.io/apimachinery/pkg/apis/meta/internalversion/scheme
-k8s.io/apimachinery/pkg/apis/meta/v1
-k8s.io/apimachinery/pkg/apis/meta/v1/unstructured
-k8s.io/apimachinery/pkg/apis/meta/v1/unstructured/unstructuredscheme
-k8s.io/apimachinery/pkg/apis/meta/v1/validation
-k8s.io/apimachinery/pkg/apis/meta/v1beta1
-k8s.io/apimachinery/pkg/conversion
-k8s.io/apimachinery/pkg/conversion/queryparams
-k8s.io/apimachinery/pkg/fields
-k8s.io/apimachinery/pkg/labels
-k8s.io/apimachinery/pkg/runtime
-k8s.io/apimachinery/pkg/runtime/schema
-k8s.io/apimachinery/pkg/runtime/serializer
-k8s.io/apimachinery/pkg/runtime/serializer/json
-k8s.io/apimachinery/pkg/runtime/serializer/protobuf
-k8s.io/apimachinery/pkg/runtime/serializer/recognizer
-k8s.io/apimachinery/pkg/runtime/serializer/streaming
-k8s.io/apimachinery/pkg/runtime/serializer/versioning
-k8s.io/apimachinery/pkg/selection
-k8s.io/apimachinery/pkg/types
-k8s.io/apimachinery/pkg/util/cache
-k8s.io/apimachinery/pkg/util/diff
-k8s.io/apimachinery/pkg/util/dump
-k8s.io/apimachinery/pkg/util/duration
-k8s.io/apimachinery/pkg/util/errors
-k8s.io/apimachinery/pkg/util/framer
-k8s.io/apimachinery/pkg/util/httpstream
-k8s.io/apimachinery/pkg/util/httpstream/spdy
-k8s.io/apimachinery/pkg/util/intstr
-k8s.io/apimachinery/pkg/util/json
-k8s.io/apimachinery/pkg/util/managedfields
-k8s.io/apimachinery/pkg/util/managedfields/internal
-k8s.io/apimachinery/pkg/util/mergepatch
-k8s.io/apimachinery/pkg/util/naming
-k8s.io/apimachinery/pkg/util/net
-k8s.io/apimachinery/pkg/util/rand
-k8s.io/apimachinery/pkg/util/remotecommand
-k8s.io/apimachinery/pkg/util/runtime
-k8s.io/apimachinery/pkg/util/sets
-k8s.io/apimachinery/pkg/util/strategicpatch
-k8s.io/apimachinery/pkg/util/uuid
-k8s.io/apimachinery/pkg/util/validation
-k8s.io/apimachinery/pkg/util/validation/field
-k8s.io/apimachinery/pkg/util/version
-k8s.io/apimachinery/pkg/util/wait
-k8s.io/apimachinery/pkg/util/yaml
-k8s.io/apimachinery/pkg/version
-k8s.io/apimachinery/pkg/watch
-k8s.io/apimachinery/third_party/forked/golang/json
-k8s.io/apimachinery/third_party/forked/golang/netutil
-k8s.io/apimachinery/third_party/forked/golang/reflect
-# k8s.io/apiserver v0.27.2
-## explicit; go 1.20
-k8s.io/apiserver/pkg/endpoints/deprecation
-# k8s.io/cli-runtime v0.27.2
-## explicit; go 1.20
-k8s.io/cli-runtime/pkg/genericclioptions
-k8s.io/cli-runtime/pkg/printers
-k8s.io/cli-runtime/pkg/resource
-# k8s.io/client-go v0.28.3
-## explicit; go 1.20
-k8s.io/client-go/applyconfigurations/admissionregistration/v1
-k8s.io/client-go/applyconfigurations/admissionregistration/v1alpha1
-k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1
-k8s.io/client-go/applyconfigurations/apiserverinternal/v1alpha1
-k8s.io/client-go/applyconfigurations/apps/v1
-k8s.io/client-go/applyconfigurations/apps/v1beta1
-k8s.io/client-go/applyconfigurations/apps/v1beta2
-k8s.io/client-go/applyconfigurations/autoscaling/v1
-k8s.io/client-go/applyconfigurations/autoscaling/v2
-k8s.io/client-go/applyconfigurations/autoscaling/v2beta1
-k8s.io/client-go/applyconfigurations/autoscaling/v2beta2
-k8s.io/client-go/applyconfigurations/batch/v1
-k8s.io/client-go/applyconfigurations/batch/v1beta1
-k8s.io/client-go/applyconfigurations/certificates/v1
-k8s.io/client-go/applyconfigurations/certificates/v1alpha1
-k8s.io/client-go/applyconfigurations/certificates/v1beta1
-k8s.io/client-go/applyconfigurations/coordination/v1
-k8s.io/client-go/applyconfigurations/coordination/v1beta1
-k8s.io/client-go/applyconfigurations/core/v1
-k8s.io/client-go/applyconfigurations/discovery/v1
-k8s.io/client-go/applyconfigurations/discovery/v1beta1
-k8s.io/client-go/applyconfigurations/events/v1
-k8s.io/client-go/applyconfigurations/events/v1beta1
-k8s.io/client-go/applyconfigurations/extensions/v1beta1
-k8s.io/client-go/applyconfigurations/flowcontrol/v1alpha1
-k8s.io/client-go/applyconfigurations/flowcontrol/v1beta1
-k8s.io/client-go/applyconfigurations/flowcontrol/v1beta2
-k8s.io/client-go/applyconfigurations/flowcontrol/v1beta3
-k8s.io/client-go/applyconfigurations/internal
-k8s.io/client-go/applyconfigurations/meta/v1
-k8s.io/client-go/applyconfigurations/networking/v1
-k8s.io/client-go/applyconfigurations/networking/v1alpha1
-k8s.io/client-go/applyconfigurations/networking/v1beta1
-k8s.io/client-go/applyconfigurations/node/v1
-k8s.io/client-go/applyconfigurations/node/v1alpha1
-k8s.io/client-go/applyconfigurations/node/v1beta1
-k8s.io/client-go/applyconfigurations/policy/v1
-k8s.io/client-go/applyconfigurations/policy/v1beta1
-k8s.io/client-go/applyconfigurations/rbac/v1
-k8s.io/client-go/applyconfigurations/rbac/v1alpha1
-k8s.io/client-go/applyconfigurations/rbac/v1beta1
-k8s.io/client-go/applyconfigurations/resource/v1alpha2
-k8s.io/client-go/applyconfigurations/scheduling/v1
-k8s.io/client-go/applyconfigurations/scheduling/v1alpha1
-k8s.io/client-go/applyconfigurations/scheduling/v1beta1
-k8s.io/client-go/applyconfigurations/storage/v1
-k8s.io/client-go/applyconfigurations/storage/v1alpha1
-k8s.io/client-go/applyconfigurations/storage/v1beta1
-k8s.io/client-go/discovery
-k8s.io/client-go/discovery/cached/disk
-k8s.io/client-go/discovery/cached/memory
-k8s.io/client-go/dynamic
-k8s.io/client-go/kubernetes
-k8s.io/client-go/kubernetes/scheme
-k8s.io/client-go/kubernetes/typed/admissionregistration/v1
-k8s.io/client-go/kubernetes/typed/admissionregistration/v1alpha1
-k8s.io/client-go/kubernetes/typed/admissionregistration/v1beta1
-k8s.io/client-go/kubernetes/typed/apiserverinternal/v1alpha1
-k8s.io/client-go/kubernetes/typed/apps/v1
-k8s.io/client-go/kubernetes/typed/apps/v1beta1
-k8s.io/client-go/kubernetes/typed/apps/v1beta2
-k8s.io/client-go/kubernetes/typed/authentication/v1
-k8s.io/client-go/kubernetes/typed/authentication/v1alpha1
-k8s.io/client-go/kubernetes/typed/authentication/v1beta1
-k8s.io/client-go/kubernetes/typed/authorization/v1
-k8s.io/client-go/kubernetes/typed/authorization/v1beta1
-k8s.io/client-go/kubernetes/typed/autoscaling/v1
-k8s.io/client-go/kubernetes/typed/autoscaling/v2
-k8s.io/client-go/kubernetes/typed/autoscaling/v2beta1
-k8s.io/client-go/kubernetes/typed/autoscaling/v2beta2
-k8s.io/client-go/kubernetes/typed/batch/v1
-k8s.io/client-go/kubernetes/typed/batch/v1beta1
-k8s.io/client-go/kubernetes/typed/certificates/v1
-k8s.io/client-go/kubernetes/typed/certificates/v1alpha1
-k8s.io/client-go/kubernetes/typed/certificates/v1beta1
-k8s.io/client-go/kubernetes/typed/coordination/v1
-k8s.io/client-go/kubernetes/typed/coordination/v1beta1
-k8s.io/client-go/kubernetes/typed/core/v1
-k8s.io/client-go/kubernetes/typed/discovery/v1
-k8s.io/client-go/kubernetes/typed/discovery/v1beta1
-k8s.io/client-go/kubernetes/typed/events/v1
-k8s.io/client-go/kubernetes/typed/events/v1beta1
-k8s.io/client-go/kubernetes/typed/extensions/v1beta1
-k8s.io/client-go/kubernetes/typed/flowcontrol/v1alpha1
-k8s.io/client-go/kubernetes/typed/flowcontrol/v1beta1
-k8s.io/client-go/kubernetes/typed/flowcontrol/v1beta2
-k8s.io/client-go/kubernetes/typed/flowcontrol/v1beta3
-k8s.io/client-go/kubernetes/typed/networking/v1
-k8s.io/client-go/kubernetes/typed/networking/v1alpha1
-k8s.io/client-go/kubernetes/typed/networking/v1beta1
-k8s.io/client-go/kubernetes/typed/node/v1
-k8s.io/client-go/kubernetes/typed/node/v1alpha1
-k8s.io/client-go/kubernetes/typed/node/v1beta1
-k8s.io/client-go/kubernetes/typed/policy/v1
-k8s.io/client-go/kubernetes/typed/policy/v1beta1
-k8s.io/client-go/kubernetes/typed/rbac/v1
-k8s.io/client-go/kubernetes/typed/rbac/v1alpha1
-k8s.io/client-go/kubernetes/typed/rbac/v1beta1
-k8s.io/client-go/kubernetes/typed/resource/v1alpha2
-k8s.io/client-go/kubernetes/typed/scheduling/v1
-k8s.io/client-go/kubernetes/typed/scheduling/v1alpha1
-k8s.io/client-go/kubernetes/typed/scheduling/v1beta1
-k8s.io/client-go/kubernetes/typed/storage/v1
-k8s.io/client-go/kubernetes/typed/storage/v1alpha1
-k8s.io/client-go/kubernetes/typed/storage/v1beta1
-k8s.io/client-go/metadata
-k8s.io/client-go/openapi
-k8s.io/client-go/openapi/cached
-k8s.io/client-go/openapi3
-k8s.io/client-go/pkg/apis/clientauthentication
-k8s.io/client-go/pkg/apis/clientauthentication/install
-k8s.io/client-go/pkg/apis/clientauthentication/v1
-k8s.io/client-go/pkg/apis/clientauthentication/v1beta1
-k8s.io/client-go/pkg/version
-k8s.io/client-go/plugin/pkg/client/auth
-k8s.io/client-go/plugin/pkg/client/auth/azure
-k8s.io/client-go/plugin/pkg/client/auth/exec
-k8s.io/client-go/plugin/pkg/client/auth/gcp
-k8s.io/client-go/plugin/pkg/client/auth/oidc
-k8s.io/client-go/rest
-k8s.io/client-go/rest/watch
-k8s.io/client-go/restmapper
-k8s.io/client-go/scale
-k8s.io/client-go/scale/scheme
-k8s.io/client-go/scale/scheme/appsint
-k8s.io/client-go/scale/scheme/appsv1beta1
-k8s.io/client-go/scale/scheme/appsv1beta2
-k8s.io/client-go/scale/scheme/autoscalingv1
-k8s.io/client-go/scale/scheme/extensionsint
-k8s.io/client-go/scale/scheme/extensionsv1beta1
-k8s.io/client-go/testing
-k8s.io/client-go/third_party/forked/golang/template
-k8s.io/client-go/tools/auth
-k8s.io/client-go/tools/cache
-k8s.io/client-go/tools/cache/synctrack
-k8s.io/client-go/tools/clientcmd
-k8s.io/client-go/tools/clientcmd/api
-k8s.io/client-go/tools/clientcmd/api/latest
-k8s.io/client-go/tools/clientcmd/api/v1
-k8s.io/client-go/tools/leaderelection
-k8s.io/client-go/tools/leaderelection/resourcelock
-k8s.io/client-go/tools/metrics
-k8s.io/client-go/tools/pager
-k8s.io/client-go/tools/record
-k8s.io/client-go/tools/record/util
-k8s.io/client-go/tools/reference
-k8s.io/client-go/tools/remotecommand
-k8s.io/client-go/tools/watch
-k8s.io/client-go/transport
-k8s.io/client-go/transport/spdy
-k8s.io/client-go/util/cert
-k8s.io/client-go/util/connrotation
-k8s.io/client-go/util/exec
-k8s.io/client-go/util/flowcontrol
-k8s.io/client-go/util/homedir
-k8s.io/client-go/util/jsonpath
-k8s.io/client-go/util/keyutil
-k8s.io/client-go/util/retry
-k8s.io/client-go/util/workqueue
-# k8s.io/component-base v0.27.2
-## explicit; go 1.20
-k8s.io/component-base/config
-k8s.io/component-base/config/v1alpha1
-k8s.io/component-base/version
-# k8s.io/gengo v0.0.0-20230829151522-9cce18d56c01
-## explicit; go 1.13
-k8s.io/gengo/parser
-k8s.io/gengo/types
-# k8s.io/klog v1.0.0
-## explicit; go 1.12
-k8s.io/klog
-# k8s.io/klog/v2 v2.100.1
-## explicit; go 1.13
-k8s.io/klog/v2
-k8s.io/klog/v2/internal/buffer
-k8s.io/klog/v2/internal/clock
-k8s.io/klog/v2/internal/dbg
-k8s.io/klog/v2/internal/serialize
-k8s.io/klog/v2/internal/severity
-# k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00
-## explicit; go 1.19
-k8s.io/kube-openapi/pkg/cached
-k8s.io/kube-openapi/pkg/common
-k8s.io/kube-openapi/pkg/handler3
-k8s.io/kube-openapi/pkg/internal
-k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json
-k8s.io/kube-openapi/pkg/schemaconv
-k8s.io/kube-openapi/pkg/spec3
-k8s.io/kube-openapi/pkg/util/proto
-k8s.io/kube-openapi/pkg/util/proto/validation
-k8s.io/kube-openapi/pkg/validation/spec
-# k8s.io/kubectl v0.27.2
-## explicit; go 1.20
-k8s.io/kubectl/pkg/cmd/util
-k8s.io/kubectl/pkg/scheme
-k8s.io/kubectl/pkg/util/i18n
-k8s.io/kubectl/pkg/util/interrupt
-k8s.io/kubectl/pkg/util/openapi
-k8s.io/kubectl/pkg/util/templates
-k8s.io/kubectl/pkg/util/term
-k8s.io/kubectl/pkg/validation
-# k8s.io/utils v0.0.0-20230726121419-3b25d923346b
-## explicit; go 1.18
-k8s.io/utils/buffer
-k8s.io/utils/clock
-k8s.io/utils/clock/testing
-k8s.io/utils/exec
-k8s.io/utils/integer
-k8s.io/utils/internal/third_party/forked/golang/net
-k8s.io/utils/net
-k8s.io/utils/pointer
-k8s.io/utils/ptr
-k8s.io/utils/strings/slices
-k8s.io/utils/trace
-# oras.land/oras-go v1.2.4
-## explicit; go 1.18
-oras.land/oras-go/pkg/artifact
-oras.land/oras-go/pkg/auth
-oras.land/oras-go/pkg/auth/docker
-oras.land/oras-go/pkg/content
-oras.land/oras-go/pkg/context
-oras.land/oras-go/pkg/oras
-oras.land/oras-go/pkg/registry
-oras.land/oras-go/pkg/registry/remote
-oras.land/oras-go/pkg/registry/remote/auth
-oras.land/oras-go/pkg/registry/remote/internal/errutil
-oras.land/oras-go/pkg/registry/remote/internal/syncutil
-oras.land/oras-go/pkg/target
-# sigs.k8s.io/controller-runtime v0.15.1
-## explicit; go 1.20
-sigs.k8s.io/controller-runtime
-sigs.k8s.io/controller-runtime/pkg/builder
-sigs.k8s.io/controller-runtime/pkg/cache
-sigs.k8s.io/controller-runtime/pkg/cache/internal
-sigs.k8s.io/controller-runtime/pkg/certwatcher
-sigs.k8s.io/controller-runtime/pkg/certwatcher/metrics
-sigs.k8s.io/controller-runtime/pkg/client
-sigs.k8s.io/controller-runtime/pkg/client/apiutil
-sigs.k8s.io/controller-runtime/pkg/client/config
-sigs.k8s.io/controller-runtime/pkg/client/fake
-sigs.k8s.io/controller-runtime/pkg/client/interceptor
-sigs.k8s.io/controller-runtime/pkg/cluster
-sigs.k8s.io/controller-runtime/pkg/config
-sigs.k8s.io/controller-runtime/pkg/config/v1alpha1
-sigs.k8s.io/controller-runtime/pkg/controller
-sigs.k8s.io/controller-runtime/pkg/controller/controllerutil
-sigs.k8s.io/controller-runtime/pkg/conversion
-sigs.k8s.io/controller-runtime/pkg/envtest
-sigs.k8s.io/controller-runtime/pkg/event
-sigs.k8s.io/controller-runtime/pkg/handler
-sigs.k8s.io/controller-runtime/pkg/healthz
-sigs.k8s.io/controller-runtime/pkg/internal/controller
-sigs.k8s.io/controller-runtime/pkg/internal/controller/metrics
-sigs.k8s.io/controller-runtime/pkg/internal/field/selector
-sigs.k8s.io/controller-runtime/pkg/internal/flock
-sigs.k8s.io/controller-runtime/pkg/internal/httpserver
-sigs.k8s.io/controller-runtime/pkg/internal/log
-sigs.k8s.io/controller-runtime/pkg/internal/objectutil
-sigs.k8s.io/controller-runtime/pkg/internal/recorder
-sigs.k8s.io/controller-runtime/pkg/internal/source
-sigs.k8s.io/controller-runtime/pkg/internal/testing/addr
-sigs.k8s.io/controller-runtime/pkg/internal/testing/certs
-sigs.k8s.io/controller-runtime/pkg/internal/testing/controlplane
-sigs.k8s.io/controller-runtime/pkg/internal/testing/process
-sigs.k8s.io/controller-runtime/pkg/leaderelection
-sigs.k8s.io/controller-runtime/pkg/log
-sigs.k8s.io/controller-runtime/pkg/manager
-sigs.k8s.io/controller-runtime/pkg/manager/signals
-sigs.k8s.io/controller-runtime/pkg/metrics
-sigs.k8s.io/controller-runtime/pkg/predicate
-sigs.k8s.io/controller-runtime/pkg/ratelimiter
-sigs.k8s.io/controller-runtime/pkg/reconcile
-sigs.k8s.io/controller-runtime/pkg/recorder
-sigs.k8s.io/controller-runtime/pkg/scheme
-sigs.k8s.io/controller-runtime/pkg/source
-sigs.k8s.io/controller-runtime/pkg/webhook
-sigs.k8s.io/controller-runtime/pkg/webhook/admission
-sigs.k8s.io/controller-runtime/pkg/webhook/conversion
-sigs.k8s.io/controller-runtime/pkg/webhook/internal/metrics
-# sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd
-## explicit; go 1.18
-sigs.k8s.io/json
-sigs.k8s.io/json/internal/golang/encoding/json
-# sigs.k8s.io/kustomize/api v0.13.2
-## explicit; go 1.19
-sigs.k8s.io/kustomize/api/filters/annotations
-sigs.k8s.io/kustomize/api/filters/fieldspec
-sigs.k8s.io/kustomize/api/filters/filtersutil
-sigs.k8s.io/kustomize/api/filters/fsslice
-sigs.k8s.io/kustomize/api/filters/iampolicygenerator
-sigs.k8s.io/kustomize/api/filters/imagetag
-sigs.k8s.io/kustomize/api/filters/labels
-sigs.k8s.io/kustomize/api/filters/nameref
-sigs.k8s.io/kustomize/api/filters/namespace
-sigs.k8s.io/kustomize/api/filters/patchjson6902
-sigs.k8s.io/kustomize/api/filters/patchstrategicmerge
-sigs.k8s.io/kustomize/api/filters/prefix
-sigs.k8s.io/kustomize/api/filters/refvar
-sigs.k8s.io/kustomize/api/filters/replacement
-sigs.k8s.io/kustomize/api/filters/replicacount
-sigs.k8s.io/kustomize/api/filters/suffix
-sigs.k8s.io/kustomize/api/filters/valueadd
-sigs.k8s.io/kustomize/api/hasher
-sigs.k8s.io/kustomize/api/ifc
-sigs.k8s.io/kustomize/api/image
-sigs.k8s.io/kustomize/api/internal/accumulator
-sigs.k8s.io/kustomize/api/internal/builtins
-sigs.k8s.io/kustomize/api/internal/generators
-sigs.k8s.io/kustomize/api/internal/git
-sigs.k8s.io/kustomize/api/internal/kusterr
-sigs.k8s.io/kustomize/api/internal/plugins/builtinconfig
-sigs.k8s.io/kustomize/api/internal/plugins/builtinhelpers
-sigs.k8s.io/kustomize/api/internal/plugins/execplugin
-sigs.k8s.io/kustomize/api/internal/plugins/fnplugin
-sigs.k8s.io/kustomize/api/internal/plugins/loader
-sigs.k8s.io/kustomize/api/internal/plugins/utils
-sigs.k8s.io/kustomize/api/internal/target
-sigs.k8s.io/kustomize/api/internal/utils
-sigs.k8s.io/kustomize/api/internal/validate
-sigs.k8s.io/kustomize/api/konfig
-sigs.k8s.io/kustomize/api/konfig/builtinpluginconsts
-sigs.k8s.io/kustomize/api/krusty
-sigs.k8s.io/kustomize/api/kv
-sigs.k8s.io/kustomize/api/loader
-sigs.k8s.io/kustomize/api/provenance
-sigs.k8s.io/kustomize/api/provider
-sigs.k8s.io/kustomize/api/resmap
-sigs.k8s.io/kustomize/api/resource
-sigs.k8s.io/kustomize/api/types
-# sigs.k8s.io/kustomize/kyaml v0.14.1
-## explicit; go 1.19
-sigs.k8s.io/kustomize/kyaml/comments
-sigs.k8s.io/kustomize/kyaml/errors
-sigs.k8s.io/kustomize/kyaml/ext
-sigs.k8s.io/kustomize/kyaml/fieldmeta
-sigs.k8s.io/kustomize/kyaml/filesys
-sigs.k8s.io/kustomize/kyaml/fn/runtime/container
-sigs.k8s.io/kustomize/kyaml/fn/runtime/exec
-sigs.k8s.io/kustomize/kyaml/fn/runtime/runtimeutil
-sigs.k8s.io/kustomize/kyaml/fn/runtime/starlark
-sigs.k8s.io/kustomize/kyaml/internal/forked/github.com/go-yaml/yaml
-sigs.k8s.io/kustomize/kyaml/internal/forked/github.com/qri-io/starlib/util
-sigs.k8s.io/kustomize/kyaml/kio
-sigs.k8s.io/kustomize/kyaml/kio/filters
-sigs.k8s.io/kustomize/kyaml/kio/kioutil
-sigs.k8s.io/kustomize/kyaml/openapi
-sigs.k8s.io/kustomize/kyaml/openapi/kubernetesapi
-sigs.k8s.io/kustomize/kyaml/openapi/kubernetesapi/v1_21_2
-sigs.k8s.io/kustomize/kyaml/openapi/kustomizationapi
-sigs.k8s.io/kustomize/kyaml/order
-sigs.k8s.io/kustomize/kyaml/resid
-sigs.k8s.io/kustomize/kyaml/runfn
-sigs.k8s.io/kustomize/kyaml/sets
-sigs.k8s.io/kustomize/kyaml/sliceutil
-sigs.k8s.io/kustomize/kyaml/utils
-sigs.k8s.io/kustomize/kyaml/yaml
-sigs.k8s.io/kustomize/kyaml/yaml/internal/k8sgen/pkg/labels
-sigs.k8s.io/kustomize/kyaml/yaml/internal/k8sgen/pkg/selection
-sigs.k8s.io/kustomize/kyaml/yaml/internal/k8sgen/pkg/util/errors
-sigs.k8s.io/kustomize/kyaml/yaml/internal/k8sgen/pkg/util/sets
-sigs.k8s.io/kustomize/kyaml/yaml/internal/k8sgen/pkg/util/validation
-sigs.k8s.io/kustomize/kyaml/yaml/internal/k8sgen/pkg/util/validation/field
-sigs.k8s.io/kustomize/kyaml/yaml/merge2
-sigs.k8s.io/kustomize/kyaml/yaml/merge3
-sigs.k8s.io/kustomize/kyaml/yaml/schema
-sigs.k8s.io/kustomize/kyaml/yaml/walk
-# sigs.k8s.io/release-utils v0.7.6
-## explicit; go 1.20
-sigs.k8s.io/release-utils/version
-# sigs.k8s.io/structured-merge-diff/v4 v4.3.0
-## explicit; go 1.13
-sigs.k8s.io/structured-merge-diff/v4/fieldpath
-sigs.k8s.io/structured-merge-diff/v4/merge
-sigs.k8s.io/structured-merge-diff/v4/schema
-sigs.k8s.io/structured-merge-diff/v4/typed
-sigs.k8s.io/structured-merge-diff/v4/value
-# sigs.k8s.io/yaml v1.4.0
-## explicit; go 1.12
-sigs.k8s.io/yaml
-sigs.k8s.io/yaml/goyaml.v2
-# github.com/gardener/landscaper/apis => ./apis
-# github.com/gardener/landscaper/controller-utils => ./controller-utils
-# github.com/googleapis/gnostic => github.com/googleapis/gnostic v0.4.1

From 54f2936b7f567e2b827dcf346484b2b1eeaef7ee Mon Sep 17 00:00:00 2001
From: guewa <72857276+guewa@users.noreply.github.com>
Date: Tue, 14 Nov 2023 08:21:50 +0100
Subject: [PATCH 05/23] run (run-int-tests)


From 90fa41f73eaf7813f40630ed846205f1aefd4482 Mon Sep 17 00:00:00 2001
From: guewa <72857276+guewa@users.noreply.github.com>
Date: Mon, 4 Dec 2023 09:49:37 +0100
Subject: [PATCH 06/23] run (run-int-tests)


From a00539f07f301470861913edd1547bbcfbe87610 Mon Sep 17 00:00:00 2001
From: guewa <72857276+guewa@users.noreply.github.com>
Date: Tue, 5 Dec 2023 11:38:37 +0100
Subject: [PATCH 07/23] Rebase and update dependencies

---
 go.mod                                        |  149 +-
 go.sum                                        |  102 +-
 vendor/go.opentelemetry.io/otel/.gitignore    |    5 +-
 vendor/go.opentelemetry.io/otel/.golangci.yml |   17 +-
 vendor/go.opentelemetry.io/otel/CHANGELOG.md  |   85 +-
 .../go.opentelemetry.io/otel/CONTRIBUTING.md  |    4 +
 vendor/go.opentelemetry.io/otel/Makefile      |   29 +-
 vendor/go.opentelemetry.io/otel/README.md     |   15 +-
 .../otel/baggage/baggage.go                   |    4 +-
 .../otel/internal/global/instruments.go       |   60 +-
 .../otel/internal/global/trace.go             |    7 +
 vendor/go.opentelemetry.io/otel/metric/doc.go |    2 +-
 .../otel/metric/instrument.go                 |   23 +
 .../otel/metric/syncfloat64.go                |   10 +-
 .../otel/metric/syncint64.go                  |   10 +-
 .../otel/propagation/trace_context.go         |    6 +-
 .../go.opentelemetry.io/otel/requirements.txt |    2 +-
 .../go.opentelemetry.io/otel/trace/config.go  |    1 +
 vendor/go.opentelemetry.io/otel/trace/doc.go  |   64 +
 .../otel/trace/embedded/embedded.go           |   56 +
 vendor/go.opentelemetry.io/otel/trace/noop.go |   10 +-
 .../go.opentelemetry.io/otel/trace/trace.go   |   40 +-
 .../otel/trace/tracestate.go                  |   38 +-
 vendor/go.opentelemetry.io/otel/version.go    |    2 +-
 vendor/go.opentelemetry.io/otel/versions.yaml |    7 +-
 vendor/modules.txt                            | 2758 +++++++++++++++++
 26 files changed, 3269 insertions(+), 237 deletions(-)
 create mode 100644 vendor/go.opentelemetry.io/otel/trace/embedded/embedded.go

diff --git a/go.mod b/go.mod
index 72e6675c5..03062ddd7 100644
--- a/go.mod
+++ b/go.mod
@@ -1,6 +1,8 @@
 module github.com/gardener/landscaper
 
-go 1.20
+go 1.21
+
+toolchain go1.21.4
 
 require (
 	github.com/Masterminds/sprig/v3 v3.2.3
@@ -13,13 +15,10 @@ require (
 	github.com/gardener/landscaper/apis v0.0.0-00010101000000-000000000000
 	github.com/gardener/landscaper/controller-utils v0.0.0-00010101000000-000000000000
 	github.com/go-logr/logr v1.3.0
-	github.com/go-logr/logr v1.3.0
 	github.com/golang/mock v1.6.0
 	github.com/google/uuid v1.4.0
-	github.com/google/uuid v1.4.0
 	github.com/hashicorp/go-multierror v1.1.1
 	github.com/imdario/mergo v0.3.16
-	github.com/imdario/mergo v0.3.16
 	github.com/mandelsoft/filepath v0.0.0-20230412200429-36b1eb66bd27
 	github.com/mandelsoft/spiff v1.7.0-beta-5
 	github.com/mandelsoft/vfs v0.0.0-20230713123140-269aa4fb1338
@@ -31,33 +30,24 @@ require (
 	github.com/opencontainers/image-spec v1.1.0-rc5
 	github.com/pkg/errors v0.9.1
 	github.com/prometheus/client_golang v1.17.0
-	github.com/prometheus/client_golang v1.17.0
 	github.com/robfig/cron/v3 v3.0.1
 	github.com/spf13/cobra v1.8.0
-	github.com/spf13/cobra v1.8.0
 	github.com/spf13/pflag v1.0.5
 	github.com/xeipuuv/gojsonschema v1.2.0
 	golang.org/x/crypto v0.14.0
 	golang.org/x/lint v0.0.0-20210508222113-6edffad5e616
 	golang.org/x/oauth2 v0.13.0
 	golang.org/x/sync v0.5.0
-	golang.org/x/oauth2 v0.13.0
-	golang.org/x/sync v0.5.0
 	golang.org/x/sys v0.13.0
 	gopkg.in/yaml.v3 v3.0.1
 	helm.sh/helm/v3 v3.12.2
 	k8s.io/api v0.28.3
-	k8s.io/api v0.28.3
 	k8s.io/apiextensions-apiserver v0.27.2
 	k8s.io/apimachinery v0.28.3
 	k8s.io/client-go v0.28.3
 	k8s.io/utils v0.0.0-20230726121419-3b25d923346b
-	k8s.io/apimachinery v0.28.3
-	k8s.io/client-go v0.28.3
-	k8s.io/utils v0.0.0-20230726121419-3b25d923346b
 	sigs.k8s.io/controller-runtime v0.15.1
 	sigs.k8s.io/yaml v1.4.0
-	sigs.k8s.io/yaml v1.4.0
 )
 
 replace (
@@ -67,7 +57,6 @@ replace (
 )
 
 require (
-	cloud.google.com/go/compute v1.23.2 // indirect
 	cloud.google.com/go/compute v1.23.2 // indirect
 	cloud.google.com/go/compute/metadata v0.2.3 // indirect
 	filippo.io/edwards25519 v1.0.0 // indirect
@@ -75,11 +64,9 @@ require (
 	github.com/AliyunContainerService/ack-ram-tool/pkg/credentials/alibabacloudsdkgo/helper v0.2.0 // indirect
 	github.com/Azure/azure-sdk-for-go v68.0.0+incompatible // indirect
 	github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 // indirect
-	github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 // indirect
 	github.com/Azure/go-autorest v14.2.0+incompatible // indirect
 	github.com/Azure/go-autorest/autorest v0.11.29 // indirect
 	github.com/Azure/go-autorest/autorest/adal v0.9.23 // indirect
-	github.com/Azure/go-autorest/autorest/adal v0.9.23 // indirect
 	github.com/Azure/go-autorest/autorest/azure/auth v0.5.12 // indirect
 	github.com/Azure/go-autorest/autorest/azure/cli v0.4.6 // indirect
 	github.com/Azure/go-autorest/autorest/date v0.3.0 // indirect
@@ -94,20 +81,11 @@ require (
 	github.com/DataDog/go-tuf v1.0.2-0.5.2 // indirect
 	github.com/DataDog/gostackparse v0.7.0 // indirect
 	github.com/DataDog/sketches-go v1.4.3 // indirect
-	github.com/DataDog/appsec-internal-go v1.0.0 // indirect
-	github.com/DataDog/datadog-agent/pkg/obfuscate v0.48.1 // indirect
-	github.com/DataDog/datadog-agent/pkg/remoteconfig/state v0.48.1 // indirect
-	github.com/DataDog/datadog-go/v5 v5.3.0 // indirect
-	github.com/DataDog/go-libddwaf v1.5.0 // indirect
-	github.com/DataDog/go-tuf v1.0.2-0.5.2 // indirect
-	github.com/DataDog/gostackparse v0.7.0 // indirect
-	github.com/DataDog/sketches-go v1.4.3 // indirect
 	github.com/MakeNowJust/heredoc v1.0.0 // indirect
 	github.com/Masterminds/goutils v1.1.1 // indirect
 	github.com/Masterminds/semver/v3 v3.2.1 // indirect
 	github.com/Masterminds/squirrel v1.5.4 // indirect
 	github.com/Microsoft/go-winio v0.6.1 // indirect
-	github.com/ProtonMail/go-crypto v0.0.0-20230923063757-afb1ddc0824c // indirect
 	github.com/Microsoft/hcsshim v0.11.0 // indirect
 	github.com/ProtonMail/go-crypto v0.0.0-20230923063757-afb1ddc0824c // indirect
 	github.com/ThalesIgnite/crypto11 v1.2.5 // indirect
@@ -116,30 +94,18 @@ require (
 	github.com/alibabacloud-go/cr-20181201 v1.0.10 // indirect
 	github.com/alibabacloud-go/darabonba-openapi v0.2.1 // indirect
 	github.com/alibabacloud-go/debug v1.0.0 // indirect
-	github.com/alibabacloud-go/darabonba-openapi v0.2.1 // indirect
-	github.com/alibabacloud-go/debug v1.0.0 // indirect
 	github.com/alibabacloud-go/endpoint-util v1.1.1 // indirect
 	github.com/alibabacloud-go/openapi-util v0.1.0 // indirect
 	github.com/alibabacloud-go/tea v1.2.1 // indirect
 	github.com/alibabacloud-go/tea-utils v1.4.5 // indirect
 	github.com/alibabacloud-go/tea-xml v1.1.3 // indirect
 	github.com/aliyun/credentials-go v1.3.1 // indirect
-	github.com/alibabacloud-go/openapi-util v0.1.0 // indirect
-	github.com/alibabacloud-go/tea v1.2.1 // indirect
-	github.com/alibabacloud-go/tea-utils v1.4.5 // indirect
-	github.com/alibabacloud-go/tea-xml v1.1.3 // indirect
-	github.com/aliyun/credentials-go v1.3.1 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
 	github.com/aws/aws-sdk-go-v2 v1.21.2 // indirect
 	github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.4.13 // indirect
 	github.com/aws/aws-sdk-go-v2/config v1.19.1 // indirect
 	github.com/aws/aws-sdk-go-v2/credentials v1.13.43 // indirect
 	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.13 // indirect
-	github.com/aws/aws-sdk-go-v2 v1.21.2 // indirect
-	github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.4.13 // indirect
-	github.com/aws/aws-sdk-go-v2/config v1.19.1 // indirect
-	github.com/aws/aws-sdk-go-v2/credentials v1.13.43 // indirect
-	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.13 // indirect
 	github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.11.33 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.43 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.37 // indirect
@@ -157,36 +123,15 @@ require (
 	github.com/aws/aws-sdk-go-v2/service/sts v1.23.2 // indirect
 	github.com/aws/smithy-go v1.15.0 // indirect
 	github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20231024185945-8841054dbdb8 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.43 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.37 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/ini v1.3.45 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/v4a v1.1.4 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ecr v1.20.2 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.18.2 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.9.14 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.1.36 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.37 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.15.4 // indirect
-	github.com/aws/aws-sdk-go-v2/service/s3 v1.40.0 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sso v1.15.2 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.17.3 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sts v1.23.2 // indirect
-	github.com/aws/smithy-go v1.15.0 // indirect
-	github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20231024185945-8841054dbdb8 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/blang/semver v3.5.1+incompatible // indirect
 	github.com/buildkite/agent/v3 v3.58.0 // indirect
 	github.com/buildkite/interpolate v0.0.0-20200526001904-07f35b4ae251 // indirect
-	github.com/buildkite/agent/v3 v3.58.0 // indirect
-	github.com/buildkite/interpolate v0.0.0-20200526001904-07f35b4ae251 // indirect
 	github.com/cespare/xxhash/v2 v2.2.0 // indirect
 	github.com/chai2010/gettext-go v1.0.2 // indirect
 	github.com/chrismellard/docker-credential-acr-env v0.0.0-20230304212654-82a0ddb27589 // indirect
 	github.com/clbanning/mxj/v2 v2.7.0 // indirect
 	github.com/cloudflare/circl v1.3.5 // indirect
-	github.com/chrismellard/docker-credential-acr-env v0.0.0-20230304212654-82a0ddb27589 // indirect
-	github.com/clbanning/mxj/v2 v2.7.0 // indirect
-	github.com/cloudflare/circl v1.3.5 // indirect
 	github.com/common-nighthawk/go-figure v0.0.0-20210622060536-734e95fb86be // indirect
 	github.com/containerd/stargz-snapshotter/estargz v0.14.3 // indirect
 	github.com/containers/image/v5 v5.21.1 // indirect
@@ -195,17 +140,11 @@ require (
 	github.com/containers/storage v1.42.0 // indirect
 	github.com/coreos/go-oidc/v3 v3.7.0 // indirect
 	github.com/cyberphone/json-canonicalization v0.0.0-20231011164504-785e29786b46 // indirect
-	github.com/coreos/go-oidc/v3 v3.7.0 // indirect
-	github.com/cyberphone/json-canonicalization v0.0.0-20231011164504-785e29786b46 // indirect
 	github.com/cyphar/filepath-securejoin v0.2.4 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 	github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0 // indirect
 	github.com/digitorus/pkcs7 v0.0.0-20230818184609-3a137a874352 // indirect
 	github.com/digitorus/timestamp v0.0.0-20230902153158-687734543647 // indirect
-	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
-	github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0 // indirect
-	github.com/digitorus/pkcs7 v0.0.0-20230818184609-3a137a874352 // indirect
-	github.com/digitorus/timestamp v0.0.0-20230902153158-687734543647 // indirect
 	github.com/dimchansky/utfbom v1.1.1 // indirect
 	github.com/distribution/reference v0.5.0 // indirect
 	github.com/docker/distribution v2.8.3+incompatible // indirect
@@ -219,19 +158,13 @@ require (
 	github.com/dustin/go-humanize v1.0.1 // indirect
 	github.com/ebitengine/purego v0.5.0 // indirect
 	github.com/emicklei/go-restful/v3 v3.11.0 // indirect
-	github.com/dustin/go-humanize v1.0.1 // indirect
-	github.com/ebitengine/purego v0.5.0 // indirect
-	github.com/emicklei/go-restful/v3 v3.11.0 // indirect
 	github.com/evanphx/json-patch v5.6.0+incompatible // indirect
 	github.com/evanphx/json-patch/v5 v5.6.0 // indirect
 	github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f // indirect
 	github.com/fatih/color v1.15.0 // indirect
 	github.com/fsnotify/fsnotify v1.7.0 // indirect
-	github.com/fatih/color v1.15.0 // indirect
-	github.com/fsnotify/fsnotify v1.7.0 // indirect
 	github.com/fvbommel/sortorder v1.0.2 // indirect
 	github.com/gabriel-vasile/mimetype v1.4.3 // indirect
-	github.com/gabriel-vasile/mimetype v1.4.3 // indirect
 	github.com/ghodss/yaml v1.0.0 // indirect
 	github.com/go-chi/chi v4.1.2+incompatible // indirect
 	github.com/go-errors/errors v1.4.2 // indirect
@@ -242,8 +175,6 @@ require (
 	github.com/go-openapi/analysis v0.21.4 // indirect
 	github.com/go-openapi/errors v0.20.4 // indirect
 	github.com/go-openapi/jsonpointer v0.20.0 // indirect
-	github.com/go-openapi/errors v0.20.4 // indirect
-	github.com/go-openapi/jsonpointer v0.20.0 // indirect
 	github.com/go-openapi/jsonreference v0.20.2 // indirect
 	github.com/go-openapi/loads v0.21.2 // indirect
 	github.com/go-openapi/runtime v0.26.0 // indirect
@@ -254,12 +185,10 @@ require (
 	github.com/go-playground/locales v0.14.1 // indirect
 	github.com/go-playground/universal-translator v0.18.1 // indirect
 	github.com/go-playground/validator/v10 v10.15.5 // indirect
-	github.com/go-playground/validator/v10 v10.15.5 // indirect
 	github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect
 	github.com/go-test/deep v1.1.0 // indirect
 	github.com/gobwas/glob v0.2.3 // indirect
 	github.com/goccy/go-json v0.10.2 // indirect
-	github.com/goccy/go-json v0.10.2 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang-jwt/jwt/v4 v4.5.0 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
@@ -267,50 +196,36 @@ require (
 	github.com/golang/snappy v0.0.4 // indirect
 	github.com/google/btree v1.1.2 // indirect
 	github.com/google/certificate-transparency-go v1.1.7 // indirect
-	github.com/google/certificate-transparency-go v1.1.7 // indirect
 	github.com/google/gnostic v0.6.9 // indirect
 	github.com/google/gnostic-models v0.6.9-0.20230804172637-c7be7c783f49 // indirect
 	github.com/google/go-cmp v0.6.0 // indirect
 	github.com/google/go-containerregistry v0.16.1 // indirect
-	github.com/google/gnostic-models v0.6.9-0.20230804172637-c7be7c783f49 // indirect
-	github.com/google/go-cmp v0.6.0 // indirect
-	github.com/google/go-containerregistry v0.16.1 // indirect
 	github.com/google/go-github/v45 v45.2.0 // indirect
 	github.com/google/go-github/v55 v55.0.0 // indirect
-	github.com/google/go-github/v55 v55.0.0 // indirect
 	github.com/google/go-querystring v1.1.0 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
 	github.com/google/pprof v0.0.0-20231023181126-ff6d637d2a7b // indirect
 	github.com/google/s2a-go v0.1.7 // indirect
-	github.com/google/pprof v0.0.0-20231023181126-ff6d637d2a7b // indirect
-	github.com/google/s2a-go v0.1.7 // indirect
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
 	github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect
-	github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect
 	github.com/gorilla/mux v1.8.0 // indirect
 	github.com/gosuri/uitable v0.0.4 // indirect
 	github.com/gowebpki/jcs v1.0.1 // indirect
-	github.com/gowebpki/jcs v1.0.1 // indirect
 	github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
 	github.com/hashicorp/go-retryablehttp v0.7.4 // indirect
 	github.com/hashicorp/hcl v1.0.1-vault-5 // indirect
-	github.com/hashicorp/go-retryablehttp v0.7.4 // indirect
-	github.com/hashicorp/hcl v1.0.1-vault-5 // indirect
 	github.com/huandu/xstrings v1.4.0 // indirect
 	github.com/in-toto/in-toto-golang v0.9.0 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/jedisct1/go-minisign v0.0.0-20230811132847-661be99b8267 // indirect
-	github.com/jedisct1/go-minisign v0.0.0-20230811132847-661be99b8267 // indirect
 	github.com/jmespath/go-jmespath v0.4.0 // indirect
 	github.com/jmoiron/sqlx v1.3.5 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/klauspost/compress v1.17.2 // indirect
 	github.com/klauspost/pgzip v1.2.6 // indirect
-	github.com/klauspost/compress v1.17.2 // indirect
-	github.com/klauspost/pgzip v1.2.6 // indirect
 	github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 // indirect
 	github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 // indirect
 	github.com/leodido/go-urn v1.2.4 // indirect
@@ -321,13 +236,6 @@ require (
 	github.com/lestrrat-go/jwx/v2 v2.0.16 // indirect
 	github.com/lestrrat-go/option v1.0.1 // indirect
 	github.com/letsencrypt/boulder v0.0.0-20231026200631-000cd05d5491 // indirect
-	github.com/lestrrat-go/blackmagic v1.0.2 // indirect
-	github.com/lestrrat-go/httpcc v1.0.1 // indirect
-	github.com/lestrrat-go/httprc v1.0.4 // indirect
-	github.com/lestrrat-go/iter v1.0.2 // indirect
-	github.com/lestrrat-go/jwx/v2 v2.0.16 // indirect
-	github.com/lestrrat-go/option v1.0.1 // indirect
-	github.com/letsencrypt/boulder v0.0.0-20231026200631-000cd05d5491 // indirect
 	github.com/lib/pq v1.10.9 // indirect
 	github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect
 	github.com/magiconair/properties v1.8.7 // indirect
@@ -338,9 +246,6 @@ require (
 	github.com/mattn/go-isatty v0.0.20 // indirect
 	github.com/mattn/go-runewidth v0.0.15 // indirect
 	github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0 // indirect
-	github.com/mattn/go-isatty v0.0.20 // indirect
-	github.com/mattn/go-runewidth v0.0.15 // indirect
-	github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0 // indirect
 	github.com/miekg/pkcs11 v1.1.1 // indirect
 	github.com/mitchellh/copystructure v1.2.0 // indirect
 	github.com/mitchellh/go-homedir v1.1.0 // indirect
@@ -361,15 +266,12 @@ require (
 	github.com/nxadm/tail v1.4.8 // indirect
 	github.com/oklog/ulid v1.3.1 // indirect
 	github.com/oleiade/reflections v1.0.1 // indirect
-	github.com/oleiade/reflections v1.0.1 // indirect
 	github.com/opencontainers/distribution-spec v1.0.1 // indirect
 	github.com/opentracing/opentracing-go v1.2.0 // indirect
 	github.com/outcaste-io/ristretto v0.2.3 // indirect
-	github.com/outcaste-io/ristretto v0.2.3 // indirect
 	github.com/pborman/uuid v1.2.1 // indirect
 	github.com/pelletier/go-toml v1.9.5 // indirect
 	github.com/pelletier/go-toml/v2 v2.1.0 // indirect
-	github.com/pelletier/go-toml/v2 v2.1.0 // indirect
 	github.com/peterbourgon/diskv v2.0.1+incompatible // indirect
 	github.com/philhofer/fwd v1.1.2 // indirect
 	github.com/prometheus/client_model v0.5.0 // indirect
@@ -377,23 +279,13 @@ require (
 	github.com/prometheus/procfs v0.12.0 // indirect
 	github.com/puzpuzpuz/xsync/v2 v2.5.1 // indirect
 	github.com/rivo/uniseg v0.4.4 // indirect
-	github.com/philhofer/fwd v1.1.2 // indirect
-	github.com/prometheus/client_model v0.5.0 // indirect
-	github.com/prometheus/common v0.45.0 // indirect
-	github.com/prometheus/procfs v0.12.0 // indirect
-	github.com/puzpuzpuz/xsync/v2 v2.5.1 // indirect
-	github.com/rivo/uniseg v0.4.4 // indirect
 	github.com/rubenv/sql-migrate v1.3.1 // indirect
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
 	github.com/sagikazarmark/locafero v0.3.0 // indirect
 	github.com/sagikazarmark/slog-shim v0.1.0 // indirect
-	github.com/sagikazarmark/locafero v0.3.0 // indirect
-	github.com/sagikazarmark/slog-shim v0.1.0 // indirect
 	github.com/sassoftware/relic v7.2.1+incompatible // indirect
 	github.com/secure-systems-lab/go-securesystemslib v0.7.0 // indirect
 	github.com/segmentio/asm v1.2.0 // indirect
-	github.com/secure-systems-lab/go-securesystemslib v0.7.0 // indirect
-	github.com/segmentio/asm v1.2.0 // indirect
 	github.com/segmentio/ksuid v1.0.4 // indirect
 	github.com/shibumi/go-pathspec v1.3.0 // indirect
 	github.com/shopspring/decimal v1.3.1 // indirect
@@ -402,49 +294,33 @@ require (
 	github.com/sigstore/rekor v1.3.3 // indirect
 	github.com/sigstore/sigstore v1.7.5 // indirect
 	github.com/sigstore/timestamp-authority v1.2.0 // indirect
-	github.com/sigstore/cosign/v2 v2.2.1 // indirect
-	github.com/sigstore/fulcio v1.4.3 // indirect
-	github.com/sigstore/rekor v1.3.3 // indirect
-	github.com/sigstore/sigstore v1.7.5 // indirect
-	github.com/sigstore/timestamp-authority v1.2.0 // indirect
 	github.com/sirupsen/logrus v1.9.3 // indirect
 	github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966 // indirect
 	github.com/sourcegraph/conc v0.3.0 // indirect
 	github.com/spf13/afero v1.10.0 // indirect
-	github.com/sourcegraph/conc v0.3.0 // indirect
-	github.com/spf13/afero v1.10.0 // indirect
 	github.com/spf13/cast v1.5.1 // indirect
 	github.com/spf13/viper v1.17.0 // indirect
-	github.com/spf13/viper v1.17.0 // indirect
 	github.com/spiffe/go-spiffe/v2 v2.1.6 // indirect
 	github.com/subosito/gotenv v1.6.0 // indirect
-	github.com/subosito/gotenv v1.6.0 // indirect
 	github.com/syndtr/goleveldb v1.0.1-0.20220721030215-126854af5e6d // indirect
 	github.com/thales-e-security/pool v0.0.2 // indirect
 	github.com/theupdateframework/go-tuf v0.6.1 // indirect
-	github.com/theupdateframework/go-tuf v0.6.1 // indirect
 	github.com/theupdateframework/notary v0.7.0 // indirect
 	github.com/tinylib/msgp v1.1.8 // indirect
-	github.com/tinylib/msgp v1.1.8 // indirect
 	github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 // indirect
 	github.com/tjfoc/gmsm v1.4.1 // indirect
-	github.com/tjfoc/gmsm v1.4.1 // indirect
 	github.com/tonglil/buflogr v1.0.1 // indirect
 	github.com/transparency-dev/merkle v0.0.2 // indirect
 	github.com/ulikunitz/xz v0.5.11 // indirect
-	github.com/ulikunitz/xz v0.5.11 // indirect
 	github.com/valyala/bytebufferpool v1.0.0 // indirect
 	github.com/valyala/fasttemplate v1.2.2 // indirect
 	github.com/vbatts/tar-split v0.11.5 // indirect
 	github.com/xanzy/go-gitlab v0.93.2 // indirect
-	github.com/vbatts/tar-split v0.11.5 // indirect
-	github.com/xanzy/go-gitlab v0.93.2 // indirect
 	github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
 	github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
 	github.com/xlab/treeprint v1.1.0 // indirect
 	github.com/zeebo/errs v1.3.0 // indirect
 	go.mongodb.org/mongo-driver v1.12.1 // indirect
-	go.mongodb.org/mongo-driver v1.12.1 // indirect
 	go.opencensus.io v0.24.0 // indirect
 	go.opentelemetry.io/otel v1.21.0 // indirect
 	go.opentelemetry.io/otel/metric v1.21.0 // indirect
@@ -452,27 +328,18 @@ require (
 	go.starlark.net v0.0.0-20221028183056-acb66ad56dd2 // indirect
 	go.step.sm/crypto v0.36.1 // indirect
 	go.uber.org/atomic v1.11.0 // indirect
-	go.step.sm/crypto v0.36.1 // indirect
-	go.uber.org/atomic v1.11.0 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
 	go.uber.org/zap v1.26.0 // indirect
 	go4.org/intern v0.0.0-20230525184215-6c62f75575cb // indirect
 	go4.org/unsafe/assume-no-moving-gc v0.0.0-20230525183740-e7c30c78aeb2 // indirect
 	golang.org/x/exp v0.0.0-20231006140011-7918f672742d // indirect
 	golang.org/x/mod v0.13.0 // indirect
-	go.uber.org/zap v1.26.0 // indirect
-	go4.org/intern v0.0.0-20230525184215-6c62f75575cb // indirect
-	go4.org/unsafe/assume-no-moving-gc v0.0.0-20230525183740-e7c30c78aeb2 // indirect
-	golang.org/x/exp v0.0.0-20231006140011-7918f672742d // indirect
-	golang.org/x/mod v0.13.0 // indirect
 	golang.org/x/net v0.17.0 // indirect
 	golang.org/x/term v0.13.0 // indirect
 	golang.org/x/text v0.13.0 // indirect
 	golang.org/x/time v0.3.0 // indirect
 	golang.org/x/tools v0.14.0 // indirect
 	golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 // indirect
-	golang.org/x/tools v0.14.0 // indirect
-	golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 // indirect
 	gomodules.xyz/jsonpatch/v2 v2.3.0 // indirect
 	google.golang.org/api v0.149.0 // indirect
 	google.golang.org/appengine v1.6.8 // indirect
@@ -481,29 +348,19 @@ require (
 	google.golang.org/protobuf v1.31.0 // indirect
 	gopkg.in/DataDog/dd-trace-go.v1 v1.56.1 // indirect
 	gopkg.in/go-jose/go-jose.v2 v2.6.1 // indirect
-	google.golang.org/api v0.149.0 // indirect
-	google.golang.org/appengine v1.6.8 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20231016165738-49dd2c1f3d0b // indirect
-	google.golang.org/grpc v1.59.0 // indirect
-	google.golang.org/protobuf v1.31.0 // indirect
-	gopkg.in/DataDog/dd-trace-go.v1 v1.56.1 // indirect
-	gopkg.in/go-jose/go-jose.v2 v2.6.1 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/square/go-jose.v2 v2.6.0 // indirect
 	gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	inet.af/netaddr v0.0.0-20230525184311-b8eac61e914a // indirect
-	inet.af/netaddr v0.0.0-20230525184311-b8eac61e914a // indirect
 	k8s.io/apiserver v0.27.2 // indirect
 	k8s.io/cli-runtime v0.27.2 // indirect
 	k8s.io/component-base v0.27.2 // indirect
 	k8s.io/gengo v0.0.0-20230829151522-9cce18d56c01 // indirect
-	k8s.io/gengo v0.0.0-20230829151522-9cce18d56c01 // indirect
 	k8s.io/klog v1.0.0 // indirect
 	k8s.io/klog/v2 v2.100.1 // indirect
 	k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00 // indirect
-	k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00 // indirect
 	k8s.io/kubectl v0.27.2 // indirect
 	oras.land/oras-go v1.2.4 // indirect
 	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
diff --git a/go.sum b/go.sum
index fa3330583..d4e48b36a 100644
--- a/go.sum
+++ b/go.sum
@@ -37,7 +37,9 @@ cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7
 cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk=
 cloud.google.com/go/firestore v1.1.0/go.mod h1:ulACoGHTpvq5r8rxGJ4ddJZBZqakUQqClKRT5SZwBmk=
 cloud.google.com/go/iam v1.1.4 h1:K6n/GZHFTtEoKT5aUG3l9diPi0VduZNQ1PfdnpkkIFk=
+cloud.google.com/go/iam v1.1.4/go.mod h1:l/rg8l1AaA+VFMho/HYx2Vv6xinPSLMF8qfhRPIZ0L8=
 cloud.google.com/go/kms v1.15.4 h1:gEZzC54ZBI+aeW8/jg9tgz9KR4Aa+WEDPbdGIV3iJ7A=
+cloud.google.com/go/kms v1.15.4/go.mod h1:L3Sdj6QTHK8dfwK5D1JLsAyELsNMnd3tAIwGS4ltKpc=
 cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I=
 cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw=
 cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA=
@@ -53,19 +55,25 @@ filippo.io/edwards25519 v1.0.0 h1:0wAIcmJUqRdI8IJ/3eGi5/HwXZWPujYXXlkrQogz0Ek=
 filippo.io/edwards25519 v1.0.0/go.mod h1:N1IkdkCkiLB6tki+MYJoSx2JTY9NUlxZE7eHn5EwJns=
 github.com/14rcole/gopopulate v0.0.0-20180821133914-b175b219e774/go.mod h1:6/0dYRLLXyJjbkIPeeGyoJ/eKOSI0eU6eTlCBYibgd0=
 github.com/AdaLogics/go-fuzz-headers v0.0.0-20210715213245-6c3934b029d8/go.mod h1:CzsSbkDixRphAF5hS6wbMKq0eI6ccJRb7/A0M6JBnwg=
-github.com/AdaLogics/go-fuzz-headers v0.0.0-20230106234847-43070de90fa1 h1:EKPd1INOIyr5hWOWhvpmQpY6tKjeG0hT1s3AMC/9fic=
-github.com/AdaLogics/go-fuzz-headers v0.0.0-20230106234847-43070de90fa1/go.mod h1:VzwV+t+dZ9j/H867F1M2ziD+yLHtB46oM35FxxMJ4d0=
+github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 h1:bvDV9vkmnHYOMsOr4WLk+Vo07yKIzd94sVoIqshQ4bU=
+github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24/go.mod h1:8o94RPi1/7XTJvwPpRSzSUedZrtlirdB3r9Z20bi2f8=
 github.com/AdamKorcz/go-fuzz-headers-1 v0.0.0-20230618160516-e936619f9f18 h1:rd389Q26LMy03gG4anandGFC2LW/xvjga5GezeeaxQk=
+github.com/AdamKorcz/go-fuzz-headers-1 v0.0.0-20230618160516-e936619f9f18/go.mod h1:fgJuSBrJP5qZtKqaMJE0hmhS2tmRH+44IkfZvjtaf1M=
 github.com/AliyunContainerService/ack-ram-tool/pkg/credentials/alibabacloudsdkgo/helper v0.2.0 h1:8+4G8JaejP8Xa6W46PzJEwisNgBXMvFcz78N6zG/ARw=
 github.com/AliyunContainerService/ack-ram-tool/pkg/credentials/alibabacloudsdkgo/helper v0.2.0/go.mod h1:GgeIE+1be8Ivm7Sh4RgwI42aTtC9qrcj+Y9Y6CjJhJs=
 github.com/Azure/azure-sdk-for-go v16.2.1+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
 github.com/Azure/azure-sdk-for-go v68.0.0+incompatible h1:fcYLmCpyNYRnvJbPerq7U0hS+6+I79yEDJBqVNcqUzU=
 github.com/Azure/azure-sdk-for-go v68.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
 github.com/Azure/azure-sdk-for-go/sdk/azcore v1.8.0 h1:9kDVnTz3vbfweTqAUmk/a/pH5pWFCHtvRpHYC0G/dcA=
+github.com/Azure/azure-sdk-for-go/sdk/azcore v1.8.0/go.mod h1:3Ug6Qzto9anB6mGlEdgYMDF5zHQ+wwhEaYR4s17PHMw=
 github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.4.0 h1:BMAjVKJM0U/CYF27gA0ZMmXGkOcvfFtD0oHVZ1TIPRI=
+github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.4.0/go.mod h1:1fXstnBMas5kzG+S3q8UoJcmyU6nUeunJcMDHcRYHhs=
 github.com/Azure/azure-sdk-for-go/sdk/internal v1.4.0 h1:TuEMD+E+1aTjjLICGQOW6vLe8UWES7kopac9mUXL56Y=
+github.com/Azure/azure-sdk-for-go/sdk/internal v1.4.0/go.mod h1:s4kgfzA0covAXNicZHDMN58jExvcng2mC/DepXiF1EI=
 github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v1.0.1 h1:MyVTgWR8qd/Jw1Le0NZebGBUCLbtak3bJ3z1OlqZBpw=
+github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v1.0.1/go.mod h1:GpPjLhVR9dnUoJMyHWSPy71xY9/lcmpzIPZXmF0FCVY=
 github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.0.0 h1:D3occbWoio4EBLkbkevetNMAVX197GkzbUMtqjGWn80=
+github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.0.0/go.mod h1:bTSOgj05NGRuHHhQwAdPnYr9TOdNmKlZTgGLL6nyAdI=
 github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8=
 github.com/Azure/go-ansiterm v0.0.0-20210608223527-2377c96fe795/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8=
 github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E=
@@ -103,6 +111,7 @@ github.com/Azure/go-autorest/logger v0.2.1/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZ
 github.com/Azure/go-autorest/tracing v0.6.0 h1:TYi4+3m5t6K48TGI9AUdb+IzbnSxvnvUMfuitfgcfuo=
 github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU=
 github.com/AzureAD/microsoft-authentication-library-for-go v1.2.0 h1:hVeq+yCyUi+MsoO/CU95yqCIcdzra5ovzk8Q2BBpV2M=
+github.com/AzureAD/microsoft-authentication-library-for-go v1.2.0/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/BurntSushi/toml v1.1.0/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
 github.com/BurntSushi/toml v1.2.0/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
@@ -110,6 +119,7 @@ github.com/BurntSushi/toml v1.2.1 h1:9F2/+DoOYIOksmaJFPw1tGFy1eDnIJXg+UHjuD8lTak
 github.com/BurntSushi/toml v1.2.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
 github.com/DATA-DOG/go-sqlmock v1.5.0 h1:Shsta01QNfFxHCfpW6YH2STWB0MudeXXEWMr20OEh60=
+github.com/DATA-DOG/go-sqlmock v1.5.0/go.mod h1:f/Ixk793poVmq4qj/V1dPUg2JEAKC73Q5eFN3EC/SaM=
 github.com/DataDog/appsec-internal-go v1.0.0 h1:2u5IkF4DBj3KVeQn5Vg2vjPUtt513zxEYglcqnd500U=
 github.com/DataDog/appsec-internal-go v1.0.0/go.mod h1:+Y+4klVWKPOnZx6XESG7QHydOaUGEXyH2j/vSg9JiNM=
 github.com/DataDog/datadog-agent/pkg/obfuscate v0.48.1 h1:uS2NzlwpCs+ZBHE9MLK1tGgxJOe2fVbwwjEEu34Kll4=
@@ -194,6 +204,7 @@ github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRF
 github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
 github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho=
 github.com/alessio/shellescape v1.4.1 h1:V7yhSDDn8LP4lc4jS8pFkt0zCnzVJlG5JXy9BVKJUX0=
+github.com/alessio/shellescape v1.4.1/go.mod h1:PZAiSCk0LJaZkiCSkPv8qIobYglO3FPpyFjDCtHLS30=
 github.com/alexflint/go-filemutex v0.0.0-20171022225611-72bdc8eae2ae/go.mod h1:CgnQgUtFrFz9mxFNtED3jI5tLDjKlOM+oUF/sTk6ps0=
 github.com/alexflint/go-filemutex v1.1.0/go.mod h1:7P4iRhttt/nUvUOrYIhcpMzv2G6CY9UnI16Z+UJqRyk=
 github.com/alibabacloud-go/alibabacloud-gateway-spi v0.0.2/go.mod h1:sCavSAvdzOjul4cEqeVtvlSaSScfNsTQ+46HwlTL1hc=
@@ -245,12 +256,14 @@ github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmV
 github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
 github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
 github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio=
+github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
 github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY=
 github.com/asaskevich/govalidator v0.0.0-20200907205600-7a23bdc65eef/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
 github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so=
 github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
 github.com/aws/aws-sdk-go v1.15.11/go.mod h1:mFuSZ37Z9YOHbQEwBWztmVzqXrEkub65tZoCYDt7FT0=
 github.com/aws/aws-sdk-go v1.47.0 h1:/JUg9V1+xh+qBn8A6ec/l15ETPaMaBqxkjz+gg63dNk=
+github.com/aws/aws-sdk-go v1.47.0/go.mod h1:DlEaEbWKZmsITVbqlSVvekPARM1HzeV9PMYg15ymSDA=
 github.com/aws/aws-sdk-go-v2 v1.16.16/go.mod h1:SwiyXi/1zTUZ6KIAmLK5V5ll8SiURNUYOqTerZPaF9k=
 github.com/aws/aws-sdk-go-v2 v1.21.0/go.mod h1:/RfNgGmRxI+iFOB1OeJUyxiU+9s88k3pfHvDagGEp0M=
 github.com/aws/aws-sdk-go-v2 v1.21.2 h1:+LXZ0sgo8quN9UOKXXzAWRT3FWd4NxeXWOZom9pE7GA=
@@ -301,6 +314,7 @@ github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.13.17/go.mod h1:YqMdV+
 github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.15.4 h1:v0jkRigbSD6uOdwcaUQmgEwG1BkPfAPDqaeNt/29ghg=
 github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.15.4/go.mod h1:LhTyt8J04LL+9cIt7pYJ5lbS/U98ZmXovLOR/4LUsk8=
 github.com/aws/aws-sdk-go-v2/service/kms v1.24.7 h1:uRGw0UKo5hc7M2T7uGsK/Yg2qwecq/dnVjQbbq9RCzY=
+github.com/aws/aws-sdk-go-v2/service/kms v1.24.7/go.mod h1:z3O9CXfVrKAV3c9fMWOUUv2C6N2ggXCDHeXpOB6lAEk=
 github.com/aws/aws-sdk-go-v2/service/s3 v1.27.11/go.mod h1:fmgDANqTUCxciViKl9hb/zD5LFbvPINFRgWhDbR+vZo=
 github.com/aws/aws-sdk-go-v2/service/s3 v1.40.0 h1:wl5dxN1NONhTDQD9uaEvNsDRX29cBmGED/nl0jkWlt4=
 github.com/aws/aws-sdk-go-v2/service/s3 v1.40.0/go.mod h1:rDGMZA7f4pbmTtPOk5v5UM2lmX6UAbRnMDJeDvnH7AM=
@@ -340,6 +354,7 @@ github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnweb
 github.com/bmizerany/assert v0.0.0-20160611221934-b7ed37b82869/go.mod h1:Ekp36dRnpXw/yCqJaO+ZrUyxD+3VXMFFr56k5XYrpB4=
 github.com/bshuster-repo/logrus-logstash-hook v0.4.1/go.mod h1:zsTqEiSzDgAa/8GZR7E1qaXrhYNDKBYy5/dWPTIflbk=
 github.com/bshuster-repo/logrus-logstash-hook v1.0.0 h1:e+C0SB5R1pu//O4MQ3f9cFuPGoOVeF2fE4Og9otCc70=
+github.com/bshuster-repo/logrus-logstash-hook v1.0.0/go.mod h1:zsTqEiSzDgAa/8GZR7E1qaXrhYNDKBYy5/dWPTIflbk=
 github.com/buger/jsonparser v0.0.0-20180808090653-f4dd9f5a6b44/go.mod h1:bbYlZJ7hK1yFx9hf58LP0zeX7UjIGs20ufpu3evjr+s=
 github.com/buger/jsonparser v1.1.1/go.mod h1:6RYKKt7H4d4+iWqouImQ9R2FZql3VbhNgx27UK13J/0=
 github.com/bugsnag/bugsnag-go v0.0.0-20141110184014-b1d153021fcd/go.mod h1:2oa8nejYd4cQ/b0hMIopN0lCRxU0bueqREvZLWFrtK8=
@@ -355,6 +370,7 @@ github.com/buildkite/interpolate v0.0.0-20200526001904-07f35b4ae251 h1:k6UDF1uPY
 github.com/buildkite/interpolate v0.0.0-20200526001904-07f35b4ae251/go.mod h1:gbPR1gPu9dB96mucYIR7T3B7p/78hRVSOuzIWLHK2Y4=
 github.com/bwesterb/go-ristretto v1.2.3/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0=
 github.com/cenkalti/backoff/v3 v3.2.2 h1:cfUAAO3yvKMYKPrvhDuHSwQnhZNk/RMHKdZqKTxfm6M=
+github.com/cenkalti/backoff/v3 v3.2.2/go.mod h1:cIeZDE3IrqwwJl6VUwCN6trj1oXrTS4rc0ij+ULvLYs=
 github.com/cenkalti/backoff/v4 v4.1.1/go.mod h1:scbssz8iZGpm3xbr14ovlUdkxfGXNInqkPWOWmG2CLw=
 github.com/cenkalti/backoff/v4 v4.1.2/go.mod h1:scbssz8iZGpm3xbr14ovlUdkxfGXNInqkPWOWmG2CLw=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
@@ -391,6 +407,7 @@ github.com/cloudflare/circl v1.3.3/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUK
 github.com/cloudflare/circl v1.3.5 h1:g+wWynZqVALYAlpSQFAa7TscDnUK8mKYtrxMpw6AUKo=
 github.com/cloudflare/circl v1.3.5/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUKZrLbUZFA=
 github.com/cloudfoundry-incubator/candiedyaml v0.0.0-20170901234223-a41693b7b7af h1:6Cpkahw28+gcBdnXQL7LcMTX488+6jl6hfoTMRT6Hm4=
+github.com/cloudfoundry-incubator/candiedyaml v0.0.0-20170901234223-a41693b7b7af/go.mod h1:dOLSIXcRQJiDS1vlrYFNJicoHNZLsBKideE+70hGdV4=
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
 github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
 github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
@@ -404,6 +421,7 @@ github.com/cockroachdb/datadriven v0.0.0-20200714090401-bf6692d28da5/go.mod h1:h
 github.com/cockroachdb/errors v1.2.4/go.mod h1:rQD95gz6FARkaKkQXUksEje/d9a6wBJoCr5oaCLELYA=
 github.com/cockroachdb/logtags v0.0.0-20190617123548-eb05cc24525f/go.mod h1:i/u985jwjWRlyHXQbwatDASoW0RMlZ/3i9yJHE2xLkI=
 github.com/codahale/rfc6979 v0.0.0-20141003034818-6a90f24967eb h1:EDmT6Q9Zs+SbUoc7Ik9EfrFqcylYqgPZ9ANSbTAntnE=
+github.com/codahale/rfc6979 v0.0.0-20141003034818-6a90f24967eb/go.mod h1:ZjrT6AXHbDs86ZSdt/osfBi5qfexBrKUdONk989Wnk4=
 github.com/common-nighthawk/go-figure v0.0.0-20210622060536-734e95fb86be h1:J5BL2kskAlV9ckgEsNQXscjIaLiOYiZ75d4e94E6dcQ=
 github.com/common-nighthawk/go-figure v0.0.0-20210622060536-734e95fb86be/go.mod h1:mk5IQ+Y0ZeO87b858TlA645sVcEcbiX6YqP98kt+7+w=
 github.com/containerd/aufs v0.0.0-20200908144142-dab0cbea06f4/go.mod h1:nukgQABAEopAHvB6j7cnP5zJ+/3aVcE7hCYqvIwAHyE=
@@ -422,6 +440,7 @@ github.com/containerd/cgroups v0.0.0-20210114181951-8a68de567b68/go.mod h1:ZJeTF
 github.com/containerd/cgroups v1.0.1/go.mod h1:0SJrPIenamHDcZhEcJMNBB85rHcUsw4f25ZfBiPYRkU=
 github.com/containerd/cgroups v1.0.3/go.mod h1:/ofk34relqNjSGyqPrmEULrO4Sc8LJhvJmWbUCUKqj8=
 github.com/containerd/cgroups v1.1.0 h1:v8rEWFl6EoqHB+swVNjVoCJE8o3jX7e8nqBGPLaDFBM=
+github.com/containerd/cgroups v1.1.0/go.mod h1:6ppBcbh/NOOUU+dMKrykgaBnK9lCIBxHqJDGwsa1mIw=
 github.com/containerd/console v0.0.0-20180822173158-c12b1e7919c1/go.mod h1:Tj/on1eG8kiEhd0+fhSDzsPAFESxzBBvdyEgyryXffw=
 github.com/containerd/console v0.0.0-20181022165439-0650fd9eeb50/go.mod h1:Tj/on1eG8kiEhd0+fhSDzsPAFESxzBBvdyEgyryXffw=
 github.com/containerd/console v0.0.0-20191206165004-02ecf6a7291e/go.mod h1:8Pf4gM6VEbTNRIT26AyyU7hxdQU3MvAvxVI0sc00XBE=
@@ -456,6 +475,7 @@ github.com/containerd/continuity v0.0.0-20210208174643-50096c924a4e/go.mod h1:EX
 github.com/containerd/continuity v0.1.0/go.mod h1:ICJu0PwR54nI0yPEnJ6jcS+J7CZAUXrLh8lPo2knzsM=
 github.com/containerd/continuity v0.2.2/go.mod h1:pWygW9u7LtS1o4N/Tn0FoCFDIXZ7rxcMX7HX1Dmibvk=
 github.com/containerd/continuity v0.4.2 h1:v3y/4Yz5jwnvqPKJJ+7Wf93fyWoCB3F5EclWG023MDM=
+github.com/containerd/continuity v0.4.2/go.mod h1:F6PTNCKepoxEaXLQp3wDAjygEnImnZ/7o4JzpodfroQ=
 github.com/containerd/fifo v0.0.0-20180307165137-3d5202aec260/go.mod h1:ODA38xgv3Kuk8dQz2ZQXpnv/UZZUHUCL7pnLehbXgQI=
 github.com/containerd/fifo v0.0.0-20190226154929-a9fb20d87448/go.mod h1:ODA38xgv3Kuk8dQz2ZQXpnv/UZZUHUCL7pnLehbXgQI=
 github.com/containerd/fifo v0.0.0-20200410184934-f15a3290365b/go.mod h1:jPQ2IAeZRCYxpS/Cm1495vGFww6ecHmMk1YJH2Q5ln0=
@@ -547,6 +567,7 @@ github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7Do
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/creack/pty v1.1.11/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/creack/pty v1.1.20 h1:VIPb/a2s17qNeQgDnkfZC35RScx+blkKF8GV68n80J4=
+github.com/creack/pty v1.1.20/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4=
 github.com/cyberphone/json-canonicalization v0.0.0-20231011164504-785e29786b46 h1:2Dx4IHfC1yHWI12AxQDJM1QbRCDfk6M+blLzlZCXdrc=
 github.com/cyberphone/json-canonicalization v0.0.0-20231011164504-785e29786b46/go.mod h1:uzvlm1mxhHkdfqitSA92i7Se+S9ksOn3a3qmv/kyOCw=
 github.com/cyphar/filepath-securejoin v0.2.2/go.mod h1:FpkQEhXnPnOthhzymB7CGsFk2G9VLXONKD9G7QGMM+4=
@@ -559,6 +580,7 @@ github.com/d2g/dhcp4server v0.0.0-20181031114812-7d4a0a7f59a5/go.mod h1:Eo87+Kg/
 github.com/d2g/hardwareaddr v0.0.0-20190221164911-e7d9fbe030e4/go.mod h1:bMl4RjIciD2oAxI7DmWRx6gbeqrkoLqv3MV0vzNad+I=
 github.com/danieljoos/wincred v1.1.0/go.mod h1:XYlo+eRTsVA9aHGp7NGjFkPla4m+DCL7hqDjlFjiygg=
 github.com/danieljoos/wincred v1.2.0 h1:ozqKHaLK0W/ii4KVbbvluM91W2H3Sh0BncbUNPS7jLE=
+github.com/danieljoos/wincred v1.2.0/go.mod h1:FzQLLMKBFdvu+osBrnFODiv32YGwCfx0SkRa/eYHgec=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
@@ -570,6 +592,7 @@ github.com/denisenkom/go-mssqldb v0.0.0-20191128021309-1d7a30a10f73/go.mod h1:xb
 github.com/denisenkom/go-mssqldb v0.9.0/go.mod h1:xbL0rPBG9cCiLr28tMa8zpbdarY27NDyej4t/EjAShU=
 github.com/denverdino/aliyungo v0.0.0-20190125010748-a747050bb1ba/go.mod h1:dV8lFg6daOBZbT6/BDGIz6Y3WFGn8juu6G+CQ6LHtl0=
 github.com/depcheck-test/depcheck-test v0.0.0-20220607135614-199033aaa936 h1:foGzavPWwtoyBvjWyKJYDYsyzy+23iBV7NKTwdk+LRY=
+github.com/depcheck-test/depcheck-test v0.0.0-20220607135614-199033aaa936/go.mod h1:ttKPnOepYt4LLzD+loXQ1rT6EmpyIYHro7TAJuIIlHo=
 github.com/dgrijalva/jwt-go v0.0.0-20170104182250-a601269ab70c/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
 github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
 github.com/dgryski/go-farm v0.0.0-20190423205320-6a90982ecee2 h1:tdlZCpZ/P9DhczCTSixgIKmwPv6+wP5DGjqLYw5SUiA=
@@ -583,6 +606,7 @@ github.com/digitorus/timestamp v0.0.0-20230902153158-687734543647/go.mod h1:GvWn
 github.com/dimchansky/utfbom v1.1.1 h1:vV6w1AhK4VMnhBno/TPVCoK9U/LP0PkLCS9tbxHdi/U=
 github.com/dimchansky/utfbom v1.1.1/go.mod h1:SxdoEBH5qIqFocHMyGOXVAybYJdr71b1Q/j0mACtrfE=
 github.com/distribution/distribution/v3 v3.0.0-20221208165359-362910506bc2 h1:aBfCb7iqHmDEIp6fBvC/hQUddQfg+3qdYjwzaiP9Hnc=
+github.com/distribution/distribution/v3 v3.0.0-20221208165359-362910506bc2/go.mod h1:WHNsWjnIn2V1LYOrME7e8KxSeKunYHsxEm4am0BUtcI=
 github.com/distribution/reference v0.5.0 h1:/FUIFXtfc/x2gpa5/VGfiGLuOIdYa1t65IKK2OFGvA0=
 github.com/distribution/reference v0.5.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E=
 github.com/dnaeon/go-vcr v1.0.1/go.mod h1:aBB1+wY4s93YsC3HHjMBMrwTj2R9FHDzUr9KyGc8n1E=
@@ -662,14 +686,18 @@ github.com/fatih/color v1.15.0 h1:kOqh6YHBtK8aywxGerMG2Eq3H6Qgoqeo13Bk2Mv/nBs=
 github.com/fatih/color v1.15.0/go.mod h1:0h5ZqXfHYED7Bhv2ZJamyIOUej9KtShiJESRwBDUSsw=
 github.com/felixge/httpsnoop v1.0.1/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
 github.com/felixge/httpsnoop v1.0.3 h1:s/nj+GCswXYzN5v2DpNMuMQYe+0DDwt5WVCU6CWBdXk=
+github.com/felixge/httpsnoop v1.0.3/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
 github.com/flowstack/go-jsonschema v0.1.1/go.mod h1:yL7fNggx1o8rm9RlgXv7hTBWxdBM0rVwpMwimd3F3N0=
 github.com/fluxcd/pkg/ssa v0.24.1 h1:0dn5FqyYdGa+VuDp5EJrkLbPq5xhhSAAkMgGUeMpOM0=
+github.com/fluxcd/pkg/ssa v0.24.1/go.mod h1:nEOUOwGotBlNZkTkO6GHPlI0U0BmHTavFd1Jk+TzsGw=
 github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k=
 github.com/form3tech-oss/jwt-go v3.2.3+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k=
 github.com/foxcpp/go-mockdns v1.0.0 h1:7jBqxd3WDWwi/6WhDvacvH1XsN3rOLXyHM1uhvIx6FI=
+github.com/foxcpp/go-mockdns v1.0.0/go.mod h1:lgRN6+KxQBawyIghpnl5CezHFGS9VLzvtVlwxvzXTQ4=
 github.com/frankban/quicktest v1.11.3/go.mod h1:wRf/ReqHper53s+kmmSZizM8NamnL3IM0I9ntUbOk+k=
 github.com/frankban/quicktest v1.14.3/go.mod h1:mgiwOwqx65TmIk1wJ6Q7wvnVMocbUorkibMOrVTHZps=
 github.com/frankban/quicktest v1.14.4 h1:g2rn0vABPOOXmZUj+vbmUp0lPoXEMuhTpIluN0XL9UY=
+github.com/frankban/quicktest v1.14.4/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0=
 github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
 github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
 github.com/fsnotify/fsnotify v1.5.4/go.mod h1:OVB6XrOHzAwXMpEM7uPOzcehqUV2UqJxmVXmkdnm1bU=
@@ -689,6 +717,7 @@ github.com/gardener/image-vector v0.10.0 h1:Ysg3hxfiGUG/doajiZ0nQuUaJYwfO5BZCOci
 github.com/gardener/image-vector v0.10.0/go.mod h1:32SHGcbmmueeK9VkawsFcEbsoENXQPIuuYiFBUP+vMQ=
 github.com/garyburd/redigo v0.0.0-20150301180006-535138d7bcd7/go.mod h1:NR3MbYisc3/PwhQ00EMzDiPmrwpPxAn5GI05/YaO1SY=
 github.com/gertd/go-pluralize v0.2.1 h1:M3uASbVjMnTsPb0PNqg+E/24Vwigyo/tvyMTtAlLgiA=
+github.com/gertd/go-pluralize v0.2.1/go.mod h1:rbYaKDbsXxmRfr8uygAEKhOWsjyrrqrkHVpZvoOp8zk=
 github.com/getsentry/raven-go v0.2.0/go.mod h1:KungGk8q33+aIAZUIVWZDr2OfAEBsO49PX4NzFV5kcQ=
 github.com/ghodss/yaml v0.0.0-20150909031657-73d445a93680/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
 github.com/ghodss/yaml v1.0.0 h1:wQHKEahhL6wmXdzwWG11gIVCkOv05bNOh+Rxn0yngAk=
@@ -777,6 +806,7 @@ github.com/go-openapi/swag v0.22.4/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+
 github.com/go-openapi/validate v0.22.1 h1:G+c2ub6q47kfX1sOBLwIQwzBVt8qmOAARyo/9Fqs9NU=
 github.com/go-openapi/validate v0.22.1/go.mod h1:rjnrwK57VJ7A8xqfpAOEKRH8yQSGUriMu5/zuPSQ1hg=
 github.com/go-playground/assert/v2 v2.2.0 h1:JvknZsQTYeFEAhQwI4qEt9cyV5ONwRHC+lYKSsYSR8s=
+github.com/go-playground/assert/v2 v2.2.0/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4=
 github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/oXslEjJA=
 github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY=
 github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY=
@@ -784,9 +814,11 @@ github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91
 github.com/go-playground/validator/v10 v10.15.5 h1:LEBecTWb/1j5TNY1YYG2RcOUN3R7NLylN+x8TTueE24=
 github.com/go-playground/validator/v10 v10.15.5/go.mod h1:9iXMNT7sEkjXb0I+enO7QXmzG6QCsPWY4zveKFVRSyU=
 github.com/go-rod/rod v0.114.4 h1:FpkNFukjCuZLwnoLs+S9aCL95o/EMec6M+41UmvQay8=
+github.com/go-rod/rod v0.114.4/go.mod h1:aiedSEFg5DwG/fnNbUOTPMTTWX3MRj6vIs/a684Mthw=
 github.com/go-sql-driver/mysql v1.3.0/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w=
 github.com/go-sql-driver/mysql v1.6.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=
 github.com/go-sql-driver/mysql v1.7.1 h1:lUIinVbN1DY0xBg0eMOzmmtGoHwWBbvnWubQUrtU8EI=
+github.com/go-sql-driver/mysql v1.7.1/go.mod h1:OXbVy3sEdcQ2Doequ6Z5BW6fXNQTmx+9S1MCJN5yJMI=
 github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
 github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE=
 github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI=
@@ -835,6 +867,7 @@ github.com/godbus/dbus/v5 v5.0.3/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5x
 github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
 github.com/godbus/dbus/v5 v5.0.6/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
 github.com/godbus/dbus/v5 v5.1.0 h1:4KLkAxT3aOY8Li4FRJe/KvhoNFFxo0m6fNuFUO8QJUk=
+github.com/godbus/dbus/v5 v5.1.0/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
 github.com/godror/godror v0.24.2/go.mod h1:wZv/9vPiUib6tkoDl+AZ/QLf5YZgMravZ7jxH2eQWAE=
 github.com/gogo/googleapis v1.2.0/go.mod h1:Njal3psf3qN6dwBtQfUmBZh2ybovJ0tlu3o/AC7HYjU=
 github.com/gogo/googleapis v1.4.0/go.mod h1:5YRNX2z1oM5gXdAkurHa942MDgEJyk02w4OecKY87+c=
@@ -851,6 +884,7 @@ github.com/golang-jwt/jwt/v4 v4.2.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzw
 github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg=
 github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
 github.com/golang-jwt/jwt/v5 v5.0.0 h1:1n1XNM9hk7O9mnQoNBGolZvzebBQ7p93ULHRc28XJUE=
+github.com/golang-jwt/jwt/v5 v5.0.0/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
 github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe/go.mod h1:8vg3r2VgvsThLBIFL93Qb5yWzgyZWhEmBwUJWevAkK0=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
 github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
@@ -894,6 +928,7 @@ github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEW
 github.com/golang/snappy v0.0.4 h1:yAGX7huGHXlcLOEtBnF4w7FQwA26wojNCwOYAEhLjQM=
 github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
 github.com/gomodule/redigo v1.8.9 h1:Sl3u+2BI/kk+VEatbj0scLdrFhjPmbxOc1myhDP41ws=
+github.com/gomodule/redigo v1.8.9/go.mod h1:7ArFNvsTjH8GMMzB4uy1snslv2BwmginuMs06a1uzZE=
 github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
 github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
 github.com/google/btree v1.0.1/go.mod h1:xXMiIv4Fb/0kKde4SpL7qlzvu5cMJDRkFDxJfI9uaxA=
@@ -961,7 +996,9 @@ github.com/google/s2a-go v0.1.7/go.mod h1:50CgR4k1jNlWBu4UfS4AcfhVe1r6pdZPygJ3R8
 github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4=
 github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ=
 github.com/google/tink/go v1.7.0 h1:6Eox8zONGebBFcCBqkVmt60LaWZa6xg1cl/DwAh/J1w=
+github.com/google/tink/go v1.7.0/go.mod h1:GAUOd+QE3pgj9q8VKIGTCP33c/B7eb4NhxLcgTJZStM=
 github.com/google/trillian v1.5.3 h1:3ioA5p09qz+U9/t2riklZtaQdZclaStp0/eQNfewNRg=
+github.com/google/trillian v1.5.3/go.mod h1:p4tcg7eBr7aT6DxrAoILpc3uXNfcuAvZSnQKonVg+Eo=
 github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
@@ -974,12 +1011,14 @@ github.com/googleapis/enterprise-certificate-proxy v0.3.2/go.mod h1:VLSiSSBs/ksP
 github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
 github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
 github.com/googleapis/gax-go/v2 v2.12.0 h1:A+gCJKdRfqXkr+BIRGtZLibNXf0m1f9E4HG56etFpas=
+github.com/googleapis/gax-go/v2 v2.12.0/go.mod h1:y+aIqrI5eb1YGMVJfuV3185Ts/D7qKpsEkdD5+I6QGU=
 github.com/googleapis/gnostic v0.4.1/go.mod h1:LRhVm6pbyptWbWbuZ38d1eyptfvIytN3ir6b65WBswg=
 github.com/googleapis/google-cloud-go-testing v0.0.0-20200911160855-bcd43fbb19e8/go.mod h1:dvDLG8qkwmyD9a/MJJN3XJcT3xFxOKAvTZGvuZmac9g=
 github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
 github.com/gopherjs/gopherjs v0.0.0-20200217142428-fce0ec30dd00/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
 github.com/gorilla/handlers v0.0.0-20150720190736-60c7bfde3e33/go.mod h1:Qkdc/uu4tH4g6mTK6auzZ766c4CA0Ng8+o/OAirnOIQ=
 github.com/gorilla/handlers v1.5.1 h1:9lRY6j8DEeeBT10CvO9hGW0gmky0BprnvDI5vfhUHH4=
+github.com/gorilla/handlers v1.5.1/go.mod h1:t8XrUpc4KVXb7HGyJ4/cEnwQiaxrX/hz1Zv/4g96P1Q=
 github.com/gorilla/mux v1.7.0/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs=
 github.com/gorilla/mux v1.7.2/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs=
 github.com/gorilla/mux v1.7.3/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs=
@@ -1016,6 +1055,7 @@ github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9n
 github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48=
 github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ=
 github.com/hashicorp/go-hclog v1.5.0 h1:bI2ocEMgcVlz55Oj1xZNBsVi900c7II+fWDyV9o+13c=
+github.com/hashicorp/go-hclog v1.5.0/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M=
 github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60=
 github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM=
 github.com/hashicorp/go-multierror v0.0.0-20161216184304-ed905158d874/go.mod h1:JMRHfdO9jKNzS/+BTlxCjKNQHg/jZAft8U7LloJvN7I=
@@ -1026,10 +1066,14 @@ github.com/hashicorp/go-retryablehttp v0.7.4 h1:ZQgVdpTdAL7WpMIwLzCfbalOcSUdkDZn
 github.com/hashicorp/go-retryablehttp v0.7.4/go.mod h1:Jy/gPYAdjqffZ/yFGCFV2doI5wjtH1ewM9u8iYVjtX8=
 github.com/hashicorp/go-rootcerts v1.0.0/go.mod h1:K6zTfqpRlCUIjkwsN4Z+hiSfzSTQa6eBIzfwKfwNnHU=
 github.com/hashicorp/go-rootcerts v1.0.2 h1:jzhAVGtqPKbwpyCPELlgNWhE1znq+qwJtW5Oi2viEzc=
+github.com/hashicorp/go-rootcerts v1.0.2/go.mod h1:pqUvnprVnM5bf7AOirdbb01K4ccR319Vf4pU3K5EGc8=
 github.com/hashicorp/go-secure-stdlib/parseutil v0.1.7 h1:UpiO20jno/eV1eVZcxqWnUohyKRe1g8FPV/xH1s/2qs=
+github.com/hashicorp/go-secure-stdlib/parseutil v0.1.7/go.mod h1:QmrqtbKuxxSWTN3ETMPuB+VtEiBJ/A9XhoYGv8E1uD8=
 github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 h1:kes8mmyCpxJsI7FTwtzRqEy9CdjCtrXrXGuOpxEA7Ts=
+github.com/hashicorp/go-secure-stdlib/strutil v0.1.2/go.mod h1:Gou2R9+il93BqX25LAKCLuM+y9U2T4hlwvT1yprcna4=
 github.com/hashicorp/go-sockaddr v1.0.0/go.mod h1:7Xibr9yA9JjQq1JpNB2Vw7kxv8xerXegt+ozgdvDeDU=
 github.com/hashicorp/go-sockaddr v1.0.5 h1:dvk7TIXCZpmfOlM+9mlcrWmWjw/wlKT+VDq2wMvfPJU=
+github.com/hashicorp/go-sockaddr v1.0.5/go.mod h1:uoUUmtwU7n9Dv3O4SNLeFvg0SxQ3lyjsj6+CCykpaxI=
 github.com/hashicorp/go-syslog v1.0.0/go.mod h1:qPfqrKkXGihmCqbJM2mZgkZGvKG1dFdvsLplgctolz4=
 github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
 github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
@@ -1037,6 +1081,7 @@ github.com/hashicorp/go.net v0.0.1/go.mod h1:hjKkEWcCURg++eb33jQU7oqQcI9XDCnUzHA
 github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
 github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
 github.com/hashicorp/golang-lru v1.0.2 h1:dV3g9Z/unq5DpblPpw+Oqcv4dU/1omnb4Ok8iPY6p1c=
+github.com/hashicorp/golang-lru v1.0.2/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4=
 github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
 github.com/hashicorp/hcl v1.0.1-vault-5 h1:kI3hhbbyzr4dldA8UdTb7ZlVVlI2DACdCfz31RPDgJM=
 github.com/hashicorp/hcl v1.0.1-vault-5/go.mod h1:XYhtn6ijBSAj6n4YqAaf7RBPS4I06AItNorpy+MoQNM=
@@ -1045,7 +1090,9 @@ github.com/hashicorp/mdns v1.0.0/go.mod h1:tL+uN++7HEJ6SQLQ2/p+z2pH24WQKWjBPkE0m
 github.com/hashicorp/memberlist v0.1.3/go.mod h1:ajVTdAv/9Im8oMAAj5G31PhhMCZJV2pPBoIllUwCN7I=
 github.com/hashicorp/serf v0.8.2/go.mod h1:6hOLApaqBFA1NXqRQAsxw9QxuDEvNxSQRwA/JwenrHc=
 github.com/hashicorp/vault/api v1.10.0 h1:/US7sIjWN6Imp4o/Rj1Ce2Nr5bki/AXi9vAW3p2tOJQ=
+github.com/hashicorp/vault/api v1.10.0/go.mod h1:jo5Y/ET+hNyz+JnKDt8XLAdKs+AM0G5W0Vp1IrFI8N8=
 github.com/howeyc/gopass v0.0.0-20210920133722-c8aef6fb66ef h1:A9HsByNhogrvm9cWb28sjiS3i7tcKCkflWFEkHfuAgM=
+github.com/howeyc/gopass v0.0.0-20210920133722-c8aef6fb66ef/go.mod h1:lADxMC39cJJqL93Duh1xhAs4I2Zs8mKS89XWXFGp9cs=
 github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
 github.com/huandu/xstrings v1.3.1/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
 github.com/huandu/xstrings v1.3.2/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
@@ -1073,11 +1120,14 @@ github.com/j-keck/arping v1.0.2/go.mod h1:aJbELhR92bSk7tp79AWM/ftfc90EfEi2bQJrbB
 github.com/jedisct1/go-minisign v0.0.0-20230811132847-661be99b8267 h1:TMtDYDHKYY15rFihtRfck/bfFqNfvcabqvXAFQfAUpY=
 github.com/jedisct1/go-minisign v0.0.0-20230811132847-661be99b8267/go.mod h1:h1nSAbGFqGVzn6Jyl1R/iCcBUHN4g+gW1u9CoBTrb9E=
 github.com/jellydator/ttlcache/v3 v3.1.0 h1:0gPFG0IHHP6xyUyXq+JaD8fwkDCqgqwohXNJBcYE71g=
+github.com/jellydator/ttlcache/v3 v3.1.0/go.mod h1:hi7MGFdMAwZna5n2tuvh63DvFLzVKySzCVW6+0gA2n4=
 github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI=
 github.com/jinzhu/gorm v0.0.0-20170222002820-5409931a1bb8/go.mod h1:Vla75njaFJ8clLU1W44h34PjIkijhjHIYnZxMqCdxqo=
 github.com/jinzhu/gorm v1.9.16 h1:+IyIjPEABKRpsu/F8OvDPy9fyQlgsg2luMV2ZIH5i5o=
+github.com/jinzhu/gorm v1.9.16/go.mod h1:G3LB3wezTOWM2ITLzPxEXgSkOXAntiLHS7UdBefADcs=
 github.com/jinzhu/inflection v0.0.0-20170102125226-1c35d901db3d/go.mod h1:h+uFLlag+Qp1Va5pdKtLDYj+kHp5pxUVkryuEj+Srlc=
 github.com/jinzhu/inflection v1.0.0 h1:K317FqzuhWc8YvSVlFMCCUb36O/S9MCKRDI7QkRKD/E=
+github.com/jinzhu/inflection v1.0.0/go.mod h1:h+uFLlag+Qp1Va5pdKtLDYj+kHp5pxUVkryuEj+Srlc=
 github.com/jinzhu/now v1.1.1/go.mod h1:d3SSVoowX0Lcu0IBviAWJpolVfI5UJVZZ7cO71lE/z8=
 github.com/jmespath/go-jmespath v0.0.0-20160202185014-0b12d6b521d8/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k=
 github.com/jmespath/go-jmespath v0.0.0-20160803190731-bd40a432e4c7/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k=
@@ -1086,6 +1136,7 @@ github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHW
 github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8=
 github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U=
 github.com/jmhodges/clock v1.2.0 h1:eq4kys+NI0PLngzaHEe7AmPT90XMGIEySD1JfV1PDIs=
+github.com/jmhodges/clock v1.2.0/go.mod h1:qKjhA7x7u/lQpPB1XAqX1b1lCI/w3/fNuYpI/ZjLynI=
 github.com/jmoiron/sqlx v1.3.5 h1:vFFPA71p1o5gAeqtEAwLU4dnX2napprKtHr7PYIcN3g=
 github.com/jmoiron/sqlx v1.3.5/go.mod h1:nRVWtLre0KfCLJvgxzCsLVMogSvQ1zNJtpYr2Ccp0mQ=
 github.com/joefitzgerald/rainbow-reporter v0.1.0/go.mod h1:481CNgqmVHQZzdIbN52CupLJyoVwB10FQ/IQlF1pdL8=
@@ -1147,6 +1198,7 @@ github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
 github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc=
+github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw=
 github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 h1:SOEGU9fKiNWd/HOJuq6+3iTQz8KNCLtVX6idSoTLdUw=
 github.com/lann/builder v0.0.0-20180802200727-47ae307949d0/go.mod h1:dXGbAdH5GtBTC4WfIxhKZfyBF/HBFgRZSWwZ9g/He9o=
 github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 h1:P6pPBnrTSX3DEVR4fDembhRWSsG5rVo6hYhAB/ADZrk=
@@ -1237,6 +1289,7 @@ github.com/mattn/go-sqlite3 v1.6.0/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOq
 github.com/mattn/go-sqlite3 v1.14.6/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU=
 github.com/mattn/go-sqlite3 v1.14.15/go.mod h1:2eHXhiwb8IkHr+BDWZGa96P6+rkvnG63S2DGjv9HUNg=
 github.com/mattn/go-sqlite3 v1.14.17 h1:mCRHCLDUBXgpKAqIKsaAaAsrAlbkeomtRFKXh2L6YIM=
+github.com/mattn/go-sqlite3 v1.14.17/go.mod h1:2eHXhiwb8IkHr+BDWZGa96P6+rkvnG63S2DGjv9HUNg=
 github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
 github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4=
 github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0 h1:jWpvCLoY8Z/e3VKvlsiIGKtc+UG6U5vzxaoagmhXfyg=
@@ -1244,6 +1297,7 @@ github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0/go.mod h1:QUyp042oQth
 github.com/maxbrunsfeld/counterfeiter/v6 v6.2.2/go.mod h1:eD9eIE7cdwcMi9rYluz88Jz2VyhSmden33/aXg4oVIY=
 github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg=
 github.com/miekg/dns v1.1.55 h1:GoQ4hpsj0nFLYe+bWiCToyrBEJXkQfOOIvFGFy0lEgo=
+github.com/miekg/dns v1.1.55/go.mod h1:uInx36IzPl7FYnDcMeVWxj9byh7DutNykX4G9Sj60FY=
 github.com/miekg/pkcs11 v1.0.2/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs=
 github.com/miekg/pkcs11 v1.0.3-0.20190429190417-a667d056470f/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs=
 github.com/miekg/pkcs11 v1.0.3/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs=
@@ -1419,9 +1473,11 @@ github.com/pelletier/go-toml/v2 v2.1.0/go.mod h1:tJU2Z3ZkXwnxa4DPO899bsyIoywizdU
 github.com/peterbourgon/diskv v2.0.1+incompatible h1:UBdAOUP5p4RWqPBg048CAvpKN+vxiaj6gdUUzhl4XmI=
 github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU=
 github.com/phayes/freeport v0.0.0-20220201140144-74d24b5ae9f5 h1:Ii+DKncOVM8Cu1Hc+ETb5K+23HdAMvESYE3ZJ5b5cMI=
+github.com/phayes/freeport v0.0.0-20220201140144-74d24b5ae9f5/go.mod h1:iIss55rKnNBTvrwdmkUpLnDpZoAHvWaiq5+iMmen4AE=
 github.com/philhofer/fwd v1.1.2 h1:bnDivRJ1EWPjUIRXV5KfORO897HTbpFAQddBdE8t7Gw=
 github.com/philhofer/fwd v1.1.2/go.mod h1:qkPdfjR2SIEbspLqpe1tO4n5yICnr2DY7mqEx2tUTP0=
 github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8 h1:KoWmjvw+nsYOo29YJK9vDA65RGE3NrOnUtO7a+RF9HU=
+github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8/go.mod h1:HKlIX3XHQyzLZPlr7++PzdhaXEj94dEiJgZDTsxEqUI=
 github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA=
 github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.8.1-0.20171018195549-f15c970de5b7/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
@@ -1432,6 +1488,7 @@ github.com/pkg/sftp v1.10.1/go.mod h1:lYOWFsE0bwd1+KfKJaKeuokY15vzFx25BLbzYYoAxZ
 github.com/pkg/sftp v1.13.1/go.mod h1:3HaPG6Dq1ILlpPZRO0HVMrsydcdLt6HRDccSgb87qRg=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
+github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI=
 github.com/posener/complete v1.2.3/go.mod h1:WZIdtGGp+qx0sLrYKtIRAruyNpv6hFCicSgv7Sy7s/s=
 github.com/poy/onpar v0.0.0-20200406201722-06f95a1c68e8/go.mod h1:nSbFQvMj97ZyhFRSJYtut+msi4sOY6zJDGCdSc+/rZU=
@@ -1484,6 +1541,7 @@ github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40T
 github.com/puzpuzpuz/xsync/v2 v2.5.1 h1:mVGYAvzDSu52+zaGyNjC+24Xw2bQi3kTr4QJ6N9pIIU=
 github.com/puzpuzpuz/xsync/v2 v2.5.1/go.mod h1:gD2H2krq/w52MfPLE+Uy64TzJDVY7lP2znR9qmR35kU=
 github.com/richardartoul/molecule v1.0.1-0.20221107223329-32cfee06a052 h1:Qp27Idfgi6ACvFQat5+VJvlYToylpM/hcyLBI3WaKPA=
+github.com/richardartoul/molecule v1.0.1-0.20221107223329-32cfee06a052/go.mod h1:uvX/8buq8uVeiZiFht+0lqSLBHF+uGV8BrTv8W/SIwk=
 github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
 github.com/rivo/uniseg v0.4.4 h1:8TfxU8dW6PdqD27gjM8MVNuicgxIjxpm4K7x4jp8sis=
 github.com/rivo/uniseg v0.4.4/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=
@@ -1498,6 +1556,7 @@ github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTE
 github.com/rogpeppe/go-internal v1.8.0/go.mod h1:WmiCO8CzOY8rg0OYDC4/i/2WRWAB6poM+XZ2dLUbcbE=
 github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs=
 github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ=
+github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog=
 github.com/rubenv/sql-migrate v1.3.1 h1:Vx+n4Du8X8VTYuXbhNxdEUoh6wiJERA0GlWocR5FrbA=
 github.com/rubenv/sql-migrate v1.3.1/go.mod h1:YzG/Vh82CwyhTFXy+Mf5ahAiiEOpAlHurg+23VEzcsk=
 github.com/russross/blackfriday v1.6.0/go.mod h1:ti0ldHuxg49ri4ksnFxlkCfN+hvslNlmVHqNRXXJNAY=
@@ -1506,6 +1565,7 @@ github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
 github.com/ryanuber/go-glob v1.0.0 h1:iQh3xXAumdQ+4Ufa5b25cRpC5TYKlno6hsv6Cb3pkBk=
+github.com/ryanuber/go-glob v1.0.0/go.mod h1:807d1WSdnB0XRJzKNil9Om6lcp/3a0v4qIHxIXzX/Yc=
 github.com/safchain/ethtool v0.0.0-20190326074333-42ed695e3de8/go.mod h1:Z0q5wiBQGYcxhMZ6gUqHn6pYNLypFAvaL3UvgZLR0U4=
 github.com/safchain/ethtool v0.0.0-20210803160452-9aa261dae9b1/go.mod h1:Z0q5wiBQGYcxhMZ6gUqHn6pYNLypFAvaL3UvgZLR0U4=
 github.com/sagikazarmark/locafero v0.3.0 h1:zT7VEGWC2DTflmccN/5T1etyKvxSxpHsjb9cJvm4SvQ=
@@ -1515,6 +1575,7 @@ github.com/sagikazarmark/slog-shim v0.1.0/go.mod h1:SrcSrq8aKtyuqEI1uvTDTK1arOWR
 github.com/sassoftware/relic v7.2.1+incompatible h1:Pwyh1F3I0r4clFJXkSI8bOyJINGqpgjJU3DYAZeI05A=
 github.com/sassoftware/relic v7.2.1+incompatible/go.mod h1:CWfAxv73/iLZ17rbyhIEq3K9hs5w6FpNMdUT//qR+zk=
 github.com/sassoftware/relic/v7 v7.6.1 h1:O5s8ewCgq5QYNpv45dK4u6IpBmDM9RIcsbf/G1uXepQ=
+github.com/sassoftware/relic/v7 v7.6.1/go.mod h1:NxwtWxWxlUa9as2qZi635Ye6bBT/tGnMALLq7dSfOOU=
 github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0=
 github.com/sclevine/agouti v3.0.0+incompatible/go.mod h1:b4WX9W9L1sfQKXeJf1mUTLZKJ48R1S7H23Ji7oFO5Bw=
 github.com/sclevine/spec v1.2.0/go.mod h1:W4J29eT/Kzv7/b9IWLB055Z+qvVC9vt0Arko24q7p+U=
@@ -1532,6 +1593,7 @@ github.com/segmentio/ksuid v1.0.4/go.mod h1:/XUiZBD3kVx5SmUOl55voK5yeAbBNNIed+2O
 github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo=
 github.com/sergi/go-diff v1.2.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM=
 github.com/sergi/go-diff v1.3.1 h1:xkr+Oxo4BOQKmkn/B9eMK0g5Kg/983T9DqqPHwYqD+8=
+github.com/sergi/go-diff v1.3.1/go.mod h1:aMJSSKb2lpPvRNec0+w3fl7LP9IOFzdc9Pa4NFbPK1I=
 github.com/shibumi/go-pathspec v1.3.0 h1:QUyMZhFo0Md5B8zV8x2tesohbb5kfbpTi9rBnKh5dkI=
 github.com/shibumi/go-pathspec v1.3.0/go.mod h1:Xutfslp817l2I1cZvgcfeMQJG5QnU2lh5tVaaMCl3jE=
 github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o=
@@ -1547,9 +1609,13 @@ github.com/sigstore/rekor v1.3.3/go.mod h1:GO3udo2Xiu3/Uz4/U3vgjVq7w5Yq7eSpAFP1z
 github.com/sigstore/sigstore v1.7.5 h1:ij55dBhLwjICmLTBJZm7SqoQLdsu/oowDanACcJNs48=
 github.com/sigstore/sigstore v1.7.5/go.mod h1:9OCmYWhzuq/G4e1cy9m297tuMRJ1LExyrXY3ZC3Zt/s=
 github.com/sigstore/sigstore/pkg/signature/kms/aws v1.7.5 h1:ilufPp36exfpivctI3ElU4ZTckP3eVu6RxYebBb6u+M=
+github.com/sigstore/sigstore/pkg/signature/kms/aws v1.7.5/go.mod h1:121n8nBnuXbcI6K0hIBo/0EMYiyXqGVzbIYd0rV0ZWw=
 github.com/sigstore/sigstore/pkg/signature/kms/azure v1.7.5 h1:gLdNJJo+xMf7+IeFRlyA/Pjavndo9rivmf5ioYeuPmM=
+github.com/sigstore/sigstore/pkg/signature/kms/azure v1.7.5/go.mod h1:9nJQA5YgWsXrwjrVoVaO8JfTI/TpPF+oAkpkNKZu6lo=
 github.com/sigstore/sigstore/pkg/signature/kms/gcp v1.7.5 h1:Ku3MD55VXR7+uezCS4LOY0+y2EZFlGCGFyzl+ZSoPyo=
+github.com/sigstore/sigstore/pkg/signature/kms/gcp v1.7.5/go.mod h1:FsNzxmFGATZS5ynkJLLXm9g2zHD0Xw23iJs7lM/asPo=
 github.com/sigstore/sigstore/pkg/signature/kms/hashivault v1.7.5 h1:yWNBuL52Je3ukUGry1qwg00ujJF2UFWShzXFIAtmxZU=
+github.com/sigstore/sigstore/pkg/signature/kms/hashivault v1.7.5/go.mod h1:EI9vDWVGG8fQU9aFMY7Bd204xJiqmXcDMSkFifCf16Q=
 github.com/sigstore/timestamp-authority v1.2.0 h1:Ffk10QsHxu6aLwySQ7WuaoWkD63QkmcKtozlEFot/VI=
 github.com/sigstore/timestamp-authority v1.2.0/go.mod h1:ojKaftH78Ovfow9DzuNl5WgTCEYSa4m5622UkKDHRXc=
 github.com/sirupsen/logrus v1.0.4-0.20170822132746-89742aefa4b2/go.mod h1:pMByvHTf9Beacp5x1UXfOR9xyW/9antXMhjMPG0dEzc=
@@ -1567,6 +1633,7 @@ github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVs
 github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966 h1:JIAuq3EEf9cgbU6AtGPK4CTG3Zf6CKMNqf0MHTggAUA=
 github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966/go.mod h1:sUM3LWHvSMaG192sy56D9F7CNvL7jUJVXoqM1QKLnog=
 github.com/smallstep/assert v0.0.0-20200723003110-82e2b9b3b262 h1:unQFBIznI+VYD1/1fApl1A+9VcBk+9dcqGfnePY87LY=
+github.com/smallstep/assert v0.0.0-20200723003110-82e2b9b3b262/go.mod h1:MyOHs9Po2fbM1LHej6sBUT8ozbxmMOFG+E+rx/GSGuc=
 github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
 github.com/smartystreets/assertions v1.1.0/go.mod h1:tcbTF8ujkAEcZ8TElKY+i30BzYlVhC/LOxJk7iOWnoo=
 github.com/smartystreets/goconvey v0.0.0-20190330032615-68dc04aab96a/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
@@ -1577,6 +1644,7 @@ github.com/sourcegraph/conc v0.3.0 h1:OQTbbt6P72L20UqAkXXuLOj79LfEanQ+YQFNpLA9yS
 github.com/sourcegraph/conc v0.3.0/go.mod h1:Sdozi7LEKbFPqYX2/J+iBAM6HpqSLTASQIKqDmF7Mt0=
 github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
 github.com/spaolacci/murmur3 v1.1.0 h1:7c1g84S4BPRrfL5Xrdp6fOJ206sU9y293DDHaoy0bLI=
+github.com/spaolacci/murmur3 v1.1.0/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
 github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ=
 github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk=
 github.com/spf13/afero v1.6.0/go.mod h1:Ai8FlHk4v/PARR026UzYexafAt9roJ7LcLMAmO6Z93I=
@@ -1625,6 +1693,7 @@ github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoH
 github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
 github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
 github.com/stretchr/objx v0.5.1 h1:4VhoImhV/Bm0ToFkXFi8hXNXwpDRZ/ynw3amt82mzq0=
+github.com/stretchr/objx v0.5.1/go.mod h1:/iHQpkQwBD6DLUmQ4pE+s1TXdob1mORJ4/UFdrifcy0=
 github.com/stretchr/testify v0.0.0-20180303142811-b89eecf5ca5d/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
@@ -1722,10 +1791,15 @@ github.com/xlab/treeprint v1.1.0/go.mod h1:gj5Gd3gPdKtR1ikdDK6fnFLdmIS0X30kTTuNd
 github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q=
 github.com/youmark/pkcs8 v0.0.0-20181117223130-1be2e3e5546d/go.mod h1:rHwXgn7JulP+udvsHwJoVG1YGAP6VLg4y9I5dyZdqmA=
 github.com/ysmood/fetchup v0.2.3 h1:ulX+SonA0Vma5zUFXtv52Kzip/xe7aj4vqT5AJwQ+ZQ=
+github.com/ysmood/fetchup v0.2.3/go.mod h1:xhibcRKziSvol0H1/pj33dnKrYyI2ebIvz5cOOkYGns=
 github.com/ysmood/goob v0.4.0 h1:HsxXhyLBeGzWXnqVKtmT9qM7EuVs/XOgkX7T6r1o1AQ=
+github.com/ysmood/goob v0.4.0/go.mod h1:u6yx7ZhS4Exf2MwciFr6nIM8knHQIE22lFpWHnfql18=
 github.com/ysmood/got v0.34.1 h1:IrV2uWLs45VXNvZqhJ6g2nIhY+pgIG1CUoOcqfXFl1s=
+github.com/ysmood/got v0.34.1/go.mod h1:yddyjq/PmAf08RMLSwDjPyCvHvYed+WjHnQxpH851LM=
 github.com/ysmood/gson v0.7.3 h1:QFkWbTH8MxyUTKPkVWAENJhxqdBa4lYTQWqZCiLG6kE=
+github.com/ysmood/gson v0.7.3/go.mod h1:3Kzs5zDl21g5F/BlLTNcuAGAYLKt2lV5G8D1zF3RNmg=
 github.com/ysmood/leakless v0.8.0 h1:BzLrVoiwxikpgEQR0Lk8NyBN5Cit2b1z+u0mgL4ZJak=
+github.com/ysmood/leakless v0.8.0/go.mod h1:R8iAXPRaG97QJwqxs74RdwzcRHT1SWCGTNqY8q0JvMQ=
 github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.1.30/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
@@ -1741,6 +1815,7 @@ github.com/yvasiyarov/gorelic v0.0.0-20141212073537-a9bba5b9ab50/go.mod h1:NUSPS
 github.com/yvasiyarov/newrelic_platform_go v0.0.0-20140908184405-b21fdbd4370f h1:ERexzlUfuTvpE74urLSbIQW0Z/6hF9t8U4NsJLaioAY=
 github.com/yvasiyarov/newrelic_platform_go v0.0.0-20140908184405-b21fdbd4370f/go.mod h1:GlGEuHIJweS1mbCqG+7vt2nvWLzLLnRHbXz5JKd/Qbg=
 github.com/zalando/go-keyring v0.2.2 h1:f0xmpYiSrHtSNAVgwip93Cg8tuF45HJM6rHq/A5RI/4=
+github.com/zalando/go-keyring v0.2.2/go.mod h1:sI3evg9Wvpw3+n4SqplGSJUMwtDeROfD4nsFz4z9PG0=
 github.com/zeebo/errs v1.3.0 h1:hmiaKqgYZzcVgRL1Vkc1Mn2914BbzB0IBxs+ebeutGs=
 github.com/zeebo/errs v1.3.0/go.mod h1:sgbWHsvVuTPHcqJJGQ1WhI5KbWlHYz+2+2C/LSEtCw4=
 go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
@@ -1776,26 +1851,27 @@ go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.2
 go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.20.0/go.mod h1:2AboqHi0CiIZU0qwhtUfCYD1GeUzvvIXWNkhDt7ZMG4=
 go.opentelemetry.io/otel v0.20.0/go.mod h1:Y3ugLH2oa81t5QO+Lty+zXf8zC9L26ax4Nzoxm/dooo=
 go.opentelemetry.io/otel v1.3.0/go.mod h1:PWIKzi6JCp7sM0k9yZ43VX+T345uNbAkDKwHVjb2PTs=
-go.opentelemetry.io/otel v1.19.0 h1:MuS/TNf4/j4IXsZuJegVzI1cwut7Qc00344rgH7p8bs=
-go.opentelemetry.io/otel v1.19.0/go.mod h1:i0QyjOq3UPoTzff0PJB2N66fb4S0+rSbSB15/oyH9fY=
+go.opentelemetry.io/otel v1.21.0 h1:hzLeKBZEL7Okw2mGzZ0cc4k/A7Fta0uoPgaJCr8fsFc=
+go.opentelemetry.io/otel v1.21.0/go.mod h1:QZzNPQPm1zLX4gZK4cMi+71eaorMSGT3A4znnUvNNEo=
 go.opentelemetry.io/otel/exporters/otlp v0.20.0/go.mod h1:YIieizyaN77rtLJra0buKiNBOm9XQfkPEKBeuhoMwAM=
 go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.3.0/go.mod h1:VpP4/RMn8bv8gNo9uK7/IMY4mtWLELsS+JIP0inH0h4=
 go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.3.0/go.mod h1:hO1KLR7jcKaDDKDkvI9dP/FIhpmna5lkqPUQdEjFAM8=
 go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.3.0/go.mod h1:keUU7UfnwWTWpJ+FWnyqmogPa82nuU5VUANFq49hlMY=
 go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.3.0/go.mod h1:QNX1aly8ehqqX1LEa6YniTU7VY9I6R3X/oPxhGdTceE=
 go.opentelemetry.io/otel/metric v0.20.0/go.mod h1:598I5tYlH1vzBjn+BTuhzTCSb/9debfNp6R3s7Pr1eU=
-go.opentelemetry.io/otel/metric v1.19.0 h1:aTzpGtV0ar9wlV4Sna9sdJyII5jTVJEvKETPiOKwvpE=
-go.opentelemetry.io/otel/metric v1.19.0/go.mod h1:L5rUsV9kM1IxCj1MmSdS+JQAcVm319EUrDVLrt7jqt8=
+go.opentelemetry.io/otel/metric v1.21.0 h1:tlYWfeo+Bocx5kLEloTjbcDwBuELRrIFxwdQ36PlJu4=
+go.opentelemetry.io/otel/metric v1.21.0/go.mod h1:o1p3CA8nNHW8j5yuQLdc1eeqEaPfzug24uvsyIEJRWM=
 go.opentelemetry.io/otel/oteltest v0.20.0/go.mod h1:L7bgKf9ZB7qCwT9Up7i9/pn0PWIa9FqQ2IQ8LoxiGnw=
 go.opentelemetry.io/otel/sdk v0.20.0/go.mod h1:g/IcepuwNsoiX5Byy2nNV0ySUF1em498m7hBWC279Yc=
 go.opentelemetry.io/otel/sdk v1.3.0/go.mod h1:rIo4suHNhQwBIPg9axF8V9CA72Wz2mKF1teNrup8yzs=
 go.opentelemetry.io/otel/sdk v1.19.0 h1:6USY6zH+L8uMH8L3t1enZPR3WFEmSTADlqldyHtJi3o=
+go.opentelemetry.io/otel/sdk v1.19.0/go.mod h1:NedEbbS4w3C6zElbLdPJKOpJQOrGUJ+GfzpjUvI0v1A=
 go.opentelemetry.io/otel/sdk/export/metric v0.20.0/go.mod h1:h7RBNMsDJ5pmI1zExLi+bJK+Dr8NQCh0qGhm1KDnNlE=
 go.opentelemetry.io/otel/sdk/metric v0.20.0/go.mod h1:knxiS8Xd4E/N+ZqKmUPf3gTTZ4/0TjTXukfxjzSTpHE=
 go.opentelemetry.io/otel/trace v0.20.0/go.mod h1:6GjCW8zgDjwGHGa6GkyeB8+/5vjT16gUEi0Nf1iBdgw=
 go.opentelemetry.io/otel/trace v1.3.0/go.mod h1:c/VDhno8888bvQYmbYLqe41/Ldmr/KKunbvWM4/fEjk=
-go.opentelemetry.io/otel/trace v1.19.0 h1:DFVQmlVbfVeOuBRrwdtaehRrWiL1JoVs9CPIQ1Dzxpg=
-go.opentelemetry.io/otel/trace v1.19.0/go.mod h1:mfaSyvGyEJEI0nyV2I4qhNQnbBOUUmYZpYojqMnX2vo=
+go.opentelemetry.io/otel/trace v1.21.0 h1:WD9i5gzvoUPuXIXH24ZNBudiarZDKuekPqi/E8fpfLc=
+go.opentelemetry.io/otel/trace v1.21.0/go.mod h1:LGbsEB0f9LGjN+OZaQQ26sohbOmiMR+BaslueVtS/qQ=
 go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI=
 go.opentelemetry.io/proto/otlp v0.11.0/go.mod h1:QpEjXPrNQzrFDZgoTo49dgHR9RYRSrg3NAKnUGl9YpQ=
 go.starlark.net v0.0.0-20221028183056-acb66ad56dd2 h1:5/KzhcSqd4UgY51l17r7C5g/JiE6DRw1Vq7VJfQHuMc=
@@ -1812,6 +1888,7 @@ go.uber.org/goleak v1.1.10/go.mod h1:8a7PlsEVH3e/a/GLqe5IIrQx6GzcnRmZEufDUTk4A7A
 go.uber.org/goleak v1.1.11/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ=
 go.uber.org/goleak v1.1.12/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ=
 go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
+go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
 go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0=
 go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU=
 go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
@@ -2362,7 +2439,9 @@ google.golang.org/genproto v0.0.0-20211208223120-3a66f561d7aa/go.mod h1:5CzLGKJ6
 google.golang.org/genproto v0.0.0-20220107163113-42d7afdf6368/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
 google.golang.org/genproto v0.0.0-20220304144024-325a89244dc8/go.mod h1:kGP+zUP2Ddo0ayMi4YuN7C3WZyJvGLZRh8Z5wnAqvEI=
 google.golang.org/genproto v0.0.0-20231016165738-49dd2c1f3d0b h1:+YaDE2r2OG8t/z5qmsh7Y+XXwCbvadxxZ0YY6mTdrVA=
+google.golang.org/genproto v0.0.0-20231016165738-49dd2c1f3d0b/go.mod h1:CgAqfJo+Xmu0GwA0411Ht3OU3OntXwsGmrmjI8ioGXI=
 google.golang.org/genproto/googleapis/api v0.0.0-20231016165738-49dd2c1f3d0b h1:CIC2YMXmIhYw6evmhPxBKJ4fmLbOFtXQN/GV3XOZR8k=
+google.golang.org/genproto/googleapis/api v0.0.0-20231016165738-49dd2c1f3d0b/go.mod h1:IBQ646DjkDkvUIsVq/cc03FUFQ9wbZu7yE396YcL870=
 google.golang.org/genproto/googleapis/rpc v0.0.0-20231016165738-49dd2c1f3d0b h1:ZlWIi1wSK56/8hn4QcBp/j9M7Gt3U/3hZw3mC7vDICo=
 google.golang.org/genproto/googleapis/rpc v0.0.0-20231016165738-49dd2c1f3d0b/go.mod h1:swOH3j0KzcDDgGUWr+SNpyTen5YrXjS3eyPzFYKc6lc=
 google.golang.org/grpc v0.0.0-20160317175043-d3ddb4469d5a/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw=
@@ -2473,6 +2552,7 @@ gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81
 gotest.tools/v3 v3.0.2/go.mod h1:3SzNCllyD9/Y+b5r9JIKQ474KzkZyqLqEfYqMsX94Bk=
 gotest.tools/v3 v3.0.3/go.mod h1:Z7Lb0S5l+klDB31fvDQX8ss/FlKDxtlFlw3Oa8Ymbl8=
 gotest.tools/v3 v3.5.1 h1:EENdUnS3pdur5nybKYIh2Vfgc8IUNBjxDPSjtiJcOzU=
+gotest.tools/v3 v3.5.1/go.mod h1:isy3WKz7GK6uNw/sbHzfKBLvlvXwUyV06n6brMxxopU=
 helm.sh/helm/v3 v3.12.2 h1:kFyDBr/mgJUlyGzVTCieG4wW0zmo7fcNRWK0+FKkxqU=
 helm.sh/helm/v3 v3.12.2/go.mod h1:v1PMayudIfZAvec3Wp4wAErensvK/rv5fu/xCiE6t3I=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
@@ -2563,8 +2643,8 @@ k8s.io/utils v0.0.0-20210819203725-bdf08cb9a70a/go.mod h1:jPW/WVKK9YHAvNhRxK0md/
 k8s.io/utils v0.0.0-20210930125809-cb0fa318a74b/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
 k8s.io/utils v0.0.0-20230726121419-3b25d923346b h1:sgn3ZU783SCgtaSJjpcVVlRqd6GSnlTLKgpAAttJvpI=
 k8s.io/utils v0.0.0-20230726121419-3b25d923346b/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
-oras.land/oras-go v1.2.3 h1:v8PJl+gEAntI1pJ/LCrDgsuk+1PKVavVEPsYIHFE5uY=
-oras.land/oras-go v1.2.3/go.mod h1:M/uaPdYklze0Vf3AakfarnpoEckvw0ESbRdN8Z1vdJg=
+oras.land/oras-go v1.2.4 h1:djpBY2/2Cs1PV87GSJlxv4voajVOMZxqqtq9AB8YNvY=
+oras.land/oras-go v1.2.4/go.mod h1:DYcGfb3YF1nKjcezfX2SNlDAeQFKSXmf+qrFmrh4324=
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
 rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
 rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
@@ -2572,6 +2652,7 @@ sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.14/go.mod h1:LEScyz
 sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.15/go.mod h1:LEScyzhFmoF5pso/YSeBstl57mOzx9xlU9n85RGrDQg=
 sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.22/go.mod h1:LEScyzhFmoF5pso/YSeBstl57mOzx9xlU9n85RGrDQg=
 sigs.k8s.io/cli-utils v0.34.0 h1:zCUitt54f0/MYj/ajVFnG6XSXMhpZ72O/3RewIchW8w=
+sigs.k8s.io/cli-utils v0.34.0/go.mod h1:EXyMwPMu9OL+LRnj0JEMsGG/fRvbgFadcVlSnE8RhFs=
 sigs.k8s.io/controller-runtime v0.15.1 h1:9UvgKD4ZJGcj24vefUFgZFP3xej/3igL9BsOUTb/+4c=
 sigs.k8s.io/controller-runtime v0.15.1/go.mod h1:7ngYvp1MLT+9GeZ+6lH3LOlcHkp/+tzA/fmHa4iq9kk=
 sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo=
@@ -2595,3 +2676,4 @@ sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc=
 sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E=
 sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY=
 software.sslmate.com/src/go-pkcs12 v0.2.0 h1:nlFkj7bTysH6VkC4fGphtjXRbezREPgrHuJG20hBGPE=
+software.sslmate.com/src/go-pkcs12 v0.2.0/go.mod h1:23rNcYsMabIc1otwLpTkCCPwUq6kQsTyowttG/as0kQ=
diff --git a/vendor/go.opentelemetry.io/otel/.gitignore b/vendor/go.opentelemetry.io/otel/.gitignore
index f3355c852..895c7664b 100644
--- a/vendor/go.opentelemetry.io/otel/.gitignore
+++ b/vendor/go.opentelemetry.io/otel/.gitignore
@@ -14,12 +14,9 @@ go.work.sum
 gen/
 
 /example/dice/dice
-/example/fib/fib
-/example/fib/traces.txt
-/example/jaeger/jaeger
 /example/namedtracer/namedtracer
+/example/otel-collector/otel-collector
 /example/opencensus/opencensus
 /example/passthrough/passthrough
 /example/prometheus/prometheus
 /example/zipkin/zipkin
-/example/otel-collector/otel-collector
diff --git a/vendor/go.opentelemetry.io/otel/.golangci.yml b/vendor/go.opentelemetry.io/otel/.golangci.yml
index 6e8eeec00..a62511f38 100644
--- a/vendor/go.opentelemetry.io/otel/.golangci.yml
+++ b/vendor/go.opentelemetry.io/otel/.golangci.yml
@@ -12,8 +12,9 @@ linters:
     - depguard
     - errcheck
     - godot
-    - gofmt
+    - gofumpt
     - goimports
+    - gosec
     - gosimple
     - govet
     - ineffassign
@@ -53,6 +54,20 @@ issues:
       text: "calls to (.+) only in main[(][)] or init[(][)] functions"
       linters:
         - revive
+    # It's okay to not run gosec in a test.
+    - path: _test\.go
+      linters:
+        - gosec
+    # Igonoring gosec G404: Use of weak random number generator (math/rand instead of crypto/rand)
+    # as we commonly use it in tests and examples.
+    - text: "G404:"
+      linters:
+        - gosec
+    # Igonoring gosec G402: TLS MinVersion too low
+    # as the https://pkg.go.dev/crypto/tls#Config handles MinVersion default well.
+    - text: "G402: TLS MinVersion too low."
+      linters:
+        - gosec
   include:
     # revive exported should have comment or be unexported.
     - EXC0012
diff --git a/vendor/go.opentelemetry.io/otel/CHANGELOG.md b/vendor/go.opentelemetry.io/otel/CHANGELOG.md
index 3e5c35b5d..24874f856 100644
--- a/vendor/go.opentelemetry.io/otel/CHANGELOG.md
+++ b/vendor/go.opentelemetry.io/otel/CHANGELOG.md
@@ -8,6 +8,85 @@ This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.htm
 
 ## [Unreleased]
 
+## [1.21.0/0.44.0] 2023-11-16
+
+### Removed
+
+- Remove the deprecated `go.opentelemetry.io/otel/bridge/opencensus.NewTracer`. (#4706)
+- Remove the deprecated `go.opentelemetry.io/otel/exporters/otlp/otlpmetric` module. (#4707)
+- Remove the deprecated `go.opentelemetry.io/otel/example/view` module. (#4708)
+- Remove the deprecated `go.opentelemetry.io/otel/example/fib` module. (#4723)
+
+### Fixed
+
+- Do not parse non-protobuf responses in `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp`. (#4719)
+- Do not parse non-protobuf responses in `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp`. (#4719)
+
+## [1.20.0/0.43.0] 2023-11-10
+
+This release brings a breaking change for custom trace API implementations. Some interfaces (`TracerProvider`, `Tracer`, `Span`) now embed the `go.opentelemetry.io/otel/trace/embedded` types. Implementors need to update their implementations based on what they want the default behavior to be. See the "API Implementations" section of the [trace API] package documentation for more information about how to accomplish this.
+
+### Added
+
+- Add `go.opentelemetry.io/otel/bridge/opencensus.InstallTraceBridge`, which installs the OpenCensus trace bridge, and replaces `opencensus.NewTracer`. (#4567)
+- Add scope version to trace and metric bridges in `go.opentelemetry.io/otel/bridge/opencensus`. (#4584)
+- Add the `go.opentelemetry.io/otel/trace/embedded` package to be embedded in the exported trace API interfaces. (#4620)
+- Add the `go.opentelemetry.io/otel/trace/noop` package as a default no-op implementation of the trace API. (#4620)
+- Add context propagation in `go.opentelemetry.io/otel/example/dice`. (#4644)
+- Add view configuration to `go.opentelemetry.io/otel/example/prometheus`. (#4649)
+- Add `go.opentelemetry.io/otel/metric.WithExplicitBucketBoundaries`, which allows defining default explicit bucket boundaries when creating histogram instruments. (#4603)
+- Add `Version` function in `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc`. (#4660)
+- Add `Version` function in `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp`. (#4660)
+- Add Summary, SummaryDataPoint, and QuantileValue to `go.opentelemetry.io/sdk/metric/metricdata`. (#4622)
+- `go.opentelemetry.io/otel/bridge/opencensus.NewMetricProducer` now supports exemplars from OpenCensus. (#4585)
+- Add support for `WithExplicitBucketBoundaries` in `go.opentelemetry.io/otel/sdk/metric`. (#4605)
+- Add support for Summary metrics in `go.opentelemetry.io/otel/bridge/opencensus`. (#4668)
+
+### Deprecated
+
+- Deprecate `go.opentelemetry.io/otel/bridge/opencensus.NewTracer` in favor of `opencensus.InstallTraceBridge`. (#4567)
+- Deprecate `go.opentelemetry.io/otel/example/fib` package is in favor of `go.opentelemetry.io/otel/example/dice`. (#4618)
+- Deprecate `go.opentelemetry.io/otel/trace.NewNoopTracerProvider`.
+  Use the added `NewTracerProvider` function in `go.opentelemetry.io/otel/trace/noop` instead. (#4620)
+- Deprecate `go.opentelemetry.io/otel/example/view` package in favor of `go.opentelemetry.io/otel/example/prometheus`. (#4649)
+- Deprecate `go.opentelemetry.io/otel/exporters/otlp/otlpmetric`. (#4693)
+
+### Changed
+
+- `go.opentelemetry.io/otel/bridge/opencensus.NewMetricProducer` returns a `*MetricProducer` struct instead of the metric.Producer interface. (#4583)
+- The `TracerProvider` in `go.opentelemetry.io/otel/trace` now embeds the `go.opentelemetry.io/otel/trace/embedded.TracerProvider` type.
+  This extends the `TracerProvider` interface and is is a breaking change for any existing implementation.
+  Implementors need to update their implementations based on what they want the default behavior of the interface to be.
+  See the "API Implementations" section of the `go.opentelemetry.io/otel/trace` package documentation for more information about how to accomplish this. (#4620)
+- The `Tracer` in `go.opentelemetry.io/otel/trace` now embeds the `go.opentelemetry.io/otel/trace/embedded.Tracer` type.
+  This extends the `Tracer` interface and is is a breaking change for any existing implementation.
+  Implementors need to update their implementations based on what they want the default behavior of the interface to be.
+  See the "API Implementations" section of the `go.opentelemetry.io/otel/trace` package documentation for more information about how to accomplish this. (#4620)
+- The `Span` in `go.opentelemetry.io/otel/trace` now embeds the `go.opentelemetry.io/otel/trace/embedded.Span` type.
+  This extends the `Span` interface and is is a breaking change for any existing implementation.
+  Implementors need to update their implementations based on what they want the default behavior of the interface to be.
+  See the "API Implementations" section of the `go.opentelemetry.io/otel/trace` package documentation for more information about how to accomplish this. (#4620)
+- `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc` does no longer depend on `go.opentelemetry.io/otel/exporters/otlp/otlpmetric`. (#4660)
+- `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp` does no longer depend on `go.opentelemetry.io/otel/exporters/otlp/otlpmetric`. (#4660)
+- Retry for `502 Bad Gateway` and `504 Gateway Timeout` HTTP statuses in `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp`. (#4670)
+- Retry for `502 Bad Gateway` and `504 Gateway Timeout` HTTP statuses in `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp`. (#4670)
+- Retry for `RESOURCE_EXHAUSTED` only if RetryInfo is returned in `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc`. (#4669)
+- Retry for `RESOURCE_EXHAUSTED` only if RetryInfo is returned in `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc`. (#4669)
+- Retry temporary HTTP request failures in `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp`. (#4679)
+- Retry temporary HTTP request failures in `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp`. (#4679)
+
+### Fixed
+
+- Fix improper parsing of characters such us `+`, `/` by `Parse` in `go.opentelemetry.io/otel/baggage` as they were rendered as a whitespace. (#4667)
+- Fix improper parsing of characters such us `+`, `/` passed via `OTEL_RESOURCE_ATTRIBUTES` in `go.opentelemetry.io/otel/sdk/resource` as they were rendered as a whitespace. (#4699)
+- Fix improper parsing of characters such us `+`, `/` passed via `OTEL_EXPORTER_OTLP_HEADERS` and `OTEL_EXPORTER_OTLP_METRICS_HEADERS` in `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc` as they were rendered as a whitespace. (#4699)
+- Fix improper parsing of characters such us `+`, `/` passed via `OTEL_EXPORTER_OTLP_HEADERS` and `OTEL_EXPORTER_OTLP_METRICS_HEADERS` in `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp` as they were rendered as a whitespace. (#4699)
+- Fix improper parsing of characters such us `+`, `/` passed via `OTEL_EXPORTER_OTLP_HEADERS` and `OTEL_EXPORTER_OTLP_TRACES_HEADERS` in `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlptracegrpc` as they were rendered as a whitespace. (#4699)
+- Fix improper parsing of characters such us `+`, `/` passed via `OTEL_EXPORTER_OTLP_HEADERS` and `OTEL_EXPORTER_OTLP_TRACES_HEADERS` in `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlptracehttp` as they were rendered as a whitespace. (#4699)
+- In `go.opentelemetry.op/otel/exporters/prometheus`, the exporter no longer `Collect`s metrics after `Shutdown` is invoked. (#4648)
+- Fix documentation for `WithCompressor` in `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc`. (#4695)
+- Fix documentation for `WithCompressor` in `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc`. (#4695)
+
 ## [1.19.0/0.42.0/0.0.7] 2023-09-28
 
 This release contains the first stable release of the OpenTelemetry Go [metric SDK].
@@ -2656,7 +2735,9 @@ It contains api and sdk for trace and meter.
 - CircleCI build CI manifest files.
 - CODEOWNERS file to track owners of this project.
 
-[Unreleased]: https://github.com/open-telemetry/opentelemetry-go/compare/v1.19.0...HEAD
+[Unreleased]: https://github.com/open-telemetry/opentelemetry-go/compare/v1.21.0...HEAD
+[1.21.0/0.44.0]: https://github.com/open-telemetry/opentelemetry-go/releases/tag/v1.21.0
+[1.20.0/0.43.0]: https://github.com/open-telemetry/opentelemetry-go/releases/tag/v1.20.0
 [1.19.0/0.42.0/0.0.7]: https://github.com/open-telemetry/opentelemetry-go/releases/tag/v1.19.0
 [1.19.0-rc.1/0.42.0-rc.1]: https://github.com/open-telemetry/opentelemetry-go/releases/tag/v1.19.0-rc.1
 [1.18.0/0.41.0/0.0.6]: https://github.com/open-telemetry/opentelemetry-go/releases/tag/v1.18.0
@@ -2731,7 +2812,7 @@ It contains api and sdk for trace and meter.
 [Go 1.20]: https://go.dev/doc/go1.20
 [Go 1.19]: https://go.dev/doc/go1.19
 [Go 1.18]: https://go.dev/doc/go1.18
-[Go 1.19]: https://go.dev/doc/go1.19
 
 [metric API]:https://pkg.go.dev/go.opentelemetry.io/otel/metric
 [metric SDK]:https://pkg.go.dev/go.opentelemetry.io/otel/sdk/metric
+[trace API]:https://pkg.go.dev/go.opentelemetry.io/otel/trace
diff --git a/vendor/go.opentelemetry.io/otel/CONTRIBUTING.md b/vendor/go.opentelemetry.io/otel/CONTRIBUTING.md
index a00dbca7b..850606ae6 100644
--- a/vendor/go.opentelemetry.io/otel/CONTRIBUTING.md
+++ b/vendor/go.opentelemetry.io/otel/CONTRIBUTING.md
@@ -90,6 +90,10 @@ git push <YOUR_FORK> <YOUR_BRANCH_NAME>
 Open a pull request against the main `opentelemetry-go` repo. Be sure to add the pull
 request ID to the entry you added to `CHANGELOG.md`.
 
+Avoid rebasing and force-pushing to your branch to facilitate reviewing the pull request.
+Rewriting Git history makes it difficult to keep track of iterations during code review.
+All pull requests are squashed to a single commit upon merge to `main`.
+
 ### How to Receive Comments
 
 * If the PR is not ready for review, please put `[WIP]` in the title,
diff --git a/vendor/go.opentelemetry.io/otel/Makefile b/vendor/go.opentelemetry.io/otel/Makefile
index 5c311706b..35fc18996 100644
--- a/vendor/go.opentelemetry.io/otel/Makefile
+++ b/vendor/go.opentelemetry.io/otel/Makefile
@@ -77,6 +77,9 @@ $(GOTMPL): PACKAGE=go.opentelemetry.io/build-tools/gotmpl
 GORELEASE = $(TOOLS)/gorelease
 $(GORELEASE): PACKAGE=golang.org/x/exp/cmd/gorelease
 
+GOVULNCHECK = $(TOOLS)/govulncheck
+$(TOOLS)/govulncheck: PACKAGE=golang.org/x/vuln/cmd/govulncheck
+
 .PHONY: tools
 tools: $(CROSSLINK) $(DBOTCONF) $(GOLANGCI_LINT) $(MISSPELL) $(GOCOVMERGE) $(STRINGER) $(PORTO) $(GOJQ) $(SEMCONVGEN) $(MULTIMOD) $(SEMCONVKIT) $(GOTMPL) $(GORELEASE)
 
@@ -189,6 +192,18 @@ test-coverage: | $(GOCOVMERGE)
 	done; \
 	$(GOCOVMERGE) $$(find . -name coverage.out) > coverage.txt
 
+# Adding a directory will include all benchmarks in that direcotry if a filter is not specified.
+BENCHMARK_TARGETS := sdk/trace
+.PHONY: benchmark
+benchmark: $(BENCHMARK_TARGETS:%=benchmark/%)
+BENCHMARK_FILTER = .
+# You can override the filter for a particular directory by adding a rule here.
+benchmark/sdk/trace: BENCHMARK_FILTER = SpanWithAttributes_8/AlwaysSample
+benchmark/%:
+	@echo "$(GO) test -timeout $(TIMEOUT)s -run=xxxxxMatchNothingxxxxx -bench=$(BENCHMARK_FILTER) $*..." \
+		&& cd $* \
+		$(foreach filter, $(BENCHMARK_FILTER), && $(GO) test -timeout $(TIMEOUT)s -run=xxxxxMatchNothingxxxxx -bench=$(filter))
+
 .PHONY: golangci-lint golangci-lint-fix
 golangci-lint-fix: ARGS=--fix
 golangci-lint-fix: golangci-lint
@@ -216,7 +231,7 @@ go-mod-tidy/%: | crosslink
 lint-modules: go-mod-tidy
 
 .PHONY: lint
-lint: misspell lint-modules golangci-lint
+lint: misspell lint-modules golangci-lint govulncheck
 
 .PHONY: vanity-import-check
 vanity-import-check: | $(PORTO)
@@ -226,6 +241,14 @@ vanity-import-check: | $(PORTO)
 misspell: | $(MISSPELL)
 	@$(MISSPELL) -w $(ALL_DOCS)
 
+.PHONY: govulncheck
+govulncheck: $(OTEL_GO_MOD_DIRS:%=govulncheck/%)
+govulncheck/%: DIR=$*
+govulncheck/%: | $(GOVULNCHECK)
+	@echo "govulncheck ./... in $(DIR)" \
+		&& cd $(DIR) \
+		&& $(GOVULNCHECK) ./...
+
 .PHONY: codespell
 codespell: | $(CODESPELL)
 	@$(DOCKERPY) $(CODESPELL)
@@ -289,3 +312,7 @@ COMMIT ?= "HEAD"
 add-tags: | $(MULTIMOD)
 	@[ "${MODSET}" ] || ( echo ">> env var MODSET is not set"; exit 1 )
 	$(MULTIMOD) verify && $(MULTIMOD) tag -m ${MODSET} -c ${COMMIT}
+
+.PHONY: lint-markdown
+lint-markdown: 
+	docker run -v "$(CURDIR):$(WORKDIR)" docker://avtodev/markdown-lint:v1 -c $(WORKDIR)/.markdownlint.yaml $(WORKDIR)/**/*.md
diff --git a/vendor/go.opentelemetry.io/otel/README.md b/vendor/go.opentelemetry.io/otel/README.md
index 634326ef8..2c5b0cc28 100644
--- a/vendor/go.opentelemetry.io/otel/README.md
+++ b/vendor/go.opentelemetry.io/otel/README.md
@@ -11,16 +11,13 @@ It provides a set of APIs to directly measure performance and behavior of your s
 
 ## Project Status
 
-| Signal  | Status     | Project               |
-|---------|------------|-----------------------|
-| Traces  | Stable     | N/A                   |
-| Metrics | Mixed [1]  | [Go: Metric SDK (GA)] |
-| Logs    | Frozen [2] | N/A                   |
+| Signal  | Status     |
+|---------|------------|
+| Traces  | Stable     |
+| Metrics | Stable     |
+| Logs    | Design [1] |
 
-[Go: Metric SDK (GA)]: https://github.com/orgs/open-telemetry/projects/34
-
-- [1]: [Metrics API](https://pkg.go.dev/go.opentelemetry.io/otel/metric) is Stable. [Metrics SDK](https://pkg.go.dev/go.opentelemetry.io/otel/sdk/metric) is Beta.
-- [2]: The Logs signal development is halted for this project while we stabilize the Metrics SDK.
+- [1]: Currently the logs signal development is in a design phase ([#4696](https://github.com/open-telemetry/opentelemetry-go/issues/4696)).
    No Logs Pull Requests are currently being accepted.
 
 Progress and status specific to this repository is tracked in our
diff --git a/vendor/go.opentelemetry.io/otel/baggage/baggage.go b/vendor/go.opentelemetry.io/otel/baggage/baggage.go
index 9e6b3b7b5..84532cb1d 100644
--- a/vendor/go.opentelemetry.io/otel/baggage/baggage.go
+++ b/vendor/go.opentelemetry.io/otel/baggage/baggage.go
@@ -254,7 +254,7 @@ func NewMember(key, value string, props ...Property) (Member, error) {
 	if err := m.validate(); err != nil {
 		return newInvalidMember(), err
 	}
-	decodedValue, err := url.QueryUnescape(value)
+	decodedValue, err := url.PathUnescape(value)
 	if err != nil {
 		return newInvalidMember(), fmt.Errorf("%w: %q", errInvalidValue, value)
 	}
@@ -301,7 +301,7 @@ func parseMember(member string) (Member, error) {
 	// when converting the header into a data structure."
 	key = strings.TrimSpace(k)
 	var err error
-	value, err = url.QueryUnescape(strings.TrimSpace(v))
+	value, err = url.PathUnescape(strings.TrimSpace(v))
 	if err != nil {
 		return newInvalidMember(), fmt.Errorf("%w: %q", err, value)
 	}
diff --git a/vendor/go.opentelemetry.io/otel/internal/global/instruments.go b/vendor/go.opentelemetry.io/otel/internal/global/instruments.go
index a33eded87..ebb13c206 100644
--- a/vendor/go.opentelemetry.io/otel/internal/global/instruments.go
+++ b/vendor/go.opentelemetry.io/otel/internal/global/instruments.go
@@ -34,11 +34,13 @@ type afCounter struct {
 	name string
 	opts []metric.Float64ObservableCounterOption
 
-	delegate atomic.Value //metric.Float64ObservableCounter
+	delegate atomic.Value // metric.Float64ObservableCounter
 }
 
-var _ unwrapper = (*afCounter)(nil)
-var _ metric.Float64ObservableCounter = (*afCounter)(nil)
+var (
+	_ unwrapper                       = (*afCounter)(nil)
+	_ metric.Float64ObservableCounter = (*afCounter)(nil)
+)
 
 func (i *afCounter) setDelegate(m metric.Meter) {
 	ctr, err := m.Float64ObservableCounter(i.name, i.opts...)
@@ -63,11 +65,13 @@ type afUpDownCounter struct {
 	name string
 	opts []metric.Float64ObservableUpDownCounterOption
 
-	delegate atomic.Value //metric.Float64ObservableUpDownCounter
+	delegate atomic.Value // metric.Float64ObservableUpDownCounter
 }
 
-var _ unwrapper = (*afUpDownCounter)(nil)
-var _ metric.Float64ObservableUpDownCounter = (*afUpDownCounter)(nil)
+var (
+	_ unwrapper                             = (*afUpDownCounter)(nil)
+	_ metric.Float64ObservableUpDownCounter = (*afUpDownCounter)(nil)
+)
 
 func (i *afUpDownCounter) setDelegate(m metric.Meter) {
 	ctr, err := m.Float64ObservableUpDownCounter(i.name, i.opts...)
@@ -92,11 +96,13 @@ type afGauge struct {
 	name string
 	opts []metric.Float64ObservableGaugeOption
 
-	delegate atomic.Value //metric.Float64ObservableGauge
+	delegate atomic.Value // metric.Float64ObservableGauge
 }
 
-var _ unwrapper = (*afGauge)(nil)
-var _ metric.Float64ObservableGauge = (*afGauge)(nil)
+var (
+	_ unwrapper                     = (*afGauge)(nil)
+	_ metric.Float64ObservableGauge = (*afGauge)(nil)
+)
 
 func (i *afGauge) setDelegate(m metric.Meter) {
 	ctr, err := m.Float64ObservableGauge(i.name, i.opts...)
@@ -121,11 +127,13 @@ type aiCounter struct {
 	name string
 	opts []metric.Int64ObservableCounterOption
 
-	delegate atomic.Value //metric.Int64ObservableCounter
+	delegate atomic.Value // metric.Int64ObservableCounter
 }
 
-var _ unwrapper = (*aiCounter)(nil)
-var _ metric.Int64ObservableCounter = (*aiCounter)(nil)
+var (
+	_ unwrapper                     = (*aiCounter)(nil)
+	_ metric.Int64ObservableCounter = (*aiCounter)(nil)
+)
 
 func (i *aiCounter) setDelegate(m metric.Meter) {
 	ctr, err := m.Int64ObservableCounter(i.name, i.opts...)
@@ -150,11 +158,13 @@ type aiUpDownCounter struct {
 	name string
 	opts []metric.Int64ObservableUpDownCounterOption
 
-	delegate atomic.Value //metric.Int64ObservableUpDownCounter
+	delegate atomic.Value // metric.Int64ObservableUpDownCounter
 }
 
-var _ unwrapper = (*aiUpDownCounter)(nil)
-var _ metric.Int64ObservableUpDownCounter = (*aiUpDownCounter)(nil)
+var (
+	_ unwrapper                           = (*aiUpDownCounter)(nil)
+	_ metric.Int64ObservableUpDownCounter = (*aiUpDownCounter)(nil)
+)
 
 func (i *aiUpDownCounter) setDelegate(m metric.Meter) {
 	ctr, err := m.Int64ObservableUpDownCounter(i.name, i.opts...)
@@ -179,11 +189,13 @@ type aiGauge struct {
 	name string
 	opts []metric.Int64ObservableGaugeOption
 
-	delegate atomic.Value //metric.Int64ObservableGauge
+	delegate atomic.Value // metric.Int64ObservableGauge
 }
 
-var _ unwrapper = (*aiGauge)(nil)
-var _ metric.Int64ObservableGauge = (*aiGauge)(nil)
+var (
+	_ unwrapper                   = (*aiGauge)(nil)
+	_ metric.Int64ObservableGauge = (*aiGauge)(nil)
+)
 
 func (i *aiGauge) setDelegate(m metric.Meter) {
 	ctr, err := m.Int64ObservableGauge(i.name, i.opts...)
@@ -208,7 +220,7 @@ type sfCounter struct {
 	name string
 	opts []metric.Float64CounterOption
 
-	delegate atomic.Value //metric.Float64Counter
+	delegate atomic.Value // metric.Float64Counter
 }
 
 var _ metric.Float64Counter = (*sfCounter)(nil)
@@ -234,7 +246,7 @@ type sfUpDownCounter struct {
 	name string
 	opts []metric.Float64UpDownCounterOption
 
-	delegate atomic.Value //metric.Float64UpDownCounter
+	delegate atomic.Value // metric.Float64UpDownCounter
 }
 
 var _ metric.Float64UpDownCounter = (*sfUpDownCounter)(nil)
@@ -260,7 +272,7 @@ type sfHistogram struct {
 	name string
 	opts []metric.Float64HistogramOption
 
-	delegate atomic.Value //metric.Float64Histogram
+	delegate atomic.Value // metric.Float64Histogram
 }
 
 var _ metric.Float64Histogram = (*sfHistogram)(nil)
@@ -286,7 +298,7 @@ type siCounter struct {
 	name string
 	opts []metric.Int64CounterOption
 
-	delegate atomic.Value //metric.Int64Counter
+	delegate atomic.Value // metric.Int64Counter
 }
 
 var _ metric.Int64Counter = (*siCounter)(nil)
@@ -312,7 +324,7 @@ type siUpDownCounter struct {
 	name string
 	opts []metric.Int64UpDownCounterOption
 
-	delegate atomic.Value //metric.Int64UpDownCounter
+	delegate atomic.Value // metric.Int64UpDownCounter
 }
 
 var _ metric.Int64UpDownCounter = (*siUpDownCounter)(nil)
@@ -338,7 +350,7 @@ type siHistogram struct {
 	name string
 	opts []metric.Int64HistogramOption
 
-	delegate atomic.Value //metric.Int64Histogram
+	delegate atomic.Value // metric.Int64Histogram
 }
 
 var _ metric.Int64Histogram = (*siHistogram)(nil)
diff --git a/vendor/go.opentelemetry.io/otel/internal/global/trace.go b/vendor/go.opentelemetry.io/otel/internal/global/trace.go
index 5f008d098..3f61ec12a 100644
--- a/vendor/go.opentelemetry.io/otel/internal/global/trace.go
+++ b/vendor/go.opentelemetry.io/otel/internal/global/trace.go
@@ -39,6 +39,7 @@ import (
 	"go.opentelemetry.io/otel/attribute"
 	"go.opentelemetry.io/otel/codes"
 	"go.opentelemetry.io/otel/trace"
+	"go.opentelemetry.io/otel/trace/embedded"
 )
 
 // tracerProvider is a placeholder for a configured SDK TracerProvider.
@@ -46,6 +47,8 @@ import (
 // All TracerProvider functionality is forwarded to a delegate once
 // configured.
 type tracerProvider struct {
+	embedded.TracerProvider
+
 	mtx      sync.Mutex
 	tracers  map[il]*tracer
 	delegate trace.TracerProvider
@@ -119,6 +122,8 @@ type il struct {
 // All Tracer functionality is forwarded to a delegate once configured.
 // Otherwise, all functionality is forwarded to a NoopTracer.
 type tracer struct {
+	embedded.Tracer
+
 	name     string
 	opts     []trace.TracerOption
 	provider *tracerProvider
@@ -156,6 +161,8 @@ func (t *tracer) Start(ctx context.Context, name string, opts ...trace.SpanStart
 // SpanContext. It performs no operations other than to return the wrapped
 // SpanContext.
 type nonRecordingSpan struct {
+	embedded.Span
+
 	sc     trace.SpanContext
 	tracer *tracer
 }
diff --git a/vendor/go.opentelemetry.io/otel/metric/doc.go b/vendor/go.opentelemetry.io/otel/metric/doc.go
index ae24e448d..54716e13b 100644
--- a/vendor/go.opentelemetry.io/otel/metric/doc.go
+++ b/vendor/go.opentelemetry.io/otel/metric/doc.go
@@ -149,7 +149,7 @@ of [go.opentelemetry.io/otel/metric].
 
 Finally, an author can embed another implementation in theirs. The embedded
 implementation will be used for methods not defined by the author. For example,
-an author who want to default to silently dropping the call can use
+an author who wants to default to silently dropping the call can use
 [go.opentelemetry.io/otel/metric/noop]:
 
 	import "go.opentelemetry.io/otel/metric/noop"
diff --git a/vendor/go.opentelemetry.io/otel/metric/instrument.go b/vendor/go.opentelemetry.io/otel/metric/instrument.go
index cdca00058..be89cd533 100644
--- a/vendor/go.opentelemetry.io/otel/metric/instrument.go
+++ b/vendor/go.opentelemetry.io/otel/metric/instrument.go
@@ -39,6 +39,12 @@ type InstrumentOption interface {
 	Float64ObservableGaugeOption
 }
 
+// HistogramOption applies options to histogram instruments.
+type HistogramOption interface {
+	Int64HistogramOption
+	Float64HistogramOption
+}
+
 type descOpt string
 
 func (o descOpt) applyFloat64Counter(c Float64CounterConfig) Float64CounterConfig {
@@ -171,6 +177,23 @@ func (o unitOpt) applyInt64ObservableGauge(c Int64ObservableGaugeConfig) Int64Ob
 // The unit u should be defined using the appropriate [UCUM](https://ucum.org) case-sensitive code.
 func WithUnit(u string) InstrumentOption { return unitOpt(u) }
 
+// WithExplicitBucketBoundaries sets the instrument explicit bucket boundaries.
+//
+// This option is considered "advisory", and may be ignored by API implementations.
+func WithExplicitBucketBoundaries(bounds ...float64) HistogramOption { return bucketOpt(bounds) }
+
+type bucketOpt []float64
+
+func (o bucketOpt) applyFloat64Histogram(c Float64HistogramConfig) Float64HistogramConfig {
+	c.explicitBucketBoundaries = o
+	return c
+}
+
+func (o bucketOpt) applyInt64Histogram(c Int64HistogramConfig) Int64HistogramConfig {
+	c.explicitBucketBoundaries = o
+	return c
+}
+
 // AddOption applies options to an addition measurement. See
 // [MeasurementOption] for other options that can be used as an AddOption.
 type AddOption interface {
diff --git a/vendor/go.opentelemetry.io/otel/metric/syncfloat64.go b/vendor/go.opentelemetry.io/otel/metric/syncfloat64.go
index f0b063721..0a4825ae6 100644
--- a/vendor/go.opentelemetry.io/otel/metric/syncfloat64.go
+++ b/vendor/go.opentelemetry.io/otel/metric/syncfloat64.go
@@ -147,8 +147,9 @@ type Float64Histogram interface {
 // Float64HistogramConfig contains options for synchronous counter instruments
 // that record int64 values.
 type Float64HistogramConfig struct {
-	description string
-	unit        string
+	description              string
+	unit                     string
+	explicitBucketBoundaries []float64
 }
 
 // NewFloat64HistogramConfig returns a new [Float64HistogramConfig] with all
@@ -171,6 +172,11 @@ func (c Float64HistogramConfig) Unit() string {
 	return c.unit
 }
 
+// ExplicitBucketBoundaries returns the configured explicit bucket boundaries.
+func (c Float64HistogramConfig) ExplicitBucketBoundaries() []float64 {
+	return c.explicitBucketBoundaries
+}
+
 // Float64HistogramOption applies options to a [Float64HistogramConfig]. See
 // [InstrumentOption] for other options that can be used as a
 // Float64HistogramOption.
diff --git a/vendor/go.opentelemetry.io/otel/metric/syncint64.go b/vendor/go.opentelemetry.io/otel/metric/syncint64.go
index 6f508eb66..56667d32f 100644
--- a/vendor/go.opentelemetry.io/otel/metric/syncint64.go
+++ b/vendor/go.opentelemetry.io/otel/metric/syncint64.go
@@ -147,8 +147,9 @@ type Int64Histogram interface {
 // Int64HistogramConfig contains options for synchronous counter instruments
 // that record int64 values.
 type Int64HistogramConfig struct {
-	description string
-	unit        string
+	description              string
+	unit                     string
+	explicitBucketBoundaries []float64
 }
 
 // NewInt64HistogramConfig returns a new [Int64HistogramConfig] with all opts
@@ -171,6 +172,11 @@ func (c Int64HistogramConfig) Unit() string {
 	return c.unit
 }
 
+// ExplicitBucketBoundaries returns the configured explicit bucket boundaries.
+func (c Int64HistogramConfig) ExplicitBucketBoundaries() []float64 {
+	return c.explicitBucketBoundaries
+}
+
 // Int64HistogramOption applies options to a [Int64HistogramConfig]. See
 // [InstrumentOption] for other options that can be used as an
 // Int64HistogramOption.
diff --git a/vendor/go.opentelemetry.io/otel/propagation/trace_context.go b/vendor/go.opentelemetry.io/otel/propagation/trace_context.go
index 902692da0..75a8f3435 100644
--- a/vendor/go.opentelemetry.io/otel/propagation/trace_context.go
+++ b/vendor/go.opentelemetry.io/otel/propagation/trace_context.go
@@ -40,8 +40,10 @@ const (
 // their proprietary information.
 type TraceContext struct{}
 
-var _ TextMapPropagator = TraceContext{}
-var traceCtxRegExp = regexp.MustCompile("^(?P<version>[0-9a-f]{2})-(?P<traceID>[a-f0-9]{32})-(?P<spanID>[a-f0-9]{16})-(?P<traceFlags>[a-f0-9]{2})(?:-.*)?$")
+var (
+	_              TextMapPropagator = TraceContext{}
+	traceCtxRegExp                   = regexp.MustCompile("^(?P<version>[0-9a-f]{2})-(?P<traceID>[a-f0-9]{32})-(?P<spanID>[a-f0-9]{16})-(?P<traceFlags>[a-f0-9]{2})(?:-.*)?$")
+)
 
 // Inject set tracecontext from the Context into the carrier.
 func (tc TraceContext) Inject(ctx context.Context, carrier TextMapCarrier) {
diff --git a/vendor/go.opentelemetry.io/otel/requirements.txt b/vendor/go.opentelemetry.io/otel/requirements.txt
index ddff45468..e0a43e138 100644
--- a/vendor/go.opentelemetry.io/otel/requirements.txt
+++ b/vendor/go.opentelemetry.io/otel/requirements.txt
@@ -1 +1 @@
-codespell==2.2.5
+codespell==2.2.6
diff --git a/vendor/go.opentelemetry.io/otel/trace/config.go b/vendor/go.opentelemetry.io/otel/trace/config.go
index cb3efbb9a..3aadc66cf 100644
--- a/vendor/go.opentelemetry.io/otel/trace/config.go
+++ b/vendor/go.opentelemetry.io/otel/trace/config.go
@@ -268,6 +268,7 @@ func (o stackTraceOption) applyEvent(c EventConfig) EventConfig {
 	c.stackTrace = bool(o)
 	return c
 }
+
 func (o stackTraceOption) applySpan(c SpanConfig) SpanConfig {
 	c.stackTrace = bool(o)
 	return c
diff --git a/vendor/go.opentelemetry.io/otel/trace/doc.go b/vendor/go.opentelemetry.io/otel/trace/doc.go
index ab0346f96..440f3d756 100644
--- a/vendor/go.opentelemetry.io/otel/trace/doc.go
+++ b/vendor/go.opentelemetry.io/otel/trace/doc.go
@@ -62,5 +62,69 @@ a default.
 		defer span.End()
 		// ...
 	}
+
+# API Implementations
+
+This package does not conform to the standard Go versioning policy; all of its
+interfaces may have methods added to them without a package major version bump.
+This non-standard API evolution could surprise an uninformed implementation
+author. They could unknowingly build their implementation in a way that would
+result in a runtime panic for their users that update to the new API.
+
+The API is designed to help inform an instrumentation author about this
+non-standard API evolution. It requires them to choose a default behavior for
+unimplemented interface methods. There are three behavior choices they can
+make:
+
+  - Compilation failure
+  - Panic
+  - Default to another implementation
+
+All interfaces in this API embed a corresponding interface from
+[go.opentelemetry.io/otel/trace/embedded]. If an author wants the default
+behavior of their implementations to be a compilation failure, signaling to
+their users they need to update to the latest version of that implementation,
+they need to embed the corresponding interface from
+[go.opentelemetry.io/otel/trace/embedded] in their implementation. For
+example,
+
+	import "go.opentelemetry.io/otel/trace/embedded"
+
+	type TracerProvider struct {
+		embedded.TracerProvider
+		// ...
+	}
+
+If an author wants the default behavior of their implementations to panic, they
+can embed the API interface directly.
+
+	import "go.opentelemetry.io/otel/trace"
+
+	type TracerProvider struct {
+		trace.TracerProvider
+		// ...
+	}
+
+This option is not recommended. It will lead to publishing packages that
+contain runtime panics when users update to newer versions of
+[go.opentelemetry.io/otel/trace], which may be done with a trasitive
+dependency.
+
+Finally, an author can embed another implementation in theirs. The embedded
+implementation will be used for methods not defined by the author. For example,
+an author who wants to default to silently dropping the call can use
+[go.opentelemetry.io/otel/trace/noop]:
+
+	import "go.opentelemetry.io/otel/trace/noop"
+
+	type TracerProvider struct {
+		noop.TracerProvider
+		// ...
+	}
+
+It is strongly recommended that authors only embed
+[go.opentelemetry.io/otel/trace/noop] if they choose this default behavior.
+That implementation is the only one OpenTelemetry authors can guarantee will
+fully implement all the API interfaces when a user updates their API.
 */
 package trace // import "go.opentelemetry.io/otel/trace"
diff --git a/vendor/go.opentelemetry.io/otel/trace/embedded/embedded.go b/vendor/go.opentelemetry.io/otel/trace/embedded/embedded.go
new file mode 100644
index 000000000..898db5a75
--- /dev/null
+++ b/vendor/go.opentelemetry.io/otel/trace/embedded/embedded.go
@@ -0,0 +1,56 @@
+// Copyright The OpenTelemetry Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Package embedded provides interfaces embedded within the [OpenTelemetry
+// trace API].
+//
+// Implementers of the [OpenTelemetry trace API] can embed the relevant type
+// from this package into their implementation directly. Doing so will result
+// in a compilation error for users when the [OpenTelemetry trace API] is
+// extended (which is something that can happen without a major version bump of
+// the API package).
+//
+// [OpenTelemetry trace API]: https://pkg.go.dev/go.opentelemetry.io/otel/trace
+package embedded // import "go.opentelemetry.io/otel/trace/embedded"
+
+// TracerProvider is embedded in
+// [go.opentelemetry.io/otel/trace.TracerProvider].
+//
+// Embed this interface in your implementation of the
+// [go.opentelemetry.io/otel/trace.TracerProvider] if you want users to
+// experience a compilation error, signaling they need to update to your latest
+// implementation, when the [go.opentelemetry.io/otel/trace.TracerProvider]
+// interface is extended (which is something that can happen without a major
+// version bump of the API package).
+type TracerProvider interface{ tracerProvider() }
+
+// Tracer is embedded in [go.opentelemetry.io/otel/trace.Tracer].
+//
+// Embed this interface in your implementation of the
+// [go.opentelemetry.io/otel/trace.Tracer] if you want users to experience a
+// compilation error, signaling they need to update to your latest
+// implementation, when the [go.opentelemetry.io/otel/trace.Tracer] interface
+// is extended (which is something that can happen without a major version bump
+// of the API package).
+type Tracer interface{ tracer() }
+
+// Span is embedded in [go.opentelemetry.io/otel/trace.Span].
+//
+// Embed this interface in your implementation of the
+// [go.opentelemetry.io/otel/trace.Span] if you want users to experience a
+// compilation error, signaling they need to update to your latest
+// implementation, when the [go.opentelemetry.io/otel/trace.Span] interface is
+// extended (which is something that can happen without a major version bump of
+// the API package).
+type Span interface{ span() }
diff --git a/vendor/go.opentelemetry.io/otel/trace/noop.go b/vendor/go.opentelemetry.io/otel/trace/noop.go
index 7cf6c7f3e..c125491ca 100644
--- a/vendor/go.opentelemetry.io/otel/trace/noop.go
+++ b/vendor/go.opentelemetry.io/otel/trace/noop.go
@@ -19,16 +19,20 @@ import (
 
 	"go.opentelemetry.io/otel/attribute"
 	"go.opentelemetry.io/otel/codes"
+	"go.opentelemetry.io/otel/trace/embedded"
 )
 
 // NewNoopTracerProvider returns an implementation of TracerProvider that
 // performs no operations. The Tracer and Spans created from the returned
 // TracerProvider also perform no operations.
+//
+// Deprecated: Use [go.opentelemetry.io/otel/trace/noop.NewTracerProvider]
+// instead.
 func NewNoopTracerProvider() TracerProvider {
 	return noopTracerProvider{}
 }
 
-type noopTracerProvider struct{}
+type noopTracerProvider struct{ embedded.TracerProvider }
 
 var _ TracerProvider = noopTracerProvider{}
 
@@ -38,7 +42,7 @@ func (p noopTracerProvider) Tracer(string, ...TracerOption) Tracer {
 }
 
 // noopTracer is an implementation of Tracer that performs no operations.
-type noopTracer struct{}
+type noopTracer struct{ embedded.Tracer }
 
 var _ Tracer = noopTracer{}
 
@@ -54,7 +58,7 @@ func (t noopTracer) Start(ctx context.Context, name string, _ ...SpanStartOption
 }
 
 // noopSpan is an implementation of Span that performs no operations.
-type noopSpan struct{}
+type noopSpan struct{ embedded.Span }
 
 var _ Span = noopSpan{}
 
diff --git a/vendor/go.opentelemetry.io/otel/trace/trace.go b/vendor/go.opentelemetry.io/otel/trace/trace.go
index 4aa94f79f..26a4b2260 100644
--- a/vendor/go.opentelemetry.io/otel/trace/trace.go
+++ b/vendor/go.opentelemetry.io/otel/trace/trace.go
@@ -22,6 +22,7 @@ import (
 
 	"go.opentelemetry.io/otel/attribute"
 	"go.opentelemetry.io/otel/codes"
+	"go.opentelemetry.io/otel/trace/embedded"
 )
 
 const (
@@ -48,8 +49,10 @@ func (e errorConst) Error() string {
 // nolint:revive // revive complains about stutter of `trace.TraceID`.
 type TraceID [16]byte
 
-var nilTraceID TraceID
-var _ json.Marshaler = nilTraceID
+var (
+	nilTraceID TraceID
+	_          json.Marshaler = nilTraceID
+)
 
 // IsValid checks whether the trace TraceID is valid. A valid trace ID does
 // not consist of zeros only.
@@ -71,8 +74,10 @@ func (t TraceID) String() string {
 // SpanID is a unique identity of a span in a trace.
 type SpanID [8]byte
 
-var nilSpanID SpanID
-var _ json.Marshaler = nilSpanID
+var (
+	nilSpanID SpanID
+	_         json.Marshaler = nilSpanID
+)
 
 // IsValid checks whether the SpanID is valid. A valid SpanID does not consist
 // of zeros only.
@@ -338,8 +343,15 @@ func (sc SpanContext) MarshalJSON() ([]byte, error) {
 // create a Span and it is then up to the operation the Span represents to
 // properly end the Span when the operation itself ends.
 //
-// Warning: methods may be added to this interface in minor releases.
+// Warning: Methods may be added to this interface in minor releases. See
+// package documentation on API implementation for information on how to set
+// default behavior for unimplemented methods.
 type Span interface {
+	// Users of the interface can ignore this. This embedded type is only used
+	// by implementations of this interface. See the "API Implementations"
+	// section of the package documentation for more information.
+	embedded.Span
+
 	// End completes the Span. The Span is considered complete and ready to be
 	// delivered through the rest of the telemetry pipeline after this method
 	// is called. Therefore, updates to the Span are not allowed after this
@@ -486,8 +498,15 @@ func (sk SpanKind) String() string {
 
 // Tracer is the creator of Spans.
 //
-// Warning: methods may be added to this interface in minor releases.
+// Warning: Methods may be added to this interface in minor releases. See
+// package documentation on API implementation for information on how to set
+// default behavior for unimplemented methods.
 type Tracer interface {
+	// Users of the interface can ignore this. This embedded type is only used
+	// by implementations of this interface. See the "API Implementations"
+	// section of the package documentation for more information.
+	embedded.Tracer
+
 	// Start creates a span and a context.Context containing the newly-created span.
 	//
 	// If the context.Context provided in `ctx` contains a Span then the newly-created
@@ -518,8 +537,15 @@ type Tracer interface {
 // at runtime from its users or it can simply use the globally registered one
 // (see https://pkg.go.dev/go.opentelemetry.io/otel#GetTracerProvider).
 //
-// Warning: methods may be added to this interface in minor releases.
+// Warning: Methods may be added to this interface in minor releases. See
+// package documentation on API implementation for information on how to set
+// default behavior for unimplemented methods.
 type TracerProvider interface {
+	// Users of the interface can ignore this. This embedded type is only used
+	// by implementations of this interface. See the "API Implementations"
+	// section of the package documentation for more information.
+	embedded.TracerProvider
+
 	// Tracer returns a unique Tracer scoped to be used by instrumentation code
 	// to trace computational workflows. The scope and identity of that
 	// instrumentation code is uniquely defined by the name and options passed.
diff --git a/vendor/go.opentelemetry.io/otel/trace/tracestate.go b/vendor/go.opentelemetry.io/otel/trace/tracestate.go
index ca68a82e5..d1e47ca2f 100644
--- a/vendor/go.opentelemetry.io/otel/trace/tracestate.go
+++ b/vendor/go.opentelemetry.io/otel/trace/tracestate.go
@@ -28,9 +28,9 @@ const (
 
 	// based on the W3C Trace Context specification, see
 	// https://www.w3.org/TR/trace-context-1/#tracestate-header
-	noTenantKeyFormat   = `[a-z][_0-9a-z\-\*\/]{0,255}`
-	withTenantKeyFormat = `[a-z0-9][_0-9a-z\-\*\/]{0,240}@[a-z][_0-9a-z\-\*\/]{0,13}`
-	valueFormat         = `[\x20-\x2b\x2d-\x3c\x3e-\x7e]{0,255}[\x21-\x2b\x2d-\x3c\x3e-\x7e]`
+	noTenantKeyFormat   = `[a-z][_0-9a-z\-\*\/]*`
+	withTenantKeyFormat = `[a-z0-9][_0-9a-z\-\*\/]*@[a-z][_0-9a-z\-\*\/]*`
+	valueFormat         = `[\x20-\x2b\x2d-\x3c\x3e-\x7e]*[\x21-\x2b\x2d-\x3c\x3e-\x7e]`
 
 	errInvalidKey    errorConst = "invalid tracestate key"
 	errInvalidValue  errorConst = "invalid tracestate value"
@@ -40,9 +40,10 @@ const (
 )
 
 var (
-	keyRe    = regexp.MustCompile(`^((` + noTenantKeyFormat + `)|(` + withTenantKeyFormat + `))$`)
-	valueRe  = regexp.MustCompile(`^(` + valueFormat + `)$`)
-	memberRe = regexp.MustCompile(`^\s*((` + noTenantKeyFormat + `)|(` + withTenantKeyFormat + `))=(` + valueFormat + `)\s*$`)
+	noTenantKeyRe   = regexp.MustCompile(`^` + noTenantKeyFormat + `$`)
+	withTenantKeyRe = regexp.MustCompile(`^` + withTenantKeyFormat + `$`)
+	valueRe         = regexp.MustCompile(`^` + valueFormat + `$`)
+	memberRe        = regexp.MustCompile(`^\s*((?:` + noTenantKeyFormat + `)|(?:` + withTenantKeyFormat + `))=(` + valueFormat + `)\s*$`)
 )
 
 type member struct {
@@ -51,10 +52,19 @@ type member struct {
 }
 
 func newMember(key, value string) (member, error) {
-	if !keyRe.MatchString(key) {
+	if len(key) > 256 {
 		return member{}, fmt.Errorf("%w: %s", errInvalidKey, key)
 	}
-	if !valueRe.MatchString(value) {
+	if !noTenantKeyRe.MatchString(key) {
+		if !withTenantKeyRe.MatchString(key) {
+			return member{}, fmt.Errorf("%w: %s", errInvalidKey, key)
+		}
+		atIndex := strings.LastIndex(key, "@")
+		if atIndex > 241 || len(key)-1-atIndex > 14 {
+			return member{}, fmt.Errorf("%w: %s", errInvalidKey, key)
+		}
+	}
+	if len(value) > 256 || !valueRe.MatchString(value) {
 		return member{}, fmt.Errorf("%w: %s", errInvalidValue, value)
 	}
 	return member{Key: key, Value: value}, nil
@@ -62,14 +72,14 @@ func newMember(key, value string) (member, error) {
 
 func parseMember(m string) (member, error) {
 	matches := memberRe.FindStringSubmatch(m)
-	if len(matches) != 5 {
+	if len(matches) != 3 {
 		return member{}, fmt.Errorf("%w: %s", errInvalidMember, m)
 	}
-
-	return member{
-		Key:   matches[1],
-		Value: matches[4],
-	}, nil
+	result, e := newMember(matches[1], matches[2])
+	if e != nil {
+		return member{}, fmt.Errorf("%w: %s", errInvalidMember, m)
+	}
+	return result, nil
 }
 
 // String encodes member into a string compliant with the W3C Trace Context
diff --git a/vendor/go.opentelemetry.io/otel/version.go b/vendor/go.opentelemetry.io/otel/version.go
index ad64e1996..e2f743585 100644
--- a/vendor/go.opentelemetry.io/otel/version.go
+++ b/vendor/go.opentelemetry.io/otel/version.go
@@ -16,5 +16,5 @@ package otel // import "go.opentelemetry.io/otel"
 
 // Version is the current release version of OpenTelemetry in use.
 func Version() string {
-	return "1.19.0"
+	return "1.21.0"
 }
diff --git a/vendor/go.opentelemetry.io/otel/versions.yaml b/vendor/go.opentelemetry.io/otel/versions.yaml
index 7d2127692..3c153c9d6 100644
--- a/vendor/go.opentelemetry.io/otel/versions.yaml
+++ b/vendor/go.opentelemetry.io/otel/versions.yaml
@@ -14,13 +14,12 @@
 
 module-sets:
   stable-v1:
-    version: v1.19.0
+    version: v1.21.0
     modules:
       - go.opentelemetry.io/otel
       - go.opentelemetry.io/otel/bridge/opentracing
       - go.opentelemetry.io/otel/bridge/opentracing/test
       - go.opentelemetry.io/otel/example/dice
-      - go.opentelemetry.io/otel/example/fib
       - go.opentelemetry.io/otel/example/namedtracer
       - go.opentelemetry.io/otel/example/otel-collector
       - go.opentelemetry.io/otel/example/passthrough
@@ -35,14 +34,12 @@ module-sets:
       - go.opentelemetry.io/otel/sdk/metric
       - go.opentelemetry.io/otel/trace
   experimental-metrics:
-    version: v0.42.0
+    version: v0.44.0
     modules:
       - go.opentelemetry.io/otel/bridge/opencensus
       - go.opentelemetry.io/otel/bridge/opencensus/test
       - go.opentelemetry.io/otel/example/opencensus
       - go.opentelemetry.io/otel/example/prometheus
-      - go.opentelemetry.io/otel/example/view
-      - go.opentelemetry.io/otel/exporters/otlp/otlpmetric
       - go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc
       - go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp
       - go.opentelemetry.io/otel/exporters/prometheus
diff --git a/vendor/modules.txt b/vendor/modules.txt
index e69de29bb..9bb392e68 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -0,0 +1,2758 @@
+# cloud.google.com/go/compute v1.23.2
+## explicit; go 1.19
+cloud.google.com/go/compute/internal
+# cloud.google.com/go/compute/metadata v0.2.3
+## explicit; go 1.19
+cloud.google.com/go/compute/metadata
+# filippo.io/edwards25519 v1.0.0
+## explicit; go 1.17
+filippo.io/edwards25519
+filippo.io/edwards25519/field
+# github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24
+## explicit; go 1.20
+github.com/AdaLogics/go-fuzz-headers
+# github.com/AliyunContainerService/ack-ram-tool/pkg/credentials/alibabacloudsdkgo/helper v0.2.0
+## explicit; go 1.17
+github.com/AliyunContainerService/ack-ram-tool/pkg/credentials/alibabacloudsdkgo/helper
+# github.com/Azure/azure-sdk-for-go v68.0.0+incompatible
+## explicit
+github.com/Azure/azure-sdk-for-go/services/preview/containerregistry/runtime/2019-08-15-preview/containerregistry
+github.com/Azure/azure-sdk-for-go/version
+# github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161
+## explicit; go 1.16
+github.com/Azure/go-ansiterm
+github.com/Azure/go-ansiterm/winterm
+# github.com/Azure/go-autorest v14.2.0+incompatible
+## explicit
+github.com/Azure/go-autorest
+# github.com/Azure/go-autorest/autorest v0.11.29
+## explicit; go 1.15
+github.com/Azure/go-autorest/autorest
+github.com/Azure/go-autorest/autorest/azure
+# github.com/Azure/go-autorest/autorest/adal v0.9.23
+## explicit; go 1.15
+github.com/Azure/go-autorest/autorest/adal
+# github.com/Azure/go-autorest/autorest/azure/auth v0.5.12
+## explicit; go 1.15
+github.com/Azure/go-autorest/autorest/azure/auth
+# github.com/Azure/go-autorest/autorest/azure/cli v0.4.6
+## explicit; go 1.15
+github.com/Azure/go-autorest/autorest/azure/cli
+# github.com/Azure/go-autorest/autorest/date v0.3.0
+## explicit; go 1.12
+github.com/Azure/go-autorest/autorest/date
+# github.com/Azure/go-autorest/logger v0.2.1
+## explicit; go 1.12
+github.com/Azure/go-autorest/logger
+# github.com/Azure/go-autorest/tracing v0.6.0
+## explicit; go 1.12
+github.com/Azure/go-autorest/tracing
+# github.com/BurntSushi/toml v1.2.1
+## explicit; go 1.16
+github.com/BurntSushi/toml
+github.com/BurntSushi/toml/internal
+# github.com/DataDog/appsec-internal-go v1.0.0
+## explicit; go 1.18
+github.com/DataDog/appsec-internal-go/httpsec
+github.com/DataDog/appsec-internal-go/netip
+# github.com/DataDog/datadog-agent/pkg/obfuscate v0.48.1
+## explicit; go 1.20
+github.com/DataDog/datadog-agent/pkg/obfuscate
+# github.com/DataDog/datadog-agent/pkg/remoteconfig/state v0.48.1
+## explicit; go 1.20
+github.com/DataDog/datadog-agent/pkg/remoteconfig/state
+# github.com/DataDog/datadog-go/v5 v5.3.0
+## explicit; go 1.13
+github.com/DataDog/datadog-go/v5/statsd
+# github.com/DataDog/go-libddwaf v1.5.0
+## explicit; go 1.18
+github.com/DataDog/go-libddwaf
+github.com/DataDog/go-libddwaf/internal/noopfree
+# github.com/DataDog/go-tuf v1.0.2-0.5.2
+## explicit; go 1.18
+github.com/DataDog/go-tuf/client
+github.com/DataDog/go-tuf/data
+github.com/DataDog/go-tuf/internal/roles
+github.com/DataDog/go-tuf/internal/sets
+github.com/DataDog/go-tuf/pkg/keys
+github.com/DataDog/go-tuf/pkg/targets
+github.com/DataDog/go-tuf/util
+github.com/DataDog/go-tuf/verify
+# github.com/DataDog/gostackparse v0.7.0
+## explicit; go 1.16
+github.com/DataDog/gostackparse
+# github.com/DataDog/sketches-go v1.4.3
+## explicit; go 1.15
+github.com/DataDog/sketches-go/ddsketch
+github.com/DataDog/sketches-go/ddsketch/encoding
+github.com/DataDog/sketches-go/ddsketch/mapping
+github.com/DataDog/sketches-go/ddsketch/pb/sketchpb
+github.com/DataDog/sketches-go/ddsketch/stat
+github.com/DataDog/sketches-go/ddsketch/store
+# github.com/MakeNowJust/heredoc v1.0.0
+## explicit; go 1.12
+github.com/MakeNowJust/heredoc
+# github.com/Masterminds/goutils v1.1.1
+## explicit
+github.com/Masterminds/goutils
+# github.com/Masterminds/semver/v3 v3.2.1
+## explicit; go 1.18
+github.com/Masterminds/semver/v3
+# github.com/Masterminds/sprig/v3 v3.2.3
+## explicit; go 1.13
+github.com/Masterminds/sprig/v3
+# github.com/Masterminds/squirrel v1.5.4
+## explicit; go 1.14
+github.com/Masterminds/squirrel
+# github.com/Microsoft/go-winio v0.6.1
+## explicit; go 1.17
+github.com/Microsoft/go-winio
+github.com/Microsoft/go-winio/internal/fs
+github.com/Microsoft/go-winio/internal/socket
+github.com/Microsoft/go-winio/internal/stringbuffer
+github.com/Microsoft/go-winio/pkg/guid
+# github.com/Microsoft/hcsshim v0.11.0
+## explicit; go 1.18
+github.com/Microsoft/hcsshim/osversion
+# github.com/ProtonMail/go-crypto v0.0.0-20230923063757-afb1ddc0824c
+## explicit; go 1.13
+github.com/ProtonMail/go-crypto/bitcurves
+github.com/ProtonMail/go-crypto/brainpool
+github.com/ProtonMail/go-crypto/eax
+github.com/ProtonMail/go-crypto/internal/byteutil
+github.com/ProtonMail/go-crypto/ocb
+github.com/ProtonMail/go-crypto/openpgp
+github.com/ProtonMail/go-crypto/openpgp/aes/keywrap
+github.com/ProtonMail/go-crypto/openpgp/armor
+github.com/ProtonMail/go-crypto/openpgp/ecdh
+github.com/ProtonMail/go-crypto/openpgp/ecdsa
+github.com/ProtonMail/go-crypto/openpgp/eddsa
+github.com/ProtonMail/go-crypto/openpgp/elgamal
+github.com/ProtonMail/go-crypto/openpgp/errors
+github.com/ProtonMail/go-crypto/openpgp/internal/algorithm
+github.com/ProtonMail/go-crypto/openpgp/internal/ecc
+github.com/ProtonMail/go-crypto/openpgp/internal/encoding
+github.com/ProtonMail/go-crypto/openpgp/packet
+github.com/ProtonMail/go-crypto/openpgp/s2k
+# github.com/ThalesIgnite/crypto11 v1.2.5
+## explicit; go 1.13
+github.com/ThalesIgnite/crypto11
+# github.com/ahmetb/gen-crd-api-reference-docs v0.3.0
+## explicit; go 1.15
+github.com/ahmetb/gen-crd-api-reference-docs
+# github.com/alibabacloud-go/alibabacloud-gateway-spi v0.0.4
+## explicit; go 1.14
+github.com/alibabacloud-go/alibabacloud-gateway-spi/client
+# github.com/alibabacloud-go/cr-20160607 v1.0.1
+## explicit; go 1.15
+github.com/alibabacloud-go/cr-20160607/client
+# github.com/alibabacloud-go/cr-20181201 v1.0.10
+## explicit; go 1.15
+github.com/alibabacloud-go/cr-20181201/client
+# github.com/alibabacloud-go/darabonba-openapi v0.2.1
+## explicit; go 1.14
+github.com/alibabacloud-go/darabonba-openapi/client
+# github.com/alibabacloud-go/debug v1.0.0
+## explicit; go 1.18
+github.com/alibabacloud-go/debug/debug
+# github.com/alibabacloud-go/endpoint-util v1.1.1
+## explicit
+github.com/alibabacloud-go/endpoint-util/service
+# github.com/alibabacloud-go/openapi-util v0.1.0
+## explicit; go 1.14
+github.com/alibabacloud-go/openapi-util/service
+# github.com/alibabacloud-go/tea v1.2.1
+## explicit; go 1.14
+github.com/alibabacloud-go/tea/tea
+github.com/alibabacloud-go/tea/utils
+# github.com/alibabacloud-go/tea-utils v1.4.5
+## explicit; go 1.14
+github.com/alibabacloud-go/tea-utils/service
+# github.com/alibabacloud-go/tea-xml v1.1.3
+## explicit; go 1.14
+github.com/alibabacloud-go/tea-xml/service
+# github.com/aliyun/credentials-go v1.3.1
+## explicit; go 1.14
+github.com/aliyun/credentials-go/credentials
+github.com/aliyun/credentials-go/credentials/request
+github.com/aliyun/credentials-go/credentials/response
+github.com/aliyun/credentials-go/credentials/utils
+# github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2
+## explicit; go 1.13
+github.com/asaskevich/govalidator
+# github.com/aws/aws-sdk-go-v2 v1.21.2
+## explicit; go 1.15
+github.com/aws/aws-sdk-go-v2
+github.com/aws/aws-sdk-go-v2/aws
+github.com/aws/aws-sdk-go-v2/aws/arn
+github.com/aws/aws-sdk-go-v2/aws/defaults
+github.com/aws/aws-sdk-go-v2/aws/middleware
+github.com/aws/aws-sdk-go-v2/aws/protocol/query
+github.com/aws/aws-sdk-go-v2/aws/protocol/restjson
+github.com/aws/aws-sdk-go-v2/aws/protocol/xml
+github.com/aws/aws-sdk-go-v2/aws/ratelimit
+github.com/aws/aws-sdk-go-v2/aws/retry
+github.com/aws/aws-sdk-go-v2/aws/signer/internal/v4
+github.com/aws/aws-sdk-go-v2/aws/signer/v4
+github.com/aws/aws-sdk-go-v2/aws/transport/http
+github.com/aws/aws-sdk-go-v2/internal/auth
+github.com/aws/aws-sdk-go-v2/internal/awsutil
+github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn
+github.com/aws/aws-sdk-go-v2/internal/rand
+github.com/aws/aws-sdk-go-v2/internal/sdk
+github.com/aws/aws-sdk-go-v2/internal/sdkio
+github.com/aws/aws-sdk-go-v2/internal/shareddefaults
+github.com/aws/aws-sdk-go-v2/internal/strings
+github.com/aws/aws-sdk-go-v2/internal/sync/singleflight
+github.com/aws/aws-sdk-go-v2/internal/timeconv
+# github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.4.13
+## explicit; go 1.15
+github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream
+github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream/eventstreamapi
+# github.com/aws/aws-sdk-go-v2/config v1.19.1
+## explicit; go 1.15
+github.com/aws/aws-sdk-go-v2/config
+# github.com/aws/aws-sdk-go-v2/credentials v1.13.43
+## explicit; go 1.15
+github.com/aws/aws-sdk-go-v2/credentials
+github.com/aws/aws-sdk-go-v2/credentials/ec2rolecreds
+github.com/aws/aws-sdk-go-v2/credentials/endpointcreds
+github.com/aws/aws-sdk-go-v2/credentials/endpointcreds/internal/client
+github.com/aws/aws-sdk-go-v2/credentials/processcreds
+github.com/aws/aws-sdk-go-v2/credentials/ssocreds
+github.com/aws/aws-sdk-go-v2/credentials/stscreds
+# github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.13
+## explicit; go 1.15
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds/internal/config
+# github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.11.33
+## explicit; go 1.15
+github.com/aws/aws-sdk-go-v2/feature/s3/manager
+# github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.43
+## explicit; go 1.15
+github.com/aws/aws-sdk-go-v2/internal/configsources
+# github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.37
+## explicit; go 1.15
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2
+# github.com/aws/aws-sdk-go-v2/internal/ini v1.3.45
+## explicit; go 1.15
+github.com/aws/aws-sdk-go-v2/internal/ini
+# github.com/aws/aws-sdk-go-v2/internal/v4a v1.1.4
+## explicit; go 1.15
+github.com/aws/aws-sdk-go-v2/internal/v4a
+github.com/aws/aws-sdk-go-v2/internal/v4a/internal/crypto
+github.com/aws/aws-sdk-go-v2/internal/v4a/internal/v4
+# github.com/aws/aws-sdk-go-v2/service/ecr v1.20.2
+## explicit; go 1.15
+github.com/aws/aws-sdk-go-v2/service/ecr
+github.com/aws/aws-sdk-go-v2/service/ecr/internal/endpoints
+github.com/aws/aws-sdk-go-v2/service/ecr/types
+# github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.18.2
+## explicit; go 1.15
+github.com/aws/aws-sdk-go-v2/service/ecrpublic
+github.com/aws/aws-sdk-go-v2/service/ecrpublic/internal/endpoints
+github.com/aws/aws-sdk-go-v2/service/ecrpublic/types
+# github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.9.14
+## explicit; go 1.15
+github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding
+# github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.1.36
+## explicit; go 1.15
+github.com/aws/aws-sdk-go-v2/service/internal/checksum
+# github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.37
+## explicit; go 1.15
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url
+# github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.15.4
+## explicit; go 1.15
+github.com/aws/aws-sdk-go-v2/service/internal/s3shared
+github.com/aws/aws-sdk-go-v2/service/internal/s3shared/arn
+github.com/aws/aws-sdk-go-v2/service/internal/s3shared/config
+# github.com/aws/aws-sdk-go-v2/service/s3 v1.40.0
+## explicit; go 1.15
+github.com/aws/aws-sdk-go-v2/service/s3
+github.com/aws/aws-sdk-go-v2/service/s3/internal/arn
+github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations
+github.com/aws/aws-sdk-go-v2/service/s3/internal/endpoints
+github.com/aws/aws-sdk-go-v2/service/s3/types
+# github.com/aws/aws-sdk-go-v2/service/sso v1.15.2
+## explicit; go 1.15
+github.com/aws/aws-sdk-go-v2/service/sso
+github.com/aws/aws-sdk-go-v2/service/sso/internal/endpoints
+github.com/aws/aws-sdk-go-v2/service/sso/types
+# github.com/aws/aws-sdk-go-v2/service/ssooidc v1.17.3
+## explicit; go 1.15
+github.com/aws/aws-sdk-go-v2/service/ssooidc
+github.com/aws/aws-sdk-go-v2/service/ssooidc/internal/endpoints
+github.com/aws/aws-sdk-go-v2/service/ssooidc/types
+# github.com/aws/aws-sdk-go-v2/service/sts v1.23.2
+## explicit; go 1.15
+github.com/aws/aws-sdk-go-v2/service/sts
+github.com/aws/aws-sdk-go-v2/service/sts/internal/endpoints
+github.com/aws/aws-sdk-go-v2/service/sts/types
+# github.com/aws/smithy-go v1.15.0
+## explicit; go 1.15
+github.com/aws/smithy-go
+github.com/aws/smithy-go/auth/bearer
+github.com/aws/smithy-go/context
+github.com/aws/smithy-go/document
+github.com/aws/smithy-go/encoding
+github.com/aws/smithy-go/encoding/httpbinding
+github.com/aws/smithy-go/encoding/json
+github.com/aws/smithy-go/encoding/xml
+github.com/aws/smithy-go/endpoints
+github.com/aws/smithy-go/endpoints/private/rulesfn
+github.com/aws/smithy-go/internal/sync/singleflight
+github.com/aws/smithy-go/io
+github.com/aws/smithy-go/logging
+github.com/aws/smithy-go/middleware
+github.com/aws/smithy-go/ptr
+github.com/aws/smithy-go/rand
+github.com/aws/smithy-go/sync
+github.com/aws/smithy-go/time
+github.com/aws/smithy-go/transport/http
+github.com/aws/smithy-go/transport/http/internal/io
+github.com/aws/smithy-go/waiter
+# github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20231024185945-8841054dbdb8
+## explicit; go 1.19
+github.com/awslabs/amazon-ecr-credential-helper/ecr-login
+github.com/awslabs/amazon-ecr-credential-helper/ecr-login/api
+github.com/awslabs/amazon-ecr-credential-helper/ecr-login/cache
+github.com/awslabs/amazon-ecr-credential-helper/ecr-login/config
+github.com/awslabs/amazon-ecr-credential-helper/ecr-login/version
+# github.com/beorn7/perks v1.0.1
+## explicit; go 1.11
+github.com/beorn7/perks/quantile
+# github.com/blang/semver v3.5.1+incompatible
+## explicit
+github.com/blang/semver
+# github.com/buildkite/agent/v3 v3.58.0
+## explicit; go 1.20
+github.com/buildkite/agent/v3/api
+github.com/buildkite/agent/v3/env
+github.com/buildkite/agent/v3/internal/ordered
+github.com/buildkite/agent/v3/internal/pipeline
+github.com/buildkite/agent/v3/logger
+github.com/buildkite/agent/v3/tracetools
+github.com/buildkite/agent/v3/version
+# github.com/buildkite/interpolate v0.0.0-20200526001904-07f35b4ae251
+## explicit
+github.com/buildkite/interpolate
+# github.com/cespare/xxhash/v2 v2.2.0
+## explicit; go 1.11
+github.com/cespare/xxhash/v2
+# github.com/chai2010/gettext-go v1.0.2
+## explicit; go 1.14
+github.com/chai2010/gettext-go
+github.com/chai2010/gettext-go/mo
+github.com/chai2010/gettext-go/plural
+github.com/chai2010/gettext-go/po
+# github.com/chrismellard/docker-credential-acr-env v0.0.0-20230304212654-82a0ddb27589
+## explicit; go 1.18
+github.com/chrismellard/docker-credential-acr-env/pkg/credhelper
+github.com/chrismellard/docker-credential-acr-env/pkg/registry
+github.com/chrismellard/docker-credential-acr-env/pkg/token
+# github.com/clbanning/mxj/v2 v2.7.0
+## explicit; go 1.15
+github.com/clbanning/mxj/v2
+# github.com/cloudflare/circl v1.3.5
+## explicit; go 1.19
+github.com/cloudflare/circl/dh/x25519
+github.com/cloudflare/circl/dh/x448
+github.com/cloudflare/circl/ecc/goldilocks
+github.com/cloudflare/circl/internal/conv
+github.com/cloudflare/circl/internal/sha3
+github.com/cloudflare/circl/math
+github.com/cloudflare/circl/math/fp25519
+github.com/cloudflare/circl/math/fp448
+github.com/cloudflare/circl/math/mlsbset
+github.com/cloudflare/circl/sign
+github.com/cloudflare/circl/sign/ed25519
+github.com/cloudflare/circl/sign/ed448
+# github.com/common-nighthawk/go-figure v0.0.0-20210622060536-734e95fb86be
+## explicit
+github.com/common-nighthawk/go-figure
+# github.com/containerd/containerd v1.7.6
+## explicit; go 1.19
+github.com/containerd/containerd/archive/compression
+github.com/containerd/containerd/content
+github.com/containerd/containerd/content/local
+github.com/containerd/containerd/errdefs
+github.com/containerd/containerd/filters
+github.com/containerd/containerd/images
+github.com/containerd/containerd/labels
+github.com/containerd/containerd/log
+github.com/containerd/containerd/pkg/randutil
+github.com/containerd/containerd/platforms
+github.com/containerd/containerd/reference
+github.com/containerd/containerd/reference/docker
+github.com/containerd/containerd/remotes
+github.com/containerd/containerd/remotes/docker
+github.com/containerd/containerd/remotes/docker/auth
+github.com/containerd/containerd/remotes/docker/config
+github.com/containerd/containerd/remotes/docker/schema1
+github.com/containerd/containerd/remotes/errors
+github.com/containerd/containerd/tracing
+github.com/containerd/containerd/version
+# github.com/containerd/stargz-snapshotter/estargz v0.14.3
+## explicit; go 1.19
+github.com/containerd/stargz-snapshotter/estargz
+github.com/containerd/stargz-snapshotter/estargz/errorutil
+# github.com/containers/image/v5 v5.21.1
+## explicit; go 1.16
+github.com/containers/image/v5/docker/daemon
+github.com/containers/image/v5/docker/internal/tarfile
+github.com/containers/image/v5/docker/policyconfiguration
+github.com/containers/image/v5/docker/reference
+github.com/containers/image/v5/image
+github.com/containers/image/v5/internal/blobinfocache
+github.com/containers/image/v5/internal/iolimits
+github.com/containers/image/v5/internal/pkg/platform
+github.com/containers/image/v5/internal/putblobdigest
+github.com/containers/image/v5/internal/streamdigest
+github.com/containers/image/v5/internal/tmpdir
+github.com/containers/image/v5/manifest
+github.com/containers/image/v5/pkg/blobinfocache/none
+github.com/containers/image/v5/pkg/compression
+github.com/containers/image/v5/pkg/compression/internal
+github.com/containers/image/v5/pkg/compression/types
+github.com/containers/image/v5/pkg/strslice
+github.com/containers/image/v5/transports
+github.com/containers/image/v5/types
+# github.com/containers/libtrust v0.0.0-20200511145503-9c3a6c22cd9a
+## explicit
+github.com/containers/libtrust
+# github.com/containers/ocicrypt v1.1.6
+## explicit; go 1.12
+github.com/containers/ocicrypt/spec
+# github.com/containers/storage v1.42.0
+## explicit; go 1.16
+github.com/containers/storage/pkg/chunked/compressor
+github.com/containers/storage/pkg/chunked/internal
+github.com/containers/storage/pkg/ioutils
+github.com/containers/storage/pkg/longpath
+# github.com/coreos/go-oidc/v3 v3.7.0
+## explicit; go 1.19
+github.com/coreos/go-oidc/v3/oidc
+# github.com/cyberphone/json-canonicalization v0.0.0-20231011164504-785e29786b46
+## explicit
+github.com/cyberphone/json-canonicalization/go/src/webpki.org/jsoncanonicalizer
+# github.com/cyphar/filepath-securejoin v0.2.4
+## explicit; go 1.13
+github.com/cyphar/filepath-securejoin
+# github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc
+## explicit
+github.com/davecgh/go-spew/spew
+# github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0
+## explicit; go 1.17
+github.com/decred/dcrd/dcrec/secp256k1/v4
+# github.com/digitorus/pkcs7 v0.0.0-20230818184609-3a137a874352
+## explicit; go 1.13
+github.com/digitorus/pkcs7
+# github.com/digitorus/timestamp v0.0.0-20230902153158-687734543647
+## explicit; go 1.16
+github.com/digitorus/timestamp
+# github.com/dimchansky/utfbom v1.1.1
+## explicit
+github.com/dimchansky/utfbom
+# github.com/distribution/reference v0.5.0
+## explicit; go 1.20
+github.com/distribution/reference
+# github.com/docker/cli v24.0.7+incompatible
+## explicit
+github.com/docker/cli/cli/command
+github.com/docker/cli/cli/config
+github.com/docker/cli/cli/config/configfile
+github.com/docker/cli/cli/config/credentials
+github.com/docker/cli/cli/config/types
+github.com/docker/cli/cli/connhelper
+github.com/docker/cli/cli/connhelper/commandconn
+github.com/docker/cli/cli/connhelper/ssh
+github.com/docker/cli/cli/context
+github.com/docker/cli/cli/context/docker
+github.com/docker/cli/cli/context/store
+github.com/docker/cli/cli/debug
+github.com/docker/cli/cli/flags
+github.com/docker/cli/cli/hints
+github.com/docker/cli/cli/manifest/store
+github.com/docker/cli/cli/manifest/types
+github.com/docker/cli/cli/registry/client
+github.com/docker/cli/cli/streams
+github.com/docker/cli/cli/trust
+github.com/docker/cli/cli/version
+github.com/docker/cli/opts
+# github.com/docker/distribution v2.8.3+incompatible
+## explicit
+github.com/docker/distribution
+github.com/docker/distribution/manifest
+github.com/docker/distribution/manifest/manifestlist
+github.com/docker/distribution/manifest/ocischema
+github.com/docker/distribution/manifest/schema2
+github.com/docker/distribution/metrics
+github.com/docker/distribution/reference
+github.com/docker/distribution/registry/api/errcode
+github.com/docker/distribution/registry/api/v2
+github.com/docker/distribution/registry/client
+github.com/docker/distribution/registry/client/auth
+github.com/docker/distribution/registry/client/auth/challenge
+github.com/docker/distribution/registry/client/transport
+github.com/docker/distribution/registry/storage/cache
+github.com/docker/distribution/registry/storage/cache/memory
+github.com/docker/distribution/uuid
+# github.com/docker/docker v24.0.7+incompatible
+## explicit
+github.com/docker/docker/api
+github.com/docker/docker/api/types
+github.com/docker/docker/api/types/blkiodev
+github.com/docker/docker/api/types/container
+github.com/docker/docker/api/types/events
+github.com/docker/docker/api/types/filters
+github.com/docker/docker/api/types/image
+github.com/docker/docker/api/types/mount
+github.com/docker/docker/api/types/network
+github.com/docker/docker/api/types/registry
+github.com/docker/docker/api/types/strslice
+github.com/docker/docker/api/types/swarm
+github.com/docker/docker/api/types/swarm/runtime
+github.com/docker/docker/api/types/time
+github.com/docker/docker/api/types/versions
+github.com/docker/docker/api/types/volume
+github.com/docker/docker/client
+github.com/docker/docker/errdefs
+github.com/docker/docker/pkg/homedir
+github.com/docker/docker/pkg/ioutils
+github.com/docker/docker/pkg/jsonmessage
+github.com/docker/docker/pkg/longpath
+github.com/docker/docker/registry
+# github.com/docker/docker-credential-helpers v0.8.0
+## explicit; go 1.19
+github.com/docker/docker-credential-helpers/client
+github.com/docker/docker-credential-helpers/credentials
+# github.com/docker/go v1.5.1-1.0.20160303222718-d30aec9fd63c
+## explicit
+github.com/docker/go/canonical/json
+# github.com/docker/go-connections v0.4.0
+## explicit
+github.com/docker/go-connections/nat
+github.com/docker/go-connections/sockets
+github.com/docker/go-connections/tlsconfig
+# github.com/docker/go-metrics v0.0.1
+## explicit; go 1.11
+github.com/docker/go-metrics
+# github.com/docker/go-units v0.5.0
+## explicit
+github.com/docker/go-units
+# github.com/drone/envsubst v1.0.3
+## explicit; go 1.13
+github.com/drone/envsubst
+github.com/drone/envsubst/parse
+github.com/drone/envsubst/path
+# github.com/dustin/go-humanize v1.0.1
+## explicit; go 1.16
+github.com/dustin/go-humanize
+# github.com/ebitengine/purego v0.5.0
+## explicit; go 1.18
+github.com/ebitengine/purego
+github.com/ebitengine/purego/internal/cgo
+github.com/ebitengine/purego/internal/fakecgo
+github.com/ebitengine/purego/internal/strings
+# github.com/emicklei/go-restful/v3 v3.11.0
+## explicit; go 1.13
+github.com/emicklei/go-restful/v3
+github.com/emicklei/go-restful/v3/log
+# github.com/evanphx/json-patch v5.6.0+incompatible
+## explicit
+github.com/evanphx/json-patch
+# github.com/evanphx/json-patch/v5 v5.6.0
+## explicit; go 1.12
+github.com/evanphx/json-patch/v5
+# github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f
+## explicit; go 1.15
+github.com/exponent-io/jsonpath
+# github.com/fatih/color v1.15.0
+## explicit; go 1.17
+github.com/fatih/color
+# github.com/fsnotify/fsnotify v1.7.0
+## explicit; go 1.17
+github.com/fsnotify/fsnotify
+# github.com/fvbommel/sortorder v1.0.2
+## explicit; go 1.13
+github.com/fvbommel/sortorder
+# github.com/gabriel-vasile/mimetype v1.4.3
+## explicit; go 1.20
+github.com/gabriel-vasile/mimetype
+github.com/gabriel-vasile/mimetype/internal/charset
+github.com/gabriel-vasile/mimetype/internal/json
+github.com/gabriel-vasile/mimetype/internal/magic
+# github.com/gardener/component-cli v0.44.0
+## explicit; go 1.18
+github.com/gardener/component-cli/ociclient
+github.com/gardener/component-cli/ociclient/cache
+github.com/gardener/component-cli/ociclient/credentials
+github.com/gardener/component-cli/ociclient/metrics
+github.com/gardener/component-cli/ociclient/mock
+github.com/gardener/component-cli/ociclient/oci
+github.com/gardener/component-cli/pkg/commands/componentarchive/input
+github.com/gardener/component-cli/pkg/commands/constants
+github.com/gardener/component-cli/pkg/logcontext
+github.com/gardener/component-cli/pkg/utils
+# github.com/gardener/component-spec/bindings-go v0.0.95
+## explicit; go 1.18
+github.com/gardener/component-spec/bindings-go/apis
+github.com/gardener/component-spec/bindings-go/apis/v2
+github.com/gardener/component-spec/bindings-go/apis/v2/cdutils
+github.com/gardener/component-spec/bindings-go/apis/v2/jsonscheme
+github.com/gardener/component-spec/bindings-go/apis/v2/validation
+github.com/gardener/component-spec/bindings-go/codec
+github.com/gardener/component-spec/bindings-go/ctf
+github.com/gardener/component-spec/bindings-go/oci
+github.com/gardener/component-spec/bindings-go/utils/selector
+# github.com/gardener/image-vector v0.10.0
+## explicit; go 1.16
+github.com/gardener/image-vector/pkg
+# github.com/gardener/landscaper/apis v0.0.0-00010101000000-000000000000 => ./apis
+## explicit; go 1.20
+github.com/gardener/landscaper/apis/config
+github.com/gardener/landscaper/apis/config/install
+github.com/gardener/landscaper/apis/config/v1alpha1
+github.com/gardener/landscaper/apis/core
+github.com/gardener/landscaper/apis/core/install
+github.com/gardener/landscaper/apis/core/v1alpha1
+github.com/gardener/landscaper/apis/core/v1alpha1/helper
+github.com/gardener/landscaper/apis/core/v1alpha1/targettypes
+github.com/gardener/landscaper/apis/core/validation
+github.com/gardener/landscaper/apis/deployer/container
+github.com/gardener/landscaper/apis/deployer/container/install
+github.com/gardener/landscaper/apis/deployer/container/v1alpha1
+github.com/gardener/landscaper/apis/deployer/container/v1alpha1/validation
+github.com/gardener/landscaper/apis/deployer/helm
+github.com/gardener/landscaper/apis/deployer/helm/install
+github.com/gardener/landscaper/apis/deployer/helm/v1alpha1
+github.com/gardener/landscaper/apis/deployer/helm/v1alpha1/helper
+github.com/gardener/landscaper/apis/deployer/helm/v1alpha1/validation
+github.com/gardener/landscaper/apis/deployer/manifest
+github.com/gardener/landscaper/apis/deployer/manifest/install
+github.com/gardener/landscaper/apis/deployer/manifest/v1alpha1
+github.com/gardener/landscaper/apis/deployer/manifest/v1alpha2
+github.com/gardener/landscaper/apis/deployer/manifest/validation
+github.com/gardener/landscaper/apis/deployer/mock
+github.com/gardener/landscaper/apis/deployer/mock/install
+github.com/gardener/landscaper/apis/deployer/mock/v1alpha1
+github.com/gardener/landscaper/apis/deployer/utils/continuousreconcile
+github.com/gardener/landscaper/apis/deployer/utils/continuousreconcile/validation
+github.com/gardener/landscaper/apis/deployer/utils/managedresource
+github.com/gardener/landscaper/apis/deployer/utils/managedresource/validation
+github.com/gardener/landscaper/apis/deployer/utils/readinesschecks
+github.com/gardener/landscaper/apis/deployer/utils/readinesschecks/validation
+github.com/gardener/landscaper/apis/errors
+github.com/gardener/landscaper/apis/mediatype
+github.com/gardener/landscaper/apis/schema
+github.com/gardener/landscaper/apis/utils
+# github.com/gardener/landscaper/controller-utils v0.0.0-00010101000000-000000000000 => ./controller-utils
+## explicit; go 1.20
+github.com/gardener/landscaper/controller-utils/pkg/crdmanager
+github.com/gardener/landscaper/controller-utils/pkg/errors
+github.com/gardener/landscaper/controller-utils/pkg/kubernetes
+github.com/gardener/landscaper/controller-utils/pkg/kubernetes/mock
+github.com/gardener/landscaper/controller-utils/pkg/landscaper
+github.com/gardener/landscaper/controller-utils/pkg/landscaper/targetresolver
+github.com/gardener/landscaper/controller-utils/pkg/landscaper/targetresolver/generic
+github.com/gardener/landscaper/controller-utils/pkg/landscaper/targetresolver/secret
+github.com/gardener/landscaper/controller-utils/pkg/logging
+github.com/gardener/landscaper/controller-utils/pkg/logging/constants
+github.com/gardener/landscaper/controller-utils/pkg/utils
+github.com/gardener/landscaper/controller-utils/pkg/webhook
+github.com/gardener/landscaper/controller-utils/pkg/webhook/certificates
+# github.com/ghodss/yaml v1.0.0
+## explicit
+github.com/ghodss/yaml
+# github.com/go-chi/chi v4.1.2+incompatible
+## explicit
+github.com/go-chi/chi
+github.com/go-chi/chi/middleware
+# github.com/go-errors/errors v1.4.2
+## explicit; go 1.14
+github.com/go-errors/errors
+# github.com/go-gorp/gorp/v3 v3.1.0
+## explicit; go 1.18
+github.com/go-gorp/gorp/v3
+# github.com/go-jose/go-jose/v3 v3.0.1
+## explicit; go 1.12
+github.com/go-jose/go-jose/v3
+github.com/go-jose/go-jose/v3/cipher
+github.com/go-jose/go-jose/v3/json
+github.com/go-jose/go-jose/v3/jwt
+# github.com/go-logr/logr v1.3.0
+## explicit; go 1.18
+github.com/go-logr/logr
+github.com/go-logr/logr/funcr
+# github.com/go-logr/stdr v1.2.2
+## explicit; go 1.16
+github.com/go-logr/stdr
+# github.com/go-logr/zapr v1.2.4
+## explicit; go 1.16
+github.com/go-logr/zapr
+# github.com/go-openapi/analysis v0.21.4
+## explicit; go 1.13
+github.com/go-openapi/analysis
+github.com/go-openapi/analysis/internal/debug
+github.com/go-openapi/analysis/internal/flatten/normalize
+github.com/go-openapi/analysis/internal/flatten/operations
+github.com/go-openapi/analysis/internal/flatten/replace
+github.com/go-openapi/analysis/internal/flatten/schutils
+github.com/go-openapi/analysis/internal/flatten/sortref
+# github.com/go-openapi/errors v0.20.4
+## explicit; go 1.14
+github.com/go-openapi/errors
+# github.com/go-openapi/jsonpointer v0.20.0
+## explicit; go 1.18
+github.com/go-openapi/jsonpointer
+# github.com/go-openapi/jsonreference v0.20.2
+## explicit; go 1.13
+github.com/go-openapi/jsonreference
+github.com/go-openapi/jsonreference/internal
+# github.com/go-openapi/loads v0.21.2
+## explicit; go 1.13
+github.com/go-openapi/loads
+# github.com/go-openapi/runtime v0.26.0
+## explicit; go 1.18
+github.com/go-openapi/runtime
+github.com/go-openapi/runtime/client
+github.com/go-openapi/runtime/logger
+github.com/go-openapi/runtime/middleware
+github.com/go-openapi/runtime/middleware/denco
+github.com/go-openapi/runtime/middleware/header
+github.com/go-openapi/runtime/middleware/untyped
+github.com/go-openapi/runtime/security
+github.com/go-openapi/runtime/yamlpc
+# github.com/go-openapi/spec v0.20.9
+## explicit; go 1.13
+github.com/go-openapi/spec
+# github.com/go-openapi/strfmt v0.21.7
+## explicit; go 1.19
+github.com/go-openapi/strfmt
+# github.com/go-openapi/swag v0.22.4
+## explicit; go 1.18
+github.com/go-openapi/swag
+# github.com/go-openapi/validate v0.22.1
+## explicit; go 1.14
+github.com/go-openapi/validate
+# github.com/go-playground/locales v0.14.1
+## explicit; go 1.17
+github.com/go-playground/locales
+github.com/go-playground/locales/currency
+# github.com/go-playground/universal-translator v0.18.1
+## explicit; go 1.18
+github.com/go-playground/universal-translator
+# github.com/go-playground/validator/v10 v10.15.5
+## explicit; go 1.18
+github.com/go-playground/validator/v10
+# github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572
+## explicit; go 1.13
+github.com/go-task/slim-sprig
+# github.com/go-test/deep v1.1.0
+## explicit; go 1.16
+github.com/go-test/deep
+# github.com/gobwas/glob v0.2.3
+## explicit
+github.com/gobwas/glob
+github.com/gobwas/glob/compiler
+github.com/gobwas/glob/match
+github.com/gobwas/glob/syntax
+github.com/gobwas/glob/syntax/ast
+github.com/gobwas/glob/syntax/lexer
+github.com/gobwas/glob/util/runes
+github.com/gobwas/glob/util/strings
+# github.com/goccy/go-json v0.10.2
+## explicit; go 1.12
+github.com/goccy/go-json
+github.com/goccy/go-json/internal/decoder
+github.com/goccy/go-json/internal/encoder
+github.com/goccy/go-json/internal/encoder/vm
+github.com/goccy/go-json/internal/encoder/vm_color
+github.com/goccy/go-json/internal/encoder/vm_color_indent
+github.com/goccy/go-json/internal/encoder/vm_indent
+github.com/goccy/go-json/internal/errors
+github.com/goccy/go-json/internal/runtime
+# github.com/gogo/protobuf v1.3.2
+## explicit; go 1.15
+github.com/gogo/protobuf/proto
+github.com/gogo/protobuf/sortkeys
+# github.com/golang-jwt/jwt/v4 v4.5.0
+## explicit; go 1.16
+github.com/golang-jwt/jwt/v4
+# github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da
+## explicit
+github.com/golang/groupcache/lru
+# github.com/golang/mock v1.6.0
+## explicit; go 1.11
+github.com/golang/mock/gomock
+github.com/golang/mock/mockgen
+github.com/golang/mock/mockgen/model
+# github.com/golang/protobuf v1.5.3
+## explicit; go 1.9
+github.com/golang/protobuf/jsonpb
+github.com/golang/protobuf/proto
+github.com/golang/protobuf/ptypes
+github.com/golang/protobuf/ptypes/any
+github.com/golang/protobuf/ptypes/duration
+github.com/golang/protobuf/ptypes/timestamp
+# github.com/golang/snappy v0.0.4
+## explicit
+github.com/golang/snappy
+# github.com/google/btree v1.1.2
+## explicit; go 1.18
+github.com/google/btree
+# github.com/google/certificate-transparency-go v1.1.7
+## explicit; go 1.20
+github.com/google/certificate-transparency-go
+github.com/google/certificate-transparency-go/asn1
+github.com/google/certificate-transparency-go/gossip/minimal/x509ext
+github.com/google/certificate-transparency-go/tls
+github.com/google/certificate-transparency-go/x509
+github.com/google/certificate-transparency-go/x509/pkix
+github.com/google/certificate-transparency-go/x509util
+# github.com/google/gnostic v0.6.9
+## explicit; go 1.12
+github.com/google/gnostic/compiler
+github.com/google/gnostic/extensions
+github.com/google/gnostic/jsonschema
+github.com/google/gnostic/openapiv2
+# github.com/google/gnostic-models v0.6.9-0.20230804172637-c7be7c783f49
+## explicit; go 1.18
+github.com/google/gnostic-models/compiler
+github.com/google/gnostic-models/extensions
+github.com/google/gnostic-models/jsonschema
+github.com/google/gnostic-models/openapiv2
+github.com/google/gnostic-models/openapiv3
+# github.com/google/go-cmp v0.6.0
+## explicit; go 1.13
+github.com/google/go-cmp/cmp
+github.com/google/go-cmp/cmp/internal/diff
+github.com/google/go-cmp/cmp/internal/flags
+github.com/google/go-cmp/cmp/internal/function
+github.com/google/go-cmp/cmp/internal/value
+# github.com/google/go-containerregistry v0.16.1
+## explicit; go 1.18
+github.com/google/go-containerregistry/internal/and
+github.com/google/go-containerregistry/internal/compression
+github.com/google/go-containerregistry/internal/estargz
+github.com/google/go-containerregistry/internal/gzip
+github.com/google/go-containerregistry/internal/redact
+github.com/google/go-containerregistry/internal/retry
+github.com/google/go-containerregistry/internal/retry/wait
+github.com/google/go-containerregistry/internal/verify
+github.com/google/go-containerregistry/internal/zstd
+github.com/google/go-containerregistry/pkg/authn
+github.com/google/go-containerregistry/pkg/authn/github
+github.com/google/go-containerregistry/pkg/compression
+github.com/google/go-containerregistry/pkg/logs
+github.com/google/go-containerregistry/pkg/name
+github.com/google/go-containerregistry/pkg/v1
+github.com/google/go-containerregistry/pkg/v1/empty
+github.com/google/go-containerregistry/pkg/v1/google
+github.com/google/go-containerregistry/pkg/v1/layout
+github.com/google/go-containerregistry/pkg/v1/match
+github.com/google/go-containerregistry/pkg/v1/mutate
+github.com/google/go-containerregistry/pkg/v1/partial
+github.com/google/go-containerregistry/pkg/v1/remote
+github.com/google/go-containerregistry/pkg/v1/remote/transport
+github.com/google/go-containerregistry/pkg/v1/static
+github.com/google/go-containerregistry/pkg/v1/stream
+github.com/google/go-containerregistry/pkg/v1/tarball
+github.com/google/go-containerregistry/pkg/v1/types
+# github.com/google/go-github/v45 v45.2.0
+## explicit; go 1.17
+github.com/google/go-github/v45/github
+# github.com/google/go-github/v55 v55.0.0
+## explicit; go 1.17
+github.com/google/go-github/v55/github
+# github.com/google/go-querystring v1.1.0
+## explicit; go 1.10
+github.com/google/go-querystring/query
+# github.com/google/gofuzz v1.2.0
+## explicit; go 1.12
+github.com/google/gofuzz
+github.com/google/gofuzz/bytesource
+# github.com/google/pprof v0.0.0-20231023181126-ff6d637d2a7b
+## explicit; go 1.19
+github.com/google/pprof/profile
+# github.com/google/s2a-go v0.1.7
+## explicit; go 1.19
+github.com/google/s2a-go
+github.com/google/s2a-go/fallback
+github.com/google/s2a-go/internal/authinfo
+github.com/google/s2a-go/internal/handshaker
+github.com/google/s2a-go/internal/handshaker/service
+github.com/google/s2a-go/internal/proto/common_go_proto
+github.com/google/s2a-go/internal/proto/s2a_context_go_proto
+github.com/google/s2a-go/internal/proto/s2a_go_proto
+github.com/google/s2a-go/internal/proto/v2/common_go_proto
+github.com/google/s2a-go/internal/proto/v2/s2a_context_go_proto
+github.com/google/s2a-go/internal/proto/v2/s2a_go_proto
+github.com/google/s2a-go/internal/record
+github.com/google/s2a-go/internal/record/internal/aeadcrypter
+github.com/google/s2a-go/internal/record/internal/halfconn
+github.com/google/s2a-go/internal/tokenmanager
+github.com/google/s2a-go/internal/v2
+github.com/google/s2a-go/internal/v2/certverifier
+github.com/google/s2a-go/internal/v2/remotesigner
+github.com/google/s2a-go/internal/v2/tlsconfigstore
+github.com/google/s2a-go/retry
+github.com/google/s2a-go/stream
+# github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510
+## explicit; go 1.13
+github.com/google/shlex
+# github.com/google/uuid v1.4.0
+## explicit
+github.com/google/uuid
+# github.com/googleapis/enterprise-certificate-proxy v0.3.2
+## explicit; go 1.19
+github.com/googleapis/enterprise-certificate-proxy/client
+github.com/googleapis/enterprise-certificate-proxy/client/util
+# github.com/gorilla/mux v1.8.0
+## explicit; go 1.12
+github.com/gorilla/mux
+# github.com/gosuri/uitable v0.0.4
+## explicit
+github.com/gosuri/uitable
+github.com/gosuri/uitable/util/strutil
+github.com/gosuri/uitable/util/wordwrap
+# github.com/gowebpki/jcs v1.0.1
+## explicit; go 1.15
+github.com/gowebpki/jcs
+# github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79
+## explicit
+github.com/gregjones/httpcache
+# github.com/hashicorp/errwrap v1.1.0
+## explicit
+github.com/hashicorp/errwrap
+# github.com/hashicorp/go-cleanhttp v0.5.2
+## explicit; go 1.13
+github.com/hashicorp/go-cleanhttp
+# github.com/hashicorp/go-multierror v1.1.1
+## explicit; go 1.13
+github.com/hashicorp/go-multierror
+# github.com/hashicorp/go-retryablehttp v0.7.4
+## explicit; go 1.13
+github.com/hashicorp/go-retryablehttp
+# github.com/hashicorp/hcl v1.0.1-vault-5
+## explicit; go 1.15
+github.com/hashicorp/hcl
+github.com/hashicorp/hcl/hcl/ast
+github.com/hashicorp/hcl/hcl/parser
+github.com/hashicorp/hcl/hcl/printer
+github.com/hashicorp/hcl/hcl/scanner
+github.com/hashicorp/hcl/hcl/strconv
+github.com/hashicorp/hcl/hcl/token
+github.com/hashicorp/hcl/json/parser
+github.com/hashicorp/hcl/json/scanner
+github.com/hashicorp/hcl/json/token
+# github.com/huandu/xstrings v1.4.0
+## explicit; go 1.12
+github.com/huandu/xstrings
+# github.com/imdario/mergo v0.3.16
+## explicit; go 1.13
+github.com/imdario/mergo
+# github.com/in-toto/in-toto-golang v0.9.0
+## explicit; go 1.20
+github.com/in-toto/in-toto-golang/in_toto
+github.com/in-toto/in-toto-golang/in_toto/slsa_provenance/common
+github.com/in-toto/in-toto-golang/in_toto/slsa_provenance/v0.1
+github.com/in-toto/in-toto-golang/in_toto/slsa_provenance/v0.2
+github.com/in-toto/in-toto-golang/in_toto/slsa_provenance/v1
+# github.com/inconshreveable/mousetrap v1.1.0
+## explicit; go 1.18
+github.com/inconshreveable/mousetrap
+# github.com/jedisct1/go-minisign v0.0.0-20230811132847-661be99b8267
+## explicit; go 1.20
+github.com/jedisct1/go-minisign
+# github.com/jmespath/go-jmespath v0.4.0
+## explicit; go 1.14
+github.com/jmespath/go-jmespath
+# github.com/jmoiron/sqlx v1.3.5
+## explicit; go 1.10
+github.com/jmoiron/sqlx
+github.com/jmoiron/sqlx/reflectx
+# github.com/josharian/intern v1.0.0
+## explicit; go 1.5
+github.com/josharian/intern
+# github.com/json-iterator/go v1.1.12
+## explicit; go 1.12
+github.com/json-iterator/go
+# github.com/klauspost/compress v1.17.2
+## explicit; go 1.18
+github.com/klauspost/compress
+github.com/klauspost/compress/flate
+github.com/klauspost/compress/fse
+github.com/klauspost/compress/huff0
+github.com/klauspost/compress/internal/cpuinfo
+github.com/klauspost/compress/internal/snapref
+github.com/klauspost/compress/zstd
+github.com/klauspost/compress/zstd/internal/xxhash
+# github.com/klauspost/pgzip v1.2.6
+## explicit
+github.com/klauspost/pgzip
+# github.com/lann/builder v0.0.0-20180802200727-47ae307949d0
+## explicit
+github.com/lann/builder
+# github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0
+## explicit
+github.com/lann/ps
+# github.com/leodido/go-urn v1.2.4
+## explicit; go 1.16
+github.com/leodido/go-urn
+# github.com/lestrrat-go/blackmagic v1.0.2
+## explicit; go 1.16
+github.com/lestrrat-go/blackmagic
+# github.com/lestrrat-go/httpcc v1.0.1
+## explicit; go 1.16
+github.com/lestrrat-go/httpcc
+# github.com/lestrrat-go/httprc v1.0.4
+## explicit; go 1.17
+github.com/lestrrat-go/httprc
+# github.com/lestrrat-go/iter v1.0.2
+## explicit; go 1.13
+github.com/lestrrat-go/iter/arrayiter
+github.com/lestrrat-go/iter/mapiter
+# github.com/lestrrat-go/jwx/v2 v2.0.16
+## explicit; go 1.16
+github.com/lestrrat-go/jwx/v2/cert
+github.com/lestrrat-go/jwx/v2/internal/base64
+github.com/lestrrat-go/jwx/v2/internal/ecutil
+github.com/lestrrat-go/jwx/v2/internal/iter
+github.com/lestrrat-go/jwx/v2/internal/json
+github.com/lestrrat-go/jwx/v2/internal/keyconv
+github.com/lestrrat-go/jwx/v2/internal/pool
+github.com/lestrrat-go/jwx/v2/jwa
+github.com/lestrrat-go/jwx/v2/jwk
+github.com/lestrrat-go/jwx/v2/jws
+github.com/lestrrat-go/jwx/v2/x25519
+# github.com/lestrrat-go/option v1.0.1
+## explicit; go 1.16
+github.com/lestrrat-go/option
+# github.com/letsencrypt/boulder v0.0.0-20231026200631-000cd05d5491
+## explicit; go 1.21
+github.com/letsencrypt/boulder/core
+github.com/letsencrypt/boulder/goodkey
+github.com/letsencrypt/boulder/identifier
+github.com/letsencrypt/boulder/probs
+github.com/letsencrypt/boulder/revocation
+github.com/letsencrypt/boulder/strictyaml
+# github.com/lib/pq v1.10.9
+## explicit; go 1.13
+github.com/lib/pq
+github.com/lib/pq/oid
+github.com/lib/pq/scram
+# github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de
+## explicit
+github.com/liggitt/tabwriter
+# github.com/magiconair/properties v1.8.7
+## explicit; go 1.19
+github.com/magiconair/properties
+# github.com/mailru/easyjson v0.7.7
+## explicit; go 1.12
+github.com/mailru/easyjson/buffer
+github.com/mailru/easyjson/jlexer
+github.com/mailru/easyjson/jwriter
+# github.com/mandelsoft/filepath v0.0.0-20230412200429-36b1eb66bd27
+## explicit; go 1.19
+github.com/mandelsoft/filepath/pkg/filepath
+# github.com/mandelsoft/logging v0.0.0-20230905123808-7042ee3aae45
+## explicit; go 1.18
+github.com/mandelsoft/logging
+github.com/mandelsoft/logging/config
+github.com/mandelsoft/logging/contract
+github.com/mandelsoft/logging/logrusfmt
+github.com/mandelsoft/logging/logrusl/adapter
+github.com/mandelsoft/logging/logrusr
+github.com/mandelsoft/logging/scheme
+# github.com/mandelsoft/spiff v1.7.0-beta-5
+## explicit; go 1.18
+github.com/mandelsoft/spiff/debug
+github.com/mandelsoft/spiff/dynaml
+github.com/mandelsoft/spiff/dynaml/control
+github.com/mandelsoft/spiff/dynaml/crypt
+github.com/mandelsoft/spiff/dynaml/passwd
+github.com/mandelsoft/spiff/dynaml/semver
+github.com/mandelsoft/spiff/dynaml/wireguard
+github.com/mandelsoft/spiff/dynaml/x509
+github.com/mandelsoft/spiff/features
+github.com/mandelsoft/spiff/flow
+github.com/mandelsoft/spiff/legacy/candiedyaml
+github.com/mandelsoft/spiff/spiffing
+github.com/mandelsoft/spiff/yaml
+# github.com/mandelsoft/vfs v0.0.0-20230713123140-269aa4fb1338
+## explicit; go 1.19
+github.com/mandelsoft/vfs/pkg/composefs
+github.com/mandelsoft/vfs/pkg/layerfs
+github.com/mandelsoft/vfs/pkg/memoryfs
+github.com/mandelsoft/vfs/pkg/osfs
+github.com/mandelsoft/vfs/pkg/projectionfs
+github.com/mandelsoft/vfs/pkg/readonlyfs
+github.com/mandelsoft/vfs/pkg/utils
+github.com/mandelsoft/vfs/pkg/vfs
+github.com/mandelsoft/vfs/pkg/yamlfs
+# github.com/marstr/guid v1.1.0
+## explicit
+github.com/marstr/guid
+# github.com/mattn/go-colorable v0.1.13
+## explicit; go 1.15
+github.com/mattn/go-colorable
+# github.com/mattn/go-isatty v0.0.20
+## explicit; go 1.15
+github.com/mattn/go-isatty
+# github.com/mattn/go-runewidth v0.0.15
+## explicit; go 1.9
+github.com/mattn/go-runewidth
+# github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0
+## explicit; go 1.19
+github.com/matttproud/golang_protobuf_extensions/v2/pbutil
+# github.com/miekg/pkcs11 v1.1.1
+## explicit; go 1.12
+github.com/miekg/pkcs11
+# github.com/mitchellh/copystructure v1.2.0
+## explicit; go 1.15
+github.com/mitchellh/copystructure
+# github.com/mitchellh/go-homedir v1.1.0
+## explicit
+github.com/mitchellh/go-homedir
+# github.com/mitchellh/go-wordwrap v1.0.1
+## explicit; go 1.14
+github.com/mitchellh/go-wordwrap
+# github.com/mitchellh/mapstructure v1.5.0
+## explicit; go 1.14
+github.com/mitchellh/mapstructure
+# github.com/mitchellh/reflectwalk v1.0.2
+## explicit
+github.com/mitchellh/reflectwalk
+# github.com/moby/locker v1.0.1
+## explicit; go 1.13
+github.com/moby/locker
+# github.com/moby/spdystream v0.2.0
+## explicit; go 1.13
+github.com/moby/spdystream
+github.com/moby/spdystream/spdy
+# github.com/moby/sys/sequential v0.5.0
+## explicit; go 1.17
+github.com/moby/sys/sequential
+# github.com/moby/term v0.5.0
+## explicit; go 1.18
+github.com/moby/term
+github.com/moby/term/windows
+# github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd
+## explicit
+github.com/modern-go/concurrent
+# github.com/modern-go/reflect2 v1.0.2
+## explicit; go 1.12
+github.com/modern-go/reflect2
+# github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00
+## explicit
+github.com/monochromegane/go-gitignore
+# github.com/morikuni/aec v1.0.0
+## explicit
+github.com/morikuni/aec
+# github.com/mozillazg/docker-credential-acr-helper v0.3.0
+## explicit; go 1.17
+github.com/mozillazg/docker-credential-acr-helper/pkg/acr
+github.com/mozillazg/docker-credential-acr-helper/pkg/credhelper
+github.com/mozillazg/docker-credential-acr-helper/pkg/version
+# github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822
+## explicit
+github.com/munnerz/goautoneg
+# github.com/nozzle/throttler v0.0.0-20180817012639-2ea982251481
+## explicit
+github.com/nozzle/throttler
+# github.com/nxadm/tail v1.4.8
+## explicit; go 1.13
+github.com/nxadm/tail
+github.com/nxadm/tail/ratelimiter
+github.com/nxadm/tail/util
+github.com/nxadm/tail/watch
+github.com/nxadm/tail/winfile
+# github.com/oklog/ulid v1.3.1
+## explicit
+github.com/oklog/ulid
+# github.com/oleiade/reflections v1.0.1
+## explicit; go 1.15
+github.com/oleiade/reflections
+# github.com/onsi/ginkgo v1.16.5
+## explicit; go 1.16
+github.com/onsi/ginkgo
+github.com/onsi/ginkgo/config
+github.com/onsi/ginkgo/formatter
+github.com/onsi/ginkgo/ginkgo
+github.com/onsi/ginkgo/ginkgo/convert
+github.com/onsi/ginkgo/ginkgo/interrupthandler
+github.com/onsi/ginkgo/ginkgo/nodot
+github.com/onsi/ginkgo/ginkgo/outline
+github.com/onsi/ginkgo/ginkgo/testrunner
+github.com/onsi/ginkgo/ginkgo/testsuite
+github.com/onsi/ginkgo/ginkgo/watch
+github.com/onsi/ginkgo/internal/codelocation
+github.com/onsi/ginkgo/internal/containernode
+github.com/onsi/ginkgo/internal/failer
+github.com/onsi/ginkgo/internal/global
+github.com/onsi/ginkgo/internal/leafnodes
+github.com/onsi/ginkgo/internal/remote
+github.com/onsi/ginkgo/internal/spec
+github.com/onsi/ginkgo/internal/spec_iterator
+github.com/onsi/ginkgo/internal/specrunner
+github.com/onsi/ginkgo/internal/suite
+github.com/onsi/ginkgo/internal/testingtproxy
+github.com/onsi/ginkgo/internal/writer
+github.com/onsi/ginkgo/reporters
+github.com/onsi/ginkgo/reporters/stenographer
+github.com/onsi/ginkgo/reporters/stenographer/support/go-colorable
+github.com/onsi/ginkgo/reporters/stenographer/support/go-isatty
+github.com/onsi/ginkgo/types
+# github.com/onsi/ginkgo/v2 v2.9.5
+## explicit; go 1.18
+github.com/onsi/ginkgo/v2
+github.com/onsi/ginkgo/v2/config
+github.com/onsi/ginkgo/v2/formatter
+github.com/onsi/ginkgo/v2/ginkgo
+github.com/onsi/ginkgo/v2/ginkgo/build
+github.com/onsi/ginkgo/v2/ginkgo/command
+github.com/onsi/ginkgo/v2/ginkgo/generators
+github.com/onsi/ginkgo/v2/ginkgo/internal
+github.com/onsi/ginkgo/v2/ginkgo/labels
+github.com/onsi/ginkgo/v2/ginkgo/outline
+github.com/onsi/ginkgo/v2/ginkgo/run
+github.com/onsi/ginkgo/v2/ginkgo/unfocus
+github.com/onsi/ginkgo/v2/ginkgo/watch
+github.com/onsi/ginkgo/v2/internal
+github.com/onsi/ginkgo/v2/internal/global
+github.com/onsi/ginkgo/v2/internal/interrupt_handler
+github.com/onsi/ginkgo/v2/internal/parallel_support
+github.com/onsi/ginkgo/v2/internal/testingtproxy
+github.com/onsi/ginkgo/v2/reporters
+github.com/onsi/ginkgo/v2/types
+# github.com/onsi/gomega v1.27.7
+## explicit; go 1.18
+github.com/onsi/gomega
+github.com/onsi/gomega/format
+github.com/onsi/gomega/gstruct
+github.com/onsi/gomega/gstruct/errors
+github.com/onsi/gomega/internal
+github.com/onsi/gomega/internal/gutil
+github.com/onsi/gomega/matchers
+github.com/onsi/gomega/matchers/support/goraph/bipartitegraph
+github.com/onsi/gomega/matchers/support/goraph/edge
+github.com/onsi/gomega/matchers/support/goraph/node
+github.com/onsi/gomega/matchers/support/goraph/util
+github.com/onsi/gomega/types
+# github.com/open-component-model/ocm v0.4.3
+## explicit; go 1.19
+github.com/open-component-model/ocm/pkg/cobrautils/flag
+github.com/open-component-model/ocm/pkg/cobrautils/flagsets
+github.com/open-component-model/ocm/pkg/cobrautils/flagsets/flagsetscheme
+github.com/open-component-model/ocm/pkg/cobrautils/groups
+github.com/open-component-model/ocm/pkg/common
+github.com/open-component-model/ocm/pkg/common/accessio
+github.com/open-component-model/ocm/pkg/common/accessio/downloader
+github.com/open-component-model/ocm/pkg/common/accessio/downloader/http
+github.com/open-component-model/ocm/pkg/common/accessio/downloader/s3
+github.com/open-component-model/ocm/pkg/common/accessio/resource
+github.com/open-component-model/ocm/pkg/common/accessobj
+github.com/open-component-model/ocm/pkg/common/compression
+github.com/open-component-model/ocm/pkg/contexts/config
+github.com/open-component-model/ocm/pkg/contexts/config/config
+github.com/open-component-model/ocm/pkg/contexts/config/cpi
+github.com/open-component-model/ocm/pkg/contexts/config/internal
+github.com/open-component-model/ocm/pkg/contexts/credentials
+github.com/open-component-model/ocm/pkg/contexts/credentials/builtin
+github.com/open-component-model/ocm/pkg/contexts/credentials/builtin/github
+github.com/open-component-model/ocm/pkg/contexts/credentials/builtin/github/identity
+github.com/open-component-model/ocm/pkg/contexts/credentials/config
+github.com/open-component-model/ocm/pkg/contexts/credentials/cpi
+github.com/open-component-model/ocm/pkg/contexts/credentials/identity/hostpath
+github.com/open-component-model/ocm/pkg/contexts/credentials/internal
+github.com/open-component-model/ocm/pkg/contexts/credentials/repositories
+github.com/open-component-model/ocm/pkg/contexts/credentials/repositories/aliases
+github.com/open-component-model/ocm/pkg/contexts/credentials/repositories/directcreds
+github.com/open-component-model/ocm/pkg/contexts/credentials/repositories/dockerconfig
+github.com/open-component-model/ocm/pkg/contexts/credentials/repositories/gardenerconfig
+github.com/open-component-model/ocm/pkg/contexts/credentials/repositories/gardenerconfig/cpi
+github.com/open-component-model/ocm/pkg/contexts/credentials/repositories/gardenerconfig/handler/container_registry
+github.com/open-component-model/ocm/pkg/contexts/credentials/repositories/gardenerconfig/identity
+github.com/open-component-model/ocm/pkg/contexts/credentials/repositories/memory
+github.com/open-component-model/ocm/pkg/contexts/credentials/repositories/memory/config
+github.com/open-component-model/ocm/pkg/contexts/datacontext
+github.com/open-component-model/ocm/pkg/contexts/datacontext/action/api
+github.com/open-component-model/ocm/pkg/contexts/datacontext/action/handlers
+github.com/open-component-model/ocm/pkg/contexts/datacontext/attrs
+github.com/open-component-model/ocm/pkg/contexts/datacontext/attrs/logforward
+github.com/open-component-model/ocm/pkg/contexts/datacontext/attrs/tmpcache
+github.com/open-component-model/ocm/pkg/contexts/datacontext/attrs/vfsattr
+github.com/open-component-model/ocm/pkg/contexts/datacontext/config
+github.com/open-component-model/ocm/pkg/contexts/datacontext/config/attrs
+github.com/open-component-model/ocm/pkg/contexts/datacontext/config/logging
+github.com/open-component-model/ocm/pkg/contexts/oci
+github.com/open-component-model/ocm/pkg/contexts/oci/actions
+github.com/open-component-model/ocm/pkg/contexts/oci/actions/oci-repository-prepare
+github.com/open-component-model/ocm/pkg/contexts/oci/artdesc
+github.com/open-component-model/ocm/pkg/contexts/oci/artdesc/helper
+github.com/open-component-model/ocm/pkg/contexts/oci/attrs
+github.com/open-component-model/ocm/pkg/contexts/oci/attrs/cacheattr
+github.com/open-component-model/ocm/pkg/contexts/oci/config
+github.com/open-component-model/ocm/pkg/contexts/oci/cpi
+github.com/open-component-model/ocm/pkg/contexts/oci/cpi/support
+github.com/open-component-model/ocm/pkg/contexts/oci/grammar
+github.com/open-component-model/ocm/pkg/contexts/oci/identity
+github.com/open-component-model/ocm/pkg/contexts/oci/internal
+github.com/open-component-model/ocm/pkg/contexts/oci/ociutils
+github.com/open-component-model/ocm/pkg/contexts/oci/ociutils/helm/ignore
+github.com/open-component-model/ocm/pkg/contexts/oci/ociutils/helm/sympath
+github.com/open-component-model/ocm/pkg/contexts/oci/repositories
+github.com/open-component-model/ocm/pkg/contexts/oci/repositories/artifactset
+github.com/open-component-model/ocm/pkg/contexts/oci/repositories/ctf
+github.com/open-component-model/ocm/pkg/contexts/oci/repositories/ctf/format
+github.com/open-component-model/ocm/pkg/contexts/oci/repositories/ctf/index
+github.com/open-component-model/ocm/pkg/contexts/oci/repositories/docker
+github.com/open-component-model/ocm/pkg/contexts/oci/repositories/empty
+github.com/open-component-model/ocm/pkg/contexts/oci/repositories/ocireg
+github.com/open-component-model/ocm/pkg/contexts/oci/transfer
+github.com/open-component-model/ocm/pkg/contexts/ocm
+github.com/open-component-model/ocm/pkg/contexts/ocm/accessmethods
+github.com/open-component-model/ocm/pkg/contexts/ocm/accessmethods/github
+github.com/open-component-model/ocm/pkg/contexts/ocm/accessmethods/helm
+github.com/open-component-model/ocm/pkg/contexts/ocm/accessmethods/localblob
+github.com/open-component-model/ocm/pkg/contexts/ocm/accessmethods/localfsblob
+github.com/open-component-model/ocm/pkg/contexts/ocm/accessmethods/localociblob
+github.com/open-component-model/ocm/pkg/contexts/ocm/accessmethods/none
+github.com/open-component-model/ocm/pkg/contexts/ocm/accessmethods/npm
+github.com/open-component-model/ocm/pkg/contexts/ocm/accessmethods/ociartifact
+github.com/open-component-model/ocm/pkg/contexts/ocm/accessmethods/ociblob
+github.com/open-component-model/ocm/pkg/contexts/ocm/accessmethods/options
+github.com/open-component-model/ocm/pkg/contexts/ocm/accessmethods/relativeociref
+github.com/open-component-model/ocm/pkg/contexts/ocm/accessmethods/s3
+github.com/open-component-model/ocm/pkg/contexts/ocm/accessmethods/s3/identity
+github.com/open-component-model/ocm/pkg/contexts/ocm/attrs/compatattr
+github.com/open-component-model/ocm/pkg/contexts/ocm/attrs/hashattr
+github.com/open-component-model/ocm/pkg/contexts/ocm/attrs/keepblobattr
+github.com/open-component-model/ocm/pkg/contexts/ocm/attrs/mapocirepoattr
+github.com/open-component-model/ocm/pkg/contexts/ocm/attrs/ociuploadattr
+github.com/open-component-model/ocm/pkg/contexts/ocm/attrs/signingattr
+github.com/open-component-model/ocm/pkg/contexts/ocm/blobhandler
+github.com/open-component-model/ocm/pkg/contexts/ocm/blobhandler/config
+github.com/open-component-model/ocm/pkg/contexts/ocm/blobhandler/handlers
+github.com/open-component-model/ocm/pkg/contexts/ocm/blobhandler/handlers/generic/ocirepo
+github.com/open-component-model/ocm/pkg/contexts/ocm/blobhandler/handlers/oci
+github.com/open-component-model/ocm/pkg/contexts/ocm/blobhandler/handlers/oci/ocirepo
+github.com/open-component-model/ocm/pkg/contexts/ocm/blobhandler/handlers/ocm
+github.com/open-component-model/ocm/pkg/contexts/ocm/blobhandler/handlers/ocm/comparch
+github.com/open-component-model/ocm/pkg/contexts/ocm/compdesc
+github.com/open-component-model/ocm/pkg/contexts/ocm/compdesc/equivalent
+github.com/open-component-model/ocm/pkg/contexts/ocm/compdesc/meta/v1
+github.com/open-component-model/ocm/pkg/contexts/ocm/compdesc/normalizations
+github.com/open-component-model/ocm/pkg/contexts/ocm/compdesc/normalizations/jsonv1
+github.com/open-component-model/ocm/pkg/contexts/ocm/compdesc/normalizations/jsonv2
+github.com/open-component-model/ocm/pkg/contexts/ocm/compdesc/normalizations/rules
+github.com/open-component-model/ocm/pkg/contexts/ocm/compdesc/versions
+github.com/open-component-model/ocm/pkg/contexts/ocm/compdesc/versions/ocm.software/v3alpha1
+github.com/open-component-model/ocm/pkg/contexts/ocm/compdesc/versions/ocm.software/v3alpha1/jsonscheme
+github.com/open-component-model/ocm/pkg/contexts/ocm/compdesc/versions/v2
+github.com/open-component-model/ocm/pkg/contexts/ocm/compdesc/versions/v2/jsonscheme
+github.com/open-component-model/ocm/pkg/contexts/ocm/config
+github.com/open-component-model/ocm/pkg/contexts/ocm/consts
+github.com/open-component-model/ocm/pkg/contexts/ocm/context
+github.com/open-component-model/ocm/pkg/contexts/ocm/cpi
+github.com/open-component-model/ocm/pkg/contexts/ocm/cpi/clitypes
+github.com/open-component-model/ocm/pkg/contexts/ocm/cpi/support
+github.com/open-component-model/ocm/pkg/contexts/ocm/digester/digesters
+github.com/open-component-model/ocm/pkg/contexts/ocm/digester/digesters/artifact
+github.com/open-component-model/ocm/pkg/contexts/ocm/digester/digesters/blob
+github.com/open-component-model/ocm/pkg/contexts/ocm/download
+github.com/open-component-model/ocm/pkg/contexts/ocm/download/config
+github.com/open-component-model/ocm/pkg/contexts/ocm/download/handlers
+github.com/open-component-model/ocm/pkg/contexts/ocm/download/handlers/blob
+github.com/open-component-model/ocm/pkg/contexts/ocm/download/handlers/blueprint
+github.com/open-component-model/ocm/pkg/contexts/ocm/download/handlers/dirtree
+github.com/open-component-model/ocm/pkg/contexts/ocm/download/handlers/executable
+github.com/open-component-model/ocm/pkg/contexts/ocm/download/handlers/helm
+github.com/open-component-model/ocm/pkg/contexts/ocm/download/handlers/ocirepo
+github.com/open-component-model/ocm/pkg/contexts/ocm/grammar
+github.com/open-component-model/ocm/pkg/contexts/ocm/internal
+github.com/open-component-model/ocm/pkg/contexts/ocm/repositories
+github.com/open-component-model/ocm/pkg/contexts/ocm/repositories/comparch
+github.com/open-component-model/ocm/pkg/contexts/ocm/repositories/ctf
+github.com/open-component-model/ocm/pkg/contexts/ocm/repositories/genericocireg
+github.com/open-component-model/ocm/pkg/contexts/ocm/repositories/genericocireg/componentmapping
+github.com/open-component-model/ocm/pkg/contexts/ocm/repositories/ocireg
+github.com/open-component-model/ocm/pkg/contexts/ocm/repositories/virtual
+github.com/open-component-model/ocm/pkg/contexts/ocm/resourcetypes
+github.com/open-component-model/ocm/pkg/contexts/ocm/utils/registry
+github.com/open-component-model/ocm/pkg/contexts/ocm/valuemergehandler/handlers
+github.com/open-component-model/ocm/pkg/contexts/ocm/valuemergehandler/handlers/defaultmerge
+github.com/open-component-model/ocm/pkg/contexts/ocm/valuemergehandler/handlers/maplistmerge
+github.com/open-component-model/ocm/pkg/contexts/ocm/valuemergehandler/handlers/simplelistmerge
+github.com/open-component-model/ocm/pkg/contexts/ocm/valuemergehandler/handlers/simplemapmerge
+github.com/open-component-model/ocm/pkg/contexts/ocm/valuemergehandler/hpi
+github.com/open-component-model/ocm/pkg/contexts/ocm/valuemergehandler/internal
+github.com/open-component-model/ocm/pkg/docker
+github.com/open-component-model/ocm/pkg/docker/resolve
+github.com/open-component-model/ocm/pkg/encrypt
+github.com/open-component-model/ocm/pkg/env
+github.com/open-component-model/ocm/pkg/env/builder
+github.com/open-component-model/ocm/pkg/errors
+github.com/open-component-model/ocm/pkg/exception
+github.com/open-component-model/ocm/pkg/finalizer
+github.com/open-component-model/ocm/pkg/generics
+github.com/open-component-model/ocm/pkg/helm
+github.com/open-component-model/ocm/pkg/helm/identity
+github.com/open-component-model/ocm/pkg/helm/loader
+github.com/open-component-model/ocm/pkg/listformat
+github.com/open-component-model/ocm/pkg/logging
+github.com/open-component-model/ocm/pkg/mime
+github.com/open-component-model/ocm/pkg/regex
+github.com/open-component-model/ocm/pkg/registrations
+github.com/open-component-model/ocm/pkg/runtime
+github.com/open-component-model/ocm/pkg/signing
+github.com/open-component-model/ocm/pkg/signing/handlers
+github.com/open-component-model/ocm/pkg/signing/handlers/rsa
+github.com/open-component-model/ocm/pkg/signing/handlers/rsa-signingservice
+github.com/open-component-model/ocm/pkg/signing/handlers/sigstore
+github.com/open-component-model/ocm/pkg/signing/handlers/sigstore/attr
+github.com/open-component-model/ocm/pkg/signing/hasher
+github.com/open-component-model/ocm/pkg/signing/hasher/nodigest
+github.com/open-component-model/ocm/pkg/signing/hasher/sha256
+github.com/open-component-model/ocm/pkg/signing/hasher/sha512
+github.com/open-component-model/ocm/pkg/signing/norm/entry
+github.com/open-component-model/ocm/pkg/signing/norm/jcs
+github.com/open-component-model/ocm/pkg/testutils
+github.com/open-component-model/ocm/pkg/utils
+github.com/open-component-model/ocm/pkg/utils/selector
+github.com/open-component-model/ocm/pkg/utils/tarutils
+# github.com/opencontainers/distribution-spec v1.0.1
+## explicit
+github.com/opencontainers/distribution-spec/specs-go/v1
+# github.com/opencontainers/go-digest v1.0.0
+## explicit; go 1.13
+github.com/opencontainers/go-digest
+github.com/opencontainers/go-digest/digestset
+# github.com/opencontainers/image-spec v1.1.0-rc5
+## explicit; go 1.18
+github.com/opencontainers/image-spec/specs-go
+github.com/opencontainers/image-spec/specs-go/v1
+# github.com/opentracing/opentracing-go v1.2.0
+## explicit; go 1.14
+github.com/opentracing/opentracing-go
+github.com/opentracing/opentracing-go/ext
+github.com/opentracing/opentracing-go/log
+# github.com/outcaste-io/ristretto v0.2.3
+## explicit; go 1.12
+github.com/outcaste-io/ristretto
+github.com/outcaste-io/ristretto/z
+github.com/outcaste-io/ristretto/z/simd
+# github.com/pborman/uuid v1.2.1
+## explicit
+github.com/pborman/uuid
+# github.com/pelletier/go-toml v1.9.5
+## explicit; go 1.12
+github.com/pelletier/go-toml
+# github.com/pelletier/go-toml/v2 v2.1.0
+## explicit; go 1.16
+github.com/pelletier/go-toml/v2
+github.com/pelletier/go-toml/v2/internal/characters
+github.com/pelletier/go-toml/v2/internal/danger
+github.com/pelletier/go-toml/v2/internal/tracker
+github.com/pelletier/go-toml/v2/unstable
+# github.com/peterbourgon/diskv v2.0.1+incompatible
+## explicit
+github.com/peterbourgon/diskv
+# github.com/philhofer/fwd v1.1.2
+## explicit; go 1.15
+github.com/philhofer/fwd
+# github.com/pkg/errors v0.9.1
+## explicit
+github.com/pkg/errors
+# github.com/prometheus/client_golang v1.17.0
+## explicit; go 1.19
+github.com/prometheus/client_golang/prometheus
+github.com/prometheus/client_golang/prometheus/collectors
+github.com/prometheus/client_golang/prometheus/internal
+github.com/prometheus/client_golang/prometheus/promhttp
+# github.com/prometheus/client_model v0.5.0
+## explicit; go 1.19
+github.com/prometheus/client_model/go
+# github.com/prometheus/common v0.45.0
+## explicit; go 1.20
+github.com/prometheus/common/expfmt
+github.com/prometheus/common/internal/bitbucket.org/ww/goautoneg
+github.com/prometheus/common/model
+# github.com/prometheus/procfs v0.12.0
+## explicit; go 1.19
+github.com/prometheus/procfs
+github.com/prometheus/procfs/internal/fs
+github.com/prometheus/procfs/internal/util
+# github.com/puzpuzpuz/xsync/v2 v2.5.1
+## explicit; go 1.18
+github.com/puzpuzpuz/xsync/v2
+# github.com/rivo/uniseg v0.4.4
+## explicit; go 1.18
+github.com/rivo/uniseg
+# github.com/robfig/cron/v3 v3.0.1
+## explicit; go 1.12
+github.com/robfig/cron/v3
+# github.com/rubenv/sql-migrate v1.3.1
+## explicit; go 1.16
+github.com/rubenv/sql-migrate
+github.com/rubenv/sql-migrate/sqlparse
+# github.com/russross/blackfriday/v2 v2.1.0
+## explicit
+github.com/russross/blackfriday/v2
+# github.com/sagikazarmark/locafero v0.3.0
+## explicit; go 1.20
+github.com/sagikazarmark/locafero
+# github.com/sagikazarmark/slog-shim v0.1.0
+## explicit; go 1.20
+github.com/sagikazarmark/slog-shim
+# github.com/sassoftware/relic v7.2.1+incompatible
+## explicit
+github.com/sassoftware/relic/lib/pkcs7
+github.com/sassoftware/relic/lib/x509tools
+# github.com/secure-systems-lab/go-securesystemslib v0.7.0
+## explicit; go 1.20
+github.com/secure-systems-lab/go-securesystemslib/cjson
+github.com/secure-systems-lab/go-securesystemslib/dsse
+github.com/secure-systems-lab/go-securesystemslib/encrypted
+github.com/secure-systems-lab/go-securesystemslib/signerverifier
+# github.com/segmentio/asm v1.2.0
+## explicit; go 1.18
+github.com/segmentio/asm/base64
+github.com/segmentio/asm/cpu
+github.com/segmentio/asm/cpu/arm
+github.com/segmentio/asm/cpu/arm64
+github.com/segmentio/asm/cpu/cpuid
+github.com/segmentio/asm/cpu/x86
+github.com/segmentio/asm/internal/unsafebytes
+# github.com/segmentio/ksuid v1.0.4
+## explicit; go 1.12
+github.com/segmentio/ksuid
+# github.com/shibumi/go-pathspec v1.3.0
+## explicit; go 1.17
+github.com/shibumi/go-pathspec
+# github.com/shopspring/decimal v1.3.1
+## explicit; go 1.13
+github.com/shopspring/decimal
+# github.com/sigstore/cosign/v2 v2.2.1
+## explicit; go 1.21
+github.com/sigstore/cosign/v2/cmd/cosign/cli/fulcio
+github.com/sigstore/cosign/v2/cmd/cosign/cli/options
+github.com/sigstore/cosign/v2/cmd/cosign/cli/sign/privacy
+github.com/sigstore/cosign/v2/internal/pkg/cosign
+github.com/sigstore/cosign/v2/internal/pkg/cosign/fulcio/fulcioroots
+github.com/sigstore/cosign/v2/internal/pkg/oci/remote
+github.com/sigstore/cosign/v2/internal/ui
+github.com/sigstore/cosign/v2/pkg/blob
+github.com/sigstore/cosign/v2/pkg/cosign
+github.com/sigstore/cosign/v2/pkg/cosign/attestation
+github.com/sigstore/cosign/v2/pkg/cosign/bundle
+github.com/sigstore/cosign/v2/pkg/cosign/env
+github.com/sigstore/cosign/v2/pkg/cosign/fulcioverifier/ctutil
+github.com/sigstore/cosign/v2/pkg/cosign/git
+github.com/sigstore/cosign/v2/pkg/cosign/git/github
+github.com/sigstore/cosign/v2/pkg/cosign/git/gitlab
+github.com/sigstore/cosign/v2/pkg/cosign/kubernetes
+github.com/sigstore/cosign/v2/pkg/cosign/pkcs11key
+github.com/sigstore/cosign/v2/pkg/cosign/remote
+github.com/sigstore/cosign/v2/pkg/oci
+github.com/sigstore/cosign/v2/pkg/oci/empty
+github.com/sigstore/cosign/v2/pkg/oci/internal/signature
+github.com/sigstore/cosign/v2/pkg/oci/layout
+github.com/sigstore/cosign/v2/pkg/oci/mutate
+github.com/sigstore/cosign/v2/pkg/oci/remote
+github.com/sigstore/cosign/v2/pkg/oci/signed
+github.com/sigstore/cosign/v2/pkg/oci/static
+github.com/sigstore/cosign/v2/pkg/providers
+github.com/sigstore/cosign/v2/pkg/providers/all
+github.com/sigstore/cosign/v2/pkg/providers/buildkite
+github.com/sigstore/cosign/v2/pkg/providers/envvar
+github.com/sigstore/cosign/v2/pkg/providers/filesystem
+github.com/sigstore/cosign/v2/pkg/providers/github
+github.com/sigstore/cosign/v2/pkg/providers/google
+github.com/sigstore/cosign/v2/pkg/providers/spiffe
+github.com/sigstore/cosign/v2/pkg/signature
+github.com/sigstore/cosign/v2/pkg/types
+# github.com/sigstore/fulcio v1.4.3
+## explicit; go 1.20
+github.com/sigstore/fulcio/pkg/api
+# github.com/sigstore/rekor v1.3.3
+## explicit; go 1.21
+github.com/sigstore/rekor/pkg/client
+github.com/sigstore/rekor/pkg/generated/client
+github.com/sigstore/rekor/pkg/generated/client/entries
+github.com/sigstore/rekor/pkg/generated/client/index
+github.com/sigstore/rekor/pkg/generated/client/pubkey
+github.com/sigstore/rekor/pkg/generated/client/tlog
+github.com/sigstore/rekor/pkg/generated/models
+github.com/sigstore/rekor/pkg/log
+github.com/sigstore/rekor/pkg/pki
+github.com/sigstore/rekor/pkg/pki/identity
+github.com/sigstore/rekor/pkg/pki/minisign
+github.com/sigstore/rekor/pkg/pki/pgp
+github.com/sigstore/rekor/pkg/pki/pkcs7
+github.com/sigstore/rekor/pkg/pki/ssh
+github.com/sigstore/rekor/pkg/pki/tuf
+github.com/sigstore/rekor/pkg/pki/x509
+github.com/sigstore/rekor/pkg/types
+github.com/sigstore/rekor/pkg/types/dsse
+github.com/sigstore/rekor/pkg/types/dsse/v0.0.1
+github.com/sigstore/rekor/pkg/types/hashedrekord
+github.com/sigstore/rekor/pkg/types/hashedrekord/v0.0.1
+github.com/sigstore/rekor/pkg/types/intoto
+github.com/sigstore/rekor/pkg/types/intoto/v0.0.1
+github.com/sigstore/rekor/pkg/types/intoto/v0.0.2
+github.com/sigstore/rekor/pkg/types/rekord
+github.com/sigstore/rekor/pkg/types/rekord/v0.0.1
+github.com/sigstore/rekor/pkg/util
+github.com/sigstore/rekor/pkg/verify
+# github.com/sigstore/sigstore v1.7.5
+## explicit; go 1.20
+github.com/sigstore/sigstore/pkg/cryptoutils
+github.com/sigstore/sigstore/pkg/fulcioroots
+github.com/sigstore/sigstore/pkg/oauth
+github.com/sigstore/sigstore/pkg/oauthflow
+github.com/sigstore/sigstore/pkg/signature
+github.com/sigstore/sigstore/pkg/signature/dsse
+github.com/sigstore/sigstore/pkg/signature/kms
+github.com/sigstore/sigstore/pkg/signature/options
+github.com/sigstore/sigstore/pkg/signature/payload
+github.com/sigstore/sigstore/pkg/tuf
+# github.com/sigstore/timestamp-authority v1.2.0
+## explicit; go 1.21
+github.com/sigstore/timestamp-authority/pkg/verification
+# github.com/sirupsen/logrus v1.9.3
+## explicit; go 1.13
+github.com/sirupsen/logrus
+# github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966
+## explicit
+github.com/skratchdot/open-golang/open
+# github.com/sourcegraph/conc v0.3.0
+## explicit; go 1.19
+github.com/sourcegraph/conc
+github.com/sourcegraph/conc/internal/multierror
+github.com/sourcegraph/conc/iter
+github.com/sourcegraph/conc/panics
+# github.com/spf13/afero v1.10.0
+## explicit; go 1.16
+github.com/spf13/afero
+github.com/spf13/afero/internal/common
+github.com/spf13/afero/mem
+# github.com/spf13/cast v1.5.1
+## explicit; go 1.18
+github.com/spf13/cast
+# github.com/spf13/cobra v1.8.0
+## explicit; go 1.15
+github.com/spf13/cobra
+# github.com/spf13/pflag v1.0.5
+## explicit; go 1.12
+github.com/spf13/pflag
+# github.com/spf13/viper v1.17.0
+## explicit; go 1.18
+github.com/spf13/viper
+github.com/spf13/viper/internal/encoding
+github.com/spf13/viper/internal/encoding/dotenv
+github.com/spf13/viper/internal/encoding/hcl
+github.com/spf13/viper/internal/encoding/ini
+github.com/spf13/viper/internal/encoding/javaproperties
+github.com/spf13/viper/internal/encoding/json
+github.com/spf13/viper/internal/encoding/toml
+github.com/spf13/viper/internal/encoding/yaml
+# github.com/spiffe/go-spiffe/v2 v2.1.6
+## explicit; go 1.17
+github.com/spiffe/go-spiffe/v2/bundle/jwtbundle
+github.com/spiffe/go-spiffe/v2/bundle/spiffebundle
+github.com/spiffe/go-spiffe/v2/bundle/x509bundle
+github.com/spiffe/go-spiffe/v2/internal/cryptoutil
+github.com/spiffe/go-spiffe/v2/internal/jwtutil
+github.com/spiffe/go-spiffe/v2/internal/pemutil
+github.com/spiffe/go-spiffe/v2/internal/x509util
+github.com/spiffe/go-spiffe/v2/logger
+github.com/spiffe/go-spiffe/v2/proto/spiffe/workload
+github.com/spiffe/go-spiffe/v2/spiffeid
+github.com/spiffe/go-spiffe/v2/svid/jwtsvid
+github.com/spiffe/go-spiffe/v2/svid/x509svid
+github.com/spiffe/go-spiffe/v2/workloadapi
+# github.com/subosito/gotenv v1.6.0
+## explicit; go 1.18
+github.com/subosito/gotenv
+# github.com/syndtr/goleveldb v1.0.1-0.20220721030215-126854af5e6d
+## explicit; go 1.14
+github.com/syndtr/goleveldb/leveldb
+github.com/syndtr/goleveldb/leveldb/cache
+github.com/syndtr/goleveldb/leveldb/comparer
+github.com/syndtr/goleveldb/leveldb/errors
+github.com/syndtr/goleveldb/leveldb/filter
+github.com/syndtr/goleveldb/leveldb/iterator
+github.com/syndtr/goleveldb/leveldb/journal
+github.com/syndtr/goleveldb/leveldb/memdb
+github.com/syndtr/goleveldb/leveldb/opt
+github.com/syndtr/goleveldb/leveldb/storage
+github.com/syndtr/goleveldb/leveldb/table
+github.com/syndtr/goleveldb/leveldb/util
+# github.com/thales-e-security/pool v0.0.2
+## explicit; go 1.12
+github.com/thales-e-security/pool
+# github.com/theupdateframework/go-tuf v0.6.1
+## explicit; go 1.20
+github.com/theupdateframework/go-tuf
+github.com/theupdateframework/go-tuf/client
+github.com/theupdateframework/go-tuf/client/leveldbstore
+github.com/theupdateframework/go-tuf/data
+github.com/theupdateframework/go-tuf/internal/fsutil
+github.com/theupdateframework/go-tuf/internal/roles
+github.com/theupdateframework/go-tuf/internal/sets
+github.com/theupdateframework/go-tuf/internal/signer
+github.com/theupdateframework/go-tuf/pkg/keys
+github.com/theupdateframework/go-tuf/pkg/targets
+github.com/theupdateframework/go-tuf/sign
+github.com/theupdateframework/go-tuf/util
+github.com/theupdateframework/go-tuf/verify
+# github.com/theupdateframework/notary v0.7.0
+## explicit; go 1.12
+github.com/theupdateframework/notary
+github.com/theupdateframework/notary/client
+github.com/theupdateframework/notary/client/changelist
+github.com/theupdateframework/notary/cryptoservice
+github.com/theupdateframework/notary/passphrase
+github.com/theupdateframework/notary/storage
+github.com/theupdateframework/notary/trustmanager
+github.com/theupdateframework/notary/trustmanager/yubikey
+github.com/theupdateframework/notary/trustpinning
+github.com/theupdateframework/notary/tuf
+github.com/theupdateframework/notary/tuf/data
+github.com/theupdateframework/notary/tuf/signed
+github.com/theupdateframework/notary/tuf/utils
+github.com/theupdateframework/notary/tuf/validation
+# github.com/tinylib/msgp v1.1.8
+## explicit; go 1.15
+github.com/tinylib/msgp/msgp
+# github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399
+## explicit
+github.com/titanous/rocacheck
+# github.com/tjfoc/gmsm v1.4.1
+## explicit; go 1.14
+github.com/tjfoc/gmsm/sm3
+# github.com/tonglil/buflogr v1.0.1
+## explicit; go 1.17
+github.com/tonglil/buflogr
+# github.com/transparency-dev/merkle v0.0.2
+## explicit; go 1.19
+github.com/transparency-dev/merkle
+github.com/transparency-dev/merkle/compact
+github.com/transparency-dev/merkle/proof
+github.com/transparency-dev/merkle/rfc6962
+# github.com/ulikunitz/xz v0.5.11
+## explicit; go 1.12
+github.com/ulikunitz/xz
+github.com/ulikunitz/xz/internal/hash
+github.com/ulikunitz/xz/internal/xlog
+github.com/ulikunitz/xz/lzma
+# github.com/valyala/bytebufferpool v1.0.0
+## explicit
+github.com/valyala/bytebufferpool
+# github.com/valyala/fasttemplate v1.2.2
+## explicit; go 1.12
+github.com/valyala/fasttemplate
+# github.com/vbatts/tar-split v0.11.5
+## explicit; go 1.17
+github.com/vbatts/tar-split/archive/tar
+# github.com/xanzy/go-gitlab v0.93.2
+## explicit; go 1.18
+github.com/xanzy/go-gitlab
+# github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb
+## explicit
+github.com/xeipuuv/gojsonpointer
+# github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415
+## explicit
+github.com/xeipuuv/gojsonreference
+# github.com/xeipuuv/gojsonschema v1.2.0
+## explicit
+github.com/xeipuuv/gojsonschema
+# github.com/xlab/treeprint v1.1.0
+## explicit; go 1.13
+github.com/xlab/treeprint
+# github.com/zeebo/errs v1.3.0
+## explicit; go 1.12
+github.com/zeebo/errs
+# go.mongodb.org/mongo-driver v1.12.1
+## explicit; go 1.13
+go.mongodb.org/mongo-driver/bson
+go.mongodb.org/mongo-driver/bson/bsoncodec
+go.mongodb.org/mongo-driver/bson/bsonoptions
+go.mongodb.org/mongo-driver/bson/bsonrw
+go.mongodb.org/mongo-driver/bson/bsontype
+go.mongodb.org/mongo-driver/bson/primitive
+go.mongodb.org/mongo-driver/x/bsonx/bsoncore
+# go.opencensus.io v0.24.0
+## explicit; go 1.13
+go.opencensus.io
+go.opencensus.io/internal
+go.opencensus.io/internal/tagencoding
+go.opencensus.io/metric/metricdata
+go.opencensus.io/metric/metricproducer
+go.opencensus.io/plugin/ochttp
+go.opencensus.io/plugin/ochttp/propagation/b3
+go.opencensus.io/resource
+go.opencensus.io/stats
+go.opencensus.io/stats/internal
+go.opencensus.io/stats/view
+go.opencensus.io/tag
+go.opencensus.io/trace
+go.opencensus.io/trace/internal
+go.opencensus.io/trace/propagation
+go.opencensus.io/trace/tracestate
+# go.opentelemetry.io/otel v1.21.0
+## explicit; go 1.20
+go.opentelemetry.io/otel
+go.opentelemetry.io/otel/attribute
+go.opentelemetry.io/otel/baggage
+go.opentelemetry.io/otel/codes
+go.opentelemetry.io/otel/internal
+go.opentelemetry.io/otel/internal/attribute
+go.opentelemetry.io/otel/internal/baggage
+go.opentelemetry.io/otel/internal/global
+go.opentelemetry.io/otel/propagation
+go.opentelemetry.io/otel/semconv/internal
+go.opentelemetry.io/otel/semconv/internal/v2
+go.opentelemetry.io/otel/semconv/v1.12.0
+go.opentelemetry.io/otel/semconv/v1.17.0
+go.opentelemetry.io/otel/semconv/v1.17.0/httpconv
+# go.opentelemetry.io/otel/metric v1.21.0
+## explicit; go 1.20
+go.opentelemetry.io/otel/metric
+go.opentelemetry.io/otel/metric/embedded
+# go.opentelemetry.io/otel/trace v1.21.0
+## explicit; go 1.20
+go.opentelemetry.io/otel/trace
+go.opentelemetry.io/otel/trace/embedded
+# go.starlark.net v0.0.0-20221028183056-acb66ad56dd2
+## explicit; go 1.13
+go.starlark.net/internal/compile
+go.starlark.net/internal/spell
+go.starlark.net/resolve
+go.starlark.net/starlark
+go.starlark.net/starlarkstruct
+go.starlark.net/syntax
+# go.step.sm/crypto v0.36.1
+## explicit; go 1.20
+go.step.sm/crypto/fingerprint
+go.step.sm/crypto/internal/bcrypt_pbkdf
+go.step.sm/crypto/internal/emoji
+go.step.sm/crypto/internal/utils
+go.step.sm/crypto/jose
+go.step.sm/crypto/keyutil
+go.step.sm/crypto/pemutil
+go.step.sm/crypto/randutil
+go.step.sm/crypto/x25519
+# go.uber.org/atomic v1.11.0
+## explicit; go 1.18
+go.uber.org/atomic
+# go.uber.org/multierr v1.11.0
+## explicit; go 1.19
+go.uber.org/multierr
+# go.uber.org/zap v1.26.0
+## explicit; go 1.19
+go.uber.org/zap
+go.uber.org/zap/buffer
+go.uber.org/zap/internal
+go.uber.org/zap/internal/bufferpool
+go.uber.org/zap/internal/color
+go.uber.org/zap/internal/exit
+go.uber.org/zap/internal/pool
+go.uber.org/zap/internal/stacktrace
+go.uber.org/zap/zapcore
+# go4.org/intern v0.0.0-20230525184215-6c62f75575cb
+## explicit; go 1.13
+go4.org/intern
+# go4.org/unsafe/assume-no-moving-gc v0.0.0-20230525183740-e7c30c78aeb2
+## explicit; go 1.11
+go4.org/unsafe/assume-no-moving-gc
+# golang.org/x/crypto v0.14.0
+## explicit; go 1.17
+golang.org/x/crypto/argon2
+golang.org/x/crypto/bcrypt
+golang.org/x/crypto/blake2b
+golang.org/x/crypto/blowfish
+golang.org/x/crypto/cast5
+golang.org/x/crypto/chacha20
+golang.org/x/crypto/chacha20poly1305
+golang.org/x/crypto/cryptobyte
+golang.org/x/crypto/cryptobyte/asn1
+golang.org/x/crypto/curve25519
+golang.org/x/crypto/curve25519/internal/field
+golang.org/x/crypto/ed25519
+golang.org/x/crypto/hkdf
+golang.org/x/crypto/internal/alias
+golang.org/x/crypto/internal/poly1305
+golang.org/x/crypto/md4
+golang.org/x/crypto/nacl/box
+golang.org/x/crypto/nacl/secretbox
+golang.org/x/crypto/ocsp
+golang.org/x/crypto/openpgp
+golang.org/x/crypto/openpgp/armor
+golang.org/x/crypto/openpgp/clearsign
+golang.org/x/crypto/openpgp/elgamal
+golang.org/x/crypto/openpgp/errors
+golang.org/x/crypto/openpgp/packet
+golang.org/x/crypto/openpgp/s2k
+golang.org/x/crypto/pbkdf2
+golang.org/x/crypto/pkcs12
+golang.org/x/crypto/pkcs12/internal/rc2
+golang.org/x/crypto/salsa20/salsa
+golang.org/x/crypto/scrypt
+golang.org/x/crypto/sha3
+golang.org/x/crypto/ssh
+golang.org/x/crypto/ssh/internal/bcrypt_pbkdf
+golang.org/x/crypto/ssh/terminal
+# golang.org/x/exp v0.0.0-20231006140011-7918f672742d
+## explicit; go 1.20
+golang.org/x/exp/constraints
+golang.org/x/exp/maps
+golang.org/x/exp/slices
+golang.org/x/exp/slog
+golang.org/x/exp/slog/internal
+golang.org/x/exp/slog/internal/buffer
+# golang.org/x/lint v0.0.0-20210508222113-6edffad5e616
+## explicit; go 1.11
+golang.org/x/lint
+golang.org/x/lint/golint
+# golang.org/x/mod v0.13.0
+## explicit; go 1.18
+golang.org/x/mod/internal/lazyregexp
+golang.org/x/mod/modfile
+golang.org/x/mod/module
+golang.org/x/mod/semver
+golang.org/x/mod/sumdb/note
+# golang.org/x/net v0.17.0
+## explicit; go 1.17
+golang.org/x/net/context
+golang.org/x/net/context/ctxhttp
+golang.org/x/net/html
+golang.org/x/net/html/atom
+golang.org/x/net/html/charset
+golang.org/x/net/http/httpguts
+golang.org/x/net/http2
+golang.org/x/net/http2/hpack
+golang.org/x/net/idna
+golang.org/x/net/internal/socks
+golang.org/x/net/internal/timeseries
+golang.org/x/net/proxy
+golang.org/x/net/trace
+# golang.org/x/oauth2 v0.13.0
+## explicit; go 1.18
+golang.org/x/oauth2
+golang.org/x/oauth2/authhandler
+golang.org/x/oauth2/google
+golang.org/x/oauth2/google/internal/externalaccount
+golang.org/x/oauth2/google/internal/externalaccountauthorizeduser
+golang.org/x/oauth2/google/internal/stsexchange
+golang.org/x/oauth2/internal
+golang.org/x/oauth2/jws
+golang.org/x/oauth2/jwt
+# golang.org/x/sync v0.5.0
+## explicit; go 1.18
+golang.org/x/sync/errgroup
+golang.org/x/sync/semaphore
+# golang.org/x/sys v0.13.0
+## explicit; go 1.17
+golang.org/x/sys/cpu
+golang.org/x/sys/execabs
+golang.org/x/sys/plan9
+golang.org/x/sys/unix
+golang.org/x/sys/windows
+golang.org/x/sys/windows/registry
+# golang.org/x/term v0.13.0
+## explicit; go 1.17
+golang.org/x/term
+# golang.org/x/text v0.13.0
+## explicit; go 1.17
+golang.org/x/text/encoding
+golang.org/x/text/encoding/charmap
+golang.org/x/text/encoding/htmlindex
+golang.org/x/text/encoding/internal
+golang.org/x/text/encoding/internal/identifier
+golang.org/x/text/encoding/japanese
+golang.org/x/text/encoding/korean
+golang.org/x/text/encoding/simplifiedchinese
+golang.org/x/text/encoding/traditionalchinese
+golang.org/x/text/encoding/unicode
+golang.org/x/text/internal/language
+golang.org/x/text/internal/language/compact
+golang.org/x/text/internal/tag
+golang.org/x/text/internal/utf8internal
+golang.org/x/text/language
+golang.org/x/text/runes
+golang.org/x/text/secure/bidirule
+golang.org/x/text/transform
+golang.org/x/text/unicode/bidi
+golang.org/x/text/unicode/norm
+# golang.org/x/time v0.3.0
+## explicit
+golang.org/x/time/rate
+# golang.org/x/tools v0.14.0
+## explicit; go 1.18
+golang.org/x/tools/cmd/stringer
+golang.org/x/tools/go/ast/astutil
+golang.org/x/tools/go/ast/inspector
+golang.org/x/tools/go/gcexportdata
+golang.org/x/tools/go/internal/packagesdriver
+golang.org/x/tools/go/packages
+golang.org/x/tools/go/types/objectpath
+golang.org/x/tools/imports
+golang.org/x/tools/internal/event
+golang.org/x/tools/internal/event/core
+golang.org/x/tools/internal/event/keys
+golang.org/x/tools/internal/event/label
+golang.org/x/tools/internal/event/tag
+golang.org/x/tools/internal/fastwalk
+golang.org/x/tools/internal/gcimporter
+golang.org/x/tools/internal/gocommand
+golang.org/x/tools/internal/gopathwalk
+golang.org/x/tools/internal/imports
+golang.org/x/tools/internal/packagesinternal
+golang.org/x/tools/internal/pkgbits
+golang.org/x/tools/internal/tokeninternal
+golang.org/x/tools/internal/typeparams
+golang.org/x/tools/internal/typesinternal
+# golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028
+## explicit; go 1.18
+golang.org/x/xerrors
+golang.org/x/xerrors/internal
+# gomodules.xyz/jsonpatch/v2 v2.3.0
+## explicit; go 1.20
+gomodules.xyz/jsonpatch/v2
+# google.golang.org/api v0.149.0
+## explicit; go 1.19
+google.golang.org/api/googleapi/transport
+google.golang.org/api/idtoken
+google.golang.org/api/impersonate
+google.golang.org/api/internal
+google.golang.org/api/internal/cert
+google.golang.org/api/internal/impersonate
+google.golang.org/api/option
+google.golang.org/api/option/internaloption
+google.golang.org/api/transport/http
+google.golang.org/api/transport/http/internal/propagation
+# google.golang.org/appengine v1.6.8
+## explicit; go 1.11
+google.golang.org/appengine
+google.golang.org/appengine/internal
+google.golang.org/appengine/internal/app_identity
+google.golang.org/appengine/internal/base
+google.golang.org/appengine/internal/datastore
+google.golang.org/appengine/internal/log
+google.golang.org/appengine/internal/modules
+google.golang.org/appengine/internal/remote_api
+google.golang.org/appengine/internal/urlfetch
+google.golang.org/appengine/urlfetch
+# google.golang.org/genproto/googleapis/rpc v0.0.0-20231016165738-49dd2c1f3d0b
+## explicit; go 1.19
+google.golang.org/genproto/googleapis/rpc/status
+# google.golang.org/grpc v1.59.0
+## explicit; go 1.19
+google.golang.org/grpc
+google.golang.org/grpc/attributes
+google.golang.org/grpc/backoff
+google.golang.org/grpc/balancer
+google.golang.org/grpc/balancer/base
+google.golang.org/grpc/balancer/grpclb/state
+google.golang.org/grpc/balancer/roundrobin
+google.golang.org/grpc/binarylog/grpc_binarylog_v1
+google.golang.org/grpc/channelz
+google.golang.org/grpc/codes
+google.golang.org/grpc/connectivity
+google.golang.org/grpc/credentials
+google.golang.org/grpc/credentials/insecure
+google.golang.org/grpc/encoding
+google.golang.org/grpc/encoding/proto
+google.golang.org/grpc/grpclog
+google.golang.org/grpc/internal
+google.golang.org/grpc/internal/backoff
+google.golang.org/grpc/internal/balancer/gracefulswitch
+google.golang.org/grpc/internal/balancerload
+google.golang.org/grpc/internal/binarylog
+google.golang.org/grpc/internal/buffer
+google.golang.org/grpc/internal/channelz
+google.golang.org/grpc/internal/credentials
+google.golang.org/grpc/internal/envconfig
+google.golang.org/grpc/internal/grpclog
+google.golang.org/grpc/internal/grpcrand
+google.golang.org/grpc/internal/grpcsync
+google.golang.org/grpc/internal/grpcutil
+google.golang.org/grpc/internal/idle
+google.golang.org/grpc/internal/metadata
+google.golang.org/grpc/internal/pretty
+google.golang.org/grpc/internal/resolver
+google.golang.org/grpc/internal/resolver/dns
+google.golang.org/grpc/internal/resolver/passthrough
+google.golang.org/grpc/internal/resolver/unix
+google.golang.org/grpc/internal/serviceconfig
+google.golang.org/grpc/internal/status
+google.golang.org/grpc/internal/syscall
+google.golang.org/grpc/internal/transport
+google.golang.org/grpc/internal/transport/networktype
+google.golang.org/grpc/keepalive
+google.golang.org/grpc/metadata
+google.golang.org/grpc/peer
+google.golang.org/grpc/resolver
+google.golang.org/grpc/serviceconfig
+google.golang.org/grpc/stats
+google.golang.org/grpc/status
+google.golang.org/grpc/tap
+# google.golang.org/protobuf v1.31.0
+## explicit; go 1.11
+google.golang.org/protobuf/encoding/protojson
+google.golang.org/protobuf/encoding/prototext
+google.golang.org/protobuf/encoding/protowire
+google.golang.org/protobuf/internal/descfmt
+google.golang.org/protobuf/internal/descopts
+google.golang.org/protobuf/internal/detrand
+google.golang.org/protobuf/internal/encoding/defval
+google.golang.org/protobuf/internal/encoding/json
+google.golang.org/protobuf/internal/encoding/messageset
+google.golang.org/protobuf/internal/encoding/tag
+google.golang.org/protobuf/internal/encoding/text
+google.golang.org/protobuf/internal/errors
+google.golang.org/protobuf/internal/filedesc
+google.golang.org/protobuf/internal/filetype
+google.golang.org/protobuf/internal/flags
+google.golang.org/protobuf/internal/genid
+google.golang.org/protobuf/internal/impl
+google.golang.org/protobuf/internal/order
+google.golang.org/protobuf/internal/pragma
+google.golang.org/protobuf/internal/set
+google.golang.org/protobuf/internal/strs
+google.golang.org/protobuf/internal/version
+google.golang.org/protobuf/proto
+google.golang.org/protobuf/reflect/protodesc
+google.golang.org/protobuf/reflect/protoreflect
+google.golang.org/protobuf/reflect/protoregistry
+google.golang.org/protobuf/runtime/protoiface
+google.golang.org/protobuf/runtime/protoimpl
+google.golang.org/protobuf/types/descriptorpb
+google.golang.org/protobuf/types/known/anypb
+google.golang.org/protobuf/types/known/durationpb
+google.golang.org/protobuf/types/known/structpb
+google.golang.org/protobuf/types/known/timestamppb
+# gopkg.in/DataDog/dd-trace-go.v1 v1.56.1
+## explicit; go 1.19
+gopkg.in/DataDog/dd-trace-go.v1/datastreams/options
+gopkg.in/DataDog/dd-trace-go.v1/ddtrace
+gopkg.in/DataDog/dd-trace-go.v1/ddtrace/ext
+gopkg.in/DataDog/dd-trace-go.v1/ddtrace/internal
+gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer
+gopkg.in/DataDog/dd-trace-go.v1/internal
+gopkg.in/DataDog/dd-trace-go.v1/internal/appsec
+gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/dyngo
+gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/dyngo/instrumentation
+gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/dyngo/instrumentation/grpcsec
+gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/dyngo/instrumentation/httpsec
+gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/dyngo/instrumentation/sharedsec
+gopkg.in/DataDog/dd-trace-go.v1/internal/datastreams
+gopkg.in/DataDog/dd-trace-go.v1/internal/globalconfig
+gopkg.in/DataDog/dd-trace-go.v1/internal/hostname
+gopkg.in/DataDog/dd-trace-go.v1/internal/hostname/azure
+gopkg.in/DataDog/dd-trace-go.v1/internal/hostname/cachedfetch
+gopkg.in/DataDog/dd-trace-go.v1/internal/hostname/ec2
+gopkg.in/DataDog/dd-trace-go.v1/internal/hostname/ecs
+gopkg.in/DataDog/dd-trace-go.v1/internal/hostname/gce
+gopkg.in/DataDog/dd-trace-go.v1/internal/hostname/httputils
+gopkg.in/DataDog/dd-trace-go.v1/internal/hostname/validate
+gopkg.in/DataDog/dd-trace-go.v1/internal/log
+gopkg.in/DataDog/dd-trace-go.v1/internal/namingschema
+gopkg.in/DataDog/dd-trace-go.v1/internal/normalizer
+gopkg.in/DataDog/dd-trace-go.v1/internal/osinfo
+gopkg.in/DataDog/dd-trace-go.v1/internal/remoteconfig
+gopkg.in/DataDog/dd-trace-go.v1/internal/samplernames
+gopkg.in/DataDog/dd-trace-go.v1/internal/telemetry
+gopkg.in/DataDog/dd-trace-go.v1/internal/traceprof
+gopkg.in/DataDog/dd-trace-go.v1/internal/version
+# gopkg.in/go-jose/go-jose.v2 v2.6.1
+## explicit
+gopkg.in/go-jose/go-jose.v2
+gopkg.in/go-jose/go-jose.v2/cipher
+gopkg.in/go-jose/go-jose.v2/json
+# gopkg.in/inf.v0 v0.9.1
+## explicit
+gopkg.in/inf.v0
+# gopkg.in/ini.v1 v1.67.0
+## explicit
+gopkg.in/ini.v1
+# gopkg.in/square/go-jose.v2 v2.6.0
+## explicit
+gopkg.in/square/go-jose.v2
+gopkg.in/square/go-jose.v2/cipher
+gopkg.in/square/go-jose.v2/cryptosigner
+gopkg.in/square/go-jose.v2/json
+gopkg.in/square/go-jose.v2/jwt
+# gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7
+## explicit
+gopkg.in/tomb.v1
+# gopkg.in/yaml.v2 v2.4.0
+## explicit; go 1.15
+gopkg.in/yaml.v2
+# gopkg.in/yaml.v3 v3.0.1
+## explicit
+gopkg.in/yaml.v3
+# helm.sh/helm/v3 v3.12.2
+## explicit; go 1.19
+helm.sh/helm/v3/internal/fileutil
+helm.sh/helm/v3/internal/ignore
+helm.sh/helm/v3/internal/resolver
+helm.sh/helm/v3/internal/sympath
+helm.sh/helm/v3/internal/third_party/dep/fs
+helm.sh/helm/v3/internal/third_party/k8s.io/kubernetes/deployment/util
+helm.sh/helm/v3/internal/tlsutil
+helm.sh/helm/v3/internal/urlutil
+helm.sh/helm/v3/internal/version
+helm.sh/helm/v3/pkg/action
+helm.sh/helm/v3/pkg/chart
+helm.sh/helm/v3/pkg/chart/loader
+helm.sh/helm/v3/pkg/chartutil
+helm.sh/helm/v3/pkg/cli
+helm.sh/helm/v3/pkg/downloader
+helm.sh/helm/v3/pkg/engine
+helm.sh/helm/v3/pkg/getter
+helm.sh/helm/v3/pkg/helmpath
+helm.sh/helm/v3/pkg/helmpath/xdg
+helm.sh/helm/v3/pkg/kube
+helm.sh/helm/v3/pkg/kube/fake
+helm.sh/helm/v3/pkg/lint
+helm.sh/helm/v3/pkg/lint/rules
+helm.sh/helm/v3/pkg/lint/support
+helm.sh/helm/v3/pkg/plugin
+helm.sh/helm/v3/pkg/postrender
+helm.sh/helm/v3/pkg/provenance
+helm.sh/helm/v3/pkg/pusher
+helm.sh/helm/v3/pkg/registry
+helm.sh/helm/v3/pkg/release
+helm.sh/helm/v3/pkg/releaseutil
+helm.sh/helm/v3/pkg/repo
+helm.sh/helm/v3/pkg/storage
+helm.sh/helm/v3/pkg/storage/driver
+helm.sh/helm/v3/pkg/time
+helm.sh/helm/v3/pkg/uploader
+# inet.af/netaddr v0.0.0-20230525184311-b8eac61e914a
+## explicit; go 1.12
+inet.af/netaddr
+# k8s.io/api v0.28.3
+## explicit; go 1.20
+k8s.io/api/admission/v1
+k8s.io/api/admission/v1beta1
+k8s.io/api/admissionregistration/v1
+k8s.io/api/admissionregistration/v1alpha1
+k8s.io/api/admissionregistration/v1beta1
+k8s.io/api/apidiscovery/v2beta1
+k8s.io/api/apiserverinternal/v1alpha1
+k8s.io/api/apps/v1
+k8s.io/api/apps/v1beta1
+k8s.io/api/apps/v1beta2
+k8s.io/api/authentication/v1
+k8s.io/api/authentication/v1alpha1
+k8s.io/api/authentication/v1beta1
+k8s.io/api/authorization/v1
+k8s.io/api/authorization/v1beta1
+k8s.io/api/autoscaling/v1
+k8s.io/api/autoscaling/v2
+k8s.io/api/autoscaling/v2beta1
+k8s.io/api/autoscaling/v2beta2
+k8s.io/api/batch/v1
+k8s.io/api/batch/v1beta1
+k8s.io/api/certificates/v1
+k8s.io/api/certificates/v1alpha1
+k8s.io/api/certificates/v1beta1
+k8s.io/api/coordination/v1
+k8s.io/api/coordination/v1beta1
+k8s.io/api/core/v1
+k8s.io/api/discovery/v1
+k8s.io/api/discovery/v1beta1
+k8s.io/api/events/v1
+k8s.io/api/events/v1beta1
+k8s.io/api/extensions/v1beta1
+k8s.io/api/flowcontrol/v1alpha1
+k8s.io/api/flowcontrol/v1beta1
+k8s.io/api/flowcontrol/v1beta2
+k8s.io/api/flowcontrol/v1beta3
+k8s.io/api/imagepolicy/v1alpha1
+k8s.io/api/networking/v1
+k8s.io/api/networking/v1alpha1
+k8s.io/api/networking/v1beta1
+k8s.io/api/node/v1
+k8s.io/api/node/v1alpha1
+k8s.io/api/node/v1beta1
+k8s.io/api/policy/v1
+k8s.io/api/policy/v1beta1
+k8s.io/api/rbac/v1
+k8s.io/api/rbac/v1alpha1
+k8s.io/api/rbac/v1beta1
+k8s.io/api/resource/v1alpha2
+k8s.io/api/scheduling/v1
+k8s.io/api/scheduling/v1alpha1
+k8s.io/api/scheduling/v1beta1
+k8s.io/api/storage/v1
+k8s.io/api/storage/v1alpha1
+k8s.io/api/storage/v1beta1
+# k8s.io/apiextensions-apiserver v0.27.2
+## explicit; go 1.20
+k8s.io/apiextensions-apiserver/pkg/apis/apiextensions
+k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/install
+k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1
+k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1
+k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset
+k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset/scheme
+k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset/typed/apiextensions/v1
+k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset/typed/apiextensions/v1beta1
+# k8s.io/apimachinery v0.28.3
+## explicit; go 1.20
+k8s.io/apimachinery/pkg/api/equality
+k8s.io/apimachinery/pkg/api/errors
+k8s.io/apimachinery/pkg/api/meta
+k8s.io/apimachinery/pkg/api/resource
+k8s.io/apimachinery/pkg/api/validation
+k8s.io/apimachinery/pkg/api/validation/path
+k8s.io/apimachinery/pkg/apis/meta/internalversion
+k8s.io/apimachinery/pkg/apis/meta/internalversion/scheme
+k8s.io/apimachinery/pkg/apis/meta/v1
+k8s.io/apimachinery/pkg/apis/meta/v1/unstructured
+k8s.io/apimachinery/pkg/apis/meta/v1/unstructured/unstructuredscheme
+k8s.io/apimachinery/pkg/apis/meta/v1/validation
+k8s.io/apimachinery/pkg/apis/meta/v1beta1
+k8s.io/apimachinery/pkg/conversion
+k8s.io/apimachinery/pkg/conversion/queryparams
+k8s.io/apimachinery/pkg/fields
+k8s.io/apimachinery/pkg/labels
+k8s.io/apimachinery/pkg/runtime
+k8s.io/apimachinery/pkg/runtime/schema
+k8s.io/apimachinery/pkg/runtime/serializer
+k8s.io/apimachinery/pkg/runtime/serializer/json
+k8s.io/apimachinery/pkg/runtime/serializer/protobuf
+k8s.io/apimachinery/pkg/runtime/serializer/recognizer
+k8s.io/apimachinery/pkg/runtime/serializer/streaming
+k8s.io/apimachinery/pkg/runtime/serializer/versioning
+k8s.io/apimachinery/pkg/selection
+k8s.io/apimachinery/pkg/types
+k8s.io/apimachinery/pkg/util/cache
+k8s.io/apimachinery/pkg/util/diff
+k8s.io/apimachinery/pkg/util/dump
+k8s.io/apimachinery/pkg/util/duration
+k8s.io/apimachinery/pkg/util/errors
+k8s.io/apimachinery/pkg/util/framer
+k8s.io/apimachinery/pkg/util/httpstream
+k8s.io/apimachinery/pkg/util/httpstream/spdy
+k8s.io/apimachinery/pkg/util/intstr
+k8s.io/apimachinery/pkg/util/json
+k8s.io/apimachinery/pkg/util/managedfields
+k8s.io/apimachinery/pkg/util/managedfields/internal
+k8s.io/apimachinery/pkg/util/mergepatch
+k8s.io/apimachinery/pkg/util/naming
+k8s.io/apimachinery/pkg/util/net
+k8s.io/apimachinery/pkg/util/rand
+k8s.io/apimachinery/pkg/util/remotecommand
+k8s.io/apimachinery/pkg/util/runtime
+k8s.io/apimachinery/pkg/util/sets
+k8s.io/apimachinery/pkg/util/strategicpatch
+k8s.io/apimachinery/pkg/util/uuid
+k8s.io/apimachinery/pkg/util/validation
+k8s.io/apimachinery/pkg/util/validation/field
+k8s.io/apimachinery/pkg/util/version
+k8s.io/apimachinery/pkg/util/wait
+k8s.io/apimachinery/pkg/util/yaml
+k8s.io/apimachinery/pkg/version
+k8s.io/apimachinery/pkg/watch
+k8s.io/apimachinery/third_party/forked/golang/json
+k8s.io/apimachinery/third_party/forked/golang/netutil
+k8s.io/apimachinery/third_party/forked/golang/reflect
+# k8s.io/apiserver v0.27.2
+## explicit; go 1.20
+k8s.io/apiserver/pkg/endpoints/deprecation
+# k8s.io/cli-runtime v0.27.2
+## explicit; go 1.20
+k8s.io/cli-runtime/pkg/genericclioptions
+k8s.io/cli-runtime/pkg/printers
+k8s.io/cli-runtime/pkg/resource
+# k8s.io/client-go v0.28.3
+## explicit; go 1.20
+k8s.io/client-go/applyconfigurations/admissionregistration/v1
+k8s.io/client-go/applyconfigurations/admissionregistration/v1alpha1
+k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1
+k8s.io/client-go/applyconfigurations/apiserverinternal/v1alpha1
+k8s.io/client-go/applyconfigurations/apps/v1
+k8s.io/client-go/applyconfigurations/apps/v1beta1
+k8s.io/client-go/applyconfigurations/apps/v1beta2
+k8s.io/client-go/applyconfigurations/autoscaling/v1
+k8s.io/client-go/applyconfigurations/autoscaling/v2
+k8s.io/client-go/applyconfigurations/autoscaling/v2beta1
+k8s.io/client-go/applyconfigurations/autoscaling/v2beta2
+k8s.io/client-go/applyconfigurations/batch/v1
+k8s.io/client-go/applyconfigurations/batch/v1beta1
+k8s.io/client-go/applyconfigurations/certificates/v1
+k8s.io/client-go/applyconfigurations/certificates/v1alpha1
+k8s.io/client-go/applyconfigurations/certificates/v1beta1
+k8s.io/client-go/applyconfigurations/coordination/v1
+k8s.io/client-go/applyconfigurations/coordination/v1beta1
+k8s.io/client-go/applyconfigurations/core/v1
+k8s.io/client-go/applyconfigurations/discovery/v1
+k8s.io/client-go/applyconfigurations/discovery/v1beta1
+k8s.io/client-go/applyconfigurations/events/v1
+k8s.io/client-go/applyconfigurations/events/v1beta1
+k8s.io/client-go/applyconfigurations/extensions/v1beta1
+k8s.io/client-go/applyconfigurations/flowcontrol/v1alpha1
+k8s.io/client-go/applyconfigurations/flowcontrol/v1beta1
+k8s.io/client-go/applyconfigurations/flowcontrol/v1beta2
+k8s.io/client-go/applyconfigurations/flowcontrol/v1beta3
+k8s.io/client-go/applyconfigurations/internal
+k8s.io/client-go/applyconfigurations/meta/v1
+k8s.io/client-go/applyconfigurations/networking/v1
+k8s.io/client-go/applyconfigurations/networking/v1alpha1
+k8s.io/client-go/applyconfigurations/networking/v1beta1
+k8s.io/client-go/applyconfigurations/node/v1
+k8s.io/client-go/applyconfigurations/node/v1alpha1
+k8s.io/client-go/applyconfigurations/node/v1beta1
+k8s.io/client-go/applyconfigurations/policy/v1
+k8s.io/client-go/applyconfigurations/policy/v1beta1
+k8s.io/client-go/applyconfigurations/rbac/v1
+k8s.io/client-go/applyconfigurations/rbac/v1alpha1
+k8s.io/client-go/applyconfigurations/rbac/v1beta1
+k8s.io/client-go/applyconfigurations/resource/v1alpha2
+k8s.io/client-go/applyconfigurations/scheduling/v1
+k8s.io/client-go/applyconfigurations/scheduling/v1alpha1
+k8s.io/client-go/applyconfigurations/scheduling/v1beta1
+k8s.io/client-go/applyconfigurations/storage/v1
+k8s.io/client-go/applyconfigurations/storage/v1alpha1
+k8s.io/client-go/applyconfigurations/storage/v1beta1
+k8s.io/client-go/discovery
+k8s.io/client-go/discovery/cached/disk
+k8s.io/client-go/discovery/cached/memory
+k8s.io/client-go/dynamic
+k8s.io/client-go/kubernetes
+k8s.io/client-go/kubernetes/scheme
+k8s.io/client-go/kubernetes/typed/admissionregistration/v1
+k8s.io/client-go/kubernetes/typed/admissionregistration/v1alpha1
+k8s.io/client-go/kubernetes/typed/admissionregistration/v1beta1
+k8s.io/client-go/kubernetes/typed/apiserverinternal/v1alpha1
+k8s.io/client-go/kubernetes/typed/apps/v1
+k8s.io/client-go/kubernetes/typed/apps/v1beta1
+k8s.io/client-go/kubernetes/typed/apps/v1beta2
+k8s.io/client-go/kubernetes/typed/authentication/v1
+k8s.io/client-go/kubernetes/typed/authentication/v1alpha1
+k8s.io/client-go/kubernetes/typed/authentication/v1beta1
+k8s.io/client-go/kubernetes/typed/authorization/v1
+k8s.io/client-go/kubernetes/typed/authorization/v1beta1
+k8s.io/client-go/kubernetes/typed/autoscaling/v1
+k8s.io/client-go/kubernetes/typed/autoscaling/v2
+k8s.io/client-go/kubernetes/typed/autoscaling/v2beta1
+k8s.io/client-go/kubernetes/typed/autoscaling/v2beta2
+k8s.io/client-go/kubernetes/typed/batch/v1
+k8s.io/client-go/kubernetes/typed/batch/v1beta1
+k8s.io/client-go/kubernetes/typed/certificates/v1
+k8s.io/client-go/kubernetes/typed/certificates/v1alpha1
+k8s.io/client-go/kubernetes/typed/certificates/v1beta1
+k8s.io/client-go/kubernetes/typed/coordination/v1
+k8s.io/client-go/kubernetes/typed/coordination/v1beta1
+k8s.io/client-go/kubernetes/typed/core/v1
+k8s.io/client-go/kubernetes/typed/discovery/v1
+k8s.io/client-go/kubernetes/typed/discovery/v1beta1
+k8s.io/client-go/kubernetes/typed/events/v1
+k8s.io/client-go/kubernetes/typed/events/v1beta1
+k8s.io/client-go/kubernetes/typed/extensions/v1beta1
+k8s.io/client-go/kubernetes/typed/flowcontrol/v1alpha1
+k8s.io/client-go/kubernetes/typed/flowcontrol/v1beta1
+k8s.io/client-go/kubernetes/typed/flowcontrol/v1beta2
+k8s.io/client-go/kubernetes/typed/flowcontrol/v1beta3
+k8s.io/client-go/kubernetes/typed/networking/v1
+k8s.io/client-go/kubernetes/typed/networking/v1alpha1
+k8s.io/client-go/kubernetes/typed/networking/v1beta1
+k8s.io/client-go/kubernetes/typed/node/v1
+k8s.io/client-go/kubernetes/typed/node/v1alpha1
+k8s.io/client-go/kubernetes/typed/node/v1beta1
+k8s.io/client-go/kubernetes/typed/policy/v1
+k8s.io/client-go/kubernetes/typed/policy/v1beta1
+k8s.io/client-go/kubernetes/typed/rbac/v1
+k8s.io/client-go/kubernetes/typed/rbac/v1alpha1
+k8s.io/client-go/kubernetes/typed/rbac/v1beta1
+k8s.io/client-go/kubernetes/typed/resource/v1alpha2
+k8s.io/client-go/kubernetes/typed/scheduling/v1
+k8s.io/client-go/kubernetes/typed/scheduling/v1alpha1
+k8s.io/client-go/kubernetes/typed/scheduling/v1beta1
+k8s.io/client-go/kubernetes/typed/storage/v1
+k8s.io/client-go/kubernetes/typed/storage/v1alpha1
+k8s.io/client-go/kubernetes/typed/storage/v1beta1
+k8s.io/client-go/metadata
+k8s.io/client-go/openapi
+k8s.io/client-go/openapi/cached
+k8s.io/client-go/openapi3
+k8s.io/client-go/pkg/apis/clientauthentication
+k8s.io/client-go/pkg/apis/clientauthentication/install
+k8s.io/client-go/pkg/apis/clientauthentication/v1
+k8s.io/client-go/pkg/apis/clientauthentication/v1beta1
+k8s.io/client-go/pkg/version
+k8s.io/client-go/plugin/pkg/client/auth
+k8s.io/client-go/plugin/pkg/client/auth/azure
+k8s.io/client-go/plugin/pkg/client/auth/exec
+k8s.io/client-go/plugin/pkg/client/auth/gcp
+k8s.io/client-go/plugin/pkg/client/auth/oidc
+k8s.io/client-go/rest
+k8s.io/client-go/rest/watch
+k8s.io/client-go/restmapper
+k8s.io/client-go/scale
+k8s.io/client-go/scale/scheme
+k8s.io/client-go/scale/scheme/appsint
+k8s.io/client-go/scale/scheme/appsv1beta1
+k8s.io/client-go/scale/scheme/appsv1beta2
+k8s.io/client-go/scale/scheme/autoscalingv1
+k8s.io/client-go/scale/scheme/extensionsint
+k8s.io/client-go/scale/scheme/extensionsv1beta1
+k8s.io/client-go/testing
+k8s.io/client-go/third_party/forked/golang/template
+k8s.io/client-go/tools/auth
+k8s.io/client-go/tools/cache
+k8s.io/client-go/tools/cache/synctrack
+k8s.io/client-go/tools/clientcmd
+k8s.io/client-go/tools/clientcmd/api
+k8s.io/client-go/tools/clientcmd/api/latest
+k8s.io/client-go/tools/clientcmd/api/v1
+k8s.io/client-go/tools/leaderelection
+k8s.io/client-go/tools/leaderelection/resourcelock
+k8s.io/client-go/tools/metrics
+k8s.io/client-go/tools/pager
+k8s.io/client-go/tools/record
+k8s.io/client-go/tools/record/util
+k8s.io/client-go/tools/reference
+k8s.io/client-go/tools/remotecommand
+k8s.io/client-go/tools/watch
+k8s.io/client-go/transport
+k8s.io/client-go/transport/spdy
+k8s.io/client-go/util/cert
+k8s.io/client-go/util/connrotation
+k8s.io/client-go/util/exec
+k8s.io/client-go/util/flowcontrol
+k8s.io/client-go/util/homedir
+k8s.io/client-go/util/jsonpath
+k8s.io/client-go/util/keyutil
+k8s.io/client-go/util/retry
+k8s.io/client-go/util/workqueue
+# k8s.io/component-base v0.27.2
+## explicit; go 1.20
+k8s.io/component-base/config
+k8s.io/component-base/config/v1alpha1
+k8s.io/component-base/version
+# k8s.io/gengo v0.0.0-20230829151522-9cce18d56c01
+## explicit; go 1.13
+k8s.io/gengo/parser
+k8s.io/gengo/types
+# k8s.io/klog v1.0.0
+## explicit; go 1.12
+k8s.io/klog
+# k8s.io/klog/v2 v2.100.1
+## explicit; go 1.13
+k8s.io/klog/v2
+k8s.io/klog/v2/internal/buffer
+k8s.io/klog/v2/internal/clock
+k8s.io/klog/v2/internal/dbg
+k8s.io/klog/v2/internal/serialize
+k8s.io/klog/v2/internal/severity
+# k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00
+## explicit; go 1.19
+k8s.io/kube-openapi/pkg/cached
+k8s.io/kube-openapi/pkg/common
+k8s.io/kube-openapi/pkg/handler3
+k8s.io/kube-openapi/pkg/internal
+k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json
+k8s.io/kube-openapi/pkg/schemaconv
+k8s.io/kube-openapi/pkg/spec3
+k8s.io/kube-openapi/pkg/util/proto
+k8s.io/kube-openapi/pkg/util/proto/validation
+k8s.io/kube-openapi/pkg/validation/spec
+# k8s.io/kubectl v0.27.2
+## explicit; go 1.20
+k8s.io/kubectl/pkg/cmd/util
+k8s.io/kubectl/pkg/scheme
+k8s.io/kubectl/pkg/util/i18n
+k8s.io/kubectl/pkg/util/interrupt
+k8s.io/kubectl/pkg/util/openapi
+k8s.io/kubectl/pkg/util/templates
+k8s.io/kubectl/pkg/util/term
+k8s.io/kubectl/pkg/validation
+# k8s.io/utils v0.0.0-20230726121419-3b25d923346b
+## explicit; go 1.18
+k8s.io/utils/buffer
+k8s.io/utils/clock
+k8s.io/utils/clock/testing
+k8s.io/utils/exec
+k8s.io/utils/integer
+k8s.io/utils/internal/third_party/forked/golang/net
+k8s.io/utils/net
+k8s.io/utils/pointer
+k8s.io/utils/ptr
+k8s.io/utils/strings/slices
+k8s.io/utils/trace
+# oras.land/oras-go v1.2.4
+## explicit; go 1.18
+oras.land/oras-go/pkg/artifact
+oras.land/oras-go/pkg/auth
+oras.land/oras-go/pkg/auth/docker
+oras.land/oras-go/pkg/content
+oras.land/oras-go/pkg/context
+oras.land/oras-go/pkg/oras
+oras.land/oras-go/pkg/registry
+oras.land/oras-go/pkg/registry/remote
+oras.land/oras-go/pkg/registry/remote/auth
+oras.land/oras-go/pkg/registry/remote/internal/errutil
+oras.land/oras-go/pkg/registry/remote/internal/syncutil
+oras.land/oras-go/pkg/target
+# sigs.k8s.io/controller-runtime v0.15.1
+## explicit; go 1.20
+sigs.k8s.io/controller-runtime
+sigs.k8s.io/controller-runtime/pkg/builder
+sigs.k8s.io/controller-runtime/pkg/cache
+sigs.k8s.io/controller-runtime/pkg/cache/internal
+sigs.k8s.io/controller-runtime/pkg/certwatcher
+sigs.k8s.io/controller-runtime/pkg/certwatcher/metrics
+sigs.k8s.io/controller-runtime/pkg/client
+sigs.k8s.io/controller-runtime/pkg/client/apiutil
+sigs.k8s.io/controller-runtime/pkg/client/config
+sigs.k8s.io/controller-runtime/pkg/client/fake
+sigs.k8s.io/controller-runtime/pkg/client/interceptor
+sigs.k8s.io/controller-runtime/pkg/cluster
+sigs.k8s.io/controller-runtime/pkg/config
+sigs.k8s.io/controller-runtime/pkg/config/v1alpha1
+sigs.k8s.io/controller-runtime/pkg/controller
+sigs.k8s.io/controller-runtime/pkg/controller/controllerutil
+sigs.k8s.io/controller-runtime/pkg/conversion
+sigs.k8s.io/controller-runtime/pkg/envtest
+sigs.k8s.io/controller-runtime/pkg/event
+sigs.k8s.io/controller-runtime/pkg/handler
+sigs.k8s.io/controller-runtime/pkg/healthz
+sigs.k8s.io/controller-runtime/pkg/internal/controller
+sigs.k8s.io/controller-runtime/pkg/internal/controller/metrics
+sigs.k8s.io/controller-runtime/pkg/internal/field/selector
+sigs.k8s.io/controller-runtime/pkg/internal/flock
+sigs.k8s.io/controller-runtime/pkg/internal/httpserver
+sigs.k8s.io/controller-runtime/pkg/internal/log
+sigs.k8s.io/controller-runtime/pkg/internal/objectutil
+sigs.k8s.io/controller-runtime/pkg/internal/recorder
+sigs.k8s.io/controller-runtime/pkg/internal/source
+sigs.k8s.io/controller-runtime/pkg/internal/testing/addr
+sigs.k8s.io/controller-runtime/pkg/internal/testing/certs
+sigs.k8s.io/controller-runtime/pkg/internal/testing/controlplane
+sigs.k8s.io/controller-runtime/pkg/internal/testing/process
+sigs.k8s.io/controller-runtime/pkg/leaderelection
+sigs.k8s.io/controller-runtime/pkg/log
+sigs.k8s.io/controller-runtime/pkg/manager
+sigs.k8s.io/controller-runtime/pkg/manager/signals
+sigs.k8s.io/controller-runtime/pkg/metrics
+sigs.k8s.io/controller-runtime/pkg/predicate
+sigs.k8s.io/controller-runtime/pkg/ratelimiter
+sigs.k8s.io/controller-runtime/pkg/reconcile
+sigs.k8s.io/controller-runtime/pkg/recorder
+sigs.k8s.io/controller-runtime/pkg/scheme
+sigs.k8s.io/controller-runtime/pkg/source
+sigs.k8s.io/controller-runtime/pkg/webhook
+sigs.k8s.io/controller-runtime/pkg/webhook/admission
+sigs.k8s.io/controller-runtime/pkg/webhook/conversion
+sigs.k8s.io/controller-runtime/pkg/webhook/internal/metrics
+# sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd
+## explicit; go 1.18
+sigs.k8s.io/json
+sigs.k8s.io/json/internal/golang/encoding/json
+# sigs.k8s.io/kustomize/api v0.13.2
+## explicit; go 1.19
+sigs.k8s.io/kustomize/api/filters/annotations
+sigs.k8s.io/kustomize/api/filters/fieldspec
+sigs.k8s.io/kustomize/api/filters/filtersutil
+sigs.k8s.io/kustomize/api/filters/fsslice
+sigs.k8s.io/kustomize/api/filters/iampolicygenerator
+sigs.k8s.io/kustomize/api/filters/imagetag
+sigs.k8s.io/kustomize/api/filters/labels
+sigs.k8s.io/kustomize/api/filters/nameref
+sigs.k8s.io/kustomize/api/filters/namespace
+sigs.k8s.io/kustomize/api/filters/patchjson6902
+sigs.k8s.io/kustomize/api/filters/patchstrategicmerge
+sigs.k8s.io/kustomize/api/filters/prefix
+sigs.k8s.io/kustomize/api/filters/refvar
+sigs.k8s.io/kustomize/api/filters/replacement
+sigs.k8s.io/kustomize/api/filters/replicacount
+sigs.k8s.io/kustomize/api/filters/suffix
+sigs.k8s.io/kustomize/api/filters/valueadd
+sigs.k8s.io/kustomize/api/hasher
+sigs.k8s.io/kustomize/api/ifc
+sigs.k8s.io/kustomize/api/image
+sigs.k8s.io/kustomize/api/internal/accumulator
+sigs.k8s.io/kustomize/api/internal/builtins
+sigs.k8s.io/kustomize/api/internal/generators
+sigs.k8s.io/kustomize/api/internal/git
+sigs.k8s.io/kustomize/api/internal/kusterr
+sigs.k8s.io/kustomize/api/internal/plugins/builtinconfig
+sigs.k8s.io/kustomize/api/internal/plugins/builtinhelpers
+sigs.k8s.io/kustomize/api/internal/plugins/execplugin
+sigs.k8s.io/kustomize/api/internal/plugins/fnplugin
+sigs.k8s.io/kustomize/api/internal/plugins/loader
+sigs.k8s.io/kustomize/api/internal/plugins/utils
+sigs.k8s.io/kustomize/api/internal/target
+sigs.k8s.io/kustomize/api/internal/utils
+sigs.k8s.io/kustomize/api/internal/validate
+sigs.k8s.io/kustomize/api/konfig
+sigs.k8s.io/kustomize/api/konfig/builtinpluginconsts
+sigs.k8s.io/kustomize/api/krusty
+sigs.k8s.io/kustomize/api/kv
+sigs.k8s.io/kustomize/api/loader
+sigs.k8s.io/kustomize/api/provenance
+sigs.k8s.io/kustomize/api/provider
+sigs.k8s.io/kustomize/api/resmap
+sigs.k8s.io/kustomize/api/resource
+sigs.k8s.io/kustomize/api/types
+# sigs.k8s.io/kustomize/kyaml v0.14.1
+## explicit; go 1.19
+sigs.k8s.io/kustomize/kyaml/comments
+sigs.k8s.io/kustomize/kyaml/errors
+sigs.k8s.io/kustomize/kyaml/ext
+sigs.k8s.io/kustomize/kyaml/fieldmeta
+sigs.k8s.io/kustomize/kyaml/filesys
+sigs.k8s.io/kustomize/kyaml/fn/runtime/container
+sigs.k8s.io/kustomize/kyaml/fn/runtime/exec
+sigs.k8s.io/kustomize/kyaml/fn/runtime/runtimeutil
+sigs.k8s.io/kustomize/kyaml/fn/runtime/starlark
+sigs.k8s.io/kustomize/kyaml/internal/forked/github.com/go-yaml/yaml
+sigs.k8s.io/kustomize/kyaml/internal/forked/github.com/qri-io/starlib/util
+sigs.k8s.io/kustomize/kyaml/kio
+sigs.k8s.io/kustomize/kyaml/kio/filters
+sigs.k8s.io/kustomize/kyaml/kio/kioutil
+sigs.k8s.io/kustomize/kyaml/openapi
+sigs.k8s.io/kustomize/kyaml/openapi/kubernetesapi
+sigs.k8s.io/kustomize/kyaml/openapi/kubernetesapi/v1_21_2
+sigs.k8s.io/kustomize/kyaml/openapi/kustomizationapi
+sigs.k8s.io/kustomize/kyaml/order
+sigs.k8s.io/kustomize/kyaml/resid
+sigs.k8s.io/kustomize/kyaml/runfn
+sigs.k8s.io/kustomize/kyaml/sets
+sigs.k8s.io/kustomize/kyaml/sliceutil
+sigs.k8s.io/kustomize/kyaml/utils
+sigs.k8s.io/kustomize/kyaml/yaml
+sigs.k8s.io/kustomize/kyaml/yaml/internal/k8sgen/pkg/labels
+sigs.k8s.io/kustomize/kyaml/yaml/internal/k8sgen/pkg/selection
+sigs.k8s.io/kustomize/kyaml/yaml/internal/k8sgen/pkg/util/errors
+sigs.k8s.io/kustomize/kyaml/yaml/internal/k8sgen/pkg/util/sets
+sigs.k8s.io/kustomize/kyaml/yaml/internal/k8sgen/pkg/util/validation
+sigs.k8s.io/kustomize/kyaml/yaml/internal/k8sgen/pkg/util/validation/field
+sigs.k8s.io/kustomize/kyaml/yaml/merge2
+sigs.k8s.io/kustomize/kyaml/yaml/merge3
+sigs.k8s.io/kustomize/kyaml/yaml/schema
+sigs.k8s.io/kustomize/kyaml/yaml/walk
+# sigs.k8s.io/release-utils v0.7.6
+## explicit; go 1.20
+sigs.k8s.io/release-utils/version
+# sigs.k8s.io/structured-merge-diff/v4 v4.3.0
+## explicit; go 1.13
+sigs.k8s.io/structured-merge-diff/v4/fieldpath
+sigs.k8s.io/structured-merge-diff/v4/merge
+sigs.k8s.io/structured-merge-diff/v4/schema
+sigs.k8s.io/structured-merge-diff/v4/typed
+sigs.k8s.io/structured-merge-diff/v4/value
+# sigs.k8s.io/yaml v1.4.0
+## explicit; go 1.12
+sigs.k8s.io/yaml
+sigs.k8s.io/yaml/goyaml.v2
+# github.com/gardener/landscaper/apis => ./apis
+# github.com/gardener/landscaper/controller-utils => ./controller-utils
+# github.com/googleapis/gnostic => github.com/googleapis/gnostic v0.4.1

From 706f7c1d08e5173f536aa3d8e3e21edaba900efd Mon Sep 17 00:00:00 2001
From: gardener-robot-ci-3 <gardener.ci.user3@gmail.com>
Date: Tue, 5 Dec 2023 10:15:51 +0000
Subject: [PATCH 08/23] Release v0.88.0

---
 VERSION                                        | 2 +-
 charts/container-deployer/Chart.yaml           | 2 +-
 charts/helm-deployer/Chart.yaml                | 2 +-
 charts/landscaper-agent/Chart.yaml             | 2 +-
 charts/landscaper/Chart.yaml                   | 2 +-
 charts/landscaper/charts/landscaper/Chart.yaml | 2 +-
 charts/landscaper/charts/rbac/Chart.yaml       | 2 +-
 charts/manifest-deployer/Chart.yaml            | 2 +-
 charts/mock-deployer/Chart.yaml                | 2 +-
 controller-utils/go.mod                        | 2 +-
 controller-utils/vendor/modules.txt            | 2 +-
 go.mod                                         | 4 ++--
 vendor/modules.txt                             | 4 ++--
 13 files changed, 15 insertions(+), 15 deletions(-)

diff --git a/VERSION b/VERSION
index 851f28702..59cca7ccd 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-v0.88.0-dev
\ No newline at end of file
+v0.88.0
\ No newline at end of file
diff --git a/charts/container-deployer/Chart.yaml b/charts/container-deployer/Chart.yaml
index 284d5a5ee..e604f6ef1 100644
--- a/charts/container-deployer/Chart.yaml
+++ b/charts/container-deployer/Chart.yaml
@@ -24,4 +24,4 @@ version: v0.1.0
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
-appVersion: v0.78.0
+appVersion: v0.88.0
diff --git a/charts/helm-deployer/Chart.yaml b/charts/helm-deployer/Chart.yaml
index 1bb7c611d..99413d287 100644
--- a/charts/helm-deployer/Chart.yaml
+++ b/charts/helm-deployer/Chart.yaml
@@ -24,4 +24,4 @@ version: v0.1.0
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
-appVersion: v0.78.0
+appVersion: v0.88.0
diff --git a/charts/landscaper-agent/Chart.yaml b/charts/landscaper-agent/Chart.yaml
index 4b1c47a54..1e9fa24c3 100644
--- a/charts/landscaper-agent/Chart.yaml
+++ b/charts/landscaper-agent/Chart.yaml
@@ -24,4 +24,4 @@ version: v0.1.0
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
-appVersion: v0.78.0
+appVersion: v0.88.0
diff --git a/charts/landscaper/Chart.yaml b/charts/landscaper/Chart.yaml
index 0cbf9561c..17b0615d8 100644
--- a/charts/landscaper/Chart.yaml
+++ b/charts/landscaper/Chart.yaml
@@ -24,7 +24,7 @@ version: v0.1.0
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
-appVersion: v0.78.0
+appVersion: v0.88.0
 
 dependencies:
 - name: landscaper-controller
diff --git a/charts/landscaper/charts/landscaper/Chart.yaml b/charts/landscaper/charts/landscaper/Chart.yaml
index 77f9c1c97..e036a3372 100644
--- a/charts/landscaper/charts/landscaper/Chart.yaml
+++ b/charts/landscaper/charts/landscaper/Chart.yaml
@@ -24,4 +24,4 @@ version: v0.1.0
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
-appVersion: v0.78.0
+appVersion: v0.88.0
diff --git a/charts/landscaper/charts/rbac/Chart.yaml b/charts/landscaper/charts/rbac/Chart.yaml
index 3f4001cb3..4c59a0ed4 100644
--- a/charts/landscaper/charts/rbac/Chart.yaml
+++ b/charts/landscaper/charts/rbac/Chart.yaml
@@ -24,4 +24,4 @@ version: v0.1.0
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
-appVersion: v0.78.0
+appVersion: v0.88.0
diff --git a/charts/manifest-deployer/Chart.yaml b/charts/manifest-deployer/Chart.yaml
index 1b41a1573..d957e6139 100644
--- a/charts/manifest-deployer/Chart.yaml
+++ b/charts/manifest-deployer/Chart.yaml
@@ -24,4 +24,4 @@ version: v0.1.0
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
-appVersion: v0.78.0
+appVersion: v0.88.0
diff --git a/charts/mock-deployer/Chart.yaml b/charts/mock-deployer/Chart.yaml
index c6c7af679..b0640cf4c 100644
--- a/charts/mock-deployer/Chart.yaml
+++ b/charts/mock-deployer/Chart.yaml
@@ -24,4 +24,4 @@ version: v0.1.0
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
-appVersion: v0.78.0
+appVersion: v0.88.0
diff --git a/controller-utils/go.mod b/controller-utils/go.mod
index 4c8036069..f907c65f2 100644
--- a/controller-utils/go.mod
+++ b/controller-utils/go.mod
@@ -3,7 +3,7 @@ module github.com/gardener/landscaper/controller-utils
 go 1.20
 
 require (
-	github.com/gardener/landscaper/apis v0.0.0-00010101000000-000000000000
+	github.com/gardener/landscaper/apis v0.88.0
 	github.com/go-logr/logr v1.2.4
 	github.com/go-logr/zapr v1.2.4
 	github.com/golang/mock v1.6.0
diff --git a/controller-utils/vendor/modules.txt b/controller-utils/vendor/modules.txt
index 12fa5eacc..eb3f53b83 100644
--- a/controller-utils/vendor/modules.txt
+++ b/controller-utils/vendor/modules.txt
@@ -21,7 +21,7 @@ github.com/fsnotify/fsnotify
 ## explicit; go 1.18
 github.com/gardener/component-spec/bindings-go/apis/v2
 github.com/gardener/component-spec/bindings-go/utils/selector
-# github.com/gardener/landscaper/apis v0.0.0-00010101000000-000000000000 => ../apis
+# github.com/gardener/landscaper/apis v0.88.0 => ../apis
 ## explicit; go 1.20
 github.com/gardener/landscaper/apis/config
 github.com/gardener/landscaper/apis/core
diff --git a/go.mod b/go.mod
index 03062ddd7..dc51caa4c 100644
--- a/go.mod
+++ b/go.mod
@@ -12,8 +12,8 @@ require (
 	github.com/gardener/component-cli v0.44.0
 	github.com/gardener/component-spec/bindings-go v0.0.95
 	github.com/gardener/image-vector v0.10.0
-	github.com/gardener/landscaper/apis v0.0.0-00010101000000-000000000000
-	github.com/gardener/landscaper/controller-utils v0.0.0-00010101000000-000000000000
+	github.com/gardener/landscaper/apis v0.88.0
+	github.com/gardener/landscaper/controller-utils v0.88.0
 	github.com/go-logr/logr v1.3.0
 	github.com/golang/mock v1.6.0
 	github.com/google/uuid v1.4.0
diff --git a/vendor/modules.txt b/vendor/modules.txt
index 9bb392e68..9e57f1e39 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -608,7 +608,7 @@ github.com/gardener/component-spec/bindings-go/utils/selector
 # github.com/gardener/image-vector v0.10.0
 ## explicit; go 1.16
 github.com/gardener/image-vector/pkg
-# github.com/gardener/landscaper/apis v0.0.0-00010101000000-000000000000 => ./apis
+# github.com/gardener/landscaper/apis v0.88.0 => ./apis
 ## explicit; go 1.20
 github.com/gardener/landscaper/apis/config
 github.com/gardener/landscaper/apis/config/install
@@ -646,7 +646,7 @@ github.com/gardener/landscaper/apis/errors
 github.com/gardener/landscaper/apis/mediatype
 github.com/gardener/landscaper/apis/schema
 github.com/gardener/landscaper/apis/utils
-# github.com/gardener/landscaper/controller-utils v0.0.0-00010101000000-000000000000 => ./controller-utils
+# github.com/gardener/landscaper/controller-utils v0.88.0 => ./controller-utils
 ## explicit; go 1.20
 github.com/gardener/landscaper/controller-utils/pkg/crdmanager
 github.com/gardener/landscaper/controller-utils/pkg/errors

From a3be32b11ddf2c7e01726e26e70013f2a66d3c2b Mon Sep 17 00:00:00 2001
From: gardener-robot-ci-2 <gardener.ci.user2@gmail.com>
Date: Tue, 5 Dec 2023 10:16:10 +0000
Subject: [PATCH 09/23] Prepare next Dev Cycle v0.89.0-dev

---
 VERSION                                        | 2 +-
 charts/container-deployer/Chart.yaml           | 2 +-
 charts/helm-deployer/Chart.yaml                | 2 +-
 charts/landscaper-agent/Chart.yaml             | 2 +-
 charts/landscaper/Chart.yaml                   | 2 +-
 charts/landscaper/charts/landscaper/Chart.yaml | 2 +-
 charts/landscaper/charts/rbac/Chart.yaml       | 2 +-
 charts/manifest-deployer/Chart.yaml            | 2 +-
 charts/mock-deployer/Chart.yaml                | 2 +-
 controller-utils/go.mod                        | 2 +-
 controller-utils/vendor/modules.txt            | 2 +-
 vendor/modules.txt                             | 4 ++--
 12 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/VERSION b/VERSION
index 59cca7ccd..7883aa720 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-v0.88.0
\ No newline at end of file
+v0.89.0-dev
\ No newline at end of file
diff --git a/charts/container-deployer/Chart.yaml b/charts/container-deployer/Chart.yaml
index e604f6ef1..284d5a5ee 100644
--- a/charts/container-deployer/Chart.yaml
+++ b/charts/container-deployer/Chart.yaml
@@ -24,4 +24,4 @@ version: v0.1.0
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
-appVersion: v0.88.0
+appVersion: v0.78.0
diff --git a/charts/helm-deployer/Chart.yaml b/charts/helm-deployer/Chart.yaml
index 99413d287..1bb7c611d 100644
--- a/charts/helm-deployer/Chart.yaml
+++ b/charts/helm-deployer/Chart.yaml
@@ -24,4 +24,4 @@ version: v0.1.0
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
-appVersion: v0.88.0
+appVersion: v0.78.0
diff --git a/charts/landscaper-agent/Chart.yaml b/charts/landscaper-agent/Chart.yaml
index 1e9fa24c3..4b1c47a54 100644
--- a/charts/landscaper-agent/Chart.yaml
+++ b/charts/landscaper-agent/Chart.yaml
@@ -24,4 +24,4 @@ version: v0.1.0
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
-appVersion: v0.88.0
+appVersion: v0.78.0
diff --git a/charts/landscaper/Chart.yaml b/charts/landscaper/Chart.yaml
index 17b0615d8..0cbf9561c 100644
--- a/charts/landscaper/Chart.yaml
+++ b/charts/landscaper/Chart.yaml
@@ -24,7 +24,7 @@ version: v0.1.0
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
-appVersion: v0.88.0
+appVersion: v0.78.0
 
 dependencies:
 - name: landscaper-controller
diff --git a/charts/landscaper/charts/landscaper/Chart.yaml b/charts/landscaper/charts/landscaper/Chart.yaml
index e036a3372..77f9c1c97 100644
--- a/charts/landscaper/charts/landscaper/Chart.yaml
+++ b/charts/landscaper/charts/landscaper/Chart.yaml
@@ -24,4 +24,4 @@ version: v0.1.0
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
-appVersion: v0.88.0
+appVersion: v0.78.0
diff --git a/charts/landscaper/charts/rbac/Chart.yaml b/charts/landscaper/charts/rbac/Chart.yaml
index 4c59a0ed4..3f4001cb3 100644
--- a/charts/landscaper/charts/rbac/Chart.yaml
+++ b/charts/landscaper/charts/rbac/Chart.yaml
@@ -24,4 +24,4 @@ version: v0.1.0
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
-appVersion: v0.88.0
+appVersion: v0.78.0
diff --git a/charts/manifest-deployer/Chart.yaml b/charts/manifest-deployer/Chart.yaml
index d957e6139..1b41a1573 100644
--- a/charts/manifest-deployer/Chart.yaml
+++ b/charts/manifest-deployer/Chart.yaml
@@ -24,4 +24,4 @@ version: v0.1.0
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
-appVersion: v0.88.0
+appVersion: v0.78.0
diff --git a/charts/mock-deployer/Chart.yaml b/charts/mock-deployer/Chart.yaml
index b0640cf4c..c6c7af679 100644
--- a/charts/mock-deployer/Chart.yaml
+++ b/charts/mock-deployer/Chart.yaml
@@ -24,4 +24,4 @@ version: v0.1.0
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
-appVersion: v0.88.0
+appVersion: v0.78.0
diff --git a/controller-utils/go.mod b/controller-utils/go.mod
index f907c65f2..4c8036069 100644
--- a/controller-utils/go.mod
+++ b/controller-utils/go.mod
@@ -3,7 +3,7 @@ module github.com/gardener/landscaper/controller-utils
 go 1.20
 
 require (
-	github.com/gardener/landscaper/apis v0.88.0
+	github.com/gardener/landscaper/apis v0.0.0-00010101000000-000000000000
 	github.com/go-logr/logr v1.2.4
 	github.com/go-logr/zapr v1.2.4
 	github.com/golang/mock v1.6.0
diff --git a/controller-utils/vendor/modules.txt b/controller-utils/vendor/modules.txt
index eb3f53b83..12fa5eacc 100644
--- a/controller-utils/vendor/modules.txt
+++ b/controller-utils/vendor/modules.txt
@@ -21,7 +21,7 @@ github.com/fsnotify/fsnotify
 ## explicit; go 1.18
 github.com/gardener/component-spec/bindings-go/apis/v2
 github.com/gardener/component-spec/bindings-go/utils/selector
-# github.com/gardener/landscaper/apis v0.88.0 => ../apis
+# github.com/gardener/landscaper/apis v0.0.0-00010101000000-000000000000 => ../apis
 ## explicit; go 1.20
 github.com/gardener/landscaper/apis/config
 github.com/gardener/landscaper/apis/core
diff --git a/vendor/modules.txt b/vendor/modules.txt
index 9e57f1e39..9bb392e68 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -608,7 +608,7 @@ github.com/gardener/component-spec/bindings-go/utils/selector
 # github.com/gardener/image-vector v0.10.0
 ## explicit; go 1.16
 github.com/gardener/image-vector/pkg
-# github.com/gardener/landscaper/apis v0.88.0 => ./apis
+# github.com/gardener/landscaper/apis v0.0.0-00010101000000-000000000000 => ./apis
 ## explicit; go 1.20
 github.com/gardener/landscaper/apis/config
 github.com/gardener/landscaper/apis/config/install
@@ -646,7 +646,7 @@ github.com/gardener/landscaper/apis/errors
 github.com/gardener/landscaper/apis/mediatype
 github.com/gardener/landscaper/apis/schema
 github.com/gardener/landscaper/apis/utils
-# github.com/gardener/landscaper/controller-utils v0.88.0 => ./controller-utils
+# github.com/gardener/landscaper/controller-utils v0.0.0-00010101000000-000000000000 => ./controller-utils
 ## explicit; go 1.20
 github.com/gardener/landscaper/controller-utils/pkg/crdmanager
 github.com/gardener/landscaper/controller-utils/pkg/errors

From b922fe3b59a6ffa99ae74489a172f71deb1fb154 Mon Sep 17 00:00:00 2001
From: guewa <72857276+guewa@users.noreply.github.com>
Date: Wed, 6 Dec 2023 09:06:57 +0100
Subject: [PATCH 10/23] update go dependency otel v0.21.0 (#914)

* update go dependency otel v0.21.0

* run (run-int-tests)
---
 go.mod                                        |    21 +-
 go.sum                                        |    13 +
 .../Azure/azure-sdk-for-go/storage/README.md  |    23 +
 .../azure-sdk-for-go/storage/appendblob.go    |    79 +
 .../azure-sdk-for-go/storage/authorization.go |   235 +
 .../Azure/azure-sdk-for-go/storage/blob.go    |   621 +
 .../azure-sdk-for-go/storage/blobsasuri.go    |   168 +
 .../storage/blobserviceclient.go              |   175 +
 .../azure-sdk-for-go/storage/blockblob.go     |   300 +
 .../Azure/azure-sdk-for-go/storage/client.go  |  1061 +
 .../azure-sdk-for-go/storage/commonsasuri.go  |    27 +
 .../azure-sdk-for-go/storage/container.go     |   629 +
 .../azure-sdk-for-go/storage/copyblob.go      |   226 +
 .../azure-sdk-for-go/storage/directory.go     |   227 +
 .../Azure/azure-sdk-for-go/storage/entity.go  |   455 +
 .../Azure/azure-sdk-for-go/storage/file.go    |   473 +
 .../storage/fileserviceclient.go              |   327 +
 .../azure-sdk-for-go/storage/leaseblob.go     |   190 +
 .../Azure/azure-sdk-for-go/storage/message.go |   160 +
 .../Azure/azure-sdk-for-go/storage/odata.go   |    37 +
 .../azure-sdk-for-go/storage/pageblob.go      |   192 +
 .../Azure/azure-sdk-for-go/storage/queue.go   |   425 +
 .../azure-sdk-for-go/storage/queuesasuri.go   |   135 +
 .../storage/queueserviceclient.go             |    31 +
 .../Azure/azure-sdk-for-go/storage/share.go   |   205 +
 .../azure-sdk-for-go/storage/storagepolicy.go |    50 +
 .../storage/storageservice.go                 |   139 +
 .../Azure/azure-sdk-for-go/storage/table.go   |   412 +
 .../azure-sdk-for-go/storage/table_batch.go   |   314 +
 .../storage/tableserviceclient.go             |   193 +
 .../Azure/azure-sdk-for-go/storage/util.go    |   249 +
 .../Shopify/logrus-bugsnag/.travis.yml        |     4 +
 .../github.com/Shopify/logrus-bugsnag/LICENSE |    21 +
 .../Shopify/logrus-bugsnag/README.md          |    24 +
 .../Shopify/logrus-bugsnag/bugsnag.go         |    81 +
 .../github.com/Shopify/logrus-bugsnag/dev.yml |     8 +
 vendor/github.com/aws/aws-sdk-go/LICENSE.txt  |   202 +
 vendor/github.com/aws/aws-sdk-go/NOTICE.txt   |     3 +
 .../github.com/aws/aws-sdk-go/aws/arn/arn.go  |    93 +
 .../aws/aws-sdk-go/aws/awserr/error.go        |   164 +
 .../aws/aws-sdk-go/aws/awserr/types.go        |   221 +
 .../aws/aws-sdk-go/aws/awsutil/copy.go        |   108 +
 .../aws/aws-sdk-go/aws/awsutil/equal.go       |    27 +
 .../aws/aws-sdk-go/aws/awsutil/path_value.go  |   221 +
 .../aws/aws-sdk-go/aws/awsutil/prettify.go    |   123 +
 .../aws-sdk-go/aws/awsutil/string_value.go    |    90 +
 .../aws/aws-sdk-go/aws/client/client.go       |    94 +
 .../aws-sdk-go/aws/client/default_retryer.go  |   177 +
 .../aws/aws-sdk-go/aws/client/logger.go       |   206 +
 .../aws/client/metadata/client_info.go        |    15 +
 .../aws-sdk-go/aws/client/no_op_retryer.go    |    28 +
 .../github.com/aws/aws-sdk-go/aws/config.go   |   659 +
 .../aws/aws-sdk-go/aws/context_1_5.go         |    38 +
 .../aws/aws-sdk-go/aws/context_1_9.go         |    12 +
 .../aws-sdk-go/aws/context_background_1_5.go  |    23 +
 .../aws-sdk-go/aws/context_background_1_7.go  |    21 +
 .../aws/aws-sdk-go/aws/context_sleep.go       |    24 +
 .../aws/aws-sdk-go/aws/convert_types.go       |   918 +
 .../aws-sdk-go/aws/corehandlers/handlers.go   |   232 +
 .../aws/corehandlers/param_validator.go       |    17 +
 .../aws-sdk-go/aws/corehandlers/user_agent.go |    37 +
 .../aws/credentials/chain_provider.go         |   100 +
 .../credentials/context_background_go1.5.go   |    23 +
 .../credentials/context_background_go1.7.go   |    21 +
 .../aws/credentials/context_go1.5.go          |    40 +
 .../aws/credentials/context_go1.9.go          |    14 +
 .../aws-sdk-go/aws/credentials/credentials.go |   383 +
 .../ec2rolecreds/ec2_role_provider.go         |   188 +
 .../aws/credentials/endpointcreds/provider.go |   210 +
 .../aws/credentials/env_provider.go           |    74 +
 .../aws-sdk-go/aws/credentials/example.ini    |    12 +
 .../aws/credentials/processcreds/provider.go  |   438 +
 .../shared_credentials_provider.go            |   151 +
 .../aws/credentials/ssocreds/doc.go           |    60 +
 .../aws-sdk-go/aws/credentials/ssocreds/os.go |    10 +
 .../aws/credentials/ssocreds/os_windows.go    |     7 +
 .../aws/credentials/ssocreds/provider.go      |   180 +
 .../aws/credentials/static_provider.go        |    57 +
 .../stscreds/assume_role_provider.go          |   371 +
 .../stscreds/web_identity_provider.go         |   182 +
 .../github.com/aws/aws-sdk-go/aws/csm/doc.go  |    69 +
 .../aws/aws-sdk-go/aws/csm/enable.go          |    89 +
 .../aws/aws-sdk-go/aws/csm/metric.go          |   109 +
 .../aws/aws-sdk-go/aws/csm/metric_chan.go     |    55 +
 .../aws-sdk-go/aws/csm/metric_exception.go    |    26 +
 .../aws/aws-sdk-go/aws/csm/reporter.go        |   264 +
 .../aws/aws-sdk-go/aws/defaults/defaults.go   |   207 +
 .../aws-sdk-go/aws/defaults/shared_config.go  |    27 +
 vendor/github.com/aws/aws-sdk-go/aws/doc.go   |    56 +
 .../aws/aws-sdk-go/aws/ec2metadata/api.go     |   250 +
 .../aws/aws-sdk-go/aws/ec2metadata/service.go |   245 +
 .../aws/ec2metadata/token_provider.go         |    96 +
 .../aws/aws-sdk-go/aws/endpoints/decode.go    |   193 +
 .../aws/aws-sdk-go/aws/endpoints/defaults.go  | 40212 +++++++++++++++
 .../aws/endpoints/dep_service_ids.go          |   141 +
 .../aws/aws-sdk-go/aws/endpoints/doc.go       |    65 +
 .../aws/aws-sdk-go/aws/endpoints/endpoints.go |   708 +
 .../aws/endpoints/legacy_regions.go           |    24 +
 .../aws/aws-sdk-go/aws/endpoints/v3model.go   |   594 +
 .../aws/endpoints/v3model_codegen.go          |   412 +
 .../github.com/aws/aws-sdk-go/aws/errors.go   |    13 +
 .../aws/aws-sdk-go/aws/jsonvalue.go           |    12 +
 .../github.com/aws/aws-sdk-go/aws/logger.go   |   121 +
 .../aws/request/connection_reset_error.go     |    19 +
 .../aws/aws-sdk-go/aws/request/handlers.go    |   346 +
 .../aws-sdk-go/aws/request/http_request.go    |    24 +
 .../aws-sdk-go/aws/request/offset_reader.go   |    65 +
 .../aws/aws-sdk-go/aws/request/request.go     |   722 +
 .../aws/aws-sdk-go/aws/request/request_1_7.go |    40 +
 .../aws/aws-sdk-go/aws/request/request_1_8.go |    37 +
 .../aws-sdk-go/aws/request/request_context.go |    15 +
 .../aws/request/request_context_1_6.go        |    15 +
 .../aws/request/request_pagination.go         |   266 +
 .../aws/aws-sdk-go/aws/request/retryer.go     |   309 +
 .../aws/request/timeout_read_closer.go        |    94 +
 .../aws/aws-sdk-go/aws/request/validation.go  |   286 +
 .../aws/aws-sdk-go/aws/request/waiter.go      |   295 +
 .../aws/aws-sdk-go/aws/session/credentials.go |   303 +
 .../aws/session/custom_transport.go           |    28 +
 .../aws/session/custom_transport_go1.12.go    |    27 +
 .../aws/session/custom_transport_go1.5.go     |    23 +
 .../aws/session/custom_transport_go1.6.go     |    24 +
 .../aws/aws-sdk-go/aws/session/doc.go         |   367 +
 .../aws/aws-sdk-go/aws/session/env_config.go  |   471 +
 .../aws/aws-sdk-go/aws/session/session.go     |   997 +
 .../aws-sdk-go/aws/session/shared_config.go   |   729 +
 .../aws-sdk-go/aws/signer/v4/header_rules.go  |    81 +
 .../aws/aws-sdk-go/aws/signer/v4/options.go   |     7 +
 .../aws/signer/v4/request_context_go1.5.go    |    14 +
 .../aws/signer/v4/request_context_go1.7.go    |    14 +
 .../aws/aws-sdk-go/aws/signer/v4/stream.go    |    63 +
 .../aws/aws-sdk-go/aws/signer/v4/uri_path.go  |    25 +
 .../aws/aws-sdk-go/aws/signer/v4/v4.go        |   855 +
 vendor/github.com/aws/aws-sdk-go/aws/types.go |   264 +
 vendor/github.com/aws/aws-sdk-go/aws/url.go   |    13 +
 .../github.com/aws/aws-sdk-go/aws/url_1_7.go  |    30 +
 .../github.com/aws/aws-sdk-go/aws/version.go  |     8 +
 .../internal/context/background_go1.5.go      |    41 +
 .../aws/aws-sdk-go/internal/ini/ast.go        |   120 +
 .../aws-sdk-go/internal/ini/comma_token.go    |    11 +
 .../aws-sdk-go/internal/ini/comment_token.go  |    35 +
 .../aws/aws-sdk-go/internal/ini/doc.go        |    42 +
 .../aws-sdk-go/internal/ini/empty_token.go    |     4 +
 .../aws/aws-sdk-go/internal/ini/expression.go |    24 +
 .../aws/aws-sdk-go/internal/ini/fuzz.go       |    18 +
 .../aws/aws-sdk-go/internal/ini/ini.go        |    51 +
 .../aws/aws-sdk-go/internal/ini/ini_lexer.go  |   165 +
 .../aws/aws-sdk-go/internal/ini/ini_parser.go |   350 +
 .../aws-sdk-go/internal/ini/literal_tokens.go |   340 +
 .../aws-sdk-go/internal/ini/newline_token.go  |    30 +
 .../aws-sdk-go/internal/ini/number_helper.go  |   152 +
 .../aws/aws-sdk-go/internal/ini/op_tokens.go  |    39 +
 .../aws-sdk-go/internal/ini/parse_error.go    |    43 +
 .../aws-sdk-go/internal/ini/parse_stack.go    |    60 +
 .../aws/aws-sdk-go/internal/ini/sep_tokens.go |    41 +
 .../aws/aws-sdk-go/internal/ini/skipper.go    |    45 +
 .../aws/aws-sdk-go/internal/ini/statement.go  |    35 +
 .../aws/aws-sdk-go/internal/ini/value_util.go |   284 +
 .../aws/aws-sdk-go/internal/ini/visitor.go    |   169 +
 .../aws/aws-sdk-go/internal/ini/walker.go     |    25 +
 .../aws/aws-sdk-go/internal/ini/ws_token.go   |    24 +
 .../internal/s3shared/arn/accesspoint_arn.go  |    50 +
 .../aws-sdk-go/internal/s3shared/arn/arn.go   |    94 +
 .../internal/s3shared/arn/outpost_arn.go      |   126 +
 .../s3shared/arn/s3_object_lambda_arn.go      |    15 +
 .../internal/s3shared/endpoint_errors.go      |   202 +
 .../internal/s3shared/resource_request.go     |    45 +
 .../internal/s3shared/s3err/error.go          |    57 +
 .../aws/aws-sdk-go/internal/sdkio/byte.go     |    12 +
 .../aws/aws-sdk-go/internal/sdkio/io_go1.6.go |    11 +
 .../aws/aws-sdk-go/internal/sdkio/io_go1.7.go |    13 +
 .../aws/aws-sdk-go/internal/sdkmath/floor.go  |    16 +
 .../internal/sdkmath/floor_go1.9.go           |    57 +
 .../internal/sdkrand/locked_source.go         |    29 +
 .../aws/aws-sdk-go/internal/sdkrand/read.go   |    12 +
 .../aws-sdk-go/internal/sdkrand/read_1_5.go   |    25 +
 .../aws/aws-sdk-go/internal/sdkuri/path.go    |    23 +
 .../internal/shareddefaults/ecs_container.go  |    12 +
 .../internal/shareddefaults/shared_config.go  |    46 +
 .../shared_config_resolve_home.go             |    18 +
 .../shared_config_resolve_home_go1.12.go      |    13 +
 .../aws-sdk-go/internal/strings/strings.go    |    11 +
 .../internal/sync/singleflight/LICENSE        |    27 +
 .../sync/singleflight/singleflight.go         |   120 +
 .../private/checksum/content_md5.go           |    53 +
 .../private/protocol/eventstream/debug.go     |   144 +
 .../private/protocol/eventstream/decode.go    |   216 +
 .../private/protocol/eventstream/encode.go    |   162 +
 .../private/protocol/eventstream/error.go     |    23 +
 .../eventstream/eventstreamapi/error.go       |    81 +
 .../eventstream/eventstreamapi/reader.go      |   173 +
 .../eventstream/eventstreamapi/shared.go      |    23 +
 .../eventstream/eventstreamapi/signer.go      |   123 +
 .../eventstreamapi/stream_writer.go           |   129 +
 .../eventstream/eventstreamapi/transport.go   |    10 +
 .../eventstreamapi/transport_go1.17.go        |    19 +
 .../eventstream/eventstreamapi/writer.go      |    63 +
 .../private/protocol/eventstream/header.go    |   175 +
 .../protocol/eventstream/header_value.go      |   506 +
 .../private/protocol/eventstream/message.go   |   117 +
 .../aws/aws-sdk-go/private/protocol/host.go   |   104 +
 .../private/protocol/host_prefix.go           |    54 +
 .../private/protocol/idempotency.go           |    75 +
 .../private/protocol/json/jsonutil/build.go   |   309 +
 .../protocol/json/jsonutil/unmarshal.go       |   317 +
 .../private/protocol/jsonrpc/jsonrpc.go       |    87 +
 .../protocol/jsonrpc/unmarshal_error.go       |   160 +
 .../aws-sdk-go/private/protocol/jsonvalue.go  |    76 +
 .../aws-sdk-go/private/protocol/payload.go    |    81 +
 .../aws-sdk-go/private/protocol/protocol.go   |    49 +
 .../private/protocol/query/build.go           |    36 +
 .../protocol/query/queryutil/queryutil.go     |   276 +
 .../private/protocol/query/unmarshal.go       |    39 +
 .../private/protocol/query/unmarshal_error.go |    70 +
 .../aws-sdk-go/private/protocol/rest/build.go |   349 +
 .../private/protocol/rest/payload.go          |    54 +
 .../private/protocol/rest/unmarshal.go        |   276 +
 .../private/protocol/restjson/restjson.go     |    59 +
 .../protocol/restjson/unmarshal_error.go      |   157 +
 .../private/protocol/restxml/restxml.go       |    79 +
 .../aws-sdk-go/private/protocol/timestamp.go  |   134 +
 .../aws-sdk-go/private/protocol/unmarshal.go  |    27 +
 .../private/protocol/unmarshal_error.go       |    65 +
 .../private/protocol/xml/xmlutil/build.go     |   345 +
 .../private/protocol/xml/xmlutil/sort.go      |    32 +
 .../private/protocol/xml/xmlutil/unmarshal.go |   311 +
 .../protocol/xml/xmlutil/xml_to_struct.go     |   173 +
 .../service/cloudfront/sign/policy.go         |   238 +
 .../cloudfront/sign/policy_json_1_6.go        |    15 +
 .../cloudfront/sign/policy_json_1_7.go        |    17 +
 .../service/cloudfront/sign/privkey.go        |    68 +
 .../service/cloudfront/sign/randomreader.go   |    30 +
 .../service/cloudfront/sign/sign_cookie.go    |   243 +
 .../service/cloudfront/sign/sign_url.go       |   202 +
 .../aws/aws-sdk-go/service/s3/api.go          | 42420 ++++++++++++++++
 .../aws/aws-sdk-go/service/s3/body_hash.go    |   202 +
 .../aws-sdk-go/service/s3/bucket_location.go  |   107 +
 .../aws-sdk-go/service/s3/customizations.go   |    89 +
 .../aws/aws-sdk-go/service/s3/doc.go          |    26 +
 .../aws/aws-sdk-go/service/s3/doc_custom.go   |   109 +
 .../aws/aws-sdk-go/service/s3/endpoint.go     |   298 +
 .../aws-sdk-go/service/s3/endpoint_builder.go |   239 +
 .../aws/aws-sdk-go/service/s3/errors.go       |    60 +
 .../service/s3/host_style_bucket.go           |   136 +
 .../service/s3/platform_handlers.go           |     9 +
 .../service/s3/platform_handlers_go1.6.go     |    29 +
 .../aws/aws-sdk-go/service/s3/service.go      |   108 +
 .../aws/aws-sdk-go/service/s3/sse.go          |    84 +
 .../aws-sdk-go/service/s3/statusok_error.go   |    47 +
 .../aws-sdk-go/service/s3/unmarshal_error.go  |   114 +
 .../aws/aws-sdk-go/service/s3/waiters.go      |   214 +
 .../aws/aws-sdk-go/service/sso/api.go         |  1367 +
 .../aws/aws-sdk-go/service/sso/doc.go         |    45 +
 .../aws/aws-sdk-go/service/sso/errors.go      |    44 +
 .../aws/aws-sdk-go/service/sso/service.go     |   106 +
 .../service/sso/ssoiface/interface.go         |    86 +
 .../aws/aws-sdk-go/service/sts/api.go         |  3464 ++
 .../aws-sdk-go/service/sts/customizations.go  |    11 +
 .../aws/aws-sdk-go/service/sts/doc.go         |    31 +
 .../aws/aws-sdk-go/service/sts/errors.go      |    84 +
 .../aws/aws-sdk-go/service/sts/service.go     |   104 +
 .../service/sts/stsiface/interface.go         |    96 +
 .../logrus-logstash-hook/.gitignore           |    26 +
 .../logrus-logstash-hook/.travis.yml          |    16 +
 .../logrus-logstash-hook/CHANGELOG.md         |    24 +
 .../logrus-logstash-hook/LICENSE              |    21 +
 .../logrus-logstash-hook/README.md            |    58 +
 .../logrus-logstash-hook/hook.go              |   126 +
 .../github.com/bugsnag/bugsnag-go/.travis.yml |    13 +
 .../bugsnag/bugsnag-go/CHANGELOG.md           |    22 +
 .../bugsnag/bugsnag-go/CONTRIBUTING.md        |    78 +
 .../github.com/bugsnag/bugsnag-go/LICENSE.txt |    20 +
 vendor/github.com/bugsnag/bugsnag-go/Makefile |     2 +
 .../github.com/bugsnag/bugsnag-go/README.md   |   522 +
 .../bugsnag/bugsnag-go/appengine.go           |    81 +
 .../github.com/bugsnag/bugsnag-go/bugsnag.go  |   131 +
 .../bugsnag/bugsnag-go/configuration.go       |   161 +
 vendor/github.com/bugsnag/bugsnag-go/doc.go   |    69 +
 .../bugsnag/bugsnag-go/errors/README.md       |     6 +
 .../bugsnag/bugsnag-go/errors/error.go        |    90 +
 .../bugsnag/bugsnag-go/errors/parse_panic.go  |   127 +
 .../bugsnag/bugsnag-go/errors/stackframe.go   |    97 +
 vendor/github.com/bugsnag/bugsnag-go/event.go |   143 +
 .../bugsnag/bugsnag-go/json_tags.go           |    43 +
 .../github.com/bugsnag/bugsnag-go/metadata.go |   189 +
 .../bugsnag/bugsnag-go/middleware.go          |    96 +
 .../github.com/bugsnag/bugsnag-go/notifier.go |    95 +
 .../bugsnag/bugsnag-go/panicwrap.go           |    27 +
 .../github.com/bugsnag/bugsnag-go/payload.go  |    96 +
 vendor/github.com/bugsnag/osext/LICENSE       |    20 +
 vendor/github.com/bugsnag/osext/osext.go      |    32 +
 .../github.com/bugsnag/osext/osext_plan9.go   |    16 +
 .../github.com/bugsnag/osext/osext_procfs.go  |    25 +
 .../github.com/bugsnag/osext/osext_sysctl.go  |    64 +
 .../github.com/bugsnag/osext/osext_windows.go |    34 +
 vendor/github.com/bugsnag/panicwrap/LICENSE   |    21 +
 vendor/github.com/bugsnag/panicwrap/README.md |   101 +
 vendor/github.com/bugsnag/panicwrap/dup2.go   |    11 +
 vendor/github.com/bugsnag/panicwrap/dup3.go   |    11 +
 .../github.com/bugsnag/panicwrap/monitor.go   |    62 +
 .../bugsnag/panicwrap/monitor_windows.go      |     7 +
 .../github.com/bugsnag/panicwrap/panicwrap.go |   339 +
 .../denverdino/aliyungo/LICENSE.txt           |   191 +
 .../denverdino/aliyungo/common/client.go      |   550 +
 .../denverdino/aliyungo/common/endpoint.go    |   208 +
 .../denverdino/aliyungo/common/endpoints.xml  |  1370 +
 .../denverdino/aliyungo/common/regions.go     |    55 +
 .../denverdino/aliyungo/common/request.go     |   105 +
 .../denverdino/aliyungo/common/types.go       |   107 +
 .../denverdino/aliyungo/common/version.go     |     3 +
 .../aliyungo/oss/authenticate_callback.go     |    88 +
 .../denverdino/aliyungo/oss/client.go         |  1421 +
 .../denverdino/aliyungo/oss/export.go         |    23 +
 .../denverdino/aliyungo/oss/multi.go          |   489 +
 .../denverdino/aliyungo/oss/regions.go        |    80 +
 .../denverdino/aliyungo/oss/signature.go      |   125 +
 .../denverdino/aliyungo/util/attempt.go       |    76 +
 .../denverdino/aliyungo/util/encoding.go      |   331 +
 .../denverdino/aliyungo/util/iso6801.go       |    80 +
 .../denverdino/aliyungo/util/signature.go     |    39 +
 .../denverdino/aliyungo/util/util.go          |   185 +
 .../configuration/configuration.go            |   706 +
 .../distribution/configuration/parser.go      |   283 +
 .../docker/distribution/context/context.go    |    73 +
 .../docker/distribution/context/doc.go        |    88 +
 .../docker/distribution/context/http.go       |   333 +
 .../docker/distribution/context/logger.go     |   121 +
 .../docker/distribution/context/trace.go      |   105 +
 .../docker/distribution/context/util.go       |    25 +
 .../docker/distribution/context/version.go    |    22 +
 .../distribution/health/checks/checks.go      |    73 +
 .../docker/distribution/health/doc.go         |   136 +
 .../docker/distribution/health/health.go      |   306 +
 .../manifest/schema1/config_builder.go        |   287 +
 .../distribution/manifest/schema1/manifest.go |   184 +
 .../manifest/schema1/reference_builder.go     |    98 +
 .../distribution/manifest/schema1/sign.go     |    68 +
 .../distribution/manifest/schema1/verify.go   |    32 +
 .../distribution/notifications/bridge.go      |   225 +
 .../distribution/notifications/endpoint.go    |    97 +
 .../distribution/notifications/event.go       |   163 +
 .../docker/distribution/notifications/http.go |   149 +
 .../distribution/notifications/listener.go    |   263 +
 .../distribution/notifications/metrics.go     |   152 +
 .../distribution/notifications/sinks.go       |   387 +
 .../docker/distribution/registry/auth/auth.go |   200 +
 .../registry/auth/htpasswd/access.go          |   160 +
 .../registry/auth/htpasswd/htpasswd.go        |    82 +
 .../registry/auth/silly/access.go             |   102 +
 .../registry/auth/token/accesscontroller.go   |   293 +
 .../registry/auth/token/stringset.go          |    35 +
 .../distribution/registry/auth/token/token.go |   380 +
 .../distribution/registry/auth/token/util.go  |    58 +
 .../docker/distribution/registry/doc.go       |     2 +
 .../distribution/registry/handlers/app.go     |  1080 +
 .../registry/handlers/basicauth.go            |    12 +
 .../registry/handlers/basicauth_prego14.go    |    42 +
 .../distribution/registry/handlers/blob.go    |    99 +
 .../registry/handlers/blobupload.go           |   368 +
 .../distribution/registry/handlers/catalog.go |   126 +
 .../distribution/registry/handlers/context.go |    95 +
 .../distribution/registry/handlers/helpers.go |    66 +
 .../distribution/registry/handlers/hmac.go    |    74 +
 .../distribution/registry/handlers/hooks.go   |    53 +
 .../distribution/registry/handlers/mail.go    |    45 +
 .../registry/handlers/manifests.go            |   531 +
 .../distribution/registry/handlers/tags.go    |    62 +
 .../registry/listener/listener.go             |    74 +
 .../middleware/registry/middleware.go         |    54 +
 .../middleware/repository/middleware.go       |    40 +
 .../distribution/registry/proxy/proxyauth.go  |    83 +
 .../registry/proxy/proxyblobstore.go          |   221 +
 .../registry/proxy/proxymanifeststore.go      |    96 +
 .../registry/proxy/proxymetrics.go            |    74 +
 .../registry/proxy/proxyregistry.go           |   263 +
 .../registry/proxy/proxytagservice.go         |    66 +
 .../registry/proxy/scheduler/scheduler.go     |   260 +
 .../docker/distribution/registry/registry.go  |   497 +
 .../docker/distribution/registry/root.go      |    89 +
 .../registry/storage/blobcachemetrics.go      |    66 +
 .../registry/storage/blobserver.go            |    78 +
 .../registry/storage/blobstore.go             |   212 +
 .../registry/storage/blobwriter.go            |   406 +
 .../storage/blobwriter_nonresumable.go        |    18 +
 .../registry/storage/blobwriter_resumable.go  |   145 +
 .../storage/cache/cachecheck/suite.go         |   179 +
 .../registry/storage/cache/redis/redis.go     |   268 +
 .../distribution/registry/storage/catalog.go  |   159 +
 .../distribution/registry/storage/doc.go      |     3 +
 .../registry/storage/driver/azure/azure.go    |   532 +
 .../registry/storage/driver/base/base.go      |   240 +
 .../registry/storage/driver/base/regulator.go |   184 +
 .../storage/driver/factory/factory.go         |    64 +
 .../registry/storage/driver/fileinfo.go       |    79 +
 .../storage/driver/filesystem/driver.go       |   420 +
 .../registry/storage/driver/gcs/doc.go        |     3 +
 .../registry/storage/driver/gcs/gcs.go        |   931 +
 .../storage/driver/inmemory/driver.go         |   322 +
 .../registry/storage/driver/inmemory/mfs.go   |   327 +
 .../middleware/cloudfront/middleware.go       |   211 +
 .../driver/middleware/cloudfront/s3filter.go  |   223 +
 .../driver/middleware/redirect/middleware.go  |    50 +
 .../driver/middleware/storagemiddleware.go    |    39 +
 .../registry/storage/driver/oss/doc.go        |     3 +
 .../registry/storage/driver/oss/oss.go        |   695 +
 .../registry/storage/driver/s3-aws/s3.go      |  1371 +
 .../storage/driver/s3-aws/s3_v2_signer.go     |   216 +
 .../registry/storage/driver/storagedriver.go  |   171 +
 .../registry/storage/driver/swift/swift.go    |   934 +
 .../storage/driver/testdriver/testdriver.go   |    72 +
 .../storage/driver/testsuites/testsuites.go   |  1272 +
 .../registry/storage/driver/walk.go           |    61 +
 .../distribution/registry/storage/error.go    |     9 +
 .../registry/storage/filereader.go            |   176 +
 .../registry/storage/garbagecollect.go        |   152 +
 .../distribution/registry/storage/io.go       |    72 +
 .../registry/storage/linkedblobstore.go       |   465 +
 .../registry/storage/manifestlisthandler.go   |    96 +
 .../registry/storage/manifeststore.go         |   161 +
 .../registry/storage/ocimanifesthandler.go    |   133 +
 .../distribution/registry/storage/paths.go    |   476 +
 .../registry/storage/purgeuploads.go          |   139 +
 .../distribution/registry/storage/registry.go |   336 +
 .../storage/schema2manifesthandler.go         |   139 +
 .../registry/storage/signedmanifesthandler.go |   142 +
 .../distribution/registry/storage/tagstore.go |   179 +
 .../registry/storage/v1unsupportedhandler.go  |    23 +
 .../distribution/registry/storage/vacuum.go   |   102 +
 .../docker/distribution/testutil/handler.go   |   148 +
 .../docker/distribution/testutil/manifests.go |    87 +
 .../docker/distribution/testutil/tarfile.go   |   114 +
 .../docker/distribution/version/print.go      |    25 +
 .../docker/distribution/version/version.go    |    15 +
 .../docker/distribution/version/version.sh    |    26 +
 .../docker/libtrust/CONTRIBUTING.md           |    13 +
 vendor/github.com/docker/libtrust/LICENSE     |   191 +
 vendor/github.com/docker/libtrust/MAINTAINERS |     3 +
 vendor/github.com/docker/libtrust/README.md   |    22 +
 .../docker/libtrust/certificates.go           |   175 +
 vendor/github.com/docker/libtrust/doc.go      |     9 +
 vendor/github.com/docker/libtrust/ec_key.go   |   428 +
 vendor/github.com/docker/libtrust/filter.go   |    50 +
 vendor/github.com/docker/libtrust/hash.go     |    56 +
 vendor/github.com/docker/libtrust/jsonsign.go |   657 +
 vendor/github.com/docker/libtrust/key.go      |   253 +
 .../github.com/docker/libtrust/key_files.go   |   255 +
 .../github.com/docker/libtrust/key_manager.go |   175 +
 vendor/github.com/docker/libtrust/rsa_key.go  |   427 +
 vendor/github.com/docker/libtrust/util.go     |   363 +
 .../github.com/felixge/httpsnoop/.gitignore   |     0
 .../github.com/felixge/httpsnoop/.travis.yml  |     6 +
 .../github.com/felixge/httpsnoop/LICENSE.txt  |    19 +
 vendor/github.com/felixge/httpsnoop/Makefile  |    10 +
 vendor/github.com/felixge/httpsnoop/README.md |    95 +
 .../felixge/httpsnoop/capture_metrics.go      |    86 +
 vendor/github.com/felixge/httpsnoop/docs.go   |    10 +
 .../httpsnoop/wrap_generated_gteq_1.8.go      |   436 +
 .../httpsnoop/wrap_generated_lt_1.8.go        |   278 +
 .../garyburd/redigo/internal/commandinfo.go   |    45 +
 .../github.com/garyburd/redigo/redis/conn.go  |   455 +
 .../github.com/garyburd/redigo/redis/doc.go   |   169 +
 .../github.com/garyburd/redigo/redis/log.go   |   117 +
 .../github.com/garyburd/redigo/redis/pool.go  |   389 +
 .../garyburd/redigo/redis/pubsub.go           |   129 +
 .../github.com/garyburd/redigo/redis/redis.go |    44 +
 .../github.com/garyburd/redigo/redis/reply.go |   312 +
 .../github.com/garyburd/redigo/redis/scan.go  |   513 +
 .../garyburd/redigo/redis/script.go           |    86 +
 vendor/github.com/gofrs/uuid/.gitignore       |    15 +
 vendor/github.com/gofrs/uuid/LICENSE          |    20 +
 vendor/github.com/gofrs/uuid/README.md        |   117 +
 vendor/github.com/gofrs/uuid/codec.go         |   234 +
 vendor/github.com/gofrs/uuid/fuzz.go          |    48 +
 vendor/github.com/gofrs/uuid/generator.go     |   456 +
 vendor/github.com/gofrs/uuid/sql.go           |   116 +
 vendor/github.com/gofrs/uuid/uuid.go          |   285 +
 .../gax-go/v2/.release-please-manifest.json   |     3 +
 .../googleapis/gax-go/v2/CHANGES.md           |    99 +
 .../github.com/googleapis/gax-go/v2/LICENSE   |    27 +
 .../googleapis/gax-go/v2/apierror/apierror.go |   361 +
 .../v2/apierror/internal/proto/README.md      |    30 +
 .../internal/proto/custom_error.pb.go         |   256 +
 .../internal/proto/custom_error.proto         |    50 +
 .../v2/apierror/internal/proto/error.pb.go    |   280 +
 .../v2/apierror/internal/proto/error.proto    |    46 +
 .../googleapis/gax-go/v2/call_option.go       |   265 +
 .../googleapis/gax-go/v2/content_type.go      |   112 +
 vendor/github.com/googleapis/gax-go/v2/gax.go |    41 +
 .../github.com/googleapis/gax-go/v2/header.go |   119 +
 .../googleapis/gax-go/v2/internal/version.go  |    33 +
 .../github.com/googleapis/gax-go/v2/invoke.go |   114 +
 .../googleapis/gax-go/v2/proto_json_stream.go |   126 +
 .../gax-go/v2/release-please-config.json      |    10 +
 vendor/github.com/gorilla/handlers/LICENSE    |    22 +
 vendor/github.com/gorilla/handlers/README.md  |    56 +
 .../github.com/gorilla/handlers/canonical.go  |    74 +
 .../github.com/gorilla/handlers/compress.go   |   143 +
 vendor/github.com/gorilla/handlers/cors.go    |   355 +
 vendor/github.com/gorilla/handlers/doc.go     |     9 +
 .../github.com/gorilla/handlers/handlers.go   |   147 +
 vendor/github.com/gorilla/handlers/logging.go |   244 +
 .../gorilla/handlers/proxy_headers.go         |   120 +
 .../github.com/gorilla/handlers/recovery.go   |    96 +
 vendor/github.com/kr/pretty/.gitignore        |     5 +
 vendor/github.com/kr/pretty/License           |    19 +
 vendor/github.com/kr/pretty/Readme            |     9 +
 vendor/github.com/kr/pretty/diff.go           |   295 +
 vendor/github.com/kr/pretty/formatter.go      |   355 +
 vendor/github.com/kr/pretty/pretty.go         |   108 +
 vendor/github.com/kr/pretty/zero.go           |    41 +
 vendor/github.com/kr/text/License             |    19 +
 vendor/github.com/kr/text/Readme              |     3 +
 vendor/github.com/kr/text/doc.go              |     3 +
 vendor/github.com/kr/text/indent.go           |    74 +
 vendor/github.com/kr/text/wrap.go             |    86 +
 vendor/github.com/ncw/swift/.gitignore        |     4 +
 vendor/github.com/ncw/swift/.travis.yml       |    33 +
 vendor/github.com/ncw/swift/COPYING           |    20 +
 vendor/github.com/ncw/swift/README.md         |   156 +
 vendor/github.com/ncw/swift/auth.go           |   335 +
 vendor/github.com/ncw/swift/auth_v3.go        |   300 +
 .../github.com/ncw/swift/compatibility_1_0.go |    28 +
 .../github.com/ncw/swift/compatibility_1_1.go |    24 +
 .../github.com/ncw/swift/compatibility_1_6.go |    23 +
 .../ncw/swift/compatibility_not_1_6.go        |    13 +
 vendor/github.com/ncw/swift/dlo.go            |   136 +
 vendor/github.com/ncw/swift/doc.go            |    19 +
 vendor/github.com/ncw/swift/largeobjects.go   |   448 +
 vendor/github.com/ncw/swift/meta.go           |   174 +
 vendor/github.com/ncw/swift/notes.txt         |    55 +
 vendor/github.com/ncw/swift/slo.go            |   171 +
 vendor/github.com/ncw/swift/swift.go          |  2243 +
 .../github.com/ncw/swift/swifttest/server.go  |  1107 +
 vendor/github.com/ncw/swift/timeout_reader.go |    59 +
 .../github.com/ncw/swift/travis_realserver.sh |    22 +
 .../github.com/ncw/swift/watchdog_reader.go   |    55 +
 .../github.com/rogpeppe/go-internal/LICENSE   |    27 +
 .../rogpeppe/go-internal/fmtsort/mapelem.go   |    20 +
 .../rogpeppe/go-internal/fmtsort/sort.go      |   209 +
 .../yvasiyarov/go-metrics/.gitignore          |     9 +
 .../github.com/yvasiyarov/go-metrics/LICENSE  |    29 +
 .../yvasiyarov/go-metrics/README.md           |   104 +
 .../yvasiyarov/go-metrics/counter.go          |   112 +
 .../github.com/yvasiyarov/go-metrics/debug.go |    76 +
 .../github.com/yvasiyarov/go-metrics/ewma.go  |   118 +
 .../github.com/yvasiyarov/go-metrics/gauge.go |    84 +
 .../yvasiyarov/go-metrics/gauge_float64.go    |    91 +
 .../yvasiyarov/go-metrics/graphite.go         |   104 +
 .../yvasiyarov/go-metrics/healthcheck.go      |    61 +
 .../yvasiyarov/go-metrics/histogram.go        |   192 +
 .../github.com/yvasiyarov/go-metrics/json.go  |    83 +
 .../github.com/yvasiyarov/go-metrics/log.go   |    70 +
 .../yvasiyarov/go-metrics/memory.md           |   285 +
 .../github.com/yvasiyarov/go-metrics/meter.go |   233 +
 .../yvasiyarov/go-metrics/metrics.go          |    13 +
 .../yvasiyarov/go-metrics/opentsdb.go         |   119 +
 .../yvasiyarov/go-metrics/registry.go         |   168 +
 .../yvasiyarov/go-metrics/runtime.go          |   200 +
 .../yvasiyarov/go-metrics/runtime_cgo.go      |     9 +
 .../yvasiyarov/go-metrics/runtime_no_cgo.go   |     7 +
 .../yvasiyarov/go-metrics/sample.go           |   568 +
 .../yvasiyarov/go-metrics/syslog.go           |    78 +
 .../github.com/yvasiyarov/go-metrics/timer.go |   299 +
 .../yvasiyarov/go-metrics/writer.go           |   100 +
 .../github.com/yvasiyarov/gorelic/.gitignore  |     4 +
 .../github.com/yvasiyarov/gorelic/.travis.yml |     1 +
 vendor/github.com/yvasiyarov/gorelic/LICENSE  |    24 +
 .../github.com/yvasiyarov/gorelic/README.md   |   119 +
 vendor/github.com/yvasiyarov/gorelic/agent.go |   137 +
 vendor/github.com/yvasiyarov/gorelic/doc.go   |     2 +
 .../yvasiyarov/gorelic/gc_metrics.go          |    65 +
 .../yvasiyarov/gorelic/gometrica.go           |   105 +
 .../yvasiyarov/gorelic/http_metrics.go        |   194 +
 .../yvasiyarov/gorelic/memory_metrics.go      |   110 +
 vendor/github.com/yvasiyarov/gorelic/nut.json |    15 +
 .../yvasiyarov/gorelic/runtime_metrics.go     |   196 +
 .../newrelic_platform_go/.travis.yml          |     1 +
 .../yvasiyarov/newrelic_platform_go/LICENSE   |    24 +
 .../yvasiyarov/newrelic_platform_go/README.md |    11 +
 .../yvasiyarov/newrelic_platform_go/agent.go  |    27 +
 .../newrelic_platform_go/component.go         |    71 +
 .../yvasiyarov/newrelic_platform_go/doc.go    |     2 +
 .../newrelic_platform_go/metrica.go           |    42 +
 .../yvasiyarov/newrelic_platform_go/nut.json  |    15 +
 .../yvasiyarov/newrelic_platform_go/plugin.go |   194 +
 .../api/googleapi/googleapi.go                |   480 +
 .../google.golang.org/api/googleapi/types.go  |   202 +
 .../api/internal/gensupport/buffer.go         |    79 +
 .../api/internal/gensupport/doc.go            |    10 +
 .../api/internal/gensupport/error.go          |    24 +
 .../api/internal/gensupport/json.go           |   236 +
 .../api/internal/gensupport/jsonfloat.go      |    47 +
 .../api/internal/gensupport/media.go          |   311 +
 .../api/internal/gensupport/params.go         |    57 +
 .../api/internal/gensupport/resumable.go      |   269 +
 .../api/internal/gensupport/retry.go          |   121 +
 .../internal/gensupport/retryable_linux.go    |    16 +
 .../api/internal/gensupport/send.go           |   185 +
 .../api/internal/gensupport/version.go        |    53 +
 .../internal/third_party/uritemplates/LICENSE |    27 +
 .../third_party/uritemplates/METADATA         |    14 +
 .../third_party/uritemplates/uritemplates.go  |   248 +
 .../third_party/uritemplates/utils.go         |    17 +
 .../api/storage/v1/storage-api.json           |  4283 ++
 .../api/storage/v1/storage-gen.go             | 13283 +++++
 vendor/google.golang.org/cloud/.travis.yml    |    11 +
 vendor/google.golang.org/cloud/AUTHORS        |    12 +
 .../google.golang.org/cloud/CONTRIBUTING.md   |   114 +
 vendor/google.golang.org/cloud/CONTRIBUTORS   |    24 +
 vendor/google.golang.org/cloud/LICENSE        |   202 +
 vendor/google.golang.org/cloud/README.md      |   135 +
 vendor/google.golang.org/cloud/cloud.go       |    49 +
 .../google.golang.org/cloud/internal/cloud.go |   128 +
 .../cloud/internal/opts/option.go             |    24 +
 vendor/google.golang.org/cloud/key.json.enc   |   Bin 0 -> 1248 bytes
 vendor/google.golang.org/cloud/option.go      |   100 +
 vendor/google.golang.org/cloud/storage/acl.go |   176 +
 .../cloud/storage/storage.go                  |   350 +
 .../google.golang.org/cloud/storage/types.go  |   417 +
 .../genproto/googleapis/rpc/code/code.pb.go   |   336 +
 .../rpc/errdetails/error_details.pb.go        |  1314 +
 vendor/gopkg.in/check.v1/.gitignore           |     4 +
 vendor/gopkg.in/check.v1/.travis.yml          |     3 +
 vendor/gopkg.in/check.v1/LICENSE              |    25 +
 vendor/gopkg.in/check.v1/README.md            |    20 +
 vendor/gopkg.in/check.v1/TODO                 |     2 +
 vendor/gopkg.in/check.v1/benchmark.go         |   187 +
 vendor/gopkg.in/check.v1/check.go             |   876 +
 vendor/gopkg.in/check.v1/checkers.go          |   528 +
 vendor/gopkg.in/check.v1/helpers.go           |   233 +
 vendor/gopkg.in/check.v1/printer.go           |   168 +
 vendor/gopkg.in/check.v1/reporter.go          |    88 +
 vendor/gopkg.in/check.v1/run.go               |   175 +
 vendor/modules.txt                            |    84 +
 vendor/rsc.io/letsencrypt/LICENSE             |    27 +
 vendor/rsc.io/letsencrypt/README.md           |     9 +
 vendor/rsc.io/letsencrypt/doc.go              |    11 +
 637 files changed, 204444 insertions(+), 2 deletions(-)
 create mode 100644 vendor/github.com/Azure/azure-sdk-for-go/storage/README.md
 create mode 100644 vendor/github.com/Azure/azure-sdk-for-go/storage/appendblob.go
 create mode 100644 vendor/github.com/Azure/azure-sdk-for-go/storage/authorization.go
 create mode 100644 vendor/github.com/Azure/azure-sdk-for-go/storage/blob.go
 create mode 100644 vendor/github.com/Azure/azure-sdk-for-go/storage/blobsasuri.go
 create mode 100644 vendor/github.com/Azure/azure-sdk-for-go/storage/blobserviceclient.go
 create mode 100644 vendor/github.com/Azure/azure-sdk-for-go/storage/blockblob.go
 create mode 100644 vendor/github.com/Azure/azure-sdk-for-go/storage/client.go
 create mode 100644 vendor/github.com/Azure/azure-sdk-for-go/storage/commonsasuri.go
 create mode 100644 vendor/github.com/Azure/azure-sdk-for-go/storage/container.go
 create mode 100644 vendor/github.com/Azure/azure-sdk-for-go/storage/copyblob.go
 create mode 100644 vendor/github.com/Azure/azure-sdk-for-go/storage/directory.go
 create mode 100644 vendor/github.com/Azure/azure-sdk-for-go/storage/entity.go
 create mode 100644 vendor/github.com/Azure/azure-sdk-for-go/storage/file.go
 create mode 100644 vendor/github.com/Azure/azure-sdk-for-go/storage/fileserviceclient.go
 create mode 100644 vendor/github.com/Azure/azure-sdk-for-go/storage/leaseblob.go
 create mode 100644 vendor/github.com/Azure/azure-sdk-for-go/storage/message.go
 create mode 100644 vendor/github.com/Azure/azure-sdk-for-go/storage/odata.go
 create mode 100644 vendor/github.com/Azure/azure-sdk-for-go/storage/pageblob.go
 create mode 100644 vendor/github.com/Azure/azure-sdk-for-go/storage/queue.go
 create mode 100644 vendor/github.com/Azure/azure-sdk-for-go/storage/queuesasuri.go
 create mode 100644 vendor/github.com/Azure/azure-sdk-for-go/storage/queueserviceclient.go
 create mode 100644 vendor/github.com/Azure/azure-sdk-for-go/storage/share.go
 create mode 100644 vendor/github.com/Azure/azure-sdk-for-go/storage/storagepolicy.go
 create mode 100644 vendor/github.com/Azure/azure-sdk-for-go/storage/storageservice.go
 create mode 100644 vendor/github.com/Azure/azure-sdk-for-go/storage/table.go
 create mode 100644 vendor/github.com/Azure/azure-sdk-for-go/storage/table_batch.go
 create mode 100644 vendor/github.com/Azure/azure-sdk-for-go/storage/tableserviceclient.go
 create mode 100644 vendor/github.com/Azure/azure-sdk-for-go/storage/util.go
 create mode 100644 vendor/github.com/Shopify/logrus-bugsnag/.travis.yml
 create mode 100644 vendor/github.com/Shopify/logrus-bugsnag/LICENSE
 create mode 100644 vendor/github.com/Shopify/logrus-bugsnag/README.md
 create mode 100644 vendor/github.com/Shopify/logrus-bugsnag/bugsnag.go
 create mode 100644 vendor/github.com/Shopify/logrus-bugsnag/dev.yml
 create mode 100644 vendor/github.com/aws/aws-sdk-go/LICENSE.txt
 create mode 100644 vendor/github.com/aws/aws-sdk-go/NOTICE.txt
 create mode 100644 vendor/github.com/aws/aws-sdk-go/aws/arn/arn.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/aws/awserr/error.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/aws/awserr/types.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/aws/awsutil/copy.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/aws/awsutil/equal.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/aws/awsutil/path_value.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/aws/awsutil/prettify.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/aws/awsutil/string_value.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/aws/client/client.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/aws/client/default_retryer.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/aws/client/logger.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/aws/client/metadata/client_info.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/aws/client/no_op_retryer.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/aws/config.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/aws/context_1_5.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/aws/context_1_9.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/aws/context_background_1_5.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/aws/context_background_1_7.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/aws/context_sleep.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/aws/convert_types.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/aws/corehandlers/handlers.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/aws/corehandlers/param_validator.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/aws/corehandlers/user_agent.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/aws/credentials/chain_provider.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/aws/credentials/context_background_go1.5.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/aws/credentials/context_background_go1.7.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/aws/credentials/context_go1.5.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/aws/credentials/context_go1.9.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/aws/credentials/credentials.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/aws/credentials/ec2rolecreds/ec2_role_provider.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/aws/credentials/endpointcreds/provider.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/aws/credentials/env_provider.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/aws/credentials/example.ini
 create mode 100644 vendor/github.com/aws/aws-sdk-go/aws/credentials/processcreds/provider.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/aws/credentials/shared_credentials_provider.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/aws/credentials/ssocreds/doc.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/aws/credentials/ssocreds/os.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/aws/credentials/ssocreds/os_windows.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/aws/credentials/ssocreds/provider.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/aws/credentials/static_provider.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/assume_role_provider.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/web_identity_provider.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/aws/csm/doc.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/aws/csm/enable.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/aws/csm/metric.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/aws/csm/metric_chan.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/aws/csm/metric_exception.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/aws/csm/reporter.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/aws/defaults/defaults.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/aws/defaults/shared_config.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/aws/doc.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/api.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/service.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/token_provider.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/aws/endpoints/decode.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/aws/endpoints/dep_service_ids.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/aws/endpoints/doc.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/aws/endpoints/endpoints.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/aws/endpoints/legacy_regions.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/aws/endpoints/v3model.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/aws/endpoints/v3model_codegen.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/aws/errors.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/aws/jsonvalue.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/aws/logger.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/aws/request/connection_reset_error.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/aws/request/handlers.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/aws/request/http_request.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/aws/request/offset_reader.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/aws/request/request.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/aws/request/request_1_7.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/aws/request/request_1_8.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/aws/request/request_context.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/aws/request/request_context_1_6.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/aws/request/request_pagination.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/aws/request/retryer.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/aws/request/timeout_read_closer.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/aws/request/validation.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/aws/request/waiter.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/aws/session/credentials.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/aws/session/custom_transport.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/aws/session/custom_transport_go1.12.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/aws/session/custom_transport_go1.5.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/aws/session/custom_transport_go1.6.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/aws/session/doc.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/aws/session/env_config.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/aws/session/session.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/aws/signer/v4/header_rules.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/aws/signer/v4/options.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/aws/signer/v4/request_context_go1.5.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/aws/signer/v4/request_context_go1.7.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/aws/signer/v4/stream.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/aws/signer/v4/uri_path.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/aws/signer/v4/v4.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/aws/types.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/aws/url.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/aws/url_1_7.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/aws/version.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/internal/context/background_go1.5.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/internal/ini/ast.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/internal/ini/comma_token.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/internal/ini/comment_token.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/internal/ini/doc.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/internal/ini/empty_token.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/internal/ini/expression.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/internal/ini/fuzz.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/internal/ini/ini.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/internal/ini/ini_lexer.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/internal/ini/ini_parser.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/internal/ini/literal_tokens.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/internal/ini/newline_token.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/internal/ini/number_helper.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/internal/ini/op_tokens.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/internal/ini/parse_error.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/internal/ini/parse_stack.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/internal/ini/sep_tokens.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/internal/ini/skipper.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/internal/ini/statement.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/internal/ini/value_util.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/internal/ini/visitor.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/internal/ini/walker.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/internal/ini/ws_token.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/internal/s3shared/arn/accesspoint_arn.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/internal/s3shared/arn/arn.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/internal/s3shared/arn/outpost_arn.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/internal/s3shared/arn/s3_object_lambda_arn.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/internal/s3shared/endpoint_errors.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/internal/s3shared/resource_request.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/internal/s3shared/s3err/error.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/internal/sdkio/byte.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/internal/sdkio/io_go1.6.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/internal/sdkio/io_go1.7.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/internal/sdkmath/floor.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/internal/sdkmath/floor_go1.9.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/internal/sdkrand/locked_source.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/internal/sdkrand/read.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/internal/sdkrand/read_1_5.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/internal/sdkuri/path.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/internal/shareddefaults/ecs_container.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/internal/shareddefaults/shared_config.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/internal/shareddefaults/shared_config_resolve_home.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/internal/shareddefaults/shared_config_resolve_home_go1.12.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/internal/strings/strings.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/internal/sync/singleflight/LICENSE
 create mode 100644 vendor/github.com/aws/aws-sdk-go/internal/sync/singleflight/singleflight.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/private/checksum/content_md5.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/debug.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/decode.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/encode.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/error.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/error.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/reader.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/shared.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/signer.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/stream_writer.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/transport.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/transport_go1.17.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/writer.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/header.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/header_value.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/message.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/private/protocol/host.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/private/protocol/host_prefix.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/private/protocol/idempotency.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/private/protocol/json/jsonutil/build.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/private/protocol/json/jsonutil/unmarshal.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/private/protocol/jsonrpc/jsonrpc.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/private/protocol/jsonrpc/unmarshal_error.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/private/protocol/jsonvalue.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/private/protocol/payload.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/private/protocol/protocol.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/private/protocol/query/build.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/private/protocol/query/queryutil/queryutil.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/private/protocol/query/unmarshal.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/private/protocol/query/unmarshal_error.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/private/protocol/rest/build.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/private/protocol/rest/payload.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/private/protocol/rest/unmarshal.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/private/protocol/restjson/restjson.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/private/protocol/restjson/unmarshal_error.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/private/protocol/restxml/restxml.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/private/protocol/timestamp.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/private/protocol/unmarshal.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/private/protocol/unmarshal_error.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/build.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/sort.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/unmarshal.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/xml_to_struct.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/service/cloudfront/sign/policy.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/service/cloudfront/sign/policy_json_1_6.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/service/cloudfront/sign/policy_json_1_7.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/service/cloudfront/sign/privkey.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/service/cloudfront/sign/randomreader.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/service/cloudfront/sign/sign_cookie.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/service/cloudfront/sign/sign_url.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/service/s3/api.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/service/s3/body_hash.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/service/s3/bucket_location.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/service/s3/customizations.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/service/s3/doc.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/service/s3/doc_custom.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/service/s3/endpoint.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/service/s3/endpoint_builder.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/service/s3/errors.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/service/s3/host_style_bucket.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/service/s3/platform_handlers.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/service/s3/platform_handlers_go1.6.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/service/s3/service.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/service/s3/sse.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/service/s3/statusok_error.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/service/s3/unmarshal_error.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/service/s3/waiters.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/service/sso/api.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/service/sso/doc.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/service/sso/errors.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/service/sso/service.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/service/sso/ssoiface/interface.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/service/sts/api.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/service/sts/customizations.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/service/sts/doc.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/service/sts/errors.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/service/sts/service.go
 create mode 100644 vendor/github.com/aws/aws-sdk-go/service/sts/stsiface/interface.go
 create mode 100644 vendor/github.com/bshuster-repo/logrus-logstash-hook/.gitignore
 create mode 100644 vendor/github.com/bshuster-repo/logrus-logstash-hook/.travis.yml
 create mode 100644 vendor/github.com/bshuster-repo/logrus-logstash-hook/CHANGELOG.md
 create mode 100644 vendor/github.com/bshuster-repo/logrus-logstash-hook/LICENSE
 create mode 100644 vendor/github.com/bshuster-repo/logrus-logstash-hook/README.md
 create mode 100644 vendor/github.com/bshuster-repo/logrus-logstash-hook/hook.go
 create mode 100644 vendor/github.com/bugsnag/bugsnag-go/.travis.yml
 create mode 100644 vendor/github.com/bugsnag/bugsnag-go/CHANGELOG.md
 create mode 100644 vendor/github.com/bugsnag/bugsnag-go/CONTRIBUTING.md
 create mode 100644 vendor/github.com/bugsnag/bugsnag-go/LICENSE.txt
 create mode 100644 vendor/github.com/bugsnag/bugsnag-go/Makefile
 create mode 100644 vendor/github.com/bugsnag/bugsnag-go/README.md
 create mode 100644 vendor/github.com/bugsnag/bugsnag-go/appengine.go
 create mode 100644 vendor/github.com/bugsnag/bugsnag-go/bugsnag.go
 create mode 100644 vendor/github.com/bugsnag/bugsnag-go/configuration.go
 create mode 100644 vendor/github.com/bugsnag/bugsnag-go/doc.go
 create mode 100644 vendor/github.com/bugsnag/bugsnag-go/errors/README.md
 create mode 100644 vendor/github.com/bugsnag/bugsnag-go/errors/error.go
 create mode 100644 vendor/github.com/bugsnag/bugsnag-go/errors/parse_panic.go
 create mode 100644 vendor/github.com/bugsnag/bugsnag-go/errors/stackframe.go
 create mode 100644 vendor/github.com/bugsnag/bugsnag-go/event.go
 create mode 100644 vendor/github.com/bugsnag/bugsnag-go/json_tags.go
 create mode 100644 vendor/github.com/bugsnag/bugsnag-go/metadata.go
 create mode 100644 vendor/github.com/bugsnag/bugsnag-go/middleware.go
 create mode 100644 vendor/github.com/bugsnag/bugsnag-go/notifier.go
 create mode 100644 vendor/github.com/bugsnag/bugsnag-go/panicwrap.go
 create mode 100644 vendor/github.com/bugsnag/bugsnag-go/payload.go
 create mode 100644 vendor/github.com/bugsnag/osext/LICENSE
 create mode 100644 vendor/github.com/bugsnag/osext/osext.go
 create mode 100644 vendor/github.com/bugsnag/osext/osext_plan9.go
 create mode 100644 vendor/github.com/bugsnag/osext/osext_procfs.go
 create mode 100644 vendor/github.com/bugsnag/osext/osext_sysctl.go
 create mode 100644 vendor/github.com/bugsnag/osext/osext_windows.go
 create mode 100644 vendor/github.com/bugsnag/panicwrap/LICENSE
 create mode 100644 vendor/github.com/bugsnag/panicwrap/README.md
 create mode 100644 vendor/github.com/bugsnag/panicwrap/dup2.go
 create mode 100644 vendor/github.com/bugsnag/panicwrap/dup3.go
 create mode 100644 vendor/github.com/bugsnag/panicwrap/monitor.go
 create mode 100644 vendor/github.com/bugsnag/panicwrap/monitor_windows.go
 create mode 100644 vendor/github.com/bugsnag/panicwrap/panicwrap.go
 create mode 100644 vendor/github.com/denverdino/aliyungo/LICENSE.txt
 create mode 100644 vendor/github.com/denverdino/aliyungo/common/client.go
 create mode 100644 vendor/github.com/denverdino/aliyungo/common/endpoint.go
 create mode 100644 vendor/github.com/denverdino/aliyungo/common/endpoints.xml
 create mode 100644 vendor/github.com/denverdino/aliyungo/common/regions.go
 create mode 100644 vendor/github.com/denverdino/aliyungo/common/request.go
 create mode 100644 vendor/github.com/denverdino/aliyungo/common/types.go
 create mode 100644 vendor/github.com/denverdino/aliyungo/common/version.go
 create mode 100644 vendor/github.com/denverdino/aliyungo/oss/authenticate_callback.go
 create mode 100644 vendor/github.com/denverdino/aliyungo/oss/client.go
 create mode 100644 vendor/github.com/denverdino/aliyungo/oss/export.go
 create mode 100644 vendor/github.com/denverdino/aliyungo/oss/multi.go
 create mode 100644 vendor/github.com/denverdino/aliyungo/oss/regions.go
 create mode 100644 vendor/github.com/denverdino/aliyungo/oss/signature.go
 create mode 100644 vendor/github.com/denverdino/aliyungo/util/attempt.go
 create mode 100644 vendor/github.com/denverdino/aliyungo/util/encoding.go
 create mode 100644 vendor/github.com/denverdino/aliyungo/util/iso6801.go
 create mode 100644 vendor/github.com/denverdino/aliyungo/util/signature.go
 create mode 100644 vendor/github.com/denverdino/aliyungo/util/util.go
 create mode 100644 vendor/github.com/docker/distribution/configuration/configuration.go
 create mode 100644 vendor/github.com/docker/distribution/configuration/parser.go
 create mode 100644 vendor/github.com/docker/distribution/context/context.go
 create mode 100644 vendor/github.com/docker/distribution/context/doc.go
 create mode 100644 vendor/github.com/docker/distribution/context/http.go
 create mode 100644 vendor/github.com/docker/distribution/context/logger.go
 create mode 100644 vendor/github.com/docker/distribution/context/trace.go
 create mode 100644 vendor/github.com/docker/distribution/context/util.go
 create mode 100644 vendor/github.com/docker/distribution/context/version.go
 create mode 100644 vendor/github.com/docker/distribution/health/checks/checks.go
 create mode 100644 vendor/github.com/docker/distribution/health/doc.go
 create mode 100644 vendor/github.com/docker/distribution/health/health.go
 create mode 100644 vendor/github.com/docker/distribution/manifest/schema1/config_builder.go
 create mode 100644 vendor/github.com/docker/distribution/manifest/schema1/manifest.go
 create mode 100644 vendor/github.com/docker/distribution/manifest/schema1/reference_builder.go
 create mode 100644 vendor/github.com/docker/distribution/manifest/schema1/sign.go
 create mode 100644 vendor/github.com/docker/distribution/manifest/schema1/verify.go
 create mode 100644 vendor/github.com/docker/distribution/notifications/bridge.go
 create mode 100644 vendor/github.com/docker/distribution/notifications/endpoint.go
 create mode 100644 vendor/github.com/docker/distribution/notifications/event.go
 create mode 100644 vendor/github.com/docker/distribution/notifications/http.go
 create mode 100644 vendor/github.com/docker/distribution/notifications/listener.go
 create mode 100644 vendor/github.com/docker/distribution/notifications/metrics.go
 create mode 100644 vendor/github.com/docker/distribution/notifications/sinks.go
 create mode 100644 vendor/github.com/docker/distribution/registry/auth/auth.go
 create mode 100644 vendor/github.com/docker/distribution/registry/auth/htpasswd/access.go
 create mode 100644 vendor/github.com/docker/distribution/registry/auth/htpasswd/htpasswd.go
 create mode 100644 vendor/github.com/docker/distribution/registry/auth/silly/access.go
 create mode 100644 vendor/github.com/docker/distribution/registry/auth/token/accesscontroller.go
 create mode 100644 vendor/github.com/docker/distribution/registry/auth/token/stringset.go
 create mode 100644 vendor/github.com/docker/distribution/registry/auth/token/token.go
 create mode 100644 vendor/github.com/docker/distribution/registry/auth/token/util.go
 create mode 100644 vendor/github.com/docker/distribution/registry/doc.go
 create mode 100644 vendor/github.com/docker/distribution/registry/handlers/app.go
 create mode 100644 vendor/github.com/docker/distribution/registry/handlers/basicauth.go
 create mode 100644 vendor/github.com/docker/distribution/registry/handlers/basicauth_prego14.go
 create mode 100644 vendor/github.com/docker/distribution/registry/handlers/blob.go
 create mode 100644 vendor/github.com/docker/distribution/registry/handlers/blobupload.go
 create mode 100644 vendor/github.com/docker/distribution/registry/handlers/catalog.go
 create mode 100644 vendor/github.com/docker/distribution/registry/handlers/context.go
 create mode 100644 vendor/github.com/docker/distribution/registry/handlers/helpers.go
 create mode 100644 vendor/github.com/docker/distribution/registry/handlers/hmac.go
 create mode 100644 vendor/github.com/docker/distribution/registry/handlers/hooks.go
 create mode 100644 vendor/github.com/docker/distribution/registry/handlers/mail.go
 create mode 100644 vendor/github.com/docker/distribution/registry/handlers/manifests.go
 create mode 100644 vendor/github.com/docker/distribution/registry/handlers/tags.go
 create mode 100644 vendor/github.com/docker/distribution/registry/listener/listener.go
 create mode 100644 vendor/github.com/docker/distribution/registry/middleware/registry/middleware.go
 create mode 100644 vendor/github.com/docker/distribution/registry/middleware/repository/middleware.go
 create mode 100644 vendor/github.com/docker/distribution/registry/proxy/proxyauth.go
 create mode 100644 vendor/github.com/docker/distribution/registry/proxy/proxyblobstore.go
 create mode 100644 vendor/github.com/docker/distribution/registry/proxy/proxymanifeststore.go
 create mode 100644 vendor/github.com/docker/distribution/registry/proxy/proxymetrics.go
 create mode 100644 vendor/github.com/docker/distribution/registry/proxy/proxyregistry.go
 create mode 100644 vendor/github.com/docker/distribution/registry/proxy/proxytagservice.go
 create mode 100644 vendor/github.com/docker/distribution/registry/proxy/scheduler/scheduler.go
 create mode 100644 vendor/github.com/docker/distribution/registry/registry.go
 create mode 100644 vendor/github.com/docker/distribution/registry/root.go
 create mode 100644 vendor/github.com/docker/distribution/registry/storage/blobcachemetrics.go
 create mode 100644 vendor/github.com/docker/distribution/registry/storage/blobserver.go
 create mode 100644 vendor/github.com/docker/distribution/registry/storage/blobstore.go
 create mode 100644 vendor/github.com/docker/distribution/registry/storage/blobwriter.go
 create mode 100644 vendor/github.com/docker/distribution/registry/storage/blobwriter_nonresumable.go
 create mode 100644 vendor/github.com/docker/distribution/registry/storage/blobwriter_resumable.go
 create mode 100644 vendor/github.com/docker/distribution/registry/storage/cache/cachecheck/suite.go
 create mode 100644 vendor/github.com/docker/distribution/registry/storage/cache/redis/redis.go
 create mode 100644 vendor/github.com/docker/distribution/registry/storage/catalog.go
 create mode 100644 vendor/github.com/docker/distribution/registry/storage/doc.go
 create mode 100644 vendor/github.com/docker/distribution/registry/storage/driver/azure/azure.go
 create mode 100644 vendor/github.com/docker/distribution/registry/storage/driver/base/base.go
 create mode 100644 vendor/github.com/docker/distribution/registry/storage/driver/base/regulator.go
 create mode 100644 vendor/github.com/docker/distribution/registry/storage/driver/factory/factory.go
 create mode 100644 vendor/github.com/docker/distribution/registry/storage/driver/fileinfo.go
 create mode 100644 vendor/github.com/docker/distribution/registry/storage/driver/filesystem/driver.go
 create mode 100644 vendor/github.com/docker/distribution/registry/storage/driver/gcs/doc.go
 create mode 100644 vendor/github.com/docker/distribution/registry/storage/driver/gcs/gcs.go
 create mode 100644 vendor/github.com/docker/distribution/registry/storage/driver/inmemory/driver.go
 create mode 100644 vendor/github.com/docker/distribution/registry/storage/driver/inmemory/mfs.go
 create mode 100644 vendor/github.com/docker/distribution/registry/storage/driver/middleware/cloudfront/middleware.go
 create mode 100644 vendor/github.com/docker/distribution/registry/storage/driver/middleware/cloudfront/s3filter.go
 create mode 100644 vendor/github.com/docker/distribution/registry/storage/driver/middleware/redirect/middleware.go
 create mode 100644 vendor/github.com/docker/distribution/registry/storage/driver/middleware/storagemiddleware.go
 create mode 100644 vendor/github.com/docker/distribution/registry/storage/driver/oss/doc.go
 create mode 100644 vendor/github.com/docker/distribution/registry/storage/driver/oss/oss.go
 create mode 100644 vendor/github.com/docker/distribution/registry/storage/driver/s3-aws/s3.go
 create mode 100644 vendor/github.com/docker/distribution/registry/storage/driver/s3-aws/s3_v2_signer.go
 create mode 100644 vendor/github.com/docker/distribution/registry/storage/driver/storagedriver.go
 create mode 100644 vendor/github.com/docker/distribution/registry/storage/driver/swift/swift.go
 create mode 100644 vendor/github.com/docker/distribution/registry/storage/driver/testdriver/testdriver.go
 create mode 100644 vendor/github.com/docker/distribution/registry/storage/driver/testsuites/testsuites.go
 create mode 100644 vendor/github.com/docker/distribution/registry/storage/driver/walk.go
 create mode 100644 vendor/github.com/docker/distribution/registry/storage/error.go
 create mode 100644 vendor/github.com/docker/distribution/registry/storage/filereader.go
 create mode 100644 vendor/github.com/docker/distribution/registry/storage/garbagecollect.go
 create mode 100644 vendor/github.com/docker/distribution/registry/storage/io.go
 create mode 100644 vendor/github.com/docker/distribution/registry/storage/linkedblobstore.go
 create mode 100644 vendor/github.com/docker/distribution/registry/storage/manifestlisthandler.go
 create mode 100644 vendor/github.com/docker/distribution/registry/storage/manifeststore.go
 create mode 100644 vendor/github.com/docker/distribution/registry/storage/ocimanifesthandler.go
 create mode 100644 vendor/github.com/docker/distribution/registry/storage/paths.go
 create mode 100644 vendor/github.com/docker/distribution/registry/storage/purgeuploads.go
 create mode 100644 vendor/github.com/docker/distribution/registry/storage/registry.go
 create mode 100644 vendor/github.com/docker/distribution/registry/storage/schema2manifesthandler.go
 create mode 100644 vendor/github.com/docker/distribution/registry/storage/signedmanifesthandler.go
 create mode 100644 vendor/github.com/docker/distribution/registry/storage/tagstore.go
 create mode 100644 vendor/github.com/docker/distribution/registry/storage/v1unsupportedhandler.go
 create mode 100644 vendor/github.com/docker/distribution/registry/storage/vacuum.go
 create mode 100644 vendor/github.com/docker/distribution/testutil/handler.go
 create mode 100644 vendor/github.com/docker/distribution/testutil/manifests.go
 create mode 100644 vendor/github.com/docker/distribution/testutil/tarfile.go
 create mode 100644 vendor/github.com/docker/distribution/version/print.go
 create mode 100644 vendor/github.com/docker/distribution/version/version.go
 create mode 100644 vendor/github.com/docker/distribution/version/version.sh
 create mode 100644 vendor/github.com/docker/libtrust/CONTRIBUTING.md
 create mode 100644 vendor/github.com/docker/libtrust/LICENSE
 create mode 100644 vendor/github.com/docker/libtrust/MAINTAINERS
 create mode 100644 vendor/github.com/docker/libtrust/README.md
 create mode 100644 vendor/github.com/docker/libtrust/certificates.go
 create mode 100644 vendor/github.com/docker/libtrust/doc.go
 create mode 100644 vendor/github.com/docker/libtrust/ec_key.go
 create mode 100644 vendor/github.com/docker/libtrust/filter.go
 create mode 100644 vendor/github.com/docker/libtrust/hash.go
 create mode 100644 vendor/github.com/docker/libtrust/jsonsign.go
 create mode 100644 vendor/github.com/docker/libtrust/key.go
 create mode 100644 vendor/github.com/docker/libtrust/key_files.go
 create mode 100644 vendor/github.com/docker/libtrust/key_manager.go
 create mode 100644 vendor/github.com/docker/libtrust/rsa_key.go
 create mode 100644 vendor/github.com/docker/libtrust/util.go
 create mode 100644 vendor/github.com/felixge/httpsnoop/.gitignore
 create mode 100644 vendor/github.com/felixge/httpsnoop/.travis.yml
 create mode 100644 vendor/github.com/felixge/httpsnoop/LICENSE.txt
 create mode 100644 vendor/github.com/felixge/httpsnoop/Makefile
 create mode 100644 vendor/github.com/felixge/httpsnoop/README.md
 create mode 100644 vendor/github.com/felixge/httpsnoop/capture_metrics.go
 create mode 100644 vendor/github.com/felixge/httpsnoop/docs.go
 create mode 100644 vendor/github.com/felixge/httpsnoop/wrap_generated_gteq_1.8.go
 create mode 100644 vendor/github.com/felixge/httpsnoop/wrap_generated_lt_1.8.go
 create mode 100644 vendor/github.com/garyburd/redigo/internal/commandinfo.go
 create mode 100644 vendor/github.com/garyburd/redigo/redis/conn.go
 create mode 100644 vendor/github.com/garyburd/redigo/redis/doc.go
 create mode 100644 vendor/github.com/garyburd/redigo/redis/log.go
 create mode 100644 vendor/github.com/garyburd/redigo/redis/pool.go
 create mode 100644 vendor/github.com/garyburd/redigo/redis/pubsub.go
 create mode 100644 vendor/github.com/garyburd/redigo/redis/redis.go
 create mode 100644 vendor/github.com/garyburd/redigo/redis/reply.go
 create mode 100644 vendor/github.com/garyburd/redigo/redis/scan.go
 create mode 100644 vendor/github.com/garyburd/redigo/redis/script.go
 create mode 100644 vendor/github.com/gofrs/uuid/.gitignore
 create mode 100644 vendor/github.com/gofrs/uuid/LICENSE
 create mode 100644 vendor/github.com/gofrs/uuid/README.md
 create mode 100644 vendor/github.com/gofrs/uuid/codec.go
 create mode 100644 vendor/github.com/gofrs/uuid/fuzz.go
 create mode 100644 vendor/github.com/gofrs/uuid/generator.go
 create mode 100644 vendor/github.com/gofrs/uuid/sql.go
 create mode 100644 vendor/github.com/gofrs/uuid/uuid.go
 create mode 100644 vendor/github.com/googleapis/gax-go/v2/.release-please-manifest.json
 create mode 100644 vendor/github.com/googleapis/gax-go/v2/CHANGES.md
 create mode 100644 vendor/github.com/googleapis/gax-go/v2/LICENSE
 create mode 100644 vendor/github.com/googleapis/gax-go/v2/apierror/apierror.go
 create mode 100644 vendor/github.com/googleapis/gax-go/v2/apierror/internal/proto/README.md
 create mode 100644 vendor/github.com/googleapis/gax-go/v2/apierror/internal/proto/custom_error.pb.go
 create mode 100644 vendor/github.com/googleapis/gax-go/v2/apierror/internal/proto/custom_error.proto
 create mode 100644 vendor/github.com/googleapis/gax-go/v2/apierror/internal/proto/error.pb.go
 create mode 100644 vendor/github.com/googleapis/gax-go/v2/apierror/internal/proto/error.proto
 create mode 100644 vendor/github.com/googleapis/gax-go/v2/call_option.go
 create mode 100644 vendor/github.com/googleapis/gax-go/v2/content_type.go
 create mode 100644 vendor/github.com/googleapis/gax-go/v2/gax.go
 create mode 100644 vendor/github.com/googleapis/gax-go/v2/header.go
 create mode 100644 vendor/github.com/googleapis/gax-go/v2/internal/version.go
 create mode 100644 vendor/github.com/googleapis/gax-go/v2/invoke.go
 create mode 100644 vendor/github.com/googleapis/gax-go/v2/proto_json_stream.go
 create mode 100644 vendor/github.com/googleapis/gax-go/v2/release-please-config.json
 create mode 100644 vendor/github.com/gorilla/handlers/LICENSE
 create mode 100644 vendor/github.com/gorilla/handlers/README.md
 create mode 100644 vendor/github.com/gorilla/handlers/canonical.go
 create mode 100644 vendor/github.com/gorilla/handlers/compress.go
 create mode 100644 vendor/github.com/gorilla/handlers/cors.go
 create mode 100644 vendor/github.com/gorilla/handlers/doc.go
 create mode 100644 vendor/github.com/gorilla/handlers/handlers.go
 create mode 100644 vendor/github.com/gorilla/handlers/logging.go
 create mode 100644 vendor/github.com/gorilla/handlers/proxy_headers.go
 create mode 100644 vendor/github.com/gorilla/handlers/recovery.go
 create mode 100644 vendor/github.com/kr/pretty/.gitignore
 create mode 100644 vendor/github.com/kr/pretty/License
 create mode 100644 vendor/github.com/kr/pretty/Readme
 create mode 100644 vendor/github.com/kr/pretty/diff.go
 create mode 100644 vendor/github.com/kr/pretty/formatter.go
 create mode 100644 vendor/github.com/kr/pretty/pretty.go
 create mode 100644 vendor/github.com/kr/pretty/zero.go
 create mode 100644 vendor/github.com/kr/text/License
 create mode 100644 vendor/github.com/kr/text/Readme
 create mode 100644 vendor/github.com/kr/text/doc.go
 create mode 100644 vendor/github.com/kr/text/indent.go
 create mode 100644 vendor/github.com/kr/text/wrap.go
 create mode 100644 vendor/github.com/ncw/swift/.gitignore
 create mode 100644 vendor/github.com/ncw/swift/.travis.yml
 create mode 100644 vendor/github.com/ncw/swift/COPYING
 create mode 100644 vendor/github.com/ncw/swift/README.md
 create mode 100644 vendor/github.com/ncw/swift/auth.go
 create mode 100644 vendor/github.com/ncw/swift/auth_v3.go
 create mode 100644 vendor/github.com/ncw/swift/compatibility_1_0.go
 create mode 100644 vendor/github.com/ncw/swift/compatibility_1_1.go
 create mode 100644 vendor/github.com/ncw/swift/compatibility_1_6.go
 create mode 100644 vendor/github.com/ncw/swift/compatibility_not_1_6.go
 create mode 100644 vendor/github.com/ncw/swift/dlo.go
 create mode 100644 vendor/github.com/ncw/swift/doc.go
 create mode 100644 vendor/github.com/ncw/swift/largeobjects.go
 create mode 100644 vendor/github.com/ncw/swift/meta.go
 create mode 100644 vendor/github.com/ncw/swift/notes.txt
 create mode 100644 vendor/github.com/ncw/swift/slo.go
 create mode 100644 vendor/github.com/ncw/swift/swift.go
 create mode 100644 vendor/github.com/ncw/swift/swifttest/server.go
 create mode 100644 vendor/github.com/ncw/swift/timeout_reader.go
 create mode 100644 vendor/github.com/ncw/swift/travis_realserver.sh
 create mode 100644 vendor/github.com/ncw/swift/watchdog_reader.go
 create mode 100644 vendor/github.com/rogpeppe/go-internal/LICENSE
 create mode 100644 vendor/github.com/rogpeppe/go-internal/fmtsort/mapelem.go
 create mode 100644 vendor/github.com/rogpeppe/go-internal/fmtsort/sort.go
 create mode 100644 vendor/github.com/yvasiyarov/go-metrics/.gitignore
 create mode 100644 vendor/github.com/yvasiyarov/go-metrics/LICENSE
 create mode 100644 vendor/github.com/yvasiyarov/go-metrics/README.md
 create mode 100644 vendor/github.com/yvasiyarov/go-metrics/counter.go
 create mode 100644 vendor/github.com/yvasiyarov/go-metrics/debug.go
 create mode 100644 vendor/github.com/yvasiyarov/go-metrics/ewma.go
 create mode 100644 vendor/github.com/yvasiyarov/go-metrics/gauge.go
 create mode 100644 vendor/github.com/yvasiyarov/go-metrics/gauge_float64.go
 create mode 100644 vendor/github.com/yvasiyarov/go-metrics/graphite.go
 create mode 100644 vendor/github.com/yvasiyarov/go-metrics/healthcheck.go
 create mode 100644 vendor/github.com/yvasiyarov/go-metrics/histogram.go
 create mode 100644 vendor/github.com/yvasiyarov/go-metrics/json.go
 create mode 100644 vendor/github.com/yvasiyarov/go-metrics/log.go
 create mode 100644 vendor/github.com/yvasiyarov/go-metrics/memory.md
 create mode 100644 vendor/github.com/yvasiyarov/go-metrics/meter.go
 create mode 100644 vendor/github.com/yvasiyarov/go-metrics/metrics.go
 create mode 100644 vendor/github.com/yvasiyarov/go-metrics/opentsdb.go
 create mode 100644 vendor/github.com/yvasiyarov/go-metrics/registry.go
 create mode 100644 vendor/github.com/yvasiyarov/go-metrics/runtime.go
 create mode 100644 vendor/github.com/yvasiyarov/go-metrics/runtime_cgo.go
 create mode 100644 vendor/github.com/yvasiyarov/go-metrics/runtime_no_cgo.go
 create mode 100644 vendor/github.com/yvasiyarov/go-metrics/sample.go
 create mode 100644 vendor/github.com/yvasiyarov/go-metrics/syslog.go
 create mode 100644 vendor/github.com/yvasiyarov/go-metrics/timer.go
 create mode 100644 vendor/github.com/yvasiyarov/go-metrics/writer.go
 create mode 100644 vendor/github.com/yvasiyarov/gorelic/.gitignore
 create mode 100644 vendor/github.com/yvasiyarov/gorelic/.travis.yml
 create mode 100644 vendor/github.com/yvasiyarov/gorelic/LICENSE
 create mode 100644 vendor/github.com/yvasiyarov/gorelic/README.md
 create mode 100644 vendor/github.com/yvasiyarov/gorelic/agent.go
 create mode 100644 vendor/github.com/yvasiyarov/gorelic/doc.go
 create mode 100644 vendor/github.com/yvasiyarov/gorelic/gc_metrics.go
 create mode 100644 vendor/github.com/yvasiyarov/gorelic/gometrica.go
 create mode 100644 vendor/github.com/yvasiyarov/gorelic/http_metrics.go
 create mode 100644 vendor/github.com/yvasiyarov/gorelic/memory_metrics.go
 create mode 100644 vendor/github.com/yvasiyarov/gorelic/nut.json
 create mode 100644 vendor/github.com/yvasiyarov/gorelic/runtime_metrics.go
 create mode 100644 vendor/github.com/yvasiyarov/newrelic_platform_go/.travis.yml
 create mode 100644 vendor/github.com/yvasiyarov/newrelic_platform_go/LICENSE
 create mode 100644 vendor/github.com/yvasiyarov/newrelic_platform_go/README.md
 create mode 100644 vendor/github.com/yvasiyarov/newrelic_platform_go/agent.go
 create mode 100644 vendor/github.com/yvasiyarov/newrelic_platform_go/component.go
 create mode 100644 vendor/github.com/yvasiyarov/newrelic_platform_go/doc.go
 create mode 100644 vendor/github.com/yvasiyarov/newrelic_platform_go/metrica.go
 create mode 100644 vendor/github.com/yvasiyarov/newrelic_platform_go/nut.json
 create mode 100644 vendor/github.com/yvasiyarov/newrelic_platform_go/plugin.go
 create mode 100644 vendor/google.golang.org/api/googleapi/googleapi.go
 create mode 100644 vendor/google.golang.org/api/googleapi/types.go
 create mode 100644 vendor/google.golang.org/api/internal/gensupport/buffer.go
 create mode 100644 vendor/google.golang.org/api/internal/gensupport/doc.go
 create mode 100644 vendor/google.golang.org/api/internal/gensupport/error.go
 create mode 100644 vendor/google.golang.org/api/internal/gensupport/json.go
 create mode 100644 vendor/google.golang.org/api/internal/gensupport/jsonfloat.go
 create mode 100644 vendor/google.golang.org/api/internal/gensupport/media.go
 create mode 100644 vendor/google.golang.org/api/internal/gensupport/params.go
 create mode 100644 vendor/google.golang.org/api/internal/gensupport/resumable.go
 create mode 100644 vendor/google.golang.org/api/internal/gensupport/retry.go
 create mode 100644 vendor/google.golang.org/api/internal/gensupport/retryable_linux.go
 create mode 100644 vendor/google.golang.org/api/internal/gensupport/send.go
 create mode 100644 vendor/google.golang.org/api/internal/gensupport/version.go
 create mode 100644 vendor/google.golang.org/api/internal/third_party/uritemplates/LICENSE
 create mode 100644 vendor/google.golang.org/api/internal/third_party/uritemplates/METADATA
 create mode 100644 vendor/google.golang.org/api/internal/third_party/uritemplates/uritemplates.go
 create mode 100644 vendor/google.golang.org/api/internal/third_party/uritemplates/utils.go
 create mode 100644 vendor/google.golang.org/api/storage/v1/storage-api.json
 create mode 100644 vendor/google.golang.org/api/storage/v1/storage-gen.go
 create mode 100644 vendor/google.golang.org/cloud/.travis.yml
 create mode 100644 vendor/google.golang.org/cloud/AUTHORS
 create mode 100644 vendor/google.golang.org/cloud/CONTRIBUTING.md
 create mode 100644 vendor/google.golang.org/cloud/CONTRIBUTORS
 create mode 100644 vendor/google.golang.org/cloud/LICENSE
 create mode 100644 vendor/google.golang.org/cloud/README.md
 create mode 100644 vendor/google.golang.org/cloud/cloud.go
 create mode 100644 vendor/google.golang.org/cloud/internal/cloud.go
 create mode 100644 vendor/google.golang.org/cloud/internal/opts/option.go
 create mode 100644 vendor/google.golang.org/cloud/key.json.enc
 create mode 100644 vendor/google.golang.org/cloud/option.go
 create mode 100644 vendor/google.golang.org/cloud/storage/acl.go
 create mode 100644 vendor/google.golang.org/cloud/storage/storage.go
 create mode 100644 vendor/google.golang.org/cloud/storage/types.go
 create mode 100644 vendor/google.golang.org/genproto/googleapis/rpc/code/code.pb.go
 create mode 100644 vendor/google.golang.org/genproto/googleapis/rpc/errdetails/error_details.pb.go
 create mode 100644 vendor/gopkg.in/check.v1/.gitignore
 create mode 100644 vendor/gopkg.in/check.v1/.travis.yml
 create mode 100644 vendor/gopkg.in/check.v1/LICENSE
 create mode 100644 vendor/gopkg.in/check.v1/README.md
 create mode 100644 vendor/gopkg.in/check.v1/TODO
 create mode 100644 vendor/gopkg.in/check.v1/benchmark.go
 create mode 100644 vendor/gopkg.in/check.v1/check.go
 create mode 100644 vendor/gopkg.in/check.v1/checkers.go
 create mode 100644 vendor/gopkg.in/check.v1/helpers.go
 create mode 100644 vendor/gopkg.in/check.v1/printer.go
 create mode 100644 vendor/gopkg.in/check.v1/reporter.go
 create mode 100644 vendor/gopkg.in/check.v1/run.go
 create mode 100644 vendor/rsc.io/letsencrypt/LICENSE
 create mode 100644 vendor/rsc.io/letsencrypt/README.md
 create mode 100644 vendor/rsc.io/letsencrypt/doc.go

diff --git a/go.mod b/go.mod
index dc51caa4c..54e1fd9f1 100644
--- a/go.mod
+++ b/go.mod
@@ -5,10 +5,20 @@ go 1.21
 toolchain go1.21.4
 
 require (
+	github.com/Azure/azure-sdk-for-go v68.0.0+incompatible
 	github.com/Masterminds/sprig/v3 v3.2.3
+	github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d
 	github.com/ahmetb/gen-crd-api-reference-docs v0.3.0
+	github.com/aws/aws-sdk-go v1.44.288
+	github.com/bshuster-repo/logrus-logstash-hook v1.0.0
+	github.com/bugsnag/bugsnag-go v1.0.5-0.20150529004307-13fd6b8acda0
 	github.com/containerd/containerd v1.7.6
+	github.com/denverdino/aliyungo v0.0.0-20190125010748-a747050bb1ba
+	github.com/distribution/reference v0.5.0
 	github.com/docker/cli v24.0.7+incompatible
+	github.com/docker/distribution v2.8.2+incompatible
+	github.com/docker/go-metrics v0.0.1
+	github.com/docker/libtrust v0.0.0-20160708172513-aabc10ec26b7
 	github.com/gardener/component-cli v0.44.0
 	github.com/gardener/component-spec/bindings-go v0.0.95
 	github.com/gardener/image-vector v0.10.0
@@ -22,6 +32,8 @@ require (
 	github.com/mandelsoft/filepath v0.0.0-20230412200429-36b1eb66bd27
 	github.com/mandelsoft/spiff v1.7.0-beta-5
 	github.com/mandelsoft/vfs v0.0.0-20230713123140-269aa4fb1338
+	github.com/mitchellh/mapstructure v1.5.0
+	github.com/ncw/swift v1.0.47
 	github.com/onsi/ginkgo v1.16.5
 	github.com/onsi/ginkgo/v2 v2.9.5
 	github.com/onsi/gomega v1.27.7
@@ -34,11 +46,16 @@ require (
 	github.com/spf13/cobra v1.8.0
 	github.com/spf13/pflag v1.0.5
 	github.com/xeipuuv/gojsonschema v1.2.0
+	github.com/yvasiyarov/gorelic v0.0.0-20141212073537-a9bba5b9ab50
 	golang.org/x/crypto v0.14.0
 	golang.org/x/lint v0.0.0-20210508222113-6edffad5e616
 	golang.org/x/oauth2 v0.13.0
 	golang.org/x/sync v0.5.0
 	golang.org/x/sys v0.13.0
+	google.golang.org/api v0.128.0
+	google.golang.org/cloud v0.0.0-20151119220103-975617b05ea8
+	gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c
+	gopkg.in/yaml.v2 v2.4.0
 	gopkg.in/yaml.v3 v3.0.1
 	helm.sh/helm/v3 v3.12.2
 	k8s.io/api v0.28.3
@@ -152,7 +169,6 @@ require (
 	github.com/docker/docker-credential-helpers v0.8.0 // indirect
 	github.com/docker/go v1.5.1-1.0.20160303222718-d30aec9fd63c // indirect
 	github.com/docker/go-connections v0.4.0 // indirect
-	github.com/docker/go-metrics v0.0.1 // indirect
 	github.com/docker/go-units v0.5.0 // indirect
 	github.com/drone/envsubst v1.0.3 // indirect
 	github.com/dustin/go-humanize v1.0.1 // indirect
@@ -250,7 +266,6 @@ require (
 	github.com/mitchellh/copystructure v1.2.0 // indirect
 	github.com/mitchellh/go-homedir v1.1.0 // indirect
 	github.com/mitchellh/go-wordwrap v1.0.1 // indirect
-	github.com/mitchellh/mapstructure v1.5.0 // indirect
 	github.com/mitchellh/reflectwalk v1.0.2 // indirect
 	github.com/moby/locker v1.0.1 // indirect
 	github.com/moby/spdystream v0.2.0 // indirect
@@ -319,6 +334,8 @@ require (
 	github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
 	github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
 	github.com/xlab/treeprint v1.1.0 // indirect
+	github.com/yvasiyarov/go-metrics v0.0.0-20140926110328-57bccd1ccd43 // indirect
+	github.com/yvasiyarov/newrelic_platform_go v0.0.0-20140908184405-b21fdbd4370f // indirect
 	github.com/zeebo/errs v1.3.0 // indirect
 	go.mongodb.org/mongo-driver v1.12.1 // indirect
 	go.opencensus.io v0.24.0 // indirect
diff --git a/go.sum b/go.sum
index d4e48b36a..0674dc3ec 100644
--- a/go.sum
+++ b/go.sum
@@ -105,6 +105,7 @@ github.com/Azure/go-autorest/autorest/mocks v0.4.0/go.mod h1:LTp+uSrOhSkaKrUy935
 github.com/Azure/go-autorest/autorest/mocks v0.4.1/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k=
 github.com/Azure/go-autorest/autorest/mocks v0.4.2 h1:PGN4EDXnuQbojHbU0UWoNvmu9AGVwYHG9/fkDYhtAfw=
 github.com/Azure/go-autorest/autorest/mocks v0.4.2/go.mod h1:Vy7OitM9Kei0i1Oj+LvyAWMXJHeKH1MVlzFugfVrmyU=
+github.com/Azure/go-autorest/autorest/to v0.4.0 h1:oXVqrxakqqV1UZdSazDOPOLvOIz+XA683u8EctwboHk=
 github.com/Azure/go-autorest/logger v0.2.0/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8=
 github.com/Azure/go-autorest/logger v0.2.1 h1:IG7i4p/mDa2Ce4TRyAO8IHnVhAVF3RFU+ZtXWSmf4Tg=
 github.com/Azure/go-autorest/logger v0.2.1/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8=
@@ -344,6 +345,7 @@ github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
 github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
 github.com/bitly/go-hostpool v0.1.0/go.mod h1:4gOCgp6+NZnVqlKyZ/iBZFTAJKembaVENUpMkpg42fw=
+github.com/bitly/go-simplejson v0.5.0 h1:6IH+V8/tVMab511d5bn4M7EwGXZf9Hj6i2xSwkNEM+Y=
 github.com/bitly/go-simplejson v0.5.0/go.mod h1:cXHtHw4XUPsvGaxgjIAn8PhEWG9NfngEKAMDJEczWVA=
 github.com/bits-and-blooms/bitset v1.2.0/go.mod h1:gIdJ4wp64HaoK2YrL1Q5/N7Y16edYb8uY+O0FJTyyDA=
 github.com/bketelsen/crypt v0.0.3-0.20200106085610-5cbc8cc4026c/go.mod h1:MKsuJmJgSg28kpZDP6UIiPt0e0Oz0kqKNGyRaWEPv84=
@@ -590,6 +592,7 @@ github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0 h1:8UrgZ3GkP4i/CLijOJx79Yu+etly
 github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0/go.mod h1:v57UDF4pDQJcEfFUCRop3lJL149eHGSe9Jvczhzjo/0=
 github.com/denisenkom/go-mssqldb v0.0.0-20191128021309-1d7a30a10f73/go.mod h1:xbL0rPBG9cCiLr28tMa8zpbdarY27NDyej4t/EjAShU=
 github.com/denisenkom/go-mssqldb v0.9.0/go.mod h1:xbL0rPBG9cCiLr28tMa8zpbdarY27NDyej4t/EjAShU=
+github.com/denverdino/aliyungo v0.0.0-20190125010748-a747050bb1ba h1:p6poVbjHDkKa+wtC8frBMwQtT3BmqGYBjzMwJ63tuR4=
 github.com/denverdino/aliyungo v0.0.0-20190125010748-a747050bb1ba/go.mod h1:dV8lFg6daOBZbT6/BDGIz6Y3WFGn8juu6G+CQ6LHtl0=
 github.com/depcheck-test/depcheck-test v0.0.0-20220607135614-199033aaa936 h1:foGzavPWwtoyBvjWyKJYDYsyzy+23iBV7NKTwdk+LRY=
 github.com/depcheck-test/depcheck-test v0.0.0-20220607135614-199033aaa936/go.mod h1:ttKPnOepYt4LLzD+loXQ1rT6EmpyIYHro7TAJuIIlHo=
@@ -715,6 +718,7 @@ github.com/gardener/component-spec/bindings-go v0.0.95 h1:0h9ZRfWo0d84PkC/reVRXA
 github.com/gardener/component-spec/bindings-go v0.0.95/go.mod h1:qr7kADDXbXB0huul+ih/B43YkwyiMFYQepp/tqJ331c=
 github.com/gardener/image-vector v0.10.0 h1:Ysg3hxfiGUG/doajiZ0nQuUaJYwfO5BZCOcijL3tRuo=
 github.com/gardener/image-vector v0.10.0/go.mod h1:32SHGcbmmueeK9VkawsFcEbsoENXQPIuuYiFBUP+vMQ=
+github.com/garyburd/redigo v0.0.0-20150301180006-535138d7bcd7 h1:LofdAjjjqCSXMwLGgOgnE+rdPuvX9DxCqaHwKy7i/ko=
 github.com/garyburd/redigo v0.0.0-20150301180006-535138d7bcd7/go.mod h1:NR3MbYisc3/PwhQ00EMzDiPmrwpPxAn5GI05/YaO1SY=
 github.com/gertd/go-pluralize v0.2.1 h1:M3uASbVjMnTsPb0PNqg+E/24Vwigyo/tvyMTtAlLgiA=
 github.com/gertd/go-pluralize v0.2.1/go.mod h1:rbYaKDbsXxmRfr8uygAEKhOWsjyrrqrkHVpZvoOp8zk=
@@ -869,6 +873,8 @@ github.com/godbus/dbus/v5 v5.0.6/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5x
 github.com/godbus/dbus/v5 v5.1.0 h1:4KLkAxT3aOY8Li4FRJe/KvhoNFFxo0m6fNuFUO8QJUk=
 github.com/godbus/dbus/v5 v5.1.0/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
 github.com/godror/godror v0.24.2/go.mod h1:wZv/9vPiUib6tkoDl+AZ/QLf5YZgMravZ7jxH2eQWAE=
+github.com/gofrs/uuid v4.4.0+incompatible h1:3qXRTX8/NbyulANqlc0lchS1gqAVxRgsuW1YrTJupqA=
+github.com/gofrs/uuid v4.4.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM=
 github.com/gogo/googleapis v1.2.0/go.mod h1:Njal3psf3qN6dwBtQfUmBZh2ybovJ0tlu3o/AC7HYjU=
 github.com/gogo/googleapis v1.4.0/go.mod h1:5YRNX2z1oM5gXdAkurHa942MDgEJyk02w4OecKY87+c=
 github.com/gogo/protobuf v1.0.0/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
@@ -1157,6 +1163,7 @@ github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHm
 github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=
 github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk=
 github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
+github.com/juju/loggo v0.0.0-20190526231331-6e530bcce5d8 h1:UUHMLvzt/31azWTN/ifGWef4WUqvXk0iRqdhdy/2uzI=
 github.com/juju/loggo v0.0.0-20190526231331-6e530bcce5d8/go.mod h1:vgyd7OREkbtVEN/8IXZe5Ooef3LQePvuBm9UWj6ZL8U=
 github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
 github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM=
@@ -1368,6 +1375,7 @@ github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8m
 github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
 github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
 github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw=
+github.com/ncw/swift v1.0.47 h1:4DQRPj35Y41WogBxyhOXlrI37nzGlyEcsforeudyYPQ=
 github.com/ncw/swift v1.0.47/go.mod h1:23YIA4yWVnGwv2dQlN4bB7egfYX6YLn0Yo/S6zZO/ZM=
 github.com/nelsam/hel/v2 v2.3.2/go.mod h1:1ZTGfU2PFTOd5mx22i5O0Lc2GY933lQ2wb/ggy+rL3w=
 github.com/nelsam/hel/v2 v2.3.3/go.mod h1:1ZTGfU2PFTOd5mx22i5O0Lc2GY933lQ2wb/ggy+rL3w=
@@ -2051,6 +2059,7 @@ golang.org/x/net v0.0.0-20211216030914-fe4d6282115f/go.mod h1:9nx3DQGgdP8bBQD5qx
 golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
 golang.org/x/net v0.0.0-20220607020251-c690dde0001d/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
+golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco=
 golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
 golang.org/x/net v0.3.0/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE=
 golang.org/x/net v0.5.0/go.mod h1:DivGGAXEgPSlEBzxGzZI+ZLohi+xUj054jfeKui00ws=
@@ -2210,6 +2219,7 @@ golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20221013171732-95e765b1cc43/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.4.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
@@ -2225,6 +2235,7 @@ golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d/go.mod h1:bj7SfCRtBDWHUb9sn
 golang.org/x/term v0.0.0-20210615171337-6886f2dfbf5b/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.0.0-20220526004731-065cf7ba2467/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
+golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
 golang.org/x/term v0.3.0/go.mod h1:q750SLmJuPmVoN1blW3UFBPREJfb1KmY3vwxfr+nFDA=
 golang.org/x/term v0.4.0/go.mod h1:9P2UbLfCdcvo3p/nzKvsmas4TnlujnuoV9hGgYzW1lQ=
@@ -2646,6 +2657,8 @@ k8s.io/utils v0.0.0-20230726121419-3b25d923346b/go.mod h1:OLgZIPagt7ERELqWJFomSt
 oras.land/oras-go v1.2.4 h1:djpBY2/2Cs1PV87GSJlxv4voajVOMZxqqtq9AB8YNvY=
 oras.land/oras-go v1.2.4/go.mod h1:DYcGfb3YF1nKjcezfX2SNlDAeQFKSXmf+qrFmrh4324=
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
+rsc.io/letsencrypt v0.0.3 h1:H7xDfhkaFFSYEJlKeq38RwX2jYcnTeHuDQyT+mMNMwM=
+rsc.io/letsencrypt v0.0.3/go.mod h1:buyQKZ6IXrRnB7TdkHP0RyEybLx18HHyOSoTyoOLqNY=
 rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
 rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
 sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.14/go.mod h1:LEScyzhFmoF5pso/YSeBstl57mOzx9xlU9n85RGrDQg=
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/storage/README.md b/vendor/github.com/Azure/azure-sdk-for-go/storage/README.md
new file mode 100644
index 000000000..7e83a5c08
--- /dev/null
+++ b/vendor/github.com/Azure/azure-sdk-for-go/storage/README.md
@@ -0,0 +1,23 @@
+# Azure Storage SDK for Go (Preview)
+
+:exclamation: IMPORTANT: This package is in maintenance only and will be deprecated in the
+future. Please use one of the following packages instead.
+
+| Service | Import Path/Repo |
+|---------|------------------|
+| Storage - Blobs | [github.com/Azure/azure-sdk-for-go/sdk/storage/azblob](https://github.com/Azure/azure-sdk-for-go/tree/main/sdk/storage/azblob) |
+| Storage - Files | [github.com/Azure/azure-storage-file-go](https://github.com/Azure/azure-storage-file-go) |
+| Storage - Queues | [github.com/Azure/azure-storage-queue-go](https://github.com/Azure/azure-storage-queue-go) |
+| Storage - Tables | [github.com/Azure/azure-sdk-for-go/sdk/data/aztables](https://github.com/Azure/azure-sdk-for-go/tree/main/sdk/data/aztables)
+
+The `github.com/Azure/azure-sdk-for-go/storage` package is used to manage
+[Azure Storage](https://docs.microsoft.com/azure/storage/) data plane
+resources: containers, blobs, tables, and queues.
+
+To manage storage *accounts* use Azure Resource Manager (ARM) via the packages
+at [github.com/Azure/azure-sdk-for-go/services/storage](https://github.com/Azure/azure-sdk-for-go/tree/main/services/storage).
+
+This package also supports the [Azure Storage
+Emulator](https://azure.microsoft.com/documentation/articles/storage-use-emulator/)
+(Windows only).
+
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/storage/appendblob.go b/vendor/github.com/Azure/azure-sdk-for-go/storage/appendblob.go
new file mode 100644
index 000000000..306dd1b71
--- /dev/null
+++ b/vendor/github.com/Azure/azure-sdk-for-go/storage/appendblob.go
@@ -0,0 +1,79 @@
+package storage
+
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License. See License.txt in the project root for license information.
+
+import (
+	"bytes"
+	"crypto/md5"
+	"encoding/base64"
+	"fmt"
+	"net/http"
+	"net/url"
+	"time"
+)
+
+// PutAppendBlob initializes an empty append blob with specified name. An
+// append blob must be created using this method before appending blocks.
+//
+// See CreateBlockBlobFromReader for more info on creating blobs.
+//
+// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/Put-Blob
+func (b *Blob) PutAppendBlob(options *PutBlobOptions) error {
+	params := url.Values{}
+	headers := b.Container.bsc.client.getStandardHeaders()
+	headers["x-ms-blob-type"] = string(BlobTypeAppend)
+	headers = mergeHeaders(headers, headersFromStruct(b.Properties))
+	headers = b.Container.bsc.client.addMetadataToHeaders(headers, b.Metadata)
+
+	if options != nil {
+		params = addTimeout(params, options.Timeout)
+		headers = mergeHeaders(headers, headersFromStruct(*options))
+	}
+	uri := b.Container.bsc.client.getEndpoint(blobServiceName, b.buildPath(), params)
+
+	resp, err := b.Container.bsc.client.exec(http.MethodPut, uri, headers, nil, b.Container.bsc.auth)
+	if err != nil {
+		return err
+	}
+	return b.respondCreation(resp, BlobTypeAppend)
+}
+
+// AppendBlockOptions includes the options for an append block operation
+type AppendBlockOptions struct {
+	Timeout           uint
+	LeaseID           string     `header:"x-ms-lease-id"`
+	MaxSize           *uint      `header:"x-ms-blob-condition-maxsize"`
+	AppendPosition    *uint      `header:"x-ms-blob-condition-appendpos"`
+	IfModifiedSince   *time.Time `header:"If-Modified-Since"`
+	IfUnmodifiedSince *time.Time `header:"If-Unmodified-Since"`
+	IfMatch           string     `header:"If-Match"`
+	IfNoneMatch       string     `header:"If-None-Match"`
+	RequestID         string     `header:"x-ms-client-request-id"`
+	ContentMD5        bool
+}
+
+// AppendBlock appends a block to an append blob.
+//
+// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/Append-Block
+func (b *Blob) AppendBlock(chunk []byte, options *AppendBlockOptions) error {
+	params := url.Values{"comp": {"appendblock"}}
+	headers := b.Container.bsc.client.getStandardHeaders()
+	headers["Content-Length"] = fmt.Sprintf("%v", len(chunk))
+
+	if options != nil {
+		params = addTimeout(params, options.Timeout)
+		headers = mergeHeaders(headers, headersFromStruct(*options))
+		if options.ContentMD5 {
+			md5sum := md5.Sum(chunk)
+			headers[headerContentMD5] = base64.StdEncoding.EncodeToString(md5sum[:])
+		}
+	}
+	uri := b.Container.bsc.client.getEndpoint(blobServiceName, b.buildPath(), params)
+
+	resp, err := b.Container.bsc.client.exec(http.MethodPut, uri, headers, bytes.NewReader(chunk), b.Container.bsc.auth)
+	if err != nil {
+		return err
+	}
+	return b.respondCreation(resp, BlobTypeAppend)
+}
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/storage/authorization.go b/vendor/github.com/Azure/azure-sdk-for-go/storage/authorization.go
new file mode 100644
index 000000000..01741524a
--- /dev/null
+++ b/vendor/github.com/Azure/azure-sdk-for-go/storage/authorization.go
@@ -0,0 +1,235 @@
+// Package storage provides clients for Microsoft Azure Storage Services.
+package storage
+
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License. See License.txt in the project root for license information.
+
+import (
+	"bytes"
+	"fmt"
+	"net/url"
+	"sort"
+	"strings"
+)
+
+// See: https://docs.microsoft.com/rest/api/storageservices/fileservices/authentication-for-the-azure-storage-services
+
+type authentication string
+
+const (
+	sharedKey             authentication = "sharedKey"
+	sharedKeyForTable     authentication = "sharedKeyTable"
+	sharedKeyLite         authentication = "sharedKeyLite"
+	sharedKeyLiteForTable authentication = "sharedKeyLiteTable"
+
+	// headers
+	headerAcceptCharset           = "Accept-Charset"
+	headerAuthorization           = "Authorization"
+	headerContentLength           = "Content-Length"
+	headerDate                    = "Date"
+	headerXmsDate                 = "x-ms-date"
+	headerXmsVersion              = "x-ms-version"
+	headerContentEncoding         = "Content-Encoding"
+	headerContentLanguage         = "Content-Language"
+	headerContentType             = "Content-Type"
+	headerContentMD5              = "Content-MD5"
+	headerIfModifiedSince         = "If-Modified-Since"
+	headerIfMatch                 = "If-Match"
+	headerIfNoneMatch             = "If-None-Match"
+	headerIfUnmodifiedSince       = "If-Unmodified-Since"
+	headerRange                   = "Range"
+	headerDataServiceVersion      = "DataServiceVersion"
+	headerMaxDataServiceVersion   = "MaxDataServiceVersion"
+	headerContentTransferEncoding = "Content-Transfer-Encoding"
+)
+
+func (c *Client) addAuthorizationHeader(verb, url string, headers map[string]string, auth authentication) (map[string]string, error) {
+	if !c.sasClient {
+		authHeader, err := c.getSharedKey(verb, url, headers, auth)
+		if err != nil {
+			return nil, err
+		}
+		headers[headerAuthorization] = authHeader
+	}
+	return headers, nil
+}
+
+func (c *Client) getSharedKey(verb, url string, headers map[string]string, auth authentication) (string, error) {
+	canRes, err := c.buildCanonicalizedResource(url, auth, false)
+	if err != nil {
+		return "", err
+	}
+
+	canString, err := buildCanonicalizedString(verb, headers, canRes, auth)
+	if err != nil {
+		return "", err
+	}
+	return c.createAuthorizationHeader(canString, auth), nil
+}
+
+func (c *Client) buildCanonicalizedResource(uri string, auth authentication, sas bool) (string, error) {
+	errMsg := "buildCanonicalizedResource error: %s"
+	u, err := url.Parse(uri)
+	if err != nil {
+		return "", fmt.Errorf(errMsg, err.Error())
+	}
+
+	cr := bytes.NewBufferString("")
+	if c.accountName != StorageEmulatorAccountName || !sas {
+		cr.WriteString("/")
+		cr.WriteString(c.getCanonicalizedAccountName())
+	}
+
+	if len(u.Path) > 0 {
+		// Any portion of the CanonicalizedResource string that is derived from
+		// the resource's URI should be encoded exactly as it is in the URI.
+		// -- https://msdn.microsoft.com/en-gb/library/azure/dd179428.aspx
+		cr.WriteString(u.EscapedPath())
+	}
+
+	params, err := url.ParseQuery(u.RawQuery)
+	if err != nil {
+		return "", fmt.Errorf(errMsg, err.Error())
+	}
+
+	// See https://github.com/Azure/azure-storage-net/blob/master/Lib/Common/Core/Util/AuthenticationUtility.cs#L277
+	if auth == sharedKey {
+		if len(params) > 0 {
+			cr.WriteString("\n")
+
+			keys := []string{}
+			for key := range params {
+				keys = append(keys, key)
+			}
+			sort.Strings(keys)
+
+			completeParams := []string{}
+			for _, key := range keys {
+				if len(params[key]) > 1 {
+					sort.Strings(params[key])
+				}
+
+				completeParams = append(completeParams, fmt.Sprintf("%s:%s", key, strings.Join(params[key], ",")))
+			}
+			cr.WriteString(strings.Join(completeParams, "\n"))
+		}
+	} else {
+		// search for "comp" parameter, if exists then add it to canonicalizedresource
+		if v, ok := params["comp"]; ok {
+			cr.WriteString("?comp=" + v[0])
+		}
+	}
+
+	return string(cr.Bytes()), nil
+}
+
+func (c *Client) getCanonicalizedAccountName() string {
+	// since we may be trying to access a secondary storage account, we need to
+	// remove the -secondary part of the storage name
+	return strings.TrimSuffix(c.accountName, "-secondary")
+}
+
+func buildCanonicalizedString(verb string, headers map[string]string, canonicalizedResource string, auth authentication) (string, error) {
+	contentLength := headers[headerContentLength]
+	if contentLength == "0" {
+		contentLength = ""
+	}
+	date := headers[headerDate]
+	if v, ok := headers[headerXmsDate]; ok {
+		if auth == sharedKey || auth == sharedKeyLite {
+			date = ""
+		} else {
+			date = v
+		}
+	}
+	var canString string
+	switch auth {
+	case sharedKey:
+		canString = strings.Join([]string{
+			verb,
+			headers[headerContentEncoding],
+			headers[headerContentLanguage],
+			contentLength,
+			headers[headerContentMD5],
+			headers[headerContentType],
+			date,
+			headers[headerIfModifiedSince],
+			headers[headerIfMatch],
+			headers[headerIfNoneMatch],
+			headers[headerIfUnmodifiedSince],
+			headers[headerRange],
+			buildCanonicalizedHeader(headers),
+			canonicalizedResource,
+		}, "\n")
+	case sharedKeyForTable:
+		canString = strings.Join([]string{
+			verb,
+			headers[headerContentMD5],
+			headers[headerContentType],
+			date,
+			canonicalizedResource,
+		}, "\n")
+	case sharedKeyLite:
+		canString = strings.Join([]string{
+			verb,
+			headers[headerContentMD5],
+			headers[headerContentType],
+			date,
+			buildCanonicalizedHeader(headers),
+			canonicalizedResource,
+		}, "\n")
+	case sharedKeyLiteForTable:
+		canString = strings.Join([]string{
+			date,
+			canonicalizedResource,
+		}, "\n")
+	default:
+		return "", fmt.Errorf("%s authentication is not supported yet", auth)
+	}
+	return canString, nil
+}
+
+func buildCanonicalizedHeader(headers map[string]string) string {
+	cm := make(map[string]string)
+
+	for k, v := range headers {
+		headerName := strings.TrimSpace(strings.ToLower(k))
+		if strings.HasPrefix(headerName, "x-ms-") {
+			cm[headerName] = v
+		}
+	}
+
+	if len(cm) == 0 {
+		return ""
+	}
+
+	keys := []string{}
+	for key := range cm {
+		keys = append(keys, key)
+	}
+
+	sort.Strings(keys)
+
+	ch := bytes.NewBufferString("")
+
+	for _, key := range keys {
+		ch.WriteString(key)
+		ch.WriteRune(':')
+		ch.WriteString(cm[key])
+		ch.WriteRune('\n')
+	}
+
+	return strings.TrimSuffix(string(ch.Bytes()), "\n")
+}
+
+func (c *Client) createAuthorizationHeader(canonicalizedString string, auth authentication) string {
+	signature := c.computeHmac256(canonicalizedString)
+	var key string
+	switch auth {
+	case sharedKey, sharedKeyForTable:
+		key = "SharedKey"
+	case sharedKeyLite, sharedKeyLiteForTable:
+		key = "SharedKeyLite"
+	}
+	return fmt.Sprintf("%s %s:%s", key, c.getCanonicalizedAccountName(), signature)
+}
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/storage/blob.go b/vendor/github.com/Azure/azure-sdk-for-go/storage/blob.go
new file mode 100644
index 000000000..462e3dcf2
--- /dev/null
+++ b/vendor/github.com/Azure/azure-sdk-for-go/storage/blob.go
@@ -0,0 +1,621 @@
+package storage
+
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License. See License.txt in the project root for license information.
+
+import (
+	"encoding/xml"
+	"errors"
+	"fmt"
+	"io"
+	"net/http"
+	"net/url"
+	"strconv"
+	"strings"
+	"time"
+)
+
+// A Blob is an entry in BlobListResponse.
+type Blob struct {
+	Container  *Container
+	Name       string         `xml:"Name"`
+	Snapshot   time.Time      `xml:"Snapshot"`
+	Properties BlobProperties `xml:"Properties"`
+	Metadata   BlobMetadata   `xml:"Metadata"`
+}
+
+// PutBlobOptions includes the options any put blob operation
+// (page, block, append)
+type PutBlobOptions struct {
+	Timeout           uint
+	LeaseID           string     `header:"x-ms-lease-id"`
+	Origin            string     `header:"Origin"`
+	IfModifiedSince   *time.Time `header:"If-Modified-Since"`
+	IfUnmodifiedSince *time.Time `header:"If-Unmodified-Since"`
+	IfMatch           string     `header:"If-Match"`
+	IfNoneMatch       string     `header:"If-None-Match"`
+	RequestID         string     `header:"x-ms-client-request-id"`
+}
+
+// BlobMetadata is a set of custom name/value pairs.
+//
+// See https://msdn.microsoft.com/en-us/library/azure/dd179404.aspx
+type BlobMetadata map[string]string
+
+type blobMetadataEntries struct {
+	Entries []blobMetadataEntry `xml:",any"`
+}
+type blobMetadataEntry struct {
+	XMLName xml.Name
+	Value   string `xml:",chardata"`
+}
+
+// UnmarshalXML converts the xml:Metadata into Metadata map
+func (bm *BlobMetadata) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error {
+	var entries blobMetadataEntries
+	if err := d.DecodeElement(&entries, &start); err != nil {
+		return err
+	}
+	for _, entry := range entries.Entries {
+		if *bm == nil {
+			*bm = make(BlobMetadata)
+		}
+		(*bm)[strings.ToLower(entry.XMLName.Local)] = entry.Value
+	}
+	return nil
+}
+
+// MarshalXML implements the xml.Marshaler interface. It encodes
+// metadata name/value pairs as they would appear in an Azure
+// ListBlobs response.
+func (bm BlobMetadata) MarshalXML(enc *xml.Encoder, start xml.StartElement) error {
+	entries := make([]blobMetadataEntry, 0, len(bm))
+	for k, v := range bm {
+		entries = append(entries, blobMetadataEntry{
+			XMLName: xml.Name{Local: http.CanonicalHeaderKey(k)},
+			Value:   v,
+		})
+	}
+	return enc.EncodeElement(blobMetadataEntries{
+		Entries: entries,
+	}, start)
+}
+
+// BlobProperties contains various properties of a blob
+// returned in various endpoints like ListBlobs or GetBlobProperties.
+type BlobProperties struct {
+	LastModified          TimeRFC1123 `xml:"Last-Modified"`
+	Etag                  string      `xml:"Etag"`
+	ContentMD5            string      `xml:"Content-MD5" header:"x-ms-blob-content-md5"`
+	ContentLength         int64       `xml:"Content-Length"`
+	ContentType           string      `xml:"Content-Type" header:"x-ms-blob-content-type"`
+	ContentEncoding       string      `xml:"Content-Encoding" header:"x-ms-blob-content-encoding"`
+	CacheControl          string      `xml:"Cache-Control" header:"x-ms-blob-cache-control"`
+	ContentLanguage       string      `xml:"Cache-Language" header:"x-ms-blob-content-language"`
+	ContentDisposition    string      `xml:"Content-Disposition" header:"x-ms-blob-content-disposition"`
+	BlobType              BlobType    `xml:"BlobType"`
+	SequenceNumber        int64       `xml:"x-ms-blob-sequence-number"`
+	CopyID                string      `xml:"CopyId"`
+	CopyStatus            string      `xml:"CopyStatus"`
+	CopySource            string      `xml:"CopySource"`
+	CopyProgress          string      `xml:"CopyProgress"`
+	CopyCompletionTime    TimeRFC1123 `xml:"CopyCompletionTime"`
+	CopyStatusDescription string      `xml:"CopyStatusDescription"`
+	LeaseStatus           string      `xml:"LeaseStatus"`
+	LeaseState            string      `xml:"LeaseState"`
+	LeaseDuration         string      `xml:"LeaseDuration"`
+	ServerEncrypted       bool        `xml:"ServerEncrypted"`
+	IncrementalCopy       bool        `xml:"IncrementalCopy"`
+}
+
+// BlobType defines the type of the Azure Blob.
+type BlobType string
+
+// Types of page blobs
+const (
+	BlobTypeBlock  BlobType = "BlockBlob"
+	BlobTypePage   BlobType = "PageBlob"
+	BlobTypeAppend BlobType = "AppendBlob"
+)
+
+func (b *Blob) buildPath() string {
+	return b.Container.buildPath() + "/" + b.Name
+}
+
+// Exists returns true if a blob with given name exists on the specified
+// container of the storage account.
+func (b *Blob) Exists() (bool, error) {
+	uri := b.Container.bsc.client.getEndpoint(blobServiceName, b.buildPath(), nil)
+	headers := b.Container.bsc.client.getStandardHeaders()
+	resp, err := b.Container.bsc.client.exec(http.MethodHead, uri, headers, nil, b.Container.bsc.auth)
+	if resp != nil {
+		defer drainRespBody(resp)
+		if resp.StatusCode == http.StatusOK || resp.StatusCode == http.StatusNotFound {
+			return resp.StatusCode == http.StatusOK, nil
+		}
+	}
+	return false, err
+}
+
+// GetURL gets the canonical URL to the blob with the specified name in the
+// specified container.
+// This method does not create a publicly accessible URL if the blob or container
+// is private and this method does not check if the blob exists.
+func (b *Blob) GetURL() string {
+	container := b.Container.Name
+	if container == "" {
+		container = "$root"
+	}
+	return b.Container.bsc.client.getEndpoint(blobServiceName, pathForResource(container, b.Name), nil)
+}
+
+// GetBlobRangeOptions includes the options for a get blob range operation
+type GetBlobRangeOptions struct {
+	Range              *BlobRange
+	GetRangeContentMD5 bool
+	*GetBlobOptions
+}
+
+// GetBlobOptions includes the options for a get blob operation
+type GetBlobOptions struct {
+	Timeout           uint
+	Snapshot          *time.Time
+	LeaseID           string     `header:"x-ms-lease-id"`
+	Origin            string     `header:"Origin"`
+	IfModifiedSince   *time.Time `header:"If-Modified-Since"`
+	IfUnmodifiedSince *time.Time `header:"If-Unmodified-Since"`
+	IfMatch           string     `header:"If-Match"`
+	IfNoneMatch       string     `header:"If-None-Match"`
+	RequestID         string     `header:"x-ms-client-request-id"`
+}
+
+// BlobRange represents the bytes range to be get
+type BlobRange struct {
+	Start uint64
+	End   uint64
+}
+
+func (br BlobRange) String() string {
+	if br.End == 0 {
+		return fmt.Sprintf("bytes=%d-", br.Start)
+	}
+	return fmt.Sprintf("bytes=%d-%d", br.Start, br.End)
+}
+
+// Get returns a stream to read the blob. Caller must call both Read and Close()
+// to correctly close the underlying connection.
+//
+// See the GetRange method for use with a Range header.
+//
+// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/Get-Blob
+func (b *Blob) Get(options *GetBlobOptions) (io.ReadCloser, error) {
+	rangeOptions := GetBlobRangeOptions{
+		GetBlobOptions: options,
+	}
+	resp, err := b.getRange(&rangeOptions)
+	if err != nil {
+		return nil, err
+	}
+
+	if err := checkRespCode(resp, []int{http.StatusOK}); err != nil {
+		return nil, err
+	}
+	if err := b.writeProperties(resp.Header, true); err != nil {
+		return resp.Body, err
+	}
+	return resp.Body, nil
+}
+
+// GetRange reads the specified range of a blob to a stream. The bytesRange
+// string must be in a format like "0-", "10-100" as defined in HTTP 1.1 spec.
+// Caller must call both Read and Close()// to correctly close the underlying
+// connection.
+// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/Get-Blob
+func (b *Blob) GetRange(options *GetBlobRangeOptions) (io.ReadCloser, error) {
+	resp, err := b.getRange(options)
+	if err != nil {
+		return nil, err
+	}
+
+	if err := checkRespCode(resp, []int{http.StatusPartialContent}); err != nil {
+		return nil, err
+	}
+	// Content-Length header should not be updated, as the service returns the range length
+	// (which is not alwys the full blob length)
+	if err := b.writeProperties(resp.Header, false); err != nil {
+		return resp.Body, err
+	}
+	return resp.Body, nil
+}
+
+func (b *Blob) getRange(options *GetBlobRangeOptions) (*http.Response, error) {
+	params := url.Values{}
+	headers := b.Container.bsc.client.getStandardHeaders()
+
+	if options != nil {
+		if options.Range != nil {
+			headers["Range"] = options.Range.String()
+			if options.GetRangeContentMD5 {
+				headers["x-ms-range-get-content-md5"] = "true"
+			}
+		}
+		if options.GetBlobOptions != nil {
+			headers = mergeHeaders(headers, headersFromStruct(*options.GetBlobOptions))
+			params = addTimeout(params, options.Timeout)
+			params = addSnapshot(params, options.Snapshot)
+		}
+	}
+	uri := b.Container.bsc.client.getEndpoint(blobServiceName, b.buildPath(), params)
+
+	resp, err := b.Container.bsc.client.exec(http.MethodGet, uri, headers, nil, b.Container.bsc.auth)
+	if err != nil {
+		return nil, err
+	}
+	return resp, err
+}
+
+// SnapshotOptions includes the options for a snapshot blob operation
+type SnapshotOptions struct {
+	Timeout           uint
+	LeaseID           string     `header:"x-ms-lease-id"`
+	IfModifiedSince   *time.Time `header:"If-Modified-Since"`
+	IfUnmodifiedSince *time.Time `header:"If-Unmodified-Since"`
+	IfMatch           string     `header:"If-Match"`
+	IfNoneMatch       string     `header:"If-None-Match"`
+	RequestID         string     `header:"x-ms-client-request-id"`
+}
+
+// CreateSnapshot creates a snapshot for a blob
+// See https://msdn.microsoft.com/en-us/library/azure/ee691971.aspx
+func (b *Blob) CreateSnapshot(options *SnapshotOptions) (snapshotTimestamp *time.Time, err error) {
+	params := url.Values{"comp": {"snapshot"}}
+	headers := b.Container.bsc.client.getStandardHeaders()
+	headers = b.Container.bsc.client.addMetadataToHeaders(headers, b.Metadata)
+
+	if options != nil {
+		params = addTimeout(params, options.Timeout)
+		headers = mergeHeaders(headers, headersFromStruct(*options))
+	}
+	uri := b.Container.bsc.client.getEndpoint(blobServiceName, b.buildPath(), params)
+
+	resp, err := b.Container.bsc.client.exec(http.MethodPut, uri, headers, nil, b.Container.bsc.auth)
+	if err != nil || resp == nil {
+		return nil, err
+	}
+	defer drainRespBody(resp)
+
+	if err := checkRespCode(resp, []int{http.StatusCreated}); err != nil {
+		return nil, err
+	}
+
+	snapshotResponse := resp.Header.Get(http.CanonicalHeaderKey("x-ms-snapshot"))
+	if snapshotResponse != "" {
+		snapshotTimestamp, err := time.Parse(time.RFC3339, snapshotResponse)
+		if err != nil {
+			return nil, err
+		}
+		return &snapshotTimestamp, nil
+	}
+
+	return nil, errors.New("Snapshot not created")
+}
+
+// GetBlobPropertiesOptions includes the options for a get blob properties operation
+type GetBlobPropertiesOptions struct {
+	Timeout           uint
+	Snapshot          *time.Time
+	LeaseID           string     `header:"x-ms-lease-id"`
+	IfModifiedSince   *time.Time `header:"If-Modified-Since"`
+	IfUnmodifiedSince *time.Time `header:"If-Unmodified-Since"`
+	IfMatch           string     `header:"If-Match"`
+	IfNoneMatch       string     `header:"If-None-Match"`
+	RequestID         string     `header:"x-ms-client-request-id"`
+}
+
+// GetProperties provides various information about the specified blob.
+// See https://msdn.microsoft.com/en-us/library/azure/dd179394.aspx
+func (b *Blob) GetProperties(options *GetBlobPropertiesOptions) error {
+	params := url.Values{}
+	headers := b.Container.bsc.client.getStandardHeaders()
+
+	if options != nil {
+		params = addTimeout(params, options.Timeout)
+		params = addSnapshot(params, options.Snapshot)
+		headers = mergeHeaders(headers, headersFromStruct(*options))
+	}
+	uri := b.Container.bsc.client.getEndpoint(blobServiceName, b.buildPath(), params)
+
+	resp, err := b.Container.bsc.client.exec(http.MethodHead, uri, headers, nil, b.Container.bsc.auth)
+	if err != nil {
+		return err
+	}
+	defer drainRespBody(resp)
+
+	if err = checkRespCode(resp, []int{http.StatusOK}); err != nil {
+		return err
+	}
+	return b.writeProperties(resp.Header, true)
+}
+
+func (b *Blob) writeProperties(h http.Header, includeContentLen bool) error {
+	var err error
+
+	contentLength := b.Properties.ContentLength
+	if includeContentLen {
+		contentLengthStr := h.Get("Content-Length")
+		if contentLengthStr != "" {
+			contentLength, err = strconv.ParseInt(contentLengthStr, 0, 64)
+			if err != nil {
+				return err
+			}
+		}
+	}
+
+	var sequenceNum int64
+	sequenceNumStr := h.Get("x-ms-blob-sequence-number")
+	if sequenceNumStr != "" {
+		sequenceNum, err = strconv.ParseInt(sequenceNumStr, 0, 64)
+		if err != nil {
+			return err
+		}
+	}
+
+	lastModified, err := getTimeFromHeaders(h, "Last-Modified")
+	if err != nil {
+		return err
+	}
+
+	copyCompletionTime, err := getTimeFromHeaders(h, "x-ms-copy-completion-time")
+	if err != nil {
+		return err
+	}
+
+	b.Properties = BlobProperties{
+		LastModified:          TimeRFC1123(*lastModified),
+		Etag:                  h.Get("Etag"),
+		ContentMD5:            h.Get("Content-MD5"),
+		ContentLength:         contentLength,
+		ContentEncoding:       h.Get("Content-Encoding"),
+		ContentType:           h.Get("Content-Type"),
+		ContentDisposition:    h.Get("Content-Disposition"),
+		CacheControl:          h.Get("Cache-Control"),
+		ContentLanguage:       h.Get("Content-Language"),
+		SequenceNumber:        sequenceNum,
+		CopyCompletionTime:    TimeRFC1123(*copyCompletionTime),
+		CopyStatusDescription: h.Get("x-ms-copy-status-description"),
+		CopyID:                h.Get("x-ms-copy-id"),
+		CopyProgress:          h.Get("x-ms-copy-progress"),
+		CopySource:            h.Get("x-ms-copy-source"),
+		CopyStatus:            h.Get("x-ms-copy-status"),
+		BlobType:              BlobType(h.Get("x-ms-blob-type")),
+		LeaseStatus:           h.Get("x-ms-lease-status"),
+		LeaseState:            h.Get("x-ms-lease-state"),
+	}
+	b.writeMetadata(h)
+	return nil
+}
+
+// SetBlobPropertiesOptions contains various properties of a blob and is an entry
+// in SetProperties
+type SetBlobPropertiesOptions struct {
+	Timeout              uint
+	LeaseID              string     `header:"x-ms-lease-id"`
+	Origin               string     `header:"Origin"`
+	IfModifiedSince      *time.Time `header:"If-Modified-Since"`
+	IfUnmodifiedSince    *time.Time `header:"If-Unmodified-Since"`
+	IfMatch              string     `header:"If-Match"`
+	IfNoneMatch          string     `header:"If-None-Match"`
+	SequenceNumberAction *SequenceNumberAction
+	RequestID            string `header:"x-ms-client-request-id"`
+}
+
+// SequenceNumberAction defines how the blob's sequence number should be modified
+type SequenceNumberAction string
+
+// Options for sequence number action
+const (
+	SequenceNumberActionMax       SequenceNumberAction = "max"
+	SequenceNumberActionUpdate    SequenceNumberAction = "update"
+	SequenceNumberActionIncrement SequenceNumberAction = "increment"
+)
+
+// SetProperties replaces the BlobHeaders for the specified blob.
+//
+// Some keys may be converted to Camel-Case before sending. All keys
+// are returned in lower case by GetBlobProperties. HTTP header names
+// are case-insensitive so case munging should not matter to other
+// applications either.
+//
+// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/Set-Blob-Properties
+func (b *Blob) SetProperties(options *SetBlobPropertiesOptions) error {
+	params := url.Values{"comp": {"properties"}}
+	headers := b.Container.bsc.client.getStandardHeaders()
+	headers = mergeHeaders(headers, headersFromStruct(b.Properties))
+
+	if options != nil {
+		params = addTimeout(params, options.Timeout)
+		headers = mergeHeaders(headers, headersFromStruct(*options))
+	}
+	uri := b.Container.bsc.client.getEndpoint(blobServiceName, b.buildPath(), params)
+
+	if b.Properties.BlobType == BlobTypePage {
+		headers = addToHeaders(headers, "x-ms-blob-content-length", fmt.Sprintf("%v", b.Properties.ContentLength))
+		if options != nil && options.SequenceNumberAction != nil {
+			headers = addToHeaders(headers, "x-ms-sequence-number-action", string(*options.SequenceNumberAction))
+			if *options.SequenceNumberAction != SequenceNumberActionIncrement {
+				headers = addToHeaders(headers, "x-ms-blob-sequence-number", fmt.Sprintf("%v", b.Properties.SequenceNumber))
+			}
+		}
+	}
+
+	resp, err := b.Container.bsc.client.exec(http.MethodPut, uri, headers, nil, b.Container.bsc.auth)
+	if err != nil {
+		return err
+	}
+	defer drainRespBody(resp)
+	return checkRespCode(resp, []int{http.StatusOK})
+}
+
+// SetBlobMetadataOptions includes the options for a set blob metadata operation
+type SetBlobMetadataOptions struct {
+	Timeout           uint
+	LeaseID           string     `header:"x-ms-lease-id"`
+	IfModifiedSince   *time.Time `header:"If-Modified-Since"`
+	IfUnmodifiedSince *time.Time `header:"If-Unmodified-Since"`
+	IfMatch           string     `header:"If-Match"`
+	IfNoneMatch       string     `header:"If-None-Match"`
+	RequestID         string     `header:"x-ms-client-request-id"`
+}
+
+// SetMetadata replaces the metadata for the specified blob.
+//
+// Some keys may be converted to Camel-Case before sending. All keys
+// are returned in lower case by GetBlobMetadata. HTTP header names
+// are case-insensitive so case munging should not matter to other
+// applications either.
+//
+// See https://msdn.microsoft.com/en-us/library/azure/dd179414.aspx
+func (b *Blob) SetMetadata(options *SetBlobMetadataOptions) error {
+	params := url.Values{"comp": {"metadata"}}
+	headers := b.Container.bsc.client.getStandardHeaders()
+	headers = b.Container.bsc.client.addMetadataToHeaders(headers, b.Metadata)
+
+	if options != nil {
+		params = addTimeout(params, options.Timeout)
+		headers = mergeHeaders(headers, headersFromStruct(*options))
+	}
+	uri := b.Container.bsc.client.getEndpoint(blobServiceName, b.buildPath(), params)
+
+	resp, err := b.Container.bsc.client.exec(http.MethodPut, uri, headers, nil, b.Container.bsc.auth)
+	if err != nil {
+		return err
+	}
+	defer drainRespBody(resp)
+	return checkRespCode(resp, []int{http.StatusOK})
+}
+
+// GetBlobMetadataOptions includes the options for a get blob metadata operation
+type GetBlobMetadataOptions struct {
+	Timeout           uint
+	Snapshot          *time.Time
+	LeaseID           string     `header:"x-ms-lease-id"`
+	IfModifiedSince   *time.Time `header:"If-Modified-Since"`
+	IfUnmodifiedSince *time.Time `header:"If-Unmodified-Since"`
+	IfMatch           string     `header:"If-Match"`
+	IfNoneMatch       string     `header:"If-None-Match"`
+	RequestID         string     `header:"x-ms-client-request-id"`
+}
+
+// GetMetadata returns all user-defined metadata for the specified blob.
+//
+// All metadata keys will be returned in lower case. (HTTP header
+// names are case-insensitive.)
+//
+// See https://msdn.microsoft.com/en-us/library/azure/dd179414.aspx
+func (b *Blob) GetMetadata(options *GetBlobMetadataOptions) error {
+	params := url.Values{"comp": {"metadata"}}
+	headers := b.Container.bsc.client.getStandardHeaders()
+
+	if options != nil {
+		params = addTimeout(params, options.Timeout)
+		params = addSnapshot(params, options.Snapshot)
+		headers = mergeHeaders(headers, headersFromStruct(*options))
+	}
+	uri := b.Container.bsc.client.getEndpoint(blobServiceName, b.buildPath(), params)
+
+	resp, err := b.Container.bsc.client.exec(http.MethodGet, uri, headers, nil, b.Container.bsc.auth)
+	if err != nil {
+		return err
+	}
+	defer drainRespBody(resp)
+
+	if err := checkRespCode(resp, []int{http.StatusOK}); err != nil {
+		return err
+	}
+
+	b.writeMetadata(resp.Header)
+	return nil
+}
+
+func (b *Blob) writeMetadata(h http.Header) {
+	b.Metadata = BlobMetadata(writeMetadata(h))
+}
+
+// DeleteBlobOptions includes the options for a delete blob operation
+type DeleteBlobOptions struct {
+	Timeout           uint
+	Snapshot          *time.Time
+	LeaseID           string `header:"x-ms-lease-id"`
+	DeleteSnapshots   *bool
+	IfModifiedSince   *time.Time `header:"If-Modified-Since"`
+	IfUnmodifiedSince *time.Time `header:"If-Unmodified-Since"`
+	IfMatch           string     `header:"If-Match"`
+	IfNoneMatch       string     `header:"If-None-Match"`
+	RequestID         string     `header:"x-ms-client-request-id"`
+}
+
+// Delete deletes the given blob from the specified container.
+// If the blob does not exist at the time of the Delete Blob operation, it
+// returns error.
+// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/Delete-Blob
+func (b *Blob) Delete(options *DeleteBlobOptions) error {
+	resp, err := b.delete(options)
+	if err != nil {
+		return err
+	}
+	defer drainRespBody(resp)
+	return checkRespCode(resp, []int{http.StatusAccepted})
+}
+
+// DeleteIfExists deletes the given blob from the specified container If the
+// blob is deleted with this call, returns true. Otherwise returns false.
+//
+// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/Delete-Blob
+func (b *Blob) DeleteIfExists(options *DeleteBlobOptions) (bool, error) {
+	resp, err := b.delete(options)
+	if resp != nil {
+		defer drainRespBody(resp)
+		if resp.StatusCode == http.StatusAccepted || resp.StatusCode == http.StatusNotFound {
+			return resp.StatusCode == http.StatusAccepted, nil
+		}
+	}
+	return false, err
+}
+
+func (b *Blob) delete(options *DeleteBlobOptions) (*http.Response, error) {
+	params := url.Values{}
+	headers := b.Container.bsc.client.getStandardHeaders()
+
+	if options != nil {
+		params = addTimeout(params, options.Timeout)
+		params = addSnapshot(params, options.Snapshot)
+		headers = mergeHeaders(headers, headersFromStruct(*options))
+		if options.DeleteSnapshots != nil {
+			if *options.DeleteSnapshots {
+				headers["x-ms-delete-snapshots"] = "include"
+			} else {
+				headers["x-ms-delete-snapshots"] = "only"
+			}
+		}
+	}
+	uri := b.Container.bsc.client.getEndpoint(blobServiceName, b.buildPath(), params)
+	return b.Container.bsc.client.exec(http.MethodDelete, uri, headers, nil, b.Container.bsc.auth)
+}
+
+// helper method to construct the path to either a blob or container
+func pathForResource(container, name string) string {
+	if name != "" {
+		return fmt.Sprintf("/%s/%s", container, name)
+	}
+	return fmt.Sprintf("/%s", container)
+}
+
+func (b *Blob) respondCreation(resp *http.Response, bt BlobType) error {
+	defer drainRespBody(resp)
+	err := checkRespCode(resp, []int{http.StatusCreated})
+	if err != nil {
+		return err
+	}
+	b.Properties.BlobType = bt
+	return nil
+}
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/storage/blobsasuri.go b/vendor/github.com/Azure/azure-sdk-for-go/storage/blobsasuri.go
new file mode 100644
index 000000000..89ab054ec
--- /dev/null
+++ b/vendor/github.com/Azure/azure-sdk-for-go/storage/blobsasuri.go
@@ -0,0 +1,168 @@
+package storage
+
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License. See License.txt in the project root for license information.
+
+import (
+	"errors"
+	"fmt"
+	"net/url"
+	"strings"
+	"time"
+)
+
+// OverrideHeaders defines overridable response heaedrs in
+// a request using a SAS URI.
+// See https://docs.microsoft.com/en-us/rest/api/storageservices/constructing-a-service-sas
+type OverrideHeaders struct {
+	CacheControl       string
+	ContentDisposition string
+	ContentEncoding    string
+	ContentLanguage    string
+	ContentType        string
+}
+
+// BlobSASOptions are options to construct a blob SAS
+// URI.
+// See https://docs.microsoft.com/en-us/rest/api/storageservices/constructing-a-service-sas
+type BlobSASOptions struct {
+	BlobServiceSASPermissions
+	OverrideHeaders
+	SASOptions
+}
+
+// BlobServiceSASPermissions includes the available permissions for
+// blob service SAS URI.
+type BlobServiceSASPermissions struct {
+	Read   bool
+	Add    bool
+	Create bool
+	Write  bool
+	Delete bool
+}
+
+func (p BlobServiceSASPermissions) buildString() string {
+	permissions := ""
+	if p.Read {
+		permissions += "r"
+	}
+	if p.Add {
+		permissions += "a"
+	}
+	if p.Create {
+		permissions += "c"
+	}
+	if p.Write {
+		permissions += "w"
+	}
+	if p.Delete {
+		permissions += "d"
+	}
+	return permissions
+}
+
+// GetSASURI creates an URL to the blob which contains the Shared
+// Access Signature with the specified options.
+//
+// See https://docs.microsoft.com/en-us/rest/api/storageservices/constructing-a-service-sas
+func (b *Blob) GetSASURI(options BlobSASOptions) (string, error) {
+	uri := b.GetURL()
+	signedResource := "b"
+	canonicalizedResource, err := b.Container.bsc.client.buildCanonicalizedResource(uri, b.Container.bsc.auth, true)
+	if err != nil {
+		return "", err
+	}
+
+	permissions := options.BlobServiceSASPermissions.buildString()
+	return b.Container.bsc.client.blobAndFileSASURI(options.SASOptions, uri, permissions, canonicalizedResource, signedResource, options.OverrideHeaders)
+}
+
+func (c *Client) blobAndFileSASURI(options SASOptions, uri, permissions, canonicalizedResource, signedResource string, headers OverrideHeaders) (string, error) {
+	start := ""
+	if options.Start != (time.Time{}) {
+		start = options.Start.UTC().Format(time.RFC3339)
+	}
+
+	expiry := options.Expiry.UTC().Format(time.RFC3339)
+
+	// We need to replace + with %2b first to avoid being treated as a space (which is correct for query strings, but not the path component).
+	canonicalizedResource = strings.Replace(canonicalizedResource, "+", "%2b", -1)
+	canonicalizedResource, err := url.QueryUnescape(canonicalizedResource)
+	if err != nil {
+		return "", err
+	}
+
+	protocols := ""
+	if options.UseHTTPS {
+		protocols = "https"
+	}
+	stringToSign, err := blobSASStringToSign(permissions, start, expiry, canonicalizedResource, options.Identifier, options.IP, protocols, c.apiVersion, signedResource, "", headers)
+	if err != nil {
+		return "", err
+	}
+
+	sig := c.computeHmac256(stringToSign)
+	sasParams := url.Values{
+		"sv":  {c.apiVersion},
+		"se":  {expiry},
+		"sr":  {signedResource},
+		"sp":  {permissions},
+		"sig": {sig},
+	}
+
+	if start != "" {
+		sasParams.Add("st", start)
+	}
+
+	if c.apiVersion >= "2015-04-05" {
+		if protocols != "" {
+			sasParams.Add("spr", protocols)
+		}
+		if options.IP != "" {
+			sasParams.Add("sip", options.IP)
+		}
+	}
+
+	// Add override response hedaers
+	addQueryParameter(sasParams, "rscc", headers.CacheControl)
+	addQueryParameter(sasParams, "rscd", headers.ContentDisposition)
+	addQueryParameter(sasParams, "rsce", headers.ContentEncoding)
+	addQueryParameter(sasParams, "rscl", headers.ContentLanguage)
+	addQueryParameter(sasParams, "rsct", headers.ContentType)
+
+	sasURL, err := url.Parse(uri)
+	if err != nil {
+		return "", err
+	}
+	sasURL.RawQuery = sasParams.Encode()
+	return sasURL.String(), nil
+}
+
+func blobSASStringToSign(signedPermissions, signedStart, signedExpiry, canonicalizedResource, signedIdentifier, signedIP, protocols, signedVersion, signedResource, signedSnapshotTime string, headers OverrideHeaders) (string, error) {
+	rscc := headers.CacheControl
+	rscd := headers.ContentDisposition
+	rsce := headers.ContentEncoding
+	rscl := headers.ContentLanguage
+	rsct := headers.ContentType
+
+	if signedVersion >= "2015-02-21" {
+		canonicalizedResource = "/blob" + canonicalizedResource
+	}
+
+	// https://docs.microsoft.com/en-us/rest/api/storageservices/constructing-a-service-sas
+	if signedVersion >= "2018-11-09" {
+		return fmt.Sprintf("%s\n%s\n%s\n%s\n%s\n%s\n%s\n%s\n%s\n%s\n%s\n%s\n%s\n%s\n%s", signedPermissions, signedStart, signedExpiry, canonicalizedResource, signedIdentifier, signedIP, protocols, signedVersion, signedResource, signedSnapshotTime, rscc, rscd, rsce, rscl, rsct), nil
+	}
+
+	// https://msdn.microsoft.com/en-us/library/azure/dn140255.aspx#Anchor_12
+	if signedVersion >= "2015-04-05" {
+		return fmt.Sprintf("%s\n%s\n%s\n%s\n%s\n%s\n%s\n%s\n%s\n%s\n%s\n%s\n%s", signedPermissions, signedStart, signedExpiry, canonicalizedResource, signedIdentifier, signedIP, protocols, signedVersion, rscc, rscd, rsce, rscl, rsct), nil
+	}
+
+	// reference: http://msdn.microsoft.com/en-us/library/azure/dn140255.aspx
+	if signedVersion >= "2013-08-15" {
+		return fmt.Sprintf("%s\n%s\n%s\n%s\n%s\n%s\n%s\n%s\n%s\n%s\n%s", signedPermissions, signedStart, signedExpiry, canonicalizedResource, signedIdentifier, signedVersion, rscc, rscd, rsce, rscl, rsct), nil
+	}
+
+	return "", errors.New("storage: not implemented SAS for versions earlier than 2013-08-15")
+}
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/storage/blobserviceclient.go b/vendor/github.com/Azure/azure-sdk-for-go/storage/blobserviceclient.go
new file mode 100644
index 000000000..0a985b22b
--- /dev/null
+++ b/vendor/github.com/Azure/azure-sdk-for-go/storage/blobserviceclient.go
@@ -0,0 +1,175 @@
+package storage
+
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License. See License.txt in the project root for license information.
+
+import (
+	"encoding/xml"
+	"fmt"
+	"net/http"
+	"net/url"
+	"strconv"
+	"strings"
+)
+
+// BlobStorageClient contains operations for Microsoft Azure Blob Storage
+// Service.
+type BlobStorageClient struct {
+	client Client
+	auth   authentication
+}
+
+// GetServiceProperties gets the properties of your storage account's blob service.
+// See: https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/get-blob-service-properties
+func (b *BlobStorageClient) GetServiceProperties() (*ServiceProperties, error) {
+	return b.client.getServiceProperties(blobServiceName, b.auth)
+}
+
+// SetServiceProperties sets the properties of your storage account's blob service.
+// See: https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/set-blob-service-properties
+func (b *BlobStorageClient) SetServiceProperties(props ServiceProperties) error {
+	return b.client.setServiceProperties(props, blobServiceName, b.auth)
+}
+
+// ListContainersParameters defines the set of customizable parameters to make a
+// List Containers call.
+//
+// See https://msdn.microsoft.com/en-us/library/azure/dd179352.aspx
+type ListContainersParameters struct {
+	Prefix     string
+	Marker     string
+	Include    string
+	MaxResults uint
+	Timeout    uint
+}
+
+// GetContainerReference returns a Container object for the specified container name.
+func (b *BlobStorageClient) GetContainerReference(name string) *Container {
+	return &Container{
+		bsc:  b,
+		Name: name,
+	}
+}
+
+// GetContainerReferenceFromSASURI returns a Container object for the specified
+// container SASURI
+func GetContainerReferenceFromSASURI(sasuri url.URL) (*Container, error) {
+	path := strings.Split(sasuri.Path, "/")
+	if len(path) <= 1 {
+		return nil, fmt.Errorf("could not find a container in URI: %s", sasuri.String())
+	}
+	c, err := newSASClientFromURL(&sasuri)
+	if err != nil {
+		return nil, err
+	}
+	cli := c.GetBlobService()
+	return &Container{
+		bsc:    &cli,
+		Name:   path[1],
+		sasuri: sasuri,
+	}, nil
+}
+
+// ListContainers returns the list of containers in a storage account along with
+// pagination token and other response details.
+//
+// See https://msdn.microsoft.com/en-us/library/azure/dd179352.aspx
+func (b BlobStorageClient) ListContainers(params ListContainersParameters) (*ContainerListResponse, error) {
+	q := mergeParams(params.getParameters(), url.Values{"comp": {"list"}})
+	uri := b.client.getEndpoint(blobServiceName, "", q)
+	headers := b.client.getStandardHeaders()
+
+	type ContainerAlias struct {
+		bsc        *BlobStorageClient
+		Name       string              `xml:"Name"`
+		Properties ContainerProperties `xml:"Properties"`
+		Metadata   BlobMetadata
+		sasuri     url.URL
+	}
+	type ContainerListResponseAlias struct {
+		XMLName    xml.Name         `xml:"EnumerationResults"`
+		Xmlns      string           `xml:"xmlns,attr"`
+		Prefix     string           `xml:"Prefix"`
+		Marker     string           `xml:"Marker"`
+		NextMarker string           `xml:"NextMarker"`
+		MaxResults int64            `xml:"MaxResults"`
+		Containers []ContainerAlias `xml:"Containers>Container"`
+	}
+
+	var outAlias ContainerListResponseAlias
+	resp, err := b.client.exec(http.MethodGet, uri, headers, nil, b.auth)
+	if err != nil {
+		return nil, err
+	}
+	defer resp.Body.Close()
+	err = xmlUnmarshal(resp.Body, &outAlias)
+	if err != nil {
+		return nil, err
+	}
+
+	out := ContainerListResponse{
+		XMLName:    outAlias.XMLName,
+		Xmlns:      outAlias.Xmlns,
+		Prefix:     outAlias.Prefix,
+		Marker:     outAlias.Marker,
+		NextMarker: outAlias.NextMarker,
+		MaxResults: outAlias.MaxResults,
+		Containers: make([]Container, len(outAlias.Containers)),
+	}
+	for i, cnt := range outAlias.Containers {
+		out.Containers[i] = Container{
+			bsc:        &b,
+			Name:       cnt.Name,
+			Properties: cnt.Properties,
+			Metadata:   map[string]string(cnt.Metadata),
+			sasuri:     cnt.sasuri,
+		}
+	}
+
+	return &out, err
+}
+
+func (p ListContainersParameters) getParameters() url.Values {
+	out := url.Values{}
+
+	if p.Prefix != "" {
+		out.Set("prefix", p.Prefix)
+	}
+	if p.Marker != "" {
+		out.Set("marker", p.Marker)
+	}
+	if p.Include != "" {
+		out.Set("include", p.Include)
+	}
+	if p.MaxResults != 0 {
+		out.Set("maxresults", strconv.FormatUint(uint64(p.MaxResults), 10))
+	}
+	if p.Timeout != 0 {
+		out.Set("timeout", strconv.FormatUint(uint64(p.Timeout), 10))
+	}
+
+	return out
+}
+
+func writeMetadata(h http.Header) map[string]string {
+	metadata := make(map[string]string)
+	for k, v := range h {
+		// Can't trust CanonicalHeaderKey() to munge case
+		// reliably. "_" is allowed in identifiers:
+		// https://msdn.microsoft.com/en-us/library/azure/dd179414.aspx
+		// https://msdn.microsoft.com/library/aa664670(VS.71).aspx
+		// http://tools.ietf.org/html/rfc7230#section-3.2
+		// ...but "_" is considered invalid by
+		// CanonicalMIMEHeaderKey in
+		// https://golang.org/src/net/textproto/reader.go?s=14615:14659#L542
+		// so k can be "X-Ms-Meta-Lol" or "x-ms-meta-lol_rofl".
+		k = strings.ToLower(k)
+		if len(v) == 0 || !strings.HasPrefix(k, strings.ToLower(userDefinedMetadataHeaderPrefix)) {
+			continue
+		}
+		// metadata["lol"] = content of the last X-Ms-Meta-Lol header
+		k = k[len(userDefinedMetadataHeaderPrefix):]
+		metadata[k] = v[len(v)-1]
+	}
+	return metadata
+}
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/storage/blockblob.go b/vendor/github.com/Azure/azure-sdk-for-go/storage/blockblob.go
new file mode 100644
index 000000000..9d445decf
--- /dev/null
+++ b/vendor/github.com/Azure/azure-sdk-for-go/storage/blockblob.go
@@ -0,0 +1,300 @@
+package storage
+
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License. See License.txt in the project root for license information.
+
+import (
+	"bytes"
+	"encoding/xml"
+	"fmt"
+	"io"
+	"net/http"
+	"net/url"
+	"strconv"
+	"strings"
+	"time"
+)
+
+// BlockListType is used to filter out types of blocks in a Get Blocks List call
+// for a block blob.
+//
+// See https://msdn.microsoft.com/en-us/library/azure/dd179400.aspx for all
+// block types.
+type BlockListType string
+
+// Filters for listing blocks in block blobs
+const (
+	BlockListTypeAll         BlockListType = "all"
+	BlockListTypeCommitted   BlockListType = "committed"
+	BlockListTypeUncommitted BlockListType = "uncommitted"
+)
+
+// Maximum sizes (per REST API) for various concepts
+const (
+	MaxBlobBlockSize = 100 * 1024 * 1024
+	MaxBlobPageSize  = 4 * 1024 * 1024
+)
+
+// BlockStatus defines states a block for a block blob can
+// be in.
+type BlockStatus string
+
+// List of statuses that can be used to refer to a block in a block list
+const (
+	BlockStatusUncommitted BlockStatus = "Uncommitted"
+	BlockStatusCommitted   BlockStatus = "Committed"
+	BlockStatusLatest      BlockStatus = "Latest"
+)
+
+// Block is used to create Block entities for Put Block List
+// call.
+type Block struct {
+	ID     string
+	Status BlockStatus
+}
+
+// BlockListResponse contains the response fields from Get Block List call.
+//
+// See https://msdn.microsoft.com/en-us/library/azure/dd179400.aspx
+type BlockListResponse struct {
+	XMLName           xml.Name        `xml:"BlockList"`
+	CommittedBlocks   []BlockResponse `xml:"CommittedBlocks>Block"`
+	UncommittedBlocks []BlockResponse `xml:"UncommittedBlocks>Block"`
+}
+
+// BlockResponse contains the block information returned
+// in the GetBlockListCall.
+type BlockResponse struct {
+	Name string `xml:"Name"`
+	Size int64  `xml:"Size"`
+}
+
+// CreateBlockBlob initializes an empty block blob with no blocks.
+//
+// See CreateBlockBlobFromReader for more info on creating blobs.
+//
+// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/Put-Blob
+func (b *Blob) CreateBlockBlob(options *PutBlobOptions) error {
+	return b.CreateBlockBlobFromReader(nil, options)
+}
+
+// CreateBlockBlobFromReader initializes a block blob using data from
+// reader. Size must be the number of bytes read from reader. To
+// create an empty blob, use size==0 and reader==nil.
+//
+// Any headers set in blob.Properties or metadata in blob.Metadata
+// will be set on the blob.
+//
+// The API rejects requests with size > 256 MiB (but this limit is not
+// checked by the SDK). To write a larger blob, use CreateBlockBlob,
+// PutBlock, and PutBlockList.
+//
+// To create a blob from scratch, call container.GetBlobReference() to
+// get an empty blob, fill in blob.Properties and blob.Metadata as
+// appropriate then call this method.
+//
+// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/Put-Blob
+func (b *Blob) CreateBlockBlobFromReader(blob io.Reader, options *PutBlobOptions) error {
+	params := url.Values{}
+	headers := b.Container.bsc.client.getStandardHeaders()
+	headers["x-ms-blob-type"] = string(BlobTypeBlock)
+
+	headers["Content-Length"] = "0"
+	var n int64
+	var err error
+	if blob != nil {
+		type lener interface {
+			Len() int
+		}
+		// TODO(rjeczalik): handle io.ReadSeeker, in case blob is *os.File etc.
+		if l, ok := blob.(lener); ok {
+			n = int64(l.Len())
+		} else {
+			var buf bytes.Buffer
+			n, err = io.Copy(&buf, blob)
+			if err != nil {
+				return err
+			}
+			blob = &buf
+		}
+
+		headers["Content-Length"] = strconv.FormatInt(n, 10)
+	}
+	b.Properties.ContentLength = n
+
+	headers = mergeHeaders(headers, headersFromStruct(b.Properties))
+	headers = b.Container.bsc.client.addMetadataToHeaders(headers, b.Metadata)
+
+	if options != nil {
+		params = addTimeout(params, options.Timeout)
+		headers = mergeHeaders(headers, headersFromStruct(*options))
+	}
+	uri := b.Container.bsc.client.getEndpoint(blobServiceName, b.buildPath(), params)
+
+	resp, err := b.Container.bsc.client.exec(http.MethodPut, uri, headers, blob, b.Container.bsc.auth)
+	if err != nil {
+		return err
+	}
+	return b.respondCreation(resp, BlobTypeBlock)
+}
+
+// PutBlockOptions includes the options for a put block operation
+type PutBlockOptions struct {
+	Timeout    uint
+	LeaseID    string `header:"x-ms-lease-id"`
+	ContentMD5 string `header:"Content-MD5"`
+	RequestID  string `header:"x-ms-client-request-id"`
+}
+
+// PutBlock saves the given data chunk to the specified block blob with
+// given ID.
+//
+// The API rejects chunks larger than 100 MiB (but this limit is not
+// checked by the SDK).
+//
+// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/Put-Block
+func (b *Blob) PutBlock(blockID string, chunk []byte, options *PutBlockOptions) error {
+	return b.PutBlockWithLength(blockID, uint64(len(chunk)), bytes.NewReader(chunk), options)
+}
+
+// PutBlockWithLength saves the given data stream of exactly specified size to
+// the block blob with given ID. It is an alternative to PutBlocks where data
+// comes as stream but the length is known in advance.
+//
+// The API rejects requests with size > 100 MiB (but this limit is not
+// checked by the SDK).
+//
+// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/Put-Block
+func (b *Blob) PutBlockWithLength(blockID string, size uint64, blob io.Reader, options *PutBlockOptions) error {
+	query := url.Values{
+		"comp":    {"block"},
+		"blockid": {blockID},
+	}
+	headers := b.Container.bsc.client.getStandardHeaders()
+	headers["Content-Length"] = fmt.Sprintf("%v", size)
+
+	if options != nil {
+		query = addTimeout(query, options.Timeout)
+		headers = mergeHeaders(headers, headersFromStruct(*options))
+	}
+	uri := b.Container.bsc.client.getEndpoint(blobServiceName, b.buildPath(), query)
+
+	resp, err := b.Container.bsc.client.exec(http.MethodPut, uri, headers, blob, b.Container.bsc.auth)
+	if err != nil {
+		return err
+	}
+	return b.respondCreation(resp, BlobTypeBlock)
+}
+
+// PutBlockFromURLOptions includes the options for a put block from URL operation
+type PutBlockFromURLOptions struct {
+	PutBlockOptions
+
+	SourceContentMD5   string `header:"x-ms-source-content-md5"`
+	SourceContentCRC64 string `header:"x-ms-source-content-crc64"`
+}
+
+// PutBlockFromURL copy data of exactly specified size from specified URL to
+// the block blob with given ID. It is an alternative to PutBlocks where data
+// comes from a remote URL and the offset and length is known in advance.
+//
+// The API rejects requests with size > 100 MiB (but this limit is not
+// checked by the SDK).
+//
+// See https://docs.microsoft.com/en-us/rest/api/storageservices/put-block-from-url
+func (b *Blob) PutBlockFromURL(blockID string, blobURL string, offset int64, size uint64, options *PutBlockFromURLOptions) error {
+	query := url.Values{
+		"comp":    {"block"},
+		"blockid": {blockID},
+	}
+	headers := b.Container.bsc.client.getStandardHeaders()
+	// The value of this header must be set to zero.
+	// When the length is not zero, the operation will fail with the status code 400 (Bad Request).
+	headers["Content-Length"] = "0"
+	headers["x-ms-copy-source"] = blobURL
+	headers["x-ms-source-range"] = fmt.Sprintf("bytes=%d-%d", offset, uint64(offset)+size-1)
+
+	if options != nil {
+		query = addTimeout(query, options.Timeout)
+		headers = mergeHeaders(headers, headersFromStruct(*options))
+	}
+	uri := b.Container.bsc.client.getEndpoint(blobServiceName, b.buildPath(), query)
+
+	resp, err := b.Container.bsc.client.exec(http.MethodPut, uri, headers, nil, b.Container.bsc.auth)
+	if err != nil {
+		return err
+	}
+	return b.respondCreation(resp, BlobTypeBlock)
+}
+
+// PutBlockListOptions includes the options for a put block list operation
+type PutBlockListOptions struct {
+	Timeout           uint
+	LeaseID           string     `header:"x-ms-lease-id"`
+	IfModifiedSince   *time.Time `header:"If-Modified-Since"`
+	IfUnmodifiedSince *time.Time `header:"If-Unmodified-Since"`
+	IfMatch           string     `header:"If-Match"`
+	IfNoneMatch       string     `header:"If-None-Match"`
+	RequestID         string     `header:"x-ms-client-request-id"`
+}
+
+// PutBlockList saves list of blocks to the specified block blob.
+//
+// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/Put-Block-List
+func (b *Blob) PutBlockList(blocks []Block, options *PutBlockListOptions) error {
+	params := url.Values{"comp": {"blocklist"}}
+	blockListXML := prepareBlockListRequest(blocks)
+	headers := b.Container.bsc.client.getStandardHeaders()
+	headers["Content-Length"] = fmt.Sprintf("%v", len(blockListXML))
+	headers = mergeHeaders(headers, headersFromStruct(b.Properties))
+	headers = b.Container.bsc.client.addMetadataToHeaders(headers, b.Metadata)
+
+	if options != nil {
+		params = addTimeout(params, options.Timeout)
+		headers = mergeHeaders(headers, headersFromStruct(*options))
+	}
+	uri := b.Container.bsc.client.getEndpoint(blobServiceName, b.buildPath(), params)
+
+	resp, err := b.Container.bsc.client.exec(http.MethodPut, uri, headers, strings.NewReader(blockListXML), b.Container.bsc.auth)
+	if err != nil {
+		return err
+	}
+	defer drainRespBody(resp)
+	return checkRespCode(resp, []int{http.StatusCreated})
+}
+
+// GetBlockListOptions includes the options for a get block list operation
+type GetBlockListOptions struct {
+	Timeout   uint
+	Snapshot  *time.Time
+	LeaseID   string `header:"x-ms-lease-id"`
+	RequestID string `header:"x-ms-client-request-id"`
+}
+
+// GetBlockList retrieves list of blocks in the specified block blob.
+//
+// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/Get-Block-List
+func (b *Blob) GetBlockList(blockType BlockListType, options *GetBlockListOptions) (BlockListResponse, error) {
+	params := url.Values{
+		"comp":          {"blocklist"},
+		"blocklisttype": {string(blockType)},
+	}
+	headers := b.Container.bsc.client.getStandardHeaders()
+
+	if options != nil {
+		params = addTimeout(params, options.Timeout)
+		params = addSnapshot(params, options.Snapshot)
+		headers = mergeHeaders(headers, headersFromStruct(*options))
+	}
+	uri := b.Container.bsc.client.getEndpoint(blobServiceName, b.buildPath(), params)
+
+	var out BlockListResponse
+	resp, err := b.Container.bsc.client.exec(http.MethodGet, uri, headers, nil, b.Container.bsc.auth)
+	if err != nil {
+		return out, err
+	}
+	defer resp.Body.Close()
+
+	err = xmlUnmarshal(resp.Body, &out)
+	return out, err
+}
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/storage/client.go b/vendor/github.com/Azure/azure-sdk-for-go/storage/client.go
new file mode 100644
index 000000000..ce6e5a80d
--- /dev/null
+++ b/vendor/github.com/Azure/azure-sdk-for-go/storage/client.go
@@ -0,0 +1,1061 @@
+// Package storage provides clients for Microsoft Azure Storage Services.
+package storage
+
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License. See License.txt in the project root for license information.
+
+import (
+	"bufio"
+	"encoding/base64"
+	"encoding/json"
+	"encoding/xml"
+	"errors"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"mime"
+	"mime/multipart"
+	"net/http"
+	"net/url"
+	"regexp"
+	"runtime"
+	"strconv"
+	"strings"
+	"time"
+
+	"github.com/Azure/azure-sdk-for-go/version"
+	"github.com/Azure/go-autorest/autorest"
+	"github.com/Azure/go-autorest/autorest/azure"
+)
+
+const (
+	// DefaultBaseURL is the domain name used for storage requests in the
+	// public cloud when a default client is created.
+	DefaultBaseURL = "core.windows.net"
+
+	// DefaultAPIVersion is the Azure Storage API version string used when a
+	// basic client is created.
+	DefaultAPIVersion = "2018-03-28"
+
+	defaultUseHTTPS      = true
+	defaultRetryAttempts = 5
+	defaultRetryDuration = time.Second * 5
+
+	// StorageEmulatorAccountName is the fixed storage account used by Azure Storage Emulator
+	StorageEmulatorAccountName = "devstoreaccount1"
+
+	// StorageEmulatorAccountKey is the the fixed storage account used by Azure Storage Emulator
+	StorageEmulatorAccountKey = "Eby8vdM02xNOcqFlqUwJPLlmEtlCDXJ1OUzFT50uSRZ6IFsuFq2UVErCz4I6tq/K1SZFPTOtr/KBHBeksoGMGw=="
+
+	blobServiceName  = "blob"
+	tableServiceName = "table"
+	queueServiceName = "queue"
+	fileServiceName  = "file"
+
+	storageEmulatorBlob  = "127.0.0.1:10000"
+	storageEmulatorTable = "127.0.0.1:10002"
+	storageEmulatorQueue = "127.0.0.1:10001"
+
+	userAgentHeader = "User-Agent"
+
+	userDefinedMetadataHeaderPrefix = "x-ms-meta-"
+
+	connectionStringAccountName      = "accountname"
+	connectionStringAccountKey       = "accountkey"
+	connectionStringEndpointSuffix   = "endpointsuffix"
+	connectionStringEndpointProtocol = "defaultendpointsprotocol"
+
+	connectionStringBlobEndpoint  = "blobendpoint"
+	connectionStringFileEndpoint  = "fileendpoint"
+	connectionStringQueueEndpoint = "queueendpoint"
+	connectionStringTableEndpoint = "tableendpoint"
+	connectionStringSAS           = "sharedaccesssignature"
+)
+
+var (
+	validStorageAccount     = regexp.MustCompile("^[0-9a-z]{3,24}$")
+	validCosmosAccount      = regexp.MustCompile("^[0-9a-z-]{3,44}$")
+	defaultValidStatusCodes = []int{
+		http.StatusRequestTimeout,      // 408
+		http.StatusInternalServerError, // 500
+		http.StatusBadGateway,          // 502
+		http.StatusServiceUnavailable,  // 503
+		http.StatusGatewayTimeout,      // 504
+	}
+)
+
+// Sender sends a request
+type Sender interface {
+	Send(*Client, *http.Request) (*http.Response, error)
+}
+
+// DefaultSender is the default sender for the client. It implements
+// an automatic retry strategy.
+type DefaultSender struct {
+	RetryAttempts    int
+	RetryDuration    time.Duration
+	ValidStatusCodes []int
+	attempts         int // used for testing
+}
+
+// Send is the default retry strategy in the client
+func (ds *DefaultSender) Send(c *Client, req *http.Request) (resp *http.Response, err error) {
+	rr := autorest.NewRetriableRequest(req)
+	for attempts := 0; attempts < ds.RetryAttempts; attempts++ {
+		err = rr.Prepare()
+		if err != nil {
+			return resp, err
+		}
+		resp, err = c.HTTPClient.Do(rr.Request())
+		if err == nil && !autorest.ResponseHasStatusCode(resp, ds.ValidStatusCodes...) {
+			return resp, err
+		}
+		drainRespBody(resp)
+		autorest.DelayForBackoff(ds.RetryDuration, attempts, req.Cancel)
+		ds.attempts = attempts
+	}
+	ds.attempts++
+	return resp, err
+}
+
+// Client is the object that needs to be constructed to perform
+// operations on the storage account.
+type Client struct {
+	// HTTPClient is the http.Client used to initiate API
+	// requests. http.DefaultClient is used when creating a
+	// client.
+	HTTPClient *http.Client
+
+	// Sender is an interface that sends the request. Clients are
+	// created with a DefaultSender. The DefaultSender has an
+	// automatic retry strategy built in. The Sender can be customized.
+	Sender Sender
+
+	accountName       string
+	accountKey        []byte
+	useHTTPS          bool
+	UseSharedKeyLite  bool
+	baseURL           string
+	apiVersion        string
+	userAgent         string
+	sasClient         bool
+	accountSASToken   url.Values
+	additionalHeaders map[string]string
+}
+
+type odataResponse struct {
+	resp  *http.Response
+	odata odataErrorWrapper
+}
+
+// AzureStorageServiceError contains fields of the error response from
+// Azure Storage Service REST API. See https://msdn.microsoft.com/en-us/library/azure/dd179382.aspx
+// Some fields might be specific to certain calls.
+type AzureStorageServiceError struct {
+	Code                      string `xml:"Code"`
+	Message                   string `xml:"Message"`
+	AuthenticationErrorDetail string `xml:"AuthenticationErrorDetail"`
+	QueryParameterName        string `xml:"QueryParameterName"`
+	QueryParameterValue       string `xml:"QueryParameterValue"`
+	Reason                    string `xml:"Reason"`
+	Lang                      string
+	StatusCode                int
+	RequestID                 string
+	Date                      string
+	APIVersion                string
+}
+
+// AzureTablesServiceError contains fields of the error response from
+// Azure Table Storage Service REST API in Atom format.
+// See https://msdn.microsoft.com/en-us/library/azure/dd179382.aspx
+type AzureTablesServiceError struct {
+	Code       string `xml:"code"`
+	Message    string `xml:"message"`
+	StatusCode int
+	RequestID  string
+	Date       string
+	APIVersion string
+}
+
+func (e AzureTablesServiceError) Error() string {
+	return fmt.Sprintf("storage: service returned error: StatusCode=%d, ErrorCode=%s, ErrorMessage=%s, RequestInitiated=%s, RequestId=%s, API Version=%s",
+		e.StatusCode, e.Code, e.Message, e.Date, e.RequestID, e.APIVersion)
+}
+
+type odataErrorMessage struct {
+	Lang  string `json:"lang"`
+	Value string `json:"value"`
+}
+
+type odataError struct {
+	Code    string            `json:"code"`
+	Message odataErrorMessage `json:"message"`
+}
+
+type odataErrorWrapper struct {
+	Err odataError `json:"odata.error"`
+}
+
+// UnexpectedStatusCodeError is returned when a storage service responds with neither an error
+// nor with an HTTP status code indicating success.
+type UnexpectedStatusCodeError struct {
+	allowed []int
+	got     int
+	inner   error
+}
+
+func (e UnexpectedStatusCodeError) Error() string {
+	s := func(i int) string { return fmt.Sprintf("%d %s", i, http.StatusText(i)) }
+
+	got := s(e.got)
+	expected := []string{}
+	for _, v := range e.allowed {
+		expected = append(expected, s(v))
+	}
+	return fmt.Sprintf("storage: status code from service response is %s; was expecting %s.  Inner error: %+v", got, strings.Join(expected, " or "), e.inner)
+}
+
+// Got is the actual status code returned by Azure.
+func (e UnexpectedStatusCodeError) Got() int {
+	return e.got
+}
+
+// Inner returns any inner error info.
+func (e UnexpectedStatusCodeError) Inner() error {
+	return e.inner
+}
+
+// NewClientFromConnectionString creates a Client from the connection string.
+func NewClientFromConnectionString(input string) (Client, error) {
+	// build a map of connection string key/value pairs
+	parts := map[string]string{}
+	for _, pair := range strings.Split(input, ";") {
+		if pair == "" {
+			continue
+		}
+
+		equalDex := strings.IndexByte(pair, '=')
+		if equalDex <= 0 {
+			return Client{}, fmt.Errorf("Invalid connection segment %q", pair)
+		}
+
+		value := strings.TrimSpace(pair[equalDex+1:])
+		key := strings.TrimSpace(strings.ToLower(pair[:equalDex]))
+		parts[key] = value
+	}
+
+	// TODO: validate parameter sets?
+
+	if parts[connectionStringAccountName] == StorageEmulatorAccountName {
+		return NewEmulatorClient()
+	}
+
+	if parts[connectionStringSAS] != "" {
+		endpoint := ""
+		if parts[connectionStringBlobEndpoint] != "" {
+			endpoint = parts[connectionStringBlobEndpoint]
+		} else if parts[connectionStringFileEndpoint] != "" {
+			endpoint = parts[connectionStringFileEndpoint]
+		} else if parts[connectionStringQueueEndpoint] != "" {
+			endpoint = parts[connectionStringQueueEndpoint]
+		} else {
+			endpoint = parts[connectionStringTableEndpoint]
+		}
+
+		return NewAccountSASClientFromEndpointToken(endpoint, parts[connectionStringSAS])
+	}
+
+	useHTTPS := defaultUseHTTPS
+	if parts[connectionStringEndpointProtocol] != "" {
+		useHTTPS = parts[connectionStringEndpointProtocol] == "https"
+	}
+
+	return NewClient(parts[connectionStringAccountName], parts[connectionStringAccountKey],
+		parts[connectionStringEndpointSuffix], DefaultAPIVersion, useHTTPS)
+}
+
+// NewBasicClient constructs a Client with given storage service name and
+// key.
+func NewBasicClient(accountName, accountKey string) (Client, error) {
+	if accountName == StorageEmulatorAccountName {
+		return NewEmulatorClient()
+	}
+	return NewClient(accountName, accountKey, DefaultBaseURL, DefaultAPIVersion, defaultUseHTTPS)
+}
+
+// NewBasicClientOnSovereignCloud constructs a Client with given storage service name and
+// key in the referenced cloud.
+func NewBasicClientOnSovereignCloud(accountName, accountKey string, env azure.Environment) (Client, error) {
+	if accountName == StorageEmulatorAccountName {
+		return NewEmulatorClient()
+	}
+	return NewClient(accountName, accountKey, env.StorageEndpointSuffix, DefaultAPIVersion, defaultUseHTTPS)
+}
+
+//NewEmulatorClient contructs a Client intended to only work with Azure
+//Storage Emulator
+func NewEmulatorClient() (Client, error) {
+	return NewClient(StorageEmulatorAccountName, StorageEmulatorAccountKey, DefaultBaseURL, DefaultAPIVersion, false)
+}
+
+// NewClient constructs a Client. This should be used if the caller wants
+// to specify whether to use HTTPS, a specific REST API version or a custom
+// storage endpoint than Azure Public Cloud.
+func NewClient(accountName, accountKey, serviceBaseURL, apiVersion string, useHTTPS bool) (Client, error) {
+	var c Client
+	if !IsValidStorageAccount(accountName) {
+		return c, fmt.Errorf("azure: account name is not valid: it must be between 3 and 24 characters, and only may contain numbers and lowercase letters: %v", accountName)
+	} else if accountKey == "" {
+		return c, fmt.Errorf("azure: account key required")
+	} else if serviceBaseURL == "" {
+		return c, fmt.Errorf("azure: base storage service url required")
+	}
+
+	key, err := base64.StdEncoding.DecodeString(accountKey)
+	if err != nil {
+		return c, fmt.Errorf("azure: malformed storage account key: %v", err)
+	}
+
+	return newClient(accountName, key, serviceBaseURL, apiVersion, useHTTPS)
+}
+
+// NewCosmosClient constructs a Client for Azure CosmosDB. This should be used if the caller wants
+// to specify whether to use HTTPS, a specific REST API version or a custom
+// cosmos endpoint than Azure Public Cloud.
+func NewCosmosClient(accountName, accountKey, serviceBaseURL, apiVersion string, useHTTPS bool) (Client, error) {
+	var c Client
+	if !IsValidCosmosAccount(accountName) {
+		return c, fmt.Errorf("azure: account name is not valid: The name can contain only lowercase letters, numbers and the '-' character, and must be between 3 and 44 characters: %v", accountName)
+	} else if accountKey == "" {
+		return c, fmt.Errorf("azure: account key required")
+	} else if serviceBaseURL == "" {
+		return c, fmt.Errorf("azure: base storage service url required")
+	}
+
+	key, err := base64.StdEncoding.DecodeString(accountKey)
+	if err != nil {
+		return c, fmt.Errorf("azure: malformed cosmos account key: %v", err)
+	}
+
+	return newClient(accountName, key, serviceBaseURL, apiVersion, useHTTPS)
+}
+
+// newClient constructs a Client with given parameters.
+func newClient(accountName string, accountKey []byte, serviceBaseURL, apiVersion string, useHTTPS bool) (Client, error) {
+	c := Client{
+		HTTPClient:       http.DefaultClient,
+		accountName:      accountName,
+		accountKey:       accountKey,
+		useHTTPS:         useHTTPS,
+		baseURL:          serviceBaseURL,
+		apiVersion:       apiVersion,
+		sasClient:        false,
+		UseSharedKeyLite: false,
+		Sender: &DefaultSender{
+			RetryAttempts:    defaultRetryAttempts,
+			ValidStatusCodes: defaultValidStatusCodes,
+			RetryDuration:    defaultRetryDuration,
+		},
+	}
+	c.userAgent = c.getDefaultUserAgent()
+	return c, nil
+}
+
+// IsValidStorageAccount checks if the storage account name is valid.
+// See https://docs.microsoft.com/en-us/azure/storage/storage-create-storage-account
+func IsValidStorageAccount(account string) bool {
+	return validStorageAccount.MatchString(account)
+}
+
+// IsValidCosmosAccount checks if the Cosmos account name is valid.
+// See https://docs.microsoft.com/en-us/azure/cosmos-db/how-to-manage-database-account
+func IsValidCosmosAccount(account string) bool {
+	return validCosmosAccount.MatchString(account)
+}
+
+// NewAccountSASClient contructs a client that uses accountSAS authorization
+// for its operations.
+func NewAccountSASClient(account string, token url.Values, env azure.Environment) Client {
+	return newSASClient(account, env.StorageEndpointSuffix, token)
+}
+
+// NewAccountSASClientFromEndpointToken constructs a client that uses accountSAS authorization
+// for its operations using the specified endpoint and SAS token.
+func NewAccountSASClientFromEndpointToken(endpoint string, sasToken string) (Client, error) {
+	u, err := url.Parse(endpoint)
+	if err != nil {
+		return Client{}, err
+	}
+	_, err = url.ParseQuery(sasToken)
+	if err != nil {
+		return Client{}, err
+	}
+	u.RawQuery = sasToken
+	return newSASClientFromURL(u)
+}
+
+func newSASClient(accountName, baseURL string, sasToken url.Values) Client {
+	c := Client{
+		HTTPClient: http.DefaultClient,
+		apiVersion: DefaultAPIVersion,
+		sasClient:  true,
+		Sender: &DefaultSender{
+			RetryAttempts:    defaultRetryAttempts,
+			ValidStatusCodes: defaultValidStatusCodes,
+			RetryDuration:    defaultRetryDuration,
+		},
+		accountName:     accountName,
+		baseURL:         baseURL,
+		accountSASToken: sasToken,
+		useHTTPS:        defaultUseHTTPS,
+	}
+	c.userAgent = c.getDefaultUserAgent()
+	// Get API version and protocol from token
+	c.apiVersion = sasToken.Get("sv")
+	if spr := sasToken.Get("spr"); spr != "" {
+		c.useHTTPS = spr == "https"
+	}
+	return c
+}
+
+func newSASClientFromURL(u *url.URL) (Client, error) {
+	// the host name will look something like this
+	// - foo.blob.core.windows.net
+	// "foo" is the account name
+	// "core.windows.net" is the baseURL
+
+	// find the first dot to get account name
+	i1 := strings.IndexByte(u.Host, '.')
+	if i1 < 0 {
+		return Client{}, fmt.Errorf("failed to find '.' in %s", u.Host)
+	}
+
+	// now find the second dot to get the base URL
+	i2 := strings.IndexByte(u.Host[i1+1:], '.')
+	if i2 < 0 {
+		return Client{}, fmt.Errorf("failed to find '.' in %s", u.Host[i1+1:])
+	}
+
+	sasToken := u.Query()
+	c := newSASClient(u.Host[:i1], u.Host[i1+i2+2:], sasToken)
+	if spr := sasToken.Get("spr"); spr == "" {
+		// infer from URL if not in the query params set
+		c.useHTTPS = u.Scheme == "https"
+	}
+	return c, nil
+}
+
+func (c Client) isServiceSASClient() bool {
+	return c.sasClient && c.accountSASToken == nil
+}
+
+func (c Client) isAccountSASClient() bool {
+	return c.sasClient && c.accountSASToken != nil
+}
+
+func (c Client) getDefaultUserAgent() string {
+	return fmt.Sprintf("Go/%s (%s-%s) azure-storage-go/%s api-version/%s",
+		runtime.Version(),
+		runtime.GOARCH,
+		runtime.GOOS,
+		version.Number,
+		c.apiVersion,
+	)
+}
+
+// AddToUserAgent adds an extension to the current user agent
+func (c *Client) AddToUserAgent(extension string) error {
+	if extension != "" {
+		c.userAgent = fmt.Sprintf("%s %s", c.userAgent, extension)
+		return nil
+	}
+	return fmt.Errorf("Extension was empty, User Agent stayed as %s", c.userAgent)
+}
+
+// AddAdditionalHeaders adds additional standard headers
+func (c *Client) AddAdditionalHeaders(headers map[string]string) {
+	if headers != nil {
+		c.additionalHeaders = map[string]string{}
+		for k, v := range headers {
+			c.additionalHeaders[k] = v
+		}
+	}
+}
+
+// protectUserAgent is used in funcs that include extraheaders as a parameter.
+// It prevents the User-Agent header to be overwritten, instead if it happens to
+// be present, it gets added to the current User-Agent. Use it before getStandardHeaders
+func (c *Client) protectUserAgent(extraheaders map[string]string) map[string]string {
+	if v, ok := extraheaders[userAgentHeader]; ok {
+		c.AddToUserAgent(v)
+		delete(extraheaders, userAgentHeader)
+	}
+	return extraheaders
+}
+
+func (c Client) getBaseURL(service string) *url.URL {
+	scheme := "http"
+	if c.useHTTPS {
+		scheme = "https"
+	}
+	host := ""
+	if c.accountName == StorageEmulatorAccountName {
+		switch service {
+		case blobServiceName:
+			host = storageEmulatorBlob
+		case tableServiceName:
+			host = storageEmulatorTable
+		case queueServiceName:
+			host = storageEmulatorQueue
+		}
+	} else {
+		host = fmt.Sprintf("%s.%s.%s", c.accountName, service, c.baseURL)
+	}
+
+	return &url.URL{
+		Scheme: scheme,
+		Host:   host,
+	}
+}
+
+func (c Client) getEndpoint(service, path string, params url.Values) string {
+	u := c.getBaseURL(service)
+
+	// API doesn't accept path segments not starting with '/'
+	if !strings.HasPrefix(path, "/") {
+		path = fmt.Sprintf("/%v", path)
+	}
+
+	if c.accountName == StorageEmulatorAccountName {
+		path = fmt.Sprintf("/%v%v", StorageEmulatorAccountName, path)
+	}
+
+	u.Path = path
+	u.RawQuery = params.Encode()
+	return u.String()
+}
+
+// AccountSASTokenOptions includes options for constructing
+// an account SAS token.
+// https://docs.microsoft.com/en-us/rest/api/storageservices/constructing-an-account-sas
+type AccountSASTokenOptions struct {
+	APIVersion    string
+	Services      Services
+	ResourceTypes ResourceTypes
+	Permissions   Permissions
+	Start         time.Time
+	Expiry        time.Time
+	IP            string
+	UseHTTPS      bool
+}
+
+// Services specify services accessible with an account SAS.
+type Services struct {
+	Blob  bool
+	Queue bool
+	Table bool
+	File  bool
+}
+
+// ResourceTypes specify the resources accesible with an
+// account SAS.
+type ResourceTypes struct {
+	Service   bool
+	Container bool
+	Object    bool
+}
+
+// Permissions specifies permissions for an accountSAS.
+type Permissions struct {
+	Read    bool
+	Write   bool
+	Delete  bool
+	List    bool
+	Add     bool
+	Create  bool
+	Update  bool
+	Process bool
+}
+
+// GetAccountSASToken creates an account SAS token
+// See https://docs.microsoft.com/en-us/rest/api/storageservices/constructing-an-account-sas
+func (c Client) GetAccountSASToken(options AccountSASTokenOptions) (url.Values, error) {
+	if options.APIVersion == "" {
+		options.APIVersion = c.apiVersion
+	}
+
+	if options.APIVersion < "2015-04-05" {
+		return url.Values{}, fmt.Errorf("account SAS does not support API versions prior to 2015-04-05. API version : %s", options.APIVersion)
+	}
+
+	// build services string
+	services := ""
+	if options.Services.Blob {
+		services += "b"
+	}
+	if options.Services.Queue {
+		services += "q"
+	}
+	if options.Services.Table {
+		services += "t"
+	}
+	if options.Services.File {
+		services += "f"
+	}
+
+	// build resources string
+	resources := ""
+	if options.ResourceTypes.Service {
+		resources += "s"
+	}
+	if options.ResourceTypes.Container {
+		resources += "c"
+	}
+	if options.ResourceTypes.Object {
+		resources += "o"
+	}
+
+	// build permissions string
+	permissions := ""
+	if options.Permissions.Read {
+		permissions += "r"
+	}
+	if options.Permissions.Write {
+		permissions += "w"
+	}
+	if options.Permissions.Delete {
+		permissions += "d"
+	}
+	if options.Permissions.List {
+		permissions += "l"
+	}
+	if options.Permissions.Add {
+		permissions += "a"
+	}
+	if options.Permissions.Create {
+		permissions += "c"
+	}
+	if options.Permissions.Update {
+		permissions += "u"
+	}
+	if options.Permissions.Process {
+		permissions += "p"
+	}
+
+	// build start time, if exists
+	start := ""
+	if options.Start != (time.Time{}) {
+		start = options.Start.UTC().Format(time.RFC3339)
+	}
+
+	// build expiry time
+	expiry := options.Expiry.UTC().Format(time.RFC3339)
+
+	protocol := "https,http"
+	if options.UseHTTPS {
+		protocol = "https"
+	}
+
+	stringToSign := strings.Join([]string{
+		c.accountName,
+		permissions,
+		services,
+		resources,
+		start,
+		expiry,
+		options.IP,
+		protocol,
+		options.APIVersion,
+		"",
+	}, "\n")
+	signature := c.computeHmac256(stringToSign)
+
+	sasParams := url.Values{
+		"sv":  {options.APIVersion},
+		"ss":  {services},
+		"srt": {resources},
+		"sp":  {permissions},
+		"se":  {expiry},
+		"spr": {protocol},
+		"sig": {signature},
+	}
+	if start != "" {
+		sasParams.Add("st", start)
+	}
+	if options.IP != "" {
+		sasParams.Add("sip", options.IP)
+	}
+
+	return sasParams, nil
+}
+
+// GetBlobService returns a BlobStorageClient which can operate on the blob
+// service of the storage account.
+func (c Client) GetBlobService() BlobStorageClient {
+	b := BlobStorageClient{
+		client: c,
+	}
+	b.client.AddToUserAgent(blobServiceName)
+	b.auth = sharedKey
+	if c.UseSharedKeyLite {
+		b.auth = sharedKeyLite
+	}
+	return b
+}
+
+// GetQueueService returns a QueueServiceClient which can operate on the queue
+// service of the storage account.
+func (c Client) GetQueueService() QueueServiceClient {
+	q := QueueServiceClient{
+		client: c,
+	}
+	q.client.AddToUserAgent(queueServiceName)
+	q.auth = sharedKey
+	if c.UseSharedKeyLite {
+		q.auth = sharedKeyLite
+	}
+	return q
+}
+
+// GetTableService returns a TableServiceClient which can operate on the table
+// service of the storage account.
+func (c Client) GetTableService() TableServiceClient {
+	t := TableServiceClient{
+		client: c,
+	}
+	t.client.AddToUserAgent(tableServiceName)
+	t.auth = sharedKeyForTable
+	if c.UseSharedKeyLite {
+		t.auth = sharedKeyLiteForTable
+	}
+	return t
+}
+
+// GetFileService returns a FileServiceClient which can operate on the file
+// service of the storage account.
+func (c Client) GetFileService() FileServiceClient {
+	f := FileServiceClient{
+		client: c,
+	}
+	f.client.AddToUserAgent(fileServiceName)
+	f.auth = sharedKey
+	if c.UseSharedKeyLite {
+		f.auth = sharedKeyLite
+	}
+	return f
+}
+
+func (c Client) getStandardHeaders() map[string]string {
+	headers := map[string]string{}
+	for k, v := range c.additionalHeaders {
+		headers[k] = v
+	}
+
+	headers[userAgentHeader] = c.userAgent
+	headers["x-ms-version"] = c.apiVersion
+	headers["x-ms-date"] = currentTimeRfc1123Formatted()
+
+	return headers
+}
+
+func (c Client) exec(verb, url string, headers map[string]string, body io.Reader, auth authentication) (*http.Response, error) {
+	headers, err := c.addAuthorizationHeader(verb, url, headers, auth)
+	if err != nil {
+		return nil, err
+	}
+
+	req, err := http.NewRequest(verb, url, body)
+	if err != nil {
+		return nil, errors.New("azure/storage: error creating request: " + err.Error())
+	}
+
+	// http.NewRequest() will automatically set req.ContentLength for a handful of types
+	// otherwise we will handle here.
+	if req.ContentLength < 1 {
+		if clstr, ok := headers["Content-Length"]; ok {
+			if cl, err := strconv.ParseInt(clstr, 10, 64); err == nil {
+				req.ContentLength = cl
+			}
+		}
+	}
+
+	for k, v := range headers {
+		req.Header[k] = append(req.Header[k], v) // Must bypass case munging present in `Add` by using map functions directly. See https://github.com/Azure/azure-sdk-for-go/issues/645
+	}
+
+	if c.isAccountSASClient() {
+		// append the SAS token to the query params
+		v := req.URL.Query()
+		v = mergeParams(v, c.accountSASToken)
+		req.URL.RawQuery = v.Encode()
+	}
+
+	resp, err := c.Sender.Send(&c, req)
+	if err != nil {
+		return nil, err
+	}
+
+	if resp.StatusCode >= 400 && resp.StatusCode <= 505 {
+		return resp, getErrorFromResponse(resp)
+	}
+
+	return resp, nil
+}
+
+func (c Client) execInternalJSONCommon(verb, url string, headers map[string]string, body io.Reader, auth authentication) (*odataResponse, *http.Request, *http.Response, error) {
+	headers, err := c.addAuthorizationHeader(verb, url, headers, auth)
+	if err != nil {
+		return nil, nil, nil, err
+	}
+
+	req, err := http.NewRequest(verb, url, body)
+	for k, v := range headers {
+		req.Header.Add(k, v)
+	}
+
+	resp, err := c.Sender.Send(&c, req)
+	if err != nil {
+		return nil, nil, nil, err
+	}
+
+	respToRet := &odataResponse{resp: resp}
+
+	statusCode := resp.StatusCode
+	if statusCode >= 400 && statusCode <= 505 {
+		var respBody []byte
+		respBody, err = readAndCloseBody(resp.Body)
+		if err != nil {
+			return nil, nil, nil, err
+		}
+
+		requestID, date, version := getDebugHeaders(resp.Header)
+		if len(respBody) == 0 {
+			// no error in response body, might happen in HEAD requests
+			err = serviceErrFromStatusCode(resp.StatusCode, resp.Status, requestID, date, version)
+			return respToRet, req, resp, err
+		}
+		// response contains storage service error object, unmarshal
+		if resp.Header.Get("Content-Type") == "application/xml" {
+			storageErr := AzureTablesServiceError{
+				StatusCode: resp.StatusCode,
+				RequestID:  requestID,
+				Date:       date,
+				APIVersion: version,
+			}
+			if err := xml.Unmarshal(respBody, &storageErr); err != nil {
+				storageErr.Message = fmt.Sprintf("Response body could no be unmarshaled: %v. Body: %v.", err, string(respBody))
+			}
+			err = storageErr
+		} else {
+			err = json.Unmarshal(respBody, &respToRet.odata)
+		}
+	}
+
+	return respToRet, req, resp, err
+}
+
+func (c Client) execInternalJSON(verb, url string, headers map[string]string, body io.Reader, auth authentication) (*odataResponse, error) {
+	respToRet, _, _, err := c.execInternalJSONCommon(verb, url, headers, body, auth)
+	return respToRet, err
+}
+
+func (c Client) execBatchOperationJSON(verb, url string, headers map[string]string, body io.Reader, auth authentication) (*odataResponse, error) {
+	// execute common query, get back generated request, response etc... for more processing.
+	respToRet, req, resp, err := c.execInternalJSONCommon(verb, url, headers, body, auth)
+	if err != nil {
+		return nil, err
+	}
+
+	// return the OData in the case of executing batch commands.
+	// In this case we need to read the outer batch boundary and contents.
+	// Then we read the changeset information within the batch
+	var respBody []byte
+	respBody, err = readAndCloseBody(resp.Body)
+	if err != nil {
+		return nil, err
+	}
+
+	// outer multipart body
+	_, batchHeader, err := mime.ParseMediaType(resp.Header["Content-Type"][0])
+	if err != nil {
+		return nil, err
+	}
+
+	// batch details.
+	batchBoundary := batchHeader["boundary"]
+	batchPartBuf, changesetBoundary, err := genBatchReader(batchBoundary, respBody)
+	if err != nil {
+		return nil, err
+	}
+
+	// changeset details.
+	err = genChangesetReader(req, respToRet, batchPartBuf, changesetBoundary)
+	if err != nil {
+		return nil, err
+	}
+
+	return respToRet, nil
+}
+
+func genChangesetReader(req *http.Request, respToRet *odataResponse, batchPartBuf io.Reader, changesetBoundary string) error {
+	changesetMultiReader := multipart.NewReader(batchPartBuf, changesetBoundary)
+	changesetPart, err := changesetMultiReader.NextPart()
+	if err != nil {
+		return err
+	}
+
+	changesetPartBufioReader := bufio.NewReader(changesetPart)
+	changesetResp, err := http.ReadResponse(changesetPartBufioReader, req)
+	if err != nil {
+		return err
+	}
+
+	if changesetResp.StatusCode != http.StatusNoContent {
+		changesetBody, err := readAndCloseBody(changesetResp.Body)
+		err = json.Unmarshal(changesetBody, &respToRet.odata)
+		if err != nil {
+			return err
+		}
+		respToRet.resp = changesetResp
+	}
+
+	return nil
+}
+
+func genBatchReader(batchBoundary string, respBody []byte) (io.Reader, string, error) {
+	respBodyString := string(respBody)
+	respBodyReader := strings.NewReader(respBodyString)
+
+	// reading batchresponse
+	batchMultiReader := multipart.NewReader(respBodyReader, batchBoundary)
+	batchPart, err := batchMultiReader.NextPart()
+	if err != nil {
+		return nil, "", err
+	}
+	batchPartBufioReader := bufio.NewReader(batchPart)
+
+	_, changesetHeader, err := mime.ParseMediaType(batchPart.Header.Get("Content-Type"))
+	if err != nil {
+		return nil, "", err
+	}
+	changesetBoundary := changesetHeader["boundary"]
+	return batchPartBufioReader, changesetBoundary, nil
+}
+
+func readAndCloseBody(body io.ReadCloser) ([]byte, error) {
+	defer body.Close()
+	out, err := ioutil.ReadAll(body)
+	if err == io.EOF {
+		err = nil
+	}
+	return out, err
+}
+
+// reads the response body then closes it
+func drainRespBody(resp *http.Response) {
+	if resp != nil {
+		io.Copy(ioutil.Discard, resp.Body)
+		resp.Body.Close()
+	}
+}
+
+func serviceErrFromXML(body []byte, storageErr *AzureStorageServiceError) error {
+	if err := xml.Unmarshal(body, storageErr); err != nil {
+		storageErr.Message = fmt.Sprintf("Response body could no be unmarshaled: %v. Body: %v.", err, string(body))
+		return err
+	}
+	return nil
+}
+
+func serviceErrFromJSON(body []byte, storageErr *AzureStorageServiceError) error {
+	odataError := odataErrorWrapper{}
+	if err := json.Unmarshal(body, &odataError); err != nil {
+		storageErr.Message = fmt.Sprintf("Response body could no be unmarshaled: %v. Body: %v.", err, string(body))
+		return err
+	}
+	storageErr.Code = odataError.Err.Code
+	storageErr.Message = odataError.Err.Message.Value
+	storageErr.Lang = odataError.Err.Message.Lang
+	return nil
+}
+
+func serviceErrFromStatusCode(code int, status string, requestID, date, version string) AzureStorageServiceError {
+	return AzureStorageServiceError{
+		StatusCode: code,
+		Code:       status,
+		RequestID:  requestID,
+		Date:       date,
+		APIVersion: version,
+		Message:    "no response body was available for error status code",
+	}
+}
+
+func (e AzureStorageServiceError) Error() string {
+	return fmt.Sprintf("storage: service returned error: StatusCode=%d, ErrorCode=%s, ErrorMessage=%s, RequestInitiated=%s, RequestId=%s, API Version=%s, QueryParameterName=%s, QueryParameterValue=%s",
+		e.StatusCode, e.Code, e.Message, e.Date, e.RequestID, e.APIVersion, e.QueryParameterName, e.QueryParameterValue)
+}
+
+// checkRespCode returns UnexpectedStatusError if the given response code is not
+// one of the allowed status codes; otherwise nil.
+func checkRespCode(resp *http.Response, allowed []int) error {
+	for _, v := range allowed {
+		if resp.StatusCode == v {
+			return nil
+		}
+	}
+	err := getErrorFromResponse(resp)
+	return UnexpectedStatusCodeError{
+		allowed: allowed,
+		got:     resp.StatusCode,
+		inner:   err,
+	}
+}
+
+func (c Client) addMetadataToHeaders(h map[string]string, metadata map[string]string) map[string]string {
+	metadata = c.protectUserAgent(metadata)
+	for k, v := range metadata {
+		h[userDefinedMetadataHeaderPrefix+k] = v
+	}
+	return h
+}
+
+func getDebugHeaders(h http.Header) (requestID, date, version string) {
+	requestID = h.Get("x-ms-request-id")
+	version = h.Get("x-ms-version")
+	date = h.Get("Date")
+	return
+}
+
+func getErrorFromResponse(resp *http.Response) error {
+	respBody, err := readAndCloseBody(resp.Body)
+	if err != nil {
+		return err
+	}
+
+	requestID, date, version := getDebugHeaders(resp.Header)
+	if len(respBody) == 0 {
+		// no error in response body, might happen in HEAD requests
+		err = serviceErrFromStatusCode(resp.StatusCode, resp.Status, requestID, date, version)
+	} else {
+		storageErr := AzureStorageServiceError{
+			StatusCode: resp.StatusCode,
+			RequestID:  requestID,
+			Date:       date,
+			APIVersion: version,
+		}
+		// response contains storage service error object, unmarshal
+		if resp.Header.Get("Content-Type") == "application/xml" {
+			errIn := serviceErrFromXML(respBody, &storageErr)
+			if err != nil { // error unmarshaling the error response
+				err = errIn
+			}
+		} else {
+			errIn := serviceErrFromJSON(respBody, &storageErr)
+			if err != nil { // error unmarshaling the error response
+				err = errIn
+			}
+		}
+		err = storageErr
+	}
+	return err
+}
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/storage/commonsasuri.go b/vendor/github.com/Azure/azure-sdk-for-go/storage/commonsasuri.go
new file mode 100644
index 000000000..a203fce8d
--- /dev/null
+++ b/vendor/github.com/Azure/azure-sdk-for-go/storage/commonsasuri.go
@@ -0,0 +1,27 @@
+package storage
+
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License. See License.txt in the project root for license information.
+
+import (
+	"net/url"
+	"time"
+)
+
+// SASOptions includes options used by SAS URIs for different
+// services and resources.
+type SASOptions struct {
+	APIVersion string
+	Start      time.Time
+	Expiry     time.Time
+	IP         string
+	UseHTTPS   bool
+	Identifier string
+}
+
+func addQueryParameter(query url.Values, key, value string) url.Values {
+	if value != "" {
+		query.Add(key, value)
+	}
+	return query
+}
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/storage/container.go b/vendor/github.com/Azure/azure-sdk-for-go/storage/container.go
new file mode 100644
index 000000000..ae2862c86
--- /dev/null
+++ b/vendor/github.com/Azure/azure-sdk-for-go/storage/container.go
@@ -0,0 +1,629 @@
+package storage
+
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License. See License.txt in the project root for license information.
+
+import (
+	"encoding/xml"
+	"fmt"
+	"io"
+	"net/http"
+	"net/url"
+	"strconv"
+	"strings"
+	"time"
+)
+
+// Container represents an Azure container.
+type Container struct {
+	bsc        *BlobStorageClient
+	Name       string              `xml:"Name"`
+	Properties ContainerProperties `xml:"Properties"`
+	Metadata   map[string]string
+	sasuri     url.URL
+}
+
+// Client returns the HTTP client used by the Container reference.
+func (c *Container) Client() *Client {
+	return &c.bsc.client
+}
+
+func (c *Container) buildPath() string {
+	return fmt.Sprintf("/%s", c.Name)
+}
+
+// GetURL gets the canonical URL to the container.
+// This method does not create a publicly accessible URL if the container
+// is private and this method does not check if the blob exists.
+func (c *Container) GetURL() string {
+	container := c.Name
+	if container == "" {
+		container = "$root"
+	}
+	return c.bsc.client.getEndpoint(blobServiceName, pathForResource(container, ""), nil)
+}
+
+// ContainerSASOptions are options to construct a container SAS
+// URI.
+// See https://docs.microsoft.com/en-us/rest/api/storageservices/constructing-a-service-sas
+type ContainerSASOptions struct {
+	ContainerSASPermissions
+	OverrideHeaders
+	SASOptions
+}
+
+// ContainerSASPermissions includes the available permissions for
+// a container SAS URI.
+type ContainerSASPermissions struct {
+	BlobServiceSASPermissions
+	List bool
+}
+
+// GetSASURI creates an URL to the container which contains the Shared
+// Access Signature with the specified options.
+//
+// See https://docs.microsoft.com/en-us/rest/api/storageservices/constructing-a-service-sas
+func (c *Container) GetSASURI(options ContainerSASOptions) (string, error) {
+	uri := c.GetURL()
+	signedResource := "c"
+	canonicalizedResource, err := c.bsc.client.buildCanonicalizedResource(uri, c.bsc.auth, true)
+	if err != nil {
+		return "", err
+	}
+
+	// build permissions string
+	permissions := options.BlobServiceSASPermissions.buildString()
+	if options.List {
+		permissions += "l"
+	}
+
+	return c.bsc.client.blobAndFileSASURI(options.SASOptions, uri, permissions, canonicalizedResource, signedResource, options.OverrideHeaders)
+}
+
+// ContainerProperties contains various properties of a container returned from
+// various endpoints like ListContainers.
+type ContainerProperties struct {
+	LastModified  string              `xml:"Last-Modified"`
+	Etag          string              `xml:"Etag"`
+	LeaseStatus   string              `xml:"LeaseStatus"`
+	LeaseState    string              `xml:"LeaseState"`
+	LeaseDuration string              `xml:"LeaseDuration"`
+	PublicAccess  ContainerAccessType `xml:"PublicAccess"`
+}
+
+// ContainerListResponse contains the response fields from
+// ListContainers call.
+//
+// See https://msdn.microsoft.com/en-us/library/azure/dd179352.aspx
+type ContainerListResponse struct {
+	XMLName    xml.Name    `xml:"EnumerationResults"`
+	Xmlns      string      `xml:"xmlns,attr"`
+	Prefix     string      `xml:"Prefix"`
+	Marker     string      `xml:"Marker"`
+	NextMarker string      `xml:"NextMarker"`
+	MaxResults int64       `xml:"MaxResults"`
+	Containers []Container `xml:"Containers>Container"`
+}
+
+// BlobListResponse contains the response fields from ListBlobs call.
+//
+// See https://msdn.microsoft.com/en-us/library/azure/dd135734.aspx
+type BlobListResponse struct {
+	XMLName    xml.Name `xml:"EnumerationResults"`
+	Xmlns      string   `xml:"xmlns,attr"`
+	Prefix     string   `xml:"Prefix"`
+	Marker     string   `xml:"Marker"`
+	NextMarker string   `xml:"NextMarker"`
+	MaxResults int64    `xml:"MaxResults"`
+	Blobs      []Blob   `xml:"Blobs>Blob"`
+
+	// BlobPrefix is used to traverse blobs as if it were a file system.
+	// It is returned if ListBlobsParameters.Delimiter is specified.
+	// The list here can be thought of as "folders" that may contain
+	// other folders or blobs.
+	BlobPrefixes []string `xml:"Blobs>BlobPrefix>Name"`
+
+	// Delimiter is used to traverse blobs as if it were a file system.
+	// It is returned if ListBlobsParameters.Delimiter is specified.
+	Delimiter string `xml:"Delimiter"`
+}
+
+// IncludeBlobDataset has options to include in a list blobs operation
+type IncludeBlobDataset struct {
+	Snapshots        bool
+	Metadata         bool
+	UncommittedBlobs bool
+	Copy             bool
+}
+
+// ListBlobsParameters defines the set of customizable
+// parameters to make a List Blobs call.
+//
+// See https://msdn.microsoft.com/en-us/library/azure/dd135734.aspx
+type ListBlobsParameters struct {
+	Prefix     string
+	Delimiter  string
+	Marker     string
+	Include    *IncludeBlobDataset
+	MaxResults uint
+	Timeout    uint
+	RequestID  string
+}
+
+func (p ListBlobsParameters) getParameters() url.Values {
+	out := url.Values{}
+
+	if p.Prefix != "" {
+		out.Set("prefix", p.Prefix)
+	}
+	if p.Delimiter != "" {
+		out.Set("delimiter", p.Delimiter)
+	}
+	if p.Marker != "" {
+		out.Set("marker", p.Marker)
+	}
+	if p.Include != nil {
+		include := []string{}
+		include = addString(include, p.Include.Snapshots, "snapshots")
+		include = addString(include, p.Include.Metadata, "metadata")
+		include = addString(include, p.Include.UncommittedBlobs, "uncommittedblobs")
+		include = addString(include, p.Include.Copy, "copy")
+		fullInclude := strings.Join(include, ",")
+		out.Set("include", fullInclude)
+	}
+	if p.MaxResults != 0 {
+		out.Set("maxresults", strconv.FormatUint(uint64(p.MaxResults), 10))
+	}
+	if p.Timeout != 0 {
+		out.Set("timeout", strconv.FormatUint(uint64(p.Timeout), 10))
+	}
+
+	return out
+}
+
+func addString(datasets []string, include bool, text string) []string {
+	if include {
+		datasets = append(datasets, text)
+	}
+	return datasets
+}
+
+// ContainerAccessType defines the access level to the container from a public
+// request.
+//
+// See https://msdn.microsoft.com/en-us/library/azure/dd179468.aspx and "x-ms-
+// blob-public-access" header.
+type ContainerAccessType string
+
+// Access options for containers
+const (
+	ContainerAccessTypePrivate   ContainerAccessType = ""
+	ContainerAccessTypeBlob      ContainerAccessType = "blob"
+	ContainerAccessTypeContainer ContainerAccessType = "container"
+)
+
+// ContainerAccessPolicy represents each access policy in the container ACL.
+type ContainerAccessPolicy struct {
+	ID         string
+	StartTime  time.Time
+	ExpiryTime time.Time
+	CanRead    bool
+	CanWrite   bool
+	CanDelete  bool
+}
+
+// ContainerPermissions represents the container ACLs.
+type ContainerPermissions struct {
+	AccessType     ContainerAccessType
+	AccessPolicies []ContainerAccessPolicy
+}
+
+// ContainerAccessHeader references header used when setting/getting container ACL
+const (
+	ContainerAccessHeader string = "x-ms-blob-public-access"
+)
+
+// GetBlobReference returns a Blob object for the specified blob name.
+func (c *Container) GetBlobReference(name string) *Blob {
+	return &Blob{
+		Container: c,
+		Name:      name,
+	}
+}
+
+// CreateContainerOptions includes the options for a create container operation
+type CreateContainerOptions struct {
+	Timeout   uint
+	Access    ContainerAccessType `header:"x-ms-blob-public-access"`
+	RequestID string              `header:"x-ms-client-request-id"`
+}
+
+// Create creates a blob container within the storage account
+// with given name and access level. Returns error if container already exists.
+//
+// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/Create-Container
+func (c *Container) Create(options *CreateContainerOptions) error {
+	resp, err := c.create(options)
+	if err != nil {
+		return err
+	}
+	defer drainRespBody(resp)
+	return checkRespCode(resp, []int{http.StatusCreated})
+}
+
+// CreateIfNotExists creates a blob container if it does not exist. Returns
+// true if container is newly created or false if container already exists.
+func (c *Container) CreateIfNotExists(options *CreateContainerOptions) (bool, error) {
+	resp, err := c.create(options)
+	if resp != nil {
+		defer drainRespBody(resp)
+		if resp.StatusCode == http.StatusCreated || resp.StatusCode == http.StatusConflict {
+			return resp.StatusCode == http.StatusCreated, nil
+		}
+	}
+	return false, err
+}
+
+func (c *Container) create(options *CreateContainerOptions) (*http.Response, error) {
+	query := url.Values{"restype": {"container"}}
+	headers := c.bsc.client.getStandardHeaders()
+	headers = c.bsc.client.addMetadataToHeaders(headers, c.Metadata)
+
+	if options != nil {
+		query = addTimeout(query, options.Timeout)
+		headers = mergeHeaders(headers, headersFromStruct(*options))
+	}
+	uri := c.bsc.client.getEndpoint(blobServiceName, c.buildPath(), query)
+
+	return c.bsc.client.exec(http.MethodPut, uri, headers, nil, c.bsc.auth)
+}
+
+// Exists returns true if a container with given name exists
+// on the storage account, otherwise returns false.
+func (c *Container) Exists() (bool, error) {
+	q := url.Values{"restype": {"container"}}
+	var uri string
+	if c.bsc.client.isServiceSASClient() {
+		q = mergeParams(q, c.sasuri.Query())
+		newURI := c.sasuri
+		newURI.RawQuery = q.Encode()
+		uri = newURI.String()
+
+	} else {
+		uri = c.bsc.client.getEndpoint(blobServiceName, c.buildPath(), q)
+	}
+	headers := c.bsc.client.getStandardHeaders()
+
+	resp, err := c.bsc.client.exec(http.MethodHead, uri, headers, nil, c.bsc.auth)
+	if resp != nil {
+		defer drainRespBody(resp)
+		if resp.StatusCode == http.StatusOK || resp.StatusCode == http.StatusNotFound {
+			return resp.StatusCode == http.StatusOK, nil
+		}
+	}
+	return false, err
+}
+
+// SetContainerPermissionOptions includes options for a set container permissions operation
+type SetContainerPermissionOptions struct {
+	Timeout           uint
+	LeaseID           string     `header:"x-ms-lease-id"`
+	IfModifiedSince   *time.Time `header:"If-Modified-Since"`
+	IfUnmodifiedSince *time.Time `header:"If-Unmodified-Since"`
+	RequestID         string     `header:"x-ms-client-request-id"`
+}
+
+// SetPermissions sets up container permissions
+// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/Set-Container-ACL
+func (c *Container) SetPermissions(permissions ContainerPermissions, options *SetContainerPermissionOptions) error {
+	body, length, err := generateContainerACLpayload(permissions.AccessPolicies)
+	if err != nil {
+		return err
+	}
+	params := url.Values{
+		"restype": {"container"},
+		"comp":    {"acl"},
+	}
+	headers := c.bsc.client.getStandardHeaders()
+	headers = addToHeaders(headers, ContainerAccessHeader, string(permissions.AccessType))
+	headers["Content-Length"] = strconv.Itoa(length)
+
+	if options != nil {
+		params = addTimeout(params, options.Timeout)
+		headers = mergeHeaders(headers, headersFromStruct(*options))
+	}
+	uri := c.bsc.client.getEndpoint(blobServiceName, c.buildPath(), params)
+
+	resp, err := c.bsc.client.exec(http.MethodPut, uri, headers, body, c.bsc.auth)
+	if err != nil {
+		return err
+	}
+	defer drainRespBody(resp)
+	return checkRespCode(resp, []int{http.StatusOK})
+}
+
+// GetContainerPermissionOptions includes options for a get container permissions operation
+type GetContainerPermissionOptions struct {
+	Timeout   uint
+	LeaseID   string `header:"x-ms-lease-id"`
+	RequestID string `header:"x-ms-client-request-id"`
+}
+
+// GetPermissions gets the container permissions as per https://msdn.microsoft.com/en-us/library/azure/dd179469.aspx
+// If timeout is 0 then it will not be passed to Azure
+// leaseID will only be passed to Azure if populated
+func (c *Container) GetPermissions(options *GetContainerPermissionOptions) (*ContainerPermissions, error) {
+	params := url.Values{
+		"restype": {"container"},
+		"comp":    {"acl"},
+	}
+	headers := c.bsc.client.getStandardHeaders()
+
+	if options != nil {
+		params = addTimeout(params, options.Timeout)
+		headers = mergeHeaders(headers, headersFromStruct(*options))
+	}
+	uri := c.bsc.client.getEndpoint(blobServiceName, c.buildPath(), params)
+
+	resp, err := c.bsc.client.exec(http.MethodGet, uri, headers, nil, c.bsc.auth)
+	if err != nil {
+		return nil, err
+	}
+	defer resp.Body.Close()
+
+	var ap AccessPolicy
+	err = xmlUnmarshal(resp.Body, &ap.SignedIdentifiersList)
+	if err != nil {
+		return nil, err
+	}
+	return buildAccessPolicy(ap, &resp.Header), nil
+}
+
+func buildAccessPolicy(ap AccessPolicy, headers *http.Header) *ContainerPermissions {
+	// containerAccess. Blob, Container, empty
+	containerAccess := headers.Get(http.CanonicalHeaderKey(ContainerAccessHeader))
+	permissions := ContainerPermissions{
+		AccessType:     ContainerAccessType(containerAccess),
+		AccessPolicies: []ContainerAccessPolicy{},
+	}
+
+	for _, policy := range ap.SignedIdentifiersList.SignedIdentifiers {
+		capd := ContainerAccessPolicy{
+			ID:         policy.ID,
+			StartTime:  policy.AccessPolicy.StartTime,
+			ExpiryTime: policy.AccessPolicy.ExpiryTime,
+		}
+		capd.CanRead = updatePermissions(policy.AccessPolicy.Permission, "r")
+		capd.CanWrite = updatePermissions(policy.AccessPolicy.Permission, "w")
+		capd.CanDelete = updatePermissions(policy.AccessPolicy.Permission, "d")
+
+		permissions.AccessPolicies = append(permissions.AccessPolicies, capd)
+	}
+	return &permissions
+}
+
+// DeleteContainerOptions includes options for a delete container operation
+type DeleteContainerOptions struct {
+	Timeout           uint
+	LeaseID           string     `header:"x-ms-lease-id"`
+	IfModifiedSince   *time.Time `header:"If-Modified-Since"`
+	IfUnmodifiedSince *time.Time `header:"If-Unmodified-Since"`
+	RequestID         string     `header:"x-ms-client-request-id"`
+}
+
+// Delete deletes the container with given name on the storage
+// account. If the container does not exist returns error.
+//
+// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/delete-container
+func (c *Container) Delete(options *DeleteContainerOptions) error {
+	resp, err := c.delete(options)
+	if err != nil {
+		return err
+	}
+	defer drainRespBody(resp)
+	return checkRespCode(resp, []int{http.StatusAccepted})
+}
+
+// DeleteIfExists deletes the container with given name on the storage
+// account if it exists. Returns true if container is deleted with this call, or
+// false if the container did not exist at the time of the Delete Container
+// operation.
+//
+// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/delete-container
+func (c *Container) DeleteIfExists(options *DeleteContainerOptions) (bool, error) {
+	resp, err := c.delete(options)
+	if resp != nil {
+		defer drainRespBody(resp)
+		if resp.StatusCode == http.StatusAccepted || resp.StatusCode == http.StatusNotFound {
+			return resp.StatusCode == http.StatusAccepted, nil
+		}
+	}
+	return false, err
+}
+
+func (c *Container) delete(options *DeleteContainerOptions) (*http.Response, error) {
+	query := url.Values{"restype": {"container"}}
+	headers := c.bsc.client.getStandardHeaders()
+
+	if options != nil {
+		query = addTimeout(query, options.Timeout)
+		headers = mergeHeaders(headers, headersFromStruct(*options))
+	}
+	uri := c.bsc.client.getEndpoint(blobServiceName, c.buildPath(), query)
+
+	return c.bsc.client.exec(http.MethodDelete, uri, headers, nil, c.bsc.auth)
+}
+
+// ListBlobs returns an object that contains list of blobs in the container,
+// pagination token and other information in the response of List Blobs call.
+//
+// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/List-Blobs
+func (c *Container) ListBlobs(params ListBlobsParameters) (BlobListResponse, error) {
+	q := mergeParams(params.getParameters(), url.Values{
+		"restype": {"container"},
+		"comp":    {"list"},
+	})
+	var uri string
+	if c.bsc.client.isServiceSASClient() {
+		q = mergeParams(q, c.sasuri.Query())
+		newURI := c.sasuri
+		newURI.RawQuery = q.Encode()
+		uri = newURI.String()
+	} else {
+		uri = c.bsc.client.getEndpoint(blobServiceName, c.buildPath(), q)
+	}
+
+	headers := c.bsc.client.getStandardHeaders()
+	headers = addToHeaders(headers, "x-ms-client-request-id", params.RequestID)
+
+	var out BlobListResponse
+	resp, err := c.bsc.client.exec(http.MethodGet, uri, headers, nil, c.bsc.auth)
+	if err != nil {
+		return out, err
+	}
+	defer resp.Body.Close()
+
+	err = xmlUnmarshal(resp.Body, &out)
+	for i := range out.Blobs {
+		out.Blobs[i].Container = c
+	}
+	return out, err
+}
+
+// ContainerMetadataOptions includes options for container metadata operations
+type ContainerMetadataOptions struct {
+	Timeout   uint
+	LeaseID   string `header:"x-ms-lease-id"`
+	RequestID string `header:"x-ms-client-request-id"`
+}
+
+// SetMetadata replaces the metadata for the specified container.
+//
+// Some keys may be converted to Camel-Case before sending. All keys
+// are returned in lower case by GetBlobMetadata. HTTP header names
+// are case-insensitive so case munging should not matter to other
+// applications either.
+//
+// See https://docs.microsoft.com/en-us/rest/api/storageservices/set-container-metadata
+func (c *Container) SetMetadata(options *ContainerMetadataOptions) error {
+	params := url.Values{
+		"comp":    {"metadata"},
+		"restype": {"container"},
+	}
+	headers := c.bsc.client.getStandardHeaders()
+	headers = c.bsc.client.addMetadataToHeaders(headers, c.Metadata)
+
+	if options != nil {
+		params = addTimeout(params, options.Timeout)
+		headers = mergeHeaders(headers, headersFromStruct(*options))
+	}
+
+	uri := c.bsc.client.getEndpoint(blobServiceName, c.buildPath(), params)
+
+	resp, err := c.bsc.client.exec(http.MethodPut, uri, headers, nil, c.bsc.auth)
+	if err != nil {
+		return err
+	}
+	defer drainRespBody(resp)
+	return checkRespCode(resp, []int{http.StatusOK})
+}
+
+// GetMetadata returns all user-defined metadata for the specified container.
+//
+// All metadata keys will be returned in lower case. (HTTP header
+// names are case-insensitive.)
+//
+// See https://docs.microsoft.com/en-us/rest/api/storageservices/get-container-metadata
+func (c *Container) GetMetadata(options *ContainerMetadataOptions) error {
+	params := url.Values{
+		"comp":    {"metadata"},
+		"restype": {"container"},
+	}
+	headers := c.bsc.client.getStandardHeaders()
+
+	if options != nil {
+		params = addTimeout(params, options.Timeout)
+		headers = mergeHeaders(headers, headersFromStruct(*options))
+	}
+
+	uri := c.bsc.client.getEndpoint(blobServiceName, c.buildPath(), params)
+
+	resp, err := c.bsc.client.exec(http.MethodGet, uri, headers, nil, c.bsc.auth)
+	if err != nil {
+		return err
+	}
+	defer drainRespBody(resp)
+	if err := checkRespCode(resp, []int{http.StatusOK}); err != nil {
+		return err
+	}
+
+	c.writeMetadata(resp.Header)
+	return nil
+}
+
+func (c *Container) writeMetadata(h http.Header) {
+	c.Metadata = writeMetadata(h)
+}
+
+func generateContainerACLpayload(policies []ContainerAccessPolicy) (io.Reader, int, error) {
+	sil := SignedIdentifiers{
+		SignedIdentifiers: []SignedIdentifier{},
+	}
+	for _, capd := range policies {
+		permission := capd.generateContainerPermissions()
+		signedIdentifier := convertAccessPolicyToXMLStructs(capd.ID, capd.StartTime, capd.ExpiryTime, permission)
+		sil.SignedIdentifiers = append(sil.SignedIdentifiers, signedIdentifier)
+	}
+	return xmlMarshal(sil)
+}
+
+func (capd *ContainerAccessPolicy) generateContainerPermissions() (permissions string) {
+	// generate the permissions string (rwd).
+	// still want the end user API to have bool flags.
+	permissions = ""
+
+	if capd.CanRead {
+		permissions += "r"
+	}
+
+	if capd.CanWrite {
+		permissions += "w"
+	}
+
+	if capd.CanDelete {
+		permissions += "d"
+	}
+
+	return permissions
+}
+
+// GetProperties updated the properties of the container.
+//
+// See https://docs.microsoft.com/en-us/rest/api/storageservices/get-container-properties
+func (c *Container) GetProperties() error {
+	params := url.Values{
+		"restype": {"container"},
+	}
+	headers := c.bsc.client.getStandardHeaders()
+
+	uri := c.bsc.client.getEndpoint(blobServiceName, c.buildPath(), params)
+
+	resp, err := c.bsc.client.exec(http.MethodGet, uri, headers, nil, c.bsc.auth)
+	if err != nil {
+		return err
+	}
+	defer resp.Body.Close()
+	if err := checkRespCode(resp, []int{http.StatusOK}); err != nil {
+		return err
+	}
+
+	// update properties
+	c.Properties.Etag = resp.Header.Get(headerEtag)
+	c.Properties.LeaseStatus = resp.Header.Get("x-ms-lease-status")
+	c.Properties.LeaseState = resp.Header.Get("x-ms-lease-state")
+	c.Properties.LeaseDuration = resp.Header.Get("x-ms-lease-duration")
+	c.Properties.LastModified = resp.Header.Get("Last-Modified")
+	c.Properties.PublicAccess = ContainerAccessType(resp.Header.Get(ContainerAccessHeader))
+
+	return nil
+}
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/storage/copyblob.go b/vendor/github.com/Azure/azure-sdk-for-go/storage/copyblob.go
new file mode 100644
index 000000000..3696e804f
--- /dev/null
+++ b/vendor/github.com/Azure/azure-sdk-for-go/storage/copyblob.go
@@ -0,0 +1,226 @@
+package storage
+
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License. See License.txt in the project root for license information.
+
+import (
+	"errors"
+	"fmt"
+	"net/http"
+	"net/url"
+	"strings"
+	"time"
+)
+
+const (
+	blobCopyStatusPending = "pending"
+	blobCopyStatusSuccess = "success"
+	blobCopyStatusAborted = "aborted"
+	blobCopyStatusFailed  = "failed"
+)
+
+// CopyOptions includes the options for a copy blob operation
+type CopyOptions struct {
+	Timeout   uint
+	Source    CopyOptionsConditions
+	Destiny   CopyOptionsConditions
+	RequestID string
+}
+
+// IncrementalCopyOptions includes the options for an incremental copy blob operation
+type IncrementalCopyOptions struct {
+	Timeout     uint
+	Destination IncrementalCopyOptionsConditions
+	RequestID   string
+}
+
+// CopyOptionsConditions includes some conditional options in a copy blob operation
+type CopyOptionsConditions struct {
+	LeaseID           string
+	IfModifiedSince   *time.Time
+	IfUnmodifiedSince *time.Time
+	IfMatch           string
+	IfNoneMatch       string
+}
+
+// IncrementalCopyOptionsConditions includes some conditional options in a copy blob operation
+type IncrementalCopyOptionsConditions struct {
+	IfModifiedSince   *time.Time
+	IfUnmodifiedSince *time.Time
+	IfMatch           string
+	IfNoneMatch       string
+}
+
+// Copy starts a blob copy operation and waits for the operation to
+// complete. sourceBlob parameter must be a canonical URL to the blob (can be
+// obtained using the GetURL method.) There is no SLA on blob copy and therefore
+// this helper method works faster on smaller files.
+//
+// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/Copy-Blob
+func (b *Blob) Copy(sourceBlob string, options *CopyOptions) error {
+	copyID, err := b.StartCopy(sourceBlob, options)
+	if err != nil {
+		return err
+	}
+
+	return b.WaitForCopy(copyID)
+}
+
+// StartCopy starts a blob copy operation.
+// sourceBlob parameter must be a canonical URL to the blob (can be
+// obtained using the GetURL method.)
+//
+// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/Copy-Blob
+func (b *Blob) StartCopy(sourceBlob string, options *CopyOptions) (string, error) {
+	params := url.Values{}
+	headers := b.Container.bsc.client.getStandardHeaders()
+	headers["x-ms-copy-source"] = sourceBlob
+	headers = b.Container.bsc.client.addMetadataToHeaders(headers, b.Metadata)
+
+	if options != nil {
+		params = addTimeout(params, options.Timeout)
+		headers = addToHeaders(headers, "x-ms-client-request-id", options.RequestID)
+		// source
+		headers = addToHeaders(headers, "x-ms-source-lease-id", options.Source.LeaseID)
+		headers = addTimeToHeaders(headers, "x-ms-source-if-modified-since", options.Source.IfModifiedSince)
+		headers = addTimeToHeaders(headers, "x-ms-source-if-unmodified-since", options.Source.IfUnmodifiedSince)
+		headers = addToHeaders(headers, "x-ms-source-if-match", options.Source.IfMatch)
+		headers = addToHeaders(headers, "x-ms-source-if-none-match", options.Source.IfNoneMatch)
+		//destiny
+		headers = addToHeaders(headers, "x-ms-lease-id", options.Destiny.LeaseID)
+		headers = addTimeToHeaders(headers, "x-ms-if-modified-since", options.Destiny.IfModifiedSince)
+		headers = addTimeToHeaders(headers, "x-ms-if-unmodified-since", options.Destiny.IfUnmodifiedSince)
+		headers = addToHeaders(headers, "x-ms-if-match", options.Destiny.IfMatch)
+		headers = addToHeaders(headers, "x-ms-if-none-match", options.Destiny.IfNoneMatch)
+	}
+	uri := b.Container.bsc.client.getEndpoint(blobServiceName, b.buildPath(), params)
+
+	resp, err := b.Container.bsc.client.exec(http.MethodPut, uri, headers, nil, b.Container.bsc.auth)
+	if err != nil {
+		return "", err
+	}
+	defer drainRespBody(resp)
+
+	if err := checkRespCode(resp, []int{http.StatusAccepted, http.StatusCreated}); err != nil {
+		return "", err
+	}
+
+	copyID := resp.Header.Get("x-ms-copy-id")
+	if copyID == "" {
+		return "", errors.New("Got empty copy id header")
+	}
+	return copyID, nil
+}
+
+// AbortCopyOptions includes the options for an abort blob operation
+type AbortCopyOptions struct {
+	Timeout   uint
+	LeaseID   string `header:"x-ms-lease-id"`
+	RequestID string `header:"x-ms-client-request-id"`
+}
+
+// AbortCopy aborts a BlobCopy which has already been triggered by the StartBlobCopy function.
+// copyID is generated from StartBlobCopy function.
+// currentLeaseID is required IF the destination blob has an active lease on it.
+// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/Abort-Copy-Blob
+func (b *Blob) AbortCopy(copyID string, options *AbortCopyOptions) error {
+	params := url.Values{
+		"comp":   {"copy"},
+		"copyid": {copyID},
+	}
+	headers := b.Container.bsc.client.getStandardHeaders()
+	headers["x-ms-copy-action"] = "abort"
+
+	if options != nil {
+		params = addTimeout(params, options.Timeout)
+		headers = mergeHeaders(headers, headersFromStruct(*options))
+	}
+	uri := b.Container.bsc.client.getEndpoint(blobServiceName, b.buildPath(), params)
+
+	resp, err := b.Container.bsc.client.exec(http.MethodPut, uri, headers, nil, b.Container.bsc.auth)
+	if err != nil {
+		return err
+	}
+	defer drainRespBody(resp)
+	return checkRespCode(resp, []int{http.StatusNoContent})
+}
+
+// WaitForCopy loops until a BlobCopy operation is completed (or fails with error)
+func (b *Blob) WaitForCopy(copyID string) error {
+	for {
+		err := b.GetProperties(nil)
+		if err != nil {
+			return err
+		}
+
+		if b.Properties.CopyID != copyID {
+			return errBlobCopyIDMismatch
+		}
+
+		switch b.Properties.CopyStatus {
+		case blobCopyStatusSuccess:
+			return nil
+		case blobCopyStatusPending:
+			continue
+		case blobCopyStatusAborted:
+			return errBlobCopyAborted
+		case blobCopyStatusFailed:
+			return fmt.Errorf("storage: blob copy failed. Id=%s Description=%s", b.Properties.CopyID, b.Properties.CopyStatusDescription)
+		default:
+			return fmt.Errorf("storage: unhandled blob copy status: '%s'", b.Properties.CopyStatus)
+		}
+	}
+}
+
+// IncrementalCopyBlob copies a snapshot of a source blob and copies to referring blob
+// sourceBlob parameter must be a valid snapshot URL of the original blob.
+// THe original blob mut be public, or use a Shared Access Signature.
+//
+// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/incremental-copy-blob .
+func (b *Blob) IncrementalCopyBlob(sourceBlobURL string, snapshotTime time.Time, options *IncrementalCopyOptions) (string, error) {
+	params := url.Values{"comp": {"incrementalcopy"}}
+
+	// need formatting to 7 decimal places so it's friendly to Windows and *nix
+	snapshotTimeFormatted := snapshotTime.Format("2006-01-02T15:04:05.0000000Z")
+	u, err := url.Parse(sourceBlobURL)
+	if err != nil {
+		return "", err
+	}
+	query := u.Query()
+	query.Add("snapshot", snapshotTimeFormatted)
+	encodedQuery := query.Encode()
+	encodedQuery = strings.Replace(encodedQuery, "%3A", ":", -1)
+	u.RawQuery = encodedQuery
+	snapshotURL := u.String()
+
+	headers := b.Container.bsc.client.getStandardHeaders()
+	headers["x-ms-copy-source"] = snapshotURL
+
+	if options != nil {
+		addTimeout(params, options.Timeout)
+		headers = addToHeaders(headers, "x-ms-client-request-id", options.RequestID)
+		headers = addTimeToHeaders(headers, "x-ms-if-modified-since", options.Destination.IfModifiedSince)
+		headers = addTimeToHeaders(headers, "x-ms-if-unmodified-since", options.Destination.IfUnmodifiedSince)
+		headers = addToHeaders(headers, "x-ms-if-match", options.Destination.IfMatch)
+		headers = addToHeaders(headers, "x-ms-if-none-match", options.Destination.IfNoneMatch)
+	}
+
+	// get URI of destination blob
+	uri := b.Container.bsc.client.getEndpoint(blobServiceName, b.buildPath(), params)
+
+	resp, err := b.Container.bsc.client.exec(http.MethodPut, uri, headers, nil, b.Container.bsc.auth)
+	if err != nil {
+		return "", err
+	}
+	defer drainRespBody(resp)
+
+	if err := checkRespCode(resp, []int{http.StatusAccepted}); err != nil {
+		return "", err
+	}
+
+	copyID := resp.Header.Get("x-ms-copy-id")
+	if copyID == "" {
+		return "", errors.New("Got empty copy id header")
+	}
+	return copyID, nil
+}
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/storage/directory.go b/vendor/github.com/Azure/azure-sdk-for-go/storage/directory.go
new file mode 100644
index 000000000..498e9837c
--- /dev/null
+++ b/vendor/github.com/Azure/azure-sdk-for-go/storage/directory.go
@@ -0,0 +1,227 @@
+package storage
+
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License. See License.txt in the project root for license information.
+
+import (
+	"encoding/xml"
+	"net/http"
+	"net/url"
+	"sync"
+)
+
+// Directory represents a directory on a share.
+type Directory struct {
+	fsc        *FileServiceClient
+	Metadata   map[string]string
+	Name       string `xml:"Name"`
+	parent     *Directory
+	Properties DirectoryProperties
+	share      *Share
+}
+
+// DirectoryProperties contains various properties of a directory.
+type DirectoryProperties struct {
+	LastModified string `xml:"Last-Modified"`
+	Etag         string `xml:"Etag"`
+}
+
+// ListDirsAndFilesParameters defines the set of customizable parameters to
+// make a List Files and Directories call.
+//
+// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/List-Directories-and-Files
+type ListDirsAndFilesParameters struct {
+	Prefix     string
+	Marker     string
+	MaxResults uint
+	Timeout    uint
+}
+
+// DirsAndFilesListResponse contains the response fields from
+// a List Files and Directories call.
+//
+// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/List-Directories-and-Files
+type DirsAndFilesListResponse struct {
+	XMLName     xml.Name    `xml:"EnumerationResults"`
+	Xmlns       string      `xml:"xmlns,attr"`
+	Marker      string      `xml:"Marker"`
+	MaxResults  int64       `xml:"MaxResults"`
+	Directories []Directory `xml:"Entries>Directory"`
+	Files       []File      `xml:"Entries>File"`
+	NextMarker  string      `xml:"NextMarker"`
+}
+
+// builds the complete directory path for this directory object.
+func (d *Directory) buildPath() string {
+	path := ""
+	current := d
+	for current.Name != "" {
+		path = "/" + current.Name + path
+		current = current.parent
+	}
+	return d.share.buildPath() + path
+}
+
+// Create this directory in the associated share.
+// If a directory with the same name already exists, the operation fails.
+//
+// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/Create-Directory
+func (d *Directory) Create(options *FileRequestOptions) error {
+	// if this is the root directory exit early
+	if d.parent == nil {
+		return nil
+	}
+
+	params := prepareOptions(options)
+	headers, err := d.fsc.createResource(d.buildPath(), resourceDirectory, params, mergeMDIntoExtraHeaders(d.Metadata, nil), []int{http.StatusCreated})
+	if err != nil {
+		return err
+	}
+
+	d.updateEtagAndLastModified(headers)
+	return nil
+}
+
+// CreateIfNotExists creates this directory under the associated share if the
+// directory does not exist. Returns true if the directory is newly created or
+// false if the directory already exists.
+//
+// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/Create-Directory
+func (d *Directory) CreateIfNotExists(options *FileRequestOptions) (bool, error) {
+	// if this is the root directory exit early
+	if d.parent == nil {
+		return false, nil
+	}
+
+	params := prepareOptions(options)
+	resp, err := d.fsc.createResourceNoClose(d.buildPath(), resourceDirectory, params, nil)
+	if resp != nil {
+		defer drainRespBody(resp)
+		if resp.StatusCode == http.StatusCreated || resp.StatusCode == http.StatusConflict {
+			if resp.StatusCode == http.StatusCreated {
+				d.updateEtagAndLastModified(resp.Header)
+				return true, nil
+			}
+
+			return false, d.FetchAttributes(nil)
+		}
+	}
+
+	return false, err
+}
+
+// Delete removes this directory.  It must be empty in order to be deleted.
+// If the directory does not exist the operation fails.
+//
+// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/Delete-Directory
+func (d *Directory) Delete(options *FileRequestOptions) error {
+	return d.fsc.deleteResource(d.buildPath(), resourceDirectory, options)
+}
+
+// DeleteIfExists removes this directory if it exists.
+//
+// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/Delete-Directory
+func (d *Directory) DeleteIfExists(options *FileRequestOptions) (bool, error) {
+	resp, err := d.fsc.deleteResourceNoClose(d.buildPath(), resourceDirectory, options)
+	if resp != nil {
+		defer drainRespBody(resp)
+		if resp.StatusCode == http.StatusAccepted || resp.StatusCode == http.StatusNotFound {
+			return resp.StatusCode == http.StatusAccepted, nil
+		}
+	}
+	return false, err
+}
+
+// Exists returns true if this directory exists.
+func (d *Directory) Exists() (bool, error) {
+	exists, headers, err := d.fsc.resourceExists(d.buildPath(), resourceDirectory)
+	if exists {
+		d.updateEtagAndLastModified(headers)
+	}
+	return exists, err
+}
+
+// FetchAttributes retrieves metadata for this directory.
+//  See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/get-directory-properties
+func (d *Directory) FetchAttributes(options *FileRequestOptions) error {
+	params := prepareOptions(options)
+	headers, err := d.fsc.getResourceHeaders(d.buildPath(), compNone, resourceDirectory, params, http.MethodHead)
+	if err != nil {
+		return err
+	}
+
+	d.updateEtagAndLastModified(headers)
+	d.Metadata = getMetadataFromHeaders(headers)
+
+	return nil
+}
+
+// GetDirectoryReference returns a child Directory object for this directory.
+func (d *Directory) GetDirectoryReference(name string) *Directory {
+	return &Directory{
+		fsc:    d.fsc,
+		Name:   name,
+		parent: d,
+		share:  d.share,
+	}
+}
+
+// GetFileReference returns a child File object for this directory.
+func (d *Directory) GetFileReference(name string) *File {
+	return &File{
+		fsc:    d.fsc,
+		Name:   name,
+		parent: d,
+		share:  d.share,
+		mutex:  &sync.Mutex{},
+	}
+}
+
+// ListDirsAndFiles returns a list of files and directories under this directory.
+// It also contains a pagination token and other response details.
+//
+// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/List-Directories-and-Files
+func (d *Directory) ListDirsAndFiles(params ListDirsAndFilesParameters) (*DirsAndFilesListResponse, error) {
+	q := mergeParams(params.getParameters(), getURLInitValues(compList, resourceDirectory))
+
+	resp, err := d.fsc.listContent(d.buildPath(), q, nil)
+	if err != nil {
+		return nil, err
+	}
+
+	defer resp.Body.Close()
+	var out DirsAndFilesListResponse
+	err = xmlUnmarshal(resp.Body, &out)
+	return &out, err
+}
+
+// SetMetadata replaces the metadata for this directory.
+//
+// Some keys may be converted to Camel-Case before sending. All keys
+// are returned in lower case by GetDirectoryMetadata. HTTP header names
+// are case-insensitive so case munging should not matter to other
+// applications either.
+//
+// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/Set-Directory-Metadata
+func (d *Directory) SetMetadata(options *FileRequestOptions) error {
+	headers, err := d.fsc.setResourceHeaders(d.buildPath(), compMetadata, resourceDirectory, mergeMDIntoExtraHeaders(d.Metadata, nil), options)
+	if err != nil {
+		return err
+	}
+
+	d.updateEtagAndLastModified(headers)
+	return nil
+}
+
+// updates Etag and last modified date
+func (d *Directory) updateEtagAndLastModified(headers http.Header) {
+	d.Properties.Etag = headers.Get("Etag")
+	d.Properties.LastModified = headers.Get("Last-Modified")
+}
+
+// URL gets the canonical URL to this directory.
+// This method does not create a publicly accessible URL if the directory
+// is private and this method does not check if the directory exists.
+func (d *Directory) URL() string {
+	return d.fsc.client.getEndpoint(fileServiceName, d.buildPath(), url.Values{})
+}
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/storage/entity.go b/vendor/github.com/Azure/azure-sdk-for-go/storage/entity.go
new file mode 100644
index 000000000..9ef63c8dd
--- /dev/null
+++ b/vendor/github.com/Azure/azure-sdk-for-go/storage/entity.go
@@ -0,0 +1,455 @@
+package storage
+
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License. See License.txt in the project root for license information.
+
+import (
+	"bytes"
+	"encoding/base64"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"net/url"
+	"strconv"
+	"strings"
+	"time"
+
+	"github.com/gofrs/uuid"
+)
+
+// Annotating as secure for gas scanning
+/* #nosec */
+const (
+	partitionKeyNode  = "PartitionKey"
+	rowKeyNode        = "RowKey"
+	etagErrorTemplate = "Etag didn't match: %v"
+)
+
+var (
+	errEmptyPayload      = errors.New("Empty payload is not a valid metadata level for this operation")
+	errNilPreviousResult = errors.New("The previous results page is nil")
+	errNilNextLink       = errors.New("There are no more pages in this query results")
+)
+
+// Entity represents an entity inside an Azure table.
+type Entity struct {
+	Table         *Table
+	PartitionKey  string
+	RowKey        string
+	TimeStamp     time.Time
+	OdataMetadata string
+	OdataType     string
+	OdataID       string
+	OdataEtag     string
+	OdataEditLink string
+	Properties    map[string]interface{}
+}
+
+// GetEntityReference returns an Entity object with the specified
+// partition key and row key.
+func (t *Table) GetEntityReference(partitionKey, rowKey string) *Entity {
+	return &Entity{
+		PartitionKey: partitionKey,
+		RowKey:       rowKey,
+		Table:        t,
+	}
+}
+
+// EntityOptions includes options for entity operations.
+type EntityOptions struct {
+	Timeout   uint
+	RequestID string `header:"x-ms-client-request-id"`
+}
+
+// GetEntityOptions includes options for a get entity operation
+type GetEntityOptions struct {
+	Select    []string
+	RequestID string `header:"x-ms-client-request-id"`
+}
+
+// Get gets the referenced entity. Which properties to get can be
+// specified using the select option.
+// See:
+// https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/query-entities
+// https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/querying-tables-and-entities
+func (e *Entity) Get(timeout uint, ml MetadataLevel, options *GetEntityOptions) error {
+	if ml == EmptyPayload {
+		return errEmptyPayload
+	}
+	// RowKey and PartitionKey could be lost if not included in the query
+	// As those are the entity identifiers, it is best if they are not lost
+	rk := e.RowKey
+	pk := e.PartitionKey
+
+	query := url.Values{
+		"timeout": {strconv.FormatUint(uint64(timeout), 10)},
+	}
+	headers := e.Table.tsc.client.getStandardHeaders()
+	headers[headerAccept] = string(ml)
+
+	if options != nil {
+		if len(options.Select) > 0 {
+			query.Add("$select", strings.Join(options.Select, ","))
+		}
+		headers = mergeHeaders(headers, headersFromStruct(*options))
+	}
+
+	uri := e.Table.tsc.client.getEndpoint(tableServiceName, e.buildPath(), query)
+	resp, err := e.Table.tsc.client.exec(http.MethodGet, uri, headers, nil, e.Table.tsc.auth)
+	if err != nil {
+		return err
+	}
+	defer drainRespBody(resp)
+
+	if err = checkRespCode(resp, []int{http.StatusOK}); err != nil {
+		return err
+	}
+
+	respBody, err := ioutil.ReadAll(resp.Body)
+	if err != nil {
+		return err
+	}
+	err = json.Unmarshal(respBody, e)
+	if err != nil {
+		return err
+	}
+	e.PartitionKey = pk
+	e.RowKey = rk
+
+	return nil
+}
+
+// Insert inserts the referenced entity in its table.
+// The function fails if there is an entity with the same
+// PartitionKey and RowKey in the table.
+// ml determines the level of detail of metadata in the operation response,
+// or no data at all.
+// See: https://docs.microsoft.com/rest/api/storageservices/fileservices/insert-entity
+func (e *Entity) Insert(ml MetadataLevel, options *EntityOptions) error {
+	query, headers := options.getParameters()
+	headers = mergeHeaders(headers, e.Table.tsc.client.getStandardHeaders())
+
+	body, err := json.Marshal(e)
+	if err != nil {
+		return err
+	}
+	headers = addBodyRelatedHeaders(headers, len(body))
+	headers = addReturnContentHeaders(headers, ml)
+
+	uri := e.Table.tsc.client.getEndpoint(tableServiceName, e.Table.buildPath(), query)
+	resp, err := e.Table.tsc.client.exec(http.MethodPost, uri, headers, bytes.NewReader(body), e.Table.tsc.auth)
+	if err != nil {
+		return err
+	}
+	defer drainRespBody(resp)
+
+	if ml != EmptyPayload {
+		if err = checkRespCode(resp, []int{http.StatusCreated}); err != nil {
+			return err
+		}
+		data, err := ioutil.ReadAll(resp.Body)
+		if err != nil {
+			return err
+		}
+		if err = e.UnmarshalJSON(data); err != nil {
+			return err
+		}
+	} else {
+		if err = checkRespCode(resp, []int{http.StatusNoContent}); err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+// Update updates the contents of an entity. The function fails if there is no entity
+// with the same PartitionKey and RowKey in the table or if the ETag is different
+// than the one in Azure.
+// See: https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/update-entity2
+func (e *Entity) Update(force bool, options *EntityOptions) error {
+	return e.updateMerge(force, http.MethodPut, options)
+}
+
+// Merge merges the contents of entity specified with PartitionKey and RowKey
+// with the content specified in Properties.
+// The function fails if there is no entity with the same PartitionKey and
+// RowKey in the table or if the ETag is different than the one in Azure.
+// Read more: https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/merge-entity
+func (e *Entity) Merge(force bool, options *EntityOptions) error {
+	return e.updateMerge(force, "MERGE", options)
+}
+
+// Delete deletes the entity.
+// The function fails if there is no entity with the same PartitionKey and
+// RowKey in the table or if the ETag is different than the one in Azure.
+// See: https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/delete-entity1
+func (e *Entity) Delete(force bool, options *EntityOptions) error {
+	query, headers := options.getParameters()
+	headers = mergeHeaders(headers, e.Table.tsc.client.getStandardHeaders())
+
+	headers = addIfMatchHeader(headers, force, e.OdataEtag)
+	headers = addReturnContentHeaders(headers, EmptyPayload)
+
+	uri := e.Table.tsc.client.getEndpoint(tableServiceName, e.buildPath(), query)
+	resp, err := e.Table.tsc.client.exec(http.MethodDelete, uri, headers, nil, e.Table.tsc.auth)
+	if err != nil {
+		if resp != nil && resp.StatusCode == http.StatusPreconditionFailed {
+			return fmt.Errorf(etagErrorTemplate, err)
+		}
+		return err
+	}
+	defer drainRespBody(resp)
+
+	if err = checkRespCode(resp, []int{http.StatusNoContent}); err != nil {
+		return err
+	}
+
+	return e.updateTimestamp(resp.Header)
+}
+
+// InsertOrReplace inserts an entity or replaces the existing one.
+// Read more: https://docs.microsoft.com/rest/api/storageservices/fileservices/insert-or-replace-entity
+func (e *Entity) InsertOrReplace(options *EntityOptions) error {
+	return e.insertOr(http.MethodPut, options)
+}
+
+// InsertOrMerge inserts an entity or merges the existing one.
+// Read more: https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/insert-or-merge-entity
+func (e *Entity) InsertOrMerge(options *EntityOptions) error {
+	return e.insertOr("MERGE", options)
+}
+
+func (e *Entity) buildPath() string {
+	return fmt.Sprintf("%s(PartitionKey='%s',RowKey='%s')", e.Table.buildPath(), e.PartitionKey, e.RowKey)
+}
+
+// MarshalJSON is a custom marshaller for entity
+func (e *Entity) MarshalJSON() ([]byte, error) {
+	completeMap := map[string]interface{}{}
+	completeMap[partitionKeyNode] = e.PartitionKey
+	completeMap[rowKeyNode] = e.RowKey
+	for k, v := range e.Properties {
+		typeKey := strings.Join([]string{k, OdataTypeSuffix}, "")
+		switch t := v.(type) {
+		case []byte:
+			completeMap[typeKey] = OdataBinary
+			completeMap[k] = t
+		case time.Time:
+			completeMap[typeKey] = OdataDateTime
+			completeMap[k] = t.Format(time.RFC3339Nano)
+		case uuid.UUID:
+			completeMap[typeKey] = OdataGUID
+			completeMap[k] = t.String()
+		case int64:
+			completeMap[typeKey] = OdataInt64
+			completeMap[k] = fmt.Sprintf("%v", v)
+		case float32, float64:
+			completeMap[typeKey] = OdataDouble
+			completeMap[k] = fmt.Sprintf("%v", v)
+		default:
+			completeMap[k] = v
+		}
+		if strings.HasSuffix(k, OdataTypeSuffix) {
+			if !(completeMap[k] == OdataBinary ||
+				completeMap[k] == OdataDateTime ||
+				completeMap[k] == OdataGUID ||
+				completeMap[k] == OdataInt64 ||
+				completeMap[k] == OdataDouble) {
+				return nil, fmt.Errorf("Odata.type annotation %v value is not valid", k)
+			}
+			valueKey := strings.TrimSuffix(k, OdataTypeSuffix)
+			if _, ok := completeMap[valueKey]; !ok {
+				return nil, fmt.Errorf("Odata.type annotation %v defined without value defined", k)
+			}
+		}
+	}
+	return json.Marshal(completeMap)
+}
+
+// UnmarshalJSON is a custom unmarshaller for entities
+func (e *Entity) UnmarshalJSON(data []byte) error {
+	errorTemplate := "Deserializing error: %v"
+
+	props := map[string]interface{}{}
+	err := json.Unmarshal(data, &props)
+	if err != nil {
+		return err
+	}
+
+	// deselialize metadata
+	e.OdataMetadata = stringFromMap(props, "odata.metadata")
+	e.OdataType = stringFromMap(props, "odata.type")
+	e.OdataID = stringFromMap(props, "odata.id")
+	e.OdataEtag = stringFromMap(props, "odata.etag")
+	e.OdataEditLink = stringFromMap(props, "odata.editLink")
+	e.PartitionKey = stringFromMap(props, partitionKeyNode)
+	e.RowKey = stringFromMap(props, rowKeyNode)
+
+	// deserialize timestamp
+	timeStamp, ok := props["Timestamp"]
+	if ok {
+		str, ok := timeStamp.(string)
+		if !ok {
+			return fmt.Errorf(errorTemplate, "Timestamp casting error")
+		}
+		t, err := time.Parse(time.RFC3339Nano, str)
+		if err != nil {
+			return fmt.Errorf(errorTemplate, err)
+		}
+		e.TimeStamp = t
+	}
+	delete(props, "Timestamp")
+	delete(props, "Timestamp@odata.type")
+
+	// deserialize entity (user defined fields)
+	for k, v := range props {
+		if strings.HasSuffix(k, OdataTypeSuffix) {
+			valueKey := strings.TrimSuffix(k, OdataTypeSuffix)
+			str, ok := props[valueKey].(string)
+			if !ok {
+				return fmt.Errorf(errorTemplate, fmt.Sprintf("%v casting error", v))
+			}
+			switch v {
+			case OdataBinary:
+				props[valueKey], err = base64.StdEncoding.DecodeString(str)
+				if err != nil {
+					return fmt.Errorf(errorTemplate, err)
+				}
+			case OdataDateTime:
+				t, err := time.Parse("2006-01-02T15:04:05Z", str)
+				if err != nil {
+					return fmt.Errorf(errorTemplate, err)
+				}
+				props[valueKey] = t
+			case OdataGUID:
+				props[valueKey] = uuid.FromStringOrNil(str)
+			case OdataInt64:
+				i, err := strconv.ParseInt(str, 10, 64)
+				if err != nil {
+					return fmt.Errorf(errorTemplate, err)
+				}
+				props[valueKey] = i
+			case OdataDouble:
+				f, err := strconv.ParseFloat(str, 64)
+				if err != nil {
+					return fmt.Errorf(errorTemplate, err)
+				}
+				props[valueKey] = f
+			default:
+				return fmt.Errorf(errorTemplate, fmt.Sprintf("%v is not supported", v))
+			}
+			delete(props, k)
+		}
+	}
+
+	e.Properties = props
+	return nil
+}
+
+func getAndDelete(props map[string]interface{}, key string) interface{} {
+	if value, ok := props[key]; ok {
+		delete(props, key)
+		return value
+	}
+	return nil
+}
+
+func addIfMatchHeader(h map[string]string, force bool, etag string) map[string]string {
+	if force {
+		h[headerIfMatch] = "*"
+	} else {
+		h[headerIfMatch] = etag
+	}
+	return h
+}
+
+// updates Etag and timestamp
+func (e *Entity) updateEtagAndTimestamp(headers http.Header) error {
+	e.OdataEtag = headers.Get(headerEtag)
+	return e.updateTimestamp(headers)
+}
+
+func (e *Entity) updateTimestamp(headers http.Header) error {
+	str := headers.Get(headerDate)
+	t, err := time.Parse(time.RFC1123, str)
+	if err != nil {
+		return fmt.Errorf("Update timestamp error: %v", err)
+	}
+	e.TimeStamp = t
+	return nil
+}
+
+func (e *Entity) insertOr(verb string, options *EntityOptions) error {
+	query, headers := options.getParameters()
+	headers = mergeHeaders(headers, e.Table.tsc.client.getStandardHeaders())
+
+	body, err := json.Marshal(e)
+	if err != nil {
+		return err
+	}
+	headers = addBodyRelatedHeaders(headers, len(body))
+	headers = addReturnContentHeaders(headers, EmptyPayload)
+
+	uri := e.Table.tsc.client.getEndpoint(tableServiceName, e.buildPath(), query)
+	resp, err := e.Table.tsc.client.exec(verb, uri, headers, bytes.NewReader(body), e.Table.tsc.auth)
+	if err != nil {
+		return err
+	}
+	defer drainRespBody(resp)
+
+	if err = checkRespCode(resp, []int{http.StatusNoContent}); err != nil {
+		return err
+	}
+
+	return e.updateEtagAndTimestamp(resp.Header)
+}
+
+func (e *Entity) updateMerge(force bool, verb string, options *EntityOptions) error {
+	query, headers := options.getParameters()
+	headers = mergeHeaders(headers, e.Table.tsc.client.getStandardHeaders())
+
+	body, err := json.Marshal(e)
+	if err != nil {
+		return err
+	}
+	headers = addBodyRelatedHeaders(headers, len(body))
+	headers = addIfMatchHeader(headers, force, e.OdataEtag)
+	headers = addReturnContentHeaders(headers, EmptyPayload)
+
+	uri := e.Table.tsc.client.getEndpoint(tableServiceName, e.buildPath(), query)
+	resp, err := e.Table.tsc.client.exec(verb, uri, headers, bytes.NewReader(body), e.Table.tsc.auth)
+	if err != nil {
+		if resp != nil && resp.StatusCode == http.StatusPreconditionFailed {
+			return fmt.Errorf(etagErrorTemplate, err)
+		}
+		return err
+	}
+	defer drainRespBody(resp)
+
+	if err = checkRespCode(resp, []int{http.StatusNoContent}); err != nil {
+		return err
+	}
+
+	return e.updateEtagAndTimestamp(resp.Header)
+}
+
+func stringFromMap(props map[string]interface{}, key string) string {
+	value := getAndDelete(props, key)
+	if value != nil {
+		return value.(string)
+	}
+	return ""
+}
+
+func (options *EntityOptions) getParameters() (url.Values, map[string]string) {
+	query := url.Values{}
+	headers := map[string]string{}
+	if options != nil {
+		query = addTimeout(query, options.Timeout)
+		headers = headersFromStruct(*options)
+	}
+	return query, headers
+}
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/storage/file.go b/vendor/github.com/Azure/azure-sdk-for-go/storage/file.go
new file mode 100644
index 000000000..9848025cc
--- /dev/null
+++ b/vendor/github.com/Azure/azure-sdk-for-go/storage/file.go
@@ -0,0 +1,473 @@
+package storage
+
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License. See License.txt in the project root for license information.
+
+import (
+	"errors"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"net/http"
+	"net/url"
+	"strconv"
+	"sync"
+)
+
+const fourMB = uint64(4194304)
+const oneTB = uint64(1099511627776)
+
+// Export maximum range and file sizes
+
+// MaxRangeSize defines the maximum size in bytes for a file range.
+const MaxRangeSize = fourMB
+
+// MaxFileSize defines the maximum size in bytes for a file.
+const MaxFileSize = oneTB
+
+// File represents a file on a share.
+type File struct {
+	fsc                *FileServiceClient
+	Metadata           map[string]string
+	Name               string `xml:"Name"`
+	parent             *Directory
+	Properties         FileProperties `xml:"Properties"`
+	share              *Share
+	FileCopyProperties FileCopyState
+	mutex              *sync.Mutex
+}
+
+// FileProperties contains various properties of a file.
+type FileProperties struct {
+	CacheControl string `header:"x-ms-cache-control"`
+	Disposition  string `header:"x-ms-content-disposition"`
+	Encoding     string `header:"x-ms-content-encoding"`
+	Etag         string
+	Language     string `header:"x-ms-content-language"`
+	LastModified string
+	Length       uint64 `xml:"Content-Length" header:"x-ms-content-length"`
+	MD5          string `header:"x-ms-content-md5"`
+	Type         string `header:"x-ms-content-type"`
+}
+
+// FileCopyState contains various properties of a file copy operation.
+type FileCopyState struct {
+	CompletionTime string
+	ID             string `header:"x-ms-copy-id"`
+	Progress       string
+	Source         string
+	Status         string `header:"x-ms-copy-status"`
+	StatusDesc     string
+}
+
+// FileStream contains file data returned from a call to GetFile.
+type FileStream struct {
+	Body       io.ReadCloser
+	ContentMD5 string
+}
+
+// FileRequestOptions will be passed to misc file operations.
+// Currently just Timeout (in seconds) but could expand.
+type FileRequestOptions struct {
+	Timeout uint // timeout duration in seconds.
+}
+
+func prepareOptions(options *FileRequestOptions) url.Values {
+	params := url.Values{}
+	if options != nil {
+		params = addTimeout(params, options.Timeout)
+	}
+	return params
+}
+
+// FileRanges contains a list of file range information for a file.
+//
+// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/List-Ranges
+type FileRanges struct {
+	ContentLength uint64
+	LastModified  string
+	ETag          string
+	FileRanges    []FileRange `xml:"Range"`
+}
+
+// FileRange contains range information for a file.
+//
+// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/List-Ranges
+type FileRange struct {
+	Start uint64 `xml:"Start"`
+	End   uint64 `xml:"End"`
+}
+
+func (fr FileRange) String() string {
+	return fmt.Sprintf("bytes=%d-%d", fr.Start, fr.End)
+}
+
+// builds the complete file path for this file object
+func (f *File) buildPath() string {
+	return f.parent.buildPath() + "/" + f.Name
+}
+
+// ClearRange releases the specified range of space in a file.
+//
+// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/Put-Range
+func (f *File) ClearRange(fileRange FileRange, options *FileRequestOptions) error {
+	var timeout *uint
+	if options != nil {
+		timeout = &options.Timeout
+	}
+	headers, err := f.modifyRange(nil, fileRange, timeout, nil)
+	if err != nil {
+		return err
+	}
+
+	f.updateEtagAndLastModified(headers)
+	return nil
+}
+
+// Create creates a new file or replaces an existing one.
+//
+// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/Create-File
+func (f *File) Create(maxSize uint64, options *FileRequestOptions) error {
+	if maxSize > oneTB {
+		return fmt.Errorf("max file size is 1TB")
+	}
+	params := prepareOptions(options)
+	headers := headersFromStruct(f.Properties)
+	headers["x-ms-content-length"] = strconv.FormatUint(maxSize, 10)
+	headers["x-ms-type"] = "file"
+
+	outputHeaders, err := f.fsc.createResource(f.buildPath(), resourceFile, params, mergeMDIntoExtraHeaders(f.Metadata, headers), []int{http.StatusCreated})
+	if err != nil {
+		return err
+	}
+
+	f.Properties.Length = maxSize
+	f.updateEtagAndLastModified(outputHeaders)
+	return nil
+}
+
+// CopyFile operation copied a file/blob from the sourceURL to the path provided.
+//
+// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/copy-file
+func (f *File) CopyFile(sourceURL string, options *FileRequestOptions) error {
+	extraHeaders := map[string]string{
+		"x-ms-type":        "file",
+		"x-ms-copy-source": sourceURL,
+	}
+	params := prepareOptions(options)
+
+	headers, err := f.fsc.createResource(f.buildPath(), resourceFile, params, mergeMDIntoExtraHeaders(f.Metadata, extraHeaders), []int{http.StatusAccepted})
+	if err != nil {
+		return err
+	}
+
+	f.updateEtagAndLastModified(headers)
+	f.FileCopyProperties.ID = headers.Get("X-Ms-Copy-Id")
+	f.FileCopyProperties.Status = headers.Get("X-Ms-Copy-Status")
+	return nil
+}
+
+// Delete immediately removes this file from the storage account.
+//
+// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/Delete-File2
+func (f *File) Delete(options *FileRequestOptions) error {
+	return f.fsc.deleteResource(f.buildPath(), resourceFile, options)
+}
+
+// DeleteIfExists removes this file if it exists.
+//
+// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/Delete-File2
+func (f *File) DeleteIfExists(options *FileRequestOptions) (bool, error) {
+	resp, err := f.fsc.deleteResourceNoClose(f.buildPath(), resourceFile, options)
+	if resp != nil {
+		defer drainRespBody(resp)
+		if resp.StatusCode == http.StatusAccepted || resp.StatusCode == http.StatusNotFound {
+			return resp.StatusCode == http.StatusAccepted, nil
+		}
+	}
+	return false, err
+}
+
+// GetFileOptions includes options for a get file operation
+type GetFileOptions struct {
+	Timeout       uint
+	GetContentMD5 bool
+}
+
+// DownloadToStream operation downloads the file.
+//
+// See: https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/get-file
+func (f *File) DownloadToStream(options *FileRequestOptions) (io.ReadCloser, error) {
+	params := prepareOptions(options)
+	resp, err := f.fsc.getResourceNoClose(f.buildPath(), compNone, resourceFile, params, http.MethodGet, nil)
+	if err != nil {
+		return nil, err
+	}
+
+	if err = checkRespCode(resp, []int{http.StatusOK}); err != nil {
+		drainRespBody(resp)
+		return nil, err
+	}
+	return resp.Body, nil
+}
+
+// DownloadRangeToStream operation downloads the specified range of this file with optional MD5 hash.
+//
+// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/get-file
+func (f *File) DownloadRangeToStream(fileRange FileRange, options *GetFileOptions) (fs FileStream, err error) {
+	extraHeaders := map[string]string{
+		"Range": fileRange.String(),
+	}
+	params := url.Values{}
+	if options != nil {
+		if options.GetContentMD5 {
+			if isRangeTooBig(fileRange) {
+				return fs, fmt.Errorf("must specify a range less than or equal to 4MB when getContentMD5 is true")
+			}
+			extraHeaders["x-ms-range-get-content-md5"] = "true"
+		}
+		params = addTimeout(params, options.Timeout)
+	}
+
+	resp, err := f.fsc.getResourceNoClose(f.buildPath(), compNone, resourceFile, params, http.MethodGet, extraHeaders)
+	if err != nil {
+		return fs, err
+	}
+
+	if err = checkRespCode(resp, []int{http.StatusOK, http.StatusPartialContent}); err != nil {
+		drainRespBody(resp)
+		return fs, err
+	}
+
+	fs.Body = resp.Body
+	if options != nil && options.GetContentMD5 {
+		fs.ContentMD5 = resp.Header.Get("Content-MD5")
+	}
+	return fs, nil
+}
+
+// Exists returns true if this file exists.
+func (f *File) Exists() (bool, error) {
+	exists, headers, err := f.fsc.resourceExists(f.buildPath(), resourceFile)
+	if exists {
+		f.updateEtagAndLastModified(headers)
+		f.updateProperties(headers)
+	}
+	return exists, err
+}
+
+// FetchAttributes updates metadata and properties for this file.
+// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/get-file-properties
+func (f *File) FetchAttributes(options *FileRequestOptions) error {
+	params := prepareOptions(options)
+	headers, err := f.fsc.getResourceHeaders(f.buildPath(), compNone, resourceFile, params, http.MethodHead)
+	if err != nil {
+		return err
+	}
+
+	f.updateEtagAndLastModified(headers)
+	f.updateProperties(headers)
+	f.Metadata = getMetadataFromHeaders(headers)
+	return nil
+}
+
+// returns true if the range is larger than 4MB
+func isRangeTooBig(fileRange FileRange) bool {
+	if fileRange.End-fileRange.Start > fourMB {
+		return true
+	}
+
+	return false
+}
+
+// ListRangesOptions includes options for a list file ranges operation
+type ListRangesOptions struct {
+	Timeout   uint
+	ListRange *FileRange
+}
+
+// ListRanges returns the list of valid ranges for this file.
+//
+// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/List-Ranges
+func (f *File) ListRanges(options *ListRangesOptions) (*FileRanges, error) {
+	params := url.Values{"comp": {"rangelist"}}
+
+	// add optional range to list
+	var headers map[string]string
+	if options != nil {
+		params = addTimeout(params, options.Timeout)
+		if options.ListRange != nil {
+			headers = make(map[string]string)
+			headers["Range"] = options.ListRange.String()
+		}
+	}
+
+	resp, err := f.fsc.listContent(f.buildPath(), params, headers)
+	if err != nil {
+		return nil, err
+	}
+
+	defer resp.Body.Close()
+	var cl uint64
+	cl, err = strconv.ParseUint(resp.Header.Get("x-ms-content-length"), 10, 64)
+	if err != nil {
+		ioutil.ReadAll(resp.Body)
+		return nil, err
+	}
+
+	var out FileRanges
+	out.ContentLength = cl
+	out.ETag = resp.Header.Get("ETag")
+	out.LastModified = resp.Header.Get("Last-Modified")
+
+	err = xmlUnmarshal(resp.Body, &out)
+	return &out, err
+}
+
+// modifies a range of bytes in this file
+func (f *File) modifyRange(bytes io.Reader, fileRange FileRange, timeout *uint, contentMD5 *string) (http.Header, error) {
+	if err := f.fsc.checkForStorageEmulator(); err != nil {
+		return nil, err
+	}
+	if fileRange.End < fileRange.Start {
+		return nil, errors.New("the value for rangeEnd must be greater than or equal to rangeStart")
+	}
+	if bytes != nil && isRangeTooBig(fileRange) {
+		return nil, errors.New("range cannot exceed 4MB in size")
+	}
+
+	params := url.Values{"comp": {"range"}}
+	if timeout != nil {
+		params = addTimeout(params, *timeout)
+	}
+
+	uri := f.fsc.client.getEndpoint(fileServiceName, f.buildPath(), params)
+
+	// default to clear
+	write := "clear"
+	cl := uint64(0)
+
+	// if bytes is not nil then this is an update operation
+	if bytes != nil {
+		write = "update"
+		cl = (fileRange.End - fileRange.Start) + 1
+	}
+
+	extraHeaders := map[string]string{
+		"Content-Length": strconv.FormatUint(cl, 10),
+		"Range":          fileRange.String(),
+		"x-ms-write":     write,
+	}
+
+	if contentMD5 != nil {
+		extraHeaders["Content-MD5"] = *contentMD5
+	}
+
+	headers := mergeHeaders(f.fsc.client.getStandardHeaders(), extraHeaders)
+	resp, err := f.fsc.client.exec(http.MethodPut, uri, headers, bytes, f.fsc.auth)
+	if err != nil {
+		return nil, err
+	}
+	defer drainRespBody(resp)
+	return resp.Header, checkRespCode(resp, []int{http.StatusCreated})
+}
+
+// SetMetadata replaces the metadata for this file.
+//
+// Some keys may be converted to Camel-Case before sending. All keys
+// are returned in lower case by GetFileMetadata. HTTP header names
+// are case-insensitive so case munging should not matter to other
+// applications either.
+//
+// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/Set-File-Metadata
+func (f *File) SetMetadata(options *FileRequestOptions) error {
+	headers, err := f.fsc.setResourceHeaders(f.buildPath(), compMetadata, resourceFile, mergeMDIntoExtraHeaders(f.Metadata, nil), options)
+	if err != nil {
+		return err
+	}
+
+	f.updateEtagAndLastModified(headers)
+	return nil
+}
+
+// SetProperties sets system properties on this file.
+//
+// Some keys may be converted to Camel-Case before sending. All keys
+// are returned in lower case by SetFileProperties. HTTP header names
+// are case-insensitive so case munging should not matter to other
+// applications either.
+//
+// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/Set-File-Properties
+func (f *File) SetProperties(options *FileRequestOptions) error {
+	headers, err := f.fsc.setResourceHeaders(f.buildPath(), compProperties, resourceFile, headersFromStruct(f.Properties), options)
+	if err != nil {
+		return err
+	}
+
+	f.updateEtagAndLastModified(headers)
+	return nil
+}
+
+// updates Etag and last modified date
+func (f *File) updateEtagAndLastModified(headers http.Header) {
+	f.Properties.Etag = headers.Get("Etag")
+	f.Properties.LastModified = headers.Get("Last-Modified")
+}
+
+// updates file properties from the specified HTTP header
+func (f *File) updateProperties(header http.Header) {
+	size, err := strconv.ParseUint(header.Get("Content-Length"), 10, 64)
+	if err == nil {
+		f.Properties.Length = size
+	}
+
+	f.updateEtagAndLastModified(header)
+	f.Properties.CacheControl = header.Get("Cache-Control")
+	f.Properties.Disposition = header.Get("Content-Disposition")
+	f.Properties.Encoding = header.Get("Content-Encoding")
+	f.Properties.Language = header.Get("Content-Language")
+	f.Properties.MD5 = header.Get("Content-MD5")
+	f.Properties.Type = header.Get("Content-Type")
+}
+
+// URL gets the canonical URL to this file.
+// This method does not create a publicly accessible URL if the file
+// is private and this method does not check if the file exists.
+func (f *File) URL() string {
+	return f.fsc.client.getEndpoint(fileServiceName, f.buildPath(), nil)
+}
+
+// WriteRangeOptions includes options for a write file range operation
+type WriteRangeOptions struct {
+	Timeout    uint
+	ContentMD5 string
+}
+
+// WriteRange writes a range of bytes to this file with an optional MD5 hash of the content (inside
+// options parameter). Note that the length of bytes must match (rangeEnd - rangeStart) + 1 with
+// a maximum size of 4MB.
+//
+// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/Put-Range
+func (f *File) WriteRange(bytes io.Reader, fileRange FileRange, options *WriteRangeOptions) error {
+	if bytes == nil {
+		return errors.New("bytes cannot be nil")
+	}
+	var timeout *uint
+	var md5 *string
+	if options != nil {
+		timeout = &options.Timeout
+		md5 = &options.ContentMD5
+	}
+
+	headers, err := f.modifyRange(bytes, fileRange, timeout, md5)
+	if err != nil {
+		return err
+	}
+	// it's perfectly legal for multiple go routines to call WriteRange
+	// on the same *File (e.g. concurrently writing non-overlapping ranges)
+	// so we must take the file mutex before updating our properties.
+	f.mutex.Lock()
+	f.updateEtagAndLastModified(headers)
+	f.mutex.Unlock()
+	return nil
+}
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/storage/fileserviceclient.go b/vendor/github.com/Azure/azure-sdk-for-go/storage/fileserviceclient.go
new file mode 100644
index 000000000..6a12d6dcb
--- /dev/null
+++ b/vendor/github.com/Azure/azure-sdk-for-go/storage/fileserviceclient.go
@@ -0,0 +1,327 @@
+package storage
+
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License. See License.txt in the project root for license information.
+
+import (
+	"encoding/xml"
+	"fmt"
+	"net/http"
+	"net/url"
+	"strconv"
+)
+
+// FileServiceClient contains operations for Microsoft Azure File Service.
+type FileServiceClient struct {
+	client Client
+	auth   authentication
+}
+
+// ListSharesParameters defines the set of customizable parameters to make a
+// List Shares call.
+//
+// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/List-Shares
+type ListSharesParameters struct {
+	Prefix     string
+	Marker     string
+	Include    string
+	MaxResults uint
+	Timeout    uint
+}
+
+// ShareListResponse contains the response fields from
+// ListShares call.
+//
+// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/List-Shares
+type ShareListResponse struct {
+	XMLName    xml.Name `xml:"EnumerationResults"`
+	Xmlns      string   `xml:"xmlns,attr"`
+	Prefix     string   `xml:"Prefix"`
+	Marker     string   `xml:"Marker"`
+	NextMarker string   `xml:"NextMarker"`
+	MaxResults int64    `xml:"MaxResults"`
+	Shares     []Share  `xml:"Shares>Share"`
+}
+
+type compType string
+
+const (
+	compNone       compType = ""
+	compList       compType = "list"
+	compMetadata   compType = "metadata"
+	compProperties compType = "properties"
+	compRangeList  compType = "rangelist"
+)
+
+func (ct compType) String() string {
+	return string(ct)
+}
+
+type resourceType string
+
+const (
+	resourceDirectory resourceType = "directory"
+	resourceFile      resourceType = ""
+	resourceShare     resourceType = "share"
+)
+
+func (rt resourceType) String() string {
+	return string(rt)
+}
+
+func (p ListSharesParameters) getParameters() url.Values {
+	out := url.Values{}
+
+	if p.Prefix != "" {
+		out.Set("prefix", p.Prefix)
+	}
+	if p.Marker != "" {
+		out.Set("marker", p.Marker)
+	}
+	if p.Include != "" {
+		out.Set("include", p.Include)
+	}
+	if p.MaxResults != 0 {
+		out.Set("maxresults", strconv.FormatUint(uint64(p.MaxResults), 10))
+	}
+	if p.Timeout != 0 {
+		out.Set("timeout", strconv.FormatUint(uint64(p.Timeout), 10))
+	}
+
+	return out
+}
+
+func (p ListDirsAndFilesParameters) getParameters() url.Values {
+	out := url.Values{}
+
+	if p.Prefix != "" {
+		out.Set("prefix", p.Prefix)
+	}
+	if p.Marker != "" {
+		out.Set("marker", p.Marker)
+	}
+	if p.MaxResults != 0 {
+		out.Set("maxresults", strconv.FormatUint(uint64(p.MaxResults), 10))
+	}
+	out = addTimeout(out, p.Timeout)
+
+	return out
+}
+
+// returns url.Values for the specified types
+func getURLInitValues(comp compType, res resourceType) url.Values {
+	values := url.Values{}
+	if comp != compNone {
+		values.Set("comp", comp.String())
+	}
+	if res != resourceFile {
+		values.Set("restype", res.String())
+	}
+	return values
+}
+
+// GetShareReference returns a Share object for the specified share name.
+func (f *FileServiceClient) GetShareReference(name string) *Share {
+	return &Share{
+		fsc:  f,
+		Name: name,
+		Properties: ShareProperties{
+			Quota: -1,
+		},
+	}
+}
+
+// ListShares returns the list of shares in a storage account along with
+// pagination token and other response details.
+//
+// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/list-shares
+func (f FileServiceClient) ListShares(params ListSharesParameters) (*ShareListResponse, error) {
+	q := mergeParams(params.getParameters(), url.Values{"comp": {"list"}})
+
+	var out ShareListResponse
+	resp, err := f.listContent("", q, nil)
+	if err != nil {
+		return nil, err
+	}
+	defer resp.Body.Close()
+	err = xmlUnmarshal(resp.Body, &out)
+
+	// assign our client to the newly created Share objects
+	for i := range out.Shares {
+		out.Shares[i].fsc = &f
+	}
+	return &out, err
+}
+
+// GetServiceProperties gets the properties of your storage account's file service.
+// File service does not support logging
+// See: https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/get-file-service-properties
+func (f *FileServiceClient) GetServiceProperties() (*ServiceProperties, error) {
+	return f.client.getServiceProperties(fileServiceName, f.auth)
+}
+
+// SetServiceProperties sets the properties of your storage account's file service.
+// File service does not support logging
+// See: https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/set-file-service-properties
+func (f *FileServiceClient) SetServiceProperties(props ServiceProperties) error {
+	return f.client.setServiceProperties(props, fileServiceName, f.auth)
+}
+
+// retrieves directory or share content
+func (f FileServiceClient) listContent(path string, params url.Values, extraHeaders map[string]string) (*http.Response, error) {
+	if err := f.checkForStorageEmulator(); err != nil {
+		return nil, err
+	}
+
+	uri := f.client.getEndpoint(fileServiceName, path, params)
+	extraHeaders = f.client.protectUserAgent(extraHeaders)
+	headers := mergeHeaders(f.client.getStandardHeaders(), extraHeaders)
+
+	resp, err := f.client.exec(http.MethodGet, uri, headers, nil, f.auth)
+	if err != nil {
+		return nil, err
+	}
+
+	if err = checkRespCode(resp, []int{http.StatusOK}); err != nil {
+		drainRespBody(resp)
+		return nil, err
+	}
+
+	return resp, nil
+}
+
+// returns true if the specified resource exists
+func (f FileServiceClient) resourceExists(path string, res resourceType) (bool, http.Header, error) {
+	if err := f.checkForStorageEmulator(); err != nil {
+		return false, nil, err
+	}
+
+	uri := f.client.getEndpoint(fileServiceName, path, getURLInitValues(compNone, res))
+	headers := f.client.getStandardHeaders()
+
+	resp, err := f.client.exec(http.MethodHead, uri, headers, nil, f.auth)
+	if resp != nil {
+		defer drainRespBody(resp)
+		if resp.StatusCode == http.StatusOK || resp.StatusCode == http.StatusNotFound {
+			return resp.StatusCode == http.StatusOK, resp.Header, nil
+		}
+	}
+	return false, nil, err
+}
+
+// creates a resource depending on the specified resource type
+func (f FileServiceClient) createResource(path string, res resourceType, urlParams url.Values, extraHeaders map[string]string, expectedResponseCodes []int) (http.Header, error) {
+	resp, err := f.createResourceNoClose(path, res, urlParams, extraHeaders)
+	if err != nil {
+		return nil, err
+	}
+	defer drainRespBody(resp)
+	return resp.Header, checkRespCode(resp, expectedResponseCodes)
+}
+
+// creates a resource depending on the specified resource type, doesn't close the response body
+func (f FileServiceClient) createResourceNoClose(path string, res resourceType, urlParams url.Values, extraHeaders map[string]string) (*http.Response, error) {
+	if err := f.checkForStorageEmulator(); err != nil {
+		return nil, err
+	}
+
+	values := getURLInitValues(compNone, res)
+	combinedParams := mergeParams(values, urlParams)
+	uri := f.client.getEndpoint(fileServiceName, path, combinedParams)
+	extraHeaders = f.client.protectUserAgent(extraHeaders)
+	headers := mergeHeaders(f.client.getStandardHeaders(), extraHeaders)
+
+	return f.client.exec(http.MethodPut, uri, headers, nil, f.auth)
+}
+
+// returns HTTP header data for the specified directory or share
+func (f FileServiceClient) getResourceHeaders(path string, comp compType, res resourceType, params url.Values, verb string) (http.Header, error) {
+	resp, err := f.getResourceNoClose(path, comp, res, params, verb, nil)
+	if err != nil {
+		return nil, err
+	}
+	defer drainRespBody(resp)
+
+	if err = checkRespCode(resp, []int{http.StatusOK}); err != nil {
+		return nil, err
+	}
+
+	return resp.Header, nil
+}
+
+// gets the specified resource, doesn't close the response body
+func (f FileServiceClient) getResourceNoClose(path string, comp compType, res resourceType, params url.Values, verb string, extraHeaders map[string]string) (*http.Response, error) {
+	if err := f.checkForStorageEmulator(); err != nil {
+		return nil, err
+	}
+
+	params = mergeParams(params, getURLInitValues(comp, res))
+	uri := f.client.getEndpoint(fileServiceName, path, params)
+	headers := mergeHeaders(f.client.getStandardHeaders(), extraHeaders)
+
+	return f.client.exec(verb, uri, headers, nil, f.auth)
+}
+
+// deletes the resource and returns the response
+func (f FileServiceClient) deleteResource(path string, res resourceType, options *FileRequestOptions) error {
+	resp, err := f.deleteResourceNoClose(path, res, options)
+	if err != nil {
+		return err
+	}
+	defer drainRespBody(resp)
+	return checkRespCode(resp, []int{http.StatusAccepted})
+}
+
+// deletes the resource and returns the response, doesn't close the response body
+func (f FileServiceClient) deleteResourceNoClose(path string, res resourceType, options *FileRequestOptions) (*http.Response, error) {
+	if err := f.checkForStorageEmulator(); err != nil {
+		return nil, err
+	}
+
+	values := mergeParams(getURLInitValues(compNone, res), prepareOptions(options))
+	uri := f.client.getEndpoint(fileServiceName, path, values)
+	return f.client.exec(http.MethodDelete, uri, f.client.getStandardHeaders(), nil, f.auth)
+}
+
+// merges metadata into extraHeaders and returns extraHeaders
+func mergeMDIntoExtraHeaders(metadata, extraHeaders map[string]string) map[string]string {
+	if metadata == nil && extraHeaders == nil {
+		return nil
+	}
+	if extraHeaders == nil {
+		extraHeaders = make(map[string]string)
+	}
+	for k, v := range metadata {
+		extraHeaders[userDefinedMetadataHeaderPrefix+k] = v
+	}
+	return extraHeaders
+}
+
+// sets extra header data for the specified resource
+func (f FileServiceClient) setResourceHeaders(path string, comp compType, res resourceType, extraHeaders map[string]string, options *FileRequestOptions) (http.Header, error) {
+	if err := f.checkForStorageEmulator(); err != nil {
+		return nil, err
+	}
+
+	params := mergeParams(getURLInitValues(comp, res), prepareOptions(options))
+	uri := f.client.getEndpoint(fileServiceName, path, params)
+	extraHeaders = f.client.protectUserAgent(extraHeaders)
+	headers := mergeHeaders(f.client.getStandardHeaders(), extraHeaders)
+
+	resp, err := f.client.exec(http.MethodPut, uri, headers, nil, f.auth)
+	if err != nil {
+		return nil, err
+	}
+	defer drainRespBody(resp)
+
+	return resp.Header, checkRespCode(resp, []int{http.StatusOK})
+}
+
+//checkForStorageEmulator determines if the client is setup for use with
+//Azure Storage Emulator, and returns a relevant error
+func (f FileServiceClient) checkForStorageEmulator() error {
+	if f.client.accountName == StorageEmulatorAccountName {
+		return fmt.Errorf("Error: File service is not currently supported by Azure Storage Emulator")
+	}
+	return nil
+}
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/storage/leaseblob.go b/vendor/github.com/Azure/azure-sdk-for-go/storage/leaseblob.go
new file mode 100644
index 000000000..6453477ba
--- /dev/null
+++ b/vendor/github.com/Azure/azure-sdk-for-go/storage/leaseblob.go
@@ -0,0 +1,190 @@
+package storage
+
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License. See License.txt in the project root for license information.
+
+import (
+	"errors"
+	"net/http"
+	"net/url"
+	"strconv"
+	"time"
+)
+
+// lease constants.
+const (
+	leaseHeaderPrefix = "x-ms-lease-"
+	headerLeaseID     = "x-ms-lease-id"
+	leaseAction       = "x-ms-lease-action"
+	leaseBreakPeriod  = "x-ms-lease-break-period"
+	leaseDuration     = "x-ms-lease-duration"
+	leaseProposedID   = "x-ms-proposed-lease-id"
+	leaseTime         = "x-ms-lease-time"
+
+	acquireLease = "acquire"
+	renewLease   = "renew"
+	changeLease  = "change"
+	releaseLease = "release"
+	breakLease   = "break"
+)
+
+// leasePut is common PUT code for the various acquire/release/break etc functions.
+func (b *Blob) leaseCommonPut(headers map[string]string, expectedStatus int, options *LeaseOptions) (http.Header, error) {
+	params := url.Values{"comp": {"lease"}}
+
+	if options != nil {
+		params = addTimeout(params, options.Timeout)
+		headers = mergeHeaders(headers, headersFromStruct(*options))
+	}
+	uri := b.Container.bsc.client.getEndpoint(blobServiceName, b.buildPath(), params)
+
+	resp, err := b.Container.bsc.client.exec(http.MethodPut, uri, headers, nil, b.Container.bsc.auth)
+	if err != nil {
+		return nil, err
+	}
+	defer drainRespBody(resp)
+
+	if err := checkRespCode(resp, []int{expectedStatus}); err != nil {
+		return nil, err
+	}
+
+	return resp.Header, nil
+}
+
+// LeaseOptions includes options for all operations regarding leasing blobs
+type LeaseOptions struct {
+	Timeout           uint
+	Origin            string     `header:"Origin"`
+	IfMatch           string     `header:"If-Match"`
+	IfNoneMatch       string     `header:"If-None-Match"`
+	IfModifiedSince   *time.Time `header:"If-Modified-Since"`
+	IfUnmodifiedSince *time.Time `header:"If-Unmodified-Since"`
+	RequestID         string     `header:"x-ms-client-request-id"`
+}
+
+// AcquireLease creates a lease for a blob
+// returns leaseID acquired
+// In API Versions starting on 2012-02-12, the minimum leaseTimeInSeconds is 15, the maximum
+// non-infinite leaseTimeInSeconds is 60. To specify an infinite lease, provide the value -1.
+// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/Lease-Blob
+func (b *Blob) AcquireLease(leaseTimeInSeconds int, proposedLeaseID string, options *LeaseOptions) (returnedLeaseID string, err error) {
+	headers := b.Container.bsc.client.getStandardHeaders()
+	headers[leaseAction] = acquireLease
+
+	if leaseTimeInSeconds == -1 {
+		// Do nothing, but don't trigger the following clauses.
+	} else if leaseTimeInSeconds > 60 || b.Container.bsc.client.apiVersion < "2012-02-12" {
+		leaseTimeInSeconds = 60
+	} else if leaseTimeInSeconds < 15 {
+		leaseTimeInSeconds = 15
+	}
+
+	headers[leaseDuration] = strconv.Itoa(leaseTimeInSeconds)
+
+	if proposedLeaseID != "" {
+		headers[leaseProposedID] = proposedLeaseID
+	}
+
+	respHeaders, err := b.leaseCommonPut(headers, http.StatusCreated, options)
+	if err != nil {
+		return "", err
+	}
+
+	returnedLeaseID = respHeaders.Get(http.CanonicalHeaderKey(headerLeaseID))
+
+	if returnedLeaseID != "" {
+		return returnedLeaseID, nil
+	}
+
+	return "", errors.New("LeaseID not returned")
+}
+
+// BreakLease breaks the lease for a blob
+// Returns the timeout remaining in the lease in seconds
+// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/Lease-Blob
+func (b *Blob) BreakLease(options *LeaseOptions) (breakTimeout int, err error) {
+	headers := b.Container.bsc.client.getStandardHeaders()
+	headers[leaseAction] = breakLease
+	return b.breakLeaseCommon(headers, options)
+}
+
+// BreakLeaseWithBreakPeriod breaks the lease for a blob
+// breakPeriodInSeconds is used to determine how long until new lease can be created.
+// Returns the timeout remaining in the lease in seconds
+// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/Lease-Blob
+func (b *Blob) BreakLeaseWithBreakPeriod(breakPeriodInSeconds int, options *LeaseOptions) (breakTimeout int, err error) {
+	headers := b.Container.bsc.client.getStandardHeaders()
+	headers[leaseAction] = breakLease
+	headers[leaseBreakPeriod] = strconv.Itoa(breakPeriodInSeconds)
+	return b.breakLeaseCommon(headers, options)
+}
+
+// breakLeaseCommon is common code for both version of BreakLease (with and without break period)
+func (b *Blob) breakLeaseCommon(headers map[string]string, options *LeaseOptions) (breakTimeout int, err error) {
+
+	respHeaders, err := b.leaseCommonPut(headers, http.StatusAccepted, options)
+	if err != nil {
+		return 0, err
+	}
+
+	breakTimeoutStr := respHeaders.Get(http.CanonicalHeaderKey(leaseTime))
+	if breakTimeoutStr != "" {
+		breakTimeout, err = strconv.Atoi(breakTimeoutStr)
+		if err != nil {
+			return 0, err
+		}
+	}
+
+	return breakTimeout, nil
+}
+
+// ChangeLease changes a lease ID for a blob
+// Returns the new LeaseID acquired
+// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/Lease-Blob
+func (b *Blob) ChangeLease(currentLeaseID string, proposedLeaseID string, options *LeaseOptions) (newLeaseID string, err error) {
+	headers := b.Container.bsc.client.getStandardHeaders()
+	headers[leaseAction] = changeLease
+	headers[headerLeaseID] = currentLeaseID
+	headers[leaseProposedID] = proposedLeaseID
+
+	respHeaders, err := b.leaseCommonPut(headers, http.StatusOK, options)
+	if err != nil {
+		return "", err
+	}
+
+	newLeaseID = respHeaders.Get(http.CanonicalHeaderKey(headerLeaseID))
+	if newLeaseID != "" {
+		return newLeaseID, nil
+	}
+
+	return "", errors.New("LeaseID not returned")
+}
+
+// ReleaseLease releases the lease for a blob
+// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/Lease-Blob
+func (b *Blob) ReleaseLease(currentLeaseID string, options *LeaseOptions) error {
+	headers := b.Container.bsc.client.getStandardHeaders()
+	headers[leaseAction] = releaseLease
+	headers[headerLeaseID] = currentLeaseID
+
+	_, err := b.leaseCommonPut(headers, http.StatusOK, options)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// RenewLease renews the lease for a blob as per https://msdn.microsoft.com/en-us/library/azure/ee691972.aspx
+func (b *Blob) RenewLease(currentLeaseID string, options *LeaseOptions) error {
+	headers := b.Container.bsc.client.getStandardHeaders()
+	headers[leaseAction] = renewLease
+	headers[headerLeaseID] = currentLeaseID
+
+	_, err := b.leaseCommonPut(headers, http.StatusOK, options)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/storage/message.go b/vendor/github.com/Azure/azure-sdk-for-go/storage/message.go
new file mode 100644
index 000000000..e5447e4a1
--- /dev/null
+++ b/vendor/github.com/Azure/azure-sdk-for-go/storage/message.go
@@ -0,0 +1,160 @@
+package storage
+
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License. See License.txt in the project root for license information.
+
+import (
+	"encoding/xml"
+	"fmt"
+	"net/http"
+	"net/url"
+	"strconv"
+	"time"
+)
+
+// Message represents an Azure message.
+type Message struct {
+	Queue        *Queue
+	Text         string      `xml:"MessageText"`
+	ID           string      `xml:"MessageId"`
+	Insertion    TimeRFC1123 `xml:"InsertionTime"`
+	Expiration   TimeRFC1123 `xml:"ExpirationTime"`
+	PopReceipt   string      `xml:"PopReceipt"`
+	NextVisible  TimeRFC1123 `xml:"TimeNextVisible"`
+	DequeueCount int         `xml:"DequeueCount"`
+}
+
+func (m *Message) buildPath() string {
+	return fmt.Sprintf("%s/%s", m.Queue.buildPathMessages(), m.ID)
+}
+
+// PutMessageOptions is the set of options can be specified for Put Messsage
+// operation. A zero struct does not use any preferences for the request.
+type PutMessageOptions struct {
+	Timeout           uint
+	VisibilityTimeout int
+	MessageTTL        int
+	RequestID         string `header:"x-ms-client-request-id"`
+}
+
+// Put operation adds a new message to the back of the message queue.
+//
+// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/Put-Message
+func (m *Message) Put(options *PutMessageOptions) error {
+	query := url.Values{}
+	headers := m.Queue.qsc.client.getStandardHeaders()
+
+	req := putMessageRequest{MessageText: m.Text}
+	body, nn, err := xmlMarshal(req)
+	if err != nil {
+		return err
+	}
+	headers["Content-Length"] = strconv.Itoa(nn)
+
+	if options != nil {
+		if options.VisibilityTimeout != 0 {
+			query.Set("visibilitytimeout", strconv.Itoa(options.VisibilityTimeout))
+		}
+		if options.MessageTTL != 0 {
+			query.Set("messagettl", strconv.Itoa(options.MessageTTL))
+		}
+		query = addTimeout(query, options.Timeout)
+		headers = mergeHeaders(headers, headersFromStruct(*options))
+	}
+
+	uri := m.Queue.qsc.client.getEndpoint(queueServiceName, m.Queue.buildPathMessages(), query)
+	resp, err := m.Queue.qsc.client.exec(http.MethodPost, uri, headers, body, m.Queue.qsc.auth)
+	if err != nil {
+		return err
+	}
+	defer drainRespBody(resp)
+	err = checkRespCode(resp, []int{http.StatusCreated})
+	if err != nil {
+		return err
+	}
+	err = xmlUnmarshal(resp.Body, m)
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
+// UpdateMessageOptions is the set of options can be specified for Update Messsage
+// operation. A zero struct does not use any preferences for the request.
+type UpdateMessageOptions struct {
+	Timeout           uint
+	VisibilityTimeout int
+	RequestID         string `header:"x-ms-client-request-id"`
+}
+
+// Update operation updates the specified message.
+//
+// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/Update-Message
+func (m *Message) Update(options *UpdateMessageOptions) error {
+	query := url.Values{}
+	if m.PopReceipt != "" {
+		query.Set("popreceipt", m.PopReceipt)
+	}
+
+	headers := m.Queue.qsc.client.getStandardHeaders()
+	req := putMessageRequest{MessageText: m.Text}
+	body, nn, err := xmlMarshal(req)
+	if err != nil {
+		return err
+	}
+	headers["Content-Length"] = strconv.Itoa(nn)
+	// visibilitytimeout is required for Update (zero or greater) so set the default here
+	query.Set("visibilitytimeout", "0")
+	if options != nil {
+		if options.VisibilityTimeout != 0 {
+			query.Set("visibilitytimeout", strconv.Itoa(options.VisibilityTimeout))
+		}
+		query = addTimeout(query, options.Timeout)
+		headers = mergeHeaders(headers, headersFromStruct(*options))
+	}
+	uri := m.Queue.qsc.client.getEndpoint(queueServiceName, m.buildPath(), query)
+
+	resp, err := m.Queue.qsc.client.exec(http.MethodPut, uri, headers, body, m.Queue.qsc.auth)
+	if err != nil {
+		return err
+	}
+	defer drainRespBody(resp)
+
+	m.PopReceipt = resp.Header.Get("x-ms-popreceipt")
+	nextTimeStr := resp.Header.Get("x-ms-time-next-visible")
+	if nextTimeStr != "" {
+		nextTime, err := time.Parse(time.RFC1123, nextTimeStr)
+		if err != nil {
+			return err
+		}
+		m.NextVisible = TimeRFC1123(nextTime)
+	}
+
+	return checkRespCode(resp, []int{http.StatusNoContent})
+}
+
+// Delete operation deletes the specified message.
+//
+// See https://msdn.microsoft.com/en-us/library/azure/dd179347.aspx
+func (m *Message) Delete(options *QueueServiceOptions) error {
+	params := url.Values{"popreceipt": {m.PopReceipt}}
+	headers := m.Queue.qsc.client.getStandardHeaders()
+
+	if options != nil {
+		params = addTimeout(params, options.Timeout)
+		headers = mergeHeaders(headers, headersFromStruct(*options))
+	}
+	uri := m.Queue.qsc.client.getEndpoint(queueServiceName, m.buildPath(), params)
+
+	resp, err := m.Queue.qsc.client.exec(http.MethodDelete, uri, headers, nil, m.Queue.qsc.auth)
+	if err != nil {
+		return err
+	}
+	defer drainRespBody(resp)
+	return checkRespCode(resp, []int{http.StatusNoContent})
+}
+
+type putMessageRequest struct {
+	XMLName     xml.Name `xml:"QueueMessage"`
+	MessageText string   `xml:"MessageText"`
+}
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/storage/odata.go b/vendor/github.com/Azure/azure-sdk-for-go/storage/odata.go
new file mode 100644
index 000000000..3b0572238
--- /dev/null
+++ b/vendor/github.com/Azure/azure-sdk-for-go/storage/odata.go
@@ -0,0 +1,37 @@
+package storage
+
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License. See License.txt in the project root for license information.
+
+// MetadataLevel determines if operations should return a paylod,
+// and it level of detail.
+type MetadataLevel string
+
+// This consts are meant to help with Odata supported operations
+const (
+	OdataTypeSuffix = "@odata.type"
+
+	// Types
+
+	OdataBinary   = "Edm.Binary"
+	OdataDateTime = "Edm.DateTime"
+	OdataDouble   = "Edm.Double"
+	OdataGUID     = "Edm.Guid"
+	OdataInt64    = "Edm.Int64"
+
+	// Query options
+
+	OdataFilter  = "$filter"
+	OdataOrderBy = "$orderby"
+	OdataTop     = "$top"
+	OdataSkip    = "$skip"
+	OdataCount   = "$count"
+	OdataExpand  = "$expand"
+	OdataSelect  = "$select"
+	OdataSearch  = "$search"
+
+	EmptyPayload    MetadataLevel = ""
+	NoMetadata      MetadataLevel = "application/json;odata=nometadata"
+	MinimalMetadata MetadataLevel = "application/json;odata=minimalmetadata"
+	FullMetadata    MetadataLevel = "application/json;odata=fullmetadata"
+)
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/storage/pageblob.go b/vendor/github.com/Azure/azure-sdk-for-go/storage/pageblob.go
new file mode 100644
index 000000000..ff93ec2ac
--- /dev/null
+++ b/vendor/github.com/Azure/azure-sdk-for-go/storage/pageblob.go
@@ -0,0 +1,192 @@
+package storage
+
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License. See License.txt in the project root for license information.
+
+import (
+	"encoding/xml"
+	"errors"
+	"fmt"
+	"io"
+	"net/http"
+	"net/url"
+	"time"
+)
+
+// GetPageRangesResponse contains the response fields from
+// Get Page Ranges call.
+//
+// See https://msdn.microsoft.com/en-us/library/azure/ee691973.aspx
+type GetPageRangesResponse struct {
+	XMLName  xml.Name    `xml:"PageList"`
+	PageList []PageRange `xml:"PageRange"`
+}
+
+// PageRange contains information about a page of a page blob from
+// Get Pages Range call.
+//
+// See https://msdn.microsoft.com/en-us/library/azure/ee691973.aspx
+type PageRange struct {
+	Start int64 `xml:"Start"`
+	End   int64 `xml:"End"`
+}
+
+var (
+	errBlobCopyAborted    = errors.New("storage: blob copy is aborted")
+	errBlobCopyIDMismatch = errors.New("storage: blob copy id is a mismatch")
+)
+
+// PutPageOptions includes the options for a put page operation
+type PutPageOptions struct {
+	Timeout                           uint
+	LeaseID                           string     `header:"x-ms-lease-id"`
+	IfSequenceNumberLessThanOrEqualTo *int       `header:"x-ms-if-sequence-number-le"`
+	IfSequenceNumberLessThan          *int       `header:"x-ms-if-sequence-number-lt"`
+	IfSequenceNumberEqualTo           *int       `header:"x-ms-if-sequence-number-eq"`
+	IfModifiedSince                   *time.Time `header:"If-Modified-Since"`
+	IfUnmodifiedSince                 *time.Time `header:"If-Unmodified-Since"`
+	IfMatch                           string     `header:"If-Match"`
+	IfNoneMatch                       string     `header:"If-None-Match"`
+	RequestID                         string     `header:"x-ms-client-request-id"`
+}
+
+// WriteRange writes a range of pages to a page blob.
+// Ranges must be aligned with 512-byte boundaries and chunk must be of size
+// multiplies by 512.
+//
+// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/Put-Page
+func (b *Blob) WriteRange(blobRange BlobRange, bytes io.Reader, options *PutPageOptions) error {
+	if bytes == nil {
+		return errors.New("bytes cannot be nil")
+	}
+	return b.modifyRange(blobRange, bytes, options)
+}
+
+// ClearRange clears the given range in a page blob.
+// Ranges must be aligned with 512-byte boundaries and chunk must be of size
+// multiplies by 512.
+//
+// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/Put-Page
+func (b *Blob) ClearRange(blobRange BlobRange, options *PutPageOptions) error {
+	return b.modifyRange(blobRange, nil, options)
+}
+
+func (b *Blob) modifyRange(blobRange BlobRange, bytes io.Reader, options *PutPageOptions) error {
+	if blobRange.End < blobRange.Start {
+		return errors.New("the value for rangeEnd must be greater than or equal to rangeStart")
+	}
+	if blobRange.Start%512 != 0 {
+		return errors.New("the value for rangeStart must be a multiple of 512")
+	}
+	if blobRange.End%512 != 511 {
+		return errors.New("the value for rangeEnd must be a multiple of 512 - 1")
+	}
+
+	params := url.Values{"comp": {"page"}}
+
+	// default to clear
+	write := "clear"
+	var cl uint64
+
+	// if bytes is not nil then this is an update operation
+	if bytes != nil {
+		write = "update"
+		cl = (blobRange.End - blobRange.Start) + 1
+	}
+
+	headers := b.Container.bsc.client.getStandardHeaders()
+	headers["x-ms-blob-type"] = string(BlobTypePage)
+	headers["x-ms-page-write"] = write
+	headers["x-ms-range"] = blobRange.String()
+	headers["Content-Length"] = fmt.Sprintf("%v", cl)
+
+	if options != nil {
+		params = addTimeout(params, options.Timeout)
+		headers = mergeHeaders(headers, headersFromStruct(*options))
+	}
+	uri := b.Container.bsc.client.getEndpoint(blobServiceName, b.buildPath(), params)
+
+	resp, err := b.Container.bsc.client.exec(http.MethodPut, uri, headers, bytes, b.Container.bsc.auth)
+	if err != nil {
+		return err
+	}
+	defer drainRespBody(resp)
+	return checkRespCode(resp, []int{http.StatusCreated})
+}
+
+// GetPageRangesOptions includes the options for a get page ranges operation
+type GetPageRangesOptions struct {
+	Timeout          uint
+	Snapshot         *time.Time
+	PreviousSnapshot *time.Time
+	Range            *BlobRange
+	LeaseID          string `header:"x-ms-lease-id"`
+	RequestID        string `header:"x-ms-client-request-id"`
+}
+
+// GetPageRanges returns the list of valid page ranges for a page blob.
+//
+// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/Get-Page-Ranges
+func (b *Blob) GetPageRanges(options *GetPageRangesOptions) (GetPageRangesResponse, error) {
+	params := url.Values{"comp": {"pagelist"}}
+	headers := b.Container.bsc.client.getStandardHeaders()
+
+	if options != nil {
+		params = addTimeout(params, options.Timeout)
+		params = addSnapshot(params, options.Snapshot)
+		if options.PreviousSnapshot != nil {
+			params.Add("prevsnapshot", timeRFC3339Formatted(*options.PreviousSnapshot))
+		}
+		if options.Range != nil {
+			headers["Range"] = options.Range.String()
+		}
+		headers = mergeHeaders(headers, headersFromStruct(*options))
+	}
+	uri := b.Container.bsc.client.getEndpoint(blobServiceName, b.buildPath(), params)
+
+	var out GetPageRangesResponse
+	resp, err := b.Container.bsc.client.exec(http.MethodGet, uri, headers, nil, b.Container.bsc.auth)
+	if err != nil {
+		return out, err
+	}
+	defer drainRespBody(resp)
+
+	if err = checkRespCode(resp, []int{http.StatusOK}); err != nil {
+		return out, err
+	}
+	err = xmlUnmarshal(resp.Body, &out)
+	return out, err
+}
+
+// PutPageBlob initializes an empty page blob with specified name and maximum
+// size in bytes (size must be aligned to a 512-byte boundary). A page blob must
+// be created using this method before writing pages.
+//
+// See CreateBlockBlobFromReader for more info on creating blobs.
+//
+// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/Put-Blob
+func (b *Blob) PutPageBlob(options *PutBlobOptions) error {
+	if b.Properties.ContentLength%512 != 0 {
+		return errors.New("Content length must be aligned to a 512-byte boundary")
+	}
+
+	params := url.Values{}
+	headers := b.Container.bsc.client.getStandardHeaders()
+	headers["x-ms-blob-type"] = string(BlobTypePage)
+	headers["x-ms-blob-content-length"] = fmt.Sprintf("%v", b.Properties.ContentLength)
+	headers["x-ms-blob-sequence-number"] = fmt.Sprintf("%v", b.Properties.SequenceNumber)
+	headers = mergeHeaders(headers, headersFromStruct(b.Properties))
+	headers = b.Container.bsc.client.addMetadataToHeaders(headers, b.Metadata)
+
+	if options != nil {
+		params = addTimeout(params, options.Timeout)
+		headers = mergeHeaders(headers, headersFromStruct(*options))
+	}
+	uri := b.Container.bsc.client.getEndpoint(blobServiceName, b.buildPath(), params)
+
+	resp, err := b.Container.bsc.client.exec(http.MethodPut, uri, headers, nil, b.Container.bsc.auth)
+	if err != nil {
+		return err
+	}
+	return b.respondCreation(resp, BlobTypePage)
+}
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/storage/queue.go b/vendor/github.com/Azure/azure-sdk-for-go/storage/queue.go
new file mode 100644
index 000000000..7731e4ebc
--- /dev/null
+++ b/vendor/github.com/Azure/azure-sdk-for-go/storage/queue.go
@@ -0,0 +1,425 @@
+package storage
+
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License. See License.txt in the project root for license information.
+
+import (
+	"encoding/xml"
+	"fmt"
+	"io"
+	"net/http"
+	"net/url"
+	"strconv"
+	"time"
+)
+
+const (
+	// casing is per Golang's http.Header canonicalizing the header names.
+	approximateMessagesCountHeader = "X-Ms-Approximate-Messages-Count"
+)
+
+// QueueAccessPolicy represents each access policy in the queue ACL.
+type QueueAccessPolicy struct {
+	ID         string
+	StartTime  time.Time
+	ExpiryTime time.Time
+	CanRead    bool
+	CanAdd     bool
+	CanUpdate  bool
+	CanProcess bool
+}
+
+// QueuePermissions represents the queue ACLs.
+type QueuePermissions struct {
+	AccessPolicies []QueueAccessPolicy
+}
+
+// SetQueuePermissionOptions includes options for a set queue permissions operation
+type SetQueuePermissionOptions struct {
+	Timeout   uint
+	RequestID string `header:"x-ms-client-request-id"`
+}
+
+// Queue represents an Azure queue.
+type Queue struct {
+	qsc               *QueueServiceClient
+	Name              string
+	Metadata          map[string]string
+	AproxMessageCount uint64
+}
+
+func (q *Queue) buildPath() string {
+	return fmt.Sprintf("/%s", q.Name)
+}
+
+func (q *Queue) buildPathMessages() string {
+	return fmt.Sprintf("%s/messages", q.buildPath())
+}
+
+// QueueServiceOptions includes options for some queue service operations
+type QueueServiceOptions struct {
+	Timeout   uint
+	RequestID string `header:"x-ms-client-request-id"`
+}
+
+// Create operation creates a queue under the given account.
+//
+// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/Create-Queue4
+func (q *Queue) Create(options *QueueServiceOptions) error {
+	params := url.Values{}
+	headers := q.qsc.client.getStandardHeaders()
+	headers = q.qsc.client.addMetadataToHeaders(headers, q.Metadata)
+
+	if options != nil {
+		params = addTimeout(params, options.Timeout)
+		headers = mergeHeaders(headers, headersFromStruct(*options))
+	}
+	uri := q.qsc.client.getEndpoint(queueServiceName, q.buildPath(), params)
+
+	resp, err := q.qsc.client.exec(http.MethodPut, uri, headers, nil, q.qsc.auth)
+	if err != nil {
+		return err
+	}
+	defer drainRespBody(resp)
+	return checkRespCode(resp, []int{http.StatusCreated})
+}
+
+// Delete operation permanently deletes the specified queue.
+//
+// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/Delete-Queue3
+func (q *Queue) Delete(options *QueueServiceOptions) error {
+	params := url.Values{}
+	headers := q.qsc.client.getStandardHeaders()
+
+	if options != nil {
+		params = addTimeout(params, options.Timeout)
+		headers = mergeHeaders(headers, headersFromStruct(*options))
+	}
+	uri := q.qsc.client.getEndpoint(queueServiceName, q.buildPath(), params)
+	resp, err := q.qsc.client.exec(http.MethodDelete, uri, headers, nil, q.qsc.auth)
+	if err != nil {
+		return err
+	}
+	defer drainRespBody(resp)
+	return checkRespCode(resp, []int{http.StatusNoContent})
+}
+
+// Exists returns true if a queue with given name exists.
+func (q *Queue) Exists() (bool, error) {
+	uri := q.qsc.client.getEndpoint(queueServiceName, q.buildPath(), url.Values{"comp": {"metadata"}})
+	resp, err := q.qsc.client.exec(http.MethodGet, uri, q.qsc.client.getStandardHeaders(), nil, q.qsc.auth)
+	if resp != nil {
+		defer drainRespBody(resp)
+		if resp.StatusCode == http.StatusOK || resp.StatusCode == http.StatusNotFound {
+			return resp.StatusCode == http.StatusOK, nil
+		}
+		err = getErrorFromResponse(resp)
+	}
+	return false, err
+}
+
+// SetMetadata operation sets user-defined metadata on the specified queue.
+// Metadata is associated with the queue as name-value pairs.
+//
+// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/Set-Queue-Metadata
+func (q *Queue) SetMetadata(options *QueueServiceOptions) error {
+	params := url.Values{"comp": {"metadata"}}
+	headers := q.qsc.client.getStandardHeaders()
+	headers = q.qsc.client.addMetadataToHeaders(headers, q.Metadata)
+
+	if options != nil {
+		params = addTimeout(params, options.Timeout)
+		headers = mergeHeaders(headers, headersFromStruct(*options))
+	}
+	uri := q.qsc.client.getEndpoint(queueServiceName, q.buildPath(), params)
+
+	resp, err := q.qsc.client.exec(http.MethodPut, uri, headers, nil, q.qsc.auth)
+	if err != nil {
+		return err
+	}
+	defer drainRespBody(resp)
+	return checkRespCode(resp, []int{http.StatusNoContent})
+}
+
+// GetMetadata operation retrieves user-defined metadata and queue
+// properties on the specified queue. Metadata is associated with
+// the queue as name-values pairs.
+//
+// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/Set-Queue-Metadata
+//
+// Because the way Golang's http client (and http.Header in particular)
+// canonicalize header names, the returned metadata names would always
+// be all lower case.
+func (q *Queue) GetMetadata(options *QueueServiceOptions) error {
+	params := url.Values{"comp": {"metadata"}}
+	headers := q.qsc.client.getStandardHeaders()
+
+	if options != nil {
+		params = addTimeout(params, options.Timeout)
+		headers = mergeHeaders(headers, headersFromStruct(*options))
+	}
+	uri := q.qsc.client.getEndpoint(queueServiceName, q.buildPath(), params)
+
+	resp, err := q.qsc.client.exec(http.MethodGet, uri, headers, nil, q.qsc.auth)
+	if err != nil {
+		return err
+	}
+	defer drainRespBody(resp)
+
+	if err := checkRespCode(resp, []int{http.StatusOK}); err != nil {
+		return err
+	}
+
+	aproxMessagesStr := resp.Header.Get(http.CanonicalHeaderKey(approximateMessagesCountHeader))
+	if aproxMessagesStr != "" {
+		aproxMessages, err := strconv.ParseUint(aproxMessagesStr, 10, 64)
+		if err != nil {
+			return err
+		}
+		q.AproxMessageCount = aproxMessages
+	}
+
+	q.Metadata = getMetadataFromHeaders(resp.Header)
+	return nil
+}
+
+// GetMessageReference returns a message object with the specified text.
+func (q *Queue) GetMessageReference(text string) *Message {
+	return &Message{
+		Queue: q,
+		Text:  text,
+	}
+}
+
+// GetMessagesOptions is the set of options can be specified for Get
+// Messsages operation. A zero struct does not use any preferences for the
+// request.
+type GetMessagesOptions struct {
+	Timeout           uint
+	NumOfMessages     int
+	VisibilityTimeout int
+	RequestID         string `header:"x-ms-client-request-id"`
+}
+
+type messages struct {
+	XMLName  xml.Name  `xml:"QueueMessagesList"`
+	Messages []Message `xml:"QueueMessage"`
+}
+
+// GetMessages operation retrieves one or more messages from the front of the
+// queue.
+//
+// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/Get-Messages
+func (q *Queue) GetMessages(options *GetMessagesOptions) ([]Message, error) {
+	query := url.Values{}
+	headers := q.qsc.client.getStandardHeaders()
+
+	if options != nil {
+		if options.NumOfMessages != 0 {
+			query.Set("numofmessages", strconv.Itoa(options.NumOfMessages))
+		}
+		if options.VisibilityTimeout != 0 {
+			query.Set("visibilitytimeout", strconv.Itoa(options.VisibilityTimeout))
+		}
+		query = addTimeout(query, options.Timeout)
+		headers = mergeHeaders(headers, headersFromStruct(*options))
+	}
+	uri := q.qsc.client.getEndpoint(queueServiceName, q.buildPathMessages(), query)
+
+	resp, err := q.qsc.client.exec(http.MethodGet, uri, headers, nil, q.qsc.auth)
+	if err != nil {
+		return []Message{}, err
+	}
+	defer resp.Body.Close()
+
+	var out messages
+	err = xmlUnmarshal(resp.Body, &out)
+	if err != nil {
+		return []Message{}, err
+	}
+	for i := range out.Messages {
+		out.Messages[i].Queue = q
+	}
+	return out.Messages, err
+}
+
+// PeekMessagesOptions is the set of options can be specified for Peek
+// Messsage operation. A zero struct does not use any preferences for the
+// request.
+type PeekMessagesOptions struct {
+	Timeout       uint
+	NumOfMessages int
+	RequestID     string `header:"x-ms-client-request-id"`
+}
+
+// PeekMessages retrieves one or more messages from the front of the queue, but
+// does not alter the visibility of the message.
+//
+// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/Peek-Messages
+func (q *Queue) PeekMessages(options *PeekMessagesOptions) ([]Message, error) {
+	query := url.Values{"peekonly": {"true"}} // Required for peek operation
+	headers := q.qsc.client.getStandardHeaders()
+
+	if options != nil {
+		if options.NumOfMessages != 0 {
+			query.Set("numofmessages", strconv.Itoa(options.NumOfMessages))
+		}
+		query = addTimeout(query, options.Timeout)
+		headers = mergeHeaders(headers, headersFromStruct(*options))
+	}
+	uri := q.qsc.client.getEndpoint(queueServiceName, q.buildPathMessages(), query)
+
+	resp, err := q.qsc.client.exec(http.MethodGet, uri, headers, nil, q.qsc.auth)
+	if err != nil {
+		return []Message{}, err
+	}
+	defer resp.Body.Close()
+
+	var out messages
+	err = xmlUnmarshal(resp.Body, &out)
+	if err != nil {
+		return []Message{}, err
+	}
+	for i := range out.Messages {
+		out.Messages[i].Queue = q
+	}
+	return out.Messages, err
+}
+
+// ClearMessages operation deletes all messages from the specified queue.
+//
+// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/Clear-Messages
+func (q *Queue) ClearMessages(options *QueueServiceOptions) error {
+	params := url.Values{}
+	headers := q.qsc.client.getStandardHeaders()
+
+	if options != nil {
+		params = addTimeout(params, options.Timeout)
+		headers = mergeHeaders(headers, headersFromStruct(*options))
+	}
+	uri := q.qsc.client.getEndpoint(queueServiceName, q.buildPathMessages(), params)
+
+	resp, err := q.qsc.client.exec(http.MethodDelete, uri, headers, nil, q.qsc.auth)
+	if err != nil {
+		return err
+	}
+	defer drainRespBody(resp)
+	return checkRespCode(resp, []int{http.StatusNoContent})
+}
+
+// SetPermissions sets up queue permissions
+// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/set-queue-acl
+func (q *Queue) SetPermissions(permissions QueuePermissions, options *SetQueuePermissionOptions) error {
+	body, length, err := generateQueueACLpayload(permissions.AccessPolicies)
+	if err != nil {
+		return err
+	}
+
+	params := url.Values{
+		"comp": {"acl"},
+	}
+	headers := q.qsc.client.getStandardHeaders()
+	headers["Content-Length"] = strconv.Itoa(length)
+
+	if options != nil {
+		params = addTimeout(params, options.Timeout)
+		headers = mergeHeaders(headers, headersFromStruct(*options))
+	}
+	uri := q.qsc.client.getEndpoint(queueServiceName, q.buildPath(), params)
+	resp, err := q.qsc.client.exec(http.MethodPut, uri, headers, body, q.qsc.auth)
+	if err != nil {
+		return err
+	}
+	defer drainRespBody(resp)
+	return checkRespCode(resp, []int{http.StatusNoContent})
+}
+
+func generateQueueACLpayload(policies []QueueAccessPolicy) (io.Reader, int, error) {
+	sil := SignedIdentifiers{
+		SignedIdentifiers: []SignedIdentifier{},
+	}
+	for _, qapd := range policies {
+		permission := qapd.generateQueuePermissions()
+		signedIdentifier := convertAccessPolicyToXMLStructs(qapd.ID, qapd.StartTime, qapd.ExpiryTime, permission)
+		sil.SignedIdentifiers = append(sil.SignedIdentifiers, signedIdentifier)
+	}
+	return xmlMarshal(sil)
+}
+
+func (qapd *QueueAccessPolicy) generateQueuePermissions() (permissions string) {
+	// generate the permissions string (raup).
+	// still want the end user API to have bool flags.
+	permissions = ""
+
+	if qapd.CanRead {
+		permissions += "r"
+	}
+
+	if qapd.CanAdd {
+		permissions += "a"
+	}
+
+	if qapd.CanUpdate {
+		permissions += "u"
+	}
+
+	if qapd.CanProcess {
+		permissions += "p"
+	}
+
+	return permissions
+}
+
+// GetQueuePermissionOptions includes options for a get queue permissions operation
+type GetQueuePermissionOptions struct {
+	Timeout   uint
+	RequestID string `header:"x-ms-client-request-id"`
+}
+
+// GetPermissions gets the queue permissions as per https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/get-queue-acl
+// If timeout is 0 then it will not be passed to Azure
+func (q *Queue) GetPermissions(options *GetQueuePermissionOptions) (*QueuePermissions, error) {
+	params := url.Values{
+		"comp": {"acl"},
+	}
+	headers := q.qsc.client.getStandardHeaders()
+
+	if options != nil {
+		params = addTimeout(params, options.Timeout)
+		headers = mergeHeaders(headers, headersFromStruct(*options))
+	}
+	uri := q.qsc.client.getEndpoint(queueServiceName, q.buildPath(), params)
+	resp, err := q.qsc.client.exec(http.MethodGet, uri, headers, nil, q.qsc.auth)
+	if err != nil {
+		return nil, err
+	}
+	defer resp.Body.Close()
+
+	var ap AccessPolicy
+	err = xmlUnmarshal(resp.Body, &ap.SignedIdentifiersList)
+	if err != nil {
+		return nil, err
+	}
+	return buildQueueAccessPolicy(ap, &resp.Header), nil
+}
+
+func buildQueueAccessPolicy(ap AccessPolicy, headers *http.Header) *QueuePermissions {
+	permissions := QueuePermissions{
+		AccessPolicies: []QueueAccessPolicy{},
+	}
+
+	for _, policy := range ap.SignedIdentifiersList.SignedIdentifiers {
+		qapd := QueueAccessPolicy{
+			ID:         policy.ID,
+			StartTime:  policy.AccessPolicy.StartTime,
+			ExpiryTime: policy.AccessPolicy.ExpiryTime,
+		}
+		qapd.CanRead = updatePermissions(policy.AccessPolicy.Permission, "r")
+		qapd.CanAdd = updatePermissions(policy.AccessPolicy.Permission, "a")
+		qapd.CanUpdate = updatePermissions(policy.AccessPolicy.Permission, "u")
+		qapd.CanProcess = updatePermissions(policy.AccessPolicy.Permission, "p")
+
+		permissions.AccessPolicies = append(permissions.AccessPolicies, qapd)
+	}
+	return &permissions
+}
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/storage/queuesasuri.go b/vendor/github.com/Azure/azure-sdk-for-go/storage/queuesasuri.go
new file mode 100644
index 000000000..ab39f956f
--- /dev/null
+++ b/vendor/github.com/Azure/azure-sdk-for-go/storage/queuesasuri.go
@@ -0,0 +1,135 @@
+package storage
+
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License. See License.txt in the project root for license information.
+
+import (
+	"errors"
+	"fmt"
+	"net/url"
+	"strings"
+	"time"
+)
+
+// QueueSASOptions are options to construct a blob SAS
+// URI.
+// See https://docs.microsoft.com/en-us/rest/api/storageservices/constructing-a-service-sas
+type QueueSASOptions struct {
+	QueueSASPermissions
+	SASOptions
+}
+
+// QueueSASPermissions includes the available permissions for
+// a queue SAS URI.
+type QueueSASPermissions struct {
+	Read    bool
+	Add     bool
+	Update  bool
+	Process bool
+}
+
+func (q QueueSASPermissions) buildString() string {
+	permissions := ""
+
+	if q.Read {
+		permissions += "r"
+	}
+	if q.Add {
+		permissions += "a"
+	}
+	if q.Update {
+		permissions += "u"
+	}
+	if q.Process {
+		permissions += "p"
+	}
+	return permissions
+}
+
+// GetSASURI creates an URL to the specified queue which contains the Shared
+// Access Signature with specified permissions and expiration time.
+//
+// See https://docs.microsoft.com/en-us/rest/api/storageservices/constructing-a-service-sas
+func (q *Queue) GetSASURI(options QueueSASOptions) (string, error) {
+	canonicalizedResource, err := q.qsc.client.buildCanonicalizedResource(q.buildPath(), q.qsc.auth, true)
+	if err != nil {
+		return "", err
+	}
+
+	// "The canonicalizedresouce portion of the string is a canonical path to the signed resource.
+	// It must include the service name (blob, table, queue or file) for version 2015-02-21 or
+	// later, the storage account name, and the resource name, and must be URL-decoded.
+	// -- https://msdn.microsoft.com/en-us/library/azure/dn140255.aspx
+	// We need to replace + with %2b first to avoid being treated as a space (which is correct for query strings, but not the path component).
+	canonicalizedResource = strings.Replace(canonicalizedResource, "+", "%2b", -1)
+	canonicalizedResource, err = url.QueryUnescape(canonicalizedResource)
+	if err != nil {
+		return "", err
+	}
+
+	signedStart := ""
+	if options.Start != (time.Time{}) {
+		signedStart = options.Start.UTC().Format(time.RFC3339)
+	}
+	signedExpiry := options.Expiry.UTC().Format(time.RFC3339)
+
+	protocols := "https,http"
+	if options.UseHTTPS {
+		protocols = "https"
+	}
+
+	permissions := options.QueueSASPermissions.buildString()
+	stringToSign, err := queueSASStringToSign(q.qsc.client.apiVersion, canonicalizedResource, signedStart, signedExpiry, options.IP, permissions, protocols, options.Identifier)
+	if err != nil {
+		return "", err
+	}
+
+	sig := q.qsc.client.computeHmac256(stringToSign)
+	sasParams := url.Values{
+		"sv":  {q.qsc.client.apiVersion},
+		"se":  {signedExpiry},
+		"sp":  {permissions},
+		"sig": {sig},
+	}
+
+	if q.qsc.client.apiVersion >= "2015-04-05" {
+		sasParams.Add("spr", protocols)
+		addQueryParameter(sasParams, "sip", options.IP)
+	}
+
+	uri := q.qsc.client.getEndpoint(queueServiceName, q.buildPath(), nil)
+	sasURL, err := url.Parse(uri)
+	if err != nil {
+		return "", err
+	}
+	sasURL.RawQuery = sasParams.Encode()
+	return sasURL.String(), nil
+}
+
+func queueSASStringToSign(signedVersion, canonicalizedResource, signedStart, signedExpiry, signedIP, signedPermissions, protocols, signedIdentifier string) (string, error) {
+
+	if signedVersion >= "2015-02-21" {
+		canonicalizedResource = "/queue" + canonicalizedResource
+	}
+
+	// https://msdn.microsoft.com/en-us/library/azure/dn140255.aspx#Anchor_12
+	if signedVersion >= "2015-04-05" {
+		return fmt.Sprintf("%s\n%s\n%s\n%s\n%s\n%s\n%s\n%s",
+			signedPermissions,
+			signedStart,
+			signedExpiry,
+			canonicalizedResource,
+			signedIdentifier,
+			signedIP,
+			protocols,
+			signedVersion), nil
+
+	}
+
+	// reference: http://msdn.microsoft.com/en-us/library/azure/dn140255.aspx
+	if signedVersion >= "2013-08-15" {
+		return fmt.Sprintf("%s\n%s\n%s\n%s\n%s\n%s", signedPermissions, signedStart, signedExpiry, canonicalizedResource, signedIdentifier, signedVersion), nil
+	}
+
+	return "", errors.New("storage: not implemented SAS for versions earlier than 2013-08-15")
+}
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/storage/queueserviceclient.go b/vendor/github.com/Azure/azure-sdk-for-go/storage/queueserviceclient.go
new file mode 100644
index 000000000..752701c3b
--- /dev/null
+++ b/vendor/github.com/Azure/azure-sdk-for-go/storage/queueserviceclient.go
@@ -0,0 +1,31 @@
+package storage
+
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License. See License.txt in the project root for license information.
+
+// QueueServiceClient contains operations for Microsoft Azure Queue Storage
+// Service.
+type QueueServiceClient struct {
+	client Client
+	auth   authentication
+}
+
+// GetServiceProperties gets the properties of your storage account's queue service.
+// See: https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/get-queue-service-properties
+func (q *QueueServiceClient) GetServiceProperties() (*ServiceProperties, error) {
+	return q.client.getServiceProperties(queueServiceName, q.auth)
+}
+
+// SetServiceProperties sets the properties of your storage account's queue service.
+// See: https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/set-queue-service-properties
+func (q *QueueServiceClient) SetServiceProperties(props ServiceProperties) error {
+	return q.client.setServiceProperties(props, queueServiceName, q.auth)
+}
+
+// GetQueueReference returns a Container object for the specified queue name.
+func (q *QueueServiceClient) GetQueueReference(name string) *Queue {
+	return &Queue{
+		qsc:  q,
+		Name: name,
+	}
+}
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/storage/share.go b/vendor/github.com/Azure/azure-sdk-for-go/storage/share.go
new file mode 100644
index 000000000..30f7c1435
--- /dev/null
+++ b/vendor/github.com/Azure/azure-sdk-for-go/storage/share.go
@@ -0,0 +1,205 @@
+package storage
+
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License. See License.txt in the project root for license information.
+
+import (
+	"fmt"
+	"net/http"
+	"net/url"
+	"strconv"
+)
+
+// Share represents an Azure file share.
+type Share struct {
+	fsc        *FileServiceClient
+	Name       string          `xml:"Name"`
+	Properties ShareProperties `xml:"Properties"`
+	Metadata   map[string]string
+}
+
+// ShareProperties contains various properties of a share.
+type ShareProperties struct {
+	LastModified string `xml:"Last-Modified"`
+	Etag         string `xml:"Etag"`
+	Quota        int    `xml:"Quota"`
+}
+
+// builds the complete path for this share object.
+func (s *Share) buildPath() string {
+	return fmt.Sprintf("/%s", s.Name)
+}
+
+// Create this share under the associated account.
+// If a share with the same name already exists, the operation fails.
+//
+// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/Create-Share
+func (s *Share) Create(options *FileRequestOptions) error {
+	extraheaders := map[string]string{}
+	if s.Properties.Quota > 0 {
+		extraheaders["x-ms-share-quota"] = strconv.Itoa(s.Properties.Quota)
+	}
+
+	params := prepareOptions(options)
+	headers, err := s.fsc.createResource(s.buildPath(), resourceShare, params, mergeMDIntoExtraHeaders(s.Metadata, extraheaders), []int{http.StatusCreated})
+	if err != nil {
+		return err
+	}
+
+	s.updateEtagAndLastModified(headers)
+	return nil
+}
+
+// CreateIfNotExists creates this share under the associated account if
+// it does not exist. Returns true if the share is newly created or false if
+// the share already exists.
+//
+// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/Create-Share
+func (s *Share) CreateIfNotExists(options *FileRequestOptions) (bool, error) {
+	extraheaders := map[string]string{}
+	if s.Properties.Quota > 0 {
+		extraheaders["x-ms-share-quota"] = strconv.Itoa(s.Properties.Quota)
+	}
+
+	params := prepareOptions(options)
+	resp, err := s.fsc.createResourceNoClose(s.buildPath(), resourceShare, params, extraheaders)
+	if resp != nil {
+		defer drainRespBody(resp)
+		if resp.StatusCode == http.StatusCreated || resp.StatusCode == http.StatusConflict {
+			if resp.StatusCode == http.StatusCreated {
+				s.updateEtagAndLastModified(resp.Header)
+				return true, nil
+			}
+			return false, s.FetchAttributes(nil)
+		}
+	}
+
+	return false, err
+}
+
+// Delete marks this share for deletion. The share along with any files
+// and directories contained within it are later deleted during garbage
+// collection.  If the share does not exist the operation fails
+//
+// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/Delete-Share
+func (s *Share) Delete(options *FileRequestOptions) error {
+	return s.fsc.deleteResource(s.buildPath(), resourceShare, options)
+}
+
+// DeleteIfExists operation marks this share for deletion if it exists.
+//
+// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/Delete-Share
+func (s *Share) DeleteIfExists(options *FileRequestOptions) (bool, error) {
+	resp, err := s.fsc.deleteResourceNoClose(s.buildPath(), resourceShare, options)
+	if resp != nil {
+		defer drainRespBody(resp)
+		if resp.StatusCode == http.StatusAccepted || resp.StatusCode == http.StatusNotFound {
+			return resp.StatusCode == http.StatusAccepted, nil
+		}
+	}
+	return false, err
+}
+
+// Exists returns true if this share already exists
+// on the storage account, otherwise returns false.
+func (s *Share) Exists() (bool, error) {
+	exists, headers, err := s.fsc.resourceExists(s.buildPath(), resourceShare)
+	if exists {
+		s.updateEtagAndLastModified(headers)
+		s.updateQuota(headers)
+	}
+	return exists, err
+}
+
+// FetchAttributes retrieves metadata and properties for this share.
+// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/get-share-properties
+func (s *Share) FetchAttributes(options *FileRequestOptions) error {
+	params := prepareOptions(options)
+	headers, err := s.fsc.getResourceHeaders(s.buildPath(), compNone, resourceShare, params, http.MethodHead)
+	if err != nil {
+		return err
+	}
+
+	s.updateEtagAndLastModified(headers)
+	s.updateQuota(headers)
+	s.Metadata = getMetadataFromHeaders(headers)
+
+	return nil
+}
+
+// GetRootDirectoryReference returns a Directory object at the root of this share.
+func (s *Share) GetRootDirectoryReference() *Directory {
+	return &Directory{
+		fsc:   s.fsc,
+		share: s,
+	}
+}
+
+// ServiceClient returns the FileServiceClient associated with this share.
+func (s *Share) ServiceClient() *FileServiceClient {
+	return s.fsc
+}
+
+// SetMetadata replaces the metadata for this share.
+//
+// Some keys may be converted to Camel-Case before sending. All keys
+// are returned in lower case by GetShareMetadata. HTTP header names
+// are case-insensitive so case munging should not matter to other
+// applications either.
+//
+// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/set-share-metadata
+func (s *Share) SetMetadata(options *FileRequestOptions) error {
+	headers, err := s.fsc.setResourceHeaders(s.buildPath(), compMetadata, resourceShare, mergeMDIntoExtraHeaders(s.Metadata, nil), options)
+	if err != nil {
+		return err
+	}
+
+	s.updateEtagAndLastModified(headers)
+	return nil
+}
+
+// SetProperties sets system properties for this share.
+//
+// Some keys may be converted to Camel-Case before sending. All keys
+// are returned in lower case by SetShareProperties. HTTP header names
+// are case-insensitive so case munging should not matter to other
+// applications either.
+//
+// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/Set-Share-Properties
+func (s *Share) SetProperties(options *FileRequestOptions) error {
+	extraheaders := map[string]string{}
+	if s.Properties.Quota > 0 {
+		if s.Properties.Quota > 5120 {
+			return fmt.Errorf("invalid value %v for quota, valid values are [1, 5120]", s.Properties.Quota)
+		}
+		extraheaders["x-ms-share-quota"] = strconv.Itoa(s.Properties.Quota)
+	}
+
+	headers, err := s.fsc.setResourceHeaders(s.buildPath(), compProperties, resourceShare, extraheaders, options)
+	if err != nil {
+		return err
+	}
+
+	s.updateEtagAndLastModified(headers)
+	return nil
+}
+
+// updates Etag and last modified date
+func (s *Share) updateEtagAndLastModified(headers http.Header) {
+	s.Properties.Etag = headers.Get("Etag")
+	s.Properties.LastModified = headers.Get("Last-Modified")
+}
+
+// updates quota value
+func (s *Share) updateQuota(headers http.Header) {
+	quota, err := strconv.Atoi(headers.Get("x-ms-share-quota"))
+	if err == nil {
+		s.Properties.Quota = quota
+	}
+}
+
+// URL gets the canonical URL to this share. This method does not create a publicly accessible
+// URL if the share is private and this method does not check if the share exists.
+func (s *Share) URL() string {
+	return s.fsc.client.getEndpoint(fileServiceName, s.buildPath(), url.Values{})
+}
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/storage/storagepolicy.go b/vendor/github.com/Azure/azure-sdk-for-go/storage/storagepolicy.go
new file mode 100644
index 000000000..35d13670c
--- /dev/null
+++ b/vendor/github.com/Azure/azure-sdk-for-go/storage/storagepolicy.go
@@ -0,0 +1,50 @@
+package storage
+
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License. See License.txt in the project root for license information.
+
+import (
+	"strings"
+	"time"
+)
+
+// AccessPolicyDetailsXML has specifics about an access policy
+// annotated with XML details.
+type AccessPolicyDetailsXML struct {
+	StartTime  time.Time `xml:"Start"`
+	ExpiryTime time.Time `xml:"Expiry"`
+	Permission string    `xml:"Permission"`
+}
+
+// SignedIdentifier is a wrapper for a specific policy
+type SignedIdentifier struct {
+	ID           string                 `xml:"Id"`
+	AccessPolicy AccessPolicyDetailsXML `xml:"AccessPolicy"`
+}
+
+// SignedIdentifiers part of the response from GetPermissions call.
+type SignedIdentifiers struct {
+	SignedIdentifiers []SignedIdentifier `xml:"SignedIdentifier"`
+}
+
+// AccessPolicy is the response type from the GetPermissions call.
+type AccessPolicy struct {
+	SignedIdentifiersList SignedIdentifiers `xml:"SignedIdentifiers"`
+}
+
+// convertAccessPolicyToXMLStructs converts between AccessPolicyDetails which is a struct better for API usage to the
+// AccessPolicy struct which will get converted to XML.
+func convertAccessPolicyToXMLStructs(id string, startTime time.Time, expiryTime time.Time, permissions string) SignedIdentifier {
+	return SignedIdentifier{
+		ID: id,
+		AccessPolicy: AccessPolicyDetailsXML{
+			StartTime:  startTime.UTC().Round(time.Second),
+			ExpiryTime: expiryTime.UTC().Round(time.Second),
+			Permission: permissions,
+		},
+	}
+}
+
+func updatePermissions(permissions, permission string) bool {
+	return strings.Contains(permissions, permission)
+}
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/storage/storageservice.go b/vendor/github.com/Azure/azure-sdk-for-go/storage/storageservice.go
new file mode 100644
index 000000000..d139db776
--- /dev/null
+++ b/vendor/github.com/Azure/azure-sdk-for-go/storage/storageservice.go
@@ -0,0 +1,139 @@
+package storage
+
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License. See License.txt in the project root for license information.
+
+import (
+	"net/http"
+	"net/url"
+	"strconv"
+)
+
+// ServiceProperties represents the storage account service properties
+type ServiceProperties struct {
+	Logging               *Logging
+	HourMetrics           *Metrics
+	MinuteMetrics         *Metrics
+	Cors                  *Cors
+	DeleteRetentionPolicy *RetentionPolicy // blob storage only
+	StaticWebsite         *StaticWebsite   // blob storage only
+}
+
+// Logging represents the Azure Analytics Logging settings
+type Logging struct {
+	Version         string
+	Delete          bool
+	Read            bool
+	Write           bool
+	RetentionPolicy *RetentionPolicy
+}
+
+// RetentionPolicy indicates if retention is enabled and for how many days
+type RetentionPolicy struct {
+	Enabled bool
+	Days    *int
+}
+
+// Metrics provide request statistics.
+type Metrics struct {
+	Version         string
+	Enabled         bool
+	IncludeAPIs     *bool
+	RetentionPolicy *RetentionPolicy
+}
+
+// Cors includes all the CORS rules
+type Cors struct {
+	CorsRule []CorsRule
+}
+
+// CorsRule includes all settings for a Cors rule
+type CorsRule struct {
+	AllowedOrigins  string
+	AllowedMethods  string
+	MaxAgeInSeconds int
+	ExposedHeaders  string
+	AllowedHeaders  string
+}
+
+// StaticWebsite - The properties that enable an account to host a static website
+type StaticWebsite struct {
+	// Enabled - Indicates whether this account is hosting a static website
+	Enabled bool
+	// IndexDocument - The default name of the index page under each directory
+	IndexDocument *string
+	// ErrorDocument404Path - The absolute path of the custom 404 page
+	ErrorDocument404Path *string
+}
+
+func (c Client) getServiceProperties(service string, auth authentication) (*ServiceProperties, error) {
+	query := url.Values{
+		"restype": {"service"},
+		"comp":    {"properties"},
+	}
+	uri := c.getEndpoint(service, "", query)
+	headers := c.getStandardHeaders()
+
+	resp, err := c.exec(http.MethodGet, uri, headers, nil, auth)
+	if err != nil {
+		return nil, err
+	}
+	defer resp.Body.Close()
+
+	if err := checkRespCode(resp, []int{http.StatusOK}); err != nil {
+		return nil, err
+	}
+
+	var out ServiceProperties
+	err = xmlUnmarshal(resp.Body, &out)
+	if err != nil {
+		return nil, err
+	}
+
+	return &out, nil
+}
+
+func (c Client) setServiceProperties(props ServiceProperties, service string, auth authentication) error {
+	query := url.Values{
+		"restype": {"service"},
+		"comp":    {"properties"},
+	}
+	uri := c.getEndpoint(service, "", query)
+
+	// Ideally, StorageServiceProperties would be the output struct
+	// This is to avoid golint stuttering, while generating the correct XML
+	type StorageServiceProperties struct {
+		Logging               *Logging
+		HourMetrics           *Metrics
+		MinuteMetrics         *Metrics
+		Cors                  *Cors
+		DeleteRetentionPolicy *RetentionPolicy
+		StaticWebsite         *StaticWebsite
+	}
+	input := StorageServiceProperties{
+		Logging:       props.Logging,
+		HourMetrics:   props.HourMetrics,
+		MinuteMetrics: props.MinuteMetrics,
+		Cors:          props.Cors,
+	}
+	// only set these fields for blob storage else it's invalid XML
+	if service == blobServiceName {
+		input.DeleteRetentionPolicy = props.DeleteRetentionPolicy
+		input.StaticWebsite = props.StaticWebsite
+	}
+
+	body, length, err := xmlMarshal(input)
+	if err != nil {
+		return err
+	}
+
+	headers := c.getStandardHeaders()
+	headers["Content-Length"] = strconv.Itoa(length)
+
+	resp, err := c.exec(http.MethodPut, uri, headers, body, auth)
+	if err != nil {
+		return err
+	}
+	defer drainRespBody(resp)
+	return checkRespCode(resp, []int{http.StatusAccepted})
+}
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/storage/table.go b/vendor/github.com/Azure/azure-sdk-for-go/storage/table.go
new file mode 100644
index 000000000..fc8631ee2
--- /dev/null
+++ b/vendor/github.com/Azure/azure-sdk-for-go/storage/table.go
@@ -0,0 +1,412 @@
+package storage
+
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License. See License.txt in the project root for license information.
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"net/http"
+	"net/url"
+	"strconv"
+	"strings"
+	"time"
+)
+
+const (
+	tablesURIPath                  = "/Tables"
+	nextTableQueryParameter        = "NextTableName"
+	headerNextPartitionKey         = "x-ms-continuation-NextPartitionKey"
+	headerNextRowKey               = "x-ms-continuation-NextRowKey"
+	nextPartitionKeyQueryParameter = "NextPartitionKey"
+	nextRowKeyQueryParameter       = "NextRowKey"
+)
+
+// TableAccessPolicy are used for SETTING table policies
+type TableAccessPolicy struct {
+	ID         string
+	StartTime  time.Time
+	ExpiryTime time.Time
+	CanRead    bool
+	CanAppend  bool
+	CanUpdate  bool
+	CanDelete  bool
+}
+
+// Table represents an Azure table.
+type Table struct {
+	tsc           *TableServiceClient
+	Name          string `json:"TableName"`
+	OdataEditLink string `json:"odata.editLink"`
+	OdataID       string `json:"odata.id"`
+	OdataMetadata string `json:"odata.metadata"`
+	OdataType     string `json:"odata.type"`
+}
+
+// EntityQueryResult contains the response from
+// ExecuteQuery and ExecuteQueryNextResults functions.
+type EntityQueryResult struct {
+	OdataMetadata string    `json:"odata.metadata"`
+	Entities      []*Entity `json:"value"`
+	QueryNextLink
+	table *Table
+}
+
+type continuationToken struct {
+	NextPartitionKey string
+	NextRowKey       string
+}
+
+func (t *Table) buildPath() string {
+	return fmt.Sprintf("/%s", t.Name)
+}
+
+func (t *Table) buildSpecificPath() string {
+	return fmt.Sprintf("%s('%s')", tablesURIPath, t.Name)
+}
+
+// Get gets the referenced table.
+// See: https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/querying-tables-and-entities
+func (t *Table) Get(timeout uint, ml MetadataLevel) error {
+	if ml == EmptyPayload {
+		return errEmptyPayload
+	}
+
+	query := url.Values{
+		"timeout": {strconv.FormatUint(uint64(timeout), 10)},
+	}
+	headers := t.tsc.client.getStandardHeaders()
+	headers[headerAccept] = string(ml)
+
+	uri := t.tsc.client.getEndpoint(tableServiceName, t.buildSpecificPath(), query)
+	resp, err := t.tsc.client.exec(http.MethodGet, uri, headers, nil, t.tsc.auth)
+	if err != nil {
+		return err
+	}
+	defer resp.Body.Close()
+
+	if err = checkRespCode(resp, []int{http.StatusOK}); err != nil {
+		return err
+	}
+
+	respBody, err := ioutil.ReadAll(resp.Body)
+	if err != nil {
+		return err
+	}
+	err = json.Unmarshal(respBody, t)
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
+// Create creates the referenced table.
+// This function fails if the name is not compliant
+// with the specification or the tables already exists.
+// ml determines the level of detail of metadata in the operation response,
+// or no data at all.
+// See https://docs.microsoft.com/rest/api/storageservices/fileservices/create-table
+func (t *Table) Create(timeout uint, ml MetadataLevel, options *TableOptions) error {
+	uri := t.tsc.client.getEndpoint(tableServiceName, tablesURIPath, url.Values{
+		"timeout": {strconv.FormatUint(uint64(timeout), 10)},
+	})
+
+	type createTableRequest struct {
+		TableName string `json:"TableName"`
+	}
+	req := createTableRequest{TableName: t.Name}
+	buf := new(bytes.Buffer)
+	if err := json.NewEncoder(buf).Encode(req); err != nil {
+		return err
+	}
+
+	headers := t.tsc.client.getStandardHeaders()
+	headers = addReturnContentHeaders(headers, ml)
+	headers = addBodyRelatedHeaders(headers, buf.Len())
+	headers = options.addToHeaders(headers)
+
+	resp, err := t.tsc.client.exec(http.MethodPost, uri, headers, buf, t.tsc.auth)
+	if err != nil {
+		return err
+	}
+	defer resp.Body.Close()
+
+	if ml == EmptyPayload {
+		if err := checkRespCode(resp, []int{http.StatusNoContent}); err != nil {
+			return err
+		}
+	} else {
+		if err := checkRespCode(resp, []int{http.StatusCreated}); err != nil {
+			return err
+		}
+	}
+
+	if ml != EmptyPayload {
+		data, err := ioutil.ReadAll(resp.Body)
+		if err != nil {
+			return err
+		}
+		err = json.Unmarshal(data, t)
+		if err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+// Delete deletes the referenced table.
+// This function fails if the table is not present.
+// Be advised: Delete deletes all the entries that may be present.
+// See https://docs.microsoft.com/rest/api/storageservices/fileservices/delete-table
+func (t *Table) Delete(timeout uint, options *TableOptions) error {
+	uri := t.tsc.client.getEndpoint(tableServiceName, t.buildSpecificPath(), url.Values{
+		"timeout": {strconv.Itoa(int(timeout))},
+	})
+
+	headers := t.tsc.client.getStandardHeaders()
+	headers = addReturnContentHeaders(headers, EmptyPayload)
+	headers = options.addToHeaders(headers)
+
+	resp, err := t.tsc.client.exec(http.MethodDelete, uri, headers, nil, t.tsc.auth)
+	if err != nil {
+		return err
+	}
+	defer drainRespBody(resp)
+
+	return checkRespCode(resp, []int{http.StatusNoContent})
+}
+
+// QueryOptions includes options for a query entities operation.
+// Top, filter and select are OData query options.
+type QueryOptions struct {
+	Top       uint
+	Filter    string
+	Select    []string
+	RequestID string
+}
+
+func (options *QueryOptions) getParameters() (url.Values, map[string]string) {
+	query := url.Values{}
+	headers := map[string]string{}
+	if options != nil {
+		if options.Top > 0 {
+			query.Add(OdataTop, strconv.FormatUint(uint64(options.Top), 10))
+		}
+		if options.Filter != "" {
+			query.Add(OdataFilter, options.Filter)
+		}
+		if len(options.Select) > 0 {
+			query.Add(OdataSelect, strings.Join(options.Select, ","))
+		}
+		headers = addToHeaders(headers, "x-ms-client-request-id", options.RequestID)
+	}
+	return query, headers
+}
+
+// QueryEntities returns the entities in the table.
+// You can use query options defined by the OData Protocol specification.
+//
+// See: https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/query-entities
+func (t *Table) QueryEntities(timeout uint, ml MetadataLevel, options *QueryOptions) (*EntityQueryResult, error) {
+	if ml == EmptyPayload {
+		return nil, errEmptyPayload
+	}
+	query, headers := options.getParameters()
+	query = addTimeout(query, timeout)
+	uri := t.tsc.client.getEndpoint(tableServiceName, t.buildPath(), query)
+	return t.queryEntities(uri, headers, ml)
+}
+
+// NextResults returns the next page of results
+// from a QueryEntities or NextResults operation.
+//
+// See: https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/query-entities
+// See https://docs.microsoft.com/rest/api/storageservices/fileservices/query-timeout-and-pagination
+func (eqr *EntityQueryResult) NextResults(options *TableOptions) (*EntityQueryResult, error) {
+	if eqr == nil {
+		return nil, errNilPreviousResult
+	}
+	if eqr.NextLink == nil {
+		return nil, errNilNextLink
+	}
+	headers := options.addToHeaders(map[string]string{})
+	return eqr.table.queryEntities(*eqr.NextLink, headers, eqr.ml)
+}
+
+// SetPermissions sets up table ACL permissions
+// See https://docs.microsoft.com/rest/api/storageservices/fileservices/Set-Table-ACL
+func (t *Table) SetPermissions(tap []TableAccessPolicy, timeout uint, options *TableOptions) error {
+	params := url.Values{"comp": {"acl"},
+		"timeout": {strconv.Itoa(int(timeout))},
+	}
+
+	uri := t.tsc.client.getEndpoint(tableServiceName, t.Name, params)
+	headers := t.tsc.client.getStandardHeaders()
+	headers = options.addToHeaders(headers)
+
+	body, length, err := generateTableACLPayload(tap)
+	if err != nil {
+		return err
+	}
+	headers["Content-Length"] = strconv.Itoa(length)
+
+	resp, err := t.tsc.client.exec(http.MethodPut, uri, headers, body, t.tsc.auth)
+	if err != nil {
+		return err
+	}
+	defer drainRespBody(resp)
+
+	return checkRespCode(resp, []int{http.StatusNoContent})
+}
+
+func generateTableACLPayload(policies []TableAccessPolicy) (io.Reader, int, error) {
+	sil := SignedIdentifiers{
+		SignedIdentifiers: []SignedIdentifier{},
+	}
+	for _, tap := range policies {
+		permission := generateTablePermissions(&tap)
+		signedIdentifier := convertAccessPolicyToXMLStructs(tap.ID, tap.StartTime, tap.ExpiryTime, permission)
+		sil.SignedIdentifiers = append(sil.SignedIdentifiers, signedIdentifier)
+	}
+	return xmlMarshal(sil)
+}
+
+// GetPermissions gets the table ACL permissions
+// See https://docs.microsoft.com/rest/api/storageservices/fileservices/get-table-acl
+func (t *Table) GetPermissions(timeout int, options *TableOptions) ([]TableAccessPolicy, error) {
+	params := url.Values{"comp": {"acl"},
+		"timeout": {strconv.Itoa(int(timeout))},
+	}
+
+	uri := t.tsc.client.getEndpoint(tableServiceName, t.Name, params)
+	headers := t.tsc.client.getStandardHeaders()
+	headers = options.addToHeaders(headers)
+
+	resp, err := t.tsc.client.exec(http.MethodGet, uri, headers, nil, t.tsc.auth)
+	if err != nil {
+		return nil, err
+	}
+	defer resp.Body.Close()
+
+	if err = checkRespCode(resp, []int{http.StatusOK}); err != nil {
+		return nil, err
+	}
+
+	var ap AccessPolicy
+	err = xmlUnmarshal(resp.Body, &ap.SignedIdentifiersList)
+	if err != nil {
+		return nil, err
+	}
+	return updateTableAccessPolicy(ap), nil
+}
+
+func (t *Table) queryEntities(uri string, headers map[string]string, ml MetadataLevel) (*EntityQueryResult, error) {
+	headers = mergeHeaders(headers, t.tsc.client.getStandardHeaders())
+	if ml != EmptyPayload {
+		headers[headerAccept] = string(ml)
+	}
+
+	resp, err := t.tsc.client.exec(http.MethodGet, uri, headers, nil, t.tsc.auth)
+	if err != nil {
+		return nil, err
+	}
+	defer resp.Body.Close()
+
+	if err = checkRespCode(resp, []int{http.StatusOK}); err != nil {
+		return nil, err
+	}
+
+	data, err := ioutil.ReadAll(resp.Body)
+	if err != nil {
+		return nil, err
+	}
+	var entities EntityQueryResult
+	err = json.Unmarshal(data, &entities)
+	if err != nil {
+		return nil, err
+	}
+
+	for i := range entities.Entities {
+		entities.Entities[i].Table = t
+	}
+	entities.table = t
+
+	contToken := extractContinuationTokenFromHeaders(resp.Header)
+	if contToken == nil {
+		entities.NextLink = nil
+	} else {
+		originalURI, err := url.Parse(uri)
+		if err != nil {
+			return nil, err
+		}
+		v := originalURI.Query()
+		if contToken.NextPartitionKey != "" {
+			v.Set(nextPartitionKeyQueryParameter, contToken.NextPartitionKey)
+		}
+		if contToken.NextRowKey != "" {
+			v.Set(nextRowKeyQueryParameter, contToken.NextRowKey)
+		}
+		newURI := t.tsc.client.getEndpoint(tableServiceName, t.buildPath(), v)
+		entities.NextLink = &newURI
+		entities.ml = ml
+	}
+
+	return &entities, nil
+}
+
+func extractContinuationTokenFromHeaders(h http.Header) *continuationToken {
+	ct := continuationToken{
+		NextPartitionKey: h.Get(headerNextPartitionKey),
+		NextRowKey:       h.Get(headerNextRowKey),
+	}
+
+	if ct.NextPartitionKey != "" || ct.NextRowKey != "" {
+		return &ct
+	}
+	return nil
+}
+
+func updateTableAccessPolicy(ap AccessPolicy) []TableAccessPolicy {
+	taps := []TableAccessPolicy{}
+	for _, policy := range ap.SignedIdentifiersList.SignedIdentifiers {
+		tap := TableAccessPolicy{
+			ID:         policy.ID,
+			StartTime:  policy.AccessPolicy.StartTime,
+			ExpiryTime: policy.AccessPolicy.ExpiryTime,
+		}
+		tap.CanRead = updatePermissions(policy.AccessPolicy.Permission, "r")
+		tap.CanAppend = updatePermissions(policy.AccessPolicy.Permission, "a")
+		tap.CanUpdate = updatePermissions(policy.AccessPolicy.Permission, "u")
+		tap.CanDelete = updatePermissions(policy.AccessPolicy.Permission, "d")
+
+		taps = append(taps, tap)
+	}
+	return taps
+}
+
+func generateTablePermissions(tap *TableAccessPolicy) (permissions string) {
+	// generate the permissions string (raud).
+	// still want the end user API to have bool flags.
+	permissions = ""
+
+	if tap.CanRead {
+		permissions += "r"
+	}
+
+	if tap.CanAppend {
+		permissions += "a"
+	}
+
+	if tap.CanUpdate {
+		permissions += "u"
+	}
+
+	if tap.CanDelete {
+		permissions += "d"
+	}
+	return permissions
+}
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/storage/table_batch.go b/vendor/github.com/Azure/azure-sdk-for-go/storage/table_batch.go
new file mode 100644
index 000000000..b5aaefe47
--- /dev/null
+++ b/vendor/github.com/Azure/azure-sdk-for-go/storage/table_batch.go
@@ -0,0 +1,314 @@
+package storage
+
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License. See License.txt in the project root for license information.
+
+import (
+	"bytes"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"io"
+	"mime/multipart"
+	"net/http"
+	"net/textproto"
+	"sort"
+	"strings"
+)
+
+// Operation type. Insert, Delete, Replace etc.
+type Operation int
+
+// consts for batch operations.
+const (
+	InsertOp          = Operation(1)
+	DeleteOp          = Operation(2)
+	ReplaceOp         = Operation(3)
+	MergeOp           = Operation(4)
+	InsertOrReplaceOp = Operation(5)
+	InsertOrMergeOp   = Operation(6)
+)
+
+// BatchEntity used for tracking Entities to operate on and
+// whether operations (replace/merge etc) should be forced.
+// Wrapper for regular Entity with additional data specific for the entity.
+type BatchEntity struct {
+	*Entity
+	Force bool
+	Op    Operation
+}
+
+// TableBatch stores all the entities that will be operated on during a batch process.
+// Entities can be inserted, replaced or deleted.
+type TableBatch struct {
+	BatchEntitySlice []BatchEntity
+
+	// reference to table we're operating on.
+	Table *Table
+}
+
+// defaultChangesetHeaders for changeSets
+var defaultChangesetHeaders = map[string]string{
+	"Accept":       "application/json;odata=minimalmetadata",
+	"Content-Type": "application/json",
+	"Prefer":       "return-no-content",
+}
+
+// NewBatch return new TableBatch for populating.
+func (t *Table) NewBatch() *TableBatch {
+	return &TableBatch{
+		Table: t,
+	}
+}
+
+// InsertEntity adds an entity in preparation for a batch insert.
+func (t *TableBatch) InsertEntity(entity *Entity) {
+	be := BatchEntity{Entity: entity, Force: false, Op: InsertOp}
+	t.BatchEntitySlice = append(t.BatchEntitySlice, be)
+}
+
+// InsertOrReplaceEntity adds an entity in preparation for a batch insert or replace.
+func (t *TableBatch) InsertOrReplaceEntity(entity *Entity, force bool) {
+	be := BatchEntity{Entity: entity, Force: false, Op: InsertOrReplaceOp}
+	t.BatchEntitySlice = append(t.BatchEntitySlice, be)
+}
+
+// InsertOrReplaceEntityByForce adds an entity in preparation for a batch insert or replace. Forces regardless of ETag
+func (t *TableBatch) InsertOrReplaceEntityByForce(entity *Entity) {
+	t.InsertOrReplaceEntity(entity, true)
+}
+
+// InsertOrMergeEntity adds an entity in preparation for a batch insert or merge.
+func (t *TableBatch) InsertOrMergeEntity(entity *Entity, force bool) {
+	be := BatchEntity{Entity: entity, Force: false, Op: InsertOrMergeOp}
+	t.BatchEntitySlice = append(t.BatchEntitySlice, be)
+}
+
+// InsertOrMergeEntityByForce adds an entity in preparation for a batch insert or merge. Forces regardless of ETag
+func (t *TableBatch) InsertOrMergeEntityByForce(entity *Entity) {
+	t.InsertOrMergeEntity(entity, true)
+}
+
+// ReplaceEntity adds an entity in preparation for a batch replace.
+func (t *TableBatch) ReplaceEntity(entity *Entity) {
+	be := BatchEntity{Entity: entity, Force: false, Op: ReplaceOp}
+	t.BatchEntitySlice = append(t.BatchEntitySlice, be)
+}
+
+// DeleteEntity adds an entity in preparation for a batch delete
+func (t *TableBatch) DeleteEntity(entity *Entity, force bool) {
+	be := BatchEntity{Entity: entity, Force: false, Op: DeleteOp}
+	t.BatchEntitySlice = append(t.BatchEntitySlice, be)
+}
+
+// DeleteEntityByForce adds an entity in preparation for a batch delete. Forces regardless of ETag
+func (t *TableBatch) DeleteEntityByForce(entity *Entity, force bool) {
+	t.DeleteEntity(entity, true)
+}
+
+// MergeEntity adds an entity in preparation for a batch merge
+func (t *TableBatch) MergeEntity(entity *Entity) {
+	be := BatchEntity{Entity: entity, Force: false, Op: MergeOp}
+	t.BatchEntitySlice = append(t.BatchEntitySlice, be)
+}
+
+// ExecuteBatch executes many table operations in one request to Azure.
+// The operations can be combinations of Insert, Delete, Replace and Merge
+// Creates the inner changeset body (various operations, Insert, Delete etc) then creates the outer request packet that encompasses
+// the changesets.
+// As per document https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/performing-entity-group-transactions
+func (t *TableBatch) ExecuteBatch() error {
+
+	id, err := newUUID()
+	if err != nil {
+		return err
+	}
+
+	changesetBoundary := fmt.Sprintf("changeset_%s", id.String())
+	uri := t.Table.tsc.client.getEndpoint(tableServiceName, "$batch", nil)
+	changesetBody, err := t.generateChangesetBody(changesetBoundary)
+	if err != nil {
+		return err
+	}
+
+	id, err = newUUID()
+	if err != nil {
+		return err
+	}
+
+	boundary := fmt.Sprintf("batch_%s", id.String())
+	body, err := generateBody(changesetBody, changesetBoundary, boundary)
+	if err != nil {
+		return err
+	}
+
+	headers := t.Table.tsc.client.getStandardHeaders()
+	headers[headerContentType] = fmt.Sprintf("multipart/mixed; boundary=%s", boundary)
+
+	resp, err := t.Table.tsc.client.execBatchOperationJSON(http.MethodPost, uri, headers, bytes.NewReader(body.Bytes()), t.Table.tsc.auth)
+	if err != nil {
+		return err
+	}
+	defer drainRespBody(resp.resp)
+
+	if err = checkRespCode(resp.resp, []int{http.StatusAccepted}); err != nil {
+
+		// check which batch failed.
+		operationFailedMessage := t.getFailedOperation(resp.odata.Err.Message.Value)
+		requestID, date, version := getDebugHeaders(resp.resp.Header)
+		return AzureStorageServiceError{
+			StatusCode: resp.resp.StatusCode,
+			Code:       resp.odata.Err.Code,
+			RequestID:  requestID,
+			Date:       date,
+			APIVersion: version,
+			Message:    operationFailedMessage,
+		}
+	}
+
+	return nil
+}
+
+// getFailedOperation parses the original Azure error string and determines which operation failed
+// and generates appropriate message.
+func (t *TableBatch) getFailedOperation(errorMessage string) string {
+	// errorMessage consists of "number:string" we just need the number.
+	sp := strings.Split(errorMessage, ":")
+	if len(sp) > 1 {
+		msg := fmt.Sprintf("Element %s in the batch returned an unexpected response code.\n%s", sp[0], errorMessage)
+		return msg
+	}
+
+	// cant parse the message, just return the original message to client
+	return errorMessage
+}
+
+// generateBody generates the complete body for the batch request.
+func generateBody(changeSetBody *bytes.Buffer, changesetBoundary string, boundary string) (*bytes.Buffer, error) {
+
+	body := new(bytes.Buffer)
+	writer := multipart.NewWriter(body)
+	writer.SetBoundary(boundary)
+	h := make(textproto.MIMEHeader)
+	h.Set(headerContentType, fmt.Sprintf("multipart/mixed; boundary=%s\r\n", changesetBoundary))
+	batchWriter, err := writer.CreatePart(h)
+	if err != nil {
+		return nil, err
+	}
+	batchWriter.Write(changeSetBody.Bytes())
+	writer.Close()
+	return body, nil
+}
+
+// generateChangesetBody generates the individual changesets for the various operations within the batch request.
+// There is a changeset for Insert, Delete, Merge etc.
+func (t *TableBatch) generateChangesetBody(changesetBoundary string) (*bytes.Buffer, error) {
+
+	body := new(bytes.Buffer)
+	writer := multipart.NewWriter(body)
+	writer.SetBoundary(changesetBoundary)
+
+	for _, be := range t.BatchEntitySlice {
+		t.generateEntitySubset(&be, writer)
+	}
+
+	writer.Close()
+	return body, nil
+}
+
+// generateVerb generates the HTTP request VERB required for each changeset.
+func generateVerb(op Operation) (string, error) {
+	switch op {
+	case InsertOp:
+		return http.MethodPost, nil
+	case DeleteOp:
+		return http.MethodDelete, nil
+	case ReplaceOp, InsertOrReplaceOp:
+		return http.MethodPut, nil
+	case MergeOp, InsertOrMergeOp:
+		return "MERGE", nil
+	default:
+		return "", errors.New("Unable to detect operation")
+	}
+}
+
+// generateQueryPath generates the query path for within the changesets
+// For inserts it will just be a table query path (table name)
+// but for other operations (modifying an existing entity) then
+// the partition/row keys need to be generated.
+func (t *TableBatch) generateQueryPath(op Operation, entity *Entity) string {
+	if op == InsertOp {
+		return entity.Table.buildPath()
+	}
+	return entity.buildPath()
+}
+
+// generateGenericOperationHeaders generates common headers for a given operation.
+func generateGenericOperationHeaders(be *BatchEntity) map[string]string {
+	retval := map[string]string{}
+
+	for k, v := range defaultChangesetHeaders {
+		retval[k] = v
+	}
+
+	if be.Op == DeleteOp || be.Op == ReplaceOp || be.Op == MergeOp {
+		if be.Force || be.Entity.OdataEtag == "" {
+			retval["If-Match"] = "*"
+		} else {
+			retval["If-Match"] = be.Entity.OdataEtag
+		}
+	}
+
+	return retval
+}
+
+// generateEntitySubset generates body payload for particular batch entity
+func (t *TableBatch) generateEntitySubset(batchEntity *BatchEntity, writer *multipart.Writer) error {
+
+	h := make(textproto.MIMEHeader)
+	h.Set(headerContentType, "application/http")
+	h.Set(headerContentTransferEncoding, "binary")
+
+	verb, err := generateVerb(batchEntity.Op)
+	if err != nil {
+		return err
+	}
+
+	genericOpHeadersMap := generateGenericOperationHeaders(batchEntity)
+	queryPath := t.generateQueryPath(batchEntity.Op, batchEntity.Entity)
+	uri := t.Table.tsc.client.getEndpoint(tableServiceName, queryPath, nil)
+
+	operationWriter, err := writer.CreatePart(h)
+	if err != nil {
+		return err
+	}
+
+	urlAndVerb := fmt.Sprintf("%s %s HTTP/1.1\r\n", verb, uri)
+	operationWriter.Write([]byte(urlAndVerb))
+	writeHeaders(genericOpHeadersMap, &operationWriter)
+	operationWriter.Write([]byte("\r\n")) // additional \r\n is needed per changeset separating the "headers" and the body.
+
+	// delete operation doesn't need a body.
+	if batchEntity.Op != DeleteOp {
+		//var e Entity = batchEntity.Entity
+		body, err := json.Marshal(batchEntity.Entity)
+		if err != nil {
+			return err
+		}
+		operationWriter.Write(body)
+	}
+
+	return nil
+}
+
+func writeHeaders(h map[string]string, writer *io.Writer) {
+	// This way it is guaranteed the headers will be written in a sorted order
+	var keys []string
+	for k := range h {
+		keys = append(keys, k)
+	}
+	sort.Strings(keys)
+	for _, k := range keys {
+		(*writer).Write([]byte(fmt.Sprintf("%s: %s\r\n", k, h[k])))
+	}
+}
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/storage/tableserviceclient.go b/vendor/github.com/Azure/azure-sdk-for-go/storage/tableserviceclient.go
new file mode 100644
index 000000000..8eccd5927
--- /dev/null
+++ b/vendor/github.com/Azure/azure-sdk-for-go/storage/tableserviceclient.go
@@ -0,0 +1,193 @@
+package storage
+
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License. See License.txt in the project root for license information.
+
+import (
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"net/url"
+	"strconv"
+)
+
+const (
+	headerAccept          = "Accept"
+	headerEtag            = "Etag"
+	headerPrefer          = "Prefer"
+	headerXmsContinuation = "x-ms-Continuation-NextTableName"
+)
+
+// TableServiceClient contains operations for Microsoft Azure Table Storage
+// Service.
+type TableServiceClient struct {
+	client Client
+	auth   authentication
+}
+
+// TableOptions includes options for some table operations
+type TableOptions struct {
+	RequestID string
+}
+
+func (options *TableOptions) addToHeaders(h map[string]string) map[string]string {
+	if options != nil {
+		h = addToHeaders(h, "x-ms-client-request-id", options.RequestID)
+	}
+	return h
+}
+
+// QueryNextLink includes information for getting the next page of
+// results in query operations
+type QueryNextLink struct {
+	NextLink *string
+	ml       MetadataLevel
+}
+
+// GetServiceProperties gets the properties of your storage account's table service.
+// See: https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/get-table-service-properties
+func (t *TableServiceClient) GetServiceProperties() (*ServiceProperties, error) {
+	return t.client.getServiceProperties(tableServiceName, t.auth)
+}
+
+// SetServiceProperties sets the properties of your storage account's table service.
+// See: https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/set-table-service-properties
+func (t *TableServiceClient) SetServiceProperties(props ServiceProperties) error {
+	return t.client.setServiceProperties(props, tableServiceName, t.auth)
+}
+
+// GetTableReference returns a Table object for the specified table name.
+func (t *TableServiceClient) GetTableReference(name string) *Table {
+	return &Table{
+		tsc:  t,
+		Name: name,
+	}
+}
+
+// QueryTablesOptions includes options for some table operations
+type QueryTablesOptions struct {
+	Top       uint
+	Filter    string
+	RequestID string
+}
+
+func (options *QueryTablesOptions) getParameters() (url.Values, map[string]string) {
+	query := url.Values{}
+	headers := map[string]string{}
+	if options != nil {
+		if options.Top > 0 {
+			query.Add(OdataTop, strconv.FormatUint(uint64(options.Top), 10))
+		}
+		if options.Filter != "" {
+			query.Add(OdataFilter, options.Filter)
+		}
+		headers = addToHeaders(headers, "x-ms-client-request-id", options.RequestID)
+	}
+	return query, headers
+}
+
+// QueryTables returns the tables in the storage account.
+// You can use query options defined by the OData Protocol specification.
+//
+// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/query-tables
+func (t *TableServiceClient) QueryTables(ml MetadataLevel, options *QueryTablesOptions) (*TableQueryResult, error) {
+	query, headers := options.getParameters()
+	uri := t.client.getEndpoint(tableServiceName, tablesURIPath, query)
+	return t.queryTables(uri, headers, ml)
+}
+
+// NextResults returns the next page of results
+// from a QueryTables or a NextResults operation.
+//
+// See https://docs.microsoft.com/rest/api/storageservices/fileservices/query-tables
+// See https://docs.microsoft.com/rest/api/storageservices/fileservices/query-timeout-and-pagination
+func (tqr *TableQueryResult) NextResults(options *TableOptions) (*TableQueryResult, error) {
+	if tqr == nil {
+		return nil, errNilPreviousResult
+	}
+	if tqr.NextLink == nil {
+		return nil, errNilNextLink
+	}
+	headers := options.addToHeaders(map[string]string{})
+
+	return tqr.tsc.queryTables(*tqr.NextLink, headers, tqr.ml)
+}
+
+// TableQueryResult contains the response from
+// QueryTables and QueryTablesNextResults functions.
+type TableQueryResult struct {
+	OdataMetadata string  `json:"odata.metadata"`
+	Tables        []Table `json:"value"`
+	QueryNextLink
+	tsc *TableServiceClient
+}
+
+func (t *TableServiceClient) queryTables(uri string, headers map[string]string, ml MetadataLevel) (*TableQueryResult, error) {
+	if ml == EmptyPayload {
+		return nil, errEmptyPayload
+	}
+	headers = mergeHeaders(headers, t.client.getStandardHeaders())
+	headers[headerAccept] = string(ml)
+
+	resp, err := t.client.exec(http.MethodGet, uri, headers, nil, t.auth)
+	if err != nil {
+		return nil, err
+	}
+	defer resp.Body.Close()
+
+	if err := checkRespCode(resp, []int{http.StatusOK}); err != nil {
+		return nil, err
+	}
+
+	respBody, err := ioutil.ReadAll(resp.Body)
+	if err != nil {
+		return nil, err
+	}
+	var out TableQueryResult
+	err = json.Unmarshal(respBody, &out)
+	if err != nil {
+		return nil, err
+	}
+
+	for i := range out.Tables {
+		out.Tables[i].tsc = t
+	}
+	out.tsc = t
+
+	nextLink := resp.Header.Get(http.CanonicalHeaderKey(headerXmsContinuation))
+	if nextLink == "" {
+		out.NextLink = nil
+	} else {
+		originalURI, err := url.Parse(uri)
+		if err != nil {
+			return nil, err
+		}
+		v := originalURI.Query()
+		v.Set(nextTableQueryParameter, nextLink)
+		newURI := t.client.getEndpoint(tableServiceName, tablesURIPath, v)
+		out.NextLink = &newURI
+		out.ml = ml
+	}
+
+	return &out, nil
+}
+
+func addBodyRelatedHeaders(h map[string]string, length int) map[string]string {
+	h[headerContentType] = "application/json"
+	h[headerContentLength] = fmt.Sprintf("%v", length)
+	h[headerAcceptCharset] = "UTF-8"
+	return h
+}
+
+func addReturnContentHeaders(h map[string]string, ml MetadataLevel) map[string]string {
+	if ml != EmptyPayload {
+		h[headerPrefer] = "return-content"
+		h[headerAccept] = string(ml)
+	} else {
+		h[headerPrefer] = "return-no-content"
+		// From API version 2015-12-11 onwards, Accept header is required
+		h[headerAccept] = string(NoMetadata)
+	}
+	return h
+}
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/storage/util.go b/vendor/github.com/Azure/azure-sdk-for-go/storage/util.go
new file mode 100644
index 000000000..47a871991
--- /dev/null
+++ b/vendor/github.com/Azure/azure-sdk-for-go/storage/util.go
@@ -0,0 +1,249 @@
+package storage
+
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License. See License.txt in the project root for license information.
+
+import (
+	"bytes"
+	"crypto/hmac"
+	"crypto/rand"
+	"crypto/sha256"
+	"encoding/base64"
+	"encoding/xml"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"net/http"
+	"net/url"
+	"reflect"
+	"strconv"
+	"strings"
+	"time"
+
+	"github.com/gofrs/uuid"
+)
+
+var (
+	fixedTime         = time.Date(2050, time.December, 20, 21, 55, 0, 0, time.FixedZone("GMT", -6))
+	accountSASOptions = AccountSASTokenOptions{
+		Services: Services{
+			Blob: true,
+		},
+		ResourceTypes: ResourceTypes{
+			Service:   true,
+			Container: true,
+			Object:    true,
+		},
+		Permissions: Permissions{
+			Read:    true,
+			Write:   true,
+			Delete:  true,
+			List:    true,
+			Add:     true,
+			Create:  true,
+			Update:  true,
+			Process: true,
+		},
+		Expiry:   fixedTime,
+		UseHTTPS: true,
+	}
+)
+
+func (c Client) computeHmac256(message string) string {
+	h := hmac.New(sha256.New, c.accountKey)
+	h.Write([]byte(message))
+	return base64.StdEncoding.EncodeToString(h.Sum(nil))
+}
+
+func currentTimeRfc1123Formatted() string {
+	return timeRfc1123Formatted(time.Now().UTC())
+}
+
+func timeRfc1123Formatted(t time.Time) string {
+	return t.Format(http.TimeFormat)
+}
+
+func timeRFC3339Formatted(t time.Time) string {
+	return t.Format("2006-01-02T15:04:05.0000000Z")
+}
+
+func mergeParams(v1, v2 url.Values) url.Values {
+	out := url.Values{}
+	for k, v := range v1 {
+		out[k] = v
+	}
+	for k, v := range v2 {
+		vals, ok := out[k]
+		if ok {
+			vals = append(vals, v...)
+			out[k] = vals
+		} else {
+			out[k] = v
+		}
+	}
+	return out
+}
+
+func prepareBlockListRequest(blocks []Block) string {
+	s := `<?xml version="1.0" encoding="utf-8"?><BlockList>`
+	for _, v := range blocks {
+		s += fmt.Sprintf("<%s>%s</%s>", v.Status, v.ID, v.Status)
+	}
+	s += `</BlockList>`
+	return s
+}
+
+func xmlUnmarshal(body io.Reader, v interface{}) error {
+	data, err := ioutil.ReadAll(body)
+	if err != nil {
+		return err
+	}
+	return xml.Unmarshal(data, v)
+}
+
+func xmlMarshal(v interface{}) (io.Reader, int, error) {
+	b, err := xml.Marshal(v)
+	if err != nil {
+		return nil, 0, err
+	}
+	return bytes.NewReader(b), len(b), nil
+}
+
+func headersFromStruct(v interface{}) map[string]string {
+	headers := make(map[string]string)
+	value := reflect.ValueOf(v)
+	for i := 0; i < value.NumField(); i++ {
+		key := value.Type().Field(i).Tag.Get("header")
+		if key != "" {
+			reflectedValue := reflect.Indirect(value.Field(i))
+			var val string
+			if reflectedValue.IsValid() {
+				switch reflectedValue.Type() {
+				case reflect.TypeOf(fixedTime):
+					val = timeRfc1123Formatted(reflectedValue.Interface().(time.Time))
+				case reflect.TypeOf(uint64(0)), reflect.TypeOf(uint(0)):
+					val = strconv.FormatUint(reflectedValue.Uint(), 10)
+				case reflect.TypeOf(int(0)):
+					val = strconv.FormatInt(reflectedValue.Int(), 10)
+				default:
+					val = reflectedValue.String()
+				}
+			}
+			if val != "" {
+				headers[key] = val
+			}
+		}
+	}
+	return headers
+}
+
+// merges extraHeaders into headers and returns headers
+func mergeHeaders(headers, extraHeaders map[string]string) map[string]string {
+	for k, v := range extraHeaders {
+		headers[k] = v
+	}
+	return headers
+}
+
+func addToHeaders(h map[string]string, key, value string) map[string]string {
+	if value != "" {
+		h[key] = value
+	}
+	return h
+}
+
+func addTimeToHeaders(h map[string]string, key string, value *time.Time) map[string]string {
+	if value != nil {
+		h = addToHeaders(h, key, timeRfc1123Formatted(*value))
+	}
+	return h
+}
+
+func addTimeout(params url.Values, timeout uint) url.Values {
+	if timeout > 0 {
+		params.Add("timeout", fmt.Sprintf("%v", timeout))
+	}
+	return params
+}
+
+func addSnapshot(params url.Values, snapshot *time.Time) url.Values {
+	if snapshot != nil {
+		params.Add("snapshot", timeRFC3339Formatted(*snapshot))
+	}
+	return params
+}
+
+func getTimeFromHeaders(h http.Header, key string) (*time.Time, error) {
+	var out time.Time
+	var err error
+	outStr := h.Get(key)
+	if outStr != "" {
+		out, err = time.Parse(time.RFC1123, outStr)
+		if err != nil {
+			return nil, err
+		}
+	}
+	return &out, nil
+}
+
+// TimeRFC1123 is an alias for time.Time needed for custom Unmarshalling
+type TimeRFC1123 time.Time
+
+// UnmarshalXML is a custom unmarshaller that overrides the default time unmarshal which uses a different time layout.
+func (t *TimeRFC1123) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error {
+	var value string
+	d.DecodeElement(&value, &start)
+	parse, err := time.Parse(time.RFC1123, value)
+	if err != nil {
+		return err
+	}
+	*t = TimeRFC1123(parse)
+	return nil
+}
+
+// MarshalXML marshals using time.RFC1123.
+func (t *TimeRFC1123) MarshalXML(e *xml.Encoder, start xml.StartElement) error {
+	return e.EncodeElement(time.Time(*t).Format(time.RFC1123), start)
+}
+
+// returns a map of custom metadata values from the specified HTTP header
+func getMetadataFromHeaders(header http.Header) map[string]string {
+	metadata := make(map[string]string)
+	for k, v := range header {
+		// Can't trust CanonicalHeaderKey() to munge case
+		// reliably. "_" is allowed in identifiers:
+		// https://msdn.microsoft.com/en-us/library/azure/dd179414.aspx
+		// https://msdn.microsoft.com/library/aa664670(VS.71).aspx
+		// http://tools.ietf.org/html/rfc7230#section-3.2
+		// ...but "_" is considered invalid by
+		// CanonicalMIMEHeaderKey in
+		// https://golang.org/src/net/textproto/reader.go?s=14615:14659#L542
+		// so k can be "X-Ms-Meta-Lol" or "x-ms-meta-lol_rofl".
+		k = strings.ToLower(k)
+		if len(v) == 0 || !strings.HasPrefix(k, strings.ToLower(userDefinedMetadataHeaderPrefix)) {
+			continue
+		}
+		// metadata["lol"] = content of the last X-Ms-Meta-Lol header
+		k = k[len(userDefinedMetadataHeaderPrefix):]
+		metadata[k] = v[len(v)-1]
+	}
+
+	if len(metadata) == 0 {
+		return nil
+	}
+
+	return metadata
+}
+
+// newUUID returns a new uuid using RFC 4122 algorithm.
+func newUUID() (uuid.UUID, error) {
+	u := [16]byte{}
+	// Set all bits to randomly (or pseudo-randomly) chosen values.
+	_, err := rand.Read(u[:])
+	if err != nil {
+		return uuid.UUID{}, err
+	}
+	u[8] = (u[8]&(0xff>>2) | (0x02 << 6)) // u.setVariant(ReservedRFC4122)
+	u[6] = (u[6] & 0xF) | (uuid.V4 << 4)  // u.setVersion(V4)
+	return uuid.FromBytes(u[:])
+}
diff --git a/vendor/github.com/Shopify/logrus-bugsnag/.travis.yml b/vendor/github.com/Shopify/logrus-bugsnag/.travis.yml
new file mode 100644
index 000000000..8b662276e
--- /dev/null
+++ b/vendor/github.com/Shopify/logrus-bugsnag/.travis.yml
@@ -0,0 +1,4 @@
+language: go
+
+go:
+  - 1.7
diff --git a/vendor/github.com/Shopify/logrus-bugsnag/LICENSE b/vendor/github.com/Shopify/logrus-bugsnag/LICENSE
new file mode 100644
index 000000000..a3f09f7fc
--- /dev/null
+++ b/vendor/github.com/Shopify/logrus-bugsnag/LICENSE
@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2016 Shopify
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
diff --git a/vendor/github.com/Shopify/logrus-bugsnag/README.md b/vendor/github.com/Shopify/logrus-bugsnag/README.md
new file mode 100644
index 000000000..6cbc79d44
--- /dev/null
+++ b/vendor/github.com/Shopify/logrus-bugsnag/README.md
@@ -0,0 +1,24 @@
+## logrus-bugsnag
+
+[![Build Status](https://travis-ci.org/Shopify/logrus-bugsnag.svg)](https://travis-ci.org/Shopify/logrus-bugsnag)
+
+logrus-bugsnag is a hook that allows [Logrus](https://github.com/sirupsen/logrus) to interface with [Bugsnag](https://bugsnag.com).
+
+#### Usage
+
+```go
+import (
+  log "github.com/sirupsen/logrus"
+  "github.com/Shopify/logrus-bugsnag"
+  bugsnag "github.com/bugsnag/bugsnag-go"
+)
+
+func init() {
+  bugsnag.Configure(bugsnag.Configuration{
+    APIKey: apiKey,
+  })
+  hook, err := logrus_bugsnag.NewBugsnagHook()
+  logrus.StandardLogger().Hooks.Add(hook)
+}
+```
+
diff --git a/vendor/github.com/Shopify/logrus-bugsnag/bugsnag.go b/vendor/github.com/Shopify/logrus-bugsnag/bugsnag.go
new file mode 100644
index 000000000..31ee5a085
--- /dev/null
+++ b/vendor/github.com/Shopify/logrus-bugsnag/bugsnag.go
@@ -0,0 +1,81 @@
+package logrus_bugsnag
+
+import (
+	"errors"
+
+	"github.com/sirupsen/logrus"
+	"github.com/bugsnag/bugsnag-go"
+	bugsnag_errors "github.com/bugsnag/bugsnag-go/errors"
+)
+
+type bugsnagHook struct{}
+
+// ErrBugsnagUnconfigured is returned if NewBugsnagHook is called before
+// bugsnag.Configure. Bugsnag must be configured before the hook.
+var ErrBugsnagUnconfigured = errors.New("bugsnag must be configured before installing this logrus hook")
+
+// ErrBugsnagSendFailed indicates that the hook failed to submit an error to
+// bugsnag. The error was successfully generated, but `bugsnag.Notify()`
+// failed.
+type ErrBugsnagSendFailed struct {
+	err error
+}
+
+func (e ErrBugsnagSendFailed) Error() string {
+	return "failed to send error to Bugsnag: " + e.err.Error()
+}
+
+// NewBugsnagHook initializes a logrus hook which sends exceptions to an
+// exception-tracking service compatible with the Bugsnag API. Before using
+// this hook, you must call bugsnag.Configure(). The returned object should be
+// registered with a log via `AddHook()`
+//
+// Entries that trigger an Error, Fatal or Panic should now include an "error"
+// field to send to Bugsnag.
+func NewBugsnagHook() (*bugsnagHook, error) {
+	if bugsnag.Config.APIKey == "" {
+		return nil, ErrBugsnagUnconfigured
+	}
+	return &bugsnagHook{}, nil
+}
+
+// skipStackFrames skips logrus stack frames before logging to Bugsnag.
+const skipStackFrames = 4
+
+// Fire forwards an error to Bugsnag. Given a logrus.Entry, it extracts the
+// "error" field (or the Message if the error isn't present) and sends it off.
+func (hook *bugsnagHook) Fire(entry *logrus.Entry) error {
+	var notifyErr error
+	err, ok := entry.Data["error"].(error)
+	if ok {
+		notifyErr = err
+	} else {
+		notifyErr = errors.New(entry.Message)
+	}
+
+	metadata := bugsnag.MetaData{}
+	metadata["metadata"] = make(map[string]interface{})
+	for key, val := range entry.Data {
+		if key != "error" {
+			metadata["metadata"][key] = val
+		}
+	}
+
+	errWithStack := bugsnag_errors.New(notifyErr, skipStackFrames)
+	bugsnagErr := bugsnag.Notify(errWithStack, metadata)
+	if bugsnagErr != nil {
+		return ErrBugsnagSendFailed{bugsnagErr}
+	}
+
+	return nil
+}
+
+// Levels enumerates the log levels on which the error should be forwarded to
+// bugsnag: everything at or above the "Error" level.
+func (hook *bugsnagHook) Levels() []logrus.Level {
+	return []logrus.Level{
+		logrus.ErrorLevel,
+		logrus.FatalLevel,
+		logrus.PanicLevel,
+	}
+}
diff --git a/vendor/github.com/Shopify/logrus-bugsnag/dev.yml b/vendor/github.com/Shopify/logrus-bugsnag/dev.yml
new file mode 100644
index 000000000..eb02973cd
--- /dev/null
+++ b/vendor/github.com/Shopify/logrus-bugsnag/dev.yml
@@ -0,0 +1,8 @@
+name: logrus-bugsnag
+
+up:
+  - go: 1.6.2
+
+commands:
+  test:
+    run: go get -t ./... && go test ./...
diff --git a/vendor/github.com/aws/aws-sdk-go/LICENSE.txt b/vendor/github.com/aws/aws-sdk-go/LICENSE.txt
new file mode 100644
index 000000000..d64569567
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/LICENSE.txt
@@ -0,0 +1,202 @@
+
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright [yyyy] [name of copyright owner]
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
diff --git a/vendor/github.com/aws/aws-sdk-go/NOTICE.txt b/vendor/github.com/aws/aws-sdk-go/NOTICE.txt
new file mode 100644
index 000000000..899129ecc
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/NOTICE.txt
@@ -0,0 +1,3 @@
+AWS SDK for Go
+Copyright 2015 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+Copyright 2014-2015 Stripe, Inc.
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/arn/arn.go b/vendor/github.com/aws/aws-sdk-go/aws/arn/arn.go
new file mode 100644
index 000000000..1c4967429
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/arn/arn.go
@@ -0,0 +1,93 @@
+// Package arn provides a parser for interacting with Amazon Resource Names.
+package arn
+
+import (
+	"errors"
+	"strings"
+)
+
+const (
+	arnDelimiter = ":"
+	arnSections  = 6
+	arnPrefix    = "arn:"
+
+	// zero-indexed
+	sectionPartition = 1
+	sectionService   = 2
+	sectionRegion    = 3
+	sectionAccountID = 4
+	sectionResource  = 5
+
+	// errors
+	invalidPrefix   = "arn: invalid prefix"
+	invalidSections = "arn: not enough sections"
+)
+
+// ARN captures the individual fields of an Amazon Resource Name.
+// See http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html for more information.
+type ARN struct {
+	// The partition that the resource is in. For standard AWS regions, the partition is "aws". If you have resources in
+	// other partitions, the partition is "aws-partitionname". For example, the partition for resources in the China
+	// (Beijing) region is "aws-cn".
+	Partition string
+
+	// The service namespace that identifies the AWS product (for example, Amazon S3, IAM, or Amazon RDS). For a list of
+	// namespaces, see
+	// http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#genref-aws-service-namespaces.
+	Service string
+
+	// The region the resource resides in. Note that the ARNs for some resources do not require a region, so this
+	// component might be omitted.
+	Region string
+
+	// The ID of the AWS account that owns the resource, without the hyphens. For example, 123456789012. Note that the
+	// ARNs for some resources don't require an account number, so this component might be omitted.
+	AccountID string
+
+	// The content of this part of the ARN varies by service. It often includes an indicator of the type of resource —
+	// for example, an IAM user or Amazon RDS database - followed by a slash (/) or a colon (:), followed by the
+	// resource name itself. Some services allows paths for resource names, as described in
+	// http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arns-paths.
+	Resource string
+}
+
+// Parse parses an ARN into its constituent parts.
+//
+// Some example ARNs:
+// arn:aws:elasticbeanstalk:us-east-1:123456789012:environment/My App/MyEnvironment
+// arn:aws:iam::123456789012:user/David
+// arn:aws:rds:eu-west-1:123456789012:db:mysql-db
+// arn:aws:s3:::my_corporate_bucket/exampleobject.png
+func Parse(arn string) (ARN, error) {
+	if !strings.HasPrefix(arn, arnPrefix) {
+		return ARN{}, errors.New(invalidPrefix)
+	}
+	sections := strings.SplitN(arn, arnDelimiter, arnSections)
+	if len(sections) != arnSections {
+		return ARN{}, errors.New(invalidSections)
+	}
+	return ARN{
+		Partition: sections[sectionPartition],
+		Service:   sections[sectionService],
+		Region:    sections[sectionRegion],
+		AccountID: sections[sectionAccountID],
+		Resource:  sections[sectionResource],
+	}, nil
+}
+
+// IsARN returns whether the given string is an ARN by looking for
+// whether the string starts with "arn:" and contains the correct number
+// of sections delimited by colons(:).
+func IsARN(arn string) bool {
+	return strings.HasPrefix(arn, arnPrefix) && strings.Count(arn, ":") >= arnSections-1
+}
+
+// String returns the canonical representation of the ARN
+func (arn ARN) String() string {
+	return arnPrefix +
+		arn.Partition + arnDelimiter +
+		arn.Service + arnDelimiter +
+		arn.Region + arnDelimiter +
+		arn.AccountID + arnDelimiter +
+		arn.Resource
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/awserr/error.go b/vendor/github.com/aws/aws-sdk-go/aws/awserr/error.go
new file mode 100644
index 000000000..99849c0e1
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/awserr/error.go
@@ -0,0 +1,164 @@
+// Package awserr represents API error interface accessors for the SDK.
+package awserr
+
+// An Error wraps lower level errors with code, message and an original error.
+// The underlying concrete error type may also satisfy other interfaces which
+// can be to used to obtain more specific information about the error.
+//
+// Calling Error() or String() will always include the full information about
+// an error based on its underlying type.
+//
+// Example:
+//
+//     output, err := s3manage.Upload(svc, input, opts)
+//     if err != nil {
+//         if awsErr, ok := err.(awserr.Error); ok {
+//             // Get error details
+//             log.Println("Error:", awsErr.Code(), awsErr.Message())
+//
+//             // Prints out full error message, including original error if there was one.
+//             log.Println("Error:", awsErr.Error())
+//
+//             // Get original error
+//             if origErr := awsErr.OrigErr(); origErr != nil {
+//                 // operate on original error.
+//             }
+//         } else {
+//             fmt.Println(err.Error())
+//         }
+//     }
+//
+type Error interface {
+	// Satisfy the generic error interface.
+	error
+
+	// Returns the short phrase depicting the classification of the error.
+	Code() string
+
+	// Returns the error details message.
+	Message() string
+
+	// Returns the original error if one was set.  Nil is returned if not set.
+	OrigErr() error
+}
+
+// BatchError is a batch of errors which also wraps lower level errors with
+// code, message, and original errors. Calling Error() will include all errors
+// that occurred in the batch.
+//
+// Deprecated: Replaced with BatchedErrors. Only defined for backwards
+// compatibility.
+type BatchError interface {
+	// Satisfy the generic error interface.
+	error
+
+	// Returns the short phrase depicting the classification of the error.
+	Code() string
+
+	// Returns the error details message.
+	Message() string
+
+	// Returns the original error if one was set.  Nil is returned if not set.
+	OrigErrs() []error
+}
+
+// BatchedErrors is a batch of errors which also wraps lower level errors with
+// code, message, and original errors. Calling Error() will include all errors
+// that occurred in the batch.
+//
+// Replaces BatchError
+type BatchedErrors interface {
+	// Satisfy the base Error interface.
+	Error
+
+	// Returns the original error if one was set.  Nil is returned if not set.
+	OrigErrs() []error
+}
+
+// New returns an Error object described by the code, message, and origErr.
+//
+// If origErr satisfies the Error interface it will not be wrapped within a new
+// Error object and will instead be returned.
+func New(code, message string, origErr error) Error {
+	var errs []error
+	if origErr != nil {
+		errs = append(errs, origErr)
+	}
+	return newBaseError(code, message, errs)
+}
+
+// NewBatchError returns an BatchedErrors with a collection of errors as an
+// array of errors.
+func NewBatchError(code, message string, errs []error) BatchedErrors {
+	return newBaseError(code, message, errs)
+}
+
+// A RequestFailure is an interface to extract request failure information from
+// an Error such as the request ID of the failed request returned by a service.
+// RequestFailures may not always have a requestID value if the request failed
+// prior to reaching the service such as a connection error.
+//
+// Example:
+//
+//     output, err := s3manage.Upload(svc, input, opts)
+//     if err != nil {
+//         if reqerr, ok := err.(RequestFailure); ok {
+//             log.Println("Request failed", reqerr.Code(), reqerr.Message(), reqerr.RequestID())
+//         } else {
+//             log.Println("Error:", err.Error())
+//         }
+//     }
+//
+// Combined with awserr.Error:
+//
+//    output, err := s3manage.Upload(svc, input, opts)
+//    if err != nil {
+//        if awsErr, ok := err.(awserr.Error); ok {
+//            // Generic AWS Error with Code, Message, and original error (if any)
+//            fmt.Println(awsErr.Code(), awsErr.Message(), awsErr.OrigErr())
+//
+//            if reqErr, ok := err.(awserr.RequestFailure); ok {
+//                // A service error occurred
+//                fmt.Println(reqErr.StatusCode(), reqErr.RequestID())
+//            }
+//        } else {
+//            fmt.Println(err.Error())
+//        }
+//    }
+//
+type RequestFailure interface {
+	Error
+
+	// The status code of the HTTP response.
+	StatusCode() int
+
+	// The request ID returned by the service for a request failure. This will
+	// be empty if no request ID is available such as the request failed due
+	// to a connection error.
+	RequestID() string
+}
+
+// NewRequestFailure returns a wrapped error with additional information for
+// request status code, and service requestID.
+//
+// Should be used to wrap all request which involve service requests. Even if
+// the request failed without a service response, but had an HTTP status code
+// that may be meaningful.
+func NewRequestFailure(err Error, statusCode int, reqID string) RequestFailure {
+	return newRequestError(err, statusCode, reqID)
+}
+
+// UnmarshalError provides the interface for the SDK failing to unmarshal data.
+type UnmarshalError interface {
+	awsError
+	Bytes() []byte
+}
+
+// NewUnmarshalError returns an initialized UnmarshalError error wrapper adding
+// the bytes that fail to unmarshal to the error.
+func NewUnmarshalError(err error, msg string, bytes []byte) UnmarshalError {
+	return &unmarshalError{
+		awsError: New("UnmarshalError", msg, err),
+		bytes:    bytes,
+	}
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/awserr/types.go b/vendor/github.com/aws/aws-sdk-go/aws/awserr/types.go
new file mode 100644
index 000000000..9cf7eaf40
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/awserr/types.go
@@ -0,0 +1,221 @@
+package awserr
+
+import (
+	"encoding/hex"
+	"fmt"
+)
+
+// SprintError returns a string of the formatted error code.
+//
+// Both extra and origErr are optional.  If they are included their lines
+// will be added, but if they are not included their lines will be ignored.
+func SprintError(code, message, extra string, origErr error) string {
+	msg := fmt.Sprintf("%s: %s", code, message)
+	if extra != "" {
+		msg = fmt.Sprintf("%s\n\t%s", msg, extra)
+	}
+	if origErr != nil {
+		msg = fmt.Sprintf("%s\ncaused by: %s", msg, origErr.Error())
+	}
+	return msg
+}
+
+// A baseError wraps the code and message which defines an error. It also
+// can be used to wrap an original error object.
+//
+// Should be used as the root for errors satisfying the awserr.Error. Also
+// for any error which does not fit into a specific error wrapper type.
+type baseError struct {
+	// Classification of error
+	code string
+
+	// Detailed information about error
+	message string
+
+	// Optional original error this error is based off of. Allows building
+	// chained errors.
+	errs []error
+}
+
+// newBaseError returns an error object for the code, message, and errors.
+//
+// code is a short no whitespace phrase depicting the classification of
+// the error that is being created.
+//
+// message is the free flow string containing detailed information about the
+// error.
+//
+// origErrs is the error objects which will be nested under the new errors to
+// be returned.
+func newBaseError(code, message string, origErrs []error) *baseError {
+	b := &baseError{
+		code:    code,
+		message: message,
+		errs:    origErrs,
+	}
+
+	return b
+}
+
+// Error returns the string representation of the error.
+//
+// See ErrorWithExtra for formatting.
+//
+// Satisfies the error interface.
+func (b baseError) Error() string {
+	size := len(b.errs)
+	if size > 0 {
+		return SprintError(b.code, b.message, "", errorList(b.errs))
+	}
+
+	return SprintError(b.code, b.message, "", nil)
+}
+
+// String returns the string representation of the error.
+// Alias for Error to satisfy the stringer interface.
+func (b baseError) String() string {
+	return b.Error()
+}
+
+// Code returns the short phrase depicting the classification of the error.
+func (b baseError) Code() string {
+	return b.code
+}
+
+// Message returns the error details message.
+func (b baseError) Message() string {
+	return b.message
+}
+
+// OrigErr returns the original error if one was set. Nil is returned if no
+// error was set. This only returns the first element in the list. If the full
+// list is needed, use BatchedErrors.
+func (b baseError) OrigErr() error {
+	switch len(b.errs) {
+	case 0:
+		return nil
+	case 1:
+		return b.errs[0]
+	default:
+		if err, ok := b.errs[0].(Error); ok {
+			return NewBatchError(err.Code(), err.Message(), b.errs[1:])
+		}
+		return NewBatchError("BatchedErrors",
+			"multiple errors occurred", b.errs)
+	}
+}
+
+// OrigErrs returns the original errors if one was set. An empty slice is
+// returned if no error was set.
+func (b baseError) OrigErrs() []error {
+	return b.errs
+}
+
+// So that the Error interface type can be included as an anonymous field
+// in the requestError struct and not conflict with the error.Error() method.
+type awsError Error
+
+// A requestError wraps a request or service error.
+//
+// Composed of baseError for code, message, and original error.
+type requestError struct {
+	awsError
+	statusCode int
+	requestID  string
+	bytes      []byte
+}
+
+// newRequestError returns a wrapped error with additional information for
+// request status code, and service requestID.
+//
+// Should be used to wrap all request which involve service requests. Even if
+// the request failed without a service response, but had an HTTP status code
+// that may be meaningful.
+//
+// Also wraps original errors via the baseError.
+func newRequestError(err Error, statusCode int, requestID string) *requestError {
+	return &requestError{
+		awsError:   err,
+		statusCode: statusCode,
+		requestID:  requestID,
+	}
+}
+
+// Error returns the string representation of the error.
+// Satisfies the error interface.
+func (r requestError) Error() string {
+	extra := fmt.Sprintf("status code: %d, request id: %s",
+		r.statusCode, r.requestID)
+	return SprintError(r.Code(), r.Message(), extra, r.OrigErr())
+}
+
+// String returns the string representation of the error.
+// Alias for Error to satisfy the stringer interface.
+func (r requestError) String() string {
+	return r.Error()
+}
+
+// StatusCode returns the wrapped status code for the error
+func (r requestError) StatusCode() int {
+	return r.statusCode
+}
+
+// RequestID returns the wrapped requestID
+func (r requestError) RequestID() string {
+	return r.requestID
+}
+
+// OrigErrs returns the original errors if one was set. An empty slice is
+// returned if no error was set.
+func (r requestError) OrigErrs() []error {
+	if b, ok := r.awsError.(BatchedErrors); ok {
+		return b.OrigErrs()
+	}
+	return []error{r.OrigErr()}
+}
+
+type unmarshalError struct {
+	awsError
+	bytes []byte
+}
+
+// Error returns the string representation of the error.
+// Satisfies the error interface.
+func (e unmarshalError) Error() string {
+	extra := hex.Dump(e.bytes)
+	return SprintError(e.Code(), e.Message(), extra, e.OrigErr())
+}
+
+// String returns the string representation of the error.
+// Alias for Error to satisfy the stringer interface.
+func (e unmarshalError) String() string {
+	return e.Error()
+}
+
+// Bytes returns the bytes that failed to unmarshal.
+func (e unmarshalError) Bytes() []byte {
+	return e.bytes
+}
+
+// An error list that satisfies the golang interface
+type errorList []error
+
+// Error returns the string representation of the error.
+//
+// Satisfies the error interface.
+func (e errorList) Error() string {
+	msg := ""
+	// How do we want to handle the array size being zero
+	if size := len(e); size > 0 {
+		for i := 0; i < size; i++ {
+			msg += e[i].Error()
+			// We check the next index to see if it is within the slice.
+			// If it is, then we append a newline. We do this, because unit tests
+			// could be broken with the additional '\n'
+			if i+1 < size {
+				msg += "\n"
+			}
+		}
+	}
+	return msg
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/awsutil/copy.go b/vendor/github.com/aws/aws-sdk-go/aws/awsutil/copy.go
new file mode 100644
index 000000000..1a3d106d5
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/awsutil/copy.go
@@ -0,0 +1,108 @@
+package awsutil
+
+import (
+	"io"
+	"reflect"
+	"time"
+)
+
+// Copy deeply copies a src structure to dst. Useful for copying request and
+// response structures.
+//
+// Can copy between structs of different type, but will only copy fields which
+// are assignable, and exist in both structs. Fields which are not assignable,
+// or do not exist in both structs are ignored.
+func Copy(dst, src interface{}) {
+	dstval := reflect.ValueOf(dst)
+	if !dstval.IsValid() {
+		panic("Copy dst cannot be nil")
+	}
+
+	rcopy(dstval, reflect.ValueOf(src), true)
+}
+
+// CopyOf returns a copy of src while also allocating the memory for dst.
+// src must be a pointer type or this operation will fail.
+func CopyOf(src interface{}) (dst interface{}) {
+	dsti := reflect.New(reflect.TypeOf(src).Elem())
+	dst = dsti.Interface()
+	rcopy(dsti, reflect.ValueOf(src), true)
+	return
+}
+
+// rcopy performs a recursive copy of values from the source to destination.
+//
+// root is used to skip certain aspects of the copy which are not valid
+// for the root node of a object.
+func rcopy(dst, src reflect.Value, root bool) {
+	if !src.IsValid() {
+		return
+	}
+
+	switch src.Kind() {
+	case reflect.Ptr:
+		if _, ok := src.Interface().(io.Reader); ok {
+			if dst.Kind() == reflect.Ptr && dst.Elem().CanSet() {
+				dst.Elem().Set(src)
+			} else if dst.CanSet() {
+				dst.Set(src)
+			}
+		} else {
+			e := src.Type().Elem()
+			if dst.CanSet() && !src.IsNil() {
+				if _, ok := src.Interface().(*time.Time); !ok {
+					dst.Set(reflect.New(e))
+				} else {
+					tempValue := reflect.New(e)
+					tempValue.Elem().Set(src.Elem())
+					// Sets time.Time's unexported values
+					dst.Set(tempValue)
+				}
+			}
+			if src.Elem().IsValid() {
+				// Keep the current root state since the depth hasn't changed
+				rcopy(dst.Elem(), src.Elem(), root)
+			}
+		}
+	case reflect.Struct:
+		t := dst.Type()
+		for i := 0; i < t.NumField(); i++ {
+			name := t.Field(i).Name
+			srcVal := src.FieldByName(name)
+			dstVal := dst.FieldByName(name)
+			if srcVal.IsValid() && dstVal.CanSet() {
+				rcopy(dstVal, srcVal, false)
+			}
+		}
+	case reflect.Slice:
+		if src.IsNil() {
+			break
+		}
+
+		s := reflect.MakeSlice(src.Type(), src.Len(), src.Cap())
+		dst.Set(s)
+		for i := 0; i < src.Len(); i++ {
+			rcopy(dst.Index(i), src.Index(i), false)
+		}
+	case reflect.Map:
+		if src.IsNil() {
+			break
+		}
+
+		s := reflect.MakeMap(src.Type())
+		dst.Set(s)
+		for _, k := range src.MapKeys() {
+			v := src.MapIndex(k)
+			v2 := reflect.New(v.Type()).Elem()
+			rcopy(v2, v, false)
+			dst.SetMapIndex(k, v2)
+		}
+	default:
+		// Assign the value if possible. If its not assignable, the value would
+		// need to be converted and the impact of that may be unexpected, or is
+		// not compatible with the dst type.
+		if src.Type().AssignableTo(dst.Type()) {
+			dst.Set(src)
+		}
+	}
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/awsutil/equal.go b/vendor/github.com/aws/aws-sdk-go/aws/awsutil/equal.go
new file mode 100644
index 000000000..142a7a01c
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/awsutil/equal.go
@@ -0,0 +1,27 @@
+package awsutil
+
+import (
+	"reflect"
+)
+
+// DeepEqual returns if the two values are deeply equal like reflect.DeepEqual.
+// In addition to this, this method will also dereference the input values if
+// possible so the DeepEqual performed will not fail if one parameter is a
+// pointer and the other is not.
+//
+// DeepEqual will not perform indirection of nested values of the input parameters.
+func DeepEqual(a, b interface{}) bool {
+	ra := reflect.Indirect(reflect.ValueOf(a))
+	rb := reflect.Indirect(reflect.ValueOf(b))
+
+	if raValid, rbValid := ra.IsValid(), rb.IsValid(); !raValid && !rbValid {
+		// If the elements are both nil, and of the same type they are equal
+		// If they are of different types they are not equal
+		return reflect.TypeOf(a) == reflect.TypeOf(b)
+	} else if raValid != rbValid {
+		// Both values must be valid to be equal
+		return false
+	}
+
+	return reflect.DeepEqual(ra.Interface(), rb.Interface())
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/awsutil/path_value.go b/vendor/github.com/aws/aws-sdk-go/aws/awsutil/path_value.go
new file mode 100644
index 000000000..a4eb6a7f4
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/awsutil/path_value.go
@@ -0,0 +1,221 @@
+package awsutil
+
+import (
+	"reflect"
+	"regexp"
+	"strconv"
+	"strings"
+
+	"github.com/jmespath/go-jmespath"
+)
+
+var indexRe = regexp.MustCompile(`(.+)\[(-?\d+)?\]$`)
+
+// rValuesAtPath returns a slice of values found in value v. The values
+// in v are explored recursively so all nested values are collected.
+func rValuesAtPath(v interface{}, path string, createPath, caseSensitive, nilTerm bool) []reflect.Value {
+	pathparts := strings.Split(path, "||")
+	if len(pathparts) > 1 {
+		for _, pathpart := range pathparts {
+			vals := rValuesAtPath(v, pathpart, createPath, caseSensitive, nilTerm)
+			if len(vals) > 0 {
+				return vals
+			}
+		}
+		return nil
+	}
+
+	values := []reflect.Value{reflect.Indirect(reflect.ValueOf(v))}
+	components := strings.Split(path, ".")
+	for len(values) > 0 && len(components) > 0 {
+		var index *int64
+		var indexStar bool
+		c := strings.TrimSpace(components[0])
+		if c == "" { // no actual component, illegal syntax
+			return nil
+		} else if caseSensitive && c != "*" && strings.ToLower(c[0:1]) == c[0:1] {
+			// TODO normalize case for user
+			return nil // don't support unexported fields
+		}
+
+		// parse this component
+		if m := indexRe.FindStringSubmatch(c); m != nil {
+			c = m[1]
+			if m[2] == "" {
+				index = nil
+				indexStar = true
+			} else {
+				i, _ := strconv.ParseInt(m[2], 10, 32)
+				index = &i
+				indexStar = false
+			}
+		}
+
+		nextvals := []reflect.Value{}
+		for _, value := range values {
+			// pull component name out of struct member
+			if value.Kind() != reflect.Struct {
+				continue
+			}
+
+			if c == "*" { // pull all members
+				for i := 0; i < value.NumField(); i++ {
+					if f := reflect.Indirect(value.Field(i)); f.IsValid() {
+						nextvals = append(nextvals, f)
+					}
+				}
+				continue
+			}
+
+			value = value.FieldByNameFunc(func(name string) bool {
+				if c == name {
+					return true
+				} else if !caseSensitive && strings.EqualFold(name, c) {
+					return true
+				}
+				return false
+			})
+
+			if nilTerm && value.Kind() == reflect.Ptr && len(components[1:]) == 0 {
+				if !value.IsNil() {
+					value.Set(reflect.Zero(value.Type()))
+				}
+				return []reflect.Value{value}
+			}
+
+			if createPath && value.Kind() == reflect.Ptr && value.IsNil() {
+				// TODO if the value is the terminus it should not be created
+				// if the value to be set to its position is nil.
+				value.Set(reflect.New(value.Type().Elem()))
+				value = value.Elem()
+			} else {
+				value = reflect.Indirect(value)
+			}
+
+			if value.Kind() == reflect.Slice || value.Kind() == reflect.Map {
+				if !createPath && value.IsNil() {
+					value = reflect.ValueOf(nil)
+				}
+			}
+
+			if value.IsValid() {
+				nextvals = append(nextvals, value)
+			}
+		}
+		values = nextvals
+
+		if indexStar || index != nil {
+			nextvals = []reflect.Value{}
+			for _, valItem := range values {
+				value := reflect.Indirect(valItem)
+				if value.Kind() != reflect.Slice {
+					continue
+				}
+
+				if indexStar { // grab all indices
+					for i := 0; i < value.Len(); i++ {
+						idx := reflect.Indirect(value.Index(i))
+						if idx.IsValid() {
+							nextvals = append(nextvals, idx)
+						}
+					}
+					continue
+				}
+
+				// pull out index
+				i := int(*index)
+				if i >= value.Len() { // check out of bounds
+					if createPath {
+						// TODO resize slice
+					} else {
+						continue
+					}
+				} else if i < 0 { // support negative indexing
+					i = value.Len() + i
+				}
+				value = reflect.Indirect(value.Index(i))
+
+				if value.Kind() == reflect.Slice || value.Kind() == reflect.Map {
+					if !createPath && value.IsNil() {
+						value = reflect.ValueOf(nil)
+					}
+				}
+
+				if value.IsValid() {
+					nextvals = append(nextvals, value)
+				}
+			}
+			values = nextvals
+		}
+
+		components = components[1:]
+	}
+	return values
+}
+
+// ValuesAtPath returns a list of values at the case insensitive lexical
+// path inside of a structure.
+func ValuesAtPath(i interface{}, path string) ([]interface{}, error) {
+	result, err := jmespath.Search(path, i)
+	if err != nil {
+		return nil, err
+	}
+
+	v := reflect.ValueOf(result)
+	if !v.IsValid() || (v.Kind() == reflect.Ptr && v.IsNil()) {
+		return nil, nil
+	}
+	if s, ok := result.([]interface{}); ok {
+		return s, err
+	}
+	if v.Kind() == reflect.Map && v.Len() == 0 {
+		return nil, nil
+	}
+	if v.Kind() == reflect.Slice {
+		out := make([]interface{}, v.Len())
+		for i := 0; i < v.Len(); i++ {
+			out[i] = v.Index(i).Interface()
+		}
+		return out, nil
+	}
+
+	return []interface{}{result}, nil
+}
+
+// SetValueAtPath sets a value at the case insensitive lexical path inside
+// of a structure.
+func SetValueAtPath(i interface{}, path string, v interface{}) {
+	rvals := rValuesAtPath(i, path, true, false, v == nil)
+	for _, rval := range rvals {
+		if rval.Kind() == reflect.Ptr && rval.IsNil() {
+			continue
+		}
+		setValue(rval, v)
+	}
+}
+
+func setValue(dstVal reflect.Value, src interface{}) {
+	if dstVal.Kind() == reflect.Ptr {
+		dstVal = reflect.Indirect(dstVal)
+	}
+	srcVal := reflect.ValueOf(src)
+
+	if !srcVal.IsValid() { // src is literal nil
+		if dstVal.CanAddr() {
+			// Convert to pointer so that pointer's value can be nil'ed
+			//                     dstVal = dstVal.Addr()
+		}
+		dstVal.Set(reflect.Zero(dstVal.Type()))
+
+	} else if srcVal.Kind() == reflect.Ptr {
+		if srcVal.IsNil() {
+			srcVal = reflect.Zero(dstVal.Type())
+		} else {
+			srcVal = reflect.ValueOf(src).Elem()
+		}
+		dstVal.Set(srcVal)
+	} else {
+		dstVal.Set(srcVal)
+	}
+
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/awsutil/prettify.go b/vendor/github.com/aws/aws-sdk-go/aws/awsutil/prettify.go
new file mode 100644
index 000000000..11d4240d6
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/awsutil/prettify.go
@@ -0,0 +1,123 @@
+package awsutil
+
+import (
+	"bytes"
+	"fmt"
+	"io"
+	"reflect"
+	"strings"
+)
+
+// Prettify returns the string representation of a value.
+func Prettify(i interface{}) string {
+	var buf bytes.Buffer
+	prettify(reflect.ValueOf(i), 0, &buf)
+	return buf.String()
+}
+
+// prettify will recursively walk value v to build a textual
+// representation of the value.
+func prettify(v reflect.Value, indent int, buf *bytes.Buffer) {
+	for v.Kind() == reflect.Ptr {
+		v = v.Elem()
+	}
+
+	switch v.Kind() {
+	case reflect.Struct:
+		strtype := v.Type().String()
+		if strtype == "time.Time" {
+			fmt.Fprintf(buf, "%s", v.Interface())
+			break
+		} else if strings.HasPrefix(strtype, "io.") {
+			buf.WriteString("<buffer>")
+			break
+		}
+
+		buf.WriteString("{\n")
+
+		names := []string{}
+		for i := 0; i < v.Type().NumField(); i++ {
+			name := v.Type().Field(i).Name
+			f := v.Field(i)
+			if name[0:1] == strings.ToLower(name[0:1]) {
+				continue // ignore unexported fields
+			}
+			if (f.Kind() == reflect.Ptr || f.Kind() == reflect.Slice || f.Kind() == reflect.Map) && f.IsNil() {
+				continue // ignore unset fields
+			}
+			names = append(names, name)
+		}
+
+		for i, n := range names {
+			val := v.FieldByName(n)
+			ft, ok := v.Type().FieldByName(n)
+			if !ok {
+				panic(fmt.Sprintf("expected to find field %v on type %v, but was not found", n, v.Type()))
+			}
+
+			buf.WriteString(strings.Repeat(" ", indent+2))
+			buf.WriteString(n + ": ")
+
+			if tag := ft.Tag.Get("sensitive"); tag == "true" {
+				buf.WriteString("<sensitive>")
+			} else {
+				prettify(val, indent+2, buf)
+			}
+
+			if i < len(names)-1 {
+				buf.WriteString(",\n")
+			}
+		}
+
+		buf.WriteString("\n" + strings.Repeat(" ", indent) + "}")
+	case reflect.Slice:
+		strtype := v.Type().String()
+		if strtype == "[]uint8" {
+			fmt.Fprintf(buf, "<binary> len %d", v.Len())
+			break
+		}
+
+		nl, id, id2 := "", "", ""
+		if v.Len() > 3 {
+			nl, id, id2 = "\n", strings.Repeat(" ", indent), strings.Repeat(" ", indent+2)
+		}
+		buf.WriteString("[" + nl)
+		for i := 0; i < v.Len(); i++ {
+			buf.WriteString(id2)
+			prettify(v.Index(i), indent+2, buf)
+
+			if i < v.Len()-1 {
+				buf.WriteString("," + nl)
+			}
+		}
+
+		buf.WriteString(nl + id + "]")
+	case reflect.Map:
+		buf.WriteString("{\n")
+
+		for i, k := range v.MapKeys() {
+			buf.WriteString(strings.Repeat(" ", indent+2))
+			buf.WriteString(k.String() + ": ")
+			prettify(v.MapIndex(k), indent+2, buf)
+
+			if i < v.Len()-1 {
+				buf.WriteString(",\n")
+			}
+		}
+
+		buf.WriteString("\n" + strings.Repeat(" ", indent) + "}")
+	default:
+		if !v.IsValid() {
+			fmt.Fprint(buf, "<invalid value>")
+			return
+		}
+		format := "%v"
+		switch v.Interface().(type) {
+		case string:
+			format = "%q"
+		case io.ReadSeeker, io.Reader:
+			format = "buffer(%p)"
+		}
+		fmt.Fprintf(buf, format, v.Interface())
+	}
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/awsutil/string_value.go b/vendor/github.com/aws/aws-sdk-go/aws/awsutil/string_value.go
new file mode 100644
index 000000000..3f7cffd95
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/awsutil/string_value.go
@@ -0,0 +1,90 @@
+package awsutil
+
+import (
+	"bytes"
+	"fmt"
+	"reflect"
+	"strings"
+)
+
+// StringValue returns the string representation of a value.
+//
+// Deprecated: Use Prettify instead.
+func StringValue(i interface{}) string {
+	var buf bytes.Buffer
+	stringValue(reflect.ValueOf(i), 0, &buf)
+	return buf.String()
+}
+
+func stringValue(v reflect.Value, indent int, buf *bytes.Buffer) {
+	for v.Kind() == reflect.Ptr {
+		v = v.Elem()
+	}
+
+	switch v.Kind() {
+	case reflect.Struct:
+		buf.WriteString("{\n")
+
+		for i := 0; i < v.Type().NumField(); i++ {
+			ft := v.Type().Field(i)
+			fv := v.Field(i)
+
+			if ft.Name[0:1] == strings.ToLower(ft.Name[0:1]) {
+				continue // ignore unexported fields
+			}
+			if (fv.Kind() == reflect.Ptr || fv.Kind() == reflect.Slice) && fv.IsNil() {
+				continue // ignore unset fields
+			}
+
+			buf.WriteString(strings.Repeat(" ", indent+2))
+			buf.WriteString(ft.Name + ": ")
+
+			if tag := ft.Tag.Get("sensitive"); tag == "true" {
+				buf.WriteString("<sensitive>")
+			} else {
+				stringValue(fv, indent+2, buf)
+			}
+
+			buf.WriteString(",\n")
+		}
+
+		buf.WriteString("\n" + strings.Repeat(" ", indent) + "}")
+	case reflect.Slice:
+		nl, id, id2 := "", "", ""
+		if v.Len() > 3 {
+			nl, id, id2 = "\n", strings.Repeat(" ", indent), strings.Repeat(" ", indent+2)
+		}
+		buf.WriteString("[" + nl)
+		for i := 0; i < v.Len(); i++ {
+			buf.WriteString(id2)
+			stringValue(v.Index(i), indent+2, buf)
+
+			if i < v.Len()-1 {
+				buf.WriteString("," + nl)
+			}
+		}
+
+		buf.WriteString(nl + id + "]")
+	case reflect.Map:
+		buf.WriteString("{\n")
+
+		for i, k := range v.MapKeys() {
+			buf.WriteString(strings.Repeat(" ", indent+2))
+			buf.WriteString(k.String() + ": ")
+			stringValue(v.MapIndex(k), indent+2, buf)
+
+			if i < v.Len()-1 {
+				buf.WriteString(",\n")
+			}
+		}
+
+		buf.WriteString("\n" + strings.Repeat(" ", indent) + "}")
+	default:
+		format := "%v"
+		switch v.Interface().(type) {
+		case string:
+			format = "%q"
+		}
+		fmt.Fprintf(buf, format, v.Interface())
+	}
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/client/client.go b/vendor/github.com/aws/aws-sdk-go/aws/client/client.go
new file mode 100644
index 000000000..b147f103c
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/client/client.go
@@ -0,0 +1,94 @@
+package client
+
+import (
+	"fmt"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/client/metadata"
+	"github.com/aws/aws-sdk-go/aws/request"
+)
+
+// A Config provides configuration to a service client instance.
+type Config struct {
+	Config         *aws.Config
+	Handlers       request.Handlers
+	PartitionID    string
+	Endpoint       string
+	SigningRegion  string
+	SigningName    string
+	ResolvedRegion string
+
+	// States that the signing name did not come from a modeled source but
+	// was derived based on other data. Used by service client constructors
+	// to determine if the signin name can be overridden based on metadata the
+	// service has.
+	SigningNameDerived bool
+}
+
+// ConfigProvider provides a generic way for a service client to receive
+// the ClientConfig without circular dependencies.
+type ConfigProvider interface {
+	ClientConfig(serviceName string, cfgs ...*aws.Config) Config
+}
+
+// ConfigNoResolveEndpointProvider same as ConfigProvider except it will not
+// resolve the endpoint automatically. The service client's endpoint must be
+// provided via the aws.Config.Endpoint field.
+type ConfigNoResolveEndpointProvider interface {
+	ClientConfigNoResolveEndpoint(cfgs ...*aws.Config) Config
+}
+
+// A Client implements the base client request and response handling
+// used by all service clients.
+type Client struct {
+	request.Retryer
+	metadata.ClientInfo
+
+	Config   aws.Config
+	Handlers request.Handlers
+}
+
+// New will return a pointer to a new initialized service client.
+func New(cfg aws.Config, info metadata.ClientInfo, handlers request.Handlers, options ...func(*Client)) *Client {
+	svc := &Client{
+		Config:     cfg,
+		ClientInfo: info,
+		Handlers:   handlers.Copy(),
+	}
+
+	switch retryer, ok := cfg.Retryer.(request.Retryer); {
+	case ok:
+		svc.Retryer = retryer
+	case cfg.Retryer != nil && cfg.Logger != nil:
+		s := fmt.Sprintf("WARNING: %T does not implement request.Retryer; using DefaultRetryer instead", cfg.Retryer)
+		cfg.Logger.Log(s)
+		fallthrough
+	default:
+		maxRetries := aws.IntValue(cfg.MaxRetries)
+		if cfg.MaxRetries == nil || maxRetries == aws.UseServiceDefaultRetries {
+			maxRetries = DefaultRetryerMaxNumRetries
+		}
+		svc.Retryer = DefaultRetryer{NumMaxRetries: maxRetries}
+	}
+
+	svc.AddDebugHandlers()
+
+	for _, option := range options {
+		option(svc)
+	}
+
+	return svc
+}
+
+// NewRequest returns a new Request pointer for the service API
+// operation and parameters.
+func (c *Client) NewRequest(operation *request.Operation, params interface{}, data interface{}) *request.Request {
+	return request.New(c.Config, c.ClientInfo, c.Handlers, c.Retryer, operation, params, data)
+}
+
+// AddDebugHandlers injects debug logging handlers into the service to log request
+// debug information.
+func (c *Client) AddDebugHandlers() {
+	c.Handlers.Send.PushFrontNamed(LogHTTPRequestHandler)
+	c.Handlers.Send.PushBackNamed(LogHTTPResponseHandler)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/client/default_retryer.go b/vendor/github.com/aws/aws-sdk-go/aws/client/default_retryer.go
new file mode 100644
index 000000000..9f6af19dd
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/client/default_retryer.go
@@ -0,0 +1,177 @@
+package client
+
+import (
+	"math"
+	"strconv"
+	"time"
+
+	"github.com/aws/aws-sdk-go/aws/request"
+	"github.com/aws/aws-sdk-go/internal/sdkrand"
+)
+
+// DefaultRetryer implements basic retry logic using exponential backoff for
+// most services. If you want to implement custom retry logic, you can implement the
+// request.Retryer interface.
+//
+type DefaultRetryer struct {
+	// Num max Retries is the number of max retries that will be performed.
+	// By default, this is zero.
+	NumMaxRetries int
+
+	// MinRetryDelay is the minimum retry delay after which retry will be performed.
+	// If not set, the value is 0ns.
+	MinRetryDelay time.Duration
+
+	// MinThrottleRetryDelay is the minimum retry delay when throttled.
+	// If not set, the value is 0ns.
+	MinThrottleDelay time.Duration
+
+	// MaxRetryDelay is the maximum retry delay before which retry must be performed.
+	// If not set, the value is 0ns.
+	MaxRetryDelay time.Duration
+
+	// MaxThrottleDelay is the maximum retry delay when throttled.
+	// If not set, the value is 0ns.
+	MaxThrottleDelay time.Duration
+}
+
+const (
+	// DefaultRetryerMaxNumRetries sets maximum number of retries
+	DefaultRetryerMaxNumRetries = 3
+
+	// DefaultRetryerMinRetryDelay sets minimum retry delay
+	DefaultRetryerMinRetryDelay = 30 * time.Millisecond
+
+	// DefaultRetryerMinThrottleDelay sets minimum delay when throttled
+	DefaultRetryerMinThrottleDelay = 500 * time.Millisecond
+
+	// DefaultRetryerMaxRetryDelay sets maximum retry delay
+	DefaultRetryerMaxRetryDelay = 300 * time.Second
+
+	// DefaultRetryerMaxThrottleDelay sets maximum delay when throttled
+	DefaultRetryerMaxThrottleDelay = 300 * time.Second
+)
+
+// MaxRetries returns the number of maximum returns the service will use to make
+// an individual API request.
+func (d DefaultRetryer) MaxRetries() int {
+	return d.NumMaxRetries
+}
+
+// setRetryerDefaults sets the default values of the retryer if not set
+func (d *DefaultRetryer) setRetryerDefaults() {
+	if d.MinRetryDelay == 0 {
+		d.MinRetryDelay = DefaultRetryerMinRetryDelay
+	}
+	if d.MaxRetryDelay == 0 {
+		d.MaxRetryDelay = DefaultRetryerMaxRetryDelay
+	}
+	if d.MinThrottleDelay == 0 {
+		d.MinThrottleDelay = DefaultRetryerMinThrottleDelay
+	}
+	if d.MaxThrottleDelay == 0 {
+		d.MaxThrottleDelay = DefaultRetryerMaxThrottleDelay
+	}
+}
+
+// RetryRules returns the delay duration before retrying this request again
+func (d DefaultRetryer) RetryRules(r *request.Request) time.Duration {
+
+	// if number of max retries is zero, no retries will be performed.
+	if d.NumMaxRetries == 0 {
+		return 0
+	}
+
+	// Sets default value for retryer members
+	d.setRetryerDefaults()
+
+	// minDelay is the minimum retryer delay
+	minDelay := d.MinRetryDelay
+
+	var initialDelay time.Duration
+
+	isThrottle := r.IsErrorThrottle()
+	if isThrottle {
+		if delay, ok := getRetryAfterDelay(r); ok {
+			initialDelay = delay
+		}
+		minDelay = d.MinThrottleDelay
+	}
+
+	retryCount := r.RetryCount
+
+	// maxDelay the maximum retryer delay
+	maxDelay := d.MaxRetryDelay
+
+	if isThrottle {
+		maxDelay = d.MaxThrottleDelay
+	}
+
+	var delay time.Duration
+
+	// Logic to cap the retry count based on the minDelay provided
+	actualRetryCount := int(math.Log2(float64(minDelay))) + 1
+	if actualRetryCount < 63-retryCount {
+		delay = time.Duration(1<<uint64(retryCount)) * getJitterDelay(minDelay)
+		if delay > maxDelay {
+			delay = getJitterDelay(maxDelay / 2)
+		}
+	} else {
+		delay = getJitterDelay(maxDelay / 2)
+	}
+	return delay + initialDelay
+}
+
+// getJitterDelay returns a jittered delay for retry
+func getJitterDelay(duration time.Duration) time.Duration {
+	return time.Duration(sdkrand.SeededRand.Int63n(int64(duration)) + int64(duration))
+}
+
+// ShouldRetry returns true if the request should be retried.
+func (d DefaultRetryer) ShouldRetry(r *request.Request) bool {
+
+	// ShouldRetry returns false if number of max retries is 0.
+	if d.NumMaxRetries == 0 {
+		return false
+	}
+
+	// If one of the other handlers already set the retry state
+	// we don't want to override it based on the service's state
+	if r.Retryable != nil {
+		return *r.Retryable
+	}
+	return r.IsErrorRetryable() || r.IsErrorThrottle()
+}
+
+// This will look in the Retry-After header, RFC 7231, for how long
+// it will wait before attempting another request
+func getRetryAfterDelay(r *request.Request) (time.Duration, bool) {
+	if !canUseRetryAfterHeader(r) {
+		return 0, false
+	}
+
+	delayStr := r.HTTPResponse.Header.Get("Retry-After")
+	if len(delayStr) == 0 {
+		return 0, false
+	}
+
+	delay, err := strconv.Atoi(delayStr)
+	if err != nil {
+		return 0, false
+	}
+
+	return time.Duration(delay) * time.Second, true
+}
+
+// Will look at the status code to see if the retry header pertains to
+// the status code.
+func canUseRetryAfterHeader(r *request.Request) bool {
+	switch r.HTTPResponse.StatusCode {
+	case 429:
+	case 503:
+	default:
+		return false
+	}
+
+	return true
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/client/logger.go b/vendor/github.com/aws/aws-sdk-go/aws/client/logger.go
new file mode 100644
index 000000000..5ac5c24a1
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/client/logger.go
@@ -0,0 +1,206 @@
+package client
+
+import (
+	"bytes"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"net/http/httputil"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/request"
+)
+
+const logReqMsg = `DEBUG: Request %s/%s Details:
+---[ REQUEST POST-SIGN ]-----------------------------
+%s
+-----------------------------------------------------`
+
+const logReqErrMsg = `DEBUG ERROR: Request %s/%s:
+---[ REQUEST DUMP ERROR ]-----------------------------
+%s
+------------------------------------------------------`
+
+type logWriter struct {
+	// Logger is what we will use to log the payload of a response.
+	Logger aws.Logger
+	// buf stores the contents of what has been read
+	buf *bytes.Buffer
+}
+
+func (logger *logWriter) Write(b []byte) (int, error) {
+	return logger.buf.Write(b)
+}
+
+type teeReaderCloser struct {
+	// io.Reader will be a tee reader that is used during logging.
+	// This structure will read from a body and write the contents to a logger.
+	io.Reader
+	// Source is used just to close when we are done reading.
+	Source io.ReadCloser
+}
+
+func (reader *teeReaderCloser) Close() error {
+	return reader.Source.Close()
+}
+
+// LogHTTPRequestHandler is a SDK request handler to log the HTTP request sent
+// to a service. Will include the HTTP request body if the LogLevel of the
+// request matches LogDebugWithHTTPBody.
+var LogHTTPRequestHandler = request.NamedHandler{
+	Name: "awssdk.client.LogRequest",
+	Fn:   logRequest,
+}
+
+func logRequest(r *request.Request) {
+	if !r.Config.LogLevel.AtLeast(aws.LogDebug) || r.Config.Logger == nil {
+		return
+	}
+
+	logBody := r.Config.LogLevel.Matches(aws.LogDebugWithHTTPBody)
+	bodySeekable := aws.IsReaderSeekable(r.Body)
+
+	b, err := httputil.DumpRequestOut(r.HTTPRequest, logBody)
+	if err != nil {
+		r.Config.Logger.Log(fmt.Sprintf(logReqErrMsg,
+			r.ClientInfo.ServiceName, r.Operation.Name, err))
+		return
+	}
+
+	if logBody {
+		if !bodySeekable {
+			r.SetReaderBody(aws.ReadSeekCloser(r.HTTPRequest.Body))
+		}
+		// Reset the request body because dumpRequest will re-wrap the
+		// r.HTTPRequest's Body as a NoOpCloser and will not be reset after
+		// read by the HTTP client reader.
+		if err := r.Error; err != nil {
+			r.Config.Logger.Log(fmt.Sprintf(logReqErrMsg,
+				r.ClientInfo.ServiceName, r.Operation.Name, err))
+			return
+		}
+	}
+
+	r.Config.Logger.Log(fmt.Sprintf(logReqMsg,
+		r.ClientInfo.ServiceName, r.Operation.Name, string(b)))
+}
+
+// LogHTTPRequestHeaderHandler is a SDK request handler to log the HTTP request sent
+// to a service. Will only log the HTTP request's headers. The request payload
+// will not be read.
+var LogHTTPRequestHeaderHandler = request.NamedHandler{
+	Name: "awssdk.client.LogRequestHeader",
+	Fn:   logRequestHeader,
+}
+
+func logRequestHeader(r *request.Request) {
+	if !r.Config.LogLevel.AtLeast(aws.LogDebug) || r.Config.Logger == nil {
+		return
+	}
+
+	b, err := httputil.DumpRequestOut(r.HTTPRequest, false)
+	if err != nil {
+		r.Config.Logger.Log(fmt.Sprintf(logReqErrMsg,
+			r.ClientInfo.ServiceName, r.Operation.Name, err))
+		return
+	}
+
+	r.Config.Logger.Log(fmt.Sprintf(logReqMsg,
+		r.ClientInfo.ServiceName, r.Operation.Name, string(b)))
+}
+
+const logRespMsg = `DEBUG: Response %s/%s Details:
+---[ RESPONSE ]--------------------------------------
+%s
+-----------------------------------------------------`
+
+const logRespErrMsg = `DEBUG ERROR: Response %s/%s:
+---[ RESPONSE DUMP ERROR ]-----------------------------
+%s
+-----------------------------------------------------`
+
+// LogHTTPResponseHandler is a SDK request handler to log the HTTP response
+// received from a service. Will include the HTTP response body if the LogLevel
+// of the request matches LogDebugWithHTTPBody.
+var LogHTTPResponseHandler = request.NamedHandler{
+	Name: "awssdk.client.LogResponse",
+	Fn:   logResponse,
+}
+
+func logResponse(r *request.Request) {
+	if !r.Config.LogLevel.AtLeast(aws.LogDebug) || r.Config.Logger == nil {
+		return
+	}
+
+	lw := &logWriter{r.Config.Logger, bytes.NewBuffer(nil)}
+
+	if r.HTTPResponse == nil {
+		lw.Logger.Log(fmt.Sprintf(logRespErrMsg,
+			r.ClientInfo.ServiceName, r.Operation.Name, "request's HTTPResponse is nil"))
+		return
+	}
+
+	logBody := r.Config.LogLevel.Matches(aws.LogDebugWithHTTPBody)
+	if logBody {
+		r.HTTPResponse.Body = &teeReaderCloser{
+			Reader: io.TeeReader(r.HTTPResponse.Body, lw),
+			Source: r.HTTPResponse.Body,
+		}
+	}
+
+	handlerFn := func(req *request.Request) {
+		b, err := httputil.DumpResponse(req.HTTPResponse, false)
+		if err != nil {
+			lw.Logger.Log(fmt.Sprintf(logRespErrMsg,
+				req.ClientInfo.ServiceName, req.Operation.Name, err))
+			return
+		}
+
+		lw.Logger.Log(fmt.Sprintf(logRespMsg,
+			req.ClientInfo.ServiceName, req.Operation.Name, string(b)))
+
+		if logBody {
+			b, err := ioutil.ReadAll(lw.buf)
+			if err != nil {
+				lw.Logger.Log(fmt.Sprintf(logRespErrMsg,
+					req.ClientInfo.ServiceName, req.Operation.Name, err))
+				return
+			}
+
+			lw.Logger.Log(string(b))
+		}
+	}
+
+	const handlerName = "awsdk.client.LogResponse.ResponseBody"
+
+	r.Handlers.Unmarshal.SetBackNamed(request.NamedHandler{
+		Name: handlerName, Fn: handlerFn,
+	})
+	r.Handlers.UnmarshalError.SetBackNamed(request.NamedHandler{
+		Name: handlerName, Fn: handlerFn,
+	})
+}
+
+// LogHTTPResponseHeaderHandler is a SDK request handler to log the HTTP
+// response received from a service. Will only log the HTTP response's headers.
+// The response payload will not be read.
+var LogHTTPResponseHeaderHandler = request.NamedHandler{
+	Name: "awssdk.client.LogResponseHeader",
+	Fn:   logResponseHeader,
+}
+
+func logResponseHeader(r *request.Request) {
+	if !r.Config.LogLevel.AtLeast(aws.LogDebug) || r.Config.Logger == nil {
+		return
+	}
+
+	b, err := httputil.DumpResponse(r.HTTPResponse, false)
+	if err != nil {
+		r.Config.Logger.Log(fmt.Sprintf(logRespErrMsg,
+			r.ClientInfo.ServiceName, r.Operation.Name, err))
+		return
+	}
+
+	r.Config.Logger.Log(fmt.Sprintf(logRespMsg,
+		r.ClientInfo.ServiceName, r.Operation.Name, string(b)))
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/client/metadata/client_info.go b/vendor/github.com/aws/aws-sdk-go/aws/client/metadata/client_info.go
new file mode 100644
index 000000000..a7530ebb3
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/client/metadata/client_info.go
@@ -0,0 +1,15 @@
+package metadata
+
+// ClientInfo wraps immutable data from the client.Client structure.
+type ClientInfo struct {
+	ServiceName    string
+	ServiceID      string
+	APIVersion     string
+	PartitionID    string
+	Endpoint       string
+	SigningName    string
+	SigningRegion  string
+	JSONVersion    string
+	TargetPrefix   string
+	ResolvedRegion string
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/client/no_op_retryer.go b/vendor/github.com/aws/aws-sdk-go/aws/client/no_op_retryer.go
new file mode 100644
index 000000000..881d575f0
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/client/no_op_retryer.go
@@ -0,0 +1,28 @@
+package client
+
+import (
+	"time"
+
+	"github.com/aws/aws-sdk-go/aws/request"
+)
+
+// NoOpRetryer provides a retryer that performs no retries.
+// It should be used when we do not want retries to be performed.
+type NoOpRetryer struct{}
+
+// MaxRetries returns the number of maximum returns the service will use to make
+// an individual API; For NoOpRetryer the MaxRetries will always be zero.
+func (d NoOpRetryer) MaxRetries() int {
+	return 0
+}
+
+// ShouldRetry will always return false for NoOpRetryer, as it should never retry.
+func (d NoOpRetryer) ShouldRetry(_ *request.Request) bool {
+	return false
+}
+
+// RetryRules returns the delay duration before retrying this request again;
+// since NoOpRetryer does not retry, RetryRules always returns 0.
+func (d NoOpRetryer) RetryRules(_ *request.Request) time.Duration {
+	return 0
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/config.go b/vendor/github.com/aws/aws-sdk-go/aws/config.go
new file mode 100644
index 000000000..776e31b21
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/config.go
@@ -0,0 +1,659 @@
+package aws
+
+import (
+	"net/http"
+	"time"
+
+	"github.com/aws/aws-sdk-go/aws/credentials"
+	"github.com/aws/aws-sdk-go/aws/endpoints"
+)
+
+// UseServiceDefaultRetries instructs the config to use the service's own
+// default number of retries. This will be the default action if
+// Config.MaxRetries is nil also.
+const UseServiceDefaultRetries = -1
+
+// RequestRetryer is an alias for a type that implements the request.Retryer
+// interface.
+type RequestRetryer interface{}
+
+// A Config provides service configuration for service clients. By default,
+// all clients will use the defaults.DefaultConfig structure.
+//
+//	// Create Session with MaxRetries configuration to be shared by multiple
+//	// service clients.
+//	sess := session.Must(session.NewSession(&aws.Config{
+//	    MaxRetries: aws.Int(3),
+//	}))
+//
+//	// Create S3 service client with a specific Region.
+//	svc := s3.New(sess, &aws.Config{
+//	    Region: aws.String("us-west-2"),
+//	})
+type Config struct {
+	// Enables verbose error printing of all credential chain errors.
+	// Should be used when wanting to see all errors while attempting to
+	// retrieve credentials.
+	CredentialsChainVerboseErrors *bool
+
+	// The credentials object to use when signing requests. Defaults to a
+	// chain of credential providers to search for credentials in environment
+	// variables, shared credential file, and EC2 Instance Roles.
+	Credentials *credentials.Credentials
+
+	// An optional endpoint URL (hostname only or fully qualified URI)
+	// that overrides the default generated endpoint for a client. Set this
+	// to `nil` or the value to `""` to use the default generated endpoint.
+	//
+	// Note: You must still provide a `Region` value when specifying an
+	// endpoint for a client.
+	Endpoint *string
+
+	// The resolver to use for looking up endpoints for AWS service clients
+	// to use based on region.
+	EndpointResolver endpoints.Resolver
+
+	// EnforceShouldRetryCheck is used in the AfterRetryHandler to always call
+	// ShouldRetry regardless of whether or not if request.Retryable is set.
+	// This will utilize ShouldRetry method of custom retryers. If EnforceShouldRetryCheck
+	// is not set, then ShouldRetry will only be called if request.Retryable is nil.
+	// Proper handling of the request.Retryable field is important when setting this field.
+	EnforceShouldRetryCheck *bool
+
+	// The region to send requests to. This parameter is required and must
+	// be configured globally or on a per-client basis unless otherwise
+	// noted. A full list of regions is found in the "Regions and Endpoints"
+	// document.
+	//
+	// See http://docs.aws.amazon.com/general/latest/gr/rande.html for AWS
+	// Regions and Endpoints.
+	Region *string
+
+	// Set this to `true` to disable SSL when sending requests. Defaults
+	// to `false`.
+	DisableSSL *bool
+
+	// The HTTP client to use when sending requests. Defaults to
+	// `http.DefaultClient`.
+	HTTPClient *http.Client
+
+	// An integer value representing the logging level. The default log level
+	// is zero (LogOff), which represents no logging. To enable logging set
+	// to a LogLevel Value.
+	LogLevel *LogLevelType
+
+	// The logger writer interface to write logging messages to. Defaults to
+	// standard out.
+	Logger Logger
+
+	// The maximum number of times that a request will be retried for failures.
+	// Defaults to -1, which defers the max retry setting to the service
+	// specific configuration.
+	MaxRetries *int
+
+	// Retryer guides how HTTP requests should be retried in case of
+	// recoverable failures.
+	//
+	// When nil or the value does not implement the request.Retryer interface,
+	// the client.DefaultRetryer will be used.
+	//
+	// When both Retryer and MaxRetries are non-nil, the former is used and
+	// the latter ignored.
+	//
+	// To set the Retryer field in a type-safe manner and with chaining, use
+	// the request.WithRetryer helper function:
+	//
+	//   cfg := request.WithRetryer(aws.NewConfig(), myRetryer)
+	//
+	Retryer RequestRetryer
+
+	// Disables semantic parameter validation, which validates input for
+	// missing required fields and/or other semantic request input errors.
+	DisableParamValidation *bool
+
+	// Disables the computation of request and response checksums, e.g.,
+	// CRC32 checksums in Amazon DynamoDB.
+	DisableComputeChecksums *bool
+
+	// Set this to `true` to force the request to use path-style addressing,
+	// i.e., `http://s3.amazonaws.com/BUCKET/KEY`. By default, the S3 client
+	// will use virtual hosted bucket addressing when possible
+	// (`http://BUCKET.s3.amazonaws.com/KEY`).
+	//
+	// Note: This configuration option is specific to the Amazon S3 service.
+	//
+	// See http://docs.aws.amazon.com/AmazonS3/latest/dev/VirtualHosting.html
+	// for Amazon S3: Virtual Hosting of Buckets
+	S3ForcePathStyle *bool
+
+	// Set this to `true` to disable the SDK adding the `Expect: 100-Continue`
+	// header to PUT requests over 2MB of content. 100-Continue instructs the
+	// HTTP client not to send the body until the service responds with a
+	// `continue` status. This is useful to prevent sending the request body
+	// until after the request is authenticated, and validated.
+	//
+	// http://docs.aws.amazon.com/AmazonS3/latest/API/RESTObjectPUT.html
+	//
+	// 100-Continue is only enabled for Go 1.6 and above. See `http.Transport`'s
+	// `ExpectContinueTimeout` for information on adjusting the continue wait
+	// timeout. https://golang.org/pkg/net/http/#Transport
+	//
+	// You should use this flag to disable 100-Continue if you experience issues
+	// with proxies or third party S3 compatible services.
+	S3Disable100Continue *bool
+
+	// Set this to `true` to enable S3 Accelerate feature. For all operations
+	// compatible with S3 Accelerate will use the accelerate endpoint for
+	// requests. Requests not compatible will fall back to normal S3 requests.
+	//
+	// The bucket must be enable for accelerate to be used with S3 client with
+	// accelerate enabled. If the bucket is not enabled for accelerate an error
+	// will be returned. The bucket name must be DNS compatible to also work
+	// with accelerate.
+	S3UseAccelerate *bool
+
+	// S3DisableContentMD5Validation config option is temporarily disabled,
+	// For S3 GetObject API calls, #1837.
+	//
+	// Set this to `true` to disable the S3 service client from automatically
+	// adding the ContentMD5 to S3 Object Put and Upload API calls. This option
+	// will also disable the SDK from performing object ContentMD5 validation
+	// on GetObject API calls.
+	S3DisableContentMD5Validation *bool
+
+	// Set this to `true` to have the S3 service client to use the region specified
+	// in the ARN, when an ARN is provided as an argument to a bucket parameter.
+	S3UseARNRegion *bool
+
+	// Set this to `true` to enable the SDK to unmarshal API response header maps to
+	// normalized lower case map keys.
+	//
+	// For example S3's X-Amz-Meta prefixed header will be unmarshaled to lower case
+	// Metadata member's map keys. The value of the header in the map is unaffected.
+	//
+	// The AWS SDK for Go v2, uses lower case header maps by default. The v1
+	// SDK provides this opt-in for this option, for backwards compatibility.
+	LowerCaseHeaderMaps *bool
+
+	// Set this to `true` to disable the EC2Metadata client from overriding the
+	// default http.Client's Timeout. This is helpful if you do not want the
+	// EC2Metadata client to create a new http.Client. This options is only
+	// meaningful if you're not already using a custom HTTP client with the
+	// SDK. Enabled by default.
+	//
+	// Must be set and provided to the session.NewSession() in order to disable
+	// the EC2Metadata overriding the timeout for default credentials chain.
+	//
+	// Example:
+	//    sess := session.Must(session.NewSession(aws.NewConfig()
+	//       .WithEC2MetadataDisableTimeoutOverride(true)))
+	//
+	//    svc := s3.New(sess)
+	//
+	EC2MetadataDisableTimeoutOverride *bool
+
+	// Set this to `false` to disable EC2Metadata client from falling back to IMDSv1.
+	// By default, EC2 role credentials will fall back to IMDSv1 as needed for backwards compatibility.
+	// You can disable this behavior by explicitly setting this flag to `false`. When false, the EC2Metadata
+	// client will return any errors encountered from attempting to fetch a token instead of silently
+	// using the insecure data flow of IMDSv1.
+	//
+	// Example:
+	//    sess := session.Must(session.NewSession(aws.NewConfig()
+	//       .WithEC2MetadataEnableFallback(false)))
+	//
+	//    svc := s3.New(sess)
+	//
+	// See [configuring IMDS] for more information.
+	//
+	// [configuring IMDS]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html
+	EC2MetadataEnableFallback *bool
+
+	// Instructs the endpoint to be generated for a service client to
+	// be the dual stack endpoint. The dual stack endpoint will support
+	// both IPv4 and IPv6 addressing.
+	//
+	// Setting this for a service which does not support dual stack will fail
+	// to make requests. It is not recommended to set this value on the session
+	// as it will apply to all service clients created with the session. Even
+	// services which don't support dual stack endpoints.
+	//
+	// If the Endpoint config value is also provided the UseDualStack flag
+	// will be ignored.
+	//
+	// Only supported with.
+	//
+	//     sess := session.Must(session.NewSession())
+	//
+	//     svc := s3.New(sess, &aws.Config{
+	//         UseDualStack: aws.Bool(true),
+	//     })
+	//
+	// Deprecated: This option will continue to function for S3 and S3 Control for backwards compatibility.
+	// UseDualStackEndpoint should be used to enable usage of a service's dual-stack endpoint for all service clients
+	// moving forward. For S3 and S3 Control, when UseDualStackEndpoint is set to a non-zero value it takes higher
+	// precedence then this option.
+	UseDualStack *bool
+
+	// Sets the resolver to resolve a dual-stack endpoint for the service.
+	UseDualStackEndpoint endpoints.DualStackEndpointState
+
+	// UseFIPSEndpoint specifies the resolver must resolve a FIPS endpoint.
+	UseFIPSEndpoint endpoints.FIPSEndpointState
+
+	// SleepDelay is an override for the func the SDK will call when sleeping
+	// during the lifecycle of a request. Specifically this will be used for
+	// request delays. This value should only be used for testing. To adjust
+	// the delay of a request see the aws/client.DefaultRetryer and
+	// aws/request.Retryer.
+	//
+	// SleepDelay will prevent any Context from being used for canceling retry
+	// delay of an API operation. It is recommended to not use SleepDelay at all
+	// and specify a Retryer instead.
+	SleepDelay func(time.Duration)
+
+	// DisableRestProtocolURICleaning will not clean the URL path when making rest protocol requests.
+	// Will default to false. This would only be used for empty directory names in s3 requests.
+	//
+	// Example:
+	//    sess := session.Must(session.NewSession(&aws.Config{
+	//         DisableRestProtocolURICleaning: aws.Bool(true),
+	//    }))
+	//
+	//    svc := s3.New(sess)
+	//    out, err := svc.GetObject(&s3.GetObjectInput {
+	//    	Bucket: aws.String("bucketname"),
+	//    	Key: aws.String("//foo//bar//moo"),
+	//    })
+	DisableRestProtocolURICleaning *bool
+
+	// EnableEndpointDiscovery will allow for endpoint discovery on operations that
+	// have the definition in its model. By default, endpoint discovery is off.
+	// To use EndpointDiscovery, Endpoint should be unset or set to an empty string.
+	//
+	// Example:
+	//    sess := session.Must(session.NewSession(&aws.Config{
+	//         EnableEndpointDiscovery: aws.Bool(true),
+	//    }))
+	//
+	//    svc := s3.New(sess)
+	//    out, err := svc.GetObject(&s3.GetObjectInput {
+	//    	Bucket: aws.String("bucketname"),
+	//    	Key: aws.String("/foo/bar/moo"),
+	//    })
+	EnableEndpointDiscovery *bool
+
+	// DisableEndpointHostPrefix will disable the SDK's behavior of prefixing
+	// request endpoint hosts with modeled information.
+	//
+	// Disabling this feature is useful when you want to use local endpoints
+	// for testing that do not support the modeled host prefix pattern.
+	DisableEndpointHostPrefix *bool
+
+	// STSRegionalEndpoint will enable regional or legacy endpoint resolving
+	STSRegionalEndpoint endpoints.STSRegionalEndpoint
+
+	// S3UsEast1RegionalEndpoint will enable regional or legacy endpoint resolving
+	S3UsEast1RegionalEndpoint endpoints.S3UsEast1RegionalEndpoint
+}
+
+// NewConfig returns a new Config pointer that can be chained with builder
+// methods to set multiple configuration values inline without using pointers.
+//
+//	// Create Session with MaxRetries configuration to be shared by multiple
+//	// service clients.
+//	sess := session.Must(session.NewSession(aws.NewConfig().
+//	    WithMaxRetries(3),
+//	))
+//
+//	// Create S3 service client with a specific Region.
+//	svc := s3.New(sess, aws.NewConfig().
+//	    WithRegion("us-west-2"),
+//	)
+func NewConfig() *Config {
+	return &Config{}
+}
+
+// WithCredentialsChainVerboseErrors sets a config verbose errors boolean and returning
+// a Config pointer.
+func (c *Config) WithCredentialsChainVerboseErrors(verboseErrs bool) *Config {
+	c.CredentialsChainVerboseErrors = &verboseErrs
+	return c
+}
+
+// WithCredentials sets a config Credentials value returning a Config pointer
+// for chaining.
+func (c *Config) WithCredentials(creds *credentials.Credentials) *Config {
+	c.Credentials = creds
+	return c
+}
+
+// WithEndpoint sets a config Endpoint value returning a Config pointer for
+// chaining.
+func (c *Config) WithEndpoint(endpoint string) *Config {
+	c.Endpoint = &endpoint
+	return c
+}
+
+// WithEndpointResolver sets a config EndpointResolver value returning a
+// Config pointer for chaining.
+func (c *Config) WithEndpointResolver(resolver endpoints.Resolver) *Config {
+	c.EndpointResolver = resolver
+	return c
+}
+
+// WithRegion sets a config Region value returning a Config pointer for
+// chaining.
+func (c *Config) WithRegion(region string) *Config {
+	c.Region = &region
+	return c
+}
+
+// WithDisableSSL sets a config DisableSSL value returning a Config pointer
+// for chaining.
+func (c *Config) WithDisableSSL(disable bool) *Config {
+	c.DisableSSL = &disable
+	return c
+}
+
+// WithHTTPClient sets a config HTTPClient value returning a Config pointer
+// for chaining.
+func (c *Config) WithHTTPClient(client *http.Client) *Config {
+	c.HTTPClient = client
+	return c
+}
+
+// WithMaxRetries sets a config MaxRetries value returning a Config pointer
+// for chaining.
+func (c *Config) WithMaxRetries(max int) *Config {
+	c.MaxRetries = &max
+	return c
+}
+
+// WithDisableParamValidation sets a config DisableParamValidation value
+// returning a Config pointer for chaining.
+func (c *Config) WithDisableParamValidation(disable bool) *Config {
+	c.DisableParamValidation = &disable
+	return c
+}
+
+// WithDisableComputeChecksums sets a config DisableComputeChecksums value
+// returning a Config pointer for chaining.
+func (c *Config) WithDisableComputeChecksums(disable bool) *Config {
+	c.DisableComputeChecksums = &disable
+	return c
+}
+
+// WithLogLevel sets a config LogLevel value returning a Config pointer for
+// chaining.
+func (c *Config) WithLogLevel(level LogLevelType) *Config {
+	c.LogLevel = &level
+	return c
+}
+
+// WithLogger sets a config Logger value returning a Config pointer for
+// chaining.
+func (c *Config) WithLogger(logger Logger) *Config {
+	c.Logger = logger
+	return c
+}
+
+// WithS3ForcePathStyle sets a config S3ForcePathStyle value returning a Config
+// pointer for chaining.
+func (c *Config) WithS3ForcePathStyle(force bool) *Config {
+	c.S3ForcePathStyle = &force
+	return c
+}
+
+// WithS3Disable100Continue sets a config S3Disable100Continue value returning
+// a Config pointer for chaining.
+func (c *Config) WithS3Disable100Continue(disable bool) *Config {
+	c.S3Disable100Continue = &disable
+	return c
+}
+
+// WithS3UseAccelerate sets a config S3UseAccelerate value returning a Config
+// pointer for chaining.
+func (c *Config) WithS3UseAccelerate(enable bool) *Config {
+	c.S3UseAccelerate = &enable
+	return c
+
+}
+
+// WithS3DisableContentMD5Validation sets a config
+// S3DisableContentMD5Validation value returning a Config pointer for chaining.
+func (c *Config) WithS3DisableContentMD5Validation(enable bool) *Config {
+	c.S3DisableContentMD5Validation = &enable
+	return c
+
+}
+
+// WithS3UseARNRegion sets a config S3UseARNRegion value and
+// returning a Config pointer for chaining
+func (c *Config) WithS3UseARNRegion(enable bool) *Config {
+	c.S3UseARNRegion = &enable
+	return c
+}
+
+// WithUseDualStack sets a config UseDualStack value returning a Config
+// pointer for chaining.
+func (c *Config) WithUseDualStack(enable bool) *Config {
+	c.UseDualStack = &enable
+	return c
+}
+
+// WithEC2MetadataDisableTimeoutOverride sets a config EC2MetadataDisableTimeoutOverride value
+// returning a Config pointer for chaining.
+func (c *Config) WithEC2MetadataDisableTimeoutOverride(enable bool) *Config {
+	c.EC2MetadataDisableTimeoutOverride = &enable
+	return c
+}
+
+// WithEC2MetadataEnableFallback sets a config EC2MetadataEnableFallback value
+// returning a Config pointer for chaining.
+func (c *Config) WithEC2MetadataEnableFallback(v bool) *Config {
+	c.EC2MetadataEnableFallback = &v
+	return c
+}
+
+// WithSleepDelay overrides the function used to sleep while waiting for the
+// next retry. Defaults to time.Sleep.
+func (c *Config) WithSleepDelay(fn func(time.Duration)) *Config {
+	c.SleepDelay = fn
+	return c
+}
+
+// WithEndpointDiscovery will set whether or not to use endpoint discovery.
+func (c *Config) WithEndpointDiscovery(t bool) *Config {
+	c.EnableEndpointDiscovery = &t
+	return c
+}
+
+// WithDisableEndpointHostPrefix will set whether or not to use modeled host prefix
+// when making requests.
+func (c *Config) WithDisableEndpointHostPrefix(t bool) *Config {
+	c.DisableEndpointHostPrefix = &t
+	return c
+}
+
+// WithSTSRegionalEndpoint will set whether or not to use regional endpoint flag
+// when resolving the endpoint for a service
+func (c *Config) WithSTSRegionalEndpoint(sre endpoints.STSRegionalEndpoint) *Config {
+	c.STSRegionalEndpoint = sre
+	return c
+}
+
+// WithS3UsEast1RegionalEndpoint will set whether or not to use regional endpoint flag
+// when resolving the endpoint for a service
+func (c *Config) WithS3UsEast1RegionalEndpoint(sre endpoints.S3UsEast1RegionalEndpoint) *Config {
+	c.S3UsEast1RegionalEndpoint = sre
+	return c
+}
+
+// WithLowerCaseHeaderMaps sets a config LowerCaseHeaderMaps value
+// returning a Config pointer for chaining.
+func (c *Config) WithLowerCaseHeaderMaps(t bool) *Config {
+	c.LowerCaseHeaderMaps = &t
+	return c
+}
+
+// WithDisableRestProtocolURICleaning sets a config DisableRestProtocolURICleaning value
+// returning a Config pointer for chaining.
+func (c *Config) WithDisableRestProtocolURICleaning(t bool) *Config {
+	c.DisableRestProtocolURICleaning = &t
+	return c
+}
+
+// MergeIn merges the passed in configs into the existing config object.
+func (c *Config) MergeIn(cfgs ...*Config) {
+	for _, other := range cfgs {
+		mergeInConfig(c, other)
+	}
+}
+
+func mergeInConfig(dst *Config, other *Config) {
+	if other == nil {
+		return
+	}
+
+	if other.CredentialsChainVerboseErrors != nil {
+		dst.CredentialsChainVerboseErrors = other.CredentialsChainVerboseErrors
+	}
+
+	if other.Credentials != nil {
+		dst.Credentials = other.Credentials
+	}
+
+	if other.Endpoint != nil {
+		dst.Endpoint = other.Endpoint
+	}
+
+	if other.EndpointResolver != nil {
+		dst.EndpointResolver = other.EndpointResolver
+	}
+
+	if other.Region != nil {
+		dst.Region = other.Region
+	}
+
+	if other.DisableSSL != nil {
+		dst.DisableSSL = other.DisableSSL
+	}
+
+	if other.HTTPClient != nil {
+		dst.HTTPClient = other.HTTPClient
+	}
+
+	if other.LogLevel != nil {
+		dst.LogLevel = other.LogLevel
+	}
+
+	if other.Logger != nil {
+		dst.Logger = other.Logger
+	}
+
+	if other.MaxRetries != nil {
+		dst.MaxRetries = other.MaxRetries
+	}
+
+	if other.Retryer != nil {
+		dst.Retryer = other.Retryer
+	}
+
+	if other.DisableParamValidation != nil {
+		dst.DisableParamValidation = other.DisableParamValidation
+	}
+
+	if other.DisableComputeChecksums != nil {
+		dst.DisableComputeChecksums = other.DisableComputeChecksums
+	}
+
+	if other.S3ForcePathStyle != nil {
+		dst.S3ForcePathStyle = other.S3ForcePathStyle
+	}
+
+	if other.S3Disable100Continue != nil {
+		dst.S3Disable100Continue = other.S3Disable100Continue
+	}
+
+	if other.S3UseAccelerate != nil {
+		dst.S3UseAccelerate = other.S3UseAccelerate
+	}
+
+	if other.S3DisableContentMD5Validation != nil {
+		dst.S3DisableContentMD5Validation = other.S3DisableContentMD5Validation
+	}
+
+	if other.S3UseARNRegion != nil {
+		dst.S3UseARNRegion = other.S3UseARNRegion
+	}
+
+	if other.UseDualStack != nil {
+		dst.UseDualStack = other.UseDualStack
+	}
+
+	if other.UseDualStackEndpoint != endpoints.DualStackEndpointStateUnset {
+		dst.UseDualStackEndpoint = other.UseDualStackEndpoint
+	}
+
+	if other.EC2MetadataDisableTimeoutOverride != nil {
+		dst.EC2MetadataDisableTimeoutOverride = other.EC2MetadataDisableTimeoutOverride
+	}
+
+	if other.EC2MetadataEnableFallback != nil {
+		dst.EC2MetadataEnableFallback = other.EC2MetadataEnableFallback
+	}
+
+	if other.SleepDelay != nil {
+		dst.SleepDelay = other.SleepDelay
+	}
+
+	if other.DisableRestProtocolURICleaning != nil {
+		dst.DisableRestProtocolURICleaning = other.DisableRestProtocolURICleaning
+	}
+
+	if other.EnforceShouldRetryCheck != nil {
+		dst.EnforceShouldRetryCheck = other.EnforceShouldRetryCheck
+	}
+
+	if other.EnableEndpointDiscovery != nil {
+		dst.EnableEndpointDiscovery = other.EnableEndpointDiscovery
+	}
+
+	if other.DisableEndpointHostPrefix != nil {
+		dst.DisableEndpointHostPrefix = other.DisableEndpointHostPrefix
+	}
+
+	if other.STSRegionalEndpoint != endpoints.UnsetSTSEndpoint {
+		dst.STSRegionalEndpoint = other.STSRegionalEndpoint
+	}
+
+	if other.S3UsEast1RegionalEndpoint != endpoints.UnsetS3UsEast1Endpoint {
+		dst.S3UsEast1RegionalEndpoint = other.S3UsEast1RegionalEndpoint
+	}
+
+	if other.LowerCaseHeaderMaps != nil {
+		dst.LowerCaseHeaderMaps = other.LowerCaseHeaderMaps
+	}
+
+	if other.UseDualStackEndpoint != endpoints.DualStackEndpointStateUnset {
+		dst.UseDualStackEndpoint = other.UseDualStackEndpoint
+	}
+
+	if other.UseFIPSEndpoint != endpoints.FIPSEndpointStateUnset {
+		dst.UseFIPSEndpoint = other.UseFIPSEndpoint
+	}
+}
+
+// Copy will return a shallow copy of the Config object. If any additional
+// configurations are provided they will be merged into the new config returned.
+func (c *Config) Copy(cfgs ...*Config) *Config {
+	dst := &Config{}
+	dst.MergeIn(c)
+
+	for _, cfg := range cfgs {
+		dst.MergeIn(cfg)
+	}
+
+	return dst
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/context_1_5.go b/vendor/github.com/aws/aws-sdk-go/aws/context_1_5.go
new file mode 100644
index 000000000..89aad2c67
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/context_1_5.go
@@ -0,0 +1,38 @@
+//go:build !go1.9
+// +build !go1.9
+
+package aws
+
+import "time"
+
+// Context is an copy of the Go v1.7 stdlib's context.Context interface.
+// It is represented as a SDK interface to enable you to use the "WithContext"
+// API methods with Go v1.6 and a Context type such as golang.org/x/net/context.
+//
+// See https://golang.org/pkg/context on how to use contexts.
+type Context interface {
+	// Deadline returns the time when work done on behalf of this context
+	// should be canceled. Deadline returns ok==false when no deadline is
+	// set. Successive calls to Deadline return the same results.
+	Deadline() (deadline time.Time, ok bool)
+
+	// Done returns a channel that's closed when work done on behalf of this
+	// context should be canceled. Done may return nil if this context can
+	// never be canceled. Successive calls to Done return the same value.
+	Done() <-chan struct{}
+
+	// Err returns a non-nil error value after Done is closed. Err returns
+	// Canceled if the context was canceled or DeadlineExceeded if the
+	// context's deadline passed. No other values for Err are defined.
+	// After Done is closed, successive calls to Err return the same value.
+	Err() error
+
+	// Value returns the value associated with this context for key, or nil
+	// if no value is associated with key. Successive calls to Value with
+	// the same key returns the same result.
+	//
+	// Use context values only for request-scoped data that transits
+	// processes and API boundaries, not for passing optional parameters to
+	// functions.
+	Value(key interface{}) interface{}
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/context_1_9.go b/vendor/github.com/aws/aws-sdk-go/aws/context_1_9.go
new file mode 100644
index 000000000..6ee9ddd18
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/context_1_9.go
@@ -0,0 +1,12 @@
+//go:build go1.9
+// +build go1.9
+
+package aws
+
+import "context"
+
+// Context is an alias of the Go stdlib's context.Context interface.
+// It can be used within the SDK's API operation "WithContext" methods.
+//
+// See https://golang.org/pkg/context on how to use contexts.
+type Context = context.Context
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/context_background_1_5.go b/vendor/github.com/aws/aws-sdk-go/aws/context_background_1_5.go
new file mode 100644
index 000000000..313218190
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/context_background_1_5.go
@@ -0,0 +1,23 @@
+//go:build !go1.7
+// +build !go1.7
+
+package aws
+
+import (
+	"github.com/aws/aws-sdk-go/internal/context"
+)
+
+// BackgroundContext returns a context that will never be canceled, has no
+// values, and no deadline. This context is used by the SDK to provide
+// backwards compatibility with non-context API operations and functionality.
+//
+// Go 1.6 and before:
+// This context function is equivalent to context.Background in the Go stdlib.
+//
+// Go 1.7 and later:
+// The context returned will be the value returned by context.Background()
+//
+// See https://golang.org/pkg/context for more information on Contexts.
+func BackgroundContext() Context {
+	return context.BackgroundCtx
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/context_background_1_7.go b/vendor/github.com/aws/aws-sdk-go/aws/context_background_1_7.go
new file mode 100644
index 000000000..9975d561b
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/context_background_1_7.go
@@ -0,0 +1,21 @@
+//go:build go1.7
+// +build go1.7
+
+package aws
+
+import "context"
+
+// BackgroundContext returns a context that will never be canceled, has no
+// values, and no deadline. This context is used by the SDK to provide
+// backwards compatibility with non-context API operations and functionality.
+//
+// Go 1.6 and before:
+// This context function is equivalent to context.Background in the Go stdlib.
+//
+// Go 1.7 and later:
+// The context returned will be the value returned by context.Background()
+//
+// See https://golang.org/pkg/context for more information on Contexts.
+func BackgroundContext() Context {
+	return context.Background()
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/context_sleep.go b/vendor/github.com/aws/aws-sdk-go/aws/context_sleep.go
new file mode 100644
index 000000000..304fd1561
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/context_sleep.go
@@ -0,0 +1,24 @@
+package aws
+
+import (
+	"time"
+)
+
+// SleepWithContext will wait for the timer duration to expire, or the context
+// is canceled. Which ever happens first. If the context is canceled the Context's
+// error will be returned.
+//
+// Expects Context to always return a non-nil error if the Done channel is closed.
+func SleepWithContext(ctx Context, dur time.Duration) error {
+	t := time.NewTimer(dur)
+	defer t.Stop()
+
+	select {
+	case <-t.C:
+		break
+	case <-ctx.Done():
+		return ctx.Err()
+	}
+
+	return nil
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/convert_types.go b/vendor/github.com/aws/aws-sdk-go/aws/convert_types.go
new file mode 100644
index 000000000..4e076c183
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/convert_types.go
@@ -0,0 +1,918 @@
+package aws
+
+import "time"
+
+// String returns a pointer to the string value passed in.
+func String(v string) *string {
+	return &v
+}
+
+// StringValue returns the value of the string pointer passed in or
+// "" if the pointer is nil.
+func StringValue(v *string) string {
+	if v != nil {
+		return *v
+	}
+	return ""
+}
+
+// StringSlice converts a slice of string values into a slice of
+// string pointers
+func StringSlice(src []string) []*string {
+	dst := make([]*string, len(src))
+	for i := 0; i < len(src); i++ {
+		dst[i] = &(src[i])
+	}
+	return dst
+}
+
+// StringValueSlice converts a slice of string pointers into a slice of
+// string values
+func StringValueSlice(src []*string) []string {
+	dst := make([]string, len(src))
+	for i := 0; i < len(src); i++ {
+		if src[i] != nil {
+			dst[i] = *(src[i])
+		}
+	}
+	return dst
+}
+
+// StringMap converts a string map of string values into a string
+// map of string pointers
+func StringMap(src map[string]string) map[string]*string {
+	dst := make(map[string]*string)
+	for k, val := range src {
+		v := val
+		dst[k] = &v
+	}
+	return dst
+}
+
+// StringValueMap converts a string map of string pointers into a string
+// map of string values
+func StringValueMap(src map[string]*string) map[string]string {
+	dst := make(map[string]string)
+	for k, val := range src {
+		if val != nil {
+			dst[k] = *val
+		}
+	}
+	return dst
+}
+
+// Bool returns a pointer to the bool value passed in.
+func Bool(v bool) *bool {
+	return &v
+}
+
+// BoolValue returns the value of the bool pointer passed in or
+// false if the pointer is nil.
+func BoolValue(v *bool) bool {
+	if v != nil {
+		return *v
+	}
+	return false
+}
+
+// BoolSlice converts a slice of bool values into a slice of
+// bool pointers
+func BoolSlice(src []bool) []*bool {
+	dst := make([]*bool, len(src))
+	for i := 0; i < len(src); i++ {
+		dst[i] = &(src[i])
+	}
+	return dst
+}
+
+// BoolValueSlice converts a slice of bool pointers into a slice of
+// bool values
+func BoolValueSlice(src []*bool) []bool {
+	dst := make([]bool, len(src))
+	for i := 0; i < len(src); i++ {
+		if src[i] != nil {
+			dst[i] = *(src[i])
+		}
+	}
+	return dst
+}
+
+// BoolMap converts a string map of bool values into a string
+// map of bool pointers
+func BoolMap(src map[string]bool) map[string]*bool {
+	dst := make(map[string]*bool)
+	for k, val := range src {
+		v := val
+		dst[k] = &v
+	}
+	return dst
+}
+
+// BoolValueMap converts a string map of bool pointers into a string
+// map of bool values
+func BoolValueMap(src map[string]*bool) map[string]bool {
+	dst := make(map[string]bool)
+	for k, val := range src {
+		if val != nil {
+			dst[k] = *val
+		}
+	}
+	return dst
+}
+
+// Int returns a pointer to the int value passed in.
+func Int(v int) *int {
+	return &v
+}
+
+// IntValue returns the value of the int pointer passed in or
+// 0 if the pointer is nil.
+func IntValue(v *int) int {
+	if v != nil {
+		return *v
+	}
+	return 0
+}
+
+// IntSlice converts a slice of int values into a slice of
+// int pointers
+func IntSlice(src []int) []*int {
+	dst := make([]*int, len(src))
+	for i := 0; i < len(src); i++ {
+		dst[i] = &(src[i])
+	}
+	return dst
+}
+
+// IntValueSlice converts a slice of int pointers into a slice of
+// int values
+func IntValueSlice(src []*int) []int {
+	dst := make([]int, len(src))
+	for i := 0; i < len(src); i++ {
+		if src[i] != nil {
+			dst[i] = *(src[i])
+		}
+	}
+	return dst
+}
+
+// IntMap converts a string map of int values into a string
+// map of int pointers
+func IntMap(src map[string]int) map[string]*int {
+	dst := make(map[string]*int)
+	for k, val := range src {
+		v := val
+		dst[k] = &v
+	}
+	return dst
+}
+
+// IntValueMap converts a string map of int pointers into a string
+// map of int values
+func IntValueMap(src map[string]*int) map[string]int {
+	dst := make(map[string]int)
+	for k, val := range src {
+		if val != nil {
+			dst[k] = *val
+		}
+	}
+	return dst
+}
+
+// Uint returns a pointer to the uint value passed in.
+func Uint(v uint) *uint {
+	return &v
+}
+
+// UintValue returns the value of the uint pointer passed in or
+// 0 if the pointer is nil.
+func UintValue(v *uint) uint {
+	if v != nil {
+		return *v
+	}
+	return 0
+}
+
+// UintSlice converts a slice of uint values uinto a slice of
+// uint pointers
+func UintSlice(src []uint) []*uint {
+	dst := make([]*uint, len(src))
+	for i := 0; i < len(src); i++ {
+		dst[i] = &(src[i])
+	}
+	return dst
+}
+
+// UintValueSlice converts a slice of uint pointers uinto a slice of
+// uint values
+func UintValueSlice(src []*uint) []uint {
+	dst := make([]uint, len(src))
+	for i := 0; i < len(src); i++ {
+		if src[i] != nil {
+			dst[i] = *(src[i])
+		}
+	}
+	return dst
+}
+
+// UintMap converts a string map of uint values uinto a string
+// map of uint pointers
+func UintMap(src map[string]uint) map[string]*uint {
+	dst := make(map[string]*uint)
+	for k, val := range src {
+		v := val
+		dst[k] = &v
+	}
+	return dst
+}
+
+// UintValueMap converts a string map of uint pointers uinto a string
+// map of uint values
+func UintValueMap(src map[string]*uint) map[string]uint {
+	dst := make(map[string]uint)
+	for k, val := range src {
+		if val != nil {
+			dst[k] = *val
+		}
+	}
+	return dst
+}
+
+// Int8 returns a pointer to the int8 value passed in.
+func Int8(v int8) *int8 {
+	return &v
+}
+
+// Int8Value returns the value of the int8 pointer passed in or
+// 0 if the pointer is nil.
+func Int8Value(v *int8) int8 {
+	if v != nil {
+		return *v
+	}
+	return 0
+}
+
+// Int8Slice converts a slice of int8 values into a slice of
+// int8 pointers
+func Int8Slice(src []int8) []*int8 {
+	dst := make([]*int8, len(src))
+	for i := 0; i < len(src); i++ {
+		dst[i] = &(src[i])
+	}
+	return dst
+}
+
+// Int8ValueSlice converts a slice of int8 pointers into a slice of
+// int8 values
+func Int8ValueSlice(src []*int8) []int8 {
+	dst := make([]int8, len(src))
+	for i := 0; i < len(src); i++ {
+		if src[i] != nil {
+			dst[i] = *(src[i])
+		}
+	}
+	return dst
+}
+
+// Int8Map converts a string map of int8 values into a string
+// map of int8 pointers
+func Int8Map(src map[string]int8) map[string]*int8 {
+	dst := make(map[string]*int8)
+	for k, val := range src {
+		v := val
+		dst[k] = &v
+	}
+	return dst
+}
+
+// Int8ValueMap converts a string map of int8 pointers into a string
+// map of int8 values
+func Int8ValueMap(src map[string]*int8) map[string]int8 {
+	dst := make(map[string]int8)
+	for k, val := range src {
+		if val != nil {
+			dst[k] = *val
+		}
+	}
+	return dst
+}
+
+// Int16 returns a pointer to the int16 value passed in.
+func Int16(v int16) *int16 {
+	return &v
+}
+
+// Int16Value returns the value of the int16 pointer passed in or
+// 0 if the pointer is nil.
+func Int16Value(v *int16) int16 {
+	if v != nil {
+		return *v
+	}
+	return 0
+}
+
+// Int16Slice converts a slice of int16 values into a slice of
+// int16 pointers
+func Int16Slice(src []int16) []*int16 {
+	dst := make([]*int16, len(src))
+	for i := 0; i < len(src); i++ {
+		dst[i] = &(src[i])
+	}
+	return dst
+}
+
+// Int16ValueSlice converts a slice of int16 pointers into a slice of
+// int16 values
+func Int16ValueSlice(src []*int16) []int16 {
+	dst := make([]int16, len(src))
+	for i := 0; i < len(src); i++ {
+		if src[i] != nil {
+			dst[i] = *(src[i])
+		}
+	}
+	return dst
+}
+
+// Int16Map converts a string map of int16 values into a string
+// map of int16 pointers
+func Int16Map(src map[string]int16) map[string]*int16 {
+	dst := make(map[string]*int16)
+	for k, val := range src {
+		v := val
+		dst[k] = &v
+	}
+	return dst
+}
+
+// Int16ValueMap converts a string map of int16 pointers into a string
+// map of int16 values
+func Int16ValueMap(src map[string]*int16) map[string]int16 {
+	dst := make(map[string]int16)
+	for k, val := range src {
+		if val != nil {
+			dst[k] = *val
+		}
+	}
+	return dst
+}
+
+// Int32 returns a pointer to the int32 value passed in.
+func Int32(v int32) *int32 {
+	return &v
+}
+
+// Int32Value returns the value of the int32 pointer passed in or
+// 0 if the pointer is nil.
+func Int32Value(v *int32) int32 {
+	if v != nil {
+		return *v
+	}
+	return 0
+}
+
+// Int32Slice converts a slice of int32 values into a slice of
+// int32 pointers
+func Int32Slice(src []int32) []*int32 {
+	dst := make([]*int32, len(src))
+	for i := 0; i < len(src); i++ {
+		dst[i] = &(src[i])
+	}
+	return dst
+}
+
+// Int32ValueSlice converts a slice of int32 pointers into a slice of
+// int32 values
+func Int32ValueSlice(src []*int32) []int32 {
+	dst := make([]int32, len(src))
+	for i := 0; i < len(src); i++ {
+		if src[i] != nil {
+			dst[i] = *(src[i])
+		}
+	}
+	return dst
+}
+
+// Int32Map converts a string map of int32 values into a string
+// map of int32 pointers
+func Int32Map(src map[string]int32) map[string]*int32 {
+	dst := make(map[string]*int32)
+	for k, val := range src {
+		v := val
+		dst[k] = &v
+	}
+	return dst
+}
+
+// Int32ValueMap converts a string map of int32 pointers into a string
+// map of int32 values
+func Int32ValueMap(src map[string]*int32) map[string]int32 {
+	dst := make(map[string]int32)
+	for k, val := range src {
+		if val != nil {
+			dst[k] = *val
+		}
+	}
+	return dst
+}
+
+// Int64 returns a pointer to the int64 value passed in.
+func Int64(v int64) *int64 {
+	return &v
+}
+
+// Int64Value returns the value of the int64 pointer passed in or
+// 0 if the pointer is nil.
+func Int64Value(v *int64) int64 {
+	if v != nil {
+		return *v
+	}
+	return 0
+}
+
+// Int64Slice converts a slice of int64 values into a slice of
+// int64 pointers
+func Int64Slice(src []int64) []*int64 {
+	dst := make([]*int64, len(src))
+	for i := 0; i < len(src); i++ {
+		dst[i] = &(src[i])
+	}
+	return dst
+}
+
+// Int64ValueSlice converts a slice of int64 pointers into a slice of
+// int64 values
+func Int64ValueSlice(src []*int64) []int64 {
+	dst := make([]int64, len(src))
+	for i := 0; i < len(src); i++ {
+		if src[i] != nil {
+			dst[i] = *(src[i])
+		}
+	}
+	return dst
+}
+
+// Int64Map converts a string map of int64 values into a string
+// map of int64 pointers
+func Int64Map(src map[string]int64) map[string]*int64 {
+	dst := make(map[string]*int64)
+	for k, val := range src {
+		v := val
+		dst[k] = &v
+	}
+	return dst
+}
+
+// Int64ValueMap converts a string map of int64 pointers into a string
+// map of int64 values
+func Int64ValueMap(src map[string]*int64) map[string]int64 {
+	dst := make(map[string]int64)
+	for k, val := range src {
+		if val != nil {
+			dst[k] = *val
+		}
+	}
+	return dst
+}
+
+// Uint8 returns a pointer to the uint8 value passed in.
+func Uint8(v uint8) *uint8 {
+	return &v
+}
+
+// Uint8Value returns the value of the uint8 pointer passed in or
+// 0 if the pointer is nil.
+func Uint8Value(v *uint8) uint8 {
+	if v != nil {
+		return *v
+	}
+	return 0
+}
+
+// Uint8Slice converts a slice of uint8 values into a slice of
+// uint8 pointers
+func Uint8Slice(src []uint8) []*uint8 {
+	dst := make([]*uint8, len(src))
+	for i := 0; i < len(src); i++ {
+		dst[i] = &(src[i])
+	}
+	return dst
+}
+
+// Uint8ValueSlice converts a slice of uint8 pointers into a slice of
+// uint8 values
+func Uint8ValueSlice(src []*uint8) []uint8 {
+	dst := make([]uint8, len(src))
+	for i := 0; i < len(src); i++ {
+		if src[i] != nil {
+			dst[i] = *(src[i])
+		}
+	}
+	return dst
+}
+
+// Uint8Map converts a string map of uint8 values into a string
+// map of uint8 pointers
+func Uint8Map(src map[string]uint8) map[string]*uint8 {
+	dst := make(map[string]*uint8)
+	for k, val := range src {
+		v := val
+		dst[k] = &v
+	}
+	return dst
+}
+
+// Uint8ValueMap converts a string map of uint8 pointers into a string
+// map of uint8 values
+func Uint8ValueMap(src map[string]*uint8) map[string]uint8 {
+	dst := make(map[string]uint8)
+	for k, val := range src {
+		if val != nil {
+			dst[k] = *val
+		}
+	}
+	return dst
+}
+
+// Uint16 returns a pointer to the uint16 value passed in.
+func Uint16(v uint16) *uint16 {
+	return &v
+}
+
+// Uint16Value returns the value of the uint16 pointer passed in or
+// 0 if the pointer is nil.
+func Uint16Value(v *uint16) uint16 {
+	if v != nil {
+		return *v
+	}
+	return 0
+}
+
+// Uint16Slice converts a slice of uint16 values into a slice of
+// uint16 pointers
+func Uint16Slice(src []uint16) []*uint16 {
+	dst := make([]*uint16, len(src))
+	for i := 0; i < len(src); i++ {
+		dst[i] = &(src[i])
+	}
+	return dst
+}
+
+// Uint16ValueSlice converts a slice of uint16 pointers into a slice of
+// uint16 values
+func Uint16ValueSlice(src []*uint16) []uint16 {
+	dst := make([]uint16, len(src))
+	for i := 0; i < len(src); i++ {
+		if src[i] != nil {
+			dst[i] = *(src[i])
+		}
+	}
+	return dst
+}
+
+// Uint16Map converts a string map of uint16 values into a string
+// map of uint16 pointers
+func Uint16Map(src map[string]uint16) map[string]*uint16 {
+	dst := make(map[string]*uint16)
+	for k, val := range src {
+		v := val
+		dst[k] = &v
+	}
+	return dst
+}
+
+// Uint16ValueMap converts a string map of uint16 pointers into a string
+// map of uint16 values
+func Uint16ValueMap(src map[string]*uint16) map[string]uint16 {
+	dst := make(map[string]uint16)
+	for k, val := range src {
+		if val != nil {
+			dst[k] = *val
+		}
+	}
+	return dst
+}
+
+// Uint32 returns a pointer to the uint32 value passed in.
+func Uint32(v uint32) *uint32 {
+	return &v
+}
+
+// Uint32Value returns the value of the uint32 pointer passed in or
+// 0 if the pointer is nil.
+func Uint32Value(v *uint32) uint32 {
+	if v != nil {
+		return *v
+	}
+	return 0
+}
+
+// Uint32Slice converts a slice of uint32 values into a slice of
+// uint32 pointers
+func Uint32Slice(src []uint32) []*uint32 {
+	dst := make([]*uint32, len(src))
+	for i := 0; i < len(src); i++ {
+		dst[i] = &(src[i])
+	}
+	return dst
+}
+
+// Uint32ValueSlice converts a slice of uint32 pointers into a slice of
+// uint32 values
+func Uint32ValueSlice(src []*uint32) []uint32 {
+	dst := make([]uint32, len(src))
+	for i := 0; i < len(src); i++ {
+		if src[i] != nil {
+			dst[i] = *(src[i])
+		}
+	}
+	return dst
+}
+
+// Uint32Map converts a string map of uint32 values into a string
+// map of uint32 pointers
+func Uint32Map(src map[string]uint32) map[string]*uint32 {
+	dst := make(map[string]*uint32)
+	for k, val := range src {
+		v := val
+		dst[k] = &v
+	}
+	return dst
+}
+
+// Uint32ValueMap converts a string map of uint32 pointers into a string
+// map of uint32 values
+func Uint32ValueMap(src map[string]*uint32) map[string]uint32 {
+	dst := make(map[string]uint32)
+	for k, val := range src {
+		if val != nil {
+			dst[k] = *val
+		}
+	}
+	return dst
+}
+
+// Uint64 returns a pointer to the uint64 value passed in.
+func Uint64(v uint64) *uint64 {
+	return &v
+}
+
+// Uint64Value returns the value of the uint64 pointer passed in or
+// 0 if the pointer is nil.
+func Uint64Value(v *uint64) uint64 {
+	if v != nil {
+		return *v
+	}
+	return 0
+}
+
+// Uint64Slice converts a slice of uint64 values into a slice of
+// uint64 pointers
+func Uint64Slice(src []uint64) []*uint64 {
+	dst := make([]*uint64, len(src))
+	for i := 0; i < len(src); i++ {
+		dst[i] = &(src[i])
+	}
+	return dst
+}
+
+// Uint64ValueSlice converts a slice of uint64 pointers into a slice of
+// uint64 values
+func Uint64ValueSlice(src []*uint64) []uint64 {
+	dst := make([]uint64, len(src))
+	for i := 0; i < len(src); i++ {
+		if src[i] != nil {
+			dst[i] = *(src[i])
+		}
+	}
+	return dst
+}
+
+// Uint64Map converts a string map of uint64 values into a string
+// map of uint64 pointers
+func Uint64Map(src map[string]uint64) map[string]*uint64 {
+	dst := make(map[string]*uint64)
+	for k, val := range src {
+		v := val
+		dst[k] = &v
+	}
+	return dst
+}
+
+// Uint64ValueMap converts a string map of uint64 pointers into a string
+// map of uint64 values
+func Uint64ValueMap(src map[string]*uint64) map[string]uint64 {
+	dst := make(map[string]uint64)
+	for k, val := range src {
+		if val != nil {
+			dst[k] = *val
+		}
+	}
+	return dst
+}
+
+// Float32 returns a pointer to the float32 value passed in.
+func Float32(v float32) *float32 {
+	return &v
+}
+
+// Float32Value returns the value of the float32 pointer passed in or
+// 0 if the pointer is nil.
+func Float32Value(v *float32) float32 {
+	if v != nil {
+		return *v
+	}
+	return 0
+}
+
+// Float32Slice converts a slice of float32 values into a slice of
+// float32 pointers
+func Float32Slice(src []float32) []*float32 {
+	dst := make([]*float32, len(src))
+	for i := 0; i < len(src); i++ {
+		dst[i] = &(src[i])
+	}
+	return dst
+}
+
+// Float32ValueSlice converts a slice of float32 pointers into a slice of
+// float32 values
+func Float32ValueSlice(src []*float32) []float32 {
+	dst := make([]float32, len(src))
+	for i := 0; i < len(src); i++ {
+		if src[i] != nil {
+			dst[i] = *(src[i])
+		}
+	}
+	return dst
+}
+
+// Float32Map converts a string map of float32 values into a string
+// map of float32 pointers
+func Float32Map(src map[string]float32) map[string]*float32 {
+	dst := make(map[string]*float32)
+	for k, val := range src {
+		v := val
+		dst[k] = &v
+	}
+	return dst
+}
+
+// Float32ValueMap converts a string map of float32 pointers into a string
+// map of float32 values
+func Float32ValueMap(src map[string]*float32) map[string]float32 {
+	dst := make(map[string]float32)
+	for k, val := range src {
+		if val != nil {
+			dst[k] = *val
+		}
+	}
+	return dst
+}
+
+// Float64 returns a pointer to the float64 value passed in.
+func Float64(v float64) *float64 {
+	return &v
+}
+
+// Float64Value returns the value of the float64 pointer passed in or
+// 0 if the pointer is nil.
+func Float64Value(v *float64) float64 {
+	if v != nil {
+		return *v
+	}
+	return 0
+}
+
+// Float64Slice converts a slice of float64 values into a slice of
+// float64 pointers
+func Float64Slice(src []float64) []*float64 {
+	dst := make([]*float64, len(src))
+	for i := 0; i < len(src); i++ {
+		dst[i] = &(src[i])
+	}
+	return dst
+}
+
+// Float64ValueSlice converts a slice of float64 pointers into a slice of
+// float64 values
+func Float64ValueSlice(src []*float64) []float64 {
+	dst := make([]float64, len(src))
+	for i := 0; i < len(src); i++ {
+		if src[i] != nil {
+			dst[i] = *(src[i])
+		}
+	}
+	return dst
+}
+
+// Float64Map converts a string map of float64 values into a string
+// map of float64 pointers
+func Float64Map(src map[string]float64) map[string]*float64 {
+	dst := make(map[string]*float64)
+	for k, val := range src {
+		v := val
+		dst[k] = &v
+	}
+	return dst
+}
+
+// Float64ValueMap converts a string map of float64 pointers into a string
+// map of float64 values
+func Float64ValueMap(src map[string]*float64) map[string]float64 {
+	dst := make(map[string]float64)
+	for k, val := range src {
+		if val != nil {
+			dst[k] = *val
+		}
+	}
+	return dst
+}
+
+// Time returns a pointer to the time.Time value passed in.
+func Time(v time.Time) *time.Time {
+	return &v
+}
+
+// TimeValue returns the value of the time.Time pointer passed in or
+// time.Time{} if the pointer is nil.
+func TimeValue(v *time.Time) time.Time {
+	if v != nil {
+		return *v
+	}
+	return time.Time{}
+}
+
+// SecondsTimeValue converts an int64 pointer to a time.Time value
+// representing seconds since Epoch or time.Time{} if the pointer is nil.
+func SecondsTimeValue(v *int64) time.Time {
+	if v != nil {
+		return time.Unix((*v / 1000), 0)
+	}
+	return time.Time{}
+}
+
+// MillisecondsTimeValue converts an int64 pointer to a time.Time value
+// representing milliseconds sinch Epoch or time.Time{} if the pointer is nil.
+func MillisecondsTimeValue(v *int64) time.Time {
+	if v != nil {
+		return time.Unix(0, (*v * 1000000))
+	}
+	return time.Time{}
+}
+
+// TimeUnixMilli returns a Unix timestamp in milliseconds from "January 1, 1970 UTC".
+// The result is undefined if the Unix time cannot be represented by an int64.
+// Which includes calling TimeUnixMilli on a zero Time is undefined.
+//
+// This utility is useful for service API's such as CloudWatch Logs which require
+// their unix time values to be in milliseconds.
+//
+// See Go stdlib https://golang.org/pkg/time/#Time.UnixNano for more information.
+func TimeUnixMilli(t time.Time) int64 {
+	return t.UnixNano() / int64(time.Millisecond/time.Nanosecond)
+}
+
+// TimeSlice converts a slice of time.Time values into a slice of
+// time.Time pointers
+func TimeSlice(src []time.Time) []*time.Time {
+	dst := make([]*time.Time, len(src))
+	for i := 0; i < len(src); i++ {
+		dst[i] = &(src[i])
+	}
+	return dst
+}
+
+// TimeValueSlice converts a slice of time.Time pointers into a slice of
+// time.Time values
+func TimeValueSlice(src []*time.Time) []time.Time {
+	dst := make([]time.Time, len(src))
+	for i := 0; i < len(src); i++ {
+		if src[i] != nil {
+			dst[i] = *(src[i])
+		}
+	}
+	return dst
+}
+
+// TimeMap converts a string map of time.Time values into a string
+// map of time.Time pointers
+func TimeMap(src map[string]time.Time) map[string]*time.Time {
+	dst := make(map[string]*time.Time)
+	for k, val := range src {
+		v := val
+		dst[k] = &v
+	}
+	return dst
+}
+
+// TimeValueMap converts a string map of time.Time pointers into a string
+// map of time.Time values
+func TimeValueMap(src map[string]*time.Time) map[string]time.Time {
+	dst := make(map[string]time.Time)
+	for k, val := range src {
+		if val != nil {
+			dst[k] = *val
+		}
+	}
+	return dst
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/corehandlers/handlers.go b/vendor/github.com/aws/aws-sdk-go/aws/corehandlers/handlers.go
new file mode 100644
index 000000000..36a915efe
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/corehandlers/handlers.go
@@ -0,0 +1,232 @@
+package corehandlers
+
+import (
+	"bytes"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"net/url"
+	"regexp"
+	"strconv"
+	"time"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/awserr"
+	"github.com/aws/aws-sdk-go/aws/credentials"
+	"github.com/aws/aws-sdk-go/aws/request"
+)
+
+// Interface for matching types which also have a Len method.
+type lener interface {
+	Len() int
+}
+
+// BuildContentLengthHandler builds the content length of a request based on the body,
+// or will use the HTTPRequest.Header's "Content-Length" if defined. If unable
+// to determine request body length and no "Content-Length" was specified it will panic.
+//
+// The Content-Length will only be added to the request if the length of the body
+// is greater than 0. If the body is empty or the current `Content-Length`
+// header is <= 0, the header will also be stripped.
+var BuildContentLengthHandler = request.NamedHandler{Name: "core.BuildContentLengthHandler", Fn: func(r *request.Request) {
+	var length int64
+
+	if slength := r.HTTPRequest.Header.Get("Content-Length"); slength != "" {
+		length, _ = strconv.ParseInt(slength, 10, 64)
+	} else {
+		if r.Body != nil {
+			var err error
+			length, err = aws.SeekerLen(r.Body)
+			if err != nil {
+				r.Error = awserr.New(request.ErrCodeSerialization, "failed to get request body's length", err)
+				return
+			}
+		}
+	}
+
+	if length > 0 {
+		r.HTTPRequest.ContentLength = length
+		r.HTTPRequest.Header.Set("Content-Length", fmt.Sprintf("%d", length))
+	} else {
+		r.HTTPRequest.ContentLength = 0
+		r.HTTPRequest.Header.Del("Content-Length")
+	}
+}}
+
+var reStatusCode = regexp.MustCompile(`^(\d{3})`)
+
+// ValidateReqSigHandler is a request handler to ensure that the request's
+// signature doesn't expire before it is sent. This can happen when a request
+// is built and signed significantly before it is sent. Or significant delays
+// occur when retrying requests that would cause the signature to expire.
+var ValidateReqSigHandler = request.NamedHandler{
+	Name: "core.ValidateReqSigHandler",
+	Fn: func(r *request.Request) {
+		// Unsigned requests are not signed
+		if r.Config.Credentials == credentials.AnonymousCredentials {
+			return
+		}
+
+		signedTime := r.Time
+		if !r.LastSignedAt.IsZero() {
+			signedTime = r.LastSignedAt
+		}
+
+		// 5 minutes to allow for some clock skew/delays in transmission.
+		// Would be improved with aws/aws-sdk-go#423
+		if signedTime.Add(5 * time.Minute).After(time.Now()) {
+			return
+		}
+
+		fmt.Println("request expired, resigning")
+		r.Sign()
+	},
+}
+
+// SendHandler is a request handler to send service request using HTTP client.
+var SendHandler = request.NamedHandler{
+	Name: "core.SendHandler",
+	Fn: func(r *request.Request) {
+		sender := sendFollowRedirects
+		if r.DisableFollowRedirects {
+			sender = sendWithoutFollowRedirects
+		}
+
+		if request.NoBody == r.HTTPRequest.Body {
+			// Strip off the request body if the NoBody reader was used as a
+			// place holder for a request body. This prevents the SDK from
+			// making requests with a request body when it would be invalid
+			// to do so.
+			//
+			// Use a shallow copy of the http.Request to ensure the race condition
+			// of transport on Body will not trigger
+			reqOrig, reqCopy := r.HTTPRequest, *r.HTTPRequest
+			reqCopy.Body = nil
+			r.HTTPRequest = &reqCopy
+			defer func() {
+				r.HTTPRequest = reqOrig
+			}()
+		}
+
+		var err error
+		r.HTTPResponse, err = sender(r)
+		if err != nil {
+			handleSendError(r, err)
+		}
+	},
+}
+
+func sendFollowRedirects(r *request.Request) (*http.Response, error) {
+	return r.Config.HTTPClient.Do(r.HTTPRequest)
+}
+
+func sendWithoutFollowRedirects(r *request.Request) (*http.Response, error) {
+	transport := r.Config.HTTPClient.Transport
+	if transport == nil {
+		transport = http.DefaultTransport
+	}
+
+	return transport.RoundTrip(r.HTTPRequest)
+}
+
+func handleSendError(r *request.Request, err error) {
+	// Prevent leaking if an HTTPResponse was returned. Clean up
+	// the body.
+	if r.HTTPResponse != nil {
+		r.HTTPResponse.Body.Close()
+	}
+	// Capture the case where url.Error is returned for error processing
+	// response. e.g. 301 without location header comes back as string
+	// error and r.HTTPResponse is nil. Other URL redirect errors will
+	// comeback in a similar method.
+	if e, ok := err.(*url.Error); ok && e.Err != nil {
+		if s := reStatusCode.FindStringSubmatch(e.Err.Error()); s != nil {
+			code, _ := strconv.ParseInt(s[1], 10, 64)
+			r.HTTPResponse = &http.Response{
+				StatusCode: int(code),
+				Status:     http.StatusText(int(code)),
+				Body:       ioutil.NopCloser(bytes.NewReader([]byte{})),
+			}
+			return
+		}
+	}
+	if r.HTTPResponse == nil {
+		// Add a dummy request response object to ensure the HTTPResponse
+		// value is consistent.
+		r.HTTPResponse = &http.Response{
+			StatusCode: int(0),
+			Status:     http.StatusText(int(0)),
+			Body:       ioutil.NopCloser(bytes.NewReader([]byte{})),
+		}
+	}
+	// Catch all request errors, and let the default retrier determine
+	// if the error is retryable.
+	r.Error = awserr.New(request.ErrCodeRequestError, "send request failed", err)
+
+	// Override the error with a context canceled error, if that was canceled.
+	ctx := r.Context()
+	select {
+	case <-ctx.Done():
+		r.Error = awserr.New(request.CanceledErrorCode,
+			"request context canceled", ctx.Err())
+		r.Retryable = aws.Bool(false)
+	default:
+	}
+}
+
+// ValidateResponseHandler is a request handler to validate service response.
+var ValidateResponseHandler = request.NamedHandler{Name: "core.ValidateResponseHandler", Fn: func(r *request.Request) {
+	if r.HTTPResponse.StatusCode == 0 || r.HTTPResponse.StatusCode >= 300 {
+		// this may be replaced by an UnmarshalError handler
+		r.Error = awserr.New("UnknownError", "unknown error", r.Error)
+	}
+}}
+
+// AfterRetryHandler performs final checks to determine if the request should
+// be retried and how long to delay.
+var AfterRetryHandler = request.NamedHandler{
+	Name: "core.AfterRetryHandler",
+	Fn: func(r *request.Request) {
+		// If one of the other handlers already set the retry state
+		// we don't want to override it based on the service's state
+		if r.Retryable == nil || aws.BoolValue(r.Config.EnforceShouldRetryCheck) {
+			r.Retryable = aws.Bool(r.ShouldRetry(r))
+		}
+
+		if r.WillRetry() {
+			r.RetryDelay = r.RetryRules(r)
+
+			if sleepFn := r.Config.SleepDelay; sleepFn != nil {
+				// Support SleepDelay for backwards compatibility and testing
+				sleepFn(r.RetryDelay)
+			} else if err := aws.SleepWithContext(r.Context(), r.RetryDelay); err != nil {
+				r.Error = awserr.New(request.CanceledErrorCode,
+					"request context canceled", err)
+				r.Retryable = aws.Bool(false)
+				return
+			}
+
+			// when the expired token exception occurs the credentials
+			// need to be expired locally so that the next request to
+			// get credentials will trigger a credentials refresh.
+			if r.IsErrorExpired() {
+				r.Config.Credentials.Expire()
+			}
+
+			r.RetryCount++
+			r.Error = nil
+		}
+	}}
+
+// ValidateEndpointHandler is a request handler to validate a request had the
+// appropriate Region and Endpoint set. Will set r.Error if the endpoint or
+// region is not valid.
+var ValidateEndpointHandler = request.NamedHandler{Name: "core.ValidateEndpointHandler", Fn: func(r *request.Request) {
+	if r.ClientInfo.SigningRegion == "" && aws.StringValue(r.Config.Region) == "" {
+		r.Error = aws.ErrMissingRegion
+	} else if r.ClientInfo.Endpoint == "" {
+		// Was any endpoint provided by the user, or one was derived by the
+		// SDK's endpoint resolver?
+		r.Error = aws.ErrMissingEndpoint
+	}
+}}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/corehandlers/param_validator.go b/vendor/github.com/aws/aws-sdk-go/aws/corehandlers/param_validator.go
new file mode 100644
index 000000000..7d50b1557
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/corehandlers/param_validator.go
@@ -0,0 +1,17 @@
+package corehandlers
+
+import "github.com/aws/aws-sdk-go/aws/request"
+
+// ValidateParametersHandler is a request handler to validate the input parameters.
+// Validating parameters only has meaning if done prior to the request being sent.
+var ValidateParametersHandler = request.NamedHandler{Name: "core.ValidateParametersHandler", Fn: func(r *request.Request) {
+	if !r.ParamsFilled() {
+		return
+	}
+
+	if v, ok := r.Params.(request.Validator); ok {
+		if err := v.Validate(); err != nil {
+			r.Error = err
+		}
+	}
+}}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/corehandlers/user_agent.go b/vendor/github.com/aws/aws-sdk-go/aws/corehandlers/user_agent.go
new file mode 100644
index 000000000..ab69c7a6f
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/corehandlers/user_agent.go
@@ -0,0 +1,37 @@
+package corehandlers
+
+import (
+	"os"
+	"runtime"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/request"
+)
+
+// SDKVersionUserAgentHandler is a request handler for adding the SDK Version
+// to the user agent.
+var SDKVersionUserAgentHandler = request.NamedHandler{
+	Name: "core.SDKVersionUserAgentHandler",
+	Fn: request.MakeAddToUserAgentHandler(aws.SDKName, aws.SDKVersion,
+		runtime.Version(), runtime.GOOS, runtime.GOARCH),
+}
+
+const execEnvVar = `AWS_EXECUTION_ENV`
+const execEnvUAKey = `exec-env`
+
+// AddHostExecEnvUserAgentHander is a request handler appending the SDK's
+// execution environment to the user agent.
+//
+// If the environment variable AWS_EXECUTION_ENV is set, its value will be
+// appended to the user agent string.
+var AddHostExecEnvUserAgentHander = request.NamedHandler{
+	Name: "core.AddHostExecEnvUserAgentHander",
+	Fn: func(r *request.Request) {
+		v := os.Getenv(execEnvVar)
+		if len(v) == 0 {
+			return
+		}
+
+		request.AddToUserAgent(r, execEnvUAKey+"/"+v)
+	},
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/chain_provider.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/chain_provider.go
new file mode 100644
index 000000000..3ad1e798d
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/chain_provider.go
@@ -0,0 +1,100 @@
+package credentials
+
+import (
+	"github.com/aws/aws-sdk-go/aws/awserr"
+)
+
+var (
+	// ErrNoValidProvidersFoundInChain Is returned when there are no valid
+	// providers in the ChainProvider.
+	//
+	// This has been deprecated. For verbose error messaging set
+	// aws.Config.CredentialsChainVerboseErrors to true.
+	ErrNoValidProvidersFoundInChain = awserr.New("NoCredentialProviders",
+		`no valid providers in chain. Deprecated.
+	For verbose messaging see aws.Config.CredentialsChainVerboseErrors`,
+		nil)
+)
+
+// A ChainProvider will search for a provider which returns credentials
+// and cache that provider until Retrieve is called again.
+//
+// The ChainProvider provides a way of chaining multiple providers together
+// which will pick the first available using priority order of the Providers
+// in the list.
+//
+// If none of the Providers retrieve valid credentials Value, ChainProvider's
+// Retrieve() will return the error ErrNoValidProvidersFoundInChain.
+//
+// If a Provider is found which returns valid credentials Value ChainProvider
+// will cache that Provider for all calls to IsExpired(), until Retrieve is
+// called again.
+//
+// Example of ChainProvider to be used with an EnvProvider and EC2RoleProvider.
+// In this example EnvProvider will first check if any credentials are available
+// via the environment variables. If there are none ChainProvider will check
+// the next Provider in the list, EC2RoleProvider in this case. If EC2RoleProvider
+// does not return any credentials ChainProvider will return the error
+// ErrNoValidProvidersFoundInChain
+//
+//     creds := credentials.NewChainCredentials(
+//         []credentials.Provider{
+//             &credentials.EnvProvider{},
+//             &ec2rolecreds.EC2RoleProvider{
+//                 Client: ec2metadata.New(sess),
+//             },
+//         })
+//
+//     // Usage of ChainCredentials with aws.Config
+//     svc := ec2.New(session.Must(session.NewSession(&aws.Config{
+//       Credentials: creds,
+//     })))
+//
+type ChainProvider struct {
+	Providers     []Provider
+	curr          Provider
+	VerboseErrors bool
+}
+
+// NewChainCredentials returns a pointer to a new Credentials object
+// wrapping a chain of providers.
+func NewChainCredentials(providers []Provider) *Credentials {
+	return NewCredentials(&ChainProvider{
+		Providers: append([]Provider{}, providers...),
+	})
+}
+
+// Retrieve returns the credentials value or error if no provider returned
+// without error.
+//
+// If a provider is found it will be cached and any calls to IsExpired()
+// will return the expired state of the cached provider.
+func (c *ChainProvider) Retrieve() (Value, error) {
+	var errs []error
+	for _, p := range c.Providers {
+		creds, err := p.Retrieve()
+		if err == nil {
+			c.curr = p
+			return creds, nil
+		}
+		errs = append(errs, err)
+	}
+	c.curr = nil
+
+	var err error
+	err = ErrNoValidProvidersFoundInChain
+	if c.VerboseErrors {
+		err = awserr.NewBatchError("NoCredentialProviders", "no valid providers in chain", errs)
+	}
+	return Value{}, err
+}
+
+// IsExpired will returned the expired state of the currently cached provider
+// if there is one.  If there is no current provider, true will be returned.
+func (c *ChainProvider) IsExpired() bool {
+	if c.curr != nil {
+		return c.curr.IsExpired()
+	}
+
+	return true
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/context_background_go1.5.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/context_background_go1.5.go
new file mode 100644
index 000000000..6e3406b1f
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/context_background_go1.5.go
@@ -0,0 +1,23 @@
+//go:build !go1.7
+// +build !go1.7
+
+package credentials
+
+import (
+	"github.com/aws/aws-sdk-go/internal/context"
+)
+
+// backgroundContext returns a context that will never be canceled, has no
+// values, and no deadline. This context is used by the SDK to provide
+// backwards compatibility with non-context API operations and functionality.
+//
+// Go 1.6 and before:
+// This context function is equivalent to context.Background in the Go stdlib.
+//
+// Go 1.7 and later:
+// The context returned will be the value returned by context.Background()
+//
+// See https://golang.org/pkg/context for more information on Contexts.
+func backgroundContext() Context {
+	return context.BackgroundCtx
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/context_background_go1.7.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/context_background_go1.7.go
new file mode 100644
index 000000000..a68df0ee7
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/context_background_go1.7.go
@@ -0,0 +1,21 @@
+//go:build go1.7
+// +build go1.7
+
+package credentials
+
+import "context"
+
+// backgroundContext returns a context that will never be canceled, has no
+// values, and no deadline. This context is used by the SDK to provide
+// backwards compatibility with non-context API operations and functionality.
+//
+// Go 1.6 and before:
+// This context function is equivalent to context.Background in the Go stdlib.
+//
+// Go 1.7 and later:
+// The context returned will be the value returned by context.Background()
+//
+// See https://golang.org/pkg/context for more information on Contexts.
+func backgroundContext() Context {
+	return context.Background()
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/context_go1.5.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/context_go1.5.go
new file mode 100644
index 000000000..0345fab2d
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/context_go1.5.go
@@ -0,0 +1,40 @@
+//go:build !go1.9
+// +build !go1.9
+
+package credentials
+
+import "time"
+
+// Context is an copy of the Go v1.7 stdlib's context.Context interface.
+// It is represented as a SDK interface to enable you to use the "WithContext"
+// API methods with Go v1.6 and a Context type such as golang.org/x/net/context.
+//
+// This type, aws.Context, and context.Context are equivalent.
+//
+// See https://golang.org/pkg/context on how to use contexts.
+type Context interface {
+	// Deadline returns the time when work done on behalf of this context
+	// should be canceled. Deadline returns ok==false when no deadline is
+	// set. Successive calls to Deadline return the same results.
+	Deadline() (deadline time.Time, ok bool)
+
+	// Done returns a channel that's closed when work done on behalf of this
+	// context should be canceled. Done may return nil if this context can
+	// never be canceled. Successive calls to Done return the same value.
+	Done() <-chan struct{}
+
+	// Err returns a non-nil error value after Done is closed. Err returns
+	// Canceled if the context was canceled or DeadlineExceeded if the
+	// context's deadline passed. No other values for Err are defined.
+	// After Done is closed, successive calls to Err return the same value.
+	Err() error
+
+	// Value returns the value associated with this context for key, or nil
+	// if no value is associated with key. Successive calls to Value with
+	// the same key returns the same result.
+	//
+	// Use context values only for request-scoped data that transits
+	// processes and API boundaries, not for passing optional parameters to
+	// functions.
+	Value(key interface{}) interface{}
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/context_go1.9.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/context_go1.9.go
new file mode 100644
index 000000000..79018aba7
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/context_go1.9.go
@@ -0,0 +1,14 @@
+//go:build go1.9
+// +build go1.9
+
+package credentials
+
+import "context"
+
+// Context is an alias of the Go stdlib's context.Context interface.
+// It can be used within the SDK's API operation "WithContext" methods.
+//
+// This type, aws.Context, and context.Context are equivalent.
+//
+// See https://golang.org/pkg/context on how to use contexts.
+type Context = context.Context
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/credentials.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/credentials.go
new file mode 100644
index 000000000..a880a3de8
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/credentials.go
@@ -0,0 +1,383 @@
+// Package credentials provides credential retrieval and management
+//
+// The Credentials is the primary method of getting access to and managing
+// credentials Values. Using dependency injection retrieval of the credential
+// values is handled by a object which satisfies the Provider interface.
+//
+// By default the Credentials.Get() will cache the successful result of a
+// Provider's Retrieve() until Provider.IsExpired() returns true. At which
+// point Credentials will call Provider's Retrieve() to get new credential Value.
+//
+// The Provider is responsible for determining when credentials Value have expired.
+// It is also important to note that Credentials will always call Retrieve the
+// first time Credentials.Get() is called.
+//
+// Example of using the environment variable credentials.
+//
+//     creds := credentials.NewEnvCredentials()
+//
+//     // Retrieve the credentials value
+//     credValue, err := creds.Get()
+//     if err != nil {
+//         // handle error
+//     }
+//
+// Example of forcing credentials to expire and be refreshed on the next Get().
+// This may be helpful to proactively expire credentials and refresh them sooner
+// than they would naturally expire on their own.
+//
+//     creds := credentials.NewCredentials(&ec2rolecreds.EC2RoleProvider{})
+//     creds.Expire()
+//     credsValue, err := creds.Get()
+//     // New credentials will be retrieved instead of from cache.
+//
+//
+// Custom Provider
+//
+// Each Provider built into this package also provides a helper method to generate
+// a Credentials pointer setup with the provider. To use a custom Provider just
+// create a type which satisfies the Provider interface and pass it to the
+// NewCredentials method.
+//
+//     type MyProvider struct{}
+//     func (m *MyProvider) Retrieve() (Value, error) {...}
+//     func (m *MyProvider) IsExpired() bool {...}
+//
+//     creds := credentials.NewCredentials(&MyProvider{})
+//     credValue, err := creds.Get()
+//
+package credentials
+
+import (
+	"fmt"
+	"sync"
+	"time"
+
+	"github.com/aws/aws-sdk-go/aws/awserr"
+	"github.com/aws/aws-sdk-go/internal/sync/singleflight"
+)
+
+// AnonymousCredentials is an empty Credential object that can be used as
+// dummy placeholder credentials for requests that do not need signed.
+//
+// This Credentials can be used to configure a service to not sign requests
+// when making service API calls. For example, when accessing public
+// s3 buckets.
+//
+//     svc := s3.New(session.Must(session.NewSession(&aws.Config{
+//       Credentials: credentials.AnonymousCredentials,
+//     })))
+//     // Access public S3 buckets.
+var AnonymousCredentials = NewStaticCredentials("", "", "")
+
+// A Value is the AWS credentials value for individual credential fields.
+type Value struct {
+	// AWS Access key ID
+	AccessKeyID string
+
+	// AWS Secret Access Key
+	SecretAccessKey string
+
+	// AWS Session Token
+	SessionToken string
+
+	// Provider used to get credentials
+	ProviderName string
+}
+
+// HasKeys returns if the credentials Value has both AccessKeyID and
+// SecretAccessKey value set.
+func (v Value) HasKeys() bool {
+	return len(v.AccessKeyID) != 0 && len(v.SecretAccessKey) != 0
+}
+
+// A Provider is the interface for any component which will provide credentials
+// Value. A provider is required to manage its own Expired state, and what to
+// be expired means.
+//
+// The Provider should not need to implement its own mutexes, because
+// that will be managed by Credentials.
+type Provider interface {
+	// Retrieve returns nil if it successfully retrieved the value.
+	// Error is returned if the value were not obtainable, or empty.
+	Retrieve() (Value, error)
+
+	// IsExpired returns if the credentials are no longer valid, and need
+	// to be retrieved.
+	IsExpired() bool
+}
+
+// ProviderWithContext is a Provider that can retrieve credentials with a Context
+type ProviderWithContext interface {
+	Provider
+
+	RetrieveWithContext(Context) (Value, error)
+}
+
+// An Expirer is an interface that Providers can implement to expose the expiration
+// time, if known.  If the Provider cannot accurately provide this info,
+// it should not implement this interface.
+type Expirer interface {
+	// The time at which the credentials are no longer valid
+	ExpiresAt() time.Time
+}
+
+// An ErrorProvider is a stub credentials provider that always returns an error
+// this is used by the SDK when construction a known provider is not possible
+// due to an error.
+type ErrorProvider struct {
+	// The error to be returned from Retrieve
+	Err error
+
+	// The provider name to set on the Retrieved returned Value
+	ProviderName string
+}
+
+// Retrieve will always return the error that the ErrorProvider was created with.
+func (p ErrorProvider) Retrieve() (Value, error) {
+	return Value{ProviderName: p.ProviderName}, p.Err
+}
+
+// IsExpired will always return not expired.
+func (p ErrorProvider) IsExpired() bool {
+	return false
+}
+
+// A Expiry provides shared expiration logic to be used by credentials
+// providers to implement expiry functionality.
+//
+// The best method to use this struct is as an anonymous field within the
+// provider's struct.
+//
+// Example:
+//     type EC2RoleProvider struct {
+//         Expiry
+//         ...
+//     }
+type Expiry struct {
+	// The date/time when to expire on
+	expiration time.Time
+
+	// If set will be used by IsExpired to determine the current time.
+	// Defaults to time.Now if CurrentTime is not set.  Available for testing
+	// to be able to mock out the current time.
+	CurrentTime func() time.Time
+}
+
+// SetExpiration sets the expiration IsExpired will check when called.
+//
+// If window is greater than 0 the expiration time will be reduced by the
+// window value.
+//
+// Using a window is helpful to trigger credentials to expire sooner than
+// the expiration time given to ensure no requests are made with expired
+// tokens.
+func (e *Expiry) SetExpiration(expiration time.Time, window time.Duration) {
+	// Passed in expirations should have the monotonic clock values stripped.
+	// This ensures time comparisons will be based on wall-time.
+	e.expiration = expiration.Round(0)
+	if window > 0 {
+		e.expiration = e.expiration.Add(-window)
+	}
+}
+
+// IsExpired returns if the credentials are expired.
+func (e *Expiry) IsExpired() bool {
+	curTime := e.CurrentTime
+	if curTime == nil {
+		curTime = time.Now
+	}
+	return e.expiration.Before(curTime())
+}
+
+// ExpiresAt returns the expiration time of the credential
+func (e *Expiry) ExpiresAt() time.Time {
+	return e.expiration
+}
+
+// A Credentials provides concurrency safe retrieval of AWS credentials Value.
+// Credentials will cache the credentials value until they expire. Once the value
+// expires the next Get will attempt to retrieve valid credentials.
+//
+// Credentials is safe to use across multiple goroutines and will manage the
+// synchronous state so the Providers do not need to implement their own
+// synchronization.
+//
+// The first Credentials.Get() will always call Provider.Retrieve() to get the
+// first instance of the credentials Value. All calls to Get() after that
+// will return the cached credentials Value until IsExpired() returns true.
+type Credentials struct {
+	sf singleflight.Group
+
+	m        sync.RWMutex
+	creds    Value
+	provider Provider
+}
+
+// NewCredentials returns a pointer to a new Credentials with the provider set.
+func NewCredentials(provider Provider) *Credentials {
+	c := &Credentials{
+		provider: provider,
+	}
+	return c
+}
+
+// GetWithContext returns the credentials value, or error if the credentials
+// Value failed to be retrieved. Will return early if the passed in context is
+// canceled.
+//
+// Will return the cached credentials Value if it has not expired. If the
+// credentials Value has expired the Provider's Retrieve() will be called
+// to refresh the credentials.
+//
+// If Credentials.Expire() was called the credentials Value will be force
+// expired, and the next call to Get() will cause them to be refreshed.
+//
+// Passed in Context is equivalent to aws.Context, and context.Context.
+func (c *Credentials) GetWithContext(ctx Context) (Value, error) {
+	// Check if credentials are cached, and not expired.
+	select {
+	case curCreds, ok := <-c.asyncIsExpired():
+		// ok will only be true, of the credentials were not expired. ok will
+		// be false and have no value if the credentials are expired.
+		if ok {
+			return curCreds, nil
+		}
+	case <-ctx.Done():
+		return Value{}, awserr.New("RequestCanceled",
+			"request context canceled", ctx.Err())
+	}
+
+	// Cannot pass context down to the actual retrieve, because the first
+	// context would cancel the whole group when there is not direct
+	// association of items in the group.
+	resCh := c.sf.DoChan("", func() (interface{}, error) {
+		return c.singleRetrieve(&suppressedContext{ctx})
+	})
+	select {
+	case res := <-resCh:
+		return res.Val.(Value), res.Err
+	case <-ctx.Done():
+		return Value{}, awserr.New("RequestCanceled",
+			"request context canceled", ctx.Err())
+	}
+}
+
+func (c *Credentials) singleRetrieve(ctx Context) (interface{}, error) {
+	c.m.Lock()
+	defer c.m.Unlock()
+
+	if curCreds := c.creds; !c.isExpiredLocked(curCreds) {
+		return curCreds, nil
+	}
+
+	var creds Value
+	var err error
+	if p, ok := c.provider.(ProviderWithContext); ok {
+		creds, err = p.RetrieveWithContext(ctx)
+	} else {
+		creds, err = c.provider.Retrieve()
+	}
+	if err == nil {
+		c.creds = creds
+	}
+
+	return creds, err
+}
+
+// Get returns the credentials value, or error if the credentials Value failed
+// to be retrieved.
+//
+// Will return the cached credentials Value if it has not expired. If the
+// credentials Value has expired the Provider's Retrieve() will be called
+// to refresh the credentials.
+//
+// If Credentials.Expire() was called the credentials Value will be force
+// expired, and the next call to Get() will cause them to be refreshed.
+func (c *Credentials) Get() (Value, error) {
+	return c.GetWithContext(backgroundContext())
+}
+
+// Expire expires the credentials and forces them to be retrieved on the
+// next call to Get().
+//
+// This will override the Provider's expired state, and force Credentials
+// to call the Provider's Retrieve().
+func (c *Credentials) Expire() {
+	c.m.Lock()
+	defer c.m.Unlock()
+
+	c.creds = Value{}
+}
+
+// IsExpired returns if the credentials are no longer valid, and need
+// to be retrieved.
+//
+// If the Credentials were forced to be expired with Expire() this will
+// reflect that override.
+func (c *Credentials) IsExpired() bool {
+	c.m.RLock()
+	defer c.m.RUnlock()
+
+	return c.isExpiredLocked(c.creds)
+}
+
+// asyncIsExpired returns a channel of credentials Value. If the channel is
+// closed the credentials are expired and credentials value are not empty.
+func (c *Credentials) asyncIsExpired() <-chan Value {
+	ch := make(chan Value, 1)
+	go func() {
+		c.m.RLock()
+		defer c.m.RUnlock()
+
+		if curCreds := c.creds; !c.isExpiredLocked(curCreds) {
+			ch <- curCreds
+		}
+
+		close(ch)
+	}()
+
+	return ch
+}
+
+// isExpiredLocked helper method wrapping the definition of expired credentials.
+func (c *Credentials) isExpiredLocked(creds interface{}) bool {
+	return creds == nil || creds.(Value) == Value{} || c.provider.IsExpired()
+}
+
+// ExpiresAt provides access to the functionality of the Expirer interface of
+// the underlying Provider, if it supports that interface.  Otherwise, it returns
+// an error.
+func (c *Credentials) ExpiresAt() (time.Time, error) {
+	c.m.RLock()
+	defer c.m.RUnlock()
+
+	expirer, ok := c.provider.(Expirer)
+	if !ok {
+		return time.Time{}, awserr.New("ProviderNotExpirer",
+			fmt.Sprintf("provider %s does not support ExpiresAt()",
+				c.creds.ProviderName),
+			nil)
+	}
+	if c.creds == (Value{}) {
+		// set expiration time to the distant past
+		return time.Time{}, nil
+	}
+	return expirer.ExpiresAt(), nil
+}
+
+type suppressedContext struct {
+	Context
+}
+
+func (s *suppressedContext) Deadline() (deadline time.Time, ok bool) {
+	return time.Time{}, false
+}
+
+func (s *suppressedContext) Done() <-chan struct{} {
+	return nil
+}
+
+func (s *suppressedContext) Err() error {
+	return nil
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/ec2rolecreds/ec2_role_provider.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/ec2rolecreds/ec2_role_provider.go
new file mode 100644
index 000000000..92af5b725
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/ec2rolecreds/ec2_role_provider.go
@@ -0,0 +1,188 @@
+package ec2rolecreds
+
+import (
+	"bufio"
+	"encoding/json"
+	"fmt"
+	"strings"
+	"time"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/awserr"
+	"github.com/aws/aws-sdk-go/aws/client"
+	"github.com/aws/aws-sdk-go/aws/credentials"
+	"github.com/aws/aws-sdk-go/aws/ec2metadata"
+	"github.com/aws/aws-sdk-go/aws/request"
+	"github.com/aws/aws-sdk-go/internal/sdkuri"
+)
+
+// ProviderName provides a name of EC2Role provider
+const ProviderName = "EC2RoleProvider"
+
+// A EC2RoleProvider retrieves credentials from the EC2 service, and keeps track if
+// those credentials are expired.
+//
+// Example how to configure the EC2RoleProvider with custom http Client, Endpoint
+// or ExpiryWindow
+//
+//     p := &ec2rolecreds.EC2RoleProvider{
+//         // Pass in a custom timeout to be used when requesting
+//         // IAM EC2 Role credentials.
+//         Client: ec2metadata.New(sess, aws.Config{
+//             HTTPClient: &http.Client{Timeout: 10 * time.Second},
+//         }),
+//
+//         // Do not use early expiry of credentials. If a non zero value is
+//         // specified the credentials will be expired early
+//         ExpiryWindow: 0,
+//     }
+type EC2RoleProvider struct {
+	credentials.Expiry
+
+	// Required EC2Metadata client to use when connecting to EC2 metadata service.
+	Client *ec2metadata.EC2Metadata
+
+	// ExpiryWindow will allow the credentials to trigger refreshing prior to
+	// the credentials actually expiring. This is beneficial so race conditions
+	// with expiring credentials do not cause request to fail unexpectedly
+	// due to ExpiredTokenException exceptions.
+	//
+	// So a ExpiryWindow of 10s would cause calls to IsExpired() to return true
+	// 10 seconds before the credentials are actually expired.
+	//
+	// If ExpiryWindow is 0 or less it will be ignored.
+	ExpiryWindow time.Duration
+}
+
+// NewCredentials returns a pointer to a new Credentials object wrapping
+// the EC2RoleProvider. Takes a ConfigProvider to create a EC2Metadata client.
+// The ConfigProvider is satisfied by the session.Session type.
+func NewCredentials(c client.ConfigProvider, options ...func(*EC2RoleProvider)) *credentials.Credentials {
+	p := &EC2RoleProvider{
+		Client: ec2metadata.New(c),
+	}
+
+	for _, option := range options {
+		option(p)
+	}
+
+	return credentials.NewCredentials(p)
+}
+
+// NewCredentialsWithClient returns a pointer to a new Credentials object wrapping
+// the EC2RoleProvider. Takes a EC2Metadata client to use when connecting to EC2
+// metadata service.
+func NewCredentialsWithClient(client *ec2metadata.EC2Metadata, options ...func(*EC2RoleProvider)) *credentials.Credentials {
+	p := &EC2RoleProvider{
+		Client: client,
+	}
+
+	for _, option := range options {
+		option(p)
+	}
+
+	return credentials.NewCredentials(p)
+}
+
+// Retrieve retrieves credentials from the EC2 service.
+// Error will be returned if the request fails, or unable to extract
+// the desired credentials.
+func (m *EC2RoleProvider) Retrieve() (credentials.Value, error) {
+	return m.RetrieveWithContext(aws.BackgroundContext())
+}
+
+// RetrieveWithContext retrieves credentials from the EC2 service.
+// Error will be returned if the request fails, or unable to extract
+// the desired credentials.
+func (m *EC2RoleProvider) RetrieveWithContext(ctx credentials.Context) (credentials.Value, error) {
+	credsList, err := requestCredList(ctx, m.Client)
+	if err != nil {
+		return credentials.Value{ProviderName: ProviderName}, err
+	}
+
+	if len(credsList) == 0 {
+		return credentials.Value{ProviderName: ProviderName}, awserr.New("EmptyEC2RoleList", "empty EC2 Role list", nil)
+	}
+	credsName := credsList[0]
+
+	roleCreds, err := requestCred(ctx, m.Client, credsName)
+	if err != nil {
+		return credentials.Value{ProviderName: ProviderName}, err
+	}
+
+	m.SetExpiration(roleCreds.Expiration, m.ExpiryWindow)
+
+	return credentials.Value{
+		AccessKeyID:     roleCreds.AccessKeyID,
+		SecretAccessKey: roleCreds.SecretAccessKey,
+		SessionToken:    roleCreds.Token,
+		ProviderName:    ProviderName,
+	}, nil
+}
+
+// A ec2RoleCredRespBody provides the shape for unmarshaling credential
+// request responses.
+type ec2RoleCredRespBody struct {
+	// Success State
+	Expiration      time.Time
+	AccessKeyID     string
+	SecretAccessKey string
+	Token           string
+
+	// Error state
+	Code    string
+	Message string
+}
+
+const iamSecurityCredsPath = "iam/security-credentials/"
+
+// requestCredList requests a list of credentials from the EC2 service.
+// If there are no credentials, or there is an error making or receiving the request
+func requestCredList(ctx aws.Context, client *ec2metadata.EC2Metadata) ([]string, error) {
+	resp, err := client.GetMetadataWithContext(ctx, iamSecurityCredsPath)
+	if err != nil {
+		return nil, awserr.New("EC2RoleRequestError", "no EC2 instance role found", err)
+	}
+
+	credsList := []string{}
+	s := bufio.NewScanner(strings.NewReader(resp))
+	for s.Scan() {
+		credsList = append(credsList, s.Text())
+	}
+
+	if err := s.Err(); err != nil {
+		return nil, awserr.New(request.ErrCodeSerialization,
+			"failed to read EC2 instance role from metadata service", err)
+	}
+
+	return credsList, nil
+}
+
+// requestCred requests the credentials for a specific credentials from the EC2 service.
+//
+// If the credentials cannot be found, or there is an error reading the response
+// and error will be returned.
+func requestCred(ctx aws.Context, client *ec2metadata.EC2Metadata, credsName string) (ec2RoleCredRespBody, error) {
+	resp, err := client.GetMetadataWithContext(ctx, sdkuri.PathJoin(iamSecurityCredsPath, credsName))
+	if err != nil {
+		return ec2RoleCredRespBody{},
+			awserr.New("EC2RoleRequestError",
+				fmt.Sprintf("failed to get %s EC2 instance role credentials", credsName),
+				err)
+	}
+
+	respCreds := ec2RoleCredRespBody{}
+	if err := json.NewDecoder(strings.NewReader(resp)).Decode(&respCreds); err != nil {
+		return ec2RoleCredRespBody{},
+			awserr.New(request.ErrCodeSerialization,
+				fmt.Sprintf("failed to decode %s EC2 instance role credentials", credsName),
+				err)
+	}
+
+	if respCreds.Code != "Success" {
+		// If an error code was returned something failed requesting the role.
+		return ec2RoleCredRespBody{}, awserr.New(respCreds.Code, respCreds.Message, nil)
+	}
+
+	return respCreds, nil
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/endpointcreds/provider.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/endpointcreds/provider.go
new file mode 100644
index 000000000..785f30d8e
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/endpointcreds/provider.go
@@ -0,0 +1,210 @@
+// Package endpointcreds provides support for retrieving credentials from an
+// arbitrary HTTP endpoint.
+//
+// The credentials endpoint Provider can receive both static and refreshable
+// credentials that will expire. Credentials are static when an "Expiration"
+// value is not provided in the endpoint's response.
+//
+// Static credentials will never expire once they have been retrieved. The format
+// of the static credentials response:
+//    {
+//        "AccessKeyId" : "MUA...",
+//        "SecretAccessKey" : "/7PC5om....",
+//    }
+//
+// Refreshable credentials will expire within the "ExpiryWindow" of the Expiration
+// value in the response. The format of the refreshable credentials response:
+//    {
+//        "AccessKeyId" : "MUA...",
+//        "SecretAccessKey" : "/7PC5om....",
+//        "Token" : "AQoDY....=",
+//        "Expiration" : "2016-02-25T06:03:31Z"
+//    }
+//
+// Errors should be returned in the following format and only returned with 400
+// or 500 HTTP status codes.
+//    {
+//        "code": "ErrorCode",
+//        "message": "Helpful error message."
+//    }
+package endpointcreds
+
+import (
+	"encoding/json"
+	"time"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/awserr"
+	"github.com/aws/aws-sdk-go/aws/client"
+	"github.com/aws/aws-sdk-go/aws/client/metadata"
+	"github.com/aws/aws-sdk-go/aws/credentials"
+	"github.com/aws/aws-sdk-go/aws/request"
+	"github.com/aws/aws-sdk-go/private/protocol/json/jsonutil"
+)
+
+// ProviderName is the name of the credentials provider.
+const ProviderName = `CredentialsEndpointProvider`
+
+// Provider satisfies the credentials.Provider interface, and is a client to
+// retrieve credentials from an arbitrary endpoint.
+type Provider struct {
+	staticCreds bool
+	credentials.Expiry
+
+	// Requires a AWS Client to make HTTP requests to the endpoint with.
+	// the Endpoint the request will be made to is provided by the aws.Config's
+	// Endpoint value.
+	Client *client.Client
+
+	// ExpiryWindow will allow the credentials to trigger refreshing prior to
+	// the credentials actually expiring. This is beneficial so race conditions
+	// with expiring credentials do not cause request to fail unexpectedly
+	// due to ExpiredTokenException exceptions.
+	//
+	// So a ExpiryWindow of 10s would cause calls to IsExpired() to return true
+	// 10 seconds before the credentials are actually expired.
+	//
+	// If ExpiryWindow is 0 or less it will be ignored.
+	ExpiryWindow time.Duration
+
+	// Optional authorization token value if set will be used as the value of
+	// the Authorization header of the endpoint credential request.
+	AuthorizationToken string
+}
+
+// NewProviderClient returns a credentials Provider for retrieving AWS credentials
+// from arbitrary endpoint.
+func NewProviderClient(cfg aws.Config, handlers request.Handlers, endpoint string, options ...func(*Provider)) credentials.Provider {
+	p := &Provider{
+		Client: client.New(
+			cfg,
+			metadata.ClientInfo{
+				ServiceName: "CredentialsEndpoint",
+				Endpoint:    endpoint,
+			},
+			handlers,
+		),
+	}
+
+	p.Client.Handlers.Unmarshal.PushBack(unmarshalHandler)
+	p.Client.Handlers.UnmarshalError.PushBack(unmarshalError)
+	p.Client.Handlers.Validate.Clear()
+	p.Client.Handlers.Validate.PushBack(validateEndpointHandler)
+
+	for _, option := range options {
+		option(p)
+	}
+
+	return p
+}
+
+// NewCredentialsClient returns a pointer to a new Credentials object
+// wrapping the endpoint credentials Provider.
+func NewCredentialsClient(cfg aws.Config, handlers request.Handlers, endpoint string, options ...func(*Provider)) *credentials.Credentials {
+	return credentials.NewCredentials(NewProviderClient(cfg, handlers, endpoint, options...))
+}
+
+// IsExpired returns true if the credentials retrieved are expired, or not yet
+// retrieved.
+func (p *Provider) IsExpired() bool {
+	if p.staticCreds {
+		return false
+	}
+	return p.Expiry.IsExpired()
+}
+
+// Retrieve will attempt to request the credentials from the endpoint the Provider
+// was configured for. And error will be returned if the retrieval fails.
+func (p *Provider) Retrieve() (credentials.Value, error) {
+	return p.RetrieveWithContext(aws.BackgroundContext())
+}
+
+// RetrieveWithContext will attempt to request the credentials from the endpoint the Provider
+// was configured for. And error will be returned if the retrieval fails.
+func (p *Provider) RetrieveWithContext(ctx credentials.Context) (credentials.Value, error) {
+	resp, err := p.getCredentials(ctx)
+	if err != nil {
+		return credentials.Value{ProviderName: ProviderName},
+			awserr.New("CredentialsEndpointError", "failed to load credentials", err)
+	}
+
+	if resp.Expiration != nil {
+		p.SetExpiration(*resp.Expiration, p.ExpiryWindow)
+	} else {
+		p.staticCreds = true
+	}
+
+	return credentials.Value{
+		AccessKeyID:     resp.AccessKeyID,
+		SecretAccessKey: resp.SecretAccessKey,
+		SessionToken:    resp.Token,
+		ProviderName:    ProviderName,
+	}, nil
+}
+
+type getCredentialsOutput struct {
+	Expiration      *time.Time
+	AccessKeyID     string
+	SecretAccessKey string
+	Token           string
+}
+
+type errorOutput struct {
+	Code    string `json:"code"`
+	Message string `json:"message"`
+}
+
+func (p *Provider) getCredentials(ctx aws.Context) (*getCredentialsOutput, error) {
+	op := &request.Operation{
+		Name:       "GetCredentials",
+		HTTPMethod: "GET",
+	}
+
+	out := &getCredentialsOutput{}
+	req := p.Client.NewRequest(op, nil, out)
+	req.SetContext(ctx)
+	req.HTTPRequest.Header.Set("Accept", "application/json")
+	if authToken := p.AuthorizationToken; len(authToken) != 0 {
+		req.HTTPRequest.Header.Set("Authorization", authToken)
+	}
+
+	return out, req.Send()
+}
+
+func validateEndpointHandler(r *request.Request) {
+	if len(r.ClientInfo.Endpoint) == 0 {
+		r.Error = aws.ErrMissingEndpoint
+	}
+}
+
+func unmarshalHandler(r *request.Request) {
+	defer r.HTTPResponse.Body.Close()
+
+	out := r.Data.(*getCredentialsOutput)
+	if err := json.NewDecoder(r.HTTPResponse.Body).Decode(&out); err != nil {
+		r.Error = awserr.New(request.ErrCodeSerialization,
+			"failed to decode endpoint credentials",
+			err,
+		)
+	}
+}
+
+func unmarshalError(r *request.Request) {
+	defer r.HTTPResponse.Body.Close()
+
+	var errOut errorOutput
+	err := jsonutil.UnmarshalJSONError(&errOut, r.HTTPResponse.Body)
+	if err != nil {
+		r.Error = awserr.NewRequestFailure(
+			awserr.New(request.ErrCodeSerialization,
+				"failed to decode error message", err),
+			r.HTTPResponse.StatusCode,
+			r.RequestID,
+		)
+		return
+	}
+
+	// Response body format is not consistent between metadata endpoints.
+	// Grab the error message as a string and include that as the source error
+	r.Error = awserr.New(errOut.Code, errOut.Message, nil)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/env_provider.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/env_provider.go
new file mode 100644
index 000000000..54c5cf733
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/env_provider.go
@@ -0,0 +1,74 @@
+package credentials
+
+import (
+	"os"
+
+	"github.com/aws/aws-sdk-go/aws/awserr"
+)
+
+// EnvProviderName provides a name of Env provider
+const EnvProviderName = "EnvProvider"
+
+var (
+	// ErrAccessKeyIDNotFound is returned when the AWS Access Key ID can't be
+	// found in the process's environment.
+	ErrAccessKeyIDNotFound = awserr.New("EnvAccessKeyNotFound", "AWS_ACCESS_KEY_ID or AWS_ACCESS_KEY not found in environment", nil)
+
+	// ErrSecretAccessKeyNotFound is returned when the AWS Secret Access Key
+	// can't be found in the process's environment.
+	ErrSecretAccessKeyNotFound = awserr.New("EnvSecretNotFound", "AWS_SECRET_ACCESS_KEY or AWS_SECRET_KEY not found in environment", nil)
+)
+
+// A EnvProvider retrieves credentials from the environment variables of the
+// running process. Environment credentials never expire.
+//
+// Environment variables used:
+//
+// * Access Key ID:     AWS_ACCESS_KEY_ID or AWS_ACCESS_KEY
+//
+// * Secret Access Key: AWS_SECRET_ACCESS_KEY or AWS_SECRET_KEY
+type EnvProvider struct {
+	retrieved bool
+}
+
+// NewEnvCredentials returns a pointer to a new Credentials object
+// wrapping the environment variable provider.
+func NewEnvCredentials() *Credentials {
+	return NewCredentials(&EnvProvider{})
+}
+
+// Retrieve retrieves the keys from the environment.
+func (e *EnvProvider) Retrieve() (Value, error) {
+	e.retrieved = false
+
+	id := os.Getenv("AWS_ACCESS_KEY_ID")
+	if id == "" {
+		id = os.Getenv("AWS_ACCESS_KEY")
+	}
+
+	secret := os.Getenv("AWS_SECRET_ACCESS_KEY")
+	if secret == "" {
+		secret = os.Getenv("AWS_SECRET_KEY")
+	}
+
+	if id == "" {
+		return Value{ProviderName: EnvProviderName}, ErrAccessKeyIDNotFound
+	}
+
+	if secret == "" {
+		return Value{ProviderName: EnvProviderName}, ErrSecretAccessKeyNotFound
+	}
+
+	e.retrieved = true
+	return Value{
+		AccessKeyID:     id,
+		SecretAccessKey: secret,
+		SessionToken:    os.Getenv("AWS_SESSION_TOKEN"),
+		ProviderName:    EnvProviderName,
+	}, nil
+}
+
+// IsExpired returns if the credentials have been retrieved.
+func (e *EnvProvider) IsExpired() bool {
+	return !e.retrieved
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/example.ini b/vendor/github.com/aws/aws-sdk-go/aws/credentials/example.ini
new file mode 100644
index 000000000..7fc91d9d2
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/example.ini
@@ -0,0 +1,12 @@
+[default]
+aws_access_key_id = accessKey
+aws_secret_access_key = secret
+aws_session_token = token
+
+[no_token]
+aws_access_key_id = accessKey
+aws_secret_access_key = secret
+
+[with_colon]
+aws_access_key_id: accessKey
+aws_secret_access_key: secret
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/processcreds/provider.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/processcreds/provider.go
new file mode 100644
index 000000000..18694f07f
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/processcreds/provider.go
@@ -0,0 +1,438 @@
+/*
+Package processcreds is a credential Provider to retrieve `credential_process`
+credentials.
+
+WARNING: The following describes a method of sourcing credentials from an external
+process. This can potentially be dangerous, so proceed with caution. Other
+credential providers should be preferred if at all possible. If using this
+option, you should make sure that the config file is as locked down as possible
+using security best practices for your operating system.
+
+You can use credentials from a `credential_process` in a variety of ways.
+
+One way is to setup your shared config file, located in the default
+location, with the `credential_process` key and the command you want to be
+called. You also need to set the AWS_SDK_LOAD_CONFIG environment variable
+(e.g., `export AWS_SDK_LOAD_CONFIG=1`) to use the shared config file.
+
+    [default]
+    credential_process = /command/to/call
+
+Creating a new session will use the credential process to retrieve credentials.
+NOTE: If there are credentials in the profile you are using, the credential
+process will not be used.
+
+    // Initialize a session to load credentials.
+    sess, _ := session.NewSession(&aws.Config{
+        Region: aws.String("us-east-1")},
+    )
+
+    // Create S3 service client to use the credentials.
+    svc := s3.New(sess)
+
+Another way to use the `credential_process` method is by using
+`credentials.NewCredentials()` and providing a command to be executed to
+retrieve credentials:
+
+    // Create credentials using the ProcessProvider.
+    creds := processcreds.NewCredentials("/path/to/command")
+
+    // Create service client value configured for credentials.
+    svc := s3.New(sess, &aws.Config{Credentials: creds})
+
+You can set a non-default timeout for the `credential_process` with another
+constructor, `credentials.NewCredentialsTimeout()`, providing the timeout. To
+set a one minute timeout:
+
+    // Create credentials using the ProcessProvider.
+    creds := processcreds.NewCredentialsTimeout(
+        "/path/to/command",
+        time.Duration(500) * time.Millisecond)
+
+If you need more control, you can set any configurable options in the
+credentials using one or more option functions. For example, you can set a two
+minute timeout, a credential duration of 60 minutes, and a maximum stdout
+buffer size of 2k.
+
+    creds := processcreds.NewCredentials(
+        "/path/to/command",
+        func(opt *ProcessProvider) {
+            opt.Timeout = time.Duration(2) * time.Minute
+            opt.Duration = time.Duration(60) * time.Minute
+            opt.MaxBufSize = 2048
+        })
+
+You can also use your own `exec.Cmd`:
+
+	// Create an exec.Cmd
+	myCommand := exec.Command("/path/to/command")
+
+	// Create credentials using your exec.Cmd and custom timeout
+	creds := processcreds.NewCredentialsCommand(
+		myCommand,
+		func(opt *processcreds.ProcessProvider) {
+			opt.Timeout = time.Duration(1) * time.Second
+		})
+*/
+package processcreds
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"os"
+	"os/exec"
+	"runtime"
+	"strings"
+	"time"
+
+	"github.com/aws/aws-sdk-go/aws/awserr"
+	"github.com/aws/aws-sdk-go/aws/credentials"
+	"github.com/aws/aws-sdk-go/internal/sdkio"
+)
+
+const (
+	// ProviderName is the name this credentials provider will label any
+	// returned credentials Value with.
+	ProviderName = `ProcessProvider`
+
+	// ErrCodeProcessProviderParse error parsing process output
+	ErrCodeProcessProviderParse = "ProcessProviderParseError"
+
+	// ErrCodeProcessProviderVersion version error in output
+	ErrCodeProcessProviderVersion = "ProcessProviderVersionError"
+
+	// ErrCodeProcessProviderRequired required attribute missing in output
+	ErrCodeProcessProviderRequired = "ProcessProviderRequiredError"
+
+	// ErrCodeProcessProviderExecution execution of command failed
+	ErrCodeProcessProviderExecution = "ProcessProviderExecutionError"
+
+	// errMsgProcessProviderTimeout process took longer than allowed
+	errMsgProcessProviderTimeout = "credential process timed out"
+
+	// errMsgProcessProviderProcess process error
+	errMsgProcessProviderProcess = "error in credential_process"
+
+	// errMsgProcessProviderParse problem parsing output
+	errMsgProcessProviderParse = "parse failed of credential_process output"
+
+	// errMsgProcessProviderVersion version error in output
+	errMsgProcessProviderVersion = "wrong version in process output (not 1)"
+
+	// errMsgProcessProviderMissKey missing access key id in output
+	errMsgProcessProviderMissKey = "missing AccessKeyId in process output"
+
+	// errMsgProcessProviderMissSecret missing secret acess key in output
+	errMsgProcessProviderMissSecret = "missing SecretAccessKey in process output"
+
+	// errMsgProcessProviderPrepareCmd prepare of command failed
+	errMsgProcessProviderPrepareCmd = "failed to prepare command"
+
+	// errMsgProcessProviderEmptyCmd command must not be empty
+	errMsgProcessProviderEmptyCmd = "command must not be empty"
+
+	// errMsgProcessProviderPipe failed to initialize pipe
+	errMsgProcessProviderPipe = "failed to initialize pipe"
+
+	// DefaultDuration is the default amount of time in minutes that the
+	// credentials will be valid for.
+	DefaultDuration = time.Duration(15) * time.Minute
+
+	// DefaultBufSize limits buffer size from growing to an enormous
+	// amount due to a faulty process.
+	DefaultBufSize = int(8 * sdkio.KibiByte)
+
+	// DefaultTimeout default limit on time a process can run.
+	DefaultTimeout = time.Duration(1) * time.Minute
+)
+
+// ProcessProvider satisfies the credentials.Provider interface, and is a
+// client to retrieve credentials from a process.
+type ProcessProvider struct {
+	staticCreds bool
+	credentials.Expiry
+	originalCommand []string
+
+	// Expiry duration of the credentials. Defaults to 15 minutes if not set.
+	Duration time.Duration
+
+	// ExpiryWindow will allow the credentials to trigger refreshing prior to
+	// the credentials actually expiring. This is beneficial so race conditions
+	// with expiring credentials do not cause request to fail unexpectedly
+	// due to ExpiredTokenException exceptions.
+	//
+	// So a ExpiryWindow of 10s would cause calls to IsExpired() to return true
+	// 10 seconds before the credentials are actually expired.
+	//
+	// If ExpiryWindow is 0 or less it will be ignored.
+	ExpiryWindow time.Duration
+
+	// A string representing an os command that should return a JSON with
+	// credential information.
+	command *exec.Cmd
+
+	// MaxBufSize limits memory usage from growing to an enormous
+	// amount due to a faulty process.
+	MaxBufSize int
+
+	// Timeout limits the time a process can run.
+	Timeout time.Duration
+}
+
+// NewCredentials returns a pointer to a new Credentials object wrapping the
+// ProcessProvider. The credentials will expire every 15 minutes by default.
+func NewCredentials(command string, options ...func(*ProcessProvider)) *credentials.Credentials {
+	p := &ProcessProvider{
+		command:    exec.Command(command),
+		Duration:   DefaultDuration,
+		Timeout:    DefaultTimeout,
+		MaxBufSize: DefaultBufSize,
+	}
+
+	for _, option := range options {
+		option(p)
+	}
+
+	return credentials.NewCredentials(p)
+}
+
+// NewCredentialsTimeout returns a pointer to a new Credentials object with
+// the specified command and timeout, and default duration and max buffer size.
+func NewCredentialsTimeout(command string, timeout time.Duration) *credentials.Credentials {
+	p := NewCredentials(command, func(opt *ProcessProvider) {
+		opt.Timeout = timeout
+	})
+
+	return p
+}
+
+// NewCredentialsCommand returns a pointer to a new Credentials object with
+// the specified command, and default timeout, duration and max buffer size.
+func NewCredentialsCommand(command *exec.Cmd, options ...func(*ProcessProvider)) *credentials.Credentials {
+	p := &ProcessProvider{
+		command:    command,
+		Duration:   DefaultDuration,
+		Timeout:    DefaultTimeout,
+		MaxBufSize: DefaultBufSize,
+	}
+
+	for _, option := range options {
+		option(p)
+	}
+
+	return credentials.NewCredentials(p)
+}
+
+// A CredentialProcessResponse is the AWS credentials format that must be
+// returned when executing an external credential_process.
+type CredentialProcessResponse struct {
+	// As of this writing, the Version key must be set to 1. This might
+	// increment over time as the structure evolves.
+	Version int
+
+	// The access key ID that identifies the temporary security credentials.
+	AccessKeyID string `json:"AccessKeyId"`
+
+	// The secret access key that can be used to sign requests.
+	SecretAccessKey string
+
+	// The token that users must pass to the service API to use the temporary credentials.
+	SessionToken string
+
+	// The date on which the current credentials expire.
+	Expiration *time.Time
+}
+
+// Retrieve executes the 'credential_process' and returns the credentials.
+func (p *ProcessProvider) Retrieve() (credentials.Value, error) {
+	out, err := p.executeCredentialProcess()
+	if err != nil {
+		return credentials.Value{ProviderName: ProviderName}, err
+	}
+
+	// Serialize and validate response
+	resp := &CredentialProcessResponse{}
+	if err = json.Unmarshal(out, resp); err != nil {
+		return credentials.Value{ProviderName: ProviderName}, awserr.New(
+			ErrCodeProcessProviderParse,
+			fmt.Sprintf("%s: %s", errMsgProcessProviderParse, string(out)),
+			err)
+	}
+
+	if resp.Version != 1 {
+		return credentials.Value{ProviderName: ProviderName}, awserr.New(
+			ErrCodeProcessProviderVersion,
+			errMsgProcessProviderVersion,
+			nil)
+	}
+
+	if len(resp.AccessKeyID) == 0 {
+		return credentials.Value{ProviderName: ProviderName}, awserr.New(
+			ErrCodeProcessProviderRequired,
+			errMsgProcessProviderMissKey,
+			nil)
+	}
+
+	if len(resp.SecretAccessKey) == 0 {
+		return credentials.Value{ProviderName: ProviderName}, awserr.New(
+			ErrCodeProcessProviderRequired,
+			errMsgProcessProviderMissSecret,
+			nil)
+	}
+
+	// Handle expiration
+	p.staticCreds = resp.Expiration == nil
+	if resp.Expiration != nil {
+		p.SetExpiration(*resp.Expiration, p.ExpiryWindow)
+	}
+
+	return credentials.Value{
+		ProviderName:    ProviderName,
+		AccessKeyID:     resp.AccessKeyID,
+		SecretAccessKey: resp.SecretAccessKey,
+		SessionToken:    resp.SessionToken,
+	}, nil
+}
+
+// IsExpired returns true if the credentials retrieved are expired, or not yet
+// retrieved.
+func (p *ProcessProvider) IsExpired() bool {
+	if p.staticCreds {
+		return false
+	}
+	return p.Expiry.IsExpired()
+}
+
+// prepareCommand prepares the command to be executed.
+func (p *ProcessProvider) prepareCommand() error {
+
+	var cmdArgs []string
+	if runtime.GOOS == "windows" {
+		cmdArgs = []string{"cmd.exe", "/C"}
+	} else {
+		cmdArgs = []string{"sh", "-c"}
+	}
+
+	if len(p.originalCommand) == 0 {
+		p.originalCommand = make([]string, len(p.command.Args))
+		copy(p.originalCommand, p.command.Args)
+
+		// check for empty command because it succeeds
+		if len(strings.TrimSpace(p.originalCommand[0])) < 1 {
+			return awserr.New(
+				ErrCodeProcessProviderExecution,
+				fmt.Sprintf(
+					"%s: %s",
+					errMsgProcessProviderPrepareCmd,
+					errMsgProcessProviderEmptyCmd),
+				nil)
+		}
+	}
+
+	cmdArgs = append(cmdArgs, p.originalCommand...)
+	p.command = exec.Command(cmdArgs[0], cmdArgs[1:]...)
+	p.command.Env = os.Environ()
+
+	return nil
+}
+
+// executeCredentialProcess starts the credential process on the OS and
+// returns the results or an error.
+func (p *ProcessProvider) executeCredentialProcess() ([]byte, error) {
+
+	if err := p.prepareCommand(); err != nil {
+		return nil, err
+	}
+
+	// Setup the pipes
+	outReadPipe, outWritePipe, err := os.Pipe()
+	if err != nil {
+		return nil, awserr.New(
+			ErrCodeProcessProviderExecution,
+			errMsgProcessProviderPipe,
+			err)
+	}
+
+	p.command.Stderr = os.Stderr    // display stderr on console for MFA
+	p.command.Stdout = outWritePipe // get creds json on process's stdout
+	p.command.Stdin = os.Stdin      // enable stdin for MFA
+
+	output := bytes.NewBuffer(make([]byte, 0, p.MaxBufSize))
+
+	stdoutCh := make(chan error, 1)
+	go readInput(
+		io.LimitReader(outReadPipe, int64(p.MaxBufSize)),
+		output,
+		stdoutCh)
+
+	execCh := make(chan error, 1)
+	go executeCommand(*p.command, execCh)
+
+	finished := false
+	var errors []error
+	for !finished {
+		select {
+		case readError := <-stdoutCh:
+			errors = appendError(errors, readError)
+			finished = true
+		case execError := <-execCh:
+			err := outWritePipe.Close()
+			errors = appendError(errors, err)
+			errors = appendError(errors, execError)
+			if errors != nil {
+				return output.Bytes(), awserr.NewBatchError(
+					ErrCodeProcessProviderExecution,
+					errMsgProcessProviderProcess,
+					errors)
+			}
+		case <-time.After(p.Timeout):
+			finished = true
+			return output.Bytes(), awserr.NewBatchError(
+				ErrCodeProcessProviderExecution,
+				errMsgProcessProviderTimeout,
+				errors) // errors can be nil
+		}
+	}
+
+	out := output.Bytes()
+
+	if runtime.GOOS == "windows" {
+		// windows adds slashes to quotes
+		out = []byte(strings.Replace(string(out), `\"`, `"`, -1))
+	}
+
+	return out, nil
+}
+
+// appendError conveniently checks for nil before appending slice
+func appendError(errors []error, err error) []error {
+	if err != nil {
+		return append(errors, err)
+	}
+	return errors
+}
+
+func executeCommand(cmd exec.Cmd, exec chan error) {
+	// Start the command
+	err := cmd.Start()
+	if err == nil {
+		err = cmd.Wait()
+	}
+
+	exec <- err
+}
+
+func readInput(r io.Reader, w io.Writer, read chan error) {
+	tee := io.TeeReader(r, w)
+
+	_, err := ioutil.ReadAll(tee)
+
+	if err == io.EOF {
+		err = nil
+	}
+
+	read <- err // will only arrive here when write end of pipe is closed
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/shared_credentials_provider.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/shared_credentials_provider.go
new file mode 100644
index 000000000..22b5c5d9f
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/shared_credentials_provider.go
@@ -0,0 +1,151 @@
+package credentials
+
+import (
+	"fmt"
+	"os"
+
+	"github.com/aws/aws-sdk-go/aws/awserr"
+	"github.com/aws/aws-sdk-go/internal/ini"
+	"github.com/aws/aws-sdk-go/internal/shareddefaults"
+)
+
+// SharedCredsProviderName provides a name of SharedCreds provider
+const SharedCredsProviderName = "SharedCredentialsProvider"
+
+var (
+	// ErrSharedCredentialsHomeNotFound is emitted when the user directory cannot be found.
+	ErrSharedCredentialsHomeNotFound = awserr.New("UserHomeNotFound", "user home directory not found.", nil)
+)
+
+// A SharedCredentialsProvider retrieves access key pair (access key ID,
+// secret access key, and session token if present) credentials from the current
+// user's home directory, and keeps track if those credentials are expired.
+//
+// Profile ini file example: $HOME/.aws/credentials
+type SharedCredentialsProvider struct {
+	// Path to the shared credentials file.
+	//
+	// If empty will look for "AWS_SHARED_CREDENTIALS_FILE" env variable. If the
+	// env value is empty will default to current user's home directory.
+	// Linux/OSX: "$HOME/.aws/credentials"
+	// Windows:   "%USERPROFILE%\.aws\credentials"
+	Filename string
+
+	// AWS Profile to extract credentials from the shared credentials file. If empty
+	// will default to environment variable "AWS_PROFILE" or "default" if
+	// environment variable is also not set.
+	Profile string
+
+	// retrieved states if the credentials have been successfully retrieved.
+	retrieved bool
+}
+
+// NewSharedCredentials returns a pointer to a new Credentials object
+// wrapping the Profile file provider.
+func NewSharedCredentials(filename, profile string) *Credentials {
+	return NewCredentials(&SharedCredentialsProvider{
+		Filename: filename,
+		Profile:  profile,
+	})
+}
+
+// Retrieve reads and extracts the shared credentials from the current
+// users home directory.
+func (p *SharedCredentialsProvider) Retrieve() (Value, error) {
+	p.retrieved = false
+
+	filename, err := p.filename()
+	if err != nil {
+		return Value{ProviderName: SharedCredsProviderName}, err
+	}
+
+	creds, err := loadProfile(filename, p.profile())
+	if err != nil {
+		return Value{ProviderName: SharedCredsProviderName}, err
+	}
+
+	p.retrieved = true
+	return creds, nil
+}
+
+// IsExpired returns if the shared credentials have expired.
+func (p *SharedCredentialsProvider) IsExpired() bool {
+	return !p.retrieved
+}
+
+// loadProfiles loads from the file pointed to by shared credentials filename for profile.
+// The credentials retrieved from the profile will be returned or error. Error will be
+// returned if it fails to read from the file, or the data is invalid.
+func loadProfile(filename, profile string) (Value, error) {
+	config, err := ini.OpenFile(filename)
+	if err != nil {
+		return Value{ProviderName: SharedCredsProviderName}, awserr.New("SharedCredsLoad", "failed to load shared credentials file", err)
+	}
+
+	iniProfile, ok := config.GetSection(profile)
+	if !ok {
+		return Value{ProviderName: SharedCredsProviderName}, awserr.New("SharedCredsLoad", "failed to get profile", nil)
+	}
+
+	id := iniProfile.String("aws_access_key_id")
+	if len(id) == 0 {
+		return Value{ProviderName: SharedCredsProviderName}, awserr.New("SharedCredsAccessKey",
+			fmt.Sprintf("shared credentials %s in %s did not contain aws_access_key_id", profile, filename),
+			nil)
+	}
+
+	secret := iniProfile.String("aws_secret_access_key")
+	if len(secret) == 0 {
+		return Value{ProviderName: SharedCredsProviderName}, awserr.New("SharedCredsSecret",
+			fmt.Sprintf("shared credentials %s in %s did not contain aws_secret_access_key", profile, filename),
+			nil)
+	}
+
+	// Default to empty string if not found
+	token := iniProfile.String("aws_session_token")
+
+	return Value{
+		AccessKeyID:     id,
+		SecretAccessKey: secret,
+		SessionToken:    token,
+		ProviderName:    SharedCredsProviderName,
+	}, nil
+}
+
+// filename returns the filename to use to read AWS shared credentials.
+//
+// Will return an error if the user's home directory path cannot be found.
+func (p *SharedCredentialsProvider) filename() (string, error) {
+	if len(p.Filename) != 0 {
+		return p.Filename, nil
+	}
+
+	if p.Filename = os.Getenv("AWS_SHARED_CREDENTIALS_FILE"); len(p.Filename) != 0 {
+		return p.Filename, nil
+	}
+
+	if home := shareddefaults.UserHomeDir(); len(home) == 0 {
+		// Backwards compatibility of home directly not found error being returned.
+		// This error is too verbose, failure when opening the file would of been
+		// a better error to return.
+		return "", ErrSharedCredentialsHomeNotFound
+	}
+
+	p.Filename = shareddefaults.SharedCredentialsFilename()
+
+	return p.Filename, nil
+}
+
+// profile returns the AWS shared credentials profile.  If empty will read
+// environment variable "AWS_PROFILE". If that is not set profile will
+// return "default".
+func (p *SharedCredentialsProvider) profile() string {
+	if p.Profile == "" {
+		p.Profile = os.Getenv("AWS_PROFILE")
+	}
+	if p.Profile == "" {
+		p.Profile = "default"
+	}
+
+	return p.Profile
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/ssocreds/doc.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/ssocreds/doc.go
new file mode 100644
index 000000000..18c940ab3
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/ssocreds/doc.go
@@ -0,0 +1,60 @@
+// Package ssocreds provides a credential provider for retrieving temporary AWS credentials using an SSO access token.
+//
+// IMPORTANT: The provider in this package does not initiate or perform the AWS SSO login flow. The SDK provider
+// expects that you have already performed the SSO login flow using AWS CLI using the "aws sso login" command, or by
+// some other mechanism. The provider must find a valid non-expired access token for the AWS SSO user portal URL in
+// ~/.aws/sso/cache. If a cached token is not found, it is expired, or the file is malformed an error will be returned.
+//
+// Loading AWS SSO credentials with the AWS shared configuration file
+//
+// You can use configure AWS SSO credentials from the AWS shared configuration file by
+// providing the specifying the required keys in the profile:
+//
+//  sso_account_id
+//  sso_region
+//  sso_role_name
+//  sso_start_url
+//
+// For example, the following defines a profile "devsso" and specifies the AWS SSO parameters that defines the target
+// account, role, sign-on portal, and the region where the user portal is located. Note: all SSO arguments must be
+// provided, or an error will be returned.
+//
+//  [profile devsso]
+//  sso_start_url = https://my-sso-portal.awsapps.com/start
+//  sso_role_name = SSOReadOnlyRole
+//  sso_region = us-east-1
+//  sso_account_id = 123456789012
+//
+// Using the config module, you can load the AWS SDK shared configuration, and specify that this profile be used to
+// retrieve credentials. For example:
+//
+//  sess, err := session.NewSessionWithOptions(session.Options{
+//      SharedConfigState: session.SharedConfigEnable,
+//      Profile:           "devsso",
+//  })
+//  if err != nil {
+//      return err
+//  }
+//
+// Programmatically loading AWS SSO credentials directly
+//
+// You can programmatically construct the AWS SSO Provider in your application, and provide the necessary information
+// to load and retrieve temporary credentials using an access token from ~/.aws/sso/cache.
+//
+//  svc := sso.New(sess, &aws.Config{
+//      Region: aws.String("us-west-2"), // Client Region must correspond to the AWS SSO user portal region
+//  })
+//
+//  provider := ssocreds.NewCredentialsWithClient(svc, "123456789012", "SSOReadOnlyRole", "https://my-sso-portal.awsapps.com/start")
+//
+//  credentials, err := provider.Get()
+//  if err != nil {
+//      return err
+//  }
+//
+// Additional Resources
+//
+// Configuring the AWS CLI to use AWS Single Sign-On: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sso.html
+//
+// AWS Single Sign-On User Guide: https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html
+package ssocreds
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/ssocreds/os.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/ssocreds/os.go
new file mode 100644
index 000000000..d4df39a7a
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/ssocreds/os.go
@@ -0,0 +1,10 @@
+//go:build !windows
+// +build !windows
+
+package ssocreds
+
+import "os"
+
+func getHomeDirectory() string {
+	return os.Getenv("HOME")
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/ssocreds/os_windows.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/ssocreds/os_windows.go
new file mode 100644
index 000000000..eb48f61e5
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/ssocreds/os_windows.go
@@ -0,0 +1,7 @@
+package ssocreds
+
+import "os"
+
+func getHomeDirectory() string {
+	return os.Getenv("USERPROFILE")
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/ssocreds/provider.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/ssocreds/provider.go
new file mode 100644
index 000000000..6eda2a555
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/ssocreds/provider.go
@@ -0,0 +1,180 @@
+package ssocreds
+
+import (
+	"crypto/sha1"
+	"encoding/hex"
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"path/filepath"
+	"strings"
+	"time"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/awserr"
+	"github.com/aws/aws-sdk-go/aws/client"
+	"github.com/aws/aws-sdk-go/aws/credentials"
+	"github.com/aws/aws-sdk-go/service/sso"
+	"github.com/aws/aws-sdk-go/service/sso/ssoiface"
+)
+
+// ErrCodeSSOProviderInvalidToken is the code type that is returned if loaded token has expired or is otherwise invalid.
+// To refresh the SSO session run aws sso login with the corresponding profile.
+const ErrCodeSSOProviderInvalidToken = "SSOProviderInvalidToken"
+
+const invalidTokenMessage = "the SSO session has expired or is invalid"
+
+func init() {
+	nowTime = time.Now
+	defaultCacheLocation = defaultCacheLocationImpl
+}
+
+var nowTime func() time.Time
+
+// ProviderName is the name of the provider used to specify the source of credentials.
+const ProviderName = "SSOProvider"
+
+var defaultCacheLocation func() string
+
+func defaultCacheLocationImpl() string {
+	return filepath.Join(getHomeDirectory(), ".aws", "sso", "cache")
+}
+
+// Provider is an AWS credential provider that retrieves temporary AWS credentials by exchanging an SSO login token.
+type Provider struct {
+	credentials.Expiry
+
+	// The Client which is configured for the AWS Region where the AWS SSO user portal is located.
+	Client ssoiface.SSOAPI
+
+	// The AWS account that is assigned to the user.
+	AccountID string
+
+	// The role name that is assigned to the user.
+	RoleName string
+
+	// The URL that points to the organization's AWS Single Sign-On (AWS SSO) user portal.
+	StartURL string
+}
+
+// NewCredentials returns a new AWS Single Sign-On (AWS SSO) credential provider. The ConfigProvider is expected to be configured
+// for the AWS Region where the AWS SSO user portal is located.
+func NewCredentials(configProvider client.ConfigProvider, accountID, roleName, startURL string, optFns ...func(provider *Provider)) *credentials.Credentials {
+	return NewCredentialsWithClient(sso.New(configProvider), accountID, roleName, startURL, optFns...)
+}
+
+// NewCredentialsWithClient returns a new AWS Single Sign-On (AWS SSO) credential provider. The provided client is expected to be configured
+// for the AWS Region where the AWS SSO user portal is located.
+func NewCredentialsWithClient(client ssoiface.SSOAPI, accountID, roleName, startURL string, optFns ...func(provider *Provider)) *credentials.Credentials {
+	p := &Provider{
+		Client:    client,
+		AccountID: accountID,
+		RoleName:  roleName,
+		StartURL:  startURL,
+	}
+
+	for _, fn := range optFns {
+		fn(p)
+	}
+
+	return credentials.NewCredentials(p)
+}
+
+// Retrieve retrieves temporary AWS credentials from the configured Amazon Single Sign-On (AWS SSO) user portal
+// by exchanging the accessToken present in ~/.aws/sso/cache.
+func (p *Provider) Retrieve() (credentials.Value, error) {
+	return p.RetrieveWithContext(aws.BackgroundContext())
+}
+
+// RetrieveWithContext retrieves temporary AWS credentials from the configured Amazon Single Sign-On (AWS SSO) user portal
+// by exchanging the accessToken present in ~/.aws/sso/cache.
+func (p *Provider) RetrieveWithContext(ctx credentials.Context) (credentials.Value, error) {
+	tokenFile, err := loadTokenFile(p.StartURL)
+	if err != nil {
+		return credentials.Value{}, err
+	}
+
+	output, err := p.Client.GetRoleCredentialsWithContext(ctx, &sso.GetRoleCredentialsInput{
+		AccessToken: &tokenFile.AccessToken,
+		AccountId:   &p.AccountID,
+		RoleName:    &p.RoleName,
+	})
+	if err != nil {
+		return credentials.Value{}, err
+	}
+
+	expireTime := time.Unix(0, aws.Int64Value(output.RoleCredentials.Expiration)*int64(time.Millisecond)).UTC()
+	p.SetExpiration(expireTime, 0)
+
+	return credentials.Value{
+		AccessKeyID:     aws.StringValue(output.RoleCredentials.AccessKeyId),
+		SecretAccessKey: aws.StringValue(output.RoleCredentials.SecretAccessKey),
+		SessionToken:    aws.StringValue(output.RoleCredentials.SessionToken),
+		ProviderName:    ProviderName,
+	}, nil
+}
+
+func getCacheFileName(url string) (string, error) {
+	hash := sha1.New()
+	_, err := hash.Write([]byte(url))
+	if err != nil {
+		return "", err
+	}
+	return strings.ToLower(hex.EncodeToString(hash.Sum(nil))) + ".json", nil
+}
+
+type rfc3339 time.Time
+
+func (r *rfc3339) UnmarshalJSON(bytes []byte) error {
+	var value string
+
+	if err := json.Unmarshal(bytes, &value); err != nil {
+		return err
+	}
+
+	parse, err := time.Parse(time.RFC3339, value)
+	if err != nil {
+		return fmt.Errorf("expected RFC3339 timestamp: %v", err)
+	}
+
+	*r = rfc3339(parse)
+
+	return nil
+}
+
+type token struct {
+	AccessToken string  `json:"accessToken"`
+	ExpiresAt   rfc3339 `json:"expiresAt"`
+	Region      string  `json:"region,omitempty"`
+	StartURL    string  `json:"startUrl,omitempty"`
+}
+
+func (t token) Expired() bool {
+	return nowTime().Round(0).After(time.Time(t.ExpiresAt))
+}
+
+func loadTokenFile(startURL string) (t token, err error) {
+	key, err := getCacheFileName(startURL)
+	if err != nil {
+		return token{}, awserr.New(ErrCodeSSOProviderInvalidToken, invalidTokenMessage, err)
+	}
+
+	fileBytes, err := ioutil.ReadFile(filepath.Join(defaultCacheLocation(), key))
+	if err != nil {
+		return token{}, awserr.New(ErrCodeSSOProviderInvalidToken, invalidTokenMessage, err)
+	}
+
+	if err := json.Unmarshal(fileBytes, &t); err != nil {
+		return token{}, awserr.New(ErrCodeSSOProviderInvalidToken, invalidTokenMessage, err)
+	}
+
+	if len(t.AccessToken) == 0 {
+		return token{}, awserr.New(ErrCodeSSOProviderInvalidToken, invalidTokenMessage, nil)
+	}
+
+	if t.Expired() {
+		return token{}, awserr.New(ErrCodeSSOProviderInvalidToken, invalidTokenMessage, nil)
+	}
+
+	return t, nil
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/static_provider.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/static_provider.go
new file mode 100644
index 000000000..cbba1e3d5
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/static_provider.go
@@ -0,0 +1,57 @@
+package credentials
+
+import (
+	"github.com/aws/aws-sdk-go/aws/awserr"
+)
+
+// StaticProviderName provides a name of Static provider
+const StaticProviderName = "StaticProvider"
+
+var (
+	// ErrStaticCredentialsEmpty is emitted when static credentials are empty.
+	ErrStaticCredentialsEmpty = awserr.New("EmptyStaticCreds", "static credentials are empty", nil)
+)
+
+// A StaticProvider is a set of credentials which are set programmatically,
+// and will never expire.
+type StaticProvider struct {
+	Value
+}
+
+// NewStaticCredentials returns a pointer to a new Credentials object
+// wrapping a static credentials value provider. Token is only required
+// for temporary security credentials retrieved via STS, otherwise an empty
+// string can be passed for this parameter.
+func NewStaticCredentials(id, secret, token string) *Credentials {
+	return NewCredentials(&StaticProvider{Value: Value{
+		AccessKeyID:     id,
+		SecretAccessKey: secret,
+		SessionToken:    token,
+	}})
+}
+
+// NewStaticCredentialsFromCreds returns a pointer to a new Credentials object
+// wrapping the static credentials value provide. Same as NewStaticCredentials
+// but takes the creds Value instead of individual fields
+func NewStaticCredentialsFromCreds(creds Value) *Credentials {
+	return NewCredentials(&StaticProvider{Value: creds})
+}
+
+// Retrieve returns the credentials or error if the credentials are invalid.
+func (s *StaticProvider) Retrieve() (Value, error) {
+	if s.AccessKeyID == "" || s.SecretAccessKey == "" {
+		return Value{ProviderName: StaticProviderName}, ErrStaticCredentialsEmpty
+	}
+
+	if len(s.Value.ProviderName) == 0 {
+		s.Value.ProviderName = StaticProviderName
+	}
+	return s.Value, nil
+}
+
+// IsExpired returns if the credentials are expired.
+//
+// For StaticProvider, the credentials never expired.
+func (s *StaticProvider) IsExpired() bool {
+	return false
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/assume_role_provider.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/assume_role_provider.go
new file mode 100644
index 000000000..86db488de
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/assume_role_provider.go
@@ -0,0 +1,371 @@
+/*
+Package stscreds are credential Providers to retrieve STS AWS credentials.
+
+STS provides multiple ways to retrieve credentials which can be used when making
+future AWS service API operation calls.
+
+The SDK will ensure that per instance of credentials.Credentials all requests
+to refresh the credentials will be synchronized. But, the SDK is unable to
+ensure synchronous usage of the AssumeRoleProvider if the value is shared
+between multiple Credentials, Sessions or service clients.
+
+# Assume Role
+
+To assume an IAM role using STS with the SDK you can create a new Credentials
+with the SDKs's stscreds package.
+
+	// Initial credentials loaded from SDK's default credential chain. Such as
+	// the environment, shared credentials (~/.aws/credentials), or EC2 Instance
+	// Role. These credentials will be used to to make the STS Assume Role API.
+	sess := session.Must(session.NewSession())
+
+	// Create the credentials from AssumeRoleProvider to assume the role
+	// referenced by the "myRoleARN" ARN.
+	creds := stscreds.NewCredentials(sess, "myRoleArn")
+
+	// Create service client value configured for credentials
+	// from assumed role.
+	svc := s3.New(sess, &aws.Config{Credentials: creds})
+
+# Assume Role with static MFA Token
+
+To assume an IAM role with a MFA token you can either specify a MFA token code
+directly or provide a function to prompt the user each time the credentials
+need to refresh the role's credentials. Specifying the TokenCode should be used
+for short lived operations that will not need to be refreshed, and when you do
+not want to have direct control over the user provides their MFA token.
+
+With TokenCode the AssumeRoleProvider will be not be able to refresh the role's
+credentials.
+
+	// Create the credentials from AssumeRoleProvider to assume the role
+	// referenced by the "myRoleARN" ARN using the MFA token code provided.
+	creds := stscreds.NewCredentials(sess, "myRoleArn", func(p *stscreds.AssumeRoleProvider) {
+		p.SerialNumber = aws.String("myTokenSerialNumber")
+		p.TokenCode = aws.String("00000000")
+	})
+
+	// Create service client value configured for credentials
+	// from assumed role.
+	svc := s3.New(sess, &aws.Config{Credentials: creds})
+
+# Assume Role with MFA Token Provider
+
+To assume an IAM role with MFA for longer running tasks where the credentials
+may need to be refreshed setting the TokenProvider field of AssumeRoleProvider
+will allow the credential provider to prompt for new MFA token code when the
+role's credentials need to be refreshed.
+
+The StdinTokenProvider function is available to prompt on stdin to retrieve
+the MFA token code from the user. You can also implement custom prompts by
+satisfing the TokenProvider function signature.
+
+Using StdinTokenProvider with multiple AssumeRoleProviders, or Credentials will
+have undesirable results as the StdinTokenProvider will not be synchronized. A
+single Credentials with an AssumeRoleProvider can be shared safely.
+
+	// Create the credentials from AssumeRoleProvider to assume the role
+	// referenced by the "myRoleARN" ARN. Prompting for MFA token from stdin.
+	creds := stscreds.NewCredentials(sess, "myRoleArn", func(p *stscreds.AssumeRoleProvider) {
+		p.SerialNumber = aws.String("myTokenSerialNumber")
+		p.TokenProvider = stscreds.StdinTokenProvider
+	})
+
+	// Create service client value configured for credentials
+	// from assumed role.
+	svc := s3.New(sess, &aws.Config{Credentials: creds})
+*/
+package stscreds
+
+import (
+	"fmt"
+	"os"
+	"time"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/awserr"
+	"github.com/aws/aws-sdk-go/aws/client"
+	"github.com/aws/aws-sdk-go/aws/credentials"
+	"github.com/aws/aws-sdk-go/aws/request"
+	"github.com/aws/aws-sdk-go/internal/sdkrand"
+	"github.com/aws/aws-sdk-go/service/sts"
+)
+
+// StdinTokenProvider will prompt on stderr and read from stdin for a string value.
+// An error is returned if reading from stdin fails.
+//
+// Use this function to read MFA tokens from stdin. The function makes no attempt
+// to make atomic prompts from stdin across multiple gorouties.
+//
+// Using StdinTokenProvider with multiple AssumeRoleProviders, or Credentials will
+// have undesirable results as the StdinTokenProvider will not be synchronized. A
+// single Credentials with an AssumeRoleProvider can be shared safely
+//
+// Will wait forever until something is provided on the stdin.
+func StdinTokenProvider() (string, error) {
+	var v string
+	fmt.Fprintf(os.Stderr, "Assume Role MFA token code: ")
+	_, err := fmt.Scanln(&v)
+
+	return v, err
+}
+
+// ProviderName provides a name of AssumeRole provider
+const ProviderName = "AssumeRoleProvider"
+
+// AssumeRoler represents the minimal subset of the STS client API used by this provider.
+type AssumeRoler interface {
+	AssumeRole(input *sts.AssumeRoleInput) (*sts.AssumeRoleOutput, error)
+}
+
+type assumeRolerWithContext interface {
+	AssumeRoleWithContext(aws.Context, *sts.AssumeRoleInput, ...request.Option) (*sts.AssumeRoleOutput, error)
+}
+
+// DefaultDuration is the default amount of time in minutes that the credentials
+// will be valid for.
+var DefaultDuration = time.Duration(15) * time.Minute
+
+// AssumeRoleProvider retrieves temporary credentials from the STS service, and
+// keeps track of their expiration time.
+//
+// This credential provider will be used by the SDKs default credential change
+// when shared configuration is enabled, and the shared config or shared credentials
+// file configure assume role. See Session docs for how to do this.
+//
+// AssumeRoleProvider does not provide any synchronization and it is not safe
+// to share this value across multiple Credentials, Sessions, or service clients
+// without also sharing the same Credentials instance.
+type AssumeRoleProvider struct {
+	credentials.Expiry
+
+	// STS client to make assume role request with.
+	Client AssumeRoler
+
+	// Role to be assumed.
+	RoleARN string
+
+	// Session name, if you wish to reuse the credentials elsewhere.
+	RoleSessionName string
+
+	// Optional, you can pass tag key-value pairs to your session. These tags are called session tags.
+	Tags []*sts.Tag
+
+	// A list of keys for session tags that you want to set as transitive.
+	// If you set a tag key as transitive, the corresponding key and value passes to subsequent sessions in a role chain.
+	TransitiveTagKeys []*string
+
+	// Expiry duration of the STS credentials. Defaults to 15 minutes if not set.
+	Duration time.Duration
+
+	// Optional ExternalID to pass along, defaults to nil if not set.
+	ExternalID *string
+
+	// The policy plain text must be 2048 bytes or shorter. However, an internal
+	// conversion compresses it into a packed binary format with a separate limit.
+	// The PackedPolicySize response element indicates by percentage how close to
+	// the upper size limit the policy is, with 100% equaling the maximum allowed
+	// size.
+	Policy *string
+
+	// The ARNs of IAM managed policies you want to use as managed session policies.
+	// The policies must exist in the same account as the role.
+	//
+	// This parameter is optional. You can provide up to 10 managed policy ARNs.
+	// However, the plain text that you use for both inline and managed session
+	// policies can't exceed 2,048 characters.
+	//
+	// An AWS conversion compresses the passed session policies and session tags
+	// into a packed binary format that has a separate limit. Your request can fail
+	// for this limit even if your plain text meets the other requirements. The
+	// PackedPolicySize response element indicates by percentage how close the policies
+	// and tags for your request are to the upper size limit.
+	//
+	// Passing policies to this operation returns new temporary credentials. The
+	// resulting session's permissions are the intersection of the role's identity-based
+	// policy and the session policies. You can use the role's temporary credentials
+	// in subsequent AWS API calls to access resources in the account that owns
+	// the role. You cannot use session policies to grant more permissions than
+	// those allowed by the identity-based policy of the role that is being assumed.
+	// For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
+	// in the IAM User Guide.
+	PolicyArns []*sts.PolicyDescriptorType
+
+	// The identification number of the MFA device that is associated with the user
+	// who is making the AssumeRole call. Specify this value if the trust policy
+	// of the role being assumed includes a condition that requires MFA authentication.
+	// The value is either the serial number for a hardware device (such as GAHT12345678)
+	// or an Amazon Resource Name (ARN) for a virtual device (such as arn:aws:iam::123456789012:mfa/user).
+	SerialNumber *string
+
+	// The SourceIdentity which is used to identity a persistent identity through the whole session.
+	// For more details see https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html
+	SourceIdentity *string
+
+	// The value provided by the MFA device, if the trust policy of the role being
+	// assumed requires MFA (that is, if the policy includes a condition that tests
+	// for MFA). If the role being assumed requires MFA and if the TokenCode value
+	// is missing or expired, the AssumeRole call returns an "access denied" error.
+	//
+	// If SerialNumber is set and neither TokenCode nor TokenProvider are also
+	// set an error will be returned.
+	TokenCode *string
+
+	// Async method of providing MFA token code for assuming an IAM role with MFA.
+	// The value returned by the function will be used as the TokenCode in the Retrieve
+	// call. See StdinTokenProvider for a provider that prompts and reads from stdin.
+	//
+	// This token provider will be called when ever the assumed role's
+	// credentials need to be refreshed when SerialNumber is also set and
+	// TokenCode is not set.
+	//
+	// If both TokenCode and TokenProvider is set, TokenProvider will be used and
+	// TokenCode is ignored.
+	TokenProvider func() (string, error)
+
+	// ExpiryWindow will allow the credentials to trigger refreshing prior to
+	// the credentials actually expiring. This is beneficial so race conditions
+	// with expiring credentials do not cause request to fail unexpectedly
+	// due to ExpiredTokenException exceptions.
+	//
+	// So a ExpiryWindow of 10s would cause calls to IsExpired() to return true
+	// 10 seconds before the credentials are actually expired.
+	//
+	// If ExpiryWindow is 0 or less it will be ignored.
+	ExpiryWindow time.Duration
+
+	// MaxJitterFrac reduces the effective Duration of each credential requested
+	// by a random percentage between 0 and MaxJitterFraction. MaxJitterFrac must
+	// have a value between 0 and 1. Any other value may lead to expected behavior.
+	// With a MaxJitterFrac value of 0, default) will no jitter will be used.
+	//
+	// For example, with a Duration of 30m and a MaxJitterFrac of 0.1, the
+	// AssumeRole call will be made with an arbitrary Duration between 27m and
+	// 30m.
+	//
+	// MaxJitterFrac should not be negative.
+	MaxJitterFrac float64
+}
+
+// NewCredentials returns a pointer to a new Credentials value wrapping the
+// AssumeRoleProvider. The credentials will expire every 15 minutes and the
+// role will be named after a nanosecond timestamp of this operation. The
+// Credentials value will attempt to refresh the credentials using the provider
+// when Credentials.Get is called, if the cached credentials are expiring.
+//
+// Takes a Config provider to create the STS client. The ConfigProvider is
+// satisfied by the session.Session type.
+//
+// It is safe to share the returned Credentials with multiple Sessions and
+// service clients. All access to the credentials and refreshing them
+// will be synchronized.
+func NewCredentials(c client.ConfigProvider, roleARN string, options ...func(*AssumeRoleProvider)) *credentials.Credentials {
+	p := &AssumeRoleProvider{
+		Client:   sts.New(c),
+		RoleARN:  roleARN,
+		Duration: DefaultDuration,
+	}
+
+	for _, option := range options {
+		option(p)
+	}
+
+	return credentials.NewCredentials(p)
+}
+
+// NewCredentialsWithClient returns a pointer to a new Credentials value wrapping the
+// AssumeRoleProvider. The credentials will expire every 15 minutes and the
+// role will be named after a nanosecond timestamp of this operation. The
+// Credentials value will attempt to refresh the credentials using the provider
+// when Credentials.Get is called, if the cached credentials are expiring.
+//
+// Takes an AssumeRoler which can be satisfied by the STS client.
+//
+// It is safe to share the returned Credentials with multiple Sessions and
+// service clients. All access to the credentials and refreshing them
+// will be synchronized.
+func NewCredentialsWithClient(svc AssumeRoler, roleARN string, options ...func(*AssumeRoleProvider)) *credentials.Credentials {
+	p := &AssumeRoleProvider{
+		Client:   svc,
+		RoleARN:  roleARN,
+		Duration: DefaultDuration,
+	}
+
+	for _, option := range options {
+		option(p)
+	}
+
+	return credentials.NewCredentials(p)
+}
+
+// Retrieve generates a new set of temporary credentials using STS.
+func (p *AssumeRoleProvider) Retrieve() (credentials.Value, error) {
+	return p.RetrieveWithContext(aws.BackgroundContext())
+}
+
+// RetrieveWithContext generates a new set of temporary credentials using STS.
+func (p *AssumeRoleProvider) RetrieveWithContext(ctx credentials.Context) (credentials.Value, error) {
+	// Apply defaults where parameters are not set.
+	if p.RoleSessionName == "" {
+		// Try to work out a role name that will hopefully end up unique.
+		p.RoleSessionName = fmt.Sprintf("%d", time.Now().UTC().UnixNano())
+	}
+	if p.Duration == 0 {
+		// Expire as often as AWS permits.
+		p.Duration = DefaultDuration
+	}
+	jitter := time.Duration(sdkrand.SeededRand.Float64() * p.MaxJitterFrac * float64(p.Duration))
+	input := &sts.AssumeRoleInput{
+		DurationSeconds:   aws.Int64(int64((p.Duration - jitter) / time.Second)),
+		RoleArn:           aws.String(p.RoleARN),
+		RoleSessionName:   aws.String(p.RoleSessionName),
+		ExternalId:        p.ExternalID,
+		Tags:              p.Tags,
+		PolicyArns:        p.PolicyArns,
+		TransitiveTagKeys: p.TransitiveTagKeys,
+		SourceIdentity:    p.SourceIdentity,
+	}
+	if p.Policy != nil {
+		input.Policy = p.Policy
+	}
+	if p.SerialNumber != nil {
+		if p.TokenCode != nil {
+			input.SerialNumber = p.SerialNumber
+			input.TokenCode = p.TokenCode
+		} else if p.TokenProvider != nil {
+			input.SerialNumber = p.SerialNumber
+			code, err := p.TokenProvider()
+			if err != nil {
+				return credentials.Value{ProviderName: ProviderName}, err
+			}
+			input.TokenCode = aws.String(code)
+		} else {
+			return credentials.Value{ProviderName: ProviderName},
+				awserr.New("AssumeRoleTokenNotAvailable",
+					"assume role with MFA enabled, but neither TokenCode nor TokenProvider are set", nil)
+		}
+	}
+
+	var roleOutput *sts.AssumeRoleOutput
+	var err error
+
+	if c, ok := p.Client.(assumeRolerWithContext); ok {
+		roleOutput, err = c.AssumeRoleWithContext(ctx, input)
+	} else {
+		roleOutput, err = p.Client.AssumeRole(input)
+	}
+
+	if err != nil {
+		return credentials.Value{ProviderName: ProviderName}, err
+	}
+
+	// We will proactively generate new credentials before they expire.
+	p.SetExpiration(*roleOutput.Credentials.Expiration, p.ExpiryWindow)
+
+	return credentials.Value{
+		AccessKeyID:     *roleOutput.Credentials.AccessKeyId,
+		SecretAccessKey: *roleOutput.Credentials.SecretAccessKey,
+		SessionToken:    *roleOutput.Credentials.SessionToken,
+		ProviderName:    ProviderName,
+	}, nil
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/web_identity_provider.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/web_identity_provider.go
new file mode 100644
index 000000000..19ad619aa
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/web_identity_provider.go
@@ -0,0 +1,182 @@
+package stscreds
+
+import (
+	"fmt"
+	"io/ioutil"
+	"strconv"
+	"time"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/awserr"
+	"github.com/aws/aws-sdk-go/aws/client"
+	"github.com/aws/aws-sdk-go/aws/credentials"
+	"github.com/aws/aws-sdk-go/service/sts"
+	"github.com/aws/aws-sdk-go/service/sts/stsiface"
+)
+
+const (
+	// ErrCodeWebIdentity will be used as an error code when constructing
+	// a new error to be returned during session creation or retrieval.
+	ErrCodeWebIdentity = "WebIdentityErr"
+
+	// WebIdentityProviderName is the web identity provider name
+	WebIdentityProviderName = "WebIdentityCredentials"
+)
+
+// now is used to return a time.Time object representing
+// the current time. This can be used to easily test and
+// compare test values.
+var now = time.Now
+
+// TokenFetcher should return WebIdentity token bytes or an error
+type TokenFetcher interface {
+	FetchToken(credentials.Context) ([]byte, error)
+}
+
+// FetchTokenPath is a path to a WebIdentity token file
+type FetchTokenPath string
+
+// FetchToken returns a token by reading from the filesystem
+func (f FetchTokenPath) FetchToken(ctx credentials.Context) ([]byte, error) {
+	data, err := ioutil.ReadFile(string(f))
+	if err != nil {
+		errMsg := fmt.Sprintf("unable to read file at %s", f)
+		return nil, awserr.New(ErrCodeWebIdentity, errMsg, err)
+	}
+	return data, nil
+}
+
+// WebIdentityRoleProvider is used to retrieve credentials using
+// an OIDC token.
+type WebIdentityRoleProvider struct {
+	credentials.Expiry
+
+	// The policy ARNs to use with the web identity assumed role.
+	PolicyArns []*sts.PolicyDescriptorType
+
+	// Duration the STS credentials will be valid for. Truncated to seconds.
+	// If unset, the assumed role will use AssumeRoleWithWebIdentity's default
+	// expiry duration. See
+	// https://docs.aws.amazon.com/sdk-for-go/api/service/sts/#STS.AssumeRoleWithWebIdentity
+	// for more information.
+	Duration time.Duration
+
+	// The amount of time the credentials will be refreshed before they expire.
+	// This is useful refresh credentials before they expire to reduce risk of
+	// using credentials as they expire. If unset, will default to no expiry
+	// window.
+	ExpiryWindow time.Duration
+
+	client stsiface.STSAPI
+
+	tokenFetcher    TokenFetcher
+	roleARN         string
+	roleSessionName string
+}
+
+// NewWebIdentityCredentials will return a new set of credentials with a given
+// configuration, role arn, and token file path.
+//
+// Deprecated: Use NewWebIdentityRoleProviderWithOptions for flexible
+// functional options, and wrap with credentials.NewCredentials helper.
+func NewWebIdentityCredentials(c client.ConfigProvider, roleARN, roleSessionName, path string) *credentials.Credentials {
+	svc := sts.New(c)
+	p := NewWebIdentityRoleProvider(svc, roleARN, roleSessionName, path)
+	return credentials.NewCredentials(p)
+}
+
+// NewWebIdentityRoleProvider will return a new WebIdentityRoleProvider with the
+// provided stsiface.STSAPI
+//
+// Deprecated: Use NewWebIdentityRoleProviderWithOptions for flexible
+// functional options.
+func NewWebIdentityRoleProvider(svc stsiface.STSAPI, roleARN, roleSessionName, path string) *WebIdentityRoleProvider {
+	return NewWebIdentityRoleProviderWithOptions(svc, roleARN, roleSessionName, FetchTokenPath(path))
+}
+
+// NewWebIdentityRoleProviderWithToken will return a new WebIdentityRoleProvider with the
+// provided stsiface.STSAPI and a TokenFetcher
+//
+// Deprecated: Use NewWebIdentityRoleProviderWithOptions for flexible
+// functional options.
+func NewWebIdentityRoleProviderWithToken(svc stsiface.STSAPI, roleARN, roleSessionName string, tokenFetcher TokenFetcher) *WebIdentityRoleProvider {
+	return NewWebIdentityRoleProviderWithOptions(svc, roleARN, roleSessionName, tokenFetcher)
+}
+
+// NewWebIdentityRoleProviderWithOptions will return an initialize
+// WebIdentityRoleProvider with the provided stsiface.STSAPI, role ARN, and a
+// TokenFetcher. Additional options can be provided as functional options.
+//
+// TokenFetcher is the implementation that will retrieve the JWT token from to
+// assume the role with. Use the provided FetchTokenPath implementation to
+// retrieve the JWT token using a file system path.
+func NewWebIdentityRoleProviderWithOptions(svc stsiface.STSAPI, roleARN, roleSessionName string, tokenFetcher TokenFetcher, optFns ...func(*WebIdentityRoleProvider)) *WebIdentityRoleProvider {
+	p := WebIdentityRoleProvider{
+		client:          svc,
+		tokenFetcher:    tokenFetcher,
+		roleARN:         roleARN,
+		roleSessionName: roleSessionName,
+	}
+
+	for _, fn := range optFns {
+		fn(&p)
+	}
+
+	return &p
+}
+
+// Retrieve will attempt to assume a role from a token which is located at
+// 'WebIdentityTokenFilePath' specified destination and if that is empty an
+// error will be returned.
+func (p *WebIdentityRoleProvider) Retrieve() (credentials.Value, error) {
+	return p.RetrieveWithContext(aws.BackgroundContext())
+}
+
+// RetrieveWithContext will attempt to assume a role from a token which is
+// located at 'WebIdentityTokenFilePath' specified destination and if that is
+// empty an error will be returned.
+func (p *WebIdentityRoleProvider) RetrieveWithContext(ctx credentials.Context) (credentials.Value, error) {
+	b, err := p.tokenFetcher.FetchToken(ctx)
+	if err != nil {
+		return credentials.Value{}, awserr.New(ErrCodeWebIdentity, "failed fetching WebIdentity token: ", err)
+	}
+
+	sessionName := p.roleSessionName
+	if len(sessionName) == 0 {
+		// session name is used to uniquely identify a session. This simply
+		// uses unix time in nanoseconds to uniquely identify sessions.
+		sessionName = strconv.FormatInt(now().UnixNano(), 10)
+	}
+
+	var duration *int64
+	if p.Duration != 0 {
+		duration = aws.Int64(int64(p.Duration / time.Second))
+	}
+
+	req, resp := p.client.AssumeRoleWithWebIdentityRequest(&sts.AssumeRoleWithWebIdentityInput{
+		PolicyArns:       p.PolicyArns,
+		RoleArn:          &p.roleARN,
+		RoleSessionName:  &sessionName,
+		WebIdentityToken: aws.String(string(b)),
+		DurationSeconds:  duration,
+	})
+
+	req.SetContext(ctx)
+
+	// InvalidIdentityToken error is a temporary error that can occur
+	// when assuming an Role with a JWT web identity token.
+	req.RetryErrorCodes = append(req.RetryErrorCodes, sts.ErrCodeInvalidIdentityTokenException)
+	if err := req.Send(); err != nil {
+		return credentials.Value{}, awserr.New(ErrCodeWebIdentity, "failed to retrieve credentials", err)
+	}
+
+	p.SetExpiration(aws.TimeValue(resp.Credentials.Expiration), p.ExpiryWindow)
+
+	value := credentials.Value{
+		AccessKeyID:     aws.StringValue(resp.Credentials.AccessKeyId),
+		SecretAccessKey: aws.StringValue(resp.Credentials.SecretAccessKey),
+		SessionToken:    aws.StringValue(resp.Credentials.SessionToken),
+		ProviderName:    WebIdentityProviderName,
+	}
+	return value, nil
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/csm/doc.go b/vendor/github.com/aws/aws-sdk-go/aws/csm/doc.go
new file mode 100644
index 000000000..25a66d1dd
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/csm/doc.go
@@ -0,0 +1,69 @@
+// Package csm provides the Client Side Monitoring (CSM) client which enables
+// sending metrics via UDP connection to the CSM agent. This package provides
+// control options, and configuration for the CSM client. The client can be
+// controlled manually, or automatically via the SDK's Session configuration.
+//
+// Enabling CSM client via SDK's Session configuration
+//
+// The CSM client can be enabled automatically via SDK's Session configuration.
+// The SDK's session configuration enables the CSM client if the AWS_CSM_PORT
+// environment variable is set to a non-empty value.
+//
+// The configuration options for the CSM client via the SDK's session
+// configuration are:
+//
+//	* AWS_CSM_PORT=<port number>
+//	  The port number the CSM agent will receive metrics on.
+//
+//	* AWS_CSM_HOST=<hostname or ip>
+//	  The hostname, or IP address the CSM agent will receive metrics on.
+//	  Without port number.
+//
+// Manually enabling the CSM client
+//
+// The CSM client can be started, paused, and resumed manually. The Start
+// function will enable the CSM client to publish metrics to the CSM agent. It
+// is safe to call Start concurrently, but if Start is called additional times
+// with different ClientID or address it will panic.
+//
+//		r, err := csm.Start("clientID", ":31000")
+//		if err != nil {
+//			panic(fmt.Errorf("failed starting CSM:  %v", err))
+//		}
+//
+// When controlling the CSM client manually, you must also inject its request
+// handlers into the SDK's Session configuration for the SDK's API clients to
+// publish metrics.
+//
+//		sess, err := session.NewSession(&aws.Config{})
+//		if err != nil {
+//			panic(fmt.Errorf("failed loading session: %v", err))
+//		}
+//
+//		// Add CSM client's metric publishing request handlers to the SDK's
+//		// Session Configuration.
+//		r.InjectHandlers(&sess.Handlers)
+//
+// Controlling CSM client
+//
+// Once the CSM client has been enabled the Get function will return a Reporter
+// value that you can use to pause and resume the metrics published to the CSM
+// agent. If Get function is called before the reporter is enabled with the
+// Start function or via SDK's Session configuration nil will be returned.
+//
+// The Pause method can be called to stop the CSM client publishing metrics to
+// the CSM agent. The Continue method will resume metric publishing.
+//
+//		// Get the CSM client Reporter.
+//		r := csm.Get()
+//
+//		// Will pause monitoring
+//		r.Pause()
+//		resp, err = client.GetObject(&s3.GetObjectInput{
+//			Bucket: aws.String("bucket"),
+//			Key: aws.String("key"),
+//		})
+//
+//		// Resume monitoring
+//		r.Continue()
+package csm
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/csm/enable.go b/vendor/github.com/aws/aws-sdk-go/aws/csm/enable.go
new file mode 100644
index 000000000..4b19e2800
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/csm/enable.go
@@ -0,0 +1,89 @@
+package csm
+
+import (
+	"fmt"
+	"strings"
+	"sync"
+)
+
+var (
+	lock sync.Mutex
+)
+
+const (
+	// DefaultPort is used when no port is specified.
+	DefaultPort = "31000"
+
+	// DefaultHost is the host that will be used when none is specified.
+	DefaultHost = "127.0.0.1"
+)
+
+// AddressWithDefaults returns a CSM address built from the host and port
+// values. If the host or port is not set, default values will be used
+// instead. If host is "localhost" it will be replaced with "127.0.0.1".
+func AddressWithDefaults(host, port string) string {
+	if len(host) == 0 || strings.EqualFold(host, "localhost") {
+		host = DefaultHost
+	}
+
+	if len(port) == 0 {
+		port = DefaultPort
+	}
+
+	// Only IP6 host can contain a colon
+	if strings.Contains(host, ":") {
+		return "[" + host + "]:" + port
+	}
+
+	return host + ":" + port
+}
+
+// Start will start a long running go routine to capture
+// client side metrics. Calling start multiple time will only
+// start the metric listener once and will panic if a different
+// client ID or port is passed in.
+//
+//		r, err := csm.Start("clientID", "127.0.0.1:31000")
+//		if err != nil {
+//			panic(fmt.Errorf("expected no error, but received %v", err))
+//		}
+//		sess := session.NewSession()
+//		r.InjectHandlers(sess.Handlers)
+//
+//		svc := s3.New(sess)
+//		out, err := svc.GetObject(&s3.GetObjectInput{
+//			Bucket: aws.String("bucket"),
+//			Key: aws.String("key"),
+//		})
+func Start(clientID string, url string) (*Reporter, error) {
+	lock.Lock()
+	defer lock.Unlock()
+
+	if sender == nil {
+		sender = newReporter(clientID, url)
+	} else {
+		if sender.clientID != clientID {
+			panic(fmt.Errorf("inconsistent client IDs. %q was expected, but received %q", sender.clientID, clientID))
+		}
+
+		if sender.url != url {
+			panic(fmt.Errorf("inconsistent URLs. %q was expected, but received %q", sender.url, url))
+		}
+	}
+
+	if err := connect(url); err != nil {
+		sender = nil
+		return nil, err
+	}
+
+	return sender, nil
+}
+
+// Get will return a reporter if one exists, if one does not exist, nil will
+// be returned.
+func Get() *Reporter {
+	lock.Lock()
+	defer lock.Unlock()
+
+	return sender
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/csm/metric.go b/vendor/github.com/aws/aws-sdk-go/aws/csm/metric.go
new file mode 100644
index 000000000..5bacc791a
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/csm/metric.go
@@ -0,0 +1,109 @@
+package csm
+
+import (
+	"strconv"
+	"time"
+
+	"github.com/aws/aws-sdk-go/aws"
+)
+
+type metricTime time.Time
+
+func (t metricTime) MarshalJSON() ([]byte, error) {
+	ns := time.Duration(time.Time(t).UnixNano())
+	return []byte(strconv.FormatInt(int64(ns/time.Millisecond), 10)), nil
+}
+
+type metric struct {
+	ClientID  *string     `json:"ClientId,omitempty"`
+	API       *string     `json:"Api,omitempty"`
+	Service   *string     `json:"Service,omitempty"`
+	Timestamp *metricTime `json:"Timestamp,omitempty"`
+	Type      *string     `json:"Type,omitempty"`
+	Version   *int        `json:"Version,omitempty"`
+
+	AttemptCount *int `json:"AttemptCount,omitempty"`
+	Latency      *int `json:"Latency,omitempty"`
+
+	Fqdn           *string `json:"Fqdn,omitempty"`
+	UserAgent      *string `json:"UserAgent,omitempty"`
+	AttemptLatency *int    `json:"AttemptLatency,omitempty"`
+
+	SessionToken   *string `json:"SessionToken,omitempty"`
+	Region         *string `json:"Region,omitempty"`
+	AccessKey      *string `json:"AccessKey,omitempty"`
+	HTTPStatusCode *int    `json:"HttpStatusCode,omitempty"`
+	XAmzID2        *string `json:"XAmzId2,omitempty"`
+	XAmzRequestID  *string `json:"XAmznRequestId,omitempty"`
+
+	AWSException        *string `json:"AwsException,omitempty"`
+	AWSExceptionMessage *string `json:"AwsExceptionMessage,omitempty"`
+	SDKException        *string `json:"SdkException,omitempty"`
+	SDKExceptionMessage *string `json:"SdkExceptionMessage,omitempty"`
+
+	FinalHTTPStatusCode      *int    `json:"FinalHttpStatusCode,omitempty"`
+	FinalAWSException        *string `json:"FinalAwsException,omitempty"`
+	FinalAWSExceptionMessage *string `json:"FinalAwsExceptionMessage,omitempty"`
+	FinalSDKException        *string `json:"FinalSdkException,omitempty"`
+	FinalSDKExceptionMessage *string `json:"FinalSdkExceptionMessage,omitempty"`
+
+	DestinationIP    *string `json:"DestinationIp,omitempty"`
+	ConnectionReused *int    `json:"ConnectionReused,omitempty"`
+
+	AcquireConnectionLatency *int `json:"AcquireConnectionLatency,omitempty"`
+	ConnectLatency           *int `json:"ConnectLatency,omitempty"`
+	RequestLatency           *int `json:"RequestLatency,omitempty"`
+	DNSLatency               *int `json:"DnsLatency,omitempty"`
+	TCPLatency               *int `json:"TcpLatency,omitempty"`
+	SSLLatency               *int `json:"SslLatency,omitempty"`
+
+	MaxRetriesExceeded *int `json:"MaxRetriesExceeded,omitempty"`
+}
+
+func (m *metric) TruncateFields() {
+	m.ClientID = truncateString(m.ClientID, 255)
+	m.UserAgent = truncateString(m.UserAgent, 256)
+
+	m.AWSException = truncateString(m.AWSException, 128)
+	m.AWSExceptionMessage = truncateString(m.AWSExceptionMessage, 512)
+
+	m.SDKException = truncateString(m.SDKException, 128)
+	m.SDKExceptionMessage = truncateString(m.SDKExceptionMessage, 512)
+
+	m.FinalAWSException = truncateString(m.FinalAWSException, 128)
+	m.FinalAWSExceptionMessage = truncateString(m.FinalAWSExceptionMessage, 512)
+
+	m.FinalSDKException = truncateString(m.FinalSDKException, 128)
+	m.FinalSDKExceptionMessage = truncateString(m.FinalSDKExceptionMessage, 512)
+}
+
+func truncateString(v *string, l int) *string {
+	if v != nil && len(*v) > l {
+		nv := (*v)[:l]
+		return &nv
+	}
+
+	return v
+}
+
+func (m *metric) SetException(e metricException) {
+	switch te := e.(type) {
+	case awsException:
+		m.AWSException = aws.String(te.exception)
+		m.AWSExceptionMessage = aws.String(te.message)
+	case sdkException:
+		m.SDKException = aws.String(te.exception)
+		m.SDKExceptionMessage = aws.String(te.message)
+	}
+}
+
+func (m *metric) SetFinalException(e metricException) {
+	switch te := e.(type) {
+	case awsException:
+		m.FinalAWSException = aws.String(te.exception)
+		m.FinalAWSExceptionMessage = aws.String(te.message)
+	case sdkException:
+		m.FinalSDKException = aws.String(te.exception)
+		m.FinalSDKExceptionMessage = aws.String(te.message)
+	}
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/csm/metric_chan.go b/vendor/github.com/aws/aws-sdk-go/aws/csm/metric_chan.go
new file mode 100644
index 000000000..82a3e345e
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/csm/metric_chan.go
@@ -0,0 +1,55 @@
+package csm
+
+import (
+	"sync/atomic"
+)
+
+const (
+	runningEnum = iota
+	pausedEnum
+)
+
+var (
+	// MetricsChannelSize of metrics to hold in the channel
+	MetricsChannelSize = 100
+)
+
+type metricChan struct {
+	ch     chan metric
+	paused *int64
+}
+
+func newMetricChan(size int) metricChan {
+	return metricChan{
+		ch:     make(chan metric, size),
+		paused: new(int64),
+	}
+}
+
+func (ch *metricChan) Pause() {
+	atomic.StoreInt64(ch.paused, pausedEnum)
+}
+
+func (ch *metricChan) Continue() {
+	atomic.StoreInt64(ch.paused, runningEnum)
+}
+
+func (ch *metricChan) IsPaused() bool {
+	v := atomic.LoadInt64(ch.paused)
+	return v == pausedEnum
+}
+
+// Push will push metrics to the metric channel if the channel
+// is not paused
+func (ch *metricChan) Push(m metric) bool {
+	if ch.IsPaused() {
+		return false
+	}
+
+	select {
+	case ch.ch <- m:
+		return true
+	default:
+		return false
+	}
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/csm/metric_exception.go b/vendor/github.com/aws/aws-sdk-go/aws/csm/metric_exception.go
new file mode 100644
index 000000000..54a99280c
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/csm/metric_exception.go
@@ -0,0 +1,26 @@
+package csm
+
+type metricException interface {
+	Exception() string
+	Message() string
+}
+
+type requestException struct {
+	exception string
+	message   string
+}
+
+func (e requestException) Exception() string {
+	return e.exception
+}
+func (e requestException) Message() string {
+	return e.message
+}
+
+type awsException struct {
+	requestException
+}
+
+type sdkException struct {
+	requestException
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/csm/reporter.go b/vendor/github.com/aws/aws-sdk-go/aws/csm/reporter.go
new file mode 100644
index 000000000..835bcd49c
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/csm/reporter.go
@@ -0,0 +1,264 @@
+package csm
+
+import (
+	"encoding/json"
+	"net"
+	"time"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/awserr"
+	"github.com/aws/aws-sdk-go/aws/request"
+)
+
+// Reporter will gather metrics of API requests made and
+// send those metrics to the CSM endpoint.
+type Reporter struct {
+	clientID  string
+	url       string
+	conn      net.Conn
+	metricsCh metricChan
+	done      chan struct{}
+}
+
+var (
+	sender *Reporter
+)
+
+func connect(url string) error {
+	const network = "udp"
+	if err := sender.connect(network, url); err != nil {
+		return err
+	}
+
+	if sender.done == nil {
+		sender.done = make(chan struct{})
+		go sender.start()
+	}
+
+	return nil
+}
+
+func newReporter(clientID, url string) *Reporter {
+	return &Reporter{
+		clientID:  clientID,
+		url:       url,
+		metricsCh: newMetricChan(MetricsChannelSize),
+	}
+}
+
+func (rep *Reporter) sendAPICallAttemptMetric(r *request.Request) {
+	if rep == nil {
+		return
+	}
+
+	now := time.Now()
+	creds, _ := r.Config.Credentials.Get()
+
+	m := metric{
+		ClientID:  aws.String(rep.clientID),
+		API:       aws.String(r.Operation.Name),
+		Service:   aws.String(r.ClientInfo.ServiceID),
+		Timestamp: (*metricTime)(&now),
+		UserAgent: aws.String(r.HTTPRequest.Header.Get("User-Agent")),
+		Region:    r.Config.Region,
+		Type:      aws.String("ApiCallAttempt"),
+		Version:   aws.Int(1),
+
+		XAmzRequestID: aws.String(r.RequestID),
+
+		AttemptLatency: aws.Int(int(now.Sub(r.AttemptTime).Nanoseconds() / int64(time.Millisecond))),
+		AccessKey:      aws.String(creds.AccessKeyID),
+	}
+
+	if r.HTTPResponse != nil {
+		m.HTTPStatusCode = aws.Int(r.HTTPResponse.StatusCode)
+	}
+
+	if r.Error != nil {
+		if awserr, ok := r.Error.(awserr.Error); ok {
+			m.SetException(getMetricException(awserr))
+		}
+	}
+
+	m.TruncateFields()
+	rep.metricsCh.Push(m)
+}
+
+func getMetricException(err awserr.Error) metricException {
+	msg := err.Error()
+	code := err.Code()
+
+	switch code {
+	case request.ErrCodeRequestError,
+		request.ErrCodeSerialization,
+		request.CanceledErrorCode:
+		return sdkException{
+			requestException{exception: code, message: msg},
+		}
+	default:
+		return awsException{
+			requestException{exception: code, message: msg},
+		}
+	}
+}
+
+func (rep *Reporter) sendAPICallMetric(r *request.Request) {
+	if rep == nil {
+		return
+	}
+
+	now := time.Now()
+	m := metric{
+		ClientID:           aws.String(rep.clientID),
+		API:                aws.String(r.Operation.Name),
+		Service:            aws.String(r.ClientInfo.ServiceID),
+		Timestamp:          (*metricTime)(&now),
+		UserAgent:          aws.String(r.HTTPRequest.Header.Get("User-Agent")),
+		Type:               aws.String("ApiCall"),
+		AttemptCount:       aws.Int(r.RetryCount + 1),
+		Region:             r.Config.Region,
+		Latency:            aws.Int(int(time.Since(r.Time) / time.Millisecond)),
+		XAmzRequestID:      aws.String(r.RequestID),
+		MaxRetriesExceeded: aws.Int(boolIntValue(r.RetryCount >= r.MaxRetries())),
+	}
+
+	if r.HTTPResponse != nil {
+		m.FinalHTTPStatusCode = aws.Int(r.HTTPResponse.StatusCode)
+	}
+
+	if r.Error != nil {
+		if awserr, ok := r.Error.(awserr.Error); ok {
+			m.SetFinalException(getMetricException(awserr))
+		}
+	}
+
+	m.TruncateFields()
+
+	// TODO: Probably want to figure something out for logging dropped
+	// metrics
+	rep.metricsCh.Push(m)
+}
+
+func (rep *Reporter) connect(network, url string) error {
+	if rep.conn != nil {
+		rep.conn.Close()
+	}
+
+	conn, err := net.Dial(network, url)
+	if err != nil {
+		return awserr.New("UDPError", "Could not connect", err)
+	}
+
+	rep.conn = conn
+
+	return nil
+}
+
+func (rep *Reporter) close() {
+	if rep.done != nil {
+		close(rep.done)
+	}
+
+	rep.metricsCh.Pause()
+}
+
+func (rep *Reporter) start() {
+	defer func() {
+		rep.metricsCh.Pause()
+	}()
+
+	for {
+		select {
+		case <-rep.done:
+			rep.done = nil
+			return
+		case m := <-rep.metricsCh.ch:
+			// TODO: What to do with this error? Probably should just log
+			b, err := json.Marshal(m)
+			if err != nil {
+				continue
+			}
+
+			rep.conn.Write(b)
+		}
+	}
+}
+
+// Pause will pause the metric channel preventing any new metrics from being
+// added. It is safe to call concurrently with other calls to Pause, but if
+// called concurently with Continue can lead to unexpected state.
+func (rep *Reporter) Pause() {
+	lock.Lock()
+	defer lock.Unlock()
+
+	if rep == nil {
+		return
+	}
+
+	rep.close()
+}
+
+// Continue will reopen the metric channel and allow for monitoring to be
+// resumed. It is safe to call concurrently with other calls to Continue, but
+// if called concurently with Pause can lead to unexpected state.
+func (rep *Reporter) Continue() {
+	lock.Lock()
+	defer lock.Unlock()
+	if rep == nil {
+		return
+	}
+
+	if !rep.metricsCh.IsPaused() {
+		return
+	}
+
+	rep.metricsCh.Continue()
+}
+
+// Client side metric handler names
+const (
+	APICallMetricHandlerName        = "awscsm.SendAPICallMetric"
+	APICallAttemptMetricHandlerName = "awscsm.SendAPICallAttemptMetric"
+)
+
+// InjectHandlers will will enable client side metrics and inject the proper
+// handlers to handle how metrics are sent.
+//
+// InjectHandlers is NOT safe to call concurrently. Calling InjectHandlers
+// multiple times may lead to unexpected behavior, (e.g. duplicate metrics).
+//
+//		// Start must be called in order to inject the correct handlers
+//		r, err := csm.Start("clientID", "127.0.0.1:8094")
+//		if err != nil {
+//			panic(fmt.Errorf("expected no error, but received %v", err))
+//		}
+//
+//		sess := session.NewSession()
+//		r.InjectHandlers(&sess.Handlers)
+//
+//		// create a new service client with our client side metric session
+//		svc := s3.New(sess)
+func (rep *Reporter) InjectHandlers(handlers *request.Handlers) {
+	if rep == nil {
+		return
+	}
+
+	handlers.Complete.PushFrontNamed(request.NamedHandler{
+		Name: APICallMetricHandlerName,
+		Fn:   rep.sendAPICallMetric,
+	})
+
+	handlers.CompleteAttempt.PushFrontNamed(request.NamedHandler{
+		Name: APICallAttemptMetricHandlerName,
+		Fn:   rep.sendAPICallAttemptMetric,
+	})
+}
+
+// boolIntValue return 1 for true and 0 for false.
+func boolIntValue(b bool) int {
+	if b {
+		return 1
+	}
+
+	return 0
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/defaults/defaults.go b/vendor/github.com/aws/aws-sdk-go/aws/defaults/defaults.go
new file mode 100644
index 000000000..23bb639e0
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/defaults/defaults.go
@@ -0,0 +1,207 @@
+// Package defaults is a collection of helpers to retrieve the SDK's default
+// configuration and handlers.
+//
+// Generally this package shouldn't be used directly, but session.Session
+// instead. This package is useful when you need to reset the defaults
+// of a session or service client to the SDK defaults before setting
+// additional parameters.
+package defaults
+
+import (
+	"fmt"
+	"net"
+	"net/http"
+	"net/url"
+	"os"
+	"time"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/awserr"
+	"github.com/aws/aws-sdk-go/aws/corehandlers"
+	"github.com/aws/aws-sdk-go/aws/credentials"
+	"github.com/aws/aws-sdk-go/aws/credentials/ec2rolecreds"
+	"github.com/aws/aws-sdk-go/aws/credentials/endpointcreds"
+	"github.com/aws/aws-sdk-go/aws/ec2metadata"
+	"github.com/aws/aws-sdk-go/aws/endpoints"
+	"github.com/aws/aws-sdk-go/aws/request"
+	"github.com/aws/aws-sdk-go/internal/shareddefaults"
+)
+
+// A Defaults provides a collection of default values for SDK clients.
+type Defaults struct {
+	Config   *aws.Config
+	Handlers request.Handlers
+}
+
+// Get returns the SDK's default values with Config and handlers pre-configured.
+func Get() Defaults {
+	cfg := Config()
+	handlers := Handlers()
+	cfg.Credentials = CredChain(cfg, handlers)
+
+	return Defaults{
+		Config:   cfg,
+		Handlers: handlers,
+	}
+}
+
+// Config returns the default configuration without credentials.
+// To retrieve a config with credentials also included use
+// `defaults.Get().Config` instead.
+//
+// Generally you shouldn't need to use this method directly, but
+// is available if you need to reset the configuration of an
+// existing service client or session.
+func Config() *aws.Config {
+	return aws.NewConfig().
+		WithCredentials(credentials.AnonymousCredentials).
+		WithRegion(os.Getenv("AWS_REGION")).
+		WithHTTPClient(http.DefaultClient).
+		WithMaxRetries(aws.UseServiceDefaultRetries).
+		WithLogger(aws.NewDefaultLogger()).
+		WithLogLevel(aws.LogOff).
+		WithEndpointResolver(endpoints.DefaultResolver())
+}
+
+// Handlers returns the default request handlers.
+//
+// Generally you shouldn't need to use this method directly, but
+// is available if you need to reset the request handlers of an
+// existing service client or session.
+func Handlers() request.Handlers {
+	var handlers request.Handlers
+
+	handlers.Validate.PushBackNamed(corehandlers.ValidateEndpointHandler)
+	handlers.Validate.AfterEachFn = request.HandlerListStopOnError
+	handlers.Build.PushBackNamed(corehandlers.SDKVersionUserAgentHandler)
+	handlers.Build.PushBackNamed(corehandlers.AddHostExecEnvUserAgentHander)
+	handlers.Build.AfterEachFn = request.HandlerListStopOnError
+	handlers.Sign.PushBackNamed(corehandlers.BuildContentLengthHandler)
+	handlers.Send.PushBackNamed(corehandlers.ValidateReqSigHandler)
+	handlers.Send.PushBackNamed(corehandlers.SendHandler)
+	handlers.AfterRetry.PushBackNamed(corehandlers.AfterRetryHandler)
+	handlers.ValidateResponse.PushBackNamed(corehandlers.ValidateResponseHandler)
+
+	return handlers
+}
+
+// CredChain returns the default credential chain.
+//
+// Generally you shouldn't need to use this method directly, but
+// is available if you need to reset the credentials of an
+// existing service client or session's Config.
+func CredChain(cfg *aws.Config, handlers request.Handlers) *credentials.Credentials {
+	return credentials.NewCredentials(&credentials.ChainProvider{
+		VerboseErrors: aws.BoolValue(cfg.CredentialsChainVerboseErrors),
+		Providers:     CredProviders(cfg, handlers),
+	})
+}
+
+// CredProviders returns the slice of providers used in
+// the default credential chain.
+//
+// For applications that need to use some other provider (for example use
+// different  environment variables for legacy reasons) but still fall back
+// on the default chain of providers. This allows that default chaint to be
+// automatically updated
+func CredProviders(cfg *aws.Config, handlers request.Handlers) []credentials.Provider {
+	return []credentials.Provider{
+		&credentials.EnvProvider{},
+		&credentials.SharedCredentialsProvider{Filename: "", Profile: ""},
+		RemoteCredProvider(*cfg, handlers),
+	}
+}
+
+const (
+	httpProviderAuthorizationEnvVar = "AWS_CONTAINER_AUTHORIZATION_TOKEN"
+	httpProviderEnvVar              = "AWS_CONTAINER_CREDENTIALS_FULL_URI"
+)
+
+// RemoteCredProvider returns a credentials provider for the default remote
+// endpoints such as EC2 or ECS Roles.
+func RemoteCredProvider(cfg aws.Config, handlers request.Handlers) credentials.Provider {
+	if u := os.Getenv(httpProviderEnvVar); len(u) > 0 {
+		return localHTTPCredProvider(cfg, handlers, u)
+	}
+
+	if uri := os.Getenv(shareddefaults.ECSCredsProviderEnvVar); len(uri) > 0 {
+		u := fmt.Sprintf("%s%s", shareddefaults.ECSContainerCredentialsURI, uri)
+		return httpCredProvider(cfg, handlers, u)
+	}
+
+	return ec2RoleProvider(cfg, handlers)
+}
+
+var lookupHostFn = net.LookupHost
+
+func isLoopbackHost(host string) (bool, error) {
+	ip := net.ParseIP(host)
+	if ip != nil {
+		return ip.IsLoopback(), nil
+	}
+
+	// Host is not an ip, perform lookup
+	addrs, err := lookupHostFn(host)
+	if err != nil {
+		return false, err
+	}
+	for _, addr := range addrs {
+		if !net.ParseIP(addr).IsLoopback() {
+			return false, nil
+		}
+	}
+
+	return true, nil
+}
+
+func localHTTPCredProvider(cfg aws.Config, handlers request.Handlers, u string) credentials.Provider {
+	var errMsg string
+
+	parsed, err := url.Parse(u)
+	if err != nil {
+		errMsg = fmt.Sprintf("invalid URL, %v", err)
+	} else {
+		host := aws.URLHostname(parsed)
+		if len(host) == 0 {
+			errMsg = "unable to parse host from local HTTP cred provider URL"
+		} else if isLoopback, loopbackErr := isLoopbackHost(host); loopbackErr != nil {
+			errMsg = fmt.Sprintf("failed to resolve host %q, %v", host, loopbackErr)
+		} else if !isLoopback {
+			errMsg = fmt.Sprintf("invalid endpoint host, %q, only loopback hosts are allowed.", host)
+		}
+	}
+
+	if len(errMsg) > 0 {
+		if cfg.Logger != nil {
+			cfg.Logger.Log("Ignoring, HTTP credential provider", errMsg, err)
+		}
+		return credentials.ErrorProvider{
+			Err:          awserr.New("CredentialsEndpointError", errMsg, err),
+			ProviderName: endpointcreds.ProviderName,
+		}
+	}
+
+	return httpCredProvider(cfg, handlers, u)
+}
+
+func httpCredProvider(cfg aws.Config, handlers request.Handlers, u string) credentials.Provider {
+	return endpointcreds.NewProviderClient(cfg, handlers, u,
+		func(p *endpointcreds.Provider) {
+			p.ExpiryWindow = 5 * time.Minute
+			p.AuthorizationToken = os.Getenv(httpProviderAuthorizationEnvVar)
+		},
+	)
+}
+
+func ec2RoleProvider(cfg aws.Config, handlers request.Handlers) credentials.Provider {
+	resolver := cfg.EndpointResolver
+	if resolver == nil {
+		resolver = endpoints.DefaultResolver()
+	}
+
+	e, _ := resolver.EndpointFor(endpoints.Ec2metadataServiceID, "")
+	return &ec2rolecreds.EC2RoleProvider{
+		Client:       ec2metadata.NewClient(cfg, handlers, e.URL, e.SigningRegion),
+		ExpiryWindow: 5 * time.Minute,
+	}
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/defaults/shared_config.go b/vendor/github.com/aws/aws-sdk-go/aws/defaults/shared_config.go
new file mode 100644
index 000000000..ca0ee1dcc
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/defaults/shared_config.go
@@ -0,0 +1,27 @@
+package defaults
+
+import (
+	"github.com/aws/aws-sdk-go/internal/shareddefaults"
+)
+
+// SharedCredentialsFilename returns the SDK's default file path
+// for the shared credentials file.
+//
+// Builds the shared config file path based on the OS's platform.
+//
+//   - Linux/Unix: $HOME/.aws/credentials
+//   - Windows: %USERPROFILE%\.aws\credentials
+func SharedCredentialsFilename() string {
+	return shareddefaults.SharedCredentialsFilename()
+}
+
+// SharedConfigFilename returns the SDK's default file path for
+// the shared config file.
+//
+// Builds the shared config file path based on the OS's platform.
+//
+//   - Linux/Unix: $HOME/.aws/config
+//   - Windows: %USERPROFILE%\.aws\config
+func SharedConfigFilename() string {
+	return shareddefaults.SharedConfigFilename()
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/doc.go b/vendor/github.com/aws/aws-sdk-go/aws/doc.go
new file mode 100644
index 000000000..4fcb61618
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/doc.go
@@ -0,0 +1,56 @@
+// Package aws provides the core SDK's utilities and shared types. Use this package's
+// utilities to simplify setting and reading API operations parameters.
+//
+// Value and Pointer Conversion Utilities
+//
+// This package includes a helper conversion utility for each scalar type the SDK's
+// API use. These utilities make getting a pointer of the scalar, and dereferencing
+// a pointer easier.
+//
+// Each conversion utility comes in two forms. Value to Pointer and Pointer to Value.
+// The Pointer to value will safely dereference the pointer and return its value.
+// If the pointer was nil, the scalar's zero value will be returned.
+//
+// The value to pointer functions will be named after the scalar type. So get a
+// *string from a string value use the "String" function. This makes it easy to
+// to get pointer of a literal string value, because getting the address of a
+// literal requires assigning the value to a variable first.
+//
+//    var strPtr *string
+//
+//    // Without the SDK's conversion functions
+//    str := "my string"
+//    strPtr = &str
+//
+//    // With the SDK's conversion functions
+//    strPtr = aws.String("my string")
+//
+//    // Convert *string to string value
+//    str = aws.StringValue(strPtr)
+//
+// In addition to scalars the aws package also includes conversion utilities for
+// map and slice for commonly types used in API parameters. The map and slice
+// conversion functions use similar naming pattern as the scalar conversion
+// functions.
+//
+//    var strPtrs []*string
+//    var strs []string = []string{"Go", "Gophers", "Go"}
+//
+//    // Convert []string to []*string
+//    strPtrs = aws.StringSlice(strs)
+//
+//    // Convert []*string to []string
+//    strs = aws.StringValueSlice(strPtrs)
+//
+// SDK Default HTTP Client
+//
+// The SDK will use the http.DefaultClient if a HTTP client is not provided to
+// the SDK's Session, or service client constructor. This means that if the
+// http.DefaultClient is modified by other components of your application the
+// modifications will be picked up by the SDK as well.
+//
+// In some cases this might be intended, but it is a better practice to create
+// a custom HTTP Client to share explicitly through your application. You can
+// configure the SDK to use the custom HTTP Client by setting the HTTPClient
+// value of the SDK's Config type when creating a Session or service client.
+package aws
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/api.go b/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/api.go
new file mode 100644
index 000000000..69fa63dc0
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/api.go
@@ -0,0 +1,250 @@
+package ec2metadata
+
+import (
+	"encoding/json"
+	"fmt"
+	"net/http"
+	"strconv"
+	"strings"
+	"time"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/awserr"
+	"github.com/aws/aws-sdk-go/aws/request"
+	"github.com/aws/aws-sdk-go/internal/sdkuri"
+)
+
+// getToken uses the duration to return a token for EC2 metadata service,
+// or an error if the request failed.
+func (c *EC2Metadata) getToken(ctx aws.Context, duration time.Duration) (tokenOutput, error) {
+	op := &request.Operation{
+		Name:       "GetToken",
+		HTTPMethod: "PUT",
+		HTTPPath:   "/latest/api/token",
+	}
+
+	var output tokenOutput
+	req := c.NewRequest(op, nil, &output)
+	req.SetContext(ctx)
+
+	// remove the fetch token handler from the request handlers to avoid infinite recursion
+	req.Handlers.Sign.RemoveByName(fetchTokenHandlerName)
+
+	// Swap the unmarshalMetadataHandler with unmarshalTokenHandler on this request.
+	req.Handlers.Unmarshal.Swap(unmarshalMetadataHandlerName, unmarshalTokenHandler)
+
+	ttl := strconv.FormatInt(int64(duration/time.Second), 10)
+	req.HTTPRequest.Header.Set(ttlHeader, ttl)
+
+	err := req.Send()
+
+	// Errors with bad request status should be returned.
+	if err != nil {
+		err = awserr.NewRequestFailure(
+			awserr.New(req.HTTPResponse.Status, http.StatusText(req.HTTPResponse.StatusCode), err),
+			req.HTTPResponse.StatusCode, req.RequestID)
+	}
+
+	return output, err
+}
+
+// GetMetadata uses the path provided to request information from the EC2
+// instance metadata service. The content will be returned as a string, or
+// error if the request failed.
+func (c *EC2Metadata) GetMetadata(p string) (string, error) {
+	return c.GetMetadataWithContext(aws.BackgroundContext(), p)
+}
+
+// GetMetadataWithContext uses the path provided to request information from the EC2
+// instance metadata service. The content will be returned as a string, or
+// error if the request failed.
+func (c *EC2Metadata) GetMetadataWithContext(ctx aws.Context, p string) (string, error) {
+	op := &request.Operation{
+		Name:       "GetMetadata",
+		HTTPMethod: "GET",
+		HTTPPath:   sdkuri.PathJoin("/latest/meta-data", p),
+	}
+	output := &metadataOutput{}
+
+	req := c.NewRequest(op, nil, output)
+
+	req.SetContext(ctx)
+
+	err := req.Send()
+	return output.Content, err
+}
+
+// GetUserData returns the userdata that was configured for the service. If
+// there is no user-data setup for the EC2 instance a "NotFoundError" error
+// code will be returned.
+func (c *EC2Metadata) GetUserData() (string, error) {
+	return c.GetUserDataWithContext(aws.BackgroundContext())
+}
+
+// GetUserDataWithContext returns the userdata that was configured for the service. If
+// there is no user-data setup for the EC2 instance a "NotFoundError" error
+// code will be returned.
+func (c *EC2Metadata) GetUserDataWithContext(ctx aws.Context) (string, error) {
+	op := &request.Operation{
+		Name:       "GetUserData",
+		HTTPMethod: "GET",
+		HTTPPath:   "/latest/user-data",
+	}
+
+	output := &metadataOutput{}
+	req := c.NewRequest(op, nil, output)
+	req.SetContext(ctx)
+
+	err := req.Send()
+	return output.Content, err
+}
+
+// GetDynamicData uses the path provided to request information from the EC2
+// instance metadata service for dynamic data. The content will be returned
+// as a string, or error if the request failed.
+func (c *EC2Metadata) GetDynamicData(p string) (string, error) {
+	return c.GetDynamicDataWithContext(aws.BackgroundContext(), p)
+}
+
+// GetDynamicDataWithContext uses the path provided to request information from the EC2
+// instance metadata service for dynamic data. The content will be returned
+// as a string, or error if the request failed.
+func (c *EC2Metadata) GetDynamicDataWithContext(ctx aws.Context, p string) (string, error) {
+	op := &request.Operation{
+		Name:       "GetDynamicData",
+		HTTPMethod: "GET",
+		HTTPPath:   sdkuri.PathJoin("/latest/dynamic", p),
+	}
+
+	output := &metadataOutput{}
+	req := c.NewRequest(op, nil, output)
+	req.SetContext(ctx)
+
+	err := req.Send()
+	return output.Content, err
+}
+
+// GetInstanceIdentityDocument retrieves an identity document describing an
+// instance. Error is returned if the request fails or is unable to parse
+// the response.
+func (c *EC2Metadata) GetInstanceIdentityDocument() (EC2InstanceIdentityDocument, error) {
+	return c.GetInstanceIdentityDocumentWithContext(aws.BackgroundContext())
+}
+
+// GetInstanceIdentityDocumentWithContext retrieves an identity document describing an
+// instance. Error is returned if the request fails or is unable to parse
+// the response.
+func (c *EC2Metadata) GetInstanceIdentityDocumentWithContext(ctx aws.Context) (EC2InstanceIdentityDocument, error) {
+	resp, err := c.GetDynamicDataWithContext(ctx, "instance-identity/document")
+	if err != nil {
+		return EC2InstanceIdentityDocument{},
+			awserr.New("EC2MetadataRequestError",
+				"failed to get EC2 instance identity document", err)
+	}
+
+	doc := EC2InstanceIdentityDocument{}
+	if err := json.NewDecoder(strings.NewReader(resp)).Decode(&doc); err != nil {
+		return EC2InstanceIdentityDocument{},
+			awserr.New(request.ErrCodeSerialization,
+				"failed to decode EC2 instance identity document", err)
+	}
+
+	return doc, nil
+}
+
+// IAMInfo retrieves IAM info from the metadata API
+func (c *EC2Metadata) IAMInfo() (EC2IAMInfo, error) {
+	return c.IAMInfoWithContext(aws.BackgroundContext())
+}
+
+// IAMInfoWithContext retrieves IAM info from the metadata API
+func (c *EC2Metadata) IAMInfoWithContext(ctx aws.Context) (EC2IAMInfo, error) {
+	resp, err := c.GetMetadataWithContext(ctx, "iam/info")
+	if err != nil {
+		return EC2IAMInfo{},
+			awserr.New("EC2MetadataRequestError",
+				"failed to get EC2 IAM info", err)
+	}
+
+	info := EC2IAMInfo{}
+	if err := json.NewDecoder(strings.NewReader(resp)).Decode(&info); err != nil {
+		return EC2IAMInfo{},
+			awserr.New(request.ErrCodeSerialization,
+				"failed to decode EC2 IAM info", err)
+	}
+
+	if info.Code != "Success" {
+		errMsg := fmt.Sprintf("failed to get EC2 IAM Info (%s)", info.Code)
+		return EC2IAMInfo{},
+			awserr.New("EC2MetadataError", errMsg, nil)
+	}
+
+	return info, nil
+}
+
+// Region returns the region the instance is running in.
+func (c *EC2Metadata) Region() (string, error) {
+	return c.RegionWithContext(aws.BackgroundContext())
+}
+
+// RegionWithContext returns the region the instance is running in.
+func (c *EC2Metadata) RegionWithContext(ctx aws.Context) (string, error) {
+	ec2InstanceIdentityDocument, err := c.GetInstanceIdentityDocumentWithContext(ctx)
+	if err != nil {
+		return "", err
+	}
+	// extract region from the ec2InstanceIdentityDocument
+	region := ec2InstanceIdentityDocument.Region
+	if len(region) == 0 {
+		return "", awserr.New("EC2MetadataError", "invalid region received for ec2metadata instance", nil)
+	}
+	// returns region
+	return region, nil
+}
+
+// Available returns if the application has access to the EC2 Metadata service.
+// Can be used to determine if application is running within an EC2 Instance and
+// the metadata service is available.
+func (c *EC2Metadata) Available() bool {
+	return c.AvailableWithContext(aws.BackgroundContext())
+}
+
+// AvailableWithContext returns if the application has access to the EC2 Metadata service.
+// Can be used to determine if application is running within an EC2 Instance and
+// the metadata service is available.
+func (c *EC2Metadata) AvailableWithContext(ctx aws.Context) bool {
+	if _, err := c.GetMetadataWithContext(ctx, "instance-id"); err != nil {
+		return false
+	}
+
+	return true
+}
+
+// An EC2IAMInfo provides the shape for unmarshaling
+// an IAM info from the metadata API
+type EC2IAMInfo struct {
+	Code               string
+	LastUpdated        time.Time
+	InstanceProfileArn string
+	InstanceProfileID  string
+}
+
+// An EC2InstanceIdentityDocument provides the shape for unmarshaling
+// an instance identity document
+type EC2InstanceIdentityDocument struct {
+	DevpayProductCodes      []string  `json:"devpayProductCodes"`
+	MarketplaceProductCodes []string  `json:"marketplaceProductCodes"`
+	AvailabilityZone        string    `json:"availabilityZone"`
+	PrivateIP               string    `json:"privateIp"`
+	Version                 string    `json:"version"`
+	Region                  string    `json:"region"`
+	InstanceID              string    `json:"instanceId"`
+	BillingProducts         []string  `json:"billingProducts"`
+	InstanceType            string    `json:"instanceType"`
+	AccountID               string    `json:"accountId"`
+	PendingTime             time.Time `json:"pendingTime"`
+	ImageID                 string    `json:"imageId"`
+	KernelID                string    `json:"kernelId"`
+	RamdiskID               string    `json:"ramdiskId"`
+	Architecture            string    `json:"architecture"`
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/service.go b/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/service.go
new file mode 100644
index 000000000..f4cc8751d
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/service.go
@@ -0,0 +1,245 @@
+// Package ec2metadata provides the client for making API calls to the
+// EC2 Metadata service.
+//
+// This package's client can be disabled completely by setting the environment
+// variable "AWS_EC2_METADATA_DISABLED=true". This environment variable set to
+// true instructs the SDK to disable the EC2 Metadata client. The client cannot
+// be used while the environment variable is set to true, (case insensitive).
+//
+// The endpoint of the EC2 IMDS client can be configured via the environment
+// variable, AWS_EC2_METADATA_SERVICE_ENDPOINT when creating the client with a
+// Session. See aws/session#Options.EC2IMDSEndpoint for more details.
+package ec2metadata
+
+import (
+	"bytes"
+	"io"
+	"net/http"
+	"net/url"
+	"os"
+	"strconv"
+	"strings"
+	"time"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/awserr"
+	"github.com/aws/aws-sdk-go/aws/client"
+	"github.com/aws/aws-sdk-go/aws/client/metadata"
+	"github.com/aws/aws-sdk-go/aws/corehandlers"
+	"github.com/aws/aws-sdk-go/aws/request"
+)
+
+const (
+	// ServiceName is the name of the service.
+	ServiceName          = "ec2metadata"
+	disableServiceEnvVar = "AWS_EC2_METADATA_DISABLED"
+
+	// Headers for Token and TTL
+	ttlHeader   = "x-aws-ec2-metadata-token-ttl-seconds"
+	tokenHeader = "x-aws-ec2-metadata-token"
+
+	// Named Handler constants
+	fetchTokenHandlerName          = "FetchTokenHandler"
+	unmarshalMetadataHandlerName   = "unmarshalMetadataHandler"
+	unmarshalTokenHandlerName      = "unmarshalTokenHandler"
+	enableTokenProviderHandlerName = "enableTokenProviderHandler"
+
+	// TTL constants
+	defaultTTL          = 21600 * time.Second
+	ttlExpirationWindow = 30 * time.Second
+)
+
+// A EC2Metadata is an EC2 Metadata service Client.
+type EC2Metadata struct {
+	*client.Client
+}
+
+// New creates a new instance of the EC2Metadata client with a session.
+// This client is safe to use across multiple goroutines.
+//
+// Example:
+//
+//	// Create a EC2Metadata client from just a session.
+//	svc := ec2metadata.New(mySession)
+//
+//	// Create a EC2Metadata client with additional configuration
+//	svc := ec2metadata.New(mySession, aws.NewConfig().WithLogLevel(aws.LogDebugHTTPBody))
+func New(p client.ConfigProvider, cfgs ...*aws.Config) *EC2Metadata {
+	c := p.ClientConfig(ServiceName, cfgs...)
+	return NewClient(*c.Config, c.Handlers, c.Endpoint, c.SigningRegion)
+}
+
+// NewClient returns a new EC2Metadata client. Should be used to create
+// a client when not using a session. Generally using just New with a session
+// is preferred.
+//
+// Will remove the URL path from the endpoint provided to ensure the EC2 IMDS
+// client is able to communicate with the EC2 IMDS API.
+//
+// If an unmodified HTTP client is provided from the stdlib default, or no client
+// the EC2RoleProvider's EC2Metadata HTTP client's timeout will be shortened.
+// To disable this set Config.EC2MetadataDisableTimeoutOverride to false. Enabled by default.
+func NewClient(cfg aws.Config, handlers request.Handlers, endpoint, signingRegion string, opts ...func(*client.Client)) *EC2Metadata {
+	if !aws.BoolValue(cfg.EC2MetadataDisableTimeoutOverride) && httpClientZero(cfg.HTTPClient) {
+		// If the http client is unmodified and this feature is not disabled
+		// set custom timeouts for EC2Metadata requests.
+		cfg.HTTPClient = &http.Client{
+			// use a shorter timeout than default because the metadata
+			// service is local if it is running, and to fail faster
+			// if not running on an ec2 instance.
+			Timeout: 1 * time.Second,
+		}
+		// max number of retries on the client operation
+		cfg.MaxRetries = aws.Int(2)
+	}
+
+	if u, err := url.Parse(endpoint); err == nil {
+		// Remove path from the endpoint since it will be added by requests.
+		// This is an artifact of the SDK adding `/latest` to the endpoint for
+		// EC2 IMDS, but this is now moved to the operation definition.
+		u.Path = ""
+		u.RawPath = ""
+		endpoint = u.String()
+	}
+
+	svc := &EC2Metadata{
+		Client: client.New(
+			cfg,
+			metadata.ClientInfo{
+				ServiceName: ServiceName,
+				ServiceID:   ServiceName,
+				Endpoint:    endpoint,
+				APIVersion:  "latest",
+			},
+			handlers,
+		),
+	}
+
+	// token provider instance
+	tp := newTokenProvider(svc, defaultTTL)
+
+	// NamedHandler for fetching token
+	svc.Handlers.Sign.PushBackNamed(request.NamedHandler{
+		Name: fetchTokenHandlerName,
+		Fn:   tp.fetchTokenHandler,
+	})
+	// NamedHandler for enabling token provider
+	svc.Handlers.Complete.PushBackNamed(request.NamedHandler{
+		Name: enableTokenProviderHandlerName,
+		Fn:   tp.enableTokenProviderHandler,
+	})
+
+	svc.Handlers.Unmarshal.PushBackNamed(unmarshalHandler)
+	svc.Handlers.UnmarshalError.PushBack(unmarshalError)
+	svc.Handlers.Validate.Clear()
+	svc.Handlers.Validate.PushBack(validateEndpointHandler)
+
+	// Disable the EC2 Metadata service if the environment variable is set.
+	// This short-circuits the service's functionality to always fail to send
+	// requests.
+	if strings.ToLower(os.Getenv(disableServiceEnvVar)) == "true" {
+		svc.Handlers.Send.SwapNamed(request.NamedHandler{
+			Name: corehandlers.SendHandler.Name,
+			Fn: func(r *request.Request) {
+				r.HTTPResponse = &http.Response{
+					Header: http.Header{},
+				}
+				r.Error = awserr.New(
+					request.CanceledErrorCode,
+					"EC2 IMDS access disabled via "+disableServiceEnvVar+" env var",
+					nil)
+			},
+		})
+	}
+
+	// Add additional options to the service config
+	for _, option := range opts {
+		option(svc.Client)
+	}
+	return svc
+}
+
+func httpClientZero(c *http.Client) bool {
+	return c == nil || (c.Transport == nil && c.CheckRedirect == nil && c.Jar == nil && c.Timeout == 0)
+}
+
+type metadataOutput struct {
+	Content string
+}
+
+type tokenOutput struct {
+	Token string
+	TTL   time.Duration
+}
+
+// unmarshal token handler is used to parse the response of a getToken operation
+var unmarshalTokenHandler = request.NamedHandler{
+	Name: unmarshalTokenHandlerName,
+	Fn: func(r *request.Request) {
+		defer r.HTTPResponse.Body.Close()
+		var b bytes.Buffer
+		if _, err := io.Copy(&b, r.HTTPResponse.Body); err != nil {
+			r.Error = awserr.NewRequestFailure(awserr.New(request.ErrCodeSerialization,
+				"unable to unmarshal EC2 metadata response", err), r.HTTPResponse.StatusCode, r.RequestID)
+			return
+		}
+
+		v := r.HTTPResponse.Header.Get(ttlHeader)
+		data, ok := r.Data.(*tokenOutput)
+		if !ok {
+			return
+		}
+
+		data.Token = b.String()
+		// TTL is in seconds
+		i, err := strconv.ParseInt(v, 10, 64)
+		if err != nil {
+			r.Error = awserr.NewRequestFailure(awserr.New(request.ParamFormatErrCode,
+				"unable to parse EC2 token TTL response", err), r.HTTPResponse.StatusCode, r.RequestID)
+			return
+		}
+		t := time.Duration(i) * time.Second
+		data.TTL = t
+	},
+}
+
+var unmarshalHandler = request.NamedHandler{
+	Name: unmarshalMetadataHandlerName,
+	Fn: func(r *request.Request) {
+		defer r.HTTPResponse.Body.Close()
+		var b bytes.Buffer
+		if _, err := io.Copy(&b, r.HTTPResponse.Body); err != nil {
+			r.Error = awserr.NewRequestFailure(awserr.New(request.ErrCodeSerialization,
+				"unable to unmarshal EC2 metadata response", err), r.HTTPResponse.StatusCode, r.RequestID)
+			return
+		}
+
+		if data, ok := r.Data.(*metadataOutput); ok {
+			data.Content = b.String()
+		}
+	},
+}
+
+func unmarshalError(r *request.Request) {
+	defer r.HTTPResponse.Body.Close()
+	var b bytes.Buffer
+
+	if _, err := io.Copy(&b, r.HTTPResponse.Body); err != nil {
+		r.Error = awserr.NewRequestFailure(
+			awserr.New(request.ErrCodeSerialization, "unable to unmarshal EC2 metadata error response", err),
+			r.HTTPResponse.StatusCode, r.RequestID)
+		return
+	}
+
+	// Response body format is not consistent between metadata endpoints.
+	// Grab the error message as a string and include that as the source error
+	r.Error = awserr.NewRequestFailure(
+		awserr.New("EC2MetadataError", "failed to make EC2Metadata request\n"+b.String(), nil),
+		r.HTTPResponse.StatusCode, r.RequestID)
+}
+
+func validateEndpointHandler(r *request.Request) {
+	if r.ClientInfo.Endpoint == "" {
+		r.Error = aws.ErrMissingEndpoint
+	}
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/token_provider.go b/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/token_provider.go
new file mode 100644
index 000000000..604aeffde
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/token_provider.go
@@ -0,0 +1,96 @@
+package ec2metadata
+
+import (
+	"fmt"
+	"net/http"
+	"sync/atomic"
+	"time"
+
+	"github.com/aws/aws-sdk-go/aws/awserr"
+	"github.com/aws/aws-sdk-go/aws/credentials"
+	"github.com/aws/aws-sdk-go/aws/request"
+)
+
+// A tokenProvider struct provides access to EC2Metadata client
+// and atomic instance of a token, along with configuredTTL for it.
+// tokenProvider also provides an atomic flag to disable the
+// fetch token operation.
+// The disabled member will use 0 as false, and 1 as true.
+type tokenProvider struct {
+	client        *EC2Metadata
+	token         atomic.Value
+	configuredTTL time.Duration
+	disabled      uint32
+}
+
+// A ec2Token struct helps use of token in EC2 Metadata service ops
+type ec2Token struct {
+	token string
+	credentials.Expiry
+}
+
+// newTokenProvider provides a pointer to a tokenProvider instance
+func newTokenProvider(c *EC2Metadata, duration time.Duration) *tokenProvider {
+	return &tokenProvider{client: c, configuredTTL: duration}
+}
+
+// check if fallback is enabled
+func (t *tokenProvider) fallbackEnabled() bool {
+	return t.client.Config.EC2MetadataEnableFallback == nil || *t.client.Config.EC2MetadataEnableFallback
+}
+
+// fetchTokenHandler fetches token for EC2Metadata service client by default.
+func (t *tokenProvider) fetchTokenHandler(r *request.Request) {
+	// short-circuits to insecure data flow if tokenProvider is disabled.
+	if v := atomic.LoadUint32(&t.disabled); v == 1 && t.fallbackEnabled() {
+		return
+	}
+
+	if ec2Token, ok := t.token.Load().(ec2Token); ok && !ec2Token.IsExpired() {
+		r.HTTPRequest.Header.Set(tokenHeader, ec2Token.token)
+		return
+	}
+
+	output, err := t.client.getToken(r.Context(), t.configuredTTL)
+
+	if err != nil {
+		// only attempt fallback to insecure data flow if IMDSv1 is enabled
+		if !t.fallbackEnabled() {
+			r.Error = awserr.New("EC2MetadataError", "failed to get IMDSv2 token and fallback to IMDSv1 is disabled", err)
+			return
+		}
+
+		// change the disabled flag on token provider to true and fallback
+		if requestFailureError, ok := err.(awserr.RequestFailure); ok {
+			switch requestFailureError.StatusCode() {
+			case http.StatusForbidden, http.StatusNotFound, http.StatusMethodNotAllowed:
+				atomic.StoreUint32(&t.disabled, 1)
+				t.client.Config.Logger.Log(fmt.Sprintf("WARN: failed to get session token, falling back to IMDSv1: %v", requestFailureError))
+			case http.StatusBadRequest:
+				r.Error = requestFailureError
+			}
+		}
+		return
+	}
+
+	newToken := ec2Token{
+		token: output.Token,
+	}
+	newToken.SetExpiration(time.Now().Add(output.TTL), ttlExpirationWindow)
+	t.token.Store(newToken)
+
+	// Inject token header to the request.
+	if ec2Token, ok := t.token.Load().(ec2Token); ok {
+		r.HTTPRequest.Header.Set(tokenHeader, ec2Token.token)
+	}
+}
+
+// enableTokenProviderHandler enables the token provider
+func (t *tokenProvider) enableTokenProviderHandler(r *request.Request) {
+	// If the error code status is 401, we enable the token provider
+	if e, ok := r.Error.(awserr.RequestFailure); ok && e != nil &&
+		e.StatusCode() == http.StatusUnauthorized {
+		t.token.Store(ec2Token{})
+		atomic.StoreUint32(&t.disabled, 0)
+	}
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/decode.go b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/decode.go
new file mode 100644
index 000000000..cad3b9a48
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/decode.go
@@ -0,0 +1,193 @@
+package endpoints
+
+import (
+	"encoding/json"
+	"fmt"
+	"io"
+
+	"github.com/aws/aws-sdk-go/aws/awserr"
+)
+
+type modelDefinition map[string]json.RawMessage
+
+// A DecodeModelOptions are the options for how the endpoints model definition
+// are decoded.
+type DecodeModelOptions struct {
+	SkipCustomizations bool
+}
+
+// Set combines all of the option functions together.
+func (d *DecodeModelOptions) Set(optFns ...func(*DecodeModelOptions)) {
+	for _, fn := range optFns {
+		fn(d)
+	}
+}
+
+// DecodeModel unmarshals a Regions and Endpoint model definition file into
+// a endpoint Resolver. If the file format is not supported, or an error occurs
+// when unmarshaling the model an error will be returned.
+//
+// Casting the return value of this func to a EnumPartitions will
+// allow you to get a list of the partitions in the order the endpoints
+// will be resolved in.
+//
+//	resolver, err := endpoints.DecodeModel(reader)
+//
+//	partitions := resolver.(endpoints.EnumPartitions).Partitions()
+//	for _, p := range partitions {
+//	    // ... inspect partitions
+//	}
+func DecodeModel(r io.Reader, optFns ...func(*DecodeModelOptions)) (Resolver, error) {
+	var opts DecodeModelOptions
+	opts.Set(optFns...)
+
+	// Get the version of the partition file to determine what
+	// unmarshaling model to use.
+	modelDef := modelDefinition{}
+	if err := json.NewDecoder(r).Decode(&modelDef); err != nil {
+		return nil, newDecodeModelError("failed to decode endpoints model", err)
+	}
+
+	var version string
+	if b, ok := modelDef["version"]; ok {
+		version = string(b)
+	} else {
+		return nil, newDecodeModelError("endpoints version not found in model", nil)
+	}
+
+	if version == "3" {
+		return decodeV3Endpoints(modelDef, opts)
+	}
+
+	return nil, newDecodeModelError(
+		fmt.Sprintf("endpoints version %s, not supported", version), nil)
+}
+
+func decodeV3Endpoints(modelDef modelDefinition, opts DecodeModelOptions) (Resolver, error) {
+	b, ok := modelDef["partitions"]
+	if !ok {
+		return nil, newDecodeModelError("endpoints model missing partitions", nil)
+	}
+
+	ps := partitions{}
+	if err := json.Unmarshal(b, &ps); err != nil {
+		return nil, newDecodeModelError("failed to decode endpoints model", err)
+	}
+
+	if opts.SkipCustomizations {
+		return ps, nil
+	}
+
+	// Customization
+	for i := 0; i < len(ps); i++ {
+		p := &ps[i]
+		custRegionalS3(p)
+		custRmIotDataService(p)
+		custFixAppAutoscalingChina(p)
+		custFixAppAutoscalingUsGov(p)
+	}
+
+	return ps, nil
+}
+
+func custRegionalS3(p *partition) {
+	if p.ID != "aws" {
+		return
+	}
+
+	service, ok := p.Services["s3"]
+	if !ok {
+		return
+	}
+
+	const awsGlobal = "aws-global"
+	const usEast1 = "us-east-1"
+
+	// If global endpoint already exists no customization needed.
+	if _, ok := service.Endpoints[endpointKey{Region: awsGlobal}]; ok {
+		return
+	}
+
+	service.PartitionEndpoint = awsGlobal
+	if _, ok := service.Endpoints[endpointKey{Region: usEast1}]; !ok {
+		service.Endpoints[endpointKey{Region: usEast1}] = endpoint{}
+	}
+	service.Endpoints[endpointKey{Region: awsGlobal}] = endpoint{
+		Hostname: "s3.amazonaws.com",
+		CredentialScope: credentialScope{
+			Region: usEast1,
+		},
+	}
+
+	p.Services["s3"] = service
+}
+
+func custRmIotDataService(p *partition) {
+	delete(p.Services, "data.iot")
+}
+
+func custFixAppAutoscalingChina(p *partition) {
+	if p.ID != "aws-cn" {
+		return
+	}
+
+	const serviceName = "application-autoscaling"
+	s, ok := p.Services[serviceName]
+	if !ok {
+		return
+	}
+
+	const expectHostname = `autoscaling.{region}.amazonaws.com`
+	serviceDefault := s.Defaults[defaultKey{}]
+	if e, a := expectHostname, serviceDefault.Hostname; e != a {
+		fmt.Printf("custFixAppAutoscalingChina: ignoring customization, expected %s, got %s\n", e, a)
+		return
+	}
+	serviceDefault.Hostname = expectHostname + ".cn"
+	s.Defaults[defaultKey{}] = serviceDefault
+	p.Services[serviceName] = s
+}
+
+func custFixAppAutoscalingUsGov(p *partition) {
+	if p.ID != "aws-us-gov" {
+		return
+	}
+
+	const serviceName = "application-autoscaling"
+	s, ok := p.Services[serviceName]
+	if !ok {
+		return
+	}
+
+	serviceDefault := s.Defaults[defaultKey{}]
+	if a := serviceDefault.CredentialScope.Service; a != "" {
+		fmt.Printf("custFixAppAutoscalingUsGov: ignoring customization, expected empty credential scope service, got %s\n", a)
+		return
+	}
+
+	if a := serviceDefault.Hostname; a != "" {
+		fmt.Printf("custFixAppAutoscalingUsGov: ignoring customization, expected empty hostname, got %s\n", a)
+		return
+	}
+
+	serviceDefault.CredentialScope.Service = "application-autoscaling"
+	serviceDefault.Hostname = "autoscaling.{region}.amazonaws.com"
+
+	if s.Defaults == nil {
+		s.Defaults = make(endpointDefaults)
+	}
+
+	s.Defaults[defaultKey{}] = serviceDefault
+
+	p.Services[serviceName] = s
+}
+
+type decodeModelError struct {
+	awsError
+}
+
+func newDecodeModelError(msg string, err error) decodeModelError {
+	return decodeModelError{
+		awsError: awserr.New("DecodeEndpointsModelError", msg, err),
+	}
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go
new file mode 100644
index 000000000..9943af744
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go
@@ -0,0 +1,40212 @@
+// Code generated by aws/endpoints/v3model_codegen.go. DO NOT EDIT.
+
+package endpoints
+
+import (
+	"regexp"
+)
+
+// Partition identifiers
+const (
+	AwsPartitionID      = "aws"        // AWS Standard partition.
+	AwsCnPartitionID    = "aws-cn"     // AWS China partition.
+	AwsUsGovPartitionID = "aws-us-gov" // AWS GovCloud (US) partition.
+	AwsIsoPartitionID   = "aws-iso"    // AWS ISO (US) partition.
+	AwsIsoBPartitionID  = "aws-iso-b"  // AWS ISOB (US) partition.
+	AwsIsoEPartitionID  = "aws-iso-e"  // AWS ISOE (Europe) partition.
+	AwsIsoFPartitionID  = "aws-iso-f"  // AWS ISOF partition.
+)
+
+// AWS Standard partition's regions.
+const (
+	AfSouth1RegionID     = "af-south-1"     // Africa (Cape Town).
+	ApEast1RegionID      = "ap-east-1"      // Asia Pacific (Hong Kong).
+	ApNortheast1RegionID = "ap-northeast-1" // Asia Pacific (Tokyo).
+	ApNortheast2RegionID = "ap-northeast-2" // Asia Pacific (Seoul).
+	ApNortheast3RegionID = "ap-northeast-3" // Asia Pacific (Osaka).
+	ApSouth1RegionID     = "ap-south-1"     // Asia Pacific (Mumbai).
+	ApSouth2RegionID     = "ap-south-2"     // Asia Pacific (Hyderabad).
+	ApSoutheast1RegionID = "ap-southeast-1" // Asia Pacific (Singapore).
+	ApSoutheast2RegionID = "ap-southeast-2" // Asia Pacific (Sydney).
+	ApSoutheast3RegionID = "ap-southeast-3" // Asia Pacific (Jakarta).
+	ApSoutheast4RegionID = "ap-southeast-4" // Asia Pacific (Melbourne).
+	CaCentral1RegionID   = "ca-central-1"   // Canada (Central).
+	EuCentral1RegionID   = "eu-central-1"   // Europe (Frankfurt).
+	EuCentral2RegionID   = "eu-central-2"   // Europe (Zurich).
+	EuNorth1RegionID     = "eu-north-1"     // Europe (Stockholm).
+	EuSouth1RegionID     = "eu-south-1"     // Europe (Milan).
+	EuSouth2RegionID     = "eu-south-2"     // Europe (Spain).
+	EuWest1RegionID      = "eu-west-1"      // Europe (Ireland).
+	EuWest2RegionID      = "eu-west-2"      // Europe (London).
+	EuWest3RegionID      = "eu-west-3"      // Europe (Paris).
+	MeCentral1RegionID   = "me-central-1"   // Middle East (UAE).
+	MeSouth1RegionID     = "me-south-1"     // Middle East (Bahrain).
+	SaEast1RegionID      = "sa-east-1"      // South America (Sao Paulo).
+	UsEast1RegionID      = "us-east-1"      // US East (N. Virginia).
+	UsEast2RegionID      = "us-east-2"      // US East (Ohio).
+	UsWest1RegionID      = "us-west-1"      // US West (N. California).
+	UsWest2RegionID      = "us-west-2"      // US West (Oregon).
+)
+
+// AWS China partition's regions.
+const (
+	CnNorth1RegionID     = "cn-north-1"     // China (Beijing).
+	CnNorthwest1RegionID = "cn-northwest-1" // China (Ningxia).
+)
+
+// AWS GovCloud (US) partition's regions.
+const (
+	UsGovEast1RegionID = "us-gov-east-1" // AWS GovCloud (US-East).
+	UsGovWest1RegionID = "us-gov-west-1" // AWS GovCloud (US-West).
+)
+
+// AWS ISO (US) partition's regions.
+const (
+	UsIsoEast1RegionID = "us-iso-east-1" // US ISO East.
+	UsIsoWest1RegionID = "us-iso-west-1" // US ISO WEST.
+)
+
+// AWS ISOB (US) partition's regions.
+const (
+	UsIsobEast1RegionID = "us-isob-east-1" // US ISOB East (Ohio).
+)
+
+// AWS ISOE (Europe) partition's regions.
+const ()
+
+// AWS ISOF partition's regions.
+const ()
+
+// DefaultResolver returns an Endpoint resolver that will be able
+// to resolve endpoints for: AWS Standard, AWS China, AWS GovCloud (US), AWS ISO (US), AWS ISOB (US), AWS ISOE (Europe), and AWS ISOF.
+//
+// Use DefaultPartitions() to get the list of the default partitions.
+func DefaultResolver() Resolver {
+	return defaultPartitions
+}
+
+// DefaultPartitions returns a list of the partitions the SDK is bundled
+// with. The available partitions are: AWS Standard, AWS China, AWS GovCloud (US), AWS ISO (US), AWS ISOB (US), AWS ISOE (Europe), and AWS ISOF.
+//
+//    partitions := endpoints.DefaultPartitions
+//    for _, p := range partitions {
+//        // ... inspect partitions
+//    }
+func DefaultPartitions() []Partition {
+	return defaultPartitions.Partitions()
+}
+
+var defaultPartitions = partitions{
+	awsPartition,
+	awscnPartition,
+	awsusgovPartition,
+	awsisoPartition,
+	awsisobPartition,
+	awsisoePartition,
+	awsisofPartition,
+}
+
+// AwsPartition returns the Resolver for AWS Standard.
+func AwsPartition() Partition {
+	return awsPartition.Partition()
+}
+
+var awsPartition = partition{
+	ID:        "aws",
+	Name:      "AWS Standard",
+	DNSSuffix: "amazonaws.com",
+	RegionRegex: regionRegex{
+		Regexp: func() *regexp.Regexp {
+			reg, _ := regexp.Compile("^(us|eu|ap|sa|ca|me|af)\\-\\w+\\-\\d+$")
+			return reg
+		}(),
+	},
+	Defaults: endpointDefaults{
+		defaultKey{}: endpoint{
+			Hostname:          "{service}.{region}.{dnsSuffix}",
+			Protocols:         []string{"https"},
+			SignatureVersions: []string{"v4"},
+		},
+		defaultKey{
+			Variant: dualStackVariant,
+		}: endpoint{
+			Hostname:          "{service}.{region}.{dnsSuffix}",
+			DNSSuffix:         "api.aws",
+			Protocols:         []string{"https"},
+			SignatureVersions: []string{"v4"},
+		},
+		defaultKey{
+			Variant: fipsVariant,
+		}: endpoint{
+			Hostname:          "{service}-fips.{region}.{dnsSuffix}",
+			DNSSuffix:         "amazonaws.com",
+			Protocols:         []string{"https"},
+			SignatureVersions: []string{"v4"},
+		},
+		defaultKey{
+			Variant: fipsVariant | dualStackVariant,
+		}: endpoint{
+			Hostname:          "{service}-fips.{region}.{dnsSuffix}",
+			DNSSuffix:         "api.aws",
+			Protocols:         []string{"https"},
+			SignatureVersions: []string{"v4"},
+		},
+	},
+	Regions: regions{
+		"af-south-1": region{
+			Description: "Africa (Cape Town)",
+		},
+		"ap-east-1": region{
+			Description: "Asia Pacific (Hong Kong)",
+		},
+		"ap-northeast-1": region{
+			Description: "Asia Pacific (Tokyo)",
+		},
+		"ap-northeast-2": region{
+			Description: "Asia Pacific (Seoul)",
+		},
+		"ap-northeast-3": region{
+			Description: "Asia Pacific (Osaka)",
+		},
+		"ap-south-1": region{
+			Description: "Asia Pacific (Mumbai)",
+		},
+		"ap-south-2": region{
+			Description: "Asia Pacific (Hyderabad)",
+		},
+		"ap-southeast-1": region{
+			Description: "Asia Pacific (Singapore)",
+		},
+		"ap-southeast-2": region{
+			Description: "Asia Pacific (Sydney)",
+		},
+		"ap-southeast-3": region{
+			Description: "Asia Pacific (Jakarta)",
+		},
+		"ap-southeast-4": region{
+			Description: "Asia Pacific (Melbourne)",
+		},
+		"ca-central-1": region{
+			Description: "Canada (Central)",
+		},
+		"eu-central-1": region{
+			Description: "Europe (Frankfurt)",
+		},
+		"eu-central-2": region{
+			Description: "Europe (Zurich)",
+		},
+		"eu-north-1": region{
+			Description: "Europe (Stockholm)",
+		},
+		"eu-south-1": region{
+			Description: "Europe (Milan)",
+		},
+		"eu-south-2": region{
+			Description: "Europe (Spain)",
+		},
+		"eu-west-1": region{
+			Description: "Europe (Ireland)",
+		},
+		"eu-west-2": region{
+			Description: "Europe (London)",
+		},
+		"eu-west-3": region{
+			Description: "Europe (Paris)",
+		},
+		"me-central-1": region{
+			Description: "Middle East (UAE)",
+		},
+		"me-south-1": region{
+			Description: "Middle East (Bahrain)",
+		},
+		"sa-east-1": region{
+			Description: "South America (Sao Paulo)",
+		},
+		"us-east-1": region{
+			Description: "US East (N. Virginia)",
+		},
+		"us-east-2": region{
+			Description: "US East (Ohio)",
+		},
+		"us-west-1": region{
+			Description: "US West (N. California)",
+		},
+		"us-west-2": region{
+			Description: "US West (Oregon)",
+		},
+	},
+	Services: services{
+		"a4b": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+			},
+		},
+		"access-analyzer": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-4",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ca-central-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "access-analyzer-fips.ca-central-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "fips-ca-central-1",
+				}: endpoint{
+					Hostname: "access-analyzer-fips.ca-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ca-central-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-1",
+				}: endpoint{
+					Hostname: "access-analyzer-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-2",
+				}: endpoint{
+					Hostname: "access-analyzer-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-1",
+				}: endpoint{
+					Hostname: "access-analyzer-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-2",
+				}: endpoint{
+					Hostname: "access-analyzer-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "me-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "access-analyzer-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "access-analyzer-fips.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "access-analyzer-fips.us-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "access-analyzer-fips.us-west-2.amazonaws.com",
+				},
+			},
+		},
+		"account": service{
+			PartitionEndpoint: "aws-global",
+			IsRegionalized:    boxedFalse,
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "aws-global",
+				}: endpoint{
+					Hostname: "account.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+				},
+			},
+		},
+		"acm": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-4",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ca-central-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "acm-fips.ca-central-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "ca-central-1-fips",
+				}: endpoint{
+					Hostname: "acm-fips.ca-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ca-central-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "acm-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-1-fips",
+				}: endpoint{
+					Hostname: "acm-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "acm-fips.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-2-fips",
+				}: endpoint{
+					Hostname: "acm-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "acm-fips.us-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-1-fips",
+				}: endpoint{
+					Hostname: "acm-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "acm-fips.us-west-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2-fips",
+				}: endpoint{
+					Hostname: "acm-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+			},
+		},
+		"acm-pca": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{
+					Protocols: []string{"https"},
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-4",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ca-central-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "acm-pca-fips.ca-central-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "fips-ca-central-1",
+				}: endpoint{
+					Hostname: "acm-pca-fips.ca-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ca-central-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-1",
+				}: endpoint{
+					Hostname: "acm-pca-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-2",
+				}: endpoint{
+					Hostname: "acm-pca-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-1",
+				}: endpoint{
+					Hostname: "acm-pca-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-2",
+				}: endpoint{
+					Hostname: "acm-pca-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "me-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "acm-pca-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "acm-pca-fips.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "acm-pca-fips.us-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "acm-pca-fips.us-west-2.amazonaws.com",
+				},
+			},
+		},
+		"airflow": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+			},
+		},
+		"amplify": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+			},
+		},
+		"amplifybackend": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+			},
+		},
+		"amplifyuibuilder": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+			},
+		},
+		"aoss": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+			},
+		},
+		"api.detective": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{
+					Protocols: []string{"https"},
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "api.detective-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-1-fips",
+				}: endpoint{
+					Hostname: "api.detective-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "api.detective-fips.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-2-fips",
+				}: endpoint{
+					Hostname: "api.detective-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "api.detective-fips.us-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-1-fips",
+				}: endpoint{
+					Hostname: "api.detective-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "api.detective-fips.us-west-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2-fips",
+				}: endpoint{
+					Hostname: "api.detective-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+			},
+		},
+		"api.ecr": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{},
+				defaultKey{
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "ecr-fips.{region}.{dnsSuffix}",
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{
+					Hostname: "api.ecr.af-south-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "af-south-1",
+					},
+				},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{
+					Hostname: "api.ecr.ap-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-east-1",
+					},
+				},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{
+					Hostname: "api.ecr.ap-northeast-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-northeast-1",
+					},
+				},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{
+					Hostname: "api.ecr.ap-northeast-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-northeast-2",
+					},
+				},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{
+					Hostname: "api.ecr.ap-northeast-3.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-northeast-3",
+					},
+				},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{
+					Hostname: "api.ecr.ap-south-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-south-1",
+					},
+				},
+				endpointKey{
+					Region: "ap-south-2",
+				}: endpoint{
+					Hostname: "api.ecr.ap-south-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-south-2",
+					},
+				},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{
+					Hostname: "api.ecr.ap-southeast-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-southeast-1",
+					},
+				},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{
+					Hostname: "api.ecr.ap-southeast-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-southeast-2",
+					},
+				},
+				endpointKey{
+					Region: "ap-southeast-3",
+				}: endpoint{
+					Hostname: "api.ecr.ap-southeast-3.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-southeast-3",
+					},
+				},
+				endpointKey{
+					Region: "ap-southeast-4",
+				}: endpoint{
+					Hostname: "api.ecr.ap-southeast-4.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-southeast-4",
+					},
+				},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{
+					Hostname: "api.ecr.ca-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ca-central-1",
+					},
+				},
+				endpointKey{
+					Region: "dkr-us-east-1",
+				}: endpoint{
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region:  "dkr-us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "ecr-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "dkr-us-east-2",
+				}: endpoint{
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region:  "dkr-us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "ecr-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "dkr-us-west-1",
+				}: endpoint{
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region:  "dkr-us-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "ecr-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "dkr-us-west-2",
+				}: endpoint{
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region:  "dkr-us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "ecr-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{
+					Hostname: "api.ecr.eu-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-central-1",
+					},
+				},
+				endpointKey{
+					Region: "eu-central-2",
+				}: endpoint{
+					Hostname: "api.ecr.eu-central-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-central-2",
+					},
+				},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{
+					Hostname: "api.ecr.eu-north-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-north-1",
+					},
+				},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{
+					Hostname: "api.ecr.eu-south-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-south-1",
+					},
+				},
+				endpointKey{
+					Region: "eu-south-2",
+				}: endpoint{
+					Hostname: "api.ecr.eu-south-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-south-2",
+					},
+				},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{
+					Hostname: "api.ecr.eu-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-west-1",
+					},
+				},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{
+					Hostname: "api.ecr.eu-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-west-2",
+					},
+				},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{
+					Hostname: "api.ecr.eu-west-3.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-west-3",
+					},
+				},
+				endpointKey{
+					Region: "fips-dkr-us-east-1",
+				}: endpoint{
+					Hostname: "ecr-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-dkr-us-east-2",
+				}: endpoint{
+					Hostname: "ecr-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-dkr-us-west-1",
+				}: endpoint{
+					Hostname: "ecr-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-dkr-us-west-2",
+				}: endpoint{
+					Hostname: "ecr-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-1",
+				}: endpoint{
+					Hostname: "ecr-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-2",
+				}: endpoint{
+					Hostname: "ecr-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-1",
+				}: endpoint{
+					Hostname: "ecr-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-2",
+				}: endpoint{
+					Hostname: "ecr-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "me-central-1",
+				}: endpoint{
+					Hostname: "api.ecr.me-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "me-central-1",
+					},
+				},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{
+					Hostname: "api.ecr.me-south-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "me-south-1",
+					},
+				},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{
+					Hostname: "api.ecr.sa-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "sa-east-1",
+					},
+				},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{
+					Hostname: "api.ecr.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+				},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "ecr-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{
+					Hostname: "api.ecr.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+				},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "ecr-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+				},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{
+					Hostname: "api.ecr.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+				},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "ecr-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{
+					Hostname: "api.ecr.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+				},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "ecr-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+				},
+			},
+		},
+		"api.ecr-public": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{
+					Hostname: "api.ecr-public.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{
+					Hostname: "api.ecr-public.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+				},
+			},
+		},
+		"api.elastic-inference": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{
+					Hostname: "api.elastic-inference.ap-northeast-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{
+					Hostname: "api.elastic-inference.ap-northeast-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{
+					Hostname: "api.elastic-inference.eu-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{
+					Hostname: "api.elastic-inference.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{
+					Hostname: "api.elastic-inference.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{
+					Hostname: "api.elastic-inference.us-west-2.amazonaws.com",
+				},
+			},
+		},
+		"api.fleethub.iot": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ca-central-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "api.fleethub.iot-fips.ca-central-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "fips-ca-central-1",
+				}: endpoint{
+					Hostname: "api.fleethub.iot-fips.ca-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ca-central-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-1",
+				}: endpoint{
+					Hostname: "api.fleethub.iot-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-2",
+				}: endpoint{
+					Hostname: "api.fleethub.iot-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-2",
+				}: endpoint{
+					Hostname: "api.fleethub.iot-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "api.fleethub.iot-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "api.fleethub.iot-fips.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "api.fleethub.iot-fips.us-west-2.amazonaws.com",
+				},
+			},
+		},
+		"api.iotdeviceadvisor": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{
+					Hostname: "api.iotdeviceadvisor.ap-northeast-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-northeast-1",
+					},
+				},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{
+					Hostname: "api.iotdeviceadvisor.eu-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-west-1",
+					},
+				},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{
+					Hostname: "api.iotdeviceadvisor.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{
+					Hostname: "api.iotdeviceadvisor.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+				},
+			},
+		},
+		"api.iotwireless": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{
+					Hostname: "api.iotwireless.ap-northeast-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-northeast-1",
+					},
+				},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{
+					Hostname: "api.iotwireless.ap-southeast-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-southeast-2",
+					},
+				},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{
+					Hostname: "api.iotwireless.eu-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-central-1",
+					},
+				},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{
+					Hostname: "api.iotwireless.eu-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-west-1",
+					},
+				},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{
+					Hostname: "api.iotwireless.sa-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "sa-east-1",
+					},
+				},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{
+					Hostname: "api.iotwireless.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{
+					Hostname: "api.iotwireless.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+				},
+			},
+		},
+		"api.mediatailor": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+			},
+		},
+		"api.pricing": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{
+					CredentialScope: credentialScope{
+						Service: "pricing",
+					},
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+			},
+		},
+		"api.sagemaker": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{},
+				defaultKey{
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "api-fips.sagemaker.{region}.{dnsSuffix}",
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-4",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "api-fips.sagemaker.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-1-fips",
+				}: endpoint{
+					Hostname: "api-fips.sagemaker.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "api-fips.sagemaker.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-2-fips",
+				}: endpoint{
+					Hostname: "api-fips.sagemaker.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "api-fips.sagemaker.us-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-1-fips",
+				}: endpoint{
+					Hostname: "api-fips.sagemaker.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "api-fips.sagemaker.us-west-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2-fips",
+				}: endpoint{
+					Hostname: "api-fips.sagemaker.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+			},
+		},
+		"api.tunneling.iot": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{},
+				defaultKey{
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "api.tunneling.iot-fips.{region}.{dnsSuffix}",
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ca-central-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "api.tunneling.iot-fips.ca-central-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "fips-ca-central-1",
+				}: endpoint{
+					Hostname: "api.tunneling.iot-fips.ca-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ca-central-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-1",
+				}: endpoint{
+					Hostname: "api.tunneling.iot-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-2",
+				}: endpoint{
+					Hostname: "api.tunneling.iot-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-1",
+				}: endpoint{
+					Hostname: "api.tunneling.iot-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-2",
+				}: endpoint{
+					Hostname: "api.tunneling.iot-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "me-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "api.tunneling.iot-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "api.tunneling.iot-fips.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "api.tunneling.iot-fips.us-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "api.tunneling.iot-fips.us-west-2.amazonaws.com",
+				},
+			},
+		},
+		"apigateway": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-4",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ca-central-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "apigateway-fips.ca-central-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "fips-ca-central-1",
+				}: endpoint{
+					Hostname: "apigateway-fips.ca-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ca-central-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-1",
+				}: endpoint{
+					Hostname: "apigateway-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-2",
+				}: endpoint{
+					Hostname: "apigateway-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-1",
+				}: endpoint{
+					Hostname: "apigateway-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-2",
+				}: endpoint{
+					Hostname: "apigateway-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "me-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "apigateway-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "apigateway-fips.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "apigateway-fips.us-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "apigateway-fips.us-west-2.amazonaws.com",
+				},
+			},
+		},
+		"app-integrations": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+			},
+		},
+		"appconfig": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-4",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+			},
+		},
+		"appconfigdata": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-4",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+			},
+		},
+		"appflow": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+			},
+		},
+		"application-autoscaling": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{
+					Protocols: []string{"http", "https"},
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-4",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+			},
+		},
+		"applicationinsights": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+			},
+		},
+		"appmesh": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "af-south-1",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "appmesh.af-south-1.api.aws",
+				},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ap-east-1",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "appmesh.ap-east-1.api.aws",
+				},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ap-northeast-1",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "appmesh.ap-northeast-1.api.aws",
+				},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ap-northeast-2",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "appmesh.ap-northeast-2.api.aws",
+				},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ap-northeast-3",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "appmesh.ap-northeast-3.api.aws",
+				},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ap-south-1",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "appmesh.ap-south-1.api.aws",
+				},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ap-southeast-1",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "appmesh.ap-southeast-1.api.aws",
+				},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ap-southeast-2",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "appmesh.ap-southeast-2.api.aws",
+				},
+				endpointKey{
+					Region: "ap-southeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ap-southeast-3",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "appmesh.ap-southeast-3.api.aws",
+				},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ca-central-1",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "appmesh.ca-central-1.api.aws",
+				},
+				endpointKey{
+					Region:  "ca-central-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "appmesh-fips.ca-central-1.amazonaws.com",
+				},
+				endpointKey{
+					Region:  "ca-central-1",
+					Variant: fipsVariant | dualStackVariant,
+				}: endpoint{
+					Hostname: "appmesh-fips.ca-central-1.api.aws",
+				},
+				endpointKey{
+					Region: "ca-central-1-fips",
+				}: endpoint{
+					Hostname: "appmesh-fips.ca-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ca-central-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "eu-central-1",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "appmesh.eu-central-1.api.aws",
+				},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "eu-north-1",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "appmesh.eu-north-1.api.aws",
+				},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "eu-south-1",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "appmesh.eu-south-1.api.aws",
+				},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "eu-west-1",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "appmesh.eu-west-1.api.aws",
+				},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "eu-west-2",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "appmesh.eu-west-2.api.aws",
+				},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region:  "eu-west-3",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "appmesh.eu-west-3.api.aws",
+				},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "me-south-1",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "appmesh.me-south-1.api.aws",
+				},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "sa-east-1",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "appmesh.sa-east-1.api.aws",
+				},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "appmesh.us-east-1.api.aws",
+				},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "appmesh-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant | dualStackVariant,
+				}: endpoint{
+					Hostname: "appmesh-fips.us-east-1.api.aws",
+				},
+				endpointKey{
+					Region: "us-east-1-fips",
+				}: endpoint{
+					Hostname: "appmesh-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "appmesh.us-east-2.api.aws",
+				},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "appmesh-fips.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant | dualStackVariant,
+				}: endpoint{
+					Hostname: "appmesh-fips.us-east-2.api.aws",
+				},
+				endpointKey{
+					Region: "us-east-2-fips",
+				}: endpoint{
+					Hostname: "appmesh-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "appmesh.us-west-1.api.aws",
+				},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "appmesh-fips.us-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: fipsVariant | dualStackVariant,
+				}: endpoint{
+					Hostname: "appmesh-fips.us-west-1.api.aws",
+				},
+				endpointKey{
+					Region: "us-west-1-fips",
+				}: endpoint{
+					Hostname: "appmesh-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "appmesh.us-west-2.api.aws",
+				},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "appmesh-fips.us-west-2.amazonaws.com",
+				},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant | dualStackVariant,
+				}: endpoint{
+					Hostname: "appmesh-fips.us-west-2.api.aws",
+				},
+				endpointKey{
+					Region: "us-west-2-fips",
+				}: endpoint{
+					Hostname: "appmesh-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+			},
+		},
+		"apprunner": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "fips-us-east-1",
+				}: endpoint{
+					Hostname: "apprunner-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-2",
+				}: endpoint{
+					Hostname: "apprunner-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-2",
+				}: endpoint{
+					Hostname: "apprunner-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "apprunner-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "apprunner-fips.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "apprunner-fips.us-west-2.amazonaws.com",
+				},
+			},
+		},
+		"appstream2": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{
+					Protocols: []string{"https"},
+					CredentialScope: credentialScope{
+						Service: "appstream",
+					},
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "fips",
+				}: endpoint{
+					Hostname: "appstream2-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "appstream2-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-1-fips",
+				}: endpoint{
+					Hostname: "appstream2-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "appstream2-fips.us-west-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2-fips",
+				}: endpoint{
+					Hostname: "appstream2-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+			},
+		},
+		"appsync": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+			},
+		},
+		"aps": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{
+					Protocols: []string{"https"},
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+			},
+		},
+		"arc-zonal-shift": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-4",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+			},
+		},
+		"athena": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "af-south-1",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "athena.af-south-1.api.aws",
+				},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ap-east-1",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "athena.ap-east-1.api.aws",
+				},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ap-northeast-1",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "athena.ap-northeast-1.api.aws",
+				},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ap-northeast-2",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "athena.ap-northeast-2.api.aws",
+				},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ap-northeast-3",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "athena.ap-northeast-3.api.aws",
+				},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ap-south-1",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "athena.ap-south-1.api.aws",
+				},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ap-southeast-1",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "athena.ap-southeast-1.api.aws",
+				},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ap-southeast-2",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "athena.ap-southeast-2.api.aws",
+				},
+				endpointKey{
+					Region: "ap-southeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ap-southeast-3",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "athena.ap-southeast-3.api.aws",
+				},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ca-central-1",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "athena.ca-central-1.api.aws",
+				},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "eu-central-1",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "athena.eu-central-1.api.aws",
+				},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "eu-north-1",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "athena.eu-north-1.api.aws",
+				},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "eu-south-1",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "athena.eu-south-1.api.aws",
+				},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "eu-west-1",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "athena.eu-west-1.api.aws",
+				},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "eu-west-2",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "athena.eu-west-2.api.aws",
+				},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region:  "eu-west-3",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "athena.eu-west-3.api.aws",
+				},
+				endpointKey{
+					Region: "fips-us-east-1",
+				}: endpoint{
+					Hostname: "athena-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-2",
+				}: endpoint{
+					Hostname: "athena-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-1",
+				}: endpoint{
+					Hostname: "athena-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-2",
+				}: endpoint{
+					Hostname: "athena-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "me-south-1",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "athena.me-south-1.api.aws",
+				},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "sa-east-1",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "athena.sa-east-1.api.aws",
+				},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "athena.us-east-1.api.aws",
+				},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "athena-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant | dualStackVariant,
+				}: endpoint{
+					Hostname: "athena-fips.us-east-1.api.aws",
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "athena.us-east-2.api.aws",
+				},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "athena-fips.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant | dualStackVariant,
+				}: endpoint{
+					Hostname: "athena-fips.us-east-2.api.aws",
+				},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "athena.us-west-1.api.aws",
+				},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "athena-fips.us-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: fipsVariant | dualStackVariant,
+				}: endpoint{
+					Hostname: "athena-fips.us-west-1.api.aws",
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "athena.us-west-2.api.aws",
+				},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "athena-fips.us-west-2.amazonaws.com",
+				},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant | dualStackVariant,
+				}: endpoint{
+					Hostname: "athena-fips.us-west-2.api.aws",
+				},
+			},
+		},
+		"auditmanager": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+			},
+		},
+		"autoscaling": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{
+					Protocols: []string{"http", "https"},
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-4",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+			},
+		},
+		"autoscaling-plans": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{
+					Protocols: []string{"http", "https"},
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+			},
+		},
+		"backup": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-4",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+			},
+		},
+		"backup-gateway": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+			},
+		},
+		"backupstorage": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+			},
+		},
+		"batch": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{},
+				defaultKey{
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "fips.batch.{region}.{dnsSuffix}",
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-4",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "fips-us-east-1",
+				}: endpoint{
+					Hostname: "fips.batch.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-2",
+				}: endpoint{
+					Hostname: "fips.batch.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-1",
+				}: endpoint{
+					Hostname: "fips.batch.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-2",
+				}: endpoint{
+					Hostname: "fips.batch.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "me-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "fips.batch.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "fips.batch.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "fips.batch.us-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "fips.batch.us-west-2.amazonaws.com",
+				},
+			},
+		},
+		"billingconductor": service{
+			PartitionEndpoint: "aws-global",
+			IsRegionalized:    boxedFalse,
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "aws-global",
+				}: endpoint{
+					Hostname: "billingconductor.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+				},
+			},
+		},
+		"braket": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+			},
+		},
+		"budgets": service{
+			PartitionEndpoint: "aws-global",
+			IsRegionalized:    boxedFalse,
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "aws-global",
+				}: endpoint{
+					Hostname: "budgets.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+				},
+			},
+		},
+		"cases": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "fips-us-east-1",
+				}: endpoint{
+
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-2",
+				}: endpoint{
+
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{},
+			},
+		},
+		"cassandra": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "fips-us-east-1",
+				}: endpoint{
+					Hostname: "cassandra-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-2",
+				}: endpoint{
+					Hostname: "cassandra-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "cassandra-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "cassandra-fips.us-west-2.amazonaws.com",
+				},
+			},
+		},
+		"catalog.marketplace": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+			},
+		},
+		"ce": service{
+			PartitionEndpoint: "aws-global",
+			IsRegionalized:    boxedFalse,
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "aws-global",
+				}: endpoint{
+					Hostname: "ce.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+				},
+			},
+		},
+		"chime": service{
+			PartitionEndpoint: "aws-global",
+			IsRegionalized:    boxedFalse,
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{
+					Protocols: []string{"https"},
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "aws-global",
+				}: endpoint{
+					Hostname:  "chime.us-east-1.amazonaws.com",
+					Protocols: []string{"https"},
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+				},
+			},
+		},
+		"cleanrooms": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+			},
+		},
+		"cloud9": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+			},
+		},
+		"cloudcontrolapi": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-4",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ca-central-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "cloudcontrolapi-fips.ca-central-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "fips-ca-central-1",
+				}: endpoint{
+					Hostname: "cloudcontrolapi-fips.ca-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ca-central-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-1",
+				}: endpoint{
+					Hostname: "cloudcontrolapi-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-2",
+				}: endpoint{
+					Hostname: "cloudcontrolapi-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-1",
+				}: endpoint{
+					Hostname: "cloudcontrolapi-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-2",
+				}: endpoint{
+					Hostname: "cloudcontrolapi-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "me-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "cloudcontrolapi-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "cloudcontrolapi-fips.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "cloudcontrolapi-fips.us-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "cloudcontrolapi-fips.us-west-2.amazonaws.com",
+				},
+			},
+		},
+		"clouddirectory": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+			},
+		},
+		"cloudformation": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-4",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "cloudformation-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-1-fips",
+				}: endpoint{
+					Hostname: "cloudformation-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "cloudformation-fips.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-2-fips",
+				}: endpoint{
+					Hostname: "cloudformation-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "cloudformation-fips.us-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-1-fips",
+				}: endpoint{
+					Hostname: "cloudformation-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "cloudformation-fips.us-west-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2-fips",
+				}: endpoint{
+					Hostname: "cloudformation-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+			},
+		},
+		"cloudfront": service{
+			PartitionEndpoint: "aws-global",
+			IsRegionalized:    boxedFalse,
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "aws-global",
+				}: endpoint{
+					Hostname:  "cloudfront.amazonaws.com",
+					Protocols: []string{"http", "https"},
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+				},
+			},
+		},
+		"cloudhsm": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+			},
+		},
+		"cloudhsmv2": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{
+					CredentialScope: credentialScope{
+						Service: "cloudhsm",
+					},
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+			},
+		},
+		"cloudsearch": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+			},
+		},
+		"cloudtrail": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-4",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "fips-us-east-1",
+				}: endpoint{
+					Hostname: "cloudtrail-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-2",
+				}: endpoint{
+					Hostname: "cloudtrail-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-1",
+				}: endpoint{
+					Hostname: "cloudtrail-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-2",
+				}: endpoint{
+					Hostname: "cloudtrail-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "me-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "cloudtrail-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "cloudtrail-fips.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "cloudtrail-fips.us-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "cloudtrail-fips.us-west-2.amazonaws.com",
+				},
+			},
+		},
+		"cloudtrail-data": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+			},
+		},
+		"codeartifact": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+			},
+		},
+		"codebuild": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-4",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "codebuild-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-1-fips",
+				}: endpoint{
+					Hostname: "codebuild-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "codebuild-fips.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-2-fips",
+				}: endpoint{
+					Hostname: "codebuild-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "codebuild-fips.us-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-1-fips",
+				}: endpoint{
+					Hostname: "codebuild-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "codebuild-fips.us-west-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2-fips",
+				}: endpoint{
+					Hostname: "codebuild-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+			},
+		},
+		"codecatalyst": service{
+			PartitionEndpoint: "aws-global",
+			IsRegionalized:    boxedFalse,
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "aws-global",
+				}: endpoint{
+					Hostname: "codecatalyst.global.api.aws",
+				},
+			},
+		},
+		"codecommit": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ca-central-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "codecommit-fips.ca-central-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "ca-central-1-fips",
+				}: endpoint{
+					Hostname: "codecommit-fips.ca-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ca-central-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "fips",
+				}: endpoint{
+					Hostname: "codecommit-fips.ca-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ca-central-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "me-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "codecommit-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-1-fips",
+				}: endpoint{
+					Hostname: "codecommit-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "codecommit-fips.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-2-fips",
+				}: endpoint{
+					Hostname: "codecommit-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "codecommit-fips.us-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-1-fips",
+				}: endpoint{
+					Hostname: "codecommit-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "codecommit-fips.us-west-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2-fips",
+				}: endpoint{
+					Hostname: "codecommit-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+			},
+		},
+		"codedeploy": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-4",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "codedeploy-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-1-fips",
+				}: endpoint{
+					Hostname: "codedeploy-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "codedeploy-fips.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-2-fips",
+				}: endpoint{
+					Hostname: "codedeploy-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "codedeploy-fips.us-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-1-fips",
+				}: endpoint{
+					Hostname: "codedeploy-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "codedeploy-fips.us-west-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2-fips",
+				}: endpoint{
+					Hostname: "codedeploy-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+			},
+		},
+		"codeguru-reviewer": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+			},
+		},
+		"codepipeline": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ca-central-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "codepipeline-fips.ca-central-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "fips-ca-central-1",
+				}: endpoint{
+					Hostname: "codepipeline-fips.ca-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ca-central-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-1",
+				}: endpoint{
+					Hostname: "codepipeline-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-2",
+				}: endpoint{
+					Hostname: "codepipeline-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-1",
+				}: endpoint{
+					Hostname: "codepipeline-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-2",
+				}: endpoint{
+					Hostname: "codepipeline-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "codepipeline-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "codepipeline-fips.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "codepipeline-fips.us-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "codepipeline-fips.us-west-2.amazonaws.com",
+				},
+			},
+		},
+		"codestar": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+			},
+		},
+		"codestar-connections": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+			},
+		},
+		"codestar-notifications": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+			},
+		},
+		"cognito-identity": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "fips-us-east-1",
+				}: endpoint{
+					Hostname: "cognito-identity-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-2",
+				}: endpoint{
+					Hostname: "cognito-identity-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-1",
+				}: endpoint{
+					Hostname: "cognito-identity-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-2",
+				}: endpoint{
+					Hostname: "cognito-identity-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "cognito-identity-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "cognito-identity-fips.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "cognito-identity-fips.us-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "cognito-identity-fips.us-west-2.amazonaws.com",
+				},
+			},
+		},
+		"cognito-idp": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "fips-us-east-1",
+				}: endpoint{
+					Hostname: "cognito-idp-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-2",
+				}: endpoint{
+					Hostname: "cognito-idp-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-1",
+				}: endpoint{
+					Hostname: "cognito-idp-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-2",
+				}: endpoint{
+					Hostname: "cognito-idp-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "cognito-idp-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "cognito-idp-fips.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "cognito-idp-fips.us-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "cognito-idp-fips.us-west-2.amazonaws.com",
+				},
+			},
+		},
+		"cognito-sync": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+			},
+		},
+		"comprehend": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{
+					Protocols: []string{"https"},
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "fips-us-east-1",
+				}: endpoint{
+					Hostname: "comprehend-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-2",
+				}: endpoint{
+					Hostname: "comprehend-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-2",
+				}: endpoint{
+					Hostname: "comprehend-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "comprehend-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "comprehend-fips.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "comprehend-fips.us-west-2.amazonaws.com",
+				},
+			},
+		},
+		"comprehendmedical": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "fips-us-east-1",
+				}: endpoint{
+					Hostname: "comprehendmedical-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-2",
+				}: endpoint{
+					Hostname: "comprehendmedical-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-2",
+				}: endpoint{
+					Hostname: "comprehendmedical-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "comprehendmedical-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "comprehendmedical-fips.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "comprehendmedical-fips.us-west-2.amazonaws.com",
+				},
+			},
+		},
+		"compute-optimizer": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{
+					Hostname: "compute-optimizer.af-south-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "af-south-1",
+					},
+				},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{
+					Hostname: "compute-optimizer.ap-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-east-1",
+					},
+				},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{
+					Hostname: "compute-optimizer.ap-northeast-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-northeast-1",
+					},
+				},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{
+					Hostname: "compute-optimizer.ap-northeast-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-northeast-2",
+					},
+				},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{
+					Hostname: "compute-optimizer.ap-northeast-3.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-northeast-3",
+					},
+				},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{
+					Hostname: "compute-optimizer.ap-south-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-south-1",
+					},
+				},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{
+					Hostname: "compute-optimizer.ap-southeast-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-southeast-1",
+					},
+				},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{
+					Hostname: "compute-optimizer.ap-southeast-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-southeast-2",
+					},
+				},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{
+					Hostname: "compute-optimizer.ca-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ca-central-1",
+					},
+				},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{
+					Hostname: "compute-optimizer.eu-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-central-1",
+					},
+				},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{
+					Hostname: "compute-optimizer.eu-north-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-north-1",
+					},
+				},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{
+					Hostname: "compute-optimizer.eu-south-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-south-1",
+					},
+				},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{
+					Hostname: "compute-optimizer.eu-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-west-1",
+					},
+				},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{
+					Hostname: "compute-optimizer.eu-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-west-2",
+					},
+				},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{
+					Hostname: "compute-optimizer.eu-west-3.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-west-3",
+					},
+				},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{
+					Hostname: "compute-optimizer.me-south-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "me-south-1",
+					},
+				},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{
+					Hostname: "compute-optimizer.sa-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "sa-east-1",
+					},
+				},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{
+					Hostname: "compute-optimizer.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{
+					Hostname: "compute-optimizer.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+				},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{
+					Hostname: "compute-optimizer.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{
+					Hostname: "compute-optimizer.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+				},
+			},
+		},
+		"config": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-4",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "fips-us-east-1",
+				}: endpoint{
+					Hostname: "config-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-2",
+				}: endpoint{
+					Hostname: "config-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-1",
+				}: endpoint{
+					Hostname: "config-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-2",
+				}: endpoint{
+					Hostname: "config-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "me-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "config-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "config-fips.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "config-fips.us-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "config-fips.us-west-2.amazonaws.com",
+				},
+			},
+		},
+		"connect": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "fips-us-east-1",
+				}: endpoint{
+					Hostname: "connect-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-2",
+				}: endpoint{
+					Hostname: "connect-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "connect-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "connect-fips.us-west-2.amazonaws.com",
+				},
+			},
+		},
+		"connect-campaigns": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "fips-us-east-1",
+				}: endpoint{
+					Hostname: "connect-campaigns-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-2",
+				}: endpoint{
+					Hostname: "connect-campaigns-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "connect-campaigns-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "connect-campaigns-fips.us-west-2.amazonaws.com",
+				},
+			},
+		},
+		"contact-lens": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+			},
+		},
+		"controltower": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ca-central-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "controltower-fips.ca-central-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "ca-central-1-fips",
+				}: endpoint{
+					Hostname: "controltower-fips.ca-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ca-central-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "controltower-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-1-fips",
+				}: endpoint{
+					Hostname: "controltower-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "controltower-fips.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-2-fips",
+				}: endpoint{
+					Hostname: "controltower-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "controltower-fips.us-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-1-fips",
+				}: endpoint{
+					Hostname: "controltower-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "controltower-fips.us-west-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2-fips",
+				}: endpoint{
+					Hostname: "controltower-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+			},
+		},
+		"cur": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+			},
+		},
+		"data-ats.iot": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{
+					Protocols: []string{"https"},
+					CredentialScope: credentialScope{
+						Service: "iotdata",
+					},
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ca-central-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "data.iot-fips.ca-central-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "fips-ca-central-1",
+				}: endpoint{
+					Hostname: "data.iot-fips.ca-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Service: "iotdata",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-1",
+				}: endpoint{
+					Hostname: "data.iot-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Service: "iotdata",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-2",
+				}: endpoint{
+					Hostname: "data.iot-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Service: "iotdata",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-1",
+				}: endpoint{
+					Hostname: "data.iot-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Service: "iotdata",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-2",
+				}: endpoint{
+					Hostname: "data.iot-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Service: "iotdata",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "me-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "data.iot-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "data.iot-fips.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "data.iot-fips.us-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "data.iot-fips.us-west-2.amazonaws.com",
+				},
+			},
+		},
+		"data.jobs.iot": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ca-central-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "data.jobs.iot-fips.ca-central-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "fips-ca-central-1",
+				}: endpoint{
+					Hostname: "data.jobs.iot-fips.ca-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ca-central-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-1",
+				}: endpoint{
+					Hostname: "data.jobs.iot-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-2",
+				}: endpoint{
+					Hostname: "data.jobs.iot-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-1",
+				}: endpoint{
+					Hostname: "data.jobs.iot-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-2",
+				}: endpoint{
+					Hostname: "data.jobs.iot-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "data.jobs.iot-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "data.jobs.iot-fips.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "data.jobs.iot-fips.us-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "data.jobs.iot-fips.us-west-2.amazonaws.com",
+				},
+			},
+		},
+		"data.mediastore": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+			},
+		},
+		"databrew": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "fips-us-east-1",
+				}: endpoint{
+					Hostname: "databrew-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-2",
+				}: endpoint{
+					Hostname: "databrew-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-1",
+				}: endpoint{
+					Hostname: "databrew-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-2",
+				}: endpoint{
+					Hostname: "databrew-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "databrew-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "databrew-fips.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "databrew-fips.us-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "databrew-fips.us-west-2.amazonaws.com",
+				},
+			},
+		},
+		"dataexchange": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+			},
+		},
+		"datapipeline": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+			},
+		},
+		"datasync": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-4",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ca-central-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "datasync-fips.ca-central-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "fips-ca-central-1",
+				}: endpoint{
+					Hostname: "datasync-fips.ca-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ca-central-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-1",
+				}: endpoint{
+					Hostname: "datasync-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-2",
+				}: endpoint{
+					Hostname: "datasync-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-1",
+				}: endpoint{
+					Hostname: "datasync-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-2",
+				}: endpoint{
+					Hostname: "datasync-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "me-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "datasync-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "datasync-fips.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "datasync-fips.us-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "datasync-fips.us-west-2.amazonaws.com",
+				},
+			},
+		},
+		"dax": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+			},
+		},
+		"devicefarm": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+			},
+		},
+		"devops-guru": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{
+					Protocols: []string{"https"},
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ca-central-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "devops-guru-fips.ca-central-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "fips-ca-central-1",
+				}: endpoint{
+					Hostname: "devops-guru-fips.ca-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ca-central-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-1",
+				}: endpoint{
+					Hostname: "devops-guru-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-2",
+				}: endpoint{
+					Hostname: "devops-guru-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-1",
+				}: endpoint{
+					Hostname: "devops-guru-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-2",
+				}: endpoint{
+					Hostname: "devops-guru-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "devops-guru-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "devops-guru-fips.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "devops-guru-fips.us-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "devops-guru-fips.us-west-2.amazonaws.com",
+				},
+			},
+		},
+		"directconnect": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-4",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "fips-us-east-1",
+				}: endpoint{
+					Hostname: "directconnect-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-2",
+				}: endpoint{
+					Hostname: "directconnect-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-1",
+				}: endpoint{
+					Hostname: "directconnect-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-2",
+				}: endpoint{
+					Hostname: "directconnect-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "me-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "directconnect-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "directconnect-fips.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "directconnect-fips.us-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "directconnect-fips.us-west-2.amazonaws.com",
+				},
+			},
+		},
+		"discovery": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+			},
+		},
+		"dlm": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-4",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+			},
+		},
+		"dms": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-4",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "dms",
+				}: endpoint{
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region:  "dms",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "dms-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "dms-fips",
+				}: endpoint{
+					Hostname: "dms-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "dms-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-1-fips",
+				}: endpoint{
+					Hostname: "dms-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "dms-fips.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-2-fips",
+				}: endpoint{
+					Hostname: "dms-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "dms-fips.us-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-1-fips",
+				}: endpoint{
+					Hostname: "dms-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "dms-fips.us-west-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2-fips",
+				}: endpoint{
+					Hostname: "dms-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+			},
+		},
+		"docdb": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{
+					Hostname: "rds.ap-northeast-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-northeast-1",
+					},
+				},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{
+					Hostname: "rds.ap-northeast-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-northeast-2",
+					},
+				},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{
+					Hostname: "rds.ap-south-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-south-1",
+					},
+				},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{
+					Hostname: "rds.ap-southeast-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-southeast-1",
+					},
+				},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{
+					Hostname: "rds.ap-southeast-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-southeast-2",
+					},
+				},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{
+					Hostname: "rds.ca-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ca-central-1",
+					},
+				},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{
+					Hostname: "rds.eu-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-central-1",
+					},
+				},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{
+					Hostname: "rds.eu-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-west-1",
+					},
+				},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{
+					Hostname: "rds.eu-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-west-2",
+					},
+				},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{
+					Hostname: "rds.eu-west-3.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-west-3",
+					},
+				},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{
+					Hostname: "rds.sa-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "sa-east-1",
+					},
+				},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{
+					Hostname: "rds.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{
+					Hostname: "rds.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{
+					Hostname: "rds.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+				},
+			},
+		},
+		"drs": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+			},
+		},
+		"ds": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-4",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ca-central-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "ds-fips.ca-central-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "fips-ca-central-1",
+				}: endpoint{
+					Hostname: "ds-fips.ca-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ca-central-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-1",
+				}: endpoint{
+					Hostname: "ds-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-2",
+				}: endpoint{
+					Hostname: "ds-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-1",
+				}: endpoint{
+					Hostname: "ds-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-2",
+				}: endpoint{
+					Hostname: "ds-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "me-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "ds-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "ds-fips.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "ds-fips.us-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "ds-fips.us-west-2.amazonaws.com",
+				},
+			},
+		},
+		"dynamodb": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{
+					Protocols: []string{"http", "https"},
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-4",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ca-central-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "dynamodb-fips.ca-central-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "ca-central-1-fips",
+				}: endpoint{
+					Hostname: "dynamodb-fips.ca-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ca-central-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "local",
+				}: endpoint{
+					Hostname:  "localhost:8000",
+					Protocols: []string{"http"},
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+				},
+				endpointKey{
+					Region: "me-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "dynamodb-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-1-fips",
+				}: endpoint{
+					Hostname: "dynamodb-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "dynamodb-fips.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-2-fips",
+				}: endpoint{
+					Hostname: "dynamodb-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "dynamodb-fips.us-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-1-fips",
+				}: endpoint{
+					Hostname: "dynamodb-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "dynamodb-fips.us-west-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2-fips",
+				}: endpoint{
+					Hostname: "dynamodb-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+			},
+		},
+		"ebs": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-4",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ca-central-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "ebs-fips.ca-central-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "fips-ca-central-1",
+				}: endpoint{
+					Hostname: "ebs-fips.ca-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ca-central-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-1",
+				}: endpoint{
+					Hostname: "ebs-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-2",
+				}: endpoint{
+					Hostname: "ebs-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-1",
+				}: endpoint{
+					Hostname: "ebs-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-2",
+				}: endpoint{
+					Hostname: "ebs-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "me-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "ebs-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "ebs-fips.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "ebs-fips.us-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "ebs-fips.us-west-2.amazonaws.com",
+				},
+			},
+		},
+		"ec2": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{
+					Protocols: []string{"http", "https"},
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ap-south-1",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "ec2.ap-south-1.api.aws",
+				},
+				endpointKey{
+					Region: "ap-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-4",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ca-central-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "ec2-fips.ca-central-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "eu-west-1",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "ec2.eu-west-1.api.aws",
+				},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "fips-ca-central-1",
+				}: endpoint{
+					Hostname: "ec2-fips.ca-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ca-central-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-1",
+				}: endpoint{
+					Hostname: "ec2-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-2",
+				}: endpoint{
+					Hostname: "ec2-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-1",
+				}: endpoint{
+					Hostname: "ec2-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-2",
+				}: endpoint{
+					Hostname: "ec2-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "me-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "sa-east-1",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "ec2.sa-east-1.api.aws",
+				},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "ec2.us-east-1.api.aws",
+				},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "ec2-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "ec2.us-east-2.api.aws",
+				},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "ec2-fips.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "ec2-fips.us-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "ec2.us-west-2.api.aws",
+				},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "ec2-fips.us-west-2.amazonaws.com",
+				},
+			},
+		},
+		"ecs": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-4",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "fips-us-east-1",
+				}: endpoint{
+					Hostname: "ecs-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-2",
+				}: endpoint{
+					Hostname: "ecs-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-1",
+				}: endpoint{
+					Hostname: "ecs-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-2",
+				}: endpoint{
+					Hostname: "ecs-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "me-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "ecs-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "ecs-fips.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "ecs-fips.us-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "ecs-fips.us-west-2.amazonaws.com",
+				},
+			},
+		},
+		"edge.sagemaker": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+			},
+		},
+		"eks": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{
+					Protocols: []string{"http", "https"},
+				},
+				defaultKey{
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname:  "fips.eks.{region}.{dnsSuffix}",
+					Protocols: []string{"http", "https"},
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-4",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "fips-us-east-1",
+				}: endpoint{
+					Hostname: "fips.eks.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-2",
+				}: endpoint{
+					Hostname: "fips.eks.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-1",
+				}: endpoint{
+					Hostname: "fips.eks.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-2",
+				}: endpoint{
+					Hostname: "fips.eks.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "me-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "fips.eks.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "fips.eks.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "fips.eks.us-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "fips.eks.us-west-2.amazonaws.com",
+				},
+			},
+		},
+		"elasticache": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-4",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "fips",
+				}: endpoint{
+					Hostname: "elasticache-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "me-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "elasticache-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-1-fips",
+				}: endpoint{
+					Hostname: "elasticache-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "elasticache-fips.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-2-fips",
+				}: endpoint{
+					Hostname: "elasticache-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "elasticache-fips.us-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-1-fips",
+				}: endpoint{
+					Hostname: "elasticache-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "elasticache-fips.us-west-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2-fips",
+				}: endpoint{
+					Hostname: "elasticache-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+			},
+		},
+		"elasticbeanstalk": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "fips-us-east-1",
+				}: endpoint{
+					Hostname: "elasticbeanstalk-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-2",
+				}: endpoint{
+					Hostname: "elasticbeanstalk-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-1",
+				}: endpoint{
+					Hostname: "elasticbeanstalk-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-2",
+				}: endpoint{
+					Hostname: "elasticbeanstalk-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "elasticbeanstalk-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "elasticbeanstalk-fips.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "elasticbeanstalk-fips.us-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "elasticbeanstalk-fips.us-west-2.amazonaws.com",
+				},
+			},
+		},
+		"elasticfilesystem": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "af-south-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "elasticfilesystem-fips.af-south-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ap-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "elasticfilesystem-fips.ap-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ap-northeast-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "elasticfilesystem-fips.ap-northeast-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ap-northeast-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "elasticfilesystem-fips.ap-northeast-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ap-northeast-3",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "elasticfilesystem-fips.ap-northeast-3.amazonaws.com",
+				},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ap-south-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "elasticfilesystem-fips.ap-south-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "ap-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ap-south-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "elasticfilesystem-fips.ap-south-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ap-southeast-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "elasticfilesystem-fips.ap-southeast-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ap-southeast-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "elasticfilesystem-fips.ap-southeast-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "ap-southeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ap-southeast-3",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "elasticfilesystem-fips.ap-southeast-3.amazonaws.com",
+				},
+				endpointKey{
+					Region: "ap-southeast-4",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ap-southeast-4",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "elasticfilesystem-fips.ap-southeast-4.amazonaws.com",
+				},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ca-central-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "elasticfilesystem-fips.ca-central-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "eu-central-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "elasticfilesystem-fips.eu-central-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "eu-central-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "eu-central-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "elasticfilesystem-fips.eu-central-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "eu-north-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "elasticfilesystem-fips.eu-north-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "eu-south-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "elasticfilesystem-fips.eu-south-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "eu-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "eu-south-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "elasticfilesystem-fips.eu-south-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "eu-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "elasticfilesystem-fips.eu-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "eu-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "elasticfilesystem-fips.eu-west-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region:  "eu-west-3",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "elasticfilesystem-fips.eu-west-3.amazonaws.com",
+				},
+				endpointKey{
+					Region: "fips-af-south-1",
+				}: endpoint{
+					Hostname: "elasticfilesystem-fips.af-south-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "af-south-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-ap-east-1",
+				}: endpoint{
+					Hostname: "elasticfilesystem-fips.ap-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-ap-northeast-1",
+				}: endpoint{
+					Hostname: "elasticfilesystem-fips.ap-northeast-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-northeast-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-ap-northeast-2",
+				}: endpoint{
+					Hostname: "elasticfilesystem-fips.ap-northeast-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-northeast-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-ap-northeast-3",
+				}: endpoint{
+					Hostname: "elasticfilesystem-fips.ap-northeast-3.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-northeast-3",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-ap-south-1",
+				}: endpoint{
+					Hostname: "elasticfilesystem-fips.ap-south-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-south-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-ap-south-2",
+				}: endpoint{
+					Hostname: "elasticfilesystem-fips.ap-south-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-south-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-ap-southeast-1",
+				}: endpoint{
+					Hostname: "elasticfilesystem-fips.ap-southeast-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-southeast-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-ap-southeast-2",
+				}: endpoint{
+					Hostname: "elasticfilesystem-fips.ap-southeast-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-southeast-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-ap-southeast-3",
+				}: endpoint{
+					Hostname: "elasticfilesystem-fips.ap-southeast-3.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-southeast-3",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-ap-southeast-4",
+				}: endpoint{
+					Hostname: "elasticfilesystem-fips.ap-southeast-4.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-southeast-4",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-ca-central-1",
+				}: endpoint{
+					Hostname: "elasticfilesystem-fips.ca-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ca-central-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-eu-central-1",
+				}: endpoint{
+					Hostname: "elasticfilesystem-fips.eu-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-central-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-eu-central-2",
+				}: endpoint{
+					Hostname: "elasticfilesystem-fips.eu-central-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-central-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-eu-north-1",
+				}: endpoint{
+					Hostname: "elasticfilesystem-fips.eu-north-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-north-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-eu-south-1",
+				}: endpoint{
+					Hostname: "elasticfilesystem-fips.eu-south-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-south-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-eu-south-2",
+				}: endpoint{
+					Hostname: "elasticfilesystem-fips.eu-south-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-south-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-eu-west-1",
+				}: endpoint{
+					Hostname: "elasticfilesystem-fips.eu-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-eu-west-2",
+				}: endpoint{
+					Hostname: "elasticfilesystem-fips.eu-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-eu-west-3",
+				}: endpoint{
+					Hostname: "elasticfilesystem-fips.eu-west-3.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-west-3",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-me-central-1",
+				}: endpoint{
+					Hostname: "elasticfilesystem-fips.me-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "me-central-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-me-south-1",
+				}: endpoint{
+					Hostname: "elasticfilesystem-fips.me-south-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "me-south-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-sa-east-1",
+				}: endpoint{
+					Hostname: "elasticfilesystem-fips.sa-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "sa-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-1",
+				}: endpoint{
+					Hostname: "elasticfilesystem-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-2",
+				}: endpoint{
+					Hostname: "elasticfilesystem-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-1",
+				}: endpoint{
+					Hostname: "elasticfilesystem-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-2",
+				}: endpoint{
+					Hostname: "elasticfilesystem-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "me-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "me-central-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "elasticfilesystem-fips.me-central-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "me-south-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "elasticfilesystem-fips.me-south-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "sa-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "elasticfilesystem-fips.sa-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "elasticfilesystem-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "elasticfilesystem-fips.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "elasticfilesystem-fips.us-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "elasticfilesystem-fips.us-west-2.amazonaws.com",
+				},
+			},
+		},
+		"elasticloadbalancing": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{
+					Protocols: []string{"https"},
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-4",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "fips-us-east-1",
+				}: endpoint{
+					Hostname: "elasticloadbalancing-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-2",
+				}: endpoint{
+					Hostname: "elasticloadbalancing-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-1",
+				}: endpoint{
+					Hostname: "elasticloadbalancing-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-2",
+				}: endpoint{
+					Hostname: "elasticloadbalancing-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "me-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "elasticloadbalancing-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "elasticloadbalancing-fips.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "elasticloadbalancing-fips.us-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "elasticloadbalancing-fips.us-west-2.amazonaws.com",
+				},
+			},
+		},
+		"elasticmapreduce": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{
+					SSLCommonName: "{region}.{service}.{dnsSuffix}",
+					Protocols:     []string{"https"},
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-4",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ca-central-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "elasticmapreduce-fips.ca-central-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{
+					SSLCommonName: "{service}.{region}.{dnsSuffix}",
+				},
+				endpointKey{
+					Region: "eu-central-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "fips-ca-central-1",
+				}: endpoint{
+					Hostname: "elasticmapreduce-fips.ca-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ca-central-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-1",
+				}: endpoint{
+					Hostname: "elasticmapreduce-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-2",
+				}: endpoint{
+					Hostname: "elasticmapreduce-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-1",
+				}: endpoint{
+					Hostname: "elasticmapreduce-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-2",
+				}: endpoint{
+					Hostname: "elasticmapreduce-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "me-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{
+					SSLCommonName: "{service}.{region}.{dnsSuffix}",
+				},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname:      "elasticmapreduce-fips.us-east-1.amazonaws.com",
+					SSLCommonName: "{service}.{region}.{dnsSuffix}",
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "elasticmapreduce-fips.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "elasticmapreduce-fips.us-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "elasticmapreduce-fips.us-west-2.amazonaws.com",
+				},
+			},
+		},
+		"elastictranscoder": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+			},
+		},
+		"email": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "fips-us-east-1",
+				}: endpoint{
+					Hostname: "email-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-2",
+				}: endpoint{
+					Hostname: "email-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "email-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "email-fips.us-west-2.amazonaws.com",
+				},
+			},
+		},
+		"emr-containers": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ca-central-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "emr-containers-fips.ca-central-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "fips-ca-central-1",
+				}: endpoint{
+					Hostname: "emr-containers-fips.ca-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ca-central-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-1",
+				}: endpoint{
+					Hostname: "emr-containers-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-2",
+				}: endpoint{
+					Hostname: "emr-containers-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-1",
+				}: endpoint{
+					Hostname: "emr-containers-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-2",
+				}: endpoint{
+					Hostname: "emr-containers-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "emr-containers-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "emr-containers-fips.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "emr-containers-fips.us-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "emr-containers-fips.us-west-2.amazonaws.com",
+				},
+			},
+		},
+		"emr-serverless": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ca-central-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "emr-serverless-fips.ca-central-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "fips-ca-central-1",
+				}: endpoint{
+					Hostname: "emr-serverless-fips.ca-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ca-central-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-1",
+				}: endpoint{
+					Hostname: "emr-serverless-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-2",
+				}: endpoint{
+					Hostname: "emr-serverless-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-1",
+				}: endpoint{
+					Hostname: "emr-serverless-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-2",
+				}: endpoint{
+					Hostname: "emr-serverless-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "emr-serverless-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "emr-serverless-fips.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "emr-serverless-fips.us-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "emr-serverless-fips.us-west-2.amazonaws.com",
+				},
+			},
+		},
+		"entitlement.marketplace": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{
+					CredentialScope: credentialScope{
+						Service: "aws-marketplace",
+					},
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+			},
+		},
+		"es": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-4",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "fips",
+				}: endpoint{
+					Hostname: "es-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "me-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "es-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-1-fips",
+				}: endpoint{
+					Hostname: "es-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "es-fips.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-2-fips",
+				}: endpoint{
+					Hostname: "es-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "es-fips.us-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-1-fips",
+				}: endpoint{
+					Hostname: "es-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "es-fips.us-west-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2-fips",
+				}: endpoint{
+					Hostname: "es-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+			},
+		},
+		"events": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-4",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "fips-us-east-1",
+				}: endpoint{
+					Hostname: "events-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-2",
+				}: endpoint{
+					Hostname: "events-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-1",
+				}: endpoint{
+					Hostname: "events-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-2",
+				}: endpoint{
+					Hostname: "events-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "me-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "events-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "events-fips.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "events-fips.us-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "events-fips.us-west-2.amazonaws.com",
+				},
+			},
+		},
+		"evidently": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{
+					Hostname: "evidently.ap-northeast-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{
+					Hostname: "evidently.ap-southeast-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{
+					Hostname: "evidently.ap-southeast-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{
+					Hostname: "evidently.eu-central-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{
+					Hostname: "evidently.eu-north-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{
+					Hostname: "evidently.eu-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{
+					Hostname: "evidently.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{
+					Hostname: "evidently.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{
+					Hostname: "evidently.us-west-2.amazonaws.com",
+				},
+			},
+		},
+		"finspace": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+			},
+		},
+		"finspace-api": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+			},
+		},
+		"firehose": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-4",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "fips-us-east-1",
+				}: endpoint{
+					Hostname: "firehose-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-2",
+				}: endpoint{
+					Hostname: "firehose-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-1",
+				}: endpoint{
+					Hostname: "firehose-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-2",
+				}: endpoint{
+					Hostname: "firehose-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "me-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "firehose-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "firehose-fips.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "firehose-fips.us-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "firehose-fips.us-west-2.amazonaws.com",
+				},
+			},
+		},
+		"fms": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{
+					Protocols: []string{"https"},
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "af-south-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "fms-fips.af-south-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ap-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "fms-fips.ap-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ap-northeast-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "fms-fips.ap-northeast-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ap-northeast-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "fms-fips.ap-northeast-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ap-south-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "fms-fips.ap-south-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "ap-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ap-southeast-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "fms-fips.ap-southeast-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ap-southeast-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "fms-fips.ap-southeast-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "ap-southeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-4",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ca-central-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "fms-fips.ca-central-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "eu-central-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "fms-fips.eu-central-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "eu-central-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "eu-south-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "fms-fips.eu-south-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "eu-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "eu-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "fms-fips.eu-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "eu-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "fms-fips.eu-west-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region:  "eu-west-3",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "fms-fips.eu-west-3.amazonaws.com",
+				},
+				endpointKey{
+					Region: "fips-af-south-1",
+				}: endpoint{
+					Hostname: "fms-fips.af-south-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "af-south-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-ap-east-1",
+				}: endpoint{
+					Hostname: "fms-fips.ap-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-ap-northeast-1",
+				}: endpoint{
+					Hostname: "fms-fips.ap-northeast-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-northeast-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-ap-northeast-2",
+				}: endpoint{
+					Hostname: "fms-fips.ap-northeast-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-northeast-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-ap-south-1",
+				}: endpoint{
+					Hostname: "fms-fips.ap-south-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-south-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-ap-southeast-1",
+				}: endpoint{
+					Hostname: "fms-fips.ap-southeast-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-southeast-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-ap-southeast-2",
+				}: endpoint{
+					Hostname: "fms-fips.ap-southeast-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-southeast-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-ca-central-1",
+				}: endpoint{
+					Hostname: "fms-fips.ca-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ca-central-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-eu-central-1",
+				}: endpoint{
+					Hostname: "fms-fips.eu-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-central-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-eu-south-1",
+				}: endpoint{
+					Hostname: "fms-fips.eu-south-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-south-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-eu-west-1",
+				}: endpoint{
+					Hostname: "fms-fips.eu-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-eu-west-2",
+				}: endpoint{
+					Hostname: "fms-fips.eu-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-eu-west-3",
+				}: endpoint{
+					Hostname: "fms-fips.eu-west-3.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-west-3",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-me-south-1",
+				}: endpoint{
+					Hostname: "fms-fips.me-south-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "me-south-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-sa-east-1",
+				}: endpoint{
+					Hostname: "fms-fips.sa-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "sa-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-1",
+				}: endpoint{
+					Hostname: "fms-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-2",
+				}: endpoint{
+					Hostname: "fms-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-1",
+				}: endpoint{
+					Hostname: "fms-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-2",
+				}: endpoint{
+					Hostname: "fms-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "me-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "me-south-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "fms-fips.me-south-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "sa-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "fms-fips.sa-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "fms-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "fms-fips.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "fms-fips.us-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "fms-fips.us-west-2.amazonaws.com",
+				},
+			},
+		},
+		"forecast": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "fips-us-east-1",
+				}: endpoint{
+					Hostname: "forecast-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-2",
+				}: endpoint{
+					Hostname: "forecast-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-2",
+				}: endpoint{
+					Hostname: "forecast-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "forecast-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "forecast-fips.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "forecast-fips.us-west-2.amazonaws.com",
+				},
+			},
+		},
+		"forecastquery": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "fips-us-east-1",
+				}: endpoint{
+					Hostname: "forecastquery-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-2",
+				}: endpoint{
+					Hostname: "forecastquery-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-2",
+				}: endpoint{
+					Hostname: "forecastquery-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "forecastquery-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "forecastquery-fips.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "forecastquery-fips.us-west-2.amazonaws.com",
+				},
+			},
+		},
+		"frauddetector": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+			},
+		},
+		"fsx": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-4",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ca-central-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "fsx-fips.ca-central-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "fips-ca-central-1",
+				}: endpoint{
+					Hostname: "fsx-fips.ca-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ca-central-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-prod-ca-central-1",
+				}: endpoint{
+					Hostname: "fsx-fips.ca-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ca-central-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-prod-us-east-1",
+				}: endpoint{
+					Hostname: "fsx-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-prod-us-east-2",
+				}: endpoint{
+					Hostname: "fsx-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-prod-us-west-1",
+				}: endpoint{
+					Hostname: "fsx-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-prod-us-west-2",
+				}: endpoint{
+					Hostname: "fsx-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-1",
+				}: endpoint{
+					Hostname: "fsx-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-2",
+				}: endpoint{
+					Hostname: "fsx-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-1",
+				}: endpoint{
+					Hostname: "fsx-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-2",
+				}: endpoint{
+					Hostname: "fsx-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "me-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "prod-ca-central-1",
+				}: endpoint{
+					CredentialScope: credentialScope{
+						Region: "ca-central-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region:  "prod-ca-central-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "fsx-fips.ca-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ca-central-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "prod-us-east-1",
+				}: endpoint{
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region:  "prod-us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "fsx-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "prod-us-east-2",
+				}: endpoint{
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region:  "prod-us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "fsx-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "prod-us-west-1",
+				}: endpoint{
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region:  "prod-us-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "fsx-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "prod-us-west-2",
+				}: endpoint{
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region:  "prod-us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "fsx-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "fsx-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "fsx-fips.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "fsx-fips.us-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "fsx-fips.us-west-2.amazonaws.com",
+				},
+			},
+		},
+		"gamelift": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+			},
+		},
+		"gamesparks": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+			},
+		},
+		"geo": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+			},
+		},
+		"glacier": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{
+					Protocols: []string{"http", "https"},
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ca-central-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "glacier-fips.ca-central-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "fips-ca-central-1",
+				}: endpoint{
+					Hostname: "glacier-fips.ca-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ca-central-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-1",
+				}: endpoint{
+					Hostname: "glacier-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-2",
+				}: endpoint{
+					Hostname: "glacier-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-1",
+				}: endpoint{
+					Hostname: "glacier-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-2",
+				}: endpoint{
+					Hostname: "glacier-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "glacier-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "glacier-fips.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "glacier-fips.us-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "glacier-fips.us-west-2.amazonaws.com",
+				},
+			},
+		},
+		"glue": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "fips-us-east-1",
+				}: endpoint{
+					Hostname: "glue-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-2",
+				}: endpoint{
+					Hostname: "glue-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-1",
+				}: endpoint{
+					Hostname: "glue-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-2",
+				}: endpoint{
+					Hostname: "glue-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "me-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "glue-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "glue-fips.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "glue-fips.us-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "glue-fips.us-west-2.amazonaws.com",
+				},
+			},
+		},
+		"grafana": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{
+					Hostname: "grafana.ap-northeast-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-northeast-1",
+					},
+				},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{
+					Hostname: "grafana.ap-northeast-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-northeast-2",
+					},
+				},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{
+					Hostname: "grafana.ap-southeast-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-southeast-1",
+					},
+				},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{
+					Hostname: "grafana.ap-southeast-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-southeast-2",
+					},
+				},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{
+					Hostname: "grafana.eu-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-central-1",
+					},
+				},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{
+					Hostname: "grafana.eu-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-west-1",
+					},
+				},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{
+					Hostname: "grafana.eu-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-west-2",
+					},
+				},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{
+					Hostname: "grafana.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{
+					Hostname: "grafana.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{
+					Hostname: "grafana.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+				},
+			},
+		},
+		"greengrass": service{
+			IsRegionalized: boxedTrue,
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{
+					Protocols: []string{"https"},
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ca-central-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "greengrass-fips.ca-central-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "fips-ca-central-1",
+				}: endpoint{
+					Hostname: "greengrass-fips.ca-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ca-central-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-1",
+				}: endpoint{
+					Hostname: "greengrass-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-2",
+				}: endpoint{
+					Hostname: "greengrass-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-2",
+				}: endpoint{
+					Hostname: "greengrass-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "greengrass-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "greengrass-fips.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "greengrass-fips.us-west-2.amazonaws.com",
+				},
+			},
+		},
+		"groundstation": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "fips-us-east-1",
+				}: endpoint{
+					Hostname: "groundstation-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-2",
+				}: endpoint{
+					Hostname: "groundstation-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-2",
+				}: endpoint{
+					Hostname: "groundstation-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "groundstation-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "groundstation-fips.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "groundstation-fips.us-west-2.amazonaws.com",
+				},
+			},
+		},
+		"guardduty": service{
+			IsRegionalized: boxedTrue,
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{
+					Protocols: []string{"https"},
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-4",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "guardduty-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-1-fips",
+				}: endpoint{
+					Hostname: "guardduty-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "guardduty-fips.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-2-fips",
+				}: endpoint{
+					Hostname: "guardduty-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "guardduty-fips.us-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-1-fips",
+				}: endpoint{
+					Hostname: "guardduty-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "guardduty-fips.us-west-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2-fips",
+				}: endpoint{
+					Hostname: "guardduty-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+			},
+		},
+		"health": service{
+			PartitionEndpoint: "aws-global",
+			IsRegionalized:    boxedFalse,
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{
+					SSLCommonName: "health.us-east-1.amazonaws.com",
+					Protocols:     []string{"https"},
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "aws-global",
+				}: endpoint{
+					Hostname: "global.health.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+				},
+				endpointKey{
+					Region: "fips-us-east-2",
+				}: endpoint{
+					Hostname: "health-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "health-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+			},
+		},
+		"healthlake": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{
+					Protocols: []string{"https"},
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+			},
+		},
+		"honeycode": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+			},
+		},
+		"iam": service{
+			PartitionEndpoint: "aws-global",
+			IsRegionalized:    boxedFalse,
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "aws-global",
+				}: endpoint{
+					Hostname: "iam.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+				},
+				endpointKey{
+					Region:  "aws-global",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "iam-fips.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+				},
+				endpointKey{
+					Region: "aws-global-fips",
+				}: endpoint{
+					Hostname: "iam-fips.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "iam",
+				}: endpoint{
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region:  "iam",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "iam-fips.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "iam-fips",
+				}: endpoint{
+					Hostname: "iam-fips.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+			},
+		},
+		"identity-chime": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "identity-chime-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-1-fips",
+				}: endpoint{
+					Hostname: "identity-chime-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+			},
+		},
+		"identitystore": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+			},
+		},
+		"importexport": service{
+			PartitionEndpoint: "aws-global",
+			IsRegionalized:    boxedFalse,
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "aws-global",
+				}: endpoint{
+					Hostname:          "importexport.amazonaws.com",
+					SignatureVersions: []string{"v2", "v4"},
+					CredentialScope: credentialScope{
+						Region:  "us-east-1",
+						Service: "IngestionService",
+					},
+				},
+			},
+		},
+		"ingest.timestream": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ingest-fips-us-east-1",
+				}: endpoint{
+					Hostname: "ingest.timestream-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "ingest-fips-us-east-2",
+				}: endpoint{
+					Hostname: "ingest.timestream-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "ingest-fips-us-west-2",
+				}: endpoint{
+					Hostname: "ingest.timestream-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "ingest-us-east-1",
+				}: endpoint{
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region:  "ingest-us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "ingest.timestream-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "ingest-us-east-2",
+				}: endpoint{
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region:  "ingest-us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "ingest.timestream-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "ingest-us-west-2",
+				}: endpoint{
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region:  "ingest-us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "ingest.timestream-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+			},
+		},
+		"inspector": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "fips-us-east-1",
+				}: endpoint{
+					Hostname: "inspector-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-2",
+				}: endpoint{
+					Hostname: "inspector-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-1",
+				}: endpoint{
+					Hostname: "inspector-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-2",
+				}: endpoint{
+					Hostname: "inspector-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "inspector-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "inspector-fips.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "inspector-fips.us-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "inspector-fips.us-west-2.amazonaws.com",
+				},
+			},
+		},
+		"inspector2": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+			},
+		},
+		"internetmonitor": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{
+					DNSSuffix: "api.aws",
+				},
+				defaultKey{
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname:  "{service}-fips.{region}.{dnsSuffix}",
+					DNSSuffix: "api.aws",
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{
+					Hostname: "internetmonitor.af-south-1.api.aws",
+				},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{
+					Hostname: "internetmonitor.ap-east-1.api.aws",
+				},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{
+					Hostname: "internetmonitor.ap-northeast-1.api.aws",
+				},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{
+					Hostname: "internetmonitor.ap-northeast-2.api.aws",
+				},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{
+					Hostname: "internetmonitor.ap-south-1.api.aws",
+				},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{
+					Hostname: "internetmonitor.ap-southeast-1.api.aws",
+				},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{
+					Hostname: "internetmonitor.ap-southeast-2.api.aws",
+				},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{
+					Hostname: "internetmonitor.ca-central-1.api.aws",
+				},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{
+					Hostname: "internetmonitor.eu-central-1.api.aws",
+				},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{
+					Hostname: "internetmonitor.eu-north-1.api.aws",
+				},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{
+					Hostname: "internetmonitor.eu-south-1.api.aws",
+				},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{
+					Hostname: "internetmonitor.eu-west-1.api.aws",
+				},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{
+					Hostname: "internetmonitor.eu-west-2.api.aws",
+				},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{
+					Hostname: "internetmonitor.eu-west-3.api.aws",
+				},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{
+					Hostname: "internetmonitor.me-south-1.api.aws",
+				},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{
+					Hostname: "internetmonitor.sa-east-1.api.aws",
+				},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{
+					Hostname: "internetmonitor.us-east-1.api.aws",
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{
+					Hostname: "internetmonitor.us-east-2.api.aws",
+				},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{
+					Hostname: "internetmonitor.us-west-1.api.aws",
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{
+					Hostname: "internetmonitor.us-west-2.api.aws",
+				},
+			},
+		},
+		"iot": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ca-central-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "iot-fips.ca-central-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "fips-ca-central-1",
+				}: endpoint{
+					Hostname: "iot-fips.ca-central-1.amazonaws.com",
+
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-1",
+				}: endpoint{
+					Hostname: "iot-fips.us-east-1.amazonaws.com",
+
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-2",
+				}: endpoint{
+					Hostname: "iot-fips.us-east-2.amazonaws.com",
+
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-1",
+				}: endpoint{
+					Hostname: "iot-fips.us-west-1.amazonaws.com",
+
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-2",
+				}: endpoint{
+					Hostname: "iot-fips.us-west-2.amazonaws.com",
+
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "me-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "iot-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "iot-fips.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "iot-fips.us-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "iot-fips.us-west-2.amazonaws.com",
+				},
+			},
+		},
+		"iotanalytics": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+			},
+		},
+		"iotevents": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ca-central-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "iotevents-fips.ca-central-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "fips-ca-central-1",
+				}: endpoint{
+					Hostname: "iotevents-fips.ca-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ca-central-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-1",
+				}: endpoint{
+					Hostname: "iotevents-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-2",
+				}: endpoint{
+					Hostname: "iotevents-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-2",
+				}: endpoint{
+					Hostname: "iotevents-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "iotevents-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "iotevents-fips.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "iotevents-fips.us-west-2.amazonaws.com",
+				},
+			},
+		},
+		"ioteventsdata": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{
+					Hostname: "data.iotevents.ap-northeast-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-northeast-1",
+					},
+				},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{
+					Hostname: "data.iotevents.ap-northeast-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-northeast-2",
+					},
+				},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{
+					Hostname: "data.iotevents.ap-south-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-south-1",
+					},
+				},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{
+					Hostname: "data.iotevents.ap-southeast-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-southeast-1",
+					},
+				},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{
+					Hostname: "data.iotevents.ap-southeast-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-southeast-2",
+					},
+				},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{
+					Hostname: "data.iotevents.ca-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ca-central-1",
+					},
+				},
+				endpointKey{
+					Region:  "ca-central-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "data.iotevents-fips.ca-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ca-central-1",
+					},
+				},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{
+					Hostname: "data.iotevents.eu-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-central-1",
+					},
+				},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{
+					Hostname: "data.iotevents.eu-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-west-1",
+					},
+				},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{
+					Hostname: "data.iotevents.eu-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-west-2",
+					},
+				},
+				endpointKey{
+					Region: "fips-ca-central-1",
+				}: endpoint{
+					Hostname: "data.iotevents-fips.ca-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ca-central-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-1",
+				}: endpoint{
+					Hostname: "data.iotevents-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-2",
+				}: endpoint{
+					Hostname: "data.iotevents-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-2",
+				}: endpoint{
+					Hostname: "data.iotevents-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{
+					Hostname: "data.iotevents.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+				},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "data.iotevents-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{
+					Hostname: "data.iotevents.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+				},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "data.iotevents-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{
+					Hostname: "data.iotevents.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+				},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "data.iotevents-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+				},
+			},
+		},
+		"iotfleetwise": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+			},
+		},
+		"iotroborunner": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+			},
+		},
+		"iotsecuredtunneling": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{},
+				defaultKey{
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "api.tunneling.iot-fips.{region}.{dnsSuffix}",
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ca-central-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "api.tunneling.iot-fips.ca-central-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "fips-ca-central-1",
+				}: endpoint{
+					Hostname: "api.tunneling.iot-fips.ca-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ca-central-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-1",
+				}: endpoint{
+					Hostname: "api.tunneling.iot-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-2",
+				}: endpoint{
+					Hostname: "api.tunneling.iot-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-1",
+				}: endpoint{
+					Hostname: "api.tunneling.iot-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-2",
+				}: endpoint{
+					Hostname: "api.tunneling.iot-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "api.tunneling.iot-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "api.tunneling.iot-fips.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "api.tunneling.iot-fips.us-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "api.tunneling.iot-fips.us-west-2.amazonaws.com",
+				},
+			},
+		},
+		"iotsitewise": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ca-central-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "iotsitewise-fips.ca-central-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "fips-ca-central-1",
+				}: endpoint{
+					Hostname: "iotsitewise-fips.ca-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ca-central-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-1",
+				}: endpoint{
+					Hostname: "iotsitewise-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-2",
+				}: endpoint{
+					Hostname: "iotsitewise-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-2",
+				}: endpoint{
+					Hostname: "iotsitewise-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "iotsitewise-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "iotsitewise-fips.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "iotsitewise-fips.us-west-2.amazonaws.com",
+				},
+			},
+		},
+		"iotthingsgraph": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{
+					CredentialScope: credentialScope{
+						Service: "iotthingsgraph",
+					},
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+			},
+		},
+		"iottwinmaker": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "fips-us-east-1",
+				}: endpoint{
+					Hostname: "iottwinmaker-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-2",
+				}: endpoint{
+					Hostname: "iottwinmaker-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "iottwinmaker-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "iottwinmaker-fips.us-west-2.amazonaws.com",
+				},
+			},
+		},
+		"iotwireless": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{
+					Hostname: "api.iotwireless.ap-northeast-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-northeast-1",
+					},
+				},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{
+					Hostname: "api.iotwireless.ap-southeast-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-southeast-2",
+					},
+				},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{
+					Hostname: "api.iotwireless.eu-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-west-1",
+					},
+				},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{
+					Hostname: "api.iotwireless.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{
+					Hostname: "api.iotwireless.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+				},
+			},
+		},
+		"ivs": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+			},
+		},
+		"ivschat": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+			},
+		},
+		"ivsrealtime": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+			},
+		},
+		"kafka": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-4",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ca-central-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "kafka-fips.ca-central-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "fips-ca-central-1",
+				}: endpoint{
+					Hostname: "kafka-fips.ca-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ca-central-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-1",
+				}: endpoint{
+					Hostname: "kafka-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-2",
+				}: endpoint{
+					Hostname: "kafka-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-1",
+				}: endpoint{
+					Hostname: "kafka-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-2",
+				}: endpoint{
+					Hostname: "kafka-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "me-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "kafka-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "kafka-fips.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "kafka-fips.us-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "kafka-fips.us-west-2.amazonaws.com",
+				},
+			},
+		},
+		"kafkaconnect": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+			},
+		},
+		"kendra": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "fips-us-east-1",
+				}: endpoint{
+					Hostname: "kendra-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-2",
+				}: endpoint{
+					Hostname: "kendra-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-2",
+				}: endpoint{
+					Hostname: "kendra-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "kendra-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "kendra-fips.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "kendra-fips.us-west-2.amazonaws.com",
+				},
+			},
+		},
+		"kendra-ranking": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{
+					DNSSuffix: "api.aws",
+				},
+				defaultKey{
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname:  "{service}-fips.{region}.{dnsSuffix}",
+					DNSSuffix: "api.aws",
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{
+					Hostname: "kendra-ranking.af-south-1.api.aws",
+				},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{
+					Hostname: "kendra-ranking.ap-east-1.api.aws",
+				},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{
+					Hostname: "kendra-ranking.ap-northeast-1.api.aws",
+				},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{
+					Hostname: "kendra-ranking.ap-northeast-2.api.aws",
+				},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{
+					Hostname: "kendra-ranking.ap-northeast-3.api.aws",
+				},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{
+					Hostname: "kendra-ranking.ap-south-1.api.aws",
+				},
+				endpointKey{
+					Region: "ap-south-2",
+				}: endpoint{
+					Hostname: "kendra-ranking.ap-south-2.api.aws",
+				},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{
+					Hostname: "kendra-ranking.ap-southeast-1.api.aws",
+				},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{
+					Hostname: "kendra-ranking.ap-southeast-2.api.aws",
+				},
+				endpointKey{
+					Region: "ap-southeast-3",
+				}: endpoint{
+					Hostname: "kendra-ranking.ap-southeast-3.api.aws",
+				},
+				endpointKey{
+					Region: "ap-southeast-4",
+				}: endpoint{
+					Hostname: "kendra-ranking.ap-southeast-4.api.aws",
+				},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{
+					Hostname: "kendra-ranking.ca-central-1.api.aws",
+				},
+				endpointKey{
+					Region:  "ca-central-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "kendra-ranking-fips.ca-central-1.api.aws",
+				},
+				endpointKey{
+					Region: "eu-central-2",
+				}: endpoint{
+					Hostname: "kendra-ranking.eu-central-2.api.aws",
+				},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{
+					Hostname: "kendra-ranking.eu-north-1.api.aws",
+				},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{
+					Hostname: "kendra-ranking.eu-south-1.api.aws",
+				},
+				endpointKey{
+					Region: "eu-south-2",
+				}: endpoint{
+					Hostname: "kendra-ranking.eu-south-2.api.aws",
+				},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{
+					Hostname: "kendra-ranking.eu-west-1.api.aws",
+				},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{
+					Hostname: "kendra-ranking.eu-west-3.api.aws",
+				},
+				endpointKey{
+					Region: "me-central-1",
+				}: endpoint{
+					Hostname: "kendra-ranking.me-central-1.api.aws",
+				},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{
+					Hostname: "kendra-ranking.me-south-1.api.aws",
+				},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{
+					Hostname: "kendra-ranking.sa-east-1.api.aws",
+				},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{
+					Hostname: "kendra-ranking.us-east-1.api.aws",
+				},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "kendra-ranking-fips.us-east-1.api.aws",
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{
+					Hostname: "kendra-ranking.us-east-2.api.aws",
+				},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "kendra-ranking-fips.us-east-2.api.aws",
+				},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{
+					Hostname: "kendra-ranking.us-west-1.api.aws",
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{
+					Hostname: "kendra-ranking.us-west-2.api.aws",
+				},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "kendra-ranking-fips.us-west-2.api.aws",
+				},
+			},
+		},
+		"kinesis": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-4",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "fips-us-east-1",
+				}: endpoint{
+					Hostname: "kinesis-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-2",
+				}: endpoint{
+					Hostname: "kinesis-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-1",
+				}: endpoint{
+					Hostname: "kinesis-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-2",
+				}: endpoint{
+					Hostname: "kinesis-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "me-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "kinesis-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "kinesis-fips.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "kinesis-fips.us-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "kinesis-fips.us-west-2.amazonaws.com",
+				},
+			},
+		},
+		"kinesisanalytics": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-4",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+			},
+		},
+		"kinesisvideo": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+			},
+		},
+		"kms": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ProdFips",
+				}: endpoint{
+					Hostname: "kms-fips.eu-central-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-central-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "af-south-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "kms-fips.af-south-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "af-south-1-fips",
+				}: endpoint{
+					Hostname: "kms-fips.af-south-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "af-south-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ap-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "kms-fips.ap-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "ap-east-1-fips",
+				}: endpoint{
+					Hostname: "kms-fips.ap-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ap-northeast-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "kms-fips.ap-northeast-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "ap-northeast-1-fips",
+				}: endpoint{
+					Hostname: "kms-fips.ap-northeast-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-northeast-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ap-northeast-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "kms-fips.ap-northeast-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "ap-northeast-2-fips",
+				}: endpoint{
+					Hostname: "kms-fips.ap-northeast-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-northeast-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ap-northeast-3",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "kms-fips.ap-northeast-3.amazonaws.com",
+				},
+				endpointKey{
+					Region: "ap-northeast-3-fips",
+				}: endpoint{
+					Hostname: "kms-fips.ap-northeast-3.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-northeast-3",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ap-south-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "kms-fips.ap-south-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "ap-south-1-fips",
+				}: endpoint{
+					Hostname: "kms-fips.ap-south-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-south-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "ap-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ap-south-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "kms-fips.ap-south-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "ap-south-2-fips",
+				}: endpoint{
+					Hostname: "kms-fips.ap-south-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-south-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ap-southeast-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "kms-fips.ap-southeast-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "ap-southeast-1-fips",
+				}: endpoint{
+					Hostname: "kms-fips.ap-southeast-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-southeast-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ap-southeast-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "kms-fips.ap-southeast-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "ap-southeast-2-fips",
+				}: endpoint{
+					Hostname: "kms-fips.ap-southeast-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-southeast-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "ap-southeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ap-southeast-3",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "kms-fips.ap-southeast-3.amazonaws.com",
+				},
+				endpointKey{
+					Region: "ap-southeast-3-fips",
+				}: endpoint{
+					Hostname: "kms-fips.ap-southeast-3.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-southeast-3",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "ap-southeast-4",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ap-southeast-4",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "kms-fips.ap-southeast-4.amazonaws.com",
+				},
+				endpointKey{
+					Region: "ap-southeast-4-fips",
+				}: endpoint{
+					Hostname: "kms-fips.ap-southeast-4.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-southeast-4",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ca-central-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "kms-fips.ca-central-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "ca-central-1-fips",
+				}: endpoint{
+					Hostname: "kms-fips.ca-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ca-central-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "eu-central-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "kms-fips.eu-central-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "eu-central-1-fips",
+				}: endpoint{
+					Hostname: "kms-fips.eu-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-central-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "eu-central-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "eu-central-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "kms-fips.eu-central-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "eu-central-2-fips",
+				}: endpoint{
+					Hostname: "kms-fips.eu-central-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-central-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "eu-north-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "kms-fips.eu-north-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "eu-north-1-fips",
+				}: endpoint{
+					Hostname: "kms-fips.eu-north-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-north-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "eu-south-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "kms-fips.eu-south-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "eu-south-1-fips",
+				}: endpoint{
+					Hostname: "kms-fips.eu-south-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-south-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "eu-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "eu-south-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "kms-fips.eu-south-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "eu-south-2-fips",
+				}: endpoint{
+					Hostname: "kms-fips.eu-south-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-south-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "eu-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "kms-fips.eu-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "eu-west-1-fips",
+				}: endpoint{
+					Hostname: "kms-fips.eu-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "eu-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "kms-fips.eu-west-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "eu-west-2-fips",
+				}: endpoint{
+					Hostname: "kms-fips.eu-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region:  "eu-west-3",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "kms-fips.eu-west-3.amazonaws.com",
+				},
+				endpointKey{
+					Region: "eu-west-3-fips",
+				}: endpoint{
+					Hostname: "kms-fips.eu-west-3.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-west-3",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "il-central-1-fips",
+				}: endpoint{
+					Hostname: "kms-fips.il-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "il-central-1",
+					},
+				},
+				endpointKey{
+					Region: "me-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "me-central-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "kms-fips.me-central-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "me-central-1-fips",
+				}: endpoint{
+					Hostname: "kms-fips.me-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "me-central-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "me-south-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "kms-fips.me-south-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "me-south-1-fips",
+				}: endpoint{
+					Hostname: "kms-fips.me-south-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "me-south-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "sa-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "kms-fips.sa-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "sa-east-1-fips",
+				}: endpoint{
+					Hostname: "kms-fips.sa-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "sa-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "kms-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-1-fips",
+				}: endpoint{
+					Hostname: "kms-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "kms-fips.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-2-fips",
+				}: endpoint{
+					Hostname: "kms-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "kms-fips.us-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-1-fips",
+				}: endpoint{
+					Hostname: "kms-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "kms-fips.us-west-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2-fips",
+				}: endpoint{
+					Hostname: "kms-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+			},
+		},
+		"lakeformation": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "fips-us-east-1",
+				}: endpoint{
+					Hostname: "lakeformation-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-2",
+				}: endpoint{
+					Hostname: "lakeformation-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-1",
+				}: endpoint{
+					Hostname: "lakeformation-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-2",
+				}: endpoint{
+					Hostname: "lakeformation-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "me-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "lakeformation-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "lakeformation-fips.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "lakeformation-fips.us-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "lakeformation-fips.us-west-2.amazonaws.com",
+				},
+			},
+		},
+		"lambda": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "af-south-1",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "lambda.af-south-1.api.aws",
+				},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ap-east-1",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "lambda.ap-east-1.api.aws",
+				},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ap-northeast-1",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "lambda.ap-northeast-1.api.aws",
+				},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ap-northeast-2",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "lambda.ap-northeast-2.api.aws",
+				},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ap-northeast-3",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "lambda.ap-northeast-3.api.aws",
+				},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ap-south-1",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "lambda.ap-south-1.api.aws",
+				},
+				endpointKey{
+					Region: "ap-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ap-south-2",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "lambda.ap-south-2.api.aws",
+				},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ap-southeast-1",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "lambda.ap-southeast-1.api.aws",
+				},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ap-southeast-2",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "lambda.ap-southeast-2.api.aws",
+				},
+				endpointKey{
+					Region: "ap-southeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ap-southeast-3",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "lambda.ap-southeast-3.api.aws",
+				},
+				endpointKey{
+					Region: "ap-southeast-4",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ap-southeast-4",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "lambda.ap-southeast-4.api.aws",
+				},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ca-central-1",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "lambda.ca-central-1.api.aws",
+				},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "eu-central-1",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "lambda.eu-central-1.api.aws",
+				},
+				endpointKey{
+					Region: "eu-central-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "eu-central-2",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "lambda.eu-central-2.api.aws",
+				},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "eu-north-1",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "lambda.eu-north-1.api.aws",
+				},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "eu-south-1",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "lambda.eu-south-1.api.aws",
+				},
+				endpointKey{
+					Region: "eu-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "eu-south-2",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "lambda.eu-south-2.api.aws",
+				},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "eu-west-1",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "lambda.eu-west-1.api.aws",
+				},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "eu-west-2",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "lambda.eu-west-2.api.aws",
+				},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region:  "eu-west-3",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "lambda.eu-west-3.api.aws",
+				},
+				endpointKey{
+					Region: "fips-us-east-1",
+				}: endpoint{
+					Hostname: "lambda-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-2",
+				}: endpoint{
+					Hostname: "lambda-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-1",
+				}: endpoint{
+					Hostname: "lambda-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-2",
+				}: endpoint{
+					Hostname: "lambda-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "me-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "me-central-1",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "lambda.me-central-1.api.aws",
+				},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "me-south-1",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "lambda.me-south-1.api.aws",
+				},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "sa-east-1",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "lambda.sa-east-1.api.aws",
+				},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "lambda.us-east-1.api.aws",
+				},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "lambda-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "lambda.us-east-2.api.aws",
+				},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "lambda-fips.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "lambda.us-west-1.api.aws",
+				},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "lambda-fips.us-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "lambda.us-west-2.api.aws",
+				},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "lambda-fips.us-west-2.amazonaws.com",
+				},
+			},
+		},
+		"license-manager": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "fips-us-east-1",
+				}: endpoint{
+					Hostname: "license-manager-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-2",
+				}: endpoint{
+					Hostname: "license-manager-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-1",
+				}: endpoint{
+					Hostname: "license-manager-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-2",
+				}: endpoint{
+					Hostname: "license-manager-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "license-manager-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "license-manager-fips.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "license-manager-fips.us-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "license-manager-fips.us-west-2.amazonaws.com",
+				},
+			},
+		},
+		"license-manager-linux-subscriptions": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-4",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "fips-us-east-1",
+				}: endpoint{
+					Hostname: "license-manager-linux-subscriptions-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-2",
+				}: endpoint{
+					Hostname: "license-manager-linux-subscriptions-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-1",
+				}: endpoint{
+					Hostname: "license-manager-linux-subscriptions-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-2",
+				}: endpoint{
+					Hostname: "license-manager-linux-subscriptions-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "me-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "license-manager-linux-subscriptions-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "license-manager-linux-subscriptions-fips.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "license-manager-linux-subscriptions-fips.us-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "license-manager-linux-subscriptions-fips.us-west-2.amazonaws.com",
+				},
+			},
+		},
+		"license-manager-user-subscriptions": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "fips-us-east-1",
+				}: endpoint{
+					Hostname: "license-manager-user-subscriptions-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-2",
+				}: endpoint{
+					Hostname: "license-manager-user-subscriptions-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-1",
+				}: endpoint{
+					Hostname: "license-manager-user-subscriptions-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-2",
+				}: endpoint{
+					Hostname: "license-manager-user-subscriptions-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "license-manager-user-subscriptions-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "license-manager-user-subscriptions-fips.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "license-manager-user-subscriptions-fips.us-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "license-manager-user-subscriptions-fips.us-west-2.amazonaws.com",
+				},
+			},
+		},
+		"lightsail": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+			},
+		},
+		"logs": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-4",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "fips-us-east-1",
+				}: endpoint{
+					Hostname: "logs-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-2",
+				}: endpoint{
+					Hostname: "logs-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-1",
+				}: endpoint{
+					Hostname: "logs-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-2",
+				}: endpoint{
+					Hostname: "logs-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "me-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "logs-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "logs-fips.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "logs-fips.us-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "logs-fips.us-west-2.amazonaws.com",
+				},
+			},
+		},
+		"lookoutequipment": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+			},
+		},
+		"lookoutmetrics": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+			},
+		},
+		"lookoutvision": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+			},
+		},
+		"m2": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ca-central-1",
+					Variant: fipsVariant,
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "fips-ca-central-1",
+				}: endpoint{
+
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-1",
+				}: endpoint{
+
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-2",
+				}: endpoint{
+
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-1",
+				}: endpoint{
+
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-2",
+				}: endpoint{
+
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: fipsVariant,
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{},
+			},
+		},
+		"machinelearning": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+			},
+		},
+		"macie": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "fips-us-east-1",
+				}: endpoint{
+					Hostname: "macie-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-2",
+				}: endpoint{
+					Hostname: "macie-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "macie-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "macie-fips.us-west-2.amazonaws.com",
+				},
+			},
+		},
+		"macie2": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "fips-us-east-1",
+				}: endpoint{
+					Hostname: "macie2-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-2",
+				}: endpoint{
+					Hostname: "macie2-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-1",
+				}: endpoint{
+					Hostname: "macie2-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-2",
+				}: endpoint{
+					Hostname: "macie2-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "macie2-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "macie2-fips.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "macie2-fips.us-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "macie2-fips.us-west-2.amazonaws.com",
+				},
+			},
+		},
+		"managedblockchain": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+			},
+		},
+		"marketplacecommerceanalytics": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+			},
+		},
+		"media-pipelines-chime": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "media-pipelines-chime-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-1-fips",
+				}: endpoint{
+					Hostname: "media-pipelines-chime-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "media-pipelines-chime-fips.us-west-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2-fips",
+				}: endpoint{
+					Hostname: "media-pipelines-chime-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+			},
+		},
+		"mediaconnect": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+			},
+		},
+		"mediaconvert": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ca-central-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "mediaconvert-fips.ca-central-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "fips-ca-central-1",
+				}: endpoint{
+					Hostname: "mediaconvert-fips.ca-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ca-central-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-1",
+				}: endpoint{
+					Hostname: "mediaconvert-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-2",
+				}: endpoint{
+					Hostname: "mediaconvert-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-1",
+				}: endpoint{
+					Hostname: "mediaconvert-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-2",
+				}: endpoint{
+					Hostname: "mediaconvert-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "mediaconvert-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "mediaconvert-fips.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "mediaconvert-fips.us-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "mediaconvert-fips.us-west-2.amazonaws.com",
+				},
+			},
+		},
+		"medialive": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "fips-us-east-1",
+				}: endpoint{
+					Hostname: "medialive-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-2",
+				}: endpoint{
+					Hostname: "medialive-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-2",
+				}: endpoint{
+					Hostname: "medialive-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "medialive-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "medialive-fips.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "medialive-fips.us-west-2.amazonaws.com",
+				},
+			},
+		},
+		"mediapackage": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+			},
+		},
+		"mediapackage-vod": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+			},
+		},
+		"mediapackagev2": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+			},
+		},
+		"mediastore": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+			},
+		},
+		"meetings-chime": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "meetings-chime-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-1-fips",
+				}: endpoint{
+					Hostname: "meetings-chime-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "meetings-chime-fips.us-west-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2-fips",
+				}: endpoint{
+					Hostname: "meetings-chime-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+			},
+		},
+		"memory-db": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "fips",
+				}: endpoint{
+					Hostname: "memory-db-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+				},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+			},
+		},
+		"messaging-chime": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "messaging-chime-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-1-fips",
+				}: endpoint{
+					Hostname: "messaging-chime-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+			},
+		},
+		"metering.marketplace": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{
+					CredentialScope: credentialScope{
+						Service: "aws-marketplace",
+					},
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-4",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+			},
+		},
+		"metrics.sagemaker": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-4",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+			},
+		},
+		"mgh": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+			},
+		},
+		"mgn": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-4",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "fips-us-east-1",
+				}: endpoint{
+					Hostname: "mgn-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-2",
+				}: endpoint{
+					Hostname: "mgn-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-1",
+				}: endpoint{
+					Hostname: "mgn-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-2",
+				}: endpoint{
+					Hostname: "mgn-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "me-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "mgn-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "mgn-fips.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "mgn-fips.us-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "mgn-fips.us-west-2.amazonaws.com",
+				},
+			},
+		},
+		"migrationhub-orchestrator": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+			},
+		},
+		"migrationhub-strategy": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+			},
+		},
+		"mobileanalytics": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+			},
+		},
+		"models-v2-lex": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+			},
+		},
+		"models.lex": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{
+					CredentialScope: credentialScope{
+						Service: "lex",
+					},
+				},
+				defaultKey{
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "models-fips.lex.{region}.{dnsSuffix}",
+					CredentialScope: credentialScope{
+						Service: "lex",
+					},
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "models-fips.lex.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-1-fips",
+				}: endpoint{
+					Hostname: "models-fips.lex.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "models-fips.lex.us-west-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2-fips",
+				}: endpoint{
+					Hostname: "models-fips.lex.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+			},
+		},
+		"monitoring": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{
+					Protocols: []string{"http", "https"},
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-4",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "fips-us-east-1",
+				}: endpoint{
+					Hostname: "monitoring-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-2",
+				}: endpoint{
+					Hostname: "monitoring-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-1",
+				}: endpoint{
+					Hostname: "monitoring-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-2",
+				}: endpoint{
+					Hostname: "monitoring-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "me-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "monitoring-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "monitoring-fips.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "monitoring-fips.us-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "monitoring-fips.us-west-2.amazonaws.com",
+				},
+			},
+		},
+		"mq": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-4",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "fips-us-east-1",
+				}: endpoint{
+					Hostname: "mq-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-2",
+				}: endpoint{
+					Hostname: "mq-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-1",
+				}: endpoint{
+					Hostname: "mq-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-2",
+				}: endpoint{
+					Hostname: "mq-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "me-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "mq-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "mq-fips.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "mq-fips.us-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "mq-fips.us-west-2.amazonaws.com",
+				},
+			},
+		},
+		"mturk-requester": service{
+			IsRegionalized: boxedFalse,
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "sandbox",
+				}: endpoint{
+					Hostname: "mturk-requester-sandbox.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+			},
+		},
+		"neptune": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{
+					Hostname: "rds.ap-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-east-1",
+					},
+				},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{
+					Hostname: "rds.ap-northeast-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-northeast-1",
+					},
+				},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{
+					Hostname: "rds.ap-northeast-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-northeast-2",
+					},
+				},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{
+					Hostname: "rds.ap-south-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-south-1",
+					},
+				},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{
+					Hostname: "rds.ap-southeast-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-southeast-1",
+					},
+				},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{
+					Hostname: "rds.ap-southeast-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-southeast-2",
+					},
+				},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{
+					Hostname: "rds.ca-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ca-central-1",
+					},
+				},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{
+					Hostname: "rds.eu-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-central-1",
+					},
+				},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{
+					Hostname: "rds.eu-north-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-north-1",
+					},
+				},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{
+					Hostname: "rds.eu-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-west-1",
+					},
+				},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{
+					Hostname: "rds.eu-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-west-2",
+					},
+				},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{
+					Hostname: "rds.eu-west-3.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-west-3",
+					},
+				},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{
+					Hostname: "rds.me-south-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "me-south-1",
+					},
+				},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{
+					Hostname: "rds.sa-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "sa-east-1",
+					},
+				},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{
+					Hostname: "rds.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{
+					Hostname: "rds.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+				},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{
+					Hostname: "rds.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{
+					Hostname: "rds.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+				},
+			},
+		},
+		"network-firewall": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ca-central-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "network-firewall-fips.ca-central-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "fips-ca-central-1",
+				}: endpoint{
+					Hostname: "network-firewall-fips.ca-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ca-central-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-1",
+				}: endpoint{
+					Hostname: "network-firewall-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-2",
+				}: endpoint{
+					Hostname: "network-firewall-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-1",
+				}: endpoint{
+					Hostname: "network-firewall-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-2",
+				}: endpoint{
+					Hostname: "network-firewall-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "me-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "network-firewall-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "network-firewall-fips.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "network-firewall-fips.us-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "network-firewall-fips.us-west-2.amazonaws.com",
+				},
+			},
+		},
+		"networkmanager": service{
+			PartitionEndpoint: "aws-global",
+			IsRegionalized:    boxedFalse,
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "aws-global",
+				}: endpoint{
+					Hostname: "networkmanager.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+				},
+			},
+		},
+		"nimble": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+			},
+		},
+		"oam": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-4",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+			},
+		},
+		"oidc": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{
+					Hostname: "oidc.af-south-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "af-south-1",
+					},
+				},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{
+					Hostname: "oidc.ap-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-east-1",
+					},
+				},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{
+					Hostname: "oidc.ap-northeast-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-northeast-1",
+					},
+				},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{
+					Hostname: "oidc.ap-northeast-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-northeast-2",
+					},
+				},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{
+					Hostname: "oidc.ap-northeast-3.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-northeast-3",
+					},
+				},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{
+					Hostname: "oidc.ap-south-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-south-1",
+					},
+				},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{
+					Hostname: "oidc.ap-southeast-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-southeast-1",
+					},
+				},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{
+					Hostname: "oidc.ap-southeast-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-southeast-2",
+					},
+				},
+				endpointKey{
+					Region: "ap-southeast-3",
+				}: endpoint{
+					Hostname: "oidc.ap-southeast-3.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-southeast-3",
+					},
+				},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{
+					Hostname: "oidc.ca-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ca-central-1",
+					},
+				},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{
+					Hostname: "oidc.eu-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-central-1",
+					},
+				},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{
+					Hostname: "oidc.eu-north-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-north-1",
+					},
+				},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{
+					Hostname: "oidc.eu-south-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-south-1",
+					},
+				},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{
+					Hostname: "oidc.eu-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-west-1",
+					},
+				},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{
+					Hostname: "oidc.eu-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-west-2",
+					},
+				},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{
+					Hostname: "oidc.eu-west-3.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-west-3",
+					},
+				},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{
+					Hostname: "oidc.me-south-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "me-south-1",
+					},
+				},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{
+					Hostname: "oidc.sa-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "sa-east-1",
+					},
+				},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{
+					Hostname: "oidc.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{
+					Hostname: "oidc.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+				},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{
+					Hostname: "oidc.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{
+					Hostname: "oidc.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+				},
+			},
+		},
+		"omics": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{
+					Hostname: "omics.ap-southeast-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-southeast-1",
+					},
+				},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{
+					Hostname: "omics.eu-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-central-1",
+					},
+				},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{
+					Hostname: "omics.eu-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-west-1",
+					},
+				},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{
+					Hostname: "omics.eu-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-west-2",
+					},
+				},
+				endpointKey{
+					Region: "fips-us-east-1",
+				}: endpoint{
+					Hostname: "omics-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-2",
+				}: endpoint{
+					Hostname: "omics-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{
+					Hostname: "omics.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+				},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "omics-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{
+					Hostname: "omics.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+				},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "omics-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+				},
+			},
+		},
+		"opsworks": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+			},
+		},
+		"opsworks-cm": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+			},
+		},
+		"organizations": service{
+			PartitionEndpoint: "aws-global",
+			IsRegionalized:    boxedFalse,
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "aws-global",
+				}: endpoint{
+					Hostname: "organizations.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+				},
+				endpointKey{
+					Region:  "aws-global",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "organizations-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+				},
+				endpointKey{
+					Region: "fips-aws-global",
+				}: endpoint{
+					Hostname: "organizations-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+			},
+		},
+		"osis": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+			},
+		},
+		"outposts": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ca-central-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "outposts-fips.ca-central-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "fips-ca-central-1",
+				}: endpoint{
+					Hostname: "outposts-fips.ca-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ca-central-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-1",
+				}: endpoint{
+					Hostname: "outposts-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-2",
+				}: endpoint{
+					Hostname: "outposts-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-1",
+				}: endpoint{
+					Hostname: "outposts-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-2",
+				}: endpoint{
+					Hostname: "outposts-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "outposts-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "outposts-fips.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "outposts-fips.us-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "outposts-fips.us-west-2.amazonaws.com",
+				},
+			},
+		},
+		"participant.connect": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "fips-us-east-1",
+				}: endpoint{
+					Hostname: "participant.connect-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-2",
+				}: endpoint{
+					Hostname: "participant.connect-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "participant.connect-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "participant.connect-fips.us-west-2.amazonaws.com",
+				},
+			},
+		},
+		"personalize": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+			},
+		},
+		"pi": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-4",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+			},
+		},
+		"pinpoint": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{
+					CredentialScope: credentialScope{
+						Service: "mobiletargeting",
+					},
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{
+					Hostname: "pinpoint.ca-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ca-central-1",
+					},
+				},
+				endpointKey{
+					Region:  "ca-central-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "pinpoint-fips.ca-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ca-central-1",
+					},
+				},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "fips-ca-central-1",
+				}: endpoint{
+					Hostname: "pinpoint-fips.ca-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ca-central-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-1",
+				}: endpoint{
+					Hostname: "pinpoint-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-2",
+				}: endpoint{
+					Hostname: "pinpoint-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-2",
+				}: endpoint{
+					Hostname: "pinpoint-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{
+					Hostname: "pinpoint.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+				},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "pinpoint-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{
+					Hostname: "pinpoint.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+				},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "pinpoint-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{
+					Hostname: "pinpoint.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+				},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "pinpoint-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+				},
+			},
+		},
+		"pipes": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+			},
+		},
+		"polly": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "fips-us-east-1",
+				}: endpoint{
+					Hostname: "polly-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-2",
+				}: endpoint{
+					Hostname: "polly-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-1",
+				}: endpoint{
+					Hostname: "polly-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-2",
+				}: endpoint{
+					Hostname: "polly-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "polly-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "polly-fips.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "polly-fips.us-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "polly-fips.us-west-2.amazonaws.com",
+				},
+			},
+		},
+		"portal.sso": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{
+					Hostname: "portal.sso.af-south-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "af-south-1",
+					},
+				},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{
+					Hostname: "portal.sso.ap-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-east-1",
+					},
+				},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{
+					Hostname: "portal.sso.ap-northeast-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-northeast-1",
+					},
+				},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{
+					Hostname: "portal.sso.ap-northeast-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-northeast-2",
+					},
+				},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{
+					Hostname: "portal.sso.ap-northeast-3.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-northeast-3",
+					},
+				},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{
+					Hostname: "portal.sso.ap-south-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-south-1",
+					},
+				},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{
+					Hostname: "portal.sso.ap-southeast-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-southeast-1",
+					},
+				},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{
+					Hostname: "portal.sso.ap-southeast-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-southeast-2",
+					},
+				},
+				endpointKey{
+					Region: "ap-southeast-3",
+				}: endpoint{
+					Hostname: "portal.sso.ap-southeast-3.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-southeast-3",
+					},
+				},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{
+					Hostname: "portal.sso.ca-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ca-central-1",
+					},
+				},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{
+					Hostname: "portal.sso.eu-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-central-1",
+					},
+				},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{
+					Hostname: "portal.sso.eu-north-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-north-1",
+					},
+				},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{
+					Hostname: "portal.sso.eu-south-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-south-1",
+					},
+				},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{
+					Hostname: "portal.sso.eu-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-west-1",
+					},
+				},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{
+					Hostname: "portal.sso.eu-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-west-2",
+					},
+				},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{
+					Hostname: "portal.sso.eu-west-3.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-west-3",
+					},
+				},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{
+					Hostname: "portal.sso.me-south-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "me-south-1",
+					},
+				},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{
+					Hostname: "portal.sso.sa-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "sa-east-1",
+					},
+				},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{
+					Hostname: "portal.sso.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{
+					Hostname: "portal.sso.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+				},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{
+					Hostname: "portal.sso.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{
+					Hostname: "portal.sso.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+				},
+			},
+		},
+		"profile": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ca-central-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "profile-fips.ca-central-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "fips-ca-central-1",
+				}: endpoint{
+					Hostname: "profile-fips.ca-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ca-central-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-1",
+				}: endpoint{
+					Hostname: "profile-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-2",
+				}: endpoint{
+					Hostname: "profile-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "profile-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "profile-fips.us-west-2.amazonaws.com",
+				},
+			},
+		},
+		"projects.iot1click": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+			},
+		},
+		"proton": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+			},
+		},
+		"qldb": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ca-central-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "qldb-fips.ca-central-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "fips-ca-central-1",
+				}: endpoint{
+					Hostname: "qldb-fips.ca-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ca-central-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-1",
+				}: endpoint{
+					Hostname: "qldb-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-2",
+				}: endpoint{
+					Hostname: "qldb-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-2",
+				}: endpoint{
+					Hostname: "qldb-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "qldb-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "qldb-fips.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "qldb-fips.us-west-2.amazonaws.com",
+				},
+			},
+		},
+		"quicksight": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+			},
+		},
+		"ram": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-4",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ca-central-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "ram-fips.ca-central-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "fips-ca-central-1",
+				}: endpoint{
+					Hostname: "ram-fips.ca-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ca-central-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-1",
+				}: endpoint{
+					Hostname: "ram-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-2",
+				}: endpoint{
+					Hostname: "ram-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-1",
+				}: endpoint{
+					Hostname: "ram-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-2",
+				}: endpoint{
+					Hostname: "ram-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "me-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "ram-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "ram-fips.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "ram-fips.us-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "ram-fips.us-west-2.amazonaws.com",
+				},
+			},
+		},
+		"rbin": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-4",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ca-central-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "rbin-fips.ca-central-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "fips-ca-central-1",
+				}: endpoint{
+					Hostname: "rbin-fips.ca-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ca-central-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-1",
+				}: endpoint{
+					Hostname: "rbin-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-2",
+				}: endpoint{
+					Hostname: "rbin-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-1",
+				}: endpoint{
+					Hostname: "rbin-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-2",
+				}: endpoint{
+					Hostname: "rbin-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "me-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "rbin-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "rbin-fips.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "rbin-fips.us-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "rbin-fips.us-west-2.amazonaws.com",
+				},
+			},
+		},
+		"rds": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-4",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ca-central-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "rds-fips.ca-central-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "ca-central-1-fips",
+				}: endpoint{
+					Hostname: "rds-fips.ca-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ca-central-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "rds-fips.ca-central-1",
+				}: endpoint{
+					Hostname: "rds-fips.ca-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ca-central-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "rds-fips.us-east-1",
+				}: endpoint{
+					Hostname: "rds-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "rds-fips.us-east-2",
+				}: endpoint{
+					Hostname: "rds-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "rds-fips.us-west-1",
+				}: endpoint{
+					Hostname: "rds-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "rds-fips.us-west-2",
+				}: endpoint{
+					Hostname: "rds-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "rds.ca-central-1",
+				}: endpoint{
+					CredentialScope: credentialScope{
+						Region: "ca-central-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region:  "rds.ca-central-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "rds-fips.ca-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ca-central-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "rds.us-east-1",
+				}: endpoint{
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region:  "rds.us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "rds-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "rds.us-east-2",
+				}: endpoint{
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region:  "rds.us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "rds-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "rds.us-west-1",
+				}: endpoint{
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region:  "rds.us-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "rds-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "rds.us-west-2",
+				}: endpoint{
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region:  "rds.us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "rds-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{
+					SSLCommonName: "{service}.{dnsSuffix}",
+				},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname:      "rds-fips.us-east-1.amazonaws.com",
+					SSLCommonName: "{service}.{dnsSuffix}",
+				},
+				endpointKey{
+					Region: "us-east-1-fips",
+				}: endpoint{
+					Hostname: "rds-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "rds-fips.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-2-fips",
+				}: endpoint{
+					Hostname: "rds-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "rds-fips.us-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-1-fips",
+				}: endpoint{
+					Hostname: "rds-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "rds-fips.us-west-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2-fips",
+				}: endpoint{
+					Hostname: "rds-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+			},
+		},
+		"rds-data": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "fips-us-east-1",
+				}: endpoint{
+					Hostname: "rds-data-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-2",
+				}: endpoint{
+					Hostname: "rds-data-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-1",
+				}: endpoint{
+					Hostname: "rds-data-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-2",
+				}: endpoint{
+					Hostname: "rds-data-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "rds-data-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "rds-data-fips.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "rds-data-fips.us-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "rds-data-fips.us-west-2.amazonaws.com",
+				},
+			},
+		},
+		"redshift": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-4",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ca-central-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "redshift-fips.ca-central-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "fips-ca-central-1",
+				}: endpoint{
+					Hostname: "redshift-fips.ca-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ca-central-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-1",
+				}: endpoint{
+					Hostname: "redshift-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-2",
+				}: endpoint{
+					Hostname: "redshift-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-1",
+				}: endpoint{
+					Hostname: "redshift-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-2",
+				}: endpoint{
+					Hostname: "redshift-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "me-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "redshift-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "redshift-fips.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "redshift-fips.us-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "redshift-fips.us-west-2.amazonaws.com",
+				},
+			},
+		},
+		"redshift-serverless": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+			},
+		},
+		"rekognition": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ca-central-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "rekognition-fips.ca-central-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "ca-central-1-fips",
+				}: endpoint{
+					Hostname: "rekognition-fips.ca-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ca-central-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "rekognition-fips.ca-central-1",
+				}: endpoint{
+					Hostname: "rekognition-fips.ca-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ca-central-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "rekognition-fips.us-east-1",
+				}: endpoint{
+					Hostname: "rekognition-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "rekognition-fips.us-east-2",
+				}: endpoint{
+					Hostname: "rekognition-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "rekognition-fips.us-west-1",
+				}: endpoint{
+					Hostname: "rekognition-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "rekognition-fips.us-west-2",
+				}: endpoint{
+					Hostname: "rekognition-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "rekognition.ca-central-1",
+				}: endpoint{
+					CredentialScope: credentialScope{
+						Region: "ca-central-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region:  "rekognition.ca-central-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "rekognition-fips.ca-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ca-central-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "rekognition.us-east-1",
+				}: endpoint{
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region:  "rekognition.us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "rekognition-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "rekognition.us-east-2",
+				}: endpoint{
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region:  "rekognition.us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "rekognition-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "rekognition.us-west-1",
+				}: endpoint{
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region:  "rekognition.us-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "rekognition-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "rekognition.us-west-2",
+				}: endpoint{
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region:  "rekognition.us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "rekognition-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "rekognition-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-1-fips",
+				}: endpoint{
+					Hostname: "rekognition-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "rekognition-fips.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-2-fips",
+				}: endpoint{
+					Hostname: "rekognition-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "rekognition-fips.us-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-1-fips",
+				}: endpoint{
+					Hostname: "rekognition-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "rekognition-fips.us-west-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2-fips",
+				}: endpoint{
+					Hostname: "rekognition-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+			},
+		},
+		"resiliencehub": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+			},
+		},
+		"resource-explorer-2": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{
+					DNSSuffix: "api.aws",
+				},
+				defaultKey{
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname:  "{service}-fips.{region}.{dnsSuffix}",
+					DNSSuffix: "api.aws",
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{
+					Hostname: "resource-explorer-2.ap-northeast-1.api.aws",
+				},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{
+					Hostname: "resource-explorer-2.ap-northeast-2.api.aws",
+				},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{
+					Hostname: "resource-explorer-2.ap-northeast-3.api.aws",
+				},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{
+					Hostname: "resource-explorer-2.ap-south-1.api.aws",
+				},
+				endpointKey{
+					Region: "ap-south-2",
+				}: endpoint{
+					Hostname: "resource-explorer-2.ap-south-2.api.aws",
+				},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{
+					Hostname: "resource-explorer-2.ap-southeast-1.api.aws",
+				},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{
+					Hostname: "resource-explorer-2.ap-southeast-2.api.aws",
+				},
+				endpointKey{
+					Region: "ap-southeast-4",
+				}: endpoint{
+					Hostname: "resource-explorer-2.ap-southeast-4.api.aws",
+				},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{
+					Hostname: "resource-explorer-2.ca-central-1.api.aws",
+				},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{
+					Hostname: "resource-explorer-2.eu-central-1.api.aws",
+				},
+				endpointKey{
+					Region: "eu-central-2",
+				}: endpoint{
+					Hostname: "resource-explorer-2.eu-central-2.api.aws",
+				},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{
+					Hostname: "resource-explorer-2.eu-north-1.api.aws",
+				},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{
+					Hostname: "resource-explorer-2.eu-west-1.api.aws",
+				},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{
+					Hostname: "resource-explorer-2.eu-west-2.api.aws",
+				},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{
+					Hostname: "resource-explorer-2.eu-west-3.api.aws",
+				},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{
+					Hostname: "resource-explorer-2.sa-east-1.api.aws",
+				},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{
+					Hostname: "resource-explorer-2.us-east-1.api.aws",
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{
+					Hostname: "resource-explorer-2.us-east-2.api.aws",
+				},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{
+					Hostname: "resource-explorer-2.us-west-1.api.aws",
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{
+					Hostname: "resource-explorer-2.us-west-2.api.aws",
+				},
+			},
+		},
+		"resource-groups": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-4",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "fips-us-east-1",
+				}: endpoint{
+					Hostname: "resource-groups-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-2",
+				}: endpoint{
+					Hostname: "resource-groups-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-1",
+				}: endpoint{
+					Hostname: "resource-groups-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-2",
+				}: endpoint{
+					Hostname: "resource-groups-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "me-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "resource-groups-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "resource-groups-fips.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "resource-groups-fips.us-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "resource-groups-fips.us-west-2.amazonaws.com",
+				},
+			},
+		},
+		"robomaker": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+			},
+		},
+		"rolesanywhere": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+			},
+		},
+		"route53": service{
+			PartitionEndpoint: "aws-global",
+			IsRegionalized:    boxedFalse,
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "aws-global",
+				}: endpoint{
+					Hostname: "route53.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+				},
+				endpointKey{
+					Region:  "aws-global",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "route53-fips.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+				},
+				endpointKey{
+					Region: "fips-aws-global",
+				}: endpoint{
+					Hostname: "route53-fips.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+			},
+		},
+		"route53-recovery-control-config": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "aws-global",
+				}: endpoint{
+					Hostname: "route53-recovery-control-config.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+				},
+			},
+		},
+		"route53domains": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+			},
+		},
+		"route53resolver": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{
+					Protocols: []string{"https"},
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-4",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+			},
+		},
+		"rum": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+			},
+		},
+		"runtime-v2-lex": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+			},
+		},
+		"runtime.lex": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{
+					CredentialScope: credentialScope{
+						Service: "lex",
+					},
+				},
+				defaultKey{
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "runtime-fips.lex.{region}.{dnsSuffix}",
+					CredentialScope: credentialScope{
+						Service: "lex",
+					},
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "runtime-fips.lex.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-1-fips",
+				}: endpoint{
+					Hostname: "runtime-fips.lex.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "runtime-fips.lex.us-west-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2-fips",
+				}: endpoint{
+					Hostname: "runtime-fips.lex.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+			},
+		},
+		"runtime.sagemaker": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{},
+				defaultKey{
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "runtime-fips.sagemaker.{region}.{dnsSuffix}",
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-4",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "runtime-fips.sagemaker.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-1-fips",
+				}: endpoint{
+					Hostname: "runtime-fips.sagemaker.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "runtime-fips.sagemaker.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-2-fips",
+				}: endpoint{
+					Hostname: "runtime-fips.sagemaker.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "runtime-fips.sagemaker.us-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-1-fips",
+				}: endpoint{
+					Hostname: "runtime-fips.sagemaker.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "runtime-fips.sagemaker.us-west-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2-fips",
+				}: endpoint{
+					Hostname: "runtime-fips.sagemaker.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+			},
+		},
+		"s3": service{
+			PartitionEndpoint: "aws-global",
+			IsRegionalized:    boxedTrue,
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{
+					Protocols:         []string{"http", "https"},
+					SignatureVersions: []string{"s3v4"},
+				},
+				defaultKey{
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname:          "{service}.dualstack.{region}.{dnsSuffix}",
+					DNSSuffix:         "amazonaws.com",
+					Protocols:         []string{"http", "https"},
+					SignatureVersions: []string{"s3v4"},
+				},
+				defaultKey{
+					Variant: fipsVariant | dualStackVariant,
+				}: endpoint{
+					Hostname:          "{service}-fips.dualstack.{region}.{dnsSuffix}",
+					DNSSuffix:         "amazonaws.com",
+					Protocols:         []string{"http", "https"},
+					SignatureVersions: []string{"s3v4"},
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "af-south-1",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "s3.dualstack.af-south-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ap-east-1",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "s3.dualstack.ap-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{
+					Hostname:          "s3.ap-northeast-1.amazonaws.com",
+					SignatureVersions: []string{"s3", "s3v4"},
+				},
+				endpointKey{
+					Region:  "ap-northeast-1",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname:          "s3.dualstack.ap-northeast-1.amazonaws.com",
+					SignatureVersions: []string{"s3", "s3v4"},
+				},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ap-northeast-2",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "s3.dualstack.ap-northeast-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ap-northeast-3",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "s3.dualstack.ap-northeast-3.amazonaws.com",
+				},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ap-south-1",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "s3.dualstack.ap-south-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "ap-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ap-south-2",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "s3.dualstack.ap-south-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{
+					Hostname:          "s3.ap-southeast-1.amazonaws.com",
+					SignatureVersions: []string{"s3", "s3v4"},
+				},
+				endpointKey{
+					Region:  "ap-southeast-1",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname:          "s3.dualstack.ap-southeast-1.amazonaws.com",
+					SignatureVersions: []string{"s3", "s3v4"},
+				},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{
+					Hostname:          "s3.ap-southeast-2.amazonaws.com",
+					SignatureVersions: []string{"s3", "s3v4"},
+				},
+				endpointKey{
+					Region:  "ap-southeast-2",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname:          "s3.dualstack.ap-southeast-2.amazonaws.com",
+					SignatureVersions: []string{"s3", "s3v4"},
+				},
+				endpointKey{
+					Region: "ap-southeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ap-southeast-3",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "s3.dualstack.ap-southeast-3.amazonaws.com",
+				},
+				endpointKey{
+					Region: "ap-southeast-4",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ap-southeast-4",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "s3.dualstack.ap-southeast-4.amazonaws.com",
+				},
+				endpointKey{
+					Region: "aws-global",
+				}: endpoint{
+					Hostname:          "s3.amazonaws.com",
+					SignatureVersions: []string{"s3", "s3v4"},
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+				},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ca-central-1",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "s3.dualstack.ca-central-1.amazonaws.com",
+				},
+				endpointKey{
+					Region:  "ca-central-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "s3-fips.ca-central-1.amazonaws.com",
+				},
+				endpointKey{
+					Region:  "ca-central-1",
+					Variant: fipsVariant | dualStackVariant,
+				}: endpoint{
+					Hostname: "s3-fips.dualstack.ca-central-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "eu-central-1",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "s3.dualstack.eu-central-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "eu-central-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "eu-central-2",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "s3.dualstack.eu-central-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "eu-north-1",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "s3.dualstack.eu-north-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "eu-south-1",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "s3.dualstack.eu-south-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "eu-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "eu-south-2",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "s3.dualstack.eu-south-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{
+					Hostname:          "s3.eu-west-1.amazonaws.com",
+					SignatureVersions: []string{"s3", "s3v4"},
+				},
+				endpointKey{
+					Region:  "eu-west-1",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname:          "s3.dualstack.eu-west-1.amazonaws.com",
+					SignatureVersions: []string{"s3", "s3v4"},
+				},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "eu-west-2",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "s3.dualstack.eu-west-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region:  "eu-west-3",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "s3.dualstack.eu-west-3.amazonaws.com",
+				},
+				endpointKey{
+					Region: "fips-ca-central-1",
+				}: endpoint{
+					Hostname: "s3-fips.ca-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ca-central-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-1",
+				}: endpoint{
+					Hostname: "s3-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-2",
+				}: endpoint{
+					Hostname: "s3-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-1",
+				}: endpoint{
+					Hostname: "s3-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-2",
+				}: endpoint{
+					Hostname: "s3-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "me-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "me-central-1",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "s3.dualstack.me-central-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "me-south-1",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "s3.dualstack.me-south-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "s3-external-1",
+				}: endpoint{
+					Hostname:          "s3-external-1.amazonaws.com",
+					SignatureVersions: []string{"s3", "s3v4"},
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+				},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{
+					Hostname:          "s3.sa-east-1.amazonaws.com",
+					SignatureVersions: []string{"s3", "s3v4"},
+				},
+				endpointKey{
+					Region:  "sa-east-1",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname:          "s3.dualstack.sa-east-1.amazonaws.com",
+					SignatureVersions: []string{"s3", "s3v4"},
+				},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{
+					Hostname:          "s3.us-east-1.amazonaws.com",
+					SignatureVersions: []string{"s3", "s3v4"},
+				},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname:          "s3.dualstack.us-east-1.amazonaws.com",
+					SignatureVersions: []string{"s3", "s3v4"},
+				},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname:          "s3-fips.us-east-1.amazonaws.com",
+					SignatureVersions: []string{"s3", "s3v4"},
+				},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant | dualStackVariant,
+				}: endpoint{
+					Hostname:          "s3-fips.dualstack.us-east-1.amazonaws.com",
+					SignatureVersions: []string{"s3", "s3v4"},
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "s3.dualstack.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "s3-fips.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant | dualStackVariant,
+				}: endpoint{
+					Hostname: "s3-fips.dualstack.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{
+					Hostname:          "s3.us-west-1.amazonaws.com",
+					SignatureVersions: []string{"s3", "s3v4"},
+				},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname:          "s3.dualstack.us-west-1.amazonaws.com",
+					SignatureVersions: []string{"s3", "s3v4"},
+				},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname:          "s3-fips.us-west-1.amazonaws.com",
+					SignatureVersions: []string{"s3", "s3v4"},
+				},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: fipsVariant | dualStackVariant,
+				}: endpoint{
+					Hostname:          "s3-fips.dualstack.us-west-1.amazonaws.com",
+					SignatureVersions: []string{"s3", "s3v4"},
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{
+					Hostname:          "s3.us-west-2.amazonaws.com",
+					SignatureVersions: []string{"s3", "s3v4"},
+				},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname:          "s3.dualstack.us-west-2.amazonaws.com",
+					SignatureVersions: []string{"s3", "s3v4"},
+				},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname:          "s3-fips.us-west-2.amazonaws.com",
+					SignatureVersions: []string{"s3", "s3v4"},
+				},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant | dualStackVariant,
+				}: endpoint{
+					Hostname:          "s3-fips.dualstack.us-west-2.amazonaws.com",
+					SignatureVersions: []string{"s3", "s3v4"},
+				},
+			},
+		},
+		"s3-control": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{
+					Protocols:         []string{"https"},
+					SignatureVersions: []string{"s3v4"},
+				},
+				defaultKey{
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname:          "{service}.dualstack.{region}.{dnsSuffix}",
+					DNSSuffix:         "amazonaws.com",
+					Protocols:         []string{"https"},
+					SignatureVersions: []string{"s3v4"},
+				},
+				defaultKey{
+					Variant: fipsVariant | dualStackVariant,
+				}: endpoint{
+					Hostname:          "{service}-fips.dualstack.{region}.{dnsSuffix}",
+					DNSSuffix:         "amazonaws.com",
+					Protocols:         []string{"https"},
+					SignatureVersions: []string{"s3v4"},
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{
+					Hostname:          "s3-control.ap-northeast-1.amazonaws.com",
+					SignatureVersions: []string{"s3v4"},
+					CredentialScope: credentialScope{
+						Region: "ap-northeast-1",
+					},
+				},
+				endpointKey{
+					Region:  "ap-northeast-1",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname:          "s3-control.dualstack.ap-northeast-1.amazonaws.com",
+					SignatureVersions: []string{"s3v4"},
+					CredentialScope: credentialScope{
+						Region: "ap-northeast-1",
+					},
+				},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{
+					Hostname:          "s3-control.ap-northeast-2.amazonaws.com",
+					SignatureVersions: []string{"s3v4"},
+					CredentialScope: credentialScope{
+						Region: "ap-northeast-2",
+					},
+				},
+				endpointKey{
+					Region:  "ap-northeast-2",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname:          "s3-control.dualstack.ap-northeast-2.amazonaws.com",
+					SignatureVersions: []string{"s3v4"},
+					CredentialScope: credentialScope{
+						Region: "ap-northeast-2",
+					},
+				},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{
+					Hostname:          "s3-control.ap-northeast-3.amazonaws.com",
+					SignatureVersions: []string{"s3v4"},
+					CredentialScope: credentialScope{
+						Region: "ap-northeast-3",
+					},
+				},
+				endpointKey{
+					Region:  "ap-northeast-3",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname:          "s3-control.dualstack.ap-northeast-3.amazonaws.com",
+					SignatureVersions: []string{"s3v4"},
+					CredentialScope: credentialScope{
+						Region: "ap-northeast-3",
+					},
+				},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{
+					Hostname:          "s3-control.ap-south-1.amazonaws.com",
+					SignatureVersions: []string{"s3v4"},
+					CredentialScope: credentialScope{
+						Region: "ap-south-1",
+					},
+				},
+				endpointKey{
+					Region:  "ap-south-1",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname:          "s3-control.dualstack.ap-south-1.amazonaws.com",
+					SignatureVersions: []string{"s3v4"},
+					CredentialScope: credentialScope{
+						Region: "ap-south-1",
+					},
+				},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{
+					Hostname:          "s3-control.ap-southeast-1.amazonaws.com",
+					SignatureVersions: []string{"s3v4"},
+					CredentialScope: credentialScope{
+						Region: "ap-southeast-1",
+					},
+				},
+				endpointKey{
+					Region:  "ap-southeast-1",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname:          "s3-control.dualstack.ap-southeast-1.amazonaws.com",
+					SignatureVersions: []string{"s3v4"},
+					CredentialScope: credentialScope{
+						Region: "ap-southeast-1",
+					},
+				},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{
+					Hostname:          "s3-control.ap-southeast-2.amazonaws.com",
+					SignatureVersions: []string{"s3v4"},
+					CredentialScope: credentialScope{
+						Region: "ap-southeast-2",
+					},
+				},
+				endpointKey{
+					Region:  "ap-southeast-2",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname:          "s3-control.dualstack.ap-southeast-2.amazonaws.com",
+					SignatureVersions: []string{"s3v4"},
+					CredentialScope: credentialScope{
+						Region: "ap-southeast-2",
+					},
+				},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{
+					Hostname:          "s3-control.ca-central-1.amazonaws.com",
+					SignatureVersions: []string{"s3v4"},
+					CredentialScope: credentialScope{
+						Region: "ca-central-1",
+					},
+				},
+				endpointKey{
+					Region:  "ca-central-1",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname:          "s3-control.dualstack.ca-central-1.amazonaws.com",
+					SignatureVersions: []string{"s3v4"},
+					CredentialScope: credentialScope{
+						Region: "ca-central-1",
+					},
+				},
+				endpointKey{
+					Region:  "ca-central-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname:          "s3-control-fips.ca-central-1.amazonaws.com",
+					SignatureVersions: []string{"s3v4"},
+					CredentialScope: credentialScope{
+						Region: "ca-central-1",
+					},
+				},
+				endpointKey{
+					Region:  "ca-central-1",
+					Variant: fipsVariant | dualStackVariant,
+				}: endpoint{
+					Hostname:          "s3-control-fips.dualstack.ca-central-1.amazonaws.com",
+					SignatureVersions: []string{"s3v4"},
+					CredentialScope: credentialScope{
+						Region: "ca-central-1",
+					},
+				},
+				endpointKey{
+					Region: "ca-central-1-fips",
+				}: endpoint{
+					Hostname:          "s3-control-fips.ca-central-1.amazonaws.com",
+					SignatureVersions: []string{"s3v4"},
+					CredentialScope: credentialScope{
+						Region: "ca-central-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{
+					Hostname:          "s3-control.eu-central-1.amazonaws.com",
+					SignatureVersions: []string{"s3v4"},
+					CredentialScope: credentialScope{
+						Region: "eu-central-1",
+					},
+				},
+				endpointKey{
+					Region:  "eu-central-1",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname:          "s3-control.dualstack.eu-central-1.amazonaws.com",
+					SignatureVersions: []string{"s3v4"},
+					CredentialScope: credentialScope{
+						Region: "eu-central-1",
+					},
+				},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{
+					Hostname:          "s3-control.eu-north-1.amazonaws.com",
+					SignatureVersions: []string{"s3v4"},
+					CredentialScope: credentialScope{
+						Region: "eu-north-1",
+					},
+				},
+				endpointKey{
+					Region:  "eu-north-1",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname:          "s3-control.dualstack.eu-north-1.amazonaws.com",
+					SignatureVersions: []string{"s3v4"},
+					CredentialScope: credentialScope{
+						Region: "eu-north-1",
+					},
+				},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{
+					Hostname:          "s3-control.eu-west-1.amazonaws.com",
+					SignatureVersions: []string{"s3v4"},
+					CredentialScope: credentialScope{
+						Region: "eu-west-1",
+					},
+				},
+				endpointKey{
+					Region:  "eu-west-1",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname:          "s3-control.dualstack.eu-west-1.amazonaws.com",
+					SignatureVersions: []string{"s3v4"},
+					CredentialScope: credentialScope{
+						Region: "eu-west-1",
+					},
+				},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{
+					Hostname:          "s3-control.eu-west-2.amazonaws.com",
+					SignatureVersions: []string{"s3v4"},
+					CredentialScope: credentialScope{
+						Region: "eu-west-2",
+					},
+				},
+				endpointKey{
+					Region:  "eu-west-2",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname:          "s3-control.dualstack.eu-west-2.amazonaws.com",
+					SignatureVersions: []string{"s3v4"},
+					CredentialScope: credentialScope{
+						Region: "eu-west-2",
+					},
+				},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{
+					Hostname:          "s3-control.eu-west-3.amazonaws.com",
+					SignatureVersions: []string{"s3v4"},
+					CredentialScope: credentialScope{
+						Region: "eu-west-3",
+					},
+				},
+				endpointKey{
+					Region:  "eu-west-3",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname:          "s3-control.dualstack.eu-west-3.amazonaws.com",
+					SignatureVersions: []string{"s3v4"},
+					CredentialScope: credentialScope{
+						Region: "eu-west-3",
+					},
+				},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{
+					Hostname:          "s3-control.sa-east-1.amazonaws.com",
+					SignatureVersions: []string{"s3v4"},
+					CredentialScope: credentialScope{
+						Region: "sa-east-1",
+					},
+				},
+				endpointKey{
+					Region:  "sa-east-1",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname:          "s3-control.dualstack.sa-east-1.amazonaws.com",
+					SignatureVersions: []string{"s3v4"},
+					CredentialScope: credentialScope{
+						Region: "sa-east-1",
+					},
+				},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{
+					Hostname:          "s3-control.us-east-1.amazonaws.com",
+					SignatureVersions: []string{"s3v4"},
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+				},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname:          "s3-control.dualstack.us-east-1.amazonaws.com",
+					SignatureVersions: []string{"s3v4"},
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+				},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname:          "s3-control-fips.us-east-1.amazonaws.com",
+					SignatureVersions: []string{"s3v4"},
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+				},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant | dualStackVariant,
+				}: endpoint{
+					Hostname:          "s3-control-fips.dualstack.us-east-1.amazonaws.com",
+					SignatureVersions: []string{"s3v4"},
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+				},
+				endpointKey{
+					Region: "us-east-1-fips",
+				}: endpoint{
+					Hostname:          "s3-control-fips.us-east-1.amazonaws.com",
+					SignatureVersions: []string{"s3v4"},
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{
+					Hostname:          "s3-control.us-east-2.amazonaws.com",
+					SignatureVersions: []string{"s3v4"},
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+				},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname:          "s3-control.dualstack.us-east-2.amazonaws.com",
+					SignatureVersions: []string{"s3v4"},
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+				},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname:          "s3-control-fips.us-east-2.amazonaws.com",
+					SignatureVersions: []string{"s3v4"},
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+				},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant | dualStackVariant,
+				}: endpoint{
+					Hostname:          "s3-control-fips.dualstack.us-east-2.amazonaws.com",
+					SignatureVersions: []string{"s3v4"},
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+				},
+				endpointKey{
+					Region: "us-east-2-fips",
+				}: endpoint{
+					Hostname:          "s3-control-fips.us-east-2.amazonaws.com",
+					SignatureVersions: []string{"s3v4"},
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{
+					Hostname:          "s3-control.us-west-1.amazonaws.com",
+					SignatureVersions: []string{"s3v4"},
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+				},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname:          "s3-control.dualstack.us-west-1.amazonaws.com",
+					SignatureVersions: []string{"s3v4"},
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+				},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname:          "s3-control-fips.us-west-1.amazonaws.com",
+					SignatureVersions: []string{"s3v4"},
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+				},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: fipsVariant | dualStackVariant,
+				}: endpoint{
+					Hostname:          "s3-control-fips.dualstack.us-west-1.amazonaws.com",
+					SignatureVersions: []string{"s3v4"},
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+				},
+				endpointKey{
+					Region: "us-west-1-fips",
+				}: endpoint{
+					Hostname:          "s3-control-fips.us-west-1.amazonaws.com",
+					SignatureVersions: []string{"s3v4"},
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{
+					Hostname:          "s3-control.us-west-2.amazonaws.com",
+					SignatureVersions: []string{"s3v4"},
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+				},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname:          "s3-control.dualstack.us-west-2.amazonaws.com",
+					SignatureVersions: []string{"s3v4"},
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+				},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname:          "s3-control-fips.us-west-2.amazonaws.com",
+					SignatureVersions: []string{"s3v4"},
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+				},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant | dualStackVariant,
+				}: endpoint{
+					Hostname:          "s3-control-fips.dualstack.us-west-2.amazonaws.com",
+					SignatureVersions: []string{"s3v4"},
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+				},
+				endpointKey{
+					Region: "us-west-2-fips",
+				}: endpoint{
+					Hostname:          "s3-control-fips.us-west-2.amazonaws.com",
+					SignatureVersions: []string{"s3v4"},
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+			},
+		},
+		"s3-outposts": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ca-central-1",
+					Variant: fipsVariant,
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "fips-ca-central-1",
+				}: endpoint{
+
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-1",
+				}: endpoint{
+
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-2",
+				}: endpoint{
+
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-1",
+				}: endpoint{
+
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-2",
+				}: endpoint{
+
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: fipsVariant,
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{},
+			},
+		},
+		"sagemaker-geospatial": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+			},
+		},
+		"savingsplans": service{
+			PartitionEndpoint: "aws-global",
+			IsRegionalized:    boxedFalse,
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "aws-global",
+				}: endpoint{
+					Hostname: "savingsplans.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+				},
+			},
+		},
+		"scheduler": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-4",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+			},
+		},
+		"schemas": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+			},
+		},
+		"sdb": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{
+					Protocols:         []string{"http", "https"},
+					SignatureVersions: []string{"v2"},
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{
+					Hostname: "sdb.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+			},
+		},
+		"secretsmanager": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-4",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ca-central-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "secretsmanager-fips.ca-central-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "ca-central-1-fips",
+				}: endpoint{
+					Hostname: "secretsmanager-fips.ca-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ca-central-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "secretsmanager-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-1-fips",
+				}: endpoint{
+					Hostname: "secretsmanager-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "secretsmanager-fips.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-2-fips",
+				}: endpoint{
+					Hostname: "secretsmanager-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "secretsmanager-fips.us-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-1-fips",
+				}: endpoint{
+					Hostname: "secretsmanager-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "secretsmanager-fips.us-west-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2-fips",
+				}: endpoint{
+					Hostname: "secretsmanager-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+			},
+		},
+		"securityhub": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-4",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "fips-us-east-1",
+				}: endpoint{
+					Hostname: "securityhub-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-2",
+				}: endpoint{
+					Hostname: "securityhub-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-1",
+				}: endpoint{
+					Hostname: "securityhub-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-2",
+				}: endpoint{
+					Hostname: "securityhub-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "me-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "securityhub-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "securityhub-fips.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "securityhub-fips.us-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "securityhub-fips.us-west-2.amazonaws.com",
+				},
+			},
+		},
+		"securitylake": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+			},
+		},
+		"serverlessrepo": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{
+					Protocols: []string{"https"},
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{
+					Protocols: []string{"https"},
+				},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{
+					Protocols: []string{"https"},
+				},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{
+					Protocols: []string{"https"},
+				},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{
+					Protocols: []string{"https"},
+				},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{
+					Protocols: []string{"https"},
+				},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{
+					Protocols: []string{"https"},
+				},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{
+					Protocols: []string{"https"},
+				},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{
+					Protocols: []string{"https"},
+				},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{
+					Protocols: []string{"https"},
+				},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{
+					Protocols: []string{"https"},
+				},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{
+					Protocols: []string{"https"},
+				},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{
+					Protocols: []string{"https"},
+				},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{
+					Protocols: []string{"https"},
+				},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{
+					Protocols: []string{"https"},
+				},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{
+					Protocols: []string{"https"},
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{
+					Protocols: []string{"https"},
+				},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{
+					Protocols: []string{"https"},
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{
+					Protocols: []string{"https"},
+				},
+			},
+		},
+		"servicecatalog": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-4",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "servicecatalog-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-1-fips",
+				}: endpoint{
+					Hostname: "servicecatalog-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "servicecatalog-fips.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-2-fips",
+				}: endpoint{
+					Hostname: "servicecatalog-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "servicecatalog-fips.us-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-1-fips",
+				}: endpoint{
+					Hostname: "servicecatalog-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "servicecatalog-fips.us-west-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2-fips",
+				}: endpoint{
+					Hostname: "servicecatalog-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+			},
+		},
+		"servicecatalog-appregistry": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ca-central-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "servicecatalog-appregistry-fips.ca-central-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "fips-ca-central-1",
+				}: endpoint{
+					Hostname: "servicecatalog-appregistry-fips.ca-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ca-central-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-1",
+				}: endpoint{
+					Hostname: "servicecatalog-appregistry-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-2",
+				}: endpoint{
+					Hostname: "servicecatalog-appregistry-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-1",
+				}: endpoint{
+					Hostname: "servicecatalog-appregistry-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-2",
+				}: endpoint{
+					Hostname: "servicecatalog-appregistry-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "me-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "servicecatalog-appregistry-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "servicecatalog-appregistry-fips.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "servicecatalog-appregistry-fips.us-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "servicecatalog-appregistry-fips.us-west-2.amazonaws.com",
+				},
+			},
+		},
+		"servicediscovery": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "af-south-1",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "servicediscovery.af-south-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ap-east-1",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "servicediscovery.ap-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ap-northeast-1",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "servicediscovery.ap-northeast-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ap-northeast-2",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "servicediscovery.ap-northeast-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ap-northeast-3",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "servicediscovery.ap-northeast-3.amazonaws.com",
+				},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ap-south-1",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "servicediscovery.ap-south-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "ap-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ap-south-2",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "servicediscovery.ap-south-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ap-southeast-1",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "servicediscovery.ap-southeast-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ap-southeast-2",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "servicediscovery.ap-southeast-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "ap-southeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ap-southeast-3",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "servicediscovery.ap-southeast-3.amazonaws.com",
+				},
+				endpointKey{
+					Region: "ap-southeast-4",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ap-southeast-4",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "servicediscovery.ap-southeast-4.amazonaws.com",
+				},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ca-central-1",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "servicediscovery.ca-central-1.amazonaws.com",
+				},
+				endpointKey{
+					Region:  "ca-central-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "servicediscovery-fips.ca-central-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "ca-central-1-fips",
+				}: endpoint{
+					Hostname: "servicediscovery-fips.ca-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ca-central-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "eu-central-1",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "servicediscovery.eu-central-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "eu-central-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "eu-central-2",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "servicediscovery.eu-central-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "eu-north-1",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "servicediscovery.eu-north-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "eu-south-1",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "servicediscovery.eu-south-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "eu-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "eu-south-2",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "servicediscovery.eu-south-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "eu-west-1",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "servicediscovery.eu-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "eu-west-2",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "servicediscovery.eu-west-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region:  "eu-west-3",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "servicediscovery.eu-west-3.amazonaws.com",
+				},
+				endpointKey{
+					Region: "me-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "me-central-1",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "servicediscovery.me-central-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "me-south-1",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "servicediscovery.me-south-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "sa-east-1",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "servicediscovery.sa-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "servicediscovery",
+				}: endpoint{
+					CredentialScope: credentialScope{
+						Region: "ca-central-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region:  "servicediscovery",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "servicediscovery-fips.ca-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ca-central-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "servicediscovery-fips",
+				}: endpoint{
+					Hostname: "servicediscovery-fips.ca-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ca-central-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "servicediscovery.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "servicediscovery-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-1-fips",
+				}: endpoint{
+					Hostname: "servicediscovery-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "servicediscovery.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "servicediscovery-fips.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-2-fips",
+				}: endpoint{
+					Hostname: "servicediscovery-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "servicediscovery.us-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "servicediscovery-fips.us-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-1-fips",
+				}: endpoint{
+					Hostname: "servicediscovery-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "servicediscovery.us-west-2.amazonaws.com",
+				},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "servicediscovery-fips.us-west-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2-fips",
+				}: endpoint{
+					Hostname: "servicediscovery-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+			},
+		},
+		"servicequotas": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{
+					Protocols: []string{"https"},
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-4",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+			},
+		},
+		"session.qldb": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "fips-us-east-1",
+				}: endpoint{
+					Hostname: "session.qldb-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-2",
+				}: endpoint{
+					Hostname: "session.qldb-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-2",
+				}: endpoint{
+					Hostname: "session.qldb-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "session.qldb-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "session.qldb-fips.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "session.qldb-fips.us-west-2.amazonaws.com",
+				},
+			},
+		},
+		"shield": service{
+			PartitionEndpoint: "aws-global",
+			IsRegionalized:    boxedFalse,
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{
+					SSLCommonName: "shield.us-east-1.amazonaws.com",
+					Protocols:     []string{"https"},
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "aws-global",
+				}: endpoint{
+					Hostname: "shield.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+				},
+				endpointKey{
+					Region:  "aws-global",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "shield-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+				},
+				endpointKey{
+					Region: "fips-aws-global",
+				}: endpoint{
+					Hostname: "shield-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+			},
+		},
+		"signer": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "fips-us-east-1",
+				}: endpoint{
+					Hostname: "signer-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-2",
+				}: endpoint{
+					Hostname: "signer-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-1",
+				}: endpoint{
+					Hostname: "signer-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-2",
+				}: endpoint{
+					Hostname: "signer-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "signer-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "signer-fips.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "signer-fips.us-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "signer-fips.us-west-2.amazonaws.com",
+				},
+			},
+		},
+		"simspaceweaver": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+			},
+		},
+		"sms": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "fips-us-east-1",
+				}: endpoint{
+					Hostname: "sms-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-2",
+				}: endpoint{
+					Hostname: "sms-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-1",
+				}: endpoint{
+					Hostname: "sms-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-2",
+				}: endpoint{
+					Hostname: "sms-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "sms-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "sms-fips.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "sms-fips.us-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "sms-fips.us-west-2.amazonaws.com",
+				},
+			},
+		},
+		"sms-voice": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ca-central-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "sms-voice-fips.ca-central-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "fips-ca-central-1",
+				}: endpoint{
+					Hostname: "sms-voice-fips.ca-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ca-central-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-1",
+				}: endpoint{
+					Hostname: "sms-voice-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-2",
+				}: endpoint{
+					Hostname: "sms-voice-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "sms-voice-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "sms-voice-fips.us-west-2.amazonaws.com",
+				},
+			},
+		},
+		"snowball": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ap-northeast-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "snowball-fips.ap-northeast-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ap-northeast-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "snowball-fips.ap-northeast-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ap-northeast-3",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "snowball-fips.ap-northeast-3.amazonaws.com",
+				},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ap-south-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "snowball-fips.ap-south-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ap-southeast-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "snowball-fips.ap-southeast-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ap-southeast-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "snowball-fips.ap-southeast-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "ap-southeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ca-central-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "snowball-fips.ca-central-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "eu-central-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "snowball-fips.eu-central-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "eu-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "snowball-fips.eu-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "eu-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "snowball-fips.eu-west-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region:  "eu-west-3",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "snowball-fips.eu-west-3.amazonaws.com",
+				},
+				endpointKey{
+					Region: "fips-ap-northeast-1",
+				}: endpoint{
+					Hostname: "snowball-fips.ap-northeast-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-northeast-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-ap-northeast-2",
+				}: endpoint{
+					Hostname: "snowball-fips.ap-northeast-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-northeast-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-ap-northeast-3",
+				}: endpoint{
+					Hostname: "snowball-fips.ap-northeast-3.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-northeast-3",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-ap-south-1",
+				}: endpoint{
+					Hostname: "snowball-fips.ap-south-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-south-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-ap-southeast-1",
+				}: endpoint{
+					Hostname: "snowball-fips.ap-southeast-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-southeast-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-ap-southeast-2",
+				}: endpoint{
+					Hostname: "snowball-fips.ap-southeast-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-southeast-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-ca-central-1",
+				}: endpoint{
+					Hostname: "snowball-fips.ca-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ca-central-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-eu-central-1",
+				}: endpoint{
+					Hostname: "snowball-fips.eu-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-central-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-eu-west-1",
+				}: endpoint{
+					Hostname: "snowball-fips.eu-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-eu-west-2",
+				}: endpoint{
+					Hostname: "snowball-fips.eu-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-eu-west-3",
+				}: endpoint{
+					Hostname: "snowball-fips.eu-west-3.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-west-3",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-sa-east-1",
+				}: endpoint{
+					Hostname: "snowball-fips.sa-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "sa-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-1",
+				}: endpoint{
+					Hostname: "snowball-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-2",
+				}: endpoint{
+					Hostname: "snowball-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-1",
+				}: endpoint{
+					Hostname: "snowball-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-2",
+				}: endpoint{
+					Hostname: "snowball-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "me-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "sa-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "snowball-fips.sa-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "snowball-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "snowball-fips.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "snowball-fips.us-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "snowball-fips.us-west-2.amazonaws.com",
+				},
+			},
+		},
+		"sns": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{
+					Protocols: []string{"http", "https"},
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-4",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "fips-us-east-1",
+				}: endpoint{
+					Hostname: "sns-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-2",
+				}: endpoint{
+					Hostname: "sns-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-1",
+				}: endpoint{
+					Hostname: "sns-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-2",
+				}: endpoint{
+					Hostname: "sns-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "me-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "sns-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "sns-fips.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "sns-fips.us-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "sns-fips.us-west-2.amazonaws.com",
+				},
+			},
+		},
+		"sqs": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{
+					SSLCommonName: "{region}.queue.{dnsSuffix}",
+					Protocols:     []string{"http", "https"},
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-4",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "fips-us-east-1",
+				}: endpoint{
+					Hostname: "sqs-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-2",
+				}: endpoint{
+					Hostname: "sqs-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-1",
+				}: endpoint{
+					Hostname: "sqs-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-2",
+				}: endpoint{
+					Hostname: "sqs-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "me-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{
+					SSLCommonName: "queue.{dnsSuffix}",
+				},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname:      "sqs-fips.us-east-1.amazonaws.com",
+					SSLCommonName: "queue.{dnsSuffix}",
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "sqs-fips.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "sqs-fips.us-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "sqs-fips.us-west-2.amazonaws.com",
+				},
+			},
+		},
+		"ssm": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-4",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ca-central-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "ssm-fips.ca-central-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "fips-ca-central-1",
+				}: endpoint{
+					Hostname: "ssm-fips.ca-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ca-central-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-1",
+				}: endpoint{
+					Hostname: "ssm-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-2",
+				}: endpoint{
+					Hostname: "ssm-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-1",
+				}: endpoint{
+					Hostname: "ssm-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-2",
+				}: endpoint{
+					Hostname: "ssm-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "me-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "ssm-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "ssm-fips.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "ssm-fips.us-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "ssm-fips.us-west-2.amazonaws.com",
+				},
+			},
+		},
+		"ssm-incidents": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+			},
+		},
+		"ssm-sap": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ca-central-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "ssm-sap-fips.ca-central-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "fips-ca-central-1",
+				}: endpoint{
+					Hostname: "ssm-sap-fips.ca-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ca-central-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-1",
+				}: endpoint{
+					Hostname: "ssm-sap-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-2",
+				}: endpoint{
+					Hostname: "ssm-sap-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-1",
+				}: endpoint{
+					Hostname: "ssm-sap-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-2",
+				}: endpoint{
+					Hostname: "ssm-sap-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "ssm-sap-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "ssm-sap-fips.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "ssm-sap-fips.us-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "ssm-sap-fips.us-west-2.amazonaws.com",
+				},
+			},
+		},
+		"sso": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+			},
+		},
+		"states": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-4",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "fips-us-east-1",
+				}: endpoint{
+					Hostname: "states-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-2",
+				}: endpoint{
+					Hostname: "states-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-1",
+				}: endpoint{
+					Hostname: "states-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-2",
+				}: endpoint{
+					Hostname: "states-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "me-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "states-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "states-fips.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "states-fips.us-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "states-fips.us-west-2.amazonaws.com",
+				},
+			},
+		},
+		"storagegateway": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-4",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ca-central-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "storagegateway-fips.ca-central-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "ca-central-1-fips",
+				}: endpoint{
+					Hostname: "storagegateway-fips.ca-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ca-central-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "fips",
+				}: endpoint{
+					Hostname: "storagegateway-fips.ca-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ca-central-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "me-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "storagegateway-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-1-fips",
+				}: endpoint{
+					Hostname: "storagegateway-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "storagegateway-fips.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-2-fips",
+				}: endpoint{
+					Hostname: "storagegateway-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "storagegateway-fips.us-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-1-fips",
+				}: endpoint{
+					Hostname: "storagegateway-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "storagegateway-fips.us-west-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2-fips",
+				}: endpoint{
+					Hostname: "storagegateway-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+			},
+		},
+		"streams.dynamodb": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{
+					Protocols: []string{"http", "https"},
+					CredentialScope: credentialScope{
+						Service: "dynamodb",
+					},
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-4",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "local",
+				}: endpoint{
+					Hostname:  "localhost:8000",
+					Protocols: []string{"http"},
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+				},
+				endpointKey{
+					Region: "me-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+			},
+		},
+		"sts": service{
+			PartitionEndpoint: "aws-global",
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-4",
+				}: endpoint{},
+				endpointKey{
+					Region: "aws-global",
+				}: endpoint{
+					Hostname: "sts.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+				},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "sts-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-1-fips",
+				}: endpoint{
+					Hostname: "sts-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "sts-fips.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-2-fips",
+				}: endpoint{
+					Hostname: "sts-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "sts-fips.us-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-1-fips",
+				}: endpoint{
+					Hostname: "sts-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "sts-fips.us-west-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2-fips",
+				}: endpoint{
+					Hostname: "sts-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+			},
+		},
+		"support": service{
+			PartitionEndpoint: "aws-global",
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "aws-global",
+				}: endpoint{
+					Hostname: "support.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+				},
+			},
+		},
+		"supportapp": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+			},
+		},
+		"swf": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-4",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "fips-us-east-1",
+				}: endpoint{
+					Hostname: "swf-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-2",
+				}: endpoint{
+					Hostname: "swf-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-1",
+				}: endpoint{
+					Hostname: "swf-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-2",
+				}: endpoint{
+					Hostname: "swf-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "me-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "swf-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "swf-fips.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "swf-fips.us-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "swf-fips.us-west-2.amazonaws.com",
+				},
+			},
+		},
+		"synthetics": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-4",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "fips-us-east-1",
+				}: endpoint{
+					Hostname: "synthetics-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-2",
+				}: endpoint{
+					Hostname: "synthetics-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-1",
+				}: endpoint{
+					Hostname: "synthetics-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-2",
+				}: endpoint{
+					Hostname: "synthetics-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "me-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "synthetics-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "synthetics-fips.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "synthetics-fips.us-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "synthetics-fips.us-west-2.amazonaws.com",
+				},
+			},
+		},
+		"tagging": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-4",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+			},
+		},
+		"textract": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ca-central-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "textract-fips.ca-central-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "fips-ca-central-1",
+				}: endpoint{
+					Hostname: "textract-fips.ca-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ca-central-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-1",
+				}: endpoint{
+					Hostname: "textract-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-2",
+				}: endpoint{
+					Hostname: "textract-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-1",
+				}: endpoint{
+					Hostname: "textract-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-2",
+				}: endpoint{
+					Hostname: "textract-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "textract-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "textract-fips.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "textract-fips.us-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "textract-fips.us-west-2.amazonaws.com",
+				},
+			},
+		},
+		"transcribe": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{
+					Protocols: []string{"https"},
+				},
+				defaultKey{
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname:  "fips.transcribe.{region}.{dnsSuffix}",
+					Protocols: []string{"https"},
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ca-central-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "fips.transcribe.ca-central-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "fips-ca-central-1",
+				}: endpoint{
+					Hostname: "fips.transcribe.ca-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ca-central-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-1",
+				}: endpoint{
+					Hostname: "fips.transcribe.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-2",
+				}: endpoint{
+					Hostname: "fips.transcribe.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-1",
+				}: endpoint{
+					Hostname: "fips.transcribe.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-2",
+				}: endpoint{
+					Hostname: "fips.transcribe.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "fips.transcribe.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "fips.transcribe.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "fips.transcribe.us-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "fips.transcribe.us-west-2.amazonaws.com",
+				},
+			},
+		},
+		"transcribestreaming": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "transcribestreaming-ca-central-1",
+				}: endpoint{
+					CredentialScope: credentialScope{
+						Region: "ca-central-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region:  "transcribestreaming-ca-central-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "transcribestreaming-fips.ca-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ca-central-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "transcribestreaming-fips-ca-central-1",
+				}: endpoint{
+					Hostname: "transcribestreaming-fips.ca-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ca-central-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "transcribestreaming-fips-us-east-1",
+				}: endpoint{
+					Hostname: "transcribestreaming-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "transcribestreaming-fips-us-east-2",
+				}: endpoint{
+					Hostname: "transcribestreaming-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "transcribestreaming-fips-us-west-2",
+				}: endpoint{
+					Hostname: "transcribestreaming-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "transcribestreaming-us-east-1",
+				}: endpoint{
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region:  "transcribestreaming-us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "transcribestreaming-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "transcribestreaming-us-east-2",
+				}: endpoint{
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region:  "transcribestreaming-us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "transcribestreaming-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "transcribestreaming-us-west-2",
+				}: endpoint{
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region:  "transcribestreaming-us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "transcribestreaming-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+			},
+		},
+		"transfer": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ca-central-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "transfer-fips.ca-central-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "fips-ca-central-1",
+				}: endpoint{
+					Hostname: "transfer-fips.ca-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ca-central-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-1",
+				}: endpoint{
+					Hostname: "transfer-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-2",
+				}: endpoint{
+					Hostname: "transfer-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-1",
+				}: endpoint{
+					Hostname: "transfer-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-2",
+				}: endpoint{
+					Hostname: "transfer-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "me-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "transfer-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "transfer-fips.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "transfer-fips.us-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "transfer-fips.us-west-2.amazonaws.com",
+				},
+			},
+		},
+		"translate": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{
+					Protocols: []string{"https"},
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "translate-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-1-fips",
+				}: endpoint{
+					Hostname: "translate-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "translate-fips.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-2-fips",
+				}: endpoint{
+					Hostname: "translate-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "translate-fips.us-west-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2-fips",
+				}: endpoint{
+					Hostname: "translate-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+			},
+		},
+		"verifiedpermissions": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-4",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+			},
+		},
+		"voice-chime": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ca-central-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "voice-chime-fips.ca-central-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "ca-central-1-fips",
+				}: endpoint{
+					Hostname: "voice-chime-fips.ca-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ca-central-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "voice-chime-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-1-fips",
+				}: endpoint{
+					Hostname: "voice-chime-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "voice-chime-fips.us-west-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2-fips",
+				}: endpoint{
+					Hostname: "voice-chime-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+			},
+		},
+		"voiceid": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ca-central-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "voiceid-fips.ca-central-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "fips-ca-central-1",
+				}: endpoint{
+					Hostname: "voiceid-fips.ca-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ca-central-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-1",
+				}: endpoint{
+					Hostname: "voiceid-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-2",
+				}: endpoint{
+					Hostname: "voiceid-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "voiceid-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "voiceid-fips.us-west-2.amazonaws.com",
+				},
+			},
+		},
+		"vpc-lattice": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+			},
+		},
+		"waf": service{
+			PartitionEndpoint: "aws-global",
+			IsRegionalized:    boxedFalse,
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "aws",
+				}: endpoint{
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region:  "aws",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "waf-fips.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "aws-fips",
+				}: endpoint{
+					Hostname: "waf-fips.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "aws-global",
+				}: endpoint{
+					Hostname: "waf.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+				},
+				endpointKey{
+					Region:  "aws-global",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "waf-fips.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+				},
+				endpointKey{
+					Region: "aws-global-fips",
+				}: endpoint{
+					Hostname: "waf-fips.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+			},
+		},
+		"waf-regional": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{
+					Hostname: "waf-regional.af-south-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "af-south-1",
+					},
+				},
+				endpointKey{
+					Region:  "af-south-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "waf-regional-fips.af-south-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "af-south-1",
+					},
+				},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{
+					Hostname: "waf-regional.ap-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-east-1",
+					},
+				},
+				endpointKey{
+					Region:  "ap-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "waf-regional-fips.ap-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-east-1",
+					},
+				},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{
+					Hostname: "waf-regional.ap-northeast-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-northeast-1",
+					},
+				},
+				endpointKey{
+					Region:  "ap-northeast-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "waf-regional-fips.ap-northeast-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-northeast-1",
+					},
+				},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{
+					Hostname: "waf-regional.ap-northeast-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-northeast-2",
+					},
+				},
+				endpointKey{
+					Region:  "ap-northeast-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "waf-regional-fips.ap-northeast-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-northeast-2",
+					},
+				},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{
+					Hostname: "waf-regional.ap-northeast-3.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-northeast-3",
+					},
+				},
+				endpointKey{
+					Region:  "ap-northeast-3",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "waf-regional-fips.ap-northeast-3.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-northeast-3",
+					},
+				},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{
+					Hostname: "waf-regional.ap-south-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-south-1",
+					},
+				},
+				endpointKey{
+					Region:  "ap-south-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "waf-regional-fips.ap-south-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-south-1",
+					},
+				},
+				endpointKey{
+					Region: "ap-south-2",
+				}: endpoint{
+					Hostname: "waf-regional.ap-south-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-south-2",
+					},
+				},
+				endpointKey{
+					Region:  "ap-south-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "waf-regional-fips.ap-south-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-south-2",
+					},
+				},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{
+					Hostname: "waf-regional.ap-southeast-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-southeast-1",
+					},
+				},
+				endpointKey{
+					Region:  "ap-southeast-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "waf-regional-fips.ap-southeast-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-southeast-1",
+					},
+				},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{
+					Hostname: "waf-regional.ap-southeast-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-southeast-2",
+					},
+				},
+				endpointKey{
+					Region:  "ap-southeast-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "waf-regional-fips.ap-southeast-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-southeast-2",
+					},
+				},
+				endpointKey{
+					Region: "ap-southeast-3",
+				}: endpoint{
+					Hostname: "waf-regional.ap-southeast-3.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-southeast-3",
+					},
+				},
+				endpointKey{
+					Region:  "ap-southeast-3",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "waf-regional-fips.ap-southeast-3.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-southeast-3",
+					},
+				},
+				endpointKey{
+					Region: "ap-southeast-4",
+				}: endpoint{
+					Hostname: "waf-regional.ap-southeast-4.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-southeast-4",
+					},
+				},
+				endpointKey{
+					Region:  "ap-southeast-4",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "waf-regional-fips.ap-southeast-4.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-southeast-4",
+					},
+				},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{
+					Hostname: "waf-regional.ca-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ca-central-1",
+					},
+				},
+				endpointKey{
+					Region:  "ca-central-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "waf-regional-fips.ca-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ca-central-1",
+					},
+				},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{
+					Hostname: "waf-regional.eu-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-central-1",
+					},
+				},
+				endpointKey{
+					Region:  "eu-central-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "waf-regional-fips.eu-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-central-1",
+					},
+				},
+				endpointKey{
+					Region: "eu-central-2",
+				}: endpoint{
+					Hostname: "waf-regional.eu-central-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-central-2",
+					},
+				},
+				endpointKey{
+					Region:  "eu-central-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "waf-regional-fips.eu-central-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-central-2",
+					},
+				},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{
+					Hostname: "waf-regional.eu-north-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-north-1",
+					},
+				},
+				endpointKey{
+					Region:  "eu-north-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "waf-regional-fips.eu-north-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-north-1",
+					},
+				},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{
+					Hostname: "waf-regional.eu-south-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-south-1",
+					},
+				},
+				endpointKey{
+					Region:  "eu-south-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "waf-regional-fips.eu-south-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-south-1",
+					},
+				},
+				endpointKey{
+					Region: "eu-south-2",
+				}: endpoint{
+					Hostname: "waf-regional.eu-south-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-south-2",
+					},
+				},
+				endpointKey{
+					Region:  "eu-south-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "waf-regional-fips.eu-south-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-south-2",
+					},
+				},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{
+					Hostname: "waf-regional.eu-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-west-1",
+					},
+				},
+				endpointKey{
+					Region:  "eu-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "waf-regional-fips.eu-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-west-1",
+					},
+				},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{
+					Hostname: "waf-regional.eu-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-west-2",
+					},
+				},
+				endpointKey{
+					Region:  "eu-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "waf-regional-fips.eu-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-west-2",
+					},
+				},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{
+					Hostname: "waf-regional.eu-west-3.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-west-3",
+					},
+				},
+				endpointKey{
+					Region:  "eu-west-3",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "waf-regional-fips.eu-west-3.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-west-3",
+					},
+				},
+				endpointKey{
+					Region: "fips-af-south-1",
+				}: endpoint{
+					Hostname: "waf-regional-fips.af-south-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "af-south-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-ap-east-1",
+				}: endpoint{
+					Hostname: "waf-regional-fips.ap-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-ap-northeast-1",
+				}: endpoint{
+					Hostname: "waf-regional-fips.ap-northeast-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-northeast-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-ap-northeast-2",
+				}: endpoint{
+					Hostname: "waf-regional-fips.ap-northeast-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-northeast-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-ap-northeast-3",
+				}: endpoint{
+					Hostname: "waf-regional-fips.ap-northeast-3.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-northeast-3",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-ap-south-1",
+				}: endpoint{
+					Hostname: "waf-regional-fips.ap-south-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-south-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-ap-south-2",
+				}: endpoint{
+					Hostname: "waf-regional-fips.ap-south-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-south-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-ap-southeast-1",
+				}: endpoint{
+					Hostname: "waf-regional-fips.ap-southeast-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-southeast-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-ap-southeast-2",
+				}: endpoint{
+					Hostname: "waf-regional-fips.ap-southeast-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-southeast-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-ap-southeast-3",
+				}: endpoint{
+					Hostname: "waf-regional-fips.ap-southeast-3.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-southeast-3",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-ap-southeast-4",
+				}: endpoint{
+					Hostname: "waf-regional-fips.ap-southeast-4.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-southeast-4",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-ca-central-1",
+				}: endpoint{
+					Hostname: "waf-regional-fips.ca-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ca-central-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-eu-central-1",
+				}: endpoint{
+					Hostname: "waf-regional-fips.eu-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-central-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-eu-central-2",
+				}: endpoint{
+					Hostname: "waf-regional-fips.eu-central-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-central-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-eu-north-1",
+				}: endpoint{
+					Hostname: "waf-regional-fips.eu-north-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-north-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-eu-south-1",
+				}: endpoint{
+					Hostname: "waf-regional-fips.eu-south-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-south-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-eu-south-2",
+				}: endpoint{
+					Hostname: "waf-regional-fips.eu-south-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-south-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-eu-west-1",
+				}: endpoint{
+					Hostname: "waf-regional-fips.eu-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-eu-west-2",
+				}: endpoint{
+					Hostname: "waf-regional-fips.eu-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-eu-west-3",
+				}: endpoint{
+					Hostname: "waf-regional-fips.eu-west-3.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-west-3",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-il-central-1",
+				}: endpoint{
+					Hostname: "waf-regional-fips.il-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "il-central-1",
+					},
+				},
+				endpointKey{
+					Region: "fips-me-central-1",
+				}: endpoint{
+					Hostname: "waf-regional-fips.me-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "me-central-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-me-south-1",
+				}: endpoint{
+					Hostname: "waf-regional-fips.me-south-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "me-south-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-sa-east-1",
+				}: endpoint{
+					Hostname: "waf-regional-fips.sa-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "sa-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-1",
+				}: endpoint{
+					Hostname: "waf-regional-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-2",
+				}: endpoint{
+					Hostname: "waf-regional-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-1",
+				}: endpoint{
+					Hostname: "waf-regional-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-2",
+				}: endpoint{
+					Hostname: "waf-regional-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "me-central-1",
+				}: endpoint{
+					Hostname: "waf-regional.me-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "me-central-1",
+					},
+				},
+				endpointKey{
+					Region:  "me-central-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "waf-regional-fips.me-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "me-central-1",
+					},
+				},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{
+					Hostname: "waf-regional.me-south-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "me-south-1",
+					},
+				},
+				endpointKey{
+					Region:  "me-south-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "waf-regional-fips.me-south-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "me-south-1",
+					},
+				},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{
+					Hostname: "waf-regional.sa-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "sa-east-1",
+					},
+				},
+				endpointKey{
+					Region:  "sa-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "waf-regional-fips.sa-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "sa-east-1",
+					},
+				},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{
+					Hostname: "waf-regional.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+				},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "waf-regional-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{
+					Hostname: "waf-regional.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+				},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "waf-regional-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+				},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{
+					Hostname: "waf-regional.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+				},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "waf-regional-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{
+					Hostname: "waf-regional.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+				},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "waf-regional-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+				},
+			},
+		},
+		"wafv2": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{
+					Hostname: "wafv2.af-south-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "af-south-1",
+					},
+				},
+				endpointKey{
+					Region:  "af-south-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "wafv2-fips.af-south-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "af-south-1",
+					},
+				},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{
+					Hostname: "wafv2.ap-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-east-1",
+					},
+				},
+				endpointKey{
+					Region:  "ap-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "wafv2-fips.ap-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-east-1",
+					},
+				},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{
+					Hostname: "wafv2.ap-northeast-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-northeast-1",
+					},
+				},
+				endpointKey{
+					Region:  "ap-northeast-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "wafv2-fips.ap-northeast-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-northeast-1",
+					},
+				},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{
+					Hostname: "wafv2.ap-northeast-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-northeast-2",
+					},
+				},
+				endpointKey{
+					Region:  "ap-northeast-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "wafv2-fips.ap-northeast-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-northeast-2",
+					},
+				},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{
+					Hostname: "wafv2.ap-northeast-3.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-northeast-3",
+					},
+				},
+				endpointKey{
+					Region:  "ap-northeast-3",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "wafv2-fips.ap-northeast-3.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-northeast-3",
+					},
+				},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{
+					Hostname: "wafv2.ap-south-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-south-1",
+					},
+				},
+				endpointKey{
+					Region:  "ap-south-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "wafv2-fips.ap-south-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-south-1",
+					},
+				},
+				endpointKey{
+					Region: "ap-south-2",
+				}: endpoint{
+					Hostname: "wafv2.ap-south-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-south-2",
+					},
+				},
+				endpointKey{
+					Region:  "ap-south-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "wafv2-fips.ap-south-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-south-2",
+					},
+				},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{
+					Hostname: "wafv2.ap-southeast-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-southeast-1",
+					},
+				},
+				endpointKey{
+					Region:  "ap-southeast-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "wafv2-fips.ap-southeast-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-southeast-1",
+					},
+				},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{
+					Hostname: "wafv2.ap-southeast-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-southeast-2",
+					},
+				},
+				endpointKey{
+					Region:  "ap-southeast-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "wafv2-fips.ap-southeast-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-southeast-2",
+					},
+				},
+				endpointKey{
+					Region: "ap-southeast-3",
+				}: endpoint{
+					Hostname: "wafv2.ap-southeast-3.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-southeast-3",
+					},
+				},
+				endpointKey{
+					Region:  "ap-southeast-3",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "wafv2-fips.ap-southeast-3.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-southeast-3",
+					},
+				},
+				endpointKey{
+					Region: "ap-southeast-4",
+				}: endpoint{
+					Hostname: "wafv2.ap-southeast-4.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-southeast-4",
+					},
+				},
+				endpointKey{
+					Region:  "ap-southeast-4",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "wafv2-fips.ap-southeast-4.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-southeast-4",
+					},
+				},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{
+					Hostname: "wafv2.ca-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ca-central-1",
+					},
+				},
+				endpointKey{
+					Region:  "ca-central-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "wafv2-fips.ca-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ca-central-1",
+					},
+				},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{
+					Hostname: "wafv2.eu-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-central-1",
+					},
+				},
+				endpointKey{
+					Region:  "eu-central-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "wafv2-fips.eu-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-central-1",
+					},
+				},
+				endpointKey{
+					Region: "eu-central-2",
+				}: endpoint{
+					Hostname: "wafv2.eu-central-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-central-2",
+					},
+				},
+				endpointKey{
+					Region:  "eu-central-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "wafv2-fips.eu-central-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-central-2",
+					},
+				},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{
+					Hostname: "wafv2.eu-north-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-north-1",
+					},
+				},
+				endpointKey{
+					Region:  "eu-north-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "wafv2-fips.eu-north-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-north-1",
+					},
+				},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{
+					Hostname: "wafv2.eu-south-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-south-1",
+					},
+				},
+				endpointKey{
+					Region:  "eu-south-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "wafv2-fips.eu-south-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-south-1",
+					},
+				},
+				endpointKey{
+					Region: "eu-south-2",
+				}: endpoint{
+					Hostname: "wafv2.eu-south-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-south-2",
+					},
+				},
+				endpointKey{
+					Region:  "eu-south-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "wafv2-fips.eu-south-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-south-2",
+					},
+				},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{
+					Hostname: "wafv2.eu-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-west-1",
+					},
+				},
+				endpointKey{
+					Region:  "eu-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "wafv2-fips.eu-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-west-1",
+					},
+				},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{
+					Hostname: "wafv2.eu-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-west-2",
+					},
+				},
+				endpointKey{
+					Region:  "eu-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "wafv2-fips.eu-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-west-2",
+					},
+				},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{
+					Hostname: "wafv2.eu-west-3.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-west-3",
+					},
+				},
+				endpointKey{
+					Region:  "eu-west-3",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "wafv2-fips.eu-west-3.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-west-3",
+					},
+				},
+				endpointKey{
+					Region: "fips-af-south-1",
+				}: endpoint{
+					Hostname: "wafv2-fips.af-south-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "af-south-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-ap-east-1",
+				}: endpoint{
+					Hostname: "wafv2-fips.ap-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-ap-northeast-1",
+				}: endpoint{
+					Hostname: "wafv2-fips.ap-northeast-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-northeast-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-ap-northeast-2",
+				}: endpoint{
+					Hostname: "wafv2-fips.ap-northeast-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-northeast-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-ap-northeast-3",
+				}: endpoint{
+					Hostname: "wafv2-fips.ap-northeast-3.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-northeast-3",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-ap-south-1",
+				}: endpoint{
+					Hostname: "wafv2-fips.ap-south-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-south-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-ap-south-2",
+				}: endpoint{
+					Hostname: "wafv2-fips.ap-south-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-south-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-ap-southeast-1",
+				}: endpoint{
+					Hostname: "wafv2-fips.ap-southeast-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-southeast-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-ap-southeast-2",
+				}: endpoint{
+					Hostname: "wafv2-fips.ap-southeast-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-southeast-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-ap-southeast-3",
+				}: endpoint{
+					Hostname: "wafv2-fips.ap-southeast-3.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-southeast-3",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-ap-southeast-4",
+				}: endpoint{
+					Hostname: "wafv2-fips.ap-southeast-4.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-southeast-4",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-ca-central-1",
+				}: endpoint{
+					Hostname: "wafv2-fips.ca-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ca-central-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-eu-central-1",
+				}: endpoint{
+					Hostname: "wafv2-fips.eu-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-central-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-eu-central-2",
+				}: endpoint{
+					Hostname: "wafv2-fips.eu-central-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-central-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-eu-north-1",
+				}: endpoint{
+					Hostname: "wafv2-fips.eu-north-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-north-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-eu-south-1",
+				}: endpoint{
+					Hostname: "wafv2-fips.eu-south-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-south-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-eu-south-2",
+				}: endpoint{
+					Hostname: "wafv2-fips.eu-south-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-south-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-eu-west-1",
+				}: endpoint{
+					Hostname: "wafv2-fips.eu-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-eu-west-2",
+				}: endpoint{
+					Hostname: "wafv2-fips.eu-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-eu-west-3",
+				}: endpoint{
+					Hostname: "wafv2-fips.eu-west-3.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-west-3",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-il-central-1",
+				}: endpoint{
+					Hostname: "wafv2-fips.il-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "il-central-1",
+					},
+				},
+				endpointKey{
+					Region: "fips-me-central-1",
+				}: endpoint{
+					Hostname: "wafv2-fips.me-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "me-central-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-me-south-1",
+				}: endpoint{
+					Hostname: "wafv2-fips.me-south-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "me-south-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-sa-east-1",
+				}: endpoint{
+					Hostname: "wafv2-fips.sa-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "sa-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-1",
+				}: endpoint{
+					Hostname: "wafv2-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-2",
+				}: endpoint{
+					Hostname: "wafv2-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-1",
+				}: endpoint{
+					Hostname: "wafv2-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-2",
+				}: endpoint{
+					Hostname: "wafv2-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "me-central-1",
+				}: endpoint{
+					Hostname: "wafv2.me-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "me-central-1",
+					},
+				},
+				endpointKey{
+					Region:  "me-central-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "wafv2-fips.me-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "me-central-1",
+					},
+				},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{
+					Hostname: "wafv2.me-south-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "me-south-1",
+					},
+				},
+				endpointKey{
+					Region:  "me-south-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "wafv2-fips.me-south-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "me-south-1",
+					},
+				},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{
+					Hostname: "wafv2.sa-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "sa-east-1",
+					},
+				},
+				endpointKey{
+					Region:  "sa-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "wafv2-fips.sa-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "sa-east-1",
+					},
+				},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{
+					Hostname: "wafv2.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+				},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "wafv2-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{
+					Hostname: "wafv2.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+				},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "wafv2-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+				},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{
+					Hostname: "wafv2.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+				},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "wafv2-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{
+					Hostname: "wafv2.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+				},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "wafv2-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+				},
+			},
+		},
+		"wellarchitected": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+			},
+		},
+		"wisdom": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "fips-us-east-1",
+				}: endpoint{
+
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-2",
+				}: endpoint{
+
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "ui-ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ui-ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ui-eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ui-eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ui-us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ui-us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{},
+			},
+		},
+		"workdocs": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "fips-us-east-1",
+				}: endpoint{
+					Hostname: "workdocs-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-2",
+				}: endpoint{
+					Hostname: "workdocs-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "workdocs-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "workdocs-fips.us-west-2.amazonaws.com",
+				},
+			},
+		},
+		"workmail": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{
+					Protocols: []string{"https"},
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+			},
+		},
+		"workspaces": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "fips-us-east-1",
+				}: endpoint{
+					Hostname: "workspaces-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-2",
+				}: endpoint{
+					Hostname: "workspaces-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "workspaces-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "workspaces-fips.us-west-2.amazonaws.com",
+				},
+			},
+		},
+		"workspaces-web": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+			},
+		},
+		"xray": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-4",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "fips-us-east-1",
+				}: endpoint{
+					Hostname: "xray-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-2",
+				}: endpoint{
+					Hostname: "xray-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-1",
+				}: endpoint{
+					Hostname: "xray-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-2",
+				}: endpoint{
+					Hostname: "xray-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "me-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "xray-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "xray-fips.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "xray-fips.us-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "xray-fips.us-west-2.amazonaws.com",
+				},
+			},
+		},
+	},
+}
+
+// AwsCnPartition returns the Resolver for AWS China.
+func AwsCnPartition() Partition {
+	return awscnPartition.Partition()
+}
+
+var awscnPartition = partition{
+	ID:        "aws-cn",
+	Name:      "AWS China",
+	DNSSuffix: "amazonaws.com.cn",
+	RegionRegex: regionRegex{
+		Regexp: func() *regexp.Regexp {
+			reg, _ := regexp.Compile("^cn\\-\\w+\\-\\d+$")
+			return reg
+		}(),
+	},
+	Defaults: endpointDefaults{
+		defaultKey{}: endpoint{
+			Hostname:          "{service}.{region}.{dnsSuffix}",
+			Protocols:         []string{"https"},
+			SignatureVersions: []string{"v4"},
+		},
+		defaultKey{
+			Variant: dualStackVariant,
+		}: endpoint{
+			Hostname:          "{service}.{region}.{dnsSuffix}",
+			DNSSuffix:         "api.amazonwebservices.com.cn",
+			Protocols:         []string{"https"},
+			SignatureVersions: []string{"v4"},
+		},
+		defaultKey{
+			Variant: fipsVariant,
+		}: endpoint{
+			Hostname:          "{service}-fips.{region}.{dnsSuffix}",
+			DNSSuffix:         "amazonaws.com.cn",
+			Protocols:         []string{"https"},
+			SignatureVersions: []string{"v4"},
+		},
+		defaultKey{
+			Variant: fipsVariant | dualStackVariant,
+		}: endpoint{
+			Hostname:          "{service}-fips.{region}.{dnsSuffix}",
+			DNSSuffix:         "api.amazonwebservices.com.cn",
+			Protocols:         []string{"https"},
+			SignatureVersions: []string{"v4"},
+		},
+	},
+	Regions: regions{
+		"cn-north-1": region{
+			Description: "China (Beijing)",
+		},
+		"cn-northwest-1": region{
+			Description: "China (Ningxia)",
+		},
+	},
+	Services: services{
+		"access-analyzer": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{},
+			},
+		},
+		"account": service{
+			PartitionEndpoint: "aws-cn-global",
+			IsRegionalized:    boxedFalse,
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "aws-cn-global",
+				}: endpoint{
+					Hostname: "account.cn-northwest-1.amazonaws.com.cn",
+					CredentialScope: credentialScope{
+						Region: "cn-northwest-1",
+					},
+				},
+			},
+		},
+		"acm": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{},
+			},
+		},
+		"airflow": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{},
+			},
+		},
+		"api.ecr": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{
+					Hostname: "api.ecr.cn-north-1.amazonaws.com.cn",
+					CredentialScope: credentialScope{
+						Region: "cn-north-1",
+					},
+				},
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{
+					Hostname: "api.ecr.cn-northwest-1.amazonaws.com.cn",
+					CredentialScope: credentialScope{
+						Region: "cn-northwest-1",
+					},
+				},
+			},
+		},
+		"api.sagemaker": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{},
+			},
+		},
+		"api.tunneling.iot": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{},
+			},
+		},
+		"apigateway": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{},
+			},
+		},
+		"appconfig": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{},
+			},
+		},
+		"appconfigdata": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{},
+			},
+		},
+		"application-autoscaling": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{
+					Protocols: []string{"http", "https"},
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{},
+			},
+		},
+		"applicationinsights": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{},
+			},
+		},
+		"appmesh": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "cn-north-1",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "appmesh.cn-north-1.api.amazonwebservices.com.cn",
+				},
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "cn-northwest-1",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "appmesh.cn-northwest-1.api.amazonwebservices.com.cn",
+				},
+			},
+		},
+		"appsync": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{},
+			},
+		},
+		"athena": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "cn-north-1",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "athena.cn-north-1.api.amazonwebservices.com.cn",
+				},
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "cn-northwest-1",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "athena.cn-northwest-1.api.amazonwebservices.com.cn",
+				},
+			},
+		},
+		"autoscaling": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{
+					Protocols: []string{"http", "https"},
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{},
+			},
+		},
+		"autoscaling-plans": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{
+					Protocols: []string{"http", "https"},
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{},
+			},
+		},
+		"backup": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{},
+			},
+		},
+		"batch": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{},
+			},
+		},
+		"budgets": service{
+			PartitionEndpoint: "aws-cn-global",
+			IsRegionalized:    boxedFalse,
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "aws-cn-global",
+				}: endpoint{
+					Hostname: "budgets.amazonaws.com.cn",
+					CredentialScope: credentialScope{
+						Region: "cn-northwest-1",
+					},
+				},
+			},
+		},
+		"cassandra": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{},
+			},
+		},
+		"ce": service{
+			PartitionEndpoint: "aws-cn-global",
+			IsRegionalized:    boxedFalse,
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "aws-cn-global",
+				}: endpoint{
+					Hostname: "ce.cn-northwest-1.amazonaws.com.cn",
+					CredentialScope: credentialScope{
+						Region: "cn-northwest-1",
+					},
+				},
+			},
+		},
+		"cloudcontrolapi": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{},
+			},
+		},
+		"cloudformation": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{},
+			},
+		},
+		"cloudfront": service{
+			PartitionEndpoint: "aws-cn-global",
+			IsRegionalized:    boxedFalse,
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "aws-cn-global",
+				}: endpoint{
+					Hostname:  "cloudfront.cn-northwest-1.amazonaws.com.cn",
+					Protocols: []string{"http", "https"},
+					CredentialScope: credentialScope{
+						Region: "cn-northwest-1",
+					},
+				},
+			},
+		},
+		"cloudtrail": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{},
+			},
+		},
+		"codebuild": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{},
+			},
+		},
+		"codecommit": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{},
+			},
+		},
+		"codedeploy": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{},
+			},
+		},
+		"codepipeline": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{},
+			},
+		},
+		"cognito-identity": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{},
+			},
+		},
+		"compute-optimizer": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{
+					Hostname: "compute-optimizer.cn-north-1.amazonaws.com.cn",
+					CredentialScope: credentialScope{
+						Region: "cn-north-1",
+					},
+				},
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{
+					Hostname: "compute-optimizer.cn-northwest-1.amazonaws.com.cn",
+					CredentialScope: credentialScope{
+						Region: "cn-northwest-1",
+					},
+				},
+			},
+		},
+		"config": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{},
+			},
+		},
+		"cur": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{},
+			},
+		},
+		"data-ats.iot": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{
+					Protocols: []string{"https"},
+					CredentialScope: credentialScope{
+						Service: "iotdata",
+					},
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{
+					Hostname:  "data.ats.iot.cn-north-1.amazonaws.com.cn",
+					Protocols: []string{"https"},
+				},
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{},
+			},
+		},
+		"data.jobs.iot": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{},
+			},
+		},
+		"databrew": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{},
+			},
+		},
+		"datasync": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{},
+			},
+		},
+		"dax": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{},
+			},
+		},
+		"directconnect": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{},
+			},
+		},
+		"dlm": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{},
+			},
+		},
+		"dms": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{},
+			},
+		},
+		"docdb": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{
+					Hostname: "rds.cn-northwest-1.amazonaws.com.cn",
+					CredentialScope: credentialScope{
+						Region: "cn-northwest-1",
+					},
+				},
+			},
+		},
+		"ds": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{},
+			},
+		},
+		"dynamodb": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{
+					Protocols: []string{"http", "https"},
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{},
+			},
+		},
+		"ebs": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{},
+			},
+		},
+		"ec2": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{
+					Protocols: []string{"http", "https"},
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{},
+			},
+		},
+		"ecs": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{},
+			},
+		},
+		"eks": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{
+					Protocols: []string{"http", "https"},
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{},
+			},
+		},
+		"elasticache": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{},
+			},
+		},
+		"elasticbeanstalk": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{},
+			},
+		},
+		"elasticfilesystem": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "cn-north-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "elasticfilesystem-fips.cn-north-1.amazonaws.com.cn",
+				},
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "cn-northwest-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "elasticfilesystem-fips.cn-northwest-1.amazonaws.com.cn",
+				},
+				endpointKey{
+					Region: "fips-cn-north-1",
+				}: endpoint{
+					Hostname: "elasticfilesystem-fips.cn-north-1.amazonaws.com.cn",
+					CredentialScope: credentialScope{
+						Region: "cn-north-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-cn-northwest-1",
+				}: endpoint{
+					Hostname: "elasticfilesystem-fips.cn-northwest-1.amazonaws.com.cn",
+					CredentialScope: credentialScope{
+						Region: "cn-northwest-1",
+					},
+					Deprecated: boxedTrue,
+				},
+			},
+		},
+		"elasticloadbalancing": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{
+					Protocols: []string{"https"},
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{},
+			},
+		},
+		"elasticmapreduce": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{
+					Protocols: []string{"https"},
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{},
+			},
+		},
+		"emr-containers": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{},
+			},
+		},
+		"emr-serverless": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{},
+			},
+		},
+		"es": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{},
+			},
+		},
+		"events": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{},
+			},
+		},
+		"firehose": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "cn-north-1",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "firehose.cn-north-1.api.amazonwebservices.com.cn",
+				},
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "cn-northwest-1",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "firehose.cn-northwest-1.api.amazonwebservices.com.cn",
+				},
+			},
+		},
+		"fms": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{
+					Protocols: []string{"https"},
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{},
+			},
+		},
+		"fsx": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{},
+			},
+		},
+		"gamelift": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{},
+			},
+		},
+		"glacier": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{
+					Protocols: []string{"http", "https"},
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{},
+			},
+		},
+		"glue": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{},
+			},
+		},
+		"greengrass": service{
+			IsRegionalized: boxedTrue,
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{
+					Protocols: []string{"https"},
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{},
+			},
+		},
+		"guardduty": service{
+			IsRegionalized: boxedTrue,
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{
+					Protocols: []string{"https"},
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{},
+			},
+		},
+		"health": service{
+			PartitionEndpoint: "aws-cn-global",
+			IsRegionalized:    boxedFalse,
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{
+					SSLCommonName: "health.cn-northwest-1.amazonaws.com.cn",
+					Protocols:     []string{"https"},
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "aws-cn-global",
+				}: endpoint{
+					Hostname: "global.health.amazonaws.com.cn",
+					CredentialScope: credentialScope{
+						Region: "cn-northwest-1",
+					},
+				},
+			},
+		},
+		"iam": service{
+			PartitionEndpoint: "aws-cn-global",
+			IsRegionalized:    boxedFalse,
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "aws-cn-global",
+				}: endpoint{
+					Hostname: "iam.cn-north-1.amazonaws.com.cn",
+					CredentialScope: credentialScope{
+						Region: "cn-north-1",
+					},
+				},
+			},
+		},
+		"internetmonitor": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{
+					DNSSuffix: "api.amazonwebservices.com.cn",
+				},
+				defaultKey{
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname:  "{service}-fips.{region}.{dnsSuffix}",
+					DNSSuffix: "api.amazonwebservices.com.cn",
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{
+					Hostname: "internetmonitor.cn-north-1.api.amazonwebservices.com.cn",
+				},
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{
+					Hostname: "internetmonitor.cn-northwest-1.api.amazonwebservices.com.cn",
+				},
+			},
+		},
+		"iot": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{},
+			},
+		},
+		"iotanalytics": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{},
+			},
+		},
+		"iotevents": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{},
+			},
+		},
+		"ioteventsdata": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{
+					Hostname: "data.iotevents.cn-north-1.amazonaws.com.cn",
+					CredentialScope: credentialScope{
+						Region: "cn-north-1",
+					},
+				},
+			},
+		},
+		"iotsecuredtunneling": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{},
+			},
+		},
+		"iotsitewise": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{},
+			},
+		},
+		"kafka": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{},
+			},
+		},
+		"kendra-ranking": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{
+					DNSSuffix: "api.amazonwebservices.com.cn",
+				},
+				defaultKey{
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname:  "{service}-fips.{region}.{dnsSuffix}",
+					DNSSuffix: "api.amazonwebservices.com.cn",
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{
+					Hostname: "kendra-ranking.cn-north-1.api.amazonwebservices.com.cn",
+				},
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{
+					Hostname: "kendra-ranking.cn-northwest-1.api.amazonwebservices.com.cn",
+				},
+			},
+		},
+		"kinesis": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{},
+			},
+		},
+		"kinesisanalytics": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{},
+			},
+		},
+		"kinesisvideo": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{},
+			},
+		},
+		"kms": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{},
+			},
+		},
+		"lakeformation": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{},
+			},
+		},
+		"lambda": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "cn-north-1",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "lambda.cn-north-1.api.amazonwebservices.com.cn",
+				},
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "cn-northwest-1",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "lambda.cn-northwest-1.api.amazonwebservices.com.cn",
+				},
+			},
+		},
+		"license-manager": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{},
+			},
+		},
+		"license-manager-linux-subscriptions": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{},
+			},
+		},
+		"logs": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{},
+			},
+		},
+		"mediaconvert": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{
+					Hostname: "subscribe.mediaconvert.cn-northwest-1.amazonaws.com.cn",
+					CredentialScope: credentialScope{
+						Region: "cn-northwest-1",
+					},
+				},
+			},
+		},
+		"memory-db": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{},
+			},
+		},
+		"metrics.sagemaker": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{},
+			},
+		},
+		"monitoring": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{
+					Protocols: []string{"http", "https"},
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{},
+			},
+		},
+		"mq": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{},
+			},
+		},
+		"neptune": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{
+					Hostname: "rds.cn-north-1.amazonaws.com.cn",
+					CredentialScope: credentialScope{
+						Region: "cn-north-1",
+					},
+				},
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{
+					Hostname: "rds.cn-northwest-1.amazonaws.com.cn",
+					CredentialScope: credentialScope{
+						Region: "cn-northwest-1",
+					},
+				},
+			},
+		},
+		"oam": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{},
+			},
+		},
+		"organizations": service{
+			PartitionEndpoint: "aws-cn-global",
+			IsRegionalized:    boxedFalse,
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "aws-cn-global",
+				}: endpoint{
+					Hostname: "organizations.cn-northwest-1.amazonaws.com.cn",
+					CredentialScope: credentialScope{
+						Region: "cn-northwest-1",
+					},
+				},
+			},
+		},
+		"personalize": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{},
+			},
+		},
+		"pi": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{},
+			},
+		},
+		"polly": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{},
+			},
+		},
+		"ram": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{},
+			},
+		},
+		"rbin": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{},
+			},
+		},
+		"rds": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{},
+			},
+		},
+		"redshift": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{},
+			},
+		},
+		"resource-explorer-2": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{
+					DNSSuffix: "api.amazonwebservices.com.cn",
+				},
+				defaultKey{
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname:  "{service}-fips.{region}.{dnsSuffix}",
+					DNSSuffix: "api.amazonwebservices.com.cn",
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{
+					Hostname: "resource-explorer-2.cn-north-1.api.amazonwebservices.com.cn",
+				},
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{
+					Hostname: "resource-explorer-2.cn-northwest-1.api.amazonwebservices.com.cn",
+				},
+			},
+		},
+		"resource-groups": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{},
+			},
+		},
+		"rolesanywhere": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{},
+			},
+		},
+		"route53": service{
+			PartitionEndpoint: "aws-cn-global",
+			IsRegionalized:    boxedFalse,
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "aws-cn-global",
+				}: endpoint{
+					Hostname: "route53.amazonaws.com.cn",
+					CredentialScope: credentialScope{
+						Region: "cn-northwest-1",
+					},
+				},
+			},
+		},
+		"route53resolver": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{
+					Protocols: []string{"https"},
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{},
+			},
+		},
+		"runtime.sagemaker": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{},
+			},
+		},
+		"s3": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{
+					Protocols:         []string{"http", "https"},
+					SignatureVersions: []string{"s3v4"},
+				},
+				defaultKey{
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname:          "{service}.dualstack.{region}.{dnsSuffix}",
+					DNSSuffix:         "amazonaws.com.cn",
+					Protocols:         []string{"http", "https"},
+					SignatureVersions: []string{"s3v4"},
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "cn-north-1",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "s3.dualstack.cn-north-1.amazonaws.com.cn",
+				},
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "cn-northwest-1",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "s3.dualstack.cn-northwest-1.amazonaws.com.cn",
+				},
+			},
+		},
+		"s3-control": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{
+					Protocols:         []string{"https"},
+					SignatureVersions: []string{"s3v4"},
+				},
+				defaultKey{
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname:          "{service}.dualstack.{region}.{dnsSuffix}",
+					DNSSuffix:         "amazonaws.com.cn",
+					Protocols:         []string{"https"},
+					SignatureVersions: []string{"s3v4"},
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{
+					Hostname:          "s3-control.cn-north-1.amazonaws.com.cn",
+					SignatureVersions: []string{"s3v4"},
+					CredentialScope: credentialScope{
+						Region: "cn-north-1",
+					},
+				},
+				endpointKey{
+					Region:  "cn-north-1",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname:          "s3-control.dualstack.cn-north-1.amazonaws.com.cn",
+					SignatureVersions: []string{"s3v4"},
+					CredentialScope: credentialScope{
+						Region: "cn-north-1",
+					},
+				},
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{
+					Hostname:          "s3-control.cn-northwest-1.amazonaws.com.cn",
+					SignatureVersions: []string{"s3v4"},
+					CredentialScope: credentialScope{
+						Region: "cn-northwest-1",
+					},
+				},
+				endpointKey{
+					Region:  "cn-northwest-1",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname:          "s3-control.dualstack.cn-northwest-1.amazonaws.com.cn",
+					SignatureVersions: []string{"s3v4"},
+					CredentialScope: credentialScope{
+						Region: "cn-northwest-1",
+					},
+				},
+			},
+		},
+		"secretsmanager": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{},
+			},
+		},
+		"securityhub": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{},
+			},
+		},
+		"serverlessrepo": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{
+					Protocols: []string{"https"},
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{
+					Protocols: []string{"https"},
+				},
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{
+					Protocols: []string{"https"},
+				},
+			},
+		},
+		"servicecatalog": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{},
+			},
+		},
+		"servicediscovery": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "cn-north-1",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "servicediscovery.cn-north-1.amazonaws.com.cn",
+				},
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "cn-northwest-1",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "servicediscovery.cn-northwest-1.amazonaws.com.cn",
+				},
+			},
+		},
+		"servicequotas": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{
+					Protocols: []string{"https"},
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{},
+			},
+		},
+		"signer": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{},
+			},
+		},
+		"sms": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{},
+			},
+		},
+		"snowball": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "cn-north-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "snowball-fips.cn-north-1.amazonaws.com.cn",
+				},
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "cn-northwest-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "snowball-fips.cn-northwest-1.amazonaws.com.cn",
+				},
+				endpointKey{
+					Region: "fips-cn-north-1",
+				}: endpoint{
+					Hostname: "snowball-fips.cn-north-1.amazonaws.com.cn",
+					CredentialScope: credentialScope{
+						Region: "cn-north-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-cn-northwest-1",
+				}: endpoint{
+					Hostname: "snowball-fips.cn-northwest-1.amazonaws.com.cn",
+					CredentialScope: credentialScope{
+						Region: "cn-northwest-1",
+					},
+					Deprecated: boxedTrue,
+				},
+			},
+		},
+		"sns": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{
+					Protocols: []string{"http", "https"},
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{},
+			},
+		},
+		"sqs": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{
+					SSLCommonName: "{region}.queue.{dnsSuffix}",
+					Protocols:     []string{"http", "https"},
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{},
+			},
+		},
+		"ssm": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{},
+			},
+		},
+		"states": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{},
+			},
+		},
+		"storagegateway": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{},
+			},
+		},
+		"streams.dynamodb": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{
+					Protocols: []string{"http", "https"},
+					CredentialScope: credentialScope{
+						Service: "dynamodb",
+					},
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{},
+			},
+		},
+		"sts": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{},
+			},
+		},
+		"support": service{
+			PartitionEndpoint: "aws-cn-global",
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "aws-cn-global",
+				}: endpoint{
+					Hostname: "support.cn-north-1.amazonaws.com.cn",
+					CredentialScope: credentialScope{
+						Region: "cn-north-1",
+					},
+				},
+			},
+		},
+		"swf": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{},
+			},
+		},
+		"synthetics": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{},
+			},
+		},
+		"tagging": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{},
+			},
+		},
+		"transcribe": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{
+					Protocols: []string{"https"},
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{
+					Hostname: "cn.transcribe.cn-north-1.amazonaws.com.cn",
+					CredentialScope: credentialScope{
+						Region: "cn-north-1",
+					},
+				},
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{
+					Hostname: "cn.transcribe.cn-northwest-1.amazonaws.com.cn",
+					CredentialScope: credentialScope{
+						Region: "cn-northwest-1",
+					},
+				},
+			},
+		},
+		"transcribestreaming": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{},
+			},
+		},
+		"transfer": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{},
+			},
+		},
+		"waf-regional": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{
+					Hostname: "waf-regional.cn-north-1.amazonaws.com.cn",
+					CredentialScope: credentialScope{
+						Region: "cn-north-1",
+					},
+				},
+				endpointKey{
+					Region:  "cn-north-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "waf-regional-fips.cn-north-1.amazonaws.com.cn",
+					CredentialScope: credentialScope{
+						Region: "cn-north-1",
+					},
+				},
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{
+					Hostname: "waf-regional.cn-northwest-1.amazonaws.com.cn",
+					CredentialScope: credentialScope{
+						Region: "cn-northwest-1",
+					},
+				},
+				endpointKey{
+					Region:  "cn-northwest-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "waf-regional-fips.cn-northwest-1.amazonaws.com.cn",
+					CredentialScope: credentialScope{
+						Region: "cn-northwest-1",
+					},
+				},
+				endpointKey{
+					Region: "fips-cn-north-1",
+				}: endpoint{
+					Hostname: "waf-regional-fips.cn-north-1.amazonaws.com.cn",
+					CredentialScope: credentialScope{
+						Region: "cn-north-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-cn-northwest-1",
+				}: endpoint{
+					Hostname: "waf-regional-fips.cn-northwest-1.amazonaws.com.cn",
+					CredentialScope: credentialScope{
+						Region: "cn-northwest-1",
+					},
+					Deprecated: boxedTrue,
+				},
+			},
+		},
+		"wafv2": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{
+					Hostname: "wafv2.cn-north-1.amazonaws.com.cn",
+					CredentialScope: credentialScope{
+						Region: "cn-north-1",
+					},
+				},
+				endpointKey{
+					Region:  "cn-north-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "wafv2-fips.cn-north-1.amazonaws.com.cn",
+					CredentialScope: credentialScope{
+						Region: "cn-north-1",
+					},
+				},
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{
+					Hostname: "wafv2.cn-northwest-1.amazonaws.com.cn",
+					CredentialScope: credentialScope{
+						Region: "cn-northwest-1",
+					},
+				},
+				endpointKey{
+					Region:  "cn-northwest-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "wafv2-fips.cn-northwest-1.amazonaws.com.cn",
+					CredentialScope: credentialScope{
+						Region: "cn-northwest-1",
+					},
+				},
+				endpointKey{
+					Region: "fips-cn-north-1",
+				}: endpoint{
+					Hostname: "wafv2-fips.cn-north-1.amazonaws.com.cn",
+					CredentialScope: credentialScope{
+						Region: "cn-north-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-cn-northwest-1",
+				}: endpoint{
+					Hostname: "wafv2-fips.cn-northwest-1.amazonaws.com.cn",
+					CredentialScope: credentialScope{
+						Region: "cn-northwest-1",
+					},
+					Deprecated: boxedTrue,
+				},
+			},
+		},
+		"workspaces": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{},
+			},
+		},
+		"xray": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{},
+			},
+		},
+	},
+}
+
+// AwsUsGovPartition returns the Resolver for AWS GovCloud (US).
+func AwsUsGovPartition() Partition {
+	return awsusgovPartition.Partition()
+}
+
+var awsusgovPartition = partition{
+	ID:        "aws-us-gov",
+	Name:      "AWS GovCloud (US)",
+	DNSSuffix: "amazonaws.com",
+	RegionRegex: regionRegex{
+		Regexp: func() *regexp.Regexp {
+			reg, _ := regexp.Compile("^us\\-gov\\-\\w+\\-\\d+$")
+			return reg
+		}(),
+	},
+	Defaults: endpointDefaults{
+		defaultKey{}: endpoint{
+			Hostname:          "{service}.{region}.{dnsSuffix}",
+			Protocols:         []string{"https"},
+			SignatureVersions: []string{"v4"},
+		},
+		defaultKey{
+			Variant: dualStackVariant,
+		}: endpoint{
+			Hostname:          "{service}.{region}.{dnsSuffix}",
+			DNSSuffix:         "api.aws",
+			Protocols:         []string{"https"},
+			SignatureVersions: []string{"v4"},
+		},
+		defaultKey{
+			Variant: fipsVariant,
+		}: endpoint{
+			Hostname:          "{service}-fips.{region}.{dnsSuffix}",
+			DNSSuffix:         "amazonaws.com",
+			Protocols:         []string{"https"},
+			SignatureVersions: []string{"v4"},
+		},
+		defaultKey{
+			Variant: fipsVariant | dualStackVariant,
+		}: endpoint{
+			Hostname:          "{service}-fips.{region}.{dnsSuffix}",
+			DNSSuffix:         "api.aws",
+			Protocols:         []string{"https"},
+			SignatureVersions: []string{"v4"},
+		},
+	},
+	Regions: regions{
+		"us-gov-east-1": region{
+			Description: "AWS GovCloud (US-East)",
+		},
+		"us-gov-west-1": region{
+			Description: "AWS GovCloud (US-West)",
+		},
+	},
+	Services: services{
+		"access-analyzer": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{
+					Hostname: "access-analyzer.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+				},
+				endpointKey{
+					Region:  "us-gov-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "access-analyzer.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+				},
+				endpointKey{
+					Region: "us-gov-east-1-fips",
+				}: endpoint{
+					Hostname: "access-analyzer.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{
+					Hostname: "access-analyzer.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+				},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "access-analyzer.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+				},
+				endpointKey{
+					Region: "us-gov-west-1-fips",
+				}: endpoint{
+					Hostname: "access-analyzer.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+			},
+		},
+		"acm": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{},
+				defaultKey{
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "acm.{region}.{dnsSuffix}",
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{
+					Hostname: "acm.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{
+					Hostname: "acm.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+				},
+			},
+		},
+		"acm-pca": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{
+					Protocols: []string{"https"},
+				},
+				defaultKey{
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname:  "acm-pca.{region}.{dnsSuffix}",
+					Protocols: []string{"https"},
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "fips-us-gov-east-1",
+				}: endpoint{
+					Hostname: "acm-pca.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-gov-west-1",
+				}: endpoint{
+					Hostname: "acm-pca.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "acm-pca.us-gov-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "acm-pca.us-gov-west-1.amazonaws.com",
+				},
+			},
+		},
+		"api.detective": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{
+					Protocols: []string{"https"},
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "api.detective-fips.us-gov-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-gov-east-1-fips",
+				}: endpoint{
+					Hostname: "api.detective-fips.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "api.detective-fips.us-gov-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-gov-west-1-fips",
+				}: endpoint{
+					Hostname: "api.detective-fips.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+			},
+		},
+		"api.ecr": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{},
+				defaultKey{
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "ecr-fips.{region}.{dnsSuffix}",
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "dkr-us-gov-east-1",
+				}: endpoint{
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region:  "dkr-us-gov-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "ecr-fips.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "dkr-us-gov-west-1",
+				}: endpoint{
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region:  "dkr-us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "ecr-fips.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-dkr-us-gov-east-1",
+				}: endpoint{
+					Hostname: "ecr-fips.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-dkr-us-gov-west-1",
+				}: endpoint{
+					Hostname: "ecr-fips.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-gov-east-1",
+				}: endpoint{
+					Hostname: "ecr-fips.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-gov-west-1",
+				}: endpoint{
+					Hostname: "ecr-fips.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{
+					Hostname: "api.ecr.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+				},
+				endpointKey{
+					Region:  "us-gov-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "ecr-fips.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{
+					Hostname: "api.ecr.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+				},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "ecr-fips.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+				},
+			},
+		},
+		"api.sagemaker": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{},
+				defaultKey{
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "api-fips.sagemaker.{region}.{dnsSuffix}",
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "api-fips.sagemaker.us-gov-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-gov-west-1-fips",
+				}: endpoint{
+					Hostname: "api-fips.sagemaker.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-west-1-fips-secondary",
+				}: endpoint{
+					Hostname: "api.sagemaker.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-west-1-secondary",
+				}: endpoint{
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region:  "us-gov-west-1-secondary",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "api.sagemaker.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+			},
+		},
+		"api.tunneling.iot": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{},
+				defaultKey{
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "api.tunneling.iot-fips.{region}.{dnsSuffix}",
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "fips-us-gov-east-1",
+				}: endpoint{
+					Hostname: "api.tunneling.iot-fips.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-gov-west-1",
+				}: endpoint{
+					Hostname: "api.tunneling.iot-fips.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "api.tunneling.iot-fips.us-gov-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "api.tunneling.iot-fips.us-gov-west-1.amazonaws.com",
+				},
+			},
+		},
+		"apigateway": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{},
+			},
+		},
+		"appconfig": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "fips-us-gov-east-1",
+				}: endpoint{
+					Hostname: "appconfig.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-gov-west-1",
+				}: endpoint{
+					Hostname: "appconfig.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "appconfig.us-gov-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "appconfig.us-gov-west-1.amazonaws.com",
+				},
+			},
+		},
+		"appconfigdata": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{},
+			},
+		},
+		"application-autoscaling": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{
+					Hostname:  "autoscaling.{region}.amazonaws.com",
+					Protocols: []string{"http", "https"},
+					CredentialScope: credentialScope{
+						Service: "application-autoscaling",
+					},
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{
+					Hostname:  "application-autoscaling.us-gov-east-1.amazonaws.com",
+					Protocols: []string{"http", "https"},
+				},
+				endpointKey{
+					Region:  "us-gov-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname:  "application-autoscaling.us-gov-east-1.amazonaws.com",
+					Protocols: []string{"http", "https"},
+				},
+				endpointKey{
+					Region: "us-gov-east-1-fips",
+				}: endpoint{
+					Hostname:  "application-autoscaling.us-gov-east-1.amazonaws.com",
+					Protocols: []string{"http", "https"},
+
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{
+					Hostname:  "application-autoscaling.us-gov-west-1.amazonaws.com",
+					Protocols: []string{"http", "https"},
+				},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname:  "application-autoscaling.us-gov-west-1.amazonaws.com",
+					Protocols: []string{"http", "https"},
+				},
+				endpointKey{
+					Region: "us-gov-west-1-fips",
+				}: endpoint{
+					Hostname:  "application-autoscaling.us-gov-west-1.amazonaws.com",
+					Protocols: []string{"http", "https"},
+
+					Deprecated: boxedTrue,
+				},
+			},
+		},
+		"applicationinsights": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{
+					Hostname: "applicationinsights.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{
+					Hostname: "applicationinsights.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+				},
+			},
+		},
+		"appstream2": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{
+					Protocols: []string{"https"},
+					CredentialScope: credentialScope{
+						Service: "appstream",
+					},
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "fips",
+				}: endpoint{
+					Hostname: "appstream2-fips.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "appstream2-fips.us-gov-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-gov-east-1-fips",
+				}: endpoint{
+					Hostname: "appstream2-fips.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "appstream2-fips.us-gov-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-gov-west-1-fips",
+				}: endpoint{
+					Hostname: "appstream2-fips.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+			},
+		},
+		"athena": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "fips-us-gov-east-1",
+				}: endpoint{
+					Hostname: "athena-fips.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-gov-west-1",
+				}: endpoint{
+					Hostname: "athena-fips.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-east-1",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "athena.us-gov-east-1.api.aws",
+				},
+				endpointKey{
+					Region:  "us-gov-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "athena-fips.us-gov-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region:  "us-gov-east-1",
+					Variant: fipsVariant | dualStackVariant,
+				}: endpoint{
+					Hostname: "athena-fips.us-gov-east-1.api.aws",
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "athena.us-gov-west-1.api.aws",
+				},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "athena-fips.us-gov-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant | dualStackVariant,
+				}: endpoint{
+					Hostname: "athena-fips.us-gov-west-1.api.aws",
+				},
+			},
+		},
+		"autoscaling": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{},
+				defaultKey{
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "autoscaling.{region}.{dnsSuffix}",
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{
+					Protocols: []string{"http", "https"},
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{
+					Protocols: []string{"http", "https"},
+				},
+			},
+		},
+		"autoscaling-plans": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{
+					Protocols: []string{"http", "https"},
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{
+					Protocols: []string{"http", "https"},
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{
+					Protocols: []string{"http", "https"},
+				},
+			},
+		},
+		"backup": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{},
+			},
+		},
+		"backup-gateway": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{},
+			},
+		},
+		"batch": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{},
+				defaultKey{
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "batch.{region}.{dnsSuffix}",
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "fips-us-gov-east-1",
+				}: endpoint{
+					Hostname: "batch.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-gov-west-1",
+				}: endpoint{
+					Hostname: "batch.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "batch.us-gov-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "batch.us-gov-west-1.amazonaws.com",
+				},
+			},
+		},
+		"cassandra": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{
+					Hostname: "cassandra.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+				},
+				endpointKey{
+					Region:  "us-gov-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "cassandra.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+				},
+				endpointKey{
+					Region: "us-gov-east-1-fips",
+				}: endpoint{
+					Hostname: "cassandra.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{
+					Hostname: "cassandra.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+				},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "cassandra.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+				},
+				endpointKey{
+					Region: "us-gov-west-1-fips",
+				}: endpoint{
+					Hostname: "cassandra.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+			},
+		},
+		"cloudcontrolapi": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "fips-us-gov-east-1",
+				}: endpoint{
+					Hostname: "cloudcontrolapi-fips.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-gov-west-1",
+				}: endpoint{
+					Hostname: "cloudcontrolapi-fips.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "cloudcontrolapi-fips.us-gov-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "cloudcontrolapi-fips.us-gov-west-1.amazonaws.com",
+				},
+			},
+		},
+		"clouddirectory": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "clouddirectory.us-gov-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-gov-west-1-fips",
+				}: endpoint{
+					Hostname: "clouddirectory.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+			},
+		},
+		"cloudformation": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{
+					Hostname: "cloudformation.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+				},
+				endpointKey{
+					Region:  "us-gov-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "cloudformation.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+				},
+				endpointKey{
+					Region: "us-gov-east-1-fips",
+				}: endpoint{
+					Hostname: "cloudformation.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{
+					Hostname: "cloudformation.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+				},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "cloudformation.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+				},
+				endpointKey{
+					Region: "us-gov-west-1-fips",
+				}: endpoint{
+					Hostname: "cloudformation.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+			},
+		},
+		"cloudhsm": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{},
+			},
+		},
+		"cloudhsmv2": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{
+					CredentialScope: credentialScope{
+						Service: "cloudhsm",
+					},
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{},
+			},
+		},
+		"cloudtrail": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{},
+				defaultKey{
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "cloudtrail.us-gov-west-1.amazonaws.com",
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "fips-us-gov-east-1",
+				}: endpoint{
+					Hostname: "cloudtrail.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-gov-west-1",
+				}: endpoint{
+					Hostname: "cloudtrail.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "cloudtrail.us-gov-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "cloudtrail.us-gov-west-1.amazonaws.com",
+				},
+			},
+		},
+		"codebuild": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "codebuild-fips.us-gov-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-gov-east-1-fips",
+				}: endpoint{
+					Hostname: "codebuild-fips.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "codebuild-fips.us-gov-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-gov-west-1-fips",
+				}: endpoint{
+					Hostname: "codebuild-fips.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+			},
+		},
+		"codecommit": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "fips",
+				}: endpoint{
+					Hostname: "codecommit-fips.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "codecommit-fips.us-gov-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-gov-east-1-fips",
+				}: endpoint{
+					Hostname: "codecommit-fips.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "codecommit-fips.us-gov-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-gov-west-1-fips",
+				}: endpoint{
+					Hostname: "codecommit-fips.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+			},
+		},
+		"codedeploy": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "codedeploy-fips.us-gov-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-gov-east-1-fips",
+				}: endpoint{
+					Hostname: "codedeploy-fips.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "codedeploy-fips.us-gov-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-gov-west-1-fips",
+				}: endpoint{
+					Hostname: "codedeploy-fips.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+			},
+		},
+		"codepipeline": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "fips-us-gov-west-1",
+				}: endpoint{
+					Hostname: "codepipeline-fips.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "codepipeline-fips.us-gov-west-1.amazonaws.com",
+				},
+			},
+		},
+		"cognito-identity": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "fips-us-gov-west-1",
+				}: endpoint{
+					Hostname: "cognito-identity-fips.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "cognito-identity-fips.us-gov-west-1.amazonaws.com",
+				},
+			},
+		},
+		"cognito-idp": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "fips-us-gov-west-1",
+				}: endpoint{
+					Hostname: "cognito-idp-fips.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "cognito-idp-fips.us-gov-west-1.amazonaws.com",
+				},
+			},
+		},
+		"comprehend": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{
+					Protocols: []string{"https"},
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "fips-us-gov-west-1",
+				}: endpoint{
+					Hostname: "comprehend-fips.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "comprehend-fips.us-gov-west-1.amazonaws.com",
+				},
+			},
+		},
+		"comprehendmedical": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "fips-us-gov-west-1",
+				}: endpoint{
+					Hostname: "comprehendmedical-fips.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "comprehendmedical-fips.us-gov-west-1.amazonaws.com",
+				},
+			},
+		},
+		"compute-optimizer": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{
+					Hostname: "compute-optimizer-fips.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{
+					Hostname: "compute-optimizer-fips.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+				},
+			},
+		},
+		"config": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{},
+				defaultKey{
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "config.{region}.{dnsSuffix}",
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "fips-us-gov-east-1",
+				}: endpoint{
+					Hostname: "config.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-gov-west-1",
+				}: endpoint{
+					Hostname: "config.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "config.us-gov-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "config.us-gov-west-1.amazonaws.com",
+				},
+			},
+		},
+		"connect": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "fips-us-gov-west-1",
+				}: endpoint{
+					Hostname: "connect.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "connect.us-gov-west-1.amazonaws.com",
+				},
+			},
+		},
+		"controltower": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{},
+			},
+		},
+		"data-ats.iot": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{
+					Protocols: []string{"https"},
+					CredentialScope: credentialScope{
+						Service: "iotdata",
+					},
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "fips-us-gov-east-1",
+				}: endpoint{
+					Hostname: "data.iot-fips.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Service: "iotdata",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-gov-west-1",
+				}: endpoint{
+					Hostname: "data.iot-fips.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Service: "iotdata",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "data.iot-fips.us-gov-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "data.iot-fips.us-gov-west-1.amazonaws.com",
+				},
+			},
+		},
+		"data.jobs.iot": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "fips-us-gov-east-1",
+				}: endpoint{
+					Hostname: "data.jobs.iot-fips.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-gov-west-1",
+				}: endpoint{
+					Hostname: "data.jobs.iot-fips.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "data.jobs.iot-fips.us-gov-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "data.jobs.iot-fips.us-gov-west-1.amazonaws.com",
+				},
+			},
+		},
+		"databrew": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "fips-us-gov-west-1",
+				}: endpoint{
+					Hostname: "databrew.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "databrew.us-gov-west-1.amazonaws.com",
+				},
+			},
+		},
+		"datasync": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "fips-us-gov-east-1",
+				}: endpoint{
+					Hostname: "datasync-fips.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-gov-west-1",
+				}: endpoint{
+					Hostname: "datasync-fips.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "datasync-fips.us-gov-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "datasync-fips.us-gov-west-1.amazonaws.com",
+				},
+			},
+		},
+		"directconnect": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{
+					Hostname: "directconnect.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{
+					Hostname: "directconnect.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+				},
+			},
+		},
+		"dlm": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "dlm.us-gov-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-gov-east-1-fips",
+				}: endpoint{
+					Hostname: "dlm.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "dlm.us-gov-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-gov-west-1-fips",
+				}: endpoint{
+					Hostname: "dlm.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+			},
+		},
+		"dms": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{},
+				defaultKey{
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "dms.{region}.{dnsSuffix}",
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "dms",
+				}: endpoint{
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region:  "dms",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "dms.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "dms-fips",
+				}: endpoint{
+					Hostname: "dms.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "dms.us-gov-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-gov-east-1-fips",
+				}: endpoint{
+					Hostname: "dms.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "dms.us-gov-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-gov-west-1-fips",
+				}: endpoint{
+					Hostname: "dms.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+			},
+		},
+		"docdb": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{
+					Hostname: "rds.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+				},
+			},
+		},
+		"ds": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "fips-us-gov-east-1",
+				}: endpoint{
+					Hostname: "ds-fips.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-gov-west-1",
+				}: endpoint{
+					Hostname: "ds-fips.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "ds-fips.us-gov-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "ds-fips.us-gov-west-1.amazonaws.com",
+				},
+			},
+		},
+		"dynamodb": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{},
+				defaultKey{
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "dynamodb.{region}.{dnsSuffix}",
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "dynamodb.us-gov-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-gov-east-1-fips",
+				}: endpoint{
+					Hostname: "dynamodb.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "dynamodb.us-gov-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-gov-west-1-fips",
+				}: endpoint{
+					Hostname: "dynamodb.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+			},
+		},
+		"ebs": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{},
+			},
+		},
+		"ec2": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{},
+				defaultKey{
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "ec2.{region}.{dnsSuffix}",
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{
+					Hostname: "ec2.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+				},
+				endpointKey{
+					Region:  "us-gov-east-1",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "ec2.us-gov-east-1.api.aws",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{
+					Hostname: "ec2.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+				},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "ec2.us-gov-west-1.api.aws",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+				},
+			},
+		},
+		"ecs": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "fips-us-gov-east-1",
+				}: endpoint{
+					Hostname: "ecs-fips.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-gov-west-1",
+				}: endpoint{
+					Hostname: "ecs-fips.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "ecs-fips.us-gov-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "ecs-fips.us-gov-west-1.amazonaws.com",
+				},
+			},
+		},
+		"eks": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{
+					Protocols: []string{"http", "https"},
+				},
+				defaultKey{
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname:  "eks.{region}.{dnsSuffix}",
+					Protocols: []string{"http", "https"},
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "fips-us-gov-east-1",
+				}: endpoint{
+					Hostname: "eks.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-gov-west-1",
+				}: endpoint{
+					Hostname: "eks.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "eks.us-gov-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "eks.us-gov-west-1.amazonaws.com",
+				},
+			},
+		},
+		"elasticache": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{},
+				defaultKey{
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "elasticache.{region}.{dnsSuffix}",
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "fips",
+				}: endpoint{
+					Hostname: "elasticache.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "elasticache.us-gov-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-gov-west-1-fips",
+				}: endpoint{
+					Hostname: "elasticache.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+			},
+		},
+		"elasticbeanstalk": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{
+					Hostname: "elasticbeanstalk.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+				},
+				endpointKey{
+					Region:  "us-gov-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "elasticbeanstalk.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+				},
+				endpointKey{
+					Region: "us-gov-east-1-fips",
+				}: endpoint{
+					Hostname: "elasticbeanstalk.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{
+					Hostname: "elasticbeanstalk.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+				},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "elasticbeanstalk.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+				},
+				endpointKey{
+					Region: "us-gov-west-1-fips",
+				}: endpoint{
+					Hostname: "elasticbeanstalk.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+			},
+		},
+		"elasticfilesystem": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "fips-us-gov-east-1",
+				}: endpoint{
+					Hostname: "elasticfilesystem-fips.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-gov-west-1",
+				}: endpoint{
+					Hostname: "elasticfilesystem-fips.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "elasticfilesystem-fips.us-gov-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "elasticfilesystem-fips.us-gov-west-1.amazonaws.com",
+				},
+			},
+		},
+		"elasticloadbalancing": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{},
+				defaultKey{
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "elasticloadbalancing.{region}.{dnsSuffix}",
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "fips-us-gov-east-1",
+				}: endpoint{
+					Hostname: "elasticloadbalancing.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-gov-west-1",
+				}: endpoint{
+					Hostname: "elasticloadbalancing.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "elasticloadbalancing.us-gov-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{
+					Protocols: []string{"http", "https"},
+				},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname:  "elasticloadbalancing.us-gov-west-1.amazonaws.com",
+					Protocols: []string{"http", "https"},
+				},
+			},
+		},
+		"elasticmapreduce": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{},
+				defaultKey{
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "elasticmapreduce.{region}.{dnsSuffix}",
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "fips-us-gov-east-1",
+				}: endpoint{
+					Hostname: "elasticmapreduce.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-gov-west-1",
+				}: endpoint{
+					Hostname: "elasticmapreduce.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "elasticmapreduce.us-gov-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{
+					Protocols: []string{"https"},
+				},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname:  "elasticmapreduce.us-gov-west-1.amazonaws.com",
+					Protocols: []string{"https"},
+				},
+			},
+		},
+		"email": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "fips-us-gov-west-1",
+				}: endpoint{
+					Hostname: "email-fips.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "email-fips.us-gov-west-1.amazonaws.com",
+				},
+			},
+		},
+		"emr-containers": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{},
+			},
+		},
+		"es": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "fips",
+				}: endpoint{
+					Hostname: "es-fips.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "es-fips.us-gov-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-gov-east-1-fips",
+				}: endpoint{
+					Hostname: "es-fips.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "es-fips.us-gov-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-gov-west-1-fips",
+				}: endpoint{
+					Hostname: "es-fips.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+			},
+		},
+		"events": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "fips-us-gov-east-1",
+				}: endpoint{
+					Hostname: "events.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-gov-west-1",
+				}: endpoint{
+					Hostname: "events.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "events.us-gov-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "events.us-gov-west-1.amazonaws.com",
+				},
+			},
+		},
+		"firehose": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "fips-us-gov-east-1",
+				}: endpoint{
+					Hostname: "firehose-fips.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-gov-west-1",
+				}: endpoint{
+					Hostname: "firehose-fips.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "firehose-fips.us-gov-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "firehose-fips.us-gov-west-1.amazonaws.com",
+				},
+			},
+		},
+		"fms": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{
+					Protocols: []string{"https"},
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "fips-us-gov-east-1",
+				}: endpoint{
+					Hostname: "fms-fips.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-gov-west-1",
+				}: endpoint{
+					Hostname: "fms-fips.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "fms-fips.us-gov-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "fms-fips.us-gov-west-1.amazonaws.com",
+				},
+			},
+		},
+		"fsx": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "fips-prod-us-gov-east-1",
+				}: endpoint{
+					Hostname: "fsx-fips.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-prod-us-gov-west-1",
+				}: endpoint{
+					Hostname: "fsx-fips.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-gov-east-1",
+				}: endpoint{
+					Hostname: "fsx-fips.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-gov-west-1",
+				}: endpoint{
+					Hostname: "fsx-fips.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "prod-us-gov-east-1",
+				}: endpoint{
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region:  "prod-us-gov-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "fsx-fips.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "prod-us-gov-west-1",
+				}: endpoint{
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region:  "prod-us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "fsx-fips.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "fsx-fips.us-gov-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "fsx-fips.us-gov-west-1.amazonaws.com",
+				},
+			},
+		},
+		"glacier": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "fips-us-gov-east-1",
+				}: endpoint{
+					Hostname: "glacier.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-gov-west-1",
+				}: endpoint{
+					Hostname: "glacier.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "glacier.us-gov-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{
+					Protocols: []string{"http", "https"},
+				},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname:  "glacier.us-gov-west-1.amazonaws.com",
+					Protocols: []string{"http", "https"},
+				},
+			},
+		},
+		"glue": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "fips-us-gov-east-1",
+				}: endpoint{
+					Hostname: "glue-fips.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-gov-west-1",
+				}: endpoint{
+					Hostname: "glue-fips.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "glue-fips.us-gov-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "glue-fips.us-gov-west-1.amazonaws.com",
+				},
+			},
+		},
+		"greengrass": service{
+			IsRegionalized: boxedTrue,
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{
+					Protocols: []string{"https"},
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "dataplane-us-gov-east-1",
+				}: endpoint{
+					Hostname: "greengrass-ats.iot.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+				},
+				endpointKey{
+					Region: "dataplane-us-gov-west-1",
+				}: endpoint{
+					Hostname: "greengrass-ats.iot.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+				},
+				endpointKey{
+					Region: "fips-us-gov-east-1",
+				}: endpoint{
+					Hostname: "greengrass.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-gov-west-1",
+				}: endpoint{
+					Hostname: "greengrass.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "greengrass.us-gov-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "greengrass.us-gov-west-1.amazonaws.com",
+				},
+			},
+		},
+		"guardduty": service{
+			IsRegionalized: boxedTrue,
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{
+					Protocols: []string{"https"},
+				},
+				defaultKey{
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname:  "guardduty.{region}.{dnsSuffix}",
+					Protocols: []string{"https"},
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "guardduty.us-gov-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-gov-east-1-fips",
+				}: endpoint{
+					Hostname: "guardduty.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "guardduty.us-gov-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-gov-west-1-fips",
+				}: endpoint{
+					Hostname: "guardduty.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+			},
+		},
+		"health": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "fips-us-gov-west-1",
+				}: endpoint{
+					Hostname: "health-fips.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "health-fips.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+			},
+		},
+		"iam": service{
+			PartitionEndpoint: "aws-us-gov-global",
+			IsRegionalized:    boxedFalse,
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "aws-us-gov-global",
+				}: endpoint{
+					Hostname: "iam.us-gov.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+				},
+				endpointKey{
+					Region:  "aws-us-gov-global",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "iam.us-gov.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+				},
+				endpointKey{
+					Region: "aws-us-gov-global-fips",
+				}: endpoint{
+					Hostname: "iam.us-gov.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "iam-govcloud",
+				}: endpoint{
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region:  "iam-govcloud",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "iam.us-gov.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "iam-govcloud-fips",
+				}: endpoint{
+					Hostname: "iam.us-gov.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+			},
+		},
+		"identitystore": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{},
+				defaultKey{
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "identitystore.{region}.{dnsSuffix}",
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "fips-us-gov-east-1",
+				}: endpoint{
+					Hostname: "identitystore.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-gov-west-1",
+				}: endpoint{
+					Hostname: "identitystore.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "identitystore.us-gov-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "identitystore.us-gov-west-1.amazonaws.com",
+				},
+			},
+		},
+		"ingest.timestream": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "ingest.timestream.us-gov-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-gov-west-1-fips",
+				}: endpoint{
+					Hostname: "ingest.timestream.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+			},
+		},
+		"inspector": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "fips-us-gov-east-1",
+				}: endpoint{
+					Hostname: "inspector-fips.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-gov-west-1",
+				}: endpoint{
+					Hostname: "inspector-fips.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "inspector-fips.us-gov-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "inspector-fips.us-gov-west-1.amazonaws.com",
+				},
+			},
+		},
+		"inspector2": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{},
+			},
+		},
+		"internetmonitor": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{
+					DNSSuffix: "api.aws",
+				},
+				defaultKey{
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname:  "{service}-fips.{region}.{dnsSuffix}",
+					DNSSuffix: "api.aws",
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{
+					Hostname: "internetmonitor.us-gov-east-1.api.aws",
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{
+					Hostname: "internetmonitor.us-gov-west-1.api.aws",
+				},
+			},
+		},
+		"iot": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "fips-us-gov-east-1",
+				}: endpoint{
+					Hostname: "iot-fips.us-gov-east-1.amazonaws.com",
+
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-gov-west-1",
+				}: endpoint{
+					Hostname: "iot-fips.us-gov-west-1.amazonaws.com",
+
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "iot-fips.us-gov-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "iot-fips.us-gov-west-1.amazonaws.com",
+				},
+			},
+		},
+		"iotevents": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "fips-us-gov-west-1",
+				}: endpoint{
+					Hostname: "iotevents-fips.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "iotevents-fips.us-gov-west-1.amazonaws.com",
+				},
+			},
+		},
+		"ioteventsdata": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "fips-us-gov-west-1",
+				}: endpoint{
+					Hostname: "data.iotevents-fips.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{
+					Hostname: "data.iotevents.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+				},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "data.iotevents-fips.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+				},
+			},
+		},
+		"iotsecuredtunneling": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{},
+				defaultKey{
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "api.tunneling.iot-fips.{region}.{dnsSuffix}",
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "fips-us-gov-east-1",
+				}: endpoint{
+					Hostname: "api.tunneling.iot-fips.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-gov-west-1",
+				}: endpoint{
+					Hostname: "api.tunneling.iot-fips.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "api.tunneling.iot-fips.us-gov-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "api.tunneling.iot-fips.us-gov-west-1.amazonaws.com",
+				},
+			},
+		},
+		"iotsitewise": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "fips-us-gov-west-1",
+				}: endpoint{
+					Hostname: "iotsitewise-fips.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "iotsitewise-fips.us-gov-west-1.amazonaws.com",
+				},
+			},
+		},
+		"iottwinmaker": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "fips-us-gov-west-1",
+				}: endpoint{
+					Hostname: "iottwinmaker-fips.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "iottwinmaker-fips.us-gov-west-1.amazonaws.com",
+				},
+			},
+		},
+		"kafka": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{
+					Hostname: "kafka.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+				},
+				endpointKey{
+					Region:  "us-gov-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "kafka.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+				},
+				endpointKey{
+					Region: "us-gov-east-1-fips",
+				}: endpoint{
+					Hostname: "kafka.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{
+					Hostname: "kafka.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+				},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "kafka.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+				},
+				endpointKey{
+					Region: "us-gov-west-1-fips",
+				}: endpoint{
+					Hostname: "kafka.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+			},
+		},
+		"kendra": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "fips-us-gov-west-1",
+				}: endpoint{
+					Hostname: "kendra-fips.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "kendra-fips.us-gov-west-1.amazonaws.com",
+				},
+			},
+		},
+		"kendra-ranking": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{
+					DNSSuffix: "api.aws",
+				},
+				defaultKey{
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname:  "{service}-fips.{region}.{dnsSuffix}",
+					DNSSuffix: "api.aws",
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{
+					Hostname: "kendra-ranking.us-gov-east-1.api.aws",
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{
+					Hostname: "kendra-ranking.us-gov-west-1.api.aws",
+				},
+			},
+		},
+		"kinesis": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "fips-us-gov-east-1",
+				}: endpoint{
+					Hostname: "kinesis.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-gov-west-1",
+				}: endpoint{
+					Hostname: "kinesis.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{
+					Hostname: "kinesis.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+				},
+				endpointKey{
+					Region:  "us-gov-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "kinesis.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{
+					Hostname: "kinesis.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+				},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "kinesis.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+				},
+			},
+		},
+		"kinesisanalytics": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{},
+			},
+		},
+		"kms": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ProdFips",
+				}: endpoint{
+					Hostname: "kms-fips.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "kms-fips.us-gov-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-gov-east-1-fips",
+				}: endpoint{
+					Hostname: "kms-fips.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "kms-fips.us-gov-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-gov-west-1-fips",
+				}: endpoint{
+					Hostname: "kms-fips.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+			},
+		},
+		"lakeformation": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "fips-us-gov-east-1",
+				}: endpoint{
+					Hostname: "lakeformation-fips.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-gov-west-1",
+				}: endpoint{
+					Hostname: "lakeformation-fips.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "lakeformation-fips.us-gov-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "lakeformation-fips.us-gov-west-1.amazonaws.com",
+				},
+			},
+		},
+		"lambda": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "fips-us-gov-east-1",
+				}: endpoint{
+					Hostname: "lambda-fips.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-gov-west-1",
+				}: endpoint{
+					Hostname: "lambda-fips.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-east-1",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "lambda.us-gov-east-1.api.aws",
+				},
+				endpointKey{
+					Region:  "us-gov-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "lambda-fips.us-gov-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "lambda.us-gov-west-1.api.aws",
+				},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "lambda-fips.us-gov-west-1.amazonaws.com",
+				},
+			},
+		},
+		"license-manager": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "fips-us-gov-east-1",
+				}: endpoint{
+					Hostname: "license-manager-fips.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-gov-west-1",
+				}: endpoint{
+					Hostname: "license-manager-fips.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "license-manager-fips.us-gov-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "license-manager-fips.us-gov-west-1.amazonaws.com",
+				},
+			},
+		},
+		"logs": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "fips-us-gov-east-1",
+				}: endpoint{
+					Hostname: "logs.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-gov-west-1",
+				}: endpoint{
+					Hostname: "logs.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "logs.us-gov-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "logs.us-gov-west-1.amazonaws.com",
+				},
+			},
+		},
+		"managedblockchain": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{},
+			},
+		},
+		"mediaconvert": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "fips-us-gov-west-1",
+				}: endpoint{
+					Hostname: "mediaconvert.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "mediaconvert.us-gov-west-1.amazonaws.com",
+				},
+			},
+		},
+		"meetings-chime": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "meetings-chime-fips.us-gov-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-gov-east-1-fips",
+				}: endpoint{
+					Hostname: "meetings-chime-fips.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "meetings-chime-fips.us-gov-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-gov-west-1-fips",
+				}: endpoint{
+					Hostname: "meetings-chime-fips.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+			},
+		},
+		"metering.marketplace": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{
+					CredentialScope: credentialScope{
+						Service: "aws-marketplace",
+					},
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{},
+			},
+		},
+		"metrics.sagemaker": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{},
+			},
+		},
+		"mgn": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "fips-us-gov-east-1",
+				}: endpoint{
+					Hostname: "mgn-fips.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-gov-west-1",
+				}: endpoint{
+					Hostname: "mgn-fips.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "mgn-fips.us-gov-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "mgn-fips.us-gov-west-1.amazonaws.com",
+				},
+			},
+		},
+		"models.lex": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{
+					CredentialScope: credentialScope{
+						Service: "lex",
+					},
+				},
+				defaultKey{
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "models-fips.lex.{region}.{dnsSuffix}",
+					CredentialScope: credentialScope{
+						Service: "lex",
+					},
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "models-fips.lex.us-gov-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-gov-west-1-fips",
+				}: endpoint{
+					Hostname: "models-fips.lex.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+			},
+		},
+		"monitoring": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{},
+				defaultKey{
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "monitoring.{region}.{dnsSuffix}",
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "fips-us-gov-east-1",
+				}: endpoint{
+					Hostname: "monitoring.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-gov-west-1",
+				}: endpoint{
+					Hostname: "monitoring.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "monitoring.us-gov-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "monitoring.us-gov-west-1.amazonaws.com",
+				},
+			},
+		},
+		"mq": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "fips-us-gov-east-1",
+				}: endpoint{
+					Hostname: "mq-fips.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-gov-west-1",
+				}: endpoint{
+					Hostname: "mq-fips.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "mq-fips.us-gov-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "mq-fips.us-gov-west-1.amazonaws.com",
+				},
+			},
+		},
+		"neptune": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{
+					Hostname: "rds.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{
+					Hostname: "rds.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+				},
+			},
+		},
+		"network-firewall": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "fips-us-gov-east-1",
+				}: endpoint{
+					Hostname: "network-firewall-fips.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-gov-west-1",
+				}: endpoint{
+					Hostname: "network-firewall-fips.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "network-firewall-fips.us-gov-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "network-firewall-fips.us-gov-west-1.amazonaws.com",
+				},
+			},
+		},
+		"networkmanager": service{
+			PartitionEndpoint: "aws-us-gov-global",
+			IsRegionalized:    boxedFalse,
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "aws-us-gov-global",
+				}: endpoint{
+					Hostname: "networkmanager.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+				},
+			},
+		},
+		"oidc": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{
+					Hostname: "oidc.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{
+					Hostname: "oidc.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+				},
+			},
+		},
+		"organizations": service{
+			PartitionEndpoint: "aws-us-gov-global",
+			IsRegionalized:    boxedFalse,
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "aws-us-gov-global",
+				}: endpoint{
+					Hostname: "organizations.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+				},
+				endpointKey{
+					Region:  "aws-us-gov-global",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "organizations.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+				},
+				endpointKey{
+					Region: "fips-aws-us-gov-global",
+				}: endpoint{
+					Hostname: "organizations.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+			},
+		},
+		"outposts": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "fips-us-gov-east-1",
+				}: endpoint{
+					Hostname: "outposts.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-gov-west-1",
+				}: endpoint{
+					Hostname: "outposts.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "outposts.us-gov-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "outposts.us-gov-west-1.amazonaws.com",
+				},
+			},
+		},
+		"participant.connect": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "fips-us-gov-west-1",
+				}: endpoint{
+					Hostname: "participant.connect.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "participant.connect.us-gov-west-1.amazonaws.com",
+				},
+			},
+		},
+		"pi": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{},
+			},
+		},
+		"pinpoint": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{
+					CredentialScope: credentialScope{
+						Service: "mobiletargeting",
+					},
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "fips-us-gov-west-1",
+				}: endpoint{
+					Hostname: "pinpoint-fips.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{
+					Hostname: "pinpoint.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+				},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "pinpoint-fips.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+				},
+			},
+		},
+		"polly": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "fips-us-gov-west-1",
+				}: endpoint{
+					Hostname: "polly-fips.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "polly-fips.us-gov-west-1.amazonaws.com",
+				},
+			},
+		},
+		"portal.sso": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{
+					Hostname: "portal.sso.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{
+					Hostname: "portal.sso.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+				},
+			},
+		},
+		"quicksight": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "api",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{},
+			},
+		},
+		"ram": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{
+					Hostname: "ram.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+				},
+				endpointKey{
+					Region:  "us-gov-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "ram.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+				},
+				endpointKey{
+					Region: "us-gov-east-1-fips",
+				}: endpoint{
+					Hostname: "ram.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{
+					Hostname: "ram.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+				},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "ram.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+				},
+				endpointKey{
+					Region: "us-gov-west-1-fips",
+				}: endpoint{
+					Hostname: "ram.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+			},
+		},
+		"rbin": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "fips-us-gov-east-1",
+				}: endpoint{
+					Hostname: "rbin-fips.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-gov-west-1",
+				}: endpoint{
+					Hostname: "rbin-fips.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "rbin-fips.us-gov-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "rbin-fips.us-gov-west-1.amazonaws.com",
+				},
+			},
+		},
+		"rds": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{},
+				defaultKey{
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "rds.{region}.{dnsSuffix}",
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "rds.us-gov-east-1",
+				}: endpoint{
+					Hostname: "rds.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "rds.us-gov-west-1",
+				}: endpoint{
+					Hostname: "rds.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "rds.us-gov-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-gov-east-1-fips",
+				}: endpoint{
+					Hostname: "rds.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "rds.us-gov-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-gov-west-1-fips",
+				}: endpoint{
+					Hostname: "rds.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+			},
+		},
+		"redshift": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{
+					Hostname: "redshift.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{
+					Hostname: "redshift.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+				},
+			},
+		},
+		"rekognition": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "rekognition-fips.us-gov-west-1",
+				}: endpoint{
+					Hostname: "rekognition-fips.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "rekognition.us-gov-west-1",
+				}: endpoint{
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region:  "rekognition.us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "rekognition-fips.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "rekognition-fips.us-gov-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-gov-west-1-fips",
+				}: endpoint{
+					Hostname: "rekognition-fips.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+			},
+		},
+		"resource-explorer-2": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{
+					DNSSuffix: "api.aws",
+				},
+				defaultKey{
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname:  "{service}-fips.{region}.{dnsSuffix}",
+					DNSSuffix: "api.aws",
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{
+					Hostname: "resource-explorer-2.us-gov-east-1.api.aws",
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{
+					Hostname: "resource-explorer-2.us-gov-west-1.api.aws",
+				},
+			},
+		},
+		"resource-groups": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{},
+				defaultKey{
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "resource-groups.{region}.{dnsSuffix}",
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "fips-us-gov-east-1",
+				}: endpoint{
+					Hostname: "resource-groups.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-gov-west-1",
+				}: endpoint{
+					Hostname: "resource-groups.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "resource-groups.us-gov-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "resource-groups.us-gov-west-1.amazonaws.com",
+				},
+			},
+		},
+		"robomaker": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{},
+			},
+		},
+		"route53": service{
+			PartitionEndpoint: "aws-us-gov-global",
+			IsRegionalized:    boxedFalse,
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "aws-us-gov-global",
+				}: endpoint{
+					Hostname: "route53.us-gov.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+				},
+				endpointKey{
+					Region:  "aws-us-gov-global",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "route53.us-gov.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+				},
+				endpointKey{
+					Region: "fips-aws-us-gov-global",
+				}: endpoint{
+					Hostname: "route53.us-gov.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+			},
+		},
+		"route53resolver": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "route53resolver.us-gov-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-gov-east-1-fips",
+				}: endpoint{
+					Hostname: "route53resolver.us-gov-east-1.amazonaws.com",
+
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "route53resolver.us-gov-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-gov-west-1-fips",
+				}: endpoint{
+					Hostname: "route53resolver.us-gov-west-1.amazonaws.com",
+
+					Deprecated: boxedTrue,
+				},
+			},
+		},
+		"runtime.lex": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{
+					CredentialScope: credentialScope{
+						Service: "lex",
+					},
+				},
+				defaultKey{
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "runtime-fips.lex.{region}.{dnsSuffix}",
+					CredentialScope: credentialScope{
+						Service: "lex",
+					},
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "runtime-fips.lex.us-gov-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-gov-west-1-fips",
+				}: endpoint{
+					Hostname: "runtime-fips.lex.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+			},
+		},
+		"runtime.sagemaker": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{},
+				defaultKey{
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "runtime.sagemaker.{region}.{dnsSuffix}",
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "runtime.sagemaker.us-gov-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-gov-west-1-fips",
+				}: endpoint{
+					Hostname: "runtime.sagemaker.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+			},
+		},
+		"s3": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{
+					SignatureVersions: []string{"s3", "s3v4"},
+				},
+				defaultKey{
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname:          "{service}.dualstack.{region}.{dnsSuffix}",
+					DNSSuffix:         "amazonaws.com",
+					SignatureVersions: []string{"s3", "s3v4"},
+				},
+				defaultKey{
+					Variant: fipsVariant | dualStackVariant,
+				}: endpoint{
+					Hostname:          "{service}-fips.dualstack.{region}.{dnsSuffix}",
+					DNSSuffix:         "amazonaws.com",
+					SignatureVersions: []string{"s3", "s3v4"},
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "fips-us-gov-east-1",
+				}: endpoint{
+					Hostname: "s3-fips.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-gov-west-1",
+				}: endpoint{
+					Hostname: "s3-fips.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{
+					Hostname:  "s3.us-gov-east-1.amazonaws.com",
+					Protocols: []string{"http", "https"},
+				},
+				endpointKey{
+					Region:  "us-gov-east-1",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname:  "s3.dualstack.us-gov-east-1.amazonaws.com",
+					Protocols: []string{"http", "https"},
+				},
+				endpointKey{
+					Region:  "us-gov-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname:  "s3-fips.us-gov-east-1.amazonaws.com",
+					Protocols: []string{"http", "https"},
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{
+					Hostname:  "s3.us-gov-west-1.amazonaws.com",
+					Protocols: []string{"http", "https"},
+				},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname:  "s3.dualstack.us-gov-west-1.amazonaws.com",
+					Protocols: []string{"http", "https"},
+				},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname:  "s3-fips.us-gov-west-1.amazonaws.com",
+					Protocols: []string{"http", "https"},
+				},
+			},
+		},
+		"s3-control": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{
+					Protocols:         []string{"https"},
+					SignatureVersions: []string{"s3v4"},
+				},
+				defaultKey{
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname:          "{service}.dualstack.{region}.{dnsSuffix}",
+					DNSSuffix:         "amazonaws.com",
+					Protocols:         []string{"https"},
+					SignatureVersions: []string{"s3v4"},
+				},
+				defaultKey{
+					Variant: fipsVariant | dualStackVariant,
+				}: endpoint{
+					Hostname:          "{service}-fips.dualstack.{region}.{dnsSuffix}",
+					DNSSuffix:         "amazonaws.com",
+					Protocols:         []string{"https"},
+					SignatureVersions: []string{"s3v4"},
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{
+					Hostname:          "s3-control.us-gov-east-1.amazonaws.com",
+					SignatureVersions: []string{"s3v4"},
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+				},
+				endpointKey{
+					Region:  "us-gov-east-1",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname:          "s3-control.dualstack.us-gov-east-1.amazonaws.com",
+					SignatureVersions: []string{"s3v4"},
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+				},
+				endpointKey{
+					Region:  "us-gov-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname:          "s3-control-fips.us-gov-east-1.amazonaws.com",
+					SignatureVersions: []string{"s3v4"},
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+				},
+				endpointKey{
+					Region:  "us-gov-east-1",
+					Variant: fipsVariant | dualStackVariant,
+				}: endpoint{
+					Hostname:          "s3-control-fips.dualstack.us-gov-east-1.amazonaws.com",
+					SignatureVersions: []string{"s3v4"},
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+				},
+				endpointKey{
+					Region: "us-gov-east-1-fips",
+				}: endpoint{
+					Hostname:          "s3-control-fips.us-gov-east-1.amazonaws.com",
+					SignatureVersions: []string{"s3v4"},
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{
+					Hostname:          "s3-control.us-gov-west-1.amazonaws.com",
+					SignatureVersions: []string{"s3v4"},
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+				},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname:          "s3-control.dualstack.us-gov-west-1.amazonaws.com",
+					SignatureVersions: []string{"s3v4"},
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+				},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname:          "s3-control-fips.us-gov-west-1.amazonaws.com",
+					SignatureVersions: []string{"s3v4"},
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+				},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant | dualStackVariant,
+				}: endpoint{
+					Hostname:          "s3-control-fips.dualstack.us-gov-west-1.amazonaws.com",
+					SignatureVersions: []string{"s3v4"},
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+				},
+				endpointKey{
+					Region: "us-gov-west-1-fips",
+				}: endpoint{
+					Hostname:          "s3-control-fips.us-gov-west-1.amazonaws.com",
+					SignatureVersions: []string{"s3v4"},
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+			},
+		},
+		"s3-outposts": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "fips-us-gov-east-1",
+				}: endpoint{
+
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-gov-west-1",
+				}: endpoint{
+
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-east-1",
+					Variant: fipsVariant,
+				}: endpoint{},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{},
+			},
+		},
+		"secretsmanager": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "secretsmanager-fips.us-gov-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-gov-east-1-fips",
+				}: endpoint{
+					Hostname: "secretsmanager-fips.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "secretsmanager-fips.us-gov-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-gov-west-1-fips",
+				}: endpoint{
+					Hostname: "secretsmanager-fips.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+			},
+		},
+		"securityhub": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "fips-us-gov-east-1",
+				}: endpoint{
+					Hostname: "securityhub-fips.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-gov-west-1",
+				}: endpoint{
+					Hostname: "securityhub-fips.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "securityhub-fips.us-gov-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "securityhub-fips.us-gov-west-1.amazonaws.com",
+				},
+			},
+		},
+		"serverlessrepo": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{
+					Protocols: []string{"https"},
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{
+					Protocols: []string{"https"},
+				},
+				endpointKey{
+					Region:  "us-gov-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname:  "serverlessrepo.us-gov-east-1.amazonaws.com",
+					Protocols: []string{"https"},
+				},
+				endpointKey{
+					Region: "us-gov-east-1-fips",
+				}: endpoint{
+					Hostname: "serverlessrepo.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{
+					Protocols: []string{"https"},
+				},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname:  "serverlessrepo.us-gov-west-1.amazonaws.com",
+					Protocols: []string{"https"},
+				},
+				endpointKey{
+					Region: "us-gov-west-1-fips",
+				}: endpoint{
+					Hostname: "serverlessrepo.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+			},
+		},
+		"servicecatalog": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "servicecatalog-fips.us-gov-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-gov-east-1-fips",
+				}: endpoint{
+					Hostname: "servicecatalog-fips.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "servicecatalog-fips.us-gov-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-gov-west-1-fips",
+				}: endpoint{
+					Hostname: "servicecatalog-fips.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+			},
+		},
+		"servicecatalog-appregistry": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{},
+				defaultKey{
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "servicecatalog-appregistry.{region}.{dnsSuffix}",
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{},
+			},
+		},
+		"servicediscovery": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "servicediscovery",
+				}: endpoint{
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region:  "servicediscovery",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "servicediscovery-fips.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "servicediscovery-fips",
+				}: endpoint{
+					Hostname: "servicediscovery-fips.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-east-1",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "servicediscovery.us-gov-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region:  "us-gov-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "servicediscovery-fips.us-gov-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-gov-east-1-fips",
+				}: endpoint{
+					Hostname: "servicediscovery-fips.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: dualStackVariant,
+				}: endpoint{
+					Hostname: "servicediscovery.us-gov-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "servicediscovery-fips.us-gov-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-gov-west-1-fips",
+				}: endpoint{
+					Hostname: "servicediscovery-fips.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+			},
+		},
+		"servicequotas": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{
+					Protocols: []string{"https"},
+				},
+				defaultKey{
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname:  "servicequotas.{region}.{dnsSuffix}",
+					Protocols: []string{"https"},
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "fips-us-gov-east-1",
+				}: endpoint{
+					Hostname: "servicequotas.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-gov-west-1",
+				}: endpoint{
+					Hostname: "servicequotas.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "servicequotas.us-gov-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "servicequotas.us-gov-west-1.amazonaws.com",
+				},
+			},
+		},
+		"simspaceweaver": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{},
+			},
+		},
+		"sms": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "fips-us-gov-east-1",
+				}: endpoint{
+					Hostname: "sms-fips.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-gov-west-1",
+				}: endpoint{
+					Hostname: "sms-fips.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "sms-fips.us-gov-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "sms-fips.us-gov-west-1.amazonaws.com",
+				},
+			},
+		},
+		"sms-voice": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "fips-us-gov-west-1",
+				}: endpoint{
+					Hostname: "sms-voice-fips.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "sms-voice-fips.us-gov-west-1.amazonaws.com",
+				},
+			},
+		},
+		"snowball": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "fips-us-gov-east-1",
+				}: endpoint{
+					Hostname: "snowball-fips.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-gov-west-1",
+				}: endpoint{
+					Hostname: "snowball-fips.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "snowball-fips.us-gov-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "snowball-fips.us-gov-west-1.amazonaws.com",
+				},
+			},
+		},
+		"sns": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "fips-us-gov-east-1",
+				}: endpoint{
+					Hostname: "sns.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-gov-west-1",
+				}: endpoint{
+					Hostname: "sns.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "sns.us-gov-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{
+					Protocols: []string{"https"},
+				},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname:  "sns.us-gov-west-1.amazonaws.com",
+					Protocols: []string{"https"},
+				},
+			},
+		},
+		"sqs": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{},
+				defaultKey{
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "sqs.{region}.{dnsSuffix}",
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{
+					Hostname: "sqs.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{
+					Hostname:      "sqs.us-gov-west-1.amazonaws.com",
+					SSLCommonName: "{region}.queue.{dnsSuffix}",
+					Protocols:     []string{"http", "https"},
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+				},
+			},
+		},
+		"ssm": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{},
+				defaultKey{
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "ssm.{region}.{dnsSuffix}",
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "fips-us-gov-east-1",
+				}: endpoint{
+					Hostname: "ssm.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-gov-west-1",
+				}: endpoint{
+					Hostname: "ssm.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "ssm.us-gov-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "ssm.us-gov-west-1.amazonaws.com",
+				},
+			},
+		},
+		"sso": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{
+					Hostname: "sso.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{
+					Hostname: "sso.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+				},
+			},
+		},
+		"states": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "fips-us-gov-east-1",
+				}: endpoint{
+					Hostname: "states-fips.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-gov-west-1",
+				}: endpoint{
+					Hostname: "states.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "states-fips.us-gov-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "states.us-gov-west-1.amazonaws.com",
+				},
+			},
+		},
+		"storagegateway": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "fips",
+				}: endpoint{
+					Hostname: "storagegateway-fips.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "storagegateway-fips.us-gov-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-gov-east-1-fips",
+				}: endpoint{
+					Hostname: "storagegateway-fips.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "storagegateway-fips.us-gov-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-gov-west-1-fips",
+				}: endpoint{
+					Hostname: "storagegateway-fips.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+			},
+		},
+		"streams.dynamodb": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{
+					CredentialScope: credentialScope{
+						Service: "dynamodb",
+					},
+				},
+				defaultKey{
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "streams.dynamodb.{region}.{dnsSuffix}",
+					CredentialScope: credentialScope{
+						Service: "dynamodb",
+					},
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "streams.dynamodb.us-gov-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-gov-east-1-fips",
+				}: endpoint{
+					Hostname: "streams.dynamodb.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "streams.dynamodb.us-gov-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-gov-west-1-fips",
+				}: endpoint{
+					Hostname: "streams.dynamodb.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+			},
+		},
+		"sts": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{},
+				defaultKey{
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "sts.{region}.{dnsSuffix}",
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "sts.us-gov-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-gov-east-1-fips",
+				}: endpoint{
+					Hostname: "sts.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "sts.us-gov-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-gov-west-1-fips",
+				}: endpoint{
+					Hostname: "sts.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+			},
+		},
+		"support": service{
+			PartitionEndpoint: "aws-us-gov-global",
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "aws-us-gov-global",
+				}: endpoint{
+					Hostname: "support.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+				},
+				endpointKey{
+					Region: "fips-us-gov-west-1",
+				}: endpoint{
+					Hostname: "support.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "support.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+			},
+		},
+		"swf": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{
+					Hostname: "swf.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+				},
+				endpointKey{
+					Region:  "us-gov-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "swf.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+				},
+				endpointKey{
+					Region: "us-gov-east-1-fips",
+				}: endpoint{
+					Hostname: "swf.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{
+					Hostname: "swf.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+				},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "swf.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+				},
+				endpointKey{
+					Region: "us-gov-west-1-fips",
+				}: endpoint{
+					Hostname: "swf.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+			},
+		},
+		"synthetics": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "fips-us-gov-east-1",
+				}: endpoint{
+					Hostname: "synthetics-fips.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-gov-west-1",
+				}: endpoint{
+					Hostname: "synthetics-fips.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "synthetics-fips.us-gov-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "synthetics-fips.us-gov-west-1.amazonaws.com",
+				},
+			},
+		},
+		"tagging": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{},
+			},
+		},
+		"textract": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "fips-us-gov-east-1",
+				}: endpoint{
+					Hostname: "textract-fips.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-gov-west-1",
+				}: endpoint{
+					Hostname: "textract-fips.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "textract-fips.us-gov-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "textract-fips.us-gov-west-1.amazonaws.com",
+				},
+			},
+		},
+		"transcribe": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{
+					Protocols: []string{"https"},
+				},
+				defaultKey{
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname:  "fips.transcribe.{region}.{dnsSuffix}",
+					Protocols: []string{"https"},
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "fips-us-gov-east-1",
+				}: endpoint{
+					Hostname: "fips.transcribe.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-gov-west-1",
+				}: endpoint{
+					Hostname: "fips.transcribe.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "fips.transcribe.us-gov-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "fips.transcribe.us-gov-west-1.amazonaws.com",
+				},
+			},
+		},
+		"transcribestreaming": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{},
+			},
+		},
+		"transfer": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "fips-us-gov-east-1",
+				}: endpoint{
+					Hostname: "transfer-fips.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-gov-west-1",
+				}: endpoint{
+					Hostname: "transfer-fips.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "transfer-fips.us-gov-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "transfer-fips.us-gov-west-1.amazonaws.com",
+				},
+			},
+		},
+		"translate": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{
+					Protocols: []string{"https"},
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "translate-fips.us-gov-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-gov-west-1-fips",
+				}: endpoint{
+					Hostname: "translate-fips.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+			},
+		},
+		"waf-regional": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "fips-us-gov-east-1",
+				}: endpoint{
+					Hostname: "waf-regional-fips.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-gov-west-1",
+				}: endpoint{
+					Hostname: "waf-regional-fips.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{
+					Hostname: "waf-regional.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+				},
+				endpointKey{
+					Region:  "us-gov-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "waf-regional-fips.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{
+					Hostname: "waf-regional.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+				},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "waf-regional-fips.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+				},
+			},
+		},
+		"wafv2": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "fips-us-gov-east-1",
+				}: endpoint{
+					Hostname: "wafv2-fips.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-gov-west-1",
+				}: endpoint{
+					Hostname: "wafv2-fips.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{
+					Hostname: "wafv2.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+				},
+				endpointKey{
+					Region:  "us-gov-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "wafv2-fips.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{
+					Hostname: "wafv2.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+				},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "wafv2-fips.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+				},
+			},
+		},
+		"wellarchitected": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{},
+			},
+		},
+		"workspaces": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "fips-us-gov-east-1",
+				}: endpoint{
+					Hostname: "workspaces-fips.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-gov-west-1",
+				}: endpoint{
+					Hostname: "workspaces-fips.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "workspaces-fips.us-gov-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "workspaces-fips.us-gov-west-1.amazonaws.com",
+				},
+			},
+		},
+		"xray": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "fips-us-gov-east-1",
+				}: endpoint{
+					Hostname: "xray-fips.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-gov-west-1",
+				}: endpoint{
+					Hostname: "xray-fips.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "xray-fips.us-gov-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-gov-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "xray-fips.us-gov-west-1.amazonaws.com",
+				},
+			},
+		},
+	},
+}
+
+// AwsIsoPartition returns the Resolver for AWS ISO (US).
+func AwsIsoPartition() Partition {
+	return awsisoPartition.Partition()
+}
+
+var awsisoPartition = partition{
+	ID:        "aws-iso",
+	Name:      "AWS ISO (US)",
+	DNSSuffix: "c2s.ic.gov",
+	RegionRegex: regionRegex{
+		Regexp: func() *regexp.Regexp {
+			reg, _ := regexp.Compile("^us\\-iso\\-\\w+\\-\\d+$")
+			return reg
+		}(),
+	},
+	Defaults: endpointDefaults{
+		defaultKey{}: endpoint{
+			Hostname:          "{service}.{region}.{dnsSuffix}",
+			Protocols:         []string{"https"},
+			SignatureVersions: []string{"v4"},
+		},
+		defaultKey{
+			Variant: fipsVariant,
+		}: endpoint{
+			Hostname:          "{service}-fips.{region}.{dnsSuffix}",
+			DNSSuffix:         "c2s.ic.gov",
+			Protocols:         []string{"https"},
+			SignatureVersions: []string{"v4"},
+		},
+	},
+	Regions: regions{
+		"us-iso-east-1": region{
+			Description: "US ISO East",
+		},
+		"us-iso-west-1": region{
+			Description: "US ISO WEST",
+		},
+	},
+	Services: services{
+		"api.ecr": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-iso-east-1",
+				}: endpoint{
+					Hostname: "api.ecr.us-iso-east-1.c2s.ic.gov",
+					CredentialScope: credentialScope{
+						Region: "us-iso-east-1",
+					},
+				},
+				endpointKey{
+					Region: "us-iso-west-1",
+				}: endpoint{
+					Hostname: "api.ecr.us-iso-west-1.c2s.ic.gov",
+					CredentialScope: credentialScope{
+						Region: "us-iso-west-1",
+					},
+				},
+			},
+		},
+		"api.sagemaker": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-iso-east-1",
+				}: endpoint{},
+			},
+		},
+		"apigateway": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-iso-east-1",
+				}: endpoint{},
+			},
+		},
+		"appconfig": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-iso-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-iso-west-1",
+				}: endpoint{},
+			},
+		},
+		"appconfigdata": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-iso-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-iso-west-1",
+				}: endpoint{},
+			},
+		},
+		"application-autoscaling": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{
+					Protocols: []string{"http", "https"},
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-iso-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-iso-west-1",
+				}: endpoint{},
+			},
+		},
+		"athena": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-iso-east-1",
+				}: endpoint{},
+			},
+		},
+		"autoscaling": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-iso-east-1",
+				}: endpoint{
+					Protocols: []string{"http", "https"},
+				},
+				endpointKey{
+					Region: "us-iso-west-1",
+				}: endpoint{},
+			},
+		},
+		"cloudcontrolapi": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-iso-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-iso-west-1",
+				}: endpoint{},
+			},
+		},
+		"cloudformation": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-iso-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-iso-west-1",
+				}: endpoint{},
+			},
+		},
+		"cloudtrail": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-iso-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-iso-west-1",
+				}: endpoint{},
+			},
+		},
+		"codedeploy": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-iso-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-iso-west-1",
+				}: endpoint{},
+			},
+		},
+		"comprehend": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{
+					Protocols: []string{"https"},
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-iso-east-1",
+				}: endpoint{},
+			},
+		},
+		"config": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-iso-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-iso-west-1",
+				}: endpoint{},
+			},
+		},
+		"datapipeline": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-iso-east-1",
+				}: endpoint{},
+			},
+		},
+		"directconnect": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-iso-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-iso-west-1",
+				}: endpoint{},
+			},
+		},
+		"dlm": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-iso-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-iso-west-1",
+				}: endpoint{},
+			},
+		},
+		"dms": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{},
+				defaultKey{
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "dms.{region}.{dnsSuffix}",
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "dms",
+				}: endpoint{
+					CredentialScope: credentialScope{
+						Region: "us-iso-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region:  "dms",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "dms.us-iso-east-1.c2s.ic.gov",
+					CredentialScope: credentialScope{
+						Region: "us-iso-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "dms-fips",
+				}: endpoint{
+					Hostname: "dms.us-iso-east-1.c2s.ic.gov",
+					CredentialScope: credentialScope{
+						Region: "us-iso-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-iso-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-iso-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "dms.us-iso-east-1.c2s.ic.gov",
+				},
+				endpointKey{
+					Region: "us-iso-east-1-fips",
+				}: endpoint{
+					Hostname: "dms.us-iso-east-1.c2s.ic.gov",
+					CredentialScope: credentialScope{
+						Region: "us-iso-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-iso-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-iso-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "dms.us-iso-west-1.c2s.ic.gov",
+				},
+				endpointKey{
+					Region: "us-iso-west-1-fips",
+				}: endpoint{
+					Hostname: "dms.us-iso-west-1.c2s.ic.gov",
+					CredentialScope: credentialScope{
+						Region: "us-iso-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+			},
+		},
+		"ds": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-iso-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-iso-west-1",
+				}: endpoint{},
+			},
+		},
+		"dynamodb": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-iso-east-1",
+				}: endpoint{
+					Protocols: []string{"http", "https"},
+				},
+				endpointKey{
+					Region: "us-iso-west-1",
+				}: endpoint{},
+			},
+		},
+		"ebs": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-iso-east-1",
+				}: endpoint{},
+			},
+		},
+		"ec2": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-iso-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-iso-west-1",
+				}: endpoint{},
+			},
+		},
+		"ecs": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-iso-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-iso-west-1",
+				}: endpoint{},
+			},
+		},
+		"eks": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{
+					Protocols: []string{"http", "https"},
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-iso-east-1",
+				}: endpoint{},
+			},
+		},
+		"elasticache": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-iso-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-iso-west-1",
+				}: endpoint{},
+			},
+		},
+		"elasticfilesystem": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "fips-us-iso-east-1",
+				}: endpoint{
+					Hostname: "elasticfilesystem-fips.us-iso-east-1.c2s.ic.gov",
+					CredentialScope: credentialScope{
+						Region: "us-iso-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-iso-west-1",
+				}: endpoint{
+					Hostname: "elasticfilesystem-fips.us-iso-west-1.c2s.ic.gov",
+					CredentialScope: credentialScope{
+						Region: "us-iso-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-iso-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-iso-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "elasticfilesystem-fips.us-iso-east-1.c2s.ic.gov",
+				},
+				endpointKey{
+					Region: "us-iso-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-iso-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "elasticfilesystem-fips.us-iso-west-1.c2s.ic.gov",
+				},
+			},
+		},
+		"elasticloadbalancing": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-iso-east-1",
+				}: endpoint{
+					Protocols: []string{"http", "https"},
+				},
+				endpointKey{
+					Region: "us-iso-west-1",
+				}: endpoint{},
+			},
+		},
+		"elasticmapreduce": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-iso-east-1",
+				}: endpoint{
+					Protocols: []string{"https"},
+				},
+				endpointKey{
+					Region: "us-iso-west-1",
+				}: endpoint{},
+			},
+		},
+		"es": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-iso-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-iso-west-1",
+				}: endpoint{},
+			},
+		},
+		"events": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-iso-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-iso-west-1",
+				}: endpoint{},
+			},
+		},
+		"firehose": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-iso-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-iso-west-1",
+				}: endpoint{},
+			},
+		},
+		"glacier": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-iso-east-1",
+				}: endpoint{
+					Protocols: []string{"http", "https"},
+				},
+				endpointKey{
+					Region: "us-iso-west-1",
+				}: endpoint{},
+			},
+		},
+		"glue": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-iso-east-1",
+				}: endpoint{},
+			},
+		},
+		"health": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-iso-east-1",
+				}: endpoint{},
+			},
+		},
+		"iam": service{
+			PartitionEndpoint: "aws-iso-global",
+			IsRegionalized:    boxedFalse,
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "aws-iso-global",
+				}: endpoint{
+					Hostname: "iam.us-iso-east-1.c2s.ic.gov",
+					CredentialScope: credentialScope{
+						Region: "us-iso-east-1",
+					},
+				},
+			},
+		},
+		"kinesis": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-iso-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-iso-west-1",
+				}: endpoint{},
+			},
+		},
+		"kms": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ProdFips",
+				}: endpoint{
+					Hostname: "kms-fips.us-iso-east-1.c2s.ic.gov",
+					CredentialScope: credentialScope{
+						Region: "us-iso-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-iso-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-iso-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "kms-fips.us-iso-east-1.c2s.ic.gov",
+				},
+				endpointKey{
+					Region: "us-iso-east-1-fips",
+				}: endpoint{
+					Hostname: "kms-fips.us-iso-east-1.c2s.ic.gov",
+					CredentialScope: credentialScope{
+						Region: "us-iso-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-iso-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-iso-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "kms-fips.us-iso-west-1.c2s.ic.gov",
+				},
+				endpointKey{
+					Region: "us-iso-west-1-fips",
+				}: endpoint{
+					Hostname: "kms-fips.us-iso-west-1.c2s.ic.gov",
+					CredentialScope: credentialScope{
+						Region: "us-iso-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+			},
+		},
+		"lambda": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-iso-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-iso-west-1",
+				}: endpoint{},
+			},
+		},
+		"license-manager": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-iso-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-iso-west-1",
+				}: endpoint{},
+			},
+		},
+		"logs": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-iso-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-iso-west-1",
+				}: endpoint{},
+			},
+		},
+		"medialive": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-iso-east-1",
+				}: endpoint{},
+			},
+		},
+		"mediapackage": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-iso-east-1",
+				}: endpoint{},
+			},
+		},
+		"metrics.sagemaker": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-iso-east-1",
+				}: endpoint{},
+			},
+		},
+		"monitoring": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-iso-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-iso-west-1",
+				}: endpoint{},
+			},
+		},
+		"outposts": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-iso-east-1",
+				}: endpoint{},
+			},
+		},
+		"ram": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-iso-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-iso-west-1",
+				}: endpoint{},
+			},
+		},
+		"rbin": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "fips-us-iso-east-1",
+				}: endpoint{
+					Hostname: "rbin-fips.us-iso-east-1.c2s.ic.gov",
+					CredentialScope: credentialScope{
+						Region: "us-iso-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-iso-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-iso-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "rbin-fips.us-iso-east-1.c2s.ic.gov",
+				},
+			},
+		},
+		"rds": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-iso-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-iso-west-1",
+				}: endpoint{},
+			},
+		},
+		"redshift": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-iso-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-iso-west-1",
+				}: endpoint{},
+			},
+		},
+		"route53": service{
+			PartitionEndpoint: "aws-iso-global",
+			IsRegionalized:    boxedFalse,
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "aws-iso-global",
+				}: endpoint{
+					Hostname: "route53.c2s.ic.gov",
+					CredentialScope: credentialScope{
+						Region: "us-iso-east-1",
+					},
+				},
+			},
+		},
+		"route53resolver": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-iso-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-iso-west-1",
+				}: endpoint{},
+			},
+		},
+		"runtime.sagemaker": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-iso-east-1",
+				}: endpoint{},
+			},
+		},
+		"s3": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{
+					SignatureVersions: []string{"s3v4"},
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-iso-east-1",
+				}: endpoint{
+					Protocols:         []string{"http", "https"},
+					SignatureVersions: []string{"s3v4"},
+				},
+				endpointKey{
+					Region: "us-iso-west-1",
+				}: endpoint{},
+			},
+		},
+		"secretsmanager": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-iso-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-iso-west-1",
+				}: endpoint{},
+			},
+		},
+		"snowball": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-iso-east-1",
+				}: endpoint{},
+			},
+		},
+		"sns": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-iso-east-1",
+				}: endpoint{
+					Protocols: []string{"http", "https"},
+				},
+				endpointKey{
+					Region: "us-iso-west-1",
+				}: endpoint{},
+			},
+		},
+		"sqs": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-iso-east-1",
+				}: endpoint{
+					Protocols: []string{"http", "https"},
+				},
+				endpointKey{
+					Region: "us-iso-west-1",
+				}: endpoint{},
+			},
+		},
+		"ssm": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-iso-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-iso-west-1",
+				}: endpoint{},
+			},
+		},
+		"states": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-iso-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-iso-west-1",
+				}: endpoint{},
+			},
+		},
+		"streams.dynamodb": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{
+					CredentialScope: credentialScope{
+						Service: "dynamodb",
+					},
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-iso-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-iso-west-1",
+				}: endpoint{},
+			},
+		},
+		"sts": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-iso-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-iso-west-1",
+				}: endpoint{},
+			},
+		},
+		"support": service{
+			PartitionEndpoint: "aws-iso-global",
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "aws-iso-global",
+				}: endpoint{
+					Hostname: "support.us-iso-east-1.c2s.ic.gov",
+					CredentialScope: credentialScope{
+						Region: "us-iso-east-1",
+					},
+				},
+			},
+		},
+		"swf": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-iso-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-iso-west-1",
+				}: endpoint{},
+			},
+		},
+		"synthetics": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-iso-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-iso-west-1",
+				}: endpoint{},
+			},
+		},
+		"tagging": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-iso-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-iso-west-1",
+				}: endpoint{},
+			},
+		},
+		"transcribe": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{
+					Protocols: []string{"https"},
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-iso-east-1",
+				}: endpoint{},
+			},
+		},
+		"transcribestreaming": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-iso-east-1",
+				}: endpoint{},
+			},
+		},
+		"translate": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{
+					Protocols: []string{"https"},
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-iso-east-1",
+				}: endpoint{},
+			},
+		},
+		"workspaces": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-iso-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-iso-west-1",
+				}: endpoint{},
+			},
+		},
+	},
+}
+
+// AwsIsoBPartition returns the Resolver for AWS ISOB (US).
+func AwsIsoBPartition() Partition {
+	return awsisobPartition.Partition()
+}
+
+var awsisobPartition = partition{
+	ID:        "aws-iso-b",
+	Name:      "AWS ISOB (US)",
+	DNSSuffix: "sc2s.sgov.gov",
+	RegionRegex: regionRegex{
+		Regexp: func() *regexp.Regexp {
+			reg, _ := regexp.Compile("^us\\-isob\\-\\w+\\-\\d+$")
+			return reg
+		}(),
+	},
+	Defaults: endpointDefaults{
+		defaultKey{}: endpoint{
+			Hostname:          "{service}.{region}.{dnsSuffix}",
+			Protocols:         []string{"https"},
+			SignatureVersions: []string{"v4"},
+		},
+		defaultKey{
+			Variant: fipsVariant,
+		}: endpoint{
+			Hostname:          "{service}-fips.{region}.{dnsSuffix}",
+			DNSSuffix:         "sc2s.sgov.gov",
+			Protocols:         []string{"https"},
+			SignatureVersions: []string{"v4"},
+		},
+	},
+	Regions: regions{
+		"us-isob-east-1": region{
+			Description: "US ISOB East (Ohio)",
+		},
+	},
+	Services: services{
+		"api.ecr": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-isob-east-1",
+				}: endpoint{
+					Hostname: "api.ecr.us-isob-east-1.sc2s.sgov.gov",
+					CredentialScope: credentialScope{
+						Region: "us-isob-east-1",
+					},
+				},
+			},
+		},
+		"appconfig": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-isob-east-1",
+				}: endpoint{},
+			},
+		},
+		"appconfigdata": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-isob-east-1",
+				}: endpoint{},
+			},
+		},
+		"application-autoscaling": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{
+					Protocols: []string{"http", "https"},
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-isob-east-1",
+				}: endpoint{},
+			},
+		},
+		"autoscaling": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{
+					Protocols: []string{"http", "https"},
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-isob-east-1",
+				}: endpoint{},
+			},
+		},
+		"cloudformation": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-isob-east-1",
+				}: endpoint{},
+			},
+		},
+		"cloudtrail": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-isob-east-1",
+				}: endpoint{},
+			},
+		},
+		"codedeploy": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-isob-east-1",
+				}: endpoint{},
+			},
+		},
+		"config": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-isob-east-1",
+				}: endpoint{},
+			},
+		},
+		"directconnect": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-isob-east-1",
+				}: endpoint{},
+			},
+		},
+		"dlm": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-isob-east-1",
+				}: endpoint{},
+			},
+		},
+		"dms": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{},
+				defaultKey{
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "dms.{region}.{dnsSuffix}",
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "dms",
+				}: endpoint{
+					CredentialScope: credentialScope{
+						Region: "us-isob-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region:  "dms",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "dms.us-isob-east-1.sc2s.sgov.gov",
+					CredentialScope: credentialScope{
+						Region: "us-isob-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "dms-fips",
+				}: endpoint{
+					Hostname: "dms.us-isob-east-1.sc2s.sgov.gov",
+					CredentialScope: credentialScope{
+						Region: "us-isob-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-isob-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-isob-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "dms.us-isob-east-1.sc2s.sgov.gov",
+				},
+				endpointKey{
+					Region: "us-isob-east-1-fips",
+				}: endpoint{
+					Hostname: "dms.us-isob-east-1.sc2s.sgov.gov",
+					CredentialScope: credentialScope{
+						Region: "us-isob-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+			},
+		},
+		"ds": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-isob-east-1",
+				}: endpoint{},
+			},
+		},
+		"dynamodb": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{
+					Protocols: []string{"http", "https"},
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-isob-east-1",
+				}: endpoint{},
+			},
+		},
+		"ebs": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-isob-east-1",
+				}: endpoint{},
+			},
+		},
+		"ec2": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{
+					Protocols: []string{"http", "https"},
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-isob-east-1",
+				}: endpoint{},
+			},
+		},
+		"ecs": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-isob-east-1",
+				}: endpoint{},
+			},
+		},
+		"eks": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{
+					Protocols: []string{"http", "https"},
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-isob-east-1",
+				}: endpoint{},
+			},
+		},
+		"elasticache": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-isob-east-1",
+				}: endpoint{},
+			},
+		},
+		"elasticfilesystem": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "fips-us-isob-east-1",
+				}: endpoint{
+					Hostname: "elasticfilesystem-fips.us-isob-east-1.sc2s.sgov.gov",
+					CredentialScope: credentialScope{
+						Region: "us-isob-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-isob-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-isob-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "elasticfilesystem-fips.us-isob-east-1.sc2s.sgov.gov",
+				},
+			},
+		},
+		"elasticloadbalancing": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-isob-east-1",
+				}: endpoint{
+					Protocols: []string{"https"},
+				},
+			},
+		},
+		"elasticmapreduce": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-isob-east-1",
+				}: endpoint{},
+			},
+		},
+		"es": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-isob-east-1",
+				}: endpoint{},
+			},
+		},
+		"events": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-isob-east-1",
+				}: endpoint{},
+			},
+		},
+		"glacier": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-isob-east-1",
+				}: endpoint{},
+			},
+		},
+		"health": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-isob-east-1",
+				}: endpoint{},
+			},
+		},
+		"iam": service{
+			PartitionEndpoint: "aws-iso-b-global",
+			IsRegionalized:    boxedFalse,
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "aws-iso-b-global",
+				}: endpoint{
+					Hostname: "iam.us-isob-east-1.sc2s.sgov.gov",
+					CredentialScope: credentialScope{
+						Region: "us-isob-east-1",
+					},
+				},
+			},
+		},
+		"kinesis": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-isob-east-1",
+				}: endpoint{},
+			},
+		},
+		"kms": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ProdFips",
+				}: endpoint{
+					Hostname: "kms-fips.us-isob-east-1.sc2s.sgov.gov",
+					CredentialScope: credentialScope{
+						Region: "us-isob-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-isob-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-isob-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "kms-fips.us-isob-east-1.sc2s.sgov.gov",
+				},
+				endpointKey{
+					Region: "us-isob-east-1-fips",
+				}: endpoint{
+					Hostname: "kms-fips.us-isob-east-1.sc2s.sgov.gov",
+					CredentialScope: credentialScope{
+						Region: "us-isob-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+			},
+		},
+		"lambda": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-isob-east-1",
+				}: endpoint{},
+			},
+		},
+		"license-manager": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-isob-east-1",
+				}: endpoint{},
+			},
+		},
+		"logs": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-isob-east-1",
+				}: endpoint{},
+			},
+		},
+		"metering.marketplace": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{
+					CredentialScope: credentialScope{
+						Service: "aws-marketplace",
+					},
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-isob-east-1",
+				}: endpoint{},
+			},
+		},
+		"metrics.sagemaker": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-isob-east-1",
+				}: endpoint{},
+			},
+		},
+		"monitoring": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-isob-east-1",
+				}: endpoint{},
+			},
+		},
+		"ram": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-isob-east-1",
+				}: endpoint{},
+			},
+		},
+		"rbin": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "fips-us-isob-east-1",
+				}: endpoint{
+					Hostname: "rbin-fips.us-isob-east-1.sc2s.sgov.gov",
+					CredentialScope: credentialScope{
+						Region: "us-isob-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-isob-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-isob-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "rbin-fips.us-isob-east-1.sc2s.sgov.gov",
+				},
+			},
+		},
+		"rds": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-isob-east-1",
+				}: endpoint{},
+			},
+		},
+		"redshift": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-isob-east-1",
+				}: endpoint{},
+			},
+		},
+		"resource-groups": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-isob-east-1",
+				}: endpoint{},
+			},
+		},
+		"route53": service{
+			PartitionEndpoint: "aws-iso-b-global",
+			IsRegionalized:    boxedFalse,
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "aws-iso-b-global",
+				}: endpoint{
+					Hostname: "route53.sc2s.sgov.gov",
+					CredentialScope: credentialScope{
+						Region: "us-isob-east-1",
+					},
+				},
+			},
+		},
+		"route53resolver": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-isob-east-1",
+				}: endpoint{},
+			},
+		},
+		"s3": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{
+					Protocols:         []string{"http", "https"},
+					SignatureVersions: []string{"s3v4"},
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-isob-east-1",
+				}: endpoint{},
+			},
+		},
+		"secretsmanager": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-isob-east-1",
+				}: endpoint{},
+			},
+		},
+		"snowball": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-isob-east-1",
+				}: endpoint{},
+			},
+		},
+		"sns": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{
+					Protocols: []string{"http", "https"},
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-isob-east-1",
+				}: endpoint{},
+			},
+		},
+		"sqs": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{
+					SSLCommonName: "{region}.queue.{dnsSuffix}",
+					Protocols:     []string{"http", "https"},
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-isob-east-1",
+				}: endpoint{},
+			},
+		},
+		"ssm": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-isob-east-1",
+				}: endpoint{},
+			},
+		},
+		"states": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-isob-east-1",
+				}: endpoint{},
+			},
+		},
+		"streams.dynamodb": service{
+			Defaults: endpointDefaults{
+				defaultKey{}: endpoint{
+					Protocols: []string{"http", "https"},
+					CredentialScope: credentialScope{
+						Service: "dynamodb",
+					},
+				},
+			},
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-isob-east-1",
+				}: endpoint{},
+			},
+		},
+		"sts": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-isob-east-1",
+				}: endpoint{},
+			},
+		},
+		"support": service{
+			PartitionEndpoint: "aws-iso-b-global",
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "aws-iso-b-global",
+				}: endpoint{
+					Hostname: "support.us-isob-east-1.sc2s.sgov.gov",
+					CredentialScope: credentialScope{
+						Region: "us-isob-east-1",
+					},
+				},
+			},
+		},
+		"swf": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-isob-east-1",
+				}: endpoint{},
+			},
+		},
+		"synthetics": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-isob-east-1",
+				}: endpoint{},
+			},
+		},
+		"tagging": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-isob-east-1",
+				}: endpoint{},
+			},
+		},
+		"workspaces": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-isob-east-1",
+				}: endpoint{},
+			},
+		},
+	},
+}
+
+// AwsIsoEPartition returns the Resolver for AWS ISOE (Europe).
+func AwsIsoEPartition() Partition {
+	return awsisoePartition.Partition()
+}
+
+var awsisoePartition = partition{
+	ID:        "aws-iso-e",
+	Name:      "AWS ISOE (Europe)",
+	DNSSuffix: "cloud.adc-e.uk",
+	RegionRegex: regionRegex{
+		Regexp: func() *regexp.Regexp {
+			reg, _ := regexp.Compile("^eu\\-isoe\\-\\w+\\-\\d+$")
+			return reg
+		}(),
+	},
+	Defaults: endpointDefaults{
+		defaultKey{}: endpoint{
+			Hostname:          "{service}.{region}.{dnsSuffix}",
+			Protocols:         []string{"https"},
+			SignatureVersions: []string{"v4"},
+		},
+		defaultKey{
+			Variant: fipsVariant,
+		}: endpoint{
+			Hostname:          "{service}-fips.{region}.{dnsSuffix}",
+			DNSSuffix:         "cloud.adc-e.uk",
+			Protocols:         []string{"https"},
+			SignatureVersions: []string{"v4"},
+		},
+	},
+	Regions:  regions{},
+	Services: services{},
+}
+
+// AwsIsoFPartition returns the Resolver for AWS ISOF.
+func AwsIsoFPartition() Partition {
+	return awsisofPartition.Partition()
+}
+
+var awsisofPartition = partition{
+	ID:        "aws-iso-f",
+	Name:      "AWS ISOF",
+	DNSSuffix: "csp.hci.ic.gov",
+	RegionRegex: regionRegex{
+		Regexp: func() *regexp.Regexp {
+			reg, _ := regexp.Compile("^us\\-isof\\-\\w+\\-\\d+$")
+			return reg
+		}(),
+	},
+	Defaults: endpointDefaults{
+		defaultKey{}: endpoint{
+			Hostname:          "{service}.{region}.{dnsSuffix}",
+			Protocols:         []string{"https"},
+			SignatureVersions: []string{"v4"},
+		},
+		defaultKey{
+			Variant: fipsVariant,
+		}: endpoint{
+			Hostname:          "{service}-fips.{region}.{dnsSuffix}",
+			DNSSuffix:         "csp.hci.ic.gov",
+			Protocols:         []string{"https"},
+			SignatureVersions: []string{"v4"},
+		},
+	},
+	Regions:  regions{},
+	Services: services{},
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/dep_service_ids.go b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/dep_service_ids.go
new file mode 100644
index 000000000..ca8fc828e
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/dep_service_ids.go
@@ -0,0 +1,141 @@
+package endpoints
+
+// Service identifiers
+//
+// Deprecated: Use client package's EndpointsID value instead of these
+// ServiceIDs. These IDs are not maintained, and are out of date.
+const (
+	A4bServiceID                          = "a4b"                          // A4b.
+	AcmServiceID                          = "acm"                          // Acm.
+	AcmPcaServiceID                       = "acm-pca"                      // AcmPca.
+	ApiMediatailorServiceID               = "api.mediatailor"              // ApiMediatailor.
+	ApiPricingServiceID                   = "api.pricing"                  // ApiPricing.
+	ApiSagemakerServiceID                 = "api.sagemaker"                // ApiSagemaker.
+	ApigatewayServiceID                   = "apigateway"                   // Apigateway.
+	ApplicationAutoscalingServiceID       = "application-autoscaling"      // ApplicationAutoscaling.
+	Appstream2ServiceID                   = "appstream2"                   // Appstream2.
+	AppsyncServiceID                      = "appsync"                      // Appsync.
+	AthenaServiceID                       = "athena"                       // Athena.
+	AutoscalingServiceID                  = "autoscaling"                  // Autoscaling.
+	AutoscalingPlansServiceID             = "autoscaling-plans"            // AutoscalingPlans.
+	BatchServiceID                        = "batch"                        // Batch.
+	BudgetsServiceID                      = "budgets"                      // Budgets.
+	CeServiceID                           = "ce"                           // Ce.
+	ChimeServiceID                        = "chime"                        // Chime.
+	Cloud9ServiceID                       = "cloud9"                       // Cloud9.
+	ClouddirectoryServiceID               = "clouddirectory"               // Clouddirectory.
+	CloudformationServiceID               = "cloudformation"               // Cloudformation.
+	CloudfrontServiceID                   = "cloudfront"                   // Cloudfront.
+	CloudhsmServiceID                     = "cloudhsm"                     // Cloudhsm.
+	Cloudhsmv2ServiceID                   = "cloudhsmv2"                   // Cloudhsmv2.
+	CloudsearchServiceID                  = "cloudsearch"                  // Cloudsearch.
+	CloudtrailServiceID                   = "cloudtrail"                   // Cloudtrail.
+	CodebuildServiceID                    = "codebuild"                    // Codebuild.
+	CodecommitServiceID                   = "codecommit"                   // Codecommit.
+	CodedeployServiceID                   = "codedeploy"                   // Codedeploy.
+	CodepipelineServiceID                 = "codepipeline"                 // Codepipeline.
+	CodestarServiceID                     = "codestar"                     // Codestar.
+	CognitoIdentityServiceID              = "cognito-identity"             // CognitoIdentity.
+	CognitoIdpServiceID                   = "cognito-idp"                  // CognitoIdp.
+	CognitoSyncServiceID                  = "cognito-sync"                 // CognitoSync.
+	ComprehendServiceID                   = "comprehend"                   // Comprehend.
+	ConfigServiceID                       = "config"                       // Config.
+	CurServiceID                          = "cur"                          // Cur.
+	DatapipelineServiceID                 = "datapipeline"                 // Datapipeline.
+	DaxServiceID                          = "dax"                          // Dax.
+	DevicefarmServiceID                   = "devicefarm"                   // Devicefarm.
+	DirectconnectServiceID                = "directconnect"                // Directconnect.
+	DiscoveryServiceID                    = "discovery"                    // Discovery.
+	DmsServiceID                          = "dms"                          // Dms.
+	DsServiceID                           = "ds"                           // Ds.
+	DynamodbServiceID                     = "dynamodb"                     // Dynamodb.
+	Ec2ServiceID                          = "ec2"                          // Ec2.
+	Ec2metadataServiceID                  = "ec2metadata"                  // Ec2metadata.
+	EcrServiceID                          = "ecr"                          // Ecr.
+	EcsServiceID                          = "ecs"                          // Ecs.
+	ElasticacheServiceID                  = "elasticache"                  // Elasticache.
+	ElasticbeanstalkServiceID             = "elasticbeanstalk"             // Elasticbeanstalk.
+	ElasticfilesystemServiceID            = "elasticfilesystem"            // Elasticfilesystem.
+	ElasticloadbalancingServiceID         = "elasticloadbalancing"         // Elasticloadbalancing.
+	ElasticmapreduceServiceID             = "elasticmapreduce"             // Elasticmapreduce.
+	ElastictranscoderServiceID            = "elastictranscoder"            // Elastictranscoder.
+	EmailServiceID                        = "email"                        // Email.
+	EntitlementMarketplaceServiceID       = "entitlement.marketplace"      // EntitlementMarketplace.
+	EsServiceID                           = "es"                           // Es.
+	EventsServiceID                       = "events"                       // Events.
+	FirehoseServiceID                     = "firehose"                     // Firehose.
+	FmsServiceID                          = "fms"                          // Fms.
+	GameliftServiceID                     = "gamelift"                     // Gamelift.
+	GlacierServiceID                      = "glacier"                      // Glacier.
+	GlueServiceID                         = "glue"                         // Glue.
+	GreengrassServiceID                   = "greengrass"                   // Greengrass.
+	GuarddutyServiceID                    = "guardduty"                    // Guardduty.
+	HealthServiceID                       = "health"                       // Health.
+	IamServiceID                          = "iam"                          // Iam.
+	ImportexportServiceID                 = "importexport"                 // Importexport.
+	InspectorServiceID                    = "inspector"                    // Inspector.
+	IotServiceID                          = "iot"                          // Iot.
+	IotanalyticsServiceID                 = "iotanalytics"                 // Iotanalytics.
+	KinesisServiceID                      = "kinesis"                      // Kinesis.
+	KinesisanalyticsServiceID             = "kinesisanalytics"             // Kinesisanalytics.
+	KinesisvideoServiceID                 = "kinesisvideo"                 // Kinesisvideo.
+	KmsServiceID                          = "kms"                          // Kms.
+	LambdaServiceID                       = "lambda"                       // Lambda.
+	LightsailServiceID                    = "lightsail"                    // Lightsail.
+	LogsServiceID                         = "logs"                         // Logs.
+	MachinelearningServiceID              = "machinelearning"              // Machinelearning.
+	MarketplacecommerceanalyticsServiceID = "marketplacecommerceanalytics" // Marketplacecommerceanalytics.
+	MediaconvertServiceID                 = "mediaconvert"                 // Mediaconvert.
+	MedialiveServiceID                    = "medialive"                    // Medialive.
+	MediapackageServiceID                 = "mediapackage"                 // Mediapackage.
+	MediastoreServiceID                   = "mediastore"                   // Mediastore.
+	MeteringMarketplaceServiceID          = "metering.marketplace"         // MeteringMarketplace.
+	MghServiceID                          = "mgh"                          // Mgh.
+	MobileanalyticsServiceID              = "mobileanalytics"              // Mobileanalytics.
+	ModelsLexServiceID                    = "models.lex"                   // ModelsLex.
+	MonitoringServiceID                   = "monitoring"                   // Monitoring.
+	MturkRequesterServiceID               = "mturk-requester"              // MturkRequester.
+	NeptuneServiceID                      = "neptune"                      // Neptune.
+	OpsworksServiceID                     = "opsworks"                     // Opsworks.
+	OpsworksCmServiceID                   = "opsworks-cm"                  // OpsworksCm.
+	OrganizationsServiceID                = "organizations"                // Organizations.
+	PinpointServiceID                     = "pinpoint"                     // Pinpoint.
+	PollyServiceID                        = "polly"                        // Polly.
+	RdsServiceID                          = "rds"                          // Rds.
+	RedshiftServiceID                     = "redshift"                     // Redshift.
+	RekognitionServiceID                  = "rekognition"                  // Rekognition.
+	ResourceGroupsServiceID               = "resource-groups"              // ResourceGroups.
+	Route53ServiceID                      = "route53"                      // Route53.
+	Route53domainsServiceID               = "route53domains"               // Route53domains.
+	RuntimeLexServiceID                   = "runtime.lex"                  // RuntimeLex.
+	RuntimeSagemakerServiceID             = "runtime.sagemaker"            // RuntimeSagemaker.
+	S3ServiceID                           = "s3"                           // S3.
+	S3ControlServiceID                    = "s3-control"                   // S3Control.
+	SagemakerServiceID                    = "api.sagemaker"                // Sagemaker.
+	SdbServiceID                          = "sdb"                          // Sdb.
+	SecretsmanagerServiceID               = "secretsmanager"               // Secretsmanager.
+	ServerlessrepoServiceID               = "serverlessrepo"               // Serverlessrepo.
+	ServicecatalogServiceID               = "servicecatalog"               // Servicecatalog.
+	ServicediscoveryServiceID             = "servicediscovery"             // Servicediscovery.
+	ShieldServiceID                       = "shield"                       // Shield.
+	SmsServiceID                          = "sms"                          // Sms.
+	SnowballServiceID                     = "snowball"                     // Snowball.
+	SnsServiceID                          = "sns"                          // Sns.
+	SqsServiceID                          = "sqs"                          // Sqs.
+	SsmServiceID                          = "ssm"                          // Ssm.
+	StatesServiceID                       = "states"                       // States.
+	StoragegatewayServiceID               = "storagegateway"               // Storagegateway.
+	StreamsDynamodbServiceID              = "streams.dynamodb"             // StreamsDynamodb.
+	StsServiceID                          = "sts"                          // Sts.
+	SupportServiceID                      = "support"                      // Support.
+	SwfServiceID                          = "swf"                          // Swf.
+	TaggingServiceID                      = "tagging"                      // Tagging.
+	TransferServiceID                     = "transfer"                     // Transfer.
+	TranslateServiceID                    = "translate"                    // Translate.
+	WafServiceID                          = "waf"                          // Waf.
+	WafRegionalServiceID                  = "waf-regional"                 // WafRegional.
+	WorkdocsServiceID                     = "workdocs"                     // Workdocs.
+	WorkmailServiceID                     = "workmail"                     // Workmail.
+	WorkspacesServiceID                   = "workspaces"                   // Workspaces.
+	XrayServiceID                         = "xray"                         // Xray.
+)
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/doc.go b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/doc.go
new file mode 100644
index 000000000..66dec6beb
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/doc.go
@@ -0,0 +1,65 @@
+// Package endpoints provides the types and functionality for defining regions
+// and endpoints, as well as querying those definitions.
+//
+// The SDK's Regions and Endpoints metadata is code generated into the endpoints
+// package, and is accessible via the DefaultResolver function. This function
+// returns a endpoint Resolver will search the metadata and build an associated
+// endpoint if one is found. The default resolver will search all partitions
+// known by the SDK. e.g AWS Standard (aws), AWS China (aws-cn), and
+// AWS GovCloud (US) (aws-us-gov).
+// .
+//
+// # Enumerating Regions and Endpoint Metadata
+//
+// Casting the Resolver returned by DefaultResolver to a EnumPartitions interface
+// will allow you to get access to the list of underlying Partitions with the
+// Partitions method. This is helpful if you want to limit the SDK's endpoint
+// resolving to a single partition, or enumerate regions, services, and endpoints
+// in the partition.
+//
+//	resolver := endpoints.DefaultResolver()
+//	partitions := resolver.(endpoints.EnumPartitions).Partitions()
+//
+//	for _, p := range partitions {
+//	    fmt.Println("Regions for", p.ID())
+//	    for id, _ := range p.Regions() {
+//	        fmt.Println("*", id)
+//	    }
+//
+//	    fmt.Println("Services for", p.ID())
+//	    for id, _ := range p.Services() {
+//	        fmt.Println("*", id)
+//	    }
+//	}
+//
+// # Using Custom Endpoints
+//
+// The endpoints package also gives you the ability to use your own logic how
+// endpoints are resolved. This is a great way to define a custom endpoint
+// for select services, without passing that logic down through your code.
+//
+// If a type implements the Resolver interface it can be used to resolve
+// endpoints. To use this with the SDK's Session and Config set the value
+// of the type to the EndpointsResolver field of aws.Config when initializing
+// the session, or service client.
+//
+// In addition the ResolverFunc is a wrapper for a func matching the signature
+// of Resolver.EndpointFor, converting it to a type that satisfies the
+// Resolver interface.
+//
+//	myCustomResolver := func(service, region string, optFns ...func(*endpoints.Options)) (endpoints.ResolvedEndpoint, error) {
+//	    if service == endpoints.S3ServiceID {
+//	        return endpoints.ResolvedEndpoint{
+//	            URL:           "s3.custom.endpoint.com",
+//	            SigningRegion: "custom-signing-region",
+//	        }, nil
+//	    }
+//
+//	    return endpoints.DefaultResolver().EndpointFor(service, region, optFns...)
+//	}
+//
+//	sess := session.Must(session.NewSession(&aws.Config{
+//	    Region:           aws.String("us-west-2"),
+//	    EndpointResolver: endpoints.ResolverFunc(myCustomResolver),
+//	}))
+package endpoints
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/endpoints.go b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/endpoints.go
new file mode 100644
index 000000000..a686a48fa
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/endpoints.go
@@ -0,0 +1,708 @@
+package endpoints
+
+import (
+	"fmt"
+	"regexp"
+	"strings"
+
+	"github.com/aws/aws-sdk-go/aws/awserr"
+)
+
+// A Logger is a minimalistic interface for the SDK to log messages to.
+type Logger interface {
+	Log(...interface{})
+}
+
+// DualStackEndpointState is a constant to describe the dual-stack endpoint resolution
+// behavior.
+type DualStackEndpointState uint
+
+const (
+	// DualStackEndpointStateUnset is the default value behavior for dual-stack endpoint
+	// resolution.
+	DualStackEndpointStateUnset DualStackEndpointState = iota
+
+	// DualStackEndpointStateEnabled enable dual-stack endpoint resolution for endpoints.
+	DualStackEndpointStateEnabled
+
+	// DualStackEndpointStateDisabled disables dual-stack endpoint resolution for endpoints.
+	DualStackEndpointStateDisabled
+)
+
+// FIPSEndpointState is a constant to describe the FIPS endpoint resolution behavior.
+type FIPSEndpointState uint
+
+const (
+	// FIPSEndpointStateUnset is the default value behavior for FIPS endpoint resolution.
+	FIPSEndpointStateUnset FIPSEndpointState = iota
+
+	// FIPSEndpointStateEnabled enables FIPS endpoint resolution for service endpoints.
+	FIPSEndpointStateEnabled
+
+	// FIPSEndpointStateDisabled disables FIPS endpoint resolution for endpoints.
+	FIPSEndpointStateDisabled
+)
+
+// Options provide the configuration needed to direct how the
+// endpoints will be resolved.
+type Options struct {
+	// DisableSSL forces the endpoint to be resolved as HTTP.
+	// instead of HTTPS if the service supports it.
+	DisableSSL bool
+
+	// Sets the resolver to resolve the endpoint as a dualstack endpoint
+	// for the service. If dualstack support for a service is not known and
+	// StrictMatching is not enabled a dualstack endpoint for the service will
+	// be returned. This endpoint may not be valid. If StrictMatching is
+	// enabled only services that are known to support dualstack will return
+	// dualstack endpoints.
+	//
+	// Deprecated: This option will continue to function for S3 and S3 Control for backwards compatibility.
+	// UseDualStackEndpoint should be used to enable usage of a service's dual-stack endpoint for all service clients
+	// moving forward. For S3 and S3 Control, when UseDualStackEndpoint is set to a non-zero value it takes higher
+	// precedence then this option.
+	UseDualStack bool
+
+	// Sets the resolver to resolve a dual-stack endpoint for the service.
+	UseDualStackEndpoint DualStackEndpointState
+
+	// UseFIPSEndpoint specifies the resolver must resolve a FIPS endpoint.
+	UseFIPSEndpoint FIPSEndpointState
+
+	// Enables strict matching of services and regions resolved endpoints.
+	// If the partition doesn't enumerate the exact service and region an
+	// error will be returned. This option will prevent returning endpoints
+	// that look valid, but may not resolve to any real endpoint.
+	StrictMatching bool
+
+	// Enables resolving a service endpoint based on the region provided if the
+	// service does not exist. The service endpoint ID will be used as the service
+	// domain name prefix. By default the endpoint resolver requires the service
+	// to be known when resolving endpoints.
+	//
+	// If resolving an endpoint on the partition list the provided region will
+	// be used to determine which partition's domain name pattern to the service
+	// endpoint ID with. If both the service and region are unknown and resolving
+	// the endpoint on partition list an UnknownEndpointError error will be returned.
+	//
+	// If resolving and endpoint on a partition specific resolver that partition's
+	// domain name pattern will be used with the service endpoint ID. If both
+	// region and service do not exist when resolving an endpoint on a specific
+	// partition the partition's domain pattern will be used to combine the
+	// endpoint and region together.
+	//
+	// This option is ignored if StrictMatching is enabled.
+	ResolveUnknownService bool
+
+	// Specifies the EC2 Instance Metadata Service default endpoint selection mode (IPv4 or IPv6)
+	EC2MetadataEndpointMode EC2IMDSEndpointModeState
+
+	// STS Regional Endpoint flag helps with resolving the STS endpoint
+	STSRegionalEndpoint STSRegionalEndpoint
+
+	// S3 Regional Endpoint flag helps with resolving the S3 endpoint
+	S3UsEast1RegionalEndpoint S3UsEast1RegionalEndpoint
+
+	// ResolvedRegion is the resolved region string. If provided (non-zero length) it takes priority
+	// over the region name passed to the ResolveEndpoint call.
+	ResolvedRegion string
+
+	// Logger is the logger that will be used to log messages.
+	Logger Logger
+
+	// Determines whether logging of deprecated endpoints usage is enabled.
+	LogDeprecated bool
+}
+
+func (o Options) getEndpointVariant(service string) (v endpointVariant) {
+	const s3 = "s3"
+	const s3Control = "s3-control"
+
+	if (o.UseDualStackEndpoint == DualStackEndpointStateEnabled) ||
+		((service == s3 || service == s3Control) && (o.UseDualStackEndpoint == DualStackEndpointStateUnset && o.UseDualStack)) {
+		v |= dualStackVariant
+	}
+	if o.UseFIPSEndpoint == FIPSEndpointStateEnabled {
+		v |= fipsVariant
+	}
+	return v
+}
+
+// EC2IMDSEndpointModeState is an enum configuration variable describing the client endpoint mode.
+type EC2IMDSEndpointModeState uint
+
+// Enumeration values for EC2IMDSEndpointModeState
+const (
+	EC2IMDSEndpointModeStateUnset EC2IMDSEndpointModeState = iota
+	EC2IMDSEndpointModeStateIPv4
+	EC2IMDSEndpointModeStateIPv6
+)
+
+// SetFromString sets the EC2IMDSEndpointModeState based on the provided string value. Unknown values will default to EC2IMDSEndpointModeStateUnset
+func (e *EC2IMDSEndpointModeState) SetFromString(v string) error {
+	v = strings.TrimSpace(v)
+
+	switch {
+	case len(v) == 0:
+		*e = EC2IMDSEndpointModeStateUnset
+	case strings.EqualFold(v, "IPv6"):
+		*e = EC2IMDSEndpointModeStateIPv6
+	case strings.EqualFold(v, "IPv4"):
+		*e = EC2IMDSEndpointModeStateIPv4
+	default:
+		return fmt.Errorf("unknown EC2 IMDS endpoint mode, must be either IPv6 or IPv4")
+	}
+	return nil
+}
+
+// STSRegionalEndpoint is an enum for the states of the STS Regional Endpoint
+// options.
+type STSRegionalEndpoint int
+
+func (e STSRegionalEndpoint) String() string {
+	switch e {
+	case LegacySTSEndpoint:
+		return "legacy"
+	case RegionalSTSEndpoint:
+		return "regional"
+	case UnsetSTSEndpoint:
+		return ""
+	default:
+		return "unknown"
+	}
+}
+
+const (
+
+	// UnsetSTSEndpoint represents that STS Regional Endpoint flag is not specified.
+	UnsetSTSEndpoint STSRegionalEndpoint = iota
+
+	// LegacySTSEndpoint represents when STS Regional Endpoint flag is specified
+	// to use legacy endpoints.
+	LegacySTSEndpoint
+
+	// RegionalSTSEndpoint represents when STS Regional Endpoint flag is specified
+	// to use regional endpoints.
+	RegionalSTSEndpoint
+)
+
+// GetSTSRegionalEndpoint function returns the STSRegionalEndpointFlag based
+// on the input string provided in env config or shared config by the user.
+//
+// `legacy`, `regional` are the only case-insensitive valid strings for
+// resolving the STS regional Endpoint flag.
+func GetSTSRegionalEndpoint(s string) (STSRegionalEndpoint, error) {
+	switch {
+	case strings.EqualFold(s, "legacy"):
+		return LegacySTSEndpoint, nil
+	case strings.EqualFold(s, "regional"):
+		return RegionalSTSEndpoint, nil
+	default:
+		return UnsetSTSEndpoint, fmt.Errorf("unable to resolve the value of STSRegionalEndpoint for %v", s)
+	}
+}
+
+// S3UsEast1RegionalEndpoint is an enum for the states of the S3 us-east-1
+// Regional Endpoint options.
+type S3UsEast1RegionalEndpoint int
+
+func (e S3UsEast1RegionalEndpoint) String() string {
+	switch e {
+	case LegacyS3UsEast1Endpoint:
+		return "legacy"
+	case RegionalS3UsEast1Endpoint:
+		return "regional"
+	case UnsetS3UsEast1Endpoint:
+		return ""
+	default:
+		return "unknown"
+	}
+}
+
+const (
+
+	// UnsetS3UsEast1Endpoint represents that S3 Regional Endpoint flag is not
+	// specified.
+	UnsetS3UsEast1Endpoint S3UsEast1RegionalEndpoint = iota
+
+	// LegacyS3UsEast1Endpoint represents when S3 Regional Endpoint flag is
+	// specified to use legacy endpoints.
+	LegacyS3UsEast1Endpoint
+
+	// RegionalS3UsEast1Endpoint represents when S3 Regional Endpoint flag is
+	// specified to use regional endpoints.
+	RegionalS3UsEast1Endpoint
+)
+
+// GetS3UsEast1RegionalEndpoint function returns the S3UsEast1RegionalEndpointFlag based
+// on the input string provided in env config or shared config by the user.
+//
+// `legacy`, `regional` are the only case-insensitive valid strings for
+// resolving the S3 regional Endpoint flag.
+func GetS3UsEast1RegionalEndpoint(s string) (S3UsEast1RegionalEndpoint, error) {
+	switch {
+	case strings.EqualFold(s, "legacy"):
+		return LegacyS3UsEast1Endpoint, nil
+	case strings.EqualFold(s, "regional"):
+		return RegionalS3UsEast1Endpoint, nil
+	default:
+		return UnsetS3UsEast1Endpoint,
+			fmt.Errorf("unable to resolve the value of S3UsEast1RegionalEndpoint for %v", s)
+	}
+}
+
+// Set combines all of the option functions together.
+func (o *Options) Set(optFns ...func(*Options)) {
+	for _, fn := range optFns {
+		fn(o)
+	}
+}
+
+// DisableSSLOption sets the DisableSSL options. Can be used as a functional
+// option when resolving endpoints.
+func DisableSSLOption(o *Options) {
+	o.DisableSSL = true
+}
+
+// UseDualStackOption sets the UseDualStack option. Can be used as a functional
+// option when resolving endpoints.
+//
+// Deprecated: UseDualStackEndpointOption should be used to enable usage of a service's dual-stack endpoint.
+// When DualStackEndpointState is set to a non-zero value it takes higher precedence then this option.
+func UseDualStackOption(o *Options) {
+	o.UseDualStack = true
+}
+
+// UseDualStackEndpointOption sets the UseDualStackEndpoint option to enabled. Can be used as a functional
+// option when resolving endpoints.
+func UseDualStackEndpointOption(o *Options) {
+	o.UseDualStackEndpoint = DualStackEndpointStateEnabled
+}
+
+// UseFIPSEndpointOption sets the UseFIPSEndpoint option to enabled. Can be used as a functional
+// option when resolving endpoints.
+func UseFIPSEndpointOption(o *Options) {
+	o.UseFIPSEndpoint = FIPSEndpointStateEnabled
+}
+
+// StrictMatchingOption sets the StrictMatching option. Can be used as a functional
+// option when resolving endpoints.
+func StrictMatchingOption(o *Options) {
+	o.StrictMatching = true
+}
+
+// ResolveUnknownServiceOption sets the ResolveUnknownService option. Can be used
+// as a functional option when resolving endpoints.
+func ResolveUnknownServiceOption(o *Options) {
+	o.ResolveUnknownService = true
+}
+
+// STSRegionalEndpointOption enables the STS endpoint resolver behavior to resolve
+// STS endpoint to their regional endpoint, instead of the global endpoint.
+func STSRegionalEndpointOption(o *Options) {
+	o.STSRegionalEndpoint = RegionalSTSEndpoint
+}
+
+// A Resolver provides the interface for functionality to resolve endpoints.
+// The build in Partition and DefaultResolver return value satisfy this interface.
+type Resolver interface {
+	EndpointFor(service, region string, opts ...func(*Options)) (ResolvedEndpoint, error)
+}
+
+// ResolverFunc is a helper utility that wraps a function so it satisfies the
+// Resolver interface. This is useful when you want to add additional endpoint
+// resolving logic, or stub out specific endpoints with custom values.
+type ResolverFunc func(service, region string, opts ...func(*Options)) (ResolvedEndpoint, error)
+
+// EndpointFor wraps the ResolverFunc function to satisfy the Resolver interface.
+func (fn ResolverFunc) EndpointFor(service, region string, opts ...func(*Options)) (ResolvedEndpoint, error) {
+	return fn(service, region, opts...)
+}
+
+var schemeRE = regexp.MustCompile("^([^:]+)://")
+
+// AddScheme adds the HTTP or HTTPS schemes to a endpoint URL if there is no
+// scheme. If disableSSL is true HTTP will set HTTP instead of the default HTTPS.
+//
+// If disableSSL is set, it will only set the URL's scheme if the URL does not
+// contain a scheme.
+func AddScheme(endpoint string, disableSSL bool) string {
+	if !schemeRE.MatchString(endpoint) {
+		scheme := "https"
+		if disableSSL {
+			scheme = "http"
+		}
+		endpoint = fmt.Sprintf("%s://%s", scheme, endpoint)
+	}
+
+	return endpoint
+}
+
+// EnumPartitions a provides a way to retrieve the underlying partitions that
+// make up the SDK's default Resolver, or any resolver decoded from a model
+// file.
+//
+// Use this interface with DefaultResolver and DecodeModels to get the list of
+// Partitions.
+type EnumPartitions interface {
+	Partitions() []Partition
+}
+
+// RegionsForService returns a map of regions for the partition and service.
+// If either the partition or service does not exist false will be returned
+// as the second parameter.
+//
+// This example shows how  to get the regions for DynamoDB in the AWS partition.
+//
+//	rs, exists := endpoints.RegionsForService(endpoints.DefaultPartitions(), endpoints.AwsPartitionID, endpoints.DynamodbServiceID)
+//
+// This is equivalent to using the partition directly.
+//
+//	rs := endpoints.AwsPartition().Services()[endpoints.DynamodbServiceID].Regions()
+func RegionsForService(ps []Partition, partitionID, serviceID string) (map[string]Region, bool) {
+	for _, p := range ps {
+		if p.ID() != partitionID {
+			continue
+		}
+		if _, ok := p.p.Services[serviceID]; !(ok || serviceID == Ec2metadataServiceID) {
+			break
+		}
+
+		s := Service{
+			id: serviceID,
+			p:  p.p,
+		}
+		return s.Regions(), true
+	}
+
+	return map[string]Region{}, false
+}
+
+// PartitionForRegion returns the first partition which includes the region
+// passed in. This includes both known regions and regions which match
+// a pattern supported by the partition which may include regions that are
+// not explicitly known by the partition. Use the Regions method of the
+// returned Partition if explicit support is needed.
+func PartitionForRegion(ps []Partition, regionID string) (Partition, bool) {
+	for _, p := range ps {
+		if _, ok := p.p.Regions[regionID]; ok || p.p.RegionRegex.MatchString(regionID) {
+			return p, true
+		}
+	}
+
+	return Partition{}, false
+}
+
+// A Partition provides the ability to enumerate the partition's regions
+// and services.
+type Partition struct {
+	id, dnsSuffix string
+	p             *partition
+}
+
+// DNSSuffix returns the base domain name of the partition.
+func (p Partition) DNSSuffix() string { return p.dnsSuffix }
+
+// ID returns the identifier of the partition.
+func (p Partition) ID() string { return p.id }
+
+// EndpointFor attempts to resolve the endpoint based on service and region.
+// See Options for information on configuring how the endpoint is resolved.
+//
+// If the service cannot be found in the metadata the UnknownServiceError
+// error will be returned. This validation will occur regardless if
+// StrictMatching is enabled. To enable resolving unknown services set the
+// "ResolveUnknownService" option to true. When StrictMatching is disabled
+// this option allows the partition resolver to resolve a endpoint based on
+// the service endpoint ID provided.
+//
+// When resolving endpoints you can choose to enable StrictMatching. This will
+// require the provided service and region to be known by the partition.
+// If the endpoint cannot be strictly resolved an error will be returned. This
+// mode is useful to ensure the endpoint resolved is valid. Without
+// StrictMatching enabled the endpoint returned may look valid but may not work.
+// StrictMatching requires the SDK to be updated if you want to take advantage
+// of new regions and services expansions.
+//
+// Errors that can be returned.
+//   - UnknownServiceError
+//   - UnknownEndpointError
+func (p Partition) EndpointFor(service, region string, opts ...func(*Options)) (ResolvedEndpoint, error) {
+	return p.p.EndpointFor(service, region, opts...)
+}
+
+// Regions returns a map of Regions indexed by their ID. This is useful for
+// enumerating over the regions in a partition.
+func (p Partition) Regions() map[string]Region {
+	rs := make(map[string]Region, len(p.p.Regions))
+	for id, r := range p.p.Regions {
+		rs[id] = Region{
+			id:   id,
+			desc: r.Description,
+			p:    p.p,
+		}
+	}
+
+	return rs
+}
+
+// Services returns a map of Service indexed by their ID. This is useful for
+// enumerating over the services in a partition.
+func (p Partition) Services() map[string]Service {
+	ss := make(map[string]Service, len(p.p.Services))
+
+	for id := range p.p.Services {
+		ss[id] = Service{
+			id: id,
+			p:  p.p,
+		}
+	}
+
+	// Since we have removed the customization that injected this into the model
+	// we still need to pretend that this is a modeled service.
+	if _, ok := ss[Ec2metadataServiceID]; !ok {
+		ss[Ec2metadataServiceID] = Service{
+			id: Ec2metadataServiceID,
+			p:  p.p,
+		}
+	}
+
+	return ss
+}
+
+// A Region provides information about a region, and ability to resolve an
+// endpoint from the context of a region, given a service.
+type Region struct {
+	id, desc string
+	p        *partition
+}
+
+// ID returns the region's identifier.
+func (r Region) ID() string { return r.id }
+
+// Description returns the region's description. The region description
+// is free text, it can be empty, and it may change between SDK releases.
+func (r Region) Description() string { return r.desc }
+
+// ResolveEndpoint resolves an endpoint from the context of the region given
+// a service. See Partition.EndpointFor for usage and errors that can be returned.
+func (r Region) ResolveEndpoint(service string, opts ...func(*Options)) (ResolvedEndpoint, error) {
+	return r.p.EndpointFor(service, r.id, opts...)
+}
+
+// Services returns a list of all services that are known to be in this region.
+func (r Region) Services() map[string]Service {
+	ss := map[string]Service{}
+	for id, s := range r.p.Services {
+		if _, ok := s.Endpoints[endpointKey{Region: r.id}]; ok {
+			ss[id] = Service{
+				id: id,
+				p:  r.p,
+			}
+		}
+	}
+
+	return ss
+}
+
+// A Service provides information about a service, and ability to resolve an
+// endpoint from the context of a service, given a region.
+type Service struct {
+	id string
+	p  *partition
+}
+
+// ID returns the identifier for the service.
+func (s Service) ID() string { return s.id }
+
+// ResolveEndpoint resolves an endpoint from the context of a service given
+// a region. See Partition.EndpointFor for usage and errors that can be returned.
+func (s Service) ResolveEndpoint(region string, opts ...func(*Options)) (ResolvedEndpoint, error) {
+	return s.p.EndpointFor(s.id, region, opts...)
+}
+
+// Regions returns a map of Regions that the service is present in.
+//
+// A region is the AWS region the service exists in. Whereas a Endpoint is
+// an URL that can be resolved to a instance of a service.
+func (s Service) Regions() map[string]Region {
+	rs := map[string]Region{}
+
+	service, ok := s.p.Services[s.id]
+
+	// Since ec2metadata customization has been removed we need to check
+	// if it was defined in non-standard endpoints.json file. If it's not
+	// then we can return the empty map as there is no regional-endpoints for IMDS.
+	// Otherwise, we iterate need to iterate the non-standard model.
+	if s.id == Ec2metadataServiceID && !ok {
+		return rs
+	}
+
+	for id := range service.Endpoints {
+		if id.Variant != 0 {
+			continue
+		}
+		if r, ok := s.p.Regions[id.Region]; ok {
+			rs[id.Region] = Region{
+				id:   id.Region,
+				desc: r.Description,
+				p:    s.p,
+			}
+		}
+	}
+
+	return rs
+}
+
+// Endpoints returns a map of Endpoints indexed by their ID for all known
+// endpoints for a service.
+//
+// A region is the AWS region the service exists in. Whereas a Endpoint is
+// an URL that can be resolved to a instance of a service.
+func (s Service) Endpoints() map[string]Endpoint {
+	es := make(map[string]Endpoint, len(s.p.Services[s.id].Endpoints))
+	for id := range s.p.Services[s.id].Endpoints {
+		if id.Variant != 0 {
+			continue
+		}
+		es[id.Region] = Endpoint{
+			id:        id.Region,
+			serviceID: s.id,
+			p:         s.p,
+		}
+	}
+
+	return es
+}
+
+// A Endpoint provides information about endpoints, and provides the ability
+// to resolve that endpoint for the service, and the region the endpoint
+// represents.
+type Endpoint struct {
+	id        string
+	serviceID string
+	p         *partition
+}
+
+// ID returns the identifier for an endpoint.
+func (e Endpoint) ID() string { return e.id }
+
+// ServiceID returns the identifier the endpoint belongs to.
+func (e Endpoint) ServiceID() string { return e.serviceID }
+
+// ResolveEndpoint resolves an endpoint from the context of a service and
+// region the endpoint represents. See Partition.EndpointFor for usage and
+// errors that can be returned.
+func (e Endpoint) ResolveEndpoint(opts ...func(*Options)) (ResolvedEndpoint, error) {
+	return e.p.EndpointFor(e.serviceID, e.id, opts...)
+}
+
+// A ResolvedEndpoint is an endpoint that has been resolved based on a partition
+// service, and region.
+type ResolvedEndpoint struct {
+	// The endpoint URL
+	URL string
+
+	// The endpoint partition
+	PartitionID string
+
+	// The region that should be used for signing requests.
+	SigningRegion string
+
+	// The service name that should be used for signing requests.
+	SigningName string
+
+	// States that the signing name for this endpoint was derived from metadata
+	// passed in, but was not explicitly modeled.
+	SigningNameDerived bool
+
+	// The signing method that should be used for signing requests.
+	SigningMethod string
+}
+
+// So that the Error interface type can be included as an anonymous field
+// in the requestError struct and not conflict with the error.Error() method.
+type awsError awserr.Error
+
+// A EndpointNotFoundError is returned when in StrictMatching mode, and the
+// endpoint for the service and region cannot be found in any of the partitions.
+type EndpointNotFoundError struct {
+	awsError
+	Partition string
+	Service   string
+	Region    string
+}
+
+// A UnknownServiceError is returned when the service does not resolve to an
+// endpoint. Includes a list of all known services for the partition. Returned
+// when a partition does not support the service.
+type UnknownServiceError struct {
+	awsError
+	Partition string
+	Service   string
+	Known     []string
+}
+
+// NewUnknownServiceError builds and returns UnknownServiceError.
+func NewUnknownServiceError(p, s string, known []string) UnknownServiceError {
+	return UnknownServiceError{
+		awsError: awserr.New("UnknownServiceError",
+			"could not resolve endpoint for unknown service", nil),
+		Partition: p,
+		Service:   s,
+		Known:     known,
+	}
+}
+
+// String returns the string representation of the error.
+func (e UnknownServiceError) Error() string {
+	extra := fmt.Sprintf("partition: %q, service: %q",
+		e.Partition, e.Service)
+	if len(e.Known) > 0 {
+		extra += fmt.Sprintf(", known: %v", e.Known)
+	}
+	return awserr.SprintError(e.Code(), e.Message(), extra, e.OrigErr())
+}
+
+// String returns the string representation of the error.
+func (e UnknownServiceError) String() string {
+	return e.Error()
+}
+
+// A UnknownEndpointError is returned when in StrictMatching mode and the
+// service is valid, but the region does not resolve to an endpoint. Includes
+// a list of all known endpoints for the service.
+type UnknownEndpointError struct {
+	awsError
+	Partition string
+	Service   string
+	Region    string
+	Known     []string
+}
+
+// NewUnknownEndpointError builds and returns UnknownEndpointError.
+func NewUnknownEndpointError(p, s, r string, known []string) UnknownEndpointError {
+	return UnknownEndpointError{
+		awsError: awserr.New("UnknownEndpointError",
+			"could not resolve endpoint", nil),
+		Partition: p,
+		Service:   s,
+		Region:    r,
+		Known:     known,
+	}
+}
+
+// String returns the string representation of the error.
+func (e UnknownEndpointError) Error() string {
+	extra := fmt.Sprintf("partition: %q, service: %q, region: %q",
+		e.Partition, e.Service, e.Region)
+	if len(e.Known) > 0 {
+		extra += fmt.Sprintf(", known: %v", e.Known)
+	}
+	return awserr.SprintError(e.Code(), e.Message(), extra, e.OrigErr())
+}
+
+// String returns the string representation of the error.
+func (e UnknownEndpointError) String() string {
+	return e.Error()
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/legacy_regions.go b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/legacy_regions.go
new file mode 100644
index 000000000..df75e899a
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/legacy_regions.go
@@ -0,0 +1,24 @@
+package endpoints
+
+var legacyGlobalRegions = map[string]map[string]struct{}{
+	"sts": {
+		"ap-northeast-1": {},
+		"ap-south-1":     {},
+		"ap-southeast-1": {},
+		"ap-southeast-2": {},
+		"ca-central-1":   {},
+		"eu-central-1":   {},
+		"eu-north-1":     {},
+		"eu-west-1":      {},
+		"eu-west-2":      {},
+		"eu-west-3":      {},
+		"sa-east-1":      {},
+		"us-east-1":      {},
+		"us-east-2":      {},
+		"us-west-1":      {},
+		"us-west-2":      {},
+	},
+	"s3": {
+		"us-east-1": {},
+	},
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/v3model.go b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/v3model.go
new file mode 100644
index 000000000..89f6627dc
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/v3model.go
@@ -0,0 +1,594 @@
+package endpoints
+
+import (
+	"encoding/json"
+	"fmt"
+	"regexp"
+	"strconv"
+	"strings"
+)
+
+const (
+	ec2MetadataEndpointIPv6 = "http://[fd00:ec2::254]/latest"
+	ec2MetadataEndpointIPv4 = "http://169.254.169.254/latest"
+)
+
+const dnsSuffixTemplateKey = "{dnsSuffix}"
+
+// defaultKey is a compound map key of a variant and other values.
+type defaultKey struct {
+	Variant        endpointVariant
+	ServiceVariant serviceVariant
+}
+
+// endpointKey is a compound map key of a region and associated variant value.
+type endpointKey struct {
+	Region  string
+	Variant endpointVariant
+}
+
+// endpointVariant is a bit field to describe the endpoints attributes.
+type endpointVariant uint64
+
+// serviceVariant is a bit field to describe the service endpoint attributes.
+type serviceVariant uint64
+
+const (
+	// fipsVariant indicates that the endpoint is FIPS capable.
+	fipsVariant endpointVariant = 1 << (64 - 1 - iota)
+
+	// dualStackVariant indicates that the endpoint is DualStack capable.
+	dualStackVariant
+)
+
+var regionValidationRegex = regexp.MustCompile(`^[[:alnum:]]([[:alnum:]\-]*[[:alnum:]])?$`)
+
+type partitions []partition
+
+func (ps partitions) EndpointFor(service, region string, opts ...func(*Options)) (ResolvedEndpoint, error) {
+	var opt Options
+	opt.Set(opts...)
+
+	if len(opt.ResolvedRegion) > 0 {
+		region = opt.ResolvedRegion
+	}
+
+	for i := 0; i < len(ps); i++ {
+		if !ps[i].canResolveEndpoint(service, region, opt) {
+			continue
+		}
+
+		return ps[i].EndpointFor(service, region, opts...)
+	}
+
+	// If loose matching fallback to first partition format to use
+	// when resolving the endpoint.
+	if !opt.StrictMatching && len(ps) > 0 {
+		return ps[0].EndpointFor(service, region, opts...)
+	}
+
+	return ResolvedEndpoint{}, NewUnknownEndpointError("all partitions", service, region, []string{})
+}
+
+// Partitions satisfies the EnumPartitions interface and returns a list
+// of Partitions representing each partition represented in the SDK's
+// endpoints model.
+func (ps partitions) Partitions() []Partition {
+	parts := make([]Partition, 0, len(ps))
+	for i := 0; i < len(ps); i++ {
+		parts = append(parts, ps[i].Partition())
+	}
+
+	return parts
+}
+
+type endpointWithVariants struct {
+	endpoint
+	Variants []endpointWithTags `json:"variants"`
+}
+
+type endpointWithTags struct {
+	endpoint
+	Tags []string `json:"tags"`
+}
+
+type endpointDefaults map[defaultKey]endpoint
+
+func (p *endpointDefaults) UnmarshalJSON(data []byte) error {
+	if *p == nil {
+		*p = make(endpointDefaults)
+	}
+
+	var e endpointWithVariants
+	if err := json.Unmarshal(data, &e); err != nil {
+		return err
+	}
+
+	(*p)[defaultKey{Variant: 0}] = e.endpoint
+
+	e.Hostname = ""
+	e.DNSSuffix = ""
+
+	for _, variant := range e.Variants {
+		endpointVariant, unknown := parseVariantTags(variant.Tags)
+		if unknown {
+			continue
+		}
+
+		var ve endpoint
+		ve.mergeIn(e.endpoint)
+		ve.mergeIn(variant.endpoint)
+
+		(*p)[defaultKey{Variant: endpointVariant}] = ve
+	}
+
+	return nil
+}
+
+func parseVariantTags(tags []string) (ev endpointVariant, unknown bool) {
+	if len(tags) == 0 {
+		unknown = true
+		return
+	}
+
+	for _, tag := range tags {
+		switch {
+		case strings.EqualFold("fips", tag):
+			ev |= fipsVariant
+		case strings.EqualFold("dualstack", tag):
+			ev |= dualStackVariant
+		default:
+			unknown = true
+		}
+	}
+	return ev, unknown
+}
+
+type partition struct {
+	ID          string           `json:"partition"`
+	Name        string           `json:"partitionName"`
+	DNSSuffix   string           `json:"dnsSuffix"`
+	RegionRegex regionRegex      `json:"regionRegex"`
+	Defaults    endpointDefaults `json:"defaults"`
+	Regions     regions          `json:"regions"`
+	Services    services         `json:"services"`
+}
+
+func (p partition) Partition() Partition {
+	return Partition{
+		dnsSuffix: p.DNSSuffix,
+		id:        p.ID,
+		p:         &p,
+	}
+}
+
+func (p partition) canResolveEndpoint(service, region string, options Options) bool {
+	s, hasService := p.Services[service]
+	_, hasEndpoint := s.Endpoints[endpointKey{
+		Region:  region,
+		Variant: options.getEndpointVariant(service),
+	}]
+
+	if hasEndpoint && hasService {
+		return true
+	}
+
+	if options.StrictMatching {
+		return false
+	}
+
+	return p.RegionRegex.MatchString(region)
+}
+
+func allowLegacyEmptyRegion(service string) bool {
+	legacy := map[string]struct{}{
+		"budgets":       {},
+		"ce":            {},
+		"chime":         {},
+		"cloudfront":    {},
+		"ec2metadata":   {},
+		"iam":           {},
+		"importexport":  {},
+		"organizations": {},
+		"route53":       {},
+		"sts":           {},
+		"support":       {},
+		"waf":           {},
+	}
+
+	_, allowed := legacy[service]
+	return allowed
+}
+
+func (p partition) EndpointFor(service, region string, opts ...func(*Options)) (resolved ResolvedEndpoint, err error) {
+	var opt Options
+	opt.Set(opts...)
+
+	if len(opt.ResolvedRegion) > 0 {
+		region = opt.ResolvedRegion
+	}
+
+	s, hasService := p.Services[service]
+
+	if service == Ec2metadataServiceID && !hasService {
+		endpoint := getEC2MetadataEndpoint(p.ID, service, opt.EC2MetadataEndpointMode)
+		return endpoint, nil
+	}
+
+	if len(service) == 0 || !(hasService || opt.ResolveUnknownService) {
+		// Only return error if the resolver will not fallback to creating
+		// endpoint based on service endpoint ID passed in.
+		return resolved, NewUnknownServiceError(p.ID, service, serviceList(p.Services))
+	}
+
+	if len(region) == 0 && allowLegacyEmptyRegion(service) && len(s.PartitionEndpoint) != 0 {
+		region = s.PartitionEndpoint
+	}
+
+	if r, ok := isLegacyGlobalRegion(service, region, opt); ok {
+		region = r
+	}
+
+	variant := opt.getEndpointVariant(service)
+
+	endpoints := s.Endpoints
+
+	serviceDefaults, hasServiceDefault := s.Defaults[defaultKey{Variant: variant}]
+	// If we searched for a variant which may have no explicit service defaults,
+	// then we need to inherit the standard service defaults except the hostname and dnsSuffix
+	if variant != 0 && !hasServiceDefault {
+		serviceDefaults = s.Defaults[defaultKey{}]
+		serviceDefaults.Hostname = ""
+		serviceDefaults.DNSSuffix = ""
+	}
+
+	partitionDefaults, hasPartitionDefault := p.Defaults[defaultKey{Variant: variant}]
+
+	var dnsSuffix string
+	if len(serviceDefaults.DNSSuffix) > 0 {
+		dnsSuffix = serviceDefaults.DNSSuffix
+	} else if variant == 0 {
+		// For legacy reasons the partition dnsSuffix is not in the defaults, so if we looked for
+		// a non-variant endpoint then we need to set the dnsSuffix.
+		dnsSuffix = p.DNSSuffix
+	}
+
+	noDefaults := !hasServiceDefault && !hasPartitionDefault
+
+	e, hasEndpoint := s.endpointForRegion(region, endpoints, variant)
+	if len(region) == 0 || (!hasEndpoint && (opt.StrictMatching || noDefaults)) {
+		return resolved, NewUnknownEndpointError(p.ID, service, region, endpointList(endpoints, variant))
+	}
+
+	defs := []endpoint{partitionDefaults, serviceDefaults}
+
+	return e.resolve(service, p.ID, region, dnsSuffixTemplateKey, dnsSuffix, defs, opt)
+}
+
+func getEC2MetadataEndpoint(partitionID, service string, mode EC2IMDSEndpointModeState) ResolvedEndpoint {
+	switch mode {
+	case EC2IMDSEndpointModeStateIPv6:
+		return ResolvedEndpoint{
+			URL:                ec2MetadataEndpointIPv6,
+			PartitionID:        partitionID,
+			SigningRegion:      "aws-global",
+			SigningName:        service,
+			SigningNameDerived: true,
+			SigningMethod:      "v4",
+		}
+	case EC2IMDSEndpointModeStateIPv4:
+		fallthrough
+	default:
+		return ResolvedEndpoint{
+			URL:                ec2MetadataEndpointIPv4,
+			PartitionID:        partitionID,
+			SigningRegion:      "aws-global",
+			SigningName:        service,
+			SigningNameDerived: true,
+			SigningMethod:      "v4",
+		}
+	}
+}
+
+func isLegacyGlobalRegion(service string, region string, opt Options) (string, bool) {
+	if opt.getEndpointVariant(service) != 0 {
+		return "", false
+	}
+
+	const (
+		sts       = "sts"
+		s3        = "s3"
+		awsGlobal = "aws-global"
+	)
+
+	switch {
+	case service == sts && opt.STSRegionalEndpoint == RegionalSTSEndpoint:
+		return region, false
+	case service == s3 && opt.S3UsEast1RegionalEndpoint == RegionalS3UsEast1Endpoint:
+		return region, false
+	default:
+		if _, ok := legacyGlobalRegions[service][region]; ok {
+			return awsGlobal, true
+		}
+	}
+
+	return region, false
+}
+
+func serviceList(ss services) []string {
+	list := make([]string, 0, len(ss))
+	for k := range ss {
+		list = append(list, k)
+	}
+	return list
+}
+func endpointList(es serviceEndpoints, variant endpointVariant) []string {
+	list := make([]string, 0, len(es))
+	for k := range es {
+		if k.Variant != variant {
+			continue
+		}
+		list = append(list, k.Region)
+	}
+	return list
+}
+
+type regionRegex struct {
+	*regexp.Regexp
+}
+
+func (rr *regionRegex) UnmarshalJSON(b []byte) (err error) {
+	// Strip leading and trailing quotes
+	regex, err := strconv.Unquote(string(b))
+	if err != nil {
+		return fmt.Errorf("unable to strip quotes from regex, %v", err)
+	}
+
+	rr.Regexp, err = regexp.Compile(regex)
+	if err != nil {
+		return fmt.Errorf("unable to unmarshal region regex, %v", err)
+	}
+	return nil
+}
+
+type regions map[string]region
+
+type region struct {
+	Description string `json:"description"`
+}
+
+type services map[string]service
+
+type service struct {
+	PartitionEndpoint string           `json:"partitionEndpoint"`
+	IsRegionalized    boxedBool        `json:"isRegionalized,omitempty"`
+	Defaults          endpointDefaults `json:"defaults"`
+	Endpoints         serviceEndpoints `json:"endpoints"`
+}
+
+func (s *service) endpointForRegion(region string, endpoints serviceEndpoints, variant endpointVariant) (endpoint, bool) {
+	if e, ok := endpoints[endpointKey{Region: region, Variant: variant}]; ok {
+		return e, true
+	}
+
+	if s.IsRegionalized == boxedFalse {
+		return endpoints[endpointKey{Region: s.PartitionEndpoint, Variant: variant}], region == s.PartitionEndpoint
+	}
+
+	// Unable to find any matching endpoint, return
+	// blank that will be used for generic endpoint creation.
+	return endpoint{}, false
+}
+
+type serviceEndpoints map[endpointKey]endpoint
+
+func (s *serviceEndpoints) UnmarshalJSON(data []byte) error {
+	if *s == nil {
+		*s = make(serviceEndpoints)
+	}
+
+	var regionToEndpoint map[string]endpointWithVariants
+
+	if err := json.Unmarshal(data, &regionToEndpoint); err != nil {
+		return err
+	}
+
+	for region, e := range regionToEndpoint {
+		(*s)[endpointKey{Region: region}] = e.endpoint
+
+		e.Hostname = ""
+		e.DNSSuffix = ""
+
+		for _, variant := range e.Variants {
+			endpointVariant, unknown := parseVariantTags(variant.Tags)
+			if unknown {
+				continue
+			}
+
+			var ve endpoint
+			ve.mergeIn(e.endpoint)
+			ve.mergeIn(variant.endpoint)
+
+			(*s)[endpointKey{Region: region, Variant: endpointVariant}] = ve
+		}
+	}
+
+	return nil
+}
+
+type endpoint struct {
+	Hostname        string          `json:"hostname"`
+	Protocols       []string        `json:"protocols"`
+	CredentialScope credentialScope `json:"credentialScope"`
+
+	DNSSuffix string `json:"dnsSuffix"`
+
+	// Signature Version not used
+	SignatureVersions []string `json:"signatureVersions"`
+
+	// SSLCommonName not used.
+	SSLCommonName string `json:"sslCommonName"`
+
+	Deprecated boxedBool `json:"deprecated"`
+}
+
+// isZero returns whether the endpoint structure is an empty (zero) value.
+func (e endpoint) isZero() bool {
+	switch {
+	case len(e.Hostname) != 0:
+		return false
+	case len(e.Protocols) != 0:
+		return false
+	case e.CredentialScope != (credentialScope{}):
+		return false
+	case len(e.SignatureVersions) != 0:
+		return false
+	case len(e.SSLCommonName) != 0:
+		return false
+	}
+	return true
+}
+
+const (
+	defaultProtocol = "https"
+	defaultSigner   = "v4"
+)
+
+var (
+	protocolPriority = []string{"https", "http"}
+	signerPriority   = []string{"v4", "v2"}
+)
+
+func getByPriority(s []string, p []string, def string) string {
+	if len(s) == 0 {
+		return def
+	}
+
+	for i := 0; i < len(p); i++ {
+		for j := 0; j < len(s); j++ {
+			if s[j] == p[i] {
+				return s[j]
+			}
+		}
+	}
+
+	return s[0]
+}
+
+func (e endpoint) resolve(service, partitionID, region, dnsSuffixTemplateVariable, dnsSuffix string, defs []endpoint, opts Options) (ResolvedEndpoint, error) {
+	var merged endpoint
+	for _, def := range defs {
+		merged.mergeIn(def)
+	}
+	merged.mergeIn(e)
+	e = merged
+
+	signingRegion := e.CredentialScope.Region
+	if len(signingRegion) == 0 {
+		signingRegion = region
+	}
+
+	signingName := e.CredentialScope.Service
+	var signingNameDerived bool
+	if len(signingName) == 0 {
+		signingName = service
+		signingNameDerived = true
+	}
+
+	hostname := e.Hostname
+
+	if !validateInputRegion(region) {
+		return ResolvedEndpoint{}, fmt.Errorf("invalid region identifier format provided")
+	}
+
+	if len(merged.DNSSuffix) > 0 {
+		dnsSuffix = merged.DNSSuffix
+	}
+
+	u := strings.Replace(hostname, "{service}", service, 1)
+	u = strings.Replace(u, "{region}", region, 1)
+	u = strings.Replace(u, dnsSuffixTemplateVariable, dnsSuffix, 1)
+
+	scheme := getEndpointScheme(e.Protocols, opts.DisableSSL)
+	u = fmt.Sprintf("%s://%s", scheme, u)
+
+	if e.Deprecated == boxedTrue && opts.LogDeprecated && opts.Logger != nil {
+		opts.Logger.Log(fmt.Sprintf("endpoint identifier %q, url %q marked as deprecated", region, u))
+	}
+
+	return ResolvedEndpoint{
+		URL:                u,
+		PartitionID:        partitionID,
+		SigningRegion:      signingRegion,
+		SigningName:        signingName,
+		SigningNameDerived: signingNameDerived,
+		SigningMethod:      getByPriority(e.SignatureVersions, signerPriority, defaultSigner),
+	}, nil
+}
+
+func getEndpointScheme(protocols []string, disableSSL bool) string {
+	if disableSSL {
+		return "http"
+	}
+
+	return getByPriority(protocols, protocolPriority, defaultProtocol)
+}
+
+func (e *endpoint) mergeIn(other endpoint) {
+	if len(other.Hostname) > 0 {
+		e.Hostname = other.Hostname
+	}
+	if len(other.Protocols) > 0 {
+		e.Protocols = other.Protocols
+	}
+	if len(other.SignatureVersions) > 0 {
+		e.SignatureVersions = other.SignatureVersions
+	}
+	if len(other.CredentialScope.Region) > 0 {
+		e.CredentialScope.Region = other.CredentialScope.Region
+	}
+	if len(other.CredentialScope.Service) > 0 {
+		e.CredentialScope.Service = other.CredentialScope.Service
+	}
+	if len(other.SSLCommonName) > 0 {
+		e.SSLCommonName = other.SSLCommonName
+	}
+	if len(other.DNSSuffix) > 0 {
+		e.DNSSuffix = other.DNSSuffix
+	}
+	if other.Deprecated != boxedBoolUnset {
+		e.Deprecated = other.Deprecated
+	}
+}
+
+type credentialScope struct {
+	Region  string `json:"region"`
+	Service string `json:"service"`
+}
+
+type boxedBool int
+
+func (b *boxedBool) UnmarshalJSON(buf []byte) error {
+	v, err := strconv.ParseBool(string(buf))
+	if err != nil {
+		return err
+	}
+
+	if v {
+		*b = boxedTrue
+	} else {
+		*b = boxedFalse
+	}
+
+	return nil
+}
+
+const (
+	boxedBoolUnset boxedBool = iota
+	boxedFalse
+	boxedTrue
+)
+
+func validateInputRegion(region string) bool {
+	return regionValidationRegex.MatchString(region)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/v3model_codegen.go b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/v3model_codegen.go
new file mode 100644
index 000000000..84922bca8
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/v3model_codegen.go
@@ -0,0 +1,412 @@
+//go:build codegen
+// +build codegen
+
+package endpoints
+
+import (
+	"fmt"
+	"io"
+	"reflect"
+	"strings"
+	"text/template"
+	"unicode"
+)
+
+// A CodeGenOptions are the options for code generating the endpoints into
+// Go code from the endpoints model definition.
+type CodeGenOptions struct {
+	// Options for how the model will be decoded.
+	DecodeModelOptions DecodeModelOptions
+
+	// Disables code generation of the service endpoint prefix IDs defined in
+	// the model.
+	DisableGenerateServiceIDs bool
+}
+
+// Set combines all of the option functions together
+func (d *CodeGenOptions) Set(optFns ...func(*CodeGenOptions)) {
+	for _, fn := range optFns {
+		fn(d)
+	}
+}
+
+// CodeGenModel given a endpoints model file will decode it and attempt to
+// generate Go code from the model definition. Error will be returned if
+// the code is unable to be generated, or decoded.
+func CodeGenModel(modelFile io.Reader, outFile io.Writer, optFns ...func(*CodeGenOptions)) error {
+	var opts CodeGenOptions
+	opts.Set(optFns...)
+
+	resolver, err := DecodeModel(modelFile, func(d *DecodeModelOptions) {
+		*d = opts.DecodeModelOptions
+	})
+	if err != nil {
+		return err
+	}
+
+	v := struct {
+		Resolver
+		CodeGenOptions
+	}{
+		Resolver:       resolver,
+		CodeGenOptions: opts,
+	}
+
+	tmpl := template.Must(template.New("tmpl").Funcs(funcMap).Parse(v3Tmpl))
+	if err := tmpl.ExecuteTemplate(outFile, "defaults", v); err != nil {
+		return fmt.Errorf("failed to execute template, %v", err)
+	}
+
+	return nil
+}
+
+func toSymbol(v string) string {
+	out := []rune{}
+	for _, c := range strings.Title(v) {
+		if !(unicode.IsNumber(c) || unicode.IsLetter(c)) {
+			continue
+		}
+
+		out = append(out, c)
+	}
+
+	return string(out)
+}
+
+func quoteString(v string) string {
+	return fmt.Sprintf("%q", v)
+}
+
+func regionConstName(p, r string) string {
+	return toSymbol(p) + toSymbol(r)
+}
+
+func partitionGetter(id string) string {
+	return fmt.Sprintf("%sPartition", toSymbol(id))
+}
+
+func partitionVarName(id string) string {
+	return fmt.Sprintf("%sPartition", strings.ToLower(toSymbol(id)))
+}
+
+func listPartitionNames(ps partitions) string {
+	names := []string{}
+	switch len(ps) {
+	case 1:
+		return ps[0].Name
+	case 2:
+		return fmt.Sprintf("%s and %s", ps[0].Name, ps[1].Name)
+	default:
+		for i, p := range ps {
+			if i == len(ps)-1 {
+				names = append(names, "and "+p.Name)
+			} else {
+				names = append(names, p.Name)
+			}
+		}
+		return strings.Join(names, ", ")
+	}
+}
+
+func boxedBoolIfSet(msg string, v boxedBool) string {
+	switch v {
+	case boxedTrue:
+		return fmt.Sprintf(msg, "boxedTrue")
+	case boxedFalse:
+		return fmt.Sprintf(msg, "boxedFalse")
+	default:
+		return ""
+	}
+}
+
+func stringIfSet(msg, v string) string {
+	if len(v) == 0 {
+		return ""
+	}
+
+	return fmt.Sprintf(msg, v)
+}
+
+func stringSliceIfSet(msg string, vs []string) string {
+	if len(vs) == 0 {
+		return ""
+	}
+
+	names := []string{}
+	for _, v := range vs {
+		names = append(names, `"`+v+`"`)
+	}
+
+	return fmt.Sprintf(msg, strings.Join(names, ","))
+}
+
+func endpointIsSet(v endpoint) bool {
+	return !reflect.DeepEqual(v, endpoint{})
+}
+
+func serviceSet(ps partitions) map[string]struct{} {
+	set := map[string]struct{}{}
+	for _, p := range ps {
+		for id := range p.Services {
+			set[id] = struct{}{}
+		}
+	}
+
+	return set
+}
+
+func endpointVariantSetter(variant endpointVariant) (string, error) {
+	if variant == 0 {
+		return "0", nil
+	}
+
+	if variant > (fipsVariant | dualStackVariant) {
+		return "", fmt.Errorf("unknown endpoint variant")
+	}
+
+	var symbols []string
+	if variant&fipsVariant != 0 {
+		symbols = append(symbols, "fipsVariant")
+	}
+	if variant&dualStackVariant != 0 {
+		symbols = append(symbols, "dualStackVariant")
+	}
+	v := strings.Join(symbols, "|")
+
+	return v, nil
+}
+
+func endpointKeySetter(e endpointKey) (string, error) {
+	var sb strings.Builder
+	sb.WriteString("endpointKey{\n")
+	sb.WriteString(fmt.Sprintf("Region: %q,\n", e.Region))
+	if e.Variant != 0 {
+		variantSetter, err := endpointVariantSetter(e.Variant)
+		if err != nil {
+			return "", err
+		}
+		sb.WriteString(fmt.Sprintf("Variant: %s,\n", variantSetter))
+	}
+	sb.WriteString("}")
+	return sb.String(), nil
+}
+
+func defaultKeySetter(e defaultKey) (string, error) {
+	var sb strings.Builder
+	sb.WriteString("defaultKey{\n")
+	if e.Variant != 0 {
+		variantSetter, err := endpointVariantSetter(e.Variant)
+		if err != nil {
+			return "", err
+		}
+		sb.WriteString(fmt.Sprintf("Variant: %s,\n", variantSetter))
+	}
+	sb.WriteString("}")
+	return sb.String(), nil
+}
+
+var funcMap = template.FuncMap{
+	"ToSymbol":              toSymbol,
+	"QuoteString":           quoteString,
+	"RegionConst":           regionConstName,
+	"PartitionGetter":       partitionGetter,
+	"PartitionVarName":      partitionVarName,
+	"ListPartitionNames":    listPartitionNames,
+	"BoxedBoolIfSet":        boxedBoolIfSet,
+	"StringIfSet":           stringIfSet,
+	"StringSliceIfSet":      stringSliceIfSet,
+	"EndpointIsSet":         endpointIsSet,
+	"ServicesSet":           serviceSet,
+	"EndpointVariantSetter": endpointVariantSetter,
+	"EndpointKeySetter":     endpointKeySetter,
+	"DefaultKeySetter":      defaultKeySetter,
+}
+
+const v3Tmpl = `
+{{ define "defaults" -}}
+// Code generated by aws/endpoints/v3model_codegen.go. DO NOT EDIT.
+
+package endpoints
+
+import (
+	"regexp"
+)
+
+	{{ template "partition consts" $.Resolver }}
+
+	{{ range $_, $partition := $.Resolver }}
+		{{ template "partition region consts" $partition }}
+	{{ end }}
+
+	{{ if not $.DisableGenerateServiceIDs -}}
+	{{ template "service consts" $.Resolver }}
+	{{- end }}
+	
+	{{ template "endpoint resolvers" $.Resolver }}
+{{- end }}
+
+{{ define "partition consts" }}
+	// Partition identifiers
+	const (
+		{{ range $_, $p := . -}}
+			{{ ToSymbol $p.ID }}PartitionID = {{ QuoteString $p.ID }} // {{ $p.Name }} partition.
+		{{ end -}}
+	)
+{{- end }}
+
+{{ define "partition region consts" }}
+	// {{ .Name }} partition's regions.
+	const (
+		{{ range $id, $region := .Regions -}}
+			{{ ToSymbol $id }}RegionID = {{ QuoteString $id }} // {{ $region.Description }}.
+		{{ end -}}
+	)
+{{- end }}
+
+{{ define "service consts" }}
+	// Service identifiers
+	const (
+		{{ $serviceSet := ServicesSet . -}}
+		{{ range $id, $_ := $serviceSet -}}
+			{{ ToSymbol $id }}ServiceID = {{ QuoteString $id }} // {{ ToSymbol $id }}.
+		{{ end -}}
+	)
+{{- end }}
+
+{{ define "endpoint resolvers" }}
+	// DefaultResolver returns an Endpoint resolver that will be able
+	// to resolve endpoints for: {{ ListPartitionNames . }}.
+	//
+	// Use DefaultPartitions() to get the list of the default partitions.
+	func DefaultResolver() Resolver {
+		return defaultPartitions
+	}
+
+	// DefaultPartitions returns a list of the partitions the SDK is bundled
+	// with. The available partitions are: {{ ListPartitionNames . }}.
+	//
+	//    partitions := endpoints.DefaultPartitions
+	//    for _, p := range partitions {
+	//        // ... inspect partitions
+	//    }
+	func DefaultPartitions() []Partition {
+		return defaultPartitions.Partitions()
+	}
+
+	var defaultPartitions = partitions{
+		{{ range $_, $partition := . -}}
+			{{ PartitionVarName $partition.ID }},
+		{{ end }}
+	}
+	
+	{{ range $_, $partition := . -}}
+		{{ $name := PartitionGetter $partition.ID -}}
+		// {{ $name }} returns the Resolver for {{ $partition.Name }}.
+		func {{ $name }}() Partition {
+			return  {{ PartitionVarName $partition.ID }}.Partition()
+		}
+		var {{ PartitionVarName $partition.ID }} = {{ template "gocode Partition" $partition }}
+	{{ end }}
+{{ end }}
+
+{{ define "default partitions" }}
+	func DefaultPartitions() []Partition {
+		return []partition{
+			{{ range $_, $partition := . -}}
+			// {{ ToSymbol $partition.ID}}Partition(),
+			{{ end }}
+		}
+	}
+{{ end }}
+
+{{ define "gocode Partition" -}}
+partition{
+	{{ StringIfSet "ID: %q,\n" .ID -}}
+	{{ StringIfSet "Name: %q,\n" .Name -}}
+	{{ StringIfSet "DNSSuffix: %q,\n" .DNSSuffix -}}
+	RegionRegex: {{ template "gocode RegionRegex" .RegionRegex }},
+	{{ if (gt (len .Defaults) 0) -}}
+		Defaults: {{ template "gocode Defaults" .Defaults -}},
+	{{ end -}}
+	Regions:  {{ template "gocode Regions" .Regions }},
+	Services: {{ template "gocode Services" .Services }},
+}
+{{- end }}
+
+{{ define "gocode RegionRegex" -}}
+regionRegex{
+	Regexp: func() *regexp.Regexp{
+		reg, _ := regexp.Compile({{ QuoteString .Regexp.String }})
+		return reg
+	}(),
+}
+{{- end }}
+
+{{ define "gocode Regions" -}}
+regions{
+	{{ range $id, $region := . -}}
+		"{{ $id }}": {{ template "gocode Region" $region }},
+	{{ end -}}
+}
+{{- end }}
+
+{{ define "gocode Region" -}}
+region{
+	{{ StringIfSet "Description: %q,\n" .Description -}}
+}
+{{- end }}
+
+{{ define "gocode Services" -}}
+services{
+	{{ range $id, $service := . -}}
+	"{{ $id }}": {{ template "gocode Service" $service }},
+	{{ end }}
+}
+{{- end }}
+
+{{ define "gocode Service" -}}
+service{
+	{{ StringIfSet "PartitionEndpoint: %q,\n" .PartitionEndpoint -}}
+	{{ BoxedBoolIfSet "IsRegionalized: %s,\n" .IsRegionalized -}}
+	{{ if (gt (len .Defaults) 0) -}}
+		Defaults: {{ template "gocode Defaults" .Defaults -}},
+	{{ end -}}
+	{{ if .Endpoints -}}
+		Endpoints: {{ template "gocode Endpoints" .Endpoints }},
+	{{- end }}
+}
+{{- end }}
+
+{{ define "gocode Defaults" -}}
+endpointDefaults{
+	{{ range $id, $endpoint := . -}}
+	{{ DefaultKeySetter $id }}: {{ template "gocode Endpoint" $endpoint }},
+	{{ end }}
+}
+{{- end }}
+
+{{ define "gocode Endpoints" -}}
+serviceEndpoints{
+	{{ range $id, $endpoint := . -}}
+	{{ EndpointKeySetter $id }}: {{ template "gocode Endpoint" $endpoint }},
+	{{ end }}
+}
+{{- end }}
+
+{{ define "gocode Endpoint" -}}
+endpoint{
+	{{ StringIfSet "Hostname: %q,\n" .Hostname -}}
+	{{ StringIfSet "DNSSuffix: %q,\n" .DNSSuffix -}}
+	{{ StringIfSet "SSLCommonName: %q,\n" .SSLCommonName -}}
+	{{ StringSliceIfSet "Protocols: []string{%s},\n" .Protocols -}}
+	{{ StringSliceIfSet "SignatureVersions: []string{%s},\n" .SignatureVersions -}}
+	{{ if or .CredentialScope.Region .CredentialScope.Service -}}
+	CredentialScope: credentialScope{
+		{{ StringIfSet "Region: %q,\n" .CredentialScope.Region -}}
+		{{ StringIfSet "Service: %q,\n" .CredentialScope.Service -}}
+	},
+	{{- end }}
+	{{ BoxedBoolIfSet "Deprecated: %s,\n" .Deprecated -}}
+}
+{{- end }}
+`
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/errors.go b/vendor/github.com/aws/aws-sdk-go/aws/errors.go
new file mode 100644
index 000000000..fa06f7a8f
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/errors.go
@@ -0,0 +1,13 @@
+package aws
+
+import "github.com/aws/aws-sdk-go/aws/awserr"
+
+var (
+	// ErrMissingRegion is an error that is returned if region configuration is
+	// not found.
+	ErrMissingRegion = awserr.New("MissingRegion", "could not find region configuration", nil)
+
+	// ErrMissingEndpoint is an error that is returned if an endpoint cannot be
+	// resolved for a service.
+	ErrMissingEndpoint = awserr.New("MissingEndpoint", "'Endpoint' configuration is required for this service", nil)
+)
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/jsonvalue.go b/vendor/github.com/aws/aws-sdk-go/aws/jsonvalue.go
new file mode 100644
index 000000000..91a6f277a
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/jsonvalue.go
@@ -0,0 +1,12 @@
+package aws
+
+// JSONValue is a representation of a grab bag type that will be marshaled
+// into a json string. This type can be used just like any other map.
+//
+//	Example:
+//
+//	values := aws.JSONValue{
+//		"Foo": "Bar",
+//	}
+//	values["Baz"] = "Qux"
+type JSONValue map[string]interface{}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/logger.go b/vendor/github.com/aws/aws-sdk-go/aws/logger.go
new file mode 100644
index 000000000..49674cc79
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/logger.go
@@ -0,0 +1,121 @@
+package aws
+
+import (
+	"log"
+	"os"
+)
+
+// A LogLevelType defines the level logging should be performed at. Used to instruct
+// the SDK which statements should be logged.
+type LogLevelType uint
+
+// LogLevel returns the pointer to a LogLevel. Should be used to workaround
+// not being able to take the address of a non-composite literal.
+func LogLevel(l LogLevelType) *LogLevelType {
+	return &l
+}
+
+// Value returns the LogLevel value or the default value LogOff if the LogLevel
+// is nil. Safe to use on nil value LogLevelTypes.
+func (l *LogLevelType) Value() LogLevelType {
+	if l != nil {
+		return *l
+	}
+	return LogOff
+}
+
+// Matches returns true if the v LogLevel is enabled by this LogLevel. Should be
+// used with logging sub levels. Is safe to use on nil value LogLevelTypes. If
+// LogLevel is nil, will default to LogOff comparison.
+func (l *LogLevelType) Matches(v LogLevelType) bool {
+	c := l.Value()
+	return c&v == v
+}
+
+// AtLeast returns true if this LogLevel is at least high enough to satisfies v.
+// Is safe to use on nil value LogLevelTypes. If LogLevel is nil, will default
+// to LogOff comparison.
+func (l *LogLevelType) AtLeast(v LogLevelType) bool {
+	c := l.Value()
+	return c >= v
+}
+
+const (
+	// LogOff states that no logging should be performed by the SDK. This is the
+	// default state of the SDK, and should be use to disable all logging.
+	LogOff LogLevelType = iota * 0x1000
+
+	// LogDebug state that debug output should be logged by the SDK. This should
+	// be used to inspect request made and responses received.
+	LogDebug
+)
+
+// Debug Logging Sub Levels
+const (
+	// LogDebugWithSigning states that the SDK should log request signing and
+	// presigning events. This should be used to log the signing details of
+	// requests for debugging. Will also enable LogDebug.
+	LogDebugWithSigning LogLevelType = LogDebug | (1 << iota)
+
+	// LogDebugWithHTTPBody states the SDK should log HTTP request and response
+	// HTTP bodys in addition to the headers and path. This should be used to
+	// see the body content of requests and responses made while using the SDK
+	// Will also enable LogDebug.
+	LogDebugWithHTTPBody
+
+	// LogDebugWithRequestRetries states the SDK should log when service requests will
+	// be retried. This should be used to log when you want to log when service
+	// requests are being retried. Will also enable LogDebug.
+	LogDebugWithRequestRetries
+
+	// LogDebugWithRequestErrors states the SDK should log when service requests fail
+	// to build, send, validate, or unmarshal.
+	LogDebugWithRequestErrors
+
+	// LogDebugWithEventStreamBody states the SDK should log EventStream
+	// request and response bodys. This should be used to log the EventStream
+	// wire unmarshaled message content of requests and responses made while
+	// using the SDK Will also enable LogDebug.
+	LogDebugWithEventStreamBody
+
+	// LogDebugWithDeprecated states the SDK should log details about deprecated functionality.
+	LogDebugWithDeprecated
+)
+
+// A Logger is a minimalistic interface for the SDK to log messages to. Should
+// be used to provide custom logging writers for the SDK to use.
+type Logger interface {
+	Log(...interface{})
+}
+
+// A LoggerFunc is a convenience type to convert a function taking a variadic
+// list of arguments and wrap it so the Logger interface can be used.
+//
+// Example:
+//     s3.New(sess, &aws.Config{Logger: aws.LoggerFunc(func(args ...interface{}) {
+//         fmt.Fprintln(os.Stdout, args...)
+//     })})
+type LoggerFunc func(...interface{})
+
+// Log calls the wrapped function with the arguments provided
+func (f LoggerFunc) Log(args ...interface{}) {
+	f(args...)
+}
+
+// NewDefaultLogger returns a Logger which will write log messages to stdout, and
+// use same formatting runes as the stdlib log.Logger
+func NewDefaultLogger() Logger {
+	return &defaultLogger{
+		logger: log.New(os.Stdout, "", log.LstdFlags),
+	}
+}
+
+// A defaultLogger provides a minimalistic logger satisfying the Logger interface.
+type defaultLogger struct {
+	logger *log.Logger
+}
+
+// Log logs the parameters to the stdlib logger. See log.Println.
+func (l defaultLogger) Log(args ...interface{}) {
+	l.logger.Println(args...)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/request/connection_reset_error.go b/vendor/github.com/aws/aws-sdk-go/aws/request/connection_reset_error.go
new file mode 100644
index 000000000..2ba3c56c1
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/request/connection_reset_error.go
@@ -0,0 +1,19 @@
+package request
+
+import (
+	"strings"
+)
+
+func isErrConnectionReset(err error) bool {
+	if strings.Contains(err.Error(), "read: connection reset") {
+		return false
+	}
+
+	if strings.Contains(err.Error(), "use of closed network connection") ||
+		strings.Contains(err.Error(), "connection reset") ||
+		strings.Contains(err.Error(), "broken pipe") {
+		return true
+	}
+
+	return false
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/request/handlers.go b/vendor/github.com/aws/aws-sdk-go/aws/request/handlers.go
new file mode 100644
index 000000000..9556332b6
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/request/handlers.go
@@ -0,0 +1,346 @@
+package request
+
+import (
+	"fmt"
+	"strings"
+)
+
+// A Handlers provides a collection of request handlers for various
+// stages of handling requests.
+type Handlers struct {
+	Validate         HandlerList
+	Build            HandlerList
+	BuildStream      HandlerList
+	Sign             HandlerList
+	Send             HandlerList
+	ValidateResponse HandlerList
+	Unmarshal        HandlerList
+	UnmarshalStream  HandlerList
+	UnmarshalMeta    HandlerList
+	UnmarshalError   HandlerList
+	Retry            HandlerList
+	AfterRetry       HandlerList
+	CompleteAttempt  HandlerList
+	Complete         HandlerList
+}
+
+// Copy returns a copy of this handler's lists.
+func (h *Handlers) Copy() Handlers {
+	return Handlers{
+		Validate:         h.Validate.copy(),
+		Build:            h.Build.copy(),
+		BuildStream:      h.BuildStream.copy(),
+		Sign:             h.Sign.copy(),
+		Send:             h.Send.copy(),
+		ValidateResponse: h.ValidateResponse.copy(),
+		Unmarshal:        h.Unmarshal.copy(),
+		UnmarshalStream:  h.UnmarshalStream.copy(),
+		UnmarshalError:   h.UnmarshalError.copy(),
+		UnmarshalMeta:    h.UnmarshalMeta.copy(),
+		Retry:            h.Retry.copy(),
+		AfterRetry:       h.AfterRetry.copy(),
+		CompleteAttempt:  h.CompleteAttempt.copy(),
+		Complete:         h.Complete.copy(),
+	}
+}
+
+// Clear removes callback functions for all handlers.
+func (h *Handlers) Clear() {
+	h.Validate.Clear()
+	h.Build.Clear()
+	h.BuildStream.Clear()
+	h.Send.Clear()
+	h.Sign.Clear()
+	h.Unmarshal.Clear()
+	h.UnmarshalStream.Clear()
+	h.UnmarshalMeta.Clear()
+	h.UnmarshalError.Clear()
+	h.ValidateResponse.Clear()
+	h.Retry.Clear()
+	h.AfterRetry.Clear()
+	h.CompleteAttempt.Clear()
+	h.Complete.Clear()
+}
+
+// IsEmpty returns if there are no handlers in any of the handlerlists.
+func (h *Handlers) IsEmpty() bool {
+	if h.Validate.Len() != 0 {
+		return false
+	}
+	if h.Build.Len() != 0 {
+		return false
+	}
+	if h.BuildStream.Len() != 0 {
+		return false
+	}
+	if h.Send.Len() != 0 {
+		return false
+	}
+	if h.Sign.Len() != 0 {
+		return false
+	}
+	if h.Unmarshal.Len() != 0 {
+		return false
+	}
+	if h.UnmarshalStream.Len() != 0 {
+		return false
+	}
+	if h.UnmarshalMeta.Len() != 0 {
+		return false
+	}
+	if h.UnmarshalError.Len() != 0 {
+		return false
+	}
+	if h.ValidateResponse.Len() != 0 {
+		return false
+	}
+	if h.Retry.Len() != 0 {
+		return false
+	}
+	if h.AfterRetry.Len() != 0 {
+		return false
+	}
+	if h.CompleteAttempt.Len() != 0 {
+		return false
+	}
+	if h.Complete.Len() != 0 {
+		return false
+	}
+
+	return true
+}
+
+// A HandlerListRunItem represents an entry in the HandlerList which
+// is being run.
+type HandlerListRunItem struct {
+	Index   int
+	Handler NamedHandler
+	Request *Request
+}
+
+// A HandlerList manages zero or more handlers in a list.
+type HandlerList struct {
+	list []NamedHandler
+
+	// Called after each request handler in the list is called. If set
+	// and the func returns true the HandlerList will continue to iterate
+	// over the request handlers. If false is returned the HandlerList
+	// will stop iterating.
+	//
+	// Should be used if extra logic to be performed between each handler
+	// in the list. This can be used to terminate a list's iteration
+	// based on a condition such as error like, HandlerListStopOnError.
+	// Or for logging like HandlerListLogItem.
+	AfterEachFn func(item HandlerListRunItem) bool
+}
+
+// A NamedHandler is a struct that contains a name and function callback.
+type NamedHandler struct {
+	Name string
+	Fn   func(*Request)
+}
+
+// copy creates a copy of the handler list.
+func (l *HandlerList) copy() HandlerList {
+	n := HandlerList{
+		AfterEachFn: l.AfterEachFn,
+	}
+	if len(l.list) == 0 {
+		return n
+	}
+
+	n.list = append(make([]NamedHandler, 0, len(l.list)), l.list...)
+	return n
+}
+
+// Clear clears the handler list.
+func (l *HandlerList) Clear() {
+	l.list = l.list[0:0]
+}
+
+// Len returns the number of handlers in the list.
+func (l *HandlerList) Len() int {
+	return len(l.list)
+}
+
+// PushBack pushes handler f to the back of the handler list.
+func (l *HandlerList) PushBack(f func(*Request)) {
+	l.PushBackNamed(NamedHandler{"__anonymous", f})
+}
+
+// PushBackNamed pushes named handler f to the back of the handler list.
+func (l *HandlerList) PushBackNamed(n NamedHandler) {
+	if cap(l.list) == 0 {
+		l.list = make([]NamedHandler, 0, 5)
+	}
+	l.list = append(l.list, n)
+}
+
+// PushFront pushes handler f to the front of the handler list.
+func (l *HandlerList) PushFront(f func(*Request)) {
+	l.PushFrontNamed(NamedHandler{"__anonymous", f})
+}
+
+// PushFrontNamed pushes named handler f to the front of the handler list.
+func (l *HandlerList) PushFrontNamed(n NamedHandler) {
+	if cap(l.list) == len(l.list) {
+		// Allocating new list required
+		l.list = append([]NamedHandler{n}, l.list...)
+	} else {
+		// Enough room to prepend into list.
+		l.list = append(l.list, NamedHandler{})
+		copy(l.list[1:], l.list)
+		l.list[0] = n
+	}
+}
+
+// Remove removes a NamedHandler n
+func (l *HandlerList) Remove(n NamedHandler) {
+	l.RemoveByName(n.Name)
+}
+
+// RemoveByName removes a NamedHandler by name.
+func (l *HandlerList) RemoveByName(name string) {
+	for i := 0; i < len(l.list); i++ {
+		m := l.list[i]
+		if m.Name == name {
+			// Shift array preventing creating new arrays
+			copy(l.list[i:], l.list[i+1:])
+			l.list[len(l.list)-1] = NamedHandler{}
+			l.list = l.list[:len(l.list)-1]
+
+			// decrement list so next check to length is correct
+			i--
+		}
+	}
+}
+
+// SwapNamed will swap out any existing handlers with the same name as the
+// passed in NamedHandler returning true if handlers were swapped. False is
+// returned otherwise.
+func (l *HandlerList) SwapNamed(n NamedHandler) (swapped bool) {
+	for i := 0; i < len(l.list); i++ {
+		if l.list[i].Name == n.Name {
+			l.list[i].Fn = n.Fn
+			swapped = true
+		}
+	}
+
+	return swapped
+}
+
+// Swap will swap out all handlers matching the name passed in. The matched
+// handlers will be swapped in. True is returned if the handlers were swapped.
+func (l *HandlerList) Swap(name string, replace NamedHandler) bool {
+	var swapped bool
+
+	for i := 0; i < len(l.list); i++ {
+		if l.list[i].Name == name {
+			l.list[i] = replace
+			swapped = true
+		}
+	}
+
+	return swapped
+}
+
+// SetBackNamed will replace the named handler if it exists in the handler list.
+// If the handler does not exist the handler will be added to the end of the list.
+func (l *HandlerList) SetBackNamed(n NamedHandler) {
+	if !l.SwapNamed(n) {
+		l.PushBackNamed(n)
+	}
+}
+
+// SetFrontNamed will replace the named handler if it exists in the handler list.
+// If the handler does not exist the handler will be added to the beginning of
+// the list.
+func (l *HandlerList) SetFrontNamed(n NamedHandler) {
+	if !l.SwapNamed(n) {
+		l.PushFrontNamed(n)
+	}
+}
+
+// Run executes all handlers in the list with a given request object.
+func (l *HandlerList) Run(r *Request) {
+	for i, h := range l.list {
+		h.Fn(r)
+		item := HandlerListRunItem{
+			Index: i, Handler: h, Request: r,
+		}
+		if l.AfterEachFn != nil && !l.AfterEachFn(item) {
+			return
+		}
+	}
+}
+
+// HandlerListLogItem logs the request handler and the state of the
+// request's Error value. Always returns true to continue iterating
+// request handlers in a HandlerList.
+func HandlerListLogItem(item HandlerListRunItem) bool {
+	if item.Request.Config.Logger == nil {
+		return true
+	}
+	item.Request.Config.Logger.Log("DEBUG: RequestHandler",
+		item.Index, item.Handler.Name, item.Request.Error)
+
+	return true
+}
+
+// HandlerListStopOnError returns false to stop the HandlerList iterating
+// over request handlers if Request.Error is not nil. True otherwise
+// to continue iterating.
+func HandlerListStopOnError(item HandlerListRunItem) bool {
+	return item.Request.Error == nil
+}
+
+// WithAppendUserAgent will add a string to the user agent prefixed with a
+// single white space.
+func WithAppendUserAgent(s string) Option {
+	return func(r *Request) {
+		r.Handlers.Build.PushBack(func(r2 *Request) {
+			AddToUserAgent(r, s)
+		})
+	}
+}
+
+// MakeAddToUserAgentHandler will add the name/version pair to the User-Agent request
+// header. If the extra parameters are provided they will be added as metadata to the
+// name/version pair resulting in the following format.
+// "name/version (extra0; extra1; ...)"
+// The user agent part will be concatenated with this current request's user agent string.
+func MakeAddToUserAgentHandler(name, version string, extra ...string) func(*Request) {
+	ua := fmt.Sprintf("%s/%s", name, version)
+	if len(extra) > 0 {
+		ua += fmt.Sprintf(" (%s)", strings.Join(extra, "; "))
+	}
+	return func(r *Request) {
+		AddToUserAgent(r, ua)
+	}
+}
+
+// MakeAddToUserAgentFreeFormHandler adds the input to the User-Agent request header.
+// The input string will be concatenated with the current request's user agent string.
+func MakeAddToUserAgentFreeFormHandler(s string) func(*Request) {
+	return func(r *Request) {
+		AddToUserAgent(r, s)
+	}
+}
+
+// WithSetRequestHeaders updates the operation request's HTTP header to contain
+// the header key value pairs provided. If the header key already exists in the
+// request's HTTP header set, the existing value(s) will be replaced.
+//
+// Header keys added will be added as canonical format with title casing
+// applied via http.Header.Set method.
+func WithSetRequestHeaders(h map[string]string) Option {
+	return withRequestHeader(h).SetRequestHeaders
+}
+
+type withRequestHeader map[string]string
+
+func (h withRequestHeader) SetRequestHeaders(r *Request) {
+	for k, v := range h {
+		r.HTTPRequest.Header.Set(k, v)
+	}
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/request/http_request.go b/vendor/github.com/aws/aws-sdk-go/aws/request/http_request.go
new file mode 100644
index 000000000..79f79602b
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/request/http_request.go
@@ -0,0 +1,24 @@
+package request
+
+import (
+	"io"
+	"net/http"
+	"net/url"
+)
+
+func copyHTTPRequest(r *http.Request, body io.ReadCloser) *http.Request {
+	req := new(http.Request)
+	*req = *r
+	req.URL = &url.URL{}
+	*req.URL = *r.URL
+	req.Body = body
+
+	req.Header = http.Header{}
+	for k, v := range r.Header {
+		for _, vv := range v {
+			req.Header.Add(k, vv)
+		}
+	}
+
+	return req
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/request/offset_reader.go b/vendor/github.com/aws/aws-sdk-go/aws/request/offset_reader.go
new file mode 100644
index 000000000..9370fa50c
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/request/offset_reader.go
@@ -0,0 +1,65 @@
+package request
+
+import (
+	"io"
+	"sync"
+
+	"github.com/aws/aws-sdk-go/internal/sdkio"
+)
+
+// offsetReader is a thread-safe io.ReadCloser to prevent racing
+// with retrying requests
+type offsetReader struct {
+	buf    io.ReadSeeker
+	lock   sync.Mutex
+	closed bool
+}
+
+func newOffsetReader(buf io.ReadSeeker, offset int64) (*offsetReader, error) {
+	reader := &offsetReader{}
+	_, err := buf.Seek(offset, sdkio.SeekStart)
+	if err != nil {
+		return nil, err
+	}
+
+	reader.buf = buf
+	return reader, nil
+}
+
+// Close will close the instance of the offset reader's access to
+// the underlying io.ReadSeeker.
+func (o *offsetReader) Close() error {
+	o.lock.Lock()
+	defer o.lock.Unlock()
+	o.closed = true
+	return nil
+}
+
+// Read is a thread-safe read of the underlying io.ReadSeeker
+func (o *offsetReader) Read(p []byte) (int, error) {
+	o.lock.Lock()
+	defer o.lock.Unlock()
+
+	if o.closed {
+		return 0, io.EOF
+	}
+
+	return o.buf.Read(p)
+}
+
+// Seek is a thread-safe seeking operation.
+func (o *offsetReader) Seek(offset int64, whence int) (int64, error) {
+	o.lock.Lock()
+	defer o.lock.Unlock()
+
+	return o.buf.Seek(offset, whence)
+}
+
+// CloseAndCopy will return a new offsetReader with a copy of the old buffer
+// and close the old buffer.
+func (o *offsetReader) CloseAndCopy(offset int64) (*offsetReader, error) {
+	if err := o.Close(); err != nil {
+		return nil, err
+	}
+	return newOffsetReader(o.buf, offset)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/request/request.go b/vendor/github.com/aws/aws-sdk-go/aws/request/request.go
new file mode 100644
index 000000000..636d9ec94
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/request/request.go
@@ -0,0 +1,722 @@
+package request
+
+import (
+	"bytes"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"net/http"
+	"net/url"
+	"reflect"
+	"strings"
+	"time"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/awserr"
+	"github.com/aws/aws-sdk-go/aws/client/metadata"
+	"github.com/aws/aws-sdk-go/internal/sdkio"
+)
+
+const (
+	// ErrCodeSerialization is the serialization error code that is received
+	// during protocol unmarshaling.
+	ErrCodeSerialization = "SerializationError"
+
+	// ErrCodeRead is an error that is returned during HTTP reads.
+	ErrCodeRead = "ReadError"
+
+	// ErrCodeResponseTimeout is the connection timeout error that is received
+	// during body reads.
+	ErrCodeResponseTimeout = "ResponseTimeout"
+
+	// ErrCodeInvalidPresignExpire is returned when the expire time provided to
+	// presign is invalid
+	ErrCodeInvalidPresignExpire = "InvalidPresignExpireError"
+
+	// CanceledErrorCode is the error code that will be returned by an
+	// API request that was canceled. Requests given a aws.Context may
+	// return this error when canceled.
+	CanceledErrorCode = "RequestCanceled"
+
+	// ErrCodeRequestError is an error preventing the SDK from continuing to
+	// process the request.
+	ErrCodeRequestError = "RequestError"
+)
+
+// A Request is the service request to be made.
+type Request struct {
+	Config     aws.Config
+	ClientInfo metadata.ClientInfo
+	Handlers   Handlers
+
+	Retryer
+	AttemptTime            time.Time
+	Time                   time.Time
+	Operation              *Operation
+	HTTPRequest            *http.Request
+	HTTPResponse           *http.Response
+	Body                   io.ReadSeeker
+	streamingBody          io.ReadCloser
+	BodyStart              int64 // offset from beginning of Body that the request body starts
+	Params                 interface{}
+	Error                  error
+	Data                   interface{}
+	RequestID              string
+	RetryCount             int
+	Retryable              *bool
+	RetryDelay             time.Duration
+	NotHoist               bool
+	SignedHeaderVals       http.Header
+	LastSignedAt           time.Time
+	DisableFollowRedirects bool
+
+	// Additional API error codes that should be retried. IsErrorRetryable
+	// will consider these codes in addition to its built in cases.
+	RetryErrorCodes []string
+
+	// Additional API error codes that should be retried with throttle backoff
+	// delay. IsErrorThrottle will consider these codes in addition to its
+	// built in cases.
+	ThrottleErrorCodes []string
+
+	// A value greater than 0 instructs the request to be signed as Presigned URL
+	// You should not set this field directly. Instead use Request's
+	// Presign or PresignRequest methods.
+	ExpireTime time.Duration
+
+	context aws.Context
+
+	built bool
+
+	// Need to persist an intermediate body between the input Body and HTTP
+	// request body because the HTTP Client's transport can maintain a reference
+	// to the HTTP request's body after the client has returned. This value is
+	// safe to use concurrently and wrap the input Body for each HTTP request.
+	safeBody *offsetReader
+}
+
+// An Operation is the service API operation to be made.
+type Operation struct {
+	Name       string
+	HTTPMethod string
+	HTTPPath   string
+	*Paginator
+
+	BeforePresignFn func(r *Request) error
+}
+
+// New returns a new Request pointer for the service API operation and
+// parameters.
+//
+// A Retryer should be provided to direct how the request is retried. If
+// Retryer is nil, a default no retry value will be used. You can use
+// NoOpRetryer in the Client package to disable retry behavior directly.
+//
+// Params is any value of input parameters to be the request payload.
+// Data is pointer value to an object which the request's response
+// payload will be deserialized to.
+func New(cfg aws.Config, clientInfo metadata.ClientInfo, handlers Handlers,
+	retryer Retryer, operation *Operation, params interface{}, data interface{}) *Request {
+
+	if retryer == nil {
+		retryer = noOpRetryer{}
+	}
+
+	method := operation.HTTPMethod
+	if method == "" {
+		method = "POST"
+	}
+
+	httpReq, _ := http.NewRequest(method, "", nil)
+
+	var err error
+	httpReq.URL, err = url.Parse(clientInfo.Endpoint)
+	if err != nil {
+		httpReq.URL = &url.URL{}
+		err = awserr.New("InvalidEndpointURL", "invalid endpoint uri", err)
+	}
+
+	if len(operation.HTTPPath) != 0 {
+		opHTTPPath := operation.HTTPPath
+		var opQueryString string
+		if idx := strings.Index(opHTTPPath, "?"); idx >= 0 {
+			opQueryString = opHTTPPath[idx+1:]
+			opHTTPPath = opHTTPPath[:idx]
+		}
+
+		if strings.HasSuffix(httpReq.URL.Path, "/") && strings.HasPrefix(opHTTPPath, "/") {
+			opHTTPPath = opHTTPPath[1:]
+		}
+		httpReq.URL.Path += opHTTPPath
+		httpReq.URL.RawQuery = opQueryString
+	}
+
+	r := &Request{
+		Config:     cfg,
+		ClientInfo: clientInfo,
+		Handlers:   handlers.Copy(),
+
+		Retryer:     retryer,
+		Time:        time.Now(),
+		ExpireTime:  0,
+		Operation:   operation,
+		HTTPRequest: httpReq,
+		Body:        nil,
+		Params:      params,
+		Error:       err,
+		Data:        data,
+	}
+	r.SetBufferBody([]byte{})
+
+	return r
+}
+
+// A Option is a functional option that can augment or modify a request when
+// using a WithContext API operation method.
+type Option func(*Request)
+
+// WithGetResponseHeader builds a request Option which will retrieve a single
+// header value from the HTTP Response. If there are multiple values for the
+// header key use WithGetResponseHeaders instead to access the http.Header
+// map directly. The passed in val pointer must be non-nil.
+//
+// This Option can be used multiple times with a single API operation.
+//
+//    var id2, versionID string
+//    svc.PutObjectWithContext(ctx, params,
+//        request.WithGetResponseHeader("x-amz-id-2", &id2),
+//        request.WithGetResponseHeader("x-amz-version-id", &versionID),
+//    )
+func WithGetResponseHeader(key string, val *string) Option {
+	return func(r *Request) {
+		r.Handlers.Complete.PushBack(func(req *Request) {
+			*val = req.HTTPResponse.Header.Get(key)
+		})
+	}
+}
+
+// WithGetResponseHeaders builds a request Option which will retrieve the
+// headers from the HTTP response and assign them to the passed in headers
+// variable. The passed in headers pointer must be non-nil.
+//
+//    var headers http.Header
+//    svc.PutObjectWithContext(ctx, params, request.WithGetResponseHeaders(&headers))
+func WithGetResponseHeaders(headers *http.Header) Option {
+	return func(r *Request) {
+		r.Handlers.Complete.PushBack(func(req *Request) {
+			*headers = req.HTTPResponse.Header
+		})
+	}
+}
+
+// WithLogLevel is a request option that will set the request to use a specific
+// log level when the request is made.
+//
+//     svc.PutObjectWithContext(ctx, params, request.WithLogLevel(aws.LogDebugWithHTTPBody)
+func WithLogLevel(l aws.LogLevelType) Option {
+	return func(r *Request) {
+		r.Config.LogLevel = aws.LogLevel(l)
+	}
+}
+
+// ApplyOptions will apply each option to the request calling them in the order
+// the were provided.
+func (r *Request) ApplyOptions(opts ...Option) {
+	for _, opt := range opts {
+		opt(r)
+	}
+}
+
+// Context will always returns a non-nil context. If Request does not have a
+// context aws.BackgroundContext will be returned.
+func (r *Request) Context() aws.Context {
+	if r.context != nil {
+		return r.context
+	}
+	return aws.BackgroundContext()
+}
+
+// SetContext adds a Context to the current request that can be used to cancel
+// a in-flight request. The Context value must not be nil, or this method will
+// panic.
+//
+// Unlike http.Request.WithContext, SetContext does not return a copy of the
+// Request. It is not safe to use use a single Request value for multiple
+// requests. A new Request should be created for each API operation request.
+//
+// Go 1.6 and below:
+// The http.Request's Cancel field will be set to the Done() value of
+// the context. This will overwrite the Cancel field's value.
+//
+// Go 1.7 and above:
+// The http.Request.WithContext will be used to set the context on the underlying
+// http.Request. This will create a shallow copy of the http.Request. The SDK
+// may create sub contexts in the future for nested requests such as retries.
+func (r *Request) SetContext(ctx aws.Context) {
+	if ctx == nil {
+		panic("context cannot be nil")
+	}
+	setRequestContext(r, ctx)
+}
+
+// WillRetry returns if the request's can be retried.
+func (r *Request) WillRetry() bool {
+	if !aws.IsReaderSeekable(r.Body) && r.HTTPRequest.Body != NoBody {
+		return false
+	}
+	return r.Error != nil && aws.BoolValue(r.Retryable) && r.RetryCount < r.MaxRetries()
+}
+
+func fmtAttemptCount(retryCount, maxRetries int) string {
+	return fmt.Sprintf("attempt %v/%v", retryCount, maxRetries)
+}
+
+// ParamsFilled returns if the request's parameters have been populated
+// and the parameters are valid. False is returned if no parameters are
+// provided or invalid.
+func (r *Request) ParamsFilled() bool {
+	return r.Params != nil && reflect.ValueOf(r.Params).Elem().IsValid()
+}
+
+// DataFilled returns true if the request's data for response deserialization
+// target has been set and is a valid. False is returned if data is not
+// set, or is invalid.
+func (r *Request) DataFilled() bool {
+	return r.Data != nil && reflect.ValueOf(r.Data).Elem().IsValid()
+}
+
+// SetBufferBody will set the request's body bytes that will be sent to
+// the service API.
+func (r *Request) SetBufferBody(buf []byte) {
+	r.SetReaderBody(bytes.NewReader(buf))
+}
+
+// SetStringBody sets the body of the request to be backed by a string.
+func (r *Request) SetStringBody(s string) {
+	r.SetReaderBody(strings.NewReader(s))
+}
+
+// SetReaderBody will set the request's body reader.
+func (r *Request) SetReaderBody(reader io.ReadSeeker) {
+	r.Body = reader
+
+	if aws.IsReaderSeekable(reader) {
+		var err error
+		// Get the Bodies current offset so retries will start from the same
+		// initial position.
+		r.BodyStart, err = reader.Seek(0, sdkio.SeekCurrent)
+		if err != nil {
+			r.Error = awserr.New(ErrCodeSerialization,
+				"failed to determine start of request body", err)
+			return
+		}
+	}
+	r.ResetBody()
+}
+
+// SetStreamingBody set the reader to be used for the request that will stream
+// bytes to the server. Request's Body must not be set to any reader.
+func (r *Request) SetStreamingBody(reader io.ReadCloser) {
+	r.streamingBody = reader
+	r.SetReaderBody(aws.ReadSeekCloser(reader))
+}
+
+// Presign returns the request's signed URL. Error will be returned
+// if the signing fails. The expire parameter is only used for presigned Amazon
+// S3 API requests. All other AWS services will use a fixed expiration
+// time of 15 minutes.
+//
+// It is invalid to create a presigned URL with a expire duration 0 or less. An
+// error is returned if expire duration is 0 or less.
+func (r *Request) Presign(expire time.Duration) (string, error) {
+	r = r.copy()
+
+	// Presign requires all headers be hoisted. There is no way to retrieve
+	// the signed headers not hoisted without this. Making the presigned URL
+	// useless.
+	r.NotHoist = false
+
+	u, _, err := getPresignedURL(r, expire)
+	return u, err
+}
+
+// PresignRequest behaves just like presign, with the addition of returning a
+// set of headers that were signed. The expire parameter is only used for
+// presigned Amazon S3 API requests. All other AWS services will use a fixed
+// expiration time of 15 minutes.
+//
+// It is invalid to create a presigned URL with a expire duration 0 or less. An
+// error is returned if expire duration is 0 or less.
+//
+// Returns the URL string for the API operation with signature in the query string,
+// and the HTTP headers that were included in the signature. These headers must
+// be included in any HTTP request made with the presigned URL.
+//
+// To prevent hoisting any headers to the query string set NotHoist to true on
+// this Request value prior to calling PresignRequest.
+func (r *Request) PresignRequest(expire time.Duration) (string, http.Header, error) {
+	r = r.copy()
+	return getPresignedURL(r, expire)
+}
+
+// IsPresigned returns true if the request represents a presigned API url.
+func (r *Request) IsPresigned() bool {
+	return r.ExpireTime != 0
+}
+
+func getPresignedURL(r *Request, expire time.Duration) (string, http.Header, error) {
+	if expire <= 0 {
+		return "", nil, awserr.New(
+			ErrCodeInvalidPresignExpire,
+			"presigned URL requires an expire duration greater than 0",
+			nil,
+		)
+	}
+
+	r.ExpireTime = expire
+
+	if r.Operation.BeforePresignFn != nil {
+		if err := r.Operation.BeforePresignFn(r); err != nil {
+			return "", nil, err
+		}
+	}
+
+	if err := r.Sign(); err != nil {
+		return "", nil, err
+	}
+
+	return r.HTTPRequest.URL.String(), r.SignedHeaderVals, nil
+}
+
+const (
+	notRetrying = "not retrying"
+)
+
+func debugLogReqError(r *Request, stage, retryStr string, err error) {
+	if !r.Config.LogLevel.Matches(aws.LogDebugWithRequestErrors) {
+		return
+	}
+
+	r.Config.Logger.Log(fmt.Sprintf("DEBUG: %s %s/%s failed, %s, error %v",
+		stage, r.ClientInfo.ServiceName, r.Operation.Name, retryStr, err))
+}
+
+// Build will build the request's object so it can be signed and sent
+// to the service. Build will also validate all the request's parameters.
+// Any additional build Handlers set on this request will be run
+// in the order they were set.
+//
+// The request will only be built once. Multiple calls to build will have
+// no effect.
+//
+// If any Validate or Build errors occur the build will stop and the error
+// which occurred will be returned.
+func (r *Request) Build() error {
+	if !r.built {
+		r.Handlers.Validate.Run(r)
+		if r.Error != nil {
+			debugLogReqError(r, "Validate Request", notRetrying, r.Error)
+			return r.Error
+		}
+		r.Handlers.Build.Run(r)
+		if r.Error != nil {
+			debugLogReqError(r, "Build Request", notRetrying, r.Error)
+			return r.Error
+		}
+		r.built = true
+	}
+
+	return r.Error
+}
+
+// Sign will sign the request, returning error if errors are encountered.
+//
+// Sign will build the request prior to signing. All Sign Handlers will
+// be executed in the order they were set.
+func (r *Request) Sign() error {
+	r.Build()
+	if r.Error != nil {
+		debugLogReqError(r, "Build Request", notRetrying, r.Error)
+		return r.Error
+	}
+
+	SanitizeHostForHeader(r.HTTPRequest)
+
+	r.Handlers.Sign.Run(r)
+	return r.Error
+}
+
+func (r *Request) getNextRequestBody() (body io.ReadCloser, err error) {
+	if r.streamingBody != nil {
+		return r.streamingBody, nil
+	}
+
+	if r.safeBody != nil {
+		r.safeBody.Close()
+	}
+
+	r.safeBody, err = newOffsetReader(r.Body, r.BodyStart)
+	if err != nil {
+		return nil, awserr.New(ErrCodeSerialization,
+			"failed to get next request body reader", err)
+	}
+
+	// Go 1.8 tightened and clarified the rules code needs to use when building
+	// requests with the http package. Go 1.8 removed the automatic detection
+	// of if the Request.Body was empty, or actually had bytes in it. The SDK
+	// always sets the Request.Body even if it is empty and should not actually
+	// be sent. This is incorrect.
+	//
+	// Go 1.8 did add a http.NoBody value that the SDK can use to tell the http
+	// client that the request really should be sent without a body. The
+	// Request.Body cannot be set to nil, which is preferable, because the
+	// field is exported and could introduce nil pointer dereferences for users
+	// of the SDK if they used that field.
+	//
+	// Related golang/go#18257
+	l, err := aws.SeekerLen(r.Body)
+	if err != nil {
+		return nil, awserr.New(ErrCodeSerialization,
+			"failed to compute request body size", err)
+	}
+
+	if l == 0 {
+		body = NoBody
+	} else if l > 0 {
+		body = r.safeBody
+	} else {
+		// Hack to prevent sending bodies for methods where the body
+		// should be ignored by the server. Sending bodies on these
+		// methods without an associated ContentLength will cause the
+		// request to socket timeout because the server does not handle
+		// Transfer-Encoding: chunked bodies for these methods.
+		//
+		// This would only happen if a aws.ReaderSeekerCloser was used with
+		// a io.Reader that was not also an io.Seeker, or did not implement
+		// Len() method.
+		switch r.Operation.HTTPMethod {
+		case "GET", "HEAD", "DELETE":
+			body = NoBody
+		default:
+			body = r.safeBody
+		}
+	}
+
+	return body, nil
+}
+
+// GetBody will return an io.ReadSeeker of the Request's underlying
+// input body with a concurrency safe wrapper.
+func (r *Request) GetBody() io.ReadSeeker {
+	return r.safeBody
+}
+
+// Send will send the request, returning error if errors are encountered.
+//
+// Send will sign the request prior to sending. All Send Handlers will
+// be executed in the order they were set.
+//
+// Canceling a request is non-deterministic. If a request has been canceled,
+// then the transport will choose, randomly, one of the state channels during
+// reads or getting the connection.
+//
+// readLoop() and getConn(req *Request, cm connectMethod)
+// https://github.com/golang/go/blob/master/src/net/http/transport.go
+//
+// Send will not close the request.Request's body.
+func (r *Request) Send() error {
+	defer func() {
+		// Ensure a non-nil HTTPResponse parameter is set to ensure handlers
+		// checking for HTTPResponse values, don't fail.
+		if r.HTTPResponse == nil {
+			r.HTTPResponse = &http.Response{
+				Header: http.Header{},
+				Body:   ioutil.NopCloser(&bytes.Buffer{}),
+			}
+		}
+		// Regardless of success or failure of the request trigger the Complete
+		// request handlers.
+		r.Handlers.Complete.Run(r)
+	}()
+
+	if err := r.Error; err != nil {
+		return err
+	}
+
+	for {
+		r.Error = nil
+		r.AttemptTime = time.Now()
+
+		if err := r.Sign(); err != nil {
+			debugLogReqError(r, "Sign Request", notRetrying, err)
+			return err
+		}
+
+		if err := r.sendRequest(); err == nil {
+			return nil
+		}
+		r.Handlers.Retry.Run(r)
+		r.Handlers.AfterRetry.Run(r)
+
+		if r.Error != nil || !aws.BoolValue(r.Retryable) {
+			return r.Error
+		}
+
+		if err := r.prepareRetry(); err != nil {
+			r.Error = err
+			return err
+		}
+	}
+}
+
+func (r *Request) prepareRetry() error {
+	if r.Config.LogLevel.Matches(aws.LogDebugWithRequestRetries) {
+		r.Config.Logger.Log(fmt.Sprintf("DEBUG: Retrying Request %s/%s, attempt %d",
+			r.ClientInfo.ServiceName, r.Operation.Name, r.RetryCount))
+	}
+
+	// The previous http.Request will have a reference to the r.Body
+	// and the HTTP Client's Transport may still be reading from
+	// the request's body even though the Client's Do returned.
+	r.HTTPRequest = copyHTTPRequest(r.HTTPRequest, nil)
+	r.ResetBody()
+	if err := r.Error; err != nil {
+		return awserr.New(ErrCodeSerialization,
+			"failed to prepare body for retry", err)
+
+	}
+
+	// Closing response body to ensure that no response body is leaked
+	// between retry attempts.
+	if r.HTTPResponse != nil && r.HTTPResponse.Body != nil {
+		r.HTTPResponse.Body.Close()
+	}
+
+	return nil
+}
+
+func (r *Request) sendRequest() (sendErr error) {
+	defer r.Handlers.CompleteAttempt.Run(r)
+
+	r.Retryable = nil
+	r.Handlers.Send.Run(r)
+	if r.Error != nil {
+		debugLogReqError(r, "Send Request",
+			fmtAttemptCount(r.RetryCount, r.MaxRetries()),
+			r.Error)
+		return r.Error
+	}
+
+	r.Handlers.UnmarshalMeta.Run(r)
+	r.Handlers.ValidateResponse.Run(r)
+	if r.Error != nil {
+		r.Handlers.UnmarshalError.Run(r)
+		debugLogReqError(r, "Validate Response",
+			fmtAttemptCount(r.RetryCount, r.MaxRetries()),
+			r.Error)
+		return r.Error
+	}
+
+	r.Handlers.Unmarshal.Run(r)
+	if r.Error != nil {
+		debugLogReqError(r, "Unmarshal Response",
+			fmtAttemptCount(r.RetryCount, r.MaxRetries()),
+			r.Error)
+		return r.Error
+	}
+
+	return nil
+}
+
+// copy will copy a request which will allow for local manipulation of the
+// request.
+func (r *Request) copy() *Request {
+	req := &Request{}
+	*req = *r
+	req.Handlers = r.Handlers.Copy()
+	op := *r.Operation
+	req.Operation = &op
+	return req
+}
+
+// AddToUserAgent adds the string to the end of the request's current user agent.
+func AddToUserAgent(r *Request, s string) {
+	curUA := r.HTTPRequest.Header.Get("User-Agent")
+	if len(curUA) > 0 {
+		s = curUA + " " + s
+	}
+	r.HTTPRequest.Header.Set("User-Agent", s)
+}
+
+// SanitizeHostForHeader removes default port from host and updates request.Host
+func SanitizeHostForHeader(r *http.Request) {
+	host := getHost(r)
+	port := portOnly(host)
+	if port != "" && isDefaultPort(r.URL.Scheme, port) {
+		r.Host = stripPort(host)
+	}
+}
+
+// Returns host from request
+func getHost(r *http.Request) string {
+	if r.Host != "" {
+		return r.Host
+	}
+
+	if r.URL == nil {
+		return ""
+	}
+
+	return r.URL.Host
+}
+
+// Hostname returns u.Host, without any port number.
+//
+// If Host is an IPv6 literal with a port number, Hostname returns the
+// IPv6 literal without the square brackets. IPv6 literals may include
+// a zone identifier.
+//
+// Copied from the Go 1.8 standard library (net/url)
+func stripPort(hostport string) string {
+	colon := strings.IndexByte(hostport, ':')
+	if colon == -1 {
+		return hostport
+	}
+	if i := strings.IndexByte(hostport, ']'); i != -1 {
+		return strings.TrimPrefix(hostport[:i], "[")
+	}
+	return hostport[:colon]
+}
+
+// Port returns the port part of u.Host, without the leading colon.
+// If u.Host doesn't contain a port, Port returns an empty string.
+//
+// Copied from the Go 1.8 standard library (net/url)
+func portOnly(hostport string) string {
+	colon := strings.IndexByte(hostport, ':')
+	if colon == -1 {
+		return ""
+	}
+	if i := strings.Index(hostport, "]:"); i != -1 {
+		return hostport[i+len("]:"):]
+	}
+	if strings.Contains(hostport, "]") {
+		return ""
+	}
+	return hostport[colon+len(":"):]
+}
+
+// Returns true if the specified URI is using the standard port
+// (i.e. port 80 for HTTP URIs or 443 for HTTPS URIs)
+func isDefaultPort(scheme, port string) bool {
+	if port == "" {
+		return true
+	}
+
+	lowerCaseScheme := strings.ToLower(scheme)
+	if (lowerCaseScheme == "http" && port == "80") || (lowerCaseScheme == "https" && port == "443") {
+		return true
+	}
+
+	return false
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/request/request_1_7.go b/vendor/github.com/aws/aws-sdk-go/aws/request/request_1_7.go
new file mode 100644
index 000000000..5921b8ff2
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/request/request_1_7.go
@@ -0,0 +1,40 @@
+//go:build !go1.8
+// +build !go1.8
+
+package request
+
+import "io"
+
+// NoBody is an io.ReadCloser with no bytes. Read always returns EOF
+// and Close always returns nil. It can be used in an outgoing client
+// request to explicitly signal that a request has zero bytes.
+// An alternative, however, is to simply set Request.Body to nil.
+//
+// Copy of Go 1.8 NoBody type from net/http/http.go
+type noBody struct{}
+
+func (noBody) Read([]byte) (int, error)         { return 0, io.EOF }
+func (noBody) Close() error                     { return nil }
+func (noBody) WriteTo(io.Writer) (int64, error) { return 0, nil }
+
+// NoBody is an empty reader that will trigger the Go HTTP client to not include
+// and body in the HTTP request.
+var NoBody = noBody{}
+
+// ResetBody rewinds the request body back to its starting position, and
+// sets the HTTP Request body reference. When the body is read prior
+// to being sent in the HTTP request it will need to be rewound.
+//
+// ResetBody will automatically be called by the SDK's build handler, but if
+// the request is being used directly ResetBody must be called before the request
+// is Sent.  SetStringBody, SetBufferBody, and SetReaderBody will automatically
+// call ResetBody.
+func (r *Request) ResetBody() {
+	body, err := r.getNextRequestBody()
+	if err != nil {
+		r.Error = err
+		return
+	}
+
+	r.HTTPRequest.Body = body
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/request/request_1_8.go b/vendor/github.com/aws/aws-sdk-go/aws/request/request_1_8.go
new file mode 100644
index 000000000..ea643c9c4
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/request/request_1_8.go
@@ -0,0 +1,37 @@
+//go:build go1.8
+// +build go1.8
+
+package request
+
+import (
+	"net/http"
+
+	"github.com/aws/aws-sdk-go/aws/awserr"
+)
+
+// NoBody is a http.NoBody reader instructing Go HTTP client to not include
+// and body in the HTTP request.
+var NoBody = http.NoBody
+
+// ResetBody rewinds the request body back to its starting position, and
+// sets the HTTP Request body reference. When the body is read prior
+// to being sent in the HTTP request it will need to be rewound.
+//
+// ResetBody will automatically be called by the SDK's build handler, but if
+// the request is being used directly ResetBody must be called before the request
+// is Sent.  SetStringBody, SetBufferBody, and SetReaderBody will automatically
+// call ResetBody.
+//
+// Will also set the Go 1.8's http.Request.GetBody member to allow retrying
+// PUT/POST redirects.
+func (r *Request) ResetBody() {
+	body, err := r.getNextRequestBody()
+	if err != nil {
+		r.Error = awserr.New(ErrCodeSerialization,
+			"failed to reset request body", err)
+		return
+	}
+
+	r.HTTPRequest.Body = body
+	r.HTTPRequest.GetBody = r.getNextRequestBody
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/request/request_context.go b/vendor/github.com/aws/aws-sdk-go/aws/request/request_context.go
new file mode 100644
index 000000000..d8c505302
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/request/request_context.go
@@ -0,0 +1,15 @@
+//go:build go1.7
+// +build go1.7
+
+package request
+
+import "github.com/aws/aws-sdk-go/aws"
+
+// setContext updates the Request to use the passed in context for cancellation.
+// Context will also be used for request retry delay.
+//
+// Creates shallow copy of the http.Request with the WithContext method.
+func setRequestContext(r *Request, ctx aws.Context) {
+	r.context = ctx
+	r.HTTPRequest = r.HTTPRequest.WithContext(ctx)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/request/request_context_1_6.go b/vendor/github.com/aws/aws-sdk-go/aws/request/request_context_1_6.go
new file mode 100644
index 000000000..49a243ef2
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/request/request_context_1_6.go
@@ -0,0 +1,15 @@
+//go:build !go1.7
+// +build !go1.7
+
+package request
+
+import "github.com/aws/aws-sdk-go/aws"
+
+// setContext updates the Request to use the passed in context for cancellation.
+// Context will also be used for request retry delay.
+//
+// Creates shallow copy of the http.Request with the WithContext method.
+func setRequestContext(r *Request, ctx aws.Context) {
+	r.context = ctx
+	r.HTTPRequest.Cancel = ctx.Done()
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/request/request_pagination.go b/vendor/github.com/aws/aws-sdk-go/aws/request/request_pagination.go
new file mode 100644
index 000000000..64784e16f
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/request/request_pagination.go
@@ -0,0 +1,266 @@
+package request
+
+import (
+	"reflect"
+	"sync/atomic"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/awsutil"
+)
+
+// A Pagination provides paginating of SDK API operations which are paginatable.
+// Generally you should not use this type directly, but use the "Pages" API
+// operations method to automatically perform pagination for you. Such as,
+// "S3.ListObjectsPages", and "S3.ListObjectsPagesWithContext" methods.
+//
+// Pagination differs from a Paginator type in that pagination is the type that
+// does the pagination between API operations, and Paginator defines the
+// configuration that will be used per page request.
+//
+//     for p.Next() {
+//         data := p.Page().(*s3.ListObjectsOutput)
+//         // process the page's data
+//         // ...
+//         // break out of loop to stop fetching additional pages
+//     }
+//
+//     return p.Err()
+//
+// See service client API operation Pages methods for examples how the SDK will
+// use the Pagination type.
+type Pagination struct {
+	// Function to return a Request value for each pagination request.
+	// Any configuration or handlers that need to be applied to the request
+	// prior to getting the next page should be done here before the request
+	// returned.
+	//
+	// NewRequest should always be built from the same API operations. It is
+	// undefined if different API operations are returned on subsequent calls.
+	NewRequest func() (*Request, error)
+	// EndPageOnSameToken, when enabled, will allow the paginator to stop on
+	// token that are the same as its previous tokens.
+	EndPageOnSameToken bool
+
+	started    bool
+	prevTokens []interface{}
+	nextTokens []interface{}
+
+	err     error
+	curPage interface{}
+}
+
+// HasNextPage will return true if Pagination is able to determine that the API
+// operation has additional pages. False will be returned if there are no more
+// pages remaining.
+//
+// Will always return true if Next has not been called yet.
+func (p *Pagination) HasNextPage() bool {
+	if !p.started {
+		return true
+	}
+
+	hasNextPage := len(p.nextTokens) != 0
+	if p.EndPageOnSameToken {
+		return hasNextPage && !awsutil.DeepEqual(p.nextTokens, p.prevTokens)
+	}
+	return hasNextPage
+}
+
+// Err returns the error Pagination encountered when retrieving the next page.
+func (p *Pagination) Err() error {
+	return p.err
+}
+
+// Page returns the current page. Page should only be called after a successful
+// call to Next. It is undefined what Page will return if Page is called after
+// Next returns false.
+func (p *Pagination) Page() interface{} {
+	return p.curPage
+}
+
+// Next will attempt to retrieve the next page for the API operation. When a page
+// is retrieved true will be returned. If the page cannot be retrieved, or there
+// are no more pages false will be returned.
+//
+// Use the Page method to retrieve the current page data. The data will need
+// to be cast to the API operation's output type.
+//
+// Use the Err method to determine if an error occurred if Page returns false.
+func (p *Pagination) Next() bool {
+	if !p.HasNextPage() {
+		return false
+	}
+
+	req, err := p.NewRequest()
+	if err != nil {
+		p.err = err
+		return false
+	}
+
+	if p.started {
+		for i, intok := range req.Operation.InputTokens {
+			awsutil.SetValueAtPath(req.Params, intok, p.nextTokens[i])
+		}
+	}
+	p.started = true
+
+	err = req.Send()
+	if err != nil {
+		p.err = err
+		return false
+	}
+
+	p.prevTokens = p.nextTokens
+	p.nextTokens = req.nextPageTokens()
+	p.curPage = req.Data
+
+	return true
+}
+
+// A Paginator is the configuration data that defines how an API operation
+// should be paginated. This type is used by the API service models to define
+// the generated pagination config for service APIs.
+//
+// The Pagination type is what provides iterating between pages of an API. It
+// is only used to store the token metadata the SDK should use for performing
+// pagination.
+type Paginator struct {
+	InputTokens     []string
+	OutputTokens    []string
+	LimitToken      string
+	TruncationToken string
+}
+
+// nextPageTokens returns the tokens to use when asking for the next page of data.
+func (r *Request) nextPageTokens() []interface{} {
+	if r.Operation.Paginator == nil {
+		return nil
+	}
+	if r.Operation.TruncationToken != "" {
+		tr, _ := awsutil.ValuesAtPath(r.Data, r.Operation.TruncationToken)
+		if len(tr) == 0 {
+			return nil
+		}
+
+		switch v := tr[0].(type) {
+		case *bool:
+			if !aws.BoolValue(v) {
+				return nil
+			}
+		case bool:
+			if !v {
+				return nil
+			}
+		}
+	}
+
+	tokens := []interface{}{}
+	tokenAdded := false
+	for _, outToken := range r.Operation.OutputTokens {
+		vs, _ := awsutil.ValuesAtPath(r.Data, outToken)
+		if len(vs) == 0 {
+			tokens = append(tokens, nil)
+			continue
+		}
+		v := vs[0]
+
+		switch tv := v.(type) {
+		case *string:
+			if len(aws.StringValue(tv)) == 0 {
+				tokens = append(tokens, nil)
+				continue
+			}
+		case string:
+			if len(tv) == 0 {
+				tokens = append(tokens, nil)
+				continue
+			}
+		}
+
+		tokenAdded = true
+		tokens = append(tokens, v)
+	}
+	if !tokenAdded {
+		return nil
+	}
+
+	return tokens
+}
+
+// Ensure a deprecated item is only logged once instead of each time its used.
+func logDeprecatedf(logger aws.Logger, flag *int32, msg string) {
+	if logger == nil {
+		return
+	}
+	if atomic.CompareAndSwapInt32(flag, 0, 1) {
+		logger.Log(msg)
+	}
+}
+
+var (
+	logDeprecatedHasNextPage int32
+	logDeprecatedNextPage    int32
+	logDeprecatedEachPage    int32
+)
+
+// HasNextPage returns true if this request has more pages of data available.
+//
+// Deprecated Use Pagination type for configurable pagination of API operations
+func (r *Request) HasNextPage() bool {
+	logDeprecatedf(r.Config.Logger, &logDeprecatedHasNextPage,
+		"Request.HasNextPage deprecated. Use Pagination type for configurable pagination of API operations")
+
+	return len(r.nextPageTokens()) > 0
+}
+
+// NextPage returns a new Request that can be executed to return the next
+// page of result data. Call .Send() on this request to execute it.
+//
+// Deprecated Use Pagination type for configurable pagination of API operations
+func (r *Request) NextPage() *Request {
+	logDeprecatedf(r.Config.Logger, &logDeprecatedNextPage,
+		"Request.NextPage deprecated. Use Pagination type for configurable pagination of API operations")
+
+	tokens := r.nextPageTokens()
+	if len(tokens) == 0 {
+		return nil
+	}
+
+	data := reflect.New(reflect.TypeOf(r.Data).Elem()).Interface()
+	nr := New(r.Config, r.ClientInfo, r.Handlers, r.Retryer, r.Operation, awsutil.CopyOf(r.Params), data)
+	for i, intok := range nr.Operation.InputTokens {
+		awsutil.SetValueAtPath(nr.Params, intok, tokens[i])
+	}
+	return nr
+}
+
+// EachPage iterates over each page of a paginated request object. The fn
+// parameter should be a function with the following sample signature:
+//
+//   func(page *T, lastPage bool) bool {
+//       return true // return false to stop iterating
+//   }
+//
+// Where "T" is the structure type matching the output structure of the given
+// operation. For example, a request object generated by
+// DynamoDB.ListTablesRequest() would expect to see dynamodb.ListTablesOutput
+// as the structure "T". The lastPage value represents whether the page is
+// the last page of data or not. The return value of this function should
+// return true to keep iterating or false to stop.
+//
+// Deprecated Use Pagination type for configurable pagination of API operations
+func (r *Request) EachPage(fn func(data interface{}, isLastPage bool) (shouldContinue bool)) error {
+	logDeprecatedf(r.Config.Logger, &logDeprecatedEachPage,
+		"Request.EachPage deprecated. Use Pagination type for configurable pagination of API operations")
+
+	for page := r; page != nil; page = page.NextPage() {
+		if err := page.Send(); err != nil {
+			return err
+		}
+		if getNextPage := fn(page.Data, !page.HasNextPage()); !getNextPage {
+			return page.Error
+		}
+	}
+
+	return nil
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/request/retryer.go b/vendor/github.com/aws/aws-sdk-go/aws/request/retryer.go
new file mode 100644
index 000000000..3f0001f91
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/request/retryer.go
@@ -0,0 +1,309 @@
+package request
+
+import (
+	"net"
+	"net/url"
+	"strings"
+	"time"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/awserr"
+)
+
+// Retryer provides the interface drive the SDK's request retry behavior. The
+// Retryer implementation is responsible for implementing exponential backoff,
+// and determine if a request API error should be retried.
+//
+// client.DefaultRetryer is the SDK's default implementation of the Retryer. It
+// uses the Request.IsErrorRetryable and Request.IsErrorThrottle methods to
+// determine if the request is retried.
+type Retryer interface {
+	// RetryRules return the retry delay that should be used by the SDK before
+	// making another request attempt for the failed request.
+	RetryRules(*Request) time.Duration
+
+	// ShouldRetry returns if the failed request is retryable.
+	//
+	// Implementations may consider request attempt count when determining if a
+	// request is retryable, but the SDK will use MaxRetries to limit the
+	// number of attempts a request are made.
+	ShouldRetry(*Request) bool
+
+	// MaxRetries is the number of times a request may be retried before
+	// failing.
+	MaxRetries() int
+}
+
+// WithRetryer sets a Retryer value to the given Config returning the Config
+// value for chaining. The value must not be nil.
+func WithRetryer(cfg *aws.Config, retryer Retryer) *aws.Config {
+	if retryer == nil {
+		if cfg.Logger != nil {
+			cfg.Logger.Log("ERROR: Request.WithRetryer called with nil retryer. Replacing with retry disabled Retryer.")
+		}
+		retryer = noOpRetryer{}
+	}
+	cfg.Retryer = retryer
+	return cfg
+
+}
+
+// noOpRetryer is a internal no op retryer used when a request is created
+// without a retryer.
+//
+// Provides a retryer that performs no retries.
+// It should be used when we do not want retries to be performed.
+type noOpRetryer struct{}
+
+// MaxRetries returns the number of maximum returns the service will use to make
+// an individual API; For NoOpRetryer the MaxRetries will always be zero.
+func (d noOpRetryer) MaxRetries() int {
+	return 0
+}
+
+// ShouldRetry will always return false for NoOpRetryer, as it should never retry.
+func (d noOpRetryer) ShouldRetry(_ *Request) bool {
+	return false
+}
+
+// RetryRules returns the delay duration before retrying this request again;
+// since NoOpRetryer does not retry, RetryRules always returns 0.
+func (d noOpRetryer) RetryRules(_ *Request) time.Duration {
+	return 0
+}
+
+// retryableCodes is a collection of service response codes which are retry-able
+// without any further action.
+var retryableCodes = map[string]struct{}{
+	ErrCodeRequestError:       {},
+	"RequestTimeout":          {},
+	ErrCodeResponseTimeout:    {},
+	"RequestTimeoutException": {}, // Glacier's flavor of RequestTimeout
+}
+
+var throttleCodes = map[string]struct{}{
+	"ProvisionedThroughputExceededException": {},
+	"ThrottledException":                     {}, // SNS, XRay, ResourceGroupsTagging API
+	"Throttling":                             {},
+	"ThrottlingException":                    {},
+	"RequestLimitExceeded":                   {},
+	"RequestThrottled":                       {},
+	"RequestThrottledException":              {},
+	"TooManyRequestsException":               {}, // Lambda functions
+	"PriorRequestNotComplete":                {}, // Route53
+	"TransactionInProgressException":         {},
+	"EC2ThrottledException":                  {}, // EC2
+}
+
+// credsExpiredCodes is a collection of error codes which signify the credentials
+// need to be refreshed. Expired tokens require refreshing of credentials, and
+// resigning before the request can be retried.
+var credsExpiredCodes = map[string]struct{}{
+	"ExpiredToken":          {},
+	"ExpiredTokenException": {},
+	"RequestExpired":        {}, // EC2 Only
+}
+
+func isCodeThrottle(code string) bool {
+	_, ok := throttleCodes[code]
+	return ok
+}
+
+func isCodeRetryable(code string) bool {
+	if _, ok := retryableCodes[code]; ok {
+		return true
+	}
+
+	return isCodeExpiredCreds(code)
+}
+
+func isCodeExpiredCreds(code string) bool {
+	_, ok := credsExpiredCodes[code]
+	return ok
+}
+
+var validParentCodes = map[string]struct{}{
+	ErrCodeSerialization: {},
+	ErrCodeRead:          {},
+}
+
+func isNestedErrorRetryable(parentErr awserr.Error) bool {
+	if parentErr == nil {
+		return false
+	}
+
+	if _, ok := validParentCodes[parentErr.Code()]; !ok {
+		return false
+	}
+
+	err := parentErr.OrigErr()
+	if err == nil {
+		return false
+	}
+
+	if aerr, ok := err.(awserr.Error); ok {
+		return isCodeRetryable(aerr.Code())
+	}
+
+	if t, ok := err.(temporary); ok {
+		return t.Temporary() || isErrConnectionReset(err)
+	}
+
+	return isErrConnectionReset(err)
+}
+
+// IsErrorRetryable returns whether the error is retryable, based on its Code.
+// Returns false if error is nil.
+func IsErrorRetryable(err error) bool {
+	if err == nil {
+		return false
+	}
+	return shouldRetryError(err)
+}
+
+type temporary interface {
+	Temporary() bool
+}
+
+func shouldRetryError(origErr error) bool {
+	switch err := origErr.(type) {
+	case awserr.Error:
+		if err.Code() == CanceledErrorCode {
+			return false
+		}
+		if isNestedErrorRetryable(err) {
+			return true
+		}
+
+		origErr := err.OrigErr()
+		var shouldRetry bool
+		if origErr != nil {
+			shouldRetry = shouldRetryError(origErr)
+			if err.Code() == ErrCodeRequestError && !shouldRetry {
+				return false
+			}
+		}
+		if isCodeRetryable(err.Code()) {
+			return true
+		}
+		return shouldRetry
+
+	case *url.Error:
+		if strings.Contains(err.Error(), "connection refused") {
+			// Refused connections should be retried as the service may not yet
+			// be running on the port. Go TCP dial considers refused
+			// connections as not temporary.
+			return true
+		}
+		// *url.Error only implements Temporary after golang 1.6 but since
+		// url.Error only wraps the error:
+		return shouldRetryError(err.Err)
+
+	case temporary:
+		if netErr, ok := err.(*net.OpError); ok && netErr.Op == "dial" {
+			return true
+		}
+		// If the error is temporary, we want to allow continuation of the
+		// retry process
+		return err.Temporary() || isErrConnectionReset(origErr)
+
+	case nil:
+		// `awserr.Error.OrigErr()` can be nil, meaning there was an error but
+		// because we don't know the cause, it is marked as retryable. See
+		// TestRequest4xxUnretryable for an example.
+		return true
+
+	default:
+		switch err.Error() {
+		case "net/http: request canceled",
+			"net/http: request canceled while waiting for connection":
+			// known 1.5 error case when an http request is cancelled
+			return false
+		}
+		// here we don't know the error; so we allow a retry.
+		return true
+	}
+}
+
+// IsErrorThrottle returns whether the error is to be throttled based on its code.
+// Returns false if error is nil.
+func IsErrorThrottle(err error) bool {
+	if aerr, ok := err.(awserr.Error); ok && aerr != nil {
+		return isCodeThrottle(aerr.Code())
+	}
+	return false
+}
+
+// IsErrorExpiredCreds returns whether the error code is a credential expiry
+// error. Returns false if error is nil.
+func IsErrorExpiredCreds(err error) bool {
+	if aerr, ok := err.(awserr.Error); ok && aerr != nil {
+		return isCodeExpiredCreds(aerr.Code())
+	}
+	return false
+}
+
+// IsErrorRetryable returns whether the error is retryable, based on its Code.
+// Returns false if the request has no Error set.
+//
+// Alias for the utility function IsErrorRetryable
+func (r *Request) IsErrorRetryable() bool {
+	if isErrCode(r.Error, r.RetryErrorCodes) {
+		return true
+	}
+
+	// HTTP response status code 501 should not be retried.
+	// 501 represents Not Implemented which means the request method is not
+	// supported by the server and cannot be handled.
+	if r.HTTPResponse != nil {
+		// HTTP response status code 500 represents internal server error and
+		// should be retried without any throttle.
+		if r.HTTPResponse.StatusCode == 500 {
+			return true
+		}
+	}
+	return IsErrorRetryable(r.Error)
+}
+
+// IsErrorThrottle returns whether the error is to be throttled based on its
+// code. Returns false if the request has no Error set.
+//
+// Alias for the utility function IsErrorThrottle
+func (r *Request) IsErrorThrottle() bool {
+	if isErrCode(r.Error, r.ThrottleErrorCodes) {
+		return true
+	}
+
+	if r.HTTPResponse != nil {
+		switch r.HTTPResponse.StatusCode {
+		case
+			429, // error caused due to too many requests
+			502, // Bad Gateway error should be throttled
+			503, // caused when service is unavailable
+			504: // error occurred due to gateway timeout
+			return true
+		}
+	}
+
+	return IsErrorThrottle(r.Error)
+}
+
+func isErrCode(err error, codes []string) bool {
+	if aerr, ok := err.(awserr.Error); ok && aerr != nil {
+		for _, code := range codes {
+			if code == aerr.Code() {
+				return true
+			}
+		}
+	}
+
+	return false
+}
+
+// IsErrorExpired returns whether the error code is a credential expiry error.
+// Returns false if the request has no Error set.
+//
+// Alias for the utility function IsErrorExpiredCreds
+func (r *Request) IsErrorExpired() bool {
+	return IsErrorExpiredCreds(r.Error)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/request/timeout_read_closer.go b/vendor/github.com/aws/aws-sdk-go/aws/request/timeout_read_closer.go
new file mode 100644
index 000000000..09a44eb98
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/request/timeout_read_closer.go
@@ -0,0 +1,94 @@
+package request
+
+import (
+	"io"
+	"time"
+
+	"github.com/aws/aws-sdk-go/aws/awserr"
+)
+
+var timeoutErr = awserr.New(
+	ErrCodeResponseTimeout,
+	"read on body has reached the timeout limit",
+	nil,
+)
+
+type readResult struct {
+	n   int
+	err error
+}
+
+// timeoutReadCloser will handle body reads that take too long.
+// We will return a ErrReadTimeout error if a timeout occurs.
+type timeoutReadCloser struct {
+	reader   io.ReadCloser
+	duration time.Duration
+}
+
+// Read will spin off a goroutine to call the reader's Read method. We will
+// select on the timer's channel or the read's channel. Whoever completes first
+// will be returned.
+func (r *timeoutReadCloser) Read(b []byte) (int, error) {
+	timer := time.NewTimer(r.duration)
+	c := make(chan readResult, 1)
+
+	go func() {
+		n, err := r.reader.Read(b)
+		timer.Stop()
+		c <- readResult{n: n, err: err}
+	}()
+
+	select {
+	case data := <-c:
+		return data.n, data.err
+	case <-timer.C:
+		return 0, timeoutErr
+	}
+}
+
+func (r *timeoutReadCloser) Close() error {
+	return r.reader.Close()
+}
+
+const (
+	// HandlerResponseTimeout is what we use to signify the name of the
+	// response timeout handler.
+	HandlerResponseTimeout = "ResponseTimeoutHandler"
+)
+
+// adaptToResponseTimeoutError is a handler that will replace any top level error
+// to a ErrCodeResponseTimeout, if its child is that.
+func adaptToResponseTimeoutError(req *Request) {
+	if err, ok := req.Error.(awserr.Error); ok {
+		aerr, ok := err.OrigErr().(awserr.Error)
+		if ok && aerr.Code() == ErrCodeResponseTimeout {
+			req.Error = aerr
+		}
+	}
+}
+
+// WithResponseReadTimeout is a request option that will wrap the body in a timeout read closer.
+// This will allow for per read timeouts. If a timeout occurred, we will return the
+// ErrCodeResponseTimeout.
+//
+//     svc.PutObjectWithContext(ctx, params, request.WithTimeoutReadCloser(30 * time.Second)
+func WithResponseReadTimeout(duration time.Duration) Option {
+	return func(r *Request) {
+
+		var timeoutHandler = NamedHandler{
+			HandlerResponseTimeout,
+			func(req *Request) {
+				req.HTTPResponse.Body = &timeoutReadCloser{
+					reader:   req.HTTPResponse.Body,
+					duration: duration,
+				}
+			}}
+
+		// remove the handler so we are not stomping over any new durations.
+		r.Handlers.Send.RemoveByName(HandlerResponseTimeout)
+		r.Handlers.Send.PushBackNamed(timeoutHandler)
+
+		r.Handlers.Unmarshal.PushBack(adaptToResponseTimeoutError)
+		r.Handlers.UnmarshalError.PushBack(adaptToResponseTimeoutError)
+	}
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/request/validation.go b/vendor/github.com/aws/aws-sdk-go/aws/request/validation.go
new file mode 100644
index 000000000..8630683f3
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/request/validation.go
@@ -0,0 +1,286 @@
+package request
+
+import (
+	"bytes"
+	"fmt"
+
+	"github.com/aws/aws-sdk-go/aws/awserr"
+)
+
+const (
+	// InvalidParameterErrCode is the error code for invalid parameters errors
+	InvalidParameterErrCode = "InvalidParameter"
+	// ParamRequiredErrCode is the error code for required parameter errors
+	ParamRequiredErrCode = "ParamRequiredError"
+	// ParamMinValueErrCode is the error code for fields with too low of a
+	// number value.
+	ParamMinValueErrCode = "ParamMinValueError"
+	// ParamMinLenErrCode is the error code for fields without enough elements.
+	ParamMinLenErrCode = "ParamMinLenError"
+	// ParamMaxLenErrCode is the error code for value being too long.
+	ParamMaxLenErrCode = "ParamMaxLenError"
+
+	// ParamFormatErrCode is the error code for a field with invalid
+	// format or characters.
+	ParamFormatErrCode = "ParamFormatInvalidError"
+)
+
+// Validator provides a way for types to perform validation logic on their
+// input values that external code can use to determine if a type's values
+// are valid.
+type Validator interface {
+	Validate() error
+}
+
+// An ErrInvalidParams provides wrapping of invalid parameter errors found when
+// validating API operation input parameters.
+type ErrInvalidParams struct {
+	// Context is the base context of the invalid parameter group.
+	Context string
+	errs    []ErrInvalidParam
+}
+
+// Add adds a new invalid parameter error to the collection of invalid
+// parameters. The context of the invalid parameter will be updated to reflect
+// this collection.
+func (e *ErrInvalidParams) Add(err ErrInvalidParam) {
+	err.SetContext(e.Context)
+	e.errs = append(e.errs, err)
+}
+
+// AddNested adds the invalid parameter errors from another ErrInvalidParams
+// value into this collection. The nested errors will have their nested context
+// updated and base context to reflect the merging.
+//
+// Use for nested validations errors.
+func (e *ErrInvalidParams) AddNested(nestedCtx string, nested ErrInvalidParams) {
+	for _, err := range nested.errs {
+		err.SetContext(e.Context)
+		err.AddNestedContext(nestedCtx)
+		e.errs = append(e.errs, err)
+	}
+}
+
+// Len returns the number of invalid parameter errors
+func (e ErrInvalidParams) Len() int {
+	return len(e.errs)
+}
+
+// Code returns the code of the error
+func (e ErrInvalidParams) Code() string {
+	return InvalidParameterErrCode
+}
+
+// Message returns the message of the error
+func (e ErrInvalidParams) Message() string {
+	return fmt.Sprintf("%d validation error(s) found.", len(e.errs))
+}
+
+// Error returns the string formatted form of the invalid parameters.
+func (e ErrInvalidParams) Error() string {
+	w := &bytes.Buffer{}
+	fmt.Fprintf(w, "%s: %s\n", e.Code(), e.Message())
+
+	for _, err := range e.errs {
+		fmt.Fprintf(w, "- %s\n", err.Message())
+	}
+
+	return w.String()
+}
+
+// OrigErr returns the invalid parameters as a awserr.BatchedErrors value
+func (e ErrInvalidParams) OrigErr() error {
+	return awserr.NewBatchError(
+		InvalidParameterErrCode, e.Message(), e.OrigErrs())
+}
+
+// OrigErrs returns a slice of the invalid parameters
+func (e ErrInvalidParams) OrigErrs() []error {
+	errs := make([]error, len(e.errs))
+	for i := 0; i < len(errs); i++ {
+		errs[i] = e.errs[i]
+	}
+
+	return errs
+}
+
+// An ErrInvalidParam represents an invalid parameter error type.
+type ErrInvalidParam interface {
+	awserr.Error
+
+	// Field name the error occurred on.
+	Field() string
+
+	// SetContext updates the context of the error.
+	SetContext(string)
+
+	// AddNestedContext updates the error's context to include a nested level.
+	AddNestedContext(string)
+}
+
+type errInvalidParam struct {
+	context       string
+	nestedContext string
+	field         string
+	code          string
+	msg           string
+}
+
+// Code returns the error code for the type of invalid parameter.
+func (e *errInvalidParam) Code() string {
+	return e.code
+}
+
+// Message returns the reason the parameter was invalid, and its context.
+func (e *errInvalidParam) Message() string {
+	return fmt.Sprintf("%s, %s.", e.msg, e.Field())
+}
+
+// Error returns the string version of the invalid parameter error.
+func (e *errInvalidParam) Error() string {
+	return fmt.Sprintf("%s: %s", e.code, e.Message())
+}
+
+// OrigErr returns nil, Implemented for awserr.Error interface.
+func (e *errInvalidParam) OrigErr() error {
+	return nil
+}
+
+// Field Returns the field and context the error occurred.
+func (e *errInvalidParam) Field() string {
+	field := e.context
+	if len(field) > 0 {
+		field += "."
+	}
+	if len(e.nestedContext) > 0 {
+		field += fmt.Sprintf("%s.", e.nestedContext)
+	}
+	field += e.field
+
+	return field
+}
+
+// SetContext updates the base context of the error.
+func (e *errInvalidParam) SetContext(ctx string) {
+	e.context = ctx
+}
+
+// AddNestedContext prepends a context to the field's path.
+func (e *errInvalidParam) AddNestedContext(ctx string) {
+	if len(e.nestedContext) == 0 {
+		e.nestedContext = ctx
+	} else {
+		e.nestedContext = fmt.Sprintf("%s.%s", ctx, e.nestedContext)
+	}
+
+}
+
+// An ErrParamRequired represents an required parameter error.
+type ErrParamRequired struct {
+	errInvalidParam
+}
+
+// NewErrParamRequired creates a new required parameter error.
+func NewErrParamRequired(field string) *ErrParamRequired {
+	return &ErrParamRequired{
+		errInvalidParam{
+			code:  ParamRequiredErrCode,
+			field: field,
+			msg:   fmt.Sprintf("missing required field"),
+		},
+	}
+}
+
+// An ErrParamMinValue represents a minimum value parameter error.
+type ErrParamMinValue struct {
+	errInvalidParam
+	min float64
+}
+
+// NewErrParamMinValue creates a new minimum value parameter error.
+func NewErrParamMinValue(field string, min float64) *ErrParamMinValue {
+	return &ErrParamMinValue{
+		errInvalidParam: errInvalidParam{
+			code:  ParamMinValueErrCode,
+			field: field,
+			msg:   fmt.Sprintf("minimum field value of %v", min),
+		},
+		min: min,
+	}
+}
+
+// MinValue returns the field's require minimum value.
+//
+// float64 is returned for both int and float min values.
+func (e *ErrParamMinValue) MinValue() float64 {
+	return e.min
+}
+
+// An ErrParamMinLen represents a minimum length parameter error.
+type ErrParamMinLen struct {
+	errInvalidParam
+	min int
+}
+
+// NewErrParamMinLen creates a new minimum length parameter error.
+func NewErrParamMinLen(field string, min int) *ErrParamMinLen {
+	return &ErrParamMinLen{
+		errInvalidParam: errInvalidParam{
+			code:  ParamMinLenErrCode,
+			field: field,
+			msg:   fmt.Sprintf("minimum field size of %v", min),
+		},
+		min: min,
+	}
+}
+
+// MinLen returns the field's required minimum length.
+func (e *ErrParamMinLen) MinLen() int {
+	return e.min
+}
+
+// An ErrParamMaxLen represents a maximum length parameter error.
+type ErrParamMaxLen struct {
+	errInvalidParam
+	max int
+}
+
+// NewErrParamMaxLen creates a new maximum length parameter error.
+func NewErrParamMaxLen(field string, max int, value string) *ErrParamMaxLen {
+	return &ErrParamMaxLen{
+		errInvalidParam: errInvalidParam{
+			code:  ParamMaxLenErrCode,
+			field: field,
+			msg:   fmt.Sprintf("maximum size of %v, %v", max, value),
+		},
+		max: max,
+	}
+}
+
+// MaxLen returns the field's required minimum length.
+func (e *ErrParamMaxLen) MaxLen() int {
+	return e.max
+}
+
+// An ErrParamFormat represents a invalid format parameter error.
+type ErrParamFormat struct {
+	errInvalidParam
+	format string
+}
+
+// NewErrParamFormat creates a new invalid format parameter error.
+func NewErrParamFormat(field string, format, value string) *ErrParamFormat {
+	return &ErrParamFormat{
+		errInvalidParam: errInvalidParam{
+			code:  ParamFormatErrCode,
+			field: field,
+			msg:   fmt.Sprintf("format %v, %v", format, value),
+		},
+		format: format,
+	}
+}
+
+// Format returns the field's required format.
+func (e *ErrParamFormat) Format() string {
+	return e.format
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/request/waiter.go b/vendor/github.com/aws/aws-sdk-go/aws/request/waiter.go
new file mode 100644
index 000000000..4601f883c
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/request/waiter.go
@@ -0,0 +1,295 @@
+package request
+
+import (
+	"fmt"
+	"time"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/awserr"
+	"github.com/aws/aws-sdk-go/aws/awsutil"
+)
+
+// WaiterResourceNotReadyErrorCode is the error code returned by a waiter when
+// the waiter's max attempts have been exhausted.
+const WaiterResourceNotReadyErrorCode = "ResourceNotReady"
+
+// A WaiterOption is a function that will update the Waiter value's fields to
+// configure the waiter.
+type WaiterOption func(*Waiter)
+
+// WithWaiterMaxAttempts returns the maximum number of times the waiter should
+// attempt to check the resource for the target state.
+func WithWaiterMaxAttempts(max int) WaiterOption {
+	return func(w *Waiter) {
+		w.MaxAttempts = max
+	}
+}
+
+// WaiterDelay will return a delay the waiter should pause between attempts to
+// check the resource state. The passed in attempt is the number of times the
+// Waiter has checked the resource state.
+//
+// Attempt is the number of attempts the Waiter has made checking the resource
+// state.
+type WaiterDelay func(attempt int) time.Duration
+
+// ConstantWaiterDelay returns a WaiterDelay that will always return a constant
+// delay the waiter should use between attempts. It ignores the number of
+// attempts made.
+func ConstantWaiterDelay(delay time.Duration) WaiterDelay {
+	return func(attempt int) time.Duration {
+		return delay
+	}
+}
+
+// WithWaiterDelay will set the Waiter to use the WaiterDelay passed in.
+func WithWaiterDelay(delayer WaiterDelay) WaiterOption {
+	return func(w *Waiter) {
+		w.Delay = delayer
+	}
+}
+
+// WithWaiterLogger returns a waiter option to set the logger a waiter
+// should use to log warnings and errors to.
+func WithWaiterLogger(logger aws.Logger) WaiterOption {
+	return func(w *Waiter) {
+		w.Logger = logger
+	}
+}
+
+// WithWaiterRequestOptions returns a waiter option setting the request
+// options for each request the waiter makes. Appends to waiter's request
+// options already set.
+func WithWaiterRequestOptions(opts ...Option) WaiterOption {
+	return func(w *Waiter) {
+		w.RequestOptions = append(w.RequestOptions, opts...)
+	}
+}
+
+// A Waiter provides the functionality to perform a blocking call which will
+// wait for a resource state to be satisfied by a service.
+//
+// This type should not be used directly. The API operations provided in the
+// service packages prefixed with "WaitUntil" should be used instead.
+type Waiter struct {
+	Name      string
+	Acceptors []WaiterAcceptor
+	Logger    aws.Logger
+
+	MaxAttempts int
+	Delay       WaiterDelay
+
+	RequestOptions   []Option
+	NewRequest       func([]Option) (*Request, error)
+	SleepWithContext func(aws.Context, time.Duration) error
+}
+
+// ApplyOptions updates the waiter with the list of waiter options provided.
+func (w *Waiter) ApplyOptions(opts ...WaiterOption) {
+	for _, fn := range opts {
+		fn(w)
+	}
+}
+
+// WaiterState are states the waiter uses based on WaiterAcceptor definitions
+// to identify if the resource state the waiter is waiting on has occurred.
+type WaiterState int
+
+// String returns the string representation of the waiter state.
+func (s WaiterState) String() string {
+	switch s {
+	case SuccessWaiterState:
+		return "success"
+	case FailureWaiterState:
+		return "failure"
+	case RetryWaiterState:
+		return "retry"
+	default:
+		return "unknown waiter state"
+	}
+}
+
+// States the waiter acceptors will use to identify target resource states.
+const (
+	SuccessWaiterState WaiterState = iota // waiter successful
+	FailureWaiterState                    // waiter failed
+	RetryWaiterState                      // waiter needs to be retried
+)
+
+// WaiterMatchMode is the mode that the waiter will use to match the WaiterAcceptor
+// definition's Expected attribute.
+type WaiterMatchMode int
+
+// Modes the waiter will use when inspecting API response to identify target
+// resource states.
+const (
+	PathAllWaiterMatch  WaiterMatchMode = iota // match on all paths
+	PathWaiterMatch                            // match on specific path
+	PathAnyWaiterMatch                         // match on any path
+	PathListWaiterMatch                        // match on list of paths
+	StatusWaiterMatch                          // match on status code
+	ErrorWaiterMatch                           // match on error
+)
+
+// String returns the string representation of the waiter match mode.
+func (m WaiterMatchMode) String() string {
+	switch m {
+	case PathAllWaiterMatch:
+		return "pathAll"
+	case PathWaiterMatch:
+		return "path"
+	case PathAnyWaiterMatch:
+		return "pathAny"
+	case PathListWaiterMatch:
+		return "pathList"
+	case StatusWaiterMatch:
+		return "status"
+	case ErrorWaiterMatch:
+		return "error"
+	default:
+		return "unknown waiter match mode"
+	}
+}
+
+// WaitWithContext will make requests for the API operation using NewRequest to
+// build API requests. The request's response will be compared against the
+// Waiter's Acceptors to determine the successful state of the resource the
+// waiter is inspecting.
+//
+// The passed in context must not be nil. If it is nil a panic will occur. The
+// Context will be used to cancel the waiter's pending requests and retry delays.
+// Use aws.BackgroundContext if no context is available.
+//
+// The waiter will continue until the target state defined by the Acceptors,
+// or the max attempts expires.
+//
+// Will return the WaiterResourceNotReadyErrorCode error code if the waiter's
+// retryer ShouldRetry returns false. This normally will happen when the max
+// wait attempts expires.
+func (w Waiter) WaitWithContext(ctx aws.Context) error {
+
+	for attempt := 1; ; attempt++ {
+		req, err := w.NewRequest(w.RequestOptions)
+		if err != nil {
+			waiterLogf(w.Logger, "unable to create request %v", err)
+			return err
+		}
+		req.Handlers.Build.PushBack(MakeAddToUserAgentFreeFormHandler("Waiter"))
+		err = req.Send()
+
+		// See if any of the acceptors match the request's response, or error
+		for _, a := range w.Acceptors {
+			if matched, matchErr := a.match(w.Name, w.Logger, req, err); matched {
+				return matchErr
+			}
+		}
+
+		// The Waiter should only check the resource state MaxAttempts times
+		// This is here instead of in the for loop above to prevent delaying
+		// unnecessary when the waiter will not retry.
+		if attempt == w.MaxAttempts {
+			break
+		}
+
+		// Delay to wait before inspecting the resource again
+		delay := w.Delay(attempt)
+		if sleepFn := req.Config.SleepDelay; sleepFn != nil {
+			// Support SleepDelay for backwards compatibility and testing
+			sleepFn(delay)
+		} else {
+			sleepCtxFn := w.SleepWithContext
+			if sleepCtxFn == nil {
+				sleepCtxFn = aws.SleepWithContext
+			}
+
+			if err := sleepCtxFn(ctx, delay); err != nil {
+				return awserr.New(CanceledErrorCode, "waiter context canceled", err)
+			}
+		}
+	}
+
+	return awserr.New(WaiterResourceNotReadyErrorCode, "exceeded wait attempts", nil)
+}
+
+// A WaiterAcceptor provides the information needed to wait for an API operation
+// to complete.
+type WaiterAcceptor struct {
+	State    WaiterState
+	Matcher  WaiterMatchMode
+	Argument string
+	Expected interface{}
+}
+
+// match returns if the acceptor found a match with the passed in request
+// or error. True is returned if the acceptor made a match, error is returned
+// if there was an error attempting to perform the match.
+func (a *WaiterAcceptor) match(name string, l aws.Logger, req *Request, err error) (bool, error) {
+	result := false
+	var vals []interface{}
+
+	switch a.Matcher {
+	case PathAllWaiterMatch, PathWaiterMatch:
+		// Require all matches to be equal for result to match
+		vals, _ = awsutil.ValuesAtPath(req.Data, a.Argument)
+		if len(vals) == 0 {
+			break
+		}
+		result = true
+		for _, val := range vals {
+			if !awsutil.DeepEqual(val, a.Expected) {
+				result = false
+				break
+			}
+		}
+	case PathAnyWaiterMatch:
+		// Only a single match needs to equal for the result to match
+		vals, _ = awsutil.ValuesAtPath(req.Data, a.Argument)
+		for _, val := range vals {
+			if awsutil.DeepEqual(val, a.Expected) {
+				result = true
+				break
+			}
+		}
+	case PathListWaiterMatch:
+		// ignored matcher
+	case StatusWaiterMatch:
+		s := a.Expected.(int)
+		result = s == req.HTTPResponse.StatusCode
+	case ErrorWaiterMatch:
+		if aerr, ok := err.(awserr.Error); ok {
+			result = aerr.Code() == a.Expected.(string)
+		}
+	default:
+		waiterLogf(l, "WARNING: Waiter %s encountered unexpected matcher: %s",
+			name, a.Matcher)
+	}
+
+	if !result {
+		// If there was no matching result found there is nothing more to do
+		// for this response, retry the request.
+		return false, nil
+	}
+
+	switch a.State {
+	case SuccessWaiterState:
+		// waiter completed
+		return true, nil
+	case FailureWaiterState:
+		// Waiter failure state triggered
+		return true, awserr.New(WaiterResourceNotReadyErrorCode,
+			"failed waiting for successful resource state", err)
+	case RetryWaiterState:
+		// clear the error and retry the operation
+		return false, nil
+	default:
+		waiterLogf(l, "WARNING: Waiter %s encountered unexpected state: %s",
+			name, a.State)
+		return false, nil
+	}
+}
+
+func waiterLogf(logger aws.Logger, msg string, args ...interface{}) {
+	if logger != nil {
+		logger.Log(fmt.Sprintf(msg, args...))
+	}
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/session/credentials.go b/vendor/github.com/aws/aws-sdk-go/aws/session/credentials.go
new file mode 100644
index 000000000..1d3f4c3ad
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/session/credentials.go
@@ -0,0 +1,303 @@
+package session
+
+import (
+	"fmt"
+	"os"
+	"time"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/awserr"
+	"github.com/aws/aws-sdk-go/aws/credentials"
+	"github.com/aws/aws-sdk-go/aws/credentials/processcreds"
+	"github.com/aws/aws-sdk-go/aws/credentials/ssocreds"
+	"github.com/aws/aws-sdk-go/aws/credentials/stscreds"
+	"github.com/aws/aws-sdk-go/aws/defaults"
+	"github.com/aws/aws-sdk-go/aws/request"
+	"github.com/aws/aws-sdk-go/internal/shareddefaults"
+	"github.com/aws/aws-sdk-go/service/sts"
+)
+
+// CredentialsProviderOptions specifies additional options for configuring
+// credentials providers.
+type CredentialsProviderOptions struct {
+	// WebIdentityRoleProviderOptions configures a WebIdentityRoleProvider,
+	// such as setting its ExpiryWindow.
+	WebIdentityRoleProviderOptions func(*stscreds.WebIdentityRoleProvider)
+}
+
+func resolveCredentials(cfg *aws.Config,
+	envCfg envConfig, sharedCfg sharedConfig,
+	handlers request.Handlers,
+	sessOpts Options,
+) (*credentials.Credentials, error) {
+
+	switch {
+	case len(sessOpts.Profile) != 0:
+		// User explicitly provided an Profile in the session's configuration
+		// so load that profile from shared config first.
+		// Github(aws/aws-sdk-go#2727)
+		return resolveCredsFromProfile(cfg, envCfg, sharedCfg, handlers, sessOpts)
+
+	case envCfg.Creds.HasKeys():
+		// Environment credentials
+		return credentials.NewStaticCredentialsFromCreds(envCfg.Creds), nil
+
+	case len(envCfg.WebIdentityTokenFilePath) != 0:
+		// Web identity token from environment, RoleARN required to also be
+		// set.
+		return assumeWebIdentity(cfg, handlers,
+			envCfg.WebIdentityTokenFilePath,
+			envCfg.RoleARN,
+			envCfg.RoleSessionName,
+			sessOpts.CredentialsProviderOptions,
+		)
+
+	default:
+		// Fallback to the "default" credential resolution chain.
+		return resolveCredsFromProfile(cfg, envCfg, sharedCfg, handlers, sessOpts)
+	}
+}
+
+// WebIdentityEmptyRoleARNErr will occur if 'AWS_WEB_IDENTITY_TOKEN_FILE' was set but
+// 'AWS_ROLE_ARN' was not set.
+var WebIdentityEmptyRoleARNErr = awserr.New(stscreds.ErrCodeWebIdentity, "role ARN is not set", nil)
+
+// WebIdentityEmptyTokenFilePathErr will occur if 'AWS_ROLE_ARN' was set but
+// 'AWS_WEB_IDENTITY_TOKEN_FILE' was not set.
+var WebIdentityEmptyTokenFilePathErr = awserr.New(stscreds.ErrCodeWebIdentity, "token file path is not set", nil)
+
+func assumeWebIdentity(cfg *aws.Config, handlers request.Handlers,
+	filepath string,
+	roleARN, sessionName string,
+	credOptions *CredentialsProviderOptions,
+) (*credentials.Credentials, error) {
+
+	if len(filepath) == 0 {
+		return nil, WebIdentityEmptyTokenFilePathErr
+	}
+
+	if len(roleARN) == 0 {
+		return nil, WebIdentityEmptyRoleARNErr
+	}
+
+	svc := sts.New(&Session{
+		Config:   cfg,
+		Handlers: handlers.Copy(),
+	})
+
+	var optFns []func(*stscreds.WebIdentityRoleProvider)
+	if credOptions != nil && credOptions.WebIdentityRoleProviderOptions != nil {
+		optFns = append(optFns, credOptions.WebIdentityRoleProviderOptions)
+	}
+
+	p := stscreds.NewWebIdentityRoleProviderWithOptions(svc, roleARN, sessionName, stscreds.FetchTokenPath(filepath), optFns...)
+	return credentials.NewCredentials(p), nil
+}
+
+func resolveCredsFromProfile(cfg *aws.Config,
+	envCfg envConfig, sharedCfg sharedConfig,
+	handlers request.Handlers,
+	sessOpts Options,
+) (creds *credentials.Credentials, err error) {
+
+	switch {
+	case sharedCfg.SourceProfile != nil:
+		// Assume IAM role with credentials source from a different profile.
+		creds, err = resolveCredsFromProfile(cfg, envCfg,
+			*sharedCfg.SourceProfile, handlers, sessOpts,
+		)
+
+	case sharedCfg.Creds.HasKeys():
+		// Static Credentials from Shared Config/Credentials file.
+		creds = credentials.NewStaticCredentialsFromCreds(
+			sharedCfg.Creds,
+		)
+
+	case len(sharedCfg.CredentialSource) != 0:
+		creds, err = resolveCredsFromSource(cfg, envCfg,
+			sharedCfg, handlers, sessOpts,
+		)
+
+	case len(sharedCfg.WebIdentityTokenFile) != 0:
+		// Credentials from Assume Web Identity token require an IAM Role, and
+		// that roll will be assumed. May be wrapped with another assume role
+		// via SourceProfile.
+		return assumeWebIdentity(cfg, handlers,
+			sharedCfg.WebIdentityTokenFile,
+			sharedCfg.RoleARN,
+			sharedCfg.RoleSessionName,
+			sessOpts.CredentialsProviderOptions,
+		)
+
+	case sharedCfg.hasSSOConfiguration():
+		creds, err = resolveSSOCredentials(cfg, sharedCfg, handlers)
+
+	case len(sharedCfg.CredentialProcess) != 0:
+		// Get credentials from CredentialProcess
+		creds = processcreds.NewCredentials(sharedCfg.CredentialProcess)
+
+	default:
+		// Fallback to default credentials provider, include mock errors for
+		// the credential chain so user can identify why credentials failed to
+		// be retrieved.
+		creds = credentials.NewCredentials(&credentials.ChainProvider{
+			VerboseErrors: aws.BoolValue(cfg.CredentialsChainVerboseErrors),
+			Providers: []credentials.Provider{
+				&credProviderError{
+					Err: awserr.New("EnvAccessKeyNotFound",
+						"failed to find credentials in the environment.", nil),
+				},
+				&credProviderError{
+					Err: awserr.New("SharedCredsLoad",
+						fmt.Sprintf("failed to load profile, %s.", envCfg.Profile), nil),
+				},
+				defaults.RemoteCredProvider(*cfg, handlers),
+			},
+		})
+	}
+	if err != nil {
+		return nil, err
+	}
+
+	if len(sharedCfg.RoleARN) > 0 {
+		cfgCp := *cfg
+		cfgCp.Credentials = creds
+		return credsFromAssumeRole(cfgCp, handlers, sharedCfg, sessOpts)
+	}
+
+	return creds, nil
+}
+
+func resolveSSOCredentials(cfg *aws.Config, sharedCfg sharedConfig, handlers request.Handlers) (*credentials.Credentials, error) {
+	if err := sharedCfg.validateSSOConfiguration(); err != nil {
+		return nil, err
+	}
+
+	cfgCopy := cfg.Copy()
+	cfgCopy.Region = &sharedCfg.SSORegion
+
+	return ssocreds.NewCredentials(
+		&Session{
+			Config:   cfgCopy,
+			Handlers: handlers.Copy(),
+		},
+		sharedCfg.SSOAccountID,
+		sharedCfg.SSORoleName,
+		sharedCfg.SSOStartURL,
+	), nil
+}
+
+// valid credential source values
+const (
+	credSourceEc2Metadata  = "Ec2InstanceMetadata"
+	credSourceEnvironment  = "Environment"
+	credSourceECSContainer = "EcsContainer"
+)
+
+func resolveCredsFromSource(cfg *aws.Config,
+	envCfg envConfig, sharedCfg sharedConfig,
+	handlers request.Handlers,
+	sessOpts Options,
+) (creds *credentials.Credentials, err error) {
+
+	switch sharedCfg.CredentialSource {
+	case credSourceEc2Metadata:
+		p := defaults.RemoteCredProvider(*cfg, handlers)
+		creds = credentials.NewCredentials(p)
+
+	case credSourceEnvironment:
+		creds = credentials.NewStaticCredentialsFromCreds(envCfg.Creds)
+
+	case credSourceECSContainer:
+		if len(os.Getenv(shareddefaults.ECSCredsProviderEnvVar)) == 0 {
+			return nil, ErrSharedConfigECSContainerEnvVarEmpty
+		}
+
+		p := defaults.RemoteCredProvider(*cfg, handlers)
+		creds = credentials.NewCredentials(p)
+
+	default:
+		return nil, ErrSharedConfigInvalidCredSource
+	}
+
+	return creds, nil
+}
+
+func credsFromAssumeRole(cfg aws.Config,
+	handlers request.Handlers,
+	sharedCfg sharedConfig,
+	sessOpts Options,
+) (*credentials.Credentials, error) {
+
+	if len(sharedCfg.MFASerial) != 0 && sessOpts.AssumeRoleTokenProvider == nil {
+		// AssumeRole Token provider is required if doing Assume Role
+		// with MFA.
+		return nil, AssumeRoleTokenProviderNotSetError{}
+	}
+
+	return stscreds.NewCredentials(
+		&Session{
+			Config:   &cfg,
+			Handlers: handlers.Copy(),
+		},
+		sharedCfg.RoleARN,
+		func(opt *stscreds.AssumeRoleProvider) {
+			opt.RoleSessionName = sharedCfg.RoleSessionName
+
+			if sessOpts.AssumeRoleDuration == 0 &&
+				sharedCfg.AssumeRoleDuration != nil &&
+				*sharedCfg.AssumeRoleDuration/time.Minute > 15 {
+				opt.Duration = *sharedCfg.AssumeRoleDuration
+			} else if sessOpts.AssumeRoleDuration != 0 {
+				opt.Duration = sessOpts.AssumeRoleDuration
+			}
+
+			// Assume role with external ID
+			if len(sharedCfg.ExternalID) > 0 {
+				opt.ExternalID = aws.String(sharedCfg.ExternalID)
+			}
+
+			// Assume role with MFA
+			if len(sharedCfg.MFASerial) > 0 {
+				opt.SerialNumber = aws.String(sharedCfg.MFASerial)
+				opt.TokenProvider = sessOpts.AssumeRoleTokenProvider
+			}
+		},
+	), nil
+}
+
+// AssumeRoleTokenProviderNotSetError is an error returned when creating a
+// session when the MFAToken option is not set when shared config is configured
+// load assume a role with an MFA token.
+type AssumeRoleTokenProviderNotSetError struct{}
+
+// Code is the short id of the error.
+func (e AssumeRoleTokenProviderNotSetError) Code() string {
+	return "AssumeRoleTokenProviderNotSetError"
+}
+
+// Message is the description of the error
+func (e AssumeRoleTokenProviderNotSetError) Message() string {
+	return fmt.Sprintf("assume role with MFA enabled, but AssumeRoleTokenProvider session option not set.")
+}
+
+// OrigErr is the underlying error that caused the failure.
+func (e AssumeRoleTokenProviderNotSetError) OrigErr() error {
+	return nil
+}
+
+// Error satisfies the error interface.
+func (e AssumeRoleTokenProviderNotSetError) Error() string {
+	return awserr.SprintError(e.Code(), e.Message(), "", nil)
+}
+
+type credProviderError struct {
+	Err error
+}
+
+func (c credProviderError) Retrieve() (credentials.Value, error) {
+	return credentials.Value{}, c.Err
+}
+func (c credProviderError) IsExpired() bool {
+	return true
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/session/custom_transport.go b/vendor/github.com/aws/aws-sdk-go/aws/session/custom_transport.go
new file mode 100644
index 000000000..4390ad52f
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/session/custom_transport.go
@@ -0,0 +1,28 @@
+//go:build go1.13
+// +build go1.13
+
+package session
+
+import (
+	"net"
+	"net/http"
+	"time"
+)
+
+// Transport that should be used when a custom CA bundle is specified with the
+// SDK.
+func getCustomTransport() *http.Transport {
+	return &http.Transport{
+		Proxy: http.ProxyFromEnvironment,
+		DialContext: (&net.Dialer{
+			Timeout:   30 * time.Second,
+			KeepAlive: 30 * time.Second,
+			DualStack: true,
+		}).DialContext,
+		ForceAttemptHTTP2:     true,
+		MaxIdleConns:          100,
+		IdleConnTimeout:       90 * time.Second,
+		TLSHandshakeTimeout:   10 * time.Second,
+		ExpectContinueTimeout: 1 * time.Second,
+	}
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/session/custom_transport_go1.12.go b/vendor/github.com/aws/aws-sdk-go/aws/session/custom_transport_go1.12.go
new file mode 100644
index 000000000..668565bea
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/session/custom_transport_go1.12.go
@@ -0,0 +1,27 @@
+//go:build !go1.13 && go1.7
+// +build !go1.13,go1.7
+
+package session
+
+import (
+	"net"
+	"net/http"
+	"time"
+)
+
+// Transport that should be used when a custom CA bundle is specified with the
+// SDK.
+func getCustomTransport() *http.Transport {
+	return &http.Transport{
+		Proxy: http.ProxyFromEnvironment,
+		DialContext: (&net.Dialer{
+			Timeout:   30 * time.Second,
+			KeepAlive: 30 * time.Second,
+			DualStack: true,
+		}).DialContext,
+		MaxIdleConns:          100,
+		IdleConnTimeout:       90 * time.Second,
+		TLSHandshakeTimeout:   10 * time.Second,
+		ExpectContinueTimeout: 1 * time.Second,
+	}
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/session/custom_transport_go1.5.go b/vendor/github.com/aws/aws-sdk-go/aws/session/custom_transport_go1.5.go
new file mode 100644
index 000000000..e101aa6b6
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/session/custom_transport_go1.5.go
@@ -0,0 +1,23 @@
+//go:build !go1.6 && go1.5
+// +build !go1.6,go1.5
+
+package session
+
+import (
+	"net"
+	"net/http"
+	"time"
+)
+
+// Transport that should be used when a custom CA bundle is specified with the
+// SDK.
+func getCustomTransport() *http.Transport {
+	return &http.Transport{
+		Proxy: http.ProxyFromEnvironment,
+		Dial: (&net.Dialer{
+			Timeout:   30 * time.Second,
+			KeepAlive: 30 * time.Second,
+		}).Dial,
+		TLSHandshakeTimeout: 10 * time.Second,
+	}
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/session/custom_transport_go1.6.go b/vendor/github.com/aws/aws-sdk-go/aws/session/custom_transport_go1.6.go
new file mode 100644
index 000000000..b5fcbe0d1
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/session/custom_transport_go1.6.go
@@ -0,0 +1,24 @@
+//go:build !go1.7 && go1.6
+// +build !go1.7,go1.6
+
+package session
+
+import (
+	"net"
+	"net/http"
+	"time"
+)
+
+// Transport that should be used when a custom CA bundle is specified with the
+// SDK.
+func getCustomTransport() *http.Transport {
+	return &http.Transport{
+		Proxy: http.ProxyFromEnvironment,
+		Dial: (&net.Dialer{
+			Timeout:   30 * time.Second,
+			KeepAlive: 30 * time.Second,
+		}).Dial,
+		TLSHandshakeTimeout:   10 * time.Second,
+		ExpectContinueTimeout: 1 * time.Second,
+	}
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/session/doc.go b/vendor/github.com/aws/aws-sdk-go/aws/session/doc.go
new file mode 100644
index 000000000..ff3cc012a
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/session/doc.go
@@ -0,0 +1,367 @@
+/*
+Package session provides configuration for the SDK's service clients. Sessions
+can be shared across service clients that share the same base configuration.
+
+Sessions are safe to use concurrently as long as the Session is not being
+modified. Sessions should be cached when possible, because creating a new
+Session will load all configuration values from the environment, and config
+files each time the Session is created. Sharing the Session value across all of
+your service clients will ensure the configuration is loaded the fewest number
+of times possible.
+
+Sessions options from Shared Config
+
+By default NewSession will only load credentials from the shared credentials
+file (~/.aws/credentials). If the AWS_SDK_LOAD_CONFIG environment variable is
+set to a truthy value the Session will be created from the configuration
+values from the shared config (~/.aws/config) and shared credentials
+(~/.aws/credentials) files. Using the NewSessionWithOptions with
+SharedConfigState set to SharedConfigEnable will create the session as if the
+AWS_SDK_LOAD_CONFIG environment variable was set.
+
+Credential and config loading order
+
+The Session will attempt to load configuration and credentials from the
+environment, configuration files, and other credential sources. The order
+configuration is loaded in is:
+
+  * Environment Variables
+  * Shared Credentials file
+  * Shared Configuration file (if SharedConfig is enabled)
+  * EC2 Instance Metadata (credentials only)
+
+The Environment variables for credentials will have precedence over shared
+config even if SharedConfig is enabled. To override this behavior, and use
+shared config credentials instead specify the session.Options.Profile, (e.g.
+when using credential_source=Environment to assume a role).
+
+  sess, err := session.NewSessionWithOptions(session.Options{
+	  Profile: "myProfile",
+  })
+
+Creating Sessions
+
+Creating a Session without additional options will load credentials region, and
+profile loaded from the environment and shared config automatically. See,
+"Environment Variables" section for information on environment variables used
+by Session.
+
+	// Create Session
+	sess, err := session.NewSession()
+
+
+When creating Sessions optional aws.Config values can be passed in that will
+override the default, or loaded, config values the Session is being created
+with. This allows you to provide additional, or case based, configuration
+as needed.
+
+	// Create a Session with a custom region
+	sess, err := session.NewSession(&aws.Config{
+		Region: aws.String("us-west-2"),
+	})
+
+Use NewSessionWithOptions to provide additional configuration driving how the
+Session's configuration will be loaded. Such as, specifying shared config
+profile, or override the shared config state,  (AWS_SDK_LOAD_CONFIG).
+
+	// Equivalent to session.NewSession()
+	sess, err := session.NewSessionWithOptions(session.Options{
+		// Options
+	})
+
+	sess, err := session.NewSessionWithOptions(session.Options{
+		// Specify profile to load for the session's config
+		Profile: "profile_name",
+
+		// Provide SDK Config options, such as Region.
+		Config: aws.Config{
+			Region: aws.String("us-west-2"),
+		},
+
+		// Force enable Shared Config support
+		SharedConfigState: session.SharedConfigEnable,
+	})
+
+Adding Handlers
+
+You can add handlers to a session to decorate API operation, (e.g. adding HTTP
+headers). All clients that use the Session receive a copy of the Session's
+handlers. For example, the following request handler added to the Session logs
+every requests made.
+
+	// Create a session, and add additional handlers for all service
+	// clients created with the Session to inherit. Adds logging handler.
+	sess := session.Must(session.NewSession())
+
+	sess.Handlers.Send.PushFront(func(r *request.Request) {
+		// Log every request made and its payload
+		logger.Printf("Request: %s/%s, Params: %s",
+			r.ClientInfo.ServiceName, r.Operation, r.Params)
+	})
+
+Shared Config Fields
+
+By default the SDK will only load the shared credentials file's
+(~/.aws/credentials) credentials values, and all other config is provided by
+the environment variables, SDK defaults, and user provided aws.Config values.
+
+If the AWS_SDK_LOAD_CONFIG environment variable is set, or SharedConfigEnable
+option is used to create the Session the full shared config values will be
+loaded. This includes credentials, region, and support for assume role. In
+addition the Session will load its configuration from both the shared config
+file (~/.aws/config) and shared credentials file (~/.aws/credentials). Both
+files have the same format.
+
+If both config files are present the configuration from both files will be
+read. The Session will be created from configuration values from the shared
+credentials file (~/.aws/credentials) over those in the shared config file
+(~/.aws/config).
+
+Credentials are the values the SDK uses to authenticating requests with AWS
+Services. When specified in a file, both aws_access_key_id and
+aws_secret_access_key must be provided together in the same file to be
+considered valid. They will be ignored if both are not present.
+aws_session_token is an optional field that can be provided in addition to the
+other two fields.
+
+	aws_access_key_id = AKID
+	aws_secret_access_key = SECRET
+	aws_session_token = TOKEN
+
+	; region only supported if SharedConfigEnabled.
+	region = us-east-1
+
+Assume Role configuration
+
+The role_arn field allows you to configure the SDK to assume an IAM role using
+a set of credentials from another source. Such as when paired with static
+credentials, "profile_source", "credential_process", or "credential_source"
+fields. If "role_arn" is provided, a source of credentials must also be
+specified, such as "source_profile", "credential_source", or
+"credential_process".
+
+	role_arn = arn:aws:iam::<account_number>:role/<role_name>
+	source_profile = profile_with_creds
+	external_id = 1234
+	mfa_serial = <serial or mfa arn>
+	role_session_name = session_name
+
+
+The SDK supports assuming a role with MFA token. If "mfa_serial" is set, you
+must also set the Session Option.AssumeRoleTokenProvider. The Session will fail
+to load if the AssumeRoleTokenProvider is not specified.
+
+    sess := session.Must(session.NewSessionWithOptions(session.Options{
+        AssumeRoleTokenProvider: stscreds.StdinTokenProvider,
+    }))
+
+To setup Assume Role outside of a session see the stscreds.AssumeRoleProvider
+documentation.
+
+Environment Variables
+
+When a Session is created several environment variables can be set to adjust
+how the SDK functions, and what configuration data it loads when creating
+Sessions. All environment values are optional, but some values like credentials
+require multiple of the values to set or the partial values will be ignored.
+All environment variable values are strings unless otherwise noted.
+
+Environment configuration values. If set both Access Key ID and Secret Access
+Key must be provided. Session Token and optionally also be provided, but is
+not required.
+
+	# Access Key ID
+	AWS_ACCESS_KEY_ID=AKID
+	AWS_ACCESS_KEY=AKID # only read if AWS_ACCESS_KEY_ID is not set.
+
+	# Secret Access Key
+	AWS_SECRET_ACCESS_KEY=SECRET
+	AWS_SECRET_KEY=SECRET=SECRET # only read if AWS_SECRET_ACCESS_KEY is not set.
+
+	# Session Token
+	AWS_SESSION_TOKEN=TOKEN
+
+Region value will instruct the SDK where to make service API requests to. If is
+not provided in the environment the region must be provided before a service
+client request is made.
+
+	AWS_REGION=us-east-1
+
+	# AWS_DEFAULT_REGION is only read if AWS_SDK_LOAD_CONFIG is also set,
+	# and AWS_REGION is not also set.
+	AWS_DEFAULT_REGION=us-east-1
+
+Profile name the SDK should load use when loading shared config from the
+configuration files. If not provided "default" will be used as the profile name.
+
+	AWS_PROFILE=my_profile
+
+	# AWS_DEFAULT_PROFILE is only read if AWS_SDK_LOAD_CONFIG is also set,
+	# and AWS_PROFILE is not also set.
+	AWS_DEFAULT_PROFILE=my_profile
+
+SDK load config instructs the SDK to load the shared config in addition to
+shared credentials. This also expands the configuration loaded so the shared
+credentials will have parity with the shared config file. This also enables
+Region and Profile support for the AWS_DEFAULT_REGION and AWS_DEFAULT_PROFILE
+env values as well.
+
+	AWS_SDK_LOAD_CONFIG=1
+
+Custom Shared Config and Credential Files
+
+Shared credentials file path can be set to instruct the SDK to use an alternative
+file for the shared credentials. If not set the file will be loaded from
+$HOME/.aws/credentials on Linux/Unix based systems, and
+%USERPROFILE%\.aws\credentials on Windows.
+
+	AWS_SHARED_CREDENTIALS_FILE=$HOME/my_shared_credentials
+
+Shared config file path can be set to instruct the SDK to use an alternative
+file for the shared config. If not set the file will be loaded from
+$HOME/.aws/config on Linux/Unix based systems, and
+%USERPROFILE%\.aws\config on Windows.
+
+	AWS_CONFIG_FILE=$HOME/my_shared_config
+
+Custom CA Bundle
+
+Path to a custom Credentials Authority (CA) bundle PEM file that the SDK
+will use instead of the default system's root CA bundle. Use this only
+if you want to replace the CA bundle the SDK uses for TLS requests.
+
+	AWS_CA_BUNDLE=$HOME/my_custom_ca_bundle
+
+Enabling this option will attempt to merge the Transport into the SDK's HTTP
+client. If the client's Transport is not a http.Transport an error will be
+returned. If the Transport's TLS config is set this option will cause the SDK
+to overwrite the Transport's TLS config's  RootCAs value. If the CA bundle file
+contains multiple certificates all of them will be loaded.
+
+The Session option CustomCABundle is also available when creating sessions
+to also enable this feature. CustomCABundle session option field has priority
+over the AWS_CA_BUNDLE environment variable, and will be used if both are set.
+
+Setting a custom HTTPClient in the aws.Config options will override this setting.
+To use this option and custom HTTP client, the HTTP client needs to be provided
+when creating the session. Not the service client.
+
+Custom Client TLS Certificate
+
+The SDK supports the environment and session option being configured with
+Client TLS certificates that are sent as a part of the client's TLS handshake
+for client authentication. If used, both Cert and Key values are required. If
+one is missing, or either fail to load the contents of the file an error will
+be returned.
+
+HTTP Client's Transport concrete implementation must be a http.Transport
+or creating the session will fail.
+
+	AWS_SDK_GO_CLIENT_TLS_KEY=$HOME/my_client_key
+	AWS_SDK_GO_CLIENT_TLS_CERT=$HOME/my_client_cert
+
+This can also be configured via the session.Options ClientTLSCert and ClientTLSKey.
+
+	sess, err := session.NewSessionWithOptions(session.Options{
+		ClientTLSCert: myCertFile,
+		ClientTLSKey: myKeyFile,
+	})
+
+Custom EC2 IMDS Endpoint
+
+The endpoint of the EC2 IMDS client can be configured via the environment
+variable, AWS_EC2_METADATA_SERVICE_ENDPOINT when creating the client with a
+Session. See Options.EC2IMDSEndpoint for more details.
+
+  AWS_EC2_METADATA_SERVICE_ENDPOINT=http://169.254.169.254
+
+If using an URL with an IPv6 address literal, the IPv6 address
+component must be enclosed in square brackets.
+
+  AWS_EC2_METADATA_SERVICE_ENDPOINT=http://[::1]
+
+The custom EC2 IMDS endpoint can also be specified via the Session options.
+
+  sess, err := session.NewSessionWithOptions(session.Options{
+      EC2MetadataEndpoint: "http://[::1]",
+  })
+
+FIPS and DualStack Endpoints
+
+The SDK can be configured to resolve an endpoint with certain capabilities such as FIPS and DualStack.
+
+You can configure a FIPS endpoint using an environment variable, shared config ($HOME/.aws/config),
+or programmatically.
+
+To configure a FIPS endpoint set the environment variable set the AWS_USE_FIPS_ENDPOINT to true or false to enable
+or disable FIPS endpoint resolution.
+
+  AWS_USE_FIPS_ENDPOINT=true
+
+To configure a FIPS endpoint using shared config, set use_fips_endpoint to true or false to enable
+or disable FIPS endpoint resolution.
+
+  [profile myprofile]
+  region=us-west-2
+  use_fips_endpoint=true
+
+To configure a FIPS endpoint programmatically
+
+  // Option 1: Configure it on a session for all clients
+  sess, err := session.NewSessionWithOptions(session.Options{
+      UseFIPSEndpoint: endpoints.FIPSEndpointStateEnabled,
+  })
+  if err != nil {
+      // handle error
+  }
+
+  client := s3.New(sess)
+
+  // Option 2: Configure it per client
+  sess, err := session.NewSession()
+  if err != nil {
+      // handle error
+  }
+
+  client := s3.New(sess, &aws.Config{
+      UseFIPSEndpoint: endpoints.FIPSEndpointStateEnabled,
+  })
+
+You can configure a DualStack endpoint using an environment variable, shared config ($HOME/.aws/config),
+or programmatically.
+
+To configure a DualStack endpoint set the environment variable set the AWS_USE_DUALSTACK_ENDPOINT to true or false to
+enable or disable DualStack endpoint resolution.
+
+  AWS_USE_DUALSTACK_ENDPOINT=true
+
+To configure a DualStack endpoint using shared config, set use_dualstack_endpoint to true or false to enable
+or disable DualStack endpoint resolution.
+
+  [profile myprofile]
+  region=us-west-2
+  use_dualstack_endpoint=true
+
+To configure a DualStack endpoint programmatically
+
+  // Option 1: Configure it on a session for all clients
+  sess, err := session.NewSessionWithOptions(session.Options{
+      UseDualStackEndpoint: endpoints.DualStackEndpointStateEnabled,
+  })
+  if err != nil {
+      // handle error
+  }
+
+  client := s3.New(sess)
+
+  // Option 2: Configure it per client
+  sess, err := session.NewSession()
+  if err != nil {
+      // handle error
+  }
+
+  client := s3.New(sess, &aws.Config{
+      UseDualStackEndpoint: endpoints.DualStackEndpointStateEnabled,
+  })
+*/
+package session
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/session/env_config.go b/vendor/github.com/aws/aws-sdk-go/aws/session/env_config.go
new file mode 100644
index 000000000..d6fa24776
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/session/env_config.go
@@ -0,0 +1,471 @@
+package session
+
+import (
+	"fmt"
+	"os"
+	"strconv"
+	"strings"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/credentials"
+	"github.com/aws/aws-sdk-go/aws/defaults"
+	"github.com/aws/aws-sdk-go/aws/endpoints"
+)
+
+// EnvProviderName provides a name of the provider when config is loaded from environment.
+const EnvProviderName = "EnvConfigCredentials"
+
+// envConfig is a collection of environment values the SDK will read
+// setup config from. All environment values are optional. But some values
+// such as credentials require multiple values to be complete or the values
+// will be ignored.
+type envConfig struct {
+	// Environment configuration values. If set both Access Key ID and Secret Access
+	// Key must be provided. Session Token and optionally also be provided, but is
+	// not required.
+	//
+	//	# Access Key ID
+	//	AWS_ACCESS_KEY_ID=AKID
+	//	AWS_ACCESS_KEY=AKID # only read if AWS_ACCESS_KEY_ID is not set.
+	//
+	//	# Secret Access Key
+	//	AWS_SECRET_ACCESS_KEY=SECRET
+	//	AWS_SECRET_KEY=SECRET=SECRET # only read if AWS_SECRET_ACCESS_KEY is not set.
+	//
+	//	# Session Token
+	//	AWS_SESSION_TOKEN=TOKEN
+	Creds credentials.Value
+
+	// Region value will instruct the SDK where to make service API requests to. If is
+	// not provided in the environment the region must be provided before a service
+	// client request is made.
+	//
+	//	AWS_REGION=us-east-1
+	//
+	//	# AWS_DEFAULT_REGION is only read if AWS_SDK_LOAD_CONFIG is also set,
+	//	# and AWS_REGION is not also set.
+	//	AWS_DEFAULT_REGION=us-east-1
+	Region string
+
+	// Profile name the SDK should load use when loading shared configuration from the
+	// shared configuration files. If not provided "default" will be used as the
+	// profile name.
+	//
+	//	AWS_PROFILE=my_profile
+	//
+	//	# AWS_DEFAULT_PROFILE is only read if AWS_SDK_LOAD_CONFIG is also set,
+	//	# and AWS_PROFILE is not also set.
+	//	AWS_DEFAULT_PROFILE=my_profile
+	Profile string
+
+	// SDK load config instructs the SDK to load the shared config in addition to
+	// shared credentials. This also expands the configuration loaded from the shared
+	// credentials to have parity with the shared config file. This also enables
+	// Region and Profile support for the AWS_DEFAULT_REGION and AWS_DEFAULT_PROFILE
+	// env values as well.
+	//
+	//	AWS_SDK_LOAD_CONFIG=1
+	EnableSharedConfig bool
+
+	// Shared credentials file path can be set to instruct the SDK to use an alternate
+	// file for the shared credentials. If not set the file will be loaded from
+	// $HOME/.aws/credentials on Linux/Unix based systems, and
+	// %USERPROFILE%\.aws\credentials on Windows.
+	//
+	//	AWS_SHARED_CREDENTIALS_FILE=$HOME/my_shared_credentials
+	SharedCredentialsFile string
+
+	// Shared config file path can be set to instruct the SDK to use an alternate
+	// file for the shared config. If not set the file will be loaded from
+	// $HOME/.aws/config on Linux/Unix based systems, and
+	// %USERPROFILE%\.aws\config on Windows.
+	//
+	//	AWS_CONFIG_FILE=$HOME/my_shared_config
+	SharedConfigFile string
+
+	// Sets the path to a custom Credentials Authority (CA) Bundle PEM file
+	// that the SDK will use instead of the system's root CA bundle.
+	// Only use this if you want to configure the SDK to use a custom set
+	// of CAs.
+	//
+	// Enabling this option will attempt to merge the Transport
+	// into the SDK's HTTP client. If the client's Transport is
+	// not a http.Transport an error will be returned. If the
+	// Transport's TLS config is set this option will cause the
+	// SDK to overwrite the Transport's TLS config's  RootCAs value.
+	//
+	// Setting a custom HTTPClient in the aws.Config options will override this setting.
+	// To use this option and custom HTTP client, the HTTP client needs to be provided
+	// when creating the session. Not the service client.
+	//
+	//  AWS_CA_BUNDLE=$HOME/my_custom_ca_bundle
+	CustomCABundle string
+
+	// Sets the TLC client certificate that should be used by the SDK's HTTP transport
+	// when making requests. The certificate must be paired with a TLS client key file.
+	//
+	//  AWS_SDK_GO_CLIENT_TLS_CERT=$HOME/my_client_cert
+	ClientTLSCert string
+
+	// Sets the TLC client key that should be used by the SDK's HTTP transport
+	// when making requests. The key must be paired with a TLS client certificate file.
+	//
+	//  AWS_SDK_GO_CLIENT_TLS_KEY=$HOME/my_client_key
+	ClientTLSKey string
+
+	csmEnabled  string
+	CSMEnabled  *bool
+	CSMPort     string
+	CSMHost     string
+	CSMClientID string
+
+	// Enables endpoint discovery via environment variables.
+	//
+	//	AWS_ENABLE_ENDPOINT_DISCOVERY=true
+	EnableEndpointDiscovery *bool
+	enableEndpointDiscovery string
+
+	// Specifies the WebIdentity token the SDK should use to assume a role
+	// with.
+	//
+	//  AWS_WEB_IDENTITY_TOKEN_FILE=file_path
+	WebIdentityTokenFilePath string
+
+	// Specifies the IAM role arn to use when assuming an role.
+	//
+	//  AWS_ROLE_ARN=role_arn
+	RoleARN string
+
+	// Specifies the IAM role session name to use when assuming a role.
+	//
+	//  AWS_ROLE_SESSION_NAME=session_name
+	RoleSessionName string
+
+	// Specifies the STS Regional Endpoint flag for the SDK to resolve the endpoint
+	// for a service.
+	//
+	// AWS_STS_REGIONAL_ENDPOINTS=regional
+	// This can take value as `regional` or `legacy`
+	STSRegionalEndpoint endpoints.STSRegionalEndpoint
+
+	// Specifies the S3 Regional Endpoint flag for the SDK to resolve the
+	// endpoint for a service.
+	//
+	// AWS_S3_US_EAST_1_REGIONAL_ENDPOINT=regional
+	// This can take value as `regional` or `legacy`
+	S3UsEast1RegionalEndpoint endpoints.S3UsEast1RegionalEndpoint
+
+	// Specifies if the S3 service should allow ARNs to direct the region
+	// the client's requests are sent to.
+	//
+	// AWS_S3_USE_ARN_REGION=true
+	S3UseARNRegion bool
+
+	// Specifies the EC2 Instance Metadata Service endpoint to use. If specified it overrides EC2IMDSEndpointMode.
+	//
+	// AWS_EC2_METADATA_SERVICE_ENDPOINT=http://[::1]
+	EC2IMDSEndpoint string
+
+	// Specifies the EC2 Instance Metadata Service default endpoint selection mode (IPv4 or IPv6)
+	//
+	// AWS_EC2_METADATA_SERVICE_ENDPOINT_MODE=IPv6
+	EC2IMDSEndpointMode endpoints.EC2IMDSEndpointModeState
+
+	// Specifies that SDK clients must resolve a dual-stack endpoint for
+	// services.
+	//
+	// AWS_USE_DUALSTACK_ENDPOINT=true
+	UseDualStackEndpoint endpoints.DualStackEndpointState
+
+	// Specifies that SDK clients must resolve a FIPS endpoint for
+	// services.
+	//
+	// AWS_USE_FIPS_ENDPOINT=true
+	UseFIPSEndpoint endpoints.FIPSEndpointState
+}
+
+var (
+	csmEnabledEnvKey = []string{
+		"AWS_CSM_ENABLED",
+	}
+	csmHostEnvKey = []string{
+		"AWS_CSM_HOST",
+	}
+	csmPortEnvKey = []string{
+		"AWS_CSM_PORT",
+	}
+	csmClientIDEnvKey = []string{
+		"AWS_CSM_CLIENT_ID",
+	}
+	credAccessEnvKey = []string{
+		"AWS_ACCESS_KEY_ID",
+		"AWS_ACCESS_KEY",
+	}
+	credSecretEnvKey = []string{
+		"AWS_SECRET_ACCESS_KEY",
+		"AWS_SECRET_KEY",
+	}
+	credSessionEnvKey = []string{
+		"AWS_SESSION_TOKEN",
+	}
+
+	enableEndpointDiscoveryEnvKey = []string{
+		"AWS_ENABLE_ENDPOINT_DISCOVERY",
+	}
+
+	regionEnvKeys = []string{
+		"AWS_REGION",
+		"AWS_DEFAULT_REGION", // Only read if AWS_SDK_LOAD_CONFIG is also set
+	}
+	profileEnvKeys = []string{
+		"AWS_PROFILE",
+		"AWS_DEFAULT_PROFILE", // Only read if AWS_SDK_LOAD_CONFIG is also set
+	}
+	sharedCredsFileEnvKey = []string{
+		"AWS_SHARED_CREDENTIALS_FILE",
+	}
+	sharedConfigFileEnvKey = []string{
+		"AWS_CONFIG_FILE",
+	}
+	webIdentityTokenFilePathEnvKey = []string{
+		"AWS_WEB_IDENTITY_TOKEN_FILE",
+	}
+	roleARNEnvKey = []string{
+		"AWS_ROLE_ARN",
+	}
+	roleSessionNameEnvKey = []string{
+		"AWS_ROLE_SESSION_NAME",
+	}
+	stsRegionalEndpointKey = []string{
+		"AWS_STS_REGIONAL_ENDPOINTS",
+	}
+	s3UsEast1RegionalEndpoint = []string{
+		"AWS_S3_US_EAST_1_REGIONAL_ENDPOINT",
+	}
+	s3UseARNRegionEnvKey = []string{
+		"AWS_S3_USE_ARN_REGION",
+	}
+	ec2IMDSEndpointEnvKey = []string{
+		"AWS_EC2_METADATA_SERVICE_ENDPOINT",
+	}
+	ec2IMDSEndpointModeEnvKey = []string{
+		"AWS_EC2_METADATA_SERVICE_ENDPOINT_MODE",
+	}
+	useCABundleKey = []string{
+		"AWS_CA_BUNDLE",
+	}
+	useClientTLSCert = []string{
+		"AWS_SDK_GO_CLIENT_TLS_CERT",
+	}
+	useClientTLSKey = []string{
+		"AWS_SDK_GO_CLIENT_TLS_KEY",
+	}
+	awsUseDualStackEndpoint = []string{
+		"AWS_USE_DUALSTACK_ENDPOINT",
+	}
+	awsUseFIPSEndpoint = []string{
+		"AWS_USE_FIPS_ENDPOINT",
+	}
+)
+
+// loadEnvConfig retrieves the SDK's environment configuration.
+// See `envConfig` for the values that will be retrieved.
+//
+// If the environment variable `AWS_SDK_LOAD_CONFIG` is set to a truthy value
+// the shared SDK config will be loaded in addition to the SDK's specific
+// configuration values.
+func loadEnvConfig() (envConfig, error) {
+	enableSharedConfig, _ := strconv.ParseBool(os.Getenv("AWS_SDK_LOAD_CONFIG"))
+	return envConfigLoad(enableSharedConfig)
+}
+
+// loadEnvSharedConfig retrieves the SDK's environment configuration, and the
+// SDK shared config. See `envConfig` for the values that will be retrieved.
+//
+// Loads the shared configuration in addition to the SDK's specific configuration.
+// This will load the same values as `loadEnvConfig` if the `AWS_SDK_LOAD_CONFIG`
+// environment variable is set.
+func loadSharedEnvConfig() (envConfig, error) {
+	return envConfigLoad(true)
+}
+
+func envConfigLoad(enableSharedConfig bool) (envConfig, error) {
+	cfg := envConfig{}
+
+	cfg.EnableSharedConfig = enableSharedConfig
+
+	// Static environment credentials
+	var creds credentials.Value
+	setFromEnvVal(&creds.AccessKeyID, credAccessEnvKey)
+	setFromEnvVal(&creds.SecretAccessKey, credSecretEnvKey)
+	setFromEnvVal(&creds.SessionToken, credSessionEnvKey)
+	if creds.HasKeys() {
+		// Require logical grouping of credentials
+		creds.ProviderName = EnvProviderName
+		cfg.Creds = creds
+	}
+
+	// Role Metadata
+	setFromEnvVal(&cfg.RoleARN, roleARNEnvKey)
+	setFromEnvVal(&cfg.RoleSessionName, roleSessionNameEnvKey)
+
+	// Web identity environment variables
+	setFromEnvVal(&cfg.WebIdentityTokenFilePath, webIdentityTokenFilePathEnvKey)
+
+	// CSM environment variables
+	setFromEnvVal(&cfg.csmEnabled, csmEnabledEnvKey)
+	setFromEnvVal(&cfg.CSMHost, csmHostEnvKey)
+	setFromEnvVal(&cfg.CSMPort, csmPortEnvKey)
+	setFromEnvVal(&cfg.CSMClientID, csmClientIDEnvKey)
+
+	if len(cfg.csmEnabled) != 0 {
+		v, _ := strconv.ParseBool(cfg.csmEnabled)
+		cfg.CSMEnabled = &v
+	}
+
+	regionKeys := regionEnvKeys
+	profileKeys := profileEnvKeys
+	if !cfg.EnableSharedConfig {
+		regionKeys = regionKeys[:1]
+		profileKeys = profileKeys[:1]
+	}
+
+	setFromEnvVal(&cfg.Region, regionKeys)
+	setFromEnvVal(&cfg.Profile, profileKeys)
+
+	// endpoint discovery is in reference to it being enabled.
+	setFromEnvVal(&cfg.enableEndpointDiscovery, enableEndpointDiscoveryEnvKey)
+	if len(cfg.enableEndpointDiscovery) > 0 {
+		cfg.EnableEndpointDiscovery = aws.Bool(cfg.enableEndpointDiscovery != "false")
+	}
+
+	setFromEnvVal(&cfg.SharedCredentialsFile, sharedCredsFileEnvKey)
+	setFromEnvVal(&cfg.SharedConfigFile, sharedConfigFileEnvKey)
+
+	if len(cfg.SharedCredentialsFile) == 0 {
+		cfg.SharedCredentialsFile = defaults.SharedCredentialsFilename()
+	}
+	if len(cfg.SharedConfigFile) == 0 {
+		cfg.SharedConfigFile = defaults.SharedConfigFilename()
+	}
+
+	setFromEnvVal(&cfg.CustomCABundle, useCABundleKey)
+	setFromEnvVal(&cfg.ClientTLSCert, useClientTLSCert)
+	setFromEnvVal(&cfg.ClientTLSKey, useClientTLSKey)
+
+	var err error
+	// STS Regional Endpoint variable
+	for _, k := range stsRegionalEndpointKey {
+		if v := os.Getenv(k); len(v) != 0 {
+			cfg.STSRegionalEndpoint, err = endpoints.GetSTSRegionalEndpoint(v)
+			if err != nil {
+				return cfg, fmt.Errorf("failed to load, %v from env config, %v", k, err)
+			}
+		}
+	}
+
+	// S3 Regional Endpoint variable
+	for _, k := range s3UsEast1RegionalEndpoint {
+		if v := os.Getenv(k); len(v) != 0 {
+			cfg.S3UsEast1RegionalEndpoint, err = endpoints.GetS3UsEast1RegionalEndpoint(v)
+			if err != nil {
+				return cfg, fmt.Errorf("failed to load, %v from env config, %v", k, err)
+			}
+		}
+	}
+
+	var s3UseARNRegion string
+	setFromEnvVal(&s3UseARNRegion, s3UseARNRegionEnvKey)
+	if len(s3UseARNRegion) != 0 {
+		switch {
+		case strings.EqualFold(s3UseARNRegion, "false"):
+			cfg.S3UseARNRegion = false
+		case strings.EqualFold(s3UseARNRegion, "true"):
+			cfg.S3UseARNRegion = true
+		default:
+			return envConfig{}, fmt.Errorf(
+				"invalid value for environment variable, %s=%s, need true or false",
+				s3UseARNRegionEnvKey[0], s3UseARNRegion)
+		}
+	}
+
+	setFromEnvVal(&cfg.EC2IMDSEndpoint, ec2IMDSEndpointEnvKey)
+	if err := setEC2IMDSEndpointMode(&cfg.EC2IMDSEndpointMode, ec2IMDSEndpointModeEnvKey); err != nil {
+		return envConfig{}, err
+	}
+
+	if err := setUseDualStackEndpointFromEnvVal(&cfg.UseDualStackEndpoint, awsUseDualStackEndpoint); err != nil {
+		return cfg, err
+	}
+
+	if err := setUseFIPSEndpointFromEnvVal(&cfg.UseFIPSEndpoint, awsUseFIPSEndpoint); err != nil {
+		return cfg, err
+	}
+
+	return cfg, nil
+}
+
+func setFromEnvVal(dst *string, keys []string) {
+	for _, k := range keys {
+		if v := os.Getenv(k); len(v) != 0 {
+			*dst = v
+			break
+		}
+	}
+}
+
+func setEC2IMDSEndpointMode(mode *endpoints.EC2IMDSEndpointModeState, keys []string) error {
+	for _, k := range keys {
+		value := os.Getenv(k)
+		if len(value) == 0 {
+			continue
+		}
+		if err := mode.SetFromString(value); err != nil {
+			return fmt.Errorf("invalid value for environment variable, %s=%s, %v", k, value, err)
+		}
+		return nil
+	}
+	return nil
+}
+
+func setUseDualStackEndpointFromEnvVal(dst *endpoints.DualStackEndpointState, keys []string) error {
+	for _, k := range keys {
+		value := os.Getenv(k)
+		if len(value) == 0 {
+			continue // skip if empty
+		}
+
+		switch {
+		case strings.EqualFold(value, "true"):
+			*dst = endpoints.DualStackEndpointStateEnabled
+		case strings.EqualFold(value, "false"):
+			*dst = endpoints.DualStackEndpointStateDisabled
+		default:
+			return fmt.Errorf(
+				"invalid value for environment variable, %s=%s, need true, false",
+				k, value)
+		}
+	}
+	return nil
+}
+
+func setUseFIPSEndpointFromEnvVal(dst *endpoints.FIPSEndpointState, keys []string) error {
+	for _, k := range keys {
+		value := os.Getenv(k)
+		if len(value) == 0 {
+			continue // skip if empty
+		}
+
+		switch {
+		case strings.EqualFold(value, "true"):
+			*dst = endpoints.FIPSEndpointStateEnabled
+		case strings.EqualFold(value, "false"):
+			*dst = endpoints.FIPSEndpointStateDisabled
+		default:
+			return fmt.Errorf(
+				"invalid value for environment variable, %s=%s, need true, false",
+				k, value)
+		}
+	}
+	return nil
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/session/session.go b/vendor/github.com/aws/aws-sdk-go/aws/session/session.go
new file mode 100644
index 000000000..cbccb60bb
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/session/session.go
@@ -0,0 +1,997 @@
+package session
+
+import (
+	"crypto/tls"
+	"crypto/x509"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"net/http"
+	"os"
+	"strings"
+	"time"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/awserr"
+	"github.com/aws/aws-sdk-go/aws/client"
+	"github.com/aws/aws-sdk-go/aws/corehandlers"
+	"github.com/aws/aws-sdk-go/aws/credentials"
+	"github.com/aws/aws-sdk-go/aws/csm"
+	"github.com/aws/aws-sdk-go/aws/defaults"
+	"github.com/aws/aws-sdk-go/aws/endpoints"
+	"github.com/aws/aws-sdk-go/aws/request"
+)
+
+const (
+	// ErrCodeSharedConfig represents an error that occurs in the shared
+	// configuration logic
+	ErrCodeSharedConfig = "SharedConfigErr"
+
+	// ErrCodeLoadCustomCABundle error code for unable to load custom CA bundle.
+	ErrCodeLoadCustomCABundle = "LoadCustomCABundleError"
+
+	// ErrCodeLoadClientTLSCert error code for unable to load client TLS
+	// certificate or key
+	ErrCodeLoadClientTLSCert = "LoadClientTLSCertError"
+)
+
+// ErrSharedConfigSourceCollision will be returned if a section contains both
+// source_profile and credential_source
+var ErrSharedConfigSourceCollision = awserr.New(ErrCodeSharedConfig, "only one credential type may be specified per profile: source profile, credential source, credential process, web identity token, or sso", nil)
+
+// ErrSharedConfigECSContainerEnvVarEmpty will be returned if the environment
+// variables are empty and Environment was set as the credential source
+var ErrSharedConfigECSContainerEnvVarEmpty = awserr.New(ErrCodeSharedConfig, "EcsContainer was specified as the credential_source, but 'AWS_CONTAINER_CREDENTIALS_RELATIVE_URI' was not set", nil)
+
+// ErrSharedConfigInvalidCredSource will be returned if an invalid credential source was provided
+var ErrSharedConfigInvalidCredSource = awserr.New(ErrCodeSharedConfig, "credential source values must be EcsContainer, Ec2InstanceMetadata, or Environment", nil)
+
+// A Session provides a central location to create service clients from and
+// store configurations and request handlers for those services.
+//
+// Sessions are safe to create service clients concurrently, but it is not safe
+// to mutate the Session concurrently.
+//
+// The Session satisfies the service client's client.ConfigProvider.
+type Session struct {
+	Config   *aws.Config
+	Handlers request.Handlers
+
+	options Options
+}
+
+// New creates a new instance of the handlers merging in the provided configs
+// on top of the SDK's default configurations. Once the Session is created it
+// can be mutated to modify the Config or Handlers. The Session is safe to be
+// read concurrently, but it should not be written to concurrently.
+//
+// If the AWS_SDK_LOAD_CONFIG environment is set to a truthy value, the New
+// method could now encounter an error when loading the configuration. When
+// The environment variable is set, and an error occurs, New will return a
+// session that will fail all requests reporting the error that occurred while
+// loading the session. Use NewSession to get the error when creating the
+// session.
+//
+// If the AWS_SDK_LOAD_CONFIG environment variable is set to a truthy value
+// the shared config file (~/.aws/config) will also be loaded, in addition to
+// the shared credentials file (~/.aws/credentials). Values set in both the
+// shared config, and shared credentials will be taken from the shared
+// credentials file.
+//
+// Deprecated: Use NewSession functions to create sessions instead. NewSession
+// has the same functionality as New except an error can be returned when the
+// func is called instead of waiting to receive an error until a request is made.
+func New(cfgs ...*aws.Config) *Session {
+	// load initial config from environment
+	envCfg, envErr := loadEnvConfig()
+
+	if envCfg.EnableSharedConfig {
+		var cfg aws.Config
+		cfg.MergeIn(cfgs...)
+		s, err := NewSessionWithOptions(Options{
+			Config:            cfg,
+			SharedConfigState: SharedConfigEnable,
+		})
+		if err != nil {
+			// Old session.New expected all errors to be discovered when
+			// a request is made, and would report the errors then. This
+			// needs to be replicated if an error occurs while creating
+			// the session.
+			msg := "failed to create session with AWS_SDK_LOAD_CONFIG enabled. " +
+				"Use session.NewSession to handle errors occurring during session creation."
+
+			// Session creation failed, need to report the error and prevent
+			// any requests from succeeding.
+			s = &Session{Config: defaults.Config()}
+			s.logDeprecatedNewSessionError(msg, err, cfgs)
+		}
+
+		return s
+	}
+
+	s := deprecatedNewSession(envCfg, cfgs...)
+	if envErr != nil {
+		msg := "failed to load env config"
+		s.logDeprecatedNewSessionError(msg, envErr, cfgs)
+	}
+
+	if csmCfg, err := loadCSMConfig(envCfg, []string{}); err != nil {
+		if l := s.Config.Logger; l != nil {
+			l.Log(fmt.Sprintf("ERROR: failed to load CSM configuration, %v", err))
+		}
+	} else if csmCfg.Enabled {
+		err := enableCSM(&s.Handlers, csmCfg, s.Config.Logger)
+		if err != nil {
+			msg := "failed to enable CSM"
+			s.logDeprecatedNewSessionError(msg, err, cfgs)
+		}
+	}
+
+	return s
+}
+
+// NewSession returns a new Session created from SDK defaults, config files,
+// environment, and user provided config files. Once the Session is created
+// it can be mutated to modify the Config or Handlers. The Session is safe to
+// be read concurrently, but it should not be written to concurrently.
+//
+// If the AWS_SDK_LOAD_CONFIG environment variable is set to a truthy value
+// the shared config file (~/.aws/config) will also be loaded in addition to
+// the shared credentials file (~/.aws/credentials). Values set in both the
+// shared config, and shared credentials will be taken from the shared
+// credentials file. Enabling the Shared Config will also allow the Session
+// to be built with retrieving credentials with AssumeRole set in the config.
+//
+// See the NewSessionWithOptions func for information on how to override or
+// control through code how the Session will be created, such as specifying the
+// config profile, and controlling if shared config is enabled or not.
+func NewSession(cfgs ...*aws.Config) (*Session, error) {
+	opts := Options{}
+	opts.Config.MergeIn(cfgs...)
+
+	return NewSessionWithOptions(opts)
+}
+
+// SharedConfigState provides the ability to optionally override the state
+// of the session's creation based on the shared config being enabled or
+// disabled.
+type SharedConfigState int
+
+const (
+	// SharedConfigStateFromEnv does not override any state of the
+	// AWS_SDK_LOAD_CONFIG env var. It is the default value of the
+	// SharedConfigState type.
+	SharedConfigStateFromEnv SharedConfigState = iota
+
+	// SharedConfigDisable overrides the AWS_SDK_LOAD_CONFIG env var value
+	// and disables the shared config functionality.
+	SharedConfigDisable
+
+	// SharedConfigEnable overrides the AWS_SDK_LOAD_CONFIG env var value
+	// and enables the shared config functionality.
+	SharedConfigEnable
+)
+
+// Options provides the means to control how a Session is created and what
+// configuration values will be loaded.
+type Options struct {
+	// Provides config values for the SDK to use when creating service clients
+	// and making API requests to services. Any value set in with this field
+	// will override the associated value provided by the SDK defaults,
+	// environment or config files where relevant.
+	//
+	// If not set, configuration values from from SDK defaults, environment,
+	// config will be used.
+	Config aws.Config
+
+	// Overrides the config profile the Session should be created from. If not
+	// set the value of the environment variable will be loaded (AWS_PROFILE,
+	// or AWS_DEFAULT_PROFILE if the Shared Config is enabled).
+	//
+	// If not set and environment variables are not set the "default"
+	// (DefaultSharedConfigProfile) will be used as the profile to load the
+	// session config from.
+	Profile string
+
+	// Instructs how the Session will be created based on the AWS_SDK_LOAD_CONFIG
+	// environment variable. By default a Session will be created using the
+	// value provided by the AWS_SDK_LOAD_CONFIG environment variable.
+	//
+	// Setting this value to SharedConfigEnable or SharedConfigDisable
+	// will allow you to override the AWS_SDK_LOAD_CONFIG environment variable
+	// and enable or disable the shared config functionality.
+	SharedConfigState SharedConfigState
+
+	// Ordered list of files the session will load configuration from.
+	// It will override environment variable AWS_SHARED_CREDENTIALS_FILE, AWS_CONFIG_FILE.
+	SharedConfigFiles []string
+
+	// When the SDK's shared config is configured to assume a role with MFA
+	// this option is required in order to provide the mechanism that will
+	// retrieve the MFA token. There is no default value for this field. If
+	// it is not set an error will be returned when creating the session.
+	//
+	// This token provider will be called when ever the assumed role's
+	// credentials need to be refreshed. Within the context of service clients
+	// all sharing the same session the SDK will ensure calls to the token
+	// provider are atomic. When sharing a token provider across multiple
+	// sessions additional synchronization logic is needed to ensure the
+	// token providers do not introduce race conditions. It is recommend to
+	// share the session where possible.
+	//
+	// stscreds.StdinTokenProvider is a basic implementation that will prompt
+	// from stdin for the MFA token code.
+	//
+	// This field is only used if the shared configuration is enabled, and
+	// the config enables assume role with MFA via the mfa_serial field.
+	AssumeRoleTokenProvider func() (string, error)
+
+	// When the SDK's shared config is configured to assume a role this option
+	// may be provided to set the expiry duration of the STS credentials.
+	// Defaults to 15 minutes if not set as documented in the
+	// stscreds.AssumeRoleProvider.
+	AssumeRoleDuration time.Duration
+
+	// Reader for a custom Credentials Authority (CA) bundle in PEM format that
+	// the SDK will use instead of the default system's root CA bundle. Use this
+	// only if you want to replace the CA bundle the SDK uses for TLS requests.
+	//
+	// HTTP Client's Transport concrete implementation must be a http.Transport
+	// or creating the session will fail.
+	//
+	// If the Transport's TLS config is set this option will cause the SDK
+	// to overwrite the Transport's TLS config's  RootCAs value. If the CA
+	// bundle reader contains multiple certificates all of them will be loaded.
+	//
+	// Can also be specified via the environment variable:
+	//
+	//  AWS_CA_BUNDLE=$HOME/ca_bundle
+	//
+	// Can also be specified via the shared config field:
+	//
+	//  ca_bundle = $HOME/ca_bundle
+	CustomCABundle io.Reader
+
+	// Reader for the TLC client certificate that should be used by the SDK's
+	// HTTP transport when making requests. The certificate must be paired with
+	// a TLS client key file. Will be ignored if both are not provided.
+	//
+	// HTTP Client's Transport concrete implementation must be a http.Transport
+	// or creating the session will fail.
+	//
+	// Can also be specified via the environment variable:
+	//
+	//  AWS_SDK_GO_CLIENT_TLS_CERT=$HOME/my_client_cert
+	ClientTLSCert io.Reader
+
+	// Reader for the TLC client key that should be used by the SDK's HTTP
+	// transport when making requests. The key must be paired with a TLS client
+	// certificate file. Will be ignored if both are not provided.
+	//
+	// HTTP Client's Transport concrete implementation must be a http.Transport
+	// or creating the session will fail.
+	//
+	// Can also be specified via the environment variable:
+	//
+	//  AWS_SDK_GO_CLIENT_TLS_KEY=$HOME/my_client_key
+	ClientTLSKey io.Reader
+
+	// The handlers that the session and all API clients will be created with.
+	// This must be a complete set of handlers. Use the defaults.Handlers()
+	// function to initialize this value before changing the handlers to be
+	// used by the SDK.
+	Handlers request.Handlers
+
+	// Allows specifying a custom endpoint to be used by the EC2 IMDS client
+	// when making requests to the EC2 IMDS API. The endpoint value should
+	// include the URI scheme. If the scheme is not present it will be defaulted to http.
+	//
+	// If unset, will the EC2 IMDS client will use its default endpoint.
+	//
+	// Can also be specified via the environment variable,
+	// AWS_EC2_METADATA_SERVICE_ENDPOINT.
+	//
+	//   AWS_EC2_METADATA_SERVICE_ENDPOINT=http://169.254.169.254
+	//
+	// If using an URL with an IPv6 address literal, the IPv6 address
+	// component must be enclosed in square brackets.
+	//
+	//   AWS_EC2_METADATA_SERVICE_ENDPOINT=http://[::1]
+	EC2IMDSEndpoint string
+
+	// Specifies the EC2 Instance Metadata Service default endpoint selection mode (IPv4 or IPv6)
+	//
+	// AWS_EC2_METADATA_SERVICE_ENDPOINT_MODE=IPv6
+	EC2IMDSEndpointMode endpoints.EC2IMDSEndpointModeState
+
+	// Specifies options for creating credential providers.
+	// These are only used if the aws.Config does not already
+	// include credentials.
+	CredentialsProviderOptions *CredentialsProviderOptions
+}
+
+// NewSessionWithOptions returns a new Session created from SDK defaults, config files,
+// environment, and user provided config files. This func uses the Options
+// values to configure how the Session is created.
+//
+// If the AWS_SDK_LOAD_CONFIG environment variable is set to a truthy value
+// the shared config file (~/.aws/config) will also be loaded in addition to
+// the shared credentials file (~/.aws/credentials). Values set in both the
+// shared config, and shared credentials will be taken from the shared
+// credentials file. Enabling the Shared Config will also allow the Session
+// to be built with retrieving credentials with AssumeRole set in the config.
+//
+//	// Equivalent to session.New
+//	sess := session.Must(session.NewSessionWithOptions(session.Options{}))
+//
+//	// Specify profile to load for the session's config
+//	sess := session.Must(session.NewSessionWithOptions(session.Options{
+//	     Profile: "profile_name",
+//	}))
+//
+//	// Specify profile for config and region for requests
+//	sess := session.Must(session.NewSessionWithOptions(session.Options{
+//	     Config: aws.Config{Region: aws.String("us-east-1")},
+//	     Profile: "profile_name",
+//	}))
+//
+//	// Force enable Shared Config support
+//	sess := session.Must(session.NewSessionWithOptions(session.Options{
+//	    SharedConfigState: session.SharedConfigEnable,
+//	}))
+func NewSessionWithOptions(opts Options) (*Session, error) {
+	var envCfg envConfig
+	var err error
+	if opts.SharedConfigState == SharedConfigEnable {
+		envCfg, err = loadSharedEnvConfig()
+		if err != nil {
+			return nil, fmt.Errorf("failed to load shared config, %v", err)
+		}
+	} else {
+		envCfg, err = loadEnvConfig()
+		if err != nil {
+			return nil, fmt.Errorf("failed to load environment config, %v", err)
+		}
+	}
+
+	if len(opts.Profile) != 0 {
+		envCfg.Profile = opts.Profile
+	}
+
+	switch opts.SharedConfigState {
+	case SharedConfigDisable:
+		envCfg.EnableSharedConfig = false
+	case SharedConfigEnable:
+		envCfg.EnableSharedConfig = true
+	}
+
+	return newSession(opts, envCfg, &opts.Config)
+}
+
+// Must is a helper function to ensure the Session is valid and there was no
+// error when calling a NewSession function.
+//
+// This helper is intended to be used in variable initialization to load the
+// Session and configuration at startup. Such as:
+//
+//	var sess = session.Must(session.NewSession())
+func Must(sess *Session, err error) *Session {
+	if err != nil {
+		panic(err)
+	}
+
+	return sess
+}
+
+// Wraps the endpoint resolver with a resolver that will return a custom
+// endpoint for EC2 IMDS.
+func wrapEC2IMDSEndpoint(resolver endpoints.Resolver, endpoint string, mode endpoints.EC2IMDSEndpointModeState) endpoints.Resolver {
+	return endpoints.ResolverFunc(
+		func(service, region string, opts ...func(*endpoints.Options)) (
+			endpoints.ResolvedEndpoint, error,
+		) {
+			if service == ec2MetadataServiceID && len(endpoint) > 0 {
+				return endpoints.ResolvedEndpoint{
+					URL:           endpoint,
+					SigningName:   ec2MetadataServiceID,
+					SigningRegion: region,
+				}, nil
+			} else if service == ec2MetadataServiceID {
+				opts = append(opts, func(o *endpoints.Options) {
+					o.EC2MetadataEndpointMode = mode
+				})
+			}
+			return resolver.EndpointFor(service, region, opts...)
+		})
+}
+
+func deprecatedNewSession(envCfg envConfig, cfgs ...*aws.Config) *Session {
+	cfg := defaults.Config()
+	handlers := defaults.Handlers()
+
+	// Apply the passed in configs so the configuration can be applied to the
+	// default credential chain
+	cfg.MergeIn(cfgs...)
+	if cfg.EndpointResolver == nil {
+		// An endpoint resolver is required for a session to be able to provide
+		// endpoints for service client configurations.
+		cfg.EndpointResolver = endpoints.DefaultResolver()
+	}
+
+	if !(len(envCfg.EC2IMDSEndpoint) == 0 && envCfg.EC2IMDSEndpointMode == endpoints.EC2IMDSEndpointModeStateUnset) {
+		cfg.EndpointResolver = wrapEC2IMDSEndpoint(cfg.EndpointResolver, envCfg.EC2IMDSEndpoint, envCfg.EC2IMDSEndpointMode)
+	}
+
+	cfg.Credentials = defaults.CredChain(cfg, handlers)
+
+	// Reapply any passed in configs to override credentials if set
+	cfg.MergeIn(cfgs...)
+
+	s := &Session{
+		Config:   cfg,
+		Handlers: handlers,
+		options: Options{
+			EC2IMDSEndpoint: envCfg.EC2IMDSEndpoint,
+		},
+	}
+
+	initHandlers(s)
+	return s
+}
+
+func enableCSM(handlers *request.Handlers, cfg csmConfig, logger aws.Logger) error {
+	if logger != nil {
+		logger.Log("Enabling CSM")
+	}
+
+	r, err := csm.Start(cfg.ClientID, csm.AddressWithDefaults(cfg.Host, cfg.Port))
+	if err != nil {
+		return err
+	}
+	r.InjectHandlers(handlers)
+
+	return nil
+}
+
+func newSession(opts Options, envCfg envConfig, cfgs ...*aws.Config) (*Session, error) {
+	cfg := defaults.Config()
+
+	handlers := opts.Handlers
+	if handlers.IsEmpty() {
+		handlers = defaults.Handlers()
+	}
+
+	// Get a merged version of the user provided config to determine if
+	// credentials were.
+	userCfg := &aws.Config{}
+	userCfg.MergeIn(cfgs...)
+	cfg.MergeIn(userCfg)
+
+	// Ordered config files will be loaded in with later files overwriting
+	// previous config file values.
+	var cfgFiles []string
+	if opts.SharedConfigFiles != nil {
+		cfgFiles = opts.SharedConfigFiles
+	} else {
+		cfgFiles = []string{envCfg.SharedConfigFile, envCfg.SharedCredentialsFile}
+		if !envCfg.EnableSharedConfig {
+			// The shared config file (~/.aws/config) is only loaded if instructed
+			// to load via the envConfig.EnableSharedConfig (AWS_SDK_LOAD_CONFIG).
+			cfgFiles = cfgFiles[1:]
+		}
+	}
+
+	// Load additional config from file(s)
+	sharedCfg, err := loadSharedConfig(envCfg.Profile, cfgFiles, envCfg.EnableSharedConfig)
+	if err != nil {
+		if len(envCfg.Profile) == 0 && !envCfg.EnableSharedConfig && (envCfg.Creds.HasKeys() || userCfg.Credentials != nil) {
+			// Special case where the user has not explicitly specified an AWS_PROFILE,
+			// or session.Options.profile, shared config is not enabled, and the
+			// environment has credentials, allow the shared config file to fail to
+			// load since the user has already provided credentials, and nothing else
+			// is required to be read file. Github(aws/aws-sdk-go#2455)
+		} else if _, ok := err.(SharedConfigProfileNotExistsError); !ok {
+			return nil, err
+		}
+	}
+
+	if err := mergeConfigSrcs(cfg, userCfg, envCfg, sharedCfg, handlers, opts); err != nil {
+		return nil, err
+	}
+
+	if err := setTLSOptions(&opts, cfg, envCfg, sharedCfg); err != nil {
+		return nil, err
+	}
+
+	s := &Session{
+		Config:   cfg,
+		Handlers: handlers,
+		options:  opts,
+	}
+
+	initHandlers(s)
+
+	if csmCfg, err := loadCSMConfig(envCfg, cfgFiles); err != nil {
+		if l := s.Config.Logger; l != nil {
+			l.Log(fmt.Sprintf("ERROR: failed to load CSM configuration, %v", err))
+		}
+	} else if csmCfg.Enabled {
+		err = enableCSM(&s.Handlers, csmCfg, s.Config.Logger)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	return s, nil
+}
+
+type csmConfig struct {
+	Enabled  bool
+	Host     string
+	Port     string
+	ClientID string
+}
+
+var csmProfileName = "aws_csm"
+
+func loadCSMConfig(envCfg envConfig, cfgFiles []string) (csmConfig, error) {
+	if envCfg.CSMEnabled != nil {
+		if *envCfg.CSMEnabled {
+			return csmConfig{
+				Enabled:  true,
+				ClientID: envCfg.CSMClientID,
+				Host:     envCfg.CSMHost,
+				Port:     envCfg.CSMPort,
+			}, nil
+		}
+		return csmConfig{}, nil
+	}
+
+	sharedCfg, err := loadSharedConfig(csmProfileName, cfgFiles, false)
+	if err != nil {
+		if _, ok := err.(SharedConfigProfileNotExistsError); !ok {
+			return csmConfig{}, err
+		}
+	}
+	if sharedCfg.CSMEnabled != nil && *sharedCfg.CSMEnabled == true {
+		return csmConfig{
+			Enabled:  true,
+			ClientID: sharedCfg.CSMClientID,
+			Host:     sharedCfg.CSMHost,
+			Port:     sharedCfg.CSMPort,
+		}, nil
+	}
+
+	return csmConfig{}, nil
+}
+
+func setTLSOptions(opts *Options, cfg *aws.Config, envCfg envConfig, sharedCfg sharedConfig) error {
+	// CA Bundle can be specified in both environment variable shared config file.
+	var caBundleFilename = envCfg.CustomCABundle
+	if len(caBundleFilename) == 0 {
+		caBundleFilename = sharedCfg.CustomCABundle
+	}
+
+	// Only use environment value if session option is not provided.
+	customTLSOptions := map[string]struct {
+		filename string
+		field    *io.Reader
+		errCode  string
+	}{
+		"custom CA bundle PEM":   {filename: caBundleFilename, field: &opts.CustomCABundle, errCode: ErrCodeLoadCustomCABundle},
+		"custom client TLS cert": {filename: envCfg.ClientTLSCert, field: &opts.ClientTLSCert, errCode: ErrCodeLoadClientTLSCert},
+		"custom client TLS key":  {filename: envCfg.ClientTLSKey, field: &opts.ClientTLSKey, errCode: ErrCodeLoadClientTLSCert},
+	}
+	for name, v := range customTLSOptions {
+		if len(v.filename) != 0 && *v.field == nil {
+			f, err := os.Open(v.filename)
+			if err != nil {
+				return awserr.New(v.errCode, fmt.Sprintf("failed to open %s file", name), err)
+			}
+			defer f.Close()
+			*v.field = f
+		}
+	}
+
+	// Setup HTTP client with custom cert bundle if enabled
+	if opts.CustomCABundle != nil {
+		if err := loadCustomCABundle(cfg.HTTPClient, opts.CustomCABundle); err != nil {
+			return err
+		}
+	}
+
+	// Setup HTTP client TLS certificate and key for client TLS authentication.
+	if opts.ClientTLSCert != nil && opts.ClientTLSKey != nil {
+		if err := loadClientTLSCert(cfg.HTTPClient, opts.ClientTLSCert, opts.ClientTLSKey); err != nil {
+			return err
+		}
+	} else if opts.ClientTLSCert == nil && opts.ClientTLSKey == nil {
+		// Do nothing if neither values are available.
+
+	} else {
+		return awserr.New(ErrCodeLoadClientTLSCert,
+			fmt.Sprintf("client TLS cert(%t) and key(%t) must both be provided",
+				opts.ClientTLSCert != nil, opts.ClientTLSKey != nil), nil)
+	}
+
+	return nil
+}
+
+func getHTTPTransport(client *http.Client) (*http.Transport, error) {
+	var t *http.Transport
+	switch v := client.Transport.(type) {
+	case *http.Transport:
+		t = v
+	default:
+		if client.Transport != nil {
+			return nil, fmt.Errorf("unsupported transport, %T", client.Transport)
+		}
+	}
+	if t == nil {
+		// Nil transport implies `http.DefaultTransport` should be used. Since
+		// the SDK cannot modify, nor copy the `DefaultTransport` specifying
+		// the values the next closest behavior.
+		t = getCustomTransport()
+	}
+
+	return t, nil
+}
+
+func loadCustomCABundle(client *http.Client, bundle io.Reader) error {
+	t, err := getHTTPTransport(client)
+	if err != nil {
+		return awserr.New(ErrCodeLoadCustomCABundle,
+			"unable to load custom CA bundle, HTTPClient's transport unsupported type", err)
+	}
+
+	p, err := loadCertPool(bundle)
+	if err != nil {
+		return err
+	}
+	if t.TLSClientConfig == nil {
+		t.TLSClientConfig = &tls.Config{}
+	}
+	t.TLSClientConfig.RootCAs = p
+
+	client.Transport = t
+
+	return nil
+}
+
+func loadCertPool(r io.Reader) (*x509.CertPool, error) {
+	b, err := ioutil.ReadAll(r)
+	if err != nil {
+		return nil, awserr.New(ErrCodeLoadCustomCABundle,
+			"failed to read custom CA bundle PEM file", err)
+	}
+
+	p := x509.NewCertPool()
+	if !p.AppendCertsFromPEM(b) {
+		return nil, awserr.New(ErrCodeLoadCustomCABundle,
+			"failed to load custom CA bundle PEM file", err)
+	}
+
+	return p, nil
+}
+
+func loadClientTLSCert(client *http.Client, certFile, keyFile io.Reader) error {
+	t, err := getHTTPTransport(client)
+	if err != nil {
+		return awserr.New(ErrCodeLoadClientTLSCert,
+			"unable to get usable HTTP transport from client", err)
+	}
+
+	cert, err := ioutil.ReadAll(certFile)
+	if err != nil {
+		return awserr.New(ErrCodeLoadClientTLSCert,
+			"unable to get read client TLS cert file", err)
+	}
+
+	key, err := ioutil.ReadAll(keyFile)
+	if err != nil {
+		return awserr.New(ErrCodeLoadClientTLSCert,
+			"unable to get read client TLS key file", err)
+	}
+
+	clientCert, err := tls.X509KeyPair(cert, key)
+	if err != nil {
+		return awserr.New(ErrCodeLoadClientTLSCert,
+			"unable to load x509 key pair from client cert", err)
+	}
+
+	tlsCfg := t.TLSClientConfig
+	if tlsCfg == nil {
+		tlsCfg = &tls.Config{}
+	}
+
+	tlsCfg.Certificates = append(tlsCfg.Certificates, clientCert)
+
+	t.TLSClientConfig = tlsCfg
+	client.Transport = t
+
+	return nil
+}
+
+func mergeConfigSrcs(cfg, userCfg *aws.Config,
+	envCfg envConfig, sharedCfg sharedConfig,
+	handlers request.Handlers,
+	sessOpts Options,
+) error {
+
+	// Region if not already set by user
+	if len(aws.StringValue(cfg.Region)) == 0 {
+		if len(envCfg.Region) > 0 {
+			cfg.WithRegion(envCfg.Region)
+		} else if envCfg.EnableSharedConfig && len(sharedCfg.Region) > 0 {
+			cfg.WithRegion(sharedCfg.Region)
+		}
+	}
+
+	if cfg.EnableEndpointDiscovery == nil {
+		if envCfg.EnableEndpointDiscovery != nil {
+			cfg.WithEndpointDiscovery(*envCfg.EnableEndpointDiscovery)
+		} else if envCfg.EnableSharedConfig && sharedCfg.EnableEndpointDiscovery != nil {
+			cfg.WithEndpointDiscovery(*sharedCfg.EnableEndpointDiscovery)
+		}
+	}
+
+	// Regional Endpoint flag for STS endpoint resolving
+	mergeSTSRegionalEndpointConfig(cfg, []endpoints.STSRegionalEndpoint{
+		userCfg.STSRegionalEndpoint,
+		envCfg.STSRegionalEndpoint,
+		sharedCfg.STSRegionalEndpoint,
+		endpoints.LegacySTSEndpoint,
+	})
+
+	// Regional Endpoint flag for S3 endpoint resolving
+	mergeS3UsEast1RegionalEndpointConfig(cfg, []endpoints.S3UsEast1RegionalEndpoint{
+		userCfg.S3UsEast1RegionalEndpoint,
+		envCfg.S3UsEast1RegionalEndpoint,
+		sharedCfg.S3UsEast1RegionalEndpoint,
+		endpoints.LegacyS3UsEast1Endpoint,
+	})
+
+	var ec2IMDSEndpoint string
+	for _, v := range []string{
+		sessOpts.EC2IMDSEndpoint,
+		envCfg.EC2IMDSEndpoint,
+		sharedCfg.EC2IMDSEndpoint,
+	} {
+		if len(v) != 0 {
+			ec2IMDSEndpoint = v
+			break
+		}
+	}
+
+	var endpointMode endpoints.EC2IMDSEndpointModeState
+	for _, v := range []endpoints.EC2IMDSEndpointModeState{
+		sessOpts.EC2IMDSEndpointMode,
+		envCfg.EC2IMDSEndpointMode,
+		sharedCfg.EC2IMDSEndpointMode,
+	} {
+		if v != endpoints.EC2IMDSEndpointModeStateUnset {
+			endpointMode = v
+			break
+		}
+	}
+
+	if len(ec2IMDSEndpoint) != 0 || endpointMode != endpoints.EC2IMDSEndpointModeStateUnset {
+		cfg.EndpointResolver = wrapEC2IMDSEndpoint(cfg.EndpointResolver, ec2IMDSEndpoint, endpointMode)
+	}
+
+	cfg.S3UseARNRegion = userCfg.S3UseARNRegion
+	if cfg.S3UseARNRegion == nil {
+		cfg.S3UseARNRegion = &envCfg.S3UseARNRegion
+	}
+	if cfg.S3UseARNRegion == nil {
+		cfg.S3UseARNRegion = &sharedCfg.S3UseARNRegion
+	}
+
+	for _, v := range []endpoints.DualStackEndpointState{userCfg.UseDualStackEndpoint, envCfg.UseDualStackEndpoint, sharedCfg.UseDualStackEndpoint} {
+		if v != endpoints.DualStackEndpointStateUnset {
+			cfg.UseDualStackEndpoint = v
+			break
+		}
+	}
+
+	for _, v := range []endpoints.FIPSEndpointState{userCfg.UseFIPSEndpoint, envCfg.UseFIPSEndpoint, sharedCfg.UseFIPSEndpoint} {
+		if v != endpoints.FIPSEndpointStateUnset {
+			cfg.UseFIPSEndpoint = v
+			break
+		}
+	}
+
+	// Configure credentials if not already set by the user when creating the Session.
+	// Credentials are resolved last such that all _resolved_ config values are propagated to credential providers.
+	// ticket: P83606045
+	if cfg.Credentials == credentials.AnonymousCredentials && userCfg.Credentials == nil {
+		creds, err := resolveCredentials(cfg, envCfg, sharedCfg, handlers, sessOpts)
+		if err != nil {
+			return err
+		}
+		cfg.Credentials = creds
+	}
+
+	return nil
+}
+
+func mergeSTSRegionalEndpointConfig(cfg *aws.Config, values []endpoints.STSRegionalEndpoint) {
+	for _, v := range values {
+		if v != endpoints.UnsetSTSEndpoint {
+			cfg.STSRegionalEndpoint = v
+			break
+		}
+	}
+}
+
+func mergeS3UsEast1RegionalEndpointConfig(cfg *aws.Config, values []endpoints.S3UsEast1RegionalEndpoint) {
+	for _, v := range values {
+		if v != endpoints.UnsetS3UsEast1Endpoint {
+			cfg.S3UsEast1RegionalEndpoint = v
+			break
+		}
+	}
+}
+
+func initHandlers(s *Session) {
+	// Add the Validate parameter handler if it is not disabled.
+	s.Handlers.Validate.Remove(corehandlers.ValidateParametersHandler)
+	if !aws.BoolValue(s.Config.DisableParamValidation) {
+		s.Handlers.Validate.PushBackNamed(corehandlers.ValidateParametersHandler)
+	}
+}
+
+// Copy creates and returns a copy of the current Session, copying the config
+// and handlers. If any additional configs are provided they will be merged
+// on top of the Session's copied config.
+//
+//	// Create a copy of the current Session, configured for the us-west-2 region.
+//	sess.Copy(&aws.Config{Region: aws.String("us-west-2")})
+func (s *Session) Copy(cfgs ...*aws.Config) *Session {
+	newSession := &Session{
+		Config:   s.Config.Copy(cfgs...),
+		Handlers: s.Handlers.Copy(),
+		options:  s.options,
+	}
+
+	initHandlers(newSession)
+
+	return newSession
+}
+
+// ClientConfig satisfies the client.ConfigProvider interface and is used to
+// configure the service client instances. Passing the Session to the service
+// client's constructor (New) will use this method to configure the client.
+func (s *Session) ClientConfig(service string, cfgs ...*aws.Config) client.Config {
+	s = s.Copy(cfgs...)
+
+	resolvedRegion := normalizeRegion(s.Config)
+
+	region := aws.StringValue(s.Config.Region)
+	resolved, err := s.resolveEndpoint(service, region, resolvedRegion, s.Config)
+	if err != nil {
+		s.Handlers.Validate.PushBack(func(r *request.Request) {
+			if len(r.ClientInfo.Endpoint) != 0 {
+				// Error occurred while resolving endpoint, but the request
+				// being invoked has had an endpoint specified after the client
+				// was created.
+				return
+			}
+			r.Error = err
+		})
+	}
+
+	return client.Config{
+		Config:             s.Config,
+		Handlers:           s.Handlers,
+		PartitionID:        resolved.PartitionID,
+		Endpoint:           resolved.URL,
+		SigningRegion:      resolved.SigningRegion,
+		SigningNameDerived: resolved.SigningNameDerived,
+		SigningName:        resolved.SigningName,
+		ResolvedRegion:     resolvedRegion,
+	}
+}
+
+const ec2MetadataServiceID = "ec2metadata"
+
+func (s *Session) resolveEndpoint(service, region, resolvedRegion string, cfg *aws.Config) (endpoints.ResolvedEndpoint, error) {
+
+	if ep := aws.StringValue(cfg.Endpoint); len(ep) != 0 {
+		return endpoints.ResolvedEndpoint{
+			URL:           endpoints.AddScheme(ep, aws.BoolValue(cfg.DisableSSL)),
+			SigningRegion: region,
+		}, nil
+	}
+
+	resolved, err := cfg.EndpointResolver.EndpointFor(service, region,
+		func(opt *endpoints.Options) {
+			opt.DisableSSL = aws.BoolValue(cfg.DisableSSL)
+
+			opt.UseDualStack = aws.BoolValue(cfg.UseDualStack)
+			opt.UseDualStackEndpoint = cfg.UseDualStackEndpoint
+
+			opt.UseFIPSEndpoint = cfg.UseFIPSEndpoint
+
+			// Support for STSRegionalEndpoint where the STSRegionalEndpoint is
+			// provided in envConfig or sharedConfig with envConfig getting
+			// precedence.
+			opt.STSRegionalEndpoint = cfg.STSRegionalEndpoint
+
+			// Support for S3UsEast1RegionalEndpoint where the S3UsEast1RegionalEndpoint is
+			// provided in envConfig or sharedConfig with envConfig getting
+			// precedence.
+			opt.S3UsEast1RegionalEndpoint = cfg.S3UsEast1RegionalEndpoint
+
+			// Support the condition where the service is modeled but its
+			// endpoint metadata is not available.
+			opt.ResolveUnknownService = true
+
+			opt.ResolvedRegion = resolvedRegion
+
+			opt.Logger = cfg.Logger
+			opt.LogDeprecated = cfg.LogLevel.Matches(aws.LogDebugWithDeprecated)
+		},
+	)
+	if err != nil {
+		return endpoints.ResolvedEndpoint{}, err
+	}
+
+	return resolved, nil
+}
+
+// ClientConfigNoResolveEndpoint is the same as ClientConfig with the exception
+// that the EndpointResolver will not be used to resolve the endpoint. The only
+// endpoint set must come from the aws.Config.Endpoint field.
+func (s *Session) ClientConfigNoResolveEndpoint(cfgs ...*aws.Config) client.Config {
+	s = s.Copy(cfgs...)
+
+	resolvedRegion := normalizeRegion(s.Config)
+
+	var resolved endpoints.ResolvedEndpoint
+	if ep := aws.StringValue(s.Config.Endpoint); len(ep) > 0 {
+		resolved.URL = endpoints.AddScheme(ep, aws.BoolValue(s.Config.DisableSSL))
+		resolved.SigningRegion = aws.StringValue(s.Config.Region)
+	}
+
+	return client.Config{
+		Config:             s.Config,
+		Handlers:           s.Handlers,
+		Endpoint:           resolved.URL,
+		SigningRegion:      resolved.SigningRegion,
+		SigningNameDerived: resolved.SigningNameDerived,
+		SigningName:        resolved.SigningName,
+		ResolvedRegion:     resolvedRegion,
+	}
+}
+
+// logDeprecatedNewSessionError function enables error handling for session
+func (s *Session) logDeprecatedNewSessionError(msg string, err error, cfgs []*aws.Config) {
+	// Session creation failed, need to report the error and prevent
+	// any requests from succeeding.
+	s.Config.MergeIn(cfgs...)
+	s.Config.Logger.Log("ERROR:", msg, "Error:", err)
+	s.Handlers.Validate.PushBack(func(r *request.Request) {
+		r.Error = err
+	})
+}
+
+// normalizeRegion resolves / normalizes the configured region (converts pseudo fips regions), and modifies the provided
+// config to have the equivalent options for resolution and returns the resolved region name.
+func normalizeRegion(cfg *aws.Config) (resolved string) {
+	const fipsInfix = "-fips-"
+	const fipsPrefix = "-fips"
+	const fipsSuffix = "fips-"
+
+	region := aws.StringValue(cfg.Region)
+
+	if strings.Contains(region, fipsInfix) ||
+		strings.Contains(region, fipsPrefix) ||
+		strings.Contains(region, fipsSuffix) {
+		resolved = strings.Replace(strings.Replace(strings.Replace(
+			region, fipsInfix, "-", -1), fipsPrefix, "", -1), fipsSuffix, "", -1)
+		cfg.UseFIPSEndpoint = endpoints.FIPSEndpointStateEnabled
+	}
+
+	return resolved
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go b/vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go
new file mode 100644
index 000000000..424c82b4d
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go
@@ -0,0 +1,729 @@
+package session
+
+import (
+	"fmt"
+	"strings"
+	"time"
+
+	"github.com/aws/aws-sdk-go/aws/awserr"
+	"github.com/aws/aws-sdk-go/aws/credentials"
+	"github.com/aws/aws-sdk-go/aws/endpoints"
+	"github.com/aws/aws-sdk-go/internal/ini"
+)
+
+const (
+	// Static Credentials group
+	accessKeyIDKey  = `aws_access_key_id`     // group required
+	secretAccessKey = `aws_secret_access_key` // group required
+	sessionTokenKey = `aws_session_token`     // optional
+
+	// Assume Role Credentials group
+	roleArnKey             = `role_arn`          // group required
+	sourceProfileKey       = `source_profile`    // group required (or credential_source)
+	credentialSourceKey    = `credential_source` // group required (or source_profile)
+	externalIDKey          = `external_id`       // optional
+	mfaSerialKey           = `mfa_serial`        // optional
+	roleSessionNameKey     = `role_session_name` // optional
+	roleDurationSecondsKey = "duration_seconds"  // optional
+
+	// AWS Single Sign-On (AWS SSO) group
+	ssoAccountIDKey = "sso_account_id"
+	ssoRegionKey    = "sso_region"
+	ssoRoleNameKey  = "sso_role_name"
+	ssoStartURL     = "sso_start_url"
+
+	// CSM options
+	csmEnabledKey  = `csm_enabled`
+	csmHostKey     = `csm_host`
+	csmPortKey     = `csm_port`
+	csmClientIDKey = `csm_client_id`
+
+	// Additional Config fields
+	regionKey = `region`
+
+	// custom CA Bundle filename
+	customCABundleKey = `ca_bundle`
+
+	// endpoint discovery group
+	enableEndpointDiscoveryKey = `endpoint_discovery_enabled` // optional
+
+	// External Credential Process
+	credentialProcessKey = `credential_process` // optional
+
+	// Web Identity Token File
+	webIdentityTokenFileKey = `web_identity_token_file` // optional
+
+	// Additional config fields for regional or legacy endpoints
+	stsRegionalEndpointSharedKey = `sts_regional_endpoints`
+
+	// Additional config fields for regional or legacy endpoints
+	s3UsEast1RegionalSharedKey = `s3_us_east_1_regional_endpoint`
+
+	// DefaultSharedConfigProfile is the default profile to be used when
+	// loading configuration from the config files if another profile name
+	// is not provided.
+	DefaultSharedConfigProfile = `default`
+
+	// S3 ARN Region Usage
+	s3UseARNRegionKey = "s3_use_arn_region"
+
+	// EC2 IMDS Endpoint Mode
+	ec2MetadataServiceEndpointModeKey = "ec2_metadata_service_endpoint_mode"
+
+	// EC2 IMDS Endpoint
+	ec2MetadataServiceEndpointKey = "ec2_metadata_service_endpoint"
+
+	// Use DualStack Endpoint Resolution
+	useDualStackEndpoint = "use_dualstack_endpoint"
+
+	// Use FIPS Endpoint Resolution
+	useFIPSEndpointKey = "use_fips_endpoint"
+)
+
+// sharedConfig represents the configuration fields of the SDK config files.
+type sharedConfig struct {
+	Profile string
+
+	// Credentials values from the config file. Both aws_access_key_id and
+	// aws_secret_access_key must be provided together in the same file to be
+	// considered valid. The values will be ignored if not a complete group.
+	// aws_session_token is an optional field that can be provided if both of
+	// the other two fields are also provided.
+	//
+	//	aws_access_key_id
+	//	aws_secret_access_key
+	//	aws_session_token
+	Creds credentials.Value
+
+	CredentialSource     string
+	CredentialProcess    string
+	WebIdentityTokenFile string
+
+	SSOAccountID string
+	SSORegion    string
+	SSORoleName  string
+	SSOStartURL  string
+
+	RoleARN            string
+	RoleSessionName    string
+	ExternalID         string
+	MFASerial          string
+	AssumeRoleDuration *time.Duration
+
+	SourceProfileName string
+	SourceProfile     *sharedConfig
+
+	// Region is the region the SDK should use for looking up AWS service
+	// endpoints and signing requests.
+	//
+	//	region
+	Region string
+
+	// CustomCABundle is the file path to a PEM file the SDK will read and
+	// use to configure the HTTP transport with additional CA certs that are
+	// not present in the platforms default CA store.
+	//
+	// This value will be ignored if the file does not exist.
+	//
+	//  ca_bundle
+	CustomCABundle string
+
+	// EnableEndpointDiscovery can be enabled in the shared config by setting
+	// endpoint_discovery_enabled to true
+	//
+	//	endpoint_discovery_enabled = true
+	EnableEndpointDiscovery *bool
+
+	// CSM Options
+	CSMEnabled  *bool
+	CSMHost     string
+	CSMPort     string
+	CSMClientID string
+
+	// Specifies the Regional Endpoint flag for the SDK to resolve the endpoint for a service
+	//
+	// sts_regional_endpoints = regional
+	// This can take value as `LegacySTSEndpoint` or `RegionalSTSEndpoint`
+	STSRegionalEndpoint endpoints.STSRegionalEndpoint
+
+	// Specifies the Regional Endpoint flag for the SDK to resolve the endpoint for a service
+	//
+	// s3_us_east_1_regional_endpoint = regional
+	// This can take value as `LegacyS3UsEast1Endpoint` or `RegionalS3UsEast1Endpoint`
+	S3UsEast1RegionalEndpoint endpoints.S3UsEast1RegionalEndpoint
+
+	// Specifies if the S3 service should allow ARNs to direct the region
+	// the client's requests are sent to.
+	//
+	// s3_use_arn_region=true
+	S3UseARNRegion bool
+
+	// Specifies the EC2 Instance Metadata Service default endpoint selection mode (IPv4 or IPv6)
+	//
+	// ec2_metadata_service_endpoint_mode=IPv6
+	EC2IMDSEndpointMode endpoints.EC2IMDSEndpointModeState
+
+	// Specifies the EC2 Instance Metadata Service endpoint to use. If specified it overrides EC2IMDSEndpointMode.
+	//
+	// ec2_metadata_service_endpoint=http://fd00:ec2::254
+	EC2IMDSEndpoint string
+
+	// Specifies that SDK clients must resolve a dual-stack endpoint for
+	// services.
+	//
+	// use_dualstack_endpoint=true
+	UseDualStackEndpoint endpoints.DualStackEndpointState
+
+	// Specifies that SDK clients must resolve a FIPS endpoint for
+	// services.
+	//
+	// use_fips_endpoint=true
+	UseFIPSEndpoint endpoints.FIPSEndpointState
+}
+
+type sharedConfigFile struct {
+	Filename string
+	IniData  ini.Sections
+}
+
+// loadSharedConfig retrieves the configuration from the list of files using
+// the profile provided. The order the files are listed will determine
+// precedence. Values in subsequent files will overwrite values defined in
+// earlier files.
+//
+// For example, given two files A and B. Both define credentials. If the order
+// of the files are A then B, B's credential values will be used instead of
+// A's.
+//
+// See sharedConfig.setFromFile for information how the config files
+// will be loaded.
+func loadSharedConfig(profile string, filenames []string, exOpts bool) (sharedConfig, error) {
+	if len(profile) == 0 {
+		profile = DefaultSharedConfigProfile
+	}
+
+	files, err := loadSharedConfigIniFiles(filenames)
+	if err != nil {
+		return sharedConfig{}, err
+	}
+
+	cfg := sharedConfig{}
+	profiles := map[string]struct{}{}
+	if err = cfg.setFromIniFiles(profiles, profile, files, exOpts); err != nil {
+		return sharedConfig{}, err
+	}
+
+	return cfg, nil
+}
+
+func loadSharedConfigIniFiles(filenames []string) ([]sharedConfigFile, error) {
+	files := make([]sharedConfigFile, 0, len(filenames))
+
+	for _, filename := range filenames {
+		sections, err := ini.OpenFile(filename)
+		if aerr, ok := err.(awserr.Error); ok && aerr.Code() == ini.ErrCodeUnableToReadFile {
+			// Skip files which can't be opened and read for whatever reason
+			continue
+		} else if err != nil {
+			return nil, SharedConfigLoadError{Filename: filename, Err: err}
+		}
+
+		files = append(files, sharedConfigFile{
+			Filename: filename, IniData: sections,
+		})
+	}
+
+	return files, nil
+}
+
+func (cfg *sharedConfig) setFromIniFiles(profiles map[string]struct{}, profile string, files []sharedConfigFile, exOpts bool) error {
+	cfg.Profile = profile
+
+	// Trim files from the list that don't exist.
+	var skippedFiles int
+	var profileNotFoundErr error
+	for _, f := range files {
+		if err := cfg.setFromIniFile(profile, f, exOpts); err != nil {
+			if _, ok := err.(SharedConfigProfileNotExistsError); ok {
+				// Ignore profiles not defined in individual files.
+				profileNotFoundErr = err
+				skippedFiles++
+				continue
+			}
+			return err
+		}
+	}
+	if skippedFiles == len(files) {
+		// If all files were skipped because the profile is not found, return
+		// the original profile not found error.
+		return profileNotFoundErr
+	}
+
+	if _, ok := profiles[profile]; ok {
+		// if this is the second instance of the profile the Assume Role
+		// options must be cleared because they are only valid for the
+		// first reference of a profile. The self linked instance of the
+		// profile only have credential provider options.
+		cfg.clearAssumeRoleOptions()
+	} else {
+		// First time a profile has been seen, It must either be a assume role
+		// credentials, or SSO. Assert if the credential type requires a role ARN,
+		// the ARN is also set, or validate that the SSO configuration is complete.
+		if err := cfg.validateCredentialsConfig(profile); err != nil {
+			return err
+		}
+	}
+	profiles[profile] = struct{}{}
+
+	if err := cfg.validateCredentialType(); err != nil {
+		return err
+	}
+
+	// Link source profiles for assume roles
+	if len(cfg.SourceProfileName) != 0 {
+		// Linked profile via source_profile ignore credential provider
+		// options, the source profile must provide the credentials.
+		cfg.clearCredentialOptions()
+
+		srcCfg := &sharedConfig{}
+		err := srcCfg.setFromIniFiles(profiles, cfg.SourceProfileName, files, exOpts)
+		if err != nil {
+			// SourceProfile that doesn't exist is an error in configuration.
+			if _, ok := err.(SharedConfigProfileNotExistsError); ok {
+				err = SharedConfigAssumeRoleError{
+					RoleARN:       cfg.RoleARN,
+					SourceProfile: cfg.SourceProfileName,
+				}
+			}
+			return err
+		}
+
+		if !srcCfg.hasCredentials() {
+			return SharedConfigAssumeRoleError{
+				RoleARN:       cfg.RoleARN,
+				SourceProfile: cfg.SourceProfileName,
+			}
+		}
+
+		cfg.SourceProfile = srcCfg
+	}
+
+	return nil
+}
+
+// setFromFile loads the configuration from the file using the profile
+// provided. A sharedConfig pointer type value is used so that multiple config
+// file loadings can be chained.
+//
+// Only loads complete logically grouped values, and will not set fields in cfg
+// for incomplete grouped values in the config. Such as credentials. For
+// example if a config file only includes aws_access_key_id but no
+// aws_secret_access_key the aws_access_key_id will be ignored.
+func (cfg *sharedConfig) setFromIniFile(profile string, file sharedConfigFile, exOpts bool) error {
+	section, ok := file.IniData.GetSection(profile)
+	if !ok {
+		// Fallback to to alternate profile name: profile <name>
+		section, ok = file.IniData.GetSection(fmt.Sprintf("profile %s", profile))
+		if !ok {
+			return SharedConfigProfileNotExistsError{Profile: profile, Err: nil}
+		}
+	}
+
+	if exOpts {
+		// Assume Role Parameters
+		updateString(&cfg.RoleARN, section, roleArnKey)
+		updateString(&cfg.ExternalID, section, externalIDKey)
+		updateString(&cfg.MFASerial, section, mfaSerialKey)
+		updateString(&cfg.RoleSessionName, section, roleSessionNameKey)
+		updateString(&cfg.SourceProfileName, section, sourceProfileKey)
+		updateString(&cfg.CredentialSource, section, credentialSourceKey)
+		updateString(&cfg.Region, section, regionKey)
+		updateString(&cfg.CustomCABundle, section, customCABundleKey)
+
+		if section.Has(roleDurationSecondsKey) {
+			d := time.Duration(section.Int(roleDurationSecondsKey)) * time.Second
+			cfg.AssumeRoleDuration = &d
+		}
+
+		if v := section.String(stsRegionalEndpointSharedKey); len(v) != 0 {
+			sre, err := endpoints.GetSTSRegionalEndpoint(v)
+			if err != nil {
+				return fmt.Errorf("failed to load %s from shared config, %s, %v",
+					stsRegionalEndpointSharedKey, file.Filename, err)
+			}
+			cfg.STSRegionalEndpoint = sre
+		}
+
+		if v := section.String(s3UsEast1RegionalSharedKey); len(v) != 0 {
+			sre, err := endpoints.GetS3UsEast1RegionalEndpoint(v)
+			if err != nil {
+				return fmt.Errorf("failed to load %s from shared config, %s, %v",
+					s3UsEast1RegionalSharedKey, file.Filename, err)
+			}
+			cfg.S3UsEast1RegionalEndpoint = sre
+		}
+
+		// AWS Single Sign-On (AWS SSO)
+		updateString(&cfg.SSOAccountID, section, ssoAccountIDKey)
+		updateString(&cfg.SSORegion, section, ssoRegionKey)
+		updateString(&cfg.SSORoleName, section, ssoRoleNameKey)
+		updateString(&cfg.SSOStartURL, section, ssoStartURL)
+
+		if err := updateEC2MetadataServiceEndpointMode(&cfg.EC2IMDSEndpointMode, section, ec2MetadataServiceEndpointModeKey); err != nil {
+			return fmt.Errorf("failed to load %s from shared config, %s, %v",
+				ec2MetadataServiceEndpointModeKey, file.Filename, err)
+		}
+		updateString(&cfg.EC2IMDSEndpoint, section, ec2MetadataServiceEndpointKey)
+
+		updateUseDualStackEndpoint(&cfg.UseDualStackEndpoint, section, useDualStackEndpoint)
+
+		updateUseFIPSEndpoint(&cfg.UseFIPSEndpoint, section, useFIPSEndpointKey)
+	}
+
+	updateString(&cfg.CredentialProcess, section, credentialProcessKey)
+	updateString(&cfg.WebIdentityTokenFile, section, webIdentityTokenFileKey)
+
+	// Shared Credentials
+	creds := credentials.Value{
+		AccessKeyID:     section.String(accessKeyIDKey),
+		SecretAccessKey: section.String(secretAccessKey),
+		SessionToken:    section.String(sessionTokenKey),
+		ProviderName:    fmt.Sprintf("SharedConfigCredentials: %s", file.Filename),
+	}
+	if creds.HasKeys() {
+		cfg.Creds = creds
+	}
+
+	// Endpoint discovery
+	updateBoolPtr(&cfg.EnableEndpointDiscovery, section, enableEndpointDiscoveryKey)
+
+	// CSM options
+	updateBoolPtr(&cfg.CSMEnabled, section, csmEnabledKey)
+	updateString(&cfg.CSMHost, section, csmHostKey)
+	updateString(&cfg.CSMPort, section, csmPortKey)
+	updateString(&cfg.CSMClientID, section, csmClientIDKey)
+
+	updateBool(&cfg.S3UseARNRegion, section, s3UseARNRegionKey)
+
+	return nil
+}
+
+func updateEC2MetadataServiceEndpointMode(endpointMode *endpoints.EC2IMDSEndpointModeState, section ini.Section, key string) error {
+	if !section.Has(key) {
+		return nil
+	}
+	value := section.String(key)
+	return endpointMode.SetFromString(value)
+}
+
+func (cfg *sharedConfig) validateCredentialsConfig(profile string) error {
+	if err := cfg.validateCredentialsRequireARN(profile); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (cfg *sharedConfig) validateCredentialsRequireARN(profile string) error {
+	var credSource string
+
+	switch {
+	case len(cfg.SourceProfileName) != 0:
+		credSource = sourceProfileKey
+	case len(cfg.CredentialSource) != 0:
+		credSource = credentialSourceKey
+	case len(cfg.WebIdentityTokenFile) != 0:
+		credSource = webIdentityTokenFileKey
+	}
+
+	if len(credSource) != 0 && len(cfg.RoleARN) == 0 {
+		return CredentialRequiresARNError{
+			Type:    credSource,
+			Profile: profile,
+		}
+	}
+
+	return nil
+}
+
+func (cfg *sharedConfig) validateCredentialType() error {
+	// Only one or no credential type can be defined.
+	if !oneOrNone(
+		len(cfg.SourceProfileName) != 0,
+		len(cfg.CredentialSource) != 0,
+		len(cfg.CredentialProcess) != 0,
+		len(cfg.WebIdentityTokenFile) != 0,
+	) {
+		return ErrSharedConfigSourceCollision
+	}
+
+	return nil
+}
+
+func (cfg *sharedConfig) validateSSOConfiguration() error {
+	if !cfg.hasSSOConfiguration() {
+		return nil
+	}
+
+	var missing []string
+	if len(cfg.SSOAccountID) == 0 {
+		missing = append(missing, ssoAccountIDKey)
+	}
+
+	if len(cfg.SSORegion) == 0 {
+		missing = append(missing, ssoRegionKey)
+	}
+
+	if len(cfg.SSORoleName) == 0 {
+		missing = append(missing, ssoRoleNameKey)
+	}
+
+	if len(cfg.SSOStartURL) == 0 {
+		missing = append(missing, ssoStartURL)
+	}
+
+	if len(missing) > 0 {
+		return fmt.Errorf("profile %q is configured to use SSO but is missing required configuration: %s",
+			cfg.Profile, strings.Join(missing, ", "))
+	}
+
+	return nil
+}
+
+func (cfg *sharedConfig) hasCredentials() bool {
+	switch {
+	case len(cfg.SourceProfileName) != 0:
+	case len(cfg.CredentialSource) != 0:
+	case len(cfg.CredentialProcess) != 0:
+	case len(cfg.WebIdentityTokenFile) != 0:
+	case cfg.hasSSOConfiguration():
+	case cfg.Creds.HasKeys():
+	default:
+		return false
+	}
+
+	return true
+}
+
+func (cfg *sharedConfig) clearCredentialOptions() {
+	cfg.CredentialSource = ""
+	cfg.CredentialProcess = ""
+	cfg.WebIdentityTokenFile = ""
+	cfg.Creds = credentials.Value{}
+	cfg.SSOAccountID = ""
+	cfg.SSORegion = ""
+	cfg.SSORoleName = ""
+	cfg.SSOStartURL = ""
+}
+
+func (cfg *sharedConfig) clearAssumeRoleOptions() {
+	cfg.RoleARN = ""
+	cfg.ExternalID = ""
+	cfg.MFASerial = ""
+	cfg.RoleSessionName = ""
+	cfg.SourceProfileName = ""
+}
+
+func (cfg *sharedConfig) hasSSOConfiguration() bool {
+	switch {
+	case len(cfg.SSOAccountID) != 0:
+	case len(cfg.SSORegion) != 0:
+	case len(cfg.SSORoleName) != 0:
+	case len(cfg.SSOStartURL) != 0:
+	default:
+		return false
+	}
+	return true
+}
+
+func oneOrNone(bs ...bool) bool {
+	var count int
+
+	for _, b := range bs {
+		if b {
+			count++
+			if count > 1 {
+				return false
+			}
+		}
+	}
+
+	return true
+}
+
+// updateString will only update the dst with the value in the section key, key
+// is present in the section.
+func updateString(dst *string, section ini.Section, key string) {
+	if !section.Has(key) {
+		return
+	}
+	*dst = section.String(key)
+}
+
+// updateBool will only update the dst with the value in the section key, key
+// is present in the section.
+func updateBool(dst *bool, section ini.Section, key string) {
+	if !section.Has(key) {
+		return
+	}
+	*dst = section.Bool(key)
+}
+
+// updateBoolPtr will only update the dst with the value in the section key,
+// key is present in the section.
+func updateBoolPtr(dst **bool, section ini.Section, key string) {
+	if !section.Has(key) {
+		return
+	}
+	*dst = new(bool)
+	**dst = section.Bool(key)
+}
+
+// SharedConfigLoadError is an error for the shared config file failed to load.
+type SharedConfigLoadError struct {
+	Filename string
+	Err      error
+}
+
+// Code is the short id of the error.
+func (e SharedConfigLoadError) Code() string {
+	return "SharedConfigLoadError"
+}
+
+// Message is the description of the error
+func (e SharedConfigLoadError) Message() string {
+	return fmt.Sprintf("failed to load config file, %s", e.Filename)
+}
+
+// OrigErr is the underlying error that caused the failure.
+func (e SharedConfigLoadError) OrigErr() error {
+	return e.Err
+}
+
+// Error satisfies the error interface.
+func (e SharedConfigLoadError) Error() string {
+	return awserr.SprintError(e.Code(), e.Message(), "", e.Err)
+}
+
+// SharedConfigProfileNotExistsError is an error for the shared config when
+// the profile was not find in the config file.
+type SharedConfigProfileNotExistsError struct {
+	Profile string
+	Err     error
+}
+
+// Code is the short id of the error.
+func (e SharedConfigProfileNotExistsError) Code() string {
+	return "SharedConfigProfileNotExistsError"
+}
+
+// Message is the description of the error
+func (e SharedConfigProfileNotExistsError) Message() string {
+	return fmt.Sprintf("failed to get profile, %s", e.Profile)
+}
+
+// OrigErr is the underlying error that caused the failure.
+func (e SharedConfigProfileNotExistsError) OrigErr() error {
+	return e.Err
+}
+
+// Error satisfies the error interface.
+func (e SharedConfigProfileNotExistsError) Error() string {
+	return awserr.SprintError(e.Code(), e.Message(), "", e.Err)
+}
+
+// SharedConfigAssumeRoleError is an error for the shared config when the
+// profile contains assume role information, but that information is invalid
+// or not complete.
+type SharedConfigAssumeRoleError struct {
+	RoleARN       string
+	SourceProfile string
+}
+
+// Code is the short id of the error.
+func (e SharedConfigAssumeRoleError) Code() string {
+	return "SharedConfigAssumeRoleError"
+}
+
+// Message is the description of the error
+func (e SharedConfigAssumeRoleError) Message() string {
+	return fmt.Sprintf(
+		"failed to load assume role for %s, source profile %s has no shared credentials",
+		e.RoleARN, e.SourceProfile,
+	)
+}
+
+// OrigErr is the underlying error that caused the failure.
+func (e SharedConfigAssumeRoleError) OrigErr() error {
+	return nil
+}
+
+// Error satisfies the error interface.
+func (e SharedConfigAssumeRoleError) Error() string {
+	return awserr.SprintError(e.Code(), e.Message(), "", nil)
+}
+
+// CredentialRequiresARNError provides the error for shared config credentials
+// that are incorrectly configured in the shared config or credentials file.
+type CredentialRequiresARNError struct {
+	// type of credentials that were configured.
+	Type string
+
+	// Profile name the credentials were in.
+	Profile string
+}
+
+// Code is the short id of the error.
+func (e CredentialRequiresARNError) Code() string {
+	return "CredentialRequiresARNError"
+}
+
+// Message is the description of the error
+func (e CredentialRequiresARNError) Message() string {
+	return fmt.Sprintf(
+		"credential type %s requires role_arn, profile %s",
+		e.Type, e.Profile,
+	)
+}
+
+// OrigErr is the underlying error that caused the failure.
+func (e CredentialRequiresARNError) OrigErr() error {
+	return nil
+}
+
+// Error satisfies the error interface.
+func (e CredentialRequiresARNError) Error() string {
+	return awserr.SprintError(e.Code(), e.Message(), "", nil)
+}
+
+// updateEndpointDiscoveryType will only update the dst with the value in the section, if
+// a valid key and corresponding EndpointDiscoveryType is found.
+func updateUseDualStackEndpoint(dst *endpoints.DualStackEndpointState, section ini.Section, key string) {
+	if !section.Has(key) {
+		return
+	}
+
+	if section.Bool(key) {
+		*dst = endpoints.DualStackEndpointStateEnabled
+	} else {
+		*dst = endpoints.DualStackEndpointStateDisabled
+	}
+
+	return
+}
+
+// updateEndpointDiscoveryType will only update the dst with the value in the section, if
+// a valid key and corresponding EndpointDiscoveryType is found.
+func updateUseFIPSEndpoint(dst *endpoints.FIPSEndpointState, section ini.Section, key string) {
+	if !section.Has(key) {
+		return
+	}
+
+	if section.Bool(key) {
+		*dst = endpoints.FIPSEndpointStateEnabled
+	} else {
+		*dst = endpoints.FIPSEndpointStateDisabled
+	}
+
+	return
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/header_rules.go b/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/header_rules.go
new file mode 100644
index 000000000..993753831
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/header_rules.go
@@ -0,0 +1,81 @@
+package v4
+
+import (
+	"github.com/aws/aws-sdk-go/internal/strings"
+)
+
+// validator houses a set of rule needed for validation of a
+// string value
+type rules []rule
+
+// rule interface allows for more flexible rules and just simply
+// checks whether or not a value adheres to that rule
+type rule interface {
+	IsValid(value string) bool
+}
+
+// IsValid will iterate through all rules and see if any rules
+// apply to the value and supports nested rules
+func (r rules) IsValid(value string) bool {
+	for _, rule := range r {
+		if rule.IsValid(value) {
+			return true
+		}
+	}
+	return false
+}
+
+// mapRule generic rule for maps
+type mapRule map[string]struct{}
+
+// IsValid for the map rule satisfies whether it exists in the map
+func (m mapRule) IsValid(value string) bool {
+	_, ok := m[value]
+	return ok
+}
+
+// allowList is a generic rule for allow listing
+type allowList struct {
+	rule
+}
+
+// IsValid for allow list checks if the value is within the allow list
+func (w allowList) IsValid(value string) bool {
+	return w.rule.IsValid(value)
+}
+
+// excludeList is a generic rule for exclude listing
+type excludeList struct {
+	rule
+}
+
+// IsValid for exclude list checks if the value is within the exclude list
+func (b excludeList) IsValid(value string) bool {
+	return !b.rule.IsValid(value)
+}
+
+type patterns []string
+
+// IsValid for patterns checks each pattern and returns if a match has
+// been found
+func (p patterns) IsValid(value string) bool {
+	for _, pattern := range p {
+		if strings.HasPrefixFold(value, pattern) {
+			return true
+		}
+	}
+	return false
+}
+
+// inclusiveRules rules allow for rules to depend on one another
+type inclusiveRules []rule
+
+// IsValid will return true if all rules are true
+func (r inclusiveRules) IsValid(value string) bool {
+	for _, rule := range r {
+		if !rule.IsValid(value) {
+			return false
+		}
+	}
+	return true
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/options.go b/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/options.go
new file mode 100644
index 000000000..6aa2ed241
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/options.go
@@ -0,0 +1,7 @@
+package v4
+
+// WithUnsignedPayload will enable and set the UnsignedPayload field to
+// true of the signer.
+func WithUnsignedPayload(v4 *Signer) {
+	v4.UnsignedPayload = true
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/request_context_go1.5.go b/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/request_context_go1.5.go
new file mode 100644
index 000000000..cf672b6ac
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/request_context_go1.5.go
@@ -0,0 +1,14 @@
+//go:build !go1.7
+// +build !go1.7
+
+package v4
+
+import (
+	"net/http"
+
+	"github.com/aws/aws-sdk-go/aws"
+)
+
+func requestContext(r *http.Request) aws.Context {
+	return aws.BackgroundContext()
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/request_context_go1.7.go b/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/request_context_go1.7.go
new file mode 100644
index 000000000..21fe74e6f
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/request_context_go1.7.go
@@ -0,0 +1,14 @@
+//go:build go1.7
+// +build go1.7
+
+package v4
+
+import (
+	"net/http"
+
+	"github.com/aws/aws-sdk-go/aws"
+)
+
+func requestContext(r *http.Request) aws.Context {
+	return r.Context()
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/stream.go b/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/stream.go
new file mode 100644
index 000000000..02cbd97e2
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/stream.go
@@ -0,0 +1,63 @@
+package v4
+
+import (
+	"encoding/hex"
+	"strings"
+	"time"
+
+	"github.com/aws/aws-sdk-go/aws/credentials"
+)
+
+type credentialValueProvider interface {
+	Get() (credentials.Value, error)
+}
+
+// StreamSigner implements signing of event stream encoded payloads
+type StreamSigner struct {
+	region  string
+	service string
+
+	credentials credentialValueProvider
+
+	prevSig []byte
+}
+
+// NewStreamSigner creates a SigV4 signer used to sign Event Stream encoded messages
+func NewStreamSigner(region, service string, seedSignature []byte, credentials *credentials.Credentials) *StreamSigner {
+	return &StreamSigner{
+		region:      region,
+		service:     service,
+		credentials: credentials,
+		prevSig:     seedSignature,
+	}
+}
+
+// GetSignature takes an event stream encoded headers and payload and returns a signature
+func (s *StreamSigner) GetSignature(headers, payload []byte, date time.Time) ([]byte, error) {
+	credValue, err := s.credentials.Get()
+	if err != nil {
+		return nil, err
+	}
+
+	sigKey := deriveSigningKey(s.region, s.service, credValue.SecretAccessKey, date)
+
+	keyPath := buildSigningScope(s.region, s.service, date)
+
+	stringToSign := buildEventStreamStringToSign(headers, payload, s.prevSig, keyPath, date)
+
+	signature := hmacSHA256(sigKey, []byte(stringToSign))
+	s.prevSig = signature
+
+	return signature, nil
+}
+
+func buildEventStreamStringToSign(headers, payload, prevSig []byte, scope string, date time.Time) string {
+	return strings.Join([]string{
+		"AWS4-HMAC-SHA256-PAYLOAD",
+		formatTime(date),
+		scope,
+		hex.EncodeToString(prevSig),
+		hex.EncodeToString(hashSHA256(headers)),
+		hex.EncodeToString(hashSHA256(payload)),
+	}, "\n")
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/uri_path.go b/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/uri_path.go
new file mode 100644
index 000000000..7711ec737
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/uri_path.go
@@ -0,0 +1,25 @@
+//go:build go1.5
+// +build go1.5
+
+package v4
+
+import (
+	"net/url"
+	"strings"
+)
+
+func getURIPath(u *url.URL) string {
+	var uri string
+
+	if len(u.Opaque) > 0 {
+		uri = "/" + strings.Join(strings.Split(u.Opaque, "/")[3:], "/")
+	} else {
+		uri = u.EscapedPath()
+	}
+
+	if len(uri) == 0 {
+		uri = "/"
+	}
+
+	return uri
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/v4.go b/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/v4.go
new file mode 100644
index 000000000..0240bd0be
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/v4.go
@@ -0,0 +1,855 @@
+// Package v4 implements signing for AWS V4 signer
+//
+// Provides request signing for request that need to be signed with
+// AWS V4 Signatures.
+//
+// # Standalone Signer
+//
+// Generally using the signer outside of the SDK should not require any additional
+// logic when using Go v1.5 or higher. The signer does this by taking advantage
+// of the URL.EscapedPath method. If your request URI requires additional escaping
+// you many need to use the URL.Opaque to define what the raw URI should be sent
+// to the service as.
+//
+// The signer will first check the URL.Opaque field, and use its value if set.
+// The signer does require the URL.Opaque field to be set in the form of:
+//
+//	"//<hostname>/<path>"
+//
+//	// e.g.
+//	"//example.com/some/path"
+//
+// The leading "//" and hostname are required or the URL.Opaque escaping will
+// not work correctly.
+//
+// If URL.Opaque is not set the signer will fallback to the URL.EscapedPath()
+// method and using the returned value. If you're using Go v1.4 you must set
+// URL.Opaque if the URI path needs escaping. If URL.Opaque is not set with
+// Go v1.5 the signer will fallback to URL.Path.
+//
+// AWS v4 signature validation requires that the canonical string's URI path
+// element must be the URI escaped form of the HTTP request's path.
+// http://docs.aws.amazon.com/general/latest/gr/sigv4-create-canonical-request.html
+//
+// The Go HTTP client will perform escaping automatically on the request. Some
+// of these escaping may cause signature validation errors because the HTTP
+// request differs from the URI path or query that the signature was generated.
+// https://golang.org/pkg/net/url/#URL.EscapedPath
+//
+// Because of this, it is recommended that when using the signer outside of the
+// SDK that explicitly escaping the request prior to being signed is preferable,
+// and will help prevent signature validation errors. This can be done by setting
+// the URL.Opaque or URL.RawPath. The SDK will use URL.Opaque first and then
+// call URL.EscapedPath() if Opaque is not set.
+//
+// If signing a request intended for HTTP2 server, and you're using Go 1.6.2
+// through 1.7.4 you should use the URL.RawPath as the pre-escaped form of the
+// request URL. https://github.com/golang/go/issues/16847 points to a bug in
+// Go pre 1.8 that fails to make HTTP2 requests using absolute URL in the HTTP
+// message. URL.Opaque generally will force Go to make requests with absolute URL.
+// URL.RawPath does not do this, but RawPath must be a valid escaping of Path
+// or url.EscapedPath will ignore the RawPath escaping.
+//
+// Test `TestStandaloneSign` provides a complete example of using the signer
+// outside of the SDK and pre-escaping the URI path.
+package v4
+
+import (
+	"crypto/hmac"
+	"crypto/sha256"
+	"encoding/hex"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"net/http"
+	"net/url"
+	"sort"
+	"strconv"
+	"strings"
+	"time"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/credentials"
+	"github.com/aws/aws-sdk-go/aws/request"
+	"github.com/aws/aws-sdk-go/internal/sdkio"
+	"github.com/aws/aws-sdk-go/private/protocol/rest"
+)
+
+const (
+	authorizationHeader     = "Authorization"
+	authHeaderSignatureElem = "Signature="
+	signatureQueryKey       = "X-Amz-Signature"
+
+	authHeaderPrefix = "AWS4-HMAC-SHA256"
+	timeFormat       = "20060102T150405Z"
+	shortTimeFormat  = "20060102"
+	awsV4Request     = "aws4_request"
+
+	// emptyStringSHA256 is a SHA256 of an empty string
+	emptyStringSHA256 = `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
+)
+
+var ignoredHeaders = rules{
+	excludeList{
+		mapRule{
+			authorizationHeader: struct{}{},
+			"User-Agent":        struct{}{},
+			"X-Amzn-Trace-Id":   struct{}{},
+		},
+	},
+}
+
+// requiredSignedHeaders is a allow list for build canonical headers.
+var requiredSignedHeaders = rules{
+	allowList{
+		mapRule{
+			"Cache-Control":                         struct{}{},
+			"Content-Disposition":                   struct{}{},
+			"Content-Encoding":                      struct{}{},
+			"Content-Language":                      struct{}{},
+			"Content-Md5":                           struct{}{},
+			"Content-Type":                          struct{}{},
+			"Expires":                               struct{}{},
+			"If-Match":                              struct{}{},
+			"If-Modified-Since":                     struct{}{},
+			"If-None-Match":                         struct{}{},
+			"If-Unmodified-Since":                   struct{}{},
+			"Range":                                 struct{}{},
+			"X-Amz-Acl":                             struct{}{},
+			"X-Amz-Copy-Source":                     struct{}{},
+			"X-Amz-Copy-Source-If-Match":            struct{}{},
+			"X-Amz-Copy-Source-If-Modified-Since":   struct{}{},
+			"X-Amz-Copy-Source-If-None-Match":       struct{}{},
+			"X-Amz-Copy-Source-If-Unmodified-Since": struct{}{},
+			"X-Amz-Copy-Source-Range":               struct{}{},
+			"X-Amz-Copy-Source-Server-Side-Encryption-Customer-Algorithm": struct{}{},
+			"X-Amz-Copy-Source-Server-Side-Encryption-Customer-Key":       struct{}{},
+			"X-Amz-Copy-Source-Server-Side-Encryption-Customer-Key-Md5":   struct{}{},
+			"X-Amz-Grant-Full-control":                                    struct{}{},
+			"X-Amz-Grant-Read":                                            struct{}{},
+			"X-Amz-Grant-Read-Acp":                                        struct{}{},
+			"X-Amz-Grant-Write":                                           struct{}{},
+			"X-Amz-Grant-Write-Acp":                                       struct{}{},
+			"X-Amz-Metadata-Directive":                                    struct{}{},
+			"X-Amz-Mfa":                                                   struct{}{},
+			"X-Amz-Request-Payer":                                         struct{}{},
+			"X-Amz-Server-Side-Encryption":                                struct{}{},
+			"X-Amz-Server-Side-Encryption-Aws-Kms-Key-Id":                 struct{}{},
+			"X-Amz-Server-Side-Encryption-Customer-Algorithm":             struct{}{},
+			"X-Amz-Server-Side-Encryption-Customer-Key":                   struct{}{},
+			"X-Amz-Server-Side-Encryption-Customer-Key-Md5":               struct{}{},
+			"X-Amz-Storage-Class":                                         struct{}{},
+			"X-Amz-Tagging":                                               struct{}{},
+			"X-Amz-Website-Redirect-Location":                             struct{}{},
+			"X-Amz-Content-Sha256":                                        struct{}{},
+		},
+	},
+	patterns{"X-Amz-Meta-"},
+	patterns{"X-Amz-Object-Lock-"},
+}
+
+// allowedHoisting is a allow list for build query headers. The boolean value
+// represents whether or not it is a pattern.
+var allowedQueryHoisting = inclusiveRules{
+	excludeList{requiredSignedHeaders},
+	patterns{"X-Amz-"},
+}
+
+// Signer applies AWS v4 signing to given request. Use this to sign requests
+// that need to be signed with AWS V4 Signatures.
+type Signer struct {
+	// The authentication credentials the request will be signed against.
+	// This value must be set to sign requests.
+	Credentials *credentials.Credentials
+
+	// Sets the log level the signer should use when reporting information to
+	// the logger. If the logger is nil nothing will be logged. See
+	// aws.LogLevelType for more information on available logging levels
+	//
+	// By default nothing will be logged.
+	Debug aws.LogLevelType
+
+	// The logger loging information will be written to. If there the logger
+	// is nil, nothing will be logged.
+	Logger aws.Logger
+
+	// Disables the Signer's moving HTTP header key/value pairs from the HTTP
+	// request header to the request's query string. This is most commonly used
+	// with pre-signed requests preventing headers from being added to the
+	// request's query string.
+	DisableHeaderHoisting bool
+
+	// Disables the automatic escaping of the URI path of the request for the
+	// siganture's canonical string's path. For services that do not need additional
+	// escaping then use this to disable the signer escaping the path.
+	//
+	// S3 is an example of a service that does not need additional escaping.
+	//
+	// http://docs.aws.amazon.com/general/latest/gr/sigv4-create-canonical-request.html
+	DisableURIPathEscaping bool
+
+	// Disables the automatical setting of the HTTP request's Body field with the
+	// io.ReadSeeker passed in to the signer. This is useful if you're using a
+	// custom wrapper around the body for the io.ReadSeeker and want to preserve
+	// the Body value on the Request.Body.
+	//
+	// This does run the risk of signing a request with a body that will not be
+	// sent in the request. Need to ensure that the underlying data of the Body
+	// values are the same.
+	DisableRequestBodyOverwrite bool
+
+	// currentTimeFn returns the time value which represents the current time.
+	// This value should only be used for testing. If it is nil the default
+	// time.Now will be used.
+	currentTimeFn func() time.Time
+
+	// UnsignedPayload will prevent signing of the payload. This will only
+	// work for services that have support for this.
+	UnsignedPayload bool
+}
+
+// NewSigner returns a Signer pointer configured with the credentials and optional
+// option values provided. If not options are provided the Signer will use its
+// default configuration.
+func NewSigner(credentials *credentials.Credentials, options ...func(*Signer)) *Signer {
+	v4 := &Signer{
+		Credentials: credentials,
+	}
+
+	for _, option := range options {
+		option(v4)
+	}
+
+	return v4
+}
+
+type signingCtx struct {
+	ServiceName      string
+	Region           string
+	Request          *http.Request
+	Body             io.ReadSeeker
+	Query            url.Values
+	Time             time.Time
+	ExpireTime       time.Duration
+	SignedHeaderVals http.Header
+
+	DisableURIPathEscaping bool
+
+	credValues      credentials.Value
+	isPresign       bool
+	unsignedPayload bool
+
+	bodyDigest       string
+	signedHeaders    string
+	canonicalHeaders string
+	canonicalString  string
+	credentialString string
+	stringToSign     string
+	signature        string
+	authorization    string
+}
+
+// Sign signs AWS v4 requests with the provided body, service name, region the
+// request is made to, and time the request is signed at. The signTime allows
+// you to specify that a request is signed for the future, and cannot be
+// used until then.
+//
+// Returns a list of HTTP headers that were included in the signature or an
+// error if signing the request failed. Generally for signed requests this value
+// is not needed as the full request context will be captured by the http.Request
+// value. It is included for reference though.
+//
+// Sign will set the request's Body to be the `body` parameter passed in. If
+// the body is not already an io.ReadCloser, it will be wrapped within one. If
+// a `nil` body parameter passed to Sign, the request's Body field will be
+// also set to nil. Its important to note that this functionality will not
+// change the request's ContentLength of the request.
+//
+// Sign differs from Presign in that it will sign the request using HTTP
+// header values. This type of signing is intended for http.Request values that
+// will not be shared, or are shared in a way the header values on the request
+// will not be lost.
+//
+// The requests body is an io.ReadSeeker so the SHA256 of the body can be
+// generated. To bypass the signer computing the hash you can set the
+// "X-Amz-Content-Sha256" header with a precomputed value. The signer will
+// only compute the hash if the request header value is empty.
+func (v4 Signer) Sign(r *http.Request, body io.ReadSeeker, service, region string, signTime time.Time) (http.Header, error) {
+	return v4.signWithBody(r, body, service, region, 0, false, signTime)
+}
+
+// Presign signs AWS v4 requests with the provided body, service name, region
+// the request is made to, and time the request is signed at. The signTime
+// allows you to specify that a request is signed for the future, and cannot
+// be used until then.
+//
+// Returns a list of HTTP headers that were included in the signature or an
+// error if signing the request failed. For presigned requests these headers
+// and their values must be included on the HTTP request when it is made. This
+// is helpful to know what header values need to be shared with the party the
+// presigned request will be distributed to.
+//
+// Presign differs from Sign in that it will sign the request using query string
+// instead of header values. This allows you to share the Presigned Request's
+// URL with third parties, or distribute it throughout your system with minimal
+// dependencies.
+//
+// Presign also takes an exp value which is the duration the
+// signed request will be valid after the signing time. This is allows you to
+// set when the request will expire.
+//
+// The requests body is an io.ReadSeeker so the SHA256 of the body can be
+// generated. To bypass the signer computing the hash you can set the
+// "X-Amz-Content-Sha256" header with a precomputed value. The signer will
+// only compute the hash if the request header value is empty.
+//
+// Presigning a S3 request will not compute the body's SHA256 hash by default.
+// This is done due to the general use case for S3 presigned URLs is to share
+// PUT/GET capabilities. If you would like to include the body's SHA256 in the
+// presigned request's signature you can set the "X-Amz-Content-Sha256"
+// HTTP header and that will be included in the request's signature.
+func (v4 Signer) Presign(r *http.Request, body io.ReadSeeker, service, region string, exp time.Duration, signTime time.Time) (http.Header, error) {
+	return v4.signWithBody(r, body, service, region, exp, true, signTime)
+}
+
+func (v4 Signer) signWithBody(r *http.Request, body io.ReadSeeker, service, region string, exp time.Duration, isPresign bool, signTime time.Time) (http.Header, error) {
+	currentTimeFn := v4.currentTimeFn
+	if currentTimeFn == nil {
+		currentTimeFn = time.Now
+	}
+
+	ctx := &signingCtx{
+		Request:                r,
+		Body:                   body,
+		Query:                  r.URL.Query(),
+		Time:                   signTime,
+		ExpireTime:             exp,
+		isPresign:              isPresign,
+		ServiceName:            service,
+		Region:                 region,
+		DisableURIPathEscaping: v4.DisableURIPathEscaping,
+		unsignedPayload:        v4.UnsignedPayload,
+	}
+
+	for key := range ctx.Query {
+		sort.Strings(ctx.Query[key])
+	}
+
+	if ctx.isRequestSigned() {
+		ctx.Time = currentTimeFn()
+		ctx.handlePresignRemoval()
+	}
+
+	var err error
+	ctx.credValues, err = v4.Credentials.GetWithContext(requestContext(r))
+	if err != nil {
+		return http.Header{}, err
+	}
+
+	ctx.sanitizeHostForHeader()
+	ctx.assignAmzQueryValues()
+	if err := ctx.build(v4.DisableHeaderHoisting); err != nil {
+		return nil, err
+	}
+
+	// If the request is not presigned the body should be attached to it. This
+	// prevents the confusion of wanting to send a signed request without
+	// the body the request was signed for attached.
+	if !(v4.DisableRequestBodyOverwrite || ctx.isPresign) {
+		var reader io.ReadCloser
+		if body != nil {
+			var ok bool
+			if reader, ok = body.(io.ReadCloser); !ok {
+				reader = ioutil.NopCloser(body)
+			}
+		}
+		r.Body = reader
+	}
+
+	if v4.Debug.Matches(aws.LogDebugWithSigning) {
+		v4.logSigningInfo(ctx)
+	}
+
+	return ctx.SignedHeaderVals, nil
+}
+
+func (ctx *signingCtx) sanitizeHostForHeader() {
+	request.SanitizeHostForHeader(ctx.Request)
+}
+
+func (ctx *signingCtx) handlePresignRemoval() {
+	if !ctx.isPresign {
+		return
+	}
+
+	// The credentials have expired for this request. The current signing
+	// is invalid, and needs to be request because the request will fail.
+	ctx.removePresign()
+
+	// Update the request's query string to ensure the values stays in
+	// sync in the case retrieving the new credentials fails.
+	ctx.Request.URL.RawQuery = ctx.Query.Encode()
+}
+
+func (ctx *signingCtx) assignAmzQueryValues() {
+	if ctx.isPresign {
+		ctx.Query.Set("X-Amz-Algorithm", authHeaderPrefix)
+		if ctx.credValues.SessionToken != "" {
+			ctx.Query.Set("X-Amz-Security-Token", ctx.credValues.SessionToken)
+		} else {
+			ctx.Query.Del("X-Amz-Security-Token")
+		}
+
+		return
+	}
+
+	if ctx.credValues.SessionToken != "" {
+		ctx.Request.Header.Set("X-Amz-Security-Token", ctx.credValues.SessionToken)
+	}
+}
+
+// SignRequestHandler is a named request handler the SDK will use to sign
+// service client request with using the V4 signature.
+var SignRequestHandler = request.NamedHandler{
+	Name: "v4.SignRequestHandler", Fn: SignSDKRequest,
+}
+
+// SignSDKRequest signs an AWS request with the V4 signature. This
+// request handler should only be used with the SDK's built in service client's
+// API operation requests.
+//
+// This function should not be used on its own, but in conjunction with
+// an AWS service client's API operation call. To sign a standalone request
+// not created by a service client's API operation method use the "Sign" or
+// "Presign" functions of the "Signer" type.
+//
+// If the credentials of the request's config are set to
+// credentials.AnonymousCredentials the request will not be signed.
+func SignSDKRequest(req *request.Request) {
+	SignSDKRequestWithCurrentTime(req, time.Now)
+}
+
+// BuildNamedHandler will build a generic handler for signing.
+func BuildNamedHandler(name string, opts ...func(*Signer)) request.NamedHandler {
+	return request.NamedHandler{
+		Name: name,
+		Fn: func(req *request.Request) {
+			SignSDKRequestWithCurrentTime(req, time.Now, opts...)
+		},
+	}
+}
+
+// SignSDKRequestWithCurrentTime will sign the SDK's request using the time
+// function passed in. Behaves the same as SignSDKRequest with the exception
+// the request is signed with the value returned by the current time function.
+func SignSDKRequestWithCurrentTime(req *request.Request, curTimeFn func() time.Time, opts ...func(*Signer)) {
+	// If the request does not need to be signed ignore the signing of the
+	// request if the AnonymousCredentials object is used.
+	if req.Config.Credentials == credentials.AnonymousCredentials {
+		return
+	}
+
+	region := req.ClientInfo.SigningRegion
+	if region == "" {
+		region = aws.StringValue(req.Config.Region)
+	}
+
+	name := req.ClientInfo.SigningName
+	if name == "" {
+		name = req.ClientInfo.ServiceName
+	}
+
+	v4 := NewSigner(req.Config.Credentials, func(v4 *Signer) {
+		v4.Debug = req.Config.LogLevel.Value()
+		v4.Logger = req.Config.Logger
+		v4.DisableHeaderHoisting = req.NotHoist
+		v4.currentTimeFn = curTimeFn
+		if name == "s3" {
+			// S3 service should not have any escaping applied
+			v4.DisableURIPathEscaping = true
+		}
+		// Prevents setting the HTTPRequest's Body. Since the Body could be
+		// wrapped in a custom io.Closer that we do not want to be stompped
+		// on top of by the signer.
+		v4.DisableRequestBodyOverwrite = true
+	})
+
+	for _, opt := range opts {
+		opt(v4)
+	}
+
+	curTime := curTimeFn()
+	signedHeaders, err := v4.signWithBody(req.HTTPRequest, req.GetBody(),
+		name, region, req.ExpireTime, req.ExpireTime > 0, curTime,
+	)
+	if err != nil {
+		req.Error = err
+		req.SignedHeaderVals = nil
+		return
+	}
+
+	req.SignedHeaderVals = signedHeaders
+	req.LastSignedAt = curTime
+}
+
+const logSignInfoMsg = `DEBUG: Request Signature:
+---[ CANONICAL STRING  ]-----------------------------
+%s
+---[ STRING TO SIGN ]--------------------------------
+%s%s
+-----------------------------------------------------`
+const logSignedURLMsg = `
+---[ SIGNED URL ]------------------------------------
+%s`
+
+func (v4 *Signer) logSigningInfo(ctx *signingCtx) {
+	signedURLMsg := ""
+	if ctx.isPresign {
+		signedURLMsg = fmt.Sprintf(logSignedURLMsg, ctx.Request.URL.String())
+	}
+	msg := fmt.Sprintf(logSignInfoMsg, ctx.canonicalString, ctx.stringToSign, signedURLMsg)
+	v4.Logger.Log(msg)
+}
+
+func (ctx *signingCtx) build(disableHeaderHoisting bool) error {
+	ctx.buildTime()             // no depends
+	ctx.buildCredentialString() // no depends
+
+	if err := ctx.buildBodyDigest(); err != nil {
+		return err
+	}
+
+	unsignedHeaders := ctx.Request.Header
+	if ctx.isPresign {
+		if !disableHeaderHoisting {
+			urlValues := url.Values{}
+			urlValues, unsignedHeaders = buildQuery(allowedQueryHoisting, unsignedHeaders) // no depends
+			for k := range urlValues {
+				ctx.Query[k] = urlValues[k]
+			}
+		}
+	}
+
+	ctx.buildCanonicalHeaders(ignoredHeaders, unsignedHeaders)
+	ctx.buildCanonicalString() // depends on canon headers / signed headers
+	ctx.buildStringToSign()    // depends on canon string
+	ctx.buildSignature()       // depends on string to sign
+
+	if ctx.isPresign {
+		ctx.Request.URL.RawQuery += "&" + signatureQueryKey + "=" + ctx.signature
+	} else {
+		parts := []string{
+			authHeaderPrefix + " Credential=" + ctx.credValues.AccessKeyID + "/" + ctx.credentialString,
+			"SignedHeaders=" + ctx.signedHeaders,
+			authHeaderSignatureElem + ctx.signature,
+		}
+		ctx.Request.Header.Set(authorizationHeader, strings.Join(parts, ", "))
+	}
+
+	return nil
+}
+
+// GetSignedRequestSignature attempts to extract the signature of the request.
+// Returning an error if the request is unsigned, or unable to extract the
+// signature.
+func GetSignedRequestSignature(r *http.Request) ([]byte, error) {
+
+	if auth := r.Header.Get(authorizationHeader); len(auth) != 0 {
+		ps := strings.Split(auth, ", ")
+		for _, p := range ps {
+			if idx := strings.Index(p, authHeaderSignatureElem); idx >= 0 {
+				sig := p[len(authHeaderSignatureElem):]
+				if len(sig) == 0 {
+					return nil, fmt.Errorf("invalid request signature authorization header")
+				}
+				return hex.DecodeString(sig)
+			}
+		}
+	}
+
+	if sig := r.URL.Query().Get("X-Amz-Signature"); len(sig) != 0 {
+		return hex.DecodeString(sig)
+	}
+
+	return nil, fmt.Errorf("request not signed")
+}
+
+func (ctx *signingCtx) buildTime() {
+	if ctx.isPresign {
+		duration := int64(ctx.ExpireTime / time.Second)
+		ctx.Query.Set("X-Amz-Date", formatTime(ctx.Time))
+		ctx.Query.Set("X-Amz-Expires", strconv.FormatInt(duration, 10))
+	} else {
+		ctx.Request.Header.Set("X-Amz-Date", formatTime(ctx.Time))
+	}
+}
+
+func (ctx *signingCtx) buildCredentialString() {
+	ctx.credentialString = buildSigningScope(ctx.Region, ctx.ServiceName, ctx.Time)
+
+	if ctx.isPresign {
+		ctx.Query.Set("X-Amz-Credential", ctx.credValues.AccessKeyID+"/"+ctx.credentialString)
+	}
+}
+
+func buildQuery(r rule, header http.Header) (url.Values, http.Header) {
+	query := url.Values{}
+	unsignedHeaders := http.Header{}
+	for k, h := range header {
+		if r.IsValid(k) {
+			query[k] = h
+		} else {
+			unsignedHeaders[k] = h
+		}
+	}
+
+	return query, unsignedHeaders
+}
+func (ctx *signingCtx) buildCanonicalHeaders(r rule, header http.Header) {
+	var headers []string
+	headers = append(headers, "host")
+	for k, v := range header {
+		if !r.IsValid(k) {
+			continue // ignored header
+		}
+		if ctx.SignedHeaderVals == nil {
+			ctx.SignedHeaderVals = make(http.Header)
+		}
+
+		lowerCaseKey := strings.ToLower(k)
+		if _, ok := ctx.SignedHeaderVals[lowerCaseKey]; ok {
+			// include additional values
+			ctx.SignedHeaderVals[lowerCaseKey] = append(ctx.SignedHeaderVals[lowerCaseKey], v...)
+			continue
+		}
+
+		headers = append(headers, lowerCaseKey)
+		ctx.SignedHeaderVals[lowerCaseKey] = v
+	}
+	sort.Strings(headers)
+
+	ctx.signedHeaders = strings.Join(headers, ";")
+
+	if ctx.isPresign {
+		ctx.Query.Set("X-Amz-SignedHeaders", ctx.signedHeaders)
+	}
+
+	headerItems := make([]string, len(headers))
+	for i, k := range headers {
+		if k == "host" {
+			if ctx.Request.Host != "" {
+				headerItems[i] = "host:" + ctx.Request.Host
+			} else {
+				headerItems[i] = "host:" + ctx.Request.URL.Host
+			}
+		} else {
+			headerValues := make([]string, len(ctx.SignedHeaderVals[k]))
+			for i, v := range ctx.SignedHeaderVals[k] {
+				headerValues[i] = strings.TrimSpace(v)
+			}
+			headerItems[i] = k + ":" +
+				strings.Join(headerValues, ",")
+		}
+	}
+	stripExcessSpaces(headerItems)
+	ctx.canonicalHeaders = strings.Join(headerItems, "\n")
+}
+
+func (ctx *signingCtx) buildCanonicalString() {
+	ctx.Request.URL.RawQuery = strings.Replace(ctx.Query.Encode(), "+", "%20", -1)
+
+	uri := getURIPath(ctx.Request.URL)
+
+	if !ctx.DisableURIPathEscaping {
+		uri = rest.EscapePath(uri, false)
+	}
+
+	ctx.canonicalString = strings.Join([]string{
+		ctx.Request.Method,
+		uri,
+		ctx.Request.URL.RawQuery,
+		ctx.canonicalHeaders + "\n",
+		ctx.signedHeaders,
+		ctx.bodyDigest,
+	}, "\n")
+}
+
+func (ctx *signingCtx) buildStringToSign() {
+	ctx.stringToSign = strings.Join([]string{
+		authHeaderPrefix,
+		formatTime(ctx.Time),
+		ctx.credentialString,
+		hex.EncodeToString(hashSHA256([]byte(ctx.canonicalString))),
+	}, "\n")
+}
+
+func (ctx *signingCtx) buildSignature() {
+	creds := deriveSigningKey(ctx.Region, ctx.ServiceName, ctx.credValues.SecretAccessKey, ctx.Time)
+	signature := hmacSHA256(creds, []byte(ctx.stringToSign))
+	ctx.signature = hex.EncodeToString(signature)
+}
+
+func (ctx *signingCtx) buildBodyDigest() error {
+	hash := ctx.Request.Header.Get("X-Amz-Content-Sha256")
+	if hash == "" {
+		includeSHA256Header := ctx.unsignedPayload ||
+			ctx.ServiceName == "s3" ||
+			ctx.ServiceName == "s3-object-lambda" ||
+			ctx.ServiceName == "glacier" ||
+			ctx.ServiceName == "s3-outposts"
+
+		s3Presign := ctx.isPresign &&
+			(ctx.ServiceName == "s3" ||
+				ctx.ServiceName == "s3-object-lambda")
+
+		if ctx.unsignedPayload || s3Presign {
+			hash = "UNSIGNED-PAYLOAD"
+			includeSHA256Header = !s3Presign
+		} else if ctx.Body == nil {
+			hash = emptyStringSHA256
+		} else {
+			if !aws.IsReaderSeekable(ctx.Body) {
+				return fmt.Errorf("cannot use unseekable request body %T, for signed request with body", ctx.Body)
+			}
+			hashBytes, err := makeSha256Reader(ctx.Body)
+			if err != nil {
+				return err
+			}
+			hash = hex.EncodeToString(hashBytes)
+		}
+
+		if includeSHA256Header {
+			ctx.Request.Header.Set("X-Amz-Content-Sha256", hash)
+		}
+	}
+	ctx.bodyDigest = hash
+
+	return nil
+}
+
+// isRequestSigned returns if the request is currently signed or presigned
+func (ctx *signingCtx) isRequestSigned() bool {
+	if ctx.isPresign && ctx.Query.Get("X-Amz-Signature") != "" {
+		return true
+	}
+	if ctx.Request.Header.Get("Authorization") != "" {
+		return true
+	}
+
+	return false
+}
+
+// unsign removes signing flags for both signed and presigned requests.
+func (ctx *signingCtx) removePresign() {
+	ctx.Query.Del("X-Amz-Algorithm")
+	ctx.Query.Del("X-Amz-Signature")
+	ctx.Query.Del("X-Amz-Security-Token")
+	ctx.Query.Del("X-Amz-Date")
+	ctx.Query.Del("X-Amz-Expires")
+	ctx.Query.Del("X-Amz-Credential")
+	ctx.Query.Del("X-Amz-SignedHeaders")
+}
+
+func hmacSHA256(key []byte, data []byte) []byte {
+	hash := hmac.New(sha256.New, key)
+	hash.Write(data)
+	return hash.Sum(nil)
+}
+
+func hashSHA256(data []byte) []byte {
+	hash := sha256.New()
+	hash.Write(data)
+	return hash.Sum(nil)
+}
+
+func makeSha256Reader(reader io.ReadSeeker) (hashBytes []byte, err error) {
+	hash := sha256.New()
+	start, err := reader.Seek(0, sdkio.SeekCurrent)
+	if err != nil {
+		return nil, err
+	}
+	defer func() {
+		// ensure error is return if unable to seek back to start of payload.
+		_, err = reader.Seek(start, sdkio.SeekStart)
+	}()
+
+	// Use CopyN to avoid allocating the 32KB buffer in io.Copy for bodies
+	// smaller than 32KB. Fall back to io.Copy if we fail to determine the size.
+	size, err := aws.SeekerLen(reader)
+	if err != nil {
+		io.Copy(hash, reader)
+	} else {
+		io.CopyN(hash, reader, size)
+	}
+
+	return hash.Sum(nil), nil
+}
+
+const doubleSpace = "  "
+
+// stripExcessSpaces will rewrite the passed in slice's string values to not
+// contain multiple side-by-side spaces.
+func stripExcessSpaces(vals []string) {
+	var j, k, l, m, spaces int
+	for i, str := range vals {
+		// Trim trailing spaces
+		for j = len(str) - 1; j >= 0 && str[j] == ' '; j-- {
+		}
+
+		// Trim leading spaces
+		for k = 0; k < j && str[k] == ' '; k++ {
+		}
+		str = str[k : j+1]
+
+		// Strip multiple spaces.
+		j = strings.Index(str, doubleSpace)
+		if j < 0 {
+			vals[i] = str
+			continue
+		}
+
+		buf := []byte(str)
+		for k, m, l = j, j, len(buf); k < l; k++ {
+			if buf[k] == ' ' {
+				if spaces == 0 {
+					// First space.
+					buf[m] = buf[k]
+					m++
+				}
+				spaces++
+			} else {
+				// End of multiple spaces.
+				spaces = 0
+				buf[m] = buf[k]
+				m++
+			}
+		}
+
+		vals[i] = string(buf[:m])
+	}
+}
+
+func buildSigningScope(region, service string, dt time.Time) string {
+	return strings.Join([]string{
+		formatShortTime(dt),
+		region,
+		service,
+		awsV4Request,
+	}, "/")
+}
+
+func deriveSigningKey(region, service, secretKey string, dt time.Time) []byte {
+	kDate := hmacSHA256([]byte("AWS4"+secretKey), []byte(formatShortTime(dt)))
+	kRegion := hmacSHA256(kDate, []byte(region))
+	kService := hmacSHA256(kRegion, []byte(service))
+	signingKey := hmacSHA256(kService, []byte(awsV4Request))
+	return signingKey
+}
+
+func formatShortTime(dt time.Time) string {
+	return dt.UTC().Format(shortTimeFormat)
+}
+
+func formatTime(dt time.Time) string {
+	return dt.UTC().Format(timeFormat)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/types.go b/vendor/github.com/aws/aws-sdk-go/aws/types.go
new file mode 100644
index 000000000..98751ee84
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/types.go
@@ -0,0 +1,264 @@
+package aws
+
+import (
+	"io"
+	"strings"
+	"sync"
+
+	"github.com/aws/aws-sdk-go/internal/sdkio"
+)
+
+// ReadSeekCloser wraps a io.Reader returning a ReaderSeekerCloser. Allows the
+// SDK to accept an io.Reader that is not also an io.Seeker for unsigned
+// streaming payload API operations.
+//
+// A ReadSeekCloser wrapping an nonseekable io.Reader used in an API
+// operation's input will prevent that operation being retried in the case of
+// network errors, and cause operation requests to fail if the operation
+// requires payload signing.
+//
+// Note: If using With S3 PutObject to stream an object upload The SDK's S3
+// Upload manager (s3manager.Uploader) provides support for streaming with the
+// ability to retry network errors.
+func ReadSeekCloser(r io.Reader) ReaderSeekerCloser {
+	return ReaderSeekerCloser{r}
+}
+
+// ReaderSeekerCloser represents a reader that can also delegate io.Seeker and
+// io.Closer interfaces to the underlying object if they are available.
+type ReaderSeekerCloser struct {
+	r io.Reader
+}
+
+// IsReaderSeekable returns if the underlying reader type can be seeked. A
+// io.Reader might not actually be seekable if it is the ReaderSeekerCloser
+// type.
+func IsReaderSeekable(r io.Reader) bool {
+	switch v := r.(type) {
+	case ReaderSeekerCloser:
+		return v.IsSeeker()
+	case *ReaderSeekerCloser:
+		return v.IsSeeker()
+	case io.ReadSeeker:
+		return true
+	default:
+		return false
+	}
+}
+
+// Read reads from the reader up to size of p. The number of bytes read, and
+// error if it occurred will be returned.
+//
+// If the reader is not an io.Reader zero bytes read, and nil error will be
+// returned.
+//
+// Performs the same functionality as io.Reader Read
+func (r ReaderSeekerCloser) Read(p []byte) (int, error) {
+	switch t := r.r.(type) {
+	case io.Reader:
+		return t.Read(p)
+	}
+	return 0, nil
+}
+
+// Seek sets the offset for the next Read to offset, interpreted according to
+// whence: 0 means relative to the origin of the file, 1 means relative to the
+// current offset, and 2 means relative to the end. Seek returns the new offset
+// and an error, if any.
+//
+// If the ReaderSeekerCloser is not an io.Seeker nothing will be done.
+func (r ReaderSeekerCloser) Seek(offset int64, whence int) (int64, error) {
+	switch t := r.r.(type) {
+	case io.Seeker:
+		return t.Seek(offset, whence)
+	}
+	return int64(0), nil
+}
+
+// IsSeeker returns if the underlying reader is also a seeker.
+func (r ReaderSeekerCloser) IsSeeker() bool {
+	_, ok := r.r.(io.Seeker)
+	return ok
+}
+
+// HasLen returns the length of the underlying reader if the value implements
+// the Len() int method.
+func (r ReaderSeekerCloser) HasLen() (int, bool) {
+	type lenner interface {
+		Len() int
+	}
+
+	if lr, ok := r.r.(lenner); ok {
+		return lr.Len(), true
+	}
+
+	return 0, false
+}
+
+// GetLen returns the length of the bytes remaining in the underlying reader.
+// Checks first for Len(), then io.Seeker to determine the size of the
+// underlying reader.
+//
+// Will return -1 if the length cannot be determined.
+func (r ReaderSeekerCloser) GetLen() (int64, error) {
+	if l, ok := r.HasLen(); ok {
+		return int64(l), nil
+	}
+
+	if s, ok := r.r.(io.Seeker); ok {
+		return seekerLen(s)
+	}
+
+	return -1, nil
+}
+
+// SeekerLen attempts to get the number of bytes remaining at the seeker's
+// current position.  Returns the number of bytes remaining or error.
+func SeekerLen(s io.Seeker) (int64, error) {
+	// Determine if the seeker is actually seekable. ReaderSeekerCloser
+	// hides the fact that a io.Readers might not actually be seekable.
+	switch v := s.(type) {
+	case ReaderSeekerCloser:
+		return v.GetLen()
+	case *ReaderSeekerCloser:
+		return v.GetLen()
+	}
+
+	return seekerLen(s)
+}
+
+func seekerLen(s io.Seeker) (int64, error) {
+	curOffset, err := s.Seek(0, sdkio.SeekCurrent)
+	if err != nil {
+		return 0, err
+	}
+
+	endOffset, err := s.Seek(0, sdkio.SeekEnd)
+	if err != nil {
+		return 0, err
+	}
+
+	_, err = s.Seek(curOffset, sdkio.SeekStart)
+	if err != nil {
+		return 0, err
+	}
+
+	return endOffset - curOffset, nil
+}
+
+// Close closes the ReaderSeekerCloser.
+//
+// If the ReaderSeekerCloser is not an io.Closer nothing will be done.
+func (r ReaderSeekerCloser) Close() error {
+	switch t := r.r.(type) {
+	case io.Closer:
+		return t.Close()
+	}
+	return nil
+}
+
+// A WriteAtBuffer provides a in memory buffer supporting the io.WriterAt interface
+// Can be used with the s3manager.Downloader to download content to a buffer
+// in memory. Safe to use concurrently.
+type WriteAtBuffer struct {
+	buf []byte
+	m   sync.Mutex
+
+	// GrowthCoeff defines the growth rate of the internal buffer. By
+	// default, the growth rate is 1, where expanding the internal
+	// buffer will allocate only enough capacity to fit the new expected
+	// length.
+	GrowthCoeff float64
+}
+
+// NewWriteAtBuffer creates a WriteAtBuffer with an internal buffer
+// provided by buf.
+func NewWriteAtBuffer(buf []byte) *WriteAtBuffer {
+	return &WriteAtBuffer{buf: buf}
+}
+
+// WriteAt writes a slice of bytes to a buffer starting at the position provided
+// The number of bytes written will be returned, or error. Can overwrite previous
+// written slices if the write ats overlap.
+func (b *WriteAtBuffer) WriteAt(p []byte, pos int64) (n int, err error) {
+	pLen := len(p)
+	expLen := pos + int64(pLen)
+	b.m.Lock()
+	defer b.m.Unlock()
+	if int64(len(b.buf)) < expLen {
+		if int64(cap(b.buf)) < expLen {
+			if b.GrowthCoeff < 1 {
+				b.GrowthCoeff = 1
+			}
+			newBuf := make([]byte, expLen, int64(b.GrowthCoeff*float64(expLen)))
+			copy(newBuf, b.buf)
+			b.buf = newBuf
+		}
+		b.buf = b.buf[:expLen]
+	}
+	copy(b.buf[pos:], p)
+	return pLen, nil
+}
+
+// Bytes returns a slice of bytes written to the buffer.
+func (b *WriteAtBuffer) Bytes() []byte {
+	b.m.Lock()
+	defer b.m.Unlock()
+	return b.buf
+}
+
+// MultiCloser is a utility to close multiple io.Closers within a single
+// statement.
+type MultiCloser []io.Closer
+
+// Close closes all of the io.Closers making up the MultiClosers. Any
+// errors that occur while closing will be returned in the order they
+// occur.
+func (m MultiCloser) Close() error {
+	var errs errors
+	for _, c := range m {
+		err := c.Close()
+		if err != nil {
+			errs = append(errs, err)
+		}
+	}
+	if len(errs) != 0 {
+		return errs
+	}
+
+	return nil
+}
+
+type errors []error
+
+func (es errors) Error() string {
+	var parts []string
+	for _, e := range es {
+		parts = append(parts, e.Error())
+	}
+
+	return strings.Join(parts, "\n")
+}
+
+// CopySeekableBody copies the seekable body to an io.Writer
+func CopySeekableBody(dst io.Writer, src io.ReadSeeker) (int64, error) {
+	curPos, err := src.Seek(0, sdkio.SeekCurrent)
+	if err != nil {
+		return 0, err
+	}
+
+	// copy errors may be assumed to be from the body.
+	n, err := io.Copy(dst, src)
+	if err != nil {
+		return n, err
+	}
+
+	// seek back to the first position after reading to reset
+	// the body for transmission.
+	_, err = src.Seek(curPos, sdkio.SeekStart)
+	if err != nil {
+		return n, err
+	}
+
+	return n, nil
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/url.go b/vendor/github.com/aws/aws-sdk-go/aws/url.go
new file mode 100644
index 000000000..fed561bd5
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/url.go
@@ -0,0 +1,13 @@
+//go:build go1.8
+// +build go1.8
+
+package aws
+
+import "net/url"
+
+// URLHostname will extract the Hostname without port from the URL value.
+//
+// Wrapper of net/url#URL.Hostname for backwards Go version compatibility.
+func URLHostname(url *url.URL) string {
+	return url.Hostname()
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/url_1_7.go b/vendor/github.com/aws/aws-sdk-go/aws/url_1_7.go
new file mode 100644
index 000000000..95282db03
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/url_1_7.go
@@ -0,0 +1,30 @@
+//go:build !go1.8
+// +build !go1.8
+
+package aws
+
+import (
+	"net/url"
+	"strings"
+)
+
+// URLHostname will extract the Hostname without port from the URL value.
+//
+// Copy of Go 1.8's net/url#URL.Hostname functionality.
+func URLHostname(url *url.URL) string {
+	return stripPort(url.Host)
+
+}
+
+// stripPort is copy of Go 1.8 url#URL.Hostname functionality.
+// https://golang.org/src/net/url/url.go
+func stripPort(hostport string) string {
+	colon := strings.IndexByte(hostport, ':')
+	if colon == -1 {
+		return hostport
+	}
+	if i := strings.IndexByte(hostport, ']'); i != -1 {
+		return strings.TrimPrefix(hostport[:i], "[")
+	}
+	return hostport[:colon]
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/version.go b/vendor/github.com/aws/aws-sdk-go/aws/version.go
new file mode 100644
index 000000000..9a0c29aa5
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/version.go
@@ -0,0 +1,8 @@
+// Package aws provides core functionality for making requests to AWS services.
+package aws
+
+// SDKName is the name of this AWS SDK
+const SDKName = "aws-sdk-go"
+
+// SDKVersion is the version of this SDK
+const SDKVersion = "1.44.288"
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/context/background_go1.5.go b/vendor/github.com/aws/aws-sdk-go/internal/context/background_go1.5.go
new file mode 100644
index 000000000..365345353
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/internal/context/background_go1.5.go
@@ -0,0 +1,41 @@
+//go:build !go1.7
+// +build !go1.7
+
+package context
+
+import "time"
+
+// An emptyCtx is a copy of the Go 1.7 context.emptyCtx type. This is copied to
+// provide a 1.6 and 1.5 safe version of context that is compatible with Go
+// 1.7's Context.
+//
+// An emptyCtx is never canceled, has no values, and has no deadline. It is not
+// struct{}, since vars of this type must have distinct addresses.
+type emptyCtx int
+
+func (*emptyCtx) Deadline() (deadline time.Time, ok bool) {
+	return
+}
+
+func (*emptyCtx) Done() <-chan struct{} {
+	return nil
+}
+
+func (*emptyCtx) Err() error {
+	return nil
+}
+
+func (*emptyCtx) Value(key interface{}) interface{} {
+	return nil
+}
+
+func (e *emptyCtx) String() string {
+	switch e {
+	case BackgroundCtx:
+		return "aws.BackgroundContext"
+	}
+	return "unknown empty Context"
+}
+
+// BackgroundCtx is the common base context.
+var BackgroundCtx = new(emptyCtx)
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/ini/ast.go b/vendor/github.com/aws/aws-sdk-go/internal/ini/ast.go
new file mode 100644
index 000000000..e83a99886
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/internal/ini/ast.go
@@ -0,0 +1,120 @@
+package ini
+
+// ASTKind represents different states in the parse table
+// and the type of AST that is being constructed
+type ASTKind int
+
+// ASTKind* is used in the parse table to transition between
+// the different states
+const (
+	ASTKindNone = ASTKind(iota)
+	ASTKindStart
+	ASTKindExpr
+	ASTKindEqualExpr
+	ASTKindStatement
+	ASTKindSkipStatement
+	ASTKindExprStatement
+	ASTKindSectionStatement
+	ASTKindNestedSectionStatement
+	ASTKindCompletedNestedSectionStatement
+	ASTKindCommentStatement
+	ASTKindCompletedSectionStatement
+)
+
+func (k ASTKind) String() string {
+	switch k {
+	case ASTKindNone:
+		return "none"
+	case ASTKindStart:
+		return "start"
+	case ASTKindExpr:
+		return "expr"
+	case ASTKindStatement:
+		return "stmt"
+	case ASTKindSectionStatement:
+		return "section_stmt"
+	case ASTKindExprStatement:
+		return "expr_stmt"
+	case ASTKindCommentStatement:
+		return "comment"
+	case ASTKindNestedSectionStatement:
+		return "nested_section_stmt"
+	case ASTKindCompletedSectionStatement:
+		return "completed_stmt"
+	case ASTKindSkipStatement:
+		return "skip"
+	default:
+		return ""
+	}
+}
+
+// AST interface allows us to determine what kind of node we
+// are on and casting may not need to be necessary.
+//
+// The root is always the first node in Children
+type AST struct {
+	Kind      ASTKind
+	Root      Token
+	RootToken bool
+	Children  []AST
+}
+
+func newAST(kind ASTKind, root AST, children ...AST) AST {
+	return AST{
+		Kind:     kind,
+		Children: append([]AST{root}, children...),
+	}
+}
+
+func newASTWithRootToken(kind ASTKind, root Token, children ...AST) AST {
+	return AST{
+		Kind:      kind,
+		Root:      root,
+		RootToken: true,
+		Children:  children,
+	}
+}
+
+// AppendChild will append to the list of children an AST has.
+func (a *AST) AppendChild(child AST) {
+	a.Children = append(a.Children, child)
+}
+
+// GetRoot will return the root AST which can be the first entry
+// in the children list or a token.
+func (a *AST) GetRoot() AST {
+	if a.RootToken {
+		return *a
+	}
+
+	if len(a.Children) == 0 {
+		return AST{}
+	}
+
+	return a.Children[0]
+}
+
+// GetChildren will return the current AST's list of children
+func (a *AST) GetChildren() []AST {
+	if len(a.Children) == 0 {
+		return []AST{}
+	}
+
+	if a.RootToken {
+		return a.Children
+	}
+
+	return a.Children[1:]
+}
+
+// SetChildren will set and override all children of the AST.
+func (a *AST) SetChildren(children []AST) {
+	if a.RootToken {
+		a.Children = children
+	} else {
+		a.Children = append(a.Children[:1], children...)
+	}
+}
+
+// Start is used to indicate the starting state of the parse table.
+var Start = newAST(ASTKindStart, AST{})
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/ini/comma_token.go b/vendor/github.com/aws/aws-sdk-go/internal/ini/comma_token.go
new file mode 100644
index 000000000..0895d53cb
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/internal/ini/comma_token.go
@@ -0,0 +1,11 @@
+package ini
+
+var commaRunes = []rune(",")
+
+func isComma(b rune) bool {
+	return b == ','
+}
+
+func newCommaToken() Token {
+	return newToken(TokenComma, commaRunes, NoneType)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/ini/comment_token.go b/vendor/github.com/aws/aws-sdk-go/internal/ini/comment_token.go
new file mode 100644
index 000000000..0b76999ba
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/internal/ini/comment_token.go
@@ -0,0 +1,35 @@
+package ini
+
+// isComment will return whether or not the next byte(s) is a
+// comment.
+func isComment(b []rune) bool {
+	if len(b) == 0 {
+		return false
+	}
+
+	switch b[0] {
+	case ';':
+		return true
+	case '#':
+		return true
+	}
+
+	return false
+}
+
+// newCommentToken will create a comment token and
+// return how many bytes were read.
+func newCommentToken(b []rune) (Token, int, error) {
+	i := 0
+	for ; i < len(b); i++ {
+		if b[i] == '\n' {
+			break
+		}
+
+		if len(b)-i > 2 && b[i] == '\r' && b[i+1] == '\n' {
+			break
+		}
+	}
+
+	return newToken(TokenComment, b[:i], NoneType), i, nil
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/ini/doc.go b/vendor/github.com/aws/aws-sdk-go/internal/ini/doc.go
new file mode 100644
index 000000000..1e55bbd07
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/internal/ini/doc.go
@@ -0,0 +1,42 @@
+// Package ini is an LL(1) parser for configuration files.
+//
+//	Example:
+//	sections, err := ini.OpenFile("/path/to/file")
+//	if err != nil {
+//		panic(err)
+//	}
+//
+//	profile := "foo"
+//	section, ok := sections.GetSection(profile)
+//	if !ok {
+//		fmt.Printf("section %q could not be found", profile)
+//	}
+//
+// Below is the BNF that describes this parser
+//  Grammar:
+//  stmt -> section | stmt'
+//  stmt' -> epsilon | expr
+//  expr -> value (stmt)* | equal_expr (stmt)*
+//  equal_expr -> value ( ':' | '=' ) equal_expr'
+//  equal_expr' -> number | string | quoted_string
+//  quoted_string -> " quoted_string'
+//  quoted_string' -> string quoted_string_end
+//  quoted_string_end -> "
+//
+//  section -> [ section'
+//  section' -> section_value section_close
+//  section_value -> number | string_subset | boolean | quoted_string_subset
+//  quoted_string_subset -> " quoted_string_subset'
+//  quoted_string_subset' -> string_subset quoted_string_end
+//  quoted_string_subset -> "
+//  section_close -> ]
+//
+//  value -> number | string_subset | boolean
+//  string -> ? UTF-8 Code-Points except '\n' (U+000A) and '\r\n' (U+000D U+000A) ?
+//  string_subset -> ? Code-points excepted by <string> grammar except ':' (U+003A), '=' (U+003D), '[' (U+005B), and ']' (U+005D) ?
+//
+//  SkipState will skip (NL WS)+
+//
+//  comment -> # comment' | ; comment'
+//  comment' -> epsilon | value
+package ini
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/ini/empty_token.go b/vendor/github.com/aws/aws-sdk-go/internal/ini/empty_token.go
new file mode 100644
index 000000000..04345a54c
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/internal/ini/empty_token.go
@@ -0,0 +1,4 @@
+package ini
+
+// emptyToken is used to satisfy the Token interface
+var emptyToken = newToken(TokenNone, []rune{}, NoneType)
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/ini/expression.go b/vendor/github.com/aws/aws-sdk-go/internal/ini/expression.go
new file mode 100644
index 000000000..91ba2a59d
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/internal/ini/expression.go
@@ -0,0 +1,24 @@
+package ini
+
+// newExpression will return an expression AST.
+// Expr represents an expression
+//
+//	grammar:
+//	expr -> string | number
+func newExpression(tok Token) AST {
+	return newASTWithRootToken(ASTKindExpr, tok)
+}
+
+func newEqualExpr(left AST, tok Token) AST {
+	return newASTWithRootToken(ASTKindEqualExpr, tok, left)
+}
+
+// EqualExprKey will return a LHS value in the equal expr
+func EqualExprKey(ast AST) string {
+	children := ast.GetChildren()
+	if len(children) == 0 || ast.Kind != ASTKindEqualExpr {
+		return ""
+	}
+
+	return string(children[0].Root.Raw())
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/ini/fuzz.go b/vendor/github.com/aws/aws-sdk-go/internal/ini/fuzz.go
new file mode 100644
index 000000000..6e545b63b
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/internal/ini/fuzz.go
@@ -0,0 +1,18 @@
+//go:build gofuzz
+// +build gofuzz
+
+package ini
+
+import (
+	"bytes"
+)
+
+func Fuzz(data []byte) int {
+	b := bytes.NewReader(data)
+
+	if _, err := Parse(b); err != nil {
+		return 0
+	}
+
+	return 1
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/ini/ini.go b/vendor/github.com/aws/aws-sdk-go/internal/ini/ini.go
new file mode 100644
index 000000000..3b0ca7afe
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/internal/ini/ini.go
@@ -0,0 +1,51 @@
+package ini
+
+import (
+	"io"
+	"os"
+
+	"github.com/aws/aws-sdk-go/aws/awserr"
+)
+
+// OpenFile takes a path to a given file, and will open  and parse
+// that file.
+func OpenFile(path string) (Sections, error) {
+	f, err := os.Open(path)
+	if err != nil {
+		return Sections{}, awserr.New(ErrCodeUnableToReadFile, "unable to open file", err)
+	}
+	defer f.Close()
+
+	return Parse(f)
+}
+
+// Parse will parse the given file using the shared config
+// visitor.
+func Parse(f io.Reader) (Sections, error) {
+	tree, err := ParseAST(f)
+	if err != nil {
+		return Sections{}, err
+	}
+
+	v := NewDefaultVisitor()
+	if err = Walk(tree, v); err != nil {
+		return Sections{}, err
+	}
+
+	return v.Sections, nil
+}
+
+// ParseBytes will parse the given bytes and return the parsed sections.
+func ParseBytes(b []byte) (Sections, error) {
+	tree, err := ParseASTBytes(b)
+	if err != nil {
+		return Sections{}, err
+	}
+
+	v := NewDefaultVisitor()
+	if err = Walk(tree, v); err != nil {
+		return Sections{}, err
+	}
+
+	return v.Sections, nil
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/ini/ini_lexer.go b/vendor/github.com/aws/aws-sdk-go/internal/ini/ini_lexer.go
new file mode 100644
index 000000000..582c024ad
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/internal/ini/ini_lexer.go
@@ -0,0 +1,165 @@
+package ini
+
+import (
+	"bytes"
+	"io"
+	"io/ioutil"
+
+	"github.com/aws/aws-sdk-go/aws/awserr"
+)
+
+const (
+	// ErrCodeUnableToReadFile is used when a file is failed to be
+	// opened or read from.
+	ErrCodeUnableToReadFile = "FailedRead"
+)
+
+// TokenType represents the various different tokens types
+type TokenType int
+
+func (t TokenType) String() string {
+	switch t {
+	case TokenNone:
+		return "none"
+	case TokenLit:
+		return "literal"
+	case TokenSep:
+		return "sep"
+	case TokenOp:
+		return "op"
+	case TokenWS:
+		return "ws"
+	case TokenNL:
+		return "newline"
+	case TokenComment:
+		return "comment"
+	case TokenComma:
+		return "comma"
+	default:
+		return ""
+	}
+}
+
+// TokenType enums
+const (
+	TokenNone = TokenType(iota)
+	TokenLit
+	TokenSep
+	TokenComma
+	TokenOp
+	TokenWS
+	TokenNL
+	TokenComment
+)
+
+type iniLexer struct{}
+
+// Tokenize will return a list of tokens during lexical analysis of the
+// io.Reader.
+func (l *iniLexer) Tokenize(r io.Reader) ([]Token, error) {
+	b, err := ioutil.ReadAll(r)
+	if err != nil {
+		return nil, awserr.New(ErrCodeUnableToReadFile, "unable to read file", err)
+	}
+
+	return l.tokenize(b)
+}
+
+func (l *iniLexer) tokenize(b []byte) ([]Token, error) {
+	runes := bytes.Runes(b)
+	var err error
+	n := 0
+	tokenAmount := countTokens(runes)
+	tokens := make([]Token, tokenAmount)
+	count := 0
+
+	for len(runes) > 0 && count < tokenAmount {
+		switch {
+		case isWhitespace(runes[0]):
+			tokens[count], n, err = newWSToken(runes)
+		case isComma(runes[0]):
+			tokens[count], n = newCommaToken(), 1
+		case isComment(runes):
+			tokens[count], n, err = newCommentToken(runes)
+		case isNewline(runes):
+			tokens[count], n, err = newNewlineToken(runes)
+		case isSep(runes):
+			tokens[count], n, err = newSepToken(runes)
+		case isOp(runes):
+			tokens[count], n, err = newOpToken(runes)
+		default:
+			tokens[count], n, err = newLitToken(runes)
+		}
+
+		if err != nil {
+			return nil, err
+		}
+
+		count++
+
+		runes = runes[n:]
+	}
+
+	return tokens[:count], nil
+}
+
+func countTokens(runes []rune) int {
+	count, n := 0, 0
+	var err error
+
+	for len(runes) > 0 {
+		switch {
+		case isWhitespace(runes[0]):
+			_, n, err = newWSToken(runes)
+		case isComma(runes[0]):
+			_, n = newCommaToken(), 1
+		case isComment(runes):
+			_, n, err = newCommentToken(runes)
+		case isNewline(runes):
+			_, n, err = newNewlineToken(runes)
+		case isSep(runes):
+			_, n, err = newSepToken(runes)
+		case isOp(runes):
+			_, n, err = newOpToken(runes)
+		default:
+			_, n, err = newLitToken(runes)
+		}
+
+		if err != nil {
+			return 0
+		}
+
+		count++
+		runes = runes[n:]
+	}
+
+	return count + 1
+}
+
+// Token indicates a metadata about a given value.
+type Token struct {
+	t         TokenType
+	ValueType ValueType
+	base      int
+	raw       []rune
+}
+
+var emptyValue = Value{}
+
+func newToken(t TokenType, raw []rune, v ValueType) Token {
+	return Token{
+		t:         t,
+		raw:       raw,
+		ValueType: v,
+	}
+}
+
+// Raw return the raw runes that were consumed
+func (tok Token) Raw() []rune {
+	return tok.raw
+}
+
+// Type returns the token type
+func (tok Token) Type() TokenType {
+	return tok.t
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/ini/ini_parser.go b/vendor/github.com/aws/aws-sdk-go/internal/ini/ini_parser.go
new file mode 100644
index 000000000..0ba319491
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/internal/ini/ini_parser.go
@@ -0,0 +1,350 @@
+package ini
+
+import (
+	"fmt"
+	"io"
+)
+
+// ParseState represents the current state of the parser.
+type ParseState uint
+
+// State enums for the parse table
+const (
+	InvalidState ParseState = iota
+	// stmt -> value stmt'
+	StatementState
+	// stmt' -> MarkComplete | op stmt
+	StatementPrimeState
+	// value -> number | string | boolean | quoted_string
+	ValueState
+	// section -> [ section'
+	OpenScopeState
+	// section' -> value section_close
+	SectionState
+	// section_close -> ]
+	CloseScopeState
+	// SkipState will skip (NL WS)+
+	SkipState
+	// SkipTokenState will skip any token and push the previous
+	// state onto the stack.
+	SkipTokenState
+	// comment -> # comment' | ; comment'
+	// comment' -> MarkComplete | value
+	CommentState
+	// MarkComplete state will complete statements and move that
+	// to the completed AST list
+	MarkCompleteState
+	// TerminalState signifies that the tokens have been fully parsed
+	TerminalState
+)
+
+// parseTable is a state machine to dictate the grammar above.
+var parseTable = map[ASTKind]map[TokenType]ParseState{
+	ASTKindStart: {
+		TokenLit:     StatementState,
+		TokenSep:     OpenScopeState,
+		TokenWS:      SkipTokenState,
+		TokenNL:      SkipTokenState,
+		TokenComment: CommentState,
+		TokenNone:    TerminalState,
+	},
+	ASTKindCommentStatement: {
+		TokenLit:     StatementState,
+		TokenSep:     OpenScopeState,
+		TokenWS:      SkipTokenState,
+		TokenNL:      SkipTokenState,
+		TokenComment: CommentState,
+		TokenNone:    MarkCompleteState,
+	},
+	ASTKindExpr: {
+		TokenOp:      StatementPrimeState,
+		TokenLit:     ValueState,
+		TokenSep:     OpenScopeState,
+		TokenWS:      ValueState,
+		TokenNL:      SkipState,
+		TokenComment: CommentState,
+		TokenNone:    MarkCompleteState,
+	},
+	ASTKindEqualExpr: {
+		TokenLit:  ValueState,
+		TokenSep:  ValueState,
+		TokenOp:   ValueState,
+		TokenWS:   SkipTokenState,
+		TokenNL:   SkipState,
+		TokenNone: SkipState,
+	},
+	ASTKindStatement: {
+		TokenLit:     SectionState,
+		TokenSep:     CloseScopeState,
+		TokenWS:      SkipTokenState,
+		TokenNL:      SkipTokenState,
+		TokenComment: CommentState,
+		TokenNone:    MarkCompleteState,
+	},
+	ASTKindExprStatement: {
+		TokenLit:     ValueState,
+		TokenSep:     ValueState,
+		TokenOp:      ValueState,
+		TokenWS:      ValueState,
+		TokenNL:      MarkCompleteState,
+		TokenComment: CommentState,
+		TokenNone:    TerminalState,
+		TokenComma:   SkipState,
+	},
+	ASTKindSectionStatement: {
+		TokenLit: SectionState,
+		TokenOp:  SectionState,
+		TokenSep: CloseScopeState,
+		TokenWS:  SectionState,
+		TokenNL:  SkipTokenState,
+	},
+	ASTKindCompletedSectionStatement: {
+		TokenWS:      SkipTokenState,
+		TokenNL:      SkipTokenState,
+		TokenLit:     StatementState,
+		TokenSep:     OpenScopeState,
+		TokenComment: CommentState,
+		TokenNone:    MarkCompleteState,
+	},
+	ASTKindSkipStatement: {
+		TokenLit:     StatementState,
+		TokenSep:     OpenScopeState,
+		TokenWS:      SkipTokenState,
+		TokenNL:      SkipTokenState,
+		TokenComment: CommentState,
+		TokenNone:    TerminalState,
+	},
+}
+
+// ParseAST will parse input from an io.Reader using
+// an LL(1) parser.
+func ParseAST(r io.Reader) ([]AST, error) {
+	lexer := iniLexer{}
+	tokens, err := lexer.Tokenize(r)
+	if err != nil {
+		return []AST{}, err
+	}
+
+	return parse(tokens)
+}
+
+// ParseASTBytes will parse input from a byte slice using
+// an LL(1) parser.
+func ParseASTBytes(b []byte) ([]AST, error) {
+	lexer := iniLexer{}
+	tokens, err := lexer.tokenize(b)
+	if err != nil {
+		return []AST{}, err
+	}
+
+	return parse(tokens)
+}
+
+func parse(tokens []Token) ([]AST, error) {
+	start := Start
+	stack := newParseStack(3, len(tokens))
+
+	stack.Push(start)
+	s := newSkipper()
+
+loop:
+	for stack.Len() > 0 {
+		k := stack.Pop()
+
+		var tok Token
+		if len(tokens) == 0 {
+			// this occurs when all the tokens have been processed
+			// but reduction of what's left on the stack needs to
+			// occur.
+			tok = emptyToken
+		} else {
+			tok = tokens[0]
+		}
+
+		step := parseTable[k.Kind][tok.Type()]
+		if s.ShouldSkip(tok) {
+			// being in a skip state with no tokens will break out of
+			// the parse loop since there is nothing left to process.
+			if len(tokens) == 0 {
+				break loop
+			}
+			// if should skip is true, we skip the tokens until should skip is set to false.
+			step = SkipTokenState
+		}
+
+		switch step {
+		case TerminalState:
+			// Finished parsing. Push what should be the last
+			// statement to the stack. If there is anything left
+			// on the stack, an error in parsing has occurred.
+			if k.Kind != ASTKindStart {
+				stack.MarkComplete(k)
+			}
+			break loop
+		case SkipTokenState:
+			// When skipping a token, the previous state was popped off the stack.
+			// To maintain the correct state, the previous state will be pushed
+			// onto the stack.
+			stack.Push(k)
+		case StatementState:
+			if k.Kind != ASTKindStart {
+				stack.MarkComplete(k)
+			}
+			expr := newExpression(tok)
+			stack.Push(expr)
+		case StatementPrimeState:
+			if tok.Type() != TokenOp {
+				stack.MarkComplete(k)
+				continue
+			}
+
+			if k.Kind != ASTKindExpr {
+				return nil, NewParseError(
+					fmt.Sprintf("invalid expression: expected Expr type, but found %T type", k),
+				)
+			}
+
+			k = trimSpaces(k)
+			expr := newEqualExpr(k, tok)
+			stack.Push(expr)
+		case ValueState:
+			// ValueState requires the previous state to either be an equal expression
+			// or an expression statement.
+			switch k.Kind {
+			case ASTKindEqualExpr:
+				// assigning a value to some key
+				k.AppendChild(newExpression(tok))
+				stack.Push(newExprStatement(k))
+			case ASTKindExpr:
+				k.Root.raw = append(k.Root.raw, tok.Raw()...)
+				stack.Push(k)
+			case ASTKindExprStatement:
+				root := k.GetRoot()
+				children := root.GetChildren()
+				if len(children) == 0 {
+					return nil, NewParseError(
+						fmt.Sprintf("invalid expression: AST contains no children %s", k.Kind),
+					)
+				}
+
+				rhs := children[len(children)-1]
+
+				if rhs.Root.ValueType != QuotedStringType {
+					rhs.Root.ValueType = StringType
+					rhs.Root.raw = append(rhs.Root.raw, tok.Raw()...)
+
+				}
+
+				children[len(children)-1] = rhs
+				root.SetChildren(children)
+
+				stack.Push(k)
+			}
+		case OpenScopeState:
+			if !runeCompare(tok.Raw(), openBrace) {
+				return nil, NewParseError("expected '['")
+			}
+			// If OpenScopeState is not at the start, we must mark the previous ast as complete
+			//
+			// for example: if previous ast was a skip statement;
+			// we should mark it as complete before we create a new statement
+			if k.Kind != ASTKindStart {
+				stack.MarkComplete(k)
+			}
+
+			stmt := newStatement()
+			stack.Push(stmt)
+		case CloseScopeState:
+			if !runeCompare(tok.Raw(), closeBrace) {
+				return nil, NewParseError("expected ']'")
+			}
+
+			k = trimSpaces(k)
+			stack.Push(newCompletedSectionStatement(k))
+		case SectionState:
+			var stmt AST
+
+			switch k.Kind {
+			case ASTKindStatement:
+				// If there are multiple literals inside of a scope declaration,
+				// then the current token's raw value will be appended to the Name.
+				//
+				// This handles cases like [ profile default ]
+				//
+				// k will represent a SectionStatement with the children representing
+				// the label of the section
+				stmt = newSectionStatement(tok)
+			case ASTKindSectionStatement:
+				k.Root.raw = append(k.Root.raw, tok.Raw()...)
+				stmt = k
+			default:
+				return nil, NewParseError(
+					fmt.Sprintf("invalid statement: expected statement: %v", k.Kind),
+				)
+			}
+
+			stack.Push(stmt)
+		case MarkCompleteState:
+			if k.Kind != ASTKindStart {
+				stack.MarkComplete(k)
+			}
+
+			if stack.Len() == 0 {
+				stack.Push(start)
+			}
+		case SkipState:
+			stack.Push(newSkipStatement(k))
+			s.Skip()
+		case CommentState:
+			if k.Kind == ASTKindStart {
+				stack.Push(k)
+			} else {
+				stack.MarkComplete(k)
+			}
+
+			stmt := newCommentStatement(tok)
+			stack.Push(stmt)
+		default:
+			return nil, NewParseError(
+				fmt.Sprintf("invalid state with ASTKind %v and TokenType %v",
+					k, tok.Type()))
+		}
+
+		if len(tokens) > 0 {
+			tokens = tokens[1:]
+		}
+	}
+
+	// this occurs when a statement has not been completed
+	if stack.top > 1 {
+		return nil, NewParseError(fmt.Sprintf("incomplete ini expression"))
+	}
+
+	// returns a sublist which excludes the start symbol
+	return stack.List(), nil
+}
+
+// trimSpaces will trim spaces on the left and right hand side of
+// the literal.
+func trimSpaces(k AST) AST {
+	// trim left hand side of spaces
+	for i := 0; i < len(k.Root.raw); i++ {
+		if !isWhitespace(k.Root.raw[i]) {
+			break
+		}
+
+		k.Root.raw = k.Root.raw[1:]
+		i--
+	}
+
+	// trim right hand side of spaces
+	for i := len(k.Root.raw) - 1; i >= 0; i-- {
+		if !isWhitespace(k.Root.raw[i]) {
+			break
+		}
+
+		k.Root.raw = k.Root.raw[:len(k.Root.raw)-1]
+	}
+
+	return k
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/ini/literal_tokens.go b/vendor/github.com/aws/aws-sdk-go/internal/ini/literal_tokens.go
new file mode 100644
index 000000000..34a481afb
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/internal/ini/literal_tokens.go
@@ -0,0 +1,340 @@
+package ini
+
+import (
+	"fmt"
+	"strconv"
+	"strings"
+	"unicode"
+)
+
+var (
+	runesTrue  = []rune("true")
+	runesFalse = []rune("false")
+)
+
+var literalValues = [][]rune{
+	runesTrue,
+	runesFalse,
+}
+
+func isBoolValue(b []rune) bool {
+	for _, lv := range literalValues {
+		if isCaselessLitValue(lv, b) {
+			return true
+		}
+	}
+	return false
+}
+
+func isLitValue(want, have []rune) bool {
+	if len(have) < len(want) {
+		return false
+	}
+
+	for i := 0; i < len(want); i++ {
+		if want[i] != have[i] {
+			return false
+		}
+	}
+
+	return true
+}
+
+// isCaselessLitValue is a caseless value comparison, assumes want is already lower-cased for efficiency.
+func isCaselessLitValue(want, have []rune) bool {
+	if len(have) < len(want) {
+		return false
+	}
+
+	for i := 0; i < len(want); i++ {
+		if want[i] != unicode.ToLower(have[i]) {
+			return false
+		}
+	}
+
+	return true
+}
+
+// isNumberValue will return whether not the leading characters in
+// a byte slice is a number. A number is delimited by whitespace or
+// the newline token.
+//
+// A number is defined to be in a binary, octal, decimal (int | float), hex format,
+// or in scientific notation.
+func isNumberValue(b []rune) bool {
+	negativeIndex := 0
+	helper := numberHelper{}
+	needDigit := false
+
+	for i := 0; i < len(b); i++ {
+		negativeIndex++
+
+		switch b[i] {
+		case '-':
+			if helper.IsNegative() || negativeIndex != 1 {
+				return false
+			}
+			helper.Determine(b[i])
+			needDigit = true
+			continue
+		case 'e', 'E':
+			if err := helper.Determine(b[i]); err != nil {
+				return false
+			}
+			negativeIndex = 0
+			needDigit = true
+			continue
+		case 'b':
+			if helper.numberFormat == hex {
+				break
+			}
+			fallthrough
+		case 'o', 'x':
+			needDigit = true
+			if i == 0 {
+				return false
+			}
+
+			fallthrough
+		case '.':
+			if err := helper.Determine(b[i]); err != nil {
+				return false
+			}
+			needDigit = true
+			continue
+		}
+
+		if i > 0 && (isNewline(b[i:]) || isWhitespace(b[i])) {
+			return !needDigit
+		}
+
+		if !helper.CorrectByte(b[i]) {
+			return false
+		}
+		needDigit = false
+	}
+
+	return !needDigit
+}
+
+func isValid(b []rune) (bool, int, error) {
+	if len(b) == 0 {
+		// TODO: should probably return an error
+		return false, 0, nil
+	}
+
+	return isValidRune(b[0]), 1, nil
+}
+
+func isValidRune(r rune) bool {
+	return r != ':' && r != '=' && r != '[' && r != ']' && r != ' ' && r != '\n'
+}
+
+// ValueType is an enum that will signify what type
+// the Value is
+type ValueType int
+
+func (v ValueType) String() string {
+	switch v {
+	case NoneType:
+		return "NONE"
+	case DecimalType:
+		return "FLOAT"
+	case IntegerType:
+		return "INT"
+	case StringType:
+		return "STRING"
+	case BoolType:
+		return "BOOL"
+	}
+
+	return ""
+}
+
+// ValueType enums
+const (
+	NoneType = ValueType(iota)
+	DecimalType
+	IntegerType
+	StringType
+	QuotedStringType
+	BoolType
+)
+
+// Value is a union container
+type Value struct {
+	Type ValueType
+	raw  []rune
+
+	integer int64
+	decimal float64
+	boolean bool
+	str     string
+}
+
+func newValue(t ValueType, base int, raw []rune) (Value, error) {
+	v := Value{
+		Type: t,
+		raw:  raw,
+	}
+	var err error
+
+	switch t {
+	case DecimalType:
+		v.decimal, err = strconv.ParseFloat(string(raw), 64)
+	case IntegerType:
+		if base != 10 {
+			raw = raw[2:]
+		}
+
+		v.integer, err = strconv.ParseInt(string(raw), base, 64)
+	case StringType:
+		v.str = string(raw)
+	case QuotedStringType:
+		v.str = string(raw[1 : len(raw)-1])
+	case BoolType:
+		v.boolean = isCaselessLitValue(runesTrue, v.raw)
+	}
+
+	// issue 2253
+	//
+	// if the value trying to be parsed is too large, then we will use
+	// the 'StringType' and raw value instead.
+	if nerr, ok := err.(*strconv.NumError); ok && nerr.Err == strconv.ErrRange {
+		v.Type = StringType
+		v.str = string(raw)
+		err = nil
+	}
+
+	return v, err
+}
+
+// Append will append values and change the type to a string
+// type.
+func (v *Value) Append(tok Token) {
+	r := tok.Raw()
+	if v.Type != QuotedStringType {
+		v.Type = StringType
+		r = tok.raw[1 : len(tok.raw)-1]
+	}
+	if tok.Type() != TokenLit {
+		v.raw = append(v.raw, tok.Raw()...)
+	} else {
+		v.raw = append(v.raw, r...)
+	}
+}
+
+func (v Value) String() string {
+	switch v.Type {
+	case DecimalType:
+		return fmt.Sprintf("decimal: %f", v.decimal)
+	case IntegerType:
+		return fmt.Sprintf("integer: %d", v.integer)
+	case StringType:
+		return fmt.Sprintf("string: %s", string(v.raw))
+	case QuotedStringType:
+		return fmt.Sprintf("quoted string: %s", string(v.raw))
+	case BoolType:
+		return fmt.Sprintf("bool: %t", v.boolean)
+	default:
+		return "union not set"
+	}
+}
+
+func newLitToken(b []rune) (Token, int, error) {
+	n := 0
+	var err error
+
+	token := Token{}
+	if b[0] == '"' {
+		n, err = getStringValue(b)
+		if err != nil {
+			return token, n, err
+		}
+
+		token = newToken(TokenLit, b[:n], QuotedStringType)
+	} else if isNumberValue(b) {
+		var base int
+		base, n, err = getNumericalValue(b)
+		if err != nil {
+			return token, 0, err
+		}
+
+		value := b[:n]
+		vType := IntegerType
+		if contains(value, '.') || hasExponent(value) {
+			vType = DecimalType
+		}
+		token = newToken(TokenLit, value, vType)
+		token.base = base
+	} else if isBoolValue(b) {
+		n, err = getBoolValue(b)
+
+		token = newToken(TokenLit, b[:n], BoolType)
+	} else {
+		n, err = getValue(b)
+		token = newToken(TokenLit, b[:n], StringType)
+	}
+
+	return token, n, err
+}
+
+// IntValue returns an integer value
+func (v Value) IntValue() int64 {
+	return v.integer
+}
+
+// FloatValue returns a float value
+func (v Value) FloatValue() float64 {
+	return v.decimal
+}
+
+// BoolValue returns a bool value
+func (v Value) BoolValue() bool {
+	return v.boolean
+}
+
+func isTrimmable(r rune) bool {
+	switch r {
+	case '\n', ' ':
+		return true
+	}
+	return false
+}
+
+// StringValue returns the string value
+func (v Value) StringValue() string {
+	switch v.Type {
+	case StringType:
+		return strings.TrimFunc(string(v.raw), isTrimmable)
+	case QuotedStringType:
+		// preserve all characters in the quotes
+		return string(removeEscapedCharacters(v.raw[1 : len(v.raw)-1]))
+	default:
+		return strings.TrimFunc(string(v.raw), isTrimmable)
+	}
+}
+
+func contains(runes []rune, c rune) bool {
+	for i := 0; i < len(runes); i++ {
+		if runes[i] == c {
+			return true
+		}
+	}
+
+	return false
+}
+
+func runeCompare(v1 []rune, v2 []rune) bool {
+	if len(v1) != len(v2) {
+		return false
+	}
+
+	for i := 0; i < len(v1); i++ {
+		if v1[i] != v2[i] {
+			return false
+		}
+	}
+
+	return true
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/ini/newline_token.go b/vendor/github.com/aws/aws-sdk-go/internal/ini/newline_token.go
new file mode 100644
index 000000000..e52ac399f
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/internal/ini/newline_token.go
@@ -0,0 +1,30 @@
+package ini
+
+func isNewline(b []rune) bool {
+	if len(b) == 0 {
+		return false
+	}
+
+	if b[0] == '\n' {
+		return true
+	}
+
+	if len(b) < 2 {
+		return false
+	}
+
+	return b[0] == '\r' && b[1] == '\n'
+}
+
+func newNewlineToken(b []rune) (Token, int, error) {
+	i := 1
+	if b[0] == '\r' && isNewline(b[1:]) {
+		i++
+	}
+
+	if !isNewline([]rune(b[:i])) {
+		return emptyToken, 0, NewParseError("invalid new line token")
+	}
+
+	return newToken(TokenNL, b[:i], NoneType), i, nil
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/ini/number_helper.go b/vendor/github.com/aws/aws-sdk-go/internal/ini/number_helper.go
new file mode 100644
index 000000000..a45c0bc56
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/internal/ini/number_helper.go
@@ -0,0 +1,152 @@
+package ini
+
+import (
+	"bytes"
+	"fmt"
+	"strconv"
+)
+
+const (
+	none = numberFormat(iota)
+	binary
+	octal
+	decimal
+	hex
+	exponent
+)
+
+type numberFormat int
+
+// numberHelper is used to dictate what format a number is in
+// and what to do for negative values. Since -1e-4 is a valid
+// number, we cannot just simply check for duplicate negatives.
+type numberHelper struct {
+	numberFormat numberFormat
+
+	negative         bool
+	negativeExponent bool
+}
+
+func (b numberHelper) Exists() bool {
+	return b.numberFormat != none
+}
+
+func (b numberHelper) IsNegative() bool {
+	return b.negative || b.negativeExponent
+}
+
+func (b *numberHelper) Determine(c rune) error {
+	if b.Exists() {
+		return NewParseError(fmt.Sprintf("multiple number formats: 0%v", string(c)))
+	}
+
+	switch c {
+	case 'b':
+		b.numberFormat = binary
+	case 'o':
+		b.numberFormat = octal
+	case 'x':
+		b.numberFormat = hex
+	case 'e', 'E':
+		b.numberFormat = exponent
+	case '-':
+		if b.numberFormat != exponent {
+			b.negative = true
+		} else {
+			b.negativeExponent = true
+		}
+	case '.':
+		b.numberFormat = decimal
+	default:
+		return NewParseError(fmt.Sprintf("invalid number character: %v", string(c)))
+	}
+
+	return nil
+}
+
+func (b numberHelper) CorrectByte(c rune) bool {
+	switch {
+	case b.numberFormat == binary:
+		if !isBinaryByte(c) {
+			return false
+		}
+	case b.numberFormat == octal:
+		if !isOctalByte(c) {
+			return false
+		}
+	case b.numberFormat == hex:
+		if !isHexByte(c) {
+			return false
+		}
+	case b.numberFormat == decimal:
+		if !isDigit(c) {
+			return false
+		}
+	case b.numberFormat == exponent:
+		if !isDigit(c) {
+			return false
+		}
+	case b.negativeExponent:
+		if !isDigit(c) {
+			return false
+		}
+	case b.negative:
+		if !isDigit(c) {
+			return false
+		}
+	default:
+		if !isDigit(c) {
+			return false
+		}
+	}
+
+	return true
+}
+
+func (b numberHelper) Base() int {
+	switch b.numberFormat {
+	case binary:
+		return 2
+	case octal:
+		return 8
+	case hex:
+		return 16
+	default:
+		return 10
+	}
+}
+
+func (b numberHelper) String() string {
+	buf := bytes.Buffer{}
+	i := 0
+
+	switch b.numberFormat {
+	case binary:
+		i++
+		buf.WriteString(strconv.Itoa(i) + ": binary format\n")
+	case octal:
+		i++
+		buf.WriteString(strconv.Itoa(i) + ": octal format\n")
+	case hex:
+		i++
+		buf.WriteString(strconv.Itoa(i) + ": hex format\n")
+	case exponent:
+		i++
+		buf.WriteString(strconv.Itoa(i) + ": exponent format\n")
+	default:
+		i++
+		buf.WriteString(strconv.Itoa(i) + ": integer format\n")
+	}
+
+	if b.negative {
+		i++
+		buf.WriteString(strconv.Itoa(i) + ": negative format\n")
+	}
+
+	if b.negativeExponent {
+		i++
+		buf.WriteString(strconv.Itoa(i) + ": negative exponent format\n")
+	}
+
+	return buf.String()
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/ini/op_tokens.go b/vendor/github.com/aws/aws-sdk-go/internal/ini/op_tokens.go
new file mode 100644
index 000000000..8a84c7cbe
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/internal/ini/op_tokens.go
@@ -0,0 +1,39 @@
+package ini
+
+import (
+	"fmt"
+)
+
+var (
+	equalOp      = []rune("=")
+	equalColonOp = []rune(":")
+)
+
+func isOp(b []rune) bool {
+	if len(b) == 0 {
+		return false
+	}
+
+	switch b[0] {
+	case '=':
+		return true
+	case ':':
+		return true
+	default:
+		return false
+	}
+}
+
+func newOpToken(b []rune) (Token, int, error) {
+	tok := Token{}
+
+	switch b[0] {
+	case '=':
+		tok = newToken(TokenOp, equalOp, NoneType)
+	case ':':
+		tok = newToken(TokenOp, equalColonOp, NoneType)
+	default:
+		return tok, 0, NewParseError(fmt.Sprintf("unexpected op type, %v", b[0]))
+	}
+	return tok, 1, nil
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/ini/parse_error.go b/vendor/github.com/aws/aws-sdk-go/internal/ini/parse_error.go
new file mode 100644
index 000000000..457287019
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/internal/ini/parse_error.go
@@ -0,0 +1,43 @@
+package ini
+
+import "fmt"
+
+const (
+	// ErrCodeParseError is returned when a parsing error
+	// has occurred.
+	ErrCodeParseError = "INIParseError"
+)
+
+// ParseError is an error which is returned during any part of
+// the parsing process.
+type ParseError struct {
+	msg string
+}
+
+// NewParseError will return a new ParseError where message
+// is the description of the error.
+func NewParseError(message string) *ParseError {
+	return &ParseError{
+		msg: message,
+	}
+}
+
+// Code will return the ErrCodeParseError
+func (err *ParseError) Code() string {
+	return ErrCodeParseError
+}
+
+// Message returns the error's message
+func (err *ParseError) Message() string {
+	return err.msg
+}
+
+// OrigError return nothing since there will never be any
+// original error.
+func (err *ParseError) OrigError() error {
+	return nil
+}
+
+func (err *ParseError) Error() string {
+	return fmt.Sprintf("%s: %s", err.Code(), err.Message())
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/ini/parse_stack.go b/vendor/github.com/aws/aws-sdk-go/internal/ini/parse_stack.go
new file mode 100644
index 000000000..7f01cf7c7
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/internal/ini/parse_stack.go
@@ -0,0 +1,60 @@
+package ini
+
+import (
+	"bytes"
+	"fmt"
+)
+
+// ParseStack is a stack that contains a container, the stack portion,
+// and the list which is the list of ASTs that have been successfully
+// parsed.
+type ParseStack struct {
+	top       int
+	container []AST
+	list      []AST
+	index     int
+}
+
+func newParseStack(sizeContainer, sizeList int) ParseStack {
+	return ParseStack{
+		container: make([]AST, sizeContainer),
+		list:      make([]AST, sizeList),
+	}
+}
+
+// Pop will return and truncate the last container element.
+func (s *ParseStack) Pop() AST {
+	s.top--
+	return s.container[s.top]
+}
+
+// Push will add the new AST to the container
+func (s *ParseStack) Push(ast AST) {
+	s.container[s.top] = ast
+	s.top++
+}
+
+// MarkComplete will append the AST to the list of completed statements
+func (s *ParseStack) MarkComplete(ast AST) {
+	s.list[s.index] = ast
+	s.index++
+}
+
+// List will return the completed statements
+func (s ParseStack) List() []AST {
+	return s.list[:s.index]
+}
+
+// Len will return the length of the container
+func (s *ParseStack) Len() int {
+	return s.top
+}
+
+func (s ParseStack) String() string {
+	buf := bytes.Buffer{}
+	for i, node := range s.list {
+		buf.WriteString(fmt.Sprintf("%d: %v\n", i+1, node))
+	}
+
+	return buf.String()
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/ini/sep_tokens.go b/vendor/github.com/aws/aws-sdk-go/internal/ini/sep_tokens.go
new file mode 100644
index 000000000..f82095ba2
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/internal/ini/sep_tokens.go
@@ -0,0 +1,41 @@
+package ini
+
+import (
+	"fmt"
+)
+
+var (
+	emptyRunes = []rune{}
+)
+
+func isSep(b []rune) bool {
+	if len(b) == 0 {
+		return false
+	}
+
+	switch b[0] {
+	case '[', ']':
+		return true
+	default:
+		return false
+	}
+}
+
+var (
+	openBrace  = []rune("[")
+	closeBrace = []rune("]")
+)
+
+func newSepToken(b []rune) (Token, int, error) {
+	tok := Token{}
+
+	switch b[0] {
+	case '[':
+		tok = newToken(TokenSep, openBrace, NoneType)
+	case ']':
+		tok = newToken(TokenSep, closeBrace, NoneType)
+	default:
+		return tok, 0, NewParseError(fmt.Sprintf("unexpected sep type, %v", b[0]))
+	}
+	return tok, 1, nil
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/ini/skipper.go b/vendor/github.com/aws/aws-sdk-go/internal/ini/skipper.go
new file mode 100644
index 000000000..da7a4049c
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/internal/ini/skipper.go
@@ -0,0 +1,45 @@
+package ini
+
+// skipper is used to skip certain blocks of an ini file.
+// Currently skipper is used to skip nested blocks of ini
+// files. See example below
+//
+//	[ foo ]
+//	nested = ; this section will be skipped
+//		a=b
+//		c=d
+//	bar=baz ; this will be included
+type skipper struct {
+	shouldSkip bool
+	TokenSet   bool
+	prevTok    Token
+}
+
+func newSkipper() skipper {
+	return skipper{
+		prevTok: emptyToken,
+	}
+}
+
+func (s *skipper) ShouldSkip(tok Token) bool {
+	// should skip state will be modified only if previous token was new line (NL);
+	// and the current token is not WhiteSpace (WS).
+	if s.shouldSkip &&
+		s.prevTok.Type() == TokenNL &&
+		tok.Type() != TokenWS {
+		s.Continue()
+		return false
+	}
+	s.prevTok = tok
+	return s.shouldSkip
+}
+
+func (s *skipper) Skip() {
+	s.shouldSkip = true
+}
+
+func (s *skipper) Continue() {
+	s.shouldSkip = false
+	// empty token is assigned as we return to default state, when should skip is false
+	s.prevTok = emptyToken
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/ini/statement.go b/vendor/github.com/aws/aws-sdk-go/internal/ini/statement.go
new file mode 100644
index 000000000..18f3fe893
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/internal/ini/statement.go
@@ -0,0 +1,35 @@
+package ini
+
+// Statement is an empty AST mostly used for transitioning states.
+func newStatement() AST {
+	return newAST(ASTKindStatement, AST{})
+}
+
+// SectionStatement represents a section AST
+func newSectionStatement(tok Token) AST {
+	return newASTWithRootToken(ASTKindSectionStatement, tok)
+}
+
+// ExprStatement represents a completed expression AST
+func newExprStatement(ast AST) AST {
+	return newAST(ASTKindExprStatement, ast)
+}
+
+// CommentStatement represents a comment in the ini definition.
+//
+//	grammar:
+//	comment -> #comment' | ;comment'
+//	comment' -> epsilon | value
+func newCommentStatement(tok Token) AST {
+	return newAST(ASTKindCommentStatement, newExpression(tok))
+}
+
+// CompletedSectionStatement represents a completed section
+func newCompletedSectionStatement(ast AST) AST {
+	return newAST(ASTKindCompletedSectionStatement, ast)
+}
+
+// SkipStatement is used to skip whole statements
+func newSkipStatement(ast AST) AST {
+	return newAST(ASTKindSkipStatement, ast)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/ini/value_util.go b/vendor/github.com/aws/aws-sdk-go/internal/ini/value_util.go
new file mode 100644
index 000000000..b5480fdeb
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/internal/ini/value_util.go
@@ -0,0 +1,284 @@
+package ini
+
+import (
+	"fmt"
+)
+
+// getStringValue will return a quoted string and the amount
+// of bytes read
+//
+// an error will be returned if the string is not properly formatted
+func getStringValue(b []rune) (int, error) {
+	if b[0] != '"' {
+		return 0, NewParseError("strings must start with '\"'")
+	}
+
+	endQuote := false
+	i := 1
+
+	for ; i < len(b) && !endQuote; i++ {
+		if escaped := isEscaped(b[:i], b[i]); b[i] == '"' && !escaped {
+			endQuote = true
+			break
+		} else if escaped {
+			/*c, err := getEscapedByte(b[i])
+			if err != nil {
+				return 0, err
+			}
+
+			b[i-1] = c
+			b = append(b[:i], b[i+1:]...)
+			i--*/
+
+			continue
+		}
+	}
+
+	if !endQuote {
+		return 0, NewParseError("missing '\"' in string value")
+	}
+
+	return i + 1, nil
+}
+
+// getBoolValue will return a boolean and the amount
+// of bytes read
+//
+// an error will be returned if the boolean is not of a correct
+// value
+func getBoolValue(b []rune) (int, error) {
+	if len(b) < 4 {
+		return 0, NewParseError("invalid boolean value")
+	}
+
+	n := 0
+	for _, lv := range literalValues {
+		if len(lv) > len(b) {
+			continue
+		}
+
+		if isCaselessLitValue(lv, b) {
+			n = len(lv)
+		}
+	}
+
+	if n == 0 {
+		return 0, NewParseError("invalid boolean value")
+	}
+
+	return n, nil
+}
+
+// getNumericalValue will return a numerical string, the amount
+// of bytes read, and the base of the number
+//
+// an error will be returned if the number is not of a correct
+// value
+func getNumericalValue(b []rune) (int, int, error) {
+	if !isDigit(b[0]) {
+		return 0, 0, NewParseError("invalid digit value")
+	}
+
+	i := 0
+	helper := numberHelper{}
+
+loop:
+	for negativeIndex := 0; i < len(b); i++ {
+		negativeIndex++
+
+		if !isDigit(b[i]) {
+			switch b[i] {
+			case '-':
+				if helper.IsNegative() || negativeIndex != 1 {
+					return 0, 0, NewParseError("parse error '-'")
+				}
+
+				n := getNegativeNumber(b[i:])
+				i += (n - 1)
+				helper.Determine(b[i])
+				continue
+			case '.':
+				if err := helper.Determine(b[i]); err != nil {
+					return 0, 0, err
+				}
+			case 'e', 'E':
+				if err := helper.Determine(b[i]); err != nil {
+					return 0, 0, err
+				}
+
+				negativeIndex = 0
+			case 'b':
+				if helper.numberFormat == hex {
+					break
+				}
+				fallthrough
+			case 'o', 'x':
+				if i == 0 && b[i] != '0' {
+					return 0, 0, NewParseError("incorrect base format, expected leading '0'")
+				}
+
+				if i != 1 {
+					return 0, 0, NewParseError(fmt.Sprintf("incorrect base format found %s at %d index", string(b[i]), i))
+				}
+
+				if err := helper.Determine(b[i]); err != nil {
+					return 0, 0, err
+				}
+			default:
+				if isWhitespace(b[i]) {
+					break loop
+				}
+
+				if isNewline(b[i:]) {
+					break loop
+				}
+
+				if !(helper.numberFormat == hex && isHexByte(b[i])) {
+					if i+2 < len(b) && !isNewline(b[i:i+2]) {
+						return 0, 0, NewParseError("invalid numerical character")
+					} else if !isNewline([]rune{b[i]}) {
+						return 0, 0, NewParseError("invalid numerical character")
+					}
+
+					break loop
+				}
+			}
+		}
+	}
+
+	return helper.Base(), i, nil
+}
+
+// isDigit will return whether or not something is an integer
+func isDigit(b rune) bool {
+	return b >= '0' && b <= '9'
+}
+
+func hasExponent(v []rune) bool {
+	return contains(v, 'e') || contains(v, 'E')
+}
+
+func isBinaryByte(b rune) bool {
+	switch b {
+	case '0', '1':
+		return true
+	default:
+		return false
+	}
+}
+
+func isOctalByte(b rune) bool {
+	switch b {
+	case '0', '1', '2', '3', '4', '5', '6', '7':
+		return true
+	default:
+		return false
+	}
+}
+
+func isHexByte(b rune) bool {
+	if isDigit(b) {
+		return true
+	}
+	return (b >= 'A' && b <= 'F') ||
+		(b >= 'a' && b <= 'f')
+}
+
+func getValue(b []rune) (int, error) {
+	i := 0
+
+	for i < len(b) {
+		if isNewline(b[i:]) {
+			break
+		}
+
+		if isOp(b[i:]) {
+			break
+		}
+
+		valid, n, err := isValid(b[i:])
+		if err != nil {
+			return 0, err
+		}
+
+		if !valid {
+			break
+		}
+
+		i += n
+	}
+
+	return i, nil
+}
+
+// getNegativeNumber will return a negative number from a
+// byte slice. This will iterate through all characters until
+// a non-digit has been found.
+func getNegativeNumber(b []rune) int {
+	if b[0] != '-' {
+		return 0
+	}
+
+	i := 1
+	for ; i < len(b); i++ {
+		if !isDigit(b[i]) {
+			return i
+		}
+	}
+
+	return i
+}
+
+// isEscaped will return whether or not the character is an escaped
+// character.
+func isEscaped(value []rune, b rune) bool {
+	if len(value) == 0 {
+		return false
+	}
+
+	switch b {
+	case '\'': // single quote
+	case '"': // quote
+	case 'n': // newline
+	case 't': // tab
+	case '\\': // backslash
+	default:
+		return false
+	}
+
+	return value[len(value)-1] == '\\'
+}
+
+func getEscapedByte(b rune) (rune, error) {
+	switch b {
+	case '\'': // single quote
+		return '\'', nil
+	case '"': // quote
+		return '"', nil
+	case 'n': // newline
+		return '\n', nil
+	case 't': // table
+		return '\t', nil
+	case '\\': // backslash
+		return '\\', nil
+	default:
+		return b, NewParseError(fmt.Sprintf("invalid escaped character %c", b))
+	}
+}
+
+func removeEscapedCharacters(b []rune) []rune {
+	for i := 0; i < len(b); i++ {
+		if isEscaped(b[:i], b[i]) {
+			c, err := getEscapedByte(b[i])
+			if err != nil {
+				return b
+			}
+
+			b[i-1] = c
+			b = append(b[:i], b[i+1:]...)
+			i--
+		}
+	}
+
+	return b
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/ini/visitor.go b/vendor/github.com/aws/aws-sdk-go/internal/ini/visitor.go
new file mode 100644
index 000000000..081cf4334
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/internal/ini/visitor.go
@@ -0,0 +1,169 @@
+package ini
+
+import (
+	"fmt"
+	"sort"
+)
+
+// Visitor is an interface used by walkers that will
+// traverse an array of ASTs.
+type Visitor interface {
+	VisitExpr(AST) error
+	VisitStatement(AST) error
+}
+
+// DefaultVisitor is used to visit statements and expressions
+// and ensure that they are both of the correct format.
+// In addition, upon visiting this will build sections and populate
+// the Sections field which can be used to retrieve profile
+// configuration.
+type DefaultVisitor struct {
+	scope    string
+	Sections Sections
+}
+
+// NewDefaultVisitor return a DefaultVisitor
+func NewDefaultVisitor() *DefaultVisitor {
+	return &DefaultVisitor{
+		Sections: Sections{
+			container: map[string]Section{},
+		},
+	}
+}
+
+// VisitExpr visits expressions...
+func (v *DefaultVisitor) VisitExpr(expr AST) error {
+	t := v.Sections.container[v.scope]
+	if t.values == nil {
+		t.values = values{}
+	}
+
+	switch expr.Kind {
+	case ASTKindExprStatement:
+		opExpr := expr.GetRoot()
+		switch opExpr.Kind {
+		case ASTKindEqualExpr:
+			children := opExpr.GetChildren()
+			if len(children) <= 1 {
+				return NewParseError("unexpected token type")
+			}
+
+			rhs := children[1]
+
+			// The right-hand value side the equality expression is allowed to contain '[', ']', ':', '=' in the values.
+			// If the token is not either a literal or one of the token types that identifies those four additional
+			// tokens then error.
+			if !(rhs.Root.Type() == TokenLit || rhs.Root.Type() == TokenOp || rhs.Root.Type() == TokenSep) {
+				return NewParseError("unexpected token type")
+			}
+
+			key := EqualExprKey(opExpr)
+			v, err := newValue(rhs.Root.ValueType, rhs.Root.base, rhs.Root.Raw())
+			if err != nil {
+				return err
+			}
+
+			t.values[key] = v
+		default:
+			return NewParseError(fmt.Sprintf("unsupported expression %v", expr))
+		}
+	default:
+		return NewParseError(fmt.Sprintf("unsupported expression %v", expr))
+	}
+
+	v.Sections.container[v.scope] = t
+	return nil
+}
+
+// VisitStatement visits statements...
+func (v *DefaultVisitor) VisitStatement(stmt AST) error {
+	switch stmt.Kind {
+	case ASTKindCompletedSectionStatement:
+		child := stmt.GetRoot()
+		if child.Kind != ASTKindSectionStatement {
+			return NewParseError(fmt.Sprintf("unsupported child statement: %T", child))
+		}
+
+		name := string(child.Root.Raw())
+		v.Sections.container[name] = Section{}
+		v.scope = name
+	default:
+		return NewParseError(fmt.Sprintf("unsupported statement: %s", stmt.Kind))
+	}
+
+	return nil
+}
+
+// Sections is a map of Section structures that represent
+// a configuration.
+type Sections struct {
+	container map[string]Section
+}
+
+// GetSection will return section p. If section p does not exist,
+// false will be returned in the second parameter.
+func (t Sections) GetSection(p string) (Section, bool) {
+	v, ok := t.container[p]
+	return v, ok
+}
+
+// values represents a map of union values.
+type values map[string]Value
+
+// List will return a list of all sections that were successfully
+// parsed.
+func (t Sections) List() []string {
+	keys := make([]string, len(t.container))
+	i := 0
+	for k := range t.container {
+		keys[i] = k
+		i++
+	}
+
+	sort.Strings(keys)
+	return keys
+}
+
+// Section contains a name and values. This represent
+// a sectioned entry in a configuration file.
+type Section struct {
+	Name   string
+	values values
+}
+
+// Has will return whether or not an entry exists in a given section
+func (t Section) Has(k string) bool {
+	_, ok := t.values[k]
+	return ok
+}
+
+// ValueType will returned what type the union is set to. If
+// k was not found, the NoneType will be returned.
+func (t Section) ValueType(k string) (ValueType, bool) {
+	v, ok := t.values[k]
+	return v.Type, ok
+}
+
+// Bool returns a bool value at k
+func (t Section) Bool(k string) bool {
+	return t.values[k].BoolValue()
+}
+
+// Int returns an integer value at k
+func (t Section) Int(k string) int64 {
+	return t.values[k].IntValue()
+}
+
+// Float64 returns a float value at k
+func (t Section) Float64(k string) float64 {
+	return t.values[k].FloatValue()
+}
+
+// String returns the string value at k
+func (t Section) String(k string) string {
+	_, ok := t.values[k]
+	if !ok {
+		return ""
+	}
+	return t.values[k].StringValue()
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/ini/walker.go b/vendor/github.com/aws/aws-sdk-go/internal/ini/walker.go
new file mode 100644
index 000000000..99915f7f7
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/internal/ini/walker.go
@@ -0,0 +1,25 @@
+package ini
+
+// Walk will traverse the AST using the v, the Visitor.
+func Walk(tree []AST, v Visitor) error {
+	for _, node := range tree {
+		switch node.Kind {
+		case ASTKindExpr,
+			ASTKindExprStatement:
+
+			if err := v.VisitExpr(node); err != nil {
+				return err
+			}
+		case ASTKindStatement,
+			ASTKindCompletedSectionStatement,
+			ASTKindNestedSectionStatement,
+			ASTKindCompletedNestedSectionStatement:
+
+			if err := v.VisitStatement(node); err != nil {
+				return err
+			}
+		}
+	}
+
+	return nil
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/ini/ws_token.go b/vendor/github.com/aws/aws-sdk-go/internal/ini/ws_token.go
new file mode 100644
index 000000000..7ffb4ae06
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/internal/ini/ws_token.go
@@ -0,0 +1,24 @@
+package ini
+
+import (
+	"unicode"
+)
+
+// isWhitespace will return whether or not the character is
+// a whitespace character.
+//
+// Whitespace is defined as a space or tab.
+func isWhitespace(c rune) bool {
+	return unicode.IsSpace(c) && c != '\n' && c != '\r'
+}
+
+func newWSToken(b []rune) (Token, int, error) {
+	i := 0
+	for ; i < len(b); i++ {
+		if !isWhitespace(b[i]) {
+			break
+		}
+	}
+
+	return newToken(TokenWS, b[:i], NoneType), i, nil
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/s3shared/arn/accesspoint_arn.go b/vendor/github.com/aws/aws-sdk-go/internal/s3shared/arn/accesspoint_arn.go
new file mode 100644
index 000000000..bf18031a3
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/internal/s3shared/arn/accesspoint_arn.go
@@ -0,0 +1,50 @@
+package arn
+
+import (
+	"strings"
+
+	"github.com/aws/aws-sdk-go/aws/arn"
+)
+
+// AccessPointARN provides representation
+type AccessPointARN struct {
+	arn.ARN
+	AccessPointName string
+}
+
+// GetARN returns the base ARN for the Access Point resource
+func (a AccessPointARN) GetARN() arn.ARN {
+	return a.ARN
+}
+
+// ParseAccessPointResource attempts to parse the ARN's resource as an
+// AccessPoint resource.
+//
+// Supported Access point resource format:
+//	- Access point format: arn:{partition}:s3:{region}:{accountId}:accesspoint/{accesspointName}
+//	- example: arn.aws.s3.us-west-2.012345678901:accesspoint/myaccesspoint
+//
+func ParseAccessPointResource(a arn.ARN, resParts []string) (AccessPointARN, error) {
+	if len(a.Region) == 0 {
+		return AccessPointARN{}, InvalidARNError{ARN: a, Reason: "region not set"}
+	}
+	if len(a.AccountID) == 0 {
+		return AccessPointARN{}, InvalidARNError{ARN: a, Reason: "account-id not set"}
+	}
+	if len(resParts) == 0 {
+		return AccessPointARN{}, InvalidARNError{ARN: a, Reason: "resource-id not set"}
+	}
+	if len(resParts) > 1 {
+		return AccessPointARN{}, InvalidARNError{ARN: a, Reason: "sub resource not supported"}
+	}
+
+	resID := resParts[0]
+	if len(strings.TrimSpace(resID)) == 0 {
+		return AccessPointARN{}, InvalidARNError{ARN: a, Reason: "resource-id not set"}
+	}
+
+	return AccessPointARN{
+		ARN:             a,
+		AccessPointName: resID,
+	}, nil
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/s3shared/arn/arn.go b/vendor/github.com/aws/aws-sdk-go/internal/s3shared/arn/arn.go
new file mode 100644
index 000000000..216c4baab
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/internal/s3shared/arn/arn.go
@@ -0,0 +1,94 @@
+package arn
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/aws/aws-sdk-go/aws/arn"
+)
+
+var supportedServiceARN = []string{
+	"s3",
+	"s3-outposts",
+	"s3-object-lambda",
+}
+
+func isSupportedServiceARN(service string) bool {
+	for _, name := range supportedServiceARN {
+		if name == service {
+			return true
+		}
+	}
+	return false
+}
+
+// Resource provides the interfaces abstracting ARNs of specific resource
+// types.
+type Resource interface {
+	GetARN() arn.ARN
+	String() string
+}
+
+// ResourceParser provides the function for parsing an ARN's resource
+// component into a typed resource.
+type ResourceParser func(arn.ARN) (Resource, error)
+
+// ParseResource parses an AWS ARN into a typed resource for the S3 API.
+func ParseResource(s string, resParser ResourceParser) (resARN Resource, err error) {
+	a, err := arn.Parse(s)
+	if err != nil {
+		return nil, err
+	}
+
+	if len(a.Partition) == 0 {
+		return nil, InvalidARNError{ARN: a, Reason: "partition not set"}
+	}
+
+	if !isSupportedServiceARN(a.Service) {
+		return nil, InvalidARNError{ARN: a, Reason: "service is not supported"}
+	}
+
+	if strings.HasPrefix(a.Region, "fips-") || strings.HasSuffix(a.Region, "-fips") {
+		return nil, InvalidARNError{ARN: a, Reason: "FIPS region not allowed in ARN"}
+	}
+
+	if len(a.Resource) == 0 {
+		return nil, InvalidARNError{ARN: a, Reason: "resource not set"}
+	}
+
+	return resParser(a)
+}
+
+// SplitResource splits the resource components by the ARN resource delimiters.
+func SplitResource(v string) []string {
+	var parts []string
+	var offset int
+
+	for offset <= len(v) {
+		idx := strings.IndexAny(v[offset:], "/:")
+		if idx < 0 {
+			parts = append(parts, v[offset:])
+			break
+		}
+		parts = append(parts, v[offset:idx+offset])
+		offset += idx + 1
+	}
+
+	return parts
+}
+
+// IsARN returns whether the given string is an ARN
+func IsARN(s string) bool {
+	return arn.IsARN(s)
+}
+
+// InvalidARNError provides the error for an invalid ARN error.
+type InvalidARNError struct {
+	ARN    arn.ARN
+	Reason string
+}
+
+// Error returns a string denoting the occurred InvalidARNError
+func (e InvalidARNError) Error() string {
+	return fmt.Sprintf("invalid Amazon %s ARN, %s, %s", e.ARN.Service, e.Reason, e.ARN.String())
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/s3shared/arn/outpost_arn.go b/vendor/github.com/aws/aws-sdk-go/internal/s3shared/arn/outpost_arn.go
new file mode 100644
index 000000000..1e10f8de0
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/internal/s3shared/arn/outpost_arn.go
@@ -0,0 +1,126 @@
+package arn
+
+import (
+	"strings"
+
+	"github.com/aws/aws-sdk-go/aws/arn"
+)
+
+// OutpostARN interface that should be satisfied by outpost ARNs
+type OutpostARN interface {
+	Resource
+	GetOutpostID() string
+}
+
+// ParseOutpostARNResource will parse a provided ARNs resource using the appropriate ARN format
+// and return a specific OutpostARN type
+//
+// Currently supported outpost ARN formats:
+// * Outpost AccessPoint ARN format:
+//		- ARN format: arn:{partition}:s3-outposts:{region}:{accountId}:outpost/{outpostId}/accesspoint/{accesspointName}
+//		- example: arn:aws:s3-outposts:us-west-2:012345678901:outpost/op-1234567890123456/accesspoint/myaccesspoint
+//
+// * Outpost Bucket ARN format:
+// 		- ARN format: arn:{partition}:s3-outposts:{region}:{accountId}:outpost/{outpostId}/bucket/{bucketName}
+//		- example: arn:aws:s3-outposts:us-west-2:012345678901:outpost/op-1234567890123456/bucket/mybucket
+//
+// Other outpost ARN formats may be supported and added in the future.
+//
+func ParseOutpostARNResource(a arn.ARN, resParts []string) (OutpostARN, error) {
+	if len(a.Region) == 0 {
+		return nil, InvalidARNError{ARN: a, Reason: "region not set"}
+	}
+
+	if len(a.AccountID) == 0 {
+		return nil, InvalidARNError{ARN: a, Reason: "account-id not set"}
+	}
+
+	// verify if outpost id is present and valid
+	if len(resParts) == 0 || len(strings.TrimSpace(resParts[0])) == 0 {
+		return nil, InvalidARNError{ARN: a, Reason: "outpost resource-id not set"}
+	}
+
+	// verify possible resource type exists
+	if len(resParts) < 3 {
+		return nil, InvalidARNError{
+			ARN: a, Reason: "incomplete outpost resource type. Expected bucket or access-point resource to be present",
+		}
+	}
+
+	// Since we know this is a OutpostARN fetch outpostID
+	outpostID := strings.TrimSpace(resParts[0])
+
+	switch resParts[1] {
+	case "accesspoint":
+		accesspointARN, err := ParseAccessPointResource(a, resParts[2:])
+		if err != nil {
+			return OutpostAccessPointARN{}, err
+		}
+		return OutpostAccessPointARN{
+			AccessPointARN: accesspointARN,
+			OutpostID:      outpostID,
+		}, nil
+
+	case "bucket":
+		bucketName, err := parseBucketResource(a, resParts[2:])
+		if err != nil {
+			return nil, err
+		}
+		return OutpostBucketARN{
+			ARN:        a,
+			BucketName: bucketName,
+			OutpostID:  outpostID,
+		}, nil
+
+	default:
+		return nil, InvalidARNError{ARN: a, Reason: "unknown resource set for outpost ARN"}
+	}
+}
+
+// OutpostAccessPointARN represents outpost access point ARN.
+type OutpostAccessPointARN struct {
+	AccessPointARN
+	OutpostID string
+}
+
+// GetOutpostID returns the outpost id of outpost access point arn
+func (o OutpostAccessPointARN) GetOutpostID() string {
+	return o.OutpostID
+}
+
+// OutpostBucketARN represents the outpost bucket ARN.
+type OutpostBucketARN struct {
+	arn.ARN
+	BucketName string
+	OutpostID  string
+}
+
+// GetOutpostID returns the outpost id of outpost bucket arn
+func (o OutpostBucketARN) GetOutpostID() string {
+	return o.OutpostID
+}
+
+// GetARN retrives the base ARN from outpost bucket ARN resource
+func (o OutpostBucketARN) GetARN() arn.ARN {
+	return o.ARN
+}
+
+// parseBucketResource attempts to parse the ARN's bucket resource and retrieve the
+// bucket resource id.
+//
+// parseBucketResource only parses the bucket resource id.
+//
+func parseBucketResource(a arn.ARN, resParts []string) (bucketName string, err error) {
+	if len(resParts) == 0 {
+		return bucketName, InvalidARNError{ARN: a, Reason: "bucket resource-id not set"}
+	}
+	if len(resParts) > 1 {
+		return bucketName, InvalidARNError{ARN: a, Reason: "sub resource not supported"}
+	}
+
+	bucketName = strings.TrimSpace(resParts[0])
+	if len(bucketName) == 0 {
+		return bucketName, InvalidARNError{ARN: a, Reason: "bucket resource-id not set"}
+	}
+	return bucketName, err
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/s3shared/arn/s3_object_lambda_arn.go b/vendor/github.com/aws/aws-sdk-go/internal/s3shared/arn/s3_object_lambda_arn.go
new file mode 100644
index 000000000..513154cc0
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/internal/s3shared/arn/s3_object_lambda_arn.go
@@ -0,0 +1,15 @@
+package arn
+
+// S3ObjectLambdaARN represents an ARN for the s3-object-lambda service
+type S3ObjectLambdaARN interface {
+	Resource
+
+	isS3ObjectLambdasARN()
+}
+
+// S3ObjectLambdaAccessPointARN is an S3ObjectLambdaARN for the Access Point resource type
+type S3ObjectLambdaAccessPointARN struct {
+	AccessPointARN
+}
+
+func (s S3ObjectLambdaAccessPointARN) isS3ObjectLambdasARN() {}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/s3shared/endpoint_errors.go b/vendor/github.com/aws/aws-sdk-go/internal/s3shared/endpoint_errors.go
new file mode 100644
index 000000000..4290ff676
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/internal/s3shared/endpoint_errors.go
@@ -0,0 +1,202 @@
+package s3shared
+
+import (
+	"fmt"
+
+	"github.com/aws/aws-sdk-go/aws/awserr"
+	"github.com/aws/aws-sdk-go/internal/s3shared/arn"
+)
+
+const (
+	invalidARNErrorErrCode    = "InvalidARNError"
+	configurationErrorErrCode = "ConfigurationError"
+)
+
+// InvalidARNError denotes the error for Invalid ARN
+type InvalidARNError struct {
+	message  string
+	resource arn.Resource
+	origErr  error
+}
+
+// Error returns the InvalidARNError
+func (e InvalidARNError) Error() string {
+	var extra string
+	if e.resource != nil {
+		extra = "ARN: " + e.resource.String()
+	}
+	return awserr.SprintError(e.Code(), e.Message(), extra, e.origErr)
+}
+
+// Code returns the invalid ARN error code
+func (e InvalidARNError) Code() string {
+	return invalidARNErrorErrCode
+}
+
+// Message returns the message for Invalid ARN error
+func (e InvalidARNError) Message() string {
+	return e.message
+}
+
+// OrigErr is the original error wrapped by Invalid ARN Error
+func (e InvalidARNError) OrigErr() error {
+	return e.origErr
+}
+
+// NewInvalidARNError denotes invalid arn error
+func NewInvalidARNError(resource arn.Resource, err error) InvalidARNError {
+	return InvalidARNError{
+		message:  "invalid ARN",
+		origErr:  err,
+		resource: resource,
+	}
+}
+
+// NewInvalidARNWithCustomEndpointError ARN not supported for custom clients endpoints
+func NewInvalidARNWithCustomEndpointError(resource arn.Resource, err error) InvalidARNError {
+	return InvalidARNError{
+		message:  "resource ARN not supported with custom client endpoints",
+		origErr:  err,
+		resource: resource,
+	}
+}
+
+// NewInvalidARNWithUnsupportedPartitionError ARN not supported for the target partition
+func NewInvalidARNWithUnsupportedPartitionError(resource arn.Resource, err error) InvalidARNError {
+	return InvalidARNError{
+		message:  "resource ARN not supported for the target ARN partition",
+		origErr:  err,
+		resource: resource,
+	}
+}
+
+// NewInvalidARNWithFIPSError ARN not supported for FIPS region
+//
+// Deprecated: FIPS will not appear in the ARN region component.
+func NewInvalidARNWithFIPSError(resource arn.Resource, err error) InvalidARNError {
+	return InvalidARNError{
+		message:  "resource ARN not supported for FIPS region",
+		resource: resource,
+		origErr:  err,
+	}
+}
+
+// ConfigurationError is used to denote a client configuration error
+type ConfigurationError struct {
+	message           string
+	resource          arn.Resource
+	clientPartitionID string
+	clientRegion      string
+	origErr           error
+}
+
+// Error returns the Configuration error string
+func (e ConfigurationError) Error() string {
+	extra := fmt.Sprintf("ARN: %s, client partition: %s, client region: %s",
+		e.resource, e.clientPartitionID, e.clientRegion)
+
+	return awserr.SprintError(e.Code(), e.Message(), extra, e.origErr)
+}
+
+// Code returns configuration error's error-code
+func (e ConfigurationError) Code() string {
+	return configurationErrorErrCode
+}
+
+// Message returns the configuration error message
+func (e ConfigurationError) Message() string {
+	return e.message
+}
+
+// OrigErr is the original error wrapped by Configuration Error
+func (e ConfigurationError) OrigErr() error {
+	return e.origErr
+}
+
+// NewClientPartitionMismatchError  stub
+func NewClientPartitionMismatchError(resource arn.Resource, clientPartitionID, clientRegion string, err error) ConfigurationError {
+	return ConfigurationError{
+		message:           "client partition does not match provided ARN partition",
+		origErr:           err,
+		resource:          resource,
+		clientPartitionID: clientPartitionID,
+		clientRegion:      clientRegion,
+	}
+}
+
+// NewClientRegionMismatchError denotes cross region access error
+func NewClientRegionMismatchError(resource arn.Resource, clientPartitionID, clientRegion string, err error) ConfigurationError {
+	return ConfigurationError{
+		message:           "client region does not match provided ARN region",
+		origErr:           err,
+		resource:          resource,
+		clientPartitionID: clientPartitionID,
+		clientRegion:      clientRegion,
+	}
+}
+
+// NewFailedToResolveEndpointError denotes endpoint resolving error
+func NewFailedToResolveEndpointError(resource arn.Resource, clientPartitionID, clientRegion string, err error) ConfigurationError {
+	return ConfigurationError{
+		message:           "endpoint resolver failed to find an endpoint for the provided ARN region",
+		origErr:           err,
+		resource:          resource,
+		clientPartitionID: clientPartitionID,
+		clientRegion:      clientRegion,
+	}
+}
+
+// NewClientConfiguredForFIPSError denotes client config error for unsupported cross region FIPS access
+func NewClientConfiguredForFIPSError(resource arn.Resource, clientPartitionID, clientRegion string, err error) ConfigurationError {
+	return ConfigurationError{
+		message:           "client configured for fips but cross-region resource ARN provided",
+		origErr:           err,
+		resource:          resource,
+		clientPartitionID: clientPartitionID,
+		clientRegion:      clientRegion,
+	}
+}
+
+// NewFIPSConfigurationError denotes a configuration error when a client or request is configured for FIPS
+func NewFIPSConfigurationError(resource arn.Resource, clientPartitionID, clientRegion string, err error) ConfigurationError {
+	return ConfigurationError{
+		message:           "use of ARN is not supported when client or request is configured for FIPS",
+		origErr:           err,
+		resource:          resource,
+		clientPartitionID: clientPartitionID,
+		clientRegion:      clientRegion,
+	}
+}
+
+// NewClientConfiguredForAccelerateError denotes client config error for unsupported S3 accelerate
+func NewClientConfiguredForAccelerateError(resource arn.Resource, clientPartitionID, clientRegion string, err error) ConfigurationError {
+	return ConfigurationError{
+		message:           "client configured for S3 Accelerate but is not supported with resource ARN",
+		origErr:           err,
+		resource:          resource,
+		clientPartitionID: clientPartitionID,
+		clientRegion:      clientRegion,
+	}
+}
+
+// NewClientConfiguredForCrossRegionFIPSError denotes client config error for unsupported cross region FIPS request
+func NewClientConfiguredForCrossRegionFIPSError(resource arn.Resource, clientPartitionID, clientRegion string, err error) ConfigurationError {
+	return ConfigurationError{
+		message:           "client configured for FIPS with cross-region enabled but is supported with cross-region resource ARN",
+		origErr:           err,
+		resource:          resource,
+		clientPartitionID: clientPartitionID,
+		clientRegion:      clientRegion,
+	}
+}
+
+// NewClientConfiguredForDualStackError denotes client config error for unsupported S3 Dual-stack
+func NewClientConfiguredForDualStackError(resource arn.Resource, clientPartitionID, clientRegion string, err error) ConfigurationError {
+	return ConfigurationError{
+		message:           "client configured for S3 Dual-stack but is not supported with resource ARN",
+		origErr:           err,
+		resource:          resource,
+		clientPartitionID: clientPartitionID,
+		clientRegion:      clientRegion,
+	}
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/s3shared/resource_request.go b/vendor/github.com/aws/aws-sdk-go/internal/s3shared/resource_request.go
new file mode 100644
index 000000000..ef43d6c58
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/internal/s3shared/resource_request.go
@@ -0,0 +1,45 @@
+package s3shared
+
+import (
+	"github.com/aws/aws-sdk-go/aws"
+	awsarn "github.com/aws/aws-sdk-go/aws/arn"
+	"github.com/aws/aws-sdk-go/aws/request"
+	"github.com/aws/aws-sdk-go/internal/s3shared/arn"
+)
+
+// ResourceRequest represents the request and arn resource
+type ResourceRequest struct {
+	Resource arn.Resource
+	Request  *request.Request
+}
+
+// ARN returns the resource ARN
+func (r ResourceRequest) ARN() awsarn.ARN {
+	return r.Resource.GetARN()
+}
+
+// AllowCrossRegion returns a bool value to denote if S3UseARNRegion flag is set
+func (r ResourceRequest) AllowCrossRegion() bool {
+	return aws.BoolValue(r.Request.Config.S3UseARNRegion)
+}
+
+// IsCrossPartition returns true if client is configured for another partition, than
+// the partition that resource ARN region resolves to.
+func (r ResourceRequest) IsCrossPartition() bool {
+	return r.Request.ClientInfo.PartitionID != r.Resource.GetARN().Partition
+}
+
+// IsCrossRegion returns true if ARN region is different than client configured region
+func (r ResourceRequest) IsCrossRegion() bool {
+	return IsCrossRegion(r.Request, r.Resource.GetARN().Region)
+}
+
+// HasCustomEndpoint returns true if custom client endpoint is provided
+func (r ResourceRequest) HasCustomEndpoint() bool {
+	return len(aws.StringValue(r.Request.Config.Endpoint)) > 0
+}
+
+// IsCrossRegion returns true if request signing region is not same as configured region
+func IsCrossRegion(req *request.Request, otherRegion string) bool {
+	return req.ClientInfo.SigningRegion != otherRegion
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/s3shared/s3err/error.go b/vendor/github.com/aws/aws-sdk-go/internal/s3shared/s3err/error.go
new file mode 100644
index 000000000..0b9b0dfce
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/internal/s3shared/s3err/error.go
@@ -0,0 +1,57 @@
+package s3err
+
+import (
+	"fmt"
+
+	"github.com/aws/aws-sdk-go/aws/awserr"
+	"github.com/aws/aws-sdk-go/aws/request"
+)
+
+// RequestFailure provides additional S3 specific metadata for the request
+// failure.
+type RequestFailure struct {
+	awserr.RequestFailure
+
+	hostID string
+}
+
+// NewRequestFailure returns a request failure error decordated with S3
+// specific metadata.
+func NewRequestFailure(err awserr.RequestFailure, hostID string) *RequestFailure {
+	return &RequestFailure{RequestFailure: err, hostID: hostID}
+}
+
+func (r RequestFailure) Error() string {
+	extra := fmt.Sprintf("status code: %d, request id: %s, host id: %s",
+		r.StatusCode(), r.RequestID(), r.hostID)
+	return awserr.SprintError(r.Code(), r.Message(), extra, r.OrigErr())
+}
+func (r RequestFailure) String() string {
+	return r.Error()
+}
+
+// HostID returns the HostID request response value.
+func (r RequestFailure) HostID() string {
+	return r.hostID
+}
+
+// RequestFailureWrapperHandler returns a handler to rap an
+// awserr.RequestFailure with the  S3 request ID 2 from the response.
+func RequestFailureWrapperHandler() request.NamedHandler {
+	return request.NamedHandler{
+		Name: "awssdk.s3.errorHandler",
+		Fn: func(req *request.Request) {
+			reqErr, ok := req.Error.(awserr.RequestFailure)
+			if !ok || reqErr == nil {
+				return
+			}
+
+			hostID := req.HTTPResponse.Header.Get("X-Amz-Id-2")
+			if req.Error == nil {
+				return
+			}
+
+			req.Error = NewRequestFailure(reqErr, hostID)
+		},
+	}
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/sdkio/byte.go b/vendor/github.com/aws/aws-sdk-go/internal/sdkio/byte.go
new file mode 100644
index 000000000..6c443988b
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/internal/sdkio/byte.go
@@ -0,0 +1,12 @@
+package sdkio
+
+const (
+	// Byte is 8 bits
+	Byte int64 = 1
+	// KibiByte (KiB) is 1024 Bytes
+	KibiByte = Byte * 1024
+	// MebiByte (MiB) is 1024 KiB
+	MebiByte = KibiByte * 1024
+	// GibiByte (GiB) is 1024 MiB
+	GibiByte = MebiByte * 1024
+)
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/sdkio/io_go1.6.go b/vendor/github.com/aws/aws-sdk-go/internal/sdkio/io_go1.6.go
new file mode 100644
index 000000000..037a998c4
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/internal/sdkio/io_go1.6.go
@@ -0,0 +1,11 @@
+//go:build !go1.7
+// +build !go1.7
+
+package sdkio
+
+// Copy of Go 1.7 io package's Seeker constants.
+const (
+	SeekStart   = 0 // seek relative to the origin of the file
+	SeekCurrent = 1 // seek relative to the current offset
+	SeekEnd     = 2 // seek relative to the end
+)
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/sdkio/io_go1.7.go b/vendor/github.com/aws/aws-sdk-go/internal/sdkio/io_go1.7.go
new file mode 100644
index 000000000..65e7c60c4
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/internal/sdkio/io_go1.7.go
@@ -0,0 +1,13 @@
+//go:build go1.7
+// +build go1.7
+
+package sdkio
+
+import "io"
+
+// Alias for Go 1.7 io package Seeker constants
+const (
+	SeekStart   = io.SeekStart   // seek relative to the origin of the file
+	SeekCurrent = io.SeekCurrent // seek relative to the current offset
+	SeekEnd     = io.SeekEnd     // seek relative to the end
+)
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/sdkmath/floor.go b/vendor/github.com/aws/aws-sdk-go/internal/sdkmath/floor.go
new file mode 100644
index 000000000..a84528783
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/internal/sdkmath/floor.go
@@ -0,0 +1,16 @@
+//go:build go1.10
+// +build go1.10
+
+package sdkmath
+
+import "math"
+
+// Round returns the nearest integer, rounding half away from zero.
+//
+// Special cases are:
+//	Round(±0) = ±0
+//	Round(±Inf) = ±Inf
+//	Round(NaN) = NaN
+func Round(x float64) float64 {
+	return math.Round(x)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/sdkmath/floor_go1.9.go b/vendor/github.com/aws/aws-sdk-go/internal/sdkmath/floor_go1.9.go
new file mode 100644
index 000000000..a3ae3e5db
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/internal/sdkmath/floor_go1.9.go
@@ -0,0 +1,57 @@
+//go:build !go1.10
+// +build !go1.10
+
+package sdkmath
+
+import "math"
+
+// Copied from the Go standard library's (Go 1.12) math/floor.go for use in
+// Go version prior to Go 1.10.
+const (
+	uvone    = 0x3FF0000000000000
+	mask     = 0x7FF
+	shift    = 64 - 11 - 1
+	bias     = 1023
+	signMask = 1 << 63
+	fracMask = 1<<shift - 1
+)
+
+// Round returns the nearest integer, rounding half away from zero.
+//
+// Special cases are:
+//	Round(±0) = ±0
+//	Round(±Inf) = ±Inf
+//	Round(NaN) = NaN
+//
+// Copied from the Go standard library's (Go 1.12) math/floor.go for use in
+// Go version prior to Go 1.10.
+func Round(x float64) float64 {
+	// Round is a faster implementation of:
+	//
+	// func Round(x float64) float64 {
+	//   t := Trunc(x)
+	//   if Abs(x-t) >= 0.5 {
+	//     return t + Copysign(1, x)
+	//   }
+	//   return t
+	// }
+	bits := math.Float64bits(x)
+	e := uint(bits>>shift) & mask
+	if e < bias {
+		// Round abs(x) < 1 including denormals.
+		bits &= signMask // +-0
+		if e == bias-1 {
+			bits |= uvone // +-1
+		}
+	} else if e < bias+shift {
+		// Round any abs(x) >= 1 containing a fractional component [0,1).
+		//
+		// Numbers with larger exponents are returned unchanged since they
+		// must be either an integer, infinity, or NaN.
+		const half = 1 << (shift - 1)
+		e -= bias
+		bits += half >> e
+		bits &^= fracMask >> e
+	}
+	return math.Float64frombits(bits)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/sdkrand/locked_source.go b/vendor/github.com/aws/aws-sdk-go/internal/sdkrand/locked_source.go
new file mode 100644
index 000000000..0c9802d87
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/internal/sdkrand/locked_source.go
@@ -0,0 +1,29 @@
+package sdkrand
+
+import (
+	"math/rand"
+	"sync"
+	"time"
+)
+
+// lockedSource is a thread-safe implementation of rand.Source
+type lockedSource struct {
+	lk  sync.Mutex
+	src rand.Source
+}
+
+func (r *lockedSource) Int63() (n int64) {
+	r.lk.Lock()
+	n = r.src.Int63()
+	r.lk.Unlock()
+	return
+}
+
+func (r *lockedSource) Seed(seed int64) {
+	r.lk.Lock()
+	r.src.Seed(seed)
+	r.lk.Unlock()
+}
+
+// SeededRand is a new RNG using a thread safe implementation of rand.Source
+var SeededRand = rand.New(&lockedSource{src: rand.NewSource(time.Now().UnixNano())})
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/sdkrand/read.go b/vendor/github.com/aws/aws-sdk-go/internal/sdkrand/read.go
new file mode 100644
index 000000000..4bae66cee
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/internal/sdkrand/read.go
@@ -0,0 +1,12 @@
+//go:build go1.6
+// +build go1.6
+
+package sdkrand
+
+import "math/rand"
+
+// Read provides the stub for math.Rand.Read method support for go version's
+// 1.6 and greater.
+func Read(r *rand.Rand, p []byte) (int, error) {
+	return r.Read(p)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/sdkrand/read_1_5.go b/vendor/github.com/aws/aws-sdk-go/internal/sdkrand/read_1_5.go
new file mode 100644
index 000000000..3a6ab8825
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/internal/sdkrand/read_1_5.go
@@ -0,0 +1,25 @@
+//go:build !go1.6
+// +build !go1.6
+
+package sdkrand
+
+import "math/rand"
+
+// Read backfills Go 1.6's math.Rand.Reader for Go 1.5
+func Read(r *rand.Rand, p []byte) (n int, err error) {
+	// Copy of Go standard libraries math package's read function not added to
+	// standard library until Go 1.6.
+	var pos int8
+	var val int64
+	for n = 0; n < len(p); n++ {
+		if pos == 0 {
+			val = r.Int63()
+			pos = 7
+		}
+		p[n] = byte(val)
+		val >>= 8
+		pos--
+	}
+
+	return n, err
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/sdkuri/path.go b/vendor/github.com/aws/aws-sdk-go/internal/sdkuri/path.go
new file mode 100644
index 000000000..38ea61afe
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/internal/sdkuri/path.go
@@ -0,0 +1,23 @@
+package sdkuri
+
+import (
+	"path"
+	"strings"
+)
+
+// PathJoin will join the elements of the path delimited by the "/"
+// character. Similar to path.Join with the exception the trailing "/"
+// character is preserved if present.
+func PathJoin(elems ...string) string {
+	if len(elems) == 0 {
+		return ""
+	}
+
+	hasTrailing := strings.HasSuffix(elems[len(elems)-1], "/")
+	str := path.Join(elems...)
+	if hasTrailing && str != "/" {
+		str += "/"
+	}
+
+	return str
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/shareddefaults/ecs_container.go b/vendor/github.com/aws/aws-sdk-go/internal/shareddefaults/ecs_container.go
new file mode 100644
index 000000000..7da8a49ce
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/internal/shareddefaults/ecs_container.go
@@ -0,0 +1,12 @@
+package shareddefaults
+
+const (
+	// ECSCredsProviderEnvVar is an environmental variable key used to
+	// determine which path needs to be hit.
+	ECSCredsProviderEnvVar = "AWS_CONTAINER_CREDENTIALS_RELATIVE_URI"
+)
+
+// ECSContainerCredentialsURI is the endpoint to retrieve container
+// credentials. This can be overridden to test to ensure the credential process
+// is behaving correctly.
+var ECSContainerCredentialsURI = "http://169.254.170.2"
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/shareddefaults/shared_config.go b/vendor/github.com/aws/aws-sdk-go/internal/shareddefaults/shared_config.go
new file mode 100644
index 000000000..34fea49ca
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/internal/shareddefaults/shared_config.go
@@ -0,0 +1,46 @@
+package shareddefaults
+
+import (
+	"os/user"
+	"path/filepath"
+)
+
+// SharedCredentialsFilename returns the SDK's default file path
+// for the shared credentials file.
+//
+// Builds the shared config file path based on the OS's platform.
+//
+//   - Linux/Unix: $HOME/.aws/credentials
+//   - Windows: %USERPROFILE%\.aws\credentials
+func SharedCredentialsFilename() string {
+	return filepath.Join(UserHomeDir(), ".aws", "credentials")
+}
+
+// SharedConfigFilename returns the SDK's default file path for
+// the shared config file.
+//
+// Builds the shared config file path based on the OS's platform.
+//
+//   - Linux/Unix: $HOME/.aws/config
+//   - Windows: %USERPROFILE%\.aws\config
+func SharedConfigFilename() string {
+	return filepath.Join(UserHomeDir(), ".aws", "config")
+}
+
+// UserHomeDir returns the home directory for the user the process is
+// running under.
+func UserHomeDir() string {
+	var home string
+
+	home = userHomeDir()
+	if len(home) > 0 {
+		return home
+	}
+
+	currUser, _ := user.Current()
+	if currUser != nil {
+		home = currUser.HomeDir
+	}
+
+	return home
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/shareddefaults/shared_config_resolve_home.go b/vendor/github.com/aws/aws-sdk-go/internal/shareddefaults/shared_config_resolve_home.go
new file mode 100644
index 000000000..eb298ae0f
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/internal/shareddefaults/shared_config_resolve_home.go
@@ -0,0 +1,18 @@
+//go:build !go1.12
+// +build !go1.12
+
+package shareddefaults
+
+import (
+	"os"
+	"runtime"
+)
+
+func userHomeDir() string {
+	if runtime.GOOS == "windows" { // Windows
+		return os.Getenv("USERPROFILE")
+	}
+
+	// *nix
+	return os.Getenv("HOME")
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/shareddefaults/shared_config_resolve_home_go1.12.go b/vendor/github.com/aws/aws-sdk-go/internal/shareddefaults/shared_config_resolve_home_go1.12.go
new file mode 100644
index 000000000..51541b508
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/internal/shareddefaults/shared_config_resolve_home_go1.12.go
@@ -0,0 +1,13 @@
+//go:build go1.12
+// +build go1.12
+
+package shareddefaults
+
+import (
+	"os"
+)
+
+func userHomeDir() string {
+	home, _ := os.UserHomeDir()
+	return home
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/strings/strings.go b/vendor/github.com/aws/aws-sdk-go/internal/strings/strings.go
new file mode 100644
index 000000000..d008ae27c
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/internal/strings/strings.go
@@ -0,0 +1,11 @@
+package strings
+
+import (
+	"strings"
+)
+
+// HasPrefixFold tests whether the string s begins with prefix, interpreted as UTF-8 strings,
+// under Unicode case-folding.
+func HasPrefixFold(s, prefix string) bool {
+	return len(s) >= len(prefix) && strings.EqualFold(s[0:len(prefix)], prefix)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/sync/singleflight/LICENSE b/vendor/github.com/aws/aws-sdk-go/internal/sync/singleflight/LICENSE
new file mode 100644
index 000000000..6a66aea5e
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/internal/sync/singleflight/LICENSE
@@ -0,0 +1,27 @@
+Copyright (c) 2009 The Go Authors. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+   * Redistributions of source code must retain the above copyright
+notice, this list of conditions and the following disclaimer.
+   * Redistributions in binary form must reproduce the above
+copyright notice, this list of conditions and the following disclaimer
+in the documentation and/or other materials provided with the
+distribution.
+   * Neither the name of Google Inc. nor the names of its
+contributors may be used to endorse or promote products derived from
+this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/sync/singleflight/singleflight.go b/vendor/github.com/aws/aws-sdk-go/internal/sync/singleflight/singleflight.go
new file mode 100644
index 000000000..14ad0c589
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/internal/sync/singleflight/singleflight.go
@@ -0,0 +1,120 @@
+// Copyright 2013 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package singleflight provides a duplicate function call suppression
+// mechanism.
+package singleflight
+
+import "sync"
+
+// call is an in-flight or completed singleflight.Do call
+type call struct {
+	wg sync.WaitGroup
+
+	// These fields are written once before the WaitGroup is done
+	// and are only read after the WaitGroup is done.
+	val interface{}
+	err error
+
+	// forgotten indicates whether Forget was called with this call's key
+	// while the call was still in flight.
+	forgotten bool
+
+	// These fields are read and written with the singleflight
+	// mutex held before the WaitGroup is done, and are read but
+	// not written after the WaitGroup is done.
+	dups  int
+	chans []chan<- Result
+}
+
+// Group represents a class of work and forms a namespace in
+// which units of work can be executed with duplicate suppression.
+type Group struct {
+	mu sync.Mutex       // protects m
+	m  map[string]*call // lazily initialized
+}
+
+// Result holds the results of Do, so they can be passed
+// on a channel.
+type Result struct {
+	Val    interface{}
+	Err    error
+	Shared bool
+}
+
+// Do executes and returns the results of the given function, making
+// sure that only one execution is in-flight for a given key at a
+// time. If a duplicate comes in, the duplicate caller waits for the
+// original to complete and receives the same results.
+// The return value shared indicates whether v was given to multiple callers.
+func (g *Group) Do(key string, fn func() (interface{}, error)) (v interface{}, err error, shared bool) {
+	g.mu.Lock()
+	if g.m == nil {
+		g.m = make(map[string]*call)
+	}
+	if c, ok := g.m[key]; ok {
+		c.dups++
+		g.mu.Unlock()
+		c.wg.Wait()
+		return c.val, c.err, true
+	}
+	c := new(call)
+	c.wg.Add(1)
+	g.m[key] = c
+	g.mu.Unlock()
+
+	g.doCall(c, key, fn)
+	return c.val, c.err, c.dups > 0
+}
+
+// DoChan is like Do but returns a channel that will receive the
+// results when they are ready.
+func (g *Group) DoChan(key string, fn func() (interface{}, error)) <-chan Result {
+	ch := make(chan Result, 1)
+	g.mu.Lock()
+	if g.m == nil {
+		g.m = make(map[string]*call)
+	}
+	if c, ok := g.m[key]; ok {
+		c.dups++
+		c.chans = append(c.chans, ch)
+		g.mu.Unlock()
+		return ch
+	}
+	c := &call{chans: []chan<- Result{ch}}
+	c.wg.Add(1)
+	g.m[key] = c
+	g.mu.Unlock()
+
+	go g.doCall(c, key, fn)
+
+	return ch
+}
+
+// doCall handles the single call for a key.
+func (g *Group) doCall(c *call, key string, fn func() (interface{}, error)) {
+	c.val, c.err = fn()
+	c.wg.Done()
+
+	g.mu.Lock()
+	if !c.forgotten {
+		delete(g.m, key)
+	}
+	for _, ch := range c.chans {
+		ch <- Result{c.val, c.err, c.dups > 0}
+	}
+	g.mu.Unlock()
+}
+
+// Forget tells the singleflight to forget about a key.  Future calls
+// to Do for this key will call the function rather than waiting for
+// an earlier call to complete.
+func (g *Group) Forget(key string) {
+	g.mu.Lock()
+	if c, ok := g.m[key]; ok {
+		c.forgotten = true
+	}
+	delete(g.m, key)
+	g.mu.Unlock()
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/checksum/content_md5.go b/vendor/github.com/aws/aws-sdk-go/private/checksum/content_md5.go
new file mode 100644
index 000000000..e045f38d8
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/private/checksum/content_md5.go
@@ -0,0 +1,53 @@
+package checksum
+
+import (
+	"crypto/md5"
+	"encoding/base64"
+	"fmt"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/awserr"
+	"github.com/aws/aws-sdk-go/aws/request"
+)
+
+const contentMD5Header = "Content-Md5"
+
+// AddBodyContentMD5Handler computes and sets the HTTP Content-MD5 header for requests that
+// require it.
+func AddBodyContentMD5Handler(r *request.Request) {
+	// if Content-MD5 header is already present, return
+	if v := r.HTTPRequest.Header.Get(contentMD5Header); len(v) != 0 {
+		return
+	}
+
+	// if S3DisableContentMD5Validation flag is set, return
+	if aws.BoolValue(r.Config.S3DisableContentMD5Validation) {
+		return
+	}
+
+	// if request is presigned, return
+	if r.IsPresigned() {
+		return
+	}
+
+	// if body is not seekable, return
+	if !aws.IsReaderSeekable(r.Body) {
+		if r.Config.Logger != nil {
+			r.Config.Logger.Log(fmt.Sprintf(
+				"Unable to compute Content-MD5 for unseekable body, S3.%s",
+				r.Operation.Name))
+		}
+		return
+	}
+
+	h := md5.New()
+
+	if _, err := aws.CopySeekableBody(h, r.Body); err != nil {
+		r.Error = awserr.New("ContentMD5", "failed to compute body MD5", err)
+		return
+	}
+
+	// encode the md5 checksum in base64 and set the request header.
+	v := base64.StdEncoding.EncodeToString(h.Sum(nil))
+	r.HTTPRequest.Header.Set(contentMD5Header, v)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/debug.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/debug.go
new file mode 100644
index 000000000..151054971
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/debug.go
@@ -0,0 +1,144 @@
+package eventstream
+
+import (
+	"bytes"
+	"encoding/base64"
+	"encoding/json"
+	"fmt"
+	"strconv"
+)
+
+type decodedMessage struct {
+	rawMessage
+	Headers decodedHeaders `json:"headers"`
+}
+type jsonMessage struct {
+	Length     json.Number    `json:"total_length"`
+	HeadersLen json.Number    `json:"headers_length"`
+	PreludeCRC json.Number    `json:"prelude_crc"`
+	Headers    decodedHeaders `json:"headers"`
+	Payload    []byte         `json:"payload"`
+	CRC        json.Number    `json:"message_crc"`
+}
+
+func (d *decodedMessage) UnmarshalJSON(b []byte) (err error) {
+	var jsonMsg jsonMessage
+	if err = json.Unmarshal(b, &jsonMsg); err != nil {
+		return err
+	}
+
+	d.Length, err = numAsUint32(jsonMsg.Length)
+	if err != nil {
+		return err
+	}
+	d.HeadersLen, err = numAsUint32(jsonMsg.HeadersLen)
+	if err != nil {
+		return err
+	}
+	d.PreludeCRC, err = numAsUint32(jsonMsg.PreludeCRC)
+	if err != nil {
+		return err
+	}
+	d.Headers = jsonMsg.Headers
+	d.Payload = jsonMsg.Payload
+	d.CRC, err = numAsUint32(jsonMsg.CRC)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (d *decodedMessage) MarshalJSON() ([]byte, error) {
+	jsonMsg := jsonMessage{
+		Length:     json.Number(strconv.Itoa(int(d.Length))),
+		HeadersLen: json.Number(strconv.Itoa(int(d.HeadersLen))),
+		PreludeCRC: json.Number(strconv.Itoa(int(d.PreludeCRC))),
+		Headers:    d.Headers,
+		Payload:    d.Payload,
+		CRC:        json.Number(strconv.Itoa(int(d.CRC))),
+	}
+
+	return json.Marshal(jsonMsg)
+}
+
+func numAsUint32(n json.Number) (uint32, error) {
+	v, err := n.Int64()
+	if err != nil {
+		return 0, fmt.Errorf("failed to get int64 json number, %v", err)
+	}
+
+	return uint32(v), nil
+}
+
+func (d decodedMessage) Message() Message {
+	return Message{
+		Headers: Headers(d.Headers),
+		Payload: d.Payload,
+	}
+}
+
+type decodedHeaders Headers
+
+func (hs *decodedHeaders) UnmarshalJSON(b []byte) error {
+	var jsonHeaders []struct {
+		Name  string      `json:"name"`
+		Type  valueType   `json:"type"`
+		Value interface{} `json:"value"`
+	}
+
+	decoder := json.NewDecoder(bytes.NewReader(b))
+	decoder.UseNumber()
+	if err := decoder.Decode(&jsonHeaders); err != nil {
+		return err
+	}
+
+	var headers Headers
+	for _, h := range jsonHeaders {
+		value, err := valueFromType(h.Type, h.Value)
+		if err != nil {
+			return err
+		}
+		headers.Set(h.Name, value)
+	}
+	*hs = decodedHeaders(headers)
+
+	return nil
+}
+
+func valueFromType(typ valueType, val interface{}) (Value, error) {
+	switch typ {
+	case trueValueType:
+		return BoolValue(true), nil
+	case falseValueType:
+		return BoolValue(false), nil
+	case int8ValueType:
+		v, err := val.(json.Number).Int64()
+		return Int8Value(int8(v)), err
+	case int16ValueType:
+		v, err := val.(json.Number).Int64()
+		return Int16Value(int16(v)), err
+	case int32ValueType:
+		v, err := val.(json.Number).Int64()
+		return Int32Value(int32(v)), err
+	case int64ValueType:
+		v, err := val.(json.Number).Int64()
+		return Int64Value(v), err
+	case bytesValueType:
+		v, err := base64.StdEncoding.DecodeString(val.(string))
+		return BytesValue(v), err
+	case stringValueType:
+		v, err := base64.StdEncoding.DecodeString(val.(string))
+		return StringValue(string(v)), err
+	case timestampValueType:
+		v, err := val.(json.Number).Int64()
+		return TimestampValue(timeFromEpochMilli(v)), err
+	case uuidValueType:
+		v, err := base64.StdEncoding.DecodeString(val.(string))
+		var tv UUIDValue
+		copy(tv[:], v)
+		return tv, err
+	default:
+		panic(fmt.Sprintf("unknown type, %s, %T", typ.String(), val))
+	}
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/decode.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/decode.go
new file mode 100644
index 000000000..474339391
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/decode.go
@@ -0,0 +1,216 @@
+package eventstream
+
+import (
+	"bytes"
+	"encoding/binary"
+	"encoding/hex"
+	"encoding/json"
+	"fmt"
+	"hash"
+	"hash/crc32"
+	"io"
+
+	"github.com/aws/aws-sdk-go/aws"
+)
+
+// Decoder provides decoding of an Event Stream messages.
+type Decoder struct {
+	r      io.Reader
+	logger aws.Logger
+}
+
+// NewDecoder initializes and returns a Decoder for decoding event
+// stream messages from the reader provided.
+func NewDecoder(r io.Reader, opts ...func(*Decoder)) *Decoder {
+	d := &Decoder{
+		r: r,
+	}
+
+	for _, opt := range opts {
+		opt(d)
+	}
+
+	return d
+}
+
+// DecodeWithLogger adds a logger to be used by the decoder when decoding
+// stream events.
+func DecodeWithLogger(logger aws.Logger) func(*Decoder) {
+	return func(d *Decoder) {
+		d.logger = logger
+	}
+}
+
+// Decode attempts to decode a single message from the event stream reader.
+// Will return the event stream message, or error if Decode fails to read
+// the message from the stream.
+func (d *Decoder) Decode(payloadBuf []byte) (m Message, err error) {
+	reader := d.r
+	if d.logger != nil {
+		debugMsgBuf := bytes.NewBuffer(nil)
+		reader = io.TeeReader(reader, debugMsgBuf)
+		defer func() {
+			logMessageDecode(d.logger, debugMsgBuf, m, err)
+		}()
+	}
+
+	m, err = Decode(reader, payloadBuf)
+
+	return m, err
+}
+
+// Decode attempts to decode a single message from the event stream reader.
+// Will return the event stream message, or error if Decode fails to read
+// the message from the reader.
+func Decode(reader io.Reader, payloadBuf []byte) (m Message, err error) {
+	crc := crc32.New(crc32IEEETable)
+	hashReader := io.TeeReader(reader, crc)
+
+	prelude, err := decodePrelude(hashReader, crc)
+	if err != nil {
+		return Message{}, err
+	}
+
+	if prelude.HeadersLen > 0 {
+		lr := io.LimitReader(hashReader, int64(prelude.HeadersLen))
+		m.Headers, err = decodeHeaders(lr)
+		if err != nil {
+			return Message{}, err
+		}
+	}
+
+	if payloadLen := prelude.PayloadLen(); payloadLen > 0 {
+		buf, err := decodePayload(payloadBuf, io.LimitReader(hashReader, int64(payloadLen)))
+		if err != nil {
+			return Message{}, err
+		}
+		m.Payload = buf
+	}
+
+	msgCRC := crc.Sum32()
+	if err := validateCRC(reader, msgCRC); err != nil {
+		return Message{}, err
+	}
+
+	return m, nil
+}
+
+func logMessageDecode(logger aws.Logger, msgBuf *bytes.Buffer, msg Message, decodeErr error) {
+	w := bytes.NewBuffer(nil)
+	defer func() { logger.Log(w.String()) }()
+
+	fmt.Fprintf(w, "Raw message:\n%s\n",
+		hex.Dump(msgBuf.Bytes()))
+
+	if decodeErr != nil {
+		fmt.Fprintf(w, "Decode error: %v\n", decodeErr)
+		return
+	}
+
+	rawMsg, err := msg.rawMessage()
+	if err != nil {
+		fmt.Fprintf(w, "failed to create raw message, %v\n", err)
+		return
+	}
+
+	decodedMsg := decodedMessage{
+		rawMessage: rawMsg,
+		Headers:    decodedHeaders(msg.Headers),
+	}
+
+	fmt.Fprintf(w, "Decoded message:\n")
+	encoder := json.NewEncoder(w)
+	if err := encoder.Encode(decodedMsg); err != nil {
+		fmt.Fprintf(w, "failed to generate decoded message, %v\n", err)
+	}
+}
+
+func decodePrelude(r io.Reader, crc hash.Hash32) (messagePrelude, error) {
+	var p messagePrelude
+
+	var err error
+	p.Length, err = decodeUint32(r)
+	if err != nil {
+		return messagePrelude{}, err
+	}
+
+	p.HeadersLen, err = decodeUint32(r)
+	if err != nil {
+		return messagePrelude{}, err
+	}
+
+	if err := p.ValidateLens(); err != nil {
+		return messagePrelude{}, err
+	}
+
+	preludeCRC := crc.Sum32()
+	if err := validateCRC(r, preludeCRC); err != nil {
+		return messagePrelude{}, err
+	}
+
+	p.PreludeCRC = preludeCRC
+
+	return p, nil
+}
+
+func decodePayload(buf []byte, r io.Reader) ([]byte, error) {
+	w := bytes.NewBuffer(buf[0:0])
+
+	_, err := io.Copy(w, r)
+	return w.Bytes(), err
+}
+
+func decodeUint8(r io.Reader) (uint8, error) {
+	type byteReader interface {
+		ReadByte() (byte, error)
+	}
+
+	if br, ok := r.(byteReader); ok {
+		v, err := br.ReadByte()
+		return uint8(v), err
+	}
+
+	var b [1]byte
+	_, err := io.ReadFull(r, b[:])
+	return uint8(b[0]), err
+}
+func decodeUint16(r io.Reader) (uint16, error) {
+	var b [2]byte
+	bs := b[:]
+	_, err := io.ReadFull(r, bs)
+	if err != nil {
+		return 0, err
+	}
+	return binary.BigEndian.Uint16(bs), nil
+}
+func decodeUint32(r io.Reader) (uint32, error) {
+	var b [4]byte
+	bs := b[:]
+	_, err := io.ReadFull(r, bs)
+	if err != nil {
+		return 0, err
+	}
+	return binary.BigEndian.Uint32(bs), nil
+}
+func decodeUint64(r io.Reader) (uint64, error) {
+	var b [8]byte
+	bs := b[:]
+	_, err := io.ReadFull(r, bs)
+	if err != nil {
+		return 0, err
+	}
+	return binary.BigEndian.Uint64(bs), nil
+}
+
+func validateCRC(r io.Reader, expect uint32) error {
+	msgCRC, err := decodeUint32(r)
+	if err != nil {
+		return err
+	}
+
+	if msgCRC != expect {
+		return ChecksumError{}
+	}
+
+	return nil
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/encode.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/encode.go
new file mode 100644
index 000000000..ffade3bc0
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/encode.go
@@ -0,0 +1,162 @@
+package eventstream
+
+import (
+	"bytes"
+	"encoding/binary"
+	"encoding/hex"
+	"encoding/json"
+	"fmt"
+	"hash"
+	"hash/crc32"
+	"io"
+
+	"github.com/aws/aws-sdk-go/aws"
+)
+
+// Encoder provides EventStream message encoding.
+type Encoder struct {
+	w      io.Writer
+	logger aws.Logger
+
+	headersBuf *bytes.Buffer
+}
+
+// NewEncoder initializes and returns an Encoder to encode Event Stream
+// messages to an io.Writer.
+func NewEncoder(w io.Writer, opts ...func(*Encoder)) *Encoder {
+	e := &Encoder{
+		w:          w,
+		headersBuf: bytes.NewBuffer(nil),
+	}
+
+	for _, opt := range opts {
+		opt(e)
+	}
+
+	return e
+}
+
+// EncodeWithLogger adds a logger to be used by the encode when decoding
+// stream events.
+func EncodeWithLogger(logger aws.Logger) func(*Encoder) {
+	return func(d *Encoder) {
+		d.logger = logger
+	}
+}
+
+// Encode encodes a single EventStream message to the io.Writer the Encoder
+// was created with. An error is returned if writing the message fails.
+func (e *Encoder) Encode(msg Message) (err error) {
+	e.headersBuf.Reset()
+
+	writer := e.w
+	if e.logger != nil {
+		encodeMsgBuf := bytes.NewBuffer(nil)
+		writer = io.MultiWriter(writer, encodeMsgBuf)
+		defer func() {
+			logMessageEncode(e.logger, encodeMsgBuf, msg, err)
+		}()
+	}
+
+	if err = EncodeHeaders(e.headersBuf, msg.Headers); err != nil {
+		return err
+	}
+
+	crc := crc32.New(crc32IEEETable)
+	hashWriter := io.MultiWriter(writer, crc)
+
+	headersLen := uint32(e.headersBuf.Len())
+	payloadLen := uint32(len(msg.Payload))
+
+	if err = encodePrelude(hashWriter, crc, headersLen, payloadLen); err != nil {
+		return err
+	}
+
+	if headersLen > 0 {
+		if _, err = io.Copy(hashWriter, e.headersBuf); err != nil {
+			return err
+		}
+	}
+
+	if payloadLen > 0 {
+		if _, err = hashWriter.Write(msg.Payload); err != nil {
+			return err
+		}
+	}
+
+	msgCRC := crc.Sum32()
+	return binary.Write(writer, binary.BigEndian, msgCRC)
+}
+
+func logMessageEncode(logger aws.Logger, msgBuf *bytes.Buffer, msg Message, encodeErr error) {
+	w := bytes.NewBuffer(nil)
+	defer func() { logger.Log(w.String()) }()
+
+	fmt.Fprintf(w, "Message to encode:\n")
+	encoder := json.NewEncoder(w)
+	if err := encoder.Encode(msg); err != nil {
+		fmt.Fprintf(w, "Failed to get encoded message, %v\n", err)
+	}
+
+	if encodeErr != nil {
+		fmt.Fprintf(w, "Encode error: %v\n", encodeErr)
+		return
+	}
+
+	fmt.Fprintf(w, "Raw message:\n%s\n", hex.Dump(msgBuf.Bytes()))
+}
+
+func encodePrelude(w io.Writer, crc hash.Hash32, headersLen, payloadLen uint32) error {
+	p := messagePrelude{
+		Length:     minMsgLen + headersLen + payloadLen,
+		HeadersLen: headersLen,
+	}
+	if err := p.ValidateLens(); err != nil {
+		return err
+	}
+
+	err := binaryWriteFields(w, binary.BigEndian,
+		p.Length,
+		p.HeadersLen,
+	)
+	if err != nil {
+		return err
+	}
+
+	p.PreludeCRC = crc.Sum32()
+	err = binary.Write(w, binary.BigEndian, p.PreludeCRC)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// EncodeHeaders writes the header values to the writer encoded in the event
+// stream format. Returns an error if a header fails to encode.
+func EncodeHeaders(w io.Writer, headers Headers) error {
+	for _, h := range headers {
+		hn := headerName{
+			Len: uint8(len(h.Name)),
+		}
+		copy(hn.Name[:hn.Len], h.Name)
+		if err := hn.encode(w); err != nil {
+			return err
+		}
+
+		if err := h.Value.encode(w); err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+func binaryWriteFields(w io.Writer, order binary.ByteOrder, vs ...interface{}) error {
+	for _, v := range vs {
+		if err := binary.Write(w, order, v); err != nil {
+			return err
+		}
+	}
+	return nil
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/error.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/error.go
new file mode 100644
index 000000000..5481ef307
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/error.go
@@ -0,0 +1,23 @@
+package eventstream
+
+import "fmt"
+
+// LengthError provides the error for items being larger than a maximum length.
+type LengthError struct {
+	Part  string
+	Want  int
+	Have  int
+	Value interface{}
+}
+
+func (e LengthError) Error() string {
+	return fmt.Sprintf("%s length invalid, %d/%d, %v",
+		e.Part, e.Want, e.Have, e.Value)
+}
+
+// ChecksumError provides the error for message checksum invalidation errors.
+type ChecksumError struct{}
+
+func (e ChecksumError) Error() string {
+	return "message checksum mismatch"
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/error.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/error.go
new file mode 100644
index 000000000..0a63340e4
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/error.go
@@ -0,0 +1,81 @@
+package eventstreamapi
+
+import (
+	"fmt"
+	"sync"
+)
+
+// InputWriterCloseErrorCode is used to denote an error occurred
+// while closing the event stream input writer.
+const InputWriterCloseErrorCode = "EventStreamInputWriterCloseError"
+
+type messageError struct {
+	code string
+	msg  string
+}
+
+func (e messageError) Code() string {
+	return e.code
+}
+
+func (e messageError) Message() string {
+	return e.msg
+}
+
+func (e messageError) Error() string {
+	return fmt.Sprintf("%s: %s", e.code, e.msg)
+}
+
+func (e messageError) OrigErr() error {
+	return nil
+}
+
+// OnceError wraps the behavior of recording an error
+// once and signal on a channel when this has occurred.
+// Signaling is done by closing of the channel.
+//
+// Type is safe for concurrent usage.
+type OnceError struct {
+	mu  sync.RWMutex
+	err error
+	ch  chan struct{}
+}
+
+// NewOnceError return a new OnceError
+func NewOnceError() *OnceError {
+	return &OnceError{
+		ch: make(chan struct{}, 1),
+	}
+}
+
+// Err acquires a read-lock and returns an
+// error if one has been set.
+func (e *OnceError) Err() error {
+	e.mu.RLock()
+	err := e.err
+	e.mu.RUnlock()
+
+	return err
+}
+
+// SetError acquires a write-lock and will set
+// the underlying error value if one has not been set.
+func (e *OnceError) SetError(err error) {
+	if err == nil {
+		return
+	}
+
+	e.mu.Lock()
+	if e.err == nil {
+		e.err = err
+		close(e.ch)
+	}
+	e.mu.Unlock()
+}
+
+// ErrorSet returns a channel that will be used to signal
+// that an error has been set. This channel will be closed
+// when the error value has been set for OnceError.
+func (e *OnceError) ErrorSet() <-chan struct{} {
+	return e.ch
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/reader.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/reader.go
new file mode 100644
index 000000000..0e4aa42f3
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/reader.go
@@ -0,0 +1,173 @@
+package eventstreamapi
+
+import (
+	"fmt"
+
+	"github.com/aws/aws-sdk-go/private/protocol"
+	"github.com/aws/aws-sdk-go/private/protocol/eventstream"
+)
+
+// Unmarshaler provides the interface for unmarshaling a EventStream
+// message into a SDK type.
+type Unmarshaler interface {
+	UnmarshalEvent(protocol.PayloadUnmarshaler, eventstream.Message) error
+}
+
+// EventReader provides reading from the EventStream of an reader.
+type EventReader struct {
+	decoder *eventstream.Decoder
+
+	unmarshalerForEventType func(string) (Unmarshaler, error)
+	payloadUnmarshaler      protocol.PayloadUnmarshaler
+
+	payloadBuf []byte
+}
+
+// NewEventReader returns a EventReader built from the reader and unmarshaler
+// provided.  Use ReadStream method to start reading from the EventStream.
+func NewEventReader(
+	decoder *eventstream.Decoder,
+	payloadUnmarshaler protocol.PayloadUnmarshaler,
+	unmarshalerForEventType func(string) (Unmarshaler, error),
+) *EventReader {
+	return &EventReader{
+		decoder:                 decoder,
+		payloadUnmarshaler:      payloadUnmarshaler,
+		unmarshalerForEventType: unmarshalerForEventType,
+		payloadBuf:              make([]byte, 10*1024),
+	}
+}
+
+// ReadEvent attempts to read a message from the EventStream and return the
+// unmarshaled event value that the message is for.
+//
+// For EventStream API errors check if the returned error satisfies the
+// awserr.Error interface to get the error's Code and Message components.
+//
+// EventUnmarshalers called with EventStream messages must take copies of the
+// message's Payload. The payload will is reused between events read.
+func (r *EventReader) ReadEvent() (event interface{}, err error) {
+	msg, err := r.decoder.Decode(r.payloadBuf)
+	if err != nil {
+		return nil, err
+	}
+	defer func() {
+		// Reclaim payload buffer for next message read.
+		r.payloadBuf = msg.Payload[0:0]
+	}()
+
+	typ, err := GetHeaderString(msg, MessageTypeHeader)
+	if err != nil {
+		return nil, err
+	}
+
+	switch typ {
+	case EventMessageType:
+		return r.unmarshalEventMessage(msg)
+	case ExceptionMessageType:
+		return nil, r.unmarshalEventException(msg)
+	case ErrorMessageType:
+		return nil, r.unmarshalErrorMessage(msg)
+	default:
+		return nil, &UnknownMessageTypeError{
+			Type: typ, Message: msg.Clone(),
+		}
+	}
+}
+
+// UnknownMessageTypeError provides an error when a message is received from
+// the stream, but the reader is unable to determine what kind of message it is.
+type UnknownMessageTypeError struct {
+	Type    string
+	Message eventstream.Message
+}
+
+func (e *UnknownMessageTypeError) Error() string {
+	return "unknown eventstream message type, " + e.Type
+}
+
+func (r *EventReader) unmarshalEventMessage(
+	msg eventstream.Message,
+) (event interface{}, err error) {
+	eventType, err := GetHeaderString(msg, EventTypeHeader)
+	if err != nil {
+		return nil, err
+	}
+
+	ev, err := r.unmarshalerForEventType(eventType)
+	if err != nil {
+		return nil, err
+	}
+
+	err = ev.UnmarshalEvent(r.payloadUnmarshaler, msg)
+	if err != nil {
+		return nil, err
+	}
+
+	return ev, nil
+}
+
+func (r *EventReader) unmarshalEventException(
+	msg eventstream.Message,
+) (err error) {
+	eventType, err := GetHeaderString(msg, ExceptionTypeHeader)
+	if err != nil {
+		return err
+	}
+
+	ev, err := r.unmarshalerForEventType(eventType)
+	if err != nil {
+		return err
+	}
+
+	err = ev.UnmarshalEvent(r.payloadUnmarshaler, msg)
+	if err != nil {
+		return err
+	}
+
+	var ok bool
+	err, ok = ev.(error)
+	if !ok {
+		err = messageError{
+			code: "SerializationError",
+			msg: fmt.Sprintf(
+				"event stream exception %s mapped to non-error %T, %v",
+				eventType, ev, ev,
+			),
+		}
+	}
+
+	return err
+}
+
+func (r *EventReader) unmarshalErrorMessage(msg eventstream.Message) (err error) {
+	var msgErr messageError
+
+	msgErr.code, err = GetHeaderString(msg, ErrorCodeHeader)
+	if err != nil {
+		return err
+	}
+
+	msgErr.msg, err = GetHeaderString(msg, ErrorMessageHeader)
+	if err != nil {
+		return err
+	}
+
+	return msgErr
+}
+
+// GetHeaderString returns the value of the header as a string. If the header
+// is not set or the value is not a string an error will be returned.
+func GetHeaderString(msg eventstream.Message, headerName string) (string, error) {
+	headerVal := msg.Headers.Get(headerName)
+	if headerVal == nil {
+		return "", fmt.Errorf("error header %s not present", headerName)
+	}
+
+	v, ok := headerVal.Get().(string)
+	if !ok {
+		return "", fmt.Errorf("error header value is not a string, %T", headerVal)
+	}
+
+	return v, nil
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/shared.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/shared.go
new file mode 100644
index 000000000..e46b8acc2
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/shared.go
@@ -0,0 +1,23 @@
+package eventstreamapi
+
+// EventStream headers with specific meaning to async API functionality.
+const (
+	ChunkSignatureHeader = `:chunk-signature` // chunk signature for message
+	DateHeader           = `:date`            // Date header for signature
+
+	// Message header and values
+	MessageTypeHeader    = `:message-type` // Identifies type of message.
+	EventMessageType     = `event`
+	ErrorMessageType     = `error`
+	ExceptionMessageType = `exception`
+
+	// Message Events
+	EventTypeHeader = `:event-type` // Identifies message event type e.g. "Stats".
+
+	// Message Error
+	ErrorCodeHeader    = `:error-code`
+	ErrorMessageHeader = `:error-message`
+
+	// Message Exception
+	ExceptionTypeHeader = `:exception-type`
+)
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/signer.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/signer.go
new file mode 100644
index 000000000..3a7ba5cd5
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/signer.go
@@ -0,0 +1,123 @@
+package eventstreamapi
+
+import (
+	"bytes"
+	"strings"
+	"time"
+
+	"github.com/aws/aws-sdk-go/private/protocol/eventstream"
+)
+
+var timeNow = time.Now
+
+// StreamSigner defines an interface for the implementation of signing of event stream payloads
+type StreamSigner interface {
+	GetSignature(headers, payload []byte, date time.Time) ([]byte, error)
+}
+
+// SignEncoder envelopes event stream messages
+// into an event stream message payload with included
+// signature headers using the provided signer and encoder.
+type SignEncoder struct {
+	signer     StreamSigner
+	encoder    Encoder
+	bufEncoder *BufferEncoder
+
+	closeErr error
+	closed   bool
+}
+
+// NewSignEncoder returns a new SignEncoder using the provided stream signer and
+// event stream encoder.
+func NewSignEncoder(signer StreamSigner, encoder Encoder) *SignEncoder {
+	// TODO: Need to pass down logging
+
+	return &SignEncoder{
+		signer:     signer,
+		encoder:    encoder,
+		bufEncoder: NewBufferEncoder(),
+	}
+}
+
+// Close encodes a final event stream signing envelope with an empty event stream
+// payload. This final end-frame is used to mark the conclusion of the stream.
+func (s *SignEncoder) Close() error {
+	if s.closed {
+		return s.closeErr
+	}
+
+	if err := s.encode([]byte{}); err != nil {
+		if strings.Contains(err.Error(), "on closed pipe") {
+			return nil
+		}
+
+		s.closeErr = err
+		s.closed = true
+		return s.closeErr
+	}
+
+	return nil
+}
+
+// Encode takes the provided message and add envelopes the message
+// with the required signature.
+func (s *SignEncoder) Encode(msg eventstream.Message) error {
+	payload, err := s.bufEncoder.Encode(msg)
+	if err != nil {
+		return err
+	}
+
+	return s.encode(payload)
+}
+
+func (s SignEncoder) encode(payload []byte) error {
+	date := timeNow()
+
+	var msg eventstream.Message
+	msg.Headers.Set(DateHeader, eventstream.TimestampValue(date))
+	msg.Payload = payload
+
+	var headers bytes.Buffer
+	if err := eventstream.EncodeHeaders(&headers, msg.Headers); err != nil {
+		return err
+	}
+
+	sig, err := s.signer.GetSignature(headers.Bytes(), msg.Payload, date)
+	if err != nil {
+		return err
+	}
+
+	msg.Headers.Set(ChunkSignatureHeader, eventstream.BytesValue(sig))
+
+	return s.encoder.Encode(msg)
+}
+
+// BufferEncoder is a utility that provides a buffered
+// event stream encoder
+type BufferEncoder struct {
+	encoder Encoder
+	buffer  *bytes.Buffer
+}
+
+// NewBufferEncoder returns a new BufferEncoder initialized
+// with a 1024 byte buffer.
+func NewBufferEncoder() *BufferEncoder {
+	buf := bytes.NewBuffer(make([]byte, 1024))
+	return &BufferEncoder{
+		encoder: eventstream.NewEncoder(buf),
+		buffer:  buf,
+	}
+}
+
+// Encode returns the encoded message as a byte slice.
+// The returned byte slice will be modified on the next encode call
+// and should not be held onto.
+func (e *BufferEncoder) Encode(msg eventstream.Message) ([]byte, error) {
+	e.buffer.Reset()
+
+	if err := e.encoder.Encode(msg); err != nil {
+		return nil, err
+	}
+
+	return e.buffer.Bytes(), nil
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/stream_writer.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/stream_writer.go
new file mode 100644
index 000000000..433bb1630
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/stream_writer.go
@@ -0,0 +1,129 @@
+package eventstreamapi
+
+import (
+	"fmt"
+	"io"
+	"sync"
+
+	"github.com/aws/aws-sdk-go/aws"
+)
+
+// StreamWriter provides concurrent safe writing to an event stream.
+type StreamWriter struct {
+	eventWriter *EventWriter
+	stream      chan eventWriteAsyncReport
+
+	done      chan struct{}
+	closeOnce sync.Once
+	err       *OnceError
+
+	streamCloser io.Closer
+}
+
+// NewStreamWriter returns a StreamWriter for the event writer, and stream
+// closer provided.
+func NewStreamWriter(eventWriter *EventWriter, streamCloser io.Closer) *StreamWriter {
+	w := &StreamWriter{
+		eventWriter:  eventWriter,
+		streamCloser: streamCloser,
+		stream:       make(chan eventWriteAsyncReport),
+		done:         make(chan struct{}),
+		err:          NewOnceError(),
+	}
+	go w.writeStream()
+
+	return w
+}
+
+// Close terminates the writers ability to write new events to the stream. Any
+// future call to Send will fail with an error.
+func (w *StreamWriter) Close() error {
+	w.closeOnce.Do(w.safeClose)
+	return w.Err()
+}
+
+func (w *StreamWriter) safeClose() {
+	close(w.done)
+}
+
+// ErrorSet returns a channel which will be closed
+// if an error occurs.
+func (w *StreamWriter) ErrorSet() <-chan struct{} {
+	return w.err.ErrorSet()
+}
+
+// Err returns any error that occurred while attempting to write an event to the
+// stream.
+func (w *StreamWriter) Err() error {
+	return w.err.Err()
+}
+
+// Send writes a single event to the stream returning an error if the write
+// failed.
+//
+// Send may be called concurrently. Events will be written to the stream
+// safely.
+func (w *StreamWriter) Send(ctx aws.Context, event Marshaler) error {
+	if err := w.Err(); err != nil {
+		return err
+	}
+
+	resultCh := make(chan error)
+	wrapped := eventWriteAsyncReport{
+		Event:  event,
+		Result: resultCh,
+	}
+
+	select {
+	case w.stream <- wrapped:
+	case <-ctx.Done():
+		return ctx.Err()
+	case <-w.done:
+		return fmt.Errorf("stream closed, unable to send event")
+	}
+
+	select {
+	case err := <-resultCh:
+		return err
+	case <-ctx.Done():
+		return ctx.Err()
+	case <-w.done:
+		return fmt.Errorf("stream closed, unable to send event")
+	}
+}
+
+func (w *StreamWriter) writeStream() {
+	defer w.Close()
+
+	for {
+		select {
+		case wrapper := <-w.stream:
+			err := w.eventWriter.WriteEvent(wrapper.Event)
+			wrapper.ReportResult(w.done, err)
+			if err != nil {
+				w.err.SetError(err)
+				return
+			}
+
+		case <-w.done:
+			if err := w.streamCloser.Close(); err != nil {
+				w.err.SetError(err)
+			}
+			return
+		}
+	}
+}
+
+type eventWriteAsyncReport struct {
+	Event  Marshaler
+	Result chan<- error
+}
+
+func (e eventWriteAsyncReport) ReportResult(cancel <-chan struct{}, err error) bool {
+	select {
+	case e.Result <- err:
+		return true
+	case <-cancel:
+		return false
+	}
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/transport.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/transport.go
new file mode 100644
index 000000000..4bf2b27b2
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/transport.go
@@ -0,0 +1,10 @@
+//go:build go1.18
+// +build go1.18
+
+package eventstreamapi
+
+import "github.com/aws/aws-sdk-go/aws/request"
+
+// ApplyHTTPTransportFixes is a no-op for Go 1.18 and above.
+func ApplyHTTPTransportFixes(r *request.Request) {
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/transport_go1.17.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/transport_go1.17.go
new file mode 100644
index 000000000..2ee2c36fd
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/transport_go1.17.go
@@ -0,0 +1,19 @@
+//go:build !go1.18
+// +build !go1.18
+
+package eventstreamapi
+
+import "github.com/aws/aws-sdk-go/aws/request"
+
+// ApplyHTTPTransportFixes applies fixes to the HTTP request for proper event
+// stream functionality. Go 1.15 through 1.17 HTTP client could hang forever
+// when an HTTP/2 connection failed with an non-200 status code and err. Using
+// Expect 100-Continue, allows the HTTP client to gracefully handle the non-200
+// status code, and close the connection.
+//
+// This is a no-op for Go 1.18 and above.
+func ApplyHTTPTransportFixes(r *request.Request) {
+	r.Handlers.Sign.PushBack(func(r *request.Request) {
+		r.HTTPRequest.Header.Set("Expect", "100-Continue")
+	})
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/writer.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/writer.go
new file mode 100644
index 000000000..7d7a79352
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/writer.go
@@ -0,0 +1,63 @@
+package eventstreamapi
+
+import (
+	"github.com/aws/aws-sdk-go/private/protocol"
+	"github.com/aws/aws-sdk-go/private/protocol/eventstream"
+)
+
+// Marshaler provides a marshaling interface for event types to event stream
+// messages.
+type Marshaler interface {
+	MarshalEvent(protocol.PayloadMarshaler) (eventstream.Message, error)
+}
+
+// Encoder is an stream encoder that will encode an event stream message for
+// the transport.
+type Encoder interface {
+	Encode(eventstream.Message) error
+}
+
+// EventWriter provides a wrapper around the underlying event stream encoder
+// for an io.WriteCloser.
+type EventWriter struct {
+	encoder          Encoder
+	payloadMarshaler protocol.PayloadMarshaler
+	eventTypeFor     func(Marshaler) (string, error)
+}
+
+// NewEventWriter returns a new event stream writer, that will write to the
+// writer provided. Use the WriteEvent method to write an event to the stream.
+func NewEventWriter(encoder Encoder, pm protocol.PayloadMarshaler, eventTypeFor func(Marshaler) (string, error),
+) *EventWriter {
+	return &EventWriter{
+		encoder:          encoder,
+		payloadMarshaler: pm,
+		eventTypeFor:     eventTypeFor,
+	}
+}
+
+// WriteEvent writes an event to the stream. Returns an error if the event
+// fails to marshal into a message, or writing to the underlying writer fails.
+func (w *EventWriter) WriteEvent(event Marshaler) error {
+	msg, err := w.marshal(event)
+	if err != nil {
+		return err
+	}
+
+	return w.encoder.Encode(msg)
+}
+
+func (w *EventWriter) marshal(event Marshaler) (eventstream.Message, error) {
+	eventType, err := w.eventTypeFor(event)
+	if err != nil {
+		return eventstream.Message{}, err
+	}
+
+	msg, err := event.MarshalEvent(w.payloadMarshaler)
+	if err != nil {
+		return eventstream.Message{}, err
+	}
+
+	msg.Headers.Set(EventTypeHeader, eventstream.StringValue(eventType))
+	return msg, nil
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/header.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/header.go
new file mode 100644
index 000000000..f6f8c5674
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/header.go
@@ -0,0 +1,175 @@
+package eventstream
+
+import (
+	"encoding/binary"
+	"fmt"
+	"io"
+)
+
+// Headers are a collection of EventStream header values.
+type Headers []Header
+
+// Header is a single EventStream Key Value header pair.
+type Header struct {
+	Name  string
+	Value Value
+}
+
+// Set associates the name with a value. If the header name already exists in
+// the Headers the value will be replaced with the new one.
+func (hs *Headers) Set(name string, value Value) {
+	var i int
+	for ; i < len(*hs); i++ {
+		if (*hs)[i].Name == name {
+			(*hs)[i].Value = value
+			return
+		}
+	}
+
+	*hs = append(*hs, Header{
+		Name: name, Value: value,
+	})
+}
+
+// Get returns the Value associated with the header. Nil is returned if the
+// value does not exist.
+func (hs Headers) Get(name string) Value {
+	for i := 0; i < len(hs); i++ {
+		if h := hs[i]; h.Name == name {
+			return h.Value
+		}
+	}
+	return nil
+}
+
+// Del deletes the value in the Headers if it exists.
+func (hs *Headers) Del(name string) {
+	for i := 0; i < len(*hs); i++ {
+		if (*hs)[i].Name == name {
+			copy((*hs)[i:], (*hs)[i+1:])
+			(*hs) = (*hs)[:len(*hs)-1]
+		}
+	}
+}
+
+// Clone returns a deep copy of the headers
+func (hs Headers) Clone() Headers {
+	o := make(Headers, 0, len(hs))
+	for _, h := range hs {
+		o.Set(h.Name, h.Value)
+	}
+	return o
+}
+
+func decodeHeaders(r io.Reader) (Headers, error) {
+	hs := Headers{}
+
+	for {
+		name, err := decodeHeaderName(r)
+		if err != nil {
+			if err == io.EOF {
+				// EOF while getting header name means no more headers
+				break
+			}
+			return nil, err
+		}
+
+		value, err := decodeHeaderValue(r)
+		if err != nil {
+			return nil, err
+		}
+
+		hs.Set(name, value)
+	}
+
+	return hs, nil
+}
+
+func decodeHeaderName(r io.Reader) (string, error) {
+	var n headerName
+
+	var err error
+	n.Len, err = decodeUint8(r)
+	if err != nil {
+		return "", err
+	}
+
+	name := n.Name[:n.Len]
+	if _, err := io.ReadFull(r, name); err != nil {
+		return "", err
+	}
+
+	return string(name), nil
+}
+
+func decodeHeaderValue(r io.Reader) (Value, error) {
+	var raw rawValue
+
+	typ, err := decodeUint8(r)
+	if err != nil {
+		return nil, err
+	}
+	raw.Type = valueType(typ)
+
+	var v Value
+
+	switch raw.Type {
+	case trueValueType:
+		v = BoolValue(true)
+	case falseValueType:
+		v = BoolValue(false)
+	case int8ValueType:
+		var tv Int8Value
+		err = tv.decode(r)
+		v = tv
+	case int16ValueType:
+		var tv Int16Value
+		err = tv.decode(r)
+		v = tv
+	case int32ValueType:
+		var tv Int32Value
+		err = tv.decode(r)
+		v = tv
+	case int64ValueType:
+		var tv Int64Value
+		err = tv.decode(r)
+		v = tv
+	case bytesValueType:
+		var tv BytesValue
+		err = tv.decode(r)
+		v = tv
+	case stringValueType:
+		var tv StringValue
+		err = tv.decode(r)
+		v = tv
+	case timestampValueType:
+		var tv TimestampValue
+		err = tv.decode(r)
+		v = tv
+	case uuidValueType:
+		var tv UUIDValue
+		err = tv.decode(r)
+		v = tv
+	default:
+		panic(fmt.Sprintf("unknown value type %d", raw.Type))
+	}
+
+	// Error could be EOF, let caller deal with it
+	return v, err
+}
+
+const maxHeaderNameLen = 255
+
+type headerName struct {
+	Len  uint8
+	Name [maxHeaderNameLen]byte
+}
+
+func (v headerName) encode(w io.Writer) error {
+	if err := binary.Write(w, binary.BigEndian, v.Len); err != nil {
+		return err
+	}
+
+	_, err := w.Write(v.Name[:v.Len])
+	return err
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/header_value.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/header_value.go
new file mode 100644
index 000000000..9f509d8f6
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/header_value.go
@@ -0,0 +1,506 @@
+package eventstream
+
+import (
+	"encoding/base64"
+	"encoding/binary"
+	"fmt"
+	"io"
+	"strconv"
+	"time"
+)
+
+const maxHeaderValueLen = 1<<15 - 1 // 2^15-1 or 32KB - 1
+
+// valueType is the EventStream header value type.
+type valueType uint8
+
+// Header value types
+const (
+	trueValueType valueType = iota
+	falseValueType
+	int8ValueType  // Byte
+	int16ValueType // Short
+	int32ValueType // Integer
+	int64ValueType // Long
+	bytesValueType
+	stringValueType
+	timestampValueType
+	uuidValueType
+)
+
+func (t valueType) String() string {
+	switch t {
+	case trueValueType:
+		return "bool"
+	case falseValueType:
+		return "bool"
+	case int8ValueType:
+		return "int8"
+	case int16ValueType:
+		return "int16"
+	case int32ValueType:
+		return "int32"
+	case int64ValueType:
+		return "int64"
+	case bytesValueType:
+		return "byte_array"
+	case stringValueType:
+		return "string"
+	case timestampValueType:
+		return "timestamp"
+	case uuidValueType:
+		return "uuid"
+	default:
+		return fmt.Sprintf("unknown value type %d", uint8(t))
+	}
+}
+
+type rawValue struct {
+	Type  valueType
+	Len   uint16 // Only set for variable length slices
+	Value []byte // byte representation of value, BigEndian encoding.
+}
+
+func (r rawValue) encodeScalar(w io.Writer, v interface{}) error {
+	return binaryWriteFields(w, binary.BigEndian,
+		r.Type,
+		v,
+	)
+}
+
+func (r rawValue) encodeFixedSlice(w io.Writer, v []byte) error {
+	binary.Write(w, binary.BigEndian, r.Type)
+
+	_, err := w.Write(v)
+	return err
+}
+
+func (r rawValue) encodeBytes(w io.Writer, v []byte) error {
+	if len(v) > maxHeaderValueLen {
+		return LengthError{
+			Part: "header value",
+			Want: maxHeaderValueLen, Have: len(v),
+			Value: v,
+		}
+	}
+	r.Len = uint16(len(v))
+
+	err := binaryWriteFields(w, binary.BigEndian,
+		r.Type,
+		r.Len,
+	)
+	if err != nil {
+		return err
+	}
+
+	_, err = w.Write(v)
+	return err
+}
+
+func (r rawValue) encodeString(w io.Writer, v string) error {
+	if len(v) > maxHeaderValueLen {
+		return LengthError{
+			Part: "header value",
+			Want: maxHeaderValueLen, Have: len(v),
+			Value: v,
+		}
+	}
+	r.Len = uint16(len(v))
+
+	type stringWriter interface {
+		WriteString(string) (int, error)
+	}
+
+	err := binaryWriteFields(w, binary.BigEndian,
+		r.Type,
+		r.Len,
+	)
+	if err != nil {
+		return err
+	}
+
+	if sw, ok := w.(stringWriter); ok {
+		_, err = sw.WriteString(v)
+	} else {
+		_, err = w.Write([]byte(v))
+	}
+
+	return err
+}
+
+func decodeFixedBytesValue(r io.Reader, buf []byte) error {
+	_, err := io.ReadFull(r, buf)
+	return err
+}
+
+func decodeBytesValue(r io.Reader) ([]byte, error) {
+	var raw rawValue
+	var err error
+	raw.Len, err = decodeUint16(r)
+	if err != nil {
+		return nil, err
+	}
+
+	buf := make([]byte, raw.Len)
+	_, err = io.ReadFull(r, buf)
+	if err != nil {
+		return nil, err
+	}
+
+	return buf, nil
+}
+
+func decodeStringValue(r io.Reader) (string, error) {
+	v, err := decodeBytesValue(r)
+	return string(v), err
+}
+
+// Value represents the abstract header value.
+type Value interface {
+	Get() interface{}
+	String() string
+	valueType() valueType
+	encode(io.Writer) error
+}
+
+// An BoolValue provides eventstream encoding, and representation
+// of a Go bool value.
+type BoolValue bool
+
+// Get returns the underlying type
+func (v BoolValue) Get() interface{} {
+	return bool(v)
+}
+
+// valueType returns the EventStream header value type value.
+func (v BoolValue) valueType() valueType {
+	if v {
+		return trueValueType
+	}
+	return falseValueType
+}
+
+func (v BoolValue) String() string {
+	return strconv.FormatBool(bool(v))
+}
+
+// encode encodes the BoolValue into an eventstream binary value
+// representation.
+func (v BoolValue) encode(w io.Writer) error {
+	return binary.Write(w, binary.BigEndian, v.valueType())
+}
+
+// An Int8Value provides eventstream encoding, and representation of a Go
+// int8 value.
+type Int8Value int8
+
+// Get returns the underlying value.
+func (v Int8Value) Get() interface{} {
+	return int8(v)
+}
+
+// valueType returns the EventStream header value type value.
+func (Int8Value) valueType() valueType {
+	return int8ValueType
+}
+
+func (v Int8Value) String() string {
+	return fmt.Sprintf("0x%02x", int8(v))
+}
+
+// encode encodes the Int8Value into an eventstream binary value
+// representation.
+func (v Int8Value) encode(w io.Writer) error {
+	raw := rawValue{
+		Type: v.valueType(),
+	}
+
+	return raw.encodeScalar(w, v)
+}
+
+func (v *Int8Value) decode(r io.Reader) error {
+	n, err := decodeUint8(r)
+	if err != nil {
+		return err
+	}
+
+	*v = Int8Value(n)
+	return nil
+}
+
+// An Int16Value provides eventstream encoding, and representation of a Go
+// int16 value.
+type Int16Value int16
+
+// Get returns the underlying value.
+func (v Int16Value) Get() interface{} {
+	return int16(v)
+}
+
+// valueType returns the EventStream header value type value.
+func (Int16Value) valueType() valueType {
+	return int16ValueType
+}
+
+func (v Int16Value) String() string {
+	return fmt.Sprintf("0x%04x", int16(v))
+}
+
+// encode encodes the Int16Value into an eventstream binary value
+// representation.
+func (v Int16Value) encode(w io.Writer) error {
+	raw := rawValue{
+		Type: v.valueType(),
+	}
+	return raw.encodeScalar(w, v)
+}
+
+func (v *Int16Value) decode(r io.Reader) error {
+	n, err := decodeUint16(r)
+	if err != nil {
+		return err
+	}
+
+	*v = Int16Value(n)
+	return nil
+}
+
+// An Int32Value provides eventstream encoding, and representation of a Go
+// int32 value.
+type Int32Value int32
+
+// Get returns the underlying value.
+func (v Int32Value) Get() interface{} {
+	return int32(v)
+}
+
+// valueType returns the EventStream header value type value.
+func (Int32Value) valueType() valueType {
+	return int32ValueType
+}
+
+func (v Int32Value) String() string {
+	return fmt.Sprintf("0x%08x", int32(v))
+}
+
+// encode encodes the Int32Value into an eventstream binary value
+// representation.
+func (v Int32Value) encode(w io.Writer) error {
+	raw := rawValue{
+		Type: v.valueType(),
+	}
+	return raw.encodeScalar(w, v)
+}
+
+func (v *Int32Value) decode(r io.Reader) error {
+	n, err := decodeUint32(r)
+	if err != nil {
+		return err
+	}
+
+	*v = Int32Value(n)
+	return nil
+}
+
+// An Int64Value provides eventstream encoding, and representation of a Go
+// int64 value.
+type Int64Value int64
+
+// Get returns the underlying value.
+func (v Int64Value) Get() interface{} {
+	return int64(v)
+}
+
+// valueType returns the EventStream header value type value.
+func (Int64Value) valueType() valueType {
+	return int64ValueType
+}
+
+func (v Int64Value) String() string {
+	return fmt.Sprintf("0x%016x", int64(v))
+}
+
+// encode encodes the Int64Value into an eventstream binary value
+// representation.
+func (v Int64Value) encode(w io.Writer) error {
+	raw := rawValue{
+		Type: v.valueType(),
+	}
+	return raw.encodeScalar(w, v)
+}
+
+func (v *Int64Value) decode(r io.Reader) error {
+	n, err := decodeUint64(r)
+	if err != nil {
+		return err
+	}
+
+	*v = Int64Value(n)
+	return nil
+}
+
+// An BytesValue provides eventstream encoding, and representation of a Go
+// byte slice.
+type BytesValue []byte
+
+// Get returns the underlying value.
+func (v BytesValue) Get() interface{} {
+	return []byte(v)
+}
+
+// valueType returns the EventStream header value type value.
+func (BytesValue) valueType() valueType {
+	return bytesValueType
+}
+
+func (v BytesValue) String() string {
+	return base64.StdEncoding.EncodeToString([]byte(v))
+}
+
+// encode encodes the BytesValue into an eventstream binary value
+// representation.
+func (v BytesValue) encode(w io.Writer) error {
+	raw := rawValue{
+		Type: v.valueType(),
+	}
+
+	return raw.encodeBytes(w, []byte(v))
+}
+
+func (v *BytesValue) decode(r io.Reader) error {
+	buf, err := decodeBytesValue(r)
+	if err != nil {
+		return err
+	}
+
+	*v = BytesValue(buf)
+	return nil
+}
+
+// An StringValue provides eventstream encoding, and representation of a Go
+// string.
+type StringValue string
+
+// Get returns the underlying value.
+func (v StringValue) Get() interface{} {
+	return string(v)
+}
+
+// valueType returns the EventStream header value type value.
+func (StringValue) valueType() valueType {
+	return stringValueType
+}
+
+func (v StringValue) String() string {
+	return string(v)
+}
+
+// encode encodes the StringValue into an eventstream binary value
+// representation.
+func (v StringValue) encode(w io.Writer) error {
+	raw := rawValue{
+		Type: v.valueType(),
+	}
+
+	return raw.encodeString(w, string(v))
+}
+
+func (v *StringValue) decode(r io.Reader) error {
+	s, err := decodeStringValue(r)
+	if err != nil {
+		return err
+	}
+
+	*v = StringValue(s)
+	return nil
+}
+
+// An TimestampValue provides eventstream encoding, and representation of a Go
+// timestamp.
+type TimestampValue time.Time
+
+// Get returns the underlying value.
+func (v TimestampValue) Get() interface{} {
+	return time.Time(v)
+}
+
+// valueType returns the EventStream header value type value.
+func (TimestampValue) valueType() valueType {
+	return timestampValueType
+}
+
+func (v TimestampValue) epochMilli() int64 {
+	nano := time.Time(v).UnixNano()
+	msec := nano / int64(time.Millisecond)
+	return msec
+}
+
+func (v TimestampValue) String() string {
+	msec := v.epochMilli()
+	return strconv.FormatInt(msec, 10)
+}
+
+// encode encodes the TimestampValue into an eventstream binary value
+// representation.
+func (v TimestampValue) encode(w io.Writer) error {
+	raw := rawValue{
+		Type: v.valueType(),
+	}
+
+	msec := v.epochMilli()
+	return raw.encodeScalar(w, msec)
+}
+
+func (v *TimestampValue) decode(r io.Reader) error {
+	n, err := decodeUint64(r)
+	if err != nil {
+		return err
+	}
+
+	*v = TimestampValue(timeFromEpochMilli(int64(n)))
+	return nil
+}
+
+// MarshalJSON implements the json.Marshaler interface
+func (v TimestampValue) MarshalJSON() ([]byte, error) {
+	return []byte(v.String()), nil
+}
+
+func timeFromEpochMilli(t int64) time.Time {
+	secs := t / 1e3
+	msec := t % 1e3
+	return time.Unix(secs, msec*int64(time.Millisecond)).UTC()
+}
+
+// An UUIDValue provides eventstream encoding, and representation of a UUID
+// value.
+type UUIDValue [16]byte
+
+// Get returns the underlying value.
+func (v UUIDValue) Get() interface{} {
+	return v[:]
+}
+
+// valueType returns the EventStream header value type value.
+func (UUIDValue) valueType() valueType {
+	return uuidValueType
+}
+
+func (v UUIDValue) String() string {
+	return fmt.Sprintf(`%X-%X-%X-%X-%X`, v[0:4], v[4:6], v[6:8], v[8:10], v[10:])
+}
+
+// encode encodes the UUIDValue into an eventstream binary value
+// representation.
+func (v UUIDValue) encode(w io.Writer) error {
+	raw := rawValue{
+		Type: v.valueType(),
+	}
+
+	return raw.encodeFixedSlice(w, v[:])
+}
+
+func (v *UUIDValue) decode(r io.Reader) error {
+	tv := (*v)[:]
+	return decodeFixedBytesValue(r, tv)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/message.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/message.go
new file mode 100644
index 000000000..f7427da03
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/message.go
@@ -0,0 +1,117 @@
+package eventstream
+
+import (
+	"bytes"
+	"encoding/binary"
+	"hash/crc32"
+)
+
+const preludeLen = 8
+const preludeCRCLen = 4
+const msgCRCLen = 4
+const minMsgLen = preludeLen + preludeCRCLen + msgCRCLen
+const maxPayloadLen = 1024 * 1024 * 16 // 16MB
+const maxHeadersLen = 1024 * 128       // 128KB
+const maxMsgLen = minMsgLen + maxHeadersLen + maxPayloadLen
+
+var crc32IEEETable = crc32.MakeTable(crc32.IEEE)
+
+// A Message provides the eventstream message representation.
+type Message struct {
+	Headers Headers
+	Payload []byte
+}
+
+func (m *Message) rawMessage() (rawMessage, error) {
+	var raw rawMessage
+
+	if len(m.Headers) > 0 {
+		var headers bytes.Buffer
+		if err := EncodeHeaders(&headers, m.Headers); err != nil {
+			return rawMessage{}, err
+		}
+		raw.Headers = headers.Bytes()
+		raw.HeadersLen = uint32(len(raw.Headers))
+	}
+
+	raw.Length = raw.HeadersLen + uint32(len(m.Payload)) + minMsgLen
+
+	hash := crc32.New(crc32IEEETable)
+	binaryWriteFields(hash, binary.BigEndian, raw.Length, raw.HeadersLen)
+	raw.PreludeCRC = hash.Sum32()
+
+	binaryWriteFields(hash, binary.BigEndian, raw.PreludeCRC)
+
+	if raw.HeadersLen > 0 {
+		hash.Write(raw.Headers)
+	}
+
+	// Read payload bytes and update hash for it as well.
+	if len(m.Payload) > 0 {
+		raw.Payload = m.Payload
+		hash.Write(raw.Payload)
+	}
+
+	raw.CRC = hash.Sum32()
+
+	return raw, nil
+}
+
+// Clone returns a deep copy of the message.
+func (m Message) Clone() Message {
+	var payload []byte
+	if m.Payload != nil {
+		payload = make([]byte, len(m.Payload))
+		copy(payload, m.Payload)
+	}
+
+	return Message{
+		Headers: m.Headers.Clone(),
+		Payload: payload,
+	}
+}
+
+type messagePrelude struct {
+	Length     uint32
+	HeadersLen uint32
+	PreludeCRC uint32
+}
+
+func (p messagePrelude) PayloadLen() uint32 {
+	return p.Length - p.HeadersLen - minMsgLen
+}
+
+func (p messagePrelude) ValidateLens() error {
+	if p.Length == 0 || p.Length > maxMsgLen {
+		return LengthError{
+			Part: "message prelude",
+			Want: maxMsgLen,
+			Have: int(p.Length),
+		}
+	}
+	if p.HeadersLen > maxHeadersLen {
+		return LengthError{
+			Part: "message headers",
+			Want: maxHeadersLen,
+			Have: int(p.HeadersLen),
+		}
+	}
+	if payloadLen := p.PayloadLen(); payloadLen > maxPayloadLen {
+		return LengthError{
+			Part: "message payload",
+			Want: maxPayloadLen,
+			Have: int(payloadLen),
+		}
+	}
+
+	return nil
+}
+
+type rawMessage struct {
+	messagePrelude
+
+	Headers []byte
+	Payload []byte
+
+	CRC uint32
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/host.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/host.go
new file mode 100644
index 000000000..1f1d27aea
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/host.go
@@ -0,0 +1,104 @@
+package protocol
+
+import (
+	"github.com/aws/aws-sdk-go/aws/request"
+	"net"
+	"strconv"
+	"strings"
+)
+
+// ValidateEndpointHostHandler is a request handler that will validate the
+// request endpoint's hosts is a valid RFC 3986 host.
+var ValidateEndpointHostHandler = request.NamedHandler{
+	Name: "awssdk.protocol.ValidateEndpointHostHandler",
+	Fn: func(r *request.Request) {
+		err := ValidateEndpointHost(r.Operation.Name, r.HTTPRequest.URL.Host)
+		if err != nil {
+			r.Error = err
+		}
+	},
+}
+
+// ValidateEndpointHost validates that the host string passed in is a valid RFC
+// 3986 host. Returns error if the host is not valid.
+func ValidateEndpointHost(opName, host string) error {
+	paramErrs := request.ErrInvalidParams{Context: opName}
+
+	var hostname string
+	var port string
+	var err error
+
+	if strings.Contains(host, ":") {
+		hostname, port, err = net.SplitHostPort(host)
+
+		if err != nil {
+			paramErrs.Add(request.NewErrParamFormat("endpoint", err.Error(), host))
+		}
+
+		if !ValidPortNumber(port) {
+			paramErrs.Add(request.NewErrParamFormat("endpoint port number", "[0-65535]", port))
+		}
+	} else {
+		hostname = host
+	}
+
+	labels := strings.Split(hostname, ".")
+	for i, label := range labels {
+		if i == len(labels)-1 && len(label) == 0 {
+			// Allow trailing dot for FQDN hosts.
+			continue
+		}
+
+		if !ValidHostLabel(label) {
+			paramErrs.Add(request.NewErrParamFormat(
+				"endpoint host label", "[a-zA-Z0-9-]{1,63}", label))
+		}
+	}
+
+	if len(hostname) == 0 {
+		paramErrs.Add(request.NewErrParamMinLen("endpoint host", 1))
+	}
+
+	if len(hostname) > 255 {
+		paramErrs.Add(request.NewErrParamMaxLen(
+			"endpoint host", 255, host,
+		))
+	}
+
+	if paramErrs.Len() > 0 {
+		return paramErrs
+	}
+	return nil
+}
+
+// ValidHostLabel returns if the label is a valid RFC 3986 host label.
+func ValidHostLabel(label string) bool {
+	if l := len(label); l == 0 || l > 63 {
+		return false
+	}
+	for _, r := range label {
+		switch {
+		case r >= '0' && r <= '9':
+		case r >= 'A' && r <= 'Z':
+		case r >= 'a' && r <= 'z':
+		case r == '-':
+		default:
+			return false
+		}
+	}
+
+	return true
+}
+
+// ValidPortNumber return if the port is valid RFC 3986 port
+func ValidPortNumber(port string) bool {
+	i, err := strconv.Atoi(port)
+	if err != nil {
+		return false
+	}
+
+	if i < 0 || i > 65535 {
+		return false
+	}
+	return true
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/host_prefix.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/host_prefix.go
new file mode 100644
index 000000000..915b0fcaf
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/host_prefix.go
@@ -0,0 +1,54 @@
+package protocol
+
+import (
+	"strings"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/request"
+)
+
+// HostPrefixHandlerName is the handler name for the host prefix request
+// handler.
+const HostPrefixHandlerName = "awssdk.endpoint.HostPrefixHandler"
+
+// NewHostPrefixHandler constructs a build handler
+func NewHostPrefixHandler(prefix string, labelsFn func() map[string]string) request.NamedHandler {
+	builder := HostPrefixBuilder{
+		Prefix:   prefix,
+		LabelsFn: labelsFn,
+	}
+
+	return request.NamedHandler{
+		Name: HostPrefixHandlerName,
+		Fn:   builder.Build,
+	}
+}
+
+// HostPrefixBuilder provides the request handler to expand and prepend
+// the host prefix into the operation's request endpoint host.
+type HostPrefixBuilder struct {
+	Prefix   string
+	LabelsFn func() map[string]string
+}
+
+// Build updates the passed in Request with the HostPrefix template expanded.
+func (h HostPrefixBuilder) Build(r *request.Request) {
+	if aws.BoolValue(r.Config.DisableEndpointHostPrefix) {
+		return
+	}
+
+	var labels map[string]string
+	if h.LabelsFn != nil {
+		labels = h.LabelsFn()
+	}
+
+	prefix := h.Prefix
+	for name, value := range labels {
+		prefix = strings.Replace(prefix, "{"+name+"}", value, -1)
+	}
+
+	r.HTTPRequest.URL.Host = prefix + r.HTTPRequest.URL.Host
+	if len(r.HTTPRequest.Host) > 0 {
+		r.HTTPRequest.Host = prefix + r.HTTPRequest.Host
+	}
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/idempotency.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/idempotency.go
new file mode 100644
index 000000000..53831dff9
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/idempotency.go
@@ -0,0 +1,75 @@
+package protocol
+
+import (
+	"crypto/rand"
+	"fmt"
+	"reflect"
+)
+
+// RandReader is the random reader the protocol package will use to read
+// random bytes from. This is exported for testing, and should not be used.
+var RandReader = rand.Reader
+
+const idempotencyTokenFillTag = `idempotencyToken`
+
+// CanSetIdempotencyToken returns true if the struct field should be
+// automatically populated with a Idempotency token.
+//
+// Only *string and string type fields that are tagged with idempotencyToken
+// which are not already set can be auto filled.
+func CanSetIdempotencyToken(v reflect.Value, f reflect.StructField) bool {
+	switch u := v.Interface().(type) {
+	// To auto fill an Idempotency token the field must be a string,
+	// tagged for auto fill, and have a zero value.
+	case *string:
+		return u == nil && len(f.Tag.Get(idempotencyTokenFillTag)) != 0
+	case string:
+		return len(u) == 0 && len(f.Tag.Get(idempotencyTokenFillTag)) != 0
+	}
+
+	return false
+}
+
+// GetIdempotencyToken returns a randomly generated idempotency token.
+func GetIdempotencyToken() string {
+	b := make([]byte, 16)
+	RandReader.Read(b)
+
+	return UUIDVersion4(b)
+}
+
+// SetIdempotencyToken will set the value provided with a Idempotency Token.
+// Given that the value can be set. Will panic if value is not setable.
+func SetIdempotencyToken(v reflect.Value) {
+	if v.Kind() == reflect.Ptr {
+		if v.IsNil() && v.CanSet() {
+			v.Set(reflect.New(v.Type().Elem()))
+		}
+		v = v.Elem()
+	}
+	v = reflect.Indirect(v)
+
+	if !v.CanSet() {
+		panic(fmt.Sprintf("unable to set idempotnecy token %v", v))
+	}
+
+	b := make([]byte, 16)
+	_, err := rand.Read(b)
+	if err != nil {
+		// TODO handle error
+		return
+	}
+
+	v.Set(reflect.ValueOf(UUIDVersion4(b)))
+}
+
+// UUIDVersion4 returns a Version 4 random UUID from the byte slice provided
+func UUIDVersion4(u []byte) string {
+	// https://en.wikipedia.org/wiki/Universally_unique_identifier#Version_4_.28random.29
+	// 13th character is "4"
+	u[6] = (u[6] | 0x40) & 0x4F
+	// 17th character is "8", "9", "a", or "b"
+	u[8] = (u[8] | 0x80) & 0xBF
+
+	return fmt.Sprintf(`%X-%X-%X-%X-%X`, u[0:4], u[4:6], u[6:8], u[8:10], u[10:])
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/json/jsonutil/build.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/json/jsonutil/build.go
new file mode 100644
index 000000000..12e814ddf
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/json/jsonutil/build.go
@@ -0,0 +1,309 @@
+// Package jsonutil provides JSON serialization of AWS requests and responses.
+package jsonutil
+
+import (
+	"bytes"
+	"encoding/base64"
+	"fmt"
+	"math"
+	"reflect"
+	"sort"
+	"strconv"
+	"time"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/private/protocol"
+)
+
+const (
+	floatNaN    = "NaN"
+	floatInf    = "Infinity"
+	floatNegInf = "-Infinity"
+)
+
+var timeType = reflect.ValueOf(time.Time{}).Type()
+var byteSliceType = reflect.ValueOf([]byte{}).Type()
+
+// BuildJSON builds a JSON string for a given object v.
+func BuildJSON(v interface{}) ([]byte, error) {
+	var buf bytes.Buffer
+
+	err := buildAny(reflect.ValueOf(v), &buf, "")
+	return buf.Bytes(), err
+}
+
+func buildAny(value reflect.Value, buf *bytes.Buffer, tag reflect.StructTag) error {
+	origVal := value
+	value = reflect.Indirect(value)
+	if !value.IsValid() {
+		return nil
+	}
+
+	vtype := value.Type()
+
+	t := tag.Get("type")
+	if t == "" {
+		switch vtype.Kind() {
+		case reflect.Struct:
+			// also it can't be a time object
+			if value.Type() != timeType {
+				t = "structure"
+			}
+		case reflect.Slice:
+			// also it can't be a byte slice
+			if _, ok := value.Interface().([]byte); !ok {
+				t = "list"
+			}
+		case reflect.Map:
+			// cannot be a JSONValue map
+			if _, ok := value.Interface().(aws.JSONValue); !ok {
+				t = "map"
+			}
+		}
+	}
+
+	switch t {
+	case "structure":
+		if field, ok := vtype.FieldByName("_"); ok {
+			tag = field.Tag
+		}
+		return buildStruct(value, buf, tag)
+	case "list":
+		return buildList(value, buf, tag)
+	case "map":
+		return buildMap(value, buf, tag)
+	default:
+		return buildScalar(origVal, buf, tag)
+	}
+}
+
+func buildStruct(value reflect.Value, buf *bytes.Buffer, tag reflect.StructTag) error {
+	if !value.IsValid() {
+		return nil
+	}
+
+	// unwrap payloads
+	if payload := tag.Get("payload"); payload != "" {
+		field, _ := value.Type().FieldByName(payload)
+		tag = field.Tag
+		value = elemOf(value.FieldByName(payload))
+		if !value.IsValid() && tag.Get("type") != "structure" {
+			return nil
+		}
+	}
+
+	buf.WriteByte('{')
+	defer buf.WriteString("}")
+
+	if !value.IsValid() {
+		return nil
+	}
+
+	t := value.Type()
+	first := true
+	for i := 0; i < t.NumField(); i++ {
+		member := value.Field(i)
+
+		// This allocates the most memory.
+		// Additionally, we cannot skip nil fields due to
+		// idempotency auto filling.
+		field := t.Field(i)
+
+		if field.PkgPath != "" {
+			continue // ignore unexported fields
+		}
+		if field.Tag.Get("json") == "-" {
+			continue
+		}
+		if field.Tag.Get("location") != "" {
+			continue // ignore non-body elements
+		}
+		if field.Tag.Get("ignore") != "" {
+			continue
+		}
+
+		if protocol.CanSetIdempotencyToken(member, field) {
+			token := protocol.GetIdempotencyToken()
+			member = reflect.ValueOf(&token)
+		}
+
+		if (member.Kind() == reflect.Ptr || member.Kind() == reflect.Slice || member.Kind() == reflect.Map) && member.IsNil() {
+			continue // ignore unset fields
+		}
+
+		if first {
+			first = false
+		} else {
+			buf.WriteByte(',')
+		}
+
+		// figure out what this field is called
+		name := field.Name
+		if locName := field.Tag.Get("locationName"); locName != "" {
+			name = locName
+		}
+
+		writeString(name, buf)
+		buf.WriteString(`:`)
+
+		err := buildAny(member, buf, field.Tag)
+		if err != nil {
+			return err
+		}
+
+	}
+
+	return nil
+}
+
+func buildList(value reflect.Value, buf *bytes.Buffer, tag reflect.StructTag) error {
+	buf.WriteString("[")
+
+	for i := 0; i < value.Len(); i++ {
+		buildAny(value.Index(i), buf, "")
+
+		if i < value.Len()-1 {
+			buf.WriteString(",")
+		}
+	}
+
+	buf.WriteString("]")
+
+	return nil
+}
+
+type sortedValues []reflect.Value
+
+func (sv sortedValues) Len() int           { return len(sv) }
+func (sv sortedValues) Swap(i, j int)      { sv[i], sv[j] = sv[j], sv[i] }
+func (sv sortedValues) Less(i, j int) bool { return sv[i].String() < sv[j].String() }
+
+func buildMap(value reflect.Value, buf *bytes.Buffer, tag reflect.StructTag) error {
+	buf.WriteString("{")
+
+	sv := sortedValues(value.MapKeys())
+	sort.Sort(sv)
+
+	for i, k := range sv {
+		if i > 0 {
+			buf.WriteByte(',')
+		}
+
+		writeString(k.String(), buf)
+		buf.WriteString(`:`)
+
+		buildAny(value.MapIndex(k), buf, "")
+	}
+
+	buf.WriteString("}")
+
+	return nil
+}
+
+func buildScalar(v reflect.Value, buf *bytes.Buffer, tag reflect.StructTag) error {
+	// prevents allocation on the heap.
+	scratch := [64]byte{}
+	switch value := reflect.Indirect(v); value.Kind() {
+	case reflect.String:
+		writeString(value.String(), buf)
+	case reflect.Bool:
+		if value.Bool() {
+			buf.WriteString("true")
+		} else {
+			buf.WriteString("false")
+		}
+	case reflect.Int64:
+		buf.Write(strconv.AppendInt(scratch[:0], value.Int(), 10))
+	case reflect.Float64:
+		f := value.Float()
+		switch {
+		case math.IsNaN(f):
+			writeString(floatNaN, buf)
+		case math.IsInf(f, 1):
+			writeString(floatInf, buf)
+		case math.IsInf(f, -1):
+			writeString(floatNegInf, buf)
+		default:
+			buf.Write(strconv.AppendFloat(scratch[:0], f, 'f', -1, 64))
+		}
+	default:
+		switch converted := value.Interface().(type) {
+		case time.Time:
+			format := tag.Get("timestampFormat")
+			if len(format) == 0 {
+				format = protocol.UnixTimeFormatName
+			}
+
+			ts := protocol.FormatTime(format, converted)
+			if format != protocol.UnixTimeFormatName {
+				ts = `"` + ts + `"`
+			}
+
+			buf.WriteString(ts)
+		case []byte:
+			if !value.IsNil() {
+				buf.WriteByte('"')
+				if len(converted) < 1024 {
+					// for small buffers, using Encode directly is much faster.
+					dst := make([]byte, base64.StdEncoding.EncodedLen(len(converted)))
+					base64.StdEncoding.Encode(dst, converted)
+					buf.Write(dst)
+				} else {
+					// for large buffers, avoid unnecessary extra temporary
+					// buffer space.
+					enc := base64.NewEncoder(base64.StdEncoding, buf)
+					enc.Write(converted)
+					enc.Close()
+				}
+				buf.WriteByte('"')
+			}
+		case aws.JSONValue:
+			str, err := protocol.EncodeJSONValue(converted, protocol.QuotedEscape)
+			if err != nil {
+				return fmt.Errorf("unable to encode JSONValue, %v", err)
+			}
+			buf.WriteString(str)
+		default:
+			return fmt.Errorf("unsupported JSON value %v (%s)", value.Interface(), value.Type())
+		}
+	}
+	return nil
+}
+
+var hex = "0123456789abcdef"
+
+func writeString(s string, buf *bytes.Buffer) {
+	buf.WriteByte('"')
+	for i := 0; i < len(s); i++ {
+		if s[i] == '"' {
+			buf.WriteString(`\"`)
+		} else if s[i] == '\\' {
+			buf.WriteString(`\\`)
+		} else if s[i] == '\b' {
+			buf.WriteString(`\b`)
+		} else if s[i] == '\f' {
+			buf.WriteString(`\f`)
+		} else if s[i] == '\r' {
+			buf.WriteString(`\r`)
+		} else if s[i] == '\t' {
+			buf.WriteString(`\t`)
+		} else if s[i] == '\n' {
+			buf.WriteString(`\n`)
+		} else if s[i] < 32 {
+			buf.WriteString("\\u00")
+			buf.WriteByte(hex[s[i]>>4])
+			buf.WriteByte(hex[s[i]&0xF])
+		} else {
+			buf.WriteByte(s[i])
+		}
+	}
+	buf.WriteByte('"')
+}
+
+// Returns the reflection element of a value, if it is a pointer.
+func elemOf(value reflect.Value) reflect.Value {
+	for value.Kind() == reflect.Ptr {
+		value = value.Elem()
+	}
+	return value
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/json/jsonutil/unmarshal.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/json/jsonutil/unmarshal.go
new file mode 100644
index 000000000..f9334879b
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/json/jsonutil/unmarshal.go
@@ -0,0 +1,317 @@
+package jsonutil
+
+import (
+	"bytes"
+	"encoding/base64"
+	"encoding/json"
+	"fmt"
+	"io"
+	"math"
+	"math/big"
+	"reflect"
+	"strings"
+	"time"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/awserr"
+	"github.com/aws/aws-sdk-go/private/protocol"
+)
+
+var millisecondsFloat = new(big.Float).SetInt64(1e3)
+
+// UnmarshalJSONError unmarshal's the reader's JSON document into the passed in
+// type. The value to unmarshal the json document into must be a pointer to the
+// type.
+func UnmarshalJSONError(v interface{}, stream io.Reader) error {
+	var errBuf bytes.Buffer
+	body := io.TeeReader(stream, &errBuf)
+
+	err := json.NewDecoder(body).Decode(v)
+	if err != nil {
+		msg := "failed decoding error message"
+		if err == io.EOF {
+			msg = "error message missing"
+			err = nil
+		}
+		return awserr.NewUnmarshalError(err, msg, errBuf.Bytes())
+	}
+
+	return nil
+}
+
+// UnmarshalJSON reads a stream and unmarshals the results in object v.
+func UnmarshalJSON(v interface{}, stream io.Reader) error {
+	var out interface{}
+
+	decoder := json.NewDecoder(stream)
+	decoder.UseNumber()
+	err := decoder.Decode(&out)
+	if err == io.EOF {
+		return nil
+	} else if err != nil {
+		return err
+	}
+
+	return unmarshaler{}.unmarshalAny(reflect.ValueOf(v), out, "")
+}
+
+// UnmarshalJSONCaseInsensitive reads a stream and unmarshals the result into the
+// object v. Ignores casing for structure members.
+func UnmarshalJSONCaseInsensitive(v interface{}, stream io.Reader) error {
+	var out interface{}
+
+	decoder := json.NewDecoder(stream)
+	decoder.UseNumber()
+	err := decoder.Decode(&out)
+	if err == io.EOF {
+		return nil
+	} else if err != nil {
+		return err
+	}
+
+	return unmarshaler{
+		caseInsensitive: true,
+	}.unmarshalAny(reflect.ValueOf(v), out, "")
+}
+
+type unmarshaler struct {
+	caseInsensitive bool
+}
+
+func (u unmarshaler) unmarshalAny(value reflect.Value, data interface{}, tag reflect.StructTag) error {
+	vtype := value.Type()
+	if vtype.Kind() == reflect.Ptr {
+		vtype = vtype.Elem() // check kind of actual element type
+	}
+
+	t := tag.Get("type")
+	if t == "" {
+		switch vtype.Kind() {
+		case reflect.Struct:
+			// also it can't be a time object
+			if _, ok := value.Interface().(*time.Time); !ok {
+				t = "structure"
+			}
+		case reflect.Slice:
+			// also it can't be a byte slice
+			if _, ok := value.Interface().([]byte); !ok {
+				t = "list"
+			}
+		case reflect.Map:
+			// cannot be a JSONValue map
+			if _, ok := value.Interface().(aws.JSONValue); !ok {
+				t = "map"
+			}
+		}
+	}
+
+	switch t {
+	case "structure":
+		if field, ok := vtype.FieldByName("_"); ok {
+			tag = field.Tag
+		}
+		return u.unmarshalStruct(value, data, tag)
+	case "list":
+		return u.unmarshalList(value, data, tag)
+	case "map":
+		return u.unmarshalMap(value, data, tag)
+	default:
+		return u.unmarshalScalar(value, data, tag)
+	}
+}
+
+func (u unmarshaler) unmarshalStruct(value reflect.Value, data interface{}, tag reflect.StructTag) error {
+	if data == nil {
+		return nil
+	}
+	mapData, ok := data.(map[string]interface{})
+	if !ok {
+		return fmt.Errorf("JSON value is not a structure (%#v)", data)
+	}
+
+	t := value.Type()
+	if value.Kind() == reflect.Ptr {
+		if value.IsNil() { // create the structure if it's nil
+			s := reflect.New(value.Type().Elem())
+			value.Set(s)
+			value = s
+		}
+
+		value = value.Elem()
+		t = t.Elem()
+	}
+
+	// unwrap any payloads
+	if payload := tag.Get("payload"); payload != "" {
+		field, _ := t.FieldByName(payload)
+		return u.unmarshalAny(value.FieldByName(payload), data, field.Tag)
+	}
+
+	for i := 0; i < t.NumField(); i++ {
+		field := t.Field(i)
+		if field.PkgPath != "" {
+			continue // ignore unexported fields
+		}
+
+		// figure out what this field is called
+		name := field.Name
+		if locName := field.Tag.Get("locationName"); locName != "" {
+			name = locName
+		}
+		if u.caseInsensitive {
+			if _, ok := mapData[name]; !ok {
+				// Fallback to uncased name search if the exact name didn't match.
+				for kn, v := range mapData {
+					if strings.EqualFold(kn, name) {
+						mapData[name] = v
+					}
+				}
+			}
+		}
+
+		member := value.FieldByIndex(field.Index)
+		err := u.unmarshalAny(member, mapData[name], field.Tag)
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func (u unmarshaler) unmarshalList(value reflect.Value, data interface{}, tag reflect.StructTag) error {
+	if data == nil {
+		return nil
+	}
+	listData, ok := data.([]interface{})
+	if !ok {
+		return fmt.Errorf("JSON value is not a list (%#v)", data)
+	}
+
+	if value.IsNil() {
+		l := len(listData)
+		value.Set(reflect.MakeSlice(value.Type(), l, l))
+	}
+
+	for i, c := range listData {
+		err := u.unmarshalAny(value.Index(i), c, "")
+		if err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (u unmarshaler) unmarshalMap(value reflect.Value, data interface{}, tag reflect.StructTag) error {
+	if data == nil {
+		return nil
+	}
+	mapData, ok := data.(map[string]interface{})
+	if !ok {
+		return fmt.Errorf("JSON value is not a map (%#v)", data)
+	}
+
+	if value.IsNil() {
+		value.Set(reflect.MakeMap(value.Type()))
+	}
+
+	for k, v := range mapData {
+		kvalue := reflect.ValueOf(k)
+		vvalue := reflect.New(value.Type().Elem()).Elem()
+
+		u.unmarshalAny(vvalue, v, "")
+		value.SetMapIndex(kvalue, vvalue)
+	}
+
+	return nil
+}
+
+func (u unmarshaler) unmarshalScalar(value reflect.Value, data interface{}, tag reflect.StructTag) error {
+
+	switch d := data.(type) {
+	case nil:
+		return nil // nothing to do here
+	case string:
+		switch value.Interface().(type) {
+		case *string:
+			value.Set(reflect.ValueOf(&d))
+		case []byte:
+			b, err := base64.StdEncoding.DecodeString(d)
+			if err != nil {
+				return err
+			}
+			value.Set(reflect.ValueOf(b))
+		case *time.Time:
+			format := tag.Get("timestampFormat")
+			if len(format) == 0 {
+				format = protocol.ISO8601TimeFormatName
+			}
+
+			t, err := protocol.ParseTime(format, d)
+			if err != nil {
+				return err
+			}
+			value.Set(reflect.ValueOf(&t))
+		case aws.JSONValue:
+			// No need to use escaping as the value is a non-quoted string.
+			v, err := protocol.DecodeJSONValue(d, protocol.NoEscape)
+			if err != nil {
+				return err
+			}
+			value.Set(reflect.ValueOf(v))
+		case *float64:
+			// These are regular strings when parsed by encoding/json's unmarshaler.
+			switch {
+			case strings.EqualFold(d, floatNaN):
+				value.Set(reflect.ValueOf(aws.Float64(math.NaN())))
+			case strings.EqualFold(d, floatInf):
+				value.Set(reflect.ValueOf(aws.Float64(math.Inf(1))))
+			case strings.EqualFold(d, floatNegInf):
+				value.Set(reflect.ValueOf(aws.Float64(math.Inf(-1))))
+			default:
+				return fmt.Errorf("unknown JSON number value: %s", d)
+			}
+		default:
+			return fmt.Errorf("unsupported value: %v (%s)", value.Interface(), value.Type())
+		}
+	case json.Number:
+		switch value.Interface().(type) {
+		case *int64:
+			// Retain the old behavior where we would just truncate the float64
+			// calling d.Int64() here could cause an invalid syntax error due to the usage of strconv.ParseInt
+			f, err := d.Float64()
+			if err != nil {
+				return err
+			}
+			di := int64(f)
+			value.Set(reflect.ValueOf(&di))
+		case *float64:
+			f, err := d.Float64()
+			if err != nil {
+				return err
+			}
+			value.Set(reflect.ValueOf(&f))
+		case *time.Time:
+			float, ok := new(big.Float).SetString(d.String())
+			if !ok {
+				return fmt.Errorf("unsupported float time representation: %v", d.String())
+			}
+			float = float.Mul(float, millisecondsFloat)
+			ms, _ := float.Int64()
+			t := time.Unix(0, ms*1e6).UTC()
+			value.Set(reflect.ValueOf(&t))
+		default:
+			return fmt.Errorf("unsupported value: %v (%s)", value.Interface(), value.Type())
+		}
+	case bool:
+		switch value.Interface().(type) {
+		case *bool:
+			value.Set(reflect.ValueOf(&d))
+		default:
+			return fmt.Errorf("unsupported value: %v (%s)", value.Interface(), value.Type())
+		}
+	default:
+		return fmt.Errorf("unsupported JSON value (%v)", data)
+	}
+	return nil
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/jsonrpc/jsonrpc.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/jsonrpc/jsonrpc.go
new file mode 100644
index 000000000..d9aa27114
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/jsonrpc/jsonrpc.go
@@ -0,0 +1,87 @@
+// Package jsonrpc provides JSON RPC utilities for serialization of AWS
+// requests and responses.
+package jsonrpc
+
+//go:generate go run -tags codegen ../../../private/model/cli/gen-protocol-tests ../../../models/protocol_tests/input/json.json build_test.go
+//go:generate go run -tags codegen ../../../private/model/cli/gen-protocol-tests ../../../models/protocol_tests/output/json.json unmarshal_test.go
+
+import (
+	"github.com/aws/aws-sdk-go/aws/awserr"
+	"github.com/aws/aws-sdk-go/aws/request"
+	"github.com/aws/aws-sdk-go/private/protocol/json/jsonutil"
+	"github.com/aws/aws-sdk-go/private/protocol/rest"
+)
+
+var emptyJSON = []byte("{}")
+
+// BuildHandler is a named request handler for building jsonrpc protocol
+// requests
+var BuildHandler = request.NamedHandler{
+	Name: "awssdk.jsonrpc.Build",
+	Fn:   Build,
+}
+
+// UnmarshalHandler is a named request handler for unmarshaling jsonrpc
+// protocol requests
+var UnmarshalHandler = request.NamedHandler{
+	Name: "awssdk.jsonrpc.Unmarshal",
+	Fn:   Unmarshal,
+}
+
+// UnmarshalMetaHandler is a named request handler for unmarshaling jsonrpc
+// protocol request metadata
+var UnmarshalMetaHandler = request.NamedHandler{
+	Name: "awssdk.jsonrpc.UnmarshalMeta",
+	Fn:   UnmarshalMeta,
+}
+
+// Build builds a JSON payload for a JSON RPC request.
+func Build(req *request.Request) {
+	var buf []byte
+	var err error
+	if req.ParamsFilled() {
+		buf, err = jsonutil.BuildJSON(req.Params)
+		if err != nil {
+			req.Error = awserr.New(request.ErrCodeSerialization, "failed encoding JSON RPC request", err)
+			return
+		}
+	} else {
+		buf = emptyJSON
+	}
+
+	// Always serialize the body, don't suppress it.
+	req.SetBufferBody(buf)
+
+	if req.ClientInfo.TargetPrefix != "" {
+		target := req.ClientInfo.TargetPrefix + "." + req.Operation.Name
+		req.HTTPRequest.Header.Add("X-Amz-Target", target)
+	}
+
+	// Only set the content type if one is not already specified and an
+	// JSONVersion is specified.
+	if ct, v := req.HTTPRequest.Header.Get("Content-Type"), req.ClientInfo.JSONVersion; len(ct) == 0 && len(v) != 0 {
+		jsonVersion := req.ClientInfo.JSONVersion
+		req.HTTPRequest.Header.Set("Content-Type", "application/x-amz-json-"+jsonVersion)
+	}
+}
+
+// Unmarshal unmarshals a response for a JSON RPC service.
+func Unmarshal(req *request.Request) {
+	defer req.HTTPResponse.Body.Close()
+	if req.DataFilled() {
+		err := jsonutil.UnmarshalJSON(req.Data, req.HTTPResponse.Body)
+		if err != nil {
+			req.Error = awserr.NewRequestFailure(
+				awserr.New(request.ErrCodeSerialization, "failed decoding JSON RPC response", err),
+				req.HTTPResponse.StatusCode,
+				req.RequestID,
+			)
+		}
+	}
+	return
+}
+
+// UnmarshalMeta unmarshals headers from a response for a JSON RPC service.
+func UnmarshalMeta(req *request.Request) {
+	rest.UnmarshalMeta(req)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/jsonrpc/unmarshal_error.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/jsonrpc/unmarshal_error.go
new file mode 100644
index 000000000..9c1ccde54
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/jsonrpc/unmarshal_error.go
@@ -0,0 +1,160 @@
+package jsonrpc
+
+import (
+	"bytes"
+	"io"
+	"io/ioutil"
+	"net/http"
+	"strings"
+
+	"github.com/aws/aws-sdk-go/aws/awserr"
+	"github.com/aws/aws-sdk-go/aws/request"
+	"github.com/aws/aws-sdk-go/private/protocol"
+	"github.com/aws/aws-sdk-go/private/protocol/json/jsonutil"
+)
+
+const (
+	awsQueryError = "x-amzn-query-error"
+	// A valid header example - "x-amzn-query-error": "<QueryErrorCode>;<ErrorType>"
+	awsQueryErrorPartsCount = 2
+)
+
+// UnmarshalTypedError provides unmarshaling errors API response errors
+// for both typed and untyped errors.
+type UnmarshalTypedError struct {
+	exceptions      map[string]func(protocol.ResponseMetadata) error
+	queryExceptions map[string]func(protocol.ResponseMetadata, string) error
+}
+
+// NewUnmarshalTypedError returns an UnmarshalTypedError initialized for the
+// set of exception names to the error unmarshalers
+func NewUnmarshalTypedError(exceptions map[string]func(protocol.ResponseMetadata) error) *UnmarshalTypedError {
+	return &UnmarshalTypedError{
+		exceptions:      exceptions,
+		queryExceptions: map[string]func(protocol.ResponseMetadata, string) error{},
+	}
+}
+
+// NewUnmarshalTypedErrorWithOptions works similar to NewUnmarshalTypedError applying options to the UnmarshalTypedError
+// before returning it
+func NewUnmarshalTypedErrorWithOptions(exceptions map[string]func(protocol.ResponseMetadata) error, optFns ...func(*UnmarshalTypedError)) *UnmarshalTypedError {
+	unmarshaledError := NewUnmarshalTypedError(exceptions)
+	for _, fn := range optFns {
+		fn(unmarshaledError)
+	}
+	return unmarshaledError
+}
+
+// WithQueryCompatibility is a helper function to construct a functional option for use with NewUnmarshalTypedErrorWithOptions.
+// The queryExceptions given act as an override for unmarshalling errors when query compatible error codes are found.
+// See also [awsQueryCompatible trait]
+//
+// [awsQueryCompatible trait]: https://smithy.io/2.0/aws/protocols/aws-query-protocol.html#aws-protocols-awsquerycompatible-trait
+func WithQueryCompatibility(queryExceptions map[string]func(protocol.ResponseMetadata, string) error) func(*UnmarshalTypedError) {
+	return func(typedError *UnmarshalTypedError) {
+		typedError.queryExceptions = queryExceptions
+	}
+}
+
+// UnmarshalError attempts to unmarshal the HTTP response error as a known
+// error type. If unable to unmarshal the error type, the generic SDK error
+// type will be used.
+func (u *UnmarshalTypedError) UnmarshalError(
+	resp *http.Response,
+	respMeta protocol.ResponseMetadata,
+) (error, error) {
+
+	var buf bytes.Buffer
+	var jsonErr jsonErrorResponse
+	teeReader := io.TeeReader(resp.Body, &buf)
+	err := jsonutil.UnmarshalJSONError(&jsonErr, teeReader)
+	if err != nil {
+		return nil, err
+	}
+	body := ioutil.NopCloser(&buf)
+
+	// Code may be separated by hash(#), with the last element being the code
+	// used by the SDK.
+	codeParts := strings.SplitN(jsonErr.Code, "#", 2)
+	code := codeParts[len(codeParts)-1]
+	msg := jsonErr.Message
+
+	queryCodeParts := queryCodeParts(resp, u)
+
+	if fn, ok := u.exceptions[code]; ok {
+		// If query-compatible exceptions are found and query-error-header is found,
+		// then use associated constructor to get exception with query error code.
+		//
+		// If exception code is known, use associated constructor to get a value
+		// for the exception that the JSON body can be unmarshaled into.
+		var v error
+		queryErrFn, queryExceptionsFound := u.queryExceptions[code]
+		if len(queryCodeParts) == awsQueryErrorPartsCount && queryExceptionsFound {
+			v = queryErrFn(respMeta, queryCodeParts[0])
+		} else {
+			v = fn(respMeta)
+		}
+		err := jsonutil.UnmarshalJSONCaseInsensitive(v, body)
+		if err != nil {
+			return nil, err
+		}
+		return v, nil
+	}
+
+	if len(queryCodeParts) == awsQueryErrorPartsCount && len(u.queryExceptions) > 0 {
+		code = queryCodeParts[0]
+	}
+
+	// fallback to unmodeled generic exceptions
+	return awserr.NewRequestFailure(
+		awserr.New(code, msg, nil),
+		respMeta.StatusCode,
+		respMeta.RequestID,
+	), nil
+}
+
+// A valid header example - "x-amzn-query-error": "<QueryErrorCode>;<ErrorType>"
+func queryCodeParts(resp *http.Response, u *UnmarshalTypedError) []string {
+	queryCodeHeader := resp.Header.Get(awsQueryError)
+	var queryCodeParts []string
+	if queryCodeHeader != "" && len(u.queryExceptions) > 0 {
+		queryCodeParts = strings.Split(queryCodeHeader, ";")
+	}
+	return queryCodeParts
+}
+
+// UnmarshalErrorHandler is a named request handler for unmarshaling jsonrpc
+// protocol request errors
+var UnmarshalErrorHandler = request.NamedHandler{
+	Name: "awssdk.jsonrpc.UnmarshalError",
+	Fn:   UnmarshalError,
+}
+
+// UnmarshalError unmarshals an error response for a JSON RPC service.
+func UnmarshalError(req *request.Request) {
+	defer req.HTTPResponse.Body.Close()
+
+	var jsonErr jsonErrorResponse
+	err := jsonutil.UnmarshalJSONError(&jsonErr, req.HTTPResponse.Body)
+	if err != nil {
+		req.Error = awserr.NewRequestFailure(
+			awserr.New(request.ErrCodeSerialization,
+				"failed to unmarshal error message", err),
+			req.HTTPResponse.StatusCode,
+			req.RequestID,
+		)
+		return
+	}
+
+	codes := strings.SplitN(jsonErr.Code, "#", 2)
+	req.Error = awserr.NewRequestFailure(
+		awserr.New(codes[len(codes)-1], jsonErr.Message, nil),
+		req.HTTPResponse.StatusCode,
+		req.RequestID,
+	)
+}
+
+type jsonErrorResponse struct {
+	Code    string `json:"__type"`
+	Message string `json:"message"`
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/jsonvalue.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/jsonvalue.go
new file mode 100644
index 000000000..776d11018
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/jsonvalue.go
@@ -0,0 +1,76 @@
+package protocol
+
+import (
+	"encoding/base64"
+	"encoding/json"
+	"fmt"
+	"strconv"
+
+	"github.com/aws/aws-sdk-go/aws"
+)
+
+// EscapeMode is the mode that should be use for escaping a value
+type EscapeMode uint
+
+// The modes for escaping a value before it is marshaled, and unmarshaled.
+const (
+	NoEscape EscapeMode = iota
+	Base64Escape
+	QuotedEscape
+)
+
+// EncodeJSONValue marshals the value into a JSON string, and optionally base64
+// encodes the string before returning it.
+//
+// Will panic if the escape mode is unknown.
+func EncodeJSONValue(v aws.JSONValue, escape EscapeMode) (string, error) {
+	b, err := json.Marshal(v)
+	if err != nil {
+		return "", err
+	}
+
+	switch escape {
+	case NoEscape:
+		return string(b), nil
+	case Base64Escape:
+		return base64.StdEncoding.EncodeToString(b), nil
+	case QuotedEscape:
+		return strconv.Quote(string(b)), nil
+	}
+
+	panic(fmt.Sprintf("EncodeJSONValue called with unknown EscapeMode, %v", escape))
+}
+
+// DecodeJSONValue will attempt to decode the string input as a JSONValue.
+// Optionally decoding base64 the value first before JSON unmarshaling.
+//
+// Will panic if the escape mode is unknown.
+func DecodeJSONValue(v string, escape EscapeMode) (aws.JSONValue, error) {
+	var b []byte
+	var err error
+
+	switch escape {
+	case NoEscape:
+		b = []byte(v)
+	case Base64Escape:
+		b, err = base64.StdEncoding.DecodeString(v)
+	case QuotedEscape:
+		var u string
+		u, err = strconv.Unquote(v)
+		b = []byte(u)
+	default:
+		panic(fmt.Sprintf("DecodeJSONValue called with unknown EscapeMode, %v", escape))
+	}
+
+	if err != nil {
+		return nil, err
+	}
+
+	m := aws.JSONValue{}
+	err = json.Unmarshal(b, &m)
+	if err != nil {
+		return nil, err
+	}
+
+	return m, nil
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/payload.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/payload.go
new file mode 100644
index 000000000..0ea0647a5
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/payload.go
@@ -0,0 +1,81 @@
+package protocol
+
+import (
+	"io"
+	"io/ioutil"
+	"net/http"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/client/metadata"
+	"github.com/aws/aws-sdk-go/aws/request"
+)
+
+// PayloadUnmarshaler provides the interface for unmarshaling a payload's
+// reader into a SDK shape.
+type PayloadUnmarshaler interface {
+	UnmarshalPayload(io.Reader, interface{}) error
+}
+
+// HandlerPayloadUnmarshal implements the PayloadUnmarshaler from a
+// HandlerList. This provides the support for unmarshaling a payload reader to
+// a shape without needing a SDK request first.
+type HandlerPayloadUnmarshal struct {
+	Unmarshalers request.HandlerList
+}
+
+// UnmarshalPayload unmarshals the io.Reader payload into the SDK shape using
+// the Unmarshalers HandlerList provided. Returns an error if unable
+// unmarshaling fails.
+func (h HandlerPayloadUnmarshal) UnmarshalPayload(r io.Reader, v interface{}) error {
+	req := &request.Request{
+		HTTPRequest: &http.Request{},
+		HTTPResponse: &http.Response{
+			StatusCode: 200,
+			Header:     http.Header{},
+			Body:       ioutil.NopCloser(r),
+		},
+		Data: v,
+	}
+
+	h.Unmarshalers.Run(req)
+
+	return req.Error
+}
+
+// PayloadMarshaler provides the interface for marshaling a SDK shape into and
+// io.Writer.
+type PayloadMarshaler interface {
+	MarshalPayload(io.Writer, interface{}) error
+}
+
+// HandlerPayloadMarshal implements the PayloadMarshaler from a HandlerList.
+// This provides support for marshaling a SDK shape into an io.Writer without
+// needing a SDK request first.
+type HandlerPayloadMarshal struct {
+	Marshalers request.HandlerList
+}
+
+// MarshalPayload marshals the SDK shape into the io.Writer using the
+// Marshalers HandlerList provided. Returns an error if unable if marshal
+// fails.
+func (h HandlerPayloadMarshal) MarshalPayload(w io.Writer, v interface{}) error {
+	req := request.New(
+		aws.Config{},
+		metadata.ClientInfo{},
+		request.Handlers{},
+		nil,
+		&request.Operation{HTTPMethod: "PUT"},
+		v,
+		nil,
+	)
+
+	h.Marshalers.Run(req)
+
+	if req.Error != nil {
+		return req.Error
+	}
+
+	io.Copy(w, req.GetBody())
+
+	return nil
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/protocol.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/protocol.go
new file mode 100644
index 000000000..9d521dcb9
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/protocol.go
@@ -0,0 +1,49 @@
+package protocol
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/aws/aws-sdk-go/aws/awserr"
+	"github.com/aws/aws-sdk-go/aws/request"
+)
+
+// RequireHTTPMinProtocol request handler is used to enforce that
+// the target endpoint supports the given major and minor HTTP protocol version.
+type RequireHTTPMinProtocol struct {
+	Major, Minor int
+}
+
+// Handler will mark the request.Request with an error if the
+// target endpoint did not connect with the required HTTP protocol
+// major and minor version.
+func (p RequireHTTPMinProtocol) Handler(r *request.Request) {
+	if r.Error != nil || r.HTTPResponse == nil {
+		return
+	}
+
+	if !strings.HasPrefix(r.HTTPResponse.Proto, "HTTP") {
+		r.Error = newMinHTTPProtoError(p.Major, p.Minor, r)
+	}
+
+	if r.HTTPResponse.ProtoMajor < p.Major || r.HTTPResponse.ProtoMinor < p.Minor {
+		r.Error = newMinHTTPProtoError(p.Major, p.Minor, r)
+	}
+}
+
+// ErrCodeMinimumHTTPProtocolError error code is returned when the target endpoint
+// did not match the required HTTP major and minor protocol version.
+const ErrCodeMinimumHTTPProtocolError = "MinimumHTTPProtocolError"
+
+func newMinHTTPProtoError(major, minor int, r *request.Request) error {
+	return awserr.NewRequestFailure(
+		awserr.New("MinimumHTTPProtocolError",
+			fmt.Sprintf(
+				"operation requires minimum HTTP protocol of HTTP/%d.%d, but was %s",
+				major, minor, r.HTTPResponse.Proto,
+			),
+			nil,
+		),
+		r.HTTPResponse.StatusCode, r.RequestID,
+	)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/query/build.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/query/build.go
new file mode 100644
index 000000000..d40346a77
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/query/build.go
@@ -0,0 +1,36 @@
+// Package query provides serialization of AWS query requests, and responses.
+package query
+
+//go:generate go run -tags codegen ../../../private/model/cli/gen-protocol-tests ../../../models/protocol_tests/input/query.json build_test.go
+
+import (
+	"net/url"
+
+	"github.com/aws/aws-sdk-go/aws/awserr"
+	"github.com/aws/aws-sdk-go/aws/request"
+	"github.com/aws/aws-sdk-go/private/protocol/query/queryutil"
+)
+
+// BuildHandler is a named request handler for building query protocol requests
+var BuildHandler = request.NamedHandler{Name: "awssdk.query.Build", Fn: Build}
+
+// Build builds a request for an AWS Query service.
+func Build(r *request.Request) {
+	body := url.Values{
+		"Action":  {r.Operation.Name},
+		"Version": {r.ClientInfo.APIVersion},
+	}
+	if err := queryutil.Parse(body, r.Params, false); err != nil {
+		r.Error = awserr.New(request.ErrCodeSerialization, "failed encoding Query request", err)
+		return
+	}
+
+	if !r.IsPresigned() {
+		r.HTTPRequest.Method = "POST"
+		r.HTTPRequest.Header.Set("Content-Type", "application/x-www-form-urlencoded; charset=utf-8")
+		r.SetBufferBody([]byte(body.Encode()))
+	} else { // This is a pre-signed request
+		r.HTTPRequest.Method = "GET"
+		r.HTTPRequest.URL.RawQuery = body.Encode()
+	}
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/query/queryutil/queryutil.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/query/queryutil/queryutil.go
new file mode 100644
index 000000000..058334053
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/query/queryutil/queryutil.go
@@ -0,0 +1,276 @@
+package queryutil
+
+import (
+	"encoding/base64"
+	"fmt"
+	"math"
+	"net/url"
+	"reflect"
+	"sort"
+	"strconv"
+	"strings"
+	"time"
+
+	"github.com/aws/aws-sdk-go/private/protocol"
+)
+
+const (
+	floatNaN    = "NaN"
+	floatInf    = "Infinity"
+	floatNegInf = "-Infinity"
+)
+
+// Parse parses an object i and fills a url.Values object. The isEC2 flag
+// indicates if this is the EC2 Query sub-protocol.
+func Parse(body url.Values, i interface{}, isEC2 bool) error {
+	q := queryParser{isEC2: isEC2}
+	return q.parseValue(body, reflect.ValueOf(i), "", "")
+}
+
+func elemOf(value reflect.Value) reflect.Value {
+	for value.Kind() == reflect.Ptr {
+		value = value.Elem()
+	}
+	return value
+}
+
+type queryParser struct {
+	isEC2 bool
+}
+
+func (q *queryParser) parseValue(v url.Values, value reflect.Value, prefix string, tag reflect.StructTag) error {
+	value = elemOf(value)
+
+	// no need to handle zero values
+	if !value.IsValid() {
+		return nil
+	}
+
+	t := tag.Get("type")
+	if t == "" {
+		switch value.Kind() {
+		case reflect.Struct:
+			t = "structure"
+		case reflect.Slice:
+			t = "list"
+		case reflect.Map:
+			t = "map"
+		}
+	}
+
+	switch t {
+	case "structure":
+		return q.parseStruct(v, value, prefix)
+	case "list":
+		return q.parseList(v, value, prefix, tag)
+	case "map":
+		return q.parseMap(v, value, prefix, tag)
+	default:
+		return q.parseScalar(v, value, prefix, tag)
+	}
+}
+
+func (q *queryParser) parseStruct(v url.Values, value reflect.Value, prefix string) error {
+	if !value.IsValid() {
+		return nil
+	}
+
+	t := value.Type()
+	for i := 0; i < value.NumField(); i++ {
+		elemValue := elemOf(value.Field(i))
+		field := t.Field(i)
+
+		if field.PkgPath != "" {
+			continue // ignore unexported fields
+		}
+		if field.Tag.Get("ignore") != "" {
+			continue
+		}
+
+		if protocol.CanSetIdempotencyToken(value.Field(i), field) {
+			token := protocol.GetIdempotencyToken()
+			elemValue = reflect.ValueOf(token)
+		}
+
+		var name string
+		if q.isEC2 {
+			name = field.Tag.Get("queryName")
+		}
+		if name == "" {
+			if field.Tag.Get("flattened") != "" && field.Tag.Get("locationNameList") != "" {
+				name = field.Tag.Get("locationNameList")
+			} else if locName := field.Tag.Get("locationName"); locName != "" {
+				name = locName
+			}
+			if name != "" && q.isEC2 {
+				name = strings.ToUpper(name[0:1]) + name[1:]
+			}
+		}
+		if name == "" {
+			name = field.Name
+		}
+
+		if prefix != "" {
+			name = prefix + "." + name
+		}
+
+		if err := q.parseValue(v, elemValue, name, field.Tag); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func (q *queryParser) parseList(v url.Values, value reflect.Value, prefix string, tag reflect.StructTag) error {
+	// If it's empty, generate an empty value
+	if !value.IsNil() && value.Len() == 0 {
+		v.Set(prefix, "")
+		return nil
+	}
+
+	if _, ok := value.Interface().([]byte); ok {
+		return q.parseScalar(v, value, prefix, tag)
+	}
+
+	// check for unflattened list member
+	if !q.isEC2 && tag.Get("flattened") == "" {
+		if listName := tag.Get("locationNameList"); listName == "" {
+			prefix += ".member"
+		} else {
+			prefix += "." + listName
+		}
+	}
+
+	for i := 0; i < value.Len(); i++ {
+		slicePrefix := prefix
+		if slicePrefix == "" {
+			slicePrefix = strconv.Itoa(i + 1)
+		} else {
+			slicePrefix = slicePrefix + "." + strconv.Itoa(i+1)
+		}
+		if err := q.parseValue(v, value.Index(i), slicePrefix, ""); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func (q *queryParser) parseMap(v url.Values, value reflect.Value, prefix string, tag reflect.StructTag) error {
+	// If it's empty, generate an empty value
+	if !value.IsNil() && value.Len() == 0 {
+		v.Set(prefix, "")
+		return nil
+	}
+
+	// check for unflattened list member
+	if !q.isEC2 && tag.Get("flattened") == "" {
+		prefix += ".entry"
+	}
+
+	// sort keys for improved serialization consistency.
+	// this is not strictly necessary for protocol support.
+	mapKeyValues := value.MapKeys()
+	mapKeys := map[string]reflect.Value{}
+	mapKeyNames := make([]string, len(mapKeyValues))
+	for i, mapKey := range mapKeyValues {
+		name := mapKey.String()
+		mapKeys[name] = mapKey
+		mapKeyNames[i] = name
+	}
+	sort.Strings(mapKeyNames)
+
+	for i, mapKeyName := range mapKeyNames {
+		mapKey := mapKeys[mapKeyName]
+		mapValue := value.MapIndex(mapKey)
+
+		kname := tag.Get("locationNameKey")
+		if kname == "" {
+			kname = "key"
+		}
+		vname := tag.Get("locationNameValue")
+		if vname == "" {
+			vname = "value"
+		}
+
+		// serialize key
+		var keyName string
+		if prefix == "" {
+			keyName = strconv.Itoa(i+1) + "." + kname
+		} else {
+			keyName = prefix + "." + strconv.Itoa(i+1) + "." + kname
+		}
+
+		if err := q.parseValue(v, mapKey, keyName, ""); err != nil {
+			return err
+		}
+
+		// serialize value
+		var valueName string
+		if prefix == "" {
+			valueName = strconv.Itoa(i+1) + "." + vname
+		} else {
+			valueName = prefix + "." + strconv.Itoa(i+1) + "." + vname
+		}
+
+		if err := q.parseValue(v, mapValue, valueName, ""); err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (q *queryParser) parseScalar(v url.Values, r reflect.Value, name string, tag reflect.StructTag) error {
+	switch value := r.Interface().(type) {
+	case string:
+		v.Set(name, value)
+	case []byte:
+		if !r.IsNil() {
+			v.Set(name, base64.StdEncoding.EncodeToString(value))
+		}
+	case bool:
+		v.Set(name, strconv.FormatBool(value))
+	case int64:
+		v.Set(name, strconv.FormatInt(value, 10))
+	case int:
+		v.Set(name, strconv.Itoa(value))
+	case float64:
+		var str string
+		switch {
+		case math.IsNaN(value):
+			str = floatNaN
+		case math.IsInf(value, 1):
+			str = floatInf
+		case math.IsInf(value, -1):
+			str = floatNegInf
+		default:
+			str = strconv.FormatFloat(value, 'f', -1, 64)
+		}
+		v.Set(name, str)
+	case float32:
+		asFloat64 := float64(value)
+		var str string
+		switch {
+		case math.IsNaN(asFloat64):
+			str = floatNaN
+		case math.IsInf(asFloat64, 1):
+			str = floatInf
+		case math.IsInf(asFloat64, -1):
+			str = floatNegInf
+		default:
+			str = strconv.FormatFloat(asFloat64, 'f', -1, 32)
+		}
+		v.Set(name, str)
+	case time.Time:
+		const ISO8601UTC = "2006-01-02T15:04:05Z"
+		format := tag.Get("timestampFormat")
+		if len(format) == 0 {
+			format = protocol.ISO8601TimeFormatName
+		}
+
+		v.Set(name, protocol.FormatTime(format, value))
+	default:
+		return fmt.Errorf("unsupported value for param %s: %v (%s)", name, r.Interface(), r.Type().Name())
+	}
+	return nil
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/query/unmarshal.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/query/unmarshal.go
new file mode 100644
index 000000000..9231e95d1
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/query/unmarshal.go
@@ -0,0 +1,39 @@
+package query
+
+//go:generate go run -tags codegen ../../../private/model/cli/gen-protocol-tests ../../../models/protocol_tests/output/query.json unmarshal_test.go
+
+import (
+	"encoding/xml"
+
+	"github.com/aws/aws-sdk-go/aws/awserr"
+	"github.com/aws/aws-sdk-go/aws/request"
+	"github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil"
+)
+
+// UnmarshalHandler is a named request handler for unmarshaling query protocol requests
+var UnmarshalHandler = request.NamedHandler{Name: "awssdk.query.Unmarshal", Fn: Unmarshal}
+
+// UnmarshalMetaHandler is a named request handler for unmarshaling query protocol request metadata
+var UnmarshalMetaHandler = request.NamedHandler{Name: "awssdk.query.UnmarshalMeta", Fn: UnmarshalMeta}
+
+// Unmarshal unmarshals a response for an AWS Query service.
+func Unmarshal(r *request.Request) {
+	defer r.HTTPResponse.Body.Close()
+	if r.DataFilled() {
+		decoder := xml.NewDecoder(r.HTTPResponse.Body)
+		err := xmlutil.UnmarshalXML(r.Data, decoder, r.Operation.Name+"Result")
+		if err != nil {
+			r.Error = awserr.NewRequestFailure(
+				awserr.New(request.ErrCodeSerialization, "failed decoding Query response", err),
+				r.HTTPResponse.StatusCode,
+				r.RequestID,
+			)
+			return
+		}
+	}
+}
+
+// UnmarshalMeta unmarshals header response values for an AWS Query service.
+func UnmarshalMeta(r *request.Request) {
+	r.RequestID = r.HTTPResponse.Header.Get("X-Amzn-Requestid")
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/query/unmarshal_error.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/query/unmarshal_error.go
new file mode 100644
index 000000000..2c0cbba90
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/query/unmarshal_error.go
@@ -0,0 +1,70 @@
+package query
+
+import (
+	"encoding/xml"
+	"fmt"
+	"strings"
+
+	"github.com/aws/aws-sdk-go/aws/awserr"
+	"github.com/aws/aws-sdk-go/aws/request"
+	"github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil"
+)
+
+// UnmarshalErrorHandler is a name request handler to unmarshal request errors
+var UnmarshalErrorHandler = request.NamedHandler{Name: "awssdk.query.UnmarshalError", Fn: UnmarshalError}
+
+type xmlErrorResponse struct {
+	Code      string `xml:"Error>Code"`
+	Message   string `xml:"Error>Message"`
+	RequestID string `xml:"RequestId"`
+}
+
+type xmlResponseError struct {
+	xmlErrorResponse
+}
+
+func (e *xmlResponseError) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error {
+	const svcUnavailableTagName = "ServiceUnavailableException"
+	const errorResponseTagName = "ErrorResponse"
+
+	switch start.Name.Local {
+	case svcUnavailableTagName:
+		e.Code = svcUnavailableTagName
+		e.Message = "service is unavailable"
+		return d.Skip()
+
+	case errorResponseTagName:
+		return d.DecodeElement(&e.xmlErrorResponse, &start)
+
+	default:
+		return fmt.Errorf("unknown error response tag, %v", start)
+	}
+}
+
+// UnmarshalError unmarshals an error response for an AWS Query service.
+func UnmarshalError(r *request.Request) {
+	defer r.HTTPResponse.Body.Close()
+
+	var respErr xmlResponseError
+	err := xmlutil.UnmarshalXMLError(&respErr, r.HTTPResponse.Body)
+	if err != nil {
+		r.Error = awserr.NewRequestFailure(
+			awserr.New(request.ErrCodeSerialization,
+				"failed to unmarshal error message", err),
+			r.HTTPResponse.StatusCode,
+			r.RequestID,
+		)
+		return
+	}
+
+	reqID := respErr.RequestID
+	if len(reqID) == 0 {
+		reqID = r.RequestID
+	}
+
+	r.Error = awserr.NewRequestFailure(
+		awserr.New(strings.TrimSpace(respErr.Code), strings.TrimSpace(respErr.Message), nil),
+		r.HTTPResponse.StatusCode,
+		reqID,
+	)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/rest/build.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/rest/build.go
new file mode 100644
index 000000000..1d273ff0e
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/rest/build.go
@@ -0,0 +1,349 @@
+// Package rest provides RESTful serialization of AWS requests and responses.
+package rest
+
+import (
+	"bytes"
+	"encoding/base64"
+	"fmt"
+	"io"
+	"math"
+	"net/http"
+	"net/url"
+	"path"
+	"reflect"
+	"strconv"
+	"strings"
+	"time"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/awserr"
+	"github.com/aws/aws-sdk-go/aws/request"
+	"github.com/aws/aws-sdk-go/private/protocol"
+)
+
+const (
+	floatNaN    = "NaN"
+	floatInf    = "Infinity"
+	floatNegInf = "-Infinity"
+)
+
+// Whether the byte value can be sent without escaping in AWS URLs
+var noEscape [256]bool
+
+var errValueNotSet = fmt.Errorf("value not set")
+
+var byteSliceType = reflect.TypeOf([]byte{})
+
+func init() {
+	for i := 0; i < len(noEscape); i++ {
+		// AWS expects every character except these to be escaped
+		noEscape[i] = (i >= 'A' && i <= 'Z') ||
+			(i >= 'a' && i <= 'z') ||
+			(i >= '0' && i <= '9') ||
+			i == '-' ||
+			i == '.' ||
+			i == '_' ||
+			i == '~'
+	}
+}
+
+// BuildHandler is a named request handler for building rest protocol requests
+var BuildHandler = request.NamedHandler{Name: "awssdk.rest.Build", Fn: Build}
+
+// Build builds the REST component of a service request.
+func Build(r *request.Request) {
+	if r.ParamsFilled() {
+		v := reflect.ValueOf(r.Params).Elem()
+		buildLocationElements(r, v, false)
+		buildBody(r, v)
+	}
+}
+
+// BuildAsGET builds the REST component of a service request with the ability to hoist
+// data from the body.
+func BuildAsGET(r *request.Request) {
+	if r.ParamsFilled() {
+		v := reflect.ValueOf(r.Params).Elem()
+		buildLocationElements(r, v, true)
+		buildBody(r, v)
+	}
+}
+
+func buildLocationElements(r *request.Request, v reflect.Value, buildGETQuery bool) {
+	query := r.HTTPRequest.URL.Query()
+
+	// Setup the raw path to match the base path pattern. This is needed
+	// so that when the path is mutated a custom escaped version can be
+	// stored in RawPath that will be used by the Go client.
+	r.HTTPRequest.URL.RawPath = r.HTTPRequest.URL.Path
+
+	for i := 0; i < v.NumField(); i++ {
+		m := v.Field(i)
+		if n := v.Type().Field(i).Name; n[0:1] == strings.ToLower(n[0:1]) {
+			continue
+		}
+
+		if m.IsValid() {
+			field := v.Type().Field(i)
+			name := field.Tag.Get("locationName")
+			if name == "" {
+				name = field.Name
+			}
+			if kind := m.Kind(); kind == reflect.Ptr {
+				m = m.Elem()
+			} else if kind == reflect.Interface {
+				if !m.Elem().IsValid() {
+					continue
+				}
+			}
+			if !m.IsValid() {
+				continue
+			}
+			if field.Tag.Get("ignore") != "" {
+				continue
+			}
+
+			// Support the ability to customize values to be marshaled as a
+			// blob even though they were modeled as a string. Required for S3
+			// API operations like SSECustomerKey is modeled as string but
+			// required to be base64 encoded in request.
+			if field.Tag.Get("marshal-as") == "blob" {
+				m = m.Convert(byteSliceType)
+			}
+
+			var err error
+			switch field.Tag.Get("location") {
+			case "headers": // header maps
+				err = buildHeaderMap(&r.HTTPRequest.Header, m, field.Tag)
+			case "header":
+				err = buildHeader(&r.HTTPRequest.Header, m, name, field.Tag)
+			case "uri":
+				err = buildURI(r.HTTPRequest.URL, m, name, field.Tag)
+			case "querystring":
+				err = buildQueryString(query, m, name, field.Tag)
+			default:
+				if buildGETQuery {
+					err = buildQueryString(query, m, name, field.Tag)
+				}
+			}
+			r.Error = err
+		}
+		if r.Error != nil {
+			return
+		}
+	}
+
+	r.HTTPRequest.URL.RawQuery = query.Encode()
+	if !aws.BoolValue(r.Config.DisableRestProtocolURICleaning) {
+		cleanPath(r.HTTPRequest.URL)
+	}
+}
+
+func buildBody(r *request.Request, v reflect.Value) {
+	if field, ok := v.Type().FieldByName("_"); ok {
+		if payloadName := field.Tag.Get("payload"); payloadName != "" {
+			pfield, _ := v.Type().FieldByName(payloadName)
+			if ptag := pfield.Tag.Get("type"); ptag != "" && ptag != "structure" {
+				payload := reflect.Indirect(v.FieldByName(payloadName))
+				if payload.IsValid() && payload.Interface() != nil {
+					switch reader := payload.Interface().(type) {
+					case io.ReadSeeker:
+						r.SetReaderBody(reader)
+					case []byte:
+						r.SetBufferBody(reader)
+					case string:
+						r.SetStringBody(reader)
+					default:
+						r.Error = awserr.New(request.ErrCodeSerialization,
+							"failed to encode REST request",
+							fmt.Errorf("unknown payload type %s", payload.Type()))
+					}
+				}
+			}
+		}
+	}
+}
+
+func buildHeader(header *http.Header, v reflect.Value, name string, tag reflect.StructTag) error {
+	str, err := convertType(v, tag)
+	if err == errValueNotSet {
+		return nil
+	} else if err != nil {
+		return awserr.New(request.ErrCodeSerialization, "failed to encode REST request", err)
+	}
+
+	name = strings.TrimSpace(name)
+	str = strings.TrimSpace(str)
+
+	header.Add(name, str)
+
+	return nil
+}
+
+func buildHeaderMap(header *http.Header, v reflect.Value, tag reflect.StructTag) error {
+	prefix := tag.Get("locationName")
+	for _, key := range v.MapKeys() {
+		str, err := convertType(v.MapIndex(key), tag)
+		if err == errValueNotSet {
+			continue
+		} else if err != nil {
+			return awserr.New(request.ErrCodeSerialization, "failed to encode REST request", err)
+
+		}
+		keyStr := strings.TrimSpace(key.String())
+		str = strings.TrimSpace(str)
+
+		header.Add(prefix+keyStr, str)
+	}
+	return nil
+}
+
+func buildURI(u *url.URL, v reflect.Value, name string, tag reflect.StructTag) error {
+	value, err := convertType(v, tag)
+	if err == errValueNotSet {
+		return nil
+	} else if err != nil {
+		return awserr.New(request.ErrCodeSerialization, "failed to encode REST request", err)
+	}
+
+	u.Path = strings.Replace(u.Path, "{"+name+"}", value, -1)
+	u.Path = strings.Replace(u.Path, "{"+name+"+}", value, -1)
+
+	u.RawPath = strings.Replace(u.RawPath, "{"+name+"}", EscapePath(value, true), -1)
+	u.RawPath = strings.Replace(u.RawPath, "{"+name+"+}", EscapePath(value, false), -1)
+
+	return nil
+}
+
+func buildQueryString(query url.Values, v reflect.Value, name string, tag reflect.StructTag) error {
+	switch value := v.Interface().(type) {
+	case []*string:
+		for _, item := range value {
+			query.Add(name, *item)
+		}
+	case map[string]*string:
+		for key, item := range value {
+			query.Add(key, *item)
+		}
+	case map[string][]*string:
+		for key, items := range value {
+			for _, item := range items {
+				query.Add(key, *item)
+			}
+		}
+	default:
+		str, err := convertType(v, tag)
+		if err == errValueNotSet {
+			return nil
+		} else if err != nil {
+			return awserr.New(request.ErrCodeSerialization, "failed to encode REST request", err)
+		}
+		query.Set(name, str)
+	}
+
+	return nil
+}
+
+func cleanPath(u *url.URL) {
+	hasSlash := strings.HasSuffix(u.Path, "/")
+
+	// clean up path, removing duplicate `/`
+	u.Path = path.Clean(u.Path)
+	u.RawPath = path.Clean(u.RawPath)
+
+	if hasSlash && !strings.HasSuffix(u.Path, "/") {
+		u.Path += "/"
+		u.RawPath += "/"
+	}
+}
+
+// EscapePath escapes part of a URL path in Amazon style
+func EscapePath(path string, encodeSep bool) string {
+	var buf bytes.Buffer
+	for i := 0; i < len(path); i++ {
+		c := path[i]
+		if noEscape[c] || (c == '/' && !encodeSep) {
+			buf.WriteByte(c)
+		} else {
+			fmt.Fprintf(&buf, "%%%02X", c)
+		}
+	}
+	return buf.String()
+}
+
+func convertType(v reflect.Value, tag reflect.StructTag) (str string, err error) {
+	v = reflect.Indirect(v)
+	if !v.IsValid() {
+		return "", errValueNotSet
+	}
+
+	switch value := v.Interface().(type) {
+	case string:
+		if tag.Get("suppressedJSONValue") == "true" && tag.Get("location") == "header" {
+			value = base64.StdEncoding.EncodeToString([]byte(value))
+		}
+		str = value
+	case []*string:
+		if tag.Get("location") != "header" || tag.Get("enum") == "" {
+			return "", fmt.Errorf("%T is only supported with location header and enum shapes", value)
+		}
+		buff := &bytes.Buffer{}
+		for i, sv := range value {
+			if sv == nil || len(*sv) == 0 {
+				continue
+			}
+			if i != 0 {
+				buff.WriteRune(',')
+			}
+			item := *sv
+			if strings.Index(item, `,`) != -1 || strings.Index(item, `"`) != -1 {
+				item = strconv.Quote(item)
+			}
+			buff.WriteString(item)
+		}
+		str = string(buff.Bytes())
+	case []byte:
+		str = base64.StdEncoding.EncodeToString(value)
+	case bool:
+		str = strconv.FormatBool(value)
+	case int64:
+		str = strconv.FormatInt(value, 10)
+	case float64:
+		switch {
+		case math.IsNaN(value):
+			str = floatNaN
+		case math.IsInf(value, 1):
+			str = floatInf
+		case math.IsInf(value, -1):
+			str = floatNegInf
+		default:
+			str = strconv.FormatFloat(value, 'f', -1, 64)
+		}
+	case time.Time:
+		format := tag.Get("timestampFormat")
+		if len(format) == 0 {
+			format = protocol.RFC822TimeFormatName
+			if tag.Get("location") == "querystring" {
+				format = protocol.ISO8601TimeFormatName
+			}
+		}
+		str = protocol.FormatTime(format, value)
+	case aws.JSONValue:
+		if len(value) == 0 {
+			return "", errValueNotSet
+		}
+		escaping := protocol.NoEscape
+		if tag.Get("location") == "header" {
+			escaping = protocol.Base64Escape
+		}
+		str, err = protocol.EncodeJSONValue(value, escaping)
+		if err != nil {
+			return "", fmt.Errorf("unable to encode JSONValue, %v", err)
+		}
+	default:
+		err := fmt.Errorf("unsupported value for param %v (%s)", v.Interface(), v.Type())
+		return "", err
+	}
+
+	return str, nil
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/rest/payload.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/rest/payload.go
new file mode 100644
index 000000000..b54c99eda
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/rest/payload.go
@@ -0,0 +1,54 @@
+package rest
+
+import "reflect"
+
+// PayloadMember returns the payload field member of i if there is one, or nil.
+func PayloadMember(i interface{}) interface{} {
+	if i == nil {
+		return nil
+	}
+
+	v := reflect.ValueOf(i).Elem()
+	if !v.IsValid() {
+		return nil
+	}
+	if field, ok := v.Type().FieldByName("_"); ok {
+		if payloadName := field.Tag.Get("payload"); payloadName != "" {
+			field, _ := v.Type().FieldByName(payloadName)
+			if field.Tag.Get("type") != "structure" {
+				return nil
+			}
+
+			payload := v.FieldByName(payloadName)
+			if payload.IsValid() || (payload.Kind() == reflect.Ptr && !payload.IsNil()) {
+				return payload.Interface()
+			}
+		}
+	}
+	return nil
+}
+
+const nopayloadPayloadType = "nopayload"
+
+// PayloadType returns the type of a payload field member of i if there is one,
+// or "".
+func PayloadType(i interface{}) string {
+	v := reflect.Indirect(reflect.ValueOf(i))
+	if !v.IsValid() {
+		return ""
+	}
+
+	if field, ok := v.Type().FieldByName("_"); ok {
+		if noPayload := field.Tag.Get(nopayloadPayloadType); noPayload != "" {
+			return nopayloadPayloadType
+		}
+
+		if payloadName := field.Tag.Get("payload"); payloadName != "" {
+			if member, ok := v.Type().FieldByName(payloadName); ok {
+				return member.Tag.Get("type")
+			}
+		}
+	}
+
+	return ""
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/rest/unmarshal.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/rest/unmarshal.go
new file mode 100644
index 000000000..79fcf1699
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/rest/unmarshal.go
@@ -0,0 +1,276 @@
+package rest
+
+import (
+	"bytes"
+	"encoding/base64"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"math"
+	"net/http"
+	"reflect"
+	"strconv"
+	"strings"
+	"time"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/awserr"
+	"github.com/aws/aws-sdk-go/aws/request"
+	awsStrings "github.com/aws/aws-sdk-go/internal/strings"
+	"github.com/aws/aws-sdk-go/private/protocol"
+)
+
+// UnmarshalHandler is a named request handler for unmarshaling rest protocol requests
+var UnmarshalHandler = request.NamedHandler{Name: "awssdk.rest.Unmarshal", Fn: Unmarshal}
+
+// UnmarshalMetaHandler is a named request handler for unmarshaling rest protocol request metadata
+var UnmarshalMetaHandler = request.NamedHandler{Name: "awssdk.rest.UnmarshalMeta", Fn: UnmarshalMeta}
+
+// Unmarshal unmarshals the REST component of a response in a REST service.
+func Unmarshal(r *request.Request) {
+	if r.DataFilled() {
+		v := reflect.Indirect(reflect.ValueOf(r.Data))
+		if err := unmarshalBody(r, v); err != nil {
+			r.Error = err
+		}
+	}
+}
+
+// UnmarshalMeta unmarshals the REST metadata of a response in a REST service
+func UnmarshalMeta(r *request.Request) {
+	r.RequestID = r.HTTPResponse.Header.Get("X-Amzn-Requestid")
+	if r.RequestID == "" {
+		// Alternative version of request id in the header
+		r.RequestID = r.HTTPResponse.Header.Get("X-Amz-Request-Id")
+	}
+	if r.DataFilled() {
+		if err := UnmarshalResponse(r.HTTPResponse, r.Data, aws.BoolValue(r.Config.LowerCaseHeaderMaps)); err != nil {
+			r.Error = err
+		}
+	}
+}
+
+// UnmarshalResponse attempts to unmarshal the REST response headers to
+// the data type passed in. The type must be a pointer. An error is returned
+// with any error unmarshaling the response into the target datatype.
+func UnmarshalResponse(resp *http.Response, data interface{}, lowerCaseHeaderMaps bool) error {
+	v := reflect.Indirect(reflect.ValueOf(data))
+	return unmarshalLocationElements(resp, v, lowerCaseHeaderMaps)
+}
+
+func unmarshalBody(r *request.Request, v reflect.Value) error {
+	if field, ok := v.Type().FieldByName("_"); ok {
+		if payloadName := field.Tag.Get("payload"); payloadName != "" {
+			pfield, _ := v.Type().FieldByName(payloadName)
+			if ptag := pfield.Tag.Get("type"); ptag != "" && ptag != "structure" {
+				payload := v.FieldByName(payloadName)
+				if payload.IsValid() {
+					switch payload.Interface().(type) {
+					case []byte:
+						defer r.HTTPResponse.Body.Close()
+						b, err := ioutil.ReadAll(r.HTTPResponse.Body)
+						if err != nil {
+							return awserr.New(request.ErrCodeSerialization, "failed to decode REST response", err)
+						}
+
+						payload.Set(reflect.ValueOf(b))
+
+					case *string:
+						defer r.HTTPResponse.Body.Close()
+						b, err := ioutil.ReadAll(r.HTTPResponse.Body)
+						if err != nil {
+							return awserr.New(request.ErrCodeSerialization, "failed to decode REST response", err)
+						}
+
+						str := string(b)
+						payload.Set(reflect.ValueOf(&str))
+
+					default:
+						switch payload.Type().String() {
+						case "io.ReadCloser":
+							payload.Set(reflect.ValueOf(r.HTTPResponse.Body))
+
+						case "io.ReadSeeker":
+							b, err := ioutil.ReadAll(r.HTTPResponse.Body)
+							if err != nil {
+								return awserr.New(request.ErrCodeSerialization,
+									"failed to read response body", err)
+							}
+							payload.Set(reflect.ValueOf(ioutil.NopCloser(bytes.NewReader(b))))
+
+						default:
+							io.Copy(ioutil.Discard, r.HTTPResponse.Body)
+							r.HTTPResponse.Body.Close()
+							return awserr.New(request.ErrCodeSerialization,
+								"failed to decode REST response",
+								fmt.Errorf("unknown payload type %s", payload.Type()))
+						}
+					}
+				}
+			}
+		}
+	}
+
+	return nil
+}
+
+func unmarshalLocationElements(resp *http.Response, v reflect.Value, lowerCaseHeaderMaps bool) error {
+	for i := 0; i < v.NumField(); i++ {
+		m, field := v.Field(i), v.Type().Field(i)
+		if n := field.Name; n[0:1] == strings.ToLower(n[0:1]) {
+			continue
+		}
+
+		if m.IsValid() {
+			name := field.Tag.Get("locationName")
+			if name == "" {
+				name = field.Name
+			}
+
+			switch field.Tag.Get("location") {
+			case "statusCode":
+				unmarshalStatusCode(m, resp.StatusCode)
+
+			case "header":
+				err := unmarshalHeader(m, resp.Header.Get(name), field.Tag)
+				if err != nil {
+					return awserr.New(request.ErrCodeSerialization, "failed to decode REST response", err)
+				}
+
+			case "headers":
+				prefix := field.Tag.Get("locationName")
+				err := unmarshalHeaderMap(m, resp.Header, prefix, lowerCaseHeaderMaps)
+				if err != nil {
+					return awserr.New(request.ErrCodeSerialization, "failed to decode REST response", err)
+				}
+			}
+		}
+	}
+
+	return nil
+}
+
+func unmarshalStatusCode(v reflect.Value, statusCode int) {
+	if !v.IsValid() {
+		return
+	}
+
+	switch v.Interface().(type) {
+	case *int64:
+		s := int64(statusCode)
+		v.Set(reflect.ValueOf(&s))
+	}
+}
+
+func unmarshalHeaderMap(r reflect.Value, headers http.Header, prefix string, normalize bool) error {
+	if len(headers) == 0 {
+		return nil
+	}
+	switch r.Interface().(type) {
+	case map[string]*string: // we only support string map value types
+		out := map[string]*string{}
+		for k, v := range headers {
+			if awsStrings.HasPrefixFold(k, prefix) {
+				if normalize == true {
+					k = strings.ToLower(k)
+				} else {
+					k = http.CanonicalHeaderKey(k)
+				}
+				out[k[len(prefix):]] = &v[0]
+			}
+		}
+		if len(out) != 0 {
+			r.Set(reflect.ValueOf(out))
+		}
+
+	}
+	return nil
+}
+
+func unmarshalHeader(v reflect.Value, header string, tag reflect.StructTag) error {
+	switch tag.Get("type") {
+	case "jsonvalue":
+		if len(header) == 0 {
+			return nil
+		}
+	case "blob":
+		if len(header) == 0 {
+			return nil
+		}
+	default:
+		if !v.IsValid() || (header == "" && v.Elem().Kind() != reflect.String) {
+			return nil
+		}
+	}
+
+	switch v.Interface().(type) {
+	case *string:
+		if tag.Get("suppressedJSONValue") == "true" && tag.Get("location") == "header" {
+			b, err := base64.StdEncoding.DecodeString(header)
+			if err != nil {
+				return fmt.Errorf("failed to decode JSONValue, %v", err)
+			}
+			header = string(b)
+		}
+		v.Set(reflect.ValueOf(&header))
+	case []byte:
+		b, err := base64.StdEncoding.DecodeString(header)
+		if err != nil {
+			return err
+		}
+		v.Set(reflect.ValueOf(b))
+	case *bool:
+		b, err := strconv.ParseBool(header)
+		if err != nil {
+			return err
+		}
+		v.Set(reflect.ValueOf(&b))
+	case *int64:
+		i, err := strconv.ParseInt(header, 10, 64)
+		if err != nil {
+			return err
+		}
+		v.Set(reflect.ValueOf(&i))
+	case *float64:
+		var f float64
+		switch {
+		case strings.EqualFold(header, floatNaN):
+			f = math.NaN()
+		case strings.EqualFold(header, floatInf):
+			f = math.Inf(1)
+		case strings.EqualFold(header, floatNegInf):
+			f = math.Inf(-1)
+		default:
+			var err error
+			f, err = strconv.ParseFloat(header, 64)
+			if err != nil {
+				return err
+			}
+		}
+		v.Set(reflect.ValueOf(&f))
+	case *time.Time:
+		format := tag.Get("timestampFormat")
+		if len(format) == 0 {
+			format = protocol.RFC822TimeFormatName
+		}
+		t, err := protocol.ParseTime(format, header)
+		if err != nil {
+			return err
+		}
+		v.Set(reflect.ValueOf(&t))
+	case aws.JSONValue:
+		escaping := protocol.NoEscape
+		if tag.Get("location") == "header" {
+			escaping = protocol.Base64Escape
+		}
+		m, err := protocol.DecodeJSONValue(header, escaping)
+		if err != nil {
+			return err
+		}
+		v.Set(reflect.ValueOf(m))
+	default:
+		err := fmt.Errorf("Unsupported value for param %v (%s)", v.Interface(), v.Type())
+		return err
+	}
+	return nil
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/restjson/restjson.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/restjson/restjson.go
new file mode 100644
index 000000000..2e0e205af
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/restjson/restjson.go
@@ -0,0 +1,59 @@
+// Package restjson provides RESTful JSON serialization of AWS
+// requests and responses.
+package restjson
+
+//go:generate go run -tags codegen ../../../private/model/cli/gen-protocol-tests ../../../models/protocol_tests/input/rest-json.json build_test.go
+//go:generate go run -tags codegen ../../../private/model/cli/gen-protocol-tests ../../../models/protocol_tests/output/rest-json.json unmarshal_test.go
+
+import (
+	"github.com/aws/aws-sdk-go/aws/request"
+	"github.com/aws/aws-sdk-go/private/protocol/jsonrpc"
+	"github.com/aws/aws-sdk-go/private/protocol/rest"
+)
+
+// BuildHandler is a named request handler for building restjson protocol
+// requests
+var BuildHandler = request.NamedHandler{
+	Name: "awssdk.restjson.Build",
+	Fn:   Build,
+}
+
+// UnmarshalHandler is a named request handler for unmarshaling restjson
+// protocol requests
+var UnmarshalHandler = request.NamedHandler{
+	Name: "awssdk.restjson.Unmarshal",
+	Fn:   Unmarshal,
+}
+
+// UnmarshalMetaHandler is a named request handler for unmarshaling restjson
+// protocol request metadata
+var UnmarshalMetaHandler = request.NamedHandler{
+	Name: "awssdk.restjson.UnmarshalMeta",
+	Fn:   UnmarshalMeta,
+}
+
+// Build builds a request for the REST JSON protocol.
+func Build(r *request.Request) {
+	rest.Build(r)
+
+	if t := rest.PayloadType(r.Params); t == "structure" || t == "" {
+		if v := r.HTTPRequest.Header.Get("Content-Type"); len(v) == 0 {
+			r.HTTPRequest.Header.Set("Content-Type", "application/json")
+		}
+		jsonrpc.Build(r)
+	}
+}
+
+// Unmarshal unmarshals a response body for the REST JSON protocol.
+func Unmarshal(r *request.Request) {
+	if t := rest.PayloadType(r.Data); t == "structure" || t == "" {
+		jsonrpc.Unmarshal(r)
+	} else {
+		rest.Unmarshal(r)
+	}
+}
+
+// UnmarshalMeta unmarshals response headers for the REST JSON protocol.
+func UnmarshalMeta(r *request.Request) {
+	rest.UnmarshalMeta(r)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/restjson/unmarshal_error.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/restjson/unmarshal_error.go
new file mode 100644
index 000000000..5366a646d
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/restjson/unmarshal_error.go
@@ -0,0 +1,157 @@
+package restjson
+
+import (
+	"bytes"
+	"encoding/json"
+	"io"
+	"io/ioutil"
+	"net/http"
+	"strings"
+
+	"github.com/aws/aws-sdk-go/aws/awserr"
+	"github.com/aws/aws-sdk-go/aws/request"
+	"github.com/aws/aws-sdk-go/private/protocol"
+	"github.com/aws/aws-sdk-go/private/protocol/json/jsonutil"
+	"github.com/aws/aws-sdk-go/private/protocol/rest"
+)
+
+const (
+	errorTypeHeader    = "X-Amzn-Errortype"
+	errorMessageHeader = "X-Amzn-Errormessage"
+)
+
+// UnmarshalTypedError provides unmarshaling errors API response errors
+// for both typed and untyped errors.
+type UnmarshalTypedError struct {
+	exceptions map[string]func(protocol.ResponseMetadata) error
+}
+
+// NewUnmarshalTypedError returns an UnmarshalTypedError initialized for the
+// set of exception names to the error unmarshalers
+func NewUnmarshalTypedError(exceptions map[string]func(protocol.ResponseMetadata) error) *UnmarshalTypedError {
+	return &UnmarshalTypedError{
+		exceptions: exceptions,
+	}
+}
+
+// UnmarshalError attempts to unmarshal the HTTP response error as a known
+// error type. If unable to unmarshal the error type, the generic SDK error
+// type will be used.
+func (u *UnmarshalTypedError) UnmarshalError(
+	resp *http.Response,
+	respMeta protocol.ResponseMetadata,
+) (error, error) {
+	code, msg, err := unmarshalErrorInfo(resp)
+	if err != nil {
+		return nil, err
+	}
+
+	fn, ok := u.exceptions[code]
+	if !ok {
+		return awserr.NewRequestFailure(
+			awserr.New(code, msg, nil),
+			respMeta.StatusCode,
+			respMeta.RequestID,
+		), nil
+	}
+
+	v := fn(respMeta)
+	if err := jsonutil.UnmarshalJSONCaseInsensitive(v, resp.Body); err != nil {
+		return nil, err
+	}
+
+	if err := rest.UnmarshalResponse(resp, v, true); err != nil {
+		return nil, err
+	}
+
+	return v, nil
+}
+
+// UnmarshalErrorHandler is a named request handler for unmarshaling restjson
+// protocol request errors
+var UnmarshalErrorHandler = request.NamedHandler{
+	Name: "awssdk.restjson.UnmarshalError",
+	Fn:   UnmarshalError,
+}
+
+// UnmarshalError unmarshals a response error for the REST JSON protocol.
+func UnmarshalError(r *request.Request) {
+	defer r.HTTPResponse.Body.Close()
+
+	code, msg, err := unmarshalErrorInfo(r.HTTPResponse)
+	if err != nil {
+		r.Error = awserr.NewRequestFailure(
+			awserr.New(request.ErrCodeSerialization, "failed to unmarshal response error", err),
+			r.HTTPResponse.StatusCode,
+			r.RequestID,
+		)
+		return
+	}
+
+	r.Error = awserr.NewRequestFailure(
+		awserr.New(code, msg, nil),
+		r.HTTPResponse.StatusCode,
+		r.RequestID,
+	)
+}
+
+type jsonErrorResponse struct {
+	Type    string `json:"__type"`
+	Code    string `json:"code"`
+	Message string `json:"message"`
+}
+
+func (j *jsonErrorResponse) SanitizedCode() string {
+	code := j.Code
+	if len(j.Type) > 0 {
+		code = j.Type
+	}
+	return sanitizeCode(code)
+}
+
+// Remove superfluous components from a restJson error code.
+//   - If a : character is present, then take only the contents before the
+//     first : character in the value.
+//   - If a # character is present, then take only the contents after the first
+//     # character in the value.
+//
+// All of the following error values resolve to FooError:
+//   - FooError
+//   - FooError:http://internal.amazon.com/coral/com.amazon.coral.validate/
+//   - aws.protocoltests.restjson#FooError
+//   - aws.protocoltests.restjson#FooError:http://internal.amazon.com/coral/com.amazon.coral.validate/
+func sanitizeCode(code string) string {
+	noColon := strings.SplitN(code, ":", 2)[0]
+	hashSplit := strings.SplitN(noColon, "#", 2)
+	return hashSplit[len(hashSplit)-1]
+}
+
+// attempt to garner error details from the response, preferring header values
+// when present
+func unmarshalErrorInfo(resp *http.Response) (code string, msg string, err error) {
+	code = sanitizeCode(resp.Header.Get(errorTypeHeader))
+	msg = resp.Header.Get(errorMessageHeader)
+	if len(code) > 0 && len(msg) > 0 {
+		return
+	}
+
+	// a modeled error will have to be re-deserialized later, so the body must
+	// be preserved
+	var buf bytes.Buffer
+	tee := io.TeeReader(resp.Body, &buf)
+	defer func() { resp.Body = ioutil.NopCloser(&buf) }()
+
+	var jsonErr jsonErrorResponse
+	if decodeErr := json.NewDecoder(tee).Decode(&jsonErr); decodeErr != nil && decodeErr != io.EOF {
+		err = awserr.NewUnmarshalError(decodeErr, "failed to decode response body", buf.Bytes())
+		return
+	}
+
+	if len(code) == 0 {
+		code = jsonErr.SanitizedCode()
+	}
+	if len(msg) == 0 {
+		msg = jsonErr.Message
+	}
+	return
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/restxml/restxml.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/restxml/restxml.go
new file mode 100644
index 000000000..b1ae36487
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/restxml/restxml.go
@@ -0,0 +1,79 @@
+// Package restxml provides RESTful XML serialization of AWS
+// requests and responses.
+package restxml
+
+//go:generate go run -tags codegen ../../../private/model/cli/gen-protocol-tests ../../../models/protocol_tests/input/rest-xml.json build_test.go
+//go:generate go run -tags codegen ../../../private/model/cli/gen-protocol-tests ../../../models/protocol_tests/output/rest-xml.json unmarshal_test.go
+
+import (
+	"bytes"
+	"encoding/xml"
+
+	"github.com/aws/aws-sdk-go/aws/awserr"
+	"github.com/aws/aws-sdk-go/aws/request"
+	"github.com/aws/aws-sdk-go/private/protocol/query"
+	"github.com/aws/aws-sdk-go/private/protocol/rest"
+	"github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil"
+)
+
+// BuildHandler is a named request handler for building restxml protocol requests
+var BuildHandler = request.NamedHandler{Name: "awssdk.restxml.Build", Fn: Build}
+
+// UnmarshalHandler is a named request handler for unmarshaling restxml protocol requests
+var UnmarshalHandler = request.NamedHandler{Name: "awssdk.restxml.Unmarshal", Fn: Unmarshal}
+
+// UnmarshalMetaHandler is a named request handler for unmarshaling restxml protocol request metadata
+var UnmarshalMetaHandler = request.NamedHandler{Name: "awssdk.restxml.UnmarshalMeta", Fn: UnmarshalMeta}
+
+// UnmarshalErrorHandler is a named request handler for unmarshaling restxml protocol request errors
+var UnmarshalErrorHandler = request.NamedHandler{Name: "awssdk.restxml.UnmarshalError", Fn: UnmarshalError}
+
+// Build builds a request payload for the REST XML protocol.
+func Build(r *request.Request) {
+	rest.Build(r)
+
+	if t := rest.PayloadType(r.Params); t == "structure" || t == "" {
+		var buf bytes.Buffer
+		err := xmlutil.BuildXML(r.Params, xml.NewEncoder(&buf))
+		if err != nil {
+			r.Error = awserr.NewRequestFailure(
+				awserr.New(request.ErrCodeSerialization,
+					"failed to encode rest XML request", err),
+				0,
+				r.RequestID,
+			)
+			return
+		}
+		r.SetBufferBody(buf.Bytes())
+	}
+}
+
+// Unmarshal unmarshals a payload response for the REST XML protocol.
+func Unmarshal(r *request.Request) {
+	if t := rest.PayloadType(r.Data); t == "structure" || t == "" {
+		defer r.HTTPResponse.Body.Close()
+		decoder := xml.NewDecoder(r.HTTPResponse.Body)
+		err := xmlutil.UnmarshalXML(r.Data, decoder, "")
+		if err != nil {
+			r.Error = awserr.NewRequestFailure(
+				awserr.New(request.ErrCodeSerialization,
+					"failed to decode REST XML response", err),
+				r.HTTPResponse.StatusCode,
+				r.RequestID,
+			)
+			return
+		}
+	} else {
+		rest.Unmarshal(r)
+	}
+}
+
+// UnmarshalMeta unmarshals response headers for the REST XML protocol.
+func UnmarshalMeta(r *request.Request) {
+	rest.UnmarshalMeta(r)
+}
+
+// UnmarshalError unmarshals a response error for the REST XML protocol.
+func UnmarshalError(r *request.Request) {
+	query.UnmarshalError(r)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/timestamp.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/timestamp.go
new file mode 100644
index 000000000..d9a4e7649
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/timestamp.go
@@ -0,0 +1,134 @@
+package protocol
+
+import (
+	"bytes"
+	"fmt"
+	"math"
+	"strconv"
+	"time"
+
+	"github.com/aws/aws-sdk-go/internal/sdkmath"
+)
+
+// Names of time formats supported by the SDK
+const (
+	RFC822TimeFormatName  = "rfc822"
+	ISO8601TimeFormatName = "iso8601"
+	UnixTimeFormatName    = "unixTimestamp"
+)
+
+// Time formats supported by the SDK
+// Output time is intended to not contain decimals
+const (
+	// RFC 7231#section-7.1.1.1 timetamp format. e.g Tue, 29 Apr 2014 18:30:38 GMT
+	RFC822TimeFormat                           = "Mon, 2 Jan 2006 15:04:05 GMT"
+	rfc822TimeFormatSingleDigitDay             = "Mon, _2 Jan 2006 15:04:05 GMT"
+	rfc822TimeFormatSingleDigitDayTwoDigitYear = "Mon, _2 Jan 06 15:04:05 GMT"
+
+	// This format is used for output time without seconds precision
+	RFC822OutputTimeFormat = "Mon, 02 Jan 2006 15:04:05 GMT"
+
+	// RFC3339 a subset of the ISO8601 timestamp format. e.g 2014-04-29T18:30:38Z
+	ISO8601TimeFormat    = "2006-01-02T15:04:05.999999999Z"
+	iso8601TimeFormatNoZ = "2006-01-02T15:04:05.999999999"
+
+	// This format is used for output time with fractional second precision up to milliseconds
+	ISO8601OutputTimeFormat = "2006-01-02T15:04:05.999999999Z"
+)
+
+// IsKnownTimestampFormat returns if the timestamp format name
+// is know to the SDK's protocols.
+func IsKnownTimestampFormat(name string) bool {
+	switch name {
+	case RFC822TimeFormatName:
+		fallthrough
+	case ISO8601TimeFormatName:
+		fallthrough
+	case UnixTimeFormatName:
+		return true
+	default:
+		return false
+	}
+}
+
+// FormatTime returns a string value of the time.
+func FormatTime(name string, t time.Time) string {
+	t = t.UTC().Truncate(time.Millisecond)
+
+	switch name {
+	case RFC822TimeFormatName:
+		return t.Format(RFC822OutputTimeFormat)
+	case ISO8601TimeFormatName:
+		return t.Format(ISO8601OutputTimeFormat)
+	case UnixTimeFormatName:
+		ms := t.UnixNano() / int64(time.Millisecond)
+		return strconv.FormatFloat(float64(ms)/1e3, 'f', -1, 64)
+	default:
+		panic("unknown timestamp format name, " + name)
+	}
+}
+
+// ParseTime attempts to parse the time given the format. Returns
+// the time if it was able to be parsed, and fails otherwise.
+func ParseTime(formatName, value string) (time.Time, error) {
+	switch formatName {
+	case RFC822TimeFormatName: // Smithy HTTPDate format
+		return tryParse(value,
+			RFC822TimeFormat,
+			rfc822TimeFormatSingleDigitDay,
+			rfc822TimeFormatSingleDigitDayTwoDigitYear,
+			time.RFC850,
+			time.ANSIC,
+		)
+	case ISO8601TimeFormatName: // Smithy DateTime format
+		return tryParse(value,
+			ISO8601TimeFormat,
+			iso8601TimeFormatNoZ,
+			time.RFC3339Nano,
+			time.RFC3339,
+		)
+	case UnixTimeFormatName:
+		v, err := strconv.ParseFloat(value, 64)
+		_, dec := math.Modf(v)
+		dec = sdkmath.Round(dec*1e3) / 1e3 //Rounds 0.1229999 to 0.123
+		if err != nil {
+			return time.Time{}, err
+		}
+		return time.Unix(int64(v), int64(dec*(1e9))), nil
+	default:
+		panic("unknown timestamp format name, " + formatName)
+	}
+}
+
+func tryParse(v string, formats ...string) (time.Time, error) {
+	var errs parseErrors
+	for _, f := range formats {
+		t, err := time.Parse(f, v)
+		if err != nil {
+			errs = append(errs, parseError{
+				Format: f,
+				Err:    err,
+			})
+			continue
+		}
+		return t, nil
+	}
+
+	return time.Time{}, fmt.Errorf("unable to parse time string, %v", errs)
+}
+
+type parseErrors []parseError
+
+func (es parseErrors) Error() string {
+	var s bytes.Buffer
+	for _, e := range es {
+		fmt.Fprintf(&s, "\n * %q: %v", e.Format, e.Err)
+	}
+
+	return "parse errors:" + s.String()
+}
+
+type parseError struct {
+	Format string
+	Err    error
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/unmarshal.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/unmarshal.go
new file mode 100644
index 000000000..f614ef898
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/unmarshal.go
@@ -0,0 +1,27 @@
+package protocol
+
+import (
+	"io"
+	"io/ioutil"
+
+	"github.com/aws/aws-sdk-go/aws/request"
+)
+
+// UnmarshalDiscardBodyHandler is a named request handler to empty and close a response's body
+var UnmarshalDiscardBodyHandler = request.NamedHandler{Name: "awssdk.shared.UnmarshalDiscardBody", Fn: UnmarshalDiscardBody}
+
+// UnmarshalDiscardBody is a request handler to empty a response's body and closing it.
+func UnmarshalDiscardBody(r *request.Request) {
+	if r.HTTPResponse == nil || r.HTTPResponse.Body == nil {
+		return
+	}
+
+	io.Copy(ioutil.Discard, r.HTTPResponse.Body)
+	r.HTTPResponse.Body.Close()
+}
+
+// ResponseMetadata provides the SDK response metadata attributes.
+type ResponseMetadata struct {
+	StatusCode int
+	RequestID  string
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/unmarshal_error.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/unmarshal_error.go
new file mode 100644
index 000000000..cc857f136
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/unmarshal_error.go
@@ -0,0 +1,65 @@
+package protocol
+
+import (
+	"net/http"
+
+	"github.com/aws/aws-sdk-go/aws/awserr"
+	"github.com/aws/aws-sdk-go/aws/request"
+)
+
+// UnmarshalErrorHandler provides unmarshaling errors API response errors for
+// both typed and untyped errors.
+type UnmarshalErrorHandler struct {
+	unmarshaler ErrorUnmarshaler
+}
+
+// ErrorUnmarshaler is an abstract interface for concrete implementations to
+// unmarshal protocol specific response errors.
+type ErrorUnmarshaler interface {
+	UnmarshalError(*http.Response, ResponseMetadata) (error, error)
+}
+
+// NewUnmarshalErrorHandler returns an UnmarshalErrorHandler
+// initialized for the set of exception names to the error unmarshalers
+func NewUnmarshalErrorHandler(unmarshaler ErrorUnmarshaler) *UnmarshalErrorHandler {
+	return &UnmarshalErrorHandler{
+		unmarshaler: unmarshaler,
+	}
+}
+
+// UnmarshalErrorHandlerName is the name of the named handler.
+const UnmarshalErrorHandlerName = "awssdk.protocol.UnmarshalError"
+
+// NamedHandler returns a NamedHandler for the unmarshaler using the set of
+// errors the unmarshaler was initialized for.
+func (u *UnmarshalErrorHandler) NamedHandler() request.NamedHandler {
+	return request.NamedHandler{
+		Name: UnmarshalErrorHandlerName,
+		Fn:   u.UnmarshalError,
+	}
+}
+
+// UnmarshalError will attempt to unmarshal the API response's error message
+// into either a generic SDK error type, or a typed error corresponding to the
+// errors exception name.
+func (u *UnmarshalErrorHandler) UnmarshalError(r *request.Request) {
+	defer r.HTTPResponse.Body.Close()
+
+	respMeta := ResponseMetadata{
+		StatusCode: r.HTTPResponse.StatusCode,
+		RequestID:  r.RequestID,
+	}
+
+	v, err := u.unmarshaler.UnmarshalError(r.HTTPResponse, respMeta)
+	if err != nil {
+		r.Error = awserr.NewRequestFailure(
+			awserr.New(request.ErrCodeSerialization,
+				"failed to unmarshal response error", err),
+			respMeta.StatusCode,
+			respMeta.RequestID,
+		)
+		return
+	}
+
+	r.Error = v
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/build.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/build.go
new file mode 100644
index 000000000..58c12bd8c
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/build.go
@@ -0,0 +1,345 @@
+// Package xmlutil provides XML serialization of AWS requests and responses.
+package xmlutil
+
+import (
+	"encoding/base64"
+	"encoding/xml"
+	"fmt"
+	"math"
+	"reflect"
+	"sort"
+	"strconv"
+	"strings"
+	"time"
+
+	"github.com/aws/aws-sdk-go/private/protocol"
+)
+
+const (
+	floatNaN    = "NaN"
+	floatInf    = "Infinity"
+	floatNegInf = "-Infinity"
+)
+
+// BuildXML will serialize params into an xml.Encoder. Error will be returned
+// if the serialization of any of the params or nested values fails.
+func BuildXML(params interface{}, e *xml.Encoder) error {
+	return buildXML(params, e, false)
+}
+
+func buildXML(params interface{}, e *xml.Encoder, sorted bool) error {
+	b := xmlBuilder{encoder: e, namespaces: map[string]string{}}
+	root := NewXMLElement(xml.Name{})
+	if err := b.buildValue(reflect.ValueOf(params), root, ""); err != nil {
+		return err
+	}
+	for _, c := range root.Children {
+		for _, v := range c {
+			return StructToXML(e, v, sorted)
+		}
+	}
+	return nil
+}
+
+// Returns the reflection element of a value, if it is a pointer.
+func elemOf(value reflect.Value) reflect.Value {
+	for value.Kind() == reflect.Ptr {
+		value = value.Elem()
+	}
+	return value
+}
+
+// A xmlBuilder serializes values from Go code to XML
+type xmlBuilder struct {
+	encoder    *xml.Encoder
+	namespaces map[string]string
+}
+
+// buildValue generic XMLNode builder for any type. Will build value for their specific type
+// struct, list, map, scalar.
+//
+// Also takes a "type" tag value to set what type a value should be converted to XMLNode as. If
+// type is not provided reflect will be used to determine the value's type.
+func (b *xmlBuilder) buildValue(value reflect.Value, current *XMLNode, tag reflect.StructTag) error {
+	value = elemOf(value)
+	if !value.IsValid() { // no need to handle zero values
+		return nil
+	} else if tag.Get("location") != "" { // don't handle non-body location values
+		return nil
+	}
+
+	xml := tag.Get("xml")
+	if len(xml) != 0 {
+		name := strings.SplitAfterN(xml, ",", 2)[0]
+		if name == "-" {
+			return nil
+		}
+	}
+
+	t := tag.Get("type")
+	if t == "" {
+		switch value.Kind() {
+		case reflect.Struct:
+			t = "structure"
+		case reflect.Slice:
+			t = "list"
+		case reflect.Map:
+			t = "map"
+		}
+	}
+
+	switch t {
+	case "structure":
+		if field, ok := value.Type().FieldByName("_"); ok {
+			tag = tag + reflect.StructTag(" ") + field.Tag
+		}
+		return b.buildStruct(value, current, tag)
+	case "list":
+		return b.buildList(value, current, tag)
+	case "map":
+		return b.buildMap(value, current, tag)
+	default:
+		return b.buildScalar(value, current, tag)
+	}
+}
+
+// buildStruct adds a struct and its fields to the current XMLNode. All fields and any nested
+// types are converted to XMLNodes also.
+func (b *xmlBuilder) buildStruct(value reflect.Value, current *XMLNode, tag reflect.StructTag) error {
+	if !value.IsValid() {
+		return nil
+	}
+
+	// unwrap payloads
+	if payload := tag.Get("payload"); payload != "" {
+		field, _ := value.Type().FieldByName(payload)
+		tag = field.Tag
+		value = elemOf(value.FieldByName(payload))
+
+		if !value.IsValid() {
+			return nil
+		}
+	}
+
+	child := NewXMLElement(xml.Name{Local: tag.Get("locationName")})
+
+	// there is an xmlNamespace associated with this struct
+	if prefix, uri := tag.Get("xmlPrefix"), tag.Get("xmlURI"); uri != "" {
+		ns := xml.Attr{
+			Name:  xml.Name{Local: "xmlns"},
+			Value: uri,
+		}
+		if prefix != "" {
+			b.namespaces[prefix] = uri // register the namespace
+			ns.Name.Local = "xmlns:" + prefix
+		}
+
+		child.Attr = append(child.Attr, ns)
+	}
+
+	var payloadFields, nonPayloadFields int
+
+	t := value.Type()
+	for i := 0; i < value.NumField(); i++ {
+		member := elemOf(value.Field(i))
+		field := t.Field(i)
+
+		if field.PkgPath != "" {
+			continue // ignore unexported fields
+		}
+		if field.Tag.Get("ignore") != "" {
+			continue
+		}
+
+		mTag := field.Tag
+		if mTag.Get("location") != "" { // skip non-body members
+			nonPayloadFields++
+			continue
+		}
+		payloadFields++
+
+		if protocol.CanSetIdempotencyToken(value.Field(i), field) {
+			token := protocol.GetIdempotencyToken()
+			member = reflect.ValueOf(token)
+		}
+
+		memberName := mTag.Get("locationName")
+		if memberName == "" {
+			memberName = field.Name
+			mTag = reflect.StructTag(string(mTag) + ` locationName:"` + memberName + `"`)
+		}
+		if err := b.buildValue(member, child, mTag); err != nil {
+			return err
+		}
+	}
+
+	// Only case where the child shape is not added is if the shape only contains
+	// non-payload fields, e.g headers/query.
+	if !(payloadFields == 0 && nonPayloadFields > 0) {
+		current.AddChild(child)
+	}
+
+	return nil
+}
+
+// buildList adds the value's list items to the current XMLNode as children nodes. All
+// nested values in the list are converted to XMLNodes also.
+func (b *xmlBuilder) buildList(value reflect.Value, current *XMLNode, tag reflect.StructTag) error {
+	if value.IsNil() { // don't build omitted lists
+		return nil
+	}
+
+	// check for unflattened list member
+	flattened := tag.Get("flattened") != ""
+
+	xname := xml.Name{Local: tag.Get("locationName")}
+	if flattened {
+		for i := 0; i < value.Len(); i++ {
+			child := NewXMLElement(xname)
+			current.AddChild(child)
+			if err := b.buildValue(value.Index(i), child, ""); err != nil {
+				return err
+			}
+		}
+	} else {
+		list := NewXMLElement(xname)
+		current.AddChild(list)
+
+		for i := 0; i < value.Len(); i++ {
+			iname := tag.Get("locationNameList")
+			if iname == "" {
+				iname = "member"
+			}
+
+			child := NewXMLElement(xml.Name{Local: iname})
+			list.AddChild(child)
+			if err := b.buildValue(value.Index(i), child, ""); err != nil {
+				return err
+			}
+		}
+	}
+
+	return nil
+}
+
+// buildMap adds the value's key/value pairs to the current XMLNode as children nodes. All
+// nested values in the map are converted to XMLNodes also.
+//
+// Error will be returned if it is unable to build the map's values into XMLNodes
+func (b *xmlBuilder) buildMap(value reflect.Value, current *XMLNode, tag reflect.StructTag) error {
+	if value.IsNil() { // don't build omitted maps
+		return nil
+	}
+
+	maproot := NewXMLElement(xml.Name{Local: tag.Get("locationName")})
+	current.AddChild(maproot)
+	current = maproot
+
+	kname, vname := "key", "value"
+	if n := tag.Get("locationNameKey"); n != "" {
+		kname = n
+	}
+	if n := tag.Get("locationNameValue"); n != "" {
+		vname = n
+	}
+
+	// sorting is not required for compliance, but it makes testing easier
+	keys := make([]string, value.Len())
+	for i, k := range value.MapKeys() {
+		keys[i] = k.String()
+	}
+	sort.Strings(keys)
+
+	for _, k := range keys {
+		v := value.MapIndex(reflect.ValueOf(k))
+
+		mapcur := current
+		if tag.Get("flattened") == "" { // add "entry" tag to non-flat maps
+			child := NewXMLElement(xml.Name{Local: "entry"})
+			mapcur.AddChild(child)
+			mapcur = child
+		}
+
+		kchild := NewXMLElement(xml.Name{Local: kname})
+		kchild.Text = k
+		vchild := NewXMLElement(xml.Name{Local: vname})
+		mapcur.AddChild(kchild)
+		mapcur.AddChild(vchild)
+
+		if err := b.buildValue(v, vchild, ""); err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+// buildScalar will convert the value into a string and append it as a attribute or child
+// of the current XMLNode.
+//
+// The value will be added as an attribute if tag contains a "xmlAttribute" attribute value.
+//
+// Error will be returned if the value type is unsupported.
+func (b *xmlBuilder) buildScalar(value reflect.Value, current *XMLNode, tag reflect.StructTag) error {
+	var str string
+
+	switch converted := value.Interface().(type) {
+	case string:
+		str = converted
+	case []byte:
+		if !value.IsNil() {
+			str = base64.StdEncoding.EncodeToString(converted)
+		}
+	case bool:
+		str = strconv.FormatBool(converted)
+	case int64:
+		str = strconv.FormatInt(converted, 10)
+	case int:
+		str = strconv.Itoa(converted)
+	case float64:
+		switch {
+		case math.IsNaN(converted):
+			str = floatNaN
+		case math.IsInf(converted, 1):
+			str = floatInf
+		case math.IsInf(converted, -1):
+			str = floatNegInf
+		default:
+			str = strconv.FormatFloat(converted, 'f', -1, 64)
+		}
+	case float32:
+		// The SDK doesn't render float32 values in types, only float64. This case would never be hit currently.
+		asFloat64 := float64(converted)
+		switch {
+		case math.IsNaN(asFloat64):
+			str = floatNaN
+		case math.IsInf(asFloat64, 1):
+			str = floatInf
+		case math.IsInf(asFloat64, -1):
+			str = floatNegInf
+		default:
+			str = strconv.FormatFloat(asFloat64, 'f', -1, 32)
+		}
+	case time.Time:
+		format := tag.Get("timestampFormat")
+		if len(format) == 0 {
+			format = protocol.ISO8601TimeFormatName
+		}
+
+		str = protocol.FormatTime(format, converted)
+	default:
+		return fmt.Errorf("unsupported value for param %s: %v (%s)",
+			tag.Get("locationName"), value.Interface(), value.Type().Name())
+	}
+
+	xname := xml.Name{Local: tag.Get("locationName")}
+	if tag.Get("xmlAttribute") != "" { // put into current node's attribute list
+		attr := xml.Attr{Name: xname, Value: str}
+		current.Attr = append(current.Attr, attr)
+	} else if len(xname.Local) == 0 {
+		current.Text = str
+	} else { // regular text node
+		current.AddChild(&XMLNode{Name: xname, Text: str})
+	}
+	return nil
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/sort.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/sort.go
new file mode 100644
index 000000000..c1a511851
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/sort.go
@@ -0,0 +1,32 @@
+package xmlutil
+
+import (
+	"encoding/xml"
+	"strings"
+)
+
+type xmlAttrSlice []xml.Attr
+
+func (x xmlAttrSlice) Len() int {
+	return len(x)
+}
+
+func (x xmlAttrSlice) Less(i, j int) bool {
+	spaceI, spaceJ := x[i].Name.Space, x[j].Name.Space
+	localI, localJ := x[i].Name.Local, x[j].Name.Local
+	valueI, valueJ := x[i].Value, x[j].Value
+
+	spaceCmp := strings.Compare(spaceI, spaceJ)
+	localCmp := strings.Compare(localI, localJ)
+	valueCmp := strings.Compare(valueI, valueJ)
+
+	if spaceCmp == -1 || (spaceCmp == 0 && (localCmp == -1 || (localCmp == 0 && valueCmp == -1))) {
+		return true
+	}
+
+	return false
+}
+
+func (x xmlAttrSlice) Swap(i, j int) {
+	x[i], x[j] = x[j], x[i]
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/unmarshal.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/unmarshal.go
new file mode 100644
index 000000000..44a580a94
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/unmarshal.go
@@ -0,0 +1,311 @@
+package xmlutil
+
+import (
+	"bytes"
+	"encoding/base64"
+	"encoding/xml"
+	"fmt"
+	"io"
+	"math"
+	"reflect"
+	"strconv"
+	"strings"
+	"time"
+
+	"github.com/aws/aws-sdk-go/aws/awserr"
+	"github.com/aws/aws-sdk-go/private/protocol"
+)
+
+// UnmarshalXMLError unmarshals the XML error from the stream into the value
+// type specified. The value must be a pointer. If the message fails to
+// unmarshal, the message content will be included in the returned error as a
+// awserr.UnmarshalError.
+func UnmarshalXMLError(v interface{}, stream io.Reader) error {
+	var errBuf bytes.Buffer
+	body := io.TeeReader(stream, &errBuf)
+
+	err := xml.NewDecoder(body).Decode(v)
+	if err != nil && err != io.EOF {
+		return awserr.NewUnmarshalError(err,
+			"failed to unmarshal error message", errBuf.Bytes())
+	}
+
+	return nil
+}
+
+// UnmarshalXML deserializes an xml.Decoder into the container v. V
+// needs to match the shape of the XML expected to be decoded.
+// If the shape doesn't match unmarshaling will fail.
+func UnmarshalXML(v interface{}, d *xml.Decoder, wrapper string) error {
+	n, err := XMLToStruct(d, nil)
+	if err != nil {
+		return err
+	}
+	if n.Children != nil {
+		for _, root := range n.Children {
+			for _, c := range root {
+				if wrappedChild, ok := c.Children[wrapper]; ok {
+					c = wrappedChild[0] // pull out wrapped element
+				}
+
+				err = parse(reflect.ValueOf(v), c, "")
+				if err != nil {
+					if err == io.EOF {
+						return nil
+					}
+					return err
+				}
+			}
+		}
+		return nil
+	}
+	return nil
+}
+
+// parse deserializes any value from the XMLNode. The type tag is used to infer the type, or reflect
+// will be used to determine the type from r.
+func parse(r reflect.Value, node *XMLNode, tag reflect.StructTag) error {
+	xml := tag.Get("xml")
+	if len(xml) != 0 {
+		name := strings.SplitAfterN(xml, ",", 2)[0]
+		if name == "-" {
+			return nil
+		}
+	}
+
+	rtype := r.Type()
+	if rtype.Kind() == reflect.Ptr {
+		rtype = rtype.Elem() // check kind of actual element type
+	}
+
+	t := tag.Get("type")
+	if t == "" {
+		switch rtype.Kind() {
+		case reflect.Struct:
+			// also it can't be a time object
+			if _, ok := r.Interface().(*time.Time); !ok {
+				t = "structure"
+			}
+		case reflect.Slice:
+			// also it can't be a byte slice
+			if _, ok := r.Interface().([]byte); !ok {
+				t = "list"
+			}
+		case reflect.Map:
+			t = "map"
+		}
+	}
+
+	switch t {
+	case "structure":
+		if field, ok := rtype.FieldByName("_"); ok {
+			tag = field.Tag
+		}
+		return parseStruct(r, node, tag)
+	case "list":
+		return parseList(r, node, tag)
+	case "map":
+		return parseMap(r, node, tag)
+	default:
+		return parseScalar(r, node, tag)
+	}
+}
+
+// parseStruct deserializes a structure and its fields from an XMLNode. Any nested
+// types in the structure will also be deserialized.
+func parseStruct(r reflect.Value, node *XMLNode, tag reflect.StructTag) error {
+	t := r.Type()
+	if r.Kind() == reflect.Ptr {
+		if r.IsNil() { // create the structure if it's nil
+			s := reflect.New(r.Type().Elem())
+			r.Set(s)
+			r = s
+		}
+
+		r = r.Elem()
+		t = t.Elem()
+	}
+
+	// unwrap any payloads
+	if payload := tag.Get("payload"); payload != "" {
+		field, _ := t.FieldByName(payload)
+		return parseStruct(r.FieldByName(payload), node, field.Tag)
+	}
+
+	for i := 0; i < t.NumField(); i++ {
+		field := t.Field(i)
+		if c := field.Name[0:1]; strings.ToLower(c) == c {
+			continue // ignore unexported fields
+		}
+
+		// figure out what this field is called
+		name := field.Name
+		if field.Tag.Get("flattened") != "" && field.Tag.Get("locationNameList") != "" {
+			name = field.Tag.Get("locationNameList")
+		} else if locName := field.Tag.Get("locationName"); locName != "" {
+			name = locName
+		}
+
+		// try to find the field by name in elements
+		elems := node.Children[name]
+
+		if elems == nil { // try to find the field in attributes
+			if val, ok := node.findElem(name); ok {
+				elems = []*XMLNode{{Text: val}}
+			}
+		}
+
+		member := r.FieldByName(field.Name)
+		for _, elem := range elems {
+			err := parse(member, elem, field.Tag)
+			if err != nil {
+				return err
+			}
+		}
+	}
+	return nil
+}
+
+// parseList deserializes a list of values from an XML node. Each list entry
+// will also be deserialized.
+func parseList(r reflect.Value, node *XMLNode, tag reflect.StructTag) error {
+	t := r.Type()
+
+	if tag.Get("flattened") == "" { // look at all item entries
+		mname := "member"
+		if name := tag.Get("locationNameList"); name != "" {
+			mname = name
+		}
+
+		if Children, ok := node.Children[mname]; ok {
+			if r.IsNil() {
+				r.Set(reflect.MakeSlice(t, len(Children), len(Children)))
+			}
+
+			for i, c := range Children {
+				err := parse(r.Index(i), c, "")
+				if err != nil {
+					return err
+				}
+			}
+		}
+	} else { // flattened list means this is a single element
+		if r.IsNil() {
+			r.Set(reflect.MakeSlice(t, 0, 0))
+		}
+
+		childR := reflect.Zero(t.Elem())
+		r.Set(reflect.Append(r, childR))
+		err := parse(r.Index(r.Len()-1), node, "")
+		if err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+// parseMap deserializes a map from an XMLNode. The direct children of the XMLNode
+// will also be deserialized as map entries.
+func parseMap(r reflect.Value, node *XMLNode, tag reflect.StructTag) error {
+	if r.IsNil() {
+		r.Set(reflect.MakeMap(r.Type()))
+	}
+
+	if tag.Get("flattened") == "" { // look at all child entries
+		for _, entry := range node.Children["entry"] {
+			parseMapEntry(r, entry, tag)
+		}
+	} else { // this element is itself an entry
+		parseMapEntry(r, node, tag)
+	}
+
+	return nil
+}
+
+// parseMapEntry deserializes a map entry from a XML node.
+func parseMapEntry(r reflect.Value, node *XMLNode, tag reflect.StructTag) error {
+	kname, vname := "key", "value"
+	if n := tag.Get("locationNameKey"); n != "" {
+		kname = n
+	}
+	if n := tag.Get("locationNameValue"); n != "" {
+		vname = n
+	}
+
+	keys, ok := node.Children[kname]
+	values := node.Children[vname]
+	if ok {
+		for i, key := range keys {
+			keyR := reflect.ValueOf(key.Text)
+			value := values[i]
+			valueR := reflect.New(r.Type().Elem()).Elem()
+
+			parse(valueR, value, "")
+			r.SetMapIndex(keyR, valueR)
+		}
+	}
+	return nil
+}
+
+// parseScaller deserializes an XMLNode value into a concrete type based on the
+// interface type of r.
+//
+// Error is returned if the deserialization fails due to invalid type conversion,
+// or unsupported interface type.
+func parseScalar(r reflect.Value, node *XMLNode, tag reflect.StructTag) error {
+	switch r.Interface().(type) {
+	case *string:
+		r.Set(reflect.ValueOf(&node.Text))
+		return nil
+	case []byte:
+		b, err := base64.StdEncoding.DecodeString(node.Text)
+		if err != nil {
+			return err
+		}
+		r.Set(reflect.ValueOf(b))
+	case *bool:
+		v, err := strconv.ParseBool(node.Text)
+		if err != nil {
+			return err
+		}
+		r.Set(reflect.ValueOf(&v))
+	case *int64:
+		v, err := strconv.ParseInt(node.Text, 10, 64)
+		if err != nil {
+			return err
+		}
+		r.Set(reflect.ValueOf(&v))
+	case *float64:
+		var v float64
+		switch {
+		case strings.EqualFold(node.Text, floatNaN):
+			v = math.NaN()
+		case strings.EqualFold(node.Text, floatInf):
+			v = math.Inf(1)
+		case strings.EqualFold(node.Text, floatNegInf):
+			v = math.Inf(-1)
+		default:
+			var err error
+			v, err = strconv.ParseFloat(node.Text, 64)
+			if err != nil {
+				return err
+			}
+		}
+		r.Set(reflect.ValueOf(&v))
+	case *time.Time:
+		format := tag.Get("timestampFormat")
+		if len(format) == 0 {
+			format = protocol.ISO8601TimeFormatName
+		}
+
+		t, err := protocol.ParseTime(format, node.Text)
+		if err != nil {
+			return err
+		}
+		r.Set(reflect.ValueOf(&t))
+	default:
+		return fmt.Errorf("unsupported value: %v (%s)", r.Interface(), r.Type())
+	}
+	return nil
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/xml_to_struct.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/xml_to_struct.go
new file mode 100644
index 000000000..c85b79fdd
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/xml_to_struct.go
@@ -0,0 +1,173 @@
+package xmlutil
+
+import (
+	"encoding/xml"
+	"fmt"
+	"io"
+	"sort"
+)
+
+// A XMLNode contains the values to be encoded or decoded.
+type XMLNode struct {
+	Name     xml.Name              `json:",omitempty"`
+	Children map[string][]*XMLNode `json:",omitempty"`
+	Text     string                `json:",omitempty"`
+	Attr     []xml.Attr            `json:",omitempty"`
+
+	namespaces map[string]string
+	parent     *XMLNode
+}
+
+// textEncoder is a string type alias that implemnts the TextMarshaler interface.
+// This alias type is used to ensure that the line feed (\n) (U+000A) is escaped.
+type textEncoder string
+
+func (t textEncoder) MarshalText() ([]byte, error) {
+	return []byte(t), nil
+}
+
+// NewXMLElement returns a pointer to a new XMLNode initialized to default values.
+func NewXMLElement(name xml.Name) *XMLNode {
+	return &XMLNode{
+		Name:     name,
+		Children: map[string][]*XMLNode{},
+		Attr:     []xml.Attr{},
+	}
+}
+
+// AddChild adds child to the XMLNode.
+func (n *XMLNode) AddChild(child *XMLNode) {
+	child.parent = n
+	if _, ok := n.Children[child.Name.Local]; !ok {
+		n.Children[child.Name.Local] = []*XMLNode{}
+	}
+	n.Children[child.Name.Local] = append(n.Children[child.Name.Local], child)
+}
+
+// XMLToStruct converts a xml.Decoder stream to XMLNode with nested values.
+func XMLToStruct(d *xml.Decoder, s *xml.StartElement) (*XMLNode, error) {
+	out := &XMLNode{}
+	for {
+		tok, err := d.Token()
+		if err != nil {
+			if err == io.EOF {
+				break
+			} else {
+				return out, err
+			}
+		}
+
+		if tok == nil {
+			break
+		}
+
+		switch typed := tok.(type) {
+		case xml.CharData:
+			out.Text = string(typed.Copy())
+		case xml.StartElement:
+			el := typed.Copy()
+			out.Attr = el.Attr
+			if out.Children == nil {
+				out.Children = map[string][]*XMLNode{}
+			}
+
+			name := typed.Name.Local
+			slice := out.Children[name]
+			if slice == nil {
+				slice = []*XMLNode{}
+			}
+			node, e := XMLToStruct(d, &el)
+			out.findNamespaces()
+			if e != nil {
+				return out, e
+			}
+			node.Name = typed.Name
+			node.findNamespaces()
+			tempOut := *out
+			// Save into a temp variable, simply because out gets squashed during
+			// loop iterations
+			node.parent = &tempOut
+			slice = append(slice, node)
+			out.Children[name] = slice
+		case xml.EndElement:
+			if s != nil && s.Name.Local == typed.Name.Local { // matching end token
+				return out, nil
+			}
+			out = &XMLNode{}
+		}
+	}
+	return out, nil
+}
+
+func (n *XMLNode) findNamespaces() {
+	ns := map[string]string{}
+	for _, a := range n.Attr {
+		if a.Name.Space == "xmlns" {
+			ns[a.Value] = a.Name.Local
+		}
+	}
+
+	n.namespaces = ns
+}
+
+func (n *XMLNode) findElem(name string) (string, bool) {
+	for node := n; node != nil; node = node.parent {
+		for _, a := range node.Attr {
+			namespace := a.Name.Space
+			if v, ok := node.namespaces[namespace]; ok {
+				namespace = v
+			}
+			if name == fmt.Sprintf("%s:%s", namespace, a.Name.Local) {
+				return a.Value, true
+			}
+		}
+	}
+	return "", false
+}
+
+// StructToXML writes an XMLNode to a xml.Encoder as tokens.
+func StructToXML(e *xml.Encoder, node *XMLNode, sorted bool) error {
+	// Sort Attributes
+	attrs := node.Attr
+	if sorted {
+		sortedAttrs := make([]xml.Attr, len(attrs))
+		for _, k := range node.Attr {
+			sortedAttrs = append(sortedAttrs, k)
+		}
+		sort.Sort(xmlAttrSlice(sortedAttrs))
+		attrs = sortedAttrs
+	}
+
+	startElement := xml.StartElement{Name: node.Name, Attr: attrs}
+
+	if node.Text != "" {
+		e.EncodeElement(textEncoder(node.Text), startElement)
+		return e.Flush()
+	}
+
+	e.EncodeToken(startElement)
+
+	if sorted {
+		sortedNames := []string{}
+		for k := range node.Children {
+			sortedNames = append(sortedNames, k)
+		}
+		sort.Strings(sortedNames)
+
+		for _, k := range sortedNames {
+			for _, v := range node.Children[k] {
+				StructToXML(e, v, sorted)
+			}
+		}
+	} else {
+		for _, c := range node.Children {
+			for _, v := range c {
+				StructToXML(e, v, sorted)
+			}
+		}
+	}
+
+	e.EncodeToken(startElement.End())
+
+	return e.Flush()
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/service/cloudfront/sign/policy.go b/vendor/github.com/aws/aws-sdk-go/service/cloudfront/sign/policy.go
new file mode 100644
index 000000000..27c3ed318
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/service/cloudfront/sign/policy.go
@@ -0,0 +1,238 @@
+package sign
+
+import (
+	"bytes"
+	"crypto"
+	"crypto/rand"
+	"crypto/rsa"
+	"crypto/sha1"
+	"encoding/base64"
+	"encoding/json"
+	"fmt"
+	"io"
+	"net/url"
+	"strings"
+	"time"
+	"unicode"
+)
+
+// An AWSEpochTime wraps a time value providing JSON serialization needed for
+// AWS Policy epoch time fields.
+type AWSEpochTime struct {
+	time.Time
+}
+
+// NewAWSEpochTime returns a new AWSEpochTime pointer wrapping the Go time provided.
+func NewAWSEpochTime(t time.Time) *AWSEpochTime {
+	return &AWSEpochTime{t}
+}
+
+// MarshalJSON serializes the epoch time as AWS Profile epoch time.
+func (t AWSEpochTime) MarshalJSON() ([]byte, error) {
+	return []byte(fmt.Sprintf(`{"AWS:EpochTime":%d}`, t.UTC().Unix())), nil
+}
+
+// UnmarshalJSON unserializes AWS Profile epoch time.
+func (t *AWSEpochTime) UnmarshalJSON(data []byte) error {
+	var epochTime struct {
+		Sec int64 `json:"AWS:EpochTime"`
+	}
+	err := json.Unmarshal(data, &epochTime)
+	if err != nil {
+		return err
+	}
+	t.Time = time.Unix(epochTime.Sec, 0).UTC()
+	return nil
+}
+
+// An IPAddress wraps an IPAddress source IP providing JSON serialization information
+type IPAddress struct {
+	SourceIP string `json:"AWS:SourceIp"`
+}
+
+// A Condition defines the restrictions for how a signed URL can be used.
+type Condition struct {
+	// Optional IP address mask the signed URL must be requested from.
+	IPAddress *IPAddress `json:"IpAddress,omitempty"`
+
+	// Optional date that the signed URL cannot be used until. It is invalid
+	// to make requests with the signed URL prior to this date.
+	DateGreaterThan *AWSEpochTime `json:",omitempty"`
+
+	// Required date that the signed URL will expire. A DateLessThan is required
+	// sign cloud front URLs
+	DateLessThan *AWSEpochTime `json:",omitempty"`
+}
+
+// A Statement is a collection of conditions for resources
+type Statement struct {
+	// The Web or RTMP resource the URL will be signed for
+	Resource string
+
+	// The set of conditions for this resource
+	Condition Condition
+}
+
+// A Policy defines the resources that a signed will be signed for.
+//
+// See the following page for more information on how policies are constructed.
+// http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-creating-signed-url-custom-policy.html#private-content-custom-policy-statement
+type Policy struct {
+	// List of resource and condition statements.
+	// Signed URLs should only provide a single statement.
+	Statements []Statement `json:"Statement"`
+}
+
+// Override for testing to mock out usage of crypto/rand.Reader
+var randReader = rand.Reader
+
+// Sign will sign a policy using an RSA private key. It will return a base 64
+// encoded signature and policy if no error is encountered.
+//
+// The signature and policy should be added to the signed URL following the
+// guidelines in:
+// http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-signed-urls.html
+func (p *Policy) Sign(privKey *rsa.PrivateKey) (b64Signature, b64Policy []byte, err error) {
+	if err = p.Validate(); err != nil {
+		return nil, nil, err
+	}
+
+	// Build and escape the policy
+	b64Policy, jsonPolicy, err := encodePolicy(p)
+	if err != nil {
+		return nil, nil, err
+	}
+	awsEscapeEncoded(b64Policy)
+
+	// Build and escape the signature
+	b64Signature, err = signEncodedPolicy(randReader, jsonPolicy, privKey)
+	if err != nil {
+		return nil, nil, err
+	}
+	awsEscapeEncoded(b64Signature)
+
+	return b64Signature, b64Policy, nil
+}
+
+// Validate verifies that the policy is valid and usable, and returns an
+// error if there is a problem.
+func (p *Policy) Validate() error {
+	if len(p.Statements) == 0 {
+		return fmt.Errorf("at least one policy statement is required")
+	}
+	for i, s := range p.Statements {
+		if s.Resource == "" {
+			return fmt.Errorf("statement at index %d does not have a resource", i)
+		}
+		if !isASCII(s.Resource) {
+			return fmt.Errorf("unable to sign resource, [%s]. "+
+				"Resources must only contain ascii characters. "+
+				"Hostnames with unicode should be encoded as Punycode, (e.g. golang.org/x/net/idna), "+
+				"and URL unicode path/query characters should be escaped.", s.Resource)
+		}
+	}
+
+	return nil
+}
+
+// CreateResource constructs, validates, and returns a resource URL string. An
+// error will be returned if unable to create the resource string.
+func CreateResource(scheme, u string) (string, error) {
+	scheme = strings.ToLower(scheme)
+
+	if scheme == "http" || scheme == "https" || scheme == "http*" || scheme == "*" {
+		return u, nil
+	}
+
+	if scheme == "rtmp" {
+		parsed, err := url.Parse(u)
+		if err != nil {
+			return "", fmt.Errorf("unable to parse rtmp URL, err: %s", err)
+		}
+
+		rtmpURL := strings.TrimLeft(parsed.Path, "/")
+		if parsed.RawQuery != "" {
+			rtmpURL = fmt.Sprintf("%s?%s", rtmpURL, parsed.RawQuery)
+		}
+
+		return rtmpURL, nil
+	}
+
+	return "", fmt.Errorf("invalid URL scheme must be http, https, or rtmp. Provided: %s", scheme)
+}
+
+// NewCannedPolicy returns a new Canned Policy constructed using the resource
+// and expires time. This can be used to generate the basic model for a Policy
+// that can be then augmented with additional conditions.
+//
+// See the following page for more information on how policies are constructed.
+// http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-creating-signed-url-custom-policy.html#private-content-custom-policy-statement
+func NewCannedPolicy(resource string, expires time.Time) *Policy {
+	return &Policy{
+		Statements: []Statement{
+			{
+				Resource: resource,
+				Condition: Condition{
+					DateLessThan: NewAWSEpochTime(expires),
+				},
+			},
+		},
+	}
+}
+
+// encodePolicy encodes the Policy as JSON and also base 64 encodes it.
+func encodePolicy(p *Policy) (b64Policy, jsonPolicy []byte, err error) {
+	jsonPolicy, err = encodePolicyJSON(p)
+	if err != nil {
+		return nil, nil, fmt.Errorf("failed to encode policy, %s", err.Error())
+	}
+	// Remove leading and trailing white space, JSON encoding will note include
+	// whitespace within the encoding.
+	jsonPolicy = bytes.TrimSpace(jsonPolicy)
+
+	b64Policy = make([]byte, base64.StdEncoding.EncodedLen(len(jsonPolicy)))
+	base64.StdEncoding.Encode(b64Policy, jsonPolicy)
+	return b64Policy, jsonPolicy, nil
+}
+
+// signEncodedPolicy will sign and base 64 encode the JSON encoded policy.
+func signEncodedPolicy(randReader io.Reader, jsonPolicy []byte, privKey *rsa.PrivateKey) ([]byte, error) {
+	hash := sha1.New()
+	if _, err := bytes.NewReader(jsonPolicy).WriteTo(hash); err != nil {
+		return nil, fmt.Errorf("failed to calculate signing hash, %s", err.Error())
+	}
+
+	sig, err := rsa.SignPKCS1v15(randReader, privKey, crypto.SHA1, hash.Sum(nil))
+	if err != nil {
+		return nil, fmt.Errorf("failed to sign policy, %s", err.Error())
+	}
+
+	b64Sig := make([]byte, base64.StdEncoding.EncodedLen(len(sig)))
+	base64.StdEncoding.Encode(b64Sig, sig)
+	return b64Sig, nil
+}
+
+// special characters to be replaced with awsEscapeEncoded
+var invalidEncodedChar = map[byte]byte{
+	'+': '-',
+	'=': '_',
+	'/': '~',
+}
+
+// awsEscapeEncoded will replace base64 encoding's special characters to be URL safe.
+func awsEscapeEncoded(b []byte) {
+	for i, v := range b {
+		if r, ok := invalidEncodedChar[v]; ok {
+			b[i] = r
+		}
+	}
+}
+
+func isASCII(u string) bool {
+	for _, c := range u {
+		if c > unicode.MaxASCII {
+			return false
+		}
+	}
+	return true
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/service/cloudfront/sign/policy_json_1_6.go b/vendor/github.com/aws/aws-sdk-go/service/cloudfront/sign/policy_json_1_6.go
new file mode 100644
index 000000000..d19462c2b
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/service/cloudfront/sign/policy_json_1_6.go
@@ -0,0 +1,15 @@
+//go:build !go1.7
+// +build !go1.7
+
+package sign
+
+import (
+	"bytes"
+	"encoding/json"
+)
+
+func encodePolicyJSON(p *Policy) ([]byte, error) {
+	src, err := json.Marshal(p)
+	// Convert \u0026 back to &
+	return bytes.Replace(src, []byte("\\u0026"), []byte("&"), -1), err
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/service/cloudfront/sign/policy_json_1_7.go b/vendor/github.com/aws/aws-sdk-go/service/cloudfront/sign/policy_json_1_7.go
new file mode 100644
index 000000000..6037704a0
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/service/cloudfront/sign/policy_json_1_7.go
@@ -0,0 +1,17 @@
+//go:build go1.7
+// +build go1.7
+
+package sign
+
+import (
+	"bytes"
+	"encoding/json"
+)
+
+func encodePolicyJSON(p *Policy) ([]byte, error) {
+	buffer := &bytes.Buffer{}
+	encoder := json.NewEncoder(buffer)
+	encoder.SetEscapeHTML(false)
+	err := encoder.Encode(p)
+	return buffer.Bytes(), err
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/service/cloudfront/sign/privkey.go b/vendor/github.com/aws/aws-sdk-go/service/cloudfront/sign/privkey.go
new file mode 100644
index 000000000..ffb3c3a75
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/service/cloudfront/sign/privkey.go
@@ -0,0 +1,68 @@
+package sign
+
+import (
+	"crypto/rsa"
+	"crypto/x509"
+	"encoding/pem"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"os"
+)
+
+// LoadPEMPrivKeyFile reads a PEM encoded RSA private key from the file name.
+// A new RSA private key will be returned if no error.
+func LoadPEMPrivKeyFile(name string) (*rsa.PrivateKey, error) {
+	file, err := os.Open(name)
+	if err != nil {
+		return nil, err
+	}
+	defer file.Close()
+
+	return LoadPEMPrivKey(file)
+}
+
+// LoadPEMPrivKey reads a PEM encoded RSA private key from the io.Reader.
+// A new RSA private key will be returned if no error.
+func LoadPEMPrivKey(reader io.Reader) (*rsa.PrivateKey, error) {
+	block, err := loadPem(reader)
+	if err != nil {
+		return nil, err
+	}
+
+	return x509.ParsePKCS1PrivateKey(block.Bytes)
+}
+
+// LoadEncryptedPEMPrivKey decrypts the PEM encoded private key using the
+// password provided returning a RSA private key. If the PEM data is invalid,
+// or unable to decrypt an error will be returned.
+func LoadEncryptedPEMPrivKey(reader io.Reader, password []byte) (*rsa.PrivateKey, error) {
+	block, err := loadPem(reader)
+	if err != nil {
+		return nil, err
+	}
+
+	decryptedBlock, err := x509.DecryptPEMBlock(block, password)
+	if err != nil {
+		return nil, err
+	}
+
+	return x509.ParsePKCS1PrivateKey(decryptedBlock)
+}
+
+func loadPem(reader io.Reader) (*pem.Block, error) {
+	b, err := ioutil.ReadAll(reader)
+	if err != nil {
+		return nil, err
+	}
+
+	block, _ := pem.Decode(b)
+	if block == nil {
+		// pem.Decode will set block to nil if there is no PEM data in the input
+		// the second parameter will contain the provided bytes that failed
+		// to be decoded.
+		return nil, fmt.Errorf("no valid PEM data provided")
+	}
+
+	return block, nil
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/service/cloudfront/sign/randomreader.go b/vendor/github.com/aws/aws-sdk-go/service/cloudfront/sign/randomreader.go
new file mode 100644
index 000000000..7138e22fa
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/service/cloudfront/sign/randomreader.go
@@ -0,0 +1,30 @@
+package sign
+
+import (
+	"bytes"
+	"encoding/binary"
+	"math/rand"
+)
+
+// A randomReader wraps a math/rand.Rand within an reader so that it can used
+// as a predictable testing replacement for crypto/rand.Reader
+type randomReader struct {
+	b *bytes.Buffer
+	r *rand.Rand
+}
+
+// newRandomReader returns a new instance of the random reader
+func newRandomReader(r *rand.Rand) *randomReader {
+	return &randomReader{b: &bytes.Buffer{}, r: r}
+}
+
+// Read will read random bytes from up to the length of b.
+func (m *randomReader) Read(b []byte) (int, error) {
+	for i := 0; i < len(b); {
+		binary.Write(m.b, binary.LittleEndian, m.r.Int63())
+		n, _ := m.b.Read(b[i:])
+		i += n
+	}
+
+	return len(b), nil
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/service/cloudfront/sign/sign_cookie.go b/vendor/github.com/aws/aws-sdk-go/service/cloudfront/sign/sign_cookie.go
new file mode 100644
index 000000000..3c0cf3ac6
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/service/cloudfront/sign/sign_cookie.go
@@ -0,0 +1,243 @@
+package sign
+
+import (
+	"crypto/rsa"
+	"fmt"
+	"net/http"
+	"strings"
+	"time"
+)
+
+const (
+	// CookiePolicyName name of the policy cookie
+	CookiePolicyName = "CloudFront-Policy"
+	// CookieSignatureName name of the signature cookie
+	CookieSignatureName = "CloudFront-Signature"
+	// CookieKeyIDName name of the signing Key ID cookie
+	CookieKeyIDName = "CloudFront-Key-Pair-Id"
+)
+
+// A CookieOptions optional additional options that can be applied to the signed
+// cookies.
+type CookieOptions struct {
+	Path   string
+	Domain string
+	Secure bool
+}
+
+// apply will integration the options provided into the base cookie options
+// a new copy will be returned. The base CookieOption will not be modified.
+func (o CookieOptions) apply(opts ...func(*CookieOptions)) CookieOptions {
+	if len(opts) == 0 {
+		return o
+	}
+
+	for _, opt := range opts {
+		opt(&o)
+	}
+
+	return o
+}
+
+// A CookieSigner provides signing utilities to sign Cookies for Amazon CloudFront
+// resources. Using a private key and Credential Key Pair key ID the CookieSigner
+// only needs to be created once per Credential Key Pair key ID and private key.
+//
+// More information about signed Cookies and their structure can be found at:
+// http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-setting-signed-cookie-custom-policy.html
+//
+// To sign a Cookie, create a CookieSigner with your private key and credential
+// pair key ID. Once you have a CookieSigner instance you can call Sign or
+// SignWithPolicy to sign the URLs.
+//
+// The signer is safe to use concurrently, but the optional cookies options
+// are not safe to modify concurrently.
+type CookieSigner struct {
+	keyID   string
+	privKey *rsa.PrivateKey
+
+	Opts CookieOptions
+}
+
+// NewCookieSigner constructs and returns a new CookieSigner to be used to for
+// signing Amazon CloudFront URL resources with.
+func NewCookieSigner(keyID string, privKey *rsa.PrivateKey, opts ...func(*CookieOptions)) *CookieSigner {
+	signer := &CookieSigner{
+		keyID:   keyID,
+		privKey: privKey,
+		Opts:    CookieOptions{}.apply(opts...),
+	}
+
+	return signer
+}
+
+// Sign returns the cookies needed to allow user agents to make arbetrary
+// requests to cloudfront for the resource(s) defined by the policy.
+//
+// Sign will create a CloudFront policy with only a resource and condition of
+// DateLessThan equal to the expires time provided.
+//
+// The returned slice cookies should all be added to the Client's cookies or
+// server's response.
+//
+// Example:
+//
+//	s := sign.NewCookieSigner(keyID, privKey)
+//
+//	// Get Signed cookies for a resource that will expire in 1 hour
+//	cookies, err := s.Sign("*", time.Now().Add(1 * time.Hour))
+//	if err != nil {
+//	    fmt.Println("failed to create signed cookies", err)
+//	    return
+//	}
+//
+//	// Or get Signed cookies for a resource that will expire in 1 hour
+//	// and set path and domain of cookies
+//	cookies, err := s.Sign("*", time.Now().Add(1 * time.Hour), func(o *sign.CookieOptions) {
+//	    o.Path = "/"
+//	    o.Domain = ".example.com"
+//	})
+//	if err != nil {
+//	    fmt.Println("failed to create signed cookies", err)
+//	    return
+//	}
+//
+//	// Server Response via http.ResponseWriter
+//	for _, c := range cookies {
+//	    http.SetCookie(w, c)
+//	}
+//
+//	// Client request via the cookie jar
+//	if client.CookieJar != nil {
+//	    for _, c := range cookies {
+//	       client.Cookie(w, c)
+//	    }
+//	}
+func (s CookieSigner) Sign(u string, expires time.Time, opts ...func(*CookieOptions)) ([]*http.Cookie, error) {
+	scheme, err := cookieURLScheme(u)
+	if err != nil {
+		return nil, err
+	}
+
+	resource, err := CreateResource(scheme, u)
+	if err != nil {
+		return nil, err
+	}
+
+	p := NewCannedPolicy(resource, expires)
+	return createCookies(p, s.keyID, s.privKey, s.Opts.apply(opts...))
+}
+
+// Returns and validates the URL's scheme.
+// http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-setting-signed-cookie-custom-policy.html#private-content-custom-policy-statement-cookies
+func cookieURLScheme(u string) (string, error) {
+	parts := strings.SplitN(u, "://", 2)
+	if len(parts) != 2 {
+		return "", fmt.Errorf("invalid cookie URL, missing scheme")
+	}
+
+	scheme := strings.ToLower(parts[0])
+	if scheme != "http" && scheme != "https" && scheme != "http*" {
+		return "", fmt.Errorf("invalid cookie URL scheme. Expect http, https, or http*. Go, %s", scheme)
+	}
+
+	return scheme, nil
+}
+
+// SignWithPolicy returns the cookies needed to allow user agents to make
+// arbetrairy requets to cloudfront for the resource(s) defined by the policy.
+//
+// The returned slice cookies should all be added to the Client's cookies or
+// server's response.
+//
+// Example:
+//
+//	s := sign.NewCookieSigner(keyID, privKey)
+//
+//	policy := &sign.Policy{
+//	    Statements: []sign.Statement{
+//	        {
+//	            // Read the provided documentation on how to set this
+//	            // correctly, you'll probably want to use wildcards.
+//	            Resource: rawCloudFrontURL,
+//	            Condition: sign.Condition{
+//	                // Optional IP source address range
+//	                IPAddress: &sign.IPAddress{SourceIP: "192.0.2.0/24"},
+//	                // Optional date URL is not valid until
+//	                DateGreaterThan: &sign.AWSEpochTime{time.Now().Add(30 * time.Minute)},
+//	                // Required date the URL will expire after
+//	                DateLessThan: &sign.AWSEpochTime{time.Now().Add(1 * time.Hour)},
+//	            },
+//	        },
+//	    },
+//	}
+//
+//	// Get Signed cookies for a resource that will expire in 1 hour
+//	cookies, err := s.SignWithPolicy(policy)
+//	if err != nil {
+//	    fmt.Println("failed to create signed cookies", err)
+//	    return
+//	}
+//
+//	// Or get Signed cookies for a resource that will expire in 1 hour
+//	// and set path and domain of cookies
+//	cookies, err := s.SignWithPolicy(policy, func(o *sign.CookieOptions) {
+//	    o.Path = "/"
+//	    o.Domain = ".example.com"
+//	})
+//	if err != nil {
+//	    fmt.Println("failed to create signed cookies", err)
+//	    return
+//	}
+//
+//	// Server Response via http.ResponseWriter
+//	for _, c := range cookies {
+//	    http.SetCookie(w, c)
+//	}
+//
+//	// Client request via the cookie jar
+//	if client.CookieJar != nil {
+//	    for _, c := range cookies {
+//	       client.Cookie(w, c)
+//	    }
+//	}
+func (s CookieSigner) SignWithPolicy(p *Policy, opts ...func(*CookieOptions)) ([]*http.Cookie, error) {
+	return createCookies(p, s.keyID, s.privKey, s.Opts.apply(opts...))
+}
+
+// Prepares the cookies to be attached to the header. An (optional) options
+// struct is provided in case people don't want to manually edit their cookies.
+func createCookies(p *Policy, keyID string, privKey *rsa.PrivateKey, opt CookieOptions) ([]*http.Cookie, error) {
+	b64Sig, b64Policy, err := p.Sign(privKey)
+	if err != nil {
+		return nil, err
+	}
+
+	// Creates proper cookies
+	cPolicy := &http.Cookie{
+		Name:     CookiePolicyName,
+		Value:    string(b64Policy),
+		HttpOnly: true,
+	}
+	cSignature := &http.Cookie{
+		Name:     CookieSignatureName,
+		Value:    string(b64Sig),
+		HttpOnly: true,
+	}
+	cKey := &http.Cookie{
+		Name:     CookieKeyIDName,
+		Value:    keyID,
+		HttpOnly: true,
+	}
+
+	cookies := []*http.Cookie{cPolicy, cSignature, cKey}
+
+	// Applie the cookie options
+	for _, c := range cookies {
+		c.Path = opt.Path
+		c.Domain = opt.Domain
+		c.Secure = opt.Secure
+	}
+
+	return cookies, nil
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/service/cloudfront/sign/sign_url.go b/vendor/github.com/aws/aws-sdk-go/service/cloudfront/sign/sign_url.go
new file mode 100644
index 000000000..80c427e76
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/service/cloudfront/sign/sign_url.go
@@ -0,0 +1,202 @@
+// Package sign provides utilities to generate signed URLs for Amazon CloudFront.
+//
+// More information about signed URLs and their structure can be found at:
+// http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-creating-signed-url-canned-policy.html
+//
+// To sign a URL create a URLSigner with your private key and credential pair key ID.
+// Once you have a URLSigner instance you can call Sign or SignWithPolicy to
+// sign the URLs.
+//
+// Example:
+//
+//	// Sign URL to be valid for 1 hour from now.
+//	signer := sign.NewURLSigner(keyID, privKey)
+//	signedURL, err := signer.Sign(rawURL, time.Now().Add(1*time.Hour))
+//	if err != nil {
+//	    log.Fatalf("Failed to sign url, err: %s\n", err.Error())
+//	}
+package sign
+
+import (
+	"crypto/rsa"
+	"fmt"
+	"net/url"
+	"strings"
+	"time"
+)
+
+// An URLSigner provides URL signing utilities to sign URLs for Amazon CloudFront
+// resources. Using a private key and Credential Key Pair key ID the URLSigner
+// only needs to be created once per Credential Key Pair key ID and private key.
+//
+// The signer is safe to use concurrently.
+type URLSigner struct {
+	keyID   string
+	privKey *rsa.PrivateKey
+}
+
+// NewURLSigner constructs and returns a new URLSigner to be used to for signing
+// Amazon CloudFront URL resources with.
+func NewURLSigner(keyID string, privKey *rsa.PrivateKey) *URLSigner {
+	return &URLSigner{
+		keyID:   keyID,
+		privKey: privKey,
+	}
+}
+
+// Sign will sign a single URL to expire at the time of expires sign using the
+// Amazon CloudFront default Canned Policy. The URL will be signed with the
+// private key and Credential Key Pair Key ID previously provided to URLSigner.
+//
+// This is the default method of signing Amazon CloudFront URLs. If extra policy
+// conditions are need other than URL expiry use SignWithPolicy instead.
+//
+// Example:
+//
+//	// Sign URL to be valid for 1 hour from now.
+//	signer := sign.NewURLSigner(keyID, privKey)
+//	signedURL, err := signer.Sign(rawURL, time.Now().Add(1*time.Hour))
+//	if err != nil {
+//	    log.Fatalf("Failed to sign url, err: %s\n", err.Error())
+//	}
+func (s URLSigner) Sign(url string, expires time.Time) (string, error) {
+	scheme, cleanedURL, err := cleanURLScheme(url)
+	if err != nil {
+		return "", err
+	}
+
+	resource, err := CreateResource(scheme, url)
+	if err != nil {
+		return "", err
+	}
+
+	return signURL(scheme, cleanedURL, s.keyID, NewCannedPolicy(resource, expires), false, s.privKey)
+}
+
+// SignWithPolicy will sign a URL with the Policy provided.  The URL will be
+// signed with the private key and Credential Key Pair Key ID previously provided to URLSigner.
+//
+// Use this signing method if you are looking to sign a URL with more than just
+// the URL's expiry time, or reusing Policies between multiple URL signings.
+// If only the expiry time is needed you can use Sign and provide just the
+// URL's expiry time. A minimum of at least one policy statement is required for a signed URL.
+//
+// Note: It is not safe to use Polices between multiple signers concurrently
+//
+// Example:
+//
+//	// Sign URL to be valid for 30 minutes from now, expires one hour from now, and
+//	// restricted to the 192.0.2.0/24 IP address range.
+//	policy := &sign.Policy{
+//	    Statements: []sign.Statement{
+//	        {
+//	            Resource: rawURL,
+//	            Condition: sign.Condition{
+//	                // Optional IP source address range
+//	                IPAddress: &sign.IPAddress{SourceIP: "192.0.2.0/24"},
+//	                // Optional date URL is not valid until
+//	                DateGreaterThan: &sign.AWSEpochTime{time.Now().Add(30 * time.Minute)},
+//	                // Required date the URL will expire after
+//	                DateLessThan: &sign.AWSEpochTime{time.Now().Add(1 * time.Hour)},
+//	            },
+//	        },
+//	    },
+//	}
+//
+//	signer := sign.NewURLSigner(keyID, privKey)
+//	signedURL, err := signer.SignWithPolicy(rawURL, policy)
+//	if err != nil {
+//	    log.Fatalf("Failed to sign url, err: %s\n", err.Error())
+//	}
+func (s URLSigner) SignWithPolicy(url string, p *Policy) (string, error) {
+	scheme, cleanedURL, err := cleanURLScheme(url)
+	if err != nil {
+		return "", err
+	}
+
+	return signURL(scheme, cleanedURL, s.keyID, p, true, s.privKey)
+}
+
+func signURL(scheme, url, keyID string, p *Policy, customPolicy bool, privKey *rsa.PrivateKey) (string, error) {
+	// Validation URL elements
+	if err := validateURL(url); err != nil {
+		return "", err
+	}
+
+	b64Signature, b64Policy, err := p.Sign(privKey)
+	if err != nil {
+		return "", err
+	}
+
+	// build and return signed URL
+	builtURL := buildSignedURL(url, keyID, p, customPolicy, b64Policy, b64Signature)
+	if scheme == "rtmp" {
+		return buildRTMPURL(builtURL)
+	}
+
+	return builtURL, nil
+}
+
+func buildSignedURL(baseURL, keyID string, p *Policy, customPolicy bool, b64Policy, b64Signature []byte) string {
+	pred := "?"
+	if strings.Contains(baseURL, "?") {
+		pred = "&"
+	}
+	signedURL := baseURL + pred
+
+	if customPolicy {
+		signedURL += "Policy=" + string(b64Policy)
+	} else {
+		signedURL += fmt.Sprintf("Expires=%d", p.Statements[0].Condition.DateLessThan.UTC().Unix())
+	}
+	signedURL += fmt.Sprintf("&Signature=%s&Key-Pair-Id=%s", string(b64Signature), keyID)
+
+	return signedURL
+}
+
+func buildRTMPURL(u string) (string, error) {
+	parsed, err := url.Parse(u)
+	if err != nil {
+		return "", fmt.Errorf("unable to parse rtmp signed URL, err: %s", err)
+	}
+
+	rtmpURL := strings.TrimLeft(parsed.Path, "/")
+	if parsed.RawQuery != "" {
+		rtmpURL = fmt.Sprintf("%s?%s", rtmpURL, parsed.RawQuery)
+	}
+
+	return rtmpURL, nil
+}
+
+func cleanURLScheme(u string) (scheme, cleanedURL string, err error) {
+	parts := strings.SplitN(u, "://", 2)
+	if len(parts) != 2 {
+		return "", "", fmt.Errorf("invalid URL, missing scheme and domain/path")
+	}
+	scheme = strings.Replace(parts[0], "*", "", 1)
+	cleanedURL = fmt.Sprintf("%s://%s", scheme, parts[1])
+
+	return strings.ToLower(scheme), cleanedURL, nil
+}
+
+var illegalQueryParms = []string{"Expires", "Policy", "Signature", "Key-Pair-Id"}
+
+func validateURL(u string) error {
+	parsed, err := url.Parse(u)
+	if err != nil {
+		return fmt.Errorf("unable to parse URL, err: %s", err.Error())
+	}
+
+	if parsed.Scheme == "" {
+		return fmt.Errorf("URL missing valid scheme, %s", u)
+	}
+
+	q := parsed.Query()
+	for _, p := range illegalQueryParms {
+		if _, ok := q[p]; ok {
+			return fmt.Errorf("%s cannot be a query parameter for a signed URL", p)
+		}
+	}
+
+	return nil
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/api.go b/vendor/github.com/aws/aws-sdk-go/service/s3/api.go
new file mode 100644
index 000000000..5bb86ce04
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/service/s3/api.go
@@ -0,0 +1,42420 @@
+// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
+
+package s3
+
+import (
+	"bytes"
+	"fmt"
+	"io"
+	"sync"
+	"time"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/awserr"
+	"github.com/aws/aws-sdk-go/aws/awsutil"
+	"github.com/aws/aws-sdk-go/aws/client"
+	"github.com/aws/aws-sdk-go/aws/request"
+	"github.com/aws/aws-sdk-go/aws/signer/v4"
+	"github.com/aws/aws-sdk-go/internal/s3shared/arn"
+	"github.com/aws/aws-sdk-go/private/checksum"
+	"github.com/aws/aws-sdk-go/private/protocol"
+	"github.com/aws/aws-sdk-go/private/protocol/eventstream"
+	"github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi"
+	"github.com/aws/aws-sdk-go/private/protocol/rest"
+	"github.com/aws/aws-sdk-go/private/protocol/restxml"
+)
+
+const opAbortMultipartUpload = "AbortMultipartUpload"
+
+// AbortMultipartUploadRequest generates a "aws/request.Request" representing the
+// client's request for the AbortMultipartUpload operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See AbortMultipartUpload for more information on using the AbortMultipartUpload
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//	// Example sending a request using the AbortMultipartUploadRequest method.
+//	req, resp := client.AbortMultipartUploadRequest(params)
+//
+//	err := req.Send()
+//	if err == nil { // resp is now filled
+//	    fmt.Println(resp)
+//	}
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/AbortMultipartUpload
+func (c *S3) AbortMultipartUploadRequest(input *AbortMultipartUploadInput) (req *request.Request, output *AbortMultipartUploadOutput) {
+	op := &request.Operation{
+		Name:       opAbortMultipartUpload,
+		HTTPMethod: "DELETE",
+		HTTPPath:   "/{Bucket}/{Key+}",
+	}
+
+	if input == nil {
+		input = &AbortMultipartUploadInput{}
+	}
+
+	output = &AbortMultipartUploadOutput{}
+	req = c.newRequest(op, input, output)
+	return
+}
+
+// AbortMultipartUpload API operation for Amazon Simple Storage Service.
+//
+// This action aborts a multipart upload. After a multipart upload is aborted,
+// no additional parts can be uploaded using that upload ID. The storage consumed
+// by any previously uploaded parts will be freed. However, if any part uploads
+// are currently in progress, those part uploads might or might not succeed.
+// As a result, it might be necessary to abort a given multipart upload multiple
+// times in order to completely free all storage consumed by all parts.
+//
+// To verify that all parts have been removed, so you don't get charged for
+// the part storage, you should call the ListParts (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListParts.html)
+// action and ensure that the parts list is empty.
+//
+// For information about permissions required to use the multipart upload, see
+// Multipart Upload and Permissions (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html).
+//
+// The following operations are related to AbortMultipartUpload:
+//
+//   - CreateMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html)
+//
+//   - UploadPart (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html)
+//
+//   - CompleteMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CompleteMultipartUpload.html)
+//
+//   - ListParts (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListParts.html)
+//
+//   - ListMultipartUploads (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListMultipartUploads.html)
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Simple Storage Service's
+// API operation AbortMultipartUpload for usage and error information.
+//
+// Returned Error Codes:
+//   - ErrCodeNoSuchUpload "NoSuchUpload"
+//     The specified multipart upload does not exist.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/AbortMultipartUpload
+func (c *S3) AbortMultipartUpload(input *AbortMultipartUploadInput) (*AbortMultipartUploadOutput, error) {
+	req, out := c.AbortMultipartUploadRequest(input)
+	return out, req.Send()
+}
+
+// AbortMultipartUploadWithContext is the same as AbortMultipartUpload with the addition of
+// the ability to pass a context and additional request options.
+//
+// See AbortMultipartUpload for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *S3) AbortMultipartUploadWithContext(ctx aws.Context, input *AbortMultipartUploadInput, opts ...request.Option) (*AbortMultipartUploadOutput, error) {
+	req, out := c.AbortMultipartUploadRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+const opCompleteMultipartUpload = "CompleteMultipartUpload"
+
+// CompleteMultipartUploadRequest generates a "aws/request.Request" representing the
+// client's request for the CompleteMultipartUpload operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See CompleteMultipartUpload for more information on using the CompleteMultipartUpload
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//	// Example sending a request using the CompleteMultipartUploadRequest method.
+//	req, resp := client.CompleteMultipartUploadRequest(params)
+//
+//	err := req.Send()
+//	if err == nil { // resp is now filled
+//	    fmt.Println(resp)
+//	}
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/CompleteMultipartUpload
+func (c *S3) CompleteMultipartUploadRequest(input *CompleteMultipartUploadInput) (req *request.Request, output *CompleteMultipartUploadOutput) {
+	op := &request.Operation{
+		Name:       opCompleteMultipartUpload,
+		HTTPMethod: "POST",
+		HTTPPath:   "/{Bucket}/{Key+}",
+	}
+
+	if input == nil {
+		input = &CompleteMultipartUploadInput{}
+	}
+
+	output = &CompleteMultipartUploadOutput{}
+	req = c.newRequest(op, input, output)
+	return
+}
+
+// CompleteMultipartUpload API operation for Amazon Simple Storage Service.
+//
+// Completes a multipart upload by assembling previously uploaded parts.
+//
+// You first initiate the multipart upload and then upload all parts using the
+// UploadPart (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html)
+// operation. After successfully uploading all relevant parts of an upload,
+// you call this action to complete the upload. Upon receiving this request,
+// Amazon S3 concatenates all the parts in ascending order by part number to
+// create a new object. In the Complete Multipart Upload request, you must provide
+// the parts list. You must ensure that the parts list is complete. This action
+// concatenates the parts that you provide in the list. For each part in the
+// list, you must provide the part number and the ETag value, returned after
+// that part was uploaded.
+//
+// Processing of a Complete Multipart Upload request could take several minutes
+// to complete. After Amazon S3 begins processing the request, it sends an HTTP
+// response header that specifies a 200 OK response. While processing is in
+// progress, Amazon S3 periodically sends white space characters to keep the
+// connection from timing out. A request could fail after the initial 200 OK
+// response has been sent. This means that a 200 OK response can contain either
+// a success or an error. If you call the S3 API directly, make sure to design
+// your application to parse the contents of the response and handle it appropriately.
+// If you use Amazon Web Services SDKs, SDKs handle this condition. The SDKs
+// detect the embedded error and apply error handling per your configuration
+// settings (including automatically retrying the request as appropriate). If
+// the condition persists, the SDKs throws an exception (or, for the SDKs that
+// don't use exceptions, they return the error).
+//
+// Note that if CompleteMultipartUpload fails, applications should be prepared
+// to retry the failed requests. For more information, see Amazon S3 Error Best
+// Practices (https://docs.aws.amazon.com/AmazonS3/latest/dev/ErrorBestPractices.html).
+//
+// You cannot use Content-Type: application/x-www-form-urlencoded with Complete
+// Multipart Upload requests. Also, if you do not provide a Content-Type header,
+// CompleteMultipartUpload returns a 200 OK response.
+//
+// For more information about multipart uploads, see Uploading Objects Using
+// Multipart Upload (https://docs.aws.amazon.com/AmazonS3/latest/dev/uploadobjusingmpu.html).
+//
+// For information about permissions required to use the multipart upload API,
+// see Multipart Upload and Permissions (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html).
+//
+// CompleteMultipartUpload has the following special errors:
+//
+//   - Error code: EntityTooSmall Description: Your proposed upload is smaller
+//     than the minimum allowed object size. Each part must be at least 5 MB
+//     in size, except the last part. 400 Bad Request
+//
+//   - Error code: InvalidPart Description: One or more of the specified parts
+//     could not be found. The part might not have been uploaded, or the specified
+//     entity tag might not have matched the part's entity tag. 400 Bad Request
+//
+//   - Error code: InvalidPartOrder Description: The list of parts was not
+//     in ascending order. The parts list must be specified in order by part
+//     number. 400 Bad Request
+//
+//   - Error code: NoSuchUpload Description: The specified multipart upload
+//     does not exist. The upload ID might be invalid, or the multipart upload
+//     might have been aborted or completed. 404 Not Found
+//
+// The following operations are related to CompleteMultipartUpload:
+//
+//   - CreateMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html)
+//
+//   - UploadPart (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html)
+//
+//   - AbortMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_AbortMultipartUpload.html)
+//
+//   - ListParts (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListParts.html)
+//
+//   - ListMultipartUploads (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListMultipartUploads.html)
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Simple Storage Service's
+// API operation CompleteMultipartUpload for usage and error information.
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/CompleteMultipartUpload
+func (c *S3) CompleteMultipartUpload(input *CompleteMultipartUploadInput) (*CompleteMultipartUploadOutput, error) {
+	req, out := c.CompleteMultipartUploadRequest(input)
+	return out, req.Send()
+}
+
+// CompleteMultipartUploadWithContext is the same as CompleteMultipartUpload with the addition of
+// the ability to pass a context and additional request options.
+//
+// See CompleteMultipartUpload for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *S3) CompleteMultipartUploadWithContext(ctx aws.Context, input *CompleteMultipartUploadInput, opts ...request.Option) (*CompleteMultipartUploadOutput, error) {
+	req, out := c.CompleteMultipartUploadRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+const opCopyObject = "CopyObject"
+
+// CopyObjectRequest generates a "aws/request.Request" representing the
+// client's request for the CopyObject operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See CopyObject for more information on using the CopyObject
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//	// Example sending a request using the CopyObjectRequest method.
+//	req, resp := client.CopyObjectRequest(params)
+//
+//	err := req.Send()
+//	if err == nil { // resp is now filled
+//	    fmt.Println(resp)
+//	}
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/CopyObject
+func (c *S3) CopyObjectRequest(input *CopyObjectInput) (req *request.Request, output *CopyObjectOutput) {
+	op := &request.Operation{
+		Name:       opCopyObject,
+		HTTPMethod: "PUT",
+		HTTPPath:   "/{Bucket}/{Key+}",
+	}
+
+	if input == nil {
+		input = &CopyObjectInput{}
+	}
+
+	output = &CopyObjectOutput{}
+	req = c.newRequest(op, input, output)
+	return
+}
+
+// CopyObject API operation for Amazon Simple Storage Service.
+//
+// Creates a copy of an object that is already stored in Amazon S3.
+//
+// You can store individual objects of up to 5 TB in Amazon S3. You create a
+// copy of your object up to 5 GB in size in a single atomic action using this
+// API. However, to copy an object greater than 5 GB, you must use the multipart
+// upload Upload Part - Copy (UploadPartCopy) API. For more information, see
+// Copy Object Using the REST Multipart Upload API (https://docs.aws.amazon.com/AmazonS3/latest/dev/CopyingObjctsUsingRESTMPUapi.html).
+//
+// All copy requests must be authenticated. Additionally, you must have read
+// access to the source object and write access to the destination bucket. For
+// more information, see REST Authentication (https://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html).
+// Both the Region that you want to copy the object from and the Region that
+// you want to copy the object to must be enabled for your account.
+//
+// A copy request might return an error when Amazon S3 receives the copy request
+// or while Amazon S3 is copying the files. If the error occurs before the copy
+// action starts, you receive a standard Amazon S3 error. If the error occurs
+// during the copy operation, the error response is embedded in the 200 OK response.
+// This means that a 200 OK response can contain either a success or an error.
+// If you call the S3 API directly, make sure to design your application to
+// parse the contents of the response and handle it appropriately. If you use
+// Amazon Web Services SDKs, SDKs handle this condition. The SDKs detect the
+// embedded error and apply error handling per your configuration settings (including
+// automatically retrying the request as appropriate). If the condition persists,
+// the SDKs throws an exception (or, for the SDKs that don't use exceptions,
+// they return the error).
+//
+// If the copy is successful, you receive a response with information about
+// the copied object.
+//
+// If the request is an HTTP 1.1 request, the response is chunk encoded. If
+// it were not, it would not contain the content-length, and you would need
+// to read the entire body.
+//
+// The copy request charge is based on the storage class and Region that you
+// specify for the destination object. For pricing information, see Amazon S3
+// pricing (http://aws.amazon.com/s3/pricing/).
+//
+// Amazon S3 transfer acceleration does not support cross-Region copies. If
+// you request a cross-Region copy using a transfer acceleration endpoint, you
+// get a 400 Bad Request error. For more information, see Transfer Acceleration
+// (https://docs.aws.amazon.com/AmazonS3/latest/dev/transfer-acceleration.html).
+//
+// # Metadata
+//
+// When copying an object, you can preserve all metadata (the default) or specify
+// new metadata. However, the access control list (ACL) is not preserved and
+// is set to private for the user making the request. To override the default
+// ACL setting, specify a new ACL when generating a copy request. For more information,
+// see Using ACLs (https://docs.aws.amazon.com/AmazonS3/latest/dev/S3_ACLs_UsingACLs.html).
+//
+// To specify whether you want the object metadata copied from the source object
+// or replaced with metadata provided in the request, you can optionally add
+// the x-amz-metadata-directive header. When you grant permissions, you can
+// use the s3:x-amz-metadata-directive condition key to enforce certain metadata
+// behavior when objects are uploaded. For more information, see Specifying
+// Conditions in a Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/amazon-s3-policy-keys.html)
+// in the Amazon S3 User Guide. For a complete list of Amazon S3-specific condition
+// keys, see Actions, Resources, and Condition Keys for Amazon S3 (https://docs.aws.amazon.com/AmazonS3/latest/dev/list_amazons3.html).
+//
+// x-amz-website-redirect-location is unique to each object and must be specified
+// in the request headers to copy the value.
+//
+// x-amz-copy-source-if Headers
+//
+// To only copy an object under certain conditions, such as whether the Etag
+// matches or whether the object was modified before or after a specified date,
+// use the following request parameters:
+//
+//   - x-amz-copy-source-if-match
+//
+//   - x-amz-copy-source-if-none-match
+//
+//   - x-amz-copy-source-if-unmodified-since
+//
+//   - x-amz-copy-source-if-modified-since
+//
+// If both the x-amz-copy-source-if-match and x-amz-copy-source-if-unmodified-since
+// headers are present in the request and evaluate as follows, Amazon S3 returns
+// 200 OK and copies the data:
+//
+//   - x-amz-copy-source-if-match condition evaluates to true
+//
+//   - x-amz-copy-source-if-unmodified-since condition evaluates to false
+//
+// If both the x-amz-copy-source-if-none-match and x-amz-copy-source-if-modified-since
+// headers are present in the request and evaluate as follows, Amazon S3 returns
+// the 412 Precondition Failed response code:
+//
+//   - x-amz-copy-source-if-none-match condition evaluates to false
+//
+//   - x-amz-copy-source-if-modified-since condition evaluates to true
+//
+// All headers with the x-amz- prefix, including x-amz-copy-source, must be
+// signed.
+//
+// # Server-side encryption
+//
+// Amazon S3 automatically encrypts all new objects that are copied to an S3
+// bucket. When copying an object, if you don't specify encryption information
+// in your copy request, the encryption setting of the target object is set
+// to the default encryption configuration of the destination bucket. By default,
+// all buckets have a base level of encryption configuration that uses server-side
+// encryption with Amazon S3 managed keys (SSE-S3). If the destination bucket
+// has a default encryption configuration that uses server-side encryption with
+// Key Management Service (KMS) keys (SSE-KMS), dual-layer server-side encryption
+// with Amazon Web Services KMS keys (DSSE-KMS), or server-side encryption with
+// customer-provided encryption keys (SSE-C), Amazon S3 uses the corresponding
+// KMS key, or a customer-provided key to encrypt the target object copy.
+//
+// When you perform a CopyObject operation, if you want to use a different type
+// of encryption setting for the target object, you can use other appropriate
+// encryption-related headers to encrypt the target object with a KMS key, an
+// Amazon S3 managed key, or a customer-provided key. With server-side encryption,
+// Amazon S3 encrypts your data as it writes your data to disks in its data
+// centers and decrypts the data when you access it. If the encryption setting
+// in your request is different from the default encryption configuration of
+// the destination bucket, the encryption setting in your request takes precedence.
+// If the source object for the copy is stored in Amazon S3 using SSE-C, you
+// must provide the necessary encryption information in your request so that
+// Amazon S3 can decrypt the object for copying. For more information about
+// server-side encryption, see Using Server-Side Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html).
+//
+// If a target object uses SSE-KMS, you can enable an S3 Bucket Key for the
+// object. For more information, see Amazon S3 Bucket Keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-key.html)
+// in the Amazon S3 User Guide.
+//
+// # Access Control List (ACL)-Specific Request Headers
+//
+// When copying an object, you can optionally use headers to grant ACL-based
+// permissions. By default, all objects are private. Only the owner has full
+// access control. When adding a new object, you can grant permissions to individual
+// Amazon Web Services accounts or to predefined groups that are defined by
+// Amazon S3. These permissions are then added to the ACL on the object. For
+// more information, see Access Control List (ACL) Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html)
+// and Managing ACLs Using the REST API (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-using-rest-api.html).
+//
+// If the bucket that you're copying objects to uses the bucket owner enforced
+// setting for S3 Object Ownership, ACLs are disabled and no longer affect permissions.
+// Buckets that use this setting only accept PUT requests that don't specify
+// an ACL or PUT requests that specify bucket owner full control ACLs, such
+// as the bucket-owner-full-control canned ACL or an equivalent form of this
+// ACL expressed in the XML format.
+//
+// For more information, see Controlling ownership of objects and disabling
+// ACLs (https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html)
+// in the Amazon S3 User Guide.
+//
+// If your bucket uses the bucket owner enforced setting for Object Ownership,
+// all objects written to the bucket by any account will be owned by the bucket
+// owner.
+//
+// # Checksums
+//
+// When copying an object, if it has a checksum, that checksum will be copied
+// to the new object by default. When you copy the object over, you can optionally
+// specify a different checksum algorithm to use with the x-amz-checksum-algorithm
+// header.
+//
+// # Storage Class Options
+//
+// You can use the CopyObject action to change the storage class of an object
+// that is already stored in Amazon S3 by using the StorageClass parameter.
+// For more information, see Storage Classes (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html)
+// in the Amazon S3 User Guide.
+//
+// If the source object's storage class is GLACIER, you must restore a copy
+// of this object before you can use it as a source object for the copy operation.
+// For more information, see RestoreObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_RestoreObject.html).
+// For more information, see Copying Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/CopyingObjectsExamples.html).
+//
+// # Versioning
+//
+// By default, x-amz-copy-source header identifies the current version of an
+// object to copy. If the current version is a delete marker, Amazon S3 behaves
+// as if the object was deleted. To copy a different version, use the versionId
+// subresource.
+//
+// If you enable versioning on the target bucket, Amazon S3 generates a unique
+// version ID for the object being copied. This version ID is different from
+// the version ID of the source object. Amazon S3 returns the version ID of
+// the copied object in the x-amz-version-id response header in the response.
+//
+// If you do not enable versioning or suspend it on the target bucket, the version
+// ID that Amazon S3 generates is always null.
+//
+// The following operations are related to CopyObject:
+//
+//   - PutObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html)
+//
+//   - GetObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html)
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Simple Storage Service's
+// API operation CopyObject for usage and error information.
+//
+// Returned Error Codes:
+//   - ErrCodeObjectNotInActiveTierError "ObjectNotInActiveTierError"
+//     The source object of the COPY action is not in the active tier and is only
+//     stored in Amazon S3 Glacier.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/CopyObject
+func (c *S3) CopyObject(input *CopyObjectInput) (*CopyObjectOutput, error) {
+	req, out := c.CopyObjectRequest(input)
+	return out, req.Send()
+}
+
+// CopyObjectWithContext is the same as CopyObject with the addition of
+// the ability to pass a context and additional request options.
+//
+// See CopyObject for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *S3) CopyObjectWithContext(ctx aws.Context, input *CopyObjectInput, opts ...request.Option) (*CopyObjectOutput, error) {
+	req, out := c.CopyObjectRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+const opCreateBucket = "CreateBucket"
+
+// CreateBucketRequest generates a "aws/request.Request" representing the
+// client's request for the CreateBucket operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See CreateBucket for more information on using the CreateBucket
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//	// Example sending a request using the CreateBucketRequest method.
+//	req, resp := client.CreateBucketRequest(params)
+//
+//	err := req.Send()
+//	if err == nil { // resp is now filled
+//	    fmt.Println(resp)
+//	}
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/CreateBucket
+func (c *S3) CreateBucketRequest(input *CreateBucketInput) (req *request.Request, output *CreateBucketOutput) {
+	op := &request.Operation{
+		Name:       opCreateBucket,
+		HTTPMethod: "PUT",
+		HTTPPath:   "/{Bucket}",
+	}
+
+	if input == nil {
+		input = &CreateBucketInput{}
+	}
+
+	output = &CreateBucketOutput{}
+	req = c.newRequest(op, input, output)
+	return
+}
+
+// CreateBucket API operation for Amazon Simple Storage Service.
+//
+// Creates a new S3 bucket. To create a bucket, you must register with Amazon
+// S3 and have a valid Amazon Web Services Access Key ID to authenticate requests.
+// Anonymous requests are never allowed to create buckets. By creating the bucket,
+// you become the bucket owner.
+//
+// Not every string is an acceptable bucket name. For information about bucket
+// naming restrictions, see Bucket naming rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html).
+//
+// If you want to create an Amazon S3 on Outposts bucket, see Create Bucket
+// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_CreateBucket.html).
+//
+// By default, the bucket is created in the US East (N. Virginia) Region. You
+// can optionally specify a Region in the request body. You might choose a Region
+// to optimize latency, minimize costs, or address regulatory requirements.
+// For example, if you reside in Europe, you will probably find it advantageous
+// to create buckets in the Europe (Ireland) Region. For more information, see
+// Accessing a bucket (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingBucket.html#access-bucket-intro).
+//
+// If you send your create bucket request to the s3.amazonaws.com endpoint,
+// the request goes to the us-east-1 Region. Accordingly, the signature calculations
+// in Signature Version 4 must use us-east-1 as the Region, even if the location
+// constraint in the request specifies another Region where the bucket is to
+// be created. If you create a bucket in a Region other than US East (N. Virginia),
+// your application must be able to handle 307 redirect. For more information,
+// see Virtual hosting of buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/VirtualHosting.html).
+//
+// # Permissions
+//
+// In addition to s3:CreateBucket, the following permissions are required when
+// your CreateBucket request includes specific headers:
+//
+//   - Access control lists (ACLs) - If your CreateBucket request specifies
+//     access control list (ACL) permissions and the ACL is public-read, public-read-write,
+//     authenticated-read, or if you specify access permissions explicitly through
+//     any other ACL, both s3:CreateBucket and s3:PutBucketAcl permissions are
+//     needed. If the ACL for the CreateBucket request is private or if the request
+//     doesn't specify any ACLs, only s3:CreateBucket permission is needed.
+//
+//   - Object Lock - If ObjectLockEnabledForBucket is set to true in your CreateBucket
+//     request, s3:PutBucketObjectLockConfiguration and s3:PutBucketVersioning
+//     permissions are required.
+//
+//   - S3 Object Ownership - If your CreateBucket request includes the x-amz-object-ownership
+//     header, then the s3:PutBucketOwnershipControls permission is required.
+//     By default, ObjectOwnership is set to BucketOWnerEnforced and ACLs are
+//     disabled. We recommend keeping ACLs disabled, except in uncommon use cases
+//     where you must control access for each object individually. If you want
+//     to change the ObjectOwnership setting, you can use the x-amz-object-ownership
+//     header in your CreateBucket request to set the ObjectOwnership setting
+//     of your choice. For more information about S3 Object Ownership, see Controlling
+//     object ownership (https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html)
+//     in the Amazon S3 User Guide.
+//
+//   - S3 Block Public Access - If your specific use case requires granting
+//     public access to your S3 resources, you can disable Block Public Access.
+//     You can create a new bucket with Block Public Access enabled, then separately
+//     call the DeletePublicAccessBlock (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeletePublicAccessBlock.html)
+//     API. To use this operation, you must have the s3:PutBucketPublicAccessBlock
+//     permission. By default, all Block Public Access settings are enabled for
+//     new buckets. To avoid inadvertent exposure of your resources, we recommend
+//     keeping the S3 Block Public Access settings enabled. For more information
+//     about S3 Block Public Access, see Blocking public access to your Amazon
+//     S3 storage (https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html)
+//     in the Amazon S3 User Guide.
+//
+// If your CreateBucket request sets BucketOwnerEnforced for Amazon S3 Object
+// Ownership and specifies a bucket ACL that provides access to an external
+// Amazon Web Services account, your request fails with a 400 error and returns
+// the InvalidBucketAcLWithObjectOwnership error code. For more information,
+// see Setting Object Ownership on an existing bucket (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-ownership-existing-bucket.html)
+// in the Amazon S3 User Guide.
+//
+// The following operations are related to CreateBucket:
+//
+//   - PutObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html)
+//
+//   - DeleteBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucket.html)
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Simple Storage Service's
+// API operation CreateBucket for usage and error information.
+//
+// Returned Error Codes:
+//
+//   - ErrCodeBucketAlreadyExists "BucketAlreadyExists"
+//     The requested bucket name is not available. The bucket namespace is shared
+//     by all users of the system. Select a different name and try again.
+//
+//   - ErrCodeBucketAlreadyOwnedByYou "BucketAlreadyOwnedByYou"
+//     The bucket you tried to create already exists, and you own it. Amazon S3
+//     returns this error in all Amazon Web Services Regions except in the North
+//     Virginia Region. For legacy compatibility, if you re-create an existing bucket
+//     that you already own in the North Virginia Region, Amazon S3 returns 200
+//     OK and resets the bucket access control lists (ACLs).
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/CreateBucket
+func (c *S3) CreateBucket(input *CreateBucketInput) (*CreateBucketOutput, error) {
+	req, out := c.CreateBucketRequest(input)
+	return out, req.Send()
+}
+
+// CreateBucketWithContext is the same as CreateBucket with the addition of
+// the ability to pass a context and additional request options.
+//
+// See CreateBucket for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *S3) CreateBucketWithContext(ctx aws.Context, input *CreateBucketInput, opts ...request.Option) (*CreateBucketOutput, error) {
+	req, out := c.CreateBucketRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+const opCreateMultipartUpload = "CreateMultipartUpload"
+
+// CreateMultipartUploadRequest generates a "aws/request.Request" representing the
+// client's request for the CreateMultipartUpload operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See CreateMultipartUpload for more information on using the CreateMultipartUpload
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//	// Example sending a request using the CreateMultipartUploadRequest method.
+//	req, resp := client.CreateMultipartUploadRequest(params)
+//
+//	err := req.Send()
+//	if err == nil { // resp is now filled
+//	    fmt.Println(resp)
+//	}
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/CreateMultipartUpload
+func (c *S3) CreateMultipartUploadRequest(input *CreateMultipartUploadInput) (req *request.Request, output *CreateMultipartUploadOutput) {
+	op := &request.Operation{
+		Name:       opCreateMultipartUpload,
+		HTTPMethod: "POST",
+		HTTPPath:   "/{Bucket}/{Key+}?uploads",
+	}
+
+	if input == nil {
+		input = &CreateMultipartUploadInput{}
+	}
+
+	output = &CreateMultipartUploadOutput{}
+	req = c.newRequest(op, input, output)
+	return
+}
+
+// CreateMultipartUpload API operation for Amazon Simple Storage Service.
+//
+// This action initiates a multipart upload and returns an upload ID. This upload
+// ID is used to associate all of the parts in the specific multipart upload.
+// You specify this upload ID in each of your subsequent upload part requests
+// (see UploadPart (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html)).
+// You also include this upload ID in the final request to either complete or
+// abort the multipart upload request.
+//
+// For more information about multipart uploads, see Multipart Upload Overview
+// (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html).
+//
+// If you have configured a lifecycle rule to abort incomplete multipart uploads,
+// the upload must complete within the number of days specified in the bucket
+// lifecycle configuration. Otherwise, the incomplete multipart upload becomes
+// eligible for an abort action and Amazon S3 aborts the multipart upload. For
+// more information, see Aborting Incomplete Multipart Uploads Using a Bucket
+// Lifecycle Configuration (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html#mpu-abort-incomplete-mpu-lifecycle-config).
+//
+// For information about the permissions required to use the multipart upload
+// API, see Multipart Upload and Permissions (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html).
+//
+// For request signing, multipart upload is just a series of regular requests.
+// You initiate a multipart upload, send one or more requests to upload parts,
+// and then complete the multipart upload process. You sign each request individually.
+// There is nothing special about signing multipart upload requests. For more
+// information about signing, see Authenticating Requests (Amazon Web Services
+// Signature Version 4) (https://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-authenticating-requests.html).
+//
+// After you initiate a multipart upload and upload one or more parts, to stop
+// being charged for storing the uploaded parts, you must either complete or
+// abort the multipart upload. Amazon S3 frees up the space used to store the
+// parts and stop charging you for storing them only after you either complete
+// or abort a multipart upload.
+//
+// Server-side encryption is for data encryption at rest. Amazon S3 encrypts
+// your data as it writes it to disks in its data centers and decrypts it when
+// you access it. Amazon S3 automatically encrypts all new objects that are
+// uploaded to an S3 bucket. When doing a multipart upload, if you don't specify
+// encryption information in your request, the encryption setting of the uploaded
+// parts is set to the default encryption configuration of the destination bucket.
+// By default, all buckets have a base level of encryption configuration that
+// uses server-side encryption with Amazon S3 managed keys (SSE-S3). If the
+// destination bucket has a default encryption configuration that uses server-side
+// encryption with an Key Management Service (KMS) key (SSE-KMS), or a customer-provided
+// encryption key (SSE-C), Amazon S3 uses the corresponding KMS key, or a customer-provided
+// key to encrypt the uploaded parts. When you perform a CreateMultipartUpload
+// operation, if you want to use a different type of encryption setting for
+// the uploaded parts, you can request that Amazon S3 encrypts the object with
+// a KMS key, an Amazon S3 managed key, or a customer-provided key. If the encryption
+// setting in your request is different from the default encryption configuration
+// of the destination bucket, the encryption setting in your request takes precedence.
+// If you choose to provide your own encryption key, the request headers you
+// provide in UploadPart (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html)
+// and UploadPartCopy (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html)
+// requests must match the headers you used in the request to initiate the upload
+// by using CreateMultipartUpload. You can request that Amazon S3 save the uploaded
+// parts encrypted with server-side encryption with an Amazon S3 managed key
+// (SSE-S3), an Key Management Service (KMS) key (SSE-KMS), or a customer-provided
+// encryption key (SSE-C).
+//
+// To perform a multipart upload with encryption by using an Amazon Web Services
+// KMS key, the requester must have permission to the kms:Decrypt and kms:GenerateDataKey*
+// actions on the key. These permissions are required because Amazon S3 must
+// decrypt and read data from the encrypted file parts before it completes the
+// multipart upload. For more information, see Multipart upload API and permissions
+// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/mpuoverview.html#mpuAndPermissions)
+// and Protecting data using server-side encryption with Amazon Web Services
+// KMS (https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html)
+// in the Amazon S3 User Guide.
+//
+// If your Identity and Access Management (IAM) user or role is in the same
+// Amazon Web Services account as the KMS key, then you must have these permissions
+// on the key policy. If your IAM user or role belongs to a different account
+// than the key, then you must have the permissions on both the key policy and
+// your IAM user or role.
+//
+// For more information, see Protecting Data Using Server-Side Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html).
+//
+// # Access Permissions
+//
+// When copying an object, you can optionally specify the accounts or groups
+// that should be granted specific permissions on the new object. There are
+// two ways to grant the permissions using the request headers:
+//
+//   - Specify a canned ACL with the x-amz-acl request header. For more information,
+//     see Canned ACL (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL).
+//
+//   - Specify access permissions explicitly with the x-amz-grant-read, x-amz-grant-read-acp,
+//     x-amz-grant-write-acp, and x-amz-grant-full-control headers. These parameters
+//     map to the set of permissions that Amazon S3 supports in an ACL. For more
+//     information, see Access Control List (ACL) Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html).
+//
+// You can use either a canned ACL or specify access permissions explicitly.
+// You cannot do both.
+//
+// # Server-Side- Encryption-Specific Request Headers
+//
+// Amazon S3 encrypts data by using server-side encryption with an Amazon S3
+// managed key (SSE-S3) by default. Server-side encryption is for data encryption
+// at rest. Amazon S3 encrypts your data as it writes it to disks in its data
+// centers and decrypts it when you access it. You can request that Amazon S3
+// encrypts data at rest by using server-side encryption with other key options.
+// The option you use depends on whether you want to use KMS keys (SSE-KMS)
+// or provide your own encryption keys (SSE-C).
+//
+//   - Use KMS keys (SSE-KMS) that include the Amazon Web Services managed
+//     key (aws/s3) and KMS customer managed keys stored in Key Management Service
+//     (KMS) – If you want Amazon Web Services to manage the keys used to encrypt
+//     data, specify the following headers in the request. x-amz-server-side-encryption
+//     x-amz-server-side-encryption-aws-kms-key-id x-amz-server-side-encryption-context
+//     If you specify x-amz-server-side-encryption:aws:kms, but don't provide
+//     x-amz-server-side-encryption-aws-kms-key-id, Amazon S3 uses the Amazon
+//     Web Services managed key (aws/s3 key) in KMS to protect the data. All
+//     GET and PUT requests for an object protected by KMS fail if you don't
+//     make them by using Secure Sockets Layer (SSL), Transport Layer Security
+//     (TLS), or Signature Version 4. For more information about server-side
+//     encryption with KMS keys (SSE-KMS), see Protecting Data Using Server-Side
+//     Encryption with KMS keys (https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html).
+//
+//   - Use customer-provided encryption keys (SSE-C) – If you want to manage
+//     your own encryption keys, provide all the following headers in the request.
+//     x-amz-server-side-encryption-customer-algorithm x-amz-server-side-encryption-customer-key
+//     x-amz-server-side-encryption-customer-key-MD5 For more information about
+//     server-side encryption with customer-provided encryption keys (SSE-C),
+//     see Protecting data using server-side encryption with customer-provided
+//     encryption keys (SSE-C) (https://docs.aws.amazon.com/AmazonS3/latest/userguide/ServerSideEncryptionCustomerKeys.html).
+//
+// # Access-Control-List (ACL)-Specific Request Headers
+//
+// You also can use the following access control–related headers with this
+// operation. By default, all objects are private. Only the owner has full access
+// control. When adding a new object, you can grant permissions to individual
+// Amazon Web Services accounts or to predefined groups defined by Amazon S3.
+// These permissions are then added to the access control list (ACL) on the
+// object. For more information, see Using ACLs (https://docs.aws.amazon.com/AmazonS3/latest/dev/S3_ACLs_UsingACLs.html).
+// With this operation, you can grant access permissions using one of the following
+// two methods:
+//
+//   - Specify a canned ACL (x-amz-acl) — Amazon S3 supports a set of predefined
+//     ACLs, known as canned ACLs. Each canned ACL has a predefined set of grantees
+//     and permissions. For more information, see Canned ACL (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL).
+//
+//   - Specify access permissions explicitly — To explicitly grant access
+//     permissions to specific Amazon Web Services accounts or groups, use the
+//     following headers. Each header maps to specific permissions that Amazon
+//     S3 supports in an ACL. For more information, see Access Control List (ACL)
+//     Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html).
+//     In the header, you specify a list of grantees who get the specific permission.
+//     To grant permissions explicitly, use: x-amz-grant-read x-amz-grant-write
+//     x-amz-grant-read-acp x-amz-grant-write-acp x-amz-grant-full-control You
+//     specify each grantee as a type=value pair, where the type is one of the
+//     following: id – if the value specified is the canonical user ID of an
+//     Amazon Web Services account uri – if you are granting permissions to
+//     a predefined group emailAddress – if the value specified is the email
+//     address of an Amazon Web Services account Using email addresses to specify
+//     a grantee is only supported in the following Amazon Web Services Regions:
+//     US East (N. Virginia) US West (N. California) US West (Oregon) Asia Pacific
+//     (Singapore) Asia Pacific (Sydney) Asia Pacific (Tokyo) Europe (Ireland)
+//     South America (São Paulo) For a list of all the Amazon S3 supported Regions
+//     and endpoints, see Regions and Endpoints (https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region)
+//     in the Amazon Web Services General Reference. For example, the following
+//     x-amz-grant-read header grants the Amazon Web Services accounts identified
+//     by account IDs permissions to read object data and its metadata: x-amz-grant-read:
+//     id="11112222333", id="444455556666"
+//
+// The following operations are related to CreateMultipartUpload:
+//
+//   - UploadPart (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html)
+//
+//   - CompleteMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CompleteMultipartUpload.html)
+//
+//   - AbortMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_AbortMultipartUpload.html)
+//
+//   - ListParts (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListParts.html)
+//
+//   - ListMultipartUploads (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListMultipartUploads.html)
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Simple Storage Service's
+// API operation CreateMultipartUpload for usage and error information.
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/CreateMultipartUpload
+func (c *S3) CreateMultipartUpload(input *CreateMultipartUploadInput) (*CreateMultipartUploadOutput, error) {
+	req, out := c.CreateMultipartUploadRequest(input)
+	return out, req.Send()
+}
+
+// CreateMultipartUploadWithContext is the same as CreateMultipartUpload with the addition of
+// the ability to pass a context and additional request options.
+//
+// See CreateMultipartUpload for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *S3) CreateMultipartUploadWithContext(ctx aws.Context, input *CreateMultipartUploadInput, opts ...request.Option) (*CreateMultipartUploadOutput, error) {
+	req, out := c.CreateMultipartUploadRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+const opDeleteBucket = "DeleteBucket"
+
+// DeleteBucketRequest generates a "aws/request.Request" representing the
+// client's request for the DeleteBucket operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See DeleteBucket for more information on using the DeleteBucket
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//	// Example sending a request using the DeleteBucketRequest method.
+//	req, resp := client.DeleteBucketRequest(params)
+//
+//	err := req.Send()
+//	if err == nil { // resp is now filled
+//	    fmt.Println(resp)
+//	}
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucket
+func (c *S3) DeleteBucketRequest(input *DeleteBucketInput) (req *request.Request, output *DeleteBucketOutput) {
+	op := &request.Operation{
+		Name:       opDeleteBucket,
+		HTTPMethod: "DELETE",
+		HTTPPath:   "/{Bucket}",
+	}
+
+	if input == nil {
+		input = &DeleteBucketInput{}
+	}
+
+	output = &DeleteBucketOutput{}
+	req = c.newRequest(op, input, output)
+	req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
+	return
+}
+
+// DeleteBucket API operation for Amazon Simple Storage Service.
+//
+// Deletes the S3 bucket. All objects (including all object versions and delete
+// markers) in the bucket must be deleted before the bucket itself can be deleted.
+//
+// The following operations are related to DeleteBucket:
+//
+//   - CreateBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html)
+//
+//   - DeleteObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObject.html)
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Simple Storage Service's
+// API operation DeleteBucket for usage and error information.
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucket
+func (c *S3) DeleteBucket(input *DeleteBucketInput) (*DeleteBucketOutput, error) {
+	req, out := c.DeleteBucketRequest(input)
+	return out, req.Send()
+}
+
+// DeleteBucketWithContext is the same as DeleteBucket with the addition of
+// the ability to pass a context and additional request options.
+//
+// See DeleteBucket for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *S3) DeleteBucketWithContext(ctx aws.Context, input *DeleteBucketInput, opts ...request.Option) (*DeleteBucketOutput, error) {
+	req, out := c.DeleteBucketRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+const opDeleteBucketAnalyticsConfiguration = "DeleteBucketAnalyticsConfiguration"
+
+// DeleteBucketAnalyticsConfigurationRequest generates a "aws/request.Request" representing the
+// client's request for the DeleteBucketAnalyticsConfiguration operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See DeleteBucketAnalyticsConfiguration for more information on using the DeleteBucketAnalyticsConfiguration
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//	// Example sending a request using the DeleteBucketAnalyticsConfigurationRequest method.
+//	req, resp := client.DeleteBucketAnalyticsConfigurationRequest(params)
+//
+//	err := req.Send()
+//	if err == nil { // resp is now filled
+//	    fmt.Println(resp)
+//	}
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketAnalyticsConfiguration
+func (c *S3) DeleteBucketAnalyticsConfigurationRequest(input *DeleteBucketAnalyticsConfigurationInput) (req *request.Request, output *DeleteBucketAnalyticsConfigurationOutput) {
+	op := &request.Operation{
+		Name:       opDeleteBucketAnalyticsConfiguration,
+		HTTPMethod: "DELETE",
+		HTTPPath:   "/{Bucket}?analytics",
+	}
+
+	if input == nil {
+		input = &DeleteBucketAnalyticsConfigurationInput{}
+	}
+
+	output = &DeleteBucketAnalyticsConfigurationOutput{}
+	req = c.newRequest(op, input, output)
+	req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
+	return
+}
+
+// DeleteBucketAnalyticsConfiguration API operation for Amazon Simple Storage Service.
+//
+// Deletes an analytics configuration for the bucket (specified by the analytics
+// configuration ID).
+//
+// To use this operation, you must have permissions to perform the s3:PutAnalyticsConfiguration
+// action. The bucket owner has this permission by default. The bucket owner
+// can grant this permission to others. For more information about permissions,
+// see Permissions Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
+// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html).
+//
+// For information about the Amazon S3 analytics feature, see Amazon S3 Analytics
+// – Storage Class Analysis (https://docs.aws.amazon.com/AmazonS3/latest/dev/analytics-storage-class.html).
+//
+// The following operations are related to DeleteBucketAnalyticsConfiguration:
+//
+//   - GetBucketAnalyticsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketAnalyticsConfiguration.html)
+//
+//   - ListBucketAnalyticsConfigurations (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketAnalyticsConfigurations.html)
+//
+//   - PutBucketAnalyticsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketAnalyticsConfiguration.html)
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Simple Storage Service's
+// API operation DeleteBucketAnalyticsConfiguration for usage and error information.
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketAnalyticsConfiguration
+func (c *S3) DeleteBucketAnalyticsConfiguration(input *DeleteBucketAnalyticsConfigurationInput) (*DeleteBucketAnalyticsConfigurationOutput, error) {
+	req, out := c.DeleteBucketAnalyticsConfigurationRequest(input)
+	return out, req.Send()
+}
+
+// DeleteBucketAnalyticsConfigurationWithContext is the same as DeleteBucketAnalyticsConfiguration with the addition of
+// the ability to pass a context and additional request options.
+//
+// See DeleteBucketAnalyticsConfiguration for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *S3) DeleteBucketAnalyticsConfigurationWithContext(ctx aws.Context, input *DeleteBucketAnalyticsConfigurationInput, opts ...request.Option) (*DeleteBucketAnalyticsConfigurationOutput, error) {
+	req, out := c.DeleteBucketAnalyticsConfigurationRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+const opDeleteBucketCors = "DeleteBucketCors"
+
+// DeleteBucketCorsRequest generates a "aws/request.Request" representing the
+// client's request for the DeleteBucketCors operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See DeleteBucketCors for more information on using the DeleteBucketCors
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//	// Example sending a request using the DeleteBucketCorsRequest method.
+//	req, resp := client.DeleteBucketCorsRequest(params)
+//
+//	err := req.Send()
+//	if err == nil { // resp is now filled
+//	    fmt.Println(resp)
+//	}
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketCors
+func (c *S3) DeleteBucketCorsRequest(input *DeleteBucketCorsInput) (req *request.Request, output *DeleteBucketCorsOutput) {
+	op := &request.Operation{
+		Name:       opDeleteBucketCors,
+		HTTPMethod: "DELETE",
+		HTTPPath:   "/{Bucket}?cors",
+	}
+
+	if input == nil {
+		input = &DeleteBucketCorsInput{}
+	}
+
+	output = &DeleteBucketCorsOutput{}
+	req = c.newRequest(op, input, output)
+	req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
+	return
+}
+
+// DeleteBucketCors API operation for Amazon Simple Storage Service.
+//
+// Deletes the cors configuration information set for the bucket.
+//
+// To use this operation, you must have permission to perform the s3:PutBucketCORS
+// action. The bucket owner has this permission by default and can grant this
+// permission to others.
+//
+// For information about cors, see Enabling Cross-Origin Resource Sharing (https://docs.aws.amazon.com/AmazonS3/latest/dev/cors.html)
+// in the Amazon S3 User Guide.
+//
+// Related Resources
+//
+//   - PutBucketCors (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketCors.html)
+//
+//   - RESTOPTIONSobject (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTOPTIONSobject.html)
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Simple Storage Service's
+// API operation DeleteBucketCors for usage and error information.
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketCors
+func (c *S3) DeleteBucketCors(input *DeleteBucketCorsInput) (*DeleteBucketCorsOutput, error) {
+	req, out := c.DeleteBucketCorsRequest(input)
+	return out, req.Send()
+}
+
+// DeleteBucketCorsWithContext is the same as DeleteBucketCors with the addition of
+// the ability to pass a context and additional request options.
+//
+// See DeleteBucketCors for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *S3) DeleteBucketCorsWithContext(ctx aws.Context, input *DeleteBucketCorsInput, opts ...request.Option) (*DeleteBucketCorsOutput, error) {
+	req, out := c.DeleteBucketCorsRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+const opDeleteBucketEncryption = "DeleteBucketEncryption"
+
+// DeleteBucketEncryptionRequest generates a "aws/request.Request" representing the
+// client's request for the DeleteBucketEncryption operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See DeleteBucketEncryption for more information on using the DeleteBucketEncryption
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//	// Example sending a request using the DeleteBucketEncryptionRequest method.
+//	req, resp := client.DeleteBucketEncryptionRequest(params)
+//
+//	err := req.Send()
+//	if err == nil { // resp is now filled
+//	    fmt.Println(resp)
+//	}
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketEncryption
+func (c *S3) DeleteBucketEncryptionRequest(input *DeleteBucketEncryptionInput) (req *request.Request, output *DeleteBucketEncryptionOutput) {
+	op := &request.Operation{
+		Name:       opDeleteBucketEncryption,
+		HTTPMethod: "DELETE",
+		HTTPPath:   "/{Bucket}?encryption",
+	}
+
+	if input == nil {
+		input = &DeleteBucketEncryptionInput{}
+	}
+
+	output = &DeleteBucketEncryptionOutput{}
+	req = c.newRequest(op, input, output)
+	req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
+	return
+}
+
+// DeleteBucketEncryption API operation for Amazon Simple Storage Service.
+//
+// This implementation of the DELETE action resets the default encryption for
+// the bucket as server-side encryption with Amazon S3 managed keys (SSE-S3).
+// For information about the bucket default encryption feature, see Amazon S3
+// Bucket Default Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html)
+// in the Amazon S3 User Guide.
+//
+// To use this operation, you must have permissions to perform the s3:PutEncryptionConfiguration
+// action. The bucket owner has this permission by default. The bucket owner
+// can grant this permission to others. For more information about permissions,
+// see Permissions Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
+// and Managing Access Permissions to your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html)
+// in the Amazon S3 User Guide.
+//
+// The following operations are related to DeleteBucketEncryption:
+//
+//   - PutBucketEncryption (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketEncryption.html)
+//
+//   - GetBucketEncryption (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketEncryption.html)
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Simple Storage Service's
+// API operation DeleteBucketEncryption for usage and error information.
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketEncryption
+func (c *S3) DeleteBucketEncryption(input *DeleteBucketEncryptionInput) (*DeleteBucketEncryptionOutput, error) {
+	req, out := c.DeleteBucketEncryptionRequest(input)
+	return out, req.Send()
+}
+
+// DeleteBucketEncryptionWithContext is the same as DeleteBucketEncryption with the addition of
+// the ability to pass a context and additional request options.
+//
+// See DeleteBucketEncryption for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *S3) DeleteBucketEncryptionWithContext(ctx aws.Context, input *DeleteBucketEncryptionInput, opts ...request.Option) (*DeleteBucketEncryptionOutput, error) {
+	req, out := c.DeleteBucketEncryptionRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+const opDeleteBucketIntelligentTieringConfiguration = "DeleteBucketIntelligentTieringConfiguration"
+
+// DeleteBucketIntelligentTieringConfigurationRequest generates a "aws/request.Request" representing the
+// client's request for the DeleteBucketIntelligentTieringConfiguration operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See DeleteBucketIntelligentTieringConfiguration for more information on using the DeleteBucketIntelligentTieringConfiguration
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//	// Example sending a request using the DeleteBucketIntelligentTieringConfigurationRequest method.
+//	req, resp := client.DeleteBucketIntelligentTieringConfigurationRequest(params)
+//
+//	err := req.Send()
+//	if err == nil { // resp is now filled
+//	    fmt.Println(resp)
+//	}
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketIntelligentTieringConfiguration
+func (c *S3) DeleteBucketIntelligentTieringConfigurationRequest(input *DeleteBucketIntelligentTieringConfigurationInput) (req *request.Request, output *DeleteBucketIntelligentTieringConfigurationOutput) {
+	op := &request.Operation{
+		Name:       opDeleteBucketIntelligentTieringConfiguration,
+		HTTPMethod: "DELETE",
+		HTTPPath:   "/{Bucket}?intelligent-tiering",
+	}
+
+	if input == nil {
+		input = &DeleteBucketIntelligentTieringConfigurationInput{}
+	}
+
+	output = &DeleteBucketIntelligentTieringConfigurationOutput{}
+	req = c.newRequest(op, input, output)
+	req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
+	return
+}
+
+// DeleteBucketIntelligentTieringConfiguration API operation for Amazon Simple Storage Service.
+//
+// Deletes the S3 Intelligent-Tiering configuration from the specified bucket.
+//
+// The S3 Intelligent-Tiering storage class is designed to optimize storage
+// costs by automatically moving data to the most cost-effective storage access
+// tier, without performance impact or operational overhead. S3 Intelligent-Tiering
+// delivers automatic cost savings in three low latency and high throughput
+// access tiers. To get the lowest storage cost on data that can be accessed
+// in minutes to hours, you can choose to activate additional archiving capabilities.
+//
+// The S3 Intelligent-Tiering storage class is the ideal storage class for data
+// with unknown, changing, or unpredictable access patterns, independent of
+// object size or retention period. If the size of an object is less than 128
+// KB, it is not monitored and not eligible for auto-tiering. Smaller objects
+// can be stored, but they are always charged at the Frequent Access tier rates
+// in the S3 Intelligent-Tiering storage class.
+//
+// For more information, see Storage class for automatically optimizing frequently
+// and infrequently accessed objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html#sc-dynamic-data-access).
+//
+// Operations related to DeleteBucketIntelligentTieringConfiguration include:
+//
+//   - GetBucketIntelligentTieringConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketIntelligentTieringConfiguration.html)
+//
+//   - PutBucketIntelligentTieringConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketIntelligentTieringConfiguration.html)
+//
+//   - ListBucketIntelligentTieringConfigurations (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketIntelligentTieringConfigurations.html)
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Simple Storage Service's
+// API operation DeleteBucketIntelligentTieringConfiguration for usage and error information.
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketIntelligentTieringConfiguration
+func (c *S3) DeleteBucketIntelligentTieringConfiguration(input *DeleteBucketIntelligentTieringConfigurationInput) (*DeleteBucketIntelligentTieringConfigurationOutput, error) {
+	req, out := c.DeleteBucketIntelligentTieringConfigurationRequest(input)
+	return out, req.Send()
+}
+
+// DeleteBucketIntelligentTieringConfigurationWithContext is the same as DeleteBucketIntelligentTieringConfiguration with the addition of
+// the ability to pass a context and additional request options.
+//
+// See DeleteBucketIntelligentTieringConfiguration for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *S3) DeleteBucketIntelligentTieringConfigurationWithContext(ctx aws.Context, input *DeleteBucketIntelligentTieringConfigurationInput, opts ...request.Option) (*DeleteBucketIntelligentTieringConfigurationOutput, error) {
+	req, out := c.DeleteBucketIntelligentTieringConfigurationRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+const opDeleteBucketInventoryConfiguration = "DeleteBucketInventoryConfiguration"
+
+// DeleteBucketInventoryConfigurationRequest generates a "aws/request.Request" representing the
+// client's request for the DeleteBucketInventoryConfiguration operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See DeleteBucketInventoryConfiguration for more information on using the DeleteBucketInventoryConfiguration
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//	// Example sending a request using the DeleteBucketInventoryConfigurationRequest method.
+//	req, resp := client.DeleteBucketInventoryConfigurationRequest(params)
+//
+//	err := req.Send()
+//	if err == nil { // resp is now filled
+//	    fmt.Println(resp)
+//	}
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketInventoryConfiguration
+func (c *S3) DeleteBucketInventoryConfigurationRequest(input *DeleteBucketInventoryConfigurationInput) (req *request.Request, output *DeleteBucketInventoryConfigurationOutput) {
+	op := &request.Operation{
+		Name:       opDeleteBucketInventoryConfiguration,
+		HTTPMethod: "DELETE",
+		HTTPPath:   "/{Bucket}?inventory",
+	}
+
+	if input == nil {
+		input = &DeleteBucketInventoryConfigurationInput{}
+	}
+
+	output = &DeleteBucketInventoryConfigurationOutput{}
+	req = c.newRequest(op, input, output)
+	req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
+	return
+}
+
+// DeleteBucketInventoryConfiguration API operation for Amazon Simple Storage Service.
+//
+// Deletes an inventory configuration (identified by the inventory ID) from
+// the bucket.
+//
+// To use this operation, you must have permissions to perform the s3:PutInventoryConfiguration
+// action. The bucket owner has this permission by default. The bucket owner
+// can grant this permission to others. For more information about permissions,
+// see Permissions Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
+// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html).
+//
+// For information about the Amazon S3 inventory feature, see Amazon S3 Inventory
+// (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-inventory.html).
+//
+// Operations related to DeleteBucketInventoryConfiguration include:
+//
+//   - GetBucketInventoryConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketInventoryConfiguration.html)
+//
+//   - PutBucketInventoryConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketInventoryConfiguration.html)
+//
+//   - ListBucketInventoryConfigurations (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketInventoryConfigurations.html)
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Simple Storage Service's
+// API operation DeleteBucketInventoryConfiguration for usage and error information.
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketInventoryConfiguration
+func (c *S3) DeleteBucketInventoryConfiguration(input *DeleteBucketInventoryConfigurationInput) (*DeleteBucketInventoryConfigurationOutput, error) {
+	req, out := c.DeleteBucketInventoryConfigurationRequest(input)
+	return out, req.Send()
+}
+
+// DeleteBucketInventoryConfigurationWithContext is the same as DeleteBucketInventoryConfiguration with the addition of
+// the ability to pass a context and additional request options.
+//
+// See DeleteBucketInventoryConfiguration for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *S3) DeleteBucketInventoryConfigurationWithContext(ctx aws.Context, input *DeleteBucketInventoryConfigurationInput, opts ...request.Option) (*DeleteBucketInventoryConfigurationOutput, error) {
+	req, out := c.DeleteBucketInventoryConfigurationRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+const opDeleteBucketLifecycle = "DeleteBucketLifecycle"
+
+// DeleteBucketLifecycleRequest generates a "aws/request.Request" representing the
+// client's request for the DeleteBucketLifecycle operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See DeleteBucketLifecycle for more information on using the DeleteBucketLifecycle
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//	// Example sending a request using the DeleteBucketLifecycleRequest method.
+//	req, resp := client.DeleteBucketLifecycleRequest(params)
+//
+//	err := req.Send()
+//	if err == nil { // resp is now filled
+//	    fmt.Println(resp)
+//	}
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketLifecycle
+func (c *S3) DeleteBucketLifecycleRequest(input *DeleteBucketLifecycleInput) (req *request.Request, output *DeleteBucketLifecycleOutput) {
+	op := &request.Operation{
+		Name:       opDeleteBucketLifecycle,
+		HTTPMethod: "DELETE",
+		HTTPPath:   "/{Bucket}?lifecycle",
+	}
+
+	if input == nil {
+		input = &DeleteBucketLifecycleInput{}
+	}
+
+	output = &DeleteBucketLifecycleOutput{}
+	req = c.newRequest(op, input, output)
+	req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
+	return
+}
+
+// DeleteBucketLifecycle API operation for Amazon Simple Storage Service.
+//
+// Deletes the lifecycle configuration from the specified bucket. Amazon S3
+// removes all the lifecycle configuration rules in the lifecycle subresource
+// associated with the bucket. Your objects never expire, and Amazon S3 no longer
+// automatically deletes any objects on the basis of rules contained in the
+// deleted lifecycle configuration.
+//
+// To use this operation, you must have permission to perform the s3:PutLifecycleConfiguration
+// action. By default, the bucket owner has this permission and the bucket owner
+// can grant this permission to others.
+//
+// There is usually some time lag before lifecycle configuration deletion is
+// fully propagated to all the Amazon S3 systems.
+//
+// For more information about the object expiration, see Elements to Describe
+// Lifecycle Actions (https://docs.aws.amazon.com/AmazonS3/latest/dev/intro-lifecycle-rules.html#intro-lifecycle-rules-actions).
+//
+// Related actions include:
+//
+//   - PutBucketLifecycleConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycleConfiguration.html)
+//
+//   - GetBucketLifecycleConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketLifecycleConfiguration.html)
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Simple Storage Service's
+// API operation DeleteBucketLifecycle for usage and error information.
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketLifecycle
+func (c *S3) DeleteBucketLifecycle(input *DeleteBucketLifecycleInput) (*DeleteBucketLifecycleOutput, error) {
+	req, out := c.DeleteBucketLifecycleRequest(input)
+	return out, req.Send()
+}
+
+// DeleteBucketLifecycleWithContext is the same as DeleteBucketLifecycle with the addition of
+// the ability to pass a context and additional request options.
+//
+// See DeleteBucketLifecycle for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *S3) DeleteBucketLifecycleWithContext(ctx aws.Context, input *DeleteBucketLifecycleInput, opts ...request.Option) (*DeleteBucketLifecycleOutput, error) {
+	req, out := c.DeleteBucketLifecycleRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+const opDeleteBucketMetricsConfiguration = "DeleteBucketMetricsConfiguration"
+
+// DeleteBucketMetricsConfigurationRequest generates a "aws/request.Request" representing the
+// client's request for the DeleteBucketMetricsConfiguration operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See DeleteBucketMetricsConfiguration for more information on using the DeleteBucketMetricsConfiguration
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//	// Example sending a request using the DeleteBucketMetricsConfigurationRequest method.
+//	req, resp := client.DeleteBucketMetricsConfigurationRequest(params)
+//
+//	err := req.Send()
+//	if err == nil { // resp is now filled
+//	    fmt.Println(resp)
+//	}
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketMetricsConfiguration
+func (c *S3) DeleteBucketMetricsConfigurationRequest(input *DeleteBucketMetricsConfigurationInput) (req *request.Request, output *DeleteBucketMetricsConfigurationOutput) {
+	op := &request.Operation{
+		Name:       opDeleteBucketMetricsConfiguration,
+		HTTPMethod: "DELETE",
+		HTTPPath:   "/{Bucket}?metrics",
+	}
+
+	if input == nil {
+		input = &DeleteBucketMetricsConfigurationInput{}
+	}
+
+	output = &DeleteBucketMetricsConfigurationOutput{}
+	req = c.newRequest(op, input, output)
+	req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
+	return
+}
+
+// DeleteBucketMetricsConfiguration API operation for Amazon Simple Storage Service.
+//
+// Deletes a metrics configuration for the Amazon CloudWatch request metrics
+// (specified by the metrics configuration ID) from the bucket. Note that this
+// doesn't include the daily storage metrics.
+//
+// To use this operation, you must have permissions to perform the s3:PutMetricsConfiguration
+// action. The bucket owner has this permission by default. The bucket owner
+// can grant this permission to others. For more information about permissions,
+// see Permissions Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
+// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html).
+//
+// For information about CloudWatch request metrics for Amazon S3, see Monitoring
+// Metrics with Amazon CloudWatch (https://docs.aws.amazon.com/AmazonS3/latest/dev/cloudwatch-monitoring.html).
+//
+// The following operations are related to DeleteBucketMetricsConfiguration:
+//
+//   - GetBucketMetricsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketMetricsConfiguration.html)
+//
+//   - PutBucketMetricsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketMetricsConfiguration.html)
+//
+//   - ListBucketMetricsConfigurations (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketMetricsConfigurations.html)
+//
+//   - Monitoring Metrics with Amazon CloudWatch (https://docs.aws.amazon.com/AmazonS3/latest/dev/cloudwatch-monitoring.html)
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Simple Storage Service's
+// API operation DeleteBucketMetricsConfiguration for usage and error information.
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketMetricsConfiguration
+func (c *S3) DeleteBucketMetricsConfiguration(input *DeleteBucketMetricsConfigurationInput) (*DeleteBucketMetricsConfigurationOutput, error) {
+	req, out := c.DeleteBucketMetricsConfigurationRequest(input)
+	return out, req.Send()
+}
+
+// DeleteBucketMetricsConfigurationWithContext is the same as DeleteBucketMetricsConfiguration with the addition of
+// the ability to pass a context and additional request options.
+//
+// See DeleteBucketMetricsConfiguration for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *S3) DeleteBucketMetricsConfigurationWithContext(ctx aws.Context, input *DeleteBucketMetricsConfigurationInput, opts ...request.Option) (*DeleteBucketMetricsConfigurationOutput, error) {
+	req, out := c.DeleteBucketMetricsConfigurationRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+const opDeleteBucketOwnershipControls = "DeleteBucketOwnershipControls"
+
+// DeleteBucketOwnershipControlsRequest generates a "aws/request.Request" representing the
+// client's request for the DeleteBucketOwnershipControls operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See DeleteBucketOwnershipControls for more information on using the DeleteBucketOwnershipControls
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//	// Example sending a request using the DeleteBucketOwnershipControlsRequest method.
+//	req, resp := client.DeleteBucketOwnershipControlsRequest(params)
+//
+//	err := req.Send()
+//	if err == nil { // resp is now filled
+//	    fmt.Println(resp)
+//	}
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketOwnershipControls
+func (c *S3) DeleteBucketOwnershipControlsRequest(input *DeleteBucketOwnershipControlsInput) (req *request.Request, output *DeleteBucketOwnershipControlsOutput) {
+	op := &request.Operation{
+		Name:       opDeleteBucketOwnershipControls,
+		HTTPMethod: "DELETE",
+		HTTPPath:   "/{Bucket}?ownershipControls",
+	}
+
+	if input == nil {
+		input = &DeleteBucketOwnershipControlsInput{}
+	}
+
+	output = &DeleteBucketOwnershipControlsOutput{}
+	req = c.newRequest(op, input, output)
+	req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
+	return
+}
+
+// DeleteBucketOwnershipControls API operation for Amazon Simple Storage Service.
+//
+// Removes OwnershipControls for an Amazon S3 bucket. To use this operation,
+// you must have the s3:PutBucketOwnershipControls permission. For more information
+// about Amazon S3 permissions, see Specifying Permissions in a Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html).
+//
+// For information about Amazon S3 Object Ownership, see Using Object Ownership
+// (https://docs.aws.amazon.com/AmazonS3/latest/dev/about-object-ownership.html).
+//
+// The following operations are related to DeleteBucketOwnershipControls:
+//
+//   - GetBucketOwnershipControls
+//
+//   - PutBucketOwnershipControls
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Simple Storage Service's
+// API operation DeleteBucketOwnershipControls for usage and error information.
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketOwnershipControls
+func (c *S3) DeleteBucketOwnershipControls(input *DeleteBucketOwnershipControlsInput) (*DeleteBucketOwnershipControlsOutput, error) {
+	req, out := c.DeleteBucketOwnershipControlsRequest(input)
+	return out, req.Send()
+}
+
+// DeleteBucketOwnershipControlsWithContext is the same as DeleteBucketOwnershipControls with the addition of
+// the ability to pass a context and additional request options.
+//
+// See DeleteBucketOwnershipControls for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *S3) DeleteBucketOwnershipControlsWithContext(ctx aws.Context, input *DeleteBucketOwnershipControlsInput, opts ...request.Option) (*DeleteBucketOwnershipControlsOutput, error) {
+	req, out := c.DeleteBucketOwnershipControlsRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+const opDeleteBucketPolicy = "DeleteBucketPolicy"
+
+// DeleteBucketPolicyRequest generates a "aws/request.Request" representing the
+// client's request for the DeleteBucketPolicy operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See DeleteBucketPolicy for more information on using the DeleteBucketPolicy
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//	// Example sending a request using the DeleteBucketPolicyRequest method.
+//	req, resp := client.DeleteBucketPolicyRequest(params)
+//
+//	err := req.Send()
+//	if err == nil { // resp is now filled
+//	    fmt.Println(resp)
+//	}
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketPolicy
+func (c *S3) DeleteBucketPolicyRequest(input *DeleteBucketPolicyInput) (req *request.Request, output *DeleteBucketPolicyOutput) {
+	op := &request.Operation{
+		Name:       opDeleteBucketPolicy,
+		HTTPMethod: "DELETE",
+		HTTPPath:   "/{Bucket}?policy",
+	}
+
+	if input == nil {
+		input = &DeleteBucketPolicyInput{}
+	}
+
+	output = &DeleteBucketPolicyOutput{}
+	req = c.newRequest(op, input, output)
+	req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
+	return
+}
+
+// DeleteBucketPolicy API operation for Amazon Simple Storage Service.
+//
+// This implementation of the DELETE action uses the policy subresource to delete
+// the policy of a specified bucket. If you are using an identity other than
+// the root user of the Amazon Web Services account that owns the bucket, the
+// calling identity must have the DeleteBucketPolicy permissions on the specified
+// bucket and belong to the bucket owner's account to use this operation.
+//
+// If you don't have DeleteBucketPolicy permissions, Amazon S3 returns a 403
+// Access Denied error. If you have the correct permissions, but you're not
+// using an identity that belongs to the bucket owner's account, Amazon S3 returns
+// a 405 Method Not Allowed error.
+//
+// To ensure that bucket owners don't inadvertently lock themselves out of their
+// own buckets, the root principal in a bucket owner's Amazon Web Services account
+// can perform the GetBucketPolicy, PutBucketPolicy, and DeleteBucketPolicy
+// API actions, even if their bucket policy explicitly denies the root principal's
+// access. Bucket owner root principals can only be blocked from performing
+// these API actions by VPC endpoint policies and Amazon Web Services Organizations
+// policies.
+//
+// For more information about bucket policies, see Using Bucket Policies and
+// UserPolicies (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-iam-policies.html).
+//
+// The following operations are related to DeleteBucketPolicy
+//
+//   - CreateBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html)
+//
+//   - DeleteObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObject.html)
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Simple Storage Service's
+// API operation DeleteBucketPolicy for usage and error information.
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketPolicy
+func (c *S3) DeleteBucketPolicy(input *DeleteBucketPolicyInput) (*DeleteBucketPolicyOutput, error) {
+	req, out := c.DeleteBucketPolicyRequest(input)
+	return out, req.Send()
+}
+
+// DeleteBucketPolicyWithContext is the same as DeleteBucketPolicy with the addition of
+// the ability to pass a context and additional request options.
+//
+// See DeleteBucketPolicy for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *S3) DeleteBucketPolicyWithContext(ctx aws.Context, input *DeleteBucketPolicyInput, opts ...request.Option) (*DeleteBucketPolicyOutput, error) {
+	req, out := c.DeleteBucketPolicyRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+const opDeleteBucketReplication = "DeleteBucketReplication"
+
+// DeleteBucketReplicationRequest generates a "aws/request.Request" representing the
+// client's request for the DeleteBucketReplication operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See DeleteBucketReplication for more information on using the DeleteBucketReplication
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//	// Example sending a request using the DeleteBucketReplicationRequest method.
+//	req, resp := client.DeleteBucketReplicationRequest(params)
+//
+//	err := req.Send()
+//	if err == nil { // resp is now filled
+//	    fmt.Println(resp)
+//	}
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketReplication
+func (c *S3) DeleteBucketReplicationRequest(input *DeleteBucketReplicationInput) (req *request.Request, output *DeleteBucketReplicationOutput) {
+	op := &request.Operation{
+		Name:       opDeleteBucketReplication,
+		HTTPMethod: "DELETE",
+		HTTPPath:   "/{Bucket}?replication",
+	}
+
+	if input == nil {
+		input = &DeleteBucketReplicationInput{}
+	}
+
+	output = &DeleteBucketReplicationOutput{}
+	req = c.newRequest(op, input, output)
+	req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
+	return
+}
+
+// DeleteBucketReplication API operation for Amazon Simple Storage Service.
+//
+// Deletes the replication configuration from the bucket.
+//
+// To use this operation, you must have permissions to perform the s3:PutReplicationConfiguration
+// action. The bucket owner has these permissions by default and can grant it
+// to others. For more information about permissions, see Permissions Related
+// to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
+// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html).
+//
+// It can take a while for the deletion of a replication configuration to fully
+// propagate.
+//
+// For information about replication configuration, see Replication (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication.html)
+// in the Amazon S3 User Guide.
+//
+// The following operations are related to DeleteBucketReplication:
+//
+//   - PutBucketReplication (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketReplication.html)
+//
+//   - GetBucketReplication (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketReplication.html)
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Simple Storage Service's
+// API operation DeleteBucketReplication for usage and error information.
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketReplication
+func (c *S3) DeleteBucketReplication(input *DeleteBucketReplicationInput) (*DeleteBucketReplicationOutput, error) {
+	req, out := c.DeleteBucketReplicationRequest(input)
+	return out, req.Send()
+}
+
+// DeleteBucketReplicationWithContext is the same as DeleteBucketReplication with the addition of
+// the ability to pass a context and additional request options.
+//
+// See DeleteBucketReplication for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *S3) DeleteBucketReplicationWithContext(ctx aws.Context, input *DeleteBucketReplicationInput, opts ...request.Option) (*DeleteBucketReplicationOutput, error) {
+	req, out := c.DeleteBucketReplicationRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+const opDeleteBucketTagging = "DeleteBucketTagging"
+
+// DeleteBucketTaggingRequest generates a "aws/request.Request" representing the
+// client's request for the DeleteBucketTagging operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See DeleteBucketTagging for more information on using the DeleteBucketTagging
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//	// Example sending a request using the DeleteBucketTaggingRequest method.
+//	req, resp := client.DeleteBucketTaggingRequest(params)
+//
+//	err := req.Send()
+//	if err == nil { // resp is now filled
+//	    fmt.Println(resp)
+//	}
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketTagging
+func (c *S3) DeleteBucketTaggingRequest(input *DeleteBucketTaggingInput) (req *request.Request, output *DeleteBucketTaggingOutput) {
+	op := &request.Operation{
+		Name:       opDeleteBucketTagging,
+		HTTPMethod: "DELETE",
+		HTTPPath:   "/{Bucket}?tagging",
+	}
+
+	if input == nil {
+		input = &DeleteBucketTaggingInput{}
+	}
+
+	output = &DeleteBucketTaggingOutput{}
+	req = c.newRequest(op, input, output)
+	req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
+	return
+}
+
+// DeleteBucketTagging API operation for Amazon Simple Storage Service.
+//
+// Deletes the tags from the bucket.
+//
+// To use this operation, you must have permission to perform the s3:PutBucketTagging
+// action. By default, the bucket owner has this permission and can grant this
+// permission to others.
+//
+// The following operations are related to DeleteBucketTagging:
+//
+//   - GetBucketTagging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketTagging.html)
+//
+//   - PutBucketTagging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketTagging.html)
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Simple Storage Service's
+// API operation DeleteBucketTagging for usage and error information.
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketTagging
+func (c *S3) DeleteBucketTagging(input *DeleteBucketTaggingInput) (*DeleteBucketTaggingOutput, error) {
+	req, out := c.DeleteBucketTaggingRequest(input)
+	return out, req.Send()
+}
+
+// DeleteBucketTaggingWithContext is the same as DeleteBucketTagging with the addition of
+// the ability to pass a context and additional request options.
+//
+// See DeleteBucketTagging for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *S3) DeleteBucketTaggingWithContext(ctx aws.Context, input *DeleteBucketTaggingInput, opts ...request.Option) (*DeleteBucketTaggingOutput, error) {
+	req, out := c.DeleteBucketTaggingRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+const opDeleteBucketWebsite = "DeleteBucketWebsite"
+
+// DeleteBucketWebsiteRequest generates a "aws/request.Request" representing the
+// client's request for the DeleteBucketWebsite operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See DeleteBucketWebsite for more information on using the DeleteBucketWebsite
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//	// Example sending a request using the DeleteBucketWebsiteRequest method.
+//	req, resp := client.DeleteBucketWebsiteRequest(params)
+//
+//	err := req.Send()
+//	if err == nil { // resp is now filled
+//	    fmt.Println(resp)
+//	}
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketWebsite
+func (c *S3) DeleteBucketWebsiteRequest(input *DeleteBucketWebsiteInput) (req *request.Request, output *DeleteBucketWebsiteOutput) {
+	op := &request.Operation{
+		Name:       opDeleteBucketWebsite,
+		HTTPMethod: "DELETE",
+		HTTPPath:   "/{Bucket}?website",
+	}
+
+	if input == nil {
+		input = &DeleteBucketWebsiteInput{}
+	}
+
+	output = &DeleteBucketWebsiteOutput{}
+	req = c.newRequest(op, input, output)
+	req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
+	return
+}
+
+// DeleteBucketWebsite API operation for Amazon Simple Storage Service.
+//
+// This action removes the website configuration for a bucket. Amazon S3 returns
+// a 200 OK response upon successfully deleting a website configuration on the
+// specified bucket. You will get a 200 OK response if the website configuration
+// you are trying to delete does not exist on the bucket. Amazon S3 returns
+// a 404 response if the bucket specified in the request does not exist.
+//
+// This DELETE action requires the S3:DeleteBucketWebsite permission. By default,
+// only the bucket owner can delete the website configuration attached to a
+// bucket. However, bucket owners can grant other users permission to delete
+// the website configuration by writing a bucket policy granting them the S3:DeleteBucketWebsite
+// permission.
+//
+// For more information about hosting websites, see Hosting Websites on Amazon
+// S3 (https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteHosting.html).
+//
+// The following operations are related to DeleteBucketWebsite:
+//
+//   - GetBucketWebsite (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketWebsite.html)
+//
+//   - PutBucketWebsite (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketWebsite.html)
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Simple Storage Service's
+// API operation DeleteBucketWebsite for usage and error information.
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketWebsite
+func (c *S3) DeleteBucketWebsite(input *DeleteBucketWebsiteInput) (*DeleteBucketWebsiteOutput, error) {
+	req, out := c.DeleteBucketWebsiteRequest(input)
+	return out, req.Send()
+}
+
+// DeleteBucketWebsiteWithContext is the same as DeleteBucketWebsite with the addition of
+// the ability to pass a context and additional request options.
+//
+// See DeleteBucketWebsite for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *S3) DeleteBucketWebsiteWithContext(ctx aws.Context, input *DeleteBucketWebsiteInput, opts ...request.Option) (*DeleteBucketWebsiteOutput, error) {
+	req, out := c.DeleteBucketWebsiteRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+const opDeleteObject = "DeleteObject"
+
+// DeleteObjectRequest generates a "aws/request.Request" representing the
+// client's request for the DeleteObject operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See DeleteObject for more information on using the DeleteObject
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//	// Example sending a request using the DeleteObjectRequest method.
+//	req, resp := client.DeleteObjectRequest(params)
+//
+//	err := req.Send()
+//	if err == nil { // resp is now filled
+//	    fmt.Println(resp)
+//	}
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteObject
+func (c *S3) DeleteObjectRequest(input *DeleteObjectInput) (req *request.Request, output *DeleteObjectOutput) {
+	op := &request.Operation{
+		Name:       opDeleteObject,
+		HTTPMethod: "DELETE",
+		HTTPPath:   "/{Bucket}/{Key+}",
+	}
+
+	if input == nil {
+		input = &DeleteObjectInput{}
+	}
+
+	output = &DeleteObjectOutput{}
+	req = c.newRequest(op, input, output)
+	return
+}
+
+// DeleteObject API operation for Amazon Simple Storage Service.
+//
+// Removes the null version (if there is one) of an object and inserts a delete
+// marker, which becomes the latest version of the object. If there isn't a
+// null version, Amazon S3 does not remove any objects but will still respond
+// that the command was successful.
+//
+// To remove a specific version, you must use the version Id subresource. Using
+// this subresource permanently deletes the version. If the object deleted is
+// a delete marker, Amazon S3 sets the response header, x-amz-delete-marker,
+// to true.
+//
+// If the object you want to delete is in a bucket where the bucket versioning
+// configuration is MFA Delete enabled, you must include the x-amz-mfa request
+// header in the DELETE versionId request. Requests that include x-amz-mfa must
+// use HTTPS.
+//
+// For more information about MFA Delete, see Using MFA Delete (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMFADelete.html).
+// To see sample requests that use versioning, see Sample Request (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTObjectDELETE.html#ExampleVersionObjectDelete).
+//
+// You can delete objects by explicitly calling DELETE Object or configure its
+// lifecycle (PutBucketLifecycle (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycle.html))
+// to enable Amazon S3 to remove them for you. If you want to block users or
+// accounts from removing or deleting objects from your bucket, you must deny
+// them the s3:DeleteObject, s3:DeleteObjectVersion, and s3:PutLifeCycleConfiguration
+// actions.
+//
+// The following action is related to DeleteObject:
+//
+//   - PutObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html)
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Simple Storage Service's
+// API operation DeleteObject for usage and error information.
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteObject
+func (c *S3) DeleteObject(input *DeleteObjectInput) (*DeleteObjectOutput, error) {
+	req, out := c.DeleteObjectRequest(input)
+	return out, req.Send()
+}
+
+// DeleteObjectWithContext is the same as DeleteObject with the addition of
+// the ability to pass a context and additional request options.
+//
+// See DeleteObject for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *S3) DeleteObjectWithContext(ctx aws.Context, input *DeleteObjectInput, opts ...request.Option) (*DeleteObjectOutput, error) {
+	req, out := c.DeleteObjectRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+const opDeleteObjectTagging = "DeleteObjectTagging"
+
+// DeleteObjectTaggingRequest generates a "aws/request.Request" representing the
+// client's request for the DeleteObjectTagging operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See DeleteObjectTagging for more information on using the DeleteObjectTagging
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//	// Example sending a request using the DeleteObjectTaggingRequest method.
+//	req, resp := client.DeleteObjectTaggingRequest(params)
+//
+//	err := req.Send()
+//	if err == nil { // resp is now filled
+//	    fmt.Println(resp)
+//	}
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteObjectTagging
+func (c *S3) DeleteObjectTaggingRequest(input *DeleteObjectTaggingInput) (req *request.Request, output *DeleteObjectTaggingOutput) {
+	op := &request.Operation{
+		Name:       opDeleteObjectTagging,
+		HTTPMethod: "DELETE",
+		HTTPPath:   "/{Bucket}/{Key+}?tagging",
+	}
+
+	if input == nil {
+		input = &DeleteObjectTaggingInput{}
+	}
+
+	output = &DeleteObjectTaggingOutput{}
+	req = c.newRequest(op, input, output)
+	return
+}
+
+// DeleteObjectTagging API operation for Amazon Simple Storage Service.
+//
+// Removes the entire tag set from the specified object. For more information
+// about managing object tags, see Object Tagging (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-tagging.html).
+//
+// To use this operation, you must have permission to perform the s3:DeleteObjectTagging
+// action.
+//
+// To delete tags of a specific object version, add the versionId query parameter
+// in the request. You will need permission for the s3:DeleteObjectVersionTagging
+// action.
+//
+// The following operations are related to DeleteObjectTagging:
+//
+//   - PutObjectTagging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObjectTagging.html)
+//
+//   - GetObjectTagging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectTagging.html)
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Simple Storage Service's
+// API operation DeleteObjectTagging for usage and error information.
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteObjectTagging
+func (c *S3) DeleteObjectTagging(input *DeleteObjectTaggingInput) (*DeleteObjectTaggingOutput, error) {
+	req, out := c.DeleteObjectTaggingRequest(input)
+	return out, req.Send()
+}
+
+// DeleteObjectTaggingWithContext is the same as DeleteObjectTagging with the addition of
+// the ability to pass a context and additional request options.
+//
+// See DeleteObjectTagging for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *S3) DeleteObjectTaggingWithContext(ctx aws.Context, input *DeleteObjectTaggingInput, opts ...request.Option) (*DeleteObjectTaggingOutput, error) {
+	req, out := c.DeleteObjectTaggingRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+const opDeleteObjects = "DeleteObjects"
+
+// DeleteObjectsRequest generates a "aws/request.Request" representing the
+// client's request for the DeleteObjects operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See DeleteObjects for more information on using the DeleteObjects
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//	// Example sending a request using the DeleteObjectsRequest method.
+//	req, resp := client.DeleteObjectsRequest(params)
+//
+//	err := req.Send()
+//	if err == nil { // resp is now filled
+//	    fmt.Println(resp)
+//	}
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteObjects
+func (c *S3) DeleteObjectsRequest(input *DeleteObjectsInput) (req *request.Request, output *DeleteObjectsOutput) {
+	op := &request.Operation{
+		Name:       opDeleteObjects,
+		HTTPMethod: "POST",
+		HTTPPath:   "/{Bucket}?delete",
+	}
+
+	if input == nil {
+		input = &DeleteObjectsInput{}
+	}
+
+	output = &DeleteObjectsOutput{}
+	req = c.newRequest(op, input, output)
+	req.Handlers.Build.PushBackNamed(request.NamedHandler{
+		Name: "contentMd5Handler",
+		Fn:   checksum.AddBodyContentMD5Handler,
+	})
+	return
+}
+
+// DeleteObjects API operation for Amazon Simple Storage Service.
+//
+// This action enables you to delete multiple objects from a bucket using a
+// single HTTP request. If you know the object keys that you want to delete,
+// then this action provides a suitable alternative to sending individual delete
+// requests, reducing per-request overhead.
+//
+// The request contains a list of up to 1000 keys that you want to delete. In
+// the XML, you provide the object key names, and optionally, version IDs if
+// you want to delete a specific version of the object from a versioning-enabled
+// bucket. For each key, Amazon S3 performs a delete action and returns the
+// result of that delete, success, or failure, in the response. Note that if
+// the object specified in the request is not found, Amazon S3 returns the result
+// as deleted.
+//
+// The action supports two modes for the response: verbose and quiet. By default,
+// the action uses verbose mode in which the response includes the result of
+// deletion of each key in your request. In quiet mode the response includes
+// only keys where the delete action encountered an error. For a successful
+// deletion, the action does not return any information about the delete in
+// the response body.
+//
+// When performing this action on an MFA Delete enabled bucket, that attempts
+// to delete any versioned objects, you must include an MFA token. If you do
+// not provide one, the entire request will fail, even if there are non-versioned
+// objects you are trying to delete. If you provide an invalid token, whether
+// there are versioned keys in the request or not, the entire Multi-Object Delete
+// request will fail. For information about MFA Delete, see MFA Delete (https://docs.aws.amazon.com/AmazonS3/latest/dev/Versioning.html#MultiFactorAuthenticationDelete).
+//
+// Finally, the Content-MD5 header is required for all Multi-Object Delete requests.
+// Amazon S3 uses the header value to ensure that your request body has not
+// been altered in transit.
+//
+// The following operations are related to DeleteObjects:
+//
+//   - CreateMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html)
+//
+//   - UploadPart (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html)
+//
+//   - CompleteMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CompleteMultipartUpload.html)
+//
+//   - ListParts (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListParts.html)
+//
+//   - AbortMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_AbortMultipartUpload.html)
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Simple Storage Service's
+// API operation DeleteObjects for usage and error information.
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteObjects
+func (c *S3) DeleteObjects(input *DeleteObjectsInput) (*DeleteObjectsOutput, error) {
+	req, out := c.DeleteObjectsRequest(input)
+	return out, req.Send()
+}
+
+// DeleteObjectsWithContext is the same as DeleteObjects with the addition of
+// the ability to pass a context and additional request options.
+//
+// See DeleteObjects for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *S3) DeleteObjectsWithContext(ctx aws.Context, input *DeleteObjectsInput, opts ...request.Option) (*DeleteObjectsOutput, error) {
+	req, out := c.DeleteObjectsRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+const opDeletePublicAccessBlock = "DeletePublicAccessBlock"
+
+// DeletePublicAccessBlockRequest generates a "aws/request.Request" representing the
+// client's request for the DeletePublicAccessBlock operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See DeletePublicAccessBlock for more information on using the DeletePublicAccessBlock
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//	// Example sending a request using the DeletePublicAccessBlockRequest method.
+//	req, resp := client.DeletePublicAccessBlockRequest(params)
+//
+//	err := req.Send()
+//	if err == nil { // resp is now filled
+//	    fmt.Println(resp)
+//	}
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeletePublicAccessBlock
+func (c *S3) DeletePublicAccessBlockRequest(input *DeletePublicAccessBlockInput) (req *request.Request, output *DeletePublicAccessBlockOutput) {
+	op := &request.Operation{
+		Name:       opDeletePublicAccessBlock,
+		HTTPMethod: "DELETE",
+		HTTPPath:   "/{Bucket}?publicAccessBlock",
+	}
+
+	if input == nil {
+		input = &DeletePublicAccessBlockInput{}
+	}
+
+	output = &DeletePublicAccessBlockOutput{}
+	req = c.newRequest(op, input, output)
+	req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
+	return
+}
+
+// DeletePublicAccessBlock API operation for Amazon Simple Storage Service.
+//
+// Removes the PublicAccessBlock configuration for an Amazon S3 bucket. To use
+// this operation, you must have the s3:PutBucketPublicAccessBlock permission.
+// For more information about permissions, see Permissions Related to Bucket
+// Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
+// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html).
+//
+// The following operations are related to DeletePublicAccessBlock:
+//
+//   - Using Amazon S3 Block Public Access (https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html)
+//
+//   - GetPublicAccessBlock (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetPublicAccessBlock.html)
+//
+//   - PutPublicAccessBlock (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutPublicAccessBlock.html)
+//
+//   - GetBucketPolicyStatus (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketPolicyStatus.html)
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Simple Storage Service's
+// API operation DeletePublicAccessBlock for usage and error information.
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeletePublicAccessBlock
+func (c *S3) DeletePublicAccessBlock(input *DeletePublicAccessBlockInput) (*DeletePublicAccessBlockOutput, error) {
+	req, out := c.DeletePublicAccessBlockRequest(input)
+	return out, req.Send()
+}
+
+// DeletePublicAccessBlockWithContext is the same as DeletePublicAccessBlock with the addition of
+// the ability to pass a context and additional request options.
+//
+// See DeletePublicAccessBlock for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *S3) DeletePublicAccessBlockWithContext(ctx aws.Context, input *DeletePublicAccessBlockInput, opts ...request.Option) (*DeletePublicAccessBlockOutput, error) {
+	req, out := c.DeletePublicAccessBlockRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+const opGetBucketAccelerateConfiguration = "GetBucketAccelerateConfiguration"
+
+// GetBucketAccelerateConfigurationRequest generates a "aws/request.Request" representing the
+// client's request for the GetBucketAccelerateConfiguration operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See GetBucketAccelerateConfiguration for more information on using the GetBucketAccelerateConfiguration
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//	// Example sending a request using the GetBucketAccelerateConfigurationRequest method.
+//	req, resp := client.GetBucketAccelerateConfigurationRequest(params)
+//
+//	err := req.Send()
+//	if err == nil { // resp is now filled
+//	    fmt.Println(resp)
+//	}
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketAccelerateConfiguration
+func (c *S3) GetBucketAccelerateConfigurationRequest(input *GetBucketAccelerateConfigurationInput) (req *request.Request, output *GetBucketAccelerateConfigurationOutput) {
+	op := &request.Operation{
+		Name:       opGetBucketAccelerateConfiguration,
+		HTTPMethod: "GET",
+		HTTPPath:   "/{Bucket}?accelerate",
+	}
+
+	if input == nil {
+		input = &GetBucketAccelerateConfigurationInput{}
+	}
+
+	output = &GetBucketAccelerateConfigurationOutput{}
+	req = c.newRequest(op, input, output)
+	return
+}
+
+// GetBucketAccelerateConfiguration API operation for Amazon Simple Storage Service.
+//
+// This implementation of the GET action uses the accelerate subresource to
+// return the Transfer Acceleration state of a bucket, which is either Enabled
+// or Suspended. Amazon S3 Transfer Acceleration is a bucket-level feature that
+// enables you to perform faster data transfers to and from Amazon S3.
+//
+// To use this operation, you must have permission to perform the s3:GetAccelerateConfiguration
+// action. The bucket owner has this permission by default. The bucket owner
+// can grant this permission to others. For more information about permissions,
+// see Permissions Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
+// and Managing Access Permissions to your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html)
+// in the Amazon S3 User Guide.
+//
+// You set the Transfer Acceleration state of an existing bucket to Enabled
+// or Suspended by using the PutBucketAccelerateConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketAccelerateConfiguration.html)
+// operation.
+//
+// A GET accelerate request does not return a state value for a bucket that
+// has no transfer acceleration state. A bucket has no Transfer Acceleration
+// state if a state has never been set on the bucket.
+//
+// For more information about transfer acceleration, see Transfer Acceleration
+// (https://docs.aws.amazon.com/AmazonS3/latest/dev/transfer-acceleration.html)
+// in the Amazon S3 User Guide.
+//
+// The following operations are related to GetBucketAccelerateConfiguration:
+//
+//   - PutBucketAccelerateConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketAccelerateConfiguration.html)
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Simple Storage Service's
+// API operation GetBucketAccelerateConfiguration for usage and error information.
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketAccelerateConfiguration
+func (c *S3) GetBucketAccelerateConfiguration(input *GetBucketAccelerateConfigurationInput) (*GetBucketAccelerateConfigurationOutput, error) {
+	req, out := c.GetBucketAccelerateConfigurationRequest(input)
+	return out, req.Send()
+}
+
+// GetBucketAccelerateConfigurationWithContext is the same as GetBucketAccelerateConfiguration with the addition of
+// the ability to pass a context and additional request options.
+//
+// See GetBucketAccelerateConfiguration for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *S3) GetBucketAccelerateConfigurationWithContext(ctx aws.Context, input *GetBucketAccelerateConfigurationInput, opts ...request.Option) (*GetBucketAccelerateConfigurationOutput, error) {
+	req, out := c.GetBucketAccelerateConfigurationRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+const opGetBucketAcl = "GetBucketAcl"
+
+// GetBucketAclRequest generates a "aws/request.Request" representing the
+// client's request for the GetBucketAcl operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See GetBucketAcl for more information on using the GetBucketAcl
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//	// Example sending a request using the GetBucketAclRequest method.
+//	req, resp := client.GetBucketAclRequest(params)
+//
+//	err := req.Send()
+//	if err == nil { // resp is now filled
+//	    fmt.Println(resp)
+//	}
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketAcl
+func (c *S3) GetBucketAclRequest(input *GetBucketAclInput) (req *request.Request, output *GetBucketAclOutput) {
+	op := &request.Operation{
+		Name:       opGetBucketAcl,
+		HTTPMethod: "GET",
+		HTTPPath:   "/{Bucket}?acl",
+	}
+
+	if input == nil {
+		input = &GetBucketAclInput{}
+	}
+
+	output = &GetBucketAclOutput{}
+	req = c.newRequest(op, input, output)
+	return
+}
+
+// GetBucketAcl API operation for Amazon Simple Storage Service.
+//
+// This implementation of the GET action uses the acl subresource to return
+// the access control list (ACL) of a bucket. To use GET to return the ACL of
+// the bucket, you must have READ_ACP access to the bucket. If READ_ACP permission
+// is granted to the anonymous user, you can return the ACL of the bucket without
+// using an authorization header.
+//
+// To use this API operation against an access point, provide the alias of the
+// access point in place of the bucket name.
+//
+// To use this API operation against an Object Lambda access point, provide
+// the alias of the Object Lambda access point in place of the bucket name.
+// If the Object Lambda access point alias in a request is not valid, the error
+// code InvalidAccessPointAliasError is returned. For more information about
+// InvalidAccessPointAliasError, see List of Error Codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList).
+//
+// If your bucket uses the bucket owner enforced setting for S3 Object Ownership,
+// requests to read ACLs are still supported and return the bucket-owner-full-control
+// ACL with the owner being the account that created the bucket. For more information,
+// see Controlling object ownership and disabling ACLs (https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html)
+// in the Amazon S3 User Guide.
+//
+// The following operations are related to GetBucketAcl:
+//
+//   - ListObjects (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListObjects.html)
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Simple Storage Service's
+// API operation GetBucketAcl for usage and error information.
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketAcl
+func (c *S3) GetBucketAcl(input *GetBucketAclInput) (*GetBucketAclOutput, error) {
+	req, out := c.GetBucketAclRequest(input)
+	return out, req.Send()
+}
+
+// GetBucketAclWithContext is the same as GetBucketAcl with the addition of
+// the ability to pass a context and additional request options.
+//
+// See GetBucketAcl for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *S3) GetBucketAclWithContext(ctx aws.Context, input *GetBucketAclInput, opts ...request.Option) (*GetBucketAclOutput, error) {
+	req, out := c.GetBucketAclRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+const opGetBucketAnalyticsConfiguration = "GetBucketAnalyticsConfiguration"
+
+// GetBucketAnalyticsConfigurationRequest generates a "aws/request.Request" representing the
+// client's request for the GetBucketAnalyticsConfiguration operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See GetBucketAnalyticsConfiguration for more information on using the GetBucketAnalyticsConfiguration
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//	// Example sending a request using the GetBucketAnalyticsConfigurationRequest method.
+//	req, resp := client.GetBucketAnalyticsConfigurationRequest(params)
+//
+//	err := req.Send()
+//	if err == nil { // resp is now filled
+//	    fmt.Println(resp)
+//	}
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketAnalyticsConfiguration
+func (c *S3) GetBucketAnalyticsConfigurationRequest(input *GetBucketAnalyticsConfigurationInput) (req *request.Request, output *GetBucketAnalyticsConfigurationOutput) {
+	op := &request.Operation{
+		Name:       opGetBucketAnalyticsConfiguration,
+		HTTPMethod: "GET",
+		HTTPPath:   "/{Bucket}?analytics",
+	}
+
+	if input == nil {
+		input = &GetBucketAnalyticsConfigurationInput{}
+	}
+
+	output = &GetBucketAnalyticsConfigurationOutput{}
+	req = c.newRequest(op, input, output)
+	return
+}
+
+// GetBucketAnalyticsConfiguration API operation for Amazon Simple Storage Service.
+//
+// This implementation of the GET action returns an analytics configuration
+// (identified by the analytics configuration ID) from the bucket.
+//
+// To use this operation, you must have permissions to perform the s3:GetAnalyticsConfiguration
+// action. The bucket owner has this permission by default. The bucket owner
+// can grant this permission to others. For more information about permissions,
+// see Permissions Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
+// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html)
+// in the Amazon S3 User Guide.
+//
+// For information about Amazon S3 analytics feature, see Amazon S3 Analytics
+// – Storage Class Analysis (https://docs.aws.amazon.com/AmazonS3/latest/dev/analytics-storage-class.html)
+// in the Amazon S3 User Guide.
+//
+// The following operations are related to GetBucketAnalyticsConfiguration:
+//
+//   - DeleteBucketAnalyticsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketAnalyticsConfiguration.html)
+//
+//   - ListBucketAnalyticsConfigurations (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketAnalyticsConfigurations.html)
+//
+//   - PutBucketAnalyticsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketAnalyticsConfiguration.html)
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Simple Storage Service's
+// API operation GetBucketAnalyticsConfiguration for usage and error information.
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketAnalyticsConfiguration
+func (c *S3) GetBucketAnalyticsConfiguration(input *GetBucketAnalyticsConfigurationInput) (*GetBucketAnalyticsConfigurationOutput, error) {
+	req, out := c.GetBucketAnalyticsConfigurationRequest(input)
+	return out, req.Send()
+}
+
+// GetBucketAnalyticsConfigurationWithContext is the same as GetBucketAnalyticsConfiguration with the addition of
+// the ability to pass a context and additional request options.
+//
+// See GetBucketAnalyticsConfiguration for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *S3) GetBucketAnalyticsConfigurationWithContext(ctx aws.Context, input *GetBucketAnalyticsConfigurationInput, opts ...request.Option) (*GetBucketAnalyticsConfigurationOutput, error) {
+	req, out := c.GetBucketAnalyticsConfigurationRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+const opGetBucketCors = "GetBucketCors"
+
+// GetBucketCorsRequest generates a "aws/request.Request" representing the
+// client's request for the GetBucketCors operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See GetBucketCors for more information on using the GetBucketCors
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//	// Example sending a request using the GetBucketCorsRequest method.
+//	req, resp := client.GetBucketCorsRequest(params)
+//
+//	err := req.Send()
+//	if err == nil { // resp is now filled
+//	    fmt.Println(resp)
+//	}
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketCors
+func (c *S3) GetBucketCorsRequest(input *GetBucketCorsInput) (req *request.Request, output *GetBucketCorsOutput) {
+	op := &request.Operation{
+		Name:       opGetBucketCors,
+		HTTPMethod: "GET",
+		HTTPPath:   "/{Bucket}?cors",
+	}
+
+	if input == nil {
+		input = &GetBucketCorsInput{}
+	}
+
+	output = &GetBucketCorsOutput{}
+	req = c.newRequest(op, input, output)
+	return
+}
+
+// GetBucketCors API operation for Amazon Simple Storage Service.
+//
+// Returns the Cross-Origin Resource Sharing (CORS) configuration information
+// set for the bucket.
+//
+// To use this operation, you must have permission to perform the s3:GetBucketCORS
+// action. By default, the bucket owner has this permission and can grant it
+// to others.
+//
+// To use this API operation against an access point, provide the alias of the
+// access point in place of the bucket name.
+//
+// To use this API operation against an Object Lambda access point, provide
+// the alias of the Object Lambda access point in place of the bucket name.
+// If the Object Lambda access point alias in a request is not valid, the error
+// code InvalidAccessPointAliasError is returned. For more information about
+// InvalidAccessPointAliasError, see List of Error Codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList).
+//
+// For more information about CORS, see Enabling Cross-Origin Resource Sharing
+// (https://docs.aws.amazon.com/AmazonS3/latest/dev/cors.html).
+//
+// The following operations are related to GetBucketCors:
+//
+//   - PutBucketCors (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketCors.html)
+//
+//   - DeleteBucketCors (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketCors.html)
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Simple Storage Service's
+// API operation GetBucketCors for usage and error information.
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketCors
+func (c *S3) GetBucketCors(input *GetBucketCorsInput) (*GetBucketCorsOutput, error) {
+	req, out := c.GetBucketCorsRequest(input)
+	return out, req.Send()
+}
+
+// GetBucketCorsWithContext is the same as GetBucketCors with the addition of
+// the ability to pass a context and additional request options.
+//
+// See GetBucketCors for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *S3) GetBucketCorsWithContext(ctx aws.Context, input *GetBucketCorsInput, opts ...request.Option) (*GetBucketCorsOutput, error) {
+	req, out := c.GetBucketCorsRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+const opGetBucketEncryption = "GetBucketEncryption"
+
+// GetBucketEncryptionRequest generates a "aws/request.Request" representing the
+// client's request for the GetBucketEncryption operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See GetBucketEncryption for more information on using the GetBucketEncryption
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//	// Example sending a request using the GetBucketEncryptionRequest method.
+//	req, resp := client.GetBucketEncryptionRequest(params)
+//
+//	err := req.Send()
+//	if err == nil { // resp is now filled
+//	    fmt.Println(resp)
+//	}
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketEncryption
+func (c *S3) GetBucketEncryptionRequest(input *GetBucketEncryptionInput) (req *request.Request, output *GetBucketEncryptionOutput) {
+	op := &request.Operation{
+		Name:       opGetBucketEncryption,
+		HTTPMethod: "GET",
+		HTTPPath:   "/{Bucket}?encryption",
+	}
+
+	if input == nil {
+		input = &GetBucketEncryptionInput{}
+	}
+
+	output = &GetBucketEncryptionOutput{}
+	req = c.newRequest(op, input, output)
+	return
+}
+
+// GetBucketEncryption API operation for Amazon Simple Storage Service.
+//
+// Returns the default encryption configuration for an Amazon S3 bucket. By
+// default, all buckets have a default encryption configuration that uses server-side
+// encryption with Amazon S3 managed keys (SSE-S3). For information about the
+// bucket default encryption feature, see Amazon S3 Bucket Default Encryption
+// (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html)
+// in the Amazon S3 User Guide.
+//
+// To use this operation, you must have permission to perform the s3:GetEncryptionConfiguration
+// action. The bucket owner has this permission by default. The bucket owner
+// can grant this permission to others. For more information about permissions,
+// see Permissions Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
+// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html).
+//
+// The following operations are related to GetBucketEncryption:
+//
+//   - PutBucketEncryption (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketEncryption.html)
+//
+//   - DeleteBucketEncryption (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketEncryption.html)
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Simple Storage Service's
+// API operation GetBucketEncryption for usage and error information.
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketEncryption
+func (c *S3) GetBucketEncryption(input *GetBucketEncryptionInput) (*GetBucketEncryptionOutput, error) {
+	req, out := c.GetBucketEncryptionRequest(input)
+	return out, req.Send()
+}
+
+// GetBucketEncryptionWithContext is the same as GetBucketEncryption with the addition of
+// the ability to pass a context and additional request options.
+//
+// See GetBucketEncryption for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *S3) GetBucketEncryptionWithContext(ctx aws.Context, input *GetBucketEncryptionInput, opts ...request.Option) (*GetBucketEncryptionOutput, error) {
+	req, out := c.GetBucketEncryptionRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+const opGetBucketIntelligentTieringConfiguration = "GetBucketIntelligentTieringConfiguration"
+
+// GetBucketIntelligentTieringConfigurationRequest generates a "aws/request.Request" representing the
+// client's request for the GetBucketIntelligentTieringConfiguration operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See GetBucketIntelligentTieringConfiguration for more information on using the GetBucketIntelligentTieringConfiguration
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//	// Example sending a request using the GetBucketIntelligentTieringConfigurationRequest method.
+//	req, resp := client.GetBucketIntelligentTieringConfigurationRequest(params)
+//
+//	err := req.Send()
+//	if err == nil { // resp is now filled
+//	    fmt.Println(resp)
+//	}
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketIntelligentTieringConfiguration
+func (c *S3) GetBucketIntelligentTieringConfigurationRequest(input *GetBucketIntelligentTieringConfigurationInput) (req *request.Request, output *GetBucketIntelligentTieringConfigurationOutput) {
+	op := &request.Operation{
+		Name:       opGetBucketIntelligentTieringConfiguration,
+		HTTPMethod: "GET",
+		HTTPPath:   "/{Bucket}?intelligent-tiering",
+	}
+
+	if input == nil {
+		input = &GetBucketIntelligentTieringConfigurationInput{}
+	}
+
+	output = &GetBucketIntelligentTieringConfigurationOutput{}
+	req = c.newRequest(op, input, output)
+	return
+}
+
+// GetBucketIntelligentTieringConfiguration API operation for Amazon Simple Storage Service.
+//
+// Gets the S3 Intelligent-Tiering configuration from the specified bucket.
+//
+// The S3 Intelligent-Tiering storage class is designed to optimize storage
+// costs by automatically moving data to the most cost-effective storage access
+// tier, without performance impact or operational overhead. S3 Intelligent-Tiering
+// delivers automatic cost savings in three low latency and high throughput
+// access tiers. To get the lowest storage cost on data that can be accessed
+// in minutes to hours, you can choose to activate additional archiving capabilities.
+//
+// The S3 Intelligent-Tiering storage class is the ideal storage class for data
+// with unknown, changing, or unpredictable access patterns, independent of
+// object size or retention period. If the size of an object is less than 128
+// KB, it is not monitored and not eligible for auto-tiering. Smaller objects
+// can be stored, but they are always charged at the Frequent Access tier rates
+// in the S3 Intelligent-Tiering storage class.
+//
+// For more information, see Storage class for automatically optimizing frequently
+// and infrequently accessed objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html#sc-dynamic-data-access).
+//
+// Operations related to GetBucketIntelligentTieringConfiguration include:
+//
+//   - DeleteBucketIntelligentTieringConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketIntelligentTieringConfiguration.html)
+//
+//   - PutBucketIntelligentTieringConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketIntelligentTieringConfiguration.html)
+//
+//   - ListBucketIntelligentTieringConfigurations (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketIntelligentTieringConfigurations.html)
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Simple Storage Service's
+// API operation GetBucketIntelligentTieringConfiguration for usage and error information.
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketIntelligentTieringConfiguration
+func (c *S3) GetBucketIntelligentTieringConfiguration(input *GetBucketIntelligentTieringConfigurationInput) (*GetBucketIntelligentTieringConfigurationOutput, error) {
+	req, out := c.GetBucketIntelligentTieringConfigurationRequest(input)
+	return out, req.Send()
+}
+
+// GetBucketIntelligentTieringConfigurationWithContext is the same as GetBucketIntelligentTieringConfiguration with the addition of
+// the ability to pass a context and additional request options.
+//
+// See GetBucketIntelligentTieringConfiguration for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *S3) GetBucketIntelligentTieringConfigurationWithContext(ctx aws.Context, input *GetBucketIntelligentTieringConfigurationInput, opts ...request.Option) (*GetBucketIntelligentTieringConfigurationOutput, error) {
+	req, out := c.GetBucketIntelligentTieringConfigurationRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+const opGetBucketInventoryConfiguration = "GetBucketInventoryConfiguration"
+
+// GetBucketInventoryConfigurationRequest generates a "aws/request.Request" representing the
+// client's request for the GetBucketInventoryConfiguration operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See GetBucketInventoryConfiguration for more information on using the GetBucketInventoryConfiguration
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//	// Example sending a request using the GetBucketInventoryConfigurationRequest method.
+//	req, resp := client.GetBucketInventoryConfigurationRequest(params)
+//
+//	err := req.Send()
+//	if err == nil { // resp is now filled
+//	    fmt.Println(resp)
+//	}
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketInventoryConfiguration
+func (c *S3) GetBucketInventoryConfigurationRequest(input *GetBucketInventoryConfigurationInput) (req *request.Request, output *GetBucketInventoryConfigurationOutput) {
+	op := &request.Operation{
+		Name:       opGetBucketInventoryConfiguration,
+		HTTPMethod: "GET",
+		HTTPPath:   "/{Bucket}?inventory",
+	}
+
+	if input == nil {
+		input = &GetBucketInventoryConfigurationInput{}
+	}
+
+	output = &GetBucketInventoryConfigurationOutput{}
+	req = c.newRequest(op, input, output)
+	return
+}
+
+// GetBucketInventoryConfiguration API operation for Amazon Simple Storage Service.
+//
+// Returns an inventory configuration (identified by the inventory configuration
+// ID) from the bucket.
+//
+// To use this operation, you must have permissions to perform the s3:GetInventoryConfiguration
+// action. The bucket owner has this permission by default and can grant this
+// permission to others. For more information about permissions, see Permissions
+// Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
+// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html).
+//
+// For information about the Amazon S3 inventory feature, see Amazon S3 Inventory
+// (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-inventory.html).
+//
+// The following operations are related to GetBucketInventoryConfiguration:
+//
+//   - DeleteBucketInventoryConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketInventoryConfiguration.html)
+//
+//   - ListBucketInventoryConfigurations (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketInventoryConfigurations.html)
+//
+//   - PutBucketInventoryConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketInventoryConfiguration.html)
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Simple Storage Service's
+// API operation GetBucketInventoryConfiguration for usage and error information.
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketInventoryConfiguration
+func (c *S3) GetBucketInventoryConfiguration(input *GetBucketInventoryConfigurationInput) (*GetBucketInventoryConfigurationOutput, error) {
+	req, out := c.GetBucketInventoryConfigurationRequest(input)
+	return out, req.Send()
+}
+
+// GetBucketInventoryConfigurationWithContext is the same as GetBucketInventoryConfiguration with the addition of
+// the ability to pass a context and additional request options.
+//
+// See GetBucketInventoryConfiguration for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *S3) GetBucketInventoryConfigurationWithContext(ctx aws.Context, input *GetBucketInventoryConfigurationInput, opts ...request.Option) (*GetBucketInventoryConfigurationOutput, error) {
+	req, out := c.GetBucketInventoryConfigurationRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+const opGetBucketLifecycle = "GetBucketLifecycle"
+
+// GetBucketLifecycleRequest generates a "aws/request.Request" representing the
+// client's request for the GetBucketLifecycle operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See GetBucketLifecycle for more information on using the GetBucketLifecycle
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//	// Example sending a request using the GetBucketLifecycleRequest method.
+//	req, resp := client.GetBucketLifecycleRequest(params)
+//
+//	err := req.Send()
+//	if err == nil { // resp is now filled
+//	    fmt.Println(resp)
+//	}
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketLifecycle
+//
+// Deprecated: GetBucketLifecycle has been deprecated
+func (c *S3) GetBucketLifecycleRequest(input *GetBucketLifecycleInput) (req *request.Request, output *GetBucketLifecycleOutput) {
+	if c.Client.Config.Logger != nil {
+		c.Client.Config.Logger.Log("This operation, GetBucketLifecycle, has been deprecated")
+	}
+	op := &request.Operation{
+		Name:       opGetBucketLifecycle,
+		HTTPMethod: "GET",
+		HTTPPath:   "/{Bucket}?lifecycle",
+	}
+
+	if input == nil {
+		input = &GetBucketLifecycleInput{}
+	}
+
+	output = &GetBucketLifecycleOutput{}
+	req = c.newRequest(op, input, output)
+	return
+}
+
+// GetBucketLifecycle API operation for Amazon Simple Storage Service.
+//
+// For an updated version of this API, see GetBucketLifecycleConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketLifecycleConfiguration.html).
+// If you configured a bucket lifecycle using the filter element, you should
+// see the updated version of this topic. This topic is provided for backward
+// compatibility.
+//
+// Returns the lifecycle configuration information set on the bucket. For information
+// about lifecycle configuration, see Object Lifecycle Management (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html).
+//
+// To use this operation, you must have permission to perform the s3:GetLifecycleConfiguration
+// action. The bucket owner has this permission by default. The bucket owner
+// can grant this permission to others. For more information about permissions,
+// see Permissions Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
+// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html).
+//
+// GetBucketLifecycle has the following special error:
+//
+//   - Error code: NoSuchLifecycleConfiguration Description: The lifecycle
+//     configuration does not exist. HTTP Status Code: 404 Not Found SOAP Fault
+//     Code Prefix: Client
+//
+// The following operations are related to GetBucketLifecycle:
+//
+//   - GetBucketLifecycleConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketLifecycleConfiguration.html)
+//
+//   - PutBucketLifecycle (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycle.html)
+//
+//   - DeleteBucketLifecycle (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketLifecycle.html)
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Simple Storage Service's
+// API operation GetBucketLifecycle for usage and error information.
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketLifecycle
+//
+// Deprecated: GetBucketLifecycle has been deprecated
+func (c *S3) GetBucketLifecycle(input *GetBucketLifecycleInput) (*GetBucketLifecycleOutput, error) {
+	req, out := c.GetBucketLifecycleRequest(input)
+	return out, req.Send()
+}
+
+// GetBucketLifecycleWithContext is the same as GetBucketLifecycle with the addition of
+// the ability to pass a context and additional request options.
+//
+// See GetBucketLifecycle for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+//
+// Deprecated: GetBucketLifecycleWithContext has been deprecated
+func (c *S3) GetBucketLifecycleWithContext(ctx aws.Context, input *GetBucketLifecycleInput, opts ...request.Option) (*GetBucketLifecycleOutput, error) {
+	req, out := c.GetBucketLifecycleRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+const opGetBucketLifecycleConfiguration = "GetBucketLifecycleConfiguration"
+
+// GetBucketLifecycleConfigurationRequest generates a "aws/request.Request" representing the
+// client's request for the GetBucketLifecycleConfiguration operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See GetBucketLifecycleConfiguration for more information on using the GetBucketLifecycleConfiguration
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//	// Example sending a request using the GetBucketLifecycleConfigurationRequest method.
+//	req, resp := client.GetBucketLifecycleConfigurationRequest(params)
+//
+//	err := req.Send()
+//	if err == nil { // resp is now filled
+//	    fmt.Println(resp)
+//	}
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketLifecycleConfiguration
+func (c *S3) GetBucketLifecycleConfigurationRequest(input *GetBucketLifecycleConfigurationInput) (req *request.Request, output *GetBucketLifecycleConfigurationOutput) {
+	op := &request.Operation{
+		Name:       opGetBucketLifecycleConfiguration,
+		HTTPMethod: "GET",
+		HTTPPath:   "/{Bucket}?lifecycle",
+	}
+
+	if input == nil {
+		input = &GetBucketLifecycleConfigurationInput{}
+	}
+
+	output = &GetBucketLifecycleConfigurationOutput{}
+	req = c.newRequest(op, input, output)
+	return
+}
+
+// GetBucketLifecycleConfiguration API operation for Amazon Simple Storage Service.
+//
+// Bucket lifecycle configuration now supports specifying a lifecycle rule using
+// an object key name prefix, one or more object tags, or a combination of both.
+// Accordingly, this section describes the latest API. The response describes
+// the new filter element that you can use to specify a filter to select a subset
+// of objects to which the rule applies. If you are using a previous version
+// of the lifecycle configuration, it still works. For the earlier action, see
+// GetBucketLifecycle (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketLifecycle.html).
+//
+// Returns the lifecycle configuration information set on the bucket. For information
+// about lifecycle configuration, see Object Lifecycle Management (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html).
+//
+// To use this operation, you must have permission to perform the s3:GetLifecycleConfiguration
+// action. The bucket owner has this permission, by default. The bucket owner
+// can grant this permission to others. For more information about permissions,
+// see Permissions Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
+// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html).
+//
+// GetBucketLifecycleConfiguration has the following special error:
+//
+//   - Error code: NoSuchLifecycleConfiguration Description: The lifecycle
+//     configuration does not exist. HTTP Status Code: 404 Not Found SOAP Fault
+//     Code Prefix: Client
+//
+// The following operations are related to GetBucketLifecycleConfiguration:
+//
+//   - GetBucketLifecycle (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketLifecycle.html)
+//
+//   - PutBucketLifecycle (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycle.html)
+//
+//   - DeleteBucketLifecycle (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketLifecycle.html)
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Simple Storage Service's
+// API operation GetBucketLifecycleConfiguration for usage and error information.
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketLifecycleConfiguration
+func (c *S3) GetBucketLifecycleConfiguration(input *GetBucketLifecycleConfigurationInput) (*GetBucketLifecycleConfigurationOutput, error) {
+	req, out := c.GetBucketLifecycleConfigurationRequest(input)
+	return out, req.Send()
+}
+
+// GetBucketLifecycleConfigurationWithContext is the same as GetBucketLifecycleConfiguration with the addition of
+// the ability to pass a context and additional request options.
+//
+// See GetBucketLifecycleConfiguration for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *S3) GetBucketLifecycleConfigurationWithContext(ctx aws.Context, input *GetBucketLifecycleConfigurationInput, opts ...request.Option) (*GetBucketLifecycleConfigurationOutput, error) {
+	req, out := c.GetBucketLifecycleConfigurationRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+const opGetBucketLocation = "GetBucketLocation"
+
+// GetBucketLocationRequest generates a "aws/request.Request" representing the
+// client's request for the GetBucketLocation operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See GetBucketLocation for more information on using the GetBucketLocation
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//	// Example sending a request using the GetBucketLocationRequest method.
+//	req, resp := client.GetBucketLocationRequest(params)
+//
+//	err := req.Send()
+//	if err == nil { // resp is now filled
+//	    fmt.Println(resp)
+//	}
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketLocation
+func (c *S3) GetBucketLocationRequest(input *GetBucketLocationInput) (req *request.Request, output *GetBucketLocationOutput) {
+	op := &request.Operation{
+		Name:       opGetBucketLocation,
+		HTTPMethod: "GET",
+		HTTPPath:   "/{Bucket}?location",
+	}
+
+	if input == nil {
+		input = &GetBucketLocationInput{}
+	}
+
+	output = &GetBucketLocationOutput{}
+	req = c.newRequest(op, input, output)
+	return
+}
+
+// GetBucketLocation API operation for Amazon Simple Storage Service.
+//
+// Returns the Region the bucket resides in. You set the bucket's Region using
+// the LocationConstraint request parameter in a CreateBucket request. For more
+// information, see CreateBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html).
+//
+// To use this API operation against an access point, provide the alias of the
+// access point in place of the bucket name.
+//
+// To use this API operation against an Object Lambda access point, provide
+// the alias of the Object Lambda access point in place of the bucket name.
+// If the Object Lambda access point alias in a request is not valid, the error
+// code InvalidAccessPointAliasError is returned. For more information about
+// InvalidAccessPointAliasError, see List of Error Codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList).
+//
+// We recommend that you use HeadBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_HeadBucket.html)
+// to return the Region that a bucket resides in. For backward compatibility,
+// Amazon S3 continues to support GetBucketLocation.
+//
+// The following operations are related to GetBucketLocation:
+//
+//   - GetObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html)
+//
+//   - CreateBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html)
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Simple Storage Service's
+// API operation GetBucketLocation for usage and error information.
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketLocation
+func (c *S3) GetBucketLocation(input *GetBucketLocationInput) (*GetBucketLocationOutput, error) {
+	req, out := c.GetBucketLocationRequest(input)
+	return out, req.Send()
+}
+
+// GetBucketLocationWithContext is the same as GetBucketLocation with the addition of
+// the ability to pass a context and additional request options.
+//
+// See GetBucketLocation for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *S3) GetBucketLocationWithContext(ctx aws.Context, input *GetBucketLocationInput, opts ...request.Option) (*GetBucketLocationOutput, error) {
+	req, out := c.GetBucketLocationRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+const opGetBucketLogging = "GetBucketLogging"
+
+// GetBucketLoggingRequest generates a "aws/request.Request" representing the
+// client's request for the GetBucketLogging operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See GetBucketLogging for more information on using the GetBucketLogging
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//	// Example sending a request using the GetBucketLoggingRequest method.
+//	req, resp := client.GetBucketLoggingRequest(params)
+//
+//	err := req.Send()
+//	if err == nil { // resp is now filled
+//	    fmt.Println(resp)
+//	}
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketLogging
+func (c *S3) GetBucketLoggingRequest(input *GetBucketLoggingInput) (req *request.Request, output *GetBucketLoggingOutput) {
+	op := &request.Operation{
+		Name:       opGetBucketLogging,
+		HTTPMethod: "GET",
+		HTTPPath:   "/{Bucket}?logging",
+	}
+
+	if input == nil {
+		input = &GetBucketLoggingInput{}
+	}
+
+	output = &GetBucketLoggingOutput{}
+	req = c.newRequest(op, input, output)
+	return
+}
+
+// GetBucketLogging API operation for Amazon Simple Storage Service.
+//
+// Returns the logging status of a bucket and the permissions users have to
+// view and modify that status.
+//
+// The following operations are related to GetBucketLogging:
+//
+//   - CreateBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html)
+//
+//   - PutBucketLogging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLogging.html)
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Simple Storage Service's
+// API operation GetBucketLogging for usage and error information.
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketLogging
+func (c *S3) GetBucketLogging(input *GetBucketLoggingInput) (*GetBucketLoggingOutput, error) {
+	req, out := c.GetBucketLoggingRequest(input)
+	return out, req.Send()
+}
+
+// GetBucketLoggingWithContext is the same as GetBucketLogging with the addition of
+// the ability to pass a context and additional request options.
+//
+// See GetBucketLogging for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *S3) GetBucketLoggingWithContext(ctx aws.Context, input *GetBucketLoggingInput, opts ...request.Option) (*GetBucketLoggingOutput, error) {
+	req, out := c.GetBucketLoggingRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+const opGetBucketMetricsConfiguration = "GetBucketMetricsConfiguration"
+
+// GetBucketMetricsConfigurationRequest generates a "aws/request.Request" representing the
+// client's request for the GetBucketMetricsConfiguration operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See GetBucketMetricsConfiguration for more information on using the GetBucketMetricsConfiguration
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//	// Example sending a request using the GetBucketMetricsConfigurationRequest method.
+//	req, resp := client.GetBucketMetricsConfigurationRequest(params)
+//
+//	err := req.Send()
+//	if err == nil { // resp is now filled
+//	    fmt.Println(resp)
+//	}
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketMetricsConfiguration
+func (c *S3) GetBucketMetricsConfigurationRequest(input *GetBucketMetricsConfigurationInput) (req *request.Request, output *GetBucketMetricsConfigurationOutput) {
+	op := &request.Operation{
+		Name:       opGetBucketMetricsConfiguration,
+		HTTPMethod: "GET",
+		HTTPPath:   "/{Bucket}?metrics",
+	}
+
+	if input == nil {
+		input = &GetBucketMetricsConfigurationInput{}
+	}
+
+	output = &GetBucketMetricsConfigurationOutput{}
+	req = c.newRequest(op, input, output)
+	return
+}
+
+// GetBucketMetricsConfiguration API operation for Amazon Simple Storage Service.
+//
+// Gets a metrics configuration (specified by the metrics configuration ID)
+// from the bucket. Note that this doesn't include the daily storage metrics.
+//
+// To use this operation, you must have permissions to perform the s3:GetMetricsConfiguration
+// action. The bucket owner has this permission by default. The bucket owner
+// can grant this permission to others. For more information about permissions,
+// see Permissions Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
+// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html).
+//
+// For information about CloudWatch request metrics for Amazon S3, see Monitoring
+// Metrics with Amazon CloudWatch (https://docs.aws.amazon.com/AmazonS3/latest/dev/cloudwatch-monitoring.html).
+//
+// The following operations are related to GetBucketMetricsConfiguration:
+//
+//   - PutBucketMetricsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketMetricsConfiguration.html)
+//
+//   - DeleteBucketMetricsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketMetricsConfiguration.html)
+//
+//   - ListBucketMetricsConfigurations (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketMetricsConfigurations.html)
+//
+//   - Monitoring Metrics with Amazon CloudWatch (https://docs.aws.amazon.com/AmazonS3/latest/dev/cloudwatch-monitoring.html)
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Simple Storage Service's
+// API operation GetBucketMetricsConfiguration for usage and error information.
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketMetricsConfiguration
+func (c *S3) GetBucketMetricsConfiguration(input *GetBucketMetricsConfigurationInput) (*GetBucketMetricsConfigurationOutput, error) {
+	req, out := c.GetBucketMetricsConfigurationRequest(input)
+	return out, req.Send()
+}
+
+// GetBucketMetricsConfigurationWithContext is the same as GetBucketMetricsConfiguration with the addition of
+// the ability to pass a context and additional request options.
+//
+// See GetBucketMetricsConfiguration for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *S3) GetBucketMetricsConfigurationWithContext(ctx aws.Context, input *GetBucketMetricsConfigurationInput, opts ...request.Option) (*GetBucketMetricsConfigurationOutput, error) {
+	req, out := c.GetBucketMetricsConfigurationRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+const opGetBucketNotification = "GetBucketNotification"
+
+// GetBucketNotificationRequest generates a "aws/request.Request" representing the
+// client's request for the GetBucketNotification operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See GetBucketNotification for more information on using the GetBucketNotification
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//	// Example sending a request using the GetBucketNotificationRequest method.
+//	req, resp := client.GetBucketNotificationRequest(params)
+//
+//	err := req.Send()
+//	if err == nil { // resp is now filled
+//	    fmt.Println(resp)
+//	}
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketNotification
+//
+// Deprecated: GetBucketNotification has been deprecated
+func (c *S3) GetBucketNotificationRequest(input *GetBucketNotificationConfigurationRequest) (req *request.Request, output *NotificationConfigurationDeprecated) {
+	if c.Client.Config.Logger != nil {
+		c.Client.Config.Logger.Log("This operation, GetBucketNotification, has been deprecated")
+	}
+	op := &request.Operation{
+		Name:       opGetBucketNotification,
+		HTTPMethod: "GET",
+		HTTPPath:   "/{Bucket}?notification",
+	}
+
+	if input == nil {
+		input = &GetBucketNotificationConfigurationRequest{}
+	}
+
+	output = &NotificationConfigurationDeprecated{}
+	req = c.newRequest(op, input, output)
+	return
+}
+
+// GetBucketNotification API operation for Amazon Simple Storage Service.
+//
+// No longer used, see GetBucketNotificationConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketNotificationConfiguration.html).
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Simple Storage Service's
+// API operation GetBucketNotification for usage and error information.
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketNotification
+//
+// Deprecated: GetBucketNotification has been deprecated
+func (c *S3) GetBucketNotification(input *GetBucketNotificationConfigurationRequest) (*NotificationConfigurationDeprecated, error) {
+	req, out := c.GetBucketNotificationRequest(input)
+	return out, req.Send()
+}
+
+// GetBucketNotificationWithContext is the same as GetBucketNotification with the addition of
+// the ability to pass a context and additional request options.
+//
+// See GetBucketNotification for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+//
+// Deprecated: GetBucketNotificationWithContext has been deprecated
+func (c *S3) GetBucketNotificationWithContext(ctx aws.Context, input *GetBucketNotificationConfigurationRequest, opts ...request.Option) (*NotificationConfigurationDeprecated, error) {
+	req, out := c.GetBucketNotificationRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+const opGetBucketNotificationConfiguration = "GetBucketNotificationConfiguration"
+
+// GetBucketNotificationConfigurationRequest generates a "aws/request.Request" representing the
+// client's request for the GetBucketNotificationConfiguration operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See GetBucketNotificationConfiguration for more information on using the GetBucketNotificationConfiguration
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//	// Example sending a request using the GetBucketNotificationConfigurationRequest method.
+//	req, resp := client.GetBucketNotificationConfigurationRequest(params)
+//
+//	err := req.Send()
+//	if err == nil { // resp is now filled
+//	    fmt.Println(resp)
+//	}
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketNotificationConfiguration
+func (c *S3) GetBucketNotificationConfigurationRequest(input *GetBucketNotificationConfigurationRequest) (req *request.Request, output *NotificationConfiguration) {
+	op := &request.Operation{
+		Name:       opGetBucketNotificationConfiguration,
+		HTTPMethod: "GET",
+		HTTPPath:   "/{Bucket}?notification",
+	}
+
+	if input == nil {
+		input = &GetBucketNotificationConfigurationRequest{}
+	}
+
+	output = &NotificationConfiguration{}
+	req = c.newRequest(op, input, output)
+	return
+}
+
+// GetBucketNotificationConfiguration API operation for Amazon Simple Storage Service.
+//
+// Returns the notification configuration of a bucket.
+//
+// If notifications are not enabled on the bucket, the action returns an empty
+// NotificationConfiguration element.
+//
+// By default, you must be the bucket owner to read the notification configuration
+// of a bucket. However, the bucket owner can use a bucket policy to grant permission
+// to other users to read this configuration with the s3:GetBucketNotification
+// permission.
+//
+// To use this API operation against an access point, provide the alias of the
+// access point in place of the bucket name.
+//
+// To use this API operation against an Object Lambda access point, provide
+// the alias of the Object Lambda access point in place of the bucket name.
+// If the Object Lambda access point alias in a request is not valid, the error
+// code InvalidAccessPointAliasError is returned. For more information about
+// InvalidAccessPointAliasError, see List of Error Codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList).
+//
+// For more information about setting and reading the notification configuration
+// on a bucket, see Setting Up Notification of Bucket Events (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html).
+// For more information about bucket policies, see Using Bucket Policies (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-iam-policies.html).
+//
+// The following action is related to GetBucketNotification:
+//
+//   - PutBucketNotification (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketNotification.html)
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Simple Storage Service's
+// API operation GetBucketNotificationConfiguration for usage and error information.
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketNotificationConfiguration
+func (c *S3) GetBucketNotificationConfiguration(input *GetBucketNotificationConfigurationRequest) (*NotificationConfiguration, error) {
+	req, out := c.GetBucketNotificationConfigurationRequest(input)
+	return out, req.Send()
+}
+
+// GetBucketNotificationConfigurationWithContext is the same as GetBucketNotificationConfiguration with the addition of
+// the ability to pass a context and additional request options.
+//
+// See GetBucketNotificationConfiguration for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *S3) GetBucketNotificationConfigurationWithContext(ctx aws.Context, input *GetBucketNotificationConfigurationRequest, opts ...request.Option) (*NotificationConfiguration, error) {
+	req, out := c.GetBucketNotificationConfigurationRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+const opGetBucketOwnershipControls = "GetBucketOwnershipControls"
+
+// GetBucketOwnershipControlsRequest generates a "aws/request.Request" representing the
+// client's request for the GetBucketOwnershipControls operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See GetBucketOwnershipControls for more information on using the GetBucketOwnershipControls
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//	// Example sending a request using the GetBucketOwnershipControlsRequest method.
+//	req, resp := client.GetBucketOwnershipControlsRequest(params)
+//
+//	err := req.Send()
+//	if err == nil { // resp is now filled
+//	    fmt.Println(resp)
+//	}
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketOwnershipControls
+func (c *S3) GetBucketOwnershipControlsRequest(input *GetBucketOwnershipControlsInput) (req *request.Request, output *GetBucketOwnershipControlsOutput) {
+	op := &request.Operation{
+		Name:       opGetBucketOwnershipControls,
+		HTTPMethod: "GET",
+		HTTPPath:   "/{Bucket}?ownershipControls",
+	}
+
+	if input == nil {
+		input = &GetBucketOwnershipControlsInput{}
+	}
+
+	output = &GetBucketOwnershipControlsOutput{}
+	req = c.newRequest(op, input, output)
+	return
+}
+
+// GetBucketOwnershipControls API operation for Amazon Simple Storage Service.
+//
+// Retrieves OwnershipControls for an Amazon S3 bucket. To use this operation,
+// you must have the s3:GetBucketOwnershipControls permission. For more information
+// about Amazon S3 permissions, see Specifying permissions in a policy (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html).
+//
+// For information about Amazon S3 Object Ownership, see Using Object Ownership
+// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html).
+//
+// The following operations are related to GetBucketOwnershipControls:
+//
+//   - PutBucketOwnershipControls
+//
+//   - DeleteBucketOwnershipControls
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Simple Storage Service's
+// API operation GetBucketOwnershipControls for usage and error information.
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketOwnershipControls
+func (c *S3) GetBucketOwnershipControls(input *GetBucketOwnershipControlsInput) (*GetBucketOwnershipControlsOutput, error) {
+	req, out := c.GetBucketOwnershipControlsRequest(input)
+	return out, req.Send()
+}
+
+// GetBucketOwnershipControlsWithContext is the same as GetBucketOwnershipControls with the addition of
+// the ability to pass a context and additional request options.
+//
+// See GetBucketOwnershipControls for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *S3) GetBucketOwnershipControlsWithContext(ctx aws.Context, input *GetBucketOwnershipControlsInput, opts ...request.Option) (*GetBucketOwnershipControlsOutput, error) {
+	req, out := c.GetBucketOwnershipControlsRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+const opGetBucketPolicy = "GetBucketPolicy"
+
+// GetBucketPolicyRequest generates a "aws/request.Request" representing the
+// client's request for the GetBucketPolicy operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See GetBucketPolicy for more information on using the GetBucketPolicy
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//	// Example sending a request using the GetBucketPolicyRequest method.
+//	req, resp := client.GetBucketPolicyRequest(params)
+//
+//	err := req.Send()
+//	if err == nil { // resp is now filled
+//	    fmt.Println(resp)
+//	}
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketPolicy
+func (c *S3) GetBucketPolicyRequest(input *GetBucketPolicyInput) (req *request.Request, output *GetBucketPolicyOutput) {
+	op := &request.Operation{
+		Name:       opGetBucketPolicy,
+		HTTPMethod: "GET",
+		HTTPPath:   "/{Bucket}?policy",
+	}
+
+	if input == nil {
+		input = &GetBucketPolicyInput{}
+	}
+
+	output = &GetBucketPolicyOutput{}
+	req = c.newRequest(op, input, output)
+	return
+}
+
+// GetBucketPolicy API operation for Amazon Simple Storage Service.
+//
+// Returns the policy of a specified bucket. If you are using an identity other
+// than the root user of the Amazon Web Services account that owns the bucket,
+// the calling identity must have the GetBucketPolicy permissions on the specified
+// bucket and belong to the bucket owner's account in order to use this operation.
+//
+// If you don't have GetBucketPolicy permissions, Amazon S3 returns a 403 Access
+// Denied error. If you have the correct permissions, but you're not using an
+// identity that belongs to the bucket owner's account, Amazon S3 returns a
+// 405 Method Not Allowed error.
+//
+// To ensure that bucket owners don't inadvertently lock themselves out of their
+// own buckets, the root principal in a bucket owner's Amazon Web Services account
+// can perform the GetBucketPolicy, PutBucketPolicy, and DeleteBucketPolicy
+// API actions, even if their bucket policy explicitly denies the root principal's
+// access. Bucket owner root principals can only be blocked from performing
+// these API actions by VPC endpoint policies and Amazon Web Services Organizations
+// policies.
+//
+// To use this API operation against an access point, provide the alias of the
+// access point in place of the bucket name.
+//
+// To use this API operation against an Object Lambda access point, provide
+// the alias of the Object Lambda access point in place of the bucket name.
+// If the Object Lambda access point alias in a request is not valid, the error
+// code InvalidAccessPointAliasError is returned. For more information about
+// InvalidAccessPointAliasError, see List of Error Codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList).
+//
+// For more information about bucket policies, see Using Bucket Policies and
+// User Policies (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-iam-policies.html).
+//
+// The following action is related to GetBucketPolicy:
+//
+//   - GetObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html)
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Simple Storage Service's
+// API operation GetBucketPolicy for usage and error information.
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketPolicy
+func (c *S3) GetBucketPolicy(input *GetBucketPolicyInput) (*GetBucketPolicyOutput, error) {
+	req, out := c.GetBucketPolicyRequest(input)
+	return out, req.Send()
+}
+
+// GetBucketPolicyWithContext is the same as GetBucketPolicy with the addition of
+// the ability to pass a context and additional request options.
+//
+// See GetBucketPolicy for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *S3) GetBucketPolicyWithContext(ctx aws.Context, input *GetBucketPolicyInput, opts ...request.Option) (*GetBucketPolicyOutput, error) {
+	req, out := c.GetBucketPolicyRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+const opGetBucketPolicyStatus = "GetBucketPolicyStatus"
+
+// GetBucketPolicyStatusRequest generates a "aws/request.Request" representing the
+// client's request for the GetBucketPolicyStatus operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See GetBucketPolicyStatus for more information on using the GetBucketPolicyStatus
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//	// Example sending a request using the GetBucketPolicyStatusRequest method.
+//	req, resp := client.GetBucketPolicyStatusRequest(params)
+//
+//	err := req.Send()
+//	if err == nil { // resp is now filled
+//	    fmt.Println(resp)
+//	}
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketPolicyStatus
+func (c *S3) GetBucketPolicyStatusRequest(input *GetBucketPolicyStatusInput) (req *request.Request, output *GetBucketPolicyStatusOutput) {
+	op := &request.Operation{
+		Name:       opGetBucketPolicyStatus,
+		HTTPMethod: "GET",
+		HTTPPath:   "/{Bucket}?policyStatus",
+	}
+
+	if input == nil {
+		input = &GetBucketPolicyStatusInput{}
+	}
+
+	output = &GetBucketPolicyStatusOutput{}
+	req = c.newRequest(op, input, output)
+	return
+}
+
+// GetBucketPolicyStatus API operation for Amazon Simple Storage Service.
+//
+// Retrieves the policy status for an Amazon S3 bucket, indicating whether the
+// bucket is public. In order to use this operation, you must have the s3:GetBucketPolicyStatus
+// permission. For more information about Amazon S3 permissions, see Specifying
+// Permissions in a Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html).
+//
+// For more information about when Amazon S3 considers a bucket public, see
+// The Meaning of "Public" (https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html#access-control-block-public-access-policy-status).
+//
+// The following operations are related to GetBucketPolicyStatus:
+//
+//   - Using Amazon S3 Block Public Access (https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html)
+//
+//   - GetPublicAccessBlock (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetPublicAccessBlock.html)
+//
+//   - PutPublicAccessBlock (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutPublicAccessBlock.html)
+//
+//   - DeletePublicAccessBlock (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeletePublicAccessBlock.html)
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Simple Storage Service's
+// API operation GetBucketPolicyStatus for usage and error information.
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketPolicyStatus
+func (c *S3) GetBucketPolicyStatus(input *GetBucketPolicyStatusInput) (*GetBucketPolicyStatusOutput, error) {
+	req, out := c.GetBucketPolicyStatusRequest(input)
+	return out, req.Send()
+}
+
+// GetBucketPolicyStatusWithContext is the same as GetBucketPolicyStatus with the addition of
+// the ability to pass a context and additional request options.
+//
+// See GetBucketPolicyStatus for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *S3) GetBucketPolicyStatusWithContext(ctx aws.Context, input *GetBucketPolicyStatusInput, opts ...request.Option) (*GetBucketPolicyStatusOutput, error) {
+	req, out := c.GetBucketPolicyStatusRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+const opGetBucketReplication = "GetBucketReplication"
+
+// GetBucketReplicationRequest generates a "aws/request.Request" representing the
+// client's request for the GetBucketReplication operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See GetBucketReplication for more information on using the GetBucketReplication
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//	// Example sending a request using the GetBucketReplicationRequest method.
+//	req, resp := client.GetBucketReplicationRequest(params)
+//
+//	err := req.Send()
+//	if err == nil { // resp is now filled
+//	    fmt.Println(resp)
+//	}
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketReplication
+func (c *S3) GetBucketReplicationRequest(input *GetBucketReplicationInput) (req *request.Request, output *GetBucketReplicationOutput) {
+	op := &request.Operation{
+		Name:       opGetBucketReplication,
+		HTTPMethod: "GET",
+		HTTPPath:   "/{Bucket}?replication",
+	}
+
+	if input == nil {
+		input = &GetBucketReplicationInput{}
+	}
+
+	output = &GetBucketReplicationOutput{}
+	req = c.newRequest(op, input, output)
+	return
+}
+
+// GetBucketReplication API operation for Amazon Simple Storage Service.
+//
+// Returns the replication configuration of a bucket.
+//
+// It can take a while to propagate the put or delete a replication configuration
+// to all Amazon S3 systems. Therefore, a get request soon after put or delete
+// can return a wrong result.
+//
+// For information about replication configuration, see Replication (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication.html)
+// in the Amazon S3 User Guide.
+//
+// This action requires permissions for the s3:GetReplicationConfiguration action.
+// For more information about permissions, see Using Bucket Policies and User
+// Policies (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-iam-policies.html).
+//
+// If you include the Filter element in a replication configuration, you must
+// also include the DeleteMarkerReplication and Priority elements. The response
+// also returns those elements.
+//
+// For information about GetBucketReplication errors, see List of replication-related
+// error codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ReplicationErrorCodeList)
+//
+// The following operations are related to GetBucketReplication:
+//
+//   - PutBucketReplication (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketReplication.html)
+//
+//   - DeleteBucketReplication (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketReplication.html)
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Simple Storage Service's
+// API operation GetBucketReplication for usage and error information.
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketReplication
+func (c *S3) GetBucketReplication(input *GetBucketReplicationInput) (*GetBucketReplicationOutput, error) {
+	req, out := c.GetBucketReplicationRequest(input)
+	return out, req.Send()
+}
+
+// GetBucketReplicationWithContext is the same as GetBucketReplication with the addition of
+// the ability to pass a context and additional request options.
+//
+// See GetBucketReplication for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *S3) GetBucketReplicationWithContext(ctx aws.Context, input *GetBucketReplicationInput, opts ...request.Option) (*GetBucketReplicationOutput, error) {
+	req, out := c.GetBucketReplicationRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+const opGetBucketRequestPayment = "GetBucketRequestPayment"
+
+// GetBucketRequestPaymentRequest generates a "aws/request.Request" representing the
+// client's request for the GetBucketRequestPayment operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See GetBucketRequestPayment for more information on using the GetBucketRequestPayment
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//	// Example sending a request using the GetBucketRequestPaymentRequest method.
+//	req, resp := client.GetBucketRequestPaymentRequest(params)
+//
+//	err := req.Send()
+//	if err == nil { // resp is now filled
+//	    fmt.Println(resp)
+//	}
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketRequestPayment
+func (c *S3) GetBucketRequestPaymentRequest(input *GetBucketRequestPaymentInput) (req *request.Request, output *GetBucketRequestPaymentOutput) {
+	op := &request.Operation{
+		Name:       opGetBucketRequestPayment,
+		HTTPMethod: "GET",
+		HTTPPath:   "/{Bucket}?requestPayment",
+	}
+
+	if input == nil {
+		input = &GetBucketRequestPaymentInput{}
+	}
+
+	output = &GetBucketRequestPaymentOutput{}
+	req = c.newRequest(op, input, output)
+	return
+}
+
+// GetBucketRequestPayment API operation for Amazon Simple Storage Service.
+//
+// Returns the request payment configuration of a bucket. To use this version
+// of the operation, you must be the bucket owner. For more information, see
+// Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/RequesterPaysBuckets.html).
+//
+// The following operations are related to GetBucketRequestPayment:
+//
+//   - ListObjects (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListObjects.html)
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Simple Storage Service's
+// API operation GetBucketRequestPayment for usage and error information.
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketRequestPayment
+func (c *S3) GetBucketRequestPayment(input *GetBucketRequestPaymentInput) (*GetBucketRequestPaymentOutput, error) {
+	req, out := c.GetBucketRequestPaymentRequest(input)
+	return out, req.Send()
+}
+
+// GetBucketRequestPaymentWithContext is the same as GetBucketRequestPayment with the addition of
+// the ability to pass a context and additional request options.
+//
+// See GetBucketRequestPayment for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *S3) GetBucketRequestPaymentWithContext(ctx aws.Context, input *GetBucketRequestPaymentInput, opts ...request.Option) (*GetBucketRequestPaymentOutput, error) {
+	req, out := c.GetBucketRequestPaymentRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+const opGetBucketTagging = "GetBucketTagging"
+
+// GetBucketTaggingRequest generates a "aws/request.Request" representing the
+// client's request for the GetBucketTagging operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See GetBucketTagging for more information on using the GetBucketTagging
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//	// Example sending a request using the GetBucketTaggingRequest method.
+//	req, resp := client.GetBucketTaggingRequest(params)
+//
+//	err := req.Send()
+//	if err == nil { // resp is now filled
+//	    fmt.Println(resp)
+//	}
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketTagging
+func (c *S3) GetBucketTaggingRequest(input *GetBucketTaggingInput) (req *request.Request, output *GetBucketTaggingOutput) {
+	op := &request.Operation{
+		Name:       opGetBucketTagging,
+		HTTPMethod: "GET",
+		HTTPPath:   "/{Bucket}?tagging",
+	}
+
+	if input == nil {
+		input = &GetBucketTaggingInput{}
+	}
+
+	output = &GetBucketTaggingOutput{}
+	req = c.newRequest(op, input, output)
+	return
+}
+
+// GetBucketTagging API operation for Amazon Simple Storage Service.
+//
+// Returns the tag set associated with the bucket.
+//
+// To use this operation, you must have permission to perform the s3:GetBucketTagging
+// action. By default, the bucket owner has this permission and can grant this
+// permission to others.
+//
+// GetBucketTagging has the following special error:
+//
+//   - Error code: NoSuchTagSet Description: There is no tag set associated
+//     with the bucket.
+//
+// The following operations are related to GetBucketTagging:
+//
+//   - PutBucketTagging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketTagging.html)
+//
+//   - DeleteBucketTagging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketTagging.html)
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Simple Storage Service's
+// API operation GetBucketTagging for usage and error information.
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketTagging
+func (c *S3) GetBucketTagging(input *GetBucketTaggingInput) (*GetBucketTaggingOutput, error) {
+	req, out := c.GetBucketTaggingRequest(input)
+	return out, req.Send()
+}
+
+// GetBucketTaggingWithContext is the same as GetBucketTagging with the addition of
+// the ability to pass a context and additional request options.
+//
+// See GetBucketTagging for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *S3) GetBucketTaggingWithContext(ctx aws.Context, input *GetBucketTaggingInput, opts ...request.Option) (*GetBucketTaggingOutput, error) {
+	req, out := c.GetBucketTaggingRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+const opGetBucketVersioning = "GetBucketVersioning"
+
+// GetBucketVersioningRequest generates a "aws/request.Request" representing the
+// client's request for the GetBucketVersioning operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See GetBucketVersioning for more information on using the GetBucketVersioning
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//	// Example sending a request using the GetBucketVersioningRequest method.
+//	req, resp := client.GetBucketVersioningRequest(params)
+//
+//	err := req.Send()
+//	if err == nil { // resp is now filled
+//	    fmt.Println(resp)
+//	}
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketVersioning
+func (c *S3) GetBucketVersioningRequest(input *GetBucketVersioningInput) (req *request.Request, output *GetBucketVersioningOutput) {
+	op := &request.Operation{
+		Name:       opGetBucketVersioning,
+		HTTPMethod: "GET",
+		HTTPPath:   "/{Bucket}?versioning",
+	}
+
+	if input == nil {
+		input = &GetBucketVersioningInput{}
+	}
+
+	output = &GetBucketVersioningOutput{}
+	req = c.newRequest(op, input, output)
+	return
+}
+
+// GetBucketVersioning API operation for Amazon Simple Storage Service.
+//
+// Returns the versioning state of a bucket.
+//
+// To retrieve the versioning state of a bucket, you must be the bucket owner.
+//
+// This implementation also returns the MFA Delete status of the versioning
+// state. If the MFA Delete status is enabled, the bucket owner must use an
+// authentication device to change the versioning state of the bucket.
+//
+// The following operations are related to GetBucketVersioning:
+//
+//   - GetObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html)
+//
+//   - PutObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html)
+//
+//   - DeleteObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObject.html)
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Simple Storage Service's
+// API operation GetBucketVersioning for usage and error information.
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketVersioning
+func (c *S3) GetBucketVersioning(input *GetBucketVersioningInput) (*GetBucketVersioningOutput, error) {
+	req, out := c.GetBucketVersioningRequest(input)
+	return out, req.Send()
+}
+
+// GetBucketVersioningWithContext is the same as GetBucketVersioning with the addition of
+// the ability to pass a context and additional request options.
+//
+// See GetBucketVersioning for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *S3) GetBucketVersioningWithContext(ctx aws.Context, input *GetBucketVersioningInput, opts ...request.Option) (*GetBucketVersioningOutput, error) {
+	req, out := c.GetBucketVersioningRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+const opGetBucketWebsite = "GetBucketWebsite"
+
+// GetBucketWebsiteRequest generates a "aws/request.Request" representing the
+// client's request for the GetBucketWebsite operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See GetBucketWebsite for more information on using the GetBucketWebsite
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//	// Example sending a request using the GetBucketWebsiteRequest method.
+//	req, resp := client.GetBucketWebsiteRequest(params)
+//
+//	err := req.Send()
+//	if err == nil { // resp is now filled
+//	    fmt.Println(resp)
+//	}
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketWebsite
+func (c *S3) GetBucketWebsiteRequest(input *GetBucketWebsiteInput) (req *request.Request, output *GetBucketWebsiteOutput) {
+	op := &request.Operation{
+		Name:       opGetBucketWebsite,
+		HTTPMethod: "GET",
+		HTTPPath:   "/{Bucket}?website",
+	}
+
+	if input == nil {
+		input = &GetBucketWebsiteInput{}
+	}
+
+	output = &GetBucketWebsiteOutput{}
+	req = c.newRequest(op, input, output)
+	return
+}
+
+// GetBucketWebsite API operation for Amazon Simple Storage Service.
+//
+// Returns the website configuration for a bucket. To host website on Amazon
+// S3, you can configure a bucket as website by adding a website configuration.
+// For more information about hosting websites, see Hosting Websites on Amazon
+// S3 (https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteHosting.html).
+//
+// This GET action requires the S3:GetBucketWebsite permission. By default,
+// only the bucket owner can read the bucket website configuration. However,
+// bucket owners can allow other users to read the website configuration by
+// writing a bucket policy granting them the S3:GetBucketWebsite permission.
+//
+// The following operations are related to GetBucketWebsite:
+//
+//   - DeleteBucketWebsite (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketWebsite.html)
+//
+//   - PutBucketWebsite (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketWebsite.html)
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Simple Storage Service's
+// API operation GetBucketWebsite for usage and error information.
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketWebsite
+func (c *S3) GetBucketWebsite(input *GetBucketWebsiteInput) (*GetBucketWebsiteOutput, error) {
+	req, out := c.GetBucketWebsiteRequest(input)
+	return out, req.Send()
+}
+
+// GetBucketWebsiteWithContext is the same as GetBucketWebsite with the addition of
+// the ability to pass a context and additional request options.
+//
+// See GetBucketWebsite for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *S3) GetBucketWebsiteWithContext(ctx aws.Context, input *GetBucketWebsiteInput, opts ...request.Option) (*GetBucketWebsiteOutput, error) {
+	req, out := c.GetBucketWebsiteRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+const opGetObject = "GetObject"
+
+// GetObjectRequest generates a "aws/request.Request" representing the
+// client's request for the GetObject operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See GetObject for more information on using the GetObject
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//	// Example sending a request using the GetObjectRequest method.
+//	req, resp := client.GetObjectRequest(params)
+//
+//	err := req.Send()
+//	if err == nil { // resp is now filled
+//	    fmt.Println(resp)
+//	}
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetObject
+func (c *S3) GetObjectRequest(input *GetObjectInput) (req *request.Request, output *GetObjectOutput) {
+	op := &request.Operation{
+		Name:       opGetObject,
+		HTTPMethod: "GET",
+		HTTPPath:   "/{Bucket}/{Key+}",
+	}
+
+	if input == nil {
+		input = &GetObjectInput{}
+	}
+
+	output = &GetObjectOutput{}
+	req = c.newRequest(op, input, output)
+	return
+}
+
+// GetObject API operation for Amazon Simple Storage Service.
+//
+// Retrieves objects from Amazon S3. To use GET, you must have READ access to
+// the object. If you grant READ access to the anonymous user, you can return
+// the object without using an authorization header.
+//
+// An Amazon S3 bucket has no directory hierarchy such as you would find in
+// a typical computer file system. You can, however, create a logical hierarchy
+// by using object key names that imply a folder structure. For example, instead
+// of naming an object sample.jpg, you can name it photos/2006/February/sample.jpg.
+//
+// To get an object from such a logical hierarchy, specify the full key name
+// for the object in the GET operation. For a virtual hosted-style request example,
+// if you have the object photos/2006/February/sample.jpg, specify the resource
+// as /photos/2006/February/sample.jpg. For a path-style request example, if
+// you have the object photos/2006/February/sample.jpg in the bucket named examplebucket,
+// specify the resource as /examplebucket/photos/2006/February/sample.jpg. For
+// more information about request types, see HTTP Host Header Bucket Specification
+// (https://docs.aws.amazon.com/AmazonS3/latest/dev/VirtualHosting.html#VirtualHostingSpecifyBucket).
+//
+// For more information about returning the ACL of an object, see GetObjectAcl
+// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectAcl.html).
+//
+// If the object you are retrieving is stored in the S3 Glacier Flexible Retrieval
+// or S3 Glacier Deep Archive storage class, or S3 Intelligent-Tiering Archive
+// or S3 Intelligent-Tiering Deep Archive tiers, before you can retrieve the
+// object you must first restore a copy using RestoreObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_RestoreObject.html).
+// Otherwise, this action returns an InvalidObjectState error. For information
+// about restoring archived objects, see Restoring Archived Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/restoring-objects.html).
+//
+// Encryption request headers, like x-amz-server-side-encryption, should not
+// be sent for GET requests if your object uses server-side encryption with
+// Key Management Service (KMS) keys (SSE-KMS), dual-layer server-side encryption
+// with Amazon Web Services KMS keys (DSSE-KMS), or server-side encryption with
+// Amazon S3 managed encryption keys (SSE-S3). If your object does use these
+// types of keys, you’ll get an HTTP 400 Bad Request error.
+//
+// If you encrypt an object by using server-side encryption with customer-provided
+// encryption keys (SSE-C) when you store the object in Amazon S3, then when
+// you GET the object, you must use the following headers:
+//
+//   - x-amz-server-side-encryption-customer-algorithm
+//
+//   - x-amz-server-side-encryption-customer-key
+//
+//   - x-amz-server-side-encryption-customer-key-MD5
+//
+// For more information about SSE-C, see Server-Side Encryption (Using Customer-Provided
+// Encryption Keys) (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html).
+//
+// Assuming you have the relevant permission to read object tags, the response
+// also returns the x-amz-tagging-count header that provides the count of number
+// of tags associated with the object. You can use GetObjectTagging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectTagging.html)
+// to retrieve the tag set associated with an object.
+//
+// # Permissions
+//
+// You need the relevant read object (or version) permission for this operation.
+// For more information, see Specifying Permissions in a Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html).
+// If the object that you request doesn’t exist, the error that Amazon S3
+// returns depends on whether you also have the s3:ListBucket permission.
+//
+// If you have the s3:ListBucket permission on the bucket, Amazon S3 returns
+// an HTTP status code 404 (Not Found) error.
+//
+// If you don’t have the s3:ListBucket permission, Amazon S3 returns an HTTP
+// status code 403 ("access denied") error.
+//
+// # Versioning
+//
+// By default, the GET action returns the current version of an object. To return
+// a different version, use the versionId subresource.
+//
+//   - If you supply a versionId, you need the s3:GetObjectVersion permission
+//     to access a specific version of an object. If you request a specific version,
+//     you do not need to have the s3:GetObject permission. If you request the
+//     current version without a specific version ID, only s3:GetObject permission
+//     is required. s3:GetObjectVersion permission won't be required.
+//
+//   - If the current version of the object is a delete marker, Amazon S3 behaves
+//     as if the object was deleted and includes x-amz-delete-marker: true in
+//     the response.
+//
+// For more information about versioning, see PutBucketVersioning (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketVersioning.html).
+//
+// # Overriding Response Header Values
+//
+// There are times when you want to override certain response header values
+// in a GET response. For example, you might override the Content-Disposition
+// response header value in your GET request.
+//
+// You can override values for a set of response headers using the following
+// query parameters. These response header values are sent only on a successful
+// request, that is, when status code 200 OK is returned. The set of headers
+// you can override using these parameters is a subset of the headers that Amazon
+// S3 accepts when you create an object. The response headers that you can override
+// for the GET response are Content-Type, Content-Language, Expires, Cache-Control,
+// Content-Disposition, and Content-Encoding. To override these header values
+// in the GET response, you use the following request parameters.
+//
+// You must sign the request, either using an Authorization header or a presigned
+// URL, when using these parameters. They cannot be used with an unsigned (anonymous)
+// request.
+//
+//   - response-content-type
+//
+//   - response-content-language
+//
+//   - response-expires
+//
+//   - response-cache-control
+//
+//   - response-content-disposition
+//
+//   - response-content-encoding
+//
+// # Overriding Response Header Values
+//
+// If both of the If-Match and If-Unmodified-Since headers are present in the
+// request as follows: If-Match condition evaluates to true, and; If-Unmodified-Since
+// condition evaluates to false; then, S3 returns 200 OK and the data requested.
+//
+// If both of the If-None-Match and If-Modified-Since headers are present in
+// the request as follows:If-None-Match condition evaluates to false, and; If-Modified-Since
+// condition evaluates to true; then, S3 returns 304 Not Modified response code.
+//
+// For more information about conditional requests, see RFC 7232 (https://tools.ietf.org/html/rfc7232).
+//
+// The following operations are related to GetObject:
+//
+//   - ListBuckets (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBuckets.html)
+//
+//   - GetObjectAcl (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectAcl.html)
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Simple Storage Service's
+// API operation GetObject for usage and error information.
+//
+// Returned Error Codes:
+//
+//   - ErrCodeNoSuchKey "NoSuchKey"
+//     The specified key does not exist.
+//
+//   - ErrCodeInvalidObjectState "InvalidObjectState"
+//     Object is archived and inaccessible until restored.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetObject
+func (c *S3) GetObject(input *GetObjectInput) (*GetObjectOutput, error) {
+	req, out := c.GetObjectRequest(input)
+	return out, req.Send()
+}
+
+// GetObjectWithContext is the same as GetObject with the addition of
+// the ability to pass a context and additional request options.
+//
+// See GetObject for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *S3) GetObjectWithContext(ctx aws.Context, input *GetObjectInput, opts ...request.Option) (*GetObjectOutput, error) {
+	req, out := c.GetObjectRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+const opGetObjectAcl = "GetObjectAcl"
+
+// GetObjectAclRequest generates a "aws/request.Request" representing the
+// client's request for the GetObjectAcl operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See GetObjectAcl for more information on using the GetObjectAcl
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//	// Example sending a request using the GetObjectAclRequest method.
+//	req, resp := client.GetObjectAclRequest(params)
+//
+//	err := req.Send()
+//	if err == nil { // resp is now filled
+//	    fmt.Println(resp)
+//	}
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetObjectAcl
+func (c *S3) GetObjectAclRequest(input *GetObjectAclInput) (req *request.Request, output *GetObjectAclOutput) {
+	op := &request.Operation{
+		Name:       opGetObjectAcl,
+		HTTPMethod: "GET",
+		HTTPPath:   "/{Bucket}/{Key+}?acl",
+	}
+
+	if input == nil {
+		input = &GetObjectAclInput{}
+	}
+
+	output = &GetObjectAclOutput{}
+	req = c.newRequest(op, input, output)
+	return
+}
+
+// GetObjectAcl API operation for Amazon Simple Storage Service.
+//
+// Returns the access control list (ACL) of an object. To use this operation,
+// you must have s3:GetObjectAcl permissions or READ_ACP access to the object.
+// For more information, see Mapping of ACL permissions and access policy permissions
+// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/acl-overview.html#acl-access-policy-permission-mapping)
+// in the Amazon S3 User Guide
+//
+// This action is not supported by Amazon S3 on Outposts.
+//
+// By default, GET returns ACL information about the current version of an object.
+// To return ACL information about a different version, use the versionId subresource.
+//
+// If your bucket uses the bucket owner enforced setting for S3 Object Ownership,
+// requests to read ACLs are still supported and return the bucket-owner-full-control
+// ACL with the owner being the account that created the bucket. For more information,
+// see Controlling object ownership and disabling ACLs (https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html)
+// in the Amazon S3 User Guide.
+//
+// The following operations are related to GetObjectAcl:
+//
+//   - GetObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html)
+//
+//   - GetObjectAttributes (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectAttributes.html)
+//
+//   - DeleteObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObject.html)
+//
+//   - PutObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html)
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Simple Storage Service's
+// API operation GetObjectAcl for usage and error information.
+//
+// Returned Error Codes:
+//   - ErrCodeNoSuchKey "NoSuchKey"
+//     The specified key does not exist.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetObjectAcl
+func (c *S3) GetObjectAcl(input *GetObjectAclInput) (*GetObjectAclOutput, error) {
+	req, out := c.GetObjectAclRequest(input)
+	return out, req.Send()
+}
+
+// GetObjectAclWithContext is the same as GetObjectAcl with the addition of
+// the ability to pass a context and additional request options.
+//
+// See GetObjectAcl for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *S3) GetObjectAclWithContext(ctx aws.Context, input *GetObjectAclInput, opts ...request.Option) (*GetObjectAclOutput, error) {
+	req, out := c.GetObjectAclRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+const opGetObjectAttributes = "GetObjectAttributes"
+
+// GetObjectAttributesRequest generates a "aws/request.Request" representing the
+// client's request for the GetObjectAttributes operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See GetObjectAttributes for more information on using the GetObjectAttributes
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//	// Example sending a request using the GetObjectAttributesRequest method.
+//	req, resp := client.GetObjectAttributesRequest(params)
+//
+//	err := req.Send()
+//	if err == nil { // resp is now filled
+//	    fmt.Println(resp)
+//	}
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetObjectAttributes
+func (c *S3) GetObjectAttributesRequest(input *GetObjectAttributesInput) (req *request.Request, output *GetObjectAttributesOutput) {
+	op := &request.Operation{
+		Name:       opGetObjectAttributes,
+		HTTPMethod: "GET",
+		HTTPPath:   "/{Bucket}/{Key+}?attributes",
+	}
+
+	if input == nil {
+		input = &GetObjectAttributesInput{}
+	}
+
+	output = &GetObjectAttributesOutput{}
+	req = c.newRequest(op, input, output)
+	return
+}
+
+// GetObjectAttributes API operation for Amazon Simple Storage Service.
+//
+// Retrieves all the metadata from an object without returning the object itself.
+// This action is useful if you're interested only in an object's metadata.
+// To use GetObjectAttributes, you must have READ access to the object.
+//
+// GetObjectAttributes combines the functionality of HeadObject and ListParts.
+// All of the data returned with each of those individual calls can be returned
+// with a single call to GetObjectAttributes.
+//
+// If you encrypt an object by using server-side encryption with customer-provided
+// encryption keys (SSE-C) when you store the object in Amazon S3, then when
+// you retrieve the metadata from the object, you must use the following headers:
+//
+//   - x-amz-server-side-encryption-customer-algorithm
+//
+//   - x-amz-server-side-encryption-customer-key
+//
+//   - x-amz-server-side-encryption-customer-key-MD5
+//
+// For more information about SSE-C, see Server-Side Encryption (Using Customer-Provided
+// Encryption Keys) (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html)
+// in the Amazon S3 User Guide.
+//
+//   - Encryption request headers, such as x-amz-server-side-encryption, should
+//     not be sent for GET requests if your object uses server-side encryption
+//     with Amazon Web Services KMS keys stored in Amazon Web Services Key Management
+//     Service (SSE-KMS) or server-side encryption with Amazon S3 managed keys
+//     (SSE-S3). If your object does use these types of keys, you'll get an HTTP
+//     400 Bad Request error.
+//
+//   - The last modified property in this case is the creation date of the
+//     object.
+//
+// Consider the following when using request headers:
+//
+//   - If both of the If-Match and If-Unmodified-Since headers are present
+//     in the request as follows, then Amazon S3 returns the HTTP status code
+//     200 OK and the data requested: If-Match condition evaluates to true. If-Unmodified-Since
+//     condition evaluates to false.
+//
+//   - If both of the If-None-Match and If-Modified-Since headers are present
+//     in the request as follows, then Amazon S3 returns the HTTP status code
+//     304 Not Modified: If-None-Match condition evaluates to false. If-Modified-Since
+//     condition evaluates to true.
+//
+// For more information about conditional requests, see RFC 7232 (https://tools.ietf.org/html/rfc7232).
+//
+// # Permissions
+//
+// The permissions that you need to use this operation depend on whether the
+// bucket is versioned. If the bucket is versioned, you need both the s3:GetObjectVersion
+// and s3:GetObjectVersionAttributes permissions for this operation. If the
+// bucket is not versioned, you need the s3:GetObject and s3:GetObjectAttributes
+// permissions. For more information, see Specifying Permissions in a Policy
+// (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html)
+// in the Amazon S3 User Guide. If the object that you request does not exist,
+// the error Amazon S3 returns depends on whether you also have the s3:ListBucket
+// permission.
+//
+//   - If you have the s3:ListBucket permission on the bucket, Amazon S3 returns
+//     an HTTP status code 404 Not Found ("no such key") error.
+//
+//   - If you don't have the s3:ListBucket permission, Amazon S3 returns an
+//     HTTP status code 403 Forbidden ("access denied") error.
+//
+// The following actions are related to GetObjectAttributes:
+//
+//   - GetObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html)
+//
+//   - GetObjectAcl (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectAcl.html)
+//
+//   - GetObjectLegalHold (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectLegalHold.html)
+//
+//   - GetObjectLockConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectLockConfiguration.html)
+//
+//   - GetObjectRetention (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectRetention.html)
+//
+//   - GetObjectTagging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectTagging.html)
+//
+//   - HeadObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_HeadObject.html)
+//
+//   - ListParts (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListParts.html)
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Simple Storage Service's
+// API operation GetObjectAttributes for usage and error information.
+//
+// Returned Error Codes:
+//   - ErrCodeNoSuchKey "NoSuchKey"
+//     The specified key does not exist.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetObjectAttributes
+func (c *S3) GetObjectAttributes(input *GetObjectAttributesInput) (*GetObjectAttributesOutput, error) {
+	req, out := c.GetObjectAttributesRequest(input)
+	return out, req.Send()
+}
+
+// GetObjectAttributesWithContext is the same as GetObjectAttributes with the addition of
+// the ability to pass a context and additional request options.
+//
+// See GetObjectAttributes for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *S3) GetObjectAttributesWithContext(ctx aws.Context, input *GetObjectAttributesInput, opts ...request.Option) (*GetObjectAttributesOutput, error) {
+	req, out := c.GetObjectAttributesRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+const opGetObjectLegalHold = "GetObjectLegalHold"
+
+// GetObjectLegalHoldRequest generates a "aws/request.Request" representing the
+// client's request for the GetObjectLegalHold operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See GetObjectLegalHold for more information on using the GetObjectLegalHold
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//	// Example sending a request using the GetObjectLegalHoldRequest method.
+//	req, resp := client.GetObjectLegalHoldRequest(params)
+//
+//	err := req.Send()
+//	if err == nil { // resp is now filled
+//	    fmt.Println(resp)
+//	}
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetObjectLegalHold
+func (c *S3) GetObjectLegalHoldRequest(input *GetObjectLegalHoldInput) (req *request.Request, output *GetObjectLegalHoldOutput) {
+	op := &request.Operation{
+		Name:       opGetObjectLegalHold,
+		HTTPMethod: "GET",
+		HTTPPath:   "/{Bucket}/{Key+}?legal-hold",
+	}
+
+	if input == nil {
+		input = &GetObjectLegalHoldInput{}
+	}
+
+	output = &GetObjectLegalHoldOutput{}
+	req = c.newRequest(op, input, output)
+	return
+}
+
+// GetObjectLegalHold API operation for Amazon Simple Storage Service.
+//
+// Gets an object's current legal hold status. For more information, see Locking
+// Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html).
+//
+// This action is not supported by Amazon S3 on Outposts.
+//
+// The following action is related to GetObjectLegalHold:
+//
+//   - GetObjectAttributes (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectAttributes.html)
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Simple Storage Service's
+// API operation GetObjectLegalHold for usage and error information.
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetObjectLegalHold
+func (c *S3) GetObjectLegalHold(input *GetObjectLegalHoldInput) (*GetObjectLegalHoldOutput, error) {
+	req, out := c.GetObjectLegalHoldRequest(input)
+	return out, req.Send()
+}
+
+// GetObjectLegalHoldWithContext is the same as GetObjectLegalHold with the addition of
+// the ability to pass a context and additional request options.
+//
+// See GetObjectLegalHold for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *S3) GetObjectLegalHoldWithContext(ctx aws.Context, input *GetObjectLegalHoldInput, opts ...request.Option) (*GetObjectLegalHoldOutput, error) {
+	req, out := c.GetObjectLegalHoldRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+const opGetObjectLockConfiguration = "GetObjectLockConfiguration"
+
+// GetObjectLockConfigurationRequest generates a "aws/request.Request" representing the
+// client's request for the GetObjectLockConfiguration operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See GetObjectLockConfiguration for more information on using the GetObjectLockConfiguration
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//	// Example sending a request using the GetObjectLockConfigurationRequest method.
+//	req, resp := client.GetObjectLockConfigurationRequest(params)
+//
+//	err := req.Send()
+//	if err == nil { // resp is now filled
+//	    fmt.Println(resp)
+//	}
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetObjectLockConfiguration
+func (c *S3) GetObjectLockConfigurationRequest(input *GetObjectLockConfigurationInput) (req *request.Request, output *GetObjectLockConfigurationOutput) {
+	op := &request.Operation{
+		Name:       opGetObjectLockConfiguration,
+		HTTPMethod: "GET",
+		HTTPPath:   "/{Bucket}?object-lock",
+	}
+
+	if input == nil {
+		input = &GetObjectLockConfigurationInput{}
+	}
+
+	output = &GetObjectLockConfigurationOutput{}
+	req = c.newRequest(op, input, output)
+	return
+}
+
+// GetObjectLockConfiguration API operation for Amazon Simple Storage Service.
+//
+// Gets the Object Lock configuration for a bucket. The rule specified in the
+// Object Lock configuration will be applied by default to every new object
+// placed in the specified bucket. For more information, see Locking Objects
+// (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html).
+//
+// The following action is related to GetObjectLockConfiguration:
+//
+//   - GetObjectAttributes (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectAttributes.html)
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Simple Storage Service's
+// API operation GetObjectLockConfiguration for usage and error information.
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetObjectLockConfiguration
+func (c *S3) GetObjectLockConfiguration(input *GetObjectLockConfigurationInput) (*GetObjectLockConfigurationOutput, error) {
+	req, out := c.GetObjectLockConfigurationRequest(input)
+	return out, req.Send()
+}
+
+// GetObjectLockConfigurationWithContext is the same as GetObjectLockConfiguration with the addition of
+// the ability to pass a context and additional request options.
+//
+// See GetObjectLockConfiguration for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *S3) GetObjectLockConfigurationWithContext(ctx aws.Context, input *GetObjectLockConfigurationInput, opts ...request.Option) (*GetObjectLockConfigurationOutput, error) {
+	req, out := c.GetObjectLockConfigurationRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+const opGetObjectRetention = "GetObjectRetention"
+
+// GetObjectRetentionRequest generates a "aws/request.Request" representing the
+// client's request for the GetObjectRetention operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See GetObjectRetention for more information on using the GetObjectRetention
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//	// Example sending a request using the GetObjectRetentionRequest method.
+//	req, resp := client.GetObjectRetentionRequest(params)
+//
+//	err := req.Send()
+//	if err == nil { // resp is now filled
+//	    fmt.Println(resp)
+//	}
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetObjectRetention
+func (c *S3) GetObjectRetentionRequest(input *GetObjectRetentionInput) (req *request.Request, output *GetObjectRetentionOutput) {
+	op := &request.Operation{
+		Name:       opGetObjectRetention,
+		HTTPMethod: "GET",
+		HTTPPath:   "/{Bucket}/{Key+}?retention",
+	}
+
+	if input == nil {
+		input = &GetObjectRetentionInput{}
+	}
+
+	output = &GetObjectRetentionOutput{}
+	req = c.newRequest(op, input, output)
+	return
+}
+
+// GetObjectRetention API operation for Amazon Simple Storage Service.
+//
+// Retrieves an object's retention settings. For more information, see Locking
+// Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html).
+//
+// This action is not supported by Amazon S3 on Outposts.
+//
+// The following action is related to GetObjectRetention:
+//
+//   - GetObjectAttributes (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectAttributes.html)
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Simple Storage Service's
+// API operation GetObjectRetention for usage and error information.
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetObjectRetention
+func (c *S3) GetObjectRetention(input *GetObjectRetentionInput) (*GetObjectRetentionOutput, error) {
+	req, out := c.GetObjectRetentionRequest(input)
+	return out, req.Send()
+}
+
+// GetObjectRetentionWithContext is the same as GetObjectRetention with the addition of
+// the ability to pass a context and additional request options.
+//
+// See GetObjectRetention for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *S3) GetObjectRetentionWithContext(ctx aws.Context, input *GetObjectRetentionInput, opts ...request.Option) (*GetObjectRetentionOutput, error) {
+	req, out := c.GetObjectRetentionRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+const opGetObjectTagging = "GetObjectTagging"
+
+// GetObjectTaggingRequest generates a "aws/request.Request" representing the
+// client's request for the GetObjectTagging operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See GetObjectTagging for more information on using the GetObjectTagging
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//	// Example sending a request using the GetObjectTaggingRequest method.
+//	req, resp := client.GetObjectTaggingRequest(params)
+//
+//	err := req.Send()
+//	if err == nil { // resp is now filled
+//	    fmt.Println(resp)
+//	}
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetObjectTagging
+func (c *S3) GetObjectTaggingRequest(input *GetObjectTaggingInput) (req *request.Request, output *GetObjectTaggingOutput) {
+	op := &request.Operation{
+		Name:       opGetObjectTagging,
+		HTTPMethod: "GET",
+		HTTPPath:   "/{Bucket}/{Key+}?tagging",
+	}
+
+	if input == nil {
+		input = &GetObjectTaggingInput{}
+	}
+
+	output = &GetObjectTaggingOutput{}
+	req = c.newRequest(op, input, output)
+	return
+}
+
+// GetObjectTagging API operation for Amazon Simple Storage Service.
+//
+// Returns the tag-set of an object. You send the GET request against the tagging
+// subresource associated with the object.
+//
+// To use this operation, you must have permission to perform the s3:GetObjectTagging
+// action. By default, the GET action returns information about current version
+// of an object. For a versioned bucket, you can have multiple versions of an
+// object in your bucket. To retrieve tags of any other version, use the versionId
+// query parameter. You also need permission for the s3:GetObjectVersionTagging
+// action.
+//
+// By default, the bucket owner has this permission and can grant this permission
+// to others.
+//
+// For information about the Amazon S3 object tagging feature, see Object Tagging
+// (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-tagging.html).
+//
+// The following actions are related to GetObjectTagging:
+//
+//   - DeleteObjectTagging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObjectTagging.html)
+//
+//   - GetObjectAttributes (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectAttributes.html)
+//
+//   - PutObjectTagging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObjectTagging.html)
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Simple Storage Service's
+// API operation GetObjectTagging for usage and error information.
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetObjectTagging
+func (c *S3) GetObjectTagging(input *GetObjectTaggingInput) (*GetObjectTaggingOutput, error) {
+	req, out := c.GetObjectTaggingRequest(input)
+	return out, req.Send()
+}
+
+// GetObjectTaggingWithContext is the same as GetObjectTagging with the addition of
+// the ability to pass a context and additional request options.
+//
+// See GetObjectTagging for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *S3) GetObjectTaggingWithContext(ctx aws.Context, input *GetObjectTaggingInput, opts ...request.Option) (*GetObjectTaggingOutput, error) {
+	req, out := c.GetObjectTaggingRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+const opGetObjectTorrent = "GetObjectTorrent"
+
+// GetObjectTorrentRequest generates a "aws/request.Request" representing the
+// client's request for the GetObjectTorrent operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See GetObjectTorrent for more information on using the GetObjectTorrent
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//	// Example sending a request using the GetObjectTorrentRequest method.
+//	req, resp := client.GetObjectTorrentRequest(params)
+//
+//	err := req.Send()
+//	if err == nil { // resp is now filled
+//	    fmt.Println(resp)
+//	}
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetObjectTorrent
+func (c *S3) GetObjectTorrentRequest(input *GetObjectTorrentInput) (req *request.Request, output *GetObjectTorrentOutput) {
+	op := &request.Operation{
+		Name:       opGetObjectTorrent,
+		HTTPMethod: "GET",
+		HTTPPath:   "/{Bucket}/{Key+}?torrent",
+	}
+
+	if input == nil {
+		input = &GetObjectTorrentInput{}
+	}
+
+	output = &GetObjectTorrentOutput{}
+	req = c.newRequest(op, input, output)
+	return
+}
+
+// GetObjectTorrent API operation for Amazon Simple Storage Service.
+//
+// Returns torrent files from a bucket. BitTorrent can save you bandwidth when
+// you're distributing large files.
+//
+// You can get torrent only for objects that are less than 5 GB in size, and
+// that are not encrypted using server-side encryption with a customer-provided
+// encryption key.
+//
+// To use GET, you must have READ access to the object.
+//
+// This action is not supported by Amazon S3 on Outposts.
+//
+// The following action is related to GetObjectTorrent:
+//
+//   - GetObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html)
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Simple Storage Service's
+// API operation GetObjectTorrent for usage and error information.
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetObjectTorrent
+func (c *S3) GetObjectTorrent(input *GetObjectTorrentInput) (*GetObjectTorrentOutput, error) {
+	req, out := c.GetObjectTorrentRequest(input)
+	return out, req.Send()
+}
+
+// GetObjectTorrentWithContext is the same as GetObjectTorrent with the addition of
+// the ability to pass a context and additional request options.
+//
+// See GetObjectTorrent for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *S3) GetObjectTorrentWithContext(ctx aws.Context, input *GetObjectTorrentInput, opts ...request.Option) (*GetObjectTorrentOutput, error) {
+	req, out := c.GetObjectTorrentRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+const opGetPublicAccessBlock = "GetPublicAccessBlock"
+
+// GetPublicAccessBlockRequest generates a "aws/request.Request" representing the
+// client's request for the GetPublicAccessBlock operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See GetPublicAccessBlock for more information on using the GetPublicAccessBlock
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//	// Example sending a request using the GetPublicAccessBlockRequest method.
+//	req, resp := client.GetPublicAccessBlockRequest(params)
+//
+//	err := req.Send()
+//	if err == nil { // resp is now filled
+//	    fmt.Println(resp)
+//	}
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetPublicAccessBlock
+func (c *S3) GetPublicAccessBlockRequest(input *GetPublicAccessBlockInput) (req *request.Request, output *GetPublicAccessBlockOutput) {
+	op := &request.Operation{
+		Name:       opGetPublicAccessBlock,
+		HTTPMethod: "GET",
+		HTTPPath:   "/{Bucket}?publicAccessBlock",
+	}
+
+	if input == nil {
+		input = &GetPublicAccessBlockInput{}
+	}
+
+	output = &GetPublicAccessBlockOutput{}
+	req = c.newRequest(op, input, output)
+	return
+}
+
+// GetPublicAccessBlock API operation for Amazon Simple Storage Service.
+//
+// Retrieves the PublicAccessBlock configuration for an Amazon S3 bucket. To
+// use this operation, you must have the s3:GetBucketPublicAccessBlock permission.
+// For more information about Amazon S3 permissions, see Specifying Permissions
+// in a Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html).
+//
+// When Amazon S3 evaluates the PublicAccessBlock configuration for a bucket
+// or an object, it checks the PublicAccessBlock configuration for both the
+// bucket (or the bucket that contains the object) and the bucket owner's account.
+// If the PublicAccessBlock settings are different between the bucket and the
+// account, Amazon S3 uses the most restrictive combination of the bucket-level
+// and account-level settings.
+//
+// For more information about when Amazon S3 considers a bucket or an object
+// public, see The Meaning of "Public" (https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html#access-control-block-public-access-policy-status).
+//
+// The following operations are related to GetPublicAccessBlock:
+//
+//   - Using Amazon S3 Block Public Access (https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html)
+//
+//   - PutPublicAccessBlock (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutPublicAccessBlock.html)
+//
+//   - GetPublicAccessBlock (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetPublicAccessBlock.html)
+//
+//   - DeletePublicAccessBlock (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeletePublicAccessBlock.html)
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Simple Storage Service's
+// API operation GetPublicAccessBlock for usage and error information.
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetPublicAccessBlock
+func (c *S3) GetPublicAccessBlock(input *GetPublicAccessBlockInput) (*GetPublicAccessBlockOutput, error) {
+	req, out := c.GetPublicAccessBlockRequest(input)
+	return out, req.Send()
+}
+
+// GetPublicAccessBlockWithContext is the same as GetPublicAccessBlock with the addition of
+// the ability to pass a context and additional request options.
+//
+// See GetPublicAccessBlock for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *S3) GetPublicAccessBlockWithContext(ctx aws.Context, input *GetPublicAccessBlockInput, opts ...request.Option) (*GetPublicAccessBlockOutput, error) {
+	req, out := c.GetPublicAccessBlockRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+const opHeadBucket = "HeadBucket"
+
+// HeadBucketRequest generates a "aws/request.Request" representing the
+// client's request for the HeadBucket operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See HeadBucket for more information on using the HeadBucket
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//	// Example sending a request using the HeadBucketRequest method.
+//	req, resp := client.HeadBucketRequest(params)
+//
+//	err := req.Send()
+//	if err == nil { // resp is now filled
+//	    fmt.Println(resp)
+//	}
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/HeadBucket
+func (c *S3) HeadBucketRequest(input *HeadBucketInput) (req *request.Request, output *HeadBucketOutput) {
+	op := &request.Operation{
+		Name:       opHeadBucket,
+		HTTPMethod: "HEAD",
+		HTTPPath:   "/{Bucket}",
+	}
+
+	if input == nil {
+		input = &HeadBucketInput{}
+	}
+
+	output = &HeadBucketOutput{}
+	req = c.newRequest(op, input, output)
+	req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
+	return
+}
+
+// HeadBucket API operation for Amazon Simple Storage Service.
+//
+// This action is useful to determine if a bucket exists and you have permission
+// to access it. The action returns a 200 OK if the bucket exists and you have
+// permission to access it.
+//
+// If the bucket does not exist or you do not have permission to access it,
+// the HEAD request returns a generic 400 Bad Request, 403 Forbidden or 404
+// Not Found code. A message body is not included, so you cannot determine the
+// exception beyond these error codes.
+//
+// To use this operation, you must have permissions to perform the s3:ListBucket
+// action. The bucket owner has this permission by default and can grant this
+// permission to others. For more information about permissions, see Permissions
+// Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
+// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html).
+//
+// To use this API operation against an access point, you must provide the alias
+// of the access point in place of the bucket name or specify the access point
+// ARN. When using the access point ARN, you must direct requests to the access
+// point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com.
+// When using the Amazon Web Services SDKs, you provide the ARN in place of
+// the bucket name. For more information, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html).
+//
+// To use this API operation against an Object Lambda access point, provide
+// the alias of the Object Lambda access point in place of the bucket name.
+// If the Object Lambda access point alias in a request is not valid, the error
+// code InvalidAccessPointAliasError is returned. For more information about
+// InvalidAccessPointAliasError, see List of Error Codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList).
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Simple Storage Service's
+// API operation HeadBucket for usage and error information.
+//
+// Returned Error Codes:
+//   - ErrCodeNoSuchBucket "NoSuchBucket"
+//     The specified bucket does not exist.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/HeadBucket
+func (c *S3) HeadBucket(input *HeadBucketInput) (*HeadBucketOutput, error) {
+	req, out := c.HeadBucketRequest(input)
+	return out, req.Send()
+}
+
+// HeadBucketWithContext is the same as HeadBucket with the addition of
+// the ability to pass a context and additional request options.
+//
+// See HeadBucket for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *S3) HeadBucketWithContext(ctx aws.Context, input *HeadBucketInput, opts ...request.Option) (*HeadBucketOutput, error) {
+	req, out := c.HeadBucketRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+const opHeadObject = "HeadObject"
+
+// HeadObjectRequest generates a "aws/request.Request" representing the
+// client's request for the HeadObject operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See HeadObject for more information on using the HeadObject
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//	// Example sending a request using the HeadObjectRequest method.
+//	req, resp := client.HeadObjectRequest(params)
+//
+//	err := req.Send()
+//	if err == nil { // resp is now filled
+//	    fmt.Println(resp)
+//	}
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/HeadObject
+func (c *S3) HeadObjectRequest(input *HeadObjectInput) (req *request.Request, output *HeadObjectOutput) {
+	op := &request.Operation{
+		Name:       opHeadObject,
+		HTTPMethod: "HEAD",
+		HTTPPath:   "/{Bucket}/{Key+}",
+	}
+
+	if input == nil {
+		input = &HeadObjectInput{}
+	}
+
+	output = &HeadObjectOutput{}
+	req = c.newRequest(op, input, output)
+	return
+}
+
+// HeadObject API operation for Amazon Simple Storage Service.
+//
+// The HEAD action retrieves metadata from an object without returning the object
+// itself. This action is useful if you're only interested in an object's metadata.
+// To use HEAD, you must have READ access to the object.
+//
+// A HEAD request has the same options as a GET action on an object. The response
+// is identical to the GET response except that there is no response body. Because
+// of this, if the HEAD request generates an error, it returns a generic 400
+// Bad Request, 403 Forbidden or 404 Not Found code. It is not possible to retrieve
+// the exact exception beyond these error codes.
+//
+// If you encrypt an object by using server-side encryption with customer-provided
+// encryption keys (SSE-C) when you store the object in Amazon S3, then when
+// you retrieve the metadata from the object, you must use the following headers:
+//
+//   - x-amz-server-side-encryption-customer-algorithm
+//
+//   - x-amz-server-side-encryption-customer-key
+//
+//   - x-amz-server-side-encryption-customer-key-MD5
+//
+// For more information about SSE-C, see Server-Side Encryption (Using Customer-Provided
+// Encryption Keys) (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html).
+//
+//   - Encryption request headers, like x-amz-server-side-encryption, should
+//     not be sent for GET requests if your object uses server-side encryption
+//     with Key Management Service (KMS) keys (SSE-KMS), dual-layer server-side
+//     encryption with Amazon Web Services KMS keys (DSSE-KMS), or server-side
+//     encryption with Amazon S3 managed encryption keys (SSE-S3). If your object
+//     does use these types of keys, you’ll get an HTTP 400 Bad Request error.
+//
+//   - The last modified property in this case is the creation date of the
+//     object.
+//
+// Request headers are limited to 8 KB in size. For more information, see Common
+// Request Headers (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTCommonRequestHeaders.html).
+//
+// Consider the following when using request headers:
+//
+//   - Consideration 1 – If both of the If-Match and If-Unmodified-Since
+//     headers are present in the request as follows: If-Match condition evaluates
+//     to true, and; If-Unmodified-Since condition evaluates to false; Then Amazon
+//     S3 returns 200 OK and the data requested.
+//
+//   - Consideration 2 – If both of the If-None-Match and If-Modified-Since
+//     headers are present in the request as follows: If-None-Match condition
+//     evaluates to false, and; If-Modified-Since condition evaluates to true;
+//     Then Amazon S3 returns the 304 Not Modified response code.
+//
+// For more information about conditional requests, see RFC 7232 (https://tools.ietf.org/html/rfc7232).
+//
+// # Permissions
+//
+// You need the relevant read object (or version) permission for this operation.
+// For more information, see Actions, resources, and condition keys for Amazon
+// S3 (https://docs.aws.amazon.com/AmazonS3/latest/dev/list_amazons3.html).
+// If the object you request doesn't exist, the error that Amazon S3 returns
+// depends on whether you also have the s3:ListBucket permission.
+//
+//   - If you have the s3:ListBucket permission on the bucket, Amazon S3 returns
+//     an HTTP status code 404 error.
+//
+//   - If you don’t have the s3:ListBucket permission, Amazon S3 returns
+//     an HTTP status code 403 error.
+//
+// The following actions are related to HeadObject:
+//
+//   - GetObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html)
+//
+//   - GetObjectAttributes (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectAttributes.html)
+//
+// See http://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#RESTErrorResponses
+// for more information on returned errors.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Simple Storage Service's
+// API operation HeadObject for usage and error information.
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/HeadObject
+func (c *S3) HeadObject(input *HeadObjectInput) (*HeadObjectOutput, error) {
+	req, out := c.HeadObjectRequest(input)
+	return out, req.Send()
+}
+
+// HeadObjectWithContext is the same as HeadObject with the addition of
+// the ability to pass a context and additional request options.
+//
+// See HeadObject for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *S3) HeadObjectWithContext(ctx aws.Context, input *HeadObjectInput, opts ...request.Option) (*HeadObjectOutput, error) {
+	req, out := c.HeadObjectRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+const opListBucketAnalyticsConfigurations = "ListBucketAnalyticsConfigurations"
+
+// ListBucketAnalyticsConfigurationsRequest generates a "aws/request.Request" representing the
+// client's request for the ListBucketAnalyticsConfigurations operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See ListBucketAnalyticsConfigurations for more information on using the ListBucketAnalyticsConfigurations
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//	// Example sending a request using the ListBucketAnalyticsConfigurationsRequest method.
+//	req, resp := client.ListBucketAnalyticsConfigurationsRequest(params)
+//
+//	err := req.Send()
+//	if err == nil { // resp is now filled
+//	    fmt.Println(resp)
+//	}
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListBucketAnalyticsConfigurations
+func (c *S3) ListBucketAnalyticsConfigurationsRequest(input *ListBucketAnalyticsConfigurationsInput) (req *request.Request, output *ListBucketAnalyticsConfigurationsOutput) {
+	op := &request.Operation{
+		Name:       opListBucketAnalyticsConfigurations,
+		HTTPMethod: "GET",
+		HTTPPath:   "/{Bucket}?analytics",
+	}
+
+	if input == nil {
+		input = &ListBucketAnalyticsConfigurationsInput{}
+	}
+
+	output = &ListBucketAnalyticsConfigurationsOutput{}
+	req = c.newRequest(op, input, output)
+	return
+}
+
+// ListBucketAnalyticsConfigurations API operation for Amazon Simple Storage Service.
+//
+// Lists the analytics configurations for the bucket. You can have up to 1,000
+// analytics configurations per bucket.
+//
+// This action supports list pagination and does not return more than 100 configurations
+// at a time. You should always check the IsTruncated element in the response.
+// If there are no more configurations to list, IsTruncated is set to false.
+// If there are more configurations to list, IsTruncated is set to true, and
+// there will be a value in NextContinuationToken. You use the NextContinuationToken
+// value to continue the pagination of the list by passing the value in continuation-token
+// in the request to GET the next page.
+//
+// To use this operation, you must have permissions to perform the s3:GetAnalyticsConfiguration
+// action. The bucket owner has this permission by default. The bucket owner
+// can grant this permission to others. For more information about permissions,
+// see Permissions Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
+// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html).
+//
+// For information about Amazon S3 analytics feature, see Amazon S3 Analytics
+// – Storage Class Analysis (https://docs.aws.amazon.com/AmazonS3/latest/dev/analytics-storage-class.html).
+//
+// The following operations are related to ListBucketAnalyticsConfigurations:
+//
+//   - GetBucketAnalyticsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketAnalyticsConfiguration.html)
+//
+//   - DeleteBucketAnalyticsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketAnalyticsConfiguration.html)
+//
+//   - PutBucketAnalyticsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketAnalyticsConfiguration.html)
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Simple Storage Service's
+// API operation ListBucketAnalyticsConfigurations for usage and error information.
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListBucketAnalyticsConfigurations
+func (c *S3) ListBucketAnalyticsConfigurations(input *ListBucketAnalyticsConfigurationsInput) (*ListBucketAnalyticsConfigurationsOutput, error) {
+	req, out := c.ListBucketAnalyticsConfigurationsRequest(input)
+	return out, req.Send()
+}
+
+// ListBucketAnalyticsConfigurationsWithContext is the same as ListBucketAnalyticsConfigurations with the addition of
+// the ability to pass a context and additional request options.
+//
+// See ListBucketAnalyticsConfigurations for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *S3) ListBucketAnalyticsConfigurationsWithContext(ctx aws.Context, input *ListBucketAnalyticsConfigurationsInput, opts ...request.Option) (*ListBucketAnalyticsConfigurationsOutput, error) {
+	req, out := c.ListBucketAnalyticsConfigurationsRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+const opListBucketIntelligentTieringConfigurations = "ListBucketIntelligentTieringConfigurations"
+
+// ListBucketIntelligentTieringConfigurationsRequest generates a "aws/request.Request" representing the
+// client's request for the ListBucketIntelligentTieringConfigurations operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See ListBucketIntelligentTieringConfigurations for more information on using the ListBucketIntelligentTieringConfigurations
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//	// Example sending a request using the ListBucketIntelligentTieringConfigurationsRequest method.
+//	req, resp := client.ListBucketIntelligentTieringConfigurationsRequest(params)
+//
+//	err := req.Send()
+//	if err == nil { // resp is now filled
+//	    fmt.Println(resp)
+//	}
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListBucketIntelligentTieringConfigurations
+func (c *S3) ListBucketIntelligentTieringConfigurationsRequest(input *ListBucketIntelligentTieringConfigurationsInput) (req *request.Request, output *ListBucketIntelligentTieringConfigurationsOutput) {
+	op := &request.Operation{
+		Name:       opListBucketIntelligentTieringConfigurations,
+		HTTPMethod: "GET",
+		HTTPPath:   "/{Bucket}?intelligent-tiering",
+	}
+
+	if input == nil {
+		input = &ListBucketIntelligentTieringConfigurationsInput{}
+	}
+
+	output = &ListBucketIntelligentTieringConfigurationsOutput{}
+	req = c.newRequest(op, input, output)
+	return
+}
+
+// ListBucketIntelligentTieringConfigurations API operation for Amazon Simple Storage Service.
+//
+// Lists the S3 Intelligent-Tiering configuration from the specified bucket.
+//
+// The S3 Intelligent-Tiering storage class is designed to optimize storage
+// costs by automatically moving data to the most cost-effective storage access
+// tier, without performance impact or operational overhead. S3 Intelligent-Tiering
+// delivers automatic cost savings in three low latency and high throughput
+// access tiers. To get the lowest storage cost on data that can be accessed
+// in minutes to hours, you can choose to activate additional archiving capabilities.
+//
+// The S3 Intelligent-Tiering storage class is the ideal storage class for data
+// with unknown, changing, or unpredictable access patterns, independent of
+// object size or retention period. If the size of an object is less than 128
+// KB, it is not monitored and not eligible for auto-tiering. Smaller objects
+// can be stored, but they are always charged at the Frequent Access tier rates
+// in the S3 Intelligent-Tiering storage class.
+//
+// For more information, see Storage class for automatically optimizing frequently
+// and infrequently accessed objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html#sc-dynamic-data-access).
+//
+// Operations related to ListBucketIntelligentTieringConfigurations include:
+//
+//   - DeleteBucketIntelligentTieringConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketIntelligentTieringConfiguration.html)
+//
+//   - PutBucketIntelligentTieringConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketIntelligentTieringConfiguration.html)
+//
+//   - GetBucketIntelligentTieringConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketIntelligentTieringConfiguration.html)
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Simple Storage Service's
+// API operation ListBucketIntelligentTieringConfigurations for usage and error information.
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListBucketIntelligentTieringConfigurations
+func (c *S3) ListBucketIntelligentTieringConfigurations(input *ListBucketIntelligentTieringConfigurationsInput) (*ListBucketIntelligentTieringConfigurationsOutput, error) {
+	req, out := c.ListBucketIntelligentTieringConfigurationsRequest(input)
+	return out, req.Send()
+}
+
+// ListBucketIntelligentTieringConfigurationsWithContext is the same as ListBucketIntelligentTieringConfigurations with the addition of
+// the ability to pass a context and additional request options.
+//
+// See ListBucketIntelligentTieringConfigurations for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *S3) ListBucketIntelligentTieringConfigurationsWithContext(ctx aws.Context, input *ListBucketIntelligentTieringConfigurationsInput, opts ...request.Option) (*ListBucketIntelligentTieringConfigurationsOutput, error) {
+	req, out := c.ListBucketIntelligentTieringConfigurationsRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+const opListBucketInventoryConfigurations = "ListBucketInventoryConfigurations"
+
+// ListBucketInventoryConfigurationsRequest generates a "aws/request.Request" representing the
+// client's request for the ListBucketInventoryConfigurations operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See ListBucketInventoryConfigurations for more information on using the ListBucketInventoryConfigurations
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//	// Example sending a request using the ListBucketInventoryConfigurationsRequest method.
+//	req, resp := client.ListBucketInventoryConfigurationsRequest(params)
+//
+//	err := req.Send()
+//	if err == nil { // resp is now filled
+//	    fmt.Println(resp)
+//	}
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListBucketInventoryConfigurations
+func (c *S3) ListBucketInventoryConfigurationsRequest(input *ListBucketInventoryConfigurationsInput) (req *request.Request, output *ListBucketInventoryConfigurationsOutput) {
+	op := &request.Operation{
+		Name:       opListBucketInventoryConfigurations,
+		HTTPMethod: "GET",
+		HTTPPath:   "/{Bucket}?inventory",
+	}
+
+	if input == nil {
+		input = &ListBucketInventoryConfigurationsInput{}
+	}
+
+	output = &ListBucketInventoryConfigurationsOutput{}
+	req = c.newRequest(op, input, output)
+	return
+}
+
+// ListBucketInventoryConfigurations API operation for Amazon Simple Storage Service.
+//
+// Returns a list of inventory configurations for the bucket. You can have up
+// to 1,000 analytics configurations per bucket.
+//
+// This action supports list pagination and does not return more than 100 configurations
+// at a time. Always check the IsTruncated element in the response. If there
+// are no more configurations to list, IsTruncated is set to false. If there
+// are more configurations to list, IsTruncated is set to true, and there is
+// a value in NextContinuationToken. You use the NextContinuationToken value
+// to continue the pagination of the list by passing the value in continuation-token
+// in the request to GET the next page.
+//
+// To use this operation, you must have permissions to perform the s3:GetInventoryConfiguration
+// action. The bucket owner has this permission by default. The bucket owner
+// can grant this permission to others. For more information about permissions,
+// see Permissions Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
+// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html).
+//
+// For information about the Amazon S3 inventory feature, see Amazon S3 Inventory
+// (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-inventory.html)
+//
+// The following operations are related to ListBucketInventoryConfigurations:
+//
+//   - GetBucketInventoryConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketInventoryConfiguration.html)
+//
+//   - DeleteBucketInventoryConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketInventoryConfiguration.html)
+//
+//   - PutBucketInventoryConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketInventoryConfiguration.html)
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Simple Storage Service's
+// API operation ListBucketInventoryConfigurations for usage and error information.
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListBucketInventoryConfigurations
+func (c *S3) ListBucketInventoryConfigurations(input *ListBucketInventoryConfigurationsInput) (*ListBucketInventoryConfigurationsOutput, error) {
+	req, out := c.ListBucketInventoryConfigurationsRequest(input)
+	return out, req.Send()
+}
+
+// ListBucketInventoryConfigurationsWithContext is the same as ListBucketInventoryConfigurations with the addition of
+// the ability to pass a context and additional request options.
+//
+// See ListBucketInventoryConfigurations for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *S3) ListBucketInventoryConfigurationsWithContext(ctx aws.Context, input *ListBucketInventoryConfigurationsInput, opts ...request.Option) (*ListBucketInventoryConfigurationsOutput, error) {
+	req, out := c.ListBucketInventoryConfigurationsRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+const opListBucketMetricsConfigurations = "ListBucketMetricsConfigurations"
+
+// ListBucketMetricsConfigurationsRequest generates a "aws/request.Request" representing the
+// client's request for the ListBucketMetricsConfigurations operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See ListBucketMetricsConfigurations for more information on using the ListBucketMetricsConfigurations
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//	// Example sending a request using the ListBucketMetricsConfigurationsRequest method.
+//	req, resp := client.ListBucketMetricsConfigurationsRequest(params)
+//
+//	err := req.Send()
+//	if err == nil { // resp is now filled
+//	    fmt.Println(resp)
+//	}
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListBucketMetricsConfigurations
+func (c *S3) ListBucketMetricsConfigurationsRequest(input *ListBucketMetricsConfigurationsInput) (req *request.Request, output *ListBucketMetricsConfigurationsOutput) {
+	op := &request.Operation{
+		Name:       opListBucketMetricsConfigurations,
+		HTTPMethod: "GET",
+		HTTPPath:   "/{Bucket}?metrics",
+	}
+
+	if input == nil {
+		input = &ListBucketMetricsConfigurationsInput{}
+	}
+
+	output = &ListBucketMetricsConfigurationsOutput{}
+	req = c.newRequest(op, input, output)
+	return
+}
+
+// ListBucketMetricsConfigurations API operation for Amazon Simple Storage Service.
+//
+// Lists the metrics configurations for the bucket. The metrics configurations
+// are only for the request metrics of the bucket and do not provide information
+// on daily storage metrics. You can have up to 1,000 configurations per bucket.
+//
+// This action supports list pagination and does not return more than 100 configurations
+// at a time. Always check the IsTruncated element in the response. If there
+// are no more configurations to list, IsTruncated is set to false. If there
+// are more configurations to list, IsTruncated is set to true, and there is
+// a value in NextContinuationToken. You use the NextContinuationToken value
+// to continue the pagination of the list by passing the value in continuation-token
+// in the request to GET the next page.
+//
+// To use this operation, you must have permissions to perform the s3:GetMetricsConfiguration
+// action. The bucket owner has this permission by default. The bucket owner
+// can grant this permission to others. For more information about permissions,
+// see Permissions Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
+// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html).
+//
+// For more information about metrics configurations and CloudWatch request
+// metrics, see Monitoring Metrics with Amazon CloudWatch (https://docs.aws.amazon.com/AmazonS3/latest/dev/cloudwatch-monitoring.html).
+//
+// The following operations are related to ListBucketMetricsConfigurations:
+//
+//   - PutBucketMetricsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketMetricsConfiguration.html)
+//
+//   - GetBucketMetricsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketMetricsConfiguration.html)
+//
+//   - DeleteBucketMetricsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketMetricsConfiguration.html)
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Simple Storage Service's
+// API operation ListBucketMetricsConfigurations for usage and error information.
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListBucketMetricsConfigurations
+func (c *S3) ListBucketMetricsConfigurations(input *ListBucketMetricsConfigurationsInput) (*ListBucketMetricsConfigurationsOutput, error) {
+	req, out := c.ListBucketMetricsConfigurationsRequest(input)
+	return out, req.Send()
+}
+
+// ListBucketMetricsConfigurationsWithContext is the same as ListBucketMetricsConfigurations with the addition of
+// the ability to pass a context and additional request options.
+//
+// See ListBucketMetricsConfigurations for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *S3) ListBucketMetricsConfigurationsWithContext(ctx aws.Context, input *ListBucketMetricsConfigurationsInput, opts ...request.Option) (*ListBucketMetricsConfigurationsOutput, error) {
+	req, out := c.ListBucketMetricsConfigurationsRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+const opListBuckets = "ListBuckets"
+
+// ListBucketsRequest generates a "aws/request.Request" representing the
+// client's request for the ListBuckets operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See ListBuckets for more information on using the ListBuckets
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//	// Example sending a request using the ListBucketsRequest method.
+//	req, resp := client.ListBucketsRequest(params)
+//
+//	err := req.Send()
+//	if err == nil { // resp is now filled
+//	    fmt.Println(resp)
+//	}
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListBuckets
+func (c *S3) ListBucketsRequest(input *ListBucketsInput) (req *request.Request, output *ListBucketsOutput) {
+	op := &request.Operation{
+		Name:       opListBuckets,
+		HTTPMethod: "GET",
+		HTTPPath:   "/",
+	}
+
+	if input == nil {
+		input = &ListBucketsInput{}
+	}
+
+	output = &ListBucketsOutput{}
+	req = c.newRequest(op, input, output)
+	return
+}
+
+// ListBuckets API operation for Amazon Simple Storage Service.
+//
+// Returns a list of all buckets owned by the authenticated sender of the request.
+// To use this operation, you must have the s3:ListAllMyBuckets permission.
+//
+// For information about Amazon S3 buckets, see Creating, configuring, and working
+// with Amazon S3 buckets (https://docs.aws.amazon.com/AmazonS3/latest/userguide/creating-buckets-s3.html).
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Simple Storage Service's
+// API operation ListBuckets for usage and error information.
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListBuckets
+func (c *S3) ListBuckets(input *ListBucketsInput) (*ListBucketsOutput, error) {
+	req, out := c.ListBucketsRequest(input)
+	return out, req.Send()
+}
+
+// ListBucketsWithContext is the same as ListBuckets with the addition of
+// the ability to pass a context and additional request options.
+//
+// See ListBuckets for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *S3) ListBucketsWithContext(ctx aws.Context, input *ListBucketsInput, opts ...request.Option) (*ListBucketsOutput, error) {
+	req, out := c.ListBucketsRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+const opListMultipartUploads = "ListMultipartUploads"
+
+// ListMultipartUploadsRequest generates a "aws/request.Request" representing the
+// client's request for the ListMultipartUploads operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See ListMultipartUploads for more information on using the ListMultipartUploads
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//	// Example sending a request using the ListMultipartUploadsRequest method.
+//	req, resp := client.ListMultipartUploadsRequest(params)
+//
+//	err := req.Send()
+//	if err == nil { // resp is now filled
+//	    fmt.Println(resp)
+//	}
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListMultipartUploads
+func (c *S3) ListMultipartUploadsRequest(input *ListMultipartUploadsInput) (req *request.Request, output *ListMultipartUploadsOutput) {
+	op := &request.Operation{
+		Name:       opListMultipartUploads,
+		HTTPMethod: "GET",
+		HTTPPath:   "/{Bucket}?uploads",
+		Paginator: &request.Paginator{
+			InputTokens:     []string{"KeyMarker", "UploadIdMarker"},
+			OutputTokens:    []string{"NextKeyMarker", "NextUploadIdMarker"},
+			LimitToken:      "MaxUploads",
+			TruncationToken: "IsTruncated",
+		},
+	}
+
+	if input == nil {
+		input = &ListMultipartUploadsInput{}
+	}
+
+	output = &ListMultipartUploadsOutput{}
+	req = c.newRequest(op, input, output)
+	return
+}
+
+// ListMultipartUploads API operation for Amazon Simple Storage Service.
+//
+// This action lists in-progress multipart uploads. An in-progress multipart
+// upload is a multipart upload that has been initiated using the Initiate Multipart
+// Upload request, but has not yet been completed or aborted.
+//
+// This action returns at most 1,000 multipart uploads in the response. 1,000
+// multipart uploads is the maximum number of uploads a response can include,
+// which is also the default value. You can further limit the number of uploads
+// in a response by specifying the max-uploads parameter in the response. If
+// additional multipart uploads satisfy the list criteria, the response will
+// contain an IsTruncated element with the value true. To list the additional
+// multipart uploads, use the key-marker and upload-id-marker request parameters.
+//
+// In the response, the uploads are sorted by key. If your application has initiated
+// more than one multipart upload using the same object key, then uploads in
+// the response are first sorted by key. Additionally, uploads are sorted in
+// ascending order within each key by the upload initiation time.
+//
+// For more information on multipart uploads, see Uploading Objects Using Multipart
+// Upload (https://docs.aws.amazon.com/AmazonS3/latest/dev/uploadobjusingmpu.html).
+//
+// For information on permissions required to use the multipart upload API,
+// see Multipart Upload and Permissions (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html).
+//
+// The following operations are related to ListMultipartUploads:
+//
+//   - CreateMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html)
+//
+//   - UploadPart (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html)
+//
+//   - CompleteMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CompleteMultipartUpload.html)
+//
+//   - ListParts (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListParts.html)
+//
+//   - AbortMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_AbortMultipartUpload.html)
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Simple Storage Service's
+// API operation ListMultipartUploads for usage and error information.
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListMultipartUploads
+func (c *S3) ListMultipartUploads(input *ListMultipartUploadsInput) (*ListMultipartUploadsOutput, error) {
+	req, out := c.ListMultipartUploadsRequest(input)
+	return out, req.Send()
+}
+
+// ListMultipartUploadsWithContext is the same as ListMultipartUploads with the addition of
+// the ability to pass a context and additional request options.
+//
+// See ListMultipartUploads for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *S3) ListMultipartUploadsWithContext(ctx aws.Context, input *ListMultipartUploadsInput, opts ...request.Option) (*ListMultipartUploadsOutput, error) {
+	req, out := c.ListMultipartUploadsRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+// ListMultipartUploadsPages iterates over the pages of a ListMultipartUploads operation,
+// calling the "fn" function with the response data for each page. To stop
+// iterating, return false from the fn function.
+//
+// See ListMultipartUploads method for more information on how to use this operation.
+//
+// Note: This operation can generate multiple requests to a service.
+//
+//	// Example iterating over at most 3 pages of a ListMultipartUploads operation.
+//	pageNum := 0
+//	err := client.ListMultipartUploadsPages(params,
+//	    func(page *s3.ListMultipartUploadsOutput, lastPage bool) bool {
+//	        pageNum++
+//	        fmt.Println(page)
+//	        return pageNum <= 3
+//	    })
+func (c *S3) ListMultipartUploadsPages(input *ListMultipartUploadsInput, fn func(*ListMultipartUploadsOutput, bool) bool) error {
+	return c.ListMultipartUploadsPagesWithContext(aws.BackgroundContext(), input, fn)
+}
+
+// ListMultipartUploadsPagesWithContext same as ListMultipartUploadsPages except
+// it takes a Context and allows setting request options on the pages.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *S3) ListMultipartUploadsPagesWithContext(ctx aws.Context, input *ListMultipartUploadsInput, fn func(*ListMultipartUploadsOutput, bool) bool, opts ...request.Option) error {
+	p := request.Pagination{
+		NewRequest: func() (*request.Request, error) {
+			var inCpy *ListMultipartUploadsInput
+			if input != nil {
+				tmp := *input
+				inCpy = &tmp
+			}
+			req, _ := c.ListMultipartUploadsRequest(inCpy)
+			req.SetContext(ctx)
+			req.ApplyOptions(opts...)
+			return req, nil
+		},
+	}
+
+	for p.Next() {
+		if !fn(p.Page().(*ListMultipartUploadsOutput), !p.HasNextPage()) {
+			break
+		}
+	}
+
+	return p.Err()
+}
+
+const opListObjectVersions = "ListObjectVersions"
+
+// ListObjectVersionsRequest generates a "aws/request.Request" representing the
+// client's request for the ListObjectVersions operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See ListObjectVersions for more information on using the ListObjectVersions
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//	// Example sending a request using the ListObjectVersionsRequest method.
+//	req, resp := client.ListObjectVersionsRequest(params)
+//
+//	err := req.Send()
+//	if err == nil { // resp is now filled
+//	    fmt.Println(resp)
+//	}
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListObjectVersions
+func (c *S3) ListObjectVersionsRequest(input *ListObjectVersionsInput) (req *request.Request, output *ListObjectVersionsOutput) {
+	op := &request.Operation{
+		Name:       opListObjectVersions,
+		HTTPMethod: "GET",
+		HTTPPath:   "/{Bucket}?versions",
+		Paginator: &request.Paginator{
+			InputTokens:     []string{"KeyMarker", "VersionIdMarker"},
+			OutputTokens:    []string{"NextKeyMarker", "NextVersionIdMarker"},
+			LimitToken:      "MaxKeys",
+			TruncationToken: "IsTruncated",
+		},
+	}
+
+	if input == nil {
+		input = &ListObjectVersionsInput{}
+	}
+
+	output = &ListObjectVersionsOutput{}
+	req = c.newRequest(op, input, output)
+	return
+}
+
+// ListObjectVersions API operation for Amazon Simple Storage Service.
+//
+// Returns metadata about all versions of the objects in a bucket. You can also
+// use request parameters as selection criteria to return metadata about a subset
+// of all the object versions.
+//
+// To use this operation, you must have permissions to perform the s3:ListBucketVersions
+// action. Be aware of the name difference.
+//
+// A 200 OK response can contain valid or invalid XML. Make sure to design your
+// application to parse the contents of the response and handle it appropriately.
+//
+// To use this operation, you must have READ access to the bucket.
+//
+// This action is not supported by Amazon S3 on Outposts.
+//
+// The following operations are related to ListObjectVersions:
+//
+//   - ListObjectsV2 (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListObjectsV2.html)
+//
+//   - GetObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html)
+//
+//   - PutObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html)
+//
+//   - DeleteObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObject.html)
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Simple Storage Service's
+// API operation ListObjectVersions for usage and error information.
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListObjectVersions
+func (c *S3) ListObjectVersions(input *ListObjectVersionsInput) (*ListObjectVersionsOutput, error) {
+	req, out := c.ListObjectVersionsRequest(input)
+	return out, req.Send()
+}
+
+// ListObjectVersionsWithContext is the same as ListObjectVersions with the addition of
+// the ability to pass a context and additional request options.
+//
+// See ListObjectVersions for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *S3) ListObjectVersionsWithContext(ctx aws.Context, input *ListObjectVersionsInput, opts ...request.Option) (*ListObjectVersionsOutput, error) {
+	req, out := c.ListObjectVersionsRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+// ListObjectVersionsPages iterates over the pages of a ListObjectVersions operation,
+// calling the "fn" function with the response data for each page. To stop
+// iterating, return false from the fn function.
+//
+// See ListObjectVersions method for more information on how to use this operation.
+//
+// Note: This operation can generate multiple requests to a service.
+//
+//	// Example iterating over at most 3 pages of a ListObjectVersions operation.
+//	pageNum := 0
+//	err := client.ListObjectVersionsPages(params,
+//	    func(page *s3.ListObjectVersionsOutput, lastPage bool) bool {
+//	        pageNum++
+//	        fmt.Println(page)
+//	        return pageNum <= 3
+//	    })
+func (c *S3) ListObjectVersionsPages(input *ListObjectVersionsInput, fn func(*ListObjectVersionsOutput, bool) bool) error {
+	return c.ListObjectVersionsPagesWithContext(aws.BackgroundContext(), input, fn)
+}
+
+// ListObjectVersionsPagesWithContext same as ListObjectVersionsPages except
+// it takes a Context and allows setting request options on the pages.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *S3) ListObjectVersionsPagesWithContext(ctx aws.Context, input *ListObjectVersionsInput, fn func(*ListObjectVersionsOutput, bool) bool, opts ...request.Option) error {
+	p := request.Pagination{
+		NewRequest: func() (*request.Request, error) {
+			var inCpy *ListObjectVersionsInput
+			if input != nil {
+				tmp := *input
+				inCpy = &tmp
+			}
+			req, _ := c.ListObjectVersionsRequest(inCpy)
+			req.SetContext(ctx)
+			req.ApplyOptions(opts...)
+			return req, nil
+		},
+	}
+
+	for p.Next() {
+		if !fn(p.Page().(*ListObjectVersionsOutput), !p.HasNextPage()) {
+			break
+		}
+	}
+
+	return p.Err()
+}
+
+const opListObjects = "ListObjects"
+
+// ListObjectsRequest generates a "aws/request.Request" representing the
+// client's request for the ListObjects operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See ListObjects for more information on using the ListObjects
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//	// Example sending a request using the ListObjectsRequest method.
+//	req, resp := client.ListObjectsRequest(params)
+//
+//	err := req.Send()
+//	if err == nil { // resp is now filled
+//	    fmt.Println(resp)
+//	}
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListObjects
+func (c *S3) ListObjectsRequest(input *ListObjectsInput) (req *request.Request, output *ListObjectsOutput) {
+	op := &request.Operation{
+		Name:       opListObjects,
+		HTTPMethod: "GET",
+		HTTPPath:   "/{Bucket}",
+		Paginator: &request.Paginator{
+			InputTokens:     []string{"Marker"},
+			OutputTokens:    []string{"NextMarker || Contents[-1].Key"},
+			LimitToken:      "MaxKeys",
+			TruncationToken: "IsTruncated",
+		},
+	}
+
+	if input == nil {
+		input = &ListObjectsInput{}
+	}
+
+	output = &ListObjectsOutput{}
+	req = c.newRequest(op, input, output)
+	return
+}
+
+// ListObjects API operation for Amazon Simple Storage Service.
+//
+// Returns some or all (up to 1,000) of the objects in a bucket. You can use
+// the request parameters as selection criteria to return a subset of the objects
+// in a bucket. A 200 OK response can contain valid or invalid XML. Be sure
+// to design your application to parse the contents of the response and handle
+// it appropriately.
+//
+// This action has been revised. We recommend that you use the newer version,
+// ListObjectsV2 (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListObjectsV2.html),
+// when developing applications. For backward compatibility, Amazon S3 continues
+// to support ListObjects.
+//
+// The following operations are related to ListObjects:
+//
+//   - ListObjectsV2 (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListObjectsV2.html)
+//
+//   - GetObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html)
+//
+//   - PutObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html)
+//
+//   - CreateBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html)
+//
+//   - ListBuckets (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBuckets.html)
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Simple Storage Service's
+// API operation ListObjects for usage and error information.
+//
+// Returned Error Codes:
+//   - ErrCodeNoSuchBucket "NoSuchBucket"
+//     The specified bucket does not exist.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListObjects
+func (c *S3) ListObjects(input *ListObjectsInput) (*ListObjectsOutput, error) {
+	req, out := c.ListObjectsRequest(input)
+	return out, req.Send()
+}
+
+// ListObjectsWithContext is the same as ListObjects with the addition of
+// the ability to pass a context and additional request options.
+//
+// See ListObjects for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *S3) ListObjectsWithContext(ctx aws.Context, input *ListObjectsInput, opts ...request.Option) (*ListObjectsOutput, error) {
+	req, out := c.ListObjectsRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+// ListObjectsPages iterates over the pages of a ListObjects operation,
+// calling the "fn" function with the response data for each page. To stop
+// iterating, return false from the fn function.
+//
+// See ListObjects method for more information on how to use this operation.
+//
+// Note: This operation can generate multiple requests to a service.
+//
+//	// Example iterating over at most 3 pages of a ListObjects operation.
+//	pageNum := 0
+//	err := client.ListObjectsPages(params,
+//	    func(page *s3.ListObjectsOutput, lastPage bool) bool {
+//	        pageNum++
+//	        fmt.Println(page)
+//	        return pageNum <= 3
+//	    })
+func (c *S3) ListObjectsPages(input *ListObjectsInput, fn func(*ListObjectsOutput, bool) bool) error {
+	return c.ListObjectsPagesWithContext(aws.BackgroundContext(), input, fn)
+}
+
+// ListObjectsPagesWithContext same as ListObjectsPages except
+// it takes a Context and allows setting request options on the pages.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *S3) ListObjectsPagesWithContext(ctx aws.Context, input *ListObjectsInput, fn func(*ListObjectsOutput, bool) bool, opts ...request.Option) error {
+	p := request.Pagination{
+		NewRequest: func() (*request.Request, error) {
+			var inCpy *ListObjectsInput
+			if input != nil {
+				tmp := *input
+				inCpy = &tmp
+			}
+			req, _ := c.ListObjectsRequest(inCpy)
+			req.SetContext(ctx)
+			req.ApplyOptions(opts...)
+			return req, nil
+		},
+	}
+
+	for p.Next() {
+		if !fn(p.Page().(*ListObjectsOutput), !p.HasNextPage()) {
+			break
+		}
+	}
+
+	return p.Err()
+}
+
+const opListObjectsV2 = "ListObjectsV2"
+
+// ListObjectsV2Request generates a "aws/request.Request" representing the
+// client's request for the ListObjectsV2 operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See ListObjectsV2 for more information on using the ListObjectsV2
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//	// Example sending a request using the ListObjectsV2Request method.
+//	req, resp := client.ListObjectsV2Request(params)
+//
+//	err := req.Send()
+//	if err == nil { // resp is now filled
+//	    fmt.Println(resp)
+//	}
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListObjectsV2
+func (c *S3) ListObjectsV2Request(input *ListObjectsV2Input) (req *request.Request, output *ListObjectsV2Output) {
+	op := &request.Operation{
+		Name:       opListObjectsV2,
+		HTTPMethod: "GET",
+		HTTPPath:   "/{Bucket}?list-type=2",
+		Paginator: &request.Paginator{
+			InputTokens:     []string{"ContinuationToken"},
+			OutputTokens:    []string{"NextContinuationToken"},
+			LimitToken:      "MaxKeys",
+			TruncationToken: "",
+		},
+	}
+
+	if input == nil {
+		input = &ListObjectsV2Input{}
+	}
+
+	output = &ListObjectsV2Output{}
+	req = c.newRequest(op, input, output)
+	return
+}
+
+// ListObjectsV2 API operation for Amazon Simple Storage Service.
+//
+// Returns some or all (up to 1,000) of the objects in a bucket with each request.
+// You can use the request parameters as selection criteria to return a subset
+// of the objects in a bucket. A 200 OK response can contain valid or invalid
+// XML. Make sure to design your application to parse the contents of the response
+// and handle it appropriately. Objects are returned sorted in an ascending
+// order of the respective key names in the list. For more information about
+// listing objects, see Listing object keys programmatically (https://docs.aws.amazon.com/AmazonS3/latest/userguide/ListingKeysUsingAPIs.html)
+//
+// To use this operation, you must have READ access to the bucket.
+//
+// To use this action in an Identity and Access Management (IAM) policy, you
+// must have permissions to perform the s3:ListBucket action. The bucket owner
+// has this permission by default and can grant this permission to others. For
+// more information about permissions, see Permissions Related to Bucket Subresource
+// Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
+// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html).
+//
+// This section describes the latest revision of this action. We recommend that
+// you use this revised API for application development. For backward compatibility,
+// Amazon S3 continues to support the prior version of this API, ListObjects
+// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListObjects.html).
+//
+// To get a list of your buckets, see ListBuckets (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBuckets.html).
+//
+// The following operations are related to ListObjectsV2:
+//
+//   - GetObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html)
+//
+//   - PutObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html)
+//
+//   - CreateBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html)
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Simple Storage Service's
+// API operation ListObjectsV2 for usage and error information.
+//
+// Returned Error Codes:
+//   - ErrCodeNoSuchBucket "NoSuchBucket"
+//     The specified bucket does not exist.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListObjectsV2
+func (c *S3) ListObjectsV2(input *ListObjectsV2Input) (*ListObjectsV2Output, error) {
+	req, out := c.ListObjectsV2Request(input)
+	return out, req.Send()
+}
+
+// ListObjectsV2WithContext is the same as ListObjectsV2 with the addition of
+// the ability to pass a context and additional request options.
+//
+// See ListObjectsV2 for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *S3) ListObjectsV2WithContext(ctx aws.Context, input *ListObjectsV2Input, opts ...request.Option) (*ListObjectsV2Output, error) {
+	req, out := c.ListObjectsV2Request(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+// ListObjectsV2Pages iterates over the pages of a ListObjectsV2 operation,
+// calling the "fn" function with the response data for each page. To stop
+// iterating, return false from the fn function.
+//
+// See ListObjectsV2 method for more information on how to use this operation.
+//
+// Note: This operation can generate multiple requests to a service.
+//
+//	// Example iterating over at most 3 pages of a ListObjectsV2 operation.
+//	pageNum := 0
+//	err := client.ListObjectsV2Pages(params,
+//	    func(page *s3.ListObjectsV2Output, lastPage bool) bool {
+//	        pageNum++
+//	        fmt.Println(page)
+//	        return pageNum <= 3
+//	    })
+func (c *S3) ListObjectsV2Pages(input *ListObjectsV2Input, fn func(*ListObjectsV2Output, bool) bool) error {
+	return c.ListObjectsV2PagesWithContext(aws.BackgroundContext(), input, fn)
+}
+
+// ListObjectsV2PagesWithContext same as ListObjectsV2Pages except
+// it takes a Context and allows setting request options on the pages.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *S3) ListObjectsV2PagesWithContext(ctx aws.Context, input *ListObjectsV2Input, fn func(*ListObjectsV2Output, bool) bool, opts ...request.Option) error {
+	p := request.Pagination{
+		NewRequest: func() (*request.Request, error) {
+			var inCpy *ListObjectsV2Input
+			if input != nil {
+				tmp := *input
+				inCpy = &tmp
+			}
+			req, _ := c.ListObjectsV2Request(inCpy)
+			req.SetContext(ctx)
+			req.ApplyOptions(opts...)
+			return req, nil
+		},
+	}
+
+	for p.Next() {
+		if !fn(p.Page().(*ListObjectsV2Output), !p.HasNextPage()) {
+			break
+		}
+	}
+
+	return p.Err()
+}
+
+const opListParts = "ListParts"
+
+// ListPartsRequest generates a "aws/request.Request" representing the
+// client's request for the ListParts operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See ListParts for more information on using the ListParts
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//	// Example sending a request using the ListPartsRequest method.
+//	req, resp := client.ListPartsRequest(params)
+//
+//	err := req.Send()
+//	if err == nil { // resp is now filled
+//	    fmt.Println(resp)
+//	}
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListParts
+func (c *S3) ListPartsRequest(input *ListPartsInput) (req *request.Request, output *ListPartsOutput) {
+	op := &request.Operation{
+		Name:       opListParts,
+		HTTPMethod: "GET",
+		HTTPPath:   "/{Bucket}/{Key+}",
+		Paginator: &request.Paginator{
+			InputTokens:     []string{"PartNumberMarker"},
+			OutputTokens:    []string{"NextPartNumberMarker"},
+			LimitToken:      "MaxParts",
+			TruncationToken: "IsTruncated",
+		},
+	}
+
+	if input == nil {
+		input = &ListPartsInput{}
+	}
+
+	output = &ListPartsOutput{}
+	req = c.newRequest(op, input, output)
+	return
+}
+
+// ListParts API operation for Amazon Simple Storage Service.
+//
+// Lists the parts that have been uploaded for a specific multipart upload.
+// This operation must include the upload ID, which you obtain by sending the
+// initiate multipart upload request (see CreateMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html)).
+// This request returns a maximum of 1,000 uploaded parts. The default number
+// of parts returned is 1,000 parts. You can restrict the number of parts returned
+// by specifying the max-parts request parameter. If your multipart upload consists
+// of more than 1,000 parts, the response returns an IsTruncated field with
+// the value of true, and a NextPartNumberMarker element. In subsequent ListParts
+// requests you can include the part-number-marker query string parameter and
+// set its value to the NextPartNumberMarker field value from the previous response.
+//
+// If the upload was created using a checksum algorithm, you will need to have
+// permission to the kms:Decrypt action for the request to succeed.
+//
+// For more information on multipart uploads, see Uploading Objects Using Multipart
+// Upload (https://docs.aws.amazon.com/AmazonS3/latest/dev/uploadobjusingmpu.html).
+//
+// For information on permissions required to use the multipart upload API,
+// see Multipart Upload and Permissions (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html).
+//
+// The following operations are related to ListParts:
+//
+//   - CreateMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html)
+//
+//   - UploadPart (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html)
+//
+//   - CompleteMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CompleteMultipartUpload.html)
+//
+//   - AbortMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_AbortMultipartUpload.html)
+//
+//   - GetObjectAttributes (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectAttributes.html)
+//
+//   - ListMultipartUploads (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListMultipartUploads.html)
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Simple Storage Service's
+// API operation ListParts for usage and error information.
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListParts
+func (c *S3) ListParts(input *ListPartsInput) (*ListPartsOutput, error) {
+	req, out := c.ListPartsRequest(input)
+	return out, req.Send()
+}
+
+// ListPartsWithContext is the same as ListParts with the addition of
+// the ability to pass a context and additional request options.
+//
+// See ListParts for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *S3) ListPartsWithContext(ctx aws.Context, input *ListPartsInput, opts ...request.Option) (*ListPartsOutput, error) {
+	req, out := c.ListPartsRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+// ListPartsPages iterates over the pages of a ListParts operation,
+// calling the "fn" function with the response data for each page. To stop
+// iterating, return false from the fn function.
+//
+// See ListParts method for more information on how to use this operation.
+//
+// Note: This operation can generate multiple requests to a service.
+//
+//	// Example iterating over at most 3 pages of a ListParts operation.
+//	pageNum := 0
+//	err := client.ListPartsPages(params,
+//	    func(page *s3.ListPartsOutput, lastPage bool) bool {
+//	        pageNum++
+//	        fmt.Println(page)
+//	        return pageNum <= 3
+//	    })
+func (c *S3) ListPartsPages(input *ListPartsInput, fn func(*ListPartsOutput, bool) bool) error {
+	return c.ListPartsPagesWithContext(aws.BackgroundContext(), input, fn)
+}
+
+// ListPartsPagesWithContext same as ListPartsPages except
+// it takes a Context and allows setting request options on the pages.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *S3) ListPartsPagesWithContext(ctx aws.Context, input *ListPartsInput, fn func(*ListPartsOutput, bool) bool, opts ...request.Option) error {
+	p := request.Pagination{
+		NewRequest: func() (*request.Request, error) {
+			var inCpy *ListPartsInput
+			if input != nil {
+				tmp := *input
+				inCpy = &tmp
+			}
+			req, _ := c.ListPartsRequest(inCpy)
+			req.SetContext(ctx)
+			req.ApplyOptions(opts...)
+			return req, nil
+		},
+	}
+
+	for p.Next() {
+		if !fn(p.Page().(*ListPartsOutput), !p.HasNextPage()) {
+			break
+		}
+	}
+
+	return p.Err()
+}
+
+const opPutBucketAccelerateConfiguration = "PutBucketAccelerateConfiguration"
+
+// PutBucketAccelerateConfigurationRequest generates a "aws/request.Request" representing the
+// client's request for the PutBucketAccelerateConfiguration operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See PutBucketAccelerateConfiguration for more information on using the PutBucketAccelerateConfiguration
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//	// Example sending a request using the PutBucketAccelerateConfigurationRequest method.
+//	req, resp := client.PutBucketAccelerateConfigurationRequest(params)
+//
+//	err := req.Send()
+//	if err == nil { // resp is now filled
+//	    fmt.Println(resp)
+//	}
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketAccelerateConfiguration
+func (c *S3) PutBucketAccelerateConfigurationRequest(input *PutBucketAccelerateConfigurationInput) (req *request.Request, output *PutBucketAccelerateConfigurationOutput) {
+	op := &request.Operation{
+		Name:       opPutBucketAccelerateConfiguration,
+		HTTPMethod: "PUT",
+		HTTPPath:   "/{Bucket}?accelerate",
+	}
+
+	if input == nil {
+		input = &PutBucketAccelerateConfigurationInput{}
+	}
+
+	output = &PutBucketAccelerateConfigurationOutput{}
+	req = c.newRequest(op, input, output)
+	req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
+	return
+}
+
+// PutBucketAccelerateConfiguration API operation for Amazon Simple Storage Service.
+//
+// Sets the accelerate configuration of an existing bucket. Amazon S3 Transfer
+// Acceleration is a bucket-level feature that enables you to perform faster
+// data transfers to Amazon S3.
+//
+// To use this operation, you must have permission to perform the s3:PutAccelerateConfiguration
+// action. The bucket owner has this permission by default. The bucket owner
+// can grant this permission to others. For more information about permissions,
+// see Permissions Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
+// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html).
+//
+// The Transfer Acceleration state of a bucket can be set to one of the following
+// two values:
+//
+//   - Enabled – Enables accelerated data transfers to the bucket.
+//
+//   - Suspended – Disables accelerated data transfers to the bucket.
+//
+// The GetBucketAccelerateConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketAccelerateConfiguration.html)
+// action returns the transfer acceleration state of a bucket.
+//
+// After setting the Transfer Acceleration state of a bucket to Enabled, it
+// might take up to thirty minutes before the data transfer rates to the bucket
+// increase.
+//
+// The name of the bucket used for Transfer Acceleration must be DNS-compliant
+// and must not contain periods (".").
+//
+// For more information about transfer acceleration, see Transfer Acceleration
+// (https://docs.aws.amazon.com/AmazonS3/latest/dev/transfer-acceleration.html).
+//
+// The following operations are related to PutBucketAccelerateConfiguration:
+//
+//   - GetBucketAccelerateConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketAccelerateConfiguration.html)
+//
+//   - CreateBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html)
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Simple Storage Service's
+// API operation PutBucketAccelerateConfiguration for usage and error information.
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketAccelerateConfiguration
+func (c *S3) PutBucketAccelerateConfiguration(input *PutBucketAccelerateConfigurationInput) (*PutBucketAccelerateConfigurationOutput, error) {
+	req, out := c.PutBucketAccelerateConfigurationRequest(input)
+	return out, req.Send()
+}
+
+// PutBucketAccelerateConfigurationWithContext is the same as PutBucketAccelerateConfiguration with the addition of
+// the ability to pass a context and additional request options.
+//
+// See PutBucketAccelerateConfiguration for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *S3) PutBucketAccelerateConfigurationWithContext(ctx aws.Context, input *PutBucketAccelerateConfigurationInput, opts ...request.Option) (*PutBucketAccelerateConfigurationOutput, error) {
+	req, out := c.PutBucketAccelerateConfigurationRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+const opPutBucketAcl = "PutBucketAcl"
+
+// PutBucketAclRequest generates a "aws/request.Request" representing the
+// client's request for the PutBucketAcl operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See PutBucketAcl for more information on using the PutBucketAcl
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//	// Example sending a request using the PutBucketAclRequest method.
+//	req, resp := client.PutBucketAclRequest(params)
+//
+//	err := req.Send()
+//	if err == nil { // resp is now filled
+//	    fmt.Println(resp)
+//	}
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketAcl
+func (c *S3) PutBucketAclRequest(input *PutBucketAclInput) (req *request.Request, output *PutBucketAclOutput) {
+	op := &request.Operation{
+		Name:       opPutBucketAcl,
+		HTTPMethod: "PUT",
+		HTTPPath:   "/{Bucket}?acl",
+	}
+
+	if input == nil {
+		input = &PutBucketAclInput{}
+	}
+
+	output = &PutBucketAclOutput{}
+	req = c.newRequest(op, input, output)
+	req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
+	req.Handlers.Build.PushBackNamed(request.NamedHandler{
+		Name: "contentMd5Handler",
+		Fn:   checksum.AddBodyContentMD5Handler,
+	})
+	return
+}
+
+// PutBucketAcl API operation for Amazon Simple Storage Service.
+//
+// Sets the permissions on an existing bucket using access control lists (ACL).
+// For more information, see Using ACLs (https://docs.aws.amazon.com/AmazonS3/latest/dev/S3_ACLs_UsingACLs.html).
+// To set the ACL of a bucket, you must have WRITE_ACP permission.
+//
+// You can use one of the following two ways to set a bucket's permissions:
+//
+//   - Specify the ACL in the request body
+//
+//   - Specify permissions using request headers
+//
+// You cannot specify access permission using both the body and the request
+// headers.
+//
+// Depending on your application needs, you may choose to set the ACL on a bucket
+// using either the request body or the headers. For example, if you have an
+// existing application that updates a bucket ACL using the request body, then
+// you can continue to use that approach.
+//
+// If your bucket uses the bucket owner enforced setting for S3 Object Ownership,
+// ACLs are disabled and no longer affect permissions. You must use policies
+// to grant access to your bucket and the objects in it. Requests to set ACLs
+// or update ACLs fail and return the AccessControlListNotSupported error code.
+// Requests to read ACLs are still supported. For more information, see Controlling
+// object ownership (https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html)
+// in the Amazon S3 User Guide.
+//
+// # Permissions
+//
+// You can set access permissions by using one of the following methods:
+//
+//   - Specify a canned ACL with the x-amz-acl request header. Amazon S3 supports
+//     a set of predefined ACLs, known as canned ACLs. Each canned ACL has a
+//     predefined set of grantees and permissions. Specify the canned ACL name
+//     as the value of x-amz-acl. If you use this header, you cannot use other
+//     access control-specific headers in your request. For more information,
+//     see Canned ACL (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL).
+//
+//   - Specify access permissions explicitly with the x-amz-grant-read, x-amz-grant-read-acp,
+//     x-amz-grant-write-acp, and x-amz-grant-full-control headers. When using
+//     these headers, you specify explicit access permissions and grantees (Amazon
+//     Web Services accounts or Amazon S3 groups) who will receive the permission.
+//     If you use these ACL-specific headers, you cannot use the x-amz-acl header
+//     to set a canned ACL. These parameters map to the set of permissions that
+//     Amazon S3 supports in an ACL. For more information, see Access Control
+//     List (ACL) Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html).
+//     You specify each grantee as a type=value pair, where the type is one of
+//     the following: id – if the value specified is the canonical user ID
+//     of an Amazon Web Services account uri – if you are granting permissions
+//     to a predefined group emailAddress – if the value specified is the email
+//     address of an Amazon Web Services account Using email addresses to specify
+//     a grantee is only supported in the following Amazon Web Services Regions:
+//     US East (N. Virginia) US West (N. California) US West (Oregon) Asia Pacific
+//     (Singapore) Asia Pacific (Sydney) Asia Pacific (Tokyo) Europe (Ireland)
+//     South America (São Paulo) For a list of all the Amazon S3 supported Regions
+//     and endpoints, see Regions and Endpoints (https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region)
+//     in the Amazon Web Services General Reference. For example, the following
+//     x-amz-grant-write header grants create, overwrite, and delete objects
+//     permission to LogDelivery group predefined by Amazon S3 and two Amazon
+//     Web Services accounts identified by their email addresses. x-amz-grant-write:
+//     uri="http://acs.amazonaws.com/groups/s3/LogDelivery", id="111122223333",
+//     id="555566667777"
+//
+// You can use either a canned ACL or specify access permissions explicitly.
+// You cannot do both.
+//
+// # Grantee Values
+//
+// You can specify the person (grantee) to whom you're assigning access rights
+// (using request elements) in the following ways:
+//
+//   - By the person's ID: <Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+//     xsi:type="CanonicalUser"><ID><>ID<></ID><DisplayName><>GranteesEmail<></DisplayName>
+//     </Grantee> DisplayName is optional and ignored in the request
+//
+//   - By URI: <Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+//     xsi:type="Group"><URI><>http://acs.amazonaws.com/groups/global/AuthenticatedUsers<></URI></Grantee>
+//
+//   - By Email address: <Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+//     xsi:type="AmazonCustomerByEmail"><EmailAddress><>Grantees@email.com<></EmailAddress>&</Grantee>
+//     The grantee is resolved to the CanonicalUser and, in a response to a GET
+//     Object acl request, appears as the CanonicalUser. Using email addresses
+//     to specify a grantee is only supported in the following Amazon Web Services
+//     Regions: US East (N. Virginia) US West (N. California) US West (Oregon)
+//     Asia Pacific (Singapore) Asia Pacific (Sydney) Asia Pacific (Tokyo) Europe
+//     (Ireland) South America (São Paulo) For a list of all the Amazon S3 supported
+//     Regions and endpoints, see Regions and Endpoints (https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region)
+//     in the Amazon Web Services General Reference.
+//
+// The following operations are related to PutBucketAcl:
+//
+//   - CreateBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html)
+//
+//   - DeleteBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucket.html)
+//
+//   - GetObjectAcl (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectAcl.html)
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Simple Storage Service's
+// API operation PutBucketAcl for usage and error information.
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketAcl
+func (c *S3) PutBucketAcl(input *PutBucketAclInput) (*PutBucketAclOutput, error) {
+	req, out := c.PutBucketAclRequest(input)
+	return out, req.Send()
+}
+
+// PutBucketAclWithContext is the same as PutBucketAcl with the addition of
+// the ability to pass a context and additional request options.
+//
+// See PutBucketAcl for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *S3) PutBucketAclWithContext(ctx aws.Context, input *PutBucketAclInput, opts ...request.Option) (*PutBucketAclOutput, error) {
+	req, out := c.PutBucketAclRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+const opPutBucketAnalyticsConfiguration = "PutBucketAnalyticsConfiguration"
+
+// PutBucketAnalyticsConfigurationRequest generates a "aws/request.Request" representing the
+// client's request for the PutBucketAnalyticsConfiguration operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See PutBucketAnalyticsConfiguration for more information on using the PutBucketAnalyticsConfiguration
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//	// Example sending a request using the PutBucketAnalyticsConfigurationRequest method.
+//	req, resp := client.PutBucketAnalyticsConfigurationRequest(params)
+//
+//	err := req.Send()
+//	if err == nil { // resp is now filled
+//	    fmt.Println(resp)
+//	}
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketAnalyticsConfiguration
+func (c *S3) PutBucketAnalyticsConfigurationRequest(input *PutBucketAnalyticsConfigurationInput) (req *request.Request, output *PutBucketAnalyticsConfigurationOutput) {
+	op := &request.Operation{
+		Name:       opPutBucketAnalyticsConfiguration,
+		HTTPMethod: "PUT",
+		HTTPPath:   "/{Bucket}?analytics",
+	}
+
+	if input == nil {
+		input = &PutBucketAnalyticsConfigurationInput{}
+	}
+
+	output = &PutBucketAnalyticsConfigurationOutput{}
+	req = c.newRequest(op, input, output)
+	req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
+	return
+}
+
+// PutBucketAnalyticsConfiguration API operation for Amazon Simple Storage Service.
+//
+// Sets an analytics configuration for the bucket (specified by the analytics
+// configuration ID). You can have up to 1,000 analytics configurations per
+// bucket.
+//
+// You can choose to have storage class analysis export analysis reports sent
+// to a comma-separated values (CSV) flat file. See the DataExport request element.
+// Reports are updated daily and are based on the object filters that you configure.
+// When selecting data export, you specify a destination bucket and an optional
+// destination prefix where the file is written. You can export the data to
+// a destination bucket in a different account. However, the destination bucket
+// must be in the same Region as the bucket that you are making the PUT analytics
+// configuration to. For more information, see Amazon S3 Analytics – Storage
+// Class Analysis (https://docs.aws.amazon.com/AmazonS3/latest/dev/analytics-storage-class.html).
+//
+// You must create a bucket policy on the destination bucket where the exported
+// file is written to grant permissions to Amazon S3 to write objects to the
+// bucket. For an example policy, see Granting Permissions for Amazon S3 Inventory
+// and Storage Class Analysis (https://docs.aws.amazon.com/AmazonS3/latest/dev/example-bucket-policies.html#example-bucket-policies-use-case-9).
+//
+// To use this operation, you must have permissions to perform the s3:PutAnalyticsConfiguration
+// action. The bucket owner has this permission by default. The bucket owner
+// can grant this permission to others. For more information about permissions,
+// see Permissions Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
+// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html).
+//
+// PutBucketAnalyticsConfiguration has the following special errors:
+//
+//   - HTTP Error: HTTP 400 Bad Request Code: InvalidArgument Cause: Invalid
+//     argument.
+//
+//   - HTTP Error: HTTP 400 Bad Request Code: TooManyConfigurations Cause:
+//     You are attempting to create a new configuration but have already reached
+//     the 1,000-configuration limit.
+//
+//   - HTTP Error: HTTP 403 Forbidden Code: AccessDenied Cause: You are not
+//     the owner of the specified bucket, or you do not have the s3:PutAnalyticsConfiguration
+//     bucket permission to set the configuration on the bucket.
+//
+// The following operations are related to PutBucketAnalyticsConfiguration:
+//
+//   - GetBucketAnalyticsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketAnalyticsConfiguration.html)
+//
+//   - DeleteBucketAnalyticsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketAnalyticsConfiguration.html)
+//
+//   - ListBucketAnalyticsConfigurations (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketAnalyticsConfigurations.html)
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Simple Storage Service's
+// API operation PutBucketAnalyticsConfiguration for usage and error information.
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketAnalyticsConfiguration
+func (c *S3) PutBucketAnalyticsConfiguration(input *PutBucketAnalyticsConfigurationInput) (*PutBucketAnalyticsConfigurationOutput, error) {
+	req, out := c.PutBucketAnalyticsConfigurationRequest(input)
+	return out, req.Send()
+}
+
+// PutBucketAnalyticsConfigurationWithContext is the same as PutBucketAnalyticsConfiguration with the addition of
+// the ability to pass a context and additional request options.
+//
+// See PutBucketAnalyticsConfiguration for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *S3) PutBucketAnalyticsConfigurationWithContext(ctx aws.Context, input *PutBucketAnalyticsConfigurationInput, opts ...request.Option) (*PutBucketAnalyticsConfigurationOutput, error) {
+	req, out := c.PutBucketAnalyticsConfigurationRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+const opPutBucketCors = "PutBucketCors"
+
+// PutBucketCorsRequest generates a "aws/request.Request" representing the
+// client's request for the PutBucketCors operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See PutBucketCors for more information on using the PutBucketCors
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//	// Example sending a request using the PutBucketCorsRequest method.
+//	req, resp := client.PutBucketCorsRequest(params)
+//
+//	err := req.Send()
+//	if err == nil { // resp is now filled
+//	    fmt.Println(resp)
+//	}
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketCors
+func (c *S3) PutBucketCorsRequest(input *PutBucketCorsInput) (req *request.Request, output *PutBucketCorsOutput) {
+	op := &request.Operation{
+		Name:       opPutBucketCors,
+		HTTPMethod: "PUT",
+		HTTPPath:   "/{Bucket}?cors",
+	}
+
+	if input == nil {
+		input = &PutBucketCorsInput{}
+	}
+
+	output = &PutBucketCorsOutput{}
+	req = c.newRequest(op, input, output)
+	req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
+	req.Handlers.Build.PushBackNamed(request.NamedHandler{
+		Name: "contentMd5Handler",
+		Fn:   checksum.AddBodyContentMD5Handler,
+	})
+	return
+}
+
+// PutBucketCors API operation for Amazon Simple Storage Service.
+//
+// Sets the cors configuration for your bucket. If the configuration exists,
+// Amazon S3 replaces it.
+//
+// To use this operation, you must be allowed to perform the s3:PutBucketCORS
+// action. By default, the bucket owner has this permission and can grant it
+// to others.
+//
+// You set this configuration on a bucket so that the bucket can service cross-origin
+// requests. For example, you might want to enable a request whose origin is
+// http://www.example.com to access your Amazon S3 bucket at my.example.bucket.com
+// by using the browser's XMLHttpRequest capability.
+//
+// To enable cross-origin resource sharing (CORS) on a bucket, you add the cors
+// subresource to the bucket. The cors subresource is an XML document in which
+// you configure rules that identify origins and the HTTP methods that can be
+// executed on your bucket. The document is limited to 64 KB in size.
+//
+// When Amazon S3 receives a cross-origin request (or a pre-flight OPTIONS request)
+// against a bucket, it evaluates the cors configuration on the bucket and uses
+// the first CORSRule rule that matches the incoming browser request to enable
+// a cross-origin request. For a rule to match, the following conditions must
+// be met:
+//
+//   - The request's Origin header must match AllowedOrigin elements.
+//
+//   - The request method (for example, GET, PUT, HEAD, and so on) or the Access-Control-Request-Method
+//     header in case of a pre-flight OPTIONS request must be one of the AllowedMethod
+//     elements.
+//
+//   - Every header specified in the Access-Control-Request-Headers request
+//     header of a pre-flight request must match an AllowedHeader element.
+//
+// For more information about CORS, go to Enabling Cross-Origin Resource Sharing
+// (https://docs.aws.amazon.com/AmazonS3/latest/dev/cors.html) in the Amazon
+// S3 User Guide.
+//
+// The following operations are related to PutBucketCors:
+//
+//   - GetBucketCors (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketCors.html)
+//
+//   - DeleteBucketCors (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketCors.html)
+//
+//   - RESTOPTIONSobject (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTOPTIONSobject.html)
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Simple Storage Service's
+// API operation PutBucketCors for usage and error information.
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketCors
+func (c *S3) PutBucketCors(input *PutBucketCorsInput) (*PutBucketCorsOutput, error) {
+	req, out := c.PutBucketCorsRequest(input)
+	return out, req.Send()
+}
+
+// PutBucketCorsWithContext is the same as PutBucketCors with the addition of
+// the ability to pass a context and additional request options.
+//
+// See PutBucketCors for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *S3) PutBucketCorsWithContext(ctx aws.Context, input *PutBucketCorsInput, opts ...request.Option) (*PutBucketCorsOutput, error) {
+	req, out := c.PutBucketCorsRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+const opPutBucketEncryption = "PutBucketEncryption"
+
+// PutBucketEncryptionRequest generates a "aws/request.Request" representing the
+// client's request for the PutBucketEncryption operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See PutBucketEncryption for more information on using the PutBucketEncryption
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//	// Example sending a request using the PutBucketEncryptionRequest method.
+//	req, resp := client.PutBucketEncryptionRequest(params)
+//
+//	err := req.Send()
+//	if err == nil { // resp is now filled
+//	    fmt.Println(resp)
+//	}
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketEncryption
+func (c *S3) PutBucketEncryptionRequest(input *PutBucketEncryptionInput) (req *request.Request, output *PutBucketEncryptionOutput) {
+	op := &request.Operation{
+		Name:       opPutBucketEncryption,
+		HTTPMethod: "PUT",
+		HTTPPath:   "/{Bucket}?encryption",
+	}
+
+	if input == nil {
+		input = &PutBucketEncryptionInput{}
+	}
+
+	output = &PutBucketEncryptionOutput{}
+	req = c.newRequest(op, input, output)
+	req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
+	req.Handlers.Build.PushBackNamed(request.NamedHandler{
+		Name: "contentMd5Handler",
+		Fn:   checksum.AddBodyContentMD5Handler,
+	})
+	return
+}
+
+// PutBucketEncryption API operation for Amazon Simple Storage Service.
+//
+// This action uses the encryption subresource to configure default encryption
+// and Amazon S3 Bucket Keys for an existing bucket.
+//
+// By default, all buckets have a default encryption configuration that uses
+// server-side encryption with Amazon S3 managed keys (SSE-S3). You can optionally
+// configure default encryption for a bucket by using server-side encryption
+// with Key Management Service (KMS) keys (SSE-KMS), dual-layer server-side
+// encryption with Amazon Web Services KMS keys (DSSE-KMS), or server-side encryption
+// with customer-provided keys (SSE-C). If you specify default encryption by
+// using SSE-KMS, you can also configure Amazon S3 Bucket Keys. For information
+// about bucket default encryption, see Amazon S3 bucket default encryption
+// (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html)
+// in the Amazon S3 User Guide. For more information about S3 Bucket Keys, see
+// Amazon S3 Bucket Keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-key.html)
+// in the Amazon S3 User Guide.
+//
+// This action requires Amazon Web Services Signature Version 4. For more information,
+// see Authenticating Requests (Amazon Web Services Signature Version 4) (https://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-authenticating-requests.html).
+//
+// To use this operation, you must have permission to perform the s3:PutEncryptionConfiguration
+// action. The bucket owner has this permission by default. The bucket owner
+// can grant this permission to others. For more information about permissions,
+// see Permissions Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
+// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html)
+// in the Amazon S3 User Guide.
+//
+// The following operations are related to PutBucketEncryption:
+//
+//   - GetBucketEncryption (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketEncryption.html)
+//
+//   - DeleteBucketEncryption (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketEncryption.html)
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Simple Storage Service's
+// API operation PutBucketEncryption for usage and error information.
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketEncryption
+func (c *S3) PutBucketEncryption(input *PutBucketEncryptionInput) (*PutBucketEncryptionOutput, error) {
+	req, out := c.PutBucketEncryptionRequest(input)
+	return out, req.Send()
+}
+
+// PutBucketEncryptionWithContext is the same as PutBucketEncryption with the addition of
+// the ability to pass a context and additional request options.
+//
+// See PutBucketEncryption for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *S3) PutBucketEncryptionWithContext(ctx aws.Context, input *PutBucketEncryptionInput, opts ...request.Option) (*PutBucketEncryptionOutput, error) {
+	req, out := c.PutBucketEncryptionRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+const opPutBucketIntelligentTieringConfiguration = "PutBucketIntelligentTieringConfiguration"
+
+// PutBucketIntelligentTieringConfigurationRequest generates a "aws/request.Request" representing the
+// client's request for the PutBucketIntelligentTieringConfiguration operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See PutBucketIntelligentTieringConfiguration for more information on using the PutBucketIntelligentTieringConfiguration
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//	// Example sending a request using the PutBucketIntelligentTieringConfigurationRequest method.
+//	req, resp := client.PutBucketIntelligentTieringConfigurationRequest(params)
+//
+//	err := req.Send()
+//	if err == nil { // resp is now filled
+//	    fmt.Println(resp)
+//	}
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketIntelligentTieringConfiguration
+func (c *S3) PutBucketIntelligentTieringConfigurationRequest(input *PutBucketIntelligentTieringConfigurationInput) (req *request.Request, output *PutBucketIntelligentTieringConfigurationOutput) {
+	op := &request.Operation{
+		Name:       opPutBucketIntelligentTieringConfiguration,
+		HTTPMethod: "PUT",
+		HTTPPath:   "/{Bucket}?intelligent-tiering",
+	}
+
+	if input == nil {
+		input = &PutBucketIntelligentTieringConfigurationInput{}
+	}
+
+	output = &PutBucketIntelligentTieringConfigurationOutput{}
+	req = c.newRequest(op, input, output)
+	req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
+	return
+}
+
+// PutBucketIntelligentTieringConfiguration API operation for Amazon Simple Storage Service.
+//
+// Puts a S3 Intelligent-Tiering configuration to the specified bucket. You
+// can have up to 1,000 S3 Intelligent-Tiering configurations per bucket.
+//
+// The S3 Intelligent-Tiering storage class is designed to optimize storage
+// costs by automatically moving data to the most cost-effective storage access
+// tier, without performance impact or operational overhead. S3 Intelligent-Tiering
+// delivers automatic cost savings in three low latency and high throughput
+// access tiers. To get the lowest storage cost on data that can be accessed
+// in minutes to hours, you can choose to activate additional archiving capabilities.
+//
+// The S3 Intelligent-Tiering storage class is the ideal storage class for data
+// with unknown, changing, or unpredictable access patterns, independent of
+// object size or retention period. If the size of an object is less than 128
+// KB, it is not monitored and not eligible for auto-tiering. Smaller objects
+// can be stored, but they are always charged at the Frequent Access tier rates
+// in the S3 Intelligent-Tiering storage class.
+//
+// For more information, see Storage class for automatically optimizing frequently
+// and infrequently accessed objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html#sc-dynamic-data-access).
+//
+// Operations related to PutBucketIntelligentTieringConfiguration include:
+//
+//   - DeleteBucketIntelligentTieringConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketIntelligentTieringConfiguration.html)
+//
+//   - GetBucketIntelligentTieringConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketIntelligentTieringConfiguration.html)
+//
+//   - ListBucketIntelligentTieringConfigurations (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketIntelligentTieringConfigurations.html)
+//
+// You only need S3 Intelligent-Tiering enabled on a bucket if you want to automatically
+// move objects stored in the S3 Intelligent-Tiering storage class to the Archive
+// Access or Deep Archive Access tier.
+//
+// PutBucketIntelligentTieringConfiguration has the following special errors:
+//
+// # HTTP 400 Bad Request Error
+//
+// Code: InvalidArgument
+//
+// Cause: Invalid Argument
+//
+// # HTTP 400 Bad Request Error
+//
+// Code: TooManyConfigurations
+//
+// Cause: You are attempting to create a new configuration but have already
+// reached the 1,000-configuration limit.
+//
+// # HTTP 403 Forbidden Error
+//
+// Cause: You are not the owner of the specified bucket, or you do not have
+// the s3:PutIntelligentTieringConfiguration bucket permission to set the configuration
+// on the bucket.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Simple Storage Service's
+// API operation PutBucketIntelligentTieringConfiguration for usage and error information.
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketIntelligentTieringConfiguration
+func (c *S3) PutBucketIntelligentTieringConfiguration(input *PutBucketIntelligentTieringConfigurationInput) (*PutBucketIntelligentTieringConfigurationOutput, error) {
+	req, out := c.PutBucketIntelligentTieringConfigurationRequest(input)
+	return out, req.Send()
+}
+
+// PutBucketIntelligentTieringConfigurationWithContext is the same as PutBucketIntelligentTieringConfiguration with the addition of
+// the ability to pass a context and additional request options.
+//
+// See PutBucketIntelligentTieringConfiguration for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *S3) PutBucketIntelligentTieringConfigurationWithContext(ctx aws.Context, input *PutBucketIntelligentTieringConfigurationInput, opts ...request.Option) (*PutBucketIntelligentTieringConfigurationOutput, error) {
+	req, out := c.PutBucketIntelligentTieringConfigurationRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+const opPutBucketInventoryConfiguration = "PutBucketInventoryConfiguration"
+
+// PutBucketInventoryConfigurationRequest generates a "aws/request.Request" representing the
+// client's request for the PutBucketInventoryConfiguration operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See PutBucketInventoryConfiguration for more information on using the PutBucketInventoryConfiguration
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//	// Example sending a request using the PutBucketInventoryConfigurationRequest method.
+//	req, resp := client.PutBucketInventoryConfigurationRequest(params)
+//
+//	err := req.Send()
+//	if err == nil { // resp is now filled
+//	    fmt.Println(resp)
+//	}
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketInventoryConfiguration
+func (c *S3) PutBucketInventoryConfigurationRequest(input *PutBucketInventoryConfigurationInput) (req *request.Request, output *PutBucketInventoryConfigurationOutput) {
+	op := &request.Operation{
+		Name:       opPutBucketInventoryConfiguration,
+		HTTPMethod: "PUT",
+		HTTPPath:   "/{Bucket}?inventory",
+	}
+
+	if input == nil {
+		input = &PutBucketInventoryConfigurationInput{}
+	}
+
+	output = &PutBucketInventoryConfigurationOutput{}
+	req = c.newRequest(op, input, output)
+	req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
+	return
+}
+
+// PutBucketInventoryConfiguration API operation for Amazon Simple Storage Service.
+//
+// This implementation of the PUT action adds an inventory configuration (identified
+// by the inventory ID) to the bucket. You can have up to 1,000 inventory configurations
+// per bucket.
+//
+// Amazon S3 inventory generates inventories of the objects in the bucket on
+// a daily or weekly basis, and the results are published to a flat file. The
+// bucket that is inventoried is called the source bucket, and the bucket where
+// the inventory flat file is stored is called the destination bucket. The destination
+// bucket must be in the same Amazon Web Services Region as the source bucket.
+//
+// When you configure an inventory for a source bucket, you specify the destination
+// bucket where you want the inventory to be stored, and whether to generate
+// the inventory daily or weekly. You can also configure what object metadata
+// to include and whether to inventory all object versions or only current versions.
+// For more information, see Amazon S3 Inventory (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-inventory.html)
+// in the Amazon S3 User Guide.
+//
+// You must create a bucket policy on the destination bucket to grant permissions
+// to Amazon S3 to write objects to the bucket in the defined location. For
+// an example policy, see Granting Permissions for Amazon S3 Inventory and Storage
+// Class Analysis (https://docs.aws.amazon.com/AmazonS3/latest/dev/example-bucket-policies.html#example-bucket-policies-use-case-9).
+//
+// # Permissions
+//
+// To use this operation, you must have permission to perform the s3:PutInventoryConfiguration
+// action. The bucket owner has this permission by default and can grant this
+// permission to others.
+//
+// The s3:PutInventoryConfiguration permission allows a user to create an S3
+// Inventory (https://docs.aws.amazon.com/AmazonS3/latest/userguide/storage-inventory.html)
+// report that includes all object metadata fields available and to specify
+// the destination bucket to store the inventory. A user with read access to
+// objects in the destination bucket can also access all object metadata fields
+// that are available in the inventory report.
+//
+// To restrict access to an inventory report, see Restricting access to an Amazon
+// S3 Inventory report (https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-bucket-policies.html#example-bucket-policies-use-case-10)
+// in the Amazon S3 User Guide. For more information about the metadata fields
+// available in S3 Inventory, see Amazon S3 Inventory lists (https://docs.aws.amazon.com/AmazonS3/latest/userguide/storage-inventory.html#storage-inventory-contents)
+// in the Amazon S3 User Guide. For more information about permissions, see
+// Permissions related to bucket subresource operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
+// and Identity and access management in Amazon S3 (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html)
+// in the Amazon S3 User Guide.
+//
+// PutBucketInventoryConfiguration has the following special errors:
+//
+// # HTTP 400 Bad Request Error
+//
+// Code: InvalidArgument
+//
+// Cause: Invalid Argument
+//
+// # HTTP 400 Bad Request Error
+//
+// Code: TooManyConfigurations
+//
+// Cause: You are attempting to create a new configuration but have already
+// reached the 1,000-configuration limit.
+//
+// # HTTP 403 Forbidden Error
+//
+// Cause: You are not the owner of the specified bucket, or you do not have
+// the s3:PutInventoryConfiguration bucket permission to set the configuration
+// on the bucket.
+//
+// The following operations are related to PutBucketInventoryConfiguration:
+//
+//   - GetBucketInventoryConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketInventoryConfiguration.html)
+//
+//   - DeleteBucketInventoryConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketInventoryConfiguration.html)
+//
+//   - ListBucketInventoryConfigurations (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketInventoryConfigurations.html)
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Simple Storage Service's
+// API operation PutBucketInventoryConfiguration for usage and error information.
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketInventoryConfiguration
+func (c *S3) PutBucketInventoryConfiguration(input *PutBucketInventoryConfigurationInput) (*PutBucketInventoryConfigurationOutput, error) {
+	req, out := c.PutBucketInventoryConfigurationRequest(input)
+	return out, req.Send()
+}
+
+// PutBucketInventoryConfigurationWithContext is the same as PutBucketInventoryConfiguration with the addition of
+// the ability to pass a context and additional request options.
+//
+// See PutBucketInventoryConfiguration for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *S3) PutBucketInventoryConfigurationWithContext(ctx aws.Context, input *PutBucketInventoryConfigurationInput, opts ...request.Option) (*PutBucketInventoryConfigurationOutput, error) {
+	req, out := c.PutBucketInventoryConfigurationRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+const opPutBucketLifecycle = "PutBucketLifecycle"
+
+// PutBucketLifecycleRequest generates a "aws/request.Request" representing the
+// client's request for the PutBucketLifecycle operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See PutBucketLifecycle for more information on using the PutBucketLifecycle
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//	// Example sending a request using the PutBucketLifecycleRequest method.
+//	req, resp := client.PutBucketLifecycleRequest(params)
+//
+//	err := req.Send()
+//	if err == nil { // resp is now filled
+//	    fmt.Println(resp)
+//	}
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketLifecycle
+//
+// Deprecated: PutBucketLifecycle has been deprecated
+func (c *S3) PutBucketLifecycleRequest(input *PutBucketLifecycleInput) (req *request.Request, output *PutBucketLifecycleOutput) {
+	if c.Client.Config.Logger != nil {
+		c.Client.Config.Logger.Log("This operation, PutBucketLifecycle, has been deprecated")
+	}
+	op := &request.Operation{
+		Name:       opPutBucketLifecycle,
+		HTTPMethod: "PUT",
+		HTTPPath:   "/{Bucket}?lifecycle",
+	}
+
+	if input == nil {
+		input = &PutBucketLifecycleInput{}
+	}
+
+	output = &PutBucketLifecycleOutput{}
+	req = c.newRequest(op, input, output)
+	req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
+	req.Handlers.Build.PushBackNamed(request.NamedHandler{
+		Name: "contentMd5Handler",
+		Fn:   checksum.AddBodyContentMD5Handler,
+	})
+	return
+}
+
+// PutBucketLifecycle API operation for Amazon Simple Storage Service.
+//
+// For an updated version of this API, see PutBucketLifecycleConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycleConfiguration.html).
+// This version has been deprecated. Existing lifecycle configurations will
+// work. For new lifecycle configurations, use the updated API.
+//
+// Creates a new lifecycle configuration for the bucket or replaces an existing
+// lifecycle configuration. For information about lifecycle configuration, see
+// Object Lifecycle Management (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html)
+// in the Amazon S3 User Guide.
+//
+// By default, all Amazon S3 resources, including buckets, objects, and related
+// subresources (for example, lifecycle configuration and website configuration)
+// are private. Only the resource owner, the Amazon Web Services account that
+// created the resource, can access it. The resource owner can optionally grant
+// access permissions to others by writing an access policy. For this operation,
+// users must get the s3:PutLifecycleConfiguration permission.
+//
+// You can also explicitly deny permissions. Explicit denial also supersedes
+// any other permissions. If you want to prevent users or accounts from removing
+// or deleting objects from your bucket, you must deny them permissions for
+// the following actions:
+//
+//   - s3:DeleteObject
+//
+//   - s3:DeleteObjectVersion
+//
+//   - s3:PutLifecycleConfiguration
+//
+// For more information about permissions, see Managing Access Permissions to
+// your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html)
+// in the Amazon S3 User Guide.
+//
+// For more examples of transitioning objects to storage classes such as STANDARD_IA
+// or ONEZONE_IA, see Examples of Lifecycle Configuration (https://docs.aws.amazon.com/AmazonS3/latest/dev/intro-lifecycle-rules.html#lifecycle-configuration-examples).
+//
+// The following operations are related to PutBucketLifecycle:
+//
+//   - GetBucketLifecycle (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketLifecycle.html)(Deprecated)
+//
+//   - GetBucketLifecycleConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketLifecycleConfiguration.html)
+//
+//   - RestoreObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_RestoreObject.html)
+//
+//   - By default, a resource owner—in this case, a bucket owner, which is
+//     the Amazon Web Services account that created the bucket—can perform
+//     any of the operations. A resource owner can also grant others permission
+//     to perform the operation. For more information, see the following topics
+//     in the Amazon S3 User Guide: Specifying Permissions in a Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html)
+//     Managing Access Permissions to your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html)
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Simple Storage Service's
+// API operation PutBucketLifecycle for usage and error information.
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketLifecycle
+//
+// Deprecated: PutBucketLifecycle has been deprecated
+func (c *S3) PutBucketLifecycle(input *PutBucketLifecycleInput) (*PutBucketLifecycleOutput, error) {
+	req, out := c.PutBucketLifecycleRequest(input)
+	return out, req.Send()
+}
+
+// PutBucketLifecycleWithContext is the same as PutBucketLifecycle with the addition of
+// the ability to pass a context and additional request options.
+//
+// See PutBucketLifecycle for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+//
+// Deprecated: PutBucketLifecycleWithContext has been deprecated
+func (c *S3) PutBucketLifecycleWithContext(ctx aws.Context, input *PutBucketLifecycleInput, opts ...request.Option) (*PutBucketLifecycleOutput, error) {
+	req, out := c.PutBucketLifecycleRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+const opPutBucketLifecycleConfiguration = "PutBucketLifecycleConfiguration"
+
+// PutBucketLifecycleConfigurationRequest generates a "aws/request.Request" representing the
+// client's request for the PutBucketLifecycleConfiguration operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See PutBucketLifecycleConfiguration for more information on using the PutBucketLifecycleConfiguration
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//	// Example sending a request using the PutBucketLifecycleConfigurationRequest method.
+//	req, resp := client.PutBucketLifecycleConfigurationRequest(params)
+//
+//	err := req.Send()
+//	if err == nil { // resp is now filled
+//	    fmt.Println(resp)
+//	}
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketLifecycleConfiguration
+func (c *S3) PutBucketLifecycleConfigurationRequest(input *PutBucketLifecycleConfigurationInput) (req *request.Request, output *PutBucketLifecycleConfigurationOutput) {
+	op := &request.Operation{
+		Name:       opPutBucketLifecycleConfiguration,
+		HTTPMethod: "PUT",
+		HTTPPath:   "/{Bucket}?lifecycle",
+	}
+
+	if input == nil {
+		input = &PutBucketLifecycleConfigurationInput{}
+	}
+
+	output = &PutBucketLifecycleConfigurationOutput{}
+	req = c.newRequest(op, input, output)
+	req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
+	req.Handlers.Build.PushBackNamed(request.NamedHandler{
+		Name: "contentMd5Handler",
+		Fn:   checksum.AddBodyContentMD5Handler,
+	})
+	return
+}
+
+// PutBucketLifecycleConfiguration API operation for Amazon Simple Storage Service.
+//
+// Creates a new lifecycle configuration for the bucket or replaces an existing
+// lifecycle configuration. Keep in mind that this will overwrite an existing
+// lifecycle configuration, so if you want to retain any configuration details,
+// they must be included in the new lifecycle configuration. For information
+// about lifecycle configuration, see Managing your storage lifecycle (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lifecycle-mgmt.html).
+//
+// Bucket lifecycle configuration now supports specifying a lifecycle rule using
+// an object key name prefix, one or more object tags, or a combination of both.
+// Accordingly, this section describes the latest API. The previous version
+// of the API supported filtering based only on an object key name prefix, which
+// is supported for backward compatibility. For the related API description,
+// see PutBucketLifecycle (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycle.html).
+//
+// # Rules
+//
+// You specify the lifecycle configuration in your request body. The lifecycle
+// configuration is specified as XML consisting of one or more rules. An Amazon
+// S3 Lifecycle configuration can have up to 1,000 rules. This limit is not
+// adjustable. Each rule consists of the following:
+//
+//   - A filter identifying a subset of objects to which the rule applies.
+//     The filter can be based on a key name prefix, object tags, or a combination
+//     of both.
+//
+//   - A status indicating whether the rule is in effect.
+//
+//   - One or more lifecycle transition and expiration actions that you want
+//     Amazon S3 to perform on the objects identified by the filter. If the state
+//     of your bucket is versioning-enabled or versioning-suspended, you can
+//     have many versions of the same object (one current version and zero or
+//     more noncurrent versions). Amazon S3 provides predefined actions that
+//     you can specify for current and noncurrent object versions.
+//
+// For more information, see Object Lifecycle Management (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html)
+// and Lifecycle Configuration Elements (https://docs.aws.amazon.com/AmazonS3/latest/dev/intro-lifecycle-rules.html).
+//
+// # Permissions
+//
+// By default, all Amazon S3 resources are private, including buckets, objects,
+// and related subresources (for example, lifecycle configuration and website
+// configuration). Only the resource owner (that is, the Amazon Web Services
+// account that created it) can access the resource. The resource owner can
+// optionally grant access permissions to others by writing an access policy.
+// For this operation, a user must get the s3:PutLifecycleConfiguration permission.
+//
+// You can also explicitly deny permissions. An explicit deny also supersedes
+// any other permissions. If you want to block users or accounts from removing
+// or deleting objects from your bucket, you must deny them permissions for
+// the following actions:
+//
+//   - s3:DeleteObject
+//
+//   - s3:DeleteObjectVersion
+//
+//   - s3:PutLifecycleConfiguration
+//
+// For more information about permissions, see Managing Access Permissions to
+// Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html).
+//
+// The following operations are related to PutBucketLifecycleConfiguration:
+//
+//   - Examples of Lifecycle Configuration (https://docs.aws.amazon.com/AmazonS3/latest/dev/lifecycle-configuration-examples.html)
+//
+//   - GetBucketLifecycleConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketLifecycleConfiguration.html)
+//
+//   - DeleteBucketLifecycle (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketLifecycle.html)
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Simple Storage Service's
+// API operation PutBucketLifecycleConfiguration for usage and error information.
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketLifecycleConfiguration
+func (c *S3) PutBucketLifecycleConfiguration(input *PutBucketLifecycleConfigurationInput) (*PutBucketLifecycleConfigurationOutput, error) {
+	req, out := c.PutBucketLifecycleConfigurationRequest(input)
+	return out, req.Send()
+}
+
+// PutBucketLifecycleConfigurationWithContext is the same as PutBucketLifecycleConfiguration with the addition of
+// the ability to pass a context and additional request options.
+//
+// See PutBucketLifecycleConfiguration for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *S3) PutBucketLifecycleConfigurationWithContext(ctx aws.Context, input *PutBucketLifecycleConfigurationInput, opts ...request.Option) (*PutBucketLifecycleConfigurationOutput, error) {
+	req, out := c.PutBucketLifecycleConfigurationRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+const opPutBucketLogging = "PutBucketLogging"
+
+// PutBucketLoggingRequest generates a "aws/request.Request" representing the
+// client's request for the PutBucketLogging operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See PutBucketLogging for more information on using the PutBucketLogging
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//	// Example sending a request using the PutBucketLoggingRequest method.
+//	req, resp := client.PutBucketLoggingRequest(params)
+//
+//	err := req.Send()
+//	if err == nil { // resp is now filled
+//	    fmt.Println(resp)
+//	}
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketLogging
+func (c *S3) PutBucketLoggingRequest(input *PutBucketLoggingInput) (req *request.Request, output *PutBucketLoggingOutput) {
+	op := &request.Operation{
+		Name:       opPutBucketLogging,
+		HTTPMethod: "PUT",
+		HTTPPath:   "/{Bucket}?logging",
+	}
+
+	if input == nil {
+		input = &PutBucketLoggingInput{}
+	}
+
+	output = &PutBucketLoggingOutput{}
+	req = c.newRequest(op, input, output)
+	req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
+	req.Handlers.Build.PushBackNamed(request.NamedHandler{
+		Name: "contentMd5Handler",
+		Fn:   checksum.AddBodyContentMD5Handler,
+	})
+	return
+}
+
+// PutBucketLogging API operation for Amazon Simple Storage Service.
+//
+// Set the logging parameters for a bucket and to specify permissions for who
+// can view and modify the logging parameters. All logs are saved to buckets
+// in the same Amazon Web Services Region as the source bucket. To set the logging
+// status of a bucket, you must be the bucket owner.
+//
+// The bucket owner is automatically granted FULL_CONTROL to all logs. You use
+// the Grantee request element to grant access to other people. The Permissions
+// request element specifies the kind of access the grantee has to the logs.
+//
+// If the target bucket for log delivery uses the bucket owner enforced setting
+// for S3 Object Ownership, you can't use the Grantee request element to grant
+// access to others. Permissions can only be granted using policies. For more
+// information, see Permissions for server access log delivery (https://docs.aws.amazon.com/AmazonS3/latest/userguide/enable-server-access-logging.html#grant-log-delivery-permissions-general)
+// in the Amazon S3 User Guide.
+//
+// # Grantee Values
+//
+// You can specify the person (grantee) to whom you're assigning access rights
+// (by using request elements) in the following ways:
+//
+//   - By the person's ID: <Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+//     xsi:type="CanonicalUser"><ID><>ID<></ID><DisplayName><>GranteesEmail<></DisplayName>
+//     </Grantee> DisplayName is optional and ignored in the request.
+//
+//   - By Email address: <Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+//     xsi:type="AmazonCustomerByEmail"><EmailAddress><>Grantees@email.com<></EmailAddress></Grantee>
+//     The grantee is resolved to the CanonicalUser and, in a response to a GETObjectAcl
+//     request, appears as the CanonicalUser.
+//
+//   - By URI: <Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+//     xsi:type="Group"><URI><>http://acs.amazonaws.com/groups/global/AuthenticatedUsers<></URI></Grantee>
+//
+// To enable logging, you use LoggingEnabled and its children request elements.
+// To disable logging, you use an empty BucketLoggingStatus request element:
+//
+// <BucketLoggingStatus xmlns="http://doc.s3.amazonaws.com/2006-03-01" />
+//
+// For more information about server access logging, see Server Access Logging
+// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/ServerLogs.html) in
+// the Amazon S3 User Guide.
+//
+// For more information about creating a bucket, see CreateBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html).
+// For more information about returning the logging status of a bucket, see
+// GetBucketLogging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketLogging.html).
+//
+// The following operations are related to PutBucketLogging:
+//
+//   - PutObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html)
+//
+//   - DeleteBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucket.html)
+//
+//   - CreateBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html)
+//
+//   - GetBucketLogging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketLogging.html)
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Simple Storage Service's
+// API operation PutBucketLogging for usage and error information.
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketLogging
+func (c *S3) PutBucketLogging(input *PutBucketLoggingInput) (*PutBucketLoggingOutput, error) {
+	req, out := c.PutBucketLoggingRequest(input)
+	return out, req.Send()
+}
+
+// PutBucketLoggingWithContext is the same as PutBucketLogging with the addition of
+// the ability to pass a context and additional request options.
+//
+// See PutBucketLogging for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *S3) PutBucketLoggingWithContext(ctx aws.Context, input *PutBucketLoggingInput, opts ...request.Option) (*PutBucketLoggingOutput, error) {
+	req, out := c.PutBucketLoggingRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+const opPutBucketMetricsConfiguration = "PutBucketMetricsConfiguration"
+
+// PutBucketMetricsConfigurationRequest generates a "aws/request.Request" representing the
+// client's request for the PutBucketMetricsConfiguration operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See PutBucketMetricsConfiguration for more information on using the PutBucketMetricsConfiguration
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//	// Example sending a request using the PutBucketMetricsConfigurationRequest method.
+//	req, resp := client.PutBucketMetricsConfigurationRequest(params)
+//
+//	err := req.Send()
+//	if err == nil { // resp is now filled
+//	    fmt.Println(resp)
+//	}
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketMetricsConfiguration
+func (c *S3) PutBucketMetricsConfigurationRequest(input *PutBucketMetricsConfigurationInput) (req *request.Request, output *PutBucketMetricsConfigurationOutput) {
+	op := &request.Operation{
+		Name:       opPutBucketMetricsConfiguration,
+		HTTPMethod: "PUT",
+		HTTPPath:   "/{Bucket}?metrics",
+	}
+
+	if input == nil {
+		input = &PutBucketMetricsConfigurationInput{}
+	}
+
+	output = &PutBucketMetricsConfigurationOutput{}
+	req = c.newRequest(op, input, output)
+	req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
+	return
+}
+
+// PutBucketMetricsConfiguration API operation for Amazon Simple Storage Service.
+//
+// Sets a metrics configuration (specified by the metrics configuration ID)
+// for the bucket. You can have up to 1,000 metrics configurations per bucket.
+// If you're updating an existing metrics configuration, note that this is a
+// full replacement of the existing metrics configuration. If you don't include
+// the elements you want to keep, they are erased.
+//
+// To use this operation, you must have permissions to perform the s3:PutMetricsConfiguration
+// action. The bucket owner has this permission by default. The bucket owner
+// can grant this permission to others. For more information about permissions,
+// see Permissions Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
+// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html).
+//
+// For information about CloudWatch request metrics for Amazon S3, see Monitoring
+// Metrics with Amazon CloudWatch (https://docs.aws.amazon.com/AmazonS3/latest/dev/cloudwatch-monitoring.html).
+//
+// The following operations are related to PutBucketMetricsConfiguration:
+//
+//   - DeleteBucketMetricsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketMetricsConfiguration.html)
+//
+//   - GetBucketMetricsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketMetricsConfiguration.html)
+//
+//   - ListBucketMetricsConfigurations (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketMetricsConfigurations.html)
+//
+// PutBucketMetricsConfiguration has the following special error:
+//
+//   - Error code: TooManyConfigurations Description: You are attempting to
+//     create a new configuration but have already reached the 1,000-configuration
+//     limit. HTTP Status Code: HTTP 400 Bad Request
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Simple Storage Service's
+// API operation PutBucketMetricsConfiguration for usage and error information.
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketMetricsConfiguration
+func (c *S3) PutBucketMetricsConfiguration(input *PutBucketMetricsConfigurationInput) (*PutBucketMetricsConfigurationOutput, error) {
+	req, out := c.PutBucketMetricsConfigurationRequest(input)
+	return out, req.Send()
+}
+
+// PutBucketMetricsConfigurationWithContext is the same as PutBucketMetricsConfiguration with the addition of
+// the ability to pass a context and additional request options.
+//
+// See PutBucketMetricsConfiguration for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *S3) PutBucketMetricsConfigurationWithContext(ctx aws.Context, input *PutBucketMetricsConfigurationInput, opts ...request.Option) (*PutBucketMetricsConfigurationOutput, error) {
+	req, out := c.PutBucketMetricsConfigurationRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+const opPutBucketNotification = "PutBucketNotification"
+
+// PutBucketNotificationRequest generates a "aws/request.Request" representing the
+// client's request for the PutBucketNotification operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See PutBucketNotification for more information on using the PutBucketNotification
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//	// Example sending a request using the PutBucketNotificationRequest method.
+//	req, resp := client.PutBucketNotificationRequest(params)
+//
+//	err := req.Send()
+//	if err == nil { // resp is now filled
+//	    fmt.Println(resp)
+//	}
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketNotification
+//
+// Deprecated: PutBucketNotification has been deprecated
+func (c *S3) PutBucketNotificationRequest(input *PutBucketNotificationInput) (req *request.Request, output *PutBucketNotificationOutput) {
+	if c.Client.Config.Logger != nil {
+		c.Client.Config.Logger.Log("This operation, PutBucketNotification, has been deprecated")
+	}
+	op := &request.Operation{
+		Name:       opPutBucketNotification,
+		HTTPMethod: "PUT",
+		HTTPPath:   "/{Bucket}?notification",
+	}
+
+	if input == nil {
+		input = &PutBucketNotificationInput{}
+	}
+
+	output = &PutBucketNotificationOutput{}
+	req = c.newRequest(op, input, output)
+	req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
+	req.Handlers.Build.PushBackNamed(request.NamedHandler{
+		Name: "contentMd5Handler",
+		Fn:   checksum.AddBodyContentMD5Handler,
+	})
+	return
+}
+
+// PutBucketNotification API operation for Amazon Simple Storage Service.
+//
+// No longer used, see the PutBucketNotificationConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketNotificationConfiguration.html)
+// operation.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Simple Storage Service's
+// API operation PutBucketNotification for usage and error information.
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketNotification
+//
+// Deprecated: PutBucketNotification has been deprecated
+func (c *S3) PutBucketNotification(input *PutBucketNotificationInput) (*PutBucketNotificationOutput, error) {
+	req, out := c.PutBucketNotificationRequest(input)
+	return out, req.Send()
+}
+
+// PutBucketNotificationWithContext is the same as PutBucketNotification with the addition of
+// the ability to pass a context and additional request options.
+//
+// See PutBucketNotification for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+//
+// Deprecated: PutBucketNotificationWithContext has been deprecated
+func (c *S3) PutBucketNotificationWithContext(ctx aws.Context, input *PutBucketNotificationInput, opts ...request.Option) (*PutBucketNotificationOutput, error) {
+	req, out := c.PutBucketNotificationRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+const opPutBucketNotificationConfiguration = "PutBucketNotificationConfiguration"
+
+// PutBucketNotificationConfigurationRequest generates a "aws/request.Request" representing the
+// client's request for the PutBucketNotificationConfiguration operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See PutBucketNotificationConfiguration for more information on using the PutBucketNotificationConfiguration
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//	// Example sending a request using the PutBucketNotificationConfigurationRequest method.
+//	req, resp := client.PutBucketNotificationConfigurationRequest(params)
+//
+//	err := req.Send()
+//	if err == nil { // resp is now filled
+//	    fmt.Println(resp)
+//	}
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketNotificationConfiguration
+func (c *S3) PutBucketNotificationConfigurationRequest(input *PutBucketNotificationConfigurationInput) (req *request.Request, output *PutBucketNotificationConfigurationOutput) {
+	op := &request.Operation{
+		Name:       opPutBucketNotificationConfiguration,
+		HTTPMethod: "PUT",
+		HTTPPath:   "/{Bucket}?notification",
+	}
+
+	if input == nil {
+		input = &PutBucketNotificationConfigurationInput{}
+	}
+
+	output = &PutBucketNotificationConfigurationOutput{}
+	req = c.newRequest(op, input, output)
+	req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
+	return
+}
+
+// PutBucketNotificationConfiguration API operation for Amazon Simple Storage Service.
+//
+// Enables notifications of specified events for a bucket. For more information
+// about event notifications, see Configuring Event Notifications (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html).
+//
+// Using this API, you can replace an existing notification configuration. The
+// configuration is an XML file that defines the event types that you want Amazon
+// S3 to publish and the destination where you want Amazon S3 to publish an
+// event notification when it detects an event of the specified type.
+//
+// By default, your bucket has no event notifications configured. That is, the
+// notification configuration will be an empty NotificationConfiguration.
+//
+// <NotificationConfiguration>
+//
+// </NotificationConfiguration>
+//
+// This action replaces the existing notification configuration with the configuration
+// you include in the request body.
+//
+// After Amazon S3 receives this request, it first verifies that any Amazon
+// Simple Notification Service (Amazon SNS) or Amazon Simple Queue Service (Amazon
+// SQS) destination exists, and that the bucket owner has permission to publish
+// to it by sending a test notification. In the case of Lambda destinations,
+// Amazon S3 verifies that the Lambda function permissions grant Amazon S3 permission
+// to invoke the function from the Amazon S3 bucket. For more information, see
+// Configuring Notifications for Amazon S3 Events (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html).
+//
+// You can disable notifications by adding the empty NotificationConfiguration
+// element.
+//
+// For more information about the number of event notification configurations
+// that you can create per bucket, see Amazon S3 service quotas (https://docs.aws.amazon.com/general/latest/gr/s3.html#limits_s3)
+// in Amazon Web Services General Reference.
+//
+// By default, only the bucket owner can configure notifications on a bucket.
+// However, bucket owners can use a bucket policy to grant permission to other
+// users to set this configuration with the required s3:PutBucketNotification
+// permission.
+//
+// The PUT notification is an atomic operation. For example, suppose your notification
+// configuration includes SNS topic, SQS queue, and Lambda function configurations.
+// When you send a PUT request with this configuration, Amazon S3 sends test
+// messages to your SNS topic. If the message fails, the entire PUT action will
+// fail, and Amazon S3 will not add the configuration to your bucket.
+//
+// If the configuration in the request body includes only one TopicConfiguration
+// specifying only the s3:ReducedRedundancyLostObject event type, the response
+// will also include the x-amz-sns-test-message-id header containing the message
+// ID of the test notification sent to the topic.
+//
+// The following action is related to PutBucketNotificationConfiguration:
+//
+//   - GetBucketNotificationConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketNotificationConfiguration.html)
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Simple Storage Service's
+// API operation PutBucketNotificationConfiguration for usage and error information.
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketNotificationConfiguration
+func (c *S3) PutBucketNotificationConfiguration(input *PutBucketNotificationConfigurationInput) (*PutBucketNotificationConfigurationOutput, error) {
+	req, out := c.PutBucketNotificationConfigurationRequest(input)
+	return out, req.Send()
+}
+
+// PutBucketNotificationConfigurationWithContext is the same as PutBucketNotificationConfiguration with the addition of
+// the ability to pass a context and additional request options.
+//
+// See PutBucketNotificationConfiguration for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *S3) PutBucketNotificationConfigurationWithContext(ctx aws.Context, input *PutBucketNotificationConfigurationInput, opts ...request.Option) (*PutBucketNotificationConfigurationOutput, error) {
+	req, out := c.PutBucketNotificationConfigurationRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+const opPutBucketOwnershipControls = "PutBucketOwnershipControls"
+
+// PutBucketOwnershipControlsRequest generates a "aws/request.Request" representing the
+// client's request for the PutBucketOwnershipControls operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See PutBucketOwnershipControls for more information on using the PutBucketOwnershipControls
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//	// Example sending a request using the PutBucketOwnershipControlsRequest method.
+//	req, resp := client.PutBucketOwnershipControlsRequest(params)
+//
+//	err := req.Send()
+//	if err == nil { // resp is now filled
+//	    fmt.Println(resp)
+//	}
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketOwnershipControls
+func (c *S3) PutBucketOwnershipControlsRequest(input *PutBucketOwnershipControlsInput) (req *request.Request, output *PutBucketOwnershipControlsOutput) {
+	op := &request.Operation{
+		Name:       opPutBucketOwnershipControls,
+		HTTPMethod: "PUT",
+		HTTPPath:   "/{Bucket}?ownershipControls",
+	}
+
+	if input == nil {
+		input = &PutBucketOwnershipControlsInput{}
+	}
+
+	output = &PutBucketOwnershipControlsOutput{}
+	req = c.newRequest(op, input, output)
+	req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
+	req.Handlers.Build.PushBackNamed(request.NamedHandler{
+		Name: "contentMd5Handler",
+		Fn:   checksum.AddBodyContentMD5Handler,
+	})
+	return
+}
+
+// PutBucketOwnershipControls API operation for Amazon Simple Storage Service.
+//
+// Creates or modifies OwnershipControls for an Amazon S3 bucket. To use this
+// operation, you must have the s3:PutBucketOwnershipControls permission. For
+// more information about Amazon S3 permissions, see Specifying permissions
+// in a policy (https://docs.aws.amazon.com/AmazonS3/latest/user-guide/using-with-s3-actions.html).
+//
+// For information about Amazon S3 Object Ownership, see Using object ownership
+// (https://docs.aws.amazon.com/AmazonS3/latest/user-guide/about-object-ownership.html).
+//
+// The following operations are related to PutBucketOwnershipControls:
+//
+//   - GetBucketOwnershipControls
+//
+//   - DeleteBucketOwnershipControls
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Simple Storage Service's
+// API operation PutBucketOwnershipControls for usage and error information.
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketOwnershipControls
+func (c *S3) PutBucketOwnershipControls(input *PutBucketOwnershipControlsInput) (*PutBucketOwnershipControlsOutput, error) {
+	req, out := c.PutBucketOwnershipControlsRequest(input)
+	return out, req.Send()
+}
+
+// PutBucketOwnershipControlsWithContext is the same as PutBucketOwnershipControls with the addition of
+// the ability to pass a context and additional request options.
+//
+// See PutBucketOwnershipControls for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *S3) PutBucketOwnershipControlsWithContext(ctx aws.Context, input *PutBucketOwnershipControlsInput, opts ...request.Option) (*PutBucketOwnershipControlsOutput, error) {
+	req, out := c.PutBucketOwnershipControlsRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+const opPutBucketPolicy = "PutBucketPolicy"
+
+// PutBucketPolicyRequest generates a "aws/request.Request" representing the
+// client's request for the PutBucketPolicy operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See PutBucketPolicy for more information on using the PutBucketPolicy
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//	// Example sending a request using the PutBucketPolicyRequest method.
+//	req, resp := client.PutBucketPolicyRequest(params)
+//
+//	err := req.Send()
+//	if err == nil { // resp is now filled
+//	    fmt.Println(resp)
+//	}
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketPolicy
+func (c *S3) PutBucketPolicyRequest(input *PutBucketPolicyInput) (req *request.Request, output *PutBucketPolicyOutput) {
+	op := &request.Operation{
+		Name:       opPutBucketPolicy,
+		HTTPMethod: "PUT",
+		HTTPPath:   "/{Bucket}?policy",
+	}
+
+	if input == nil {
+		input = &PutBucketPolicyInput{}
+	}
+
+	output = &PutBucketPolicyOutput{}
+	req = c.newRequest(op, input, output)
+	req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
+	req.Handlers.Build.PushBackNamed(request.NamedHandler{
+		Name: "contentMd5Handler",
+		Fn:   checksum.AddBodyContentMD5Handler,
+	})
+	return
+}
+
+// PutBucketPolicy API operation for Amazon Simple Storage Service.
+//
+// Applies an Amazon S3 bucket policy to an Amazon S3 bucket. If you are using
+// an identity other than the root user of the Amazon Web Services account that
+// owns the bucket, the calling identity must have the PutBucketPolicy permissions
+// on the specified bucket and belong to the bucket owner's account in order
+// to use this operation.
+//
+// If you don't have PutBucketPolicy permissions, Amazon S3 returns a 403 Access
+// Denied error. If you have the correct permissions, but you're not using an
+// identity that belongs to the bucket owner's account, Amazon S3 returns a
+// 405 Method Not Allowed error.
+//
+// To ensure that bucket owners don't inadvertently lock themselves out of their
+// own buckets, the root principal in a bucket owner's Amazon Web Services account
+// can perform the GetBucketPolicy, PutBucketPolicy, and DeleteBucketPolicy
+// API actions, even if their bucket policy explicitly denies the root principal's
+// access. Bucket owner root principals can only be blocked from performing
+// these API actions by VPC endpoint policies and Amazon Web Services Organizations
+// policies.
+//
+// For more information, see Bucket policy examples (https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-bucket-policies.html).
+//
+// The following operations are related to PutBucketPolicy:
+//
+//   - CreateBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html)
+//
+//   - DeleteBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucket.html)
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Simple Storage Service's
+// API operation PutBucketPolicy for usage and error information.
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketPolicy
+func (c *S3) PutBucketPolicy(input *PutBucketPolicyInput) (*PutBucketPolicyOutput, error) {
+	req, out := c.PutBucketPolicyRequest(input)
+	return out, req.Send()
+}
+
+// PutBucketPolicyWithContext is the same as PutBucketPolicy with the addition of
+// the ability to pass a context and additional request options.
+//
+// See PutBucketPolicy for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *S3) PutBucketPolicyWithContext(ctx aws.Context, input *PutBucketPolicyInput, opts ...request.Option) (*PutBucketPolicyOutput, error) {
+	req, out := c.PutBucketPolicyRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+const opPutBucketReplication = "PutBucketReplication"
+
+// PutBucketReplicationRequest generates a "aws/request.Request" representing the
+// client's request for the PutBucketReplication operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See PutBucketReplication for more information on using the PutBucketReplication
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//	// Example sending a request using the PutBucketReplicationRequest method.
+//	req, resp := client.PutBucketReplicationRequest(params)
+//
+//	err := req.Send()
+//	if err == nil { // resp is now filled
+//	    fmt.Println(resp)
+//	}
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketReplication
+func (c *S3) PutBucketReplicationRequest(input *PutBucketReplicationInput) (req *request.Request, output *PutBucketReplicationOutput) {
+	op := &request.Operation{
+		Name:       opPutBucketReplication,
+		HTTPMethod: "PUT",
+		HTTPPath:   "/{Bucket}?replication",
+	}
+
+	if input == nil {
+		input = &PutBucketReplicationInput{}
+	}
+
+	output = &PutBucketReplicationOutput{}
+	req = c.newRequest(op, input, output)
+	req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
+	req.Handlers.Build.PushBackNamed(request.NamedHandler{
+		Name: "contentMd5Handler",
+		Fn:   checksum.AddBodyContentMD5Handler,
+	})
+	return
+}
+
+// PutBucketReplication API operation for Amazon Simple Storage Service.
+//
+// Creates a replication configuration or replaces an existing one. For more
+// information, see Replication (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication.html)
+// in the Amazon S3 User Guide.
+//
+// Specify the replication configuration in the request body. In the replication
+// configuration, you provide the name of the destination bucket or buckets
+// where you want Amazon S3 to replicate objects, the IAM role that Amazon S3
+// can assume to replicate objects on your behalf, and other relevant information.
+//
+// A replication configuration must include at least one rule, and can contain
+// a maximum of 1,000. Each rule identifies a subset of objects to replicate
+// by filtering the objects in the source bucket. To choose additional subsets
+// of objects to replicate, add a rule for each subset.
+//
+// To specify a subset of the objects in the source bucket to apply a replication
+// rule to, add the Filter element as a child of the Rule element. You can filter
+// objects based on an object key prefix, one or more object tags, or both.
+// When you add the Filter element in the configuration, you must also add the
+// following elements: DeleteMarkerReplication, Status, and Priority.
+//
+// If you are using an earlier version of the replication configuration, Amazon
+// S3 handles replication of delete markers differently. For more information,
+// see Backward Compatibility (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-add-config.html#replication-backward-compat-considerations).
+//
+// For information about enabling versioning on a bucket, see Using Versioning
+// (https://docs.aws.amazon.com/AmazonS3/latest/dev/Versioning.html).
+//
+// # Handling Replication of Encrypted Objects
+//
+// By default, Amazon S3 doesn't replicate objects that are stored at rest using
+// server-side encryption with KMS keys. To replicate Amazon Web Services KMS-encrypted
+// objects, add the following: SourceSelectionCriteria, SseKmsEncryptedObjects,
+// Status, EncryptionConfiguration, and ReplicaKmsKeyID. For information about
+// replication configuration, see Replicating Objects Created with SSE Using
+// KMS keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-config-for-kms-objects.html).
+//
+// For information on PutBucketReplication errors, see List of replication-related
+// error codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ReplicationErrorCodeList)
+//
+// # Permissions
+//
+// To create a PutBucketReplication request, you must have s3:PutReplicationConfiguration
+// permissions for the bucket.
+//
+// By default, a resource owner, in this case the Amazon Web Services account
+// that created the bucket, can perform this operation. The resource owner can
+// also grant others permissions to perform the operation. For more information
+// about permissions, see Specifying Permissions in a Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html)
+// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html).
+//
+// To perform this operation, the user or role performing the action must have
+// the iam:PassRole (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_passrole.html)
+// permission.
+//
+// The following operations are related to PutBucketReplication:
+//
+//   - GetBucketReplication (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketReplication.html)
+//
+//   - DeleteBucketReplication (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketReplication.html)
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Simple Storage Service's
+// API operation PutBucketReplication for usage and error information.
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketReplication
+func (c *S3) PutBucketReplication(input *PutBucketReplicationInput) (*PutBucketReplicationOutput, error) {
+	req, out := c.PutBucketReplicationRequest(input)
+	return out, req.Send()
+}
+
+// PutBucketReplicationWithContext is the same as PutBucketReplication with the addition of
+// the ability to pass a context and additional request options.
+//
+// See PutBucketReplication for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *S3) PutBucketReplicationWithContext(ctx aws.Context, input *PutBucketReplicationInput, opts ...request.Option) (*PutBucketReplicationOutput, error) {
+	req, out := c.PutBucketReplicationRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+const opPutBucketRequestPayment = "PutBucketRequestPayment"
+
+// PutBucketRequestPaymentRequest generates a "aws/request.Request" representing the
+// client's request for the PutBucketRequestPayment operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See PutBucketRequestPayment for more information on using the PutBucketRequestPayment
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//	// Example sending a request using the PutBucketRequestPaymentRequest method.
+//	req, resp := client.PutBucketRequestPaymentRequest(params)
+//
+//	err := req.Send()
+//	if err == nil { // resp is now filled
+//	    fmt.Println(resp)
+//	}
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketRequestPayment
+func (c *S3) PutBucketRequestPaymentRequest(input *PutBucketRequestPaymentInput) (req *request.Request, output *PutBucketRequestPaymentOutput) {
+	op := &request.Operation{
+		Name:       opPutBucketRequestPayment,
+		HTTPMethod: "PUT",
+		HTTPPath:   "/{Bucket}?requestPayment",
+	}
+
+	if input == nil {
+		input = &PutBucketRequestPaymentInput{}
+	}
+
+	output = &PutBucketRequestPaymentOutput{}
+	req = c.newRequest(op, input, output)
+	req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
+	req.Handlers.Build.PushBackNamed(request.NamedHandler{
+		Name: "contentMd5Handler",
+		Fn:   checksum.AddBodyContentMD5Handler,
+	})
+	return
+}
+
+// PutBucketRequestPayment API operation for Amazon Simple Storage Service.
+//
+// Sets the request payment configuration for a bucket. By default, the bucket
+// owner pays for downloads from the bucket. This configuration parameter enables
+// the bucket owner (only) to specify that the person requesting the download
+// will be charged for the download. For more information, see Requester Pays
+// Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/RequesterPaysBuckets.html).
+//
+// The following operations are related to PutBucketRequestPayment:
+//
+//   - CreateBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html)
+//
+//   - GetBucketRequestPayment (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketRequestPayment.html)
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Simple Storage Service's
+// API operation PutBucketRequestPayment for usage and error information.
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketRequestPayment
+func (c *S3) PutBucketRequestPayment(input *PutBucketRequestPaymentInput) (*PutBucketRequestPaymentOutput, error) {
+	req, out := c.PutBucketRequestPaymentRequest(input)
+	return out, req.Send()
+}
+
+// PutBucketRequestPaymentWithContext is the same as PutBucketRequestPayment with the addition of
+// the ability to pass a context and additional request options.
+//
+// See PutBucketRequestPayment for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *S3) PutBucketRequestPaymentWithContext(ctx aws.Context, input *PutBucketRequestPaymentInput, opts ...request.Option) (*PutBucketRequestPaymentOutput, error) {
+	req, out := c.PutBucketRequestPaymentRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+const opPutBucketTagging = "PutBucketTagging"
+
+// PutBucketTaggingRequest generates a "aws/request.Request" representing the
+// client's request for the PutBucketTagging operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See PutBucketTagging for more information on using the PutBucketTagging
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//	// Example sending a request using the PutBucketTaggingRequest method.
+//	req, resp := client.PutBucketTaggingRequest(params)
+//
+//	err := req.Send()
+//	if err == nil { // resp is now filled
+//	    fmt.Println(resp)
+//	}
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketTagging
+func (c *S3) PutBucketTaggingRequest(input *PutBucketTaggingInput) (req *request.Request, output *PutBucketTaggingOutput) {
+	op := &request.Operation{
+		Name:       opPutBucketTagging,
+		HTTPMethod: "PUT",
+		HTTPPath:   "/{Bucket}?tagging",
+	}
+
+	if input == nil {
+		input = &PutBucketTaggingInput{}
+	}
+
+	output = &PutBucketTaggingOutput{}
+	req = c.newRequest(op, input, output)
+	req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
+	req.Handlers.Build.PushBackNamed(request.NamedHandler{
+		Name: "contentMd5Handler",
+		Fn:   checksum.AddBodyContentMD5Handler,
+	})
+	return
+}
+
+// PutBucketTagging API operation for Amazon Simple Storage Service.
+//
+// Sets the tags for a bucket.
+//
+// Use tags to organize your Amazon Web Services bill to reflect your own cost
+// structure. To do this, sign up to get your Amazon Web Services account bill
+// with tag key values included. Then, to see the cost of combined resources,
+// organize your billing information according to resources with the same tag
+// key values. For example, you can tag several resources with a specific application
+// name, and then organize your billing information to see the total cost of
+// that application across several services. For more information, see Cost
+// Allocation and Tagging (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/cost-alloc-tags.html)
+// and Using Cost Allocation in Amazon S3 Bucket Tags (https://docs.aws.amazon.com/AmazonS3/latest/dev/CostAllocTagging.html).
+//
+// When this operation sets the tags for a bucket, it will overwrite any current
+// tags the bucket already has. You cannot use this operation to add tags to
+// an existing list of tags.
+//
+// To use this operation, you must have permissions to perform the s3:PutBucketTagging
+// action. The bucket owner has this permission by default and can grant this
+// permission to others. For more information about permissions, see Permissions
+// Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
+// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html).
+//
+// PutBucketTagging has the following special errors:
+//
+//   - Error code: InvalidTagError Description: The tag provided was not a
+//     valid tag. This error can occur if the tag did not pass input validation.
+//     For information about tag restrictions, see User-Defined Tag Restrictions
+//     (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/allocation-tag-restrictions.html)
+//     and Amazon Web Services-Generated Cost Allocation Tag Restrictions (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/aws-tag-restrictions.html).
+//
+//   - Error code: MalformedXMLError Description: The XML provided does not
+//     match the schema.
+//
+//   - Error code: OperationAbortedError Description: A conflicting conditional
+//     action is currently in progress against this resource. Please try again.
+//
+//   - Error code: InternalError Description: The service was unable to apply
+//     the provided tag to the bucket.
+//
+// The following operations are related to PutBucketTagging:
+//
+//   - GetBucketTagging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketTagging.html)
+//
+//   - DeleteBucketTagging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketTagging.html)
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Simple Storage Service's
+// API operation PutBucketTagging for usage and error information.
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketTagging
+func (c *S3) PutBucketTagging(input *PutBucketTaggingInput) (*PutBucketTaggingOutput, error) {
+	req, out := c.PutBucketTaggingRequest(input)
+	return out, req.Send()
+}
+
+// PutBucketTaggingWithContext is the same as PutBucketTagging with the addition of
+// the ability to pass a context and additional request options.
+//
+// See PutBucketTagging for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *S3) PutBucketTaggingWithContext(ctx aws.Context, input *PutBucketTaggingInput, opts ...request.Option) (*PutBucketTaggingOutput, error) {
+	req, out := c.PutBucketTaggingRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+const opPutBucketVersioning = "PutBucketVersioning"
+
+// PutBucketVersioningRequest generates a "aws/request.Request" representing the
+// client's request for the PutBucketVersioning operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See PutBucketVersioning for more information on using the PutBucketVersioning
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//	// Example sending a request using the PutBucketVersioningRequest method.
+//	req, resp := client.PutBucketVersioningRequest(params)
+//
+//	err := req.Send()
+//	if err == nil { // resp is now filled
+//	    fmt.Println(resp)
+//	}
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketVersioning
+func (c *S3) PutBucketVersioningRequest(input *PutBucketVersioningInput) (req *request.Request, output *PutBucketVersioningOutput) {
+	op := &request.Operation{
+		Name:       opPutBucketVersioning,
+		HTTPMethod: "PUT",
+		HTTPPath:   "/{Bucket}?versioning",
+	}
+
+	if input == nil {
+		input = &PutBucketVersioningInput{}
+	}
+
+	output = &PutBucketVersioningOutput{}
+	req = c.newRequest(op, input, output)
+	req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
+	req.Handlers.Build.PushBackNamed(request.NamedHandler{
+		Name: "contentMd5Handler",
+		Fn:   checksum.AddBodyContentMD5Handler,
+	})
+	return
+}
+
+// PutBucketVersioning API operation for Amazon Simple Storage Service.
+//
+// Sets the versioning state of an existing bucket.
+//
+// You can set the versioning state with one of the following values:
+//
+// Enabled—Enables versioning for the objects in the bucket. All objects added
+// to the bucket receive a unique version ID.
+//
+// Suspended—Disables versioning for the objects in the bucket. All objects
+// added to the bucket receive the version ID null.
+//
+// If the versioning state has never been set on a bucket, it has no versioning
+// state; a GetBucketVersioning (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketVersioning.html)
+// request does not return a versioning state value.
+//
+// In order to enable MFA Delete, you must be the bucket owner. If you are the
+// bucket owner and want to enable MFA Delete in the bucket versioning configuration,
+// you must include the x-amz-mfa request header and the Status and the MfaDelete
+// request elements in a request to set the versioning state of the bucket.
+//
+// If you have an object expiration lifecycle configuration in your non-versioned
+// bucket and you want to maintain the same permanent delete behavior when you
+// enable versioning, you must add a noncurrent expiration policy. The noncurrent
+// expiration lifecycle configuration will manage the deletes of the noncurrent
+// object versions in the version-enabled bucket. (A version-enabled bucket
+// maintains one current and zero or more noncurrent object versions.) For more
+// information, see Lifecycle and Versioning (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html#lifecycle-and-other-bucket-config).
+//
+// The following operations are related to PutBucketVersioning:
+//
+//   - CreateBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html)
+//
+//   - DeleteBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucket.html)
+//
+//   - GetBucketVersioning (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketVersioning.html)
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Simple Storage Service's
+// API operation PutBucketVersioning for usage and error information.
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketVersioning
+func (c *S3) PutBucketVersioning(input *PutBucketVersioningInput) (*PutBucketVersioningOutput, error) {
+	req, out := c.PutBucketVersioningRequest(input)
+	return out, req.Send()
+}
+
+// PutBucketVersioningWithContext is the same as PutBucketVersioning with the addition of
+// the ability to pass a context and additional request options.
+//
+// See PutBucketVersioning for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *S3) PutBucketVersioningWithContext(ctx aws.Context, input *PutBucketVersioningInput, opts ...request.Option) (*PutBucketVersioningOutput, error) {
+	req, out := c.PutBucketVersioningRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+const opPutBucketWebsite = "PutBucketWebsite"
+
+// PutBucketWebsiteRequest generates a "aws/request.Request" representing the
+// client's request for the PutBucketWebsite operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See PutBucketWebsite for more information on using the PutBucketWebsite
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//	// Example sending a request using the PutBucketWebsiteRequest method.
+//	req, resp := client.PutBucketWebsiteRequest(params)
+//
+//	err := req.Send()
+//	if err == nil { // resp is now filled
+//	    fmt.Println(resp)
+//	}
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketWebsite
+func (c *S3) PutBucketWebsiteRequest(input *PutBucketWebsiteInput) (req *request.Request, output *PutBucketWebsiteOutput) {
+	op := &request.Operation{
+		Name:       opPutBucketWebsite,
+		HTTPMethod: "PUT",
+		HTTPPath:   "/{Bucket}?website",
+	}
+
+	if input == nil {
+		input = &PutBucketWebsiteInput{}
+	}
+
+	output = &PutBucketWebsiteOutput{}
+	req = c.newRequest(op, input, output)
+	req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
+	req.Handlers.Build.PushBackNamed(request.NamedHandler{
+		Name: "contentMd5Handler",
+		Fn:   checksum.AddBodyContentMD5Handler,
+	})
+	return
+}
+
+// PutBucketWebsite API operation for Amazon Simple Storage Service.
+//
+// Sets the configuration of the website that is specified in the website subresource.
+// To configure a bucket as a website, you can add this subresource on the bucket
+// with website configuration information such as the file name of the index
+// document and any redirect rules. For more information, see Hosting Websites
+// on Amazon S3 (https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteHosting.html).
+//
+// This PUT action requires the S3:PutBucketWebsite permission. By default,
+// only the bucket owner can configure the website attached to a bucket; however,
+// bucket owners can allow other users to set the website configuration by writing
+// a bucket policy that grants them the S3:PutBucketWebsite permission.
+//
+// To redirect all website requests sent to the bucket's website endpoint, you
+// add a website configuration with the following elements. Because all requests
+// are sent to another website, you don't need to provide index document name
+// for the bucket.
+//
+//   - WebsiteConfiguration
+//
+//   - RedirectAllRequestsTo
+//
+//   - HostName
+//
+//   - Protocol
+//
+// If you want granular control over redirects, you can use the following elements
+// to add routing rules that describe conditions for redirecting requests and
+// information about the redirect destination. In this case, the website configuration
+// must provide an index document for the bucket, because some requests might
+// not be redirected.
+//
+//   - WebsiteConfiguration
+//
+//   - IndexDocument
+//
+//   - Suffix
+//
+//   - ErrorDocument
+//
+//   - Key
+//
+//   - RoutingRules
+//
+//   - RoutingRule
+//
+//   - Condition
+//
+//   - HttpErrorCodeReturnedEquals
+//
+//   - KeyPrefixEquals
+//
+//   - Redirect
+//
+//   - Protocol
+//
+//   - HostName
+//
+//   - ReplaceKeyPrefixWith
+//
+//   - ReplaceKeyWith
+//
+//   - HttpRedirectCode
+//
+// Amazon S3 has a limitation of 50 routing rules per website configuration.
+// If you require more than 50 routing rules, you can use object redirect. For
+// more information, see Configuring an Object Redirect (https://docs.aws.amazon.com/AmazonS3/latest/dev/how-to-page-redirect.html)
+// in the Amazon S3 User Guide.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Simple Storage Service's
+// API operation PutBucketWebsite for usage and error information.
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketWebsite
+func (c *S3) PutBucketWebsite(input *PutBucketWebsiteInput) (*PutBucketWebsiteOutput, error) {
+	req, out := c.PutBucketWebsiteRequest(input)
+	return out, req.Send()
+}
+
+// PutBucketWebsiteWithContext is the same as PutBucketWebsite with the addition of
+// the ability to pass a context and additional request options.
+//
+// See PutBucketWebsite for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *S3) PutBucketWebsiteWithContext(ctx aws.Context, input *PutBucketWebsiteInput, opts ...request.Option) (*PutBucketWebsiteOutput, error) {
+	req, out := c.PutBucketWebsiteRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+const opPutObject = "PutObject"
+
+// PutObjectRequest generates a "aws/request.Request" representing the
+// client's request for the PutObject operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See PutObject for more information on using the PutObject
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//	// Example sending a request using the PutObjectRequest method.
+//	req, resp := client.PutObjectRequest(params)
+//
+//	err := req.Send()
+//	if err == nil { // resp is now filled
+//	    fmt.Println(resp)
+//	}
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutObject
+func (c *S3) PutObjectRequest(input *PutObjectInput) (req *request.Request, output *PutObjectOutput) {
+	op := &request.Operation{
+		Name:       opPutObject,
+		HTTPMethod: "PUT",
+		HTTPPath:   "/{Bucket}/{Key+}",
+	}
+
+	if input == nil {
+		input = &PutObjectInput{}
+	}
+
+	output = &PutObjectOutput{}
+	req = c.newRequest(op, input, output)
+	return
+}
+
+// PutObject API operation for Amazon Simple Storage Service.
+//
+// Adds an object to a bucket. You must have WRITE permissions on a bucket to
+// add an object to it.
+//
+// Amazon S3 never adds partial objects; if you receive a success response,
+// Amazon S3 added the entire object to the bucket. You cannot use PutObject
+// to only update a single piece of metadata for an existing object. You must
+// put the entire object with updated metadata if you want to update some values.
+//
+// Amazon S3 is a distributed system. If it receives multiple write requests
+// for the same object simultaneously, it overwrites all but the last object
+// written. To prevent objects from being deleted or overwritten, you can use
+// Amazon S3 Object Lock (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock.html).
+//
+// To ensure that data is not corrupted traversing the network, use the Content-MD5
+// header. When you use this header, Amazon S3 checks the object against the
+// provided MD5 value and, if they do not match, returns an error. Additionally,
+// you can calculate the MD5 while putting an object to Amazon S3 and compare
+// the returned ETag to the calculated MD5 value.
+//
+//   - To successfully complete the PutObject request, you must have the s3:PutObject
+//     in your IAM permissions.
+//
+//   - To successfully change the objects acl of your PutObject request, you
+//     must have the s3:PutObjectAcl in your IAM permissions.
+//
+//   - To successfully set the tag-set with your PutObject request, you must
+//     have the s3:PutObjectTagging in your IAM permissions.
+//
+//   - The Content-MD5 header is required for any request to upload an object
+//     with a retention period configured using Amazon S3 Object Lock. For more
+//     information about Amazon S3 Object Lock, see Amazon S3 Object Lock Overview
+//     (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock-overview.html)
+//     in the Amazon S3 User Guide.
+//
+// You have four mutually exclusive options to protect data using server-side
+// encryption in Amazon S3, depending on how you choose to manage the encryption
+// keys. Specifically, the encryption key options are Amazon S3 managed keys
+// (SSE-S3), Amazon Web Services KMS keys (SSE-KMS or DSSE-KMS), and customer-provided
+// keys (SSE-C). Amazon S3 encrypts data with server-side encryption by using
+// Amazon S3 managed keys (SSE-S3) by default. You can optionally tell Amazon
+// S3 to encrypt data at rest by using server-side encryption with other key
+// options. For more information, see Using Server-Side Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html).
+//
+// When adding a new object, you can use headers to grant ACL-based permissions
+// to individual Amazon Web Services accounts or to predefined groups defined
+// by Amazon S3. These permissions are then added to the ACL on the object.
+// By default, all objects are private. Only the owner has full access control.
+// For more information, see Access Control List (ACL) Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html)
+// and Managing ACLs Using the REST API (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-using-rest-api.html).
+//
+// If the bucket that you're uploading objects to uses the bucket owner enforced
+// setting for S3 Object Ownership, ACLs are disabled and no longer affect permissions.
+// Buckets that use this setting only accept PUT requests that don't specify
+// an ACL or PUT requests that specify bucket owner full control ACLs, such
+// as the bucket-owner-full-control canned ACL or an equivalent form of this
+// ACL expressed in the XML format. PUT requests that contain other ACLs (for
+// example, custom grants to certain Amazon Web Services accounts) fail and
+// return a 400 error with the error code AccessControlListNotSupported. For
+// more information, see Controlling ownership of objects and disabling ACLs
+// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html)
+// in the Amazon S3 User Guide.
+//
+// If your bucket uses the bucket owner enforced setting for Object Ownership,
+// all objects written to the bucket by any account will be owned by the bucket
+// owner.
+//
+// By default, Amazon S3 uses the STANDARD Storage Class to store newly created
+// objects. The STANDARD storage class provides high durability and high availability.
+// Depending on performance needs, you can specify a different Storage Class.
+// Amazon S3 on Outposts only uses the OUTPOSTS Storage Class. For more information,
+// see Storage Classes (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html)
+// in the Amazon S3 User Guide.
+//
+// If you enable versioning for a bucket, Amazon S3 automatically generates
+// a unique version ID for the object being stored. Amazon S3 returns this ID
+// in the response. When you enable versioning for a bucket, if Amazon S3 receives
+// multiple write requests for the same object simultaneously, it stores all
+// of the objects. For more information about versioning, see Adding Objects
+// to Versioning-Enabled Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/AddingObjectstoVersioningEnabledBuckets.html).
+// For information about returning the versioning state of a bucket, see GetBucketVersioning
+// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketVersioning.html).
+//
+// For more information about related Amazon S3 APIs, see the following:
+//
+//   - CopyObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html)
+//
+//   - DeleteObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObject.html)
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Simple Storage Service's
+// API operation PutObject for usage and error information.
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutObject
+func (c *S3) PutObject(input *PutObjectInput) (*PutObjectOutput, error) {
+	req, out := c.PutObjectRequest(input)
+	return out, req.Send()
+}
+
+// PutObjectWithContext is the same as PutObject with the addition of
+// the ability to pass a context and additional request options.
+//
+// See PutObject for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *S3) PutObjectWithContext(ctx aws.Context, input *PutObjectInput, opts ...request.Option) (*PutObjectOutput, error) {
+	req, out := c.PutObjectRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+const opPutObjectAcl = "PutObjectAcl"
+
+// PutObjectAclRequest generates a "aws/request.Request" representing the
+// client's request for the PutObjectAcl operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See PutObjectAcl for more information on using the PutObjectAcl
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//	// Example sending a request using the PutObjectAclRequest method.
+//	req, resp := client.PutObjectAclRequest(params)
+//
+//	err := req.Send()
+//	if err == nil { // resp is now filled
+//	    fmt.Println(resp)
+//	}
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutObjectAcl
+func (c *S3) PutObjectAclRequest(input *PutObjectAclInput) (req *request.Request, output *PutObjectAclOutput) {
+	op := &request.Operation{
+		Name:       opPutObjectAcl,
+		HTTPMethod: "PUT",
+		HTTPPath:   "/{Bucket}/{Key+}?acl",
+	}
+
+	if input == nil {
+		input = &PutObjectAclInput{}
+	}
+
+	output = &PutObjectAclOutput{}
+	req = c.newRequest(op, input, output)
+	req.Handlers.Build.PushBackNamed(request.NamedHandler{
+		Name: "contentMd5Handler",
+		Fn:   checksum.AddBodyContentMD5Handler,
+	})
+	return
+}
+
+// PutObjectAcl API operation for Amazon Simple Storage Service.
+//
+// Uses the acl subresource to set the access control list (ACL) permissions
+// for a new or existing object in an S3 bucket. You must have WRITE_ACP permission
+// to set the ACL of an object. For more information, see What permissions can
+// I grant? (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#permissions)
+// in the Amazon S3 User Guide.
+//
+// This action is not supported by Amazon S3 on Outposts.
+//
+// Depending on your application needs, you can choose to set the ACL on an
+// object using either the request body or the headers. For example, if you
+// have an existing application that updates a bucket ACL using the request
+// body, you can continue to use that approach. For more information, see Access
+// Control List (ACL) Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html)
+// in the Amazon S3 User Guide.
+//
+// If your bucket uses the bucket owner enforced setting for S3 Object Ownership,
+// ACLs are disabled and no longer affect permissions. You must use policies
+// to grant access to your bucket and the objects in it. Requests to set ACLs
+// or update ACLs fail and return the AccessControlListNotSupported error code.
+// Requests to read ACLs are still supported. For more information, see Controlling
+// object ownership (https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html)
+// in the Amazon S3 User Guide.
+//
+// # Permissions
+//
+// You can set access permissions using one of the following methods:
+//
+//   - Specify a canned ACL with the x-amz-acl request header. Amazon S3 supports
+//     a set of predefined ACLs, known as canned ACLs. Each canned ACL has a
+//     predefined set of grantees and permissions. Specify the canned ACL name
+//     as the value of x-amz-acl. If you use this header, you cannot use other
+//     access control-specific headers in your request. For more information,
+//     see Canned ACL (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL).
+//
+//   - Specify access permissions explicitly with the x-amz-grant-read, x-amz-grant-read-acp,
+//     x-amz-grant-write-acp, and x-amz-grant-full-control headers. When using
+//     these headers, you specify explicit access permissions and grantees (Amazon
+//     Web Services accounts or Amazon S3 groups) who will receive the permission.
+//     If you use these ACL-specific headers, you cannot use x-amz-acl header
+//     to set a canned ACL. These parameters map to the set of permissions that
+//     Amazon S3 supports in an ACL. For more information, see Access Control
+//     List (ACL) Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html).
+//     You specify each grantee as a type=value pair, where the type is one of
+//     the following: id – if the value specified is the canonical user ID
+//     of an Amazon Web Services account uri – if you are granting permissions
+//     to a predefined group emailAddress – if the value specified is the email
+//     address of an Amazon Web Services account Using email addresses to specify
+//     a grantee is only supported in the following Amazon Web Services Regions:
+//     US East (N. Virginia) US West (N. California) US West (Oregon) Asia Pacific
+//     (Singapore) Asia Pacific (Sydney) Asia Pacific (Tokyo) Europe (Ireland)
+//     South America (São Paulo) For a list of all the Amazon S3 supported Regions
+//     and endpoints, see Regions and Endpoints (https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region)
+//     in the Amazon Web Services General Reference. For example, the following
+//     x-amz-grant-read header grants list objects permission to the two Amazon
+//     Web Services accounts identified by their email addresses. x-amz-grant-read:
+//     emailAddress="xyz@amazon.com", emailAddress="abc@amazon.com"
+//
+// You can use either a canned ACL or specify access permissions explicitly.
+// You cannot do both.
+//
+// # Grantee Values
+//
+// You can specify the person (grantee) to whom you're assigning access rights
+// (using request elements) in the following ways:
+//
+//   - By the person's ID: <Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+//     xsi:type="CanonicalUser"><ID><>ID<></ID><DisplayName><>GranteesEmail<></DisplayName>
+//     </Grantee> DisplayName is optional and ignored in the request.
+//
+//   - By URI: <Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+//     xsi:type="Group"><URI><>http://acs.amazonaws.com/groups/global/AuthenticatedUsers<></URI></Grantee>
+//
+//   - By Email address: <Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+//     xsi:type="AmazonCustomerByEmail"><EmailAddress><>Grantees@email.com<></EmailAddress>lt;/Grantee>
+//     The grantee is resolved to the CanonicalUser and, in a response to a GET
+//     Object acl request, appears as the CanonicalUser. Using email addresses
+//     to specify a grantee is only supported in the following Amazon Web Services
+//     Regions: US East (N. Virginia) US West (N. California) US West (Oregon)
+//     Asia Pacific (Singapore) Asia Pacific (Sydney) Asia Pacific (Tokyo) Europe
+//     (Ireland) South America (São Paulo) For a list of all the Amazon S3 supported
+//     Regions and endpoints, see Regions and Endpoints (https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region)
+//     in the Amazon Web Services General Reference.
+//
+// # Versioning
+//
+// The ACL of an object is set at the object version level. By default, PUT
+// sets the ACL of the current version of an object. To set the ACL of a different
+// version, use the versionId subresource.
+//
+// The following operations are related to PutObjectAcl:
+//
+//   - CopyObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html)
+//
+//   - GetObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html)
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Simple Storage Service's
+// API operation PutObjectAcl for usage and error information.
+//
+// Returned Error Codes:
+//   - ErrCodeNoSuchKey "NoSuchKey"
+//     The specified key does not exist.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutObjectAcl
+func (c *S3) PutObjectAcl(input *PutObjectAclInput) (*PutObjectAclOutput, error) {
+	req, out := c.PutObjectAclRequest(input)
+	return out, req.Send()
+}
+
+// PutObjectAclWithContext is the same as PutObjectAcl with the addition of
+// the ability to pass a context and additional request options.
+//
+// See PutObjectAcl for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *S3) PutObjectAclWithContext(ctx aws.Context, input *PutObjectAclInput, opts ...request.Option) (*PutObjectAclOutput, error) {
+	req, out := c.PutObjectAclRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+const opPutObjectLegalHold = "PutObjectLegalHold"
+
+// PutObjectLegalHoldRequest generates a "aws/request.Request" representing the
+// client's request for the PutObjectLegalHold operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See PutObjectLegalHold for more information on using the PutObjectLegalHold
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//	// Example sending a request using the PutObjectLegalHoldRequest method.
+//	req, resp := client.PutObjectLegalHoldRequest(params)
+//
+//	err := req.Send()
+//	if err == nil { // resp is now filled
+//	    fmt.Println(resp)
+//	}
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutObjectLegalHold
+func (c *S3) PutObjectLegalHoldRequest(input *PutObjectLegalHoldInput) (req *request.Request, output *PutObjectLegalHoldOutput) {
+	op := &request.Operation{
+		Name:       opPutObjectLegalHold,
+		HTTPMethod: "PUT",
+		HTTPPath:   "/{Bucket}/{Key+}?legal-hold",
+	}
+
+	if input == nil {
+		input = &PutObjectLegalHoldInput{}
+	}
+
+	output = &PutObjectLegalHoldOutput{}
+	req = c.newRequest(op, input, output)
+	req.Handlers.Build.PushBackNamed(request.NamedHandler{
+		Name: "contentMd5Handler",
+		Fn:   checksum.AddBodyContentMD5Handler,
+	})
+	return
+}
+
+// PutObjectLegalHold API operation for Amazon Simple Storage Service.
+//
+// Applies a legal hold configuration to the specified object. For more information,
+// see Locking Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html).
+//
+// This action is not supported by Amazon S3 on Outposts.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Simple Storage Service's
+// API operation PutObjectLegalHold for usage and error information.
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutObjectLegalHold
+func (c *S3) PutObjectLegalHold(input *PutObjectLegalHoldInput) (*PutObjectLegalHoldOutput, error) {
+	req, out := c.PutObjectLegalHoldRequest(input)
+	return out, req.Send()
+}
+
+// PutObjectLegalHoldWithContext is the same as PutObjectLegalHold with the addition of
+// the ability to pass a context and additional request options.
+//
+// See PutObjectLegalHold for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *S3) PutObjectLegalHoldWithContext(ctx aws.Context, input *PutObjectLegalHoldInput, opts ...request.Option) (*PutObjectLegalHoldOutput, error) {
+	req, out := c.PutObjectLegalHoldRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+const opPutObjectLockConfiguration = "PutObjectLockConfiguration"
+
+// PutObjectLockConfigurationRequest generates a "aws/request.Request" representing the
+// client's request for the PutObjectLockConfiguration operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See PutObjectLockConfiguration for more information on using the PutObjectLockConfiguration
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//	// Example sending a request using the PutObjectLockConfigurationRequest method.
+//	req, resp := client.PutObjectLockConfigurationRequest(params)
+//
+//	err := req.Send()
+//	if err == nil { // resp is now filled
+//	    fmt.Println(resp)
+//	}
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutObjectLockConfiguration
+func (c *S3) PutObjectLockConfigurationRequest(input *PutObjectLockConfigurationInput) (req *request.Request, output *PutObjectLockConfigurationOutput) {
+	op := &request.Operation{
+		Name:       opPutObjectLockConfiguration,
+		HTTPMethod: "PUT",
+		HTTPPath:   "/{Bucket}?object-lock",
+	}
+
+	if input == nil {
+		input = &PutObjectLockConfigurationInput{}
+	}
+
+	output = &PutObjectLockConfigurationOutput{}
+	req = c.newRequest(op, input, output)
+	req.Handlers.Build.PushBackNamed(request.NamedHandler{
+		Name: "contentMd5Handler",
+		Fn:   checksum.AddBodyContentMD5Handler,
+	})
+	return
+}
+
+// PutObjectLockConfiguration API operation for Amazon Simple Storage Service.
+//
+// Places an Object Lock configuration on the specified bucket. The rule specified
+// in the Object Lock configuration will be applied by default to every new
+// object placed in the specified bucket. For more information, see Locking
+// Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html).
+//
+//   - The DefaultRetention settings require both a mode and a period.
+//
+//   - The DefaultRetention period can be either Days or Years but you must
+//     select one. You cannot specify Days and Years at the same time.
+//
+//   - You can only enable Object Lock for new buckets. If you want to turn
+//     on Object Lock for an existing bucket, contact Amazon Web Services Support.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Simple Storage Service's
+// API operation PutObjectLockConfiguration for usage and error information.
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutObjectLockConfiguration
+func (c *S3) PutObjectLockConfiguration(input *PutObjectLockConfigurationInput) (*PutObjectLockConfigurationOutput, error) {
+	req, out := c.PutObjectLockConfigurationRequest(input)
+	return out, req.Send()
+}
+
+// PutObjectLockConfigurationWithContext is the same as PutObjectLockConfiguration with the addition of
+// the ability to pass a context and additional request options.
+//
+// See PutObjectLockConfiguration for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *S3) PutObjectLockConfigurationWithContext(ctx aws.Context, input *PutObjectLockConfigurationInput, opts ...request.Option) (*PutObjectLockConfigurationOutput, error) {
+	req, out := c.PutObjectLockConfigurationRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+const opPutObjectRetention = "PutObjectRetention"
+
+// PutObjectRetentionRequest generates a "aws/request.Request" representing the
+// client's request for the PutObjectRetention operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See PutObjectRetention for more information on using the PutObjectRetention
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//	// Example sending a request using the PutObjectRetentionRequest method.
+//	req, resp := client.PutObjectRetentionRequest(params)
+//
+//	err := req.Send()
+//	if err == nil { // resp is now filled
+//	    fmt.Println(resp)
+//	}
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutObjectRetention
+func (c *S3) PutObjectRetentionRequest(input *PutObjectRetentionInput) (req *request.Request, output *PutObjectRetentionOutput) {
+	op := &request.Operation{
+		Name:       opPutObjectRetention,
+		HTTPMethod: "PUT",
+		HTTPPath:   "/{Bucket}/{Key+}?retention",
+	}
+
+	if input == nil {
+		input = &PutObjectRetentionInput{}
+	}
+
+	output = &PutObjectRetentionOutput{}
+	req = c.newRequest(op, input, output)
+	req.Handlers.Build.PushBackNamed(request.NamedHandler{
+		Name: "contentMd5Handler",
+		Fn:   checksum.AddBodyContentMD5Handler,
+	})
+	return
+}
+
+// PutObjectRetention API operation for Amazon Simple Storage Service.
+//
+// Places an Object Retention configuration on an object. For more information,
+// see Locking Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html).
+// Users or accounts require the s3:PutObjectRetention permission in order to
+// place an Object Retention configuration on objects. Bypassing a Governance
+// Retention configuration requires the s3:BypassGovernanceRetention permission.
+//
+// This action is not supported by Amazon S3 on Outposts.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Simple Storage Service's
+// API operation PutObjectRetention for usage and error information.
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutObjectRetention
+func (c *S3) PutObjectRetention(input *PutObjectRetentionInput) (*PutObjectRetentionOutput, error) {
+	req, out := c.PutObjectRetentionRequest(input)
+	return out, req.Send()
+}
+
+// PutObjectRetentionWithContext is the same as PutObjectRetention with the addition of
+// the ability to pass a context and additional request options.
+//
+// See PutObjectRetention for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *S3) PutObjectRetentionWithContext(ctx aws.Context, input *PutObjectRetentionInput, opts ...request.Option) (*PutObjectRetentionOutput, error) {
+	req, out := c.PutObjectRetentionRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+const opPutObjectTagging = "PutObjectTagging"
+
+// PutObjectTaggingRequest generates a "aws/request.Request" representing the
+// client's request for the PutObjectTagging operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See PutObjectTagging for more information on using the PutObjectTagging
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//	// Example sending a request using the PutObjectTaggingRequest method.
+//	req, resp := client.PutObjectTaggingRequest(params)
+//
+//	err := req.Send()
+//	if err == nil { // resp is now filled
+//	    fmt.Println(resp)
+//	}
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutObjectTagging
+func (c *S3) PutObjectTaggingRequest(input *PutObjectTaggingInput) (req *request.Request, output *PutObjectTaggingOutput) {
+	op := &request.Operation{
+		Name:       opPutObjectTagging,
+		HTTPMethod: "PUT",
+		HTTPPath:   "/{Bucket}/{Key+}?tagging",
+	}
+
+	if input == nil {
+		input = &PutObjectTaggingInput{}
+	}
+
+	output = &PutObjectTaggingOutput{}
+	req = c.newRequest(op, input, output)
+	req.Handlers.Build.PushBackNamed(request.NamedHandler{
+		Name: "contentMd5Handler",
+		Fn:   checksum.AddBodyContentMD5Handler,
+	})
+	return
+}
+
+// PutObjectTagging API operation for Amazon Simple Storage Service.
+//
+// Sets the supplied tag-set to an object that already exists in a bucket.
+//
+// A tag is a key-value pair. You can associate tags with an object by sending
+// a PUT request against the tagging subresource that is associated with the
+// object. You can retrieve tags by sending a GET request. For more information,
+// see GetObjectTagging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectTagging.html).
+//
+// For tagging-related restrictions related to characters and encodings, see
+// Tag Restrictions (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/allocation-tag-restrictions.html).
+// Note that Amazon S3 limits the maximum number of tags to 10 tags per object.
+//
+// To use this operation, you must have permission to perform the s3:PutObjectTagging
+// action. By default, the bucket owner has this permission and can grant this
+// permission to others.
+//
+// To put tags of any other version, use the versionId query parameter. You
+// also need permission for the s3:PutObjectVersionTagging action.
+//
+// For information about the Amazon S3 object tagging feature, see Object Tagging
+// (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-tagging.html).
+//
+// PutObjectTagging has the following special errors:
+//
+//   - Code: InvalidTagError Cause: The tag provided was not a valid tag. This
+//     error can occur if the tag did not pass input validation. For more information,
+//     see Object Tagging (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-tagging.html).
+//
+//   - Code: MalformedXMLError Cause: The XML provided does not match the schema.
+//
+//   - Code: OperationAbortedError Cause: A conflicting conditional action
+//     is currently in progress against this resource. Please try again.
+//
+//   - Code: InternalError Cause: The service was unable to apply the provided
+//     tag to the object.
+//
+// The following operations are related to PutObjectTagging:
+//
+//   - GetObjectTagging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectTagging.html)
+//
+//   - DeleteObjectTagging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObjectTagging.html)
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Simple Storage Service's
+// API operation PutObjectTagging for usage and error information.
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutObjectTagging
+func (c *S3) PutObjectTagging(input *PutObjectTaggingInput) (*PutObjectTaggingOutput, error) {
+	req, out := c.PutObjectTaggingRequest(input)
+	return out, req.Send()
+}
+
+// PutObjectTaggingWithContext is the same as PutObjectTagging with the addition of
+// the ability to pass a context and additional request options.
+//
+// See PutObjectTagging for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *S3) PutObjectTaggingWithContext(ctx aws.Context, input *PutObjectTaggingInput, opts ...request.Option) (*PutObjectTaggingOutput, error) {
+	req, out := c.PutObjectTaggingRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+const opPutPublicAccessBlock = "PutPublicAccessBlock"
+
+// PutPublicAccessBlockRequest generates a "aws/request.Request" representing the
+// client's request for the PutPublicAccessBlock operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See PutPublicAccessBlock for more information on using the PutPublicAccessBlock
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//	// Example sending a request using the PutPublicAccessBlockRequest method.
+//	req, resp := client.PutPublicAccessBlockRequest(params)
+//
+//	err := req.Send()
+//	if err == nil { // resp is now filled
+//	    fmt.Println(resp)
+//	}
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutPublicAccessBlock
+func (c *S3) PutPublicAccessBlockRequest(input *PutPublicAccessBlockInput) (req *request.Request, output *PutPublicAccessBlockOutput) {
+	op := &request.Operation{
+		Name:       opPutPublicAccessBlock,
+		HTTPMethod: "PUT",
+		HTTPPath:   "/{Bucket}?publicAccessBlock",
+	}
+
+	if input == nil {
+		input = &PutPublicAccessBlockInput{}
+	}
+
+	output = &PutPublicAccessBlockOutput{}
+	req = c.newRequest(op, input, output)
+	req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
+	req.Handlers.Build.PushBackNamed(request.NamedHandler{
+		Name: "contentMd5Handler",
+		Fn:   checksum.AddBodyContentMD5Handler,
+	})
+	return
+}
+
+// PutPublicAccessBlock API operation for Amazon Simple Storage Service.
+//
+// Creates or modifies the PublicAccessBlock configuration for an Amazon S3
+// bucket. To use this operation, you must have the s3:PutBucketPublicAccessBlock
+// permission. For more information about Amazon S3 permissions, see Specifying
+// Permissions in a Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html).
+//
+// When Amazon S3 evaluates the PublicAccessBlock configuration for a bucket
+// or an object, it checks the PublicAccessBlock configuration for both the
+// bucket (or the bucket that contains the object) and the bucket owner's account.
+// If the PublicAccessBlock configurations are different between the bucket
+// and the account, Amazon S3 uses the most restrictive combination of the bucket-level
+// and account-level settings.
+//
+// For more information about when Amazon S3 considers a bucket or an object
+// public, see The Meaning of "Public" (https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html#access-control-block-public-access-policy-status).
+//
+// The following operations are related to PutPublicAccessBlock:
+//
+//   - GetPublicAccessBlock (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetPublicAccessBlock.html)
+//
+//   - DeletePublicAccessBlock (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeletePublicAccessBlock.html)
+//
+//   - GetBucketPolicyStatus (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketPolicyStatus.html)
+//
+//   - Using Amazon S3 Block Public Access (https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html)
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Simple Storage Service's
+// API operation PutPublicAccessBlock for usage and error information.
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutPublicAccessBlock
+func (c *S3) PutPublicAccessBlock(input *PutPublicAccessBlockInput) (*PutPublicAccessBlockOutput, error) {
+	req, out := c.PutPublicAccessBlockRequest(input)
+	return out, req.Send()
+}
+
+// PutPublicAccessBlockWithContext is the same as PutPublicAccessBlock with the addition of
+// the ability to pass a context and additional request options.
+//
+// See PutPublicAccessBlock for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *S3) PutPublicAccessBlockWithContext(ctx aws.Context, input *PutPublicAccessBlockInput, opts ...request.Option) (*PutPublicAccessBlockOutput, error) {
+	req, out := c.PutPublicAccessBlockRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+const opRestoreObject = "RestoreObject"
+
+// RestoreObjectRequest generates a "aws/request.Request" representing the
+// client's request for the RestoreObject operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See RestoreObject for more information on using the RestoreObject
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//	// Example sending a request using the RestoreObjectRequest method.
+//	req, resp := client.RestoreObjectRequest(params)
+//
+//	err := req.Send()
+//	if err == nil { // resp is now filled
+//	    fmt.Println(resp)
+//	}
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/RestoreObject
+func (c *S3) RestoreObjectRequest(input *RestoreObjectInput) (req *request.Request, output *RestoreObjectOutput) {
+	op := &request.Operation{
+		Name:       opRestoreObject,
+		HTTPMethod: "POST",
+		HTTPPath:   "/{Bucket}/{Key+}?restore",
+	}
+
+	if input == nil {
+		input = &RestoreObjectInput{}
+	}
+
+	output = &RestoreObjectOutput{}
+	req = c.newRequest(op, input, output)
+	return
+}
+
+// RestoreObject API operation for Amazon Simple Storage Service.
+//
+// # Restores an archived copy of an object back into Amazon S3
+//
+// This action is not supported by Amazon S3 on Outposts.
+//
+// This action performs the following types of requests:
+//
+//   - select - Perform a select query on an archived object
+//
+//   - restore an archive - Restore an archived object
+//
+// For more information about the S3 structure in the request body, see the
+// following:
+//
+//   - PutObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html)
+//
+//   - Managing Access with ACLs (https://docs.aws.amazon.com/AmazonS3/latest/dev/S3_ACLs_UsingACLs.html)
+//     in the Amazon S3 User Guide
+//
+//   - Protecting Data Using Server-Side Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html)
+//     in the Amazon S3 User Guide
+//
+// Define the SQL expression for the SELECT type of restoration for your query
+// in the request body's SelectParameters structure. You can use expressions
+// like the following examples.
+//
+//   - The following expression returns all records from the specified object.
+//     SELECT * FROM Object
+//
+//   - Assuming that you are not using any headers for data stored in the object,
+//     you can specify columns with positional headers. SELECT s._1, s._2 FROM
+//     Object s WHERE s._3 > 100
+//
+//   - If you have headers and you set the fileHeaderInfo in the CSV structure
+//     in the request body to USE, you can specify headers in the query. (If
+//     you set the fileHeaderInfo field to IGNORE, the first row is skipped for
+//     the query.) You cannot mix ordinal positions with header column names.
+//     SELECT s.Id, s.FirstName, s.SSN FROM S3Object s
+//
+// When making a select request, you can also do the following:
+//
+//   - To expedite your queries, specify the Expedited tier. For more information
+//     about tiers, see "Restoring Archives," later in this topic.
+//
+//   - Specify details about the data serialization format of both the input
+//     object that is being queried and the serialization of the CSV-encoded
+//     query results.
+//
+// The following are additional important facts about the select feature:
+//
+//   - The output results are new Amazon S3 objects. Unlike archive retrievals,
+//     they are stored until explicitly deleted-manually or through a lifecycle
+//     configuration.
+//
+//   - You can issue more than one select request on the same Amazon S3 object.
+//     Amazon S3 doesn't duplicate requests, so avoid issuing duplicate requests.
+//
+//   - Amazon S3 accepts a select request even if the object has already been
+//     restored. A select request doesn’t return error response 409.
+//
+// # Permissions
+//
+// To use this operation, you must have permissions to perform the s3:RestoreObject
+// action. The bucket owner has this permission by default and can grant this
+// permission to others. For more information about permissions, see Permissions
+// Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
+// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html)
+// in the Amazon S3 User Guide.
+//
+// # Restoring objects
+//
+// Objects that you archive to the S3 Glacier Flexible Retrieval Flexible Retrieval
+// or S3 Glacier Deep Archive storage class, and S3 Intelligent-Tiering Archive
+// or S3 Intelligent-Tiering Deep Archive tiers, are not accessible in real
+// time. For objects in the S3 Glacier Flexible Retrieval Flexible Retrieval
+// or S3 Glacier Deep Archive storage classes, you must first initiate a restore
+// request, and then wait until a temporary copy of the object is available.
+// If you want a permanent copy of the object, create a copy of it in the Amazon
+// S3 Standard storage class in your S3 bucket. To access an archived object,
+// you must restore the object for the duration (number of days) that you specify.
+// For objects in the Archive Access or Deep Archive Access tiers of S3 Intelligent-Tiering,
+// you must first initiate a restore request, and then wait until the object
+// is moved into the Frequent Access tier.
+//
+// To restore a specific object version, you can provide a version ID. If you
+// don't provide a version ID, Amazon S3 restores the current version.
+//
+// When restoring an archived object, you can specify one of the following data
+// access tier options in the Tier element of the request body:
+//
+//   - Expedited - Expedited retrievals allow you to quickly access your data
+//     stored in the S3 Glacier Flexible Retrieval Flexible Retrieval storage
+//     class or S3 Intelligent-Tiering Archive tier when occasional urgent requests
+//     for restoring archives are required. For all but the largest archived
+//     objects (250 MB+), data accessed using Expedited retrievals is typically
+//     made available within 1–5 minutes. Provisioned capacity ensures that
+//     retrieval capacity for Expedited retrievals is available when you need
+//     it. Expedited retrievals and provisioned capacity are not available for
+//     objects stored in the S3 Glacier Deep Archive storage class or S3 Intelligent-Tiering
+//     Deep Archive tier.
+//
+//   - Standard - Standard retrievals allow you to access any of your archived
+//     objects within several hours. This is the default option for retrieval
+//     requests that do not specify the retrieval option. Standard retrievals
+//     typically finish within 3–5 hours for objects stored in the S3 Glacier
+//     Flexible Retrieval Flexible Retrieval storage class or S3 Intelligent-Tiering
+//     Archive tier. They typically finish within 12 hours for objects stored
+//     in the S3 Glacier Deep Archive storage class or S3 Intelligent-Tiering
+//     Deep Archive tier. Standard retrievals are free for objects stored in
+//     S3 Intelligent-Tiering.
+//
+//   - Bulk - Bulk retrievals free for objects stored in the S3 Glacier Flexible
+//     Retrieval and S3 Intelligent-Tiering storage classes, enabling you to
+//     retrieve large amounts, even petabytes, of data at no cost. Bulk retrievals
+//     typically finish within 5–12 hours for objects stored in the S3 Glacier
+//     Flexible Retrieval Flexible Retrieval storage class or S3 Intelligent-Tiering
+//     Archive tier. Bulk retrievals are also the lowest-cost retrieval option
+//     when restoring objects from S3 Glacier Deep Archive. They typically finish
+//     within 48 hours for objects stored in the S3 Glacier Deep Archive storage
+//     class or S3 Intelligent-Tiering Deep Archive tier.
+//
+// For more information about archive retrieval options and provisioned capacity
+// for Expedited data access, see Restoring Archived Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/restoring-objects.html)
+// in the Amazon S3 User Guide.
+//
+// You can use Amazon S3 restore speed upgrade to change the restore speed to
+// a faster speed while it is in progress. For more information, see Upgrading
+// the speed of an in-progress restore (https://docs.aws.amazon.com/AmazonS3/latest/dev/restoring-objects.html#restoring-objects-upgrade-tier.title.html)
+// in the Amazon S3 User Guide.
+//
+// To get the status of object restoration, you can send a HEAD request. Operations
+// return the x-amz-restore header, which provides information about the restoration
+// status, in the response. You can use Amazon S3 event notifications to notify
+// you when a restore is initiated or completed. For more information, see Configuring
+// Amazon S3 Event Notifications (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html)
+// in the Amazon S3 User Guide.
+//
+// After restoring an archived object, you can update the restoration period
+// by reissuing the request with a new period. Amazon S3 updates the restoration
+// period relative to the current time and charges only for the request-there
+// are no data transfer charges. You cannot update the restoration period when
+// Amazon S3 is actively processing your current restore request for the object.
+//
+// If your bucket has a lifecycle configuration with a rule that includes an
+// expiration action, the object expiration overrides the life span that you
+// specify in a restore request. For example, if you restore an object copy
+// for 10 days, but the object is scheduled to expire in 3 days, Amazon S3 deletes
+// the object in 3 days. For more information about lifecycle configuration,
+// see PutBucketLifecycleConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycleConfiguration.html)
+// and Object Lifecycle Management (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html)
+// in Amazon S3 User Guide.
+//
+// # Responses
+//
+// A successful action returns either the 200 OK or 202 Accepted status code.
+//
+//   - If the object is not previously restored, then Amazon S3 returns 202
+//     Accepted in the response.
+//
+//   - If the object is previously restored, Amazon S3 returns 200 OK in the
+//     response.
+//
+//   - Special errors: Code: RestoreAlreadyInProgress Cause: Object restore
+//     is already in progress. (This error does not apply to SELECT type requests.)
+//     HTTP Status Code: 409 Conflict SOAP Fault Code Prefix: Client
+//
+//   - Code: GlacierExpeditedRetrievalNotAvailable Cause: expedited retrievals
+//     are currently not available. Try again later. (Returned if there is insufficient
+//     capacity to process the Expedited request. This error applies only to
+//     Expedited retrievals and not to S3 Standard or Bulk retrievals.) HTTP
+//     Status Code: 503 SOAP Fault Code Prefix: N/A
+//
+// The following operations are related to RestoreObject:
+//
+//   - PutBucketLifecycleConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycleConfiguration.html)
+//
+//   - GetBucketNotificationConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketNotificationConfiguration.html)
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Simple Storage Service's
+// API operation RestoreObject for usage and error information.
+//
+// Returned Error Codes:
+//   - ErrCodeObjectAlreadyInActiveTierError "ObjectAlreadyInActiveTierError"
+//     This action is not allowed against this storage tier.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/RestoreObject
+func (c *S3) RestoreObject(input *RestoreObjectInput) (*RestoreObjectOutput, error) {
+	req, out := c.RestoreObjectRequest(input)
+	return out, req.Send()
+}
+
+// RestoreObjectWithContext is the same as RestoreObject with the addition of
+// the ability to pass a context and additional request options.
+//
+// See RestoreObject for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *S3) RestoreObjectWithContext(ctx aws.Context, input *RestoreObjectInput, opts ...request.Option) (*RestoreObjectOutput, error) {
+	req, out := c.RestoreObjectRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+const opSelectObjectContent = "SelectObjectContent"
+
+// SelectObjectContentRequest generates a "aws/request.Request" representing the
+// client's request for the SelectObjectContent operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See SelectObjectContent for more information on using the SelectObjectContent
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//	// Example sending a request using the SelectObjectContentRequest method.
+//	req, resp := client.SelectObjectContentRequest(params)
+//
+//	err := req.Send()
+//	if err == nil { // resp is now filled
+//	    fmt.Println(resp)
+//	}
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/SelectObjectContent
+func (c *S3) SelectObjectContentRequest(input *SelectObjectContentInput) (req *request.Request, output *SelectObjectContentOutput) {
+	op := &request.Operation{
+		Name:       opSelectObjectContent,
+		HTTPMethod: "POST",
+		HTTPPath:   "/{Bucket}/{Key+}?select&select-type=2",
+	}
+
+	if input == nil {
+		input = &SelectObjectContentInput{}
+	}
+
+	output = &SelectObjectContentOutput{}
+	req = c.newRequest(op, input, output)
+
+	es := NewSelectObjectContentEventStream()
+	req.Handlers.Unmarshal.PushBack(es.setStreamCloser)
+	output.EventStream = es
+
+	req.Handlers.Send.Swap(client.LogHTTPResponseHandler.Name, client.LogHTTPResponseHeaderHandler)
+	req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, rest.UnmarshalHandler)
+	req.Handlers.Unmarshal.PushBack(es.runOutputStream)
+	req.Handlers.Unmarshal.PushBack(es.runOnStreamPartClose)
+	return
+}
+
+// SelectObjectContent API operation for Amazon Simple Storage Service.
+//
+// This action filters the contents of an Amazon S3 object based on a simple
+// structured query language (SQL) statement. In the request, along with the
+// SQL expression, you must also specify a data serialization format (JSON,
+// CSV, or Apache Parquet) of the object. Amazon S3 uses this format to parse
+// object data into records, and returns only records that match the specified
+// SQL expression. You must also specify the data serialization format for the
+// response.
+//
+// This action is not supported by Amazon S3 on Outposts.
+//
+// For more information about Amazon S3 Select, see Selecting Content from Objects
+// (https://docs.aws.amazon.com/AmazonS3/latest/dev/selecting-content-from-objects.html)
+// and SELECT Command (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-glacier-select-sql-reference-select.html)
+// in the Amazon S3 User Guide.
+//
+// # Permissions
+//
+// You must have s3:GetObject permission for this operation. Amazon S3 Select
+// does not support anonymous access. For more information about permissions,
+// see Specifying Permissions in a Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html)
+// in the Amazon S3 User Guide.
+//
+// # Object Data Formats
+//
+// You can use Amazon S3 Select to query objects that have the following format
+// properties:
+//
+//   - CSV, JSON, and Parquet - Objects must be in CSV, JSON, or Parquet format.
+//
+//   - UTF-8 - UTF-8 is the only encoding type Amazon S3 Select supports.
+//
+//   - GZIP or BZIP2 - CSV and JSON files can be compressed using GZIP or BZIP2.
+//     GZIP and BZIP2 are the only compression formats that Amazon S3 Select
+//     supports for CSV and JSON files. Amazon S3 Select supports columnar compression
+//     for Parquet using GZIP or Snappy. Amazon S3 Select does not support whole-object
+//     compression for Parquet objects.
+//
+//   - Server-side encryption - Amazon S3 Select supports querying objects
+//     that are protected with server-side encryption. For objects that are encrypted
+//     with customer-provided encryption keys (SSE-C), you must use HTTPS, and
+//     you must use the headers that are documented in the GetObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html).
+//     For more information about SSE-C, see Server-Side Encryption (Using Customer-Provided
+//     Encryption Keys) (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html)
+//     in the Amazon S3 User Guide. For objects that are encrypted with Amazon
+//     S3 managed keys (SSE-S3) and Amazon Web Services KMS keys (SSE-KMS), server-side
+//     encryption is handled transparently, so you don't need to specify anything.
+//     For more information about server-side encryption, including SSE-S3 and
+//     SSE-KMS, see Protecting Data Using Server-Side Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html)
+//     in the Amazon S3 User Guide.
+//
+// # Working with the Response Body
+//
+// Given the response size is unknown, Amazon S3 Select streams the response
+// as a series of messages and includes a Transfer-Encoding header with chunked
+// as its value in the response. For more information, see Appendix: SelectObjectContent
+// Response (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTSelectObjectAppendix.html).
+//
+// # GetObject Support
+//
+// The SelectObjectContent action does not support the following GetObject functionality.
+// For more information, see GetObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html).
+//
+//   - Range: Although you can specify a scan range for an Amazon S3 Select
+//     request (see SelectObjectContentRequest - ScanRange (https://docs.aws.amazon.com/AmazonS3/latest/API/API_SelectObjectContent.html#AmazonS3-SelectObjectContent-request-ScanRange)
+//     in the request parameters), you cannot specify the range of bytes of an
+//     object to return.
+//
+//   - The GLACIER, DEEP_ARCHIVE, and REDUCED_REDUNDANCY storage classes, or
+//     the ARCHIVE_ACCESS and DEEP_ARCHIVE_ACCESS access tiers of the INTELLIGENT_TIERING
+//     storage class: You cannot query objects in the GLACIER, DEEP_ARCHIVE,
+//     or REDUCED_REDUNDANCY storage classes, nor objects in the ARCHIVE_ACCESS
+//     or DEEP_ARCHIVE_ACCESS access tiers of the INTELLIGENT_TIERING storage
+//     class. For more information about storage classes, see Using Amazon S3
+//     storage classes (https://docs.aws.amazon.com/AmazonS3/latest/userguide/storage-class-intro.html)
+//     in the Amazon S3 User Guide.
+//
+// # Special Errors
+//
+// For a list of special errors for this operation, see List of SELECT Object
+// Content Error Codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#SelectObjectContentErrorCodeList)
+//
+// The following operations are related to SelectObjectContent:
+//
+//   - GetObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html)
+//
+//   - GetBucketLifecycleConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketLifecycleConfiguration.html)
+//
+//   - PutBucketLifecycleConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycleConfiguration.html)
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Simple Storage Service's
+// API operation SelectObjectContent for usage and error information.
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/SelectObjectContent
+func (c *S3) SelectObjectContent(input *SelectObjectContentInput) (*SelectObjectContentOutput, error) {
+	req, out := c.SelectObjectContentRequest(input)
+	return out, req.Send()
+}
+
+// SelectObjectContentWithContext is the same as SelectObjectContent with the addition of
+// the ability to pass a context and additional request options.
+//
+// See SelectObjectContent for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *S3) SelectObjectContentWithContext(ctx aws.Context, input *SelectObjectContentInput, opts ...request.Option) (*SelectObjectContentOutput, error) {
+	req, out := c.SelectObjectContentRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+var _ awserr.Error
+
+// SelectObjectContentEventStream provides the event stream handling for the SelectObjectContent.
+//
+// For testing and mocking the event stream this type should be initialized via
+// the NewSelectObjectContentEventStream constructor function. Using the functional options
+// to pass in nested mock behavior.
+type SelectObjectContentEventStream struct {
+
+	// Reader is the EventStream reader for the SelectObjectContentEventStream
+	// events. This value is automatically set by the SDK when the API call is made
+	// Use this member when unit testing your code with the SDK to mock out the
+	// EventStream Reader.
+	//
+	// Must not be nil.
+	Reader SelectObjectContentEventStreamReader
+
+	outputReader io.ReadCloser
+
+	// StreamCloser is the io.Closer for the EventStream connection. For HTTP
+	// EventStream this is the response Body. The stream will be closed when
+	// the Close method of the EventStream is called.
+	StreamCloser io.Closer
+
+	done      chan struct{}
+	closeOnce sync.Once
+	err       *eventstreamapi.OnceError
+}
+
+// NewSelectObjectContentEventStream initializes an SelectObjectContentEventStream.
+// This function should only be used for testing and mocking the SelectObjectContentEventStream
+// stream within your application.
+//
+// The Reader member must be set before reading events from the stream.
+//
+// The StreamCloser member should be set to the underlying io.Closer,
+// (e.g. http.Response.Body), that will be closed when the stream Close method
+// is called.
+//
+//	es := NewSelectObjectContentEventStream(func(o *SelectObjectContentEventStream){
+//	    es.Reader = myMockStreamReader
+//	    es.StreamCloser = myMockStreamCloser
+//	})
+func NewSelectObjectContentEventStream(opts ...func(*SelectObjectContentEventStream)) *SelectObjectContentEventStream {
+	es := &SelectObjectContentEventStream{
+		done: make(chan struct{}),
+		err:  eventstreamapi.NewOnceError(),
+	}
+
+	for _, fn := range opts {
+		fn(es)
+	}
+
+	return es
+}
+
+func (es *SelectObjectContentEventStream) setStreamCloser(r *request.Request) {
+	es.StreamCloser = r.HTTPResponse.Body
+}
+
+func (es *SelectObjectContentEventStream) runOnStreamPartClose(r *request.Request) {
+	if es.done == nil {
+		return
+	}
+	go es.waitStreamPartClose()
+
+}
+
+func (es *SelectObjectContentEventStream) waitStreamPartClose() {
+	var outputErrCh <-chan struct{}
+	if v, ok := es.Reader.(interface{ ErrorSet() <-chan struct{} }); ok {
+		outputErrCh = v.ErrorSet()
+	}
+	var outputClosedCh <-chan struct{}
+	if v, ok := es.Reader.(interface{ Closed() <-chan struct{} }); ok {
+		outputClosedCh = v.Closed()
+	}
+
+	select {
+	case <-es.done:
+	case <-outputErrCh:
+		es.err.SetError(es.Reader.Err())
+		es.Close()
+	case <-outputClosedCh:
+		if err := es.Reader.Err(); err != nil {
+			es.err.SetError(es.Reader.Err())
+		}
+		es.Close()
+	}
+}
+
+// Events returns a channel to read events from.
+//
+// These events are:
+//
+//   - ContinuationEvent
+//   - EndEvent
+//   - ProgressEvent
+//   - RecordsEvent
+//   - StatsEvent
+//   - SelectObjectContentEventStreamUnknownEvent
+func (es *SelectObjectContentEventStream) Events() <-chan SelectObjectContentEventStreamEvent {
+	return es.Reader.Events()
+}
+
+func (es *SelectObjectContentEventStream) runOutputStream(r *request.Request) {
+	var opts []func(*eventstream.Decoder)
+	if r.Config.Logger != nil && r.Config.LogLevel.Matches(aws.LogDebugWithEventStreamBody) {
+		opts = append(opts, eventstream.DecodeWithLogger(r.Config.Logger))
+	}
+
+	unmarshalerForEvent := unmarshalerForSelectObjectContentEventStreamEvent{
+		metadata: protocol.ResponseMetadata{
+			StatusCode: r.HTTPResponse.StatusCode,
+			RequestID:  r.RequestID,
+		},
+	}.UnmarshalerForEventName
+
+	decoder := eventstream.NewDecoder(r.HTTPResponse.Body, opts...)
+	eventReader := eventstreamapi.NewEventReader(decoder,
+		protocol.HandlerPayloadUnmarshal{
+			Unmarshalers: r.Handlers.UnmarshalStream,
+		},
+		unmarshalerForEvent,
+	)
+
+	es.outputReader = r.HTTPResponse.Body
+	es.Reader = newReadSelectObjectContentEventStream(eventReader)
+}
+
+// Close closes the stream. This will also cause the stream to be closed.
+// Close must be called when done using the stream API. Not calling Close
+// may result in resource leaks.
+//
+// You can use the closing of the Reader's Events channel to terminate your
+// application's read from the API's stream.
+func (es *SelectObjectContentEventStream) Close() (err error) {
+	es.closeOnce.Do(es.safeClose)
+	return es.Err()
+}
+
+func (es *SelectObjectContentEventStream) safeClose() {
+	if es.done != nil {
+		close(es.done)
+	}
+
+	es.Reader.Close()
+	if es.outputReader != nil {
+		es.outputReader.Close()
+	}
+
+	es.StreamCloser.Close()
+}
+
+// Err returns any error that occurred while reading or writing EventStream
+// Events from the service API's response. Returns nil if there were no errors.
+func (es *SelectObjectContentEventStream) Err() error {
+	if err := es.err.Err(); err != nil {
+		return err
+	}
+	if err := es.Reader.Err(); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+const opUploadPart = "UploadPart"
+
+// UploadPartRequest generates a "aws/request.Request" representing the
+// client's request for the UploadPart operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See UploadPart for more information on using the UploadPart
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//	// Example sending a request using the UploadPartRequest method.
+//	req, resp := client.UploadPartRequest(params)
+//
+//	err := req.Send()
+//	if err == nil { // resp is now filled
+//	    fmt.Println(resp)
+//	}
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/UploadPart
+func (c *S3) UploadPartRequest(input *UploadPartInput) (req *request.Request, output *UploadPartOutput) {
+	op := &request.Operation{
+		Name:       opUploadPart,
+		HTTPMethod: "PUT",
+		HTTPPath:   "/{Bucket}/{Key+}",
+	}
+
+	if input == nil {
+		input = &UploadPartInput{}
+	}
+
+	output = &UploadPartOutput{}
+	req = c.newRequest(op, input, output)
+	return
+}
+
+// UploadPart API operation for Amazon Simple Storage Service.
+//
+// Uploads a part in a multipart upload.
+//
+// In this operation, you provide part data in your request. However, you have
+// an option to specify your existing Amazon S3 object as a data source for
+// the part you are uploading. To upload a part from an existing object, you
+// use the UploadPartCopy (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html)
+// operation.
+//
+// You must initiate a multipart upload (see CreateMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html))
+// before you can upload any part. In response to your initiate request, Amazon
+// S3 returns an upload ID, a unique identifier, that you must include in your
+// upload part request.
+//
+// Part numbers can be any number from 1 to 10,000, inclusive. A part number
+// uniquely identifies a part and also defines its position within the object
+// being created. If you upload a new part using the same part number that was
+// used with a previous part, the previously uploaded part is overwritten.
+//
+// For information about maximum and minimum part sizes and other multipart
+// upload specifications, see Multipart upload limits (https://docs.aws.amazon.com/AmazonS3/latest/userguide/qfacts.html)
+// in the Amazon S3 User Guide.
+//
+// To ensure that data is not corrupted when traversing the network, specify
+// the Content-MD5 header in the upload part request. Amazon S3 checks the part
+// data against the provided MD5 value. If they do not match, Amazon S3 returns
+// an error.
+//
+// If the upload request is signed with Signature Version 4, then Amazon Web
+// Services S3 uses the x-amz-content-sha256 header as a checksum instead of
+// Content-MD5. For more information see Authenticating Requests: Using the
+// Authorization Header (Amazon Web Services Signature Version 4) (https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-auth-using-authorization-header.html).
+//
+// Note: After you initiate multipart upload and upload one or more parts, you
+// must either complete or abort multipart upload in order to stop getting charged
+// for storage of the uploaded parts. Only after you either complete or abort
+// multipart upload, Amazon S3 frees up the parts storage and stops charging
+// you for the parts storage.
+//
+// For more information on multipart uploads, go to Multipart Upload Overview
+// (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html) in the
+// Amazon S3 User Guide .
+//
+// For information on the permissions required to use the multipart upload API,
+// go to Multipart Upload and Permissions (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html)
+// in the Amazon S3 User Guide.
+//
+// Server-side encryption is for data encryption at rest. Amazon S3 encrypts
+// your data as it writes it to disks in its data centers and decrypts it when
+// you access it. You have three mutually exclusive options to protect data
+// using server-side encryption in Amazon S3, depending on how you choose to
+// manage the encryption keys. Specifically, the encryption key options are
+// Amazon S3 managed keys (SSE-S3), Amazon Web Services KMS keys (SSE-KMS),
+// and Customer-Provided Keys (SSE-C). Amazon S3 encrypts data with server-side
+// encryption using Amazon S3 managed keys (SSE-S3) by default. You can optionally
+// tell Amazon S3 to encrypt data at rest using server-side encryption with
+// other key options. The option you use depends on whether you want to use
+// KMS keys (SSE-KMS) or provide your own encryption key (SSE-C). If you choose
+// to provide your own encryption key, the request headers you provide in the
+// request must match the headers you used in the request to initiate the upload
+// by using CreateMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html).
+// For more information, go to Using Server-Side Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html)
+// in the Amazon S3 User Guide.
+//
+// Server-side encryption is supported by the S3 Multipart Upload actions. Unless
+// you are using a customer-provided encryption key (SSE-C), you don't need
+// to specify the encryption parameters in each UploadPart request. Instead,
+// you only need to specify the server-side encryption parameters in the initial
+// Initiate Multipart request. For more information, see CreateMultipartUpload
+// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html).
+//
+// If you requested server-side encryption using a customer-provided encryption
+// key (SSE-C) in your initiate multipart upload request, you must provide identical
+// encryption information in each part upload using the following headers.
+//
+//   - x-amz-server-side-encryption-customer-algorithm
+//
+//   - x-amz-server-side-encryption-customer-key
+//
+//   - x-amz-server-side-encryption-customer-key-MD5
+//
+// UploadPart has the following special errors:
+//
+//   - Code: NoSuchUpload Cause: The specified multipart upload does not exist.
+//     The upload ID might be invalid, or the multipart upload might have been
+//     aborted or completed. HTTP Status Code: 404 Not Found SOAP Fault Code
+//     Prefix: Client
+//
+// The following operations are related to UploadPart:
+//
+//   - CreateMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html)
+//
+//   - CompleteMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CompleteMultipartUpload.html)
+//
+//   - AbortMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_AbortMultipartUpload.html)
+//
+//   - ListParts (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListParts.html)
+//
+//   - ListMultipartUploads (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListMultipartUploads.html)
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Simple Storage Service's
+// API operation UploadPart for usage and error information.
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/UploadPart
+func (c *S3) UploadPart(input *UploadPartInput) (*UploadPartOutput, error) {
+	req, out := c.UploadPartRequest(input)
+	return out, req.Send()
+}
+
+// UploadPartWithContext is the same as UploadPart with the addition of
+// the ability to pass a context and additional request options.
+//
+// See UploadPart for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *S3) UploadPartWithContext(ctx aws.Context, input *UploadPartInput, opts ...request.Option) (*UploadPartOutput, error) {
+	req, out := c.UploadPartRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+const opUploadPartCopy = "UploadPartCopy"
+
+// UploadPartCopyRequest generates a "aws/request.Request" representing the
+// client's request for the UploadPartCopy operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See UploadPartCopy for more information on using the UploadPartCopy
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//	// Example sending a request using the UploadPartCopyRequest method.
+//	req, resp := client.UploadPartCopyRequest(params)
+//
+//	err := req.Send()
+//	if err == nil { // resp is now filled
+//	    fmt.Println(resp)
+//	}
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/UploadPartCopy
+func (c *S3) UploadPartCopyRequest(input *UploadPartCopyInput) (req *request.Request, output *UploadPartCopyOutput) {
+	op := &request.Operation{
+		Name:       opUploadPartCopy,
+		HTTPMethod: "PUT",
+		HTTPPath:   "/{Bucket}/{Key+}",
+	}
+
+	if input == nil {
+		input = &UploadPartCopyInput{}
+	}
+
+	output = &UploadPartCopyOutput{}
+	req = c.newRequest(op, input, output)
+	return
+}
+
+// UploadPartCopy API operation for Amazon Simple Storage Service.
+//
+// Uploads a part by copying data from an existing object as data source. You
+// specify the data source by adding the request header x-amz-copy-source in
+// your request and a byte range by adding the request header x-amz-copy-source-range
+// in your request.
+//
+// For information about maximum and minimum part sizes and other multipart
+// upload specifications, see Multipart upload limits (https://docs.aws.amazon.com/AmazonS3/latest/userguide/qfacts.html)
+// in the Amazon S3 User Guide.
+//
+// Instead of using an existing object as part data, you might use the UploadPart
+// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html) action
+// and provide data in your request.
+//
+// You must initiate a multipart upload before you can upload any part. In response
+// to your initiate request. Amazon S3 returns a unique identifier, the upload
+// ID, that you must include in your upload part request.
+//
+// For more information about using the UploadPartCopy operation, see the following:
+//
+//   - For conceptual information about multipart uploads, see Uploading Objects
+//     Using Multipart Upload (https://docs.aws.amazon.com/AmazonS3/latest/dev/uploadobjusingmpu.html)
+//     in the Amazon S3 User Guide.
+//
+//   - For information about permissions required to use the multipart upload
+//     API, see Multipart Upload and Permissions (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html)
+//     in the Amazon S3 User Guide.
+//
+//   - For information about copying objects using a single atomic action vs.
+//     a multipart upload, see Operations on Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectOperations.html)
+//     in the Amazon S3 User Guide.
+//
+//   - For information about using server-side encryption with customer-provided
+//     encryption keys with the UploadPartCopy operation, see CopyObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html)
+//     and UploadPart (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html).
+//
+// Note the following additional considerations about the request headers x-amz-copy-source-if-match,
+// x-amz-copy-source-if-none-match, x-amz-copy-source-if-unmodified-since, and
+// x-amz-copy-source-if-modified-since:
+//
+//   - Consideration 1 - If both of the x-amz-copy-source-if-match and x-amz-copy-source-if-unmodified-since
+//     headers are present in the request as follows: x-amz-copy-source-if-match
+//     condition evaluates to true, and; x-amz-copy-source-if-unmodified-since
+//     condition evaluates to false; Amazon S3 returns 200 OK and copies the
+//     data.
+//
+//   - Consideration 2 - If both of the x-amz-copy-source-if-none-match and
+//     x-amz-copy-source-if-modified-since headers are present in the request
+//     as follows: x-amz-copy-source-if-none-match condition evaluates to false,
+//     and; x-amz-copy-source-if-modified-since condition evaluates to true;
+//     Amazon S3 returns 412 Precondition Failed response code.
+//
+// # Versioning
+//
+// If your bucket has versioning enabled, you could have multiple versions of
+// the same object. By default, x-amz-copy-source identifies the current version
+// of the object to copy. If the current version is a delete marker and you
+// don't specify a versionId in the x-amz-copy-source, Amazon S3 returns a 404
+// error, because the object does not exist. If you specify versionId in the
+// x-amz-copy-source and the versionId is a delete marker, Amazon S3 returns
+// an HTTP 400 error, because you are not allowed to specify a delete marker
+// as a version for the x-amz-copy-source.
+//
+// You can optionally specify a specific version of the source object to copy
+// by adding the versionId subresource as shown in the following example:
+//
+// x-amz-copy-source: /bucket/object?versionId=version id
+//
+// Special errors
+//
+//   - Code: NoSuchUpload Cause: The specified multipart upload does not exist.
+//     The upload ID might be invalid, or the multipart upload might have been
+//     aborted or completed. HTTP Status Code: 404 Not Found
+//
+//   - Code: InvalidRequest Cause: The specified copy source is not supported
+//     as a byte-range copy source. HTTP Status Code: 400 Bad Request
+//
+// The following operations are related to UploadPartCopy:
+//
+//   - CreateMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html)
+//
+//   - UploadPart (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html)
+//
+//   - CompleteMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CompleteMultipartUpload.html)
+//
+//   - AbortMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_AbortMultipartUpload.html)
+//
+//   - ListParts (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListParts.html)
+//
+//   - ListMultipartUploads (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListMultipartUploads.html)
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Simple Storage Service's
+// API operation UploadPartCopy for usage and error information.
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/UploadPartCopy
+func (c *S3) UploadPartCopy(input *UploadPartCopyInput) (*UploadPartCopyOutput, error) {
+	req, out := c.UploadPartCopyRequest(input)
+	return out, req.Send()
+}
+
+// UploadPartCopyWithContext is the same as UploadPartCopy with the addition of
+// the ability to pass a context and additional request options.
+//
+// See UploadPartCopy for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *S3) UploadPartCopyWithContext(ctx aws.Context, input *UploadPartCopyInput, opts ...request.Option) (*UploadPartCopyOutput, error) {
+	req, out := c.UploadPartCopyRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+const opWriteGetObjectResponse = "WriteGetObjectResponse"
+
+// WriteGetObjectResponseRequest generates a "aws/request.Request" representing the
+// client's request for the WriteGetObjectResponse operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See WriteGetObjectResponse for more information on using the WriteGetObjectResponse
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//	// Example sending a request using the WriteGetObjectResponseRequest method.
+//	req, resp := client.WriteGetObjectResponseRequest(params)
+//
+//	err := req.Send()
+//	if err == nil { // resp is now filled
+//	    fmt.Println(resp)
+//	}
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/WriteGetObjectResponse
+func (c *S3) WriteGetObjectResponseRequest(input *WriteGetObjectResponseInput) (req *request.Request, output *WriteGetObjectResponseOutput) {
+	op := &request.Operation{
+		Name:       opWriteGetObjectResponse,
+		HTTPMethod: "POST",
+		HTTPPath:   "/WriteGetObjectResponse",
+	}
+
+	if input == nil {
+		input = &WriteGetObjectResponseInput{}
+	}
+
+	output = &WriteGetObjectResponseOutput{}
+	req = c.newRequest(op, input, output)
+	req.Handlers.Sign.Remove(v4.SignRequestHandler)
+	handler := v4.BuildNamedHandler("v4.CustomSignerHandler", v4.WithUnsignedPayload)
+	req.Handlers.Sign.PushFrontNamed(handler)
+	req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
+	req.Handlers.Build.PushBackNamed(protocol.NewHostPrefixHandler("{RequestRoute}.", input.hostLabels))
+	req.Handlers.Build.PushBackNamed(protocol.ValidateEndpointHostHandler)
+	return
+}
+
+// WriteGetObjectResponse API operation for Amazon Simple Storage Service.
+//
+// Passes transformed objects to a GetObject operation when using Object Lambda
+// access points. For information about Object Lambda access points, see Transforming
+// objects with Object Lambda access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/transforming-objects.html)
+// in the Amazon S3 User Guide.
+//
+// This operation supports metadata that can be returned by GetObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html),
+// in addition to RequestRoute, RequestToken, StatusCode, ErrorCode, and ErrorMessage.
+// The GetObject response metadata is supported so that the WriteGetObjectResponse
+// caller, typically an Lambda function, can provide the same metadata when
+// it internally invokes GetObject. When WriteGetObjectResponse is called by
+// a customer-owned Lambda function, the metadata returned to the end user GetObject
+// call might differ from what Amazon S3 would normally return.
+//
+// You can include any number of metadata headers. When including a metadata
+// header, it should be prefaced with x-amz-meta. For example, x-amz-meta-my-custom-header:
+// MyCustomValue. The primary use case for this is to forward GetObject metadata.
+//
+// Amazon Web Services provides some prebuilt Lambda functions that you can
+// use with S3 Object Lambda to detect and redact personally identifiable information
+// (PII) and decompress S3 objects. These Lambda functions are available in
+// the Amazon Web Services Serverless Application Repository, and can be selected
+// through the Amazon Web Services Management Console when you create your Object
+// Lambda access point.
+//
+// Example 1: PII Access Control - This Lambda function uses Amazon Comprehend,
+// a natural language processing (NLP) service using machine learning to find
+// insights and relationships in text. It automatically detects personally identifiable
+// information (PII) such as names, addresses, dates, credit card numbers, and
+// social security numbers from documents in your Amazon S3 bucket.
+//
+// Example 2: PII Redaction - This Lambda function uses Amazon Comprehend, a
+// natural language processing (NLP) service using machine learning to find
+// insights and relationships in text. It automatically redacts personally identifiable
+// information (PII) such as names, addresses, dates, credit card numbers, and
+// social security numbers from documents in your Amazon S3 bucket.
+//
+// Example 3: Decompression - The Lambda function S3ObjectLambdaDecompression,
+// is equipped to decompress objects stored in S3 in one of six compressed file
+// formats including bzip2, gzip, snappy, zlib, zstandard and ZIP.
+//
+// For information on how to view and use these functions, see Using Amazon
+// Web Services built Lambda functions (https://docs.aws.amazon.com/AmazonS3/latest/userguide/olap-examples.html)
+// in the Amazon S3 User Guide.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Simple Storage Service's
+// API operation WriteGetObjectResponse for usage and error information.
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/WriteGetObjectResponse
+func (c *S3) WriteGetObjectResponse(input *WriteGetObjectResponseInput) (*WriteGetObjectResponseOutput, error) {
+	req, out := c.WriteGetObjectResponseRequest(input)
+	return out, req.Send()
+}
+
+// WriteGetObjectResponseWithContext is the same as WriteGetObjectResponse with the addition of
+// the ability to pass a context and additional request options.
+//
+// See WriteGetObjectResponse for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *S3) WriteGetObjectResponseWithContext(ctx aws.Context, input *WriteGetObjectResponseInput, opts ...request.Option) (*WriteGetObjectResponseOutput, error) {
+	req, out := c.WriteGetObjectResponseRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+// Specifies the days since the initiation of an incomplete multipart upload
+// that Amazon S3 will wait before permanently removing all parts of the upload.
+// For more information, see Aborting Incomplete Multipart Uploads Using a Bucket
+// Lifecycle Configuration (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html#mpu-abort-incomplete-mpu-lifecycle-config)
+// in the Amazon S3 User Guide.
+type AbortIncompleteMultipartUpload struct {
+	_ struct{} `type:"structure"`
+
+	// Specifies the number of days after which Amazon S3 aborts an incomplete multipart
+	// upload.
+	DaysAfterInitiation *int64 `type:"integer"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AbortIncompleteMultipartUpload) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AbortIncompleteMultipartUpload) GoString() string {
+	return s.String()
+}
+
+// SetDaysAfterInitiation sets the DaysAfterInitiation field's value.
+func (s *AbortIncompleteMultipartUpload) SetDaysAfterInitiation(v int64) *AbortIncompleteMultipartUpload {
+	s.DaysAfterInitiation = &v
+	return s
+}
+
+type AbortMultipartUploadInput struct {
+	_ struct{} `locationName:"AbortMultipartUploadRequest" type:"structure"`
+
+	// The bucket name to which the upload was taking place.
+	//
+	// When using this action with an access point, you must direct requests to
+	// the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com.
+	// When using this action with an access point through the Amazon Web Services
+	// SDKs, you provide the access point ARN in place of the bucket name. For more
+	// information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
+	// in the Amazon S3 User Guide.
+	//
+	// When you use this action with Amazon S3 on Outposts, you must direct requests
+	// to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form
+	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When
+	// you use this action with S3 on Outposts through the Amazon Web Services SDKs,
+	// you provide the Outposts access point ARN in place of the bucket name. For
+	// more information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
+	// in the Amazon S3 User Guide.
+	//
+	// Bucket is a required field
+	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
+
+	// The account ID of the expected bucket owner. If the bucket is owned by a
+	// different account, the request fails with the HTTP status code 403 Forbidden
+	// (access denied).
+	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
+
+	// Key of the object for which the multipart upload was initiated.
+	//
+	// Key is a required field
+	Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"`
+
+	// Confirms that the requester knows that they will be charged for the request.
+	// Bucket owners need not specify this parameter in their requests. For information
+	// about downloading objects from Requester Pays buckets, see Downloading Objects
+	// in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
+	// in the Amazon S3 User Guide.
+	RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"`
+
+	// Upload ID that identifies the multipart upload.
+	//
+	// UploadId is a required field
+	UploadId *string `location:"querystring" locationName:"uploadId" type:"string" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AbortMultipartUploadInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AbortMultipartUploadInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *AbortMultipartUploadInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "AbortMultipartUploadInput"}
+	if s.Bucket == nil {
+		invalidParams.Add(request.NewErrParamRequired("Bucket"))
+	}
+	if s.Bucket != nil && len(*s.Bucket) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+	}
+	if s.Key == nil {
+		invalidParams.Add(request.NewErrParamRequired("Key"))
+	}
+	if s.Key != nil && len(*s.Key) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Key", 1))
+	}
+	if s.UploadId == nil {
+		invalidParams.Add(request.NewErrParamRequired("UploadId"))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetBucket sets the Bucket field's value.
+func (s *AbortMultipartUploadInput) SetBucket(v string) *AbortMultipartUploadInput {
+	s.Bucket = &v
+	return s
+}
+
+func (s *AbortMultipartUploadInput) getBucket() (v string) {
+	if s.Bucket == nil {
+		return v
+	}
+	return *s.Bucket
+}
+
+// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
+func (s *AbortMultipartUploadInput) SetExpectedBucketOwner(v string) *AbortMultipartUploadInput {
+	s.ExpectedBucketOwner = &v
+	return s
+}
+
+// SetKey sets the Key field's value.
+func (s *AbortMultipartUploadInput) SetKey(v string) *AbortMultipartUploadInput {
+	s.Key = &v
+	return s
+}
+
+// SetRequestPayer sets the RequestPayer field's value.
+func (s *AbortMultipartUploadInput) SetRequestPayer(v string) *AbortMultipartUploadInput {
+	s.RequestPayer = &v
+	return s
+}
+
+// SetUploadId sets the UploadId field's value.
+func (s *AbortMultipartUploadInput) SetUploadId(v string) *AbortMultipartUploadInput {
+	s.UploadId = &v
+	return s
+}
+
+func (s *AbortMultipartUploadInput) getEndpointARN() (arn.Resource, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	return parseEndpointARN(*s.Bucket)
+}
+
+func (s *AbortMultipartUploadInput) hasEndpointARN() bool {
+	if s.Bucket == nil {
+		return false
+	}
+	return arn.IsARN(*s.Bucket)
+}
+
+// updateArnableField updates the value of the input field that
+// takes an ARN as an input. This method is useful to backfill
+// the parsed resource name from ARN into the input member.
+// It returns a pointer to a modified copy of input and an error.
+// Note that original input is not modified.
+func (s AbortMultipartUploadInput) updateArnableField(v string) (interface{}, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	s.Bucket = aws.String(v)
+	return &s, nil
+}
+
+type AbortMultipartUploadOutput struct {
+	_ struct{} `type:"structure"`
+
+	// If present, indicates that the requester was successfully charged for the
+	// request.
+	RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AbortMultipartUploadOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AbortMultipartUploadOutput) GoString() string {
+	return s.String()
+}
+
+// SetRequestCharged sets the RequestCharged field's value.
+func (s *AbortMultipartUploadOutput) SetRequestCharged(v string) *AbortMultipartUploadOutput {
+	s.RequestCharged = &v
+	return s
+}
+
+// Configures the transfer acceleration state for an Amazon S3 bucket. For more
+// information, see Amazon S3 Transfer Acceleration (https://docs.aws.amazon.com/AmazonS3/latest/dev/transfer-acceleration.html)
+// in the Amazon S3 User Guide.
+type AccelerateConfiguration struct {
+	_ struct{} `type:"structure"`
+
+	// Specifies the transfer acceleration status of the bucket.
+	Status *string `type:"string" enum:"BucketAccelerateStatus"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AccelerateConfiguration) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AccelerateConfiguration) GoString() string {
+	return s.String()
+}
+
+// SetStatus sets the Status field's value.
+func (s *AccelerateConfiguration) SetStatus(v string) *AccelerateConfiguration {
+	s.Status = &v
+	return s
+}
+
+// Contains the elements that set the ACL permissions for an object per grantee.
+type AccessControlPolicy struct {
+	_ struct{} `type:"structure"`
+
+	// A list of grants.
+	Grants []*Grant `locationName:"AccessControlList" locationNameList:"Grant" type:"list"`
+
+	// Container for the bucket owner's display name and ID.
+	Owner *Owner `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AccessControlPolicy) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AccessControlPolicy) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *AccessControlPolicy) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "AccessControlPolicy"}
+	if s.Grants != nil {
+		for i, v := range s.Grants {
+			if v == nil {
+				continue
+			}
+			if err := v.Validate(); err != nil {
+				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Grants", i), err.(request.ErrInvalidParams))
+			}
+		}
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetGrants sets the Grants field's value.
+func (s *AccessControlPolicy) SetGrants(v []*Grant) *AccessControlPolicy {
+	s.Grants = v
+	return s
+}
+
+// SetOwner sets the Owner field's value.
+func (s *AccessControlPolicy) SetOwner(v *Owner) *AccessControlPolicy {
+	s.Owner = v
+	return s
+}
+
+// A container for information about access control for replicas.
+type AccessControlTranslation struct {
+	_ struct{} `type:"structure"`
+
+	// Specifies the replica ownership. For default and valid values, see PUT bucket
+	// replication (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTreplication.html)
+	// in the Amazon S3 API Reference.
+	//
+	// Owner is a required field
+	Owner *string `type:"string" required:"true" enum:"OwnerOverride"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AccessControlTranslation) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AccessControlTranslation) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *AccessControlTranslation) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "AccessControlTranslation"}
+	if s.Owner == nil {
+		invalidParams.Add(request.NewErrParamRequired("Owner"))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetOwner sets the Owner field's value.
+func (s *AccessControlTranslation) SetOwner(v string) *AccessControlTranslation {
+	s.Owner = &v
+	return s
+}
+
+// A conjunction (logical AND) of predicates, which is used in evaluating a
+// metrics filter. The operator must have at least two predicates in any combination,
+// and an object must match all of the predicates for the filter to apply.
+type AnalyticsAndOperator struct {
+	_ struct{} `type:"structure"`
+
+	// The prefix to use when evaluating an AND predicate: The prefix that an object
+	// must have to be included in the metrics results.
+	Prefix *string `type:"string"`
+
+	// The list of tags to use when evaluating an AND predicate.
+	Tags []*Tag `locationName:"Tag" locationNameList:"Tag" type:"list" flattened:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AnalyticsAndOperator) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AnalyticsAndOperator) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *AnalyticsAndOperator) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "AnalyticsAndOperator"}
+	if s.Tags != nil {
+		for i, v := range s.Tags {
+			if v == nil {
+				continue
+			}
+			if err := v.Validate(); err != nil {
+				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams))
+			}
+		}
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetPrefix sets the Prefix field's value.
+func (s *AnalyticsAndOperator) SetPrefix(v string) *AnalyticsAndOperator {
+	s.Prefix = &v
+	return s
+}
+
+// SetTags sets the Tags field's value.
+func (s *AnalyticsAndOperator) SetTags(v []*Tag) *AnalyticsAndOperator {
+	s.Tags = v
+	return s
+}
+
+// Specifies the configuration and any analyses for the analytics filter of
+// an Amazon S3 bucket.
+type AnalyticsConfiguration struct {
+	_ struct{} `type:"structure"`
+
+	// The filter used to describe a set of objects for analyses. A filter must
+	// have exactly one prefix, one tag, or one conjunction (AnalyticsAndOperator).
+	// If no filter is provided, all objects will be considered in any analysis.
+	Filter *AnalyticsFilter `type:"structure"`
+
+	// The ID that identifies the analytics configuration.
+	//
+	// Id is a required field
+	Id *string `type:"string" required:"true"`
+
+	// Contains data related to access patterns to be collected and made available
+	// to analyze the tradeoffs between different storage classes.
+	//
+	// StorageClassAnalysis is a required field
+	StorageClassAnalysis *StorageClassAnalysis `type:"structure" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AnalyticsConfiguration) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AnalyticsConfiguration) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *AnalyticsConfiguration) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "AnalyticsConfiguration"}
+	if s.Id == nil {
+		invalidParams.Add(request.NewErrParamRequired("Id"))
+	}
+	if s.StorageClassAnalysis == nil {
+		invalidParams.Add(request.NewErrParamRequired("StorageClassAnalysis"))
+	}
+	if s.Filter != nil {
+		if err := s.Filter.Validate(); err != nil {
+			invalidParams.AddNested("Filter", err.(request.ErrInvalidParams))
+		}
+	}
+	if s.StorageClassAnalysis != nil {
+		if err := s.StorageClassAnalysis.Validate(); err != nil {
+			invalidParams.AddNested("StorageClassAnalysis", err.(request.ErrInvalidParams))
+		}
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetFilter sets the Filter field's value.
+func (s *AnalyticsConfiguration) SetFilter(v *AnalyticsFilter) *AnalyticsConfiguration {
+	s.Filter = v
+	return s
+}
+
+// SetId sets the Id field's value.
+func (s *AnalyticsConfiguration) SetId(v string) *AnalyticsConfiguration {
+	s.Id = &v
+	return s
+}
+
+// SetStorageClassAnalysis sets the StorageClassAnalysis field's value.
+func (s *AnalyticsConfiguration) SetStorageClassAnalysis(v *StorageClassAnalysis) *AnalyticsConfiguration {
+	s.StorageClassAnalysis = v
+	return s
+}
+
+// Where to publish the analytics results.
+type AnalyticsExportDestination struct {
+	_ struct{} `type:"structure"`
+
+	// A destination signifying output to an S3 bucket.
+	//
+	// S3BucketDestination is a required field
+	S3BucketDestination *AnalyticsS3BucketDestination `type:"structure" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AnalyticsExportDestination) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AnalyticsExportDestination) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *AnalyticsExportDestination) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "AnalyticsExportDestination"}
+	if s.S3BucketDestination == nil {
+		invalidParams.Add(request.NewErrParamRequired("S3BucketDestination"))
+	}
+	if s.S3BucketDestination != nil {
+		if err := s.S3BucketDestination.Validate(); err != nil {
+			invalidParams.AddNested("S3BucketDestination", err.(request.ErrInvalidParams))
+		}
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetS3BucketDestination sets the S3BucketDestination field's value.
+func (s *AnalyticsExportDestination) SetS3BucketDestination(v *AnalyticsS3BucketDestination) *AnalyticsExportDestination {
+	s.S3BucketDestination = v
+	return s
+}
+
+// The filter used to describe a set of objects for analyses. A filter must
+// have exactly one prefix, one tag, or one conjunction (AnalyticsAndOperator).
+// If no filter is provided, all objects will be considered in any analysis.
+type AnalyticsFilter struct {
+	_ struct{} `type:"structure"`
+
+	// A conjunction (logical AND) of predicates, which is used in evaluating an
+	// analytics filter. The operator must have at least two predicates.
+	And *AnalyticsAndOperator `type:"structure"`
+
+	// The prefix to use when evaluating an analytics filter.
+	Prefix *string `type:"string"`
+
+	// The tag to use when evaluating an analytics filter.
+	Tag *Tag `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AnalyticsFilter) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AnalyticsFilter) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *AnalyticsFilter) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "AnalyticsFilter"}
+	if s.And != nil {
+		if err := s.And.Validate(); err != nil {
+			invalidParams.AddNested("And", err.(request.ErrInvalidParams))
+		}
+	}
+	if s.Tag != nil {
+		if err := s.Tag.Validate(); err != nil {
+			invalidParams.AddNested("Tag", err.(request.ErrInvalidParams))
+		}
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetAnd sets the And field's value.
+func (s *AnalyticsFilter) SetAnd(v *AnalyticsAndOperator) *AnalyticsFilter {
+	s.And = v
+	return s
+}
+
+// SetPrefix sets the Prefix field's value.
+func (s *AnalyticsFilter) SetPrefix(v string) *AnalyticsFilter {
+	s.Prefix = &v
+	return s
+}
+
+// SetTag sets the Tag field's value.
+func (s *AnalyticsFilter) SetTag(v *Tag) *AnalyticsFilter {
+	s.Tag = v
+	return s
+}
+
+// Contains information about where to publish the analytics results.
+type AnalyticsS3BucketDestination struct {
+	_ struct{} `type:"structure"`
+
+	// The Amazon Resource Name (ARN) of the bucket to which data is exported.
+	//
+	// Bucket is a required field
+	Bucket *string `type:"string" required:"true"`
+
+	// The account ID that owns the destination S3 bucket. If no account ID is provided,
+	// the owner is not validated before exporting data.
+	//
+	// Although this value is optional, we strongly recommend that you set it to
+	// help prevent problems if the destination bucket ownership changes.
+	BucketAccountId *string `type:"string"`
+
+	// Specifies the file format used when exporting data to Amazon S3.
+	//
+	// Format is a required field
+	Format *string `type:"string" required:"true" enum:"AnalyticsS3ExportFileFormat"`
+
+	// The prefix to use when exporting data. The prefix is prepended to all results.
+	Prefix *string `type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AnalyticsS3BucketDestination) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AnalyticsS3BucketDestination) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *AnalyticsS3BucketDestination) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "AnalyticsS3BucketDestination"}
+	if s.Bucket == nil {
+		invalidParams.Add(request.NewErrParamRequired("Bucket"))
+	}
+	if s.Format == nil {
+		invalidParams.Add(request.NewErrParamRequired("Format"))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetBucket sets the Bucket field's value.
+func (s *AnalyticsS3BucketDestination) SetBucket(v string) *AnalyticsS3BucketDestination {
+	s.Bucket = &v
+	return s
+}
+
+func (s *AnalyticsS3BucketDestination) getBucket() (v string) {
+	if s.Bucket == nil {
+		return v
+	}
+	return *s.Bucket
+}
+
+// SetBucketAccountId sets the BucketAccountId field's value.
+func (s *AnalyticsS3BucketDestination) SetBucketAccountId(v string) *AnalyticsS3BucketDestination {
+	s.BucketAccountId = &v
+	return s
+}
+
+// SetFormat sets the Format field's value.
+func (s *AnalyticsS3BucketDestination) SetFormat(v string) *AnalyticsS3BucketDestination {
+	s.Format = &v
+	return s
+}
+
+// SetPrefix sets the Prefix field's value.
+func (s *AnalyticsS3BucketDestination) SetPrefix(v string) *AnalyticsS3BucketDestination {
+	s.Prefix = &v
+	return s
+}
+
+// In terms of implementation, a Bucket is a resource. An Amazon S3 bucket name
+// is globally unique, and the namespace is shared by all Amazon Web Services
+// accounts.
+type Bucket struct {
+	_ struct{} `type:"structure"`
+
+	// Date the bucket was created. This date can change when making changes to
+	// your bucket, such as editing its bucket policy.
+	CreationDate *time.Time `type:"timestamp"`
+
+	// The name of the bucket.
+	Name *string `type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s Bucket) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s Bucket) GoString() string {
+	return s.String()
+}
+
+// SetCreationDate sets the CreationDate field's value.
+func (s *Bucket) SetCreationDate(v time.Time) *Bucket {
+	s.CreationDate = &v
+	return s
+}
+
+// SetName sets the Name field's value.
+func (s *Bucket) SetName(v string) *Bucket {
+	s.Name = &v
+	return s
+}
+
+// Specifies the lifecycle configuration for objects in an Amazon S3 bucket.
+// For more information, see Object Lifecycle Management (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html)
+// in the Amazon S3 User Guide.
+type BucketLifecycleConfiguration struct {
+	_ struct{} `type:"structure"`
+
+	// A lifecycle rule for individual objects in an Amazon S3 bucket.
+	//
+	// Rules is a required field
+	Rules []*LifecycleRule `locationName:"Rule" type:"list" flattened:"true" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s BucketLifecycleConfiguration) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s BucketLifecycleConfiguration) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *BucketLifecycleConfiguration) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "BucketLifecycleConfiguration"}
+	if s.Rules == nil {
+		invalidParams.Add(request.NewErrParamRequired("Rules"))
+	}
+	if s.Rules != nil {
+		for i, v := range s.Rules {
+			if v == nil {
+				continue
+			}
+			if err := v.Validate(); err != nil {
+				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Rules", i), err.(request.ErrInvalidParams))
+			}
+		}
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetRules sets the Rules field's value.
+func (s *BucketLifecycleConfiguration) SetRules(v []*LifecycleRule) *BucketLifecycleConfiguration {
+	s.Rules = v
+	return s
+}
+
+// Container for logging status information.
+type BucketLoggingStatus struct {
+	_ struct{} `type:"structure"`
+
+	// Describes where logs are stored and the prefix that Amazon S3 assigns to
+	// all log object keys for a bucket. For more information, see PUT Bucket logging
+	// (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTlogging.html)
+	// in the Amazon S3 API Reference.
+	LoggingEnabled *LoggingEnabled `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s BucketLoggingStatus) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s BucketLoggingStatus) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *BucketLoggingStatus) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "BucketLoggingStatus"}
+	if s.LoggingEnabled != nil {
+		if err := s.LoggingEnabled.Validate(); err != nil {
+			invalidParams.AddNested("LoggingEnabled", err.(request.ErrInvalidParams))
+		}
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetLoggingEnabled sets the LoggingEnabled field's value.
+func (s *BucketLoggingStatus) SetLoggingEnabled(v *LoggingEnabled) *BucketLoggingStatus {
+	s.LoggingEnabled = v
+	return s
+}
+
+// Describes the cross-origin access configuration for objects in an Amazon
+// S3 bucket. For more information, see Enabling Cross-Origin Resource Sharing
+// (https://docs.aws.amazon.com/AmazonS3/latest/dev/cors.html) in the Amazon
+// S3 User Guide.
+type CORSConfiguration struct {
+	_ struct{} `type:"structure"`
+
+	// A set of origins and methods (cross-origin access that you want to allow).
+	// You can add up to 100 rules to the configuration.
+	//
+	// CORSRules is a required field
+	CORSRules []*CORSRule `locationName:"CORSRule" type:"list" flattened:"true" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CORSConfiguration) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CORSConfiguration) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *CORSConfiguration) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "CORSConfiguration"}
+	if s.CORSRules == nil {
+		invalidParams.Add(request.NewErrParamRequired("CORSRules"))
+	}
+	if s.CORSRules != nil {
+		for i, v := range s.CORSRules {
+			if v == nil {
+				continue
+			}
+			if err := v.Validate(); err != nil {
+				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "CORSRules", i), err.(request.ErrInvalidParams))
+			}
+		}
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetCORSRules sets the CORSRules field's value.
+func (s *CORSConfiguration) SetCORSRules(v []*CORSRule) *CORSConfiguration {
+	s.CORSRules = v
+	return s
+}
+
+// Specifies a cross-origin access rule for an Amazon S3 bucket.
+type CORSRule struct {
+	_ struct{} `type:"structure"`
+
+	// Headers that are specified in the Access-Control-Request-Headers header.
+	// These headers are allowed in a preflight OPTIONS request. In response to
+	// any preflight OPTIONS request, Amazon S3 returns any requested headers that
+	// are allowed.
+	AllowedHeaders []*string `locationName:"AllowedHeader" type:"list" flattened:"true"`
+
+	// An HTTP method that you allow the origin to execute. Valid values are GET,
+	// PUT, HEAD, POST, and DELETE.
+	//
+	// AllowedMethods is a required field
+	AllowedMethods []*string `locationName:"AllowedMethod" type:"list" flattened:"true" required:"true"`
+
+	// One or more origins you want customers to be able to access the bucket from.
+	//
+	// AllowedOrigins is a required field
+	AllowedOrigins []*string `locationName:"AllowedOrigin" type:"list" flattened:"true" required:"true"`
+
+	// One or more headers in the response that you want customers to be able to
+	// access from their applications (for example, from a JavaScript XMLHttpRequest
+	// object).
+	ExposeHeaders []*string `locationName:"ExposeHeader" type:"list" flattened:"true"`
+
+	// Unique identifier for the rule. The value cannot be longer than 255 characters.
+	ID *string `type:"string"`
+
+	// The time in seconds that your browser is to cache the preflight response
+	// for the specified resource.
+	MaxAgeSeconds *int64 `type:"integer"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CORSRule) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CORSRule) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *CORSRule) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "CORSRule"}
+	if s.AllowedMethods == nil {
+		invalidParams.Add(request.NewErrParamRequired("AllowedMethods"))
+	}
+	if s.AllowedOrigins == nil {
+		invalidParams.Add(request.NewErrParamRequired("AllowedOrigins"))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetAllowedHeaders sets the AllowedHeaders field's value.
+func (s *CORSRule) SetAllowedHeaders(v []*string) *CORSRule {
+	s.AllowedHeaders = v
+	return s
+}
+
+// SetAllowedMethods sets the AllowedMethods field's value.
+func (s *CORSRule) SetAllowedMethods(v []*string) *CORSRule {
+	s.AllowedMethods = v
+	return s
+}
+
+// SetAllowedOrigins sets the AllowedOrigins field's value.
+func (s *CORSRule) SetAllowedOrigins(v []*string) *CORSRule {
+	s.AllowedOrigins = v
+	return s
+}
+
+// SetExposeHeaders sets the ExposeHeaders field's value.
+func (s *CORSRule) SetExposeHeaders(v []*string) *CORSRule {
+	s.ExposeHeaders = v
+	return s
+}
+
+// SetID sets the ID field's value.
+func (s *CORSRule) SetID(v string) *CORSRule {
+	s.ID = &v
+	return s
+}
+
+// SetMaxAgeSeconds sets the MaxAgeSeconds field's value.
+func (s *CORSRule) SetMaxAgeSeconds(v int64) *CORSRule {
+	s.MaxAgeSeconds = &v
+	return s
+}
+
+// Describes how an uncompressed comma-separated values (CSV)-formatted input
+// object is formatted.
+type CSVInput struct {
+	_ struct{} `type:"structure"`
+
+	// Specifies that CSV field values may contain quoted record delimiters and
+	// such records should be allowed. Default value is FALSE. Setting this value
+	// to TRUE may lower performance.
+	AllowQuotedRecordDelimiter *bool `type:"boolean"`
+
+	// A single character used to indicate that a row should be ignored when the
+	// character is present at the start of that row. You can specify any character
+	// to indicate a comment line. The default character is #.
+	//
+	// Default: #
+	Comments *string `type:"string"`
+
+	// A single character used to separate individual fields in a record. You can
+	// specify an arbitrary delimiter.
+	FieldDelimiter *string `type:"string"`
+
+	// Describes the first line of input. Valid values are:
+	//
+	//    * NONE: First line is not a header.
+	//
+	//    * IGNORE: First line is a header, but you can't use the header values
+	//    to indicate the column in an expression. You can use column position (such
+	//    as _1, _2, …) to indicate the column (SELECT s._1 FROM OBJECT s).
+	//
+	//    * Use: First line is a header, and you can use the header value to identify
+	//    a column in an expression (SELECT "name" FROM OBJECT).
+	FileHeaderInfo *string `type:"string" enum:"FileHeaderInfo"`
+
+	// A single character used for escaping when the field delimiter is part of
+	// the value. For example, if the value is a, b, Amazon S3 wraps this field
+	// value in quotation marks, as follows: " a , b ".
+	//
+	// Type: String
+	//
+	// Default: "
+	//
+	// Ancestors: CSV
+	QuoteCharacter *string `type:"string"`
+
+	// A single character used for escaping the quotation mark character inside
+	// an already escaped value. For example, the value """ a , b """ is parsed
+	// as " a , b ".
+	QuoteEscapeCharacter *string `type:"string"`
+
+	// A single character used to separate individual records in the input. Instead
+	// of the default value, you can specify an arbitrary delimiter.
+	RecordDelimiter *string `type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CSVInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CSVInput) GoString() string {
+	return s.String()
+}
+
+// SetAllowQuotedRecordDelimiter sets the AllowQuotedRecordDelimiter field's value.
+func (s *CSVInput) SetAllowQuotedRecordDelimiter(v bool) *CSVInput {
+	s.AllowQuotedRecordDelimiter = &v
+	return s
+}
+
+// SetComments sets the Comments field's value.
+func (s *CSVInput) SetComments(v string) *CSVInput {
+	s.Comments = &v
+	return s
+}
+
+// SetFieldDelimiter sets the FieldDelimiter field's value.
+func (s *CSVInput) SetFieldDelimiter(v string) *CSVInput {
+	s.FieldDelimiter = &v
+	return s
+}
+
+// SetFileHeaderInfo sets the FileHeaderInfo field's value.
+func (s *CSVInput) SetFileHeaderInfo(v string) *CSVInput {
+	s.FileHeaderInfo = &v
+	return s
+}
+
+// SetQuoteCharacter sets the QuoteCharacter field's value.
+func (s *CSVInput) SetQuoteCharacter(v string) *CSVInput {
+	s.QuoteCharacter = &v
+	return s
+}
+
+// SetQuoteEscapeCharacter sets the QuoteEscapeCharacter field's value.
+func (s *CSVInput) SetQuoteEscapeCharacter(v string) *CSVInput {
+	s.QuoteEscapeCharacter = &v
+	return s
+}
+
+// SetRecordDelimiter sets the RecordDelimiter field's value.
+func (s *CSVInput) SetRecordDelimiter(v string) *CSVInput {
+	s.RecordDelimiter = &v
+	return s
+}
+
+// Describes how uncompressed comma-separated values (CSV)-formatted results
+// are formatted.
+type CSVOutput struct {
+	_ struct{} `type:"structure"`
+
+	// The value used to separate individual fields in a record. You can specify
+	// an arbitrary delimiter.
+	FieldDelimiter *string `type:"string"`
+
+	// A single character used for escaping when the field delimiter is part of
+	// the value. For example, if the value is a, b, Amazon S3 wraps this field
+	// value in quotation marks, as follows: " a , b ".
+	QuoteCharacter *string `type:"string"`
+
+	// The single character used for escaping the quote character inside an already
+	// escaped value.
+	QuoteEscapeCharacter *string `type:"string"`
+
+	// Indicates whether to use quotation marks around output fields.
+	//
+	//    * ALWAYS: Always use quotation marks for output fields.
+	//
+	//    * ASNEEDED: Use quotation marks for output fields when needed.
+	QuoteFields *string `type:"string" enum:"QuoteFields"`
+
+	// A single character used to separate individual records in the output. Instead
+	// of the default value, you can specify an arbitrary delimiter.
+	RecordDelimiter *string `type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CSVOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CSVOutput) GoString() string {
+	return s.String()
+}
+
+// SetFieldDelimiter sets the FieldDelimiter field's value.
+func (s *CSVOutput) SetFieldDelimiter(v string) *CSVOutput {
+	s.FieldDelimiter = &v
+	return s
+}
+
+// SetQuoteCharacter sets the QuoteCharacter field's value.
+func (s *CSVOutput) SetQuoteCharacter(v string) *CSVOutput {
+	s.QuoteCharacter = &v
+	return s
+}
+
+// SetQuoteEscapeCharacter sets the QuoteEscapeCharacter field's value.
+func (s *CSVOutput) SetQuoteEscapeCharacter(v string) *CSVOutput {
+	s.QuoteEscapeCharacter = &v
+	return s
+}
+
+// SetQuoteFields sets the QuoteFields field's value.
+func (s *CSVOutput) SetQuoteFields(v string) *CSVOutput {
+	s.QuoteFields = &v
+	return s
+}
+
+// SetRecordDelimiter sets the RecordDelimiter field's value.
+func (s *CSVOutput) SetRecordDelimiter(v string) *CSVOutput {
+	s.RecordDelimiter = &v
+	return s
+}
+
+// Contains all the possible checksum or digest values for an object.
+type Checksum struct {
+	_ struct{} `type:"structure"`
+
+	// The base64-encoded, 32-bit CRC32 checksum of the object. This will only be
+	// present if it was uploaded with the object. With multipart uploads, this
+	// may not be a checksum value of the object. For more information about how
+	// checksums are calculated with multipart uploads, see Checking object integrity
+	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// in the Amazon S3 User Guide.
+	ChecksumCRC32 *string `type:"string"`
+
+	// The base64-encoded, 32-bit CRC32C checksum of the object. This will only
+	// be present if it was uploaded with the object. With multipart uploads, this
+	// may not be a checksum value of the object. For more information about how
+	// checksums are calculated with multipart uploads, see Checking object integrity
+	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// in the Amazon S3 User Guide.
+	ChecksumCRC32C *string `type:"string"`
+
+	// The base64-encoded, 160-bit SHA-1 digest of the object. This will only be
+	// present if it was uploaded with the object. With multipart uploads, this
+	// may not be a checksum value of the object. For more information about how
+	// checksums are calculated with multipart uploads, see Checking object integrity
+	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// in the Amazon S3 User Guide.
+	ChecksumSHA1 *string `type:"string"`
+
+	// The base64-encoded, 256-bit SHA-256 digest of the object. This will only
+	// be present if it was uploaded with the object. With multipart uploads, this
+	// may not be a checksum value of the object. For more information about how
+	// checksums are calculated with multipart uploads, see Checking object integrity
+	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// in the Amazon S3 User Guide.
+	ChecksumSHA256 *string `type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s Checksum) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s Checksum) GoString() string {
+	return s.String()
+}
+
+// SetChecksumCRC32 sets the ChecksumCRC32 field's value.
+func (s *Checksum) SetChecksumCRC32(v string) *Checksum {
+	s.ChecksumCRC32 = &v
+	return s
+}
+
+// SetChecksumCRC32C sets the ChecksumCRC32C field's value.
+func (s *Checksum) SetChecksumCRC32C(v string) *Checksum {
+	s.ChecksumCRC32C = &v
+	return s
+}
+
+// SetChecksumSHA1 sets the ChecksumSHA1 field's value.
+func (s *Checksum) SetChecksumSHA1(v string) *Checksum {
+	s.ChecksumSHA1 = &v
+	return s
+}
+
+// SetChecksumSHA256 sets the ChecksumSHA256 field's value.
+func (s *Checksum) SetChecksumSHA256(v string) *Checksum {
+	s.ChecksumSHA256 = &v
+	return s
+}
+
+// Container for specifying the Lambda notification configuration.
+type CloudFunctionConfiguration struct {
+	_ struct{} `type:"structure"`
+
+	// Lambda cloud function ARN that Amazon S3 can invoke when it detects events
+	// of the specified type.
+	CloudFunction *string `type:"string"`
+
+	// The bucket event for which to send notifications.
+	//
+	// Deprecated: Event has been deprecated
+	Event *string `deprecated:"true" type:"string" enum:"Event"`
+
+	// Bucket events for which to send notifications.
+	Events []*string `locationName:"Event" type:"list" flattened:"true" enum:"Event"`
+
+	// An optional unique identifier for configurations in a notification configuration.
+	// If you don't provide one, Amazon S3 will assign an ID.
+	Id *string `type:"string"`
+
+	// The role supporting the invocation of the Lambda function
+	InvocationRole *string `type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CloudFunctionConfiguration) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CloudFunctionConfiguration) GoString() string {
+	return s.String()
+}
+
+// SetCloudFunction sets the CloudFunction field's value.
+func (s *CloudFunctionConfiguration) SetCloudFunction(v string) *CloudFunctionConfiguration {
+	s.CloudFunction = &v
+	return s
+}
+
+// SetEvent sets the Event field's value.
+func (s *CloudFunctionConfiguration) SetEvent(v string) *CloudFunctionConfiguration {
+	s.Event = &v
+	return s
+}
+
+// SetEvents sets the Events field's value.
+func (s *CloudFunctionConfiguration) SetEvents(v []*string) *CloudFunctionConfiguration {
+	s.Events = v
+	return s
+}
+
+// SetId sets the Id field's value.
+func (s *CloudFunctionConfiguration) SetId(v string) *CloudFunctionConfiguration {
+	s.Id = &v
+	return s
+}
+
+// SetInvocationRole sets the InvocationRole field's value.
+func (s *CloudFunctionConfiguration) SetInvocationRole(v string) *CloudFunctionConfiguration {
+	s.InvocationRole = &v
+	return s
+}
+
+// Container for all (if there are any) keys between Prefix and the next occurrence
+// of the string specified by a delimiter. CommonPrefixes lists keys that act
+// like subdirectories in the directory specified by Prefix. For example, if
+// the prefix is notes/ and the delimiter is a slash (/) as in notes/summer/july,
+// the common prefix is notes/summer/.
+type CommonPrefix struct {
+	_ struct{} `type:"structure"`
+
+	// Container for the specified common prefix.
+	Prefix *string `type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CommonPrefix) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CommonPrefix) GoString() string {
+	return s.String()
+}
+
+// SetPrefix sets the Prefix field's value.
+func (s *CommonPrefix) SetPrefix(v string) *CommonPrefix {
+	s.Prefix = &v
+	return s
+}
+
+type CompleteMultipartUploadInput struct {
+	_ struct{} `locationName:"CompleteMultipartUploadRequest" type:"structure" payload:"MultipartUpload"`
+
+	// Name of the bucket to which the multipart upload was initiated.
+	//
+	// When using this action with an access point, you must direct requests to
+	// the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com.
+	// When using this action with an access point through the Amazon Web Services
+	// SDKs, you provide the access point ARN in place of the bucket name. For more
+	// information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
+	// in the Amazon S3 User Guide.
+	//
+	// When you use this action with Amazon S3 on Outposts, you must direct requests
+	// to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form
+	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When
+	// you use this action with S3 on Outposts through the Amazon Web Services SDKs,
+	// you provide the Outposts access point ARN in place of the bucket name. For
+	// more information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
+	// in the Amazon S3 User Guide.
+	//
+	// Bucket is a required field
+	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
+
+	// This header can be used as a data integrity check to verify that the data
+	// received is the same data that was originally sent. This header specifies
+	// the base64-encoded, 32-bit CRC32 checksum of the object. For more information,
+	// see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// in the Amazon S3 User Guide.
+	ChecksumCRC32 *string `location:"header" locationName:"x-amz-checksum-crc32" type:"string"`
+
+	// This header can be used as a data integrity check to verify that the data
+	// received is the same data that was originally sent. This header specifies
+	// the base64-encoded, 32-bit CRC32C checksum of the object. For more information,
+	// see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// in the Amazon S3 User Guide.
+	ChecksumCRC32C *string `location:"header" locationName:"x-amz-checksum-crc32c" type:"string"`
+
+	// This header can be used as a data integrity check to verify that the data
+	// received is the same data that was originally sent. This header specifies
+	// the base64-encoded, 160-bit SHA-1 digest of the object. For more information,
+	// see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// in the Amazon S3 User Guide.
+	ChecksumSHA1 *string `location:"header" locationName:"x-amz-checksum-sha1" type:"string"`
+
+	// This header can be used as a data integrity check to verify that the data
+	// received is the same data that was originally sent. This header specifies
+	// the base64-encoded, 256-bit SHA-256 digest of the object. For more information,
+	// see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// in the Amazon S3 User Guide.
+	ChecksumSHA256 *string `location:"header" locationName:"x-amz-checksum-sha256" type:"string"`
+
+	// The account ID of the expected bucket owner. If the bucket is owned by a
+	// different account, the request fails with the HTTP status code 403 Forbidden
+	// (access denied).
+	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
+
+	// Object key for which the multipart upload was initiated.
+	//
+	// Key is a required field
+	Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"`
+
+	// The container for the multipart upload request information.
+	MultipartUpload *CompletedMultipartUpload `locationName:"CompleteMultipartUpload" type:"structure" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"`
+
+	// Confirms that the requester knows that they will be charged for the request.
+	// Bucket owners need not specify this parameter in their requests. For information
+	// about downloading objects from Requester Pays buckets, see Downloading Objects
+	// in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
+	// in the Amazon S3 User Guide.
+	RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"`
+
+	// The server-side encryption (SSE) algorithm used to encrypt the object. This
+	// parameter is needed only when the object was created using a checksum algorithm.
+	// For more information, see Protecting data using SSE-C keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html)
+	// in the Amazon S3 User Guide.
+	SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"`
+
+	// The server-side encryption (SSE) customer managed key. This parameter is
+	// needed only when the object was created using a checksum algorithm. For more
+	// information, see Protecting data using SSE-C keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html)
+	// in the Amazon S3 User Guide.
+	//
+	// SSECustomerKey is a sensitive parameter and its value will be
+	// replaced with "sensitive" in string returned by CompleteMultipartUploadInput's
+	// String and GoString methods.
+	SSECustomerKey *string `marshal-as:"blob" location:"header" locationName:"x-amz-server-side-encryption-customer-key" type:"string" sensitive:"true"`
+
+	// The MD5 server-side encryption (SSE) customer managed key. This parameter
+	// is needed only when the object was created using a checksum algorithm. For
+	// more information, see Protecting data using SSE-C keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html)
+	// in the Amazon S3 User Guide.
+	SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"`
+
+	// ID for the initiated multipart upload.
+	//
+	// UploadId is a required field
+	UploadId *string `location:"querystring" locationName:"uploadId" type:"string" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CompleteMultipartUploadInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CompleteMultipartUploadInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *CompleteMultipartUploadInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "CompleteMultipartUploadInput"}
+	if s.Bucket == nil {
+		invalidParams.Add(request.NewErrParamRequired("Bucket"))
+	}
+	if s.Bucket != nil && len(*s.Bucket) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+	}
+	if s.Key == nil {
+		invalidParams.Add(request.NewErrParamRequired("Key"))
+	}
+	if s.Key != nil && len(*s.Key) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Key", 1))
+	}
+	if s.UploadId == nil {
+		invalidParams.Add(request.NewErrParamRequired("UploadId"))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetBucket sets the Bucket field's value.
+func (s *CompleteMultipartUploadInput) SetBucket(v string) *CompleteMultipartUploadInput {
+	s.Bucket = &v
+	return s
+}
+
+func (s *CompleteMultipartUploadInput) getBucket() (v string) {
+	if s.Bucket == nil {
+		return v
+	}
+	return *s.Bucket
+}
+
+// SetChecksumCRC32 sets the ChecksumCRC32 field's value.
+func (s *CompleteMultipartUploadInput) SetChecksumCRC32(v string) *CompleteMultipartUploadInput {
+	s.ChecksumCRC32 = &v
+	return s
+}
+
+// SetChecksumCRC32C sets the ChecksumCRC32C field's value.
+func (s *CompleteMultipartUploadInput) SetChecksumCRC32C(v string) *CompleteMultipartUploadInput {
+	s.ChecksumCRC32C = &v
+	return s
+}
+
+// SetChecksumSHA1 sets the ChecksumSHA1 field's value.
+func (s *CompleteMultipartUploadInput) SetChecksumSHA1(v string) *CompleteMultipartUploadInput {
+	s.ChecksumSHA1 = &v
+	return s
+}
+
+// SetChecksumSHA256 sets the ChecksumSHA256 field's value.
+func (s *CompleteMultipartUploadInput) SetChecksumSHA256(v string) *CompleteMultipartUploadInput {
+	s.ChecksumSHA256 = &v
+	return s
+}
+
+// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
+func (s *CompleteMultipartUploadInput) SetExpectedBucketOwner(v string) *CompleteMultipartUploadInput {
+	s.ExpectedBucketOwner = &v
+	return s
+}
+
+// SetKey sets the Key field's value.
+func (s *CompleteMultipartUploadInput) SetKey(v string) *CompleteMultipartUploadInput {
+	s.Key = &v
+	return s
+}
+
+// SetMultipartUpload sets the MultipartUpload field's value.
+func (s *CompleteMultipartUploadInput) SetMultipartUpload(v *CompletedMultipartUpload) *CompleteMultipartUploadInput {
+	s.MultipartUpload = v
+	return s
+}
+
+// SetRequestPayer sets the RequestPayer field's value.
+func (s *CompleteMultipartUploadInput) SetRequestPayer(v string) *CompleteMultipartUploadInput {
+	s.RequestPayer = &v
+	return s
+}
+
+// SetSSECustomerAlgorithm sets the SSECustomerAlgorithm field's value.
+func (s *CompleteMultipartUploadInput) SetSSECustomerAlgorithm(v string) *CompleteMultipartUploadInput {
+	s.SSECustomerAlgorithm = &v
+	return s
+}
+
+// SetSSECustomerKey sets the SSECustomerKey field's value.
+func (s *CompleteMultipartUploadInput) SetSSECustomerKey(v string) *CompleteMultipartUploadInput {
+	s.SSECustomerKey = &v
+	return s
+}
+
+func (s *CompleteMultipartUploadInput) getSSECustomerKey() (v string) {
+	if s.SSECustomerKey == nil {
+		return v
+	}
+	return *s.SSECustomerKey
+}
+
+// SetSSECustomerKeyMD5 sets the SSECustomerKeyMD5 field's value.
+func (s *CompleteMultipartUploadInput) SetSSECustomerKeyMD5(v string) *CompleteMultipartUploadInput {
+	s.SSECustomerKeyMD5 = &v
+	return s
+}
+
+// SetUploadId sets the UploadId field's value.
+func (s *CompleteMultipartUploadInput) SetUploadId(v string) *CompleteMultipartUploadInput {
+	s.UploadId = &v
+	return s
+}
+
+func (s *CompleteMultipartUploadInput) getEndpointARN() (arn.Resource, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	return parseEndpointARN(*s.Bucket)
+}
+
+func (s *CompleteMultipartUploadInput) hasEndpointARN() bool {
+	if s.Bucket == nil {
+		return false
+	}
+	return arn.IsARN(*s.Bucket)
+}
+
+// updateArnableField updates the value of the input field that
+// takes an ARN as an input. This method is useful to backfill
+// the parsed resource name from ARN into the input member.
+// It returns a pointer to a modified copy of input and an error.
+// Note that original input is not modified.
+func (s CompleteMultipartUploadInput) updateArnableField(v string) (interface{}, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	s.Bucket = aws.String(v)
+	return &s, nil
+}
+
+type CompleteMultipartUploadOutput struct {
+	_ struct{} `type:"structure"`
+
+	// The name of the bucket that contains the newly created object. Does not return
+	// the access point ARN or access point alias if used.
+	//
+	// When using this action with an access point, you must direct requests to
+	// the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com.
+	// When using this action with an access point through the Amazon Web Services
+	// SDKs, you provide the access point ARN in place of the bucket name. For more
+	// information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
+	// in the Amazon S3 User Guide.
+	//
+	// When you use this action with Amazon S3 on Outposts, you must direct requests
+	// to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form
+	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When
+	// you use this action with S3 on Outposts through the Amazon Web Services SDKs,
+	// you provide the Outposts access point ARN in place of the bucket name. For
+	// more information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
+	// in the Amazon S3 User Guide.
+	Bucket *string `type:"string"`
+
+	// Indicates whether the multipart upload uses an S3 Bucket Key for server-side
+	// encryption with Key Management Service (KMS) keys (SSE-KMS).
+	BucketKeyEnabled *bool `location:"header" locationName:"x-amz-server-side-encryption-bucket-key-enabled" type:"boolean"`
+
+	// The base64-encoded, 32-bit CRC32 checksum of the object. This will only be
+	// present if it was uploaded with the object. With multipart uploads, this
+	// may not be a checksum value of the object. For more information about how
+	// checksums are calculated with multipart uploads, see Checking object integrity
+	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// in the Amazon S3 User Guide.
+	ChecksumCRC32 *string `type:"string"`
+
+	// The base64-encoded, 32-bit CRC32C checksum of the object. This will only
+	// be present if it was uploaded with the object. With multipart uploads, this
+	// may not be a checksum value of the object. For more information about how
+	// checksums are calculated with multipart uploads, see Checking object integrity
+	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// in the Amazon S3 User Guide.
+	ChecksumCRC32C *string `type:"string"`
+
+	// The base64-encoded, 160-bit SHA-1 digest of the object. This will only be
+	// present if it was uploaded with the object. With multipart uploads, this
+	// may not be a checksum value of the object. For more information about how
+	// checksums are calculated with multipart uploads, see Checking object integrity
+	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// in the Amazon S3 User Guide.
+	ChecksumSHA1 *string `type:"string"`
+
+	// The base64-encoded, 256-bit SHA-256 digest of the object. This will only
+	// be present if it was uploaded with the object. With multipart uploads, this
+	// may not be a checksum value of the object. For more information about how
+	// checksums are calculated with multipart uploads, see Checking object integrity
+	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// in the Amazon S3 User Guide.
+	ChecksumSHA256 *string `type:"string"`
+
+	// Entity tag that identifies the newly created object's data. Objects with
+	// different object data will have different entity tags. The entity tag is
+	// an opaque string. The entity tag may or may not be an MD5 digest of the object
+	// data. If the entity tag is not an MD5 digest of the object data, it will
+	// contain one or more nonhexadecimal characters and/or will consist of less
+	// than 32 or more than 32 hexadecimal digits. For more information about how
+	// the entity tag is calculated, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// in the Amazon S3 User Guide.
+	ETag *string `type:"string"`
+
+	// If the object expiration is configured, this will contain the expiration
+	// date (expiry-date) and rule ID (rule-id). The value of rule-id is URL-encoded.
+	Expiration *string `location:"header" locationName:"x-amz-expiration" type:"string"`
+
+	// The object key of the newly created object.
+	Key *string `min:"1" type:"string"`
+
+	// The URI that identifies the newly created object.
+	Location *string `type:"string"`
+
+	// If present, indicates that the requester was successfully charged for the
+	// request.
+	RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"`
+
+	// If present, specifies the ID of the Key Management Service (KMS) symmetric
+	// encryption customer managed key that was used for the object.
+	//
+	// SSEKMSKeyId is a sensitive parameter and its value will be
+	// replaced with "sensitive" in string returned by CompleteMultipartUploadOutput's
+	// String and GoString methods.
+	SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"`
+
+	// The server-side encryption algorithm used when storing this object in Amazon
+	// S3 (for example, AES256, aws:kms).
+	ServerSideEncryption *string `location:"header" locationName:"x-amz-server-side-encryption" type:"string" enum:"ServerSideEncryption"`
+
+	// Version ID of the newly created object, in case the bucket has versioning
+	// turned on.
+	VersionId *string `location:"header" locationName:"x-amz-version-id" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CompleteMultipartUploadOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CompleteMultipartUploadOutput) GoString() string {
+	return s.String()
+}
+
+// SetBucket sets the Bucket field's value.
+func (s *CompleteMultipartUploadOutput) SetBucket(v string) *CompleteMultipartUploadOutput {
+	s.Bucket = &v
+	return s
+}
+
+func (s *CompleteMultipartUploadOutput) getBucket() (v string) {
+	if s.Bucket == nil {
+		return v
+	}
+	return *s.Bucket
+}
+
+// SetBucketKeyEnabled sets the BucketKeyEnabled field's value.
+func (s *CompleteMultipartUploadOutput) SetBucketKeyEnabled(v bool) *CompleteMultipartUploadOutput {
+	s.BucketKeyEnabled = &v
+	return s
+}
+
+// SetChecksumCRC32 sets the ChecksumCRC32 field's value.
+func (s *CompleteMultipartUploadOutput) SetChecksumCRC32(v string) *CompleteMultipartUploadOutput {
+	s.ChecksumCRC32 = &v
+	return s
+}
+
+// SetChecksumCRC32C sets the ChecksumCRC32C field's value.
+func (s *CompleteMultipartUploadOutput) SetChecksumCRC32C(v string) *CompleteMultipartUploadOutput {
+	s.ChecksumCRC32C = &v
+	return s
+}
+
+// SetChecksumSHA1 sets the ChecksumSHA1 field's value.
+func (s *CompleteMultipartUploadOutput) SetChecksumSHA1(v string) *CompleteMultipartUploadOutput {
+	s.ChecksumSHA1 = &v
+	return s
+}
+
+// SetChecksumSHA256 sets the ChecksumSHA256 field's value.
+func (s *CompleteMultipartUploadOutput) SetChecksumSHA256(v string) *CompleteMultipartUploadOutput {
+	s.ChecksumSHA256 = &v
+	return s
+}
+
+// SetETag sets the ETag field's value.
+func (s *CompleteMultipartUploadOutput) SetETag(v string) *CompleteMultipartUploadOutput {
+	s.ETag = &v
+	return s
+}
+
+// SetExpiration sets the Expiration field's value.
+func (s *CompleteMultipartUploadOutput) SetExpiration(v string) *CompleteMultipartUploadOutput {
+	s.Expiration = &v
+	return s
+}
+
+// SetKey sets the Key field's value.
+func (s *CompleteMultipartUploadOutput) SetKey(v string) *CompleteMultipartUploadOutput {
+	s.Key = &v
+	return s
+}
+
+// SetLocation sets the Location field's value.
+func (s *CompleteMultipartUploadOutput) SetLocation(v string) *CompleteMultipartUploadOutput {
+	s.Location = &v
+	return s
+}
+
+// SetRequestCharged sets the RequestCharged field's value.
+func (s *CompleteMultipartUploadOutput) SetRequestCharged(v string) *CompleteMultipartUploadOutput {
+	s.RequestCharged = &v
+	return s
+}
+
+// SetSSEKMSKeyId sets the SSEKMSKeyId field's value.
+func (s *CompleteMultipartUploadOutput) SetSSEKMSKeyId(v string) *CompleteMultipartUploadOutput {
+	s.SSEKMSKeyId = &v
+	return s
+}
+
+// SetServerSideEncryption sets the ServerSideEncryption field's value.
+func (s *CompleteMultipartUploadOutput) SetServerSideEncryption(v string) *CompleteMultipartUploadOutput {
+	s.ServerSideEncryption = &v
+	return s
+}
+
+// SetVersionId sets the VersionId field's value.
+func (s *CompleteMultipartUploadOutput) SetVersionId(v string) *CompleteMultipartUploadOutput {
+	s.VersionId = &v
+	return s
+}
+
+// The container for the completed multipart upload details.
+type CompletedMultipartUpload struct {
+	_ struct{} `type:"structure"`
+
+	// Array of CompletedPart data types.
+	//
+	// If you do not supply a valid Part with your request, the service sends back
+	// an HTTP 400 response.
+	Parts []*CompletedPart `locationName:"Part" type:"list" flattened:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CompletedMultipartUpload) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CompletedMultipartUpload) GoString() string {
+	return s.String()
+}
+
+// SetParts sets the Parts field's value.
+func (s *CompletedMultipartUpload) SetParts(v []*CompletedPart) *CompletedMultipartUpload {
+	s.Parts = v
+	return s
+}
+
+// Details of the parts that were uploaded.
+type CompletedPart struct {
+	_ struct{} `type:"structure"`
+
+	// The base64-encoded, 32-bit CRC32 checksum of the object. This will only be
+	// present if it was uploaded with the object. With multipart uploads, this
+	// may not be a checksum value of the object. For more information about how
+	// checksums are calculated with multipart uploads, see Checking object integrity
+	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// in the Amazon S3 User Guide.
+	ChecksumCRC32 *string `type:"string"`
+
+	// The base64-encoded, 32-bit CRC32C checksum of the object. This will only
+	// be present if it was uploaded with the object. With multipart uploads, this
+	// may not be a checksum value of the object. For more information about how
+	// checksums are calculated with multipart uploads, see Checking object integrity
+	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// in the Amazon S3 User Guide.
+	ChecksumCRC32C *string `type:"string"`
+
+	// The base64-encoded, 160-bit SHA-1 digest of the object. This will only be
+	// present if it was uploaded with the object. With multipart uploads, this
+	// may not be a checksum value of the object. For more information about how
+	// checksums are calculated with multipart uploads, see Checking object integrity
+	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// in the Amazon S3 User Guide.
+	ChecksumSHA1 *string `type:"string"`
+
+	// The base64-encoded, 256-bit SHA-256 digest of the object. This will only
+	// be present if it was uploaded with the object. With multipart uploads, this
+	// may not be a checksum value of the object. For more information about how
+	// checksums are calculated with multipart uploads, see Checking object integrity
+	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// in the Amazon S3 User Guide.
+	ChecksumSHA256 *string `type:"string"`
+
+	// Entity tag returned when the part was uploaded.
+	ETag *string `type:"string"`
+
+	// Part number that identifies the part. This is a positive integer between
+	// 1 and 10,000.
+	PartNumber *int64 `type:"integer"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CompletedPart) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CompletedPart) GoString() string {
+	return s.String()
+}
+
+// SetChecksumCRC32 sets the ChecksumCRC32 field's value.
+func (s *CompletedPart) SetChecksumCRC32(v string) *CompletedPart {
+	s.ChecksumCRC32 = &v
+	return s
+}
+
+// SetChecksumCRC32C sets the ChecksumCRC32C field's value.
+func (s *CompletedPart) SetChecksumCRC32C(v string) *CompletedPart {
+	s.ChecksumCRC32C = &v
+	return s
+}
+
+// SetChecksumSHA1 sets the ChecksumSHA1 field's value.
+func (s *CompletedPart) SetChecksumSHA1(v string) *CompletedPart {
+	s.ChecksumSHA1 = &v
+	return s
+}
+
+// SetChecksumSHA256 sets the ChecksumSHA256 field's value.
+func (s *CompletedPart) SetChecksumSHA256(v string) *CompletedPart {
+	s.ChecksumSHA256 = &v
+	return s
+}
+
+// SetETag sets the ETag field's value.
+func (s *CompletedPart) SetETag(v string) *CompletedPart {
+	s.ETag = &v
+	return s
+}
+
+// SetPartNumber sets the PartNumber field's value.
+func (s *CompletedPart) SetPartNumber(v int64) *CompletedPart {
+	s.PartNumber = &v
+	return s
+}
+
+// A container for describing a condition that must be met for the specified
+// redirect to apply. For example, 1. If request is for pages in the /docs folder,
+// redirect to the /documents folder. 2. If request results in HTTP error 4xx,
+// redirect request to another host where you might process the error.
+type Condition struct {
+	_ struct{} `type:"structure"`
+
+	// The HTTP error code when the redirect is applied. In the event of an error,
+	// if the error code equals this value, then the specified redirect is applied.
+	// Required when parent element Condition is specified and sibling KeyPrefixEquals
+	// is not specified. If both are specified, then both must be true for the redirect
+	// to be applied.
+	HttpErrorCodeReturnedEquals *string `type:"string"`
+
+	// The object key name prefix when the redirect is applied. For example, to
+	// redirect requests for ExamplePage.html, the key prefix will be ExamplePage.html.
+	// To redirect request for all pages with the prefix docs/, the key prefix will
+	// be /docs, which identifies all objects in the docs/ folder. Required when
+	// the parent element Condition is specified and sibling HttpErrorCodeReturnedEquals
+	// is not specified. If both conditions are specified, both must be true for
+	// the redirect to be applied.
+	//
+	// Replacement must be made for object keys containing special characters (such
+	// as carriage returns) when using XML requests. For more information, see XML
+	// related object key constraints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints).
+	KeyPrefixEquals *string `type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s Condition) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s Condition) GoString() string {
+	return s.String()
+}
+
+// SetHttpErrorCodeReturnedEquals sets the HttpErrorCodeReturnedEquals field's value.
+func (s *Condition) SetHttpErrorCodeReturnedEquals(v string) *Condition {
+	s.HttpErrorCodeReturnedEquals = &v
+	return s
+}
+
+// SetKeyPrefixEquals sets the KeyPrefixEquals field's value.
+func (s *Condition) SetKeyPrefixEquals(v string) *Condition {
+	s.KeyPrefixEquals = &v
+	return s
+}
+
+type ContinuationEvent struct {
+	_ struct{} `locationName:"ContinuationEvent" type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ContinuationEvent) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ContinuationEvent) GoString() string {
+	return s.String()
+}
+
+// The ContinuationEvent is and event in the SelectObjectContentEventStream group of events.
+func (s *ContinuationEvent) eventSelectObjectContentEventStream() {}
+
+// UnmarshalEvent unmarshals the EventStream Message into the ContinuationEvent value.
+// This method is only used internally within the SDK's EventStream handling.
+func (s *ContinuationEvent) UnmarshalEvent(
+	payloadUnmarshaler protocol.PayloadUnmarshaler,
+	msg eventstream.Message,
+) error {
+	return nil
+}
+
+// MarshalEvent marshals the type into an stream event value. This method
+// should only used internally within the SDK's EventStream handling.
+func (s *ContinuationEvent) MarshalEvent(pm protocol.PayloadMarshaler) (msg eventstream.Message, err error) {
+	msg.Headers.Set(eventstreamapi.MessageTypeHeader, eventstream.StringValue(eventstreamapi.EventMessageType))
+	return msg, err
+}
+
+type CopyObjectInput struct {
+	_ struct{} `locationName:"CopyObjectRequest" type:"structure"`
+
+	// The canned ACL to apply to the object.
+	//
+	// This action is not supported by Amazon S3 on Outposts.
+	ACL *string `location:"header" locationName:"x-amz-acl" type:"string" enum:"ObjectCannedACL"`
+
+	// The name of the destination bucket.
+	//
+	// When using this action with an access point, you must direct requests to
+	// the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com.
+	// When using this action with an access point through the Amazon Web Services
+	// SDKs, you provide the access point ARN in place of the bucket name. For more
+	// information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
+	// in the Amazon S3 User Guide.
+	//
+	// When you use this action with Amazon S3 on Outposts, you must direct requests
+	// to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form
+	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When
+	// you use this action with S3 on Outposts through the Amazon Web Services SDKs,
+	// you provide the Outposts access point ARN in place of the bucket name. For
+	// more information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
+	// in the Amazon S3 User Guide.
+	//
+	// Bucket is a required field
+	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
+
+	// Specifies whether Amazon S3 should use an S3 Bucket Key for object encryption
+	// with server-side encryption using Key Management Service (KMS) keys (SSE-KMS).
+	// Setting this header to true causes Amazon S3 to use an S3 Bucket Key for
+	// object encryption with SSE-KMS.
+	//
+	// Specifying this header with a COPY action doesn’t affect bucket-level settings
+	// for S3 Bucket Key.
+	BucketKeyEnabled *bool `location:"header" locationName:"x-amz-server-side-encryption-bucket-key-enabled" type:"boolean"`
+
+	// Specifies caching behavior along the request/reply chain.
+	CacheControl *string `location:"header" locationName:"Cache-Control" type:"string"`
+
+	// Indicates the algorithm you want Amazon S3 to use to create the checksum
+	// for the object. For more information, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// in the Amazon S3 User Guide.
+	ChecksumAlgorithm *string `location:"header" locationName:"x-amz-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"`
+
+	// Specifies presentational information for the object.
+	ContentDisposition *string `location:"header" locationName:"Content-Disposition" type:"string"`
+
+	// Specifies what content encodings have been applied to the object and thus
+	// what decoding mechanisms must be applied to obtain the media-type referenced
+	// by the Content-Type header field.
+	ContentEncoding *string `location:"header" locationName:"Content-Encoding" type:"string"`
+
+	// The language the content is in.
+	ContentLanguage *string `location:"header" locationName:"Content-Language" type:"string"`
+
+	// A standard MIME type describing the format of the object data.
+	ContentType *string `location:"header" locationName:"Content-Type" type:"string"`
+
+	// Specifies the source object for the copy operation. You specify the value
+	// in one of two formats, depending on whether you want to access the source
+	// object through an access point (https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-points.html):
+	//
+	//    * For objects not accessed through an access point, specify the name of
+	//    the source bucket and the key of the source object, separated by a slash
+	//    (/). For example, to copy the object reports/january.pdf from the bucket
+	//    awsexamplebucket, use awsexamplebucket/reports/january.pdf. The value
+	//    must be URL-encoded.
+	//
+	//    * For objects accessed through access points, specify the Amazon Resource
+	//    Name (ARN) of the object as accessed through the access point, in the
+	//    format arn:aws:s3:<Region>:<account-id>:accesspoint/<access-point-name>/object/<key>.
+	//    For example, to copy the object reports/january.pdf through access point
+	//    my-access-point owned by account 123456789012 in Region us-west-2, use
+	//    the URL encoding of arn:aws:s3:us-west-2:123456789012:accesspoint/my-access-point/object/reports/january.pdf.
+	//    The value must be URL encoded. Amazon S3 supports copy operations using
+	//    access points only when the source and destination buckets are in the
+	//    same Amazon Web Services Region. Alternatively, for objects accessed through
+	//    Amazon S3 on Outposts, specify the ARN of the object as accessed in the
+	//    format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/object/<key>.
+	//    For example, to copy the object reports/january.pdf through outpost my-outpost
+	//    owned by account 123456789012 in Region us-west-2, use the URL encoding
+	//    of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/object/reports/january.pdf.
+	//    The value must be URL-encoded.
+	//
+	// To copy a specific version of an object, append ?versionId=<version-id> to
+	// the value (for example, awsexamplebucket/reports/january.pdf?versionId=QUpfdndhfd8438MNFDN93jdnJFkdmqnh893).
+	// If you don't specify a version ID, Amazon S3 copies the latest version of
+	// the source object.
+	//
+	// CopySource is a required field
+	CopySource *string `location:"header" locationName:"x-amz-copy-source" type:"string" required:"true"`
+
+	// Copies the object if its entity tag (ETag) matches the specified tag.
+	CopySourceIfMatch *string `location:"header" locationName:"x-amz-copy-source-if-match" type:"string"`
+
+	// Copies the object if it has been modified since the specified time.
+	CopySourceIfModifiedSince *time.Time `location:"header" locationName:"x-amz-copy-source-if-modified-since" type:"timestamp"`
+
+	// Copies the object if its entity tag (ETag) is different than the specified
+	// ETag.
+	CopySourceIfNoneMatch *string `location:"header" locationName:"x-amz-copy-source-if-none-match" type:"string"`
+
+	// Copies the object if it hasn't been modified since the specified time.
+	CopySourceIfUnmodifiedSince *time.Time `location:"header" locationName:"x-amz-copy-source-if-unmodified-since" type:"timestamp"`
+
+	// Specifies the algorithm to use when decrypting the source object (for example,
+	// AES256).
+	CopySourceSSECustomerAlgorithm *string `location:"header" locationName:"x-amz-copy-source-server-side-encryption-customer-algorithm" type:"string"`
+
+	// Specifies the customer-provided encryption key for Amazon S3 to use to decrypt
+	// the source object. The encryption key provided in this header must be one
+	// that was used when the source object was created.
+	//
+	// CopySourceSSECustomerKey is a sensitive parameter and its value will be
+	// replaced with "sensitive" in string returned by CopyObjectInput's
+	// String and GoString methods.
+	CopySourceSSECustomerKey *string `marshal-as:"blob" location:"header" locationName:"x-amz-copy-source-server-side-encryption-customer-key" type:"string" sensitive:"true"`
+
+	// Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321.
+	// Amazon S3 uses this header for a message integrity check to ensure that the
+	// encryption key was transmitted without error.
+	CopySourceSSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-copy-source-server-side-encryption-customer-key-MD5" type:"string"`
+
+	// The account ID of the expected destination bucket owner. If the destination
+	// bucket is owned by a different account, the request fails with the HTTP status
+	// code 403 Forbidden (access denied).
+	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
+
+	// The account ID of the expected source bucket owner. If the source bucket
+	// is owned by a different account, the request fails with the HTTP status code
+	// 403 Forbidden (access denied).
+	ExpectedSourceBucketOwner *string `location:"header" locationName:"x-amz-source-expected-bucket-owner" type:"string"`
+
+	// The date and time at which the object is no longer cacheable.
+	Expires *time.Time `location:"header" locationName:"Expires" type:"timestamp"`
+
+	// Gives the grantee READ, READ_ACP, and WRITE_ACP permissions on the object.
+	//
+	// This action is not supported by Amazon S3 on Outposts.
+	GrantFullControl *string `location:"header" locationName:"x-amz-grant-full-control" type:"string"`
+
+	// Allows grantee to read the object data and its metadata.
+	//
+	// This action is not supported by Amazon S3 on Outposts.
+	GrantRead *string `location:"header" locationName:"x-amz-grant-read" type:"string"`
+
+	// Allows grantee to read the object ACL.
+	//
+	// This action is not supported by Amazon S3 on Outposts.
+	GrantReadACP *string `location:"header" locationName:"x-amz-grant-read-acp" type:"string"`
+
+	// Allows grantee to write the ACL for the applicable object.
+	//
+	// This action is not supported by Amazon S3 on Outposts.
+	GrantWriteACP *string `location:"header" locationName:"x-amz-grant-write-acp" type:"string"`
+
+	// The key of the destination object.
+	//
+	// Key is a required field
+	Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"`
+
+	// A map of metadata to store with the object in S3.
+	Metadata map[string]*string `location:"headers" locationName:"x-amz-meta-" type:"map"`
+
+	// Specifies whether the metadata is copied from the source object or replaced
+	// with metadata provided in the request.
+	MetadataDirective *string `location:"header" locationName:"x-amz-metadata-directive" type:"string" enum:"MetadataDirective"`
+
+	// Specifies whether you want to apply a legal hold to the copied object.
+	ObjectLockLegalHoldStatus *string `location:"header" locationName:"x-amz-object-lock-legal-hold" type:"string" enum:"ObjectLockLegalHoldStatus"`
+
+	// The Object Lock mode that you want to apply to the copied object.
+	ObjectLockMode *string `location:"header" locationName:"x-amz-object-lock-mode" type:"string" enum:"ObjectLockMode"`
+
+	// The date and time when you want the copied object's Object Lock to expire.
+	ObjectLockRetainUntilDate *time.Time `location:"header" locationName:"x-amz-object-lock-retain-until-date" type:"timestamp" timestampFormat:"iso8601"`
+
+	// Confirms that the requester knows that they will be charged for the request.
+	// Bucket owners need not specify this parameter in their requests. For information
+	// about downloading objects from Requester Pays buckets, see Downloading Objects
+	// in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
+	// in the Amazon S3 User Guide.
+	RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"`
+
+	// Specifies the algorithm to use to when encrypting the object (for example,
+	// AES256).
+	SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"`
+
+	// Specifies the customer-provided encryption key for Amazon S3 to use in encrypting
+	// data. This value is used to store the object and then it is discarded; Amazon
+	// S3 does not store the encryption key. The key must be appropriate for use
+	// with the algorithm specified in the x-amz-server-side-encryption-customer-algorithm
+	// header.
+	//
+	// SSECustomerKey is a sensitive parameter and its value will be
+	// replaced with "sensitive" in string returned by CopyObjectInput's
+	// String and GoString methods.
+	SSECustomerKey *string `marshal-as:"blob" location:"header" locationName:"x-amz-server-side-encryption-customer-key" type:"string" sensitive:"true"`
+
+	// Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321.
+	// Amazon S3 uses this header for a message integrity check to ensure that the
+	// encryption key was transmitted without error.
+	SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"`
+
+	// Specifies the Amazon Web Services KMS Encryption Context to use for object
+	// encryption. The value of this header is a base64-encoded UTF-8 string holding
+	// JSON with the encryption context key-value pairs.
+	//
+	// SSEKMSEncryptionContext is a sensitive parameter and its value will be
+	// replaced with "sensitive" in string returned by CopyObjectInput's
+	// String and GoString methods.
+	SSEKMSEncryptionContext *string `location:"header" locationName:"x-amz-server-side-encryption-context" type:"string" sensitive:"true"`
+
+	// Specifies the KMS key ID to use for object encryption. All GET and PUT requests
+	// for an object protected by KMS will fail if they're not made via SSL or using
+	// SigV4. For information about configuring any of the officially supported
+	// Amazon Web Services SDKs and Amazon Web Services CLI, see Specifying the
+	// Signature Version in Request Authentication (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingAWSSDK.html#specify-signature-version)
+	// in the Amazon S3 User Guide.
+	//
+	// SSEKMSKeyId is a sensitive parameter and its value will be
+	// replaced with "sensitive" in string returned by CopyObjectInput's
+	// String and GoString methods.
+	SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"`
+
+	// The server-side encryption algorithm used when storing this object in Amazon
+	// S3 (for example, AES256, aws:kms, aws:kms:dsse).
+	ServerSideEncryption *string `location:"header" locationName:"x-amz-server-side-encryption" type:"string" enum:"ServerSideEncryption"`
+
+	// By default, Amazon S3 uses the STANDARD Storage Class to store newly created
+	// objects. The STANDARD storage class provides high durability and high availability.
+	// Depending on performance needs, you can specify a different Storage Class.
+	// Amazon S3 on Outposts only uses the OUTPOSTS Storage Class. For more information,
+	// see Storage Classes (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html)
+	// in the Amazon S3 User Guide.
+	StorageClass *string `location:"header" locationName:"x-amz-storage-class" type:"string" enum:"StorageClass"`
+
+	// The tag-set for the object destination object this value must be used in
+	// conjunction with the TaggingDirective. The tag-set must be encoded as URL
+	// Query parameters.
+	Tagging *string `location:"header" locationName:"x-amz-tagging" type:"string"`
+
+	// Specifies whether the object tag-set are copied from the source object or
+	// replaced with tag-set provided in the request.
+	TaggingDirective *string `location:"header" locationName:"x-amz-tagging-directive" type:"string" enum:"TaggingDirective"`
+
+	// If the bucket is configured as a website, redirects requests for this object
+	// to another object in the same bucket or to an external URL. Amazon S3 stores
+	// the value of this header in the object metadata. This value is unique to
+	// each object and is not copied when using the x-amz-metadata-directive header.
+	// Instead, you may opt to provide this header in combination with the directive.
+	WebsiteRedirectLocation *string `location:"header" locationName:"x-amz-website-redirect-location" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CopyObjectInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CopyObjectInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *CopyObjectInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "CopyObjectInput"}
+	if s.Bucket == nil {
+		invalidParams.Add(request.NewErrParamRequired("Bucket"))
+	}
+	if s.Bucket != nil && len(*s.Bucket) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+	}
+	if s.CopySource == nil {
+		invalidParams.Add(request.NewErrParamRequired("CopySource"))
+	}
+	if s.Key == nil {
+		invalidParams.Add(request.NewErrParamRequired("Key"))
+	}
+	if s.Key != nil && len(*s.Key) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Key", 1))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetACL sets the ACL field's value.
+func (s *CopyObjectInput) SetACL(v string) *CopyObjectInput {
+	s.ACL = &v
+	return s
+}
+
+// SetBucket sets the Bucket field's value.
+func (s *CopyObjectInput) SetBucket(v string) *CopyObjectInput {
+	s.Bucket = &v
+	return s
+}
+
+func (s *CopyObjectInput) getBucket() (v string) {
+	if s.Bucket == nil {
+		return v
+	}
+	return *s.Bucket
+}
+
+// SetBucketKeyEnabled sets the BucketKeyEnabled field's value.
+func (s *CopyObjectInput) SetBucketKeyEnabled(v bool) *CopyObjectInput {
+	s.BucketKeyEnabled = &v
+	return s
+}
+
+// SetCacheControl sets the CacheControl field's value.
+func (s *CopyObjectInput) SetCacheControl(v string) *CopyObjectInput {
+	s.CacheControl = &v
+	return s
+}
+
+// SetChecksumAlgorithm sets the ChecksumAlgorithm field's value.
+func (s *CopyObjectInput) SetChecksumAlgorithm(v string) *CopyObjectInput {
+	s.ChecksumAlgorithm = &v
+	return s
+}
+
+// SetContentDisposition sets the ContentDisposition field's value.
+func (s *CopyObjectInput) SetContentDisposition(v string) *CopyObjectInput {
+	s.ContentDisposition = &v
+	return s
+}
+
+// SetContentEncoding sets the ContentEncoding field's value.
+func (s *CopyObjectInput) SetContentEncoding(v string) *CopyObjectInput {
+	s.ContentEncoding = &v
+	return s
+}
+
+// SetContentLanguage sets the ContentLanguage field's value.
+func (s *CopyObjectInput) SetContentLanguage(v string) *CopyObjectInput {
+	s.ContentLanguage = &v
+	return s
+}
+
+// SetContentType sets the ContentType field's value.
+func (s *CopyObjectInput) SetContentType(v string) *CopyObjectInput {
+	s.ContentType = &v
+	return s
+}
+
+// SetCopySource sets the CopySource field's value.
+func (s *CopyObjectInput) SetCopySource(v string) *CopyObjectInput {
+	s.CopySource = &v
+	return s
+}
+
+// SetCopySourceIfMatch sets the CopySourceIfMatch field's value.
+func (s *CopyObjectInput) SetCopySourceIfMatch(v string) *CopyObjectInput {
+	s.CopySourceIfMatch = &v
+	return s
+}
+
+// SetCopySourceIfModifiedSince sets the CopySourceIfModifiedSince field's value.
+func (s *CopyObjectInput) SetCopySourceIfModifiedSince(v time.Time) *CopyObjectInput {
+	s.CopySourceIfModifiedSince = &v
+	return s
+}
+
+// SetCopySourceIfNoneMatch sets the CopySourceIfNoneMatch field's value.
+func (s *CopyObjectInput) SetCopySourceIfNoneMatch(v string) *CopyObjectInput {
+	s.CopySourceIfNoneMatch = &v
+	return s
+}
+
+// SetCopySourceIfUnmodifiedSince sets the CopySourceIfUnmodifiedSince field's value.
+func (s *CopyObjectInput) SetCopySourceIfUnmodifiedSince(v time.Time) *CopyObjectInput {
+	s.CopySourceIfUnmodifiedSince = &v
+	return s
+}
+
+// SetCopySourceSSECustomerAlgorithm sets the CopySourceSSECustomerAlgorithm field's value.
+func (s *CopyObjectInput) SetCopySourceSSECustomerAlgorithm(v string) *CopyObjectInput {
+	s.CopySourceSSECustomerAlgorithm = &v
+	return s
+}
+
+// SetCopySourceSSECustomerKey sets the CopySourceSSECustomerKey field's value.
+func (s *CopyObjectInput) SetCopySourceSSECustomerKey(v string) *CopyObjectInput {
+	s.CopySourceSSECustomerKey = &v
+	return s
+}
+
+func (s *CopyObjectInput) getCopySourceSSECustomerKey() (v string) {
+	if s.CopySourceSSECustomerKey == nil {
+		return v
+	}
+	return *s.CopySourceSSECustomerKey
+}
+
+// SetCopySourceSSECustomerKeyMD5 sets the CopySourceSSECustomerKeyMD5 field's value.
+func (s *CopyObjectInput) SetCopySourceSSECustomerKeyMD5(v string) *CopyObjectInput {
+	s.CopySourceSSECustomerKeyMD5 = &v
+	return s
+}
+
+// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
+func (s *CopyObjectInput) SetExpectedBucketOwner(v string) *CopyObjectInput {
+	s.ExpectedBucketOwner = &v
+	return s
+}
+
+// SetExpectedSourceBucketOwner sets the ExpectedSourceBucketOwner field's value.
+func (s *CopyObjectInput) SetExpectedSourceBucketOwner(v string) *CopyObjectInput {
+	s.ExpectedSourceBucketOwner = &v
+	return s
+}
+
+// SetExpires sets the Expires field's value.
+func (s *CopyObjectInput) SetExpires(v time.Time) *CopyObjectInput {
+	s.Expires = &v
+	return s
+}
+
+// SetGrantFullControl sets the GrantFullControl field's value.
+func (s *CopyObjectInput) SetGrantFullControl(v string) *CopyObjectInput {
+	s.GrantFullControl = &v
+	return s
+}
+
+// SetGrantRead sets the GrantRead field's value.
+func (s *CopyObjectInput) SetGrantRead(v string) *CopyObjectInput {
+	s.GrantRead = &v
+	return s
+}
+
+// SetGrantReadACP sets the GrantReadACP field's value.
+func (s *CopyObjectInput) SetGrantReadACP(v string) *CopyObjectInput {
+	s.GrantReadACP = &v
+	return s
+}
+
+// SetGrantWriteACP sets the GrantWriteACP field's value.
+func (s *CopyObjectInput) SetGrantWriteACP(v string) *CopyObjectInput {
+	s.GrantWriteACP = &v
+	return s
+}
+
+// SetKey sets the Key field's value.
+func (s *CopyObjectInput) SetKey(v string) *CopyObjectInput {
+	s.Key = &v
+	return s
+}
+
+// SetMetadata sets the Metadata field's value.
+func (s *CopyObjectInput) SetMetadata(v map[string]*string) *CopyObjectInput {
+	s.Metadata = v
+	return s
+}
+
+// SetMetadataDirective sets the MetadataDirective field's value.
+func (s *CopyObjectInput) SetMetadataDirective(v string) *CopyObjectInput {
+	s.MetadataDirective = &v
+	return s
+}
+
+// SetObjectLockLegalHoldStatus sets the ObjectLockLegalHoldStatus field's value.
+func (s *CopyObjectInput) SetObjectLockLegalHoldStatus(v string) *CopyObjectInput {
+	s.ObjectLockLegalHoldStatus = &v
+	return s
+}
+
+// SetObjectLockMode sets the ObjectLockMode field's value.
+func (s *CopyObjectInput) SetObjectLockMode(v string) *CopyObjectInput {
+	s.ObjectLockMode = &v
+	return s
+}
+
+// SetObjectLockRetainUntilDate sets the ObjectLockRetainUntilDate field's value.
+func (s *CopyObjectInput) SetObjectLockRetainUntilDate(v time.Time) *CopyObjectInput {
+	s.ObjectLockRetainUntilDate = &v
+	return s
+}
+
+// SetRequestPayer sets the RequestPayer field's value.
+func (s *CopyObjectInput) SetRequestPayer(v string) *CopyObjectInput {
+	s.RequestPayer = &v
+	return s
+}
+
+// SetSSECustomerAlgorithm sets the SSECustomerAlgorithm field's value.
+func (s *CopyObjectInput) SetSSECustomerAlgorithm(v string) *CopyObjectInput {
+	s.SSECustomerAlgorithm = &v
+	return s
+}
+
+// SetSSECustomerKey sets the SSECustomerKey field's value.
+func (s *CopyObjectInput) SetSSECustomerKey(v string) *CopyObjectInput {
+	s.SSECustomerKey = &v
+	return s
+}
+
+func (s *CopyObjectInput) getSSECustomerKey() (v string) {
+	if s.SSECustomerKey == nil {
+		return v
+	}
+	return *s.SSECustomerKey
+}
+
+// SetSSECustomerKeyMD5 sets the SSECustomerKeyMD5 field's value.
+func (s *CopyObjectInput) SetSSECustomerKeyMD5(v string) *CopyObjectInput {
+	s.SSECustomerKeyMD5 = &v
+	return s
+}
+
+// SetSSEKMSEncryptionContext sets the SSEKMSEncryptionContext field's value.
+func (s *CopyObjectInput) SetSSEKMSEncryptionContext(v string) *CopyObjectInput {
+	s.SSEKMSEncryptionContext = &v
+	return s
+}
+
+// SetSSEKMSKeyId sets the SSEKMSKeyId field's value.
+func (s *CopyObjectInput) SetSSEKMSKeyId(v string) *CopyObjectInput {
+	s.SSEKMSKeyId = &v
+	return s
+}
+
+// SetServerSideEncryption sets the ServerSideEncryption field's value.
+func (s *CopyObjectInput) SetServerSideEncryption(v string) *CopyObjectInput {
+	s.ServerSideEncryption = &v
+	return s
+}
+
+// SetStorageClass sets the StorageClass field's value.
+func (s *CopyObjectInput) SetStorageClass(v string) *CopyObjectInput {
+	s.StorageClass = &v
+	return s
+}
+
+// SetTagging sets the Tagging field's value.
+func (s *CopyObjectInput) SetTagging(v string) *CopyObjectInput {
+	s.Tagging = &v
+	return s
+}
+
+// SetTaggingDirective sets the TaggingDirective field's value.
+func (s *CopyObjectInput) SetTaggingDirective(v string) *CopyObjectInput {
+	s.TaggingDirective = &v
+	return s
+}
+
+// SetWebsiteRedirectLocation sets the WebsiteRedirectLocation field's value.
+func (s *CopyObjectInput) SetWebsiteRedirectLocation(v string) *CopyObjectInput {
+	s.WebsiteRedirectLocation = &v
+	return s
+}
+
+func (s *CopyObjectInput) getEndpointARN() (arn.Resource, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	return parseEndpointARN(*s.Bucket)
+}
+
+func (s *CopyObjectInput) hasEndpointARN() bool {
+	if s.Bucket == nil {
+		return false
+	}
+	return arn.IsARN(*s.Bucket)
+}
+
+// updateArnableField updates the value of the input field that
+// takes an ARN as an input. This method is useful to backfill
+// the parsed resource name from ARN into the input member.
+// It returns a pointer to a modified copy of input and an error.
+// Note that original input is not modified.
+func (s CopyObjectInput) updateArnableField(v string) (interface{}, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	s.Bucket = aws.String(v)
+	return &s, nil
+}
+
+type CopyObjectOutput struct {
+	_ struct{} `type:"structure" payload:"CopyObjectResult"`
+
+	// Indicates whether the copied object uses an S3 Bucket Key for server-side
+	// encryption with Key Management Service (KMS) keys (SSE-KMS).
+	BucketKeyEnabled *bool `location:"header" locationName:"x-amz-server-side-encryption-bucket-key-enabled" type:"boolean"`
+
+	// Container for all response elements.
+	CopyObjectResult *CopyObjectResult `type:"structure"`
+
+	// Version of the copied object in the destination bucket.
+	CopySourceVersionId *string `location:"header" locationName:"x-amz-copy-source-version-id" type:"string"`
+
+	// If the object expiration is configured, the response includes this header.
+	Expiration *string `location:"header" locationName:"x-amz-expiration" type:"string"`
+
+	// If present, indicates that the requester was successfully charged for the
+	// request.
+	RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"`
+
+	// If server-side encryption with a customer-provided encryption key was requested,
+	// the response will include this header confirming the encryption algorithm
+	// used.
+	SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"`
+
+	// If server-side encryption with a customer-provided encryption key was requested,
+	// the response will include this header to provide round-trip message integrity
+	// verification of the customer-provided encryption key.
+	SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"`
+
+	// If present, specifies the Amazon Web Services KMS Encryption Context to use
+	// for object encryption. The value of this header is a base64-encoded UTF-8
+	// string holding JSON with the encryption context key-value pairs.
+	//
+	// SSEKMSEncryptionContext is a sensitive parameter and its value will be
+	// replaced with "sensitive" in string returned by CopyObjectOutput's
+	// String and GoString methods.
+	SSEKMSEncryptionContext *string `location:"header" locationName:"x-amz-server-side-encryption-context" type:"string" sensitive:"true"`
+
+	// If present, specifies the ID of the Key Management Service (KMS) symmetric
+	// encryption customer managed key that was used for the object.
+	//
+	// SSEKMSKeyId is a sensitive parameter and its value will be
+	// replaced with "sensitive" in string returned by CopyObjectOutput's
+	// String and GoString methods.
+	SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"`
+
+	// The server-side encryption algorithm used when storing this object in Amazon
+	// S3 (for example, AES256, aws:kms, aws:kms:dsse).
+	ServerSideEncryption *string `location:"header" locationName:"x-amz-server-side-encryption" type:"string" enum:"ServerSideEncryption"`
+
+	// Version ID of the newly created copy.
+	VersionId *string `location:"header" locationName:"x-amz-version-id" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CopyObjectOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CopyObjectOutput) GoString() string {
+	return s.String()
+}
+
+// SetBucketKeyEnabled sets the BucketKeyEnabled field's value.
+func (s *CopyObjectOutput) SetBucketKeyEnabled(v bool) *CopyObjectOutput {
+	s.BucketKeyEnabled = &v
+	return s
+}
+
+// SetCopyObjectResult sets the CopyObjectResult field's value.
+func (s *CopyObjectOutput) SetCopyObjectResult(v *CopyObjectResult) *CopyObjectOutput {
+	s.CopyObjectResult = v
+	return s
+}
+
+// SetCopySourceVersionId sets the CopySourceVersionId field's value.
+func (s *CopyObjectOutput) SetCopySourceVersionId(v string) *CopyObjectOutput {
+	s.CopySourceVersionId = &v
+	return s
+}
+
+// SetExpiration sets the Expiration field's value.
+func (s *CopyObjectOutput) SetExpiration(v string) *CopyObjectOutput {
+	s.Expiration = &v
+	return s
+}
+
+// SetRequestCharged sets the RequestCharged field's value.
+func (s *CopyObjectOutput) SetRequestCharged(v string) *CopyObjectOutput {
+	s.RequestCharged = &v
+	return s
+}
+
+// SetSSECustomerAlgorithm sets the SSECustomerAlgorithm field's value.
+func (s *CopyObjectOutput) SetSSECustomerAlgorithm(v string) *CopyObjectOutput {
+	s.SSECustomerAlgorithm = &v
+	return s
+}
+
+// SetSSECustomerKeyMD5 sets the SSECustomerKeyMD5 field's value.
+func (s *CopyObjectOutput) SetSSECustomerKeyMD5(v string) *CopyObjectOutput {
+	s.SSECustomerKeyMD5 = &v
+	return s
+}
+
+// SetSSEKMSEncryptionContext sets the SSEKMSEncryptionContext field's value.
+func (s *CopyObjectOutput) SetSSEKMSEncryptionContext(v string) *CopyObjectOutput {
+	s.SSEKMSEncryptionContext = &v
+	return s
+}
+
+// SetSSEKMSKeyId sets the SSEKMSKeyId field's value.
+func (s *CopyObjectOutput) SetSSEKMSKeyId(v string) *CopyObjectOutput {
+	s.SSEKMSKeyId = &v
+	return s
+}
+
+// SetServerSideEncryption sets the ServerSideEncryption field's value.
+func (s *CopyObjectOutput) SetServerSideEncryption(v string) *CopyObjectOutput {
+	s.ServerSideEncryption = &v
+	return s
+}
+
+// SetVersionId sets the VersionId field's value.
+func (s *CopyObjectOutput) SetVersionId(v string) *CopyObjectOutput {
+	s.VersionId = &v
+	return s
+}
+
+// Container for all response elements.
+type CopyObjectResult struct {
+	_ struct{} `type:"structure"`
+
+	// The base64-encoded, 32-bit CRC32 checksum of the object. This will only be
+	// present if it was uploaded with the object. With multipart uploads, this
+	// may not be a checksum value of the object. For more information about how
+	// checksums are calculated with multipart uploads, see Checking object integrity
+	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// in the Amazon S3 User Guide.
+	ChecksumCRC32 *string `type:"string"`
+
+	// The base64-encoded, 32-bit CRC32C checksum of the object. This will only
+	// be present if it was uploaded with the object. With multipart uploads, this
+	// may not be a checksum value of the object. For more information about how
+	// checksums are calculated with multipart uploads, see Checking object integrity
+	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// in the Amazon S3 User Guide.
+	ChecksumCRC32C *string `type:"string"`
+
+	// The base64-encoded, 160-bit SHA-1 digest of the object. This will only be
+	// present if it was uploaded with the object. With multipart uploads, this
+	// may not be a checksum value of the object. For more information about how
+	// checksums are calculated with multipart uploads, see Checking object integrity
+	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// in the Amazon S3 User Guide.
+	ChecksumSHA1 *string `type:"string"`
+
+	// The base64-encoded, 256-bit SHA-256 digest of the object. This will only
+	// be present if it was uploaded with the object. With multipart uploads, this
+	// may not be a checksum value of the object. For more information about how
+	// checksums are calculated with multipart uploads, see Checking object integrity
+	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// in the Amazon S3 User Guide.
+	ChecksumSHA256 *string `type:"string"`
+
+	// Returns the ETag of the new object. The ETag reflects only changes to the
+	// contents of an object, not its metadata.
+	ETag *string `type:"string"`
+
+	// Creation date of the object.
+	LastModified *time.Time `type:"timestamp"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CopyObjectResult) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CopyObjectResult) GoString() string {
+	return s.String()
+}
+
+// SetChecksumCRC32 sets the ChecksumCRC32 field's value.
+func (s *CopyObjectResult) SetChecksumCRC32(v string) *CopyObjectResult {
+	s.ChecksumCRC32 = &v
+	return s
+}
+
+// SetChecksumCRC32C sets the ChecksumCRC32C field's value.
+func (s *CopyObjectResult) SetChecksumCRC32C(v string) *CopyObjectResult {
+	s.ChecksumCRC32C = &v
+	return s
+}
+
+// SetChecksumSHA1 sets the ChecksumSHA1 field's value.
+func (s *CopyObjectResult) SetChecksumSHA1(v string) *CopyObjectResult {
+	s.ChecksumSHA1 = &v
+	return s
+}
+
+// SetChecksumSHA256 sets the ChecksumSHA256 field's value.
+func (s *CopyObjectResult) SetChecksumSHA256(v string) *CopyObjectResult {
+	s.ChecksumSHA256 = &v
+	return s
+}
+
+// SetETag sets the ETag field's value.
+func (s *CopyObjectResult) SetETag(v string) *CopyObjectResult {
+	s.ETag = &v
+	return s
+}
+
+// SetLastModified sets the LastModified field's value.
+func (s *CopyObjectResult) SetLastModified(v time.Time) *CopyObjectResult {
+	s.LastModified = &v
+	return s
+}
+
+// Container for all response elements.
+type CopyPartResult struct {
+	_ struct{} `type:"structure"`
+
+	// The base64-encoded, 32-bit CRC32 checksum of the object. This will only be
+	// present if it was uploaded with the object. With multipart uploads, this
+	// may not be a checksum value of the object. For more information about how
+	// checksums are calculated with multipart uploads, see Checking object integrity
+	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// in the Amazon S3 User Guide.
+	ChecksumCRC32 *string `type:"string"`
+
+	// The base64-encoded, 32-bit CRC32C checksum of the object. This will only
+	// be present if it was uploaded with the object. With multipart uploads, this
+	// may not be a checksum value of the object. For more information about how
+	// checksums are calculated with multipart uploads, see Checking object integrity
+	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// in the Amazon S3 User Guide.
+	ChecksumCRC32C *string `type:"string"`
+
+	// The base64-encoded, 160-bit SHA-1 digest of the object. This will only be
+	// present if it was uploaded with the object. With multipart uploads, this
+	// may not be a checksum value of the object. For more information about how
+	// checksums are calculated with multipart uploads, see Checking object integrity
+	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// in the Amazon S3 User Guide.
+	ChecksumSHA1 *string `type:"string"`
+
+	// The base64-encoded, 256-bit SHA-256 digest of the object. This will only
+	// be present if it was uploaded with the object. With multipart uploads, this
+	// may not be a checksum value of the object. For more information about how
+	// checksums are calculated with multipart uploads, see Checking object integrity
+	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// in the Amazon S3 User Guide.
+	ChecksumSHA256 *string `type:"string"`
+
+	// Entity tag of the object.
+	ETag *string `type:"string"`
+
+	// Date and time at which the object was uploaded.
+	LastModified *time.Time `type:"timestamp"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CopyPartResult) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CopyPartResult) GoString() string {
+	return s.String()
+}
+
+// SetChecksumCRC32 sets the ChecksumCRC32 field's value.
+func (s *CopyPartResult) SetChecksumCRC32(v string) *CopyPartResult {
+	s.ChecksumCRC32 = &v
+	return s
+}
+
+// SetChecksumCRC32C sets the ChecksumCRC32C field's value.
+func (s *CopyPartResult) SetChecksumCRC32C(v string) *CopyPartResult {
+	s.ChecksumCRC32C = &v
+	return s
+}
+
+// SetChecksumSHA1 sets the ChecksumSHA1 field's value.
+func (s *CopyPartResult) SetChecksumSHA1(v string) *CopyPartResult {
+	s.ChecksumSHA1 = &v
+	return s
+}
+
+// SetChecksumSHA256 sets the ChecksumSHA256 field's value.
+func (s *CopyPartResult) SetChecksumSHA256(v string) *CopyPartResult {
+	s.ChecksumSHA256 = &v
+	return s
+}
+
+// SetETag sets the ETag field's value.
+func (s *CopyPartResult) SetETag(v string) *CopyPartResult {
+	s.ETag = &v
+	return s
+}
+
+// SetLastModified sets the LastModified field's value.
+func (s *CopyPartResult) SetLastModified(v time.Time) *CopyPartResult {
+	s.LastModified = &v
+	return s
+}
+
+// The configuration information for the bucket.
+type CreateBucketConfiguration struct {
+	_ struct{} `type:"structure"`
+
+	// Specifies the Region where the bucket will be created. If you don't specify
+	// a Region, the bucket is created in the US East (N. Virginia) Region (us-east-1).
+	LocationConstraint *string `type:"string" enum:"BucketLocationConstraint"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CreateBucketConfiguration) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CreateBucketConfiguration) GoString() string {
+	return s.String()
+}
+
+// SetLocationConstraint sets the LocationConstraint field's value.
+func (s *CreateBucketConfiguration) SetLocationConstraint(v string) *CreateBucketConfiguration {
+	s.LocationConstraint = &v
+	return s
+}
+
+type CreateBucketInput struct {
+	_ struct{} `locationName:"CreateBucketRequest" type:"structure" payload:"CreateBucketConfiguration"`
+
+	// The canned ACL to apply to the bucket.
+	ACL *string `location:"header" locationName:"x-amz-acl" type:"string" enum:"BucketCannedACL"`
+
+	// The name of the bucket to create.
+	//
+	// Bucket is a required field
+	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
+
+	// The configuration information for the bucket.
+	CreateBucketConfiguration *CreateBucketConfiguration `locationName:"CreateBucketConfiguration" type:"structure" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"`
+
+	// Allows grantee the read, write, read ACP, and write ACP permissions on the
+	// bucket.
+	GrantFullControl *string `location:"header" locationName:"x-amz-grant-full-control" type:"string"`
+
+	// Allows grantee to list the objects in the bucket.
+	GrantRead *string `location:"header" locationName:"x-amz-grant-read" type:"string"`
+
+	// Allows grantee to read the bucket ACL.
+	GrantReadACP *string `location:"header" locationName:"x-amz-grant-read-acp" type:"string"`
+
+	// Allows grantee to create new objects in the bucket.
+	//
+	// For the bucket and object owners of existing objects, also allows deletions
+	// and overwrites of those objects.
+	GrantWrite *string `location:"header" locationName:"x-amz-grant-write" type:"string"`
+
+	// Allows grantee to write the ACL for the applicable bucket.
+	GrantWriteACP *string `location:"header" locationName:"x-amz-grant-write-acp" type:"string"`
+
+	// Specifies whether you want S3 Object Lock to be enabled for the new bucket.
+	ObjectLockEnabledForBucket *bool `location:"header" locationName:"x-amz-bucket-object-lock-enabled" type:"boolean"`
+
+	// The container element for object ownership for a bucket's ownership controls.
+	//
+	// BucketOwnerPreferred - Objects uploaded to the bucket change ownership to
+	// the bucket owner if the objects are uploaded with the bucket-owner-full-control
+	// canned ACL.
+	//
+	// ObjectWriter - The uploading account will own the object if the object is
+	// uploaded with the bucket-owner-full-control canned ACL.
+	//
+	// BucketOwnerEnforced - Access control lists (ACLs) are disabled and no longer
+	// affect permissions. The bucket owner automatically owns and has full control
+	// over every object in the bucket. The bucket only accepts PUT requests that
+	// don't specify an ACL or bucket owner full control ACLs, such as the bucket-owner-full-control
+	// canned ACL or an equivalent form of this ACL expressed in the XML format.
+	ObjectOwnership *string `location:"header" locationName:"x-amz-object-ownership" type:"string" enum:"ObjectOwnership"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CreateBucketInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CreateBucketInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *CreateBucketInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "CreateBucketInput"}
+	if s.Bucket == nil {
+		invalidParams.Add(request.NewErrParamRequired("Bucket"))
+	}
+	if s.Bucket != nil && len(*s.Bucket) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetACL sets the ACL field's value.
+func (s *CreateBucketInput) SetACL(v string) *CreateBucketInput {
+	s.ACL = &v
+	return s
+}
+
+// SetBucket sets the Bucket field's value.
+func (s *CreateBucketInput) SetBucket(v string) *CreateBucketInput {
+	s.Bucket = &v
+	return s
+}
+
+func (s *CreateBucketInput) getBucket() (v string) {
+	if s.Bucket == nil {
+		return v
+	}
+	return *s.Bucket
+}
+
+// SetCreateBucketConfiguration sets the CreateBucketConfiguration field's value.
+func (s *CreateBucketInput) SetCreateBucketConfiguration(v *CreateBucketConfiguration) *CreateBucketInput {
+	s.CreateBucketConfiguration = v
+	return s
+}
+
+// SetGrantFullControl sets the GrantFullControl field's value.
+func (s *CreateBucketInput) SetGrantFullControl(v string) *CreateBucketInput {
+	s.GrantFullControl = &v
+	return s
+}
+
+// SetGrantRead sets the GrantRead field's value.
+func (s *CreateBucketInput) SetGrantRead(v string) *CreateBucketInput {
+	s.GrantRead = &v
+	return s
+}
+
+// SetGrantReadACP sets the GrantReadACP field's value.
+func (s *CreateBucketInput) SetGrantReadACP(v string) *CreateBucketInput {
+	s.GrantReadACP = &v
+	return s
+}
+
+// SetGrantWrite sets the GrantWrite field's value.
+func (s *CreateBucketInput) SetGrantWrite(v string) *CreateBucketInput {
+	s.GrantWrite = &v
+	return s
+}
+
+// SetGrantWriteACP sets the GrantWriteACP field's value.
+func (s *CreateBucketInput) SetGrantWriteACP(v string) *CreateBucketInput {
+	s.GrantWriteACP = &v
+	return s
+}
+
+// SetObjectLockEnabledForBucket sets the ObjectLockEnabledForBucket field's value.
+func (s *CreateBucketInput) SetObjectLockEnabledForBucket(v bool) *CreateBucketInput {
+	s.ObjectLockEnabledForBucket = &v
+	return s
+}
+
+// SetObjectOwnership sets the ObjectOwnership field's value.
+func (s *CreateBucketInput) SetObjectOwnership(v string) *CreateBucketInput {
+	s.ObjectOwnership = &v
+	return s
+}
+
+type CreateBucketOutput struct {
+	_ struct{} `type:"structure"`
+
+	// A forward slash followed by the name of the bucket.
+	Location *string `location:"header" locationName:"Location" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CreateBucketOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CreateBucketOutput) GoString() string {
+	return s.String()
+}
+
+// SetLocation sets the Location field's value.
+func (s *CreateBucketOutput) SetLocation(v string) *CreateBucketOutput {
+	s.Location = &v
+	return s
+}
+
+type CreateMultipartUploadInput struct {
+	_ struct{} `locationName:"CreateMultipartUploadRequest" type:"structure"`
+
+	// The canned ACL to apply to the object.
+	//
+	// This action is not supported by Amazon S3 on Outposts.
+	ACL *string `location:"header" locationName:"x-amz-acl" type:"string" enum:"ObjectCannedACL"`
+
+	// The name of the bucket to which to initiate the upload
+	//
+	// When using this action with an access point, you must direct requests to
+	// the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com.
+	// When using this action with an access point through the Amazon Web Services
+	// SDKs, you provide the access point ARN in place of the bucket name. For more
+	// information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
+	// in the Amazon S3 User Guide.
+	//
+	// When you use this action with Amazon S3 on Outposts, you must direct requests
+	// to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form
+	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When
+	// you use this action with S3 on Outposts through the Amazon Web Services SDKs,
+	// you provide the Outposts access point ARN in place of the bucket name. For
+	// more information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
+	// in the Amazon S3 User Guide.
+	//
+	// Bucket is a required field
+	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
+
+	// Specifies whether Amazon S3 should use an S3 Bucket Key for object encryption
+	// with server-side encryption using Key Management Service (KMS) keys (SSE-KMS).
+	// Setting this header to true causes Amazon S3 to use an S3 Bucket Key for
+	// object encryption with SSE-KMS.
+	//
+	// Specifying this header with an object action doesn’t affect bucket-level
+	// settings for S3 Bucket Key.
+	BucketKeyEnabled *bool `location:"header" locationName:"x-amz-server-side-encryption-bucket-key-enabled" type:"boolean"`
+
+	// Specifies caching behavior along the request/reply chain.
+	CacheControl *string `location:"header" locationName:"Cache-Control" type:"string"`
+
+	// Indicates the algorithm you want Amazon S3 to use to create the checksum
+	// for the object. For more information, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// in the Amazon S3 User Guide.
+	ChecksumAlgorithm *string `location:"header" locationName:"x-amz-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"`
+
+	// Specifies presentational information for the object.
+	ContentDisposition *string `location:"header" locationName:"Content-Disposition" type:"string"`
+
+	// Specifies what content encodings have been applied to the object and thus
+	// what decoding mechanisms must be applied to obtain the media-type referenced
+	// by the Content-Type header field.
+	ContentEncoding *string `location:"header" locationName:"Content-Encoding" type:"string"`
+
+	// The language the content is in.
+	ContentLanguage *string `location:"header" locationName:"Content-Language" type:"string"`
+
+	// A standard MIME type describing the format of the object data.
+	ContentType *string `location:"header" locationName:"Content-Type" type:"string"`
+
+	// The account ID of the expected bucket owner. If the bucket is owned by a
+	// different account, the request fails with the HTTP status code 403 Forbidden
+	// (access denied).
+	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
+
+	// The date and time at which the object is no longer cacheable.
+	Expires *time.Time `location:"header" locationName:"Expires" type:"timestamp"`
+
+	// Gives the grantee READ, READ_ACP, and WRITE_ACP permissions on the object.
+	//
+	// This action is not supported by Amazon S3 on Outposts.
+	GrantFullControl *string `location:"header" locationName:"x-amz-grant-full-control" type:"string"`
+
+	// Allows grantee to read the object data and its metadata.
+	//
+	// This action is not supported by Amazon S3 on Outposts.
+	GrantRead *string `location:"header" locationName:"x-amz-grant-read" type:"string"`
+
+	// Allows grantee to read the object ACL.
+	//
+	// This action is not supported by Amazon S3 on Outposts.
+	GrantReadACP *string `location:"header" locationName:"x-amz-grant-read-acp" type:"string"`
+
+	// Allows grantee to write the ACL for the applicable object.
+	//
+	// This action is not supported by Amazon S3 on Outposts.
+	GrantWriteACP *string `location:"header" locationName:"x-amz-grant-write-acp" type:"string"`
+
+	// Object key for which the multipart upload is to be initiated.
+	//
+	// Key is a required field
+	Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"`
+
+	// A map of metadata to store with the object in S3.
+	Metadata map[string]*string `location:"headers" locationName:"x-amz-meta-" type:"map"`
+
+	// Specifies whether you want to apply a legal hold to the uploaded object.
+	ObjectLockLegalHoldStatus *string `location:"header" locationName:"x-amz-object-lock-legal-hold" type:"string" enum:"ObjectLockLegalHoldStatus"`
+
+	// Specifies the Object Lock mode that you want to apply to the uploaded object.
+	ObjectLockMode *string `location:"header" locationName:"x-amz-object-lock-mode" type:"string" enum:"ObjectLockMode"`
+
+	// Specifies the date and time when you want the Object Lock to expire.
+	ObjectLockRetainUntilDate *time.Time `location:"header" locationName:"x-amz-object-lock-retain-until-date" type:"timestamp" timestampFormat:"iso8601"`
+
+	// Confirms that the requester knows that they will be charged for the request.
+	// Bucket owners need not specify this parameter in their requests. For information
+	// about downloading objects from Requester Pays buckets, see Downloading Objects
+	// in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
+	// in the Amazon S3 User Guide.
+	RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"`
+
+	// Specifies the algorithm to use to when encrypting the object (for example,
+	// AES256).
+	SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"`
+
+	// Specifies the customer-provided encryption key for Amazon S3 to use in encrypting
+	// data. This value is used to store the object and then it is discarded; Amazon
+	// S3 does not store the encryption key. The key must be appropriate for use
+	// with the algorithm specified in the x-amz-server-side-encryption-customer-algorithm
+	// header.
+	//
+	// SSECustomerKey is a sensitive parameter and its value will be
+	// replaced with "sensitive" in string returned by CreateMultipartUploadInput's
+	// String and GoString methods.
+	SSECustomerKey *string `marshal-as:"blob" location:"header" locationName:"x-amz-server-side-encryption-customer-key" type:"string" sensitive:"true"`
+
+	// Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321.
+	// Amazon S3 uses this header for a message integrity check to ensure that the
+	// encryption key was transmitted without error.
+	SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"`
+
+	// Specifies the Amazon Web Services KMS Encryption Context to use for object
+	// encryption. The value of this header is a base64-encoded UTF-8 string holding
+	// JSON with the encryption context key-value pairs.
+	//
+	// SSEKMSEncryptionContext is a sensitive parameter and its value will be
+	// replaced with "sensitive" in string returned by CreateMultipartUploadInput's
+	// String and GoString methods.
+	SSEKMSEncryptionContext *string `location:"header" locationName:"x-amz-server-side-encryption-context" type:"string" sensitive:"true"`
+
+	// Specifies the ID of the symmetric encryption customer managed key to use
+	// for object encryption. All GET and PUT requests for an object protected by
+	// KMS will fail if they're not made via SSL or using SigV4. For information
+	// about configuring any of the officially supported Amazon Web Services SDKs
+	// and Amazon Web Services CLI, see Specifying the Signature Version in Request
+	// Authentication (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingAWSSDK.html#specify-signature-version)
+	// in the Amazon S3 User Guide.
+	//
+	// SSEKMSKeyId is a sensitive parameter and its value will be
+	// replaced with "sensitive" in string returned by CreateMultipartUploadInput's
+	// String and GoString methods.
+	SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"`
+
+	// The server-side encryption algorithm used when storing this object in Amazon
+	// S3 (for example, AES256, aws:kms).
+	ServerSideEncryption *string `location:"header" locationName:"x-amz-server-side-encryption" type:"string" enum:"ServerSideEncryption"`
+
+	// By default, Amazon S3 uses the STANDARD Storage Class to store newly created
+	// objects. The STANDARD storage class provides high durability and high availability.
+	// Depending on performance needs, you can specify a different Storage Class.
+	// Amazon S3 on Outposts only uses the OUTPOSTS Storage Class. For more information,
+	// see Storage Classes (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html)
+	// in the Amazon S3 User Guide.
+	StorageClass *string `location:"header" locationName:"x-amz-storage-class" type:"string" enum:"StorageClass"`
+
+	// The tag-set for the object. The tag-set must be encoded as URL Query parameters.
+	Tagging *string `location:"header" locationName:"x-amz-tagging" type:"string"`
+
+	// If the bucket is configured as a website, redirects requests for this object
+	// to another object in the same bucket or to an external URL. Amazon S3 stores
+	// the value of this header in the object metadata.
+	WebsiteRedirectLocation *string `location:"header" locationName:"x-amz-website-redirect-location" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CreateMultipartUploadInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CreateMultipartUploadInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *CreateMultipartUploadInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "CreateMultipartUploadInput"}
+	if s.Bucket == nil {
+		invalidParams.Add(request.NewErrParamRequired("Bucket"))
+	}
+	if s.Bucket != nil && len(*s.Bucket) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+	}
+	if s.Key == nil {
+		invalidParams.Add(request.NewErrParamRequired("Key"))
+	}
+	if s.Key != nil && len(*s.Key) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Key", 1))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetACL sets the ACL field's value.
+func (s *CreateMultipartUploadInput) SetACL(v string) *CreateMultipartUploadInput {
+	s.ACL = &v
+	return s
+}
+
+// SetBucket sets the Bucket field's value.
+func (s *CreateMultipartUploadInput) SetBucket(v string) *CreateMultipartUploadInput {
+	s.Bucket = &v
+	return s
+}
+
+func (s *CreateMultipartUploadInput) getBucket() (v string) {
+	if s.Bucket == nil {
+		return v
+	}
+	return *s.Bucket
+}
+
+// SetBucketKeyEnabled sets the BucketKeyEnabled field's value.
+func (s *CreateMultipartUploadInput) SetBucketKeyEnabled(v bool) *CreateMultipartUploadInput {
+	s.BucketKeyEnabled = &v
+	return s
+}
+
+// SetCacheControl sets the CacheControl field's value.
+func (s *CreateMultipartUploadInput) SetCacheControl(v string) *CreateMultipartUploadInput {
+	s.CacheControl = &v
+	return s
+}
+
+// SetChecksumAlgorithm sets the ChecksumAlgorithm field's value.
+func (s *CreateMultipartUploadInput) SetChecksumAlgorithm(v string) *CreateMultipartUploadInput {
+	s.ChecksumAlgorithm = &v
+	return s
+}
+
+// SetContentDisposition sets the ContentDisposition field's value.
+func (s *CreateMultipartUploadInput) SetContentDisposition(v string) *CreateMultipartUploadInput {
+	s.ContentDisposition = &v
+	return s
+}
+
+// SetContentEncoding sets the ContentEncoding field's value.
+func (s *CreateMultipartUploadInput) SetContentEncoding(v string) *CreateMultipartUploadInput {
+	s.ContentEncoding = &v
+	return s
+}
+
+// SetContentLanguage sets the ContentLanguage field's value.
+func (s *CreateMultipartUploadInput) SetContentLanguage(v string) *CreateMultipartUploadInput {
+	s.ContentLanguage = &v
+	return s
+}
+
+// SetContentType sets the ContentType field's value.
+func (s *CreateMultipartUploadInput) SetContentType(v string) *CreateMultipartUploadInput {
+	s.ContentType = &v
+	return s
+}
+
+// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
+func (s *CreateMultipartUploadInput) SetExpectedBucketOwner(v string) *CreateMultipartUploadInput {
+	s.ExpectedBucketOwner = &v
+	return s
+}
+
+// SetExpires sets the Expires field's value.
+func (s *CreateMultipartUploadInput) SetExpires(v time.Time) *CreateMultipartUploadInput {
+	s.Expires = &v
+	return s
+}
+
+// SetGrantFullControl sets the GrantFullControl field's value.
+func (s *CreateMultipartUploadInput) SetGrantFullControl(v string) *CreateMultipartUploadInput {
+	s.GrantFullControl = &v
+	return s
+}
+
+// SetGrantRead sets the GrantRead field's value.
+func (s *CreateMultipartUploadInput) SetGrantRead(v string) *CreateMultipartUploadInput {
+	s.GrantRead = &v
+	return s
+}
+
+// SetGrantReadACP sets the GrantReadACP field's value.
+func (s *CreateMultipartUploadInput) SetGrantReadACP(v string) *CreateMultipartUploadInput {
+	s.GrantReadACP = &v
+	return s
+}
+
+// SetGrantWriteACP sets the GrantWriteACP field's value.
+func (s *CreateMultipartUploadInput) SetGrantWriteACP(v string) *CreateMultipartUploadInput {
+	s.GrantWriteACP = &v
+	return s
+}
+
+// SetKey sets the Key field's value.
+func (s *CreateMultipartUploadInput) SetKey(v string) *CreateMultipartUploadInput {
+	s.Key = &v
+	return s
+}
+
+// SetMetadata sets the Metadata field's value.
+func (s *CreateMultipartUploadInput) SetMetadata(v map[string]*string) *CreateMultipartUploadInput {
+	s.Metadata = v
+	return s
+}
+
+// SetObjectLockLegalHoldStatus sets the ObjectLockLegalHoldStatus field's value.
+func (s *CreateMultipartUploadInput) SetObjectLockLegalHoldStatus(v string) *CreateMultipartUploadInput {
+	s.ObjectLockLegalHoldStatus = &v
+	return s
+}
+
+// SetObjectLockMode sets the ObjectLockMode field's value.
+func (s *CreateMultipartUploadInput) SetObjectLockMode(v string) *CreateMultipartUploadInput {
+	s.ObjectLockMode = &v
+	return s
+}
+
+// SetObjectLockRetainUntilDate sets the ObjectLockRetainUntilDate field's value.
+func (s *CreateMultipartUploadInput) SetObjectLockRetainUntilDate(v time.Time) *CreateMultipartUploadInput {
+	s.ObjectLockRetainUntilDate = &v
+	return s
+}
+
+// SetRequestPayer sets the RequestPayer field's value.
+func (s *CreateMultipartUploadInput) SetRequestPayer(v string) *CreateMultipartUploadInput {
+	s.RequestPayer = &v
+	return s
+}
+
+// SetSSECustomerAlgorithm sets the SSECustomerAlgorithm field's value.
+func (s *CreateMultipartUploadInput) SetSSECustomerAlgorithm(v string) *CreateMultipartUploadInput {
+	s.SSECustomerAlgorithm = &v
+	return s
+}
+
+// SetSSECustomerKey sets the SSECustomerKey field's value.
+func (s *CreateMultipartUploadInput) SetSSECustomerKey(v string) *CreateMultipartUploadInput {
+	s.SSECustomerKey = &v
+	return s
+}
+
+func (s *CreateMultipartUploadInput) getSSECustomerKey() (v string) {
+	if s.SSECustomerKey == nil {
+		return v
+	}
+	return *s.SSECustomerKey
+}
+
+// SetSSECustomerKeyMD5 sets the SSECustomerKeyMD5 field's value.
+func (s *CreateMultipartUploadInput) SetSSECustomerKeyMD5(v string) *CreateMultipartUploadInput {
+	s.SSECustomerKeyMD5 = &v
+	return s
+}
+
+// SetSSEKMSEncryptionContext sets the SSEKMSEncryptionContext field's value.
+func (s *CreateMultipartUploadInput) SetSSEKMSEncryptionContext(v string) *CreateMultipartUploadInput {
+	s.SSEKMSEncryptionContext = &v
+	return s
+}
+
+// SetSSEKMSKeyId sets the SSEKMSKeyId field's value.
+func (s *CreateMultipartUploadInput) SetSSEKMSKeyId(v string) *CreateMultipartUploadInput {
+	s.SSEKMSKeyId = &v
+	return s
+}
+
+// SetServerSideEncryption sets the ServerSideEncryption field's value.
+func (s *CreateMultipartUploadInput) SetServerSideEncryption(v string) *CreateMultipartUploadInput {
+	s.ServerSideEncryption = &v
+	return s
+}
+
+// SetStorageClass sets the StorageClass field's value.
+func (s *CreateMultipartUploadInput) SetStorageClass(v string) *CreateMultipartUploadInput {
+	s.StorageClass = &v
+	return s
+}
+
+// SetTagging sets the Tagging field's value.
+func (s *CreateMultipartUploadInput) SetTagging(v string) *CreateMultipartUploadInput {
+	s.Tagging = &v
+	return s
+}
+
+// SetWebsiteRedirectLocation sets the WebsiteRedirectLocation field's value.
+func (s *CreateMultipartUploadInput) SetWebsiteRedirectLocation(v string) *CreateMultipartUploadInput {
+	s.WebsiteRedirectLocation = &v
+	return s
+}
+
+func (s *CreateMultipartUploadInput) getEndpointARN() (arn.Resource, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	return parseEndpointARN(*s.Bucket)
+}
+
+func (s *CreateMultipartUploadInput) hasEndpointARN() bool {
+	if s.Bucket == nil {
+		return false
+	}
+	return arn.IsARN(*s.Bucket)
+}
+
+// updateArnableField updates the value of the input field that
+// takes an ARN as an input. This method is useful to backfill
+// the parsed resource name from ARN into the input member.
+// It returns a pointer to a modified copy of input and an error.
+// Note that original input is not modified.
+func (s CreateMultipartUploadInput) updateArnableField(v string) (interface{}, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	s.Bucket = aws.String(v)
+	return &s, nil
+}
+
+type CreateMultipartUploadOutput struct {
+	_ struct{} `type:"structure"`
+
+	// If the bucket has a lifecycle rule configured with an action to abort incomplete
+	// multipart uploads and the prefix in the lifecycle rule matches the object
+	// name in the request, the response includes this header. The header indicates
+	// when the initiated multipart upload becomes eligible for an abort operation.
+	// For more information, see Aborting Incomplete Multipart Uploads Using a Bucket
+	// Lifecycle Configuration (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html#mpu-abort-incomplete-mpu-lifecycle-config).
+	//
+	// The response also includes the x-amz-abort-rule-id header that provides the
+	// ID of the lifecycle configuration rule that defines this action.
+	AbortDate *time.Time `location:"header" locationName:"x-amz-abort-date" type:"timestamp"`
+
+	// This header is returned along with the x-amz-abort-date header. It identifies
+	// the applicable lifecycle configuration rule that defines the action to abort
+	// incomplete multipart uploads.
+	AbortRuleId *string `location:"header" locationName:"x-amz-abort-rule-id" type:"string"`
+
+	// The name of the bucket to which the multipart upload was initiated. Does
+	// not return the access point ARN or access point alias if used.
+	//
+	// When using this action with an access point, you must direct requests to
+	// the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com.
+	// When using this action with an access point through the Amazon Web Services
+	// SDKs, you provide the access point ARN in place of the bucket name. For more
+	// information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
+	// in the Amazon S3 User Guide.
+	//
+	// When you use this action with Amazon S3 on Outposts, you must direct requests
+	// to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form
+	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When
+	// you use this action with S3 on Outposts through the Amazon Web Services SDKs,
+	// you provide the Outposts access point ARN in place of the bucket name. For
+	// more information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
+	// in the Amazon S3 User Guide.
+	Bucket *string `locationName:"Bucket" type:"string"`
+
+	// Indicates whether the multipart upload uses an S3 Bucket Key for server-side
+	// encryption with Key Management Service (KMS) keys (SSE-KMS).
+	BucketKeyEnabled *bool `location:"header" locationName:"x-amz-server-side-encryption-bucket-key-enabled" type:"boolean"`
+
+	// The algorithm that was used to create a checksum of the object.
+	ChecksumAlgorithm *string `location:"header" locationName:"x-amz-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"`
+
+	// Object key for which the multipart upload was initiated.
+	Key *string `min:"1" type:"string"`
+
+	// If present, indicates that the requester was successfully charged for the
+	// request.
+	RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"`
+
+	// If server-side encryption with a customer-provided encryption key was requested,
+	// the response will include this header confirming the encryption algorithm
+	// used.
+	SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"`
+
+	// If server-side encryption with a customer-provided encryption key was requested,
+	// the response will include this header to provide round-trip message integrity
+	// verification of the customer-provided encryption key.
+	SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"`
+
+	// If present, specifies the Amazon Web Services KMS Encryption Context to use
+	// for object encryption. The value of this header is a base64-encoded UTF-8
+	// string holding JSON with the encryption context key-value pairs.
+	//
+	// SSEKMSEncryptionContext is a sensitive parameter and its value will be
+	// replaced with "sensitive" in string returned by CreateMultipartUploadOutput's
+	// String and GoString methods.
+	SSEKMSEncryptionContext *string `location:"header" locationName:"x-amz-server-side-encryption-context" type:"string" sensitive:"true"`
+
+	// If present, specifies the ID of the Key Management Service (KMS) symmetric
+	// encryption customer managed key that was used for the object.
+	//
+	// SSEKMSKeyId is a sensitive parameter and its value will be
+	// replaced with "sensitive" in string returned by CreateMultipartUploadOutput's
+	// String and GoString methods.
+	SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"`
+
+	// The server-side encryption algorithm used when storing this object in Amazon
+	// S3 (for example, AES256, aws:kms).
+	ServerSideEncryption *string `location:"header" locationName:"x-amz-server-side-encryption" type:"string" enum:"ServerSideEncryption"`
+
+	// ID for the initiated multipart upload.
+	UploadId *string `type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CreateMultipartUploadOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CreateMultipartUploadOutput) GoString() string {
+	return s.String()
+}
+
+// SetAbortDate sets the AbortDate field's value.
+func (s *CreateMultipartUploadOutput) SetAbortDate(v time.Time) *CreateMultipartUploadOutput {
+	s.AbortDate = &v
+	return s
+}
+
+// SetAbortRuleId sets the AbortRuleId field's value.
+func (s *CreateMultipartUploadOutput) SetAbortRuleId(v string) *CreateMultipartUploadOutput {
+	s.AbortRuleId = &v
+	return s
+}
+
+// SetBucket sets the Bucket field's value.
+func (s *CreateMultipartUploadOutput) SetBucket(v string) *CreateMultipartUploadOutput {
+	s.Bucket = &v
+	return s
+}
+
+func (s *CreateMultipartUploadOutput) getBucket() (v string) {
+	if s.Bucket == nil {
+		return v
+	}
+	return *s.Bucket
+}
+
+// SetBucketKeyEnabled sets the BucketKeyEnabled field's value.
+func (s *CreateMultipartUploadOutput) SetBucketKeyEnabled(v bool) *CreateMultipartUploadOutput {
+	s.BucketKeyEnabled = &v
+	return s
+}
+
+// SetChecksumAlgorithm sets the ChecksumAlgorithm field's value.
+func (s *CreateMultipartUploadOutput) SetChecksumAlgorithm(v string) *CreateMultipartUploadOutput {
+	s.ChecksumAlgorithm = &v
+	return s
+}
+
+// SetKey sets the Key field's value.
+func (s *CreateMultipartUploadOutput) SetKey(v string) *CreateMultipartUploadOutput {
+	s.Key = &v
+	return s
+}
+
+// SetRequestCharged sets the RequestCharged field's value.
+func (s *CreateMultipartUploadOutput) SetRequestCharged(v string) *CreateMultipartUploadOutput {
+	s.RequestCharged = &v
+	return s
+}
+
+// SetSSECustomerAlgorithm sets the SSECustomerAlgorithm field's value.
+func (s *CreateMultipartUploadOutput) SetSSECustomerAlgorithm(v string) *CreateMultipartUploadOutput {
+	s.SSECustomerAlgorithm = &v
+	return s
+}
+
+// SetSSECustomerKeyMD5 sets the SSECustomerKeyMD5 field's value.
+func (s *CreateMultipartUploadOutput) SetSSECustomerKeyMD5(v string) *CreateMultipartUploadOutput {
+	s.SSECustomerKeyMD5 = &v
+	return s
+}
+
+// SetSSEKMSEncryptionContext sets the SSEKMSEncryptionContext field's value.
+func (s *CreateMultipartUploadOutput) SetSSEKMSEncryptionContext(v string) *CreateMultipartUploadOutput {
+	s.SSEKMSEncryptionContext = &v
+	return s
+}
+
+// SetSSEKMSKeyId sets the SSEKMSKeyId field's value.
+func (s *CreateMultipartUploadOutput) SetSSEKMSKeyId(v string) *CreateMultipartUploadOutput {
+	s.SSEKMSKeyId = &v
+	return s
+}
+
+// SetServerSideEncryption sets the ServerSideEncryption field's value.
+func (s *CreateMultipartUploadOutput) SetServerSideEncryption(v string) *CreateMultipartUploadOutput {
+	s.ServerSideEncryption = &v
+	return s
+}
+
+// SetUploadId sets the UploadId field's value.
+func (s *CreateMultipartUploadOutput) SetUploadId(v string) *CreateMultipartUploadOutput {
+	s.UploadId = &v
+	return s
+}
+
+// The container element for specifying the default Object Lock retention settings
+// for new objects placed in the specified bucket.
+//
+//   - The DefaultRetention settings require both a mode and a period.
+//
+//   - The DefaultRetention period can be either Days or Years but you must
+//     select one. You cannot specify Days and Years at the same time.
+type DefaultRetention struct {
+	_ struct{} `type:"structure"`
+
+	// The number of days that you want to specify for the default retention period.
+	// Must be used with Mode.
+	Days *int64 `type:"integer"`
+
+	// The default Object Lock retention mode you want to apply to new objects placed
+	// in the specified bucket. Must be used with either Days or Years.
+	Mode *string `type:"string" enum:"ObjectLockRetentionMode"`
+
+	// The number of years that you want to specify for the default retention period.
+	// Must be used with Mode.
+	Years *int64 `type:"integer"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DefaultRetention) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DefaultRetention) GoString() string {
+	return s.String()
+}
+
+// SetDays sets the Days field's value.
+func (s *DefaultRetention) SetDays(v int64) *DefaultRetention {
+	s.Days = &v
+	return s
+}
+
+// SetMode sets the Mode field's value.
+func (s *DefaultRetention) SetMode(v string) *DefaultRetention {
+	s.Mode = &v
+	return s
+}
+
+// SetYears sets the Years field's value.
+func (s *DefaultRetention) SetYears(v int64) *DefaultRetention {
+	s.Years = &v
+	return s
+}
+
+// Container for the objects to delete.
+type Delete struct {
+	_ struct{} `type:"structure"`
+
+	// The object to delete.
+	//
+	// Objects is a required field
+	Objects []*ObjectIdentifier `locationName:"Object" type:"list" flattened:"true" required:"true"`
+
+	// Element to enable quiet mode for the request. When you add this element,
+	// you must set its value to true.
+	Quiet *bool `type:"boolean"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s Delete) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s Delete) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *Delete) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "Delete"}
+	if s.Objects == nil {
+		invalidParams.Add(request.NewErrParamRequired("Objects"))
+	}
+	if s.Objects != nil {
+		for i, v := range s.Objects {
+			if v == nil {
+				continue
+			}
+			if err := v.Validate(); err != nil {
+				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Objects", i), err.(request.ErrInvalidParams))
+			}
+		}
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetObjects sets the Objects field's value.
+func (s *Delete) SetObjects(v []*ObjectIdentifier) *Delete {
+	s.Objects = v
+	return s
+}
+
+// SetQuiet sets the Quiet field's value.
+func (s *Delete) SetQuiet(v bool) *Delete {
+	s.Quiet = &v
+	return s
+}
+
+type DeleteBucketAnalyticsConfigurationInput struct {
+	_ struct{} `locationName:"DeleteBucketAnalyticsConfigurationRequest" type:"structure"`
+
+	// The name of the bucket from which an analytics configuration is deleted.
+	//
+	// Bucket is a required field
+	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
+
+	// The account ID of the expected bucket owner. If the bucket is owned by a
+	// different account, the request fails with the HTTP status code 403 Forbidden
+	// (access denied).
+	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
+
+	// The ID that identifies the analytics configuration.
+	//
+	// Id is a required field
+	Id *string `location:"querystring" locationName:"id" type:"string" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteBucketAnalyticsConfigurationInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteBucketAnalyticsConfigurationInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *DeleteBucketAnalyticsConfigurationInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "DeleteBucketAnalyticsConfigurationInput"}
+	if s.Bucket == nil {
+		invalidParams.Add(request.NewErrParamRequired("Bucket"))
+	}
+	if s.Bucket != nil && len(*s.Bucket) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+	}
+	if s.Id == nil {
+		invalidParams.Add(request.NewErrParamRequired("Id"))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetBucket sets the Bucket field's value.
+func (s *DeleteBucketAnalyticsConfigurationInput) SetBucket(v string) *DeleteBucketAnalyticsConfigurationInput {
+	s.Bucket = &v
+	return s
+}
+
+func (s *DeleteBucketAnalyticsConfigurationInput) getBucket() (v string) {
+	if s.Bucket == nil {
+		return v
+	}
+	return *s.Bucket
+}
+
+// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
+func (s *DeleteBucketAnalyticsConfigurationInput) SetExpectedBucketOwner(v string) *DeleteBucketAnalyticsConfigurationInput {
+	s.ExpectedBucketOwner = &v
+	return s
+}
+
+// SetId sets the Id field's value.
+func (s *DeleteBucketAnalyticsConfigurationInput) SetId(v string) *DeleteBucketAnalyticsConfigurationInput {
+	s.Id = &v
+	return s
+}
+
+func (s *DeleteBucketAnalyticsConfigurationInput) getEndpointARN() (arn.Resource, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	return parseEndpointARN(*s.Bucket)
+}
+
+func (s *DeleteBucketAnalyticsConfigurationInput) hasEndpointARN() bool {
+	if s.Bucket == nil {
+		return false
+	}
+	return arn.IsARN(*s.Bucket)
+}
+
+// updateArnableField updates the value of the input field that
+// takes an ARN as an input. This method is useful to backfill
+// the parsed resource name from ARN into the input member.
+// It returns a pointer to a modified copy of input and an error.
+// Note that original input is not modified.
+func (s DeleteBucketAnalyticsConfigurationInput) updateArnableField(v string) (interface{}, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	s.Bucket = aws.String(v)
+	return &s, nil
+}
+
+type DeleteBucketAnalyticsConfigurationOutput struct {
+	_ struct{} `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteBucketAnalyticsConfigurationOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteBucketAnalyticsConfigurationOutput) GoString() string {
+	return s.String()
+}
+
+type DeleteBucketCorsInput struct {
+	_ struct{} `locationName:"DeleteBucketCorsRequest" type:"structure"`
+
+	// Specifies the bucket whose cors configuration is being deleted.
+	//
+	// Bucket is a required field
+	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
+
+	// The account ID of the expected bucket owner. If the bucket is owned by a
+	// different account, the request fails with the HTTP status code 403 Forbidden
+	// (access denied).
+	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteBucketCorsInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteBucketCorsInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *DeleteBucketCorsInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "DeleteBucketCorsInput"}
+	if s.Bucket == nil {
+		invalidParams.Add(request.NewErrParamRequired("Bucket"))
+	}
+	if s.Bucket != nil && len(*s.Bucket) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetBucket sets the Bucket field's value.
+func (s *DeleteBucketCorsInput) SetBucket(v string) *DeleteBucketCorsInput {
+	s.Bucket = &v
+	return s
+}
+
+func (s *DeleteBucketCorsInput) getBucket() (v string) {
+	if s.Bucket == nil {
+		return v
+	}
+	return *s.Bucket
+}
+
+// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
+func (s *DeleteBucketCorsInput) SetExpectedBucketOwner(v string) *DeleteBucketCorsInput {
+	s.ExpectedBucketOwner = &v
+	return s
+}
+
+func (s *DeleteBucketCorsInput) getEndpointARN() (arn.Resource, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	return parseEndpointARN(*s.Bucket)
+}
+
+func (s *DeleteBucketCorsInput) hasEndpointARN() bool {
+	if s.Bucket == nil {
+		return false
+	}
+	return arn.IsARN(*s.Bucket)
+}
+
+// updateArnableField updates the value of the input field that
+// takes an ARN as an input. This method is useful to backfill
+// the parsed resource name from ARN into the input member.
+// It returns a pointer to a modified copy of input and an error.
+// Note that original input is not modified.
+func (s DeleteBucketCorsInput) updateArnableField(v string) (interface{}, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	s.Bucket = aws.String(v)
+	return &s, nil
+}
+
+type DeleteBucketCorsOutput struct {
+	_ struct{} `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteBucketCorsOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteBucketCorsOutput) GoString() string {
+	return s.String()
+}
+
+type DeleteBucketEncryptionInput struct {
+	_ struct{} `locationName:"DeleteBucketEncryptionRequest" type:"structure"`
+
+	// The name of the bucket containing the server-side encryption configuration
+	// to delete.
+	//
+	// Bucket is a required field
+	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
+
+	// The account ID of the expected bucket owner. If the bucket is owned by a
+	// different account, the request fails with the HTTP status code 403 Forbidden
+	// (access denied).
+	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteBucketEncryptionInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteBucketEncryptionInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *DeleteBucketEncryptionInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "DeleteBucketEncryptionInput"}
+	if s.Bucket == nil {
+		invalidParams.Add(request.NewErrParamRequired("Bucket"))
+	}
+	if s.Bucket != nil && len(*s.Bucket) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetBucket sets the Bucket field's value.
+func (s *DeleteBucketEncryptionInput) SetBucket(v string) *DeleteBucketEncryptionInput {
+	s.Bucket = &v
+	return s
+}
+
+func (s *DeleteBucketEncryptionInput) getBucket() (v string) {
+	if s.Bucket == nil {
+		return v
+	}
+	return *s.Bucket
+}
+
+// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
+func (s *DeleteBucketEncryptionInput) SetExpectedBucketOwner(v string) *DeleteBucketEncryptionInput {
+	s.ExpectedBucketOwner = &v
+	return s
+}
+
+func (s *DeleteBucketEncryptionInput) getEndpointARN() (arn.Resource, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	return parseEndpointARN(*s.Bucket)
+}
+
+func (s *DeleteBucketEncryptionInput) hasEndpointARN() bool {
+	if s.Bucket == nil {
+		return false
+	}
+	return arn.IsARN(*s.Bucket)
+}
+
+// updateArnableField updates the value of the input field that
+// takes an ARN as an input. This method is useful to backfill
+// the parsed resource name from ARN into the input member.
+// It returns a pointer to a modified copy of input and an error.
+// Note that original input is not modified.
+func (s DeleteBucketEncryptionInput) updateArnableField(v string) (interface{}, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	s.Bucket = aws.String(v)
+	return &s, nil
+}
+
+type DeleteBucketEncryptionOutput struct {
+	_ struct{} `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteBucketEncryptionOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteBucketEncryptionOutput) GoString() string {
+	return s.String()
+}
+
+type DeleteBucketInput struct {
+	_ struct{} `locationName:"DeleteBucketRequest" type:"structure"`
+
+	// Specifies the bucket being deleted.
+	//
+	// Bucket is a required field
+	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
+
+	// The account ID of the expected bucket owner. If the bucket is owned by a
+	// different account, the request fails with the HTTP status code 403 Forbidden
+	// (access denied).
+	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteBucketInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteBucketInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *DeleteBucketInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "DeleteBucketInput"}
+	if s.Bucket == nil {
+		invalidParams.Add(request.NewErrParamRequired("Bucket"))
+	}
+	if s.Bucket != nil && len(*s.Bucket) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetBucket sets the Bucket field's value.
+func (s *DeleteBucketInput) SetBucket(v string) *DeleteBucketInput {
+	s.Bucket = &v
+	return s
+}
+
+func (s *DeleteBucketInput) getBucket() (v string) {
+	if s.Bucket == nil {
+		return v
+	}
+	return *s.Bucket
+}
+
+// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
+func (s *DeleteBucketInput) SetExpectedBucketOwner(v string) *DeleteBucketInput {
+	s.ExpectedBucketOwner = &v
+	return s
+}
+
+func (s *DeleteBucketInput) getEndpointARN() (arn.Resource, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	return parseEndpointARN(*s.Bucket)
+}
+
+func (s *DeleteBucketInput) hasEndpointARN() bool {
+	if s.Bucket == nil {
+		return false
+	}
+	return arn.IsARN(*s.Bucket)
+}
+
+// updateArnableField updates the value of the input field that
+// takes an ARN as an input. This method is useful to backfill
+// the parsed resource name from ARN into the input member.
+// It returns a pointer to a modified copy of input and an error.
+// Note that original input is not modified.
+func (s DeleteBucketInput) updateArnableField(v string) (interface{}, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	s.Bucket = aws.String(v)
+	return &s, nil
+}
+
+type DeleteBucketIntelligentTieringConfigurationInput struct {
+	_ struct{} `locationName:"DeleteBucketIntelligentTieringConfigurationRequest" type:"structure"`
+
+	// The name of the Amazon S3 bucket whose configuration you want to modify or
+	// retrieve.
+	//
+	// Bucket is a required field
+	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
+
+	// The ID used to identify the S3 Intelligent-Tiering configuration.
+	//
+	// Id is a required field
+	Id *string `location:"querystring" locationName:"id" type:"string" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteBucketIntelligentTieringConfigurationInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteBucketIntelligentTieringConfigurationInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *DeleteBucketIntelligentTieringConfigurationInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "DeleteBucketIntelligentTieringConfigurationInput"}
+	if s.Bucket == nil {
+		invalidParams.Add(request.NewErrParamRequired("Bucket"))
+	}
+	if s.Bucket != nil && len(*s.Bucket) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+	}
+	if s.Id == nil {
+		invalidParams.Add(request.NewErrParamRequired("Id"))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetBucket sets the Bucket field's value.
+func (s *DeleteBucketIntelligentTieringConfigurationInput) SetBucket(v string) *DeleteBucketIntelligentTieringConfigurationInput {
+	s.Bucket = &v
+	return s
+}
+
+func (s *DeleteBucketIntelligentTieringConfigurationInput) getBucket() (v string) {
+	if s.Bucket == nil {
+		return v
+	}
+	return *s.Bucket
+}
+
+// SetId sets the Id field's value.
+func (s *DeleteBucketIntelligentTieringConfigurationInput) SetId(v string) *DeleteBucketIntelligentTieringConfigurationInput {
+	s.Id = &v
+	return s
+}
+
+func (s *DeleteBucketIntelligentTieringConfigurationInput) getEndpointARN() (arn.Resource, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	return parseEndpointARN(*s.Bucket)
+}
+
+func (s *DeleteBucketIntelligentTieringConfigurationInput) hasEndpointARN() bool {
+	if s.Bucket == nil {
+		return false
+	}
+	return arn.IsARN(*s.Bucket)
+}
+
+// updateArnableField updates the value of the input field that
+// takes an ARN as an input. This method is useful to backfill
+// the parsed resource name from ARN into the input member.
+// It returns a pointer to a modified copy of input and an error.
+// Note that original input is not modified.
+func (s DeleteBucketIntelligentTieringConfigurationInput) updateArnableField(v string) (interface{}, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	s.Bucket = aws.String(v)
+	return &s, nil
+}
+
+type DeleteBucketIntelligentTieringConfigurationOutput struct {
+	_ struct{} `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteBucketIntelligentTieringConfigurationOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteBucketIntelligentTieringConfigurationOutput) GoString() string {
+	return s.String()
+}
+
+type DeleteBucketInventoryConfigurationInput struct {
+	_ struct{} `locationName:"DeleteBucketInventoryConfigurationRequest" type:"structure"`
+
+	// The name of the bucket containing the inventory configuration to delete.
+	//
+	// Bucket is a required field
+	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
+
+	// The account ID of the expected bucket owner. If the bucket is owned by a
+	// different account, the request fails with the HTTP status code 403 Forbidden
+	// (access denied).
+	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
+
+	// The ID used to identify the inventory configuration.
+	//
+	// Id is a required field
+	Id *string `location:"querystring" locationName:"id" type:"string" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteBucketInventoryConfigurationInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteBucketInventoryConfigurationInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *DeleteBucketInventoryConfigurationInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "DeleteBucketInventoryConfigurationInput"}
+	if s.Bucket == nil {
+		invalidParams.Add(request.NewErrParamRequired("Bucket"))
+	}
+	if s.Bucket != nil && len(*s.Bucket) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+	}
+	if s.Id == nil {
+		invalidParams.Add(request.NewErrParamRequired("Id"))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetBucket sets the Bucket field's value.
+func (s *DeleteBucketInventoryConfigurationInput) SetBucket(v string) *DeleteBucketInventoryConfigurationInput {
+	s.Bucket = &v
+	return s
+}
+
+func (s *DeleteBucketInventoryConfigurationInput) getBucket() (v string) {
+	if s.Bucket == nil {
+		return v
+	}
+	return *s.Bucket
+}
+
+// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
+func (s *DeleteBucketInventoryConfigurationInput) SetExpectedBucketOwner(v string) *DeleteBucketInventoryConfigurationInput {
+	s.ExpectedBucketOwner = &v
+	return s
+}
+
+// SetId sets the Id field's value.
+func (s *DeleteBucketInventoryConfigurationInput) SetId(v string) *DeleteBucketInventoryConfigurationInput {
+	s.Id = &v
+	return s
+}
+
+func (s *DeleteBucketInventoryConfigurationInput) getEndpointARN() (arn.Resource, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	return parseEndpointARN(*s.Bucket)
+}
+
+func (s *DeleteBucketInventoryConfigurationInput) hasEndpointARN() bool {
+	if s.Bucket == nil {
+		return false
+	}
+	return arn.IsARN(*s.Bucket)
+}
+
+// updateArnableField updates the value of the input field that
+// takes an ARN as an input. This method is useful to backfill
+// the parsed resource name from ARN into the input member.
+// It returns a pointer to a modified copy of input and an error.
+// Note that original input is not modified.
+func (s DeleteBucketInventoryConfigurationInput) updateArnableField(v string) (interface{}, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	s.Bucket = aws.String(v)
+	return &s, nil
+}
+
+type DeleteBucketInventoryConfigurationOutput struct {
+	_ struct{} `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteBucketInventoryConfigurationOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteBucketInventoryConfigurationOutput) GoString() string {
+	return s.String()
+}
+
+type DeleteBucketLifecycleInput struct {
+	_ struct{} `locationName:"DeleteBucketLifecycleRequest" type:"structure"`
+
+	// The bucket name of the lifecycle to delete.
+	//
+	// Bucket is a required field
+	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
+
+	// The account ID of the expected bucket owner. If the bucket is owned by a
+	// different account, the request fails with the HTTP status code 403 Forbidden
+	// (access denied).
+	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteBucketLifecycleInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteBucketLifecycleInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *DeleteBucketLifecycleInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "DeleteBucketLifecycleInput"}
+	if s.Bucket == nil {
+		invalidParams.Add(request.NewErrParamRequired("Bucket"))
+	}
+	if s.Bucket != nil && len(*s.Bucket) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetBucket sets the Bucket field's value.
+func (s *DeleteBucketLifecycleInput) SetBucket(v string) *DeleteBucketLifecycleInput {
+	s.Bucket = &v
+	return s
+}
+
+func (s *DeleteBucketLifecycleInput) getBucket() (v string) {
+	if s.Bucket == nil {
+		return v
+	}
+	return *s.Bucket
+}
+
+// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
+func (s *DeleteBucketLifecycleInput) SetExpectedBucketOwner(v string) *DeleteBucketLifecycleInput {
+	s.ExpectedBucketOwner = &v
+	return s
+}
+
+func (s *DeleteBucketLifecycleInput) getEndpointARN() (arn.Resource, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	return parseEndpointARN(*s.Bucket)
+}
+
+func (s *DeleteBucketLifecycleInput) hasEndpointARN() bool {
+	if s.Bucket == nil {
+		return false
+	}
+	return arn.IsARN(*s.Bucket)
+}
+
+// updateArnableField updates the value of the input field that
+// takes an ARN as an input. This method is useful to backfill
+// the parsed resource name from ARN into the input member.
+// It returns a pointer to a modified copy of input and an error.
+// Note that original input is not modified.
+func (s DeleteBucketLifecycleInput) updateArnableField(v string) (interface{}, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	s.Bucket = aws.String(v)
+	return &s, nil
+}
+
+type DeleteBucketLifecycleOutput struct {
+	_ struct{} `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteBucketLifecycleOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteBucketLifecycleOutput) GoString() string {
+	return s.String()
+}
+
+type DeleteBucketMetricsConfigurationInput struct {
+	_ struct{} `locationName:"DeleteBucketMetricsConfigurationRequest" type:"structure"`
+
+	// The name of the bucket containing the metrics configuration to delete.
+	//
+	// Bucket is a required field
+	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
+
+	// The account ID of the expected bucket owner. If the bucket is owned by a
+	// different account, the request fails with the HTTP status code 403 Forbidden
+	// (access denied).
+	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
+
+	// The ID used to identify the metrics configuration. The ID has a 64 character
+	// limit and can only contain letters, numbers, periods, dashes, and underscores.
+	//
+	// Id is a required field
+	Id *string `location:"querystring" locationName:"id" type:"string" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteBucketMetricsConfigurationInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteBucketMetricsConfigurationInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *DeleteBucketMetricsConfigurationInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "DeleteBucketMetricsConfigurationInput"}
+	if s.Bucket == nil {
+		invalidParams.Add(request.NewErrParamRequired("Bucket"))
+	}
+	if s.Bucket != nil && len(*s.Bucket) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+	}
+	if s.Id == nil {
+		invalidParams.Add(request.NewErrParamRequired("Id"))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetBucket sets the Bucket field's value.
+func (s *DeleteBucketMetricsConfigurationInput) SetBucket(v string) *DeleteBucketMetricsConfigurationInput {
+	s.Bucket = &v
+	return s
+}
+
+func (s *DeleteBucketMetricsConfigurationInput) getBucket() (v string) {
+	if s.Bucket == nil {
+		return v
+	}
+	return *s.Bucket
+}
+
+// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
+func (s *DeleteBucketMetricsConfigurationInput) SetExpectedBucketOwner(v string) *DeleteBucketMetricsConfigurationInput {
+	s.ExpectedBucketOwner = &v
+	return s
+}
+
+// SetId sets the Id field's value.
+func (s *DeleteBucketMetricsConfigurationInput) SetId(v string) *DeleteBucketMetricsConfigurationInput {
+	s.Id = &v
+	return s
+}
+
+func (s *DeleteBucketMetricsConfigurationInput) getEndpointARN() (arn.Resource, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	return parseEndpointARN(*s.Bucket)
+}
+
+func (s *DeleteBucketMetricsConfigurationInput) hasEndpointARN() bool {
+	if s.Bucket == nil {
+		return false
+	}
+	return arn.IsARN(*s.Bucket)
+}
+
+// updateArnableField updates the value of the input field that
+// takes an ARN as an input. This method is useful to backfill
+// the parsed resource name from ARN into the input member.
+// It returns a pointer to a modified copy of input and an error.
+// Note that original input is not modified.
+func (s DeleteBucketMetricsConfigurationInput) updateArnableField(v string) (interface{}, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	s.Bucket = aws.String(v)
+	return &s, nil
+}
+
+type DeleteBucketMetricsConfigurationOutput struct {
+	_ struct{} `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteBucketMetricsConfigurationOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteBucketMetricsConfigurationOutput) GoString() string {
+	return s.String()
+}
+
+type DeleteBucketOutput struct {
+	_ struct{} `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteBucketOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteBucketOutput) GoString() string {
+	return s.String()
+}
+
+type DeleteBucketOwnershipControlsInput struct {
+	_ struct{} `locationName:"DeleteBucketOwnershipControlsRequest" type:"structure"`
+
+	// The Amazon S3 bucket whose OwnershipControls you want to delete.
+	//
+	// Bucket is a required field
+	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
+
+	// The account ID of the expected bucket owner. If the bucket is owned by a
+	// different account, the request fails with the HTTP status code 403 Forbidden
+	// (access denied).
+	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteBucketOwnershipControlsInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteBucketOwnershipControlsInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *DeleteBucketOwnershipControlsInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "DeleteBucketOwnershipControlsInput"}
+	if s.Bucket == nil {
+		invalidParams.Add(request.NewErrParamRequired("Bucket"))
+	}
+	if s.Bucket != nil && len(*s.Bucket) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetBucket sets the Bucket field's value.
+func (s *DeleteBucketOwnershipControlsInput) SetBucket(v string) *DeleteBucketOwnershipControlsInput {
+	s.Bucket = &v
+	return s
+}
+
+func (s *DeleteBucketOwnershipControlsInput) getBucket() (v string) {
+	if s.Bucket == nil {
+		return v
+	}
+	return *s.Bucket
+}
+
+// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
+func (s *DeleteBucketOwnershipControlsInput) SetExpectedBucketOwner(v string) *DeleteBucketOwnershipControlsInput {
+	s.ExpectedBucketOwner = &v
+	return s
+}
+
+func (s *DeleteBucketOwnershipControlsInput) getEndpointARN() (arn.Resource, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	return parseEndpointARN(*s.Bucket)
+}
+
+func (s *DeleteBucketOwnershipControlsInput) hasEndpointARN() bool {
+	if s.Bucket == nil {
+		return false
+	}
+	return arn.IsARN(*s.Bucket)
+}
+
+// updateArnableField updates the value of the input field that
+// takes an ARN as an input. This method is useful to backfill
+// the parsed resource name from ARN into the input member.
+// It returns a pointer to a modified copy of input and an error.
+// Note that original input is not modified.
+func (s DeleteBucketOwnershipControlsInput) updateArnableField(v string) (interface{}, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	s.Bucket = aws.String(v)
+	return &s, nil
+}
+
+type DeleteBucketOwnershipControlsOutput struct {
+	_ struct{} `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteBucketOwnershipControlsOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteBucketOwnershipControlsOutput) GoString() string {
+	return s.String()
+}
+
+type DeleteBucketPolicyInput struct {
+	_ struct{} `locationName:"DeleteBucketPolicyRequest" type:"structure"`
+
+	// The bucket name.
+	//
+	// Bucket is a required field
+	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
+
+	// The account ID of the expected bucket owner. If the bucket is owned by a
+	// different account, the request fails with the HTTP status code 403 Forbidden
+	// (access denied).
+	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteBucketPolicyInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteBucketPolicyInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *DeleteBucketPolicyInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "DeleteBucketPolicyInput"}
+	if s.Bucket == nil {
+		invalidParams.Add(request.NewErrParamRequired("Bucket"))
+	}
+	if s.Bucket != nil && len(*s.Bucket) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetBucket sets the Bucket field's value.
+func (s *DeleteBucketPolicyInput) SetBucket(v string) *DeleteBucketPolicyInput {
+	s.Bucket = &v
+	return s
+}
+
+func (s *DeleteBucketPolicyInput) getBucket() (v string) {
+	if s.Bucket == nil {
+		return v
+	}
+	return *s.Bucket
+}
+
+// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
+func (s *DeleteBucketPolicyInput) SetExpectedBucketOwner(v string) *DeleteBucketPolicyInput {
+	s.ExpectedBucketOwner = &v
+	return s
+}
+
+func (s *DeleteBucketPolicyInput) getEndpointARN() (arn.Resource, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	return parseEndpointARN(*s.Bucket)
+}
+
+func (s *DeleteBucketPolicyInput) hasEndpointARN() bool {
+	if s.Bucket == nil {
+		return false
+	}
+	return arn.IsARN(*s.Bucket)
+}
+
+// updateArnableField updates the value of the input field that
+// takes an ARN as an input. This method is useful to backfill
+// the parsed resource name from ARN into the input member.
+// It returns a pointer to a modified copy of input and an error.
+// Note that original input is not modified.
+func (s DeleteBucketPolicyInput) updateArnableField(v string) (interface{}, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	s.Bucket = aws.String(v)
+	return &s, nil
+}
+
+type DeleteBucketPolicyOutput struct {
+	_ struct{} `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteBucketPolicyOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteBucketPolicyOutput) GoString() string {
+	return s.String()
+}
+
+type DeleteBucketReplicationInput struct {
+	_ struct{} `locationName:"DeleteBucketReplicationRequest" type:"structure"`
+
+	// The bucket name.
+	//
+	// Bucket is a required field
+	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
+
+	// The account ID of the expected bucket owner. If the bucket is owned by a
+	// different account, the request fails with the HTTP status code 403 Forbidden
+	// (access denied).
+	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteBucketReplicationInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteBucketReplicationInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *DeleteBucketReplicationInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "DeleteBucketReplicationInput"}
+	if s.Bucket == nil {
+		invalidParams.Add(request.NewErrParamRequired("Bucket"))
+	}
+	if s.Bucket != nil && len(*s.Bucket) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetBucket sets the Bucket field's value.
+func (s *DeleteBucketReplicationInput) SetBucket(v string) *DeleteBucketReplicationInput {
+	s.Bucket = &v
+	return s
+}
+
+func (s *DeleteBucketReplicationInput) getBucket() (v string) {
+	if s.Bucket == nil {
+		return v
+	}
+	return *s.Bucket
+}
+
+// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
+func (s *DeleteBucketReplicationInput) SetExpectedBucketOwner(v string) *DeleteBucketReplicationInput {
+	s.ExpectedBucketOwner = &v
+	return s
+}
+
+func (s *DeleteBucketReplicationInput) getEndpointARN() (arn.Resource, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	return parseEndpointARN(*s.Bucket)
+}
+
+func (s *DeleteBucketReplicationInput) hasEndpointARN() bool {
+	if s.Bucket == nil {
+		return false
+	}
+	return arn.IsARN(*s.Bucket)
+}
+
+// updateArnableField updates the value of the input field that
+// takes an ARN as an input. This method is useful to backfill
+// the parsed resource name from ARN into the input member.
+// It returns a pointer to a modified copy of input and an error.
+// Note that original input is not modified.
+func (s DeleteBucketReplicationInput) updateArnableField(v string) (interface{}, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	s.Bucket = aws.String(v)
+	return &s, nil
+}
+
+type DeleteBucketReplicationOutput struct {
+	_ struct{} `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteBucketReplicationOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteBucketReplicationOutput) GoString() string {
+	return s.String()
+}
+
+type DeleteBucketTaggingInput struct {
+	_ struct{} `locationName:"DeleteBucketTaggingRequest" type:"structure"`
+
+	// The bucket that has the tag set to be removed.
+	//
+	// Bucket is a required field
+	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
+
+	// The account ID of the expected bucket owner. If the bucket is owned by a
+	// different account, the request fails with the HTTP status code 403 Forbidden
+	// (access denied).
+	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteBucketTaggingInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteBucketTaggingInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *DeleteBucketTaggingInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "DeleteBucketTaggingInput"}
+	if s.Bucket == nil {
+		invalidParams.Add(request.NewErrParamRequired("Bucket"))
+	}
+	if s.Bucket != nil && len(*s.Bucket) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetBucket sets the Bucket field's value.
+func (s *DeleteBucketTaggingInput) SetBucket(v string) *DeleteBucketTaggingInput {
+	s.Bucket = &v
+	return s
+}
+
+func (s *DeleteBucketTaggingInput) getBucket() (v string) {
+	if s.Bucket == nil {
+		return v
+	}
+	return *s.Bucket
+}
+
+// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
+func (s *DeleteBucketTaggingInput) SetExpectedBucketOwner(v string) *DeleteBucketTaggingInput {
+	s.ExpectedBucketOwner = &v
+	return s
+}
+
+func (s *DeleteBucketTaggingInput) getEndpointARN() (arn.Resource, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	return parseEndpointARN(*s.Bucket)
+}
+
+func (s *DeleteBucketTaggingInput) hasEndpointARN() bool {
+	if s.Bucket == nil {
+		return false
+	}
+	return arn.IsARN(*s.Bucket)
+}
+
+// updateArnableField updates the value of the input field that
+// takes an ARN as an input. This method is useful to backfill
+// the parsed resource name from ARN into the input member.
+// It returns a pointer to a modified copy of input and an error.
+// Note that original input is not modified.
+func (s DeleteBucketTaggingInput) updateArnableField(v string) (interface{}, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	s.Bucket = aws.String(v)
+	return &s, nil
+}
+
+type DeleteBucketTaggingOutput struct {
+	_ struct{} `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteBucketTaggingOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteBucketTaggingOutput) GoString() string {
+	return s.String()
+}
+
+type DeleteBucketWebsiteInput struct {
+	_ struct{} `locationName:"DeleteBucketWebsiteRequest" type:"structure"`
+
+	// The bucket name for which you want to remove the website configuration.
+	//
+	// Bucket is a required field
+	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
+
+	// The account ID of the expected bucket owner. If the bucket is owned by a
+	// different account, the request fails with the HTTP status code 403 Forbidden
+	// (access denied).
+	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteBucketWebsiteInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteBucketWebsiteInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *DeleteBucketWebsiteInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "DeleteBucketWebsiteInput"}
+	if s.Bucket == nil {
+		invalidParams.Add(request.NewErrParamRequired("Bucket"))
+	}
+	if s.Bucket != nil && len(*s.Bucket) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetBucket sets the Bucket field's value.
+func (s *DeleteBucketWebsiteInput) SetBucket(v string) *DeleteBucketWebsiteInput {
+	s.Bucket = &v
+	return s
+}
+
+func (s *DeleteBucketWebsiteInput) getBucket() (v string) {
+	if s.Bucket == nil {
+		return v
+	}
+	return *s.Bucket
+}
+
+// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
+func (s *DeleteBucketWebsiteInput) SetExpectedBucketOwner(v string) *DeleteBucketWebsiteInput {
+	s.ExpectedBucketOwner = &v
+	return s
+}
+
+func (s *DeleteBucketWebsiteInput) getEndpointARN() (arn.Resource, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	return parseEndpointARN(*s.Bucket)
+}
+
+func (s *DeleteBucketWebsiteInput) hasEndpointARN() bool {
+	if s.Bucket == nil {
+		return false
+	}
+	return arn.IsARN(*s.Bucket)
+}
+
+// updateArnableField updates the value of the input field that
+// takes an ARN as an input. This method is useful to backfill
+// the parsed resource name from ARN into the input member.
+// It returns a pointer to a modified copy of input and an error.
+// Note that original input is not modified.
+func (s DeleteBucketWebsiteInput) updateArnableField(v string) (interface{}, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	s.Bucket = aws.String(v)
+	return &s, nil
+}
+
+type DeleteBucketWebsiteOutput struct {
+	_ struct{} `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteBucketWebsiteOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteBucketWebsiteOutput) GoString() string {
+	return s.String()
+}
+
+// Information about the delete marker.
+type DeleteMarkerEntry struct {
+	_ struct{} `type:"structure"`
+
+	// Specifies whether the object is (true) or is not (false) the latest version
+	// of an object.
+	IsLatest *bool `type:"boolean"`
+
+	// The object key.
+	Key *string `min:"1" type:"string"`
+
+	// Date and time the object was last modified.
+	LastModified *time.Time `type:"timestamp"`
+
+	// The account that created the delete marker.>
+	Owner *Owner `type:"structure"`
+
+	// Version ID of an object.
+	VersionId *string `type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteMarkerEntry) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteMarkerEntry) GoString() string {
+	return s.String()
+}
+
+// SetIsLatest sets the IsLatest field's value.
+func (s *DeleteMarkerEntry) SetIsLatest(v bool) *DeleteMarkerEntry {
+	s.IsLatest = &v
+	return s
+}
+
+// SetKey sets the Key field's value.
+func (s *DeleteMarkerEntry) SetKey(v string) *DeleteMarkerEntry {
+	s.Key = &v
+	return s
+}
+
+// SetLastModified sets the LastModified field's value.
+func (s *DeleteMarkerEntry) SetLastModified(v time.Time) *DeleteMarkerEntry {
+	s.LastModified = &v
+	return s
+}
+
+// SetOwner sets the Owner field's value.
+func (s *DeleteMarkerEntry) SetOwner(v *Owner) *DeleteMarkerEntry {
+	s.Owner = v
+	return s
+}
+
+// SetVersionId sets the VersionId field's value.
+func (s *DeleteMarkerEntry) SetVersionId(v string) *DeleteMarkerEntry {
+	s.VersionId = &v
+	return s
+}
+
+// Specifies whether Amazon S3 replicates delete markers. If you specify a Filter
+// in your replication configuration, you must also include a DeleteMarkerReplication
+// element. If your Filter includes a Tag element, the DeleteMarkerReplication
+// Status must be set to Disabled, because Amazon S3 does not support replicating
+// delete markers for tag-based rules. For an example configuration, see Basic
+// Rule Configuration (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-add-config.html#replication-config-min-rule-config).
+//
+// For more information about delete marker replication, see Basic Rule Configuration
+// (https://docs.aws.amazon.com/AmazonS3/latest/dev/delete-marker-replication.html).
+//
+// If you are using an earlier version of the replication configuration, Amazon
+// S3 handles replication of delete markers differently. For more information,
+// see Backward Compatibility (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-add-config.html#replication-backward-compat-considerations).
+type DeleteMarkerReplication struct {
+	_ struct{} `type:"structure"`
+
+	// Indicates whether to replicate delete markers.
+	//
+	// Indicates whether to replicate delete markers.
+	Status *string `type:"string" enum:"DeleteMarkerReplicationStatus"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteMarkerReplication) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteMarkerReplication) GoString() string {
+	return s.String()
+}
+
+// SetStatus sets the Status field's value.
+func (s *DeleteMarkerReplication) SetStatus(v string) *DeleteMarkerReplication {
+	s.Status = &v
+	return s
+}
+
+type DeleteObjectInput struct {
+	_ struct{} `locationName:"DeleteObjectRequest" type:"structure"`
+
+	// The bucket name of the bucket containing the object.
+	//
+	// When using this action with an access point, you must direct requests to
+	// the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com.
+	// When using this action with an access point through the Amazon Web Services
+	// SDKs, you provide the access point ARN in place of the bucket name. For more
+	// information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
+	// in the Amazon S3 User Guide.
+	//
+	// When you use this action with Amazon S3 on Outposts, you must direct requests
+	// to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form
+	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When
+	// you use this action with S3 on Outposts through the Amazon Web Services SDKs,
+	// you provide the Outposts access point ARN in place of the bucket name. For
+	// more information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
+	// in the Amazon S3 User Guide.
+	//
+	// Bucket is a required field
+	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
+
+	// Indicates whether S3 Object Lock should bypass Governance-mode restrictions
+	// to process this operation. To use this header, you must have the s3:BypassGovernanceRetention
+	// permission.
+	BypassGovernanceRetention *bool `location:"header" locationName:"x-amz-bypass-governance-retention" type:"boolean"`
+
+	// The account ID of the expected bucket owner. If the bucket is owned by a
+	// different account, the request fails with the HTTP status code 403 Forbidden
+	// (access denied).
+	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
+
+	// Key name of the object to delete.
+	//
+	// Key is a required field
+	Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"`
+
+	// The concatenation of the authentication device's serial number, a space,
+	// and the value that is displayed on your authentication device. Required to
+	// permanently delete a versioned object if versioning is configured with MFA
+	// delete enabled.
+	MFA *string `location:"header" locationName:"x-amz-mfa" type:"string"`
+
+	// Confirms that the requester knows that they will be charged for the request.
+	// Bucket owners need not specify this parameter in their requests. For information
+	// about downloading objects from Requester Pays buckets, see Downloading Objects
+	// in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
+	// in the Amazon S3 User Guide.
+	RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"`
+
+	// VersionId used to reference a specific version of the object.
+	VersionId *string `location:"querystring" locationName:"versionId" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteObjectInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteObjectInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *DeleteObjectInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "DeleteObjectInput"}
+	if s.Bucket == nil {
+		invalidParams.Add(request.NewErrParamRequired("Bucket"))
+	}
+	if s.Bucket != nil && len(*s.Bucket) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+	}
+	if s.Key == nil {
+		invalidParams.Add(request.NewErrParamRequired("Key"))
+	}
+	if s.Key != nil && len(*s.Key) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Key", 1))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetBucket sets the Bucket field's value.
+func (s *DeleteObjectInput) SetBucket(v string) *DeleteObjectInput {
+	s.Bucket = &v
+	return s
+}
+
+func (s *DeleteObjectInput) getBucket() (v string) {
+	if s.Bucket == nil {
+		return v
+	}
+	return *s.Bucket
+}
+
+// SetBypassGovernanceRetention sets the BypassGovernanceRetention field's value.
+func (s *DeleteObjectInput) SetBypassGovernanceRetention(v bool) *DeleteObjectInput {
+	s.BypassGovernanceRetention = &v
+	return s
+}
+
+// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
+func (s *DeleteObjectInput) SetExpectedBucketOwner(v string) *DeleteObjectInput {
+	s.ExpectedBucketOwner = &v
+	return s
+}
+
+// SetKey sets the Key field's value.
+func (s *DeleteObjectInput) SetKey(v string) *DeleteObjectInput {
+	s.Key = &v
+	return s
+}
+
+// SetMFA sets the MFA field's value.
+func (s *DeleteObjectInput) SetMFA(v string) *DeleteObjectInput {
+	s.MFA = &v
+	return s
+}
+
+// SetRequestPayer sets the RequestPayer field's value.
+func (s *DeleteObjectInput) SetRequestPayer(v string) *DeleteObjectInput {
+	s.RequestPayer = &v
+	return s
+}
+
+// SetVersionId sets the VersionId field's value.
+func (s *DeleteObjectInput) SetVersionId(v string) *DeleteObjectInput {
+	s.VersionId = &v
+	return s
+}
+
+func (s *DeleteObjectInput) getEndpointARN() (arn.Resource, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	return parseEndpointARN(*s.Bucket)
+}
+
+func (s *DeleteObjectInput) hasEndpointARN() bool {
+	if s.Bucket == nil {
+		return false
+	}
+	return arn.IsARN(*s.Bucket)
+}
+
+// updateArnableField updates the value of the input field that
+// takes an ARN as an input. This method is useful to backfill
+// the parsed resource name from ARN into the input member.
+// It returns a pointer to a modified copy of input and an error.
+// Note that original input is not modified.
+func (s DeleteObjectInput) updateArnableField(v string) (interface{}, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	s.Bucket = aws.String(v)
+	return &s, nil
+}
+
+type DeleteObjectOutput struct {
+	_ struct{} `type:"structure"`
+
+	// Specifies whether the versioned object that was permanently deleted was (true)
+	// or was not (false) a delete marker.
+	DeleteMarker *bool `location:"header" locationName:"x-amz-delete-marker" type:"boolean"`
+
+	// If present, indicates that the requester was successfully charged for the
+	// request.
+	RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"`
+
+	// Returns the version ID of the delete marker created as a result of the DELETE
+	// operation.
+	VersionId *string `location:"header" locationName:"x-amz-version-id" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteObjectOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteObjectOutput) GoString() string {
+	return s.String()
+}
+
+// SetDeleteMarker sets the DeleteMarker field's value.
+func (s *DeleteObjectOutput) SetDeleteMarker(v bool) *DeleteObjectOutput {
+	s.DeleteMarker = &v
+	return s
+}
+
+// SetRequestCharged sets the RequestCharged field's value.
+func (s *DeleteObjectOutput) SetRequestCharged(v string) *DeleteObjectOutput {
+	s.RequestCharged = &v
+	return s
+}
+
+// SetVersionId sets the VersionId field's value.
+func (s *DeleteObjectOutput) SetVersionId(v string) *DeleteObjectOutput {
+	s.VersionId = &v
+	return s
+}
+
+type DeleteObjectTaggingInput struct {
+	_ struct{} `locationName:"DeleteObjectTaggingRequest" type:"structure"`
+
+	// The bucket name containing the objects from which to remove the tags.
+	//
+	// When using this action with an access point, you must direct requests to
+	// the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com.
+	// When using this action with an access point through the Amazon Web Services
+	// SDKs, you provide the access point ARN in place of the bucket name. For more
+	// information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
+	// in the Amazon S3 User Guide.
+	//
+	// When you use this action with Amazon S3 on Outposts, you must direct requests
+	// to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form
+	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When
+	// you use this action with S3 on Outposts through the Amazon Web Services SDKs,
+	// you provide the Outposts access point ARN in place of the bucket name. For
+	// more information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
+	// in the Amazon S3 User Guide.
+	//
+	// Bucket is a required field
+	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
+
+	// The account ID of the expected bucket owner. If the bucket is owned by a
+	// different account, the request fails with the HTTP status code 403 Forbidden
+	// (access denied).
+	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
+
+	// The key that identifies the object in the bucket from which to remove all
+	// tags.
+	//
+	// Key is a required field
+	Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"`
+
+	// The versionId of the object that the tag-set will be removed from.
+	VersionId *string `location:"querystring" locationName:"versionId" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteObjectTaggingInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteObjectTaggingInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *DeleteObjectTaggingInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "DeleteObjectTaggingInput"}
+	if s.Bucket == nil {
+		invalidParams.Add(request.NewErrParamRequired("Bucket"))
+	}
+	if s.Bucket != nil && len(*s.Bucket) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+	}
+	if s.Key == nil {
+		invalidParams.Add(request.NewErrParamRequired("Key"))
+	}
+	if s.Key != nil && len(*s.Key) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Key", 1))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetBucket sets the Bucket field's value.
+func (s *DeleteObjectTaggingInput) SetBucket(v string) *DeleteObjectTaggingInput {
+	s.Bucket = &v
+	return s
+}
+
+func (s *DeleteObjectTaggingInput) getBucket() (v string) {
+	if s.Bucket == nil {
+		return v
+	}
+	return *s.Bucket
+}
+
+// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
+func (s *DeleteObjectTaggingInput) SetExpectedBucketOwner(v string) *DeleteObjectTaggingInput {
+	s.ExpectedBucketOwner = &v
+	return s
+}
+
+// SetKey sets the Key field's value.
+func (s *DeleteObjectTaggingInput) SetKey(v string) *DeleteObjectTaggingInput {
+	s.Key = &v
+	return s
+}
+
+// SetVersionId sets the VersionId field's value.
+func (s *DeleteObjectTaggingInput) SetVersionId(v string) *DeleteObjectTaggingInput {
+	s.VersionId = &v
+	return s
+}
+
+func (s *DeleteObjectTaggingInput) getEndpointARN() (arn.Resource, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	return parseEndpointARN(*s.Bucket)
+}
+
+func (s *DeleteObjectTaggingInput) hasEndpointARN() bool {
+	if s.Bucket == nil {
+		return false
+	}
+	return arn.IsARN(*s.Bucket)
+}
+
+// updateArnableField updates the value of the input field that
+// takes an ARN as an input. This method is useful to backfill
+// the parsed resource name from ARN into the input member.
+// It returns a pointer to a modified copy of input and an error.
+// Note that original input is not modified.
+func (s DeleteObjectTaggingInput) updateArnableField(v string) (interface{}, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	s.Bucket = aws.String(v)
+	return &s, nil
+}
+
+type DeleteObjectTaggingOutput struct {
+	_ struct{} `type:"structure"`
+
+	// The versionId of the object the tag-set was removed from.
+	VersionId *string `location:"header" locationName:"x-amz-version-id" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteObjectTaggingOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteObjectTaggingOutput) GoString() string {
+	return s.String()
+}
+
+// SetVersionId sets the VersionId field's value.
+func (s *DeleteObjectTaggingOutput) SetVersionId(v string) *DeleteObjectTaggingOutput {
+	s.VersionId = &v
+	return s
+}
+
+type DeleteObjectsInput struct {
+	_ struct{} `locationName:"DeleteObjectsRequest" type:"structure" payload:"Delete"`
+
+	// The bucket name containing the objects to delete.
+	//
+	// When using this action with an access point, you must direct requests to
+	// the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com.
+	// When using this action with an access point through the Amazon Web Services
+	// SDKs, you provide the access point ARN in place of the bucket name. For more
+	// information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
+	// in the Amazon S3 User Guide.
+	//
+	// When you use this action with Amazon S3 on Outposts, you must direct requests
+	// to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form
+	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When
+	// you use this action with S3 on Outposts through the Amazon Web Services SDKs,
+	// you provide the Outposts access point ARN in place of the bucket name. For
+	// more information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
+	// in the Amazon S3 User Guide.
+	//
+	// Bucket is a required field
+	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
+
+	// Specifies whether you want to delete this object even if it has a Governance-type
+	// Object Lock in place. To use this header, you must have the s3:BypassGovernanceRetention
+	// permission.
+	BypassGovernanceRetention *bool `location:"header" locationName:"x-amz-bypass-governance-retention" type:"boolean"`
+
+	// Indicates the algorithm used to create the checksum for the object when using
+	// the SDK. This header will not provide any additional functionality if not
+	// using the SDK. When sending this header, there must be a corresponding x-amz-checksum
+	// or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with
+	// the HTTP status code 400 Bad Request. For more information, see Checking
+	// object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// in the Amazon S3 User Guide.
+	//
+	// If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm
+	// parameter.
+	//
+	// This checksum algorithm must be the same for all parts and it match the checksum
+	// value supplied in the CreateMultipartUpload request.
+	//
+	// The AWS SDK for Go v1 does not support automatic computing request payload
+	// checksum. This feature is available in the AWS SDK for Go v2. If a value
+	// is specified for this parameter, the matching algorithm's checksum member
+	// must be populated with the algorithm's checksum of the request payload.
+	//
+	// The SDK will automatically compute the Content-MD5 checksum for this operation.
+	// The AWS SDK for Go v2 allows you to configure alternative checksum algorithm
+	// to be used.
+	ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"`
+
+	// Container for the request.
+	//
+	// Delete is a required field
+	Delete *Delete `locationName:"Delete" type:"structure" required:"true" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"`
+
+	// The account ID of the expected bucket owner. If the bucket is owned by a
+	// different account, the request fails with the HTTP status code 403 Forbidden
+	// (access denied).
+	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
+
+	// The concatenation of the authentication device's serial number, a space,
+	// and the value that is displayed on your authentication device. Required to
+	// permanently delete a versioned object if versioning is configured with MFA
+	// delete enabled.
+	MFA *string `location:"header" locationName:"x-amz-mfa" type:"string"`
+
+	// Confirms that the requester knows that they will be charged for the request.
+	// Bucket owners need not specify this parameter in their requests. For information
+	// about downloading objects from Requester Pays buckets, see Downloading Objects
+	// in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
+	// in the Amazon S3 User Guide.
+	RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteObjectsInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteObjectsInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *DeleteObjectsInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "DeleteObjectsInput"}
+	if s.Bucket == nil {
+		invalidParams.Add(request.NewErrParamRequired("Bucket"))
+	}
+	if s.Bucket != nil && len(*s.Bucket) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+	}
+	if s.Delete == nil {
+		invalidParams.Add(request.NewErrParamRequired("Delete"))
+	}
+	if s.Delete != nil {
+		if err := s.Delete.Validate(); err != nil {
+			invalidParams.AddNested("Delete", err.(request.ErrInvalidParams))
+		}
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetBucket sets the Bucket field's value.
+func (s *DeleteObjectsInput) SetBucket(v string) *DeleteObjectsInput {
+	s.Bucket = &v
+	return s
+}
+
+func (s *DeleteObjectsInput) getBucket() (v string) {
+	if s.Bucket == nil {
+		return v
+	}
+	return *s.Bucket
+}
+
+// SetBypassGovernanceRetention sets the BypassGovernanceRetention field's value.
+func (s *DeleteObjectsInput) SetBypassGovernanceRetention(v bool) *DeleteObjectsInput {
+	s.BypassGovernanceRetention = &v
+	return s
+}
+
+// SetChecksumAlgorithm sets the ChecksumAlgorithm field's value.
+func (s *DeleteObjectsInput) SetChecksumAlgorithm(v string) *DeleteObjectsInput {
+	s.ChecksumAlgorithm = &v
+	return s
+}
+
+// SetDelete sets the Delete field's value.
+func (s *DeleteObjectsInput) SetDelete(v *Delete) *DeleteObjectsInput {
+	s.Delete = v
+	return s
+}
+
+// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
+func (s *DeleteObjectsInput) SetExpectedBucketOwner(v string) *DeleteObjectsInput {
+	s.ExpectedBucketOwner = &v
+	return s
+}
+
+// SetMFA sets the MFA field's value.
+func (s *DeleteObjectsInput) SetMFA(v string) *DeleteObjectsInput {
+	s.MFA = &v
+	return s
+}
+
+// SetRequestPayer sets the RequestPayer field's value.
+func (s *DeleteObjectsInput) SetRequestPayer(v string) *DeleteObjectsInput {
+	s.RequestPayer = &v
+	return s
+}
+
+func (s *DeleteObjectsInput) getEndpointARN() (arn.Resource, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	return parseEndpointARN(*s.Bucket)
+}
+
+func (s *DeleteObjectsInput) hasEndpointARN() bool {
+	if s.Bucket == nil {
+		return false
+	}
+	return arn.IsARN(*s.Bucket)
+}
+
+// updateArnableField updates the value of the input field that
+// takes an ARN as an input. This method is useful to backfill
+// the parsed resource name from ARN into the input member.
+// It returns a pointer to a modified copy of input and an error.
+// Note that original input is not modified.
+func (s DeleteObjectsInput) updateArnableField(v string) (interface{}, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	s.Bucket = aws.String(v)
+	return &s, nil
+}
+
+type DeleteObjectsOutput struct {
+	_ struct{} `type:"structure"`
+
+	// Container element for a successful delete. It identifies the object that
+	// was successfully deleted.
+	Deleted []*DeletedObject `type:"list" flattened:"true"`
+
+	// Container for a failed delete action that describes the object that Amazon
+	// S3 attempted to delete and the error it encountered.
+	Errors []*Error `locationName:"Error" type:"list" flattened:"true"`
+
+	// If present, indicates that the requester was successfully charged for the
+	// request.
+	RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteObjectsOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteObjectsOutput) GoString() string {
+	return s.String()
+}
+
+// SetDeleted sets the Deleted field's value.
+func (s *DeleteObjectsOutput) SetDeleted(v []*DeletedObject) *DeleteObjectsOutput {
+	s.Deleted = v
+	return s
+}
+
+// SetErrors sets the Errors field's value.
+func (s *DeleteObjectsOutput) SetErrors(v []*Error) *DeleteObjectsOutput {
+	s.Errors = v
+	return s
+}
+
+// SetRequestCharged sets the RequestCharged field's value.
+func (s *DeleteObjectsOutput) SetRequestCharged(v string) *DeleteObjectsOutput {
+	s.RequestCharged = &v
+	return s
+}
+
+type DeletePublicAccessBlockInput struct {
+	_ struct{} `locationName:"DeletePublicAccessBlockRequest" type:"structure"`
+
+	// The Amazon S3 bucket whose PublicAccessBlock configuration you want to delete.
+	//
+	// Bucket is a required field
+	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
+
+	// The account ID of the expected bucket owner. If the bucket is owned by a
+	// different account, the request fails with the HTTP status code 403 Forbidden
+	// (access denied).
+	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeletePublicAccessBlockInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeletePublicAccessBlockInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *DeletePublicAccessBlockInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "DeletePublicAccessBlockInput"}
+	if s.Bucket == nil {
+		invalidParams.Add(request.NewErrParamRequired("Bucket"))
+	}
+	if s.Bucket != nil && len(*s.Bucket) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetBucket sets the Bucket field's value.
+func (s *DeletePublicAccessBlockInput) SetBucket(v string) *DeletePublicAccessBlockInput {
+	s.Bucket = &v
+	return s
+}
+
+func (s *DeletePublicAccessBlockInput) getBucket() (v string) {
+	if s.Bucket == nil {
+		return v
+	}
+	return *s.Bucket
+}
+
+// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
+func (s *DeletePublicAccessBlockInput) SetExpectedBucketOwner(v string) *DeletePublicAccessBlockInput {
+	s.ExpectedBucketOwner = &v
+	return s
+}
+
+func (s *DeletePublicAccessBlockInput) getEndpointARN() (arn.Resource, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	return parseEndpointARN(*s.Bucket)
+}
+
+func (s *DeletePublicAccessBlockInput) hasEndpointARN() bool {
+	if s.Bucket == nil {
+		return false
+	}
+	return arn.IsARN(*s.Bucket)
+}
+
+// updateArnableField updates the value of the input field that
+// takes an ARN as an input. This method is useful to backfill
+// the parsed resource name from ARN into the input member.
+// It returns a pointer to a modified copy of input and an error.
+// Note that original input is not modified.
+func (s DeletePublicAccessBlockInput) updateArnableField(v string) (interface{}, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	s.Bucket = aws.String(v)
+	return &s, nil
+}
+
+type DeletePublicAccessBlockOutput struct {
+	_ struct{} `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeletePublicAccessBlockOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeletePublicAccessBlockOutput) GoString() string {
+	return s.String()
+}
+
+// Information about the deleted object.
+type DeletedObject struct {
+	_ struct{} `type:"structure"`
+
+	// Specifies whether the versioned object that was permanently deleted was (true)
+	// or was not (false) a delete marker. In a simple DELETE, this header indicates
+	// whether (true) or not (false) a delete marker was created.
+	DeleteMarker *bool `type:"boolean"`
+
+	// The version ID of the delete marker created as a result of the DELETE operation.
+	// If you delete a specific object version, the value returned by this header
+	// is the version ID of the object version deleted.
+	DeleteMarkerVersionId *string `type:"string"`
+
+	// The name of the deleted object.
+	Key *string `min:"1" type:"string"`
+
+	// The version ID of the deleted object.
+	VersionId *string `type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeletedObject) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeletedObject) GoString() string {
+	return s.String()
+}
+
+// SetDeleteMarker sets the DeleteMarker field's value.
+func (s *DeletedObject) SetDeleteMarker(v bool) *DeletedObject {
+	s.DeleteMarker = &v
+	return s
+}
+
+// SetDeleteMarkerVersionId sets the DeleteMarkerVersionId field's value.
+func (s *DeletedObject) SetDeleteMarkerVersionId(v string) *DeletedObject {
+	s.DeleteMarkerVersionId = &v
+	return s
+}
+
+// SetKey sets the Key field's value.
+func (s *DeletedObject) SetKey(v string) *DeletedObject {
+	s.Key = &v
+	return s
+}
+
+// SetVersionId sets the VersionId field's value.
+func (s *DeletedObject) SetVersionId(v string) *DeletedObject {
+	s.VersionId = &v
+	return s
+}
+
+// Specifies information about where to publish analysis or configuration results
+// for an Amazon S3 bucket and S3 Replication Time Control (S3 RTC).
+type Destination struct {
+	_ struct{} `type:"structure"`
+
+	// Specify this only in a cross-account scenario (where source and destination
+	// bucket owners are not the same), and you want to change replica ownership
+	// to the Amazon Web Services account that owns the destination bucket. If this
+	// is not specified in the replication configuration, the replicas are owned
+	// by same Amazon Web Services account that owns the source object.
+	AccessControlTranslation *AccessControlTranslation `type:"structure"`
+
+	// Destination bucket owner account ID. In a cross-account scenario, if you
+	// direct Amazon S3 to change replica ownership to the Amazon Web Services account
+	// that owns the destination bucket by specifying the AccessControlTranslation
+	// property, this is the account ID of the destination bucket owner. For more
+	// information, see Replication Additional Configuration: Changing the Replica
+	// Owner (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-change-owner.html)
+	// in the Amazon S3 User Guide.
+	Account *string `type:"string"`
+
+	// The Amazon Resource Name (ARN) of the bucket where you want Amazon S3 to
+	// store the results.
+	//
+	// Bucket is a required field
+	Bucket *string `type:"string" required:"true"`
+
+	// A container that provides information about encryption. If SourceSelectionCriteria
+	// is specified, you must specify this element.
+	EncryptionConfiguration *EncryptionConfiguration `type:"structure"`
+
+	// A container specifying replication metrics-related settings enabling replication
+	// metrics and events.
+	Metrics *Metrics `type:"structure"`
+
+	// A container specifying S3 Replication Time Control (S3 RTC), including whether
+	// S3 RTC is enabled and the time when all objects and operations on objects
+	// must be replicated. Must be specified together with a Metrics block.
+	ReplicationTime *ReplicationTime `type:"structure"`
+
+	// The storage class to use when replicating objects, such as S3 Standard or
+	// reduced redundancy. By default, Amazon S3 uses the storage class of the source
+	// object to create the object replica.
+	//
+	// For valid values, see the StorageClass element of the PUT Bucket replication
+	// (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTreplication.html)
+	// action in the Amazon S3 API Reference.
+	StorageClass *string `type:"string" enum:"StorageClass"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s Destination) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s Destination) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *Destination) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "Destination"}
+	if s.Bucket == nil {
+		invalidParams.Add(request.NewErrParamRequired("Bucket"))
+	}
+	if s.AccessControlTranslation != nil {
+		if err := s.AccessControlTranslation.Validate(); err != nil {
+			invalidParams.AddNested("AccessControlTranslation", err.(request.ErrInvalidParams))
+		}
+	}
+	if s.Metrics != nil {
+		if err := s.Metrics.Validate(); err != nil {
+			invalidParams.AddNested("Metrics", err.(request.ErrInvalidParams))
+		}
+	}
+	if s.ReplicationTime != nil {
+		if err := s.ReplicationTime.Validate(); err != nil {
+			invalidParams.AddNested("ReplicationTime", err.(request.ErrInvalidParams))
+		}
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetAccessControlTranslation sets the AccessControlTranslation field's value.
+func (s *Destination) SetAccessControlTranslation(v *AccessControlTranslation) *Destination {
+	s.AccessControlTranslation = v
+	return s
+}
+
+// SetAccount sets the Account field's value.
+func (s *Destination) SetAccount(v string) *Destination {
+	s.Account = &v
+	return s
+}
+
+// SetBucket sets the Bucket field's value.
+func (s *Destination) SetBucket(v string) *Destination {
+	s.Bucket = &v
+	return s
+}
+
+func (s *Destination) getBucket() (v string) {
+	if s.Bucket == nil {
+		return v
+	}
+	return *s.Bucket
+}
+
+// SetEncryptionConfiguration sets the EncryptionConfiguration field's value.
+func (s *Destination) SetEncryptionConfiguration(v *EncryptionConfiguration) *Destination {
+	s.EncryptionConfiguration = v
+	return s
+}
+
+// SetMetrics sets the Metrics field's value.
+func (s *Destination) SetMetrics(v *Metrics) *Destination {
+	s.Metrics = v
+	return s
+}
+
+// SetReplicationTime sets the ReplicationTime field's value.
+func (s *Destination) SetReplicationTime(v *ReplicationTime) *Destination {
+	s.ReplicationTime = v
+	return s
+}
+
+// SetStorageClass sets the StorageClass field's value.
+func (s *Destination) SetStorageClass(v string) *Destination {
+	s.StorageClass = &v
+	return s
+}
+
+// Contains the type of server-side encryption used.
+type Encryption struct {
+	_ struct{} `type:"structure"`
+
+	// The server-side encryption algorithm used when storing job results in Amazon
+	// S3 (for example, AES256, aws:kms).
+	//
+	// EncryptionType is a required field
+	EncryptionType *string `type:"string" required:"true" enum:"ServerSideEncryption"`
+
+	// If the encryption type is aws:kms, this optional value can be used to specify
+	// the encryption context for the restore results.
+	KMSContext *string `type:"string"`
+
+	// If the encryption type is aws:kms, this optional value specifies the ID of
+	// the symmetric encryption customer managed key to use for encryption of job
+	// results. Amazon S3 only supports symmetric encryption KMS keys. For more
+	// information, see Asymmetric keys in KMS (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html)
+	// in the Amazon Web Services Key Management Service Developer Guide.
+	//
+	// KMSKeyId is a sensitive parameter and its value will be
+	// replaced with "sensitive" in string returned by Encryption's
+	// String and GoString methods.
+	KMSKeyId *string `type:"string" sensitive:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s Encryption) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s Encryption) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *Encryption) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "Encryption"}
+	if s.EncryptionType == nil {
+		invalidParams.Add(request.NewErrParamRequired("EncryptionType"))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetEncryptionType sets the EncryptionType field's value.
+func (s *Encryption) SetEncryptionType(v string) *Encryption {
+	s.EncryptionType = &v
+	return s
+}
+
+// SetKMSContext sets the KMSContext field's value.
+func (s *Encryption) SetKMSContext(v string) *Encryption {
+	s.KMSContext = &v
+	return s
+}
+
+// SetKMSKeyId sets the KMSKeyId field's value.
+func (s *Encryption) SetKMSKeyId(v string) *Encryption {
+	s.KMSKeyId = &v
+	return s
+}
+
+// Specifies encryption-related information for an Amazon S3 bucket that is
+// a destination for replicated objects.
+type EncryptionConfiguration struct {
+	_ struct{} `type:"structure"`
+
+	// Specifies the ID (Key ARN or Alias ARN) of the customer managed Amazon Web
+	// Services KMS key stored in Amazon Web Services Key Management Service (KMS)
+	// for the destination bucket. Amazon S3 uses this key to encrypt replica objects.
+	// Amazon S3 only supports symmetric encryption KMS keys. For more information,
+	// see Asymmetric keys in Amazon Web Services KMS (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html)
+	// in the Amazon Web Services Key Management Service Developer Guide.
+	ReplicaKmsKeyID *string `type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s EncryptionConfiguration) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s EncryptionConfiguration) GoString() string {
+	return s.String()
+}
+
+// SetReplicaKmsKeyID sets the ReplicaKmsKeyID field's value.
+func (s *EncryptionConfiguration) SetReplicaKmsKeyID(v string) *EncryptionConfiguration {
+	s.ReplicaKmsKeyID = &v
+	return s
+}
+
+// A message that indicates the request is complete and no more messages will
+// be sent. You should not assume that the request is complete until the client
+// receives an EndEvent.
+type EndEvent struct {
+	_ struct{} `locationName:"EndEvent" type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s EndEvent) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s EndEvent) GoString() string {
+	return s.String()
+}
+
+// The EndEvent is and event in the SelectObjectContentEventStream group of events.
+func (s *EndEvent) eventSelectObjectContentEventStream() {}
+
+// UnmarshalEvent unmarshals the EventStream Message into the EndEvent value.
+// This method is only used internally within the SDK's EventStream handling.
+func (s *EndEvent) UnmarshalEvent(
+	payloadUnmarshaler protocol.PayloadUnmarshaler,
+	msg eventstream.Message,
+) error {
+	return nil
+}
+
+// MarshalEvent marshals the type into an stream event value. This method
+// should only used internally within the SDK's EventStream handling.
+func (s *EndEvent) MarshalEvent(pm protocol.PayloadMarshaler) (msg eventstream.Message, err error) {
+	msg.Headers.Set(eventstreamapi.MessageTypeHeader, eventstream.StringValue(eventstreamapi.EventMessageType))
+	return msg, err
+}
+
+// Container for all error elements.
+type Error struct {
+	_ struct{} `type:"structure"`
+
+	// The error code is a string that uniquely identifies an error condition. It
+	// is meant to be read and understood by programs that detect and handle errors
+	// by type. The following is a list of Amazon S3 error codes. For more information,
+	// see Error responses (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html).
+	//
+	//    * Code: AccessDenied Description: Access Denied HTTP Status Code: 403
+	//    Forbidden SOAP Fault Code Prefix: Client
+	//
+	//    * Code: AccountProblem Description: There is a problem with your Amazon
+	//    Web Services account that prevents the action from completing successfully.
+	//    Contact Amazon Web Services Support for further assistance. HTTP Status
+	//    Code: 403 Forbidden SOAP Fault Code Prefix: Client
+	//
+	//    * Code: AllAccessDisabled Description: All access to this Amazon S3 resource
+	//    has been disabled. Contact Amazon Web Services Support for further assistance.
+	//    HTTP Status Code: 403 Forbidden SOAP Fault Code Prefix: Client
+	//
+	//    * Code: AmbiguousGrantByEmailAddress Description: The email address you
+	//    provided is associated with more than one account. HTTP Status Code: 400
+	//    Bad Request SOAP Fault Code Prefix: Client
+	//
+	//    * Code: AuthorizationHeaderMalformed Description: The authorization header
+	//    you provided is invalid. HTTP Status Code: 400 Bad Request HTTP Status
+	//    Code: N/A
+	//
+	//    * Code: BadDigest Description: The Content-MD5 you specified did not match
+	//    what we received. HTTP Status Code: 400 Bad Request SOAP Fault Code Prefix:
+	//    Client
+	//
+	//    * Code: BucketAlreadyExists Description: The requested bucket name is
+	//    not available. The bucket namespace is shared by all users of the system.
+	//    Please select a different name and try again. HTTP Status Code: 409 Conflict
+	//    SOAP Fault Code Prefix: Client
+	//
+	//    * Code: BucketAlreadyOwnedByYou Description: The bucket you tried to create
+	//    already exists, and you own it. Amazon S3 returns this error in all Amazon
+	//    Web Services Regions except in the North Virginia Region. For legacy compatibility,
+	//    if you re-create an existing bucket that you already own in the North
+	//    Virginia Region, Amazon S3 returns 200 OK and resets the bucket access
+	//    control lists (ACLs). Code: 409 Conflict (in all Regions except the North
+	//    Virginia Region) SOAP Fault Code Prefix: Client
+	//
+	//    * Code: BucketNotEmpty Description: The bucket you tried to delete is
+	//    not empty. HTTP Status Code: 409 Conflict SOAP Fault Code Prefix: Client
+	//
+	//    * Code: CredentialsNotSupported Description: This request does not support
+	//    credentials. HTTP Status Code: 400 Bad Request SOAP Fault Code Prefix:
+	//    Client
+	//
+	//    * Code: CrossLocationLoggingProhibited Description: Cross-location logging
+	//    not allowed. Buckets in one geographic location cannot log information
+	//    to a bucket in another location. HTTP Status Code: 403 Forbidden SOAP
+	//    Fault Code Prefix: Client
+	//
+	//    * Code: EntityTooSmall Description: Your proposed upload is smaller than
+	//    the minimum allowed object size. HTTP Status Code: 400 Bad Request SOAP
+	//    Fault Code Prefix: Client
+	//
+	//    * Code: EntityTooLarge Description: Your proposed upload exceeds the maximum
+	//    allowed object size. HTTP Status Code: 400 Bad Request SOAP Fault Code
+	//    Prefix: Client
+	//
+	//    * Code: ExpiredToken Description: The provided token has expired. HTTP
+	//    Status Code: 400 Bad Request SOAP Fault Code Prefix: Client
+	//
+	//    * Code: IllegalVersioningConfigurationException Description: Indicates
+	//    that the versioning configuration specified in the request is invalid.
+	//    HTTP Status Code: 400 Bad Request SOAP Fault Code Prefix: Client
+	//
+	//    * Code: IncompleteBody Description: You did not provide the number of
+	//    bytes specified by the Content-Length HTTP header HTTP Status Code: 400
+	//    Bad Request SOAP Fault Code Prefix: Client
+	//
+	//    * Code: IncorrectNumberOfFilesInPostRequest Description: POST requires
+	//    exactly one file upload per request. HTTP Status Code: 400 Bad Request
+	//    SOAP Fault Code Prefix: Client
+	//
+	//    * Code: InlineDataTooLarge Description: Inline data exceeds the maximum
+	//    allowed size. HTTP Status Code: 400 Bad Request SOAP Fault Code Prefix:
+	//    Client
+	//
+	//    * Code: InternalError Description: We encountered an internal error. Please
+	//    try again. HTTP Status Code: 500 Internal Server Error SOAP Fault Code
+	//    Prefix: Server
+	//
+	//    * Code: InvalidAccessKeyId Description: The Amazon Web Services access
+	//    key ID you provided does not exist in our records. HTTP Status Code: 403
+	//    Forbidden SOAP Fault Code Prefix: Client
+	//
+	//    * Code: InvalidAddressingHeader Description: You must specify the Anonymous
+	//    role. HTTP Status Code: N/A SOAP Fault Code Prefix: Client
+	//
+	//    * Code: InvalidArgument Description: Invalid Argument HTTP Status Code:
+	//    400 Bad Request SOAP Fault Code Prefix: Client
+	//
+	//    * Code: InvalidBucketName Description: The specified bucket is not valid.
+	//    HTTP Status Code: 400 Bad Request SOAP Fault Code Prefix: Client
+	//
+	//    * Code: InvalidBucketState Description: The request is not valid with
+	//    the current state of the bucket. HTTP Status Code: 409 Conflict SOAP Fault
+	//    Code Prefix: Client
+	//
+	//    * Code: InvalidDigest Description: The Content-MD5 you specified is not
+	//    valid. HTTP Status Code: 400 Bad Request SOAP Fault Code Prefix: Client
+	//
+	//    * Code: InvalidEncryptionAlgorithmError Description: The encryption request
+	//    you specified is not valid. The valid value is AES256. HTTP Status Code:
+	//    400 Bad Request SOAP Fault Code Prefix: Client
+	//
+	//    * Code: InvalidLocationConstraint Description: The specified location
+	//    constraint is not valid. For more information about Regions, see How to
+	//    Select a Region for Your Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingBucket.html#access-bucket-intro).
+	//    HTTP Status Code: 400 Bad Request SOAP Fault Code Prefix: Client
+	//
+	//    * Code: InvalidObjectState Description: The action is not valid for the
+	//    current state of the object. HTTP Status Code: 403 Forbidden SOAP Fault
+	//    Code Prefix: Client
+	//
+	//    * Code: InvalidPart Description: One or more of the specified parts could
+	//    not be found. The part might not have been uploaded, or the specified
+	//    entity tag might not have matched the part's entity tag. HTTP Status Code:
+	//    400 Bad Request SOAP Fault Code Prefix: Client
+	//
+	//    * Code: InvalidPartOrder Description: The list of parts was not in ascending
+	//    order. Parts list must be specified in order by part number. HTTP Status
+	//    Code: 400 Bad Request SOAP Fault Code Prefix: Client
+	//
+	//    * Code: InvalidPayer Description: All access to this object has been disabled.
+	//    Please contact Amazon Web Services Support for further assistance. HTTP
+	//    Status Code: 403 Forbidden SOAP Fault Code Prefix: Client
+	//
+	//    * Code: InvalidPolicyDocument Description: The content of the form does
+	//    not meet the conditions specified in the policy document. HTTP Status
+	//    Code: 400 Bad Request SOAP Fault Code Prefix: Client
+	//
+	//    * Code: InvalidRange Description: The requested range cannot be satisfied.
+	//    HTTP Status Code: 416 Requested Range Not Satisfiable SOAP Fault Code
+	//    Prefix: Client
+	//
+	//    * Code: InvalidRequest Description: Please use AWS4-HMAC-SHA256. HTTP
+	//    Status Code: 400 Bad Request Code: N/A
+	//
+	//    * Code: InvalidRequest Description: SOAP requests must be made over an
+	//    HTTPS connection. HTTP Status Code: 400 Bad Request SOAP Fault Code Prefix:
+	//    Client
+	//
+	//    * Code: InvalidRequest Description: Amazon S3 Transfer Acceleration is
+	//    not supported for buckets with non-DNS compliant names. HTTP Status Code:
+	//    400 Bad Request Code: N/A
+	//
+	//    * Code: InvalidRequest Description: Amazon S3 Transfer Acceleration is
+	//    not supported for buckets with periods (.) in their names. HTTP Status
+	//    Code: 400 Bad Request Code: N/A
+	//
+	//    * Code: InvalidRequest Description: Amazon S3 Transfer Accelerate endpoint
+	//    only supports virtual style requests. HTTP Status Code: 400 Bad Request
+	//    Code: N/A
+	//
+	//    * Code: InvalidRequest Description: Amazon S3 Transfer Accelerate is not
+	//    configured on this bucket. HTTP Status Code: 400 Bad Request Code: N/A
+	//
+	//    * Code: InvalidRequest Description: Amazon S3 Transfer Accelerate is disabled
+	//    on this bucket. HTTP Status Code: 400 Bad Request Code: N/A
+	//
+	//    * Code: InvalidRequest Description: Amazon S3 Transfer Acceleration is
+	//    not supported on this bucket. Contact Amazon Web Services Support for
+	//    more information. HTTP Status Code: 400 Bad Request Code: N/A
+	//
+	//    * Code: InvalidRequest Description: Amazon S3 Transfer Acceleration cannot
+	//    be enabled on this bucket. Contact Amazon Web Services Support for more
+	//    information. HTTP Status Code: 400 Bad Request Code: N/A
+	//
+	//    * Code: InvalidSecurity Description: The provided security credentials
+	//    are not valid. HTTP Status Code: 403 Forbidden SOAP Fault Code Prefix:
+	//    Client
+	//
+	//    * Code: InvalidSOAPRequest Description: The SOAP request body is invalid.
+	//    HTTP Status Code: 400 Bad Request SOAP Fault Code Prefix: Client
+	//
+	//    * Code: InvalidStorageClass Description: The storage class you specified
+	//    is not valid. HTTP Status Code: 400 Bad Request SOAP Fault Code Prefix:
+	//    Client
+	//
+	//    * Code: InvalidTargetBucketForLogging Description: The target bucket for
+	//    logging does not exist, is not owned by you, or does not have the appropriate
+	//    grants for the log-delivery group. HTTP Status Code: 400 Bad Request SOAP
+	//    Fault Code Prefix: Client
+	//
+	//    * Code: InvalidToken Description: The provided token is malformed or otherwise
+	//    invalid. HTTP Status Code: 400 Bad Request SOAP Fault Code Prefix: Client
+	//
+	//    * Code: InvalidURI Description: Couldn't parse the specified URI. HTTP
+	//    Status Code: 400 Bad Request SOAP Fault Code Prefix: Client
+	//
+	//    * Code: KeyTooLongError Description: Your key is too long. HTTP Status
+	//    Code: 400 Bad Request SOAP Fault Code Prefix: Client
+	//
+	//    * Code: MalformedACLError Description: The XML you provided was not well-formed
+	//    or did not validate against our published schema. HTTP Status Code: 400
+	//    Bad Request SOAP Fault Code Prefix: Client
+	//
+	//    * Code: MalformedPOSTRequest Description: The body of your POST request
+	//    is not well-formed multipart/form-data. HTTP Status Code: 400 Bad Request
+	//    SOAP Fault Code Prefix: Client
+	//
+	//    * Code: MalformedXML Description: This happens when the user sends malformed
+	//    XML (XML that doesn't conform to the published XSD) for the configuration.
+	//    The error message is, "The XML you provided was not well-formed or did
+	//    not validate against our published schema." HTTP Status Code: 400 Bad
+	//    Request SOAP Fault Code Prefix: Client
+	//
+	//    * Code: MaxMessageLengthExceeded Description: Your request was too big.
+	//    HTTP Status Code: 400 Bad Request SOAP Fault Code Prefix: Client
+	//
+	//    * Code: MaxPostPreDataLengthExceededError Description: Your POST request
+	//    fields preceding the upload file were too large. HTTP Status Code: 400
+	//    Bad Request SOAP Fault Code Prefix: Client
+	//
+	//    * Code: MetadataTooLarge Description: Your metadata headers exceed the
+	//    maximum allowed metadata size. HTTP Status Code: 400 Bad Request SOAP
+	//    Fault Code Prefix: Client
+	//
+	//    * Code: MethodNotAllowed Description: The specified method is not allowed
+	//    against this resource. HTTP Status Code: 405 Method Not Allowed SOAP Fault
+	//    Code Prefix: Client
+	//
+	//    * Code: MissingAttachment Description: A SOAP attachment was expected,
+	//    but none were found. HTTP Status Code: N/A SOAP Fault Code Prefix: Client
+	//
+	//    * Code: MissingContentLength Description: You must provide the Content-Length
+	//    HTTP header. HTTP Status Code: 411 Length Required SOAP Fault Code Prefix:
+	//    Client
+	//
+	//    * Code: MissingRequestBodyError Description: This happens when the user
+	//    sends an empty XML document as a request. The error message is, "Request
+	//    body is empty." HTTP Status Code: 400 Bad Request SOAP Fault Code Prefix:
+	//    Client
+	//
+	//    * Code: MissingSecurityElement Description: The SOAP 1.1 request is missing
+	//    a security element. HTTP Status Code: 400 Bad Request SOAP Fault Code
+	//    Prefix: Client
+	//
+	//    * Code: MissingSecurityHeader Description: Your request is missing a required
+	//    header. HTTP Status Code: 400 Bad Request SOAP Fault Code Prefix: Client
+	//
+	//    * Code: NoLoggingStatusForKey Description: There is no such thing as a
+	//    logging status subresource for a key. HTTP Status Code: 400 Bad Request
+	//    SOAP Fault Code Prefix: Client
+	//
+	//    * Code: NoSuchBucket Description: The specified bucket does not exist.
+	//    HTTP Status Code: 404 Not Found SOAP Fault Code Prefix: Client
+	//
+	//    * Code: NoSuchBucketPolicy Description: The specified bucket does not
+	//    have a bucket policy. HTTP Status Code: 404 Not Found SOAP Fault Code
+	//    Prefix: Client
+	//
+	//    * Code: NoSuchKey Description: The specified key does not exist. HTTP
+	//    Status Code: 404 Not Found SOAP Fault Code Prefix: Client
+	//
+	//    * Code: NoSuchLifecycleConfiguration Description: The lifecycle configuration
+	//    does not exist. HTTP Status Code: 404 Not Found SOAP Fault Code Prefix:
+	//    Client
+	//
+	//    * Code: NoSuchUpload Description: The specified multipart upload does
+	//    not exist. The upload ID might be invalid, or the multipart upload might
+	//    have been aborted or completed. HTTP Status Code: 404 Not Found SOAP Fault
+	//    Code Prefix: Client
+	//
+	//    * Code: NoSuchVersion Description: Indicates that the version ID specified
+	//    in the request does not match an existing version. HTTP Status Code: 404
+	//    Not Found SOAP Fault Code Prefix: Client
+	//
+	//    * Code: NotImplemented Description: A header you provided implies functionality
+	//    that is not implemented. HTTP Status Code: 501 Not Implemented SOAP Fault
+	//    Code Prefix: Server
+	//
+	//    * Code: NotSignedUp Description: Your account is not signed up for the
+	//    Amazon S3 service. You must sign up before you can use Amazon S3. You
+	//    can sign up at the following URL: Amazon S3 (http://aws.amazon.com/s3)
+	//    HTTP Status Code: 403 Forbidden SOAP Fault Code Prefix: Client
+	//
+	//    * Code: OperationAborted Description: A conflicting conditional action
+	//    is currently in progress against this resource. Try again. HTTP Status
+	//    Code: 409 Conflict SOAP Fault Code Prefix: Client
+	//
+	//    * Code: PermanentRedirect Description: The bucket you are attempting to
+	//    access must be addressed using the specified endpoint. Send all future
+	//    requests to this endpoint. HTTP Status Code: 301 Moved Permanently SOAP
+	//    Fault Code Prefix: Client
+	//
+	//    * Code: PreconditionFailed Description: At least one of the preconditions
+	//    you specified did not hold. HTTP Status Code: 412 Precondition Failed
+	//    SOAP Fault Code Prefix: Client
+	//
+	//    * Code: Redirect Description: Temporary redirect. HTTP Status Code: 307
+	//    Moved Temporarily SOAP Fault Code Prefix: Client
+	//
+	//    * Code: RestoreAlreadyInProgress Description: Object restore is already
+	//    in progress. HTTP Status Code: 409 Conflict SOAP Fault Code Prefix: Client
+	//
+	//    * Code: RequestIsNotMultiPartContent Description: Bucket POST must be
+	//    of the enclosure-type multipart/form-data. HTTP Status Code: 400 Bad Request
+	//    SOAP Fault Code Prefix: Client
+	//
+	//    * Code: RequestTimeout Description: Your socket connection to the server
+	//    was not read from or written to within the timeout period. HTTP Status
+	//    Code: 400 Bad Request SOAP Fault Code Prefix: Client
+	//
+	//    * Code: RequestTimeTooSkewed Description: The difference between the request
+	//    time and the server's time is too large. HTTP Status Code: 403 Forbidden
+	//    SOAP Fault Code Prefix: Client
+	//
+	//    * Code: RequestTorrentOfBucketError Description: Requesting the torrent
+	//    file of a bucket is not permitted. HTTP Status Code: 400 Bad Request SOAP
+	//    Fault Code Prefix: Client
+	//
+	//    * Code: SignatureDoesNotMatch Description: The request signature we calculated
+	//    does not match the signature you provided. Check your Amazon Web Services
+	//    secret access key and signing method. For more information, see REST Authentication
+	//    (https://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html)
+	//    and SOAP Authentication (https://docs.aws.amazon.com/AmazonS3/latest/dev/SOAPAuthentication.html)
+	//    for details. HTTP Status Code: 403 Forbidden SOAP Fault Code Prefix: Client
+	//
+	//    * Code: ServiceUnavailable Description: Service is unable to handle request.
+	//    HTTP Status Code: 503 Service Unavailable SOAP Fault Code Prefix: Server
+	//
+	//    * Code: SlowDown Description: Reduce your request rate. HTTP Status Code:
+	//    503 Slow Down SOAP Fault Code Prefix: Server
+	//
+	//    * Code: TemporaryRedirect Description: You are being redirected to the
+	//    bucket while DNS updates. HTTP Status Code: 307 Moved Temporarily SOAP
+	//    Fault Code Prefix: Client
+	//
+	//    * Code: TokenRefreshRequired Description: The provided token must be refreshed.
+	//    HTTP Status Code: 400 Bad Request SOAP Fault Code Prefix: Client
+	//
+	//    * Code: TooManyBuckets Description: You have attempted to create more
+	//    buckets than allowed. HTTP Status Code: 400 Bad Request SOAP Fault Code
+	//    Prefix: Client
+	//
+	//    * Code: UnexpectedContent Description: This request does not support content.
+	//    HTTP Status Code: 400 Bad Request SOAP Fault Code Prefix: Client
+	//
+	//    * Code: UnresolvableGrantByEmailAddress Description: The email address
+	//    you provided does not match any account on record. HTTP Status Code: 400
+	//    Bad Request SOAP Fault Code Prefix: Client
+	//
+	//    * Code: UserKeyMustBeSpecified Description: The bucket POST must contain
+	//    the specified field name. If it is specified, check the order of the fields.
+	//    HTTP Status Code: 400 Bad Request SOAP Fault Code Prefix: Client
+	Code *string `type:"string"`
+
+	// The error key.
+	Key *string `min:"1" type:"string"`
+
+	// The error message contains a generic description of the error condition in
+	// English. It is intended for a human audience. Simple programs display the
+	// message directly to the end user if they encounter an error condition they
+	// don't know how or don't care to handle. Sophisticated programs with more
+	// exhaustive error handling and proper internationalization are more likely
+	// to ignore the error message.
+	Message *string `type:"string"`
+
+	// The version ID of the error.
+	VersionId *string `type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s Error) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s Error) GoString() string {
+	return s.String()
+}
+
+// SetCode sets the Code field's value.
+func (s *Error) SetCode(v string) *Error {
+	s.Code = &v
+	return s
+}
+
+// SetKey sets the Key field's value.
+func (s *Error) SetKey(v string) *Error {
+	s.Key = &v
+	return s
+}
+
+// SetMessage sets the Message field's value.
+func (s *Error) SetMessage(v string) *Error {
+	s.Message = &v
+	return s
+}
+
+// SetVersionId sets the VersionId field's value.
+func (s *Error) SetVersionId(v string) *Error {
+	s.VersionId = &v
+	return s
+}
+
+// The error information.
+type ErrorDocument struct {
+	_ struct{} `type:"structure"`
+
+	// The object key name to use when a 4XX class error occurs.
+	//
+	// Replacement must be made for object keys containing special characters (such
+	// as carriage returns) when using XML requests. For more information, see XML
+	// related object key constraints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints).
+	//
+	// Key is a required field
+	Key *string `min:"1" type:"string" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ErrorDocument) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ErrorDocument) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *ErrorDocument) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "ErrorDocument"}
+	if s.Key == nil {
+		invalidParams.Add(request.NewErrParamRequired("Key"))
+	}
+	if s.Key != nil && len(*s.Key) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Key", 1))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetKey sets the Key field's value.
+func (s *ErrorDocument) SetKey(v string) *ErrorDocument {
+	s.Key = &v
+	return s
+}
+
+// A container for specifying the configuration for Amazon EventBridge.
+type EventBridgeConfiguration struct {
+	_ struct{} `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s EventBridgeConfiguration) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s EventBridgeConfiguration) GoString() string {
+	return s.String()
+}
+
+// Optional configuration to replicate existing source bucket objects. For more
+// information, see Replicating Existing Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-what-is-isnot-replicated.html#existing-object-replication)
+// in the Amazon S3 User Guide.
+type ExistingObjectReplication struct {
+	_ struct{} `type:"structure"`
+
+	// Specifies whether Amazon S3 replicates existing source bucket objects.
+	//
+	// Status is a required field
+	Status *string `type:"string" required:"true" enum:"ExistingObjectReplicationStatus"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ExistingObjectReplication) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ExistingObjectReplication) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *ExistingObjectReplication) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "ExistingObjectReplication"}
+	if s.Status == nil {
+		invalidParams.Add(request.NewErrParamRequired("Status"))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetStatus sets the Status field's value.
+func (s *ExistingObjectReplication) SetStatus(v string) *ExistingObjectReplication {
+	s.Status = &v
+	return s
+}
+
+// Specifies the Amazon S3 object key name to filter on and whether to filter
+// on the suffix or prefix of the key name.
+type FilterRule struct {
+	_ struct{} `type:"structure"`
+
+	// The object key name prefix or suffix identifying one or more objects to which
+	// the filtering rule applies. The maximum length is 1,024 characters. Overlapping
+	// prefixes and suffixes are not supported. For more information, see Configuring
+	// Event Notifications (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html)
+	// in the Amazon S3 User Guide.
+	Name *string `type:"string" enum:"FilterRuleName"`
+
+	// The value that the filter searches for in object key names.
+	Value *string `type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s FilterRule) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s FilterRule) GoString() string {
+	return s.String()
+}
+
+// SetName sets the Name field's value.
+func (s *FilterRule) SetName(v string) *FilterRule {
+	s.Name = &v
+	return s
+}
+
+// SetValue sets the Value field's value.
+func (s *FilterRule) SetValue(v string) *FilterRule {
+	s.Value = &v
+	return s
+}
+
+type GetBucketAccelerateConfigurationInput struct {
+	_ struct{} `locationName:"GetBucketAccelerateConfigurationRequest" type:"structure"`
+
+	// The name of the bucket for which the accelerate configuration is retrieved.
+	//
+	// Bucket is a required field
+	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
+
+	// The account ID of the expected bucket owner. If the bucket is owned by a
+	// different account, the request fails with the HTTP status code 403 Forbidden
+	// (access denied).
+	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
+
+	// Confirms that the requester knows that they will be charged for the request.
+	// Bucket owners need not specify this parameter in their requests. For information
+	// about downloading objects from Requester Pays buckets, see Downloading Objects
+	// in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
+	// in the Amazon S3 User Guide.
+	RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetBucketAccelerateConfigurationInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetBucketAccelerateConfigurationInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *GetBucketAccelerateConfigurationInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "GetBucketAccelerateConfigurationInput"}
+	if s.Bucket == nil {
+		invalidParams.Add(request.NewErrParamRequired("Bucket"))
+	}
+	if s.Bucket != nil && len(*s.Bucket) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetBucket sets the Bucket field's value.
+func (s *GetBucketAccelerateConfigurationInput) SetBucket(v string) *GetBucketAccelerateConfigurationInput {
+	s.Bucket = &v
+	return s
+}
+
+func (s *GetBucketAccelerateConfigurationInput) getBucket() (v string) {
+	if s.Bucket == nil {
+		return v
+	}
+	return *s.Bucket
+}
+
+// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
+func (s *GetBucketAccelerateConfigurationInput) SetExpectedBucketOwner(v string) *GetBucketAccelerateConfigurationInput {
+	s.ExpectedBucketOwner = &v
+	return s
+}
+
+// SetRequestPayer sets the RequestPayer field's value.
+func (s *GetBucketAccelerateConfigurationInput) SetRequestPayer(v string) *GetBucketAccelerateConfigurationInput {
+	s.RequestPayer = &v
+	return s
+}
+
+func (s *GetBucketAccelerateConfigurationInput) getEndpointARN() (arn.Resource, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	return parseEndpointARN(*s.Bucket)
+}
+
+func (s *GetBucketAccelerateConfigurationInput) hasEndpointARN() bool {
+	if s.Bucket == nil {
+		return false
+	}
+	return arn.IsARN(*s.Bucket)
+}
+
+// updateArnableField updates the value of the input field that
+// takes an ARN as an input. This method is useful to backfill
+// the parsed resource name from ARN into the input member.
+// It returns a pointer to a modified copy of input and an error.
+// Note that original input is not modified.
+func (s GetBucketAccelerateConfigurationInput) updateArnableField(v string) (interface{}, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	s.Bucket = aws.String(v)
+	return &s, nil
+}
+
+type GetBucketAccelerateConfigurationOutput struct {
+	_ struct{} `type:"structure"`
+
+	// If present, indicates that the requester was successfully charged for the
+	// request.
+	RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"`
+
+	// The accelerate configuration of the bucket.
+	Status *string `type:"string" enum:"BucketAccelerateStatus"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetBucketAccelerateConfigurationOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetBucketAccelerateConfigurationOutput) GoString() string {
+	return s.String()
+}
+
+// SetRequestCharged sets the RequestCharged field's value.
+func (s *GetBucketAccelerateConfigurationOutput) SetRequestCharged(v string) *GetBucketAccelerateConfigurationOutput {
+	s.RequestCharged = &v
+	return s
+}
+
+// SetStatus sets the Status field's value.
+func (s *GetBucketAccelerateConfigurationOutput) SetStatus(v string) *GetBucketAccelerateConfigurationOutput {
+	s.Status = &v
+	return s
+}
+
+type GetBucketAclInput struct {
+	_ struct{} `locationName:"GetBucketAclRequest" type:"structure"`
+
+	// Specifies the S3 bucket whose ACL is being requested.
+	//
+	// To use this API operation against an access point, provide the alias of the
+	// access point in place of the bucket name.
+	//
+	// To use this API operation against an Object Lambda access point, provide
+	// the alias of the Object Lambda access point in place of the bucket name.
+	// If the Object Lambda access point alias in a request is not valid, the error
+	// code InvalidAccessPointAliasError is returned. For more information about
+	// InvalidAccessPointAliasError, see List of Error Codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList).
+	//
+	// Bucket is a required field
+	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
+
+	// The account ID of the expected bucket owner. If the bucket is owned by a
+	// different account, the request fails with the HTTP status code 403 Forbidden
+	// (access denied).
+	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetBucketAclInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetBucketAclInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *GetBucketAclInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "GetBucketAclInput"}
+	if s.Bucket == nil {
+		invalidParams.Add(request.NewErrParamRequired("Bucket"))
+	}
+	if s.Bucket != nil && len(*s.Bucket) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetBucket sets the Bucket field's value.
+func (s *GetBucketAclInput) SetBucket(v string) *GetBucketAclInput {
+	s.Bucket = &v
+	return s
+}
+
+func (s *GetBucketAclInput) getBucket() (v string) {
+	if s.Bucket == nil {
+		return v
+	}
+	return *s.Bucket
+}
+
+// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
+func (s *GetBucketAclInput) SetExpectedBucketOwner(v string) *GetBucketAclInput {
+	s.ExpectedBucketOwner = &v
+	return s
+}
+
+func (s *GetBucketAclInput) getEndpointARN() (arn.Resource, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	return parseEndpointARN(*s.Bucket)
+}
+
+func (s *GetBucketAclInput) hasEndpointARN() bool {
+	if s.Bucket == nil {
+		return false
+	}
+	return arn.IsARN(*s.Bucket)
+}
+
+// updateArnableField updates the value of the input field that
+// takes an ARN as an input. This method is useful to backfill
+// the parsed resource name from ARN into the input member.
+// It returns a pointer to a modified copy of input and an error.
+// Note that original input is not modified.
+func (s GetBucketAclInput) updateArnableField(v string) (interface{}, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	s.Bucket = aws.String(v)
+	return &s, nil
+}
+
+type GetBucketAclOutput struct {
+	_ struct{} `type:"structure"`
+
+	// A list of grants.
+	Grants []*Grant `locationName:"AccessControlList" locationNameList:"Grant" type:"list"`
+
+	// Container for the bucket owner's display name and ID.
+	Owner *Owner `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetBucketAclOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetBucketAclOutput) GoString() string {
+	return s.String()
+}
+
+// SetGrants sets the Grants field's value.
+func (s *GetBucketAclOutput) SetGrants(v []*Grant) *GetBucketAclOutput {
+	s.Grants = v
+	return s
+}
+
+// SetOwner sets the Owner field's value.
+func (s *GetBucketAclOutput) SetOwner(v *Owner) *GetBucketAclOutput {
+	s.Owner = v
+	return s
+}
+
+type GetBucketAnalyticsConfigurationInput struct {
+	_ struct{} `locationName:"GetBucketAnalyticsConfigurationRequest" type:"structure"`
+
+	// The name of the bucket from which an analytics configuration is retrieved.
+	//
+	// Bucket is a required field
+	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
+
+	// The account ID of the expected bucket owner. If the bucket is owned by a
+	// different account, the request fails with the HTTP status code 403 Forbidden
+	// (access denied).
+	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
+
+	// The ID that identifies the analytics configuration.
+	//
+	// Id is a required field
+	Id *string `location:"querystring" locationName:"id" type:"string" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetBucketAnalyticsConfigurationInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetBucketAnalyticsConfigurationInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *GetBucketAnalyticsConfigurationInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "GetBucketAnalyticsConfigurationInput"}
+	if s.Bucket == nil {
+		invalidParams.Add(request.NewErrParamRequired("Bucket"))
+	}
+	if s.Bucket != nil && len(*s.Bucket) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+	}
+	if s.Id == nil {
+		invalidParams.Add(request.NewErrParamRequired("Id"))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetBucket sets the Bucket field's value.
+func (s *GetBucketAnalyticsConfigurationInput) SetBucket(v string) *GetBucketAnalyticsConfigurationInput {
+	s.Bucket = &v
+	return s
+}
+
+func (s *GetBucketAnalyticsConfigurationInput) getBucket() (v string) {
+	if s.Bucket == nil {
+		return v
+	}
+	return *s.Bucket
+}
+
+// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
+func (s *GetBucketAnalyticsConfigurationInput) SetExpectedBucketOwner(v string) *GetBucketAnalyticsConfigurationInput {
+	s.ExpectedBucketOwner = &v
+	return s
+}
+
+// SetId sets the Id field's value.
+func (s *GetBucketAnalyticsConfigurationInput) SetId(v string) *GetBucketAnalyticsConfigurationInput {
+	s.Id = &v
+	return s
+}
+
+func (s *GetBucketAnalyticsConfigurationInput) getEndpointARN() (arn.Resource, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	return parseEndpointARN(*s.Bucket)
+}
+
+func (s *GetBucketAnalyticsConfigurationInput) hasEndpointARN() bool {
+	if s.Bucket == nil {
+		return false
+	}
+	return arn.IsARN(*s.Bucket)
+}
+
+// updateArnableField updates the value of the input field that
+// takes an ARN as an input. This method is useful to backfill
+// the parsed resource name from ARN into the input member.
+// It returns a pointer to a modified copy of input and an error.
+// Note that original input is not modified.
+func (s GetBucketAnalyticsConfigurationInput) updateArnableField(v string) (interface{}, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	s.Bucket = aws.String(v)
+	return &s, nil
+}
+
+type GetBucketAnalyticsConfigurationOutput struct {
+	_ struct{} `type:"structure" payload:"AnalyticsConfiguration"`
+
+	// The configuration and any analyses for the analytics filter.
+	AnalyticsConfiguration *AnalyticsConfiguration `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetBucketAnalyticsConfigurationOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetBucketAnalyticsConfigurationOutput) GoString() string {
+	return s.String()
+}
+
+// SetAnalyticsConfiguration sets the AnalyticsConfiguration field's value.
+func (s *GetBucketAnalyticsConfigurationOutput) SetAnalyticsConfiguration(v *AnalyticsConfiguration) *GetBucketAnalyticsConfigurationOutput {
+	s.AnalyticsConfiguration = v
+	return s
+}
+
+type GetBucketCorsInput struct {
+	_ struct{} `locationName:"GetBucketCorsRequest" type:"structure"`
+
+	// The bucket name for which to get the cors configuration.
+	//
+	// To use this API operation against an access point, provide the alias of the
+	// access point in place of the bucket name.
+	//
+	// To use this API operation against an Object Lambda access point, provide
+	// the alias of the Object Lambda access point in place of the bucket name.
+	// If the Object Lambda access point alias in a request is not valid, the error
+	// code InvalidAccessPointAliasError is returned. For more information about
+	// InvalidAccessPointAliasError, see List of Error Codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList).
+	//
+	// Bucket is a required field
+	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
+
+	// The account ID of the expected bucket owner. If the bucket is owned by a
+	// different account, the request fails with the HTTP status code 403 Forbidden
+	// (access denied).
+	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetBucketCorsInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetBucketCorsInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *GetBucketCorsInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "GetBucketCorsInput"}
+	if s.Bucket == nil {
+		invalidParams.Add(request.NewErrParamRequired("Bucket"))
+	}
+	if s.Bucket != nil && len(*s.Bucket) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetBucket sets the Bucket field's value.
+func (s *GetBucketCorsInput) SetBucket(v string) *GetBucketCorsInput {
+	s.Bucket = &v
+	return s
+}
+
+func (s *GetBucketCorsInput) getBucket() (v string) {
+	if s.Bucket == nil {
+		return v
+	}
+	return *s.Bucket
+}
+
+// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
+func (s *GetBucketCorsInput) SetExpectedBucketOwner(v string) *GetBucketCorsInput {
+	s.ExpectedBucketOwner = &v
+	return s
+}
+
+func (s *GetBucketCorsInput) getEndpointARN() (arn.Resource, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	return parseEndpointARN(*s.Bucket)
+}
+
+func (s *GetBucketCorsInput) hasEndpointARN() bool {
+	if s.Bucket == nil {
+		return false
+	}
+	return arn.IsARN(*s.Bucket)
+}
+
+// updateArnableField updates the value of the input field that
+// takes an ARN as an input. This method is useful to backfill
+// the parsed resource name from ARN into the input member.
+// It returns a pointer to a modified copy of input and an error.
+// Note that original input is not modified.
+func (s GetBucketCorsInput) updateArnableField(v string) (interface{}, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	s.Bucket = aws.String(v)
+	return &s, nil
+}
+
+type GetBucketCorsOutput struct {
+	_ struct{} `type:"structure"`
+
+	// A set of origins and methods (cross-origin access that you want to allow).
+	// You can add up to 100 rules to the configuration.
+	CORSRules []*CORSRule `locationName:"CORSRule" type:"list" flattened:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetBucketCorsOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetBucketCorsOutput) GoString() string {
+	return s.String()
+}
+
+// SetCORSRules sets the CORSRules field's value.
+func (s *GetBucketCorsOutput) SetCORSRules(v []*CORSRule) *GetBucketCorsOutput {
+	s.CORSRules = v
+	return s
+}
+
+type GetBucketEncryptionInput struct {
+	_ struct{} `locationName:"GetBucketEncryptionRequest" type:"structure"`
+
+	// The name of the bucket from which the server-side encryption configuration
+	// is retrieved.
+	//
+	// Bucket is a required field
+	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
+
+	// The account ID of the expected bucket owner. If the bucket is owned by a
+	// different account, the request fails with the HTTP status code 403 Forbidden
+	// (access denied).
+	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetBucketEncryptionInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetBucketEncryptionInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *GetBucketEncryptionInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "GetBucketEncryptionInput"}
+	if s.Bucket == nil {
+		invalidParams.Add(request.NewErrParamRequired("Bucket"))
+	}
+	if s.Bucket != nil && len(*s.Bucket) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetBucket sets the Bucket field's value.
+func (s *GetBucketEncryptionInput) SetBucket(v string) *GetBucketEncryptionInput {
+	s.Bucket = &v
+	return s
+}
+
+func (s *GetBucketEncryptionInput) getBucket() (v string) {
+	if s.Bucket == nil {
+		return v
+	}
+	return *s.Bucket
+}
+
+// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
+func (s *GetBucketEncryptionInput) SetExpectedBucketOwner(v string) *GetBucketEncryptionInput {
+	s.ExpectedBucketOwner = &v
+	return s
+}
+
+func (s *GetBucketEncryptionInput) getEndpointARN() (arn.Resource, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	return parseEndpointARN(*s.Bucket)
+}
+
+func (s *GetBucketEncryptionInput) hasEndpointARN() bool {
+	if s.Bucket == nil {
+		return false
+	}
+	return arn.IsARN(*s.Bucket)
+}
+
+// updateArnableField updates the value of the input field that
+// takes an ARN as an input. This method is useful to backfill
+// the parsed resource name from ARN into the input member.
+// It returns a pointer to a modified copy of input and an error.
+// Note that original input is not modified.
+func (s GetBucketEncryptionInput) updateArnableField(v string) (interface{}, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	s.Bucket = aws.String(v)
+	return &s, nil
+}
+
+type GetBucketEncryptionOutput struct {
+	_ struct{} `type:"structure" payload:"ServerSideEncryptionConfiguration"`
+
+	// Specifies the default server-side-encryption configuration.
+	ServerSideEncryptionConfiguration *ServerSideEncryptionConfiguration `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetBucketEncryptionOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetBucketEncryptionOutput) GoString() string {
+	return s.String()
+}
+
+// SetServerSideEncryptionConfiguration sets the ServerSideEncryptionConfiguration field's value.
+func (s *GetBucketEncryptionOutput) SetServerSideEncryptionConfiguration(v *ServerSideEncryptionConfiguration) *GetBucketEncryptionOutput {
+	s.ServerSideEncryptionConfiguration = v
+	return s
+}
+
+type GetBucketIntelligentTieringConfigurationInput struct {
+	_ struct{} `locationName:"GetBucketIntelligentTieringConfigurationRequest" type:"structure"`
+
+	// The name of the Amazon S3 bucket whose configuration you want to modify or
+	// retrieve.
+	//
+	// Bucket is a required field
+	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
+
+	// The ID used to identify the S3 Intelligent-Tiering configuration.
+	//
+	// Id is a required field
+	Id *string `location:"querystring" locationName:"id" type:"string" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetBucketIntelligentTieringConfigurationInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetBucketIntelligentTieringConfigurationInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *GetBucketIntelligentTieringConfigurationInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "GetBucketIntelligentTieringConfigurationInput"}
+	if s.Bucket == nil {
+		invalidParams.Add(request.NewErrParamRequired("Bucket"))
+	}
+	if s.Bucket != nil && len(*s.Bucket) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+	}
+	if s.Id == nil {
+		invalidParams.Add(request.NewErrParamRequired("Id"))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetBucket sets the Bucket field's value.
+func (s *GetBucketIntelligentTieringConfigurationInput) SetBucket(v string) *GetBucketIntelligentTieringConfigurationInput {
+	s.Bucket = &v
+	return s
+}
+
+func (s *GetBucketIntelligentTieringConfigurationInput) getBucket() (v string) {
+	if s.Bucket == nil {
+		return v
+	}
+	return *s.Bucket
+}
+
+// SetId sets the Id field's value.
+func (s *GetBucketIntelligentTieringConfigurationInput) SetId(v string) *GetBucketIntelligentTieringConfigurationInput {
+	s.Id = &v
+	return s
+}
+
+func (s *GetBucketIntelligentTieringConfigurationInput) getEndpointARN() (arn.Resource, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	return parseEndpointARN(*s.Bucket)
+}
+
+func (s *GetBucketIntelligentTieringConfigurationInput) hasEndpointARN() bool {
+	if s.Bucket == nil {
+		return false
+	}
+	return arn.IsARN(*s.Bucket)
+}
+
+// updateArnableField updates the value of the input field that
+// takes an ARN as an input. This method is useful to backfill
+// the parsed resource name from ARN into the input member.
+// It returns a pointer to a modified copy of input and an error.
+// Note that original input is not modified.
+func (s GetBucketIntelligentTieringConfigurationInput) updateArnableField(v string) (interface{}, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	s.Bucket = aws.String(v)
+	return &s, nil
+}
+
+type GetBucketIntelligentTieringConfigurationOutput struct {
+	_ struct{} `type:"structure" payload:"IntelligentTieringConfiguration"`
+
+	// Container for S3 Intelligent-Tiering configuration.
+	IntelligentTieringConfiguration *IntelligentTieringConfiguration `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetBucketIntelligentTieringConfigurationOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetBucketIntelligentTieringConfigurationOutput) GoString() string {
+	return s.String()
+}
+
+// SetIntelligentTieringConfiguration sets the IntelligentTieringConfiguration field's value.
+func (s *GetBucketIntelligentTieringConfigurationOutput) SetIntelligentTieringConfiguration(v *IntelligentTieringConfiguration) *GetBucketIntelligentTieringConfigurationOutput {
+	s.IntelligentTieringConfiguration = v
+	return s
+}
+
+type GetBucketInventoryConfigurationInput struct {
+	_ struct{} `locationName:"GetBucketInventoryConfigurationRequest" type:"structure"`
+
+	// The name of the bucket containing the inventory configuration to retrieve.
+	//
+	// Bucket is a required field
+	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
+
+	// The account ID of the expected bucket owner. If the bucket is owned by a
+	// different account, the request fails with the HTTP status code 403 Forbidden
+	// (access denied).
+	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
+
+	// The ID used to identify the inventory configuration.
+	//
+	// Id is a required field
+	Id *string `location:"querystring" locationName:"id" type:"string" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetBucketInventoryConfigurationInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetBucketInventoryConfigurationInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *GetBucketInventoryConfigurationInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "GetBucketInventoryConfigurationInput"}
+	if s.Bucket == nil {
+		invalidParams.Add(request.NewErrParamRequired("Bucket"))
+	}
+	if s.Bucket != nil && len(*s.Bucket) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+	}
+	if s.Id == nil {
+		invalidParams.Add(request.NewErrParamRequired("Id"))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetBucket sets the Bucket field's value.
+func (s *GetBucketInventoryConfigurationInput) SetBucket(v string) *GetBucketInventoryConfigurationInput {
+	s.Bucket = &v
+	return s
+}
+
+func (s *GetBucketInventoryConfigurationInput) getBucket() (v string) {
+	if s.Bucket == nil {
+		return v
+	}
+	return *s.Bucket
+}
+
+// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
+func (s *GetBucketInventoryConfigurationInput) SetExpectedBucketOwner(v string) *GetBucketInventoryConfigurationInput {
+	s.ExpectedBucketOwner = &v
+	return s
+}
+
+// SetId sets the Id field's value.
+func (s *GetBucketInventoryConfigurationInput) SetId(v string) *GetBucketInventoryConfigurationInput {
+	s.Id = &v
+	return s
+}
+
+func (s *GetBucketInventoryConfigurationInput) getEndpointARN() (arn.Resource, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	return parseEndpointARN(*s.Bucket)
+}
+
+func (s *GetBucketInventoryConfigurationInput) hasEndpointARN() bool {
+	if s.Bucket == nil {
+		return false
+	}
+	return arn.IsARN(*s.Bucket)
+}
+
+// updateArnableField updates the value of the input field that
+// takes an ARN as an input. This method is useful to backfill
+// the parsed resource name from ARN into the input member.
+// It returns a pointer to a modified copy of input and an error.
+// Note that original input is not modified.
+func (s GetBucketInventoryConfigurationInput) updateArnableField(v string) (interface{}, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	s.Bucket = aws.String(v)
+	return &s, nil
+}
+
+type GetBucketInventoryConfigurationOutput struct {
+	_ struct{} `type:"structure" payload:"InventoryConfiguration"`
+
+	// Specifies the inventory configuration.
+	InventoryConfiguration *InventoryConfiguration `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetBucketInventoryConfigurationOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetBucketInventoryConfigurationOutput) GoString() string {
+	return s.String()
+}
+
+// SetInventoryConfiguration sets the InventoryConfiguration field's value.
+func (s *GetBucketInventoryConfigurationOutput) SetInventoryConfiguration(v *InventoryConfiguration) *GetBucketInventoryConfigurationOutput {
+	s.InventoryConfiguration = v
+	return s
+}
+
+type GetBucketLifecycleConfigurationInput struct {
+	_ struct{} `locationName:"GetBucketLifecycleConfigurationRequest" type:"structure"`
+
+	// The name of the bucket for which to get the lifecycle information.
+	//
+	// Bucket is a required field
+	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
+
+	// The account ID of the expected bucket owner. If the bucket is owned by a
+	// different account, the request fails with the HTTP status code 403 Forbidden
+	// (access denied).
+	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetBucketLifecycleConfigurationInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetBucketLifecycleConfigurationInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *GetBucketLifecycleConfigurationInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "GetBucketLifecycleConfigurationInput"}
+	if s.Bucket == nil {
+		invalidParams.Add(request.NewErrParamRequired("Bucket"))
+	}
+	if s.Bucket != nil && len(*s.Bucket) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetBucket sets the Bucket field's value.
+func (s *GetBucketLifecycleConfigurationInput) SetBucket(v string) *GetBucketLifecycleConfigurationInput {
+	s.Bucket = &v
+	return s
+}
+
+func (s *GetBucketLifecycleConfigurationInput) getBucket() (v string) {
+	if s.Bucket == nil {
+		return v
+	}
+	return *s.Bucket
+}
+
+// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
+func (s *GetBucketLifecycleConfigurationInput) SetExpectedBucketOwner(v string) *GetBucketLifecycleConfigurationInput {
+	s.ExpectedBucketOwner = &v
+	return s
+}
+
+func (s *GetBucketLifecycleConfigurationInput) getEndpointARN() (arn.Resource, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	return parseEndpointARN(*s.Bucket)
+}
+
+func (s *GetBucketLifecycleConfigurationInput) hasEndpointARN() bool {
+	if s.Bucket == nil {
+		return false
+	}
+	return arn.IsARN(*s.Bucket)
+}
+
+// updateArnableField updates the value of the input field that
+// takes an ARN as an input. This method is useful to backfill
+// the parsed resource name from ARN into the input member.
+// It returns a pointer to a modified copy of input and an error.
+// Note that original input is not modified.
+func (s GetBucketLifecycleConfigurationInput) updateArnableField(v string) (interface{}, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	s.Bucket = aws.String(v)
+	return &s, nil
+}
+
+type GetBucketLifecycleConfigurationOutput struct {
+	_ struct{} `type:"structure"`
+
+	// Container for a lifecycle rule.
+	Rules []*LifecycleRule `locationName:"Rule" type:"list" flattened:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetBucketLifecycleConfigurationOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetBucketLifecycleConfigurationOutput) GoString() string {
+	return s.String()
+}
+
+// SetRules sets the Rules field's value.
+func (s *GetBucketLifecycleConfigurationOutput) SetRules(v []*LifecycleRule) *GetBucketLifecycleConfigurationOutput {
+	s.Rules = v
+	return s
+}
+
+type GetBucketLifecycleInput struct {
+	_ struct{} `locationName:"GetBucketLifecycleRequest" type:"structure"`
+
+	// The name of the bucket for which to get the lifecycle information.
+	//
+	// Bucket is a required field
+	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
+
+	// The account ID of the expected bucket owner. If the bucket is owned by a
+	// different account, the request fails with the HTTP status code 403 Forbidden
+	// (access denied).
+	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetBucketLifecycleInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetBucketLifecycleInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *GetBucketLifecycleInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "GetBucketLifecycleInput"}
+	if s.Bucket == nil {
+		invalidParams.Add(request.NewErrParamRequired("Bucket"))
+	}
+	if s.Bucket != nil && len(*s.Bucket) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetBucket sets the Bucket field's value.
+func (s *GetBucketLifecycleInput) SetBucket(v string) *GetBucketLifecycleInput {
+	s.Bucket = &v
+	return s
+}
+
+func (s *GetBucketLifecycleInput) getBucket() (v string) {
+	if s.Bucket == nil {
+		return v
+	}
+	return *s.Bucket
+}
+
+// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
+func (s *GetBucketLifecycleInput) SetExpectedBucketOwner(v string) *GetBucketLifecycleInput {
+	s.ExpectedBucketOwner = &v
+	return s
+}
+
+func (s *GetBucketLifecycleInput) getEndpointARN() (arn.Resource, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	return parseEndpointARN(*s.Bucket)
+}
+
+func (s *GetBucketLifecycleInput) hasEndpointARN() bool {
+	if s.Bucket == nil {
+		return false
+	}
+	return arn.IsARN(*s.Bucket)
+}
+
+// updateArnableField updates the value of the input field that
+// takes an ARN as an input. This method is useful to backfill
+// the parsed resource name from ARN into the input member.
+// It returns a pointer to a modified copy of input and an error.
+// Note that original input is not modified.
+func (s GetBucketLifecycleInput) updateArnableField(v string) (interface{}, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	s.Bucket = aws.String(v)
+	return &s, nil
+}
+
+type GetBucketLifecycleOutput struct {
+	_ struct{} `type:"structure"`
+
+	// Container for a lifecycle rule.
+	Rules []*Rule `locationName:"Rule" type:"list" flattened:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetBucketLifecycleOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetBucketLifecycleOutput) GoString() string {
+	return s.String()
+}
+
+// SetRules sets the Rules field's value.
+func (s *GetBucketLifecycleOutput) SetRules(v []*Rule) *GetBucketLifecycleOutput {
+	s.Rules = v
+	return s
+}
+
+type GetBucketLocationInput struct {
+	_ struct{} `locationName:"GetBucketLocationRequest" type:"structure"`
+
+	// The name of the bucket for which to get the location.
+	//
+	// To use this API operation against an access point, provide the alias of the
+	// access point in place of the bucket name.
+	//
+	// To use this API operation against an Object Lambda access point, provide
+	// the alias of the Object Lambda access point in place of the bucket name.
+	// If the Object Lambda access point alias in a request is not valid, the error
+	// code InvalidAccessPointAliasError is returned. For more information about
+	// InvalidAccessPointAliasError, see List of Error Codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList).
+	//
+	// Bucket is a required field
+	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
+
+	// The account ID of the expected bucket owner. If the bucket is owned by a
+	// different account, the request fails with the HTTP status code 403 Forbidden
+	// (access denied).
+	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetBucketLocationInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetBucketLocationInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *GetBucketLocationInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "GetBucketLocationInput"}
+	if s.Bucket == nil {
+		invalidParams.Add(request.NewErrParamRequired("Bucket"))
+	}
+	if s.Bucket != nil && len(*s.Bucket) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetBucket sets the Bucket field's value.
+func (s *GetBucketLocationInput) SetBucket(v string) *GetBucketLocationInput {
+	s.Bucket = &v
+	return s
+}
+
+func (s *GetBucketLocationInput) getBucket() (v string) {
+	if s.Bucket == nil {
+		return v
+	}
+	return *s.Bucket
+}
+
+// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
+func (s *GetBucketLocationInput) SetExpectedBucketOwner(v string) *GetBucketLocationInput {
+	s.ExpectedBucketOwner = &v
+	return s
+}
+
+func (s *GetBucketLocationInput) getEndpointARN() (arn.Resource, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	return parseEndpointARN(*s.Bucket)
+}
+
+func (s *GetBucketLocationInput) hasEndpointARN() bool {
+	if s.Bucket == nil {
+		return false
+	}
+	return arn.IsARN(*s.Bucket)
+}
+
+// updateArnableField updates the value of the input field that
+// takes an ARN as an input. This method is useful to backfill
+// the parsed resource name from ARN into the input member.
+// It returns a pointer to a modified copy of input and an error.
+// Note that original input is not modified.
+func (s GetBucketLocationInput) updateArnableField(v string) (interface{}, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	s.Bucket = aws.String(v)
+	return &s, nil
+}
+
+type GetBucketLocationOutput struct {
+	_ struct{} `type:"structure"`
+
+	// Specifies the Region where the bucket resides. For a list of all the Amazon
+	// S3 supported location constraints by Region, see Regions and Endpoints (https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region).
+	// Buckets in Region us-east-1 have a LocationConstraint of null.
+	LocationConstraint *string `type:"string" enum:"BucketLocationConstraint"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetBucketLocationOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetBucketLocationOutput) GoString() string {
+	return s.String()
+}
+
+// SetLocationConstraint sets the LocationConstraint field's value.
+func (s *GetBucketLocationOutput) SetLocationConstraint(v string) *GetBucketLocationOutput {
+	s.LocationConstraint = &v
+	return s
+}
+
+type GetBucketLoggingInput struct {
+	_ struct{} `locationName:"GetBucketLoggingRequest" type:"structure"`
+
+	// The bucket name for which to get the logging information.
+	//
+	// Bucket is a required field
+	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
+
+	// The account ID of the expected bucket owner. If the bucket is owned by a
+	// different account, the request fails with the HTTP status code 403 Forbidden
+	// (access denied).
+	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetBucketLoggingInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetBucketLoggingInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *GetBucketLoggingInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "GetBucketLoggingInput"}
+	if s.Bucket == nil {
+		invalidParams.Add(request.NewErrParamRequired("Bucket"))
+	}
+	if s.Bucket != nil && len(*s.Bucket) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetBucket sets the Bucket field's value.
+func (s *GetBucketLoggingInput) SetBucket(v string) *GetBucketLoggingInput {
+	s.Bucket = &v
+	return s
+}
+
+func (s *GetBucketLoggingInput) getBucket() (v string) {
+	if s.Bucket == nil {
+		return v
+	}
+	return *s.Bucket
+}
+
+// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
+func (s *GetBucketLoggingInput) SetExpectedBucketOwner(v string) *GetBucketLoggingInput {
+	s.ExpectedBucketOwner = &v
+	return s
+}
+
+func (s *GetBucketLoggingInput) getEndpointARN() (arn.Resource, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	return parseEndpointARN(*s.Bucket)
+}
+
+func (s *GetBucketLoggingInput) hasEndpointARN() bool {
+	if s.Bucket == nil {
+		return false
+	}
+	return arn.IsARN(*s.Bucket)
+}
+
+// updateArnableField updates the value of the input field that
+// takes an ARN as an input. This method is useful to backfill
+// the parsed resource name from ARN into the input member.
+// It returns a pointer to a modified copy of input and an error.
+// Note that original input is not modified.
+func (s GetBucketLoggingInput) updateArnableField(v string) (interface{}, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	s.Bucket = aws.String(v)
+	return &s, nil
+}
+
+type GetBucketLoggingOutput struct {
+	_ struct{} `type:"structure"`
+
+	// Describes where logs are stored and the prefix that Amazon S3 assigns to
+	// all log object keys for a bucket. For more information, see PUT Bucket logging
+	// (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTlogging.html)
+	// in the Amazon S3 API Reference.
+	LoggingEnabled *LoggingEnabled `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetBucketLoggingOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetBucketLoggingOutput) GoString() string {
+	return s.String()
+}
+
+// SetLoggingEnabled sets the LoggingEnabled field's value.
+func (s *GetBucketLoggingOutput) SetLoggingEnabled(v *LoggingEnabled) *GetBucketLoggingOutput {
+	s.LoggingEnabled = v
+	return s
+}
+
+type GetBucketMetricsConfigurationInput struct {
+	_ struct{} `locationName:"GetBucketMetricsConfigurationRequest" type:"structure"`
+
+	// The name of the bucket containing the metrics configuration to retrieve.
+	//
+	// Bucket is a required field
+	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
+
+	// The account ID of the expected bucket owner. If the bucket is owned by a
+	// different account, the request fails with the HTTP status code 403 Forbidden
+	// (access denied).
+	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
+
+	// The ID used to identify the metrics configuration. The ID has a 64 character
+	// limit and can only contain letters, numbers, periods, dashes, and underscores.
+	//
+	// Id is a required field
+	Id *string `location:"querystring" locationName:"id" type:"string" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetBucketMetricsConfigurationInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetBucketMetricsConfigurationInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *GetBucketMetricsConfigurationInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "GetBucketMetricsConfigurationInput"}
+	if s.Bucket == nil {
+		invalidParams.Add(request.NewErrParamRequired("Bucket"))
+	}
+	if s.Bucket != nil && len(*s.Bucket) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+	}
+	if s.Id == nil {
+		invalidParams.Add(request.NewErrParamRequired("Id"))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetBucket sets the Bucket field's value.
+func (s *GetBucketMetricsConfigurationInput) SetBucket(v string) *GetBucketMetricsConfigurationInput {
+	s.Bucket = &v
+	return s
+}
+
+func (s *GetBucketMetricsConfigurationInput) getBucket() (v string) {
+	if s.Bucket == nil {
+		return v
+	}
+	return *s.Bucket
+}
+
+// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
+func (s *GetBucketMetricsConfigurationInput) SetExpectedBucketOwner(v string) *GetBucketMetricsConfigurationInput {
+	s.ExpectedBucketOwner = &v
+	return s
+}
+
+// SetId sets the Id field's value.
+func (s *GetBucketMetricsConfigurationInput) SetId(v string) *GetBucketMetricsConfigurationInput {
+	s.Id = &v
+	return s
+}
+
+func (s *GetBucketMetricsConfigurationInput) getEndpointARN() (arn.Resource, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	return parseEndpointARN(*s.Bucket)
+}
+
+func (s *GetBucketMetricsConfigurationInput) hasEndpointARN() bool {
+	if s.Bucket == nil {
+		return false
+	}
+	return arn.IsARN(*s.Bucket)
+}
+
+// updateArnableField updates the value of the input field that
+// takes an ARN as an input. This method is useful to backfill
+// the parsed resource name from ARN into the input member.
+// It returns a pointer to a modified copy of input and an error.
+// Note that original input is not modified.
+func (s GetBucketMetricsConfigurationInput) updateArnableField(v string) (interface{}, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	s.Bucket = aws.String(v)
+	return &s, nil
+}
+
+type GetBucketMetricsConfigurationOutput struct {
+	_ struct{} `type:"structure" payload:"MetricsConfiguration"`
+
+	// Specifies the metrics configuration.
+	MetricsConfiguration *MetricsConfiguration `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetBucketMetricsConfigurationOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetBucketMetricsConfigurationOutput) GoString() string {
+	return s.String()
+}
+
+// SetMetricsConfiguration sets the MetricsConfiguration field's value.
+func (s *GetBucketMetricsConfigurationOutput) SetMetricsConfiguration(v *MetricsConfiguration) *GetBucketMetricsConfigurationOutput {
+	s.MetricsConfiguration = v
+	return s
+}
+
+type GetBucketNotificationConfigurationRequest struct {
+	_ struct{} `locationName:"GetBucketNotificationConfigurationRequest" type:"structure"`
+
+	// The name of the bucket for which to get the notification configuration.
+	//
+	// To use this API operation against an access point, provide the alias of the
+	// access point in place of the bucket name.
+	//
+	// To use this API operation against an Object Lambda access point, provide
+	// the alias of the Object Lambda access point in place of the bucket name.
+	// If the Object Lambda access point alias in a request is not valid, the error
+	// code InvalidAccessPointAliasError is returned. For more information about
+	// InvalidAccessPointAliasError, see List of Error Codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList).
+	//
+	// Bucket is a required field
+	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
+
+	// The account ID of the expected bucket owner. If the bucket is owned by a
+	// different account, the request fails with the HTTP status code 403 Forbidden
+	// (access denied).
+	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetBucketNotificationConfigurationRequest) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetBucketNotificationConfigurationRequest) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *GetBucketNotificationConfigurationRequest) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "GetBucketNotificationConfigurationRequest"}
+	if s.Bucket == nil {
+		invalidParams.Add(request.NewErrParamRequired("Bucket"))
+	}
+	if s.Bucket != nil && len(*s.Bucket) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetBucket sets the Bucket field's value.
+func (s *GetBucketNotificationConfigurationRequest) SetBucket(v string) *GetBucketNotificationConfigurationRequest {
+	s.Bucket = &v
+	return s
+}
+
+func (s *GetBucketNotificationConfigurationRequest) getBucket() (v string) {
+	if s.Bucket == nil {
+		return v
+	}
+	return *s.Bucket
+}
+
+// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
+func (s *GetBucketNotificationConfigurationRequest) SetExpectedBucketOwner(v string) *GetBucketNotificationConfigurationRequest {
+	s.ExpectedBucketOwner = &v
+	return s
+}
+
+func (s *GetBucketNotificationConfigurationRequest) getEndpointARN() (arn.Resource, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	return parseEndpointARN(*s.Bucket)
+}
+
+func (s *GetBucketNotificationConfigurationRequest) hasEndpointARN() bool {
+	if s.Bucket == nil {
+		return false
+	}
+	return arn.IsARN(*s.Bucket)
+}
+
+// updateArnableField updates the value of the input field that
+// takes an ARN as an input. This method is useful to backfill
+// the parsed resource name from ARN into the input member.
+// It returns a pointer to a modified copy of input and an error.
+// Note that original input is not modified.
+func (s GetBucketNotificationConfigurationRequest) updateArnableField(v string) (interface{}, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	s.Bucket = aws.String(v)
+	return &s, nil
+}
+
+type GetBucketOwnershipControlsInput struct {
+	_ struct{} `locationName:"GetBucketOwnershipControlsRequest" type:"structure"`
+
+	// The name of the Amazon S3 bucket whose OwnershipControls you want to retrieve.
+	//
+	// Bucket is a required field
+	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
+
+	// The account ID of the expected bucket owner. If the bucket is owned by a
+	// different account, the request fails with the HTTP status code 403 Forbidden
+	// (access denied).
+	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetBucketOwnershipControlsInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetBucketOwnershipControlsInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *GetBucketOwnershipControlsInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "GetBucketOwnershipControlsInput"}
+	if s.Bucket == nil {
+		invalidParams.Add(request.NewErrParamRequired("Bucket"))
+	}
+	if s.Bucket != nil && len(*s.Bucket) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetBucket sets the Bucket field's value.
+func (s *GetBucketOwnershipControlsInput) SetBucket(v string) *GetBucketOwnershipControlsInput {
+	s.Bucket = &v
+	return s
+}
+
+func (s *GetBucketOwnershipControlsInput) getBucket() (v string) {
+	if s.Bucket == nil {
+		return v
+	}
+	return *s.Bucket
+}
+
+// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
+func (s *GetBucketOwnershipControlsInput) SetExpectedBucketOwner(v string) *GetBucketOwnershipControlsInput {
+	s.ExpectedBucketOwner = &v
+	return s
+}
+
+func (s *GetBucketOwnershipControlsInput) getEndpointARN() (arn.Resource, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	return parseEndpointARN(*s.Bucket)
+}
+
+func (s *GetBucketOwnershipControlsInput) hasEndpointARN() bool {
+	if s.Bucket == nil {
+		return false
+	}
+	return arn.IsARN(*s.Bucket)
+}
+
+// updateArnableField updates the value of the input field that
+// takes an ARN as an input. This method is useful to backfill
+// the parsed resource name from ARN into the input member.
+// It returns a pointer to a modified copy of input and an error.
+// Note that original input is not modified.
+func (s GetBucketOwnershipControlsInput) updateArnableField(v string) (interface{}, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	s.Bucket = aws.String(v)
+	return &s, nil
+}
+
+type GetBucketOwnershipControlsOutput struct {
+	_ struct{} `type:"structure" payload:"OwnershipControls"`
+
+	// The OwnershipControls (BucketOwnerEnforced, BucketOwnerPreferred, or ObjectWriter)
+	// currently in effect for this Amazon S3 bucket.
+	OwnershipControls *OwnershipControls `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetBucketOwnershipControlsOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetBucketOwnershipControlsOutput) GoString() string {
+	return s.String()
+}
+
+// SetOwnershipControls sets the OwnershipControls field's value.
+func (s *GetBucketOwnershipControlsOutput) SetOwnershipControls(v *OwnershipControls) *GetBucketOwnershipControlsOutput {
+	s.OwnershipControls = v
+	return s
+}
+
+type GetBucketPolicyInput struct {
+	_ struct{} `locationName:"GetBucketPolicyRequest" type:"structure"`
+
+	// The bucket name for which to get the bucket policy.
+	//
+	// To use this API operation against an access point, provide the alias of the
+	// access point in place of the bucket name.
+	//
+	// To use this API operation against an Object Lambda access point, provide
+	// the alias of the Object Lambda access point in place of the bucket name.
+	// If the Object Lambda access point alias in a request is not valid, the error
+	// code InvalidAccessPointAliasError is returned. For more information about
+	// InvalidAccessPointAliasError, see List of Error Codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList).
+	//
+	// Bucket is a required field
+	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
+
+	// The account ID of the expected bucket owner. If the bucket is owned by a
+	// different account, the request fails with the HTTP status code 403 Forbidden
+	// (access denied).
+	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetBucketPolicyInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetBucketPolicyInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *GetBucketPolicyInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "GetBucketPolicyInput"}
+	if s.Bucket == nil {
+		invalidParams.Add(request.NewErrParamRequired("Bucket"))
+	}
+	if s.Bucket != nil && len(*s.Bucket) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetBucket sets the Bucket field's value.
+func (s *GetBucketPolicyInput) SetBucket(v string) *GetBucketPolicyInput {
+	s.Bucket = &v
+	return s
+}
+
+func (s *GetBucketPolicyInput) getBucket() (v string) {
+	if s.Bucket == nil {
+		return v
+	}
+	return *s.Bucket
+}
+
+// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
+func (s *GetBucketPolicyInput) SetExpectedBucketOwner(v string) *GetBucketPolicyInput {
+	s.ExpectedBucketOwner = &v
+	return s
+}
+
+func (s *GetBucketPolicyInput) getEndpointARN() (arn.Resource, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	return parseEndpointARN(*s.Bucket)
+}
+
+func (s *GetBucketPolicyInput) hasEndpointARN() bool {
+	if s.Bucket == nil {
+		return false
+	}
+	return arn.IsARN(*s.Bucket)
+}
+
+// updateArnableField updates the value of the input field that
+// takes an ARN as an input. This method is useful to backfill
+// the parsed resource name from ARN into the input member.
+// It returns a pointer to a modified copy of input and an error.
+// Note that original input is not modified.
+func (s GetBucketPolicyInput) updateArnableField(v string) (interface{}, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	s.Bucket = aws.String(v)
+	return &s, nil
+}
+
+type GetBucketPolicyOutput struct {
+	_ struct{} `type:"structure" payload:"Policy"`
+
+	// The bucket policy as a JSON document.
+	Policy *string `type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetBucketPolicyOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetBucketPolicyOutput) GoString() string {
+	return s.String()
+}
+
+// SetPolicy sets the Policy field's value.
+func (s *GetBucketPolicyOutput) SetPolicy(v string) *GetBucketPolicyOutput {
+	s.Policy = &v
+	return s
+}
+
+type GetBucketPolicyStatusInput struct {
+	_ struct{} `locationName:"GetBucketPolicyStatusRequest" type:"structure"`
+
+	// The name of the Amazon S3 bucket whose policy status you want to retrieve.
+	//
+	// Bucket is a required field
+	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
+
+	// The account ID of the expected bucket owner. If the bucket is owned by a
+	// different account, the request fails with the HTTP status code 403 Forbidden
+	// (access denied).
+	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetBucketPolicyStatusInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetBucketPolicyStatusInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *GetBucketPolicyStatusInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "GetBucketPolicyStatusInput"}
+	if s.Bucket == nil {
+		invalidParams.Add(request.NewErrParamRequired("Bucket"))
+	}
+	if s.Bucket != nil && len(*s.Bucket) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetBucket sets the Bucket field's value.
+func (s *GetBucketPolicyStatusInput) SetBucket(v string) *GetBucketPolicyStatusInput {
+	s.Bucket = &v
+	return s
+}
+
+func (s *GetBucketPolicyStatusInput) getBucket() (v string) {
+	if s.Bucket == nil {
+		return v
+	}
+	return *s.Bucket
+}
+
+// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
+func (s *GetBucketPolicyStatusInput) SetExpectedBucketOwner(v string) *GetBucketPolicyStatusInput {
+	s.ExpectedBucketOwner = &v
+	return s
+}
+
+func (s *GetBucketPolicyStatusInput) getEndpointARN() (arn.Resource, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	return parseEndpointARN(*s.Bucket)
+}
+
+func (s *GetBucketPolicyStatusInput) hasEndpointARN() bool {
+	if s.Bucket == nil {
+		return false
+	}
+	return arn.IsARN(*s.Bucket)
+}
+
+// updateArnableField updates the value of the input field that
+// takes an ARN as an input. This method is useful to backfill
+// the parsed resource name from ARN into the input member.
+// It returns a pointer to a modified copy of input and an error.
+// Note that original input is not modified.
+func (s GetBucketPolicyStatusInput) updateArnableField(v string) (interface{}, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	s.Bucket = aws.String(v)
+	return &s, nil
+}
+
+type GetBucketPolicyStatusOutput struct {
+	_ struct{} `type:"structure" payload:"PolicyStatus"`
+
+	// The policy status for the specified bucket.
+	PolicyStatus *PolicyStatus `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetBucketPolicyStatusOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetBucketPolicyStatusOutput) GoString() string {
+	return s.String()
+}
+
+// SetPolicyStatus sets the PolicyStatus field's value.
+func (s *GetBucketPolicyStatusOutput) SetPolicyStatus(v *PolicyStatus) *GetBucketPolicyStatusOutput {
+	s.PolicyStatus = v
+	return s
+}
+
+type GetBucketReplicationInput struct {
+	_ struct{} `locationName:"GetBucketReplicationRequest" type:"structure"`
+
+	// The bucket name for which to get the replication information.
+	//
+	// Bucket is a required field
+	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
+
+	// The account ID of the expected bucket owner. If the bucket is owned by a
+	// different account, the request fails with the HTTP status code 403 Forbidden
+	// (access denied).
+	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetBucketReplicationInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetBucketReplicationInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *GetBucketReplicationInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "GetBucketReplicationInput"}
+	if s.Bucket == nil {
+		invalidParams.Add(request.NewErrParamRequired("Bucket"))
+	}
+	if s.Bucket != nil && len(*s.Bucket) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetBucket sets the Bucket field's value.
+func (s *GetBucketReplicationInput) SetBucket(v string) *GetBucketReplicationInput {
+	s.Bucket = &v
+	return s
+}
+
+func (s *GetBucketReplicationInput) getBucket() (v string) {
+	if s.Bucket == nil {
+		return v
+	}
+	return *s.Bucket
+}
+
+// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
+func (s *GetBucketReplicationInput) SetExpectedBucketOwner(v string) *GetBucketReplicationInput {
+	s.ExpectedBucketOwner = &v
+	return s
+}
+
+func (s *GetBucketReplicationInput) getEndpointARN() (arn.Resource, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	return parseEndpointARN(*s.Bucket)
+}
+
+func (s *GetBucketReplicationInput) hasEndpointARN() bool {
+	if s.Bucket == nil {
+		return false
+	}
+	return arn.IsARN(*s.Bucket)
+}
+
+// updateArnableField updates the value of the input field that
+// takes an ARN as an input. This method is useful to backfill
+// the parsed resource name from ARN into the input member.
+// It returns a pointer to a modified copy of input and an error.
+// Note that original input is not modified.
+func (s GetBucketReplicationInput) updateArnableField(v string) (interface{}, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	s.Bucket = aws.String(v)
+	return &s, nil
+}
+
+type GetBucketReplicationOutput struct {
+	_ struct{} `type:"structure" payload:"ReplicationConfiguration"`
+
+	// A container for replication rules. You can add up to 1,000 rules. The maximum
+	// size of a replication configuration is 2 MB.
+	ReplicationConfiguration *ReplicationConfiguration `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetBucketReplicationOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetBucketReplicationOutput) GoString() string {
+	return s.String()
+}
+
+// SetReplicationConfiguration sets the ReplicationConfiguration field's value.
+func (s *GetBucketReplicationOutput) SetReplicationConfiguration(v *ReplicationConfiguration) *GetBucketReplicationOutput {
+	s.ReplicationConfiguration = v
+	return s
+}
+
+type GetBucketRequestPaymentInput struct {
+	_ struct{} `locationName:"GetBucketRequestPaymentRequest" type:"structure"`
+
+	// The name of the bucket for which to get the payment request configuration
+	//
+	// Bucket is a required field
+	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
+
+	// The account ID of the expected bucket owner. If the bucket is owned by a
+	// different account, the request fails with the HTTP status code 403 Forbidden
+	// (access denied).
+	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetBucketRequestPaymentInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetBucketRequestPaymentInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *GetBucketRequestPaymentInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "GetBucketRequestPaymentInput"}
+	if s.Bucket == nil {
+		invalidParams.Add(request.NewErrParamRequired("Bucket"))
+	}
+	if s.Bucket != nil && len(*s.Bucket) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetBucket sets the Bucket field's value.
+func (s *GetBucketRequestPaymentInput) SetBucket(v string) *GetBucketRequestPaymentInput {
+	s.Bucket = &v
+	return s
+}
+
+func (s *GetBucketRequestPaymentInput) getBucket() (v string) {
+	if s.Bucket == nil {
+		return v
+	}
+	return *s.Bucket
+}
+
+// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
+func (s *GetBucketRequestPaymentInput) SetExpectedBucketOwner(v string) *GetBucketRequestPaymentInput {
+	s.ExpectedBucketOwner = &v
+	return s
+}
+
+func (s *GetBucketRequestPaymentInput) getEndpointARN() (arn.Resource, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	return parseEndpointARN(*s.Bucket)
+}
+
+func (s *GetBucketRequestPaymentInput) hasEndpointARN() bool {
+	if s.Bucket == nil {
+		return false
+	}
+	return arn.IsARN(*s.Bucket)
+}
+
+// updateArnableField updates the value of the input field that
+// takes an ARN as an input. This method is useful to backfill
+// the parsed resource name from ARN into the input member.
+// It returns a pointer to a modified copy of input and an error.
+// Note that original input is not modified.
+func (s GetBucketRequestPaymentInput) updateArnableField(v string) (interface{}, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	s.Bucket = aws.String(v)
+	return &s, nil
+}
+
+type GetBucketRequestPaymentOutput struct {
+	_ struct{} `type:"structure"`
+
+	// Specifies who pays for the download and request fees.
+	Payer *string `type:"string" enum:"Payer"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetBucketRequestPaymentOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetBucketRequestPaymentOutput) GoString() string {
+	return s.String()
+}
+
+// SetPayer sets the Payer field's value.
+func (s *GetBucketRequestPaymentOutput) SetPayer(v string) *GetBucketRequestPaymentOutput {
+	s.Payer = &v
+	return s
+}
+
+type GetBucketTaggingInput struct {
+	_ struct{} `locationName:"GetBucketTaggingRequest" type:"structure"`
+
+	// The name of the bucket for which to get the tagging information.
+	//
+	// Bucket is a required field
+	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
+
+	// The account ID of the expected bucket owner. If the bucket is owned by a
+	// different account, the request fails with the HTTP status code 403 Forbidden
+	// (access denied).
+	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetBucketTaggingInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetBucketTaggingInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *GetBucketTaggingInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "GetBucketTaggingInput"}
+	if s.Bucket == nil {
+		invalidParams.Add(request.NewErrParamRequired("Bucket"))
+	}
+	if s.Bucket != nil && len(*s.Bucket) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetBucket sets the Bucket field's value.
+func (s *GetBucketTaggingInput) SetBucket(v string) *GetBucketTaggingInput {
+	s.Bucket = &v
+	return s
+}
+
+func (s *GetBucketTaggingInput) getBucket() (v string) {
+	if s.Bucket == nil {
+		return v
+	}
+	return *s.Bucket
+}
+
+// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
+func (s *GetBucketTaggingInput) SetExpectedBucketOwner(v string) *GetBucketTaggingInput {
+	s.ExpectedBucketOwner = &v
+	return s
+}
+
+func (s *GetBucketTaggingInput) getEndpointARN() (arn.Resource, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	return parseEndpointARN(*s.Bucket)
+}
+
+func (s *GetBucketTaggingInput) hasEndpointARN() bool {
+	if s.Bucket == nil {
+		return false
+	}
+	return arn.IsARN(*s.Bucket)
+}
+
+// updateArnableField updates the value of the input field that
+// takes an ARN as an input. This method is useful to backfill
+// the parsed resource name from ARN into the input member.
+// It returns a pointer to a modified copy of input and an error.
+// Note that original input is not modified.
+func (s GetBucketTaggingInput) updateArnableField(v string) (interface{}, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	s.Bucket = aws.String(v)
+	return &s, nil
+}
+
+type GetBucketTaggingOutput struct {
+	_ struct{} `type:"structure"`
+
+	// Contains the tag set.
+	//
+	// TagSet is a required field
+	TagSet []*Tag `locationNameList:"Tag" type:"list" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetBucketTaggingOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetBucketTaggingOutput) GoString() string {
+	return s.String()
+}
+
+// SetTagSet sets the TagSet field's value.
+func (s *GetBucketTaggingOutput) SetTagSet(v []*Tag) *GetBucketTaggingOutput {
+	s.TagSet = v
+	return s
+}
+
+type GetBucketVersioningInput struct {
+	_ struct{} `locationName:"GetBucketVersioningRequest" type:"structure"`
+
+	// The name of the bucket for which to get the versioning information.
+	//
+	// Bucket is a required field
+	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
+
+	// The account ID of the expected bucket owner. If the bucket is owned by a
+	// different account, the request fails with the HTTP status code 403 Forbidden
+	// (access denied).
+	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetBucketVersioningInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetBucketVersioningInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *GetBucketVersioningInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "GetBucketVersioningInput"}
+	if s.Bucket == nil {
+		invalidParams.Add(request.NewErrParamRequired("Bucket"))
+	}
+	if s.Bucket != nil && len(*s.Bucket) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetBucket sets the Bucket field's value.
+func (s *GetBucketVersioningInput) SetBucket(v string) *GetBucketVersioningInput {
+	s.Bucket = &v
+	return s
+}
+
+func (s *GetBucketVersioningInput) getBucket() (v string) {
+	if s.Bucket == nil {
+		return v
+	}
+	return *s.Bucket
+}
+
+// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
+func (s *GetBucketVersioningInput) SetExpectedBucketOwner(v string) *GetBucketVersioningInput {
+	s.ExpectedBucketOwner = &v
+	return s
+}
+
+func (s *GetBucketVersioningInput) getEndpointARN() (arn.Resource, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	return parseEndpointARN(*s.Bucket)
+}
+
+func (s *GetBucketVersioningInput) hasEndpointARN() bool {
+	if s.Bucket == nil {
+		return false
+	}
+	return arn.IsARN(*s.Bucket)
+}
+
+// updateArnableField updates the value of the input field that
+// takes an ARN as an input. This method is useful to backfill
+// the parsed resource name from ARN into the input member.
+// It returns a pointer to a modified copy of input and an error.
+// Note that original input is not modified.
+func (s GetBucketVersioningInput) updateArnableField(v string) (interface{}, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	s.Bucket = aws.String(v)
+	return &s, nil
+}
+
+type GetBucketVersioningOutput struct {
+	_ struct{} `type:"structure"`
+
+	// Specifies whether MFA delete is enabled in the bucket versioning configuration.
+	// This element is only returned if the bucket has been configured with MFA
+	// delete. If the bucket has never been so configured, this element is not returned.
+	MFADelete *string `locationName:"MfaDelete" type:"string" enum:"MFADeleteStatus"`
+
+	// The versioning state of the bucket.
+	Status *string `type:"string" enum:"BucketVersioningStatus"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetBucketVersioningOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetBucketVersioningOutput) GoString() string {
+	return s.String()
+}
+
+// SetMFADelete sets the MFADelete field's value.
+func (s *GetBucketVersioningOutput) SetMFADelete(v string) *GetBucketVersioningOutput {
+	s.MFADelete = &v
+	return s
+}
+
+// SetStatus sets the Status field's value.
+func (s *GetBucketVersioningOutput) SetStatus(v string) *GetBucketVersioningOutput {
+	s.Status = &v
+	return s
+}
+
+type GetBucketWebsiteInput struct {
+	_ struct{} `locationName:"GetBucketWebsiteRequest" type:"structure"`
+
+	// The bucket name for which to get the website configuration.
+	//
+	// Bucket is a required field
+	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
+
+	// The account ID of the expected bucket owner. If the bucket is owned by a
+	// different account, the request fails with the HTTP status code 403 Forbidden
+	// (access denied).
+	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetBucketWebsiteInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetBucketWebsiteInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *GetBucketWebsiteInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "GetBucketWebsiteInput"}
+	if s.Bucket == nil {
+		invalidParams.Add(request.NewErrParamRequired("Bucket"))
+	}
+	if s.Bucket != nil && len(*s.Bucket) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetBucket sets the Bucket field's value.
+func (s *GetBucketWebsiteInput) SetBucket(v string) *GetBucketWebsiteInput {
+	s.Bucket = &v
+	return s
+}
+
+func (s *GetBucketWebsiteInput) getBucket() (v string) {
+	if s.Bucket == nil {
+		return v
+	}
+	return *s.Bucket
+}
+
+// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
+func (s *GetBucketWebsiteInput) SetExpectedBucketOwner(v string) *GetBucketWebsiteInput {
+	s.ExpectedBucketOwner = &v
+	return s
+}
+
+func (s *GetBucketWebsiteInput) getEndpointARN() (arn.Resource, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	return parseEndpointARN(*s.Bucket)
+}
+
+func (s *GetBucketWebsiteInput) hasEndpointARN() bool {
+	if s.Bucket == nil {
+		return false
+	}
+	return arn.IsARN(*s.Bucket)
+}
+
+// updateArnableField updates the value of the input field that
+// takes an ARN as an input. This method is useful to backfill
+// the parsed resource name from ARN into the input member.
+// It returns a pointer to a modified copy of input and an error.
+// Note that original input is not modified.
+func (s GetBucketWebsiteInput) updateArnableField(v string) (interface{}, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	s.Bucket = aws.String(v)
+	return &s, nil
+}
+
+type GetBucketWebsiteOutput struct {
+	_ struct{} `type:"structure"`
+
+	// The object key name of the website error document to use for 4XX class errors.
+	ErrorDocument *ErrorDocument `type:"structure"`
+
+	// The name of the index document for the website (for example index.html).
+	IndexDocument *IndexDocument `type:"structure"`
+
+	// Specifies the redirect behavior of all requests to a website endpoint of
+	// an Amazon S3 bucket.
+	RedirectAllRequestsTo *RedirectAllRequestsTo `type:"structure"`
+
+	// Rules that define when a redirect is applied and the redirect behavior.
+	RoutingRules []*RoutingRule `locationNameList:"RoutingRule" type:"list"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetBucketWebsiteOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetBucketWebsiteOutput) GoString() string {
+	return s.String()
+}
+
+// SetErrorDocument sets the ErrorDocument field's value.
+func (s *GetBucketWebsiteOutput) SetErrorDocument(v *ErrorDocument) *GetBucketWebsiteOutput {
+	s.ErrorDocument = v
+	return s
+}
+
+// SetIndexDocument sets the IndexDocument field's value.
+func (s *GetBucketWebsiteOutput) SetIndexDocument(v *IndexDocument) *GetBucketWebsiteOutput {
+	s.IndexDocument = v
+	return s
+}
+
+// SetRedirectAllRequestsTo sets the RedirectAllRequestsTo field's value.
+func (s *GetBucketWebsiteOutput) SetRedirectAllRequestsTo(v *RedirectAllRequestsTo) *GetBucketWebsiteOutput {
+	s.RedirectAllRequestsTo = v
+	return s
+}
+
+// SetRoutingRules sets the RoutingRules field's value.
+func (s *GetBucketWebsiteOutput) SetRoutingRules(v []*RoutingRule) *GetBucketWebsiteOutput {
+	s.RoutingRules = v
+	return s
+}
+
+type GetObjectAclInput struct {
+	_ struct{} `locationName:"GetObjectAclRequest" type:"structure"`
+
+	// The bucket name that contains the object for which to get the ACL information.
+	//
+	// When using this action with an access point, you must direct requests to
+	// the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com.
+	// When using this action with an access point through the Amazon Web Services
+	// SDKs, you provide the access point ARN in place of the bucket name. For more
+	// information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
+	// in the Amazon S3 User Guide.
+	//
+	// Bucket is a required field
+	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
+
+	// The account ID of the expected bucket owner. If the bucket is owned by a
+	// different account, the request fails with the HTTP status code 403 Forbidden
+	// (access denied).
+	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
+
+	// The key of the object for which to get the ACL information.
+	//
+	// Key is a required field
+	Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"`
+
+	// Confirms that the requester knows that they will be charged for the request.
+	// Bucket owners need not specify this parameter in their requests. For information
+	// about downloading objects from Requester Pays buckets, see Downloading Objects
+	// in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
+	// in the Amazon S3 User Guide.
+	RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"`
+
+	// VersionId used to reference a specific version of the object.
+	VersionId *string `location:"querystring" locationName:"versionId" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetObjectAclInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetObjectAclInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *GetObjectAclInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "GetObjectAclInput"}
+	if s.Bucket == nil {
+		invalidParams.Add(request.NewErrParamRequired("Bucket"))
+	}
+	if s.Bucket != nil && len(*s.Bucket) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+	}
+	if s.Key == nil {
+		invalidParams.Add(request.NewErrParamRequired("Key"))
+	}
+	if s.Key != nil && len(*s.Key) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Key", 1))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetBucket sets the Bucket field's value.
+func (s *GetObjectAclInput) SetBucket(v string) *GetObjectAclInput {
+	s.Bucket = &v
+	return s
+}
+
+func (s *GetObjectAclInput) getBucket() (v string) {
+	if s.Bucket == nil {
+		return v
+	}
+	return *s.Bucket
+}
+
+// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
+func (s *GetObjectAclInput) SetExpectedBucketOwner(v string) *GetObjectAclInput {
+	s.ExpectedBucketOwner = &v
+	return s
+}
+
+// SetKey sets the Key field's value.
+func (s *GetObjectAclInput) SetKey(v string) *GetObjectAclInput {
+	s.Key = &v
+	return s
+}
+
+// SetRequestPayer sets the RequestPayer field's value.
+func (s *GetObjectAclInput) SetRequestPayer(v string) *GetObjectAclInput {
+	s.RequestPayer = &v
+	return s
+}
+
+// SetVersionId sets the VersionId field's value.
+func (s *GetObjectAclInput) SetVersionId(v string) *GetObjectAclInput {
+	s.VersionId = &v
+	return s
+}
+
+func (s *GetObjectAclInput) getEndpointARN() (arn.Resource, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	return parseEndpointARN(*s.Bucket)
+}
+
+func (s *GetObjectAclInput) hasEndpointARN() bool {
+	if s.Bucket == nil {
+		return false
+	}
+	return arn.IsARN(*s.Bucket)
+}
+
+// updateArnableField updates the value of the input field that
+// takes an ARN as an input. This method is useful to backfill
+// the parsed resource name from ARN into the input member.
+// It returns a pointer to a modified copy of input and an error.
+// Note that original input is not modified.
+func (s GetObjectAclInput) updateArnableField(v string) (interface{}, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	s.Bucket = aws.String(v)
+	return &s, nil
+}
+
+type GetObjectAclOutput struct {
+	_ struct{} `type:"structure"`
+
+	// A list of grants.
+	Grants []*Grant `locationName:"AccessControlList" locationNameList:"Grant" type:"list"`
+
+	// Container for the bucket owner's display name and ID.
+	Owner *Owner `type:"structure"`
+
+	// If present, indicates that the requester was successfully charged for the
+	// request.
+	RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetObjectAclOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetObjectAclOutput) GoString() string {
+	return s.String()
+}
+
+// SetGrants sets the Grants field's value.
+func (s *GetObjectAclOutput) SetGrants(v []*Grant) *GetObjectAclOutput {
+	s.Grants = v
+	return s
+}
+
+// SetOwner sets the Owner field's value.
+func (s *GetObjectAclOutput) SetOwner(v *Owner) *GetObjectAclOutput {
+	s.Owner = v
+	return s
+}
+
+// SetRequestCharged sets the RequestCharged field's value.
+func (s *GetObjectAclOutput) SetRequestCharged(v string) *GetObjectAclOutput {
+	s.RequestCharged = &v
+	return s
+}
+
+type GetObjectAttributesInput struct {
+	_ struct{} `locationName:"GetObjectAttributesRequest" type:"structure"`
+
+	// The name of the bucket that contains the object.
+	//
+	// When using this action with an access point, you must direct requests to
+	// the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com.
+	// When using this action with an access point through the Amazon Web Services
+	// SDKs, you provide the access point ARN in place of the bucket name. For more
+	// information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
+	// in the Amazon S3 User Guide.
+	//
+	// When you use this action with Amazon S3 on Outposts, you must direct requests
+	// to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form
+	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When
+	// you use this action with S3 on Outposts through the Amazon Web Services SDKs,
+	// you provide the Outposts access point ARN in place of the bucket name. For
+	// more information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
+	// in the Amazon S3 User Guide.
+	//
+	// Bucket is a required field
+	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
+
+	// The account ID of the expected bucket owner. If the bucket is owned by a
+	// different account, the request fails with the HTTP status code 403 Forbidden
+	// (access denied).
+	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
+
+	// The object key.
+	//
+	// Key is a required field
+	Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"`
+
+	// Sets the maximum number of parts to return.
+	MaxParts *int64 `location:"header" locationName:"x-amz-max-parts" type:"integer"`
+
+	// An XML header that specifies the fields at the root level that you want returned
+	// in the response. Fields that you do not specify are not returned.
+	//
+	// ObjectAttributes is a required field
+	ObjectAttributes []*string `location:"header" locationName:"x-amz-object-attributes" type:"list" required:"true" enum:"ObjectAttributes"`
+
+	// Specifies the part after which listing should begin. Only parts with higher
+	// part numbers will be listed.
+	PartNumberMarker *int64 `location:"header" locationName:"x-amz-part-number-marker" type:"integer"`
+
+	// Confirms that the requester knows that they will be charged for the request.
+	// Bucket owners need not specify this parameter in their requests. For information
+	// about downloading objects from Requester Pays buckets, see Downloading Objects
+	// in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
+	// in the Amazon S3 User Guide.
+	RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"`
+
+	// Specifies the algorithm to use when encrypting the object (for example, AES256).
+	SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"`
+
+	// Specifies the customer-provided encryption key for Amazon S3 to use in encrypting
+	// data. This value is used to store the object and then it is discarded; Amazon
+	// S3 does not store the encryption key. The key must be appropriate for use
+	// with the algorithm specified in the x-amz-server-side-encryption-customer-algorithm
+	// header.
+	//
+	// SSECustomerKey is a sensitive parameter and its value will be
+	// replaced with "sensitive" in string returned by GetObjectAttributesInput's
+	// String and GoString methods.
+	SSECustomerKey *string `marshal-as:"blob" location:"header" locationName:"x-amz-server-side-encryption-customer-key" type:"string" sensitive:"true"`
+
+	// Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321.
+	// Amazon S3 uses this header for a message integrity check to ensure that the
+	// encryption key was transmitted without error.
+	SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"`
+
+	// The version ID used to reference a specific version of the object.
+	VersionId *string `location:"querystring" locationName:"versionId" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetObjectAttributesInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetObjectAttributesInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *GetObjectAttributesInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "GetObjectAttributesInput"}
+	if s.Bucket == nil {
+		invalidParams.Add(request.NewErrParamRequired("Bucket"))
+	}
+	if s.Bucket != nil && len(*s.Bucket) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+	}
+	if s.Key == nil {
+		invalidParams.Add(request.NewErrParamRequired("Key"))
+	}
+	if s.Key != nil && len(*s.Key) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Key", 1))
+	}
+	if s.ObjectAttributes == nil {
+		invalidParams.Add(request.NewErrParamRequired("ObjectAttributes"))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetBucket sets the Bucket field's value.
+func (s *GetObjectAttributesInput) SetBucket(v string) *GetObjectAttributesInput {
+	s.Bucket = &v
+	return s
+}
+
+func (s *GetObjectAttributesInput) getBucket() (v string) {
+	if s.Bucket == nil {
+		return v
+	}
+	return *s.Bucket
+}
+
+// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
+func (s *GetObjectAttributesInput) SetExpectedBucketOwner(v string) *GetObjectAttributesInput {
+	s.ExpectedBucketOwner = &v
+	return s
+}
+
+// SetKey sets the Key field's value.
+func (s *GetObjectAttributesInput) SetKey(v string) *GetObjectAttributesInput {
+	s.Key = &v
+	return s
+}
+
+// SetMaxParts sets the MaxParts field's value.
+func (s *GetObjectAttributesInput) SetMaxParts(v int64) *GetObjectAttributesInput {
+	s.MaxParts = &v
+	return s
+}
+
+// SetObjectAttributes sets the ObjectAttributes field's value.
+func (s *GetObjectAttributesInput) SetObjectAttributes(v []*string) *GetObjectAttributesInput {
+	s.ObjectAttributes = v
+	return s
+}
+
+// SetPartNumberMarker sets the PartNumberMarker field's value.
+func (s *GetObjectAttributesInput) SetPartNumberMarker(v int64) *GetObjectAttributesInput {
+	s.PartNumberMarker = &v
+	return s
+}
+
+// SetRequestPayer sets the RequestPayer field's value.
+func (s *GetObjectAttributesInput) SetRequestPayer(v string) *GetObjectAttributesInput {
+	s.RequestPayer = &v
+	return s
+}
+
+// SetSSECustomerAlgorithm sets the SSECustomerAlgorithm field's value.
+func (s *GetObjectAttributesInput) SetSSECustomerAlgorithm(v string) *GetObjectAttributesInput {
+	s.SSECustomerAlgorithm = &v
+	return s
+}
+
+// SetSSECustomerKey sets the SSECustomerKey field's value.
+func (s *GetObjectAttributesInput) SetSSECustomerKey(v string) *GetObjectAttributesInput {
+	s.SSECustomerKey = &v
+	return s
+}
+
+func (s *GetObjectAttributesInput) getSSECustomerKey() (v string) {
+	if s.SSECustomerKey == nil {
+		return v
+	}
+	return *s.SSECustomerKey
+}
+
+// SetSSECustomerKeyMD5 sets the SSECustomerKeyMD5 field's value.
+func (s *GetObjectAttributesInput) SetSSECustomerKeyMD5(v string) *GetObjectAttributesInput {
+	s.SSECustomerKeyMD5 = &v
+	return s
+}
+
+// SetVersionId sets the VersionId field's value.
+func (s *GetObjectAttributesInput) SetVersionId(v string) *GetObjectAttributesInput {
+	s.VersionId = &v
+	return s
+}
+
+func (s *GetObjectAttributesInput) getEndpointARN() (arn.Resource, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	return parseEndpointARN(*s.Bucket)
+}
+
+func (s *GetObjectAttributesInput) hasEndpointARN() bool {
+	if s.Bucket == nil {
+		return false
+	}
+	return arn.IsARN(*s.Bucket)
+}
+
+// updateArnableField updates the value of the input field that
+// takes an ARN as an input. This method is useful to backfill
+// the parsed resource name from ARN into the input member.
+// It returns a pointer to a modified copy of input and an error.
+// Note that original input is not modified.
+func (s GetObjectAttributesInput) updateArnableField(v string) (interface{}, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	s.Bucket = aws.String(v)
+	return &s, nil
+}
+
+type GetObjectAttributesOutput struct {
+	_ struct{} `type:"structure"`
+
+	// The checksum or digest of the object.
+	Checksum *Checksum `type:"structure"`
+
+	// Specifies whether the object retrieved was (true) or was not (false) a delete
+	// marker. If false, this response header does not appear in the response.
+	DeleteMarker *bool `location:"header" locationName:"x-amz-delete-marker" type:"boolean"`
+
+	// An ETag is an opaque identifier assigned by a web server to a specific version
+	// of a resource found at a URL.
+	ETag *string `type:"string"`
+
+	// The creation date of the object.
+	LastModified *time.Time `location:"header" locationName:"Last-Modified" type:"timestamp"`
+
+	// A collection of parts associated with a multipart upload.
+	ObjectParts *GetObjectAttributesParts `type:"structure"`
+
+	// The size of the object in bytes.
+	ObjectSize *int64 `type:"long"`
+
+	// If present, indicates that the requester was successfully charged for the
+	// request.
+	RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"`
+
+	// Provides the storage class information of the object. Amazon S3 returns this
+	// header for all objects except for S3 Standard storage class objects.
+	//
+	// For more information, see Storage Classes (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html).
+	StorageClass *string `type:"string" enum:"StorageClass"`
+
+	// The version ID of the object.
+	VersionId *string `location:"header" locationName:"x-amz-version-id" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetObjectAttributesOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetObjectAttributesOutput) GoString() string {
+	return s.String()
+}
+
+// SetChecksum sets the Checksum field's value.
+func (s *GetObjectAttributesOutput) SetChecksum(v *Checksum) *GetObjectAttributesOutput {
+	s.Checksum = v
+	return s
+}
+
+// SetDeleteMarker sets the DeleteMarker field's value.
+func (s *GetObjectAttributesOutput) SetDeleteMarker(v bool) *GetObjectAttributesOutput {
+	s.DeleteMarker = &v
+	return s
+}
+
+// SetETag sets the ETag field's value.
+func (s *GetObjectAttributesOutput) SetETag(v string) *GetObjectAttributesOutput {
+	s.ETag = &v
+	return s
+}
+
+// SetLastModified sets the LastModified field's value.
+func (s *GetObjectAttributesOutput) SetLastModified(v time.Time) *GetObjectAttributesOutput {
+	s.LastModified = &v
+	return s
+}
+
+// SetObjectParts sets the ObjectParts field's value.
+func (s *GetObjectAttributesOutput) SetObjectParts(v *GetObjectAttributesParts) *GetObjectAttributesOutput {
+	s.ObjectParts = v
+	return s
+}
+
+// SetObjectSize sets the ObjectSize field's value.
+func (s *GetObjectAttributesOutput) SetObjectSize(v int64) *GetObjectAttributesOutput {
+	s.ObjectSize = &v
+	return s
+}
+
+// SetRequestCharged sets the RequestCharged field's value.
+func (s *GetObjectAttributesOutput) SetRequestCharged(v string) *GetObjectAttributesOutput {
+	s.RequestCharged = &v
+	return s
+}
+
+// SetStorageClass sets the StorageClass field's value.
+func (s *GetObjectAttributesOutput) SetStorageClass(v string) *GetObjectAttributesOutput {
+	s.StorageClass = &v
+	return s
+}
+
+// SetVersionId sets the VersionId field's value.
+func (s *GetObjectAttributesOutput) SetVersionId(v string) *GetObjectAttributesOutput {
+	s.VersionId = &v
+	return s
+}
+
+// A collection of parts associated with a multipart upload.
+type GetObjectAttributesParts struct {
+	_ struct{} `type:"structure"`
+
+	// Indicates whether the returned list of parts is truncated. A value of true
+	// indicates that the list was truncated. A list can be truncated if the number
+	// of parts exceeds the limit returned in the MaxParts element.
+	IsTruncated *bool `type:"boolean"`
+
+	// The maximum number of parts allowed in the response.
+	MaxParts *int64 `type:"integer"`
+
+	// When a list is truncated, this element specifies the last part in the list,
+	// as well as the value to use for the PartNumberMarker request parameter in
+	// a subsequent request.
+	NextPartNumberMarker *int64 `type:"integer"`
+
+	// The marker for the current part.
+	PartNumberMarker *int64 `type:"integer"`
+
+	// A container for elements related to a particular part. A response can contain
+	// zero or more Parts elements.
+	Parts []*ObjectPart `locationName:"Part" type:"list" flattened:"true"`
+
+	// The total number of parts.
+	TotalPartsCount *int64 `locationName:"PartsCount" type:"integer"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetObjectAttributesParts) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetObjectAttributesParts) GoString() string {
+	return s.String()
+}
+
+// SetIsTruncated sets the IsTruncated field's value.
+func (s *GetObjectAttributesParts) SetIsTruncated(v bool) *GetObjectAttributesParts {
+	s.IsTruncated = &v
+	return s
+}
+
+// SetMaxParts sets the MaxParts field's value.
+func (s *GetObjectAttributesParts) SetMaxParts(v int64) *GetObjectAttributesParts {
+	s.MaxParts = &v
+	return s
+}
+
+// SetNextPartNumberMarker sets the NextPartNumberMarker field's value.
+func (s *GetObjectAttributesParts) SetNextPartNumberMarker(v int64) *GetObjectAttributesParts {
+	s.NextPartNumberMarker = &v
+	return s
+}
+
+// SetPartNumberMarker sets the PartNumberMarker field's value.
+func (s *GetObjectAttributesParts) SetPartNumberMarker(v int64) *GetObjectAttributesParts {
+	s.PartNumberMarker = &v
+	return s
+}
+
+// SetParts sets the Parts field's value.
+func (s *GetObjectAttributesParts) SetParts(v []*ObjectPart) *GetObjectAttributesParts {
+	s.Parts = v
+	return s
+}
+
+// SetTotalPartsCount sets the TotalPartsCount field's value.
+func (s *GetObjectAttributesParts) SetTotalPartsCount(v int64) *GetObjectAttributesParts {
+	s.TotalPartsCount = &v
+	return s
+}
+
+type GetObjectInput struct {
+	_ struct{} `locationName:"GetObjectRequest" type:"structure"`
+
+	// The bucket name containing the object.
+	//
+	// When using this action with an access point, you must direct requests to
+	// the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com.
+	// When using this action with an access point through the Amazon Web Services
+	// SDKs, you provide the access point ARN in place of the bucket name. For more
+	// information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
+	// in the Amazon S3 User Guide.
+	//
+	// When using an Object Lambda access point the hostname takes the form AccessPointName-AccountId.s3-object-lambda.Region.amazonaws.com.
+	//
+	// When you use this action with Amazon S3 on Outposts, you must direct requests
+	// to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form
+	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When
+	// you use this action with S3 on Outposts through the Amazon Web Services SDKs,
+	// you provide the Outposts access point ARN in place of the bucket name. For
+	// more information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
+	// in the Amazon S3 User Guide.
+	//
+	// Bucket is a required field
+	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
+
+	// To retrieve the checksum, this mode must be enabled.
+	//
+	// The AWS SDK for Go v1 does not support automatic response payload checksum
+	// validation. This feature is available in the AWS SDK for Go v2.
+	ChecksumMode *string `location:"header" locationName:"x-amz-checksum-mode" type:"string" enum:"ChecksumMode"`
+
+	// The account ID of the expected bucket owner. If the bucket is owned by a
+	// different account, the request fails with the HTTP status code 403 Forbidden
+	// (access denied).
+	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
+
+	// Return the object only if its entity tag (ETag) is the same as the one specified;
+	// otherwise, return a 412 (precondition failed) error.
+	IfMatch *string `location:"header" locationName:"If-Match" type:"string"`
+
+	// Return the object only if it has been modified since the specified time;
+	// otherwise, return a 304 (not modified) error.
+	IfModifiedSince *time.Time `location:"header" locationName:"If-Modified-Since" type:"timestamp"`
+
+	// Return the object only if its entity tag (ETag) is different from the one
+	// specified; otherwise, return a 304 (not modified) error.
+	IfNoneMatch *string `location:"header" locationName:"If-None-Match" type:"string"`
+
+	// Return the object only if it has not been modified since the specified time;
+	// otherwise, return a 412 (precondition failed) error.
+	IfUnmodifiedSince *time.Time `location:"header" locationName:"If-Unmodified-Since" type:"timestamp"`
+
+	// Key of the object to get.
+	//
+	// Key is a required field
+	Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"`
+
+	// Part number of the object being read. This is a positive integer between
+	// 1 and 10,000. Effectively performs a 'ranged' GET request for the part specified.
+	// Useful for downloading just a part of an object.
+	PartNumber *int64 `location:"querystring" locationName:"partNumber" type:"integer"`
+
+	// Downloads the specified range bytes of an object. For more information about
+	// the HTTP Range header, see https://www.rfc-editor.org/rfc/rfc9110.html#name-range
+	// (https://www.rfc-editor.org/rfc/rfc9110.html#name-range).
+	//
+	// Amazon S3 doesn't support retrieving multiple ranges of data per GET request.
+	Range *string `location:"header" locationName:"Range" type:"string"`
+
+	// Confirms that the requester knows that they will be charged for the request.
+	// Bucket owners need not specify this parameter in their requests. For information
+	// about downloading objects from Requester Pays buckets, see Downloading Objects
+	// in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
+	// in the Amazon S3 User Guide.
+	RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"`
+
+	// Sets the Cache-Control header of the response.
+	ResponseCacheControl *string `location:"querystring" locationName:"response-cache-control" type:"string"`
+
+	// Sets the Content-Disposition header of the response
+	ResponseContentDisposition *string `location:"querystring" locationName:"response-content-disposition" type:"string"`
+
+	// Sets the Content-Encoding header of the response.
+	ResponseContentEncoding *string `location:"querystring" locationName:"response-content-encoding" type:"string"`
+
+	// Sets the Content-Language header of the response.
+	ResponseContentLanguage *string `location:"querystring" locationName:"response-content-language" type:"string"`
+
+	// Sets the Content-Type header of the response.
+	ResponseContentType *string `location:"querystring" locationName:"response-content-type" type:"string"`
+
+	// Sets the Expires header of the response.
+	ResponseExpires *time.Time `location:"querystring" locationName:"response-expires" type:"timestamp" timestampFormat:"rfc822"`
+
+	// Specifies the algorithm to use to when decrypting the object (for example,
+	// AES256).
+	SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"`
+
+	// Specifies the customer-provided encryption key for Amazon S3 used to encrypt
+	// the data. This value is used to decrypt the object when recovering it and
+	// must match the one used when storing the data. The key must be appropriate
+	// for use with the algorithm specified in the x-amz-server-side-encryption-customer-algorithm
+	// header.
+	//
+	// SSECustomerKey is a sensitive parameter and its value will be
+	// replaced with "sensitive" in string returned by GetObjectInput's
+	// String and GoString methods.
+	SSECustomerKey *string `marshal-as:"blob" location:"header" locationName:"x-amz-server-side-encryption-customer-key" type:"string" sensitive:"true"`
+
+	// Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321.
+	// Amazon S3 uses this header for a message integrity check to ensure that the
+	// encryption key was transmitted without error.
+	SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"`
+
+	// VersionId used to reference a specific version of the object.
+	VersionId *string `location:"querystring" locationName:"versionId" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetObjectInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetObjectInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *GetObjectInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "GetObjectInput"}
+	if s.Bucket == nil {
+		invalidParams.Add(request.NewErrParamRequired("Bucket"))
+	}
+	if s.Bucket != nil && len(*s.Bucket) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+	}
+	if s.Key == nil {
+		invalidParams.Add(request.NewErrParamRequired("Key"))
+	}
+	if s.Key != nil && len(*s.Key) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Key", 1))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetBucket sets the Bucket field's value.
+func (s *GetObjectInput) SetBucket(v string) *GetObjectInput {
+	s.Bucket = &v
+	return s
+}
+
+func (s *GetObjectInput) getBucket() (v string) {
+	if s.Bucket == nil {
+		return v
+	}
+	return *s.Bucket
+}
+
+// SetChecksumMode sets the ChecksumMode field's value.
+func (s *GetObjectInput) SetChecksumMode(v string) *GetObjectInput {
+	s.ChecksumMode = &v
+	return s
+}
+
+// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
+func (s *GetObjectInput) SetExpectedBucketOwner(v string) *GetObjectInput {
+	s.ExpectedBucketOwner = &v
+	return s
+}
+
+// SetIfMatch sets the IfMatch field's value.
+func (s *GetObjectInput) SetIfMatch(v string) *GetObjectInput {
+	s.IfMatch = &v
+	return s
+}
+
+// SetIfModifiedSince sets the IfModifiedSince field's value.
+func (s *GetObjectInput) SetIfModifiedSince(v time.Time) *GetObjectInput {
+	s.IfModifiedSince = &v
+	return s
+}
+
+// SetIfNoneMatch sets the IfNoneMatch field's value.
+func (s *GetObjectInput) SetIfNoneMatch(v string) *GetObjectInput {
+	s.IfNoneMatch = &v
+	return s
+}
+
+// SetIfUnmodifiedSince sets the IfUnmodifiedSince field's value.
+func (s *GetObjectInput) SetIfUnmodifiedSince(v time.Time) *GetObjectInput {
+	s.IfUnmodifiedSince = &v
+	return s
+}
+
+// SetKey sets the Key field's value.
+func (s *GetObjectInput) SetKey(v string) *GetObjectInput {
+	s.Key = &v
+	return s
+}
+
+// SetPartNumber sets the PartNumber field's value.
+func (s *GetObjectInput) SetPartNumber(v int64) *GetObjectInput {
+	s.PartNumber = &v
+	return s
+}
+
+// SetRange sets the Range field's value.
+func (s *GetObjectInput) SetRange(v string) *GetObjectInput {
+	s.Range = &v
+	return s
+}
+
+// SetRequestPayer sets the RequestPayer field's value.
+func (s *GetObjectInput) SetRequestPayer(v string) *GetObjectInput {
+	s.RequestPayer = &v
+	return s
+}
+
+// SetResponseCacheControl sets the ResponseCacheControl field's value.
+func (s *GetObjectInput) SetResponseCacheControl(v string) *GetObjectInput {
+	s.ResponseCacheControl = &v
+	return s
+}
+
+// SetResponseContentDisposition sets the ResponseContentDisposition field's value.
+func (s *GetObjectInput) SetResponseContentDisposition(v string) *GetObjectInput {
+	s.ResponseContentDisposition = &v
+	return s
+}
+
+// SetResponseContentEncoding sets the ResponseContentEncoding field's value.
+func (s *GetObjectInput) SetResponseContentEncoding(v string) *GetObjectInput {
+	s.ResponseContentEncoding = &v
+	return s
+}
+
+// SetResponseContentLanguage sets the ResponseContentLanguage field's value.
+func (s *GetObjectInput) SetResponseContentLanguage(v string) *GetObjectInput {
+	s.ResponseContentLanguage = &v
+	return s
+}
+
+// SetResponseContentType sets the ResponseContentType field's value.
+func (s *GetObjectInput) SetResponseContentType(v string) *GetObjectInput {
+	s.ResponseContentType = &v
+	return s
+}
+
+// SetResponseExpires sets the ResponseExpires field's value.
+func (s *GetObjectInput) SetResponseExpires(v time.Time) *GetObjectInput {
+	s.ResponseExpires = &v
+	return s
+}
+
+// SetSSECustomerAlgorithm sets the SSECustomerAlgorithm field's value.
+func (s *GetObjectInput) SetSSECustomerAlgorithm(v string) *GetObjectInput {
+	s.SSECustomerAlgorithm = &v
+	return s
+}
+
+// SetSSECustomerKey sets the SSECustomerKey field's value.
+func (s *GetObjectInput) SetSSECustomerKey(v string) *GetObjectInput {
+	s.SSECustomerKey = &v
+	return s
+}
+
+func (s *GetObjectInput) getSSECustomerKey() (v string) {
+	if s.SSECustomerKey == nil {
+		return v
+	}
+	return *s.SSECustomerKey
+}
+
+// SetSSECustomerKeyMD5 sets the SSECustomerKeyMD5 field's value.
+func (s *GetObjectInput) SetSSECustomerKeyMD5(v string) *GetObjectInput {
+	s.SSECustomerKeyMD5 = &v
+	return s
+}
+
+// SetVersionId sets the VersionId field's value.
+func (s *GetObjectInput) SetVersionId(v string) *GetObjectInput {
+	s.VersionId = &v
+	return s
+}
+
+func (s *GetObjectInput) getEndpointARN() (arn.Resource, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	return parseEndpointARN(*s.Bucket)
+}
+
+func (s *GetObjectInput) hasEndpointARN() bool {
+	if s.Bucket == nil {
+		return false
+	}
+	return arn.IsARN(*s.Bucket)
+}
+
+// updateArnableField updates the value of the input field that
+// takes an ARN as an input. This method is useful to backfill
+// the parsed resource name from ARN into the input member.
+// It returns a pointer to a modified copy of input and an error.
+// Note that original input is not modified.
+func (s GetObjectInput) updateArnableField(v string) (interface{}, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	s.Bucket = aws.String(v)
+	return &s, nil
+}
+
+type GetObjectLegalHoldInput struct {
+	_ struct{} `locationName:"GetObjectLegalHoldRequest" type:"structure"`
+
+	// The bucket name containing the object whose legal hold status you want to
+	// retrieve.
+	//
+	// When using this action with an access point, you must direct requests to
+	// the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com.
+	// When using this action with an access point through the Amazon Web Services
+	// SDKs, you provide the access point ARN in place of the bucket name. For more
+	// information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
+	// in the Amazon S3 User Guide.
+	//
+	// Bucket is a required field
+	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
+
+	// The account ID of the expected bucket owner. If the bucket is owned by a
+	// different account, the request fails with the HTTP status code 403 Forbidden
+	// (access denied).
+	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
+
+	// The key name for the object whose legal hold status you want to retrieve.
+	//
+	// Key is a required field
+	Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"`
+
+	// Confirms that the requester knows that they will be charged for the request.
+	// Bucket owners need not specify this parameter in their requests. For information
+	// about downloading objects from Requester Pays buckets, see Downloading Objects
+	// in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
+	// in the Amazon S3 User Guide.
+	RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"`
+
+	// The version ID of the object whose legal hold status you want to retrieve.
+	VersionId *string `location:"querystring" locationName:"versionId" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetObjectLegalHoldInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetObjectLegalHoldInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *GetObjectLegalHoldInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "GetObjectLegalHoldInput"}
+	if s.Bucket == nil {
+		invalidParams.Add(request.NewErrParamRequired("Bucket"))
+	}
+	if s.Bucket != nil && len(*s.Bucket) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+	}
+	if s.Key == nil {
+		invalidParams.Add(request.NewErrParamRequired("Key"))
+	}
+	if s.Key != nil && len(*s.Key) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Key", 1))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetBucket sets the Bucket field's value.
+func (s *GetObjectLegalHoldInput) SetBucket(v string) *GetObjectLegalHoldInput {
+	s.Bucket = &v
+	return s
+}
+
+func (s *GetObjectLegalHoldInput) getBucket() (v string) {
+	if s.Bucket == nil {
+		return v
+	}
+	return *s.Bucket
+}
+
+// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
+func (s *GetObjectLegalHoldInput) SetExpectedBucketOwner(v string) *GetObjectLegalHoldInput {
+	s.ExpectedBucketOwner = &v
+	return s
+}
+
+// SetKey sets the Key field's value.
+func (s *GetObjectLegalHoldInput) SetKey(v string) *GetObjectLegalHoldInput {
+	s.Key = &v
+	return s
+}
+
+// SetRequestPayer sets the RequestPayer field's value.
+func (s *GetObjectLegalHoldInput) SetRequestPayer(v string) *GetObjectLegalHoldInput {
+	s.RequestPayer = &v
+	return s
+}
+
+// SetVersionId sets the VersionId field's value.
+func (s *GetObjectLegalHoldInput) SetVersionId(v string) *GetObjectLegalHoldInput {
+	s.VersionId = &v
+	return s
+}
+
+func (s *GetObjectLegalHoldInput) getEndpointARN() (arn.Resource, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	return parseEndpointARN(*s.Bucket)
+}
+
+func (s *GetObjectLegalHoldInput) hasEndpointARN() bool {
+	if s.Bucket == nil {
+		return false
+	}
+	return arn.IsARN(*s.Bucket)
+}
+
+// updateArnableField updates the value of the input field that
+// takes an ARN as an input. This method is useful to backfill
+// the parsed resource name from ARN into the input member.
+// It returns a pointer to a modified copy of input and an error.
+// Note that original input is not modified.
+func (s GetObjectLegalHoldInput) updateArnableField(v string) (interface{}, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	s.Bucket = aws.String(v)
+	return &s, nil
+}
+
+type GetObjectLegalHoldOutput struct {
+	_ struct{} `type:"structure" payload:"LegalHold"`
+
+	// The current legal hold status for the specified object.
+	LegalHold *ObjectLockLegalHold `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetObjectLegalHoldOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetObjectLegalHoldOutput) GoString() string {
+	return s.String()
+}
+
+// SetLegalHold sets the LegalHold field's value.
+func (s *GetObjectLegalHoldOutput) SetLegalHold(v *ObjectLockLegalHold) *GetObjectLegalHoldOutput {
+	s.LegalHold = v
+	return s
+}
+
+type GetObjectLockConfigurationInput struct {
+	_ struct{} `locationName:"GetObjectLockConfigurationRequest" type:"structure"`
+
+	// The bucket whose Object Lock configuration you want to retrieve.
+	//
+	// When using this action with an access point, you must direct requests to
+	// the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com.
+	// When using this action with an access point through the Amazon Web Services
+	// SDKs, you provide the access point ARN in place of the bucket name. For more
+	// information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
+	// in the Amazon S3 User Guide.
+	//
+	// Bucket is a required field
+	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
+
+	// The account ID of the expected bucket owner. If the bucket is owned by a
+	// different account, the request fails with the HTTP status code 403 Forbidden
+	// (access denied).
+	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetObjectLockConfigurationInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetObjectLockConfigurationInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *GetObjectLockConfigurationInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "GetObjectLockConfigurationInput"}
+	if s.Bucket == nil {
+		invalidParams.Add(request.NewErrParamRequired("Bucket"))
+	}
+	if s.Bucket != nil && len(*s.Bucket) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetBucket sets the Bucket field's value.
+func (s *GetObjectLockConfigurationInput) SetBucket(v string) *GetObjectLockConfigurationInput {
+	s.Bucket = &v
+	return s
+}
+
+func (s *GetObjectLockConfigurationInput) getBucket() (v string) {
+	if s.Bucket == nil {
+		return v
+	}
+	return *s.Bucket
+}
+
+// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
+func (s *GetObjectLockConfigurationInput) SetExpectedBucketOwner(v string) *GetObjectLockConfigurationInput {
+	s.ExpectedBucketOwner = &v
+	return s
+}
+
+func (s *GetObjectLockConfigurationInput) getEndpointARN() (arn.Resource, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	return parseEndpointARN(*s.Bucket)
+}
+
+func (s *GetObjectLockConfigurationInput) hasEndpointARN() bool {
+	if s.Bucket == nil {
+		return false
+	}
+	return arn.IsARN(*s.Bucket)
+}
+
+// updateArnableField updates the value of the input field that
+// takes an ARN as an input. This method is useful to backfill
+// the parsed resource name from ARN into the input member.
+// It returns a pointer to a modified copy of input and an error.
+// Note that original input is not modified.
+func (s GetObjectLockConfigurationInput) updateArnableField(v string) (interface{}, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	s.Bucket = aws.String(v)
+	return &s, nil
+}
+
+type GetObjectLockConfigurationOutput struct {
+	_ struct{} `type:"structure" payload:"ObjectLockConfiguration"`
+
+	// The specified bucket's Object Lock configuration.
+	ObjectLockConfiguration *ObjectLockConfiguration `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetObjectLockConfigurationOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetObjectLockConfigurationOutput) GoString() string {
+	return s.String()
+}
+
+// SetObjectLockConfiguration sets the ObjectLockConfiguration field's value.
+func (s *GetObjectLockConfigurationOutput) SetObjectLockConfiguration(v *ObjectLockConfiguration) *GetObjectLockConfigurationOutput {
+	s.ObjectLockConfiguration = v
+	return s
+}
+
+type GetObjectOutput struct {
+	_ struct{} `type:"structure" payload:"Body"`
+
+	// Indicates that a range of bytes was specified.
+	AcceptRanges *string `location:"header" locationName:"accept-ranges" type:"string"`
+
+	// Object data.
+	Body io.ReadCloser `type:"blob"`
+
+	// Indicates whether the object uses an S3 Bucket Key for server-side encryption
+	// with Key Management Service (KMS) keys (SSE-KMS).
+	BucketKeyEnabled *bool `location:"header" locationName:"x-amz-server-side-encryption-bucket-key-enabled" type:"boolean"`
+
+	// Specifies caching behavior along the request/reply chain.
+	CacheControl *string `location:"header" locationName:"Cache-Control" type:"string"`
+
+	// The base64-encoded, 32-bit CRC32 checksum of the object. This will only be
+	// present if it was uploaded with the object. With multipart uploads, this
+	// may not be a checksum value of the object. For more information about how
+	// checksums are calculated with multipart uploads, see Checking object integrity
+	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// in the Amazon S3 User Guide.
+	ChecksumCRC32 *string `location:"header" locationName:"x-amz-checksum-crc32" type:"string"`
+
+	// The base64-encoded, 32-bit CRC32C checksum of the object. This will only
+	// be present if it was uploaded with the object. With multipart uploads, this
+	// may not be a checksum value of the object. For more information about how
+	// checksums are calculated with multipart uploads, see Checking object integrity
+	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// in the Amazon S3 User Guide.
+	ChecksumCRC32C *string `location:"header" locationName:"x-amz-checksum-crc32c" type:"string"`
+
+	// The base64-encoded, 160-bit SHA-1 digest of the object. This will only be
+	// present if it was uploaded with the object. With multipart uploads, this
+	// may not be a checksum value of the object. For more information about how
+	// checksums are calculated with multipart uploads, see Checking object integrity
+	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// in the Amazon S3 User Guide.
+	ChecksumSHA1 *string `location:"header" locationName:"x-amz-checksum-sha1" type:"string"`
+
+	// The base64-encoded, 256-bit SHA-256 digest of the object. This will only
+	// be present if it was uploaded with the object. With multipart uploads, this
+	// may not be a checksum value of the object. For more information about how
+	// checksums are calculated with multipart uploads, see Checking object integrity
+	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// in the Amazon S3 User Guide.
+	ChecksumSHA256 *string `location:"header" locationName:"x-amz-checksum-sha256" type:"string"`
+
+	// Specifies presentational information for the object.
+	ContentDisposition *string `location:"header" locationName:"Content-Disposition" type:"string"`
+
+	// Specifies what content encodings have been applied to the object and thus
+	// what decoding mechanisms must be applied to obtain the media-type referenced
+	// by the Content-Type header field.
+	ContentEncoding *string `location:"header" locationName:"Content-Encoding" type:"string"`
+
+	// The language the content is in.
+	ContentLanguage *string `location:"header" locationName:"Content-Language" type:"string"`
+
+	// Size of the body in bytes.
+	ContentLength *int64 `location:"header" locationName:"Content-Length" type:"long"`
+
+	// The portion of the object returned in the response.
+	ContentRange *string `location:"header" locationName:"Content-Range" type:"string"`
+
+	// A standard MIME type describing the format of the object data.
+	ContentType *string `location:"header" locationName:"Content-Type" type:"string"`
+
+	// Specifies whether the object retrieved was (true) or was not (false) a Delete
+	// Marker. If false, this response header does not appear in the response.
+	DeleteMarker *bool `location:"header" locationName:"x-amz-delete-marker" type:"boolean"`
+
+	// An entity tag (ETag) is an opaque identifier assigned by a web server to
+	// a specific version of a resource found at a URL.
+	ETag *string `location:"header" locationName:"ETag" type:"string"`
+
+	// If the object expiration is configured (see PUT Bucket lifecycle), the response
+	// includes this header. It includes the expiry-date and rule-id key-value pairs
+	// providing object expiration information. The value of the rule-id is URL-encoded.
+	Expiration *string `location:"header" locationName:"x-amz-expiration" type:"string"`
+
+	// The date and time at which the object is no longer cacheable.
+	Expires *string `location:"header" locationName:"Expires" type:"string"`
+
+	// Creation date of the object.
+	LastModified *time.Time `location:"header" locationName:"Last-Modified" type:"timestamp"`
+
+	// A map of metadata to store with the object in S3.
+	//
+	// By default unmarshaled keys are written as a map keys in following canonicalized format:
+	// the first letter and any letter following a hyphen will be capitalized, and the rest as lowercase.
+	// Set `aws.Config.LowerCaseHeaderMaps` to `true` to write unmarshaled keys to the map as lowercase.
+	Metadata map[string]*string `location:"headers" locationName:"x-amz-meta-" type:"map"`
+
+	// This is set to the number of metadata entries not returned in x-amz-meta
+	// headers. This can happen if you create metadata using an API like SOAP that
+	// supports more flexible metadata than the REST API. For example, using SOAP,
+	// you can create metadata whose values are not legal HTTP headers.
+	MissingMeta *int64 `location:"header" locationName:"x-amz-missing-meta" type:"integer"`
+
+	// Indicates whether this object has an active legal hold. This field is only
+	// returned if you have permission to view an object's legal hold status.
+	ObjectLockLegalHoldStatus *string `location:"header" locationName:"x-amz-object-lock-legal-hold" type:"string" enum:"ObjectLockLegalHoldStatus"`
+
+	// The Object Lock mode currently in place for this object.
+	ObjectLockMode *string `location:"header" locationName:"x-amz-object-lock-mode" type:"string" enum:"ObjectLockMode"`
+
+	// The date and time when this object's Object Lock will expire.
+	ObjectLockRetainUntilDate *time.Time `location:"header" locationName:"x-amz-object-lock-retain-until-date" type:"timestamp" timestampFormat:"iso8601"`
+
+	// The count of parts this object has. This value is only returned if you specify
+	// partNumber in your request and the object was uploaded as a multipart upload.
+	PartsCount *int64 `location:"header" locationName:"x-amz-mp-parts-count" type:"integer"`
+
+	// Amazon S3 can return this if your request involves a bucket that is either
+	// a source or destination in a replication rule.
+	ReplicationStatus *string `location:"header" locationName:"x-amz-replication-status" type:"string" enum:"ReplicationStatus"`
+
+	// If present, indicates that the requester was successfully charged for the
+	// request.
+	RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"`
+
+	// Provides information about object restoration action and expiration time
+	// of the restored object copy.
+	Restore *string `location:"header" locationName:"x-amz-restore" type:"string"`
+
+	// If server-side encryption with a customer-provided encryption key was requested,
+	// the response will include this header confirming the encryption algorithm
+	// used.
+	SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"`
+
+	// If server-side encryption with a customer-provided encryption key was requested,
+	// the response will include this header to provide round-trip message integrity
+	// verification of the customer-provided encryption key.
+	SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"`
+
+	// If present, specifies the ID of the Key Management Service (KMS) symmetric
+	// encryption customer managed key that was used for the object.
+	//
+	// SSEKMSKeyId is a sensitive parameter and its value will be
+	// replaced with "sensitive" in string returned by GetObjectOutput's
+	// String and GoString methods.
+	SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"`
+
+	// The server-side encryption algorithm used when storing this object in Amazon
+	// S3 (for example, AES256, aws:kms, aws:kms:dsse).
+	ServerSideEncryption *string `location:"header" locationName:"x-amz-server-side-encryption" type:"string" enum:"ServerSideEncryption"`
+
+	// Provides storage class information of the object. Amazon S3 returns this
+	// header for all objects except for S3 Standard storage class objects.
+	StorageClass *string `location:"header" locationName:"x-amz-storage-class" type:"string" enum:"StorageClass"`
+
+	// The number of tags, if any, on the object.
+	TagCount *int64 `location:"header" locationName:"x-amz-tagging-count" type:"integer"`
+
+	// Version of the object.
+	VersionId *string `location:"header" locationName:"x-amz-version-id" type:"string"`
+
+	// If the bucket is configured as a website, redirects requests for this object
+	// to another object in the same bucket or to an external URL. Amazon S3 stores
+	// the value of this header in the object metadata.
+	WebsiteRedirectLocation *string `location:"header" locationName:"x-amz-website-redirect-location" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetObjectOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetObjectOutput) GoString() string {
+	return s.String()
+}
+
+// SetAcceptRanges sets the AcceptRanges field's value.
+func (s *GetObjectOutput) SetAcceptRanges(v string) *GetObjectOutput {
+	s.AcceptRanges = &v
+	return s
+}
+
+// SetBody sets the Body field's value.
+func (s *GetObjectOutput) SetBody(v io.ReadCloser) *GetObjectOutput {
+	s.Body = v
+	return s
+}
+
+// SetBucketKeyEnabled sets the BucketKeyEnabled field's value.
+func (s *GetObjectOutput) SetBucketKeyEnabled(v bool) *GetObjectOutput {
+	s.BucketKeyEnabled = &v
+	return s
+}
+
+// SetCacheControl sets the CacheControl field's value.
+func (s *GetObjectOutput) SetCacheControl(v string) *GetObjectOutput {
+	s.CacheControl = &v
+	return s
+}
+
+// SetChecksumCRC32 sets the ChecksumCRC32 field's value.
+func (s *GetObjectOutput) SetChecksumCRC32(v string) *GetObjectOutput {
+	s.ChecksumCRC32 = &v
+	return s
+}
+
+// SetChecksumCRC32C sets the ChecksumCRC32C field's value.
+func (s *GetObjectOutput) SetChecksumCRC32C(v string) *GetObjectOutput {
+	s.ChecksumCRC32C = &v
+	return s
+}
+
+// SetChecksumSHA1 sets the ChecksumSHA1 field's value.
+func (s *GetObjectOutput) SetChecksumSHA1(v string) *GetObjectOutput {
+	s.ChecksumSHA1 = &v
+	return s
+}
+
+// SetChecksumSHA256 sets the ChecksumSHA256 field's value.
+func (s *GetObjectOutput) SetChecksumSHA256(v string) *GetObjectOutput {
+	s.ChecksumSHA256 = &v
+	return s
+}
+
+// SetContentDisposition sets the ContentDisposition field's value.
+func (s *GetObjectOutput) SetContentDisposition(v string) *GetObjectOutput {
+	s.ContentDisposition = &v
+	return s
+}
+
+// SetContentEncoding sets the ContentEncoding field's value.
+func (s *GetObjectOutput) SetContentEncoding(v string) *GetObjectOutput {
+	s.ContentEncoding = &v
+	return s
+}
+
+// SetContentLanguage sets the ContentLanguage field's value.
+func (s *GetObjectOutput) SetContentLanguage(v string) *GetObjectOutput {
+	s.ContentLanguage = &v
+	return s
+}
+
+// SetContentLength sets the ContentLength field's value.
+func (s *GetObjectOutput) SetContentLength(v int64) *GetObjectOutput {
+	s.ContentLength = &v
+	return s
+}
+
+// SetContentRange sets the ContentRange field's value.
+func (s *GetObjectOutput) SetContentRange(v string) *GetObjectOutput {
+	s.ContentRange = &v
+	return s
+}
+
+// SetContentType sets the ContentType field's value.
+func (s *GetObjectOutput) SetContentType(v string) *GetObjectOutput {
+	s.ContentType = &v
+	return s
+}
+
+// SetDeleteMarker sets the DeleteMarker field's value.
+func (s *GetObjectOutput) SetDeleteMarker(v bool) *GetObjectOutput {
+	s.DeleteMarker = &v
+	return s
+}
+
+// SetETag sets the ETag field's value.
+func (s *GetObjectOutput) SetETag(v string) *GetObjectOutput {
+	s.ETag = &v
+	return s
+}
+
+// SetExpiration sets the Expiration field's value.
+func (s *GetObjectOutput) SetExpiration(v string) *GetObjectOutput {
+	s.Expiration = &v
+	return s
+}
+
+// SetExpires sets the Expires field's value.
+func (s *GetObjectOutput) SetExpires(v string) *GetObjectOutput {
+	s.Expires = &v
+	return s
+}
+
+// SetLastModified sets the LastModified field's value.
+func (s *GetObjectOutput) SetLastModified(v time.Time) *GetObjectOutput {
+	s.LastModified = &v
+	return s
+}
+
+// SetMetadata sets the Metadata field's value.
+func (s *GetObjectOutput) SetMetadata(v map[string]*string) *GetObjectOutput {
+	s.Metadata = v
+	return s
+}
+
+// SetMissingMeta sets the MissingMeta field's value.
+func (s *GetObjectOutput) SetMissingMeta(v int64) *GetObjectOutput {
+	s.MissingMeta = &v
+	return s
+}
+
+// SetObjectLockLegalHoldStatus sets the ObjectLockLegalHoldStatus field's value.
+func (s *GetObjectOutput) SetObjectLockLegalHoldStatus(v string) *GetObjectOutput {
+	s.ObjectLockLegalHoldStatus = &v
+	return s
+}
+
+// SetObjectLockMode sets the ObjectLockMode field's value.
+func (s *GetObjectOutput) SetObjectLockMode(v string) *GetObjectOutput {
+	s.ObjectLockMode = &v
+	return s
+}
+
+// SetObjectLockRetainUntilDate sets the ObjectLockRetainUntilDate field's value.
+func (s *GetObjectOutput) SetObjectLockRetainUntilDate(v time.Time) *GetObjectOutput {
+	s.ObjectLockRetainUntilDate = &v
+	return s
+}
+
+// SetPartsCount sets the PartsCount field's value.
+func (s *GetObjectOutput) SetPartsCount(v int64) *GetObjectOutput {
+	s.PartsCount = &v
+	return s
+}
+
+// SetReplicationStatus sets the ReplicationStatus field's value.
+func (s *GetObjectOutput) SetReplicationStatus(v string) *GetObjectOutput {
+	s.ReplicationStatus = &v
+	return s
+}
+
+// SetRequestCharged sets the RequestCharged field's value.
+func (s *GetObjectOutput) SetRequestCharged(v string) *GetObjectOutput {
+	s.RequestCharged = &v
+	return s
+}
+
+// SetRestore sets the Restore field's value.
+func (s *GetObjectOutput) SetRestore(v string) *GetObjectOutput {
+	s.Restore = &v
+	return s
+}
+
+// SetSSECustomerAlgorithm sets the SSECustomerAlgorithm field's value.
+func (s *GetObjectOutput) SetSSECustomerAlgorithm(v string) *GetObjectOutput {
+	s.SSECustomerAlgorithm = &v
+	return s
+}
+
+// SetSSECustomerKeyMD5 sets the SSECustomerKeyMD5 field's value.
+func (s *GetObjectOutput) SetSSECustomerKeyMD5(v string) *GetObjectOutput {
+	s.SSECustomerKeyMD5 = &v
+	return s
+}
+
+// SetSSEKMSKeyId sets the SSEKMSKeyId field's value.
+func (s *GetObjectOutput) SetSSEKMSKeyId(v string) *GetObjectOutput {
+	s.SSEKMSKeyId = &v
+	return s
+}
+
+// SetServerSideEncryption sets the ServerSideEncryption field's value.
+func (s *GetObjectOutput) SetServerSideEncryption(v string) *GetObjectOutput {
+	s.ServerSideEncryption = &v
+	return s
+}
+
+// SetStorageClass sets the StorageClass field's value.
+func (s *GetObjectOutput) SetStorageClass(v string) *GetObjectOutput {
+	s.StorageClass = &v
+	return s
+}
+
+// SetTagCount sets the TagCount field's value.
+func (s *GetObjectOutput) SetTagCount(v int64) *GetObjectOutput {
+	s.TagCount = &v
+	return s
+}
+
+// SetVersionId sets the VersionId field's value.
+func (s *GetObjectOutput) SetVersionId(v string) *GetObjectOutput {
+	s.VersionId = &v
+	return s
+}
+
+// SetWebsiteRedirectLocation sets the WebsiteRedirectLocation field's value.
+func (s *GetObjectOutput) SetWebsiteRedirectLocation(v string) *GetObjectOutput {
+	s.WebsiteRedirectLocation = &v
+	return s
+}
+
+type GetObjectRetentionInput struct {
+	_ struct{} `locationName:"GetObjectRetentionRequest" type:"structure"`
+
+	// The bucket name containing the object whose retention settings you want to
+	// retrieve.
+	//
+	// When using this action with an access point, you must direct requests to
+	// the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com.
+	// When using this action with an access point through the Amazon Web Services
+	// SDKs, you provide the access point ARN in place of the bucket name. For more
+	// information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
+	// in the Amazon S3 User Guide.
+	//
+	// Bucket is a required field
+	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
+
+	// The account ID of the expected bucket owner. If the bucket is owned by a
+	// different account, the request fails with the HTTP status code 403 Forbidden
+	// (access denied).
+	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
+
+	// The key name for the object whose retention settings you want to retrieve.
+	//
+	// Key is a required field
+	Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"`
+
+	// Confirms that the requester knows that they will be charged for the request.
+	// Bucket owners need not specify this parameter in their requests. For information
+	// about downloading objects from Requester Pays buckets, see Downloading Objects
+	// in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
+	// in the Amazon S3 User Guide.
+	RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"`
+
+	// The version ID for the object whose retention settings you want to retrieve.
+	VersionId *string `location:"querystring" locationName:"versionId" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetObjectRetentionInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetObjectRetentionInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *GetObjectRetentionInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "GetObjectRetentionInput"}
+	if s.Bucket == nil {
+		invalidParams.Add(request.NewErrParamRequired("Bucket"))
+	}
+	if s.Bucket != nil && len(*s.Bucket) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+	}
+	if s.Key == nil {
+		invalidParams.Add(request.NewErrParamRequired("Key"))
+	}
+	if s.Key != nil && len(*s.Key) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Key", 1))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetBucket sets the Bucket field's value.
+func (s *GetObjectRetentionInput) SetBucket(v string) *GetObjectRetentionInput {
+	s.Bucket = &v
+	return s
+}
+
+func (s *GetObjectRetentionInput) getBucket() (v string) {
+	if s.Bucket == nil {
+		return v
+	}
+	return *s.Bucket
+}
+
+// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
+func (s *GetObjectRetentionInput) SetExpectedBucketOwner(v string) *GetObjectRetentionInput {
+	s.ExpectedBucketOwner = &v
+	return s
+}
+
+// SetKey sets the Key field's value.
+func (s *GetObjectRetentionInput) SetKey(v string) *GetObjectRetentionInput {
+	s.Key = &v
+	return s
+}
+
+// SetRequestPayer sets the RequestPayer field's value.
+func (s *GetObjectRetentionInput) SetRequestPayer(v string) *GetObjectRetentionInput {
+	s.RequestPayer = &v
+	return s
+}
+
+// SetVersionId sets the VersionId field's value.
+func (s *GetObjectRetentionInput) SetVersionId(v string) *GetObjectRetentionInput {
+	s.VersionId = &v
+	return s
+}
+
+func (s *GetObjectRetentionInput) getEndpointARN() (arn.Resource, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	return parseEndpointARN(*s.Bucket)
+}
+
+func (s *GetObjectRetentionInput) hasEndpointARN() bool {
+	if s.Bucket == nil {
+		return false
+	}
+	return arn.IsARN(*s.Bucket)
+}
+
+// updateArnableField updates the value of the input field that
+// takes an ARN as an input. This method is useful to backfill
+// the parsed resource name from ARN into the input member.
+// It returns a pointer to a modified copy of input and an error.
+// Note that original input is not modified.
+func (s GetObjectRetentionInput) updateArnableField(v string) (interface{}, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	s.Bucket = aws.String(v)
+	return &s, nil
+}
+
+type GetObjectRetentionOutput struct {
+	_ struct{} `type:"structure" payload:"Retention"`
+
+	// The container element for an object's retention settings.
+	Retention *ObjectLockRetention `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetObjectRetentionOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetObjectRetentionOutput) GoString() string {
+	return s.String()
+}
+
+// SetRetention sets the Retention field's value.
+func (s *GetObjectRetentionOutput) SetRetention(v *ObjectLockRetention) *GetObjectRetentionOutput {
+	s.Retention = v
+	return s
+}
+
+type GetObjectTaggingInput struct {
+	_ struct{} `locationName:"GetObjectTaggingRequest" type:"structure"`
+
+	// The bucket name containing the object for which to get the tagging information.
+	//
+	// When using this action with an access point, you must direct requests to
+	// the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com.
+	// When using this action with an access point through the Amazon Web Services
+	// SDKs, you provide the access point ARN in place of the bucket name. For more
+	// information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
+	// in the Amazon S3 User Guide.
+	//
+	// When you use this action with Amazon S3 on Outposts, you must direct requests
+	// to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form
+	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When
+	// you use this action with S3 on Outposts through the Amazon Web Services SDKs,
+	// you provide the Outposts access point ARN in place of the bucket name. For
+	// more information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
+	// in the Amazon S3 User Guide.
+	//
+	// Bucket is a required field
+	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
+
+	// The account ID of the expected bucket owner. If the bucket is owned by a
+	// different account, the request fails with the HTTP status code 403 Forbidden
+	// (access denied).
+	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
+
+	// Object key for which to get the tagging information.
+	//
+	// Key is a required field
+	Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"`
+
+	// Confirms that the requester knows that they will be charged for the request.
+	// Bucket owners need not specify this parameter in their requests. For information
+	// about downloading objects from Requester Pays buckets, see Downloading Objects
+	// in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
+	// in the Amazon S3 User Guide.
+	RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"`
+
+	// The versionId of the object for which to get the tagging information.
+	VersionId *string `location:"querystring" locationName:"versionId" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetObjectTaggingInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetObjectTaggingInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *GetObjectTaggingInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "GetObjectTaggingInput"}
+	if s.Bucket == nil {
+		invalidParams.Add(request.NewErrParamRequired("Bucket"))
+	}
+	if s.Bucket != nil && len(*s.Bucket) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+	}
+	if s.Key == nil {
+		invalidParams.Add(request.NewErrParamRequired("Key"))
+	}
+	if s.Key != nil && len(*s.Key) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Key", 1))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetBucket sets the Bucket field's value.
+func (s *GetObjectTaggingInput) SetBucket(v string) *GetObjectTaggingInput {
+	s.Bucket = &v
+	return s
+}
+
+func (s *GetObjectTaggingInput) getBucket() (v string) {
+	if s.Bucket == nil {
+		return v
+	}
+	return *s.Bucket
+}
+
+// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
+func (s *GetObjectTaggingInput) SetExpectedBucketOwner(v string) *GetObjectTaggingInput {
+	s.ExpectedBucketOwner = &v
+	return s
+}
+
+// SetKey sets the Key field's value.
+func (s *GetObjectTaggingInput) SetKey(v string) *GetObjectTaggingInput {
+	s.Key = &v
+	return s
+}
+
+// SetRequestPayer sets the RequestPayer field's value.
+func (s *GetObjectTaggingInput) SetRequestPayer(v string) *GetObjectTaggingInput {
+	s.RequestPayer = &v
+	return s
+}
+
+// SetVersionId sets the VersionId field's value.
+func (s *GetObjectTaggingInput) SetVersionId(v string) *GetObjectTaggingInput {
+	s.VersionId = &v
+	return s
+}
+
+func (s *GetObjectTaggingInput) getEndpointARN() (arn.Resource, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	return parseEndpointARN(*s.Bucket)
+}
+
+func (s *GetObjectTaggingInput) hasEndpointARN() bool {
+	if s.Bucket == nil {
+		return false
+	}
+	return arn.IsARN(*s.Bucket)
+}
+
+// updateArnableField updates the value of the input field that
+// takes an ARN as an input. This method is useful to backfill
+// the parsed resource name from ARN into the input member.
+// It returns a pointer to a modified copy of input and an error.
+// Note that original input is not modified.
+func (s GetObjectTaggingInput) updateArnableField(v string) (interface{}, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	s.Bucket = aws.String(v)
+	return &s, nil
+}
+
+type GetObjectTaggingOutput struct {
+	_ struct{} `type:"structure"`
+
+	// Contains the tag set.
+	//
+	// TagSet is a required field
+	TagSet []*Tag `locationNameList:"Tag" type:"list" required:"true"`
+
+	// The versionId of the object for which you got the tagging information.
+	VersionId *string `location:"header" locationName:"x-amz-version-id" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetObjectTaggingOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetObjectTaggingOutput) GoString() string {
+	return s.String()
+}
+
+// SetTagSet sets the TagSet field's value.
+func (s *GetObjectTaggingOutput) SetTagSet(v []*Tag) *GetObjectTaggingOutput {
+	s.TagSet = v
+	return s
+}
+
+// SetVersionId sets the VersionId field's value.
+func (s *GetObjectTaggingOutput) SetVersionId(v string) *GetObjectTaggingOutput {
+	s.VersionId = &v
+	return s
+}
+
+type GetObjectTorrentInput struct {
+	_ struct{} `locationName:"GetObjectTorrentRequest" type:"structure"`
+
+	// The name of the bucket containing the object for which to get the torrent
+	// files.
+	//
+	// Bucket is a required field
+	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
+
+	// The account ID of the expected bucket owner. If the bucket is owned by a
+	// different account, the request fails with the HTTP status code 403 Forbidden
+	// (access denied).
+	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
+
+	// The object key for which to get the information.
+	//
+	// Key is a required field
+	Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"`
+
+	// Confirms that the requester knows that they will be charged for the request.
+	// Bucket owners need not specify this parameter in their requests. For information
+	// about downloading objects from Requester Pays buckets, see Downloading Objects
+	// in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
+	// in the Amazon S3 User Guide.
+	RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetObjectTorrentInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetObjectTorrentInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *GetObjectTorrentInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "GetObjectTorrentInput"}
+	if s.Bucket == nil {
+		invalidParams.Add(request.NewErrParamRequired("Bucket"))
+	}
+	if s.Bucket != nil && len(*s.Bucket) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+	}
+	if s.Key == nil {
+		invalidParams.Add(request.NewErrParamRequired("Key"))
+	}
+	if s.Key != nil && len(*s.Key) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Key", 1))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetBucket sets the Bucket field's value.
+func (s *GetObjectTorrentInput) SetBucket(v string) *GetObjectTorrentInput {
+	s.Bucket = &v
+	return s
+}
+
+func (s *GetObjectTorrentInput) getBucket() (v string) {
+	if s.Bucket == nil {
+		return v
+	}
+	return *s.Bucket
+}
+
+// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
+func (s *GetObjectTorrentInput) SetExpectedBucketOwner(v string) *GetObjectTorrentInput {
+	s.ExpectedBucketOwner = &v
+	return s
+}
+
+// SetKey sets the Key field's value.
+func (s *GetObjectTorrentInput) SetKey(v string) *GetObjectTorrentInput {
+	s.Key = &v
+	return s
+}
+
+// SetRequestPayer sets the RequestPayer field's value.
+func (s *GetObjectTorrentInput) SetRequestPayer(v string) *GetObjectTorrentInput {
+	s.RequestPayer = &v
+	return s
+}
+
+func (s *GetObjectTorrentInput) getEndpointARN() (arn.Resource, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	return parseEndpointARN(*s.Bucket)
+}
+
+func (s *GetObjectTorrentInput) hasEndpointARN() bool {
+	if s.Bucket == nil {
+		return false
+	}
+	return arn.IsARN(*s.Bucket)
+}
+
+// updateArnableField updates the value of the input field that
+// takes an ARN as an input. This method is useful to backfill
+// the parsed resource name from ARN into the input member.
+// It returns a pointer to a modified copy of input and an error.
+// Note that original input is not modified.
+func (s GetObjectTorrentInput) updateArnableField(v string) (interface{}, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	s.Bucket = aws.String(v)
+	return &s, nil
+}
+
+type GetObjectTorrentOutput struct {
+	_ struct{} `type:"structure" payload:"Body"`
+
+	// A Bencoded dictionary as defined by the BitTorrent specification
+	Body io.ReadCloser `type:"blob"`
+
+	// If present, indicates that the requester was successfully charged for the
+	// request.
+	RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetObjectTorrentOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetObjectTorrentOutput) GoString() string {
+	return s.String()
+}
+
+// SetBody sets the Body field's value.
+func (s *GetObjectTorrentOutput) SetBody(v io.ReadCloser) *GetObjectTorrentOutput {
+	s.Body = v
+	return s
+}
+
+// SetRequestCharged sets the RequestCharged field's value.
+func (s *GetObjectTorrentOutput) SetRequestCharged(v string) *GetObjectTorrentOutput {
+	s.RequestCharged = &v
+	return s
+}
+
+type GetPublicAccessBlockInput struct {
+	_ struct{} `locationName:"GetPublicAccessBlockRequest" type:"structure"`
+
+	// The name of the Amazon S3 bucket whose PublicAccessBlock configuration you
+	// want to retrieve.
+	//
+	// Bucket is a required field
+	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
+
+	// The account ID of the expected bucket owner. If the bucket is owned by a
+	// different account, the request fails with the HTTP status code 403 Forbidden
+	// (access denied).
+	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetPublicAccessBlockInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetPublicAccessBlockInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *GetPublicAccessBlockInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "GetPublicAccessBlockInput"}
+	if s.Bucket == nil {
+		invalidParams.Add(request.NewErrParamRequired("Bucket"))
+	}
+	if s.Bucket != nil && len(*s.Bucket) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetBucket sets the Bucket field's value.
+func (s *GetPublicAccessBlockInput) SetBucket(v string) *GetPublicAccessBlockInput {
+	s.Bucket = &v
+	return s
+}
+
+func (s *GetPublicAccessBlockInput) getBucket() (v string) {
+	if s.Bucket == nil {
+		return v
+	}
+	return *s.Bucket
+}
+
+// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
+func (s *GetPublicAccessBlockInput) SetExpectedBucketOwner(v string) *GetPublicAccessBlockInput {
+	s.ExpectedBucketOwner = &v
+	return s
+}
+
+func (s *GetPublicAccessBlockInput) getEndpointARN() (arn.Resource, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	return parseEndpointARN(*s.Bucket)
+}
+
+func (s *GetPublicAccessBlockInput) hasEndpointARN() bool {
+	if s.Bucket == nil {
+		return false
+	}
+	return arn.IsARN(*s.Bucket)
+}
+
+// updateArnableField updates the value of the input field that
+// takes an ARN as an input. This method is useful to backfill
+// the parsed resource name from ARN into the input member.
+// It returns a pointer to a modified copy of input and an error.
+// Note that original input is not modified.
+func (s GetPublicAccessBlockInput) updateArnableField(v string) (interface{}, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	s.Bucket = aws.String(v)
+	return &s, nil
+}
+
+type GetPublicAccessBlockOutput struct {
+	_ struct{} `type:"structure" payload:"PublicAccessBlockConfiguration"`
+
+	// The PublicAccessBlock configuration currently in effect for this Amazon S3
+	// bucket.
+	PublicAccessBlockConfiguration *PublicAccessBlockConfiguration `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetPublicAccessBlockOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetPublicAccessBlockOutput) GoString() string {
+	return s.String()
+}
+
+// SetPublicAccessBlockConfiguration sets the PublicAccessBlockConfiguration field's value.
+func (s *GetPublicAccessBlockOutput) SetPublicAccessBlockConfiguration(v *PublicAccessBlockConfiguration) *GetPublicAccessBlockOutput {
+	s.PublicAccessBlockConfiguration = v
+	return s
+}
+
+// Container for S3 Glacier job parameters.
+type GlacierJobParameters struct {
+	_ struct{} `type:"structure"`
+
+	// Retrieval tier at which the restore will be processed.
+	//
+	// Tier is a required field
+	Tier *string `type:"string" required:"true" enum:"Tier"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GlacierJobParameters) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GlacierJobParameters) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *GlacierJobParameters) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "GlacierJobParameters"}
+	if s.Tier == nil {
+		invalidParams.Add(request.NewErrParamRequired("Tier"))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetTier sets the Tier field's value.
+func (s *GlacierJobParameters) SetTier(v string) *GlacierJobParameters {
+	s.Tier = &v
+	return s
+}
+
+// Container for grant information.
+type Grant struct {
+	_ struct{} `type:"structure"`
+
+	// The person being granted permissions.
+	Grantee *Grantee `type:"structure" xmlPrefix:"xsi" xmlURI:"http://www.w3.org/2001/XMLSchema-instance"`
+
+	// Specifies the permission given to the grantee.
+	Permission *string `type:"string" enum:"Permission"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s Grant) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s Grant) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *Grant) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "Grant"}
+	if s.Grantee != nil {
+		if err := s.Grantee.Validate(); err != nil {
+			invalidParams.AddNested("Grantee", err.(request.ErrInvalidParams))
+		}
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetGrantee sets the Grantee field's value.
+func (s *Grant) SetGrantee(v *Grantee) *Grant {
+	s.Grantee = v
+	return s
+}
+
+// SetPermission sets the Permission field's value.
+func (s *Grant) SetPermission(v string) *Grant {
+	s.Permission = &v
+	return s
+}
+
+// Container for the person being granted permissions.
+type Grantee struct {
+	_ struct{} `type:"structure" xmlPrefix:"xsi" xmlURI:"http://www.w3.org/2001/XMLSchema-instance"`
+
+	// Screen name of the grantee.
+	DisplayName *string `type:"string"`
+
+	// Email address of the grantee.
+	//
+	// Using email addresses to specify a grantee is only supported in the following
+	// Amazon Web Services Regions:
+	//
+	//    * US East (N. Virginia)
+	//
+	//    * US West (N. California)
+	//
+	//    * US West (Oregon)
+	//
+	//    * Asia Pacific (Singapore)
+	//
+	//    * Asia Pacific (Sydney)
+	//
+	//    * Asia Pacific (Tokyo)
+	//
+	//    * Europe (Ireland)
+	//
+	//    * South America (São Paulo)
+	//
+	// For a list of all the Amazon S3 supported Regions and endpoints, see Regions
+	// and Endpoints (https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region)
+	// in the Amazon Web Services General Reference.
+	EmailAddress *string `type:"string"`
+
+	// The canonical user ID of the grantee.
+	ID *string `type:"string"`
+
+	// Type of grantee
+	//
+	// Type is a required field
+	Type *string `locationName:"xsi:type" type:"string" xmlAttribute:"true" required:"true" enum:"Type"`
+
+	// URI of the grantee group.
+	URI *string `type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s Grantee) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s Grantee) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *Grantee) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "Grantee"}
+	if s.Type == nil {
+		invalidParams.Add(request.NewErrParamRequired("Type"))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetDisplayName sets the DisplayName field's value.
+func (s *Grantee) SetDisplayName(v string) *Grantee {
+	s.DisplayName = &v
+	return s
+}
+
+// SetEmailAddress sets the EmailAddress field's value.
+func (s *Grantee) SetEmailAddress(v string) *Grantee {
+	s.EmailAddress = &v
+	return s
+}
+
+// SetID sets the ID field's value.
+func (s *Grantee) SetID(v string) *Grantee {
+	s.ID = &v
+	return s
+}
+
+// SetType sets the Type field's value.
+func (s *Grantee) SetType(v string) *Grantee {
+	s.Type = &v
+	return s
+}
+
+// SetURI sets the URI field's value.
+func (s *Grantee) SetURI(v string) *Grantee {
+	s.URI = &v
+	return s
+}
+
+type HeadBucketInput struct {
+	_ struct{} `locationName:"HeadBucketRequest" type:"structure"`
+
+	// The bucket name.
+	//
+	// When using this action with an access point, you must direct requests to
+	// the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com.
+	// When using this action with an access point through the Amazon Web Services
+	// SDKs, you provide the access point ARN in place of the bucket name. For more
+	// information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
+	// in the Amazon S3 User Guide.
+	//
+	// When you use this action with an Object Lambda access point, provide the
+	// alias of the Object Lambda access point in place of the bucket name. If the
+	// Object Lambda access point alias in a request is not valid, the error code
+	// InvalidAccessPointAliasError is returned. For more information about InvalidAccessPointAliasError,
+	// see List of Error Codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList).
+	//
+	// When you use this action with Amazon S3 on Outposts, you must direct requests
+	// to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form
+	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When
+	// you use this action with S3 on Outposts through the Amazon Web Services SDKs,
+	// you provide the Outposts access point ARN in place of the bucket name. For
+	// more information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
+	// in the Amazon S3 User Guide.
+	//
+	// Bucket is a required field
+	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
+
+	// The account ID of the expected bucket owner. If the bucket is owned by a
+	// different account, the request fails with the HTTP status code 403 Forbidden
+	// (access denied).
+	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s HeadBucketInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s HeadBucketInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *HeadBucketInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "HeadBucketInput"}
+	if s.Bucket == nil {
+		invalidParams.Add(request.NewErrParamRequired("Bucket"))
+	}
+	if s.Bucket != nil && len(*s.Bucket) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetBucket sets the Bucket field's value.
+func (s *HeadBucketInput) SetBucket(v string) *HeadBucketInput {
+	s.Bucket = &v
+	return s
+}
+
+func (s *HeadBucketInput) getBucket() (v string) {
+	if s.Bucket == nil {
+		return v
+	}
+	return *s.Bucket
+}
+
+// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
+func (s *HeadBucketInput) SetExpectedBucketOwner(v string) *HeadBucketInput {
+	s.ExpectedBucketOwner = &v
+	return s
+}
+
+func (s *HeadBucketInput) getEndpointARN() (arn.Resource, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	return parseEndpointARN(*s.Bucket)
+}
+
+func (s *HeadBucketInput) hasEndpointARN() bool {
+	if s.Bucket == nil {
+		return false
+	}
+	return arn.IsARN(*s.Bucket)
+}
+
+// updateArnableField updates the value of the input field that
+// takes an ARN as an input. This method is useful to backfill
+// the parsed resource name from ARN into the input member.
+// It returns a pointer to a modified copy of input and an error.
+// Note that original input is not modified.
+func (s HeadBucketInput) updateArnableField(v string) (interface{}, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	s.Bucket = aws.String(v)
+	return &s, nil
+}
+
+type HeadBucketOutput struct {
+	_ struct{} `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s HeadBucketOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s HeadBucketOutput) GoString() string {
+	return s.String()
+}
+
+type HeadObjectInput struct {
+	_ struct{} `locationName:"HeadObjectRequest" type:"structure"`
+
+	// The name of the bucket containing the object.
+	//
+	// When using this action with an access point, you must direct requests to
+	// the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com.
+	// When using this action with an access point through the Amazon Web Services
+	// SDKs, you provide the access point ARN in place of the bucket name. For more
+	// information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
+	// in the Amazon S3 User Guide.
+	//
+	// When you use this action with Amazon S3 on Outposts, you must direct requests
+	// to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form
+	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When
+	// you use this action with S3 on Outposts through the Amazon Web Services SDKs,
+	// you provide the Outposts access point ARN in place of the bucket name. For
+	// more information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
+	// in the Amazon S3 User Guide.
+	//
+	// Bucket is a required field
+	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
+
+	// To retrieve the checksum, this parameter must be enabled.
+	//
+	// In addition, if you enable ChecksumMode and the object is encrypted with
+	// Amazon Web Services Key Management Service (Amazon Web Services KMS), you
+	// must have permission to use the kms:Decrypt action for the request to succeed.
+	ChecksumMode *string `location:"header" locationName:"x-amz-checksum-mode" type:"string" enum:"ChecksumMode"`
+
+	// The account ID of the expected bucket owner. If the bucket is owned by a
+	// different account, the request fails with the HTTP status code 403 Forbidden
+	// (access denied).
+	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
+
+	// Return the object only if its entity tag (ETag) is the same as the one specified;
+	// otherwise, return a 412 (precondition failed) error.
+	IfMatch *string `location:"header" locationName:"If-Match" type:"string"`
+
+	// Return the object only if it has been modified since the specified time;
+	// otherwise, return a 304 (not modified) error.
+	IfModifiedSince *time.Time `location:"header" locationName:"If-Modified-Since" type:"timestamp"`
+
+	// Return the object only if its entity tag (ETag) is different from the one
+	// specified; otherwise, return a 304 (not modified) error.
+	IfNoneMatch *string `location:"header" locationName:"If-None-Match" type:"string"`
+
+	// Return the object only if it has not been modified since the specified time;
+	// otherwise, return a 412 (precondition failed) error.
+	IfUnmodifiedSince *time.Time `location:"header" locationName:"If-Unmodified-Since" type:"timestamp"`
+
+	// The object key.
+	//
+	// Key is a required field
+	Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"`
+
+	// Part number of the object being read. This is a positive integer between
+	// 1 and 10,000. Effectively performs a 'ranged' HEAD request for the part specified.
+	// Useful querying about the size of the part and the number of parts in this
+	// object.
+	PartNumber *int64 `location:"querystring" locationName:"partNumber" type:"integer"`
+
+	// HeadObject returns only the metadata for an object. If the Range is satisfiable,
+	// only the ContentLength is affected in the response. If the Range is not satisfiable,
+	// S3 returns a 416 - Requested Range Not Satisfiable error.
+	Range *string `location:"header" locationName:"Range" type:"string"`
+
+	// Confirms that the requester knows that they will be charged for the request.
+	// Bucket owners need not specify this parameter in their requests. For information
+	// about downloading objects from Requester Pays buckets, see Downloading Objects
+	// in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
+	// in the Amazon S3 User Guide.
+	RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"`
+
+	// Specifies the algorithm to use to when encrypting the object (for example,
+	// AES256).
+	SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"`
+
+	// Specifies the customer-provided encryption key for Amazon S3 to use in encrypting
+	// data. This value is used to store the object and then it is discarded; Amazon
+	// S3 does not store the encryption key. The key must be appropriate for use
+	// with the algorithm specified in the x-amz-server-side-encryption-customer-algorithm
+	// header.
+	//
+	// SSECustomerKey is a sensitive parameter and its value will be
+	// replaced with "sensitive" in string returned by HeadObjectInput's
+	// String and GoString methods.
+	SSECustomerKey *string `marshal-as:"blob" location:"header" locationName:"x-amz-server-side-encryption-customer-key" type:"string" sensitive:"true"`
+
+	// Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321.
+	// Amazon S3 uses this header for a message integrity check to ensure that the
+	// encryption key was transmitted without error.
+	SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"`
+
+	// VersionId used to reference a specific version of the object.
+	VersionId *string `location:"querystring" locationName:"versionId" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s HeadObjectInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s HeadObjectInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *HeadObjectInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "HeadObjectInput"}
+	if s.Bucket == nil {
+		invalidParams.Add(request.NewErrParamRequired("Bucket"))
+	}
+	if s.Bucket != nil && len(*s.Bucket) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+	}
+	if s.Key == nil {
+		invalidParams.Add(request.NewErrParamRequired("Key"))
+	}
+	if s.Key != nil && len(*s.Key) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Key", 1))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetBucket sets the Bucket field's value.
+func (s *HeadObjectInput) SetBucket(v string) *HeadObjectInput {
+	s.Bucket = &v
+	return s
+}
+
+func (s *HeadObjectInput) getBucket() (v string) {
+	if s.Bucket == nil {
+		return v
+	}
+	return *s.Bucket
+}
+
+// SetChecksumMode sets the ChecksumMode field's value.
+func (s *HeadObjectInput) SetChecksumMode(v string) *HeadObjectInput {
+	s.ChecksumMode = &v
+	return s
+}
+
+// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
+func (s *HeadObjectInput) SetExpectedBucketOwner(v string) *HeadObjectInput {
+	s.ExpectedBucketOwner = &v
+	return s
+}
+
+// SetIfMatch sets the IfMatch field's value.
+func (s *HeadObjectInput) SetIfMatch(v string) *HeadObjectInput {
+	s.IfMatch = &v
+	return s
+}
+
+// SetIfModifiedSince sets the IfModifiedSince field's value.
+func (s *HeadObjectInput) SetIfModifiedSince(v time.Time) *HeadObjectInput {
+	s.IfModifiedSince = &v
+	return s
+}
+
+// SetIfNoneMatch sets the IfNoneMatch field's value.
+func (s *HeadObjectInput) SetIfNoneMatch(v string) *HeadObjectInput {
+	s.IfNoneMatch = &v
+	return s
+}
+
+// SetIfUnmodifiedSince sets the IfUnmodifiedSince field's value.
+func (s *HeadObjectInput) SetIfUnmodifiedSince(v time.Time) *HeadObjectInput {
+	s.IfUnmodifiedSince = &v
+	return s
+}
+
+// SetKey sets the Key field's value.
+func (s *HeadObjectInput) SetKey(v string) *HeadObjectInput {
+	s.Key = &v
+	return s
+}
+
+// SetPartNumber sets the PartNumber field's value.
+func (s *HeadObjectInput) SetPartNumber(v int64) *HeadObjectInput {
+	s.PartNumber = &v
+	return s
+}
+
+// SetRange sets the Range field's value.
+func (s *HeadObjectInput) SetRange(v string) *HeadObjectInput {
+	s.Range = &v
+	return s
+}
+
+// SetRequestPayer sets the RequestPayer field's value.
+func (s *HeadObjectInput) SetRequestPayer(v string) *HeadObjectInput {
+	s.RequestPayer = &v
+	return s
+}
+
+// SetSSECustomerAlgorithm sets the SSECustomerAlgorithm field's value.
+func (s *HeadObjectInput) SetSSECustomerAlgorithm(v string) *HeadObjectInput {
+	s.SSECustomerAlgorithm = &v
+	return s
+}
+
+// SetSSECustomerKey sets the SSECustomerKey field's value.
+func (s *HeadObjectInput) SetSSECustomerKey(v string) *HeadObjectInput {
+	s.SSECustomerKey = &v
+	return s
+}
+
+func (s *HeadObjectInput) getSSECustomerKey() (v string) {
+	if s.SSECustomerKey == nil {
+		return v
+	}
+	return *s.SSECustomerKey
+}
+
+// SetSSECustomerKeyMD5 sets the SSECustomerKeyMD5 field's value.
+func (s *HeadObjectInput) SetSSECustomerKeyMD5(v string) *HeadObjectInput {
+	s.SSECustomerKeyMD5 = &v
+	return s
+}
+
+// SetVersionId sets the VersionId field's value.
+func (s *HeadObjectInput) SetVersionId(v string) *HeadObjectInput {
+	s.VersionId = &v
+	return s
+}
+
+func (s *HeadObjectInput) getEndpointARN() (arn.Resource, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	return parseEndpointARN(*s.Bucket)
+}
+
+func (s *HeadObjectInput) hasEndpointARN() bool {
+	if s.Bucket == nil {
+		return false
+	}
+	return arn.IsARN(*s.Bucket)
+}
+
+// updateArnableField updates the value of the input field that
+// takes an ARN as an input. This method is useful to backfill
+// the parsed resource name from ARN into the input member.
+// It returns a pointer to a modified copy of input and an error.
+// Note that original input is not modified.
+func (s HeadObjectInput) updateArnableField(v string) (interface{}, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	s.Bucket = aws.String(v)
+	return &s, nil
+}
+
+type HeadObjectOutput struct {
+	_ struct{} `type:"structure"`
+
+	// Indicates that a range of bytes was specified.
+	AcceptRanges *string `location:"header" locationName:"accept-ranges" type:"string"`
+
+	// The archive state of the head object.
+	ArchiveStatus *string `location:"header" locationName:"x-amz-archive-status" type:"string" enum:"ArchiveStatus"`
+
+	// Indicates whether the object uses an S3 Bucket Key for server-side encryption
+	// with Key Management Service (KMS) keys (SSE-KMS).
+	BucketKeyEnabled *bool `location:"header" locationName:"x-amz-server-side-encryption-bucket-key-enabled" type:"boolean"`
+
+	// Specifies caching behavior along the request/reply chain.
+	CacheControl *string `location:"header" locationName:"Cache-Control" type:"string"`
+
+	// The base64-encoded, 32-bit CRC32 checksum of the object. This will only be
+	// present if it was uploaded with the object. With multipart uploads, this
+	// may not be a checksum value of the object. For more information about how
+	// checksums are calculated with multipart uploads, see Checking object integrity
+	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// in the Amazon S3 User Guide.
+	ChecksumCRC32 *string `location:"header" locationName:"x-amz-checksum-crc32" type:"string"`
+
+	// The base64-encoded, 32-bit CRC32C checksum of the object. This will only
+	// be present if it was uploaded with the object. With multipart uploads, this
+	// may not be a checksum value of the object. For more information about how
+	// checksums are calculated with multipart uploads, see Checking object integrity
+	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// in the Amazon S3 User Guide.
+	ChecksumCRC32C *string `location:"header" locationName:"x-amz-checksum-crc32c" type:"string"`
+
+	// The base64-encoded, 160-bit SHA-1 digest of the object. This will only be
+	// present if it was uploaded with the object. With multipart uploads, this
+	// may not be a checksum value of the object. For more information about how
+	// checksums are calculated with multipart uploads, see Checking object integrity
+	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// in the Amazon S3 User Guide.
+	ChecksumSHA1 *string `location:"header" locationName:"x-amz-checksum-sha1" type:"string"`
+
+	// The base64-encoded, 256-bit SHA-256 digest of the object. This will only
+	// be present if it was uploaded with the object. With multipart uploads, this
+	// may not be a checksum value of the object. For more information about how
+	// checksums are calculated with multipart uploads, see Checking object integrity
+	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// in the Amazon S3 User Guide.
+	ChecksumSHA256 *string `location:"header" locationName:"x-amz-checksum-sha256" type:"string"`
+
+	// Specifies presentational information for the object.
+	ContentDisposition *string `location:"header" locationName:"Content-Disposition" type:"string"`
+
+	// Specifies what content encodings have been applied to the object and thus
+	// what decoding mechanisms must be applied to obtain the media-type referenced
+	// by the Content-Type header field.
+	ContentEncoding *string `location:"header" locationName:"Content-Encoding" type:"string"`
+
+	// The language the content is in.
+	ContentLanguage *string `location:"header" locationName:"Content-Language" type:"string"`
+
+	// Size of the body in bytes.
+	ContentLength *int64 `location:"header" locationName:"Content-Length" type:"long"`
+
+	// A standard MIME type describing the format of the object data.
+	ContentType *string `location:"header" locationName:"Content-Type" type:"string"`
+
+	// Specifies whether the object retrieved was (true) or was not (false) a Delete
+	// Marker. If false, this response header does not appear in the response.
+	DeleteMarker *bool `location:"header" locationName:"x-amz-delete-marker" type:"boolean"`
+
+	// An entity tag (ETag) is an opaque identifier assigned by a web server to
+	// a specific version of a resource found at a URL.
+	ETag *string `location:"header" locationName:"ETag" type:"string"`
+
+	// If the object expiration is configured (see PUT Bucket lifecycle), the response
+	// includes this header. It includes the expiry-date and rule-id key-value pairs
+	// providing object expiration information. The value of the rule-id is URL-encoded.
+	Expiration *string `location:"header" locationName:"x-amz-expiration" type:"string"`
+
+	// The date and time at which the object is no longer cacheable.
+	Expires *string `location:"header" locationName:"Expires" type:"string"`
+
+	// Creation date of the object.
+	LastModified *time.Time `location:"header" locationName:"Last-Modified" type:"timestamp"`
+
+	// A map of metadata to store with the object in S3.
+	//
+	// By default unmarshaled keys are written as a map keys in following canonicalized format:
+	// the first letter and any letter following a hyphen will be capitalized, and the rest as lowercase.
+	// Set `aws.Config.LowerCaseHeaderMaps` to `true` to write unmarshaled keys to the map as lowercase.
+	Metadata map[string]*string `location:"headers" locationName:"x-amz-meta-" type:"map"`
+
+	// This is set to the number of metadata entries not returned in x-amz-meta
+	// headers. This can happen if you create metadata using an API like SOAP that
+	// supports more flexible metadata than the REST API. For example, using SOAP,
+	// you can create metadata whose values are not legal HTTP headers.
+	MissingMeta *int64 `location:"header" locationName:"x-amz-missing-meta" type:"integer"`
+
+	// Specifies whether a legal hold is in effect for this object. This header
+	// is only returned if the requester has the s3:GetObjectLegalHold permission.
+	// This header is not returned if the specified version of this object has never
+	// had a legal hold applied. For more information about S3 Object Lock, see
+	// Object Lock (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html).
+	ObjectLockLegalHoldStatus *string `location:"header" locationName:"x-amz-object-lock-legal-hold" type:"string" enum:"ObjectLockLegalHoldStatus"`
+
+	// The Object Lock mode, if any, that's in effect for this object. This header
+	// is only returned if the requester has the s3:GetObjectRetention permission.
+	// For more information about S3 Object Lock, see Object Lock (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html).
+	ObjectLockMode *string `location:"header" locationName:"x-amz-object-lock-mode" type:"string" enum:"ObjectLockMode"`
+
+	// The date and time when the Object Lock retention period expires. This header
+	// is only returned if the requester has the s3:GetObjectRetention permission.
+	ObjectLockRetainUntilDate *time.Time `location:"header" locationName:"x-amz-object-lock-retain-until-date" type:"timestamp" timestampFormat:"iso8601"`
+
+	// The count of parts this object has. This value is only returned if you specify
+	// partNumber in your request and the object was uploaded as a multipart upload.
+	PartsCount *int64 `location:"header" locationName:"x-amz-mp-parts-count" type:"integer"`
+
+	// Amazon S3 can return this header if your request involves a bucket that is
+	// either a source or a destination in a replication rule.
+	//
+	// In replication, you have a source bucket on which you configure replication
+	// and destination bucket or buckets where Amazon S3 stores object replicas.
+	// When you request an object (GetObject) or object metadata (HeadObject) from
+	// these buckets, Amazon S3 will return the x-amz-replication-status header
+	// in the response as follows:
+	//
+	//    * If requesting an object from the source bucket, Amazon S3 will return
+	//    the x-amz-replication-status header if the object in your request is eligible
+	//    for replication. For example, suppose that in your replication configuration,
+	//    you specify object prefix TaxDocs requesting Amazon S3 to replicate objects
+	//    with key prefix TaxDocs. Any objects you upload with this key name prefix,
+	//    for example TaxDocs/document1.pdf, are eligible for replication. For any
+	//    object request with this key name prefix, Amazon S3 will return the x-amz-replication-status
+	//    header with value PENDING, COMPLETED or FAILED indicating object replication
+	//    status.
+	//
+	//    * If requesting an object from a destination bucket, Amazon S3 will return
+	//    the x-amz-replication-status header with value REPLICA if the object in
+	//    your request is a replica that Amazon S3 created and there is no replica
+	//    modification replication in progress.
+	//
+	//    * When replicating objects to multiple destination buckets, the x-amz-replication-status
+	//    header acts differently. The header of the source object will only return
+	//    a value of COMPLETED when replication is successful to all destinations.
+	//    The header will remain at value PENDING until replication has completed
+	//    for all destinations. If one or more destinations fails replication the
+	//    header will return FAILED.
+	//
+	// For more information, see Replication (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html).
+	ReplicationStatus *string `location:"header" locationName:"x-amz-replication-status" type:"string" enum:"ReplicationStatus"`
+
+	// If present, indicates that the requester was successfully charged for the
+	// request.
+	RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"`
+
+	// If the object is an archived object (an object whose storage class is GLACIER),
+	// the response includes this header if either the archive restoration is in
+	// progress (see RestoreObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_RestoreObject.html)
+	// or an archive copy is already restored.
+	//
+	// If an archive copy is already restored, the header value indicates when Amazon
+	// S3 is scheduled to delete the object copy. For example:
+	//
+	// x-amz-restore: ongoing-request="false", expiry-date="Fri, 21 Dec 2012 00:00:00
+	// GMT"
+	//
+	// If the object restoration is in progress, the header returns the value ongoing-request="true".
+	//
+	// For more information about archiving objects, see Transitioning Objects:
+	// General Considerations (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html#lifecycle-transition-general-considerations).
+	Restore *string `location:"header" locationName:"x-amz-restore" type:"string"`
+
+	// If server-side encryption with a customer-provided encryption key was requested,
+	// the response will include this header confirming the encryption algorithm
+	// used.
+	SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"`
+
+	// If server-side encryption with a customer-provided encryption key was requested,
+	// the response will include this header to provide round-trip message integrity
+	// verification of the customer-provided encryption key.
+	SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"`
+
+	// If present, specifies the ID of the Key Management Service (KMS) symmetric
+	// encryption customer managed key that was used for the object.
+	//
+	// SSEKMSKeyId is a sensitive parameter and its value will be
+	// replaced with "sensitive" in string returned by HeadObjectOutput's
+	// String and GoString methods.
+	SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"`
+
+	// The server-side encryption algorithm used when storing this object in Amazon
+	// S3 (for example, AES256, aws:kms, aws:kms:dsse).
+	ServerSideEncryption *string `location:"header" locationName:"x-amz-server-side-encryption" type:"string" enum:"ServerSideEncryption"`
+
+	// Provides storage class information of the object. Amazon S3 returns this
+	// header for all objects except for S3 Standard storage class objects.
+	//
+	// For more information, see Storage Classes (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html).
+	StorageClass *string `location:"header" locationName:"x-amz-storage-class" type:"string" enum:"StorageClass"`
+
+	// Version of the object.
+	VersionId *string `location:"header" locationName:"x-amz-version-id" type:"string"`
+
+	// If the bucket is configured as a website, redirects requests for this object
+	// to another object in the same bucket or to an external URL. Amazon S3 stores
+	// the value of this header in the object metadata.
+	WebsiteRedirectLocation *string `location:"header" locationName:"x-amz-website-redirect-location" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s HeadObjectOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s HeadObjectOutput) GoString() string {
+	return s.String()
+}
+
+// SetAcceptRanges sets the AcceptRanges field's value.
+func (s *HeadObjectOutput) SetAcceptRanges(v string) *HeadObjectOutput {
+	s.AcceptRanges = &v
+	return s
+}
+
+// SetArchiveStatus sets the ArchiveStatus field's value.
+func (s *HeadObjectOutput) SetArchiveStatus(v string) *HeadObjectOutput {
+	s.ArchiveStatus = &v
+	return s
+}
+
+// SetBucketKeyEnabled sets the BucketKeyEnabled field's value.
+func (s *HeadObjectOutput) SetBucketKeyEnabled(v bool) *HeadObjectOutput {
+	s.BucketKeyEnabled = &v
+	return s
+}
+
+// SetCacheControl sets the CacheControl field's value.
+func (s *HeadObjectOutput) SetCacheControl(v string) *HeadObjectOutput {
+	s.CacheControl = &v
+	return s
+}
+
+// SetChecksumCRC32 sets the ChecksumCRC32 field's value.
+func (s *HeadObjectOutput) SetChecksumCRC32(v string) *HeadObjectOutput {
+	s.ChecksumCRC32 = &v
+	return s
+}
+
+// SetChecksumCRC32C sets the ChecksumCRC32C field's value.
+func (s *HeadObjectOutput) SetChecksumCRC32C(v string) *HeadObjectOutput {
+	s.ChecksumCRC32C = &v
+	return s
+}
+
+// SetChecksumSHA1 sets the ChecksumSHA1 field's value.
+func (s *HeadObjectOutput) SetChecksumSHA1(v string) *HeadObjectOutput {
+	s.ChecksumSHA1 = &v
+	return s
+}
+
+// SetChecksumSHA256 sets the ChecksumSHA256 field's value.
+func (s *HeadObjectOutput) SetChecksumSHA256(v string) *HeadObjectOutput {
+	s.ChecksumSHA256 = &v
+	return s
+}
+
+// SetContentDisposition sets the ContentDisposition field's value.
+func (s *HeadObjectOutput) SetContentDisposition(v string) *HeadObjectOutput {
+	s.ContentDisposition = &v
+	return s
+}
+
+// SetContentEncoding sets the ContentEncoding field's value.
+func (s *HeadObjectOutput) SetContentEncoding(v string) *HeadObjectOutput {
+	s.ContentEncoding = &v
+	return s
+}
+
+// SetContentLanguage sets the ContentLanguage field's value.
+func (s *HeadObjectOutput) SetContentLanguage(v string) *HeadObjectOutput {
+	s.ContentLanguage = &v
+	return s
+}
+
+// SetContentLength sets the ContentLength field's value.
+func (s *HeadObjectOutput) SetContentLength(v int64) *HeadObjectOutput {
+	s.ContentLength = &v
+	return s
+}
+
+// SetContentType sets the ContentType field's value.
+func (s *HeadObjectOutput) SetContentType(v string) *HeadObjectOutput {
+	s.ContentType = &v
+	return s
+}
+
+// SetDeleteMarker sets the DeleteMarker field's value.
+func (s *HeadObjectOutput) SetDeleteMarker(v bool) *HeadObjectOutput {
+	s.DeleteMarker = &v
+	return s
+}
+
+// SetETag sets the ETag field's value.
+func (s *HeadObjectOutput) SetETag(v string) *HeadObjectOutput {
+	s.ETag = &v
+	return s
+}
+
+// SetExpiration sets the Expiration field's value.
+func (s *HeadObjectOutput) SetExpiration(v string) *HeadObjectOutput {
+	s.Expiration = &v
+	return s
+}
+
+// SetExpires sets the Expires field's value.
+func (s *HeadObjectOutput) SetExpires(v string) *HeadObjectOutput {
+	s.Expires = &v
+	return s
+}
+
+// SetLastModified sets the LastModified field's value.
+func (s *HeadObjectOutput) SetLastModified(v time.Time) *HeadObjectOutput {
+	s.LastModified = &v
+	return s
+}
+
+// SetMetadata sets the Metadata field's value.
+func (s *HeadObjectOutput) SetMetadata(v map[string]*string) *HeadObjectOutput {
+	s.Metadata = v
+	return s
+}
+
+// SetMissingMeta sets the MissingMeta field's value.
+func (s *HeadObjectOutput) SetMissingMeta(v int64) *HeadObjectOutput {
+	s.MissingMeta = &v
+	return s
+}
+
+// SetObjectLockLegalHoldStatus sets the ObjectLockLegalHoldStatus field's value.
+func (s *HeadObjectOutput) SetObjectLockLegalHoldStatus(v string) *HeadObjectOutput {
+	s.ObjectLockLegalHoldStatus = &v
+	return s
+}
+
+// SetObjectLockMode sets the ObjectLockMode field's value.
+func (s *HeadObjectOutput) SetObjectLockMode(v string) *HeadObjectOutput {
+	s.ObjectLockMode = &v
+	return s
+}
+
+// SetObjectLockRetainUntilDate sets the ObjectLockRetainUntilDate field's value.
+func (s *HeadObjectOutput) SetObjectLockRetainUntilDate(v time.Time) *HeadObjectOutput {
+	s.ObjectLockRetainUntilDate = &v
+	return s
+}
+
+// SetPartsCount sets the PartsCount field's value.
+func (s *HeadObjectOutput) SetPartsCount(v int64) *HeadObjectOutput {
+	s.PartsCount = &v
+	return s
+}
+
+// SetReplicationStatus sets the ReplicationStatus field's value.
+func (s *HeadObjectOutput) SetReplicationStatus(v string) *HeadObjectOutput {
+	s.ReplicationStatus = &v
+	return s
+}
+
+// SetRequestCharged sets the RequestCharged field's value.
+func (s *HeadObjectOutput) SetRequestCharged(v string) *HeadObjectOutput {
+	s.RequestCharged = &v
+	return s
+}
+
+// SetRestore sets the Restore field's value.
+func (s *HeadObjectOutput) SetRestore(v string) *HeadObjectOutput {
+	s.Restore = &v
+	return s
+}
+
+// SetSSECustomerAlgorithm sets the SSECustomerAlgorithm field's value.
+func (s *HeadObjectOutput) SetSSECustomerAlgorithm(v string) *HeadObjectOutput {
+	s.SSECustomerAlgorithm = &v
+	return s
+}
+
+// SetSSECustomerKeyMD5 sets the SSECustomerKeyMD5 field's value.
+func (s *HeadObjectOutput) SetSSECustomerKeyMD5(v string) *HeadObjectOutput {
+	s.SSECustomerKeyMD5 = &v
+	return s
+}
+
+// SetSSEKMSKeyId sets the SSEKMSKeyId field's value.
+func (s *HeadObjectOutput) SetSSEKMSKeyId(v string) *HeadObjectOutput {
+	s.SSEKMSKeyId = &v
+	return s
+}
+
+// SetServerSideEncryption sets the ServerSideEncryption field's value.
+func (s *HeadObjectOutput) SetServerSideEncryption(v string) *HeadObjectOutput {
+	s.ServerSideEncryption = &v
+	return s
+}
+
+// SetStorageClass sets the StorageClass field's value.
+func (s *HeadObjectOutput) SetStorageClass(v string) *HeadObjectOutput {
+	s.StorageClass = &v
+	return s
+}
+
+// SetVersionId sets the VersionId field's value.
+func (s *HeadObjectOutput) SetVersionId(v string) *HeadObjectOutput {
+	s.VersionId = &v
+	return s
+}
+
+// SetWebsiteRedirectLocation sets the WebsiteRedirectLocation field's value.
+func (s *HeadObjectOutput) SetWebsiteRedirectLocation(v string) *HeadObjectOutput {
+	s.WebsiteRedirectLocation = &v
+	return s
+}
+
+// Container for the Suffix element.
+type IndexDocument struct {
+	_ struct{} `type:"structure"`
+
+	// A suffix that is appended to a request that is for a directory on the website
+	// endpoint (for example,if the suffix is index.html and you make a request
+	// to samplebucket/images/ the data that is returned will be for the object
+	// with the key name images/index.html) The suffix must not be empty and must
+	// not include a slash character.
+	//
+	// Replacement must be made for object keys containing special characters (such
+	// as carriage returns) when using XML requests. For more information, see XML
+	// related object key constraints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints).
+	//
+	// Suffix is a required field
+	Suffix *string `type:"string" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s IndexDocument) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s IndexDocument) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *IndexDocument) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "IndexDocument"}
+	if s.Suffix == nil {
+		invalidParams.Add(request.NewErrParamRequired("Suffix"))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetSuffix sets the Suffix field's value.
+func (s *IndexDocument) SetSuffix(v string) *IndexDocument {
+	s.Suffix = &v
+	return s
+}
+
+// Container element that identifies who initiated the multipart upload.
+type Initiator struct {
+	_ struct{} `type:"structure"`
+
+	// Name of the Principal.
+	DisplayName *string `type:"string"`
+
+	// If the principal is an Amazon Web Services account, it provides the Canonical
+	// User ID. If the principal is an IAM User, it provides a user ARN value.
+	ID *string `type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s Initiator) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s Initiator) GoString() string {
+	return s.String()
+}
+
+// SetDisplayName sets the DisplayName field's value.
+func (s *Initiator) SetDisplayName(v string) *Initiator {
+	s.DisplayName = &v
+	return s
+}
+
+// SetID sets the ID field's value.
+func (s *Initiator) SetID(v string) *Initiator {
+	s.ID = &v
+	return s
+}
+
+// Describes the serialization format of the object.
+type InputSerialization struct {
+	_ struct{} `type:"structure"`
+
+	// Describes the serialization of a CSV-encoded object.
+	CSV *CSVInput `type:"structure"`
+
+	// Specifies object's compression format. Valid values: NONE, GZIP, BZIP2. Default
+	// Value: NONE.
+	CompressionType *string `type:"string" enum:"CompressionType"`
+
+	// Specifies JSON as object's input serialization format.
+	JSON *JSONInput `type:"structure"`
+
+	// Specifies Parquet as object's input serialization format.
+	Parquet *ParquetInput `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s InputSerialization) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s InputSerialization) GoString() string {
+	return s.String()
+}
+
+// SetCSV sets the CSV field's value.
+func (s *InputSerialization) SetCSV(v *CSVInput) *InputSerialization {
+	s.CSV = v
+	return s
+}
+
+// SetCompressionType sets the CompressionType field's value.
+func (s *InputSerialization) SetCompressionType(v string) *InputSerialization {
+	s.CompressionType = &v
+	return s
+}
+
+// SetJSON sets the JSON field's value.
+func (s *InputSerialization) SetJSON(v *JSONInput) *InputSerialization {
+	s.JSON = v
+	return s
+}
+
+// SetParquet sets the Parquet field's value.
+func (s *InputSerialization) SetParquet(v *ParquetInput) *InputSerialization {
+	s.Parquet = v
+	return s
+}
+
+// A container for specifying S3 Intelligent-Tiering filters. The filters determine
+// the subset of objects to which the rule applies.
+type IntelligentTieringAndOperator struct {
+	_ struct{} `type:"structure"`
+
+	// An object key name prefix that identifies the subset of objects to which
+	// the configuration applies.
+	Prefix *string `type:"string"`
+
+	// All of these tags must exist in the object's tag set in order for the configuration
+	// to apply.
+	Tags []*Tag `locationName:"Tag" locationNameList:"Tag" type:"list" flattened:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s IntelligentTieringAndOperator) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s IntelligentTieringAndOperator) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *IntelligentTieringAndOperator) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "IntelligentTieringAndOperator"}
+	if s.Tags != nil {
+		for i, v := range s.Tags {
+			if v == nil {
+				continue
+			}
+			if err := v.Validate(); err != nil {
+				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams))
+			}
+		}
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetPrefix sets the Prefix field's value.
+func (s *IntelligentTieringAndOperator) SetPrefix(v string) *IntelligentTieringAndOperator {
+	s.Prefix = &v
+	return s
+}
+
+// SetTags sets the Tags field's value.
+func (s *IntelligentTieringAndOperator) SetTags(v []*Tag) *IntelligentTieringAndOperator {
+	s.Tags = v
+	return s
+}
+
+// Specifies the S3 Intelligent-Tiering configuration for an Amazon S3 bucket.
+//
+// For information about the S3 Intelligent-Tiering storage class, see Storage
+// class for automatically optimizing frequently and infrequently accessed objects
+// (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html#sc-dynamic-data-access).
+type IntelligentTieringConfiguration struct {
+	_ struct{} `type:"structure"`
+
+	// Specifies a bucket filter. The configuration only includes objects that meet
+	// the filter's criteria.
+	Filter *IntelligentTieringFilter `type:"structure"`
+
+	// The ID used to identify the S3 Intelligent-Tiering configuration.
+	//
+	// Id is a required field
+	Id *string `type:"string" required:"true"`
+
+	// Specifies the status of the configuration.
+	//
+	// Status is a required field
+	Status *string `type:"string" required:"true" enum:"IntelligentTieringStatus"`
+
+	// Specifies the S3 Intelligent-Tiering storage class tier of the configuration.
+	//
+	// Tierings is a required field
+	Tierings []*Tiering `locationName:"Tiering" type:"list" flattened:"true" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s IntelligentTieringConfiguration) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s IntelligentTieringConfiguration) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *IntelligentTieringConfiguration) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "IntelligentTieringConfiguration"}
+	if s.Id == nil {
+		invalidParams.Add(request.NewErrParamRequired("Id"))
+	}
+	if s.Status == nil {
+		invalidParams.Add(request.NewErrParamRequired("Status"))
+	}
+	if s.Tierings == nil {
+		invalidParams.Add(request.NewErrParamRequired("Tierings"))
+	}
+	if s.Filter != nil {
+		if err := s.Filter.Validate(); err != nil {
+			invalidParams.AddNested("Filter", err.(request.ErrInvalidParams))
+		}
+	}
+	if s.Tierings != nil {
+		for i, v := range s.Tierings {
+			if v == nil {
+				continue
+			}
+			if err := v.Validate(); err != nil {
+				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tierings", i), err.(request.ErrInvalidParams))
+			}
+		}
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetFilter sets the Filter field's value.
+func (s *IntelligentTieringConfiguration) SetFilter(v *IntelligentTieringFilter) *IntelligentTieringConfiguration {
+	s.Filter = v
+	return s
+}
+
+// SetId sets the Id field's value.
+func (s *IntelligentTieringConfiguration) SetId(v string) *IntelligentTieringConfiguration {
+	s.Id = &v
+	return s
+}
+
+// SetStatus sets the Status field's value.
+func (s *IntelligentTieringConfiguration) SetStatus(v string) *IntelligentTieringConfiguration {
+	s.Status = &v
+	return s
+}
+
+// SetTierings sets the Tierings field's value.
+func (s *IntelligentTieringConfiguration) SetTierings(v []*Tiering) *IntelligentTieringConfiguration {
+	s.Tierings = v
+	return s
+}
+
+// The Filter is used to identify objects that the S3 Intelligent-Tiering configuration
+// applies to.
+type IntelligentTieringFilter struct {
+	_ struct{} `type:"structure"`
+
+	// A conjunction (logical AND) of predicates, which is used in evaluating a
+	// metrics filter. The operator must have at least two predicates, and an object
+	// must match all of the predicates in order for the filter to apply.
+	And *IntelligentTieringAndOperator `type:"structure"`
+
+	// An object key name prefix that identifies the subset of objects to which
+	// the rule applies.
+	//
+	// Replacement must be made for object keys containing special characters (such
+	// as carriage returns) when using XML requests. For more information, see XML
+	// related object key constraints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints).
+	Prefix *string `type:"string"`
+
+	// A container of a key value name pair.
+	Tag *Tag `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s IntelligentTieringFilter) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s IntelligentTieringFilter) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *IntelligentTieringFilter) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "IntelligentTieringFilter"}
+	if s.And != nil {
+		if err := s.And.Validate(); err != nil {
+			invalidParams.AddNested("And", err.(request.ErrInvalidParams))
+		}
+	}
+	if s.Tag != nil {
+		if err := s.Tag.Validate(); err != nil {
+			invalidParams.AddNested("Tag", err.(request.ErrInvalidParams))
+		}
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetAnd sets the And field's value.
+func (s *IntelligentTieringFilter) SetAnd(v *IntelligentTieringAndOperator) *IntelligentTieringFilter {
+	s.And = v
+	return s
+}
+
+// SetPrefix sets the Prefix field's value.
+func (s *IntelligentTieringFilter) SetPrefix(v string) *IntelligentTieringFilter {
+	s.Prefix = &v
+	return s
+}
+
+// SetTag sets the Tag field's value.
+func (s *IntelligentTieringFilter) SetTag(v *Tag) *IntelligentTieringFilter {
+	s.Tag = v
+	return s
+}
+
+// Specifies the inventory configuration for an Amazon S3 bucket. For more information,
+// see GET Bucket inventory (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketGETInventoryConfig.html)
+// in the Amazon S3 API Reference.
+type InventoryConfiguration struct {
+	_ struct{} `type:"structure"`
+
+	// Contains information about where to publish the inventory results.
+	//
+	// Destination is a required field
+	Destination *InventoryDestination `type:"structure" required:"true"`
+
+	// Specifies an inventory filter. The inventory only includes objects that meet
+	// the filter's criteria.
+	Filter *InventoryFilter `type:"structure"`
+
+	// The ID used to identify the inventory configuration.
+	//
+	// Id is a required field
+	Id *string `type:"string" required:"true"`
+
+	// Object versions to include in the inventory list. If set to All, the list
+	// includes all the object versions, which adds the version-related fields VersionId,
+	// IsLatest, and DeleteMarker to the list. If set to Current, the list does
+	// not contain these version-related fields.
+	//
+	// IncludedObjectVersions is a required field
+	IncludedObjectVersions *string `type:"string" required:"true" enum:"InventoryIncludedObjectVersions"`
+
+	// Specifies whether the inventory is enabled or disabled. If set to True, an
+	// inventory list is generated. If set to False, no inventory list is generated.
+	//
+	// IsEnabled is a required field
+	IsEnabled *bool `type:"boolean" required:"true"`
+
+	// Contains the optional fields that are included in the inventory results.
+	OptionalFields []*string `locationNameList:"Field" type:"list" enum:"InventoryOptionalField"`
+
+	// Specifies the schedule for generating inventory results.
+	//
+	// Schedule is a required field
+	Schedule *InventorySchedule `type:"structure" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s InventoryConfiguration) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s InventoryConfiguration) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *InventoryConfiguration) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "InventoryConfiguration"}
+	if s.Destination == nil {
+		invalidParams.Add(request.NewErrParamRequired("Destination"))
+	}
+	if s.Id == nil {
+		invalidParams.Add(request.NewErrParamRequired("Id"))
+	}
+	if s.IncludedObjectVersions == nil {
+		invalidParams.Add(request.NewErrParamRequired("IncludedObjectVersions"))
+	}
+	if s.IsEnabled == nil {
+		invalidParams.Add(request.NewErrParamRequired("IsEnabled"))
+	}
+	if s.Schedule == nil {
+		invalidParams.Add(request.NewErrParamRequired("Schedule"))
+	}
+	if s.Destination != nil {
+		if err := s.Destination.Validate(); err != nil {
+			invalidParams.AddNested("Destination", err.(request.ErrInvalidParams))
+		}
+	}
+	if s.Filter != nil {
+		if err := s.Filter.Validate(); err != nil {
+			invalidParams.AddNested("Filter", err.(request.ErrInvalidParams))
+		}
+	}
+	if s.Schedule != nil {
+		if err := s.Schedule.Validate(); err != nil {
+			invalidParams.AddNested("Schedule", err.(request.ErrInvalidParams))
+		}
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetDestination sets the Destination field's value.
+func (s *InventoryConfiguration) SetDestination(v *InventoryDestination) *InventoryConfiguration {
+	s.Destination = v
+	return s
+}
+
+// SetFilter sets the Filter field's value.
+func (s *InventoryConfiguration) SetFilter(v *InventoryFilter) *InventoryConfiguration {
+	s.Filter = v
+	return s
+}
+
+// SetId sets the Id field's value.
+func (s *InventoryConfiguration) SetId(v string) *InventoryConfiguration {
+	s.Id = &v
+	return s
+}
+
+// SetIncludedObjectVersions sets the IncludedObjectVersions field's value.
+func (s *InventoryConfiguration) SetIncludedObjectVersions(v string) *InventoryConfiguration {
+	s.IncludedObjectVersions = &v
+	return s
+}
+
+// SetIsEnabled sets the IsEnabled field's value.
+func (s *InventoryConfiguration) SetIsEnabled(v bool) *InventoryConfiguration {
+	s.IsEnabled = &v
+	return s
+}
+
+// SetOptionalFields sets the OptionalFields field's value.
+func (s *InventoryConfiguration) SetOptionalFields(v []*string) *InventoryConfiguration {
+	s.OptionalFields = v
+	return s
+}
+
+// SetSchedule sets the Schedule field's value.
+func (s *InventoryConfiguration) SetSchedule(v *InventorySchedule) *InventoryConfiguration {
+	s.Schedule = v
+	return s
+}
+
+// Specifies the inventory configuration for an Amazon S3 bucket.
+type InventoryDestination struct {
+	_ struct{} `type:"structure"`
+
+	// Contains the bucket name, file format, bucket owner (optional), and prefix
+	// (optional) where inventory results are published.
+	//
+	// S3BucketDestination is a required field
+	S3BucketDestination *InventoryS3BucketDestination `type:"structure" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s InventoryDestination) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s InventoryDestination) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *InventoryDestination) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "InventoryDestination"}
+	if s.S3BucketDestination == nil {
+		invalidParams.Add(request.NewErrParamRequired("S3BucketDestination"))
+	}
+	if s.S3BucketDestination != nil {
+		if err := s.S3BucketDestination.Validate(); err != nil {
+			invalidParams.AddNested("S3BucketDestination", err.(request.ErrInvalidParams))
+		}
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetS3BucketDestination sets the S3BucketDestination field's value.
+func (s *InventoryDestination) SetS3BucketDestination(v *InventoryS3BucketDestination) *InventoryDestination {
+	s.S3BucketDestination = v
+	return s
+}
+
+// Contains the type of server-side encryption used to encrypt the inventory
+// results.
+type InventoryEncryption struct {
+	_ struct{} `type:"structure"`
+
+	// Specifies the use of SSE-KMS to encrypt delivered inventory reports.
+	SSEKMS *SSEKMS `locationName:"SSE-KMS" type:"structure"`
+
+	// Specifies the use of SSE-S3 to encrypt delivered inventory reports.
+	SSES3 *SSES3 `locationName:"SSE-S3" type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s InventoryEncryption) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s InventoryEncryption) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *InventoryEncryption) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "InventoryEncryption"}
+	if s.SSEKMS != nil {
+		if err := s.SSEKMS.Validate(); err != nil {
+			invalidParams.AddNested("SSEKMS", err.(request.ErrInvalidParams))
+		}
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetSSEKMS sets the SSEKMS field's value.
+func (s *InventoryEncryption) SetSSEKMS(v *SSEKMS) *InventoryEncryption {
+	s.SSEKMS = v
+	return s
+}
+
+// SetSSES3 sets the SSES3 field's value.
+func (s *InventoryEncryption) SetSSES3(v *SSES3) *InventoryEncryption {
+	s.SSES3 = v
+	return s
+}
+
+// Specifies an inventory filter. The inventory only includes objects that meet
+// the filter's criteria.
+type InventoryFilter struct {
+	_ struct{} `type:"structure"`
+
+	// The prefix that an object must have to be included in the inventory results.
+	//
+	// Prefix is a required field
+	Prefix *string `type:"string" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s InventoryFilter) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s InventoryFilter) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *InventoryFilter) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "InventoryFilter"}
+	if s.Prefix == nil {
+		invalidParams.Add(request.NewErrParamRequired("Prefix"))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetPrefix sets the Prefix field's value.
+func (s *InventoryFilter) SetPrefix(v string) *InventoryFilter {
+	s.Prefix = &v
+	return s
+}
+
+// Contains the bucket name, file format, bucket owner (optional), and prefix
+// (optional) where inventory results are published.
+type InventoryS3BucketDestination struct {
+	_ struct{} `type:"structure"`
+
+	// The account ID that owns the destination S3 bucket. If no account ID is provided,
+	// the owner is not validated before exporting data.
+	//
+	// Although this value is optional, we strongly recommend that you set it to
+	// help prevent problems if the destination bucket ownership changes.
+	AccountId *string `type:"string"`
+
+	// The Amazon Resource Name (ARN) of the bucket where inventory results will
+	// be published.
+	//
+	// Bucket is a required field
+	Bucket *string `type:"string" required:"true"`
+
+	// Contains the type of server-side encryption used to encrypt the inventory
+	// results.
+	Encryption *InventoryEncryption `type:"structure"`
+
+	// Specifies the output format of the inventory results.
+	//
+	// Format is a required field
+	Format *string `type:"string" required:"true" enum:"InventoryFormat"`
+
+	// The prefix that is prepended to all inventory results.
+	Prefix *string `type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s InventoryS3BucketDestination) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s InventoryS3BucketDestination) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *InventoryS3BucketDestination) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "InventoryS3BucketDestination"}
+	if s.Bucket == nil {
+		invalidParams.Add(request.NewErrParamRequired("Bucket"))
+	}
+	if s.Format == nil {
+		invalidParams.Add(request.NewErrParamRequired("Format"))
+	}
+	if s.Encryption != nil {
+		if err := s.Encryption.Validate(); err != nil {
+			invalidParams.AddNested("Encryption", err.(request.ErrInvalidParams))
+		}
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetAccountId sets the AccountId field's value.
+func (s *InventoryS3BucketDestination) SetAccountId(v string) *InventoryS3BucketDestination {
+	s.AccountId = &v
+	return s
+}
+
+// SetBucket sets the Bucket field's value.
+func (s *InventoryS3BucketDestination) SetBucket(v string) *InventoryS3BucketDestination {
+	s.Bucket = &v
+	return s
+}
+
+func (s *InventoryS3BucketDestination) getBucket() (v string) {
+	if s.Bucket == nil {
+		return v
+	}
+	return *s.Bucket
+}
+
+// SetEncryption sets the Encryption field's value.
+func (s *InventoryS3BucketDestination) SetEncryption(v *InventoryEncryption) *InventoryS3BucketDestination {
+	s.Encryption = v
+	return s
+}
+
+// SetFormat sets the Format field's value.
+func (s *InventoryS3BucketDestination) SetFormat(v string) *InventoryS3BucketDestination {
+	s.Format = &v
+	return s
+}
+
+// SetPrefix sets the Prefix field's value.
+func (s *InventoryS3BucketDestination) SetPrefix(v string) *InventoryS3BucketDestination {
+	s.Prefix = &v
+	return s
+}
+
+// Specifies the schedule for generating inventory results.
+type InventorySchedule struct {
+	_ struct{} `type:"structure"`
+
+	// Specifies how frequently inventory results are produced.
+	//
+	// Frequency is a required field
+	Frequency *string `type:"string" required:"true" enum:"InventoryFrequency"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s InventorySchedule) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s InventorySchedule) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *InventorySchedule) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "InventorySchedule"}
+	if s.Frequency == nil {
+		invalidParams.Add(request.NewErrParamRequired("Frequency"))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetFrequency sets the Frequency field's value.
+func (s *InventorySchedule) SetFrequency(v string) *InventorySchedule {
+	s.Frequency = &v
+	return s
+}
+
+// Specifies JSON as object's input serialization format.
+type JSONInput struct {
+	_ struct{} `type:"structure"`
+
+	// The type of JSON. Valid values: Document, Lines.
+	Type *string `type:"string" enum:"JSONType"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s JSONInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s JSONInput) GoString() string {
+	return s.String()
+}
+
+// SetType sets the Type field's value.
+func (s *JSONInput) SetType(v string) *JSONInput {
+	s.Type = &v
+	return s
+}
+
+// Specifies JSON as request's output serialization format.
+type JSONOutput struct {
+	_ struct{} `type:"structure"`
+
+	// The value used to separate individual records in the output. If no value
+	// is specified, Amazon S3 uses a newline character ('\n').
+	RecordDelimiter *string `type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s JSONOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s JSONOutput) GoString() string {
+	return s.String()
+}
+
+// SetRecordDelimiter sets the RecordDelimiter field's value.
+func (s *JSONOutput) SetRecordDelimiter(v string) *JSONOutput {
+	s.RecordDelimiter = &v
+	return s
+}
+
+// A container for object key name prefix and suffix filtering rules.
+type KeyFilter struct {
+	_ struct{} `type:"structure"`
+
+	// A list of containers for the key-value pair that defines the criteria for
+	// the filter rule.
+	FilterRules []*FilterRule `locationName:"FilterRule" type:"list" flattened:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s KeyFilter) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s KeyFilter) GoString() string {
+	return s.String()
+}
+
+// SetFilterRules sets the FilterRules field's value.
+func (s *KeyFilter) SetFilterRules(v []*FilterRule) *KeyFilter {
+	s.FilterRules = v
+	return s
+}
+
+// A container for specifying the configuration for Lambda notifications.
+type LambdaFunctionConfiguration struct {
+	_ struct{} `type:"structure"`
+
+	// The Amazon S3 bucket event for which to invoke the Lambda function. For more
+	// information, see Supported Event Types (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html)
+	// in the Amazon S3 User Guide.
+	//
+	// Events is a required field
+	Events []*string `locationName:"Event" type:"list" flattened:"true" required:"true" enum:"Event"`
+
+	// Specifies object key name filtering rules. For information about key name
+	// filtering, see Configuring event notifications using object key name filtering
+	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/notification-how-to-filtering.html)
+	// in the Amazon S3 User Guide.
+	Filter *NotificationConfigurationFilter `type:"structure"`
+
+	// An optional unique identifier for configurations in a notification configuration.
+	// If you don't provide one, Amazon S3 will assign an ID.
+	Id *string `type:"string"`
+
+	// The Amazon Resource Name (ARN) of the Lambda function that Amazon S3 invokes
+	// when the specified event type occurs.
+	//
+	// LambdaFunctionArn is a required field
+	LambdaFunctionArn *string `locationName:"CloudFunction" type:"string" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s LambdaFunctionConfiguration) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s LambdaFunctionConfiguration) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *LambdaFunctionConfiguration) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "LambdaFunctionConfiguration"}
+	if s.Events == nil {
+		invalidParams.Add(request.NewErrParamRequired("Events"))
+	}
+	if s.LambdaFunctionArn == nil {
+		invalidParams.Add(request.NewErrParamRequired("LambdaFunctionArn"))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetEvents sets the Events field's value.
+func (s *LambdaFunctionConfiguration) SetEvents(v []*string) *LambdaFunctionConfiguration {
+	s.Events = v
+	return s
+}
+
+// SetFilter sets the Filter field's value.
+func (s *LambdaFunctionConfiguration) SetFilter(v *NotificationConfigurationFilter) *LambdaFunctionConfiguration {
+	s.Filter = v
+	return s
+}
+
+// SetId sets the Id field's value.
+func (s *LambdaFunctionConfiguration) SetId(v string) *LambdaFunctionConfiguration {
+	s.Id = &v
+	return s
+}
+
+// SetLambdaFunctionArn sets the LambdaFunctionArn field's value.
+func (s *LambdaFunctionConfiguration) SetLambdaFunctionArn(v string) *LambdaFunctionConfiguration {
+	s.LambdaFunctionArn = &v
+	return s
+}
+
+// Container for lifecycle rules. You can add as many as 1000 rules.
+//
+// For more information see, Managing your storage lifecycle (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lifecycle-mgmt.html)
+// in the Amazon S3 User Guide.
+type LifecycleConfiguration struct {
+	_ struct{} `type:"structure"`
+
+	// Specifies lifecycle configuration rules for an Amazon S3 bucket.
+	//
+	// Rules is a required field
+	Rules []*Rule `locationName:"Rule" type:"list" flattened:"true" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s LifecycleConfiguration) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s LifecycleConfiguration) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *LifecycleConfiguration) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "LifecycleConfiguration"}
+	if s.Rules == nil {
+		invalidParams.Add(request.NewErrParamRequired("Rules"))
+	}
+	if s.Rules != nil {
+		for i, v := range s.Rules {
+			if v == nil {
+				continue
+			}
+			if err := v.Validate(); err != nil {
+				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Rules", i), err.(request.ErrInvalidParams))
+			}
+		}
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetRules sets the Rules field's value.
+func (s *LifecycleConfiguration) SetRules(v []*Rule) *LifecycleConfiguration {
+	s.Rules = v
+	return s
+}
+
+// Container for the expiration for the lifecycle of the object.
+//
+// For more information see, Managing your storage lifecycle (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lifecycle-mgmt.html)
+// in the Amazon S3 User Guide.
+type LifecycleExpiration struct {
+	_ struct{} `type:"structure"`
+
+	// Indicates at what date the object is to be moved or deleted. The date value
+	// must conform to the ISO 8601 format. The time is always midnight UTC.
+	Date *time.Time `type:"timestamp" timestampFormat:"iso8601"`
+
+	// Indicates the lifetime, in days, of the objects that are subject to the rule.
+	// The value must be a non-zero positive integer.
+	Days *int64 `type:"integer"`
+
+	// Indicates whether Amazon S3 will remove a delete marker with no noncurrent
+	// versions. If set to true, the delete marker will be expired; if set to false
+	// the policy takes no action. This cannot be specified with Days or Date in
+	// a Lifecycle Expiration Policy.
+	ExpiredObjectDeleteMarker *bool `type:"boolean"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s LifecycleExpiration) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s LifecycleExpiration) GoString() string {
+	return s.String()
+}
+
+// SetDate sets the Date field's value.
+func (s *LifecycleExpiration) SetDate(v time.Time) *LifecycleExpiration {
+	s.Date = &v
+	return s
+}
+
+// SetDays sets the Days field's value.
+func (s *LifecycleExpiration) SetDays(v int64) *LifecycleExpiration {
+	s.Days = &v
+	return s
+}
+
+// SetExpiredObjectDeleteMarker sets the ExpiredObjectDeleteMarker field's value.
+func (s *LifecycleExpiration) SetExpiredObjectDeleteMarker(v bool) *LifecycleExpiration {
+	s.ExpiredObjectDeleteMarker = &v
+	return s
+}
+
+// A lifecycle rule for individual objects in an Amazon S3 bucket.
+//
+// For more information see, Managing your storage lifecycle (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lifecycle-mgmt.html)
+// in the Amazon S3 User Guide.
+type LifecycleRule struct {
+	_ struct{} `type:"structure"`
+
+	// Specifies the days since the initiation of an incomplete multipart upload
+	// that Amazon S3 will wait before permanently removing all parts of the upload.
+	// For more information, see Aborting Incomplete Multipart Uploads Using a Bucket
+	// Lifecycle Configuration (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html#mpu-abort-incomplete-mpu-lifecycle-config)
+	// in the Amazon S3 User Guide.
+	AbortIncompleteMultipartUpload *AbortIncompleteMultipartUpload `type:"structure"`
+
+	// Specifies the expiration for the lifecycle of the object in the form of date,
+	// days and, whether the object has a delete marker.
+	Expiration *LifecycleExpiration `type:"structure"`
+
+	// The Filter is used to identify objects that a Lifecycle Rule applies to.
+	// A Filter must have exactly one of Prefix, Tag, or And specified. Filter is
+	// required if the LifecycleRule does not contain a Prefix element.
+	Filter *LifecycleRuleFilter `type:"structure"`
+
+	// Unique identifier for the rule. The value cannot be longer than 255 characters.
+	ID *string `type:"string"`
+
+	// Specifies when noncurrent object versions expire. Upon expiration, Amazon
+	// S3 permanently deletes the noncurrent object versions. You set this lifecycle
+	// configuration action on a bucket that has versioning enabled (or suspended)
+	// to request that Amazon S3 delete noncurrent object versions at a specific
+	// period in the object's lifetime.
+	NoncurrentVersionExpiration *NoncurrentVersionExpiration `type:"structure"`
+
+	// Specifies the transition rule for the lifecycle rule that describes when
+	// noncurrent objects transition to a specific storage class. If your bucket
+	// is versioning-enabled (or versioning is suspended), you can set this action
+	// to request that Amazon S3 transition noncurrent object versions to a specific
+	// storage class at a set period in the object's lifetime.
+	NoncurrentVersionTransitions []*NoncurrentVersionTransition `locationName:"NoncurrentVersionTransition" type:"list" flattened:"true"`
+
+	// Prefix identifying one or more objects to which the rule applies. This is
+	// no longer used; use Filter instead.
+	//
+	// Replacement must be made for object keys containing special characters (such
+	// as carriage returns) when using XML requests. For more information, see XML
+	// related object key constraints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints).
+	//
+	// Deprecated: Prefix has been deprecated
+	Prefix *string `deprecated:"true" type:"string"`
+
+	// If 'Enabled', the rule is currently being applied. If 'Disabled', the rule
+	// is not currently being applied.
+	//
+	// Status is a required field
+	Status *string `type:"string" required:"true" enum:"ExpirationStatus"`
+
+	// Specifies when an Amazon S3 object transitions to a specified storage class.
+	Transitions []*Transition `locationName:"Transition" type:"list" flattened:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s LifecycleRule) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s LifecycleRule) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *LifecycleRule) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "LifecycleRule"}
+	if s.Status == nil {
+		invalidParams.Add(request.NewErrParamRequired("Status"))
+	}
+	if s.Filter != nil {
+		if err := s.Filter.Validate(); err != nil {
+			invalidParams.AddNested("Filter", err.(request.ErrInvalidParams))
+		}
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetAbortIncompleteMultipartUpload sets the AbortIncompleteMultipartUpload field's value.
+func (s *LifecycleRule) SetAbortIncompleteMultipartUpload(v *AbortIncompleteMultipartUpload) *LifecycleRule {
+	s.AbortIncompleteMultipartUpload = v
+	return s
+}
+
+// SetExpiration sets the Expiration field's value.
+func (s *LifecycleRule) SetExpiration(v *LifecycleExpiration) *LifecycleRule {
+	s.Expiration = v
+	return s
+}
+
+// SetFilter sets the Filter field's value.
+func (s *LifecycleRule) SetFilter(v *LifecycleRuleFilter) *LifecycleRule {
+	s.Filter = v
+	return s
+}
+
+// SetID sets the ID field's value.
+func (s *LifecycleRule) SetID(v string) *LifecycleRule {
+	s.ID = &v
+	return s
+}
+
+// SetNoncurrentVersionExpiration sets the NoncurrentVersionExpiration field's value.
+func (s *LifecycleRule) SetNoncurrentVersionExpiration(v *NoncurrentVersionExpiration) *LifecycleRule {
+	s.NoncurrentVersionExpiration = v
+	return s
+}
+
+// SetNoncurrentVersionTransitions sets the NoncurrentVersionTransitions field's value.
+func (s *LifecycleRule) SetNoncurrentVersionTransitions(v []*NoncurrentVersionTransition) *LifecycleRule {
+	s.NoncurrentVersionTransitions = v
+	return s
+}
+
+// SetPrefix sets the Prefix field's value.
+func (s *LifecycleRule) SetPrefix(v string) *LifecycleRule {
+	s.Prefix = &v
+	return s
+}
+
+// SetStatus sets the Status field's value.
+func (s *LifecycleRule) SetStatus(v string) *LifecycleRule {
+	s.Status = &v
+	return s
+}
+
+// SetTransitions sets the Transitions field's value.
+func (s *LifecycleRule) SetTransitions(v []*Transition) *LifecycleRule {
+	s.Transitions = v
+	return s
+}
+
+// This is used in a Lifecycle Rule Filter to apply a logical AND to two or
+// more predicates. The Lifecycle Rule will apply to any object matching all
+// of the predicates configured inside the And operator.
+type LifecycleRuleAndOperator struct {
+	_ struct{} `type:"structure"`
+
+	// Minimum object size to which the rule applies.
+	ObjectSizeGreaterThan *int64 `type:"long"`
+
+	// Maximum object size to which the rule applies.
+	ObjectSizeLessThan *int64 `type:"long"`
+
+	// Prefix identifying one or more objects to which the rule applies.
+	Prefix *string `type:"string"`
+
+	// All of these tags must exist in the object's tag set in order for the rule
+	// to apply.
+	Tags []*Tag `locationName:"Tag" locationNameList:"Tag" type:"list" flattened:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s LifecycleRuleAndOperator) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s LifecycleRuleAndOperator) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *LifecycleRuleAndOperator) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "LifecycleRuleAndOperator"}
+	if s.Tags != nil {
+		for i, v := range s.Tags {
+			if v == nil {
+				continue
+			}
+			if err := v.Validate(); err != nil {
+				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams))
+			}
+		}
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetObjectSizeGreaterThan sets the ObjectSizeGreaterThan field's value.
+func (s *LifecycleRuleAndOperator) SetObjectSizeGreaterThan(v int64) *LifecycleRuleAndOperator {
+	s.ObjectSizeGreaterThan = &v
+	return s
+}
+
+// SetObjectSizeLessThan sets the ObjectSizeLessThan field's value.
+func (s *LifecycleRuleAndOperator) SetObjectSizeLessThan(v int64) *LifecycleRuleAndOperator {
+	s.ObjectSizeLessThan = &v
+	return s
+}
+
+// SetPrefix sets the Prefix field's value.
+func (s *LifecycleRuleAndOperator) SetPrefix(v string) *LifecycleRuleAndOperator {
+	s.Prefix = &v
+	return s
+}
+
+// SetTags sets the Tags field's value.
+func (s *LifecycleRuleAndOperator) SetTags(v []*Tag) *LifecycleRuleAndOperator {
+	s.Tags = v
+	return s
+}
+
+// The Filter is used to identify objects that a Lifecycle Rule applies to.
+// A Filter must have exactly one of Prefix, Tag, or And specified.
+type LifecycleRuleFilter struct {
+	_ struct{} `type:"structure"`
+
+	// This is used in a Lifecycle Rule Filter to apply a logical AND to two or
+	// more predicates. The Lifecycle Rule will apply to any object matching all
+	// of the predicates configured inside the And operator.
+	And *LifecycleRuleAndOperator `type:"structure"`
+
+	// Minimum object size to which the rule applies.
+	ObjectSizeGreaterThan *int64 `type:"long"`
+
+	// Maximum object size to which the rule applies.
+	ObjectSizeLessThan *int64 `type:"long"`
+
+	// Prefix identifying one or more objects to which the rule applies.
+	//
+	// Replacement must be made for object keys containing special characters (such
+	// as carriage returns) when using XML requests. For more information, see XML
+	// related object key constraints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints).
+	Prefix *string `type:"string"`
+
+	// This tag must exist in the object's tag set in order for the rule to apply.
+	Tag *Tag `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s LifecycleRuleFilter) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s LifecycleRuleFilter) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *LifecycleRuleFilter) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "LifecycleRuleFilter"}
+	if s.And != nil {
+		if err := s.And.Validate(); err != nil {
+			invalidParams.AddNested("And", err.(request.ErrInvalidParams))
+		}
+	}
+	if s.Tag != nil {
+		if err := s.Tag.Validate(); err != nil {
+			invalidParams.AddNested("Tag", err.(request.ErrInvalidParams))
+		}
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetAnd sets the And field's value.
+func (s *LifecycleRuleFilter) SetAnd(v *LifecycleRuleAndOperator) *LifecycleRuleFilter {
+	s.And = v
+	return s
+}
+
+// SetObjectSizeGreaterThan sets the ObjectSizeGreaterThan field's value.
+func (s *LifecycleRuleFilter) SetObjectSizeGreaterThan(v int64) *LifecycleRuleFilter {
+	s.ObjectSizeGreaterThan = &v
+	return s
+}
+
+// SetObjectSizeLessThan sets the ObjectSizeLessThan field's value.
+func (s *LifecycleRuleFilter) SetObjectSizeLessThan(v int64) *LifecycleRuleFilter {
+	s.ObjectSizeLessThan = &v
+	return s
+}
+
+// SetPrefix sets the Prefix field's value.
+func (s *LifecycleRuleFilter) SetPrefix(v string) *LifecycleRuleFilter {
+	s.Prefix = &v
+	return s
+}
+
+// SetTag sets the Tag field's value.
+func (s *LifecycleRuleFilter) SetTag(v *Tag) *LifecycleRuleFilter {
+	s.Tag = v
+	return s
+}
+
+type ListBucketAnalyticsConfigurationsInput struct {
+	_ struct{} `locationName:"ListBucketAnalyticsConfigurationsRequest" type:"structure"`
+
+	// The name of the bucket from which analytics configurations are retrieved.
+	//
+	// Bucket is a required field
+	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
+
+	// The ContinuationToken that represents a placeholder from where this request
+	// should begin.
+	ContinuationToken *string `location:"querystring" locationName:"continuation-token" type:"string"`
+
+	// The account ID of the expected bucket owner. If the bucket is owned by a
+	// different account, the request fails with the HTTP status code 403 Forbidden
+	// (access denied).
+	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListBucketAnalyticsConfigurationsInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListBucketAnalyticsConfigurationsInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *ListBucketAnalyticsConfigurationsInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "ListBucketAnalyticsConfigurationsInput"}
+	if s.Bucket == nil {
+		invalidParams.Add(request.NewErrParamRequired("Bucket"))
+	}
+	if s.Bucket != nil && len(*s.Bucket) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetBucket sets the Bucket field's value.
+func (s *ListBucketAnalyticsConfigurationsInput) SetBucket(v string) *ListBucketAnalyticsConfigurationsInput {
+	s.Bucket = &v
+	return s
+}
+
+func (s *ListBucketAnalyticsConfigurationsInput) getBucket() (v string) {
+	if s.Bucket == nil {
+		return v
+	}
+	return *s.Bucket
+}
+
+// SetContinuationToken sets the ContinuationToken field's value.
+func (s *ListBucketAnalyticsConfigurationsInput) SetContinuationToken(v string) *ListBucketAnalyticsConfigurationsInput {
+	s.ContinuationToken = &v
+	return s
+}
+
+// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
+func (s *ListBucketAnalyticsConfigurationsInput) SetExpectedBucketOwner(v string) *ListBucketAnalyticsConfigurationsInput {
+	s.ExpectedBucketOwner = &v
+	return s
+}
+
+func (s *ListBucketAnalyticsConfigurationsInput) getEndpointARN() (arn.Resource, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	return parseEndpointARN(*s.Bucket)
+}
+
+func (s *ListBucketAnalyticsConfigurationsInput) hasEndpointARN() bool {
+	if s.Bucket == nil {
+		return false
+	}
+	return arn.IsARN(*s.Bucket)
+}
+
+// updateArnableField updates the value of the input field that
+// takes an ARN as an input. This method is useful to backfill
+// the parsed resource name from ARN into the input member.
+// It returns a pointer to a modified copy of input and an error.
+// Note that original input is not modified.
+func (s ListBucketAnalyticsConfigurationsInput) updateArnableField(v string) (interface{}, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	s.Bucket = aws.String(v)
+	return &s, nil
+}
+
+type ListBucketAnalyticsConfigurationsOutput struct {
+	_ struct{} `type:"structure"`
+
+	// The list of analytics configurations for a bucket.
+	AnalyticsConfigurationList []*AnalyticsConfiguration `locationName:"AnalyticsConfiguration" type:"list" flattened:"true"`
+
+	// The marker that is used as a starting point for this analytics configuration
+	// list response. This value is present if it was sent in the request.
+	ContinuationToken *string `type:"string"`
+
+	// Indicates whether the returned list of analytics configurations is complete.
+	// A value of true indicates that the list is not complete and the NextContinuationToken
+	// will be provided for a subsequent request.
+	IsTruncated *bool `type:"boolean"`
+
+	// NextContinuationToken is sent when isTruncated is true, which indicates that
+	// there are more analytics configurations to list. The next request must include
+	// this NextContinuationToken. The token is obfuscated and is not a usable value.
+	NextContinuationToken *string `type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListBucketAnalyticsConfigurationsOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListBucketAnalyticsConfigurationsOutput) GoString() string {
+	return s.String()
+}
+
+// SetAnalyticsConfigurationList sets the AnalyticsConfigurationList field's value.
+func (s *ListBucketAnalyticsConfigurationsOutput) SetAnalyticsConfigurationList(v []*AnalyticsConfiguration) *ListBucketAnalyticsConfigurationsOutput {
+	s.AnalyticsConfigurationList = v
+	return s
+}
+
+// SetContinuationToken sets the ContinuationToken field's value.
+func (s *ListBucketAnalyticsConfigurationsOutput) SetContinuationToken(v string) *ListBucketAnalyticsConfigurationsOutput {
+	s.ContinuationToken = &v
+	return s
+}
+
+// SetIsTruncated sets the IsTruncated field's value.
+func (s *ListBucketAnalyticsConfigurationsOutput) SetIsTruncated(v bool) *ListBucketAnalyticsConfigurationsOutput {
+	s.IsTruncated = &v
+	return s
+}
+
+// SetNextContinuationToken sets the NextContinuationToken field's value.
+func (s *ListBucketAnalyticsConfigurationsOutput) SetNextContinuationToken(v string) *ListBucketAnalyticsConfigurationsOutput {
+	s.NextContinuationToken = &v
+	return s
+}
+
+type ListBucketIntelligentTieringConfigurationsInput struct {
+	_ struct{} `locationName:"ListBucketIntelligentTieringConfigurationsRequest" type:"structure"`
+
+	// The name of the Amazon S3 bucket whose configuration you want to modify or
+	// retrieve.
+	//
+	// Bucket is a required field
+	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
+
+	// The ContinuationToken that represents a placeholder from where this request
+	// should begin.
+	ContinuationToken *string `location:"querystring" locationName:"continuation-token" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListBucketIntelligentTieringConfigurationsInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListBucketIntelligentTieringConfigurationsInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *ListBucketIntelligentTieringConfigurationsInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "ListBucketIntelligentTieringConfigurationsInput"}
+	if s.Bucket == nil {
+		invalidParams.Add(request.NewErrParamRequired("Bucket"))
+	}
+	if s.Bucket != nil && len(*s.Bucket) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetBucket sets the Bucket field's value.
+func (s *ListBucketIntelligentTieringConfigurationsInput) SetBucket(v string) *ListBucketIntelligentTieringConfigurationsInput {
+	s.Bucket = &v
+	return s
+}
+
+func (s *ListBucketIntelligentTieringConfigurationsInput) getBucket() (v string) {
+	if s.Bucket == nil {
+		return v
+	}
+	return *s.Bucket
+}
+
+// SetContinuationToken sets the ContinuationToken field's value.
+func (s *ListBucketIntelligentTieringConfigurationsInput) SetContinuationToken(v string) *ListBucketIntelligentTieringConfigurationsInput {
+	s.ContinuationToken = &v
+	return s
+}
+
+func (s *ListBucketIntelligentTieringConfigurationsInput) getEndpointARN() (arn.Resource, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	return parseEndpointARN(*s.Bucket)
+}
+
+func (s *ListBucketIntelligentTieringConfigurationsInput) hasEndpointARN() bool {
+	if s.Bucket == nil {
+		return false
+	}
+	return arn.IsARN(*s.Bucket)
+}
+
+// updateArnableField updates the value of the input field that
+// takes an ARN as an input. This method is useful to backfill
+// the parsed resource name from ARN into the input member.
+// It returns a pointer to a modified copy of input and an error.
+// Note that original input is not modified.
+func (s ListBucketIntelligentTieringConfigurationsInput) updateArnableField(v string) (interface{}, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	s.Bucket = aws.String(v)
+	return &s, nil
+}
+
+type ListBucketIntelligentTieringConfigurationsOutput struct {
+	_ struct{} `type:"structure"`
+
+	// The ContinuationToken that represents a placeholder from where this request
+	// should begin.
+	ContinuationToken *string `type:"string"`
+
+	// The list of S3 Intelligent-Tiering configurations for a bucket.
+	IntelligentTieringConfigurationList []*IntelligentTieringConfiguration `locationName:"IntelligentTieringConfiguration" type:"list" flattened:"true"`
+
+	// Indicates whether the returned list of analytics configurations is complete.
+	// A value of true indicates that the list is not complete and the NextContinuationToken
+	// will be provided for a subsequent request.
+	IsTruncated *bool `type:"boolean"`
+
+	// The marker used to continue this inventory configuration listing. Use the
+	// NextContinuationToken from this response to continue the listing in a subsequent
+	// request. The continuation token is an opaque value that Amazon S3 understands.
+	NextContinuationToken *string `type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListBucketIntelligentTieringConfigurationsOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListBucketIntelligentTieringConfigurationsOutput) GoString() string {
+	return s.String()
+}
+
+// SetContinuationToken sets the ContinuationToken field's value.
+func (s *ListBucketIntelligentTieringConfigurationsOutput) SetContinuationToken(v string) *ListBucketIntelligentTieringConfigurationsOutput {
+	s.ContinuationToken = &v
+	return s
+}
+
+// SetIntelligentTieringConfigurationList sets the IntelligentTieringConfigurationList field's value.
+func (s *ListBucketIntelligentTieringConfigurationsOutput) SetIntelligentTieringConfigurationList(v []*IntelligentTieringConfiguration) *ListBucketIntelligentTieringConfigurationsOutput {
+	s.IntelligentTieringConfigurationList = v
+	return s
+}
+
+// SetIsTruncated sets the IsTruncated field's value.
+func (s *ListBucketIntelligentTieringConfigurationsOutput) SetIsTruncated(v bool) *ListBucketIntelligentTieringConfigurationsOutput {
+	s.IsTruncated = &v
+	return s
+}
+
+// SetNextContinuationToken sets the NextContinuationToken field's value.
+func (s *ListBucketIntelligentTieringConfigurationsOutput) SetNextContinuationToken(v string) *ListBucketIntelligentTieringConfigurationsOutput {
+	s.NextContinuationToken = &v
+	return s
+}
+
+type ListBucketInventoryConfigurationsInput struct {
+	_ struct{} `locationName:"ListBucketInventoryConfigurationsRequest" type:"structure"`
+
+	// The name of the bucket containing the inventory configurations to retrieve.
+	//
+	// Bucket is a required field
+	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
+
+	// The marker used to continue an inventory configuration listing that has been
+	// truncated. Use the NextContinuationToken from a previously truncated list
+	// response to continue the listing. The continuation token is an opaque value
+	// that Amazon S3 understands.
+	ContinuationToken *string `location:"querystring" locationName:"continuation-token" type:"string"`
+
+	// The account ID of the expected bucket owner. If the bucket is owned by a
+	// different account, the request fails with the HTTP status code 403 Forbidden
+	// (access denied).
+	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListBucketInventoryConfigurationsInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListBucketInventoryConfigurationsInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *ListBucketInventoryConfigurationsInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "ListBucketInventoryConfigurationsInput"}
+	if s.Bucket == nil {
+		invalidParams.Add(request.NewErrParamRequired("Bucket"))
+	}
+	if s.Bucket != nil && len(*s.Bucket) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetBucket sets the Bucket field's value.
+func (s *ListBucketInventoryConfigurationsInput) SetBucket(v string) *ListBucketInventoryConfigurationsInput {
+	s.Bucket = &v
+	return s
+}
+
+func (s *ListBucketInventoryConfigurationsInput) getBucket() (v string) {
+	if s.Bucket == nil {
+		return v
+	}
+	return *s.Bucket
+}
+
+// SetContinuationToken sets the ContinuationToken field's value.
+func (s *ListBucketInventoryConfigurationsInput) SetContinuationToken(v string) *ListBucketInventoryConfigurationsInput {
+	s.ContinuationToken = &v
+	return s
+}
+
+// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
+func (s *ListBucketInventoryConfigurationsInput) SetExpectedBucketOwner(v string) *ListBucketInventoryConfigurationsInput {
+	s.ExpectedBucketOwner = &v
+	return s
+}
+
+func (s *ListBucketInventoryConfigurationsInput) getEndpointARN() (arn.Resource, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	return parseEndpointARN(*s.Bucket)
+}
+
+func (s *ListBucketInventoryConfigurationsInput) hasEndpointARN() bool {
+	if s.Bucket == nil {
+		return false
+	}
+	return arn.IsARN(*s.Bucket)
+}
+
+// updateArnableField updates the value of the input field that
+// takes an ARN as an input. This method is useful to backfill
+// the parsed resource name from ARN into the input member.
+// It returns a pointer to a modified copy of input and an error.
+// Note that original input is not modified.
+func (s ListBucketInventoryConfigurationsInput) updateArnableField(v string) (interface{}, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	s.Bucket = aws.String(v)
+	return &s, nil
+}
+
+type ListBucketInventoryConfigurationsOutput struct {
+	_ struct{} `type:"structure"`
+
+	// If sent in the request, the marker that is used as a starting point for this
+	// inventory configuration list response.
+	ContinuationToken *string `type:"string"`
+
+	// The list of inventory configurations for a bucket.
+	InventoryConfigurationList []*InventoryConfiguration `locationName:"InventoryConfiguration" type:"list" flattened:"true"`
+
+	// Tells whether the returned list of inventory configurations is complete.
+	// A value of true indicates that the list is not complete and the NextContinuationToken
+	// is provided for a subsequent request.
+	IsTruncated *bool `type:"boolean"`
+
+	// The marker used to continue this inventory configuration listing. Use the
+	// NextContinuationToken from this response to continue the listing in a subsequent
+	// request. The continuation token is an opaque value that Amazon S3 understands.
+	NextContinuationToken *string `type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListBucketInventoryConfigurationsOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListBucketInventoryConfigurationsOutput) GoString() string {
+	return s.String()
+}
+
+// SetContinuationToken sets the ContinuationToken field's value.
+func (s *ListBucketInventoryConfigurationsOutput) SetContinuationToken(v string) *ListBucketInventoryConfigurationsOutput {
+	s.ContinuationToken = &v
+	return s
+}
+
+// SetInventoryConfigurationList sets the InventoryConfigurationList field's value.
+func (s *ListBucketInventoryConfigurationsOutput) SetInventoryConfigurationList(v []*InventoryConfiguration) *ListBucketInventoryConfigurationsOutput {
+	s.InventoryConfigurationList = v
+	return s
+}
+
+// SetIsTruncated sets the IsTruncated field's value.
+func (s *ListBucketInventoryConfigurationsOutput) SetIsTruncated(v bool) *ListBucketInventoryConfigurationsOutput {
+	s.IsTruncated = &v
+	return s
+}
+
+// SetNextContinuationToken sets the NextContinuationToken field's value.
+func (s *ListBucketInventoryConfigurationsOutput) SetNextContinuationToken(v string) *ListBucketInventoryConfigurationsOutput {
+	s.NextContinuationToken = &v
+	return s
+}
+
+type ListBucketMetricsConfigurationsInput struct {
+	_ struct{} `locationName:"ListBucketMetricsConfigurationsRequest" type:"structure"`
+
+	// The name of the bucket containing the metrics configurations to retrieve.
+	//
+	// Bucket is a required field
+	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
+
+	// The marker that is used to continue a metrics configuration listing that
+	// has been truncated. Use the NextContinuationToken from a previously truncated
+	// list response to continue the listing. The continuation token is an opaque
+	// value that Amazon S3 understands.
+	ContinuationToken *string `location:"querystring" locationName:"continuation-token" type:"string"`
+
+	// The account ID of the expected bucket owner. If the bucket is owned by a
+	// different account, the request fails with the HTTP status code 403 Forbidden
+	// (access denied).
+	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListBucketMetricsConfigurationsInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListBucketMetricsConfigurationsInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *ListBucketMetricsConfigurationsInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "ListBucketMetricsConfigurationsInput"}
+	if s.Bucket == nil {
+		invalidParams.Add(request.NewErrParamRequired("Bucket"))
+	}
+	if s.Bucket != nil && len(*s.Bucket) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetBucket sets the Bucket field's value.
+func (s *ListBucketMetricsConfigurationsInput) SetBucket(v string) *ListBucketMetricsConfigurationsInput {
+	s.Bucket = &v
+	return s
+}
+
+func (s *ListBucketMetricsConfigurationsInput) getBucket() (v string) {
+	if s.Bucket == nil {
+		return v
+	}
+	return *s.Bucket
+}
+
+// SetContinuationToken sets the ContinuationToken field's value.
+func (s *ListBucketMetricsConfigurationsInput) SetContinuationToken(v string) *ListBucketMetricsConfigurationsInput {
+	s.ContinuationToken = &v
+	return s
+}
+
+// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
+func (s *ListBucketMetricsConfigurationsInput) SetExpectedBucketOwner(v string) *ListBucketMetricsConfigurationsInput {
+	s.ExpectedBucketOwner = &v
+	return s
+}
+
+func (s *ListBucketMetricsConfigurationsInput) getEndpointARN() (arn.Resource, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	return parseEndpointARN(*s.Bucket)
+}
+
+func (s *ListBucketMetricsConfigurationsInput) hasEndpointARN() bool {
+	if s.Bucket == nil {
+		return false
+	}
+	return arn.IsARN(*s.Bucket)
+}
+
+// updateArnableField updates the value of the input field that
+// takes an ARN as an input. This method is useful to backfill
+// the parsed resource name from ARN into the input member.
+// It returns a pointer to a modified copy of input and an error.
+// Note that original input is not modified.
+func (s ListBucketMetricsConfigurationsInput) updateArnableField(v string) (interface{}, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	s.Bucket = aws.String(v)
+	return &s, nil
+}
+
+type ListBucketMetricsConfigurationsOutput struct {
+	_ struct{} `type:"structure"`
+
+	// The marker that is used as a starting point for this metrics configuration
+	// list response. This value is present if it was sent in the request.
+	ContinuationToken *string `type:"string"`
+
+	// Indicates whether the returned list of metrics configurations is complete.
+	// A value of true indicates that the list is not complete and the NextContinuationToken
+	// will be provided for a subsequent request.
+	IsTruncated *bool `type:"boolean"`
+
+	// The list of metrics configurations for a bucket.
+	MetricsConfigurationList []*MetricsConfiguration `locationName:"MetricsConfiguration" type:"list" flattened:"true"`
+
+	// The marker used to continue a metrics configuration listing that has been
+	// truncated. Use the NextContinuationToken from a previously truncated list
+	// response to continue the listing. The continuation token is an opaque value
+	// that Amazon S3 understands.
+	NextContinuationToken *string `type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListBucketMetricsConfigurationsOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListBucketMetricsConfigurationsOutput) GoString() string {
+	return s.String()
+}
+
+// SetContinuationToken sets the ContinuationToken field's value.
+func (s *ListBucketMetricsConfigurationsOutput) SetContinuationToken(v string) *ListBucketMetricsConfigurationsOutput {
+	s.ContinuationToken = &v
+	return s
+}
+
+// SetIsTruncated sets the IsTruncated field's value.
+func (s *ListBucketMetricsConfigurationsOutput) SetIsTruncated(v bool) *ListBucketMetricsConfigurationsOutput {
+	s.IsTruncated = &v
+	return s
+}
+
+// SetMetricsConfigurationList sets the MetricsConfigurationList field's value.
+func (s *ListBucketMetricsConfigurationsOutput) SetMetricsConfigurationList(v []*MetricsConfiguration) *ListBucketMetricsConfigurationsOutput {
+	s.MetricsConfigurationList = v
+	return s
+}
+
+// SetNextContinuationToken sets the NextContinuationToken field's value.
+func (s *ListBucketMetricsConfigurationsOutput) SetNextContinuationToken(v string) *ListBucketMetricsConfigurationsOutput {
+	s.NextContinuationToken = &v
+	return s
+}
+
+type ListBucketsInput struct {
+	_ struct{} `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListBucketsInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListBucketsInput) GoString() string {
+	return s.String()
+}
+
+type ListBucketsOutput struct {
+	_ struct{} `type:"structure"`
+
+	// The list of buckets owned by the requester.
+	Buckets []*Bucket `locationNameList:"Bucket" type:"list"`
+
+	// The owner of the buckets listed.
+	Owner *Owner `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListBucketsOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListBucketsOutput) GoString() string {
+	return s.String()
+}
+
+// SetBuckets sets the Buckets field's value.
+func (s *ListBucketsOutput) SetBuckets(v []*Bucket) *ListBucketsOutput {
+	s.Buckets = v
+	return s
+}
+
+// SetOwner sets the Owner field's value.
+func (s *ListBucketsOutput) SetOwner(v *Owner) *ListBucketsOutput {
+	s.Owner = v
+	return s
+}
+
+type ListMultipartUploadsInput struct {
+	_ struct{} `locationName:"ListMultipartUploadsRequest" type:"structure"`
+
+	// The name of the bucket to which the multipart upload was initiated.
+	//
+	// When using this action with an access point, you must direct requests to
+	// the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com.
+	// When using this action with an access point through the Amazon Web Services
+	// SDKs, you provide the access point ARN in place of the bucket name. For more
+	// information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
+	// in the Amazon S3 User Guide.
+	//
+	// When you use this action with Amazon S3 on Outposts, you must direct requests
+	// to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form
+	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When
+	// you use this action with S3 on Outposts through the Amazon Web Services SDKs,
+	// you provide the Outposts access point ARN in place of the bucket name. For
+	// more information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
+	// in the Amazon S3 User Guide.
+	//
+	// Bucket is a required field
+	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
+
+	// Character you use to group keys.
+	//
+	// All keys that contain the same string between the prefix, if specified, and
+	// the first occurrence of the delimiter after the prefix are grouped under
+	// a single result element, CommonPrefixes. If you don't specify the prefix
+	// parameter, then the substring starts at the beginning of the key. The keys
+	// that are grouped under CommonPrefixes result element are not returned elsewhere
+	// in the response.
+	Delimiter *string `location:"querystring" locationName:"delimiter" type:"string"`
+
+	// Requests Amazon S3 to encode the object keys in the response and specifies
+	// the encoding method to use. An object key may contain any Unicode character;
+	// however, XML 1.0 parser cannot parse some characters, such as characters
+	// with an ASCII value from 0 to 10. For characters that are not supported in
+	// XML 1.0, you can add this parameter to request that Amazon S3 encode the
+	// keys in the response.
+	EncodingType *string `location:"querystring" locationName:"encoding-type" type:"string" enum:"EncodingType"`
+
+	// The account ID of the expected bucket owner. If the bucket is owned by a
+	// different account, the request fails with the HTTP status code 403 Forbidden
+	// (access denied).
+	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
+
+	// Together with upload-id-marker, this parameter specifies the multipart upload
+	// after which listing should begin.
+	//
+	// If upload-id-marker is not specified, only the keys lexicographically greater
+	// than the specified key-marker will be included in the list.
+	//
+	// If upload-id-marker is specified, any multipart uploads for a key equal to
+	// the key-marker might also be included, provided those multipart uploads have
+	// upload IDs lexicographically greater than the specified upload-id-marker.
+	KeyMarker *string `location:"querystring" locationName:"key-marker" type:"string"`
+
+	// Sets the maximum number of multipart uploads, from 1 to 1,000, to return
+	// in the response body. 1,000 is the maximum number of uploads that can be
+	// returned in a response.
+	MaxUploads *int64 `location:"querystring" locationName:"max-uploads" type:"integer"`
+
+	// Lists in-progress uploads only for those keys that begin with the specified
+	// prefix. You can use prefixes to separate a bucket into different grouping
+	// of keys. (You can think of using prefix to make groups in the same way you'd
+	// use a folder in a file system.)
+	Prefix *string `location:"querystring" locationName:"prefix" type:"string"`
+
+	// Confirms that the requester knows that they will be charged for the request.
+	// Bucket owners need not specify this parameter in their requests. For information
+	// about downloading objects from Requester Pays buckets, see Downloading Objects
+	// in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
+	// in the Amazon S3 User Guide.
+	RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"`
+
+	// Together with key-marker, specifies the multipart upload after which listing
+	// should begin. If key-marker is not specified, the upload-id-marker parameter
+	// is ignored. Otherwise, any multipart uploads for a key equal to the key-marker
+	// might be included in the list only if they have an upload ID lexicographically
+	// greater than the specified upload-id-marker.
+	UploadIdMarker *string `location:"querystring" locationName:"upload-id-marker" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListMultipartUploadsInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListMultipartUploadsInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *ListMultipartUploadsInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "ListMultipartUploadsInput"}
+	if s.Bucket == nil {
+		invalidParams.Add(request.NewErrParamRequired("Bucket"))
+	}
+	if s.Bucket != nil && len(*s.Bucket) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetBucket sets the Bucket field's value.
+func (s *ListMultipartUploadsInput) SetBucket(v string) *ListMultipartUploadsInput {
+	s.Bucket = &v
+	return s
+}
+
+func (s *ListMultipartUploadsInput) getBucket() (v string) {
+	if s.Bucket == nil {
+		return v
+	}
+	return *s.Bucket
+}
+
+// SetDelimiter sets the Delimiter field's value.
+func (s *ListMultipartUploadsInput) SetDelimiter(v string) *ListMultipartUploadsInput {
+	s.Delimiter = &v
+	return s
+}
+
+// SetEncodingType sets the EncodingType field's value.
+func (s *ListMultipartUploadsInput) SetEncodingType(v string) *ListMultipartUploadsInput {
+	s.EncodingType = &v
+	return s
+}
+
+// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
+func (s *ListMultipartUploadsInput) SetExpectedBucketOwner(v string) *ListMultipartUploadsInput {
+	s.ExpectedBucketOwner = &v
+	return s
+}
+
+// SetKeyMarker sets the KeyMarker field's value.
+func (s *ListMultipartUploadsInput) SetKeyMarker(v string) *ListMultipartUploadsInput {
+	s.KeyMarker = &v
+	return s
+}
+
+// SetMaxUploads sets the MaxUploads field's value.
+func (s *ListMultipartUploadsInput) SetMaxUploads(v int64) *ListMultipartUploadsInput {
+	s.MaxUploads = &v
+	return s
+}
+
+// SetPrefix sets the Prefix field's value.
+func (s *ListMultipartUploadsInput) SetPrefix(v string) *ListMultipartUploadsInput {
+	s.Prefix = &v
+	return s
+}
+
+// SetRequestPayer sets the RequestPayer field's value.
+func (s *ListMultipartUploadsInput) SetRequestPayer(v string) *ListMultipartUploadsInput {
+	s.RequestPayer = &v
+	return s
+}
+
+// SetUploadIdMarker sets the UploadIdMarker field's value.
+func (s *ListMultipartUploadsInput) SetUploadIdMarker(v string) *ListMultipartUploadsInput {
+	s.UploadIdMarker = &v
+	return s
+}
+
+func (s *ListMultipartUploadsInput) getEndpointARN() (arn.Resource, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	return parseEndpointARN(*s.Bucket)
+}
+
+func (s *ListMultipartUploadsInput) hasEndpointARN() bool {
+	if s.Bucket == nil {
+		return false
+	}
+	return arn.IsARN(*s.Bucket)
+}
+
+// updateArnableField updates the value of the input field that
+// takes an ARN as an input. This method is useful to backfill
+// the parsed resource name from ARN into the input member.
+// It returns a pointer to a modified copy of input and an error.
+// Note that original input is not modified.
+func (s ListMultipartUploadsInput) updateArnableField(v string) (interface{}, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	s.Bucket = aws.String(v)
+	return &s, nil
+}
+
+type ListMultipartUploadsOutput struct {
+	_ struct{} `type:"structure"`
+
+	// The name of the bucket to which the multipart upload was initiated. Does
+	// not return the access point ARN or access point alias if used.
+	Bucket *string `type:"string"`
+
+	// If you specify a delimiter in the request, then the result returns each distinct
+	// key prefix containing the delimiter in a CommonPrefixes element. The distinct
+	// key prefixes are returned in the Prefix child element.
+	CommonPrefixes []*CommonPrefix `type:"list" flattened:"true"`
+
+	// Contains the delimiter you specified in the request. If you don't specify
+	// a delimiter in your request, this element is absent from the response.
+	Delimiter *string `type:"string"`
+
+	// Encoding type used by Amazon S3 to encode object keys in the response.
+	//
+	// If you specify encoding-type request parameter, Amazon S3 includes this element
+	// in the response, and returns encoded key name values in the following response
+	// elements:
+	//
+	// Delimiter, KeyMarker, Prefix, NextKeyMarker, Key.
+	EncodingType *string `type:"string" enum:"EncodingType"`
+
+	// Indicates whether the returned list of multipart uploads is truncated. A
+	// value of true indicates that the list was truncated. The list can be truncated
+	// if the number of multipart uploads exceeds the limit allowed or specified
+	// by max uploads.
+	IsTruncated *bool `type:"boolean"`
+
+	// The key at or after which the listing began.
+	KeyMarker *string `type:"string"`
+
+	// Maximum number of multipart uploads that could have been included in the
+	// response.
+	MaxUploads *int64 `type:"integer"`
+
+	// When a list is truncated, this element specifies the value that should be
+	// used for the key-marker request parameter in a subsequent request.
+	NextKeyMarker *string `type:"string"`
+
+	// When a list is truncated, this element specifies the value that should be
+	// used for the upload-id-marker request parameter in a subsequent request.
+	NextUploadIdMarker *string `type:"string"`
+
+	// When a prefix is provided in the request, this field contains the specified
+	// prefix. The result contains only keys starting with the specified prefix.
+	Prefix *string `type:"string"`
+
+	// If present, indicates that the requester was successfully charged for the
+	// request.
+	RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"`
+
+	// Upload ID after which listing began.
+	UploadIdMarker *string `type:"string"`
+
+	// Container for elements related to a particular multipart upload. A response
+	// can contain zero or more Upload elements.
+	Uploads []*MultipartUpload `locationName:"Upload" type:"list" flattened:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListMultipartUploadsOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListMultipartUploadsOutput) GoString() string {
+	return s.String()
+}
+
+// SetBucket sets the Bucket field's value.
+func (s *ListMultipartUploadsOutput) SetBucket(v string) *ListMultipartUploadsOutput {
+	s.Bucket = &v
+	return s
+}
+
+func (s *ListMultipartUploadsOutput) getBucket() (v string) {
+	if s.Bucket == nil {
+		return v
+	}
+	return *s.Bucket
+}
+
+// SetCommonPrefixes sets the CommonPrefixes field's value.
+func (s *ListMultipartUploadsOutput) SetCommonPrefixes(v []*CommonPrefix) *ListMultipartUploadsOutput {
+	s.CommonPrefixes = v
+	return s
+}
+
+// SetDelimiter sets the Delimiter field's value.
+func (s *ListMultipartUploadsOutput) SetDelimiter(v string) *ListMultipartUploadsOutput {
+	s.Delimiter = &v
+	return s
+}
+
+// SetEncodingType sets the EncodingType field's value.
+func (s *ListMultipartUploadsOutput) SetEncodingType(v string) *ListMultipartUploadsOutput {
+	s.EncodingType = &v
+	return s
+}
+
+// SetIsTruncated sets the IsTruncated field's value.
+func (s *ListMultipartUploadsOutput) SetIsTruncated(v bool) *ListMultipartUploadsOutput {
+	s.IsTruncated = &v
+	return s
+}
+
+// SetKeyMarker sets the KeyMarker field's value.
+func (s *ListMultipartUploadsOutput) SetKeyMarker(v string) *ListMultipartUploadsOutput {
+	s.KeyMarker = &v
+	return s
+}
+
+// SetMaxUploads sets the MaxUploads field's value.
+func (s *ListMultipartUploadsOutput) SetMaxUploads(v int64) *ListMultipartUploadsOutput {
+	s.MaxUploads = &v
+	return s
+}
+
+// SetNextKeyMarker sets the NextKeyMarker field's value.
+func (s *ListMultipartUploadsOutput) SetNextKeyMarker(v string) *ListMultipartUploadsOutput {
+	s.NextKeyMarker = &v
+	return s
+}
+
+// SetNextUploadIdMarker sets the NextUploadIdMarker field's value.
+func (s *ListMultipartUploadsOutput) SetNextUploadIdMarker(v string) *ListMultipartUploadsOutput {
+	s.NextUploadIdMarker = &v
+	return s
+}
+
+// SetPrefix sets the Prefix field's value.
+func (s *ListMultipartUploadsOutput) SetPrefix(v string) *ListMultipartUploadsOutput {
+	s.Prefix = &v
+	return s
+}
+
+// SetRequestCharged sets the RequestCharged field's value.
+func (s *ListMultipartUploadsOutput) SetRequestCharged(v string) *ListMultipartUploadsOutput {
+	s.RequestCharged = &v
+	return s
+}
+
+// SetUploadIdMarker sets the UploadIdMarker field's value.
+func (s *ListMultipartUploadsOutput) SetUploadIdMarker(v string) *ListMultipartUploadsOutput {
+	s.UploadIdMarker = &v
+	return s
+}
+
+// SetUploads sets the Uploads field's value.
+func (s *ListMultipartUploadsOutput) SetUploads(v []*MultipartUpload) *ListMultipartUploadsOutput {
+	s.Uploads = v
+	return s
+}
+
+type ListObjectVersionsInput struct {
+	_ struct{} `locationName:"ListObjectVersionsRequest" type:"structure"`
+
+	// The bucket name that contains the objects.
+	//
+	// Bucket is a required field
+	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
+
+	// A delimiter is a character that you specify to group keys. All keys that
+	// contain the same string between the prefix and the first occurrence of the
+	// delimiter are grouped under a single result element in CommonPrefixes. These
+	// groups are counted as one result against the max-keys limitation. These keys
+	// are not returned elsewhere in the response.
+	Delimiter *string `location:"querystring" locationName:"delimiter" type:"string"`
+
+	// Requests Amazon S3 to encode the object keys in the response and specifies
+	// the encoding method to use. An object key may contain any Unicode character;
+	// however, XML 1.0 parser cannot parse some characters, such as characters
+	// with an ASCII value from 0 to 10. For characters that are not supported in
+	// XML 1.0, you can add this parameter to request that Amazon S3 encode the
+	// keys in the response.
+	EncodingType *string `location:"querystring" locationName:"encoding-type" type:"string" enum:"EncodingType"`
+
+	// The account ID of the expected bucket owner. If the bucket is owned by a
+	// different account, the request fails with the HTTP status code 403 Forbidden
+	// (access denied).
+	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
+
+	// Specifies the key to start with when listing objects in a bucket.
+	KeyMarker *string `location:"querystring" locationName:"key-marker" type:"string"`
+
+	// Sets the maximum number of keys returned in the response. By default the
+	// action returns up to 1,000 key names. The response might contain fewer keys
+	// but will never contain more. If additional keys satisfy the search criteria,
+	// but were not returned because max-keys was exceeded, the response contains
+	// <isTruncated>true</isTruncated>. To return the additional keys, see key-marker
+	// and version-id-marker.
+	MaxKeys *int64 `location:"querystring" locationName:"max-keys" type:"integer"`
+
+	// Use this parameter to select only those keys that begin with the specified
+	// prefix. You can use prefixes to separate a bucket into different groupings
+	// of keys. (You can think of using prefix to make groups in the same way you'd
+	// use a folder in a file system.) You can use prefix with delimiter to roll
+	// up numerous objects into a single result under CommonPrefixes.
+	Prefix *string `location:"querystring" locationName:"prefix" type:"string"`
+
+	// Confirms that the requester knows that they will be charged for the request.
+	// Bucket owners need not specify this parameter in their requests. For information
+	// about downloading objects from Requester Pays buckets, see Downloading Objects
+	// in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
+	// in the Amazon S3 User Guide.
+	RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"`
+
+	// Specifies the object version you want to start listing from.
+	VersionIdMarker *string `location:"querystring" locationName:"version-id-marker" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListObjectVersionsInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListObjectVersionsInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *ListObjectVersionsInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "ListObjectVersionsInput"}
+	if s.Bucket == nil {
+		invalidParams.Add(request.NewErrParamRequired("Bucket"))
+	}
+	if s.Bucket != nil && len(*s.Bucket) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetBucket sets the Bucket field's value.
+func (s *ListObjectVersionsInput) SetBucket(v string) *ListObjectVersionsInput {
+	s.Bucket = &v
+	return s
+}
+
+func (s *ListObjectVersionsInput) getBucket() (v string) {
+	if s.Bucket == nil {
+		return v
+	}
+	return *s.Bucket
+}
+
+// SetDelimiter sets the Delimiter field's value.
+func (s *ListObjectVersionsInput) SetDelimiter(v string) *ListObjectVersionsInput {
+	s.Delimiter = &v
+	return s
+}
+
+// SetEncodingType sets the EncodingType field's value.
+func (s *ListObjectVersionsInput) SetEncodingType(v string) *ListObjectVersionsInput {
+	s.EncodingType = &v
+	return s
+}
+
+// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
+func (s *ListObjectVersionsInput) SetExpectedBucketOwner(v string) *ListObjectVersionsInput {
+	s.ExpectedBucketOwner = &v
+	return s
+}
+
+// SetKeyMarker sets the KeyMarker field's value.
+func (s *ListObjectVersionsInput) SetKeyMarker(v string) *ListObjectVersionsInput {
+	s.KeyMarker = &v
+	return s
+}
+
+// SetMaxKeys sets the MaxKeys field's value.
+func (s *ListObjectVersionsInput) SetMaxKeys(v int64) *ListObjectVersionsInput {
+	s.MaxKeys = &v
+	return s
+}
+
+// SetPrefix sets the Prefix field's value.
+func (s *ListObjectVersionsInput) SetPrefix(v string) *ListObjectVersionsInput {
+	s.Prefix = &v
+	return s
+}
+
+// SetRequestPayer sets the RequestPayer field's value.
+func (s *ListObjectVersionsInput) SetRequestPayer(v string) *ListObjectVersionsInput {
+	s.RequestPayer = &v
+	return s
+}
+
+// SetVersionIdMarker sets the VersionIdMarker field's value.
+func (s *ListObjectVersionsInput) SetVersionIdMarker(v string) *ListObjectVersionsInput {
+	s.VersionIdMarker = &v
+	return s
+}
+
+func (s *ListObjectVersionsInput) getEndpointARN() (arn.Resource, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	return parseEndpointARN(*s.Bucket)
+}
+
+func (s *ListObjectVersionsInput) hasEndpointARN() bool {
+	if s.Bucket == nil {
+		return false
+	}
+	return arn.IsARN(*s.Bucket)
+}
+
+// updateArnableField updates the value of the input field that
+// takes an ARN as an input. This method is useful to backfill
+// the parsed resource name from ARN into the input member.
+// It returns a pointer to a modified copy of input and an error.
+// Note that original input is not modified.
+func (s ListObjectVersionsInput) updateArnableField(v string) (interface{}, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	s.Bucket = aws.String(v)
+	return &s, nil
+}
+
+type ListObjectVersionsOutput struct {
+	_ struct{} `type:"structure"`
+
+	// All of the keys rolled up into a common prefix count as a single return when
+	// calculating the number of returns.
+	CommonPrefixes []*CommonPrefix `type:"list" flattened:"true"`
+
+	// Container for an object that is a delete marker.
+	DeleteMarkers []*DeleteMarkerEntry `locationName:"DeleteMarker" type:"list" flattened:"true"`
+
+	// The delimiter grouping the included keys. A delimiter is a character that
+	// you specify to group keys. All keys that contain the same string between
+	// the prefix and the first occurrence of the delimiter are grouped under a
+	// single result element in CommonPrefixes. These groups are counted as one
+	// result against the max-keys limitation. These keys are not returned elsewhere
+	// in the response.
+	Delimiter *string `type:"string"`
+
+	// Encoding type used by Amazon S3 to encode object key names in the XML response.
+	//
+	// If you specify encoding-type request parameter, Amazon S3 includes this element
+	// in the response, and returns encoded key name values in the following response
+	// elements:
+	//
+	// KeyMarker, NextKeyMarker, Prefix, Key, and Delimiter.
+	EncodingType *string `type:"string" enum:"EncodingType"`
+
+	// A flag that indicates whether Amazon S3 returned all of the results that
+	// satisfied the search criteria. If your results were truncated, you can make
+	// a follow-up paginated request using the NextKeyMarker and NextVersionIdMarker
+	// response parameters as a starting place in another request to return the
+	// rest of the results.
+	IsTruncated *bool `type:"boolean"`
+
+	// Marks the last key returned in a truncated response.
+	KeyMarker *string `type:"string"`
+
+	// Specifies the maximum number of objects to return.
+	MaxKeys *int64 `type:"integer"`
+
+	// The bucket name.
+	Name *string `type:"string"`
+
+	// When the number of responses exceeds the value of MaxKeys, NextKeyMarker
+	// specifies the first key not returned that satisfies the search criteria.
+	// Use this value for the key-marker request parameter in a subsequent request.
+	NextKeyMarker *string `type:"string"`
+
+	// When the number of responses exceeds the value of MaxKeys, NextVersionIdMarker
+	// specifies the first object version not returned that satisfies the search
+	// criteria. Use this value for the version-id-marker request parameter in a
+	// subsequent request.
+	NextVersionIdMarker *string `type:"string"`
+
+	// Selects objects that start with the value supplied by this parameter.
+	Prefix *string `type:"string"`
+
+	// If present, indicates that the requester was successfully charged for the
+	// request.
+	RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"`
+
+	// Marks the last version of the key returned in a truncated response.
+	VersionIdMarker *string `type:"string"`
+
+	// Container for version information.
+	Versions []*ObjectVersion `locationName:"Version" type:"list" flattened:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListObjectVersionsOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListObjectVersionsOutput) GoString() string {
+	return s.String()
+}
+
+// SetCommonPrefixes sets the CommonPrefixes field's value.
+func (s *ListObjectVersionsOutput) SetCommonPrefixes(v []*CommonPrefix) *ListObjectVersionsOutput {
+	s.CommonPrefixes = v
+	return s
+}
+
+// SetDeleteMarkers sets the DeleteMarkers field's value.
+func (s *ListObjectVersionsOutput) SetDeleteMarkers(v []*DeleteMarkerEntry) *ListObjectVersionsOutput {
+	s.DeleteMarkers = v
+	return s
+}
+
+// SetDelimiter sets the Delimiter field's value.
+func (s *ListObjectVersionsOutput) SetDelimiter(v string) *ListObjectVersionsOutput {
+	s.Delimiter = &v
+	return s
+}
+
+// SetEncodingType sets the EncodingType field's value.
+func (s *ListObjectVersionsOutput) SetEncodingType(v string) *ListObjectVersionsOutput {
+	s.EncodingType = &v
+	return s
+}
+
+// SetIsTruncated sets the IsTruncated field's value.
+func (s *ListObjectVersionsOutput) SetIsTruncated(v bool) *ListObjectVersionsOutput {
+	s.IsTruncated = &v
+	return s
+}
+
+// SetKeyMarker sets the KeyMarker field's value.
+func (s *ListObjectVersionsOutput) SetKeyMarker(v string) *ListObjectVersionsOutput {
+	s.KeyMarker = &v
+	return s
+}
+
+// SetMaxKeys sets the MaxKeys field's value.
+func (s *ListObjectVersionsOutput) SetMaxKeys(v int64) *ListObjectVersionsOutput {
+	s.MaxKeys = &v
+	return s
+}
+
+// SetName sets the Name field's value.
+func (s *ListObjectVersionsOutput) SetName(v string) *ListObjectVersionsOutput {
+	s.Name = &v
+	return s
+}
+
+// SetNextKeyMarker sets the NextKeyMarker field's value.
+func (s *ListObjectVersionsOutput) SetNextKeyMarker(v string) *ListObjectVersionsOutput {
+	s.NextKeyMarker = &v
+	return s
+}
+
+// SetNextVersionIdMarker sets the NextVersionIdMarker field's value.
+func (s *ListObjectVersionsOutput) SetNextVersionIdMarker(v string) *ListObjectVersionsOutput {
+	s.NextVersionIdMarker = &v
+	return s
+}
+
+// SetPrefix sets the Prefix field's value.
+func (s *ListObjectVersionsOutput) SetPrefix(v string) *ListObjectVersionsOutput {
+	s.Prefix = &v
+	return s
+}
+
+// SetRequestCharged sets the RequestCharged field's value.
+func (s *ListObjectVersionsOutput) SetRequestCharged(v string) *ListObjectVersionsOutput {
+	s.RequestCharged = &v
+	return s
+}
+
+// SetVersionIdMarker sets the VersionIdMarker field's value.
+func (s *ListObjectVersionsOutput) SetVersionIdMarker(v string) *ListObjectVersionsOutput {
+	s.VersionIdMarker = &v
+	return s
+}
+
+// SetVersions sets the Versions field's value.
+func (s *ListObjectVersionsOutput) SetVersions(v []*ObjectVersion) *ListObjectVersionsOutput {
+	s.Versions = v
+	return s
+}
+
+type ListObjectsInput struct {
+	_ struct{} `locationName:"ListObjectsRequest" type:"structure"`
+
+	// The name of the bucket containing the objects.
+	//
+	// When using this action with an access point, you must direct requests to
+	// the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com.
+	// When using this action with an access point through the Amazon Web Services
+	// SDKs, you provide the access point ARN in place of the bucket name. For more
+	// information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
+	// in the Amazon S3 User Guide.
+	//
+	// When you use this action with Amazon S3 on Outposts, you must direct requests
+	// to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form
+	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When
+	// you use this action with S3 on Outposts through the Amazon Web Services SDKs,
+	// you provide the Outposts access point ARN in place of the bucket name. For
+	// more information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
+	// in the Amazon S3 User Guide.
+	//
+	// Bucket is a required field
+	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
+
+	// A delimiter is a character you use to group keys.
+	Delimiter *string `location:"querystring" locationName:"delimiter" type:"string"`
+
+	// Requests Amazon S3 to encode the object keys in the response and specifies
+	// the encoding method to use. An object key may contain any Unicode character;
+	// however, XML 1.0 parser cannot parse some characters, such as characters
+	// with an ASCII value from 0 to 10. For characters that are not supported in
+	// XML 1.0, you can add this parameter to request that Amazon S3 encode the
+	// keys in the response.
+	EncodingType *string `location:"querystring" locationName:"encoding-type" type:"string" enum:"EncodingType"`
+
+	// The account ID of the expected bucket owner. If the bucket is owned by a
+	// different account, the request fails with the HTTP status code 403 Forbidden
+	// (access denied).
+	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
+
+	// Marker is where you want Amazon S3 to start listing from. Amazon S3 starts
+	// listing after this specified key. Marker can be any key in the bucket.
+	Marker *string `location:"querystring" locationName:"marker" type:"string"`
+
+	// Sets the maximum number of keys returned in the response. By default the
+	// action returns up to 1,000 key names. The response might contain fewer keys
+	// but will never contain more.
+	MaxKeys *int64 `location:"querystring" locationName:"max-keys" type:"integer"`
+
+	// Limits the response to keys that begin with the specified prefix.
+	Prefix *string `location:"querystring" locationName:"prefix" type:"string"`
+
+	// Confirms that the requester knows that she or he will be charged for the
+	// list objects request. Bucket owners need not specify this parameter in their
+	// requests.
+	RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListObjectsInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListObjectsInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *ListObjectsInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "ListObjectsInput"}
+	if s.Bucket == nil {
+		invalidParams.Add(request.NewErrParamRequired("Bucket"))
+	}
+	if s.Bucket != nil && len(*s.Bucket) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetBucket sets the Bucket field's value.
+func (s *ListObjectsInput) SetBucket(v string) *ListObjectsInput {
+	s.Bucket = &v
+	return s
+}
+
+func (s *ListObjectsInput) getBucket() (v string) {
+	if s.Bucket == nil {
+		return v
+	}
+	return *s.Bucket
+}
+
+// SetDelimiter sets the Delimiter field's value.
+func (s *ListObjectsInput) SetDelimiter(v string) *ListObjectsInput {
+	s.Delimiter = &v
+	return s
+}
+
+// SetEncodingType sets the EncodingType field's value.
+func (s *ListObjectsInput) SetEncodingType(v string) *ListObjectsInput {
+	s.EncodingType = &v
+	return s
+}
+
+// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
+func (s *ListObjectsInput) SetExpectedBucketOwner(v string) *ListObjectsInput {
+	s.ExpectedBucketOwner = &v
+	return s
+}
+
+// SetMarker sets the Marker field's value.
+func (s *ListObjectsInput) SetMarker(v string) *ListObjectsInput {
+	s.Marker = &v
+	return s
+}
+
+// SetMaxKeys sets the MaxKeys field's value.
+func (s *ListObjectsInput) SetMaxKeys(v int64) *ListObjectsInput {
+	s.MaxKeys = &v
+	return s
+}
+
+// SetPrefix sets the Prefix field's value.
+func (s *ListObjectsInput) SetPrefix(v string) *ListObjectsInput {
+	s.Prefix = &v
+	return s
+}
+
+// SetRequestPayer sets the RequestPayer field's value.
+func (s *ListObjectsInput) SetRequestPayer(v string) *ListObjectsInput {
+	s.RequestPayer = &v
+	return s
+}
+
+func (s *ListObjectsInput) getEndpointARN() (arn.Resource, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	return parseEndpointARN(*s.Bucket)
+}
+
+func (s *ListObjectsInput) hasEndpointARN() bool {
+	if s.Bucket == nil {
+		return false
+	}
+	return arn.IsARN(*s.Bucket)
+}
+
+// updateArnableField updates the value of the input field that
+// takes an ARN as an input. This method is useful to backfill
+// the parsed resource name from ARN into the input member.
+// It returns a pointer to a modified copy of input and an error.
+// Note that original input is not modified.
+func (s ListObjectsInput) updateArnableField(v string) (interface{}, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	s.Bucket = aws.String(v)
+	return &s, nil
+}
+
+type ListObjectsOutput struct {
+	_ struct{} `type:"structure"`
+
+	// All of the keys (up to 1,000) rolled up in a common prefix count as a single
+	// return when calculating the number of returns.
+	//
+	// A response can contain CommonPrefixes only if you specify a delimiter.
+	//
+	// CommonPrefixes contains all (if there are any) keys between Prefix and the
+	// next occurrence of the string specified by the delimiter.
+	//
+	// CommonPrefixes lists keys that act like subdirectories in the directory specified
+	// by Prefix.
+	//
+	// For example, if the prefix is notes/ and the delimiter is a slash (/) as
+	// in notes/summer/july, the common prefix is notes/summer/. All of the keys
+	// that roll up into a common prefix count as a single return when calculating
+	// the number of returns.
+	CommonPrefixes []*CommonPrefix `type:"list" flattened:"true"`
+
+	// Metadata about each object returned.
+	Contents []*Object `type:"list" flattened:"true"`
+
+	// Causes keys that contain the same string between the prefix and the first
+	// occurrence of the delimiter to be rolled up into a single result element
+	// in the CommonPrefixes collection. These rolled-up keys are not returned elsewhere
+	// in the response. Each rolled-up result counts as only one return against
+	// the MaxKeys value.
+	Delimiter *string `type:"string"`
+
+	// Encoding type used by Amazon S3 to encode object keys in the response.
+	EncodingType *string `type:"string" enum:"EncodingType"`
+
+	// A flag that indicates whether Amazon S3 returned all of the results that
+	// satisfied the search criteria.
+	IsTruncated *bool `type:"boolean"`
+
+	// Indicates where in the bucket listing begins. Marker is included in the response
+	// if it was sent with the request.
+	Marker *string `type:"string"`
+
+	// The maximum number of keys returned in the response body.
+	MaxKeys *int64 `type:"integer"`
+
+	// The bucket name.
+	Name *string `type:"string"`
+
+	// When response is truncated (the IsTruncated element value in the response
+	// is true), you can use the key name in this field as marker in the subsequent
+	// request to get next set of objects. Amazon S3 lists objects in alphabetical
+	// order Note: This element is returned only if you have delimiter request parameter
+	// specified. If response does not include the NextMarker and it is truncated,
+	// you can use the value of the last Key in the response as the marker in the
+	// subsequent request to get the next set of object keys.
+	NextMarker *string `type:"string"`
+
+	// Keys that begin with the indicated prefix.
+	Prefix *string `type:"string"`
+
+	// If present, indicates that the requester was successfully charged for the
+	// request.
+	RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListObjectsOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListObjectsOutput) GoString() string {
+	return s.String()
+}
+
+// SetCommonPrefixes sets the CommonPrefixes field's value.
+func (s *ListObjectsOutput) SetCommonPrefixes(v []*CommonPrefix) *ListObjectsOutput {
+	s.CommonPrefixes = v
+	return s
+}
+
+// SetContents sets the Contents field's value.
+func (s *ListObjectsOutput) SetContents(v []*Object) *ListObjectsOutput {
+	s.Contents = v
+	return s
+}
+
+// SetDelimiter sets the Delimiter field's value.
+func (s *ListObjectsOutput) SetDelimiter(v string) *ListObjectsOutput {
+	s.Delimiter = &v
+	return s
+}
+
+// SetEncodingType sets the EncodingType field's value.
+func (s *ListObjectsOutput) SetEncodingType(v string) *ListObjectsOutput {
+	s.EncodingType = &v
+	return s
+}
+
+// SetIsTruncated sets the IsTruncated field's value.
+func (s *ListObjectsOutput) SetIsTruncated(v bool) *ListObjectsOutput {
+	s.IsTruncated = &v
+	return s
+}
+
+// SetMarker sets the Marker field's value.
+func (s *ListObjectsOutput) SetMarker(v string) *ListObjectsOutput {
+	s.Marker = &v
+	return s
+}
+
+// SetMaxKeys sets the MaxKeys field's value.
+func (s *ListObjectsOutput) SetMaxKeys(v int64) *ListObjectsOutput {
+	s.MaxKeys = &v
+	return s
+}
+
+// SetName sets the Name field's value.
+func (s *ListObjectsOutput) SetName(v string) *ListObjectsOutput {
+	s.Name = &v
+	return s
+}
+
+// SetNextMarker sets the NextMarker field's value.
+func (s *ListObjectsOutput) SetNextMarker(v string) *ListObjectsOutput {
+	s.NextMarker = &v
+	return s
+}
+
+// SetPrefix sets the Prefix field's value.
+func (s *ListObjectsOutput) SetPrefix(v string) *ListObjectsOutput {
+	s.Prefix = &v
+	return s
+}
+
+// SetRequestCharged sets the RequestCharged field's value.
+func (s *ListObjectsOutput) SetRequestCharged(v string) *ListObjectsOutput {
+	s.RequestCharged = &v
+	return s
+}
+
+type ListObjectsV2Input struct {
+	_ struct{} `locationName:"ListObjectsV2Request" type:"structure"`
+
+	// Bucket name to list.
+	//
+	// When using this action with an access point, you must direct requests to
+	// the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com.
+	// When using this action with an access point through the Amazon Web Services
+	// SDKs, you provide the access point ARN in place of the bucket name. For more
+	// information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
+	// in the Amazon S3 User Guide.
+	//
+	// When you use this action with Amazon S3 on Outposts, you must direct requests
+	// to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form
+	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When
+	// you use this action with S3 on Outposts through the Amazon Web Services SDKs,
+	// you provide the Outposts access point ARN in place of the bucket name. For
+	// more information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
+	// in the Amazon S3 User Guide.
+	//
+	// Bucket is a required field
+	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
+
+	// ContinuationToken indicates Amazon S3 that the list is being continued on
+	// this bucket with a token. ContinuationToken is obfuscated and is not a real
+	// key.
+	ContinuationToken *string `location:"querystring" locationName:"continuation-token" type:"string"`
+
+	// A delimiter is a character you use to group keys.
+	Delimiter *string `location:"querystring" locationName:"delimiter" type:"string"`
+
+	// Encoding type used by Amazon S3 to encode object keys in the response.
+	EncodingType *string `location:"querystring" locationName:"encoding-type" type:"string" enum:"EncodingType"`
+
+	// The account ID of the expected bucket owner. If the bucket is owned by a
+	// different account, the request fails with the HTTP status code 403 Forbidden
+	// (access denied).
+	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
+
+	// The owner field is not present in listV2 by default, if you want to return
+	// owner field with each key in the result then set the fetch owner field to
+	// true.
+	FetchOwner *bool `location:"querystring" locationName:"fetch-owner" type:"boolean"`
+
+	// Sets the maximum number of keys returned in the response. By default the
+	// action returns up to 1,000 key names. The response might contain fewer keys
+	// but will never contain more.
+	MaxKeys *int64 `location:"querystring" locationName:"max-keys" type:"integer"`
+
+	// Limits the response to keys that begin with the specified prefix.
+	Prefix *string `location:"querystring" locationName:"prefix" type:"string"`
+
+	// Confirms that the requester knows that she or he will be charged for the
+	// list objects request in V2 style. Bucket owners need not specify this parameter
+	// in their requests.
+	RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"`
+
+	// StartAfter is where you want Amazon S3 to start listing from. Amazon S3 starts
+	// listing after this specified key. StartAfter can be any key in the bucket.
+	StartAfter *string `location:"querystring" locationName:"start-after" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListObjectsV2Input) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListObjectsV2Input) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *ListObjectsV2Input) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "ListObjectsV2Input"}
+	if s.Bucket == nil {
+		invalidParams.Add(request.NewErrParamRequired("Bucket"))
+	}
+	if s.Bucket != nil && len(*s.Bucket) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetBucket sets the Bucket field's value.
+func (s *ListObjectsV2Input) SetBucket(v string) *ListObjectsV2Input {
+	s.Bucket = &v
+	return s
+}
+
+func (s *ListObjectsV2Input) getBucket() (v string) {
+	if s.Bucket == nil {
+		return v
+	}
+	return *s.Bucket
+}
+
+// SetContinuationToken sets the ContinuationToken field's value.
+func (s *ListObjectsV2Input) SetContinuationToken(v string) *ListObjectsV2Input {
+	s.ContinuationToken = &v
+	return s
+}
+
+// SetDelimiter sets the Delimiter field's value.
+func (s *ListObjectsV2Input) SetDelimiter(v string) *ListObjectsV2Input {
+	s.Delimiter = &v
+	return s
+}
+
+// SetEncodingType sets the EncodingType field's value.
+func (s *ListObjectsV2Input) SetEncodingType(v string) *ListObjectsV2Input {
+	s.EncodingType = &v
+	return s
+}
+
+// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
+func (s *ListObjectsV2Input) SetExpectedBucketOwner(v string) *ListObjectsV2Input {
+	s.ExpectedBucketOwner = &v
+	return s
+}
+
+// SetFetchOwner sets the FetchOwner field's value.
+func (s *ListObjectsV2Input) SetFetchOwner(v bool) *ListObjectsV2Input {
+	s.FetchOwner = &v
+	return s
+}
+
+// SetMaxKeys sets the MaxKeys field's value.
+func (s *ListObjectsV2Input) SetMaxKeys(v int64) *ListObjectsV2Input {
+	s.MaxKeys = &v
+	return s
+}
+
+// SetPrefix sets the Prefix field's value.
+func (s *ListObjectsV2Input) SetPrefix(v string) *ListObjectsV2Input {
+	s.Prefix = &v
+	return s
+}
+
+// SetRequestPayer sets the RequestPayer field's value.
+func (s *ListObjectsV2Input) SetRequestPayer(v string) *ListObjectsV2Input {
+	s.RequestPayer = &v
+	return s
+}
+
+// SetStartAfter sets the StartAfter field's value.
+func (s *ListObjectsV2Input) SetStartAfter(v string) *ListObjectsV2Input {
+	s.StartAfter = &v
+	return s
+}
+
+func (s *ListObjectsV2Input) getEndpointARN() (arn.Resource, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	return parseEndpointARN(*s.Bucket)
+}
+
+func (s *ListObjectsV2Input) hasEndpointARN() bool {
+	if s.Bucket == nil {
+		return false
+	}
+	return arn.IsARN(*s.Bucket)
+}
+
+// updateArnableField updates the value of the input field that
+// takes an ARN as an input. This method is useful to backfill
+// the parsed resource name from ARN into the input member.
+// It returns a pointer to a modified copy of input and an error.
+// Note that original input is not modified.
+func (s ListObjectsV2Input) updateArnableField(v string) (interface{}, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	s.Bucket = aws.String(v)
+	return &s, nil
+}
+
+type ListObjectsV2Output struct {
+	_ struct{} `type:"structure"`
+
+	// All of the keys (up to 1,000) rolled up into a common prefix count as a single
+	// return when calculating the number of returns.
+	//
+	// A response can contain CommonPrefixes only if you specify a delimiter.
+	//
+	// CommonPrefixes contains all (if there are any) keys between Prefix and the
+	// next occurrence of the string specified by a delimiter.
+	//
+	// CommonPrefixes lists keys that act like subdirectories in the directory specified
+	// by Prefix.
+	//
+	// For example, if the prefix is notes/ and the delimiter is a slash (/) as
+	// in notes/summer/july, the common prefix is notes/summer/. All of the keys
+	// that roll up into a common prefix count as a single return when calculating
+	// the number of returns.
+	CommonPrefixes []*CommonPrefix `type:"list" flattened:"true"`
+
+	// Metadata about each object returned.
+	Contents []*Object `type:"list" flattened:"true"`
+
+	// If ContinuationToken was sent with the request, it is included in the response.
+	ContinuationToken *string `type:"string"`
+
+	// Causes keys that contain the same string between the prefix and the first
+	// occurrence of the delimiter to be rolled up into a single result element
+	// in the CommonPrefixes collection. These rolled-up keys are not returned elsewhere
+	// in the response. Each rolled-up result counts as only one return against
+	// the MaxKeys value.
+	Delimiter *string `type:"string"`
+
+	// Encoding type used by Amazon S3 to encode object key names in the XML response.
+	//
+	// If you specify the encoding-type request parameter, Amazon S3 includes this
+	// element in the response, and returns encoded key name values in the following
+	// response elements:
+	//
+	// Delimiter, Prefix, Key, and StartAfter.
+	EncodingType *string `type:"string" enum:"EncodingType"`
+
+	// Set to false if all of the results were returned. Set to true if more keys
+	// are available to return. If the number of results exceeds that specified
+	// by MaxKeys, all of the results might not be returned.
+	IsTruncated *bool `type:"boolean"`
+
+	// KeyCount is the number of keys returned with this request. KeyCount will
+	// always be less than or equal to the MaxKeys field. Say you ask for 50 keys,
+	// your result will include 50 keys or fewer.
+	KeyCount *int64 `type:"integer"`
+
+	// Sets the maximum number of keys returned in the response. By default the
+	// action returns up to 1,000 key names. The response might contain fewer keys
+	// but will never contain more.
+	MaxKeys *int64 `type:"integer"`
+
+	// The bucket name.
+	//
+	// When using this action with an access point, you must direct requests to
+	// the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com.
+	// When using this action with an access point through the Amazon Web Services
+	// SDKs, you provide the access point ARN in place of the bucket name. For more
+	// information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
+	// in the Amazon S3 User Guide.
+	//
+	// When you use this action with Amazon S3 on Outposts, you must direct requests
+	// to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form
+	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When
+	// you use this action with S3 on Outposts through the Amazon Web Services SDKs,
+	// you provide the Outposts access point ARN in place of the bucket name. For
+	// more information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
+	// in the Amazon S3 User Guide.
+	Name *string `type:"string"`
+
+	// NextContinuationToken is sent when isTruncated is true, which means there
+	// are more keys in the bucket that can be listed. The next list requests to
+	// Amazon S3 can be continued with this NextContinuationToken. NextContinuationToken
+	// is obfuscated and is not a real key
+	NextContinuationToken *string `type:"string"`
+
+	// Keys that begin with the indicated prefix.
+	Prefix *string `type:"string"`
+
+	// If present, indicates that the requester was successfully charged for the
+	// request.
+	RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"`
+
+	// If StartAfter was sent with the request, it is included in the response.
+	StartAfter *string `type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListObjectsV2Output) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListObjectsV2Output) GoString() string {
+	return s.String()
+}
+
+// SetCommonPrefixes sets the CommonPrefixes field's value.
+func (s *ListObjectsV2Output) SetCommonPrefixes(v []*CommonPrefix) *ListObjectsV2Output {
+	s.CommonPrefixes = v
+	return s
+}
+
+// SetContents sets the Contents field's value.
+func (s *ListObjectsV2Output) SetContents(v []*Object) *ListObjectsV2Output {
+	s.Contents = v
+	return s
+}
+
+// SetContinuationToken sets the ContinuationToken field's value.
+func (s *ListObjectsV2Output) SetContinuationToken(v string) *ListObjectsV2Output {
+	s.ContinuationToken = &v
+	return s
+}
+
+// SetDelimiter sets the Delimiter field's value.
+func (s *ListObjectsV2Output) SetDelimiter(v string) *ListObjectsV2Output {
+	s.Delimiter = &v
+	return s
+}
+
+// SetEncodingType sets the EncodingType field's value.
+func (s *ListObjectsV2Output) SetEncodingType(v string) *ListObjectsV2Output {
+	s.EncodingType = &v
+	return s
+}
+
+// SetIsTruncated sets the IsTruncated field's value.
+func (s *ListObjectsV2Output) SetIsTruncated(v bool) *ListObjectsV2Output {
+	s.IsTruncated = &v
+	return s
+}
+
+// SetKeyCount sets the KeyCount field's value.
+func (s *ListObjectsV2Output) SetKeyCount(v int64) *ListObjectsV2Output {
+	s.KeyCount = &v
+	return s
+}
+
+// SetMaxKeys sets the MaxKeys field's value.
+func (s *ListObjectsV2Output) SetMaxKeys(v int64) *ListObjectsV2Output {
+	s.MaxKeys = &v
+	return s
+}
+
+// SetName sets the Name field's value.
+func (s *ListObjectsV2Output) SetName(v string) *ListObjectsV2Output {
+	s.Name = &v
+	return s
+}
+
+// SetNextContinuationToken sets the NextContinuationToken field's value.
+func (s *ListObjectsV2Output) SetNextContinuationToken(v string) *ListObjectsV2Output {
+	s.NextContinuationToken = &v
+	return s
+}
+
+// SetPrefix sets the Prefix field's value.
+func (s *ListObjectsV2Output) SetPrefix(v string) *ListObjectsV2Output {
+	s.Prefix = &v
+	return s
+}
+
+// SetRequestCharged sets the RequestCharged field's value.
+func (s *ListObjectsV2Output) SetRequestCharged(v string) *ListObjectsV2Output {
+	s.RequestCharged = &v
+	return s
+}
+
+// SetStartAfter sets the StartAfter field's value.
+func (s *ListObjectsV2Output) SetStartAfter(v string) *ListObjectsV2Output {
+	s.StartAfter = &v
+	return s
+}
+
+type ListPartsInput struct {
+	_ struct{} `locationName:"ListPartsRequest" type:"structure"`
+
+	// The name of the bucket to which the parts are being uploaded.
+	//
+	// When using this action with an access point, you must direct requests to
+	// the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com.
+	// When using this action with an access point through the Amazon Web Services
+	// SDKs, you provide the access point ARN in place of the bucket name. For more
+	// information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
+	// in the Amazon S3 User Guide.
+	//
+	// When you use this action with Amazon S3 on Outposts, you must direct requests
+	// to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form
+	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When
+	// you use this action with S3 on Outposts through the Amazon Web Services SDKs,
+	// you provide the Outposts access point ARN in place of the bucket name. For
+	// more information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
+	// in the Amazon S3 User Guide.
+	//
+	// Bucket is a required field
+	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
+
+	// The account ID of the expected bucket owner. If the bucket is owned by a
+	// different account, the request fails with the HTTP status code 403 Forbidden
+	// (access denied).
+	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
+
+	// Object key for which the multipart upload was initiated.
+	//
+	// Key is a required field
+	Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"`
+
+	// Sets the maximum number of parts to return.
+	MaxParts *int64 `location:"querystring" locationName:"max-parts" type:"integer"`
+
+	// Specifies the part after which listing should begin. Only parts with higher
+	// part numbers will be listed.
+	PartNumberMarker *int64 `location:"querystring" locationName:"part-number-marker" type:"integer"`
+
+	// Confirms that the requester knows that they will be charged for the request.
+	// Bucket owners need not specify this parameter in their requests. For information
+	// about downloading objects from Requester Pays buckets, see Downloading Objects
+	// in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
+	// in the Amazon S3 User Guide.
+	RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"`
+
+	// The server-side encryption (SSE) algorithm used to encrypt the object. This
+	// parameter is needed only when the object was created using a checksum algorithm.
+	// For more information, see Protecting data using SSE-C keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html)
+	// in the Amazon S3 User Guide.
+	SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"`
+
+	// The server-side encryption (SSE) customer managed key. This parameter is
+	// needed only when the object was created using a checksum algorithm. For more
+	// information, see Protecting data using SSE-C keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html)
+	// in the Amazon S3 User Guide.
+	//
+	// SSECustomerKey is a sensitive parameter and its value will be
+	// replaced with "sensitive" in string returned by ListPartsInput's
+	// String and GoString methods.
+	SSECustomerKey *string `marshal-as:"blob" location:"header" locationName:"x-amz-server-side-encryption-customer-key" type:"string" sensitive:"true"`
+
+	// The MD5 server-side encryption (SSE) customer managed key. This parameter
+	// is needed only when the object was created using a checksum algorithm. For
+	// more information, see Protecting data using SSE-C keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html)
+	// in the Amazon S3 User Guide.
+	SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"`
+
+	// Upload ID identifying the multipart upload whose parts are being listed.
+	//
+	// UploadId is a required field
+	UploadId *string `location:"querystring" locationName:"uploadId" type:"string" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListPartsInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListPartsInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *ListPartsInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "ListPartsInput"}
+	if s.Bucket == nil {
+		invalidParams.Add(request.NewErrParamRequired("Bucket"))
+	}
+	if s.Bucket != nil && len(*s.Bucket) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+	}
+	if s.Key == nil {
+		invalidParams.Add(request.NewErrParamRequired("Key"))
+	}
+	if s.Key != nil && len(*s.Key) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Key", 1))
+	}
+	if s.UploadId == nil {
+		invalidParams.Add(request.NewErrParamRequired("UploadId"))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetBucket sets the Bucket field's value.
+func (s *ListPartsInput) SetBucket(v string) *ListPartsInput {
+	s.Bucket = &v
+	return s
+}
+
+func (s *ListPartsInput) getBucket() (v string) {
+	if s.Bucket == nil {
+		return v
+	}
+	return *s.Bucket
+}
+
+// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
+func (s *ListPartsInput) SetExpectedBucketOwner(v string) *ListPartsInput {
+	s.ExpectedBucketOwner = &v
+	return s
+}
+
+// SetKey sets the Key field's value.
+func (s *ListPartsInput) SetKey(v string) *ListPartsInput {
+	s.Key = &v
+	return s
+}
+
+// SetMaxParts sets the MaxParts field's value.
+func (s *ListPartsInput) SetMaxParts(v int64) *ListPartsInput {
+	s.MaxParts = &v
+	return s
+}
+
+// SetPartNumberMarker sets the PartNumberMarker field's value.
+func (s *ListPartsInput) SetPartNumberMarker(v int64) *ListPartsInput {
+	s.PartNumberMarker = &v
+	return s
+}
+
+// SetRequestPayer sets the RequestPayer field's value.
+func (s *ListPartsInput) SetRequestPayer(v string) *ListPartsInput {
+	s.RequestPayer = &v
+	return s
+}
+
+// SetSSECustomerAlgorithm sets the SSECustomerAlgorithm field's value.
+func (s *ListPartsInput) SetSSECustomerAlgorithm(v string) *ListPartsInput {
+	s.SSECustomerAlgorithm = &v
+	return s
+}
+
+// SetSSECustomerKey sets the SSECustomerKey field's value.
+func (s *ListPartsInput) SetSSECustomerKey(v string) *ListPartsInput {
+	s.SSECustomerKey = &v
+	return s
+}
+
+func (s *ListPartsInput) getSSECustomerKey() (v string) {
+	if s.SSECustomerKey == nil {
+		return v
+	}
+	return *s.SSECustomerKey
+}
+
+// SetSSECustomerKeyMD5 sets the SSECustomerKeyMD5 field's value.
+func (s *ListPartsInput) SetSSECustomerKeyMD5(v string) *ListPartsInput {
+	s.SSECustomerKeyMD5 = &v
+	return s
+}
+
+// SetUploadId sets the UploadId field's value.
+func (s *ListPartsInput) SetUploadId(v string) *ListPartsInput {
+	s.UploadId = &v
+	return s
+}
+
+func (s *ListPartsInput) getEndpointARN() (arn.Resource, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	return parseEndpointARN(*s.Bucket)
+}
+
+func (s *ListPartsInput) hasEndpointARN() bool {
+	if s.Bucket == nil {
+		return false
+	}
+	return arn.IsARN(*s.Bucket)
+}
+
+// updateArnableField updates the value of the input field that
+// takes an ARN as an input. This method is useful to backfill
+// the parsed resource name from ARN into the input member.
+// It returns a pointer to a modified copy of input and an error.
+// Note that original input is not modified.
+func (s ListPartsInput) updateArnableField(v string) (interface{}, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	s.Bucket = aws.String(v)
+	return &s, nil
+}
+
+type ListPartsOutput struct {
+	_ struct{} `type:"structure"`
+
+	// If the bucket has a lifecycle rule configured with an action to abort incomplete
+	// multipart uploads and the prefix in the lifecycle rule matches the object
+	// name in the request, then the response includes this header indicating when
+	// the initiated multipart upload will become eligible for abort operation.
+	// For more information, see Aborting Incomplete Multipart Uploads Using a Bucket
+	// Lifecycle Configuration (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html#mpu-abort-incomplete-mpu-lifecycle-config).
+	//
+	// The response will also include the x-amz-abort-rule-id header that will provide
+	// the ID of the lifecycle configuration rule that defines this action.
+	AbortDate *time.Time `location:"header" locationName:"x-amz-abort-date" type:"timestamp"`
+
+	// This header is returned along with the x-amz-abort-date header. It identifies
+	// applicable lifecycle configuration rule that defines the action to abort
+	// incomplete multipart uploads.
+	AbortRuleId *string `location:"header" locationName:"x-amz-abort-rule-id" type:"string"`
+
+	// The name of the bucket to which the multipart upload was initiated. Does
+	// not return the access point ARN or access point alias if used.
+	Bucket *string `type:"string"`
+
+	// The algorithm that was used to create a checksum of the object.
+	ChecksumAlgorithm *string `type:"string" enum:"ChecksumAlgorithm"`
+
+	// Container element that identifies who initiated the multipart upload. If
+	// the initiator is an Amazon Web Services account, this element provides the
+	// same information as the Owner element. If the initiator is an IAM User, this
+	// element provides the user ARN and display name.
+	Initiator *Initiator `type:"structure"`
+
+	// Indicates whether the returned list of parts is truncated. A true value indicates
+	// that the list was truncated. A list can be truncated if the number of parts
+	// exceeds the limit returned in the MaxParts element.
+	IsTruncated *bool `type:"boolean"`
+
+	// Object key for which the multipart upload was initiated.
+	Key *string `min:"1" type:"string"`
+
+	// Maximum number of parts that were allowed in the response.
+	MaxParts *int64 `type:"integer"`
+
+	// When a list is truncated, this element specifies the last part in the list,
+	// as well as the value to use for the part-number-marker request parameter
+	// in a subsequent request.
+	NextPartNumberMarker *int64 `type:"integer"`
+
+	// Container element that identifies the object owner, after the object is created.
+	// If multipart upload is initiated by an IAM user, this element provides the
+	// parent account ID and display name.
+	Owner *Owner `type:"structure"`
+
+	// When a list is truncated, this element specifies the last part in the list,
+	// as well as the value to use for the part-number-marker request parameter
+	// in a subsequent request.
+	PartNumberMarker *int64 `type:"integer"`
+
+	// Container for elements related to a particular part. A response can contain
+	// zero or more Part elements.
+	Parts []*Part `locationName:"Part" type:"list" flattened:"true"`
+
+	// If present, indicates that the requester was successfully charged for the
+	// request.
+	RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"`
+
+	// Class of storage (STANDARD or REDUCED_REDUNDANCY) used to store the uploaded
+	// object.
+	StorageClass *string `type:"string" enum:"StorageClass"`
+
+	// Upload ID identifying the multipart upload whose parts are being listed.
+	UploadId *string `type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListPartsOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListPartsOutput) GoString() string {
+	return s.String()
+}
+
+// SetAbortDate sets the AbortDate field's value.
+func (s *ListPartsOutput) SetAbortDate(v time.Time) *ListPartsOutput {
+	s.AbortDate = &v
+	return s
+}
+
+// SetAbortRuleId sets the AbortRuleId field's value.
+func (s *ListPartsOutput) SetAbortRuleId(v string) *ListPartsOutput {
+	s.AbortRuleId = &v
+	return s
+}
+
+// SetBucket sets the Bucket field's value.
+func (s *ListPartsOutput) SetBucket(v string) *ListPartsOutput {
+	s.Bucket = &v
+	return s
+}
+
+func (s *ListPartsOutput) getBucket() (v string) {
+	if s.Bucket == nil {
+		return v
+	}
+	return *s.Bucket
+}
+
+// SetChecksumAlgorithm sets the ChecksumAlgorithm field's value.
+func (s *ListPartsOutput) SetChecksumAlgorithm(v string) *ListPartsOutput {
+	s.ChecksumAlgorithm = &v
+	return s
+}
+
+// SetInitiator sets the Initiator field's value.
+func (s *ListPartsOutput) SetInitiator(v *Initiator) *ListPartsOutput {
+	s.Initiator = v
+	return s
+}
+
+// SetIsTruncated sets the IsTruncated field's value.
+func (s *ListPartsOutput) SetIsTruncated(v bool) *ListPartsOutput {
+	s.IsTruncated = &v
+	return s
+}
+
+// SetKey sets the Key field's value.
+func (s *ListPartsOutput) SetKey(v string) *ListPartsOutput {
+	s.Key = &v
+	return s
+}
+
+// SetMaxParts sets the MaxParts field's value.
+func (s *ListPartsOutput) SetMaxParts(v int64) *ListPartsOutput {
+	s.MaxParts = &v
+	return s
+}
+
+// SetNextPartNumberMarker sets the NextPartNumberMarker field's value.
+func (s *ListPartsOutput) SetNextPartNumberMarker(v int64) *ListPartsOutput {
+	s.NextPartNumberMarker = &v
+	return s
+}
+
+// SetOwner sets the Owner field's value.
+func (s *ListPartsOutput) SetOwner(v *Owner) *ListPartsOutput {
+	s.Owner = v
+	return s
+}
+
+// SetPartNumberMarker sets the PartNumberMarker field's value.
+func (s *ListPartsOutput) SetPartNumberMarker(v int64) *ListPartsOutput {
+	s.PartNumberMarker = &v
+	return s
+}
+
+// SetParts sets the Parts field's value.
+func (s *ListPartsOutput) SetParts(v []*Part) *ListPartsOutput {
+	s.Parts = v
+	return s
+}
+
+// SetRequestCharged sets the RequestCharged field's value.
+func (s *ListPartsOutput) SetRequestCharged(v string) *ListPartsOutput {
+	s.RequestCharged = &v
+	return s
+}
+
+// SetStorageClass sets the StorageClass field's value.
+func (s *ListPartsOutput) SetStorageClass(v string) *ListPartsOutput {
+	s.StorageClass = &v
+	return s
+}
+
+// SetUploadId sets the UploadId field's value.
+func (s *ListPartsOutput) SetUploadId(v string) *ListPartsOutput {
+	s.UploadId = &v
+	return s
+}
+
+// Describes an Amazon S3 location that will receive the results of the restore
+// request.
+type Location struct {
+	_ struct{} `type:"structure"`
+
+	// A list of grants that control access to the staged results.
+	AccessControlList []*Grant `locationNameList:"Grant" type:"list"`
+
+	// The name of the bucket where the restore results will be placed.
+	//
+	// BucketName is a required field
+	BucketName *string `type:"string" required:"true"`
+
+	// The canned ACL to apply to the restore results.
+	CannedACL *string `type:"string" enum:"ObjectCannedACL"`
+
+	// Contains the type of server-side encryption used.
+	Encryption *Encryption `type:"structure"`
+
+	// The prefix that is prepended to the restore results for this request.
+	//
+	// Prefix is a required field
+	Prefix *string `type:"string" required:"true"`
+
+	// The class of storage used to store the restore results.
+	StorageClass *string `type:"string" enum:"StorageClass"`
+
+	// The tag-set that is applied to the restore results.
+	Tagging *Tagging `type:"structure"`
+
+	// A list of metadata to store with the restore results in S3.
+	UserMetadata []*MetadataEntry `locationNameList:"MetadataEntry" type:"list"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s Location) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s Location) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *Location) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "Location"}
+	if s.BucketName == nil {
+		invalidParams.Add(request.NewErrParamRequired("BucketName"))
+	}
+	if s.Prefix == nil {
+		invalidParams.Add(request.NewErrParamRequired("Prefix"))
+	}
+	if s.AccessControlList != nil {
+		for i, v := range s.AccessControlList {
+			if v == nil {
+				continue
+			}
+			if err := v.Validate(); err != nil {
+				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "AccessControlList", i), err.(request.ErrInvalidParams))
+			}
+		}
+	}
+	if s.Encryption != nil {
+		if err := s.Encryption.Validate(); err != nil {
+			invalidParams.AddNested("Encryption", err.(request.ErrInvalidParams))
+		}
+	}
+	if s.Tagging != nil {
+		if err := s.Tagging.Validate(); err != nil {
+			invalidParams.AddNested("Tagging", err.(request.ErrInvalidParams))
+		}
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetAccessControlList sets the AccessControlList field's value.
+func (s *Location) SetAccessControlList(v []*Grant) *Location {
+	s.AccessControlList = v
+	return s
+}
+
+// SetBucketName sets the BucketName field's value.
+func (s *Location) SetBucketName(v string) *Location {
+	s.BucketName = &v
+	return s
+}
+
+// SetCannedACL sets the CannedACL field's value.
+func (s *Location) SetCannedACL(v string) *Location {
+	s.CannedACL = &v
+	return s
+}
+
+// SetEncryption sets the Encryption field's value.
+func (s *Location) SetEncryption(v *Encryption) *Location {
+	s.Encryption = v
+	return s
+}
+
+// SetPrefix sets the Prefix field's value.
+func (s *Location) SetPrefix(v string) *Location {
+	s.Prefix = &v
+	return s
+}
+
+// SetStorageClass sets the StorageClass field's value.
+func (s *Location) SetStorageClass(v string) *Location {
+	s.StorageClass = &v
+	return s
+}
+
+// SetTagging sets the Tagging field's value.
+func (s *Location) SetTagging(v *Tagging) *Location {
+	s.Tagging = v
+	return s
+}
+
+// SetUserMetadata sets the UserMetadata field's value.
+func (s *Location) SetUserMetadata(v []*MetadataEntry) *Location {
+	s.UserMetadata = v
+	return s
+}
+
+// Describes where logs are stored and the prefix that Amazon S3 assigns to
+// all log object keys for a bucket. For more information, see PUT Bucket logging
+// (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTlogging.html)
+// in the Amazon S3 API Reference.
+type LoggingEnabled struct {
+	_ struct{} `type:"structure"`
+
+	// Specifies the bucket where you want Amazon S3 to store server access logs.
+	// You can have your logs delivered to any bucket that you own, including the
+	// same bucket that is being logged. You can also configure multiple buckets
+	// to deliver their logs to the same target bucket. In this case, you should
+	// choose a different TargetPrefix for each source bucket so that the delivered
+	// log files can be distinguished by key.
+	//
+	// TargetBucket is a required field
+	TargetBucket *string `type:"string" required:"true"`
+
+	// Container for granting information.
+	//
+	// Buckets that use the bucket owner enforced setting for Object Ownership don't
+	// support target grants. For more information, see Permissions for server access
+	// log delivery (https://docs.aws.amazon.com/AmazonS3/latest/userguide/enable-server-access-logging.html#grant-log-delivery-permissions-general)
+	// in the Amazon S3 User Guide.
+	TargetGrants []*TargetGrant `locationNameList:"Grant" type:"list"`
+
+	// A prefix for all log object keys. If you store log files from multiple Amazon
+	// S3 buckets in a single bucket, you can use a prefix to distinguish which
+	// log files came from which bucket.
+	//
+	// TargetPrefix is a required field
+	TargetPrefix *string `type:"string" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s LoggingEnabled) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s LoggingEnabled) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *LoggingEnabled) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "LoggingEnabled"}
+	if s.TargetBucket == nil {
+		invalidParams.Add(request.NewErrParamRequired("TargetBucket"))
+	}
+	if s.TargetPrefix == nil {
+		invalidParams.Add(request.NewErrParamRequired("TargetPrefix"))
+	}
+	if s.TargetGrants != nil {
+		for i, v := range s.TargetGrants {
+			if v == nil {
+				continue
+			}
+			if err := v.Validate(); err != nil {
+				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "TargetGrants", i), err.(request.ErrInvalidParams))
+			}
+		}
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetTargetBucket sets the TargetBucket field's value.
+func (s *LoggingEnabled) SetTargetBucket(v string) *LoggingEnabled {
+	s.TargetBucket = &v
+	return s
+}
+
+// SetTargetGrants sets the TargetGrants field's value.
+func (s *LoggingEnabled) SetTargetGrants(v []*TargetGrant) *LoggingEnabled {
+	s.TargetGrants = v
+	return s
+}
+
+// SetTargetPrefix sets the TargetPrefix field's value.
+func (s *LoggingEnabled) SetTargetPrefix(v string) *LoggingEnabled {
+	s.TargetPrefix = &v
+	return s
+}
+
+// A metadata key-value pair to store with an object.
+type MetadataEntry struct {
+	_ struct{} `type:"structure"`
+
+	// Name of the Object.
+	Name *string `type:"string"`
+
+	// Value of the Object.
+	Value *string `type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s MetadataEntry) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s MetadataEntry) GoString() string {
+	return s.String()
+}
+
+// SetName sets the Name field's value.
+func (s *MetadataEntry) SetName(v string) *MetadataEntry {
+	s.Name = &v
+	return s
+}
+
+// SetValue sets the Value field's value.
+func (s *MetadataEntry) SetValue(v string) *MetadataEntry {
+	s.Value = &v
+	return s
+}
+
+// A container specifying replication metrics-related settings enabling replication
+// metrics and events.
+type Metrics struct {
+	_ struct{} `type:"structure"`
+
+	// A container specifying the time threshold for emitting the s3:Replication:OperationMissedThreshold
+	// event.
+	EventThreshold *ReplicationTimeValue `type:"structure"`
+
+	// Specifies whether the replication metrics are enabled.
+	//
+	// Status is a required field
+	Status *string `type:"string" required:"true" enum:"MetricsStatus"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s Metrics) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s Metrics) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *Metrics) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "Metrics"}
+	if s.Status == nil {
+		invalidParams.Add(request.NewErrParamRequired("Status"))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetEventThreshold sets the EventThreshold field's value.
+func (s *Metrics) SetEventThreshold(v *ReplicationTimeValue) *Metrics {
+	s.EventThreshold = v
+	return s
+}
+
+// SetStatus sets the Status field's value.
+func (s *Metrics) SetStatus(v string) *Metrics {
+	s.Status = &v
+	return s
+}
+
+// A conjunction (logical AND) of predicates, which is used in evaluating a
+// metrics filter. The operator must have at least two predicates, and an object
+// must match all of the predicates in order for the filter to apply.
+type MetricsAndOperator struct {
+	_ struct{} `type:"structure"`
+
+	// The access point ARN used when evaluating an AND predicate.
+	AccessPointArn *string `type:"string"`
+
+	// The prefix used when evaluating an AND predicate.
+	Prefix *string `type:"string"`
+
+	// The list of tags used when evaluating an AND predicate.
+	Tags []*Tag `locationName:"Tag" locationNameList:"Tag" type:"list" flattened:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s MetricsAndOperator) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s MetricsAndOperator) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *MetricsAndOperator) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "MetricsAndOperator"}
+	if s.Tags != nil {
+		for i, v := range s.Tags {
+			if v == nil {
+				continue
+			}
+			if err := v.Validate(); err != nil {
+				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams))
+			}
+		}
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetAccessPointArn sets the AccessPointArn field's value.
+func (s *MetricsAndOperator) SetAccessPointArn(v string) *MetricsAndOperator {
+	s.AccessPointArn = &v
+	return s
+}
+
+// SetPrefix sets the Prefix field's value.
+func (s *MetricsAndOperator) SetPrefix(v string) *MetricsAndOperator {
+	s.Prefix = &v
+	return s
+}
+
+// SetTags sets the Tags field's value.
+func (s *MetricsAndOperator) SetTags(v []*Tag) *MetricsAndOperator {
+	s.Tags = v
+	return s
+}
+
+// Specifies a metrics configuration for the CloudWatch request metrics (specified
+// by the metrics configuration ID) from an Amazon S3 bucket. If you're updating
+// an existing metrics configuration, note that this is a full replacement of
+// the existing metrics configuration. If you don't include the elements you
+// want to keep, they are erased. For more information, see PutBucketMetricsConfiguration
+// (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTMetricConfiguration.html).
+type MetricsConfiguration struct {
+	_ struct{} `type:"structure"`
+
+	// Specifies a metrics configuration filter. The metrics configuration will
+	// only include objects that meet the filter's criteria. A filter must be a
+	// prefix, an object tag, an access point ARN, or a conjunction (MetricsAndOperator).
+	Filter *MetricsFilter `type:"structure"`
+
+	// The ID used to identify the metrics configuration. The ID has a 64 character
+	// limit and can only contain letters, numbers, periods, dashes, and underscores.
+	//
+	// Id is a required field
+	Id *string `type:"string" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s MetricsConfiguration) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s MetricsConfiguration) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *MetricsConfiguration) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "MetricsConfiguration"}
+	if s.Id == nil {
+		invalidParams.Add(request.NewErrParamRequired("Id"))
+	}
+	if s.Filter != nil {
+		if err := s.Filter.Validate(); err != nil {
+			invalidParams.AddNested("Filter", err.(request.ErrInvalidParams))
+		}
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetFilter sets the Filter field's value.
+func (s *MetricsConfiguration) SetFilter(v *MetricsFilter) *MetricsConfiguration {
+	s.Filter = v
+	return s
+}
+
+// SetId sets the Id field's value.
+func (s *MetricsConfiguration) SetId(v string) *MetricsConfiguration {
+	s.Id = &v
+	return s
+}
+
+// Specifies a metrics configuration filter. The metrics configuration only
+// includes objects that meet the filter's criteria. A filter must be a prefix,
+// an object tag, an access point ARN, or a conjunction (MetricsAndOperator).
+// For more information, see PutBucketMetricsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketMetricsConfiguration.html).
+type MetricsFilter struct {
+	_ struct{} `type:"structure"`
+
+	// The access point ARN used when evaluating a metrics filter.
+	AccessPointArn *string `type:"string"`
+
+	// A conjunction (logical AND) of predicates, which is used in evaluating a
+	// metrics filter. The operator must have at least two predicates, and an object
+	// must match all of the predicates in order for the filter to apply.
+	And *MetricsAndOperator `type:"structure"`
+
+	// The prefix used when evaluating a metrics filter.
+	Prefix *string `type:"string"`
+
+	// The tag used when evaluating a metrics filter.
+	Tag *Tag `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s MetricsFilter) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s MetricsFilter) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *MetricsFilter) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "MetricsFilter"}
+	if s.And != nil {
+		if err := s.And.Validate(); err != nil {
+			invalidParams.AddNested("And", err.(request.ErrInvalidParams))
+		}
+	}
+	if s.Tag != nil {
+		if err := s.Tag.Validate(); err != nil {
+			invalidParams.AddNested("Tag", err.(request.ErrInvalidParams))
+		}
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetAccessPointArn sets the AccessPointArn field's value.
+func (s *MetricsFilter) SetAccessPointArn(v string) *MetricsFilter {
+	s.AccessPointArn = &v
+	return s
+}
+
+// SetAnd sets the And field's value.
+func (s *MetricsFilter) SetAnd(v *MetricsAndOperator) *MetricsFilter {
+	s.And = v
+	return s
+}
+
+// SetPrefix sets the Prefix field's value.
+func (s *MetricsFilter) SetPrefix(v string) *MetricsFilter {
+	s.Prefix = &v
+	return s
+}
+
+// SetTag sets the Tag field's value.
+func (s *MetricsFilter) SetTag(v *Tag) *MetricsFilter {
+	s.Tag = v
+	return s
+}
+
+// Container for the MultipartUpload for the Amazon S3 object.
+type MultipartUpload struct {
+	_ struct{} `type:"structure"`
+
+	// The algorithm that was used to create a checksum of the object.
+	ChecksumAlgorithm *string `type:"string" enum:"ChecksumAlgorithm"`
+
+	// Date and time at which the multipart upload was initiated.
+	Initiated *time.Time `type:"timestamp"`
+
+	// Identifies who initiated the multipart upload.
+	Initiator *Initiator `type:"structure"`
+
+	// Key of the object for which the multipart upload was initiated.
+	Key *string `min:"1" type:"string"`
+
+	// Specifies the owner of the object that is part of the multipart upload.
+	Owner *Owner `type:"structure"`
+
+	// The class of storage used to store the object.
+	StorageClass *string `type:"string" enum:"StorageClass"`
+
+	// Upload ID that identifies the multipart upload.
+	UploadId *string `type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s MultipartUpload) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s MultipartUpload) GoString() string {
+	return s.String()
+}
+
+// SetChecksumAlgorithm sets the ChecksumAlgorithm field's value.
+func (s *MultipartUpload) SetChecksumAlgorithm(v string) *MultipartUpload {
+	s.ChecksumAlgorithm = &v
+	return s
+}
+
+// SetInitiated sets the Initiated field's value.
+func (s *MultipartUpload) SetInitiated(v time.Time) *MultipartUpload {
+	s.Initiated = &v
+	return s
+}
+
+// SetInitiator sets the Initiator field's value.
+func (s *MultipartUpload) SetInitiator(v *Initiator) *MultipartUpload {
+	s.Initiator = v
+	return s
+}
+
+// SetKey sets the Key field's value.
+func (s *MultipartUpload) SetKey(v string) *MultipartUpload {
+	s.Key = &v
+	return s
+}
+
+// SetOwner sets the Owner field's value.
+func (s *MultipartUpload) SetOwner(v *Owner) *MultipartUpload {
+	s.Owner = v
+	return s
+}
+
+// SetStorageClass sets the StorageClass field's value.
+func (s *MultipartUpload) SetStorageClass(v string) *MultipartUpload {
+	s.StorageClass = &v
+	return s
+}
+
+// SetUploadId sets the UploadId field's value.
+func (s *MultipartUpload) SetUploadId(v string) *MultipartUpload {
+	s.UploadId = &v
+	return s
+}
+
+// Specifies when noncurrent object versions expire. Upon expiration, Amazon
+// S3 permanently deletes the noncurrent object versions. You set this lifecycle
+// configuration action on a bucket that has versioning enabled (or suspended)
+// to request that Amazon S3 delete noncurrent object versions at a specific
+// period in the object's lifetime.
+type NoncurrentVersionExpiration struct {
+	_ struct{} `type:"structure"`
+
+	// Specifies how many noncurrent versions Amazon S3 will retain. If there are
+	// this many more recent noncurrent versions, Amazon S3 will take the associated
+	// action. For more information about noncurrent versions, see Lifecycle configuration
+	// elements (https://docs.aws.amazon.com/AmazonS3/latest/userguide/intro-lifecycle-rules.html)
+	// in the Amazon S3 User Guide.
+	NewerNoncurrentVersions *int64 `type:"integer"`
+
+	// Specifies the number of days an object is noncurrent before Amazon S3 can
+	// perform the associated action. The value must be a non-zero positive integer.
+	// For information about the noncurrent days calculations, see How Amazon S3
+	// Calculates When an Object Became Noncurrent (https://docs.aws.amazon.com/AmazonS3/latest/dev/intro-lifecycle-rules.html#non-current-days-calculations)
+	// in the Amazon S3 User Guide.
+	NoncurrentDays *int64 `type:"integer"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s NoncurrentVersionExpiration) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s NoncurrentVersionExpiration) GoString() string {
+	return s.String()
+}
+
+// SetNewerNoncurrentVersions sets the NewerNoncurrentVersions field's value.
+func (s *NoncurrentVersionExpiration) SetNewerNoncurrentVersions(v int64) *NoncurrentVersionExpiration {
+	s.NewerNoncurrentVersions = &v
+	return s
+}
+
+// SetNoncurrentDays sets the NoncurrentDays field's value.
+func (s *NoncurrentVersionExpiration) SetNoncurrentDays(v int64) *NoncurrentVersionExpiration {
+	s.NoncurrentDays = &v
+	return s
+}
+
+// Container for the transition rule that describes when noncurrent objects
+// transition to the STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER_IR,
+// GLACIER, or DEEP_ARCHIVE storage class. If your bucket is versioning-enabled
+// (or versioning is suspended), you can set this action to request that Amazon
+// S3 transition noncurrent object versions to the STANDARD_IA, ONEZONE_IA,
+// INTELLIGENT_TIERING, GLACIER_IR, GLACIER, or DEEP_ARCHIVE storage class at
+// a specific period in the object's lifetime.
+type NoncurrentVersionTransition struct {
+	_ struct{} `type:"structure"`
+
+	// Specifies how many noncurrent versions Amazon S3 will retain. If there are
+	// this many more recent noncurrent versions, Amazon S3 will take the associated
+	// action. For more information about noncurrent versions, see Lifecycle configuration
+	// elements (https://docs.aws.amazon.com/AmazonS3/latest/userguide/intro-lifecycle-rules.html)
+	// in the Amazon S3 User Guide.
+	NewerNoncurrentVersions *int64 `type:"integer"`
+
+	// Specifies the number of days an object is noncurrent before Amazon S3 can
+	// perform the associated action. For information about the noncurrent days
+	// calculations, see How Amazon S3 Calculates How Long an Object Has Been Noncurrent
+	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/intro-lifecycle-rules.html#non-current-days-calculations)
+	// in the Amazon S3 User Guide.
+	NoncurrentDays *int64 `type:"integer"`
+
+	// The class of storage used to store the object.
+	StorageClass *string `type:"string" enum:"TransitionStorageClass"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s NoncurrentVersionTransition) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s NoncurrentVersionTransition) GoString() string {
+	return s.String()
+}
+
+// SetNewerNoncurrentVersions sets the NewerNoncurrentVersions field's value.
+func (s *NoncurrentVersionTransition) SetNewerNoncurrentVersions(v int64) *NoncurrentVersionTransition {
+	s.NewerNoncurrentVersions = &v
+	return s
+}
+
+// SetNoncurrentDays sets the NoncurrentDays field's value.
+func (s *NoncurrentVersionTransition) SetNoncurrentDays(v int64) *NoncurrentVersionTransition {
+	s.NoncurrentDays = &v
+	return s
+}
+
+// SetStorageClass sets the StorageClass field's value.
+func (s *NoncurrentVersionTransition) SetStorageClass(v string) *NoncurrentVersionTransition {
+	s.StorageClass = &v
+	return s
+}
+
+// A container for specifying the notification configuration of the bucket.
+// If this element is empty, notifications are turned off for the bucket.
+type NotificationConfiguration struct {
+	_ struct{} `type:"structure"`
+
+	// Enables delivery of events to Amazon EventBridge.
+	EventBridgeConfiguration *EventBridgeConfiguration `type:"structure"`
+
+	// Describes the Lambda functions to invoke and the events for which to invoke
+	// them.
+	LambdaFunctionConfigurations []*LambdaFunctionConfiguration `locationName:"CloudFunctionConfiguration" type:"list" flattened:"true"`
+
+	// The Amazon Simple Queue Service queues to publish messages to and the events
+	// for which to publish messages.
+	QueueConfigurations []*QueueConfiguration `locationName:"QueueConfiguration" type:"list" flattened:"true"`
+
+	// The topic to which notifications are sent and the events for which notifications
+	// are generated.
+	TopicConfigurations []*TopicConfiguration `locationName:"TopicConfiguration" type:"list" flattened:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s NotificationConfiguration) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s NotificationConfiguration) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *NotificationConfiguration) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "NotificationConfiguration"}
+	if s.LambdaFunctionConfigurations != nil {
+		for i, v := range s.LambdaFunctionConfigurations {
+			if v == nil {
+				continue
+			}
+			if err := v.Validate(); err != nil {
+				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "LambdaFunctionConfigurations", i), err.(request.ErrInvalidParams))
+			}
+		}
+	}
+	if s.QueueConfigurations != nil {
+		for i, v := range s.QueueConfigurations {
+			if v == nil {
+				continue
+			}
+			if err := v.Validate(); err != nil {
+				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "QueueConfigurations", i), err.(request.ErrInvalidParams))
+			}
+		}
+	}
+	if s.TopicConfigurations != nil {
+		for i, v := range s.TopicConfigurations {
+			if v == nil {
+				continue
+			}
+			if err := v.Validate(); err != nil {
+				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "TopicConfigurations", i), err.(request.ErrInvalidParams))
+			}
+		}
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetEventBridgeConfiguration sets the EventBridgeConfiguration field's value.
+func (s *NotificationConfiguration) SetEventBridgeConfiguration(v *EventBridgeConfiguration) *NotificationConfiguration {
+	s.EventBridgeConfiguration = v
+	return s
+}
+
+// SetLambdaFunctionConfigurations sets the LambdaFunctionConfigurations field's value.
+func (s *NotificationConfiguration) SetLambdaFunctionConfigurations(v []*LambdaFunctionConfiguration) *NotificationConfiguration {
+	s.LambdaFunctionConfigurations = v
+	return s
+}
+
+// SetQueueConfigurations sets the QueueConfigurations field's value.
+func (s *NotificationConfiguration) SetQueueConfigurations(v []*QueueConfiguration) *NotificationConfiguration {
+	s.QueueConfigurations = v
+	return s
+}
+
+// SetTopicConfigurations sets the TopicConfigurations field's value.
+func (s *NotificationConfiguration) SetTopicConfigurations(v []*TopicConfiguration) *NotificationConfiguration {
+	s.TopicConfigurations = v
+	return s
+}
+
+type NotificationConfigurationDeprecated struct {
+	_ struct{} `type:"structure"`
+
+	// Container for specifying the Lambda notification configuration.
+	CloudFunctionConfiguration *CloudFunctionConfiguration `type:"structure"`
+
+	// This data type is deprecated. This data type specifies the configuration
+	// for publishing messages to an Amazon Simple Queue Service (Amazon SQS) queue
+	// when Amazon S3 detects specified events.
+	QueueConfiguration *QueueConfigurationDeprecated `type:"structure"`
+
+	// This data type is deprecated. A container for specifying the configuration
+	// for publication of messages to an Amazon Simple Notification Service (Amazon
+	// SNS) topic when Amazon S3 detects specified events.
+	TopicConfiguration *TopicConfigurationDeprecated `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s NotificationConfigurationDeprecated) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s NotificationConfigurationDeprecated) GoString() string {
+	return s.String()
+}
+
+// SetCloudFunctionConfiguration sets the CloudFunctionConfiguration field's value.
+func (s *NotificationConfigurationDeprecated) SetCloudFunctionConfiguration(v *CloudFunctionConfiguration) *NotificationConfigurationDeprecated {
+	s.CloudFunctionConfiguration = v
+	return s
+}
+
+// SetQueueConfiguration sets the QueueConfiguration field's value.
+func (s *NotificationConfigurationDeprecated) SetQueueConfiguration(v *QueueConfigurationDeprecated) *NotificationConfigurationDeprecated {
+	s.QueueConfiguration = v
+	return s
+}
+
+// SetTopicConfiguration sets the TopicConfiguration field's value.
+func (s *NotificationConfigurationDeprecated) SetTopicConfiguration(v *TopicConfigurationDeprecated) *NotificationConfigurationDeprecated {
+	s.TopicConfiguration = v
+	return s
+}
+
+// Specifies object key name filtering rules. For information about key name
+// filtering, see Configuring event notifications using object key name filtering
+// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/notification-how-to-filtering.html)
+// in the Amazon S3 User Guide.
+type NotificationConfigurationFilter struct {
+	_ struct{} `type:"structure"`
+
+	// A container for object key name prefix and suffix filtering rules.
+	Key *KeyFilter `locationName:"S3Key" type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s NotificationConfigurationFilter) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s NotificationConfigurationFilter) GoString() string {
+	return s.String()
+}
+
+// SetKey sets the Key field's value.
+func (s *NotificationConfigurationFilter) SetKey(v *KeyFilter) *NotificationConfigurationFilter {
+	s.Key = v
+	return s
+}
+
+// An object consists of data and its descriptive metadata.
+type Object struct {
+	_ struct{} `type:"structure"`
+
+	// The algorithm that was used to create a checksum of the object.
+	ChecksumAlgorithm []*string `type:"list" flattened:"true" enum:"ChecksumAlgorithm"`
+
+	// The entity tag is a hash of the object. The ETag reflects changes only to
+	// the contents of an object, not its metadata. The ETag may or may not be an
+	// MD5 digest of the object data. Whether or not it is depends on how the object
+	// was created and how it is encrypted as described below:
+	//
+	//    * Objects created by the PUT Object, POST Object, or Copy operation, or
+	//    through the Amazon Web Services Management Console, and are encrypted
+	//    by SSE-S3 or plaintext, have ETags that are an MD5 digest of their object
+	//    data.
+	//
+	//    * Objects created by the PUT Object, POST Object, or Copy operation, or
+	//    through the Amazon Web Services Management Console, and are encrypted
+	//    by SSE-C or SSE-KMS, have ETags that are not an MD5 digest of their object
+	//    data.
+	//
+	//    * If an object is created by either the Multipart Upload or Part Copy
+	//    operation, the ETag is not an MD5 digest, regardless of the method of
+	//    encryption. If an object is larger than 16 MB, the Amazon Web Services
+	//    Management Console will upload or copy that object as a Multipart Upload,
+	//    and therefore the ETag will not be an MD5 digest.
+	ETag *string `type:"string"`
+
+	// The name that you assign to an object. You use the object key to retrieve
+	// the object.
+	Key *string `min:"1" type:"string"`
+
+	// Creation date of the object.
+	LastModified *time.Time `type:"timestamp"`
+
+	// The owner of the object
+	Owner *Owner `type:"structure"`
+
+	// Size in bytes of the object
+	Size *int64 `type:"integer"`
+
+	// The class of storage used to store the object.
+	StorageClass *string `type:"string" enum:"ObjectStorageClass"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s Object) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s Object) GoString() string {
+	return s.String()
+}
+
+// SetChecksumAlgorithm sets the ChecksumAlgorithm field's value.
+func (s *Object) SetChecksumAlgorithm(v []*string) *Object {
+	s.ChecksumAlgorithm = v
+	return s
+}
+
+// SetETag sets the ETag field's value.
+func (s *Object) SetETag(v string) *Object {
+	s.ETag = &v
+	return s
+}
+
+// SetKey sets the Key field's value.
+func (s *Object) SetKey(v string) *Object {
+	s.Key = &v
+	return s
+}
+
+// SetLastModified sets the LastModified field's value.
+func (s *Object) SetLastModified(v time.Time) *Object {
+	s.LastModified = &v
+	return s
+}
+
+// SetOwner sets the Owner field's value.
+func (s *Object) SetOwner(v *Owner) *Object {
+	s.Owner = v
+	return s
+}
+
+// SetSize sets the Size field's value.
+func (s *Object) SetSize(v int64) *Object {
+	s.Size = &v
+	return s
+}
+
+// SetStorageClass sets the StorageClass field's value.
+func (s *Object) SetStorageClass(v string) *Object {
+	s.StorageClass = &v
+	return s
+}
+
+// Object Identifier is unique value to identify objects.
+type ObjectIdentifier struct {
+	_ struct{} `type:"structure"`
+
+	// Key name of the object.
+	//
+	// Replacement must be made for object keys containing special characters (such
+	// as carriage returns) when using XML requests. For more information, see XML
+	// related object key constraints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints).
+	//
+	// Key is a required field
+	Key *string `min:"1" type:"string" required:"true"`
+
+	// VersionId for the specific version of the object to delete.
+	VersionId *string `type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ObjectIdentifier) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ObjectIdentifier) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *ObjectIdentifier) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "ObjectIdentifier"}
+	if s.Key == nil {
+		invalidParams.Add(request.NewErrParamRequired("Key"))
+	}
+	if s.Key != nil && len(*s.Key) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Key", 1))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetKey sets the Key field's value.
+func (s *ObjectIdentifier) SetKey(v string) *ObjectIdentifier {
+	s.Key = &v
+	return s
+}
+
+// SetVersionId sets the VersionId field's value.
+func (s *ObjectIdentifier) SetVersionId(v string) *ObjectIdentifier {
+	s.VersionId = &v
+	return s
+}
+
+// The container element for Object Lock configuration parameters.
+type ObjectLockConfiguration struct {
+	_ struct{} `type:"structure"`
+
+	// Indicates whether this bucket has an Object Lock configuration enabled. Enable
+	// ObjectLockEnabled when you apply ObjectLockConfiguration to a bucket.
+	ObjectLockEnabled *string `type:"string" enum:"ObjectLockEnabled"`
+
+	// Specifies the Object Lock rule for the specified object. Enable the this
+	// rule when you apply ObjectLockConfiguration to a bucket. Bucket settings
+	// require both a mode and a period. The period can be either Days or Years
+	// but you must select one. You cannot specify Days and Years at the same time.
+	Rule *ObjectLockRule `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ObjectLockConfiguration) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ObjectLockConfiguration) GoString() string {
+	return s.String()
+}
+
+// SetObjectLockEnabled sets the ObjectLockEnabled field's value.
+func (s *ObjectLockConfiguration) SetObjectLockEnabled(v string) *ObjectLockConfiguration {
+	s.ObjectLockEnabled = &v
+	return s
+}
+
+// SetRule sets the Rule field's value.
+func (s *ObjectLockConfiguration) SetRule(v *ObjectLockRule) *ObjectLockConfiguration {
+	s.Rule = v
+	return s
+}
+
+// A legal hold configuration for an object.
+type ObjectLockLegalHold struct {
+	_ struct{} `type:"structure"`
+
+	// Indicates whether the specified object has a legal hold in place.
+	Status *string `type:"string" enum:"ObjectLockLegalHoldStatus"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ObjectLockLegalHold) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ObjectLockLegalHold) GoString() string {
+	return s.String()
+}
+
+// SetStatus sets the Status field's value.
+func (s *ObjectLockLegalHold) SetStatus(v string) *ObjectLockLegalHold {
+	s.Status = &v
+	return s
+}
+
+// A Retention configuration for an object.
+type ObjectLockRetention struct {
+	_ struct{} `type:"structure"`
+
+	// Indicates the Retention mode for the specified object.
+	Mode *string `type:"string" enum:"ObjectLockRetentionMode"`
+
+	// The date on which this Object Lock Retention will expire.
+	RetainUntilDate *time.Time `type:"timestamp" timestampFormat:"iso8601"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ObjectLockRetention) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ObjectLockRetention) GoString() string {
+	return s.String()
+}
+
+// SetMode sets the Mode field's value.
+func (s *ObjectLockRetention) SetMode(v string) *ObjectLockRetention {
+	s.Mode = &v
+	return s
+}
+
+// SetRetainUntilDate sets the RetainUntilDate field's value.
+func (s *ObjectLockRetention) SetRetainUntilDate(v time.Time) *ObjectLockRetention {
+	s.RetainUntilDate = &v
+	return s
+}
+
+// The container element for an Object Lock rule.
+type ObjectLockRule struct {
+	_ struct{} `type:"structure"`
+
+	// The default Object Lock retention mode and period that you want to apply
+	// to new objects placed in the specified bucket. Bucket settings require both
+	// a mode and a period. The period can be either Days or Years but you must
+	// select one. You cannot specify Days and Years at the same time.
+	DefaultRetention *DefaultRetention `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ObjectLockRule) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ObjectLockRule) GoString() string {
+	return s.String()
+}
+
+// SetDefaultRetention sets the DefaultRetention field's value.
+func (s *ObjectLockRule) SetDefaultRetention(v *DefaultRetention) *ObjectLockRule {
+	s.DefaultRetention = v
+	return s
+}
+
+// A container for elements related to an individual part.
+type ObjectPart struct {
+	_ struct{} `type:"structure"`
+
+	// This header can be used as a data integrity check to verify that the data
+	// received is the same data that was originally sent. This header specifies
+	// the base64-encoded, 32-bit CRC32 checksum of the object. For more information,
+	// see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// in the Amazon S3 User Guide.
+	ChecksumCRC32 *string `type:"string"`
+
+	// The base64-encoded, 32-bit CRC32C checksum of the object. This will only
+	// be present if it was uploaded with the object. With multipart uploads, this
+	// may not be a checksum value of the object. For more information about how
+	// checksums are calculated with multipart uploads, see Checking object integrity
+	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// in the Amazon S3 User Guide.
+	ChecksumCRC32C *string `type:"string"`
+
+	// The base64-encoded, 160-bit SHA-1 digest of the object. This will only be
+	// present if it was uploaded with the object. With multipart uploads, this
+	// may not be a checksum value of the object. For more information about how
+	// checksums are calculated with multipart uploads, see Checking object integrity
+	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// in the Amazon S3 User Guide.
+	ChecksumSHA1 *string `type:"string"`
+
+	// The base64-encoded, 256-bit SHA-256 digest of the object. This will only
+	// be present if it was uploaded with the object. With multipart uploads, this
+	// may not be a checksum value of the object. For more information about how
+	// checksums are calculated with multipart uploads, see Checking object integrity
+	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// in the Amazon S3 User Guide.
+	ChecksumSHA256 *string `type:"string"`
+
+	// The part number identifying the part. This value is a positive integer between
+	// 1 and 10,000.
+	PartNumber *int64 `type:"integer"`
+
+	// The size of the uploaded part in bytes.
+	Size *int64 `type:"integer"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ObjectPart) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ObjectPart) GoString() string {
+	return s.String()
+}
+
+// SetChecksumCRC32 sets the ChecksumCRC32 field's value.
+func (s *ObjectPart) SetChecksumCRC32(v string) *ObjectPart {
+	s.ChecksumCRC32 = &v
+	return s
+}
+
+// SetChecksumCRC32C sets the ChecksumCRC32C field's value.
+func (s *ObjectPart) SetChecksumCRC32C(v string) *ObjectPart {
+	s.ChecksumCRC32C = &v
+	return s
+}
+
+// SetChecksumSHA1 sets the ChecksumSHA1 field's value.
+func (s *ObjectPart) SetChecksumSHA1(v string) *ObjectPart {
+	s.ChecksumSHA1 = &v
+	return s
+}
+
+// SetChecksumSHA256 sets the ChecksumSHA256 field's value.
+func (s *ObjectPart) SetChecksumSHA256(v string) *ObjectPart {
+	s.ChecksumSHA256 = &v
+	return s
+}
+
+// SetPartNumber sets the PartNumber field's value.
+func (s *ObjectPart) SetPartNumber(v int64) *ObjectPart {
+	s.PartNumber = &v
+	return s
+}
+
+// SetSize sets the Size field's value.
+func (s *ObjectPart) SetSize(v int64) *ObjectPart {
+	s.Size = &v
+	return s
+}
+
+// The version of an object.
+type ObjectVersion struct {
+	_ struct{} `type:"structure"`
+
+	// The algorithm that was used to create a checksum of the object.
+	ChecksumAlgorithm []*string `type:"list" flattened:"true" enum:"ChecksumAlgorithm"`
+
+	// The entity tag is an MD5 hash of that version of the object.
+	ETag *string `type:"string"`
+
+	// Specifies whether the object is (true) or is not (false) the latest version
+	// of an object.
+	IsLatest *bool `type:"boolean"`
+
+	// The object key.
+	Key *string `min:"1" type:"string"`
+
+	// Date and time the object was last modified.
+	LastModified *time.Time `type:"timestamp"`
+
+	// Specifies the owner of the object.
+	Owner *Owner `type:"structure"`
+
+	// Size in bytes of the object.
+	Size *int64 `type:"integer"`
+
+	// The class of storage used to store the object.
+	StorageClass *string `type:"string" enum:"ObjectVersionStorageClass"`
+
+	// Version ID of an object.
+	VersionId *string `type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ObjectVersion) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ObjectVersion) GoString() string {
+	return s.String()
+}
+
+// SetChecksumAlgorithm sets the ChecksumAlgorithm field's value.
+func (s *ObjectVersion) SetChecksumAlgorithm(v []*string) *ObjectVersion {
+	s.ChecksumAlgorithm = v
+	return s
+}
+
+// SetETag sets the ETag field's value.
+func (s *ObjectVersion) SetETag(v string) *ObjectVersion {
+	s.ETag = &v
+	return s
+}
+
+// SetIsLatest sets the IsLatest field's value.
+func (s *ObjectVersion) SetIsLatest(v bool) *ObjectVersion {
+	s.IsLatest = &v
+	return s
+}
+
+// SetKey sets the Key field's value.
+func (s *ObjectVersion) SetKey(v string) *ObjectVersion {
+	s.Key = &v
+	return s
+}
+
+// SetLastModified sets the LastModified field's value.
+func (s *ObjectVersion) SetLastModified(v time.Time) *ObjectVersion {
+	s.LastModified = &v
+	return s
+}
+
+// SetOwner sets the Owner field's value.
+func (s *ObjectVersion) SetOwner(v *Owner) *ObjectVersion {
+	s.Owner = v
+	return s
+}
+
+// SetSize sets the Size field's value.
+func (s *ObjectVersion) SetSize(v int64) *ObjectVersion {
+	s.Size = &v
+	return s
+}
+
+// SetStorageClass sets the StorageClass field's value.
+func (s *ObjectVersion) SetStorageClass(v string) *ObjectVersion {
+	s.StorageClass = &v
+	return s
+}
+
+// SetVersionId sets the VersionId field's value.
+func (s *ObjectVersion) SetVersionId(v string) *ObjectVersion {
+	s.VersionId = &v
+	return s
+}
+
+// Describes the location where the restore job's output is stored.
+type OutputLocation struct {
+	_ struct{} `type:"structure"`
+
+	// Describes an S3 location that will receive the results of the restore request.
+	S3 *Location `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s OutputLocation) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s OutputLocation) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *OutputLocation) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "OutputLocation"}
+	if s.S3 != nil {
+		if err := s.S3.Validate(); err != nil {
+			invalidParams.AddNested("S3", err.(request.ErrInvalidParams))
+		}
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetS3 sets the S3 field's value.
+func (s *OutputLocation) SetS3(v *Location) *OutputLocation {
+	s.S3 = v
+	return s
+}
+
+// Describes how results of the Select job are serialized.
+type OutputSerialization struct {
+	_ struct{} `type:"structure"`
+
+	// Describes the serialization of CSV-encoded Select results.
+	CSV *CSVOutput `type:"structure"`
+
+	// Specifies JSON as request's output serialization format.
+	JSON *JSONOutput `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s OutputSerialization) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s OutputSerialization) GoString() string {
+	return s.String()
+}
+
+// SetCSV sets the CSV field's value.
+func (s *OutputSerialization) SetCSV(v *CSVOutput) *OutputSerialization {
+	s.CSV = v
+	return s
+}
+
+// SetJSON sets the JSON field's value.
+func (s *OutputSerialization) SetJSON(v *JSONOutput) *OutputSerialization {
+	s.JSON = v
+	return s
+}
+
+// Container for the owner's display name and ID.
+type Owner struct {
+	_ struct{} `type:"structure"`
+
+	// Container for the display name of the owner. This value is only supported
+	// in the following Amazon Web Services Regions:
+	//
+	//    * US East (N. Virginia)
+	//
+	//    * US West (N. California)
+	//
+	//    * US West (Oregon)
+	//
+	//    * Asia Pacific (Singapore)
+	//
+	//    * Asia Pacific (Sydney)
+	//
+	//    * Asia Pacific (Tokyo)
+	//
+	//    * Europe (Ireland)
+	//
+	//    * South America (São Paulo)
+	DisplayName *string `type:"string"`
+
+	// Container for the ID of the owner.
+	ID *string `type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s Owner) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s Owner) GoString() string {
+	return s.String()
+}
+
+// SetDisplayName sets the DisplayName field's value.
+func (s *Owner) SetDisplayName(v string) *Owner {
+	s.DisplayName = &v
+	return s
+}
+
+// SetID sets the ID field's value.
+func (s *Owner) SetID(v string) *Owner {
+	s.ID = &v
+	return s
+}
+
+// The container element for a bucket's ownership controls.
+type OwnershipControls struct {
+	_ struct{} `type:"structure"`
+
+	// The container element for an ownership control rule.
+	//
+	// Rules is a required field
+	Rules []*OwnershipControlsRule `locationName:"Rule" type:"list" flattened:"true" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s OwnershipControls) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s OwnershipControls) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *OwnershipControls) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "OwnershipControls"}
+	if s.Rules == nil {
+		invalidParams.Add(request.NewErrParamRequired("Rules"))
+	}
+	if s.Rules != nil {
+		for i, v := range s.Rules {
+			if v == nil {
+				continue
+			}
+			if err := v.Validate(); err != nil {
+				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Rules", i), err.(request.ErrInvalidParams))
+			}
+		}
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetRules sets the Rules field's value.
+func (s *OwnershipControls) SetRules(v []*OwnershipControlsRule) *OwnershipControls {
+	s.Rules = v
+	return s
+}
+
+// The container element for an ownership control rule.
+type OwnershipControlsRule struct {
+	_ struct{} `type:"structure"`
+
+	// The container element for object ownership for a bucket's ownership controls.
+	//
+	// BucketOwnerPreferred - Objects uploaded to the bucket change ownership to
+	// the bucket owner if the objects are uploaded with the bucket-owner-full-control
+	// canned ACL.
+	//
+	// ObjectWriter - The uploading account will own the object if the object is
+	// uploaded with the bucket-owner-full-control canned ACL.
+	//
+	// BucketOwnerEnforced - Access control lists (ACLs) are disabled and no longer
+	// affect permissions. The bucket owner automatically owns and has full control
+	// over every object in the bucket. The bucket only accepts PUT requests that
+	// don't specify an ACL or bucket owner full control ACLs, such as the bucket-owner-full-control
+	// canned ACL or an equivalent form of this ACL expressed in the XML format.
+	//
+	// ObjectOwnership is a required field
+	ObjectOwnership *string `type:"string" required:"true" enum:"ObjectOwnership"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s OwnershipControlsRule) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s OwnershipControlsRule) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *OwnershipControlsRule) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "OwnershipControlsRule"}
+	if s.ObjectOwnership == nil {
+		invalidParams.Add(request.NewErrParamRequired("ObjectOwnership"))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetObjectOwnership sets the ObjectOwnership field's value.
+func (s *OwnershipControlsRule) SetObjectOwnership(v string) *OwnershipControlsRule {
+	s.ObjectOwnership = &v
+	return s
+}
+
+// Container for Parquet.
+type ParquetInput struct {
+	_ struct{} `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ParquetInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ParquetInput) GoString() string {
+	return s.String()
+}
+
+// Container for elements related to a part.
+type Part struct {
+	_ struct{} `type:"structure"`
+
+	// This header can be used as a data integrity check to verify that the data
+	// received is the same data that was originally sent. This header specifies
+	// the base64-encoded, 32-bit CRC32 checksum of the object. For more information,
+	// see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// in the Amazon S3 User Guide.
+	ChecksumCRC32 *string `type:"string"`
+
+	// The base64-encoded, 32-bit CRC32C checksum of the object. This will only
+	// be present if it was uploaded with the object. With multipart uploads, this
+	// may not be a checksum value of the object. For more information about how
+	// checksums are calculated with multipart uploads, see Checking object integrity
+	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// in the Amazon S3 User Guide.
+	ChecksumCRC32C *string `type:"string"`
+
+	// The base64-encoded, 160-bit SHA-1 digest of the object. This will only be
+	// present if it was uploaded with the object. With multipart uploads, this
+	// may not be a checksum value of the object. For more information about how
+	// checksums are calculated with multipart uploads, see Checking object integrity
+	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// in the Amazon S3 User Guide.
+	ChecksumSHA1 *string `type:"string"`
+
+	// This header can be used as a data integrity check to verify that the data
+	// received is the same data that was originally sent. This header specifies
+	// the base64-encoded, 256-bit SHA-256 digest of the object. For more information,
+	// see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// in the Amazon S3 User Guide.
+	ChecksumSHA256 *string `type:"string"`
+
+	// Entity tag returned when the part was uploaded.
+	ETag *string `type:"string"`
+
+	// Date and time at which the part was uploaded.
+	LastModified *time.Time `type:"timestamp"`
+
+	// Part number identifying the part. This is a positive integer between 1 and
+	// 10,000.
+	PartNumber *int64 `type:"integer"`
+
+	// Size in bytes of the uploaded part data.
+	Size *int64 `type:"integer"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s Part) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s Part) GoString() string {
+	return s.String()
+}
+
+// SetChecksumCRC32 sets the ChecksumCRC32 field's value.
+func (s *Part) SetChecksumCRC32(v string) *Part {
+	s.ChecksumCRC32 = &v
+	return s
+}
+
+// SetChecksumCRC32C sets the ChecksumCRC32C field's value.
+func (s *Part) SetChecksumCRC32C(v string) *Part {
+	s.ChecksumCRC32C = &v
+	return s
+}
+
+// SetChecksumSHA1 sets the ChecksumSHA1 field's value.
+func (s *Part) SetChecksumSHA1(v string) *Part {
+	s.ChecksumSHA1 = &v
+	return s
+}
+
+// SetChecksumSHA256 sets the ChecksumSHA256 field's value.
+func (s *Part) SetChecksumSHA256(v string) *Part {
+	s.ChecksumSHA256 = &v
+	return s
+}
+
+// SetETag sets the ETag field's value.
+func (s *Part) SetETag(v string) *Part {
+	s.ETag = &v
+	return s
+}
+
+// SetLastModified sets the LastModified field's value.
+func (s *Part) SetLastModified(v time.Time) *Part {
+	s.LastModified = &v
+	return s
+}
+
+// SetPartNumber sets the PartNumber field's value.
+func (s *Part) SetPartNumber(v int64) *Part {
+	s.PartNumber = &v
+	return s
+}
+
+// SetSize sets the Size field's value.
+func (s *Part) SetSize(v int64) *Part {
+	s.Size = &v
+	return s
+}
+
+// The container element for a bucket's policy status.
+type PolicyStatus struct {
+	_ struct{} `type:"structure"`
+
+	// The policy status for this bucket. TRUE indicates that this bucket is public.
+	// FALSE indicates that the bucket is not public.
+	IsPublic *bool `locationName:"IsPublic" type:"boolean"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PolicyStatus) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PolicyStatus) GoString() string {
+	return s.String()
+}
+
+// SetIsPublic sets the IsPublic field's value.
+func (s *PolicyStatus) SetIsPublic(v bool) *PolicyStatus {
+	s.IsPublic = &v
+	return s
+}
+
+// This data type contains information about progress of an operation.
+type Progress struct {
+	_ struct{} `type:"structure"`
+
+	// The current number of uncompressed object bytes processed.
+	BytesProcessed *int64 `type:"long"`
+
+	// The current number of bytes of records payload data returned.
+	BytesReturned *int64 `type:"long"`
+
+	// The current number of object bytes scanned.
+	BytesScanned *int64 `type:"long"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s Progress) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s Progress) GoString() string {
+	return s.String()
+}
+
+// SetBytesProcessed sets the BytesProcessed field's value.
+func (s *Progress) SetBytesProcessed(v int64) *Progress {
+	s.BytesProcessed = &v
+	return s
+}
+
+// SetBytesReturned sets the BytesReturned field's value.
+func (s *Progress) SetBytesReturned(v int64) *Progress {
+	s.BytesReturned = &v
+	return s
+}
+
+// SetBytesScanned sets the BytesScanned field's value.
+func (s *Progress) SetBytesScanned(v int64) *Progress {
+	s.BytesScanned = &v
+	return s
+}
+
+// This data type contains information about the progress event of an operation.
+type ProgressEvent struct {
+	_ struct{} `locationName:"ProgressEvent" type:"structure" payload:"Details"`
+
+	// The Progress event details.
+	Details *Progress `locationName:"Details" type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ProgressEvent) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ProgressEvent) GoString() string {
+	return s.String()
+}
+
+// SetDetails sets the Details field's value.
+func (s *ProgressEvent) SetDetails(v *Progress) *ProgressEvent {
+	s.Details = v
+	return s
+}
+
+// The ProgressEvent is and event in the SelectObjectContentEventStream group of events.
+func (s *ProgressEvent) eventSelectObjectContentEventStream() {}
+
+// UnmarshalEvent unmarshals the EventStream Message into the ProgressEvent value.
+// This method is only used internally within the SDK's EventStream handling.
+func (s *ProgressEvent) UnmarshalEvent(
+	payloadUnmarshaler protocol.PayloadUnmarshaler,
+	msg eventstream.Message,
+) error {
+	if err := payloadUnmarshaler.UnmarshalPayload(
+		bytes.NewReader(msg.Payload), s,
+	); err != nil {
+		return err
+	}
+	return nil
+}
+
+// MarshalEvent marshals the type into an stream event value. This method
+// should only used internally within the SDK's EventStream handling.
+func (s *ProgressEvent) MarshalEvent(pm protocol.PayloadMarshaler) (msg eventstream.Message, err error) {
+	msg.Headers.Set(eventstreamapi.MessageTypeHeader, eventstream.StringValue(eventstreamapi.EventMessageType))
+	var buf bytes.Buffer
+	if err = pm.MarshalPayload(&buf, s); err != nil {
+		return eventstream.Message{}, err
+	}
+	msg.Payload = buf.Bytes()
+	return msg, err
+}
+
+// The PublicAccessBlock configuration that you want to apply to this Amazon
+// S3 bucket. You can enable the configuration options in any combination. For
+// more information about when Amazon S3 considers a bucket or object public,
+// see The Meaning of "Public" (https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html#access-control-block-public-access-policy-status)
+// in the Amazon S3 User Guide.
+type PublicAccessBlockConfiguration struct {
+	_ struct{} `type:"structure"`
+
+	// Specifies whether Amazon S3 should block public access control lists (ACLs)
+	// for this bucket and objects in this bucket. Setting this element to TRUE
+	// causes the following behavior:
+	//
+	//    * PUT Bucket ACL and PUT Object ACL calls fail if the specified ACL is
+	//    public.
+	//
+	//    * PUT Object calls fail if the request includes a public ACL.
+	//
+	//    * PUT Bucket calls fail if the request includes a public ACL.
+	//
+	// Enabling this setting doesn't affect existing policies or ACLs.
+	BlockPublicAcls *bool `locationName:"BlockPublicAcls" type:"boolean"`
+
+	// Specifies whether Amazon S3 should block public bucket policies for this
+	// bucket. Setting this element to TRUE causes Amazon S3 to reject calls to
+	// PUT Bucket policy if the specified bucket policy allows public access.
+	//
+	// Enabling this setting doesn't affect existing bucket policies.
+	BlockPublicPolicy *bool `locationName:"BlockPublicPolicy" type:"boolean"`
+
+	// Specifies whether Amazon S3 should ignore public ACLs for this bucket and
+	// objects in this bucket. Setting this element to TRUE causes Amazon S3 to
+	// ignore all public ACLs on this bucket and objects in this bucket.
+	//
+	// Enabling this setting doesn't affect the persistence of any existing ACLs
+	// and doesn't prevent new public ACLs from being set.
+	IgnorePublicAcls *bool `locationName:"IgnorePublicAcls" type:"boolean"`
+
+	// Specifies whether Amazon S3 should restrict public bucket policies for this
+	// bucket. Setting this element to TRUE restricts access to this bucket to only
+	// Amazon Web Service principals and authorized users within this account if
+	// the bucket has a public policy.
+	//
+	// Enabling this setting doesn't affect previously stored bucket policies, except
+	// that public and cross-account access within any public bucket policy, including
+	// non-public delegation to specific accounts, is blocked.
+	RestrictPublicBuckets *bool `locationName:"RestrictPublicBuckets" type:"boolean"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PublicAccessBlockConfiguration) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PublicAccessBlockConfiguration) GoString() string {
+	return s.String()
+}
+
+// SetBlockPublicAcls sets the BlockPublicAcls field's value.
+func (s *PublicAccessBlockConfiguration) SetBlockPublicAcls(v bool) *PublicAccessBlockConfiguration {
+	s.BlockPublicAcls = &v
+	return s
+}
+
+// SetBlockPublicPolicy sets the BlockPublicPolicy field's value.
+func (s *PublicAccessBlockConfiguration) SetBlockPublicPolicy(v bool) *PublicAccessBlockConfiguration {
+	s.BlockPublicPolicy = &v
+	return s
+}
+
+// SetIgnorePublicAcls sets the IgnorePublicAcls field's value.
+func (s *PublicAccessBlockConfiguration) SetIgnorePublicAcls(v bool) *PublicAccessBlockConfiguration {
+	s.IgnorePublicAcls = &v
+	return s
+}
+
+// SetRestrictPublicBuckets sets the RestrictPublicBuckets field's value.
+func (s *PublicAccessBlockConfiguration) SetRestrictPublicBuckets(v bool) *PublicAccessBlockConfiguration {
+	s.RestrictPublicBuckets = &v
+	return s
+}
+
+type PutBucketAccelerateConfigurationInput struct {
+	_ struct{} `locationName:"PutBucketAccelerateConfigurationRequest" type:"structure" payload:"AccelerateConfiguration"`
+
+	// Container for setting the transfer acceleration state.
+	//
+	// AccelerateConfiguration is a required field
+	AccelerateConfiguration *AccelerateConfiguration `locationName:"AccelerateConfiguration" type:"structure" required:"true" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"`
+
+	// The name of the bucket for which the accelerate configuration is set.
+	//
+	// Bucket is a required field
+	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
+
+	// Indicates the algorithm used to create the checksum for the object when using
+	// the SDK. This header will not provide any additional functionality if not
+	// using the SDK. When sending this header, there must be a corresponding x-amz-checksum
+	// or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with
+	// the HTTP status code 400 Bad Request. For more information, see Checking
+	// object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// in the Amazon S3 User Guide.
+	//
+	// If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm
+	// parameter.
+	//
+	// The AWS SDK for Go v1 does not support automatic computing request payload
+	// checksum. This feature is available in the AWS SDK for Go v2. If a value
+	// is specified for this parameter, the matching algorithm's checksum member
+	// must be populated with the algorithm's checksum of the request payload.
+	ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"`
+
+	// The account ID of the expected bucket owner. If the bucket is owned by a
+	// different account, the request fails with the HTTP status code 403 Forbidden
+	// (access denied).
+	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PutBucketAccelerateConfigurationInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PutBucketAccelerateConfigurationInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *PutBucketAccelerateConfigurationInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "PutBucketAccelerateConfigurationInput"}
+	if s.AccelerateConfiguration == nil {
+		invalidParams.Add(request.NewErrParamRequired("AccelerateConfiguration"))
+	}
+	if s.Bucket == nil {
+		invalidParams.Add(request.NewErrParamRequired("Bucket"))
+	}
+	if s.Bucket != nil && len(*s.Bucket) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetAccelerateConfiguration sets the AccelerateConfiguration field's value.
+func (s *PutBucketAccelerateConfigurationInput) SetAccelerateConfiguration(v *AccelerateConfiguration) *PutBucketAccelerateConfigurationInput {
+	s.AccelerateConfiguration = v
+	return s
+}
+
+// SetBucket sets the Bucket field's value.
+func (s *PutBucketAccelerateConfigurationInput) SetBucket(v string) *PutBucketAccelerateConfigurationInput {
+	s.Bucket = &v
+	return s
+}
+
+func (s *PutBucketAccelerateConfigurationInput) getBucket() (v string) {
+	if s.Bucket == nil {
+		return v
+	}
+	return *s.Bucket
+}
+
+// SetChecksumAlgorithm sets the ChecksumAlgorithm field's value.
+func (s *PutBucketAccelerateConfigurationInput) SetChecksumAlgorithm(v string) *PutBucketAccelerateConfigurationInput {
+	s.ChecksumAlgorithm = &v
+	return s
+}
+
+// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
+func (s *PutBucketAccelerateConfigurationInput) SetExpectedBucketOwner(v string) *PutBucketAccelerateConfigurationInput {
+	s.ExpectedBucketOwner = &v
+	return s
+}
+
+func (s *PutBucketAccelerateConfigurationInput) getEndpointARN() (arn.Resource, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	return parseEndpointARN(*s.Bucket)
+}
+
+func (s *PutBucketAccelerateConfigurationInput) hasEndpointARN() bool {
+	if s.Bucket == nil {
+		return false
+	}
+	return arn.IsARN(*s.Bucket)
+}
+
+// updateArnableField updates the value of the input field that
+// takes an ARN as an input. This method is useful to backfill
+// the parsed resource name from ARN into the input member.
+// It returns a pointer to a modified copy of input and an error.
+// Note that original input is not modified.
+func (s PutBucketAccelerateConfigurationInput) updateArnableField(v string) (interface{}, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	s.Bucket = aws.String(v)
+	return &s, nil
+}
+
+type PutBucketAccelerateConfigurationOutput struct {
+	_ struct{} `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PutBucketAccelerateConfigurationOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PutBucketAccelerateConfigurationOutput) GoString() string {
+	return s.String()
+}
+
+type PutBucketAclInput struct {
+	_ struct{} `locationName:"PutBucketAclRequest" type:"structure" payload:"AccessControlPolicy"`
+
+	// The canned ACL to apply to the bucket.
+	ACL *string `location:"header" locationName:"x-amz-acl" type:"string" enum:"BucketCannedACL"`
+
+	// Contains the elements that set the ACL permissions for an object per grantee.
+	AccessControlPolicy *AccessControlPolicy `locationName:"AccessControlPolicy" type:"structure" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"`
+
+	// The bucket to which to apply the ACL.
+	//
+	// Bucket is a required field
+	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
+
+	// Indicates the algorithm used to create the checksum for the object when using
+	// the SDK. This header will not provide any additional functionality if not
+	// using the SDK. When sending this header, there must be a corresponding x-amz-checksum
+	// or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with
+	// the HTTP status code 400 Bad Request. For more information, see Checking
+	// object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// in the Amazon S3 User Guide.
+	//
+	// If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm
+	// parameter.
+	//
+	// The AWS SDK for Go v1 does not support automatic computing request payload
+	// checksum. This feature is available in the AWS SDK for Go v2. If a value
+	// is specified for this parameter, the matching algorithm's checksum member
+	// must be populated with the algorithm's checksum of the request payload.
+	//
+	// The SDK will automatically compute the Content-MD5 checksum for this operation.
+	// The AWS SDK for Go v2 allows you to configure alternative checksum algorithm
+	// to be used.
+	ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"`
+
+	// The account ID of the expected bucket owner. If the bucket is owned by a
+	// different account, the request fails with the HTTP status code 403 Forbidden
+	// (access denied).
+	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
+
+	// Allows grantee the read, write, read ACP, and write ACP permissions on the
+	// bucket.
+	GrantFullControl *string `location:"header" locationName:"x-amz-grant-full-control" type:"string"`
+
+	// Allows grantee to list the objects in the bucket.
+	GrantRead *string `location:"header" locationName:"x-amz-grant-read" type:"string"`
+
+	// Allows grantee to read the bucket ACL.
+	GrantReadACP *string `location:"header" locationName:"x-amz-grant-read-acp" type:"string"`
+
+	// Allows grantee to create new objects in the bucket.
+	//
+	// For the bucket and object owners of existing objects, also allows deletions
+	// and overwrites of those objects.
+	GrantWrite *string `location:"header" locationName:"x-amz-grant-write" type:"string"`
+
+	// Allows grantee to write the ACL for the applicable bucket.
+	GrantWriteACP *string `location:"header" locationName:"x-amz-grant-write-acp" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PutBucketAclInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PutBucketAclInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *PutBucketAclInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "PutBucketAclInput"}
+	if s.Bucket == nil {
+		invalidParams.Add(request.NewErrParamRequired("Bucket"))
+	}
+	if s.Bucket != nil && len(*s.Bucket) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+	}
+	if s.AccessControlPolicy != nil {
+		if err := s.AccessControlPolicy.Validate(); err != nil {
+			invalidParams.AddNested("AccessControlPolicy", err.(request.ErrInvalidParams))
+		}
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetACL sets the ACL field's value.
+func (s *PutBucketAclInput) SetACL(v string) *PutBucketAclInput {
+	s.ACL = &v
+	return s
+}
+
+// SetAccessControlPolicy sets the AccessControlPolicy field's value.
+func (s *PutBucketAclInput) SetAccessControlPolicy(v *AccessControlPolicy) *PutBucketAclInput {
+	s.AccessControlPolicy = v
+	return s
+}
+
+// SetBucket sets the Bucket field's value.
+func (s *PutBucketAclInput) SetBucket(v string) *PutBucketAclInput {
+	s.Bucket = &v
+	return s
+}
+
+func (s *PutBucketAclInput) getBucket() (v string) {
+	if s.Bucket == nil {
+		return v
+	}
+	return *s.Bucket
+}
+
+// SetChecksumAlgorithm sets the ChecksumAlgorithm field's value.
+func (s *PutBucketAclInput) SetChecksumAlgorithm(v string) *PutBucketAclInput {
+	s.ChecksumAlgorithm = &v
+	return s
+}
+
+// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
+func (s *PutBucketAclInput) SetExpectedBucketOwner(v string) *PutBucketAclInput {
+	s.ExpectedBucketOwner = &v
+	return s
+}
+
+// SetGrantFullControl sets the GrantFullControl field's value.
+func (s *PutBucketAclInput) SetGrantFullControl(v string) *PutBucketAclInput {
+	s.GrantFullControl = &v
+	return s
+}
+
+// SetGrantRead sets the GrantRead field's value.
+func (s *PutBucketAclInput) SetGrantRead(v string) *PutBucketAclInput {
+	s.GrantRead = &v
+	return s
+}
+
+// SetGrantReadACP sets the GrantReadACP field's value.
+func (s *PutBucketAclInput) SetGrantReadACP(v string) *PutBucketAclInput {
+	s.GrantReadACP = &v
+	return s
+}
+
+// SetGrantWrite sets the GrantWrite field's value.
+func (s *PutBucketAclInput) SetGrantWrite(v string) *PutBucketAclInput {
+	s.GrantWrite = &v
+	return s
+}
+
+// SetGrantWriteACP sets the GrantWriteACP field's value.
+func (s *PutBucketAclInput) SetGrantWriteACP(v string) *PutBucketAclInput {
+	s.GrantWriteACP = &v
+	return s
+}
+
+func (s *PutBucketAclInput) getEndpointARN() (arn.Resource, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	return parseEndpointARN(*s.Bucket)
+}
+
+func (s *PutBucketAclInput) hasEndpointARN() bool {
+	if s.Bucket == nil {
+		return false
+	}
+	return arn.IsARN(*s.Bucket)
+}
+
+// updateArnableField updates the value of the input field that
+// takes an ARN as an input. This method is useful to backfill
+// the parsed resource name from ARN into the input member.
+// It returns a pointer to a modified copy of input and an error.
+// Note that original input is not modified.
+func (s PutBucketAclInput) updateArnableField(v string) (interface{}, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	s.Bucket = aws.String(v)
+	return &s, nil
+}
+
+type PutBucketAclOutput struct {
+	_ struct{} `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PutBucketAclOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PutBucketAclOutput) GoString() string {
+	return s.String()
+}
+
+type PutBucketAnalyticsConfigurationInput struct {
+	_ struct{} `locationName:"PutBucketAnalyticsConfigurationRequest" type:"structure" payload:"AnalyticsConfiguration"`
+
+	// The configuration and any analyses for the analytics filter.
+	//
+	// AnalyticsConfiguration is a required field
+	AnalyticsConfiguration *AnalyticsConfiguration `locationName:"AnalyticsConfiguration" type:"structure" required:"true" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"`
+
+	// The name of the bucket to which an analytics configuration is stored.
+	//
+	// Bucket is a required field
+	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
+
+	// The account ID of the expected bucket owner. If the bucket is owned by a
+	// different account, the request fails with the HTTP status code 403 Forbidden
+	// (access denied).
+	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
+
+	// The ID that identifies the analytics configuration.
+	//
+	// Id is a required field
+	Id *string `location:"querystring" locationName:"id" type:"string" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PutBucketAnalyticsConfigurationInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PutBucketAnalyticsConfigurationInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *PutBucketAnalyticsConfigurationInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "PutBucketAnalyticsConfigurationInput"}
+	if s.AnalyticsConfiguration == nil {
+		invalidParams.Add(request.NewErrParamRequired("AnalyticsConfiguration"))
+	}
+	if s.Bucket == nil {
+		invalidParams.Add(request.NewErrParamRequired("Bucket"))
+	}
+	if s.Bucket != nil && len(*s.Bucket) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+	}
+	if s.Id == nil {
+		invalidParams.Add(request.NewErrParamRequired("Id"))
+	}
+	if s.AnalyticsConfiguration != nil {
+		if err := s.AnalyticsConfiguration.Validate(); err != nil {
+			invalidParams.AddNested("AnalyticsConfiguration", err.(request.ErrInvalidParams))
+		}
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetAnalyticsConfiguration sets the AnalyticsConfiguration field's value.
+func (s *PutBucketAnalyticsConfigurationInput) SetAnalyticsConfiguration(v *AnalyticsConfiguration) *PutBucketAnalyticsConfigurationInput {
+	s.AnalyticsConfiguration = v
+	return s
+}
+
+// SetBucket sets the Bucket field's value.
+func (s *PutBucketAnalyticsConfigurationInput) SetBucket(v string) *PutBucketAnalyticsConfigurationInput {
+	s.Bucket = &v
+	return s
+}
+
+func (s *PutBucketAnalyticsConfigurationInput) getBucket() (v string) {
+	if s.Bucket == nil {
+		return v
+	}
+	return *s.Bucket
+}
+
+// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
+func (s *PutBucketAnalyticsConfigurationInput) SetExpectedBucketOwner(v string) *PutBucketAnalyticsConfigurationInput {
+	s.ExpectedBucketOwner = &v
+	return s
+}
+
+// SetId sets the Id field's value.
+func (s *PutBucketAnalyticsConfigurationInput) SetId(v string) *PutBucketAnalyticsConfigurationInput {
+	s.Id = &v
+	return s
+}
+
+func (s *PutBucketAnalyticsConfigurationInput) getEndpointARN() (arn.Resource, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	return parseEndpointARN(*s.Bucket)
+}
+
+func (s *PutBucketAnalyticsConfigurationInput) hasEndpointARN() bool {
+	if s.Bucket == nil {
+		return false
+	}
+	return arn.IsARN(*s.Bucket)
+}
+
+// updateArnableField updates the value of the input field that
+// takes an ARN as an input. This method is useful to backfill
+// the parsed resource name from ARN into the input member.
+// It returns a pointer to a modified copy of input and an error.
+// Note that original input is not modified.
+func (s PutBucketAnalyticsConfigurationInput) updateArnableField(v string) (interface{}, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	s.Bucket = aws.String(v)
+	return &s, nil
+}
+
+type PutBucketAnalyticsConfigurationOutput struct {
+	_ struct{} `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PutBucketAnalyticsConfigurationOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PutBucketAnalyticsConfigurationOutput) GoString() string {
+	return s.String()
+}
+
+type PutBucketCorsInput struct {
+	_ struct{} `locationName:"PutBucketCorsRequest" type:"structure" payload:"CORSConfiguration"`
+
+	// Specifies the bucket impacted by the corsconfiguration.
+	//
+	// Bucket is a required field
+	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
+
+	// Describes the cross-origin access configuration for objects in an Amazon
+	// S3 bucket. For more information, see Enabling Cross-Origin Resource Sharing
+	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/cors.html) in the Amazon
+	// S3 User Guide.
+	//
+	// CORSConfiguration is a required field
+	CORSConfiguration *CORSConfiguration `locationName:"CORSConfiguration" type:"structure" required:"true" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"`
+
+	// Indicates the algorithm used to create the checksum for the object when using
+	// the SDK. This header will not provide any additional functionality if not
+	// using the SDK. When sending this header, there must be a corresponding x-amz-checksum
+	// or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with
+	// the HTTP status code 400 Bad Request. For more information, see Checking
+	// object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// in the Amazon S3 User Guide.
+	//
+	// If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm
+	// parameter.
+	//
+	// The AWS SDK for Go v1 does not support automatic computing request payload
+	// checksum. This feature is available in the AWS SDK for Go v2. If a value
+	// is specified for this parameter, the matching algorithm's checksum member
+	// must be populated with the algorithm's checksum of the request payload.
+	//
+	// The SDK will automatically compute the Content-MD5 checksum for this operation.
+	// The AWS SDK for Go v2 allows you to configure alternative checksum algorithm
+	// to be used.
+	ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"`
+
+	// The account ID of the expected bucket owner. If the bucket is owned by a
+	// different account, the request fails with the HTTP status code 403 Forbidden
+	// (access denied).
+	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PutBucketCorsInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PutBucketCorsInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *PutBucketCorsInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "PutBucketCorsInput"}
+	if s.Bucket == nil {
+		invalidParams.Add(request.NewErrParamRequired("Bucket"))
+	}
+	if s.Bucket != nil && len(*s.Bucket) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+	}
+	if s.CORSConfiguration == nil {
+		invalidParams.Add(request.NewErrParamRequired("CORSConfiguration"))
+	}
+	if s.CORSConfiguration != nil {
+		if err := s.CORSConfiguration.Validate(); err != nil {
+			invalidParams.AddNested("CORSConfiguration", err.(request.ErrInvalidParams))
+		}
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetBucket sets the Bucket field's value.
+func (s *PutBucketCorsInput) SetBucket(v string) *PutBucketCorsInput {
+	s.Bucket = &v
+	return s
+}
+
+func (s *PutBucketCorsInput) getBucket() (v string) {
+	if s.Bucket == nil {
+		return v
+	}
+	return *s.Bucket
+}
+
+// SetCORSConfiguration sets the CORSConfiguration field's value.
+func (s *PutBucketCorsInput) SetCORSConfiguration(v *CORSConfiguration) *PutBucketCorsInput {
+	s.CORSConfiguration = v
+	return s
+}
+
+// SetChecksumAlgorithm sets the ChecksumAlgorithm field's value.
+func (s *PutBucketCorsInput) SetChecksumAlgorithm(v string) *PutBucketCorsInput {
+	s.ChecksumAlgorithm = &v
+	return s
+}
+
+// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
+func (s *PutBucketCorsInput) SetExpectedBucketOwner(v string) *PutBucketCorsInput {
+	s.ExpectedBucketOwner = &v
+	return s
+}
+
+func (s *PutBucketCorsInput) getEndpointARN() (arn.Resource, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	return parseEndpointARN(*s.Bucket)
+}
+
+func (s *PutBucketCorsInput) hasEndpointARN() bool {
+	if s.Bucket == nil {
+		return false
+	}
+	return arn.IsARN(*s.Bucket)
+}
+
+// updateArnableField updates the value of the input field that
+// takes an ARN as an input. This method is useful to backfill
+// the parsed resource name from ARN into the input member.
+// It returns a pointer to a modified copy of input and an error.
+// Note that original input is not modified.
+func (s PutBucketCorsInput) updateArnableField(v string) (interface{}, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	s.Bucket = aws.String(v)
+	return &s, nil
+}
+
+type PutBucketCorsOutput struct {
+	_ struct{} `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PutBucketCorsOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PutBucketCorsOutput) GoString() string {
+	return s.String()
+}
+
+type PutBucketEncryptionInput struct {
+	_ struct{} `locationName:"PutBucketEncryptionRequest" type:"structure" payload:"ServerSideEncryptionConfiguration"`
+
+	// Specifies default encryption for a bucket using server-side encryption with
+	// different key options. By default, all buckets have a default encryption
+	// configuration that uses server-side encryption with Amazon S3 managed keys
+	// (SSE-S3). You can optionally configure default encryption for a bucket by
+	// using server-side encryption with an Amazon Web Services KMS key (SSE-KMS)
+	// or a customer-provided key (SSE-C). For information about the bucket default
+	// encryption feature, see Amazon S3 Bucket Default Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html)
+	// in the Amazon S3 User Guide.
+	//
+	// Bucket is a required field
+	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
+
+	// Indicates the algorithm used to create the checksum for the object when using
+	// the SDK. This header will not provide any additional functionality if not
+	// using the SDK. When sending this header, there must be a corresponding x-amz-checksum
+	// or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with
+	// the HTTP status code 400 Bad Request. For more information, see Checking
+	// object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// in the Amazon S3 User Guide.
+	//
+	// If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm
+	// parameter.
+	//
+	// The AWS SDK for Go v1 does not support automatic computing request payload
+	// checksum. This feature is available in the AWS SDK for Go v2. If a value
+	// is specified for this parameter, the matching algorithm's checksum member
+	// must be populated with the algorithm's checksum of the request payload.
+	//
+	// The SDK will automatically compute the Content-MD5 checksum for this operation.
+	// The AWS SDK for Go v2 allows you to configure alternative checksum algorithm
+	// to be used.
+	ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"`
+
+	// The account ID of the expected bucket owner. If the bucket is owned by a
+	// different account, the request fails with the HTTP status code 403 Forbidden
+	// (access denied).
+	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
+
+	// Specifies the default server-side-encryption configuration.
+	//
+	// ServerSideEncryptionConfiguration is a required field
+	ServerSideEncryptionConfiguration *ServerSideEncryptionConfiguration `locationName:"ServerSideEncryptionConfiguration" type:"structure" required:"true" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PutBucketEncryptionInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PutBucketEncryptionInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *PutBucketEncryptionInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "PutBucketEncryptionInput"}
+	if s.Bucket == nil {
+		invalidParams.Add(request.NewErrParamRequired("Bucket"))
+	}
+	if s.Bucket != nil && len(*s.Bucket) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+	}
+	if s.ServerSideEncryptionConfiguration == nil {
+		invalidParams.Add(request.NewErrParamRequired("ServerSideEncryptionConfiguration"))
+	}
+	if s.ServerSideEncryptionConfiguration != nil {
+		if err := s.ServerSideEncryptionConfiguration.Validate(); err != nil {
+			invalidParams.AddNested("ServerSideEncryptionConfiguration", err.(request.ErrInvalidParams))
+		}
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetBucket sets the Bucket field's value.
+func (s *PutBucketEncryptionInput) SetBucket(v string) *PutBucketEncryptionInput {
+	s.Bucket = &v
+	return s
+}
+
+func (s *PutBucketEncryptionInput) getBucket() (v string) {
+	if s.Bucket == nil {
+		return v
+	}
+	return *s.Bucket
+}
+
+// SetChecksumAlgorithm sets the ChecksumAlgorithm field's value.
+func (s *PutBucketEncryptionInput) SetChecksumAlgorithm(v string) *PutBucketEncryptionInput {
+	s.ChecksumAlgorithm = &v
+	return s
+}
+
+// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
+func (s *PutBucketEncryptionInput) SetExpectedBucketOwner(v string) *PutBucketEncryptionInput {
+	s.ExpectedBucketOwner = &v
+	return s
+}
+
+// SetServerSideEncryptionConfiguration sets the ServerSideEncryptionConfiguration field's value.
+func (s *PutBucketEncryptionInput) SetServerSideEncryptionConfiguration(v *ServerSideEncryptionConfiguration) *PutBucketEncryptionInput {
+	s.ServerSideEncryptionConfiguration = v
+	return s
+}
+
+func (s *PutBucketEncryptionInput) getEndpointARN() (arn.Resource, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	return parseEndpointARN(*s.Bucket)
+}
+
+func (s *PutBucketEncryptionInput) hasEndpointARN() bool {
+	if s.Bucket == nil {
+		return false
+	}
+	return arn.IsARN(*s.Bucket)
+}
+
+// updateArnableField updates the value of the input field that
+// takes an ARN as an input. This method is useful to backfill
+// the parsed resource name from ARN into the input member.
+// It returns a pointer to a modified copy of input and an error.
+// Note that original input is not modified.
+func (s PutBucketEncryptionInput) updateArnableField(v string) (interface{}, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	s.Bucket = aws.String(v)
+	return &s, nil
+}
+
+type PutBucketEncryptionOutput struct {
+	_ struct{} `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PutBucketEncryptionOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PutBucketEncryptionOutput) GoString() string {
+	return s.String()
+}
+
+type PutBucketIntelligentTieringConfigurationInput struct {
+	_ struct{} `locationName:"PutBucketIntelligentTieringConfigurationRequest" type:"structure" payload:"IntelligentTieringConfiguration"`
+
+	// The name of the Amazon S3 bucket whose configuration you want to modify or
+	// retrieve.
+	//
+	// Bucket is a required field
+	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
+
+	// The ID used to identify the S3 Intelligent-Tiering configuration.
+	//
+	// Id is a required field
+	Id *string `location:"querystring" locationName:"id" type:"string" required:"true"`
+
+	// Container for S3 Intelligent-Tiering configuration.
+	//
+	// IntelligentTieringConfiguration is a required field
+	IntelligentTieringConfiguration *IntelligentTieringConfiguration `locationName:"IntelligentTieringConfiguration" type:"structure" required:"true" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PutBucketIntelligentTieringConfigurationInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PutBucketIntelligentTieringConfigurationInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *PutBucketIntelligentTieringConfigurationInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "PutBucketIntelligentTieringConfigurationInput"}
+	if s.Bucket == nil {
+		invalidParams.Add(request.NewErrParamRequired("Bucket"))
+	}
+	if s.Bucket != nil && len(*s.Bucket) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+	}
+	if s.Id == nil {
+		invalidParams.Add(request.NewErrParamRequired("Id"))
+	}
+	if s.IntelligentTieringConfiguration == nil {
+		invalidParams.Add(request.NewErrParamRequired("IntelligentTieringConfiguration"))
+	}
+	if s.IntelligentTieringConfiguration != nil {
+		if err := s.IntelligentTieringConfiguration.Validate(); err != nil {
+			invalidParams.AddNested("IntelligentTieringConfiguration", err.(request.ErrInvalidParams))
+		}
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetBucket sets the Bucket field's value.
+func (s *PutBucketIntelligentTieringConfigurationInput) SetBucket(v string) *PutBucketIntelligentTieringConfigurationInput {
+	s.Bucket = &v
+	return s
+}
+
+func (s *PutBucketIntelligentTieringConfigurationInput) getBucket() (v string) {
+	if s.Bucket == nil {
+		return v
+	}
+	return *s.Bucket
+}
+
+// SetId sets the Id field's value.
+func (s *PutBucketIntelligentTieringConfigurationInput) SetId(v string) *PutBucketIntelligentTieringConfigurationInput {
+	s.Id = &v
+	return s
+}
+
+// SetIntelligentTieringConfiguration sets the IntelligentTieringConfiguration field's value.
+func (s *PutBucketIntelligentTieringConfigurationInput) SetIntelligentTieringConfiguration(v *IntelligentTieringConfiguration) *PutBucketIntelligentTieringConfigurationInput {
+	s.IntelligentTieringConfiguration = v
+	return s
+}
+
+func (s *PutBucketIntelligentTieringConfigurationInput) getEndpointARN() (arn.Resource, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	return parseEndpointARN(*s.Bucket)
+}
+
+func (s *PutBucketIntelligentTieringConfigurationInput) hasEndpointARN() bool {
+	if s.Bucket == nil {
+		return false
+	}
+	return arn.IsARN(*s.Bucket)
+}
+
+// updateArnableField updates the value of the input field that
+// takes an ARN as an input. This method is useful to backfill
+// the parsed resource name from ARN into the input member.
+// It returns a pointer to a modified copy of input and an error.
+// Note that original input is not modified.
+func (s PutBucketIntelligentTieringConfigurationInput) updateArnableField(v string) (interface{}, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	s.Bucket = aws.String(v)
+	return &s, nil
+}
+
+type PutBucketIntelligentTieringConfigurationOutput struct {
+	_ struct{} `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PutBucketIntelligentTieringConfigurationOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PutBucketIntelligentTieringConfigurationOutput) GoString() string {
+	return s.String()
+}
+
+type PutBucketInventoryConfigurationInput struct {
+	_ struct{} `locationName:"PutBucketInventoryConfigurationRequest" type:"structure" payload:"InventoryConfiguration"`
+
+	// The name of the bucket where the inventory configuration will be stored.
+	//
+	// Bucket is a required field
+	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
+
+	// The account ID of the expected bucket owner. If the bucket is owned by a
+	// different account, the request fails with the HTTP status code 403 Forbidden
+	// (access denied).
+	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
+
+	// The ID used to identify the inventory configuration.
+	//
+	// Id is a required field
+	Id *string `location:"querystring" locationName:"id" type:"string" required:"true"`
+
+	// Specifies the inventory configuration.
+	//
+	// InventoryConfiguration is a required field
+	InventoryConfiguration *InventoryConfiguration `locationName:"InventoryConfiguration" type:"structure" required:"true" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PutBucketInventoryConfigurationInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PutBucketInventoryConfigurationInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *PutBucketInventoryConfigurationInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "PutBucketInventoryConfigurationInput"}
+	if s.Bucket == nil {
+		invalidParams.Add(request.NewErrParamRequired("Bucket"))
+	}
+	if s.Bucket != nil && len(*s.Bucket) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+	}
+	if s.Id == nil {
+		invalidParams.Add(request.NewErrParamRequired("Id"))
+	}
+	if s.InventoryConfiguration == nil {
+		invalidParams.Add(request.NewErrParamRequired("InventoryConfiguration"))
+	}
+	if s.InventoryConfiguration != nil {
+		if err := s.InventoryConfiguration.Validate(); err != nil {
+			invalidParams.AddNested("InventoryConfiguration", err.(request.ErrInvalidParams))
+		}
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetBucket sets the Bucket field's value.
+func (s *PutBucketInventoryConfigurationInput) SetBucket(v string) *PutBucketInventoryConfigurationInput {
+	s.Bucket = &v
+	return s
+}
+
+func (s *PutBucketInventoryConfigurationInput) getBucket() (v string) {
+	if s.Bucket == nil {
+		return v
+	}
+	return *s.Bucket
+}
+
+// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
+func (s *PutBucketInventoryConfigurationInput) SetExpectedBucketOwner(v string) *PutBucketInventoryConfigurationInput {
+	s.ExpectedBucketOwner = &v
+	return s
+}
+
+// SetId sets the Id field's value.
+func (s *PutBucketInventoryConfigurationInput) SetId(v string) *PutBucketInventoryConfigurationInput {
+	s.Id = &v
+	return s
+}
+
+// SetInventoryConfiguration sets the InventoryConfiguration field's value.
+func (s *PutBucketInventoryConfigurationInput) SetInventoryConfiguration(v *InventoryConfiguration) *PutBucketInventoryConfigurationInput {
+	s.InventoryConfiguration = v
+	return s
+}
+
+func (s *PutBucketInventoryConfigurationInput) getEndpointARN() (arn.Resource, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	return parseEndpointARN(*s.Bucket)
+}
+
+func (s *PutBucketInventoryConfigurationInput) hasEndpointARN() bool {
+	if s.Bucket == nil {
+		return false
+	}
+	return arn.IsARN(*s.Bucket)
+}
+
+// updateArnableField updates the value of the input field that
+// takes an ARN as an input. This method is useful to backfill
+// the parsed resource name from ARN into the input member.
+// It returns a pointer to a modified copy of input and an error.
+// Note that original input is not modified.
+func (s PutBucketInventoryConfigurationInput) updateArnableField(v string) (interface{}, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	s.Bucket = aws.String(v)
+	return &s, nil
+}
+
+type PutBucketInventoryConfigurationOutput struct {
+	_ struct{} `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PutBucketInventoryConfigurationOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PutBucketInventoryConfigurationOutput) GoString() string {
+	return s.String()
+}
+
+type PutBucketLifecycleConfigurationInput struct {
+	_ struct{} `locationName:"PutBucketLifecycleConfigurationRequest" type:"structure" payload:"LifecycleConfiguration"`
+
+	// The name of the bucket for which to set the configuration.
+	//
+	// Bucket is a required field
+	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
+
+	// Indicates the algorithm used to create the checksum for the object when using
+	// the SDK. This header will not provide any additional functionality if not
+	// using the SDK. When sending this header, there must be a corresponding x-amz-checksum
+	// or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with
+	// the HTTP status code 400 Bad Request. For more information, see Checking
+	// object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// in the Amazon S3 User Guide.
+	//
+	// If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm
+	// parameter.
+	//
+	// The AWS SDK for Go v1 does not support automatic computing request payload
+	// checksum. This feature is available in the AWS SDK for Go v2. If a value
+	// is specified for this parameter, the matching algorithm's checksum member
+	// must be populated with the algorithm's checksum of the request payload.
+	//
+	// The SDK will automatically compute the Content-MD5 checksum for this operation.
+	// The AWS SDK for Go v2 allows you to configure alternative checksum algorithm
+	// to be used.
+	ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"`
+
+	// The account ID of the expected bucket owner. If the bucket is owned by a
+	// different account, the request fails with the HTTP status code 403 Forbidden
+	// (access denied).
+	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
+
+	// Container for lifecycle rules. You can add as many as 1,000 rules.
+	LifecycleConfiguration *BucketLifecycleConfiguration `locationName:"LifecycleConfiguration" type:"structure" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PutBucketLifecycleConfigurationInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PutBucketLifecycleConfigurationInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *PutBucketLifecycleConfigurationInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "PutBucketLifecycleConfigurationInput"}
+	if s.Bucket == nil {
+		invalidParams.Add(request.NewErrParamRequired("Bucket"))
+	}
+	if s.Bucket != nil && len(*s.Bucket) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+	}
+	if s.LifecycleConfiguration != nil {
+		if err := s.LifecycleConfiguration.Validate(); err != nil {
+			invalidParams.AddNested("LifecycleConfiguration", err.(request.ErrInvalidParams))
+		}
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetBucket sets the Bucket field's value.
+func (s *PutBucketLifecycleConfigurationInput) SetBucket(v string) *PutBucketLifecycleConfigurationInput {
+	s.Bucket = &v
+	return s
+}
+
+func (s *PutBucketLifecycleConfigurationInput) getBucket() (v string) {
+	if s.Bucket == nil {
+		return v
+	}
+	return *s.Bucket
+}
+
+// SetChecksumAlgorithm sets the ChecksumAlgorithm field's value.
+func (s *PutBucketLifecycleConfigurationInput) SetChecksumAlgorithm(v string) *PutBucketLifecycleConfigurationInput {
+	s.ChecksumAlgorithm = &v
+	return s
+}
+
+// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
+func (s *PutBucketLifecycleConfigurationInput) SetExpectedBucketOwner(v string) *PutBucketLifecycleConfigurationInput {
+	s.ExpectedBucketOwner = &v
+	return s
+}
+
+// SetLifecycleConfiguration sets the LifecycleConfiguration field's value.
+func (s *PutBucketLifecycleConfigurationInput) SetLifecycleConfiguration(v *BucketLifecycleConfiguration) *PutBucketLifecycleConfigurationInput {
+	s.LifecycleConfiguration = v
+	return s
+}
+
+func (s *PutBucketLifecycleConfigurationInput) getEndpointARN() (arn.Resource, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	return parseEndpointARN(*s.Bucket)
+}
+
+func (s *PutBucketLifecycleConfigurationInput) hasEndpointARN() bool {
+	if s.Bucket == nil {
+		return false
+	}
+	return arn.IsARN(*s.Bucket)
+}
+
+// updateArnableField updates the value of the input field that
+// takes an ARN as an input. This method is useful to backfill
+// the parsed resource name from ARN into the input member.
+// It returns a pointer to a modified copy of input and an error.
+// Note that original input is not modified.
+func (s PutBucketLifecycleConfigurationInput) updateArnableField(v string) (interface{}, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	s.Bucket = aws.String(v)
+	return &s, nil
+}
+
+type PutBucketLifecycleConfigurationOutput struct {
+	_ struct{} `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PutBucketLifecycleConfigurationOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PutBucketLifecycleConfigurationOutput) GoString() string {
+	return s.String()
+}
+
+type PutBucketLifecycleInput struct {
+	_ struct{} `locationName:"PutBucketLifecycleRequest" type:"structure" payload:"LifecycleConfiguration"`
+
+	// Bucket is a required field
+	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
+
+	// Indicates the algorithm used to create the checksum for the object when using
+	// the SDK. This header will not provide any additional functionality if not
+	// using the SDK. When sending this header, there must be a corresponding x-amz-checksum
+	// or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with
+	// the HTTP status code 400 Bad Request. For more information, see Checking
+	// object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// in the Amazon S3 User Guide.
+	//
+	// If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm
+	// parameter.
+	//
+	// The AWS SDK for Go v1 does not support automatic computing request payload
+	// checksum. This feature is available in the AWS SDK for Go v2. If a value
+	// is specified for this parameter, the matching algorithm's checksum member
+	// must be populated with the algorithm's checksum of the request payload.
+	//
+	// The SDK will automatically compute the Content-MD5 checksum for this operation.
+	// The AWS SDK for Go v2 allows you to configure alternative checksum algorithm
+	// to be used.
+	ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"`
+
+	// The account ID of the expected bucket owner. If the bucket is owned by a
+	// different account, the request fails with the HTTP status code 403 Forbidden
+	// (access denied).
+	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
+
+	// Container for lifecycle rules. You can add as many as 1000 rules.
+	//
+	// For more information see, Managing your storage lifecycle (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lifecycle-mgmt.html)
+	// in the Amazon S3 User Guide.
+	LifecycleConfiguration *LifecycleConfiguration `locationName:"LifecycleConfiguration" type:"structure" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PutBucketLifecycleInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PutBucketLifecycleInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *PutBucketLifecycleInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "PutBucketLifecycleInput"}
+	if s.Bucket == nil {
+		invalidParams.Add(request.NewErrParamRequired("Bucket"))
+	}
+	if s.Bucket != nil && len(*s.Bucket) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+	}
+	if s.LifecycleConfiguration != nil {
+		if err := s.LifecycleConfiguration.Validate(); err != nil {
+			invalidParams.AddNested("LifecycleConfiguration", err.(request.ErrInvalidParams))
+		}
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetBucket sets the Bucket field's value.
+func (s *PutBucketLifecycleInput) SetBucket(v string) *PutBucketLifecycleInput {
+	s.Bucket = &v
+	return s
+}
+
+func (s *PutBucketLifecycleInput) getBucket() (v string) {
+	if s.Bucket == nil {
+		return v
+	}
+	return *s.Bucket
+}
+
+// SetChecksumAlgorithm sets the ChecksumAlgorithm field's value.
+func (s *PutBucketLifecycleInput) SetChecksumAlgorithm(v string) *PutBucketLifecycleInput {
+	s.ChecksumAlgorithm = &v
+	return s
+}
+
+// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
+func (s *PutBucketLifecycleInput) SetExpectedBucketOwner(v string) *PutBucketLifecycleInput {
+	s.ExpectedBucketOwner = &v
+	return s
+}
+
+// SetLifecycleConfiguration sets the LifecycleConfiguration field's value.
+func (s *PutBucketLifecycleInput) SetLifecycleConfiguration(v *LifecycleConfiguration) *PutBucketLifecycleInput {
+	s.LifecycleConfiguration = v
+	return s
+}
+
+func (s *PutBucketLifecycleInput) getEndpointARN() (arn.Resource, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	return parseEndpointARN(*s.Bucket)
+}
+
+func (s *PutBucketLifecycleInput) hasEndpointARN() bool {
+	if s.Bucket == nil {
+		return false
+	}
+	return arn.IsARN(*s.Bucket)
+}
+
+// updateArnableField updates the value of the input field that
+// takes an ARN as an input. This method is useful to backfill
+// the parsed resource name from ARN into the input member.
+// It returns a pointer to a modified copy of input and an error.
+// Note that original input is not modified.
+func (s PutBucketLifecycleInput) updateArnableField(v string) (interface{}, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	s.Bucket = aws.String(v)
+	return &s, nil
+}
+
+type PutBucketLifecycleOutput struct {
+	_ struct{} `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PutBucketLifecycleOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PutBucketLifecycleOutput) GoString() string {
+	return s.String()
+}
+
+type PutBucketLoggingInput struct {
+	_ struct{} `locationName:"PutBucketLoggingRequest" type:"structure" payload:"BucketLoggingStatus"`
+
+	// The name of the bucket for which to set the logging parameters.
+	//
+	// Bucket is a required field
+	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
+
+	// Container for logging status information.
+	//
+	// BucketLoggingStatus is a required field
+	BucketLoggingStatus *BucketLoggingStatus `locationName:"BucketLoggingStatus" type:"structure" required:"true" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"`
+
+	// Indicates the algorithm used to create the checksum for the object when using
+	// the SDK. This header will not provide any additional functionality if not
+	// using the SDK. When sending this header, there must be a corresponding x-amz-checksum
+	// or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with
+	// the HTTP status code 400 Bad Request. For more information, see Checking
+	// object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// in the Amazon S3 User Guide.
+	//
+	// If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm
+	// parameter.
+	//
+	// The AWS SDK for Go v1 does not support automatic computing request payload
+	// checksum. This feature is available in the AWS SDK for Go v2. If a value
+	// is specified for this parameter, the matching algorithm's checksum member
+	// must be populated with the algorithm's checksum of the request payload.
+	//
+	// The SDK will automatically compute the Content-MD5 checksum for this operation.
+	// The AWS SDK for Go v2 allows you to configure alternative checksum algorithm
+	// to be used.
+	ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"`
+
+	// The account ID of the expected bucket owner. If the bucket is owned by a
+	// different account, the request fails with the HTTP status code 403 Forbidden
+	// (access denied).
+	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PutBucketLoggingInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PutBucketLoggingInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *PutBucketLoggingInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "PutBucketLoggingInput"}
+	if s.Bucket == nil {
+		invalidParams.Add(request.NewErrParamRequired("Bucket"))
+	}
+	if s.Bucket != nil && len(*s.Bucket) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+	}
+	if s.BucketLoggingStatus == nil {
+		invalidParams.Add(request.NewErrParamRequired("BucketLoggingStatus"))
+	}
+	if s.BucketLoggingStatus != nil {
+		if err := s.BucketLoggingStatus.Validate(); err != nil {
+			invalidParams.AddNested("BucketLoggingStatus", err.(request.ErrInvalidParams))
+		}
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetBucket sets the Bucket field's value.
+func (s *PutBucketLoggingInput) SetBucket(v string) *PutBucketLoggingInput {
+	s.Bucket = &v
+	return s
+}
+
+func (s *PutBucketLoggingInput) getBucket() (v string) {
+	if s.Bucket == nil {
+		return v
+	}
+	return *s.Bucket
+}
+
+// SetBucketLoggingStatus sets the BucketLoggingStatus field's value.
+func (s *PutBucketLoggingInput) SetBucketLoggingStatus(v *BucketLoggingStatus) *PutBucketLoggingInput {
+	s.BucketLoggingStatus = v
+	return s
+}
+
+// SetChecksumAlgorithm sets the ChecksumAlgorithm field's value.
+func (s *PutBucketLoggingInput) SetChecksumAlgorithm(v string) *PutBucketLoggingInput {
+	s.ChecksumAlgorithm = &v
+	return s
+}
+
+// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
+func (s *PutBucketLoggingInput) SetExpectedBucketOwner(v string) *PutBucketLoggingInput {
+	s.ExpectedBucketOwner = &v
+	return s
+}
+
+func (s *PutBucketLoggingInput) getEndpointARN() (arn.Resource, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	return parseEndpointARN(*s.Bucket)
+}
+
+func (s *PutBucketLoggingInput) hasEndpointARN() bool {
+	if s.Bucket == nil {
+		return false
+	}
+	return arn.IsARN(*s.Bucket)
+}
+
+// updateArnableField updates the value of the input field that
+// takes an ARN as an input. This method is useful to backfill
+// the parsed resource name from ARN into the input member.
+// It returns a pointer to a modified copy of input and an error.
+// Note that original input is not modified.
+func (s PutBucketLoggingInput) updateArnableField(v string) (interface{}, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	s.Bucket = aws.String(v)
+	return &s, nil
+}
+
+type PutBucketLoggingOutput struct {
+	_ struct{} `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PutBucketLoggingOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PutBucketLoggingOutput) GoString() string {
+	return s.String()
+}
+
+type PutBucketMetricsConfigurationInput struct {
+	_ struct{} `locationName:"PutBucketMetricsConfigurationRequest" type:"structure" payload:"MetricsConfiguration"`
+
+	// The name of the bucket for which the metrics configuration is set.
+	//
+	// Bucket is a required field
+	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
+
+	// The account ID of the expected bucket owner. If the bucket is owned by a
+	// different account, the request fails with the HTTP status code 403 Forbidden
+	// (access denied).
+	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
+
+	// The ID used to identify the metrics configuration. The ID has a 64 character
+	// limit and can only contain letters, numbers, periods, dashes, and underscores.
+	//
+	// Id is a required field
+	Id *string `location:"querystring" locationName:"id" type:"string" required:"true"`
+
+	// Specifies the metrics configuration.
+	//
+	// MetricsConfiguration is a required field
+	MetricsConfiguration *MetricsConfiguration `locationName:"MetricsConfiguration" type:"structure" required:"true" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PutBucketMetricsConfigurationInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PutBucketMetricsConfigurationInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *PutBucketMetricsConfigurationInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "PutBucketMetricsConfigurationInput"}
+	if s.Bucket == nil {
+		invalidParams.Add(request.NewErrParamRequired("Bucket"))
+	}
+	if s.Bucket != nil && len(*s.Bucket) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+	}
+	if s.Id == nil {
+		invalidParams.Add(request.NewErrParamRequired("Id"))
+	}
+	if s.MetricsConfiguration == nil {
+		invalidParams.Add(request.NewErrParamRequired("MetricsConfiguration"))
+	}
+	if s.MetricsConfiguration != nil {
+		if err := s.MetricsConfiguration.Validate(); err != nil {
+			invalidParams.AddNested("MetricsConfiguration", err.(request.ErrInvalidParams))
+		}
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetBucket sets the Bucket field's value.
+func (s *PutBucketMetricsConfigurationInput) SetBucket(v string) *PutBucketMetricsConfigurationInput {
+	s.Bucket = &v
+	return s
+}
+
+func (s *PutBucketMetricsConfigurationInput) getBucket() (v string) {
+	if s.Bucket == nil {
+		return v
+	}
+	return *s.Bucket
+}
+
+// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
+func (s *PutBucketMetricsConfigurationInput) SetExpectedBucketOwner(v string) *PutBucketMetricsConfigurationInput {
+	s.ExpectedBucketOwner = &v
+	return s
+}
+
+// SetId sets the Id field's value.
+func (s *PutBucketMetricsConfigurationInput) SetId(v string) *PutBucketMetricsConfigurationInput {
+	s.Id = &v
+	return s
+}
+
+// SetMetricsConfiguration sets the MetricsConfiguration field's value.
+func (s *PutBucketMetricsConfigurationInput) SetMetricsConfiguration(v *MetricsConfiguration) *PutBucketMetricsConfigurationInput {
+	s.MetricsConfiguration = v
+	return s
+}
+
+func (s *PutBucketMetricsConfigurationInput) getEndpointARN() (arn.Resource, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	return parseEndpointARN(*s.Bucket)
+}
+
+func (s *PutBucketMetricsConfigurationInput) hasEndpointARN() bool {
+	if s.Bucket == nil {
+		return false
+	}
+	return arn.IsARN(*s.Bucket)
+}
+
+// updateArnableField updates the value of the input field that
+// takes an ARN as an input. This method is useful to backfill
+// the parsed resource name from ARN into the input member.
+// It returns a pointer to a modified copy of input and an error.
+// Note that original input is not modified.
+func (s PutBucketMetricsConfigurationInput) updateArnableField(v string) (interface{}, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	s.Bucket = aws.String(v)
+	return &s, nil
+}
+
+type PutBucketMetricsConfigurationOutput struct {
+	_ struct{} `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PutBucketMetricsConfigurationOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PutBucketMetricsConfigurationOutput) GoString() string {
+	return s.String()
+}
+
+type PutBucketNotificationConfigurationInput struct {
+	_ struct{} `locationName:"PutBucketNotificationConfigurationRequest" type:"structure" payload:"NotificationConfiguration"`
+
+	// The name of the bucket.
+	//
+	// Bucket is a required field
+	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
+
+	// The account ID of the expected bucket owner. If the bucket is owned by a
+	// different account, the request fails with the HTTP status code 403 Forbidden
+	// (access denied).
+	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
+
+	// A container for specifying the notification configuration of the bucket.
+	// If this element is empty, notifications are turned off for the bucket.
+	//
+	// NotificationConfiguration is a required field
+	NotificationConfiguration *NotificationConfiguration `locationName:"NotificationConfiguration" type:"structure" required:"true" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"`
+
+	// Skips validation of Amazon SQS, Amazon SNS, and Lambda destinations. True
+	// or false value.
+	SkipDestinationValidation *bool `location:"header" locationName:"x-amz-skip-destination-validation" type:"boolean"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PutBucketNotificationConfigurationInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PutBucketNotificationConfigurationInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *PutBucketNotificationConfigurationInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "PutBucketNotificationConfigurationInput"}
+	if s.Bucket == nil {
+		invalidParams.Add(request.NewErrParamRequired("Bucket"))
+	}
+	if s.Bucket != nil && len(*s.Bucket) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+	}
+	if s.NotificationConfiguration == nil {
+		invalidParams.Add(request.NewErrParamRequired("NotificationConfiguration"))
+	}
+	if s.NotificationConfiguration != nil {
+		if err := s.NotificationConfiguration.Validate(); err != nil {
+			invalidParams.AddNested("NotificationConfiguration", err.(request.ErrInvalidParams))
+		}
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetBucket sets the Bucket field's value.
+func (s *PutBucketNotificationConfigurationInput) SetBucket(v string) *PutBucketNotificationConfigurationInput {
+	s.Bucket = &v
+	return s
+}
+
+func (s *PutBucketNotificationConfigurationInput) getBucket() (v string) {
+	if s.Bucket == nil {
+		return v
+	}
+	return *s.Bucket
+}
+
+// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
+func (s *PutBucketNotificationConfigurationInput) SetExpectedBucketOwner(v string) *PutBucketNotificationConfigurationInput {
+	s.ExpectedBucketOwner = &v
+	return s
+}
+
+// SetNotificationConfiguration sets the NotificationConfiguration field's value.
+func (s *PutBucketNotificationConfigurationInput) SetNotificationConfiguration(v *NotificationConfiguration) *PutBucketNotificationConfigurationInput {
+	s.NotificationConfiguration = v
+	return s
+}
+
+// SetSkipDestinationValidation sets the SkipDestinationValidation field's value.
+func (s *PutBucketNotificationConfigurationInput) SetSkipDestinationValidation(v bool) *PutBucketNotificationConfigurationInput {
+	s.SkipDestinationValidation = &v
+	return s
+}
+
+func (s *PutBucketNotificationConfigurationInput) getEndpointARN() (arn.Resource, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	return parseEndpointARN(*s.Bucket)
+}
+
+func (s *PutBucketNotificationConfigurationInput) hasEndpointARN() bool {
+	if s.Bucket == nil {
+		return false
+	}
+	return arn.IsARN(*s.Bucket)
+}
+
+// updateArnableField updates the value of the input field that
+// takes an ARN as an input. This method is useful to backfill
+// the parsed resource name from ARN into the input member.
+// It returns a pointer to a modified copy of input and an error.
+// Note that original input is not modified.
+func (s PutBucketNotificationConfigurationInput) updateArnableField(v string) (interface{}, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	s.Bucket = aws.String(v)
+	return &s, nil
+}
+
+type PutBucketNotificationConfigurationOutput struct {
+	_ struct{} `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PutBucketNotificationConfigurationOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PutBucketNotificationConfigurationOutput) GoString() string {
+	return s.String()
+}
+
+type PutBucketNotificationInput struct {
+	_ struct{} `locationName:"PutBucketNotificationRequest" type:"structure" payload:"NotificationConfiguration"`
+
+	// The name of the bucket.
+	//
+	// Bucket is a required field
+	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
+
+	// Indicates the algorithm used to create the checksum for the object when using
+	// the SDK. This header will not provide any additional functionality if not
+	// using the SDK. When sending this header, there must be a corresponding x-amz-checksum
+	// or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with
+	// the HTTP status code 400 Bad Request. For more information, see Checking
+	// object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// in the Amazon S3 User Guide.
+	//
+	// If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm
+	// parameter.
+	//
+	// The AWS SDK for Go v1 does not support automatic computing request payload
+	// checksum. This feature is available in the AWS SDK for Go v2. If a value
+	// is specified for this parameter, the matching algorithm's checksum member
+	// must be populated with the algorithm's checksum of the request payload.
+	//
+	// The SDK will automatically compute the Content-MD5 checksum for this operation.
+	// The AWS SDK for Go v2 allows you to configure alternative checksum algorithm
+	// to be used.
+	ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"`
+
+	// The account ID of the expected bucket owner. If the bucket is owned by a
+	// different account, the request fails with the HTTP status code 403 Forbidden
+	// (access denied).
+	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
+
+	// The container for the configuration.
+	//
+	// NotificationConfiguration is a required field
+	NotificationConfiguration *NotificationConfigurationDeprecated `locationName:"NotificationConfiguration" type:"structure" required:"true" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PutBucketNotificationInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PutBucketNotificationInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *PutBucketNotificationInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "PutBucketNotificationInput"}
+	if s.Bucket == nil {
+		invalidParams.Add(request.NewErrParamRequired("Bucket"))
+	}
+	if s.Bucket != nil && len(*s.Bucket) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+	}
+	if s.NotificationConfiguration == nil {
+		invalidParams.Add(request.NewErrParamRequired("NotificationConfiguration"))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetBucket sets the Bucket field's value.
+func (s *PutBucketNotificationInput) SetBucket(v string) *PutBucketNotificationInput {
+	s.Bucket = &v
+	return s
+}
+
+func (s *PutBucketNotificationInput) getBucket() (v string) {
+	if s.Bucket == nil {
+		return v
+	}
+	return *s.Bucket
+}
+
+// SetChecksumAlgorithm sets the ChecksumAlgorithm field's value.
+func (s *PutBucketNotificationInput) SetChecksumAlgorithm(v string) *PutBucketNotificationInput {
+	s.ChecksumAlgorithm = &v
+	return s
+}
+
+// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
+func (s *PutBucketNotificationInput) SetExpectedBucketOwner(v string) *PutBucketNotificationInput {
+	s.ExpectedBucketOwner = &v
+	return s
+}
+
+// SetNotificationConfiguration sets the NotificationConfiguration field's value.
+func (s *PutBucketNotificationInput) SetNotificationConfiguration(v *NotificationConfigurationDeprecated) *PutBucketNotificationInput {
+	s.NotificationConfiguration = v
+	return s
+}
+
+func (s *PutBucketNotificationInput) getEndpointARN() (arn.Resource, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	return parseEndpointARN(*s.Bucket)
+}
+
+func (s *PutBucketNotificationInput) hasEndpointARN() bool {
+	if s.Bucket == nil {
+		return false
+	}
+	return arn.IsARN(*s.Bucket)
+}
+
+// updateArnableField updates the value of the input field that
+// takes an ARN as an input. This method is useful to backfill
+// the parsed resource name from ARN into the input member.
+// It returns a pointer to a modified copy of input and an error.
+// Note that original input is not modified.
+func (s PutBucketNotificationInput) updateArnableField(v string) (interface{}, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	s.Bucket = aws.String(v)
+	return &s, nil
+}
+
+type PutBucketNotificationOutput struct {
+	_ struct{} `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PutBucketNotificationOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PutBucketNotificationOutput) GoString() string {
+	return s.String()
+}
+
+type PutBucketOwnershipControlsInput struct {
+	_ struct{} `locationName:"PutBucketOwnershipControlsRequest" type:"structure" payload:"OwnershipControls"`
+
+	// The name of the Amazon S3 bucket whose OwnershipControls you want to set.
+	//
+	// Bucket is a required field
+	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
+
+	// The account ID of the expected bucket owner. If the bucket is owned by a
+	// different account, the request fails with the HTTP status code 403 Forbidden
+	// (access denied).
+	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
+
+	// The OwnershipControls (BucketOwnerEnforced, BucketOwnerPreferred, or ObjectWriter)
+	// that you want to apply to this Amazon S3 bucket.
+	//
+	// OwnershipControls is a required field
+	OwnershipControls *OwnershipControls `locationName:"OwnershipControls" type:"structure" required:"true" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PutBucketOwnershipControlsInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PutBucketOwnershipControlsInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *PutBucketOwnershipControlsInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "PutBucketOwnershipControlsInput"}
+	if s.Bucket == nil {
+		invalidParams.Add(request.NewErrParamRequired("Bucket"))
+	}
+	if s.Bucket != nil && len(*s.Bucket) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+	}
+	if s.OwnershipControls == nil {
+		invalidParams.Add(request.NewErrParamRequired("OwnershipControls"))
+	}
+	if s.OwnershipControls != nil {
+		if err := s.OwnershipControls.Validate(); err != nil {
+			invalidParams.AddNested("OwnershipControls", err.(request.ErrInvalidParams))
+		}
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetBucket sets the Bucket field's value.
+func (s *PutBucketOwnershipControlsInput) SetBucket(v string) *PutBucketOwnershipControlsInput {
+	s.Bucket = &v
+	return s
+}
+
+func (s *PutBucketOwnershipControlsInput) getBucket() (v string) {
+	if s.Bucket == nil {
+		return v
+	}
+	return *s.Bucket
+}
+
+// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
+func (s *PutBucketOwnershipControlsInput) SetExpectedBucketOwner(v string) *PutBucketOwnershipControlsInput {
+	s.ExpectedBucketOwner = &v
+	return s
+}
+
+// SetOwnershipControls sets the OwnershipControls field's value.
+func (s *PutBucketOwnershipControlsInput) SetOwnershipControls(v *OwnershipControls) *PutBucketOwnershipControlsInput {
+	s.OwnershipControls = v
+	return s
+}
+
+func (s *PutBucketOwnershipControlsInput) getEndpointARN() (arn.Resource, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	return parseEndpointARN(*s.Bucket)
+}
+
+func (s *PutBucketOwnershipControlsInput) hasEndpointARN() bool {
+	if s.Bucket == nil {
+		return false
+	}
+	return arn.IsARN(*s.Bucket)
+}
+
+// updateArnableField updates the value of the input field that
+// takes an ARN as an input. This method is useful to backfill
+// the parsed resource name from ARN into the input member.
+// It returns a pointer to a modified copy of input and an error.
+// Note that original input is not modified.
+func (s PutBucketOwnershipControlsInput) updateArnableField(v string) (interface{}, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	s.Bucket = aws.String(v)
+	return &s, nil
+}
+
+type PutBucketOwnershipControlsOutput struct {
+	_ struct{} `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PutBucketOwnershipControlsOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PutBucketOwnershipControlsOutput) GoString() string {
+	return s.String()
+}
+
+type PutBucketPolicyInput struct {
+	_ struct{} `locationName:"PutBucketPolicyRequest" type:"structure" payload:"Policy"`
+
+	// The name of the bucket.
+	//
+	// Bucket is a required field
+	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
+
+	// Indicates the algorithm used to create the checksum for the object when using
+	// the SDK. This header will not provide any additional functionality if not
+	// using the SDK. When sending this header, there must be a corresponding x-amz-checksum
+	// or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with
+	// the HTTP status code 400 Bad Request. For more information, see Checking
+	// object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// in the Amazon S3 User Guide.
+	//
+	// If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm
+	// parameter.
+	//
+	// The AWS SDK for Go v1 does not support automatic computing request payload
+	// checksum. This feature is available in the AWS SDK for Go v2. If a value
+	// is specified for this parameter, the matching algorithm's checksum member
+	// must be populated with the algorithm's checksum of the request payload.
+	//
+	// The SDK will automatically compute the Content-MD5 checksum for this operation.
+	// The AWS SDK for Go v2 allows you to configure alternative checksum algorithm
+	// to be used.
+	ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"`
+
+	// Set this parameter to true to confirm that you want to remove your permissions
+	// to change this bucket policy in the future.
+	ConfirmRemoveSelfBucketAccess *bool `location:"header" locationName:"x-amz-confirm-remove-self-bucket-access" type:"boolean"`
+
+	// The account ID of the expected bucket owner. If the bucket is owned by a
+	// different account, the request fails with the HTTP status code 403 Forbidden
+	// (access denied).
+	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
+
+	// The bucket policy as a JSON document.
+	//
+	// Policy is a required field
+	Policy *string `type:"string" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PutBucketPolicyInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PutBucketPolicyInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *PutBucketPolicyInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "PutBucketPolicyInput"}
+	if s.Bucket == nil {
+		invalidParams.Add(request.NewErrParamRequired("Bucket"))
+	}
+	if s.Bucket != nil && len(*s.Bucket) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+	}
+	if s.Policy == nil {
+		invalidParams.Add(request.NewErrParamRequired("Policy"))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetBucket sets the Bucket field's value.
+func (s *PutBucketPolicyInput) SetBucket(v string) *PutBucketPolicyInput {
+	s.Bucket = &v
+	return s
+}
+
+func (s *PutBucketPolicyInput) getBucket() (v string) {
+	if s.Bucket == nil {
+		return v
+	}
+	return *s.Bucket
+}
+
+// SetChecksumAlgorithm sets the ChecksumAlgorithm field's value.
+func (s *PutBucketPolicyInput) SetChecksumAlgorithm(v string) *PutBucketPolicyInput {
+	s.ChecksumAlgorithm = &v
+	return s
+}
+
+// SetConfirmRemoveSelfBucketAccess sets the ConfirmRemoveSelfBucketAccess field's value.
+func (s *PutBucketPolicyInput) SetConfirmRemoveSelfBucketAccess(v bool) *PutBucketPolicyInput {
+	s.ConfirmRemoveSelfBucketAccess = &v
+	return s
+}
+
+// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
+func (s *PutBucketPolicyInput) SetExpectedBucketOwner(v string) *PutBucketPolicyInput {
+	s.ExpectedBucketOwner = &v
+	return s
+}
+
+// SetPolicy sets the Policy field's value.
+func (s *PutBucketPolicyInput) SetPolicy(v string) *PutBucketPolicyInput {
+	s.Policy = &v
+	return s
+}
+
+func (s *PutBucketPolicyInput) getEndpointARN() (arn.Resource, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	return parseEndpointARN(*s.Bucket)
+}
+
+func (s *PutBucketPolicyInput) hasEndpointARN() bool {
+	if s.Bucket == nil {
+		return false
+	}
+	return arn.IsARN(*s.Bucket)
+}
+
+// updateArnableField updates the value of the input field that
+// takes an ARN as an input. This method is useful to backfill
+// the parsed resource name from ARN into the input member.
+// It returns a pointer to a modified copy of input and an error.
+// Note that original input is not modified.
+func (s PutBucketPolicyInput) updateArnableField(v string) (interface{}, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	s.Bucket = aws.String(v)
+	return &s, nil
+}
+
+type PutBucketPolicyOutput struct {
+	_ struct{} `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PutBucketPolicyOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PutBucketPolicyOutput) GoString() string {
+	return s.String()
+}
+
+type PutBucketReplicationInput struct {
+	_ struct{} `locationName:"PutBucketReplicationRequest" type:"structure" payload:"ReplicationConfiguration"`
+
+	// The name of the bucket
+	//
+	// Bucket is a required field
+	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
+
+	// Indicates the algorithm used to create the checksum for the object when using
+	// the SDK. This header will not provide any additional functionality if not
+	// using the SDK. When sending this header, there must be a corresponding x-amz-checksum
+	// or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with
+	// the HTTP status code 400 Bad Request. For more information, see Checking
+	// object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// in the Amazon S3 User Guide.
+	//
+	// If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm
+	// parameter.
+	//
+	// The AWS SDK for Go v1 does not support automatic computing request payload
+	// checksum. This feature is available in the AWS SDK for Go v2. If a value
+	// is specified for this parameter, the matching algorithm's checksum member
+	// must be populated with the algorithm's checksum of the request payload.
+	//
+	// The SDK will automatically compute the Content-MD5 checksum for this operation.
+	// The AWS SDK for Go v2 allows you to configure alternative checksum algorithm
+	// to be used.
+	ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"`
+
+	// The account ID of the expected bucket owner. If the bucket is owned by a
+	// different account, the request fails with the HTTP status code 403 Forbidden
+	// (access denied).
+	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
+
+	// A container for replication rules. You can add up to 1,000 rules. The maximum
+	// size of a replication configuration is 2 MB.
+	//
+	// ReplicationConfiguration is a required field
+	ReplicationConfiguration *ReplicationConfiguration `locationName:"ReplicationConfiguration" type:"structure" required:"true" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"`
+
+	// A token to allow Object Lock to be enabled for an existing bucket.
+	Token *string `location:"header" locationName:"x-amz-bucket-object-lock-token" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PutBucketReplicationInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PutBucketReplicationInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *PutBucketReplicationInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "PutBucketReplicationInput"}
+	if s.Bucket == nil {
+		invalidParams.Add(request.NewErrParamRequired("Bucket"))
+	}
+	if s.Bucket != nil && len(*s.Bucket) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+	}
+	if s.ReplicationConfiguration == nil {
+		invalidParams.Add(request.NewErrParamRequired("ReplicationConfiguration"))
+	}
+	if s.ReplicationConfiguration != nil {
+		if err := s.ReplicationConfiguration.Validate(); err != nil {
+			invalidParams.AddNested("ReplicationConfiguration", err.(request.ErrInvalidParams))
+		}
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetBucket sets the Bucket field's value.
+func (s *PutBucketReplicationInput) SetBucket(v string) *PutBucketReplicationInput {
+	s.Bucket = &v
+	return s
+}
+
+func (s *PutBucketReplicationInput) getBucket() (v string) {
+	if s.Bucket == nil {
+		return v
+	}
+	return *s.Bucket
+}
+
+// SetChecksumAlgorithm sets the ChecksumAlgorithm field's value.
+func (s *PutBucketReplicationInput) SetChecksumAlgorithm(v string) *PutBucketReplicationInput {
+	s.ChecksumAlgorithm = &v
+	return s
+}
+
+// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
+func (s *PutBucketReplicationInput) SetExpectedBucketOwner(v string) *PutBucketReplicationInput {
+	s.ExpectedBucketOwner = &v
+	return s
+}
+
+// SetReplicationConfiguration sets the ReplicationConfiguration field's value.
+func (s *PutBucketReplicationInput) SetReplicationConfiguration(v *ReplicationConfiguration) *PutBucketReplicationInput {
+	s.ReplicationConfiguration = v
+	return s
+}
+
+// SetToken sets the Token field's value.
+func (s *PutBucketReplicationInput) SetToken(v string) *PutBucketReplicationInput {
+	s.Token = &v
+	return s
+}
+
+func (s *PutBucketReplicationInput) getEndpointARN() (arn.Resource, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	return parseEndpointARN(*s.Bucket)
+}
+
+func (s *PutBucketReplicationInput) hasEndpointARN() bool {
+	if s.Bucket == nil {
+		return false
+	}
+	return arn.IsARN(*s.Bucket)
+}
+
+// updateArnableField updates the value of the input field that
+// takes an ARN as an input. This method is useful to backfill
+// the parsed resource name from ARN into the input member.
+// It returns a pointer to a modified copy of input and an error.
+// Note that original input is not modified.
+func (s PutBucketReplicationInput) updateArnableField(v string) (interface{}, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	s.Bucket = aws.String(v)
+	return &s, nil
+}
+
+type PutBucketReplicationOutput struct {
+	_ struct{} `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PutBucketReplicationOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PutBucketReplicationOutput) GoString() string {
+	return s.String()
+}
+
+type PutBucketRequestPaymentInput struct {
+	_ struct{} `locationName:"PutBucketRequestPaymentRequest" type:"structure" payload:"RequestPaymentConfiguration"`
+
+	// The bucket name.
+	//
+	// Bucket is a required field
+	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
+
+	// Indicates the algorithm used to create the checksum for the object when using
+	// the SDK. This header will not provide any additional functionality if not
+	// using the SDK. When sending this header, there must be a corresponding x-amz-checksum
+	// or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with
+	// the HTTP status code 400 Bad Request. For more information, see Checking
+	// object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// in the Amazon S3 User Guide.
+	//
+	// If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm
+	// parameter.
+	//
+	// The AWS SDK for Go v1 does not support automatic computing request payload
+	// checksum. This feature is available in the AWS SDK for Go v2. If a value
+	// is specified for this parameter, the matching algorithm's checksum member
+	// must be populated with the algorithm's checksum of the request payload.
+	//
+	// The SDK will automatically compute the Content-MD5 checksum for this operation.
+	// The AWS SDK for Go v2 allows you to configure alternative checksum algorithm
+	// to be used.
+	ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"`
+
+	// The account ID of the expected bucket owner. If the bucket is owned by a
+	// different account, the request fails with the HTTP status code 403 Forbidden
+	// (access denied).
+	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
+
+	// Container for Payer.
+	//
+	// RequestPaymentConfiguration is a required field
+	RequestPaymentConfiguration *RequestPaymentConfiguration `locationName:"RequestPaymentConfiguration" type:"structure" required:"true" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PutBucketRequestPaymentInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PutBucketRequestPaymentInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *PutBucketRequestPaymentInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "PutBucketRequestPaymentInput"}
+	if s.Bucket == nil {
+		invalidParams.Add(request.NewErrParamRequired("Bucket"))
+	}
+	if s.Bucket != nil && len(*s.Bucket) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+	}
+	if s.RequestPaymentConfiguration == nil {
+		invalidParams.Add(request.NewErrParamRequired("RequestPaymentConfiguration"))
+	}
+	if s.RequestPaymentConfiguration != nil {
+		if err := s.RequestPaymentConfiguration.Validate(); err != nil {
+			invalidParams.AddNested("RequestPaymentConfiguration", err.(request.ErrInvalidParams))
+		}
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetBucket sets the Bucket field's value.
+func (s *PutBucketRequestPaymentInput) SetBucket(v string) *PutBucketRequestPaymentInput {
+	s.Bucket = &v
+	return s
+}
+
+func (s *PutBucketRequestPaymentInput) getBucket() (v string) {
+	if s.Bucket == nil {
+		return v
+	}
+	return *s.Bucket
+}
+
+// SetChecksumAlgorithm sets the ChecksumAlgorithm field's value.
+func (s *PutBucketRequestPaymentInput) SetChecksumAlgorithm(v string) *PutBucketRequestPaymentInput {
+	s.ChecksumAlgorithm = &v
+	return s
+}
+
+// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
+func (s *PutBucketRequestPaymentInput) SetExpectedBucketOwner(v string) *PutBucketRequestPaymentInput {
+	s.ExpectedBucketOwner = &v
+	return s
+}
+
+// SetRequestPaymentConfiguration sets the RequestPaymentConfiguration field's value.
+func (s *PutBucketRequestPaymentInput) SetRequestPaymentConfiguration(v *RequestPaymentConfiguration) *PutBucketRequestPaymentInput {
+	s.RequestPaymentConfiguration = v
+	return s
+}
+
+func (s *PutBucketRequestPaymentInput) getEndpointARN() (arn.Resource, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	return parseEndpointARN(*s.Bucket)
+}
+
+func (s *PutBucketRequestPaymentInput) hasEndpointARN() bool {
+	if s.Bucket == nil {
+		return false
+	}
+	return arn.IsARN(*s.Bucket)
+}
+
+// updateArnableField updates the value of the input field that
+// takes an ARN as an input. This method is useful to backfill
+// the parsed resource name from ARN into the input member.
+// It returns a pointer to a modified copy of input and an error.
+// Note that original input is not modified.
+func (s PutBucketRequestPaymentInput) updateArnableField(v string) (interface{}, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	s.Bucket = aws.String(v)
+	return &s, nil
+}
+
+type PutBucketRequestPaymentOutput struct {
+	_ struct{} `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PutBucketRequestPaymentOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PutBucketRequestPaymentOutput) GoString() string {
+	return s.String()
+}
+
+type PutBucketTaggingInput struct {
+	_ struct{} `locationName:"PutBucketTaggingRequest" type:"structure" payload:"Tagging"`
+
+	// The bucket name.
+	//
+	// Bucket is a required field
+	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
+
+	// Indicates the algorithm used to create the checksum for the object when using
+	// the SDK. This header will not provide any additional functionality if not
+	// using the SDK. When sending this header, there must be a corresponding x-amz-checksum
+	// or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with
+	// the HTTP status code 400 Bad Request. For more information, see Checking
+	// object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// in the Amazon S3 User Guide.
+	//
+	// If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm
+	// parameter.
+	//
+	// The AWS SDK for Go v1 does not support automatic computing request payload
+	// checksum. This feature is available in the AWS SDK for Go v2. If a value
+	// is specified for this parameter, the matching algorithm's checksum member
+	// must be populated with the algorithm's checksum of the request payload.
+	//
+	// The SDK will automatically compute the Content-MD5 checksum for this operation.
+	// The AWS SDK for Go v2 allows you to configure alternative checksum algorithm
+	// to be used.
+	ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"`
+
+	// The account ID of the expected bucket owner. If the bucket is owned by a
+	// different account, the request fails with the HTTP status code 403 Forbidden
+	// (access denied).
+	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
+
+	// Container for the TagSet and Tag elements.
+	//
+	// Tagging is a required field
+	Tagging *Tagging `locationName:"Tagging" type:"structure" required:"true" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PutBucketTaggingInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PutBucketTaggingInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *PutBucketTaggingInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "PutBucketTaggingInput"}
+	if s.Bucket == nil {
+		invalidParams.Add(request.NewErrParamRequired("Bucket"))
+	}
+	if s.Bucket != nil && len(*s.Bucket) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+	}
+	if s.Tagging == nil {
+		invalidParams.Add(request.NewErrParamRequired("Tagging"))
+	}
+	if s.Tagging != nil {
+		if err := s.Tagging.Validate(); err != nil {
+			invalidParams.AddNested("Tagging", err.(request.ErrInvalidParams))
+		}
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetBucket sets the Bucket field's value.
+func (s *PutBucketTaggingInput) SetBucket(v string) *PutBucketTaggingInput {
+	s.Bucket = &v
+	return s
+}
+
+func (s *PutBucketTaggingInput) getBucket() (v string) {
+	if s.Bucket == nil {
+		return v
+	}
+	return *s.Bucket
+}
+
+// SetChecksumAlgorithm sets the ChecksumAlgorithm field's value.
+func (s *PutBucketTaggingInput) SetChecksumAlgorithm(v string) *PutBucketTaggingInput {
+	s.ChecksumAlgorithm = &v
+	return s
+}
+
+// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
+func (s *PutBucketTaggingInput) SetExpectedBucketOwner(v string) *PutBucketTaggingInput {
+	s.ExpectedBucketOwner = &v
+	return s
+}
+
+// SetTagging sets the Tagging field's value.
+func (s *PutBucketTaggingInput) SetTagging(v *Tagging) *PutBucketTaggingInput {
+	s.Tagging = v
+	return s
+}
+
+func (s *PutBucketTaggingInput) getEndpointARN() (arn.Resource, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	return parseEndpointARN(*s.Bucket)
+}
+
+func (s *PutBucketTaggingInput) hasEndpointARN() bool {
+	if s.Bucket == nil {
+		return false
+	}
+	return arn.IsARN(*s.Bucket)
+}
+
+// updateArnableField updates the value of the input field that
+// takes an ARN as an input. This method is useful to backfill
+// the parsed resource name from ARN into the input member.
+// It returns a pointer to a modified copy of input and an error.
+// Note that original input is not modified.
+func (s PutBucketTaggingInput) updateArnableField(v string) (interface{}, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	s.Bucket = aws.String(v)
+	return &s, nil
+}
+
+type PutBucketTaggingOutput struct {
+	_ struct{} `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PutBucketTaggingOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PutBucketTaggingOutput) GoString() string {
+	return s.String()
+}
+
+type PutBucketVersioningInput struct {
+	_ struct{} `locationName:"PutBucketVersioningRequest" type:"structure" payload:"VersioningConfiguration"`
+
+	// The bucket name.
+	//
+	// Bucket is a required field
+	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
+
+	// Indicates the algorithm used to create the checksum for the object when using
+	// the SDK. This header will not provide any additional functionality if not
+	// using the SDK. When sending this header, there must be a corresponding x-amz-checksum
+	// or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with
+	// the HTTP status code 400 Bad Request. For more information, see Checking
+	// object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// in the Amazon S3 User Guide.
+	//
+	// If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm
+	// parameter.
+	//
+	// The AWS SDK for Go v1 does not support automatic computing request payload
+	// checksum. This feature is available in the AWS SDK for Go v2. If a value
+	// is specified for this parameter, the matching algorithm's checksum member
+	// must be populated with the algorithm's checksum of the request payload.
+	//
+	// The SDK will automatically compute the Content-MD5 checksum for this operation.
+	// The AWS SDK for Go v2 allows you to configure alternative checksum algorithm
+	// to be used.
+	ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"`
+
+	// The account ID of the expected bucket owner. If the bucket is owned by a
+	// different account, the request fails with the HTTP status code 403 Forbidden
+	// (access denied).
+	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
+
+	// The concatenation of the authentication device's serial number, a space,
+	// and the value that is displayed on your authentication device.
+	MFA *string `location:"header" locationName:"x-amz-mfa" type:"string"`
+
+	// Container for setting the versioning state.
+	//
+	// VersioningConfiguration is a required field
+	VersioningConfiguration *VersioningConfiguration `locationName:"VersioningConfiguration" type:"structure" required:"true" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PutBucketVersioningInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PutBucketVersioningInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *PutBucketVersioningInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "PutBucketVersioningInput"}
+	if s.Bucket == nil {
+		invalidParams.Add(request.NewErrParamRequired("Bucket"))
+	}
+	if s.Bucket != nil && len(*s.Bucket) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+	}
+	if s.VersioningConfiguration == nil {
+		invalidParams.Add(request.NewErrParamRequired("VersioningConfiguration"))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetBucket sets the Bucket field's value.
+func (s *PutBucketVersioningInput) SetBucket(v string) *PutBucketVersioningInput {
+	s.Bucket = &v
+	return s
+}
+
+func (s *PutBucketVersioningInput) getBucket() (v string) {
+	if s.Bucket == nil {
+		return v
+	}
+	return *s.Bucket
+}
+
+// SetChecksumAlgorithm sets the ChecksumAlgorithm field's value.
+func (s *PutBucketVersioningInput) SetChecksumAlgorithm(v string) *PutBucketVersioningInput {
+	s.ChecksumAlgorithm = &v
+	return s
+}
+
+// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
+func (s *PutBucketVersioningInput) SetExpectedBucketOwner(v string) *PutBucketVersioningInput {
+	s.ExpectedBucketOwner = &v
+	return s
+}
+
+// SetMFA sets the MFA field's value.
+func (s *PutBucketVersioningInput) SetMFA(v string) *PutBucketVersioningInput {
+	s.MFA = &v
+	return s
+}
+
+// SetVersioningConfiguration sets the VersioningConfiguration field's value.
+func (s *PutBucketVersioningInput) SetVersioningConfiguration(v *VersioningConfiguration) *PutBucketVersioningInput {
+	s.VersioningConfiguration = v
+	return s
+}
+
+func (s *PutBucketVersioningInput) getEndpointARN() (arn.Resource, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	return parseEndpointARN(*s.Bucket)
+}
+
+func (s *PutBucketVersioningInput) hasEndpointARN() bool {
+	if s.Bucket == nil {
+		return false
+	}
+	return arn.IsARN(*s.Bucket)
+}
+
+// updateArnableField updates the value of the input field that
+// takes an ARN as an input. This method is useful to backfill
+// the parsed resource name from ARN into the input member.
+// It returns a pointer to a modified copy of input and an error.
+// Note that original input is not modified.
+func (s PutBucketVersioningInput) updateArnableField(v string) (interface{}, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	s.Bucket = aws.String(v)
+	return &s, nil
+}
+
+type PutBucketVersioningOutput struct {
+	_ struct{} `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PutBucketVersioningOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PutBucketVersioningOutput) GoString() string {
+	return s.String()
+}
+
+type PutBucketWebsiteInput struct {
+	_ struct{} `locationName:"PutBucketWebsiteRequest" type:"structure" payload:"WebsiteConfiguration"`
+
+	// The bucket name.
+	//
+	// Bucket is a required field
+	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
+
+	// Indicates the algorithm used to create the checksum for the object when using
+	// the SDK. This header will not provide any additional functionality if not
+	// using the SDK. When sending this header, there must be a corresponding x-amz-checksum
+	// or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with
+	// the HTTP status code 400 Bad Request. For more information, see Checking
+	// object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// in the Amazon S3 User Guide.
+	//
+	// If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm
+	// parameter.
+	//
+	// The AWS SDK for Go v1 does not support automatic computing request payload
+	// checksum. This feature is available in the AWS SDK for Go v2. If a value
+	// is specified for this parameter, the matching algorithm's checksum member
+	// must be populated with the algorithm's checksum of the request payload.
+	//
+	// The SDK will automatically compute the Content-MD5 checksum for this operation.
+	// The AWS SDK for Go v2 allows you to configure alternative checksum algorithm
+	// to be used.
+	ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"`
+
+	// The account ID of the expected bucket owner. If the bucket is owned by a
+	// different account, the request fails with the HTTP status code 403 Forbidden
+	// (access denied).
+	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
+
+	// Container for the request.
+	//
+	// WebsiteConfiguration is a required field
+	WebsiteConfiguration *WebsiteConfiguration `locationName:"WebsiteConfiguration" type:"structure" required:"true" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PutBucketWebsiteInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PutBucketWebsiteInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *PutBucketWebsiteInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "PutBucketWebsiteInput"}
+	if s.Bucket == nil {
+		invalidParams.Add(request.NewErrParamRequired("Bucket"))
+	}
+	if s.Bucket != nil && len(*s.Bucket) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+	}
+	if s.WebsiteConfiguration == nil {
+		invalidParams.Add(request.NewErrParamRequired("WebsiteConfiguration"))
+	}
+	if s.WebsiteConfiguration != nil {
+		if err := s.WebsiteConfiguration.Validate(); err != nil {
+			invalidParams.AddNested("WebsiteConfiguration", err.(request.ErrInvalidParams))
+		}
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetBucket sets the Bucket field's value.
+func (s *PutBucketWebsiteInput) SetBucket(v string) *PutBucketWebsiteInput {
+	s.Bucket = &v
+	return s
+}
+
+func (s *PutBucketWebsiteInput) getBucket() (v string) {
+	if s.Bucket == nil {
+		return v
+	}
+	return *s.Bucket
+}
+
+// SetChecksumAlgorithm sets the ChecksumAlgorithm field's value.
+func (s *PutBucketWebsiteInput) SetChecksumAlgorithm(v string) *PutBucketWebsiteInput {
+	s.ChecksumAlgorithm = &v
+	return s
+}
+
+// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
+func (s *PutBucketWebsiteInput) SetExpectedBucketOwner(v string) *PutBucketWebsiteInput {
+	s.ExpectedBucketOwner = &v
+	return s
+}
+
+// SetWebsiteConfiguration sets the WebsiteConfiguration field's value.
+func (s *PutBucketWebsiteInput) SetWebsiteConfiguration(v *WebsiteConfiguration) *PutBucketWebsiteInput {
+	s.WebsiteConfiguration = v
+	return s
+}
+
+func (s *PutBucketWebsiteInput) getEndpointARN() (arn.Resource, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	return parseEndpointARN(*s.Bucket)
+}
+
+func (s *PutBucketWebsiteInput) hasEndpointARN() bool {
+	if s.Bucket == nil {
+		return false
+	}
+	return arn.IsARN(*s.Bucket)
+}
+
+// updateArnableField updates the value of the input field that
+// takes an ARN as an input. This method is useful to backfill
+// the parsed resource name from ARN into the input member.
+// It returns a pointer to a modified copy of input and an error.
+// Note that original input is not modified.
+func (s PutBucketWebsiteInput) updateArnableField(v string) (interface{}, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	s.Bucket = aws.String(v)
+	return &s, nil
+}
+
+type PutBucketWebsiteOutput struct {
+	_ struct{} `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PutBucketWebsiteOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PutBucketWebsiteOutput) GoString() string {
+	return s.String()
+}
+
+type PutObjectAclInput struct {
+	_ struct{} `locationName:"PutObjectAclRequest" type:"structure" payload:"AccessControlPolicy"`
+
+	// The canned ACL to apply to the object. For more information, see Canned ACL
+	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL).
+	ACL *string `location:"header" locationName:"x-amz-acl" type:"string" enum:"ObjectCannedACL"`
+
+	// Contains the elements that set the ACL permissions for an object per grantee.
+	AccessControlPolicy *AccessControlPolicy `locationName:"AccessControlPolicy" type:"structure" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"`
+
+	// The bucket name that contains the object to which you want to attach the
+	// ACL.
+	//
+	// When using this action with an access point, you must direct requests to
+	// the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com.
+	// When using this action with an access point through the Amazon Web Services
+	// SDKs, you provide the access point ARN in place of the bucket name. For more
+	// information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
+	// in the Amazon S3 User Guide.
+	//
+	// Bucket is a required field
+	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
+
+	// Indicates the algorithm used to create the checksum for the object when using
+	// the SDK. This header will not provide any additional functionality if not
+	// using the SDK. When sending this header, there must be a corresponding x-amz-checksum
+	// or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with
+	// the HTTP status code 400 Bad Request. For more information, see Checking
+	// object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// in the Amazon S3 User Guide.
+	//
+	// If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm
+	// parameter.
+	//
+	// The AWS SDK for Go v1 does not support automatic computing request payload
+	// checksum. This feature is available in the AWS SDK for Go v2. If a value
+	// is specified for this parameter, the matching algorithm's checksum member
+	// must be populated with the algorithm's checksum of the request payload.
+	//
+	// The SDK will automatically compute the Content-MD5 checksum for this operation.
+	// The AWS SDK for Go v2 allows you to configure alternative checksum algorithm
+	// to be used.
+	ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"`
+
+	// The account ID of the expected bucket owner. If the bucket is owned by a
+	// different account, the request fails with the HTTP status code 403 Forbidden
+	// (access denied).
+	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
+
+	// Allows grantee the read, write, read ACP, and write ACP permissions on the
+	// bucket.
+	//
+	// This action is not supported by Amazon S3 on Outposts.
+	GrantFullControl *string `location:"header" locationName:"x-amz-grant-full-control" type:"string"`
+
+	// Allows grantee to list the objects in the bucket.
+	//
+	// This action is not supported by Amazon S3 on Outposts.
+	GrantRead *string `location:"header" locationName:"x-amz-grant-read" type:"string"`
+
+	// Allows grantee to read the bucket ACL.
+	//
+	// This action is not supported by Amazon S3 on Outposts.
+	GrantReadACP *string `location:"header" locationName:"x-amz-grant-read-acp" type:"string"`
+
+	// Allows grantee to create new objects in the bucket.
+	//
+	// For the bucket and object owners of existing objects, also allows deletions
+	// and overwrites of those objects.
+	GrantWrite *string `location:"header" locationName:"x-amz-grant-write" type:"string"`
+
+	// Allows grantee to write the ACL for the applicable bucket.
+	//
+	// This action is not supported by Amazon S3 on Outposts.
+	GrantWriteACP *string `location:"header" locationName:"x-amz-grant-write-acp" type:"string"`
+
+	// Key for which the PUT action was initiated.
+	//
+	// When using this action with an access point, you must direct requests to
+	// the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com.
+	// When using this action with an access point through the Amazon Web Services
+	// SDKs, you provide the access point ARN in place of the bucket name. For more
+	// information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
+	// in the Amazon S3 User Guide.
+	//
+	// When you use this action with Amazon S3 on Outposts, you must direct requests
+	// to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form
+	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When
+	// you use this action with S3 on Outposts through the Amazon Web Services SDKs,
+	// you provide the Outposts access point ARN in place of the bucket name. For
+	// more information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
+	// in the Amazon S3 User Guide.
+	//
+	// Key is a required field
+	Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"`
+
+	// Confirms that the requester knows that they will be charged for the request.
+	// Bucket owners need not specify this parameter in their requests. For information
+	// about downloading objects from Requester Pays buckets, see Downloading Objects
+	// in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
+	// in the Amazon S3 User Guide.
+	RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"`
+
+	// VersionId used to reference a specific version of the object.
+	VersionId *string `location:"querystring" locationName:"versionId" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PutObjectAclInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PutObjectAclInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *PutObjectAclInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "PutObjectAclInput"}
+	if s.Bucket == nil {
+		invalidParams.Add(request.NewErrParamRequired("Bucket"))
+	}
+	if s.Bucket != nil && len(*s.Bucket) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+	}
+	if s.Key == nil {
+		invalidParams.Add(request.NewErrParamRequired("Key"))
+	}
+	if s.Key != nil && len(*s.Key) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Key", 1))
+	}
+	if s.AccessControlPolicy != nil {
+		if err := s.AccessControlPolicy.Validate(); err != nil {
+			invalidParams.AddNested("AccessControlPolicy", err.(request.ErrInvalidParams))
+		}
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetACL sets the ACL field's value.
+func (s *PutObjectAclInput) SetACL(v string) *PutObjectAclInput {
+	s.ACL = &v
+	return s
+}
+
+// SetAccessControlPolicy sets the AccessControlPolicy field's value.
+func (s *PutObjectAclInput) SetAccessControlPolicy(v *AccessControlPolicy) *PutObjectAclInput {
+	s.AccessControlPolicy = v
+	return s
+}
+
+// SetBucket sets the Bucket field's value.
+func (s *PutObjectAclInput) SetBucket(v string) *PutObjectAclInput {
+	s.Bucket = &v
+	return s
+}
+
+func (s *PutObjectAclInput) getBucket() (v string) {
+	if s.Bucket == nil {
+		return v
+	}
+	return *s.Bucket
+}
+
+// SetChecksumAlgorithm sets the ChecksumAlgorithm field's value.
+func (s *PutObjectAclInput) SetChecksumAlgorithm(v string) *PutObjectAclInput {
+	s.ChecksumAlgorithm = &v
+	return s
+}
+
+// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
+func (s *PutObjectAclInput) SetExpectedBucketOwner(v string) *PutObjectAclInput {
+	s.ExpectedBucketOwner = &v
+	return s
+}
+
+// SetGrantFullControl sets the GrantFullControl field's value.
+func (s *PutObjectAclInput) SetGrantFullControl(v string) *PutObjectAclInput {
+	s.GrantFullControl = &v
+	return s
+}
+
+// SetGrantRead sets the GrantRead field's value.
+func (s *PutObjectAclInput) SetGrantRead(v string) *PutObjectAclInput {
+	s.GrantRead = &v
+	return s
+}
+
+// SetGrantReadACP sets the GrantReadACP field's value.
+func (s *PutObjectAclInput) SetGrantReadACP(v string) *PutObjectAclInput {
+	s.GrantReadACP = &v
+	return s
+}
+
+// SetGrantWrite sets the GrantWrite field's value.
+func (s *PutObjectAclInput) SetGrantWrite(v string) *PutObjectAclInput {
+	s.GrantWrite = &v
+	return s
+}
+
+// SetGrantWriteACP sets the GrantWriteACP field's value.
+func (s *PutObjectAclInput) SetGrantWriteACP(v string) *PutObjectAclInput {
+	s.GrantWriteACP = &v
+	return s
+}
+
+// SetKey sets the Key field's value.
+func (s *PutObjectAclInput) SetKey(v string) *PutObjectAclInput {
+	s.Key = &v
+	return s
+}
+
+// SetRequestPayer sets the RequestPayer field's value.
+func (s *PutObjectAclInput) SetRequestPayer(v string) *PutObjectAclInput {
+	s.RequestPayer = &v
+	return s
+}
+
+// SetVersionId sets the VersionId field's value.
+func (s *PutObjectAclInput) SetVersionId(v string) *PutObjectAclInput {
+	s.VersionId = &v
+	return s
+}
+
+func (s *PutObjectAclInput) getEndpointARN() (arn.Resource, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	return parseEndpointARN(*s.Bucket)
+}
+
+func (s *PutObjectAclInput) hasEndpointARN() bool {
+	if s.Bucket == nil {
+		return false
+	}
+	return arn.IsARN(*s.Bucket)
+}
+
+// updateArnableField updates the value of the input field that
+// takes an ARN as an input. This method is useful to backfill
+// the parsed resource name from ARN into the input member.
+// It returns a pointer to a modified copy of input and an error.
+// Note that original input is not modified.
+func (s PutObjectAclInput) updateArnableField(v string) (interface{}, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	s.Bucket = aws.String(v)
+	return &s, nil
+}
+
+type PutObjectAclOutput struct {
+	_ struct{} `type:"structure"`
+
+	// If present, indicates that the requester was successfully charged for the
+	// request.
+	RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PutObjectAclOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PutObjectAclOutput) GoString() string {
+	return s.String()
+}
+
+// SetRequestCharged sets the RequestCharged field's value.
+func (s *PutObjectAclOutput) SetRequestCharged(v string) *PutObjectAclOutput {
+	s.RequestCharged = &v
+	return s
+}
+
+type PutObjectInput struct {
+	_ struct{} `locationName:"PutObjectRequest" type:"structure" payload:"Body"`
+
+	// The canned ACL to apply to the object. For more information, see Canned ACL
+	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL).
+	//
+	// This action is not supported by Amazon S3 on Outposts.
+	ACL *string `location:"header" locationName:"x-amz-acl" type:"string" enum:"ObjectCannedACL"`
+
+	// Object data.
+	Body io.ReadSeeker `type:"blob"`
+
+	// The bucket name to which the PUT action was initiated.
+	//
+	// When using this action with an access point, you must direct requests to
+	// the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com.
+	// When using this action with an access point through the Amazon Web Services
+	// SDKs, you provide the access point ARN in place of the bucket name. For more
+	// information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
+	// in the Amazon S3 User Guide.
+	//
+	// When you use this action with Amazon S3 on Outposts, you must direct requests
+	// to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form
+	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When
+	// you use this action with S3 on Outposts through the Amazon Web Services SDKs,
+	// you provide the Outposts access point ARN in place of the bucket name. For
+	// more information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
+	// in the Amazon S3 User Guide.
+	//
+	// Bucket is a required field
+	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
+
+	// Specifies whether Amazon S3 should use an S3 Bucket Key for object encryption
+	// with server-side encryption using Key Management Service (KMS) keys (SSE-KMS).
+	// Setting this header to true causes Amazon S3 to use an S3 Bucket Key for
+	// object encryption with SSE-KMS.
+	//
+	// Specifying this header with a PUT action doesn’t affect bucket-level settings
+	// for S3 Bucket Key.
+	BucketKeyEnabled *bool `location:"header" locationName:"x-amz-server-side-encryption-bucket-key-enabled" type:"boolean"`
+
+	// Can be used to specify caching behavior along the request/reply chain. For
+	// more information, see http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9
+	// (http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9).
+	CacheControl *string `location:"header" locationName:"Cache-Control" type:"string"`
+
+	// Indicates the algorithm used to create the checksum for the object when using
+	// the SDK. This header will not provide any additional functionality if not
+	// using the SDK. When sending this header, there must be a corresponding x-amz-checksum
+	// or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with
+	// the HTTP status code 400 Bad Request. For more information, see Checking
+	// object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// in the Amazon S3 User Guide.
+	//
+	// If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm
+	// parameter.
+	//
+	// The AWS SDK for Go v1 does not support automatic computing request payload
+	// checksum. This feature is available in the AWS SDK for Go v2. If a value
+	// is specified for this parameter, the matching algorithm's checksum member
+	// must be populated with the algorithm's checksum of the request payload.
+	ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"`
+
+	// This header can be used as a data integrity check to verify that the data
+	// received is the same data that was originally sent. This header specifies
+	// the base64-encoded, 32-bit CRC32 checksum of the object. For more information,
+	// see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// in the Amazon S3 User Guide.
+	ChecksumCRC32 *string `location:"header" locationName:"x-amz-checksum-crc32" type:"string"`
+
+	// This header can be used as a data integrity check to verify that the data
+	// received is the same data that was originally sent. This header specifies
+	// the base64-encoded, 32-bit CRC32C checksum of the object. For more information,
+	// see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// in the Amazon S3 User Guide.
+	ChecksumCRC32C *string `location:"header" locationName:"x-amz-checksum-crc32c" type:"string"`
+
+	// This header can be used as a data integrity check to verify that the data
+	// received is the same data that was originally sent. This header specifies
+	// the base64-encoded, 160-bit SHA-1 digest of the object. For more information,
+	// see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// in the Amazon S3 User Guide.
+	ChecksumSHA1 *string `location:"header" locationName:"x-amz-checksum-sha1" type:"string"`
+
+	// This header can be used as a data integrity check to verify that the data
+	// received is the same data that was originally sent. This header specifies
+	// the base64-encoded, 256-bit SHA-256 digest of the object. For more information,
+	// see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// in the Amazon S3 User Guide.
+	ChecksumSHA256 *string `location:"header" locationName:"x-amz-checksum-sha256" type:"string"`
+
+	// Specifies presentational information for the object. For more information,
+	// see https://www.rfc-editor.org/rfc/rfc6266#section-4 (https://www.rfc-editor.org/rfc/rfc6266#section-4).
+	ContentDisposition *string `location:"header" locationName:"Content-Disposition" type:"string"`
+
+	// Specifies what content encodings have been applied to the object and thus
+	// what decoding mechanisms must be applied to obtain the media-type referenced
+	// by the Content-Type header field. For more information, see https://www.rfc-editor.org/rfc/rfc9110.html#field.content-encoding
+	// (https://www.rfc-editor.org/rfc/rfc9110.html#field.content-encoding).
+	ContentEncoding *string `location:"header" locationName:"Content-Encoding" type:"string"`
+
+	// The language the content is in.
+	ContentLanguage *string `location:"header" locationName:"Content-Language" type:"string"`
+
+	// Size of the body in bytes. This parameter is useful when the size of the
+	// body cannot be determined automatically. For more information, see https://www.rfc-editor.org/rfc/rfc9110.html#name-content-length
+	// (https://www.rfc-editor.org/rfc/rfc9110.html#name-content-length).
+	ContentLength *int64 `location:"header" locationName:"Content-Length" type:"long"`
+
+	// The base64-encoded 128-bit MD5 digest of the message (without the headers)
+	// according to RFC 1864. This header can be used as a message integrity check
+	// to verify that the data is the same data that was originally sent. Although
+	// it is optional, we recommend using the Content-MD5 mechanism as an end-to-end
+	// integrity check. For more information about REST request authentication,
+	// see REST Authentication (https://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html).
+	ContentMD5 *string `location:"header" locationName:"Content-MD5" type:"string"`
+
+	// A standard MIME type describing the format of the contents. For more information,
+	// see https://www.rfc-editor.org/rfc/rfc9110.html#name-content-type (https://www.rfc-editor.org/rfc/rfc9110.html#name-content-type).
+	ContentType *string `location:"header" locationName:"Content-Type" type:"string"`
+
+	// The account ID of the expected bucket owner. If the bucket is owned by a
+	// different account, the request fails with the HTTP status code 403 Forbidden
+	// (access denied).
+	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
+
+	// The date and time at which the object is no longer cacheable. For more information,
+	// see https://www.rfc-editor.org/rfc/rfc7234#section-5.3 (https://www.rfc-editor.org/rfc/rfc7234#section-5.3).
+	Expires *time.Time `location:"header" locationName:"Expires" type:"timestamp"`
+
+	// Gives the grantee READ, READ_ACP, and WRITE_ACP permissions on the object.
+	//
+	// This action is not supported by Amazon S3 on Outposts.
+	GrantFullControl *string `location:"header" locationName:"x-amz-grant-full-control" type:"string"`
+
+	// Allows grantee to read the object data and its metadata.
+	//
+	// This action is not supported by Amazon S3 on Outposts.
+	GrantRead *string `location:"header" locationName:"x-amz-grant-read" type:"string"`
+
+	// Allows grantee to read the object ACL.
+	//
+	// This action is not supported by Amazon S3 on Outposts.
+	GrantReadACP *string `location:"header" locationName:"x-amz-grant-read-acp" type:"string"`
+
+	// Allows grantee to write the ACL for the applicable object.
+	//
+	// This action is not supported by Amazon S3 on Outposts.
+	GrantWriteACP *string `location:"header" locationName:"x-amz-grant-write-acp" type:"string"`
+
+	// Object key for which the PUT action was initiated.
+	//
+	// Key is a required field
+	Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"`
+
+	// A map of metadata to store with the object in S3.
+	Metadata map[string]*string `location:"headers" locationName:"x-amz-meta-" type:"map"`
+
+	// Specifies whether a legal hold will be applied to this object. For more information
+	// about S3 Object Lock, see Object Lock (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html).
+	ObjectLockLegalHoldStatus *string `location:"header" locationName:"x-amz-object-lock-legal-hold" type:"string" enum:"ObjectLockLegalHoldStatus"`
+
+	// The Object Lock mode that you want to apply to this object.
+	ObjectLockMode *string `location:"header" locationName:"x-amz-object-lock-mode" type:"string" enum:"ObjectLockMode"`
+
+	// The date and time when you want this object's Object Lock to expire. Must
+	// be formatted as a timestamp parameter.
+	ObjectLockRetainUntilDate *time.Time `location:"header" locationName:"x-amz-object-lock-retain-until-date" type:"timestamp" timestampFormat:"iso8601"`
+
+	// Confirms that the requester knows that they will be charged for the request.
+	// Bucket owners need not specify this parameter in their requests. For information
+	// about downloading objects from Requester Pays buckets, see Downloading Objects
+	// in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
+	// in the Amazon S3 User Guide.
+	RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"`
+
+	// Specifies the algorithm to use to when encrypting the object (for example,
+	// AES256).
+	SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"`
+
+	// Specifies the customer-provided encryption key for Amazon S3 to use in encrypting
+	// data. This value is used to store the object and then it is discarded; Amazon
+	// S3 does not store the encryption key. The key must be appropriate for use
+	// with the algorithm specified in the x-amz-server-side-encryption-customer-algorithm
+	// header.
+	//
+	// SSECustomerKey is a sensitive parameter and its value will be
+	// replaced with "sensitive" in string returned by PutObjectInput's
+	// String and GoString methods.
+	SSECustomerKey *string `marshal-as:"blob" location:"header" locationName:"x-amz-server-side-encryption-customer-key" type:"string" sensitive:"true"`
+
+	// Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321.
+	// Amazon S3 uses this header for a message integrity check to ensure that the
+	// encryption key was transmitted without error.
+	SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"`
+
+	// Specifies the Amazon Web Services KMS Encryption Context to use for object
+	// encryption. The value of this header is a base64-encoded UTF-8 string holding
+	// JSON with the encryption context key-value pairs. This value is stored as
+	// object metadata and automatically gets passed on to Amazon Web Services KMS
+	// for future GetObject or CopyObject operations on this object.
+	//
+	// SSEKMSEncryptionContext is a sensitive parameter and its value will be
+	// replaced with "sensitive" in string returned by PutObjectInput's
+	// String and GoString methods.
+	SSEKMSEncryptionContext *string `location:"header" locationName:"x-amz-server-side-encryption-context" type:"string" sensitive:"true"`
+
+	// If x-amz-server-side-encryption has a valid value of aws:kms or aws:kms:dsse,
+	// this header specifies the ID of the Key Management Service (KMS) symmetric
+	// encryption customer managed key that was used for the object. If you specify
+	// x-amz-server-side-encryption:aws:kms or x-amz-server-side-encryption:aws:kms:dsse,
+	// but do not providex-amz-server-side-encryption-aws-kms-key-id, Amazon S3
+	// uses the Amazon Web Services managed key (aws/s3) to protect the data. If
+	// the KMS key does not exist in the same account that's issuing the command,
+	// you must use the full ARN and not just the ID.
+	//
+	// SSEKMSKeyId is a sensitive parameter and its value will be
+	// replaced with "sensitive" in string returned by PutObjectInput's
+	// String and GoString methods.
+	SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"`
+
+	// The server-side encryption algorithm used when storing this object in Amazon
+	// S3 (for example, AES256, aws:kms, aws:kms:dsse).
+	ServerSideEncryption *string `location:"header" locationName:"x-amz-server-side-encryption" type:"string" enum:"ServerSideEncryption"`
+
+	// By default, Amazon S3 uses the STANDARD Storage Class to store newly created
+	// objects. The STANDARD storage class provides high durability and high availability.
+	// Depending on performance needs, you can specify a different Storage Class.
+	// Amazon S3 on Outposts only uses the OUTPOSTS Storage Class. For more information,
+	// see Storage Classes (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html)
+	// in the Amazon S3 User Guide.
+	StorageClass *string `location:"header" locationName:"x-amz-storage-class" type:"string" enum:"StorageClass"`
+
+	// The tag-set for the object. The tag-set must be encoded as URL Query parameters.
+	// (For example, "Key1=Value1")
+	Tagging *string `location:"header" locationName:"x-amz-tagging" type:"string"`
+
+	// If the bucket is configured as a website, redirects requests for this object
+	// to another object in the same bucket or to an external URL. Amazon S3 stores
+	// the value of this header in the object metadata. For information about object
+	// metadata, see Object Key and Metadata (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMetadata.html).
+	//
+	// In the following example, the request header sets the redirect to an object
+	// (anotherPage.html) in the same bucket:
+	//
+	// x-amz-website-redirect-location: /anotherPage.html
+	//
+	// In the following example, the request header sets the object redirect to
+	// another website:
+	//
+	// x-amz-website-redirect-location: http://www.example.com/
+	//
+	// For more information about website hosting in Amazon S3, see Hosting Websites
+	// on Amazon S3 (https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteHosting.html)
+	// and How to Configure Website Page Redirects (https://docs.aws.amazon.com/AmazonS3/latest/dev/how-to-page-redirect.html).
+	WebsiteRedirectLocation *string `location:"header" locationName:"x-amz-website-redirect-location" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PutObjectInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PutObjectInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *PutObjectInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "PutObjectInput"}
+	if s.Bucket == nil {
+		invalidParams.Add(request.NewErrParamRequired("Bucket"))
+	}
+	if s.Bucket != nil && len(*s.Bucket) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+	}
+	if s.Key == nil {
+		invalidParams.Add(request.NewErrParamRequired("Key"))
+	}
+	if s.Key != nil && len(*s.Key) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Key", 1))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetACL sets the ACL field's value.
+func (s *PutObjectInput) SetACL(v string) *PutObjectInput {
+	s.ACL = &v
+	return s
+}
+
+// SetBody sets the Body field's value.
+func (s *PutObjectInput) SetBody(v io.ReadSeeker) *PutObjectInput {
+	s.Body = v
+	return s
+}
+
+// SetBucket sets the Bucket field's value.
+func (s *PutObjectInput) SetBucket(v string) *PutObjectInput {
+	s.Bucket = &v
+	return s
+}
+
+func (s *PutObjectInput) getBucket() (v string) {
+	if s.Bucket == nil {
+		return v
+	}
+	return *s.Bucket
+}
+
+// SetBucketKeyEnabled sets the BucketKeyEnabled field's value.
+func (s *PutObjectInput) SetBucketKeyEnabled(v bool) *PutObjectInput {
+	s.BucketKeyEnabled = &v
+	return s
+}
+
+// SetCacheControl sets the CacheControl field's value.
+func (s *PutObjectInput) SetCacheControl(v string) *PutObjectInput {
+	s.CacheControl = &v
+	return s
+}
+
+// SetChecksumAlgorithm sets the ChecksumAlgorithm field's value.
+func (s *PutObjectInput) SetChecksumAlgorithm(v string) *PutObjectInput {
+	s.ChecksumAlgorithm = &v
+	return s
+}
+
+// SetChecksumCRC32 sets the ChecksumCRC32 field's value.
+func (s *PutObjectInput) SetChecksumCRC32(v string) *PutObjectInput {
+	s.ChecksumCRC32 = &v
+	return s
+}
+
+// SetChecksumCRC32C sets the ChecksumCRC32C field's value.
+func (s *PutObjectInput) SetChecksumCRC32C(v string) *PutObjectInput {
+	s.ChecksumCRC32C = &v
+	return s
+}
+
+// SetChecksumSHA1 sets the ChecksumSHA1 field's value.
+func (s *PutObjectInput) SetChecksumSHA1(v string) *PutObjectInput {
+	s.ChecksumSHA1 = &v
+	return s
+}
+
+// SetChecksumSHA256 sets the ChecksumSHA256 field's value.
+func (s *PutObjectInput) SetChecksumSHA256(v string) *PutObjectInput {
+	s.ChecksumSHA256 = &v
+	return s
+}
+
+// SetContentDisposition sets the ContentDisposition field's value.
+func (s *PutObjectInput) SetContentDisposition(v string) *PutObjectInput {
+	s.ContentDisposition = &v
+	return s
+}
+
+// SetContentEncoding sets the ContentEncoding field's value.
+func (s *PutObjectInput) SetContentEncoding(v string) *PutObjectInput {
+	s.ContentEncoding = &v
+	return s
+}
+
+// SetContentLanguage sets the ContentLanguage field's value.
+func (s *PutObjectInput) SetContentLanguage(v string) *PutObjectInput {
+	s.ContentLanguage = &v
+	return s
+}
+
+// SetContentLength sets the ContentLength field's value.
+func (s *PutObjectInput) SetContentLength(v int64) *PutObjectInput {
+	s.ContentLength = &v
+	return s
+}
+
+// SetContentMD5 sets the ContentMD5 field's value.
+func (s *PutObjectInput) SetContentMD5(v string) *PutObjectInput {
+	s.ContentMD5 = &v
+	return s
+}
+
+// SetContentType sets the ContentType field's value.
+func (s *PutObjectInput) SetContentType(v string) *PutObjectInput {
+	s.ContentType = &v
+	return s
+}
+
+// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
+func (s *PutObjectInput) SetExpectedBucketOwner(v string) *PutObjectInput {
+	s.ExpectedBucketOwner = &v
+	return s
+}
+
+// SetExpires sets the Expires field's value.
+func (s *PutObjectInput) SetExpires(v time.Time) *PutObjectInput {
+	s.Expires = &v
+	return s
+}
+
+// SetGrantFullControl sets the GrantFullControl field's value.
+func (s *PutObjectInput) SetGrantFullControl(v string) *PutObjectInput {
+	s.GrantFullControl = &v
+	return s
+}
+
+// SetGrantRead sets the GrantRead field's value.
+func (s *PutObjectInput) SetGrantRead(v string) *PutObjectInput {
+	s.GrantRead = &v
+	return s
+}
+
+// SetGrantReadACP sets the GrantReadACP field's value.
+func (s *PutObjectInput) SetGrantReadACP(v string) *PutObjectInput {
+	s.GrantReadACP = &v
+	return s
+}
+
+// SetGrantWriteACP sets the GrantWriteACP field's value.
+func (s *PutObjectInput) SetGrantWriteACP(v string) *PutObjectInput {
+	s.GrantWriteACP = &v
+	return s
+}
+
+// SetKey sets the Key field's value.
+func (s *PutObjectInput) SetKey(v string) *PutObjectInput {
+	s.Key = &v
+	return s
+}
+
+// SetMetadata sets the Metadata field's value.
+func (s *PutObjectInput) SetMetadata(v map[string]*string) *PutObjectInput {
+	s.Metadata = v
+	return s
+}
+
+// SetObjectLockLegalHoldStatus sets the ObjectLockLegalHoldStatus field's value.
+func (s *PutObjectInput) SetObjectLockLegalHoldStatus(v string) *PutObjectInput {
+	s.ObjectLockLegalHoldStatus = &v
+	return s
+}
+
+// SetObjectLockMode sets the ObjectLockMode field's value.
+func (s *PutObjectInput) SetObjectLockMode(v string) *PutObjectInput {
+	s.ObjectLockMode = &v
+	return s
+}
+
+// SetObjectLockRetainUntilDate sets the ObjectLockRetainUntilDate field's value.
+func (s *PutObjectInput) SetObjectLockRetainUntilDate(v time.Time) *PutObjectInput {
+	s.ObjectLockRetainUntilDate = &v
+	return s
+}
+
+// SetRequestPayer sets the RequestPayer field's value.
+func (s *PutObjectInput) SetRequestPayer(v string) *PutObjectInput {
+	s.RequestPayer = &v
+	return s
+}
+
+// SetSSECustomerAlgorithm sets the SSECustomerAlgorithm field's value.
+func (s *PutObjectInput) SetSSECustomerAlgorithm(v string) *PutObjectInput {
+	s.SSECustomerAlgorithm = &v
+	return s
+}
+
+// SetSSECustomerKey sets the SSECustomerKey field's value.
+func (s *PutObjectInput) SetSSECustomerKey(v string) *PutObjectInput {
+	s.SSECustomerKey = &v
+	return s
+}
+
+func (s *PutObjectInput) getSSECustomerKey() (v string) {
+	if s.SSECustomerKey == nil {
+		return v
+	}
+	return *s.SSECustomerKey
+}
+
+// SetSSECustomerKeyMD5 sets the SSECustomerKeyMD5 field's value.
+func (s *PutObjectInput) SetSSECustomerKeyMD5(v string) *PutObjectInput {
+	s.SSECustomerKeyMD5 = &v
+	return s
+}
+
+// SetSSEKMSEncryptionContext sets the SSEKMSEncryptionContext field's value.
+func (s *PutObjectInput) SetSSEKMSEncryptionContext(v string) *PutObjectInput {
+	s.SSEKMSEncryptionContext = &v
+	return s
+}
+
+// SetSSEKMSKeyId sets the SSEKMSKeyId field's value.
+func (s *PutObjectInput) SetSSEKMSKeyId(v string) *PutObjectInput {
+	s.SSEKMSKeyId = &v
+	return s
+}
+
+// SetServerSideEncryption sets the ServerSideEncryption field's value.
+func (s *PutObjectInput) SetServerSideEncryption(v string) *PutObjectInput {
+	s.ServerSideEncryption = &v
+	return s
+}
+
+// SetStorageClass sets the StorageClass field's value.
+func (s *PutObjectInput) SetStorageClass(v string) *PutObjectInput {
+	s.StorageClass = &v
+	return s
+}
+
+// SetTagging sets the Tagging field's value.
+func (s *PutObjectInput) SetTagging(v string) *PutObjectInput {
+	s.Tagging = &v
+	return s
+}
+
+// SetWebsiteRedirectLocation sets the WebsiteRedirectLocation field's value.
+func (s *PutObjectInput) SetWebsiteRedirectLocation(v string) *PutObjectInput {
+	s.WebsiteRedirectLocation = &v
+	return s
+}
+
+func (s *PutObjectInput) getEndpointARN() (arn.Resource, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	return parseEndpointARN(*s.Bucket)
+}
+
+func (s *PutObjectInput) hasEndpointARN() bool {
+	if s.Bucket == nil {
+		return false
+	}
+	return arn.IsARN(*s.Bucket)
+}
+
+// updateArnableField updates the value of the input field that
+// takes an ARN as an input. This method is useful to backfill
+// the parsed resource name from ARN into the input member.
+// It returns a pointer to a modified copy of input and an error.
+// Note that original input is not modified.
+func (s PutObjectInput) updateArnableField(v string) (interface{}, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	s.Bucket = aws.String(v)
+	return &s, nil
+}
+
+type PutObjectLegalHoldInput struct {
+	_ struct{} `locationName:"PutObjectLegalHoldRequest" type:"structure" payload:"LegalHold"`
+
+	// The bucket name containing the object that you want to place a legal hold
+	// on.
+	//
+	// When using this action with an access point, you must direct requests to
+	// the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com.
+	// When using this action with an access point through the Amazon Web Services
+	// SDKs, you provide the access point ARN in place of the bucket name. For more
+	// information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
+	// in the Amazon S3 User Guide.
+	//
+	// Bucket is a required field
+	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
+
+	// Indicates the algorithm used to create the checksum for the object when using
+	// the SDK. This header will not provide any additional functionality if not
+	// using the SDK. When sending this header, there must be a corresponding x-amz-checksum
+	// or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with
+	// the HTTP status code 400 Bad Request. For more information, see Checking
+	// object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// in the Amazon S3 User Guide.
+	//
+	// If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm
+	// parameter.
+	//
+	// The AWS SDK for Go v1 does not support automatic computing request payload
+	// checksum. This feature is available in the AWS SDK for Go v2. If a value
+	// is specified for this parameter, the matching algorithm's checksum member
+	// must be populated with the algorithm's checksum of the request payload.
+	//
+	// The SDK will automatically compute the Content-MD5 checksum for this operation.
+	// The AWS SDK for Go v2 allows you to configure alternative checksum algorithm
+	// to be used.
+	ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"`
+
+	// The account ID of the expected bucket owner. If the bucket is owned by a
+	// different account, the request fails with the HTTP status code 403 Forbidden
+	// (access denied).
+	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
+
+	// The key name for the object that you want to place a legal hold on.
+	//
+	// Key is a required field
+	Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"`
+
+	// Container element for the legal hold configuration you want to apply to the
+	// specified object.
+	LegalHold *ObjectLockLegalHold `locationName:"LegalHold" type:"structure" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"`
+
+	// Confirms that the requester knows that they will be charged for the request.
+	// Bucket owners need not specify this parameter in their requests. For information
+	// about downloading objects from Requester Pays buckets, see Downloading Objects
+	// in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
+	// in the Amazon S3 User Guide.
+	RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"`
+
+	// The version ID of the object that you want to place a legal hold on.
+	VersionId *string `location:"querystring" locationName:"versionId" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PutObjectLegalHoldInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PutObjectLegalHoldInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *PutObjectLegalHoldInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "PutObjectLegalHoldInput"}
+	if s.Bucket == nil {
+		invalidParams.Add(request.NewErrParamRequired("Bucket"))
+	}
+	if s.Bucket != nil && len(*s.Bucket) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+	}
+	if s.Key == nil {
+		invalidParams.Add(request.NewErrParamRequired("Key"))
+	}
+	if s.Key != nil && len(*s.Key) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Key", 1))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetBucket sets the Bucket field's value.
+func (s *PutObjectLegalHoldInput) SetBucket(v string) *PutObjectLegalHoldInput {
+	s.Bucket = &v
+	return s
+}
+
+func (s *PutObjectLegalHoldInput) getBucket() (v string) {
+	if s.Bucket == nil {
+		return v
+	}
+	return *s.Bucket
+}
+
+// SetChecksumAlgorithm sets the ChecksumAlgorithm field's value.
+func (s *PutObjectLegalHoldInput) SetChecksumAlgorithm(v string) *PutObjectLegalHoldInput {
+	s.ChecksumAlgorithm = &v
+	return s
+}
+
+// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
+func (s *PutObjectLegalHoldInput) SetExpectedBucketOwner(v string) *PutObjectLegalHoldInput {
+	s.ExpectedBucketOwner = &v
+	return s
+}
+
+// SetKey sets the Key field's value.
+func (s *PutObjectLegalHoldInput) SetKey(v string) *PutObjectLegalHoldInput {
+	s.Key = &v
+	return s
+}
+
+// SetLegalHold sets the LegalHold field's value.
+func (s *PutObjectLegalHoldInput) SetLegalHold(v *ObjectLockLegalHold) *PutObjectLegalHoldInput {
+	s.LegalHold = v
+	return s
+}
+
+// SetRequestPayer sets the RequestPayer field's value.
+func (s *PutObjectLegalHoldInput) SetRequestPayer(v string) *PutObjectLegalHoldInput {
+	s.RequestPayer = &v
+	return s
+}
+
+// SetVersionId sets the VersionId field's value.
+func (s *PutObjectLegalHoldInput) SetVersionId(v string) *PutObjectLegalHoldInput {
+	s.VersionId = &v
+	return s
+}
+
+func (s *PutObjectLegalHoldInput) getEndpointARN() (arn.Resource, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	return parseEndpointARN(*s.Bucket)
+}
+
+func (s *PutObjectLegalHoldInput) hasEndpointARN() bool {
+	if s.Bucket == nil {
+		return false
+	}
+	return arn.IsARN(*s.Bucket)
+}
+
+// updateArnableField updates the value of the input field that
+// takes an ARN as an input. This method is useful to backfill
+// the parsed resource name from ARN into the input member.
+// It returns a pointer to a modified copy of input and an error.
+// Note that original input is not modified.
+func (s PutObjectLegalHoldInput) updateArnableField(v string) (interface{}, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	s.Bucket = aws.String(v)
+	return &s, nil
+}
+
+type PutObjectLegalHoldOutput struct {
+	_ struct{} `type:"structure"`
+
+	// If present, indicates that the requester was successfully charged for the
+	// request.
+	RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PutObjectLegalHoldOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PutObjectLegalHoldOutput) GoString() string {
+	return s.String()
+}
+
+// SetRequestCharged sets the RequestCharged field's value.
+func (s *PutObjectLegalHoldOutput) SetRequestCharged(v string) *PutObjectLegalHoldOutput {
+	s.RequestCharged = &v
+	return s
+}
+
+type PutObjectLockConfigurationInput struct {
+	_ struct{} `locationName:"PutObjectLockConfigurationRequest" type:"structure" payload:"ObjectLockConfiguration"`
+
+	// The bucket whose Object Lock configuration you want to create or replace.
+	//
+	// Bucket is a required field
+	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
+
+	// Indicates the algorithm used to create the checksum for the object when using
+	// the SDK. This header will not provide any additional functionality if not
+	// using the SDK. When sending this header, there must be a corresponding x-amz-checksum
+	// or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with
+	// the HTTP status code 400 Bad Request. For more information, see Checking
+	// object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// in the Amazon S3 User Guide.
+	//
+	// If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm
+	// parameter.
+	//
+	// The AWS SDK for Go v1 does not support automatic computing request payload
+	// checksum. This feature is available in the AWS SDK for Go v2. If a value
+	// is specified for this parameter, the matching algorithm's checksum member
+	// must be populated with the algorithm's checksum of the request payload.
+	//
+	// The SDK will automatically compute the Content-MD5 checksum for this operation.
+	// The AWS SDK for Go v2 allows you to configure alternative checksum algorithm
+	// to be used.
+	ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"`
+
+	// The account ID of the expected bucket owner. If the bucket is owned by a
+	// different account, the request fails with the HTTP status code 403 Forbidden
+	// (access denied).
+	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
+
+	// The Object Lock configuration that you want to apply to the specified bucket.
+	ObjectLockConfiguration *ObjectLockConfiguration `locationName:"ObjectLockConfiguration" type:"structure" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"`
+
+	// Confirms that the requester knows that they will be charged for the request.
+	// Bucket owners need not specify this parameter in their requests. For information
+	// about downloading objects from Requester Pays buckets, see Downloading Objects
+	// in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
+	// in the Amazon S3 User Guide.
+	RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"`
+
+	// A token to allow Object Lock to be enabled for an existing bucket.
+	Token *string `location:"header" locationName:"x-amz-bucket-object-lock-token" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PutObjectLockConfigurationInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PutObjectLockConfigurationInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *PutObjectLockConfigurationInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "PutObjectLockConfigurationInput"}
+	if s.Bucket == nil {
+		invalidParams.Add(request.NewErrParamRequired("Bucket"))
+	}
+	if s.Bucket != nil && len(*s.Bucket) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetBucket sets the Bucket field's value.
+func (s *PutObjectLockConfigurationInput) SetBucket(v string) *PutObjectLockConfigurationInput {
+	s.Bucket = &v
+	return s
+}
+
+func (s *PutObjectLockConfigurationInput) getBucket() (v string) {
+	if s.Bucket == nil {
+		return v
+	}
+	return *s.Bucket
+}
+
+// SetChecksumAlgorithm sets the ChecksumAlgorithm field's value.
+func (s *PutObjectLockConfigurationInput) SetChecksumAlgorithm(v string) *PutObjectLockConfigurationInput {
+	s.ChecksumAlgorithm = &v
+	return s
+}
+
+// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
+func (s *PutObjectLockConfigurationInput) SetExpectedBucketOwner(v string) *PutObjectLockConfigurationInput {
+	s.ExpectedBucketOwner = &v
+	return s
+}
+
+// SetObjectLockConfiguration sets the ObjectLockConfiguration field's value.
+func (s *PutObjectLockConfigurationInput) SetObjectLockConfiguration(v *ObjectLockConfiguration) *PutObjectLockConfigurationInput {
+	s.ObjectLockConfiguration = v
+	return s
+}
+
+// SetRequestPayer sets the RequestPayer field's value.
+func (s *PutObjectLockConfigurationInput) SetRequestPayer(v string) *PutObjectLockConfigurationInput {
+	s.RequestPayer = &v
+	return s
+}
+
+// SetToken sets the Token field's value.
+func (s *PutObjectLockConfigurationInput) SetToken(v string) *PutObjectLockConfigurationInput {
+	s.Token = &v
+	return s
+}
+
+func (s *PutObjectLockConfigurationInput) getEndpointARN() (arn.Resource, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	return parseEndpointARN(*s.Bucket)
+}
+
+func (s *PutObjectLockConfigurationInput) hasEndpointARN() bool {
+	if s.Bucket == nil {
+		return false
+	}
+	return arn.IsARN(*s.Bucket)
+}
+
+// updateArnableField updates the value of the input field that
+// takes an ARN as an input. This method is useful to backfill
+// the parsed resource name from ARN into the input member.
+// It returns a pointer to a modified copy of input and an error.
+// Note that original input is not modified.
+func (s PutObjectLockConfigurationInput) updateArnableField(v string) (interface{}, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	s.Bucket = aws.String(v)
+	return &s, nil
+}
+
+type PutObjectLockConfigurationOutput struct {
+	_ struct{} `type:"structure"`
+
+	// If present, indicates that the requester was successfully charged for the
+	// request.
+	RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PutObjectLockConfigurationOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PutObjectLockConfigurationOutput) GoString() string {
+	return s.String()
+}
+
+// SetRequestCharged sets the RequestCharged field's value.
+func (s *PutObjectLockConfigurationOutput) SetRequestCharged(v string) *PutObjectLockConfigurationOutput {
+	s.RequestCharged = &v
+	return s
+}
+
+type PutObjectOutput struct {
+	_ struct{} `type:"structure"`
+
+	// Indicates whether the uploaded object uses an S3 Bucket Key for server-side
+	// encryption with Key Management Service (KMS) keys (SSE-KMS).
+	BucketKeyEnabled *bool `location:"header" locationName:"x-amz-server-side-encryption-bucket-key-enabled" type:"boolean"`
+
+	// The base64-encoded, 32-bit CRC32 checksum of the object. This will only be
+	// present if it was uploaded with the object. With multipart uploads, this
+	// may not be a checksum value of the object. For more information about how
+	// checksums are calculated with multipart uploads, see Checking object integrity
+	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// in the Amazon S3 User Guide.
+	ChecksumCRC32 *string `location:"header" locationName:"x-amz-checksum-crc32" type:"string"`
+
+	// The base64-encoded, 32-bit CRC32C checksum of the object. This will only
+	// be present if it was uploaded with the object. With multipart uploads, this
+	// may not be a checksum value of the object. For more information about how
+	// checksums are calculated with multipart uploads, see Checking object integrity
+	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// in the Amazon S3 User Guide.
+	ChecksumCRC32C *string `location:"header" locationName:"x-amz-checksum-crc32c" type:"string"`
+
+	// The base64-encoded, 160-bit SHA-1 digest of the object. This will only be
+	// present if it was uploaded with the object. With multipart uploads, this
+	// may not be a checksum value of the object. For more information about how
+	// checksums are calculated with multipart uploads, see Checking object integrity
+	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// in the Amazon S3 User Guide.
+	ChecksumSHA1 *string `location:"header" locationName:"x-amz-checksum-sha1" type:"string"`
+
+	// The base64-encoded, 256-bit SHA-256 digest of the object. This will only
+	// be present if it was uploaded with the object. With multipart uploads, this
+	// may not be a checksum value of the object. For more information about how
+	// checksums are calculated with multipart uploads, see Checking object integrity
+	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// in the Amazon S3 User Guide.
+	ChecksumSHA256 *string `location:"header" locationName:"x-amz-checksum-sha256" type:"string"`
+
+	// Entity tag for the uploaded object.
+	ETag *string `location:"header" locationName:"ETag" type:"string"`
+
+	// If the expiration is configured for the object (see PutBucketLifecycleConfiguration
+	// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycleConfiguration.html)),
+	// the response includes this header. It includes the expiry-date and rule-id
+	// key-value pairs that provide information about object expiration. The value
+	// of the rule-id is URL-encoded.
+	Expiration *string `location:"header" locationName:"x-amz-expiration" type:"string"`
+
+	// If present, indicates that the requester was successfully charged for the
+	// request.
+	RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"`
+
+	// If server-side encryption with a customer-provided encryption key was requested,
+	// the response will include this header confirming the encryption algorithm
+	// used.
+	SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"`
+
+	// If server-side encryption with a customer-provided encryption key was requested,
+	// the response will include this header to provide round-trip message integrity
+	// verification of the customer-provided encryption key.
+	SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"`
+
+	// If present, specifies the Amazon Web Services KMS Encryption Context to use
+	// for object encryption. The value of this header is a base64-encoded UTF-8
+	// string holding JSON with the encryption context key-value pairs. This value
+	// is stored as object metadata and automatically gets passed on to Amazon Web
+	// Services KMS for future GetObject or CopyObject operations on this object.
+	//
+	// SSEKMSEncryptionContext is a sensitive parameter and its value will be
+	// replaced with "sensitive" in string returned by PutObjectOutput's
+	// String and GoString methods.
+	SSEKMSEncryptionContext *string `location:"header" locationName:"x-amz-server-side-encryption-context" type:"string" sensitive:"true"`
+
+	// If x-amz-server-side-encryption has a valid value of aws:kms or aws:kms:dsse,
+	// this header specifies the ID of the Key Management Service (KMS) symmetric
+	// encryption customer managed key that was used for the object.
+	//
+	// SSEKMSKeyId is a sensitive parameter and its value will be
+	// replaced with "sensitive" in string returned by PutObjectOutput's
+	// String and GoString methods.
+	SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"`
+
+	// The server-side encryption algorithm used when storing this object in Amazon
+	// S3 (for example, AES256, aws:kms, aws:kms:dsse).
+	ServerSideEncryption *string `location:"header" locationName:"x-amz-server-side-encryption" type:"string" enum:"ServerSideEncryption"`
+
+	// Version of the object.
+	VersionId *string `location:"header" locationName:"x-amz-version-id" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PutObjectOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PutObjectOutput) GoString() string {
+	return s.String()
+}
+
+// SetBucketKeyEnabled sets the BucketKeyEnabled field's value.
+func (s *PutObjectOutput) SetBucketKeyEnabled(v bool) *PutObjectOutput {
+	s.BucketKeyEnabled = &v
+	return s
+}
+
+// SetChecksumCRC32 sets the ChecksumCRC32 field's value.
+func (s *PutObjectOutput) SetChecksumCRC32(v string) *PutObjectOutput {
+	s.ChecksumCRC32 = &v
+	return s
+}
+
+// SetChecksumCRC32C sets the ChecksumCRC32C field's value.
+func (s *PutObjectOutput) SetChecksumCRC32C(v string) *PutObjectOutput {
+	s.ChecksumCRC32C = &v
+	return s
+}
+
+// SetChecksumSHA1 sets the ChecksumSHA1 field's value.
+func (s *PutObjectOutput) SetChecksumSHA1(v string) *PutObjectOutput {
+	s.ChecksumSHA1 = &v
+	return s
+}
+
+// SetChecksumSHA256 sets the ChecksumSHA256 field's value.
+func (s *PutObjectOutput) SetChecksumSHA256(v string) *PutObjectOutput {
+	s.ChecksumSHA256 = &v
+	return s
+}
+
+// SetETag sets the ETag field's value.
+func (s *PutObjectOutput) SetETag(v string) *PutObjectOutput {
+	s.ETag = &v
+	return s
+}
+
+// SetExpiration sets the Expiration field's value.
+func (s *PutObjectOutput) SetExpiration(v string) *PutObjectOutput {
+	s.Expiration = &v
+	return s
+}
+
+// SetRequestCharged sets the RequestCharged field's value.
+func (s *PutObjectOutput) SetRequestCharged(v string) *PutObjectOutput {
+	s.RequestCharged = &v
+	return s
+}
+
+// SetSSECustomerAlgorithm sets the SSECustomerAlgorithm field's value.
+func (s *PutObjectOutput) SetSSECustomerAlgorithm(v string) *PutObjectOutput {
+	s.SSECustomerAlgorithm = &v
+	return s
+}
+
+// SetSSECustomerKeyMD5 sets the SSECustomerKeyMD5 field's value.
+func (s *PutObjectOutput) SetSSECustomerKeyMD5(v string) *PutObjectOutput {
+	s.SSECustomerKeyMD5 = &v
+	return s
+}
+
+// SetSSEKMSEncryptionContext sets the SSEKMSEncryptionContext field's value.
+func (s *PutObjectOutput) SetSSEKMSEncryptionContext(v string) *PutObjectOutput {
+	s.SSEKMSEncryptionContext = &v
+	return s
+}
+
+// SetSSEKMSKeyId sets the SSEKMSKeyId field's value.
+func (s *PutObjectOutput) SetSSEKMSKeyId(v string) *PutObjectOutput {
+	s.SSEKMSKeyId = &v
+	return s
+}
+
+// SetServerSideEncryption sets the ServerSideEncryption field's value.
+func (s *PutObjectOutput) SetServerSideEncryption(v string) *PutObjectOutput {
+	s.ServerSideEncryption = &v
+	return s
+}
+
+// SetVersionId sets the VersionId field's value.
+func (s *PutObjectOutput) SetVersionId(v string) *PutObjectOutput {
+	s.VersionId = &v
+	return s
+}
+
+type PutObjectRetentionInput struct {
+	_ struct{} `locationName:"PutObjectRetentionRequest" type:"structure" payload:"Retention"`
+
+	// The bucket name that contains the object you want to apply this Object Retention
+	// configuration to.
+	//
+	// When using this action with an access point, you must direct requests to
+	// the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com.
+	// When using this action with an access point through the Amazon Web Services
+	// SDKs, you provide the access point ARN in place of the bucket name. For more
+	// information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
+	// in the Amazon S3 User Guide.
+	//
+	// Bucket is a required field
+	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
+
+	// Indicates whether this action should bypass Governance-mode restrictions.
+	BypassGovernanceRetention *bool `location:"header" locationName:"x-amz-bypass-governance-retention" type:"boolean"`
+
+	// Indicates the algorithm used to create the checksum for the object when using
+	// the SDK. This header will not provide any additional functionality if not
+	// using the SDK. When sending this header, there must be a corresponding x-amz-checksum
+	// or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with
+	// the HTTP status code 400 Bad Request. For more information, see Checking
+	// object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// in the Amazon S3 User Guide.
+	//
+	// If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm
+	// parameter.
+	//
+	// The AWS SDK for Go v1 does not support automatic computing request payload
+	// checksum. This feature is available in the AWS SDK for Go v2. If a value
+	// is specified for this parameter, the matching algorithm's checksum member
+	// must be populated with the algorithm's checksum of the request payload.
+	//
+	// The SDK will automatically compute the Content-MD5 checksum for this operation.
+	// The AWS SDK for Go v2 allows you to configure alternative checksum algorithm
+	// to be used.
+	ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"`
+
+	// The account ID of the expected bucket owner. If the bucket is owned by a
+	// different account, the request fails with the HTTP status code 403 Forbidden
+	// (access denied).
+	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
+
+	// The key name for the object that you want to apply this Object Retention
+	// configuration to.
+	//
+	// Key is a required field
+	Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"`
+
+	// Confirms that the requester knows that they will be charged for the request.
+	// Bucket owners need not specify this parameter in their requests. For information
+	// about downloading objects from Requester Pays buckets, see Downloading Objects
+	// in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
+	// in the Amazon S3 User Guide.
+	RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"`
+
+	// The container element for the Object Retention configuration.
+	Retention *ObjectLockRetention `locationName:"Retention" type:"structure" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"`
+
+	// The version ID for the object that you want to apply this Object Retention
+	// configuration to.
+	VersionId *string `location:"querystring" locationName:"versionId" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PutObjectRetentionInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PutObjectRetentionInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *PutObjectRetentionInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "PutObjectRetentionInput"}
+	if s.Bucket == nil {
+		invalidParams.Add(request.NewErrParamRequired("Bucket"))
+	}
+	if s.Bucket != nil && len(*s.Bucket) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+	}
+	if s.Key == nil {
+		invalidParams.Add(request.NewErrParamRequired("Key"))
+	}
+	if s.Key != nil && len(*s.Key) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Key", 1))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetBucket sets the Bucket field's value.
+func (s *PutObjectRetentionInput) SetBucket(v string) *PutObjectRetentionInput {
+	s.Bucket = &v
+	return s
+}
+
+func (s *PutObjectRetentionInput) getBucket() (v string) {
+	if s.Bucket == nil {
+		return v
+	}
+	return *s.Bucket
+}
+
+// SetBypassGovernanceRetention sets the BypassGovernanceRetention field's value.
+func (s *PutObjectRetentionInput) SetBypassGovernanceRetention(v bool) *PutObjectRetentionInput {
+	s.BypassGovernanceRetention = &v
+	return s
+}
+
+// SetChecksumAlgorithm sets the ChecksumAlgorithm field's value.
+func (s *PutObjectRetentionInput) SetChecksumAlgorithm(v string) *PutObjectRetentionInput {
+	s.ChecksumAlgorithm = &v
+	return s
+}
+
+// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
+func (s *PutObjectRetentionInput) SetExpectedBucketOwner(v string) *PutObjectRetentionInput {
+	s.ExpectedBucketOwner = &v
+	return s
+}
+
+// SetKey sets the Key field's value.
+func (s *PutObjectRetentionInput) SetKey(v string) *PutObjectRetentionInput {
+	s.Key = &v
+	return s
+}
+
+// SetRequestPayer sets the RequestPayer field's value.
+func (s *PutObjectRetentionInput) SetRequestPayer(v string) *PutObjectRetentionInput {
+	s.RequestPayer = &v
+	return s
+}
+
+// SetRetention sets the Retention field's value.
+func (s *PutObjectRetentionInput) SetRetention(v *ObjectLockRetention) *PutObjectRetentionInput {
+	s.Retention = v
+	return s
+}
+
+// SetVersionId sets the VersionId field's value.
+func (s *PutObjectRetentionInput) SetVersionId(v string) *PutObjectRetentionInput {
+	s.VersionId = &v
+	return s
+}
+
+func (s *PutObjectRetentionInput) getEndpointARN() (arn.Resource, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	return parseEndpointARN(*s.Bucket)
+}
+
+func (s *PutObjectRetentionInput) hasEndpointARN() bool {
+	if s.Bucket == nil {
+		return false
+	}
+	return arn.IsARN(*s.Bucket)
+}
+
+// updateArnableField updates the value of the input field that
+// takes an ARN as an input. This method is useful to backfill
+// the parsed resource name from ARN into the input member.
+// It returns a pointer to a modified copy of input and an error.
+// Note that original input is not modified.
+func (s PutObjectRetentionInput) updateArnableField(v string) (interface{}, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	s.Bucket = aws.String(v)
+	return &s, nil
+}
+
+type PutObjectRetentionOutput struct {
+	_ struct{} `type:"structure"`
+
+	// If present, indicates that the requester was successfully charged for the
+	// request.
+	RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PutObjectRetentionOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PutObjectRetentionOutput) GoString() string {
+	return s.String()
+}
+
+// SetRequestCharged sets the RequestCharged field's value.
+func (s *PutObjectRetentionOutput) SetRequestCharged(v string) *PutObjectRetentionOutput {
+	s.RequestCharged = &v
+	return s
+}
+
+type PutObjectTaggingInput struct {
+	_ struct{} `locationName:"PutObjectTaggingRequest" type:"structure" payload:"Tagging"`
+
+	// The bucket name containing the object.
+	//
+	// When using this action with an access point, you must direct requests to
+	// the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com.
+	// When using this action with an access point through the Amazon Web Services
+	// SDKs, you provide the access point ARN in place of the bucket name. For more
+	// information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
+	// in the Amazon S3 User Guide.
+	//
+	// When you use this action with Amazon S3 on Outposts, you must direct requests
+	// to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form
+	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When
+	// you use this action with S3 on Outposts through the Amazon Web Services SDKs,
+	// you provide the Outposts access point ARN in place of the bucket name. For
+	// more information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
+	// in the Amazon S3 User Guide.
+	//
+	// Bucket is a required field
+	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
+
+	// Indicates the algorithm used to create the checksum for the object when using
+	// the SDK. This header will not provide any additional functionality if not
+	// using the SDK. When sending this header, there must be a corresponding x-amz-checksum
+	// or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with
+	// the HTTP status code 400 Bad Request. For more information, see Checking
+	// object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// in the Amazon S3 User Guide.
+	//
+	// If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm
+	// parameter.
+	//
+	// The AWS SDK for Go v1 does not support automatic computing request payload
+	// checksum. This feature is available in the AWS SDK for Go v2. If a value
+	// is specified for this parameter, the matching algorithm's checksum member
+	// must be populated with the algorithm's checksum of the request payload.
+	//
+	// The SDK will automatically compute the Content-MD5 checksum for this operation.
+	// The AWS SDK for Go v2 allows you to configure alternative checksum algorithm
+	// to be used.
+	ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"`
+
+	// The account ID of the expected bucket owner. If the bucket is owned by a
+	// different account, the request fails with the HTTP status code 403 Forbidden
+	// (access denied).
+	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
+
+	// Name of the object key.
+	//
+	// Key is a required field
+	Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"`
+
+	// Confirms that the requester knows that they will be charged for the request.
+	// Bucket owners need not specify this parameter in their requests. For information
+	// about downloading objects from Requester Pays buckets, see Downloading Objects
+	// in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
+	// in the Amazon S3 User Guide.
+	RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"`
+
+	// Container for the TagSet and Tag elements
+	//
+	// Tagging is a required field
+	Tagging *Tagging `locationName:"Tagging" type:"structure" required:"true" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"`
+
+	// The versionId of the object that the tag-set will be added to.
+	VersionId *string `location:"querystring" locationName:"versionId" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PutObjectTaggingInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PutObjectTaggingInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *PutObjectTaggingInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "PutObjectTaggingInput"}
+	if s.Bucket == nil {
+		invalidParams.Add(request.NewErrParamRequired("Bucket"))
+	}
+	if s.Bucket != nil && len(*s.Bucket) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+	}
+	if s.Key == nil {
+		invalidParams.Add(request.NewErrParamRequired("Key"))
+	}
+	if s.Key != nil && len(*s.Key) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Key", 1))
+	}
+	if s.Tagging == nil {
+		invalidParams.Add(request.NewErrParamRequired("Tagging"))
+	}
+	if s.Tagging != nil {
+		if err := s.Tagging.Validate(); err != nil {
+			invalidParams.AddNested("Tagging", err.(request.ErrInvalidParams))
+		}
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetBucket sets the Bucket field's value.
+func (s *PutObjectTaggingInput) SetBucket(v string) *PutObjectTaggingInput {
+	s.Bucket = &v
+	return s
+}
+
+func (s *PutObjectTaggingInput) getBucket() (v string) {
+	if s.Bucket == nil {
+		return v
+	}
+	return *s.Bucket
+}
+
+// SetChecksumAlgorithm sets the ChecksumAlgorithm field's value.
+func (s *PutObjectTaggingInput) SetChecksumAlgorithm(v string) *PutObjectTaggingInput {
+	s.ChecksumAlgorithm = &v
+	return s
+}
+
+// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
+func (s *PutObjectTaggingInput) SetExpectedBucketOwner(v string) *PutObjectTaggingInput {
+	s.ExpectedBucketOwner = &v
+	return s
+}
+
+// SetKey sets the Key field's value.
+func (s *PutObjectTaggingInput) SetKey(v string) *PutObjectTaggingInput {
+	s.Key = &v
+	return s
+}
+
+// SetRequestPayer sets the RequestPayer field's value.
+func (s *PutObjectTaggingInput) SetRequestPayer(v string) *PutObjectTaggingInput {
+	s.RequestPayer = &v
+	return s
+}
+
+// SetTagging sets the Tagging field's value.
+func (s *PutObjectTaggingInput) SetTagging(v *Tagging) *PutObjectTaggingInput {
+	s.Tagging = v
+	return s
+}
+
+// SetVersionId sets the VersionId field's value.
+func (s *PutObjectTaggingInput) SetVersionId(v string) *PutObjectTaggingInput {
+	s.VersionId = &v
+	return s
+}
+
+func (s *PutObjectTaggingInput) getEndpointARN() (arn.Resource, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	return parseEndpointARN(*s.Bucket)
+}
+
+func (s *PutObjectTaggingInput) hasEndpointARN() bool {
+	if s.Bucket == nil {
+		return false
+	}
+	return arn.IsARN(*s.Bucket)
+}
+
+// updateArnableField updates the value of the input field that
+// takes an ARN as an input. This method is useful to backfill
+// the parsed resource name from ARN into the input member.
+// It returns a pointer to a modified copy of input and an error.
+// Note that original input is not modified.
+func (s PutObjectTaggingInput) updateArnableField(v string) (interface{}, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	s.Bucket = aws.String(v)
+	return &s, nil
+}
+
+type PutObjectTaggingOutput struct {
+	_ struct{} `type:"structure"`
+
+	// The versionId of the object the tag-set was added to.
+	VersionId *string `location:"header" locationName:"x-amz-version-id" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PutObjectTaggingOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PutObjectTaggingOutput) GoString() string {
+	return s.String()
+}
+
+// SetVersionId sets the VersionId field's value.
+func (s *PutObjectTaggingOutput) SetVersionId(v string) *PutObjectTaggingOutput {
+	s.VersionId = &v
+	return s
+}
+
+type PutPublicAccessBlockInput struct {
+	_ struct{} `locationName:"PutPublicAccessBlockRequest" type:"structure" payload:"PublicAccessBlockConfiguration"`
+
+	// The name of the Amazon S3 bucket whose PublicAccessBlock configuration you
+	// want to set.
+	//
+	// Bucket is a required field
+	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
+
+	// Indicates the algorithm used to create the checksum for the object when using
+	// the SDK. This header will not provide any additional functionality if not
+	// using the SDK. When sending this header, there must be a corresponding x-amz-checksum
+	// or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with
+	// the HTTP status code 400 Bad Request. For more information, see Checking
+	// object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// in the Amazon S3 User Guide.
+	//
+	// If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm
+	// parameter.
+	//
+	// The AWS SDK for Go v1 does not support automatic computing request payload
+	// checksum. This feature is available in the AWS SDK for Go v2. If a value
+	// is specified for this parameter, the matching algorithm's checksum member
+	// must be populated with the algorithm's checksum of the request payload.
+	//
+	// The SDK will automatically compute the Content-MD5 checksum for this operation.
+	// The AWS SDK for Go v2 allows you to configure alternative checksum algorithm
+	// to be used.
+	ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"`
+
+	// The account ID of the expected bucket owner. If the bucket is owned by a
+	// different account, the request fails with the HTTP status code 403 Forbidden
+	// (access denied).
+	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
+
+	// The PublicAccessBlock configuration that you want to apply to this Amazon
+	// S3 bucket. You can enable the configuration options in any combination. For
+	// more information about when Amazon S3 considers a bucket or object public,
+	// see The Meaning of "Public" (https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html#access-control-block-public-access-policy-status)
+	// in the Amazon S3 User Guide.
+	//
+	// PublicAccessBlockConfiguration is a required field
+	PublicAccessBlockConfiguration *PublicAccessBlockConfiguration `locationName:"PublicAccessBlockConfiguration" type:"structure" required:"true" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PutPublicAccessBlockInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PutPublicAccessBlockInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *PutPublicAccessBlockInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "PutPublicAccessBlockInput"}
+	if s.Bucket == nil {
+		invalidParams.Add(request.NewErrParamRequired("Bucket"))
+	}
+	if s.Bucket != nil && len(*s.Bucket) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+	}
+	if s.PublicAccessBlockConfiguration == nil {
+		invalidParams.Add(request.NewErrParamRequired("PublicAccessBlockConfiguration"))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetBucket sets the Bucket field's value.
+func (s *PutPublicAccessBlockInput) SetBucket(v string) *PutPublicAccessBlockInput {
+	s.Bucket = &v
+	return s
+}
+
+func (s *PutPublicAccessBlockInput) getBucket() (v string) {
+	if s.Bucket == nil {
+		return v
+	}
+	return *s.Bucket
+}
+
+// SetChecksumAlgorithm sets the ChecksumAlgorithm field's value.
+func (s *PutPublicAccessBlockInput) SetChecksumAlgorithm(v string) *PutPublicAccessBlockInput {
+	s.ChecksumAlgorithm = &v
+	return s
+}
+
+// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
+func (s *PutPublicAccessBlockInput) SetExpectedBucketOwner(v string) *PutPublicAccessBlockInput {
+	s.ExpectedBucketOwner = &v
+	return s
+}
+
+// SetPublicAccessBlockConfiguration sets the PublicAccessBlockConfiguration field's value.
+func (s *PutPublicAccessBlockInput) SetPublicAccessBlockConfiguration(v *PublicAccessBlockConfiguration) *PutPublicAccessBlockInput {
+	s.PublicAccessBlockConfiguration = v
+	return s
+}
+
+func (s *PutPublicAccessBlockInput) getEndpointARN() (arn.Resource, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	return parseEndpointARN(*s.Bucket)
+}
+
+func (s *PutPublicAccessBlockInput) hasEndpointARN() bool {
+	if s.Bucket == nil {
+		return false
+	}
+	return arn.IsARN(*s.Bucket)
+}
+
+// updateArnableField updates the value of the input field that
+// takes an ARN as an input. This method is useful to backfill
+// the parsed resource name from ARN into the input member.
+// It returns a pointer to a modified copy of input and an error.
+// Note that original input is not modified.
+func (s PutPublicAccessBlockInput) updateArnableField(v string) (interface{}, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	s.Bucket = aws.String(v)
+	return &s, nil
+}
+
+type PutPublicAccessBlockOutput struct {
+	_ struct{} `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PutPublicAccessBlockOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PutPublicAccessBlockOutput) GoString() string {
+	return s.String()
+}
+
+// Specifies the configuration for publishing messages to an Amazon Simple Queue
+// Service (Amazon SQS) queue when Amazon S3 detects specified events.
+type QueueConfiguration struct {
+	_ struct{} `type:"structure"`
+
+	// A collection of bucket events for which to send notifications
+	//
+	// Events is a required field
+	Events []*string `locationName:"Event" type:"list" flattened:"true" required:"true" enum:"Event"`
+
+	// Specifies object key name filtering rules. For information about key name
+	// filtering, see Configuring event notifications using object key name filtering
+	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/notification-how-to-filtering.html)
+	// in the Amazon S3 User Guide.
+	Filter *NotificationConfigurationFilter `type:"structure"`
+
+	// An optional unique identifier for configurations in a notification configuration.
+	// If you don't provide one, Amazon S3 will assign an ID.
+	Id *string `type:"string"`
+
+	// The Amazon Resource Name (ARN) of the Amazon SQS queue to which Amazon S3
+	// publishes a message when it detects events of the specified type.
+	//
+	// QueueArn is a required field
+	QueueArn *string `locationName:"Queue" type:"string" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s QueueConfiguration) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s QueueConfiguration) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *QueueConfiguration) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "QueueConfiguration"}
+	if s.Events == nil {
+		invalidParams.Add(request.NewErrParamRequired("Events"))
+	}
+	if s.QueueArn == nil {
+		invalidParams.Add(request.NewErrParamRequired("QueueArn"))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetEvents sets the Events field's value.
+func (s *QueueConfiguration) SetEvents(v []*string) *QueueConfiguration {
+	s.Events = v
+	return s
+}
+
+// SetFilter sets the Filter field's value.
+func (s *QueueConfiguration) SetFilter(v *NotificationConfigurationFilter) *QueueConfiguration {
+	s.Filter = v
+	return s
+}
+
+// SetId sets the Id field's value.
+func (s *QueueConfiguration) SetId(v string) *QueueConfiguration {
+	s.Id = &v
+	return s
+}
+
+// SetQueueArn sets the QueueArn field's value.
+func (s *QueueConfiguration) SetQueueArn(v string) *QueueConfiguration {
+	s.QueueArn = &v
+	return s
+}
+
+// This data type is deprecated. Use QueueConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_QueueConfiguration.html)
+// for the same purposes. This data type specifies the configuration for publishing
+// messages to an Amazon Simple Queue Service (Amazon SQS) queue when Amazon
+// S3 detects specified events.
+type QueueConfigurationDeprecated struct {
+	_ struct{} `type:"structure"`
+
+	// The bucket event for which to send notifications.
+	//
+	// Deprecated: Event has been deprecated
+	Event *string `deprecated:"true" type:"string" enum:"Event"`
+
+	// A collection of bucket events for which to send notifications.
+	Events []*string `locationName:"Event" type:"list" flattened:"true" enum:"Event"`
+
+	// An optional unique identifier for configurations in a notification configuration.
+	// If you don't provide one, Amazon S3 will assign an ID.
+	Id *string `type:"string"`
+
+	// The Amazon Resource Name (ARN) of the Amazon SQS queue to which Amazon S3
+	// publishes a message when it detects events of the specified type.
+	Queue *string `type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s QueueConfigurationDeprecated) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s QueueConfigurationDeprecated) GoString() string {
+	return s.String()
+}
+
+// SetEvent sets the Event field's value.
+func (s *QueueConfigurationDeprecated) SetEvent(v string) *QueueConfigurationDeprecated {
+	s.Event = &v
+	return s
+}
+
+// SetEvents sets the Events field's value.
+func (s *QueueConfigurationDeprecated) SetEvents(v []*string) *QueueConfigurationDeprecated {
+	s.Events = v
+	return s
+}
+
+// SetId sets the Id field's value.
+func (s *QueueConfigurationDeprecated) SetId(v string) *QueueConfigurationDeprecated {
+	s.Id = &v
+	return s
+}
+
+// SetQueue sets the Queue field's value.
+func (s *QueueConfigurationDeprecated) SetQueue(v string) *QueueConfigurationDeprecated {
+	s.Queue = &v
+	return s
+}
+
+// The container for the records event.
+type RecordsEvent struct {
+	_ struct{} `locationName:"RecordsEvent" type:"structure" payload:"Payload"`
+
+	// The byte array of partial, one or more result records.
+	// Payload is automatically base64 encoded/decoded by the SDK.
+	Payload []byte `type:"blob"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s RecordsEvent) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s RecordsEvent) GoString() string {
+	return s.String()
+}
+
+// SetPayload sets the Payload field's value.
+func (s *RecordsEvent) SetPayload(v []byte) *RecordsEvent {
+	s.Payload = v
+	return s
+}
+
+// The RecordsEvent is and event in the SelectObjectContentEventStream group of events.
+func (s *RecordsEvent) eventSelectObjectContentEventStream() {}
+
+// UnmarshalEvent unmarshals the EventStream Message into the RecordsEvent value.
+// This method is only used internally within the SDK's EventStream handling.
+func (s *RecordsEvent) UnmarshalEvent(
+	payloadUnmarshaler protocol.PayloadUnmarshaler,
+	msg eventstream.Message,
+) error {
+	s.Payload = make([]byte, len(msg.Payload))
+	copy(s.Payload, msg.Payload)
+	return nil
+}
+
+// MarshalEvent marshals the type into an stream event value. This method
+// should only used internally within the SDK's EventStream handling.
+func (s *RecordsEvent) MarshalEvent(pm protocol.PayloadMarshaler) (msg eventstream.Message, err error) {
+	msg.Headers.Set(eventstreamapi.MessageTypeHeader, eventstream.StringValue(eventstreamapi.EventMessageType))
+	msg.Headers.Set(":content-type", eventstream.StringValue("application/octet-stream"))
+	msg.Payload = s.Payload
+	return msg, err
+}
+
+// Specifies how requests are redirected. In the event of an error, you can
+// specify a different error code to return.
+type Redirect struct {
+	_ struct{} `type:"structure"`
+
+	// The host name to use in the redirect request.
+	HostName *string `type:"string"`
+
+	// The HTTP redirect code to use on the response. Not required if one of the
+	// siblings is present.
+	HttpRedirectCode *string `type:"string"`
+
+	// Protocol to use when redirecting requests. The default is the protocol that
+	// is used in the original request.
+	Protocol *string `type:"string" enum:"Protocol"`
+
+	// The object key prefix to use in the redirect request. For example, to redirect
+	// requests for all pages with prefix docs/ (objects in the docs/ folder) to
+	// documents/, you can set a condition block with KeyPrefixEquals set to docs/
+	// and in the Redirect set ReplaceKeyPrefixWith to /documents. Not required
+	// if one of the siblings is present. Can be present only if ReplaceKeyWith
+	// is not provided.
+	//
+	// Replacement must be made for object keys containing special characters (such
+	// as carriage returns) when using XML requests. For more information, see XML
+	// related object key constraints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints).
+	ReplaceKeyPrefixWith *string `type:"string"`
+
+	// The specific object key to use in the redirect request. For example, redirect
+	// request to error.html. Not required if one of the siblings is present. Can
+	// be present only if ReplaceKeyPrefixWith is not provided.
+	//
+	// Replacement must be made for object keys containing special characters (such
+	// as carriage returns) when using XML requests. For more information, see XML
+	// related object key constraints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints).
+	ReplaceKeyWith *string `type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s Redirect) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s Redirect) GoString() string {
+	return s.String()
+}
+
+// SetHostName sets the HostName field's value.
+func (s *Redirect) SetHostName(v string) *Redirect {
+	s.HostName = &v
+	return s
+}
+
+// SetHttpRedirectCode sets the HttpRedirectCode field's value.
+func (s *Redirect) SetHttpRedirectCode(v string) *Redirect {
+	s.HttpRedirectCode = &v
+	return s
+}
+
+// SetProtocol sets the Protocol field's value.
+func (s *Redirect) SetProtocol(v string) *Redirect {
+	s.Protocol = &v
+	return s
+}
+
+// SetReplaceKeyPrefixWith sets the ReplaceKeyPrefixWith field's value.
+func (s *Redirect) SetReplaceKeyPrefixWith(v string) *Redirect {
+	s.ReplaceKeyPrefixWith = &v
+	return s
+}
+
+// SetReplaceKeyWith sets the ReplaceKeyWith field's value.
+func (s *Redirect) SetReplaceKeyWith(v string) *Redirect {
+	s.ReplaceKeyWith = &v
+	return s
+}
+
+// Specifies the redirect behavior of all requests to a website endpoint of
+// an Amazon S3 bucket.
+type RedirectAllRequestsTo struct {
+	_ struct{} `type:"structure"`
+
+	// Name of the host where requests are redirected.
+	//
+	// HostName is a required field
+	HostName *string `type:"string" required:"true"`
+
+	// Protocol to use when redirecting requests. The default is the protocol that
+	// is used in the original request.
+	Protocol *string `type:"string" enum:"Protocol"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s RedirectAllRequestsTo) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s RedirectAllRequestsTo) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *RedirectAllRequestsTo) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "RedirectAllRequestsTo"}
+	if s.HostName == nil {
+		invalidParams.Add(request.NewErrParamRequired("HostName"))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetHostName sets the HostName field's value.
+func (s *RedirectAllRequestsTo) SetHostName(v string) *RedirectAllRequestsTo {
+	s.HostName = &v
+	return s
+}
+
+// SetProtocol sets the Protocol field's value.
+func (s *RedirectAllRequestsTo) SetProtocol(v string) *RedirectAllRequestsTo {
+	s.Protocol = &v
+	return s
+}
+
+// A filter that you can specify for selection for modifications on replicas.
+// Amazon S3 doesn't replicate replica modifications by default. In the latest
+// version of replication configuration (when Filter is specified), you can
+// specify this element and set the status to Enabled to replicate modifications
+// on replicas.
+//
+// If you don't specify the Filter element, Amazon S3 assumes that the replication
+// configuration is the earlier version, V1. In the earlier version, this element
+// is not allowed.
+type ReplicaModifications struct {
+	_ struct{} `type:"structure"`
+
+	// Specifies whether Amazon S3 replicates modifications on replicas.
+	//
+	// Status is a required field
+	Status *string `type:"string" required:"true" enum:"ReplicaModificationsStatus"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ReplicaModifications) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ReplicaModifications) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *ReplicaModifications) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "ReplicaModifications"}
+	if s.Status == nil {
+		invalidParams.Add(request.NewErrParamRequired("Status"))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetStatus sets the Status field's value.
+func (s *ReplicaModifications) SetStatus(v string) *ReplicaModifications {
+	s.Status = &v
+	return s
+}
+
+// A container for replication rules. You can add up to 1,000 rules. The maximum
+// size of a replication configuration is 2 MB.
+type ReplicationConfiguration struct {
+	_ struct{} `type:"structure"`
+
+	// The Amazon Resource Name (ARN) of the Identity and Access Management (IAM)
+	// role that Amazon S3 assumes when replicating objects. For more information,
+	// see How to Set Up Replication (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-how-setup.html)
+	// in the Amazon S3 User Guide.
+	//
+	// Role is a required field
+	Role *string `type:"string" required:"true"`
+
+	// A container for one or more replication rules. A replication configuration
+	// must have at least one rule and can contain a maximum of 1,000 rules.
+	//
+	// Rules is a required field
+	Rules []*ReplicationRule `locationName:"Rule" type:"list" flattened:"true" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ReplicationConfiguration) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ReplicationConfiguration) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *ReplicationConfiguration) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "ReplicationConfiguration"}
+	if s.Role == nil {
+		invalidParams.Add(request.NewErrParamRequired("Role"))
+	}
+	if s.Rules == nil {
+		invalidParams.Add(request.NewErrParamRequired("Rules"))
+	}
+	if s.Rules != nil {
+		for i, v := range s.Rules {
+			if v == nil {
+				continue
+			}
+			if err := v.Validate(); err != nil {
+				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Rules", i), err.(request.ErrInvalidParams))
+			}
+		}
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetRole sets the Role field's value.
+func (s *ReplicationConfiguration) SetRole(v string) *ReplicationConfiguration {
+	s.Role = &v
+	return s
+}
+
+// SetRules sets the Rules field's value.
+func (s *ReplicationConfiguration) SetRules(v []*ReplicationRule) *ReplicationConfiguration {
+	s.Rules = v
+	return s
+}
+
+// Specifies which Amazon S3 objects to replicate and where to store the replicas.
+type ReplicationRule struct {
+	_ struct{} `type:"structure"`
+
+	// Specifies whether Amazon S3 replicates delete markers. If you specify a Filter
+	// in your replication configuration, you must also include a DeleteMarkerReplication
+	// element. If your Filter includes a Tag element, the DeleteMarkerReplication
+	// Status must be set to Disabled, because Amazon S3 does not support replicating
+	// delete markers for tag-based rules. For an example configuration, see Basic
+	// Rule Configuration (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-add-config.html#replication-config-min-rule-config).
+	//
+	// For more information about delete marker replication, see Basic Rule Configuration
+	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/delete-marker-replication.html).
+	//
+	// If you are using an earlier version of the replication configuration, Amazon
+	// S3 handles replication of delete markers differently. For more information,
+	// see Backward Compatibility (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-add-config.html#replication-backward-compat-considerations).
+	DeleteMarkerReplication *DeleteMarkerReplication `type:"structure"`
+
+	// A container for information about the replication destination and its configurations
+	// including enabling the S3 Replication Time Control (S3 RTC).
+	//
+	// Destination is a required field
+	Destination *Destination `type:"structure" required:"true"`
+
+	// Optional configuration to replicate existing source bucket objects. For more
+	// information, see Replicating Existing Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-what-is-isnot-replicated.html#existing-object-replication)
+	// in the Amazon S3 User Guide.
+	ExistingObjectReplication *ExistingObjectReplication `type:"structure"`
+
+	// A filter that identifies the subset of objects to which the replication rule
+	// applies. A Filter must specify exactly one Prefix, Tag, or an And child element.
+	Filter *ReplicationRuleFilter `type:"structure"`
+
+	// A unique identifier for the rule. The maximum value is 255 characters.
+	ID *string `type:"string"`
+
+	// An object key name prefix that identifies the object or objects to which
+	// the rule applies. The maximum prefix length is 1,024 characters. To include
+	// all objects in a bucket, specify an empty string.
+	//
+	// Replacement must be made for object keys containing special characters (such
+	// as carriage returns) when using XML requests. For more information, see XML
+	// related object key constraints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints).
+	//
+	// Deprecated: Prefix has been deprecated
+	Prefix *string `deprecated:"true" type:"string"`
+
+	// The priority indicates which rule has precedence whenever two or more replication
+	// rules conflict. Amazon S3 will attempt to replicate objects according to
+	// all replication rules. However, if there are two or more rules with the same
+	// destination bucket, then objects will be replicated according to the rule
+	// with the highest priority. The higher the number, the higher the priority.
+	//
+	// For more information, see Replication (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication.html)
+	// in the Amazon S3 User Guide.
+	Priority *int64 `type:"integer"`
+
+	// A container that describes additional filters for identifying the source
+	// objects that you want to replicate. You can choose to enable or disable the
+	// replication of these objects. Currently, Amazon S3 supports only the filter
+	// that you can specify for objects created with server-side encryption using
+	// a customer managed key stored in Amazon Web Services Key Management Service
+	// (SSE-KMS).
+	SourceSelectionCriteria *SourceSelectionCriteria `type:"structure"`
+
+	// Specifies whether the rule is enabled.
+	//
+	// Status is a required field
+	Status *string `type:"string" required:"true" enum:"ReplicationRuleStatus"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ReplicationRule) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ReplicationRule) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *ReplicationRule) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "ReplicationRule"}
+	if s.Destination == nil {
+		invalidParams.Add(request.NewErrParamRequired("Destination"))
+	}
+	if s.Status == nil {
+		invalidParams.Add(request.NewErrParamRequired("Status"))
+	}
+	if s.Destination != nil {
+		if err := s.Destination.Validate(); err != nil {
+			invalidParams.AddNested("Destination", err.(request.ErrInvalidParams))
+		}
+	}
+	if s.ExistingObjectReplication != nil {
+		if err := s.ExistingObjectReplication.Validate(); err != nil {
+			invalidParams.AddNested("ExistingObjectReplication", err.(request.ErrInvalidParams))
+		}
+	}
+	if s.Filter != nil {
+		if err := s.Filter.Validate(); err != nil {
+			invalidParams.AddNested("Filter", err.(request.ErrInvalidParams))
+		}
+	}
+	if s.SourceSelectionCriteria != nil {
+		if err := s.SourceSelectionCriteria.Validate(); err != nil {
+			invalidParams.AddNested("SourceSelectionCriteria", err.(request.ErrInvalidParams))
+		}
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetDeleteMarkerReplication sets the DeleteMarkerReplication field's value.
+func (s *ReplicationRule) SetDeleteMarkerReplication(v *DeleteMarkerReplication) *ReplicationRule {
+	s.DeleteMarkerReplication = v
+	return s
+}
+
+// SetDestination sets the Destination field's value.
+func (s *ReplicationRule) SetDestination(v *Destination) *ReplicationRule {
+	s.Destination = v
+	return s
+}
+
+// SetExistingObjectReplication sets the ExistingObjectReplication field's value.
+func (s *ReplicationRule) SetExistingObjectReplication(v *ExistingObjectReplication) *ReplicationRule {
+	s.ExistingObjectReplication = v
+	return s
+}
+
+// SetFilter sets the Filter field's value.
+func (s *ReplicationRule) SetFilter(v *ReplicationRuleFilter) *ReplicationRule {
+	s.Filter = v
+	return s
+}
+
+// SetID sets the ID field's value.
+func (s *ReplicationRule) SetID(v string) *ReplicationRule {
+	s.ID = &v
+	return s
+}
+
+// SetPrefix sets the Prefix field's value.
+func (s *ReplicationRule) SetPrefix(v string) *ReplicationRule {
+	s.Prefix = &v
+	return s
+}
+
+// SetPriority sets the Priority field's value.
+func (s *ReplicationRule) SetPriority(v int64) *ReplicationRule {
+	s.Priority = &v
+	return s
+}
+
+// SetSourceSelectionCriteria sets the SourceSelectionCriteria field's value.
+func (s *ReplicationRule) SetSourceSelectionCriteria(v *SourceSelectionCriteria) *ReplicationRule {
+	s.SourceSelectionCriteria = v
+	return s
+}
+
+// SetStatus sets the Status field's value.
+func (s *ReplicationRule) SetStatus(v string) *ReplicationRule {
+	s.Status = &v
+	return s
+}
+
+// A container for specifying rule filters. The filters determine the subset
+// of objects to which the rule applies. This element is required only if you
+// specify more than one filter.
+//
+// For example:
+//
+//   - If you specify both a Prefix and a Tag filter, wrap these filters in
+//     an And tag.
+//
+//   - If you specify a filter based on multiple tags, wrap the Tag elements
+//     in an And tag.
+type ReplicationRuleAndOperator struct {
+	_ struct{} `type:"structure"`
+
+	// An object key name prefix that identifies the subset of objects to which
+	// the rule applies.
+	Prefix *string `type:"string"`
+
+	// An array of tags containing key and value pairs.
+	Tags []*Tag `locationName:"Tag" locationNameList:"Tag" type:"list" flattened:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ReplicationRuleAndOperator) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ReplicationRuleAndOperator) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *ReplicationRuleAndOperator) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "ReplicationRuleAndOperator"}
+	if s.Tags != nil {
+		for i, v := range s.Tags {
+			if v == nil {
+				continue
+			}
+			if err := v.Validate(); err != nil {
+				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams))
+			}
+		}
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetPrefix sets the Prefix field's value.
+func (s *ReplicationRuleAndOperator) SetPrefix(v string) *ReplicationRuleAndOperator {
+	s.Prefix = &v
+	return s
+}
+
+// SetTags sets the Tags field's value.
+func (s *ReplicationRuleAndOperator) SetTags(v []*Tag) *ReplicationRuleAndOperator {
+	s.Tags = v
+	return s
+}
+
+// A filter that identifies the subset of objects to which the replication rule
+// applies. A Filter must specify exactly one Prefix, Tag, or an And child element.
+type ReplicationRuleFilter struct {
+	_ struct{} `type:"structure"`
+
+	// A container for specifying rule filters. The filters determine the subset
+	// of objects to which the rule applies. This element is required only if you
+	// specify more than one filter. For example:
+	//
+	//    * If you specify both a Prefix and a Tag filter, wrap these filters in
+	//    an And tag.
+	//
+	//    * If you specify a filter based on multiple tags, wrap the Tag elements
+	//    in an And tag.
+	And *ReplicationRuleAndOperator `type:"structure"`
+
+	// An object key name prefix that identifies the subset of objects to which
+	// the rule applies.
+	//
+	// Replacement must be made for object keys containing special characters (such
+	// as carriage returns) when using XML requests. For more information, see XML
+	// related object key constraints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints).
+	Prefix *string `type:"string"`
+
+	// A container for specifying a tag key and value.
+	//
+	// The rule applies only to objects that have the tag in their tag set.
+	Tag *Tag `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ReplicationRuleFilter) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ReplicationRuleFilter) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *ReplicationRuleFilter) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "ReplicationRuleFilter"}
+	if s.And != nil {
+		if err := s.And.Validate(); err != nil {
+			invalidParams.AddNested("And", err.(request.ErrInvalidParams))
+		}
+	}
+	if s.Tag != nil {
+		if err := s.Tag.Validate(); err != nil {
+			invalidParams.AddNested("Tag", err.(request.ErrInvalidParams))
+		}
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetAnd sets the And field's value.
+func (s *ReplicationRuleFilter) SetAnd(v *ReplicationRuleAndOperator) *ReplicationRuleFilter {
+	s.And = v
+	return s
+}
+
+// SetPrefix sets the Prefix field's value.
+func (s *ReplicationRuleFilter) SetPrefix(v string) *ReplicationRuleFilter {
+	s.Prefix = &v
+	return s
+}
+
+// SetTag sets the Tag field's value.
+func (s *ReplicationRuleFilter) SetTag(v *Tag) *ReplicationRuleFilter {
+	s.Tag = v
+	return s
+}
+
+// A container specifying S3 Replication Time Control (S3 RTC) related information,
+// including whether S3 RTC is enabled and the time when all objects and operations
+// on objects must be replicated. Must be specified together with a Metrics
+// block.
+type ReplicationTime struct {
+	_ struct{} `type:"structure"`
+
+	// Specifies whether the replication time is enabled.
+	//
+	// Status is a required field
+	Status *string `type:"string" required:"true" enum:"ReplicationTimeStatus"`
+
+	// A container specifying the time by which replication should be complete for
+	// all objects and operations on objects.
+	//
+	// Time is a required field
+	Time *ReplicationTimeValue `type:"structure" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ReplicationTime) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ReplicationTime) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *ReplicationTime) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "ReplicationTime"}
+	if s.Status == nil {
+		invalidParams.Add(request.NewErrParamRequired("Status"))
+	}
+	if s.Time == nil {
+		invalidParams.Add(request.NewErrParamRequired("Time"))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetStatus sets the Status field's value.
+func (s *ReplicationTime) SetStatus(v string) *ReplicationTime {
+	s.Status = &v
+	return s
+}
+
+// SetTime sets the Time field's value.
+func (s *ReplicationTime) SetTime(v *ReplicationTimeValue) *ReplicationTime {
+	s.Time = v
+	return s
+}
+
+// A container specifying the time value for S3 Replication Time Control (S3
+// RTC) and replication metrics EventThreshold.
+type ReplicationTimeValue struct {
+	_ struct{} `type:"structure"`
+
+	// Contains an integer specifying time in minutes.
+	//
+	// Valid value: 15
+	Minutes *int64 `type:"integer"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ReplicationTimeValue) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ReplicationTimeValue) GoString() string {
+	return s.String()
+}
+
+// SetMinutes sets the Minutes field's value.
+func (s *ReplicationTimeValue) SetMinutes(v int64) *ReplicationTimeValue {
+	s.Minutes = &v
+	return s
+}
+
+// Container for Payer.
+type RequestPaymentConfiguration struct {
+	_ struct{} `type:"structure"`
+
+	// Specifies who pays for the download and request fees.
+	//
+	// Payer is a required field
+	Payer *string `type:"string" required:"true" enum:"Payer"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s RequestPaymentConfiguration) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s RequestPaymentConfiguration) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *RequestPaymentConfiguration) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "RequestPaymentConfiguration"}
+	if s.Payer == nil {
+		invalidParams.Add(request.NewErrParamRequired("Payer"))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetPayer sets the Payer field's value.
+func (s *RequestPaymentConfiguration) SetPayer(v string) *RequestPaymentConfiguration {
+	s.Payer = &v
+	return s
+}
+
+// Container for specifying if periodic QueryProgress messages should be sent.
+type RequestProgress struct {
+	_ struct{} `type:"structure"`
+
+	// Specifies whether periodic QueryProgress frames should be sent. Valid values:
+	// TRUE, FALSE. Default value: FALSE.
+	Enabled *bool `type:"boolean"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s RequestProgress) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s RequestProgress) GoString() string {
+	return s.String()
+}
+
+// SetEnabled sets the Enabled field's value.
+func (s *RequestProgress) SetEnabled(v bool) *RequestProgress {
+	s.Enabled = &v
+	return s
+}
+
+type RestoreObjectInput struct {
+	_ struct{} `locationName:"RestoreObjectRequest" type:"structure" payload:"RestoreRequest"`
+
+	// The bucket name containing the object to restore.
+	//
+	// When using this action with an access point, you must direct requests to
+	// the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com.
+	// When using this action with an access point through the Amazon Web Services
+	// SDKs, you provide the access point ARN in place of the bucket name. For more
+	// information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
+	// in the Amazon S3 User Guide.
+	//
+	// When you use this action with Amazon S3 on Outposts, you must direct requests
+	// to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form
+	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When
+	// you use this action with S3 on Outposts through the Amazon Web Services SDKs,
+	// you provide the Outposts access point ARN in place of the bucket name. For
+	// more information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
+	// in the Amazon S3 User Guide.
+	//
+	// Bucket is a required field
+	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
+
+	// Indicates the algorithm used to create the checksum for the object when using
+	// the SDK. This header will not provide any additional functionality if not
+	// using the SDK. When sending this header, there must be a corresponding x-amz-checksum
+	// or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with
+	// the HTTP status code 400 Bad Request. For more information, see Checking
+	// object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// in the Amazon S3 User Guide.
+	//
+	// If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm
+	// parameter.
+	//
+	// The AWS SDK for Go v1 does not support automatic computing request payload
+	// checksum. This feature is available in the AWS SDK for Go v2. If a value
+	// is specified for this parameter, the matching algorithm's checksum member
+	// must be populated with the algorithm's checksum of the request payload.
+	ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"`
+
+	// The account ID of the expected bucket owner. If the bucket is owned by a
+	// different account, the request fails with the HTTP status code 403 Forbidden
+	// (access denied).
+	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
+
+	// Object key for which the action was initiated.
+	//
+	// Key is a required field
+	Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"`
+
+	// Confirms that the requester knows that they will be charged for the request.
+	// Bucket owners need not specify this parameter in their requests. For information
+	// about downloading objects from Requester Pays buckets, see Downloading Objects
+	// in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
+	// in the Amazon S3 User Guide.
+	RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"`
+
+	// Container for restore job parameters.
+	RestoreRequest *RestoreRequest `locationName:"RestoreRequest" type:"structure" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"`
+
+	// VersionId used to reference a specific version of the object.
+	VersionId *string `location:"querystring" locationName:"versionId" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s RestoreObjectInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s RestoreObjectInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *RestoreObjectInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "RestoreObjectInput"}
+	if s.Bucket == nil {
+		invalidParams.Add(request.NewErrParamRequired("Bucket"))
+	}
+	if s.Bucket != nil && len(*s.Bucket) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+	}
+	if s.Key == nil {
+		invalidParams.Add(request.NewErrParamRequired("Key"))
+	}
+	if s.Key != nil && len(*s.Key) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Key", 1))
+	}
+	if s.RestoreRequest != nil {
+		if err := s.RestoreRequest.Validate(); err != nil {
+			invalidParams.AddNested("RestoreRequest", err.(request.ErrInvalidParams))
+		}
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetBucket sets the Bucket field's value.
+func (s *RestoreObjectInput) SetBucket(v string) *RestoreObjectInput {
+	s.Bucket = &v
+	return s
+}
+
+func (s *RestoreObjectInput) getBucket() (v string) {
+	if s.Bucket == nil {
+		return v
+	}
+	return *s.Bucket
+}
+
+// SetChecksumAlgorithm sets the ChecksumAlgorithm field's value.
+func (s *RestoreObjectInput) SetChecksumAlgorithm(v string) *RestoreObjectInput {
+	s.ChecksumAlgorithm = &v
+	return s
+}
+
+// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
+func (s *RestoreObjectInput) SetExpectedBucketOwner(v string) *RestoreObjectInput {
+	s.ExpectedBucketOwner = &v
+	return s
+}
+
+// SetKey sets the Key field's value.
+func (s *RestoreObjectInput) SetKey(v string) *RestoreObjectInput {
+	s.Key = &v
+	return s
+}
+
+// SetRequestPayer sets the RequestPayer field's value.
+func (s *RestoreObjectInput) SetRequestPayer(v string) *RestoreObjectInput {
+	s.RequestPayer = &v
+	return s
+}
+
+// SetRestoreRequest sets the RestoreRequest field's value.
+func (s *RestoreObjectInput) SetRestoreRequest(v *RestoreRequest) *RestoreObjectInput {
+	s.RestoreRequest = v
+	return s
+}
+
+// SetVersionId sets the VersionId field's value.
+func (s *RestoreObjectInput) SetVersionId(v string) *RestoreObjectInput {
+	s.VersionId = &v
+	return s
+}
+
+func (s *RestoreObjectInput) getEndpointARN() (arn.Resource, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	return parseEndpointARN(*s.Bucket)
+}
+
+func (s *RestoreObjectInput) hasEndpointARN() bool {
+	if s.Bucket == nil {
+		return false
+	}
+	return arn.IsARN(*s.Bucket)
+}
+
+// updateArnableField updates the value of the input field that
+// takes an ARN as an input. This method is useful to backfill
+// the parsed resource name from ARN into the input member.
+// It returns a pointer to a modified copy of input and an error.
+// Note that original input is not modified.
+func (s RestoreObjectInput) updateArnableField(v string) (interface{}, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	s.Bucket = aws.String(v)
+	return &s, nil
+}
+
+type RestoreObjectOutput struct {
+	_ struct{} `type:"structure"`
+
+	// If present, indicates that the requester was successfully charged for the
+	// request.
+	RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"`
+
+	// Indicates the path in the provided S3 output location where Select results
+	// will be restored to.
+	RestoreOutputPath *string `location:"header" locationName:"x-amz-restore-output-path" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s RestoreObjectOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s RestoreObjectOutput) GoString() string {
+	return s.String()
+}
+
+// SetRequestCharged sets the RequestCharged field's value.
+func (s *RestoreObjectOutput) SetRequestCharged(v string) *RestoreObjectOutput {
+	s.RequestCharged = &v
+	return s
+}
+
+// SetRestoreOutputPath sets the RestoreOutputPath field's value.
+func (s *RestoreObjectOutput) SetRestoreOutputPath(v string) *RestoreObjectOutput {
+	s.RestoreOutputPath = &v
+	return s
+}
+
+// Container for restore job parameters.
+type RestoreRequest struct {
+	_ struct{} `type:"structure"`
+
+	// Lifetime of the active copy in days. Do not use with restores that specify
+	// OutputLocation.
+	//
+	// The Days element is required for regular restores, and must not be provided
+	// for select requests.
+	Days *int64 `type:"integer"`
+
+	// The optional description for the job.
+	Description *string `type:"string"`
+
+	// S3 Glacier related parameters pertaining to this job. Do not use with restores
+	// that specify OutputLocation.
+	GlacierJobParameters *GlacierJobParameters `type:"structure"`
+
+	// Describes the location where the restore job's output is stored.
+	OutputLocation *OutputLocation `type:"structure"`
+
+	// Describes the parameters for Select job types.
+	SelectParameters *SelectParameters `type:"structure"`
+
+	// Retrieval tier at which the restore will be processed.
+	Tier *string `type:"string" enum:"Tier"`
+
+	// Type of restore request.
+	Type *string `type:"string" enum:"RestoreRequestType"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s RestoreRequest) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s RestoreRequest) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *RestoreRequest) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "RestoreRequest"}
+	if s.GlacierJobParameters != nil {
+		if err := s.GlacierJobParameters.Validate(); err != nil {
+			invalidParams.AddNested("GlacierJobParameters", err.(request.ErrInvalidParams))
+		}
+	}
+	if s.OutputLocation != nil {
+		if err := s.OutputLocation.Validate(); err != nil {
+			invalidParams.AddNested("OutputLocation", err.(request.ErrInvalidParams))
+		}
+	}
+	if s.SelectParameters != nil {
+		if err := s.SelectParameters.Validate(); err != nil {
+			invalidParams.AddNested("SelectParameters", err.(request.ErrInvalidParams))
+		}
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetDays sets the Days field's value.
+func (s *RestoreRequest) SetDays(v int64) *RestoreRequest {
+	s.Days = &v
+	return s
+}
+
+// SetDescription sets the Description field's value.
+func (s *RestoreRequest) SetDescription(v string) *RestoreRequest {
+	s.Description = &v
+	return s
+}
+
+// SetGlacierJobParameters sets the GlacierJobParameters field's value.
+func (s *RestoreRequest) SetGlacierJobParameters(v *GlacierJobParameters) *RestoreRequest {
+	s.GlacierJobParameters = v
+	return s
+}
+
+// SetOutputLocation sets the OutputLocation field's value.
+func (s *RestoreRequest) SetOutputLocation(v *OutputLocation) *RestoreRequest {
+	s.OutputLocation = v
+	return s
+}
+
+// SetSelectParameters sets the SelectParameters field's value.
+func (s *RestoreRequest) SetSelectParameters(v *SelectParameters) *RestoreRequest {
+	s.SelectParameters = v
+	return s
+}
+
+// SetTier sets the Tier field's value.
+func (s *RestoreRequest) SetTier(v string) *RestoreRequest {
+	s.Tier = &v
+	return s
+}
+
+// SetType sets the Type field's value.
+func (s *RestoreRequest) SetType(v string) *RestoreRequest {
+	s.Type = &v
+	return s
+}
+
+// Specifies the redirect behavior and when a redirect is applied. For more
+// information about routing rules, see Configuring advanced conditional redirects
+// (https://docs.aws.amazon.com/AmazonS3/latest/dev/how-to-page-redirect.html#advanced-conditional-redirects)
+// in the Amazon S3 User Guide.
+type RoutingRule struct {
+	_ struct{} `type:"structure"`
+
+	// A container for describing a condition that must be met for the specified
+	// redirect to apply. For example, 1. If request is for pages in the /docs folder,
+	// redirect to the /documents folder. 2. If request results in HTTP error 4xx,
+	// redirect request to another host where you might process the error.
+	Condition *Condition `type:"structure"`
+
+	// Container for redirect information. You can redirect requests to another
+	// host, to another page, or with another protocol. In the event of an error,
+	// you can specify a different error code to return.
+	//
+	// Redirect is a required field
+	Redirect *Redirect `type:"structure" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s RoutingRule) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s RoutingRule) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *RoutingRule) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "RoutingRule"}
+	if s.Redirect == nil {
+		invalidParams.Add(request.NewErrParamRequired("Redirect"))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetCondition sets the Condition field's value.
+func (s *RoutingRule) SetCondition(v *Condition) *RoutingRule {
+	s.Condition = v
+	return s
+}
+
+// SetRedirect sets the Redirect field's value.
+func (s *RoutingRule) SetRedirect(v *Redirect) *RoutingRule {
+	s.Redirect = v
+	return s
+}
+
+// Specifies lifecycle rules for an Amazon S3 bucket. For more information,
+// see Put Bucket Lifecycle Configuration (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTlifecycle.html)
+// in the Amazon S3 API Reference. For examples, see Put Bucket Lifecycle Configuration
+// Examples (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycleConfiguration.html#API_PutBucketLifecycleConfiguration_Examples).
+type Rule struct {
+	_ struct{} `type:"structure"`
+
+	// Specifies the days since the initiation of an incomplete multipart upload
+	// that Amazon S3 will wait before permanently removing all parts of the upload.
+	// For more information, see Aborting Incomplete Multipart Uploads Using a Bucket
+	// Lifecycle Configuration (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html#mpu-abort-incomplete-mpu-lifecycle-config)
+	// in the Amazon S3 User Guide.
+	AbortIncompleteMultipartUpload *AbortIncompleteMultipartUpload `type:"structure"`
+
+	// Specifies the expiration for the lifecycle of the object.
+	Expiration *LifecycleExpiration `type:"structure"`
+
+	// Unique identifier for the rule. The value can't be longer than 255 characters.
+	ID *string `type:"string"`
+
+	// Specifies when noncurrent object versions expire. Upon expiration, Amazon
+	// S3 permanently deletes the noncurrent object versions. You set this lifecycle
+	// configuration action on a bucket that has versioning enabled (or suspended)
+	// to request that Amazon S3 delete noncurrent object versions at a specific
+	// period in the object's lifetime.
+	NoncurrentVersionExpiration *NoncurrentVersionExpiration `type:"structure"`
+
+	// Container for the transition rule that describes when noncurrent objects
+	// transition to the STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER_IR,
+	// GLACIER, or DEEP_ARCHIVE storage class. If your bucket is versioning-enabled
+	// (or versioning is suspended), you can set this action to request that Amazon
+	// S3 transition noncurrent object versions to the STANDARD_IA, ONEZONE_IA,
+	// INTELLIGENT_TIERING, GLACIER_IR, GLACIER, or DEEP_ARCHIVE storage class at
+	// a specific period in the object's lifetime.
+	NoncurrentVersionTransition *NoncurrentVersionTransition `type:"structure"`
+
+	// Object key prefix that identifies one or more objects to which this rule
+	// applies.
+	//
+	// Replacement must be made for object keys containing special characters (such
+	// as carriage returns) when using XML requests. For more information, see XML
+	// related object key constraints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints).
+	//
+	// Prefix is a required field
+	Prefix *string `type:"string" required:"true"`
+
+	// If Enabled, the rule is currently being applied. If Disabled, the rule is
+	// not currently being applied.
+	//
+	// Status is a required field
+	Status *string `type:"string" required:"true" enum:"ExpirationStatus"`
+
+	// Specifies when an object transitions to a specified storage class. For more
+	// information about Amazon S3 lifecycle configuration rules, see Transitioning
+	// Objects Using Amazon S3 Lifecycle (https://docs.aws.amazon.com/AmazonS3/latest/dev/lifecycle-transition-general-considerations.html)
+	// in the Amazon S3 User Guide.
+	Transition *Transition `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s Rule) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s Rule) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *Rule) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "Rule"}
+	if s.Prefix == nil {
+		invalidParams.Add(request.NewErrParamRequired("Prefix"))
+	}
+	if s.Status == nil {
+		invalidParams.Add(request.NewErrParamRequired("Status"))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetAbortIncompleteMultipartUpload sets the AbortIncompleteMultipartUpload field's value.
+func (s *Rule) SetAbortIncompleteMultipartUpload(v *AbortIncompleteMultipartUpload) *Rule {
+	s.AbortIncompleteMultipartUpload = v
+	return s
+}
+
+// SetExpiration sets the Expiration field's value.
+func (s *Rule) SetExpiration(v *LifecycleExpiration) *Rule {
+	s.Expiration = v
+	return s
+}
+
+// SetID sets the ID field's value.
+func (s *Rule) SetID(v string) *Rule {
+	s.ID = &v
+	return s
+}
+
+// SetNoncurrentVersionExpiration sets the NoncurrentVersionExpiration field's value.
+func (s *Rule) SetNoncurrentVersionExpiration(v *NoncurrentVersionExpiration) *Rule {
+	s.NoncurrentVersionExpiration = v
+	return s
+}
+
+// SetNoncurrentVersionTransition sets the NoncurrentVersionTransition field's value.
+func (s *Rule) SetNoncurrentVersionTransition(v *NoncurrentVersionTransition) *Rule {
+	s.NoncurrentVersionTransition = v
+	return s
+}
+
+// SetPrefix sets the Prefix field's value.
+func (s *Rule) SetPrefix(v string) *Rule {
+	s.Prefix = &v
+	return s
+}
+
+// SetStatus sets the Status field's value.
+func (s *Rule) SetStatus(v string) *Rule {
+	s.Status = &v
+	return s
+}
+
+// SetTransition sets the Transition field's value.
+func (s *Rule) SetTransition(v *Transition) *Rule {
+	s.Transition = v
+	return s
+}
+
+// Specifies the use of SSE-KMS to encrypt delivered inventory reports.
+type SSEKMS struct {
+	_ struct{} `locationName:"SSE-KMS" type:"structure"`
+
+	// Specifies the ID of the Key Management Service (KMS) symmetric encryption
+	// customer managed key to use for encrypting inventory reports.
+	//
+	// KeyId is a sensitive parameter and its value will be
+	// replaced with "sensitive" in string returned by SSEKMS's
+	// String and GoString methods.
+	//
+	// KeyId is a required field
+	KeyId *string `type:"string" required:"true" sensitive:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s SSEKMS) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s SSEKMS) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *SSEKMS) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "SSEKMS"}
+	if s.KeyId == nil {
+		invalidParams.Add(request.NewErrParamRequired("KeyId"))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetKeyId sets the KeyId field's value.
+func (s *SSEKMS) SetKeyId(v string) *SSEKMS {
+	s.KeyId = &v
+	return s
+}
+
+// Specifies the use of SSE-S3 to encrypt delivered inventory reports.
+type SSES3 struct {
+	_ struct{} `locationName:"SSE-S3" type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s SSES3) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s SSES3) GoString() string {
+	return s.String()
+}
+
+// Specifies the byte range of the object to get the records from. A record
+// is processed when its first byte is contained by the range. This parameter
+// is optional, but when specified, it must not be empty. See RFC 2616, Section
+// 14.35.1 about how to specify the start and end of the range.
+type ScanRange struct {
+	_ struct{} `type:"structure"`
+
+	// Specifies the end of the byte range. This parameter is optional. Valid values:
+	// non-negative integers. The default value is one less than the size of the
+	// object being queried. If only the End parameter is supplied, it is interpreted
+	// to mean scan the last N bytes of the file. For example, <scanrange><end>50</end></scanrange>
+	// means scan the last 50 bytes.
+	End *int64 `type:"long"`
+
+	// Specifies the start of the byte range. This parameter is optional. Valid
+	// values: non-negative integers. The default value is 0. If only start is supplied,
+	// it means scan from that point to the end of the file. For example, <scanrange><start>50</start></scanrange>
+	// means scan from byte 50 until the end of the file.
+	Start *int64 `type:"long"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ScanRange) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ScanRange) GoString() string {
+	return s.String()
+}
+
+// SetEnd sets the End field's value.
+func (s *ScanRange) SetEnd(v int64) *ScanRange {
+	s.End = &v
+	return s
+}
+
+// SetStart sets the Start field's value.
+func (s *ScanRange) SetStart(v int64) *ScanRange {
+	s.Start = &v
+	return s
+}
+
+// SelectObjectContentEventStreamEvent groups together all EventStream
+// events writes for SelectObjectContentEventStream.
+//
+// These events are:
+//
+//   - ContinuationEvent
+//   - EndEvent
+//   - ProgressEvent
+//   - RecordsEvent
+//   - StatsEvent
+type SelectObjectContentEventStreamEvent interface {
+	eventSelectObjectContentEventStream()
+	eventstreamapi.Marshaler
+	eventstreamapi.Unmarshaler
+}
+
+// SelectObjectContentEventStreamReader provides the interface for reading to the stream. The
+// default implementation for this interface will be SelectObjectContentEventStreamData.
+//
+// The reader's Close method must allow multiple concurrent calls.
+//
+// These events are:
+//
+//   - ContinuationEvent
+//   - EndEvent
+//   - ProgressEvent
+//   - RecordsEvent
+//   - StatsEvent
+//   - SelectObjectContentEventStreamUnknownEvent
+type SelectObjectContentEventStreamReader interface {
+	// Returns a channel of events as they are read from the event stream.
+	Events() <-chan SelectObjectContentEventStreamEvent
+
+	// Close will stop the reader reading events from the stream.
+	Close() error
+
+	// Returns any error that has occurred while reading from the event stream.
+	Err() error
+}
+
+type readSelectObjectContentEventStream struct {
+	eventReader *eventstreamapi.EventReader
+	stream      chan SelectObjectContentEventStreamEvent
+	err         *eventstreamapi.OnceError
+
+	done      chan struct{}
+	closeOnce sync.Once
+}
+
+func newReadSelectObjectContentEventStream(eventReader *eventstreamapi.EventReader) *readSelectObjectContentEventStream {
+	r := &readSelectObjectContentEventStream{
+		eventReader: eventReader,
+		stream:      make(chan SelectObjectContentEventStreamEvent),
+		done:        make(chan struct{}),
+		err:         eventstreamapi.NewOnceError(),
+	}
+	go r.readEventStream()
+
+	return r
+}
+
+// Close will close the underlying event stream reader.
+func (r *readSelectObjectContentEventStream) Close() error {
+	r.closeOnce.Do(r.safeClose)
+	return r.Err()
+}
+
+func (r *readSelectObjectContentEventStream) ErrorSet() <-chan struct{} {
+	return r.err.ErrorSet()
+}
+
+func (r *readSelectObjectContentEventStream) Closed() <-chan struct{} {
+	return r.done
+}
+
+func (r *readSelectObjectContentEventStream) safeClose() {
+	close(r.done)
+}
+
+func (r *readSelectObjectContentEventStream) Err() error {
+	return r.err.Err()
+}
+
+func (r *readSelectObjectContentEventStream) Events() <-chan SelectObjectContentEventStreamEvent {
+	return r.stream
+}
+
+func (r *readSelectObjectContentEventStream) readEventStream() {
+	defer r.Close()
+	defer close(r.stream)
+
+	for {
+		event, err := r.eventReader.ReadEvent()
+		if err != nil {
+			if err == io.EOF {
+				return
+			}
+			select {
+			case <-r.done:
+				// If closed already ignore the error
+				return
+			default:
+			}
+			if _, ok := err.(*eventstreamapi.UnknownMessageTypeError); ok {
+				continue
+			}
+			r.err.SetError(err)
+			return
+		}
+
+		select {
+		case r.stream <- event.(SelectObjectContentEventStreamEvent):
+		case <-r.done:
+			return
+		}
+	}
+}
+
+type unmarshalerForSelectObjectContentEventStreamEvent struct {
+	metadata protocol.ResponseMetadata
+}
+
+func (u unmarshalerForSelectObjectContentEventStreamEvent) UnmarshalerForEventName(eventType string) (eventstreamapi.Unmarshaler, error) {
+	switch eventType {
+	case "Cont":
+		return &ContinuationEvent{}, nil
+	case "End":
+		return &EndEvent{}, nil
+	case "Progress":
+		return &ProgressEvent{}, nil
+	case "Records":
+		return &RecordsEvent{}, nil
+	case "Stats":
+		return &StatsEvent{}, nil
+	default:
+		return &SelectObjectContentEventStreamUnknownEvent{Type: eventType}, nil
+	}
+}
+
+// SelectObjectContentEventStreamUnknownEvent provides a failsafe event for the
+// SelectObjectContentEventStream group of events when an unknown event is received.
+type SelectObjectContentEventStreamUnknownEvent struct {
+	Type    string
+	Message eventstream.Message
+}
+
+// The SelectObjectContentEventStreamUnknownEvent is and event in the SelectObjectContentEventStream
+// group of events.
+func (s *SelectObjectContentEventStreamUnknownEvent) eventSelectObjectContentEventStream() {}
+
+// MarshalEvent marshals the type into an stream event value. This method
+// should only used internally within the SDK's EventStream handling.
+func (e *SelectObjectContentEventStreamUnknownEvent) MarshalEvent(pm protocol.PayloadMarshaler) (
+	msg eventstream.Message, err error,
+) {
+	return e.Message.Clone(), nil
+}
+
+// UnmarshalEvent unmarshals the EventStream Message into the SelectObjectContentEventStreamData value.
+// This method is only used internally within the SDK's EventStream handling.
+func (e *SelectObjectContentEventStreamUnknownEvent) UnmarshalEvent(
+	payloadUnmarshaler protocol.PayloadUnmarshaler,
+	msg eventstream.Message,
+) error {
+	e.Message = msg.Clone()
+	return nil
+}
+
+// Request to filter the contents of an Amazon S3 object based on a simple Structured
+// Query Language (SQL) statement. In the request, along with the SQL expression,
+// you must specify a data serialization format (JSON or CSV) of the object.
+// Amazon S3 uses this to parse object data into records. It returns only records
+// that match the specified SQL expression. You must also specify the data serialization
+// format for the response. For more information, see S3Select API Documentation
+// (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTObjectSELECTContent.html).
+type SelectObjectContentInput struct {
+	_ struct{} `locationName:"SelectObjectContentRequest" type:"structure" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"`
+
+	// The S3 bucket.
+	//
+	// Bucket is a required field
+	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
+
+	// The account ID of the expected bucket owner. If the bucket is owned by a
+	// different account, the request fails with the HTTP status code 403 Forbidden
+	// (access denied).
+	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
+
+	// The expression that is used to query the object.
+	//
+	// Expression is a required field
+	Expression *string `type:"string" required:"true"`
+
+	// The type of the provided expression (for example, SQL).
+	//
+	// ExpressionType is a required field
+	ExpressionType *string `type:"string" required:"true" enum:"ExpressionType"`
+
+	// Describes the format of the data in the object that is being queried.
+	//
+	// InputSerialization is a required field
+	InputSerialization *InputSerialization `type:"structure" required:"true"`
+
+	// The object key.
+	//
+	// Key is a required field
+	Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"`
+
+	// Describes the format of the data that you want Amazon S3 to return in response.
+	//
+	// OutputSerialization is a required field
+	OutputSerialization *OutputSerialization `type:"structure" required:"true"`
+
+	// Specifies if periodic request progress information should be enabled.
+	RequestProgress *RequestProgress `type:"structure"`
+
+	// The server-side encryption (SSE) algorithm used to encrypt the object. This
+	// parameter is needed only when the object was created using a checksum algorithm.
+	// For more information, see Protecting data using SSE-C keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html)
+	// in the Amazon S3 User Guide.
+	SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"`
+
+	// The server-side encryption (SSE) customer managed key. This parameter is
+	// needed only when the object was created using a checksum algorithm. For more
+	// information, see Protecting data using SSE-C keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html)
+	// in the Amazon S3 User Guide.
+	//
+	// SSECustomerKey is a sensitive parameter and its value will be
+	// replaced with "sensitive" in string returned by SelectObjectContentInput's
+	// String and GoString methods.
+	SSECustomerKey *string `marshal-as:"blob" location:"header" locationName:"x-amz-server-side-encryption-customer-key" type:"string" sensitive:"true"`
+
+	// The MD5 server-side encryption (SSE) customer managed key. This parameter
+	// is needed only when the object was created using a checksum algorithm. For
+	// more information, see Protecting data using SSE-C keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html)
+	// in the Amazon S3 User Guide.
+	SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"`
+
+	// Specifies the byte range of the object to get the records from. A record
+	// is processed when its first byte is contained by the range. This parameter
+	// is optional, but when specified, it must not be empty. See RFC 2616, Section
+	// 14.35.1 about how to specify the start and end of the range.
+	//
+	// ScanRangemay be used in the following ways:
+	//
+	//    * <scanrange><start>50</start><end>100</end></scanrange> - process only
+	//    the records starting between the bytes 50 and 100 (inclusive, counting
+	//    from zero)
+	//
+	//    * <scanrange><start>50</start></scanrange> - process only the records
+	//    starting after the byte 50
+	//
+	//    * <scanrange><end>50</end></scanrange> - process only the records within
+	//    the last 50 bytes of the file.
+	ScanRange *ScanRange `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s SelectObjectContentInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s SelectObjectContentInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *SelectObjectContentInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "SelectObjectContentInput"}
+	if s.Bucket == nil {
+		invalidParams.Add(request.NewErrParamRequired("Bucket"))
+	}
+	if s.Bucket != nil && len(*s.Bucket) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+	}
+	if s.Expression == nil {
+		invalidParams.Add(request.NewErrParamRequired("Expression"))
+	}
+	if s.ExpressionType == nil {
+		invalidParams.Add(request.NewErrParamRequired("ExpressionType"))
+	}
+	if s.InputSerialization == nil {
+		invalidParams.Add(request.NewErrParamRequired("InputSerialization"))
+	}
+	if s.Key == nil {
+		invalidParams.Add(request.NewErrParamRequired("Key"))
+	}
+	if s.Key != nil && len(*s.Key) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Key", 1))
+	}
+	if s.OutputSerialization == nil {
+		invalidParams.Add(request.NewErrParamRequired("OutputSerialization"))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetBucket sets the Bucket field's value.
+func (s *SelectObjectContentInput) SetBucket(v string) *SelectObjectContentInput {
+	s.Bucket = &v
+	return s
+}
+
+func (s *SelectObjectContentInput) getBucket() (v string) {
+	if s.Bucket == nil {
+		return v
+	}
+	return *s.Bucket
+}
+
+// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
+func (s *SelectObjectContentInput) SetExpectedBucketOwner(v string) *SelectObjectContentInput {
+	s.ExpectedBucketOwner = &v
+	return s
+}
+
+// SetExpression sets the Expression field's value.
+func (s *SelectObjectContentInput) SetExpression(v string) *SelectObjectContentInput {
+	s.Expression = &v
+	return s
+}
+
+// SetExpressionType sets the ExpressionType field's value.
+func (s *SelectObjectContentInput) SetExpressionType(v string) *SelectObjectContentInput {
+	s.ExpressionType = &v
+	return s
+}
+
+// SetInputSerialization sets the InputSerialization field's value.
+func (s *SelectObjectContentInput) SetInputSerialization(v *InputSerialization) *SelectObjectContentInput {
+	s.InputSerialization = v
+	return s
+}
+
+// SetKey sets the Key field's value.
+func (s *SelectObjectContentInput) SetKey(v string) *SelectObjectContentInput {
+	s.Key = &v
+	return s
+}
+
+// SetOutputSerialization sets the OutputSerialization field's value.
+func (s *SelectObjectContentInput) SetOutputSerialization(v *OutputSerialization) *SelectObjectContentInput {
+	s.OutputSerialization = v
+	return s
+}
+
+// SetRequestProgress sets the RequestProgress field's value.
+func (s *SelectObjectContentInput) SetRequestProgress(v *RequestProgress) *SelectObjectContentInput {
+	s.RequestProgress = v
+	return s
+}
+
+// SetSSECustomerAlgorithm sets the SSECustomerAlgorithm field's value.
+func (s *SelectObjectContentInput) SetSSECustomerAlgorithm(v string) *SelectObjectContentInput {
+	s.SSECustomerAlgorithm = &v
+	return s
+}
+
+// SetSSECustomerKey sets the SSECustomerKey field's value.
+func (s *SelectObjectContentInput) SetSSECustomerKey(v string) *SelectObjectContentInput {
+	s.SSECustomerKey = &v
+	return s
+}
+
+func (s *SelectObjectContentInput) getSSECustomerKey() (v string) {
+	if s.SSECustomerKey == nil {
+		return v
+	}
+	return *s.SSECustomerKey
+}
+
+// SetSSECustomerKeyMD5 sets the SSECustomerKeyMD5 field's value.
+func (s *SelectObjectContentInput) SetSSECustomerKeyMD5(v string) *SelectObjectContentInput {
+	s.SSECustomerKeyMD5 = &v
+	return s
+}
+
+// SetScanRange sets the ScanRange field's value.
+func (s *SelectObjectContentInput) SetScanRange(v *ScanRange) *SelectObjectContentInput {
+	s.ScanRange = v
+	return s
+}
+
+func (s *SelectObjectContentInput) getEndpointARN() (arn.Resource, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	return parseEndpointARN(*s.Bucket)
+}
+
+func (s *SelectObjectContentInput) hasEndpointARN() bool {
+	if s.Bucket == nil {
+		return false
+	}
+	return arn.IsARN(*s.Bucket)
+}
+
+// updateArnableField updates the value of the input field that
+// takes an ARN as an input. This method is useful to backfill
+// the parsed resource name from ARN into the input member.
+// It returns a pointer to a modified copy of input and an error.
+// Note that original input is not modified.
+func (s SelectObjectContentInput) updateArnableField(v string) (interface{}, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	s.Bucket = aws.String(v)
+	return &s, nil
+}
+
+type SelectObjectContentOutput struct {
+	_ struct{} `type:"structure" payload:"Payload"`
+
+	EventStream *SelectObjectContentEventStream
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s SelectObjectContentOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s SelectObjectContentOutput) GoString() string {
+	return s.String()
+}
+
+func (s *SelectObjectContentOutput) SetEventStream(v *SelectObjectContentEventStream) *SelectObjectContentOutput {
+	s.EventStream = v
+	return s
+}
+func (s *SelectObjectContentOutput) GetEventStream() *SelectObjectContentEventStream {
+	return s.EventStream
+}
+
+// GetStream returns the type to interact with the event stream.
+func (s *SelectObjectContentOutput) GetStream() *SelectObjectContentEventStream {
+	return s.EventStream
+}
+
+// Describes the parameters for Select job types.
+type SelectParameters struct {
+	_ struct{} `type:"structure"`
+
+	// The expression that is used to query the object.
+	//
+	// Expression is a required field
+	Expression *string `type:"string" required:"true"`
+
+	// The type of the provided expression (for example, SQL).
+	//
+	// ExpressionType is a required field
+	ExpressionType *string `type:"string" required:"true" enum:"ExpressionType"`
+
+	// Describes the serialization format of the object.
+	//
+	// InputSerialization is a required field
+	InputSerialization *InputSerialization `type:"structure" required:"true"`
+
+	// Describes how the results of the Select job are serialized.
+	//
+	// OutputSerialization is a required field
+	OutputSerialization *OutputSerialization `type:"structure" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s SelectParameters) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s SelectParameters) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *SelectParameters) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "SelectParameters"}
+	if s.Expression == nil {
+		invalidParams.Add(request.NewErrParamRequired("Expression"))
+	}
+	if s.ExpressionType == nil {
+		invalidParams.Add(request.NewErrParamRequired("ExpressionType"))
+	}
+	if s.InputSerialization == nil {
+		invalidParams.Add(request.NewErrParamRequired("InputSerialization"))
+	}
+	if s.OutputSerialization == nil {
+		invalidParams.Add(request.NewErrParamRequired("OutputSerialization"))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetExpression sets the Expression field's value.
+func (s *SelectParameters) SetExpression(v string) *SelectParameters {
+	s.Expression = &v
+	return s
+}
+
+// SetExpressionType sets the ExpressionType field's value.
+func (s *SelectParameters) SetExpressionType(v string) *SelectParameters {
+	s.ExpressionType = &v
+	return s
+}
+
+// SetInputSerialization sets the InputSerialization field's value.
+func (s *SelectParameters) SetInputSerialization(v *InputSerialization) *SelectParameters {
+	s.InputSerialization = v
+	return s
+}
+
+// SetOutputSerialization sets the OutputSerialization field's value.
+func (s *SelectParameters) SetOutputSerialization(v *OutputSerialization) *SelectParameters {
+	s.OutputSerialization = v
+	return s
+}
+
+// Describes the default server-side encryption to apply to new objects in the
+// bucket. If a PUT Object request doesn't specify any server-side encryption,
+// this default encryption will be applied. If you don't specify a customer
+// managed key at configuration, Amazon S3 automatically creates an Amazon Web
+// Services KMS key in your Amazon Web Services account the first time that
+// you add an object encrypted with SSE-KMS to a bucket. By default, Amazon
+// S3 uses this KMS key for SSE-KMS. For more information, see PUT Bucket encryption
+// (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTencryption.html)
+// in the Amazon S3 API Reference.
+type ServerSideEncryptionByDefault struct {
+	_ struct{} `type:"structure"`
+
+	// Amazon Web Services Key Management Service (KMS) customer Amazon Web Services
+	// KMS key ID to use for the default encryption. This parameter is allowed if
+	// and only if SSEAlgorithm is set to aws:kms.
+	//
+	// You can specify the key ID or the Amazon Resource Name (ARN) of the KMS key.
+	// If you use a key ID, you can run into a LogDestination undeliverable error
+	// when creating a VPC flow log.
+	//
+	// If you are using encryption with cross-account or Amazon Web Services service
+	// operations you must use a fully qualified KMS key ARN. For more information,
+	// see Using encryption for cross-account operations (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html#bucket-encryption-update-bucket-policy).
+	//
+	//    * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
+	//
+	//    * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
+	//
+	// Amazon S3 only supports symmetric encryption KMS keys. For more information,
+	// see Asymmetric keys in Amazon Web Services KMS (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html)
+	// in the Amazon Web Services Key Management Service Developer Guide.
+	//
+	// KMSMasterKeyID is a sensitive parameter and its value will be
+	// replaced with "sensitive" in string returned by ServerSideEncryptionByDefault's
+	// String and GoString methods.
+	KMSMasterKeyID *string `type:"string" sensitive:"true"`
+
+	// Server-side encryption algorithm to use for the default encryption.
+	//
+	// SSEAlgorithm is a required field
+	SSEAlgorithm *string `type:"string" required:"true" enum:"ServerSideEncryption"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ServerSideEncryptionByDefault) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ServerSideEncryptionByDefault) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *ServerSideEncryptionByDefault) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "ServerSideEncryptionByDefault"}
+	if s.SSEAlgorithm == nil {
+		invalidParams.Add(request.NewErrParamRequired("SSEAlgorithm"))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetKMSMasterKeyID sets the KMSMasterKeyID field's value.
+func (s *ServerSideEncryptionByDefault) SetKMSMasterKeyID(v string) *ServerSideEncryptionByDefault {
+	s.KMSMasterKeyID = &v
+	return s
+}
+
+// SetSSEAlgorithm sets the SSEAlgorithm field's value.
+func (s *ServerSideEncryptionByDefault) SetSSEAlgorithm(v string) *ServerSideEncryptionByDefault {
+	s.SSEAlgorithm = &v
+	return s
+}
+
+// Specifies the default server-side-encryption configuration.
+type ServerSideEncryptionConfiguration struct {
+	_ struct{} `type:"structure"`
+
+	// Container for information about a particular server-side encryption configuration
+	// rule.
+	//
+	// Rules is a required field
+	Rules []*ServerSideEncryptionRule `locationName:"Rule" type:"list" flattened:"true" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ServerSideEncryptionConfiguration) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ServerSideEncryptionConfiguration) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *ServerSideEncryptionConfiguration) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "ServerSideEncryptionConfiguration"}
+	if s.Rules == nil {
+		invalidParams.Add(request.NewErrParamRequired("Rules"))
+	}
+	if s.Rules != nil {
+		for i, v := range s.Rules {
+			if v == nil {
+				continue
+			}
+			if err := v.Validate(); err != nil {
+				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Rules", i), err.(request.ErrInvalidParams))
+			}
+		}
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetRules sets the Rules field's value.
+func (s *ServerSideEncryptionConfiguration) SetRules(v []*ServerSideEncryptionRule) *ServerSideEncryptionConfiguration {
+	s.Rules = v
+	return s
+}
+
+// Specifies the default server-side encryption configuration.
+type ServerSideEncryptionRule struct {
+	_ struct{} `type:"structure"`
+
+	// Specifies the default server-side encryption to apply to new objects in the
+	// bucket. If a PUT Object request doesn't specify any server-side encryption,
+	// this default encryption will be applied.
+	ApplyServerSideEncryptionByDefault *ServerSideEncryptionByDefault `type:"structure"`
+
+	// Specifies whether Amazon S3 should use an S3 Bucket Key with server-side
+	// encryption using KMS (SSE-KMS) for new objects in the bucket. Existing objects
+	// are not affected. Setting the BucketKeyEnabled element to true causes Amazon
+	// S3 to use an S3 Bucket Key. By default, S3 Bucket Key is not enabled.
+	//
+	// For more information, see Amazon S3 Bucket Keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-key.html)
+	// in the Amazon S3 User Guide.
+	BucketKeyEnabled *bool `type:"boolean"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ServerSideEncryptionRule) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ServerSideEncryptionRule) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *ServerSideEncryptionRule) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "ServerSideEncryptionRule"}
+	if s.ApplyServerSideEncryptionByDefault != nil {
+		if err := s.ApplyServerSideEncryptionByDefault.Validate(); err != nil {
+			invalidParams.AddNested("ApplyServerSideEncryptionByDefault", err.(request.ErrInvalidParams))
+		}
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetApplyServerSideEncryptionByDefault sets the ApplyServerSideEncryptionByDefault field's value.
+func (s *ServerSideEncryptionRule) SetApplyServerSideEncryptionByDefault(v *ServerSideEncryptionByDefault) *ServerSideEncryptionRule {
+	s.ApplyServerSideEncryptionByDefault = v
+	return s
+}
+
+// SetBucketKeyEnabled sets the BucketKeyEnabled field's value.
+func (s *ServerSideEncryptionRule) SetBucketKeyEnabled(v bool) *ServerSideEncryptionRule {
+	s.BucketKeyEnabled = &v
+	return s
+}
+
+// A container that describes additional filters for identifying the source
+// objects that you want to replicate. You can choose to enable or disable the
+// replication of these objects. Currently, Amazon S3 supports only the filter
+// that you can specify for objects created with server-side encryption using
+// a customer managed key stored in Amazon Web Services Key Management Service
+// (SSE-KMS).
+type SourceSelectionCriteria struct {
+	_ struct{} `type:"structure"`
+
+	// A filter that you can specify for selections for modifications on replicas.
+	// Amazon S3 doesn't replicate replica modifications by default. In the latest
+	// version of replication configuration (when Filter is specified), you can
+	// specify this element and set the status to Enabled to replicate modifications
+	// on replicas.
+	//
+	// If you don't specify the Filter element, Amazon S3 assumes that the replication
+	// configuration is the earlier version, V1. In the earlier version, this element
+	// is not allowed
+	ReplicaModifications *ReplicaModifications `type:"structure"`
+
+	// A container for filter information for the selection of Amazon S3 objects
+	// encrypted with Amazon Web Services KMS. If you include SourceSelectionCriteria
+	// in the replication configuration, this element is required.
+	SseKmsEncryptedObjects *SseKmsEncryptedObjects `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s SourceSelectionCriteria) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s SourceSelectionCriteria) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *SourceSelectionCriteria) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "SourceSelectionCriteria"}
+	if s.ReplicaModifications != nil {
+		if err := s.ReplicaModifications.Validate(); err != nil {
+			invalidParams.AddNested("ReplicaModifications", err.(request.ErrInvalidParams))
+		}
+	}
+	if s.SseKmsEncryptedObjects != nil {
+		if err := s.SseKmsEncryptedObjects.Validate(); err != nil {
+			invalidParams.AddNested("SseKmsEncryptedObjects", err.(request.ErrInvalidParams))
+		}
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetReplicaModifications sets the ReplicaModifications field's value.
+func (s *SourceSelectionCriteria) SetReplicaModifications(v *ReplicaModifications) *SourceSelectionCriteria {
+	s.ReplicaModifications = v
+	return s
+}
+
+// SetSseKmsEncryptedObjects sets the SseKmsEncryptedObjects field's value.
+func (s *SourceSelectionCriteria) SetSseKmsEncryptedObjects(v *SseKmsEncryptedObjects) *SourceSelectionCriteria {
+	s.SseKmsEncryptedObjects = v
+	return s
+}
+
+// A container for filter information for the selection of S3 objects encrypted
+// with Amazon Web Services KMS.
+type SseKmsEncryptedObjects struct {
+	_ struct{} `type:"structure"`
+
+	// Specifies whether Amazon S3 replicates objects created with server-side encryption
+	// using an Amazon Web Services KMS key stored in Amazon Web Services Key Management
+	// Service.
+	//
+	// Status is a required field
+	Status *string `type:"string" required:"true" enum:"SseKmsEncryptedObjectsStatus"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s SseKmsEncryptedObjects) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s SseKmsEncryptedObjects) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *SseKmsEncryptedObjects) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "SseKmsEncryptedObjects"}
+	if s.Status == nil {
+		invalidParams.Add(request.NewErrParamRequired("Status"))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetStatus sets the Status field's value.
+func (s *SseKmsEncryptedObjects) SetStatus(v string) *SseKmsEncryptedObjects {
+	s.Status = &v
+	return s
+}
+
+// Container for the stats details.
+type Stats struct {
+	_ struct{} `type:"structure"`
+
+	// The total number of uncompressed object bytes processed.
+	BytesProcessed *int64 `type:"long"`
+
+	// The total number of bytes of records payload data returned.
+	BytesReturned *int64 `type:"long"`
+
+	// The total number of object bytes scanned.
+	BytesScanned *int64 `type:"long"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s Stats) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s Stats) GoString() string {
+	return s.String()
+}
+
+// SetBytesProcessed sets the BytesProcessed field's value.
+func (s *Stats) SetBytesProcessed(v int64) *Stats {
+	s.BytesProcessed = &v
+	return s
+}
+
+// SetBytesReturned sets the BytesReturned field's value.
+func (s *Stats) SetBytesReturned(v int64) *Stats {
+	s.BytesReturned = &v
+	return s
+}
+
+// SetBytesScanned sets the BytesScanned field's value.
+func (s *Stats) SetBytesScanned(v int64) *Stats {
+	s.BytesScanned = &v
+	return s
+}
+
+// Container for the Stats Event.
+type StatsEvent struct {
+	_ struct{} `locationName:"StatsEvent" type:"structure" payload:"Details"`
+
+	// The Stats event details.
+	Details *Stats `locationName:"Details" type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s StatsEvent) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s StatsEvent) GoString() string {
+	return s.String()
+}
+
+// SetDetails sets the Details field's value.
+func (s *StatsEvent) SetDetails(v *Stats) *StatsEvent {
+	s.Details = v
+	return s
+}
+
+// The StatsEvent is and event in the SelectObjectContentEventStream group of events.
+func (s *StatsEvent) eventSelectObjectContentEventStream() {}
+
+// UnmarshalEvent unmarshals the EventStream Message into the StatsEvent value.
+// This method is only used internally within the SDK's EventStream handling.
+func (s *StatsEvent) UnmarshalEvent(
+	payloadUnmarshaler protocol.PayloadUnmarshaler,
+	msg eventstream.Message,
+) error {
+	if err := payloadUnmarshaler.UnmarshalPayload(
+		bytes.NewReader(msg.Payload), s,
+	); err != nil {
+		return err
+	}
+	return nil
+}
+
+// MarshalEvent marshals the type into an stream event value. This method
+// should only used internally within the SDK's EventStream handling.
+func (s *StatsEvent) MarshalEvent(pm protocol.PayloadMarshaler) (msg eventstream.Message, err error) {
+	msg.Headers.Set(eventstreamapi.MessageTypeHeader, eventstream.StringValue(eventstreamapi.EventMessageType))
+	var buf bytes.Buffer
+	if err = pm.MarshalPayload(&buf, s); err != nil {
+		return eventstream.Message{}, err
+	}
+	msg.Payload = buf.Bytes()
+	return msg, err
+}
+
+// Specifies data related to access patterns to be collected and made available
+// to analyze the tradeoffs between different storage classes for an Amazon
+// S3 bucket.
+type StorageClassAnalysis struct {
+	_ struct{} `type:"structure"`
+
+	// Specifies how data related to the storage class analysis for an Amazon S3
+	// bucket should be exported.
+	DataExport *StorageClassAnalysisDataExport `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s StorageClassAnalysis) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s StorageClassAnalysis) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *StorageClassAnalysis) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "StorageClassAnalysis"}
+	if s.DataExport != nil {
+		if err := s.DataExport.Validate(); err != nil {
+			invalidParams.AddNested("DataExport", err.(request.ErrInvalidParams))
+		}
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetDataExport sets the DataExport field's value.
+func (s *StorageClassAnalysis) SetDataExport(v *StorageClassAnalysisDataExport) *StorageClassAnalysis {
+	s.DataExport = v
+	return s
+}
+
+// Container for data related to the storage class analysis for an Amazon S3
+// bucket for export.
+type StorageClassAnalysisDataExport struct {
+	_ struct{} `type:"structure"`
+
+	// The place to store the data for an analysis.
+	//
+	// Destination is a required field
+	Destination *AnalyticsExportDestination `type:"structure" required:"true"`
+
+	// The version of the output schema to use when exporting data. Must be V_1.
+	//
+	// OutputSchemaVersion is a required field
+	OutputSchemaVersion *string `type:"string" required:"true" enum:"StorageClassAnalysisSchemaVersion"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s StorageClassAnalysisDataExport) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s StorageClassAnalysisDataExport) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *StorageClassAnalysisDataExport) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "StorageClassAnalysisDataExport"}
+	if s.Destination == nil {
+		invalidParams.Add(request.NewErrParamRequired("Destination"))
+	}
+	if s.OutputSchemaVersion == nil {
+		invalidParams.Add(request.NewErrParamRequired("OutputSchemaVersion"))
+	}
+	if s.Destination != nil {
+		if err := s.Destination.Validate(); err != nil {
+			invalidParams.AddNested("Destination", err.(request.ErrInvalidParams))
+		}
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetDestination sets the Destination field's value.
+func (s *StorageClassAnalysisDataExport) SetDestination(v *AnalyticsExportDestination) *StorageClassAnalysisDataExport {
+	s.Destination = v
+	return s
+}
+
+// SetOutputSchemaVersion sets the OutputSchemaVersion field's value.
+func (s *StorageClassAnalysisDataExport) SetOutputSchemaVersion(v string) *StorageClassAnalysisDataExport {
+	s.OutputSchemaVersion = &v
+	return s
+}
+
+// A container of a key value name pair.
+type Tag struct {
+	_ struct{} `type:"structure"`
+
+	// Name of the object key.
+	//
+	// Key is a required field
+	Key *string `min:"1" type:"string" required:"true"`
+
+	// Value of the tag.
+	//
+	// Value is a required field
+	Value *string `type:"string" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s Tag) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s Tag) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *Tag) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "Tag"}
+	if s.Key == nil {
+		invalidParams.Add(request.NewErrParamRequired("Key"))
+	}
+	if s.Key != nil && len(*s.Key) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Key", 1))
+	}
+	if s.Value == nil {
+		invalidParams.Add(request.NewErrParamRequired("Value"))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetKey sets the Key field's value.
+func (s *Tag) SetKey(v string) *Tag {
+	s.Key = &v
+	return s
+}
+
+// SetValue sets the Value field's value.
+func (s *Tag) SetValue(v string) *Tag {
+	s.Value = &v
+	return s
+}
+
+// Container for TagSet elements.
+type Tagging struct {
+	_ struct{} `type:"structure"`
+
+	// A collection for a set of tags
+	//
+	// TagSet is a required field
+	TagSet []*Tag `locationNameList:"Tag" type:"list" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s Tagging) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s Tagging) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *Tagging) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "Tagging"}
+	if s.TagSet == nil {
+		invalidParams.Add(request.NewErrParamRequired("TagSet"))
+	}
+	if s.TagSet != nil {
+		for i, v := range s.TagSet {
+			if v == nil {
+				continue
+			}
+			if err := v.Validate(); err != nil {
+				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "TagSet", i), err.(request.ErrInvalidParams))
+			}
+		}
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetTagSet sets the TagSet field's value.
+func (s *Tagging) SetTagSet(v []*Tag) *Tagging {
+	s.TagSet = v
+	return s
+}
+
+// Container for granting information.
+//
+// Buckets that use the bucket owner enforced setting for Object Ownership don't
+// support target grants. For more information, see Permissions server access
+// log delivery (https://docs.aws.amazon.com/AmazonS3/latest/userguide/enable-server-access-logging.html#grant-log-delivery-permissions-general)
+// in the Amazon S3 User Guide.
+type TargetGrant struct {
+	_ struct{} `type:"structure"`
+
+	// Container for the person being granted permissions.
+	Grantee *Grantee `type:"structure" xmlPrefix:"xsi" xmlURI:"http://www.w3.org/2001/XMLSchema-instance"`
+
+	// Logging permissions assigned to the grantee for the bucket.
+	Permission *string `type:"string" enum:"BucketLogsPermission"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s TargetGrant) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s TargetGrant) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *TargetGrant) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "TargetGrant"}
+	if s.Grantee != nil {
+		if err := s.Grantee.Validate(); err != nil {
+			invalidParams.AddNested("Grantee", err.(request.ErrInvalidParams))
+		}
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetGrantee sets the Grantee field's value.
+func (s *TargetGrant) SetGrantee(v *Grantee) *TargetGrant {
+	s.Grantee = v
+	return s
+}
+
+// SetPermission sets the Permission field's value.
+func (s *TargetGrant) SetPermission(v string) *TargetGrant {
+	s.Permission = &v
+	return s
+}
+
+// The S3 Intelligent-Tiering storage class is designed to optimize storage
+// costs by automatically moving data to the most cost-effective storage access
+// tier, without additional operational overhead.
+type Tiering struct {
+	_ struct{} `type:"structure"`
+
+	// S3 Intelligent-Tiering access tier. See Storage class for automatically optimizing
+	// frequently and infrequently accessed objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html#sc-dynamic-data-access)
+	// for a list of access tiers in the S3 Intelligent-Tiering storage class.
+	//
+	// AccessTier is a required field
+	AccessTier *string `type:"string" required:"true" enum:"IntelligentTieringAccessTier"`
+
+	// The number of consecutive days of no access after which an object will be
+	// eligible to be transitioned to the corresponding tier. The minimum number
+	// of days specified for Archive Access tier must be at least 90 days and Deep
+	// Archive Access tier must be at least 180 days. The maximum can be up to 2
+	// years (730 days).
+	//
+	// Days is a required field
+	Days *int64 `type:"integer" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s Tiering) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s Tiering) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *Tiering) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "Tiering"}
+	if s.AccessTier == nil {
+		invalidParams.Add(request.NewErrParamRequired("AccessTier"))
+	}
+	if s.Days == nil {
+		invalidParams.Add(request.NewErrParamRequired("Days"))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetAccessTier sets the AccessTier field's value.
+func (s *Tiering) SetAccessTier(v string) *Tiering {
+	s.AccessTier = &v
+	return s
+}
+
+// SetDays sets the Days field's value.
+func (s *Tiering) SetDays(v int64) *Tiering {
+	s.Days = &v
+	return s
+}
+
+// A container for specifying the configuration for publication of messages
+// to an Amazon Simple Notification Service (Amazon SNS) topic when Amazon S3
+// detects specified events.
+type TopicConfiguration struct {
+	_ struct{} `type:"structure"`
+
+	// The Amazon S3 bucket event about which to send notifications. For more information,
+	// see Supported Event Types (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html)
+	// in the Amazon S3 User Guide.
+	//
+	// Events is a required field
+	Events []*string `locationName:"Event" type:"list" flattened:"true" required:"true" enum:"Event"`
+
+	// Specifies object key name filtering rules. For information about key name
+	// filtering, see Configuring event notifications using object key name filtering
+	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/notification-how-to-filtering.html)
+	// in the Amazon S3 User Guide.
+	Filter *NotificationConfigurationFilter `type:"structure"`
+
+	// An optional unique identifier for configurations in a notification configuration.
+	// If you don't provide one, Amazon S3 will assign an ID.
+	Id *string `type:"string"`
+
+	// The Amazon Resource Name (ARN) of the Amazon SNS topic to which Amazon S3
+	// publishes a message when it detects events of the specified type.
+	//
+	// TopicArn is a required field
+	TopicArn *string `locationName:"Topic" type:"string" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s TopicConfiguration) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s TopicConfiguration) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *TopicConfiguration) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "TopicConfiguration"}
+	if s.Events == nil {
+		invalidParams.Add(request.NewErrParamRequired("Events"))
+	}
+	if s.TopicArn == nil {
+		invalidParams.Add(request.NewErrParamRequired("TopicArn"))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetEvents sets the Events field's value.
+func (s *TopicConfiguration) SetEvents(v []*string) *TopicConfiguration {
+	s.Events = v
+	return s
+}
+
+// SetFilter sets the Filter field's value.
+func (s *TopicConfiguration) SetFilter(v *NotificationConfigurationFilter) *TopicConfiguration {
+	s.Filter = v
+	return s
+}
+
+// SetId sets the Id field's value.
+func (s *TopicConfiguration) SetId(v string) *TopicConfiguration {
+	s.Id = &v
+	return s
+}
+
+// SetTopicArn sets the TopicArn field's value.
+func (s *TopicConfiguration) SetTopicArn(v string) *TopicConfiguration {
+	s.TopicArn = &v
+	return s
+}
+
+// A container for specifying the configuration for publication of messages
+// to an Amazon Simple Notification Service (Amazon SNS) topic when Amazon S3
+// detects specified events. This data type is deprecated. Use TopicConfiguration
+// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_TopicConfiguration.html)
+// instead.
+type TopicConfigurationDeprecated struct {
+	_ struct{} `type:"structure"`
+
+	// Bucket event for which to send notifications.
+	//
+	// Deprecated: Event has been deprecated
+	Event *string `deprecated:"true" type:"string" enum:"Event"`
+
+	// A collection of events related to objects
+	Events []*string `locationName:"Event" type:"list" flattened:"true" enum:"Event"`
+
+	// An optional unique identifier for configurations in a notification configuration.
+	// If you don't provide one, Amazon S3 will assign an ID.
+	Id *string `type:"string"`
+
+	// Amazon SNS topic to which Amazon S3 will publish a message to report the
+	// specified events for the bucket.
+	Topic *string `type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s TopicConfigurationDeprecated) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s TopicConfigurationDeprecated) GoString() string {
+	return s.String()
+}
+
+// SetEvent sets the Event field's value.
+func (s *TopicConfigurationDeprecated) SetEvent(v string) *TopicConfigurationDeprecated {
+	s.Event = &v
+	return s
+}
+
+// SetEvents sets the Events field's value.
+func (s *TopicConfigurationDeprecated) SetEvents(v []*string) *TopicConfigurationDeprecated {
+	s.Events = v
+	return s
+}
+
+// SetId sets the Id field's value.
+func (s *TopicConfigurationDeprecated) SetId(v string) *TopicConfigurationDeprecated {
+	s.Id = &v
+	return s
+}
+
+// SetTopic sets the Topic field's value.
+func (s *TopicConfigurationDeprecated) SetTopic(v string) *TopicConfigurationDeprecated {
+	s.Topic = &v
+	return s
+}
+
+// Specifies when an object transitions to a specified storage class. For more
+// information about Amazon S3 lifecycle configuration rules, see Transitioning
+// Objects Using Amazon S3 Lifecycle (https://docs.aws.amazon.com/AmazonS3/latest/dev/lifecycle-transition-general-considerations.html)
+// in the Amazon S3 User Guide.
+type Transition struct {
+	_ struct{} `type:"structure"`
+
+	// Indicates when objects are transitioned to the specified storage class. The
+	// date value must be in ISO 8601 format. The time is always midnight UTC.
+	Date *time.Time `type:"timestamp" timestampFormat:"iso8601"`
+
+	// Indicates the number of days after creation when objects are transitioned
+	// to the specified storage class. The value must be a positive integer.
+	Days *int64 `type:"integer"`
+
+	// The storage class to which you want the object to transition.
+	StorageClass *string `type:"string" enum:"TransitionStorageClass"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s Transition) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s Transition) GoString() string {
+	return s.String()
+}
+
+// SetDate sets the Date field's value.
+func (s *Transition) SetDate(v time.Time) *Transition {
+	s.Date = &v
+	return s
+}
+
+// SetDays sets the Days field's value.
+func (s *Transition) SetDays(v int64) *Transition {
+	s.Days = &v
+	return s
+}
+
+// SetStorageClass sets the StorageClass field's value.
+func (s *Transition) SetStorageClass(v string) *Transition {
+	s.StorageClass = &v
+	return s
+}
+
+type UploadPartCopyInput struct {
+	_ struct{} `locationName:"UploadPartCopyRequest" type:"structure"`
+
+	// The bucket name.
+	//
+	// When using this action with an access point, you must direct requests to
+	// the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com.
+	// When using this action with an access point through the Amazon Web Services
+	// SDKs, you provide the access point ARN in place of the bucket name. For more
+	// information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
+	// in the Amazon S3 User Guide.
+	//
+	// When you use this action with Amazon S3 on Outposts, you must direct requests
+	// to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form
+	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When
+	// you use this action with S3 on Outposts through the Amazon Web Services SDKs,
+	// you provide the Outposts access point ARN in place of the bucket name. For
+	// more information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
+	// in the Amazon S3 User Guide.
+	//
+	// Bucket is a required field
+	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
+
+	// Specifies the source object for the copy operation. You specify the value
+	// in one of two formats, depending on whether you want to access the source
+	// object through an access point (https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-points.html):
+	//
+	//    * For objects not accessed through an access point, specify the name of
+	//    the source bucket and key of the source object, separated by a slash (/).
+	//    For example, to copy the object reports/january.pdf from the bucket awsexamplebucket,
+	//    use awsexamplebucket/reports/january.pdf. The value must be URL-encoded.
+	//
+	//    * For objects accessed through access points, specify the Amazon Resource
+	//    Name (ARN) of the object as accessed through the access point, in the
+	//    format arn:aws:s3:<Region>:<account-id>:accesspoint/<access-point-name>/object/<key>.
+	//    For example, to copy the object reports/january.pdf through access point
+	//    my-access-point owned by account 123456789012 in Region us-west-2, use
+	//    the URL encoding of arn:aws:s3:us-west-2:123456789012:accesspoint/my-access-point/object/reports/january.pdf.
+	//    The value must be URL encoded. Amazon S3 supports copy operations using
+	//    access points only when the source and destination buckets are in the
+	//    same Amazon Web Services Region. Alternatively, for objects accessed through
+	//    Amazon S3 on Outposts, specify the ARN of the object as accessed in the
+	//    format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/object/<key>.
+	//    For example, to copy the object reports/january.pdf through outpost my-outpost
+	//    owned by account 123456789012 in Region us-west-2, use the URL encoding
+	//    of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/object/reports/january.pdf.
+	//    The value must be URL-encoded.
+	//
+	// To copy a specific version of an object, append ?versionId=<version-id> to
+	// the value (for example, awsexamplebucket/reports/january.pdf?versionId=QUpfdndhfd8438MNFDN93jdnJFkdmqnh893).
+	// If you don't specify a version ID, Amazon S3 copies the latest version of
+	// the source object.
+	//
+	// CopySource is a required field
+	CopySource *string `location:"header" locationName:"x-amz-copy-source" type:"string" required:"true"`
+
+	// Copies the object if its entity tag (ETag) matches the specified tag.
+	CopySourceIfMatch *string `location:"header" locationName:"x-amz-copy-source-if-match" type:"string"`
+
+	// Copies the object if it has been modified since the specified time.
+	CopySourceIfModifiedSince *time.Time `location:"header" locationName:"x-amz-copy-source-if-modified-since" type:"timestamp"`
+
+	// Copies the object if its entity tag (ETag) is different than the specified
+	// ETag.
+	CopySourceIfNoneMatch *string `location:"header" locationName:"x-amz-copy-source-if-none-match" type:"string"`
+
+	// Copies the object if it hasn't been modified since the specified time.
+	CopySourceIfUnmodifiedSince *time.Time `location:"header" locationName:"x-amz-copy-source-if-unmodified-since" type:"timestamp"`
+
+	// The range of bytes to copy from the source object. The range value must use
+	// the form bytes=first-last, where the first and last are the zero-based byte
+	// offsets to copy. For example, bytes=0-9 indicates that you want to copy the
+	// first 10 bytes of the source. You can copy a range only if the source object
+	// is greater than 5 MB.
+	CopySourceRange *string `location:"header" locationName:"x-amz-copy-source-range" type:"string"`
+
+	// Specifies the algorithm to use when decrypting the source object (for example,
+	// AES256).
+	CopySourceSSECustomerAlgorithm *string `location:"header" locationName:"x-amz-copy-source-server-side-encryption-customer-algorithm" type:"string"`
+
+	// Specifies the customer-provided encryption key for Amazon S3 to use to decrypt
+	// the source object. The encryption key provided in this header must be one
+	// that was used when the source object was created.
+	//
+	// CopySourceSSECustomerKey is a sensitive parameter and its value will be
+	// replaced with "sensitive" in string returned by UploadPartCopyInput's
+	// String and GoString methods.
+	CopySourceSSECustomerKey *string `marshal-as:"blob" location:"header" locationName:"x-amz-copy-source-server-side-encryption-customer-key" type:"string" sensitive:"true"`
+
+	// Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321.
+	// Amazon S3 uses this header for a message integrity check to ensure that the
+	// encryption key was transmitted without error.
+	CopySourceSSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-copy-source-server-side-encryption-customer-key-MD5" type:"string"`
+
+	// The account ID of the expected destination bucket owner. If the destination
+	// bucket is owned by a different account, the request fails with the HTTP status
+	// code 403 Forbidden (access denied).
+	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
+
+	// The account ID of the expected source bucket owner. If the source bucket
+	// is owned by a different account, the request fails with the HTTP status code
+	// 403 Forbidden (access denied).
+	ExpectedSourceBucketOwner *string `location:"header" locationName:"x-amz-source-expected-bucket-owner" type:"string"`
+
+	// Object key for which the multipart upload was initiated.
+	//
+	// Key is a required field
+	Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"`
+
+	// Part number of part being copied. This is a positive integer between 1 and
+	// 10,000.
+	//
+	// PartNumber is a required field
+	PartNumber *int64 `location:"querystring" locationName:"partNumber" type:"integer" required:"true"`
+
+	// Confirms that the requester knows that they will be charged for the request.
+	// Bucket owners need not specify this parameter in their requests. For information
+	// about downloading objects from Requester Pays buckets, see Downloading Objects
+	// in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
+	// in the Amazon S3 User Guide.
+	RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"`
+
+	// Specifies the algorithm to use to when encrypting the object (for example,
+	// AES256).
+	SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"`
+
+	// Specifies the customer-provided encryption key for Amazon S3 to use in encrypting
+	// data. This value is used to store the object and then it is discarded; Amazon
+	// S3 does not store the encryption key. The key must be appropriate for use
+	// with the algorithm specified in the x-amz-server-side-encryption-customer-algorithm
+	// header. This must be the same encryption key specified in the initiate multipart
+	// upload request.
+	//
+	// SSECustomerKey is a sensitive parameter and its value will be
+	// replaced with "sensitive" in string returned by UploadPartCopyInput's
+	// String and GoString methods.
+	SSECustomerKey *string `marshal-as:"blob" location:"header" locationName:"x-amz-server-side-encryption-customer-key" type:"string" sensitive:"true"`
+
+	// Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321.
+	// Amazon S3 uses this header for a message integrity check to ensure that the
+	// encryption key was transmitted without error.
+	SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"`
+
+	// Upload ID identifying the multipart upload whose part is being copied.
+	//
+	// UploadId is a required field
+	UploadId *string `location:"querystring" locationName:"uploadId" type:"string" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s UploadPartCopyInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s UploadPartCopyInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *UploadPartCopyInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "UploadPartCopyInput"}
+	if s.Bucket == nil {
+		invalidParams.Add(request.NewErrParamRequired("Bucket"))
+	}
+	if s.Bucket != nil && len(*s.Bucket) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+	}
+	if s.CopySource == nil {
+		invalidParams.Add(request.NewErrParamRequired("CopySource"))
+	}
+	if s.Key == nil {
+		invalidParams.Add(request.NewErrParamRequired("Key"))
+	}
+	if s.Key != nil && len(*s.Key) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Key", 1))
+	}
+	if s.PartNumber == nil {
+		invalidParams.Add(request.NewErrParamRequired("PartNumber"))
+	}
+	if s.UploadId == nil {
+		invalidParams.Add(request.NewErrParamRequired("UploadId"))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetBucket sets the Bucket field's value.
+func (s *UploadPartCopyInput) SetBucket(v string) *UploadPartCopyInput {
+	s.Bucket = &v
+	return s
+}
+
+func (s *UploadPartCopyInput) getBucket() (v string) {
+	if s.Bucket == nil {
+		return v
+	}
+	return *s.Bucket
+}
+
+// SetCopySource sets the CopySource field's value.
+func (s *UploadPartCopyInput) SetCopySource(v string) *UploadPartCopyInput {
+	s.CopySource = &v
+	return s
+}
+
+// SetCopySourceIfMatch sets the CopySourceIfMatch field's value.
+func (s *UploadPartCopyInput) SetCopySourceIfMatch(v string) *UploadPartCopyInput {
+	s.CopySourceIfMatch = &v
+	return s
+}
+
+// SetCopySourceIfModifiedSince sets the CopySourceIfModifiedSince field's value.
+func (s *UploadPartCopyInput) SetCopySourceIfModifiedSince(v time.Time) *UploadPartCopyInput {
+	s.CopySourceIfModifiedSince = &v
+	return s
+}
+
+// SetCopySourceIfNoneMatch sets the CopySourceIfNoneMatch field's value.
+func (s *UploadPartCopyInput) SetCopySourceIfNoneMatch(v string) *UploadPartCopyInput {
+	s.CopySourceIfNoneMatch = &v
+	return s
+}
+
+// SetCopySourceIfUnmodifiedSince sets the CopySourceIfUnmodifiedSince field's value.
+func (s *UploadPartCopyInput) SetCopySourceIfUnmodifiedSince(v time.Time) *UploadPartCopyInput {
+	s.CopySourceIfUnmodifiedSince = &v
+	return s
+}
+
+// SetCopySourceRange sets the CopySourceRange field's value.
+func (s *UploadPartCopyInput) SetCopySourceRange(v string) *UploadPartCopyInput {
+	s.CopySourceRange = &v
+	return s
+}
+
+// SetCopySourceSSECustomerAlgorithm sets the CopySourceSSECustomerAlgorithm field's value.
+func (s *UploadPartCopyInput) SetCopySourceSSECustomerAlgorithm(v string) *UploadPartCopyInput {
+	s.CopySourceSSECustomerAlgorithm = &v
+	return s
+}
+
+// SetCopySourceSSECustomerKey sets the CopySourceSSECustomerKey field's value.
+func (s *UploadPartCopyInput) SetCopySourceSSECustomerKey(v string) *UploadPartCopyInput {
+	s.CopySourceSSECustomerKey = &v
+	return s
+}
+
+func (s *UploadPartCopyInput) getCopySourceSSECustomerKey() (v string) {
+	if s.CopySourceSSECustomerKey == nil {
+		return v
+	}
+	return *s.CopySourceSSECustomerKey
+}
+
+// SetCopySourceSSECustomerKeyMD5 sets the CopySourceSSECustomerKeyMD5 field's value.
+func (s *UploadPartCopyInput) SetCopySourceSSECustomerKeyMD5(v string) *UploadPartCopyInput {
+	s.CopySourceSSECustomerKeyMD5 = &v
+	return s
+}
+
+// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
+func (s *UploadPartCopyInput) SetExpectedBucketOwner(v string) *UploadPartCopyInput {
+	s.ExpectedBucketOwner = &v
+	return s
+}
+
+// SetExpectedSourceBucketOwner sets the ExpectedSourceBucketOwner field's value.
+func (s *UploadPartCopyInput) SetExpectedSourceBucketOwner(v string) *UploadPartCopyInput {
+	s.ExpectedSourceBucketOwner = &v
+	return s
+}
+
+// SetKey sets the Key field's value.
+func (s *UploadPartCopyInput) SetKey(v string) *UploadPartCopyInput {
+	s.Key = &v
+	return s
+}
+
+// SetPartNumber sets the PartNumber field's value.
+func (s *UploadPartCopyInput) SetPartNumber(v int64) *UploadPartCopyInput {
+	s.PartNumber = &v
+	return s
+}
+
+// SetRequestPayer sets the RequestPayer field's value.
+func (s *UploadPartCopyInput) SetRequestPayer(v string) *UploadPartCopyInput {
+	s.RequestPayer = &v
+	return s
+}
+
+// SetSSECustomerAlgorithm sets the SSECustomerAlgorithm field's value.
+func (s *UploadPartCopyInput) SetSSECustomerAlgorithm(v string) *UploadPartCopyInput {
+	s.SSECustomerAlgorithm = &v
+	return s
+}
+
+// SetSSECustomerKey sets the SSECustomerKey field's value.
+func (s *UploadPartCopyInput) SetSSECustomerKey(v string) *UploadPartCopyInput {
+	s.SSECustomerKey = &v
+	return s
+}
+
+func (s *UploadPartCopyInput) getSSECustomerKey() (v string) {
+	if s.SSECustomerKey == nil {
+		return v
+	}
+	return *s.SSECustomerKey
+}
+
+// SetSSECustomerKeyMD5 sets the SSECustomerKeyMD5 field's value.
+func (s *UploadPartCopyInput) SetSSECustomerKeyMD5(v string) *UploadPartCopyInput {
+	s.SSECustomerKeyMD5 = &v
+	return s
+}
+
+// SetUploadId sets the UploadId field's value.
+func (s *UploadPartCopyInput) SetUploadId(v string) *UploadPartCopyInput {
+	s.UploadId = &v
+	return s
+}
+
+func (s *UploadPartCopyInput) getEndpointARN() (arn.Resource, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	return parseEndpointARN(*s.Bucket)
+}
+
+func (s *UploadPartCopyInput) hasEndpointARN() bool {
+	if s.Bucket == nil {
+		return false
+	}
+	return arn.IsARN(*s.Bucket)
+}
+
+// updateArnableField updates the value of the input field that
+// takes an ARN as an input. This method is useful to backfill
+// the parsed resource name from ARN into the input member.
+// It returns a pointer to a modified copy of input and an error.
+// Note that original input is not modified.
+func (s UploadPartCopyInput) updateArnableField(v string) (interface{}, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	s.Bucket = aws.String(v)
+	return &s, nil
+}
+
+type UploadPartCopyOutput struct {
+	_ struct{} `type:"structure" payload:"CopyPartResult"`
+
+	// Indicates whether the multipart upload uses an S3 Bucket Key for server-side
+	// encryption with Key Management Service (KMS) keys (SSE-KMS).
+	BucketKeyEnabled *bool `location:"header" locationName:"x-amz-server-side-encryption-bucket-key-enabled" type:"boolean"`
+
+	// Container for all response elements.
+	CopyPartResult *CopyPartResult `type:"structure"`
+
+	// The version of the source object that was copied, if you have enabled versioning
+	// on the source bucket.
+	CopySourceVersionId *string `location:"header" locationName:"x-amz-copy-source-version-id" type:"string"`
+
+	// If present, indicates that the requester was successfully charged for the
+	// request.
+	RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"`
+
+	// If server-side encryption with a customer-provided encryption key was requested,
+	// the response will include this header confirming the encryption algorithm
+	// used.
+	SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"`
+
+	// If server-side encryption with a customer-provided encryption key was requested,
+	// the response will include this header to provide round-trip message integrity
+	// verification of the customer-provided encryption key.
+	SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"`
+
+	// If present, specifies the ID of the Key Management Service (KMS) symmetric
+	// encryption customer managed key that was used for the object.
+	//
+	// SSEKMSKeyId is a sensitive parameter and its value will be
+	// replaced with "sensitive" in string returned by UploadPartCopyOutput's
+	// String and GoString methods.
+	SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"`
+
+	// The server-side encryption algorithm used when storing this object in Amazon
+	// S3 (for example, AES256, aws:kms).
+	ServerSideEncryption *string `location:"header" locationName:"x-amz-server-side-encryption" type:"string" enum:"ServerSideEncryption"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s UploadPartCopyOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s UploadPartCopyOutput) GoString() string {
+	return s.String()
+}
+
+// SetBucketKeyEnabled sets the BucketKeyEnabled field's value.
+func (s *UploadPartCopyOutput) SetBucketKeyEnabled(v bool) *UploadPartCopyOutput {
+	s.BucketKeyEnabled = &v
+	return s
+}
+
+// SetCopyPartResult sets the CopyPartResult field's value.
+func (s *UploadPartCopyOutput) SetCopyPartResult(v *CopyPartResult) *UploadPartCopyOutput {
+	s.CopyPartResult = v
+	return s
+}
+
+// SetCopySourceVersionId sets the CopySourceVersionId field's value.
+func (s *UploadPartCopyOutput) SetCopySourceVersionId(v string) *UploadPartCopyOutput {
+	s.CopySourceVersionId = &v
+	return s
+}
+
+// SetRequestCharged sets the RequestCharged field's value.
+func (s *UploadPartCopyOutput) SetRequestCharged(v string) *UploadPartCopyOutput {
+	s.RequestCharged = &v
+	return s
+}
+
+// SetSSECustomerAlgorithm sets the SSECustomerAlgorithm field's value.
+func (s *UploadPartCopyOutput) SetSSECustomerAlgorithm(v string) *UploadPartCopyOutput {
+	s.SSECustomerAlgorithm = &v
+	return s
+}
+
+// SetSSECustomerKeyMD5 sets the SSECustomerKeyMD5 field's value.
+func (s *UploadPartCopyOutput) SetSSECustomerKeyMD5(v string) *UploadPartCopyOutput {
+	s.SSECustomerKeyMD5 = &v
+	return s
+}
+
+// SetSSEKMSKeyId sets the SSEKMSKeyId field's value.
+func (s *UploadPartCopyOutput) SetSSEKMSKeyId(v string) *UploadPartCopyOutput {
+	s.SSEKMSKeyId = &v
+	return s
+}
+
+// SetServerSideEncryption sets the ServerSideEncryption field's value.
+func (s *UploadPartCopyOutput) SetServerSideEncryption(v string) *UploadPartCopyOutput {
+	s.ServerSideEncryption = &v
+	return s
+}
+
+type UploadPartInput struct {
+	_ struct{} `locationName:"UploadPartRequest" type:"structure" payload:"Body"`
+
+	// Object data.
+	Body io.ReadSeeker `type:"blob"`
+
+	// The name of the bucket to which the multipart upload was initiated.
+	//
+	// When using this action with an access point, you must direct requests to
+	// the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com.
+	// When using this action with an access point through the Amazon Web Services
+	// SDKs, you provide the access point ARN in place of the bucket name. For more
+	// information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
+	// in the Amazon S3 User Guide.
+	//
+	// When you use this action with Amazon S3 on Outposts, you must direct requests
+	// to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form
+	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When
+	// you use this action with S3 on Outposts through the Amazon Web Services SDKs,
+	// you provide the Outposts access point ARN in place of the bucket name. For
+	// more information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
+	// in the Amazon S3 User Guide.
+	//
+	// Bucket is a required field
+	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
+
+	// Indicates the algorithm used to create the checksum for the object when using
+	// the SDK. This header will not provide any additional functionality if not
+	// using the SDK. When sending this header, there must be a corresponding x-amz-checksum
+	// or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with
+	// the HTTP status code 400 Bad Request. For more information, see Checking
+	// object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// in the Amazon S3 User Guide.
+	//
+	// If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm
+	// parameter.
+	//
+	// This checksum algorithm must be the same for all parts and it match the checksum
+	// value supplied in the CreateMultipartUpload request.
+	//
+	// The AWS SDK for Go v1 does not support automatic computing request payload
+	// checksum. This feature is available in the AWS SDK for Go v2. If a value
+	// is specified for this parameter, the matching algorithm's checksum member
+	// must be populated with the algorithm's checksum of the request payload.
+	ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"`
+
+	// This header can be used as a data integrity check to verify that the data
+	// received is the same data that was originally sent. This header specifies
+	// the base64-encoded, 32-bit CRC32 checksum of the object. For more information,
+	// see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// in the Amazon S3 User Guide.
+	ChecksumCRC32 *string `location:"header" locationName:"x-amz-checksum-crc32" type:"string"`
+
+	// This header can be used as a data integrity check to verify that the data
+	// received is the same data that was originally sent. This header specifies
+	// the base64-encoded, 32-bit CRC32C checksum of the object. For more information,
+	// see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// in the Amazon S3 User Guide.
+	ChecksumCRC32C *string `location:"header" locationName:"x-amz-checksum-crc32c" type:"string"`
+
+	// This header can be used as a data integrity check to verify that the data
+	// received is the same data that was originally sent. This header specifies
+	// the base64-encoded, 160-bit SHA-1 digest of the object. For more information,
+	// see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// in the Amazon S3 User Guide.
+	ChecksumSHA1 *string `location:"header" locationName:"x-amz-checksum-sha1" type:"string"`
+
+	// This header can be used as a data integrity check to verify that the data
+	// received is the same data that was originally sent. This header specifies
+	// the base64-encoded, 256-bit SHA-256 digest of the object. For more information,
+	// see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// in the Amazon S3 User Guide.
+	ChecksumSHA256 *string `location:"header" locationName:"x-amz-checksum-sha256" type:"string"`
+
+	// Size of the body in bytes. This parameter is useful when the size of the
+	// body cannot be determined automatically.
+	ContentLength *int64 `location:"header" locationName:"Content-Length" type:"long"`
+
+	// The base64-encoded 128-bit MD5 digest of the part data. This parameter is
+	// auto-populated when using the command from the CLI. This parameter is required
+	// if object lock parameters are specified.
+	ContentMD5 *string `location:"header" locationName:"Content-MD5" type:"string"`
+
+	// The account ID of the expected bucket owner. If the bucket is owned by a
+	// different account, the request fails with the HTTP status code 403 Forbidden
+	// (access denied).
+	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
+
+	// Object key for which the multipart upload was initiated.
+	//
+	// Key is a required field
+	Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"`
+
+	// Part number of part being uploaded. This is a positive integer between 1
+	// and 10,000.
+	//
+	// PartNumber is a required field
+	PartNumber *int64 `location:"querystring" locationName:"partNumber" type:"integer" required:"true"`
+
+	// Confirms that the requester knows that they will be charged for the request.
+	// Bucket owners need not specify this parameter in their requests. For information
+	// about downloading objects from Requester Pays buckets, see Downloading Objects
+	// in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
+	// in the Amazon S3 User Guide.
+	RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"`
+
+	// Specifies the algorithm to use to when encrypting the object (for example,
+	// AES256).
+	SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"`
+
+	// Specifies the customer-provided encryption key for Amazon S3 to use in encrypting
+	// data. This value is used to store the object and then it is discarded; Amazon
+	// S3 does not store the encryption key. The key must be appropriate for use
+	// with the algorithm specified in the x-amz-server-side-encryption-customer-algorithm
+	// header. This must be the same encryption key specified in the initiate multipart
+	// upload request.
+	//
+	// SSECustomerKey is a sensitive parameter and its value will be
+	// replaced with "sensitive" in string returned by UploadPartInput's
+	// String and GoString methods.
+	SSECustomerKey *string `marshal-as:"blob" location:"header" locationName:"x-amz-server-side-encryption-customer-key" type:"string" sensitive:"true"`
+
+	// Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321.
+	// Amazon S3 uses this header for a message integrity check to ensure that the
+	// encryption key was transmitted without error.
+	SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"`
+
+	// Upload ID identifying the multipart upload whose part is being uploaded.
+	//
+	// UploadId is a required field
+	UploadId *string `location:"querystring" locationName:"uploadId" type:"string" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s UploadPartInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s UploadPartInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *UploadPartInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "UploadPartInput"}
+	if s.Bucket == nil {
+		invalidParams.Add(request.NewErrParamRequired("Bucket"))
+	}
+	if s.Bucket != nil && len(*s.Bucket) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
+	}
+	if s.Key == nil {
+		invalidParams.Add(request.NewErrParamRequired("Key"))
+	}
+	if s.Key != nil && len(*s.Key) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Key", 1))
+	}
+	if s.PartNumber == nil {
+		invalidParams.Add(request.NewErrParamRequired("PartNumber"))
+	}
+	if s.UploadId == nil {
+		invalidParams.Add(request.NewErrParamRequired("UploadId"))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetBody sets the Body field's value.
+func (s *UploadPartInput) SetBody(v io.ReadSeeker) *UploadPartInput {
+	s.Body = v
+	return s
+}
+
+// SetBucket sets the Bucket field's value.
+func (s *UploadPartInput) SetBucket(v string) *UploadPartInput {
+	s.Bucket = &v
+	return s
+}
+
+func (s *UploadPartInput) getBucket() (v string) {
+	if s.Bucket == nil {
+		return v
+	}
+	return *s.Bucket
+}
+
+// SetChecksumAlgorithm sets the ChecksumAlgorithm field's value.
+func (s *UploadPartInput) SetChecksumAlgorithm(v string) *UploadPartInput {
+	s.ChecksumAlgorithm = &v
+	return s
+}
+
+// SetChecksumCRC32 sets the ChecksumCRC32 field's value.
+func (s *UploadPartInput) SetChecksumCRC32(v string) *UploadPartInput {
+	s.ChecksumCRC32 = &v
+	return s
+}
+
+// SetChecksumCRC32C sets the ChecksumCRC32C field's value.
+func (s *UploadPartInput) SetChecksumCRC32C(v string) *UploadPartInput {
+	s.ChecksumCRC32C = &v
+	return s
+}
+
+// SetChecksumSHA1 sets the ChecksumSHA1 field's value.
+func (s *UploadPartInput) SetChecksumSHA1(v string) *UploadPartInput {
+	s.ChecksumSHA1 = &v
+	return s
+}
+
+// SetChecksumSHA256 sets the ChecksumSHA256 field's value.
+func (s *UploadPartInput) SetChecksumSHA256(v string) *UploadPartInput {
+	s.ChecksumSHA256 = &v
+	return s
+}
+
+// SetContentLength sets the ContentLength field's value.
+func (s *UploadPartInput) SetContentLength(v int64) *UploadPartInput {
+	s.ContentLength = &v
+	return s
+}
+
+// SetContentMD5 sets the ContentMD5 field's value.
+func (s *UploadPartInput) SetContentMD5(v string) *UploadPartInput {
+	s.ContentMD5 = &v
+	return s
+}
+
+// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
+func (s *UploadPartInput) SetExpectedBucketOwner(v string) *UploadPartInput {
+	s.ExpectedBucketOwner = &v
+	return s
+}
+
+// SetKey sets the Key field's value.
+func (s *UploadPartInput) SetKey(v string) *UploadPartInput {
+	s.Key = &v
+	return s
+}
+
+// SetPartNumber sets the PartNumber field's value.
+func (s *UploadPartInput) SetPartNumber(v int64) *UploadPartInput {
+	s.PartNumber = &v
+	return s
+}
+
+// SetRequestPayer sets the RequestPayer field's value.
+func (s *UploadPartInput) SetRequestPayer(v string) *UploadPartInput {
+	s.RequestPayer = &v
+	return s
+}
+
+// SetSSECustomerAlgorithm sets the SSECustomerAlgorithm field's value.
+func (s *UploadPartInput) SetSSECustomerAlgorithm(v string) *UploadPartInput {
+	s.SSECustomerAlgorithm = &v
+	return s
+}
+
+// SetSSECustomerKey sets the SSECustomerKey field's value.
+func (s *UploadPartInput) SetSSECustomerKey(v string) *UploadPartInput {
+	s.SSECustomerKey = &v
+	return s
+}
+
+func (s *UploadPartInput) getSSECustomerKey() (v string) {
+	if s.SSECustomerKey == nil {
+		return v
+	}
+	return *s.SSECustomerKey
+}
+
+// SetSSECustomerKeyMD5 sets the SSECustomerKeyMD5 field's value.
+func (s *UploadPartInput) SetSSECustomerKeyMD5(v string) *UploadPartInput {
+	s.SSECustomerKeyMD5 = &v
+	return s
+}
+
+// SetUploadId sets the UploadId field's value.
+func (s *UploadPartInput) SetUploadId(v string) *UploadPartInput {
+	s.UploadId = &v
+	return s
+}
+
+func (s *UploadPartInput) getEndpointARN() (arn.Resource, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	return parseEndpointARN(*s.Bucket)
+}
+
+func (s *UploadPartInput) hasEndpointARN() bool {
+	if s.Bucket == nil {
+		return false
+	}
+	return arn.IsARN(*s.Bucket)
+}
+
+// updateArnableField updates the value of the input field that
+// takes an ARN as an input. This method is useful to backfill
+// the parsed resource name from ARN into the input member.
+// It returns a pointer to a modified copy of input and an error.
+// Note that original input is not modified.
+func (s UploadPartInput) updateArnableField(v string) (interface{}, error) {
+	if s.Bucket == nil {
+		return nil, fmt.Errorf("member Bucket is nil")
+	}
+	s.Bucket = aws.String(v)
+	return &s, nil
+}
+
+type UploadPartOutput struct {
+	_ struct{} `type:"structure"`
+
+	// Indicates whether the multipart upload uses an S3 Bucket Key for server-side
+	// encryption with Key Management Service (KMS) keys (SSE-KMS).
+	BucketKeyEnabled *bool `location:"header" locationName:"x-amz-server-side-encryption-bucket-key-enabled" type:"boolean"`
+
+	// The base64-encoded, 32-bit CRC32 checksum of the object. This will only be
+	// present if it was uploaded with the object. With multipart uploads, this
+	// may not be a checksum value of the object. For more information about how
+	// checksums are calculated with multipart uploads, see Checking object integrity
+	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// in the Amazon S3 User Guide.
+	ChecksumCRC32 *string `location:"header" locationName:"x-amz-checksum-crc32" type:"string"`
+
+	// The base64-encoded, 32-bit CRC32C checksum of the object. This will only
+	// be present if it was uploaded with the object. With multipart uploads, this
+	// may not be a checksum value of the object. For more information about how
+	// checksums are calculated with multipart uploads, see Checking object integrity
+	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// in the Amazon S3 User Guide.
+	ChecksumCRC32C *string `location:"header" locationName:"x-amz-checksum-crc32c" type:"string"`
+
+	// The base64-encoded, 160-bit SHA-1 digest of the object. This will only be
+	// present if it was uploaded with the object. With multipart uploads, this
+	// may not be a checksum value of the object. For more information about how
+	// checksums are calculated with multipart uploads, see Checking object integrity
+	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// in the Amazon S3 User Guide.
+	ChecksumSHA1 *string `location:"header" locationName:"x-amz-checksum-sha1" type:"string"`
+
+	// The base64-encoded, 256-bit SHA-256 digest of the object. This will only
+	// be present if it was uploaded with the object. With multipart uploads, this
+	// may not be a checksum value of the object. For more information about how
+	// checksums are calculated with multipart uploads, see Checking object integrity
+	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// in the Amazon S3 User Guide.
+	ChecksumSHA256 *string `location:"header" locationName:"x-amz-checksum-sha256" type:"string"`
+
+	// Entity tag for the uploaded object.
+	ETag *string `location:"header" locationName:"ETag" type:"string"`
+
+	// If present, indicates that the requester was successfully charged for the
+	// request.
+	RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"`
+
+	// If server-side encryption with a customer-provided encryption key was requested,
+	// the response will include this header confirming the encryption algorithm
+	// used.
+	SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"`
+
+	// If server-side encryption with a customer-provided encryption key was requested,
+	// the response will include this header to provide round-trip message integrity
+	// verification of the customer-provided encryption key.
+	SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"`
+
+	// If present, specifies the ID of the Key Management Service (KMS) symmetric
+	// encryption customer managed key was used for the object.
+	//
+	// SSEKMSKeyId is a sensitive parameter and its value will be
+	// replaced with "sensitive" in string returned by UploadPartOutput's
+	// String and GoString methods.
+	SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"`
+
+	// The server-side encryption algorithm used when storing this object in Amazon
+	// S3 (for example, AES256, aws:kms).
+	ServerSideEncryption *string `location:"header" locationName:"x-amz-server-side-encryption" type:"string" enum:"ServerSideEncryption"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s UploadPartOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s UploadPartOutput) GoString() string {
+	return s.String()
+}
+
+// SetBucketKeyEnabled sets the BucketKeyEnabled field's value.
+func (s *UploadPartOutput) SetBucketKeyEnabled(v bool) *UploadPartOutput {
+	s.BucketKeyEnabled = &v
+	return s
+}
+
+// SetChecksumCRC32 sets the ChecksumCRC32 field's value.
+func (s *UploadPartOutput) SetChecksumCRC32(v string) *UploadPartOutput {
+	s.ChecksumCRC32 = &v
+	return s
+}
+
+// SetChecksumCRC32C sets the ChecksumCRC32C field's value.
+func (s *UploadPartOutput) SetChecksumCRC32C(v string) *UploadPartOutput {
+	s.ChecksumCRC32C = &v
+	return s
+}
+
+// SetChecksumSHA1 sets the ChecksumSHA1 field's value.
+func (s *UploadPartOutput) SetChecksumSHA1(v string) *UploadPartOutput {
+	s.ChecksumSHA1 = &v
+	return s
+}
+
+// SetChecksumSHA256 sets the ChecksumSHA256 field's value.
+func (s *UploadPartOutput) SetChecksumSHA256(v string) *UploadPartOutput {
+	s.ChecksumSHA256 = &v
+	return s
+}
+
+// SetETag sets the ETag field's value.
+func (s *UploadPartOutput) SetETag(v string) *UploadPartOutput {
+	s.ETag = &v
+	return s
+}
+
+// SetRequestCharged sets the RequestCharged field's value.
+func (s *UploadPartOutput) SetRequestCharged(v string) *UploadPartOutput {
+	s.RequestCharged = &v
+	return s
+}
+
+// SetSSECustomerAlgorithm sets the SSECustomerAlgorithm field's value.
+func (s *UploadPartOutput) SetSSECustomerAlgorithm(v string) *UploadPartOutput {
+	s.SSECustomerAlgorithm = &v
+	return s
+}
+
+// SetSSECustomerKeyMD5 sets the SSECustomerKeyMD5 field's value.
+func (s *UploadPartOutput) SetSSECustomerKeyMD5(v string) *UploadPartOutput {
+	s.SSECustomerKeyMD5 = &v
+	return s
+}
+
+// SetSSEKMSKeyId sets the SSEKMSKeyId field's value.
+func (s *UploadPartOutput) SetSSEKMSKeyId(v string) *UploadPartOutput {
+	s.SSEKMSKeyId = &v
+	return s
+}
+
+// SetServerSideEncryption sets the ServerSideEncryption field's value.
+func (s *UploadPartOutput) SetServerSideEncryption(v string) *UploadPartOutput {
+	s.ServerSideEncryption = &v
+	return s
+}
+
+// Describes the versioning state of an Amazon S3 bucket. For more information,
+// see PUT Bucket versioning (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTVersioningStatus.html)
+// in the Amazon S3 API Reference.
+type VersioningConfiguration struct {
+	_ struct{} `type:"structure"`
+
+	// Specifies whether MFA delete is enabled in the bucket versioning configuration.
+	// This element is only returned if the bucket has been configured with MFA
+	// delete. If the bucket has never been so configured, this element is not returned.
+	MFADelete *string `locationName:"MfaDelete" type:"string" enum:"MFADelete"`
+
+	// The versioning state of the bucket.
+	Status *string `type:"string" enum:"BucketVersioningStatus"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s VersioningConfiguration) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s VersioningConfiguration) GoString() string {
+	return s.String()
+}
+
+// SetMFADelete sets the MFADelete field's value.
+func (s *VersioningConfiguration) SetMFADelete(v string) *VersioningConfiguration {
+	s.MFADelete = &v
+	return s
+}
+
+// SetStatus sets the Status field's value.
+func (s *VersioningConfiguration) SetStatus(v string) *VersioningConfiguration {
+	s.Status = &v
+	return s
+}
+
+// Specifies website configuration parameters for an Amazon S3 bucket.
+type WebsiteConfiguration struct {
+	_ struct{} `type:"structure"`
+
+	// The name of the error document for the website.
+	ErrorDocument *ErrorDocument `type:"structure"`
+
+	// The name of the index document for the website.
+	IndexDocument *IndexDocument `type:"structure"`
+
+	// The redirect behavior for every request to this bucket's website endpoint.
+	//
+	// If you specify this property, you can't specify any other property.
+	RedirectAllRequestsTo *RedirectAllRequestsTo `type:"structure"`
+
+	// Rules that define when a redirect is applied and the redirect behavior.
+	RoutingRules []*RoutingRule `locationNameList:"RoutingRule" type:"list"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s WebsiteConfiguration) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s WebsiteConfiguration) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *WebsiteConfiguration) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "WebsiteConfiguration"}
+	if s.ErrorDocument != nil {
+		if err := s.ErrorDocument.Validate(); err != nil {
+			invalidParams.AddNested("ErrorDocument", err.(request.ErrInvalidParams))
+		}
+	}
+	if s.IndexDocument != nil {
+		if err := s.IndexDocument.Validate(); err != nil {
+			invalidParams.AddNested("IndexDocument", err.(request.ErrInvalidParams))
+		}
+	}
+	if s.RedirectAllRequestsTo != nil {
+		if err := s.RedirectAllRequestsTo.Validate(); err != nil {
+			invalidParams.AddNested("RedirectAllRequestsTo", err.(request.ErrInvalidParams))
+		}
+	}
+	if s.RoutingRules != nil {
+		for i, v := range s.RoutingRules {
+			if v == nil {
+				continue
+			}
+			if err := v.Validate(); err != nil {
+				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "RoutingRules", i), err.(request.ErrInvalidParams))
+			}
+		}
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetErrorDocument sets the ErrorDocument field's value.
+func (s *WebsiteConfiguration) SetErrorDocument(v *ErrorDocument) *WebsiteConfiguration {
+	s.ErrorDocument = v
+	return s
+}
+
+// SetIndexDocument sets the IndexDocument field's value.
+func (s *WebsiteConfiguration) SetIndexDocument(v *IndexDocument) *WebsiteConfiguration {
+	s.IndexDocument = v
+	return s
+}
+
+// SetRedirectAllRequestsTo sets the RedirectAllRequestsTo field's value.
+func (s *WebsiteConfiguration) SetRedirectAllRequestsTo(v *RedirectAllRequestsTo) *WebsiteConfiguration {
+	s.RedirectAllRequestsTo = v
+	return s
+}
+
+// SetRoutingRules sets the RoutingRules field's value.
+func (s *WebsiteConfiguration) SetRoutingRules(v []*RoutingRule) *WebsiteConfiguration {
+	s.RoutingRules = v
+	return s
+}
+
+type WriteGetObjectResponseInput struct {
+	_ struct{} `locationName:"WriteGetObjectResponseRequest" type:"structure" payload:"Body"`
+
+	// Indicates that a range of bytes was specified.
+	AcceptRanges *string `location:"header" locationName:"x-amz-fwd-header-accept-ranges" type:"string"`
+
+	// The object data.
+	//
+	// To use an non-seekable io.Reader for this request wrap the io.Reader with
+	// "aws.ReadSeekCloser". The SDK will not retry request errors for non-seekable
+	// readers. This will allow the SDK to send the reader's payload as chunked
+	// transfer encoding.
+	Body io.ReadSeeker `type:"blob"`
+
+	// Indicates whether the object stored in Amazon S3 uses an S3 bucket key for
+	// server-side encryption with Amazon Web Services KMS (SSE-KMS).
+	BucketKeyEnabled *bool `location:"header" locationName:"x-amz-fwd-header-x-amz-server-side-encryption-bucket-key-enabled" type:"boolean"`
+
+	// Specifies caching behavior along the request/reply chain.
+	CacheControl *string `location:"header" locationName:"x-amz-fwd-header-Cache-Control" type:"string"`
+
+	// This header can be used as a data integrity check to verify that the data
+	// received is the same data that was originally sent. This specifies the base64-encoded,
+	// 32-bit CRC32 checksum of the object returned by the Object Lambda function.
+	// This may not match the checksum for the object stored in Amazon S3. Amazon
+	// S3 will perform validation of the checksum values only when the original
+	// GetObject request required checksum validation. For more information about
+	// checksums, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// in the Amazon S3 User Guide.
+	//
+	// Only one checksum header can be specified at a time. If you supply multiple
+	// checksum headers, this request will fail.
+	ChecksumCRC32 *string `location:"header" locationName:"x-amz-fwd-header-x-amz-checksum-crc32" type:"string"`
+
+	// This header can be used as a data integrity check to verify that the data
+	// received is the same data that was originally sent. This specifies the base64-encoded,
+	// 32-bit CRC32C checksum of the object returned by the Object Lambda function.
+	// This may not match the checksum for the object stored in Amazon S3. Amazon
+	// S3 will perform validation of the checksum values only when the original
+	// GetObject request required checksum validation. For more information about
+	// checksums, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// in the Amazon S3 User Guide.
+	//
+	// Only one checksum header can be specified at a time. If you supply multiple
+	// checksum headers, this request will fail.
+	ChecksumCRC32C *string `location:"header" locationName:"x-amz-fwd-header-x-amz-checksum-crc32c" type:"string"`
+
+	// This header can be used as a data integrity check to verify that the data
+	// received is the same data that was originally sent. This specifies the base64-encoded,
+	// 160-bit SHA-1 digest of the object returned by the Object Lambda function.
+	// This may not match the checksum for the object stored in Amazon S3. Amazon
+	// S3 will perform validation of the checksum values only when the original
+	// GetObject request required checksum validation. For more information about
+	// checksums, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// in the Amazon S3 User Guide.
+	//
+	// Only one checksum header can be specified at a time. If you supply multiple
+	// checksum headers, this request will fail.
+	ChecksumSHA1 *string `location:"header" locationName:"x-amz-fwd-header-x-amz-checksum-sha1" type:"string"`
+
+	// This header can be used as a data integrity check to verify that the data
+	// received is the same data that was originally sent. This specifies the base64-encoded,
+	// 256-bit SHA-256 digest of the object returned by the Object Lambda function.
+	// This may not match the checksum for the object stored in Amazon S3. Amazon
+	// S3 will perform validation of the checksum values only when the original
+	// GetObject request required checksum validation. For more information about
+	// checksums, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// in the Amazon S3 User Guide.
+	//
+	// Only one checksum header can be specified at a time. If you supply multiple
+	// checksum headers, this request will fail.
+	ChecksumSHA256 *string `location:"header" locationName:"x-amz-fwd-header-x-amz-checksum-sha256" type:"string"`
+
+	// Specifies presentational information for the object.
+	ContentDisposition *string `location:"header" locationName:"x-amz-fwd-header-Content-Disposition" type:"string"`
+
+	// Specifies what content encodings have been applied to the object and thus
+	// what decoding mechanisms must be applied to obtain the media-type referenced
+	// by the Content-Type header field.
+	ContentEncoding *string `location:"header" locationName:"x-amz-fwd-header-Content-Encoding" type:"string"`
+
+	// The language the content is in.
+	ContentLanguage *string `location:"header" locationName:"x-amz-fwd-header-Content-Language" type:"string"`
+
+	// The size of the content body in bytes.
+	ContentLength *int64 `location:"header" locationName:"Content-Length" type:"long"`
+
+	// The portion of the object returned in the response.
+	ContentRange *string `location:"header" locationName:"x-amz-fwd-header-Content-Range" type:"string"`
+
+	// A standard MIME type describing the format of the object data.
+	ContentType *string `location:"header" locationName:"x-amz-fwd-header-Content-Type" type:"string"`
+
+	// Specifies whether an object stored in Amazon S3 is (true) or is not (false)
+	// a delete marker.
+	DeleteMarker *bool `location:"header" locationName:"x-amz-fwd-header-x-amz-delete-marker" type:"boolean"`
+
+	// An opaque identifier assigned by a web server to a specific version of a
+	// resource found at a URL.
+	ETag *string `location:"header" locationName:"x-amz-fwd-header-ETag" type:"string"`
+
+	// A string that uniquely identifies an error condition. Returned in the <Code>
+	// tag of the error XML response for a corresponding GetObject call. Cannot
+	// be used with a successful StatusCode header or when the transformed object
+	// is provided in the body. All error codes from S3 are sentence-cased. The
+	// regular expression (regex) value is "^[A-Z][a-zA-Z]+$".
+	ErrorCode *string `location:"header" locationName:"x-amz-fwd-error-code" type:"string"`
+
+	// Contains a generic description of the error condition. Returned in the <Message>
+	// tag of the error XML response for a corresponding GetObject call. Cannot
+	// be used with a successful StatusCode header or when the transformed object
+	// is provided in body.
+	ErrorMessage *string `location:"header" locationName:"x-amz-fwd-error-message" type:"string"`
+
+	// If the object expiration is configured (see PUT Bucket lifecycle), the response
+	// includes this header. It includes the expiry-date and rule-id key-value pairs
+	// that provide the object expiration information. The value of the rule-id
+	// is URL-encoded.
+	Expiration *string `location:"header" locationName:"x-amz-fwd-header-x-amz-expiration" type:"string"`
+
+	// The date and time at which the object is no longer cacheable.
+	Expires *time.Time `location:"header" locationName:"x-amz-fwd-header-Expires" type:"timestamp"`
+
+	// The date and time that the object was last modified.
+	LastModified *time.Time `location:"header" locationName:"x-amz-fwd-header-Last-Modified" type:"timestamp"`
+
+	// A map of metadata to store with the object in S3.
+	Metadata map[string]*string `location:"headers" locationName:"x-amz-meta-" type:"map"`
+
+	// Set to the number of metadata entries not returned in x-amz-meta headers.
+	// This can happen if you create metadata using an API like SOAP that supports
+	// more flexible metadata than the REST API. For example, using SOAP, you can
+	// create metadata whose values are not legal HTTP headers.
+	MissingMeta *int64 `location:"header" locationName:"x-amz-fwd-header-x-amz-missing-meta" type:"integer"`
+
+	// Indicates whether an object stored in Amazon S3 has an active legal hold.
+	ObjectLockLegalHoldStatus *string `location:"header" locationName:"x-amz-fwd-header-x-amz-object-lock-legal-hold" type:"string" enum:"ObjectLockLegalHoldStatus"`
+
+	// Indicates whether an object stored in Amazon S3 has Object Lock enabled.
+	// For more information about S3 Object Lock, see Object Lock (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock.html).
+	ObjectLockMode *string `location:"header" locationName:"x-amz-fwd-header-x-amz-object-lock-mode" type:"string" enum:"ObjectLockMode"`
+
+	// The date and time when Object Lock is configured to expire.
+	ObjectLockRetainUntilDate *time.Time `location:"header" locationName:"x-amz-fwd-header-x-amz-object-lock-retain-until-date" type:"timestamp" timestampFormat:"iso8601"`
+
+	// The count of parts this object has.
+	PartsCount *int64 `location:"header" locationName:"x-amz-fwd-header-x-amz-mp-parts-count" type:"integer"`
+
+	// Indicates if request involves bucket that is either a source or destination
+	// in a Replication rule. For more information about S3 Replication, see Replication
+	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/replication.html).
+	ReplicationStatus *string `location:"header" locationName:"x-amz-fwd-header-x-amz-replication-status" type:"string" enum:"ReplicationStatus"`
+
+	// If present, indicates that the requester was successfully charged for the
+	// request.
+	RequestCharged *string `location:"header" locationName:"x-amz-fwd-header-x-amz-request-charged" type:"string" enum:"RequestCharged"`
+
+	// Route prefix to the HTTP URL generated.
+	//
+	// RequestRoute is a required field
+	RequestRoute *string `location:"header" locationName:"x-amz-request-route" type:"string" required:"true"`
+
+	// A single use encrypted token that maps WriteGetObjectResponse to the end
+	// user GetObject request.
+	//
+	// RequestToken is a required field
+	RequestToken *string `location:"header" locationName:"x-amz-request-token" type:"string" required:"true"`
+
+	// Provides information about object restoration operation and expiration time
+	// of the restored object copy.
+	Restore *string `location:"header" locationName:"x-amz-fwd-header-x-amz-restore" type:"string"`
+
+	// Encryption algorithm used if server-side encryption with a customer-provided
+	// encryption key was specified for object stored in Amazon S3.
+	SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-fwd-header-x-amz-server-side-encryption-customer-algorithm" type:"string"`
+
+	// 128-bit MD5 digest of customer-provided encryption key used in Amazon S3
+	// to encrypt data stored in S3. For more information, see Protecting data using
+	// server-side encryption with customer-provided encryption keys (SSE-C) (https://docs.aws.amazon.com/AmazonS3/latest/userguide/ServerSideEncryptionCustomerKeys.html).
+	SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-fwd-header-x-amz-server-side-encryption-customer-key-MD5" type:"string"`
+
+	// If present, specifies the ID of the Amazon Web Services Key Management Service
+	// (Amazon Web Services KMS) symmetric encryption customer managed key that
+	// was used for stored in Amazon S3 object.
+	//
+	// SSEKMSKeyId is a sensitive parameter and its value will be
+	// replaced with "sensitive" in string returned by WriteGetObjectResponseInput's
+	// String and GoString methods.
+	SSEKMSKeyId *string `location:"header" locationName:"x-amz-fwd-header-x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"`
+
+	// The server-side encryption algorithm used when storing requested object in
+	// Amazon S3 (for example, AES256, aws:kms).
+	ServerSideEncryption *string `location:"header" locationName:"x-amz-fwd-header-x-amz-server-side-encryption" type:"string" enum:"ServerSideEncryption"`
+
+	// The integer status code for an HTTP response of a corresponding GetObject
+	// request. The following is a list of status codes.
+	//
+	//    * 200 - OK
+	//
+	//    * 206 - Partial Content
+	//
+	//    * 304 - Not Modified
+	//
+	//    * 400 - Bad Request
+	//
+	//    * 401 - Unauthorized
+	//
+	//    * 403 - Forbidden
+	//
+	//    * 404 - Not Found
+	//
+	//    * 405 - Method Not Allowed
+	//
+	//    * 409 - Conflict
+	//
+	//    * 411 - Length Required
+	//
+	//    * 412 - Precondition Failed
+	//
+	//    * 416 - Range Not Satisfiable
+	//
+	//    * 500 - Internal Server Error
+	//
+	//    * 503 - Service Unavailable
+	StatusCode *int64 `location:"header" locationName:"x-amz-fwd-status" type:"integer"`
+
+	// Provides storage class information of the object. Amazon S3 returns this
+	// header for all objects except for S3 Standard storage class objects.
+	//
+	// For more information, see Storage Classes (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html).
+	StorageClass *string `location:"header" locationName:"x-amz-fwd-header-x-amz-storage-class" type:"string" enum:"StorageClass"`
+
+	// The number of tags, if any, on the object.
+	TagCount *int64 `location:"header" locationName:"x-amz-fwd-header-x-amz-tagging-count" type:"integer"`
+
+	// An ID used to reference a specific version of the object.
+	VersionId *string `location:"header" locationName:"x-amz-fwd-header-x-amz-version-id" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s WriteGetObjectResponseInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s WriteGetObjectResponseInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *WriteGetObjectResponseInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "WriteGetObjectResponseInput"}
+	if s.RequestRoute == nil {
+		invalidParams.Add(request.NewErrParamRequired("RequestRoute"))
+	}
+	if s.RequestRoute != nil && len(*s.RequestRoute) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("RequestRoute", 1))
+	}
+	if s.RequestToken == nil {
+		invalidParams.Add(request.NewErrParamRequired("RequestToken"))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetAcceptRanges sets the AcceptRanges field's value.
+func (s *WriteGetObjectResponseInput) SetAcceptRanges(v string) *WriteGetObjectResponseInput {
+	s.AcceptRanges = &v
+	return s
+}
+
+// SetBody sets the Body field's value.
+func (s *WriteGetObjectResponseInput) SetBody(v io.ReadSeeker) *WriteGetObjectResponseInput {
+	s.Body = v
+	return s
+}
+
+// SetBucketKeyEnabled sets the BucketKeyEnabled field's value.
+func (s *WriteGetObjectResponseInput) SetBucketKeyEnabled(v bool) *WriteGetObjectResponseInput {
+	s.BucketKeyEnabled = &v
+	return s
+}
+
+// SetCacheControl sets the CacheControl field's value.
+func (s *WriteGetObjectResponseInput) SetCacheControl(v string) *WriteGetObjectResponseInput {
+	s.CacheControl = &v
+	return s
+}
+
+// SetChecksumCRC32 sets the ChecksumCRC32 field's value.
+func (s *WriteGetObjectResponseInput) SetChecksumCRC32(v string) *WriteGetObjectResponseInput {
+	s.ChecksumCRC32 = &v
+	return s
+}
+
+// SetChecksumCRC32C sets the ChecksumCRC32C field's value.
+func (s *WriteGetObjectResponseInput) SetChecksumCRC32C(v string) *WriteGetObjectResponseInput {
+	s.ChecksumCRC32C = &v
+	return s
+}
+
+// SetChecksumSHA1 sets the ChecksumSHA1 field's value.
+func (s *WriteGetObjectResponseInput) SetChecksumSHA1(v string) *WriteGetObjectResponseInput {
+	s.ChecksumSHA1 = &v
+	return s
+}
+
+// SetChecksumSHA256 sets the ChecksumSHA256 field's value.
+func (s *WriteGetObjectResponseInput) SetChecksumSHA256(v string) *WriteGetObjectResponseInput {
+	s.ChecksumSHA256 = &v
+	return s
+}
+
+// SetContentDisposition sets the ContentDisposition field's value.
+func (s *WriteGetObjectResponseInput) SetContentDisposition(v string) *WriteGetObjectResponseInput {
+	s.ContentDisposition = &v
+	return s
+}
+
+// SetContentEncoding sets the ContentEncoding field's value.
+func (s *WriteGetObjectResponseInput) SetContentEncoding(v string) *WriteGetObjectResponseInput {
+	s.ContentEncoding = &v
+	return s
+}
+
+// SetContentLanguage sets the ContentLanguage field's value.
+func (s *WriteGetObjectResponseInput) SetContentLanguage(v string) *WriteGetObjectResponseInput {
+	s.ContentLanguage = &v
+	return s
+}
+
+// SetContentLength sets the ContentLength field's value.
+func (s *WriteGetObjectResponseInput) SetContentLength(v int64) *WriteGetObjectResponseInput {
+	s.ContentLength = &v
+	return s
+}
+
+// SetContentRange sets the ContentRange field's value.
+func (s *WriteGetObjectResponseInput) SetContentRange(v string) *WriteGetObjectResponseInput {
+	s.ContentRange = &v
+	return s
+}
+
+// SetContentType sets the ContentType field's value.
+func (s *WriteGetObjectResponseInput) SetContentType(v string) *WriteGetObjectResponseInput {
+	s.ContentType = &v
+	return s
+}
+
+// SetDeleteMarker sets the DeleteMarker field's value.
+func (s *WriteGetObjectResponseInput) SetDeleteMarker(v bool) *WriteGetObjectResponseInput {
+	s.DeleteMarker = &v
+	return s
+}
+
+// SetETag sets the ETag field's value.
+func (s *WriteGetObjectResponseInput) SetETag(v string) *WriteGetObjectResponseInput {
+	s.ETag = &v
+	return s
+}
+
+// SetErrorCode sets the ErrorCode field's value.
+func (s *WriteGetObjectResponseInput) SetErrorCode(v string) *WriteGetObjectResponseInput {
+	s.ErrorCode = &v
+	return s
+}
+
+// SetErrorMessage sets the ErrorMessage field's value.
+func (s *WriteGetObjectResponseInput) SetErrorMessage(v string) *WriteGetObjectResponseInput {
+	s.ErrorMessage = &v
+	return s
+}
+
+// SetExpiration sets the Expiration field's value.
+func (s *WriteGetObjectResponseInput) SetExpiration(v string) *WriteGetObjectResponseInput {
+	s.Expiration = &v
+	return s
+}
+
+// SetExpires sets the Expires field's value.
+func (s *WriteGetObjectResponseInput) SetExpires(v time.Time) *WriteGetObjectResponseInput {
+	s.Expires = &v
+	return s
+}
+
+// SetLastModified sets the LastModified field's value.
+func (s *WriteGetObjectResponseInput) SetLastModified(v time.Time) *WriteGetObjectResponseInput {
+	s.LastModified = &v
+	return s
+}
+
+// SetMetadata sets the Metadata field's value.
+func (s *WriteGetObjectResponseInput) SetMetadata(v map[string]*string) *WriteGetObjectResponseInput {
+	s.Metadata = v
+	return s
+}
+
+// SetMissingMeta sets the MissingMeta field's value.
+func (s *WriteGetObjectResponseInput) SetMissingMeta(v int64) *WriteGetObjectResponseInput {
+	s.MissingMeta = &v
+	return s
+}
+
+// SetObjectLockLegalHoldStatus sets the ObjectLockLegalHoldStatus field's value.
+func (s *WriteGetObjectResponseInput) SetObjectLockLegalHoldStatus(v string) *WriteGetObjectResponseInput {
+	s.ObjectLockLegalHoldStatus = &v
+	return s
+}
+
+// SetObjectLockMode sets the ObjectLockMode field's value.
+func (s *WriteGetObjectResponseInput) SetObjectLockMode(v string) *WriteGetObjectResponseInput {
+	s.ObjectLockMode = &v
+	return s
+}
+
+// SetObjectLockRetainUntilDate sets the ObjectLockRetainUntilDate field's value.
+func (s *WriteGetObjectResponseInput) SetObjectLockRetainUntilDate(v time.Time) *WriteGetObjectResponseInput {
+	s.ObjectLockRetainUntilDate = &v
+	return s
+}
+
+// SetPartsCount sets the PartsCount field's value.
+func (s *WriteGetObjectResponseInput) SetPartsCount(v int64) *WriteGetObjectResponseInput {
+	s.PartsCount = &v
+	return s
+}
+
+// SetReplicationStatus sets the ReplicationStatus field's value.
+func (s *WriteGetObjectResponseInput) SetReplicationStatus(v string) *WriteGetObjectResponseInput {
+	s.ReplicationStatus = &v
+	return s
+}
+
+// SetRequestCharged sets the RequestCharged field's value.
+func (s *WriteGetObjectResponseInput) SetRequestCharged(v string) *WriteGetObjectResponseInput {
+	s.RequestCharged = &v
+	return s
+}
+
+// SetRequestRoute sets the RequestRoute field's value.
+func (s *WriteGetObjectResponseInput) SetRequestRoute(v string) *WriteGetObjectResponseInput {
+	s.RequestRoute = &v
+	return s
+}
+
+// SetRequestToken sets the RequestToken field's value.
+func (s *WriteGetObjectResponseInput) SetRequestToken(v string) *WriteGetObjectResponseInput {
+	s.RequestToken = &v
+	return s
+}
+
+// SetRestore sets the Restore field's value.
+func (s *WriteGetObjectResponseInput) SetRestore(v string) *WriteGetObjectResponseInput {
+	s.Restore = &v
+	return s
+}
+
+// SetSSECustomerAlgorithm sets the SSECustomerAlgorithm field's value.
+func (s *WriteGetObjectResponseInput) SetSSECustomerAlgorithm(v string) *WriteGetObjectResponseInput {
+	s.SSECustomerAlgorithm = &v
+	return s
+}
+
+// SetSSECustomerKeyMD5 sets the SSECustomerKeyMD5 field's value.
+func (s *WriteGetObjectResponseInput) SetSSECustomerKeyMD5(v string) *WriteGetObjectResponseInput {
+	s.SSECustomerKeyMD5 = &v
+	return s
+}
+
+// SetSSEKMSKeyId sets the SSEKMSKeyId field's value.
+func (s *WriteGetObjectResponseInput) SetSSEKMSKeyId(v string) *WriteGetObjectResponseInput {
+	s.SSEKMSKeyId = &v
+	return s
+}
+
+// SetServerSideEncryption sets the ServerSideEncryption field's value.
+func (s *WriteGetObjectResponseInput) SetServerSideEncryption(v string) *WriteGetObjectResponseInput {
+	s.ServerSideEncryption = &v
+	return s
+}
+
+// SetStatusCode sets the StatusCode field's value.
+func (s *WriteGetObjectResponseInput) SetStatusCode(v int64) *WriteGetObjectResponseInput {
+	s.StatusCode = &v
+	return s
+}
+
+// SetStorageClass sets the StorageClass field's value.
+func (s *WriteGetObjectResponseInput) SetStorageClass(v string) *WriteGetObjectResponseInput {
+	s.StorageClass = &v
+	return s
+}
+
+// SetTagCount sets the TagCount field's value.
+func (s *WriteGetObjectResponseInput) SetTagCount(v int64) *WriteGetObjectResponseInput {
+	s.TagCount = &v
+	return s
+}
+
+// SetVersionId sets the VersionId field's value.
+func (s *WriteGetObjectResponseInput) SetVersionId(v string) *WriteGetObjectResponseInput {
+	s.VersionId = &v
+	return s
+}
+
+func (s *WriteGetObjectResponseInput) hostLabels() map[string]string {
+	return map[string]string{
+		"RequestRoute": aws.StringValue(s.RequestRoute),
+	}
+}
+
+type WriteGetObjectResponseOutput struct {
+	_ struct{} `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s WriteGetObjectResponseOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s WriteGetObjectResponseOutput) GoString() string {
+	return s.String()
+}
+
+const (
+	// AnalyticsS3ExportFileFormatCsv is a AnalyticsS3ExportFileFormat enum value
+	AnalyticsS3ExportFileFormatCsv = "CSV"
+)
+
+// AnalyticsS3ExportFileFormat_Values returns all elements of the AnalyticsS3ExportFileFormat enum
+func AnalyticsS3ExportFileFormat_Values() []string {
+	return []string{
+		AnalyticsS3ExportFileFormatCsv,
+	}
+}
+
+const (
+	// ArchiveStatusArchiveAccess is a ArchiveStatus enum value
+	ArchiveStatusArchiveAccess = "ARCHIVE_ACCESS"
+
+	// ArchiveStatusDeepArchiveAccess is a ArchiveStatus enum value
+	ArchiveStatusDeepArchiveAccess = "DEEP_ARCHIVE_ACCESS"
+)
+
+// ArchiveStatus_Values returns all elements of the ArchiveStatus enum
+func ArchiveStatus_Values() []string {
+	return []string{
+		ArchiveStatusArchiveAccess,
+		ArchiveStatusDeepArchiveAccess,
+	}
+}
+
+const (
+	// BucketAccelerateStatusEnabled is a BucketAccelerateStatus enum value
+	BucketAccelerateStatusEnabled = "Enabled"
+
+	// BucketAccelerateStatusSuspended is a BucketAccelerateStatus enum value
+	BucketAccelerateStatusSuspended = "Suspended"
+)
+
+// BucketAccelerateStatus_Values returns all elements of the BucketAccelerateStatus enum
+func BucketAccelerateStatus_Values() []string {
+	return []string{
+		BucketAccelerateStatusEnabled,
+		BucketAccelerateStatusSuspended,
+	}
+}
+
+const (
+	// BucketCannedACLPrivate is a BucketCannedACL enum value
+	BucketCannedACLPrivate = "private"
+
+	// BucketCannedACLPublicRead is a BucketCannedACL enum value
+	BucketCannedACLPublicRead = "public-read"
+
+	// BucketCannedACLPublicReadWrite is a BucketCannedACL enum value
+	BucketCannedACLPublicReadWrite = "public-read-write"
+
+	// BucketCannedACLAuthenticatedRead is a BucketCannedACL enum value
+	BucketCannedACLAuthenticatedRead = "authenticated-read"
+)
+
+// BucketCannedACL_Values returns all elements of the BucketCannedACL enum
+func BucketCannedACL_Values() []string {
+	return []string{
+		BucketCannedACLPrivate,
+		BucketCannedACLPublicRead,
+		BucketCannedACLPublicReadWrite,
+		BucketCannedACLAuthenticatedRead,
+	}
+}
+
+const (
+	// BucketLocationConstraintAfSouth1 is a BucketLocationConstraint enum value
+	BucketLocationConstraintAfSouth1 = "af-south-1"
+
+	// BucketLocationConstraintApEast1 is a BucketLocationConstraint enum value
+	BucketLocationConstraintApEast1 = "ap-east-1"
+
+	// BucketLocationConstraintApNortheast1 is a BucketLocationConstraint enum value
+	BucketLocationConstraintApNortheast1 = "ap-northeast-1"
+
+	// BucketLocationConstraintApNortheast2 is a BucketLocationConstraint enum value
+	BucketLocationConstraintApNortheast2 = "ap-northeast-2"
+
+	// BucketLocationConstraintApNortheast3 is a BucketLocationConstraint enum value
+	BucketLocationConstraintApNortheast3 = "ap-northeast-3"
+
+	// BucketLocationConstraintApSouth1 is a BucketLocationConstraint enum value
+	BucketLocationConstraintApSouth1 = "ap-south-1"
+
+	// BucketLocationConstraintApSoutheast1 is a BucketLocationConstraint enum value
+	BucketLocationConstraintApSoutheast1 = "ap-southeast-1"
+
+	// BucketLocationConstraintApSoutheast2 is a BucketLocationConstraint enum value
+	BucketLocationConstraintApSoutheast2 = "ap-southeast-2"
+
+	// BucketLocationConstraintApSoutheast3 is a BucketLocationConstraint enum value
+	BucketLocationConstraintApSoutheast3 = "ap-southeast-3"
+
+	// BucketLocationConstraintCaCentral1 is a BucketLocationConstraint enum value
+	BucketLocationConstraintCaCentral1 = "ca-central-1"
+
+	// BucketLocationConstraintCnNorth1 is a BucketLocationConstraint enum value
+	BucketLocationConstraintCnNorth1 = "cn-north-1"
+
+	// BucketLocationConstraintCnNorthwest1 is a BucketLocationConstraint enum value
+	BucketLocationConstraintCnNorthwest1 = "cn-northwest-1"
+
+	// BucketLocationConstraintEu is a BucketLocationConstraint enum value
+	BucketLocationConstraintEu = "EU"
+
+	// BucketLocationConstraintEuCentral1 is a BucketLocationConstraint enum value
+	BucketLocationConstraintEuCentral1 = "eu-central-1"
+
+	// BucketLocationConstraintEuNorth1 is a BucketLocationConstraint enum value
+	BucketLocationConstraintEuNorth1 = "eu-north-1"
+
+	// BucketLocationConstraintEuSouth1 is a BucketLocationConstraint enum value
+	BucketLocationConstraintEuSouth1 = "eu-south-1"
+
+	// BucketLocationConstraintEuWest1 is a BucketLocationConstraint enum value
+	BucketLocationConstraintEuWest1 = "eu-west-1"
+
+	// BucketLocationConstraintEuWest2 is a BucketLocationConstraint enum value
+	BucketLocationConstraintEuWest2 = "eu-west-2"
+
+	// BucketLocationConstraintEuWest3 is a BucketLocationConstraint enum value
+	BucketLocationConstraintEuWest3 = "eu-west-3"
+
+	// BucketLocationConstraintMeSouth1 is a BucketLocationConstraint enum value
+	BucketLocationConstraintMeSouth1 = "me-south-1"
+
+	// BucketLocationConstraintSaEast1 is a BucketLocationConstraint enum value
+	BucketLocationConstraintSaEast1 = "sa-east-1"
+
+	// BucketLocationConstraintUsEast2 is a BucketLocationConstraint enum value
+	BucketLocationConstraintUsEast2 = "us-east-2"
+
+	// BucketLocationConstraintUsGovEast1 is a BucketLocationConstraint enum value
+	BucketLocationConstraintUsGovEast1 = "us-gov-east-1"
+
+	// BucketLocationConstraintUsGovWest1 is a BucketLocationConstraint enum value
+	BucketLocationConstraintUsGovWest1 = "us-gov-west-1"
+
+	// BucketLocationConstraintUsWest1 is a BucketLocationConstraint enum value
+	BucketLocationConstraintUsWest1 = "us-west-1"
+
+	// BucketLocationConstraintUsWest2 is a BucketLocationConstraint enum value
+	BucketLocationConstraintUsWest2 = "us-west-2"
+)
+
+// BucketLocationConstraint_Values returns all elements of the BucketLocationConstraint enum
+func BucketLocationConstraint_Values() []string {
+	return []string{
+		BucketLocationConstraintAfSouth1,
+		BucketLocationConstraintApEast1,
+		BucketLocationConstraintApNortheast1,
+		BucketLocationConstraintApNortheast2,
+		BucketLocationConstraintApNortheast3,
+		BucketLocationConstraintApSouth1,
+		BucketLocationConstraintApSoutheast1,
+		BucketLocationConstraintApSoutheast2,
+		BucketLocationConstraintApSoutheast3,
+		BucketLocationConstraintCaCentral1,
+		BucketLocationConstraintCnNorth1,
+		BucketLocationConstraintCnNorthwest1,
+		BucketLocationConstraintEu,
+		BucketLocationConstraintEuCentral1,
+		BucketLocationConstraintEuNorth1,
+		BucketLocationConstraintEuSouth1,
+		BucketLocationConstraintEuWest1,
+		BucketLocationConstraintEuWest2,
+		BucketLocationConstraintEuWest3,
+		BucketLocationConstraintMeSouth1,
+		BucketLocationConstraintSaEast1,
+		BucketLocationConstraintUsEast2,
+		BucketLocationConstraintUsGovEast1,
+		BucketLocationConstraintUsGovWest1,
+		BucketLocationConstraintUsWest1,
+		BucketLocationConstraintUsWest2,
+	}
+}
+
+const (
+	// BucketLogsPermissionFullControl is a BucketLogsPermission enum value
+	BucketLogsPermissionFullControl = "FULL_CONTROL"
+
+	// BucketLogsPermissionRead is a BucketLogsPermission enum value
+	BucketLogsPermissionRead = "READ"
+
+	// BucketLogsPermissionWrite is a BucketLogsPermission enum value
+	BucketLogsPermissionWrite = "WRITE"
+)
+
+// BucketLogsPermission_Values returns all elements of the BucketLogsPermission enum
+func BucketLogsPermission_Values() []string {
+	return []string{
+		BucketLogsPermissionFullControl,
+		BucketLogsPermissionRead,
+		BucketLogsPermissionWrite,
+	}
+}
+
+const (
+	// BucketVersioningStatusEnabled is a BucketVersioningStatus enum value
+	BucketVersioningStatusEnabled = "Enabled"
+
+	// BucketVersioningStatusSuspended is a BucketVersioningStatus enum value
+	BucketVersioningStatusSuspended = "Suspended"
+)
+
+// BucketVersioningStatus_Values returns all elements of the BucketVersioningStatus enum
+func BucketVersioningStatus_Values() []string {
+	return []string{
+		BucketVersioningStatusEnabled,
+		BucketVersioningStatusSuspended,
+	}
+}
+
+const (
+	// ChecksumAlgorithmCrc32 is a ChecksumAlgorithm enum value
+	ChecksumAlgorithmCrc32 = "CRC32"
+
+	// ChecksumAlgorithmCrc32c is a ChecksumAlgorithm enum value
+	ChecksumAlgorithmCrc32c = "CRC32C"
+
+	// ChecksumAlgorithmSha1 is a ChecksumAlgorithm enum value
+	ChecksumAlgorithmSha1 = "SHA1"
+
+	// ChecksumAlgorithmSha256 is a ChecksumAlgorithm enum value
+	ChecksumAlgorithmSha256 = "SHA256"
+)
+
+// ChecksumAlgorithm_Values returns all elements of the ChecksumAlgorithm enum
+func ChecksumAlgorithm_Values() []string {
+	return []string{
+		ChecksumAlgorithmCrc32,
+		ChecksumAlgorithmCrc32c,
+		ChecksumAlgorithmSha1,
+		ChecksumAlgorithmSha256,
+	}
+}
+
+const (
+	// ChecksumModeEnabled is a ChecksumMode enum value
+	ChecksumModeEnabled = "ENABLED"
+)
+
+// ChecksumMode_Values returns all elements of the ChecksumMode enum
+func ChecksumMode_Values() []string {
+	return []string{
+		ChecksumModeEnabled,
+	}
+}
+
+const (
+	// CompressionTypeNone is a CompressionType enum value
+	CompressionTypeNone = "NONE"
+
+	// CompressionTypeGzip is a CompressionType enum value
+	CompressionTypeGzip = "GZIP"
+
+	// CompressionTypeBzip2 is a CompressionType enum value
+	CompressionTypeBzip2 = "BZIP2"
+)
+
+// CompressionType_Values returns all elements of the CompressionType enum
+func CompressionType_Values() []string {
+	return []string{
+		CompressionTypeNone,
+		CompressionTypeGzip,
+		CompressionTypeBzip2,
+	}
+}
+
+const (
+	// DeleteMarkerReplicationStatusEnabled is a DeleteMarkerReplicationStatus enum value
+	DeleteMarkerReplicationStatusEnabled = "Enabled"
+
+	// DeleteMarkerReplicationStatusDisabled is a DeleteMarkerReplicationStatus enum value
+	DeleteMarkerReplicationStatusDisabled = "Disabled"
+)
+
+// DeleteMarkerReplicationStatus_Values returns all elements of the DeleteMarkerReplicationStatus enum
+func DeleteMarkerReplicationStatus_Values() []string {
+	return []string{
+		DeleteMarkerReplicationStatusEnabled,
+		DeleteMarkerReplicationStatusDisabled,
+	}
+}
+
+// Requests Amazon S3 to encode the object keys in the response and specifies
+// the encoding method to use. An object key may contain any Unicode character;
+// however, XML 1.0 parser cannot parse some characters, such as characters
+// with an ASCII value from 0 to 10. For characters that are not supported in
+// XML 1.0, you can add this parameter to request that Amazon S3 encode the
+// keys in the response.
+const (
+	// EncodingTypeUrl is a EncodingType enum value
+	EncodingTypeUrl = "url"
+)
+
+// EncodingType_Values returns all elements of the EncodingType enum
+func EncodingType_Values() []string {
+	return []string{
+		EncodingTypeUrl,
+	}
+}
+
+// The bucket event for which to send notifications.
+const (
+	// EventS3ReducedRedundancyLostObject is a Event enum value
+	EventS3ReducedRedundancyLostObject = "s3:ReducedRedundancyLostObject"
+
+	// EventS3ObjectCreated is a Event enum value
+	EventS3ObjectCreated = "s3:ObjectCreated:*"
+
+	// EventS3ObjectCreatedPut is a Event enum value
+	EventS3ObjectCreatedPut = "s3:ObjectCreated:Put"
+
+	// EventS3ObjectCreatedPost is a Event enum value
+	EventS3ObjectCreatedPost = "s3:ObjectCreated:Post"
+
+	// EventS3ObjectCreatedCopy is a Event enum value
+	EventS3ObjectCreatedCopy = "s3:ObjectCreated:Copy"
+
+	// EventS3ObjectCreatedCompleteMultipartUpload is a Event enum value
+	EventS3ObjectCreatedCompleteMultipartUpload = "s3:ObjectCreated:CompleteMultipartUpload"
+
+	// EventS3ObjectRemoved is a Event enum value
+	EventS3ObjectRemoved = "s3:ObjectRemoved:*"
+
+	// EventS3ObjectRemovedDelete is a Event enum value
+	EventS3ObjectRemovedDelete = "s3:ObjectRemoved:Delete"
+
+	// EventS3ObjectRemovedDeleteMarkerCreated is a Event enum value
+	EventS3ObjectRemovedDeleteMarkerCreated = "s3:ObjectRemoved:DeleteMarkerCreated"
+
+	// EventS3ObjectRestore is a Event enum value
+	EventS3ObjectRestore = "s3:ObjectRestore:*"
+
+	// EventS3ObjectRestorePost is a Event enum value
+	EventS3ObjectRestorePost = "s3:ObjectRestore:Post"
+
+	// EventS3ObjectRestoreCompleted is a Event enum value
+	EventS3ObjectRestoreCompleted = "s3:ObjectRestore:Completed"
+
+	// EventS3Replication is a Event enum value
+	EventS3Replication = "s3:Replication:*"
+
+	// EventS3ReplicationOperationFailedReplication is a Event enum value
+	EventS3ReplicationOperationFailedReplication = "s3:Replication:OperationFailedReplication"
+
+	// EventS3ReplicationOperationNotTracked is a Event enum value
+	EventS3ReplicationOperationNotTracked = "s3:Replication:OperationNotTracked"
+
+	// EventS3ReplicationOperationMissedThreshold is a Event enum value
+	EventS3ReplicationOperationMissedThreshold = "s3:Replication:OperationMissedThreshold"
+
+	// EventS3ReplicationOperationReplicatedAfterThreshold is a Event enum value
+	EventS3ReplicationOperationReplicatedAfterThreshold = "s3:Replication:OperationReplicatedAfterThreshold"
+
+	// EventS3ObjectRestoreDelete is a Event enum value
+	EventS3ObjectRestoreDelete = "s3:ObjectRestore:Delete"
+
+	// EventS3LifecycleTransition is a Event enum value
+	EventS3LifecycleTransition = "s3:LifecycleTransition"
+
+	// EventS3IntelligentTiering is a Event enum value
+	EventS3IntelligentTiering = "s3:IntelligentTiering"
+
+	// EventS3ObjectAclPut is a Event enum value
+	EventS3ObjectAclPut = "s3:ObjectAcl:Put"
+
+	// EventS3LifecycleExpiration is a Event enum value
+	EventS3LifecycleExpiration = "s3:LifecycleExpiration:*"
+
+	// EventS3LifecycleExpirationDelete is a Event enum value
+	EventS3LifecycleExpirationDelete = "s3:LifecycleExpiration:Delete"
+
+	// EventS3LifecycleExpirationDeleteMarkerCreated is a Event enum value
+	EventS3LifecycleExpirationDeleteMarkerCreated = "s3:LifecycleExpiration:DeleteMarkerCreated"
+
+	// EventS3ObjectTagging is a Event enum value
+	EventS3ObjectTagging = "s3:ObjectTagging:*"
+
+	// EventS3ObjectTaggingPut is a Event enum value
+	EventS3ObjectTaggingPut = "s3:ObjectTagging:Put"
+
+	// EventS3ObjectTaggingDelete is a Event enum value
+	EventS3ObjectTaggingDelete = "s3:ObjectTagging:Delete"
+)
+
+// Event_Values returns all elements of the Event enum
+func Event_Values() []string {
+	return []string{
+		EventS3ReducedRedundancyLostObject,
+		EventS3ObjectCreated,
+		EventS3ObjectCreatedPut,
+		EventS3ObjectCreatedPost,
+		EventS3ObjectCreatedCopy,
+		EventS3ObjectCreatedCompleteMultipartUpload,
+		EventS3ObjectRemoved,
+		EventS3ObjectRemovedDelete,
+		EventS3ObjectRemovedDeleteMarkerCreated,
+		EventS3ObjectRestore,
+		EventS3ObjectRestorePost,
+		EventS3ObjectRestoreCompleted,
+		EventS3Replication,
+		EventS3ReplicationOperationFailedReplication,
+		EventS3ReplicationOperationNotTracked,
+		EventS3ReplicationOperationMissedThreshold,
+		EventS3ReplicationOperationReplicatedAfterThreshold,
+		EventS3ObjectRestoreDelete,
+		EventS3LifecycleTransition,
+		EventS3IntelligentTiering,
+		EventS3ObjectAclPut,
+		EventS3LifecycleExpiration,
+		EventS3LifecycleExpirationDelete,
+		EventS3LifecycleExpirationDeleteMarkerCreated,
+		EventS3ObjectTagging,
+		EventS3ObjectTaggingPut,
+		EventS3ObjectTaggingDelete,
+	}
+}
+
+const (
+	// ExistingObjectReplicationStatusEnabled is a ExistingObjectReplicationStatus enum value
+	ExistingObjectReplicationStatusEnabled = "Enabled"
+
+	// ExistingObjectReplicationStatusDisabled is a ExistingObjectReplicationStatus enum value
+	ExistingObjectReplicationStatusDisabled = "Disabled"
+)
+
+// ExistingObjectReplicationStatus_Values returns all elements of the ExistingObjectReplicationStatus enum
+func ExistingObjectReplicationStatus_Values() []string {
+	return []string{
+		ExistingObjectReplicationStatusEnabled,
+		ExistingObjectReplicationStatusDisabled,
+	}
+}
+
+const (
+	// ExpirationStatusEnabled is a ExpirationStatus enum value
+	ExpirationStatusEnabled = "Enabled"
+
+	// ExpirationStatusDisabled is a ExpirationStatus enum value
+	ExpirationStatusDisabled = "Disabled"
+)
+
+// ExpirationStatus_Values returns all elements of the ExpirationStatus enum
+func ExpirationStatus_Values() []string {
+	return []string{
+		ExpirationStatusEnabled,
+		ExpirationStatusDisabled,
+	}
+}
+
+const (
+	// ExpressionTypeSql is a ExpressionType enum value
+	ExpressionTypeSql = "SQL"
+)
+
+// ExpressionType_Values returns all elements of the ExpressionType enum
+func ExpressionType_Values() []string {
+	return []string{
+		ExpressionTypeSql,
+	}
+}
+
+const (
+	// FileHeaderInfoUse is a FileHeaderInfo enum value
+	FileHeaderInfoUse = "USE"
+
+	// FileHeaderInfoIgnore is a FileHeaderInfo enum value
+	FileHeaderInfoIgnore = "IGNORE"
+
+	// FileHeaderInfoNone is a FileHeaderInfo enum value
+	FileHeaderInfoNone = "NONE"
+)
+
+// FileHeaderInfo_Values returns all elements of the FileHeaderInfo enum
+func FileHeaderInfo_Values() []string {
+	return []string{
+		FileHeaderInfoUse,
+		FileHeaderInfoIgnore,
+		FileHeaderInfoNone,
+	}
+}
+
+const (
+	// FilterRuleNamePrefix is a FilterRuleName enum value
+	FilterRuleNamePrefix = "prefix"
+
+	// FilterRuleNameSuffix is a FilterRuleName enum value
+	FilterRuleNameSuffix = "suffix"
+)
+
+// FilterRuleName_Values returns all elements of the FilterRuleName enum
+func FilterRuleName_Values() []string {
+	return []string{
+		FilterRuleNamePrefix,
+		FilterRuleNameSuffix,
+	}
+}
+
+const (
+	// IntelligentTieringAccessTierArchiveAccess is a IntelligentTieringAccessTier enum value
+	IntelligentTieringAccessTierArchiveAccess = "ARCHIVE_ACCESS"
+
+	// IntelligentTieringAccessTierDeepArchiveAccess is a IntelligentTieringAccessTier enum value
+	IntelligentTieringAccessTierDeepArchiveAccess = "DEEP_ARCHIVE_ACCESS"
+)
+
+// IntelligentTieringAccessTier_Values returns all elements of the IntelligentTieringAccessTier enum
+func IntelligentTieringAccessTier_Values() []string {
+	return []string{
+		IntelligentTieringAccessTierArchiveAccess,
+		IntelligentTieringAccessTierDeepArchiveAccess,
+	}
+}
+
+const (
+	// IntelligentTieringStatusEnabled is a IntelligentTieringStatus enum value
+	IntelligentTieringStatusEnabled = "Enabled"
+
+	// IntelligentTieringStatusDisabled is a IntelligentTieringStatus enum value
+	IntelligentTieringStatusDisabled = "Disabled"
+)
+
+// IntelligentTieringStatus_Values returns all elements of the IntelligentTieringStatus enum
+func IntelligentTieringStatus_Values() []string {
+	return []string{
+		IntelligentTieringStatusEnabled,
+		IntelligentTieringStatusDisabled,
+	}
+}
+
+const (
+	// InventoryFormatCsv is a InventoryFormat enum value
+	InventoryFormatCsv = "CSV"
+
+	// InventoryFormatOrc is a InventoryFormat enum value
+	InventoryFormatOrc = "ORC"
+
+	// InventoryFormatParquet is a InventoryFormat enum value
+	InventoryFormatParquet = "Parquet"
+)
+
+// InventoryFormat_Values returns all elements of the InventoryFormat enum
+func InventoryFormat_Values() []string {
+	return []string{
+		InventoryFormatCsv,
+		InventoryFormatOrc,
+		InventoryFormatParquet,
+	}
+}
+
+const (
+	// InventoryFrequencyDaily is a InventoryFrequency enum value
+	InventoryFrequencyDaily = "Daily"
+
+	// InventoryFrequencyWeekly is a InventoryFrequency enum value
+	InventoryFrequencyWeekly = "Weekly"
+)
+
+// InventoryFrequency_Values returns all elements of the InventoryFrequency enum
+func InventoryFrequency_Values() []string {
+	return []string{
+		InventoryFrequencyDaily,
+		InventoryFrequencyWeekly,
+	}
+}
+
+const (
+	// InventoryIncludedObjectVersionsAll is a InventoryIncludedObjectVersions enum value
+	InventoryIncludedObjectVersionsAll = "All"
+
+	// InventoryIncludedObjectVersionsCurrent is a InventoryIncludedObjectVersions enum value
+	InventoryIncludedObjectVersionsCurrent = "Current"
+)
+
+// InventoryIncludedObjectVersions_Values returns all elements of the InventoryIncludedObjectVersions enum
+func InventoryIncludedObjectVersions_Values() []string {
+	return []string{
+		InventoryIncludedObjectVersionsAll,
+		InventoryIncludedObjectVersionsCurrent,
+	}
+}
+
+const (
+	// InventoryOptionalFieldSize is a InventoryOptionalField enum value
+	InventoryOptionalFieldSize = "Size"
+
+	// InventoryOptionalFieldLastModifiedDate is a InventoryOptionalField enum value
+	InventoryOptionalFieldLastModifiedDate = "LastModifiedDate"
+
+	// InventoryOptionalFieldStorageClass is a InventoryOptionalField enum value
+	InventoryOptionalFieldStorageClass = "StorageClass"
+
+	// InventoryOptionalFieldEtag is a InventoryOptionalField enum value
+	InventoryOptionalFieldEtag = "ETag"
+
+	// InventoryOptionalFieldIsMultipartUploaded is a InventoryOptionalField enum value
+	InventoryOptionalFieldIsMultipartUploaded = "IsMultipartUploaded"
+
+	// InventoryOptionalFieldReplicationStatus is a InventoryOptionalField enum value
+	InventoryOptionalFieldReplicationStatus = "ReplicationStatus"
+
+	// InventoryOptionalFieldEncryptionStatus is a InventoryOptionalField enum value
+	InventoryOptionalFieldEncryptionStatus = "EncryptionStatus"
+
+	// InventoryOptionalFieldObjectLockRetainUntilDate is a InventoryOptionalField enum value
+	InventoryOptionalFieldObjectLockRetainUntilDate = "ObjectLockRetainUntilDate"
+
+	// InventoryOptionalFieldObjectLockMode is a InventoryOptionalField enum value
+	InventoryOptionalFieldObjectLockMode = "ObjectLockMode"
+
+	// InventoryOptionalFieldObjectLockLegalHoldStatus is a InventoryOptionalField enum value
+	InventoryOptionalFieldObjectLockLegalHoldStatus = "ObjectLockLegalHoldStatus"
+
+	// InventoryOptionalFieldIntelligentTieringAccessTier is a InventoryOptionalField enum value
+	InventoryOptionalFieldIntelligentTieringAccessTier = "IntelligentTieringAccessTier"
+
+	// InventoryOptionalFieldBucketKeyStatus is a InventoryOptionalField enum value
+	InventoryOptionalFieldBucketKeyStatus = "BucketKeyStatus"
+
+	// InventoryOptionalFieldChecksumAlgorithm is a InventoryOptionalField enum value
+	InventoryOptionalFieldChecksumAlgorithm = "ChecksumAlgorithm"
+)
+
+// InventoryOptionalField_Values returns all elements of the InventoryOptionalField enum
+func InventoryOptionalField_Values() []string {
+	return []string{
+		InventoryOptionalFieldSize,
+		InventoryOptionalFieldLastModifiedDate,
+		InventoryOptionalFieldStorageClass,
+		InventoryOptionalFieldEtag,
+		InventoryOptionalFieldIsMultipartUploaded,
+		InventoryOptionalFieldReplicationStatus,
+		InventoryOptionalFieldEncryptionStatus,
+		InventoryOptionalFieldObjectLockRetainUntilDate,
+		InventoryOptionalFieldObjectLockMode,
+		InventoryOptionalFieldObjectLockLegalHoldStatus,
+		InventoryOptionalFieldIntelligentTieringAccessTier,
+		InventoryOptionalFieldBucketKeyStatus,
+		InventoryOptionalFieldChecksumAlgorithm,
+	}
+}
+
+const (
+	// JSONTypeDocument is a JSONType enum value
+	JSONTypeDocument = "DOCUMENT"
+
+	// JSONTypeLines is a JSONType enum value
+	JSONTypeLines = "LINES"
+)
+
+// JSONType_Values returns all elements of the JSONType enum
+func JSONType_Values() []string {
+	return []string{
+		JSONTypeDocument,
+		JSONTypeLines,
+	}
+}
+
+const (
+	// MFADeleteEnabled is a MFADelete enum value
+	MFADeleteEnabled = "Enabled"
+
+	// MFADeleteDisabled is a MFADelete enum value
+	MFADeleteDisabled = "Disabled"
+)
+
+// MFADelete_Values returns all elements of the MFADelete enum
+func MFADelete_Values() []string {
+	return []string{
+		MFADeleteEnabled,
+		MFADeleteDisabled,
+	}
+}
+
+const (
+	// MFADeleteStatusEnabled is a MFADeleteStatus enum value
+	MFADeleteStatusEnabled = "Enabled"
+
+	// MFADeleteStatusDisabled is a MFADeleteStatus enum value
+	MFADeleteStatusDisabled = "Disabled"
+)
+
+// MFADeleteStatus_Values returns all elements of the MFADeleteStatus enum
+func MFADeleteStatus_Values() []string {
+	return []string{
+		MFADeleteStatusEnabled,
+		MFADeleteStatusDisabled,
+	}
+}
+
+const (
+	// MetadataDirectiveCopy is a MetadataDirective enum value
+	MetadataDirectiveCopy = "COPY"
+
+	// MetadataDirectiveReplace is a MetadataDirective enum value
+	MetadataDirectiveReplace = "REPLACE"
+)
+
+// MetadataDirective_Values returns all elements of the MetadataDirective enum
+func MetadataDirective_Values() []string {
+	return []string{
+		MetadataDirectiveCopy,
+		MetadataDirectiveReplace,
+	}
+}
+
+const (
+	// MetricsStatusEnabled is a MetricsStatus enum value
+	MetricsStatusEnabled = "Enabled"
+
+	// MetricsStatusDisabled is a MetricsStatus enum value
+	MetricsStatusDisabled = "Disabled"
+)
+
+// MetricsStatus_Values returns all elements of the MetricsStatus enum
+func MetricsStatus_Values() []string {
+	return []string{
+		MetricsStatusEnabled,
+		MetricsStatusDisabled,
+	}
+}
+
+const (
+	// ObjectAttributesEtag is a ObjectAttributes enum value
+	ObjectAttributesEtag = "ETag"
+
+	// ObjectAttributesChecksum is a ObjectAttributes enum value
+	ObjectAttributesChecksum = "Checksum"
+
+	// ObjectAttributesObjectParts is a ObjectAttributes enum value
+	ObjectAttributesObjectParts = "ObjectParts"
+
+	// ObjectAttributesStorageClass is a ObjectAttributes enum value
+	ObjectAttributesStorageClass = "StorageClass"
+
+	// ObjectAttributesObjectSize is a ObjectAttributes enum value
+	ObjectAttributesObjectSize = "ObjectSize"
+)
+
+// ObjectAttributes_Values returns all elements of the ObjectAttributes enum
+func ObjectAttributes_Values() []string {
+	return []string{
+		ObjectAttributesEtag,
+		ObjectAttributesChecksum,
+		ObjectAttributesObjectParts,
+		ObjectAttributesStorageClass,
+		ObjectAttributesObjectSize,
+	}
+}
+
+const (
+	// ObjectCannedACLPrivate is a ObjectCannedACL enum value
+	ObjectCannedACLPrivate = "private"
+
+	// ObjectCannedACLPublicRead is a ObjectCannedACL enum value
+	ObjectCannedACLPublicRead = "public-read"
+
+	// ObjectCannedACLPublicReadWrite is a ObjectCannedACL enum value
+	ObjectCannedACLPublicReadWrite = "public-read-write"
+
+	// ObjectCannedACLAuthenticatedRead is a ObjectCannedACL enum value
+	ObjectCannedACLAuthenticatedRead = "authenticated-read"
+
+	// ObjectCannedACLAwsExecRead is a ObjectCannedACL enum value
+	ObjectCannedACLAwsExecRead = "aws-exec-read"
+
+	// ObjectCannedACLBucketOwnerRead is a ObjectCannedACL enum value
+	ObjectCannedACLBucketOwnerRead = "bucket-owner-read"
+
+	// ObjectCannedACLBucketOwnerFullControl is a ObjectCannedACL enum value
+	ObjectCannedACLBucketOwnerFullControl = "bucket-owner-full-control"
+)
+
+// ObjectCannedACL_Values returns all elements of the ObjectCannedACL enum
+func ObjectCannedACL_Values() []string {
+	return []string{
+		ObjectCannedACLPrivate,
+		ObjectCannedACLPublicRead,
+		ObjectCannedACLPublicReadWrite,
+		ObjectCannedACLAuthenticatedRead,
+		ObjectCannedACLAwsExecRead,
+		ObjectCannedACLBucketOwnerRead,
+		ObjectCannedACLBucketOwnerFullControl,
+	}
+}
+
+const (
+	// ObjectLockEnabledEnabled is a ObjectLockEnabled enum value
+	ObjectLockEnabledEnabled = "Enabled"
+)
+
+// ObjectLockEnabled_Values returns all elements of the ObjectLockEnabled enum
+func ObjectLockEnabled_Values() []string {
+	return []string{
+		ObjectLockEnabledEnabled,
+	}
+}
+
+const (
+	// ObjectLockLegalHoldStatusOn is a ObjectLockLegalHoldStatus enum value
+	ObjectLockLegalHoldStatusOn = "ON"
+
+	// ObjectLockLegalHoldStatusOff is a ObjectLockLegalHoldStatus enum value
+	ObjectLockLegalHoldStatusOff = "OFF"
+)
+
+// ObjectLockLegalHoldStatus_Values returns all elements of the ObjectLockLegalHoldStatus enum
+func ObjectLockLegalHoldStatus_Values() []string {
+	return []string{
+		ObjectLockLegalHoldStatusOn,
+		ObjectLockLegalHoldStatusOff,
+	}
+}
+
+const (
+	// ObjectLockModeGovernance is a ObjectLockMode enum value
+	ObjectLockModeGovernance = "GOVERNANCE"
+
+	// ObjectLockModeCompliance is a ObjectLockMode enum value
+	ObjectLockModeCompliance = "COMPLIANCE"
+)
+
+// ObjectLockMode_Values returns all elements of the ObjectLockMode enum
+func ObjectLockMode_Values() []string {
+	return []string{
+		ObjectLockModeGovernance,
+		ObjectLockModeCompliance,
+	}
+}
+
+const (
+	// ObjectLockRetentionModeGovernance is a ObjectLockRetentionMode enum value
+	ObjectLockRetentionModeGovernance = "GOVERNANCE"
+
+	// ObjectLockRetentionModeCompliance is a ObjectLockRetentionMode enum value
+	ObjectLockRetentionModeCompliance = "COMPLIANCE"
+)
+
+// ObjectLockRetentionMode_Values returns all elements of the ObjectLockRetentionMode enum
+func ObjectLockRetentionMode_Values() []string {
+	return []string{
+		ObjectLockRetentionModeGovernance,
+		ObjectLockRetentionModeCompliance,
+	}
+}
+
+// The container element for object ownership for a bucket's ownership controls.
+//
+// BucketOwnerPreferred - Objects uploaded to the bucket change ownership to
+// the bucket owner if the objects are uploaded with the bucket-owner-full-control
+// canned ACL.
+//
+// ObjectWriter - The uploading account will own the object if the object is
+// uploaded with the bucket-owner-full-control canned ACL.
+//
+// BucketOwnerEnforced - Access control lists (ACLs) are disabled and no longer
+// affect permissions. The bucket owner automatically owns and has full control
+// over every object in the bucket. The bucket only accepts PUT requests that
+// don't specify an ACL or bucket owner full control ACLs, such as the bucket-owner-full-control
+// canned ACL or an equivalent form of this ACL expressed in the XML format.
+const (
+	// ObjectOwnershipBucketOwnerPreferred is a ObjectOwnership enum value
+	ObjectOwnershipBucketOwnerPreferred = "BucketOwnerPreferred"
+
+	// ObjectOwnershipObjectWriter is a ObjectOwnership enum value
+	ObjectOwnershipObjectWriter = "ObjectWriter"
+
+	// ObjectOwnershipBucketOwnerEnforced is a ObjectOwnership enum value
+	ObjectOwnershipBucketOwnerEnforced = "BucketOwnerEnforced"
+)
+
+// ObjectOwnership_Values returns all elements of the ObjectOwnership enum
+func ObjectOwnership_Values() []string {
+	return []string{
+		ObjectOwnershipBucketOwnerPreferred,
+		ObjectOwnershipObjectWriter,
+		ObjectOwnershipBucketOwnerEnforced,
+	}
+}
+
+const (
+	// ObjectStorageClassStandard is a ObjectStorageClass enum value
+	ObjectStorageClassStandard = "STANDARD"
+
+	// ObjectStorageClassReducedRedundancy is a ObjectStorageClass enum value
+	ObjectStorageClassReducedRedundancy = "REDUCED_REDUNDANCY"
+
+	// ObjectStorageClassGlacier is a ObjectStorageClass enum value
+	ObjectStorageClassGlacier = "GLACIER"
+
+	// ObjectStorageClassStandardIa is a ObjectStorageClass enum value
+	ObjectStorageClassStandardIa = "STANDARD_IA"
+
+	// ObjectStorageClassOnezoneIa is a ObjectStorageClass enum value
+	ObjectStorageClassOnezoneIa = "ONEZONE_IA"
+
+	// ObjectStorageClassIntelligentTiering is a ObjectStorageClass enum value
+	ObjectStorageClassIntelligentTiering = "INTELLIGENT_TIERING"
+
+	// ObjectStorageClassDeepArchive is a ObjectStorageClass enum value
+	ObjectStorageClassDeepArchive = "DEEP_ARCHIVE"
+
+	// ObjectStorageClassOutposts is a ObjectStorageClass enum value
+	ObjectStorageClassOutposts = "OUTPOSTS"
+
+	// ObjectStorageClassGlacierIr is a ObjectStorageClass enum value
+	ObjectStorageClassGlacierIr = "GLACIER_IR"
+
+	// ObjectStorageClassSnow is a ObjectStorageClass enum value
+	ObjectStorageClassSnow = "SNOW"
+)
+
+// ObjectStorageClass_Values returns all elements of the ObjectStorageClass enum
+func ObjectStorageClass_Values() []string {
+	return []string{
+		ObjectStorageClassStandard,
+		ObjectStorageClassReducedRedundancy,
+		ObjectStorageClassGlacier,
+		ObjectStorageClassStandardIa,
+		ObjectStorageClassOnezoneIa,
+		ObjectStorageClassIntelligentTiering,
+		ObjectStorageClassDeepArchive,
+		ObjectStorageClassOutposts,
+		ObjectStorageClassGlacierIr,
+		ObjectStorageClassSnow,
+	}
+}
+
+const (
+	// ObjectVersionStorageClassStandard is a ObjectVersionStorageClass enum value
+	ObjectVersionStorageClassStandard = "STANDARD"
+)
+
+// ObjectVersionStorageClass_Values returns all elements of the ObjectVersionStorageClass enum
+func ObjectVersionStorageClass_Values() []string {
+	return []string{
+		ObjectVersionStorageClassStandard,
+	}
+}
+
+const (
+	// OwnerOverrideDestination is a OwnerOverride enum value
+	OwnerOverrideDestination = "Destination"
+)
+
+// OwnerOverride_Values returns all elements of the OwnerOverride enum
+func OwnerOverride_Values() []string {
+	return []string{
+		OwnerOverrideDestination,
+	}
+}
+
+const (
+	// PayerRequester is a Payer enum value
+	PayerRequester = "Requester"
+
+	// PayerBucketOwner is a Payer enum value
+	PayerBucketOwner = "BucketOwner"
+)
+
+// Payer_Values returns all elements of the Payer enum
+func Payer_Values() []string {
+	return []string{
+		PayerRequester,
+		PayerBucketOwner,
+	}
+}
+
+const (
+	// PermissionFullControl is a Permission enum value
+	PermissionFullControl = "FULL_CONTROL"
+
+	// PermissionWrite is a Permission enum value
+	PermissionWrite = "WRITE"
+
+	// PermissionWriteAcp is a Permission enum value
+	PermissionWriteAcp = "WRITE_ACP"
+
+	// PermissionRead is a Permission enum value
+	PermissionRead = "READ"
+
+	// PermissionReadAcp is a Permission enum value
+	PermissionReadAcp = "READ_ACP"
+)
+
+// Permission_Values returns all elements of the Permission enum
+func Permission_Values() []string {
+	return []string{
+		PermissionFullControl,
+		PermissionWrite,
+		PermissionWriteAcp,
+		PermissionRead,
+		PermissionReadAcp,
+	}
+}
+
+const (
+	// ProtocolHttp is a Protocol enum value
+	ProtocolHttp = "http"
+
+	// ProtocolHttps is a Protocol enum value
+	ProtocolHttps = "https"
+)
+
+// Protocol_Values returns all elements of the Protocol enum
+func Protocol_Values() []string {
+	return []string{
+		ProtocolHttp,
+		ProtocolHttps,
+	}
+}
+
+const (
+	// QuoteFieldsAlways is a QuoteFields enum value
+	QuoteFieldsAlways = "ALWAYS"
+
+	// QuoteFieldsAsneeded is a QuoteFields enum value
+	QuoteFieldsAsneeded = "ASNEEDED"
+)
+
+// QuoteFields_Values returns all elements of the QuoteFields enum
+func QuoteFields_Values() []string {
+	return []string{
+		QuoteFieldsAlways,
+		QuoteFieldsAsneeded,
+	}
+}
+
+const (
+	// ReplicaModificationsStatusEnabled is a ReplicaModificationsStatus enum value
+	ReplicaModificationsStatusEnabled = "Enabled"
+
+	// ReplicaModificationsStatusDisabled is a ReplicaModificationsStatus enum value
+	ReplicaModificationsStatusDisabled = "Disabled"
+)
+
+// ReplicaModificationsStatus_Values returns all elements of the ReplicaModificationsStatus enum
+func ReplicaModificationsStatus_Values() []string {
+	return []string{
+		ReplicaModificationsStatusEnabled,
+		ReplicaModificationsStatusDisabled,
+	}
+}
+
+const (
+	// ReplicationRuleStatusEnabled is a ReplicationRuleStatus enum value
+	ReplicationRuleStatusEnabled = "Enabled"
+
+	// ReplicationRuleStatusDisabled is a ReplicationRuleStatus enum value
+	ReplicationRuleStatusDisabled = "Disabled"
+)
+
+// ReplicationRuleStatus_Values returns all elements of the ReplicationRuleStatus enum
+func ReplicationRuleStatus_Values() []string {
+	return []string{
+		ReplicationRuleStatusEnabled,
+		ReplicationRuleStatusDisabled,
+	}
+}
+
+const (
+	// ReplicationStatusComplete is a ReplicationStatus enum value
+	ReplicationStatusComplete = "COMPLETE"
+
+	// ReplicationStatusPending is a ReplicationStatus enum value
+	ReplicationStatusPending = "PENDING"
+
+	// ReplicationStatusFailed is a ReplicationStatus enum value
+	ReplicationStatusFailed = "FAILED"
+
+	// ReplicationStatusReplica is a ReplicationStatus enum value
+	ReplicationStatusReplica = "REPLICA"
+)
+
+// ReplicationStatus_Values returns all elements of the ReplicationStatus enum
+func ReplicationStatus_Values() []string {
+	return []string{
+		ReplicationStatusComplete,
+		ReplicationStatusPending,
+		ReplicationStatusFailed,
+		ReplicationStatusReplica,
+	}
+}
+
+const (
+	// ReplicationTimeStatusEnabled is a ReplicationTimeStatus enum value
+	ReplicationTimeStatusEnabled = "Enabled"
+
+	// ReplicationTimeStatusDisabled is a ReplicationTimeStatus enum value
+	ReplicationTimeStatusDisabled = "Disabled"
+)
+
+// ReplicationTimeStatus_Values returns all elements of the ReplicationTimeStatus enum
+func ReplicationTimeStatus_Values() []string {
+	return []string{
+		ReplicationTimeStatusEnabled,
+		ReplicationTimeStatusDisabled,
+	}
+}
+
+// If present, indicates that the requester was successfully charged for the
+// request.
+const (
+	// RequestChargedRequester is a RequestCharged enum value
+	RequestChargedRequester = "requester"
+)
+
+// RequestCharged_Values returns all elements of the RequestCharged enum
+func RequestCharged_Values() []string {
+	return []string{
+		RequestChargedRequester,
+	}
+}
+
+// Confirms that the requester knows that they will be charged for the request.
+// Bucket owners need not specify this parameter in their requests. For information
+// about downloading objects from Requester Pays buckets, see Downloading Objects
+// in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
+// in the Amazon S3 User Guide.
+const (
+	// RequestPayerRequester is a RequestPayer enum value
+	RequestPayerRequester = "requester"
+)
+
+// RequestPayer_Values returns all elements of the RequestPayer enum
+func RequestPayer_Values() []string {
+	return []string{
+		RequestPayerRequester,
+	}
+}
+
+const (
+	// RestoreRequestTypeSelect is a RestoreRequestType enum value
+	RestoreRequestTypeSelect = "SELECT"
+)
+
+// RestoreRequestType_Values returns all elements of the RestoreRequestType enum
+func RestoreRequestType_Values() []string {
+	return []string{
+		RestoreRequestTypeSelect,
+	}
+}
+
+const (
+	// ServerSideEncryptionAes256 is a ServerSideEncryption enum value
+	ServerSideEncryptionAes256 = "AES256"
+
+	// ServerSideEncryptionAwsKms is a ServerSideEncryption enum value
+	ServerSideEncryptionAwsKms = "aws:kms"
+
+	// ServerSideEncryptionAwsKmsDsse is a ServerSideEncryption enum value
+	ServerSideEncryptionAwsKmsDsse = "aws:kms:dsse"
+)
+
+// ServerSideEncryption_Values returns all elements of the ServerSideEncryption enum
+func ServerSideEncryption_Values() []string {
+	return []string{
+		ServerSideEncryptionAes256,
+		ServerSideEncryptionAwsKms,
+		ServerSideEncryptionAwsKmsDsse,
+	}
+}
+
+const (
+	// SseKmsEncryptedObjectsStatusEnabled is a SseKmsEncryptedObjectsStatus enum value
+	SseKmsEncryptedObjectsStatusEnabled = "Enabled"
+
+	// SseKmsEncryptedObjectsStatusDisabled is a SseKmsEncryptedObjectsStatus enum value
+	SseKmsEncryptedObjectsStatusDisabled = "Disabled"
+)
+
+// SseKmsEncryptedObjectsStatus_Values returns all elements of the SseKmsEncryptedObjectsStatus enum
+func SseKmsEncryptedObjectsStatus_Values() []string {
+	return []string{
+		SseKmsEncryptedObjectsStatusEnabled,
+		SseKmsEncryptedObjectsStatusDisabled,
+	}
+}
+
+const (
+	// StorageClassStandard is a StorageClass enum value
+	StorageClassStandard = "STANDARD"
+
+	// StorageClassReducedRedundancy is a StorageClass enum value
+	StorageClassReducedRedundancy = "REDUCED_REDUNDANCY"
+
+	// StorageClassStandardIa is a StorageClass enum value
+	StorageClassStandardIa = "STANDARD_IA"
+
+	// StorageClassOnezoneIa is a StorageClass enum value
+	StorageClassOnezoneIa = "ONEZONE_IA"
+
+	// StorageClassIntelligentTiering is a StorageClass enum value
+	StorageClassIntelligentTiering = "INTELLIGENT_TIERING"
+
+	// StorageClassGlacier is a StorageClass enum value
+	StorageClassGlacier = "GLACIER"
+
+	// StorageClassDeepArchive is a StorageClass enum value
+	StorageClassDeepArchive = "DEEP_ARCHIVE"
+
+	// StorageClassOutposts is a StorageClass enum value
+	StorageClassOutposts = "OUTPOSTS"
+
+	// StorageClassGlacierIr is a StorageClass enum value
+	StorageClassGlacierIr = "GLACIER_IR"
+
+	// StorageClassSnow is a StorageClass enum value
+	StorageClassSnow = "SNOW"
+)
+
+// StorageClass_Values returns all elements of the StorageClass enum
+func StorageClass_Values() []string {
+	return []string{
+		StorageClassStandard,
+		StorageClassReducedRedundancy,
+		StorageClassStandardIa,
+		StorageClassOnezoneIa,
+		StorageClassIntelligentTiering,
+		StorageClassGlacier,
+		StorageClassDeepArchive,
+		StorageClassOutposts,
+		StorageClassGlacierIr,
+		StorageClassSnow,
+	}
+}
+
+const (
+	// StorageClassAnalysisSchemaVersionV1 is a StorageClassAnalysisSchemaVersion enum value
+	StorageClassAnalysisSchemaVersionV1 = "V_1"
+)
+
+// StorageClassAnalysisSchemaVersion_Values returns all elements of the StorageClassAnalysisSchemaVersion enum
+func StorageClassAnalysisSchemaVersion_Values() []string {
+	return []string{
+		StorageClassAnalysisSchemaVersionV1,
+	}
+}
+
+const (
+	// TaggingDirectiveCopy is a TaggingDirective enum value
+	TaggingDirectiveCopy = "COPY"
+
+	// TaggingDirectiveReplace is a TaggingDirective enum value
+	TaggingDirectiveReplace = "REPLACE"
+)
+
+// TaggingDirective_Values returns all elements of the TaggingDirective enum
+func TaggingDirective_Values() []string {
+	return []string{
+		TaggingDirectiveCopy,
+		TaggingDirectiveReplace,
+	}
+}
+
+const (
+	// TierStandard is a Tier enum value
+	TierStandard = "Standard"
+
+	// TierBulk is a Tier enum value
+	TierBulk = "Bulk"
+
+	// TierExpedited is a Tier enum value
+	TierExpedited = "Expedited"
+)
+
+// Tier_Values returns all elements of the Tier enum
+func Tier_Values() []string {
+	return []string{
+		TierStandard,
+		TierBulk,
+		TierExpedited,
+	}
+}
+
+const (
+	// TransitionStorageClassGlacier is a TransitionStorageClass enum value
+	TransitionStorageClassGlacier = "GLACIER"
+
+	// TransitionStorageClassStandardIa is a TransitionStorageClass enum value
+	TransitionStorageClassStandardIa = "STANDARD_IA"
+
+	// TransitionStorageClassOnezoneIa is a TransitionStorageClass enum value
+	TransitionStorageClassOnezoneIa = "ONEZONE_IA"
+
+	// TransitionStorageClassIntelligentTiering is a TransitionStorageClass enum value
+	TransitionStorageClassIntelligentTiering = "INTELLIGENT_TIERING"
+
+	// TransitionStorageClassDeepArchive is a TransitionStorageClass enum value
+	TransitionStorageClassDeepArchive = "DEEP_ARCHIVE"
+
+	// TransitionStorageClassGlacierIr is a TransitionStorageClass enum value
+	TransitionStorageClassGlacierIr = "GLACIER_IR"
+)
+
+// TransitionStorageClass_Values returns all elements of the TransitionStorageClass enum
+func TransitionStorageClass_Values() []string {
+	return []string{
+		TransitionStorageClassGlacier,
+		TransitionStorageClassStandardIa,
+		TransitionStorageClassOnezoneIa,
+		TransitionStorageClassIntelligentTiering,
+		TransitionStorageClassDeepArchive,
+		TransitionStorageClassGlacierIr,
+	}
+}
+
+const (
+	// TypeCanonicalUser is a Type enum value
+	TypeCanonicalUser = "CanonicalUser"
+
+	// TypeAmazonCustomerByEmail is a Type enum value
+	TypeAmazonCustomerByEmail = "AmazonCustomerByEmail"
+
+	// TypeGroup is a Type enum value
+	TypeGroup = "Group"
+)
+
+// Type_Values returns all elements of the Type enum
+func Type_Values() []string {
+	return []string{
+		TypeCanonicalUser,
+		TypeAmazonCustomerByEmail,
+		TypeGroup,
+	}
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/body_hash.go b/vendor/github.com/aws/aws-sdk-go/service/s3/body_hash.go
new file mode 100644
index 000000000..407f06b6e
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/service/s3/body_hash.go
@@ -0,0 +1,202 @@
+package s3
+
+import (
+	"bytes"
+	"crypto/md5"
+	"crypto/sha256"
+	"encoding/base64"
+	"encoding/hex"
+	"fmt"
+	"hash"
+	"io"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/awserr"
+	"github.com/aws/aws-sdk-go/aws/request"
+)
+
+const (
+	contentMD5Header    = "Content-Md5"
+	contentSha256Header = "X-Amz-Content-Sha256"
+	amzTeHeader         = "X-Amz-Te"
+	amzTxEncodingHeader = "X-Amz-Transfer-Encoding"
+
+	appendMD5TxEncoding = "append-md5"
+)
+
+// computeBodyHashes will add Content MD5 and Content Sha256 hashes to the
+// request. If the body is not seekable or S3DisableContentMD5Validation set
+// this handler will be ignored.
+func computeBodyHashes(r *request.Request) {
+	if aws.BoolValue(r.Config.S3DisableContentMD5Validation) {
+		return
+	}
+	if r.IsPresigned() {
+		return
+	}
+	if r.Error != nil || !aws.IsReaderSeekable(r.Body) {
+		return
+	}
+
+	var md5Hash, sha256Hash hash.Hash
+	hashers := make([]io.Writer, 0, 2)
+
+	// Determine upfront which hashes can be set without overriding user
+	// provide header data.
+	if v := r.HTTPRequest.Header.Get(contentMD5Header); len(v) == 0 {
+		md5Hash = md5.New()
+		hashers = append(hashers, md5Hash)
+	}
+
+	if v := r.HTTPRequest.Header.Get(contentSha256Header); len(v) == 0 {
+		sha256Hash = sha256.New()
+		hashers = append(hashers, sha256Hash)
+	}
+
+	// Create the destination writer based on the hashes that are not already
+	// provided by the user.
+	var dst io.Writer
+	switch len(hashers) {
+	case 0:
+		return
+	case 1:
+		dst = hashers[0]
+	default:
+		dst = io.MultiWriter(hashers...)
+	}
+
+	if _, err := aws.CopySeekableBody(dst, r.Body); err != nil {
+		r.Error = awserr.New("BodyHashError", "failed to compute body hashes", err)
+		return
+	}
+
+	// For the hashes created, set the associated headers that the user did not
+	// already provide.
+	if md5Hash != nil {
+		sum := make([]byte, md5.Size)
+		encoded := make([]byte, md5Base64EncLen)
+
+		base64.StdEncoding.Encode(encoded, md5Hash.Sum(sum[0:0]))
+		r.HTTPRequest.Header[contentMD5Header] = []string{string(encoded)}
+	}
+
+	if sha256Hash != nil {
+		encoded := make([]byte, sha256HexEncLen)
+		sum := make([]byte, sha256.Size)
+
+		hex.Encode(encoded, sha256Hash.Sum(sum[0:0]))
+		r.HTTPRequest.Header[contentSha256Header] = []string{string(encoded)}
+	}
+}
+
+const (
+	md5Base64EncLen = (md5.Size + 2) / 3 * 4 // base64.StdEncoding.EncodedLen
+	sha256HexEncLen = sha256.Size * 2        // hex.EncodedLen
+)
+
+// Adds the x-amz-te: append_md5 header to the request. This requests the service
+// responds with a trailing MD5 checksum.
+//
+// Will not ask for append MD5 if disabled, the request is presigned or,
+// or the API operation does not support content MD5 validation.
+func askForTxEncodingAppendMD5(r *request.Request) {
+	if aws.BoolValue(r.Config.S3DisableContentMD5Validation) {
+		return
+	}
+	if r.IsPresigned() {
+		return
+	}
+	r.HTTPRequest.Header.Set(amzTeHeader, appendMD5TxEncoding)
+}
+
+func useMD5ValidationReader(r *request.Request) {
+	if r.Error != nil {
+		return
+	}
+
+	if v := r.HTTPResponse.Header.Get(amzTxEncodingHeader); v != appendMD5TxEncoding {
+		return
+	}
+
+	var bodyReader *io.ReadCloser
+	var contentLen int64
+	switch tv := r.Data.(type) {
+	case *GetObjectOutput:
+		bodyReader = &tv.Body
+		contentLen = aws.Int64Value(tv.ContentLength)
+		// Update ContentLength hiden the trailing MD5 checksum.
+		tv.ContentLength = aws.Int64(contentLen - md5.Size)
+		tv.ContentRange = aws.String(r.HTTPResponse.Header.Get("X-Amz-Content-Range"))
+	default:
+		r.Error = awserr.New("ChecksumValidationError",
+			fmt.Sprintf("%s: %s header received on unsupported API, %s",
+				amzTxEncodingHeader, appendMD5TxEncoding, r.Operation.Name,
+			), nil)
+		return
+	}
+
+	if contentLen < md5.Size {
+		r.Error = awserr.New("ChecksumValidationError",
+			fmt.Sprintf("invalid Content-Length %d for %s %s",
+				contentLen, appendMD5TxEncoding, amzTxEncodingHeader,
+			), nil)
+		return
+	}
+
+	// Wrap and swap the response body reader with the validation reader.
+	*bodyReader = newMD5ValidationReader(*bodyReader, contentLen-md5.Size)
+}
+
+type md5ValidationReader struct {
+	rawReader io.ReadCloser
+	payload   io.Reader
+	hash      hash.Hash
+
+	payloadLen int64
+	read       int64
+}
+
+func newMD5ValidationReader(reader io.ReadCloser, payloadLen int64) *md5ValidationReader {
+	h := md5.New()
+	return &md5ValidationReader{
+		rawReader:  reader,
+		payload:    io.TeeReader(&io.LimitedReader{R: reader, N: payloadLen}, h),
+		hash:       h,
+		payloadLen: payloadLen,
+	}
+}
+
+func (v *md5ValidationReader) Read(p []byte) (n int, err error) {
+	n, err = v.payload.Read(p)
+	if err != nil && err != io.EOF {
+		return n, err
+	}
+
+	v.read += int64(n)
+
+	if err == io.EOF {
+		if v.read != v.payloadLen {
+			return n, io.ErrUnexpectedEOF
+		}
+		expectSum := make([]byte, md5.Size)
+		actualSum := make([]byte, md5.Size)
+		if _, sumReadErr := io.ReadFull(v.rawReader, expectSum); sumReadErr != nil {
+			return n, sumReadErr
+		}
+		actualSum = v.hash.Sum(actualSum[0:0])
+		if !bytes.Equal(expectSum, actualSum) {
+			return n, awserr.New("InvalidChecksum",
+				fmt.Sprintf("expected MD5 checksum %s, got %s",
+					hex.EncodeToString(expectSum),
+					hex.EncodeToString(actualSum),
+				),
+				nil)
+		}
+	}
+
+	return n, err
+}
+
+func (v *md5ValidationReader) Close() error {
+	return v.rawReader.Close()
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/bucket_location.go b/vendor/github.com/aws/aws-sdk-go/service/s3/bucket_location.go
new file mode 100644
index 000000000..20828387e
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/service/s3/bucket_location.go
@@ -0,0 +1,107 @@
+package s3
+
+import (
+	"io/ioutil"
+	"regexp"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/awserr"
+	"github.com/aws/aws-sdk-go/aws/awsutil"
+	"github.com/aws/aws-sdk-go/aws/request"
+)
+
+var reBucketLocation = regexp.MustCompile(`>([^<>]+)<\/Location`)
+
+// NormalizeBucketLocation is a utility function which will update the
+// passed in value to always be a region ID. Generally this would be used
+// with GetBucketLocation API operation.
+//
+// Replaces empty string with "us-east-1", and "EU" with "eu-west-1".
+//
+// See http://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketGETlocation.html
+// for more information on the values that can be returned.
+func NormalizeBucketLocation(loc string) string {
+	switch loc {
+	case "":
+		loc = "us-east-1"
+	case "EU":
+		loc = "eu-west-1"
+	}
+
+	return loc
+}
+
+// NormalizeBucketLocationHandler is a request handler which will update the
+// GetBucketLocation's result LocationConstraint value to always be a region ID.
+//
+// Replaces empty string with "us-east-1", and "EU" with "eu-west-1".
+//
+// See http://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketGETlocation.html
+// for more information on the values that can be returned.
+//
+//	req, result := svc.GetBucketLocationRequest(&s3.GetBucketLocationInput{
+//	    Bucket: aws.String(bucket),
+//	})
+//	req.Handlers.Unmarshal.PushBackNamed(NormalizeBucketLocationHandler)
+//	err := req.Send()
+var NormalizeBucketLocationHandler = request.NamedHandler{
+	Name: "awssdk.s3.NormalizeBucketLocation",
+	Fn: func(req *request.Request) {
+		if req.Error != nil {
+			return
+		}
+
+		out := req.Data.(*GetBucketLocationOutput)
+		loc := NormalizeBucketLocation(aws.StringValue(out.LocationConstraint))
+		out.LocationConstraint = aws.String(loc)
+	},
+}
+
+// WithNormalizeBucketLocation is a request option which will update the
+// GetBucketLocation's result LocationConstraint value to always be a region ID.
+//
+// Replaces empty string with "us-east-1", and "EU" with "eu-west-1".
+//
+// See http://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketGETlocation.html
+// for more information on the values that can be returned.
+//
+//	result, err := svc.GetBucketLocationWithContext(ctx,
+//	    &s3.GetBucketLocationInput{
+//	        Bucket: aws.String(bucket),
+//	    },
+//	    s3.WithNormalizeBucketLocation,
+//	)
+func WithNormalizeBucketLocation(r *request.Request) {
+	r.Handlers.Unmarshal.PushBackNamed(NormalizeBucketLocationHandler)
+}
+
+func buildGetBucketLocation(r *request.Request) {
+	if r.DataFilled() {
+		out := r.Data.(*GetBucketLocationOutput)
+		b, err := ioutil.ReadAll(r.HTTPResponse.Body)
+		if err != nil {
+			r.Error = awserr.New(request.ErrCodeSerialization,
+				"failed reading response body", err)
+			return
+		}
+
+		match := reBucketLocation.FindSubmatch(b)
+		if len(match) > 1 {
+			loc := string(match[1])
+			out.LocationConstraint = aws.String(loc)
+		}
+	}
+}
+
+func populateLocationConstraint(r *request.Request) {
+	if r.ParamsFilled() && aws.StringValue(r.Config.Region) != "us-east-1" {
+		in := r.Params.(*CreateBucketInput)
+		if in.CreateBucketConfiguration == nil {
+			r.Params = awsutil.CopyOf(r.Params)
+			in = r.Params.(*CreateBucketInput)
+			in.CreateBucketConfiguration = &CreateBucketConfiguration{
+				LocationConstraint: r.Config.Region,
+			}
+		}
+	}
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/customizations.go b/vendor/github.com/aws/aws-sdk-go/service/s3/customizations.go
new file mode 100644
index 000000000..229606b70
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/service/s3/customizations.go
@@ -0,0 +1,89 @@
+package s3
+
+import (
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/client"
+	"github.com/aws/aws-sdk-go/aws/endpoints"
+	"github.com/aws/aws-sdk-go/aws/request"
+	"github.com/aws/aws-sdk-go/internal/s3shared/arn"
+	"github.com/aws/aws-sdk-go/internal/s3shared/s3err"
+)
+
+func init() {
+	initClient = defaultInitClientFn
+	initRequest = defaultInitRequestFn
+}
+
+func defaultInitClientFn(c *client.Client) {
+	if c.Config.UseDualStackEndpoint == endpoints.DualStackEndpointStateUnset {
+		if aws.BoolValue(c.Config.UseDualStack) {
+			c.Config.UseDualStackEndpoint = endpoints.DualStackEndpointStateEnabled
+		} else {
+			c.Config.UseDualStackEndpoint = endpoints.DualStackEndpointStateDisabled
+		}
+	}
+
+	// Support building custom endpoints based on config
+	c.Handlers.Build.PushFront(endpointHandler)
+
+	// Require SSL when using SSE keys
+	c.Handlers.Validate.PushBack(validateSSERequiresSSL)
+	c.Handlers.Build.PushBack(computeSSEKeyMD5)
+	c.Handlers.Build.PushBack(computeCopySourceSSEKeyMD5)
+
+	// S3 uses custom error unmarshaling logic
+	c.Handlers.UnmarshalError.Clear()
+	c.Handlers.UnmarshalError.PushBack(unmarshalError)
+	c.Handlers.UnmarshalError.PushBackNamed(s3err.RequestFailureWrapperHandler())
+}
+
+func defaultInitRequestFn(r *request.Request) {
+	// Add request handlers for specific platforms.
+	// e.g. 100-continue support for PUT requests using Go 1.6
+	platformRequestHandlers(r)
+
+	switch r.Operation.Name {
+	case opGetBucketLocation:
+		// GetBucketLocation has custom parsing logic
+		r.Handlers.Unmarshal.PushFront(buildGetBucketLocation)
+	case opCreateBucket:
+		// Auto-populate LocationConstraint with current region
+		r.Handlers.Validate.PushFront(populateLocationConstraint)
+	case opCopyObject, opUploadPartCopy, opCompleteMultipartUpload:
+		r.Handlers.Unmarshal.PushFront(copyMultipartStatusOKUnmarshalError)
+		r.Handlers.Unmarshal.PushBackNamed(s3err.RequestFailureWrapperHandler())
+	case opPutObject, opUploadPart:
+		r.Handlers.Build.PushBack(computeBodyHashes)
+		// Disabled until #1837 root issue is resolved.
+		//	case opGetObject:
+		//		r.Handlers.Build.PushBack(askForTxEncodingAppendMD5)
+		//		r.Handlers.Unmarshal.PushBack(useMD5ValidationReader)
+	case opWriteGetObjectResponse:
+		r.Handlers.Build.PushFront(buildWriteGetObjectResponseEndpoint)
+	}
+}
+
+// bucketGetter is an accessor interface to grab the "Bucket" field from
+// an S3 type.
+type bucketGetter interface {
+	getBucket() string
+}
+
+// sseCustomerKeyGetter is an accessor interface to grab the "SSECustomerKey"
+// field from an S3 type.
+type sseCustomerKeyGetter interface {
+	getSSECustomerKey() string
+}
+
+// copySourceSSECustomerKeyGetter is an accessor interface to grab the
+// "CopySourceSSECustomerKey" field from an S3 type.
+type copySourceSSECustomerKeyGetter interface {
+	getCopySourceSSECustomerKey() string
+}
+
+// endpointARNGetter is an accessor interface to grab the
+// the field corresponding to an endpoint ARN input.
+type endpointARNGetter interface {
+	getEndpointARN() (arn.Resource, error)
+	hasEndpointARN() bool
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/doc.go b/vendor/github.com/aws/aws-sdk-go/service/s3/doc.go
new file mode 100644
index 000000000..c148f757e
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/service/s3/doc.go
@@ -0,0 +1,26 @@
+// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
+
+// Package s3 provides the client and types for making API
+// requests to Amazon Simple Storage Service.
+//
+// See https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01 for more information on this service.
+//
+// See s3 package documentation for more information.
+// https://docs.aws.amazon.com/sdk-for-go/api/service/s3/
+//
+// # Using the Client
+//
+// To contact Amazon Simple Storage Service with the SDK use the New function to create
+// a new service client. With that client you can make API requests to the service.
+// These clients are safe to use concurrently.
+//
+// See the SDK's documentation for more information on how to use the SDK.
+// https://docs.aws.amazon.com/sdk-for-go/api/
+//
+// See aws.Config documentation for more information on configuring SDK clients.
+// https://docs.aws.amazon.com/sdk-for-go/api/aws/#Config
+//
+// See the Amazon Simple Storage Service client S3 for more
+// information on creating client for this service.
+// https://docs.aws.amazon.com/sdk-for-go/api/service/s3/#New
+package s3
diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/doc_custom.go b/vendor/github.com/aws/aws-sdk-go/service/s3/doc_custom.go
new file mode 100644
index 000000000..2e8244f8f
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/service/s3/doc_custom.go
@@ -0,0 +1,109 @@
+// Upload Managers
+//
+// The s3manager package's Uploader provides concurrent upload of content to S3
+// by taking advantage of S3's Multipart APIs. The Uploader also supports both
+// io.Reader for streaming uploads, and will also take advantage of io.ReadSeeker
+// for optimizations if the Body satisfies that type. Once the Uploader instance
+// is created you can call Upload concurrently from multiple goroutines safely.
+//
+//	// The session the S3 Uploader will use
+//	sess := session.Must(session.NewSession())
+//
+//	// Create an uploader with the session and default options
+//	uploader := s3manager.NewUploader(sess)
+//
+//	f, err  := os.Open(filename)
+//	if err != nil {
+//	    return fmt.Errorf("failed to open file %q, %v", filename, err)
+//	}
+//
+//	// Upload the file to S3.
+//	result, err := uploader.Upload(&s3manager.UploadInput{
+//	    Bucket: aws.String(myBucket),
+//	    Key:    aws.String(myString),
+//	    Body:   f,
+//	})
+//	if err != nil {
+//	    return fmt.Errorf("failed to upload file, %v", err)
+//	}
+//	fmt.Printf("file uploaded to, %s\n", aws.StringValue(result.Location))
+//
+// See the s3manager package's Uploader type documentation for more information.
+// https://docs.aws.amazon.com/sdk-for-go/api/service/s3/s3manager/#Uploader
+//
+// # Download Manager
+//
+// The s3manager package's Downloader provides concurrently downloading of Objects
+// from S3. The Downloader will write S3 Object content with an io.WriterAt.
+// Once the Downloader instance is created you can call Download concurrently from
+// multiple goroutines safely.
+//
+//	// The session the S3 Downloader will use
+//	sess := session.Must(session.NewSession())
+//
+//	// Create a downloader with the session and default options
+//	downloader := s3manager.NewDownloader(sess)
+//
+//	// Create a file to write the S3 Object contents to.
+//	f, err := os.Create(filename)
+//	if err != nil {
+//	    return fmt.Errorf("failed to create file %q, %v", filename, err)
+//	}
+//
+//	// Write the contents of S3 Object to the file
+//	n, err := downloader.Download(f, &s3.GetObjectInput{
+//	    Bucket: aws.String(myBucket),
+//	    Key:    aws.String(myString),
+//	})
+//	if err != nil {
+//	    return fmt.Errorf("failed to download file, %v", err)
+//	}
+//	fmt.Printf("file downloaded, %d bytes\n", n)
+//
+// See the s3manager package's Downloader type documentation for more information.
+// https://docs.aws.amazon.com/sdk-for-go/api/service/s3/s3manager/#Downloader
+//
+// # Automatic URI cleaning
+//
+// Interacting with objects whose keys contain adjacent slashes (e.g. bucketname/foo//bar/objectname)
+// requires setting DisableRestProtocolURICleaning to true in the aws.Config struct
+// used by the service client.
+//
+//	svc := s3.New(sess, &aws.Config{
+//	   	DisableRestProtocolURICleaning: aws.Bool(true),
+//	})
+//	out, err := svc.GetObject(&s3.GetObjectInput {
+//	   	Bucket: aws.String("bucketname"),
+//	    	Key: aws.String("//foo//bar//moo"),
+//	})
+//
+// # Get Bucket Region
+//
+// GetBucketRegion will attempt to get the region for a bucket using a region
+// hint to determine which AWS partition to perform the query on. Use this utility
+// to determine the region a bucket is in.
+//
+//	sess := session.Must(session.NewSession())
+//
+//	bucket := "my-bucket"
+//	region, err := s3manager.GetBucketRegion(ctx, sess, bucket, "us-west-2")
+//	if err != nil {
+//	    if aerr, ok := err.(awserr.Error); ok && aerr.Code() == "NotFound" {
+//	         fmt.Fprintf(os.Stderr, "unable to find bucket %s's region not found\n", bucket)
+//	    }
+//	    return err
+//	}
+//	fmt.Printf("Bucket %s is in %s region\n", bucket, region)
+//
+// See the s3manager package's GetBucketRegion function documentation for more information
+// https://docs.aws.amazon.com/sdk-for-go/api/service/s3/s3manager/#GetBucketRegion
+//
+// # S3 Crypto Client
+//
+// The s3crypto package provides the tools to upload and download encrypted
+// content from S3. The Encryption and Decryption clients can be used concurrently
+// once the client is created.
+//
+// See the s3crypto package documentation for more information.
+// https://docs.aws.amazon.com/sdk-for-go/api/service/s3/s3crypto/
+package s3
diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/endpoint.go b/vendor/github.com/aws/aws-sdk-go/service/s3/endpoint.go
new file mode 100644
index 000000000..71b438692
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/service/s3/endpoint.go
@@ -0,0 +1,298 @@
+package s3
+
+import (
+	"fmt"
+	"github.com/aws/aws-sdk-go/aws/awserr"
+	"github.com/aws/aws-sdk-go/aws/endpoints"
+	"net/url"
+	"strings"
+
+	"github.com/aws/aws-sdk-go/aws"
+	awsarn "github.com/aws/aws-sdk-go/aws/arn"
+	"github.com/aws/aws-sdk-go/aws/request"
+	"github.com/aws/aws-sdk-go/internal/s3shared"
+	"github.com/aws/aws-sdk-go/internal/s3shared/arn"
+)
+
+const (
+	s3Namespace              = "s3"
+	s3AccessPointNamespace   = "s3-accesspoint"
+	s3ObjectsLambdaNamespace = "s3-object-lambda"
+	s3OutpostsNamespace      = "s3-outposts"
+)
+
+// Used by shapes with members decorated as endpoint ARN.
+func parseEndpointARN(v string) (arn.Resource, error) {
+	return arn.ParseResource(v, accessPointResourceParser)
+}
+
+func accessPointResourceParser(a awsarn.ARN) (arn.Resource, error) {
+	resParts := arn.SplitResource(a.Resource)
+	switch resParts[0] {
+	case "accesspoint":
+		switch a.Service {
+		case s3Namespace:
+			return arn.ParseAccessPointResource(a, resParts[1:])
+		case s3ObjectsLambdaNamespace:
+			return parseS3ObjectLambdaAccessPointResource(a, resParts)
+		default:
+			return arn.AccessPointARN{}, arn.InvalidARNError{ARN: a, Reason: fmt.Sprintf("service is not %s or %s", s3Namespace, s3ObjectsLambdaNamespace)}
+		}
+	case "outpost":
+		if a.Service != "s3-outposts" {
+			return arn.OutpostAccessPointARN{}, arn.InvalidARNError{ARN: a, Reason: "service is not s3-outposts"}
+		}
+		return parseOutpostAccessPointResource(a, resParts[1:])
+	default:
+		return nil, arn.InvalidARNError{ARN: a, Reason: "unknown resource type"}
+	}
+}
+
+// parseOutpostAccessPointResource attempts to parse the ARNs resource as an
+// outpost access-point resource.
+//
+// Supported Outpost AccessPoint ARN format:
+//   - ARN format: arn:{partition}:s3-outposts:{region}:{accountId}:outpost/{outpostId}/accesspoint/{accesspointName}
+//   - example: arn:aws:s3-outposts:us-west-2:012345678901:outpost/op-1234567890123456/accesspoint/myaccesspoint
+func parseOutpostAccessPointResource(a awsarn.ARN, resParts []string) (arn.OutpostAccessPointARN, error) {
+	// outpost accesspoint arn is only valid if service is s3-outposts
+	if a.Service != "s3-outposts" {
+		return arn.OutpostAccessPointARN{}, arn.InvalidARNError{ARN: a, Reason: "service is not s3-outposts"}
+	}
+
+	if len(resParts) == 0 {
+		return arn.OutpostAccessPointARN{}, arn.InvalidARNError{ARN: a, Reason: "outpost resource-id not set"}
+	}
+
+	if len(resParts) < 3 {
+		return arn.OutpostAccessPointARN{}, arn.InvalidARNError{
+			ARN: a, Reason: "access-point resource not set in Outpost ARN",
+		}
+	}
+
+	resID := strings.TrimSpace(resParts[0])
+	if len(resID) == 0 {
+		return arn.OutpostAccessPointARN{}, arn.InvalidARNError{ARN: a, Reason: "outpost resource-id not set"}
+	}
+
+	var outpostAccessPointARN = arn.OutpostAccessPointARN{}
+	switch resParts[1] {
+	case "accesspoint":
+		accessPointARN, err := arn.ParseAccessPointResource(a, resParts[2:])
+		if err != nil {
+			return arn.OutpostAccessPointARN{}, err
+		}
+		// set access-point arn
+		outpostAccessPointARN.AccessPointARN = accessPointARN
+	default:
+		return arn.OutpostAccessPointARN{}, arn.InvalidARNError{ARN: a, Reason: "access-point resource not set in Outpost ARN"}
+	}
+
+	// set outpost id
+	outpostAccessPointARN.OutpostID = resID
+	return outpostAccessPointARN, nil
+}
+
+func parseS3ObjectLambdaAccessPointResource(a awsarn.ARN, resParts []string) (arn.S3ObjectLambdaAccessPointARN, error) {
+	if a.Service != s3ObjectsLambdaNamespace {
+		return arn.S3ObjectLambdaAccessPointARN{}, arn.InvalidARNError{ARN: a, Reason: fmt.Sprintf("service is not %s", s3ObjectsLambdaNamespace)}
+	}
+
+	accessPointARN, err := arn.ParseAccessPointResource(a, resParts[1:])
+	if err != nil {
+		return arn.S3ObjectLambdaAccessPointARN{}, err
+	}
+
+	if len(accessPointARN.Region) == 0 {
+		return arn.S3ObjectLambdaAccessPointARN{}, arn.InvalidARNError{ARN: a, Reason: fmt.Sprintf("%s region not set", s3ObjectsLambdaNamespace)}
+	}
+
+	return arn.S3ObjectLambdaAccessPointARN{
+		AccessPointARN: accessPointARN,
+	}, nil
+}
+
+func endpointHandler(req *request.Request) {
+	endpoint, ok := req.Params.(endpointARNGetter)
+	if !ok || !endpoint.hasEndpointARN() {
+		updateBucketEndpointFromParams(req)
+		return
+	}
+
+	resource, err := endpoint.getEndpointARN()
+	if err != nil {
+		req.Error = s3shared.NewInvalidARNError(nil, err)
+		return
+	}
+
+	resReq := s3shared.ResourceRequest{
+		Resource: resource,
+		Request:  req,
+	}
+
+	if len(resReq.Request.ClientInfo.PartitionID) != 0 && resReq.IsCrossPartition() {
+		req.Error = s3shared.NewClientPartitionMismatchError(resource,
+			req.ClientInfo.PartitionID, aws.StringValue(req.Config.Region), nil)
+		return
+	}
+
+	if !resReq.AllowCrossRegion() && resReq.IsCrossRegion() {
+		req.Error = s3shared.NewClientRegionMismatchError(resource,
+			req.ClientInfo.PartitionID, aws.StringValue(req.Config.Region), nil)
+		return
+	}
+
+	switch tv := resource.(type) {
+	case arn.AccessPointARN:
+		err = updateRequestAccessPointEndpoint(req, tv)
+		if err != nil {
+			req.Error = err
+		}
+	case arn.S3ObjectLambdaAccessPointARN:
+		err = updateRequestS3ObjectLambdaAccessPointEndpoint(req, tv)
+		if err != nil {
+			req.Error = err
+		}
+	case arn.OutpostAccessPointARN:
+		// outposts does not support FIPS regions
+		if req.Config.UseFIPSEndpoint == endpoints.FIPSEndpointStateEnabled {
+			req.Error = s3shared.NewFIPSConfigurationError(resource, req.ClientInfo.PartitionID,
+				aws.StringValue(req.Config.Region), nil)
+			return
+		}
+
+		err = updateRequestOutpostAccessPointEndpoint(req, tv)
+		if err != nil {
+			req.Error = err
+		}
+	default:
+		req.Error = s3shared.NewInvalidARNError(resource, nil)
+	}
+}
+
+func updateBucketEndpointFromParams(r *request.Request) {
+	bucket, ok := bucketNameFromReqParams(r.Params)
+	if !ok {
+		// Ignore operation requests if the bucket name was not provided
+		// if this is an input validation error the validation handler
+		// will report it.
+		return
+	}
+	updateEndpointForS3Config(r, bucket)
+}
+
+func updateRequestAccessPointEndpoint(req *request.Request, accessPoint arn.AccessPointARN) error {
+	// Accelerate not supported
+	if aws.BoolValue(req.Config.S3UseAccelerate) {
+		return s3shared.NewClientConfiguredForAccelerateError(accessPoint,
+			req.ClientInfo.PartitionID, aws.StringValue(req.Config.Region), nil)
+	}
+
+	// Ignore the disable host prefix for access points
+	req.Config.DisableEndpointHostPrefix = aws.Bool(false)
+
+	if err := accessPointEndpointBuilder(accessPoint).build(req); err != nil {
+		return err
+	}
+
+	removeBucketFromPath(req.HTTPRequest.URL)
+
+	return nil
+}
+
+func updateRequestS3ObjectLambdaAccessPointEndpoint(req *request.Request, accessPoint arn.S3ObjectLambdaAccessPointARN) error {
+	// DualStack not supported
+	if isUseDualStackEndpoint(req) {
+		return s3shared.NewClientConfiguredForDualStackError(accessPoint,
+			req.ClientInfo.PartitionID, aws.StringValue(req.Config.Region), nil)
+	}
+
+	// Accelerate not supported
+	if aws.BoolValue(req.Config.S3UseAccelerate) {
+		return s3shared.NewClientConfiguredForAccelerateError(accessPoint,
+			req.ClientInfo.PartitionID, aws.StringValue(req.Config.Region), nil)
+	}
+
+	// Ignore the disable host prefix for access points
+	req.Config.DisableEndpointHostPrefix = aws.Bool(false)
+
+	if err := s3ObjectLambdaAccessPointEndpointBuilder(accessPoint).build(req); err != nil {
+		return err
+	}
+
+	removeBucketFromPath(req.HTTPRequest.URL)
+
+	return nil
+}
+
+func updateRequestOutpostAccessPointEndpoint(req *request.Request, accessPoint arn.OutpostAccessPointARN) error {
+	// Accelerate not supported
+	if aws.BoolValue(req.Config.S3UseAccelerate) {
+		return s3shared.NewClientConfiguredForAccelerateError(accessPoint,
+			req.ClientInfo.PartitionID, aws.StringValue(req.Config.Region), nil)
+	}
+
+	// Dualstack not supported
+	if isUseDualStackEndpoint(req) {
+		return s3shared.NewClientConfiguredForDualStackError(accessPoint,
+			req.ClientInfo.PartitionID, aws.StringValue(req.Config.Region), nil)
+	}
+
+	// Ignore the disable host prefix for access points
+	req.Config.DisableEndpointHostPrefix = aws.Bool(false)
+
+	if err := outpostAccessPointEndpointBuilder(accessPoint).build(req); err != nil {
+		return err
+	}
+
+	removeBucketFromPath(req.HTTPRequest.URL)
+	return nil
+}
+
+func removeBucketFromPath(u *url.URL) {
+	u.Path = strings.Replace(u.Path, "/{Bucket}", "", -1)
+	if u.Path == "" {
+		u.Path = "/"
+	}
+}
+
+func buildWriteGetObjectResponseEndpoint(req *request.Request) {
+	// DualStack not supported
+	if isUseDualStackEndpoint(req) {
+		req.Error = awserr.New("ConfigurationError", "client configured for dualstack but not supported for operation", nil)
+		return
+	}
+
+	// Accelerate not supported
+	if aws.BoolValue(req.Config.S3UseAccelerate) {
+		req.Error = awserr.New("ConfigurationError", "client configured for accelerate but not supported for operation", nil)
+		return
+	}
+
+	signingName := s3ObjectsLambdaNamespace
+	signingRegion := req.ClientInfo.SigningRegion
+
+	if !hasCustomEndpoint(req) {
+		endpoint, err := resolveRegionalEndpoint(req, aws.StringValue(req.Config.Region), req.ClientInfo.ResolvedRegion, EndpointsID)
+		if err != nil {
+			req.Error = awserr.New(request.ErrCodeSerialization, "failed to resolve endpoint", err)
+			return
+		}
+		signingRegion = endpoint.SigningRegion
+
+		if err = updateRequestEndpoint(req, endpoint.URL); err != nil {
+			req.Error = err
+			return
+		}
+		updateS3HostPrefixForS3ObjectLambda(req)
+	}
+
+	redirectSigner(req, signingName, signingRegion)
+}
+
+func isUseDualStackEndpoint(req *request.Request) bool {
+	if req.Config.UseDualStackEndpoint != endpoints.DualStackEndpointStateUnset {
+		return req.Config.UseDualStackEndpoint == endpoints.DualStackEndpointStateEnabled
+	}
+	return aws.BoolValue(req.Config.UseDualStack)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/endpoint_builder.go b/vendor/github.com/aws/aws-sdk-go/service/s3/endpoint_builder.go
new file mode 100644
index 000000000..7ae18ef54
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/service/s3/endpoint_builder.go
@@ -0,0 +1,239 @@
+package s3
+
+import (
+	"net/url"
+	"strings"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/awserr"
+	"github.com/aws/aws-sdk-go/aws/endpoints"
+	"github.com/aws/aws-sdk-go/aws/request"
+	"github.com/aws/aws-sdk-go/internal/s3shared"
+	"github.com/aws/aws-sdk-go/internal/s3shared/arn"
+	"github.com/aws/aws-sdk-go/private/protocol"
+)
+
+const (
+	accessPointPrefixLabel    = "accesspoint"
+	accountIDPrefixLabel      = "accountID"
+	accessPointPrefixTemplate = "{" + accessPointPrefixLabel + "}-{" + accountIDPrefixLabel + "}."
+
+	outpostPrefixLabel               = "outpost"
+	outpostAccessPointPrefixTemplate = accessPointPrefixTemplate + "{" + outpostPrefixLabel + "}."
+)
+
+// hasCustomEndpoint returns true if endpoint is a custom endpoint
+func hasCustomEndpoint(r *request.Request) bool {
+	return len(aws.StringValue(r.Config.Endpoint)) > 0
+}
+
+// accessPointEndpointBuilder represents the endpoint builder for access point arn
+type accessPointEndpointBuilder arn.AccessPointARN
+
+// build builds the endpoint for corresponding access point arn
+//
+// For building an endpoint from access point arn, format used is:
+// - Access point endpoint format : {accesspointName}-{accountId}.s3-accesspoint.{region}.{dnsSuffix}
+// - example : myaccesspoint-012345678901.s3-accesspoint.us-west-2.amazonaws.com
+//
+// Access Point Endpoint requests are signed using "s3" as signing name.
+func (a accessPointEndpointBuilder) build(req *request.Request) error {
+	resolveService := arn.AccessPointARN(a).Service
+	resolveRegion := arn.AccessPointARN(a).Region
+
+	endpoint, err := resolveRegionalEndpoint(req, resolveRegion, "", resolveService)
+	if err != nil {
+		return s3shared.NewFailedToResolveEndpointError(arn.AccessPointARN(a),
+			req.ClientInfo.PartitionID, resolveRegion, err)
+	}
+
+	endpoint.URL = endpoints.AddScheme(endpoint.URL, aws.BoolValue(req.Config.DisableSSL))
+
+	if !hasCustomEndpoint(req) {
+		if err = updateRequestEndpoint(req, endpoint.URL); err != nil {
+			return err
+		}
+
+		// dual stack provided by endpoint resolver
+		updateS3HostForS3AccessPoint(req)
+	}
+
+	protocol.HostPrefixBuilder{
+		Prefix:   accessPointPrefixTemplate,
+		LabelsFn: a.hostPrefixLabelValues,
+	}.Build(req)
+
+	// signer redirection
+	redirectSigner(req, endpoint.SigningName, endpoint.SigningRegion)
+
+	err = protocol.ValidateEndpointHost(req.Operation.Name, req.HTTPRequest.URL.Host)
+	if err != nil {
+		return s3shared.NewInvalidARNError(arn.AccessPointARN(a), err)
+	}
+
+	return nil
+}
+
+func (a accessPointEndpointBuilder) hostPrefixLabelValues() map[string]string {
+	return map[string]string{
+		accessPointPrefixLabel: arn.AccessPointARN(a).AccessPointName,
+		accountIDPrefixLabel:   arn.AccessPointARN(a).AccountID,
+	}
+}
+
+// s3ObjectLambdaAccessPointEndpointBuilder represents the endpoint builder for an s3 object lambda access point arn
+type s3ObjectLambdaAccessPointEndpointBuilder arn.S3ObjectLambdaAccessPointARN
+
+// build builds the endpoint for corresponding access point arn
+//
+// For building an endpoint from access point arn, format used is:
+// - Access point endpoint format : {accesspointName}-{accountId}.s3-object-lambda.{region}.{dnsSuffix}
+// - example : myaccesspoint-012345678901.s3-object-lambda.us-west-2.amazonaws.com
+//
+// Access Point Endpoint requests are signed using "s3-object-lambda" as signing name.
+func (a s3ObjectLambdaAccessPointEndpointBuilder) build(req *request.Request) error {
+	resolveRegion := arn.S3ObjectLambdaAccessPointARN(a).Region
+
+	endpoint, err := resolveRegionalEndpoint(req, resolveRegion, "", EndpointsID)
+	if err != nil {
+		return s3shared.NewFailedToResolveEndpointError(arn.S3ObjectLambdaAccessPointARN(a),
+			req.ClientInfo.PartitionID, resolveRegion, err)
+	}
+
+	endpoint.URL = endpoints.AddScheme(endpoint.URL, aws.BoolValue(req.Config.DisableSSL))
+
+	endpoint.SigningName = s3ObjectsLambdaNamespace
+
+	if !hasCustomEndpoint(req) {
+		if err = updateRequestEndpoint(req, endpoint.URL); err != nil {
+			return err
+		}
+
+		updateS3HostPrefixForS3ObjectLambda(req)
+	}
+
+	protocol.HostPrefixBuilder{
+		Prefix:   accessPointPrefixTemplate,
+		LabelsFn: a.hostPrefixLabelValues,
+	}.Build(req)
+
+	// signer redirection
+	redirectSigner(req, endpoint.SigningName, endpoint.SigningRegion)
+
+	err = protocol.ValidateEndpointHost(req.Operation.Name, req.HTTPRequest.URL.Host)
+	if err != nil {
+		return s3shared.NewInvalidARNError(arn.S3ObjectLambdaAccessPointARN(a), err)
+	}
+
+	return nil
+}
+
+func (a s3ObjectLambdaAccessPointEndpointBuilder) hostPrefixLabelValues() map[string]string {
+	return map[string]string{
+		accessPointPrefixLabel: arn.S3ObjectLambdaAccessPointARN(a).AccessPointName,
+		accountIDPrefixLabel:   arn.S3ObjectLambdaAccessPointARN(a).AccountID,
+	}
+}
+
+// outpostAccessPointEndpointBuilder represents the Endpoint builder for outpost access point arn.
+type outpostAccessPointEndpointBuilder arn.OutpostAccessPointARN
+
+// build builds an endpoint corresponding to the outpost access point arn.
+//
+// For building an endpoint from outpost access point arn, format used is:
+// - Outpost access point endpoint format : {accesspointName}-{accountId}.{outpostId}.s3-outposts.{region}.{dnsSuffix}
+// - example : myaccesspoint-012345678901.op-01234567890123456.s3-outposts.us-west-2.amazonaws.com
+//
+// Outpost AccessPoint Endpoint request are signed using "s3-outposts" as signing name.
+func (o outpostAccessPointEndpointBuilder) build(req *request.Request) error {
+	resolveRegion := o.Region
+	resolveService := o.Service
+
+	endpointsID := resolveService
+	if resolveService == s3OutpostsNamespace {
+		endpointsID = "s3"
+	}
+
+	endpoint, err := resolveRegionalEndpoint(req, resolveRegion, "", endpointsID)
+	if err != nil {
+		return s3shared.NewFailedToResolveEndpointError(o,
+			req.ClientInfo.PartitionID, resolveRegion, err)
+	}
+
+	endpoint.URL = endpoints.AddScheme(endpoint.URL, aws.BoolValue(req.Config.DisableSSL))
+
+	if !hasCustomEndpoint(req) {
+		if err = updateRequestEndpoint(req, endpoint.URL); err != nil {
+			return err
+		}
+		updateHostPrefix(req, endpointsID, resolveService)
+	}
+
+	protocol.HostPrefixBuilder{
+		Prefix:   outpostAccessPointPrefixTemplate,
+		LabelsFn: o.hostPrefixLabelValues,
+	}.Build(req)
+
+	// set the signing region, name to resolved names from ARN
+	redirectSigner(req, resolveService, resolveRegion)
+
+	err = protocol.ValidateEndpointHost(req.Operation.Name, req.HTTPRequest.URL.Host)
+	if err != nil {
+		return s3shared.NewInvalidARNError(o, err)
+	}
+
+	return nil
+}
+
+func (o outpostAccessPointEndpointBuilder) hostPrefixLabelValues() map[string]string {
+	return map[string]string{
+		accessPointPrefixLabel: o.AccessPointName,
+		accountIDPrefixLabel:   o.AccountID,
+		outpostPrefixLabel:     o.OutpostID,
+	}
+}
+
+func resolveRegionalEndpoint(r *request.Request, region, resolvedRegion, endpointsID string) (endpoints.ResolvedEndpoint, error) {
+	return r.Config.EndpointResolver.EndpointFor(endpointsID, region, func(opts *endpoints.Options) {
+		opts.DisableSSL = aws.BoolValue(r.Config.DisableSSL)
+		opts.UseDualStack = aws.BoolValue(r.Config.UseDualStack)
+		opts.UseDualStackEndpoint = r.Config.UseDualStackEndpoint
+		opts.UseFIPSEndpoint = r.Config.UseFIPSEndpoint
+		opts.S3UsEast1RegionalEndpoint = endpoints.RegionalS3UsEast1Endpoint
+		opts.ResolvedRegion = resolvedRegion
+		opts.Logger = r.Config.Logger
+		opts.LogDeprecated = r.Config.LogLevel.Matches(aws.LogDebugWithDeprecated)
+	})
+}
+
+func updateRequestEndpoint(r *request.Request, endpoint string) (err error) {
+	r.HTTPRequest.URL, err = url.Parse(endpoint + r.Operation.HTTPPath)
+	if err != nil {
+		return awserr.New(request.ErrCodeSerialization,
+			"failed to parse endpoint URL", err)
+	}
+
+	return nil
+}
+
+// redirectSigner sets signing name, signing region for a request
+func redirectSigner(req *request.Request, signingName string, signingRegion string) {
+	req.ClientInfo.SigningName = signingName
+	req.ClientInfo.SigningRegion = signingRegion
+}
+
+func updateS3HostForS3AccessPoint(req *request.Request) {
+	updateHostPrefix(req, "s3", s3AccessPointNamespace)
+}
+
+func updateS3HostPrefixForS3ObjectLambda(req *request.Request) {
+	updateHostPrefix(req, "s3", s3ObjectsLambdaNamespace)
+}
+
+func updateHostPrefix(req *request.Request, oldEndpointPrefix, newEndpointPrefix string) {
+	host := req.HTTPRequest.URL.Host
+	if strings.HasPrefix(host, oldEndpointPrefix) {
+		// replace service hostlabel oldEndpointPrefix to newEndpointPrefix
+		req.HTTPRequest.URL.Host = newEndpointPrefix + host[len(oldEndpointPrefix):]
+	}
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/errors.go b/vendor/github.com/aws/aws-sdk-go/service/s3/errors.go
new file mode 100644
index 000000000..cd6a2e8ae
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/service/s3/errors.go
@@ -0,0 +1,60 @@
+// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
+
+package s3
+
+const (
+
+	// ErrCodeBucketAlreadyExists for service response error code
+	// "BucketAlreadyExists".
+	//
+	// The requested bucket name is not available. The bucket namespace is shared
+	// by all users of the system. Select a different name and try again.
+	ErrCodeBucketAlreadyExists = "BucketAlreadyExists"
+
+	// ErrCodeBucketAlreadyOwnedByYou for service response error code
+	// "BucketAlreadyOwnedByYou".
+	//
+	// The bucket you tried to create already exists, and you own it. Amazon S3
+	// returns this error in all Amazon Web Services Regions except in the North
+	// Virginia Region. For legacy compatibility, if you re-create an existing bucket
+	// that you already own in the North Virginia Region, Amazon S3 returns 200
+	// OK and resets the bucket access control lists (ACLs).
+	ErrCodeBucketAlreadyOwnedByYou = "BucketAlreadyOwnedByYou"
+
+	// ErrCodeInvalidObjectState for service response error code
+	// "InvalidObjectState".
+	//
+	// Object is archived and inaccessible until restored.
+	ErrCodeInvalidObjectState = "InvalidObjectState"
+
+	// ErrCodeNoSuchBucket for service response error code
+	// "NoSuchBucket".
+	//
+	// The specified bucket does not exist.
+	ErrCodeNoSuchBucket = "NoSuchBucket"
+
+	// ErrCodeNoSuchKey for service response error code
+	// "NoSuchKey".
+	//
+	// The specified key does not exist.
+	ErrCodeNoSuchKey = "NoSuchKey"
+
+	// ErrCodeNoSuchUpload for service response error code
+	// "NoSuchUpload".
+	//
+	// The specified multipart upload does not exist.
+	ErrCodeNoSuchUpload = "NoSuchUpload"
+
+	// ErrCodeObjectAlreadyInActiveTierError for service response error code
+	// "ObjectAlreadyInActiveTierError".
+	//
+	// This action is not allowed against this storage tier.
+	ErrCodeObjectAlreadyInActiveTierError = "ObjectAlreadyInActiveTierError"
+
+	// ErrCodeObjectNotInActiveTierError for service response error code
+	// "ObjectNotInActiveTierError".
+	//
+	// The source object of the COPY action is not in the active tier and is only
+	// stored in Amazon S3 Glacier.
+	ErrCodeObjectNotInActiveTierError = "ObjectNotInActiveTierError"
+)
diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/host_style_bucket.go b/vendor/github.com/aws/aws-sdk-go/service/s3/host_style_bucket.go
new file mode 100644
index 000000000..81cdec1ae
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/service/s3/host_style_bucket.go
@@ -0,0 +1,136 @@
+package s3
+
+import (
+	"fmt"
+	"net/url"
+	"regexp"
+	"strings"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/awserr"
+	"github.com/aws/aws-sdk-go/aws/request"
+)
+
+// an operationBlacklist is a list of operation names that should a
+// request handler should not be executed with.
+type operationBlacklist []string
+
+// Continue will return true of the Request's operation name is not
+// in the blacklist. False otherwise.
+func (b operationBlacklist) Continue(r *request.Request) bool {
+	for i := 0; i < len(b); i++ {
+		if b[i] == r.Operation.Name {
+			return false
+		}
+	}
+	return true
+}
+
+var accelerateOpBlacklist = operationBlacklist{
+	opListBuckets, opCreateBucket, opDeleteBucket,
+}
+
+// Automatically add the bucket name to the endpoint domain
+// if possible. This style of bucket is valid for all bucket names which are
+// DNS compatible and do not contain "."
+func updateEndpointForS3Config(r *request.Request, bucketName string) {
+	forceHostStyle := aws.BoolValue(r.Config.S3ForcePathStyle)
+	accelerate := aws.BoolValue(r.Config.S3UseAccelerate)
+
+	if accelerate && accelerateOpBlacklist.Continue(r) {
+		if forceHostStyle {
+			if r.Config.Logger != nil {
+				r.Config.Logger.Log("ERROR: aws.Config.S3UseAccelerate is not compatible with aws.Config.S3ForcePathStyle, ignoring S3ForcePathStyle.")
+			}
+		}
+		updateEndpointForAccelerate(r, bucketName)
+	} else if !forceHostStyle && r.Operation.Name != opGetBucketLocation {
+		updateEndpointForHostStyle(r, bucketName)
+	}
+}
+
+func updateEndpointForHostStyle(r *request.Request, bucketName string) {
+	if !hostCompatibleBucketName(r.HTTPRequest.URL, bucketName) {
+		// bucket name must be valid to put into the host
+		return
+	}
+
+	moveBucketToHost(r.HTTPRequest.URL, bucketName)
+}
+
+var (
+	accelElem = []byte("s3-accelerate.dualstack.")
+)
+
+func updateEndpointForAccelerate(r *request.Request, bucketName string) {
+	if !hostCompatibleBucketName(r.HTTPRequest.URL, bucketName) {
+		r.Error = awserr.New("InvalidParameterException",
+			fmt.Sprintf("bucket name %s is not compatible with S3 Accelerate", bucketName),
+			nil)
+		return
+	}
+
+	parts := strings.Split(r.HTTPRequest.URL.Host, ".")
+	if len(parts) < 3 {
+		r.Error = awserr.New("InvalidParameterExecption",
+			fmt.Sprintf("unable to update endpoint host for S3 accelerate, hostname invalid, %s",
+				r.HTTPRequest.URL.Host), nil)
+		return
+	}
+
+	if parts[0] == "s3" || strings.HasPrefix(parts[0], "s3-") {
+		parts[0] = "s3-accelerate"
+	}
+	for i := 1; i+1 < len(parts); i++ {
+		if parts[i] == aws.StringValue(r.Config.Region) {
+			parts = append(parts[:i], parts[i+1:]...)
+			break
+		}
+	}
+
+	r.HTTPRequest.URL.Host = strings.Join(parts, ".")
+
+	moveBucketToHost(r.HTTPRequest.URL, bucketName)
+}
+
+// Attempts to retrieve the bucket name from the request input parameters.
+// If no bucket is found, or the field is empty "", false will be returned.
+func bucketNameFromReqParams(params interface{}) (string, bool) {
+	if iface, ok := params.(bucketGetter); ok {
+		b := iface.getBucket()
+		return b, len(b) > 0
+	}
+
+	return "", false
+}
+
+// hostCompatibleBucketName returns true if the request should
+// put the bucket in the host. This is false if S3ForcePathStyle is
+// explicitly set or if the bucket is not DNS compatible.
+func hostCompatibleBucketName(u *url.URL, bucket string) bool {
+	// Bucket might be DNS compatible but dots in the hostname will fail
+	// certificate validation, so do not use host-style.
+	if u.Scheme == "https" && strings.Contains(bucket, ".") {
+		return false
+	}
+
+	// if the bucket is DNS compatible
+	return dnsCompatibleBucketName(bucket)
+}
+
+var reDomain = regexp.MustCompile(`^[a-z0-9][a-z0-9\.\-]{1,61}[a-z0-9]$`)
+var reIPAddress = regexp.MustCompile(`^(\d+\.){3}\d+$`)
+
+// dnsCompatibleBucketName returns true if the bucket name is DNS compatible.
+// Buckets created outside of the classic region MUST be DNS compatible.
+func dnsCompatibleBucketName(bucket string) bool {
+	return reDomain.MatchString(bucket) &&
+		!reIPAddress.MatchString(bucket) &&
+		!strings.Contains(bucket, "..")
+}
+
+// moveBucketToHost moves the bucket name from the URI path to URL host.
+func moveBucketToHost(u *url.URL, bucket string) {
+	u.Host = bucket + "." + u.Host
+	removeBucketFromPath(u)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/platform_handlers.go b/vendor/github.com/aws/aws-sdk-go/service/s3/platform_handlers.go
new file mode 100644
index 000000000..308b7d473
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/service/s3/platform_handlers.go
@@ -0,0 +1,9 @@
+//go:build !go1.6
+// +build !go1.6
+
+package s3
+
+import "github.com/aws/aws-sdk-go/aws/request"
+
+func platformRequestHandlers(r *request.Request) {
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/platform_handlers_go1.6.go b/vendor/github.com/aws/aws-sdk-go/service/s3/platform_handlers_go1.6.go
new file mode 100644
index 000000000..70feffab7
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/service/s3/platform_handlers_go1.6.go
@@ -0,0 +1,29 @@
+//go:build go1.6
+// +build go1.6
+
+package s3
+
+import (
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/request"
+)
+
+func platformRequestHandlers(r *request.Request) {
+	if r.Operation.HTTPMethod == "PUT" {
+		// 100-Continue should only be used on put requests.
+		r.Handlers.Sign.PushBack(add100Continue)
+	}
+}
+
+func add100Continue(r *request.Request) {
+	if aws.BoolValue(r.Config.S3Disable100Continue) {
+		return
+	}
+	if r.HTTPRequest.ContentLength < 1024*1024*2 {
+		// Ignore requests smaller than 2MB. This helps prevent delaying
+		// requests unnecessarily.
+		return
+	}
+
+	r.HTTPRequest.Header.Set("Expect", "100-continue")
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/service.go b/vendor/github.com/aws/aws-sdk-go/service/s3/service.go
new file mode 100644
index 000000000..3e75d0e94
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/service/s3/service.go
@@ -0,0 +1,108 @@
+// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
+
+package s3
+
+import (
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/client"
+	"github.com/aws/aws-sdk-go/aws/client/metadata"
+	"github.com/aws/aws-sdk-go/aws/request"
+	"github.com/aws/aws-sdk-go/aws/signer/v4"
+	"github.com/aws/aws-sdk-go/private/protocol/restxml"
+)
+
+// S3 provides the API operation methods for making requests to
+// Amazon Simple Storage Service. See this package's package overview docs
+// for details on the service.
+//
+// S3 methods are safe to use concurrently. It is not safe to
+// modify mutate any of the struct's properties though.
+type S3 struct {
+	*client.Client
+}
+
+// Used for custom client initialization logic
+var initClient func(*client.Client)
+
+// Used for custom request initialization logic
+var initRequest func(*request.Request)
+
+// Service information constants
+const (
+	ServiceName = "s3"        // Name of service.
+	EndpointsID = ServiceName // ID to lookup a service endpoint with.
+	ServiceID   = "S3"        // ServiceID is a unique identifier of a specific service.
+)
+
+// New creates a new instance of the S3 client with a session.
+// If additional configuration is needed for the client instance use the optional
+// aws.Config parameter to add your extra config.
+//
+// Example:
+//
+//	mySession := session.Must(session.NewSession())
+//
+//	// Create a S3 client from just a session.
+//	svc := s3.New(mySession)
+//
+//	// Create a S3 client with additional configuration
+//	svc := s3.New(mySession, aws.NewConfig().WithRegion("us-west-2"))
+func New(p client.ConfigProvider, cfgs ...*aws.Config) *S3 {
+	c := p.ClientConfig(EndpointsID, cfgs...)
+	if c.SigningNameDerived || len(c.SigningName) == 0 {
+		c.SigningName = "s3"
+	}
+	return newClient(*c.Config, c.Handlers, c.PartitionID, c.Endpoint, c.SigningRegion, c.SigningName, c.ResolvedRegion)
+}
+
+// newClient creates, initializes and returns a new service client instance.
+func newClient(cfg aws.Config, handlers request.Handlers, partitionID, endpoint, signingRegion, signingName, resolvedRegion string) *S3 {
+	svc := &S3{
+		Client: client.New(
+			cfg,
+			metadata.ClientInfo{
+				ServiceName:    ServiceName,
+				ServiceID:      ServiceID,
+				SigningName:    signingName,
+				SigningRegion:  signingRegion,
+				PartitionID:    partitionID,
+				Endpoint:       endpoint,
+				APIVersion:     "2006-03-01",
+				ResolvedRegion: resolvedRegion,
+			},
+			handlers,
+		),
+	}
+
+	// Handlers
+	svc.Handlers.Sign.PushBackNamed(v4.BuildNamedHandler(v4.SignRequestHandler.Name, func(s *v4.Signer) {
+		s.DisableURIPathEscaping = true
+	}))
+	svc.Handlers.Build.PushBackNamed(restxml.BuildHandler)
+	svc.Handlers.Unmarshal.PushBackNamed(restxml.UnmarshalHandler)
+	svc.Handlers.UnmarshalMeta.PushBackNamed(restxml.UnmarshalMetaHandler)
+	svc.Handlers.UnmarshalError.PushBackNamed(restxml.UnmarshalErrorHandler)
+
+	svc.Handlers.BuildStream.PushBackNamed(restxml.BuildHandler)
+	svc.Handlers.UnmarshalStream.PushBackNamed(restxml.UnmarshalHandler)
+
+	// Run custom client initialization if present
+	if initClient != nil {
+		initClient(svc.Client)
+	}
+
+	return svc
+}
+
+// newRequest creates a new request for a S3 operation and runs any
+// custom request initialization.
+func (c *S3) newRequest(op *request.Operation, params, data interface{}) *request.Request {
+	req := c.NewRequest(op, params, data)
+
+	// Run custom request initialization if present
+	if initRequest != nil {
+		initRequest(req)
+	}
+
+	return req
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/sse.go b/vendor/github.com/aws/aws-sdk-go/service/s3/sse.go
new file mode 100644
index 000000000..57a0bd92c
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/service/s3/sse.go
@@ -0,0 +1,84 @@
+package s3
+
+import (
+	"crypto/md5"
+	"encoding/base64"
+	"net/http"
+
+	"github.com/aws/aws-sdk-go/aws/awserr"
+	"github.com/aws/aws-sdk-go/aws/request"
+)
+
+var errSSERequiresSSL = awserr.New("ConfigError", "cannot send SSE keys over HTTP.", nil)
+
+func validateSSERequiresSSL(r *request.Request) {
+	if r.HTTPRequest.URL.Scheme == "https" {
+		return
+	}
+
+	if iface, ok := r.Params.(sseCustomerKeyGetter); ok {
+		if len(iface.getSSECustomerKey()) > 0 {
+			r.Error = errSSERequiresSSL
+			return
+		}
+	}
+
+	if iface, ok := r.Params.(copySourceSSECustomerKeyGetter); ok {
+		if len(iface.getCopySourceSSECustomerKey()) > 0 {
+			r.Error = errSSERequiresSSL
+			return
+		}
+	}
+}
+
+const (
+	sseKeyHeader    = "x-amz-server-side-encryption-customer-key"
+	sseKeyMD5Header = sseKeyHeader + "-md5"
+)
+
+func computeSSEKeyMD5(r *request.Request) {
+	var key string
+	if g, ok := r.Params.(sseCustomerKeyGetter); ok {
+		key = g.getSSECustomerKey()
+	}
+
+	computeKeyMD5(sseKeyHeader, sseKeyMD5Header, key, r.HTTPRequest)
+}
+
+const (
+	copySrcSSEKeyHeader    = "x-amz-copy-source-server-side-encryption-customer-key"
+	copySrcSSEKeyMD5Header = copySrcSSEKeyHeader + "-md5"
+)
+
+func computeCopySourceSSEKeyMD5(r *request.Request) {
+	var key string
+	if g, ok := r.Params.(copySourceSSECustomerKeyGetter); ok {
+		key = g.getCopySourceSSECustomerKey()
+	}
+
+	computeKeyMD5(copySrcSSEKeyHeader, copySrcSSEKeyMD5Header, key, r.HTTPRequest)
+}
+
+func computeKeyMD5(keyHeader, keyMD5Header, key string, r *http.Request) {
+	if len(key) == 0 {
+		// Backwards compatiablity where user just set the header value instead
+		// of using the API parameter, or setting the header value for an
+		// operation without the parameters modeled.
+		key = r.Header.Get(keyHeader)
+		if len(key) == 0 {
+			return
+		}
+
+		// In backwards compatible, the header's value is not base64 encoded,
+		// and needs to be encoded and updated by the SDK's customizations.
+		b64Key := base64.StdEncoding.EncodeToString([]byte(key))
+		r.Header.Set(keyHeader, b64Key)
+	}
+
+	// Only update Key's MD5 if not already set.
+	if len(r.Header.Get(keyMD5Header)) == 0 {
+		sum := md5.Sum([]byte(key))
+		keyMD5 := base64.StdEncoding.EncodeToString(sum[:])
+		r.Header.Set(keyMD5Header, keyMD5)
+	}
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/statusok_error.go b/vendor/github.com/aws/aws-sdk-go/service/s3/statusok_error.go
new file mode 100644
index 000000000..096adc091
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/service/s3/statusok_error.go
@@ -0,0 +1,47 @@
+package s3
+
+import (
+	"bytes"
+	"io"
+	"io/ioutil"
+	"net/http"
+
+	"github.com/aws/aws-sdk-go/aws/awserr"
+	"github.com/aws/aws-sdk-go/aws/request"
+	"github.com/aws/aws-sdk-go/internal/sdkio"
+)
+
+func copyMultipartStatusOKUnmarshalError(r *request.Request) {
+	b, err := ioutil.ReadAll(r.HTTPResponse.Body)
+	r.HTTPResponse.Body.Close()
+	if err != nil {
+		r.Error = awserr.NewRequestFailure(
+			awserr.New(request.ErrCodeSerialization, "unable to read response body", err),
+			r.HTTPResponse.StatusCode,
+			r.RequestID,
+		)
+		// Note, some middleware later in the stack like restxml.Unmarshal expect a valid, non-closed Body
+		// even in case of an error, so we replace it with an empty Reader.
+		r.HTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(nil))
+		return
+	}
+
+	body := bytes.NewReader(b)
+	r.HTTPResponse.Body = ioutil.NopCloser(body)
+	defer body.Seek(0, sdkio.SeekStart)
+
+	unmarshalError(r)
+	if err, ok := r.Error.(awserr.Error); ok && err != nil {
+		if err.Code() == request.ErrCodeSerialization &&
+			err.OrigErr() != io.EOF {
+			r.Error = nil
+			return
+		}
+		// if empty payload
+		if err.OrigErr() == io.EOF {
+			r.HTTPResponse.StatusCode = http.StatusInternalServerError
+		} else {
+			r.HTTPResponse.StatusCode = http.StatusServiceUnavailable
+		}
+	}
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/unmarshal_error.go b/vendor/github.com/aws/aws-sdk-go/service/s3/unmarshal_error.go
new file mode 100644
index 000000000..6eecf6691
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/service/s3/unmarshal_error.go
@@ -0,0 +1,114 @@
+package s3
+
+import (
+	"bytes"
+	"encoding/xml"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"net/http"
+	"strings"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/awserr"
+	"github.com/aws/aws-sdk-go/aws/request"
+	"github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil"
+)
+
+type xmlErrorResponse struct {
+	XMLName xml.Name `xml:"Error"`
+	Code    string   `xml:"Code"`
+	Message string   `xml:"Message"`
+}
+
+func unmarshalError(r *request.Request) {
+	defer r.HTTPResponse.Body.Close()
+	defer io.Copy(ioutil.Discard, r.HTTPResponse.Body)
+
+	// Bucket exists in a different region, and request needs
+	// to be made to the correct region.
+	if r.HTTPResponse.StatusCode == http.StatusMovedPermanently {
+		msg := fmt.Sprintf(
+			"incorrect region, the bucket is not in '%s' region at endpoint '%s'",
+			aws.StringValue(r.Config.Region),
+			aws.StringValue(r.Config.Endpoint),
+		)
+		if v := r.HTTPResponse.Header.Get("x-amz-bucket-region"); len(v) != 0 {
+			msg += fmt.Sprintf(", bucket is in '%s' region", v)
+		}
+		r.Error = awserr.NewRequestFailure(
+			awserr.New("BucketRegionError", msg, nil),
+			r.HTTPResponse.StatusCode,
+			r.RequestID,
+		)
+		return
+	}
+
+	// Attempt to parse error from body if it is known
+	var errResp xmlErrorResponse
+	var err error
+	if r.HTTPResponse.StatusCode >= 200 && r.HTTPResponse.StatusCode < 300 {
+		err = s3unmarshalXMLError(&errResp, r.HTTPResponse.Body)
+	} else {
+		err = xmlutil.UnmarshalXMLError(&errResp, r.HTTPResponse.Body)
+	}
+
+	if err != nil {
+		var errorMsg string
+		if err == io.EOF {
+			errorMsg = "empty response payload"
+		} else {
+			errorMsg = "failed to unmarshal error message"
+		}
+
+		r.Error = awserr.NewRequestFailure(
+			awserr.New(request.ErrCodeSerialization,
+				errorMsg, err),
+			r.HTTPResponse.StatusCode,
+			r.RequestID,
+		)
+		return
+	}
+
+	// Fallback to status code converted to message if still no error code
+	if len(errResp.Code) == 0 {
+		statusText := http.StatusText(r.HTTPResponse.StatusCode)
+		errResp.Code = strings.Replace(statusText, " ", "", -1)
+		errResp.Message = statusText
+	}
+
+	r.Error = awserr.NewRequestFailure(
+		awserr.New(errResp.Code, errResp.Message, err),
+		r.HTTPResponse.StatusCode,
+		r.RequestID,
+	)
+}
+
+// A RequestFailure provides access to the S3 Request ID and Host ID values
+// returned from API operation errors. Getting the error as a string will
+// return the formated error with the same information as awserr.RequestFailure,
+// while also adding the HostID value from the response.
+type RequestFailure interface {
+	awserr.RequestFailure
+
+	// Host ID is the S3 Host ID needed for debug, and contacting support
+	HostID() string
+}
+
+// s3unmarshalXMLError is s3 specific xml error unmarshaler
+// for 200 OK errors and response payloads.
+// This function differs from the xmlUtil.UnmarshalXMLError
+// func. It does not ignore the EOF error and passes it up.
+// Related to bug fix for `s3 200 OK response with empty payload`
+func s3unmarshalXMLError(v interface{}, stream io.Reader) error {
+	var errBuf bytes.Buffer
+	body := io.TeeReader(stream, &errBuf)
+
+	err := xml.NewDecoder(body).Decode(v)
+	if err != nil && err != io.EOF {
+		return awserr.NewUnmarshalError(err,
+			"failed to unmarshal error message", errBuf.Bytes())
+	}
+
+	return err
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/waiters.go b/vendor/github.com/aws/aws-sdk-go/service/s3/waiters.go
new file mode 100644
index 000000000..2596c694b
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/service/s3/waiters.go
@@ -0,0 +1,214 @@
+// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
+
+package s3
+
+import (
+	"time"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/request"
+)
+
+// WaitUntilBucketExists uses the Amazon S3 API operation
+// HeadBucket to wait for a condition to be met before returning.
+// If the condition is not met within the max attempt window, an error will
+// be returned.
+func (c *S3) WaitUntilBucketExists(input *HeadBucketInput) error {
+	return c.WaitUntilBucketExistsWithContext(aws.BackgroundContext(), input)
+}
+
+// WaitUntilBucketExistsWithContext is an extended version of WaitUntilBucketExists.
+// With the support for passing in a context and options to configure the
+// Waiter and the underlying request options.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *S3) WaitUntilBucketExistsWithContext(ctx aws.Context, input *HeadBucketInput, opts ...request.WaiterOption) error {
+	w := request.Waiter{
+		Name:        "WaitUntilBucketExists",
+		MaxAttempts: 20,
+		Delay:       request.ConstantWaiterDelay(5 * time.Second),
+		Acceptors: []request.WaiterAcceptor{
+			{
+				State:    request.SuccessWaiterState,
+				Matcher:  request.StatusWaiterMatch,
+				Expected: 200,
+			},
+			{
+				State:    request.SuccessWaiterState,
+				Matcher:  request.StatusWaiterMatch,
+				Expected: 301,
+			},
+			{
+				State:    request.SuccessWaiterState,
+				Matcher:  request.StatusWaiterMatch,
+				Expected: 403,
+			},
+			{
+				State:    request.RetryWaiterState,
+				Matcher:  request.StatusWaiterMatch,
+				Expected: 404,
+			},
+		},
+		Logger: c.Config.Logger,
+		NewRequest: func(opts []request.Option) (*request.Request, error) {
+			var inCpy *HeadBucketInput
+			if input != nil {
+				tmp := *input
+				inCpy = &tmp
+			}
+			req, _ := c.HeadBucketRequest(inCpy)
+			req.SetContext(ctx)
+			req.ApplyOptions(opts...)
+			return req, nil
+		},
+	}
+	w.ApplyOptions(opts...)
+
+	return w.WaitWithContext(ctx)
+}
+
+// WaitUntilBucketNotExists uses the Amazon S3 API operation
+// HeadBucket to wait for a condition to be met before returning.
+// If the condition is not met within the max attempt window, an error will
+// be returned.
+func (c *S3) WaitUntilBucketNotExists(input *HeadBucketInput) error {
+	return c.WaitUntilBucketNotExistsWithContext(aws.BackgroundContext(), input)
+}
+
+// WaitUntilBucketNotExistsWithContext is an extended version of WaitUntilBucketNotExists.
+// With the support for passing in a context and options to configure the
+// Waiter and the underlying request options.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *S3) WaitUntilBucketNotExistsWithContext(ctx aws.Context, input *HeadBucketInput, opts ...request.WaiterOption) error {
+	w := request.Waiter{
+		Name:        "WaitUntilBucketNotExists",
+		MaxAttempts: 20,
+		Delay:       request.ConstantWaiterDelay(5 * time.Second),
+		Acceptors: []request.WaiterAcceptor{
+			{
+				State:    request.SuccessWaiterState,
+				Matcher:  request.StatusWaiterMatch,
+				Expected: 404,
+			},
+		},
+		Logger: c.Config.Logger,
+		NewRequest: func(opts []request.Option) (*request.Request, error) {
+			var inCpy *HeadBucketInput
+			if input != nil {
+				tmp := *input
+				inCpy = &tmp
+			}
+			req, _ := c.HeadBucketRequest(inCpy)
+			req.SetContext(ctx)
+			req.ApplyOptions(opts...)
+			return req, nil
+		},
+	}
+	w.ApplyOptions(opts...)
+
+	return w.WaitWithContext(ctx)
+}
+
+// WaitUntilObjectExists uses the Amazon S3 API operation
+// HeadObject to wait for a condition to be met before returning.
+// If the condition is not met within the max attempt window, an error will
+// be returned.
+func (c *S3) WaitUntilObjectExists(input *HeadObjectInput) error {
+	return c.WaitUntilObjectExistsWithContext(aws.BackgroundContext(), input)
+}
+
+// WaitUntilObjectExistsWithContext is an extended version of WaitUntilObjectExists.
+// With the support for passing in a context and options to configure the
+// Waiter and the underlying request options.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *S3) WaitUntilObjectExistsWithContext(ctx aws.Context, input *HeadObjectInput, opts ...request.WaiterOption) error {
+	w := request.Waiter{
+		Name:        "WaitUntilObjectExists",
+		MaxAttempts: 20,
+		Delay:       request.ConstantWaiterDelay(5 * time.Second),
+		Acceptors: []request.WaiterAcceptor{
+			{
+				State:    request.SuccessWaiterState,
+				Matcher:  request.StatusWaiterMatch,
+				Expected: 200,
+			},
+			{
+				State:    request.RetryWaiterState,
+				Matcher:  request.StatusWaiterMatch,
+				Expected: 404,
+			},
+		},
+		Logger: c.Config.Logger,
+		NewRequest: func(opts []request.Option) (*request.Request, error) {
+			var inCpy *HeadObjectInput
+			if input != nil {
+				tmp := *input
+				inCpy = &tmp
+			}
+			req, _ := c.HeadObjectRequest(inCpy)
+			req.SetContext(ctx)
+			req.ApplyOptions(opts...)
+			return req, nil
+		},
+	}
+	w.ApplyOptions(opts...)
+
+	return w.WaitWithContext(ctx)
+}
+
+// WaitUntilObjectNotExists uses the Amazon S3 API operation
+// HeadObject to wait for a condition to be met before returning.
+// If the condition is not met within the max attempt window, an error will
+// be returned.
+func (c *S3) WaitUntilObjectNotExists(input *HeadObjectInput) error {
+	return c.WaitUntilObjectNotExistsWithContext(aws.BackgroundContext(), input)
+}
+
+// WaitUntilObjectNotExistsWithContext is an extended version of WaitUntilObjectNotExists.
+// With the support for passing in a context and options to configure the
+// Waiter and the underlying request options.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *S3) WaitUntilObjectNotExistsWithContext(ctx aws.Context, input *HeadObjectInput, opts ...request.WaiterOption) error {
+	w := request.Waiter{
+		Name:        "WaitUntilObjectNotExists",
+		MaxAttempts: 20,
+		Delay:       request.ConstantWaiterDelay(5 * time.Second),
+		Acceptors: []request.WaiterAcceptor{
+			{
+				State:    request.SuccessWaiterState,
+				Matcher:  request.StatusWaiterMatch,
+				Expected: 404,
+			},
+		},
+		Logger: c.Config.Logger,
+		NewRequest: func(opts []request.Option) (*request.Request, error) {
+			var inCpy *HeadObjectInput
+			if input != nil {
+				tmp := *input
+				inCpy = &tmp
+			}
+			req, _ := c.HeadObjectRequest(inCpy)
+			req.SetContext(ctx)
+			req.ApplyOptions(opts...)
+			return req, nil
+		},
+	}
+	w.ApplyOptions(opts...)
+
+	return w.WaitWithContext(ctx)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/service/sso/api.go b/vendor/github.com/aws/aws-sdk-go/service/sso/api.go
new file mode 100644
index 000000000..b8f590f71
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/service/sso/api.go
@@ -0,0 +1,1367 @@
+// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
+
+package sso
+
+import (
+	"fmt"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/awsutil"
+	"github.com/aws/aws-sdk-go/aws/credentials"
+	"github.com/aws/aws-sdk-go/aws/request"
+	"github.com/aws/aws-sdk-go/private/protocol"
+	"github.com/aws/aws-sdk-go/private/protocol/restjson"
+)
+
+const opGetRoleCredentials = "GetRoleCredentials"
+
+// GetRoleCredentialsRequest generates a "aws/request.Request" representing the
+// client's request for the GetRoleCredentials operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See GetRoleCredentials for more information on using the GetRoleCredentials
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//	// Example sending a request using the GetRoleCredentialsRequest method.
+//	req, resp := client.GetRoleCredentialsRequest(params)
+//
+//	err := req.Send()
+//	if err == nil { // resp is now filled
+//	    fmt.Println(resp)
+//	}
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/sso-2019-06-10/GetRoleCredentials
+func (c *SSO) GetRoleCredentialsRequest(input *GetRoleCredentialsInput) (req *request.Request, output *GetRoleCredentialsOutput) {
+	op := &request.Operation{
+		Name:       opGetRoleCredentials,
+		HTTPMethod: "GET",
+		HTTPPath:   "/federation/credentials",
+	}
+
+	if input == nil {
+		input = &GetRoleCredentialsInput{}
+	}
+
+	output = &GetRoleCredentialsOutput{}
+	req = c.newRequest(op, input, output)
+	req.Config.Credentials = credentials.AnonymousCredentials
+	return
+}
+
+// GetRoleCredentials API operation for AWS Single Sign-On.
+//
+// Returns the STS short-term credentials for a given role name that is assigned
+// to the user.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for AWS Single Sign-On's
+// API operation GetRoleCredentials for usage and error information.
+//
+// Returned Error Types:
+//
+//   - InvalidRequestException
+//     Indicates that a problem occurred with the input to the request. For example,
+//     a required parameter might be missing or out of range.
+//
+//   - UnauthorizedException
+//     Indicates that the request is not authorized. This can happen due to an invalid
+//     access token in the request.
+//
+//   - TooManyRequestsException
+//     Indicates that the request is being made too frequently and is more than
+//     what the server can handle.
+//
+//   - ResourceNotFoundException
+//     The specified resource doesn't exist.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/sso-2019-06-10/GetRoleCredentials
+func (c *SSO) GetRoleCredentials(input *GetRoleCredentialsInput) (*GetRoleCredentialsOutput, error) {
+	req, out := c.GetRoleCredentialsRequest(input)
+	return out, req.Send()
+}
+
+// GetRoleCredentialsWithContext is the same as GetRoleCredentials with the addition of
+// the ability to pass a context and additional request options.
+//
+// See GetRoleCredentials for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *SSO) GetRoleCredentialsWithContext(ctx aws.Context, input *GetRoleCredentialsInput, opts ...request.Option) (*GetRoleCredentialsOutput, error) {
+	req, out := c.GetRoleCredentialsRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+const opListAccountRoles = "ListAccountRoles"
+
+// ListAccountRolesRequest generates a "aws/request.Request" representing the
+// client's request for the ListAccountRoles operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See ListAccountRoles for more information on using the ListAccountRoles
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//	// Example sending a request using the ListAccountRolesRequest method.
+//	req, resp := client.ListAccountRolesRequest(params)
+//
+//	err := req.Send()
+//	if err == nil { // resp is now filled
+//	    fmt.Println(resp)
+//	}
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/sso-2019-06-10/ListAccountRoles
+func (c *SSO) ListAccountRolesRequest(input *ListAccountRolesInput) (req *request.Request, output *ListAccountRolesOutput) {
+	op := &request.Operation{
+		Name:       opListAccountRoles,
+		HTTPMethod: "GET",
+		HTTPPath:   "/assignment/roles",
+		Paginator: &request.Paginator{
+			InputTokens:     []string{"nextToken"},
+			OutputTokens:    []string{"nextToken"},
+			LimitToken:      "maxResults",
+			TruncationToken: "",
+		},
+	}
+
+	if input == nil {
+		input = &ListAccountRolesInput{}
+	}
+
+	output = &ListAccountRolesOutput{}
+	req = c.newRequest(op, input, output)
+	req.Config.Credentials = credentials.AnonymousCredentials
+	return
+}
+
+// ListAccountRoles API operation for AWS Single Sign-On.
+//
+// Lists all roles that are assigned to the user for a given AWS account.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for AWS Single Sign-On's
+// API operation ListAccountRoles for usage and error information.
+//
+// Returned Error Types:
+//
+//   - InvalidRequestException
+//     Indicates that a problem occurred with the input to the request. For example,
+//     a required parameter might be missing or out of range.
+//
+//   - UnauthorizedException
+//     Indicates that the request is not authorized. This can happen due to an invalid
+//     access token in the request.
+//
+//   - TooManyRequestsException
+//     Indicates that the request is being made too frequently and is more than
+//     what the server can handle.
+//
+//   - ResourceNotFoundException
+//     The specified resource doesn't exist.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/sso-2019-06-10/ListAccountRoles
+func (c *SSO) ListAccountRoles(input *ListAccountRolesInput) (*ListAccountRolesOutput, error) {
+	req, out := c.ListAccountRolesRequest(input)
+	return out, req.Send()
+}
+
+// ListAccountRolesWithContext is the same as ListAccountRoles with the addition of
+// the ability to pass a context and additional request options.
+//
+// See ListAccountRoles for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *SSO) ListAccountRolesWithContext(ctx aws.Context, input *ListAccountRolesInput, opts ...request.Option) (*ListAccountRolesOutput, error) {
+	req, out := c.ListAccountRolesRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+// ListAccountRolesPages iterates over the pages of a ListAccountRoles operation,
+// calling the "fn" function with the response data for each page. To stop
+// iterating, return false from the fn function.
+//
+// See ListAccountRoles method for more information on how to use this operation.
+//
+// Note: This operation can generate multiple requests to a service.
+//
+//	// Example iterating over at most 3 pages of a ListAccountRoles operation.
+//	pageNum := 0
+//	err := client.ListAccountRolesPages(params,
+//	    func(page *sso.ListAccountRolesOutput, lastPage bool) bool {
+//	        pageNum++
+//	        fmt.Println(page)
+//	        return pageNum <= 3
+//	    })
+func (c *SSO) ListAccountRolesPages(input *ListAccountRolesInput, fn func(*ListAccountRolesOutput, bool) bool) error {
+	return c.ListAccountRolesPagesWithContext(aws.BackgroundContext(), input, fn)
+}
+
+// ListAccountRolesPagesWithContext same as ListAccountRolesPages except
+// it takes a Context and allows setting request options on the pages.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *SSO) ListAccountRolesPagesWithContext(ctx aws.Context, input *ListAccountRolesInput, fn func(*ListAccountRolesOutput, bool) bool, opts ...request.Option) error {
+	p := request.Pagination{
+		NewRequest: func() (*request.Request, error) {
+			var inCpy *ListAccountRolesInput
+			if input != nil {
+				tmp := *input
+				inCpy = &tmp
+			}
+			req, _ := c.ListAccountRolesRequest(inCpy)
+			req.SetContext(ctx)
+			req.ApplyOptions(opts...)
+			return req, nil
+		},
+	}
+
+	for p.Next() {
+		if !fn(p.Page().(*ListAccountRolesOutput), !p.HasNextPage()) {
+			break
+		}
+	}
+
+	return p.Err()
+}
+
+const opListAccounts = "ListAccounts"
+
+// ListAccountsRequest generates a "aws/request.Request" representing the
+// client's request for the ListAccounts operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See ListAccounts for more information on using the ListAccounts
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//	// Example sending a request using the ListAccountsRequest method.
+//	req, resp := client.ListAccountsRequest(params)
+//
+//	err := req.Send()
+//	if err == nil { // resp is now filled
+//	    fmt.Println(resp)
+//	}
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/sso-2019-06-10/ListAccounts
+func (c *SSO) ListAccountsRequest(input *ListAccountsInput) (req *request.Request, output *ListAccountsOutput) {
+	op := &request.Operation{
+		Name:       opListAccounts,
+		HTTPMethod: "GET",
+		HTTPPath:   "/assignment/accounts",
+		Paginator: &request.Paginator{
+			InputTokens:     []string{"nextToken"},
+			OutputTokens:    []string{"nextToken"},
+			LimitToken:      "maxResults",
+			TruncationToken: "",
+		},
+	}
+
+	if input == nil {
+		input = &ListAccountsInput{}
+	}
+
+	output = &ListAccountsOutput{}
+	req = c.newRequest(op, input, output)
+	req.Config.Credentials = credentials.AnonymousCredentials
+	return
+}
+
+// ListAccounts API operation for AWS Single Sign-On.
+//
+// Lists all AWS accounts assigned to the user. These AWS accounts are assigned
+// by the administrator of the account. For more information, see Assign User
+// Access (https://docs.aws.amazon.com/singlesignon/latest/userguide/useraccess.html#assignusers)
+// in the IAM Identity Center User Guide. This operation returns a paginated
+// response.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for AWS Single Sign-On's
+// API operation ListAccounts for usage and error information.
+//
+// Returned Error Types:
+//
+//   - InvalidRequestException
+//     Indicates that a problem occurred with the input to the request. For example,
+//     a required parameter might be missing or out of range.
+//
+//   - UnauthorizedException
+//     Indicates that the request is not authorized. This can happen due to an invalid
+//     access token in the request.
+//
+//   - TooManyRequestsException
+//     Indicates that the request is being made too frequently and is more than
+//     what the server can handle.
+//
+//   - ResourceNotFoundException
+//     The specified resource doesn't exist.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/sso-2019-06-10/ListAccounts
+func (c *SSO) ListAccounts(input *ListAccountsInput) (*ListAccountsOutput, error) {
+	req, out := c.ListAccountsRequest(input)
+	return out, req.Send()
+}
+
+// ListAccountsWithContext is the same as ListAccounts with the addition of
+// the ability to pass a context and additional request options.
+//
+// See ListAccounts for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *SSO) ListAccountsWithContext(ctx aws.Context, input *ListAccountsInput, opts ...request.Option) (*ListAccountsOutput, error) {
+	req, out := c.ListAccountsRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+// ListAccountsPages iterates over the pages of a ListAccounts operation,
+// calling the "fn" function with the response data for each page. To stop
+// iterating, return false from the fn function.
+//
+// See ListAccounts method for more information on how to use this operation.
+//
+// Note: This operation can generate multiple requests to a service.
+//
+//	// Example iterating over at most 3 pages of a ListAccounts operation.
+//	pageNum := 0
+//	err := client.ListAccountsPages(params,
+//	    func(page *sso.ListAccountsOutput, lastPage bool) bool {
+//	        pageNum++
+//	        fmt.Println(page)
+//	        return pageNum <= 3
+//	    })
+func (c *SSO) ListAccountsPages(input *ListAccountsInput, fn func(*ListAccountsOutput, bool) bool) error {
+	return c.ListAccountsPagesWithContext(aws.BackgroundContext(), input, fn)
+}
+
+// ListAccountsPagesWithContext same as ListAccountsPages except
+// it takes a Context and allows setting request options on the pages.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *SSO) ListAccountsPagesWithContext(ctx aws.Context, input *ListAccountsInput, fn func(*ListAccountsOutput, bool) bool, opts ...request.Option) error {
+	p := request.Pagination{
+		NewRequest: func() (*request.Request, error) {
+			var inCpy *ListAccountsInput
+			if input != nil {
+				tmp := *input
+				inCpy = &tmp
+			}
+			req, _ := c.ListAccountsRequest(inCpy)
+			req.SetContext(ctx)
+			req.ApplyOptions(opts...)
+			return req, nil
+		},
+	}
+
+	for p.Next() {
+		if !fn(p.Page().(*ListAccountsOutput), !p.HasNextPage()) {
+			break
+		}
+	}
+
+	return p.Err()
+}
+
+const opLogout = "Logout"
+
+// LogoutRequest generates a "aws/request.Request" representing the
+// client's request for the Logout operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See Logout for more information on using the Logout
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//	// Example sending a request using the LogoutRequest method.
+//	req, resp := client.LogoutRequest(params)
+//
+//	err := req.Send()
+//	if err == nil { // resp is now filled
+//	    fmt.Println(resp)
+//	}
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/sso-2019-06-10/Logout
+func (c *SSO) LogoutRequest(input *LogoutInput) (req *request.Request, output *LogoutOutput) {
+	op := &request.Operation{
+		Name:       opLogout,
+		HTTPMethod: "POST",
+		HTTPPath:   "/logout",
+	}
+
+	if input == nil {
+		input = &LogoutInput{}
+	}
+
+	output = &LogoutOutput{}
+	req = c.newRequest(op, input, output)
+	req.Config.Credentials = credentials.AnonymousCredentials
+	req.Handlers.Unmarshal.Swap(restjson.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
+	return
+}
+
+// Logout API operation for AWS Single Sign-On.
+//
+// Removes the locally stored SSO tokens from the client-side cache and sends
+// an API call to the IAM Identity Center service to invalidate the corresponding
+// server-side IAM Identity Center sign in session.
+//
+// If a user uses IAM Identity Center to access the AWS CLI, the user’s IAM
+// Identity Center sign in session is used to obtain an IAM session, as specified
+// in the corresponding IAM Identity Center permission set. More specifically,
+// IAM Identity Center assumes an IAM role in the target account on behalf of
+// the user, and the corresponding temporary AWS credentials are returned to
+// the client.
+//
+// After user logout, any existing IAM role sessions that were created by using
+// IAM Identity Center permission sets continue based on the duration configured
+// in the permission set. For more information, see User authentications (https://docs.aws.amazon.com/singlesignon/latest/userguide/authconcept.html)
+// in the IAM Identity Center User Guide.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for AWS Single Sign-On's
+// API operation Logout for usage and error information.
+//
+// Returned Error Types:
+//
+//   - InvalidRequestException
+//     Indicates that a problem occurred with the input to the request. For example,
+//     a required parameter might be missing or out of range.
+//
+//   - UnauthorizedException
+//     Indicates that the request is not authorized. This can happen due to an invalid
+//     access token in the request.
+//
+//   - TooManyRequestsException
+//     Indicates that the request is being made too frequently and is more than
+//     what the server can handle.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/sso-2019-06-10/Logout
+func (c *SSO) Logout(input *LogoutInput) (*LogoutOutput, error) {
+	req, out := c.LogoutRequest(input)
+	return out, req.Send()
+}
+
+// LogoutWithContext is the same as Logout with the addition of
+// the ability to pass a context and additional request options.
+//
+// See Logout for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *SSO) LogoutWithContext(ctx aws.Context, input *LogoutInput, opts ...request.Option) (*LogoutOutput, error) {
+	req, out := c.LogoutRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+// Provides information about your AWS account.
+type AccountInfo struct {
+	_ struct{} `type:"structure"`
+
+	// The identifier of the AWS account that is assigned to the user.
+	AccountId *string `locationName:"accountId" type:"string"`
+
+	// The display name of the AWS account that is assigned to the user.
+	AccountName *string `locationName:"accountName" type:"string"`
+
+	// The email address of the AWS account that is assigned to the user.
+	EmailAddress *string `locationName:"emailAddress" min:"1" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AccountInfo) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AccountInfo) GoString() string {
+	return s.String()
+}
+
+// SetAccountId sets the AccountId field's value.
+func (s *AccountInfo) SetAccountId(v string) *AccountInfo {
+	s.AccountId = &v
+	return s
+}
+
+// SetAccountName sets the AccountName field's value.
+func (s *AccountInfo) SetAccountName(v string) *AccountInfo {
+	s.AccountName = &v
+	return s
+}
+
+// SetEmailAddress sets the EmailAddress field's value.
+func (s *AccountInfo) SetEmailAddress(v string) *AccountInfo {
+	s.EmailAddress = &v
+	return s
+}
+
+type GetRoleCredentialsInput struct {
+	_ struct{} `type:"structure" nopayload:"true"`
+
+	// The token issued by the CreateToken API call. For more information, see CreateToken
+	// (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/API_CreateToken.html)
+	// in the IAM Identity Center OIDC API Reference Guide.
+	//
+	// AccessToken is a sensitive parameter and its value will be
+	// replaced with "sensitive" in string returned by GetRoleCredentialsInput's
+	// String and GoString methods.
+	//
+	// AccessToken is a required field
+	AccessToken *string `location:"header" locationName:"x-amz-sso_bearer_token" type:"string" required:"true" sensitive:"true"`
+
+	// The identifier for the AWS account that is assigned to the user.
+	//
+	// AccountId is a required field
+	AccountId *string `location:"querystring" locationName:"account_id" type:"string" required:"true"`
+
+	// The friendly name of the role that is assigned to the user.
+	//
+	// RoleName is a required field
+	RoleName *string `location:"querystring" locationName:"role_name" type:"string" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetRoleCredentialsInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetRoleCredentialsInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *GetRoleCredentialsInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "GetRoleCredentialsInput"}
+	if s.AccessToken == nil {
+		invalidParams.Add(request.NewErrParamRequired("AccessToken"))
+	}
+	if s.AccountId == nil {
+		invalidParams.Add(request.NewErrParamRequired("AccountId"))
+	}
+	if s.RoleName == nil {
+		invalidParams.Add(request.NewErrParamRequired("RoleName"))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetAccessToken sets the AccessToken field's value.
+func (s *GetRoleCredentialsInput) SetAccessToken(v string) *GetRoleCredentialsInput {
+	s.AccessToken = &v
+	return s
+}
+
+// SetAccountId sets the AccountId field's value.
+func (s *GetRoleCredentialsInput) SetAccountId(v string) *GetRoleCredentialsInput {
+	s.AccountId = &v
+	return s
+}
+
+// SetRoleName sets the RoleName field's value.
+func (s *GetRoleCredentialsInput) SetRoleName(v string) *GetRoleCredentialsInput {
+	s.RoleName = &v
+	return s
+}
+
+type GetRoleCredentialsOutput struct {
+	_ struct{} `type:"structure"`
+
+	// The credentials for the role that is assigned to the user.
+	RoleCredentials *RoleCredentials `locationName:"roleCredentials" type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetRoleCredentialsOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetRoleCredentialsOutput) GoString() string {
+	return s.String()
+}
+
+// SetRoleCredentials sets the RoleCredentials field's value.
+func (s *GetRoleCredentialsOutput) SetRoleCredentials(v *RoleCredentials) *GetRoleCredentialsOutput {
+	s.RoleCredentials = v
+	return s
+}
+
+// Indicates that a problem occurred with the input to the request. For example,
+// a required parameter might be missing or out of range.
+type InvalidRequestException struct {
+	_            struct{}                  `type:"structure"`
+	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
+
+	Message_ *string `locationName:"message" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s InvalidRequestException) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s InvalidRequestException) GoString() string {
+	return s.String()
+}
+
+func newErrorInvalidRequestException(v protocol.ResponseMetadata) error {
+	return &InvalidRequestException{
+		RespMetadata: v,
+	}
+}
+
+// Code returns the exception type name.
+func (s *InvalidRequestException) Code() string {
+	return "InvalidRequestException"
+}
+
+// Message returns the exception's message.
+func (s *InvalidRequestException) Message() string {
+	if s.Message_ != nil {
+		return *s.Message_
+	}
+	return ""
+}
+
+// OrigErr always returns nil, satisfies awserr.Error interface.
+func (s *InvalidRequestException) OrigErr() error {
+	return nil
+}
+
+func (s *InvalidRequestException) Error() string {
+	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
+}
+
+// Status code returns the HTTP status code for the request's response error.
+func (s *InvalidRequestException) StatusCode() int {
+	return s.RespMetadata.StatusCode
+}
+
+// RequestID returns the service's response RequestID for request.
+func (s *InvalidRequestException) RequestID() string {
+	return s.RespMetadata.RequestID
+}
+
+type ListAccountRolesInput struct {
+	_ struct{} `type:"structure" nopayload:"true"`
+
+	// The token issued by the CreateToken API call. For more information, see CreateToken
+	// (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/API_CreateToken.html)
+	// in the IAM Identity Center OIDC API Reference Guide.
+	//
+	// AccessToken is a sensitive parameter and its value will be
+	// replaced with "sensitive" in string returned by ListAccountRolesInput's
+	// String and GoString methods.
+	//
+	// AccessToken is a required field
+	AccessToken *string `location:"header" locationName:"x-amz-sso_bearer_token" type:"string" required:"true" sensitive:"true"`
+
+	// The identifier for the AWS account that is assigned to the user.
+	//
+	// AccountId is a required field
+	AccountId *string `location:"querystring" locationName:"account_id" type:"string" required:"true"`
+
+	// The number of items that clients can request per page.
+	MaxResults *int64 `location:"querystring" locationName:"max_result" min:"1" type:"integer"`
+
+	// The page token from the previous response output when you request subsequent
+	// pages.
+	NextToken *string `location:"querystring" locationName:"next_token" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListAccountRolesInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListAccountRolesInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *ListAccountRolesInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "ListAccountRolesInput"}
+	if s.AccessToken == nil {
+		invalidParams.Add(request.NewErrParamRequired("AccessToken"))
+	}
+	if s.AccountId == nil {
+		invalidParams.Add(request.NewErrParamRequired("AccountId"))
+	}
+	if s.MaxResults != nil && *s.MaxResults < 1 {
+		invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetAccessToken sets the AccessToken field's value.
+func (s *ListAccountRolesInput) SetAccessToken(v string) *ListAccountRolesInput {
+	s.AccessToken = &v
+	return s
+}
+
+// SetAccountId sets the AccountId field's value.
+func (s *ListAccountRolesInput) SetAccountId(v string) *ListAccountRolesInput {
+	s.AccountId = &v
+	return s
+}
+
+// SetMaxResults sets the MaxResults field's value.
+func (s *ListAccountRolesInput) SetMaxResults(v int64) *ListAccountRolesInput {
+	s.MaxResults = &v
+	return s
+}
+
+// SetNextToken sets the NextToken field's value.
+func (s *ListAccountRolesInput) SetNextToken(v string) *ListAccountRolesInput {
+	s.NextToken = &v
+	return s
+}
+
+type ListAccountRolesOutput struct {
+	_ struct{} `type:"structure"`
+
+	// The page token client that is used to retrieve the list of accounts.
+	NextToken *string `locationName:"nextToken" type:"string"`
+
+	// A paginated response with the list of roles and the next token if more results
+	// are available.
+	RoleList []*RoleInfo `locationName:"roleList" type:"list"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListAccountRolesOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListAccountRolesOutput) GoString() string {
+	return s.String()
+}
+
+// SetNextToken sets the NextToken field's value.
+func (s *ListAccountRolesOutput) SetNextToken(v string) *ListAccountRolesOutput {
+	s.NextToken = &v
+	return s
+}
+
+// SetRoleList sets the RoleList field's value.
+func (s *ListAccountRolesOutput) SetRoleList(v []*RoleInfo) *ListAccountRolesOutput {
+	s.RoleList = v
+	return s
+}
+
+type ListAccountsInput struct {
+	_ struct{} `type:"structure" nopayload:"true"`
+
+	// The token issued by the CreateToken API call. For more information, see CreateToken
+	// (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/API_CreateToken.html)
+	// in the IAM Identity Center OIDC API Reference Guide.
+	//
+	// AccessToken is a sensitive parameter and its value will be
+	// replaced with "sensitive" in string returned by ListAccountsInput's
+	// String and GoString methods.
+	//
+	// AccessToken is a required field
+	AccessToken *string `location:"header" locationName:"x-amz-sso_bearer_token" type:"string" required:"true" sensitive:"true"`
+
+	// This is the number of items clients can request per page.
+	MaxResults *int64 `location:"querystring" locationName:"max_result" min:"1" type:"integer"`
+
+	// (Optional) When requesting subsequent pages, this is the page token from
+	// the previous response output.
+	NextToken *string `location:"querystring" locationName:"next_token" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListAccountsInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListAccountsInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *ListAccountsInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "ListAccountsInput"}
+	if s.AccessToken == nil {
+		invalidParams.Add(request.NewErrParamRequired("AccessToken"))
+	}
+	if s.MaxResults != nil && *s.MaxResults < 1 {
+		invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetAccessToken sets the AccessToken field's value.
+func (s *ListAccountsInput) SetAccessToken(v string) *ListAccountsInput {
+	s.AccessToken = &v
+	return s
+}
+
+// SetMaxResults sets the MaxResults field's value.
+func (s *ListAccountsInput) SetMaxResults(v int64) *ListAccountsInput {
+	s.MaxResults = &v
+	return s
+}
+
+// SetNextToken sets the NextToken field's value.
+func (s *ListAccountsInput) SetNextToken(v string) *ListAccountsInput {
+	s.NextToken = &v
+	return s
+}
+
+type ListAccountsOutput struct {
+	_ struct{} `type:"structure"`
+
+	// A paginated response with the list of account information and the next token
+	// if more results are available.
+	AccountList []*AccountInfo `locationName:"accountList" type:"list"`
+
+	// The page token client that is used to retrieve the list of accounts.
+	NextToken *string `locationName:"nextToken" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListAccountsOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListAccountsOutput) GoString() string {
+	return s.String()
+}
+
+// SetAccountList sets the AccountList field's value.
+func (s *ListAccountsOutput) SetAccountList(v []*AccountInfo) *ListAccountsOutput {
+	s.AccountList = v
+	return s
+}
+
+// SetNextToken sets the NextToken field's value.
+func (s *ListAccountsOutput) SetNextToken(v string) *ListAccountsOutput {
+	s.NextToken = &v
+	return s
+}
+
+type LogoutInput struct {
+	_ struct{} `type:"structure" nopayload:"true"`
+
+	// The token issued by the CreateToken API call. For more information, see CreateToken
+	// (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/API_CreateToken.html)
+	// in the IAM Identity Center OIDC API Reference Guide.
+	//
+	// AccessToken is a sensitive parameter and its value will be
+	// replaced with "sensitive" in string returned by LogoutInput's
+	// String and GoString methods.
+	//
+	// AccessToken is a required field
+	AccessToken *string `location:"header" locationName:"x-amz-sso_bearer_token" type:"string" required:"true" sensitive:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s LogoutInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s LogoutInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *LogoutInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "LogoutInput"}
+	if s.AccessToken == nil {
+		invalidParams.Add(request.NewErrParamRequired("AccessToken"))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetAccessToken sets the AccessToken field's value.
+func (s *LogoutInput) SetAccessToken(v string) *LogoutInput {
+	s.AccessToken = &v
+	return s
+}
+
+type LogoutOutput struct {
+	_ struct{} `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s LogoutOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s LogoutOutput) GoString() string {
+	return s.String()
+}
+
+// The specified resource doesn't exist.
+type ResourceNotFoundException struct {
+	_            struct{}                  `type:"structure"`
+	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
+
+	Message_ *string `locationName:"message" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ResourceNotFoundException) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ResourceNotFoundException) GoString() string {
+	return s.String()
+}
+
+func newErrorResourceNotFoundException(v protocol.ResponseMetadata) error {
+	return &ResourceNotFoundException{
+		RespMetadata: v,
+	}
+}
+
+// Code returns the exception type name.
+func (s *ResourceNotFoundException) Code() string {
+	return "ResourceNotFoundException"
+}
+
+// Message returns the exception's message.
+func (s *ResourceNotFoundException) Message() string {
+	if s.Message_ != nil {
+		return *s.Message_
+	}
+	return ""
+}
+
+// OrigErr always returns nil, satisfies awserr.Error interface.
+func (s *ResourceNotFoundException) OrigErr() error {
+	return nil
+}
+
+func (s *ResourceNotFoundException) Error() string {
+	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
+}
+
+// Status code returns the HTTP status code for the request's response error.
+func (s *ResourceNotFoundException) StatusCode() int {
+	return s.RespMetadata.StatusCode
+}
+
+// RequestID returns the service's response RequestID for request.
+func (s *ResourceNotFoundException) RequestID() string {
+	return s.RespMetadata.RequestID
+}
+
+// Provides information about the role credentials that are assigned to the
+// user.
+type RoleCredentials struct {
+	_ struct{} `type:"structure"`
+
+	// The identifier used for the temporary security credentials. For more information,
+	// see Using Temporary Security Credentials to Request Access to AWS Resources
+	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html)
+	// in the AWS IAM User Guide.
+	AccessKeyId *string `locationName:"accessKeyId" type:"string"`
+
+	// The date on which temporary security credentials expire.
+	Expiration *int64 `locationName:"expiration" type:"long"`
+
+	// The key that is used to sign the request. For more information, see Using
+	// Temporary Security Credentials to Request Access to AWS Resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html)
+	// in the AWS IAM User Guide.
+	//
+	// SecretAccessKey is a sensitive parameter and its value will be
+	// replaced with "sensitive" in string returned by RoleCredentials's
+	// String and GoString methods.
+	SecretAccessKey *string `locationName:"secretAccessKey" type:"string" sensitive:"true"`
+
+	// The token used for temporary credentials. For more information, see Using
+	// Temporary Security Credentials to Request Access to AWS Resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html)
+	// in the AWS IAM User Guide.
+	//
+	// SessionToken is a sensitive parameter and its value will be
+	// replaced with "sensitive" in string returned by RoleCredentials's
+	// String and GoString methods.
+	SessionToken *string `locationName:"sessionToken" type:"string" sensitive:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s RoleCredentials) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s RoleCredentials) GoString() string {
+	return s.String()
+}
+
+// SetAccessKeyId sets the AccessKeyId field's value.
+func (s *RoleCredentials) SetAccessKeyId(v string) *RoleCredentials {
+	s.AccessKeyId = &v
+	return s
+}
+
+// SetExpiration sets the Expiration field's value.
+func (s *RoleCredentials) SetExpiration(v int64) *RoleCredentials {
+	s.Expiration = &v
+	return s
+}
+
+// SetSecretAccessKey sets the SecretAccessKey field's value.
+func (s *RoleCredentials) SetSecretAccessKey(v string) *RoleCredentials {
+	s.SecretAccessKey = &v
+	return s
+}
+
+// SetSessionToken sets the SessionToken field's value.
+func (s *RoleCredentials) SetSessionToken(v string) *RoleCredentials {
+	s.SessionToken = &v
+	return s
+}
+
+// Provides information about the role that is assigned to the user.
+type RoleInfo struct {
+	_ struct{} `type:"structure"`
+
+	// The identifier of the AWS account assigned to the user.
+	AccountId *string `locationName:"accountId" type:"string"`
+
+	// The friendly name of the role that is assigned to the user.
+	RoleName *string `locationName:"roleName" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s RoleInfo) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s RoleInfo) GoString() string {
+	return s.String()
+}
+
+// SetAccountId sets the AccountId field's value.
+func (s *RoleInfo) SetAccountId(v string) *RoleInfo {
+	s.AccountId = &v
+	return s
+}
+
+// SetRoleName sets the RoleName field's value.
+func (s *RoleInfo) SetRoleName(v string) *RoleInfo {
+	s.RoleName = &v
+	return s
+}
+
+// Indicates that the request is being made too frequently and is more than
+// what the server can handle.
+type TooManyRequestsException struct {
+	_            struct{}                  `type:"structure"`
+	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
+
+	Message_ *string `locationName:"message" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s TooManyRequestsException) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s TooManyRequestsException) GoString() string {
+	return s.String()
+}
+
+func newErrorTooManyRequestsException(v protocol.ResponseMetadata) error {
+	return &TooManyRequestsException{
+		RespMetadata: v,
+	}
+}
+
+// Code returns the exception type name.
+func (s *TooManyRequestsException) Code() string {
+	return "TooManyRequestsException"
+}
+
+// Message returns the exception's message.
+func (s *TooManyRequestsException) Message() string {
+	if s.Message_ != nil {
+		return *s.Message_
+	}
+	return ""
+}
+
+// OrigErr always returns nil, satisfies awserr.Error interface.
+func (s *TooManyRequestsException) OrigErr() error {
+	return nil
+}
+
+func (s *TooManyRequestsException) Error() string {
+	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
+}
+
+// Status code returns the HTTP status code for the request's response error.
+func (s *TooManyRequestsException) StatusCode() int {
+	return s.RespMetadata.StatusCode
+}
+
+// RequestID returns the service's response RequestID for request.
+func (s *TooManyRequestsException) RequestID() string {
+	return s.RespMetadata.RequestID
+}
+
+// Indicates that the request is not authorized. This can happen due to an invalid
+// access token in the request.
+type UnauthorizedException struct {
+	_            struct{}                  `type:"structure"`
+	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
+
+	Message_ *string `locationName:"message" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s UnauthorizedException) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s UnauthorizedException) GoString() string {
+	return s.String()
+}
+
+func newErrorUnauthorizedException(v protocol.ResponseMetadata) error {
+	return &UnauthorizedException{
+		RespMetadata: v,
+	}
+}
+
+// Code returns the exception type name.
+func (s *UnauthorizedException) Code() string {
+	return "UnauthorizedException"
+}
+
+// Message returns the exception's message.
+func (s *UnauthorizedException) Message() string {
+	if s.Message_ != nil {
+		return *s.Message_
+	}
+	return ""
+}
+
+// OrigErr always returns nil, satisfies awserr.Error interface.
+func (s *UnauthorizedException) OrigErr() error {
+	return nil
+}
+
+func (s *UnauthorizedException) Error() string {
+	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
+}
+
+// Status code returns the HTTP status code for the request's response error.
+func (s *UnauthorizedException) StatusCode() int {
+	return s.RespMetadata.StatusCode
+}
+
+// RequestID returns the service's response RequestID for request.
+func (s *UnauthorizedException) RequestID() string {
+	return s.RespMetadata.RequestID
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/service/sso/doc.go b/vendor/github.com/aws/aws-sdk-go/service/sso/doc.go
new file mode 100644
index 000000000..15e61a322
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/service/sso/doc.go
@@ -0,0 +1,45 @@
+// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
+
+// Package sso provides the client and types for making API
+// requests to AWS Single Sign-On.
+//
+// AWS IAM Identity Center (successor to AWS Single Sign-On) Portal is a web
+// service that makes it easy for you to assign user access to IAM Identity
+// Center resources such as the AWS access portal. Users can get AWS account
+// applications and roles assigned to them and get federated into the application.
+//
+// Although AWS Single Sign-On was renamed, the sso and identitystore API namespaces
+// will continue to retain their original name for backward compatibility purposes.
+// For more information, see IAM Identity Center rename (https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html#renamed).
+//
+// This reference guide describes the IAM Identity Center Portal operations
+// that you can call programatically and includes detailed information on data
+// types and errors.
+//
+// AWS provides SDKs that consist of libraries and sample code for various programming
+// languages and platforms, such as Java, Ruby, .Net, iOS, or Android. The SDKs
+// provide a convenient way to create programmatic access to IAM Identity Center
+// and other AWS services. For more information about the AWS SDKs, including
+// how to download and install them, see Tools for Amazon Web Services (http://aws.amazon.com/tools/).
+//
+// See https://docs.aws.amazon.com/goto/WebAPI/sso-2019-06-10 for more information on this service.
+//
+// See sso package documentation for more information.
+// https://docs.aws.amazon.com/sdk-for-go/api/service/sso/
+//
+// # Using the Client
+//
+// To contact AWS Single Sign-On with the SDK use the New function to create
+// a new service client. With that client you can make API requests to the service.
+// These clients are safe to use concurrently.
+//
+// See the SDK's documentation for more information on how to use the SDK.
+// https://docs.aws.amazon.com/sdk-for-go/api/
+//
+// See aws.Config documentation for more information on configuring SDK clients.
+// https://docs.aws.amazon.com/sdk-for-go/api/aws/#Config
+//
+// See the AWS Single Sign-On client SSO for more
+// information on creating client for this service.
+// https://docs.aws.amazon.com/sdk-for-go/api/service/sso/#New
+package sso
diff --git a/vendor/github.com/aws/aws-sdk-go/service/sso/errors.go b/vendor/github.com/aws/aws-sdk-go/service/sso/errors.go
new file mode 100644
index 000000000..77a6792e3
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/service/sso/errors.go
@@ -0,0 +1,44 @@
+// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
+
+package sso
+
+import (
+	"github.com/aws/aws-sdk-go/private/protocol"
+)
+
+const (
+
+	// ErrCodeInvalidRequestException for service response error code
+	// "InvalidRequestException".
+	//
+	// Indicates that a problem occurred with the input to the request. For example,
+	// a required parameter might be missing or out of range.
+	ErrCodeInvalidRequestException = "InvalidRequestException"
+
+	// ErrCodeResourceNotFoundException for service response error code
+	// "ResourceNotFoundException".
+	//
+	// The specified resource doesn't exist.
+	ErrCodeResourceNotFoundException = "ResourceNotFoundException"
+
+	// ErrCodeTooManyRequestsException for service response error code
+	// "TooManyRequestsException".
+	//
+	// Indicates that the request is being made too frequently and is more than
+	// what the server can handle.
+	ErrCodeTooManyRequestsException = "TooManyRequestsException"
+
+	// ErrCodeUnauthorizedException for service response error code
+	// "UnauthorizedException".
+	//
+	// Indicates that the request is not authorized. This can happen due to an invalid
+	// access token in the request.
+	ErrCodeUnauthorizedException = "UnauthorizedException"
+)
+
+var exceptionFromCode = map[string]func(protocol.ResponseMetadata) error{
+	"InvalidRequestException":   newErrorInvalidRequestException,
+	"ResourceNotFoundException": newErrorResourceNotFoundException,
+	"TooManyRequestsException":  newErrorTooManyRequestsException,
+	"UnauthorizedException":     newErrorUnauthorizedException,
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/service/sso/service.go b/vendor/github.com/aws/aws-sdk-go/service/sso/service.go
new file mode 100644
index 000000000..7094cfe41
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/service/sso/service.go
@@ -0,0 +1,106 @@
+// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
+
+package sso
+
+import (
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/client"
+	"github.com/aws/aws-sdk-go/aws/client/metadata"
+	"github.com/aws/aws-sdk-go/aws/request"
+	"github.com/aws/aws-sdk-go/aws/signer/v4"
+	"github.com/aws/aws-sdk-go/private/protocol"
+	"github.com/aws/aws-sdk-go/private/protocol/restjson"
+)
+
+// SSO provides the API operation methods for making requests to
+// AWS Single Sign-On. See this package's package overview docs
+// for details on the service.
+//
+// SSO methods are safe to use concurrently. It is not safe to
+// modify mutate any of the struct's properties though.
+type SSO struct {
+	*client.Client
+}
+
+// Used for custom client initialization logic
+var initClient func(*client.Client)
+
+// Used for custom request initialization logic
+var initRequest func(*request.Request)
+
+// Service information constants
+const (
+	ServiceName = "SSO"        // Name of service.
+	EndpointsID = "portal.sso" // ID to lookup a service endpoint with.
+	ServiceID   = "SSO"        // ServiceID is a unique identifier of a specific service.
+)
+
+// New creates a new instance of the SSO client with a session.
+// If additional configuration is needed for the client instance use the optional
+// aws.Config parameter to add your extra config.
+//
+// Example:
+//
+//	mySession := session.Must(session.NewSession())
+//
+//	// Create a SSO client from just a session.
+//	svc := sso.New(mySession)
+//
+//	// Create a SSO client with additional configuration
+//	svc := sso.New(mySession, aws.NewConfig().WithRegion("us-west-2"))
+func New(p client.ConfigProvider, cfgs ...*aws.Config) *SSO {
+	c := p.ClientConfig(EndpointsID, cfgs...)
+	if c.SigningNameDerived || len(c.SigningName) == 0 {
+		c.SigningName = "awsssoportal"
+	}
+	return newClient(*c.Config, c.Handlers, c.PartitionID, c.Endpoint, c.SigningRegion, c.SigningName, c.ResolvedRegion)
+}
+
+// newClient creates, initializes and returns a new service client instance.
+func newClient(cfg aws.Config, handlers request.Handlers, partitionID, endpoint, signingRegion, signingName, resolvedRegion string) *SSO {
+	svc := &SSO{
+		Client: client.New(
+			cfg,
+			metadata.ClientInfo{
+				ServiceName:    ServiceName,
+				ServiceID:      ServiceID,
+				SigningName:    signingName,
+				SigningRegion:  signingRegion,
+				PartitionID:    partitionID,
+				Endpoint:       endpoint,
+				APIVersion:     "2019-06-10",
+				ResolvedRegion: resolvedRegion,
+			},
+			handlers,
+		),
+	}
+
+	// Handlers
+	svc.Handlers.Sign.PushBackNamed(v4.SignRequestHandler)
+	svc.Handlers.Build.PushBackNamed(restjson.BuildHandler)
+	svc.Handlers.Unmarshal.PushBackNamed(restjson.UnmarshalHandler)
+	svc.Handlers.UnmarshalMeta.PushBackNamed(restjson.UnmarshalMetaHandler)
+	svc.Handlers.UnmarshalError.PushBackNamed(
+		protocol.NewUnmarshalErrorHandler(restjson.NewUnmarshalTypedError(exceptionFromCode)).NamedHandler(),
+	)
+
+	// Run custom client initialization if present
+	if initClient != nil {
+		initClient(svc.Client)
+	}
+
+	return svc
+}
+
+// newRequest creates a new request for a SSO operation and runs any
+// custom request initialization.
+func (c *SSO) newRequest(op *request.Operation, params, data interface{}) *request.Request {
+	req := c.NewRequest(op, params, data)
+
+	// Run custom request initialization if present
+	if initRequest != nil {
+		initRequest(req)
+	}
+
+	return req
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/service/sso/ssoiface/interface.go b/vendor/github.com/aws/aws-sdk-go/service/sso/ssoiface/interface.go
new file mode 100644
index 000000000..818cab7cd
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/service/sso/ssoiface/interface.go
@@ -0,0 +1,86 @@
+// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
+
+// Package ssoiface provides an interface to enable mocking the AWS Single Sign-On service client
+// for testing your code.
+//
+// It is important to note that this interface will have breaking changes
+// when the service model is updated and adds new API operations, paginators,
+// and waiters.
+package ssoiface
+
+import (
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/request"
+	"github.com/aws/aws-sdk-go/service/sso"
+)
+
+// SSOAPI provides an interface to enable mocking the
+// sso.SSO service client's API operation,
+// paginators, and waiters. This make unit testing your code that calls out
+// to the SDK's service client's calls easier.
+//
+// The best way to use this interface is so the SDK's service client's calls
+// can be stubbed out for unit testing your code with the SDK without needing
+// to inject custom request handlers into the SDK's request pipeline.
+//
+//	// myFunc uses an SDK service client to make a request to
+//	// AWS Single Sign-On.
+//	func myFunc(svc ssoiface.SSOAPI) bool {
+//	    // Make svc.GetRoleCredentials request
+//	}
+//
+//	func main() {
+//	    sess := session.New()
+//	    svc := sso.New(sess)
+//
+//	    myFunc(svc)
+//	}
+//
+// In your _test.go file:
+//
+//	// Define a mock struct to be used in your unit tests of myFunc.
+//	type mockSSOClient struct {
+//	    ssoiface.SSOAPI
+//	}
+//	func (m *mockSSOClient) GetRoleCredentials(input *sso.GetRoleCredentialsInput) (*sso.GetRoleCredentialsOutput, error) {
+//	    // mock response/functionality
+//	}
+//
+//	func TestMyFunc(t *testing.T) {
+//	    // Setup Test
+//	    mockSvc := &mockSSOClient{}
+//
+//	    myfunc(mockSvc)
+//
+//	    // Verify myFunc's functionality
+//	}
+//
+// It is important to note that this interface will have breaking changes
+// when the service model is updated and adds new API operations, paginators,
+// and waiters. Its suggested to use the pattern above for testing, or using
+// tooling to generate mocks to satisfy the interfaces.
+type SSOAPI interface {
+	GetRoleCredentials(*sso.GetRoleCredentialsInput) (*sso.GetRoleCredentialsOutput, error)
+	GetRoleCredentialsWithContext(aws.Context, *sso.GetRoleCredentialsInput, ...request.Option) (*sso.GetRoleCredentialsOutput, error)
+	GetRoleCredentialsRequest(*sso.GetRoleCredentialsInput) (*request.Request, *sso.GetRoleCredentialsOutput)
+
+	ListAccountRoles(*sso.ListAccountRolesInput) (*sso.ListAccountRolesOutput, error)
+	ListAccountRolesWithContext(aws.Context, *sso.ListAccountRolesInput, ...request.Option) (*sso.ListAccountRolesOutput, error)
+	ListAccountRolesRequest(*sso.ListAccountRolesInput) (*request.Request, *sso.ListAccountRolesOutput)
+
+	ListAccountRolesPages(*sso.ListAccountRolesInput, func(*sso.ListAccountRolesOutput, bool) bool) error
+	ListAccountRolesPagesWithContext(aws.Context, *sso.ListAccountRolesInput, func(*sso.ListAccountRolesOutput, bool) bool, ...request.Option) error
+
+	ListAccounts(*sso.ListAccountsInput) (*sso.ListAccountsOutput, error)
+	ListAccountsWithContext(aws.Context, *sso.ListAccountsInput, ...request.Option) (*sso.ListAccountsOutput, error)
+	ListAccountsRequest(*sso.ListAccountsInput) (*request.Request, *sso.ListAccountsOutput)
+
+	ListAccountsPages(*sso.ListAccountsInput, func(*sso.ListAccountsOutput, bool) bool) error
+	ListAccountsPagesWithContext(aws.Context, *sso.ListAccountsInput, func(*sso.ListAccountsOutput, bool) bool, ...request.Option) error
+
+	Logout(*sso.LogoutInput) (*sso.LogoutOutput, error)
+	LogoutWithContext(aws.Context, *sso.LogoutInput, ...request.Option) (*sso.LogoutOutput, error)
+	LogoutRequest(*sso.LogoutInput) (*request.Request, *sso.LogoutOutput)
+}
+
+var _ SSOAPI = (*sso.SSO)(nil)
diff --git a/vendor/github.com/aws/aws-sdk-go/service/sts/api.go b/vendor/github.com/aws/aws-sdk-go/service/sts/api.go
new file mode 100644
index 000000000..7ac6b93f4
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/service/sts/api.go
@@ -0,0 +1,3464 @@
+// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
+
+package sts
+
+import (
+	"fmt"
+	"time"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/awsutil"
+	"github.com/aws/aws-sdk-go/aws/credentials"
+	"github.com/aws/aws-sdk-go/aws/request"
+)
+
+const opAssumeRole = "AssumeRole"
+
+// AssumeRoleRequest generates a "aws/request.Request" representing the
+// client's request for the AssumeRole operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See AssumeRole for more information on using the AssumeRole
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//	// Example sending a request using the AssumeRoleRequest method.
+//	req, resp := client.AssumeRoleRequest(params)
+//
+//	err := req.Send()
+//	if err == nil { // resp is now filled
+//	    fmt.Println(resp)
+//	}
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRole
+func (c *STS) AssumeRoleRequest(input *AssumeRoleInput) (req *request.Request, output *AssumeRoleOutput) {
+	op := &request.Operation{
+		Name:       opAssumeRole,
+		HTTPMethod: "POST",
+		HTTPPath:   "/",
+	}
+
+	if input == nil {
+		input = &AssumeRoleInput{}
+	}
+
+	output = &AssumeRoleOutput{}
+	req = c.newRequest(op, input, output)
+	return
+}
+
+// AssumeRole API operation for AWS Security Token Service.
+//
+// Returns a set of temporary security credentials that you can use to access
+// Amazon Web Services resources. These temporary credentials consist of an
+// access key ID, a secret access key, and a security token. Typically, you
+// use AssumeRole within your account or for cross-account access. For a comparison
+// of AssumeRole with other API operations that produce temporary credentials,
+// see Requesting Temporary Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html)
+// and Comparing the Amazon Web Services STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison)
+// in the IAM User Guide.
+//
+// # Permissions
+//
+// The temporary security credentials created by AssumeRole can be used to make
+// API calls to any Amazon Web Services service with the following exception:
+// You cannot call the Amazon Web Services STS GetFederationToken or GetSessionToken
+// API operations.
+//
+// (Optional) You can pass inline or managed session policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
+// to this operation. You can pass a single JSON policy document to use as an
+// inline session policy. You can also specify up to 10 managed policy Amazon
+// Resource Names (ARNs) to use as managed session policies. The plaintext that
+// you use for both inline and managed session policies can't exceed 2,048 characters.
+// Passing policies to this operation returns new temporary credentials. The
+// resulting session's permissions are the intersection of the role's identity-based
+// policy and the session policies. You can use the role's temporary credentials
+// in subsequent Amazon Web Services API calls to access resources in the account
+// that owns the role. You cannot use session policies to grant more permissions
+// than those allowed by the identity-based policy of the role that is being
+// assumed. For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
+// in the IAM User Guide.
+//
+// When you create a role, you create two policies: a role trust policy that
+// specifies who can assume the role, and a permissions policy that specifies
+// what can be done with the role. You specify the trusted principal that is
+// allowed to assume the role in the role trust policy.
+//
+// To assume a role from a different account, your Amazon Web Services account
+// must be trusted by the role. The trust relationship is defined in the role's
+// trust policy when the role is created. That trust policy states which accounts
+// are allowed to delegate that access to users in the account.
+//
+// A user who wants to access a role in a different account must also have permissions
+// that are delegated from the account administrator. The administrator must
+// attach a policy that allows the user to call AssumeRole for the ARN of the
+// role in the other account.
+//
+// To allow a user to assume a role in the same account, you can do either of
+// the following:
+//
+//   - Attach a policy to the user that allows the user to call AssumeRole
+//     (as long as the role's trust policy trusts the account).
+//
+//   - Add the user as a principal directly in the role's trust policy.
+//
+// You can do either because the role’s trust policy acts as an IAM resource-based
+// policy. When a resource-based policy grants access to a principal in the
+// same account, no additional identity-based policy is required. For more information
+// about trust policies and resource-based policies, see IAM Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html)
+// in the IAM User Guide.
+//
+// # Tags
+//
+// (Optional) You can pass tag key-value pairs to your session. These tags are
+// called session tags. For more information about session tags, see Passing
+// Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
+// in the IAM User Guide.
+//
+// An administrator must grant you the permissions necessary to pass session
+// tags. The administrator can also create granular permissions to allow you
+// to pass only specific session tags. For more information, see Tutorial: Using
+// Tags for Attribute-Based Access Control (https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html)
+// in the IAM User Guide.
+//
+// You can set the session tags as transitive. Transitive tags persist during
+// role chaining. For more information, see Chaining Roles with Session Tags
+// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining)
+// in the IAM User Guide.
+//
+// # Using MFA with AssumeRole
+//
+// (Optional) You can include multi-factor authentication (MFA) information
+// when you call AssumeRole. This is useful for cross-account scenarios to ensure
+// that the user that assumes the role has been authenticated with an Amazon
+// Web Services MFA device. In that scenario, the trust policy of the role being
+// assumed includes a condition that tests for MFA authentication. If the caller
+// does not include valid MFA information, the request to assume the role is
+// denied. The condition in a trust policy that tests for MFA authentication
+// might look like the following example.
+//
+// "Condition": {"Bool": {"aws:MultiFactorAuthPresent": true}}
+//
+// For more information, see Configuring MFA-Protected API Access (https://docs.aws.amazon.com/IAM/latest/UserGuide/MFAProtectedAPI.html)
+// in the IAM User Guide guide.
+//
+// To use MFA with AssumeRole, you pass values for the SerialNumber and TokenCode
+// parameters. The SerialNumber value identifies the user's hardware or virtual
+// MFA device. The TokenCode is the time-based one-time password (TOTP) that
+// the MFA device produces.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for AWS Security Token Service's
+// API operation AssumeRole for usage and error information.
+//
+// Returned Error Codes:
+//
+//   - ErrCodeMalformedPolicyDocumentException "MalformedPolicyDocument"
+//     The request was rejected because the policy document was malformed. The error
+//     message describes the specific error.
+//
+//   - ErrCodePackedPolicyTooLargeException "PackedPolicyTooLarge"
+//     The request was rejected because the total packed size of the session policies
+//     and session tags combined was too large. An Amazon Web Services conversion
+//     compresses the session policy document, session policy ARNs, and session
+//     tags into a packed binary format that has a separate limit. The error message
+//     indicates by percentage how close the policies and tags are to the upper
+//     size limit. For more information, see Passing Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
+//     in the IAM User Guide.
+//
+//     You could receive this error even though you meet other defined session policy
+//     and session tag limits. For more information, see IAM and STS Entity Character
+//     Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-limits-entity-length)
+//     in the IAM User Guide.
+//
+//   - ErrCodeRegionDisabledException "RegionDisabledException"
+//     STS is not activated in the requested region for the account that is being
+//     asked to generate credentials. The account administrator must use the IAM
+//     console to activate STS in that region. For more information, see Activating
+//     and Deactivating Amazon Web Services STS in an Amazon Web Services Region
+//     (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html)
+//     in the IAM User Guide.
+//
+//   - ErrCodeExpiredTokenException "ExpiredTokenException"
+//     The web identity token that was passed is expired or is not valid. Get a
+//     new identity token from the identity provider and then retry the request.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRole
+func (c *STS) AssumeRole(input *AssumeRoleInput) (*AssumeRoleOutput, error) {
+	req, out := c.AssumeRoleRequest(input)
+	return out, req.Send()
+}
+
+// AssumeRoleWithContext is the same as AssumeRole with the addition of
+// the ability to pass a context and additional request options.
+//
+// See AssumeRole for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *STS) AssumeRoleWithContext(ctx aws.Context, input *AssumeRoleInput, opts ...request.Option) (*AssumeRoleOutput, error) {
+	req, out := c.AssumeRoleRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+const opAssumeRoleWithSAML = "AssumeRoleWithSAML"
+
+// AssumeRoleWithSAMLRequest generates a "aws/request.Request" representing the
+// client's request for the AssumeRoleWithSAML operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See AssumeRoleWithSAML for more information on using the AssumeRoleWithSAML
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//	// Example sending a request using the AssumeRoleWithSAMLRequest method.
+//	req, resp := client.AssumeRoleWithSAMLRequest(params)
+//
+//	err := req.Send()
+//	if err == nil { // resp is now filled
+//	    fmt.Println(resp)
+//	}
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRoleWithSAML
+func (c *STS) AssumeRoleWithSAMLRequest(input *AssumeRoleWithSAMLInput) (req *request.Request, output *AssumeRoleWithSAMLOutput) {
+	op := &request.Operation{
+		Name:       opAssumeRoleWithSAML,
+		HTTPMethod: "POST",
+		HTTPPath:   "/",
+	}
+
+	if input == nil {
+		input = &AssumeRoleWithSAMLInput{}
+	}
+
+	output = &AssumeRoleWithSAMLOutput{}
+	req = c.newRequest(op, input, output)
+	req.Config.Credentials = credentials.AnonymousCredentials
+	return
+}
+
+// AssumeRoleWithSAML API operation for AWS Security Token Service.
+//
+// Returns a set of temporary security credentials for users who have been authenticated
+// via a SAML authentication response. This operation provides a mechanism for
+// tying an enterprise identity store or directory to role-based Amazon Web
+// Services access without user-specific credentials or configuration. For a
+// comparison of AssumeRoleWithSAML with the other API operations that produce
+// temporary credentials, see Requesting Temporary Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html)
+// and Comparing the Amazon Web Services STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison)
+// in the IAM User Guide.
+//
+// The temporary security credentials returned by this operation consist of
+// an access key ID, a secret access key, and a security token. Applications
+// can use these temporary security credentials to sign calls to Amazon Web
+// Services services.
+//
+// # Session Duration
+//
+// By default, the temporary security credentials created by AssumeRoleWithSAML
+// last for one hour. However, you can use the optional DurationSeconds parameter
+// to specify the duration of your session. Your role session lasts for the
+// duration that you specify, or until the time specified in the SAML authentication
+// response's SessionNotOnOrAfter value, whichever is shorter. You can provide
+// a DurationSeconds value from 900 seconds (15 minutes) up to the maximum session
+// duration setting for the role. This setting can have a value from 1 hour
+// to 12 hours. To learn how to view the maximum value for your role, see View
+// the Maximum Session Duration Setting for a Role (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session)
+// in the IAM User Guide. The maximum session duration limit applies when you
+// use the AssumeRole* API operations or the assume-role* CLI commands. However
+// the limit does not apply when you use those operations to create a console
+// URL. For more information, see Using IAM Roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html)
+// in the IAM User Guide.
+//
+// Role chaining (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html#iam-term-role-chaining)
+// limits your CLI or Amazon Web Services API role session to a maximum of one
+// hour. When you use the AssumeRole API operation to assume a role, you can
+// specify the duration of your role session with the DurationSeconds parameter.
+// You can specify a parameter value of up to 43200 seconds (12 hours), depending
+// on the maximum session duration setting for your role. However, if you assume
+// a role using role chaining and provide a DurationSeconds parameter value
+// greater than one hour, the operation fails.
+//
+// # Permissions
+//
+// The temporary security credentials created by AssumeRoleWithSAML can be used
+// to make API calls to any Amazon Web Services service with the following exception:
+// you cannot call the STS GetFederationToken or GetSessionToken API operations.
+//
+// (Optional) You can pass inline or managed session policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
+// to this operation. You can pass a single JSON policy document to use as an
+// inline session policy. You can also specify up to 10 managed policy Amazon
+// Resource Names (ARNs) to use as managed session policies. The plaintext that
+// you use for both inline and managed session policies can't exceed 2,048 characters.
+// Passing policies to this operation returns new temporary credentials. The
+// resulting session's permissions are the intersection of the role's identity-based
+// policy and the session policies. You can use the role's temporary credentials
+// in subsequent Amazon Web Services API calls to access resources in the account
+// that owns the role. You cannot use session policies to grant more permissions
+// than those allowed by the identity-based policy of the role that is being
+// assumed. For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
+// in the IAM User Guide.
+//
+// Calling AssumeRoleWithSAML does not require the use of Amazon Web Services
+// security credentials. The identity of the caller is validated by using keys
+// in the metadata document that is uploaded for the SAML provider entity for
+// your identity provider.
+//
+// Calling AssumeRoleWithSAML can result in an entry in your CloudTrail logs.
+// The entry includes the value in the NameID element of the SAML assertion.
+// We recommend that you use a NameIDType that is not associated with any personally
+// identifiable information (PII). For example, you could instead use the persistent
+// identifier (urn:oasis:names:tc:SAML:2.0:nameid-format:persistent).
+//
+// # Tags
+//
+// (Optional) You can configure your IdP to pass attributes into your SAML assertion
+// as session tags. Each session tag consists of a key name and an associated
+// value. For more information about session tags, see Passing Session Tags
+// in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
+// in the IAM User Guide.
+//
+// You can pass up to 50 session tags. The plaintext session tag keys can’t
+// exceed 128 characters and the values can’t exceed 256 characters. For these
+// and additional limits, see IAM and STS Character Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length)
+// in the IAM User Guide.
+//
+// An Amazon Web Services conversion compresses the passed inline session policy,
+// managed policy ARNs, and session tags into a packed binary format that has
+// a separate limit. Your request can fail for this limit even if your plaintext
+// meets the other requirements. The PackedPolicySize response element indicates
+// by percentage how close the policies and tags for your request are to the
+// upper size limit.
+//
+// You can pass a session tag with the same key as a tag that is attached to
+// the role. When you do, session tags override the role's tags with the same
+// key.
+//
+// An administrator must grant you the permissions necessary to pass session
+// tags. The administrator can also create granular permissions to allow you
+// to pass only specific session tags. For more information, see Tutorial: Using
+// Tags for Attribute-Based Access Control (https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html)
+// in the IAM User Guide.
+//
+// You can set the session tags as transitive. Transitive tags persist during
+// role chaining. For more information, see Chaining Roles with Session Tags
+// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining)
+// in the IAM User Guide.
+//
+// # SAML Configuration
+//
+// Before your application can call AssumeRoleWithSAML, you must configure your
+// SAML identity provider (IdP) to issue the claims required by Amazon Web Services.
+// Additionally, you must use Identity and Access Management (IAM) to create
+// a SAML provider entity in your Amazon Web Services account that represents
+// your identity provider. You must also create an IAM role that specifies this
+// SAML provider in its trust policy.
+//
+// For more information, see the following resources:
+//
+//   - About SAML 2.0-based Federation (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html)
+//     in the IAM User Guide.
+//
+//   - Creating SAML Identity Providers (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_saml.html)
+//     in the IAM User Guide.
+//
+//   - Configuring a Relying Party and Claims (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_saml_relying-party.html)
+//     in the IAM User Guide.
+//
+//   - Creating a Role for SAML 2.0 Federation (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-idp_saml.html)
+//     in the IAM User Guide.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for AWS Security Token Service's
+// API operation AssumeRoleWithSAML for usage and error information.
+//
+// Returned Error Codes:
+//
+//   - ErrCodeMalformedPolicyDocumentException "MalformedPolicyDocument"
+//     The request was rejected because the policy document was malformed. The error
+//     message describes the specific error.
+//
+//   - ErrCodePackedPolicyTooLargeException "PackedPolicyTooLarge"
+//     The request was rejected because the total packed size of the session policies
+//     and session tags combined was too large. An Amazon Web Services conversion
+//     compresses the session policy document, session policy ARNs, and session
+//     tags into a packed binary format that has a separate limit. The error message
+//     indicates by percentage how close the policies and tags are to the upper
+//     size limit. For more information, see Passing Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
+//     in the IAM User Guide.
+//
+//     You could receive this error even though you meet other defined session policy
+//     and session tag limits. For more information, see IAM and STS Entity Character
+//     Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-limits-entity-length)
+//     in the IAM User Guide.
+//
+//   - ErrCodeIDPRejectedClaimException "IDPRejectedClaim"
+//     The identity provider (IdP) reported that authentication failed. This might
+//     be because the claim is invalid.
+//
+//     If this error is returned for the AssumeRoleWithWebIdentity operation, it
+//     can also mean that the claim has expired or has been explicitly revoked.
+//
+//   - ErrCodeInvalidIdentityTokenException "InvalidIdentityToken"
+//     The web identity token that was passed could not be validated by Amazon Web
+//     Services. Get a new identity token from the identity provider and then retry
+//     the request.
+//
+//   - ErrCodeExpiredTokenException "ExpiredTokenException"
+//     The web identity token that was passed is expired or is not valid. Get a
+//     new identity token from the identity provider and then retry the request.
+//
+//   - ErrCodeRegionDisabledException "RegionDisabledException"
+//     STS is not activated in the requested region for the account that is being
+//     asked to generate credentials. The account administrator must use the IAM
+//     console to activate STS in that region. For more information, see Activating
+//     and Deactivating Amazon Web Services STS in an Amazon Web Services Region
+//     (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html)
+//     in the IAM User Guide.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRoleWithSAML
+func (c *STS) AssumeRoleWithSAML(input *AssumeRoleWithSAMLInput) (*AssumeRoleWithSAMLOutput, error) {
+	req, out := c.AssumeRoleWithSAMLRequest(input)
+	return out, req.Send()
+}
+
+// AssumeRoleWithSAMLWithContext is the same as AssumeRoleWithSAML with the addition of
+// the ability to pass a context and additional request options.
+//
+// See AssumeRoleWithSAML for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *STS) AssumeRoleWithSAMLWithContext(ctx aws.Context, input *AssumeRoleWithSAMLInput, opts ...request.Option) (*AssumeRoleWithSAMLOutput, error) {
+	req, out := c.AssumeRoleWithSAMLRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+const opAssumeRoleWithWebIdentity = "AssumeRoleWithWebIdentity"
+
+// AssumeRoleWithWebIdentityRequest generates a "aws/request.Request" representing the
+// client's request for the AssumeRoleWithWebIdentity operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See AssumeRoleWithWebIdentity for more information on using the AssumeRoleWithWebIdentity
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//	// Example sending a request using the AssumeRoleWithWebIdentityRequest method.
+//	req, resp := client.AssumeRoleWithWebIdentityRequest(params)
+//
+//	err := req.Send()
+//	if err == nil { // resp is now filled
+//	    fmt.Println(resp)
+//	}
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRoleWithWebIdentity
+func (c *STS) AssumeRoleWithWebIdentityRequest(input *AssumeRoleWithWebIdentityInput) (req *request.Request, output *AssumeRoleWithWebIdentityOutput) {
+	op := &request.Operation{
+		Name:       opAssumeRoleWithWebIdentity,
+		HTTPMethod: "POST",
+		HTTPPath:   "/",
+	}
+
+	if input == nil {
+		input = &AssumeRoleWithWebIdentityInput{}
+	}
+
+	output = &AssumeRoleWithWebIdentityOutput{}
+	req = c.newRequest(op, input, output)
+	req.Config.Credentials = credentials.AnonymousCredentials
+	return
+}
+
+// AssumeRoleWithWebIdentity API operation for AWS Security Token Service.
+//
+// Returns a set of temporary security credentials for users who have been authenticated
+// in a mobile or web application with a web identity provider. Example providers
+// include the OAuth 2.0 providers Login with Amazon and Facebook, or any OpenID
+// Connect-compatible identity provider such as Google or Amazon Cognito federated
+// identities (https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-identity.html).
+//
+// For mobile applications, we recommend that you use Amazon Cognito. You can
+// use Amazon Cognito with the Amazon Web Services SDK for iOS Developer Guide
+// (http://aws.amazon.com/sdkforios/) and the Amazon Web Services SDK for Android
+// Developer Guide (http://aws.amazon.com/sdkforandroid/) to uniquely identify
+// a user. You can also supply the user with a consistent identity throughout
+// the lifetime of an application.
+//
+// To learn more about Amazon Cognito, see Amazon Cognito identity pools (https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-identity.html)
+// in Amazon Cognito Developer Guide.
+//
+// Calling AssumeRoleWithWebIdentity does not require the use of Amazon Web
+// Services security credentials. Therefore, you can distribute an application
+// (for example, on mobile devices) that requests temporary security credentials
+// without including long-term Amazon Web Services credentials in the application.
+// You also don't need to deploy server-based proxy services that use long-term
+// Amazon Web Services credentials. Instead, the identity of the caller is validated
+// by using a token from the web identity provider. For a comparison of AssumeRoleWithWebIdentity
+// with the other API operations that produce temporary credentials, see Requesting
+// Temporary Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html)
+// and Comparing the Amazon Web Services STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison)
+// in the IAM User Guide.
+//
+// The temporary security credentials returned by this API consist of an access
+// key ID, a secret access key, and a security token. Applications can use these
+// temporary security credentials to sign calls to Amazon Web Services service
+// API operations.
+//
+// # Session Duration
+//
+// By default, the temporary security credentials created by AssumeRoleWithWebIdentity
+// last for one hour. However, you can use the optional DurationSeconds parameter
+// to specify the duration of your session. You can provide a value from 900
+// seconds (15 minutes) up to the maximum session duration setting for the role.
+// This setting can have a value from 1 hour to 12 hours. To learn how to view
+// the maximum value for your role, see View the Maximum Session Duration Setting
+// for a Role (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session)
+// in the IAM User Guide. The maximum session duration limit applies when you
+// use the AssumeRole* API operations or the assume-role* CLI commands. However
+// the limit does not apply when you use those operations to create a console
+// URL. For more information, see Using IAM Roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html)
+// in the IAM User Guide.
+//
+// # Permissions
+//
+// The temporary security credentials created by AssumeRoleWithWebIdentity can
+// be used to make API calls to any Amazon Web Services service with the following
+// exception: you cannot call the STS GetFederationToken or GetSessionToken
+// API operations.
+//
+// (Optional) You can pass inline or managed session policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
+// to this operation. You can pass a single JSON policy document to use as an
+// inline session policy. You can also specify up to 10 managed policy Amazon
+// Resource Names (ARNs) to use as managed session policies. The plaintext that
+// you use for both inline and managed session policies can't exceed 2,048 characters.
+// Passing policies to this operation returns new temporary credentials. The
+// resulting session's permissions are the intersection of the role's identity-based
+// policy and the session policies. You can use the role's temporary credentials
+// in subsequent Amazon Web Services API calls to access resources in the account
+// that owns the role. You cannot use session policies to grant more permissions
+// than those allowed by the identity-based policy of the role that is being
+// assumed. For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
+// in the IAM User Guide.
+//
+// # Tags
+//
+// (Optional) You can configure your IdP to pass attributes into your web identity
+// token as session tags. Each session tag consists of a key name and an associated
+// value. For more information about session tags, see Passing Session Tags
+// in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
+// in the IAM User Guide.
+//
+// You can pass up to 50 session tags. The plaintext session tag keys can’t
+// exceed 128 characters and the values can’t exceed 256 characters. For these
+// and additional limits, see IAM and STS Character Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length)
+// in the IAM User Guide.
+//
+// An Amazon Web Services conversion compresses the passed inline session policy,
+// managed policy ARNs, and session tags into a packed binary format that has
+// a separate limit. Your request can fail for this limit even if your plaintext
+// meets the other requirements. The PackedPolicySize response element indicates
+// by percentage how close the policies and tags for your request are to the
+// upper size limit.
+//
+// You can pass a session tag with the same key as a tag that is attached to
+// the role. When you do, the session tag overrides the role tag with the same
+// key.
+//
+// An administrator must grant you the permissions necessary to pass session
+// tags. The administrator can also create granular permissions to allow you
+// to pass only specific session tags. For more information, see Tutorial: Using
+// Tags for Attribute-Based Access Control (https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html)
+// in the IAM User Guide.
+//
+// You can set the session tags as transitive. Transitive tags persist during
+// role chaining. For more information, see Chaining Roles with Session Tags
+// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining)
+// in the IAM User Guide.
+//
+// # Identities
+//
+// Before your application can call AssumeRoleWithWebIdentity, you must have
+// an identity token from a supported identity provider and create a role that
+// the application can assume. The role that your application assumes must trust
+// the identity provider that is associated with the identity token. In other
+// words, the identity provider must be specified in the role's trust policy.
+//
+// Calling AssumeRoleWithWebIdentity can result in an entry in your CloudTrail
+// logs. The entry includes the Subject (http://openid.net/specs/openid-connect-core-1_0.html#Claims)
+// of the provided web identity token. We recommend that you avoid using any
+// personally identifiable information (PII) in this field. For example, you
+// could instead use a GUID or a pairwise identifier, as suggested in the OIDC
+// specification (http://openid.net/specs/openid-connect-core-1_0.html#SubjectIDTypes).
+//
+// For more information about how to use web identity federation and the AssumeRoleWithWebIdentity
+// API, see the following resources:
+//
+//   - Using Web Identity Federation API Operations for Mobile Apps (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc_manual.html)
+//     and Federation Through a Web-based Identity Provider (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity).
+//
+//   - Web Identity Federation Playground (https://aws.amazon.com/blogs/aws/the-aws-web-identity-federation-playground/).
+//     Walk through the process of authenticating through Login with Amazon,
+//     Facebook, or Google, getting temporary security credentials, and then
+//     using those credentials to make a request to Amazon Web Services.
+//
+//   - Amazon Web Services SDK for iOS Developer Guide (http://aws.amazon.com/sdkforios/)
+//     and Amazon Web Services SDK for Android Developer Guide (http://aws.amazon.com/sdkforandroid/).
+//     These toolkits contain sample apps that show how to invoke the identity
+//     providers. The toolkits then show how to use the information from these
+//     providers to get and use temporary security credentials.
+//
+//   - Web Identity Federation with Mobile Applications (http://aws.amazon.com/articles/web-identity-federation-with-mobile-applications).
+//     This article discusses web identity federation and shows an example of
+//     how to use web identity federation to get access to content in Amazon
+//     S3.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for AWS Security Token Service's
+// API operation AssumeRoleWithWebIdentity for usage and error information.
+//
+// Returned Error Codes:
+//
+//   - ErrCodeMalformedPolicyDocumentException "MalformedPolicyDocument"
+//     The request was rejected because the policy document was malformed. The error
+//     message describes the specific error.
+//
+//   - ErrCodePackedPolicyTooLargeException "PackedPolicyTooLarge"
+//     The request was rejected because the total packed size of the session policies
+//     and session tags combined was too large. An Amazon Web Services conversion
+//     compresses the session policy document, session policy ARNs, and session
+//     tags into a packed binary format that has a separate limit. The error message
+//     indicates by percentage how close the policies and tags are to the upper
+//     size limit. For more information, see Passing Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
+//     in the IAM User Guide.
+//
+//     You could receive this error even though you meet other defined session policy
+//     and session tag limits. For more information, see IAM and STS Entity Character
+//     Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-limits-entity-length)
+//     in the IAM User Guide.
+//
+//   - ErrCodeIDPRejectedClaimException "IDPRejectedClaim"
+//     The identity provider (IdP) reported that authentication failed. This might
+//     be because the claim is invalid.
+//
+//     If this error is returned for the AssumeRoleWithWebIdentity operation, it
+//     can also mean that the claim has expired or has been explicitly revoked.
+//
+//   - ErrCodeIDPCommunicationErrorException "IDPCommunicationError"
+//     The request could not be fulfilled because the identity provider (IDP) that
+//     was asked to verify the incoming identity token could not be reached. This
+//     is often a transient error caused by network conditions. Retry the request
+//     a limited number of times so that you don't exceed the request rate. If the
+//     error persists, the identity provider might be down or not responding.
+//
+//   - ErrCodeInvalidIdentityTokenException "InvalidIdentityToken"
+//     The web identity token that was passed could not be validated by Amazon Web
+//     Services. Get a new identity token from the identity provider and then retry
+//     the request.
+//
+//   - ErrCodeExpiredTokenException "ExpiredTokenException"
+//     The web identity token that was passed is expired or is not valid. Get a
+//     new identity token from the identity provider and then retry the request.
+//
+//   - ErrCodeRegionDisabledException "RegionDisabledException"
+//     STS is not activated in the requested region for the account that is being
+//     asked to generate credentials. The account administrator must use the IAM
+//     console to activate STS in that region. For more information, see Activating
+//     and Deactivating Amazon Web Services STS in an Amazon Web Services Region
+//     (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html)
+//     in the IAM User Guide.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRoleWithWebIdentity
+func (c *STS) AssumeRoleWithWebIdentity(input *AssumeRoleWithWebIdentityInput) (*AssumeRoleWithWebIdentityOutput, error) {
+	req, out := c.AssumeRoleWithWebIdentityRequest(input)
+	return out, req.Send()
+}
+
+// AssumeRoleWithWebIdentityWithContext is the same as AssumeRoleWithWebIdentity with the addition of
+// the ability to pass a context and additional request options.
+//
+// See AssumeRoleWithWebIdentity for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *STS) AssumeRoleWithWebIdentityWithContext(ctx aws.Context, input *AssumeRoleWithWebIdentityInput, opts ...request.Option) (*AssumeRoleWithWebIdentityOutput, error) {
+	req, out := c.AssumeRoleWithWebIdentityRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+const opDecodeAuthorizationMessage = "DecodeAuthorizationMessage"
+
+// DecodeAuthorizationMessageRequest generates a "aws/request.Request" representing the
+// client's request for the DecodeAuthorizationMessage operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See DecodeAuthorizationMessage for more information on using the DecodeAuthorizationMessage
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//	// Example sending a request using the DecodeAuthorizationMessageRequest method.
+//	req, resp := client.DecodeAuthorizationMessageRequest(params)
+//
+//	err := req.Send()
+//	if err == nil { // resp is now filled
+//	    fmt.Println(resp)
+//	}
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/DecodeAuthorizationMessage
+func (c *STS) DecodeAuthorizationMessageRequest(input *DecodeAuthorizationMessageInput) (req *request.Request, output *DecodeAuthorizationMessageOutput) {
+	op := &request.Operation{
+		Name:       opDecodeAuthorizationMessage,
+		HTTPMethod: "POST",
+		HTTPPath:   "/",
+	}
+
+	if input == nil {
+		input = &DecodeAuthorizationMessageInput{}
+	}
+
+	output = &DecodeAuthorizationMessageOutput{}
+	req = c.newRequest(op, input, output)
+	return
+}
+
+// DecodeAuthorizationMessage API operation for AWS Security Token Service.
+//
+// Decodes additional information about the authorization status of a request
+// from an encoded message returned in response to an Amazon Web Services request.
+//
+// For example, if a user is not authorized to perform an operation that he
+// or she has requested, the request returns a Client.UnauthorizedOperation
+// response (an HTTP 403 response). Some Amazon Web Services operations additionally
+// return an encoded message that can provide details about this authorization
+// failure.
+//
+// Only certain Amazon Web Services operations return an encoded authorization
+// message. The documentation for an individual operation indicates whether
+// that operation returns an encoded message in addition to returning an HTTP
+// code.
+//
+// The message is encoded because the details of the authorization status can
+// contain privileged information that the user who requested the operation
+// should not see. To decode an authorization status message, a user must be
+// granted permissions through an IAM policy (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html)
+// to request the DecodeAuthorizationMessage (sts:DecodeAuthorizationMessage)
+// action.
+//
+// The decoded message includes the following type of information:
+//
+//   - Whether the request was denied due to an explicit deny or due to the
+//     absence of an explicit allow. For more information, see Determining Whether
+//     a Request is Allowed or Denied (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-denyallow)
+//     in the IAM User Guide.
+//
+//   - The principal who made the request.
+//
+//   - The requested action.
+//
+//   - The requested resource.
+//
+//   - The values of condition keys in the context of the user's request.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for AWS Security Token Service's
+// API operation DecodeAuthorizationMessage for usage and error information.
+//
+// Returned Error Codes:
+//   - ErrCodeInvalidAuthorizationMessageException "InvalidAuthorizationMessageException"
+//     The error returned if the message passed to DecodeAuthorizationMessage was
+//     invalid. This can happen if the token contains invalid characters, such as
+//     linebreaks.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/DecodeAuthorizationMessage
+func (c *STS) DecodeAuthorizationMessage(input *DecodeAuthorizationMessageInput) (*DecodeAuthorizationMessageOutput, error) {
+	req, out := c.DecodeAuthorizationMessageRequest(input)
+	return out, req.Send()
+}
+
+// DecodeAuthorizationMessageWithContext is the same as DecodeAuthorizationMessage with the addition of
+// the ability to pass a context and additional request options.
+//
+// See DecodeAuthorizationMessage for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *STS) DecodeAuthorizationMessageWithContext(ctx aws.Context, input *DecodeAuthorizationMessageInput, opts ...request.Option) (*DecodeAuthorizationMessageOutput, error) {
+	req, out := c.DecodeAuthorizationMessageRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+const opGetAccessKeyInfo = "GetAccessKeyInfo"
+
+// GetAccessKeyInfoRequest generates a "aws/request.Request" representing the
+// client's request for the GetAccessKeyInfo operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See GetAccessKeyInfo for more information on using the GetAccessKeyInfo
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//	// Example sending a request using the GetAccessKeyInfoRequest method.
+//	req, resp := client.GetAccessKeyInfoRequest(params)
+//
+//	err := req.Send()
+//	if err == nil { // resp is now filled
+//	    fmt.Println(resp)
+//	}
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetAccessKeyInfo
+func (c *STS) GetAccessKeyInfoRequest(input *GetAccessKeyInfoInput) (req *request.Request, output *GetAccessKeyInfoOutput) {
+	op := &request.Operation{
+		Name:       opGetAccessKeyInfo,
+		HTTPMethod: "POST",
+		HTTPPath:   "/",
+	}
+
+	if input == nil {
+		input = &GetAccessKeyInfoInput{}
+	}
+
+	output = &GetAccessKeyInfoOutput{}
+	req = c.newRequest(op, input, output)
+	return
+}
+
+// GetAccessKeyInfo API operation for AWS Security Token Service.
+//
+// Returns the account identifier for the specified access key ID.
+//
+// Access keys consist of two parts: an access key ID (for example, AKIAIOSFODNN7EXAMPLE)
+// and a secret access key (for example, wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY).
+// For more information about access keys, see Managing Access Keys for IAM
+// Users (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html)
+// in the IAM User Guide.
+//
+// When you pass an access key ID to this operation, it returns the ID of the
+// Amazon Web Services account to which the keys belong. Access key IDs beginning
+// with AKIA are long-term credentials for an IAM user or the Amazon Web Services
+// account root user. Access key IDs beginning with ASIA are temporary credentials
+// that are created using STS operations. If the account in the response belongs
+// to you, you can sign in as the root user and review your root user access
+// keys. Then, you can pull a credentials report (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_getting-report.html)
+// to learn which IAM user owns the keys. To learn who requested the temporary
+// credentials for an ASIA access key, view the STS events in your CloudTrail
+// logs (https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-integration.html)
+// in the IAM User Guide.
+//
+// This operation does not indicate the state of the access key. The key might
+// be active, inactive, or deleted. Active keys might not have permissions to
+// perform an operation. Providing a deleted access key might return an error
+// that the key doesn't exist.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for AWS Security Token Service's
+// API operation GetAccessKeyInfo for usage and error information.
+// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetAccessKeyInfo
+func (c *STS) GetAccessKeyInfo(input *GetAccessKeyInfoInput) (*GetAccessKeyInfoOutput, error) {
+	req, out := c.GetAccessKeyInfoRequest(input)
+	return out, req.Send()
+}
+
+// GetAccessKeyInfoWithContext is the same as GetAccessKeyInfo with the addition of
+// the ability to pass a context and additional request options.
+//
+// See GetAccessKeyInfo for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *STS) GetAccessKeyInfoWithContext(ctx aws.Context, input *GetAccessKeyInfoInput, opts ...request.Option) (*GetAccessKeyInfoOutput, error) {
+	req, out := c.GetAccessKeyInfoRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+const opGetCallerIdentity = "GetCallerIdentity"
+
+// GetCallerIdentityRequest generates a "aws/request.Request" representing the
+// client's request for the GetCallerIdentity operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See GetCallerIdentity for more information on using the GetCallerIdentity
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//	// Example sending a request using the GetCallerIdentityRequest method.
+//	req, resp := client.GetCallerIdentityRequest(params)
+//
+//	err := req.Send()
+//	if err == nil { // resp is now filled
+//	    fmt.Println(resp)
+//	}
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetCallerIdentity
+func (c *STS) GetCallerIdentityRequest(input *GetCallerIdentityInput) (req *request.Request, output *GetCallerIdentityOutput) {
+	op := &request.Operation{
+		Name:       opGetCallerIdentity,
+		HTTPMethod: "POST",
+		HTTPPath:   "/",
+	}
+
+	if input == nil {
+		input = &GetCallerIdentityInput{}
+	}
+
+	output = &GetCallerIdentityOutput{}
+	req = c.newRequest(op, input, output)
+	return
+}
+
+// GetCallerIdentity API operation for AWS Security Token Service.
+//
+// Returns details about the IAM user or role whose credentials are used to
+// call the operation.
+//
+// No permissions are required to perform this operation. If an administrator
+// attaches a policy to your identity that explicitly denies access to the sts:GetCallerIdentity
+// action, you can still perform this operation. Permissions are not required
+// because the same information is returned when access is denied. To view an
+// example response, see I Am Not Authorized to Perform: iam:DeleteVirtualMFADevice
+// (https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_access-denied-delete-mfa)
+// in the IAM User Guide.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for AWS Security Token Service's
+// API operation GetCallerIdentity for usage and error information.
+// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetCallerIdentity
+func (c *STS) GetCallerIdentity(input *GetCallerIdentityInput) (*GetCallerIdentityOutput, error) {
+	req, out := c.GetCallerIdentityRequest(input)
+	return out, req.Send()
+}
+
+// GetCallerIdentityWithContext is the same as GetCallerIdentity with the addition of
+// the ability to pass a context and additional request options.
+//
+// See GetCallerIdentity for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *STS) GetCallerIdentityWithContext(ctx aws.Context, input *GetCallerIdentityInput, opts ...request.Option) (*GetCallerIdentityOutput, error) {
+	req, out := c.GetCallerIdentityRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+const opGetFederationToken = "GetFederationToken"
+
+// GetFederationTokenRequest generates a "aws/request.Request" representing the
+// client's request for the GetFederationToken operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See GetFederationToken for more information on using the GetFederationToken
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//	// Example sending a request using the GetFederationTokenRequest method.
+//	req, resp := client.GetFederationTokenRequest(params)
+//
+//	err := req.Send()
+//	if err == nil { // resp is now filled
+//	    fmt.Println(resp)
+//	}
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetFederationToken
+func (c *STS) GetFederationTokenRequest(input *GetFederationTokenInput) (req *request.Request, output *GetFederationTokenOutput) {
+	op := &request.Operation{
+		Name:       opGetFederationToken,
+		HTTPMethod: "POST",
+		HTTPPath:   "/",
+	}
+
+	if input == nil {
+		input = &GetFederationTokenInput{}
+	}
+
+	output = &GetFederationTokenOutput{}
+	req = c.newRequest(op, input, output)
+	return
+}
+
+// GetFederationToken API operation for AWS Security Token Service.
+//
+// Returns a set of temporary security credentials (consisting of an access
+// key ID, a secret access key, and a security token) for a user. A typical
+// use is in a proxy application that gets temporary security credentials on
+// behalf of distributed applications inside a corporate network.
+//
+// You must call the GetFederationToken operation using the long-term security
+// credentials of an IAM user. As a result, this call is appropriate in contexts
+// where those credentials can be safeguarded, usually in a server-based application.
+// For a comparison of GetFederationToken with the other API operations that
+// produce temporary credentials, see Requesting Temporary Security Credentials
+// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html)
+// and Comparing the Amazon Web Services STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison)
+// in the IAM User Guide.
+//
+// Although it is possible to call GetFederationToken using the security credentials
+// of an Amazon Web Services account root user rather than an IAM user that
+// you create for the purpose of a proxy application, we do not recommend it.
+// For more information, see Safeguard your root user credentials and don't
+// use them for everyday tasks (https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#lock-away-credentials)
+// in the IAM User Guide.
+//
+// You can create a mobile-based or browser-based app that can authenticate
+// users using a web identity provider like Login with Amazon, Facebook, Google,
+// or an OpenID Connect-compatible identity provider. In this case, we recommend
+// that you use Amazon Cognito (http://aws.amazon.com/cognito/) or AssumeRoleWithWebIdentity.
+// For more information, see Federation Through a Web-based Identity Provider
+// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity)
+// in the IAM User Guide.
+//
+// # Session duration
+//
+// The temporary credentials are valid for the specified duration, from 900
+// seconds (15 minutes) up to a maximum of 129,600 seconds (36 hours). The default
+// session duration is 43,200 seconds (12 hours). Temporary credentials obtained
+// by using the root user credentials have a maximum duration of 3,600 seconds
+// (1 hour).
+//
+// # Permissions
+//
+// You can use the temporary credentials created by GetFederationToken in any
+// Amazon Web Services service with the following exceptions:
+//
+//   - You cannot call any IAM operations using the CLI or the Amazon Web Services
+//     API. This limitation does not apply to console sessions.
+//
+//   - You cannot call any STS operations except GetCallerIdentity.
+//
+// You can use temporary credentials for single sign-on (SSO) to the console.
+//
+// You must pass an inline or managed session policy (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
+// to this operation. You can pass a single JSON policy document to use as an
+// inline session policy. You can also specify up to 10 managed policy Amazon
+// Resource Names (ARNs) to use as managed session policies. The plaintext that
+// you use for both inline and managed session policies can't exceed 2,048 characters.
+//
+// Though the session policy parameters are optional, if you do not pass a policy,
+// then the resulting federated user session has no permissions. When you pass
+// session policies, the session permissions are the intersection of the IAM
+// user policies and the session policies that you pass. This gives you a way
+// to further restrict the permissions for a federated user. You cannot use
+// session policies to grant more permissions than those that are defined in
+// the permissions policy of the IAM user. For more information, see Session
+// Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
+// in the IAM User Guide. For information about using GetFederationToken to
+// create temporary security credentials, see GetFederationToken—Federation
+// Through a Custom Identity Broker (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getfederationtoken).
+//
+// You can use the credentials to access a resource that has a resource-based
+// policy. If that policy specifically references the federated user session
+// in the Principal element of the policy, the session has the permissions allowed
+// by the policy. These permissions are granted in addition to the permissions
+// granted by the session policies.
+//
+// # Tags
+//
+// (Optional) You can pass tag key-value pairs to your session. These are called
+// session tags. For more information about session tags, see Passing Session
+// Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
+// in the IAM User Guide.
+//
+// You can create a mobile-based or browser-based app that can authenticate
+// users using a web identity provider like Login with Amazon, Facebook, Google,
+// or an OpenID Connect-compatible identity provider. In this case, we recommend
+// that you use Amazon Cognito (http://aws.amazon.com/cognito/) or AssumeRoleWithWebIdentity.
+// For more information, see Federation Through a Web-based Identity Provider
+// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity)
+// in the IAM User Guide.
+//
+// An administrator must grant you the permissions necessary to pass session
+// tags. The administrator can also create granular permissions to allow you
+// to pass only specific session tags. For more information, see Tutorial: Using
+// Tags for Attribute-Based Access Control (https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html)
+// in the IAM User Guide.
+//
+// Tag key–value pairs are not case sensitive, but case is preserved. This
+// means that you cannot have separate Department and department tag keys. Assume
+// that the user that you are federating has the Department=Marketing tag and
+// you pass the department=engineering session tag. Department and department
+// are not saved as separate tags, and the session tag passed in the request
+// takes precedence over the user tag.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for AWS Security Token Service's
+// API operation GetFederationToken for usage and error information.
+//
+// Returned Error Codes:
+//
+//   - ErrCodeMalformedPolicyDocumentException "MalformedPolicyDocument"
+//     The request was rejected because the policy document was malformed. The error
+//     message describes the specific error.
+//
+//   - ErrCodePackedPolicyTooLargeException "PackedPolicyTooLarge"
+//     The request was rejected because the total packed size of the session policies
+//     and session tags combined was too large. An Amazon Web Services conversion
+//     compresses the session policy document, session policy ARNs, and session
+//     tags into a packed binary format that has a separate limit. The error message
+//     indicates by percentage how close the policies and tags are to the upper
+//     size limit. For more information, see Passing Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
+//     in the IAM User Guide.
+//
+//     You could receive this error even though you meet other defined session policy
+//     and session tag limits. For more information, see IAM and STS Entity Character
+//     Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-limits-entity-length)
+//     in the IAM User Guide.
+//
+//   - ErrCodeRegionDisabledException "RegionDisabledException"
+//     STS is not activated in the requested region for the account that is being
+//     asked to generate credentials. The account administrator must use the IAM
+//     console to activate STS in that region. For more information, see Activating
+//     and Deactivating Amazon Web Services STS in an Amazon Web Services Region
+//     (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html)
+//     in the IAM User Guide.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetFederationToken
+func (c *STS) GetFederationToken(input *GetFederationTokenInput) (*GetFederationTokenOutput, error) {
+	req, out := c.GetFederationTokenRequest(input)
+	return out, req.Send()
+}
+
+// GetFederationTokenWithContext is the same as GetFederationToken with the addition of
+// the ability to pass a context and additional request options.
+//
+// See GetFederationToken for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *STS) GetFederationTokenWithContext(ctx aws.Context, input *GetFederationTokenInput, opts ...request.Option) (*GetFederationTokenOutput, error) {
+	req, out := c.GetFederationTokenRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+const opGetSessionToken = "GetSessionToken"
+
+// GetSessionTokenRequest generates a "aws/request.Request" representing the
+// client's request for the GetSessionToken operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See GetSessionToken for more information on using the GetSessionToken
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//	// Example sending a request using the GetSessionTokenRequest method.
+//	req, resp := client.GetSessionTokenRequest(params)
+//
+//	err := req.Send()
+//	if err == nil { // resp is now filled
+//	    fmt.Println(resp)
+//	}
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetSessionToken
+func (c *STS) GetSessionTokenRequest(input *GetSessionTokenInput) (req *request.Request, output *GetSessionTokenOutput) {
+	op := &request.Operation{
+		Name:       opGetSessionToken,
+		HTTPMethod: "POST",
+		HTTPPath:   "/",
+	}
+
+	if input == nil {
+		input = &GetSessionTokenInput{}
+	}
+
+	output = &GetSessionTokenOutput{}
+	req = c.newRequest(op, input, output)
+	return
+}
+
+// GetSessionToken API operation for AWS Security Token Service.
+//
+// Returns a set of temporary credentials for an Amazon Web Services account
+// or IAM user. The credentials consist of an access key ID, a secret access
+// key, and a security token. Typically, you use GetSessionToken if you want
+// to use MFA to protect programmatic calls to specific Amazon Web Services
+// API operations like Amazon EC2 StopInstances.
+//
+// MFA-enabled IAM users must call GetSessionToken and submit an MFA code that
+// is associated with their MFA device. Using the temporary security credentials
+// that the call returns, IAM users can then make programmatic calls to API
+// operations that require MFA authentication. An incorrect MFA code causes
+// the API to return an access denied error. For a comparison of GetSessionToken
+// with the other API operations that produce temporary credentials, see Requesting
+// Temporary Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html)
+// and Comparing the Amazon Web Services STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison)
+// in the IAM User Guide.
+//
+// No permissions are required for users to perform this operation. The purpose
+// of the sts:GetSessionToken operation is to authenticate the user using MFA.
+// You cannot use policies to control authentication operations. For more information,
+// see Permissions for GetSessionToken (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_getsessiontoken.html)
+// in the IAM User Guide.
+//
+// # Session Duration
+//
+// The GetSessionToken operation must be called by using the long-term Amazon
+// Web Services security credentials of an IAM user. Credentials that are created
+// by IAM users are valid for the duration that you specify. This duration can
+// range from 900 seconds (15 minutes) up to a maximum of 129,600 seconds (36
+// hours), with a default of 43,200 seconds (12 hours). Credentials based on
+// account credentials can range from 900 seconds (15 minutes) up to 3,600 seconds
+// (1 hour), with a default of 1 hour.
+//
+// # Permissions
+//
+// The temporary security credentials created by GetSessionToken can be used
+// to make API calls to any Amazon Web Services service with the following exceptions:
+//
+//   - You cannot call any IAM API operations unless MFA authentication information
+//     is included in the request.
+//
+//   - You cannot call any STS API except AssumeRole or GetCallerIdentity.
+//
+// The credentials that GetSessionToken returns are based on permissions associated
+// with the IAM user whose credentials were used to call the operation. The
+// temporary credentials have the same permissions as the IAM user.
+//
+// Although it is possible to call GetSessionToken using the security credentials
+// of an Amazon Web Services account root user rather than an IAM user, we do
+// not recommend it. If GetSessionToken is called using root user credentials,
+// the temporary credentials have root user permissions. For more information,
+// see Safeguard your root user credentials and don't use them for everyday
+// tasks (https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#lock-away-credentials)
+// in the IAM User Guide
+//
+// For more information about using GetSessionToken to create temporary credentials,
+// see Temporary Credentials for Users in Untrusted Environments (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getsessiontoken)
+// in the IAM User Guide.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for AWS Security Token Service's
+// API operation GetSessionToken for usage and error information.
+//
+// Returned Error Codes:
+//   - ErrCodeRegionDisabledException "RegionDisabledException"
+//     STS is not activated in the requested region for the account that is being
+//     asked to generate credentials. The account administrator must use the IAM
+//     console to activate STS in that region. For more information, see Activating
+//     and Deactivating Amazon Web Services STS in an Amazon Web Services Region
+//     (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html)
+//     in the IAM User Guide.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetSessionToken
+func (c *STS) GetSessionToken(input *GetSessionTokenInput) (*GetSessionTokenOutput, error) {
+	req, out := c.GetSessionTokenRequest(input)
+	return out, req.Send()
+}
+
+// GetSessionTokenWithContext is the same as GetSessionToken with the addition of
+// the ability to pass a context and additional request options.
+//
+// See GetSessionToken for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *STS) GetSessionTokenWithContext(ctx aws.Context, input *GetSessionTokenInput, opts ...request.Option) (*GetSessionTokenOutput, error) {
+	req, out := c.GetSessionTokenRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
+type AssumeRoleInput struct {
+	_ struct{} `type:"structure"`
+
+	// The duration, in seconds, of the role session. The value specified can range
+	// from 900 seconds (15 minutes) up to the maximum session duration set for
+	// the role. The maximum session duration setting can have a value from 1 hour
+	// to 12 hours. If you specify a value higher than this setting or the administrator
+	// setting (whichever is lower), the operation fails. For example, if you specify
+	// a session duration of 12 hours, but your administrator set the maximum session
+	// duration to 6 hours, your operation fails.
+	//
+	// Role chaining limits your Amazon Web Services CLI or Amazon Web Services
+	// API role session to a maximum of one hour. When you use the AssumeRole API
+	// operation to assume a role, you can specify the duration of your role session
+	// with the DurationSeconds parameter. You can specify a parameter value of
+	// up to 43200 seconds (12 hours), depending on the maximum session duration
+	// setting for your role. However, if you assume a role using role chaining
+	// and provide a DurationSeconds parameter value greater than one hour, the
+	// operation fails. To learn how to view the maximum value for your role, see
+	// View the Maximum Session Duration Setting for a Role (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session)
+	// in the IAM User Guide.
+	//
+	// By default, the value is set to 3600 seconds.
+	//
+	// The DurationSeconds parameter is separate from the duration of a console
+	// session that you might request using the returned credentials. The request
+	// to the federation endpoint for a console sign-in token takes a SessionDuration
+	// parameter that specifies the maximum length of the console session. For more
+	// information, see Creating a URL that Enables Federated Users to Access the
+	// Amazon Web Services Management Console (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html)
+	// in the IAM User Guide.
+	DurationSeconds *int64 `min:"900" type:"integer"`
+
+	// A unique identifier that might be required when you assume a role in another
+	// account. If the administrator of the account to which the role belongs provided
+	// you with an external ID, then provide that value in the ExternalId parameter.
+	// This value can be any string, such as a passphrase or account number. A cross-account
+	// role is usually set up to trust everyone in an account. Therefore, the administrator
+	// of the trusting account might send an external ID to the administrator of
+	// the trusted account. That way, only someone with the ID can assume the role,
+	// rather than everyone in the account. For more information about the external
+	// ID, see How to Use an External ID When Granting Access to Your Amazon Web
+	// Services Resources to a Third Party (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html)
+	// in the IAM User Guide.
+	//
+	// The regex used to validate this parameter is a string of characters consisting
+	// of upper- and lower-case alphanumeric characters with no spaces. You can
+	// also include underscores or any of the following characters: =,.@:/-
+	ExternalId *string `min:"2" type:"string"`
+
+	// An IAM policy in JSON format that you want to use as an inline session policy.
+	//
+	// This parameter is optional. Passing policies to this operation returns new
+	// temporary credentials. The resulting session's permissions are the intersection
+	// of the role's identity-based policy and the session policies. You can use
+	// the role's temporary credentials in subsequent Amazon Web Services API calls
+	// to access resources in the account that owns the role. You cannot use session
+	// policies to grant more permissions than those allowed by the identity-based
+	// policy of the role that is being assumed. For more information, see Session
+	// Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
+	// in the IAM User Guide.
+	//
+	// The plaintext that you use for both inline and managed session policies can't
+	// exceed 2,048 characters. The JSON policy characters can be any ASCII character
+	// from the space character to the end of the valid character list (\u0020 through
+	// \u00FF). It can also include the tab (\u0009), linefeed (\u000A), and carriage
+	// return (\u000D) characters.
+	//
+	// An Amazon Web Services conversion compresses the passed inline session policy,
+	// managed policy ARNs, and session tags into a packed binary format that has
+	// a separate limit. Your request can fail for this limit even if your plaintext
+	// meets the other requirements. The PackedPolicySize response element indicates
+	// by percentage how close the policies and tags for your request are to the
+	// upper size limit.
+	Policy *string `min:"1" type:"string"`
+
+	// The Amazon Resource Names (ARNs) of the IAM managed policies that you want
+	// to use as managed session policies. The policies must exist in the same account
+	// as the role.
+	//
+	// This parameter is optional. You can provide up to 10 managed policy ARNs.
+	// However, the plaintext that you use for both inline and managed session policies
+	// can't exceed 2,048 characters. For more information about ARNs, see Amazon
+	// Resource Names (ARNs) and Amazon Web Services Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+	// in the Amazon Web Services General Reference.
+	//
+	// An Amazon Web Services conversion compresses the passed inline session policy,
+	// managed policy ARNs, and session tags into a packed binary format that has
+	// a separate limit. Your request can fail for this limit even if your plaintext
+	// meets the other requirements. The PackedPolicySize response element indicates
+	// by percentage how close the policies and tags for your request are to the
+	// upper size limit.
+	//
+	// Passing policies to this operation returns new temporary credentials. The
+	// resulting session's permissions are the intersection of the role's identity-based
+	// policy and the session policies. You can use the role's temporary credentials
+	// in subsequent Amazon Web Services API calls to access resources in the account
+	// that owns the role. You cannot use session policies to grant more permissions
+	// than those allowed by the identity-based policy of the role that is being
+	// assumed. For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
+	// in the IAM User Guide.
+	PolicyArns []*PolicyDescriptorType `type:"list"`
+
+	// The Amazon Resource Name (ARN) of the role to assume.
+	//
+	// RoleArn is a required field
+	RoleArn *string `min:"20" type:"string" required:"true"`
+
+	// An identifier for the assumed role session.
+	//
+	// Use the role session name to uniquely identify a session when the same role
+	// is assumed by different principals or for different reasons. In cross-account
+	// scenarios, the role session name is visible to, and can be logged by the
+	// account that owns the role. The role session name is also used in the ARN
+	// of the assumed role principal. This means that subsequent cross-account API
+	// requests that use the temporary security credentials will expose the role
+	// session name to the external account in their CloudTrail logs.
+	//
+	// The regex used to validate this parameter is a string of characters consisting
+	// of upper- and lower-case alphanumeric characters with no spaces. You can
+	// also include underscores or any of the following characters: =,.@-
+	//
+	// RoleSessionName is a required field
+	RoleSessionName *string `min:"2" type:"string" required:"true"`
+
+	// The identification number of the MFA device that is associated with the user
+	// who is making the AssumeRole call. Specify this value if the trust policy
+	// of the role being assumed includes a condition that requires MFA authentication.
+	// The value is either the serial number for a hardware device (such as GAHT12345678)
+	// or an Amazon Resource Name (ARN) for a virtual device (such as arn:aws:iam::123456789012:mfa/user).
+	//
+	// The regex used to validate this parameter is a string of characters consisting
+	// of upper- and lower-case alphanumeric characters with no spaces. You can
+	// also include underscores or any of the following characters: =,.@-
+	SerialNumber *string `min:"9" type:"string"`
+
+	// The source identity specified by the principal that is calling the AssumeRole
+	// operation.
+	//
+	// You can require users to specify a source identity when they assume a role.
+	// You do this by using the sts:SourceIdentity condition key in a role trust
+	// policy. You can use source identity information in CloudTrail logs to determine
+	// who took actions with a role. You can use the aws:SourceIdentity condition
+	// key to further control access to Amazon Web Services resources based on the
+	// value of source identity. For more information about using source identity,
+	// see Monitor and control actions taken with assumed roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html)
+	// in the IAM User Guide.
+	//
+	// The regex used to validate this parameter is a string of characters consisting
+	// of upper- and lower-case alphanumeric characters with no spaces. You can
+	// also include underscores or any of the following characters: =,.@-. You cannot
+	// use a value that begins with the text aws:. This prefix is reserved for Amazon
+	// Web Services internal use.
+	SourceIdentity *string `min:"2" type:"string"`
+
+	// A list of session tags that you want to pass. Each session tag consists of
+	// a key name and an associated value. For more information about session tags,
+	// see Tagging Amazon Web Services STS Sessions (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
+	// in the IAM User Guide.
+	//
+	// This parameter is optional. You can pass up to 50 session tags. The plaintext
+	// session tag keys can’t exceed 128 characters, and the values can’t exceed
+	// 256 characters. For these and additional limits, see IAM and STS Character
+	// Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length)
+	// in the IAM User Guide.
+	//
+	// An Amazon Web Services conversion compresses the passed inline session policy,
+	// managed policy ARNs, and session tags into a packed binary format that has
+	// a separate limit. Your request can fail for this limit even if your plaintext
+	// meets the other requirements. The PackedPolicySize response element indicates
+	// by percentage how close the policies and tags for your request are to the
+	// upper size limit.
+	//
+	// You can pass a session tag with the same key as a tag that is already attached
+	// to the role. When you do, session tags override a role tag with the same
+	// key.
+	//
+	// Tag key–value pairs are not case sensitive, but case is preserved. This
+	// means that you cannot have separate Department and department tag keys. Assume
+	// that the role has the Department=Marketing tag and you pass the department=engineering
+	// session tag. Department and department are not saved as separate tags, and
+	// the session tag passed in the request takes precedence over the role tag.
+	//
+	// Additionally, if you used temporary credentials to perform this operation,
+	// the new session inherits any transitive session tags from the calling session.
+	// If you pass a session tag with the same key as an inherited tag, the operation
+	// fails. To view the inherited tags for a session, see the CloudTrail logs.
+	// For more information, see Viewing Session Tags in CloudTrail (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_ctlogs)
+	// in the IAM User Guide.
+	Tags []*Tag `type:"list"`
+
+	// The value provided by the MFA device, if the trust policy of the role being
+	// assumed requires MFA. (In other words, if the policy includes a condition
+	// that tests for MFA). If the role being assumed requires MFA and if the TokenCode
+	// value is missing or expired, the AssumeRole call returns an "access denied"
+	// error.
+	//
+	// The format for this parameter, as described by its regex pattern, is a sequence
+	// of six numeric digits.
+	TokenCode *string `min:"6" type:"string"`
+
+	// A list of keys for session tags that you want to set as transitive. If you
+	// set a tag key as transitive, the corresponding key and value passes to subsequent
+	// sessions in a role chain. For more information, see Chaining Roles with Session
+	// Tags (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining)
+	// in the IAM User Guide.
+	//
+	// This parameter is optional. When you set session tags as transitive, the
+	// session policy and session tags packed binary limit is not affected.
+	//
+	// If you choose not to specify a transitive tag key, then no tags are passed
+	// from this session to any subsequent sessions.
+	TransitiveTagKeys []*string `type:"list"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AssumeRoleInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AssumeRoleInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *AssumeRoleInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "AssumeRoleInput"}
+	if s.DurationSeconds != nil && *s.DurationSeconds < 900 {
+		invalidParams.Add(request.NewErrParamMinValue("DurationSeconds", 900))
+	}
+	if s.ExternalId != nil && len(*s.ExternalId) < 2 {
+		invalidParams.Add(request.NewErrParamMinLen("ExternalId", 2))
+	}
+	if s.Policy != nil && len(*s.Policy) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Policy", 1))
+	}
+	if s.RoleArn == nil {
+		invalidParams.Add(request.NewErrParamRequired("RoleArn"))
+	}
+	if s.RoleArn != nil && len(*s.RoleArn) < 20 {
+		invalidParams.Add(request.NewErrParamMinLen("RoleArn", 20))
+	}
+	if s.RoleSessionName == nil {
+		invalidParams.Add(request.NewErrParamRequired("RoleSessionName"))
+	}
+	if s.RoleSessionName != nil && len(*s.RoleSessionName) < 2 {
+		invalidParams.Add(request.NewErrParamMinLen("RoleSessionName", 2))
+	}
+	if s.SerialNumber != nil && len(*s.SerialNumber) < 9 {
+		invalidParams.Add(request.NewErrParamMinLen("SerialNumber", 9))
+	}
+	if s.SourceIdentity != nil && len(*s.SourceIdentity) < 2 {
+		invalidParams.Add(request.NewErrParamMinLen("SourceIdentity", 2))
+	}
+	if s.TokenCode != nil && len(*s.TokenCode) < 6 {
+		invalidParams.Add(request.NewErrParamMinLen("TokenCode", 6))
+	}
+	if s.PolicyArns != nil {
+		for i, v := range s.PolicyArns {
+			if v == nil {
+				continue
+			}
+			if err := v.Validate(); err != nil {
+				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "PolicyArns", i), err.(request.ErrInvalidParams))
+			}
+		}
+	}
+	if s.Tags != nil {
+		for i, v := range s.Tags {
+			if v == nil {
+				continue
+			}
+			if err := v.Validate(); err != nil {
+				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams))
+			}
+		}
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetDurationSeconds sets the DurationSeconds field's value.
+func (s *AssumeRoleInput) SetDurationSeconds(v int64) *AssumeRoleInput {
+	s.DurationSeconds = &v
+	return s
+}
+
+// SetExternalId sets the ExternalId field's value.
+func (s *AssumeRoleInput) SetExternalId(v string) *AssumeRoleInput {
+	s.ExternalId = &v
+	return s
+}
+
+// SetPolicy sets the Policy field's value.
+func (s *AssumeRoleInput) SetPolicy(v string) *AssumeRoleInput {
+	s.Policy = &v
+	return s
+}
+
+// SetPolicyArns sets the PolicyArns field's value.
+func (s *AssumeRoleInput) SetPolicyArns(v []*PolicyDescriptorType) *AssumeRoleInput {
+	s.PolicyArns = v
+	return s
+}
+
+// SetRoleArn sets the RoleArn field's value.
+func (s *AssumeRoleInput) SetRoleArn(v string) *AssumeRoleInput {
+	s.RoleArn = &v
+	return s
+}
+
+// SetRoleSessionName sets the RoleSessionName field's value.
+func (s *AssumeRoleInput) SetRoleSessionName(v string) *AssumeRoleInput {
+	s.RoleSessionName = &v
+	return s
+}
+
+// SetSerialNumber sets the SerialNumber field's value.
+func (s *AssumeRoleInput) SetSerialNumber(v string) *AssumeRoleInput {
+	s.SerialNumber = &v
+	return s
+}
+
+// SetSourceIdentity sets the SourceIdentity field's value.
+func (s *AssumeRoleInput) SetSourceIdentity(v string) *AssumeRoleInput {
+	s.SourceIdentity = &v
+	return s
+}
+
+// SetTags sets the Tags field's value.
+func (s *AssumeRoleInput) SetTags(v []*Tag) *AssumeRoleInput {
+	s.Tags = v
+	return s
+}
+
+// SetTokenCode sets the TokenCode field's value.
+func (s *AssumeRoleInput) SetTokenCode(v string) *AssumeRoleInput {
+	s.TokenCode = &v
+	return s
+}
+
+// SetTransitiveTagKeys sets the TransitiveTagKeys field's value.
+func (s *AssumeRoleInput) SetTransitiveTagKeys(v []*string) *AssumeRoleInput {
+	s.TransitiveTagKeys = v
+	return s
+}
+
+// Contains the response to a successful AssumeRole request, including temporary
+// Amazon Web Services credentials that can be used to make Amazon Web Services
+// requests.
+type AssumeRoleOutput struct {
+	_ struct{} `type:"structure"`
+
+	// The Amazon Resource Name (ARN) and the assumed role ID, which are identifiers
+	// that you can use to refer to the resulting temporary security credentials.
+	// For example, you can reference these credentials as a principal in a resource-based
+	// policy by using the ARN or assumed role ID. The ARN and ID include the RoleSessionName
+	// that you specified when you called AssumeRole.
+	AssumedRoleUser *AssumedRoleUser `type:"structure"`
+
+	// The temporary security credentials, which include an access key ID, a secret
+	// access key, and a security (or session) token.
+	//
+	// The size of the security token that STS API operations return is not fixed.
+	// We strongly recommend that you make no assumptions about the maximum size.
+	Credentials *Credentials `type:"structure"`
+
+	// A percentage value that indicates the packed size of the session policies
+	// and session tags combined passed in the request. The request fails if the
+	// packed size is greater than 100 percent, which means the policies and tags
+	// exceeded the allowed space.
+	PackedPolicySize *int64 `type:"integer"`
+
+	// The source identity specified by the principal that is calling the AssumeRole
+	// operation.
+	//
+	// You can require users to specify a source identity when they assume a role.
+	// You do this by using the sts:SourceIdentity condition key in a role trust
+	// policy. You can use source identity information in CloudTrail logs to determine
+	// who took actions with a role. You can use the aws:SourceIdentity condition
+	// key to further control access to Amazon Web Services resources based on the
+	// value of source identity. For more information about using source identity,
+	// see Monitor and control actions taken with assumed roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html)
+	// in the IAM User Guide.
+	//
+	// The regex used to validate this parameter is a string of characters consisting
+	// of upper- and lower-case alphanumeric characters with no spaces. You can
+	// also include underscores or any of the following characters: =,.@-
+	SourceIdentity *string `min:"2" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AssumeRoleOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AssumeRoleOutput) GoString() string {
+	return s.String()
+}
+
+// SetAssumedRoleUser sets the AssumedRoleUser field's value.
+func (s *AssumeRoleOutput) SetAssumedRoleUser(v *AssumedRoleUser) *AssumeRoleOutput {
+	s.AssumedRoleUser = v
+	return s
+}
+
+// SetCredentials sets the Credentials field's value.
+func (s *AssumeRoleOutput) SetCredentials(v *Credentials) *AssumeRoleOutput {
+	s.Credentials = v
+	return s
+}
+
+// SetPackedPolicySize sets the PackedPolicySize field's value.
+func (s *AssumeRoleOutput) SetPackedPolicySize(v int64) *AssumeRoleOutput {
+	s.PackedPolicySize = &v
+	return s
+}
+
+// SetSourceIdentity sets the SourceIdentity field's value.
+func (s *AssumeRoleOutput) SetSourceIdentity(v string) *AssumeRoleOutput {
+	s.SourceIdentity = &v
+	return s
+}
+
+type AssumeRoleWithSAMLInput struct {
+	_ struct{} `type:"structure"`
+
+	// The duration, in seconds, of the role session. Your role session lasts for
+	// the duration that you specify for the DurationSeconds parameter, or until
+	// the time specified in the SAML authentication response's SessionNotOnOrAfter
+	// value, whichever is shorter. You can provide a DurationSeconds value from
+	// 900 seconds (15 minutes) up to the maximum session duration setting for the
+	// role. This setting can have a value from 1 hour to 12 hours. If you specify
+	// a value higher than this setting, the operation fails. For example, if you
+	// specify a session duration of 12 hours, but your administrator set the maximum
+	// session duration to 6 hours, your operation fails. To learn how to view the
+	// maximum value for your role, see View the Maximum Session Duration Setting
+	// for a Role (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session)
+	// in the IAM User Guide.
+	//
+	// By default, the value is set to 3600 seconds.
+	//
+	// The DurationSeconds parameter is separate from the duration of a console
+	// session that you might request using the returned credentials. The request
+	// to the federation endpoint for a console sign-in token takes a SessionDuration
+	// parameter that specifies the maximum length of the console session. For more
+	// information, see Creating a URL that Enables Federated Users to Access the
+	// Amazon Web Services Management Console (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html)
+	// in the IAM User Guide.
+	DurationSeconds *int64 `min:"900" type:"integer"`
+
+	// An IAM policy in JSON format that you want to use as an inline session policy.
+	//
+	// This parameter is optional. Passing policies to this operation returns new
+	// temporary credentials. The resulting session's permissions are the intersection
+	// of the role's identity-based policy and the session policies. You can use
+	// the role's temporary credentials in subsequent Amazon Web Services API calls
+	// to access resources in the account that owns the role. You cannot use session
+	// policies to grant more permissions than those allowed by the identity-based
+	// policy of the role that is being assumed. For more information, see Session
+	// Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
+	// in the IAM User Guide.
+	//
+	// The plaintext that you use for both inline and managed session policies can't
+	// exceed 2,048 characters. The JSON policy characters can be any ASCII character
+	// from the space character to the end of the valid character list (\u0020 through
+	// \u00FF). It can also include the tab (\u0009), linefeed (\u000A), and carriage
+	// return (\u000D) characters.
+	//
+	// An Amazon Web Services conversion compresses the passed inline session policy,
+	// managed policy ARNs, and session tags into a packed binary format that has
+	// a separate limit. Your request can fail for this limit even if your plaintext
+	// meets the other requirements. The PackedPolicySize response element indicates
+	// by percentage how close the policies and tags for your request are to the
+	// upper size limit.
+	Policy *string `min:"1" type:"string"`
+
+	// The Amazon Resource Names (ARNs) of the IAM managed policies that you want
+	// to use as managed session policies. The policies must exist in the same account
+	// as the role.
+	//
+	// This parameter is optional. You can provide up to 10 managed policy ARNs.
+	// However, the plaintext that you use for both inline and managed session policies
+	// can't exceed 2,048 characters. For more information about ARNs, see Amazon
+	// Resource Names (ARNs) and Amazon Web Services Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+	// in the Amazon Web Services General Reference.
+	//
+	// An Amazon Web Services conversion compresses the passed inline session policy,
+	// managed policy ARNs, and session tags into a packed binary format that has
+	// a separate limit. Your request can fail for this limit even if your plaintext
+	// meets the other requirements. The PackedPolicySize response element indicates
+	// by percentage how close the policies and tags for your request are to the
+	// upper size limit.
+	//
+	// Passing policies to this operation returns new temporary credentials. The
+	// resulting session's permissions are the intersection of the role's identity-based
+	// policy and the session policies. You can use the role's temporary credentials
+	// in subsequent Amazon Web Services API calls to access resources in the account
+	// that owns the role. You cannot use session policies to grant more permissions
+	// than those allowed by the identity-based policy of the role that is being
+	// assumed. For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
+	// in the IAM User Guide.
+	PolicyArns []*PolicyDescriptorType `type:"list"`
+
+	// The Amazon Resource Name (ARN) of the SAML provider in IAM that describes
+	// the IdP.
+	//
+	// PrincipalArn is a required field
+	PrincipalArn *string `min:"20" type:"string" required:"true"`
+
+	// The Amazon Resource Name (ARN) of the role that the caller is assuming.
+	//
+	// RoleArn is a required field
+	RoleArn *string `min:"20" type:"string" required:"true"`
+
+	// The base64 encoded SAML authentication response provided by the IdP.
+	//
+	// For more information, see Configuring a Relying Party and Adding Claims (https://docs.aws.amazon.com/IAM/latest/UserGuide/create-role-saml-IdP-tasks.html)
+	// in the IAM User Guide.
+	//
+	// SAMLAssertion is a sensitive parameter and its value will be
+	// replaced with "sensitive" in string returned by AssumeRoleWithSAMLInput's
+	// String and GoString methods.
+	//
+	// SAMLAssertion is a required field
+	SAMLAssertion *string `min:"4" type:"string" required:"true" sensitive:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AssumeRoleWithSAMLInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AssumeRoleWithSAMLInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *AssumeRoleWithSAMLInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "AssumeRoleWithSAMLInput"}
+	if s.DurationSeconds != nil && *s.DurationSeconds < 900 {
+		invalidParams.Add(request.NewErrParamMinValue("DurationSeconds", 900))
+	}
+	if s.Policy != nil && len(*s.Policy) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Policy", 1))
+	}
+	if s.PrincipalArn == nil {
+		invalidParams.Add(request.NewErrParamRequired("PrincipalArn"))
+	}
+	if s.PrincipalArn != nil && len(*s.PrincipalArn) < 20 {
+		invalidParams.Add(request.NewErrParamMinLen("PrincipalArn", 20))
+	}
+	if s.RoleArn == nil {
+		invalidParams.Add(request.NewErrParamRequired("RoleArn"))
+	}
+	if s.RoleArn != nil && len(*s.RoleArn) < 20 {
+		invalidParams.Add(request.NewErrParamMinLen("RoleArn", 20))
+	}
+	if s.SAMLAssertion == nil {
+		invalidParams.Add(request.NewErrParamRequired("SAMLAssertion"))
+	}
+	if s.SAMLAssertion != nil && len(*s.SAMLAssertion) < 4 {
+		invalidParams.Add(request.NewErrParamMinLen("SAMLAssertion", 4))
+	}
+	if s.PolicyArns != nil {
+		for i, v := range s.PolicyArns {
+			if v == nil {
+				continue
+			}
+			if err := v.Validate(); err != nil {
+				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "PolicyArns", i), err.(request.ErrInvalidParams))
+			}
+		}
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetDurationSeconds sets the DurationSeconds field's value.
+func (s *AssumeRoleWithSAMLInput) SetDurationSeconds(v int64) *AssumeRoleWithSAMLInput {
+	s.DurationSeconds = &v
+	return s
+}
+
+// SetPolicy sets the Policy field's value.
+func (s *AssumeRoleWithSAMLInput) SetPolicy(v string) *AssumeRoleWithSAMLInput {
+	s.Policy = &v
+	return s
+}
+
+// SetPolicyArns sets the PolicyArns field's value.
+func (s *AssumeRoleWithSAMLInput) SetPolicyArns(v []*PolicyDescriptorType) *AssumeRoleWithSAMLInput {
+	s.PolicyArns = v
+	return s
+}
+
+// SetPrincipalArn sets the PrincipalArn field's value.
+func (s *AssumeRoleWithSAMLInput) SetPrincipalArn(v string) *AssumeRoleWithSAMLInput {
+	s.PrincipalArn = &v
+	return s
+}
+
+// SetRoleArn sets the RoleArn field's value.
+func (s *AssumeRoleWithSAMLInput) SetRoleArn(v string) *AssumeRoleWithSAMLInput {
+	s.RoleArn = &v
+	return s
+}
+
+// SetSAMLAssertion sets the SAMLAssertion field's value.
+func (s *AssumeRoleWithSAMLInput) SetSAMLAssertion(v string) *AssumeRoleWithSAMLInput {
+	s.SAMLAssertion = &v
+	return s
+}
+
+// Contains the response to a successful AssumeRoleWithSAML request, including
+// temporary Amazon Web Services credentials that can be used to make Amazon
+// Web Services requests.
+type AssumeRoleWithSAMLOutput struct {
+	_ struct{} `type:"structure"`
+
+	// The identifiers for the temporary security credentials that the operation
+	// returns.
+	AssumedRoleUser *AssumedRoleUser `type:"structure"`
+
+	// The value of the Recipient attribute of the SubjectConfirmationData element
+	// of the SAML assertion.
+	Audience *string `type:"string"`
+
+	// The temporary security credentials, which include an access key ID, a secret
+	// access key, and a security (or session) token.
+	//
+	// The size of the security token that STS API operations return is not fixed.
+	// We strongly recommend that you make no assumptions about the maximum size.
+	Credentials *Credentials `type:"structure"`
+
+	// The value of the Issuer element of the SAML assertion.
+	Issuer *string `type:"string"`
+
+	// A hash value based on the concatenation of the following:
+	//
+	//    * The Issuer response value.
+	//
+	//    * The Amazon Web Services account ID.
+	//
+	//    * The friendly name (the last part of the ARN) of the SAML provider in
+	//    IAM.
+	//
+	// The combination of NameQualifier and Subject can be used to uniquely identify
+	// a user.
+	//
+	// The following pseudocode shows how the hash value is calculated:
+	//
+	// BASE64 ( SHA1 ( "https://example.com/saml" + "123456789012" + "/MySAMLIdP"
+	// ) )
+	NameQualifier *string `type:"string"`
+
+	// A percentage value that indicates the packed size of the session policies
+	// and session tags combined passed in the request. The request fails if the
+	// packed size is greater than 100 percent, which means the policies and tags
+	// exceeded the allowed space.
+	PackedPolicySize *int64 `type:"integer"`
+
+	// The value in the SourceIdentity attribute in the SAML assertion.
+	//
+	// You can require users to set a source identity value when they assume a role.
+	// You do this by using the sts:SourceIdentity condition key in a role trust
+	// policy. That way, actions that are taken with the role are associated with
+	// that user. After the source identity is set, the value cannot be changed.
+	// It is present in the request for all actions that are taken by the role and
+	// persists across chained role (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts#iam-term-role-chaining)
+	// sessions. You can configure your SAML identity provider to use an attribute
+	// associated with your users, like user name or email, as the source identity
+	// when calling AssumeRoleWithSAML. You do this by adding an attribute to the
+	// SAML assertion. For more information about using source identity, see Monitor
+	// and control actions taken with assumed roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html)
+	// in the IAM User Guide.
+	//
+	// The regex used to validate this parameter is a string of characters consisting
+	// of upper- and lower-case alphanumeric characters with no spaces. You can
+	// also include underscores or any of the following characters: =,.@-
+	SourceIdentity *string `min:"2" type:"string"`
+
+	// The value of the NameID element in the Subject element of the SAML assertion.
+	Subject *string `type:"string"`
+
+	// The format of the name ID, as defined by the Format attribute in the NameID
+	// element of the SAML assertion. Typical examples of the format are transient
+	// or persistent.
+	//
+	// If the format includes the prefix urn:oasis:names:tc:SAML:2.0:nameid-format,
+	// that prefix is removed. For example, urn:oasis:names:tc:SAML:2.0:nameid-format:transient
+	// is returned as transient. If the format includes any other prefix, the format
+	// is returned with no modifications.
+	SubjectType *string `type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AssumeRoleWithSAMLOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AssumeRoleWithSAMLOutput) GoString() string {
+	return s.String()
+}
+
+// SetAssumedRoleUser sets the AssumedRoleUser field's value.
+func (s *AssumeRoleWithSAMLOutput) SetAssumedRoleUser(v *AssumedRoleUser) *AssumeRoleWithSAMLOutput {
+	s.AssumedRoleUser = v
+	return s
+}
+
+// SetAudience sets the Audience field's value.
+func (s *AssumeRoleWithSAMLOutput) SetAudience(v string) *AssumeRoleWithSAMLOutput {
+	s.Audience = &v
+	return s
+}
+
+// SetCredentials sets the Credentials field's value.
+func (s *AssumeRoleWithSAMLOutput) SetCredentials(v *Credentials) *AssumeRoleWithSAMLOutput {
+	s.Credentials = v
+	return s
+}
+
+// SetIssuer sets the Issuer field's value.
+func (s *AssumeRoleWithSAMLOutput) SetIssuer(v string) *AssumeRoleWithSAMLOutput {
+	s.Issuer = &v
+	return s
+}
+
+// SetNameQualifier sets the NameQualifier field's value.
+func (s *AssumeRoleWithSAMLOutput) SetNameQualifier(v string) *AssumeRoleWithSAMLOutput {
+	s.NameQualifier = &v
+	return s
+}
+
+// SetPackedPolicySize sets the PackedPolicySize field's value.
+func (s *AssumeRoleWithSAMLOutput) SetPackedPolicySize(v int64) *AssumeRoleWithSAMLOutput {
+	s.PackedPolicySize = &v
+	return s
+}
+
+// SetSourceIdentity sets the SourceIdentity field's value.
+func (s *AssumeRoleWithSAMLOutput) SetSourceIdentity(v string) *AssumeRoleWithSAMLOutput {
+	s.SourceIdentity = &v
+	return s
+}
+
+// SetSubject sets the Subject field's value.
+func (s *AssumeRoleWithSAMLOutput) SetSubject(v string) *AssumeRoleWithSAMLOutput {
+	s.Subject = &v
+	return s
+}
+
+// SetSubjectType sets the SubjectType field's value.
+func (s *AssumeRoleWithSAMLOutput) SetSubjectType(v string) *AssumeRoleWithSAMLOutput {
+	s.SubjectType = &v
+	return s
+}
+
+type AssumeRoleWithWebIdentityInput struct {
+	_ struct{} `type:"structure"`
+
+	// The duration, in seconds, of the role session. The value can range from 900
+	// seconds (15 minutes) up to the maximum session duration setting for the role.
+	// This setting can have a value from 1 hour to 12 hours. If you specify a value
+	// higher than this setting, the operation fails. For example, if you specify
+	// a session duration of 12 hours, but your administrator set the maximum session
+	// duration to 6 hours, your operation fails. To learn how to view the maximum
+	// value for your role, see View the Maximum Session Duration Setting for a
+	// Role (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session)
+	// in the IAM User Guide.
+	//
+	// By default, the value is set to 3600 seconds.
+	//
+	// The DurationSeconds parameter is separate from the duration of a console
+	// session that you might request using the returned credentials. The request
+	// to the federation endpoint for a console sign-in token takes a SessionDuration
+	// parameter that specifies the maximum length of the console session. For more
+	// information, see Creating a URL that Enables Federated Users to Access the
+	// Amazon Web Services Management Console (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html)
+	// in the IAM User Guide.
+	DurationSeconds *int64 `min:"900" type:"integer"`
+
+	// An IAM policy in JSON format that you want to use as an inline session policy.
+	//
+	// This parameter is optional. Passing policies to this operation returns new
+	// temporary credentials. The resulting session's permissions are the intersection
+	// of the role's identity-based policy and the session policies. You can use
+	// the role's temporary credentials in subsequent Amazon Web Services API calls
+	// to access resources in the account that owns the role. You cannot use session
+	// policies to grant more permissions than those allowed by the identity-based
+	// policy of the role that is being assumed. For more information, see Session
+	// Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
+	// in the IAM User Guide.
+	//
+	// The plaintext that you use for both inline and managed session policies can't
+	// exceed 2,048 characters. The JSON policy characters can be any ASCII character
+	// from the space character to the end of the valid character list (\u0020 through
+	// \u00FF). It can also include the tab (\u0009), linefeed (\u000A), and carriage
+	// return (\u000D) characters.
+	//
+	// An Amazon Web Services conversion compresses the passed inline session policy,
+	// managed policy ARNs, and session tags into a packed binary format that has
+	// a separate limit. Your request can fail for this limit even if your plaintext
+	// meets the other requirements. The PackedPolicySize response element indicates
+	// by percentage how close the policies and tags for your request are to the
+	// upper size limit.
+	Policy *string `min:"1" type:"string"`
+
+	// The Amazon Resource Names (ARNs) of the IAM managed policies that you want
+	// to use as managed session policies. The policies must exist in the same account
+	// as the role.
+	//
+	// This parameter is optional. You can provide up to 10 managed policy ARNs.
+	// However, the plaintext that you use for both inline and managed session policies
+	// can't exceed 2,048 characters. For more information about ARNs, see Amazon
+	// Resource Names (ARNs) and Amazon Web Services Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+	// in the Amazon Web Services General Reference.
+	//
+	// An Amazon Web Services conversion compresses the passed inline session policy,
+	// managed policy ARNs, and session tags into a packed binary format that has
+	// a separate limit. Your request can fail for this limit even if your plaintext
+	// meets the other requirements. The PackedPolicySize response element indicates
+	// by percentage how close the policies and tags for your request are to the
+	// upper size limit.
+	//
+	// Passing policies to this operation returns new temporary credentials. The
+	// resulting session's permissions are the intersection of the role's identity-based
+	// policy and the session policies. You can use the role's temporary credentials
+	// in subsequent Amazon Web Services API calls to access resources in the account
+	// that owns the role. You cannot use session policies to grant more permissions
+	// than those allowed by the identity-based policy of the role that is being
+	// assumed. For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
+	// in the IAM User Guide.
+	PolicyArns []*PolicyDescriptorType `type:"list"`
+
+	// The fully qualified host component of the domain name of the OAuth 2.0 identity
+	// provider. Do not specify this value for an OpenID Connect identity provider.
+	//
+	// Currently www.amazon.com and graph.facebook.com are the only supported identity
+	// providers for OAuth 2.0 access tokens. Do not include URL schemes and port
+	// numbers.
+	//
+	// Do not specify this value for OpenID Connect ID tokens.
+	ProviderId *string `min:"4" type:"string"`
+
+	// The Amazon Resource Name (ARN) of the role that the caller is assuming.
+	//
+	// RoleArn is a required field
+	RoleArn *string `min:"20" type:"string" required:"true"`
+
+	// An identifier for the assumed role session. Typically, you pass the name
+	// or identifier that is associated with the user who is using your application.
+	// That way, the temporary security credentials that your application will use
+	// are associated with that user. This session name is included as part of the
+	// ARN and assumed role ID in the AssumedRoleUser response element.
+	//
+	// The regex used to validate this parameter is a string of characters consisting
+	// of upper- and lower-case alphanumeric characters with no spaces. You can
+	// also include underscores or any of the following characters: =,.@-
+	//
+	// RoleSessionName is a required field
+	RoleSessionName *string `min:"2" type:"string" required:"true"`
+
+	// The OAuth 2.0 access token or OpenID Connect ID token that is provided by
+	// the identity provider. Your application must get this token by authenticating
+	// the user who is using your application with a web identity provider before
+	// the application makes an AssumeRoleWithWebIdentity call.
+	//
+	// WebIdentityToken is a sensitive parameter and its value will be
+	// replaced with "sensitive" in string returned by AssumeRoleWithWebIdentityInput's
+	// String and GoString methods.
+	//
+	// WebIdentityToken is a required field
+	WebIdentityToken *string `min:"4" type:"string" required:"true" sensitive:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AssumeRoleWithWebIdentityInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AssumeRoleWithWebIdentityInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *AssumeRoleWithWebIdentityInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "AssumeRoleWithWebIdentityInput"}
+	if s.DurationSeconds != nil && *s.DurationSeconds < 900 {
+		invalidParams.Add(request.NewErrParamMinValue("DurationSeconds", 900))
+	}
+	if s.Policy != nil && len(*s.Policy) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Policy", 1))
+	}
+	if s.ProviderId != nil && len(*s.ProviderId) < 4 {
+		invalidParams.Add(request.NewErrParamMinLen("ProviderId", 4))
+	}
+	if s.RoleArn == nil {
+		invalidParams.Add(request.NewErrParamRequired("RoleArn"))
+	}
+	if s.RoleArn != nil && len(*s.RoleArn) < 20 {
+		invalidParams.Add(request.NewErrParamMinLen("RoleArn", 20))
+	}
+	if s.RoleSessionName == nil {
+		invalidParams.Add(request.NewErrParamRequired("RoleSessionName"))
+	}
+	if s.RoleSessionName != nil && len(*s.RoleSessionName) < 2 {
+		invalidParams.Add(request.NewErrParamMinLen("RoleSessionName", 2))
+	}
+	if s.WebIdentityToken == nil {
+		invalidParams.Add(request.NewErrParamRequired("WebIdentityToken"))
+	}
+	if s.WebIdentityToken != nil && len(*s.WebIdentityToken) < 4 {
+		invalidParams.Add(request.NewErrParamMinLen("WebIdentityToken", 4))
+	}
+	if s.PolicyArns != nil {
+		for i, v := range s.PolicyArns {
+			if v == nil {
+				continue
+			}
+			if err := v.Validate(); err != nil {
+				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "PolicyArns", i), err.(request.ErrInvalidParams))
+			}
+		}
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetDurationSeconds sets the DurationSeconds field's value.
+func (s *AssumeRoleWithWebIdentityInput) SetDurationSeconds(v int64) *AssumeRoleWithWebIdentityInput {
+	s.DurationSeconds = &v
+	return s
+}
+
+// SetPolicy sets the Policy field's value.
+func (s *AssumeRoleWithWebIdentityInput) SetPolicy(v string) *AssumeRoleWithWebIdentityInput {
+	s.Policy = &v
+	return s
+}
+
+// SetPolicyArns sets the PolicyArns field's value.
+func (s *AssumeRoleWithWebIdentityInput) SetPolicyArns(v []*PolicyDescriptorType) *AssumeRoleWithWebIdentityInput {
+	s.PolicyArns = v
+	return s
+}
+
+// SetProviderId sets the ProviderId field's value.
+func (s *AssumeRoleWithWebIdentityInput) SetProviderId(v string) *AssumeRoleWithWebIdentityInput {
+	s.ProviderId = &v
+	return s
+}
+
+// SetRoleArn sets the RoleArn field's value.
+func (s *AssumeRoleWithWebIdentityInput) SetRoleArn(v string) *AssumeRoleWithWebIdentityInput {
+	s.RoleArn = &v
+	return s
+}
+
+// SetRoleSessionName sets the RoleSessionName field's value.
+func (s *AssumeRoleWithWebIdentityInput) SetRoleSessionName(v string) *AssumeRoleWithWebIdentityInput {
+	s.RoleSessionName = &v
+	return s
+}
+
+// SetWebIdentityToken sets the WebIdentityToken field's value.
+func (s *AssumeRoleWithWebIdentityInput) SetWebIdentityToken(v string) *AssumeRoleWithWebIdentityInput {
+	s.WebIdentityToken = &v
+	return s
+}
+
+// Contains the response to a successful AssumeRoleWithWebIdentity request,
+// including temporary Amazon Web Services credentials that can be used to make
+// Amazon Web Services requests.
+type AssumeRoleWithWebIdentityOutput struct {
+	_ struct{} `type:"structure"`
+
+	// The Amazon Resource Name (ARN) and the assumed role ID, which are identifiers
+	// that you can use to refer to the resulting temporary security credentials.
+	// For example, you can reference these credentials as a principal in a resource-based
+	// policy by using the ARN or assumed role ID. The ARN and ID include the RoleSessionName
+	// that you specified when you called AssumeRole.
+	AssumedRoleUser *AssumedRoleUser `type:"structure"`
+
+	// The intended audience (also known as client ID) of the web identity token.
+	// This is traditionally the client identifier issued to the application that
+	// requested the web identity token.
+	Audience *string `type:"string"`
+
+	// The temporary security credentials, which include an access key ID, a secret
+	// access key, and a security token.
+	//
+	// The size of the security token that STS API operations return is not fixed.
+	// We strongly recommend that you make no assumptions about the maximum size.
+	Credentials *Credentials `type:"structure"`
+
+	// A percentage value that indicates the packed size of the session policies
+	// and session tags combined passed in the request. The request fails if the
+	// packed size is greater than 100 percent, which means the policies and tags
+	// exceeded the allowed space.
+	PackedPolicySize *int64 `type:"integer"`
+
+	// The issuing authority of the web identity token presented. For OpenID Connect
+	// ID tokens, this contains the value of the iss field. For OAuth 2.0 access
+	// tokens, this contains the value of the ProviderId parameter that was passed
+	// in the AssumeRoleWithWebIdentity request.
+	Provider *string `type:"string"`
+
+	// The value of the source identity that is returned in the JSON web token (JWT)
+	// from the identity provider.
+	//
+	// You can require users to set a source identity value when they assume a role.
+	// You do this by using the sts:SourceIdentity condition key in a role trust
+	// policy. That way, actions that are taken with the role are associated with
+	// that user. After the source identity is set, the value cannot be changed.
+	// It is present in the request for all actions that are taken by the role and
+	// persists across chained role (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts#iam-term-role-chaining)
+	// sessions. You can configure your identity provider to use an attribute associated
+	// with your users, like user name or email, as the source identity when calling
+	// AssumeRoleWithWebIdentity. You do this by adding a claim to the JSON web
+	// token. To learn more about OIDC tokens and claims, see Using Tokens with
+	// User Pools (https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-using-tokens-with-identity-providers.html)
+	// in the Amazon Cognito Developer Guide. For more information about using source
+	// identity, see Monitor and control actions taken with assumed roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html)
+	// in the IAM User Guide.
+	//
+	// The regex used to validate this parameter is a string of characters consisting
+	// of upper- and lower-case alphanumeric characters with no spaces. You can
+	// also include underscores or any of the following characters: =,.@-
+	SourceIdentity *string `min:"2" type:"string"`
+
+	// The unique user identifier that is returned by the identity provider. This
+	// identifier is associated with the WebIdentityToken that was submitted with
+	// the AssumeRoleWithWebIdentity call. The identifier is typically unique to
+	// the user and the application that acquired the WebIdentityToken (pairwise
+	// identifier). For OpenID Connect ID tokens, this field contains the value
+	// returned by the identity provider as the token's sub (Subject) claim.
+	SubjectFromWebIdentityToken *string `min:"6" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AssumeRoleWithWebIdentityOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AssumeRoleWithWebIdentityOutput) GoString() string {
+	return s.String()
+}
+
+// SetAssumedRoleUser sets the AssumedRoleUser field's value.
+func (s *AssumeRoleWithWebIdentityOutput) SetAssumedRoleUser(v *AssumedRoleUser) *AssumeRoleWithWebIdentityOutput {
+	s.AssumedRoleUser = v
+	return s
+}
+
+// SetAudience sets the Audience field's value.
+func (s *AssumeRoleWithWebIdentityOutput) SetAudience(v string) *AssumeRoleWithWebIdentityOutput {
+	s.Audience = &v
+	return s
+}
+
+// SetCredentials sets the Credentials field's value.
+func (s *AssumeRoleWithWebIdentityOutput) SetCredentials(v *Credentials) *AssumeRoleWithWebIdentityOutput {
+	s.Credentials = v
+	return s
+}
+
+// SetPackedPolicySize sets the PackedPolicySize field's value.
+func (s *AssumeRoleWithWebIdentityOutput) SetPackedPolicySize(v int64) *AssumeRoleWithWebIdentityOutput {
+	s.PackedPolicySize = &v
+	return s
+}
+
+// SetProvider sets the Provider field's value.
+func (s *AssumeRoleWithWebIdentityOutput) SetProvider(v string) *AssumeRoleWithWebIdentityOutput {
+	s.Provider = &v
+	return s
+}
+
+// SetSourceIdentity sets the SourceIdentity field's value.
+func (s *AssumeRoleWithWebIdentityOutput) SetSourceIdentity(v string) *AssumeRoleWithWebIdentityOutput {
+	s.SourceIdentity = &v
+	return s
+}
+
+// SetSubjectFromWebIdentityToken sets the SubjectFromWebIdentityToken field's value.
+func (s *AssumeRoleWithWebIdentityOutput) SetSubjectFromWebIdentityToken(v string) *AssumeRoleWithWebIdentityOutput {
+	s.SubjectFromWebIdentityToken = &v
+	return s
+}
+
+// The identifiers for the temporary security credentials that the operation
+// returns.
+type AssumedRoleUser struct {
+	_ struct{} `type:"structure"`
+
+	// The ARN of the temporary security credentials that are returned from the
+	// AssumeRole action. For more information about ARNs and how to use them in
+	// policies, see IAM Identifiers (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html)
+	// in the IAM User Guide.
+	//
+	// Arn is a required field
+	Arn *string `min:"20" type:"string" required:"true"`
+
+	// A unique identifier that contains the role ID and the role session name of
+	// the role that is being assumed. The role ID is generated by Amazon Web Services
+	// when the role is created.
+	//
+	// AssumedRoleId is a required field
+	AssumedRoleId *string `min:"2" type:"string" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AssumedRoleUser) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AssumedRoleUser) GoString() string {
+	return s.String()
+}
+
+// SetArn sets the Arn field's value.
+func (s *AssumedRoleUser) SetArn(v string) *AssumedRoleUser {
+	s.Arn = &v
+	return s
+}
+
+// SetAssumedRoleId sets the AssumedRoleId field's value.
+func (s *AssumedRoleUser) SetAssumedRoleId(v string) *AssumedRoleUser {
+	s.AssumedRoleId = &v
+	return s
+}
+
+// Amazon Web Services credentials for API authentication.
+type Credentials struct {
+	_ struct{} `type:"structure"`
+
+	// The access key ID that identifies the temporary security credentials.
+	//
+	// AccessKeyId is a required field
+	AccessKeyId *string `min:"16" type:"string" required:"true"`
+
+	// The date on which the current credentials expire.
+	//
+	// Expiration is a required field
+	Expiration *time.Time `type:"timestamp" required:"true"`
+
+	// The secret access key that can be used to sign requests.
+	//
+	// SecretAccessKey is a sensitive parameter and its value will be
+	// replaced with "sensitive" in string returned by Credentials's
+	// String and GoString methods.
+	//
+	// SecretAccessKey is a required field
+	SecretAccessKey *string `type:"string" required:"true" sensitive:"true"`
+
+	// The token that users must pass to the service API to use the temporary credentials.
+	//
+	// SessionToken is a required field
+	SessionToken *string `type:"string" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s Credentials) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s Credentials) GoString() string {
+	return s.String()
+}
+
+// SetAccessKeyId sets the AccessKeyId field's value.
+func (s *Credentials) SetAccessKeyId(v string) *Credentials {
+	s.AccessKeyId = &v
+	return s
+}
+
+// SetExpiration sets the Expiration field's value.
+func (s *Credentials) SetExpiration(v time.Time) *Credentials {
+	s.Expiration = &v
+	return s
+}
+
+// SetSecretAccessKey sets the SecretAccessKey field's value.
+func (s *Credentials) SetSecretAccessKey(v string) *Credentials {
+	s.SecretAccessKey = &v
+	return s
+}
+
+// SetSessionToken sets the SessionToken field's value.
+func (s *Credentials) SetSessionToken(v string) *Credentials {
+	s.SessionToken = &v
+	return s
+}
+
+type DecodeAuthorizationMessageInput struct {
+	_ struct{} `type:"structure"`
+
+	// The encoded message that was returned with the response.
+	//
+	// EncodedMessage is a required field
+	EncodedMessage *string `min:"1" type:"string" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DecodeAuthorizationMessageInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DecodeAuthorizationMessageInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *DecodeAuthorizationMessageInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "DecodeAuthorizationMessageInput"}
+	if s.EncodedMessage == nil {
+		invalidParams.Add(request.NewErrParamRequired("EncodedMessage"))
+	}
+	if s.EncodedMessage != nil && len(*s.EncodedMessage) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("EncodedMessage", 1))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetEncodedMessage sets the EncodedMessage field's value.
+func (s *DecodeAuthorizationMessageInput) SetEncodedMessage(v string) *DecodeAuthorizationMessageInput {
+	s.EncodedMessage = &v
+	return s
+}
+
+// A document that contains additional information about the authorization status
+// of a request from an encoded message that is returned in response to an Amazon
+// Web Services request.
+type DecodeAuthorizationMessageOutput struct {
+	_ struct{} `type:"structure"`
+
+	// The API returns a response with the decoded message.
+	DecodedMessage *string `type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DecodeAuthorizationMessageOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DecodeAuthorizationMessageOutput) GoString() string {
+	return s.String()
+}
+
+// SetDecodedMessage sets the DecodedMessage field's value.
+func (s *DecodeAuthorizationMessageOutput) SetDecodedMessage(v string) *DecodeAuthorizationMessageOutput {
+	s.DecodedMessage = &v
+	return s
+}
+
+// Identifiers for the federated user that is associated with the credentials.
+type FederatedUser struct {
+	_ struct{} `type:"structure"`
+
+	// The ARN that specifies the federated user that is associated with the credentials.
+	// For more information about ARNs and how to use them in policies, see IAM
+	// Identifiers (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html)
+	// in the IAM User Guide.
+	//
+	// Arn is a required field
+	Arn *string `min:"20" type:"string" required:"true"`
+
+	// The string that identifies the federated user associated with the credentials,
+	// similar to the unique ID of an IAM user.
+	//
+	// FederatedUserId is a required field
+	FederatedUserId *string `min:"2" type:"string" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s FederatedUser) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s FederatedUser) GoString() string {
+	return s.String()
+}
+
+// SetArn sets the Arn field's value.
+func (s *FederatedUser) SetArn(v string) *FederatedUser {
+	s.Arn = &v
+	return s
+}
+
+// SetFederatedUserId sets the FederatedUserId field's value.
+func (s *FederatedUser) SetFederatedUserId(v string) *FederatedUser {
+	s.FederatedUserId = &v
+	return s
+}
+
+type GetAccessKeyInfoInput struct {
+	_ struct{} `type:"structure"`
+
+	// The identifier of an access key.
+	//
+	// This parameter allows (through its regex pattern) a string of characters
+	// that can consist of any upper- or lowercase letter or digit.
+	//
+	// AccessKeyId is a required field
+	AccessKeyId *string `min:"16" type:"string" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetAccessKeyInfoInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetAccessKeyInfoInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *GetAccessKeyInfoInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "GetAccessKeyInfoInput"}
+	if s.AccessKeyId == nil {
+		invalidParams.Add(request.NewErrParamRequired("AccessKeyId"))
+	}
+	if s.AccessKeyId != nil && len(*s.AccessKeyId) < 16 {
+		invalidParams.Add(request.NewErrParamMinLen("AccessKeyId", 16))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetAccessKeyId sets the AccessKeyId field's value.
+func (s *GetAccessKeyInfoInput) SetAccessKeyId(v string) *GetAccessKeyInfoInput {
+	s.AccessKeyId = &v
+	return s
+}
+
+type GetAccessKeyInfoOutput struct {
+	_ struct{} `type:"structure"`
+
+	// The number used to identify the Amazon Web Services account.
+	Account *string `type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetAccessKeyInfoOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetAccessKeyInfoOutput) GoString() string {
+	return s.String()
+}
+
+// SetAccount sets the Account field's value.
+func (s *GetAccessKeyInfoOutput) SetAccount(v string) *GetAccessKeyInfoOutput {
+	s.Account = &v
+	return s
+}
+
+type GetCallerIdentityInput struct {
+	_ struct{} `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetCallerIdentityInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetCallerIdentityInput) GoString() string {
+	return s.String()
+}
+
+// Contains the response to a successful GetCallerIdentity request, including
+// information about the entity making the request.
+type GetCallerIdentityOutput struct {
+	_ struct{} `type:"structure"`
+
+	// The Amazon Web Services account ID number of the account that owns or contains
+	// the calling entity.
+	Account *string `type:"string"`
+
+	// The Amazon Web Services ARN associated with the calling entity.
+	Arn *string `min:"20" type:"string"`
+
+	// The unique identifier of the calling entity. The exact value depends on the
+	// type of entity that is making the call. The values returned are those listed
+	// in the aws:userid column in the Principal table (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_variables.html#principaltable)
+	// found on the Policy Variables reference page in the IAM User Guide.
+	UserId *string `type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetCallerIdentityOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetCallerIdentityOutput) GoString() string {
+	return s.String()
+}
+
+// SetAccount sets the Account field's value.
+func (s *GetCallerIdentityOutput) SetAccount(v string) *GetCallerIdentityOutput {
+	s.Account = &v
+	return s
+}
+
+// SetArn sets the Arn field's value.
+func (s *GetCallerIdentityOutput) SetArn(v string) *GetCallerIdentityOutput {
+	s.Arn = &v
+	return s
+}
+
+// SetUserId sets the UserId field's value.
+func (s *GetCallerIdentityOutput) SetUserId(v string) *GetCallerIdentityOutput {
+	s.UserId = &v
+	return s
+}
+
+type GetFederationTokenInput struct {
+	_ struct{} `type:"structure"`
+
+	// The duration, in seconds, that the session should last. Acceptable durations
+	// for federation sessions range from 900 seconds (15 minutes) to 129,600 seconds
+	// (36 hours), with 43,200 seconds (12 hours) as the default. Sessions obtained
+	// using root user credentials are restricted to a maximum of 3,600 seconds
+	// (one hour). If the specified duration is longer than one hour, the session
+	// obtained by using root user credentials defaults to one hour.
+	DurationSeconds *int64 `min:"900" type:"integer"`
+
+	// The name of the federated user. The name is used as an identifier for the
+	// temporary security credentials (such as Bob). For example, you can reference
+	// the federated user name in a resource-based policy, such as in an Amazon
+	// S3 bucket policy.
+	//
+	// The regex used to validate this parameter is a string of characters consisting
+	// of upper- and lower-case alphanumeric characters with no spaces. You can
+	// also include underscores or any of the following characters: =,.@-
+	//
+	// Name is a required field
+	Name *string `min:"2" type:"string" required:"true"`
+
+	// An IAM policy in JSON format that you want to use as an inline session policy.
+	//
+	// You must pass an inline or managed session policy (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
+	// to this operation. You can pass a single JSON policy document to use as an
+	// inline session policy. You can also specify up to 10 managed policy Amazon
+	// Resource Names (ARNs) to use as managed session policies.
+	//
+	// This parameter is optional. However, if you do not pass any session policies,
+	// then the resulting federated user session has no permissions.
+	//
+	// When you pass session policies, the session permissions are the intersection
+	// of the IAM user policies and the session policies that you pass. This gives
+	// you a way to further restrict the permissions for a federated user. You cannot
+	// use session policies to grant more permissions than those that are defined
+	// in the permissions policy of the IAM user. For more information, see Session
+	// Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
+	// in the IAM User Guide.
+	//
+	// The resulting credentials can be used to access a resource that has a resource-based
+	// policy. If that policy specifically references the federated user session
+	// in the Principal element of the policy, the session has the permissions allowed
+	// by the policy. These permissions are granted in addition to the permissions
+	// that are granted by the session policies.
+	//
+	// The plaintext that you use for both inline and managed session policies can't
+	// exceed 2,048 characters. The JSON policy characters can be any ASCII character
+	// from the space character to the end of the valid character list (\u0020 through
+	// \u00FF). It can also include the tab (\u0009), linefeed (\u000A), and carriage
+	// return (\u000D) characters.
+	//
+	// An Amazon Web Services conversion compresses the passed inline session policy,
+	// managed policy ARNs, and session tags into a packed binary format that has
+	// a separate limit. Your request can fail for this limit even if your plaintext
+	// meets the other requirements. The PackedPolicySize response element indicates
+	// by percentage how close the policies and tags for your request are to the
+	// upper size limit.
+	Policy *string `min:"1" type:"string"`
+
+	// The Amazon Resource Names (ARNs) of the IAM managed policies that you want
+	// to use as a managed session policy. The policies must exist in the same account
+	// as the IAM user that is requesting federated access.
+	//
+	// You must pass an inline or managed session policy (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
+	// to this operation. You can pass a single JSON policy document to use as an
+	// inline session policy. You can also specify up to 10 managed policy Amazon
+	// Resource Names (ARNs) to use as managed session policies. The plaintext that
+	// you use for both inline and managed session policies can't exceed 2,048 characters.
+	// You can provide up to 10 managed policy ARNs. For more information about
+	// ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces
+	// (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+	// in the Amazon Web Services General Reference.
+	//
+	// This parameter is optional. However, if you do not pass any session policies,
+	// then the resulting federated user session has no permissions.
+	//
+	// When you pass session policies, the session permissions are the intersection
+	// of the IAM user policies and the session policies that you pass. This gives
+	// you a way to further restrict the permissions for a federated user. You cannot
+	// use session policies to grant more permissions than those that are defined
+	// in the permissions policy of the IAM user. For more information, see Session
+	// Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
+	// in the IAM User Guide.
+	//
+	// The resulting credentials can be used to access a resource that has a resource-based
+	// policy. If that policy specifically references the federated user session
+	// in the Principal element of the policy, the session has the permissions allowed
+	// by the policy. These permissions are granted in addition to the permissions
+	// that are granted by the session policies.
+	//
+	// An Amazon Web Services conversion compresses the passed inline session policy,
+	// managed policy ARNs, and session tags into a packed binary format that has
+	// a separate limit. Your request can fail for this limit even if your plaintext
+	// meets the other requirements. The PackedPolicySize response element indicates
+	// by percentage how close the policies and tags for your request are to the
+	// upper size limit.
+	PolicyArns []*PolicyDescriptorType `type:"list"`
+
+	// A list of session tags. Each session tag consists of a key name and an associated
+	// value. For more information about session tags, see Passing Session Tags
+	// in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
+	// in the IAM User Guide.
+	//
+	// This parameter is optional. You can pass up to 50 session tags. The plaintext
+	// session tag keys can’t exceed 128 characters and the values can’t exceed
+	// 256 characters. For these and additional limits, see IAM and STS Character
+	// Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length)
+	// in the IAM User Guide.
+	//
+	// An Amazon Web Services conversion compresses the passed inline session policy,
+	// managed policy ARNs, and session tags into a packed binary format that has
+	// a separate limit. Your request can fail for this limit even if your plaintext
+	// meets the other requirements. The PackedPolicySize response element indicates
+	// by percentage how close the policies and tags for your request are to the
+	// upper size limit.
+	//
+	// You can pass a session tag with the same key as a tag that is already attached
+	// to the user you are federating. When you do, session tags override a user
+	// tag with the same key.
+	//
+	// Tag key–value pairs are not case sensitive, but case is preserved. This
+	// means that you cannot have separate Department and department tag keys. Assume
+	// that the role has the Department=Marketing tag and you pass the department=engineering
+	// session tag. Department and department are not saved as separate tags, and
+	// the session tag passed in the request takes precedence over the role tag.
+	Tags []*Tag `type:"list"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetFederationTokenInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetFederationTokenInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *GetFederationTokenInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "GetFederationTokenInput"}
+	if s.DurationSeconds != nil && *s.DurationSeconds < 900 {
+		invalidParams.Add(request.NewErrParamMinValue("DurationSeconds", 900))
+	}
+	if s.Name == nil {
+		invalidParams.Add(request.NewErrParamRequired("Name"))
+	}
+	if s.Name != nil && len(*s.Name) < 2 {
+		invalidParams.Add(request.NewErrParamMinLen("Name", 2))
+	}
+	if s.Policy != nil && len(*s.Policy) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Policy", 1))
+	}
+	if s.PolicyArns != nil {
+		for i, v := range s.PolicyArns {
+			if v == nil {
+				continue
+			}
+			if err := v.Validate(); err != nil {
+				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "PolicyArns", i), err.(request.ErrInvalidParams))
+			}
+		}
+	}
+	if s.Tags != nil {
+		for i, v := range s.Tags {
+			if v == nil {
+				continue
+			}
+			if err := v.Validate(); err != nil {
+				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams))
+			}
+		}
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetDurationSeconds sets the DurationSeconds field's value.
+func (s *GetFederationTokenInput) SetDurationSeconds(v int64) *GetFederationTokenInput {
+	s.DurationSeconds = &v
+	return s
+}
+
+// SetName sets the Name field's value.
+func (s *GetFederationTokenInput) SetName(v string) *GetFederationTokenInput {
+	s.Name = &v
+	return s
+}
+
+// SetPolicy sets the Policy field's value.
+func (s *GetFederationTokenInput) SetPolicy(v string) *GetFederationTokenInput {
+	s.Policy = &v
+	return s
+}
+
+// SetPolicyArns sets the PolicyArns field's value.
+func (s *GetFederationTokenInput) SetPolicyArns(v []*PolicyDescriptorType) *GetFederationTokenInput {
+	s.PolicyArns = v
+	return s
+}
+
+// SetTags sets the Tags field's value.
+func (s *GetFederationTokenInput) SetTags(v []*Tag) *GetFederationTokenInput {
+	s.Tags = v
+	return s
+}
+
+// Contains the response to a successful GetFederationToken request, including
+// temporary Amazon Web Services credentials that can be used to make Amazon
+// Web Services requests.
+type GetFederationTokenOutput struct {
+	_ struct{} `type:"structure"`
+
+	// The temporary security credentials, which include an access key ID, a secret
+	// access key, and a security (or session) token.
+	//
+	// The size of the security token that STS API operations return is not fixed.
+	// We strongly recommend that you make no assumptions about the maximum size.
+	Credentials *Credentials `type:"structure"`
+
+	// Identifiers for the federated user associated with the credentials (such
+	// as arn:aws:sts::123456789012:federated-user/Bob or 123456789012:Bob). You
+	// can use the federated user's ARN in your resource-based policies, such as
+	// an Amazon S3 bucket policy.
+	FederatedUser *FederatedUser `type:"structure"`
+
+	// A percentage value that indicates the packed size of the session policies
+	// and session tags combined passed in the request. The request fails if the
+	// packed size is greater than 100 percent, which means the policies and tags
+	// exceeded the allowed space.
+	PackedPolicySize *int64 `type:"integer"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetFederationTokenOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetFederationTokenOutput) GoString() string {
+	return s.String()
+}
+
+// SetCredentials sets the Credentials field's value.
+func (s *GetFederationTokenOutput) SetCredentials(v *Credentials) *GetFederationTokenOutput {
+	s.Credentials = v
+	return s
+}
+
+// SetFederatedUser sets the FederatedUser field's value.
+func (s *GetFederationTokenOutput) SetFederatedUser(v *FederatedUser) *GetFederationTokenOutput {
+	s.FederatedUser = v
+	return s
+}
+
+// SetPackedPolicySize sets the PackedPolicySize field's value.
+func (s *GetFederationTokenOutput) SetPackedPolicySize(v int64) *GetFederationTokenOutput {
+	s.PackedPolicySize = &v
+	return s
+}
+
+type GetSessionTokenInput struct {
+	_ struct{} `type:"structure"`
+
+	// The duration, in seconds, that the credentials should remain valid. Acceptable
+	// durations for IAM user sessions range from 900 seconds (15 minutes) to 129,600
+	// seconds (36 hours), with 43,200 seconds (12 hours) as the default. Sessions
+	// for Amazon Web Services account owners are restricted to a maximum of 3,600
+	// seconds (one hour). If the duration is longer than one hour, the session
+	// for Amazon Web Services account owners defaults to one hour.
+	DurationSeconds *int64 `min:"900" type:"integer"`
+
+	// The identification number of the MFA device that is associated with the IAM
+	// user who is making the GetSessionToken call. Specify this value if the IAM
+	// user has a policy that requires MFA authentication. The value is either the
+	// serial number for a hardware device (such as GAHT12345678) or an Amazon Resource
+	// Name (ARN) for a virtual device (such as arn:aws:iam::123456789012:mfa/user).
+	// You can find the device for an IAM user by going to the Amazon Web Services
+	// Management Console and viewing the user's security credentials.
+	//
+	// The regex used to validate this parameter is a string of characters consisting
+	// of upper- and lower-case alphanumeric characters with no spaces. You can
+	// also include underscores or any of the following characters: =,.@:/-
+	SerialNumber *string `min:"9" type:"string"`
+
+	// The value provided by the MFA device, if MFA is required. If any policy requires
+	// the IAM user to submit an MFA code, specify this value. If MFA authentication
+	// is required, the user must provide a code when requesting a set of temporary
+	// security credentials. A user who fails to provide the code receives an "access
+	// denied" response when requesting resources that require MFA authentication.
+	//
+	// The format for this parameter, as described by its regex pattern, is a sequence
+	// of six numeric digits.
+	TokenCode *string `min:"6" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetSessionTokenInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetSessionTokenInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *GetSessionTokenInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "GetSessionTokenInput"}
+	if s.DurationSeconds != nil && *s.DurationSeconds < 900 {
+		invalidParams.Add(request.NewErrParamMinValue("DurationSeconds", 900))
+	}
+	if s.SerialNumber != nil && len(*s.SerialNumber) < 9 {
+		invalidParams.Add(request.NewErrParamMinLen("SerialNumber", 9))
+	}
+	if s.TokenCode != nil && len(*s.TokenCode) < 6 {
+		invalidParams.Add(request.NewErrParamMinLen("TokenCode", 6))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetDurationSeconds sets the DurationSeconds field's value.
+func (s *GetSessionTokenInput) SetDurationSeconds(v int64) *GetSessionTokenInput {
+	s.DurationSeconds = &v
+	return s
+}
+
+// SetSerialNumber sets the SerialNumber field's value.
+func (s *GetSessionTokenInput) SetSerialNumber(v string) *GetSessionTokenInput {
+	s.SerialNumber = &v
+	return s
+}
+
+// SetTokenCode sets the TokenCode field's value.
+func (s *GetSessionTokenInput) SetTokenCode(v string) *GetSessionTokenInput {
+	s.TokenCode = &v
+	return s
+}
+
+// Contains the response to a successful GetSessionToken request, including
+// temporary Amazon Web Services credentials that can be used to make Amazon
+// Web Services requests.
+type GetSessionTokenOutput struct {
+	_ struct{} `type:"structure"`
+
+	// The temporary security credentials, which include an access key ID, a secret
+	// access key, and a security (or session) token.
+	//
+	// The size of the security token that STS API operations return is not fixed.
+	// We strongly recommend that you make no assumptions about the maximum size.
+	Credentials *Credentials `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetSessionTokenOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetSessionTokenOutput) GoString() string {
+	return s.String()
+}
+
+// SetCredentials sets the Credentials field's value.
+func (s *GetSessionTokenOutput) SetCredentials(v *Credentials) *GetSessionTokenOutput {
+	s.Credentials = v
+	return s
+}
+
+// A reference to the IAM managed policy that is passed as a session policy
+// for a role session or a federated user session.
+type PolicyDescriptorType struct {
+	_ struct{} `type:"structure"`
+
+	// The Amazon Resource Name (ARN) of the IAM managed policy to use as a session
+	// policy for the role. For more information about ARNs, see Amazon Resource
+	// Names (ARNs) and Amazon Web Services Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+	// in the Amazon Web Services General Reference.
+	Arn *string `locationName:"arn" min:"20" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PolicyDescriptorType) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PolicyDescriptorType) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *PolicyDescriptorType) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "PolicyDescriptorType"}
+	if s.Arn != nil && len(*s.Arn) < 20 {
+		invalidParams.Add(request.NewErrParamMinLen("Arn", 20))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetArn sets the Arn field's value.
+func (s *PolicyDescriptorType) SetArn(v string) *PolicyDescriptorType {
+	s.Arn = &v
+	return s
+}
+
+// You can pass custom key-value pair attributes when you assume a role or federate
+// a user. These are called session tags. You can then use the session tags
+// to control access to resources. For more information, see Tagging Amazon
+// Web Services STS Sessions (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
+// in the IAM User Guide.
+type Tag struct {
+	_ struct{} `type:"structure"`
+
+	// The key for a session tag.
+	//
+	// You can pass up to 50 session tags. The plain text session tag keys can’t
+	// exceed 128 characters. For these and additional limits, see IAM and STS Character
+	// Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length)
+	// in the IAM User Guide.
+	//
+	// Key is a required field
+	Key *string `min:"1" type:"string" required:"true"`
+
+	// The value for a session tag.
+	//
+	// You can pass up to 50 session tags. The plain text session tag values can’t
+	// exceed 256 characters. For these and additional limits, see IAM and STS Character
+	// Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length)
+	// in the IAM User Guide.
+	//
+	// Value is a required field
+	Value *string `type:"string" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s Tag) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s Tag) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *Tag) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "Tag"}
+	if s.Key == nil {
+		invalidParams.Add(request.NewErrParamRequired("Key"))
+	}
+	if s.Key != nil && len(*s.Key) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("Key", 1))
+	}
+	if s.Value == nil {
+		invalidParams.Add(request.NewErrParamRequired("Value"))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetKey sets the Key field's value.
+func (s *Tag) SetKey(v string) *Tag {
+	s.Key = &v
+	return s
+}
+
+// SetValue sets the Value field's value.
+func (s *Tag) SetValue(v string) *Tag {
+	s.Value = &v
+	return s
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/service/sts/customizations.go b/vendor/github.com/aws/aws-sdk-go/service/sts/customizations.go
new file mode 100644
index 000000000..d5307fcaa
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/service/sts/customizations.go
@@ -0,0 +1,11 @@
+package sts
+
+import "github.com/aws/aws-sdk-go/aws/request"
+
+func init() {
+	initRequest = customizeRequest
+}
+
+func customizeRequest(r *request.Request) {
+	r.RetryErrorCodes = append(r.RetryErrorCodes, ErrCodeIDPCommunicationErrorException)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/service/sts/doc.go b/vendor/github.com/aws/aws-sdk-go/service/sts/doc.go
new file mode 100644
index 000000000..ea1d9eb0c
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/service/sts/doc.go
@@ -0,0 +1,31 @@
+// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
+
+// Package sts provides the client and types for making API
+// requests to AWS Security Token Service.
+//
+// Security Token Service (STS) enables you to request temporary, limited-privilege
+// credentials for users. This guide provides descriptions of the STS API. For
+// more information about using this service, see Temporary Security Credentials
+// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html).
+//
+// See https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15 for more information on this service.
+//
+// See sts package documentation for more information.
+// https://docs.aws.amazon.com/sdk-for-go/api/service/sts/
+//
+// # Using the Client
+//
+// To contact AWS Security Token Service with the SDK use the New function to create
+// a new service client. With that client you can make API requests to the service.
+// These clients are safe to use concurrently.
+//
+// See the SDK's documentation for more information on how to use the SDK.
+// https://docs.aws.amazon.com/sdk-for-go/api/
+//
+// See aws.Config documentation for more information on configuring SDK clients.
+// https://docs.aws.amazon.com/sdk-for-go/api/aws/#Config
+//
+// See the AWS Security Token Service client STS for more
+// information on creating client for this service.
+// https://docs.aws.amazon.com/sdk-for-go/api/service/sts/#New
+package sts
diff --git a/vendor/github.com/aws/aws-sdk-go/service/sts/errors.go b/vendor/github.com/aws/aws-sdk-go/service/sts/errors.go
new file mode 100644
index 000000000..b680bbd5d
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/service/sts/errors.go
@@ -0,0 +1,84 @@
+// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
+
+package sts
+
+const (
+
+	// ErrCodeExpiredTokenException for service response error code
+	// "ExpiredTokenException".
+	//
+	// The web identity token that was passed is expired or is not valid. Get a
+	// new identity token from the identity provider and then retry the request.
+	ErrCodeExpiredTokenException = "ExpiredTokenException"
+
+	// ErrCodeIDPCommunicationErrorException for service response error code
+	// "IDPCommunicationError".
+	//
+	// The request could not be fulfilled because the identity provider (IDP) that
+	// was asked to verify the incoming identity token could not be reached. This
+	// is often a transient error caused by network conditions. Retry the request
+	// a limited number of times so that you don't exceed the request rate. If the
+	// error persists, the identity provider might be down or not responding.
+	ErrCodeIDPCommunicationErrorException = "IDPCommunicationError"
+
+	// ErrCodeIDPRejectedClaimException for service response error code
+	// "IDPRejectedClaim".
+	//
+	// The identity provider (IdP) reported that authentication failed. This might
+	// be because the claim is invalid.
+	//
+	// If this error is returned for the AssumeRoleWithWebIdentity operation, it
+	// can also mean that the claim has expired or has been explicitly revoked.
+	ErrCodeIDPRejectedClaimException = "IDPRejectedClaim"
+
+	// ErrCodeInvalidAuthorizationMessageException for service response error code
+	// "InvalidAuthorizationMessageException".
+	//
+	// The error returned if the message passed to DecodeAuthorizationMessage was
+	// invalid. This can happen if the token contains invalid characters, such as
+	// linebreaks.
+	ErrCodeInvalidAuthorizationMessageException = "InvalidAuthorizationMessageException"
+
+	// ErrCodeInvalidIdentityTokenException for service response error code
+	// "InvalidIdentityToken".
+	//
+	// The web identity token that was passed could not be validated by Amazon Web
+	// Services. Get a new identity token from the identity provider and then retry
+	// the request.
+	ErrCodeInvalidIdentityTokenException = "InvalidIdentityToken"
+
+	// ErrCodeMalformedPolicyDocumentException for service response error code
+	// "MalformedPolicyDocument".
+	//
+	// The request was rejected because the policy document was malformed. The error
+	// message describes the specific error.
+	ErrCodeMalformedPolicyDocumentException = "MalformedPolicyDocument"
+
+	// ErrCodePackedPolicyTooLargeException for service response error code
+	// "PackedPolicyTooLarge".
+	//
+	// The request was rejected because the total packed size of the session policies
+	// and session tags combined was too large. An Amazon Web Services conversion
+	// compresses the session policy document, session policy ARNs, and session
+	// tags into a packed binary format that has a separate limit. The error message
+	// indicates by percentage how close the policies and tags are to the upper
+	// size limit. For more information, see Passing Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
+	// in the IAM User Guide.
+	//
+	// You could receive this error even though you meet other defined session policy
+	// and session tag limits. For more information, see IAM and STS Entity Character
+	// Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-limits-entity-length)
+	// in the IAM User Guide.
+	ErrCodePackedPolicyTooLargeException = "PackedPolicyTooLarge"
+
+	// ErrCodeRegionDisabledException for service response error code
+	// "RegionDisabledException".
+	//
+	// STS is not activated in the requested region for the account that is being
+	// asked to generate credentials. The account administrator must use the IAM
+	// console to activate STS in that region. For more information, see Activating
+	// and Deactivating Amazon Web Services STS in an Amazon Web Services Region
+	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html)
+	// in the IAM User Guide.
+	ErrCodeRegionDisabledException = "RegionDisabledException"
+)
diff --git a/vendor/github.com/aws/aws-sdk-go/service/sts/service.go b/vendor/github.com/aws/aws-sdk-go/service/sts/service.go
new file mode 100644
index 000000000..12327d053
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/service/sts/service.go
@@ -0,0 +1,104 @@
+// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
+
+package sts
+
+import (
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/client"
+	"github.com/aws/aws-sdk-go/aws/client/metadata"
+	"github.com/aws/aws-sdk-go/aws/request"
+	"github.com/aws/aws-sdk-go/aws/signer/v4"
+	"github.com/aws/aws-sdk-go/private/protocol/query"
+)
+
+// STS provides the API operation methods for making requests to
+// AWS Security Token Service. See this package's package overview docs
+// for details on the service.
+//
+// STS methods are safe to use concurrently. It is not safe to
+// modify mutate any of the struct's properties though.
+type STS struct {
+	*client.Client
+}
+
+// Used for custom client initialization logic
+var initClient func(*client.Client)
+
+// Used for custom request initialization logic
+var initRequest func(*request.Request)
+
+// Service information constants
+const (
+	ServiceName = "sts"       // Name of service.
+	EndpointsID = ServiceName // ID to lookup a service endpoint with.
+	ServiceID   = "STS"       // ServiceID is a unique identifier of a specific service.
+)
+
+// New creates a new instance of the STS client with a session.
+// If additional configuration is needed for the client instance use the optional
+// aws.Config parameter to add your extra config.
+//
+// Example:
+//
+//	mySession := session.Must(session.NewSession())
+//
+//	// Create a STS client from just a session.
+//	svc := sts.New(mySession)
+//
+//	// Create a STS client with additional configuration
+//	svc := sts.New(mySession, aws.NewConfig().WithRegion("us-west-2"))
+func New(p client.ConfigProvider, cfgs ...*aws.Config) *STS {
+	c := p.ClientConfig(EndpointsID, cfgs...)
+	if c.SigningNameDerived || len(c.SigningName) == 0 {
+		c.SigningName = EndpointsID
+		// No Fallback
+	}
+	return newClient(*c.Config, c.Handlers, c.PartitionID, c.Endpoint, c.SigningRegion, c.SigningName, c.ResolvedRegion)
+}
+
+// newClient creates, initializes and returns a new service client instance.
+func newClient(cfg aws.Config, handlers request.Handlers, partitionID, endpoint, signingRegion, signingName, resolvedRegion string) *STS {
+	svc := &STS{
+		Client: client.New(
+			cfg,
+			metadata.ClientInfo{
+				ServiceName:    ServiceName,
+				ServiceID:      ServiceID,
+				SigningName:    signingName,
+				SigningRegion:  signingRegion,
+				PartitionID:    partitionID,
+				Endpoint:       endpoint,
+				APIVersion:     "2011-06-15",
+				ResolvedRegion: resolvedRegion,
+			},
+			handlers,
+		),
+	}
+
+	// Handlers
+	svc.Handlers.Sign.PushBackNamed(v4.SignRequestHandler)
+	svc.Handlers.Build.PushBackNamed(query.BuildHandler)
+	svc.Handlers.Unmarshal.PushBackNamed(query.UnmarshalHandler)
+	svc.Handlers.UnmarshalMeta.PushBackNamed(query.UnmarshalMetaHandler)
+	svc.Handlers.UnmarshalError.PushBackNamed(query.UnmarshalErrorHandler)
+
+	// Run custom client initialization if present
+	if initClient != nil {
+		initClient(svc.Client)
+	}
+
+	return svc
+}
+
+// newRequest creates a new request for a STS operation and runs any
+// custom request initialization.
+func (c *STS) newRequest(op *request.Operation, params, data interface{}) *request.Request {
+	req := c.NewRequest(op, params, data)
+
+	// Run custom request initialization if present
+	if initRequest != nil {
+		initRequest(req)
+	}
+
+	return req
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/service/sts/stsiface/interface.go b/vendor/github.com/aws/aws-sdk-go/service/sts/stsiface/interface.go
new file mode 100644
index 000000000..bf06b2e7d
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/service/sts/stsiface/interface.go
@@ -0,0 +1,96 @@
+// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
+
+// Package stsiface provides an interface to enable mocking the AWS Security Token Service service client
+// for testing your code.
+//
+// It is important to note that this interface will have breaking changes
+// when the service model is updated and adds new API operations, paginators,
+// and waiters.
+package stsiface
+
+import (
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/request"
+	"github.com/aws/aws-sdk-go/service/sts"
+)
+
+// STSAPI provides an interface to enable mocking the
+// sts.STS service client's API operation,
+// paginators, and waiters. This make unit testing your code that calls out
+// to the SDK's service client's calls easier.
+//
+// The best way to use this interface is so the SDK's service client's calls
+// can be stubbed out for unit testing your code with the SDK without needing
+// to inject custom request handlers into the SDK's request pipeline.
+//
+//	// myFunc uses an SDK service client to make a request to
+//	// AWS Security Token Service.
+//	func myFunc(svc stsiface.STSAPI) bool {
+//	    // Make svc.AssumeRole request
+//	}
+//
+//	func main() {
+//	    sess := session.New()
+//	    svc := sts.New(sess)
+//
+//	    myFunc(svc)
+//	}
+//
+// In your _test.go file:
+//
+//	// Define a mock struct to be used in your unit tests of myFunc.
+//	type mockSTSClient struct {
+//	    stsiface.STSAPI
+//	}
+//	func (m *mockSTSClient) AssumeRole(input *sts.AssumeRoleInput) (*sts.AssumeRoleOutput, error) {
+//	    // mock response/functionality
+//	}
+//
+//	func TestMyFunc(t *testing.T) {
+//	    // Setup Test
+//	    mockSvc := &mockSTSClient{}
+//
+//	    myfunc(mockSvc)
+//
+//	    // Verify myFunc's functionality
+//	}
+//
+// It is important to note that this interface will have breaking changes
+// when the service model is updated and adds new API operations, paginators,
+// and waiters. Its suggested to use the pattern above for testing, or using
+// tooling to generate mocks to satisfy the interfaces.
+type STSAPI interface {
+	AssumeRole(*sts.AssumeRoleInput) (*sts.AssumeRoleOutput, error)
+	AssumeRoleWithContext(aws.Context, *sts.AssumeRoleInput, ...request.Option) (*sts.AssumeRoleOutput, error)
+	AssumeRoleRequest(*sts.AssumeRoleInput) (*request.Request, *sts.AssumeRoleOutput)
+
+	AssumeRoleWithSAML(*sts.AssumeRoleWithSAMLInput) (*sts.AssumeRoleWithSAMLOutput, error)
+	AssumeRoleWithSAMLWithContext(aws.Context, *sts.AssumeRoleWithSAMLInput, ...request.Option) (*sts.AssumeRoleWithSAMLOutput, error)
+	AssumeRoleWithSAMLRequest(*sts.AssumeRoleWithSAMLInput) (*request.Request, *sts.AssumeRoleWithSAMLOutput)
+
+	AssumeRoleWithWebIdentity(*sts.AssumeRoleWithWebIdentityInput) (*sts.AssumeRoleWithWebIdentityOutput, error)
+	AssumeRoleWithWebIdentityWithContext(aws.Context, *sts.AssumeRoleWithWebIdentityInput, ...request.Option) (*sts.AssumeRoleWithWebIdentityOutput, error)
+	AssumeRoleWithWebIdentityRequest(*sts.AssumeRoleWithWebIdentityInput) (*request.Request, *sts.AssumeRoleWithWebIdentityOutput)
+
+	DecodeAuthorizationMessage(*sts.DecodeAuthorizationMessageInput) (*sts.DecodeAuthorizationMessageOutput, error)
+	DecodeAuthorizationMessageWithContext(aws.Context, *sts.DecodeAuthorizationMessageInput, ...request.Option) (*sts.DecodeAuthorizationMessageOutput, error)
+	DecodeAuthorizationMessageRequest(*sts.DecodeAuthorizationMessageInput) (*request.Request, *sts.DecodeAuthorizationMessageOutput)
+
+	GetAccessKeyInfo(*sts.GetAccessKeyInfoInput) (*sts.GetAccessKeyInfoOutput, error)
+	GetAccessKeyInfoWithContext(aws.Context, *sts.GetAccessKeyInfoInput, ...request.Option) (*sts.GetAccessKeyInfoOutput, error)
+	GetAccessKeyInfoRequest(*sts.GetAccessKeyInfoInput) (*request.Request, *sts.GetAccessKeyInfoOutput)
+
+	GetCallerIdentity(*sts.GetCallerIdentityInput) (*sts.GetCallerIdentityOutput, error)
+	GetCallerIdentityWithContext(aws.Context, *sts.GetCallerIdentityInput, ...request.Option) (*sts.GetCallerIdentityOutput, error)
+	GetCallerIdentityRequest(*sts.GetCallerIdentityInput) (*request.Request, *sts.GetCallerIdentityOutput)
+
+	GetFederationToken(*sts.GetFederationTokenInput) (*sts.GetFederationTokenOutput, error)
+	GetFederationTokenWithContext(aws.Context, *sts.GetFederationTokenInput, ...request.Option) (*sts.GetFederationTokenOutput, error)
+	GetFederationTokenRequest(*sts.GetFederationTokenInput) (*request.Request, *sts.GetFederationTokenOutput)
+
+	GetSessionToken(*sts.GetSessionTokenInput) (*sts.GetSessionTokenOutput, error)
+	GetSessionTokenWithContext(aws.Context, *sts.GetSessionTokenInput, ...request.Option) (*sts.GetSessionTokenOutput, error)
+	GetSessionTokenRequest(*sts.GetSessionTokenInput) (*request.Request, *sts.GetSessionTokenOutput)
+}
+
+var _ STSAPI = (*sts.STS)(nil)
diff --git a/vendor/github.com/bshuster-repo/logrus-logstash-hook/.gitignore b/vendor/github.com/bshuster-repo/logrus-logstash-hook/.gitignore
new file mode 100644
index 000000000..420672329
--- /dev/null
+++ b/vendor/github.com/bshuster-repo/logrus-logstash-hook/.gitignore
@@ -0,0 +1,26 @@
+# Compiled Object files, Static and Dynamic libs (Shared Objects)
+*.o
+*.a
+*.so
+
+# Folders
+_obj
+_test
+.idea
+
+# Architecture specific extensions/prefixes
+*.[568vq]
+[568vq].out
+
+*.cgo1.go
+*.cgo2.c
+_cgo_defun.c
+_cgo_gotypes.go
+_cgo_export.*
+
+_testmain.go
+
+*.exe
+*.test
+*.prof
+*.iml
diff --git a/vendor/github.com/bshuster-repo/logrus-logstash-hook/.travis.yml b/vendor/github.com/bshuster-repo/logrus-logstash-hook/.travis.yml
new file mode 100644
index 000000000..0df15979a
--- /dev/null
+++ b/vendor/github.com/bshuster-repo/logrus-logstash-hook/.travis.yml
@@ -0,0 +1,16 @@
+language: go
+sudo: false
+
+go:
+  - "1.11.x"
+  - "1.12.x"
+  - "tip"
+
+install:
+  - # Skip
+
+script:
+  - go get -t -v ./...
+  - diff -u <(echo -n) <(gofmt -d .)
+  - go vet .
+  - go test -v -race ./...
diff --git a/vendor/github.com/bshuster-repo/logrus-logstash-hook/CHANGELOG.md b/vendor/github.com/bshuster-repo/logrus-logstash-hook/CHANGELOG.md
new file mode 100644
index 000000000..293d799a4
--- /dev/null
+++ b/vendor/github.com/bshuster-repo/logrus-logstash-hook/CHANGELOG.md
@@ -0,0 +1,24 @@
+# Changelog
+
+## 1.0
+
+ * Remove the old API: `NewConnWith`, `WithPrefix` and etc and move to a simple `New` function.
+ * Prefix is no longer supported in this package.
+ * Change the Hook structure to have only two members: `logrus.Formatter` and `io.Writer`.
+
+## 0.4
+
+ * Update the name of the package from `logrus_logstash` to `logrustash`
+ * Add TimeFormat to Hook
+ * Replace the old logrus package path: `github.com/Sirupsen/logrus` with `github.com/sirupsen/logrus` 
+
+## 0.3
+
+ * Fix the Logstash format to set `@version` to `"1"`
+ * Add unit-tests to logstash.go
+ * Remove the assert package
+ * Add prefix filtering
+
+## Before that (major changes)
+
+ * Update LICENSE to MIT from GPL
diff --git a/vendor/github.com/bshuster-repo/logrus-logstash-hook/LICENSE b/vendor/github.com/bshuster-repo/logrus-logstash-hook/LICENSE
new file mode 100644
index 000000000..3fb4442f8
--- /dev/null
+++ b/vendor/github.com/bshuster-repo/logrus-logstash-hook/LICENSE
@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2016 Boaz Shuster
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
\ No newline at end of file
diff --git a/vendor/github.com/bshuster-repo/logrus-logstash-hook/README.md b/vendor/github.com/bshuster-repo/logrus-logstash-hook/README.md
new file mode 100644
index 000000000..f5cf16382
--- /dev/null
+++ b/vendor/github.com/bshuster-repo/logrus-logstash-hook/README.md
@@ -0,0 +1,58 @@
+# Logstash hook for logrus <img src="http://i.imgur.com/hTeVwmJ.png" width="40" height="40" alt=":walrus:" class="emoji" title=":walrus:" />
+[![Build Status](https://travis-ci.org/bshuster-repo/logrus-logstash-hook.svg?branch=master)](https://travis-ci.org/bshuster-repo/logrus-logstash-hook)
+[![Go Report Status](https://goreportcard.com/badge/github.com/bshuster-repo/logrus-logstash-hook)](https://goreportcard.com/report/github.com/bshuster-repo/logrus-logstash-hook)
+
+Use this hook to send the logs to [Logstash](https://www.elastic.co/products/logstash).
+
+# Usage
+
+```go
+package main
+
+import (
+        "github.com/bshuster-repo/logrus-logstash-hook"
+        "github.com/sirupsen/logrus"
+        "net"
+)
+
+func main() {
+        log := logrus.New()
+        conn, err := net.Dial("tcp", "logstash.mycompany.net:8911")
+        if err != nil {
+                log.Fatal(err)
+        }
+        hook := logrustash.New(conn, logrustash.DefaultFormatter(logrus.Fields{"type": "myappName"}))
+
+        log.Hooks.Add(hook)
+        ctx := log.WithFields(logrus.Fields{
+                "method": "main",
+        })
+        ctx.Info("Hello World!")
+}
+
+```
+
+This is how it will look like:
+
+```ruby
+{
+    "@timestamp" => "2016-02-29T16:57:23.000Z",
+      "@version" => "1",
+         "level" => "info",
+       "message" => "Hello World!",
+        "method" => "main",
+          "host" => "172.17.0.1",
+          "port" => 45199,
+          "type" => "myappName"
+}
+```
+
+# Maintainers
+
+Name         | Github    | Twitter    |
+------------ | --------- | ---------- |
+Boaz Shuster | ripcurld0 | @ripcurld0 |
+
+# License
+
+MIT.
diff --git a/vendor/github.com/bshuster-repo/logrus-logstash-hook/hook.go b/vendor/github.com/bshuster-repo/logrus-logstash-hook/hook.go
new file mode 100644
index 000000000..cd229a75e
--- /dev/null
+++ b/vendor/github.com/bshuster-repo/logrus-logstash-hook/hook.go
@@ -0,0 +1,126 @@
+package logrustash
+
+import (
+	"io"
+	"sync"
+
+	"github.com/sirupsen/logrus"
+)
+
+// Hook represents a Logstash hook.
+// It has two fields: writer to write the entry to Logstash and
+// formatter to format the entry to a Logstash format before sending.
+//
+// To initialize it use the `New` function.
+//
+type Hook struct {
+	writer    io.Writer
+	formatter logrus.Formatter
+}
+
+// New returns a new logrus.Hook for Logstash.
+//
+// To create a new hook that sends logs to `tcp://logstash.corp.io:9999`:
+//
+// conn, _ := net.Dial("tcp", "logstash.corp.io:9999")
+// hook := logrustash.New(conn, logrustash.DefaultFormatter())
+func New(w io.Writer, f logrus.Formatter) logrus.Hook {
+	return Hook{
+		writer:    w,
+		formatter: f,
+	}
+}
+
+// Fire takes, formats and sends the entry to Logstash.
+// Hook's formatter is used to format the entry into Logstash format
+// and Hook's writer is used to write the formatted entry to the Logstash instance.
+func (h Hook) Fire(e *logrus.Entry) error {
+	dataBytes, err := h.formatter.Format(e)
+	if err != nil {
+		return err
+	}
+	_, err = h.writer.Write(dataBytes)
+	return err
+}
+
+// Levels returns all logrus levels.
+func (h Hook) Levels() []logrus.Level {
+	return logrus.AllLevels
+}
+
+// Using a pool to re-use of old entries when formatting Logstash messages.
+// It is used in the Fire function.
+var entryPool = sync.Pool{
+	New: func() interface{} {
+		return &logrus.Entry{}
+	},
+}
+
+// copyEntry copies the entry `e` to a new entry and then adds all the fields in `fields` that are missing in the new entry data.
+// It uses `entryPool` to re-use allocated entries.
+func copyEntry(e *logrus.Entry, fields logrus.Fields) *logrus.Entry {
+	ne := entryPool.Get().(*logrus.Entry)
+	ne.Message = e.Message
+	ne.Level = e.Level
+	ne.Time = e.Time
+	ne.Data = logrus.Fields{}
+	for k, v := range fields {
+		ne.Data[k] = v
+	}
+	for k, v := range e.Data {
+		ne.Data[k] = v
+	}
+	return ne
+}
+
+// releaseEntry puts the given entry back to `entryPool`. It must be called if copyEntry is called.
+func releaseEntry(e *logrus.Entry) {
+	entryPool.Put(e)
+}
+
+// LogstashFormatter represents a Logstash format.
+// It has logrus.Formatter which formats the entry and logrus.Fields which
+// are added to the JSON message if not given in the entry data.
+//
+// Note: use the `DefaultFormatter` function to set a default Logstash formatter.
+type LogstashFormatter struct {
+	logrus.Formatter
+	logrus.Fields
+}
+
+var (
+	logstashFields   = logrus.Fields{"@version": "1", "type": "log"}
+	logstashFieldMap = logrus.FieldMap{
+		logrus.FieldKeyTime: "@timestamp",
+		logrus.FieldKeyMsg:  "message",
+	}
+)
+
+// DefaultFormatter returns a default Logstash formatter:
+// A JSON format with "@version" set to "1" (unless set differently in `fields`,
+// "type" to "log" (unless set differently in `fields`),
+// "@timestamp" to the log time and "message" to the log message.
+//
+// Note: to set a different configuration use the `LogstashFormatter` structure.
+func DefaultFormatter(fields logrus.Fields) logrus.Formatter {
+	for k, v := range logstashFields {
+		if _, ok := fields[k]; !ok {
+			fields[k] = v
+		}
+	}
+
+	return LogstashFormatter{
+		Formatter: &logrus.JSONFormatter{FieldMap: logstashFieldMap},
+		Fields:    fields,
+	}
+}
+
+// Format formats an entry to a Logstash format according to the given Formatter and Fields.
+//
+// Note: the given entry is copied and not changed during the formatting process.
+func (f LogstashFormatter) Format(e *logrus.Entry) ([]byte, error) {
+	ne := copyEntry(e, f.Fields)
+	dataBytes, err := f.Formatter.Format(ne)
+	releaseEntry(ne)
+	return dataBytes, err
+}
diff --git a/vendor/github.com/bugsnag/bugsnag-go/.travis.yml b/vendor/github.com/bugsnag/bugsnag-go/.travis.yml
new file mode 100644
index 000000000..ddf3c136c
--- /dev/null
+++ b/vendor/github.com/bugsnag/bugsnag-go/.travis.yml
@@ -0,0 +1,13 @@
+language: go
+
+go:
+  - 1.3
+  - 1.4
+  - tip
+
+install:
+  - go get github.com/bugsnag/panicwrap
+  - go get github.com/bugsnag/osext
+  - go get github.com/bitly/go-simplejson
+  - go get github.com/revel/revel
+  - go get github.com/juju/loggo
diff --git a/vendor/github.com/bugsnag/bugsnag-go/CHANGELOG.md b/vendor/github.com/bugsnag/bugsnag-go/CHANGELOG.md
new file mode 100644
index 000000000..79f736f00
--- /dev/null
+++ b/vendor/github.com/bugsnag/bugsnag-go/CHANGELOG.md
@@ -0,0 +1,22 @@
+1.0.4
+-----
+
+- Fix appengine integration broken by 1.0.3
+
+1.0.3
+-----
+
+- Allow any Logger with a Printf method.
+
+1.0.2
+-----
+
+- Use bugsnag copies of dependencies to avoid potential link rot
+
+1.0.1
+-----
+
+- gofmt/golint/govet docs improvements.
+
+1.0.0
+-----
diff --git a/vendor/github.com/bugsnag/bugsnag-go/CONTRIBUTING.md b/vendor/github.com/bugsnag/bugsnag-go/CONTRIBUTING.md
new file mode 100644
index 000000000..a665b401e
--- /dev/null
+++ b/vendor/github.com/bugsnag/bugsnag-go/CONTRIBUTING.md
@@ -0,0 +1,78 @@
+Contributing
+============
+
+-   [Fork](https://help.github.com/articles/fork-a-repo) the [notifier on github](https://github.com/bugsnag/bugsnag-go)
+-   Build and test your changes
+-   Commit and push until you are happy with your contribution
+-   [Make a pull request](https://help.github.com/articles/using-pull-requests)
+-   Thanks!
+
+
+Installing the go development environment
+-------------------------------------
+
+1.  Install homebrew
+
+    ```
+    ruby -e "$(curl -fsSL https://raw.github.com/Homebrew/homebrew/go/install)"
+    ```
+
+1. Install go
+
+    ```
+    brew install go --cross-compile-all
+    ```
+
+1. Configure `$GOPATH` in `~/.bashrc`
+
+    ```
+    export GOPATH="$HOME/go"
+    export PATH=$PATH:$GOPATH/bin
+    ```
+
+Installing the appengine development environment
+------------------------------------------------
+
+1. Follow the [Google instructions](https://cloud.google.com/appengine/downloads).
+
+Downloading the code
+--------------------
+
+You can download the code and its dependencies using
+
+```
+go get -t github.com/bugsnag/bugsnag-go
+```
+
+It will be put into "$GOPATH/src/github.com/bugsnag/bugsnag-go"
+
+Then install depend
+
+
+Running Tests
+-------------
+
+You can run the tests with
+
+```shell
+go test
+```
+
+If you've made significant changes, please also test the appengine integration with
+
+```shell
+goapp test
+```
+
+Releasing a New Version
+-----------------------
+
+If you are a project maintainer, you can build and release a new version of
+`bugsnag-go` as follows:
+
+1. Commit all your changes.
+2. Update the version number in `bugsnag.go`.
+3. Add an entry to `CHANGELOG.md` and update the README if necessary.
+4. commit tag and push
+
+    git commit -mv1.0.x && git tag v1.0.x && git push origin v1.0.x
diff --git a/vendor/github.com/bugsnag/bugsnag-go/LICENSE.txt b/vendor/github.com/bugsnag/bugsnag-go/LICENSE.txt
new file mode 100644
index 000000000..3cb0ec0ff
--- /dev/null
+++ b/vendor/github.com/bugsnag/bugsnag-go/LICENSE.txt
@@ -0,0 +1,20 @@
+Copyright (c) 2014 Bugsnag
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/vendor/github.com/bugsnag/bugsnag-go/Makefile b/vendor/github.com/bugsnag/bugsnag-go/Makefile
new file mode 100644
index 000000000..fbe61b67f
--- /dev/null
+++ b/vendor/github.com/bugsnag/bugsnag-go/Makefile
@@ -0,0 +1,2 @@
+default:
+	go test
diff --git a/vendor/github.com/bugsnag/bugsnag-go/README.md b/vendor/github.com/bugsnag/bugsnag-go/README.md
new file mode 100644
index 000000000..2b770fff0
--- /dev/null
+++ b/vendor/github.com/bugsnag/bugsnag-go/README.md
@@ -0,0 +1,522 @@
+Bugsnag Notifier for Golang
+===========================
+
+The Bugsnag Notifier for Golang gives you instant notification of panics, or
+unexpected errors, in your golang app. Any unhandled panics will trigger a
+notification to be sent to your Bugsnag project.
+
+[Bugsnag](http://bugsnag.com) captures errors in real-time from your web,
+mobile and desktop applications, helping you to understand and resolve them
+as fast as possible. [Create a free account](http://bugsnag.com) to start
+capturing exceptions from your applications.
+
+## How to Install
+
+1. Download the code
+
+    ```shell
+    go get github.com/bugsnag/bugsnag-go
+    ```
+
+### Using with net/http apps
+
+For a golang app based on [net/http](https://godoc.org/net/http), integrating
+Bugsnag takes two steps. You should also use these instructions if you're using
+the [gorilla toolkit](http://www.gorillatoolkit.org/), or the
+[pat](https://github.com/bmizerany/pat/) muxer.
+
+1. Configure bugsnag at the start of your `main()` function:
+
+    ```go
+    import "github.com/bugsnag/bugsnag-go"
+
+    func main() {
+        bugsnag.Configure(bugsnag.Configuration{
+            APIKey: "YOUR_API_KEY_HERE",
+            ReleaseStage: "production",
+            // more configuration options
+        })
+
+        // rest of your program.
+    }
+    ```
+
+2. Wrap your server in a [bugsnag.Handler](https://godoc.org/github.com/bugsnag/bugsnag-go/#Handler)
+
+    ```go
+    // a. If you're using the builtin http mux, you can just pass
+    //    bugsnag.Handler(nil) to http.ListenAndServer
+    http.ListenAndServe(":8080", bugsnag.Handler(nil))
+
+    // b. If you're creating a server manually yourself, you can set
+    //    its handlers the same way
+    srv := http.Server{
+        Handler: bugsnag.Handler(nil)
+    }
+
+    // c. If you're not using the builtin http mux, wrap your own handler
+    // (though make sure that it doesn't already catch panics)
+    http.ListenAndServe(":8080", bugsnag.Handler(handler))
+    ```
+
+### Using with Revel apps
+
+There are two steps to get panic handling in [revel](https://revel.github.io) apps.
+
+1. Add the `bugsnagrevel.Filter` immediately after the `revel.PanicFilter` in `app/init.go`:
+
+    ```go
+
+    import "github.com/bugsnag/bugsnag-go/revel"
+
+    revel.Filters = []revel.Filter{
+        revel.PanicFilter,
+        bugsnagrevel.Filter,
+        // ...
+    }
+    ```
+
+2. Set bugsnag.apikey in the top section of `conf/app.conf`.
+
+    ```
+    module.static=github.com/revel/revel/modules/static
+
+    bugsnag.apikey=YOUR_API_KEY_HERE
+
+    [dev]
+    ```
+
+### Using with Google App Engine
+
+1. Configure bugsnag at the start of your `init()` function:
+
+    ```go
+    import "github.com/bugsnag/bugsnag-go"
+
+    func init() {
+        bugsnag.Configure(bugsnag.Configuration{
+            APIKey: "YOUR_API_KEY_HERE",
+        })
+
+        // ...
+    }
+    ```
+
+2. Wrap *every* http.Handler or http.HandlerFunc with Bugsnag:
+
+    ```go
+    // a. If you're using HandlerFuncs
+    http.HandleFunc("/", bugsnag.HandlerFunc(
+        func (w http.ResponseWriter, r *http.Request) {
+            // ...
+        }))
+
+    // b. If you're using Handlers
+    http.Handle("/", bugsnag.Handler(myHttpHandler))
+    ```
+
+3. In order to use Bugsnag, you must provide the current
+[`appengine.Context`](https://developers.google.com/appengine/docs/go/reference#Context), or
+current `*http.Request` as rawData (This is done automatically for `bugsnag.Handler` and `bugsnag.HandlerFunc`).
+The easiest way to do this is to create a new instance of the notifier.
+
+    ```go
+    c := appengine.NewContext(r)
+    notifier := bugsnag.New(c)
+
+    if err != nil {
+        notifier.Notify(err)
+    }
+
+    go func () {
+        defer notifier.Recover()
+
+        // ...
+    }()
+    ```
+
+
+## Notifying Bugsnag manually
+
+Bugsnag will automatically handle any panics that crash your program and notify
+you of them. If you've integrated with `revel` or `net/http`, then you'll also
+be notified of any panics() that happen while processing a request.
+
+Sometimes however it's useful to manually notify Bugsnag of a problem. To do this,
+call [`bugsnag.Notify()`](https://godoc.org/github.com/bugsnag/bugsnag-go/#Notify)
+
+```go
+if err != nil {
+    bugsnag.Notify(err)
+}
+```
+
+### Manual panic handling
+
+To avoid a panic in a goroutine from crashing your entire app, you can use
+[`bugsnag.Recover()`](https://godoc.org/github.com/bugsnag/bugsnag-go/#Recover)
+to stop a panic from unwinding the stack any further. When `Recover()` is hit,
+it will send any current panic to Bugsnag and then stop panicking. This is
+most useful at the start of a goroutine:
+
+```go
+go func() {
+    defer bugsnag.Recover()
+
+    // ...
+}()
+```
+
+Alternatively you can use
+[`bugsnag.AutoNotify()`](https://godoc.org/github.com/bugsnag/bugsnag-go/#Recover)
+to notify bugsnag of a panic while letting the program continue to panic. This
+is useful if you're using a Framework that already has some handling of panics
+and you are retrofitting bugsnag support.
+
+```go
+defer bugsnag.AutoNotify()
+```
+
+## Sending Custom Data
+
+Most functions in the Bugsnag API, including `bugsnag.Notify()`,
+`bugsnag.Recover()`, `bugsnag.AutoNotify()`, and `bugsnag.Handler()` let you
+attach data to the notifications that they send. To do this you pass in rawData,
+which can be any of the supported types listed here. To add support for more
+types of rawData see [OnBeforeNotify](#custom-data-with-onbeforenotify).
+
+### Custom MetaData
+
+Custom metaData appears as tabs on Bugsnag.com. You can set it by passing
+a [`bugsnag.MetaData`](https://godoc.org/github.com/bugsnag/bugsnag-go/#MetaData)
+object as rawData.
+
+```go
+bugsnag.Notify(err,
+    bugsnag.MetaData{
+        "Account": {
+            "Name": Account.Name,
+            "Paying": Account.Plan.Premium,
+        },
+    })
+```
+
+### Request data
+
+Bugsnag can extract interesting data from
+[`*http.Request`](https://godoc.org/net/http/#Request) objects, and
+[`*revel.Controller`](https://godoc.org/github.com/revel/revel/#Controller)
+objects. These are automatically passed in when handling panics, and you can
+pass them yourself.
+
+```go
+func (w http.ResponseWriter, r *http.Request) {
+    bugsnag.Notify(err, r)
+}
+```
+
+### User data
+
+User data is searchable, and the `Id` powers the count of users affected. You
+can set which user an error affects by passing a
+[`bugsnag.User`](https://godoc.org/github.com/bugsnag/bugsnag-go/#User) object as
+rawData.
+
+```go
+bugsnag.Notify(err,
+    bugsnag.User{Id: "1234", Name: "Conrad", Email: "me@cirw.in"})
+```
+
+### Error Class
+
+Errors in your Bugsnag dashboard are grouped by their "error class" and by line number.
+You can override the error class by passing a
+[`bugsnag.ErrorClass`](https://godoc.org/github.com/bugsnag/bugsnag-go/#ErrorClass) object as
+rawData.
+
+```go
+bugsnag.Notify(err, bugsnag.ErrorClass{"I/O Timeout"})
+```
+
+### Context
+
+The context shows up prominently in the list view so that you can get an idea
+of where a problem occurred. You can set it by passing a
+[`bugsnag.Context`](https://godoc.org/github.com/bugsnag/bugsnag-go/#Context)
+object as rawData.
+
+```go
+bugsnag.Notify(err, bugsnag.Context{"backgroundJob"})
+```
+
+### Severity
+
+Bugsnag supports three severities, `SeverityError`, `SeverityWarning`, and `SeverityInfo`.
+You can set the severity of an error by passing one of these objects as rawData.
+
+```go
+bugsnag.Notify(err, bugsnag.SeverityInfo)
+```
+
+## Configuration
+
+You must call `bugsnag.Configure()` at the start of your program to use Bugsnag, you pass it
+a [`bugsnag.Configuration`](https://godoc.org/github.com/bugsnag/bugsnag-go/#Configuration) object
+containing any of the following values.
+
+### APIKey
+
+The Bugsnag API key can be found on your [Bugsnag dashboard](https://bugsnag.com) under "Settings".
+
+```go
+bugsnag.Configure(bugsnag.Configuration{
+    APIKey: "YOUR_API_KEY_HERE",
+})
+```
+
+### Endpoint
+
+The Bugsnag endpoint defaults to `https://notify.bugsnag.com/`. If you're using Bugsnag enterprise,
+you should set this to the endpoint of your local instance.
+
+```go
+bugsnag.Configure(bugsnag.Configuration{
+    Endpoint: "http://bugsnag.internal:49000/",
+})
+```
+
+### ReleaseStage
+
+The ReleaseStage tracks where your app is deployed. You should set this to `production`, `staging`,
+`development` or similar as appropriate.
+
+```go
+bugsnag.Configure(bugsnag.Configuration{
+    ReleaseStage: "development",
+})
+```
+
+### NotifyReleaseStages
+
+The list of ReleaseStages to notify in. By default Bugsnag will notify you in all release stages, but
+you can use this to silence development errors.
+
+```go
+bugsnag.Configure(bugsnag.Configuration{
+    NotifyReleaseStages: []string{"production", "staging"},
+})
+```
+
+### AppVersion
+
+If you use a versioning scheme for deploys of your app, Bugsnag can use the `AppVersion` to only
+re-open errors if they occur in later version of the app.
+
+```go
+bugsnag.Configure(bugsnag.Configuration{
+    AppVersion: "1.2.3",
+})
+```
+
+### Hostname
+
+The hostname is used to track where exceptions are coming from in the Bugsnag dashboard. The
+default value is obtained from `os.Hostname()` so you won't often need to change this.
+
+```go
+bugsnag.Configure(bugsnag.Configuration{
+    Hostname: "go1",
+})
+```
+
+### ProjectPackages
+
+In order to determine where a crash happens Bugsnag needs to know which packages you consider to
+be part of your app (as opposed to a library). By default this is set to `[]string{"main*"}`. Strings
+are matched to package names using [`filepath.Match`](http://godoc.org/path/filepath#Match).
+
+```go
+bugsnag.Configure(bugsnag.Configuration{
+    ProjectPackages: []string{"main", "github.com/domain/myapp/*"},
+}
+```
+
+### ParamsFilters
+
+Sometimes sensitive data is accidentally included in Bugsnag MetaData. You can remove it by
+setting `ParamsFilters`. Any key in the `MetaData` that includes any string in the filters
+will be redacted. The default is `[]string{"password", "secret"}`, which prevents fields like
+`password`, `password_confirmation` and `secret_answer` from being sent.
+
+```go
+bugsnag.Configure(bugsnag.Configuration{
+    ParamsFilters: []string{"password", "secret"},
+}
+```
+
+### Logger
+
+The Logger to write to in case of an error inside Bugsnag. This defaults to the global logger.
+
+```go
+bugsnag.Configure(bugsnag.Configuration{
+    Logger: app.Logger,
+}
+```
+
+### PanicHandler
+
+The first time Bugsnag is configured, it wraps the running program in a panic
+handler using [panicwrap](http://godoc.org/github.com/ConradIrwin/panicwrap). This
+forks a sub-process which monitors unhandled panics. To prevent this, set
+`PanicHandler` to `func() {}` the first time you call
+`bugsnag.Configure`. This will prevent bugsnag from being able to notify you about
+unhandled panics.
+
+```go
+bugsnag.Configure(bugsnag.Configuration{
+    PanicHandler: func() {},
+})
+```
+
+### Synchronous
+
+Bugsnag usually starts a new goroutine before sending notifications. This means
+that notifications can be lost if you do a bugsnag.Notify and then immediately
+os.Exit. To avoid this problem, set Bugsnag to Synchronous (or just `panic()`
+instead ;).
+
+```go
+bugsnag.Configure(bugsnag.Configuration{
+    Synchronous: true
+})
+```
+
+Or just for one error:
+
+```go
+bugsnag.Notify(err, bugsnag.Configuration{Synchronous: true})
+```
+
+### Transport
+
+The transport configures how Bugsnag makes http requests. By default we use
+[`http.DefaultTransport`](http://godoc.org/net/http#RoundTripper) which handles
+HTTP proxies automatically using the `$HTTP_PROXY` environment variable.
+
+```go
+bugsnag.Configure(bugsnag.Configuration{
+    Transport: http.DefaultTransport,
+})
+```
+
+## Custom data with OnBeforeNotify
+
+While it's nice that you can pass `MetaData` directly into `bugsnag.Notify`,
+`bugsnag.AutoNotify`, and `bugsnag.Recover`, this can be a bit cumbersome and
+inefficient — you're constructing the meta-data whether or not it will actually
+be used.  A better idea is to pass raw data in to these functions, and add an
+`OnBeforeNotify` filter that converts them into `MetaData`.
+
+For example, lets say our system processes jobs:
+
+```go
+type Job struct{
+    Retry     bool
+    UserId    string
+    UserEmail string
+    Name      string
+    Params    map[string]string
+}
+```
+
+You can pass a job directly into Bugsnag.notify:
+
+```go
+bugsnag.Notify(err, job)
+```
+
+And then add a filter to extract information from that job and attach it to the
+Bugsnag event:
+
+```go
+bugsnag.OnBeforeNotify(
+    func(event *bugsnag.Event, config *bugsnag.Configuration) error {
+
+        // Search all the RawData for any *Job pointers that we're passed in
+        // to bugsnag.Notify() and friends.
+        for _, datum := range event.RawData {
+            if job, ok := datum.(*Job); ok {
+                // don't notify bugsnag about errors in retries
+                if job.Retry {
+                    return fmt.Errorf("not notifying about retried jobs")
+                }
+
+                // add the job as a tab on Bugsnag.com
+                event.MetaData.AddStruct("Job", job)
+
+                // set the user correctly
+                event.User = &User{Id: job.UserId, Email: job.UserEmail}
+            }
+        }
+
+        // continue notifying as normal
+        return nil
+    })
+```
+
+## Advanced Usage
+
+If you want to have multiple different configurations around in one program,
+you can use `bugsnag.New()` to create multiple independent instances of
+Bugsnag. You can use these without calling `bugsnag.Configure()`, but bear in
+mind that until you call `bugsnag.Configure()` unhandled panics will not be
+sent to bugsnag.
+
+```go
+notifier := bugsnag.New(bugsnag.Configuration{
+    APIKey: "YOUR_OTHER_API_KEY",
+})
+```
+
+In fact any place that lets you pass in `rawData` also allows you to pass in
+configuration.  For example to send http errors to one bugsnag project, you
+could do:
+
+```go
+bugsnag.Handler(nil, bugsnag.Configuration{APIKey: "YOUR_OTHER_API_KEY"})
+```
+
+### GroupingHash
+
+If you need to override Bugsnag's grouping algorithm, you can set the
+`GroupingHash` in an `OnBeforeNotify`:
+
+```go
+bugsnag.OnBeforeNotify(
+    func (event *bugsnag.Event, config *bugsnag.Configuration) error {
+        event.GroupingHash = calculateGroupingHash(event)
+        return nil
+    })
+```
+
+### Skipping lines in stacktrace
+
+If you have your own logging wrapper all of your errors will appear to
+originate from inside it. You can avoid this problem by constructing
+an error with a stacktrace manually, and then passing that to Bugsnag.notify:
+
+```go
+import (
+    "github.com/bugsnag/bugsnag-go"
+    "github.com/bugsnag/bugsnag-go/errors"
+)
+
+func LogError(e error) {
+    // 1 removes one line of stacktrace, so the caller of LogError
+    // will be at the top.
+    e = errors.New(e, 1)
+    bugsnag.Notify(e)
+}
+```
+
diff --git a/vendor/github.com/bugsnag/bugsnag-go/appengine.go b/vendor/github.com/bugsnag/bugsnag-go/appengine.go
new file mode 100644
index 000000000..81e25069c
--- /dev/null
+++ b/vendor/github.com/bugsnag/bugsnag-go/appengine.go
@@ -0,0 +1,81 @@
+// +build appengine
+
+package bugsnag
+
+import (
+	"appengine"
+	"appengine/urlfetch"
+	"appengine/user"
+	"fmt"
+	"log"
+	"net/http"
+)
+
+func defaultPanicHandler() {}
+
+func init() {
+	OnBeforeNotify(appengineMiddleware)
+}
+
+func appengineMiddleware(event *Event, config *Configuration) (err error) {
+	var c appengine.Context
+
+	for _, datum := range event.RawData {
+		if r, ok := datum.(*http.Request); ok {
+			c = appengine.NewContext(r)
+			break
+		} else if context, ok := datum.(appengine.Context); ok {
+			c = context
+			break
+		}
+	}
+
+	if c == nil {
+		return fmt.Errorf("No appengine context given")
+	}
+
+	// You can only use the builtin http library if you pay for appengine,
+	// so we use the appengine urlfetch service instead.
+	config.Transport = &urlfetch.Transport{
+		Context: c,
+	}
+
+	// Anything written to stderr/stdout is discarded, so lets log to the request.
+
+	if configuredLogger, ok := config.Logger.(*log.Logger); ok {
+		config.Logger = log.New(appengineWriter{c}, configuredLogger.Prefix(), configuredLogger.Flags())
+	} else {
+		config.Logger = log.New(appengineWriter{c}, log.Prefix(), log.Flags())
+	}
+
+	// Set the releaseStage appropriately
+	if config.ReleaseStage == "" {
+		if appengine.IsDevAppServer() {
+			config.ReleaseStage = "development"
+		} else {
+			config.ReleaseStage = "production"
+		}
+	}
+
+	if event.User == nil {
+		u := user.Current(c)
+		if u != nil {
+			event.User = &User{
+				Id:    u.ID,
+				Email: u.Email,
+			}
+		}
+	}
+
+	return nil
+}
+
+// Convert an appengine.Context into an io.Writer so we can create a log.Logger.
+type appengineWriter struct {
+	appengine.Context
+}
+
+func (c appengineWriter) Write(b []byte) (int, error) {
+	c.Warningf(string(b))
+	return len(b), nil
+}
diff --git a/vendor/github.com/bugsnag/bugsnag-go/bugsnag.go b/vendor/github.com/bugsnag/bugsnag-go/bugsnag.go
new file mode 100644
index 000000000..e9bbf4656
--- /dev/null
+++ b/vendor/github.com/bugsnag/bugsnag-go/bugsnag.go
@@ -0,0 +1,131 @@
+package bugsnag
+
+import (
+	"github.com/bugsnag/bugsnag-go/errors"
+	"log"
+	"net/http"
+	"os"
+	"sync"
+
+	// Fixes a bug with SHA-384 intermediate certs on some platforms.
+	// - https://github.com/bugsnag/bugsnag-go/issues/9
+	_ "crypto/sha512"
+)
+
+// The current version of bugsnag-go.
+const VERSION = "1.0.3"
+
+var once sync.Once
+var middleware middlewareStack
+
+// The configuration for the default bugsnag notifier.
+var Config Configuration
+
+var defaultNotifier = Notifier{&Config, nil}
+
+// Configure Bugsnag. The only required setting is the APIKey, which can be
+// obtained by clicking on "Settings" in your Bugsnag dashboard. This function
+// is also responsible for installing the global panic handler, so it should be
+// called as early as possible in your initialization process.
+func Configure(config Configuration) {
+	Config.update(&config)
+	once.Do(Config.PanicHandler)
+}
+
+// Notify sends an error to Bugsnag along with the current stack trace. The
+// rawData is used to send extra information along with the error. For example
+// you can pass the current http.Request to Bugsnag to see information about it
+// in the dashboard, or set the severity of the notification.
+func Notify(err error, rawData ...interface{}) error {
+	return defaultNotifier.Notify(errors.New(err, 1), rawData...)
+}
+
+// AutoNotify logs a panic on a goroutine and then repanics.
+// It should only be used in places that have existing panic handlers further
+// up the stack. See bugsnag.Recover().  The rawData is used to send extra
+// information along with any panics that are handled this way.
+// Usage: defer bugsnag.AutoNotify()
+func AutoNotify(rawData ...interface{}) {
+	if err := recover(); err != nil {
+		rawData = defaultNotifier.addDefaultSeverity(rawData, SeverityError)
+		defaultNotifier.Notify(errors.New(err, 2), rawData...)
+		panic(err)
+	}
+}
+
+// Recover logs a panic on a goroutine and then recovers.
+// The rawData is used to send extra information along with
+// any panics that are handled this way
+// Usage: defer bugsnag.Recover()
+func Recover(rawData ...interface{}) {
+	if err := recover(); err != nil {
+		rawData = defaultNotifier.addDefaultSeverity(rawData, SeverityWarning)
+		defaultNotifier.Notify(errors.New(err, 2), rawData...)
+	}
+}
+
+// OnBeforeNotify adds a callback to be run before a notification is sent to
+// Bugsnag.  It can be used to modify the event or its MetaData. Changes made
+// to the configuration are local to notifying about this event. To prevent the
+// event from being sent to Bugsnag return an error, this error will be
+// returned from bugsnag.Notify() and the event will not be sent.
+func OnBeforeNotify(callback func(event *Event, config *Configuration) error) {
+	middleware.OnBeforeNotify(callback)
+}
+
+// Handler creates an http Handler that notifies Bugsnag any panics that
+// happen. It then repanics so that the default http Server panic handler can
+// handle the panic too. The rawData is used to send extra information along
+// with any panics that are handled this way.
+func Handler(h http.Handler, rawData ...interface{}) http.Handler {
+	notifier := New(rawData...)
+	if h == nil {
+		h = http.DefaultServeMux
+	}
+
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		defer notifier.AutoNotify(r)
+		h.ServeHTTP(w, r)
+	})
+}
+
+// HandlerFunc creates an http HandlerFunc that notifies Bugsnag about any
+// panics that happen. It then repanics so that the default http Server panic
+// handler can handle the panic too. The rawData is used to send extra
+// information along with any panics that are handled this way. If you have
+// already wrapped your http server using bugsnag.Handler() you don't also need
+// to wrap each HandlerFunc.
+func HandlerFunc(h http.HandlerFunc, rawData ...interface{}) http.HandlerFunc {
+	notifier := New(rawData...)
+
+	return func(w http.ResponseWriter, r *http.Request) {
+		defer notifier.AutoNotify(r)
+		h(w, r)
+	}
+}
+
+func init() {
+	// Set up builtin middlewarez
+	OnBeforeNotify(httpRequestMiddleware)
+
+	// Default configuration
+	Config.update(&Configuration{
+		APIKey:        "",
+		Endpoint:      "https://notify.bugsnag.com/",
+		Hostname:      "",
+		AppVersion:    "",
+		ReleaseStage:  "",
+		ParamsFilters: []string{"password", "secret"},
+		// * for app-engine
+		ProjectPackages:     []string{"main*"},
+		NotifyReleaseStages: nil,
+		Logger:              log.New(os.Stdout, log.Prefix(), log.Flags()),
+		PanicHandler:        defaultPanicHandler,
+		Transport:           http.DefaultTransport,
+	})
+
+	hostname, err := os.Hostname()
+	if err == nil {
+		Config.Hostname = hostname
+	}
+}
diff --git a/vendor/github.com/bugsnag/bugsnag-go/configuration.go b/vendor/github.com/bugsnag/bugsnag-go/configuration.go
new file mode 100644
index 000000000..962f4bc62
--- /dev/null
+++ b/vendor/github.com/bugsnag/bugsnag-go/configuration.go
@@ -0,0 +1,161 @@
+package bugsnag
+
+import (
+	"log"
+	"net/http"
+	"path/filepath"
+	"strings"
+)
+
+// Configuration sets up and customizes communication with the Bugsnag API.
+type Configuration struct {
+	// Your Bugsnag API key, e.g. "c9d60ae4c7e70c4b6c4ebd3e8056d2b8". You can
+	// find this by clicking Settings on https://bugsnag.com/.
+	APIKey string
+	// The Endpoint to notify about crashes. This defaults to
+	// "https://notify.bugsnag.com/", if you're using Bugsnag Enterprise then
+	// set it to your internal Bugsnag endpoint.
+	Endpoint string
+
+	// The current release stage. This defaults to "production" and is used to
+	// filter errors in the Bugsnag dashboard.
+	ReleaseStage string
+	// The currently running version of the app. This is used to filter errors
+	// in the Bugsnag dasboard. If you set this then Bugsnag will only re-open
+	// resolved errors if they happen in different app versions.
+	AppVersion string
+	// The hostname of the current server. This defaults to the return value of
+	// os.Hostname() and is graphed in the Bugsnag dashboard.
+	Hostname string
+
+	// The Release stages to notify in. If you set this then bugsnag-go will
+	// only send notifications to Bugsnag if the ReleaseStage is listed here.
+	NotifyReleaseStages []string
+
+	// packages that are part of your app. Bugsnag uses this to determine how
+	// to group errors and how to display them on your dashboard. You should
+	// include any packages that are part of your app, and exclude libraries
+	// and helpers. You can list wildcards here, and they'll be expanded using
+	// filepath.Glob. The default value is []string{"main*"}
+	ProjectPackages []string
+
+	// Any meta-data that matches these filters will be marked as [REDACTED]
+	// before sending a Notification to Bugsnag. It defaults to
+	// []string{"password", "secret"} so that request parameters like password,
+	// password_confirmation and auth_secret will not be sent to Bugsnag.
+	ParamsFilters []string
+
+	// The PanicHandler is used by Bugsnag to catch unhandled panics in your
+	// application. The default panicHandler uses mitchellh's panicwrap library,
+	// and you can disable this feature by passing an empty: func() {}
+	PanicHandler func()
+
+	// The logger that Bugsnag should log to. Uses the same defaults as go's
+	// builtin logging package. bugsnag-go logs whenever it notifies Bugsnag
+	// of an error, and when any error occurs inside the library itself.
+	Logger interface {
+		Printf(format string, v ...interface{}) // limited to the functions used
+	}
+	// The http Transport to use, defaults to the default http Transport. This
+	// can be configured if you are in an environment like Google App Engine
+	// that has stringent conditions on making http requests.
+	Transport http.RoundTripper
+	// Whether bugsnag should notify synchronously. This defaults to false which
+	// causes bugsnag-go to spawn a new goroutine for each notification.
+	Synchronous bool
+	// TODO: remember to update the update() function when modifying this struct
+}
+
+func (config *Configuration) update(other *Configuration) *Configuration {
+	if other.APIKey != "" {
+		config.APIKey = other.APIKey
+	}
+	if other.Endpoint != "" {
+		config.Endpoint = other.Endpoint
+	}
+	if other.Hostname != "" {
+		config.Hostname = other.Hostname
+	}
+	if other.AppVersion != "" {
+		config.AppVersion = other.AppVersion
+	}
+	if other.ReleaseStage != "" {
+		config.ReleaseStage = other.ReleaseStage
+	}
+	if other.ParamsFilters != nil {
+		config.ParamsFilters = other.ParamsFilters
+	}
+	if other.ProjectPackages != nil {
+		config.ProjectPackages = other.ProjectPackages
+	}
+	if other.Logger != nil {
+		config.Logger = other.Logger
+	}
+	if other.NotifyReleaseStages != nil {
+		config.NotifyReleaseStages = other.NotifyReleaseStages
+	}
+	if other.PanicHandler != nil {
+		config.PanicHandler = other.PanicHandler
+	}
+	if other.Transport != nil {
+		config.Transport = other.Transport
+	}
+	if other.Synchronous {
+		config.Synchronous = true
+	}
+
+	return config
+}
+
+func (config *Configuration) merge(other *Configuration) *Configuration {
+	return config.clone().update(other)
+}
+
+func (config *Configuration) clone() *Configuration {
+	clone := *config
+	return &clone
+}
+
+func (config *Configuration) isProjectPackage(pkg string) bool {
+	for _, p := range config.ProjectPackages {
+		if match, _ := filepath.Match(p, pkg); match {
+			return true
+		}
+	}
+	return false
+}
+
+func (config *Configuration) stripProjectPackages(file string) string {
+	for _, p := range config.ProjectPackages {
+		if len(p) > 2 && p[len(p)-2] == '/' && p[len(p)-1] == '*' {
+			p = p[:len(p)-1]
+		} else {
+			p = p + "/"
+		}
+		if strings.HasPrefix(file, p) {
+			return strings.TrimPrefix(file, p)
+		}
+	}
+
+	return file
+}
+
+func (config *Configuration) log(fmt string, args ...interface{}) {
+	if config != nil && config.Logger != nil {
+		config.Logger.Printf(fmt, args...)
+	} else {
+		log.Printf(fmt, args...)
+	}
+}
+
+func (config *Configuration) notifyInReleaseStage() bool {
+	if config.NotifyReleaseStages == nil {
+		return true
+	}
+	for _, r := range config.NotifyReleaseStages {
+		if r == config.ReleaseStage {
+			return true
+		}
+	}
+	return false
+}
diff --git a/vendor/github.com/bugsnag/bugsnag-go/doc.go b/vendor/github.com/bugsnag/bugsnag-go/doc.go
new file mode 100644
index 000000000..827e03b8b
--- /dev/null
+++ b/vendor/github.com/bugsnag/bugsnag-go/doc.go
@@ -0,0 +1,69 @@
+/*
+Package bugsnag captures errors in real-time and reports them to Bugsnag (http://bugsnag.com).
+
+Using bugsnag-go is a three-step process.
+
+1. As early as possible in your program configure the notifier with your APIKey. This sets up
+handling of panics that would otherwise crash your app.
+
+	func init() {
+		bugsnag.Configure(bugsnag.Configuration{
+			APIKey: "YOUR_API_KEY_HERE",
+		})
+	}
+
+2. Add bugsnag to places that already catch panics. For example you should add it to the HTTP server
+when you call ListenAndServer:
+
+	http.ListenAndServe(":8080", bugsnag.Handler(nil))
+
+If that's not possible, for example because you're using Google App Engine, you can also wrap each
+HTTP handler manually:
+
+	http.HandleFunc("/" bugsnag.HandlerFunc(func (w http.ResponseWriter, r *http.Request) {
+		...
+	})
+
+3. To notify Bugsnag of an error that is not a panic, pass it to bugsnag.Notify. This will also
+log the error message using the configured Logger.
+
+	if err != nil {
+		bugsnag.Notify(err)
+	}
+
+For detailed integration instructions see https://bugsnag.com/docs/notifiers/go.
+
+Configuration
+
+The only required configuration is the Bugsnag API key which can be obtained by clicking "Settings"
+on the top of https://bugsnag.com/ after signing up. We also recommend you set the ReleaseStage
+and AppVersion if these make sense for your deployment workflow.
+
+RawData
+
+If you need to attach extra data to Bugsnag notifications you can do that using
+the rawData mechanism.  Most of the functions that send errors to Bugsnag allow
+you to pass in any number of interface{} values as rawData. The rawData can
+consist of the Severity, Context, User or MetaData types listed below, and
+there is also builtin support for *http.Requests.
+
+	bugsnag.Notify(err, bugsnag.SeverityError)
+
+If you want to add custom tabs to your bugsnag dashboard you can pass any value in as rawData,
+and then process it into the event's metadata using a bugsnag.OnBeforeNotify() hook.
+
+	bugsnag.Notify(err, account)
+
+	bugsnag.OnBeforeNotify(func (e *bugsnag.Event, c *bugsnag.Configuration) {
+		for datum := range e.RawData {
+			if account, ok := datum.(Account); ok {
+				e.MetaData.Add("account", "name", account.Name)
+				e.MetaData.Add("account", "url", account.URL)
+			}
+		}
+	})
+
+If necessary you can pass Configuration in as rawData, or modify the Configuration object passed
+into OnBeforeNotify hooks. Configuration passed in this way only affects the current notification.
+*/
+package bugsnag
diff --git a/vendor/github.com/bugsnag/bugsnag-go/errors/README.md b/vendor/github.com/bugsnag/bugsnag-go/errors/README.md
new file mode 100644
index 000000000..8d8e097aa
--- /dev/null
+++ b/vendor/github.com/bugsnag/bugsnag-go/errors/README.md
@@ -0,0 +1,6 @@
+Adds stacktraces to errors in golang.
+
+This was made to help build the Bugsnag notifier but can be used standalone if
+you like to have stacktraces on errors.
+
+See [Godoc](https://godoc.org/github.com/bugsnag/bugsnag-go/errors) for the API docs.
diff --git a/vendor/github.com/bugsnag/bugsnag-go/errors/error.go b/vendor/github.com/bugsnag/bugsnag-go/errors/error.go
new file mode 100644
index 000000000..0081c0a80
--- /dev/null
+++ b/vendor/github.com/bugsnag/bugsnag-go/errors/error.go
@@ -0,0 +1,90 @@
+// Package errors provides errors that have stack-traces.
+package errors
+
+import (
+	"bytes"
+	"fmt"
+	"reflect"
+	"runtime"
+)
+
+// The maximum number of stackframes on any error.
+var MaxStackDepth = 50
+
+// Error is an error with an attached stacktrace. It can be used
+// wherever the builtin error interface is expected.
+type Error struct {
+	Err    error
+	stack  []uintptr
+	frames []StackFrame
+}
+
+// New makes an Error from the given value. If that value is already an
+// error then it will be used directly, if not, it will be passed to
+// fmt.Errorf("%v"). The skip parameter indicates how far up the stack
+// to start the stacktrace. 0 is from the current call, 1 from its caller, etc.
+func New(e interface{}, skip int) *Error {
+	var err error
+
+	switch e := e.(type) {
+	case *Error:
+		return e
+	case error:
+		err = e
+	default:
+		err = fmt.Errorf("%v", e)
+	}
+
+	stack := make([]uintptr, MaxStackDepth)
+	length := runtime.Callers(2+skip, stack[:])
+	return &Error{
+		Err:   err,
+		stack: stack[:length],
+	}
+}
+
+// Errorf creates a new error with the given message. You can use it
+// as a drop-in replacement for fmt.Errorf() to provide descriptive
+// errors in return values.
+func Errorf(format string, a ...interface{}) *Error {
+	return New(fmt.Errorf(format, a...), 1)
+}
+
+// Error returns the underlying error's message.
+func (err *Error) Error() string {
+	return err.Err.Error()
+}
+
+// Stack returns the callstack formatted the same way that go does
+// in runtime/debug.Stack()
+func (err *Error) Stack() []byte {
+	buf := bytes.Buffer{}
+
+	for _, frame := range err.StackFrames() {
+		buf.WriteString(frame.String())
+	}
+
+	return buf.Bytes()
+}
+
+// StackFrames returns an array of frames containing information about the
+// stack.
+func (err *Error) StackFrames() []StackFrame {
+	if err.frames == nil {
+		err.frames = make([]StackFrame, len(err.stack))
+
+		for i, pc := range err.stack {
+			err.frames[i] = NewStackFrame(pc)
+		}
+	}
+
+	return err.frames
+}
+
+// TypeName returns the type this error. e.g. *errors.stringError.
+func (err *Error) TypeName() string {
+	if _, ok := err.Err.(uncaughtPanic); ok {
+		return "panic"
+	}
+	return reflect.TypeOf(err.Err).String()
+}
diff --git a/vendor/github.com/bugsnag/bugsnag-go/errors/parse_panic.go b/vendor/github.com/bugsnag/bugsnag-go/errors/parse_panic.go
new file mode 100644
index 000000000..cc37052d7
--- /dev/null
+++ b/vendor/github.com/bugsnag/bugsnag-go/errors/parse_panic.go
@@ -0,0 +1,127 @@
+package errors
+
+import (
+	"strconv"
+	"strings"
+)
+
+type uncaughtPanic struct{ message string }
+
+func (p uncaughtPanic) Error() string {
+	return p.message
+}
+
+// ParsePanic allows you to get an error object from the output of a go program
+// that panicked. This is particularly useful with https://github.com/mitchellh/panicwrap.
+func ParsePanic(text string) (*Error, error) {
+	lines := strings.Split(text, "\n")
+
+	state := "start"
+
+	var message string
+	var stack []StackFrame
+
+	for i := 0; i < len(lines); i++ {
+		line := lines[i]
+
+		if state == "start" {
+			if strings.HasPrefix(line, "panic: ") {
+				message = strings.TrimPrefix(line, "panic: ")
+				state = "seek"
+			} else {
+				return nil, Errorf("bugsnag.panicParser: Invalid line (no prefix): %s", line)
+			}
+
+		} else if state == "seek" {
+			if strings.HasPrefix(line, "goroutine ") && strings.HasSuffix(line, "[running]:") {
+				state = "parsing"
+			}
+
+		} else if state == "parsing" {
+			if line == "" {
+				state = "done"
+				break
+			}
+			createdBy := false
+			if strings.HasPrefix(line, "created by ") {
+				line = strings.TrimPrefix(line, "created by ")
+				createdBy = true
+			}
+
+			i++
+
+			if i >= len(lines) {
+				return nil, Errorf("bugsnag.panicParser: Invalid line (unpaired): %s", line)
+			}
+
+			frame, err := parsePanicFrame(line, lines[i], createdBy)
+			if err != nil {
+				return nil, err
+			}
+
+			stack = append(stack, *frame)
+			if createdBy {
+				state = "done"
+				break
+			}
+		}
+	}
+
+	if state == "done" || state == "parsing" {
+		return &Error{Err: uncaughtPanic{message}, frames: stack}, nil
+	}
+	return nil, Errorf("could not parse panic: %v", text)
+}
+
+// The lines we're passing look like this:
+//
+//     main.(*foo).destruct(0xc208067e98)
+//             /0/go/src/github.com/bugsnag/bugsnag-go/pan/main.go:22 +0x151
+func parsePanicFrame(name string, line string, createdBy bool) (*StackFrame, error) {
+	idx := strings.LastIndex(name, "(")
+	if idx == -1 && !createdBy {
+		return nil, Errorf("bugsnag.panicParser: Invalid line (no call): %s", name)
+	}
+	if idx != -1 {
+		name = name[:idx]
+	}
+	pkg := ""
+
+	if lastslash := strings.LastIndex(name, "/"); lastslash >= 0 {
+		pkg += name[:lastslash] + "/"
+		name = name[lastslash+1:]
+	}
+	if period := strings.Index(name, "."); period >= 0 {
+		pkg += name[:period]
+		name = name[period+1:]
+	}
+
+	name = strings.Replace(name, "·", ".", -1)
+
+	if !strings.HasPrefix(line, "\t") {
+		return nil, Errorf("bugsnag.panicParser: Invalid line (no tab): %s", line)
+	}
+
+	idx = strings.LastIndex(line, ":")
+	if idx == -1 {
+		return nil, Errorf("bugsnag.panicParser: Invalid line (no line number): %s", line)
+	}
+	file := line[1:idx]
+
+	number := line[idx+1:]
+	if idx = strings.Index(number, " +"); idx > -1 {
+		number = number[:idx]
+	}
+
+	lno, err := strconv.ParseInt(number, 10, 32)
+	if err != nil {
+		return nil, Errorf("bugsnag.panicParser: Invalid line (bad line number): %s", line)
+	}
+
+	return &StackFrame{
+		File:       file,
+		LineNumber: int(lno),
+		Package:    pkg,
+		Name:       name,
+	}, nil
+}
diff --git a/vendor/github.com/bugsnag/bugsnag-go/errors/stackframe.go b/vendor/github.com/bugsnag/bugsnag-go/errors/stackframe.go
new file mode 100644
index 000000000..4edadbc58
--- /dev/null
+++ b/vendor/github.com/bugsnag/bugsnag-go/errors/stackframe.go
@@ -0,0 +1,97 @@
+package errors
+
+import (
+	"bytes"
+	"fmt"
+	"io/ioutil"
+	"runtime"
+	"strings"
+)
+
+// A StackFrame contains all necessary information about to generate a line
+// in a callstack.
+type StackFrame struct {
+	File           string
+	LineNumber     int
+	Name           string
+	Package        string
+	ProgramCounter uintptr
+}
+
+// NewStackFrame popoulates a stack frame object from the program counter.
+func NewStackFrame(pc uintptr) (frame StackFrame) {
+
+	frame = StackFrame{ProgramCounter: pc}
+	if frame.Func() == nil {
+		return
+	}
+	frame.Package, frame.Name = packageAndName(frame.Func())
+
+	// pc -1 because the program counters we use are usually return addresses,
+	// and we want to show the line that corresponds to the function call
+	frame.File, frame.LineNumber = frame.Func().FileLine(pc - 1)
+	return
+
+}
+
+// Func returns the function that this stackframe corresponds to
+func (frame *StackFrame) Func() *runtime.Func {
+	if frame.ProgramCounter == 0 {
+		return nil
+	}
+	return runtime.FuncForPC(frame.ProgramCounter)
+}
+
+// String returns the stackframe formatted in the same way as go does
+// in runtime/debug.Stack()
+func (frame *StackFrame) String() string {
+	str := fmt.Sprintf("%s:%d (0x%x)\n", frame.File, frame.LineNumber, frame.ProgramCounter)
+
+	source, err := frame.SourceLine()
+	if err != nil {
+		return str
+	}
+
+	return str + fmt.Sprintf("\t%s: %s\n", frame.Name, source)
+}
+
+// SourceLine gets the line of code (from File and Line) of the original source if possible
+func (frame *StackFrame) SourceLine() (string, error) {
+	data, err := ioutil.ReadFile(frame.File)
+
+	if err != nil {
+		return "", err
+	}
+
+	lines := bytes.Split(data, []byte{'\n'})
+	if frame.LineNumber <= 0 || frame.LineNumber >= len(lines) {
+		return "???", nil
+	}
+	// -1 because line-numbers are 1 based, but our array is 0 based
+	return string(bytes.Trim(lines[frame.LineNumber-1], " \t")), nil
+}
+
+func packageAndName(fn *runtime.Func) (string, string) {
+	name := fn.Name()
+	pkg := ""
+
+	// The name includes the path name to the package, which is unnecessary
+	// since the file name is already included.  Plus, it has center dots.
+	// That is, we see
+	//  runtime/debug.*T·ptrmethod
+	// and want
+	//  *T.ptrmethod
+	// Since the package path might contains dots (e.g. code.google.com/...),
+	// we first remove the path prefix if there is one.
+	if lastslash := strings.LastIndex(name, "/"); lastslash >= 0 {
+		pkg += name[:lastslash] + "/"
+		name = name[lastslash+1:]
+	}
+	if period := strings.Index(name, "."); period >= 0 {
+		pkg += name[:period]
+		name = name[period+1:]
+	}
+
+	name = strings.Replace(name, "·", ".", -1)
+	return pkg, name
+}
diff --git a/vendor/github.com/bugsnag/bugsnag-go/event.go b/vendor/github.com/bugsnag/bugsnag-go/event.go
new file mode 100644
index 000000000..320c6154c
--- /dev/null
+++ b/vendor/github.com/bugsnag/bugsnag-go/event.go
@@ -0,0 +1,143 @@
+package bugsnag
+
+import (
+	"strings"
+
+	"github.com/bugsnag/bugsnag-go/errors"
+)
+
+// Context is the context of the error in Bugsnag.
+// This can be passed to Notify, Recover or AutoNotify as rawData.
+type Context struct {
+	String string
+}
+
+// User represents the searchable user-data on Bugsnag. The Id is also used
+// to determine the number of users affected by a bug. This can be
+// passed to Notify, Recover or AutoNotify as rawData.
+type User struct {
+	Id    string `json:"id,omitempty"`
+	Name  string `json:"name,omitempty"`
+	Email string `json:"email,omitempty"`
+}
+
+// ErrorClass overrides the error class in Bugsnag.
+// This struct enables you to group errors as you like.
+type ErrorClass struct {
+	Name string
+}
+
+// Sets the severity of the error on Bugsnag. These values can be
+// passed to Notify, Recover or AutoNotify as rawData.
+var (
+	SeverityError   = severity{"error"}
+	SeverityWarning = severity{"warning"}
+	SeverityInfo    = severity{"info"}
+)
+
+// The severity tag type, private so that people can only use Error,Warning,Info
+type severity struct {
+	String string
+}
+
+// The form of stacktrace that Bugsnag expects
+type stackFrame struct {
+	Method     string `json:"method"`
+	File       string `json:"file"`
+	LineNumber int    `json:"lineNumber"`
+	InProject  bool   `json:"inProject,omitempty"`
+}
+
+// Event represents a payload of data that gets sent to Bugsnag.
+// This is passed to each OnBeforeNotify hook.
+type Event struct {
+
+	// The original error that caused this event, not sent to Bugsnag.
+	Error *errors.Error
+
+	// The rawData affecting this error, not sent to Bugsnag.
+	RawData []interface{}
+
+	// The error class to be sent to Bugsnag. This defaults to the type name of the Error, for
+	// example *error.String
+	ErrorClass string
+	// The error message to be sent to Bugsnag. This defaults to the return value of Error.Error()
+	Message string
+	// The stacktrrace of the error to be sent to Bugsnag.
+	Stacktrace []stackFrame
+
+	// The context to be sent to Bugsnag. This should be set to the part of the app that was running,
+	// e.g. for http requests, set it to the path.
+	Context string
+	// The severity of the error. Can be SeverityError, SeverityWarning or SeverityInfo.
+	Severity severity
+	// The grouping hash is used to override Bugsnag's grouping. Set this if you'd like all errors with
+	// the same grouping hash to group together in the dashboard.
+	GroupingHash string
+
+	// User data to send to Bugsnag. This is searchable on the dashboard.
+	User *User
+	// Other MetaData to send to Bugsnag. Appears as a set of tabbed tables in the dashboard.
+	MetaData MetaData
+}
+
+func newEvent(err *errors.Error, rawData []interface{}, notifier *Notifier) (*Event, *Configuration) {
+
+	config := notifier.Config
+	event := &Event{
+		Error:   err,
+		RawData: append(notifier.RawData, rawData...),
+
+		ErrorClass: err.TypeName(),
+		Message:    err.Error(),
+		Stacktrace: make([]stackFrame, len(err.StackFrames())),
+
+		Severity: SeverityWarning,
+
+		MetaData: make(MetaData),
+	}
+
+	for _, datum := range event.RawData {
+		switch datum := datum.(type) {
+		case severity:
+			event.Severity = datum
+
+		case Context:
+			event.Context = datum.String
+
+		case Configuration:
+			config = config.merge(&datum)
+
+		case MetaData:
+			event.MetaData.Update(datum)
+
+		case User:
+			event.User = &datum
+
+		case ErrorClass:
+			event.ErrorClass = datum.Name
+		}
+	}
+
+	for i, frame := range err.StackFrames() {
+		file := frame.File
+		inProject := config.isProjectPackage(frame.Package)
+
+		// remove $GOROOT and $GOHOME from other frames
+		if idx := strings.Index(file, frame.Package); idx > -1 {
+			file = file[idx:]
+		}
+		if inProject {
+			file = config.stripProjectPackages(file)
+		}
+
+		event.Stacktrace[i] = stackFrame{
+			Method:     frame.Name,
+			File:       file,
+			LineNumber: frame.LineNumber,
+			InProject:  inProject,
+		}
+	}
+
+	return event, config
+}
diff --git a/vendor/github.com/bugsnag/bugsnag-go/json_tags.go b/vendor/github.com/bugsnag/bugsnag-go/json_tags.go
new file mode 100644
index 000000000..45be38fa9
--- /dev/null
+++ b/vendor/github.com/bugsnag/bugsnag-go/json_tags.go
@@ -0,0 +1,43 @@
+// The code is stripped from:
+// http://golang.org/src/pkg/encoding/json/tags.go?m=text
+
+package bugsnag
+
+import (
+	"strings"
+)
+
+// tagOptions is the string following a comma in a struct field's "json"
+// tag, or the empty string. It does not include the leading comma.
+type tagOptions string
+
+// parseTag splits a struct field's json tag into its name and
+// comma-separated options.
+func parseTag(tag string) (string, tagOptions) {
+	if idx := strings.Index(tag, ","); idx != -1 {
+		return tag[:idx], tagOptions(tag[idx+1:])
+	}
+	return tag, tagOptions("")
+}
+
+// Contains reports whether a comma-separated list of options
+// contains a particular substr flag. substr must be surrounded by a
+// string boundary or commas.
+func (o tagOptions) Contains(optionName string) bool {
+	if len(o) == 0 {
+		return false
+	}
+	s := string(o)
+	for s != "" {
+		var next string
+		i := strings.Index(s, ",")
+		if i >= 0 {
+			s, next = s[:i], s[i+1:]
+		}
+		if s == optionName {
+			return true
+		}
+		s = next
+	}
+	return false
+}
diff --git a/vendor/github.com/bugsnag/bugsnag-go/metadata.go b/vendor/github.com/bugsnag/bugsnag-go/metadata.go
new file mode 100644
index 000000000..10b0d14f6
--- /dev/null
+++ b/vendor/github.com/bugsnag/bugsnag-go/metadata.go
@@ -0,0 +1,189 @@
+package bugsnag
+
+import (
+	"fmt"
+	"reflect"
+	"strings"
+)
+
+// MetaData is added to the Bugsnag dashboard in tabs. Each tab is
+// a map of strings -> values. You can pass MetaData to Notify, Recover
+// and AutoNotify as rawData.
+type MetaData map[string]map[string]interface{}
+
+// Update the meta-data with more information. Tabs are merged together such
+// that unique keys from both sides are preserved, and duplicate keys end up
+// with the provided values.
+func (meta MetaData) Update(other MetaData) {
+	for name, tab := range other {
+
+		if meta[name] == nil {
+			meta[name] = make(map[string]interface{})
+		}
+
+		for key, value := range tab {
+			meta[name][key] = value
+		}
+	}
+}
+
+// Add creates a tab of Bugsnag meta-data.
+// If the tab doesn't yet exist it will be created.
+// If the key already exists, it will be overwritten.
+func (meta MetaData) Add(tab string, key string, value interface{}) {
+	if meta[tab] == nil {
+		meta[tab] = make(map[string]interface{})
+	}
+
+	meta[tab][key] = value
+}
+
+// AddStruct creates a tab of Bugsnag meta-data.
+// The struct will be converted to an Object using the
+// reflect library so any private fields will not be exported.
+// As a safety measure, if you pass a non-struct the value will be
+// sent to Bugsnag under the "Extra data" tab.
+func (meta MetaData) AddStruct(tab string, obj interface{}) {
+	val := sanitizer{}.Sanitize(obj)
+	content, ok := val.(map[string]interface{})
+	if ok {
+		meta[tab] = content
+	} else {
+		// Wasn't a struct
+		meta.Add("Extra data", tab, obj)
+	}
+
+}
+
+// Remove any values from meta-data that have keys matching the filters,
+// and any that are recursive data-structures
+func (meta MetaData) sanitize(filters []string) interface{} {
+	return sanitizer{
+		Filters: filters,
+		Seen:    make([]interface{}, 0),
+	}.Sanitize(meta)
+
+}
+
+// The sanitizer is used to remove filtered params and recursion from meta-data.
+type sanitizer struct {
+	Filters []string
+	Seen    []interface{}
+}
+
+func (s sanitizer) Sanitize(data interface{}) interface{} {
+	for _, s := range s.Seen {
+		// TODO: we don't need deep equal here, just type-ignoring equality
+		if reflect.DeepEqual(data, s) {
+			return "[RECURSION]"
+		}
+	}
+
+	// Sanitizers are passed by value, so we can modify s and it only affects
+	// s.Seen for nested calls.
+	s.Seen = append(s.Seen, data)
+
+	t := reflect.TypeOf(data)
+	v := reflect.ValueOf(data)
+	
+	if t == nil {
+		return "<nil>"
+	}
+
+	switch t.Kind() {
+	case reflect.Bool,
+		reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64,
+		reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr,
+		reflect.Float32, reflect.Float64:
+		return data
+
+	case reflect.String:
+		return data
+
+	case reflect.Interface, reflect.Ptr:
+		return s.Sanitize(v.Elem().Interface())
+
+	case reflect.Array, reflect.Slice:
+		ret := make([]interface{}, v.Len())
+		for i := 0; i < v.Len(); i++ {
+			ret[i] = s.Sanitize(v.Index(i).Interface())
+		}
+		return ret
+
+	case reflect.Map:
+		return s.sanitizeMap(v)
+
+	case reflect.Struct:
+		return s.sanitizeStruct(v, t)
+
+		// Things JSON can't serialize:
+		// case t.Chan, t.Func, reflect.Complex64, reflect.Complex128, reflect.UnsafePointer:
+	default:
+		return "[" + t.String() + "]"
+
+	}
+
+}
+
+func (s sanitizer) sanitizeMap(v reflect.Value) interface{} {
+	ret := make(map[string]interface{})
+
+	for _, key := range v.MapKeys() {
+		val := s.Sanitize(v.MapIndex(key).Interface())
+		newKey := fmt.Sprintf("%v", key.Interface())
+
+		if s.shouldRedact(newKey) {
+			val = "[REDACTED]"
+		}
+
+		ret[newKey] = val
+	}
+
+	return ret
+}
+
+func (s sanitizer) sanitizeStruct(v reflect.Value, t reflect.Type) interface{} {
+	ret := make(map[string]interface{})
+
+	for i := 0; i < v.NumField(); i++ {
+
+		val := v.Field(i)
+		// Don't export private fields
+		if !val.CanInterface() {
+			continue
+		}
+
+		name := t.Field(i).Name
+		var opts tagOptions
+
+		// Parse JSON tags. Supports name and "omitempty"
+		if jsonTag := t.Field(i).Tag.Get("json"); len(jsonTag) != 0 {
+			name, opts = parseTag(jsonTag)
+		}
+
+		if s.shouldRedact(name) {
+			ret[name] = "[REDACTED]"
+		} else {
+			sanitized := s.Sanitize(val.Interface())
+			if str, ok := sanitized.(string); ok {
+				if !(opts.Contains("omitempty") && len(str) == 0) {
+					ret[name] = str
+				}
+			} else {
+				ret[name] = sanitized
+			}
+
+		}
+	}
+
+	return ret
+}
+
+func (s sanitizer) shouldRedact(key string) bool {
+	for _, filter := range s.Filters {
+		if strings.Contains(strings.ToLower(filter), strings.ToLower(key)) {
+			return true
+		}
+	}
+	return false
+}
diff --git a/vendor/github.com/bugsnag/bugsnag-go/middleware.go b/vendor/github.com/bugsnag/bugsnag-go/middleware.go
new file mode 100644
index 000000000..266d5e461
--- /dev/null
+++ b/vendor/github.com/bugsnag/bugsnag-go/middleware.go
@@ -0,0 +1,96 @@
+package bugsnag
+
+import (
+	"net/http"
+	"strings"
+)
+
+type (
+	beforeFunc func(*Event, *Configuration) error
+
+	// MiddlewareStacks keep middleware in the correct order. They are
+	// called in reverse order, so if you add a new middleware it will
+	// be called before all existing middleware.
+	middlewareStack struct {
+		before []beforeFunc
+	}
+)
+
+// AddMiddleware adds a new middleware to the outside of the existing ones,
+// when the middlewareStack is Run it will be run before all middleware that
+// have been added before.
+func (stack *middlewareStack) OnBeforeNotify(middleware beforeFunc) {
+	stack.before = append(stack.before, middleware)
+}
+
+// Run causes all the middleware to be run. If they all permit it the next callback
+// will be called with all the middleware on the stack.
+func (stack *middlewareStack) Run(event *Event, config *Configuration, next func() error) error {
+	// run all the before filters in reverse order
+	for i := range stack.before {
+		before := stack.before[len(stack.before)-i-1]
+
+		err := stack.runBeforeFilter(before, event, config)
+		if err != nil {
+			return err
+		}
+	}
+
+	return next()
+}
+
+func (stack *middlewareStack) runBeforeFilter(f beforeFunc, event *Event, config *Configuration) error {
+	defer func() {
+		if err := recover(); err != nil {
+			config.log("bugsnag/middleware: unexpected panic: %v", err)
+		}
+	}()
+
+	return f(event, config)
+}
+
+// catchMiddlewarePanic is used to log any panics that happen inside Middleware,
+// we wouldn't want to not notify Bugsnag in this case.
+func catchMiddlewarePanic(event *Event, config *Configuration, next func() error) {
+}
+
+// httpRequestMiddleware is added OnBeforeNotify by default. It takes information
+// from an http.Request passed in as rawData, and adds it to the Event. You can
+// use this as a template for writing your own Middleware.
+func httpRequestMiddleware(event *Event, config *Configuration) error {
+	for _, datum := range event.RawData {
+		if request, ok := datum.(*http.Request); ok {
+			proto := "http://"
+			if request.TLS != nil {
+				proto = "https://"
+			}
+
+			event.MetaData.Update(MetaData{
+				"Request": {
+					"RemoteAddr": request.RemoteAddr,
+					"Method":     request.Method,
+					"Url":        proto + request.Host + request.RequestURI,
+					"Params":     request.URL.Query(),
+				},
+			})
+
+			// Add headers as a separate tab.
+			event.MetaData.AddStruct("Headers", request.Header)
+
+			// Default context to Path
+			if event.Context == "" {
+				event.Context = request.URL.Path
+			}
+
+			// Default user.id to IP so that users-affected works.
+			if event.User == nil {
+				ip := request.RemoteAddr
+				if idx := strings.LastIndex(ip, ":"); idx != -1 {
+					ip = ip[:idx]
+				}
+				event.User = &User{Id: ip}
+			}
+		}
+	}
+	return nil
+}
diff --git a/vendor/github.com/bugsnag/bugsnag-go/notifier.go b/vendor/github.com/bugsnag/bugsnag-go/notifier.go
new file mode 100644
index 000000000..6b1081787
--- /dev/null
+++ b/vendor/github.com/bugsnag/bugsnag-go/notifier.go
@@ -0,0 +1,95 @@
+package bugsnag
+
+import (
+	"fmt"
+
+	"github.com/bugsnag/bugsnag-go/errors"
+)
+
+// Notifier sends errors to Bugsnag.
+type Notifier struct {
+	Config  *Configuration
+	RawData []interface{}
+}
+
+// New creates a new notifier.
+// You can pass an instance of bugsnag.Configuration in rawData to change the configuration.
+// Other values of rawData will be passed to Notify.
+func New(rawData ...interface{}) *Notifier {
+	config := Config.clone()
+	for i, datum := range rawData {
+		if c, ok := datum.(Configuration); ok {
+			config.update(&c)
+			rawData[i] = nil
+		}
+	}
+
+	return &Notifier{
+		Config:  config,
+		RawData: rawData,
+	}
+}
+
+// Notify sends an error to Bugsnag. Any rawData you pass here will be sent to
+// Bugsnag after being converted to JSON. e.g. bugsnag.SeverityError, bugsnag.Context,
+// or bugsnag.MetaData.
+func (notifier *Notifier) Notify(err error, rawData ...interface{}) (e error) {
+	event, config := newEvent(errors.New(err, 1), rawData, notifier)
+
+	// Never block, start throwing away errors if we have too many.
+	e = middleware.Run(event, config, func() error {
+		config.log("notifying bugsnag: %s", event.Message)
+		if config.notifyInReleaseStage() {
+			if config.Synchronous {
+				return (&payload{event, config}).deliver()
+			}
+			go (&payload{event, config}).deliver()
+			return nil
+		}
+		return fmt.Errorf("not notifying in %s", config.ReleaseStage)
+	})
+
+	if e != nil {
+		config.log("bugsnag.Notify: %v", e)
+	}
+	return e
+}
+
+// AutoNotify notifies Bugsnag of any panics, then repanics.
+// It sends along any rawData that gets passed in.
+// Usage: defer AutoNotify()
+func (notifier *Notifier) AutoNotify(rawData ...interface{}) {
+	if err := recover(); err != nil {
+		rawData = notifier.addDefaultSeverity(rawData, SeverityError)
+		notifier.Notify(errors.New(err, 2), rawData...)
+		panic(err)
+	}
+}
+
+// Recover logs any panics, then recovers.
+// It sends along any rawData that gets passed in.
+// Usage: defer Recover()
+func (notifier *Notifier) Recover(rawData ...interface{}) {
+	if err := recover(); err != nil {
+		rawData = notifier.addDefaultSeverity(rawData, SeverityWarning)
+		notifier.Notify(errors.New(err, 2), rawData...)
+	}
+}
+
+func (notifier *Notifier) dontPanic() {
+	if err := recover(); err != nil {
+		notifier.Config.log("bugsnag/notifier.Notify: panic! %s", err)
+	}
+}
+
+// Add a severity to raw data only if the default is not set.
+func (notifier *Notifier) addDefaultSeverity(rawData []interface{}, s severity) []interface{} {
+
+	for _, datum := range append(notifier.RawData, rawData...) {
+		if _, ok := datum.(severity); ok {
+			return rawData
+		}
+	}
+
+	return append(rawData, s)
+}
diff --git a/vendor/github.com/bugsnag/bugsnag-go/panicwrap.go b/vendor/github.com/bugsnag/bugsnag-go/panicwrap.go
new file mode 100644
index 000000000..14fb9fa8d
--- /dev/null
+++ b/vendor/github.com/bugsnag/bugsnag-go/panicwrap.go
@@ -0,0 +1,27 @@
+// +build !appengine
+
+package bugsnag
+
+import (
+	"github.com/bugsnag/panicwrap"
+	"github.com/bugsnag/bugsnag-go/errors"
+)
+
+// NOTE: this function does not return when you call it, instead it
+// re-exec()s the current process with panic monitoring.
+func defaultPanicHandler() {
+	defer defaultNotifier.dontPanic()
+
+	err := panicwrap.BasicMonitor(func(output string) {
+		toNotify, err := errors.ParsePanic(output)
+
+		if err != nil {
+			defaultNotifier.Config.log("bugsnag.handleUncaughtPanic: %v", err)
+		}
+		Notify(toNotify, SeverityError, Configuration{Synchronous: true})
+	})
+
+	if err != nil {
+		defaultNotifier.Config.log("bugsnag.handleUncaughtPanic: %v", err)
+	}
+}
diff --git a/vendor/github.com/bugsnag/bugsnag-go/payload.go b/vendor/github.com/bugsnag/bugsnag-go/payload.go
new file mode 100644
index 000000000..a516a5d2d
--- /dev/null
+++ b/vendor/github.com/bugsnag/bugsnag-go/payload.go
@@ -0,0 +1,96 @@
+package bugsnag
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"net/http"
+)
+
+type payload struct {
+	*Event
+	*Configuration
+}
+
+type hash map[string]interface{}
+
+func (p *payload) deliver() error {
+
+	if len(p.APIKey) != 32 {
+		return fmt.Errorf("bugsnag/payload.deliver: invalid api key")
+	}
+
+	buf, err := json.Marshal(p)
+
+	if err != nil {
+		return fmt.Errorf("bugsnag/payload.deliver: %v", err)
+	}
+
+	client := http.Client{
+		Transport: p.Transport,
+	}
+
+	resp, err := client.Post(p.Endpoint, "application/json", bytes.NewBuffer(buf))
+
+	if err != nil {
+		return fmt.Errorf("bugsnag/payload.deliver: %v", err)
+	}
+	defer resp.Body.Close()
+
+	if resp.StatusCode != 200 {
+		return fmt.Errorf("bugsnag/payload.deliver: Got HTTP %s\n", resp.Status)
+	}
+
+	return nil
+}
+
+func (p *payload) MarshalJSON() ([]byte, error) {
+
+	data := hash{
+		"apiKey": p.APIKey,
+
+		"notifier": hash{
+			"name":    "Bugsnag Go",
+			"url":     "https://github.com/bugsnag/bugsnag-go",
+			"version": VERSION,
+		},
+
+		"events": []hash{
+			{
+				"payloadVersion": "2",
+				"exceptions": []hash{
+					{
+						"errorClass": p.ErrorClass,
+						"message":    p.Message,
+						"stacktrace": p.Stacktrace,
+					},
+				},
+				"severity": p.Severity.String,
+				"app": hash{
+					"releaseStage": p.ReleaseStage,
+				},
+				"user":     p.User,
+				"metaData": p.MetaData.sanitize(p.ParamsFilters),
+			},
+		},
+	}
+
+	event := data["events"].([]hash)[0]
+
+	if p.Context != "" {
+		event["context"] = p.Context
+	}
+	if p.GroupingHash != "" {
+		event["groupingHash"] = p.GroupingHash
+	}
+	if p.Hostname != "" {
+		event["device"] = hash{
+			"hostname": p.Hostname,
+		}
+	}
+	if p.AppVersion != "" {
+		event["app"].(hash)["version"] = p.AppVersion
+	}
+	return json.Marshal(data)
+
+}
diff --git a/vendor/github.com/bugsnag/osext/LICENSE b/vendor/github.com/bugsnag/osext/LICENSE
new file mode 100644
index 000000000..18527a28f
--- /dev/null
+++ b/vendor/github.com/bugsnag/osext/LICENSE
@@ -0,0 +1,20 @@
+Copyright (c) 2012 Daniel Theophanes
+
+This software is provided 'as-is', without any express or implied
+warranty. In no event will the authors be held liable for any damages
+arising from the use of this software.
+
+Permission is granted to anyone to use this software for any purpose,
+including commercial applications, and to alter it and redistribute it
+freely, subject to the following restrictions:
+
+   1. The origin of this software must not be misrepresented; you must not
+   claim that you wrote the original software. If you use this software
+   in a product, an acknowledgment in the product documentation would be
+   appreciated but is not required.
+
+   2. Altered source versions must be plainly marked as such, and must not be
+   misrepresented as being the original software.
+
+   3. This notice may not be removed or altered from any source
+   distribution.
diff --git a/vendor/github.com/bugsnag/osext/osext.go b/vendor/github.com/bugsnag/osext/osext.go
new file mode 100644
index 000000000..37efbb221
--- /dev/null
+++ b/vendor/github.com/bugsnag/osext/osext.go
@@ -0,0 +1,32 @@
+// Copyright 2012 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Extensions to the standard "os" package.
+package osext
+
+import "path/filepath"
+
+// Executable returns an absolute path that can be used to
+// re-invoke the current program.
+// It may not be valid after the current program exits.
+func Executable() (string, error) {
+	p, err := executable()
+	return filepath.Clean(p), err
+}
+
+// Returns same path as Executable, returns just the folder
+// path. Excludes the executable name.
+func ExecutableFolder() (string, error) {
+	p, err := Executable()
+	if err != nil {
+		return "", err
+	}
+	folder, _ := filepath.Split(p)
+	return folder, nil
+}
+
+// Depricated. Same as Executable().
+func GetExePath() (exePath string, err error) {
+	return Executable()
+}
diff --git a/vendor/github.com/bugsnag/osext/osext_plan9.go b/vendor/github.com/bugsnag/osext/osext_plan9.go
new file mode 100644
index 000000000..e88c1e093
--- /dev/null
+++ b/vendor/github.com/bugsnag/osext/osext_plan9.go
@@ -0,0 +1,16 @@
+// Copyright 2012 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package osext
+
+import "syscall"
+
+func executable() (string, error) {
+	f, err := Open("/proc/" + itoa(Getpid()) + "/text")
+	if err != nil {
+		return "", err
+	}
+	defer f.Close()
+	return syscall.Fd2path(int(f.Fd()))
+}
diff --git a/vendor/github.com/bugsnag/osext/osext_procfs.go b/vendor/github.com/bugsnag/osext/osext_procfs.go
new file mode 100644
index 000000000..546fec915
--- /dev/null
+++ b/vendor/github.com/bugsnag/osext/osext_procfs.go
@@ -0,0 +1,25 @@
+// Copyright 2012 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build linux netbsd openbsd
+
+package osext
+
+import (
+	"errors"
+	"os"
+	"runtime"
+)
+
+func executable() (string, error) {
+	switch runtime.GOOS {
+	case "linux":
+		return os.Readlink("/proc/self/exe")
+	case "netbsd":
+		return os.Readlink("/proc/curproc/exe")
+	case "openbsd":
+		return os.Readlink("/proc/curproc/file")
+	}
+	return "", errors.New("ExecPath not implemented for " + runtime.GOOS)
+}
diff --git a/vendor/github.com/bugsnag/osext/osext_sysctl.go b/vendor/github.com/bugsnag/osext/osext_sysctl.go
new file mode 100644
index 000000000..d76464628
--- /dev/null
+++ b/vendor/github.com/bugsnag/osext/osext_sysctl.go
@@ -0,0 +1,64 @@
+// Copyright 2012 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build darwin freebsd
+
+package osext
+
+import (
+	"os"
+	"runtime"
+	"syscall"
+	"unsafe"
+)
+
+var startUpcwd, getwdError = os.Getwd()
+
+func executable() (string, error) {
+	var mib [4]int32
+	switch runtime.GOOS {
+	case "freebsd":
+		mib = [4]int32{1 /* CTL_KERN */, 14 /* KERN_PROC */, 12 /* KERN_PROC_PATHNAME */, -1}
+	case "darwin":
+		mib = [4]int32{1 /* CTL_KERN */, 38 /* KERN_PROCARGS */, int32(os.Getpid()), -1}
+	}
+
+	n := uintptr(0)
+	// get length
+	_, _, err := syscall.Syscall6(syscall.SYS___SYSCTL, uintptr(unsafe.Pointer(&mib[0])), 4, 0, uintptr(unsafe.Pointer(&n)), 0, 0)
+	if err != 0 {
+		return "", err
+	}
+	if n == 0 { // shouldn't happen
+		return "", nil
+	}
+	buf := make([]byte, n)
+	_, _, err = syscall.Syscall6(syscall.SYS___SYSCTL, uintptr(unsafe.Pointer(&mib[0])), 4, uintptr(unsafe.Pointer(&buf[0])), uintptr(unsafe.Pointer(&n)), 0, 0)
+	if err != 0 {
+		return "", err
+	}
+	if n == 0 { // shouldn't happen
+		return "", nil
+	}
+	for i, v := range buf {
+		if v == 0 {
+			buf = buf[:i]
+			break
+		}
+	}
+	if buf[0] != '/' {
+		if getwdError != nil {
+			return string(buf), getwdError
+		} else {
+			if buf[0] == '.' {
+				buf = buf[1:]
+			}
+			if startUpcwd[len(startUpcwd)-1] != '/' {
+				return startUpcwd + "/" + string(buf), nil
+			}
+			return startUpcwd + string(buf), nil
+		}
+	}
+	return string(buf), nil
+}
diff --git a/vendor/github.com/bugsnag/osext/osext_windows.go b/vendor/github.com/bugsnag/osext/osext_windows.go
new file mode 100644
index 000000000..72d282cf8
--- /dev/null
+++ b/vendor/github.com/bugsnag/osext/osext_windows.go
@@ -0,0 +1,34 @@
+// Copyright 2012 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package osext
+
+import (
+	"syscall"
+	"unicode/utf16"
+	"unsafe"
+)
+
+var (
+	kernel                = syscall.MustLoadDLL("kernel32.dll")
+	getModuleFileNameProc = kernel.MustFindProc("GetModuleFileNameW")
+)
+
+// GetModuleFileName() with hModule = NULL
+func executable() (exePath string, err error) {
+	return getModuleFileName()
+}
+
+func getModuleFileName() (string, error) {
+	var n uint32
+	b := make([]uint16, syscall.MAX_PATH)
+	size := uint32(len(b))
+
+	r0, _, e1 := getModuleFileNameProc.Call(0, uintptr(unsafe.Pointer(&b[0])), uintptr(size))
+	n = uint32(r0)
+	if n == 0 {
+		return "", e1
+	}
+	return string(utf16.Decode(b[0:n])), nil
+}
diff --git a/vendor/github.com/bugsnag/panicwrap/LICENSE b/vendor/github.com/bugsnag/panicwrap/LICENSE
new file mode 100644
index 000000000..f9c841a51
--- /dev/null
+++ b/vendor/github.com/bugsnag/panicwrap/LICENSE
@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2013 Mitchell Hashimoto
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
diff --git a/vendor/github.com/bugsnag/panicwrap/README.md b/vendor/github.com/bugsnag/panicwrap/README.md
new file mode 100644
index 000000000..d0a596753
--- /dev/null
+++ b/vendor/github.com/bugsnag/panicwrap/README.md
@@ -0,0 +1,101 @@
+# panicwrap
+
+panicwrap is a Go library that re-executes a Go binary and monitors stderr
+output from the binary for a panic. When it find a panic, it executes a
+user-defined handler function. Stdout, stderr, stdin, signals, and exit
+codes continue to work as normal, making the existence of panicwrap mostly
+invisble to the end user until a panic actually occurs.
+
+Since a panic is truly a bug in the program meant to crash the runtime,
+globally catching panics within Go applications is not supposed to be possible.
+Despite this, it is often useful to have a way to know when panics occur.
+panicwrap allows you to do something with these panics, such as writing them
+to a file, so that you can track when panics occur.
+
+panicwrap is ***not a panic recovery system***. Panics indicate serious
+problems with your application and _should_ crash the runtime. panicwrap
+is just meant as a way to monitor for panics. If you still think this is
+the worst idea ever, read the section below on why.
+
+## Features
+
+* **SIMPLE!**
+* Works with all Go applications on all platforms Go supports
+* Custom behavior when a panic occurs
+* Stdout, stderr, stdin, exit codes, and signals continue to work as
+  expected.
+
+## Usage
+
+Using panicwrap is simple. It behaves a lot like `fork`, if you know
+how that works. A basic example is shown below.
+
+Because it would be sad to panic while capturing a panic, it is recommended
+that the handler functions for panicwrap remain relatively simple and well
+tested. panicwrap itself contains many tests.
+
+```go
+package main
+
+import (
+	"fmt"
+	"github.com/mitchellh/panicwrap"
+	"os"
+)
+
+func main() {
+	exitStatus, err := panicwrap.BasicWrap(panicHandler)
+	if err != nil {
+		// Something went wrong setting up the panic wrapper. Unlikely,
+		// but possible.
+		panic(err)
+	}
+
+	// If exitStatus >= 0, then we're the parent process and the panicwrap
+	// re-executed ourselves and completed. Just exit with the proper status.
+	if exitStatus >= 0 {
+		os.Exit(exitStatus)
+	}
+
+	// Otherwise, exitStatus < 0 means we're the child. Continue executing as
+	// normal...
+
+	// Let's say we panic
+	panic("oh shucks")
+}
+
+func panicHandler(output string) {
+	// output contains the full output (including stack traces) of the
+	// panic. Put it in a file or something.
+	fmt.Printf("The child panicked:\n\n%s\n", output)
+	os.Exit(1)
+}
+```
+
+## How Does it Work?
+
+panicwrap works by re-executing the running program (retaining arguments,
+environmental variables, etc.) and monitoring the stderr of the program.
+Since Go always outputs panics in a predictable way with a predictable
+exit code, panicwrap is able to reliably detect panics and allow the parent
+process to handle them.
+
+## WHY?! Panics should CRASH!
+
+Yes, panics _should_ crash. They are 100% always indicative of bugs.
+However, in some cases, such as user-facing programs (programs like
+[Packer](http://github.com/mitchellh/packer) or
+[Docker](http://github.com/dotcloud/docker)), it is up to the user to
+report such panics. This is unreliable, at best, and it would be better if the
+program could have a way to automatically report panics. panicwrap provides
+a way to do this.
+
+For backend applications, it is easier to detect crashes (since the application
+exits). However, it is still nice sometimes to more intelligently log
+panics in some way. For example, at [HashiCorp](http://www.hashicorp.com),
+we use panicwrap to log panics to timestamped files with some additional
+data (configuration settings at the time, environmental variables, etc.)
+
+The goal of panicwrap is _not_ to hide panics. It is instead to provide
+a clean mechanism for handling them before bubbling the up to the user
+and ultimately crashing.
diff --git a/vendor/github.com/bugsnag/panicwrap/dup2.go b/vendor/github.com/bugsnag/panicwrap/dup2.go
new file mode 100644
index 000000000..de523c83d
--- /dev/null
+++ b/vendor/github.com/bugsnag/panicwrap/dup2.go
@@ -0,0 +1,11 @@
+// +build darwin dragonfly freebsd linux,!arm64 netbsd openbsd
+
+package panicwrap
+
+import (
+	"syscall"
+)
+
+func dup2(oldfd, newfd int) error {
+	return syscall.Dup2(oldfd, newfd)
+}
diff --git a/vendor/github.com/bugsnag/panicwrap/dup3.go b/vendor/github.com/bugsnag/panicwrap/dup3.go
new file mode 100644
index 000000000..9721b36cc
--- /dev/null
+++ b/vendor/github.com/bugsnag/panicwrap/dup3.go
@@ -0,0 +1,11 @@
+// +build linux,arm64
+
+package panicwrap
+
+import (
+	"syscall"
+)
+
+func dup2(oldfd, newfd int) error {
+	return syscall.Dup3(oldfd, newfd, 0)
+}
diff --git a/vendor/github.com/bugsnag/panicwrap/monitor.go b/vendor/github.com/bugsnag/panicwrap/monitor.go
new file mode 100644
index 000000000..72b418a27
--- /dev/null
+++ b/vendor/github.com/bugsnag/panicwrap/monitor.go
@@ -0,0 +1,62 @@
+// +build !windows
+
+package panicwrap
+
+import (
+	"github.com/bugsnag/osext"
+	"os"
+	"os/exec"
+)
+
+func monitor(c *WrapConfig) (int, error) {
+
+	// If we're the child process, absorb panics.
+	if Wrapped(c) {
+		panicCh := make(chan string)
+
+		go trackPanic(os.Stdin, os.Stderr, c.DetectDuration, panicCh)
+
+		// Wait on the panic data
+		panicTxt := <-panicCh
+		if panicTxt != "" {
+			if !c.HidePanic {
+				os.Stderr.Write([]byte(panicTxt))
+			}
+
+			c.Handler(panicTxt)
+		}
+
+		os.Exit(0)
+	}
+
+	exePath, err := osext.Executable()
+	if err != nil {
+		return -1, err
+	}
+	cmd := exec.Command(exePath, os.Args[1:]...)
+
+	read, write, err := os.Pipe()
+	if err != nil {
+		return -1, err
+	}
+
+	cmd.Stdin = read
+	cmd.Stdout = os.Stdout
+	cmd.Stderr = os.Stderr
+	cmd.Env = append(os.Environ(), c.CookieKey+"="+c.CookieValue)
+
+	if err != nil {
+		return -1, err
+	}
+	err = cmd.Start()
+	if err != nil {
+		return -1, err
+	}
+
+	err = dup2(int(write.Fd()), int(os.Stderr.Fd()))
+	if err != nil {
+		return -1, err
+	}
+
+	return -1, nil
+}
diff --git a/vendor/github.com/bugsnag/panicwrap/monitor_windows.go b/vendor/github.com/bugsnag/panicwrap/monitor_windows.go
new file mode 100644
index 000000000..d07a69218
--- /dev/null
+++ b/vendor/github.com/bugsnag/panicwrap/monitor_windows.go
@@ -0,0 +1,7 @@
+package panicwrap
+
+import "fmt"
+
+func monitor(c *WrapConfig) (int, error) {
+	return -1, fmt.Errorf("Monitor is not supported on windows")
+}
diff --git a/vendor/github.com/bugsnag/panicwrap/panicwrap.go b/vendor/github.com/bugsnag/panicwrap/panicwrap.go
new file mode 100644
index 000000000..f9ea3e3e6
--- /dev/null
+++ b/vendor/github.com/bugsnag/panicwrap/panicwrap.go
@@ -0,0 +1,339 @@
+// The panicwrap package provides functions for capturing and handling
+// panics in your application. It does this by re-executing the running
+// application and monitoring stderr for any panics. At the same time,
+// stdout/stderr/etc. are set to the same values so that data is shuttled
+// through properly, making the existence of panicwrap mostly transparent.
+//
+// Panics are only detected when the subprocess exits with a non-zero
+// exit status, since this is the only time panics are real. Otherwise,
+// "panic-like" output is ignored.
+package panicwrap
+
+import (
+	"bytes"
+	"errors"
+	"github.com/bugsnag/osext"
+	"io"
+	"os"
+	"os/exec"
+	"os/signal"
+	"runtime"
+	"syscall"
+	"time"
+)
+
+const (
+	DEFAULT_COOKIE_KEY = "cccf35992f8f3cd8d1d28f0109dd953e26664531"
+	DEFAULT_COOKIE_VAL = "7c28215aca87789f95b406b8dd91aa5198406750"
+)
+
+// HandlerFunc is the type called when a panic is detected.
+type HandlerFunc func(string)
+
+// WrapConfig is the configuration for panicwrap when wrapping an existing
+// binary. To get started, in general, you only need the BasicWrap function
+// that will set this up for you. However, for more customizability,
+// WrapConfig and Wrap can be used.
+type WrapConfig struct {
+	// Handler is the function called when a panic occurs.
+	Handler HandlerFunc
+
+	// The cookie key and value are used within environmental variables
+	// to tell the child process that it is already executing so that
+	// wrap doesn't re-wrap itself.
+	CookieKey   string
+	CookieValue string
+
+	// If true, the panic will not be mirrored to the configured writer
+	// and will instead ONLY go to the handler. This lets you effectively
+	// hide panics from the end user. This is not recommended because if
+	// your handler fails, the panic is effectively lost.
+	HidePanic bool
+
+	// If true, panicwrap will boot a monitor sub-process and let the parent
+	// run the app. This mode is useful for processes run under supervisors
+	// like runit as signals get sent to the correct codebase. This is not
+	// supported when GOOS=windows, and ignores c.Stderr and c.Stdout.
+	Monitor bool
+
+	// The amount of time that a process must exit within after detecting
+	// a panic header for panicwrap to assume it is a panic. Defaults to
+	// 300 milliseconds.
+	DetectDuration time.Duration
+
+	// The writer to send the stderr to. If this is nil, then it defaults
+	// to os.Stderr.
+	Writer io.Writer
+
+	// The writer to send stdout to. If this is nil, then it defaults to
+	// os.Stdout.
+	Stdout io.Writer
+}
+
+// BasicWrap calls Wrap with the given handler function, using defaults
+// for everything else. See Wrap and WrapConfig for more information on
+// functionality and return values.
+func BasicWrap(f HandlerFunc) (int, error) {
+	return Wrap(&WrapConfig{
+		Handler: f,
+	})
+}
+
+// BasicMonitor calls Wrap with Monitor set to true on supported platforms.
+// It forks your program and runs it again form the start. In one process
+// BasicMonitor never returns, it just listens on stderr of the other process,
+// and calls your handler when a panic is seen. In the other it either returns
+// nil to indicate that the panic monitoring is enabled, or an error to indicate
+// that something else went wrong.
+func BasicMonitor(f HandlerFunc) error {
+	exitStatus, err := Wrap(&WrapConfig{
+		Handler: f,
+		Monitor: runtime.GOOS != "windows",
+	})
+
+	if err != nil {
+		return err
+	}
+
+	if exitStatus >= 0 {
+		os.Exit(exitStatus)
+	}
+
+	return nil
+}
+
+// Wrap wraps the current executable in a handler to catch panics. It
+// returns an error if there was an error during the wrapping process.
+// If the error is nil, then the int result indicates the exit status of the
+// child process. If the exit status is -1, then this is the child process,
+// and execution should continue as normal. Otherwise, this is the parent
+// process and the child successfully ran already, and you should exit the
+// process with the returned exit status.
+//
+// This function should be called very very early in your program's execution.
+// Ideally, this runs as the first line of code of main.
+//
+// Once this is called, the given WrapConfig shouldn't be modified or used
+// any further.
+func Wrap(c *WrapConfig) (int, error) {
+	if c.Handler == nil {
+		return -1, errors.New("Handler must be set")
+	}
+
+	if c.DetectDuration == 0 {
+		c.DetectDuration = 300 * time.Millisecond
+	}
+
+	if c.Writer == nil {
+		c.Writer = os.Stderr
+	}
+
+	if c.Monitor {
+		return monitor(c)
+	} else {
+		return wrap(c)
+	}
+}
+
+func wrap(c *WrapConfig) (int, error) {
+
+	// If we're already wrapped, exit out.
+	if Wrapped(c) {
+		return -1, nil
+	}
+
+	// Get the path to our current executable
+	exePath, err := osext.Executable()
+	if err != nil {
+		return -1, err
+	}
+
+	// Pipe the stderr so we can read all the data as we look for panics
+	stderr_r, stderr_w := io.Pipe()
+
+	// doneCh is closed when we're done, signaling any other goroutines
+	// to end immediately.
+	doneCh := make(chan struct{})
+
+	// panicCh is the channel on which the panic text will actually be
+	// sent.
+	panicCh := make(chan string)
+
+	// On close, make sure to finish off the copying of data to stderr
+	defer func() {
+		defer close(doneCh)
+		stderr_w.Close()
+		<-panicCh
+	}()
+
+	// Start the goroutine that will watch stderr for any panics
+	go trackPanic(stderr_r, c.Writer, c.DetectDuration, panicCh)
+
+	// Create the writer for stdout that we're going to use
+	var stdout_w io.Writer = os.Stdout
+	if c.Stdout != nil {
+		stdout_w = c.Stdout
+	}
+
+	// Build a subcommand to re-execute ourselves. We make sure to
+	// set the environmental variable to include our cookie. We also
+	// set stdin/stdout to match the config. Finally, we pipe stderr
+	// through ourselves in order to watch for panics.
+	cmd := exec.Command(exePath, os.Args[1:]...)
+	cmd.Env = append(os.Environ(), c.CookieKey+"="+c.CookieValue)
+	cmd.Stdin = os.Stdin
+	cmd.Stdout = stdout_w
+	cmd.Stderr = stderr_w
+	if err := cmd.Start(); err != nil {
+		return 1, err
+	}
+
+	// Listen to signals and capture them forever. We allow the child
+	// process to handle them in some way.
+	sigCh := make(chan os.Signal)
+	signal.Notify(sigCh, os.Interrupt)
+	go func() {
+		defer signal.Stop(sigCh)
+		for {
+			select {
+			case <-doneCh:
+				return
+			case <-sigCh:
+			}
+		}
+	}()
+
+	if err := cmd.Wait(); err != nil {
+		exitErr, ok := err.(*exec.ExitError)
+		if !ok {
+			// This is some other kind of subprocessing error.
+			return 1, err
+		}
+
+		exitStatus := 1
+		if status, ok := exitErr.Sys().(syscall.WaitStatus); ok {
+			exitStatus = status.ExitStatus()
+		}
+
+		// Close the writer end so that the tracker goroutine ends at some point
+		stderr_w.Close()
+
+		// Wait on the panic data
+		panicTxt := <-panicCh
+		if panicTxt != "" {
+			if !c.HidePanic {
+				c.Writer.Write([]byte(panicTxt))
+			}
+
+			c.Handler(panicTxt)
+		}
+
+		return exitStatus, nil
+	}
+
+	return 0, nil
+}
+
+// Wrapped checks if we're already wrapped according to the configuration
+// given.
+//
+// Wrapped is very cheap and can be used early to short-circuit some pre-wrap
+// logic your application may have.
+func Wrapped(c *WrapConfig) bool {
+	if c.CookieKey == "" {
+		c.CookieKey = DEFAULT_COOKIE_KEY
+	}
+
+	if c.CookieValue == "" {
+		c.CookieValue = DEFAULT_COOKIE_VAL
+	}
+
+	// If the cookie key/value match our environment, then we are the
+	// child, so just exit now and tell the caller that we're the child
+	return os.Getenv(c.CookieKey) == c.CookieValue
+}
+
+// trackPanic monitors the given reader for a panic. If a panic is detected,
+// it is outputted on the result channel. This will close the channel once
+// it is complete.
+func trackPanic(r io.Reader, w io.Writer, dur time.Duration, result chan<- string) {
+	defer close(result)
+
+	var panicTimer <-chan time.Time
+	panicBuf := new(bytes.Buffer)
+	panicHeader := []byte("panic:")
+
+	tempBuf := make([]byte, 2048)
+	for {
+		var buf []byte
+		var n int
+
+		if panicTimer == nil && panicBuf.Len() > 0 {
+			// We're not tracking a panic but the buffer length is
+			// greater than 0. We need to clear out that buffer, but
+			// look for another panic along the way.
+
+			// First, remove the previous panic header so we don't loop
+			w.Write(panicBuf.Next(len(panicHeader)))
+
+			// Next, assume that this is our new buffer to inspect
+			n = panicBuf.Len()
+			buf = make([]byte, n)
+			copy(buf, panicBuf.Bytes())
+			panicBuf.Reset()
+		} else {
+			var err error
+			buf = tempBuf
+			n, err = r.Read(buf)
+			if n <= 0 && err == io.EOF {
+				if panicBuf.Len() > 0 {
+					// We were tracking a panic, assume it was a panic
+					// and return that as the result.
+					result <- panicBuf.String()
+				}
+
+				return
+			}
+		}
+
+		if panicTimer != nil {
+			// We're tracking what we think is a panic right now.
+			// If the timer ended, then it is not a panic.
+			isPanic := true
+			select {
+			case <-panicTimer:
+				isPanic = false
+			default:
+			}
+
+			// No matter what, buffer the text some more.
+			panicBuf.Write(buf[0:n])
+
+			if !isPanic {
+				// It isn't a panic, stop tracking. Clean-up will happen
+				// on the next iteration.
+				panicTimer = nil
+			}
+
+			continue
+		}
+
+		flushIdx := n
+		idx := bytes.Index(buf[0:n], panicHeader)
+		if idx >= 0 {
+			flushIdx = idx
+		}
+
+		// Flush to stderr what isn't a panic
+		w.Write(buf[0:flushIdx])
+
+		if idx < 0 {
+			// Not a panic so just continue along
+			continue
+		}
+
+		// We have a panic header. Write we assume is a panic os far.
+		panicBuf.Write(buf[idx:n])
+		panicTimer = time.After(dur)
+	}
+}
diff --git a/vendor/github.com/denverdino/aliyungo/LICENSE.txt b/vendor/github.com/denverdino/aliyungo/LICENSE.txt
new file mode 100644
index 000000000..918297133
--- /dev/null
+++ b/vendor/github.com/denverdino/aliyungo/LICENSE.txt
@@ -0,0 +1,191 @@
+
+                                 Apache License
+                           Version 2.0, January 2004
+                        https://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   Copyright 2015-2015 Li Yi (denverdino@gmail.com).
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       https://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
diff --git a/vendor/github.com/denverdino/aliyungo/common/client.go b/vendor/github.com/denverdino/aliyungo/common/client.go
new file mode 100644
index 000000000..6c00d1c19
--- /dev/null
+++ b/vendor/github.com/denverdino/aliyungo/common/client.go
@@ -0,0 +1,550 @@
+package common
+
+import (
+	"bytes"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"io/ioutil"
+	"log"
+	"net/http"
+	"net/url"
+	"os"
+	"strconv"
+	"strings"
+	"time"
+
+	"github.com/denverdino/aliyungo/util"
+)
+
+// RemovalPolicy.N add index to array item
+// RemovalPolicy=["a", "b"] => RemovalPolicy.1="a" RemovalPolicy.2="b"
+type FlattenArray []string
+
+// string contains underline which will be replaced with dot
+// SystemDisk_Category => SystemDisk.Category
+type UnderlineString string
+
+// A Client represents a client of ECS services
+type Client struct {
+	AccessKeyId     string //Access Key Id
+	AccessKeySecret string //Access Key Secret
+	securityToken   string
+	debug           bool
+	httpClient      *http.Client
+	endpoint        string
+	version         string
+	serviceCode     string
+	regionID        Region
+	businessInfo    string
+	userAgent       string
+}
+
+// Initialize properties of a client instance
+func (client *Client) Init(endpoint, version, accessKeyId, accessKeySecret string) {
+	client.AccessKeyId = accessKeyId
+	ak := accessKeySecret
+	if !strings.HasSuffix(ak, "&") {
+		ak += "&"
+	}
+	client.AccessKeySecret = ak
+	client.debug = false
+	handshakeTimeout, err := strconv.Atoi(os.Getenv("TLSHandshakeTimeout"))
+	if err != nil {
+		handshakeTimeout = 0
+	}
+	if handshakeTimeout == 0 {
+		client.httpClient = &http.Client{}
+	} else {
+		t := &http.Transport{
+			TLSHandshakeTimeout: time.Duration(handshakeTimeout) * time.Second}
+		client.httpClient = &http.Client{Transport: t}
+	}
+	client.endpoint = endpoint
+	client.version = version
+}
+
+// Initialize properties of a client instance including regionID
+func (client *Client) NewInit(endpoint, version, accessKeyId, accessKeySecret, serviceCode string, regionID Region) {
+	client.Init(endpoint, version, accessKeyId, accessKeySecret)
+	client.serviceCode = serviceCode
+	client.regionID = regionID
+}
+
+// Intialize client object when all properties are ready
+func (client *Client) InitClient() *Client {
+	client.debug = false
+	handshakeTimeout, err := strconv.Atoi(os.Getenv("TLSHandshakeTimeout"))
+	if err != nil {
+		handshakeTimeout = 0
+	}
+	if handshakeTimeout == 0 {
+		client.httpClient = &http.Client{}
+	} else {
+		t := &http.Transport{
+			TLSHandshakeTimeout: time.Duration(handshakeTimeout) * time.Second}
+		client.httpClient = &http.Client{Transport: t}
+	}
+	return client
+}
+
+func (client *Client) NewInitForAssumeRole(endpoint, version, accessKeyId, accessKeySecret, serviceCode string, regionID Region, securityToken string) {
+	client.NewInit(endpoint, version, accessKeyId, accessKeySecret, serviceCode, regionID)
+	client.securityToken = securityToken
+}
+
+//getLocationEndpoint
+func (client *Client) getEndpointByLocation() string {
+	locationClient := NewLocationClient(client.AccessKeyId, client.AccessKeySecret, client.securityToken)
+	locationClient.SetDebug(true)
+	return locationClient.DescribeOpenAPIEndpoint(client.regionID, client.serviceCode)
+}
+
+//NewClient using location service
+func (client *Client) setEndpointByLocation(region Region, serviceCode, accessKeyId, accessKeySecret, securityToken string) {
+	locationClient := NewLocationClient(accessKeyId, accessKeySecret, securityToken)
+	locationClient.SetDebug(true)
+	ep := locationClient.DescribeOpenAPIEndpoint(region, serviceCode)
+	if ep == "" {
+		ep = loadEndpointFromFile(region, serviceCode)
+	}
+
+	if ep != "" {
+		client.endpoint = ep
+	}
+}
+
+// Ensure all necessary properties are valid
+func (client *Client) ensureProperties() error {
+	var msg string
+
+	if client.endpoint == "" {
+		msg = fmt.Sprintf("endpoint cannot be empty!")
+	} else if client.version == "" {
+		msg = fmt.Sprintf("version cannot be empty!")
+	} else if client.AccessKeyId == "" {
+		msg = fmt.Sprintf("AccessKeyId cannot be empty!")
+	} else if client.AccessKeySecret == "" {
+		msg = fmt.Sprintf("AccessKeySecret cannot be empty!")
+	}
+
+	if msg != "" {
+		return errors.New(msg)
+	}
+
+	return nil
+}
+
+// ----------------------------------------------------
+// WithXXX methods
+// ----------------------------------------------------
+
+// WithEndpoint sets custom endpoint
+func (client *Client) WithEndpoint(endpoint string) *Client {
+	client.SetEndpoint(endpoint)
+	return client
+}
+
+// WithVersion sets custom version
+func (client *Client) WithVersion(version string) *Client {
+	client.SetVersion(version)
+	return client
+}
+
+// WithRegionID sets Region ID
+func (client *Client) WithRegionID(regionID Region) *Client {
+	client.SetRegionID(regionID)
+	return client
+}
+
+//WithServiceCode sets serviceCode
+func (client *Client) WithServiceCode(serviceCode string) *Client {
+	client.SetServiceCode(serviceCode)
+	return client
+}
+
+// WithAccessKeyId sets new AccessKeyId
+func (client *Client) WithAccessKeyId(id string) *Client {
+	client.SetAccessKeyId(id)
+	return client
+}
+
+// WithAccessKeySecret sets new AccessKeySecret
+func (client *Client) WithAccessKeySecret(secret string) *Client {
+	client.SetAccessKeySecret(secret)
+	return client
+}
+
+// WithSecurityToken sets securityToken
+func (client *Client) WithSecurityToken(securityToken string) *Client {
+	client.SetSecurityToken(securityToken)
+	return client
+}
+
+// WithDebug sets debug mode to log the request/response message
+func (client *Client) WithDebug(debug bool) *Client {
+	client.SetDebug(debug)
+	return client
+}
+
+// WithBusinessInfo sets business info to log the request/response message
+func (client *Client) WithBusinessInfo(businessInfo string) *Client {
+	client.SetBusinessInfo(businessInfo)
+	return client
+}
+
+// WithUserAgent sets user agent to the request/response message
+func (client *Client) WithUserAgent(userAgent string) *Client {
+	client.SetUserAgent(userAgent)
+	return client
+}
+
+// ----------------------------------------------------
+// SetXXX methods
+// ----------------------------------------------------
+
+// SetEndpoint sets custom endpoint
+func (client *Client) SetEndpoint(endpoint string) {
+	client.endpoint = endpoint
+}
+
+// SetEndpoint sets custom version
+func (client *Client) SetVersion(version string) {
+	client.version = version
+}
+
+// SetEndpoint sets Region ID
+func (client *Client) SetRegionID(regionID Region) {
+	client.regionID = regionID
+}
+
+//SetServiceCode sets serviceCode
+func (client *Client) SetServiceCode(serviceCode string) {
+	client.serviceCode = serviceCode
+}
+
+// SetAccessKeyId sets new AccessKeyId
+func (client *Client) SetAccessKeyId(id string) {
+	client.AccessKeyId = id
+}
+
+// SetAccessKeySecret sets new AccessKeySecret
+func (client *Client) SetAccessKeySecret(secret string) {
+	client.AccessKeySecret = secret + "&"
+}
+
+// SetDebug sets debug mode to log the request/response message
+func (client *Client) SetDebug(debug bool) {
+	client.debug = debug
+}
+
+// SetBusinessInfo sets business info to log the request/response message
+func (client *Client) SetBusinessInfo(businessInfo string) {
+	if strings.HasPrefix(businessInfo, "/") {
+		client.businessInfo = businessInfo
+	} else if businessInfo != "" {
+		client.businessInfo = "/" + businessInfo
+	}
+}
+
+// SetUserAgent sets user agent to the request/response message
+func (client *Client) SetUserAgent(userAgent string) {
+	client.userAgent = userAgent
+}
+
+//set SecurityToken
+func (client *Client) SetSecurityToken(securityToken string) {
+	client.securityToken = securityToken
+}
+
+func (client *Client) initEndpoint() error {
+	// if set any value to "CUSTOMIZED_ENDPOINT" could skip location service.
+	// example: export CUSTOMIZED_ENDPOINT=true
+	if os.Getenv("CUSTOMIZED_ENDPOINT") != "" {
+		return nil
+	}
+
+	if client.serviceCode != "" && client.regionID != "" {
+		endpoint := client.getEndpointByLocation()
+		if endpoint == "" {
+			return GetCustomError("InvalidEndpoint", "endpoint is empty,pls check")
+		}
+		client.endpoint = endpoint
+	}
+	return nil
+}
+
+// Invoke sends the raw HTTP request for ECS services
+func (client *Client) Invoke(action string, args interface{}, response interface{}) error {
+	if err := client.ensureProperties(); err != nil {
+		return err
+	}
+
+	//init endpoint
+	if err := client.initEndpoint(); err != nil {
+		return err
+	}
+
+	request := Request{}
+	request.init(client.version, action, client.AccessKeyId, client.securityToken, client.regionID)
+
+	query := util.ConvertToQueryValues(request)
+	util.SetQueryValues(args, &query)
+
+	// Sign request
+	signature := util.CreateSignatureForRequest(ECSRequestMethod, &query, client.AccessKeySecret)
+
+	// Generate the request URL
+	requestURL := client.endpoint + "?" + query.Encode() + "&Signature=" + url.QueryEscape(signature)
+
+	httpReq, err := http.NewRequest(ECSRequestMethod, requestURL, nil)
+
+	if err != nil {
+		return GetClientError(err)
+	}
+
+	// TODO move to util and add build val flag
+	httpReq.Header.Set("X-SDK-Client", `AliyunGO/`+Version+client.businessInfo)
+
+	httpReq.Header.Set("User-Agent", httpReq.UserAgent()+" "+client.userAgent)
+
+	t0 := time.Now()
+	httpResp, err := client.httpClient.Do(httpReq)
+	t1 := time.Now()
+	if err != nil {
+		return GetClientError(err)
+	}
+	statusCode := httpResp.StatusCode
+
+	if client.debug {
+		log.Printf("Invoke %s %s %d (%v)", ECSRequestMethod, requestURL, statusCode, t1.Sub(t0))
+	}
+
+	defer httpResp.Body.Close()
+	body, err := ioutil.ReadAll(httpResp.Body)
+
+	if err != nil {
+		return GetClientError(err)
+	}
+
+	if client.debug {
+		var prettyJSON bytes.Buffer
+		err = json.Indent(&prettyJSON, body, "", "    ")
+		log.Println(string(prettyJSON.Bytes()))
+	}
+
+	if statusCode >= 400 && statusCode <= 599 {
+		errorResponse := ErrorResponse{}
+		err = json.Unmarshal(body, &errorResponse)
+		ecsError := &Error{
+			ErrorResponse: errorResponse,
+			StatusCode:    statusCode,
+		}
+		return ecsError
+	}
+
+	err = json.Unmarshal(body, response)
+	//log.Printf("%++v", response)
+	if err != nil {
+		return GetClientError(err)
+	}
+
+	return nil
+}
+
+// Invoke sends the raw HTTP request for ECS services
+func (client *Client) InvokeByFlattenMethod(action string, args interface{}, response interface{}) error {
+	if err := client.ensureProperties(); err != nil {
+		return err
+	}
+
+	//init endpoint
+	if err := client.initEndpoint(); err != nil {
+		return err
+	}
+
+	request := Request{}
+	request.init(client.version, action, client.AccessKeyId, client.securityToken, client.regionID)
+
+	query := util.ConvertToQueryValues(request)
+
+	util.SetQueryValueByFlattenMethod(args, &query)
+
+	// Sign request
+	signature := util.CreateSignatureForRequest(ECSRequestMethod, &query, client.AccessKeySecret)
+
+	// Generate the request URL
+	requestURL := client.endpoint + "?" + query.Encode() + "&Signature=" + url.QueryEscape(signature)
+
+	httpReq, err := http.NewRequest(ECSRequestMethod, requestURL, nil)
+
+	if err != nil {
+		return GetClientError(err)
+	}
+
+	// TODO move to util and add build val flag
+	httpReq.Header.Set("X-SDK-Client", `AliyunGO/`+Version+client.businessInfo)
+
+	httpReq.Header.Set("User-Agent", httpReq.UserAgent()+" "+client.userAgent)
+
+	t0 := time.Now()
+	httpResp, err := client.httpClient.Do(httpReq)
+	t1 := time.Now()
+	if err != nil {
+		return GetClientError(err)
+	}
+	statusCode := httpResp.StatusCode
+
+	if client.debug {
+		log.Printf("Invoke %s %s %d (%v)", ECSRequestMethod, requestURL, statusCode, t1.Sub(t0))
+	}
+
+	defer httpResp.Body.Close()
+	body, err := ioutil.ReadAll(httpResp.Body)
+
+	if err != nil {
+		return GetClientError(err)
+	}
+
+	if client.debug {
+		var prettyJSON bytes.Buffer
+		err = json.Indent(&prettyJSON, body, "", "    ")
+		log.Println(string(prettyJSON.Bytes()))
+	}
+
+	if statusCode >= 400 && statusCode <= 599 {
+		errorResponse := ErrorResponse{}
+		err = json.Unmarshal(body, &errorResponse)
+		ecsError := &Error{
+			ErrorResponse: errorResponse,
+			StatusCode:    statusCode,
+		}
+		return ecsError
+	}
+
+	err = json.Unmarshal(body, response)
+	//log.Printf("%++v", response)
+	if err != nil {
+		return GetClientError(err)
+	}
+
+	return nil
+}
+
+// Invoke sends the raw HTTP request for ECS services
+//改进了一下上面那个方法，可以使用各种Http方法
+//2017.1.30 增加了一个path参数，用来拓展访问的地址
+func (client *Client) InvokeByAnyMethod(method, action, path string, args interface{}, response interface{}) error {
+	if err := client.ensureProperties(); err != nil {
+		return err
+	}
+
+	//init endpoint
+	if err := client.initEndpoint(); err != nil {
+		return err
+	}
+
+	request := Request{}
+	request.init(client.version, action, client.AccessKeyId, client.securityToken, client.regionID)
+	data := util.ConvertToQueryValues(request)
+	util.SetQueryValues(args, &data)
+
+	// Sign request
+	signature := util.CreateSignatureForRequest(method, &data, client.AccessKeySecret)
+
+	data.Add("Signature", signature)
+	// Generate the request URL
+	var (
+		httpReq *http.Request
+		err     error
+	)
+	if method == http.MethodGet {
+		requestURL := client.endpoint + path + "?" + data.Encode()
+		//fmt.Println(requestURL)
+		httpReq, err = http.NewRequest(method, requestURL, nil)
+	} else {
+		//fmt.Println(client.endpoint + path)
+		httpReq, err = http.NewRequest(method, client.endpoint+path, strings.NewReader(data.Encode()))
+		httpReq.Header.Set("Content-Type", "application/x-www-form-urlencoded")
+	}
+
+	if err != nil {
+		return GetClientError(err)
+	}
+
+	// TODO move to util and add build val flag
+	httpReq.Header.Set("X-SDK-Client", `AliyunGO/`+Version+client.businessInfo)
+	httpReq.Header.Set("User-Agent", httpReq.Header.Get("User-Agent")+" "+client.userAgent)
+
+	t0 := time.Now()
+	httpResp, err := client.httpClient.Do(httpReq)
+	t1 := time.Now()
+	if err != nil {
+		return GetClientError(err)
+	}
+	statusCode := httpResp.StatusCode
+
+	if client.debug {
+		log.Printf("Invoke %s %s %d (%v) %v", ECSRequestMethod, client.endpoint, statusCode, t1.Sub(t0), data.Encode())
+	}
+
+	defer httpResp.Body.Close()
+	body, err := ioutil.ReadAll(httpResp.Body)
+
+	if err != nil {
+		return GetClientError(err)
+	}
+
+	if client.debug {
+		var prettyJSON bytes.Buffer
+		err = json.Indent(&prettyJSON, body, "", "    ")
+		log.Println(string(prettyJSON.Bytes()))
+	}
+
+	if statusCode >= 400 && statusCode <= 599 {
+		errorResponse := ErrorResponse{}
+		err = json.Unmarshal(body, &errorResponse)
+		ecsError := &Error{
+			ErrorResponse: errorResponse,
+			StatusCode:    statusCode,
+		}
+		return ecsError
+	}
+
+	err = json.Unmarshal(body, response)
+	//log.Printf("%++v", response)
+	if err != nil {
+		return GetClientError(err)
+	}
+
+	return nil
+}
+
+// GenerateClientToken generates the Client Token with random string
+func (client *Client) GenerateClientToken() string {
+	return util.CreateRandomString()
+}
+
+func GetClientErrorFromString(str string) error {
+	return &Error{
+		ErrorResponse: ErrorResponse{
+			Code:    "AliyunGoClientFailure",
+			Message: str,
+		},
+		StatusCode: -1,
+	}
+}
+
+func GetClientError(err error) error {
+	return GetClientErrorFromString(err.Error())
+}
+
+func GetCustomError(code, message string) error {
+	return &Error{
+		ErrorResponse: ErrorResponse{
+			Code:    code,
+			Message: message,
+		},
+		StatusCode: 400,
+	}
+}
diff --git a/vendor/github.com/denverdino/aliyungo/common/endpoint.go b/vendor/github.com/denverdino/aliyungo/common/endpoint.go
new file mode 100644
index 000000000..757f7a784
--- /dev/null
+++ b/vendor/github.com/denverdino/aliyungo/common/endpoint.go
@@ -0,0 +1,208 @@
+package common
+
+import (
+	"encoding/xml"
+	"fmt"
+	"io/ioutil"
+	"log"
+	"os"
+	"strings"
+	"time"
+)
+
+const (
+	// LocationDefaultEndpoint is the default API endpoint of Location services
+	locationDefaultEndpoint = "https://location.aliyuncs.com"
+	locationAPIVersion      = "2015-06-12"
+	HTTP_PROTOCOL           = "http"
+	HTTPS_PROTOCOL          = "https"
+)
+
+var (
+	endpoints = make(map[Region]map[string]string)
+
+	SpecailEnpoints = map[Region]map[string]string{
+		APNorthEast1: {
+			"ecs": "https://ecs.ap-northeast-1.aliyuncs.com",
+			"slb": "https://slb.ap-northeast-1.aliyuncs.com",
+			"rds": "https://rds.ap-northeast-1.aliyuncs.com",
+			"vpc": "https://vpc.ap-northeast-1.aliyuncs.com",
+		},
+		APSouthEast2: {
+			"ecs": "https://ecs.ap-southeast-2.aliyuncs.com",
+			"slb": "https://slb.ap-southeast-2.aliyuncs.com",
+			"rds": "https://rds.ap-southeast-2.aliyuncs.com",
+			"vpc": "https://vpc.ap-southeast-2.aliyuncs.com",
+		},
+		APSouthEast3: {
+			"ecs": "https://ecs.ap-southeast-3.aliyuncs.com",
+			"slb": "https://slb.ap-southeast-3.aliyuncs.com",
+			"rds": "https://rds.ap-southeast-3.aliyuncs.com",
+			"vpc": "https://vpc.ap-southeast-3.aliyuncs.com",
+		},
+		MEEast1: {
+			"ecs": "https://ecs.me-east-1.aliyuncs.com",
+			"slb": "https://slb.me-east-1.aliyuncs.com",
+			"rds": "https://rds.me-east-1.aliyuncs.com",
+			"vpc": "https://vpc.me-east-1.aliyuncs.com",
+		},
+		EUCentral1: {
+			"ecs": "https://ecs.eu-central-1.aliyuncs.com",
+			"slb": "https://slb.eu-central-1.aliyuncs.com",
+			"rds": "https://rds.eu-central-1.aliyuncs.com",
+			"vpc": "https://vpc.eu-central-1.aliyuncs.com",
+		},
+		EUWest1: {
+			"ecs": "https://ecs.eu-west-1.aliyuncs.com",
+			"slb": "https://slb.eu-west-1.aliyuncs.com",
+			"rds": "https://rds.eu-west-1.aliyuncs.com",
+			"vpc": "https://vpc.eu-west-1.aliyuncs.com",
+		},
+		Zhangjiakou: {
+			"ecs": "https://ecs.cn-zhangjiakou.aliyuncs.com",
+			"slb": "https://slb.cn-zhangjiakou.aliyuncs.com",
+			"rds": "https://rds.cn-zhangjiakou.aliyuncs.com",
+			"vpc": "https://vpc.cn-zhangjiakou.aliyuncs.com",
+		},
+		Huhehaote: {
+			"ecs": "https://ecs.cn-huhehaote.aliyuncs.com",
+			"slb": "https://slb.cn-huhehaote.aliyuncs.com",
+			"rds": "https://rds.cn-huhehaote.aliyuncs.com",
+			"vpc": "https://vpc.cn-huhehaote.aliyuncs.com",
+		},
+	}
+)
+
+//init endpoints from file
+func init() {
+
+}
+
+type LocationClient struct {
+	Client
+}
+
+func NewLocationClient(accessKeyId, accessKeySecret, securityToken string) *LocationClient {
+	endpoint := os.Getenv("LOCATION_ENDPOINT")
+	if endpoint == "" {
+		endpoint = locationDefaultEndpoint
+	}
+
+	client := &LocationClient{}
+	client.Init(endpoint, locationAPIVersion, accessKeyId, accessKeySecret)
+	client.securityToken = securityToken
+	return client
+}
+
+func NewLocationClientWithSecurityToken(accessKeyId, accessKeySecret, securityToken string) *LocationClient {
+	endpoint := os.Getenv("LOCATION_ENDPOINT")
+	if endpoint == "" {
+		endpoint = locationDefaultEndpoint
+	}
+
+	client := &LocationClient{}
+	client.WithEndpoint(endpoint).
+		WithVersion(locationAPIVersion).
+		WithAccessKeyId(accessKeyId).
+		WithAccessKeySecret(accessKeySecret).
+		WithSecurityToken(securityToken).
+		InitClient()
+	return client
+}
+
+func (client *LocationClient) DescribeEndpoint(args *DescribeEndpointArgs) (*DescribeEndpointResponse, error) {
+	response := &DescribeEndpointResponse{}
+	err := client.Invoke("DescribeEndpoint", args, response)
+	if err != nil {
+		return nil, err
+	}
+	return response, err
+}
+
+func (client *LocationClient) DescribeEndpoints(args *DescribeEndpointsArgs) (*DescribeEndpointsResponse, error) {
+	response := &DescribeEndpointsResponse{}
+	err := client.Invoke("DescribeEndpoints", args, response)
+	if err != nil {
+		return nil, err
+	}
+	return response, err
+}
+
+func getProductRegionEndpoint(region Region, serviceCode string) string {
+	if sp, ok := endpoints[region]; ok {
+		if endpoint, ok := sp[serviceCode]; ok {
+			return endpoint
+		}
+	}
+
+	return ""
+}
+
+func setProductRegionEndpoint(region Region, serviceCode string, endpoint string) {
+	endpoints[region] = map[string]string{
+		serviceCode: endpoint,
+	}
+}
+
+func (client *LocationClient) DescribeOpenAPIEndpoint(region Region, serviceCode string) string {
+	if endpoint := getProductRegionEndpoint(region, serviceCode); endpoint != "" {
+		return endpoint
+	}
+	defaultProtocols := HTTP_PROTOCOL
+
+	args := &DescribeEndpointsArgs{
+		Id:          region,
+		ServiceCode: serviceCode,
+		Type:        "openAPI",
+	}
+
+	var endpoint *DescribeEndpointsResponse
+	var err error
+	for index := 0; index < 5; index++ {
+		endpoint, err = client.DescribeEndpoints(args)
+		if err == nil && endpoint != nil && len(endpoint.Endpoints.Endpoint) > 0 {
+			break
+		}
+		time.Sleep(500 * time.Millisecond)
+	}
+
+	if err != nil || endpoint == nil || len(endpoint.Endpoints.Endpoint) <= 0 {
+		log.Printf("aliyungo: can not get endpoint from service, use default. endpoint=[%v], error=[%v]\n", endpoint, err)
+		return ""
+	}
+
+	for _, protocol := range endpoint.Endpoints.Endpoint[0].Protocols.Protocols {
+		if strings.ToLower(protocol) == HTTPS_PROTOCOL {
+			defaultProtocols = HTTPS_PROTOCOL
+			break
+		}
+	}
+
+	ep := fmt.Sprintf("%s://%s", defaultProtocols, endpoint.Endpoints.Endpoint[0].Endpoint)
+
+	setProductRegionEndpoint(region, serviceCode, ep)
+	return ep
+}
+
+func loadEndpointFromFile(region Region, serviceCode string) string {
+	data, err := ioutil.ReadFile("./endpoints.xml")
+	if err != nil {
+		return ""
+	}
+	var endpoints Endpoints
+	err = xml.Unmarshal(data, &endpoints)
+	if err != nil {
+		return ""
+	}
+	for _, endpoint := range endpoints.Endpoint {
+		if endpoint.RegionIds.RegionId == string(region) {
+			for _, product := range endpoint.Products.Product {
+				if strings.ToLower(product.ProductName) == serviceCode {
+					return fmt.Sprintf("%s://%s", HTTPS_PROTOCOL, product.DomainName)
+				}
+			}
+		}
+	}
+
+	return ""
+}
diff --git a/vendor/github.com/denverdino/aliyungo/common/endpoints.xml b/vendor/github.com/denverdino/aliyungo/common/endpoints.xml
new file mode 100644
index 000000000..26ea765b2
--- /dev/null
+++ b/vendor/github.com/denverdino/aliyungo/common/endpoints.xml
@@ -0,0 +1,1370 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Endpoints>
+    <Endpoint name="jp-fudao-1">
+        <RegionIds><RegionId>jp-fudao-1</RegionId></RegionIds>
+        <Products>
+            <Product><ProductName>Ecs</ProductName><DomainName>ecs-cn-hangzhou.aliyuncs.com</DomainName></Product>
+        </Products>
+    </Endpoint>
+    <Endpoint name="me-east-1">
+        <RegionIds><RegionId>me-east-1</RegionId></RegionIds>
+        <Products>
+            <Product><ProductName>Rds</ProductName><DomainName>rds.me-east-1.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ecs</ProductName><DomainName>ecs.me-east-1.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Vpc</ProductName><DomainName>vpc.me-east-1.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Kms</ProductName><DomainName>kms.me-east-1.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Cms</ProductName><DomainName>metrics.cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Slb</ProductName><DomainName>slb.me-east-1.aliyuncs.com</DomainName></Product>
+        </Products>
+    </Endpoint>
+    <Endpoint name="us-east-1">
+        <RegionIds><RegionId>us-east-1</RegionId></RegionIds>
+        <Products>
+            <Product><ProductName>CS</ProductName><DomainName>cs.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Push</ProductName><DomainName>cloudpush.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>COS</ProductName><DomainName>cos.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ess</ProductName><DomainName>ess.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ace-ops</ProductName><DomainName>ace-ops.cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Billing</ProductName><DomainName>billing.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Dqs</ProductName><DomainName>dqs.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Dds</ProductName><DomainName>mongodb.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Emr</ProductName><DomainName>emr.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Sms</ProductName><DomainName>sms.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Jaq</ProductName><DomainName>jaq.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>HPC</ProductName><DomainName>hpc.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Location</ProductName><DomainName>location.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>ChargingService</ProductName><DomainName>chargingservice.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Msg</ProductName><DomainName>msg-inner.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Commondriver</ProductName><DomainName>common.driver.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>R-kvstore</ProductName><DomainName>r-kvstore-cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Bss</ProductName><DomainName>bss.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Workorder</ProductName><DomainName>workorder.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ocs</ProductName><DomainName>m-kvstore.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Yundun</ProductName><DomainName>yundun-cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ubsms-inner</ProductName><DomainName>ubsms-inner.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Dm</ProductName><DomainName>dm.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Green</ProductName><DomainName>green.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Risk</ProductName><DomainName>risk-cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>oceanbase</ProductName><DomainName>oceanbase.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Msc</ProductName><DomainName>msc-inner.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Yundunhsm</ProductName><DomainName>yundunhsm.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Iot</ProductName><DomainName>iot.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>jaq</ProductName><DomainName>jaq.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Oms</ProductName><DomainName>oms.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>live</ProductName><DomainName>live.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ecs</ProductName><DomainName>ecs-cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ubsms</ProductName><DomainName>ubsms.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Vpc</ProductName><DomainName>vpc.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Alert</ProductName><DomainName>alert.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ace</ProductName><DomainName>ace.cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>AMS</ProductName><DomainName>ams.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>ROS</ProductName><DomainName>ros.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>PTS</ProductName><DomainName>pts.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Qualitycheck</ProductName><DomainName>qualitycheck.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>M-kvstore</ProductName><DomainName>m-kvstore.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>HighDDos</ProductName><DomainName>yd-highddos-cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>CmsSiteMonitor</ProductName><DomainName>sitemonitor.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Rds</ProductName><DomainName>rds.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>BatchCompute</ProductName><DomainName>batchCompute.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>CF</ProductName><DomainName>cf.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Drds</ProductName><DomainName>drds.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Acs</ProductName><DomainName>acs.aliyun-inc.com</DomainName></Product>
+            <Product><ProductName>Httpdns</ProductName><DomainName>httpdns-api.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Location-inner</ProductName><DomainName>location-inner.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Aas</ProductName><DomainName>aas.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Sts</ProductName><DomainName>sts.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Dts</ProductName><DomainName>dts.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Drc</ProductName><DomainName>drc.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Vpc-inner</ProductName><DomainName>vpc-inner.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Cms</ProductName><DomainName>metrics.cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Slb</ProductName><DomainName>slb.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Crm</ProductName><DomainName>crm-cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Domain</ProductName><DomainName>domain.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ots</ProductName><DomainName>ots-pop.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Oss</ProductName><DomainName>oss-cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ram</ProductName><DomainName>ram.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Sales</ProductName><DomainName>sales.cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>OssAdmin</ProductName><DomainName>oss-admin.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Alidns</ProductName><DomainName>alidns.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ons</ProductName><DomainName>ons.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Cdn</ProductName><DomainName>cdn.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>YundunDdos</ProductName><DomainName>inner-yundun-ddos.cn-hangzhou.aliyuncs.com</DomainName></Product>
+        </Products>
+    </Endpoint>
+    <Endpoint name="ap-northeast-1">
+        <RegionIds><RegionId>ap-northeast-1</RegionId></RegionIds>
+        <Products>
+            <Product><ProductName>Rds</ProductName><DomainName>rds.ap-northeast-1.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Kms</ProductName><DomainName>kms.ap-northeast-1.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Vpc</ProductName><DomainName>vpc.ap-northeast-1.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ecs</ProductName><DomainName>ecs.ap-northeast-1.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Cms</ProductName><DomainName>metrics.ap-northeast-1.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Kvstore</ProductName><DomainName>r-kvstore.ap-northeast-1.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Slb</ProductName><DomainName>slb.ap-northeast-1.aliyuncs.com</DomainName></Product>
+        </Products>
+    </Endpoint>
+    <Endpoint name="cn-hangzhou-bj-b01">
+        <RegionIds><RegionId>cn-hangzhou-bj-b01</RegionId></RegionIds>
+        <Products>
+            <Product><ProductName>Ecs</ProductName><DomainName>ecs-cn-hangzhou.aliyuncs.com</DomainName></Product>
+        </Products>
+    </Endpoint>
+    <Endpoint name="cn-hongkong">
+        <RegionIds><RegionId>cn-hongkong</RegionId></RegionIds>
+        <Products>
+            <Product><ProductName>Push</ProductName><DomainName>cloudpush.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>COS</ProductName><DomainName>cos.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ons</ProductName><DomainName>ons.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ess</ProductName><DomainName>ess.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ace-ops</ProductName><DomainName>ace-ops.cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Billing</ProductName><DomainName>billing.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Dqs</ProductName><DomainName>dqs.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Dds</ProductName><DomainName>mongodb.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Emr</ProductName><DomainName>emr.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Sms</ProductName><DomainName>sms.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Jaq</ProductName><DomainName>jaq.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>CS</ProductName><DomainName>cs.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Kms</ProductName><DomainName>kms.cn-hongkong.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Location</ProductName><DomainName>location.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Msg</ProductName><DomainName>msg-inner.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>ChargingService</ProductName><DomainName>chargingservice.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>R-kvstore</ProductName><DomainName>r-kvstore-cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Alert</ProductName><DomainName>alert.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Msc</ProductName><DomainName>msc-inner.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Drc</ProductName><DomainName>drc.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Yundun</ProductName><DomainName>yundun-cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ubsms-inner</ProductName><DomainName>ubsms-inner.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ocs</ProductName><DomainName>m-kvstore.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Dm</ProductName><DomainName>dm.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Risk</ProductName><DomainName>risk-cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>oceanbase</ProductName><DomainName>oceanbase.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Workorder</ProductName><DomainName>workorder.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Yundunhsm</ProductName><DomainName>yundunhsm.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Iot</ProductName><DomainName>iot.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>HPC</ProductName><DomainName>hpc.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>jaq</ProductName><DomainName>jaq.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Oms</ProductName><DomainName>oms.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>live</ProductName><DomainName>live.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ecs</ProductName><DomainName>ecs-cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>M-kvstore</ProductName><DomainName>m-kvstore.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Vpc</ProductName><DomainName>vpc.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>BatchCompute</ProductName><DomainName>batchCompute.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>AMS</ProductName><DomainName>ams.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>ROS</ProductName><DomainName>ros.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>PTS</ProductName><DomainName>pts.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Qualitycheck</ProductName><DomainName>qualitycheck.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Bss</ProductName><DomainName>bss.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ubsms</ProductName><DomainName>ubsms.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>CloudAPI</ProductName><DomainName>apigateway.cn-hongkong.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Sts</ProductName><DomainName>sts.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>CmsSiteMonitor</ProductName><DomainName>sitemonitor.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ace</ProductName><DomainName>ace.cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Mts</ProductName><DomainName>mts.cn-hongkong.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Location-inner</ProductName><DomainName>location-inner.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>CF</ProductName><DomainName>cf.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Acs</ProductName><DomainName>acs.aliyun-inc.com</DomainName></Product>
+            <Product><ProductName>Httpdns</ProductName><DomainName>httpdns-api.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Green</ProductName><DomainName>green.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Aas</ProductName><DomainName>aas.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Alidns</ProductName><DomainName>alidns.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Dts</ProductName><DomainName>dts.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>HighDDos</ProductName><DomainName>yd-highddos-cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Vpc-inner</ProductName><DomainName>vpc-inner.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Cms</ProductName><DomainName>metrics.cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Slb</ProductName><DomainName>slb.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Commondriver</ProductName><DomainName>common.driver.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Domain</ProductName><DomainName>domain.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ots</ProductName><DomainName>ots-pop.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Cdn</ProductName><DomainName>cdn.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ram</ProductName><DomainName>ram.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Drds</ProductName><DomainName>drds.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Rds</ProductName><DomainName>rds.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Crm</ProductName><DomainName>crm-cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>OssAdmin</ProductName><DomainName>oss-admin.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Sales</ProductName><DomainName>sales.cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>YundunDdos</ProductName><DomainName>inner-yundun-ddos.cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Oss</ProductName><DomainName>oss-cn-hongkong.aliyuncs.com</DomainName></Product>
+        </Products>
+    </Endpoint>
+    <Endpoint name="cn-beijing-nu16-b01">
+        <RegionIds><RegionId>cn-beijing-nu16-b01</RegionId></RegionIds>
+        <Products>
+            <Product><ProductName>Ecs</ProductName><DomainName>ecs-cn-hangzhou.aliyuncs.com</DomainName></Product>
+        </Products>
+    </Endpoint>
+    <Endpoint name="cn-beijing-am13-c01">
+        <RegionIds><RegionId>cn-beijing-am13-c01</RegionId></RegionIds>
+        <Products>
+            <Product><ProductName>Ecs</ProductName><DomainName>ecs-cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Vpc</ProductName><DomainName>vpc.aliyuncs.com</DomainName></Product>
+        </Products>
+    </Endpoint>
+    <Endpoint name="in-west-antgroup-1">
+        <RegionIds><RegionId>in-west-antgroup-1</RegionId></RegionIds>
+        <Products>
+            <Product><ProductName>Ecs</ProductName><DomainName>ecs-cn-hangzhou.aliyuncs.com</DomainName></Product>
+        </Products>
+    </Endpoint>
+    <Endpoint name="cn-guizhou-gov">
+        <RegionIds><RegionId>cn-guizhou-gov</RegionId></RegionIds>
+        <Products>
+            <Product><ProductName>Ecs</ProductName><DomainName>ecs-cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Vpc</ProductName><DomainName>vpc.aliyuncs.com</DomainName></Product>
+        </Products>
+    </Endpoint>
+    <Endpoint name="in-west-antgroup-2">
+        <RegionIds><RegionId>in-west-antgroup-2</RegionId></RegionIds>
+        <Products>
+            <Product><ProductName>Ecs</ProductName><DomainName>ecs-cn-hangzhou.aliyuncs.com</DomainName></Product>
+        </Products>
+    </Endpoint>
+    <Endpoint name="cn-qingdao-cm9">
+        <RegionIds><RegionId>cn-qingdao-cm9</RegionId></RegionIds>
+        <Products>
+            <Product><ProductName>CS</ProductName><DomainName>cs.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Risk</ProductName><DomainName>risk-cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>COS</ProductName><DomainName>cos.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ess</ProductName><DomainName>ess.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Billing</ProductName><DomainName>billing.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Dqs</ProductName><DomainName>dqs.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Dds</ProductName><DomainName>mongodb.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Alidns</ProductName><DomainName>alidns.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Sms</ProductName><DomainName>sms.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Drds</ProductName><DomainName>drds.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>HPC</ProductName><DomainName>hpc.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Location</ProductName><DomainName>location.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Msg</ProductName><DomainName>msg-inner.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>ChargingService</ProductName><DomainName>chargingservice.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ocs</ProductName><DomainName>m-kvstore.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Alert</ProductName><DomainName>alert.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Msc</ProductName><DomainName>msc-inner.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>HighDDos</ProductName><DomainName>yd-highddos-cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>R-kvstore</ProductName><DomainName>r-kvstore-cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Yundun</ProductName><DomainName>yundun-cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ubsms-inner</ProductName><DomainName>ubsms-inner.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Dm</ProductName><DomainName>dm.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Green</ProductName><DomainName>green.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>YundunDdos</ProductName><DomainName>inner-yundun-ddos.cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>oceanbase</ProductName><DomainName>oceanbase.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Workorder</ProductName><DomainName>workorder.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Yundunhsm</ProductName><DomainName>yundunhsm.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Iot</ProductName><DomainName>iot.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>jaq</ProductName><DomainName>jaq.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Oms</ProductName><DomainName>oms.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>live</ProductName><DomainName>live.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ecs</ProductName><DomainName>ecs-cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ubsms</ProductName><DomainName>ubsms.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>CmsSiteMonitor</ProductName><DomainName>sitemonitor.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>AMS</ProductName><DomainName>ams.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Crm</ProductName><DomainName>crm-cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>PTS</ProductName><DomainName>pts.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Qualitycheck</ProductName><DomainName>qualitycheck.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Bss</ProductName><DomainName>bss.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>M-kvstore</ProductName><DomainName>m-kvstore.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ace</ProductName><DomainName>ace.cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Mts</ProductName><DomainName>mts.cn-qingdao.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>CF</ProductName><DomainName>cf.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Httpdns</ProductName><DomainName>httpdns-api.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Location-inner</ProductName><DomainName>location-inner.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Aas</ProductName><DomainName>aas.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Sts</ProductName><DomainName>sts.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Dts</ProductName><DomainName>dts.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Emr</ProductName><DomainName>emr.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Drc</ProductName><DomainName>drc.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Push</ProductName><DomainName>cloudpush.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Cms</ProductName><DomainName>metrics.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Slb</ProductName><DomainName>slb.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Commondriver</ProductName><DomainName>common.driver.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Domain</ProductName><DomainName>domain.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ots</ProductName><DomainName>ots-pop.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>ROS</ProductName><DomainName>ros.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Oss</ProductName><DomainName>oss-cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ram</ProductName><DomainName>ram.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Sales</ProductName><DomainName>sales.cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Rds</ProductName><DomainName>rds.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>OssAdmin</ProductName><DomainName>oss-admin.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ons</ProductName><DomainName>ons.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Cdn</ProductName><DomainName>cdn.aliyuncs.com</DomainName></Product>
+        </Products>
+    </Endpoint>
+    <Endpoint name="tw-snowcloud-kaohsiung">
+        <RegionIds><RegionId>tw-snowcloud-kaohsiung</RegionId></RegionIds>
+        <Products>
+            <Product><ProductName>Ecs</ProductName><DomainName>ecs-cn-hangzhou.aliyuncs.com</DomainName></Product>
+        </Products>
+    </Endpoint>
+    <Endpoint name="cn-shanghai-finance-1">
+        <RegionIds><RegionId>cn-shanghai-finance-1</RegionId></RegionIds>
+        <Products>
+            <Product><ProductName>Kms</ProductName><DomainName>kms.cn-shanghai-finance-1.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ecs</ProductName><DomainName>ecs-cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Vpc</ProductName><DomainName>vpc.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Rds</ProductName><DomainName>rds.aliyuncs.com</DomainName></Product>
+        </Products>
+    </Endpoint>
+    <Endpoint name="cn-guizhou">
+        <RegionIds><RegionId>cn-guizhou</RegionId></RegionIds>
+        <Products>
+            <Product><ProductName>Ecs</ProductName><DomainName>ecs-cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Vpc</ProductName><DomainName>vpc.aliyuncs.com</DomainName></Product>
+        </Products>
+    </Endpoint>
+    <Endpoint name="cn-qingdao-finance">
+        <RegionIds><RegionId>cn-qingdao-finance</RegionId></RegionIds>
+        <Products>
+            <Product><ProductName>Oss</ProductName><DomainName>oss-cn-qdjbp-a.aliyuncs.com</DomainName></Product>
+        </Products>
+    </Endpoint>
+    <Endpoint name="cn-beijing-gov-1">
+        <RegionIds><RegionId>cn-beijing-gov-1</RegionId></RegionIds>
+        <Products>
+            <Product><ProductName>Oss</ProductName><DomainName>oss-cn-haidian-a.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Rds</ProductName><DomainName>rds.aliyuncs.com</DomainName></Product>
+        </Products>
+    </Endpoint>
+    <Endpoint name="cn-shanghai">
+        <RegionIds><RegionId>cn-shanghai</RegionId></RegionIds>
+        <Products>
+            <Product><ProductName>ARMS</ProductName><DomainName>arms.cn-shanghai.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Risk</ProductName><DomainName>risk-cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>COS</ProductName><DomainName>cos.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>HPC</ProductName><DomainName>hpc.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Billing</ProductName><DomainName>billing.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Dqs</ProductName><DomainName>dqs.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Drc</ProductName><DomainName>drc.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Alidns</ProductName><DomainName>alidns.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Sms</ProductName><DomainName>sms.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Drds</ProductName><DomainName>drds.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>CS</ProductName><DomainName>cs.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Kms</ProductName><DomainName>kms.cn-shanghai.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Location</ProductName><DomainName>location.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Msg</ProductName><DomainName>msg-inner.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>ChargingService</ProductName><DomainName>chargingservice.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ocs</ProductName><DomainName>m-kvstore.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Alert</ProductName><DomainName>alert.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Msc</ProductName><DomainName>msc-inner.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>R-kvstore</ProductName><DomainName>r-kvstore-cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Yundun</ProductName><DomainName>yundun-cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ubsms-inner</ProductName><DomainName>ubsms-inner.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Dm</ProductName><DomainName>dm.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Green</ProductName><DomainName>green.cn-shanghai.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Commondriver</ProductName><DomainName>common.driver.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>oceanbase</ProductName><DomainName>oceanbase.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Workorder</ProductName><DomainName>workorder.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Yundunhsm</ProductName><DomainName>yundunhsm.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Iot</ProductName><DomainName>iot.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Bss</ProductName><DomainName>bss.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Oms</ProductName><DomainName>oms.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ubsms</ProductName><DomainName>ubsms.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>live</ProductName><DomainName>live.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ecs</ProductName><DomainName>ecs-cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ace-ops</ProductName><DomainName>ace-ops.cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>CmsSiteMonitor</ProductName><DomainName>sitemonitor.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>BatchCompute</ProductName><DomainName>batchCompute.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>AMS</ProductName><DomainName>ams.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>ROS</ProductName><DomainName>ros.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>PTS</ProductName><DomainName>pts.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Qualitycheck</ProductName><DomainName>qualitycheck.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>M-kvstore</ProductName><DomainName>m-kvstore.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Apigateway</ProductName><DomainName>apigateway.cn-shanghai.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>CloudAPI</ProductName><DomainName>apigateway.cn-shanghai.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Sts</ProductName><DomainName>sts.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Vpc</ProductName><DomainName>vpc.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ace</ProductName><DomainName>ace.cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Mts</ProductName><DomainName>mts.cn-shanghai.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Dds</ProductName><DomainName>mongodb.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>CF</ProductName><DomainName>cf.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Acs</ProductName><DomainName>acs.aliyun-inc.com</DomainName></Product>
+            <Product><ProductName>Httpdns</ProductName><DomainName>httpdns-api.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Push</ProductName><DomainName>cloudpush.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Location-inner</ProductName><DomainName>location-inner.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Aas</ProductName><DomainName>aas.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Emr</ProductName><DomainName>emr.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Dts</ProductName><DomainName>dts.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>HighDDos</ProductName><DomainName>yd-highddos-cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Jaq</ProductName><DomainName>jaq.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Cms</ProductName><DomainName>metrics.cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Slb</ProductName><DomainName>slb.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Crm</ProductName><DomainName>crm-cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Domain</ProductName><DomainName>domain.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ots</ProductName><DomainName>ots-pop.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>jaq</ProductName><DomainName>jaq.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Cdn</ProductName><DomainName>cdn.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ram</ProductName><DomainName>ram.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Sales</ProductName><DomainName>sales.cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Vpc-inner</ProductName><DomainName>vpc-inner.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Rds</ProductName><DomainName>rds.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>OssAdmin</ProductName><DomainName>oss-admin.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ons</ProductName><DomainName>ons.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ess</ProductName><DomainName>ess.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Oss</ProductName><DomainName>oss-cn-shanghai.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>YundunDdos</ProductName><DomainName>inner-yundun-ddos.cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>vod</ProductName><DomainName>vod.cn-shanghai.aliyuncs.com</DomainName></Product>
+        </Products>
+    </Endpoint>
+    <Endpoint name="cn-shenzhen-inner">
+        <RegionIds><RegionId>cn-shenzhen-inner</RegionId></RegionIds>
+        <Products>
+            <Product><ProductName>Risk</ProductName><DomainName>risk-cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>COS</ProductName><DomainName>cos.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ons</ProductName><DomainName>ons.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ess</ProductName><DomainName>ess.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Billing</ProductName><DomainName>billing.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Dqs</ProductName><DomainName>dqs.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Dds</ProductName><DomainName>mongodb.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Alidns</ProductName><DomainName>alidns.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Sms</ProductName><DomainName>sms.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Sales</ProductName><DomainName>sales.cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>HPC</ProductName><DomainName>hpc.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Location</ProductName><DomainName>location.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Msg</ProductName><DomainName>msg-inner.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>ChargingService</ProductName><DomainName>chargingservice.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ocs</ProductName><DomainName>m-kvstore.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>jaq</ProductName><DomainName>jaq.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Msc</ProductName><DomainName>msc-inner.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>HighDDos</ProductName><DomainName>yd-highddos-cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>R-kvstore</ProductName><DomainName>r-kvstore-cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Bss</ProductName><DomainName>bss.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ubsms-inner</ProductName><DomainName>ubsms-inner.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Dm</ProductName><DomainName>dm.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Commondriver</ProductName><DomainName>common.driver.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>oceanbase</ProductName><DomainName>oceanbase.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Workorder</ProductName><DomainName>workorder.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Yundunhsm</ProductName><DomainName>yundunhsm.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Iot</ProductName><DomainName>iot.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Alert</ProductName><DomainName>alert.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Oms</ProductName><DomainName>oms.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>live</ProductName><DomainName>live.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ecs</ProductName><DomainName>ecs-cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ubsms</ProductName><DomainName>ubsms.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>CmsSiteMonitor</ProductName><DomainName>sitemonitor.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>AMS</ProductName><DomainName>ams.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Crm</ProductName><DomainName>crm-cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>PTS</ProductName><DomainName>pts.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Qualitycheck</ProductName><DomainName>qualitycheck.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>M-kvstore</ProductName><DomainName>m-kvstore.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Sts</ProductName><DomainName>sts.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ace</ProductName><DomainName>ace.cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Mts</ProductName><DomainName>mts.cn-shenzhen.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>CF</ProductName><DomainName>cf.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Httpdns</ProductName><DomainName>httpdns-api.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Green</ProductName><DomainName>green.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Aas</ProductName><DomainName>aas.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Emr</ProductName><DomainName>emr.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>CS</ProductName><DomainName>cs.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Drc</ProductName><DomainName>drc.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Push</ProductName><DomainName>cloudpush.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Cms</ProductName><DomainName>metrics.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Slb</ProductName><DomainName>slb.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>YundunDdos</ProductName><DomainName>inner-yundun-ddos.cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Dts</ProductName><DomainName>dts.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Domain</ProductName><DomainName>domain.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ots</ProductName><DomainName>ots-pop.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>ROS</ProductName><DomainName>ros.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Cdn</ProductName><DomainName>cdn.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ram</ProductName><DomainName>ram.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Drds</ProductName><DomainName>drds.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Rds</ProductName><DomainName>rds.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>OssAdmin</ProductName><DomainName>oss-admin.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Location-inner</ProductName><DomainName>location-inner.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Yundun</ProductName><DomainName>yundun-cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Oss</ProductName><DomainName>oss-cn-hangzhou.aliyuncs.com</DomainName></Product>
+        </Products>
+    </Endpoint>
+    <Endpoint name="cn-fujian">
+        <RegionIds><RegionId>cn-fujian</RegionId></RegionIds>
+        <Products>
+            <Product><ProductName>Ecs</ProductName><DomainName>ecs-cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Rds</ProductName><DomainName>rds.aliyuncs.com</DomainName></Product>
+        </Products>
+    </Endpoint>
+    <Endpoint name="in-mumbai-alipay">
+        <RegionIds><RegionId>in-mumbai-alipay</RegionId></RegionIds>
+        <Products>
+            <Product><ProductName>Ecs</ProductName><DomainName>ecs-cn-hangzhou.aliyuncs.com</DomainName></Product>
+        </Products>
+    </Endpoint>
+    <Endpoint name="us-west-1">
+        <RegionIds><RegionId>us-west-1</RegionId></RegionIds>
+        <Products>
+            <Product><ProductName>CS</ProductName><DomainName>cs.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>COS</ProductName><DomainName>cos.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ess</ProductName><DomainName>ess.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ace-ops</ProductName><DomainName>ace-ops.cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Billing</ProductName><DomainName>billing.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Dqs</ProductName><DomainName>dqs.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Dds</ProductName><DomainName>mongodb.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Sts</ProductName><DomainName>sts.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Sms</ProductName><DomainName>sms.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Jaq</ProductName><DomainName>jaq.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Push</ProductName><DomainName>cloudpush.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Alidns</ProductName><DomainName>alidns.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Location</ProductName><DomainName>location.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Msg</ProductName><DomainName>msg-inner.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>ChargingService</ProductName><DomainName>chargingservice.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ocs</ProductName><DomainName>m-kvstore.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Bss</ProductName><DomainName>bss.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Msc</ProductName><DomainName>msc-inner.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>R-kvstore</ProductName><DomainName>r-kvstore-cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Yundun</ProductName><DomainName>yundun-cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ubsms-inner</ProductName><DomainName>ubsms-inner.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Dm</ProductName><DomainName>dm.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Green</ProductName><DomainName>green.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Risk</ProductName><DomainName>risk-cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>oceanbase</ProductName><DomainName>oceanbase.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Workorder</ProductName><DomainName>workorder.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Yundunhsm</ProductName><DomainName>yundunhsm.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Iot</ProductName><DomainName>iot.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Alert</ProductName><DomainName>alert.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Oms</ProductName><DomainName>oms.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>live</ProductName><DomainName>live.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ecs</ProductName><DomainName>ecs-cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>M-kvstore</ProductName><DomainName>m-kvstore.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Vpc</ProductName><DomainName>vpc.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>BatchCompute</ProductName><DomainName>batchCompute.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ace</ProductName><DomainName>ace.cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>AMS</ProductName><DomainName>ams.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>ROS</ProductName><DomainName>ros.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>PTS</ProductName><DomainName>pts.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Qualitycheck</ProductName><DomainName>qualitycheck.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ubsms</ProductName><DomainName>ubsms.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>HighDDos</ProductName><DomainName>yd-highddos-cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>CmsSiteMonitor</ProductName><DomainName>sitemonitor.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Rds</ProductName><DomainName>rds.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Mts</ProductName><DomainName>mts.us-west-1.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>CF</ProductName><DomainName>cf.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Acs</ProductName><DomainName>acs.aliyun-inc.com</DomainName></Product>
+            <Product><ProductName>Httpdns</ProductName><DomainName>httpdns-api.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Location-inner</ProductName><DomainName>location-inner.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Aas</ProductName><DomainName>aas.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Emr</ProductName><DomainName>emr.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>HPC</ProductName><DomainName>hpc.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Drc</ProductName><DomainName>drc.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Vpc-inner</ProductName><DomainName>vpc-inner.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Cms</ProductName><DomainName>metrics.cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Slb</ProductName><DomainName>slb.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Crm</ProductName><DomainName>crm-cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Dts</ProductName><DomainName>dts.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Domain</ProductName><DomainName>domain.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ots</ProductName><DomainName>ots-pop.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Commondriver</ProductName><DomainName>common.driver.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>jaq</ProductName><DomainName>jaq.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Cdn</ProductName><DomainName>cdn.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ram</ProductName><DomainName>ram.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Drds</ProductName><DomainName>drds.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>OssAdmin</ProductName><DomainName>oss-admin.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Sales</ProductName><DomainName>sales.cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ons</ProductName><DomainName>ons.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Oss</ProductName><DomainName>oss-us-west-1.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>YundunDdos</ProductName><DomainName>inner-yundun-ddos.cn-hangzhou.aliyuncs.com</DomainName></Product>
+        </Products>
+    </Endpoint>
+    <Endpoint name="cn-shanghai-inner">
+        <RegionIds><RegionId>cn-shanghai-inner</RegionId></RegionIds>
+        <Products>
+            <Product><ProductName>CS</ProductName><DomainName>cs.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>COS</ProductName><DomainName>cos.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ess</ProductName><DomainName>ess.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Billing</ProductName><DomainName>billing.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Dqs</ProductName><DomainName>dqs.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Dds</ProductName><DomainName>mongodb.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Emr</ProductName><DomainName>emr.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Sms</ProductName><DomainName>sms.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Drds</ProductName><DomainName>drds.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>HPC</ProductName><DomainName>hpc.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Location</ProductName><DomainName>location.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>ChargingService</ProductName><DomainName>chargingservice.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Msg</ProductName><DomainName>msg-inner.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Commondriver</ProductName><DomainName>common.driver.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>R-kvstore</ProductName><DomainName>r-kvstore-cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>jaq</ProductName><DomainName>jaq.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Msc</ProductName><DomainName>msc-inner.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ocs</ProductName><DomainName>m-kvstore.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Yundun</ProductName><DomainName>yundun-cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ubsms-inner</ProductName><DomainName>ubsms-inner.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Dm</ProductName><DomainName>dm.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Green</ProductName><DomainName>green.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Risk</ProductName><DomainName>risk-cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>oceanbase</ProductName><DomainName>oceanbase.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Workorder</ProductName><DomainName>workorder.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Yundunhsm</ProductName><DomainName>yundunhsm.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Iot</ProductName><DomainName>iot.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Bss</ProductName><DomainName>bss.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Oms</ProductName><DomainName>oms.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>live</ProductName><DomainName>live.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ecs</ProductName><DomainName>ecs-cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>M-kvstore</ProductName><DomainName>m-kvstore.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>CmsSiteMonitor</ProductName><DomainName>sitemonitor.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Alert</ProductName><DomainName>alert.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ace</ProductName><DomainName>ace.cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>AMS</ProductName><DomainName>ams.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>ROS</ProductName><DomainName>ros.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>PTS</ProductName><DomainName>pts.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Qualitycheck</ProductName><DomainName>qualitycheck.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ubsms</ProductName><DomainName>ubsms.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>HighDDos</ProductName><DomainName>yd-highddos-cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Rds</ProductName><DomainName>rds.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Mts</ProductName><DomainName>mts.cn-shanghai.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>CF</ProductName><DomainName>cf.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Httpdns</ProductName><DomainName>httpdns-api.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Location-inner</ProductName><DomainName>location-inner.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Aas</ProductName><DomainName>aas.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Sts</ProductName><DomainName>sts.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Dts</ProductName><DomainName>dts.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Drc</ProductName><DomainName>drc.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Push</ProductName><DomainName>cloudpush.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Cms</ProductName><DomainName>metrics.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Slb</ProductName><DomainName>slb.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>YundunDdos</ProductName><DomainName>inner-yundun-ddos.cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Domain</ProductName><DomainName>domain.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ots</ProductName><DomainName>ots-pop.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Oss</ProductName><DomainName>oss-cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ram</ProductName><DomainName>ram.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Sales</ProductName><DomainName>sales.cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Crm</ProductName><DomainName>crm-cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>OssAdmin</ProductName><DomainName>oss-admin.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Alidns</ProductName><DomainName>alidns.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ons</ProductName><DomainName>ons.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Cdn</ProductName><DomainName>cdn.aliyuncs.com</DomainName></Product>
+        </Products>
+    </Endpoint>
+    <Endpoint name="cn-anhui-gov-1">
+        <RegionIds><RegionId>cn-anhui-gov-1</RegionId></RegionIds>
+        <Products>
+            <Product><ProductName>Ecs</ProductName><DomainName>ecs-cn-hangzhou.aliyuncs.com</DomainName></Product>
+        </Products>
+    </Endpoint>
+    <Endpoint name="cn-hangzhou-finance">
+        <RegionIds><RegionId>cn-hangzhou-finance</RegionId></RegionIds>
+        <Products>
+            <Product><ProductName>Oss</ProductName><DomainName>oss-cn-hzjbp-b-console.aliyuncs.com</DomainName></Product>
+        </Products>
+    </Endpoint>
+    <Endpoint name="cn-hangzhou">
+        <RegionIds><RegionId>cn-hangzhou</RegionId></RegionIds>
+        <Products>
+            <Product><ProductName>ARMS</ProductName><DomainName>arms.cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>CS</ProductName><DomainName>cs.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>COS</ProductName><DomainName>cos.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ess</ProductName><DomainName>ess.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ace-ops</ProductName><DomainName>ace-ops.cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Billing</ProductName><DomainName>billing.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Dqs</ProductName><DomainName>dqs.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Dds</ProductName><DomainName>mongodb.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Sts</ProductName><DomainName>sts.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Sms</ProductName><DomainName>sms.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Msg</ProductName><DomainName>msg-inner.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Jaq</ProductName><DomainName>jaq.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Push</ProductName><DomainName>cloudpush.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Live</ProductName><DomainName>live.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Kms</ProductName><DomainName>kms.cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Location</ProductName><DomainName>location.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Hpc</ProductName><DomainName>hpc.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>ChargingService</ProductName><DomainName>chargingservice.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>R-kvstore</ProductName><DomainName>r-kvstore-cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Alert</ProductName><DomainName>alert.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Msc</ProductName><DomainName>msc-inner.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Drc</ProductName><DomainName>drc.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Yundun</ProductName><DomainName>yundun-cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ubsms-inner</ProductName><DomainName>ubsms-inner.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ocs</ProductName><DomainName>m-kvstore.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Dm</ProductName><DomainName>dm.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Green</ProductName><DomainName>green.cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Commondriver</ProductName><DomainName>common.driver.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>oceanbase</ProductName><DomainName>oceanbase.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Workorder</ProductName><DomainName>workorder.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Yundunhsm</ProductName><DomainName>yundunhsm.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Iot</ProductName><DomainName>iot.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>jaq</ProductName><DomainName>jaq.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Oms</ProductName><DomainName>oms.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>live</ProductName><DomainName>live.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ecs</ProductName><DomainName>ecs-cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>M-kvstore</ProductName><DomainName>m-kvstore.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Vpc</ProductName><DomainName>vpc.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>BatchCompute</ProductName><DomainName>batchCompute.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Domain</ProductName><DomainName>domain.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>AMS</ProductName><DomainName>ams.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>ROS</ProductName><DomainName>ros.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>PTS</ProductName><DomainName>pts.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Qualitycheck</ProductName><DomainName>qualitycheck.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ubsms</ProductName><DomainName>ubsms.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Apigateway</ProductName><DomainName>apigateway.cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>CloudAPI</ProductName><DomainName>apigateway.cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>CmsSiteMonitor</ProductName><DomainName>sitemonitor.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ace</ProductName><DomainName>ace.cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Mts</ProductName><DomainName>mts.cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Oas</ProductName><DomainName>cn-hangzhou.oas.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>CF</ProductName><DomainName>cf.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Acs</ProductName><DomainName>acs.aliyun-inc.com</DomainName></Product>
+            <Product><ProductName>Httpdns</ProductName><DomainName>httpdns-api.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Location-inner</ProductName><DomainName>location-inner.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Aas</ProductName><DomainName>aas.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Alidns</ProductName><DomainName>alidns.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>HPC</ProductName><DomainName>hpc.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Emr</ProductName><DomainName>emr.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>HighDDos</ProductName><DomainName>yd-highddos-cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Vpc-inner</ProductName><DomainName>vpc-inner.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Cms</ProductName><DomainName>metrics.cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Slb</ProductName><DomainName>slb.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Risk</ProductName><DomainName>risk-cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Dts</ProductName><DomainName>dts.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Bss</ProductName><DomainName>bss.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ots</ProductName><DomainName>ots-pop.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Cdn</ProductName><DomainName>cdn.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ram</ProductName><DomainName>ram.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Drds</ProductName><DomainName>drds.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Rds</ProductName><DomainName>rds.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Crm</ProductName><DomainName>crm-cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>OssAdmin</ProductName><DomainName>oss-admin.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Sales</ProductName><DomainName>sales.cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ons</ProductName><DomainName>ons.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Oss</ProductName><DomainName>oss-cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>YundunDdos</ProductName><DomainName>inner-yundun-ddos.cn-hangzhou.aliyuncs.com</DomainName></Product>
+        </Products>
+    </Endpoint>
+    <Endpoint name="cn-beijing-inner">
+        <RegionIds><RegionId>cn-beijing-inner</RegionId></RegionIds>
+        <Products>
+            <Product><ProductName>Risk</ProductName><DomainName>risk-cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>COS</ProductName><DomainName>cos.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>HPC</ProductName><DomainName>hpc.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Billing</ProductName><DomainName>billing.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Dqs</ProductName><DomainName>dqs.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Dds</ProductName><DomainName>mongodb.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Emr</ProductName><DomainName>emr.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Sms</ProductName><DomainName>sms.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Drds</ProductName><DomainName>drds.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>CS</ProductName><DomainName>cs.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Location</ProductName><DomainName>location.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>ChargingService</ProductName><DomainName>chargingservice.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Msg</ProductName><DomainName>msg-inner.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ess</ProductName><DomainName>ess.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>R-kvstore</ProductName><DomainName>r-kvstore-cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Bss</ProductName><DomainName>bss.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Workorder</ProductName><DomainName>workorder.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Drc</ProductName><DomainName>drc.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Yundun</ProductName><DomainName>yundun-cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ubsms-inner</ProductName><DomainName>ubsms-inner.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ocs</ProductName><DomainName>m-kvstore.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Dm</ProductName><DomainName>dm.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>YundunDdos</ProductName><DomainName>inner-yundun-ddos.cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>oceanbase</ProductName><DomainName>oceanbase.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Msc</ProductName><DomainName>msc-inner.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Yundunhsm</ProductName><DomainName>yundunhsm.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Iot</ProductName><DomainName>iot.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>jaq</ProductName><DomainName>jaq.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Oms</ProductName><DomainName>oms.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>M-kvstore</ProductName><DomainName>m-kvstore.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>live</ProductName><DomainName>live.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ecs</ProductName><DomainName>ecs-cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Alert</ProductName><DomainName>alert.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>CmsSiteMonitor</ProductName><DomainName>sitemonitor.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ace</ProductName><DomainName>ace.cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>AMS</ProductName><DomainName>ams.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ots</ProductName><DomainName>ots-pop.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>PTS</ProductName><DomainName>pts.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Qualitycheck</ProductName><DomainName>qualitycheck.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ubsms</ProductName><DomainName>ubsms.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Sts</ProductName><DomainName>sts.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Rds</ProductName><DomainName>rds.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Mts</ProductName><DomainName>mts.cn-beijing.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Location-inner</ProductName><DomainName>location-inner.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>CF</ProductName><DomainName>cf.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Httpdns</ProductName><DomainName>httpdns-api.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Green</ProductName><DomainName>green.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Aas</ProductName><DomainName>aas.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Alidns</ProductName><DomainName>alidns.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Push</ProductName><DomainName>cloudpush.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>HighDDos</ProductName><DomainName>yd-highddos-cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Cms</ProductName><DomainName>metrics.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Slb</ProductName><DomainName>slb.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Commondriver</ProductName><DomainName>common.driver.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Dts</ProductName><DomainName>dts.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Domain</ProductName><DomainName>domain.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>ROS</ProductName><DomainName>ros.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Oss</ProductName><DomainName>oss-cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ram</ProductName><DomainName>ram.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Sales</ProductName><DomainName>sales.cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Crm</ProductName><DomainName>crm-cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>OssAdmin</ProductName><DomainName>oss-admin.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ons</ProductName><DomainName>ons.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Cdn</ProductName><DomainName>cdn.aliyuncs.com</DomainName></Product>
+        </Products>
+    </Endpoint>
+    <Endpoint name="cn-haidian-cm12-c01">
+        <RegionIds><RegionId>cn-haidian-cm12-c01</RegionId></RegionIds>
+        <Products>
+            <Product><ProductName>Ecs</ProductName><DomainName>ecs-cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Vpc</ProductName><DomainName>vpc.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Rds</ProductName><DomainName>rds.aliyuncs.com</DomainName></Product>
+        </Products>
+    </Endpoint>
+    <Endpoint name="cn-anhui-gov">
+        <RegionIds><RegionId>cn-anhui-gov</RegionId></RegionIds>
+        <Products>
+            <Product><ProductName>Ecs</ProductName><DomainName>ecs-cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Vpc</ProductName><DomainName>vpc.aliyuncs.com</DomainName></Product>
+        </Products>
+    </Endpoint>
+    <Endpoint name="cn-shenzhen">
+        <RegionIds><RegionId>cn-shenzhen</RegionId></RegionIds>
+        <Products>
+            <Product><ProductName>ARMS</ProductName><DomainName>arms.cn-shenzhen.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>CS</ProductName><DomainName>cs.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>COS</ProductName><DomainName>cos.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ons</ProductName><DomainName>ons.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ess</ProductName><DomainName>ess.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Dqs</ProductName><DomainName>dqs.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Dds</ProductName><DomainName>mongodb.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Alidns</ProductName><DomainName>alidns.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Sms</ProductName><DomainName>sms.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Jaq</ProductName><DomainName>jaq.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Push</ProductName><DomainName>cloudpush.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Kms</ProductName><DomainName>kms.cn-shenzhen.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Location</ProductName><DomainName>location.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ocs</ProductName><DomainName>m-kvstore.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Alert</ProductName><DomainName>alert.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Drc</ProductName><DomainName>drc.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>R-kvstore</ProductName><DomainName>r-kvstore-cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Yundun</ProductName><DomainName>yundun-cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ubsms-inner</ProductName><DomainName>ubsms-inner.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Dm</ProductName><DomainName>dm.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Commondriver</ProductName><DomainName>common.driver.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>oceanbase</ProductName><DomainName>oceanbase.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Iot</ProductName><DomainName>iot.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>HPC</ProductName><DomainName>hpc.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Bss</ProductName><DomainName>bss.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Oms</ProductName><DomainName>oms.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ubsms</ProductName><DomainName>ubsms.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>live</ProductName><DomainName>live.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ecs</ProductName><DomainName>ecs-cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>M-kvstore</ProductName><DomainName>m-kvstore.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>CmsSiteMonitor</ProductName><DomainName>sitemonitor.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>BatchCompute</ProductName><DomainName>batchcompute.cn-shenzhen.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ace</ProductName><DomainName>ace.cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>ROS</ProductName><DomainName>ros.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>PTS</ProductName><DomainName>pts.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ace-ops</ProductName><DomainName>ace-ops.cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Apigateway</ProductName><DomainName>apigateway.cn-shenzhen.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>CloudAPI</ProductName><DomainName>apigateway.cn-shenzhen.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Sts</ProductName><DomainName>sts.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Vpc</ProductName><DomainName>vpc.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Rds</ProductName><DomainName>rds.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Mts</ProductName><DomainName>mts.cn-shenzhen.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Oas</ProductName><DomainName>cn-shenzhen.oas.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>CF</ProductName><DomainName>cf.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Acs</ProductName><DomainName>acs.aliyun-inc.com</DomainName></Product>
+            <Product><ProductName>Crm</ProductName><DomainName>crm-cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Location-inner</ProductName><DomainName>location-inner.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Aas</ProductName><DomainName>aas.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Emr</ProductName><DomainName>emr.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Dts</ProductName><DomainName>dts.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>HighDDos</ProductName><DomainName>yd-highddos-cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Vpc-inner</ProductName><DomainName>vpc-inner.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Cms</ProductName><DomainName>metrics.cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Slb</ProductName><DomainName>slb.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Risk</ProductName><DomainName>risk-cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Domain</ProductName><DomainName>domain.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ots</ProductName><DomainName>ots-pop.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>jaq</ProductName><DomainName>jaq.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Cdn</ProductName><DomainName>cdn.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ram</ProductName><DomainName>ram.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Drds</ProductName><DomainName>drds.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>OssAdmin</ProductName><DomainName>oss-admin.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Green</ProductName><DomainName>green.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Httpdns</ProductName><DomainName>httpdns-api.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Oss</ProductName><DomainName>oss-cn-shenzhen.aliyuncs.com</DomainName></Product>
+        </Products>
+    </Endpoint>
+    <Endpoint name="ap-southeast-2">
+        <RegionIds><RegionId>ap-southeast-2</RegionId></RegionIds>
+        <Products>
+            <Product><ProductName>Rds</ProductName><DomainName>rds.ap-southeast-2.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Kms</ProductName><DomainName>kms.ap-southeast-2.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Vpc</ProductName><DomainName>vpc.ap-southeast-2.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ecs</ProductName><DomainName>ecs.ap-southeast-2.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Cms</ProductName><DomainName>metrics.cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Slb</ProductName><DomainName>slb.ap-southeast-2.aliyuncs.com</DomainName></Product>
+        </Products>
+    </Endpoint>
+    <Endpoint name="cn-qingdao">
+        <RegionIds><RegionId>cn-qingdao</RegionId></RegionIds>
+        <Products>
+            <Product><ProductName>CS</ProductName><DomainName>cs.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>COS</ProductName><DomainName>cos.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>HPC</ProductName><DomainName>hpc.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Dqs</ProductName><DomainName>dqs.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Dds</ProductName><DomainName>mongodb.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Emr</ProductName><DomainName>emr.cn-qingdao.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Sms</ProductName><DomainName>sms.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Jaq</ProductName><DomainName>jaq.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Dts</ProductName><DomainName>dts.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Location</ProductName><DomainName>location.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ess</ProductName><DomainName>ess.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>R-kvstore</ProductName><DomainName>r-kvstore-cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Alert</ProductName><DomainName>alert.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Drc</ProductName><DomainName>drc.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Yundun</ProductName><DomainName>yundun-cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ubsms-inner</ProductName><DomainName>ubsms-inner.cn-qingdao.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ocs</ProductName><DomainName>m-kvstore.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Dm</ProductName><DomainName>dm.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Risk</ProductName><DomainName>risk-cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>oceanbase</ProductName><DomainName>oceanbase.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Iot</ProductName><DomainName>iot.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Bss</ProductName><DomainName>bss.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Oms</ProductName><DomainName>oms.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ubsms</ProductName><DomainName>ubsms.cn-qingdao.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>live</ProductName><DomainName>live.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ecs</ProductName><DomainName>ecs-cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>M-kvstore</ProductName><DomainName>m-kvstore.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>CmsSiteMonitor</ProductName><DomainName>sitemonitor.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>BatchCompute</ProductName><DomainName>batchcompute.cn-qingdao.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ace</ProductName><DomainName>ace.cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ots</ProductName><DomainName>ots-pop.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>PTS</ProductName><DomainName>pts.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ace-ops</ProductName><DomainName>ace-ops.cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Apigateway</ProductName><DomainName>apigateway.cn-qingdao.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>CloudAPI</ProductName><DomainName>apigateway.cn-qingdao.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Sts</ProductName><DomainName>sts.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Rds</ProductName><DomainName>rds.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Mts</ProductName><DomainName>mts.cn-qingdao.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Location-inner</ProductName><DomainName>location-inner.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>CF</ProductName><DomainName>cf.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Acs</ProductName><DomainName>acs.aliyun-inc.com</DomainName></Product>
+            <Product><ProductName>Httpdns</ProductName><DomainName>httpdns-api.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Green</ProductName><DomainName>green.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Aas</ProductName><DomainName>aas.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Alidns</ProductName><DomainName>alidns.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Push</ProductName><DomainName>cloudpush.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>HighDDos</ProductName><DomainName>yd-highddos-cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Vpc-inner</ProductName><DomainName>vpc-inner.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Cms</ProductName><DomainName>metrics.cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Slb</ProductName><DomainName>slb.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Commondriver</ProductName><DomainName>common.driver.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Domain</ProductName><DomainName>domain.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>ROS</ProductName><DomainName>ros.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>jaq</ProductName><DomainName>jaq.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Cdn</ProductName><DomainName>cdn.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ram</ProductName><DomainName>ram.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Drds</ProductName><DomainName>drds.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Crm</ProductName><DomainName>crm-cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>OssAdmin</ProductName><DomainName>oss-admin.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ons</ProductName><DomainName>ons.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Oss</ProductName><DomainName>oss-cn-qingdao.aliyuncs.com</DomainName></Product>
+        </Products>
+    </Endpoint>
+    <Endpoint name="cn-shenzhen-su18-b02">
+        <RegionIds><RegionId>cn-shenzhen-su18-b02</RegionId></RegionIds>
+        <Products>
+            <Product><ProductName>Ecs</ProductName><DomainName>ecs-cn-hangzhou.aliyuncs.com</DomainName></Product>
+        </Products>
+    </Endpoint>
+    <Endpoint name="cn-shenzhen-su18-b03">
+        <RegionIds><RegionId>cn-shenzhen-su18-b03</RegionId></RegionIds>
+        <Products>
+            <Product><ProductName>Ecs</ProductName><DomainName>ecs-cn-hangzhou.aliyuncs.com</DomainName></Product>
+        </Products>
+    </Endpoint>
+    <Endpoint name="cn-shenzhen-su18-b01">
+        <RegionIds><RegionId>cn-shenzhen-su18-b01</RegionId></RegionIds>
+        <Products>
+            <Product><ProductName>Ecs</ProductName><DomainName>ecs-cn-hangzhou.aliyuncs.com</DomainName></Product>
+        </Products>
+    </Endpoint>
+    <Endpoint name="ap-southeast-antgroup-1">
+        <RegionIds><RegionId>ap-southeast-antgroup-1</RegionId></RegionIds>
+        <Products>
+            <Product><ProductName>Ecs</ProductName><DomainName>ecs-cn-hangzhou.aliyuncs.com</DomainName></Product>
+        </Products>
+    </Endpoint>
+    <Endpoint name="oss-cn-bjzwy">
+        <RegionIds><RegionId>oss-cn-bjzwy</RegionId></RegionIds>
+        <Products>
+            <Product><ProductName>Oss</ProductName><DomainName>oss-cn-bjzwy.aliyuncs.com</DomainName></Product>
+        </Products>
+    </Endpoint>
+    <Endpoint name="cn-henan-am12001">
+        <RegionIds><RegionId>cn-henan-am12001</RegionId></RegionIds>
+        <Products>
+            <Product><ProductName>Ecs</ProductName><DomainName>ecs-cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Vpc</ProductName><DomainName>vpc.aliyuncs.com</DomainName></Product>
+        </Products>
+    </Endpoint>
+    <Endpoint name="cn-beijing">
+        <RegionIds><RegionId>cn-beijing</RegionId></RegionIds>
+        <Products>
+            <Product><ProductName>ARMS</ProductName><DomainName>arms.cn-beijing.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>CS</ProductName><DomainName>cs.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>COS</ProductName><DomainName>cos.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Jaq</ProductName><DomainName>jaq.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ess</ProductName><DomainName>ess.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Billing</ProductName><DomainName>billing.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Dqs</ProductName><DomainName>dqs.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Dds</ProductName><DomainName>mongodb.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Sts</ProductName><DomainName>sts.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Sms</ProductName><DomainName>sms.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Msg</ProductName><DomainName>msg-inner.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Sales</ProductName><DomainName>sales.cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>HPC</ProductName><DomainName>hpc.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Oas</ProductName><DomainName>cn-beijing.oas.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Location</ProductName><DomainName>location.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ons</ProductName><DomainName>ons.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>ChargingService</ProductName><DomainName>chargingservice.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Hpc</ProductName><DomainName>hpc.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Commondriver</ProductName><DomainName>common.driver.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ocs</ProductName><DomainName>m-kvstore.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>jaq</ProductName><DomainName>jaq.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Workorder</ProductName><DomainName>workorder.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>R-kvstore</ProductName><DomainName>r-kvstore-cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Bss</ProductName><DomainName>bss.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ubsms-inner</ProductName><DomainName>ubsms-inner.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Dm</ProductName><DomainName>dm.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Risk</ProductName><DomainName>risk-cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>oceanbase</ProductName><DomainName>oceanbase.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Msc</ProductName><DomainName>msc-inner.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Yundunhsm</ProductName><DomainName>yundunhsm.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Iot</ProductName><DomainName>iot.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Alert</ProductName><DomainName>alert.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Oms</ProductName><DomainName>oms.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ubsms</ProductName><DomainName>ubsms.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>live</ProductName><DomainName>live.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ecs</ProductName><DomainName>ecs-cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ace-ops</ProductName><DomainName>ace-ops.cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Vpc</ProductName><DomainName>vpc.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>BatchCompute</ProductName><DomainName>batchCompute.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>AMS</ProductName><DomainName>ams.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>ROS</ProductName><DomainName>ros.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>PTS</ProductName><DomainName>pts.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>M-kvstore</ProductName><DomainName>m-kvstore.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Apigateway</ProductName><DomainName>apigateway.cn-beijing.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>CloudAPI</ProductName><DomainName>apigateway.cn-beijing.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Kms</ProductName><DomainName>kms.cn-beijing.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>HighDDos</ProductName><DomainName>yd-highddos-cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>CmsSiteMonitor</ProductName><DomainName>sitemonitor.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ace</ProductName><DomainName>ace.cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Mts</ProductName><DomainName>mts.cn-beijing.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>CF</ProductName><DomainName>cf.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Acs</ProductName><DomainName>acs.aliyun-inc.com</DomainName></Product>
+            <Product><ProductName>Httpdns</ProductName><DomainName>httpdns-api.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Location-inner</ProductName><DomainName>location-inner.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Aas</ProductName><DomainName>aas.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Emr</ProductName><DomainName>emr.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Dts</ProductName><DomainName>dts.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Drc</ProductName><DomainName>drc.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Push</ProductName><DomainName>cloudpush.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Cms</ProductName><DomainName>metrics.cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Slb</ProductName><DomainName>slb.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Crm</ProductName><DomainName>crm-cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Domain</ProductName><DomainName>domain.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ots</ProductName><DomainName>ots-pop.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Oss</ProductName><DomainName>oss-cn-beijing.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ram</ProductName><DomainName>ram.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Drds</ProductName><DomainName>drds.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Vpc-inner</ProductName><DomainName>vpc-inner.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Rds</ProductName><DomainName>rds.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>OssAdmin</ProductName><DomainName>oss-admin.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Alidns</ProductName><DomainName>alidns.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Green</ProductName><DomainName>green.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Yundun</ProductName><DomainName>yundun-cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Cdn</ProductName><DomainName>cdn.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>YundunDdos</ProductName><DomainName>inner-yundun-ddos.cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>vod</ProductName><DomainName>vod.cn-beijing.aliyuncs.com</DomainName></Product>
+        </Products>
+    </Endpoint>
+    <Endpoint name="cn-hangzhou-d">
+        <RegionIds><RegionId>cn-hangzhou-d</RegionId></RegionIds>
+        <Products>
+            <Product><ProductName>CS</ProductName><DomainName>cs.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>COS</ProductName><DomainName>cos.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ess</ProductName><DomainName>ess.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Billing</ProductName><DomainName>billing.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Dqs</ProductName><DomainName>dqs.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Dds</ProductName><DomainName>mongodb.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Emr</ProductName><DomainName>emr.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Sms</ProductName><DomainName>sms.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Sales</ProductName><DomainName>sales.cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Dts</ProductName><DomainName>dts.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Location</ProductName><DomainName>location.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Msg</ProductName><DomainName>msg-inner.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>ChargingService</ProductName><DomainName>chargingservice.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>R-kvstore</ProductName><DomainName>r-kvstore-cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Bss</ProductName><DomainName>bss.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Msc</ProductName><DomainName>msc-inner.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ocs</ProductName><DomainName>m-kvstore.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Yundun</ProductName><DomainName>yundun-cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ubsms-inner</ProductName><DomainName>ubsms-inner.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Dm</ProductName><DomainName>dm.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Risk</ProductName><DomainName>risk-cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>oceanbase</ProductName><DomainName>oceanbase.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Workorder</ProductName><DomainName>workorder.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Alidns</ProductName><DomainName>alidns.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Iot</ProductName><DomainName>iot.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>HPC</ProductName><DomainName>hpc.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>jaq</ProductName><DomainName>jaq.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Oms</ProductName><DomainName>oms.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>live</ProductName><DomainName>live.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ecs</ProductName><DomainName>ecs-cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>M-kvstore</ProductName><DomainName>m-kvstore.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>CmsSiteMonitor</ProductName><DomainName>sitemonitor.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Alert</ProductName><DomainName>alert.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ace</ProductName><DomainName>ace.cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>AMS</ProductName><DomainName>ams.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ots</ProductName><DomainName>ots-pop.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>PTS</ProductName><DomainName>pts.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Qualitycheck</ProductName><DomainName>qualitycheck.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ubsms</ProductName><DomainName>ubsms.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Rds</ProductName><DomainName>rds.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Mts</ProductName><DomainName>mts.cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Location-inner</ProductName><DomainName>location-inner.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>CF</ProductName><DomainName>cf.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Httpdns</ProductName><DomainName>httpdns-api.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Green</ProductName><DomainName>green.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Aas</ProductName><DomainName>aas.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Sts</ProductName><DomainName>sts.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Push</ProductName><DomainName>cloudpush.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>HighDDos</ProductName><DomainName>yd-highddos-cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Cms</ProductName><DomainName>metrics.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Slb</ProductName><DomainName>slb.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>YundunDdos</ProductName><DomainName>inner-yundun-ddos.cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Domain</ProductName><DomainName>domain.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Commondriver</ProductName><DomainName>common.driver.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>ROS</ProductName><DomainName>ros.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Cdn</ProductName><DomainName>cdn.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ram</ProductName><DomainName>ram.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Drds</ProductName><DomainName>drds.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Crm</ProductName><DomainName>crm-cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>OssAdmin</ProductName><DomainName>oss-admin.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ons</ProductName><DomainName>ons.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Yundunhsm</ProductName><DomainName>yundunhsm.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Drc</ProductName><DomainName>drc.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Oss</ProductName><DomainName>oss-cn-hangzhou.aliyuncs.com</DomainName></Product>
+        </Products>
+    </Endpoint>
+    <Endpoint name="cn-gansu-am6">
+        <RegionIds><RegionId>cn-gansu-am6</RegionId></RegionIds>
+        <Products>
+            <Product><ProductName>Ecs</ProductName><DomainName>ecs-cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Vpc</ProductName><DomainName>vpc.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Rds</ProductName><DomainName>rds.aliyuncs.com</DomainName></Product>
+        </Products>
+    </Endpoint>
+    <Endpoint name="cn-ningxiazhongwei">
+        <RegionIds><RegionId>cn-ningxiazhongwei</RegionId></RegionIds>
+        <Products>
+            <Product><ProductName>Ecs</ProductName><DomainName>ecs-cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Vpc</ProductName><DomainName>vpc.aliyuncs.com</DomainName></Product>
+        </Products>
+    </Endpoint>
+    <Endpoint name="cn-shanghai-et2-b01">
+        <RegionIds><RegionId>cn-shanghai-et2-b01</RegionId></RegionIds>
+        <Products>
+            <Product><ProductName>CS</ProductName><DomainName>cs.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Risk</ProductName><DomainName>risk-cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>COS</ProductName><DomainName>cos.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ons</ProductName><DomainName>ons.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ess</ProductName><DomainName>ess.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Billing</ProductName><DomainName>billing.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Dqs</ProductName><DomainName>dqs.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Dds</ProductName><DomainName>mongodb.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Alidns</ProductName><DomainName>alidns.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Sms</ProductName><DomainName>sms.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Jaq</ProductName><DomainName>jaq.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Dts</ProductName><DomainName>dts.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Location</ProductName><DomainName>location.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Msg</ProductName><DomainName>msg-inner.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>ChargingService</ProductName><DomainName>chargingservice.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ocs</ProductName><DomainName>m-kvstore.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Bss</ProductName><DomainName>bss.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Msc</ProductName><DomainName>msc-inner.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>R-kvstore</ProductName><DomainName>r-kvstore-cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Yundun</ProductName><DomainName>yundun-cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ubsms-inner</ProductName><DomainName>ubsms-inner.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Dm</ProductName><DomainName>dm.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Commondriver</ProductName><DomainName>common.driver.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>oceanbase</ProductName><DomainName>oceanbase.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Workorder</ProductName><DomainName>workorder.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Yundunhsm</ProductName><DomainName>yundunhsm.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Iot</ProductName><DomainName>iot.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>jaq</ProductName><DomainName>jaq.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Oms</ProductName><DomainName>oms.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ubsms</ProductName><DomainName>ubsms.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>live</ProductName><DomainName>live.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ecs</ProductName><DomainName>ecs-cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ace-ops</ProductName><DomainName>ace-ops.cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>CmsSiteMonitor</ProductName><DomainName>sitemonitor.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>BatchCompute</ProductName><DomainName>batchCompute.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ace</ProductName><DomainName>ace.cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>AMS</ProductName><DomainName>ams.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ots</ProductName><DomainName>ots-pop.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>PTS</ProductName><DomainName>pts.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Qualitycheck</ProductName><DomainName>qualitycheck.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>M-kvstore</ProductName><DomainName>m-kvstore.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Rds</ProductName><DomainName>rds.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Mts</ProductName><DomainName>mts.cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>CF</ProductName><DomainName>cf.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Acs</ProductName><DomainName>acs.aliyun-inc.com</DomainName></Product>
+            <Product><ProductName>Httpdns</ProductName><DomainName>httpdns-api.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Location-inner</ProductName><DomainName>location-inner.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Aas</ProductName><DomainName>aas.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Sts</ProductName><DomainName>sts.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>HPC</ProductName><DomainName>hpc.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Emr</ProductName><DomainName>emr.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>HighDDos</ProductName><DomainName>yd-highddos-cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Push</ProductName><DomainName>cloudpush.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Cms</ProductName><DomainName>metrics.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Slb</ProductName><DomainName>slb.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Crm</ProductName><DomainName>crm-cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Alert</ProductName><DomainName>alert.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Domain</ProductName><DomainName>domain.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>ROS</ProductName><DomainName>ros.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Cdn</ProductName><DomainName>cdn.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ram</ProductName><DomainName>ram.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Drds</ProductName><DomainName>drds.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Vpc-inner</ProductName><DomainName>vpc-inner.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>OssAdmin</ProductName><DomainName>oss-admin.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Sales</ProductName><DomainName>sales.cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Green</ProductName><DomainName>green.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Drc</ProductName><DomainName>drc.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Oss</ProductName><DomainName>oss-cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>YundunDdos</ProductName><DomainName>inner-yundun-ddos.cn-hangzhou.aliyuncs.com</DomainName></Product>
+        </Products>
+    </Endpoint>
+    <Endpoint name="cn-ningxia-am7-c01">
+        <RegionIds><RegionId>cn-ningxia-am7-c01</RegionId></RegionIds>
+        <Products>
+            <Product><ProductName>Ecs</ProductName><DomainName>ecs-cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Vpc</ProductName><DomainName>vpc.aliyuncs.com</DomainName></Product>
+        </Products>
+    </Endpoint>
+    <Endpoint name="cn-shenzhen-finance-1">
+        <RegionIds><RegionId>cn-shenzhen-finance-1</RegionId></RegionIds>
+        <Products>
+            <Product><ProductName>Kms</ProductName><DomainName>kms.cn-shenzhen-finance-1.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ecs</ProductName><DomainName>ecs-cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Rds</ProductName><DomainName>rds.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Vpc</ProductName><DomainName>vpc.aliyuncs.com</DomainName></Product>
+        </Products>
+    </Endpoint>
+    <Endpoint name="ap-southeast-1">
+        <RegionIds><RegionId>ap-southeast-1</RegionId></RegionIds>
+        <Products>
+            <Product><ProductName>CS</ProductName><DomainName>cs.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Risk</ProductName><DomainName>risk-cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>COS</ProductName><DomainName>cos.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ess</ProductName><DomainName>ess.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Billing</ProductName><DomainName>billing.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Dqs</ProductName><DomainName>dqs.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Dds</ProductName><DomainName>mongodb.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Alidns</ProductName><DomainName>alidns.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Sms</ProductName><DomainName>sms.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Drds</ProductName><DomainName>drds.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Dts</ProductName><DomainName>dts.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Kms</ProductName><DomainName>kms.ap-southeast-1.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Location</ProductName><DomainName>location.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Msg</ProductName><DomainName>msg-inner.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>ChargingService</ProductName><DomainName>chargingservice.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>R-kvstore</ProductName><DomainName>r-kvstore-cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Alert</ProductName><DomainName>alert.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Msc</ProductName><DomainName>msc-inner.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>HighDDos</ProductName><DomainName>yd-highddos-cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Yundun</ProductName><DomainName>yundun-cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ubsms-inner</ProductName><DomainName>ubsms-inner.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ocs</ProductName><DomainName>m-kvstore.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Dm</ProductName><DomainName>dm.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Green</ProductName><DomainName>green.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Commondriver</ProductName><DomainName>common.driver.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>oceanbase</ProductName><DomainName>oceanbase.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Workorder</ProductName><DomainName>workorder.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Yundunhsm</ProductName><DomainName>yundunhsm.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Iot</ProductName><DomainName>iot.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>HPC</ProductName><DomainName>hpc.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>jaq</ProductName><DomainName>jaq.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Oms</ProductName><DomainName>oms.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>live</ProductName><DomainName>live.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ecs</ProductName><DomainName>ecs-cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>M-kvstore</ProductName><DomainName>m-kvstore.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Vpc</ProductName><DomainName>vpc.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>BatchCompute</ProductName><DomainName>batchCompute.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>AMS</ProductName><DomainName>ams.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>ROS</ProductName><DomainName>ros.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>PTS</ProductName><DomainName>pts.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Qualitycheck</ProductName><DomainName>qualitycheck.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Bss</ProductName><DomainName>bss.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ubsms</ProductName><DomainName>ubsms.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Apigateway</ProductName><DomainName>apigateway.ap-southeast-1.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>CloudAPI</ProductName><DomainName>apigateway.ap-southeast-1.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Sts</ProductName><DomainName>sts.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>CmsSiteMonitor</ProductName><DomainName>sitemonitor.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ace</ProductName><DomainName>ace.cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Mts</ProductName><DomainName>mts.ap-southeast-1.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>CF</ProductName><DomainName>cf.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Crm</ProductName><DomainName>crm-cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Location-inner</ProductName><DomainName>location-inner.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Aas</ProductName><DomainName>aas.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Emr</ProductName><DomainName>emr.ap-southeast-1.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Httpdns</ProductName><DomainName>httpdns-api.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Drc</ProductName><DomainName>drc.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Push</ProductName><DomainName>cloudpush.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Cms</ProductName><DomainName>metrics.cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Slb</ProductName><DomainName>slb.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>YundunDdos</ProductName><DomainName>inner-yundun-ddos.cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Domain</ProductName><DomainName>domain.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ots</ProductName><DomainName>ots-pop.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Cdn</ProductName><DomainName>cdn.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ram</ProductName><DomainName>ram.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Sales</ProductName><DomainName>sales.cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Rds</ProductName><DomainName>rds.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>OssAdmin</ProductName><DomainName>oss-admin.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ons</ProductName><DomainName>ons.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Oss</ProductName><DomainName>oss-ap-southeast-1.aliyuncs.com</DomainName></Product>
+        </Products>
+    </Endpoint>
+    <Endpoint name="cn-shenzhen-st4-d01">
+        <RegionIds><RegionId>cn-shenzhen-st4-d01</RegionId></RegionIds>
+        <Products>
+            <Product><ProductName>Ecs</ProductName><DomainName>ecs-cn-hangzhou.aliyuncs.com</DomainName></Product>
+        </Products>
+    </Endpoint>
+    <Endpoint name="eu-central-1">
+        <RegionIds><RegionId>eu-central-1</RegionId></RegionIds>
+        <Products>
+            <Product><ProductName>Rds</ProductName><DomainName>rds.eu-central-1.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ecs</ProductName><DomainName>ecs.eu-central-1.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Vpc</ProductName><DomainName>vpc.eu-central-1.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Kms</ProductName><DomainName>kms.eu-central-1.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Cms</ProductName><DomainName>metrics.cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Slb</ProductName><DomainName>slb.eu-central-1.aliyuncs.com</DomainName></Product>
+        </Products>
+    </Endpoint>
+    <Endpoint name="eu-west-1">
+        <RegionIds><RegionId>eu-west-1</RegionId></RegionIds>
+        <Products>
+            <Product><ProductName>Rds</ProductName><DomainName>rds.eu-west-1.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ecs</ProductName><DomainName>ecs.eu-west-1.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Vpc</ProductName><DomainName>vpc.eu-west-1.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Kms</ProductName><DomainName>kms.eu-west-1.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Cms</ProductName><DomainName>metrics.cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Slb</ProductName><DomainName>slb.eu-west-1.aliyuncs.com</DomainName></Product>
+        </Products>
+    </Endpoint>
+    <Endpoint name="cn-zhangjiakou">
+        <RegionIds><RegionId>cn-zhangjiakou</RegionId></RegionIds>
+        <Products>
+            <Product><ProductName>Rds</ProductName><DomainName>rds.cn-zhangjiakou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ecs</ProductName><DomainName>ecs.cn-zhangjiakou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Vpc</ProductName><DomainName>vpc.cn-zhangjiakou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Cms</ProductName><DomainName>metrics.cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Slb</ProductName><DomainName>slb.cn-zhangjiakou.aliyuncs.com</DomainName></Product>
+        </Products>
+    </Endpoint>
+    <Endpoint name="cn-huhehaote">
+        <RegionIds><RegionId>cn-huhehaote</RegionId></RegionIds>
+        <Products>
+            <Product><ProductName>Rds</ProductName><DomainName>rds.cn-huhehaote.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Ecs</ProductName><DomainName>ecs.cn-huhehaote.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Vpc</ProductName><DomainName>vpc.cn-huhehaote.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Cms</ProductName><DomainName>metrics.cn-hangzhou.aliyuncs.com</DomainName></Product>
+            <Product><ProductName>Slb</ProductName><DomainName>slb.cn-huhehaote.aliyuncs.com</DomainName></Product>
+        </Products>
+    </Endpoint>
+</Endpoints>
diff --git a/vendor/github.com/denverdino/aliyungo/common/regions.go b/vendor/github.com/denverdino/aliyungo/common/regions.go
new file mode 100644
index 000000000..e6bc728fe
--- /dev/null
+++ b/vendor/github.com/denverdino/aliyungo/common/regions.go
@@ -0,0 +1,55 @@
+package common
+
+// Region represents ECS region
+type Region string
+
+// Constants of region definition
+const (
+	Hangzhou    = Region("cn-hangzhou")
+	Qingdao     = Region("cn-qingdao")
+	Beijing     = Region("cn-beijing")
+	Hongkong    = Region("cn-hongkong")
+	Shenzhen    = Region("cn-shenzhen")
+	Shanghai    = Region("cn-shanghai")
+	Zhangjiakou = Region("cn-zhangjiakou")
+	Huhehaote   = Region("cn-huhehaote")
+
+	APSouthEast1 = Region("ap-southeast-1")
+	APNorthEast1 = Region("ap-northeast-1")
+	APSouthEast2 = Region("ap-southeast-2")
+	APSouthEast3 = Region("ap-southeast-3")
+	APSouthEast5 = Region("ap-southeast-5")
+
+	APSouth1 = Region("ap-south-1")
+
+	USWest1 = Region("us-west-1")
+	USEast1 = Region("us-east-1")
+
+	MEEast1 = Region("me-east-1")
+
+	EUCentral1 = Region("eu-central-1")
+	EUWest1    = Region("eu-west-1")
+
+	ShenZhenFinance = Region("cn-shenzhen-finance-1")
+	ShanghaiFinance = Region("cn-shanghai-finance-1")
+)
+
+var ValidRegions = []Region{
+	Hangzhou, Qingdao, Beijing, Shenzhen, Hongkong, Shanghai, Zhangjiakou, Huhehaote,
+	USWest1, USEast1,
+	APNorthEast1, APSouthEast1, APSouthEast2, APSouthEast3, APSouthEast5,
+	APSouth1,
+	MEEast1,
+	EUCentral1, EUWest1,
+	ShenZhenFinance, ShanghaiFinance,
+}
+
+// IsValidRegion checks if r is an Ali supported region.
+func IsValidRegion(r string) bool {
+	for _, v := range ValidRegions {
+		if r == string(v) {
+			return true
+		}
+	}
+	return false
+}
diff --git a/vendor/github.com/denverdino/aliyungo/common/request.go b/vendor/github.com/denverdino/aliyungo/common/request.go
new file mode 100644
index 000000000..f35c2990d
--- /dev/null
+++ b/vendor/github.com/denverdino/aliyungo/common/request.go
@@ -0,0 +1,105 @@
+package common
+
+import (
+	"fmt"
+	"log"
+	"time"
+
+	"github.com/denverdino/aliyungo/util"
+)
+
+// Constants for Aliyun API requests
+const (
+	SignatureVersion   = "1.0"
+	SignatureMethod    = "HMAC-SHA1"
+	JSONResponseFormat = "JSON"
+	XMLResponseFormat  = "XML"
+	ECSRequestMethod   = "GET"
+)
+
+type Request struct {
+	Format               string
+	Version              string
+	RegionId             Region
+	AccessKeyId          string
+	SecurityToken        string
+	Signature            string
+	SignatureMethod      string
+	Timestamp            util.ISO6801Time
+	SignatureVersion     string
+	SignatureNonce       string
+	ResourceOwnerAccount string
+	Action               string
+}
+
+func (request *Request) init(version string, action string, AccessKeyId string, securityToken string, regionId Region) {
+	request.Format = JSONResponseFormat
+	request.Timestamp = util.NewISO6801Time(time.Now().UTC())
+	request.Version = version
+	request.SignatureVersion = SignatureVersion
+	request.SignatureMethod = SignatureMethod
+	request.SignatureNonce = util.CreateRandomString()
+	request.Action = action
+	request.AccessKeyId = AccessKeyId
+	request.SecurityToken = securityToken
+	request.RegionId = regionId
+}
+
+type Response struct {
+	RequestId string
+}
+
+type ErrorResponse struct {
+	Response
+	HostId  string
+	Code    string
+	Message string
+}
+
+// An Error represents a custom error for Aliyun API failure response
+type Error struct {
+	ErrorResponse
+	StatusCode int //Status Code of HTTP Response
+}
+
+func (e *Error) Error() string {
+	return fmt.Sprintf("Aliyun API Error: RequestId: %s Status Code: %d Code: %s Message: %s", e.RequestId, e.StatusCode, e.Code, e.Message)
+}
+
+type Pagination struct {
+	PageNumber int
+	PageSize   int
+}
+
+func (p *Pagination) SetPageSize(size int) {
+	p.PageSize = size
+}
+
+func (p *Pagination) Validate() {
+	if p.PageNumber < 0 {
+		log.Printf("Invalid PageNumber: %d", p.PageNumber)
+		p.PageNumber = 1
+	}
+	if p.PageSize < 0 {
+		log.Printf("Invalid PageSize: %d", p.PageSize)
+		p.PageSize = 10
+	} else if p.PageSize > 50 {
+		log.Printf("Invalid PageSize: %d", p.PageSize)
+		p.PageSize = 50
+	}
+}
+
+// A PaginationResponse represents a response with pagination information
+type PaginationResult struct {
+	TotalCount int
+	PageNumber int
+	PageSize   int
+}
+
+// NextPage gets the next page of the result set
+func (r *PaginationResult) NextPage() *Pagination {
+	if r.PageNumber*r.PageSize >= r.TotalCount {
+		return nil
+	}
+	return &Pagination{PageNumber: r.PageNumber + 1, PageSize: r.PageSize}
+}
diff --git a/vendor/github.com/denverdino/aliyungo/common/types.go b/vendor/github.com/denverdino/aliyungo/common/types.go
new file mode 100644
index 000000000..cf161f11b
--- /dev/null
+++ b/vendor/github.com/denverdino/aliyungo/common/types.go
@@ -0,0 +1,107 @@
+package common
+
+type InternetChargeType string
+
+const (
+	PayByBandwidth = InternetChargeType("PayByBandwidth")
+	PayByTraffic   = InternetChargeType("PayByTraffic")
+)
+
+type InstanceChargeType string
+
+const (
+	PrePaid  = InstanceChargeType("PrePaid")
+	PostPaid = InstanceChargeType("PostPaid")
+)
+
+type DescribeEndpointArgs struct {
+	Id          Region
+	ServiceCode string
+	Type        string
+}
+
+type EndpointItem struct {
+	Protocols struct {
+		Protocols []string
+	}
+	Type        string
+	Namespace   string
+	Id          Region
+	SerivceCode string
+	Endpoint    string
+}
+
+type DescribeEndpointResponse struct {
+	Response
+	EndpointItem
+}
+
+type DescribeEndpointsArgs struct {
+	Id          Region
+	ServiceCode string
+	Type        string
+}
+
+type DescribeEndpointsResponse struct {
+	Response
+	Endpoints APIEndpoints
+	RequestId string
+	Success   bool
+}
+
+type APIEndpoints struct {
+	Endpoint []EndpointItem
+}
+
+type NetType string
+
+const (
+	Internet = NetType("Internet")
+	Intranet = NetType("Intranet")
+)
+
+type TimeType string
+
+const (
+	Hour  = TimeType("Hour")
+	Day   = TimeType("Day")
+	Week  = TimeType("Week")
+	Month = TimeType("Month")
+	Year  = TimeType("Year")
+)
+
+type NetworkType string
+
+const (
+	Classic = NetworkType("Classic")
+	VPC     = NetworkType("VPC")
+)
+
+type BusinessInfo struct {
+	Pack       string `json:"pack,omitempty"`
+	ActivityId string `json:"activityId,omitempty"`
+}
+
+//xml
+type Endpoints struct {
+	Endpoint []Endpoint `xml:"Endpoint"`
+}
+
+type Endpoint struct {
+	Name      string    `xml:"name,attr"`
+	RegionIds RegionIds `xml:"RegionIds"`
+	Products  Products  `xml:"Products"`
+}
+
+type RegionIds struct {
+	RegionId string `xml:"RegionId"`
+}
+
+type Products struct {
+	Product []Product `xml:"Product"`
+}
+
+type Product struct {
+	ProductName string `xml:"ProductName"`
+	DomainName  string `xml:"DomainName"`
+}
diff --git a/vendor/github.com/denverdino/aliyungo/common/version.go b/vendor/github.com/denverdino/aliyungo/common/version.go
new file mode 100644
index 000000000..7cb3d3aff
--- /dev/null
+++ b/vendor/github.com/denverdino/aliyungo/common/version.go
@@ -0,0 +1,3 @@
+package common
+
+const Version = "0.1"
diff --git a/vendor/github.com/denverdino/aliyungo/oss/authenticate_callback.go b/vendor/github.com/denverdino/aliyungo/oss/authenticate_callback.go
new file mode 100644
index 000000000..74b58fb08
--- /dev/null
+++ b/vendor/github.com/denverdino/aliyungo/oss/authenticate_callback.go
@@ -0,0 +1,88 @@
+package oss
+
+import (
+	"crypto"
+	"crypto/md5"
+	"crypto/rsa"
+	"crypto/x509"
+	"encoding/base64"
+	"encoding/pem"
+	"errors"
+	"io/ioutil"
+	"net/http"
+	"regexp"
+	"strings"
+	"sync"
+)
+
+type authenticationType struct {
+	lock        *sync.RWMutex
+	certificate map[string]*rsa.PublicKey
+}
+
+var (
+	authentication = authenticationType{lock: &sync.RWMutex{}, certificate: map[string]*rsa.PublicKey{}}
+	urlReg         = regexp.MustCompile(`^http(|s)://gosspublic.alicdn.com/[0-9a-zA-Z]`)
+)
+
+//验证OSS向业务服务器发来的回调函数。
+//该方法是并发安全的
+//pubKeyUrl 回调请求头中[x-oss-pub-key-url]一项，以Base64编码
+//reqUrl oss所发来请求的url，由path+query组成
+//reqBody oss所发来请求的body
+//authorization authorization为回调头中的签名
+func AuthenticateCallBack(pubKeyUrl, reqUrl, reqBody, authorization string) error {
+	//获取证书url
+	keyURL, err := base64.URLEncoding.DecodeString(pubKeyUrl)
+	if err != nil {
+		return err
+	}
+	url := string(keyURL)
+	//判断证书是否来自于阿里云
+	if !urlReg.Match(keyURL) {
+		return errors.New("certificate address error")
+	}
+	//获取文件名
+	rs := []rune(url)
+	filename := string(rs[strings.LastIndex(url, "/") : len(rs)-1])
+	authentication.lock.RLock()
+	certificate := authentication.certificate[filename]
+	authentication.lock.RUnlock()
+	//内存中没有证书，下载
+	if certificate == nil {
+		authentication.lock.Lock()
+		res, err := http.Get(url)
+		if err != nil {
+			return err
+		}
+		defer res.Body.Close()
+		body, err := ioutil.ReadAll(res.Body)
+		if err != nil {
+			return err
+		}
+		block, _ := pem.Decode(body)
+		if block == nil {
+			return errors.New("certificate error")
+		}
+		pubKey, err := x509.ParsePKIXPublicKey(block.Bytes)
+		if err != nil {
+			return err
+		}
+		certificate = pubKey.(*rsa.PublicKey)
+		authentication.certificate[filename] = certificate
+		authentication.lock.Unlock()
+	}
+	//证书准备完毕，开始验证
+	//解析签名
+	signature, err := base64.StdEncoding.DecodeString(authorization)
+	if err != nil {
+		return err
+	}
+	hashed := md5.New()
+	hashed.Write([]byte(reqUrl + "\n" + reqBody))
+	if err := rsa.VerifyPKCS1v15(certificate, crypto.MD5, hashed.Sum(nil), signature); err != nil {
+		return err
+	}
+	//验证通过
+	return nil
+}
diff --git a/vendor/github.com/denverdino/aliyungo/oss/client.go b/vendor/github.com/denverdino/aliyungo/oss/client.go
new file mode 100644
index 000000000..c09191941
--- /dev/null
+++ b/vendor/github.com/denverdino/aliyungo/oss/client.go
@@ -0,0 +1,1421 @@
+package oss
+
+import (
+	"bytes"
+	"crypto/hmac"
+	"crypto/md5"
+	"crypto/sha1"
+	"encoding/base64"
+	"encoding/xml"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"log"
+	"mime"
+	"net"
+	"net/http"
+	"net/http/httputil"
+	"net/url"
+	"os"
+	"path"
+	"strconv"
+	"strings"
+	"time"
+
+	"github.com/denverdino/aliyungo/common"
+	"github.com/denverdino/aliyungo/util"
+)
+
+const DefaultContentType = "application/octet-stream"
+
+// The Client type encapsulates operations with an OSS region.
+type Client struct {
+	AccessKeyId     string
+	AccessKeySecret string
+	SecurityToken   string
+	Region          Region
+	Internal        bool
+	Secure          bool
+	ConnectTimeout  time.Duration
+
+	endpoint string
+	debug    bool
+}
+
+// The Bucket type encapsulates operations with an bucket.
+type Bucket struct {
+	*Client
+	Name string
+}
+
+// The Owner type represents the owner of the object in an bucket.
+type Owner struct {
+	ID          string
+	DisplayName string
+}
+
+// Options struct
+//
+type Options struct {
+	ServerSideEncryption      bool
+	ServerSideEncryptionKeyID string
+
+	Meta               map[string][]string
+	ContentEncoding    string
+	CacheControl       string
+	ContentMD5         string
+	ContentDisposition string
+	//Range              string
+	//Expires int
+}
+
+type CopyOptions struct {
+	Headers           http.Header
+	CopySourceOptions string
+	MetadataDirective string
+	//ContentType       string
+
+	ServerSideEncryption      bool
+	ServerSideEncryptionKeyID string
+}
+
+// CopyObjectResult is the output from a Copy request
+type CopyObjectResult struct {
+	ETag         string
+	LastModified string
+}
+
+var attempts = util.AttemptStrategy{
+	Min:   5,
+	Total: 5 * time.Second,
+	Delay: 200 * time.Millisecond,
+}
+
+// NewOSSClient creates a new OSS.
+
+func NewOSSClientForAssumeRole(region Region, internal bool, accessKeyId string, accessKeySecret string, securityToken string, secure bool) *Client {
+	return &Client{
+		AccessKeyId:     accessKeyId,
+		AccessKeySecret: accessKeySecret,
+		SecurityToken:   securityToken,
+		Region:          region,
+		Internal:        internal,
+		debug:           false,
+		Secure:          secure,
+	}
+}
+
+func NewOSSClient(region Region, internal bool, accessKeyId string, accessKeySecret string, secure bool) *Client {
+	return &Client{
+		AccessKeyId:     accessKeyId,
+		AccessKeySecret: accessKeySecret,
+		Region:          region,
+		Internal:        internal,
+		debug:           false,
+		Secure:          secure,
+	}
+}
+
+// SetDebug sets debug mode to log the request/response message
+func (client *Client) SetDebug(debug bool) {
+	client.debug = debug
+}
+
+// Bucket returns a Bucket with the given name.
+func (client *Client) Bucket(name string) *Bucket {
+	name = strings.ToLower(name)
+	return &Bucket{
+		Client: client,
+		Name:   name,
+	}
+}
+
+type BucketInfo struct {
+	Name             string
+	CreationDate     string
+	ExtranetEndpoint string
+	IntranetEndpoint string
+	Location         string
+	Grant            string `xml:"AccessControlList>Grant"`
+}
+
+type GetServiceResp struct {
+	Owner   Owner
+	Buckets []BucketInfo `xml:">Bucket"`
+}
+
+type GetBucketInfoResp struct {
+	Bucket BucketInfo
+}
+
+// GetService gets a list of all buckets owned by an account.
+func (client *Client) GetService() (*GetServiceResp, error) {
+	bucket := client.Bucket("")
+
+	r, err := bucket.Get("")
+	if err != nil {
+		return nil, err
+	}
+
+	// Parse the XML response.
+	var resp GetServiceResp
+	if err = xml.Unmarshal(r, &resp); err != nil {
+		return nil, err
+	}
+
+	return &resp, nil
+}
+
+type ACL string
+
+const (
+	Private           = ACL("private")
+	PublicRead        = ACL("public-read")
+	PublicReadWrite   = ACL("public-read-write")
+	AuthenticatedRead = ACL("authenticated-read")
+	BucketOwnerRead   = ACL("bucket-owner-read")
+	BucketOwnerFull   = ACL("bucket-owner-full-control")
+)
+
+var createBucketConfiguration = `<CreateBucketConfiguration>
+  <LocationConstraint>%s</LocationConstraint>
+</CreateBucketConfiguration>`
+
+// locationConstraint returns an io.Reader specifying a LocationConstraint if
+// required for the region.
+func (client *Client) locationConstraint() io.Reader {
+	constraint := fmt.Sprintf(createBucketConfiguration, client.Region)
+	return strings.NewReader(constraint)
+}
+
+// override default endpoint
+func (client *Client) SetEndpoint(endpoint string) {
+	// TODO check endpoint
+	client.endpoint = endpoint
+}
+
+// Info query basic information about the bucket
+//
+// You can read doc at https://help.aliyun.com/document_detail/31968.html
+func (b *Bucket) Info() (BucketInfo, error) {
+	params := make(url.Values)
+	params.Set("bucketInfo", "")
+	r, err := b.GetWithParams("/", params)
+
+	if err != nil {
+		return BucketInfo{}, err
+	}
+
+	// Parse the XML response.
+	var resp GetBucketInfoResp
+	if err = xml.Unmarshal(r, &resp); err != nil {
+		return BucketInfo{}, err
+	}
+
+	return resp.Bucket, nil
+}
+
+// PutBucket creates a new bucket.
+//
+// You can read doc at http://docs.aliyun.com/#/pub/oss/api-reference/bucket&PutBucket
+func (b *Bucket) PutBucket(perm ACL) error {
+	headers := make(http.Header)
+	if perm != "" {
+		headers.Set("x-oss-acl", string(perm))
+	}
+	req := &request{
+		method:  "PUT",
+		bucket:  b.Name,
+		path:    "/",
+		headers: headers,
+		payload: b.Client.locationConstraint(),
+	}
+	return b.Client.query(req, nil)
+}
+
+// DelBucket removes an existing bucket. All objects in the bucket must
+// be removed before the bucket itself can be removed.
+//
+// You can read doc at http://docs.aliyun.com/#/pub/oss/api-reference/bucket&DeleteBucket
+func (b *Bucket) DelBucket() (err error) {
+	for attempt := attempts.Start(); attempt.Next(); {
+		req := &request{
+			method: "DELETE",
+			bucket: b.Name,
+			path:   "/",
+		}
+
+		err = b.Client.query(req, nil)
+		if !shouldRetry(err) {
+			break
+		}
+	}
+	return err
+}
+
+// Get retrieves an object from an bucket.
+//
+// You can read doc at http://docs.aliyun.com/#/pub/oss/api-reference/object&GetObject
+func (b *Bucket) Get(path string) (data []byte, err error) {
+	body, err := b.GetReader(path)
+	if err != nil {
+		return nil, err
+	}
+	data, err = ioutil.ReadAll(body)
+	body.Close()
+	return data, err
+}
+
+// GetReader retrieves an object from an bucket,
+// returning the body of the HTTP response.
+// It is the caller's responsibility to call Close on rc when
+// finished reading.
+func (b *Bucket) GetReader(path string) (rc io.ReadCloser, err error) {
+	resp, err := b.GetResponse(path)
+	if resp != nil {
+		return resp.Body, err
+	}
+	return nil, err
+}
+
+// GetResponse retrieves an object from an bucket,
+// returning the HTTP response.
+// It is the caller's responsibility to call Close on rc when
+// finished reading
+func (b *Bucket) GetResponse(path string) (resp *http.Response, err error) {
+	return b.GetResponseWithHeaders(path, make(http.Header))
+}
+
+// GetResponseWithHeaders retrieves an object from an bucket
+// Accepts custom headers to be sent as the second parameter
+// returning the body of the HTTP response.
+// It is the caller's responsibility to call Close on rc when
+// finished reading
+func (b *Bucket) GetResponseWithHeaders(path string, headers http.Header) (resp *http.Response, err error) {
+	for attempt := attempts.Start(); attempt.Next(); {
+		req := &request{
+			bucket:  b.Name,
+			path:    path,
+			headers: headers,
+		}
+		err = b.Client.prepare(req)
+		if err != nil {
+			return nil, err
+		}
+
+		resp, err := b.Client.run(req, nil)
+		if shouldRetry(err) && attempt.HasNext() {
+			continue
+		}
+		if err != nil {
+			return nil, err
+		}
+		return resp, nil
+	}
+	panic("unreachable")
+}
+
+// Get retrieves an object from an bucket.
+func (b *Bucket) GetWithParams(path string, params url.Values) (data []byte, err error) {
+	resp, err := b.GetResponseWithParamsAndHeaders(path, params, nil)
+	if err != nil {
+		return nil, err
+	}
+	data, err = ioutil.ReadAll(resp.Body)
+	resp.Body.Close()
+	return data, err
+}
+
+func (b *Bucket) GetResponseWithParamsAndHeaders(path string, params url.Values, headers http.Header) (resp *http.Response, err error) {
+	for attempt := attempts.Start(); attempt.Next(); {
+		req := &request{
+			bucket:  b.Name,
+			path:    path,
+			params:  params,
+			headers: headers,
+		}
+		err = b.Client.prepare(req)
+		if err != nil {
+			return nil, err
+		}
+
+		resp, err := b.Client.run(req, nil)
+		if shouldRetry(err) && attempt.HasNext() {
+			continue
+		}
+		if err != nil {
+			return nil, err
+		}
+		return resp, nil
+	}
+	panic("unreachable")
+}
+
+// Exists checks whether or not an object exists on an bucket using a HEAD request.
+func (b *Bucket) Exists(path string) (exists bool, err error) {
+	for attempt := attempts.Start(); attempt.Next(); {
+		req := &request{
+			method: "HEAD",
+			bucket: b.Name,
+			path:   path,
+		}
+		err = b.Client.prepare(req)
+		if err != nil {
+			return
+		}
+
+		resp, err := b.Client.run(req, nil)
+
+		if shouldRetry(err) && attempt.HasNext() {
+			continue
+		}
+
+		if err != nil {
+			// We can treat a 403 or 404 as non existence
+			if e, ok := err.(*Error); ok && (e.StatusCode == 403 || e.StatusCode == 404) {
+				return false, nil
+			}
+			return false, err
+		}
+
+		if resp.StatusCode/100 == 2 {
+			exists = true
+		}
+		if resp.Body != nil {
+			resp.Body.Close()
+		}
+		return exists, err
+	}
+	return false, fmt.Errorf("OSS Currently Unreachable")
+}
+
+// Head HEADs an object in the bucket, returns the response with
+//
+// You can read doc at http://docs.aliyun.com/#/pub/oss/api-reference/object&HeadObject
+func (b *Bucket) Head(path string, headers http.Header) (*http.Response, error) {
+
+	for attempt := attempts.Start(); attempt.Next(); {
+		req := &request{
+			method:  "HEAD",
+			bucket:  b.Name,
+			path:    path,
+			headers: headers,
+		}
+		err := b.Client.prepare(req)
+		if err != nil {
+			return nil, err
+		}
+
+		resp, err := b.Client.run(req, nil)
+		if shouldRetry(err) && attempt.HasNext() {
+			continue
+		}
+		if err != nil {
+			return nil, err
+		}
+		if resp != nil && resp.Body != nil {
+			resp.Body.Close()
+		}
+		return resp, err
+	}
+	return nil, fmt.Errorf("OSS Currently Unreachable")
+}
+
+// Put inserts an object into the bucket.
+//
+// You can read doc at http://docs.aliyun.com/#/pub/oss/api-reference/object&PutObject
+func (b *Bucket) Put(path string, data []byte, contType string, perm ACL, options Options) error {
+	body := bytes.NewBuffer(data)
+	return b.PutReader(path, body, int64(len(data)), contType, perm, options)
+}
+
+// PutCopy puts a copy of an object given by the key path into bucket b using b.Path as the target key
+//
+// You can read doc at http://docs.aliyun.com/#/pub/oss/api-reference/object&CopyObject
+func (b *Bucket) PutCopy(path string, perm ACL, options CopyOptions, source string) (*CopyObjectResult, error) {
+	headers := make(http.Header)
+
+	headers.Set("x-oss-object-acl", string(perm))
+	headers.Set("x-oss-copy-source", source)
+
+	options.addHeaders(headers)
+	req := &request{
+		method:  "PUT",
+		bucket:  b.Name,
+		path:    path,
+		headers: headers,
+		timeout: 5 * time.Minute,
+	}
+	resp := &CopyObjectResult{}
+	err := b.Client.query(req, resp)
+	if err != nil {
+		return resp, err
+	}
+	return resp, nil
+}
+
+// PutReader inserts an object into the bucket by consuming data
+// from r until EOF.
+func (b *Bucket) PutReader(path string, r io.Reader, length int64, contType string, perm ACL, options Options) error {
+	headers := make(http.Header)
+	headers.Set("Content-Length", strconv.FormatInt(length, 10))
+	headers.Set("Content-Type", contType)
+	headers.Set("x-oss-object-acl", string(perm))
+
+	options.addHeaders(headers)
+	req := &request{
+		method:  "PUT",
+		bucket:  b.Name,
+		path:    path,
+		headers: headers,
+		payload: r,
+	}
+	return b.Client.query(req, nil)
+}
+
+// PutFile creates/updates object with file
+func (b *Bucket) PutFile(path string, file *os.File, perm ACL, options Options) error {
+	var contentType string
+	if dotPos := strings.LastIndex(file.Name(), "."); dotPos == -1 {
+		contentType = DefaultContentType
+	} else {
+		if mimeType := mime.TypeByExtension(file.Name()[dotPos:]); mimeType == "" {
+			contentType = DefaultContentType
+		} else {
+			contentType = mimeType
+		}
+	}
+	stats, err := file.Stat()
+	if err != nil {
+		log.Printf("Unable to read file %s stats.\n", file.Name())
+		return err
+	}
+
+	return b.PutReader(path, file, stats.Size(), contentType, perm, options)
+}
+
+// addHeaders adds o's specified fields to headers
+func (o Options) addHeaders(headers http.Header) {
+	if len(o.ServerSideEncryptionKeyID) != 0 {
+		headers.Set("x-oss-server-side-encryption", "KMS")
+		headers.Set("x-oss-server-side-encryption-key-id", o.ServerSideEncryptionKeyID)
+	} else if o.ServerSideEncryption {
+		headers.Set("x-oss-server-side-encryption", "AES256")
+	}
+	if len(o.ContentEncoding) != 0 {
+		headers.Set("Content-Encoding", o.ContentEncoding)
+	}
+	if len(o.CacheControl) != 0 {
+		headers.Set("Cache-Control", o.CacheControl)
+	}
+	if len(o.ContentMD5) != 0 {
+		headers.Set("Content-MD5", o.ContentMD5)
+	}
+	if len(o.ContentDisposition) != 0 {
+		headers.Set("Content-Disposition", o.ContentDisposition)
+	}
+
+	for k, v := range o.Meta {
+		for _, mv := range v {
+			headers.Add("x-oss-meta-"+k, mv)
+		}
+	}
+}
+
+// addHeaders adds o's specified fields to headers
+func (o CopyOptions) addHeaders(headers http.Header) {
+	if len(o.ServerSideEncryptionKeyID) != 0 {
+		headers.Set("x-oss-server-side-encryption", "KMS")
+		headers.Set("x-oss-server-side-encryption-key-id", o.ServerSideEncryptionKeyID)
+	} else if o.ServerSideEncryption {
+		headers.Set("x-oss-server-side-encryption", "AES256")
+	}
+
+	if len(o.MetadataDirective) != 0 {
+		headers.Set("x-oss-metadata-directive", o.MetadataDirective)
+	}
+	if len(o.CopySourceOptions) != 0 {
+		headers.Set("x-oss-copy-source-range", o.CopySourceOptions)
+	}
+	if o.Headers != nil {
+		for k, v := range o.Headers {
+			newSlice := make([]string, len(v))
+			copy(newSlice, v)
+			headers[k] = newSlice
+		}
+	}
+}
+
+func makeXMLBuffer(doc []byte) *bytes.Buffer {
+	buf := new(bytes.Buffer)
+	buf.WriteString(xml.Header)
+	buf.Write(doc)
+	return buf
+}
+
+type IndexDocument struct {
+	Suffix string `xml:"Suffix"`
+}
+
+type ErrorDocument struct {
+	Key string `xml:"Key"`
+}
+
+type RoutingRule struct {
+	ConditionKeyPrefixEquals     string `xml:"Condition>KeyPrefixEquals"`
+	RedirectReplaceKeyPrefixWith string `xml:"Redirect>ReplaceKeyPrefixWith,omitempty"`
+	RedirectReplaceKeyWith       string `xml:"Redirect>ReplaceKeyWith,omitempty"`
+}
+
+type RedirectAllRequestsTo struct {
+	HostName string `xml:"HostName"`
+	Protocol string `xml:"Protocol,omitempty"`
+}
+
+type WebsiteConfiguration struct {
+	XMLName               xml.Name               `xml:"http://doc.oss-cn-hangzhou.aliyuncs.com WebsiteConfiguration"`
+	IndexDocument         *IndexDocument         `xml:"IndexDocument,omitempty"`
+	ErrorDocument         *ErrorDocument         `xml:"ErrorDocument,omitempty"`
+	RoutingRules          *[]RoutingRule         `xml:"RoutingRules>RoutingRule,omitempty"`
+	RedirectAllRequestsTo *RedirectAllRequestsTo `xml:"RedirectAllRequestsTo,omitempty"`
+}
+
+// PutBucketWebsite configures a bucket as a website.
+//
+// You can read doc at http://docs.aliyun.com/#/pub/oss/api-reference/bucket&PutBucketWebsite
+func (b *Bucket) PutBucketWebsite(configuration WebsiteConfiguration) error {
+	doc, err := xml.Marshal(configuration)
+	if err != nil {
+		return err
+	}
+
+	buf := makeXMLBuffer(doc)
+
+	return b.PutBucketSubresource("website", buf, int64(buf.Len()))
+}
+
+func (b *Bucket) PutBucketSubresource(subresource string, r io.Reader, length int64) error {
+	headers := make(http.Header)
+	headers.Set("Content-Length", strconv.FormatInt(length, 10))
+
+	req := &request{
+		path:    "/",
+		method:  "PUT",
+		bucket:  b.Name,
+		headers: headers,
+		payload: r,
+		params:  url.Values{subresource: {""}},
+	}
+
+	return b.Client.query(req, nil)
+}
+
+// Del removes an object from the bucket.
+//
+// You can read doc at http://docs.aliyun.com/#/pub/oss/api-reference/object&DeleteObject
+func (b *Bucket) Del(path string) error {
+	req := &request{
+		method: "DELETE",
+		bucket: b.Name,
+		path:   path,
+	}
+	return b.Client.query(req, nil)
+}
+
+type Delete struct {
+	Quiet   bool     `xml:"Quiet,omitempty"`
+	Objects []Object `xml:"Object"`
+}
+
+type Object struct {
+	Key       string `xml:"Key"`
+	VersionId string `xml:"VersionId,omitempty"`
+}
+
+// DelMulti removes up to 1000 objects from the bucket.
+//
+// You can read doc at http://docs.aliyun.com/#/pub/oss/api-reference/object&DeleteMultipleObjects
+func (b *Bucket) DelMulti(objects Delete) error {
+	doc, err := xml.Marshal(objects)
+	if err != nil {
+		return err
+	}
+
+	buf := makeXMLBuffer(doc)
+	digest := md5.New()
+	size, err := digest.Write(buf.Bytes())
+	if err != nil {
+		return err
+	}
+
+	headers := make(http.Header)
+	headers.Set("Content-Length", strconv.FormatInt(int64(size), 10))
+	headers.Set("Content-MD5", base64.StdEncoding.EncodeToString(digest.Sum(nil)))
+	headers.Set("Content-Type", "text/xml")
+
+	req := &request{
+		path:    "/",
+		method:  "POST",
+		params:  url.Values{"delete": {""}},
+		bucket:  b.Name,
+		headers: headers,
+		payload: buf,
+	}
+
+	return b.Client.query(req, nil)
+}
+
+// The ListResp type holds the results of a List bucket operation.
+type ListResp struct {
+	Name      string
+	Prefix    string
+	Delimiter string
+	Marker    string
+	MaxKeys   int
+	// IsTruncated is true if the results have been truncated because
+	// there are more keys and prefixes than can fit in MaxKeys.
+	// N.B. this is the opposite sense to that documented (incorrectly) in
+	// http://goo.gl/YjQTc
+	IsTruncated    bool
+	Contents       []Key
+	CommonPrefixes []string `xml:">Prefix"`
+	// if IsTruncated is true, pass NextMarker as marker argument to List()
+	// to get the next set of keys
+	NextMarker string
+}
+
+// The Key type represents an item stored in an bucket.
+type Key struct {
+	Key          string
+	LastModified string
+	Type         string
+	Size         int64
+	// ETag gives the hex-encoded MD5 sum of the contents,
+	// surrounded with double-quotes.
+	ETag         string
+	StorageClass string
+	Owner        Owner
+}
+
+// List returns information about objects in an bucket.
+//
+// The prefix parameter limits the response to keys that begin with the
+// specified prefix.
+//
+// The delim parameter causes the response to group all of the keys that
+// share a common prefix up to the next delimiter in a single entry within
+// the CommonPrefixes field. You can use delimiters to separate a bucket
+// into different groupings of keys, similar to how folders would work.
+//
+// The marker parameter specifies the key to start with when listing objects
+// in a bucket. OSS lists objects in alphabetical order and
+// will return keys alphabetically greater than the marker.
+//
+// The max parameter specifies how many keys + common prefixes to return in
+// the response, at most 1000. The default is 100.
+//
+// For example, given these keys in a bucket:
+//
+//     index.html
+//     index2.html
+//     photos/2006/January/sample.jpg
+//     photos/2006/February/sample2.jpg
+//     photos/2006/February/sample3.jpg
+//     photos/2006/February/sample4.jpg
+//
+// Listing this bucket with delimiter set to "/" would yield the
+// following result:
+//
+//     &ListResp{
+//         Name:      "sample-bucket",
+//         MaxKeys:   1000,
+//         Delimiter: "/",
+//         Contents:  []Key{
+//             {Key: "index.html", "index2.html"},
+//         },
+//         CommonPrefixes: []string{
+//             "photos/",
+//         },
+//     }
+//
+// Listing the same bucket with delimiter set to "/" and prefix set to
+// "photos/2006/" would yield the following result:
+//
+//     &ListResp{
+//         Name:      "sample-bucket",
+//         MaxKeys:   1000,
+//         Delimiter: "/",
+//         Prefix:    "photos/2006/",
+//         CommonPrefixes: []string{
+//             "photos/2006/February/",
+//             "photos/2006/January/",
+//         },
+//     }
+//
+//
+// You can read doc at http://docs.aliyun.com/#/pub/oss/api-reference/bucket&GetBucket
+func (b *Bucket) List(prefix, delim, marker string, max int) (result *ListResp, err error) {
+	params := make(url.Values)
+	params.Set("prefix", prefix)
+	params.Set("delimiter", delim)
+	params.Set("marker", marker)
+	if max != 0 {
+		params.Set("max-keys", strconv.FormatInt(int64(max), 10))
+	}
+	result = &ListResp{}
+	for attempt := attempts.Start(); attempt.Next(); {
+		req := &request{
+			bucket: b.Name,
+			params: params,
+		}
+		err = b.Client.query(req, result)
+		if !shouldRetry(err) {
+			break
+		}
+	}
+	if err != nil {
+		return nil, err
+	}
+	// if NextMarker is not returned, it should be set to the name of last key,
+	// so let's do it so that each caller doesn't have to
+	if result.IsTruncated && result.NextMarker == "" {
+		n := len(result.Contents)
+		if n > 0 {
+			result.NextMarker = result.Contents[n-1].Key
+		}
+	}
+	return result, nil
+}
+
+type GetLocationResp struct {
+	Location string `xml:",innerxml"`
+}
+
+func (b *Bucket) Location() (string, error) {
+	params := make(url.Values)
+	params.Set("location", "")
+	r, err := b.GetWithParams("/", params)
+
+	if err != nil {
+		return "", err
+	}
+
+	// Parse the XML response.
+	var resp GetLocationResp
+	if err = xml.Unmarshal(r, &resp); err != nil {
+		return "", err
+	}
+
+	if resp.Location == "" {
+		return string(Hangzhou), nil
+	}
+	return resp.Location, nil
+}
+
+func (b *Bucket) Path(path string) string {
+	if !strings.HasPrefix(path, "/") {
+		path = "/" + path
+	}
+	return "/" + b.Name + path
+}
+
+// URL returns a non-signed URL that allows retriving the
+// object at path. It only works if the object is publicly
+// readable (see SignedURL).
+func (b *Bucket) URL(path string) string {
+	req := &request{
+		bucket: b.Name,
+		path:   path,
+	}
+	err := b.Client.prepare(req)
+	if err != nil {
+		panic(err)
+	}
+	u, err := req.url()
+	if err != nil {
+		panic(err)
+	}
+	u.RawQuery = ""
+	return u.String()
+}
+
+// SignedURL returns a signed URL that allows anyone holding the URL
+// to retrieve the object at path. The signature is valid until expires.
+func (b *Bucket) SignedURL(path string, expires time.Time) string {
+	return b.SignedURLWithArgs(path, expires, nil, nil)
+}
+
+// SignedURLWithArgs returns a signed URL that allows anyone holding the URL
+// to retrieve the object at path. The signature is valid until expires.
+func (b *Bucket) SignedURLWithArgs(path string, expires time.Time, params url.Values, headers http.Header) string {
+	return b.SignedURLWithMethod("GET", path, expires, params, headers)
+}
+
+func (b *Bucket) SignedURLWithMethodForAssumeRole(method, path string, expires time.Time, params url.Values, headers http.Header) string {
+	var uv = url.Values{}
+	if params != nil {
+		uv = params
+	}
+	if len(b.Client.SecurityToken) != 0 {
+		uv.Set("security-token", b.Client.SecurityToken)
+	}
+	return b.SignedURLWithMethod(method, path, expires, params, headers)
+}
+
+// SignedURLWithMethod returns a signed URL that allows anyone holding the URL
+// to either retrieve the object at path or make a HEAD request against it. The signature is valid until expires.
+func (b *Bucket) SignedURLWithMethod(method, path string, expires time.Time, params url.Values, headers http.Header) string {
+	var uv = url.Values{}
+
+	if params != nil {
+		uv = params
+	}
+
+	uv.Set("Expires", strconv.FormatInt(expires.Unix(), 10))
+	uv.Set("OSSAccessKeyId", b.AccessKeyId)
+
+	req := &request{
+		method:  method,
+		bucket:  b.Name,
+		path:    path,
+		params:  uv,
+		headers: headers,
+	}
+	err := b.Client.prepare(req)
+	if err != nil {
+		panic(err)
+	}
+	u, err := req.url()
+	if err != nil {
+		panic(err)
+	}
+
+	return u.String()
+}
+
+// UploadSignedURL returns a signed URL that allows anyone holding the URL
+// to upload the object at path. The signature is valid until expires.
+// contenttype is a string like image/png
+// name is the resource name in OSS terminology like images/ali.png [obviously excluding the bucket name itself]
+func (b *Bucket) UploadSignedURL(name, method, contentType string, expires time.Time) string {
+	//TODO TESTING
+	expireDate := expires.Unix()
+	if method != "POST" {
+		method = "PUT"
+	}
+
+	tokenData := ""
+
+	stringToSign := method + "\n\n" + contentType + "\n" + strconv.FormatInt(expireDate, 10) + "\n" + tokenData + "/" + path.Join(b.Name, name)
+	secretKey := b.AccessKeySecret
+	accessId := b.AccessKeyId
+	mac := hmac.New(sha1.New, []byte(secretKey))
+	mac.Write([]byte(stringToSign))
+	macsum := mac.Sum(nil)
+	signature := base64.StdEncoding.EncodeToString(macsum)
+	signature = strings.TrimSpace(signature)
+
+	signedurl, err := url.Parse(b.Region.GetEndpoint(b.Internal, b.Name, b.Secure))
+	if err != nil {
+		log.Println("ERROR sining url for OSS upload", err)
+		return ""
+	}
+	signedurl.Path = name
+	params := url.Values{}
+	params.Add("OSSAccessKeyId", accessId)
+	params.Add("Expires", strconv.FormatInt(expireDate, 10))
+	params.Add("Signature", signature)
+
+	signedurl.RawQuery = params.Encode()
+	return signedurl.String()
+}
+
+// PostFormArgsEx returns the action and input fields needed to allow anonymous
+// uploads to a bucket within the expiration limit
+// Additional conditions can be specified with conds
+func (b *Bucket) PostFormArgsEx(path string, expires time.Time, redirect string, conds []string) (action string, fields map[string]string) {
+	conditions := []string{}
+	fields = map[string]string{
+		"AWSAccessKeyId": b.AccessKeyId,
+		"key":            path,
+	}
+
+	if conds != nil {
+		conditions = append(conditions, conds...)
+	}
+
+	conditions = append(conditions, fmt.Sprintf("{\"key\": \"%s\"}", path))
+	conditions = append(conditions, fmt.Sprintf("{\"bucket\": \"%s\"}", b.Name))
+	if redirect != "" {
+		conditions = append(conditions, fmt.Sprintf("{\"success_action_redirect\": \"%s\"}", redirect))
+		fields["success_action_redirect"] = redirect
+	}
+
+	vExpiration := expires.Format("2006-01-02T15:04:05Z")
+	vConditions := strings.Join(conditions, ",")
+	policy := fmt.Sprintf("{\"expiration\": \"%s\", \"conditions\": [%s]}", vExpiration, vConditions)
+	policy64 := base64.StdEncoding.EncodeToString([]byte(policy))
+	fields["policy"] = policy64
+
+	signer := hmac.New(sha1.New, []byte(b.AccessKeySecret))
+	signer.Write([]byte(policy64))
+	fields["signature"] = base64.StdEncoding.EncodeToString(signer.Sum(nil))
+
+	action = fmt.Sprintf("%s/%s/", b.Client.Region, b.Name)
+	return
+}
+
+// PostFormArgs returns the action and input fields needed to allow anonymous
+// uploads to a bucket within the expiration limit
+func (b *Bucket) PostFormArgs(path string, expires time.Time, redirect string) (action string, fields map[string]string) {
+	return b.PostFormArgsEx(path, expires, redirect, nil)
+}
+
+type request struct {
+	method   string
+	bucket   string
+	path     string
+	params   url.Values
+	headers  http.Header
+	baseurl  string
+	payload  io.Reader
+	prepared bool
+	timeout  time.Duration
+}
+
+func (req *request) url() (*url.URL, error) {
+	u, err := url.Parse(req.baseurl)
+	if err != nil {
+		return nil, fmt.Errorf("bad OSS endpoint URL %q: %v", req.baseurl, err)
+	}
+	u.RawQuery = req.params.Encode()
+	u.Path = req.path
+	return u, nil
+}
+
+// query prepares and runs the req request.
+// If resp is not nil, the XML data contained in the response
+// body will be unmarshalled on it.
+func (client *Client) query(req *request, resp interface{}) error {
+	err := client.prepare(req)
+	if err != nil {
+		return err
+	}
+	r, err := client.run(req, resp)
+	if r != nil && r.Body != nil {
+		r.Body.Close()
+	}
+	return err
+}
+
+// Sets baseurl on req from bucket name and the region endpoint
+func (client *Client) setBaseURL(req *request) error {
+
+	if client.endpoint == "" {
+		req.baseurl = client.Region.GetEndpoint(client.Internal, req.bucket, client.Secure)
+	} else {
+		req.baseurl = fmt.Sprintf("%s://%s", getProtocol(client.Secure), client.endpoint)
+	}
+
+	return nil
+}
+
+// partiallyEscapedPath partially escapes the OSS path allowing for all OSS REST API calls.
+//
+// Some commands including:
+//      GET Bucket acl              http://goo.gl/aoXflF
+//      GET Bucket cors             http://goo.gl/UlmBdx
+//      GET Bucket lifecycle        http://goo.gl/8Fme7M
+//      GET Bucket policy           http://goo.gl/ClXIo3
+//      GET Bucket location         http://goo.gl/5lh8RD
+//      GET Bucket Logging          http://goo.gl/sZ5ckF
+//      GET Bucket notification     http://goo.gl/qSSZKD
+//      GET Bucket tagging          http://goo.gl/QRvxnM
+// require the first character after the bucket name in the path to be a literal '?' and
+// not the escaped hex representation '%3F'.
+func partiallyEscapedPath(path string) string {
+	pathEscapedAndSplit := strings.Split((&url.URL{Path: path}).String(), "/")
+	if len(pathEscapedAndSplit) >= 3 {
+		if len(pathEscapedAndSplit[2]) >= 3 {
+			// Check for the one "?" that should not be escaped.
+			if pathEscapedAndSplit[2][0:3] == "%3F" {
+				pathEscapedAndSplit[2] = "?" + pathEscapedAndSplit[2][3:]
+			}
+		}
+	}
+	return strings.Replace(strings.Join(pathEscapedAndSplit, "/"), "+", "%2B", -1)
+}
+
+// prepare sets up req to be delivered to OSS.
+func (client *Client) prepare(req *request) error {
+	// Copy so they can be mutated without affecting on retries.
+	headers := copyHeader(req.headers)
+	// security-token should be in either Params or Header, cannot be in both
+	if len(req.params.Get("security-token")) == 0 && len(client.SecurityToken) != 0 {
+		headers.Set("x-oss-security-token", client.SecurityToken)
+	}
+
+	params := make(url.Values)
+
+	for k, v := range req.params {
+		params[k] = v
+	}
+
+	req.params = params
+	req.headers = headers
+
+	if !req.prepared {
+		req.prepared = true
+		if req.method == "" {
+			req.method = "GET"
+		}
+
+		if !strings.HasPrefix(req.path, "/") {
+			req.path = "/" + req.path
+		}
+
+		err := client.setBaseURL(req)
+		if err != nil {
+			return err
+		}
+	}
+
+	req.headers.Set("Date", util.GetGMTime())
+	client.signRequest(req)
+
+	return nil
+}
+
+// Prepares an *http.Request for doHttpRequest
+func (client *Client) setupHttpRequest(req *request) (*http.Request, error) {
+	// Copy so that signing the http request will not mutate it
+
+	u, err := req.url()
+	if err != nil {
+		return nil, err
+	}
+	u.Opaque = fmt.Sprintf("//%s%s", u.Host, partiallyEscapedPath(u.Path))
+
+	hreq := http.Request{
+		URL:        u,
+		Method:     req.method,
+		ProtoMajor: 1,
+		ProtoMinor: 1,
+		Close:      true,
+		Header:     req.headers,
+		Form:       req.params,
+	}
+
+	hreq.Header.Set("X-SDK-Client", `AliyunGO/`+common.Version)
+
+	contentLength := req.headers.Get("Content-Length")
+
+	if contentLength != "" {
+		hreq.ContentLength, _ = strconv.ParseInt(contentLength, 10, 64)
+		req.headers.Del("Content-Length")
+	}
+
+	if req.payload != nil {
+		hreq.Body = ioutil.NopCloser(req.payload)
+	}
+
+	return &hreq, nil
+}
+
+// doHttpRequest sends hreq and returns the http response from the server.
+// If resp is not nil, the XML data contained in the response
+// body will be unmarshalled on it.
+func (client *Client) doHttpRequest(c *http.Client, hreq *http.Request, resp interface{}) (*http.Response, error) {
+
+	if client.debug {
+		log.Printf("%s %s ...\n", hreq.Method, hreq.URL.String())
+	}
+	hresp, err := c.Do(hreq)
+	if err != nil {
+		return nil, err
+	}
+	if client.debug {
+		log.Printf("%s %s %d\n", hreq.Method, hreq.URL.String(), hresp.StatusCode)
+		contentType := hresp.Header.Get("Content-Type")
+		if contentType == "application/xml" || contentType == "text/xml" {
+			dump, _ := httputil.DumpResponse(hresp, true)
+			log.Printf("%s\n", dump)
+		} else {
+			log.Printf("Response Content-Type: %s\n", contentType)
+		}
+	}
+	if hresp.StatusCode != 200 && hresp.StatusCode != 204 && hresp.StatusCode != 206 {
+		return nil, client.buildError(hresp)
+	}
+	if resp != nil {
+		err = xml.NewDecoder(hresp.Body).Decode(resp)
+		hresp.Body.Close()
+
+		if client.debug {
+			log.Printf("aliyungo.oss> decoded xml into %#v", resp)
+		}
+
+	}
+	return hresp, err
+}
+
+// run sends req and returns the http response from the server.
+// If resp is not nil, the XML data contained in the response
+// body will be unmarshalled on it.
+func (client *Client) run(req *request, resp interface{}) (*http.Response, error) {
+	if client.debug {
+		log.Printf("Running OSS request: %#v", req)
+	}
+
+	hreq, err := client.setupHttpRequest(req)
+	if err != nil {
+		return nil, err
+	}
+
+	c := &http.Client{
+		Transport: &http.Transport{
+			Dial: func(netw, addr string) (c net.Conn, err error) {
+				if client.ConnectTimeout > 0 {
+					c, err = net.DialTimeout(netw, addr, client.ConnectTimeout)
+				} else {
+					c, err = net.Dial(netw, addr)
+				}
+				if err != nil {
+					return
+				}
+				return
+			},
+			Proxy: http.ProxyFromEnvironment,
+		},
+		Timeout: req.timeout,
+	}
+
+	return client.doHttpRequest(c, hreq, resp)
+}
+
+// Error represents an error in an operation with OSS.
+type Error struct {
+	StatusCode int    // HTTP status code (200, 403, ...)
+	Code       string // OSS error code ("UnsupportedOperation", ...)
+	Message    string // The human-oriented error message
+	BucketName string
+	RequestId  string
+	HostId     string
+}
+
+func (e *Error) Error() string {
+	return fmt.Sprintf("Aliyun API Error: RequestId: %s Status Code: %d Code: %s Message: %s", e.RequestId, e.StatusCode, e.Code, e.Message)
+}
+
+func (client *Client) buildError(r *http.Response) error {
+	if client.debug {
+		log.Printf("got error (status code %v)", r.StatusCode)
+		data, err := ioutil.ReadAll(r.Body)
+		if err != nil {
+			log.Printf("\tread error: %v", err)
+		} else {
+			log.Printf("\tdata:\n%s\n\n", data)
+		}
+		r.Body = ioutil.NopCloser(bytes.NewBuffer(data))
+	}
+
+	err := Error{}
+	// TODO return error if Unmarshal fails?
+	xml.NewDecoder(r.Body).Decode(&err)
+	r.Body.Close()
+	err.StatusCode = r.StatusCode
+	if err.Message == "" {
+		err.Message = r.Status
+	}
+	if client.debug {
+		log.Printf("err: %#v\n", err)
+	}
+	return &err
+}
+
+type TimeoutError interface {
+	error
+	Timeout() bool // Is the error a timeout?
+}
+
+func shouldRetry(err error) bool {
+	if err == nil {
+		return false
+	}
+
+	_, ok := err.(TimeoutError)
+	if ok {
+		return true
+	}
+
+	switch err {
+	case io.ErrUnexpectedEOF, io.EOF:
+		return true
+	}
+	switch e := err.(type) {
+	case *net.DNSError:
+		return true
+	case *net.OpError:
+		switch e.Op {
+		case "read", "write":
+			return true
+		}
+	case *url.Error:
+		// url.Error can be returned either by net/url if a URL cannot be
+		// parsed, or by net/http if the response is closed before the headers
+		// are received or parsed correctly. In that later case, e.Op is set to
+		// the HTTP method name with the first letter uppercased. We don't want
+		// to retry on POST operations, since those are not idempotent, all the
+		// other ones should be safe to retry.
+		switch e.Op {
+		case "Get", "Put", "Delete", "Head":
+			return shouldRetry(e.Err)
+		default:
+			return false
+		}
+	case *Error:
+		switch e.Code {
+		case "InternalError", "NoSuchUpload", "NoSuchBucket":
+			return true
+		}
+	}
+	return false
+}
+
+func hasCode(err error, code string) bool {
+	e, ok := err.(*Error)
+	return ok && e.Code == code
+}
+
+func copyHeader(header http.Header) (newHeader http.Header) {
+	newHeader = make(http.Header)
+	for k, v := range header {
+		newSlice := make([]string, len(v))
+		copy(newSlice, v)
+		newHeader[k] = newSlice
+	}
+	return
+}
+
+type AccessControlPolicy struct {
+	Owner  Owner
+	Grants []string `xml:"AccessControlList>Grant"`
+}
+
+// ACL returns ACL of bucket
+//
+// You can read doc at http://docs.aliyun.com/#/pub/oss/api-reference/bucket&GetBucketAcl
+func (b *Bucket) ACL() (result *AccessControlPolicy, err error) {
+
+	params := make(url.Values)
+	params.Set("acl", "")
+
+	r, err := b.GetWithParams("/", params)
+	if err != nil {
+		return nil, err
+	}
+
+	// Parse the XML response.
+	var resp AccessControlPolicy
+	if err = xml.Unmarshal(r, &resp); err != nil {
+		return nil, err
+	}
+
+	return &resp, nil
+}
+
+func (b *Bucket) GetContentLength(sourcePath string) (int64, error) {
+	resp, err := b.Head(sourcePath, nil)
+	if err != nil {
+		return 0, err
+	}
+
+	currentLength := resp.ContentLength
+
+	return currentLength, err
+}
+
+func (b *Bucket) CopyLargeFile(sourcePath string, destPath string, contentType string, perm ACL, options Options) error {
+	return b.CopyLargeFileInParallel(sourcePath, destPath, contentType, perm, options, 1)
+}
+
+const defaultChunkSize = int64(128 * 1024 * 1024) //128MB
+const maxCopytSize = int64(128 * 1024 * 1024)     //128MB
+
+// Copy large file in the same bucket
+func (b *Bucket) CopyLargeFileInParallel(sourcePath string, destPath string, contentType string, perm ACL, options Options, maxConcurrency int) error {
+
+	if maxConcurrency < 1 {
+		maxConcurrency = 1
+	}
+
+	currentLength, err := b.GetContentLength(sourcePath)
+
+	log.Printf("Parallel Copy large file[size: %d] from %s to %s\n", currentLength, sourcePath, destPath)
+
+	if err != nil {
+		return err
+	}
+
+	if currentLength < maxCopytSize {
+		_, err := b.PutCopy(destPath, perm,
+			CopyOptions{},
+			b.Path(sourcePath))
+		return err
+	}
+
+	multi, err := b.InitMulti(destPath, contentType, perm, options)
+	if err != nil {
+		return err
+	}
+
+	numParts := (currentLength + defaultChunkSize - 1) / defaultChunkSize
+	completedParts := make([]Part, numParts)
+
+	errChan := make(chan error, numParts)
+	limiter := make(chan struct{}, maxConcurrency)
+
+	var start int64 = 0
+	var to int64 = 0
+	var partNumber = 0
+	sourcePathForCopy := b.Path(sourcePath)
+
+	for start = 0; start < currentLength; start = to {
+		to = start + defaultChunkSize
+		if to > currentLength {
+			to = currentLength
+		}
+		partNumber++
+
+		rangeStr := fmt.Sprintf("bytes=%d-%d", start, to-1)
+		limiter <- struct{}{}
+		go func(partNumber int, rangeStr string) {
+			_, part, err := multi.PutPartCopyWithContentLength(partNumber,
+				CopyOptions{CopySourceOptions: rangeStr},
+				sourcePathForCopy, currentLength)
+			if err == nil {
+				completedParts[partNumber-1] = part
+			} else {
+				log.Printf("Unable in PutPartCopy of part %d for %s: %v\n", partNumber, sourcePathForCopy, err)
+			}
+			errChan <- err
+			<-limiter
+		}(partNumber, rangeStr)
+	}
+
+	fullyCompleted := true
+	for range completedParts {
+		err := <-errChan
+		if err != nil {
+			fullyCompleted = false
+		}
+	}
+
+	if fullyCompleted {
+		err = multi.Complete(completedParts)
+	} else {
+		err = multi.Abort()
+	}
+
+	return err
+}
diff --git a/vendor/github.com/denverdino/aliyungo/oss/export.go b/vendor/github.com/denverdino/aliyungo/oss/export.go
new file mode 100644
index 000000000..ebdb0477a
--- /dev/null
+++ b/vendor/github.com/denverdino/aliyungo/oss/export.go
@@ -0,0 +1,23 @@
+package oss
+
+import (
+	"github.com/denverdino/aliyungo/util"
+)
+
+var originalStrategy = attempts
+
+func SetAttemptStrategy(s *util.AttemptStrategy) {
+	if s == nil {
+		attempts = originalStrategy
+	} else {
+		attempts = *s
+	}
+}
+
+func SetListPartsMax(n int) {
+	listPartsMax = n
+}
+
+func SetListMultiMax(n int) {
+	listMultiMax = n
+}
diff --git a/vendor/github.com/denverdino/aliyungo/oss/multi.go b/vendor/github.com/denverdino/aliyungo/oss/multi.go
new file mode 100644
index 000000000..d720e1884
--- /dev/null
+++ b/vendor/github.com/denverdino/aliyungo/oss/multi.go
@@ -0,0 +1,489 @@
+package oss
+
+import (
+	"bytes"
+	"crypto/md5"
+	"encoding/base64"
+	"encoding/hex"
+	"encoding/xml"
+	"errors"
+	"io"
+	"time"
+	//"log"
+	"net/http"
+	"net/url"
+	"sort"
+	"strconv"
+	"strings"
+)
+
+// Multi represents an unfinished multipart upload.
+//
+// Multipart uploads allow sending big objects in smaller chunks.
+// After all parts have been sent, the upload must be explicitly
+// completed by calling Complete with the list of parts.
+
+type Multi struct {
+	Bucket   *Bucket
+	Key      string
+	UploadId string
+}
+
+// That's the default. Here just for testing.
+var listMultiMax = 1000
+
+type listMultiResp struct {
+	NextKeyMarker      string
+	NextUploadIdMarker string
+	IsTruncated        bool
+	Upload             []Multi
+	CommonPrefixes     []string `xml:"CommonPrefixes>Prefix"`
+}
+
+// ListMulti returns the list of unfinished multipart uploads in b.
+//
+// The prefix parameter limits the response to keys that begin with the
+// specified prefix. You can use prefixes to separate a bucket into different
+// groupings of keys (to get the feeling of folders, for example).
+//
+// The delim parameter causes the response to group all of the keys that
+// share a common prefix up to the next delimiter in a single entry within
+// the CommonPrefixes field. You can use delimiters to separate a bucket
+// into different groupings of keys, similar to how folders would work.
+//
+func (b *Bucket) ListMulti(prefix, delim string) (multis []*Multi, prefixes []string, err error) {
+	params := make(url.Values)
+	params.Set("uploads", "")
+	params.Set("max-uploads", strconv.FormatInt(int64(listMultiMax), 10))
+	params.Set("prefix", prefix)
+	params.Set("delimiter", delim)
+
+	for attempt := attempts.Start(); attempt.Next(); {
+		req := &request{
+			method: "GET",
+			bucket: b.Name,
+			params: params,
+		}
+		var resp listMultiResp
+		err := b.Client.query(req, &resp)
+		if shouldRetry(err) && attempt.HasNext() {
+			continue
+		}
+		if err != nil {
+			return nil, nil, err
+		}
+		for i := range resp.Upload {
+			multi := &resp.Upload[i]
+			multi.Bucket = b
+			multis = append(multis, multi)
+		}
+		prefixes = append(prefixes, resp.CommonPrefixes...)
+		if !resp.IsTruncated {
+			return multis, prefixes, nil
+		}
+		params.Set("key-marker", resp.NextKeyMarker)
+		params.Set("upload-id-marker", resp.NextUploadIdMarker)
+		attempt = attempts.Start() // Last request worked.
+	}
+	panic("unreachable")
+}
+
+// Multi returns a multipart upload handler for the provided key
+// inside b. If a multipart upload exists for key, it is returned,
+// otherwise a new multipart upload is initiated with contType and perm.
+func (b *Bucket) Multi(key, contType string, perm ACL, options Options) (*Multi, error) {
+	multis, _, err := b.ListMulti(key, "")
+	if err != nil && !hasCode(err, "NoSuchUpload") {
+		return nil, err
+	}
+	for _, m := range multis {
+		if m.Key == key {
+			return m, nil
+		}
+	}
+	return b.InitMulti(key, contType, perm, options)
+}
+
+// InitMulti initializes a new multipart upload at the provided
+// key inside b and returns a value for manipulating it.
+//
+//
+// You can read doc at http://docs.aliyun.com/#/pub/oss/api-reference/multipart-upload&InitiateMultipartUpload
+func (b *Bucket) InitMulti(key string, contType string, perm ACL, options Options) (*Multi, error) {
+	headers := make(http.Header)
+	headers.Set("Content-Length", "0")
+	headers.Set("Content-Type", contType)
+	headers.Set("x-oss-acl", string(perm))
+
+	options.addHeaders(headers)
+	params := make(url.Values)
+	params.Set("uploads", "")
+	req := &request{
+		method:  "POST",
+		bucket:  b.Name,
+		path:    key,
+		headers: headers,
+		params:  params,
+	}
+	var err error
+	var resp struct {
+		UploadId string `xml:"UploadId"`
+	}
+	for attempt := attempts.Start(); attempt.Next(); {
+		err = b.Client.query(req, &resp)
+		if !shouldRetry(err) {
+			break
+		}
+	}
+	if err != nil {
+		return nil, err
+	}
+	return &Multi{Bucket: b, Key: key, UploadId: resp.UploadId}, nil
+}
+
+func (m *Multi) PutPartCopy(n int, options CopyOptions, source string) (*CopyObjectResult, Part, error) {
+	return m.PutPartCopyWithContentLength(n, options, source, -1)
+}
+
+//
+// You can read doc at http://docs.aliyun.com/#/pub/oss/api-reference/multipart-upload&UploadPartCopy
+func (m *Multi) PutPartCopyWithContentLength(n int, options CopyOptions, source string, contentLength int64) (*CopyObjectResult, Part, error) {
+	// TODO source format a /BUCKET/PATH/TO/OBJECT
+	// TODO not a good design. API could be changed to PutPartCopyWithinBucket(..., path) and PutPartCopyFromBucket(bucket, path)
+
+	headers := make(http.Header)
+	headers.Set("x-oss-copy-source", source)
+
+	options.addHeaders(headers)
+	params := make(url.Values)
+	params.Set("uploadId", m.UploadId)
+	params.Set("partNumber", strconv.FormatInt(int64(n), 10))
+
+	if contentLength < 0 {
+		sourceBucket := m.Bucket.Client.Bucket(strings.TrimRight(strings.Split(source, "/")[1], "/"))
+		//log.Println("source: ", source)
+		//log.Println("sourceBucket: ", sourceBucket.Name)
+		//log.Println("HEAD: ", strings.strings.SplitAfterN(source, "/", 3)[2])
+		// TODO SplitAfterN can be use in bucket name
+		sourceMeta, err := sourceBucket.Head(strings.SplitAfterN(source, "/", 3)[2], nil)
+		if err != nil {
+			return nil, Part{}, err
+		}
+		contentLength = sourceMeta.ContentLength
+	}
+
+	for attempt := attempts.Start(); attempt.Next(); {
+		req := &request{
+			method:  "PUT",
+			bucket:  m.Bucket.Name,
+			path:    m.Key,
+			headers: headers,
+			params:  params,
+		}
+		resp := &CopyObjectResult{}
+		err := m.Bucket.Client.query(req, resp)
+		if shouldRetry(err) && attempt.HasNext() {
+			continue
+		}
+		if err != nil {
+			return nil, Part{}, err
+		}
+		if resp.ETag == "" {
+			return nil, Part{}, errors.New("part upload succeeded with no ETag")
+		}
+		return resp, Part{n, resp.ETag, contentLength}, nil
+	}
+	panic("unreachable")
+}
+
+// PutPart sends part n of the multipart upload, reading all the content from r.
+// Each part, except for the last one, must be at least 5MB in size.
+//
+//
+// You can read doc at http://docs.aliyun.com/#/pub/oss/api-reference/multipart-upload&UploadPart
+func (m *Multi) PutPart(n int, r io.ReadSeeker) (Part, error) {
+	partSize, _, md5b64, err := seekerInfo(r)
+	if err != nil {
+		return Part{}, err
+	}
+	return m.putPart(n, r, partSize, md5b64, 0)
+}
+
+func (m *Multi) PutPartWithTimeout(n int, r io.ReadSeeker, timeout time.Duration) (Part, error) {
+	partSize, _, md5b64, err := seekerInfo(r)
+	if err != nil {
+		return Part{}, err
+	}
+	return m.putPart(n, r, partSize, md5b64, timeout)
+}
+
+func (m *Multi) putPart(n int, r io.ReadSeeker, partSize int64, md5b64 string, timeout time.Duration) (Part, error) {
+	headers := make(http.Header)
+	headers.Set("Content-Length", strconv.FormatInt(partSize, 10))
+	headers.Set("Content-MD5", md5b64)
+
+	params := make(url.Values)
+	params.Set("uploadId", m.UploadId)
+	params.Set("partNumber", strconv.FormatInt(int64(n), 10))
+
+	for attempt := attempts.Start(); attempt.Next(); {
+		_, err := r.Seek(0, 0)
+		if err != nil {
+			return Part{}, err
+		}
+		req := &request{
+			method:  "PUT",
+			bucket:  m.Bucket.Name,
+			path:    m.Key,
+			headers: headers,
+			params:  params,
+			payload: r,
+			timeout: timeout,
+		}
+		err = m.Bucket.Client.prepare(req)
+		if err != nil {
+			return Part{}, err
+		}
+		resp, err := m.Bucket.Client.run(req, nil)
+		if shouldRetry(err) && attempt.HasNext() {
+			continue
+		}
+		if err != nil {
+			return Part{}, err
+		}
+		etag := resp.Header.Get("ETag")
+		if etag == "" {
+			return Part{}, errors.New("part upload succeeded with no ETag")
+		}
+		return Part{n, etag, partSize}, nil
+	}
+	panic("unreachable")
+}
+
+func seekerInfo(r io.ReadSeeker) (size int64, md5hex string, md5b64 string, err error) {
+	_, err = r.Seek(0, 0)
+	if err != nil {
+		return 0, "", "", err
+	}
+	digest := md5.New()
+	size, err = io.Copy(digest, r)
+	if err != nil {
+		return 0, "", "", err
+	}
+	sum := digest.Sum(nil)
+	md5hex = hex.EncodeToString(sum)
+	md5b64 = base64.StdEncoding.EncodeToString(sum)
+	return size, md5hex, md5b64, nil
+}
+
+type Part struct {
+	N    int `xml:"PartNumber"`
+	ETag string
+	Size int64
+}
+
+type partSlice []Part
+
+func (s partSlice) Len() int           { return len(s) }
+func (s partSlice) Less(i, j int) bool { return s[i].N < s[j].N }
+func (s partSlice) Swap(i, j int)      { s[i], s[j] = s[j], s[i] }
+
+type listPartsResp struct {
+	NextPartNumberMarker string
+	IsTruncated          bool
+	Part                 []Part
+}
+
+// That's the default. Here just for testing.
+var listPartsMax = 1000
+
+// ListParts for backcompatability. See the documentation for ListPartsFull
+func (m *Multi) ListParts() ([]Part, error) {
+	return m.ListPartsFull(0, listPartsMax)
+}
+
+// ListPartsFull returns the list of previously uploaded parts in m,
+// ordered by part number (Only parts with higher part numbers than
+// partNumberMarker will be listed). Only up to maxParts parts will be
+// returned.
+//
+func (m *Multi) ListPartsFull(partNumberMarker int, maxParts int) ([]Part, error) {
+	if maxParts > listPartsMax {
+		maxParts = listPartsMax
+	}
+
+	params := make(url.Values)
+	params.Set("uploadId", m.UploadId)
+	params.Set("max-parts", strconv.FormatInt(int64(maxParts), 10))
+	params.Set("part-number-marker", strconv.FormatInt(int64(partNumberMarker), 10))
+
+	var parts partSlice
+	for attempt := attempts.Start(); attempt.Next(); {
+		req := &request{
+			method: "GET",
+			bucket: m.Bucket.Name,
+			path:   m.Key,
+			params: params,
+		}
+		var resp listPartsResp
+		err := m.Bucket.Client.query(req, &resp)
+		if shouldRetry(err) && attempt.HasNext() {
+			continue
+		}
+		if err != nil {
+			return nil, err
+		}
+		parts = append(parts, resp.Part...)
+		if !resp.IsTruncated {
+			sort.Sort(parts)
+			return parts, nil
+		}
+		params.Set("part-number-marker", resp.NextPartNumberMarker)
+		attempt = attempts.Start() // Last request worked.
+	}
+	panic("unreachable")
+}
+
+type ReaderAtSeeker interface {
+	io.ReaderAt
+	io.ReadSeeker
+}
+
+// PutAll sends all of r via a multipart upload with parts no larger
+// than partSize bytes, which must be set to at least 5MB.
+// Parts previously uploaded are either reused if their checksum
+// and size match the new part, or otherwise overwritten with the
+// new content.
+// PutAll returns all the parts of m (reused or not).
+func (m *Multi) PutAll(r ReaderAtSeeker, partSize int64) ([]Part, error) {
+	old, err := m.ListParts()
+	if err != nil && !hasCode(err, "NoSuchUpload") {
+		return nil, err
+	}
+	reuse := 0   // Index of next old part to consider reusing.
+	current := 1 // Part number of latest good part handled.
+	totalSize, err := r.Seek(0, 2)
+	if err != nil {
+		return nil, err
+	}
+	first := true // Must send at least one empty part if the file is empty.
+	var result []Part
+NextSection:
+	for offset := int64(0); offset < totalSize || first; offset += partSize {
+		first = false
+		if offset+partSize > totalSize {
+			partSize = totalSize - offset
+		}
+		section := io.NewSectionReader(r, offset, partSize)
+		_, md5hex, md5b64, err := seekerInfo(section)
+		if err != nil {
+			return nil, err
+		}
+		for reuse < len(old) && old[reuse].N <= current {
+			// Looks like this part was already sent.
+			part := &old[reuse]
+			etag := `"` + md5hex + `"`
+			if part.N == current && part.Size == partSize && part.ETag == etag {
+				// Checksum matches. Reuse the old part.
+				result = append(result, *part)
+				current++
+				continue NextSection
+			}
+			reuse++
+		}
+
+		// Part wasn't found or doesn't match. Send it.
+		part, err := m.putPart(current, section, partSize, md5b64, 0)
+		if err != nil {
+			return nil, err
+		}
+		result = append(result, part)
+		current++
+	}
+	return result, nil
+}
+
+type completeUpload struct {
+	XMLName xml.Name      `xml:"CompleteMultipartUpload"`
+	Parts   completeParts `xml:"Part"`
+}
+
+type completePart struct {
+	PartNumber int
+	ETag       string
+}
+
+type completeParts []completePart
+
+func (p completeParts) Len() int           { return len(p) }
+func (p completeParts) Less(i, j int) bool { return p[i].PartNumber < p[j].PartNumber }
+func (p completeParts) Swap(i, j int)      { p[i], p[j] = p[j], p[i] }
+
+// Complete assembles the given previously uploaded parts into the
+// final object. This operation may take several minutes.
+//
+func (m *Multi) Complete(parts []Part) error {
+	params := make(url.Values)
+	params.Set("uploadId", m.UploadId)
+
+	c := completeUpload{}
+	for _, p := range parts {
+		c.Parts = append(c.Parts, completePart{p.N, p.ETag})
+	}
+	sort.Sort(c.Parts)
+	data, err := xml.Marshal(&c)
+	if err != nil {
+		return err
+	}
+	for attempt := attempts.Start(); attempt.Next(); {
+		req := &request{
+			method:  "POST",
+			bucket:  m.Bucket.Name,
+			path:    m.Key,
+			params:  params,
+			payload: bytes.NewReader(data),
+		}
+		err := m.Bucket.Client.query(req, nil)
+		if shouldRetry(err) && attempt.HasNext() {
+			continue
+		}
+		return err
+	}
+	panic("unreachable")
+}
+
+// Abort deletes an unifinished multipart upload and any previously
+// uploaded parts for it.
+//
+// After a multipart upload is aborted, no additional parts can be
+// uploaded using it. However, if any part uploads are currently in
+// progress, those part uploads might or might not succeed. As a result,
+// it might be necessary to abort a given multipart upload multiple
+// times in order to completely free all storage consumed by all parts.
+//
+// NOTE: If the described scenario happens to you, please report back to
+// the goamz authors with details. In the future such retrying should be
+// handled internally, but it's not clear what happens precisely (Is an
+// error returned? Is the issue completely undetectable?).
+//
+//
+// You can read doc at http://docs.aliyun.com/#/pub/oss/api-reference/multipart-upload&AbortMultipartUpload
+func (m *Multi) Abort() error {
+	params := make(url.Values)
+	params.Set("uploadId", m.UploadId)
+
+	for attempt := attempts.Start(); attempt.Next(); {
+		req := &request{
+			method: "DELETE",
+			bucket: m.Bucket.Name,
+			path:   m.Key,
+			params: params,
+		}
+		err := m.Bucket.Client.query(req, nil)
+		if shouldRetry(err) && attempt.HasNext() {
+			continue
+		}
+		return err
+	}
+	panic("unreachable")
+}
diff --git a/vendor/github.com/denverdino/aliyungo/oss/regions.go b/vendor/github.com/denverdino/aliyungo/oss/regions.go
new file mode 100644
index 000000000..89bac8384
--- /dev/null
+++ b/vendor/github.com/denverdino/aliyungo/oss/regions.go
@@ -0,0 +1,80 @@
+package oss
+
+import (
+	"fmt"
+)
+
+// Region represents OSS region
+type Region string
+
+// Constants of region definition
+const (
+	Hangzhou    = Region("oss-cn-hangzhou")
+	Qingdao     = Region("oss-cn-qingdao")
+	Beijing     = Region("oss-cn-beijing")
+	Hongkong    = Region("oss-cn-hongkong")
+	Shenzhen    = Region("oss-cn-shenzhen")
+	Shanghai    = Region("oss-cn-shanghai")
+	Zhangjiakou = Region("oss-cn-zhangjiakou")
+	Huhehaote   = Region("oss-cn-huhehaote")
+
+	USWest1      = Region("oss-us-west-1")
+	USEast1      = Region("oss-us-east-1")
+	APSouthEast1 = Region("oss-ap-southeast-1")
+	APNorthEast1 = Region("oss-ap-northeast-1")
+	APSouthEast2 = Region("oss-ap-southeast-2")
+
+	MEEast1 = Region("oss-me-east-1")
+
+	EUCentral1 = Region("oss-eu-central-1")
+	EUWest1    = Region("oss-eu-west-1")
+
+	DefaultRegion = Hangzhou
+)
+
+// GetEndpoint returns endpoint of region
+func (r Region) GetEndpoint(internal bool, bucket string, secure bool) string {
+	if internal {
+		return r.GetInternalEndpoint(bucket, secure)
+	}
+	return r.GetInternetEndpoint(bucket, secure)
+}
+
+func getProtocol(secure bool) string {
+	protocol := "http"
+	if secure {
+		protocol = "https"
+	}
+	return protocol
+}
+
+// GetInternetEndpoint returns internet endpoint of region
+func (r Region) GetInternetEndpoint(bucket string, secure bool) string {
+	protocol := getProtocol(secure)
+	if bucket == "" {
+		return fmt.Sprintf("%s://oss.aliyuncs.com", protocol)
+	}
+	return fmt.Sprintf("%s://%s.%s.aliyuncs.com", protocol, bucket, string(r))
+}
+
+// GetInternalEndpoint returns internal endpoint of region
+func (r Region) GetInternalEndpoint(bucket string, secure bool) string {
+	protocol := getProtocol(secure)
+	if bucket == "" {
+		return fmt.Sprintf("%s://oss-internal.aliyuncs.com", protocol)
+	}
+	return fmt.Sprintf("%s://%s.%s-internal.aliyuncs.com", protocol, bucket, string(r))
+}
+
+// GetInternalEndpoint returns internal endpoint of region
+func (r Region) GetVPCInternalEndpoint(bucket string, secure bool) string {
+	protocol := getProtocol(secure)
+	if bucket == "" {
+		return fmt.Sprintf("%s://vpc100-oss-cn-hangzhou.aliyuncs.com", protocol)
+	}
+	if r == USEast1 {
+		return r.GetInternalEndpoint(bucket, secure)
+	} else {
+		return fmt.Sprintf("%s://%s.vpc100-%s.aliyuncs.com", protocol, bucket, string(r))
+	}
+}
diff --git a/vendor/github.com/denverdino/aliyungo/oss/signature.go b/vendor/github.com/denverdino/aliyungo/oss/signature.go
new file mode 100644
index 000000000..4a0f4d97a
--- /dev/null
+++ b/vendor/github.com/denverdino/aliyungo/oss/signature.go
@@ -0,0 +1,125 @@
+package oss
+
+import (
+	"github.com/denverdino/aliyungo/util"
+	//"log"
+	"net/http"
+	"net/url"
+	"sort"
+	"strings"
+)
+
+const HeaderOSSPrefix = "x-oss-"
+
+var ossParamsToSign = map[string]bool{
+	"acl":                          true,
+	"append":                       true,
+	"bucketInfo":                   true,
+	"cname":                        true,
+	"comp":                         true,
+	"cors":                         true,
+	"delete":                       true,
+	"endTime":                      true,
+	"img":                          true,
+	"lifecycle":                    true,
+	"live":                         true,
+	"location":                     true,
+	"logging":                      true,
+	"objectMeta":                   true,
+	"partNumber":                   true,
+	"position":                     true,
+	"qos":                          true,
+	"referer":                      true,
+	"replication":                  true,
+	"replicationLocation":          true,
+	"replicationProgress":          true,
+	"response-cache-control":       true,
+	"response-content-disposition": true,
+	"response-content-encoding":    true,
+	"response-content-language":    true,
+	"response-content-type":        true,
+	"response-expires":             true,
+	"security-token":               true,
+	"startTime":                    true,
+	"status":                       true,
+	"style":                        true,
+	"styleName":                    true,
+	"symlink":                      true,
+	"tagging":                      true,
+	"uploadId":                     true,
+	"uploads":                      true,
+	"vod":                          true,
+	"website":                      true,
+	"x-oss-process":                true,
+}
+
+func (client *Client) signRequest(request *request) {
+	query := request.params
+
+	urlSignature := query.Get("OSSAccessKeyId") != ""
+
+	headers := request.headers
+	contentMd5 := headers.Get("Content-Md5")
+	contentType := headers.Get("Content-Type")
+	date := ""
+	if urlSignature {
+		date = query.Get("Expires")
+	} else {
+		date = headers.Get("Date")
+	}
+
+	resource := request.path
+	if request.bucket != "" {
+		resource = "/" + request.bucket + request.path
+	}
+	params := make(url.Values)
+	for k, v := range query {
+		if ossParamsToSign[k] {
+			params[k] = v
+		}
+	}
+
+	if len(params) > 0 {
+		resource = resource + "?" + util.EncodeWithoutEscape(params)
+	}
+
+	canonicalizedResource := resource
+
+	_, canonicalizedHeader := canonicalizeHeader(headers)
+
+	stringToSign := request.method + "\n" + contentMd5 + "\n" + contentType + "\n" + date + "\n" + canonicalizedHeader + canonicalizedResource
+
+	//log.Println("stringToSign: ", stringToSign)
+	signature := util.CreateSignature(stringToSign, client.AccessKeySecret)
+
+	if urlSignature {
+		query.Set("Signature", signature)
+	} else {
+		headers.Set("Authorization", "OSS "+client.AccessKeyId+":"+signature)
+	}
+}
+
+//Have to break the abstraction to append keys with lower case.
+func canonicalizeHeader(headers http.Header) (newHeaders http.Header, result string) {
+	var canonicalizedHeaders []string
+	newHeaders = http.Header{}
+
+	for k, v := range headers {
+		if lower := strings.ToLower(k); strings.HasPrefix(lower, HeaderOSSPrefix) {
+			newHeaders[lower] = v
+			canonicalizedHeaders = append(canonicalizedHeaders, lower)
+		} else {
+			newHeaders[k] = v
+		}
+	}
+
+	sort.Strings(canonicalizedHeaders)
+
+	var canonicalizedHeader string
+
+	for _, k := range canonicalizedHeaders {
+		canonicalizedHeader += k + ":" + headers.Get(k) + "\n"
+	}
+
+	return newHeaders, canonicalizedHeader
+}
diff --git a/vendor/github.com/denverdino/aliyungo/util/attempt.go b/vendor/github.com/denverdino/aliyungo/util/attempt.go
new file mode 100644
index 000000000..2d07f03a8
--- /dev/null
+++ b/vendor/github.com/denverdino/aliyungo/util/attempt.go
@@ -0,0 +1,76 @@
+package util
+
+import (
+	"time"
+)
+
+// AttemptStrategy is reused from the goamz package
+
+// AttemptStrategy represents a strategy for waiting for an action
+// to complete successfully. This is an internal type used by the
+// implementation of other packages.
+type AttemptStrategy struct {
+	Total time.Duration // total duration of attempt.
+	Delay time.Duration // interval between each try in the burst.
+	Min   int           // minimum number of retries; overrides Total
+}
+
+type Attempt struct {
+	strategy AttemptStrategy
+	last     time.Time
+	end      time.Time
+	force    bool
+	count    int
+}
+
+// Start begins a new sequence of attempts for the given strategy.
+func (s AttemptStrategy) Start() *Attempt {
+	now := time.Now()
+	return &Attempt{
+		strategy: s,
+		last:     now,
+		end:      now.Add(s.Total),
+		force:    true,
+	}
+}
+
+// Next waits until it is time to perform the next attempt or returns
+// false if it is time to stop trying.
+func (a *Attempt) Next() bool {
+	now := time.Now()
+	sleep := a.nextSleep(now)
+	if !a.force && !now.Add(sleep).Before(a.end) && a.strategy.Min <= a.count {
+		return false
+	}
+	a.force = false
+	if sleep > 0 && a.count > 0 {
+		time.Sleep(sleep)
+		now = time.Now()
+	}
+	a.count++
+	a.last = now
+	return true
+}
+
+func (a *Attempt) nextSleep(now time.Time) time.Duration {
+	sleep := a.strategy.Delay - now.Sub(a.last)
+	if sleep < 0 {
+		return 0
+	}
+	return sleep
+}
+
+// HasNext returns whether another attempt will be made if the current
+// one fails. If it returns true, the following call to Next is
+// guaranteed to return true.
+func (a *Attempt) HasNext() bool {
+	if a.force || a.strategy.Min > a.count {
+		return true
+	}
+	now := time.Now()
+	if now.Add(a.nextSleep(now)).Before(a.end) {
+		a.force = true
+		return true
+	}
+	return false
+}
diff --git a/vendor/github.com/denverdino/aliyungo/util/encoding.go b/vendor/github.com/denverdino/aliyungo/util/encoding.go
new file mode 100644
index 000000000..ec1a5b137
--- /dev/null
+++ b/vendor/github.com/denverdino/aliyungo/util/encoding.go
@@ -0,0 +1,331 @@
+package util
+
+import (
+	"encoding/json"
+	"fmt"
+	"log"
+	"net/url"
+	"reflect"
+	"strconv"
+	"strings"
+	"time"
+)
+
+// change instance=["a", "b"]
+// to instance.1="a" instance.2="b"
+func FlattenFn(fieldName string, field reflect.Value, values *url.Values) {
+	l := field.Len()
+	if l > 0 {
+		for i := 0; i < l; i++ {
+			str := field.Index(i).String()
+			values.Set(fieldName+"."+strconv.Itoa(i+1), str)
+		}
+	}
+}
+
+func Underline2Dot(name string) string {
+	return strings.Replace(name, "_", ".", -1)
+}
+
+//ConvertToQueryValues converts the struct to url.Values
+func ConvertToQueryValues(ifc interface{}) url.Values {
+	values := url.Values{}
+	SetQueryValues(ifc, &values)
+	return values
+}
+
+//SetQueryValues sets the struct to existing url.Values following ECS encoding rules
+func SetQueryValues(ifc interface{}, values *url.Values) {
+	setQueryValues(ifc, values, "")
+}
+
+func SetQueryValueByFlattenMethod(ifc interface{}, values *url.Values) {
+	setQueryValuesByFlattenMethod(ifc, values, "")
+}
+
+func setQueryValues(i interface{}, values *url.Values, prefix string) {
+	// add to support url.Values
+	mapValues, ok := i.(url.Values)
+	if ok {
+		for k, _ := range mapValues {
+			values.Set(k, mapValues.Get(k))
+		}
+		return
+	}
+
+	elem := reflect.ValueOf(i)
+	if elem.Kind() == reflect.Ptr {
+		elem = elem.Elem()
+	}
+	elemType := elem.Type()
+	for i := 0; i < elem.NumField(); i++ {
+
+		fieldName := elemType.Field(i).Name
+		anonymous := elemType.Field(i).Anonymous
+		tag := elemType.Field(i).Tag.Get("query")
+		argName := elemType.Field(i).Tag.Get("ArgName")
+		field := elem.Field(i)
+		// TODO Use Tag for validation
+		// tag := typ.Field(i).Tag.Get("tagname")
+		kind := field.Kind()
+		isPtr := false
+		if (kind == reflect.Ptr || kind == reflect.Array || kind == reflect.Slice || kind == reflect.Map || kind == reflect.Chan) && field.IsNil() {
+			continue
+		}
+		if kind == reflect.Ptr {
+			field = field.Elem()
+			kind = field.Kind()
+			isPtr = true
+		}
+		var value string
+		//switch field.Interface().(type) {
+		switch kind {
+		case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64:
+			i := field.Int()
+			if i != 0 || isPtr {
+				value = strconv.FormatInt(i, 10)
+			}
+		case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64:
+			i := field.Uint()
+			if i != 0 || isPtr {
+				value = strconv.FormatUint(i, 10)
+			}
+		case reflect.Float32:
+			value = strconv.FormatFloat(field.Float(), 'f', 4, 32)
+		case reflect.Float64:
+			value = strconv.FormatFloat(field.Float(), 'f', 4, 64)
+		case reflect.Bool:
+			value = strconv.FormatBool(field.Bool())
+		case reflect.String:
+			value = field.String()
+		case reflect.Map:
+			ifc := field.Interface()
+			m := ifc.(map[string]string)
+			if m != nil {
+				j := 0
+				for k, v := range m {
+					j++
+					keyName := fmt.Sprintf("%s.%d.Key", fieldName, j)
+					values.Set(keyName, k)
+					valueName := fmt.Sprintf("%s.%d.Value", fieldName, j)
+					values.Set(valueName, v)
+				}
+			}
+		case reflect.Slice:
+			switch field.Type().Elem().Kind() {
+			case reflect.Uint8:
+				value = string(field.Bytes())
+			case reflect.String:
+				l := field.Len()
+				if l > 0 {
+					if tag == "list" {
+						name := argName
+						if argName == "" {
+							name = fieldName
+						}
+						for i := 0; i < l; i++ {
+							valueName := fmt.Sprintf("%s.%d", name, (i + 1))
+							values.Set(valueName, field.Index(i).String())
+						}
+					} else {
+						strArray := make([]string, l)
+						for i := 0; i < l; i++ {
+							strArray[i] = field.Index(i).String()
+						}
+						bytes, err := json.Marshal(strArray)
+						if err == nil {
+							value = string(bytes)
+						} else {
+							log.Printf("Failed to convert JSON: %v", err)
+						}
+					}
+				}
+			default:
+				l := field.Len()
+				for j := 0; j < l; j++ {
+					prefixName := fmt.Sprintf("%s.%d.", fieldName, (j + 1))
+					ifc := field.Index(j).Interface()
+					//log.Printf("%s : %v", prefixName, ifc)
+					if ifc != nil {
+						setQueryValues(ifc, values, prefixName)
+					}
+				}
+				continue
+			}
+
+		default:
+			switch field.Interface().(type) {
+			case ISO6801Time:
+				t := field.Interface().(ISO6801Time)
+				value = t.String()
+			case time.Time:
+				t := field.Interface().(time.Time)
+				value = GetISO8601TimeStamp(t)
+			default:
+				ifc := field.Interface()
+				if ifc != nil {
+					if anonymous {
+						SetQueryValues(ifc, values)
+					} else {
+						prefixName := fieldName + "."
+						setQueryValues(ifc, values, prefixName)
+					}
+					continue
+				}
+			}
+		}
+		if value != "" {
+			name := argName
+			if argName == "" {
+				name = fieldName
+			}
+			if prefix != "" {
+				name = prefix + name
+			}
+			values.Set(name, value)
+		}
+	}
+}
+
+func setQueryValuesByFlattenMethod(i interface{}, values *url.Values, prefix string) {
+	// add to support url.Values
+	mapValues, ok := i.(url.Values)
+	if ok {
+		for k, _ := range mapValues {
+			values.Set(k, mapValues.Get(k))
+		}
+		return
+	}
+
+	elem := reflect.ValueOf(i)
+	if elem.Kind() == reflect.Ptr {
+		elem = elem.Elem()
+	}
+	elemType := elem.Type()
+	for i := 0; i < elem.NumField(); i++ {
+
+		fieldName := elemType.Field(i).Name
+		anonymous := elemType.Field(i).Anonymous
+		field := elem.Field(i)
+
+		// TODO Use Tag for validation
+		// tag := typ.Field(i).Tag.Get("tagname")
+		kind := field.Kind()
+
+		isPtr := false
+		if (kind == reflect.Ptr || kind == reflect.Array || kind == reflect.Slice || kind == reflect.Map || kind == reflect.Chan) && field.IsNil() {
+			continue
+		}
+		if kind == reflect.Ptr {
+			field = field.Elem()
+			kind = field.Kind()
+			isPtr = true
+		}
+
+		var value string
+		//switch field.Interface().(type) {
+		switch kind {
+		case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64:
+			i := field.Int()
+			if i != 0 || isPtr {
+				value = strconv.FormatInt(i, 10)
+			}
+		case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64:
+			i := field.Uint()
+			if i != 0 || isPtr {
+				value = strconv.FormatUint(i, 10)
+			}
+		case reflect.Float32:
+			value = strconv.FormatFloat(field.Float(), 'f', 4, 32)
+		case reflect.Float64:
+			value = strconv.FormatFloat(field.Float(), 'f', 4, 64)
+		case reflect.Bool:
+			value = strconv.FormatBool(field.Bool())
+		case reflect.String:
+			value = field.String()
+		case reflect.Map:
+			ifc := field.Interface()
+			m := ifc.(map[string]string)
+			if m != nil {
+				j := 0
+				for k, v := range m {
+					j++
+					keyName := fmt.Sprintf("%s.%d.Key", fieldName, j)
+					values.Set(keyName, k)
+					valueName := fmt.Sprintf("%s.%d.Value", fieldName, j)
+					values.Set(valueName, v)
+				}
+			}
+		case reflect.Slice:
+			if field.Type().Name() == "FlattenArray" {
+				FlattenFn(fieldName, field, values)
+			} else {
+				switch field.Type().Elem().Kind() {
+				case reflect.Uint8:
+					value = string(field.Bytes())
+				case reflect.String:
+					l := field.Len()
+					if l > 0 {
+						strArray := make([]string, l)
+						for i := 0; i < l; i++ {
+							strArray[i] = field.Index(i).String()
+						}
+						bytes, err := json.Marshal(strArray)
+						if err == nil {
+							value = string(bytes)
+						} else {
+							log.Printf("Failed to convert JSON: %v", err)
+						}
+					}
+				default:
+					l := field.Len()
+					for j := 0; j < l; j++ {
+						prefixName := fmt.Sprintf("%s.%d.", fieldName, (j + 1))
+						ifc := field.Index(j).Interface()
+						//log.Printf("%s : %v", prefixName, ifc)
+						if ifc != nil {
+							setQueryValuesByFlattenMethod(ifc, values, prefixName)
+						}
+					}
+					continue
+				}
+			}
+
+		default:
+			switch field.Interface().(type) {
+			case ISO6801Time:
+				t := field.Interface().(ISO6801Time)
+				value = t.String()
+			case time.Time:
+				t := field.Interface().(time.Time)
+				value = GetISO8601TimeStamp(t)
+			default:
+
+				ifc := field.Interface()
+				if ifc != nil {
+					if anonymous {
+						SetQueryValues(ifc, values)
+					} else {
+						prefixName := fieldName + "."
+						setQueryValuesByFlattenMethod(ifc, values, prefixName)
+					}
+					continue
+				}
+			}
+		}
+		if value != "" {
+			name := elemType.Field(i).Tag.Get("ArgName")
+			if name == "" {
+				name = fieldName
+			}
+			if prefix != "" {
+				name = prefix + name
+			}
+			// NOTE: here we will change name to underline style when the type is UnderlineString
+			if field.Type().Name() == "UnderlineString" {
+				name = Underline2Dot(name)
+			}
+			values.Set(name, value)
+		}
+	}
+}
diff --git a/vendor/github.com/denverdino/aliyungo/util/iso6801.go b/vendor/github.com/denverdino/aliyungo/util/iso6801.go
new file mode 100644
index 000000000..9c25e8f68
--- /dev/null
+++ b/vendor/github.com/denverdino/aliyungo/util/iso6801.go
@@ -0,0 +1,80 @@
+package util
+
+import (
+	"fmt"
+	"strconv"
+	"time"
+)
+
+// GetISO8601TimeStamp gets timestamp string in ISO8601 format
+func GetISO8601TimeStamp(ts time.Time) string {
+	t := ts.UTC()
+	return fmt.Sprintf("%04d-%02d-%02dT%02d:%02d:%02dZ", t.Year(), t.Month(), t.Day(), t.Hour(), t.Minute(), t.Second())
+}
+
+const formatISO8601 = "2006-01-02T15:04:05Z"
+const jsonFormatISO8601 = `"` + formatISO8601 + `"`
+const formatISO8601withoutSeconds = "2006-01-02T15:04Z"
+const jsonFormatISO8601withoutSeconds = `"` + formatISO8601withoutSeconds + `"`
+
+// A ISO6801Time represents a time in ISO8601 format
+type ISO6801Time time.Time
+
+// New constructs a new iso8601.Time instance from an existing
+// time.Time instance.  This causes the nanosecond field to be set to
+// 0, and its time zone set to a fixed zone with no offset from UTC
+// (but it is *not* UTC itself).
+func NewISO6801Time(t time.Time) ISO6801Time {
+	return ISO6801Time(time.Date(
+		t.Year(),
+		t.Month(),
+		t.Day(),
+		t.Hour(),
+		t.Minute(),
+		t.Second(),
+		0,
+		time.UTC,
+	))
+}
+
+// IsDefault checks if the time is default
+func (it *ISO6801Time) IsDefault() bool {
+	return *it == ISO6801Time{}
+}
+
+// MarshalJSON serializes the ISO6801Time into JSON string
+func (it ISO6801Time) MarshalJSON() ([]byte, error) {
+	return []byte(time.Time(it).Format(jsonFormatISO8601)), nil
+}
+
+// UnmarshalJSON deserializes the ISO6801Time from JSON string
+func (it *ISO6801Time) UnmarshalJSON(data []byte) error {
+	str := string(data)
+
+	if str == "\"\"" || len(data) == 0 {
+		return nil
+	}
+	var t time.Time
+	var err error
+	if str[0] == '"' {
+		t, err = time.ParseInLocation(jsonFormatISO8601, str, time.UTC)
+		if err != nil {
+			t, err = time.ParseInLocation(jsonFormatISO8601withoutSeconds, str, time.UTC)
+		}
+	} else {
+		var i int64
+		i, err = strconv.ParseInt(str, 10, 64)
+		if err == nil {
+			t = time.Unix(i/1000, i%1000)
+		}
+	}
+	if err == nil {
+		*it = ISO6801Time(t)
+	}
+	return err
+}
+
+// String returns the time in ISO6801Time format
+func (it ISO6801Time) String() string {
+	return time.Time(it).Format(formatISO8601)
+}
diff --git a/vendor/github.com/denverdino/aliyungo/util/signature.go b/vendor/github.com/denverdino/aliyungo/util/signature.go
new file mode 100644
index 000000000..1be6d39c7
--- /dev/null
+++ b/vendor/github.com/denverdino/aliyungo/util/signature.go
@@ -0,0 +1,39 @@
+package util
+
+import (
+	"crypto/hmac"
+	"crypto/sha1"
+	"encoding/base64"
+	"net/url"
+	"strings"
+)
+
+//CreateSignature creates signature for string following Aliyun rules
+func CreateSignature(stringToSignature, accessKeySecret string) string {
+	// Crypto by HMAC-SHA1
+	hmacSha1 := hmac.New(sha1.New, []byte(accessKeySecret))
+	hmacSha1.Write([]byte(stringToSignature))
+	sign := hmacSha1.Sum(nil)
+
+	// Encode to Base64
+	base64Sign := base64.StdEncoding.EncodeToString(sign)
+
+	return base64Sign
+}
+
+func percentReplace(str string) string {
+	str = strings.Replace(str, "+", "%20", -1)
+	str = strings.Replace(str, "*", "%2A", -1)
+	str = strings.Replace(str, "%7E", "~", -1)
+
+	return str
+}
+
+// CreateSignatureForRequest creates signature for query string values
+func CreateSignatureForRequest(method string, values *url.Values, accessKeySecret string) string {
+
+	canonicalizedQueryString := percentReplace(values.Encode())
+
+	stringToSign := method + "&%2F&" + url.QueryEscape(canonicalizedQueryString)
+	return CreateSignature(stringToSign, accessKeySecret)
+}
diff --git a/vendor/github.com/denverdino/aliyungo/util/util.go b/vendor/github.com/denverdino/aliyungo/util/util.go
new file mode 100644
index 000000000..15a990da1
--- /dev/null
+++ b/vendor/github.com/denverdino/aliyungo/util/util.go
@@ -0,0 +1,185 @@
+package util
+
+import (
+	"bytes"
+	srand "crypto/rand"
+	"encoding/binary"
+	"encoding/json"
+	"fmt"
+	"math/rand"
+	"net/http"
+	"net/url"
+	"sort"
+	"time"
+)
+
+const dictionary = "_0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
+
+//CreateRandomString create random string
+func CreateRandomString() string {
+	b := make([]byte, 32)
+	l := len(dictionary)
+
+	_, err := srand.Read(b)
+
+	if err != nil {
+		// fail back to insecure rand
+		rand.Seed(time.Now().UnixNano())
+		for i := range b {
+			b[i] = dictionary[rand.Int()%l]
+		}
+	} else {
+		for i, v := range b {
+			b[i] = dictionary[v%byte(l)]
+		}
+	}
+
+	return string(b)
+}
+
+// Encode encodes the values into ``URL encoded'' form
+// ("acl&bar=baz&foo=quux") sorted by key.
+func Encode(v url.Values) string {
+	if v == nil {
+		return ""
+	}
+	var buf bytes.Buffer
+	keys := make([]string, 0, len(v))
+	for k := range v {
+		keys = append(keys, k)
+	}
+	sort.Strings(keys)
+	for _, k := range keys {
+		vs := v[k]
+		prefix := url.QueryEscape(k)
+		for _, v := range vs {
+			if buf.Len() > 0 {
+				buf.WriteByte('&')
+			}
+			buf.WriteString(prefix)
+			if v != "" {
+				buf.WriteString("=")
+				buf.WriteString(url.QueryEscape(v))
+			}
+		}
+	}
+	return buf.String()
+}
+
+// Like Encode, but key and value are not escaped
+func EncodeWithoutEscape(v url.Values) string {
+	if v == nil {
+		return ""
+	}
+	var buf bytes.Buffer
+	keys := make([]string, 0, len(v))
+	for k := range v {
+		keys = append(keys, k)
+	}
+	sort.Strings(keys)
+	for _, k := range keys {
+		vs := v[k]
+		prefix := k
+		for _, v := range vs {
+			if buf.Len() > 0 {
+				buf.WriteByte('&')
+			}
+			buf.WriteString(prefix)
+			if v != "" {
+				buf.WriteString("=")
+				buf.WriteString(v)
+			}
+		}
+	}
+	return buf.String()
+}
+
+func GetGMTime() string {
+	return time.Now().UTC().Format(http.TimeFormat)
+}
+
+//
+
+func randUint32() uint32 {
+	return randUint32Slice(1)[0]
+}
+
+func randUint32Slice(c int) []uint32 {
+	b := make([]byte, c*4)
+
+	_, err := srand.Read(b)
+
+	if err != nil {
+		// fail back to insecure rand
+		rand.Seed(time.Now().UnixNano())
+		for i := range b {
+			b[i] = byte(rand.Int())
+		}
+	}
+
+	n := make([]uint32, c)
+
+	for i := range n {
+		n[i] = binary.BigEndian.Uint32(b[i*4 : i*4+4])
+	}
+
+	return n
+}
+
+func toByte(n uint32, st, ed byte) byte {
+	return byte(n%uint32(ed-st+1) + uint32(st))
+}
+
+func toDigit(n uint32) byte {
+	return toByte(n, '0', '9')
+}
+
+func toLowerLetter(n uint32) byte {
+	return toByte(n, 'a', 'z')
+}
+
+func toUpperLetter(n uint32) byte {
+	return toByte(n, 'A', 'Z')
+}
+
+type convFunc func(uint32) byte
+
+var convFuncs = []convFunc{toDigit, toLowerLetter, toUpperLetter}
+
+// tools for generating a random ECS instance password
+// from 8 to 30 char MUST contain digit upper, case letter and upper case letter
+// http://docs.aliyun.com/#/pub/ecs/open-api/instance&createinstance
+func GenerateRandomECSPassword() string {
+
+	// [8, 30]
+	l := int(randUint32()%23 + 8)
+
+	n := randUint32Slice(l)
+
+	b := make([]byte, l)
+
+	b[0] = toDigit(n[0])
+	b[1] = toLowerLetter(n[1])
+	b[2] = toUpperLetter(n[2])
+
+	for i := 3; i < l; i++ {
+		b[i] = convFuncs[n[i]%3](n[i])
+	}
+
+	s := make([]byte, l)
+	perm := rand.Perm(l)
+	for i, v := range perm {
+		s[v] = b[i]
+	}
+
+	return string(s)
+
+}
+
+func PrettyJson(object interface{}) string {
+	b, err := json.MarshalIndent(object, "", "    ")
+	if err != nil {
+		fmt.Printf("ERROR: PrettyJson, %v\n %s\n", err, b)
+	}
+	return string(b)
+}
diff --git a/vendor/github.com/docker/distribution/configuration/configuration.go b/vendor/github.com/docker/distribution/configuration/configuration.go
new file mode 100644
index 000000000..7076df85d
--- /dev/null
+++ b/vendor/github.com/docker/distribution/configuration/configuration.go
@@ -0,0 +1,706 @@
+package configuration
+
+import (
+	"errors"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"net/http"
+	"reflect"
+	"strings"
+	"time"
+)
+
+// Configuration is a versioned registry configuration, intended to be provided by a yaml file, and
+// optionally modified by environment variables.
+//
+// Note that yaml field names should never include _ characters, since this is the separator used
+// in environment variable names.
+type Configuration struct {
+	// Version is the version which defines the format of the rest of the configuration
+	Version Version `yaml:"version"`
+
+	// Log supports setting various parameters related to the logging
+	// subsystem.
+	Log struct {
+		// AccessLog configures access logging.
+		AccessLog struct {
+			// Disabled disables access logging.
+			Disabled bool `yaml:"disabled,omitempty"`
+		} `yaml:"accesslog,omitempty"`
+
+		// Level is the granularity at which registry operations are logged.
+		Level Loglevel `yaml:"level,omitempty"`
+
+		// Formatter overrides the default formatter with another. Options
+		// include "text", "json" and "logstash".
+		Formatter string `yaml:"formatter,omitempty"`
+
+		// Fields allows users to specify static string fields to include in
+		// the logger context.
+		Fields map[string]interface{} `yaml:"fields,omitempty"`
+
+		// Hooks allows users to configure the log hooks, to enabling the
+		// sequent handling behavior, when defined levels of log message emit.
+		Hooks []LogHook `yaml:"hooks,omitempty"`
+	}
+
+	// Loglevel is the level at which registry operations are logged.
+	//
+	// Deprecated: Use Log.Level instead.
+	Loglevel Loglevel `yaml:"loglevel,omitempty"`
+
+	// Storage is the configuration for the registry's storage driver
+	Storage Storage `yaml:"storage"`
+
+	// Auth allows configuration of various authorization methods that may be
+	// used to gate requests.
+	Auth Auth `yaml:"auth,omitempty"`
+
+	// Middleware lists all middlewares to be used by the registry.
+	Middleware map[string][]Middleware `yaml:"middleware,omitempty"`
+
+	// Reporting is the configuration for error reporting
+	Reporting Reporting `yaml:"reporting,omitempty"`
+
+	// HTTP contains configuration parameters for the registry's http
+	// interface.
+	HTTP struct {
+		// Addr specifies the bind address for the registry instance.
+		Addr string `yaml:"addr,omitempty"`
+
+		// Net specifies the net portion of the bind address. A default empty value means tcp.
+		Net string `yaml:"net,omitempty"`
+
+		// Host specifies an externally-reachable address for the registry, as a fully
+		// qualified URL.
+		Host string `yaml:"host,omitempty"`
+
+		Prefix string `yaml:"prefix,omitempty"`
+
+		// Secret specifies the secret key which HMAC tokens are created with.
+		Secret string `yaml:"secret,omitempty"`
+
+		// RelativeURLs specifies that relative URLs should be returned in
+		// Location headers
+		RelativeURLs bool `yaml:"relativeurls,omitempty"`
+
+		// Amount of time to wait for connection to drain before shutting down when registry
+		// receives a stop signal
+		DrainTimeout time.Duration `yaml:"draintimeout,omitempty"`
+
+		// TLS instructs the http server to listen with a TLS configuration.
+		// This only support simple tls configuration with a cert and key.
+		// Mostly, this is useful for testing situations or simple deployments
+		// that require tls. If more complex configurations are required, use
+		// a proxy or make a proposal to add support here.
+		TLS struct {
+			// Certificate specifies the path to an x509 certificate file to
+			// be used for TLS.
+			Certificate string `yaml:"certificate,omitempty"`
+
+			// Key specifies the path to the x509 key file, which should
+			// contain the private portion for the file specified in
+			// Certificate.
+			Key string `yaml:"key,omitempty"`
+
+			// Specifies the CA certs for client authentication
+			// A file may contain multiple CA certificates encoded as PEM
+			ClientCAs []string `yaml:"clientcas,omitempty"`
+
+			// Specifies the lowest TLS version allowed
+			MinimumTLS string `yaml:"minimumtls,omitempty"`
+
+			// Specifies a list of cipher suites allowed
+			CipherSuites []string `yaml:"ciphersuites,omitempty"`
+
+			// LetsEncrypt is used to configuration setting up TLS through
+			// Let's Encrypt instead of manually specifying certificate and
+			// key. If a TLS certificate is specified, the Let's Encrypt
+			// section will not be used.
+			LetsEncrypt struct {
+				// CacheFile specifies cache file to use for lets encrypt
+				// certificates and keys.
+				CacheFile string `yaml:"cachefile,omitempty"`
+
+				// Email is the email to use during Let's Encrypt registration
+				Email string `yaml:"email,omitempty"`
+
+				// Hosts specifies the hosts which are allowed to obtain Let's
+				// Encrypt certificates.
+				Hosts []string `yaml:"hosts,omitempty"`
+			} `yaml:"letsencrypt,omitempty"`
+		} `yaml:"tls,omitempty"`
+
+		// Headers is a set of headers to include in HTTP responses. A common
+		// use case for this would be security headers such as
+		// Strict-Transport-Security. The map keys are the header names, and
+		// the values are the associated header payloads.
+		Headers http.Header `yaml:"headers,omitempty"`
+
+		// Debug configures the http debug interface, if specified. This can
+		// include services such as pprof, expvar and other data that should
+		// not be exposed externally. Left disabled by default.
+		Debug struct {
+			// Addr specifies the bind address for the debug server.
+			Addr string `yaml:"addr,omitempty"`
+			// Prometheus configures the Prometheus telemetry endpoint.
+			Prometheus struct {
+				Enabled bool   `yaml:"enabled,omitempty"`
+				Path    string `yaml:"path,omitempty"`
+			} `yaml:"prometheus,omitempty"`
+		} `yaml:"debug,omitempty"`
+
+		// HTTP2 configuration options
+		HTTP2 struct {
+			// Specifies whether the registry should disallow clients attempting
+			// to connect via http2. If set to true, only http/1.1 is supported.
+			Disabled bool `yaml:"disabled,omitempty"`
+		} `yaml:"http2,omitempty"`
+	} `yaml:"http,omitempty"`
+
+	// Notifications specifies configuration about various endpoint to which
+	// registry events are dispatched.
+	Notifications Notifications `yaml:"notifications,omitempty"`
+
+	// Redis configures the redis pool available to the registry webapp.
+	Redis struct {
+		// Addr specifies the the redis instance available to the application.
+		Addr string `yaml:"addr,omitempty"`
+
+		// Password string to use when making a connection.
+		Password string `yaml:"password,omitempty"`
+
+		// DB specifies the database to connect to on the redis instance.
+		DB int `yaml:"db,omitempty"`
+
+		DialTimeout  time.Duration `yaml:"dialtimeout,omitempty"`  // timeout for connect
+		ReadTimeout  time.Duration `yaml:"readtimeout,omitempty"`  // timeout for reads of data
+		WriteTimeout time.Duration `yaml:"writetimeout,omitempty"` // timeout for writes of data
+
+		// Pool configures the behavior of the redis connection pool.
+		Pool struct {
+			// MaxIdle sets the maximum number of idle connections.
+			MaxIdle int `yaml:"maxidle,omitempty"`
+
+			// MaxActive sets the maximum number of connections that should be
+			// opened before blocking a connection request.
+			MaxActive int `yaml:"maxactive,omitempty"`
+
+			// IdleTimeout sets the amount time to wait before closing
+			// inactive connections.
+			IdleTimeout time.Duration `yaml:"idletimeout,omitempty"`
+		} `yaml:"pool,omitempty"`
+	} `yaml:"redis,omitempty"`
+
+	Health  Health  `yaml:"health,omitempty"`
+	Catalog Catalog `yaml:"catalog,omitempty"`
+
+	Proxy Proxy `yaml:"proxy,omitempty"`
+
+	// Compatibility is used for configurations of working with older or deprecated features.
+	Compatibility struct {
+		// Schema1 configures how schema1 manifests will be handled
+		Schema1 struct {
+			// TrustKey is the signing key to use for adding the signature to
+			// schema1 manifests.
+			TrustKey string `yaml:"signingkeyfile,omitempty"`
+			// Enabled determines if schema1 manifests should be pullable
+			Enabled bool `yaml:"enabled,omitempty"`
+		} `yaml:"schema1,omitempty"`
+	} `yaml:"compatibility,omitempty"`
+
+	// Validation configures validation options for the registry.
+	Validation struct {
+		// Enabled enables the other options in this section. This field is
+		// deprecated in favor of Disabled.
+		Enabled bool `yaml:"enabled,omitempty"`
+		// Disabled disables the other options in this section.
+		Disabled bool `yaml:"disabled,omitempty"`
+		// Manifests configures manifest validation.
+		Manifests struct {
+			// URLs configures validation for URLs in pushed manifests.
+			URLs struct {
+				// Allow specifies regular expressions (https://godoc.org/regexp/syntax)
+				// that URLs in pushed manifests must match.
+				Allow []string `yaml:"allow,omitempty"`
+				// Deny specifies regular expressions (https://godoc.org/regexp/syntax)
+				// that URLs in pushed manifests must not match.
+				Deny []string `yaml:"deny,omitempty"`
+			} `yaml:"urls,omitempty"`
+		} `yaml:"manifests,omitempty"`
+	} `yaml:"validation,omitempty"`
+
+	// Policy configures registry policy options.
+	Policy struct {
+		// Repository configures policies for repositories
+		Repository struct {
+			// Classes is a list of repository classes which the
+			// registry allows content for. This class is matched
+			// against the configuration media type inside uploaded
+			// manifests. When non-empty, the registry will enforce
+			// the class in authorized resources.
+			Classes []string `yaml:"classes"`
+		} `yaml:"repository,omitempty"`
+	} `yaml:"policy,omitempty"`
+}
+
+// Catalog is composed of MaxEntries.
+// Catalog endpoint (/v2/_catalog) configuration, it provides the configuration
+// options to control the maximum number of entries returned by the catalog endpoint.
+type Catalog struct {
+	// Max number of entries returned by the catalog endpoint. Requesting n entries
+	// to the catalog endpoint will return at most MaxEntries entries.
+	// An empty or a negative value will set a default of 1000 maximum entries by default.
+	MaxEntries int `yaml:"maxentries,omitempty"`
+}
+
+// LogHook is composed of hook Level and Type.
+// After hooks configuration, it can execute the next handling automatically,
+// when defined levels of log message emitted.
+// Example: hook can sending an email notification when error log happens in app.
+type LogHook struct {
+	// Disable lets user select to enable hook or not.
+	Disabled bool `yaml:"disabled,omitempty"`
+
+	// Type allows user to select which type of hook handler they want.
+	Type string `yaml:"type,omitempty"`
+
+	// Levels set which levels of log message will let hook executed.
+	Levels []string `yaml:"levels,omitempty"`
+
+	// MailOptions allows user to configure email parameters.
+	MailOptions MailOptions `yaml:"options,omitempty"`
+}
+
+// MailOptions provides the configuration sections to user, for specific handler.
+type MailOptions struct {
+	SMTP struct {
+		// Addr defines smtp host address
+		Addr string `yaml:"addr,omitempty"`
+
+		// Username defines user name to smtp host
+		Username string `yaml:"username,omitempty"`
+
+		// Password defines password of login user
+		Password string `yaml:"password,omitempty"`
+
+		// Insecure defines if smtp login skips the secure certification.
+		Insecure bool `yaml:"insecure,omitempty"`
+	} `yaml:"smtp,omitempty"`
+
+	// From defines mail sending address
+	From string `yaml:"from,omitempty"`
+
+	// To defines mail receiving address
+	To []string `yaml:"to,omitempty"`
+}
+
+// FileChecker is a type of entry in the health section for checking files.
+type FileChecker struct {
+	// Interval is the duration in between checks
+	Interval time.Duration `yaml:"interval,omitempty"`
+	// File is the path to check
+	File string `yaml:"file,omitempty"`
+	// Threshold is the number of times a check must fail to trigger an
+	// unhealthy state
+	Threshold int `yaml:"threshold,omitempty"`
+}
+
+// HTTPChecker is a type of entry in the health section for checking HTTP URIs.
+type HTTPChecker struct {
+	// Timeout is the duration to wait before timing out the HTTP request
+	Timeout time.Duration `yaml:"timeout,omitempty"`
+	// StatusCode is the expected status code
+	StatusCode int
+	// Interval is the duration in between checks
+	Interval time.Duration `yaml:"interval,omitempty"`
+	// URI is the HTTP URI to check
+	URI string `yaml:"uri,omitempty"`
+	// Headers lists static headers that should be added to all requests
+	Headers http.Header `yaml:"headers"`
+	// Threshold is the number of times a check must fail to trigger an
+	// unhealthy state
+	Threshold int `yaml:"threshold,omitempty"`
+}
+
+// TCPChecker is a type of entry in the health section for checking TCP servers.
+type TCPChecker struct {
+	// Timeout is the duration to wait before timing out the TCP connection
+	Timeout time.Duration `yaml:"timeout,omitempty"`
+	// Interval is the duration in between checks
+	Interval time.Duration `yaml:"interval,omitempty"`
+	// Addr is the TCP address to check
+	Addr string `yaml:"addr,omitempty"`
+	// Threshold is the number of times a check must fail to trigger an
+	// unhealthy state
+	Threshold int `yaml:"threshold,omitempty"`
+}
+
+// Health provides the configuration section for health checks.
+type Health struct {
+	// FileCheckers is a list of paths to check
+	FileCheckers []FileChecker `yaml:"file,omitempty"`
+	// HTTPCheckers is a list of URIs to check
+	HTTPCheckers []HTTPChecker `yaml:"http,omitempty"`
+	// TCPCheckers is a list of URIs to check
+	TCPCheckers []TCPChecker `yaml:"tcp,omitempty"`
+	// StorageDriver configures a health check on the configured storage
+	// driver
+	StorageDriver struct {
+		// Enabled turns on the health check for the storage driver
+		Enabled bool `yaml:"enabled,omitempty"`
+		// Interval is the duration in between checks
+		Interval time.Duration `yaml:"interval,omitempty"`
+		// Threshold is the number of times a check must fail to trigger an
+		// unhealthy state
+		Threshold int `yaml:"threshold,omitempty"`
+	} `yaml:"storagedriver,omitempty"`
+}
+
+// v0_1Configuration is a Version 0.1 Configuration struct
+// This is currently aliased to Configuration, as it is the current version
+type v0_1Configuration Configuration
+
+// UnmarshalYAML implements the yaml.Unmarshaler interface
+// Unmarshals a string of the form X.Y into a Version, validating that X and Y can represent unsigned integers
+func (version *Version) UnmarshalYAML(unmarshal func(interface{}) error) error {
+	var versionString string
+	err := unmarshal(&versionString)
+	if err != nil {
+		return err
+	}
+
+	newVersion := Version(versionString)
+	if _, err := newVersion.major(); err != nil {
+		return err
+	}
+
+	if _, err := newVersion.minor(); err != nil {
+		return err
+	}
+
+	*version = newVersion
+	return nil
+}
+
+// CurrentVersion is the most recent Version that can be parsed
+var CurrentVersion = MajorMinorVersion(0, 1)
+
+// Loglevel is the level at which operations are logged
+// This can be error, warn, info, or debug
+type Loglevel string
+
+// UnmarshalYAML implements the yaml.Umarshaler interface
+// Unmarshals a string into a Loglevel, lowercasing the string and validating that it represents a
+// valid loglevel
+func (loglevel *Loglevel) UnmarshalYAML(unmarshal func(interface{}) error) error {
+	var loglevelString string
+	err := unmarshal(&loglevelString)
+	if err != nil {
+		return err
+	}
+
+	loglevelString = strings.ToLower(loglevelString)
+	switch loglevelString {
+	case "error", "warn", "info", "debug":
+	default:
+		return fmt.Errorf("invalid loglevel %s Must be one of [error, warn, info, debug]", loglevelString)
+	}
+
+	*loglevel = Loglevel(loglevelString)
+	return nil
+}
+
+// Parameters defines a key-value parameters mapping
+type Parameters map[string]interface{}
+
+// Storage defines the configuration for registry object storage
+type Storage map[string]Parameters
+
+// Type returns the storage driver type, such as filesystem or s3
+func (storage Storage) Type() string {
+	var storageType []string
+
+	// Return only key in this map
+	for k := range storage {
+		switch k {
+		case "maintenance":
+			// allow configuration of maintenance
+		case "cache":
+			// allow configuration of caching
+		case "delete":
+			// allow configuration of delete
+		case "redirect":
+			// allow configuration of redirect
+		default:
+			storageType = append(storageType, k)
+		}
+	}
+	if len(storageType) > 1 {
+		panic("multiple storage drivers specified in configuration or environment: " + strings.Join(storageType, ", "))
+	}
+	if len(storageType) == 1 {
+		return storageType[0]
+	}
+	return ""
+}
+
+// Parameters returns the Parameters map for a Storage configuration
+func (storage Storage) Parameters() Parameters {
+	return storage[storage.Type()]
+}
+
+// setParameter changes the parameter at the provided key to the new value
+func (storage Storage) setParameter(key string, value interface{}) {
+	storage[storage.Type()][key] = value
+}
+
+// UnmarshalYAML implements the yaml.Unmarshaler interface
+// Unmarshals a single item map into a Storage or a string into a Storage type with no parameters
+func (storage *Storage) UnmarshalYAML(unmarshal func(interface{}) error) error {
+	var storageMap map[string]Parameters
+	err := unmarshal(&storageMap)
+	if err == nil {
+		if len(storageMap) > 1 {
+			types := make([]string, 0, len(storageMap))
+			for k := range storageMap {
+				switch k {
+				case "maintenance":
+					// allow for configuration of maintenance
+				case "cache":
+					// allow configuration of caching
+				case "delete":
+					// allow configuration of delete
+				case "redirect":
+					// allow configuration of redirect
+				default:
+					types = append(types, k)
+				}
+			}
+
+			if len(types) > 1 {
+				return fmt.Errorf("must provide exactly one storage type. Provided: %v", types)
+			}
+		}
+		*storage = storageMap
+		return nil
+	}
+
+	var storageType string
+	err = unmarshal(&storageType)
+	if err == nil {
+		*storage = Storage{storageType: Parameters{}}
+		return nil
+	}
+
+	return err
+}
+
+// MarshalYAML implements the yaml.Marshaler interface
+func (storage Storage) MarshalYAML() (interface{}, error) {
+	if storage.Parameters() == nil {
+		return storage.Type(), nil
+	}
+	return map[string]Parameters(storage), nil
+}
+
+// Auth defines the configuration for registry authorization.
+type Auth map[string]Parameters
+
+// Type returns the auth type, such as htpasswd or token
+func (auth Auth) Type() string {
+	// Return only key in this map
+	for k := range auth {
+		return k
+	}
+	return ""
+}
+
+// Parameters returns the Parameters map for an Auth configuration
+func (auth Auth) Parameters() Parameters {
+	return auth[auth.Type()]
+}
+
+// setParameter changes the parameter at the provided key to the new value
+func (auth Auth) setParameter(key string, value interface{}) {
+	auth[auth.Type()][key] = value
+}
+
+// UnmarshalYAML implements the yaml.Unmarshaler interface
+// Unmarshals a single item map into a Storage or a string into a Storage type with no parameters
+func (auth *Auth) UnmarshalYAML(unmarshal func(interface{}) error) error {
+	var m map[string]Parameters
+	err := unmarshal(&m)
+	if err == nil {
+		if len(m) > 1 {
+			types := make([]string, 0, len(m))
+			for k := range m {
+				types = append(types, k)
+			}
+
+			// TODO(stevvooe): May want to change this slightly for
+			// authorization to allow multiple challenges.
+			return fmt.Errorf("must provide exactly one type. Provided: %v", types)
+
+		}
+		*auth = m
+		return nil
+	}
+
+	var authType string
+	err = unmarshal(&authType)
+	if err == nil {
+		*auth = Auth{authType: Parameters{}}
+		return nil
+	}
+
+	return err
+}
+
+// MarshalYAML implements the yaml.Marshaler interface
+func (auth Auth) MarshalYAML() (interface{}, error) {
+	if auth.Parameters() == nil {
+		return auth.Type(), nil
+	}
+	return map[string]Parameters(auth), nil
+}
+
+// Notifications configures multiple http endpoints.
+type Notifications struct {
+	// EventConfig is the configuration for the event format that is sent to each Endpoint.
+	EventConfig Events `yaml:"events,omitempty"`
+	// Endpoints is a list of http configurations for endpoints that
+	// respond to webhook notifications. In the future, we may allow other
+	// kinds of endpoints, such as external queues.
+	Endpoints []Endpoint `yaml:"endpoints,omitempty"`
+}
+
+// Endpoint describes the configuration of an http webhook notification
+// endpoint.
+type Endpoint struct {
+	Name              string        `yaml:"name"`              // identifies the endpoint in the registry instance.
+	Disabled          bool          `yaml:"disabled"`          // disables the endpoint
+	URL               string        `yaml:"url"`               // post url for the endpoint.
+	Headers           http.Header   `yaml:"headers"`           // static headers that should be added to all requests
+	Timeout           time.Duration `yaml:"timeout"`           // HTTP timeout
+	Threshold         int           `yaml:"threshold"`         // circuit breaker threshold before backing off on failure
+	Backoff           time.Duration `yaml:"backoff"`           // backoff duration
+	IgnoredMediaTypes []string      `yaml:"ignoredmediatypes"` // target media types to ignore
+	Ignore            Ignore        `yaml:"ignore"`            // ignore event types
+}
+
+// Events configures notification events.
+type Events struct {
+	IncludeReferences bool `yaml:"includereferences"` // include reference data in manifest events
+}
+
+// Ignore configures mediaTypes and actions of the event, that it won't be propagated
+type Ignore struct {
+	MediaTypes []string `yaml:"mediatypes"` // target media types to ignore
+	Actions    []string `yaml:"actions"`    // ignore action types
+}
+
+// Reporting defines error reporting methods.
+type Reporting struct {
+	// Bugsnag configures error reporting for Bugsnag (bugsnag.com).
+	Bugsnag BugsnagReporting `yaml:"bugsnag,omitempty"`
+	// NewRelic configures error reporting for NewRelic (newrelic.com)
+	NewRelic NewRelicReporting `yaml:"newrelic,omitempty"`
+}
+
+// BugsnagReporting configures error reporting for Bugsnag (bugsnag.com).
+type BugsnagReporting struct {
+	// APIKey is the Bugsnag api key.
+	APIKey string `yaml:"apikey,omitempty"`
+	// ReleaseStage tracks where the registry is deployed.
+	// Examples: production, staging, development
+	ReleaseStage string `yaml:"releasestage,omitempty"`
+	// Endpoint is used for specifying an enterprise Bugsnag endpoint.
+	Endpoint string `yaml:"endpoint,omitempty"`
+}
+
+// NewRelicReporting configures error reporting for NewRelic (newrelic.com)
+type NewRelicReporting struct {
+	// LicenseKey is the NewRelic user license key
+	LicenseKey string `yaml:"licensekey,omitempty"`
+	// Name is the component name of the registry in NewRelic
+	Name string `yaml:"name,omitempty"`
+	// Verbose configures debug output to STDOUT
+	Verbose bool `yaml:"verbose,omitempty"`
+}
+
+// Middleware configures named middlewares to be applied at injection points.
+type Middleware struct {
+	// Name the middleware registers itself as
+	Name string `yaml:"name"`
+	// Flag to disable middleware easily
+	Disabled bool `yaml:"disabled,omitempty"`
+	// Map of parameters that will be passed to the middleware's initialization function
+	Options Parameters `yaml:"options"`
+}
+
+// Proxy configures the registry as a pull through cache
+type Proxy struct {
+	// RemoteURL is the URL of the remote registry
+	RemoteURL string `yaml:"remoteurl"`
+
+	// Username of the hub user
+	Username string `yaml:"username"`
+
+	// Password of the hub user
+	Password string `yaml:"password"`
+}
+
+// Parse parses an input configuration yaml document into a Configuration struct
+// This should generally be capable of handling old configuration format versions
+//
+// Environment variables may be used to override configuration parameters other than version,
+// following the scheme below:
+// Configuration.Abc may be replaced by the value of REGISTRY_ABC,
+// Configuration.Abc.Xyz may be replaced by the value of REGISTRY_ABC_XYZ, and so forth
+func Parse(rd io.Reader) (*Configuration, error) {
+	in, err := ioutil.ReadAll(rd)
+	if err != nil {
+		return nil, err
+	}
+
+	p := NewParser("registry", []VersionedParseInfo{
+		{
+			Version: MajorMinorVersion(0, 1),
+			ParseAs: reflect.TypeOf(v0_1Configuration{}),
+			ConversionFunc: func(c interface{}) (interface{}, error) {
+				if v0_1, ok := c.(*v0_1Configuration); ok {
+					if v0_1.Log.Level == Loglevel("") {
+						if v0_1.Loglevel != Loglevel("") {
+							v0_1.Log.Level = v0_1.Loglevel
+						} else {
+							v0_1.Log.Level = Loglevel("info")
+						}
+					}
+					if v0_1.Loglevel != Loglevel("") {
+						v0_1.Loglevel = Loglevel("")
+					}
+
+					if v0_1.Catalog.MaxEntries <= 0 {
+						v0_1.Catalog.MaxEntries = 1000
+					}
+
+					if v0_1.Storage.Type() == "" {
+						return nil, errors.New("no storage configuration provided")
+					}
+					return (*Configuration)(v0_1), nil
+				}
+				return nil, fmt.Errorf("expected *v0_1Configuration, received %#v", c)
+			},
+		},
+	})
+
+	config := new(Configuration)
+	err = p.Parse(in, config)
+	if err != nil {
+		return nil, err
+	}
+
+	return config, nil
+}
diff --git a/vendor/github.com/docker/distribution/configuration/parser.go b/vendor/github.com/docker/distribution/configuration/parser.go
new file mode 100644
index 000000000..2bf59d219
--- /dev/null
+++ b/vendor/github.com/docker/distribution/configuration/parser.go
@@ -0,0 +1,283 @@
+package configuration
+
+import (
+	"fmt"
+	"os"
+	"reflect"
+	"sort"
+	"strconv"
+	"strings"
+
+	"github.com/sirupsen/logrus"
+	"gopkg.in/yaml.v2"
+)
+
+// Version is a major/minor version pair of the form Major.Minor
+// Major version upgrades indicate structure or type changes
+// Minor version upgrades should be strictly additive
+type Version string
+
+// MajorMinorVersion constructs a Version from its Major and Minor components
+func MajorMinorVersion(major, minor uint) Version {
+	return Version(fmt.Sprintf("%d.%d", major, minor))
+}
+
+func (version Version) major() (uint, error) {
+	majorPart := strings.Split(string(version), ".")[0]
+	major, err := strconv.ParseUint(majorPart, 10, 0)
+	return uint(major), err
+}
+
+// Major returns the major version portion of a Version
+func (version Version) Major() uint {
+	major, _ := version.major()
+	return major
+}
+
+func (version Version) minor() (uint, error) {
+	minorPart := strings.Split(string(version), ".")[1]
+	minor, err := strconv.ParseUint(minorPart, 10, 0)
+	return uint(minor), err
+}
+
+// Minor returns the minor version portion of a Version
+func (version Version) Minor() uint {
+	minor, _ := version.minor()
+	return minor
+}
+
+// VersionedParseInfo defines how a specific version of a configuration should
+// be parsed into the current version
+type VersionedParseInfo struct {
+	// Version is the version which this parsing information relates to
+	Version Version
+	// ParseAs defines the type which a configuration file of this version
+	// should be parsed into
+	ParseAs reflect.Type
+	// ConversionFunc defines a method for converting the parsed configuration
+	// (of type ParseAs) into the current configuration version
+	// Note: this method signature is very unclear with the absence of generics
+	ConversionFunc func(interface{}) (interface{}, error)
+}
+
+type envVar struct {
+	name  string
+	value string
+}
+
+type envVars []envVar
+
+func (a envVars) Len() int           { return len(a) }
+func (a envVars) Swap(i, j int)      { a[i], a[j] = a[j], a[i] }
+func (a envVars) Less(i, j int) bool { return a[i].name < a[j].name }
+
+// Parser can be used to parse a configuration file and environment of a defined
+// version into a unified output structure
+type Parser struct {
+	prefix  string
+	mapping map[Version]VersionedParseInfo
+	env     envVars
+}
+
+// NewParser returns a *Parser with the given environment prefix which handles
+// versioned configurations which match the given parseInfos
+func NewParser(prefix string, parseInfos []VersionedParseInfo) *Parser {
+	p := Parser{prefix: prefix, mapping: make(map[Version]VersionedParseInfo)}
+
+	for _, parseInfo := range parseInfos {
+		p.mapping[parseInfo.Version] = parseInfo
+	}
+
+	for _, env := range os.Environ() {
+		envParts := strings.SplitN(env, "=", 2)
+		p.env = append(p.env, envVar{envParts[0], envParts[1]})
+	}
+
+	// We must sort the environment variables lexically by name so that
+	// more specific variables are applied before less specific ones
+	// (i.e. REGISTRY_STORAGE before
+	// REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY). This sucks, but it's a
+	// lot simpler and easier to get right than unmarshalling map entries
+	// into temporaries and merging with the existing entry.
+	sort.Sort(p.env)
+
+	return &p
+}
+
+// Parse reads in the given []byte and environment and writes the resulting
+// configuration into the input v
+//
+// Environment variables may be used to override configuration parameters other
+// than version, following the scheme below:
+// v.Abc may be replaced by the value of PREFIX_ABC,
+// v.Abc.Xyz may be replaced by the value of PREFIX_ABC_XYZ, and so forth
+func (p *Parser) Parse(in []byte, v interface{}) error {
+	var versionedStruct struct {
+		Version Version
+	}
+
+	if err := yaml.Unmarshal(in, &versionedStruct); err != nil {
+		return err
+	}
+
+	parseInfo, ok := p.mapping[versionedStruct.Version]
+	if !ok {
+		return fmt.Errorf("unsupported version: %q", versionedStruct.Version)
+	}
+
+	parseAs := reflect.New(parseInfo.ParseAs)
+	err := yaml.Unmarshal(in, parseAs.Interface())
+	if err != nil {
+		return err
+	}
+
+	for _, envVar := range p.env {
+		pathStr := envVar.name
+		if strings.HasPrefix(pathStr, strings.ToUpper(p.prefix)+"_") {
+			path := strings.Split(pathStr, "_")
+
+			err = p.overwriteFields(parseAs, pathStr, path[1:], envVar.value)
+			if err != nil {
+				return err
+			}
+		}
+	}
+
+	c, err := parseInfo.ConversionFunc(parseAs.Interface())
+	if err != nil {
+		return err
+	}
+	reflect.ValueOf(v).Elem().Set(reflect.Indirect(reflect.ValueOf(c)))
+	return nil
+}
+
+// overwriteFields replaces configuration values with alternate values specified
+// through the environment. Precondition: an empty path slice must never be
+// passed in.
+func (p *Parser) overwriteFields(v reflect.Value, fullpath string, path []string, payload string) error {
+	for v.Kind() == reflect.Ptr {
+		if v.IsNil() {
+			panic("encountered nil pointer while handling environment variable " + fullpath)
+		}
+		v = reflect.Indirect(v)
+	}
+	switch v.Kind() {
+	case reflect.Struct:
+		return p.overwriteStruct(v, fullpath, path, payload)
+	case reflect.Map:
+		return p.overwriteMap(v, fullpath, path, payload)
+	case reflect.Interface:
+		if v.NumMethod() == 0 {
+			if !v.IsNil() {
+				return p.overwriteFields(v.Elem(), fullpath, path, payload)
+			}
+			// Interface was empty; create an implicit map
+			var template map[string]interface{}
+			wrappedV := reflect.MakeMap(reflect.TypeOf(template))
+			v.Set(wrappedV)
+			return p.overwriteMap(wrappedV, fullpath, path, payload)
+		}
+	}
+	return nil
+}
+
+func (p *Parser) overwriteStruct(v reflect.Value, fullpath string, path []string, payload string) error {
+	// Generate case-insensitive map of struct fields
+	byUpperCase := make(map[string]int)
+	for i := 0; i < v.NumField(); i++ {
+		sf := v.Type().Field(i)
+		upper := strings.ToUpper(sf.Name)
+		if _, present := byUpperCase[upper]; present {
+			panic(fmt.Sprintf("field name collision in configuration object: %s", sf.Name))
+		}
+		byUpperCase[upper] = i
+	}
+
+	fieldIndex, present := byUpperCase[path[0]]
+	if !present {
+		logrus.Warnf("Ignoring unrecognized environment variable %s", fullpath)
+		return nil
+	}
+	field := v.Field(fieldIndex)
+	sf := v.Type().Field(fieldIndex)
+
+	if len(path) == 1 {
+		// Env var specifies this field directly
+		fieldVal := reflect.New(sf.Type)
+		err := yaml.Unmarshal([]byte(payload), fieldVal.Interface())
+		if err != nil {
+			return err
+		}
+		field.Set(reflect.Indirect(fieldVal))
+		return nil
+	}
+
+	// If the field is nil, must create an object
+	switch sf.Type.Kind() {
+	case reflect.Map:
+		if field.IsNil() {
+			field.Set(reflect.MakeMap(sf.Type))
+		}
+	case reflect.Ptr:
+		if field.IsNil() {
+			field.Set(reflect.New(sf.Type))
+		}
+	}
+
+	err := p.overwriteFields(field, fullpath, path[1:], payload)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (p *Parser) overwriteMap(m reflect.Value, fullpath string, path []string, payload string) error {
+	if m.Type().Key().Kind() != reflect.String {
+		// non-string keys unsupported
+		logrus.Warnf("Ignoring environment variable %s involving map with non-string keys", fullpath)
+		return nil
+	}
+
+	if len(path) > 1 {
+		// If a matching key exists, get its value and continue the
+		// overwriting process.
+		for _, k := range m.MapKeys() {
+			if strings.ToUpper(k.String()) == path[0] {
+				mapValue := m.MapIndex(k)
+				// If the existing value is nil, we want to
+				// recreate it instead of using this value.
+				if (mapValue.Kind() == reflect.Ptr ||
+					mapValue.Kind() == reflect.Interface ||
+					mapValue.Kind() == reflect.Map) &&
+					mapValue.IsNil() {
+					break
+				}
+				return p.overwriteFields(mapValue, fullpath, path[1:], payload)
+			}
+		}
+	}
+
+	// (Re)create this key
+	var mapValue reflect.Value
+	if m.Type().Elem().Kind() == reflect.Map {
+		mapValue = reflect.MakeMap(m.Type().Elem())
+	} else {
+		mapValue = reflect.New(m.Type().Elem())
+	}
+	if len(path) > 1 {
+		err := p.overwriteFields(mapValue, fullpath, path[1:], payload)
+		if err != nil {
+			return err
+		}
+	} else {
+		err := yaml.Unmarshal([]byte(payload), mapValue.Interface())
+		if err != nil {
+			return err
+		}
+	}
+
+	m.SetMapIndex(reflect.ValueOf(strings.ToLower(path[0])), reflect.Indirect(mapValue))
+
+	return nil
+}
diff --git a/vendor/github.com/docker/distribution/context/context.go b/vendor/github.com/docker/distribution/context/context.go
new file mode 100644
index 000000000..ab6865467
--- /dev/null
+++ b/vendor/github.com/docker/distribution/context/context.go
@@ -0,0 +1,73 @@
+package context
+
+import (
+	"context"
+	"sync"
+
+	"github.com/docker/distribution/uuid"
+)
+
+// instanceContext is a context that provides only an instance id. It is
+// provided as the main background context.
+type instanceContext struct {
+	context.Context
+	id   string    // id of context, logged as "instance.id"
+	once sync.Once // once protect generation of the id
+}
+
+func (ic *instanceContext) Value(key interface{}) interface{} {
+	if key == "instance.id" {
+		ic.once.Do(func() {
+			// We want to lazy initialize the UUID such that we don't
+			// call a random generator from the package initialization
+			// code. For various reasons random could not be available
+			// https://github.com/docker/distribution/issues/782
+			ic.id = uuid.Generate().String()
+		})
+		return ic.id
+	}
+
+	return ic.Context.Value(key)
+}
+
+var background = &instanceContext{
+	Context: context.Background(),
+}
+
+// Background returns a non-nil, empty Context. The background context
+// provides a single key, "instance.id" that is globally unique to the
+// process.
+func Background() context.Context {
+	return background
+}
+
+// stringMapContext is a simple context implementation that checks a map for a
+// key, falling back to a parent if not present.
+type stringMapContext struct {
+	context.Context
+	m map[string]interface{}
+}
+
+// WithValues returns a context that proxies lookups through a map. Only
+// supports string keys.
+func WithValues(ctx context.Context, m map[string]interface{}) context.Context {
+	mo := make(map[string]interface{}, len(m)) // make our own copy.
+	for k, v := range m {
+		mo[k] = v
+	}
+
+	return stringMapContext{
+		Context: ctx,
+		m:       mo,
+	}
+}
+
+func (smc stringMapContext) Value(key interface{}) interface{} {
+	if ks, ok := key.(string); ok {
+		if v, ok := smc.m[ks]; ok {
+			return v
+		}
+	}
+
+	return smc.Context.Value(key)
+}
diff --git a/vendor/github.com/docker/distribution/context/doc.go b/vendor/github.com/docker/distribution/context/doc.go
new file mode 100644
index 000000000..51376dd69
--- /dev/null
+++ b/vendor/github.com/docker/distribution/context/doc.go
@@ -0,0 +1,88 @@
+// Package context provides several utilities for working with
+// Go's context in http requests. Primarily, the focus is on logging relevant
+// request information but this package is not limited to that purpose.
+//
+// The easiest way to get started is to get the background context:
+//
+//	ctx := context.Background()
+//
+// The returned context should be passed around your application and be the
+// root of all other context instances. If the application has a version, this
+// line should be called before anything else:
+//
+//	ctx := context.WithVersion(context.Background(), version)
+//
+// The above will store the version in the context and will be available to
+// the logger.
+//
+// # Logging
+//
+// The most useful aspect of this package is GetLogger. This function takes
+// any context.Context interface and returns the current logger from the
+// context. Canonical usage looks like this:
+//
+//	GetLogger(ctx).Infof("something interesting happened")
+//
+// GetLogger also takes optional key arguments. The keys will be looked up in
+// the context and reported with the logger. The following example would
+// return a logger that prints the version with each log message:
+//
+//	ctx := context.Context(context.Background(), "version", version)
+//	GetLogger(ctx, "version").Infof("this log message has a version field")
+//
+// The above would print out a log message like this:
+//
+//	INFO[0000] this log message has a version field        version=v2.0.0-alpha.2.m
+//
+// When used with WithLogger, we gain the ability to decorate the context with
+// loggers that have information from disparate parts of the call stack.
+// Following from the version example, we can build a new context with the
+// configured logger such that we always print the version field:
+//
+//	ctx = WithLogger(ctx, GetLogger(ctx, "version"))
+//
+// Since the logger has been pushed to the context, we can now get the version
+// field for free with our log messages. Future calls to GetLogger on the new
+// context will have the version field:
+//
+//	GetLogger(ctx).Infof("this log message has a version field")
+//
+// This becomes more powerful when we start stacking loggers. Let's say we
+// have the version logger from above but also want a request id. Using the
+// context above, in our request scoped function, we place another logger in
+// the context:
+//
+//	ctx = context.WithValue(ctx, "http.request.id", "unique id") // called when building request context
+//	ctx = WithLogger(ctx, GetLogger(ctx, "http.request.id"))
+//
+// When GetLogger is called on the new context, "http.request.id" will be
+// included as a logger field, along with the original "version" field:
+//
+//	INFO[0000] this log message has a version field        http.request.id=unique id version=v2.0.0-alpha.2.m
+//
+// Note that this only affects the new context, the previous context, with the
+// version field, can be used independently. Put another way, the new logger,
+// added to the request context, is unique to that context and can have
+// request scoped variables.
+//
+// # HTTP Requests
+//
+// This package also contains several methods for working with http requests.
+// The concepts are very similar to those described above. We simply place the
+// request in the context using WithRequest. This makes the request variables
+// available. GetRequestLogger can then be called to get request specific
+// variables in a log line:
+//
+//	ctx = WithRequest(ctx, req)
+//	GetRequestLogger(ctx).Infof("request variables")
+//
+// Like above, if we want to include the request data in all log messages in
+// the context, we push the logger to a new context and use that one:
+//
+//	ctx = WithLogger(ctx, GetRequestLogger(ctx))
+//
+// The concept is fairly powerful and ensures that calls throughout the stack
+// can be traced in log messages. Using the fields like "http.request.id", one
+// can analyze call flow for a particular request with a simple grep of the
+// logs.
+package context
diff --git a/vendor/github.com/docker/distribution/context/http.go b/vendor/github.com/docker/distribution/context/http.go
new file mode 100644
index 000000000..48e354865
--- /dev/null
+++ b/vendor/github.com/docker/distribution/context/http.go
@@ -0,0 +1,333 @@
+package context
+
+import (
+	"context"
+	"errors"
+	"net"
+	"net/http"
+	"strings"
+	"sync"
+	"time"
+
+	"github.com/docker/distribution/uuid"
+	"github.com/gorilla/mux"
+	log "github.com/sirupsen/logrus"
+)
+
+// Common errors used with this package.
+var (
+	ErrNoRequestContext        = errors.New("no http request in context")
+	ErrNoResponseWriterContext = errors.New("no http response in context")
+)
+
+func parseIP(ipStr string) net.IP {
+	ip := net.ParseIP(ipStr)
+	if ip == nil {
+		log.Warnf("invalid remote IP address: %q", ipStr)
+	}
+	return ip
+}
+
+// RemoteAddr extracts the remote address of the request, taking into
+// account proxy headers.
+func RemoteAddr(r *http.Request) string {
+	if prior := r.Header.Get("X-Forwarded-For"); prior != "" {
+		proxies := strings.Split(prior, ",")
+		if len(proxies) > 0 {
+			remoteAddr := strings.Trim(proxies[0], " ")
+			if parseIP(remoteAddr) != nil {
+				return remoteAddr
+			}
+		}
+	}
+	// X-Real-Ip is less supported, but worth checking in the
+	// absence of X-Forwarded-For
+	if realIP := r.Header.Get("X-Real-Ip"); realIP != "" {
+		if parseIP(realIP) != nil {
+			return realIP
+		}
+	}
+
+	return r.RemoteAddr
+}
+
+// RemoteIP extracts the remote IP of the request, taking into
+// account proxy headers.
+func RemoteIP(r *http.Request) string {
+	addr := RemoteAddr(r)
+
+	// Try parsing it as "IP:port"
+	if ip, _, err := net.SplitHostPort(addr); err == nil {
+		return ip
+	}
+
+	return addr
+}
+
+// WithRequest places the request on the context. The context of the request
+// is assigned a unique id, available at "http.request.id". The request itself
+// is available at "http.request". Other common attributes are available under
+// the prefix "http.request.". If a request is already present on the context,
+// this method will panic.
+func WithRequest(ctx context.Context, r *http.Request) context.Context {
+	if ctx.Value("http.request") != nil {
+		// NOTE(stevvooe): This needs to be considered a programming error. It
+		// is unlikely that we'd want to have more than one request in
+		// context.
+		panic("only one request per context")
+	}
+
+	return &httpRequestContext{
+		Context:   ctx,
+		startedAt: time.Now(),
+		id:        uuid.Generate().String(),
+		r:         r,
+	}
+}
+
+// GetRequest returns the http request in the given context. Returns
+// ErrNoRequestContext if the context does not have an http request associated
+// with it.
+func GetRequest(ctx context.Context) (*http.Request, error) {
+	if r, ok := ctx.Value("http.request").(*http.Request); r != nil && ok {
+		return r, nil
+	}
+	return nil, ErrNoRequestContext
+}
+
+// GetRequestID attempts to resolve the current request id, if possible. An
+// error is return if it is not available on the context.
+func GetRequestID(ctx context.Context) string {
+	return GetStringValue(ctx, "http.request.id")
+}
+
+// WithResponseWriter returns a new context and response writer that makes
+// interesting response statistics available within the context.
+func WithResponseWriter(ctx context.Context, w http.ResponseWriter) (context.Context, http.ResponseWriter) {
+	irw := instrumentedResponseWriter{
+		ResponseWriter: w,
+		Context:        ctx,
+	}
+	return &irw, &irw
+}
+
+// GetResponseWriter returns the http.ResponseWriter from the provided
+// context. If not present, ErrNoResponseWriterContext is returned. The
+// returned instance provides instrumentation in the context.
+func GetResponseWriter(ctx context.Context) (http.ResponseWriter, error) {
+	v := ctx.Value("http.response")
+
+	rw, ok := v.(http.ResponseWriter)
+	if !ok || rw == nil {
+		return nil, ErrNoResponseWriterContext
+	}
+
+	return rw, nil
+}
+
+// getVarsFromRequest let's us change request vars implementation for testing
+// and maybe future changes.
+var getVarsFromRequest = mux.Vars
+
+// WithVars extracts gorilla/mux vars and makes them available on the returned
+// context. Variables are available at keys with the prefix "vars.". For
+// example, if looking for the variable "name", it can be accessed as
+// "vars.name". Implementations that are accessing values need not know that
+// the underlying context is implemented with gorilla/mux vars.
+func WithVars(ctx context.Context, r *http.Request) context.Context {
+	return &muxVarsContext{
+		Context: ctx,
+		vars:    getVarsFromRequest(r),
+	}
+}
+
+// GetRequestLogger returns a logger that contains fields from the request in
+// the current context. If the request is not available in the context, no
+// fields will display. Request loggers can safely be pushed onto the context.
+func GetRequestLogger(ctx context.Context) Logger {
+	return GetLogger(ctx,
+		"http.request.id",
+		"http.request.method",
+		"http.request.host",
+		"http.request.uri",
+		"http.request.referer",
+		"http.request.useragent",
+		"http.request.remoteaddr",
+		"http.request.contenttype")
+}
+
+// GetResponseLogger reads the current response stats and builds a logger.
+// Because the values are read at call time, pushing a logger returned from
+// this function on the context will lead to missing or invalid data. Only
+// call this at the end of a request, after the response has been written.
+func GetResponseLogger(ctx context.Context) Logger {
+	l := getLogrusLogger(ctx,
+		"http.response.written",
+		"http.response.status",
+		"http.response.contenttype")
+
+	duration := Since(ctx, "http.request.startedat")
+
+	if duration > 0 {
+		l = l.WithField("http.response.duration", duration.String())
+	}
+
+	return l
+}
+
+// httpRequestContext makes information about a request available to context.
+type httpRequestContext struct {
+	context.Context
+
+	startedAt time.Time
+	id        string
+	r         *http.Request
+}
+
+// Value returns a keyed element of the request for use in the context. To get
+// the request itself, query "request". For other components, access them as
+// "request.<component>". For example, r.RequestURI
+func (ctx *httpRequestContext) Value(key interface{}) interface{} {
+	if keyStr, ok := key.(string); ok {
+		if keyStr == "http.request" {
+			return ctx.r
+		}
+
+		if !strings.HasPrefix(keyStr, "http.request.") {
+			goto fallback
+		}
+
+		parts := strings.Split(keyStr, ".")
+
+		if len(parts) != 3 {
+			goto fallback
+		}
+
+		switch parts[2] {
+		case "uri":
+			return ctx.r.RequestURI
+		case "remoteaddr":
+			return RemoteAddr(ctx.r)
+		case "method":
+			return ctx.r.Method
+		case "host":
+			return ctx.r.Host
+		case "referer":
+			referer := ctx.r.Referer()
+			if referer != "" {
+				return referer
+			}
+		case "useragent":
+			return ctx.r.UserAgent()
+		case "id":
+			return ctx.id
+		case "startedat":
+			return ctx.startedAt
+		case "contenttype":
+			ct := ctx.r.Header.Get("Content-Type")
+			if ct != "" {
+				return ct
+			}
+		}
+	}
+
+fallback:
+	return ctx.Context.Value(key)
+}
+
+type muxVarsContext struct {
+	context.Context
+	vars map[string]string
+}
+
+func (ctx *muxVarsContext) Value(key interface{}) interface{} {
+	if keyStr, ok := key.(string); ok {
+		if keyStr == "vars" {
+			return ctx.vars
+		}
+
+		if v, ok := ctx.vars[strings.TrimPrefix(keyStr, "vars.")]; ok {
+			return v
+		}
+	}
+
+	return ctx.Context.Value(key)
+}
+
+// instrumentedResponseWriter provides response writer information in a
+// context. This variant is only used in the case where CloseNotifier is not
+// implemented by the parent ResponseWriter.
+type instrumentedResponseWriter struct {
+	http.ResponseWriter
+	context.Context
+
+	mu      sync.Mutex
+	status  int
+	written int64
+}
+
+func (irw *instrumentedResponseWriter) Write(p []byte) (n int, err error) {
+	n, err = irw.ResponseWriter.Write(p)
+
+	irw.mu.Lock()
+	irw.written += int64(n)
+
+	// Guess the likely status if not set.
+	if irw.status == 0 {
+		irw.status = http.StatusOK
+	}
+
+	irw.mu.Unlock()
+
+	return
+}
+
+func (irw *instrumentedResponseWriter) WriteHeader(status int) {
+	irw.ResponseWriter.WriteHeader(status)
+
+	irw.mu.Lock()
+	irw.status = status
+	irw.mu.Unlock()
+}
+
+func (irw *instrumentedResponseWriter) Flush() {
+	if flusher, ok := irw.ResponseWriter.(http.Flusher); ok {
+		flusher.Flush()
+	}
+}
+
+func (irw *instrumentedResponseWriter) Value(key interface{}) interface{} {
+	if keyStr, ok := key.(string); ok {
+		if keyStr == "http.response" {
+			return irw
+		}
+
+		if !strings.HasPrefix(keyStr, "http.response.") {
+			goto fallback
+		}
+
+		parts := strings.Split(keyStr, ".")
+
+		if len(parts) != 3 {
+			goto fallback
+		}
+
+		irw.mu.Lock()
+		defer irw.mu.Unlock()
+
+		switch parts[2] {
+		case "written":
+			return irw.written
+		case "status":
+			return irw.status
+		case "contenttype":
+			contentType := irw.Header().Get("Content-Type")
+			if contentType != "" {
+				return contentType
+			}
+		}
+	}
+
+fallback:
+	return irw.Context.Value(key)
+}
diff --git a/vendor/github.com/docker/distribution/context/logger.go b/vendor/github.com/docker/distribution/context/logger.go
new file mode 100644
index 000000000..3e5b81bbf
--- /dev/null
+++ b/vendor/github.com/docker/distribution/context/logger.go
@@ -0,0 +1,121 @@
+package context
+
+import (
+	"context"
+	"fmt"
+	"runtime"
+
+	"github.com/sirupsen/logrus"
+)
+
+// Logger provides a leveled-logging interface.
+type Logger interface {
+	// standard logger methods
+	Print(args ...interface{})
+	Printf(format string, args ...interface{})
+	Println(args ...interface{})
+
+	Fatal(args ...interface{})
+	Fatalf(format string, args ...interface{})
+	Fatalln(args ...interface{})
+
+	Panic(args ...interface{})
+	Panicf(format string, args ...interface{})
+	Panicln(args ...interface{})
+
+	// Leveled methods, from logrus
+	Debug(args ...interface{})
+	Debugf(format string, args ...interface{})
+	Debugln(args ...interface{})
+
+	Error(args ...interface{})
+	Errorf(format string, args ...interface{})
+	Errorln(args ...interface{})
+
+	Info(args ...interface{})
+	Infof(format string, args ...interface{})
+	Infoln(args ...interface{})
+
+	Warn(args ...interface{})
+	Warnf(format string, args ...interface{})
+	Warnln(args ...interface{})
+
+	WithError(err error) *logrus.Entry
+}
+
+type loggerKey struct{}
+
+// WithLogger creates a new context with provided logger.
+func WithLogger(ctx context.Context, logger Logger) context.Context {
+	return context.WithValue(ctx, loggerKey{}, logger)
+}
+
+// GetLoggerWithField returns a logger instance with the specified field key
+// and value without affecting the context. Extra specified keys will be
+// resolved from the context.
+func GetLoggerWithField(ctx context.Context, key, value interface{}, keys ...interface{}) Logger {
+	return getLogrusLogger(ctx, keys...).WithField(fmt.Sprint(key), value)
+}
+
+// GetLoggerWithFields returns a logger instance with the specified fields
+// without affecting the context. Extra specified keys will be resolved from
+// the context.
+func GetLoggerWithFields(ctx context.Context, fields map[interface{}]interface{}, keys ...interface{}) Logger {
+	// must convert from interface{} -> interface{} to string -> interface{} for logrus.
+	lfields := make(logrus.Fields, len(fields))
+	for key, value := range fields {
+		lfields[fmt.Sprint(key)] = value
+	}
+
+	return getLogrusLogger(ctx, keys...).WithFields(lfields)
+}
+
+// GetLogger returns the logger from the current context, if present. If one
+// or more keys are provided, they will be resolved on the context and
+// included in the logger. While context.Value takes an interface, any key
+// argument passed to GetLogger will be passed to fmt.Sprint when expanded as
+// a logging key field. If context keys are integer constants, for example,
+// its recommended that a String method is implemented.
+func GetLogger(ctx context.Context, keys ...interface{}) Logger {
+	return getLogrusLogger(ctx, keys...)
+}
+
+// GetLogrusLogger returns the logrus logger for the context. If one more keys
+// are provided, they will be resolved on the context and included in the
+// logger. Only use this function if specific logrus functionality is
+// required.
+func getLogrusLogger(ctx context.Context, keys ...interface{}) *logrus.Entry {
+	var logger *logrus.Entry
+
+	// Get a logger, if it is present.
+	loggerInterface := ctx.Value(loggerKey{})
+	if loggerInterface != nil {
+		if lgr, ok := loggerInterface.(*logrus.Entry); ok {
+			logger = lgr
+		}
+	}
+
+	if logger == nil {
+		fields := logrus.Fields{}
+
+		// Fill in the instance id, if we have it.
+		instanceID := ctx.Value("instance.id")
+		if instanceID != nil {
+			fields["instance.id"] = instanceID
+		}
+
+		fields["go.version"] = runtime.Version()
+		// If no logger is found, just return the standard logger.
+		logger = logrus.StandardLogger().WithFields(fields)
+	}
+
+	fields := logrus.Fields{}
+	for _, key := range keys {
+		v := ctx.Value(key)
+		if v != nil {
+			fields[fmt.Sprint(key)] = v
+		}
+	}
+
+	return logger.WithFields(fields)
+}
diff --git a/vendor/github.com/docker/distribution/context/trace.go b/vendor/github.com/docker/distribution/context/trace.go
new file mode 100644
index 000000000..092ef608c
--- /dev/null
+++ b/vendor/github.com/docker/distribution/context/trace.go
@@ -0,0 +1,105 @@
+package context
+
+import (
+	"context"
+	"runtime"
+	"time"
+
+	"github.com/docker/distribution/uuid"
+)
+
+// WithTrace allocates a traced timing span in a new context. This allows a
+// caller to track the time between calling WithTrace and the returned done
+// function. When the done function is called, a log message is emitted with a
+// "trace.duration" field, corresponding to the elapsed time and a
+// "trace.func" field, corresponding to the function that called WithTrace.
+//
+// The logging keys "trace.id" and "trace.parent.id" are provided to implement
+// dapper-like tracing. This function should be complemented with a WithSpan
+// method that could be used for tracing distributed RPC calls.
+//
+// The main benefit of this function is to post-process log messages or
+// intercept them in a hook to provide timing data. Trace ids and parent ids
+// can also be linked to provide call tracing, if so required.
+//
+// Here is an example of the usage:
+//
+//	func timedOperation(ctx Context) {
+//		ctx, done := WithTrace(ctx)
+//		defer done("this will be the log message")
+//		// ... function body ...
+//	}
+//
+// If the function ran for roughly 1s, such a usage would emit a log message
+// as follows:
+//
+//	INFO[0001] this will be the log message  trace.duration=1.004575763s trace.func=github.com/docker/distribution/context.traceOperation trace.id=<id> ...
+//
+// Notice that the function name is automatically resolved, along with the
+// package and a trace id is emitted that can be linked with parent ids.
+func WithTrace(ctx context.Context) (context.Context, func(format string, a ...interface{})) {
+	if ctx == nil {
+		ctx = Background()
+	}
+
+	pc, file, line, _ := runtime.Caller(1)
+	f := runtime.FuncForPC(pc)
+	ctx = &traced{
+		Context: ctx,
+		id:      uuid.Generate().String(),
+		start:   time.Now(),
+		parent:  GetStringValue(ctx, "trace.id"),
+		fnname:  f.Name(),
+		file:    file,
+		line:    line,
+	}
+
+	return ctx, func(format string, a ...interface{}) {
+		GetLogger(ctx,
+			"trace.duration",
+			"trace.id",
+			"trace.parent.id",
+			"trace.func",
+			"trace.file",
+			"trace.line").
+			Debugf(format, a...)
+	}
+}
+
+// traced represents a context that is traced for function call timing. It
+// also provides fast lookup for the various attributes that are available on
+// the trace.
+type traced struct {
+	context.Context
+	id     string
+	parent string
+	start  time.Time
+	fnname string
+	file   string
+	line   int
+}
+
+func (ts *traced) Value(key interface{}) interface{} {
+	switch key {
+	case "trace.start":
+		return ts.start
+	case "trace.duration":
+		return time.Since(ts.start)
+	case "trace.id":
+		return ts.id
+	case "trace.parent.id":
+		if ts.parent == "" {
+			return nil // must return nil to signal no parent.
+		}
+
+		return ts.parent
+	case "trace.func":
+		return ts.fnname
+	case "trace.file":
+		return ts.file
+	case "trace.line":
+		return ts.line
+	}
+
+	return ts.Context.Value(key)
+}
diff --git a/vendor/github.com/docker/distribution/context/util.go b/vendor/github.com/docker/distribution/context/util.go
new file mode 100644
index 000000000..c462e7563
--- /dev/null
+++ b/vendor/github.com/docker/distribution/context/util.go
@@ -0,0 +1,25 @@
+package context
+
+import (
+	"context"
+	"time"
+)
+
+// Since looks up key, which should be a time.Time, and returns the duration
+// since that time. If the key is not found, the value returned will be zero.
+// This is helpful when inferring metrics related to context execution times.
+func Since(ctx context.Context, key interface{}) time.Duration {
+	if startedAt, ok := ctx.Value(key).(time.Time); ok {
+		return time.Since(startedAt)
+	}
+	return 0
+}
+
+// GetStringValue returns a string value from the context. The empty string
+// will be returned if not found.
+func GetStringValue(ctx context.Context, key interface{}) (value string) {
+	if valuev, ok := ctx.Value(key).(string); ok {
+		value = valuev
+	}
+	return value
+}
diff --git a/vendor/github.com/docker/distribution/context/version.go b/vendor/github.com/docker/distribution/context/version.go
new file mode 100644
index 000000000..97cf9d665
--- /dev/null
+++ b/vendor/github.com/docker/distribution/context/version.go
@@ -0,0 +1,22 @@
+package context
+
+import "context"
+
+type versionKey struct{}
+
+func (versionKey) String() string { return "version" }
+
+// WithVersion stores the application version in the context. The new context
+// gets a logger to ensure log messages are marked with the application
+// version.
+func WithVersion(ctx context.Context, version string) context.Context {
+	ctx = context.WithValue(ctx, versionKey{}, version)
+	// push a new logger onto the stack
+	return WithLogger(ctx, GetLogger(ctx, versionKey{}))
+}
+
+// GetVersion returns the application version from the context. An empty
+// string may returned if the version was not set on the context.
+func GetVersion(ctx context.Context) string {
+	return GetStringValue(ctx, versionKey{})
+}
diff --git a/vendor/github.com/docker/distribution/health/checks/checks.go b/vendor/github.com/docker/distribution/health/checks/checks.go
new file mode 100644
index 000000000..7760f6105
--- /dev/null
+++ b/vendor/github.com/docker/distribution/health/checks/checks.go
@@ -0,0 +1,73 @@
+package checks
+
+import (
+	"errors"
+	"fmt"
+	"net"
+	"net/http"
+	"os"
+	"path/filepath"
+	"strconv"
+	"time"
+
+	"github.com/docker/distribution/health"
+)
+
+// FileChecker checks the existence of a file and returns an error
+// if the file exists.
+func FileChecker(f string) health.Checker {
+	return health.CheckFunc(func() error {
+		absoluteFilePath, err := filepath.Abs(f)
+		if err != nil {
+			return fmt.Errorf("failed to get absolute path for %q: %v", f, err)
+		}
+
+		_, err = os.Stat(absoluteFilePath)
+		if err == nil {
+			return errors.New("file exists")
+		} else if os.IsNotExist(err) {
+			return nil
+		}
+
+		return err
+	})
+}
+
+// HTTPChecker does a HEAD request and verifies that the HTTP status code
+// returned matches statusCode.
+func HTTPChecker(r string, statusCode int, timeout time.Duration, headers http.Header) health.Checker {
+	return health.CheckFunc(func() error {
+		client := http.Client{
+			Timeout: timeout,
+		}
+		req, err := http.NewRequest("HEAD", r, nil)
+		if err != nil {
+			return errors.New("error creating request: " + r)
+		}
+		for headerName, headerValues := range headers {
+			for _, headerValue := range headerValues {
+				req.Header.Add(headerName, headerValue)
+			}
+		}
+		response, err := client.Do(req)
+		if err != nil {
+			return errors.New("error while checking: " + r)
+		}
+		if response.StatusCode != statusCode {
+			return errors.New("downstream service returned unexpected status: " + strconv.Itoa(response.StatusCode))
+		}
+		return nil
+	})
+}
+
+// TCPChecker attempts to open a TCP connection.
+func TCPChecker(addr string, timeout time.Duration) health.Checker {
+	return health.CheckFunc(func() error {
+		conn, err := net.DialTimeout("tcp", addr, timeout)
+		if err != nil {
+			return errors.New("connection to " + addr + " failed")
+		}
+		conn.Close()
+		return nil
+	})
+}
diff --git a/vendor/github.com/docker/distribution/health/doc.go b/vendor/github.com/docker/distribution/health/doc.go
new file mode 100644
index 000000000..5e5ba2fc0
--- /dev/null
+++ b/vendor/github.com/docker/distribution/health/doc.go
@@ -0,0 +1,136 @@
+// Package health provides a generic health checking framework.
+// The health package works expvar style. By importing the package the debug
+// server is getting a "/debug/health" endpoint that returns the current
+// status of the application.
+// If there are no errors, "/debug/health" will return an HTTP 200 status,
+// together with an empty JSON reply "{}". If there are any checks
+// with errors, the JSON reply will include all the failed checks, and the
+// response will be have an HTTP 503 status.
+//
+// A Check can either be run synchronously, or asynchronously. We recommend
+// that most checks are registered as an asynchronous check, so a call to the
+// "/debug/health" endpoint always returns immediately. This pattern is
+// particularly useful for checks that verify upstream connectivity or
+// database status, since they might take a long time to return/timeout.
+//
+// # Installing
+//
+// To install health, just import it in your application:
+//
+//	import "github.com/docker/distribution/health"
+//
+// You can also (optionally) import "health/api" that will add two convenience
+// endpoints: "/debug/health/down" and "/debug/health/up". These endpoints add
+// "manual" checks that allow the service to quickly be brought in/out of
+// rotation.
+//
+//	import _ "github.com/docker/distribution/health/api"
+//
+//	# curl localhost:5001/debug/health
+//	{}
+//	# curl -X POST localhost:5001/debug/health/down
+//	# curl localhost:5001/debug/health
+//	{"manual_http_status":"Manual Check"}
+//
+// After importing these packages to your main application, you can start
+// registering checks.
+//
+// # Registering Checks
+//
+// The recommended way of registering checks is using a periodic Check.
+// PeriodicChecks run on a certain schedule and asynchronously update the
+// status of the check. This allows CheckStatus to return without blocking
+// on an expensive check.
+//
+// A trivial example of a check that runs every 5 seconds and shuts down our
+// server if the current minute is even, could be added as follows:
+//
+//	func currentMinuteEvenCheck() error {
+//	  m := time.Now().Minute()
+//	  if m%2 == 0 {
+//	    return errors.New("Current minute is even!")
+//	  }
+//	  return nil
+//	}
+//
+//	health.RegisterPeriodicFunc("minute_even", currentMinuteEvenCheck, time.Second*5)
+//
+// Alternatively, you can also make use of "RegisterPeriodicThresholdFunc" to
+// implement the exact same check, but add a threshold of failures after which
+// the check will be unhealthy. This is particularly useful for flaky Checks,
+// ensuring some stability of the service when handling them.
+//
+//	health.RegisterPeriodicThresholdFunc("minute_even", currentMinuteEvenCheck, time.Second*5, 4)
+//
+// The lowest-level way to interact with the health package is calling
+// "Register" directly. Register allows you to pass in an arbitrary string and
+// something that implements "Checker" and runs your check. If your method
+// returns an error with nil, it is considered a healthy check, otherwise it
+// will make the health check endpoint "/debug/health" start returning a 503
+// and list the specific check that failed.
+//
+// Assuming you wish to register a method called "currentMinuteEvenCheck()
+// error" you could do that by doing:
+//
+//	health.Register("even_minute", health.CheckFunc(currentMinuteEvenCheck))
+//
+// CheckFunc is a convenience type that implements Checker.
+//
+// Another way of registering a check could be by using an anonymous function
+// and the convenience method RegisterFunc. An example that makes the status
+// endpoint always return an error:
+//
+//	health.RegisterFunc("my_check", func() error {
+//	 return Errors.new("This is an error!")
+//	}))
+//
+// # Examples
+//
+// You could also use the health checker mechanism to ensure your application
+// only comes up if certain conditions are met, or to allow the developer to
+// take the service out of rotation immediately. An example that checks
+// database connectivity and immediately takes the server out of rotation on
+// err:
+//
+//	updater = health.NewStatusUpdater()
+//	 health.RegisterFunc("database_check", func() error {
+//	  return updater.Check()
+//	}))
+//
+//	conn, err := Connect(...) // database call here
+//	if err != nil {
+//	  updater.Update(errors.New("Error connecting to the database: " + err.Error()))
+//	}
+//
+// You can also use the predefined Checkers that come included with the health
+// package. First, import the checks:
+//
+//	import "github.com/docker/distribution/health/checks
+//
+// After that you can make use of any of the provided checks. An example of
+// using a `FileChecker` to take the application out of rotation if a certain
+// file exists can be done as follows:
+//
+//	health.Register("fileChecker", health.PeriodicChecker(checks.FileChecker("/tmp/disable"), time.Second*5))
+//
+// After registering the check, it is trivial to take an application out of
+// rotation from the console:
+//
+//	# curl localhost:5001/debug/health
+//	{}
+//	# touch /tmp/disable
+//	# curl localhost:5001/debug/health
+//	{"fileChecker":"file exists"}
+//
+// FileChecker only accepts absolute or relative file path. It does not work
+// properly with tilde(~). You should make sure that the application has
+// proper permission(read and execute permission for directory along with
+// the specified file path). Otherwise, the FileChecker will report error
+// and file health check is not ok.
+//
+// You could also test the connectivity to a downstream service by using a
+// "HTTPChecker", but ensure that you only mark the test unhealthy if there
+// are a minimum of two failures in a row:
+//
+//	health.Register("httpChecker", health.PeriodicThresholdChecker(checks.HTTPChecker("https://www.google.pt"), time.Second*5, 2))
+package health
diff --git a/vendor/github.com/docker/distribution/health/health.go b/vendor/github.com/docker/distribution/health/health.go
new file mode 100644
index 000000000..592bce576
--- /dev/null
+++ b/vendor/github.com/docker/distribution/health/health.go
@@ -0,0 +1,306 @@
+package health
+
+import (
+	"encoding/json"
+	"fmt"
+	"net/http"
+	"sync"
+	"time"
+
+	"github.com/docker/distribution/context"
+	"github.com/docker/distribution/registry/api/errcode"
+)
+
+// A Registry is a collection of checks. Most applications will use the global
+// registry defined in DefaultRegistry. However, unit tests may need to create
+// separate registries to isolate themselves from other tests.
+type Registry struct {
+	mu               sync.RWMutex
+	registeredChecks map[string]Checker
+}
+
+// NewRegistry creates a new registry. This isn't necessary for normal use of
+// the package, but may be useful for unit tests so individual tests have their
+// own set of checks.
+func NewRegistry() *Registry {
+	return &Registry{
+		registeredChecks: make(map[string]Checker),
+	}
+}
+
+// DefaultRegistry is the default registry where checks are registered. It is
+// the registry used by the HTTP handler.
+var DefaultRegistry *Registry
+
+// Checker is the interface for a Health Checker
+type Checker interface {
+	// Check returns nil if the service is okay.
+	Check() error
+}
+
+// CheckFunc is a convenience type to create functions that implement
+// the Checker interface
+type CheckFunc func() error
+
+// Check Implements the Checker interface to allow for any func() error method
+// to be passed as a Checker
+func (cf CheckFunc) Check() error {
+	return cf()
+}
+
+// Updater implements a health check that is explicitly set.
+type Updater interface {
+	Checker
+
+	// Update updates the current status of the health check.
+	Update(status error)
+}
+
+// updater implements Checker and Updater, providing an asynchronous Update
+// method.
+// This allows us to have a Checker that returns the Check() call immediately
+// not blocking on a potentially expensive check.
+type updater struct {
+	mu     sync.Mutex
+	status error
+}
+
+// Check implements the Checker interface
+func (u *updater) Check() error {
+	u.mu.Lock()
+	defer u.mu.Unlock()
+
+	return u.status
+}
+
+// Update implements the Updater interface, allowing asynchronous access to
+// the status of a Checker.
+func (u *updater) Update(status error) {
+	u.mu.Lock()
+	defer u.mu.Unlock()
+
+	u.status = status
+}
+
+// NewStatusUpdater returns a new updater
+func NewStatusUpdater() Updater {
+	return &updater{}
+}
+
+// thresholdUpdater implements Checker and Updater, providing an asynchronous Update
+// method.
+// This allows us to have a Checker that returns the Check() call immediately
+// not blocking on a potentially expensive check.
+type thresholdUpdater struct {
+	mu        sync.Mutex
+	status    error
+	threshold int
+	count     int
+}
+
+// Check implements the Checker interface
+func (tu *thresholdUpdater) Check() error {
+	tu.mu.Lock()
+	defer tu.mu.Unlock()
+
+	if tu.count >= tu.threshold {
+		return tu.status
+	}
+
+	return nil
+}
+
+// thresholdUpdater implements the Updater interface, allowing asynchronous
+// access to the status of a Checker.
+func (tu *thresholdUpdater) Update(status error) {
+	tu.mu.Lock()
+	defer tu.mu.Unlock()
+
+	if status == nil {
+		tu.count = 0
+	} else if tu.count < tu.threshold {
+		tu.count++
+	}
+
+	tu.status = status
+}
+
+// NewThresholdStatusUpdater returns a new thresholdUpdater
+func NewThresholdStatusUpdater(t int) Updater {
+	return &thresholdUpdater{threshold: t}
+}
+
+// PeriodicChecker wraps an updater to provide a periodic checker
+func PeriodicChecker(check Checker, period time.Duration) Checker {
+	u := NewStatusUpdater()
+	go func() {
+		t := time.NewTicker(period)
+		for {
+			<-t.C
+			u.Update(check.Check())
+		}
+	}()
+
+	return u
+}
+
+// PeriodicThresholdChecker wraps an updater to provide a periodic checker that
+// uses a threshold before it changes status
+func PeriodicThresholdChecker(check Checker, period time.Duration, threshold int) Checker {
+	tu := NewThresholdStatusUpdater(threshold)
+	go func() {
+		t := time.NewTicker(period)
+		for {
+			<-t.C
+			tu.Update(check.Check())
+		}
+	}()
+
+	return tu
+}
+
+// CheckStatus returns a map with all the current health check errors
+func (registry *Registry) CheckStatus() map[string]string { // TODO(stevvooe) this needs a proper type
+	registry.mu.RLock()
+	defer registry.mu.RUnlock()
+	statusKeys := make(map[string]string)
+	for k, v := range registry.registeredChecks {
+		err := v.Check()
+		if err != nil {
+			statusKeys[k] = err.Error()
+		}
+	}
+
+	return statusKeys
+}
+
+// CheckStatus returns a map with all the current health check errors from the
+// default registry.
+func CheckStatus() map[string]string {
+	return DefaultRegistry.CheckStatus()
+}
+
+// Register associates the checker with the provided name.
+func (registry *Registry) Register(name string, check Checker) {
+	if registry == nil {
+		registry = DefaultRegistry
+	}
+	registry.mu.Lock()
+	defer registry.mu.Unlock()
+	_, ok := registry.registeredChecks[name]
+	if ok {
+		panic("Check already exists: " + name)
+	}
+	registry.registeredChecks[name] = check
+}
+
+// Register associates the checker with the provided name in the default
+// registry.
+func Register(name string, check Checker) {
+	DefaultRegistry.Register(name, check)
+}
+
+// RegisterFunc allows the convenience of registering a checker directly from
+// an arbitrary func() error.
+func (registry *Registry) RegisterFunc(name string, check func() error) {
+	registry.Register(name, CheckFunc(check))
+}
+
+// RegisterFunc allows the convenience of registering a checker in the default
+// registry directly from an arbitrary func() error.
+func RegisterFunc(name string, check func() error) {
+	DefaultRegistry.RegisterFunc(name, check)
+}
+
+// RegisterPeriodicFunc allows the convenience of registering a PeriodicChecker
+// from an arbitrary func() error.
+func (registry *Registry) RegisterPeriodicFunc(name string, period time.Duration, check CheckFunc) {
+	registry.Register(name, PeriodicChecker(check, period))
+}
+
+// RegisterPeriodicFunc allows the convenience of registering a PeriodicChecker
+// in the default registry from an arbitrary func() error.
+func RegisterPeriodicFunc(name string, period time.Duration, check CheckFunc) {
+	DefaultRegistry.RegisterPeriodicFunc(name, period, check)
+}
+
+// RegisterPeriodicThresholdFunc allows the convenience of registering a
+// PeriodicChecker from an arbitrary func() error.
+func (registry *Registry) RegisterPeriodicThresholdFunc(name string, period time.Duration, threshold int, check CheckFunc) {
+	registry.Register(name, PeriodicThresholdChecker(check, period, threshold))
+}
+
+// RegisterPeriodicThresholdFunc allows the convenience of registering a
+// PeriodicChecker in the default registry from an arbitrary func() error.
+func RegisterPeriodicThresholdFunc(name string, period time.Duration, threshold int, check CheckFunc) {
+	DefaultRegistry.RegisterPeriodicThresholdFunc(name, period, threshold, check)
+}
+
+// StatusHandler returns a JSON blob with all the currently registered Health Checks
+// and their corresponding status.
+// Returns 503 if any Error status exists, 200 otherwise
+func StatusHandler(w http.ResponseWriter, r *http.Request) {
+	if r.Method == "GET" {
+		checks := CheckStatus()
+		status := http.StatusOK
+
+		// If there is an error, return 503
+		if len(checks) != 0 {
+			status = http.StatusServiceUnavailable
+		}
+
+		statusResponse(w, r, status, checks)
+	} else {
+		http.NotFound(w, r)
+	}
+}
+
+// Handler returns a handler that will return 503 response code if the health
+// checks have failed. If everything is okay with the health checks, the
+// handler will pass through to the provided handler. Use this handler to
+// disable a web application when the health checks fail.
+func Handler(handler http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		checks := CheckStatus()
+		if len(checks) != 0 {
+			errcode.ServeJSON(w, errcode.ErrorCodeUnavailable.
+				WithDetail("health check failed: please see /debug/health"))
+			return
+		}
+
+		handler.ServeHTTP(w, r) // pass through
+	})
+}
+
+// statusResponse completes the request with a response describing the health
+// of the service.
+func statusResponse(w http.ResponseWriter, r *http.Request, status int, checks map[string]string) {
+	p, err := json.Marshal(checks)
+	if err != nil {
+		context.GetLogger(context.Background()).Errorf("error serializing health status: %v", err)
+		p, err = json.Marshal(struct {
+			ServerError string `json:"server_error"`
+		}{
+			ServerError: "Could not parse error message",
+		})
+		status = http.StatusInternalServerError
+
+		if err != nil {
+			context.GetLogger(context.Background()).Errorf("error serializing health status failure message: %v", err)
+			return
+		}
+	}
+
+	w.Header().Set("Content-Type", "application/json; charset=utf-8")
+	w.Header().Set("Content-Length", fmt.Sprint(len(p)))
+	w.WriteHeader(status)
+	if _, err := w.Write(p); err != nil {
+		context.GetLogger(context.Background()).Errorf("error writing health status response body: %v", err)
+	}
+}
+
+// Registers global /debug/health api endpoint, creates default registry
+func init() {
+	DefaultRegistry = NewRegistry()
+	http.HandleFunc("/debug/health", StatusHandler)
+}
diff --git a/vendor/github.com/docker/distribution/manifest/schema1/config_builder.go b/vendor/github.com/docker/distribution/manifest/schema1/config_builder.go
new file mode 100644
index 000000000..a96dc3d26
--- /dev/null
+++ b/vendor/github.com/docker/distribution/manifest/schema1/config_builder.go
@@ -0,0 +1,287 @@
+package schema1
+
+import (
+	"context"
+	"crypto/sha512"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"time"
+
+	"github.com/docker/distribution"
+	"github.com/docker/distribution/manifest"
+	"github.com/docker/distribution/reference"
+	"github.com/docker/libtrust"
+	"github.com/opencontainers/go-digest"
+)
+
+type diffID digest.Digest
+
+// gzippedEmptyTar is a gzip-compressed version of an empty tar file
+// (1024 NULL bytes)
+var gzippedEmptyTar = []byte{
+	31, 139, 8, 0, 0, 9, 110, 136, 0, 255, 98, 24, 5, 163, 96, 20, 140, 88,
+	0, 8, 0, 0, 255, 255, 46, 175, 181, 239, 0, 4, 0, 0,
+}
+
+// digestSHA256GzippedEmptyTar is the canonical sha256 digest of
+// gzippedEmptyTar
+const digestSHA256GzippedEmptyTar = digest.Digest("sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4")
+
+// configManifestBuilder is a type for constructing manifests from an image
+// configuration and generic descriptors.
+type configManifestBuilder struct {
+	// bs is a BlobService used to create empty layer tars in the
+	// blob store if necessary.
+	bs distribution.BlobService
+	// pk is the libtrust private key used to sign the final manifest.
+	pk libtrust.PrivateKey
+	// configJSON is configuration supplied when the ManifestBuilder was
+	// created.
+	configJSON []byte
+	// ref contains the name and optional tag provided to NewConfigManifestBuilder.
+	ref reference.Named
+	// descriptors is the set of descriptors referencing the layers.
+	descriptors []distribution.Descriptor
+	// emptyTarDigest is set to a valid digest if an empty tar has been
+	// put in the blob store; otherwise it is empty.
+	emptyTarDigest digest.Digest
+}
+
+// NewConfigManifestBuilder is used to build new manifests for the current
+// schema version from an image configuration and a set of descriptors.
+// It takes a BlobService so that it can add an empty tar to the blob store
+// if the resulting manifest needs empty layers.
+func NewConfigManifestBuilder(bs distribution.BlobService, pk libtrust.PrivateKey, ref reference.Named, configJSON []byte) distribution.ManifestBuilder {
+	return &configManifestBuilder{
+		bs:         bs,
+		pk:         pk,
+		configJSON: configJSON,
+		ref:        ref,
+	}
+}
+
+// Build produces a final manifest from the given references
+func (mb *configManifestBuilder) Build(ctx context.Context) (m distribution.Manifest, err error) {
+	type imageRootFS struct {
+		Type      string   `json:"type"`
+		DiffIDs   []diffID `json:"diff_ids,omitempty"`
+		BaseLayer string   `json:"base_layer,omitempty"`
+	}
+
+	type imageHistory struct {
+		Created    time.Time `json:"created"`
+		Author     string    `json:"author,omitempty"`
+		CreatedBy  string    `json:"created_by,omitempty"`
+		Comment    string    `json:"comment,omitempty"`
+		EmptyLayer bool      `json:"empty_layer,omitempty"`
+	}
+
+	type imageConfig struct {
+		RootFS       *imageRootFS   `json:"rootfs,omitempty"`
+		History      []imageHistory `json:"history,omitempty"`
+		Architecture string         `json:"architecture,omitempty"`
+	}
+
+	var img imageConfig
+
+	if err := json.Unmarshal(mb.configJSON, &img); err != nil {
+		return nil, err
+	}
+
+	if len(img.History) == 0 {
+		return nil, errors.New("empty history when trying to create schema1 manifest")
+	}
+
+	if len(img.RootFS.DiffIDs) != len(mb.descriptors) {
+		return nil, fmt.Errorf("number of descriptors and number of layers in rootfs must match: len(%v) != len(%v)", img.RootFS.DiffIDs, mb.descriptors)
+	}
+
+	// Generate IDs for each layer
+	// For non-top-level layers, create fake V1Compatibility strings that
+	// fit the format and don't collide with anything else, but don't
+	// result in runnable images on their own.
+	type v1Compatibility struct {
+		ID              string    `json:"id"`
+		Parent          string    `json:"parent,omitempty"`
+		Comment         string    `json:"comment,omitempty"`
+		Created         time.Time `json:"created"`
+		ContainerConfig struct {
+			Cmd []string
+		} `json:"container_config,omitempty"`
+		Author    string `json:"author,omitempty"`
+		ThrowAway bool   `json:"throwaway,omitempty"`
+	}
+
+	fsLayerList := make([]FSLayer, len(img.History))
+	history := make([]History, len(img.History))
+
+	parent := ""
+	layerCounter := 0
+	for i, h := range img.History[:len(img.History)-1] {
+		var blobsum digest.Digest
+		if h.EmptyLayer {
+			if blobsum, err = mb.emptyTar(ctx); err != nil {
+				return nil, err
+			}
+		} else {
+			if len(img.RootFS.DiffIDs) <= layerCounter {
+				return nil, errors.New("too many non-empty layers in History section")
+			}
+			blobsum = mb.descriptors[layerCounter].Digest
+			layerCounter++
+		}
+
+		v1ID := digest.FromBytes([]byte(blobsum.Hex() + " " + parent)).Hex()
+
+		if i == 0 && img.RootFS.BaseLayer != "" {
+			// windows-only baselayer setup
+			baseID := sha512.Sum384([]byte(img.RootFS.BaseLayer))
+			parent = fmt.Sprintf("%x", baseID[:32])
+		}
+
+		v1Compatibility := v1Compatibility{
+			ID:      v1ID,
+			Parent:  parent,
+			Comment: h.Comment,
+			Created: h.Created,
+			Author:  h.Author,
+		}
+		v1Compatibility.ContainerConfig.Cmd = []string{img.History[i].CreatedBy}
+		if h.EmptyLayer {
+			v1Compatibility.ThrowAway = true
+		}
+		jsonBytes, err := json.Marshal(&v1Compatibility)
+		if err != nil {
+			return nil, err
+		}
+
+		reversedIndex := len(img.History) - i - 1
+		history[reversedIndex].V1Compatibility = string(jsonBytes)
+		fsLayerList[reversedIndex] = FSLayer{BlobSum: blobsum}
+
+		parent = v1ID
+	}
+
+	latestHistory := img.History[len(img.History)-1]
+
+	var blobsum digest.Digest
+	if latestHistory.EmptyLayer {
+		if blobsum, err = mb.emptyTar(ctx); err != nil {
+			return nil, err
+		}
+	} else {
+		if len(img.RootFS.DiffIDs) <= layerCounter {
+			return nil, errors.New("too many non-empty layers in History section")
+		}
+		blobsum = mb.descriptors[layerCounter].Digest
+	}
+
+	fsLayerList[0] = FSLayer{BlobSum: blobsum}
+	dgst := digest.FromBytes([]byte(blobsum.Hex() + " " + parent + " " + string(mb.configJSON)))
+
+	// Top-level v1compatibility string should be a modified version of the
+	// image config.
+	transformedConfig, err := MakeV1ConfigFromConfig(mb.configJSON, dgst.Hex(), parent, latestHistory.EmptyLayer)
+	if err != nil {
+		return nil, err
+	}
+
+	history[0].V1Compatibility = string(transformedConfig)
+
+	tag := ""
+	if tagged, isTagged := mb.ref.(reference.Tagged); isTagged {
+		tag = tagged.Tag()
+	}
+
+	mfst := Manifest{
+		Versioned: manifest.Versioned{
+			SchemaVersion: 1,
+		},
+		Name:         mb.ref.Name(),
+		Tag:          tag,
+		Architecture: img.Architecture,
+		FSLayers:     fsLayerList,
+		History:      history,
+	}
+
+	return Sign(&mfst, mb.pk)
+}
+
+// emptyTar pushes a compressed empty tar to the blob store if one doesn't
+// already exist, and returns its blobsum.
+func (mb *configManifestBuilder) emptyTar(ctx context.Context) (digest.Digest, error) {
+	if mb.emptyTarDigest != "" {
+		// Already put an empty tar
+		return mb.emptyTarDigest, nil
+	}
+
+	descriptor, err := mb.bs.Stat(ctx, digestSHA256GzippedEmptyTar)
+	switch err {
+	case nil:
+		mb.emptyTarDigest = descriptor.Digest
+		return descriptor.Digest, nil
+	case distribution.ErrBlobUnknown:
+		// nop
+	default:
+		return "", err
+	}
+
+	// Add gzipped empty tar to the blob store
+	descriptor, err = mb.bs.Put(ctx, "", gzippedEmptyTar)
+	if err != nil {
+		return "", err
+	}
+
+	mb.emptyTarDigest = descriptor.Digest
+
+	return descriptor.Digest, nil
+}
+
+// AppendReference adds a reference to the current ManifestBuilder
+func (mb *configManifestBuilder) AppendReference(d distribution.Describable) error {
+	descriptor := d.Descriptor()
+
+	if err := descriptor.Digest.Validate(); err != nil {
+		return err
+	}
+
+	mb.descriptors = append(mb.descriptors, descriptor)
+	return nil
+}
+
+// References returns the current references added to this builder
+func (mb *configManifestBuilder) References() []distribution.Descriptor {
+	return mb.descriptors
+}
+
+// MakeV1ConfigFromConfig creates an legacy V1 image config from image config JSON
+func MakeV1ConfigFromConfig(configJSON []byte, v1ID, parentV1ID string, throwaway bool) ([]byte, error) {
+	// Top-level v1compatibility string should be a modified version of the
+	// image config.
+	var configAsMap map[string]*json.RawMessage
+	if err := json.Unmarshal(configJSON, &configAsMap); err != nil {
+		return nil, err
+	}
+
+	// Delete fields that didn't exist in old manifest
+	delete(configAsMap, "rootfs")
+	delete(configAsMap, "history")
+	configAsMap["id"] = rawJSON(v1ID)
+	if parentV1ID != "" {
+		configAsMap["parent"] = rawJSON(parentV1ID)
+	}
+	if throwaway {
+		configAsMap["throwaway"] = rawJSON(true)
+	}
+
+	return json.Marshal(configAsMap)
+}
+
+func rawJSON(value interface{}) *json.RawMessage {
+	jsonval, err := json.Marshal(value)
+	if err != nil {
+		return nil
+	}
+	return (*json.RawMessage)(&jsonval)
+}
diff --git a/vendor/github.com/docker/distribution/manifest/schema1/manifest.go b/vendor/github.com/docker/distribution/manifest/schema1/manifest.go
new file mode 100644
index 000000000..9fef4dc7e
--- /dev/null
+++ b/vendor/github.com/docker/distribution/manifest/schema1/manifest.go
@@ -0,0 +1,184 @@
+package schema1
+
+import (
+	"encoding/json"
+	"fmt"
+
+	"github.com/docker/distribution"
+	"github.com/docker/distribution/manifest"
+	"github.com/docker/libtrust"
+	"github.com/opencontainers/go-digest"
+)
+
+const (
+	// MediaTypeManifest specifies the mediaType for the current version. Note
+	// that for schema version 1, the the media is optionally "application/json".
+	MediaTypeManifest = "application/vnd.docker.distribution.manifest.v1+json"
+	// MediaTypeSignedManifest specifies the mediatype for current SignedManifest version
+	MediaTypeSignedManifest = "application/vnd.docker.distribution.manifest.v1+prettyjws"
+	// MediaTypeManifestLayer specifies the media type for manifest layers
+	MediaTypeManifestLayer = "application/vnd.docker.container.image.rootfs.diff+x-gtar"
+)
+
+var (
+	// SchemaVersion provides a pre-initialized version structure for this
+	// packages version of the manifest.
+	SchemaVersion = manifest.Versioned{
+		SchemaVersion: 1,
+	}
+)
+
+func init() {
+	schema1Func := func(b []byte) (distribution.Manifest, distribution.Descriptor, error) {
+		sm := new(SignedManifest)
+		err := sm.UnmarshalJSON(b)
+		if err != nil {
+			return nil, distribution.Descriptor{}, err
+		}
+
+		desc := distribution.Descriptor{
+			Digest:    digest.FromBytes(sm.Canonical),
+			Size:      int64(len(sm.Canonical)),
+			MediaType: MediaTypeSignedManifest,
+		}
+		return sm, desc, err
+	}
+	err := distribution.RegisterManifestSchema(MediaTypeSignedManifest, schema1Func)
+	if err != nil {
+		panic(fmt.Sprintf("Unable to register manifest: %s", err))
+	}
+	err = distribution.RegisterManifestSchema("", schema1Func)
+	if err != nil {
+		panic(fmt.Sprintf("Unable to register manifest: %s", err))
+	}
+	err = distribution.RegisterManifestSchema("application/json", schema1Func)
+	if err != nil {
+		panic(fmt.Sprintf("Unable to register manifest: %s", err))
+	}
+}
+
+// FSLayer is a container struct for BlobSums defined in an image manifest
+type FSLayer struct {
+	// BlobSum is the tarsum of the referenced filesystem image layer
+	BlobSum digest.Digest `json:"blobSum"`
+}
+
+// History stores unstructured v1 compatibility information
+type History struct {
+	// V1Compatibility is the raw v1 compatibility information
+	V1Compatibility string `json:"v1Compatibility"`
+}
+
+// Manifest provides the base accessible fields for working with V2 image
+// format in the registry.
+type Manifest struct {
+	manifest.Versioned
+
+	// Name is the name of the image's repository
+	Name string `json:"name"`
+
+	// Tag is the tag of the image specified by this manifest
+	Tag string `json:"tag"`
+
+	// Architecture is the host architecture on which this image is intended to
+	// run
+	Architecture string `json:"architecture"`
+
+	// FSLayers is a list of filesystem layer blobSums contained in this image
+	FSLayers []FSLayer `json:"fsLayers"`
+
+	// History is a list of unstructured historical data for v1 compatibility
+	History []History `json:"history"`
+}
+
+// SignedManifest provides an envelope for a signed image manifest, including
+// the format sensitive raw bytes.
+type SignedManifest struct {
+	Manifest
+
+	// Canonical is the canonical byte representation of the ImageManifest,
+	// without any attached signatures. The manifest byte
+	// representation cannot change or it will have to be re-signed.
+	Canonical []byte `json:"-"`
+
+	// all contains the byte representation of the Manifest including signatures
+	// and is returned by Payload()
+	all []byte
+}
+
+// UnmarshalJSON populates a new SignedManifest struct from JSON data.
+func (sm *SignedManifest) UnmarshalJSON(b []byte) error {
+	sm.all = make([]byte, len(b))
+	// store manifest and signatures in all
+	copy(sm.all, b)
+
+	jsig, err := libtrust.ParsePrettySignature(b, "signatures")
+	if err != nil {
+		return err
+	}
+
+	// Resolve the payload in the manifest.
+	bytes, err := jsig.Payload()
+	if err != nil {
+		return err
+	}
+
+	// sm.Canonical stores the canonical manifest JSON
+	sm.Canonical = make([]byte, len(bytes))
+	copy(sm.Canonical, bytes)
+
+	// Unmarshal canonical JSON into Manifest object
+	var manifest Manifest
+	if err := json.Unmarshal(sm.Canonical, &manifest); err != nil {
+		return err
+	}
+
+	sm.Manifest = manifest
+
+	return nil
+}
+
+// References returns the descriptors of this manifests references
+func (sm SignedManifest) References() []distribution.Descriptor {
+	dependencies := make([]distribution.Descriptor, len(sm.FSLayers))
+	for i, fsLayer := range sm.FSLayers {
+		dependencies[i] = distribution.Descriptor{
+			MediaType: "application/vnd.docker.container.image.rootfs.diff+x-gtar",
+			Digest:    fsLayer.BlobSum,
+		}
+	}
+
+	return dependencies
+
+}
+
+// MarshalJSON returns the contents of raw. If Raw is nil, marshals the inner
+// contents. Applications requiring a marshaled signed manifest should simply
+// use Raw directly, since the the content produced by json.Marshal will be
+// compacted and will fail signature checks.
+func (sm *SignedManifest) MarshalJSON() ([]byte, error) {
+	if len(sm.all) > 0 {
+		return sm.all, nil
+	}
+
+	// If the raw data is not available, just dump the inner content.
+	return json.Marshal(&sm.Manifest)
+}
+
+// Payload returns the signed content of the signed manifest.
+func (sm SignedManifest) Payload() (string, []byte, error) {
+	return MediaTypeSignedManifest, sm.all, nil
+}
+
+// Signatures returns the signatures as provided by
+// (*libtrust.JSONSignature).Signatures. The byte slices are opaque jws
+// signatures.
+func (sm *SignedManifest) Signatures() ([][]byte, error) {
+	jsig, err := libtrust.ParsePrettySignature(sm.all, "signatures")
+	if err != nil {
+		return nil, err
+	}
+
+	// Resolve the payload in the manifest.
+	return jsig.Signatures()
+}
diff --git a/vendor/github.com/docker/distribution/manifest/schema1/reference_builder.go b/vendor/github.com/docker/distribution/manifest/schema1/reference_builder.go
new file mode 100644
index 000000000..0f1d386aa
--- /dev/null
+++ b/vendor/github.com/docker/distribution/manifest/schema1/reference_builder.go
@@ -0,0 +1,98 @@
+package schema1
+
+import (
+	"context"
+	"errors"
+	"fmt"
+
+	"github.com/docker/distribution"
+	"github.com/docker/distribution/manifest"
+	"github.com/docker/distribution/reference"
+	"github.com/docker/libtrust"
+	"github.com/opencontainers/go-digest"
+)
+
+// referenceManifestBuilder is a type for constructing manifests from schema1
+// dependencies.
+type referenceManifestBuilder struct {
+	Manifest
+	pk libtrust.PrivateKey
+}
+
+// NewReferenceManifestBuilder is used to build new manifests for the current
+// schema version using schema1 dependencies.
+func NewReferenceManifestBuilder(pk libtrust.PrivateKey, ref reference.Named, architecture string) distribution.ManifestBuilder {
+	tag := ""
+	if tagged, isTagged := ref.(reference.Tagged); isTagged {
+		tag = tagged.Tag()
+	}
+
+	return &referenceManifestBuilder{
+		Manifest: Manifest{
+			Versioned: manifest.Versioned{
+				SchemaVersion: 1,
+			},
+			Name:         ref.Name(),
+			Tag:          tag,
+			Architecture: architecture,
+		},
+		pk: pk,
+	}
+}
+
+func (mb *referenceManifestBuilder) Build(ctx context.Context) (distribution.Manifest, error) {
+	m := mb.Manifest
+	if len(m.FSLayers) == 0 {
+		return nil, errors.New("cannot build manifest with zero layers or history")
+	}
+
+	m.FSLayers = make([]FSLayer, len(mb.Manifest.FSLayers))
+	m.History = make([]History, len(mb.Manifest.History))
+	copy(m.FSLayers, mb.Manifest.FSLayers)
+	copy(m.History, mb.Manifest.History)
+
+	return Sign(&m, mb.pk)
+}
+
+// AppendReference adds a reference to the current ManifestBuilder
+func (mb *referenceManifestBuilder) AppendReference(d distribution.Describable) error {
+	r, ok := d.(Reference)
+	if !ok {
+		return fmt.Errorf("unable to add non-reference type to v1 builder")
+	}
+
+	// Entries need to be prepended
+	mb.Manifest.FSLayers = append([]FSLayer{{BlobSum: r.Digest}}, mb.Manifest.FSLayers...)
+	mb.Manifest.History = append([]History{r.History}, mb.Manifest.History...)
+	return nil
+
+}
+
+// References returns the current references added to this builder
+func (mb *referenceManifestBuilder) References() []distribution.Descriptor {
+	refs := make([]distribution.Descriptor, len(mb.Manifest.FSLayers))
+	for i := range mb.Manifest.FSLayers {
+		layerDigest := mb.Manifest.FSLayers[i].BlobSum
+		history := mb.Manifest.History[i]
+		ref := Reference{layerDigest, 0, history}
+		refs[i] = ref.Descriptor()
+	}
+	return refs
+}
+
+// Reference describes a manifest v2, schema version 1 dependency.
+// An FSLayer associated with a history entry.
+type Reference struct {
+	Digest  digest.Digest
+	Size    int64 // if we know it, set it for the descriptor.
+	History History
+}
+
+// Descriptor describes a reference
+func (r Reference) Descriptor() distribution.Descriptor {
+	return distribution.Descriptor{
+		MediaType: MediaTypeManifestLayer,
+		Digest:    r.Digest,
+		Size:      r.Size,
+	}
+}
diff --git a/vendor/github.com/docker/distribution/manifest/schema1/sign.go b/vendor/github.com/docker/distribution/manifest/schema1/sign.go
new file mode 100644
index 000000000..c862dd812
--- /dev/null
+++ b/vendor/github.com/docker/distribution/manifest/schema1/sign.go
@@ -0,0 +1,68 @@
+package schema1
+
+import (
+	"crypto/x509"
+	"encoding/json"
+
+	"github.com/docker/libtrust"
+)
+
+// Sign signs the manifest with the provided private key, returning a
+// SignedManifest. This typically won't be used within the registry, except
+// for testing.
+func Sign(m *Manifest, pk libtrust.PrivateKey) (*SignedManifest, error) {
+	p, err := json.MarshalIndent(m, "", "   ")
+	if err != nil {
+		return nil, err
+	}
+
+	js, err := libtrust.NewJSONSignature(p)
+	if err != nil {
+		return nil, err
+	}
+
+	if err := js.Sign(pk); err != nil {
+		return nil, err
+	}
+
+	pretty, err := js.PrettySignature("signatures")
+	if err != nil {
+		return nil, err
+	}
+
+	return &SignedManifest{
+		Manifest:  *m,
+		all:       pretty,
+		Canonical: p,
+	}, nil
+}
+
+// SignWithChain signs the manifest with the given private key and x509 chain.
+// The public key of the first element in the chain must be the public key
+// corresponding with the sign key.
+func SignWithChain(m *Manifest, key libtrust.PrivateKey, chain []*x509.Certificate) (*SignedManifest, error) {
+	p, err := json.MarshalIndent(m, "", "   ")
+	if err != nil {
+		return nil, err
+	}
+
+	js, err := libtrust.NewJSONSignature(p)
+	if err != nil {
+		return nil, err
+	}
+
+	if err := js.SignWithChain(key, chain); err != nil {
+		return nil, err
+	}
+
+	pretty, err := js.PrettySignature("signatures")
+	if err != nil {
+		return nil, err
+	}
+
+	return &SignedManifest{
+		Manifest:  *m,
+		all:       pretty,
+		Canonical: p,
+	}, nil
+}
diff --git a/vendor/github.com/docker/distribution/manifest/schema1/verify.go b/vendor/github.com/docker/distribution/manifest/schema1/verify.go
new file mode 100644
index 000000000..ef59065cd
--- /dev/null
+++ b/vendor/github.com/docker/distribution/manifest/schema1/verify.go
@@ -0,0 +1,32 @@
+package schema1
+
+import (
+	"crypto/x509"
+
+	"github.com/docker/libtrust"
+	"github.com/sirupsen/logrus"
+)
+
+// Verify verifies the signature of the signed manifest returning the public
+// keys used during signing.
+func Verify(sm *SignedManifest) ([]libtrust.PublicKey, error) {
+	js, err := libtrust.ParsePrettySignature(sm.all, "signatures")
+	if err != nil {
+		logrus.WithField("err", err).Debugf("(*SignedManifest).Verify")
+		return nil, err
+	}
+
+	return js.Verify()
+}
+
+// VerifyChains verifies the signature of the signed manifest against the
+// certificate pool returning the list of verified chains. Signatures without
+// an x509 chain are not checked.
+func VerifyChains(sm *SignedManifest, ca *x509.CertPool) ([][]*x509.Certificate, error) {
+	js, err := libtrust.ParsePrettySignature(sm.all, "signatures")
+	if err != nil {
+		return nil, err
+	}
+
+	return js.VerifyChains(ca)
+}
diff --git a/vendor/github.com/docker/distribution/notifications/bridge.go b/vendor/github.com/docker/distribution/notifications/bridge.go
new file mode 100644
index 000000000..86af43f30
--- /dev/null
+++ b/vendor/github.com/docker/distribution/notifications/bridge.go
@@ -0,0 +1,225 @@
+package notifications
+
+import (
+	"net/http"
+	"time"
+
+	"github.com/docker/distribution"
+	"github.com/docker/distribution/context"
+	"github.com/docker/distribution/reference"
+	"github.com/docker/distribution/uuid"
+	"github.com/opencontainers/go-digest"
+)
+
+type bridge struct {
+	ub                URLBuilder
+	includeReferences bool
+	actor             ActorRecord
+	source            SourceRecord
+	request           RequestRecord
+	sink              Sink
+}
+
+var _ Listener = &bridge{}
+
+// URLBuilder defines a subset of url builder to be used by the event listener.
+type URLBuilder interface {
+	BuildManifestURL(name reference.Named) (string, error)
+	BuildBlobURL(ref reference.Canonical) (string, error)
+}
+
+// NewBridge returns a notification listener that writes records to sink,
+// using the actor and source. Any urls populated in the events created by
+// this bridge will be created using the URLBuilder.
+// TODO(stevvooe): Update this to simply take a context.Context object.
+func NewBridge(ub URLBuilder, source SourceRecord, actor ActorRecord, request RequestRecord, sink Sink, includeReferences bool) Listener {
+	return &bridge{
+		ub:                ub,
+		includeReferences: includeReferences,
+		actor:             actor,
+		source:            source,
+		request:           request,
+		sink:              sink,
+	}
+}
+
+// NewRequestRecord builds a RequestRecord for use in NewBridge from an
+// http.Request, associating it with a request id.
+func NewRequestRecord(id string, r *http.Request) RequestRecord {
+	return RequestRecord{
+		ID:        id,
+		Addr:      context.RemoteAddr(r),
+		Host:      r.Host,
+		Method:    r.Method,
+		UserAgent: r.UserAgent(),
+	}
+}
+
+func (b *bridge) ManifestPushed(repo reference.Named, sm distribution.Manifest, options ...distribution.ManifestServiceOption) error {
+	manifestEvent, err := b.createManifestEvent(EventActionPush, repo, sm)
+	if err != nil {
+		return err
+	}
+
+	for _, option := range options {
+		if opt, ok := option.(distribution.WithTagOption); ok {
+			manifestEvent.Target.Tag = opt.Tag
+			break
+		}
+	}
+	return b.sink.Write(*manifestEvent)
+}
+
+func (b *bridge) ManifestPulled(repo reference.Named, sm distribution.Manifest, options ...distribution.ManifestServiceOption) error {
+	manifestEvent, err := b.createManifestEvent(EventActionPull, repo, sm)
+	if err != nil {
+		return err
+	}
+
+	for _, option := range options {
+		if opt, ok := option.(distribution.WithTagOption); ok {
+			manifestEvent.Target.Tag = opt.Tag
+			break
+		}
+	}
+	return b.sink.Write(*manifestEvent)
+}
+
+func (b *bridge) ManifestDeleted(repo reference.Named, dgst digest.Digest) error {
+	return b.createManifestDeleteEventAndWrite(EventActionDelete, repo, dgst)
+}
+
+func (b *bridge) BlobPushed(repo reference.Named, desc distribution.Descriptor) error {
+	return b.createBlobEventAndWrite(EventActionPush, repo, desc)
+}
+
+func (b *bridge) BlobPulled(repo reference.Named, desc distribution.Descriptor) error {
+	return b.createBlobEventAndWrite(EventActionPull, repo, desc)
+}
+
+func (b *bridge) BlobMounted(repo reference.Named, desc distribution.Descriptor, fromRepo reference.Named) error {
+	event, err := b.createBlobEvent(EventActionMount, repo, desc)
+	if err != nil {
+		return err
+	}
+	event.Target.FromRepository = fromRepo.Name()
+	return b.sink.Write(*event)
+}
+
+func (b *bridge) BlobDeleted(repo reference.Named, dgst digest.Digest) error {
+	return b.createBlobDeleteEventAndWrite(EventActionDelete, repo, dgst)
+}
+
+func (b *bridge) TagDeleted(repo reference.Named, tag string) error {
+	event := b.createEvent(EventActionDelete)
+	event.Target.Repository = repo.Name()
+	event.Target.Tag = tag
+
+	return b.sink.Write(*event)
+}
+
+func (b *bridge) RepoDeleted(repo reference.Named) error {
+	event := b.createEvent(EventActionDelete)
+	event.Target.Repository = repo.Name()
+
+	return b.sink.Write(*event)
+}
+
+func (b *bridge) createManifestDeleteEventAndWrite(action string, repo reference.Named, dgst digest.Digest) error {
+	event := b.createEvent(action)
+	event.Target.Repository = repo.Name()
+	event.Target.Digest = dgst
+
+	return b.sink.Write(*event)
+}
+
+func (b *bridge) createManifestEvent(action string, repo reference.Named, sm distribution.Manifest) (*Event, error) {
+	event := b.createEvent(action)
+	event.Target.Repository = repo.Name()
+
+	mt, p, err := sm.Payload()
+	if err != nil {
+		return nil, err
+	}
+
+	// Ensure we have the canonical manifest descriptor here
+	manifest, desc, err := distribution.UnmarshalManifest(mt, p)
+	if err != nil {
+		return nil, err
+	}
+
+	event.Target.MediaType = mt
+	event.Target.Length = desc.Size
+	event.Target.Size = desc.Size
+	event.Target.Digest = desc.Digest
+	if b.includeReferences {
+		event.Target.References = append(event.Target.References, manifest.References()...)
+	}
+
+	ref, err := reference.WithDigest(repo, event.Target.Digest)
+	if err != nil {
+		return nil, err
+	}
+
+	event.Target.URL, err = b.ub.BuildManifestURL(ref)
+	if err != nil {
+		return nil, err
+	}
+
+	return event, nil
+}
+
+func (b *bridge) createBlobDeleteEventAndWrite(action string, repo reference.Named, dgst digest.Digest) error {
+	event := b.createEvent(action)
+	event.Target.Digest = dgst
+	event.Target.Repository = repo.Name()
+
+	return b.sink.Write(*event)
+}
+
+func (b *bridge) createBlobEventAndWrite(action string, repo reference.Named, desc distribution.Descriptor) error {
+	event, err := b.createBlobEvent(action, repo, desc)
+	if err != nil {
+		return err
+	}
+
+	return b.sink.Write(*event)
+}
+
+func (b *bridge) createBlobEvent(action string, repo reference.Named, desc distribution.Descriptor) (*Event, error) {
+	event := b.createEvent(action)
+	event.Target.Descriptor = desc
+	event.Target.Length = desc.Size
+	event.Target.Repository = repo.Name()
+
+	ref, err := reference.WithDigest(repo, desc.Digest)
+	if err != nil {
+		return nil, err
+	}
+
+	event.Target.URL, err = b.ub.BuildBlobURL(ref)
+	if err != nil {
+		return nil, err
+	}
+
+	return event, nil
+}
+
+// createEvent creates an event with actor and source populated.
+func (b *bridge) createEvent(action string) *Event {
+	event := createEvent(action)
+	event.Source = b.source
+	event.Actor = b.actor
+	event.Request = b.request
+
+	return event
+}
+
+// createEvent returns a new event, timestamped, with the specified action.
+func createEvent(action string) *Event {
+	return &Event{
+		ID:        uuid.Generate().String(),
+		Timestamp: time.Now(),
+		Action:    action,
+	}
+}
diff --git a/vendor/github.com/docker/distribution/notifications/endpoint.go b/vendor/github.com/docker/distribution/notifications/endpoint.go
new file mode 100644
index 000000000..a8a52d0c9
--- /dev/null
+++ b/vendor/github.com/docker/distribution/notifications/endpoint.go
@@ -0,0 +1,97 @@
+package notifications
+
+import (
+	"net/http"
+	"time"
+
+	"github.com/docker/distribution/configuration"
+)
+
+// EndpointConfig covers the optional configuration parameters for an active
+// endpoint.
+type EndpointConfig struct {
+	Headers           http.Header
+	Timeout           time.Duration
+	Threshold         int
+	Backoff           time.Duration
+	IgnoredMediaTypes []string
+	Transport         *http.Transport `json:"-"`
+	Ignore            configuration.Ignore
+}
+
+// defaults set any zero-valued fields to a reasonable default.
+func (ec *EndpointConfig) defaults() {
+	if ec.Timeout <= 0 {
+		ec.Timeout = time.Second
+	}
+
+	if ec.Threshold <= 0 {
+		ec.Threshold = 10
+	}
+
+	if ec.Backoff <= 0 {
+		ec.Backoff = time.Second
+	}
+
+	if ec.Transport == nil {
+		ec.Transport = http.DefaultTransport.(*http.Transport)
+	}
+}
+
+// Endpoint is a reliable, queued, thread-safe sink that notify external http
+// services when events are written. Writes are non-blocking and always
+// succeed for callers but events may be queued internally.
+type Endpoint struct {
+	Sink
+	url  string
+	name string
+
+	EndpointConfig
+
+	metrics *safeMetrics
+}
+
+// NewEndpoint returns a running endpoint, ready to receive events.
+func NewEndpoint(name, url string, config EndpointConfig) *Endpoint {
+	var endpoint Endpoint
+	endpoint.name = name
+	endpoint.url = url
+	endpoint.EndpointConfig = config
+	endpoint.defaults()
+	endpoint.metrics = newSafeMetrics()
+
+	// Configures the inmemory queue, retry, http pipeline.
+	endpoint.Sink = newHTTPSink(
+		endpoint.url, endpoint.Timeout, endpoint.Headers,
+		endpoint.Transport, endpoint.metrics.httpStatusListener())
+	endpoint.Sink = newRetryingSink(endpoint.Sink, endpoint.Threshold, endpoint.Backoff)
+	endpoint.Sink = newEventQueue(endpoint.Sink, endpoint.metrics.eventQueueListener())
+	mediaTypes := append(config.Ignore.MediaTypes, config.IgnoredMediaTypes...)
+	endpoint.Sink = newIgnoredSink(endpoint.Sink, mediaTypes, config.Ignore.Actions)
+
+	register(&endpoint)
+	return &endpoint
+}
+
+// Name returns the name of the endpoint, generally used for debugging.
+func (e *Endpoint) Name() string {
+	return e.name
+}
+
+// URL returns the url of the endpoint.
+func (e *Endpoint) URL() string {
+	return e.url
+}
+
+// ReadMetrics populates em with metrics from the endpoint.
+func (e *Endpoint) ReadMetrics(em *EndpointMetrics) {
+	e.metrics.Lock()
+	defer e.metrics.Unlock()
+
+	*em = e.metrics.EndpointMetrics
+	// Map still need to copied in a threadsafe manner.
+	em.Statuses = make(map[string]int)
+	for k, v := range e.metrics.Statuses {
+		em.Statuses[k] = v
+	}
+}
diff --git a/vendor/github.com/docker/distribution/notifications/event.go b/vendor/github.com/docker/distribution/notifications/event.go
new file mode 100644
index 000000000..54940a46f
--- /dev/null
+++ b/vendor/github.com/docker/distribution/notifications/event.go
@@ -0,0 +1,163 @@
+package notifications
+
+import (
+	"fmt"
+	"time"
+
+	"github.com/docker/distribution"
+)
+
+// EventAction constants used in action field of Event.
+const (
+	EventActionPull   = "pull"
+	EventActionPush   = "push"
+	EventActionMount  = "mount"
+	EventActionDelete = "delete"
+)
+
+const (
+	// EventsMediaType is the mediatype for the json event envelope. If the
+	// Event, ActorRecord, SourceRecord or Envelope structs change, the version
+	// number should be incremented.
+	EventsMediaType = "application/vnd.docker.distribution.events.v1+json"
+	// LayerMediaType is the media type for image rootfs diffs (aka "layers")
+	// used by Docker. We don't expect this to change for quite a while.
+	layerMediaType = "application/vnd.docker.container.image.rootfs.diff+x-gtar"
+)
+
+// Envelope defines the fields of a json event envelope message that can hold
+// one or more events.
+type Envelope struct {
+	// Events make up the contents of the envelope. Events present in a single
+	// envelope are not necessarily related.
+	Events []Event `json:"events,omitempty"`
+}
+
+// TODO(stevvooe): The event type should be separate from the json format. It
+// should be defined as an interface. Leaving as is for now since we don't
+// need that at this time. If we make this change, the struct below would be
+// called "EventRecord".
+
+// Event provides the fields required to describe a registry event.
+type Event struct {
+	// ID provides a unique identifier for the event.
+	ID string `json:"id,omitempty"`
+
+	// Timestamp is the time at which the event occurred.
+	Timestamp time.Time `json:"timestamp,omitempty"`
+
+	// Action indicates what action encompasses the provided event.
+	Action string `json:"action,omitempty"`
+
+	// Target uniquely describes the target of the event.
+	Target struct {
+		// TODO(stevvooe): Use http.DetectContentType for layers, maybe.
+
+		distribution.Descriptor
+
+		// Length in bytes of content. Same as Size field in Descriptor.
+		// Provided for backwards compatibility.
+		Length int64 `json:"length,omitempty"`
+
+		// Repository identifies the named repository.
+		Repository string `json:"repository,omitempty"`
+
+		// FromRepository identifies the named repository which a blob was mounted
+		// from if appropriate.
+		FromRepository string `json:"fromRepository,omitempty"`
+
+		// URL provides a direct link to the content.
+		URL string `json:"url,omitempty"`
+
+		// Tag provides the tag
+		Tag string `json:"tag,omitempty"`
+
+		// References provides the references descriptors.
+		References []distribution.Descriptor `json:"references,omitempty"`
+	} `json:"target,omitempty"`
+
+	// Request covers the request that generated the event.
+	Request RequestRecord `json:"request,omitempty"`
+
+	// Actor specifies the agent that initiated the event. For most
+	// situations, this could be from the authorization context of the request.
+	Actor ActorRecord `json:"actor,omitempty"`
+
+	// Source identifies the registry node that generated the event. Put
+	// differently, while the actor "initiates" the event, the source
+	// "generates" it.
+	Source SourceRecord `json:"source,omitempty"`
+}
+
+// ActorRecord specifies the agent that initiated the event. For most
+// situations, this could be from the authorization context of the request.
+// Data in this record can refer to both the initiating client and the
+// generating request.
+type ActorRecord struct {
+	// Name corresponds to the subject or username associated with the
+	// request context that generated the event.
+	Name string `json:"name,omitempty"`
+
+	// TODO(stevvooe): Look into setting a session cookie to get this
+	// without docker daemon.
+	//    SessionID
+
+	// TODO(stevvooe): Push the "Docker-Command" header to replace cookie and
+	// get the actual command.
+	//    Command
+}
+
+// RequestRecord covers the request that generated the event.
+type RequestRecord struct {
+	// ID uniquely identifies the request that initiated the event.
+	ID string `json:"id"`
+
+	// Addr contains the ip or hostname and possibly port of the client
+	// connection that initiated the event. This is the RemoteAddr from
+	// the standard http request.
+	Addr string `json:"addr,omitempty"`
+
+	// Host is the externally accessible host name of the registry instance,
+	// as specified by the http host header on incoming requests.
+	Host string `json:"host,omitempty"`
+
+	// Method has the request method that generated the event.
+	Method string `json:"method"`
+
+	// UserAgent contains the user agent header of the request.
+	UserAgent string `json:"useragent"`
+}
+
+// SourceRecord identifies the registry node that generated the event. Put
+// differently, while the actor "initiates" the event, the source "generates"
+// it.
+type SourceRecord struct {
+	// Addr contains the ip or hostname and the port of the registry node
+	// that generated the event. Generally, this will be resolved by
+	// os.Hostname() along with the running port.
+	Addr string `json:"addr,omitempty"`
+
+	// InstanceID identifies a running instance of an application. Changes
+	// after each restart.
+	InstanceID string `json:"instanceID,omitempty"`
+}
+
+var (
+	// ErrSinkClosed is returned if a write is issued to a sink that has been
+	// closed. If encountered, the error should be considered terminal and
+	// retries will not be successful.
+	ErrSinkClosed = fmt.Errorf("sink: closed")
+)
+
+// Sink accepts and sends events.
+type Sink interface {
+	// Write writes one or more events to the sink. If no error is returned,
+	// the caller will assume that all events have been committed and will not
+	// try to send them again. If an error is received, the caller may retry
+	// sending the event. The caller should cede the slice of memory to the
+	// sink and not modify it after calling this method.
+	Write(events ...Event) error
+
+	// Close the sink, possibly waiting for pending events to flush.
+	Close() error
+}
diff --git a/vendor/github.com/docker/distribution/notifications/http.go b/vendor/github.com/docker/distribution/notifications/http.go
new file mode 100644
index 000000000..46f47af2b
--- /dev/null
+++ b/vendor/github.com/docker/distribution/notifications/http.go
@@ -0,0 +1,149 @@
+package notifications
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"net/http"
+	"sync"
+	"time"
+)
+
+// httpSink implements a single-flight, http notification endpoint. This is
+// very lightweight in that it only makes an attempt at an http request.
+// Reliability should be provided by the caller.
+type httpSink struct {
+	url string
+
+	mu        sync.Mutex
+	closed    bool
+	client    *http.Client
+	listeners []httpStatusListener
+
+	// TODO(stevvooe): Allow one to configure the media type accepted by this
+	// sink and choose the serialization based on that.
+}
+
+// newHTTPSink returns an unreliable, single-flight http sink. Wrap in other
+// sinks for increased reliability.
+func newHTTPSink(u string, timeout time.Duration, headers http.Header, transport *http.Transport, listeners ...httpStatusListener) *httpSink {
+	if transport == nil {
+		transport = http.DefaultTransport.(*http.Transport)
+	}
+	return &httpSink{
+		url:       u,
+		listeners: listeners,
+		client: &http.Client{
+			Transport: &headerRoundTripper{
+				Transport: transport,
+				headers:   headers,
+			},
+			Timeout: timeout,
+		},
+	}
+}
+
+// httpStatusListener is called on various outcomes of sending notifications.
+type httpStatusListener interface {
+	success(status int, events ...Event)
+	failure(status int, events ...Event)
+	err(err error, events ...Event)
+}
+
+// Accept makes an attempt to notify the endpoint, returning an error if it
+// fails. It is the caller's responsibility to retry on error. The events are
+// accepted or rejected as a group.
+func (hs *httpSink) Write(events ...Event) error {
+	hs.mu.Lock()
+	defer hs.mu.Unlock()
+	defer hs.client.Transport.(*headerRoundTripper).CloseIdleConnections()
+
+	if hs.closed {
+		return ErrSinkClosed
+	}
+
+	envelope := Envelope{
+		Events: events,
+	}
+
+	// TODO(stevvooe): It is not ideal to keep re-encoding the request body on
+	// retry but we are going to do it to keep the code simple. It is likely
+	// we could change the event struct to manage its own buffer.
+
+	p, err := json.MarshalIndent(envelope, "", "   ")
+	if err != nil {
+		for _, listener := range hs.listeners {
+			listener.err(err, events...)
+		}
+		return fmt.Errorf("%v: error marshaling event envelope: %v", hs, err)
+	}
+
+	body := bytes.NewReader(p)
+	resp, err := hs.client.Post(hs.url, EventsMediaType, body)
+	if err != nil {
+		for _, listener := range hs.listeners {
+			listener.err(err, events...)
+		}
+
+		return fmt.Errorf("%v: error posting: %v", hs, err)
+	}
+	defer resp.Body.Close()
+
+	// The notifier will treat any 2xx or 3xx response as accepted by the
+	// endpoint.
+	switch {
+	case resp.StatusCode >= 200 && resp.StatusCode < 400:
+		for _, listener := range hs.listeners {
+			listener.success(resp.StatusCode, events...)
+		}
+
+		// TODO(stevvooe): This is a little accepting: we may want to support
+		// unsupported media type responses with retries using the correct
+		// media type. There may also be cases that will never work.
+
+		return nil
+	default:
+		for _, listener := range hs.listeners {
+			listener.failure(resp.StatusCode, events...)
+		}
+		return fmt.Errorf("%v: response status %v unaccepted", hs, resp.Status)
+	}
+}
+
+// Close the endpoint
+func (hs *httpSink) Close() error {
+	hs.mu.Lock()
+	defer hs.mu.Unlock()
+
+	if hs.closed {
+		return fmt.Errorf("httpsink: already closed")
+	}
+
+	hs.closed = true
+	return nil
+}
+
+func (hs *httpSink) String() string {
+	return fmt.Sprintf("httpSink{%s}", hs.url)
+}
+
+type headerRoundTripper struct {
+	*http.Transport // must be transport to support CancelRequest
+	headers         http.Header
+}
+
+func (hrt *headerRoundTripper) RoundTrip(req *http.Request) (*http.Response, error) {
+	var nreq = *req
+	nreq.Header = make(http.Header)
+
+	merge := func(headers http.Header) {
+		for k, v := range headers {
+			nreq.Header[k] = append(nreq.Header[k], v...)
+		}
+	}
+
+	merge(req.Header)
+	merge(hrt.headers)
+
+	return hrt.Transport.RoundTrip(&nreq)
+}
diff --git a/vendor/github.com/docker/distribution/notifications/listener.go b/vendor/github.com/docker/distribution/notifications/listener.go
new file mode 100644
index 000000000..98ad8da9f
--- /dev/null
+++ b/vendor/github.com/docker/distribution/notifications/listener.go
@@ -0,0 +1,263 @@
+package notifications
+
+import (
+	"context"
+	"net/http"
+
+	"github.com/docker/distribution"
+
+	dcontext "github.com/docker/distribution/context"
+	"github.com/docker/distribution/reference"
+	"github.com/opencontainers/go-digest"
+)
+
+// ManifestListener describes a set of methods for listening to events related to manifests.
+type ManifestListener interface {
+	ManifestPushed(repo reference.Named, sm distribution.Manifest, options ...distribution.ManifestServiceOption) error
+	ManifestPulled(repo reference.Named, sm distribution.Manifest, options ...distribution.ManifestServiceOption) error
+	ManifestDeleted(repo reference.Named, dgst digest.Digest) error
+}
+
+// BlobListener describes a listener that can respond to layer related events.
+type BlobListener interface {
+	BlobPushed(repo reference.Named, desc distribution.Descriptor) error
+	BlobPulled(repo reference.Named, desc distribution.Descriptor) error
+	BlobMounted(repo reference.Named, desc distribution.Descriptor, fromRepo reference.Named) error
+	BlobDeleted(repo reference.Named, desc digest.Digest) error
+}
+
+// RepoListener provides repository methods that respond to repository lifecycle
+type RepoListener interface {
+	TagDeleted(repo reference.Named, tag string) error
+	RepoDeleted(repo reference.Named) error
+}
+
+// Listener combines all repository events into a single interface.
+type Listener interface {
+	ManifestListener
+	BlobListener
+	RepoListener
+}
+
+type repositoryListener struct {
+	distribution.Repository
+	listener Listener
+}
+
+type removerListener struct {
+	distribution.RepositoryRemover
+	listener Listener
+}
+
+// Listen dispatches events on the repository to the listener.
+func Listen(repo distribution.Repository, remover distribution.RepositoryRemover, listener Listener) (distribution.Repository, distribution.RepositoryRemover) {
+	return &repositoryListener{
+			Repository: repo,
+			listener:   listener,
+		}, &removerListener{
+			RepositoryRemover: remover,
+			listener:          listener,
+		}
+}
+
+func (nl *removerListener) Remove(ctx context.Context, name reference.Named) error {
+	err := nl.RepositoryRemover.Remove(ctx, name)
+	if err != nil {
+		return err
+	}
+	return nl.listener.RepoDeleted(name)
+}
+
+func (rl *repositoryListener) Manifests(ctx context.Context, options ...distribution.ManifestServiceOption) (distribution.ManifestService, error) {
+	manifests, err := rl.Repository.Manifests(ctx, options...)
+	if err != nil {
+		return nil, err
+	}
+	return &manifestServiceListener{
+		ManifestService: manifests,
+		parent:          rl,
+	}, nil
+}
+
+func (rl *repositoryListener) Blobs(ctx context.Context) distribution.BlobStore {
+	return &blobServiceListener{
+		BlobStore: rl.Repository.Blobs(ctx),
+		parent:    rl,
+	}
+}
+
+type manifestServiceListener struct {
+	distribution.ManifestService
+	parent *repositoryListener
+}
+
+func (msl *manifestServiceListener) Delete(ctx context.Context, dgst digest.Digest) error {
+	err := msl.ManifestService.Delete(ctx, dgst)
+	if err == nil {
+		if err := msl.parent.listener.ManifestDeleted(msl.parent.Repository.Named(), dgst); err != nil {
+			dcontext.GetLogger(ctx).Errorf("error dispatching manifest delete to listener: %v", err)
+		}
+	}
+
+	return err
+}
+
+func (msl *manifestServiceListener) Get(ctx context.Context, dgst digest.Digest, options ...distribution.ManifestServiceOption) (distribution.Manifest, error) {
+	sm, err := msl.ManifestService.Get(ctx, dgst, options...)
+	if err == nil {
+		if err := msl.parent.listener.ManifestPulled(msl.parent.Repository.Named(), sm, options...); err != nil {
+			dcontext.GetLogger(ctx).Errorf("error dispatching manifest pull to listener: %v", err)
+		}
+	}
+
+	return sm, err
+}
+
+func (msl *manifestServiceListener) Put(ctx context.Context, sm distribution.Manifest, options ...distribution.ManifestServiceOption) (digest.Digest, error) {
+	dgst, err := msl.ManifestService.Put(ctx, sm, options...)
+
+	if err == nil {
+		if err := msl.parent.listener.ManifestPushed(msl.parent.Repository.Named(), sm, options...); err != nil {
+			dcontext.GetLogger(ctx).Errorf("error dispatching manifest push to listener: %v", err)
+		}
+	}
+
+	return dgst, err
+}
+
+type blobServiceListener struct {
+	distribution.BlobStore
+	parent *repositoryListener
+}
+
+var _ distribution.BlobStore = &blobServiceListener{}
+
+func (bsl *blobServiceListener) Get(ctx context.Context, dgst digest.Digest) ([]byte, error) {
+	p, err := bsl.BlobStore.Get(ctx, dgst)
+	if err == nil {
+		if desc, err := bsl.Stat(ctx, dgst); err != nil {
+			dcontext.GetLogger(ctx).Errorf("error resolving descriptor in ServeBlob listener: %v", err)
+		} else {
+			if err := bsl.parent.listener.BlobPulled(bsl.parent.Repository.Named(), desc); err != nil {
+				dcontext.GetLogger(ctx).Errorf("error dispatching layer pull to listener: %v", err)
+			}
+		}
+	}
+
+	return p, err
+}
+
+func (bsl *blobServiceListener) Open(ctx context.Context, dgst digest.Digest) (distribution.ReadSeekCloser, error) {
+	rc, err := bsl.BlobStore.Open(ctx, dgst)
+	if err == nil {
+		if desc, err := bsl.Stat(ctx, dgst); err != nil {
+			dcontext.GetLogger(ctx).Errorf("error resolving descriptor in ServeBlob listener: %v", err)
+		} else {
+			if err := bsl.parent.listener.BlobPulled(bsl.parent.Repository.Named(), desc); err != nil {
+				dcontext.GetLogger(ctx).Errorf("error dispatching layer pull to listener: %v", err)
+			}
+		}
+	}
+
+	return rc, err
+}
+
+func (bsl *blobServiceListener) ServeBlob(ctx context.Context, w http.ResponseWriter, r *http.Request, dgst digest.Digest) error {
+	err := bsl.BlobStore.ServeBlob(ctx, w, r, dgst)
+	if err == nil {
+		if desc, err := bsl.Stat(ctx, dgst); err != nil {
+			dcontext.GetLogger(ctx).Errorf("error resolving descriptor in ServeBlob listener: %v", err)
+		} else {
+			if err := bsl.parent.listener.BlobPulled(bsl.parent.Repository.Named(), desc); err != nil {
+				dcontext.GetLogger(ctx).Errorf("error dispatching layer pull to listener: %v", err)
+			}
+		}
+	}
+
+	return err
+}
+
+func (bsl *blobServiceListener) Put(ctx context.Context, mediaType string, p []byte) (distribution.Descriptor, error) {
+	desc, err := bsl.BlobStore.Put(ctx, mediaType, p)
+	if err == nil {
+		if err := bsl.parent.listener.BlobPushed(bsl.parent.Repository.Named(), desc); err != nil {
+			dcontext.GetLogger(ctx).Errorf("error dispatching layer push to listener: %v", err)
+		}
+	}
+
+	return desc, err
+}
+
+func (bsl *blobServiceListener) Create(ctx context.Context, options ...distribution.BlobCreateOption) (distribution.BlobWriter, error) {
+	wr, err := bsl.BlobStore.Create(ctx, options...)
+	switch err := err.(type) {
+	case distribution.ErrBlobMounted:
+		if err := bsl.parent.listener.BlobMounted(bsl.parent.Repository.Named(), err.Descriptor, err.From); err != nil {
+			dcontext.GetLogger(ctx).Errorf("error dispatching blob mount to listener: %v", err)
+		}
+		return nil, err
+	}
+	return bsl.decorateWriter(wr), err
+}
+
+func (bsl *blobServiceListener) Delete(ctx context.Context, dgst digest.Digest) error {
+	err := bsl.BlobStore.Delete(ctx, dgst)
+	if err == nil {
+		if err := bsl.parent.listener.BlobDeleted(bsl.parent.Repository.Named(), dgst); err != nil {
+			dcontext.GetLogger(ctx).Errorf("error dispatching layer delete to listener: %v", err)
+		}
+	}
+
+	return err
+}
+
+func (bsl *blobServiceListener) Resume(ctx context.Context, id string) (distribution.BlobWriter, error) {
+	wr, err := bsl.BlobStore.Resume(ctx, id)
+	return bsl.decorateWriter(wr), err
+}
+
+func (bsl *blobServiceListener) decorateWriter(wr distribution.BlobWriter) distribution.BlobWriter {
+	return &blobWriterListener{
+		BlobWriter: wr,
+		parent:     bsl,
+	}
+}
+
+type blobWriterListener struct {
+	distribution.BlobWriter
+	parent *blobServiceListener
+}
+
+func (bwl *blobWriterListener) Commit(ctx context.Context, desc distribution.Descriptor) (distribution.Descriptor, error) {
+	committed, err := bwl.BlobWriter.Commit(ctx, desc)
+	if err == nil {
+		if err := bwl.parent.parent.listener.BlobPushed(bwl.parent.parent.Repository.Named(), committed); err != nil {
+			dcontext.GetLogger(ctx).Errorf("error dispatching blob push to listener: %v", err)
+		}
+	}
+
+	return committed, err
+}
+
+type tagServiceListener struct {
+	distribution.TagService
+	parent *repositoryListener
+}
+
+func (rl *repositoryListener) Tags(ctx context.Context) distribution.TagService {
+	return &tagServiceListener{
+		TagService: rl.Repository.Tags(ctx),
+		parent:     rl,
+	}
+}
+
+func (tagSL *tagServiceListener) Untag(ctx context.Context, tag string) error {
+	if err := tagSL.TagService.Untag(ctx, tag); err != nil {
+		return err
+	}
+	if err := tagSL.parent.listener.TagDeleted(tagSL.parent.Repository.Named(), tag); err != nil {
+		dcontext.GetLogger(ctx).Errorf("error dispatching tag deleted to listener: %v", err)
+		return err
+	}
+	return nil
+}
diff --git a/vendor/github.com/docker/distribution/notifications/metrics.go b/vendor/github.com/docker/distribution/notifications/metrics.go
new file mode 100644
index 000000000..a20af1687
--- /dev/null
+++ b/vendor/github.com/docker/distribution/notifications/metrics.go
@@ -0,0 +1,152 @@
+package notifications
+
+import (
+	"expvar"
+	"fmt"
+	"net/http"
+	"sync"
+)
+
+// EndpointMetrics track various actions taken by the endpoint, typically by
+// number of events. The goal of this to export it via expvar but we may find
+// some other future solution to be better.
+type EndpointMetrics struct {
+	Pending   int            // events pending in queue
+	Events    int            // total events incoming
+	Successes int            // total events written successfully
+	Failures  int            // total events failed
+	Errors    int            // total events errored
+	Statuses  map[string]int // status code histogram, per call event
+}
+
+// safeMetrics guards the metrics implementation with a lock and provides a
+// safe update function.
+type safeMetrics struct {
+	EndpointMetrics
+	sync.Mutex // protects statuses map
+}
+
+// newSafeMetrics returns safeMetrics with map allocated.
+func newSafeMetrics() *safeMetrics {
+	var sm safeMetrics
+	sm.Statuses = make(map[string]int)
+	return &sm
+}
+
+// httpStatusListener returns the listener for the http sink that updates the
+// relevant counters.
+func (sm *safeMetrics) httpStatusListener() httpStatusListener {
+	return &endpointMetricsHTTPStatusListener{
+		safeMetrics: sm,
+	}
+}
+
+// eventQueueListener returns a listener that maintains queue related counters.
+func (sm *safeMetrics) eventQueueListener() eventQueueListener {
+	return &endpointMetricsEventQueueListener{
+		safeMetrics: sm,
+	}
+}
+
+// endpointMetricsHTTPStatusListener increments counters related to http sinks
+// for the relevant events.
+type endpointMetricsHTTPStatusListener struct {
+	*safeMetrics
+}
+
+var _ httpStatusListener = &endpointMetricsHTTPStatusListener{}
+
+func (emsl *endpointMetricsHTTPStatusListener) success(status int, events ...Event) {
+	emsl.safeMetrics.Lock()
+	defer emsl.safeMetrics.Unlock()
+	emsl.Statuses[fmt.Sprintf("%d %s", status, http.StatusText(status))] += len(events)
+	emsl.Successes += len(events)
+}
+
+func (emsl *endpointMetricsHTTPStatusListener) failure(status int, events ...Event) {
+	emsl.safeMetrics.Lock()
+	defer emsl.safeMetrics.Unlock()
+	emsl.Statuses[fmt.Sprintf("%d %s", status, http.StatusText(status))] += len(events)
+	emsl.Failures += len(events)
+}
+
+func (emsl *endpointMetricsHTTPStatusListener) err(err error, events ...Event) {
+	emsl.safeMetrics.Lock()
+	defer emsl.safeMetrics.Unlock()
+	emsl.Errors += len(events)
+}
+
+// endpointMetricsEventQueueListener maintains the incoming events counter and
+// the queues pending count.
+type endpointMetricsEventQueueListener struct {
+	*safeMetrics
+}
+
+func (eqc *endpointMetricsEventQueueListener) ingress(events ...Event) {
+	eqc.Lock()
+	defer eqc.Unlock()
+	eqc.Events += len(events)
+	eqc.Pending += len(events)
+}
+
+func (eqc *endpointMetricsEventQueueListener) egress(events ...Event) {
+	eqc.Lock()
+	defer eqc.Unlock()
+	eqc.Pending -= len(events)
+}
+
+// endpoints is global registry of endpoints used to report metrics to expvar
+var endpoints struct {
+	registered []*Endpoint
+	mu         sync.Mutex
+}
+
+// register places the endpoint into expvar so that stats are tracked.
+func register(e *Endpoint) {
+	endpoints.mu.Lock()
+	defer endpoints.mu.Unlock()
+
+	endpoints.registered = append(endpoints.registered, e)
+}
+
+func init() {
+	// NOTE(stevvooe): Setup registry metrics structure to report to expvar.
+	// Ideally, we do more metrics through logging but we need some nice
+	// realtime metrics for queue state for now.
+
+	registry := expvar.Get("registry")
+
+	if registry == nil {
+		registry = expvar.NewMap("registry")
+	}
+
+	var notifications expvar.Map
+	notifications.Init()
+	notifications.Set("endpoints", expvar.Func(func() interface{} {
+		endpoints.mu.Lock()
+		defer endpoints.mu.Unlock()
+
+		var names []interface{}
+		for _, v := range endpoints.registered {
+			var epjson struct {
+				Name string `json:"name"`
+				URL  string `json:"url"`
+				EndpointConfig
+
+				Metrics EndpointMetrics
+			}
+
+			epjson.Name = v.Name()
+			epjson.URL = v.URL()
+			epjson.EndpointConfig = v.EndpointConfig
+
+			v.ReadMetrics(&epjson.Metrics)
+
+			names = append(names, epjson)
+		}
+
+		return names
+	}))
+
+	registry.(*expvar.Map).Set("notifications", &notifications)
+}
diff --git a/vendor/github.com/docker/distribution/notifications/sinks.go b/vendor/github.com/docker/distribution/notifications/sinks.go
new file mode 100644
index 000000000..816f75d7b
--- /dev/null
+++ b/vendor/github.com/docker/distribution/notifications/sinks.go
@@ -0,0 +1,387 @@
+package notifications
+
+import (
+	"container/list"
+	"fmt"
+	"sync"
+	"time"
+
+	"github.com/sirupsen/logrus"
+)
+
+// NOTE(stevvooe): This file contains definitions for several utility sinks.
+// Typically, the broadcaster is the only sink that should be required
+// externally, but others are suitable for export if the need arises. Albeit,
+// the tight integration with endpoint metrics should be removed.
+
+// Broadcaster sends events to multiple, reliable Sinks. The goal of this
+// component is to dispatch events to configured endpoints. Reliability can be
+// provided by wrapping incoming sinks.
+type Broadcaster struct {
+	sinks  []Sink
+	events chan []Event
+	closed chan chan struct{}
+}
+
+// NewBroadcaster ...
+// Add appends one or more sinks to the list of sinks. The broadcaster
+// behavior will be affected by the properties of the sink. Generally, the
+// sink should accept all messages and deal with reliability on its own. Use
+// of EventQueue and RetryingSink should be used here.
+func NewBroadcaster(sinks ...Sink) *Broadcaster {
+	b := Broadcaster{
+		sinks:  sinks,
+		events: make(chan []Event),
+		closed: make(chan chan struct{}),
+	}
+
+	// Start the broadcaster
+	go b.run()
+
+	return &b
+}
+
+// Write accepts a block of events to be dispatched to all sinks. This method
+// will never fail and should never block (hopefully!). The caller cedes the
+// slice memory to the broadcaster and should not modify it after calling
+// write.
+func (b *Broadcaster) Write(events ...Event) error {
+	select {
+	case b.events <- events:
+	case <-b.closed:
+		return ErrSinkClosed
+	}
+	return nil
+}
+
+// Close the broadcaster, ensuring that all messages are flushed to the
+// underlying sink before returning.
+func (b *Broadcaster) Close() error {
+	logrus.Infof("broadcaster: closing")
+	select {
+	case <-b.closed:
+		// already closed
+		return fmt.Errorf("broadcaster: already closed")
+	default:
+		// do a little chan handoff dance to synchronize closing
+		closed := make(chan struct{})
+		b.closed <- closed
+		close(b.closed)
+		<-closed
+		return nil
+	}
+}
+
+// run is the main broadcast loop, started when the broadcaster is created.
+// Under normal conditions, it waits for events on the event channel. After
+// Close is called, this goroutine will exit.
+func (b *Broadcaster) run() {
+	for {
+		select {
+		case block := <-b.events:
+			for _, sink := range b.sinks {
+				if err := sink.Write(block...); err != nil {
+					logrus.Errorf("broadcaster: error writing events to %v, these events will be lost: %v", sink, err)
+				}
+			}
+		case closing := <-b.closed:
+
+			// close all the underlying sinks
+			for _, sink := range b.sinks {
+				if err := sink.Close(); err != nil {
+					logrus.Errorf("broadcaster: error closing sink %v: %v", sink, err)
+				}
+			}
+			closing <- struct{}{}
+
+			logrus.Debugf("broadcaster: closed")
+			return
+		}
+	}
+}
+
+// eventQueue accepts all messages into a queue for asynchronous consumption
+// by a sink. It is unbounded and thread safe but the sink must be reliable or
+// events will be dropped.
+type eventQueue struct {
+	sink      Sink
+	events    *list.List
+	listeners []eventQueueListener
+	cond      *sync.Cond
+	mu        sync.Mutex
+	closed    bool
+}
+
+// eventQueueListener is called when various events happen on the queue.
+type eventQueueListener interface {
+	ingress(events ...Event)
+	egress(events ...Event)
+}
+
+// newEventQueue returns a queue to the provided sink. If the updater is non-
+// nil, it will be called to update pending metrics on ingress and egress.
+func newEventQueue(sink Sink, listeners ...eventQueueListener) *eventQueue {
+	eq := eventQueue{
+		sink:      sink,
+		events:    list.New(),
+		listeners: listeners,
+	}
+
+	eq.cond = sync.NewCond(&eq.mu)
+	go eq.run()
+	return &eq
+}
+
+// Write accepts the events into the queue, only failing if the queue has
+// beend closed.
+func (eq *eventQueue) Write(events ...Event) error {
+	eq.mu.Lock()
+	defer eq.mu.Unlock()
+
+	if eq.closed {
+		return ErrSinkClosed
+	}
+
+	for _, listener := range eq.listeners {
+		listener.ingress(events...)
+	}
+	eq.events.PushBack(events)
+	eq.cond.Signal() // signal waiters
+
+	return nil
+}
+
+// Close shuts down the event queue, flushing
+func (eq *eventQueue) Close() error {
+	eq.mu.Lock()
+	defer eq.mu.Unlock()
+
+	if eq.closed {
+		return fmt.Errorf("eventqueue: already closed")
+	}
+
+	// set closed flag
+	eq.closed = true
+	eq.cond.Signal() // signal flushes queue
+	eq.cond.Wait()   // wait for signal from last flush
+
+	return eq.sink.Close()
+}
+
+// run is the main goroutine to flush events to the target sink.
+func (eq *eventQueue) run() {
+	for {
+		block := eq.next()
+
+		if block == nil {
+			return // nil block means event queue is closed.
+		}
+
+		if err := eq.sink.Write(block...); err != nil {
+			logrus.Warnf("eventqueue: error writing events to %v, these events will be lost: %v", eq.sink, err)
+		}
+
+		for _, listener := range eq.listeners {
+			listener.egress(block...)
+		}
+	}
+}
+
+// next encompasses the critical section of the run loop. When the queue is
+// empty, it will block on the condition. If new data arrives, it will wake
+// and return a block. When closed, a nil slice will be returned.
+func (eq *eventQueue) next() []Event {
+	eq.mu.Lock()
+	defer eq.mu.Unlock()
+
+	for eq.events.Len() < 1 {
+		if eq.closed {
+			eq.cond.Broadcast()
+			return nil
+		}
+
+		eq.cond.Wait()
+	}
+
+	front := eq.events.Front()
+	block := front.Value.([]Event)
+	eq.events.Remove(front)
+
+	return block
+}
+
+// ignoredSink discards events with ignored target media types and actions.
+// passes the rest along.
+type ignoredSink struct {
+	Sink
+	ignoreMediaTypes map[string]bool
+	ignoreActions    map[string]bool
+}
+
+func newIgnoredSink(sink Sink, ignored []string, ignoreActions []string) Sink {
+	if len(ignored) == 0 {
+		return sink
+	}
+
+	ignoredMap := make(map[string]bool)
+	for _, mediaType := range ignored {
+		ignoredMap[mediaType] = true
+	}
+
+	ignoredActionsMap := make(map[string]bool)
+	for _, action := range ignoreActions {
+		ignoredActionsMap[action] = true
+	}
+
+	return &ignoredSink{
+		Sink:             sink,
+		ignoreMediaTypes: ignoredMap,
+		ignoreActions:    ignoredActionsMap,
+	}
+}
+
+// Write discards events with ignored target media types and passes the rest
+// along.
+func (imts *ignoredSink) Write(events ...Event) error {
+	var kept []Event
+	for _, e := range events {
+		if !imts.ignoreMediaTypes[e.Target.MediaType] {
+			kept = append(kept, e)
+		}
+	}
+	if len(kept) == 0 {
+		return nil
+	}
+
+	var results []Event
+	for _, e := range kept {
+		if !imts.ignoreActions[e.Action] {
+			results = append(results, e)
+		}
+	}
+	if len(results) == 0 {
+		return nil
+	}
+	return imts.Sink.Write(results...)
+}
+
+// retryingSink retries the write until success or an ErrSinkClosed is
+// returned. Underlying sink must have p > 0 of succeeding or the sink will
+// block. Internally, it is a circuit breaker retries to manage reset.
+// Concurrent calls to a retrying sink are serialized through the sink,
+// meaning that if one is in-flight, another will not proceed.
+type retryingSink struct {
+	mu     sync.Mutex
+	sink   Sink
+	closed bool
+
+	// circuit breaker heuristics
+	failures struct {
+		threshold int
+		recent    int
+		last      time.Time
+		backoff   time.Duration // time after which we retry after failure.
+	}
+}
+
+// TODO(stevvooe): We are using circuit break here, which actually doesn't
+// make a whole lot of sense for this use case, since we always retry. Move
+// this to use bounded exponential backoff.
+
+// newRetryingSink returns a sink that will retry writes to a sink, backing
+// off on failure. Parameters threshold and backoff adjust the behavior of the
+// circuit breaker.
+func newRetryingSink(sink Sink, threshold int, backoff time.Duration) *retryingSink {
+	rs := &retryingSink{
+		sink: sink,
+	}
+	rs.failures.threshold = threshold
+	rs.failures.backoff = backoff
+
+	return rs
+}
+
+// Write attempts to flush the events to the downstream sink until it succeeds
+// or the sink is closed.
+func (rs *retryingSink) Write(events ...Event) error {
+	rs.mu.Lock()
+	defer rs.mu.Unlock()
+
+retry:
+
+	if rs.closed {
+		return ErrSinkClosed
+	}
+
+	if !rs.proceed() {
+		logrus.Warnf("%v encountered too many errors, backing off", rs.sink)
+		rs.wait(rs.failures.backoff)
+		goto retry
+	}
+
+	if err := rs.write(events...); err != nil {
+		if err == ErrSinkClosed {
+			// terminal!
+			return err
+		}
+
+		logrus.Errorf("retryingsink: error writing events: %v, retrying", err)
+		goto retry
+	}
+
+	return nil
+}
+
+// Close closes the sink and the underlying sink.
+func (rs *retryingSink) Close() error {
+	rs.mu.Lock()
+	defer rs.mu.Unlock()
+
+	if rs.closed {
+		return fmt.Errorf("retryingsink: already closed")
+	}
+
+	rs.closed = true
+	return rs.sink.Close()
+}
+
+// write provides a helper that dispatches failure and success properly. Used
+// by write as the single-flight write call.
+func (rs *retryingSink) write(events ...Event) error {
+	if err := rs.sink.Write(events...); err != nil {
+		rs.failure()
+		return err
+	}
+
+	rs.reset()
+	return nil
+}
+
+// wait backoff time against the sink, unlocking so others can proceed. Should
+// only be called by methods that currently have the mutex.
+func (rs *retryingSink) wait(backoff time.Duration) {
+	rs.mu.Unlock()
+	defer rs.mu.Lock()
+
+	// backoff here
+	time.Sleep(backoff)
+}
+
+// reset marks a successful call.
+func (rs *retryingSink) reset() {
+	rs.failures.recent = 0
+	rs.failures.last = time.Time{}
+}
+
+// failure records a failure.
+func (rs *retryingSink) failure() {
+	rs.failures.recent++
+	rs.failures.last = time.Now().UTC()
+}
+
+// proceed returns true if the call should proceed based on circuit breaker
+// heuristics.
+func (rs *retryingSink) proceed() bool {
+	return rs.failures.recent < rs.failures.threshold ||
+		time.Now().UTC().After(rs.failures.last.Add(rs.failures.backoff))
+}
diff --git a/vendor/github.com/docker/distribution/registry/auth/auth.go b/vendor/github.com/docker/distribution/registry/auth/auth.go
new file mode 100644
index 000000000..9cb036f1f
--- /dev/null
+++ b/vendor/github.com/docker/distribution/registry/auth/auth.go
@@ -0,0 +1,200 @@
+// Package auth defines a standard interface for request access controllers.
+//
+// An access controller has a simple interface with a single `Authorized`
+// method which checks that a given request is authorized to perform one or
+// more actions on one or more resources. This method should return a non-nil
+// error if the request is not authorized.
+//
+// An implementation registers its access controller by name with a constructor
+// which accepts an options map for configuring the access controller.
+//
+//	options := map[string]interface{}{"sillySecret": "whysosilly?"}
+//	accessController, _ := auth.GetAccessController("silly", options)
+//
+// This `accessController` can then be used in a request handler like so:
+//
+//	func updateOrder(w http.ResponseWriter, r *http.Request) {
+//		orderNumber := r.FormValue("orderNumber")
+//		resource := auth.Resource{Type: "customerOrder", Name: orderNumber}
+//		access := auth.Access{Resource: resource, Action: "update"}
+//
+//		if ctx, err := accessController.Authorized(ctx, access); err != nil {
+//			if challenge, ok := err.(auth.Challenge) {
+//				// Let the challenge write the response.
+//				challenge.SetHeaders(r, w)
+//				w.WriteHeader(http.StatusUnauthorized)
+//				return
+//			} else {
+//				// Some other error.
+//			}
+//		}
+//	}
+package auth
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"net/http"
+)
+
+const (
+	// UserKey is used to get the user object from
+	// a user context
+	UserKey = "auth.user"
+
+	// UserNameKey is used to get the user name from
+	// a user context
+	UserNameKey = "auth.user.name"
+)
+
+var (
+	// ErrInvalidCredential is returned when the auth token does not authenticate correctly.
+	ErrInvalidCredential = errors.New("invalid authorization credential")
+
+	// ErrAuthenticationFailure returned when authentication fails.
+	ErrAuthenticationFailure = errors.New("authentication failure")
+)
+
+// UserInfo carries information about
+// an autenticated/authorized client.
+type UserInfo struct {
+	Name string
+}
+
+// Resource describes a resource by type and name.
+type Resource struct {
+	Type  string
+	Class string
+	Name  string
+}
+
+// Access describes a specific action that is
+// requested or allowed for a given resource.
+type Access struct {
+	Resource
+	Action string
+}
+
+// Challenge is a special error type which is used for HTTP 401 Unauthorized
+// responses and is able to write the response with WWW-Authenticate challenge
+// header values based on the error.
+type Challenge interface {
+	error
+
+	// SetHeaders prepares the request to conduct a challenge response by
+	// adding the an HTTP challenge header on the response message. Callers
+	// are expected to set the appropriate HTTP status code (e.g. 401)
+	// themselves.
+	SetHeaders(r *http.Request, w http.ResponseWriter)
+}
+
+// AccessController controls access to registry resources based on a request
+// and required access levels for a request. Implementations can support both
+// complete denial and http authorization challenges.
+type AccessController interface {
+	// Authorized returns a non-nil error if the context is granted access and
+	// returns a new authorized context. If one or more Access structs are
+	// provided, the requested access will be compared with what is available
+	// to the context. The given context will contain a "http.request" key with
+	// a `*http.Request` value. If the error is non-nil, access should always
+	// be denied. The error may be of type Challenge, in which case the caller
+	// may have the Challenge handle the request or choose what action to take
+	// based on the Challenge header or response status. The returned context
+	// object should have a "auth.user" value set to a UserInfo struct.
+	Authorized(ctx context.Context, access ...Access) (context.Context, error)
+}
+
+// CredentialAuthenticator is an object which is able to authenticate credentials
+type CredentialAuthenticator interface {
+	AuthenticateUser(username, password string) error
+}
+
+// WithUser returns a context with the authorized user info.
+func WithUser(ctx context.Context, user UserInfo) context.Context {
+	return userInfoContext{
+		Context: ctx,
+		user:    user,
+	}
+}
+
+type userInfoContext struct {
+	context.Context
+	user UserInfo
+}
+
+func (uic userInfoContext) Value(key interface{}) interface{} {
+	switch key {
+	case UserKey:
+		return uic.user
+	case UserNameKey:
+		return uic.user.Name
+	}
+
+	return uic.Context.Value(key)
+}
+
+// WithResources returns a context with the authorized resources.
+func WithResources(ctx context.Context, resources []Resource) context.Context {
+	return resourceContext{
+		Context:   ctx,
+		resources: resources,
+	}
+}
+
+type resourceContext struct {
+	context.Context
+	resources []Resource
+}
+
+type resourceKey struct{}
+
+func (rc resourceContext) Value(key interface{}) interface{} {
+	if key == (resourceKey{}) {
+		return rc.resources
+	}
+
+	return rc.Context.Value(key)
+}
+
+// AuthorizedResources returns the list of resources which have
+// been authorized for this request.
+func AuthorizedResources(ctx context.Context) []Resource {
+	if resources, ok := ctx.Value(resourceKey{}).([]Resource); ok {
+		return resources
+	}
+
+	return nil
+}
+
+// InitFunc is the type of an AccessController factory function and is used
+// to register the constructor for different AccesController backends.
+type InitFunc func(options map[string]interface{}) (AccessController, error)
+
+var accessControllers map[string]InitFunc
+
+func init() {
+	accessControllers = make(map[string]InitFunc)
+}
+
+// Register is used to register an InitFunc for
+// an AccessController backend with the given name.
+func Register(name string, initFunc InitFunc) error {
+	if _, exists := accessControllers[name]; exists {
+		return fmt.Errorf("name already registered: %s", name)
+	}
+
+	accessControllers[name] = initFunc
+
+	return nil
+}
+
+// GetAccessController constructs an AccessController
+// with the given options using the named backend.
+func GetAccessController(name string, options map[string]interface{}) (AccessController, error) {
+	if initFunc, exists := accessControllers[name]; exists {
+		return initFunc(options)
+	}
+
+	return nil, fmt.Errorf("no access controller registered with name: %s", name)
+}
diff --git a/vendor/github.com/docker/distribution/registry/auth/htpasswd/access.go b/vendor/github.com/docker/distribution/registry/auth/htpasswd/access.go
new file mode 100644
index 000000000..2611a23be
--- /dev/null
+++ b/vendor/github.com/docker/distribution/registry/auth/htpasswd/access.go
@@ -0,0 +1,160 @@
+// Package htpasswd provides a simple authentication scheme that checks for the
+// user credential hash in an htpasswd formatted file in a configuration-determined
+// location.
+//
+// This authentication method MUST be used under TLS, as simple token-replay attack is possible.
+package htpasswd
+
+import (
+	"context"
+	"crypto/rand"
+	"encoding/base64"
+	"fmt"
+	"net/http"
+	"os"
+	"path/filepath"
+	"sync"
+	"time"
+
+	"golang.org/x/crypto/bcrypt"
+
+	dcontext "github.com/docker/distribution/context"
+	"github.com/docker/distribution/registry/auth"
+)
+
+type accessController struct {
+	realm    string
+	path     string
+	modtime  time.Time
+	mu       sync.Mutex
+	htpasswd *htpasswd
+}
+
+var _ auth.AccessController = &accessController{}
+
+func newAccessController(options map[string]interface{}) (auth.AccessController, error) {
+	realm, present := options["realm"]
+	if _, ok := realm.(string); !present || !ok {
+		return nil, fmt.Errorf(`"realm" must be set for htpasswd access controller`)
+	}
+
+	pathOpt, present := options["path"]
+	path, ok := pathOpt.(string)
+	if !present || !ok {
+		return nil, fmt.Errorf(`"path" must be set for htpasswd access controller`)
+	}
+	if err := createHtpasswdFile(path); err != nil {
+		return nil, err
+	}
+	return &accessController{realm: realm.(string), path: path}, nil
+}
+
+func (ac *accessController) Authorized(ctx context.Context, accessRecords ...auth.Access) (context.Context, error) {
+	req, err := dcontext.GetRequest(ctx)
+	if err != nil {
+		return nil, err
+	}
+
+	username, password, ok := req.BasicAuth()
+	if !ok {
+		return nil, &challenge{
+			realm: ac.realm,
+			err:   auth.ErrInvalidCredential,
+		}
+	}
+
+	// Dynamically parsing the latest account list
+	fstat, err := os.Stat(ac.path)
+	if err != nil {
+		return nil, err
+	}
+
+	lastModified := fstat.ModTime()
+	ac.mu.Lock()
+	if ac.htpasswd == nil || !ac.modtime.Equal(lastModified) {
+		ac.modtime = lastModified
+
+		f, err := os.Open(ac.path)
+		if err != nil {
+			ac.mu.Unlock()
+			return nil, err
+		}
+		defer f.Close()
+
+		h, err := newHTPasswd(f)
+		if err != nil {
+			ac.mu.Unlock()
+			return nil, err
+		}
+		ac.htpasswd = h
+	}
+	localHTPasswd := ac.htpasswd
+	ac.mu.Unlock()
+
+	if err := localHTPasswd.authenticateUser(username, password); err != nil {
+		dcontext.GetLogger(ctx).Errorf("error authenticating user %q: %v", username, err)
+		return nil, &challenge{
+			realm: ac.realm,
+			err:   auth.ErrAuthenticationFailure,
+		}
+	}
+
+	return auth.WithUser(ctx, auth.UserInfo{Name: username}), nil
+}
+
+// challenge implements the auth.Challenge interface.
+type challenge struct {
+	realm string
+	err   error
+}
+
+var _ auth.Challenge = challenge{}
+
+// SetHeaders sets the basic challenge header on the response.
+func (ch challenge) SetHeaders(r *http.Request, w http.ResponseWriter) {
+	w.Header().Set("WWW-Authenticate", fmt.Sprintf("Basic realm=%q", ch.realm))
+}
+
+func (ch challenge) Error() string {
+	return fmt.Sprintf("basic authentication challenge for realm %q: %s", ch.realm, ch.err)
+}
+
+// createHtpasswdFile creates and populates htpasswd file with a new user in case the file is missing
+func createHtpasswdFile(path string) error {
+	if f, err := os.Open(path); err == nil {
+		f.Close()
+		return nil
+	} else if !os.IsNotExist(err) {
+		return err
+	}
+
+	if err := os.MkdirAll(filepath.Dir(path), 0700); err != nil {
+		return err
+	}
+	f, err := os.OpenFile(path, os.O_WRONLY|os.O_CREATE, 0600)
+	if err != nil {
+		return fmt.Errorf("failed to open htpasswd path %s", err)
+	}
+	defer f.Close()
+	var secretBytes [32]byte
+	if _, err := rand.Read(secretBytes[:]); err != nil {
+		return err
+	}
+	pass := base64.RawURLEncoding.EncodeToString(secretBytes[:])
+	encryptedPass, err := bcrypt.GenerateFromPassword([]byte(pass), bcrypt.DefaultCost)
+	if err != nil {
+		return err
+	}
+	if _, err := f.Write([]byte(fmt.Sprintf("docker:%s", string(encryptedPass[:])))); err != nil {
+		return err
+	}
+	dcontext.GetLoggerWithFields(context.Background(), map[interface{}]interface{}{
+		"user":     "docker",
+		"password": pass,
+	}).Warnf("htpasswd is missing, provisioning with default user")
+	return nil
+}
+
+func init() {
+	auth.Register("htpasswd", auth.InitFunc(newAccessController))
+}
diff --git a/vendor/github.com/docker/distribution/registry/auth/htpasswd/htpasswd.go b/vendor/github.com/docker/distribution/registry/auth/htpasswd/htpasswd.go
new file mode 100644
index 000000000..832051609
--- /dev/null
+++ b/vendor/github.com/docker/distribution/registry/auth/htpasswd/htpasswd.go
@@ -0,0 +1,82 @@
+package htpasswd
+
+import (
+	"bufio"
+	"fmt"
+	"io"
+	"strings"
+
+	"github.com/docker/distribution/registry/auth"
+
+	"golang.org/x/crypto/bcrypt"
+)
+
+// htpasswd holds a path to a system .htpasswd file and the machinery to parse
+// it. Only bcrypt hash entries are supported.
+type htpasswd struct {
+	entries map[string][]byte // maps username to password byte slice.
+}
+
+// newHTPasswd parses the reader and returns an htpasswd or an error.
+func newHTPasswd(rd io.Reader) (*htpasswd, error) {
+	entries, err := parseHTPasswd(rd)
+	if err != nil {
+		return nil, err
+	}
+
+	return &htpasswd{entries: entries}, nil
+}
+
+// AuthenticateUser checks a given user:password credential against the
+// receiving HTPasswd's file. If the check passes, nil is returned.
+func (htpasswd *htpasswd) authenticateUser(username string, password string) error {
+	credentials, ok := htpasswd.entries[username]
+	if !ok {
+		// timing attack paranoia
+		bcrypt.CompareHashAndPassword([]byte{}, []byte(password))
+
+		return auth.ErrAuthenticationFailure
+	}
+
+	err := bcrypt.CompareHashAndPassword(credentials, []byte(password))
+	if err != nil {
+		return auth.ErrAuthenticationFailure
+	}
+
+	return nil
+}
+
+// parseHTPasswd parses the contents of htpasswd. This will read all the
+// entries in the file, whether or not they are needed. An error is returned
+// if a syntax errors are encountered or if the reader fails.
+func parseHTPasswd(rd io.Reader) (map[string][]byte, error) {
+	entries := map[string][]byte{}
+	scanner := bufio.NewScanner(rd)
+	var line int
+	for scanner.Scan() {
+		line++ // 1-based line numbering
+		t := strings.TrimSpace(scanner.Text())
+
+		if len(t) < 1 {
+			continue
+		}
+
+		// lines that *begin* with a '#' are considered comments
+		if t[0] == '#' {
+			continue
+		}
+
+		i := strings.Index(t, ":")
+		if i < 0 || i >= len(t) {
+			return nil, fmt.Errorf("htpasswd: invalid entry at line %d: %q", line, scanner.Text())
+		}
+
+		entries[t[:i]] = []byte(t[i+1:])
+	}
+
+	if err := scanner.Err(); err != nil {
+		return nil, err
+	}
+
+	return entries, nil
+}
diff --git a/vendor/github.com/docker/distribution/registry/auth/silly/access.go b/vendor/github.com/docker/distribution/registry/auth/silly/access.go
new file mode 100644
index 000000000..3ead560df
--- /dev/null
+++ b/vendor/github.com/docker/distribution/registry/auth/silly/access.go
@@ -0,0 +1,102 @@
+// Package silly provides a simple authentication scheme that checks for the
+// existence of an Authorization header and issues access if is present and
+// non-empty.
+//
+// This package is present as an example implementation of a minimal
+// auth.AccessController and for testing. This is not suitable for any kind of
+// production security.
+package silly
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"strings"
+
+	dcontext "github.com/docker/distribution/context"
+	"github.com/docker/distribution/registry/auth"
+)
+
+// accessController provides a simple implementation of auth.AccessController
+// that simply checks for a non-empty Authorization header. It is useful for
+// demonstration and testing.
+type accessController struct {
+	realm   string
+	service string
+}
+
+var _ auth.AccessController = &accessController{}
+
+func newAccessController(options map[string]interface{}) (auth.AccessController, error) {
+	realm, present := options["realm"]
+	if _, ok := realm.(string); !present || !ok {
+		return nil, fmt.Errorf(`"realm" must be set for silly access controller`)
+	}
+
+	service, present := options["service"]
+	if _, ok := service.(string); !present || !ok {
+		return nil, fmt.Errorf(`"service" must be set for silly access controller`)
+	}
+
+	return &accessController{realm: realm.(string), service: service.(string)}, nil
+}
+
+// Authorized simply checks for the existence of the authorization header,
+// responding with a bearer challenge if it doesn't exist.
+func (ac *accessController) Authorized(ctx context.Context, accessRecords ...auth.Access) (context.Context, error) {
+	req, err := dcontext.GetRequest(ctx)
+	if err != nil {
+		return nil, err
+	}
+
+	if req.Header.Get("Authorization") == "" {
+		challenge := challenge{
+			realm:   ac.realm,
+			service: ac.service,
+		}
+
+		if len(accessRecords) > 0 {
+			var scopes []string
+			for _, access := range accessRecords {
+				scopes = append(scopes, fmt.Sprintf("%s:%s:%s", access.Type, access.Resource.Name, access.Action))
+			}
+			challenge.scope = strings.Join(scopes, " ")
+		}
+
+		return nil, &challenge
+	}
+
+	ctx = auth.WithUser(ctx, auth.UserInfo{Name: "silly"})
+	ctx = dcontext.WithLogger(ctx, dcontext.GetLogger(ctx, auth.UserNameKey, auth.UserKey))
+
+	return ctx, nil
+
+}
+
+type challenge struct {
+	realm   string
+	service string
+	scope   string
+}
+
+var _ auth.Challenge = challenge{}
+
+// SetHeaders sets a simple bearer challenge on the response.
+func (ch challenge) SetHeaders(r *http.Request, w http.ResponseWriter) {
+	header := fmt.Sprintf("Bearer realm=%q,service=%q", ch.realm, ch.service)
+
+	if ch.scope != "" {
+		header = fmt.Sprintf("%s,scope=%q", header, ch.scope)
+	}
+
+	w.Header().Set("WWW-Authenticate", header)
+}
+
+func (ch challenge) Error() string {
+	return fmt.Sprintf("silly authentication challenge: %#v", ch)
+}
+
+// init registers the silly auth backend.
+func init() {
+	auth.Register("silly", auth.InitFunc(newAccessController))
+}
diff --git a/vendor/github.com/docker/distribution/registry/auth/token/accesscontroller.go b/vendor/github.com/docker/distribution/registry/auth/token/accesscontroller.go
new file mode 100644
index 000000000..fa924f0be
--- /dev/null
+++ b/vendor/github.com/docker/distribution/registry/auth/token/accesscontroller.go
@@ -0,0 +1,293 @@
+package token
+
+import (
+	"context"
+	"crypto"
+	"crypto/x509"
+	"encoding/pem"
+	"errors"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"os"
+	"strings"
+
+	dcontext "github.com/docker/distribution/context"
+	"github.com/docker/distribution/registry/auth"
+	"github.com/docker/libtrust"
+)
+
+// accessSet maps a typed, named resource to
+// a set of actions requested or authorized.
+type accessSet map[auth.Resource]actionSet
+
+// newAccessSet constructs an accessSet from
+// a variable number of auth.Access items.
+func newAccessSet(accessItems ...auth.Access) accessSet {
+	accessSet := make(accessSet, len(accessItems))
+
+	for _, access := range accessItems {
+		resource := auth.Resource{
+			Type: access.Type,
+			Name: access.Name,
+		}
+
+		set, exists := accessSet[resource]
+		if !exists {
+			set = newActionSet()
+			accessSet[resource] = set
+		}
+
+		set.add(access.Action)
+	}
+
+	return accessSet
+}
+
+// contains returns whether or not the given access is in this accessSet.
+func (s accessSet) contains(access auth.Access) bool {
+	actionSet, ok := s[access.Resource]
+	if ok {
+		return actionSet.contains(access.Action)
+	}
+
+	return false
+}
+
+// scopeParam returns a collection of scopes which can
+// be used for a WWW-Authenticate challenge parameter.
+// See https://tools.ietf.org/html/rfc6750#section-3
+func (s accessSet) scopeParam() string {
+	scopes := make([]string, 0, len(s))
+
+	for resource, actionSet := range s {
+		actions := strings.Join(actionSet.keys(), ",")
+		scopes = append(scopes, fmt.Sprintf("%s:%s:%s", resource.Type, resource.Name, actions))
+	}
+
+	return strings.Join(scopes, " ")
+}
+
+// Errors used and exported by this package.
+var (
+	ErrInsufficientScope = errors.New("insufficient scope")
+	ErrTokenRequired     = errors.New("authorization token required")
+)
+
+// authChallenge implements the auth.Challenge interface.
+type authChallenge struct {
+	err          error
+	realm        string
+	autoRedirect bool
+	service      string
+	accessSet    accessSet
+}
+
+var _ auth.Challenge = authChallenge{}
+
+// Error returns the internal error string for this authChallenge.
+func (ac authChallenge) Error() string {
+	return ac.err.Error()
+}
+
+// Status returns the HTTP Response Status Code for this authChallenge.
+func (ac authChallenge) Status() int {
+	return http.StatusUnauthorized
+}
+
+// challengeParams constructs the value to be used in
+// the WWW-Authenticate response challenge header.
+// See https://tools.ietf.org/html/rfc6750#section-3
+func (ac authChallenge) challengeParams(r *http.Request) string {
+	var realm string
+	if ac.autoRedirect {
+		realm = fmt.Sprintf("https://%s/auth/token", r.Host)
+	} else {
+		realm = ac.realm
+	}
+	str := fmt.Sprintf("Bearer realm=%q,service=%q", realm, ac.service)
+
+	if scope := ac.accessSet.scopeParam(); scope != "" {
+		str = fmt.Sprintf("%s,scope=%q", str, scope)
+	}
+
+	if ac.err == ErrInvalidToken || ac.err == ErrMalformedToken {
+		str = fmt.Sprintf("%s,error=%q", str, "invalid_token")
+	} else if ac.err == ErrInsufficientScope {
+		str = fmt.Sprintf("%s,error=%q", str, "insufficient_scope")
+	}
+
+	return str
+}
+
+// SetChallenge sets the WWW-Authenticate value for the response.
+func (ac authChallenge) SetHeaders(r *http.Request, w http.ResponseWriter) {
+	w.Header().Add("WWW-Authenticate", ac.challengeParams(r))
+}
+
+// accessController implements the auth.AccessController interface.
+type accessController struct {
+	realm        string
+	autoRedirect bool
+	issuer       string
+	service      string
+	rootCerts    *x509.CertPool
+	trustedKeys  map[string]libtrust.PublicKey
+}
+
+// tokenAccessOptions is a convenience type for handling
+// options to the contstructor of an accessController.
+type tokenAccessOptions struct {
+	realm          string
+	autoRedirect   bool
+	issuer         string
+	service        string
+	rootCertBundle string
+}
+
+// checkOptions gathers the necessary options
+// for an accessController from the given map.
+func checkOptions(options map[string]interface{}) (tokenAccessOptions, error) {
+	var opts tokenAccessOptions
+
+	keys := []string{"realm", "issuer", "service", "rootcertbundle"}
+	vals := make([]string, 0, len(keys))
+	for _, key := range keys {
+		val, ok := options[key].(string)
+		if !ok {
+			return opts, fmt.Errorf("token auth requires a valid option string: %q", key)
+		}
+		vals = append(vals, val)
+	}
+
+	opts.realm, opts.issuer, opts.service, opts.rootCertBundle = vals[0], vals[1], vals[2], vals[3]
+
+	autoRedirectVal, ok := options["autoredirect"]
+	if ok {
+		autoRedirect, ok := autoRedirectVal.(bool)
+		if !ok {
+			return opts, fmt.Errorf("token auth requires a valid option bool: autoredirect")
+		}
+		opts.autoRedirect = autoRedirect
+	}
+
+	return opts, nil
+}
+
+// newAccessController creates an accessController using the given options.
+func newAccessController(options map[string]interface{}) (auth.AccessController, error) {
+	config, err := checkOptions(options)
+	if err != nil {
+		return nil, err
+	}
+
+	fp, err := os.Open(config.rootCertBundle)
+	if err != nil {
+		return nil, fmt.Errorf("unable to open token auth root certificate bundle file %q: %s", config.rootCertBundle, err)
+	}
+	defer fp.Close()
+
+	rawCertBundle, err := ioutil.ReadAll(fp)
+	if err != nil {
+		return nil, fmt.Errorf("unable to read token auth root certificate bundle file %q: %s", config.rootCertBundle, err)
+	}
+
+	var rootCerts []*x509.Certificate
+	pemBlock, rawCertBundle := pem.Decode(rawCertBundle)
+	for pemBlock != nil {
+		if pemBlock.Type == "CERTIFICATE" {
+			cert, err := x509.ParseCertificate(pemBlock.Bytes)
+			if err != nil {
+				return nil, fmt.Errorf("unable to parse token auth root certificate: %s", err)
+			}
+
+			rootCerts = append(rootCerts, cert)
+		}
+
+		pemBlock, rawCertBundle = pem.Decode(rawCertBundle)
+	}
+
+	if len(rootCerts) == 0 {
+		return nil, errors.New("token auth requires at least one token signing root certificate")
+	}
+
+	rootPool := x509.NewCertPool()
+	trustedKeys := make(map[string]libtrust.PublicKey, len(rootCerts))
+	for _, rootCert := range rootCerts {
+		rootPool.AddCert(rootCert)
+		pubKey, err := libtrust.FromCryptoPublicKey(crypto.PublicKey(rootCert.PublicKey))
+		if err != nil {
+			return nil, fmt.Errorf("unable to get public key from token auth root certificate: %s", err)
+		}
+		trustedKeys[pubKey.KeyID()] = pubKey
+	}
+
+	return &accessController{
+		realm:        config.realm,
+		autoRedirect: config.autoRedirect,
+		issuer:       config.issuer,
+		service:      config.service,
+		rootCerts:    rootPool,
+		trustedKeys:  trustedKeys,
+	}, nil
+}
+
+// Authorized handles checking whether the given request is authorized
+// for actions on resources described by the given access items.
+func (ac *accessController) Authorized(ctx context.Context, accessItems ...auth.Access) (context.Context, error) {
+	challenge := &authChallenge{
+		realm:        ac.realm,
+		autoRedirect: ac.autoRedirect,
+		service:      ac.service,
+		accessSet:    newAccessSet(accessItems...),
+	}
+
+	req, err := dcontext.GetRequest(ctx)
+	if err != nil {
+		return nil, err
+	}
+
+	parts := strings.Split(req.Header.Get("Authorization"), " ")
+
+	if len(parts) != 2 || strings.ToLower(parts[0]) != "bearer" {
+		challenge.err = ErrTokenRequired
+		return nil, challenge
+	}
+
+	rawToken := parts[1]
+
+	token, err := NewToken(rawToken)
+	if err != nil {
+		challenge.err = err
+		return nil, challenge
+	}
+
+	verifyOpts := VerifyOptions{
+		TrustedIssuers:    []string{ac.issuer},
+		AcceptedAudiences: []string{ac.service},
+		Roots:             ac.rootCerts,
+		TrustedKeys:       ac.trustedKeys,
+	}
+
+	if err = token.Verify(verifyOpts); err != nil {
+		challenge.err = err
+		return nil, challenge
+	}
+
+	accessSet := token.accessSet()
+	for _, access := range accessItems {
+		if !accessSet.contains(access) {
+			challenge.err = ErrInsufficientScope
+			return nil, challenge
+		}
+	}
+
+	ctx = auth.WithResources(ctx, token.resources())
+
+	return auth.WithUser(ctx, auth.UserInfo{Name: token.Claims.Subject}), nil
+}
+
+// init handles registering the token auth backend.
+func init() {
+	auth.Register("token", auth.InitFunc(newAccessController))
+}
diff --git a/vendor/github.com/docker/distribution/registry/auth/token/stringset.go b/vendor/github.com/docker/distribution/registry/auth/token/stringset.go
new file mode 100644
index 000000000..1d04f104c
--- /dev/null
+++ b/vendor/github.com/docker/distribution/registry/auth/token/stringset.go
@@ -0,0 +1,35 @@
+package token
+
+// StringSet is a useful type for looking up strings.
+type stringSet map[string]struct{}
+
+// NewStringSet creates a new StringSet with the given strings.
+func newStringSet(keys ...string) stringSet {
+	ss := make(stringSet, len(keys))
+	ss.add(keys...)
+	return ss
+}
+
+// Add inserts the given keys into this StringSet.
+func (ss stringSet) add(keys ...string) {
+	for _, key := range keys {
+		ss[key] = struct{}{}
+	}
+}
+
+// Contains returns whether the given key is in this StringSet.
+func (ss stringSet) contains(key string) bool {
+	_, ok := ss[key]
+	return ok
+}
+
+// Keys returns a slice of all keys in this StringSet.
+func (ss stringSet) keys() []string {
+	keys := make([]string, 0, len(ss))
+
+	for key := range ss {
+		keys = append(keys, key)
+	}
+
+	return keys
+}
diff --git a/vendor/github.com/docker/distribution/registry/auth/token/token.go b/vendor/github.com/docker/distribution/registry/auth/token/token.go
new file mode 100644
index 000000000..f803415fe
--- /dev/null
+++ b/vendor/github.com/docker/distribution/registry/auth/token/token.go
@@ -0,0 +1,380 @@
+package token
+
+import (
+	"crypto"
+	"crypto/x509"
+	"encoding/base64"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"strings"
+	"time"
+
+	"github.com/docker/libtrust"
+	log "github.com/sirupsen/logrus"
+
+	"github.com/docker/distribution/registry/auth"
+)
+
+const (
+	// TokenSeparator is the value which separates the header, claims, and
+	// signature in the compact serialization of a JSON Web Token.
+	TokenSeparator = "."
+	// Leeway is the Duration that will be added to NBF and EXP claim
+	// checks to account for clock skew as per https://tools.ietf.org/html/rfc7519#section-4.1.5
+	Leeway = 60 * time.Second
+)
+
+// Errors used by token parsing and verification.
+var (
+	ErrMalformedToken = errors.New("malformed token")
+	ErrInvalidToken   = errors.New("invalid token")
+)
+
+// ResourceActions stores allowed actions on a named and typed resource.
+type ResourceActions struct {
+	Type    string   `json:"type"`
+	Class   string   `json:"class,omitempty"`
+	Name    string   `json:"name"`
+	Actions []string `json:"actions"`
+}
+
+// ClaimSet describes the main section of a JSON Web Token.
+type ClaimSet struct {
+	// Public claims
+	Issuer     string `json:"iss"`
+	Subject    string `json:"sub"`
+	Audience   string `json:"aud"`
+	Expiration int64  `json:"exp"`
+	NotBefore  int64  `json:"nbf"`
+	IssuedAt   int64  `json:"iat"`
+	JWTID      string `json:"jti"`
+
+	// Private claims
+	Access []*ResourceActions `json:"access"`
+}
+
+// Header describes the header section of a JSON Web Token.
+type Header struct {
+	Type       string           `json:"typ"`
+	SigningAlg string           `json:"alg"`
+	KeyID      string           `json:"kid,omitempty"`
+	X5c        []string         `json:"x5c,omitempty"`
+	RawJWK     *json.RawMessage `json:"jwk,omitempty"`
+}
+
+// Token describes a JSON Web Token.
+type Token struct {
+	Raw       string
+	Header    *Header
+	Claims    *ClaimSet
+	Signature []byte
+}
+
+// VerifyOptions is used to specify
+// options when verifying a JSON Web Token.
+type VerifyOptions struct {
+	TrustedIssuers    []string
+	AcceptedAudiences []string
+	Roots             *x509.CertPool
+	TrustedKeys       map[string]libtrust.PublicKey
+}
+
+// NewToken parses the given raw token string
+// and constructs an unverified JSON Web Token.
+func NewToken(rawToken string) (*Token, error) {
+	parts := strings.Split(rawToken, TokenSeparator)
+	if len(parts) != 3 {
+		return nil, ErrMalformedToken
+	}
+
+	var (
+		rawHeader, rawClaims   = parts[0], parts[1]
+		headerJSON, claimsJSON []byte
+		err                    error
+	)
+
+	defer func() {
+		if err != nil {
+			log.Infof("error while unmarshalling raw token: %s", err)
+		}
+	}()
+
+	if headerJSON, err = joseBase64UrlDecode(rawHeader); err != nil {
+		err = fmt.Errorf("unable to decode header: %s", err)
+		return nil, ErrMalformedToken
+	}
+
+	if claimsJSON, err = joseBase64UrlDecode(rawClaims); err != nil {
+		err = fmt.Errorf("unable to decode claims: %s", err)
+		return nil, ErrMalformedToken
+	}
+
+	token := new(Token)
+	token.Header = new(Header)
+	token.Claims = new(ClaimSet)
+
+	token.Raw = strings.Join(parts[:2], TokenSeparator)
+	if token.Signature, err = joseBase64UrlDecode(parts[2]); err != nil {
+		err = fmt.Errorf("unable to decode signature: %s", err)
+		return nil, ErrMalformedToken
+	}
+
+	if err = json.Unmarshal(headerJSON, token.Header); err != nil {
+		return nil, ErrMalformedToken
+	}
+
+	if err = json.Unmarshal(claimsJSON, token.Claims); err != nil {
+		return nil, ErrMalformedToken
+	}
+
+	return token, nil
+}
+
+// Verify attempts to verify this token using the given options.
+// Returns a nil error if the token is valid.
+func (t *Token) Verify(verifyOpts VerifyOptions) error {
+	// Verify that the Issuer claim is a trusted authority.
+	if !contains(verifyOpts.TrustedIssuers, t.Claims.Issuer) {
+		log.Infof("token from untrusted issuer: %q", t.Claims.Issuer)
+		return ErrInvalidToken
+	}
+
+	// Verify that the Audience claim is allowed.
+	if !contains(verifyOpts.AcceptedAudiences, t.Claims.Audience) {
+		log.Infof("token intended for another audience: %q", t.Claims.Audience)
+		return ErrInvalidToken
+	}
+
+	// Verify that the token is currently usable and not expired.
+	currentTime := time.Now()
+
+	ExpWithLeeway := time.Unix(t.Claims.Expiration, 0).Add(Leeway)
+	if currentTime.After(ExpWithLeeway) {
+		log.Infof("token not to be used after %s - currently %s", ExpWithLeeway, currentTime)
+		return ErrInvalidToken
+	}
+
+	NotBeforeWithLeeway := time.Unix(t.Claims.NotBefore, 0).Add(-Leeway)
+	if currentTime.Before(NotBeforeWithLeeway) {
+		log.Infof("token not to be used before %s - currently %s", NotBeforeWithLeeway, currentTime)
+		return ErrInvalidToken
+	}
+
+	// Verify the token signature.
+	if len(t.Signature) == 0 {
+		log.Info("token has no signature")
+		return ErrInvalidToken
+	}
+
+	// Verify that the signing key is trusted.
+	signingKey, err := t.VerifySigningKey(verifyOpts)
+	if err != nil {
+		log.Info(err)
+		return ErrInvalidToken
+	}
+
+	// Finally, verify the signature of the token using the key which signed it.
+	if err := signingKey.Verify(strings.NewReader(t.Raw), t.Header.SigningAlg, t.Signature); err != nil {
+		log.Infof("unable to verify token signature: %s", err)
+		return ErrInvalidToken
+	}
+
+	return nil
+}
+
+// VerifySigningKey attempts to get the key which was used to sign this token.
+// The token header should contain either of these 3 fields:
+//
+//	`x5c` - The x509 certificate chain for the signing key. Needs to be
+//	        verified.
+//	`jwk` - The JSON Web Key representation of the signing key.
+//	        May contain its own `x5c` field which needs to be verified.
+//	`kid` - The unique identifier for the key. This library interprets it
+//	        as a libtrust fingerprint. The key itself can be looked up in
+//	        the trustedKeys field of the given verify options.
+//
+// Each of these methods are tried in that order of preference until the
+// signing key is found or an error is returned.
+func (t *Token) VerifySigningKey(verifyOpts VerifyOptions) (signingKey libtrust.PublicKey, err error) {
+	// First attempt to get an x509 certificate chain from the header.
+	var (
+		x5c    = t.Header.X5c
+		rawJWK = t.Header.RawJWK
+		keyID  = t.Header.KeyID
+	)
+
+	switch {
+	case len(x5c) > 0:
+		signingKey, err = parseAndVerifyCertChain(x5c, verifyOpts.Roots)
+	case rawJWK != nil:
+		signingKey, err = parseAndVerifyRawJWK(rawJWK, verifyOpts)
+	case len(keyID) > 0:
+		signingKey = verifyOpts.TrustedKeys[keyID]
+		if signingKey == nil {
+			err = fmt.Errorf("token signed by untrusted key with ID: %q", keyID)
+		}
+	default:
+		err = errors.New("unable to get token signing key")
+	}
+
+	return
+}
+
+func parseAndVerifyCertChain(x5c []string, roots *x509.CertPool) (leafKey libtrust.PublicKey, err error) {
+	if len(x5c) == 0 {
+		return nil, errors.New("empty x509 certificate chain")
+	}
+
+	// Ensure the first element is encoded correctly.
+	leafCertDer, err := base64.StdEncoding.DecodeString(x5c[0])
+	if err != nil {
+		return nil, fmt.Errorf("unable to decode leaf certificate: %s", err)
+	}
+
+	// And that it is a valid x509 certificate.
+	leafCert, err := x509.ParseCertificate(leafCertDer)
+	if err != nil {
+		return nil, fmt.Errorf("unable to parse leaf certificate: %s", err)
+	}
+
+	// The rest of the certificate chain are intermediate certificates.
+	intermediates := x509.NewCertPool()
+	for i := 1; i < len(x5c); i++ {
+		intermediateCertDer, err := base64.StdEncoding.DecodeString(x5c[i])
+		if err != nil {
+			return nil, fmt.Errorf("unable to decode intermediate certificate: %s", err)
+		}
+
+		intermediateCert, err := x509.ParseCertificate(intermediateCertDer)
+		if err != nil {
+			return nil, fmt.Errorf("unable to parse intermediate certificate: %s", err)
+		}
+
+		intermediates.AddCert(intermediateCert)
+	}
+
+	verifyOpts := x509.VerifyOptions{
+		Intermediates: intermediates,
+		Roots:         roots,
+		KeyUsages:     []x509.ExtKeyUsage{x509.ExtKeyUsageAny},
+	}
+
+	// TODO: this call returns certificate chains which we ignore for now, but
+	// we should check them for revocations if we have the ability later.
+	if _, err = leafCert.Verify(verifyOpts); err != nil {
+		return nil, fmt.Errorf("unable to verify certificate chain: %s", err)
+	}
+
+	// Get the public key from the leaf certificate.
+	leafCryptoKey, ok := leafCert.PublicKey.(crypto.PublicKey)
+	if !ok {
+		return nil, errors.New("unable to get leaf cert public key value")
+	}
+
+	leafKey, err = libtrust.FromCryptoPublicKey(leafCryptoKey)
+	if err != nil {
+		return nil, fmt.Errorf("unable to make libtrust public key from leaf certificate: %s", err)
+	}
+
+	return
+}
+
+func parseAndVerifyRawJWK(rawJWK *json.RawMessage, verifyOpts VerifyOptions) (pubKey libtrust.PublicKey, err error) {
+	pubKey, err = libtrust.UnmarshalPublicKeyJWK([]byte(*rawJWK))
+	if err != nil {
+		return nil, fmt.Errorf("unable to decode raw JWK value: %s", err)
+	}
+
+	// Check to see if the key includes a certificate chain.
+	x5cVal, ok := pubKey.GetExtendedField("x5c").([]interface{})
+	if !ok {
+		// The JWK should be one of the trusted root keys.
+		if _, trusted := verifyOpts.TrustedKeys[pubKey.KeyID()]; !trusted {
+			return nil, errors.New("untrusted JWK with no certificate chain")
+		}
+
+		// The JWK is one of the trusted keys.
+		return
+	}
+
+	// Ensure each item in the chain is of the correct type.
+	x5c := make([]string, len(x5cVal))
+	for i, val := range x5cVal {
+		certString, ok := val.(string)
+		if !ok || len(certString) == 0 {
+			return nil, errors.New("malformed certificate chain")
+		}
+		x5c[i] = certString
+	}
+
+	// Ensure that the x509 certificate chain can
+	// be verified up to one of our trusted roots.
+	leafKey, err := parseAndVerifyCertChain(x5c, verifyOpts.Roots)
+	if err != nil {
+		return nil, fmt.Errorf("could not verify JWK certificate chain: %s", err)
+	}
+
+	// Verify that the public key in the leaf cert *is* the signing key.
+	if pubKey.KeyID() != leafKey.KeyID() {
+		return nil, errors.New("leaf certificate public key ID does not match JWK key ID")
+	}
+
+	return
+}
+
+// accessSet returns a set of actions available for the resource
+// actions listed in the `access` section of this token.
+func (t *Token) accessSet() accessSet {
+	if t.Claims == nil {
+		return nil
+	}
+
+	accessSet := make(accessSet, len(t.Claims.Access))
+
+	for _, resourceActions := range t.Claims.Access {
+		resource := auth.Resource{
+			Type: resourceActions.Type,
+			Name: resourceActions.Name,
+		}
+
+		set, exists := accessSet[resource]
+		if !exists {
+			set = newActionSet()
+			accessSet[resource] = set
+		}
+
+		for _, action := range resourceActions.Actions {
+			set.add(action)
+		}
+	}
+
+	return accessSet
+}
+
+func (t *Token) resources() []auth.Resource {
+	if t.Claims == nil {
+		return nil
+	}
+
+	resourceSet := map[auth.Resource]struct{}{}
+	for _, resourceActions := range t.Claims.Access {
+		resource := auth.Resource{
+			Type:  resourceActions.Type,
+			Class: resourceActions.Class,
+			Name:  resourceActions.Name,
+		}
+		resourceSet[resource] = struct{}{}
+	}
+
+	resources := make([]auth.Resource, 0, len(resourceSet))
+	for resource := range resourceSet {
+		resources = append(resources, resource)
+	}
+
+	return resources
+}
+
+func (t *Token) compactRaw() string {
+	return fmt.Sprintf("%s.%s", t.Raw, joseBase64UrlEncode(t.Signature))
+}
diff --git a/vendor/github.com/docker/distribution/registry/auth/token/util.go b/vendor/github.com/docker/distribution/registry/auth/token/util.go
new file mode 100644
index 000000000..d7f95be42
--- /dev/null
+++ b/vendor/github.com/docker/distribution/registry/auth/token/util.go
@@ -0,0 +1,58 @@
+package token
+
+import (
+	"encoding/base64"
+	"errors"
+	"strings"
+)
+
+// joseBase64UrlEncode encodes the given data using the standard base64 url
+// encoding format but with all trailing '=' characters omitted in accordance
+// with the jose specification.
+// http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-31#section-2
+func joseBase64UrlEncode(b []byte) string {
+	return strings.TrimRight(base64.URLEncoding.EncodeToString(b), "=")
+}
+
+// joseBase64UrlDecode decodes the given string using the standard base64 url
+// decoder but first adds the appropriate number of trailing '=' characters in
+// accordance with the jose specification.
+// http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-31#section-2
+func joseBase64UrlDecode(s string) ([]byte, error) {
+	switch len(s) % 4 {
+	case 0:
+	case 2:
+		s += "=="
+	case 3:
+		s += "="
+	default:
+		return nil, errors.New("illegal base64url string")
+	}
+	return base64.URLEncoding.DecodeString(s)
+}
+
+// actionSet is a special type of stringSet.
+type actionSet struct {
+	stringSet
+}
+
+func newActionSet(actions ...string) actionSet {
+	return actionSet{newStringSet(actions...)}
+}
+
+// Contains calls StringSet.Contains() for
+// either "*" or the given action string.
+func (s actionSet) contains(action string) bool {
+	return s.stringSet.contains("*") || s.stringSet.contains(action)
+}
+
+// contains returns true if q is found in ss.
+func contains(ss []string, q string) bool {
+	for _, s := range ss {
+		if s == q {
+			return true
+		}
+	}
+
+	return false
+}
diff --git a/vendor/github.com/docker/distribution/registry/doc.go b/vendor/github.com/docker/distribution/registry/doc.go
new file mode 100644
index 000000000..a1ba7f3ab
--- /dev/null
+++ b/vendor/github.com/docker/distribution/registry/doc.go
@@ -0,0 +1,2 @@
+// Package registry provides the main entrypoints for running a registry.
+package registry
diff --git a/vendor/github.com/docker/distribution/registry/handlers/app.go b/vendor/github.com/docker/distribution/registry/handlers/app.go
new file mode 100644
index 000000000..8a30bd4de
--- /dev/null
+++ b/vendor/github.com/docker/distribution/registry/handlers/app.go
@@ -0,0 +1,1080 @@
+package handlers
+
+import (
+	"context"
+	"crypto/rand"
+	"expvar"
+	"fmt"
+	"math"
+	"math/big"
+	"net"
+	"net/http"
+	"net/url"
+	"os"
+	"regexp"
+	"runtime"
+	"strings"
+	"time"
+
+	"github.com/docker/distribution"
+	"github.com/docker/distribution/configuration"
+	dcontext "github.com/docker/distribution/context"
+	"github.com/docker/distribution/health"
+	"github.com/docker/distribution/health/checks"
+	prometheus "github.com/docker/distribution/metrics"
+	"github.com/docker/distribution/notifications"
+	"github.com/docker/distribution/reference"
+	"github.com/docker/distribution/registry/api/errcode"
+	v2 "github.com/docker/distribution/registry/api/v2"
+	"github.com/docker/distribution/registry/auth"
+	registrymiddleware "github.com/docker/distribution/registry/middleware/registry"
+	repositorymiddleware "github.com/docker/distribution/registry/middleware/repository"
+	"github.com/docker/distribution/registry/proxy"
+	"github.com/docker/distribution/registry/storage"
+	memorycache "github.com/docker/distribution/registry/storage/cache/memory"
+	rediscache "github.com/docker/distribution/registry/storage/cache/redis"
+	storagedriver "github.com/docker/distribution/registry/storage/driver"
+	"github.com/docker/distribution/registry/storage/driver/factory"
+	storagemiddleware "github.com/docker/distribution/registry/storage/driver/middleware"
+	"github.com/docker/distribution/version"
+	"github.com/docker/go-metrics"
+	"github.com/docker/libtrust"
+	"github.com/garyburd/redigo/redis"
+	"github.com/gorilla/mux"
+	"github.com/sirupsen/logrus"
+)
+
+// randomSecretSize is the number of random bytes to generate if no secret
+// was specified.
+const randomSecretSize = 32
+
+// defaultCheckInterval is the default time in between health checks
+const defaultCheckInterval = 10 * time.Second
+
+// App is a global registry application object. Shared resources can be placed
+// on this object that will be accessible from all requests. Any writable
+// fields should be protected.
+type App struct {
+	context.Context
+
+	Config *configuration.Configuration
+
+	router           *mux.Router                    // main application router, configured with dispatchers
+	driver           storagedriver.StorageDriver    // driver maintains the app global storage driver instance.
+	registry         distribution.Namespace         // registry is the primary registry backend for the app instance.
+	repoRemover      distribution.RepositoryRemover // repoRemover provides ability to delete repos
+	accessController auth.AccessController          // main access controller for application
+
+	// httpHost is a parsed representation of the http.host parameter from
+	// the configuration. Only the Scheme and Host fields are used.
+	httpHost url.URL
+
+	// events contains notification related configuration.
+	events struct {
+		sink   notifications.Sink
+		source notifications.SourceRecord
+	}
+
+	redis *redis.Pool
+
+	// trustKey is a deprecated key used to sign manifests converted to
+	// schema1 for backward compatibility. It should not be used for any
+	// other purposes.
+	trustKey libtrust.PrivateKey
+
+	// isCache is true if this registry is configured as a pull through cache
+	isCache bool
+
+	// readOnly is true if the registry is in a read-only maintenance mode
+	readOnly bool
+}
+
+// NewApp takes a configuration and returns a configured app, ready to serve
+// requests. The app only implements ServeHTTP and can be wrapped in other
+// handlers accordingly.
+func NewApp(ctx context.Context, config *configuration.Configuration) *App {
+	app := &App{
+		Config:  config,
+		Context: ctx,
+		router:  v2.RouterWithPrefix(config.HTTP.Prefix),
+		isCache: config.Proxy.RemoteURL != "",
+	}
+
+	// Register the handler dispatchers.
+	app.register(v2.RouteNameBase, func(ctx *Context, r *http.Request) http.Handler {
+		return http.HandlerFunc(apiBase)
+	})
+	app.register(v2.RouteNameManifest, manifestDispatcher)
+	app.register(v2.RouteNameCatalog, catalogDispatcher)
+	app.register(v2.RouteNameTags, tagsDispatcher)
+	app.register(v2.RouteNameBlob, blobDispatcher)
+	app.register(v2.RouteNameBlobUpload, blobUploadDispatcher)
+	app.register(v2.RouteNameBlobUploadChunk, blobUploadDispatcher)
+
+	// override the storage driver's UA string for registry outbound HTTP requests
+	storageParams := config.Storage.Parameters()
+	if storageParams == nil {
+		storageParams = make(configuration.Parameters)
+	}
+	storageParams["useragent"] = fmt.Sprintf("docker-distribution/%s %s", version.Version, runtime.Version())
+
+	var err error
+	app.driver, err = factory.Create(config.Storage.Type(), storageParams)
+	if err != nil {
+		// TODO(stevvooe): Move the creation of a service into a protected
+		// method, where this is created lazily. Its status can be queried via
+		// a health check.
+		panic(err)
+	}
+
+	purgeConfig := uploadPurgeDefaultConfig()
+	if mc, ok := config.Storage["maintenance"]; ok {
+		if v, ok := mc["uploadpurging"]; ok {
+			purgeConfig, ok = v.(map[interface{}]interface{})
+			if !ok {
+				panic("uploadpurging config key must contain additional keys")
+			}
+		}
+		if v, ok := mc["readonly"]; ok {
+			readOnly, ok := v.(map[interface{}]interface{})
+			if !ok {
+				panic("readonly config key must contain additional keys")
+			}
+			if readOnlyEnabled, ok := readOnly["enabled"]; ok {
+				app.readOnly, ok = readOnlyEnabled.(bool)
+				if !ok {
+					panic("readonly's enabled config key must have a boolean value")
+				}
+			}
+		}
+	}
+
+	startUploadPurger(app, app.driver, dcontext.GetLogger(app), purgeConfig)
+
+	app.driver, err = applyStorageMiddleware(app.driver, config.Middleware["storage"])
+	if err != nil {
+		panic(err)
+	}
+
+	app.configureSecret(config)
+	app.configureEvents(config)
+	app.configureRedis(config)
+	app.configureLogHook(config)
+
+	options := registrymiddleware.GetRegistryOptions()
+	if config.Compatibility.Schema1.TrustKey != "" {
+		app.trustKey, err = libtrust.LoadKeyFile(config.Compatibility.Schema1.TrustKey)
+		if err != nil {
+			panic(fmt.Sprintf(`could not load schema1 "signingkey" parameter: %v`, err))
+		}
+	} else {
+		// Generate an ephemeral key to be used for signing converted manifests
+		// for clients that don't support schema2.
+		app.trustKey, err = libtrust.GenerateECP256PrivateKey()
+		if err != nil {
+			panic(err)
+		}
+	}
+
+	options = append(options, storage.Schema1SigningKey(app.trustKey))
+
+	if config.Compatibility.Schema1.Enabled {
+		options = append(options, storage.EnableSchema1)
+	}
+
+	if config.HTTP.Host != "" {
+		u, err := url.Parse(config.HTTP.Host)
+		if err != nil {
+			panic(fmt.Sprintf(`could not parse http "host" parameter: %v`, err))
+		}
+		app.httpHost = *u
+	}
+
+	if app.isCache {
+		options = append(options, storage.DisableDigestResumption)
+	}
+
+	// configure deletion
+	if d, ok := config.Storage["delete"]; ok {
+		e, ok := d["enabled"]
+		if ok {
+			if deleteEnabled, ok := e.(bool); ok && deleteEnabled {
+				options = append(options, storage.EnableDelete)
+			}
+		}
+	}
+
+	// configure redirects
+	var redirectDisabled bool
+	if redirectConfig, ok := config.Storage["redirect"]; ok {
+		v := redirectConfig["disable"]
+		switch v := v.(type) {
+		case bool:
+			redirectDisabled = v
+		default:
+			panic(fmt.Sprintf("invalid type for redirect config: %#v", redirectConfig))
+		}
+	}
+	if redirectDisabled {
+		dcontext.GetLogger(app).Infof("backend redirection disabled")
+	} else {
+		options = append(options, storage.EnableRedirect)
+	}
+
+	if !config.Validation.Enabled {
+		config.Validation.Enabled = !config.Validation.Disabled
+	}
+
+	// configure validation
+	if config.Validation.Enabled {
+		if len(config.Validation.Manifests.URLs.Allow) == 0 && len(config.Validation.Manifests.URLs.Deny) == 0 {
+			// If Allow and Deny are empty, allow nothing.
+			options = append(options, storage.ManifestURLsAllowRegexp(regexp.MustCompile("^$")))
+		} else {
+			if len(config.Validation.Manifests.URLs.Allow) > 0 {
+				for i, s := range config.Validation.Manifests.URLs.Allow {
+					// Validate via compilation.
+					if _, err := regexp.Compile(s); err != nil {
+						panic(fmt.Sprintf("validation.manifests.urls.allow: %s", err))
+					}
+					// Wrap with non-capturing group.
+					config.Validation.Manifests.URLs.Allow[i] = fmt.Sprintf("(?:%s)", s)
+				}
+				re := regexp.MustCompile(strings.Join(config.Validation.Manifests.URLs.Allow, "|"))
+				options = append(options, storage.ManifestURLsAllowRegexp(re))
+			}
+			if len(config.Validation.Manifests.URLs.Deny) > 0 {
+				for i, s := range config.Validation.Manifests.URLs.Deny {
+					// Validate via compilation.
+					if _, err := regexp.Compile(s); err != nil {
+						panic(fmt.Sprintf("validation.manifests.urls.deny: %s", err))
+					}
+					// Wrap with non-capturing group.
+					config.Validation.Manifests.URLs.Deny[i] = fmt.Sprintf("(?:%s)", s)
+				}
+				re := regexp.MustCompile(strings.Join(config.Validation.Manifests.URLs.Deny, "|"))
+				options = append(options, storage.ManifestURLsDenyRegexp(re))
+			}
+		}
+	}
+
+	// configure storage caches
+	if cc, ok := config.Storage["cache"]; ok {
+		v, ok := cc["blobdescriptor"]
+		if !ok {
+			// Backwards compatible: "layerinfo" == "blobdescriptor"
+			v = cc["layerinfo"]
+		}
+
+		switch v {
+		case "redis":
+			if app.redis == nil {
+				panic("redis configuration required to use for layerinfo cache")
+			}
+			cacheProvider := rediscache.NewRedisBlobDescriptorCacheProvider(app.redis)
+			localOptions := append(options, storage.BlobDescriptorCacheProvider(cacheProvider))
+			app.registry, err = storage.NewRegistry(app, app.driver, localOptions...)
+			if err != nil {
+				panic("could not create registry: " + err.Error())
+			}
+			dcontext.GetLogger(app).Infof("using redis blob descriptor cache")
+		case "inmemory":
+			cacheProvider := memorycache.NewInMemoryBlobDescriptorCacheProvider()
+			localOptions := append(options, storage.BlobDescriptorCacheProvider(cacheProvider))
+			app.registry, err = storage.NewRegistry(app, app.driver, localOptions...)
+			if err != nil {
+				panic("could not create registry: " + err.Error())
+			}
+			dcontext.GetLogger(app).Infof("using inmemory blob descriptor cache")
+		default:
+			if v != "" {
+				dcontext.GetLogger(app).Warnf("unknown cache type %q, caching disabled", config.Storage["cache"])
+			}
+		}
+	}
+
+	if app.registry == nil {
+		// configure the registry if no cache section is available.
+		app.registry, err = storage.NewRegistry(app.Context, app.driver, options...)
+		if err != nil {
+			panic("could not create registry: " + err.Error())
+		}
+	}
+
+	app.registry, err = applyRegistryMiddleware(app, app.registry, config.Middleware["registry"])
+	if err != nil {
+		panic(err)
+	}
+
+	authType := config.Auth.Type()
+
+	if authType != "" && !strings.EqualFold(authType, "none") {
+		accessController, err := auth.GetAccessController(config.Auth.Type(), config.Auth.Parameters())
+		if err != nil {
+			panic(fmt.Sprintf("unable to configure authorization (%s): %v", authType, err))
+		}
+		app.accessController = accessController
+		dcontext.GetLogger(app).Debugf("configured %q access controller", authType)
+	}
+
+	// configure as a pull through cache
+	if config.Proxy.RemoteURL != "" {
+		app.registry, err = proxy.NewRegistryPullThroughCache(ctx, app.registry, app.driver, config.Proxy)
+		if err != nil {
+			panic(err.Error())
+		}
+		app.isCache = true
+		dcontext.GetLogger(app).Info("Registry configured as a proxy cache to ", config.Proxy.RemoteURL)
+	}
+	var ok bool
+	app.repoRemover, ok = app.registry.(distribution.RepositoryRemover)
+	if !ok {
+		dcontext.GetLogger(app).Warnf("Registry does not implement RempositoryRemover. Will not be able to delete repos and tags")
+	}
+
+	return app
+}
+
+// RegisterHealthChecks is an awful hack to defer health check registration
+// control to callers. This should only ever be called once per registry
+// process, typically in a main function. The correct way would be register
+// health checks outside of app, since multiple apps may exist in the same
+// process. Because the configuration and app are tightly coupled,
+// implementing this properly will require a refactor. This method may panic
+// if called twice in the same process.
+func (app *App) RegisterHealthChecks(healthRegistries ...*health.Registry) {
+	if len(healthRegistries) > 1 {
+		panic("RegisterHealthChecks called with more than one registry")
+	}
+	healthRegistry := health.DefaultRegistry
+	if len(healthRegistries) == 1 {
+		healthRegistry = healthRegistries[0]
+	}
+
+	if app.Config.Health.StorageDriver.Enabled {
+		interval := app.Config.Health.StorageDriver.Interval
+		if interval == 0 {
+			interval = defaultCheckInterval
+		}
+
+		storageDriverCheck := func() error {
+			_, err := app.driver.Stat(app, "/") // "/" should always exist
+			if _, ok := err.(storagedriver.PathNotFoundError); ok {
+				err = nil // pass this through, backend is responding, but this path doesn't exist.
+			}
+			return err
+		}
+
+		if app.Config.Health.StorageDriver.Threshold != 0 {
+			healthRegistry.RegisterPeriodicThresholdFunc("storagedriver_"+app.Config.Storage.Type(), interval, app.Config.Health.StorageDriver.Threshold, storageDriverCheck)
+		} else {
+			healthRegistry.RegisterPeriodicFunc("storagedriver_"+app.Config.Storage.Type(), interval, storageDriverCheck)
+		}
+	}
+
+	for _, fileChecker := range app.Config.Health.FileCheckers {
+		interval := fileChecker.Interval
+		if interval == 0 {
+			interval = defaultCheckInterval
+		}
+		dcontext.GetLogger(app).Infof("configuring file health check path=%s, interval=%d", fileChecker.File, interval/time.Second)
+		healthRegistry.Register(fileChecker.File, health.PeriodicChecker(checks.FileChecker(fileChecker.File), interval))
+	}
+
+	for _, httpChecker := range app.Config.Health.HTTPCheckers {
+		interval := httpChecker.Interval
+		if interval == 0 {
+			interval = defaultCheckInterval
+		}
+
+		statusCode := httpChecker.StatusCode
+		if statusCode == 0 {
+			statusCode = 200
+		}
+
+		checker := checks.HTTPChecker(httpChecker.URI, statusCode, httpChecker.Timeout, httpChecker.Headers)
+
+		if httpChecker.Threshold != 0 {
+			dcontext.GetLogger(app).Infof("configuring HTTP health check uri=%s, interval=%d, threshold=%d", httpChecker.URI, interval/time.Second, httpChecker.Threshold)
+			healthRegistry.Register(httpChecker.URI, health.PeriodicThresholdChecker(checker, interval, httpChecker.Threshold))
+		} else {
+			dcontext.GetLogger(app).Infof("configuring HTTP health check uri=%s, interval=%d", httpChecker.URI, interval/time.Second)
+			healthRegistry.Register(httpChecker.URI, health.PeriodicChecker(checker, interval))
+		}
+	}
+
+	for _, tcpChecker := range app.Config.Health.TCPCheckers {
+		interval := tcpChecker.Interval
+		if interval == 0 {
+			interval = defaultCheckInterval
+		}
+
+		checker := checks.TCPChecker(tcpChecker.Addr, tcpChecker.Timeout)
+
+		if tcpChecker.Threshold != 0 {
+			dcontext.GetLogger(app).Infof("configuring TCP health check addr=%s, interval=%d, threshold=%d", tcpChecker.Addr, interval/time.Second, tcpChecker.Threshold)
+			healthRegistry.Register(tcpChecker.Addr, health.PeriodicThresholdChecker(checker, interval, tcpChecker.Threshold))
+		} else {
+			dcontext.GetLogger(app).Infof("configuring TCP health check addr=%s, interval=%d", tcpChecker.Addr, interval/time.Second)
+			healthRegistry.Register(tcpChecker.Addr, health.PeriodicChecker(checker, interval))
+		}
+	}
+}
+
+// register a handler with the application, by route name. The handler will be
+// passed through the application filters and context will be constructed at
+// request time.
+func (app *App) register(routeName string, dispatch dispatchFunc) {
+	handler := app.dispatcher(dispatch)
+
+	// Chain the handler with prometheus instrumented handler
+	if app.Config.HTTP.Debug.Prometheus.Enabled {
+		namespace := metrics.NewNamespace(prometheus.NamespacePrefix, "http", nil)
+		httpMetrics := namespace.NewDefaultHttpMetrics(strings.Replace(routeName, "-", "_", -1))
+		metrics.Register(namespace)
+		handler = metrics.InstrumentHandler(httpMetrics, handler)
+	}
+
+	// TODO(stevvooe): This odd dispatcher/route registration is by-product of
+	// some limitations in the gorilla/mux router. We are using it to keep
+	// routing consistent between the client and server, but we may want to
+	// replace it with manual routing and structure-based dispatch for better
+	// control over the request execution.
+
+	app.router.GetRoute(routeName).Handler(handler)
+}
+
+// configureEvents prepares the event sink for action.
+func (app *App) configureEvents(configuration *configuration.Configuration) {
+	// Configure all of the endpoint sinks.
+	var sinks []notifications.Sink
+	for _, endpoint := range configuration.Notifications.Endpoints {
+		if endpoint.Disabled {
+			dcontext.GetLogger(app).Infof("endpoint %s disabled, skipping", endpoint.Name)
+			continue
+		}
+
+		dcontext.GetLogger(app).Infof("configuring endpoint %v (%v), timeout=%s, headers=%v", endpoint.Name, endpoint.URL, endpoint.Timeout, endpoint.Headers)
+		endpoint := notifications.NewEndpoint(endpoint.Name, endpoint.URL, notifications.EndpointConfig{
+			Timeout:           endpoint.Timeout,
+			Threshold:         endpoint.Threshold,
+			Backoff:           endpoint.Backoff,
+			Headers:           endpoint.Headers,
+			IgnoredMediaTypes: endpoint.IgnoredMediaTypes,
+			Ignore:            endpoint.Ignore,
+		})
+
+		sinks = append(sinks, endpoint)
+	}
+
+	// NOTE(stevvooe): Moving to a new queuing implementation is as easy as
+	// replacing broadcaster with a rabbitmq implementation. It's recommended
+	// that the registry instances also act as the workers to keep deployment
+	// simple.
+	app.events.sink = notifications.NewBroadcaster(sinks...)
+
+	// Populate registry event source
+	hostname, err := os.Hostname()
+	if err != nil {
+		hostname = configuration.HTTP.Addr
+	} else {
+		// try to pick the port off the config
+		_, port, err := net.SplitHostPort(configuration.HTTP.Addr)
+		if err == nil {
+			hostname = net.JoinHostPort(hostname, port)
+		}
+	}
+
+	app.events.source = notifications.SourceRecord{
+		Addr:       hostname,
+		InstanceID: dcontext.GetStringValue(app, "instance.id"),
+	}
+}
+
+type redisStartAtKey struct{}
+
+func (app *App) configureRedis(configuration *configuration.Configuration) {
+	if configuration.Redis.Addr == "" {
+		dcontext.GetLogger(app).Infof("redis not configured")
+		return
+	}
+
+	pool := &redis.Pool{
+		Dial: func() (redis.Conn, error) {
+			// TODO(stevvooe): Yet another use case for contextual timing.
+			ctx := context.WithValue(app, redisStartAtKey{}, time.Now())
+
+			done := func(err error) {
+				logger := dcontext.GetLoggerWithField(ctx, "redis.connect.duration",
+					dcontext.Since(ctx, redisStartAtKey{}))
+				if err != nil {
+					logger.Errorf("redis: error connecting: %v", err)
+				} else {
+					logger.Infof("redis: connect %v", configuration.Redis.Addr)
+				}
+			}
+
+			conn, err := redis.DialTimeout("tcp",
+				configuration.Redis.Addr,
+				configuration.Redis.DialTimeout,
+				configuration.Redis.ReadTimeout,
+				configuration.Redis.WriteTimeout)
+			if err != nil {
+				dcontext.GetLogger(app).Errorf("error connecting to redis instance %s: %v",
+					configuration.Redis.Addr, err)
+				done(err)
+				return nil, err
+			}
+
+			// authorize the connection
+			if configuration.Redis.Password != "" {
+				if _, err = conn.Do("AUTH", configuration.Redis.Password); err != nil {
+					defer conn.Close()
+					done(err)
+					return nil, err
+				}
+			}
+
+			// select the database to use
+			if configuration.Redis.DB != 0 {
+				if _, err = conn.Do("SELECT", configuration.Redis.DB); err != nil {
+					defer conn.Close()
+					done(err)
+					return nil, err
+				}
+			}
+
+			done(nil)
+			return conn, nil
+		},
+		MaxIdle:     configuration.Redis.Pool.MaxIdle,
+		MaxActive:   configuration.Redis.Pool.MaxActive,
+		IdleTimeout: configuration.Redis.Pool.IdleTimeout,
+		TestOnBorrow: func(c redis.Conn, t time.Time) error {
+			// TODO(stevvooe): We can probably do something more interesting
+			// here with the health package.
+			_, err := c.Do("PING")
+			return err
+		},
+		Wait: false, // if a connection is not available, proceed without cache.
+	}
+
+	app.redis = pool
+
+	// setup expvar
+	registry := expvar.Get("registry")
+	if registry == nil {
+		registry = expvar.NewMap("registry")
+	}
+
+	registry.(*expvar.Map).Set("redis", expvar.Func(func() interface{} {
+		return map[string]interface{}{
+			"Config": configuration.Redis,
+			"Active": app.redis.ActiveCount(),
+		}
+	}))
+}
+
+// configureLogHook prepares logging hook parameters.
+func (app *App) configureLogHook(configuration *configuration.Configuration) {
+	entry, ok := dcontext.GetLogger(app).(*logrus.Entry)
+	if !ok {
+		// somehow, we are not using logrus
+		return
+	}
+
+	logger := entry.Logger
+
+	for _, configHook := range configuration.Log.Hooks {
+		if !configHook.Disabled {
+			switch configHook.Type {
+			case "mail":
+				hook := &logHook{}
+				hook.LevelsParam = configHook.Levels
+				hook.Mail = &mailer{
+					Addr:     configHook.MailOptions.SMTP.Addr,
+					Username: configHook.MailOptions.SMTP.Username,
+					Password: configHook.MailOptions.SMTP.Password,
+					Insecure: configHook.MailOptions.SMTP.Insecure,
+					From:     configHook.MailOptions.From,
+					To:       configHook.MailOptions.To,
+				}
+				logger.Hooks.Add(hook)
+			default:
+			}
+		}
+	}
+}
+
+// configureSecret creates a random secret if a secret wasn't included in the
+// configuration.
+func (app *App) configureSecret(configuration *configuration.Configuration) {
+	if configuration.HTTP.Secret == "" {
+		var secretBytes [randomSecretSize]byte
+		if _, err := rand.Read(secretBytes[:]); err != nil {
+			panic(fmt.Sprintf("could not generate random bytes for HTTP secret: %v", err))
+		}
+		configuration.HTTP.Secret = string(secretBytes[:])
+		dcontext.GetLogger(app).Warn("No HTTP secret provided - generated random secret. This may cause problems with uploads if multiple registries are behind a load-balancer. To provide a shared secret, fill in http.secret in the configuration file or set the REGISTRY_HTTP_SECRET environment variable.")
+	}
+}
+
+func (app *App) ServeHTTP(w http.ResponseWriter, r *http.Request) {
+	defer r.Body.Close() // ensure that request body is always closed.
+
+	// Prepare the context with our own little decorations.
+	ctx := r.Context()
+	ctx = dcontext.WithRequest(ctx, r)
+	ctx, w = dcontext.WithResponseWriter(ctx, w)
+	ctx = dcontext.WithLogger(ctx, dcontext.GetRequestLogger(ctx))
+	r = r.WithContext(ctx)
+
+	defer func() {
+		status, ok := ctx.Value("http.response.status").(int)
+		if ok && status >= 200 && status <= 399 {
+			dcontext.GetResponseLogger(r.Context()).Infof("response completed")
+		}
+	}()
+
+	// Set a header with the Docker Distribution API Version for all responses.
+	w.Header().Add("Docker-Distribution-API-Version", "registry/2.0")
+	app.router.ServeHTTP(w, r)
+}
+
+// dispatchFunc takes a context and request and returns a constructed handler
+// for the route. The dispatcher will use this to dynamically create request
+// specific handlers for each endpoint without creating a new router for each
+// request.
+type dispatchFunc func(ctx *Context, r *http.Request) http.Handler
+
+// TODO(stevvooe): dispatchers should probably have some validation error
+// chain with proper error reporting.
+
+// dispatcher returns a handler that constructs a request specific context and
+// handler, using the dispatch factory function.
+func (app *App) dispatcher(dispatch dispatchFunc) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		for headerName, headerValues := range app.Config.HTTP.Headers {
+			for _, value := range headerValues {
+				w.Header().Add(headerName, value)
+			}
+		}
+
+		context := app.context(w, r)
+
+		if err := app.authorized(w, r, context); err != nil {
+			dcontext.GetLogger(context).Warnf("error authorizing context: %v", err)
+			return
+		}
+
+		// Add username to request logging
+		context.Context = dcontext.WithLogger(context.Context, dcontext.GetLogger(context.Context, auth.UserNameKey))
+
+		// sync up context on the request.
+		r = r.WithContext(context)
+
+		if app.nameRequired(r) {
+			nameRef, err := reference.WithName(getName(context))
+			if err != nil {
+				dcontext.GetLogger(context).Errorf("error parsing reference from context: %v", err)
+				context.Errors = append(context.Errors, distribution.ErrRepositoryNameInvalid{
+					Name:   getName(context),
+					Reason: err,
+				})
+				if err := errcode.ServeJSON(w, context.Errors); err != nil {
+					dcontext.GetLogger(context).Errorf("error serving error json: %v (from %v)", err, context.Errors)
+				}
+				return
+			}
+			repository, err := app.registry.Repository(context, nameRef)
+
+			if err != nil {
+				dcontext.GetLogger(context).Errorf("error resolving repository: %v", err)
+
+				switch err := err.(type) {
+				case distribution.ErrRepositoryUnknown:
+					context.Errors = append(context.Errors, v2.ErrorCodeNameUnknown.WithDetail(err))
+				case distribution.ErrRepositoryNameInvalid:
+					context.Errors = append(context.Errors, v2.ErrorCodeNameInvalid.WithDetail(err))
+				case errcode.Error:
+					context.Errors = append(context.Errors, err)
+				}
+
+				if err := errcode.ServeJSON(w, context.Errors); err != nil {
+					dcontext.GetLogger(context).Errorf("error serving error json: %v (from %v)", err, context.Errors)
+				}
+				return
+			}
+
+			// assign and decorate the authorized repository with an event bridge.
+			context.Repository, context.RepositoryRemover = notifications.Listen(
+				repository,
+				context.App.repoRemover,
+				app.eventBridge(context, r))
+
+			context.Repository, err = applyRepoMiddleware(app, context.Repository, app.Config.Middleware["repository"])
+			if err != nil {
+				dcontext.GetLogger(context).Errorf("error initializing repository middleware: %v", err)
+				context.Errors = append(context.Errors, errcode.ErrorCodeUnknown.WithDetail(err))
+
+				if err := errcode.ServeJSON(w, context.Errors); err != nil {
+					dcontext.GetLogger(context).Errorf("error serving error json: %v (from %v)", err, context.Errors)
+				}
+				return
+			}
+		}
+
+		dispatch(context, r).ServeHTTP(w, r)
+		// Automated error response handling here. Handlers may return their
+		// own errors if they need different behavior (such as range errors
+		// for layer upload).
+		if context.Errors.Len() > 0 {
+			if err := errcode.ServeJSON(w, context.Errors); err != nil {
+				dcontext.GetLogger(context).Errorf("error serving error json: %v (from %v)", err, context.Errors)
+			}
+
+			app.logError(context, context.Errors)
+		}
+	})
+}
+
+type errCodeKey struct{}
+
+func (errCodeKey) String() string { return "err.code" }
+
+type errMessageKey struct{}
+
+func (errMessageKey) String() string { return "err.message" }
+
+type errDetailKey struct{}
+
+func (errDetailKey) String() string { return "err.detail" }
+
+func (app *App) logError(ctx context.Context, errors errcode.Errors) {
+	for _, e1 := range errors {
+		var c context.Context
+
+		switch e := e1.(type) {
+		case errcode.Error:
+			c = context.WithValue(ctx, errCodeKey{}, e.Code)
+			c = context.WithValue(c, errMessageKey{}, e.Message)
+			c = context.WithValue(c, errDetailKey{}, e.Detail)
+		case errcode.ErrorCode:
+			c = context.WithValue(ctx, errCodeKey{}, e)
+			c = context.WithValue(c, errMessageKey{}, e.Message())
+		default:
+			// just normal go 'error'
+			c = context.WithValue(ctx, errCodeKey{}, errcode.ErrorCodeUnknown)
+			c = context.WithValue(c, errMessageKey{}, e.Error())
+		}
+
+		c = dcontext.WithLogger(c, dcontext.GetLogger(c,
+			errCodeKey{},
+			errMessageKey{},
+			errDetailKey{}))
+		dcontext.GetResponseLogger(c).Errorf("response completed with error")
+	}
+}
+
+// context constructs the context object for the application. This only be
+// called once per request.
+func (app *App) context(w http.ResponseWriter, r *http.Request) *Context {
+	ctx := r.Context()
+	ctx = dcontext.WithVars(ctx, r)
+	ctx = dcontext.WithLogger(ctx, dcontext.GetLogger(ctx,
+		"vars.name",
+		"vars.reference",
+		"vars.digest",
+		"vars.uuid"))
+
+	context := &Context{
+		App:     app,
+		Context: ctx,
+	}
+
+	if app.httpHost.Scheme != "" && app.httpHost.Host != "" {
+		// A "host" item in the configuration takes precedence over
+		// X-Forwarded-Proto and X-Forwarded-Host headers, and the
+		// hostname in the request.
+		context.urlBuilder = v2.NewURLBuilder(&app.httpHost, false)
+	} else {
+		context.urlBuilder = v2.NewURLBuilderFromRequest(r, app.Config.HTTP.RelativeURLs)
+	}
+
+	return context
+}
+
+// authorized checks if the request can proceed with access to the requested
+// repository. If it succeeds, the context may access the requested
+// repository. An error will be returned if access is not available.
+func (app *App) authorized(w http.ResponseWriter, r *http.Request, context *Context) error {
+	dcontext.GetLogger(context).Debug("authorizing request")
+	repo := getName(context)
+
+	if app.accessController == nil {
+		return nil // access controller is not enabled.
+	}
+
+	var accessRecords []auth.Access
+
+	if repo != "" {
+		accessRecords = appendAccessRecords(accessRecords, r.Method, repo)
+		if fromRepo := r.FormValue("from"); fromRepo != "" {
+			// mounting a blob from one repository to another requires pull (GET)
+			// access to the source repository.
+			accessRecords = appendAccessRecords(accessRecords, "GET", fromRepo)
+		}
+	} else {
+		// Only allow the name not to be set on the base route.
+		if app.nameRequired(r) {
+			// For this to be properly secured, repo must always be set for a
+			// resource that may make a modification. The only condition under
+			// which name is not set and we still allow access is when the
+			// base route is accessed. This section prevents us from making
+			// that mistake elsewhere in the code, allowing any operation to
+			// proceed.
+			if err := errcode.ServeJSON(w, errcode.ErrorCodeUnauthorized); err != nil {
+				dcontext.GetLogger(context).Errorf("error serving error json: %v (from %v)", err, context.Errors)
+			}
+			return fmt.Errorf("forbidden: no repository name")
+		}
+		accessRecords = appendCatalogAccessRecord(accessRecords, r)
+	}
+
+	ctx, err := app.accessController.Authorized(context.Context, accessRecords...)
+	if err != nil {
+		switch err := err.(type) {
+		case auth.Challenge:
+			// Add the appropriate WWW-Auth header
+			err.SetHeaders(r, w)
+
+			if err := errcode.ServeJSON(w, errcode.ErrorCodeUnauthorized.WithDetail(accessRecords)); err != nil {
+				dcontext.GetLogger(context).Errorf("error serving error json: %v (from %v)", err, context.Errors)
+			}
+		default:
+			// This condition is a potential security problem either in
+			// the configuration or whatever is backing the access
+			// controller. Just return a bad request with no information
+			// to avoid exposure. The request should not proceed.
+			dcontext.GetLogger(context).Errorf("error checking authorization: %v", err)
+			w.WriteHeader(http.StatusBadRequest)
+		}
+
+		return err
+	}
+
+	dcontext.GetLogger(ctx).Info("authorized request")
+	// TODO(stevvooe): This pattern needs to be cleaned up a bit. One context
+	// should be replaced by another, rather than replacing the context on a
+	// mutable object.
+	context.Context = ctx
+	return nil
+}
+
+// eventBridge returns a bridge for the current request, configured with the
+// correct actor and source.
+func (app *App) eventBridge(ctx *Context, r *http.Request) notifications.Listener {
+	actor := notifications.ActorRecord{
+		Name: getUserName(ctx, r),
+	}
+	request := notifications.NewRequestRecord(dcontext.GetRequestID(ctx), r)
+
+	return notifications.NewBridge(ctx.urlBuilder, app.events.source, actor, request, app.events.sink, app.Config.Notifications.EventConfig.IncludeReferences)
+}
+
+// nameRequired returns true if the route requires a name.
+func (app *App) nameRequired(r *http.Request) bool {
+	route := mux.CurrentRoute(r)
+	if route == nil {
+		return true
+	}
+	routeName := route.GetName()
+	return routeName != v2.RouteNameBase && routeName != v2.RouteNameCatalog
+}
+
+// apiBase implements a simple yes-man for doing overall checks against the
+// api. This can support auth roundtrips to support docker login.
+func apiBase(w http.ResponseWriter, r *http.Request) {
+	const emptyJSON = "{}"
+	// Provide a simple /v2/ 200 OK response with empty json response.
+	w.Header().Set("Content-Type", "application/json; charset=utf-8")
+	w.Header().Set("Content-Length", fmt.Sprint(len(emptyJSON)))
+
+	fmt.Fprint(w, emptyJSON)
+}
+
+// appendAccessRecords checks the method and adds the appropriate Access records to the records list.
+func appendAccessRecords(records []auth.Access, method string, repo string) []auth.Access {
+	resource := auth.Resource{
+		Type: "repository",
+		Name: repo,
+	}
+
+	switch method {
+	case "GET", "HEAD":
+		records = append(records,
+			auth.Access{
+				Resource: resource,
+				Action:   "pull",
+			})
+	case "POST", "PUT", "PATCH":
+		records = append(records,
+			auth.Access{
+				Resource: resource,
+				Action:   "pull",
+			},
+			auth.Access{
+				Resource: resource,
+				Action:   "push",
+			})
+	case "DELETE":
+		records = append(records,
+			auth.Access{
+				Resource: resource,
+				Action:   "delete",
+			})
+	}
+	return records
+}
+
+// Add the access record for the catalog if it's our current route
+func appendCatalogAccessRecord(accessRecords []auth.Access, r *http.Request) []auth.Access {
+	route := mux.CurrentRoute(r)
+	routeName := route.GetName()
+
+	if routeName == v2.RouteNameCatalog {
+		resource := auth.Resource{
+			Type: "registry",
+			Name: "catalog",
+		}
+
+		accessRecords = append(accessRecords,
+			auth.Access{
+				Resource: resource,
+				Action:   "*",
+			})
+	}
+	return accessRecords
+}
+
+// applyRegistryMiddleware wraps a registry instance with the configured middlewares
+func applyRegistryMiddleware(ctx context.Context, registry distribution.Namespace, middlewares []configuration.Middleware) (distribution.Namespace, error) {
+	for _, mw := range middlewares {
+		rmw, err := registrymiddleware.Get(ctx, mw.Name, mw.Options, registry)
+		if err != nil {
+			return nil, fmt.Errorf("unable to configure registry middleware (%s): %s", mw.Name, err)
+		}
+		registry = rmw
+	}
+	return registry, nil
+
+}
+
+// applyRepoMiddleware wraps a repository with the configured middlewares
+func applyRepoMiddleware(ctx context.Context, repository distribution.Repository, middlewares []configuration.Middleware) (distribution.Repository, error) {
+	for _, mw := range middlewares {
+		rmw, err := repositorymiddleware.Get(ctx, mw.Name, mw.Options, repository)
+		if err != nil {
+			return nil, err
+		}
+		repository = rmw
+	}
+	return repository, nil
+}
+
+// applyStorageMiddleware wraps a storage driver with the configured middlewares
+func applyStorageMiddleware(driver storagedriver.StorageDriver, middlewares []configuration.Middleware) (storagedriver.StorageDriver, error) {
+	for _, mw := range middlewares {
+		smw, err := storagemiddleware.Get(mw.Name, mw.Options, driver)
+		if err != nil {
+			return nil, fmt.Errorf("unable to configure storage middleware (%s): %v", mw.Name, err)
+		}
+		driver = smw
+	}
+	return driver, nil
+}
+
+// uploadPurgeDefaultConfig provides a default configuration for upload
+// purging to be used in the absence of configuration in the
+// configuration file
+func uploadPurgeDefaultConfig() map[interface{}]interface{} {
+	config := map[interface{}]interface{}{}
+	config["enabled"] = true
+	config["age"] = "168h"
+	config["interval"] = "24h"
+	config["dryrun"] = false
+	return config
+}
+
+func badPurgeUploadConfig(reason string) {
+	panic(fmt.Sprintf("Unable to parse upload purge configuration: %s", reason))
+}
+
+// startUploadPurger schedules a goroutine which will periodically
+// check upload directories for old files and delete them
+func startUploadPurger(ctx context.Context, storageDriver storagedriver.StorageDriver, log dcontext.Logger, config map[interface{}]interface{}) {
+	if config["enabled"] == false {
+		return
+	}
+
+	var purgeAgeDuration time.Duration
+	var err error
+	purgeAge, ok := config["age"]
+	if ok {
+		ageStr, ok := purgeAge.(string)
+		if !ok {
+			badPurgeUploadConfig("age is not a string")
+		}
+		purgeAgeDuration, err = time.ParseDuration(ageStr)
+		if err != nil {
+			badPurgeUploadConfig(fmt.Sprintf("Cannot parse duration: %s", err.Error()))
+		}
+	} else {
+		badPurgeUploadConfig("age missing")
+	}
+
+	var intervalDuration time.Duration
+	interval, ok := config["interval"]
+	if ok {
+		intervalStr, ok := interval.(string)
+		if !ok {
+			badPurgeUploadConfig("interval is not a string")
+		}
+
+		intervalDuration, err = time.ParseDuration(intervalStr)
+		if err != nil {
+			badPurgeUploadConfig(fmt.Sprintf("Cannot parse interval: %s", err.Error()))
+		}
+	} else {
+		badPurgeUploadConfig("interval missing")
+	}
+
+	var dryRunBool bool
+	dryRun, ok := config["dryrun"]
+	if ok {
+		dryRunBool, ok = dryRun.(bool)
+		if !ok {
+			badPurgeUploadConfig("cannot parse dryrun")
+		}
+	} else {
+		badPurgeUploadConfig("dryrun missing")
+	}
+
+	go func() {
+		randInt, err := rand.Int(rand.Reader, new(big.Int).SetInt64(math.MaxInt64))
+		if err != nil {
+			log.Infof("Failed to generate random jitter: %v", err)
+			// sleep 30min for failure case
+			randInt = big.NewInt(30)
+		}
+		jitter := time.Duration(randInt.Int64()%60) * time.Minute
+		log.Infof("Starting upload purge in %s", jitter)
+		time.Sleep(jitter)
+
+		for {
+			storage.PurgeUploads(ctx, storageDriver, time.Now().Add(-purgeAgeDuration), !dryRunBool)
+			log.Infof("Starting upload purge in %s", intervalDuration)
+			time.Sleep(intervalDuration)
+		}
+	}()
+}
diff --git a/vendor/github.com/docker/distribution/registry/handlers/basicauth.go b/vendor/github.com/docker/distribution/registry/handlers/basicauth.go
new file mode 100644
index 000000000..a41965dcf
--- /dev/null
+++ b/vendor/github.com/docker/distribution/registry/handlers/basicauth.go
@@ -0,0 +1,12 @@
+//go:build go1.4
+// +build go1.4
+
+package handlers
+
+import (
+	"net/http"
+)
+
+func basicAuth(r *http.Request) (username, password string, ok bool) {
+	return r.BasicAuth()
+}
diff --git a/vendor/github.com/docker/distribution/registry/handlers/basicauth_prego14.go b/vendor/github.com/docker/distribution/registry/handlers/basicauth_prego14.go
new file mode 100644
index 000000000..01290adfe
--- /dev/null
+++ b/vendor/github.com/docker/distribution/registry/handlers/basicauth_prego14.go
@@ -0,0 +1,42 @@
+//go:build !go1.4
+// +build !go1.4
+
+package handlers
+
+import (
+	"encoding/base64"
+	"net/http"
+	"strings"
+)
+
+// NOTE(stevvooe): This is basic auth support from go1.4 present to ensure we
+// can compile on go1.3 and earlier.
+
+// BasicAuth returns the username and password provided in the request's
+// Authorization header, if the request uses HTTP Basic Authentication.
+// See RFC 2617, Section 2.
+func basicAuth(r *http.Request) (username, password string, ok bool) {
+	auth := r.Header.Get("Authorization")
+	if auth == "" {
+		return
+	}
+	return parseBasicAuth(auth)
+}
+
+// parseBasicAuth parses an HTTP Basic Authentication string.
+// "Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==" returns ("Aladdin", "open sesame", true).
+func parseBasicAuth(auth string) (username, password string, ok bool) {
+	if !strings.HasPrefix(auth, "Basic ") {
+		return
+	}
+	c, err := base64.StdEncoding.DecodeString(strings.TrimPrefix(auth, "Basic "))
+	if err != nil {
+		return
+	}
+	cs := string(c)
+	s := strings.IndexByte(cs, ':')
+	if s < 0 {
+		return
+	}
+	return cs[:s], cs[s+1:], true
+}
diff --git a/vendor/github.com/docker/distribution/registry/handlers/blob.go b/vendor/github.com/docker/distribution/registry/handlers/blob.go
new file mode 100644
index 000000000..515fdad0a
--- /dev/null
+++ b/vendor/github.com/docker/distribution/registry/handlers/blob.go
@@ -0,0 +1,99 @@
+package handlers
+
+import (
+	"net/http"
+
+	"github.com/docker/distribution"
+	"github.com/docker/distribution/context"
+	"github.com/docker/distribution/registry/api/errcode"
+	v2 "github.com/docker/distribution/registry/api/v2"
+	"github.com/gorilla/handlers"
+	"github.com/opencontainers/go-digest"
+)
+
+// blobDispatcher uses the request context to build a blobHandler.
+func blobDispatcher(ctx *Context, r *http.Request) http.Handler {
+	dgst, err := getDigest(ctx)
+	if err != nil {
+
+		if err == errDigestNotAvailable {
+			return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+				ctx.Errors = append(ctx.Errors, v2.ErrorCodeDigestInvalid.WithDetail(err))
+			})
+		}
+
+		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			ctx.Errors = append(ctx.Errors, v2.ErrorCodeDigestInvalid.WithDetail(err))
+		})
+	}
+
+	blobHandler := &blobHandler{
+		Context: ctx,
+		Digest:  dgst,
+	}
+
+	mhandler := handlers.MethodHandler{
+		"GET":  http.HandlerFunc(blobHandler.GetBlob),
+		"HEAD": http.HandlerFunc(blobHandler.GetBlob),
+	}
+
+	if !ctx.readOnly {
+		mhandler["DELETE"] = http.HandlerFunc(blobHandler.DeleteBlob)
+	}
+
+	return mhandler
+}
+
+// blobHandler serves http blob requests.
+type blobHandler struct {
+	*Context
+
+	Digest digest.Digest
+}
+
+// GetBlob fetches the binary data from backend storage returns it in the
+// response.
+func (bh *blobHandler) GetBlob(w http.ResponseWriter, r *http.Request) {
+	context.GetLogger(bh).Debug("GetBlob")
+	blobs := bh.Repository.Blobs(bh)
+	desc, err := blobs.Stat(bh, bh.Digest)
+	if err != nil {
+		if err == distribution.ErrBlobUnknown {
+			bh.Errors = append(bh.Errors, v2.ErrorCodeBlobUnknown.WithDetail(bh.Digest))
+		} else {
+			bh.Errors = append(bh.Errors, errcode.ErrorCodeUnknown.WithDetail(err))
+		}
+		return
+	}
+
+	if err := blobs.ServeBlob(bh, w, r, desc.Digest); err != nil {
+		context.GetLogger(bh).Debugf("unexpected error getting blob HTTP handler: %v", err)
+		bh.Errors = append(bh.Errors, errcode.ErrorCodeUnknown.WithDetail(err))
+		return
+	}
+}
+
+// DeleteBlob deletes a layer blob
+func (bh *blobHandler) DeleteBlob(w http.ResponseWriter, r *http.Request) {
+	context.GetLogger(bh).Debug("DeleteBlob")
+
+	blobs := bh.Repository.Blobs(bh)
+	err := blobs.Delete(bh, bh.Digest)
+	if err != nil {
+		switch err {
+		case distribution.ErrUnsupported:
+			bh.Errors = append(bh.Errors, errcode.ErrorCodeUnsupported)
+			return
+		case distribution.ErrBlobUnknown:
+			bh.Errors = append(bh.Errors, v2.ErrorCodeBlobUnknown)
+			return
+		default:
+			bh.Errors = append(bh.Errors, err)
+			context.GetLogger(bh).Errorf("Unknown error deleting blob: %s", err.Error())
+			return
+		}
+	}
+
+	w.Header().Set("Content-Length", "0")
+	w.WriteHeader(http.StatusAccepted)
+}
diff --git a/vendor/github.com/docker/distribution/registry/handlers/blobupload.go b/vendor/github.com/docker/distribution/registry/handlers/blobupload.go
new file mode 100644
index 000000000..53ffbe8cc
--- /dev/null
+++ b/vendor/github.com/docker/distribution/registry/handlers/blobupload.go
@@ -0,0 +1,368 @@
+package handlers
+
+import (
+	"fmt"
+	"net/http"
+	"net/url"
+
+	"github.com/docker/distribution"
+	dcontext "github.com/docker/distribution/context"
+	"github.com/docker/distribution/reference"
+	"github.com/docker/distribution/registry/api/errcode"
+	v2 "github.com/docker/distribution/registry/api/v2"
+	"github.com/docker/distribution/registry/storage"
+	"github.com/gorilla/handlers"
+	"github.com/opencontainers/go-digest"
+)
+
+// blobUploadDispatcher constructs and returns the blob upload handler for the
+// given request context.
+func blobUploadDispatcher(ctx *Context, r *http.Request) http.Handler {
+	buh := &blobUploadHandler{
+		Context: ctx,
+		UUID:    getUploadUUID(ctx),
+	}
+
+	handler := handlers.MethodHandler{
+		"GET":  http.HandlerFunc(buh.GetUploadStatus),
+		"HEAD": http.HandlerFunc(buh.GetUploadStatus),
+	}
+
+	if !ctx.readOnly {
+		handler["POST"] = http.HandlerFunc(buh.StartBlobUpload)
+		handler["PATCH"] = http.HandlerFunc(buh.PatchBlobData)
+		handler["PUT"] = http.HandlerFunc(buh.PutBlobUploadComplete)
+		handler["DELETE"] = http.HandlerFunc(buh.CancelBlobUpload)
+	}
+
+	if buh.UUID != "" {
+		state, err := hmacKey(ctx.Config.HTTP.Secret).unpackUploadState(r.FormValue("_state"))
+		if err != nil {
+			return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+				dcontext.GetLogger(ctx).Infof("error resolving upload: %v", err)
+				buh.Errors = append(buh.Errors, v2.ErrorCodeBlobUploadInvalid.WithDetail(err))
+			})
+		}
+		buh.State = state
+
+		if state.Name != ctx.Repository.Named().Name() {
+			return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+				dcontext.GetLogger(ctx).Infof("mismatched repository name in upload state: %q != %q", state.Name, buh.Repository.Named().Name())
+				buh.Errors = append(buh.Errors, v2.ErrorCodeBlobUploadInvalid.WithDetail(err))
+			})
+		}
+
+		if state.UUID != buh.UUID {
+			return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+				dcontext.GetLogger(ctx).Infof("mismatched uuid in upload state: %q != %q", state.UUID, buh.UUID)
+				buh.Errors = append(buh.Errors, v2.ErrorCodeBlobUploadInvalid.WithDetail(err))
+			})
+		}
+
+		blobs := ctx.Repository.Blobs(buh)
+		upload, err := blobs.Resume(buh, buh.UUID)
+		if err != nil {
+			dcontext.GetLogger(ctx).Errorf("error resolving upload: %v", err)
+			if err == distribution.ErrBlobUploadUnknown {
+				return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+					buh.Errors = append(buh.Errors, v2.ErrorCodeBlobUploadUnknown.WithDetail(err))
+				})
+			}
+
+			return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+				buh.Errors = append(buh.Errors, errcode.ErrorCodeUnknown.WithDetail(err))
+			})
+		}
+		buh.Upload = upload
+
+		if size := upload.Size(); size != buh.State.Offset {
+			defer upload.Close()
+			dcontext.GetLogger(ctx).Errorf("upload resumed at wrong offest: %d != %d", size, buh.State.Offset)
+			return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+				buh.Errors = append(buh.Errors, v2.ErrorCodeBlobUploadInvalid.WithDetail(err))
+				upload.Cancel(buh)
+			})
+		}
+		return closeResources(handler, buh.Upload)
+	}
+
+	return handler
+}
+
+// blobUploadHandler handles the http blob upload process.
+type blobUploadHandler struct {
+	*Context
+
+	// UUID identifies the upload instance for the current request. Using UUID
+	// to key blob writers since this implementation uses UUIDs.
+	UUID string
+
+	Upload distribution.BlobWriter
+
+	State blobUploadState
+}
+
+// StartBlobUpload begins the blob upload process and allocates a server-side
+// blob writer session, optionally mounting the blob from a separate repository.
+func (buh *blobUploadHandler) StartBlobUpload(w http.ResponseWriter, r *http.Request) {
+	var options []distribution.BlobCreateOption
+
+	fromRepo := r.FormValue("from")
+	mountDigest := r.FormValue("mount")
+
+	if mountDigest != "" && fromRepo != "" {
+		opt, err := buh.createBlobMountOption(fromRepo, mountDigest)
+		if opt != nil && err == nil {
+			options = append(options, opt)
+		}
+	}
+
+	blobs := buh.Repository.Blobs(buh)
+	upload, err := blobs.Create(buh, options...)
+
+	if err != nil {
+		if ebm, ok := err.(distribution.ErrBlobMounted); ok {
+			if err := buh.writeBlobCreatedHeaders(w, ebm.Descriptor); err != nil {
+				buh.Errors = append(buh.Errors, errcode.ErrorCodeUnknown.WithDetail(err))
+			}
+		} else if err == distribution.ErrUnsupported {
+			buh.Errors = append(buh.Errors, errcode.ErrorCodeUnsupported)
+		} else {
+			buh.Errors = append(buh.Errors, errcode.ErrorCodeUnknown.WithDetail(err))
+		}
+		return
+	}
+
+	buh.Upload = upload
+
+	if err := buh.blobUploadResponse(w, r, true); err != nil {
+		buh.Errors = append(buh.Errors, errcode.ErrorCodeUnknown.WithDetail(err))
+		return
+	}
+
+	w.Header().Set("Docker-Upload-UUID", buh.Upload.ID())
+	w.WriteHeader(http.StatusAccepted)
+}
+
+// GetUploadStatus returns the status of a given upload, identified by id.
+func (buh *blobUploadHandler) GetUploadStatus(w http.ResponseWriter, r *http.Request) {
+	if buh.Upload == nil {
+		buh.Errors = append(buh.Errors, v2.ErrorCodeBlobUploadUnknown)
+		return
+	}
+
+	// TODO(dmcgowan): Set last argument to false in blobUploadResponse when
+	// resumable upload is supported. This will enable returning a non-zero
+	// range for clients to begin uploading at an offset.
+	if err := buh.blobUploadResponse(w, r, true); err != nil {
+		buh.Errors = append(buh.Errors, errcode.ErrorCodeUnknown.WithDetail(err))
+		return
+	}
+
+	w.Header().Set("Docker-Upload-UUID", buh.UUID)
+	w.WriteHeader(http.StatusNoContent)
+}
+
+// PatchBlobData writes data to an upload.
+func (buh *blobUploadHandler) PatchBlobData(w http.ResponseWriter, r *http.Request) {
+	if buh.Upload == nil {
+		buh.Errors = append(buh.Errors, v2.ErrorCodeBlobUploadUnknown)
+		return
+	}
+
+	ct := r.Header.Get("Content-Type")
+	if ct != "" && ct != "application/octet-stream" {
+		buh.Errors = append(buh.Errors, errcode.ErrorCodeUnknown.WithDetail(fmt.Errorf("bad Content-Type")))
+		// TODO(dmcgowan): encode error
+		return
+	}
+
+	// TODO(dmcgowan): support Content-Range header to seek and write range
+
+	if err := copyFullPayload(buh, w, r, buh.Upload, -1, "blob PATCH"); err != nil {
+		buh.Errors = append(buh.Errors, errcode.ErrorCodeUnknown.WithDetail(err.Error()))
+		return
+	}
+
+	if err := buh.blobUploadResponse(w, r, false); err != nil {
+		buh.Errors = append(buh.Errors, errcode.ErrorCodeUnknown.WithDetail(err))
+		return
+	}
+
+	w.WriteHeader(http.StatusAccepted)
+}
+
+// PutBlobUploadComplete takes the final request of a blob upload. The
+// request may include all the blob data or no blob data. Any data
+// provided is received and verified. If successful, the blob is linked
+// into the blob store and 201 Created is returned with the canonical
+// url of the blob.
+func (buh *blobUploadHandler) PutBlobUploadComplete(w http.ResponseWriter, r *http.Request) {
+	if buh.Upload == nil {
+		buh.Errors = append(buh.Errors, v2.ErrorCodeBlobUploadUnknown)
+		return
+	}
+
+	dgstStr := r.FormValue("digest") // TODO(stevvooe): Support multiple digest parameters!
+
+	if dgstStr == "" {
+		// no digest? return error, but allow retry.
+		buh.Errors = append(buh.Errors, v2.ErrorCodeDigestInvalid.WithDetail("digest missing"))
+		return
+	}
+
+	dgst, err := digest.Parse(dgstStr)
+	if err != nil {
+		// no digest? return error, but allow retry.
+		buh.Errors = append(buh.Errors, v2.ErrorCodeDigestInvalid.WithDetail("digest parsing failed"))
+		return
+	}
+
+	if err := copyFullPayload(buh, w, r, buh.Upload, -1, "blob PUT"); err != nil {
+		buh.Errors = append(buh.Errors, errcode.ErrorCodeUnknown.WithDetail(err.Error()))
+		return
+	}
+
+	desc, err := buh.Upload.Commit(buh, distribution.Descriptor{
+		Digest: dgst,
+
+		// TODO(stevvooe): This isn't wildly important yet, but we should
+		// really set the mediatype. For now, we can let the backend take care
+		// of this.
+	})
+
+	if err != nil {
+		switch err := err.(type) {
+		case distribution.ErrBlobInvalidDigest:
+			buh.Errors = append(buh.Errors, v2.ErrorCodeDigestInvalid.WithDetail(err))
+		case errcode.Error:
+			buh.Errors = append(buh.Errors, err)
+		default:
+			switch err {
+			case distribution.ErrAccessDenied:
+				buh.Errors = append(buh.Errors, errcode.ErrorCodeDenied)
+			case distribution.ErrUnsupported:
+				buh.Errors = append(buh.Errors, errcode.ErrorCodeUnsupported)
+			case distribution.ErrBlobInvalidLength, distribution.ErrBlobDigestUnsupported:
+				buh.Errors = append(buh.Errors, v2.ErrorCodeBlobUploadInvalid.WithDetail(err))
+			default:
+				dcontext.GetLogger(buh).Errorf("unknown error completing upload: %v", err)
+				buh.Errors = append(buh.Errors, errcode.ErrorCodeUnknown.WithDetail(err))
+			}
+
+		}
+
+		// Clean up the backend blob data if there was an error.
+		if err := buh.Upload.Cancel(buh); err != nil {
+			// If the cleanup fails, all we can do is observe and report.
+			dcontext.GetLogger(buh).Errorf("error canceling upload after error: %v", err)
+		}
+
+		return
+	}
+	if err := buh.writeBlobCreatedHeaders(w, desc); err != nil {
+		buh.Errors = append(buh.Errors, errcode.ErrorCodeUnknown.WithDetail(err))
+		return
+	}
+}
+
+// CancelBlobUpload cancels an in-progress upload of a blob.
+func (buh *blobUploadHandler) CancelBlobUpload(w http.ResponseWriter, r *http.Request) {
+	if buh.Upload == nil {
+		buh.Errors = append(buh.Errors, v2.ErrorCodeBlobUploadUnknown)
+		return
+	}
+
+	w.Header().Set("Docker-Upload-UUID", buh.UUID)
+	if err := buh.Upload.Cancel(buh); err != nil {
+		dcontext.GetLogger(buh).Errorf("error encountered canceling upload: %v", err)
+		buh.Errors = append(buh.Errors, errcode.ErrorCodeUnknown.WithDetail(err))
+	}
+
+	w.WriteHeader(http.StatusNoContent)
+}
+
+// blobUploadResponse provides a standard request for uploading blobs and
+// chunk responses. This sets the correct headers but the response status is
+// left to the caller. The fresh argument is used to ensure that new blob
+// uploads always start at a 0 offset. This allows disabling resumable push by
+// always returning a 0 offset on check status.
+func (buh *blobUploadHandler) blobUploadResponse(w http.ResponseWriter, r *http.Request, fresh bool) error {
+	// TODO(stevvooe): Need a better way to manage the upload state automatically.
+	buh.State.Name = buh.Repository.Named().Name()
+	buh.State.UUID = buh.Upload.ID()
+	buh.Upload.Close()
+	buh.State.Offset = buh.Upload.Size()
+	buh.State.StartedAt = buh.Upload.StartedAt()
+
+	token, err := hmacKey(buh.Config.HTTP.Secret).packUploadState(buh.State)
+	if err != nil {
+		dcontext.GetLogger(buh).Infof("error building upload state token: %s", err)
+		return err
+	}
+
+	uploadURL, err := buh.urlBuilder.BuildBlobUploadChunkURL(
+		buh.Repository.Named(), buh.Upload.ID(),
+		url.Values{
+			"_state": []string{token},
+		})
+	if err != nil {
+		dcontext.GetLogger(buh).Infof("error building upload url: %s", err)
+		return err
+	}
+
+	endRange := buh.Upload.Size()
+	if endRange > 0 {
+		endRange = endRange - 1
+	}
+
+	w.Header().Set("Docker-Upload-UUID", buh.UUID)
+	w.Header().Set("Location", uploadURL)
+
+	w.Header().Set("Content-Length", "0")
+	w.Header().Set("Range", fmt.Sprintf("0-%d", endRange))
+
+	return nil
+}
+
+// mountBlob attempts to mount a blob from another repository by its digest. If
+// successful, the blob is linked into the blob store and 201 Created is
+// returned with the canonical url of the blob.
+func (buh *blobUploadHandler) createBlobMountOption(fromRepo, mountDigest string) (distribution.BlobCreateOption, error) {
+	dgst, err := digest.Parse(mountDigest)
+	if err != nil {
+		return nil, err
+	}
+
+	ref, err := reference.WithName(fromRepo)
+	if err != nil {
+		return nil, err
+	}
+
+	canonical, err := reference.WithDigest(ref, dgst)
+	if err != nil {
+		return nil, err
+	}
+
+	return storage.WithMountFrom(canonical), nil
+}
+
+// writeBlobCreatedHeaders writes the standard headers describing a newly
+// created blob. A 201 Created is written as well as the canonical URL and
+// blob digest.
+func (buh *blobUploadHandler) writeBlobCreatedHeaders(w http.ResponseWriter, desc distribution.Descriptor) error {
+	ref, err := reference.WithDigest(buh.Repository.Named(), desc.Digest)
+	if err != nil {
+		return err
+	}
+	blobURL, err := buh.urlBuilder.BuildBlobURL(ref)
+	if err != nil {
+		return err
+	}
+
+	w.Header().Set("Location", blobURL)
+	w.Header().Set("Content-Length", "0")
+	w.Header().Set("Docker-Content-Digest", desc.Digest.String())
+	w.WriteHeader(http.StatusCreated)
+	return nil
+}
diff --git a/vendor/github.com/docker/distribution/registry/handlers/catalog.go b/vendor/github.com/docker/distribution/registry/handlers/catalog.go
new file mode 100644
index 000000000..83ec0a9c3
--- /dev/null
+++ b/vendor/github.com/docker/distribution/registry/handlers/catalog.go
@@ -0,0 +1,126 @@
+package handlers
+
+import (
+	"encoding/json"
+	"fmt"
+	"io"
+	"net/http"
+	"net/url"
+	"strconv"
+
+	"github.com/docker/distribution/registry/api/errcode"
+	v2 "github.com/docker/distribution/registry/api/v2"
+	"github.com/docker/distribution/registry/storage/driver"
+
+	"github.com/gorilla/handlers"
+)
+
+const defaultReturnedEntries = 100
+
+func catalogDispatcher(ctx *Context, r *http.Request) http.Handler {
+	catalogHandler := &catalogHandler{
+		Context: ctx,
+	}
+
+	return handlers.MethodHandler{
+		"GET": http.HandlerFunc(catalogHandler.GetCatalog),
+	}
+}
+
+type catalogHandler struct {
+	*Context
+}
+
+type catalogAPIResponse struct {
+	Repositories []string `json:"repositories"`
+}
+
+func (ch *catalogHandler) GetCatalog(w http.ResponseWriter, r *http.Request) {
+	var moreEntries = true
+
+	q := r.URL.Query()
+	lastEntry := q.Get("last")
+
+	entries := defaultReturnedEntries
+	maximumConfiguredEntries := ch.App.Config.Catalog.MaxEntries
+
+	// parse n, if n unparseable, or negative assign it to defaultReturnedEntries
+	if n := q.Get("n"); n != "" {
+		parsedMax, err := strconv.Atoi(n)
+		if err == nil {
+			if parsedMax > maximumConfiguredEntries {
+				ch.Errors = append(ch.Errors, v2.ErrorCodePaginationNumberInvalid.WithDetail(map[string]int{"n": parsedMax}))
+				return
+			} else if parsedMax >= 0 {
+				entries = parsedMax
+			}
+		}
+	}
+
+	// then enforce entries to be between 0 & maximumConfiguredEntries
+	// max(0, min(entries, maximumConfiguredEntries))
+	if entries < 0 || entries > maximumConfiguredEntries {
+		entries = maximumConfiguredEntries
+	}
+
+	repos := make([]string, entries)
+	filled := 0
+
+	// entries is guaranteed to be >= 0 and < maximumConfiguredEntries
+	if entries == 0 {
+		moreEntries = false
+	} else {
+		returnedRepositories, err := ch.App.registry.Repositories(ch.Context, repos, lastEntry)
+		if err != nil {
+			_, pathNotFound := err.(driver.PathNotFoundError)
+			if err != io.EOF && !pathNotFound {
+				ch.Errors = append(ch.Errors, errcode.ErrorCodeUnknown.WithDetail(err))
+				return
+			}
+			// err is either io.EOF or not PathNotFoundError
+			moreEntries = false
+		}
+		filled = returnedRepositories
+	}
+
+	w.Header().Set("Content-Type", "application/json; charset=utf-8")
+
+	// Add a link header if there are more entries to retrieve
+	if moreEntries {
+		lastEntry = repos[filled-1]
+		urlStr, err := createLinkEntry(r.URL.String(), entries, lastEntry)
+		if err != nil {
+			ch.Errors = append(ch.Errors, errcode.ErrorCodeUnknown.WithDetail(err))
+			return
+		}
+		w.Header().Set("Link", urlStr)
+	}
+
+	enc := json.NewEncoder(w)
+	if err := enc.Encode(catalogAPIResponse{
+		Repositories: repos[0:filled],
+	}); err != nil {
+		ch.Errors = append(ch.Errors, errcode.ErrorCodeUnknown.WithDetail(err))
+		return
+	}
+}
+
+// Use the original URL from the request to create a new URL for
+// the link header
+func createLinkEntry(origURL string, maxEntries int, lastEntry string) (string, error) {
+	calledURL, err := url.Parse(origURL)
+	if err != nil {
+		return "", err
+	}
+
+	v := url.Values{}
+	v.Add("n", strconv.Itoa(maxEntries))
+	v.Add("last", lastEntry)
+
+	calledURL.RawQuery = v.Encode()
+
+	calledURL.Fragment = ""
+	urlStr := fmt.Sprintf("<%s>; rel=\"next\"", calledURL.String())
+
+	return urlStr, nil
+}
diff --git a/vendor/github.com/docker/distribution/registry/handlers/context.go b/vendor/github.com/docker/distribution/registry/handlers/context.go
new file mode 100644
index 000000000..b1b7a13d3
--- /dev/null
+++ b/vendor/github.com/docker/distribution/registry/handlers/context.go
@@ -0,0 +1,95 @@
+package handlers
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+
+	"github.com/docker/distribution"
+	dcontext "github.com/docker/distribution/context"
+	"github.com/docker/distribution/registry/api/errcode"
+	v2 "github.com/docker/distribution/registry/api/v2"
+	"github.com/docker/distribution/registry/auth"
+	"github.com/opencontainers/go-digest"
+)
+
+// Context should contain the request specific context for use in across
+// handlers. Resources that don't need to be shared across handlers should not
+// be on this object.
+type Context struct {
+	// App points to the application structure that created this context.
+	*App
+	context.Context
+
+	// Repository is the repository for the current request. All requests
+	// should be scoped to a single repository. This field may be nil.
+	Repository distribution.Repository
+
+	// RepositoryRemover provides method to delete a repository
+	RepositoryRemover distribution.RepositoryRemover
+
+	// Errors is a collection of errors encountered during the request to be
+	// returned to the client API. If errors are added to the collection, the
+	// handler *must not* start the response via http.ResponseWriter.
+	Errors errcode.Errors
+
+	urlBuilder *v2.URLBuilder
+
+	// TODO(stevvooe): The goal is too completely factor this context and
+	// dispatching out of the web application. Ideally, we should lean on
+	// context.Context for injection of these resources.
+}
+
+// Value overrides context.Context.Value to ensure that calls are routed to
+// correct context.
+func (ctx *Context) Value(key interface{}) interface{} {
+	return ctx.Context.Value(key)
+}
+
+func getName(ctx context.Context) (name string) {
+	return dcontext.GetStringValue(ctx, "vars.name")
+}
+
+func getReference(ctx context.Context) (reference string) {
+	return dcontext.GetStringValue(ctx, "vars.reference")
+}
+
+var errDigestNotAvailable = fmt.Errorf("digest not available in context")
+
+func getDigest(ctx context.Context) (dgst digest.Digest, err error) {
+	dgstStr := dcontext.GetStringValue(ctx, "vars.digest")
+
+	if dgstStr == "" {
+		dcontext.GetLogger(ctx).Errorf("digest not available")
+		return "", errDigestNotAvailable
+	}
+
+	d, err := digest.Parse(dgstStr)
+	if err != nil {
+		dcontext.GetLogger(ctx).Errorf("error parsing digest=%q: %v", dgstStr, err)
+		return "", err
+	}
+
+	return d, nil
+}
+
+func getUploadUUID(ctx context.Context) (uuid string) {
+	return dcontext.GetStringValue(ctx, "vars.uuid")
+}
+
+// getUserName attempts to resolve a username from the context and request. If
+// a username cannot be resolved, the empty string is returned.
+func getUserName(ctx context.Context, r *http.Request) string {
+	username := dcontext.GetStringValue(ctx, auth.UserNameKey)
+
+	// Fallback to request user with basic auth
+	if username == "" {
+		var ok bool
+		uname, _, ok := basicAuth(r)
+		if ok {
+			username = uname
+		}
+	}
+
+	return username
+}
diff --git a/vendor/github.com/docker/distribution/registry/handlers/helpers.go b/vendor/github.com/docker/distribution/registry/handlers/helpers.go
new file mode 100644
index 000000000..b02338e9b
--- /dev/null
+++ b/vendor/github.com/docker/distribution/registry/handlers/helpers.go
@@ -0,0 +1,66 @@
+package handlers
+
+import (
+	"context"
+	"errors"
+	"io"
+	"net/http"
+
+	dcontext "github.com/docker/distribution/context"
+)
+
+// closeResources closes all the provided resources after running the target
+// handler.
+func closeResources(handler http.Handler, closers ...io.Closer) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		for _, closer := range closers {
+			defer closer.Close()
+		}
+		handler.ServeHTTP(w, r)
+	})
+}
+
+// copyFullPayload copies the payload of an HTTP request to destWriter. If it
+// receives less content than expected, and the client disconnected during the
+// upload, it avoids sending a 400 error to keep the logs cleaner.
+//
+// The copy will be limited to `limit` bytes, if limit is greater than zero.
+func copyFullPayload(ctx context.Context, responseWriter http.ResponseWriter, r *http.Request, destWriter io.Writer, limit int64, action string) error {
+	// Get a channel that tells us if the client disconnects
+	clientClosed := r.Context().Done()
+	var body = r.Body
+	if limit > 0 {
+		body = http.MaxBytesReader(responseWriter, body, limit)
+	}
+
+	// Read in the data, if any.
+	copied, err := io.Copy(destWriter, body)
+	if clientClosed != nil && (err != nil || (r.ContentLength > 0 && copied < r.ContentLength)) {
+		// Didn't receive as much content as expected. Did the client
+		// disconnect during the request? If so, avoid returning a 400
+		// error to keep the logs cleaner.
+		select {
+		case <-clientClosed:
+			// Set the response code to "499 Client Closed Request"
+			// Even though the connection has already been closed,
+			// this causes the logger to pick up a 499 error
+			// instead of showing 0 for the HTTP status.
+			responseWriter.WriteHeader(499)
+
+			dcontext.GetLoggerWithFields(ctx, map[interface{}]interface{}{
+				"error":         err,
+				"copied":        copied,
+				"contentLength": r.ContentLength,
+			}, "error", "copied", "contentLength").Error("client disconnected during " + action)
+			return errors.New("client disconnected")
+		default:
+		}
+	}
+
+	if err != nil {
+		dcontext.GetLogger(ctx).Errorf("unknown error reading request payload: %v", err)
+		return err
+	}
+
+	return nil
+}
diff --git a/vendor/github.com/docker/distribution/registry/handlers/hmac.go b/vendor/github.com/docker/distribution/registry/handlers/hmac.go
new file mode 100644
index 000000000..94ed9fda5
--- /dev/null
+++ b/vendor/github.com/docker/distribution/registry/handlers/hmac.go
@@ -0,0 +1,74 @@
+package handlers
+
+import (
+	"crypto/hmac"
+	"crypto/sha256"
+	"encoding/base64"
+	"encoding/json"
+	"fmt"
+	"time"
+)
+
+// blobUploadState captures the state serializable state of the blob upload.
+type blobUploadState struct {
+	// name is the primary repository under which the blob will be linked.
+	Name string
+
+	// UUID identifies the upload.
+	UUID string
+
+	// offset contains the current progress of the upload.
+	Offset int64
+
+	// StartedAt is the original start time of the upload.
+	StartedAt time.Time
+}
+
+type hmacKey string
+
+var errInvalidSecret = fmt.Errorf("invalid secret")
+
+// unpackUploadState unpacks and validates the blob upload state from the
+// token, using the hmacKey secret.
+func (secret hmacKey) unpackUploadState(token string) (blobUploadState, error) {
+	var state blobUploadState
+
+	tokenBytes, err := base64.URLEncoding.DecodeString(token)
+	if err != nil {
+		return state, err
+	}
+	mac := hmac.New(sha256.New, []byte(secret))
+
+	if len(tokenBytes) < mac.Size() {
+		return state, errInvalidSecret
+	}
+
+	macBytes := tokenBytes[:mac.Size()]
+	messageBytes := tokenBytes[mac.Size():]
+
+	mac.Write(messageBytes)
+	if !hmac.Equal(mac.Sum(nil), macBytes) {
+		return state, errInvalidSecret
+	}
+
+	if err := json.Unmarshal(messageBytes, &state); err != nil {
+		return state, err
+	}
+
+	return state, nil
+}
+
+// packUploadState packs the upload state signed with and hmac digest using
+// the hmacKey secret, encoding to url safe base64. The resulting token can be
+// used to share data with minimized risk of external tampering.
+func (secret hmacKey) packUploadState(lus blobUploadState) (string, error) {
+	mac := hmac.New(sha256.New, []byte(secret))
+	p, err := json.Marshal(lus)
+	if err != nil {
+		return "", err
+	}
+
+	mac.Write(p)
+
+	return base64.URLEncoding.EncodeToString(append(mac.Sum(nil), p...)), nil
+}
diff --git a/vendor/github.com/docker/distribution/registry/handlers/hooks.go b/vendor/github.com/docker/distribution/registry/handlers/hooks.go
new file mode 100644
index 000000000..4a2b1be84
--- /dev/null
+++ b/vendor/github.com/docker/distribution/registry/handlers/hooks.go
@@ -0,0 +1,53 @@
+package handlers
+
+import (
+	"bytes"
+	"errors"
+	"fmt"
+	"strings"
+	"text/template"
+
+	"github.com/sirupsen/logrus"
+)
+
+// logHook is for hooking Panic in web application
+type logHook struct {
+	LevelsParam []string
+	Mail        *mailer
+}
+
+// Fire forwards an error to LogHook
+func (hook *logHook) Fire(entry *logrus.Entry) error {
+	addr := strings.Split(hook.Mail.Addr, ":")
+	if len(addr) != 2 {
+		return errors.New("invalid Mail Address")
+	}
+	host := addr[0]
+	subject := fmt.Sprintf("[%s] %s: %s", entry.Level, host, entry.Message)
+
+	html := `
+	{{.Message}}
+
+	{{range $key, $value := .Data}}
+	{{$key}}: {{$value}}
+	{{end}}
+	`
+	b := bytes.NewBuffer(make([]byte, 0))
+	t := template.Must(template.New("mail body").Parse(html))
+	if err := t.Execute(b, entry); err != nil {
+		return err
+	}
+	body := b.String()
+
+	return hook.Mail.sendMail(subject, body)
+}
+
+// Levels contains hook levels to be catched
+func (hook *logHook) Levels() []logrus.Level {
+	levels := []logrus.Level{}
+	for _, v := range hook.LevelsParam {
+		lv, _ := logrus.ParseLevel(v)
+		levels = append(levels, lv)
+	}
+	return levels
+}
diff --git a/vendor/github.com/docker/distribution/registry/handlers/mail.go b/vendor/github.com/docker/distribution/registry/handlers/mail.go
new file mode 100644
index 000000000..684b1b34c
--- /dev/null
+++ b/vendor/github.com/docker/distribution/registry/handlers/mail.go
@@ -0,0 +1,45 @@
+package handlers
+
+import (
+	"errors"
+	"net/smtp"
+	"strings"
+)
+
+// mailer provides fields of email configuration for sending.
+type mailer struct {
+	Addr, Username, Password, From string
+	Insecure                       bool
+	To                             []string
+}
+
+// sendMail allows users to send email, only if mail parameters is configured correctly.
+func (mail *mailer) sendMail(subject, message string) error {
+	addr := strings.Split(mail.Addr, ":")
+	if len(addr) != 2 {
+		return errors.New("invalid Mail Address")
+	}
+	host := addr[0]
+	msg := []byte("To:" + strings.Join(mail.To, ";") +
+		"\r\nFrom: " + mail.From +
+		"\r\nSubject: " + subject +
+		"\r\nContent-Type: text/plain\r\n\r\n" +
+		message)
+	auth := smtp.PlainAuth(
+		"",
+		mail.Username,
+		mail.Password,
+		host,
+	)
+	err := smtp.SendMail(
+		mail.Addr,
+		auth,
+		mail.From,
+		mail.To,
+		msg,
+	)
+	if err != nil {
+		return err
+	}
+	return nil
+}
diff --git a/vendor/github.com/docker/distribution/registry/handlers/manifests.go b/vendor/github.com/docker/distribution/registry/handlers/manifests.go
new file mode 100644
index 000000000..8b33b992e
--- /dev/null
+++ b/vendor/github.com/docker/distribution/registry/handlers/manifests.go
@@ -0,0 +1,531 @@
+package handlers
+
+import (
+	"bytes"
+	"fmt"
+	"net/http"
+	"strings"
+
+	"github.com/docker/distribution"
+	dcontext "github.com/docker/distribution/context"
+	"github.com/docker/distribution/manifest/manifestlist"
+	"github.com/docker/distribution/manifest/ocischema"
+	"github.com/docker/distribution/manifest/schema1"
+	"github.com/docker/distribution/manifest/schema2"
+	"github.com/docker/distribution/reference"
+	"github.com/docker/distribution/registry/api/errcode"
+	v2 "github.com/docker/distribution/registry/api/v2"
+	"github.com/docker/distribution/registry/auth"
+	"github.com/gorilla/handlers"
+	"github.com/opencontainers/go-digest"
+	v1 "github.com/opencontainers/image-spec/specs-go/v1"
+)
+
+// These constants determine which architecture and OS to choose from a
+// manifest list when downconverting it to a schema1 manifest.
+const (
+	defaultArch         = "amd64"
+	defaultOS           = "linux"
+	maxManifestBodySize = 4 << 20
+	imageClass          = "image"
+)
+
+type storageType int
+
+const (
+	manifestSchema1     storageType = iota // 0
+	manifestSchema2                        // 1
+	manifestlistSchema                     // 2
+	ociSchema                              // 3
+	ociImageIndexSchema                    // 4
+	numStorageTypes                        // 5
+)
+
+// manifestDispatcher takes the request context and builds the
+// appropriate handler for handling manifest requests.
+func manifestDispatcher(ctx *Context, r *http.Request) http.Handler {
+	manifestHandler := &manifestHandler{
+		Context: ctx,
+	}
+	reference := getReference(ctx)
+	dgst, err := digest.Parse(reference)
+	if err != nil {
+		// We just have a tag
+		manifestHandler.Tag = reference
+	} else {
+		manifestHandler.Digest = dgst
+	}
+
+	mhandler := handlers.MethodHandler{
+		"GET":  http.HandlerFunc(manifestHandler.GetManifest),
+		"HEAD": http.HandlerFunc(manifestHandler.GetManifest),
+	}
+
+	if !ctx.readOnly {
+		mhandler["PUT"] = http.HandlerFunc(manifestHandler.PutManifest)
+		mhandler["DELETE"] = http.HandlerFunc(manifestHandler.DeleteManifest)
+	}
+
+	return mhandler
+}
+
+// manifestHandler handles http operations on image manifests.
+type manifestHandler struct {
+	*Context
+
+	// One of tag or digest gets set, depending on what is present in context.
+	Tag    string
+	Digest digest.Digest
+}
+
+// GetManifest fetches the image manifest from the storage backend, if it exists.
+func (imh *manifestHandler) GetManifest(w http.ResponseWriter, r *http.Request) {
+	dcontext.GetLogger(imh).Debug("GetImageManifest")
+	manifests, err := imh.Repository.Manifests(imh)
+	if err != nil {
+		imh.Errors = append(imh.Errors, err)
+		return
+	}
+	var supports [numStorageTypes]bool
+
+	// this parsing of Accept headers is not quite as full-featured as godoc.org's parser, but we don't care about "q=" values
+	// https://github.com/golang/gddo/blob/e91d4165076d7474d20abda83f92d15c7ebc3e81/httputil/header/header.go#L165-L202
+	for _, acceptHeader := range r.Header["Accept"] {
+		// r.Header[...] is a slice in case the request contains the same header more than once
+		// if the header isn't set, we'll get the zero value, which "range" will handle gracefully
+
+		// we need to split each header value on "," to get the full list of "Accept" values (per RFC 2616)
+		// https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.1
+		for _, mediaType := range strings.Split(acceptHeader, ",") {
+			// remove "; q=..." if present
+			if i := strings.Index(mediaType, ";"); i >= 0 {
+				mediaType = mediaType[:i]
+			}
+
+			// it's common (but not required) for Accept values to be space separated ("a/b, c/d, e/f")
+			mediaType = strings.TrimSpace(mediaType)
+
+			if mediaType == schema2.MediaTypeManifest {
+				supports[manifestSchema2] = true
+			}
+			if mediaType == manifestlist.MediaTypeManifestList {
+				supports[manifestlistSchema] = true
+			}
+			if mediaType == v1.MediaTypeImageManifest {
+				supports[ociSchema] = true
+			}
+			if mediaType == v1.MediaTypeImageIndex {
+				supports[ociImageIndexSchema] = true
+			}
+		}
+	}
+
+	if imh.Tag != "" {
+		tags := imh.Repository.Tags(imh)
+		desc, err := tags.Get(imh, imh.Tag)
+		if err != nil {
+			if _, ok := err.(distribution.ErrTagUnknown); ok {
+				imh.Errors = append(imh.Errors, v2.ErrorCodeManifestUnknown.WithDetail(err))
+			} else {
+				imh.Errors = append(imh.Errors, errcode.ErrorCodeUnknown.WithDetail(err))
+			}
+			return
+		}
+		imh.Digest = desc.Digest
+	}
+
+	if etagMatch(r, imh.Digest.String()) {
+		w.WriteHeader(http.StatusNotModified)
+		return
+	}
+
+	var options []distribution.ManifestServiceOption
+	if imh.Tag != "" {
+		options = append(options, distribution.WithTag(imh.Tag))
+	}
+	manifest, err := manifests.Get(imh, imh.Digest, options...)
+	if err != nil {
+		if _, ok := err.(distribution.ErrManifestUnknownRevision); ok {
+			imh.Errors = append(imh.Errors, v2.ErrorCodeManifestUnknown.WithDetail(err))
+		} else {
+			imh.Errors = append(imh.Errors, errcode.ErrorCodeUnknown.WithDetail(err))
+		}
+		return
+	}
+	// determine the type of the returned manifest
+	manifestType := manifestSchema1
+	schema2Manifest, isSchema2 := manifest.(*schema2.DeserializedManifest)
+	manifestList, isManifestList := manifest.(*manifestlist.DeserializedManifestList)
+	if isSchema2 {
+		manifestType = manifestSchema2
+	} else if _, isOCImanifest := manifest.(*ocischema.DeserializedManifest); isOCImanifest {
+		manifestType = ociSchema
+	} else if isManifestList {
+		if manifestList.MediaType == manifestlist.MediaTypeManifestList {
+			manifestType = manifestlistSchema
+		} else if manifestList.MediaType == v1.MediaTypeImageIndex {
+			manifestType = ociImageIndexSchema
+		}
+	}
+
+	if manifestType == ociSchema && !supports[ociSchema] {
+		imh.Errors = append(imh.Errors, v2.ErrorCodeManifestUnknown.WithMessage("OCI manifest found, but accept header does not support OCI manifests"))
+		return
+	}
+	if manifestType == ociImageIndexSchema && !supports[ociImageIndexSchema] {
+		imh.Errors = append(imh.Errors, v2.ErrorCodeManifestUnknown.WithMessage("OCI index found, but accept header does not support OCI indexes"))
+		return
+	}
+	// Only rewrite schema2 manifests when they are being fetched by tag.
+	// If they are being fetched by digest, we can't return something not
+	// matching the digest.
+	if imh.Tag != "" && manifestType == manifestSchema2 && !supports[manifestSchema2] {
+		// Rewrite manifest in schema1 format
+		dcontext.GetLogger(imh).Infof("rewriting manifest %s in schema1 format to support old client", imh.Digest.String())
+
+		manifest, err = imh.convertSchema2Manifest(schema2Manifest)
+		if err != nil {
+			return
+		}
+	} else if imh.Tag != "" && manifestType == manifestlistSchema && !supports[manifestlistSchema] {
+		// Rewrite manifest in schema1 format
+		dcontext.GetLogger(imh).Infof("rewriting manifest list %s in schema1 format to support old client", imh.Digest.String())
+
+		// Find the image manifest corresponding to the default
+		// platform
+		var manifestDigest digest.Digest
+		for _, manifestDescriptor := range manifestList.Manifests {
+			if manifestDescriptor.Platform.Architecture == defaultArch && manifestDescriptor.Platform.OS == defaultOS {
+				manifestDigest = manifestDescriptor.Digest
+				break
+			}
+		}
+
+		if manifestDigest == "" {
+			imh.Errors = append(imh.Errors, v2.ErrorCodeManifestUnknown)
+			return
+		}
+
+		manifest, err = manifests.Get(imh, manifestDigest)
+		if err != nil {
+			if _, ok := err.(distribution.ErrManifestUnknownRevision); ok {
+				imh.Errors = append(imh.Errors, v2.ErrorCodeManifestUnknown.WithDetail(err))
+			} else {
+				imh.Errors = append(imh.Errors, errcode.ErrorCodeUnknown.WithDetail(err))
+			}
+			return
+		}
+
+		// If necessary, convert the image manifest
+		if schema2Manifest, isSchema2 := manifest.(*schema2.DeserializedManifest); isSchema2 && !supports[manifestSchema2] {
+			manifest, err = imh.convertSchema2Manifest(schema2Manifest)
+			if err != nil {
+				return
+			}
+		} else {
+			imh.Digest = manifestDigest
+		}
+	}
+
+	ct, p, err := manifest.Payload()
+	if err != nil {
+		return
+	}
+
+	w.Header().Set("Content-Type", ct)
+	w.Header().Set("Content-Length", fmt.Sprint(len(p)))
+	w.Header().Set("Docker-Content-Digest", imh.Digest.String())
+	w.Header().Set("Etag", fmt.Sprintf(`"%s"`, imh.Digest))
+	w.Write(p)
+}
+
+func (imh *manifestHandler) convertSchema2Manifest(schema2Manifest *schema2.DeserializedManifest) (distribution.Manifest, error) {
+	targetDescriptor := schema2Manifest.Target()
+	blobs := imh.Repository.Blobs(imh)
+	configJSON, err := blobs.Get(imh, targetDescriptor.Digest)
+	if err != nil {
+		if err == distribution.ErrBlobUnknown {
+			imh.Errors = append(imh.Errors, v2.ErrorCodeManifestInvalid.WithDetail(err))
+		} else {
+			imh.Errors = append(imh.Errors, errcode.ErrorCodeUnknown.WithDetail(err))
+		}
+		return nil, err
+	}
+
+	ref := imh.Repository.Named()
+
+	if imh.Tag != "" {
+		ref, err = reference.WithTag(ref, imh.Tag)
+		if err != nil {
+			imh.Errors = append(imh.Errors, v2.ErrorCodeTagInvalid.WithDetail(err))
+			return nil, err
+		}
+	}
+
+	builder := schema1.NewConfigManifestBuilder(imh.Repository.Blobs(imh), imh.Context.App.trustKey, ref, configJSON)
+	for _, d := range schema2Manifest.Layers {
+		if err := builder.AppendReference(d); err != nil {
+			imh.Errors = append(imh.Errors, v2.ErrorCodeManifestInvalid.WithDetail(err))
+			return nil, err
+		}
+	}
+	manifest, err := builder.Build(imh)
+	if err != nil {
+		imh.Errors = append(imh.Errors, v2.ErrorCodeManifestInvalid.WithDetail(err))
+		return nil, err
+	}
+	imh.Digest = digest.FromBytes(manifest.(*schema1.SignedManifest).Canonical)
+
+	return manifest, nil
+}
+
+func etagMatch(r *http.Request, etag string) bool {
+	for _, headerVal := range r.Header["If-None-Match"] {
+		if headerVal == etag || headerVal == fmt.Sprintf(`"%s"`, etag) { // allow quoted or unquoted
+			return true
+		}
+	}
+	return false
+}
+
+// PutManifest validates and stores a manifest in the registry.
+func (imh *manifestHandler) PutManifest(w http.ResponseWriter, r *http.Request) {
+	dcontext.GetLogger(imh).Debug("PutImageManifest")
+	manifests, err := imh.Repository.Manifests(imh)
+	if err != nil {
+		imh.Errors = append(imh.Errors, err)
+		return
+	}
+
+	var jsonBuf bytes.Buffer
+	if err := copyFullPayload(imh, w, r, &jsonBuf, maxManifestBodySize, "image manifest PUT"); err != nil {
+		// copyFullPayload reports the error if necessary
+		imh.Errors = append(imh.Errors, v2.ErrorCodeManifestInvalid.WithDetail(err.Error()))
+		return
+	}
+
+	mediaType := r.Header.Get("Content-Type")
+	manifest, desc, err := distribution.UnmarshalManifest(mediaType, jsonBuf.Bytes())
+	if err != nil {
+		imh.Errors = append(imh.Errors, v2.ErrorCodeManifestInvalid.WithDetail(err))
+		return
+	}
+
+	if imh.Digest != "" {
+		if desc.Digest != imh.Digest {
+			dcontext.GetLogger(imh).Errorf("payload digest does match: %q != %q", desc.Digest, imh.Digest)
+			imh.Errors = append(imh.Errors, v2.ErrorCodeDigestInvalid)
+			return
+		}
+	} else if imh.Tag != "" {
+		imh.Digest = desc.Digest
+	} else {
+		imh.Errors = append(imh.Errors, v2.ErrorCodeTagInvalid.WithDetail("no tag or digest specified"))
+		return
+	}
+
+	isAnOCIManifest := mediaType == v1.MediaTypeImageManifest || mediaType == v1.MediaTypeImageIndex
+
+	if isAnOCIManifest {
+		dcontext.GetLogger(imh).Debug("Putting an OCI Manifest!")
+	} else {
+		dcontext.GetLogger(imh).Debug("Putting a Docker Manifest!")
+	}
+
+	var options []distribution.ManifestServiceOption
+	if imh.Tag != "" {
+		options = append(options, distribution.WithTag(imh.Tag))
+	}
+
+	if err := imh.applyResourcePolicy(manifest); err != nil {
+		imh.Errors = append(imh.Errors, err)
+		return
+	}
+
+	_, err = manifests.Put(imh, manifest, options...)
+	if err != nil {
+		// TODO(stevvooe): These error handling switches really need to be
+		// handled by an app global mapper.
+		if err == distribution.ErrUnsupported {
+			imh.Errors = append(imh.Errors, errcode.ErrorCodeUnsupported)
+			return
+		}
+		if err == distribution.ErrAccessDenied {
+			imh.Errors = append(imh.Errors, errcode.ErrorCodeDenied)
+			return
+		}
+		switch err := err.(type) {
+		case distribution.ErrManifestVerification:
+			for _, verificationError := range err {
+				switch verificationError := verificationError.(type) {
+				case distribution.ErrManifestBlobUnknown:
+					imh.Errors = append(imh.Errors, v2.ErrorCodeManifestBlobUnknown.WithDetail(verificationError.Digest))
+				case distribution.ErrManifestNameInvalid:
+					imh.Errors = append(imh.Errors, v2.ErrorCodeNameInvalid.WithDetail(err))
+				case distribution.ErrManifestUnverified:
+					imh.Errors = append(imh.Errors, v2.ErrorCodeManifestUnverified)
+				default:
+					if verificationError == digest.ErrDigestInvalidFormat {
+						imh.Errors = append(imh.Errors, v2.ErrorCodeDigestInvalid)
+					} else {
+						imh.Errors = append(imh.Errors, errcode.ErrorCodeUnknown, verificationError)
+					}
+				}
+			}
+		case errcode.Error:
+			imh.Errors = append(imh.Errors, err)
+		default:
+			imh.Errors = append(imh.Errors, errcode.ErrorCodeUnknown.WithDetail(err))
+		}
+		return
+	}
+
+	// Tag this manifest
+	if imh.Tag != "" {
+		tags := imh.Repository.Tags(imh)
+		err = tags.Tag(imh, imh.Tag, desc)
+		if err != nil {
+			imh.Errors = append(imh.Errors, errcode.ErrorCodeUnknown.WithDetail(err))
+			return
+		}
+
+	}
+
+	// Construct a canonical url for the uploaded manifest.
+	ref, err := reference.WithDigest(imh.Repository.Named(), imh.Digest)
+	if err != nil {
+		imh.Errors = append(imh.Errors, errcode.ErrorCodeUnknown.WithDetail(err))
+		return
+	}
+
+	location, err := imh.urlBuilder.BuildManifestURL(ref)
+	if err != nil {
+		// NOTE(stevvooe): Given the behavior above, this absurdly unlikely to
+		// happen. We'll log the error here but proceed as if it worked. Worst
+		// case, we set an empty location header.
+		dcontext.GetLogger(imh).Errorf("error building manifest url from digest: %v", err)
+	}
+
+	w.Header().Set("Location", location)
+	w.Header().Set("Docker-Content-Digest", imh.Digest.String())
+	w.WriteHeader(http.StatusCreated)
+
+	dcontext.GetLogger(imh).Debug("Succeeded in putting manifest!")
+}
+
+// applyResourcePolicy checks whether the resource class matches what has
+// been authorized and allowed by the policy configuration.
+func (imh *manifestHandler) applyResourcePolicy(manifest distribution.Manifest) error {
+	allowedClasses := imh.App.Config.Policy.Repository.Classes
+	if len(allowedClasses) == 0 {
+		return nil
+	}
+
+	var class string
+	switch m := manifest.(type) {
+	case *schema1.SignedManifest:
+		class = imageClass
+	case *schema2.DeserializedManifest:
+		switch m.Config.MediaType {
+		case schema2.MediaTypeImageConfig:
+			class = imageClass
+		case schema2.MediaTypePluginConfig:
+			class = "plugin"
+		default:
+			return errcode.ErrorCodeDenied.WithMessage("unknown manifest class for " + m.Config.MediaType)
+		}
+	case *ocischema.DeserializedManifest:
+		switch m.Config.MediaType {
+		case v1.MediaTypeImageConfig:
+			class = imageClass
+		default:
+			return errcode.ErrorCodeDenied.WithMessage("unknown manifest class for " + m.Config.MediaType)
+		}
+	}
+
+	if class == "" {
+		return nil
+	}
+
+	// Check to see if class is allowed in registry
+	var allowedClass bool
+	for _, c := range allowedClasses {
+		if class == c {
+			allowedClass = true
+			break
+		}
+	}
+	if !allowedClass {
+		return errcode.ErrorCodeDenied.WithMessage(fmt.Sprintf("registry does not allow %s manifest", class))
+	}
+
+	resources := auth.AuthorizedResources(imh)
+	n := imh.Repository.Named().Name()
+
+	var foundResource bool
+	for _, r := range resources {
+		if r.Name == n {
+			if r.Class == "" {
+				r.Class = imageClass
+			}
+			if r.Class == class {
+				return nil
+			}
+			foundResource = true
+		}
+	}
+
+	// resource was found but no matching class was found
+	if foundResource {
+		return errcode.ErrorCodeDenied.WithMessage(fmt.Sprintf("repository not authorized for %s manifest", class))
+	}
+
+	return nil
+
+}
+
+// DeleteManifest removes the manifest with the given digest from the registry.
+func (imh *manifestHandler) DeleteManifest(w http.ResponseWriter, r *http.Request) {
+	dcontext.GetLogger(imh).Debug("DeleteImageManifest")
+
+	manifests, err := imh.Repository.Manifests(imh)
+	if err != nil {
+		imh.Errors = append(imh.Errors, err)
+		return
+	}
+
+	err = manifests.Delete(imh, imh.Digest)
+	if err != nil {
+		switch err {
+		case digest.ErrDigestUnsupported:
+		case digest.ErrDigestInvalidFormat:
+			imh.Errors = append(imh.Errors, v2.ErrorCodeDigestInvalid)
+			return
+		case distribution.ErrBlobUnknown:
+			imh.Errors = append(imh.Errors, v2.ErrorCodeManifestUnknown)
+			return
+		case distribution.ErrUnsupported:
+			imh.Errors = append(imh.Errors, errcode.ErrorCodeUnsupported)
+			return
+		default:
+			imh.Errors = append(imh.Errors, errcode.ErrorCodeUnknown)
+			return
+		}
+	}
+
+	tagService := imh.Repository.Tags(imh)
+	referencedTags, err := tagService.Lookup(imh, distribution.Descriptor{Digest: imh.Digest})
+	if err != nil {
+		imh.Errors = append(imh.Errors, err)
+		return
+	}
+
+	for _, tag := range referencedTags {
+		if err := tagService.Untag(imh, tag); err != nil {
+			imh.Errors = append(imh.Errors, err)
+			return
+		}
+	}
+
+	w.WriteHeader(http.StatusAccepted)
+}
diff --git a/vendor/github.com/docker/distribution/registry/handlers/tags.go b/vendor/github.com/docker/distribution/registry/handlers/tags.go
new file mode 100644
index 000000000..b7463a5a3
--- /dev/null
+++ b/vendor/github.com/docker/distribution/registry/handlers/tags.go
@@ -0,0 +1,62 @@
+package handlers
+
+import (
+	"encoding/json"
+	"net/http"
+
+	"github.com/docker/distribution"
+	"github.com/docker/distribution/registry/api/errcode"
+	v2 "github.com/docker/distribution/registry/api/v2"
+	"github.com/gorilla/handlers"
+)
+
+// tagsDispatcher constructs the tags handler api endpoint.
+func tagsDispatcher(ctx *Context, r *http.Request) http.Handler {
+	tagsHandler := &tagsHandler{
+		Context: ctx,
+	}
+
+	return handlers.MethodHandler{
+		"GET": http.HandlerFunc(tagsHandler.GetTags),
+	}
+}
+
+// tagsHandler handles requests for lists of tags under a repository name.
+type tagsHandler struct {
+	*Context
+}
+
+type tagsAPIResponse struct {
+	Name string   `json:"name"`
+	Tags []string `json:"tags"`
+}
+
+// GetTags returns a json list of tags for a specific image name.
+func (th *tagsHandler) GetTags(w http.ResponseWriter, r *http.Request) {
+	defer r.Body.Close()
+
+	tagService := th.Repository.Tags(th)
+	tags, err := tagService.All(th)
+	if err != nil {
+		switch err := err.(type) {
+		case distribution.ErrRepositoryUnknown:
+			th.Errors = append(th.Errors, v2.ErrorCodeNameUnknown.WithDetail(map[string]string{"name": th.Repository.Named().Name()}))
+		case errcode.Error:
+			th.Errors = append(th.Errors, err)
+		default:
+			th.Errors = append(th.Errors, errcode.ErrorCodeUnknown.WithDetail(err))
+		}
+		return
+	}
+
+	w.Header().Set("Content-Type", "application/json; charset=utf-8")
+
+	enc := json.NewEncoder(w)
+	if err := enc.Encode(tagsAPIResponse{
+		Name: th.Repository.Named().Name(),
+		Tags: tags,
+	}); err != nil {
+		th.Errors = append(th.Errors, errcode.ErrorCodeUnknown.WithDetail(err))
+		return
+	}
+}
diff --git a/vendor/github.com/docker/distribution/registry/listener/listener.go b/vendor/github.com/docker/distribution/registry/listener/listener.go
new file mode 100644
index 000000000..b93a7a63f
--- /dev/null
+++ b/vendor/github.com/docker/distribution/registry/listener/listener.go
@@ -0,0 +1,74 @@
+package listener
+
+import (
+	"fmt"
+	"net"
+	"os"
+	"time"
+)
+
+// tcpKeepAliveListener sets TCP keep-alive timeouts on accepted
+// connections. It's used by ListenAndServe and ListenAndServeTLS so
+// dead TCP connections (e.g. closing laptop mid-download) eventually
+// go away.
+// it is a plain copy-paste from net/http/server.go
+type tcpKeepAliveListener struct {
+	*net.TCPListener
+}
+
+func (ln tcpKeepAliveListener) Accept() (c net.Conn, err error) {
+	tc, err := ln.AcceptTCP()
+	if err != nil {
+		return
+	}
+	tc.SetKeepAlive(true)
+	tc.SetKeepAlivePeriod(3 * time.Minute)
+	return tc, nil
+}
+
+// NewListener announces on laddr and net. Accepted values of the net are
+// 'unix' and 'tcp'
+func NewListener(net, laddr string) (net.Listener, error) {
+	switch net {
+	case "unix":
+		return newUnixListener(laddr)
+	case "tcp", "": // an empty net means tcp
+		return newTCPListener(laddr)
+	default:
+		return nil, fmt.Errorf("unknown address type %s", net)
+	}
+}
+
+func newUnixListener(laddr string) (net.Listener, error) {
+	fi, err := os.Stat(laddr)
+	if err == nil {
+		// the file exists.
+		// try to remove it if it's a socket
+		if !isSocket(fi.Mode()) {
+			return nil, fmt.Errorf("file %s exists and is not a socket", laddr)
+		}
+
+		if err := os.Remove(laddr); err != nil {
+			return nil, err
+		}
+	} else if !os.IsNotExist(err) {
+		// we can't do stat on the file.
+		// it means we can not remove it
+		return nil, err
+	}
+
+	return net.Listen("unix", laddr)
+}
+
+func isSocket(m os.FileMode) bool {
+	return m&os.ModeSocket != 0
+}
+
+func newTCPListener(laddr string) (net.Listener, error) {
+	ln, err := net.Listen("tcp", laddr)
+	if err != nil {
+		return nil, err
+	}
+
+	return tcpKeepAliveListener{ln.(*net.TCPListener)}, nil
+}
diff --git a/vendor/github.com/docker/distribution/registry/middleware/registry/middleware.go b/vendor/github.com/docker/distribution/registry/middleware/registry/middleware.go
new file mode 100644
index 000000000..49defd825
--- /dev/null
+++ b/vendor/github.com/docker/distribution/registry/middleware/registry/middleware.go
@@ -0,0 +1,54 @@
+package middleware
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/docker/distribution"
+	"github.com/docker/distribution/registry/storage"
+)
+
+// InitFunc is the type of a RegistryMiddleware factory function and is
+// used to register the constructor for different RegistryMiddleware backends.
+type InitFunc func(ctx context.Context, registry distribution.Namespace, options map[string]interface{}) (distribution.Namespace, error)
+
+var middlewares map[string]InitFunc
+var registryoptions []storage.RegistryOption
+
+// Register is used to register an InitFunc for
+// a RegistryMiddleware backend with the given name.
+func Register(name string, initFunc InitFunc) error {
+	if middlewares == nil {
+		middlewares = make(map[string]InitFunc)
+	}
+	if _, exists := middlewares[name]; exists {
+		return fmt.Errorf("name already registered: %s", name)
+	}
+
+	middlewares[name] = initFunc
+
+	return nil
+}
+
+// Get constructs a RegistryMiddleware with the given options using the named backend.
+func Get(ctx context.Context, name string, options map[string]interface{}, registry distribution.Namespace) (distribution.Namespace, error) {
+	if middlewares != nil {
+		if initFunc, exists := middlewares[name]; exists {
+			return initFunc(ctx, registry, options)
+		}
+	}
+
+	return nil, fmt.Errorf("no registry middleware registered with name: %s", name)
+}
+
+// RegisterOptions adds more options to RegistryOption list. Options get applied before
+// any other configuration-based options.
+func RegisterOptions(options ...storage.RegistryOption) error {
+	registryoptions = append(registryoptions, options...)
+	return nil
+}
+
+// GetRegistryOptions returns list of RegistryOption.
+func GetRegistryOptions() []storage.RegistryOption {
+	return registryoptions
+}
diff --git a/vendor/github.com/docker/distribution/registry/middleware/repository/middleware.go b/vendor/github.com/docker/distribution/registry/middleware/repository/middleware.go
new file mode 100644
index 000000000..f1554b709
--- /dev/null
+++ b/vendor/github.com/docker/distribution/registry/middleware/repository/middleware.go
@@ -0,0 +1,40 @@
+package middleware
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/docker/distribution"
+)
+
+// InitFunc is the type of a RepositoryMiddleware factory function and is
+// used to register the constructor for different RepositoryMiddleware backends.
+type InitFunc func(ctx context.Context, repository distribution.Repository, options map[string]interface{}) (distribution.Repository, error)
+
+var middlewares map[string]InitFunc
+
+// Register is used to register an InitFunc for
+// a RepositoryMiddleware backend with the given name.
+func Register(name string, initFunc InitFunc) error {
+	if middlewares == nil {
+		middlewares = make(map[string]InitFunc)
+	}
+	if _, exists := middlewares[name]; exists {
+		return fmt.Errorf("name already registered: %s", name)
+	}
+
+	middlewares[name] = initFunc
+
+	return nil
+}
+
+// Get constructs a RepositoryMiddleware with the given options using the named backend.
+func Get(ctx context.Context, name string, options map[string]interface{}, repository distribution.Repository) (distribution.Repository, error) {
+	if middlewares != nil {
+		if initFunc, exists := middlewares[name]; exists {
+			return initFunc(ctx, repository, options)
+		}
+	}
+
+	return nil, fmt.Errorf("no repository middleware registered with name: %s", name)
+}
diff --git a/vendor/github.com/docker/distribution/registry/proxy/proxyauth.go b/vendor/github.com/docker/distribution/registry/proxy/proxyauth.go
new file mode 100644
index 000000000..09a0973e6
--- /dev/null
+++ b/vendor/github.com/docker/distribution/registry/proxy/proxyauth.go
@@ -0,0 +1,83 @@
+package proxy
+
+import (
+	"net/http"
+	"net/url"
+	"strings"
+
+	"github.com/docker/distribution/context"
+	"github.com/docker/distribution/registry/client/auth"
+	"github.com/docker/distribution/registry/client/auth/challenge"
+)
+
+const challengeHeader = "Docker-Distribution-Api-Version"
+
+type userpass struct {
+	username string
+	password string
+}
+
+type credentials struct {
+	creds map[string]userpass
+}
+
+func (c credentials) Basic(u *url.URL) (string, string) {
+	up := c.creds[u.String()]
+
+	return up.username, up.password
+}
+
+func (c credentials) RefreshToken(u *url.URL, service string) string {
+	return ""
+}
+
+func (c credentials) SetRefreshToken(u *url.URL, service, token string) {
+}
+
+// configureAuth stores credentials for challenge responses
+func configureAuth(username, password, remoteURL string) (auth.CredentialStore, error) {
+	creds := map[string]userpass{}
+
+	authURLs, err := getAuthURLs(remoteURL)
+	if err != nil {
+		return nil, err
+	}
+
+	for _, url := range authURLs {
+		context.GetLogger(context.Background()).Infof("Discovered token authentication URL: %s", url)
+		creds[url] = userpass{
+			username: username,
+			password: password,
+		}
+	}
+
+	return credentials{creds: creds}, nil
+}
+
+func getAuthURLs(remoteURL string) ([]string, error) {
+	authURLs := []string{}
+
+	resp, err := http.Get(remoteURL + "/v2/")
+	if err != nil {
+		return nil, err
+	}
+	defer resp.Body.Close()
+
+	for _, c := range challenge.ResponseChallenges(resp) {
+		if strings.EqualFold(c.Scheme, "bearer") {
+			authURLs = append(authURLs, c.Parameters["realm"])
+		}
+	}
+
+	return authURLs, nil
+}
+
+func ping(manager challenge.Manager, endpoint, versionHeader string) error {
+	resp, err := http.Get(endpoint)
+	if err != nil {
+		return err
+	}
+	defer resp.Body.Close()
+
+	return manager.AddResponse(resp)
+}
diff --git a/vendor/github.com/docker/distribution/registry/proxy/proxyblobstore.go b/vendor/github.com/docker/distribution/registry/proxy/proxyblobstore.go
new file mode 100644
index 000000000..9ca9c9683
--- /dev/null
+++ b/vendor/github.com/docker/distribution/registry/proxy/proxyblobstore.go
@@ -0,0 +1,221 @@
+package proxy
+
+import (
+	"context"
+	"io"
+	"net/http"
+	"strconv"
+	"sync"
+
+	"github.com/docker/distribution"
+	dcontext "github.com/docker/distribution/context"
+	"github.com/docker/distribution/reference"
+	"github.com/docker/distribution/registry/proxy/scheduler"
+	"github.com/opencontainers/go-digest"
+)
+
+type proxyBlobStore struct {
+	localStore     distribution.BlobStore
+	remoteStore    distribution.BlobService
+	scheduler      *scheduler.TTLExpirationScheduler
+	repositoryName reference.Named
+	authChallenger authChallenger
+}
+
+var _ distribution.BlobStore = &proxyBlobStore{}
+
+// inflight tracks currently downloading blobs
+var inflight = make(map[digest.Digest]struct{})
+
+// mu protects inflight
+var mu sync.Mutex
+
+func setResponseHeaders(w http.ResponseWriter, length int64, mediaType string, digest digest.Digest) {
+	w.Header().Set("Content-Length", strconv.FormatInt(length, 10))
+	w.Header().Set("Content-Type", mediaType)
+	w.Header().Set("Docker-Content-Digest", digest.String())
+	w.Header().Set("Etag", digest.String())
+}
+
+func (pbs *proxyBlobStore) copyContent(ctx context.Context, dgst digest.Digest, writer io.Writer) (distribution.Descriptor, error) {
+	desc, err := pbs.remoteStore.Stat(ctx, dgst)
+	if err != nil {
+		return distribution.Descriptor{}, err
+	}
+
+	if w, ok := writer.(http.ResponseWriter); ok {
+		setResponseHeaders(w, desc.Size, desc.MediaType, dgst)
+	}
+
+	remoteReader, err := pbs.remoteStore.Open(ctx, dgst)
+	if err != nil {
+		return distribution.Descriptor{}, err
+	}
+
+	defer remoteReader.Close()
+
+	_, err = io.CopyN(writer, remoteReader, desc.Size)
+	if err != nil {
+		return distribution.Descriptor{}, err
+	}
+
+	proxyMetrics.BlobPush(uint64(desc.Size))
+
+	return desc, nil
+}
+
+func (pbs *proxyBlobStore) serveLocal(ctx context.Context, w http.ResponseWriter, r *http.Request, dgst digest.Digest) (bool, error) {
+	localDesc, err := pbs.localStore.Stat(ctx, dgst)
+	if err != nil {
+		// Stat can report a zero sized file here if it's checked between creation
+		// and population.  Return nil error, and continue
+		return false, nil
+	}
+
+	if err == nil {
+		proxyMetrics.BlobPush(uint64(localDesc.Size))
+		return true, pbs.localStore.ServeBlob(ctx, w, r, dgst)
+	}
+
+	return false, nil
+
+}
+
+func (pbs *proxyBlobStore) storeLocal(ctx context.Context, dgst digest.Digest) error {
+	defer func() {
+		mu.Lock()
+		delete(inflight, dgst)
+		mu.Unlock()
+	}()
+
+	var desc distribution.Descriptor
+	var err error
+	var bw distribution.BlobWriter
+
+	bw, err = pbs.localStore.Create(ctx)
+	if err != nil {
+		return err
+	}
+
+	desc, err = pbs.copyContent(ctx, dgst, bw)
+	if err != nil {
+		return err
+	}
+
+	_, err = bw.Commit(ctx, desc)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (pbs *proxyBlobStore) ServeBlob(ctx context.Context, w http.ResponseWriter, r *http.Request, dgst digest.Digest) error {
+	served, err := pbs.serveLocal(ctx, w, r, dgst)
+	if err != nil {
+		dcontext.GetLogger(ctx).Errorf("Error serving blob from local storage: %s", err.Error())
+		return err
+	}
+
+	if served {
+		return nil
+	}
+
+	if err := pbs.authChallenger.tryEstablishChallenges(ctx); err != nil {
+		return err
+	}
+
+	mu.Lock()
+	_, ok := inflight[dgst]
+	if ok {
+		mu.Unlock()
+		_, err := pbs.copyContent(ctx, dgst, w)
+		return err
+	}
+	inflight[dgst] = struct{}{}
+	mu.Unlock()
+
+	go func(dgst digest.Digest) {
+		if err := pbs.storeLocal(ctx, dgst); err != nil {
+			dcontext.GetLogger(ctx).Errorf("Error committing to storage: %s", err.Error())
+		}
+
+		blobRef, err := reference.WithDigest(pbs.repositoryName, dgst)
+		if err != nil {
+			dcontext.GetLogger(ctx).Errorf("Error creating reference: %s", err)
+			return
+		}
+
+		pbs.scheduler.AddBlob(blobRef, repositoryTTL)
+	}(dgst)
+
+	_, err = pbs.copyContent(ctx, dgst, w)
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
+func (pbs *proxyBlobStore) Stat(ctx context.Context, dgst digest.Digest) (distribution.Descriptor, error) {
+	desc, err := pbs.localStore.Stat(ctx, dgst)
+	if err == nil {
+		return desc, err
+	}
+
+	if err != distribution.ErrBlobUnknown {
+		return distribution.Descriptor{}, err
+	}
+
+	if err := pbs.authChallenger.tryEstablishChallenges(ctx); err != nil {
+		return distribution.Descriptor{}, err
+	}
+
+	return pbs.remoteStore.Stat(ctx, dgst)
+}
+
+func (pbs *proxyBlobStore) Get(ctx context.Context, dgst digest.Digest) ([]byte, error) {
+	blob, err := pbs.localStore.Get(ctx, dgst)
+	if err == nil {
+		return blob, nil
+	}
+
+	if err := pbs.authChallenger.tryEstablishChallenges(ctx); err != nil {
+		return []byte{}, err
+	}
+
+	blob, err = pbs.remoteStore.Get(ctx, dgst)
+	if err != nil {
+		return []byte{}, err
+	}
+
+	_, err = pbs.localStore.Put(ctx, "", blob)
+	if err != nil {
+		return []byte{}, err
+	}
+	return blob, nil
+}
+
+// Unsupported functions
+func (pbs *proxyBlobStore) Put(ctx context.Context, mediaType string, p []byte) (distribution.Descriptor, error) {
+	return distribution.Descriptor{}, distribution.ErrUnsupported
+}
+
+func (pbs *proxyBlobStore) Create(ctx context.Context, options ...distribution.BlobCreateOption) (distribution.BlobWriter, error) {
+	return nil, distribution.ErrUnsupported
+}
+
+func (pbs *proxyBlobStore) Resume(ctx context.Context, id string) (distribution.BlobWriter, error) {
+	return nil, distribution.ErrUnsupported
+}
+
+func (pbs *proxyBlobStore) Mount(ctx context.Context, sourceRepo reference.Named, dgst digest.Digest) (distribution.Descriptor, error) {
+	return distribution.Descriptor{}, distribution.ErrUnsupported
+}
+
+func (pbs *proxyBlobStore) Open(ctx context.Context, dgst digest.Digest) (distribution.ReadSeekCloser, error) {
+	return nil, distribution.ErrUnsupported
+}
+
+func (pbs *proxyBlobStore) Delete(ctx context.Context, dgst digest.Digest) error {
+	return distribution.ErrUnsupported
+}
diff --git a/vendor/github.com/docker/distribution/registry/proxy/proxymanifeststore.go b/vendor/github.com/docker/distribution/registry/proxy/proxymanifeststore.go
new file mode 100644
index 000000000..9b017a0ba
--- /dev/null
+++ b/vendor/github.com/docker/distribution/registry/proxy/proxymanifeststore.go
@@ -0,0 +1,96 @@
+package proxy
+
+import (
+	"context"
+	"time"
+
+	"github.com/docker/distribution"
+	dcontext "github.com/docker/distribution/context"
+	"github.com/docker/distribution/reference"
+	"github.com/docker/distribution/registry/proxy/scheduler"
+	"github.com/opencontainers/go-digest"
+)
+
+// todo(richardscothern): from cache control header or config
+const repositoryTTL = 24 * 7 * time.Hour
+
+type proxyManifestStore struct {
+	ctx             context.Context
+	localManifests  distribution.ManifestService
+	remoteManifests distribution.ManifestService
+	repositoryName  reference.Named
+	scheduler       *scheduler.TTLExpirationScheduler
+	authChallenger  authChallenger
+}
+
+var _ distribution.ManifestService = &proxyManifestStore{}
+
+func (pms proxyManifestStore) Exists(ctx context.Context, dgst digest.Digest) (bool, error) {
+	exists, err := pms.localManifests.Exists(ctx, dgst)
+	if err != nil {
+		return false, err
+	}
+	if exists {
+		return true, nil
+	}
+	if err := pms.authChallenger.tryEstablishChallenges(ctx); err != nil {
+		return false, err
+	}
+	return pms.remoteManifests.Exists(ctx, dgst)
+}
+
+func (pms proxyManifestStore) Get(ctx context.Context, dgst digest.Digest, options ...distribution.ManifestServiceOption) (distribution.Manifest, error) {
+	// At this point `dgst` was either specified explicitly, or returned by the
+	// tagstore with the most recent association.
+	var fromRemote bool
+	manifest, err := pms.localManifests.Get(ctx, dgst, options...)
+	if err != nil {
+		if err := pms.authChallenger.tryEstablishChallenges(ctx); err != nil {
+			return nil, err
+		}
+
+		manifest, err = pms.remoteManifests.Get(ctx, dgst, options...)
+		if err != nil {
+			return nil, err
+		}
+		fromRemote = true
+	}
+
+	_, payload, err := manifest.Payload()
+	if err != nil {
+		return nil, err
+	}
+
+	proxyMetrics.ManifestPush(uint64(len(payload)))
+	if fromRemote {
+		proxyMetrics.ManifestPull(uint64(len(payload)))
+
+		_, err = pms.localManifests.Put(ctx, manifest)
+		if err != nil {
+			return nil, err
+		}
+
+		// Schedule the manifest blob for removal
+		repoBlob, err := reference.WithDigest(pms.repositoryName, dgst)
+		if err != nil {
+			dcontext.GetLogger(ctx).Errorf("Error creating reference: %s", err)
+			return nil, err
+		}
+
+		pms.scheduler.AddManifest(repoBlob, repositoryTTL)
+		// Ensure the manifest blob is cleaned up
+		//pms.scheduler.AddBlob(blobRef, repositoryTTL)
+
+	}
+
+	return manifest, err
+}
+
+func (pms proxyManifestStore) Put(ctx context.Context, manifest distribution.Manifest, options ...distribution.ManifestServiceOption) (digest.Digest, error) {
+	var d digest.Digest
+	return d, distribution.ErrUnsupported
+}
+
+func (pms proxyManifestStore) Delete(ctx context.Context, dgst digest.Digest) error {
+	return distribution.ErrUnsupported
+}
diff --git a/vendor/github.com/docker/distribution/registry/proxy/proxymetrics.go b/vendor/github.com/docker/distribution/registry/proxy/proxymetrics.go
new file mode 100644
index 000000000..d3d84d786
--- /dev/null
+++ b/vendor/github.com/docker/distribution/registry/proxy/proxymetrics.go
@@ -0,0 +1,74 @@
+package proxy
+
+import (
+	"expvar"
+	"sync/atomic"
+)
+
+// Metrics is used to hold metric counters
+// related to the proxy
+type Metrics struct {
+	Requests    uint64
+	Hits        uint64
+	Misses      uint64
+	BytesPulled uint64
+	BytesPushed uint64
+}
+
+type proxyMetricsCollector struct {
+	blobMetrics     Metrics
+	manifestMetrics Metrics
+}
+
+// BlobPull tracks metrics about blobs pulled into the cache
+func (pmc *proxyMetricsCollector) BlobPull(bytesPulled uint64) {
+	atomic.AddUint64(&pmc.blobMetrics.Misses, 1)
+	atomic.AddUint64(&pmc.blobMetrics.BytesPulled, bytesPulled)
+}
+
+// BlobPush tracks metrics about blobs pushed to clients
+func (pmc *proxyMetricsCollector) BlobPush(bytesPushed uint64) {
+	atomic.AddUint64(&pmc.blobMetrics.Requests, 1)
+	atomic.AddUint64(&pmc.blobMetrics.Hits, 1)
+	atomic.AddUint64(&pmc.blobMetrics.BytesPushed, bytesPushed)
+}
+
+// ManifestPull tracks metrics related to Manifests pulled into the cache
+func (pmc *proxyMetricsCollector) ManifestPull(bytesPulled uint64) {
+	atomic.AddUint64(&pmc.manifestMetrics.Misses, 1)
+	atomic.AddUint64(&pmc.manifestMetrics.BytesPulled, bytesPulled)
+}
+
+// ManifestPush tracks metrics about manifests pushed to clients
+func (pmc *proxyMetricsCollector) ManifestPush(bytesPushed uint64) {
+	atomic.AddUint64(&pmc.manifestMetrics.Requests, 1)
+	atomic.AddUint64(&pmc.manifestMetrics.Hits, 1)
+	atomic.AddUint64(&pmc.manifestMetrics.BytesPushed, bytesPushed)
+}
+
+// proxyMetrics tracks metrics about the proxy cache.  This is
+// kept globally and made available via expvar.
+var proxyMetrics = &proxyMetricsCollector{}
+
+func init() {
+	registry := expvar.Get("registry")
+	if registry == nil {
+		registry = expvar.NewMap("registry")
+	}
+
+	pm := registry.(*expvar.Map).Get("proxy")
+	if pm == nil {
+		pm = &expvar.Map{}
+		pm.(*expvar.Map).Init()
+		registry.(*expvar.Map).Set("proxy", pm)
+	}
+
+	pm.(*expvar.Map).Set("blobs", expvar.Func(func() interface{} {
+		return proxyMetrics.blobMetrics
+	}))
+
+	pm.(*expvar.Map).Set("manifests", expvar.Func(func() interface{} {
+		return proxyMetrics.manifestMetrics
+	}))
+
+}
diff --git a/vendor/github.com/docker/distribution/registry/proxy/proxyregistry.go b/vendor/github.com/docker/distribution/registry/proxy/proxyregistry.go
new file mode 100644
index 000000000..e8a8f3526
--- /dev/null
+++ b/vendor/github.com/docker/distribution/registry/proxy/proxyregistry.go
@@ -0,0 +1,263 @@
+package proxy
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"net/url"
+	"sync"
+
+	"github.com/docker/distribution"
+	"github.com/docker/distribution/configuration"
+	dcontext "github.com/docker/distribution/context"
+	"github.com/docker/distribution/reference"
+	"github.com/docker/distribution/registry/client"
+	"github.com/docker/distribution/registry/client/auth"
+	"github.com/docker/distribution/registry/client/auth/challenge"
+	"github.com/docker/distribution/registry/client/transport"
+	"github.com/docker/distribution/registry/proxy/scheduler"
+	"github.com/docker/distribution/registry/storage"
+	"github.com/docker/distribution/registry/storage/driver"
+)
+
+// proxyingRegistry fetches content from a remote registry and caches it locally
+type proxyingRegistry struct {
+	embedded       distribution.Namespace // provides local registry functionality
+	scheduler      *scheduler.TTLExpirationScheduler
+	remoteURL      url.URL
+	authChallenger authChallenger
+}
+
+// NewRegistryPullThroughCache creates a registry acting as a pull through cache
+func NewRegistryPullThroughCache(ctx context.Context, registry distribution.Namespace, driver driver.StorageDriver, config configuration.Proxy) (distribution.Namespace, error) {
+	remoteURL, err := url.Parse(config.RemoteURL)
+	if err != nil {
+		return nil, err
+	}
+
+	v := storage.NewVacuum(ctx, driver)
+	s := scheduler.New(ctx, driver, "/scheduler-state.json")
+	s.OnBlobExpire(func(ref reference.Reference) error {
+		var r reference.Canonical
+		var ok bool
+		if r, ok = ref.(reference.Canonical); !ok {
+			return fmt.Errorf("unexpected reference type : %T", ref)
+		}
+
+		repo, err := registry.Repository(ctx, r)
+		if err != nil {
+			return err
+		}
+
+		blobs := repo.Blobs(ctx)
+
+		// Clear the repository reference and descriptor caches
+		err = blobs.Delete(ctx, r.Digest())
+		if err != nil {
+			return err
+		}
+
+		err = v.RemoveBlob(r.Digest().String())
+		if err != nil {
+			return err
+		}
+
+		return nil
+	})
+
+	s.OnManifestExpire(func(ref reference.Reference) error {
+		var r reference.Canonical
+		var ok bool
+		if r, ok = ref.(reference.Canonical); !ok {
+			return fmt.Errorf("unexpected reference type : %T", ref)
+		}
+
+		repo, err := registry.Repository(ctx, r)
+		if err != nil {
+			return err
+		}
+
+		manifests, err := repo.Manifests(ctx)
+		if err != nil {
+			return err
+		}
+		err = manifests.Delete(ctx, r.Digest())
+		if err != nil {
+			return err
+		}
+		return nil
+	})
+
+	err = s.Start()
+	if err != nil {
+		return nil, err
+	}
+
+	cs, err := configureAuth(config.Username, config.Password, config.RemoteURL)
+	if err != nil {
+		return nil, err
+	}
+
+	return &proxyingRegistry{
+		embedded:  registry,
+		scheduler: s,
+		remoteURL: *remoteURL,
+		authChallenger: &remoteAuthChallenger{
+			remoteURL: *remoteURL,
+			cm:        challenge.NewSimpleManager(),
+			cs:        cs,
+		},
+	}, nil
+}
+
+func (pr *proxyingRegistry) Scope() distribution.Scope {
+	return distribution.GlobalScope
+}
+
+func (pr *proxyingRegistry) Repositories(ctx context.Context, repos []string, last string) (n int, err error) {
+	return pr.embedded.Repositories(ctx, repos, last)
+}
+
+func (pr *proxyingRegistry) Repository(ctx context.Context, name reference.Named) (distribution.Repository, error) {
+	c := pr.authChallenger
+
+	tkopts := auth.TokenHandlerOptions{
+		Transport:   http.DefaultTransport,
+		Credentials: c.credentialStore(),
+		Scopes: []auth.Scope{
+			auth.RepositoryScope{
+				Repository: name.Name(),
+				Actions:    []string{"pull"},
+			},
+		},
+		Logger: dcontext.GetLogger(ctx),
+	}
+
+	tr := transport.NewTransport(http.DefaultTransport,
+		auth.NewAuthorizer(c.challengeManager(),
+			auth.NewTokenHandlerWithOptions(tkopts)))
+
+	localRepo, err := pr.embedded.Repository(ctx, name)
+	if err != nil {
+		return nil, err
+	}
+	localManifests, err := localRepo.Manifests(ctx, storage.SkipLayerVerification())
+	if err != nil {
+		return nil, err
+	}
+
+	remoteRepo, err := client.NewRepository(name, pr.remoteURL.String(), tr)
+	if err != nil {
+		return nil, err
+	}
+
+	remoteManifests, err := remoteRepo.Manifests(ctx)
+	if err != nil {
+		return nil, err
+	}
+
+	return &proxiedRepository{
+		blobStore: &proxyBlobStore{
+			localStore:     localRepo.Blobs(ctx),
+			remoteStore:    remoteRepo.Blobs(ctx),
+			scheduler:      pr.scheduler,
+			repositoryName: name,
+			authChallenger: pr.authChallenger,
+		},
+		manifests: &proxyManifestStore{
+			repositoryName:  name,
+			localManifests:  localManifests, // Options?
+			remoteManifests: remoteManifests,
+			ctx:             ctx,
+			scheduler:       pr.scheduler,
+			authChallenger:  pr.authChallenger,
+		},
+		name: name,
+		tags: &proxyTagService{
+			localTags:      localRepo.Tags(ctx),
+			remoteTags:     remoteRepo.Tags(ctx),
+			authChallenger: pr.authChallenger,
+		},
+	}, nil
+}
+
+func (pr *proxyingRegistry) Blobs() distribution.BlobEnumerator {
+	return pr.embedded.Blobs()
+}
+
+func (pr *proxyingRegistry) BlobStatter() distribution.BlobStatter {
+	return pr.embedded.BlobStatter()
+}
+
+// authChallenger encapsulates a request to the upstream to establish credential challenges
+type authChallenger interface {
+	tryEstablishChallenges(context.Context) error
+	challengeManager() challenge.Manager
+	credentialStore() auth.CredentialStore
+}
+
+type remoteAuthChallenger struct {
+	remoteURL url.URL
+	sync.Mutex
+	cm challenge.Manager
+	cs auth.CredentialStore
+}
+
+func (r *remoteAuthChallenger) credentialStore() auth.CredentialStore {
+	return r.cs
+}
+
+func (r *remoteAuthChallenger) challengeManager() challenge.Manager {
+	return r.cm
+}
+
+// tryEstablishChallenges will attempt to get a challenge type for the upstream if none currently exist
+func (r *remoteAuthChallenger) tryEstablishChallenges(ctx context.Context) error {
+	r.Lock()
+	defer r.Unlock()
+
+	remoteURL := r.remoteURL
+	remoteURL.Path = "/v2/"
+	challenges, err := r.cm.GetChallenges(remoteURL)
+	if err != nil {
+		return err
+	}
+
+	if len(challenges) > 0 {
+		return nil
+	}
+
+	// establish challenge type with upstream
+	if err := ping(r.cm, remoteURL.String(), challengeHeader); err != nil {
+		return err
+	}
+
+	dcontext.GetLogger(ctx).Infof("Challenge established with upstream : %s %s", remoteURL, r.cm)
+	return nil
+}
+
+// proxiedRepository uses proxying blob and manifest services to serve content
+// locally, or pulling it through from a remote and caching it locally if it doesn't
+// already exist
+type proxiedRepository struct {
+	blobStore distribution.BlobStore
+	manifests distribution.ManifestService
+	name      reference.Named
+	tags      distribution.TagService
+}
+
+func (pr *proxiedRepository) Manifests(ctx context.Context, options ...distribution.ManifestServiceOption) (distribution.ManifestService, error) {
+	return pr.manifests, nil
+}
+
+func (pr *proxiedRepository) Blobs(ctx context.Context) distribution.BlobStore {
+	return pr.blobStore
+}
+
+func (pr *proxiedRepository) Named() reference.Named {
+	return pr.name
+}
+
+func (pr *proxiedRepository) Tags(ctx context.Context) distribution.TagService {
+	return pr.tags
+}
diff --git a/vendor/github.com/docker/distribution/registry/proxy/proxytagservice.go b/vendor/github.com/docker/distribution/registry/proxy/proxytagservice.go
new file mode 100644
index 000000000..6a9256395
--- /dev/null
+++ b/vendor/github.com/docker/distribution/registry/proxy/proxytagservice.go
@@ -0,0 +1,66 @@
+package proxy
+
+import (
+	"context"
+
+	"github.com/docker/distribution"
+)
+
+// proxyTagService supports local and remote lookup of tags.
+type proxyTagService struct {
+	localTags      distribution.TagService
+	remoteTags     distribution.TagService
+	authChallenger authChallenger
+}
+
+var _ distribution.TagService = proxyTagService{}
+
+// Get attempts to get the most recent digest for the tag by checking the remote
+// tag service first and then caching it locally.  If the remote is unavailable
+// the local association is returned
+func (pt proxyTagService) Get(ctx context.Context, tag string) (distribution.Descriptor, error) {
+	err := pt.authChallenger.tryEstablishChallenges(ctx)
+	if err == nil {
+		desc, err := pt.remoteTags.Get(ctx, tag)
+		if err == nil {
+			err := pt.localTags.Tag(ctx, tag, desc)
+			if err != nil {
+				return distribution.Descriptor{}, err
+			}
+			return desc, nil
+		}
+	}
+
+	desc, err := pt.localTags.Get(ctx, tag)
+	if err != nil {
+		return distribution.Descriptor{}, err
+	}
+	return desc, nil
+}
+
+func (pt proxyTagService) Tag(ctx context.Context, tag string, desc distribution.Descriptor) error {
+	return distribution.ErrUnsupported
+}
+
+func (pt proxyTagService) Untag(ctx context.Context, tag string) error {
+	err := pt.localTags.Untag(ctx, tag)
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
+func (pt proxyTagService) All(ctx context.Context) ([]string, error) {
+	err := pt.authChallenger.tryEstablishChallenges(ctx)
+	if err == nil {
+		tags, err := pt.remoteTags.All(ctx)
+		if err == nil {
+			return tags, err
+		}
+	}
+	return pt.localTags.All(ctx)
+}
+
+func (pt proxyTagService) Lookup(ctx context.Context, digest distribution.Descriptor) ([]string, error) {
+	return []string{}, distribution.ErrUnsupported
+}
diff --git a/vendor/github.com/docker/distribution/registry/proxy/scheduler/scheduler.go b/vendor/github.com/docker/distribution/registry/proxy/scheduler/scheduler.go
new file mode 100644
index 000000000..f3c1caa03
--- /dev/null
+++ b/vendor/github.com/docker/distribution/registry/proxy/scheduler/scheduler.go
@@ -0,0 +1,260 @@
+package scheduler
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"sync"
+	"time"
+
+	dcontext "github.com/docker/distribution/context"
+	"github.com/docker/distribution/reference"
+	"github.com/docker/distribution/registry/storage/driver"
+)
+
+// onTTLExpiryFunc is called when a repository's TTL expires
+type expiryFunc func(reference.Reference) error
+
+const (
+	entryTypeBlob = iota
+	entryTypeManifest
+	indexSaveFrequency = 5 * time.Second
+)
+
+// schedulerEntry represents an entry in the scheduler
+// fields are exported for serialization
+type schedulerEntry struct {
+	Key       string    `json:"Key"`
+	Expiry    time.Time `json:"ExpiryData"`
+	EntryType int       `json:"EntryType"`
+
+	timer *time.Timer
+}
+
+// New returns a new instance of the scheduler
+func New(ctx context.Context, driver driver.StorageDriver, path string) *TTLExpirationScheduler {
+	return &TTLExpirationScheduler{
+		entries:         make(map[string]*schedulerEntry),
+		driver:          driver,
+		pathToStateFile: path,
+		ctx:             ctx,
+		stopped:         true,
+		doneChan:        make(chan struct{}),
+		saveTimer:       time.NewTicker(indexSaveFrequency),
+	}
+}
+
+// TTLExpirationScheduler is a scheduler used to perform actions
+// when TTLs expire
+type TTLExpirationScheduler struct {
+	sync.Mutex
+
+	entries map[string]*schedulerEntry
+
+	driver          driver.StorageDriver
+	ctx             context.Context
+	pathToStateFile string
+
+	stopped bool
+
+	onBlobExpire     expiryFunc
+	onManifestExpire expiryFunc
+
+	indexDirty bool
+	saveTimer  *time.Ticker
+	doneChan   chan struct{}
+}
+
+// OnBlobExpire is called when a scheduled blob's TTL expires
+func (ttles *TTLExpirationScheduler) OnBlobExpire(f expiryFunc) {
+	ttles.Lock()
+	defer ttles.Unlock()
+
+	ttles.onBlobExpire = f
+}
+
+// OnManifestExpire is called when a scheduled manifest's TTL expires
+func (ttles *TTLExpirationScheduler) OnManifestExpire(f expiryFunc) {
+	ttles.Lock()
+	defer ttles.Unlock()
+
+	ttles.onManifestExpire = f
+}
+
+// AddBlob schedules a blob cleanup after ttl expires
+func (ttles *TTLExpirationScheduler) AddBlob(blobRef reference.Canonical, ttl time.Duration) error {
+	ttles.Lock()
+	defer ttles.Unlock()
+
+	if ttles.stopped {
+		return fmt.Errorf("scheduler not started")
+	}
+
+	ttles.add(blobRef, ttl, entryTypeBlob)
+	return nil
+}
+
+// AddManifest schedules a manifest cleanup after ttl expires
+func (ttles *TTLExpirationScheduler) AddManifest(manifestRef reference.Canonical, ttl time.Duration) error {
+	ttles.Lock()
+	defer ttles.Unlock()
+
+	if ttles.stopped {
+		return fmt.Errorf("scheduler not started")
+	}
+
+	ttles.add(manifestRef, ttl, entryTypeManifest)
+	return nil
+}
+
+// Start starts the scheduler
+func (ttles *TTLExpirationScheduler) Start() error {
+	ttles.Lock()
+	defer ttles.Unlock()
+
+	err := ttles.readState()
+	if err != nil {
+		return err
+	}
+
+	if !ttles.stopped {
+		return fmt.Errorf("scheduler already started")
+	}
+
+	dcontext.GetLogger(ttles.ctx).Infof("Starting cached object TTL expiration scheduler...")
+	ttles.stopped = false
+
+	// Start timer for each deserialized entry
+	for _, entry := range ttles.entries {
+		entry.timer = ttles.startTimer(entry, time.Until(entry.Expiry))
+	}
+
+	// Start a ticker to periodically save the entries index
+
+	go func() {
+		for {
+			select {
+			case <-ttles.saveTimer.C:
+				ttles.Lock()
+				if !ttles.indexDirty {
+					ttles.Unlock()
+					continue
+				}
+
+				err := ttles.writeState()
+				if err != nil {
+					dcontext.GetLogger(ttles.ctx).Errorf("Error writing scheduler state: %s", err)
+				} else {
+					ttles.indexDirty = false
+				}
+				ttles.Unlock()
+
+			case <-ttles.doneChan:
+				return
+			}
+		}
+	}()
+
+	return nil
+}
+
+func (ttles *TTLExpirationScheduler) add(r reference.Reference, ttl time.Duration, eType int) {
+	entry := &schedulerEntry{
+		Key:       r.String(),
+		Expiry:    time.Now().Add(ttl),
+		EntryType: eType,
+	}
+	dcontext.GetLogger(ttles.ctx).Infof("Adding new scheduler entry for %s with ttl=%s", entry.Key, time.Until(entry.Expiry))
+	if oldEntry, present := ttles.entries[entry.Key]; present && oldEntry.timer != nil {
+		oldEntry.timer.Stop()
+	}
+	ttles.entries[entry.Key] = entry
+	entry.timer = ttles.startTimer(entry, ttl)
+	ttles.indexDirty = true
+}
+
+func (ttles *TTLExpirationScheduler) startTimer(entry *schedulerEntry, ttl time.Duration) *time.Timer {
+	return time.AfterFunc(ttl, func() {
+		ttles.Lock()
+		defer ttles.Unlock()
+
+		var f expiryFunc
+
+		switch entry.EntryType {
+		case entryTypeBlob:
+			f = ttles.onBlobExpire
+		case entryTypeManifest:
+			f = ttles.onManifestExpire
+		default:
+			f = func(reference.Reference) error {
+				return fmt.Errorf("scheduler entry type")
+			}
+		}
+
+		ref, err := reference.Parse(entry.Key)
+		if err == nil {
+			if err := f(ref); err != nil {
+				dcontext.GetLogger(ttles.ctx).Errorf("Scheduler error returned from OnExpire(%s): %s", entry.Key, err)
+			}
+		} else {
+			dcontext.GetLogger(ttles.ctx).Errorf("Error unpacking reference: %s", err)
+		}
+
+		delete(ttles.entries, entry.Key)
+		ttles.indexDirty = true
+	})
+}
+
+// Stop stops the scheduler.
+func (ttles *TTLExpirationScheduler) Stop() {
+	ttles.Lock()
+	defer ttles.Unlock()
+
+	if err := ttles.writeState(); err != nil {
+		dcontext.GetLogger(ttles.ctx).Errorf("Error writing scheduler state: %s", err)
+	}
+
+	for _, entry := range ttles.entries {
+		entry.timer.Stop()
+	}
+
+	close(ttles.doneChan)
+	ttles.saveTimer.Stop()
+	ttles.stopped = true
+}
+
+func (ttles *TTLExpirationScheduler) writeState() error {
+	jsonBytes, err := json.Marshal(ttles.entries)
+	if err != nil {
+		return err
+	}
+
+	err = ttles.driver.PutContent(ttles.ctx, ttles.pathToStateFile, jsonBytes)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (ttles *TTLExpirationScheduler) readState() error {
+	if _, err := ttles.driver.Stat(ttles.ctx, ttles.pathToStateFile); err != nil {
+		switch err := err.(type) {
+		case driver.PathNotFoundError:
+			return nil
+		default:
+			return err
+		}
+	}
+
+	bytes, err := ttles.driver.GetContent(ttles.ctx, ttles.pathToStateFile)
+	if err != nil {
+		return err
+	}
+
+	err = json.Unmarshal(bytes, &ttles.entries)
+	if err != nil {
+		return err
+	}
+	return nil
+}
diff --git a/vendor/github.com/docker/distribution/registry/registry.go b/vendor/github.com/docker/distribution/registry/registry.go
new file mode 100644
index 000000000..dc156f462
--- /dev/null
+++ b/vendor/github.com/docker/distribution/registry/registry.go
@@ -0,0 +1,497 @@
+package registry
+
+import (
+	"context"
+	"crypto/tls"
+	"crypto/x509"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"os"
+	"os/signal"
+	"strings"
+	"syscall"
+	"time"
+
+	"rsc.io/letsencrypt"
+
+	logrus_bugsnag "github.com/Shopify/logrus-bugsnag"
+
+	logstash "github.com/bshuster-repo/logrus-logstash-hook"
+	"github.com/bugsnag/bugsnag-go"
+	"github.com/docker/distribution/configuration"
+	dcontext "github.com/docker/distribution/context"
+	"github.com/docker/distribution/health"
+	"github.com/docker/distribution/registry/handlers"
+	"github.com/docker/distribution/registry/listener"
+	"github.com/docker/distribution/uuid"
+	"github.com/docker/distribution/version"
+	"github.com/docker/go-metrics"
+	gorhandlers "github.com/gorilla/handlers"
+	log "github.com/sirupsen/logrus"
+	"github.com/spf13/cobra"
+	"github.com/yvasiyarov/gorelic"
+)
+
+// a map of TLS cipher suite names to constants in https://golang.org/pkg/crypto/tls/#pkg-constants
+var cipherSuites = map[string]uint16{
+	// TLS 1.0 - 1.2 cipher suites
+	"TLS_RSA_WITH_RC4_128_SHA":                      tls.TLS_RSA_WITH_RC4_128_SHA,
+	"TLS_RSA_WITH_3DES_EDE_CBC_SHA":                 tls.TLS_RSA_WITH_3DES_EDE_CBC_SHA,
+	"TLS_RSA_WITH_AES_128_CBC_SHA":                  tls.TLS_RSA_WITH_AES_128_CBC_SHA,
+	"TLS_RSA_WITH_AES_256_CBC_SHA":                  tls.TLS_RSA_WITH_AES_256_CBC_SHA,
+	"TLS_RSA_WITH_AES_128_CBC_SHA256":               tls.TLS_RSA_WITH_AES_128_CBC_SHA256,
+	"TLS_RSA_WITH_AES_128_GCM_SHA256":               tls.TLS_RSA_WITH_AES_128_GCM_SHA256,
+	"TLS_RSA_WITH_AES_256_GCM_SHA384":               tls.TLS_RSA_WITH_AES_256_GCM_SHA384,
+	"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA":              tls.TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
+	"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA":          tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
+	"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA":          tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
+	"TLS_ECDHE_RSA_WITH_RC4_128_SHA":                tls.TLS_ECDHE_RSA_WITH_RC4_128_SHA,
+	"TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA":           tls.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
+	"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA":            tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
+	"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA":            tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
+	"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256":       tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
+	"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256":         tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
+	"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256":         tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+	"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256":       tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+	"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384":         tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+	"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384":       tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+	"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256":   tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
+	"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256": tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
+	// TLS 1.3 cipher suites
+	"TLS_AES_128_GCM_SHA256":       tls.TLS_AES_128_GCM_SHA256,
+	"TLS_AES_256_GCM_SHA384":       tls.TLS_AES_256_GCM_SHA384,
+	"TLS_CHACHA20_POLY1305_SHA256": tls.TLS_CHACHA20_POLY1305_SHA256,
+}
+
+// a list of default ciphersuites to utilize
+var defaultCipherSuites = []uint16{
+	tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+	tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+	tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
+	tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
+	tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+	tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+	tls.TLS_AES_128_GCM_SHA256,
+	tls.TLS_CHACHA20_POLY1305_SHA256,
+	tls.TLS_AES_256_GCM_SHA384,
+}
+
+// maps tls version strings to constants
+var defaultTLSVersionStr = "tls1.2"
+var tlsVersions = map[string]uint16{
+	// user specified values
+	"tls1.0": tls.VersionTLS10,
+	"tls1.1": tls.VersionTLS11,
+	"tls1.2": tls.VersionTLS12,
+	"tls1.3": tls.VersionTLS13,
+}
+
+// this channel gets notified when process receives signal. It is global to ease unit testing
+var quit = make(chan os.Signal, 1)
+
+// ServeCmd is a cobra command for running the registry.
+var ServeCmd = &cobra.Command{
+	Use:   "serve <config>",
+	Short: "`serve` stores and distributes Docker images",
+	Long:  "`serve` stores and distributes Docker images.",
+	Run: func(cmd *cobra.Command, args []string) {
+
+		// setup context
+		ctx := dcontext.WithVersion(dcontext.Background(), version.Version)
+
+		config, err := resolveConfiguration(args)
+		if err != nil {
+			fmt.Fprintf(os.Stderr, "configuration error: %v\n", err)
+			cmd.Usage()
+			os.Exit(1)
+		}
+
+		if config.HTTP.Debug.Addr != "" {
+			go func(addr string) {
+				log.Infof("debug server listening %v", addr)
+				if err := http.ListenAndServe(addr, nil); err != nil {
+					log.Fatalf("error listening on debug interface: %v", err)
+				}
+			}(config.HTTP.Debug.Addr)
+		}
+
+		registry, err := NewRegistry(ctx, config)
+		if err != nil {
+			log.Fatalln(err)
+		}
+
+		if config.HTTP.Debug.Prometheus.Enabled {
+			path := config.HTTP.Debug.Prometheus.Path
+			if path == "" {
+				path = "/metrics"
+			}
+			log.Info("providing prometheus metrics on ", path)
+			http.Handle(path, metrics.Handler())
+		}
+
+		if err = registry.ListenAndServe(); err != nil {
+			log.Fatalln(err)
+		}
+	},
+}
+
+// A Registry represents a complete instance of the registry.
+// TODO(aaronl): It might make sense for Registry to become an interface.
+type Registry struct {
+	config *configuration.Configuration
+	app    *handlers.App
+	server *http.Server
+}
+
+// NewRegistry creates a new registry from a context and configuration struct.
+func NewRegistry(ctx context.Context, config *configuration.Configuration) (*Registry, error) {
+	var err error
+	ctx, err = configureLogging(ctx, config)
+	if err != nil {
+		return nil, fmt.Errorf("error configuring logger: %v", err)
+	}
+
+	configureBugsnag(config)
+
+	// inject a logger into the uuid library. warns us if there is a problem
+	// with uuid generation under low entropy.
+	uuid.Loggerf = dcontext.GetLogger(ctx).Warnf
+
+	app := handlers.NewApp(ctx, config)
+	// TODO(aaronl): The global scope of the health checks means NewRegistry
+	// can only be called once per process.
+	app.RegisterHealthChecks()
+	handler := configureReporting(app)
+	handler = alive("/", handler)
+	handler = health.Handler(handler)
+	handler = panicHandler(handler)
+	if !config.Log.AccessLog.Disabled {
+		handler = gorhandlers.CombinedLoggingHandler(os.Stdout, handler)
+	}
+
+	server := &http.Server{
+		Handler: handler,
+	}
+
+	return &Registry{
+		app:    app,
+		config: config,
+		server: server,
+	}, nil
+}
+
+// takes a list of cipher suites and converts it to a list of respective tls constants
+// if an empty list is provided, then the defaults will be used
+func getCipherSuites(names []string) ([]uint16, error) {
+	if len(names) == 0 {
+		return defaultCipherSuites, nil
+	}
+	cipherSuiteConsts := make([]uint16, len(names))
+	for i, name := range names {
+		cipherSuiteConst, ok := cipherSuites[name]
+		if !ok {
+			return nil, fmt.Errorf("unknown TLS cipher suite '%s' specified for http.tls.cipherSuites", name)
+		}
+		cipherSuiteConsts[i] = cipherSuiteConst
+	}
+	return cipherSuiteConsts, nil
+}
+
+// takes a list of cipher suite ids and converts it to a list of respective names
+func getCipherSuiteNames(ids []uint16) []string {
+	if len(ids) == 0 {
+		return nil
+	}
+	names := make([]string, len(ids))
+	for i, id := range ids {
+		names[i] = tls.CipherSuiteName(id)
+	}
+	return names
+}
+
+// ListenAndServe runs the registry's HTTP server.
+func (registry *Registry) ListenAndServe() error {
+	config := registry.config
+
+	ln, err := listener.NewListener(config.HTTP.Net, config.HTTP.Addr)
+	if err != nil {
+		return err
+	}
+
+	if config.HTTP.TLS.Certificate != "" || config.HTTP.TLS.LetsEncrypt.CacheFile != "" {
+		if config.HTTP.TLS.MinimumTLS == "" {
+			config.HTTP.TLS.MinimumTLS = defaultTLSVersionStr
+		}
+		tlsMinVersion, ok := tlsVersions[config.HTTP.TLS.MinimumTLS]
+		if !ok {
+			return fmt.Errorf("unknown minimum TLS level '%s' specified for http.tls.minimumtls", config.HTTP.TLS.MinimumTLS)
+		}
+		dcontext.GetLogger(registry.app).Infof("restricting TLS version to %s or higher", config.HTTP.TLS.MinimumTLS)
+
+		tlsCipherSuites, err := getCipherSuites(config.HTTP.TLS.CipherSuites)
+		if err != nil {
+			return err
+		}
+		dcontext.GetLogger(registry.app).Infof("restricting TLS cipher suites to: %s", strings.Join(getCipherSuiteNames(tlsCipherSuites), ","))
+
+		tlsConf := &tls.Config{
+			ClientAuth:               tls.NoClientCert,
+			NextProtos:               nextProtos(config),
+			MinVersion:               tlsMinVersion,
+			PreferServerCipherSuites: true,
+			CipherSuites:             tlsCipherSuites,
+		}
+
+		if config.HTTP.TLS.LetsEncrypt.CacheFile != "" {
+			if config.HTTP.TLS.Certificate != "" {
+				return fmt.Errorf("cannot specify both certificate and Let's Encrypt")
+			}
+			var m letsencrypt.Manager
+			if err := m.CacheFile(config.HTTP.TLS.LetsEncrypt.CacheFile); err != nil {
+				return err
+			}
+			if !m.Registered() {
+				if err := m.Register(config.HTTP.TLS.LetsEncrypt.Email, nil); err != nil {
+					return err
+				}
+			}
+			if len(config.HTTP.TLS.LetsEncrypt.Hosts) > 0 {
+				m.SetHosts(config.HTTP.TLS.LetsEncrypt.Hosts)
+			}
+			tlsConf.GetCertificate = m.GetCertificate
+		} else {
+			tlsConf.Certificates = make([]tls.Certificate, 1)
+			tlsConf.Certificates[0], err = tls.LoadX509KeyPair(config.HTTP.TLS.Certificate, config.HTTP.TLS.Key)
+			if err != nil {
+				return err
+			}
+		}
+
+		if len(config.HTTP.TLS.ClientCAs) != 0 {
+			pool := x509.NewCertPool()
+
+			for _, ca := range config.HTTP.TLS.ClientCAs {
+				caPem, err := ioutil.ReadFile(ca)
+				if err != nil {
+					return err
+				}
+
+				if ok := pool.AppendCertsFromPEM(caPem); !ok {
+					return fmt.Errorf("could not add CA to pool")
+				}
+			}
+
+			for _, subj := range pool.Subjects() {
+				dcontext.GetLogger(registry.app).Debugf("CA Subject: %s", string(subj))
+			}
+
+			tlsConf.ClientAuth = tls.RequireAndVerifyClientCert
+			tlsConf.ClientCAs = pool
+		}
+
+		ln = tls.NewListener(ln, tlsConf)
+		dcontext.GetLogger(registry.app).Infof("listening on %v, tls", ln.Addr())
+	} else {
+		dcontext.GetLogger(registry.app).Infof("listening on %v", ln.Addr())
+	}
+
+	if config.HTTP.DrainTimeout == 0 {
+		return registry.server.Serve(ln)
+	}
+
+	// setup channel to get notified on SIGTERM signal
+	signal.Notify(quit, syscall.SIGTERM)
+	serveErr := make(chan error)
+
+	// Start serving in goroutine and listen for stop signal in main thread
+	go func() {
+		serveErr <- registry.server.Serve(ln)
+	}()
+
+	select {
+	case err := <-serveErr:
+		return err
+	case <-quit:
+		dcontext.GetLogger(registry.app).Info("stopping server gracefully. Draining connections for ", config.HTTP.DrainTimeout)
+		// shutdown the server with a grace period of configured timeout
+		c, cancel := context.WithTimeout(context.Background(), config.HTTP.DrainTimeout)
+		defer cancel()
+		return registry.server.Shutdown(c)
+	}
+}
+
+func configureReporting(app *handlers.App) http.Handler {
+	var handler http.Handler = app
+
+	if app.Config.Reporting.Bugsnag.APIKey != "" {
+		handler = bugsnag.Handler(handler)
+	}
+
+	if app.Config.Reporting.NewRelic.LicenseKey != "" {
+		agent := gorelic.NewAgent()
+		agent.NewrelicLicense = app.Config.Reporting.NewRelic.LicenseKey
+		if app.Config.Reporting.NewRelic.Name != "" {
+			agent.NewrelicName = app.Config.Reporting.NewRelic.Name
+		}
+		agent.CollectHTTPStat = true
+		agent.Verbose = app.Config.Reporting.NewRelic.Verbose
+		agent.Run()
+
+		handler = agent.WrapHTTPHandler(handler)
+	}
+
+	return handler
+}
+
+// configureLogging prepares the context with a logger using the
+// configuration.
+func configureLogging(ctx context.Context, config *configuration.Configuration) (context.Context, error) {
+	log.SetLevel(logLevel(config.Log.Level))
+
+	formatter := config.Log.Formatter
+	if formatter == "" {
+		formatter = "text" // default formatter
+	}
+
+	switch formatter {
+	case "json":
+		log.SetFormatter(&log.JSONFormatter{
+			TimestampFormat: time.RFC3339Nano,
+		})
+	case "text":
+		log.SetFormatter(&log.TextFormatter{
+			TimestampFormat: time.RFC3339Nano,
+		})
+	case "logstash":
+		log.SetFormatter(&logstash.LogstashFormatter{
+			TimestampFormat: time.RFC3339Nano,
+		})
+	default:
+		// just let the library use default on empty string.
+		if config.Log.Formatter != "" {
+			return ctx, fmt.Errorf("unsupported logging formatter: %q", config.Log.Formatter)
+		}
+	}
+
+	if config.Log.Formatter != "" {
+		log.Debugf("using %q logging formatter", config.Log.Formatter)
+	}
+
+	if len(config.Log.Fields) > 0 {
+		// build up the static fields, if present.
+		var fields []interface{}
+		for k := range config.Log.Fields {
+			fields = append(fields, k)
+		}
+
+		ctx = dcontext.WithValues(ctx, config.Log.Fields)
+		ctx = dcontext.WithLogger(ctx, dcontext.GetLogger(ctx, fields...))
+	}
+
+	return ctx, nil
+}
+
+func logLevel(level configuration.Loglevel) log.Level {
+	l, err := log.ParseLevel(string(level))
+	if err != nil {
+		l = log.InfoLevel
+		log.Warnf("error parsing level %q: %v, using %q	", level, err, l)
+	}
+
+	return l
+}
+
+// configureBugsnag configures bugsnag reporting, if enabled
+func configureBugsnag(config *configuration.Configuration) {
+	if config.Reporting.Bugsnag.APIKey == "" {
+		return
+	}
+
+	bugsnagConfig := bugsnag.Configuration{
+		APIKey: config.Reporting.Bugsnag.APIKey,
+	}
+	if config.Reporting.Bugsnag.ReleaseStage != "" {
+		bugsnagConfig.ReleaseStage = config.Reporting.Bugsnag.ReleaseStage
+	}
+	if config.Reporting.Bugsnag.Endpoint != "" {
+		bugsnagConfig.Endpoint = config.Reporting.Bugsnag.Endpoint
+	}
+	bugsnag.Configure(bugsnagConfig)
+
+	// configure logrus bugsnag hook
+	hook, err := logrus_bugsnag.NewBugsnagHook()
+	if err != nil {
+		log.Fatalln(err)
+	}
+
+	log.AddHook(hook)
+}
+
+// panicHandler add an HTTP handler to web app. The handler recover the happening
+// panic. logrus.Panic transmits panic message to pre-config log hooks, which is
+// defined in config.yml.
+func panicHandler(handler http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		defer func() {
+			if err := recover(); err != nil {
+				log.Panic(fmt.Sprintf("%v", err))
+			}
+		}()
+		handler.ServeHTTP(w, r)
+	})
+}
+
+// alive simply wraps the handler with a route that always returns an http 200
+// response when the path is matched. If the path is not matched, the request
+// is passed to the provided handler. There is no guarantee of anything but
+// that the server is up. Wrap with other handlers (such as health.Handler)
+// for greater affect.
+func alive(path string, handler http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		if r.URL.Path == path {
+			w.Header().Set("Cache-Control", "no-cache")
+			w.WriteHeader(http.StatusOK)
+			return
+		}
+
+		handler.ServeHTTP(w, r)
+	})
+}
+
+func resolveConfiguration(args []string) (*configuration.Configuration, error) {
+	var configurationPath string
+
+	if len(args) > 0 {
+		configurationPath = args[0]
+	} else if os.Getenv("REGISTRY_CONFIGURATION_PATH") != "" {
+		configurationPath = os.Getenv("REGISTRY_CONFIGURATION_PATH")
+	}
+
+	if configurationPath == "" {
+		return nil, fmt.Errorf("configuration path unspecified")
+	}
+
+	fp, err := os.Open(configurationPath)
+	if err != nil {
+		return nil, err
+	}
+
+	defer fp.Close()
+
+	config, err := configuration.Parse(fp)
+	if err != nil {
+		return nil, fmt.Errorf("error parsing %s: %v", configurationPath, err)
+	}
+
+	return config, nil
+}
+
+func nextProtos(config *configuration.Configuration) []string {
+	switch config.HTTP.HTTP2.Disabled {
+	case true:
+		return []string{"http/1.1"}
+	default:
+		return []string{"h2", "http/1.1"}
+	}
+}
diff --git a/vendor/github.com/docker/distribution/registry/root.go b/vendor/github.com/docker/distribution/registry/root.go
new file mode 100644
index 000000000..94d22f3c7
--- /dev/null
+++ b/vendor/github.com/docker/distribution/registry/root.go
@@ -0,0 +1,89 @@
+package registry
+
+import (
+	"fmt"
+	"os"
+
+	dcontext "github.com/docker/distribution/context"
+	"github.com/docker/distribution/registry/storage"
+	"github.com/docker/distribution/registry/storage/driver/factory"
+	"github.com/docker/distribution/version"
+	"github.com/docker/libtrust"
+	"github.com/spf13/cobra"
+)
+
+var showVersion bool
+
+func init() {
+	RootCmd.AddCommand(ServeCmd)
+	RootCmd.AddCommand(GCCmd)
+	GCCmd.Flags().BoolVarP(&dryRun, "dry-run", "d", false, "do everything except remove the blobs")
+	GCCmd.Flags().BoolVarP(&removeUntagged, "delete-untagged", "m", false, "delete manifests that are not currently referenced via tag")
+	RootCmd.Flags().BoolVarP(&showVersion, "version", "v", false, "show the version and exit")
+}
+
+// RootCmd is the main command for the 'registry' binary.
+var RootCmd = &cobra.Command{
+	Use:   "registry",
+	Short: "`registry`",
+	Long:  "`registry`",
+	Run: func(cmd *cobra.Command, args []string) {
+		if showVersion {
+			version.PrintVersion()
+			return
+		}
+		cmd.Usage()
+	},
+}
+
+var dryRun bool
+var removeUntagged bool
+
+// GCCmd is the cobra command that corresponds to the garbage-collect subcommand
+var GCCmd = &cobra.Command{
+	Use:   "garbage-collect <config>",
+	Short: "`garbage-collect` deletes layers not referenced by any manifests",
+	Long:  "`garbage-collect` deletes layers not referenced by any manifests",
+	Run: func(cmd *cobra.Command, args []string) {
+		config, err := resolveConfiguration(args)
+		if err != nil {
+			fmt.Fprintf(os.Stderr, "configuration error: %v\n", err)
+			cmd.Usage()
+			os.Exit(1)
+		}
+
+		driver, err := factory.Create(config.Storage.Type(), config.Storage.Parameters())
+		if err != nil {
+			fmt.Fprintf(os.Stderr, "failed to construct %s driver: %v", config.Storage.Type(), err)
+			os.Exit(1)
+		}
+
+		ctx := dcontext.Background()
+		ctx, err = configureLogging(ctx, config)
+		if err != nil {
+			fmt.Fprintf(os.Stderr, "unable to configure logging with config: %s", err)
+			os.Exit(1)
+		}
+
+		k, err := libtrust.GenerateECP256PrivateKey()
+		if err != nil {
+			fmt.Fprint(os.Stderr, err)
+			os.Exit(1)
+		}
+
+		registry, err := storage.NewRegistry(ctx, driver, storage.Schema1SigningKey(k))
+		if err != nil {
+			fmt.Fprintf(os.Stderr, "failed to construct registry: %v", err)
+			os.Exit(1)
+		}
+
+		err = storage.MarkAndSweep(ctx, driver, registry, storage.GCOpts{
+			DryRun:         dryRun,
+			RemoveUntagged: removeUntagged,
+		})
+		if err != nil {
+			fmt.Fprintf(os.Stderr, "failed to garbage collect: %v", err)
+			os.Exit(1)
+		}
+	},
+}
diff --git a/vendor/github.com/docker/distribution/registry/storage/blobcachemetrics.go b/vendor/github.com/docker/distribution/registry/storage/blobcachemetrics.go
new file mode 100644
index 000000000..238b5806c
--- /dev/null
+++ b/vendor/github.com/docker/distribution/registry/storage/blobcachemetrics.go
@@ -0,0 +1,66 @@
+package storage
+
+import (
+	"context"
+	"expvar"
+	"sync/atomic"
+
+	dcontext "github.com/docker/distribution/context"
+	"github.com/docker/distribution/registry/storage/cache"
+)
+
+type blobStatCollector struct {
+	metrics cache.Metrics
+}
+
+func (bsc *blobStatCollector) Hit() {
+	atomic.AddUint64(&bsc.metrics.Requests, 1)
+	atomic.AddUint64(&bsc.metrics.Hits, 1)
+}
+
+func (bsc *blobStatCollector) Miss() {
+	atomic.AddUint64(&bsc.metrics.Requests, 1)
+	atomic.AddUint64(&bsc.metrics.Misses, 1)
+}
+
+func (bsc *blobStatCollector) Metrics() cache.Metrics {
+	return bsc.metrics
+}
+
+func (bsc *blobStatCollector) Logger(ctx context.Context) cache.Logger {
+	return dcontext.GetLogger(ctx)
+}
+
+// blobStatterCacheMetrics keeps track of cache metrics for blob descriptor
+// cache requests. Note this is kept globally and made available via expvar.
+// For more detailed metrics, its recommend to instrument a particular cache
+// implementation.
+var blobStatterCacheMetrics cache.MetricsTracker = &blobStatCollector{}
+
+func init() {
+	registry := expvar.Get("registry")
+	if registry == nil {
+		registry = expvar.NewMap("registry")
+	}
+
+	cache := registry.(*expvar.Map).Get("cache")
+	if cache == nil {
+		cache = &expvar.Map{}
+		cache.(*expvar.Map).Init()
+		registry.(*expvar.Map).Set("cache", cache)
+	}
+
+	storage := cache.(*expvar.Map).Get("storage")
+	if storage == nil {
+		storage = &expvar.Map{}
+		storage.(*expvar.Map).Init()
+		cache.(*expvar.Map).Set("storage", storage)
+	}
+
+	storage.(*expvar.Map).Set("blobdescriptor", expvar.Func(func() interface{} {
+		// no need for synchronous access: the increments are atomic and
+		// during reading, we don't care if the data is up to date. The
+		// numbers will always *eventually* be reported correctly.
+		return blobStatterCacheMetrics
+	}))
+}
diff --git a/vendor/github.com/docker/distribution/registry/storage/blobserver.go b/vendor/github.com/docker/distribution/registry/storage/blobserver.go
new file mode 100644
index 000000000..57d4f907b
--- /dev/null
+++ b/vendor/github.com/docker/distribution/registry/storage/blobserver.go
@@ -0,0 +1,78 @@
+package storage
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"time"
+
+	"github.com/docker/distribution"
+	"github.com/docker/distribution/registry/storage/driver"
+	"github.com/opencontainers/go-digest"
+)
+
+// TODO(stevvooe): This should configurable in the future.
+const blobCacheControlMaxAge = 365 * 24 * time.Hour
+
+// blobServer simply serves blobs from a driver instance using a path function
+// to identify paths and a descriptor service to fill in metadata.
+type blobServer struct {
+	driver   driver.StorageDriver
+	statter  distribution.BlobStatter
+	pathFn   func(dgst digest.Digest) (string, error)
+	redirect bool // allows disabling URLFor redirects
+}
+
+func (bs *blobServer) ServeBlob(ctx context.Context, w http.ResponseWriter, r *http.Request, dgst digest.Digest) error {
+	desc, err := bs.statter.Stat(ctx, dgst)
+	if err != nil {
+		return err
+	}
+
+	path, err := bs.pathFn(desc.Digest)
+	if err != nil {
+		return err
+	}
+
+	if bs.redirect {
+		redirectURL, err := bs.driver.URLFor(ctx, path, map[string]interface{}{"method": r.Method})
+		switch err.(type) {
+		case nil:
+			// Redirect to storage URL.
+			http.Redirect(w, r, redirectURL, http.StatusTemporaryRedirect)
+			return err
+
+		case driver.ErrUnsupportedMethod:
+			// Fallback to serving the content directly.
+		default:
+			// Some unexpected error.
+			return err
+		}
+	}
+
+	br, err := newFileReader(ctx, bs.driver, path, desc.Size)
+	if err != nil {
+		return err
+	}
+	defer br.Close()
+
+	w.Header().Set("ETag", fmt.Sprintf(`"%s"`, desc.Digest)) // If-None-Match handled by ServeContent
+	w.Header().Set("Cache-Control", fmt.Sprintf("max-age=%.f", blobCacheControlMaxAge.Seconds()))
+
+	if w.Header().Get("Docker-Content-Digest") == "" {
+		w.Header().Set("Docker-Content-Digest", desc.Digest.String())
+	}
+
+	if w.Header().Get("Content-Type") == "" {
+		// Set the content type if not already set.
+		w.Header().Set("Content-Type", desc.MediaType)
+	}
+
+	if w.Header().Get("Content-Length") == "" {
+		// Set the content length if not already set.
+		w.Header().Set("Content-Length", fmt.Sprint(desc.Size))
+	}
+
+	http.ServeContent(w, r, desc.Digest.String(), time.Time{}, br)
+	return nil
+}
diff --git a/vendor/github.com/docker/distribution/registry/storage/blobstore.go b/vendor/github.com/docker/distribution/registry/storage/blobstore.go
new file mode 100644
index 000000000..1008aad8c
--- /dev/null
+++ b/vendor/github.com/docker/distribution/registry/storage/blobstore.go
@@ -0,0 +1,212 @@
+package storage
+
+import (
+	"context"
+	"path"
+
+	"github.com/docker/distribution"
+	dcontext "github.com/docker/distribution/context"
+	"github.com/docker/distribution/registry/storage/driver"
+	"github.com/opencontainers/go-digest"
+)
+
+// blobStore implements the read side of the blob store interface over a
+// driver without enforcing per-repository membership. This object is
+// intentionally a leaky abstraction, providing utility methods that support
+// creating and traversing backend links.
+type blobStore struct {
+	driver  driver.StorageDriver
+	statter distribution.BlobStatter
+}
+
+var _ distribution.BlobProvider = &blobStore{}
+
+// Get implements the BlobReadService.Get call.
+func (bs *blobStore) Get(ctx context.Context, dgst digest.Digest) ([]byte, error) {
+	bp, err := bs.path(dgst)
+	if err != nil {
+		return nil, err
+	}
+
+	p, err := getContent(ctx, bs.driver, bp)
+	if err != nil {
+		switch err.(type) {
+		case driver.PathNotFoundError:
+			return nil, distribution.ErrBlobUnknown
+		}
+
+		return nil, err
+	}
+
+	return p, nil
+}
+
+func (bs *blobStore) Open(ctx context.Context, dgst digest.Digest) (distribution.ReadSeekCloser, error) {
+	desc, err := bs.statter.Stat(ctx, dgst)
+	if err != nil {
+		return nil, err
+	}
+
+	path, err := bs.path(desc.Digest)
+	if err != nil {
+		return nil, err
+	}
+
+	return newFileReader(ctx, bs.driver, path, desc.Size)
+}
+
+// Put stores the content p in the blob store, calculating the digest. If the
+// content is already present, only the digest will be returned. This should
+// only be used for small objects, such as manifests. This implemented as a convenience for other Put implementations
+func (bs *blobStore) Put(ctx context.Context, mediaType string, p []byte) (distribution.Descriptor, error) {
+	dgst := digest.FromBytes(p)
+	desc, err := bs.statter.Stat(ctx, dgst)
+	if err == nil {
+		// content already present
+		return desc, nil
+	} else if err != distribution.ErrBlobUnknown {
+		dcontext.GetLogger(ctx).Errorf("blobStore: error stating content (%v): %v", dgst, err)
+		// real error, return it
+		return distribution.Descriptor{}, err
+	}
+
+	bp, err := bs.path(dgst)
+	if err != nil {
+		return distribution.Descriptor{}, err
+	}
+
+	// TODO(stevvooe): Write out mediatype here, as well.
+	return distribution.Descriptor{
+		Size: int64(len(p)),
+
+		// NOTE(stevvooe): The central blob store firewalls media types from
+		// other users. The caller should look this up and override the value
+		// for the specific repository.
+		MediaType: "application/octet-stream",
+		Digest:    dgst,
+	}, bs.driver.PutContent(ctx, bp, p)
+}
+
+func (bs *blobStore) Enumerate(ctx context.Context, ingester func(dgst digest.Digest) error) error {
+	specPath, err := pathFor(blobsPathSpec{})
+	if err != nil {
+		return err
+	}
+
+	return bs.driver.Walk(ctx, specPath, func(fileInfo driver.FileInfo) error {
+		// skip directories
+		if fileInfo.IsDir() {
+			return nil
+		}
+
+		currentPath := fileInfo.Path()
+		// we only want to parse paths that end with /data
+		_, fileName := path.Split(currentPath)
+		if fileName != "data" {
+			return nil
+		}
+
+		digest, err := digestFromPath(currentPath)
+		if err != nil {
+			return err
+		}
+
+		return ingester(digest)
+	})
+}
+
+// path returns the canonical path for the blob identified by digest. The blob
+// may or may not exist.
+func (bs *blobStore) path(dgst digest.Digest) (string, error) {
+	bp, err := pathFor(blobDataPathSpec{
+		digest: dgst,
+	})
+
+	if err != nil {
+		return "", err
+	}
+
+	return bp, nil
+}
+
+// link links the path to the provided digest by writing the digest into the
+// target file. Caller must ensure that the blob actually exists.
+func (bs *blobStore) link(ctx context.Context, path string, dgst digest.Digest) error {
+	// The contents of the "link" file are the exact string contents of the
+	// digest, which is specified in that package.
+	return bs.driver.PutContent(ctx, path, []byte(dgst))
+}
+
+// readlink returns the linked digest at path.
+func (bs *blobStore) readlink(ctx context.Context, path string) (digest.Digest, error) {
+	content, err := bs.driver.GetContent(ctx, path)
+	if err != nil {
+		return "", err
+	}
+
+	linked, err := digest.Parse(string(content))
+	if err != nil {
+		return "", err
+	}
+
+	return linked, nil
+}
+
+type blobStatter struct {
+	driver driver.StorageDriver
+}
+
+var _ distribution.BlobDescriptorService = &blobStatter{}
+
+// Stat implements BlobStatter.Stat by returning the descriptor for the blob
+// in the main blob store. If this method returns successfully, there is
+// strong guarantee that the blob exists and is available.
+func (bs *blobStatter) Stat(ctx context.Context, dgst digest.Digest) (distribution.Descriptor, error) {
+	path, err := pathFor(blobDataPathSpec{
+		digest: dgst,
+	})
+
+	if err != nil {
+		return distribution.Descriptor{}, err
+	}
+
+	fi, err := bs.driver.Stat(ctx, path)
+	if err != nil {
+		switch err := err.(type) {
+		case driver.PathNotFoundError:
+			return distribution.Descriptor{}, distribution.ErrBlobUnknown
+		default:
+			return distribution.Descriptor{}, err
+		}
+	}
+
+	if fi.IsDir() {
+		// NOTE(stevvooe): This represents a corruption situation. Somehow, we
+		// calculated a blob path and then detected a directory. We log the
+		// error and then error on the side of not knowing about the blob.
+		dcontext.GetLogger(ctx).Warnf("blob path should not be a directory: %q", path)
+		return distribution.Descriptor{}, distribution.ErrBlobUnknown
+	}
+
+	// TODO(stevvooe): Add method to resolve the mediatype. We can store and
+	// cache a "global" media type for the blob, even if a specific repo has a
+	// mediatype that overrides the main one.
+
+	return distribution.Descriptor{
+		Size: fi.Size(),
+
+		// NOTE(stevvooe): The central blob store firewalls media types from
+		// other users. The caller should look this up and override the value
+		// for the specific repository.
+		MediaType: "application/octet-stream",
+		Digest:    dgst,
+	}, nil
+}
+
+func (bs *blobStatter) Clear(ctx context.Context, dgst digest.Digest) error {
+	return distribution.ErrUnsupported
+}
+
+func (bs *blobStatter) SetDescriptor(ctx context.Context, dgst digest.Digest, desc distribution.Descriptor) error {
+	return distribution.ErrUnsupported
+}
diff --git a/vendor/github.com/docker/distribution/registry/storage/blobwriter.go b/vendor/github.com/docker/distribution/registry/storage/blobwriter.go
new file mode 100644
index 000000000..54c79b6f3
--- /dev/null
+++ b/vendor/github.com/docker/distribution/registry/storage/blobwriter.go
@@ -0,0 +1,406 @@
+package storage
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"io"
+	"path"
+	"time"
+
+	"github.com/docker/distribution"
+	dcontext "github.com/docker/distribution/context"
+	storagedriver "github.com/docker/distribution/registry/storage/driver"
+	"github.com/opencontainers/go-digest"
+	"github.com/sirupsen/logrus"
+)
+
+var (
+	errResumableDigestNotAvailable = errors.New("resumable digest not available")
+)
+
+const (
+	// digestSha256Empty is the canonical sha256 digest of empty data
+	digestSha256Empty = "sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"
+)
+
+// blobWriter is used to control the various aspects of resumable
+// blob upload.
+type blobWriter struct {
+	ctx       context.Context
+	blobStore *linkedBlobStore
+
+	id        string
+	startedAt time.Time
+	digester  digest.Digester
+	written   int64 // track the write to digester
+
+	fileWriter storagedriver.FileWriter
+	driver     storagedriver.StorageDriver
+	path       string
+
+	resumableDigestEnabled bool
+	committed              bool
+}
+
+var _ distribution.BlobWriter = &blobWriter{}
+
+// ID returns the identifier for this upload.
+func (bw *blobWriter) ID() string {
+	return bw.id
+}
+
+func (bw *blobWriter) StartedAt() time.Time {
+	return bw.startedAt
+}
+
+// Commit marks the upload as completed, returning a valid descriptor. The
+// final size and digest are checked against the first descriptor provided.
+func (bw *blobWriter) Commit(ctx context.Context, desc distribution.Descriptor) (distribution.Descriptor, error) {
+	dcontext.GetLogger(ctx).Debug("(*blobWriter).Commit")
+
+	if err := bw.fileWriter.Commit(); err != nil {
+		return distribution.Descriptor{}, err
+	}
+
+	bw.Close()
+	desc.Size = bw.Size()
+
+	canonical, err := bw.validateBlob(ctx, desc)
+	if err != nil {
+		return distribution.Descriptor{}, err
+	}
+
+	if err := bw.moveBlob(ctx, canonical); err != nil {
+		return distribution.Descriptor{}, err
+	}
+
+	if err := bw.blobStore.linkBlob(ctx, canonical, desc.Digest); err != nil {
+		return distribution.Descriptor{}, err
+	}
+
+	if err := bw.removeResources(ctx); err != nil {
+		return distribution.Descriptor{}, err
+	}
+
+	err = bw.blobStore.blobAccessController.SetDescriptor(ctx, canonical.Digest, canonical)
+	if err != nil {
+		return distribution.Descriptor{}, err
+	}
+
+	bw.committed = true
+	return canonical, nil
+}
+
+// Cancel the blob upload process, releasing any resources associated with
+// the writer and canceling the operation.
+func (bw *blobWriter) Cancel(ctx context.Context) error {
+	dcontext.GetLogger(ctx).Debug("(*blobWriter).Cancel")
+	if err := bw.fileWriter.Cancel(); err != nil {
+		return err
+	}
+
+	if err := bw.Close(); err != nil {
+		dcontext.GetLogger(ctx).Errorf("error closing blobwriter: %s", err)
+	}
+
+	return bw.removeResources(ctx)
+}
+
+func (bw *blobWriter) Size() int64 {
+	return bw.fileWriter.Size()
+}
+
+func (bw *blobWriter) Write(p []byte) (int, error) {
+	// Ensure that the current write offset matches how many bytes have been
+	// written to the digester. If not, we need to update the digest state to
+	// match the current write position.
+	if err := bw.resumeDigest(bw.blobStore.ctx); err != nil && err != errResumableDigestNotAvailable {
+		return 0, err
+	}
+
+	_, err := bw.fileWriter.Write(p)
+	if err != nil {
+		return 0, err
+	}
+
+	n, err := bw.digester.Hash().Write(p)
+	bw.written += int64(n)
+
+	return n, err
+}
+
+func (bw *blobWriter) ReadFrom(r io.Reader) (n int64, err error) {
+	// Ensure that the current write offset matches how many bytes have been
+	// written to the digester. If not, we need to update the digest state to
+	// match the current write position.
+	if err := bw.resumeDigest(bw.blobStore.ctx); err != nil && err != errResumableDigestNotAvailable {
+		return 0, err
+	}
+
+	// Using a TeeReader instead of MultiWriter ensures Copy returns
+	// the amount written to the digester as well as ensuring that we
+	// write to the fileWriter first
+	tee := io.TeeReader(r, bw.fileWriter)
+	nn, err := io.Copy(bw.digester.Hash(), tee)
+	bw.written += nn
+
+	return nn, err
+}
+
+func (bw *blobWriter) Close() error {
+	if bw.committed {
+		return errors.New("blobwriter close after commit")
+	}
+
+	if err := bw.storeHashState(bw.blobStore.ctx); err != nil && err != errResumableDigestNotAvailable {
+		return err
+	}
+
+	return bw.fileWriter.Close()
+}
+
+// validateBlob checks the data against the digest, returning an error if it
+// does not match. The canonical descriptor is returned.
+func (bw *blobWriter) validateBlob(ctx context.Context, desc distribution.Descriptor) (distribution.Descriptor, error) {
+	var (
+		verified, fullHash bool
+		canonical          digest.Digest
+	)
+
+	if desc.Digest == "" {
+		// if no descriptors are provided, we have nothing to validate
+		// against. We don't really want to support this for the registry.
+		return distribution.Descriptor{}, distribution.ErrBlobInvalidDigest{
+			Reason: fmt.Errorf("cannot validate against empty digest"),
+		}
+	}
+
+	var size int64
+
+	// Stat the on disk file
+	if fi, err := bw.driver.Stat(ctx, bw.path); err != nil {
+		switch err := err.(type) {
+		case storagedriver.PathNotFoundError:
+			// NOTE(stevvooe): We really don't care if the file is
+			// not actually present for the reader. We now assume
+			// that the desc length is zero.
+			desc.Size = 0
+		default:
+			// Any other error we want propagated up the stack.
+			return distribution.Descriptor{}, err
+		}
+	} else {
+		if fi.IsDir() {
+			return distribution.Descriptor{}, fmt.Errorf("unexpected directory at upload location %q", bw.path)
+		}
+
+		size = fi.Size()
+	}
+
+	if desc.Size > 0 {
+		if desc.Size != size {
+			return distribution.Descriptor{}, distribution.ErrBlobInvalidLength
+		}
+	} else {
+		// if provided 0 or negative length, we can assume caller doesn't know or
+		// care about length.
+		desc.Size = size
+	}
+
+	// TODO(stevvooe): This section is very meandering. Need to be broken down
+	// to be a lot more clear.
+
+	if err := bw.resumeDigest(ctx); err == nil {
+		canonical = bw.digester.Digest()
+
+		if canonical.Algorithm() == desc.Digest.Algorithm() {
+			// Common case: client and server prefer the same canonical digest
+			// algorithm - currently SHA256.
+			verified = desc.Digest == canonical
+		} else {
+			// The client wants to use a different digest algorithm. They'll just
+			// have to be patient and wait for us to download and re-hash the
+			// uploaded content using that digest algorithm.
+			fullHash = true
+		}
+	} else if err == errResumableDigestNotAvailable {
+		// Not using resumable digests, so we need to hash the entire layer.
+		fullHash = true
+	} else {
+		return distribution.Descriptor{}, err
+	}
+
+	if fullHash {
+		// a fantastic optimization: if the the written data and the size are
+		// the same, we don't need to read the data from the backend. This is
+		// because we've written the entire file in the lifecycle of the
+		// current instance.
+		if bw.written == size && digest.Canonical == desc.Digest.Algorithm() {
+			canonical = bw.digester.Digest()
+			verified = desc.Digest == canonical
+		}
+
+		// If the check based on size fails, we fall back to the slowest of
+		// paths. We may be able to make the size-based check a stronger
+		// guarantee, so this may be defensive.
+		if !verified {
+			digester := digest.Canonical.Digester()
+			verifier := desc.Digest.Verifier()
+
+			// Read the file from the backend driver and validate it.
+			fr, err := newFileReader(ctx, bw.driver, bw.path, desc.Size)
+			if err != nil {
+				return distribution.Descriptor{}, err
+			}
+			defer fr.Close()
+
+			tr := io.TeeReader(fr, digester.Hash())
+
+			if _, err := io.Copy(verifier, tr); err != nil {
+				return distribution.Descriptor{}, err
+			}
+
+			canonical = digester.Digest()
+			verified = verifier.Verified()
+		}
+	}
+
+	if !verified {
+		dcontext.GetLoggerWithFields(ctx,
+			map[interface{}]interface{}{
+				"canonical": canonical,
+				"provided":  desc.Digest,
+			}, "canonical", "provided").
+			Errorf("canonical digest does match provided digest")
+		return distribution.Descriptor{}, distribution.ErrBlobInvalidDigest{
+			Digest: desc.Digest,
+			Reason: fmt.Errorf("content does not match digest"),
+		}
+	}
+
+	// update desc with canonical hash
+	desc.Digest = canonical
+
+	if desc.MediaType == "" {
+		desc.MediaType = "application/octet-stream"
+	}
+
+	return desc, nil
+}
+
+// moveBlob moves the data into its final, hash-qualified destination,
+// identified by dgst. The layer should be validated before commencing the
+// move.
+func (bw *blobWriter) moveBlob(ctx context.Context, desc distribution.Descriptor) error {
+	blobPath, err := pathFor(blobDataPathSpec{
+		digest: desc.Digest,
+	})
+
+	if err != nil {
+		return err
+	}
+
+	// Check for existence
+	if _, err := bw.blobStore.driver.Stat(ctx, blobPath); err != nil {
+		switch err := err.(type) {
+		case storagedriver.PathNotFoundError:
+			break // ensure that it doesn't exist.
+		default:
+			return err
+		}
+	} else {
+		// If the path exists, we can assume that the content has already
+		// been uploaded, since the blob storage is content-addressable.
+		// While it may be corrupted, detection of such corruption belongs
+		// elsewhere.
+		return nil
+	}
+
+	// If no data was received, we may not actually have a file on disk. Check
+	// the size here and write a zero-length file to blobPath if this is the
+	// case. For the most part, this should only ever happen with zero-length
+	// blobs.
+	if _, err := bw.blobStore.driver.Stat(ctx, bw.path); err != nil {
+		switch err := err.(type) {
+		case storagedriver.PathNotFoundError:
+			// HACK(stevvooe): This is slightly dangerous: if we verify above,
+			// get a hash, then the underlying file is deleted, we risk moving
+			// a zero-length blob into a nonzero-length blob location. To
+			// prevent this horrid thing, we employ the hack of only allowing
+			// to this happen for the digest of an empty blob.
+			if desc.Digest == digestSha256Empty {
+				return bw.blobStore.driver.PutContent(ctx, blobPath, []byte{})
+			}
+
+			// We let this fail during the move below.
+			logrus.
+				WithField("upload.id", bw.ID()).
+				WithField("digest", desc.Digest).Warnf("attempted to move zero-length content with non-zero digest")
+		default:
+			return err // unrelated error
+		}
+	}
+
+	// TODO(stevvooe): We should also write the mediatype when executing this move.
+
+	return bw.blobStore.driver.Move(ctx, bw.path, blobPath)
+}
+
+// removeResources should clean up all resources associated with the upload
+// instance. An error will be returned if the clean up cannot proceed. If the
+// resources are already not present, no error will be returned.
+func (bw *blobWriter) removeResources(ctx context.Context) error {
+	dataPath, err := pathFor(uploadDataPathSpec{
+		name: bw.blobStore.repository.Named().Name(),
+		id:   bw.id,
+	})
+
+	if err != nil {
+		return err
+	}
+
+	// Resolve and delete the containing directory, which should include any
+	// upload related files.
+	dirPath := path.Dir(dataPath)
+	if err := bw.blobStore.driver.Delete(ctx, dirPath); err != nil {
+		switch err := err.(type) {
+		case storagedriver.PathNotFoundError:
+			break // already gone!
+		default:
+			// This should be uncommon enough such that returning an error
+			// should be okay. At this point, the upload should be mostly
+			// complete, but perhaps the backend became unaccessible.
+			dcontext.GetLogger(ctx).Errorf("unable to delete layer upload resources %q: %v", dirPath, err)
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (bw *blobWriter) Reader() (io.ReadCloser, error) {
+	// todo(richardscothern): Change to exponential backoff, i=0.5, e=2, n=4
+	try := 1
+	for try <= 5 {
+		_, err := bw.driver.Stat(bw.ctx, bw.path)
+		if err == nil {
+			break
+		}
+		switch err.(type) {
+		case storagedriver.PathNotFoundError:
+			dcontext.GetLogger(bw.ctx).Debugf("Nothing found on try %d, sleeping...", try)
+			time.Sleep(1 * time.Second)
+			try++
+		default:
+			return nil, err
+		}
+	}
+
+	readCloser, err := bw.driver.Reader(bw.ctx, bw.path, 0)
+	if err != nil {
+		return nil, err
+	}
+
+	return readCloser, nil
+}
diff --git a/vendor/github.com/docker/distribution/registry/storage/blobwriter_nonresumable.go b/vendor/github.com/docker/distribution/registry/storage/blobwriter_nonresumable.go
new file mode 100644
index 000000000..38267cf60
--- /dev/null
+++ b/vendor/github.com/docker/distribution/registry/storage/blobwriter_nonresumable.go
@@ -0,0 +1,18 @@
+//go:build noresumabledigest
+// +build noresumabledigest
+
+package storage
+
+import (
+	"github.com/docker/distribution/context"
+)
+
+// resumeHashAt is a noop when resumable digest support is disabled.
+func (bw *blobWriter) resumeDigest(ctx context.Context) error {
+	return errResumableDigestNotAvailable
+}
+
+// storeHashState is a noop when resumable digest support is disabled.
+func (bw *blobWriter) storeHashState(ctx context.Context) error {
+	return errResumableDigestNotAvailable
+}
diff --git a/vendor/github.com/docker/distribution/registry/storage/blobwriter_resumable.go b/vendor/github.com/docker/distribution/registry/storage/blobwriter_resumable.go
new file mode 100644
index 000000000..8406cfd1f
--- /dev/null
+++ b/vendor/github.com/docker/distribution/registry/storage/blobwriter_resumable.go
@@ -0,0 +1,145 @@
+//go:build !noresumabledigest
+// +build !noresumabledigest
+
+package storage
+
+import (
+	"context"
+	"encoding"
+	"fmt"
+	"hash"
+	"path"
+	"strconv"
+
+	storagedriver "github.com/docker/distribution/registry/storage/driver"
+	"github.com/sirupsen/logrus"
+)
+
+// resumeDigest attempts to restore the state of the internal hash function
+// by loading the most recent saved hash state equal to the current size of the blob.
+func (bw *blobWriter) resumeDigest(ctx context.Context) error {
+	if !bw.resumableDigestEnabled {
+		return errResumableDigestNotAvailable
+	}
+
+	h, ok := bw.digester.Hash().(encoding.BinaryUnmarshaler)
+	if !ok {
+		return errResumableDigestNotAvailable
+	}
+
+	offset := bw.fileWriter.Size()
+	if offset == bw.written {
+		// State of digester is already at the requested offset.
+		return nil
+	}
+
+	// List hash states from storage backend.
+	var hashStateMatch hashStateEntry
+	hashStates, err := bw.getStoredHashStates(ctx)
+	if err != nil {
+		return fmt.Errorf("unable to get stored hash states with offset %d: %s", offset, err)
+	}
+
+	// Find the highest stored hashState with offset equal to
+	// the requested offset.
+	for _, hashState := range hashStates {
+		if hashState.offset == offset {
+			hashStateMatch = hashState
+			break // Found an exact offset match.
+		}
+	}
+
+	if hashStateMatch.offset == 0 {
+		// No need to load any state, just reset the hasher.
+		h.(hash.Hash).Reset()
+	} else {
+		storedState, err := bw.driver.GetContent(ctx, hashStateMatch.path)
+		if err != nil {
+			return err
+		}
+
+		if err = h.UnmarshalBinary(storedState); err != nil {
+			return err
+		}
+		bw.written = hashStateMatch.offset
+	}
+
+	// Mind the gap.
+	if gapLen := offset - bw.written; gapLen > 0 {
+		return errResumableDigestNotAvailable
+	}
+
+	return nil
+}
+
+type hashStateEntry struct {
+	offset int64
+	path   string
+}
+
+// getStoredHashStates returns a slice of hashStateEntries for this upload.
+func (bw *blobWriter) getStoredHashStates(ctx context.Context) ([]hashStateEntry, error) {
+	uploadHashStatePathPrefix, err := pathFor(uploadHashStatePathSpec{
+		name: bw.blobStore.repository.Named().String(),
+		id:   bw.id,
+		alg:  bw.digester.Digest().Algorithm(),
+		list: true,
+	})
+
+	if err != nil {
+		return nil, err
+	}
+
+	paths, err := bw.blobStore.driver.List(ctx, uploadHashStatePathPrefix)
+	if err != nil {
+		if _, ok := err.(storagedriver.PathNotFoundError); !ok {
+			return nil, err
+		}
+		// Treat PathNotFoundError as no entries.
+		paths = nil
+	}
+
+	hashStateEntries := make([]hashStateEntry, 0, len(paths))
+
+	for _, p := range paths {
+		pathSuffix := path.Base(p)
+		// The suffix should be the offset.
+		offset, err := strconv.ParseInt(pathSuffix, 0, 64)
+		if err != nil {
+			logrus.Errorf("unable to parse offset from upload state path %q: %s", p, err)
+		}
+
+		hashStateEntries = append(hashStateEntries, hashStateEntry{offset: offset, path: p})
+	}
+
+	return hashStateEntries, nil
+}
+
+func (bw *blobWriter) storeHashState(ctx context.Context) error {
+	if !bw.resumableDigestEnabled {
+		return errResumableDigestNotAvailable
+	}
+
+	h, ok := bw.digester.Hash().(encoding.BinaryMarshaler)
+	if !ok {
+		return errResumableDigestNotAvailable
+	}
+
+	state, err := h.MarshalBinary()
+	if err != nil {
+		return err
+	}
+
+	uploadHashStatePath, err := pathFor(uploadHashStatePathSpec{
+		name:   bw.blobStore.repository.Named().String(),
+		id:     bw.id,
+		alg:    bw.digester.Digest().Algorithm(),
+		offset: bw.written,
+	})
+
+	if err != nil {
+		return err
+	}
+
+	return bw.driver.PutContent(ctx, uploadHashStatePath, state)
+}
diff --git a/vendor/github.com/docker/distribution/registry/storage/cache/cachecheck/suite.go b/vendor/github.com/docker/distribution/registry/storage/cache/cachecheck/suite.go
new file mode 100644
index 000000000..d241bd04c
--- /dev/null
+++ b/vendor/github.com/docker/distribution/registry/storage/cache/cachecheck/suite.go
@@ -0,0 +1,179 @@
+package cachecheck
+
+import (
+	"context"
+	"reflect"
+	"testing"
+
+	"github.com/docker/distribution"
+	"github.com/docker/distribution/registry/storage/cache"
+	"github.com/opencontainers/go-digest"
+)
+
+// CheckBlobDescriptorCache takes a cache implementation through a common set
+// of operations. If adding new tests, please add them here so new
+// implementations get the benefit. This should be used for unit tests.
+func CheckBlobDescriptorCache(t *testing.T, provider cache.BlobDescriptorCacheProvider) {
+	ctx := context.Background()
+
+	checkBlobDescriptorCacheEmptyRepository(ctx, t, provider)
+	checkBlobDescriptorCacheSetAndRead(ctx, t, provider)
+	checkBlobDescriptorCacheClear(ctx, t, provider)
+}
+
+func checkBlobDescriptorCacheEmptyRepository(ctx context.Context, t *testing.T, provider cache.BlobDescriptorCacheProvider) {
+	if _, err := provider.Stat(ctx, "sha384:abc111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111"); err != distribution.ErrBlobUnknown {
+		t.Fatalf("expected unknown blob error with empty store: %v", err)
+	}
+
+	_, err := provider.RepositoryScoped("")
+	if err == nil {
+		t.Fatalf("expected an error when asking for invalid repo")
+	}
+
+	cache, err := provider.RepositoryScoped("foo/bar")
+	if err != nil {
+		t.Fatalf("unexpected error getting repository: %v", err)
+	}
+
+	if err := cache.SetDescriptor(ctx, "", distribution.Descriptor{
+		Digest:    "sha384:abc",
+		Size:      10,
+		MediaType: "application/octet-stream"}); err != digest.ErrDigestInvalidFormat {
+		t.Fatalf("expected error with invalid digest: %v", err)
+	}
+
+	if err := cache.SetDescriptor(ctx, "sha384:abc111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111", distribution.Descriptor{
+		Digest:    "",
+		Size:      10,
+		MediaType: "application/octet-stream"}); err == nil {
+		t.Fatalf("expected error setting value on invalid descriptor")
+	}
+
+	if _, err := cache.Stat(ctx, ""); err != digest.ErrDigestInvalidFormat {
+		t.Fatalf("expected error checking for cache item with empty digest: %v", err)
+	}
+
+	if _, err := cache.Stat(ctx, "sha384:abc111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111"); err != distribution.ErrBlobUnknown {
+		t.Fatalf("expected unknown blob error with empty repo: %v", err)
+	}
+}
+
+func checkBlobDescriptorCacheSetAndRead(ctx context.Context, t *testing.T, provider cache.BlobDescriptorCacheProvider) {
+	localDigest := digest.Digest("sha384:abc111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111")
+	expected := distribution.Descriptor{
+		Digest:    "sha256:abc1111111111111111111111111111111111111111111111111111111111111",
+		Size:      10,
+		MediaType: "application/octet-stream"}
+
+	cache, err := provider.RepositoryScoped("foo/bar")
+	if err != nil {
+		t.Fatalf("unexpected error getting scoped cache: %v", err)
+	}
+
+	if err := cache.SetDescriptor(ctx, localDigest, expected); err != nil {
+		t.Fatalf("error setting descriptor: %v", err)
+	}
+
+	desc, err := cache.Stat(ctx, localDigest)
+	if err != nil {
+		t.Fatalf("unexpected error statting fake2:abc: %v", err)
+	}
+
+	if !reflect.DeepEqual(expected, desc) {
+		t.Fatalf("unexpected descriptor: %#v != %#v", expected, desc)
+	}
+
+	// also check that we set the canonical key ("fake:abc")
+	desc, err = cache.Stat(ctx, localDigest)
+	if err != nil {
+		t.Fatalf("descriptor not returned for canonical key: %v", err)
+	}
+
+	if !reflect.DeepEqual(expected, desc) {
+		t.Fatalf("unexpected descriptor: %#v != %#v", expected, desc)
+	}
+
+	// ensure that global gets extra descriptor mapping
+	desc, err = provider.Stat(ctx, localDigest)
+	if err != nil {
+		t.Fatalf("expected blob unknown in global cache: %v, %v", err, desc)
+	}
+
+	if !reflect.DeepEqual(desc, expected) {
+		t.Fatalf("unexpected descriptor: %#v != %#v", expected, desc)
+	}
+
+	// get at it through canonical descriptor
+	desc, err = provider.Stat(ctx, expected.Digest)
+	if err != nil {
+		t.Fatalf("unexpected error checking glboal descriptor: %v", err)
+	}
+
+	if !reflect.DeepEqual(desc, expected) {
+		t.Fatalf("unexpected descriptor: %#v != %#v", expected, desc)
+	}
+
+	// now, we set the repo local mediatype to something else and ensure it
+	// doesn't get changed in the provider cache.
+	expected.MediaType = "application/json"
+
+	if err := cache.SetDescriptor(ctx, localDigest, expected); err != nil {
+		t.Fatalf("unexpected error setting descriptor: %v", err)
+	}
+
+	desc, err = cache.Stat(ctx, localDigest)
+	if err != nil {
+		t.Fatalf("unexpected error getting descriptor: %v", err)
+	}
+
+	if !reflect.DeepEqual(desc, expected) {
+		t.Fatalf("unexpected descriptor: %#v != %#v", desc, expected)
+	}
+
+	desc, err = provider.Stat(ctx, localDigest)
+	if err != nil {
+		t.Fatalf("unexpected error getting global descriptor: %v", err)
+	}
+
+	expected.MediaType = "application/octet-stream" // expect original mediatype in global
+
+	if !reflect.DeepEqual(desc, expected) {
+		t.Fatalf("unexpected descriptor: %#v != %#v", desc, expected)
+	}
+}
+
+func checkBlobDescriptorCacheClear(ctx context.Context, t *testing.T, provider cache.BlobDescriptorCacheProvider) {
+	localDigest := digest.Digest("sha384:def111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111")
+	expected := distribution.Descriptor{
+		Digest:    "sha256:def1111111111111111111111111111111111111111111111111111111111111",
+		Size:      10,
+		MediaType: "application/octet-stream"}
+
+	cache, err := provider.RepositoryScoped("foo/bar")
+	if err != nil {
+		t.Fatalf("unexpected error getting scoped cache: %v", err)
+	}
+
+	if err := cache.SetDescriptor(ctx, localDigest, expected); err != nil {
+		t.Fatalf("error setting descriptor: %v", err)
+	}
+
+	desc, err := cache.Stat(ctx, localDigest)
+	if err != nil {
+		t.Fatalf("unexpected error statting fake2:abc: %v", err)
+	}
+
+	if !reflect.DeepEqual(expected, desc) {
+		t.Fatalf("unexpected descriptor: %#v != %#v", expected, desc)
+	}
+
+	err = cache.Clear(ctx, localDigest)
+	if err != nil {
+		t.Error(err)
+	}
+
+	if _, err = cache.Stat(ctx, localDigest); err == nil {
+		t.Fatalf("expected error statting deleted blob: %v", err)
+	}
+}
diff --git a/vendor/github.com/docker/distribution/registry/storage/cache/redis/redis.go b/vendor/github.com/docker/distribution/registry/storage/cache/redis/redis.go
new file mode 100644
index 000000000..550d703b6
--- /dev/null
+++ b/vendor/github.com/docker/distribution/registry/storage/cache/redis/redis.go
@@ -0,0 +1,268 @@
+package redis
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/docker/distribution"
+	"github.com/docker/distribution/reference"
+	"github.com/docker/distribution/registry/storage/cache"
+	"github.com/garyburd/redigo/redis"
+	"github.com/opencontainers/go-digest"
+)
+
+// redisBlobStatService provides an implementation of
+// BlobDescriptorCacheProvider based on redis. Blob descriptors are stored in
+// two parts. The first provide fast access to repository membership through a
+// redis set for each repo. The second is a redis hash keyed by the digest of
+// the layer, providing path, length and mediatype information. There is also
+// a per-repository redis hash of the blob descriptor, allowing override of
+// data. This is currently used to override the mediatype on a per-repository
+// basis.
+//
+// Note that there is no implied relationship between these two caches. The
+// layer may exist in one, both or none and the code must be written this way.
+type redisBlobDescriptorService struct {
+	pool *redis.Pool
+
+	// TODO(stevvooe): We use a pool because we don't have great control over
+	// the cache lifecycle to manage connections. A new connection if fetched
+	// for each operation. Once we have better lifecycle management of the
+	// request objects, we can change this to a connection.
+}
+
+// NewRedisBlobDescriptorCacheProvider returns a new redis-based
+// BlobDescriptorCacheProvider using the provided redis connection pool.
+func NewRedisBlobDescriptorCacheProvider(pool *redis.Pool) cache.BlobDescriptorCacheProvider {
+	return &redisBlobDescriptorService{
+		pool: pool,
+	}
+}
+
+// RepositoryScoped returns the scoped cache.
+func (rbds *redisBlobDescriptorService) RepositoryScoped(repo string) (distribution.BlobDescriptorService, error) {
+	if _, err := reference.ParseNormalizedNamed(repo); err != nil {
+		return nil, err
+	}
+
+	return &repositoryScopedRedisBlobDescriptorService{
+		repo:     repo,
+		upstream: rbds,
+	}, nil
+}
+
+// Stat retrieves the descriptor data from the redis hash entry.
+func (rbds *redisBlobDescriptorService) Stat(ctx context.Context, dgst digest.Digest) (distribution.Descriptor, error) {
+	if err := dgst.Validate(); err != nil {
+		return distribution.Descriptor{}, err
+	}
+
+	conn := rbds.pool.Get()
+	defer conn.Close()
+
+	return rbds.stat(ctx, conn, dgst)
+}
+
+func (rbds *redisBlobDescriptorService) Clear(ctx context.Context, dgst digest.Digest) error {
+	if err := dgst.Validate(); err != nil {
+		return err
+	}
+
+	conn := rbds.pool.Get()
+	defer conn.Close()
+
+	// Not atomic in redis <= 2.3
+	reply, err := conn.Do("HDEL", rbds.blobDescriptorHashKey(dgst), "digest", "size", "mediatype")
+	if err != nil {
+		return err
+	}
+
+	if reply == 0 {
+		return distribution.ErrBlobUnknown
+	}
+
+	return nil
+}
+
+// stat provides an internal stat call that takes a connection parameter. This
+// allows some internal management of the connection scope.
+func (rbds *redisBlobDescriptorService) stat(ctx context.Context, conn redis.Conn, dgst digest.Digest) (distribution.Descriptor, error) {
+	reply, err := redis.Values(conn.Do("HMGET", rbds.blobDescriptorHashKey(dgst), "digest", "size", "mediatype"))
+	if err != nil {
+		return distribution.Descriptor{}, err
+	}
+
+	// NOTE(stevvooe): The "size" field used to be "length". We treat a
+	// missing "size" field here as an unknown blob, which causes a cache
+	// miss, effectively migrating the field.
+	if len(reply) < 3 || reply[0] == nil || reply[1] == nil { // don't care if mediatype is nil
+		return distribution.Descriptor{}, distribution.ErrBlobUnknown
+	}
+
+	var desc distribution.Descriptor
+	if _, err := redis.Scan(reply, &desc.Digest, &desc.Size, &desc.MediaType); err != nil {
+		return distribution.Descriptor{}, err
+	}
+
+	return desc, nil
+}
+
+// SetDescriptor sets the descriptor data for the given digest using a redis
+// hash. A hash is used here since we may store unrelated fields about a layer
+// in the future.
+func (rbds *redisBlobDescriptorService) SetDescriptor(ctx context.Context, dgst digest.Digest, desc distribution.Descriptor) error {
+	if err := dgst.Validate(); err != nil {
+		return err
+	}
+
+	if err := cache.ValidateDescriptor(desc); err != nil {
+		return err
+	}
+
+	conn := rbds.pool.Get()
+	defer conn.Close()
+
+	return rbds.setDescriptor(ctx, conn, dgst, desc)
+}
+
+func (rbds *redisBlobDescriptorService) setDescriptor(ctx context.Context, conn redis.Conn, dgst digest.Digest, desc distribution.Descriptor) error {
+	if _, err := conn.Do("HMSET", rbds.blobDescriptorHashKey(dgst),
+		"digest", desc.Digest,
+		"size", desc.Size); err != nil {
+		return err
+	}
+
+	// Only set mediatype if not already set.
+	if _, err := conn.Do("HSETNX", rbds.blobDescriptorHashKey(dgst),
+		"mediatype", desc.MediaType); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (rbds *redisBlobDescriptorService) blobDescriptorHashKey(dgst digest.Digest) string {
+	return "blobs::" + dgst.String()
+}
+
+type repositoryScopedRedisBlobDescriptorService struct {
+	repo     string
+	upstream *redisBlobDescriptorService
+}
+
+var _ distribution.BlobDescriptorService = &repositoryScopedRedisBlobDescriptorService{}
+
+// Stat ensures that the digest is a member of the specified repository and
+// forwards the descriptor request to the global blob store. If the media type
+// differs for the repository, we override it.
+func (rsrbds *repositoryScopedRedisBlobDescriptorService) Stat(ctx context.Context, dgst digest.Digest) (distribution.Descriptor, error) {
+	if err := dgst.Validate(); err != nil {
+		return distribution.Descriptor{}, err
+	}
+
+	conn := rsrbds.upstream.pool.Get()
+	defer conn.Close()
+
+	// Check membership to repository first
+	member, err := redis.Bool(conn.Do("SISMEMBER", rsrbds.repositoryBlobSetKey(rsrbds.repo), dgst))
+	if err != nil {
+		return distribution.Descriptor{}, err
+	}
+
+	if !member {
+		return distribution.Descriptor{}, distribution.ErrBlobUnknown
+	}
+
+	upstream, err := rsrbds.upstream.stat(ctx, conn, dgst)
+	if err != nil {
+		return distribution.Descriptor{}, err
+	}
+
+	// We allow a per repository mediatype, let's look it up here.
+	mediatype, err := redis.String(conn.Do("HGET", rsrbds.blobDescriptorHashKey(dgst), "mediatype"))
+	if err != nil {
+		return distribution.Descriptor{}, err
+	}
+
+	if mediatype != "" {
+		upstream.MediaType = mediatype
+	}
+
+	return upstream, nil
+}
+
+// Clear removes the descriptor from the cache and forwards to the upstream descriptor store
+func (rsrbds *repositoryScopedRedisBlobDescriptorService) Clear(ctx context.Context, dgst digest.Digest) error {
+	if err := dgst.Validate(); err != nil {
+		return err
+	}
+
+	conn := rsrbds.upstream.pool.Get()
+	defer conn.Close()
+
+	// Check membership to repository first
+	member, err := redis.Bool(conn.Do("SISMEMBER", rsrbds.repositoryBlobSetKey(rsrbds.repo), dgst))
+	if err != nil {
+		return err
+	}
+
+	if !member {
+		return distribution.ErrBlobUnknown
+	}
+
+	return rsrbds.upstream.Clear(ctx, dgst)
+}
+
+func (rsrbds *repositoryScopedRedisBlobDescriptorService) SetDescriptor(ctx context.Context, dgst digest.Digest, desc distribution.Descriptor) error {
+	if err := dgst.Validate(); err != nil {
+		return err
+	}
+
+	if err := cache.ValidateDescriptor(desc); err != nil {
+		return err
+	}
+
+	if dgst != desc.Digest {
+		if dgst.Algorithm() == desc.Digest.Algorithm() {
+			return fmt.Errorf("redis cache: digest for descriptors differ but algorithm does not: %q != %q", dgst, desc.Digest)
+		}
+	}
+
+	conn := rsrbds.upstream.pool.Get()
+	defer conn.Close()
+
+	return rsrbds.setDescriptor(ctx, conn, dgst, desc)
+}
+
+func (rsrbds *repositoryScopedRedisBlobDescriptorService) setDescriptor(ctx context.Context, conn redis.Conn, dgst digest.Digest, desc distribution.Descriptor) error {
+	if _, err := conn.Do("SADD", rsrbds.repositoryBlobSetKey(rsrbds.repo), dgst); err != nil {
+		return err
+	}
+
+	if err := rsrbds.upstream.setDescriptor(ctx, conn, dgst, desc); err != nil {
+		return err
+	}
+
+	// Override repository mediatype.
+	if _, err := conn.Do("HSET", rsrbds.blobDescriptorHashKey(dgst), "mediatype", desc.MediaType); err != nil {
+		return err
+	}
+
+	// Also set the values for the primary descriptor, if they differ by
+	// algorithm (ie sha256 vs sha512).
+	if desc.Digest != "" && dgst != desc.Digest && dgst.Algorithm() != desc.Digest.Algorithm() {
+		if err := rsrbds.setDescriptor(ctx, conn, desc.Digest, desc); err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (rsrbds *repositoryScopedRedisBlobDescriptorService) blobDescriptorHashKey(dgst digest.Digest) string {
+	return "repository::" + rsrbds.repo + "::blobs::" + dgst.String()
+}
+
+func (rsrbds *repositoryScopedRedisBlobDescriptorService) repositoryBlobSetKey(repo string) string {
+	return "repository::" + rsrbds.repo + "::blobs"
+}
diff --git a/vendor/github.com/docker/distribution/registry/storage/catalog.go b/vendor/github.com/docker/distribution/registry/storage/catalog.go
new file mode 100644
index 000000000..ebf80e05b
--- /dev/null
+++ b/vendor/github.com/docker/distribution/registry/storage/catalog.go
@@ -0,0 +1,159 @@
+package storage
+
+import (
+	"context"
+	"errors"
+	"io"
+	"path"
+	"strings"
+
+	"github.com/docker/distribution/reference"
+	"github.com/docker/distribution/registry/storage/driver"
+)
+
+// Returns a list, or partial list, of repositories in the registry.
+// Because it's a quite expensive operation, it should only be used when building up
+// an initial set of repositories.
+func (reg *registry) Repositories(ctx context.Context, repos []string, last string) (n int, err error) {
+	var finishedWalk bool
+	var foundRepos []string
+
+	if len(repos) == 0 {
+		return 0, errors.New("no space in slice")
+	}
+
+	root, err := pathFor(repositoriesRootPathSpec{})
+	if err != nil {
+		return 0, err
+	}
+
+	err = reg.blobStore.driver.Walk(ctx, root, func(fileInfo driver.FileInfo) error {
+		err := handleRepository(fileInfo, root, last, func(repoPath string) error {
+			foundRepos = append(foundRepos, repoPath)
+			return nil
+		})
+		if err != nil {
+			return err
+		}
+
+		// if we've filled our array, no need to walk any further
+		if len(foundRepos) == len(repos) {
+			finishedWalk = true
+			return driver.ErrSkipDir
+		}
+
+		return nil
+	})
+
+	n = copy(repos, foundRepos)
+
+	if err != nil {
+		return n, err
+	} else if !finishedWalk {
+		// We didn't fill buffer. No more records are available.
+		return n, io.EOF
+	}
+
+	return n, err
+}
+
+// Enumerate applies ingester to each repository
+func (reg *registry) Enumerate(ctx context.Context, ingester func(string) error) error {
+	root, err := pathFor(repositoriesRootPathSpec{})
+	if err != nil {
+		return err
+	}
+
+	err = reg.blobStore.driver.Walk(ctx, root, func(fileInfo driver.FileInfo) error {
+		return handleRepository(fileInfo, root, "", ingester)
+	})
+
+	return err
+}
+
+// Remove removes a repository from storage
+func (reg *registry) Remove(ctx context.Context, name reference.Named) error {
+	root, err := pathFor(repositoriesRootPathSpec{})
+	if err != nil {
+		return err
+	}
+	repoDir := path.Join(root, name.Name())
+	return reg.driver.Delete(ctx, repoDir)
+}
+
+// lessPath returns true if one path a is less than path b.
+//
+// A component-wise comparison is done, rather than the lexical comparison of
+// strings.
+func lessPath(a, b string) bool {
+	// we provide this behavior by making separator always sort first.
+	return compareReplaceInline(a, b, '/', '\x00') < 0
+}
+
+// compareReplaceInline modifies runtime.cmpstring to replace old with new
+// during a byte-wise comparison.
+func compareReplaceInline(s1, s2 string, old, new byte) int {
+	// TODO(stevvooe): We are missing an optimization when the s1 and s2 have
+	// the exact same slice header. It will make the code unsafe but can
+	// provide some extra performance.
+
+	l := len(s1)
+	if len(s2) < l {
+		l = len(s2)
+	}
+
+	for i := 0; i < l; i++ {
+		c1, c2 := s1[i], s2[i]
+		if c1 == old {
+			c1 = new
+		}
+
+		if c2 == old {
+			c2 = new
+		}
+
+		if c1 < c2 {
+			return -1
+		}
+
+		if c1 > c2 {
+			return +1
+		}
+	}
+
+	if len(s1) < len(s2) {
+		return -1
+	}
+
+	if len(s1) > len(s2) {
+		return +1
+	}
+
+	return 0
+}
+
+// handleRepository calls function fn with a repository path if fileInfo
+// has a path of a repository under root and that it is lexographically
+// after last. Otherwise, it will return ErrSkipDir. This should be used
+// with Walk to do handling with repositories in a storage.
+func handleRepository(fileInfo driver.FileInfo, root, last string, fn func(repoPath string) error) error {
+	filePath := fileInfo.Path()
+
+	// lop the base path off
+	repo := filePath[len(root)+1:]
+
+	_, file := path.Split(repo)
+	if file == "_layers" {
+		repo = strings.TrimSuffix(repo, "/_layers")
+		if lessPath(last, repo) {
+			if err := fn(repo); err != nil {
+				return err
+			}
+		}
+		return driver.ErrSkipDir
+	} else if strings.HasPrefix(file, "_") {
+		return driver.ErrSkipDir
+	}
+
+	return nil
+}
diff --git a/vendor/github.com/docker/distribution/registry/storage/doc.go b/vendor/github.com/docker/distribution/registry/storage/doc.go
new file mode 100644
index 000000000..387d92348
--- /dev/null
+++ b/vendor/github.com/docker/distribution/registry/storage/doc.go
@@ -0,0 +1,3 @@
+// Package storage contains storage services for use in the registry
+// application. It should be considered an internal package, as of Go 1.4.
+package storage
diff --git a/vendor/github.com/docker/distribution/registry/storage/driver/azure/azure.go b/vendor/github.com/docker/distribution/registry/storage/driver/azure/azure.go
new file mode 100644
index 000000000..58c6293b2
--- /dev/null
+++ b/vendor/github.com/docker/distribution/registry/storage/driver/azure/azure.go
@@ -0,0 +1,532 @@
+// Package azure provides a storagedriver.StorageDriver implementation to
+// store blobs in Microsoft Azure Blob Storage Service.
+package azure
+
+import (
+	"bufio"
+	"bytes"
+	"context"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"net/http"
+	"strings"
+	"time"
+
+	storagedriver "github.com/docker/distribution/registry/storage/driver"
+	"github.com/docker/distribution/registry/storage/driver/base"
+	"github.com/docker/distribution/registry/storage/driver/factory"
+
+	azure "github.com/Azure/azure-sdk-for-go/storage"
+)
+
+const driverName = "azure"
+
+const (
+	paramAccountName = "accountname"
+	paramAccountKey  = "accountkey"
+	paramContainer   = "container"
+	paramRealm       = "realm"
+	maxChunkSize     = 4 * 1024 * 1024
+)
+
+type driver struct {
+	client    azure.BlobStorageClient
+	container string
+}
+
+type baseEmbed struct{ base.Base }
+
+// Driver is a storagedriver.StorageDriver implementation backed by
+// Microsoft Azure Blob Storage Service.
+type Driver struct{ baseEmbed }
+
+func init() {
+	factory.Register(driverName, &azureDriverFactory{})
+}
+
+type azureDriverFactory struct{}
+
+func (factory *azureDriverFactory) Create(parameters map[string]interface{}) (storagedriver.StorageDriver, error) {
+	return FromParameters(parameters)
+}
+
+// FromParameters constructs a new Driver with a given parameters map.
+func FromParameters(parameters map[string]interface{}) (*Driver, error) {
+	accountName, ok := parameters[paramAccountName]
+	if !ok || fmt.Sprint(accountName) == "" {
+		return nil, fmt.Errorf("no %s parameter provided", paramAccountName)
+	}
+
+	accountKey, ok := parameters[paramAccountKey]
+	if !ok || fmt.Sprint(accountKey) == "" {
+		return nil, fmt.Errorf("no %s parameter provided", paramAccountKey)
+	}
+
+	container, ok := parameters[paramContainer]
+	if !ok || fmt.Sprint(container) == "" {
+		return nil, fmt.Errorf("no %s parameter provided", paramContainer)
+	}
+
+	realm, ok := parameters[paramRealm]
+	if !ok || fmt.Sprint(realm) == "" {
+		realm = azure.DefaultBaseURL
+	}
+
+	return New(fmt.Sprint(accountName), fmt.Sprint(accountKey), fmt.Sprint(container), fmt.Sprint(realm))
+}
+
+// New constructs a new Driver with the given Azure Storage Account credentials
+func New(accountName, accountKey, container, realm string) (*Driver, error) {
+	api, err := azure.NewClient(accountName, accountKey, realm, azure.DefaultAPIVersion, true)
+	if err != nil {
+		return nil, err
+	}
+
+	blobClient := api.GetBlobService()
+
+	// Create registry container
+	containerRef := blobClient.GetContainerReference(container)
+	if _, err = containerRef.CreateIfNotExists(nil); err != nil {
+		return nil, err
+	}
+
+	d := &driver{
+		client:    blobClient,
+		container: container}
+	return &Driver{baseEmbed: baseEmbed{Base: base.Base{StorageDriver: d}}}, nil
+}
+
+// Implement the storagedriver.StorageDriver interface.
+func (d *driver) Name() string {
+	return driverName
+}
+
+// GetContent retrieves the content stored at "path" as a []byte.
+func (d *driver) GetContent(ctx context.Context, path string) ([]byte, error) {
+	blobRef := d.client.GetContainerReference(d.container).GetBlobReference(path)
+	blob, err := blobRef.Get(nil)
+	if err != nil {
+		if is404(err) {
+			return nil, storagedriver.PathNotFoundError{Path: path}
+		}
+		return nil, err
+	}
+
+	defer blob.Close()
+	return ioutil.ReadAll(blob)
+}
+
+// PutContent stores the []byte content at a location designated by "path".
+func (d *driver) PutContent(ctx context.Context, path string, contents []byte) error {
+	// max size for block blobs uploaded via single "Put Blob" for version after "2016-05-31"
+	// https://docs.microsoft.com/en-us/rest/api/storageservices/put-blob#remarks
+	const limit = 256 * 1024 * 1024
+	if len(contents) > limit {
+		return fmt.Errorf("uploading %d bytes with PutContent is not supported; limit: %d bytes", len(contents), limit)
+	}
+
+	// Historically, blobs uploaded via PutContent used to be of type AppendBlob
+	// (https://github.com/docker/distribution/pull/1438). We can't replace
+	// these blobs atomically via a single "Put Blob" operation without
+	// deleting them first. Once we detect they are BlockBlob type, we can
+	// overwrite them with an atomically "Put Blob" operation.
+	//
+	// While we delete the blob and create a new one, there will be a small
+	// window of inconsistency and if the Put Blob fails, we may end up with
+	// losing the existing data while migrating it to BlockBlob type. However,
+	// expectation is the clients pushing will be retrying when they get an error
+	// response.
+	blobRef := d.client.GetContainerReference(d.container).GetBlobReference(path)
+	err := blobRef.GetProperties(nil)
+	if err != nil && !is404(err) {
+		return fmt.Errorf("failed to get blob properties: %v", err)
+	}
+	if err == nil && blobRef.Properties.BlobType != azure.BlobTypeBlock {
+		if err := blobRef.Delete(nil); err != nil {
+			return fmt.Errorf("failed to delete legacy blob (%s): %v", blobRef.Properties.BlobType, err)
+		}
+	}
+
+	r := bytes.NewReader(contents)
+	// reset properties to empty before doing overwrite
+	blobRef.Properties = azure.BlobProperties{}
+	return blobRef.CreateBlockBlobFromReader(r, nil)
+}
+
+// Reader retrieves an io.ReadCloser for the content stored at "path" with a
+// given byte offset.
+func (d *driver) Reader(ctx context.Context, path string, offset int64) (io.ReadCloser, error) {
+	blobRef := d.client.GetContainerReference(d.container).GetBlobReference(path)
+	if ok, err := blobRef.Exists(); err != nil {
+		return nil, err
+	} else if !ok {
+		return nil, storagedriver.PathNotFoundError{Path: path}
+	}
+
+	err := blobRef.GetProperties(nil)
+	if err != nil {
+		return nil, err
+	}
+	info := blobRef.Properties
+	size := info.ContentLength
+	if offset >= size {
+		return ioutil.NopCloser(bytes.NewReader(nil)), nil
+	}
+
+	resp, err := blobRef.GetRange(&azure.GetBlobRangeOptions{
+		Range: &azure.BlobRange{
+			Start: uint64(offset),
+			End:   0,
+		},
+	})
+	if err != nil {
+		return nil, err
+	}
+	return resp, nil
+}
+
+// Writer returns a FileWriter which will store the content written to it
+// at the location designated by "path" after the call to Commit.
+func (d *driver) Writer(ctx context.Context, path string, append bool) (storagedriver.FileWriter, error) {
+	blobRef := d.client.GetContainerReference(d.container).GetBlobReference(path)
+	blobExists, err := blobRef.Exists()
+	if err != nil {
+		return nil, err
+	}
+	var size int64
+	if blobExists {
+		if append {
+			err = blobRef.GetProperties(nil)
+			if err != nil {
+				return nil, err
+			}
+			blobProperties := blobRef.Properties
+			size = blobProperties.ContentLength
+		} else {
+			err = blobRef.Delete(nil)
+			if err != nil {
+				return nil, err
+			}
+		}
+	} else {
+		if append {
+			return nil, storagedriver.PathNotFoundError{Path: path}
+		}
+		err = blobRef.PutAppendBlob(nil)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	return d.newWriter(path, size), nil
+}
+
+// Stat retrieves the FileInfo for the given path, including the current size
+// in bytes and the creation time.
+func (d *driver) Stat(ctx context.Context, path string) (storagedriver.FileInfo, error) {
+	blobRef := d.client.GetContainerReference(d.container).GetBlobReference(path)
+	// Check if the path is a blob
+	if ok, err := blobRef.Exists(); err != nil {
+		return nil, err
+	} else if ok {
+		err = blobRef.GetProperties(nil)
+		if err != nil {
+			return nil, err
+		}
+		blobProperties := blobRef.Properties
+
+		return storagedriver.FileInfoInternal{FileInfoFields: storagedriver.FileInfoFields{
+			Path:    path,
+			Size:    blobProperties.ContentLength,
+			ModTime: time.Time(blobProperties.LastModified),
+			IsDir:   false,
+		}}, nil
+	}
+
+	// Check if path is a virtual container
+	virtContainerPath := path
+	if !strings.HasSuffix(virtContainerPath, "/") {
+		virtContainerPath += "/"
+	}
+
+	containerRef := d.client.GetContainerReference(d.container)
+	blobs, err := containerRef.ListBlobs(azure.ListBlobsParameters{
+		Prefix:     virtContainerPath,
+		MaxResults: 1,
+	})
+	if err != nil {
+		return nil, err
+	}
+	if len(blobs.Blobs) > 0 {
+		// path is a virtual container
+		return storagedriver.FileInfoInternal{FileInfoFields: storagedriver.FileInfoFields{
+			Path:  path,
+			IsDir: true,
+		}}, nil
+	}
+
+	// path is not a blob or virtual container
+	return nil, storagedriver.PathNotFoundError{Path: path}
+}
+
+// List returns a list of the objects that are direct descendants of the given
+// path.
+func (d *driver) List(ctx context.Context, path string) ([]string, error) {
+	if path == "/" {
+		path = ""
+	}
+
+	blobs, err := d.listBlobs(d.container, path)
+	if err != nil {
+		return blobs, err
+	}
+
+	list := directDescendants(blobs, path)
+	if path != "" && len(list) == 0 {
+		return nil, storagedriver.PathNotFoundError{Path: path}
+	}
+	return list, nil
+}
+
+// Move moves an object stored at sourcePath to destPath, removing the original
+// object.
+func (d *driver) Move(ctx context.Context, sourcePath string, destPath string) error {
+	srcBlobRef := d.client.GetContainerReference(d.container).GetBlobReference(sourcePath)
+	sourceBlobURL := srcBlobRef.GetURL()
+	destBlobRef := d.client.GetContainerReference(d.container).GetBlobReference(destPath)
+	err := destBlobRef.Copy(sourceBlobURL, nil)
+	if err != nil {
+		if is404(err) {
+			return storagedriver.PathNotFoundError{Path: sourcePath}
+		}
+		return err
+	}
+
+	return srcBlobRef.Delete(nil)
+}
+
+// Delete recursively deletes all objects stored at "path" and its subpaths.
+func (d *driver) Delete(ctx context.Context, path string) error {
+	blobRef := d.client.GetContainerReference(d.container).GetBlobReference(path)
+	ok, err := blobRef.DeleteIfExists(nil)
+	if err != nil {
+		return err
+	}
+	if ok {
+		return nil // was a blob and deleted, return
+	}
+
+	// Not a blob, see if path is a virtual container with blobs
+	blobs, err := d.listBlobs(d.container, path)
+	if err != nil {
+		return err
+	}
+
+	for _, b := range blobs {
+		blobRef = d.client.GetContainerReference(d.container).GetBlobReference(b)
+		if err = blobRef.Delete(nil); err != nil {
+			return err
+		}
+	}
+
+	if len(blobs) == 0 {
+		return storagedriver.PathNotFoundError{Path: path}
+	}
+	return nil
+}
+
+// URLFor returns a publicly accessible URL for the blob stored at given path
+// for specified duration by making use of Azure Storage Shared Access Signatures (SAS).
+// See https://msdn.microsoft.com/en-us/library/azure/ee395415.aspx for more info.
+func (d *driver) URLFor(ctx context.Context, path string, options map[string]interface{}) (string, error) {
+	expiresTime := time.Now().UTC().Add(20 * time.Minute) // default expiration
+	expires, ok := options["expiry"]
+	if ok {
+		t, ok := expires.(time.Time)
+		if ok {
+			expiresTime = t
+		}
+	}
+	blobRef := d.client.GetContainerReference(d.container).GetBlobReference(path)
+	return blobRef.GetSASURI(azure.BlobSASOptions{
+		BlobServiceSASPermissions: azure.BlobServiceSASPermissions{
+			Read: true,
+		},
+		SASOptions: azure.SASOptions{
+			Expiry: expiresTime,
+		},
+	})
+}
+
+// Walk traverses a filesystem defined within driver, starting
+// from the given path, calling f on each file
+func (d *driver) Walk(ctx context.Context, path string, f storagedriver.WalkFn) error {
+	return storagedriver.WalkFallback(ctx, d, path, f)
+}
+
+// directDescendants will find direct descendants (blobs or virtual containers)
+// of from list of blob paths and will return their full paths. Elements in blobs
+// list must be prefixed with a "/" and
+//
+// Example: direct descendants of "/" in {"/foo", "/bar/1", "/bar/2"} is
+// {"/foo", "/bar"} and direct descendants of "bar" is {"/bar/1", "/bar/2"}
+func directDescendants(blobs []string, prefix string) []string {
+	if !strings.HasPrefix(prefix, "/") { // add trailing '/'
+		prefix = "/" + prefix
+	}
+	if !strings.HasSuffix(prefix, "/") { // containerify the path
+		prefix += "/"
+	}
+
+	out := make(map[string]bool)
+	for _, b := range blobs {
+		if strings.HasPrefix(b, prefix) {
+			rel := b[len(prefix):]
+			c := strings.Count(rel, "/")
+			if c == 0 {
+				out[b] = true
+			} else {
+				out[prefix+rel[:strings.Index(rel, "/")]] = true
+			}
+		}
+	}
+
+	var keys []string
+	for k := range out {
+		keys = append(keys, k)
+	}
+	return keys
+}
+
+func (d *driver) listBlobs(container, virtPath string) ([]string, error) {
+	if virtPath != "" && !strings.HasSuffix(virtPath, "/") { // containerify the path
+		virtPath += "/"
+	}
+
+	out := []string{}
+	marker := ""
+	containerRef := d.client.GetContainerReference(d.container)
+	for {
+		resp, err := containerRef.ListBlobs(azure.ListBlobsParameters{
+			Marker: marker,
+			Prefix: virtPath,
+		})
+
+		if err != nil {
+			return out, err
+		}
+
+		for _, b := range resp.Blobs {
+			out = append(out, b.Name)
+		}
+
+		if len(resp.Blobs) == 0 || resp.NextMarker == "" {
+			break
+		}
+		marker = resp.NextMarker
+	}
+	return out, nil
+}
+
+func is404(err error) bool {
+	statusCodeErr, ok := err.(azure.AzureStorageServiceError)
+	return ok && statusCodeErr.StatusCode == http.StatusNotFound
+}
+
+type writer struct {
+	driver    *driver
+	path      string
+	size      int64
+	bw        *bufio.Writer
+	closed    bool
+	committed bool
+	cancelled bool
+}
+
+func (d *driver) newWriter(path string, size int64) storagedriver.FileWriter {
+	return &writer{
+		driver: d,
+		path:   path,
+		size:   size,
+		bw: bufio.NewWriterSize(&blockWriter{
+			client:    d.client,
+			container: d.container,
+			path:      path,
+		}, maxChunkSize),
+	}
+}
+
+func (w *writer) Write(p []byte) (int, error) {
+	if w.closed {
+		return 0, fmt.Errorf("already closed")
+	} else if w.committed {
+		return 0, fmt.Errorf("already committed")
+	} else if w.cancelled {
+		return 0, fmt.Errorf("already cancelled")
+	}
+
+	n, err := w.bw.Write(p)
+	w.size += int64(n)
+	return n, err
+}
+
+func (w *writer) Size() int64 {
+	return w.size
+}
+
+func (w *writer) Close() error {
+	if w.closed {
+		return fmt.Errorf("already closed")
+	}
+	w.closed = true
+	return w.bw.Flush()
+}
+
+func (w *writer) Cancel() error {
+	if w.closed {
+		return fmt.Errorf("already closed")
+	} else if w.committed {
+		return fmt.Errorf("already committed")
+	}
+	w.cancelled = true
+	blobRef := w.driver.client.GetContainerReference(w.driver.container).GetBlobReference(w.path)
+	return blobRef.Delete(nil)
+}
+
+func (w *writer) Commit() error {
+	if w.closed {
+		return fmt.Errorf("already closed")
+	} else if w.committed {
+		return fmt.Errorf("already committed")
+	} else if w.cancelled {
+		return fmt.Errorf("already cancelled")
+	}
+	w.committed = true
+	return w.bw.Flush()
+}
+
+type blockWriter struct {
+	client    azure.BlobStorageClient
+	container string
+	path      string
+}
+
+func (bw *blockWriter) Write(p []byte) (int, error) {
+	n := 0
+	blobRef := bw.client.GetContainerReference(bw.container).GetBlobReference(bw.path)
+	for offset := 0; offset < len(p); offset += maxChunkSize {
+		chunkSize := maxChunkSize
+		if offset+chunkSize > len(p) {
+			chunkSize = len(p) - offset
+		}
+		err := blobRef.AppendBlock(p[offset:offset+chunkSize], nil)
+		if err != nil {
+			return n, err
+		}
+
+		n += chunkSize
+	}
+
+	return n, nil
+}
diff --git a/vendor/github.com/docker/distribution/registry/storage/driver/base/base.go b/vendor/github.com/docker/distribution/registry/storage/driver/base/base.go
new file mode 100644
index 000000000..83b8c423b
--- /dev/null
+++ b/vendor/github.com/docker/distribution/registry/storage/driver/base/base.go
@@ -0,0 +1,240 @@
+// Package base provides a base implementation of the storage driver that can
+// be used to implement common checks. The goal is to increase the amount of
+// code sharing.
+//
+// The canonical approach to use this class is to embed in the exported driver
+// struct such that calls are proxied through this implementation. First,
+// declare the internal driver, as follows:
+//
+//	type driver struct { ... internal ...}
+//
+// The resulting type should implement StorageDriver such that it can be the
+// target of a Base struct. The exported type can then be declared as follows:
+//
+//	type Driver struct {
+//		Base
+//	}
+//
+// Because Driver embeds Base, it effectively implements Base. If the driver
+// needs to intercept a call, before going to base, Driver should implement
+// that method. Effectively, Driver can intercept calls before coming in and
+// driver implements the actual logic.
+//
+// To further shield the embed from other packages, it is recommended to
+// employ a private embed struct:
+//
+//	type baseEmbed struct {
+//		base.Base
+//	}
+//
+// Then, declare driver to embed baseEmbed, rather than Base directly:
+//
+//	type Driver struct {
+//		baseEmbed
+//	}
+//
+// The type now implements StorageDriver, proxying through Base, without
+// exporting an unnecessary field.
+package base
+
+import (
+	"context"
+	"io"
+	"time"
+
+	dcontext "github.com/docker/distribution/context"
+	prometheus "github.com/docker/distribution/metrics"
+	storagedriver "github.com/docker/distribution/registry/storage/driver"
+	"github.com/docker/go-metrics"
+)
+
+var (
+	// storageAction is the metrics of blob related operations
+	storageAction = prometheus.StorageNamespace.NewLabeledTimer("action", "The number of seconds that the storage action takes", "driver", "action")
+)
+
+func init() {
+	metrics.Register(prometheus.StorageNamespace)
+}
+
+// Base provides a wrapper around a storagedriver implementation that provides
+// common path and bounds checking.
+type Base struct {
+	storagedriver.StorageDriver
+}
+
+// Format errors received from the storage driver
+func (base *Base) setDriverName(e error) error {
+	switch actual := e.(type) {
+	case nil:
+		return nil
+	case storagedriver.ErrUnsupportedMethod:
+		actual.DriverName = base.StorageDriver.Name()
+		return actual
+	case storagedriver.PathNotFoundError:
+		actual.DriverName = base.StorageDriver.Name()
+		return actual
+	case storagedriver.InvalidPathError:
+		actual.DriverName = base.StorageDriver.Name()
+		return actual
+	case storagedriver.InvalidOffsetError:
+		actual.DriverName = base.StorageDriver.Name()
+		return actual
+	default:
+		storageError := storagedriver.Error{
+			DriverName: base.StorageDriver.Name(),
+			Enclosed:   e,
+		}
+
+		return storageError
+	}
+}
+
+// GetContent wraps GetContent of underlying storage driver.
+func (base *Base) GetContent(ctx context.Context, path string) ([]byte, error) {
+	ctx, done := dcontext.WithTrace(ctx)
+	defer done("%s.GetContent(%q)", base.Name(), path)
+
+	if !storagedriver.PathRegexp.MatchString(path) {
+		return nil, storagedriver.InvalidPathError{Path: path, DriverName: base.StorageDriver.Name()}
+	}
+
+	start := time.Now()
+	b, e := base.StorageDriver.GetContent(ctx, path)
+	storageAction.WithValues(base.Name(), "GetContent").UpdateSince(start)
+	return b, base.setDriverName(e)
+}
+
+// PutContent wraps PutContent of underlying storage driver.
+func (base *Base) PutContent(ctx context.Context, path string, content []byte) error {
+	ctx, done := dcontext.WithTrace(ctx)
+	defer done("%s.PutContent(%q)", base.Name(), path)
+
+	if !storagedriver.PathRegexp.MatchString(path) {
+		return storagedriver.InvalidPathError{Path: path, DriverName: base.StorageDriver.Name()}
+	}
+
+	start := time.Now()
+	err := base.setDriverName(base.StorageDriver.PutContent(ctx, path, content))
+	storageAction.WithValues(base.Name(), "PutContent").UpdateSince(start)
+	return err
+}
+
+// Reader wraps Reader of underlying storage driver.
+func (base *Base) Reader(ctx context.Context, path string, offset int64) (io.ReadCloser, error) {
+	ctx, done := dcontext.WithTrace(ctx)
+	defer done("%s.Reader(%q, %d)", base.Name(), path, offset)
+
+	if offset < 0 {
+		return nil, storagedriver.InvalidOffsetError{Path: path, Offset: offset, DriverName: base.StorageDriver.Name()}
+	}
+
+	if !storagedriver.PathRegexp.MatchString(path) {
+		return nil, storagedriver.InvalidPathError{Path: path, DriverName: base.StorageDriver.Name()}
+	}
+
+	rc, e := base.StorageDriver.Reader(ctx, path, offset)
+	return rc, base.setDriverName(e)
+}
+
+// Writer wraps Writer of underlying storage driver.
+func (base *Base) Writer(ctx context.Context, path string, append bool) (storagedriver.FileWriter, error) {
+	ctx, done := dcontext.WithTrace(ctx)
+	defer done("%s.Writer(%q, %v)", base.Name(), path, append)
+
+	if !storagedriver.PathRegexp.MatchString(path) {
+		return nil, storagedriver.InvalidPathError{Path: path, DriverName: base.StorageDriver.Name()}
+	}
+
+	writer, e := base.StorageDriver.Writer(ctx, path, append)
+	return writer, base.setDriverName(e)
+}
+
+// Stat wraps Stat of underlying storage driver.
+func (base *Base) Stat(ctx context.Context, path string) (storagedriver.FileInfo, error) {
+	ctx, done := dcontext.WithTrace(ctx)
+	defer done("%s.Stat(%q)", base.Name(), path)
+
+	if !storagedriver.PathRegexp.MatchString(path) && path != "/" {
+		return nil, storagedriver.InvalidPathError{Path: path, DriverName: base.StorageDriver.Name()}
+	}
+
+	start := time.Now()
+	fi, e := base.StorageDriver.Stat(ctx, path)
+	storageAction.WithValues(base.Name(), "Stat").UpdateSince(start)
+	return fi, base.setDriverName(e)
+}
+
+// List wraps List of underlying storage driver.
+func (base *Base) List(ctx context.Context, path string) ([]string, error) {
+	ctx, done := dcontext.WithTrace(ctx)
+	defer done("%s.List(%q)", base.Name(), path)
+
+	if !storagedriver.PathRegexp.MatchString(path) && path != "/" {
+		return nil, storagedriver.InvalidPathError{Path: path, DriverName: base.StorageDriver.Name()}
+	}
+
+	start := time.Now()
+	str, e := base.StorageDriver.List(ctx, path)
+	storageAction.WithValues(base.Name(), "List").UpdateSince(start)
+	return str, base.setDriverName(e)
+}
+
+// Move wraps Move of underlying storage driver.
+func (base *Base) Move(ctx context.Context, sourcePath string, destPath string) error {
+	ctx, done := dcontext.WithTrace(ctx)
+	defer done("%s.Move(%q, %q", base.Name(), sourcePath, destPath)
+
+	if !storagedriver.PathRegexp.MatchString(sourcePath) {
+		return storagedriver.InvalidPathError{Path: sourcePath, DriverName: base.StorageDriver.Name()}
+	} else if !storagedriver.PathRegexp.MatchString(destPath) {
+		return storagedriver.InvalidPathError{Path: destPath, DriverName: base.StorageDriver.Name()}
+	}
+
+	start := time.Now()
+	err := base.setDriverName(base.StorageDriver.Move(ctx, sourcePath, destPath))
+	storageAction.WithValues(base.Name(), "Move").UpdateSince(start)
+	return err
+}
+
+// Delete wraps Delete of underlying storage driver.
+func (base *Base) Delete(ctx context.Context, path string) error {
+	ctx, done := dcontext.WithTrace(ctx)
+	defer done("%s.Delete(%q)", base.Name(), path)
+
+	if !storagedriver.PathRegexp.MatchString(path) {
+		return storagedriver.InvalidPathError{Path: path, DriverName: base.StorageDriver.Name()}
+	}
+
+	start := time.Now()
+	err := base.setDriverName(base.StorageDriver.Delete(ctx, path))
+	storageAction.WithValues(base.Name(), "Delete").UpdateSince(start)
+	return err
+}
+
+// URLFor wraps URLFor of underlying storage driver.
+func (base *Base) URLFor(ctx context.Context, path string, options map[string]interface{}) (string, error) {
+	ctx, done := dcontext.WithTrace(ctx)
+	defer done("%s.URLFor(%q)", base.Name(), path)
+
+	if !storagedriver.PathRegexp.MatchString(path) {
+		return "", storagedriver.InvalidPathError{Path: path, DriverName: base.StorageDriver.Name()}
+	}
+
+	start := time.Now()
+	str, e := base.StorageDriver.URLFor(ctx, path, options)
+	storageAction.WithValues(base.Name(), "URLFor").UpdateSince(start)
+	return str, base.setDriverName(e)
+}
+
+// Walk wraps Walk of underlying storage driver.
+func (base *Base) Walk(ctx context.Context, path string, f storagedriver.WalkFn) error {
+	ctx, done := dcontext.WithTrace(ctx)
+	defer done("%s.Walk(%q)", base.Name(), path)
+
+	if !storagedriver.PathRegexp.MatchString(path) && path != "/" {
+		return storagedriver.InvalidPathError{Path: path, DriverName: base.StorageDriver.Name()}
+	}
+
+	return base.setDriverName(base.StorageDriver.Walk(ctx, path, f))
+}
diff --git a/vendor/github.com/docker/distribution/registry/storage/driver/base/regulator.go b/vendor/github.com/docker/distribution/registry/storage/driver/base/regulator.go
new file mode 100644
index 000000000..df6e50385
--- /dev/null
+++ b/vendor/github.com/docker/distribution/registry/storage/driver/base/regulator.go
@@ -0,0 +1,184 @@
+package base
+
+import (
+	"context"
+	"fmt"
+	"io"
+	"reflect"
+	"strconv"
+	"sync"
+
+	storagedriver "github.com/docker/distribution/registry/storage/driver"
+)
+
+type regulator struct {
+	storagedriver.StorageDriver
+	*sync.Cond
+
+	available uint64
+}
+
+// GetLimitFromParameter takes an interface type as decoded from the YAML
+// configuration and returns a uint64 representing the maximum number of
+// concurrent calls given a minimum limit and default.
+//
+// If the parameter supplied is of an invalid type this returns an error.
+func GetLimitFromParameter(param interface{}, min, def uint64) (uint64, error) {
+	limit := def
+
+	switch v := param.(type) {
+	case string:
+		var err error
+		if limit, err = strconv.ParseUint(v, 0, 64); err != nil {
+			return limit, fmt.Errorf("parameter must be an integer, '%v' invalid", param)
+		}
+	case uint64:
+		limit = v
+	case int, int32, int64:
+		val := reflect.ValueOf(v).Convert(reflect.TypeOf(param)).Int()
+		// if param is negative casting to uint64 will wrap around and
+		// give you the hugest thread limit ever. Let's be sensible, here
+		if val > 0 {
+			limit = uint64(val)
+		} else {
+			limit = min
+		}
+	case uint, uint32:
+		limit = reflect.ValueOf(v).Convert(reflect.TypeOf(param)).Uint()
+	case nil:
+		// use the default
+	default:
+		return 0, fmt.Errorf("invalid value '%#v'", param)
+	}
+
+	if limit < min {
+		return min, nil
+	}
+
+	return limit, nil
+}
+
+// NewRegulator wraps the given driver and is used to regulate concurrent calls
+// to the given storage driver to a maximum of the given limit. This is useful
+// for storage drivers that would otherwise create an unbounded number of OS
+// threads if allowed to be called unregulated.
+func NewRegulator(driver storagedriver.StorageDriver, limit uint64) storagedriver.StorageDriver {
+	return &regulator{
+		StorageDriver: driver,
+		Cond:          sync.NewCond(&sync.Mutex{}),
+		available:     limit,
+	}
+}
+
+func (r *regulator) enter() {
+	r.L.Lock()
+	for r.available == 0 {
+		r.Wait()
+	}
+	r.available--
+	r.L.Unlock()
+}
+
+func (r *regulator) exit() {
+	r.L.Lock()
+	r.Signal()
+	r.available++
+	r.L.Unlock()
+}
+
+// Name returns the human-readable "name" of the driver, useful in error
+// messages and logging. By convention, this will just be the registration
+// name, but drivers may provide other information here.
+func (r *regulator) Name() string {
+	r.enter()
+	defer r.exit()
+
+	return r.StorageDriver.Name()
+}
+
+// GetContent retrieves the content stored at "path" as a []byte.
+// This should primarily be used for small objects.
+func (r *regulator) GetContent(ctx context.Context, path string) ([]byte, error) {
+	r.enter()
+	defer r.exit()
+
+	return r.StorageDriver.GetContent(ctx, path)
+}
+
+// PutContent stores the []byte content at a location designated by "path".
+// This should primarily be used for small objects.
+func (r *regulator) PutContent(ctx context.Context, path string, content []byte) error {
+	r.enter()
+	defer r.exit()
+
+	return r.StorageDriver.PutContent(ctx, path, content)
+}
+
+// Reader retrieves an io.ReadCloser for the content stored at "path"
+// with a given byte offset.
+// May be used to resume reading a stream by providing a nonzero offset.
+func (r *regulator) Reader(ctx context.Context, path string, offset int64) (io.ReadCloser, error) {
+	r.enter()
+	defer r.exit()
+
+	return r.StorageDriver.Reader(ctx, path, offset)
+}
+
+// Writer stores the contents of the provided io.ReadCloser at a
+// location designated by the given path.
+// May be used to resume writing a stream by providing a nonzero offset.
+// The offset must be no larger than the CurrentSize for this path.
+func (r *regulator) Writer(ctx context.Context, path string, append bool) (storagedriver.FileWriter, error) {
+	r.enter()
+	defer r.exit()
+
+	return r.StorageDriver.Writer(ctx, path, append)
+}
+
+// Stat retrieves the FileInfo for the given path, including the current
+// size in bytes and the creation time.
+func (r *regulator) Stat(ctx context.Context, path string) (storagedriver.FileInfo, error) {
+	r.enter()
+	defer r.exit()
+
+	return r.StorageDriver.Stat(ctx, path)
+}
+
+// List returns a list of the objects that are direct descendants of the
+// given path.
+func (r *regulator) List(ctx context.Context, path string) ([]string, error) {
+	r.enter()
+	defer r.exit()
+
+	return r.StorageDriver.List(ctx, path)
+}
+
+// Move moves an object stored at sourcePath to destPath, removing the
+// original object.
+// Note: This may be no more efficient than a copy followed by a delete for
+// many implementations.
+func (r *regulator) Move(ctx context.Context, sourcePath string, destPath string) error {
+	r.enter()
+	defer r.exit()
+
+	return r.StorageDriver.Move(ctx, sourcePath, destPath)
+}
+
+// Delete recursively deletes all objects stored at "path" and its subpaths.
+func (r *regulator) Delete(ctx context.Context, path string) error {
+	r.enter()
+	defer r.exit()
+
+	return r.StorageDriver.Delete(ctx, path)
+}
+
+// URLFor returns a URL which may be used to retrieve the content stored at
+// the given path, possibly using the given options.
+// May return an ErrUnsupportedMethod in certain StorageDriver
+// implementations.
+func (r *regulator) URLFor(ctx context.Context, path string, options map[string]interface{}) (string, error) {
+	r.enter()
+	defer r.exit()
+
+	return r.StorageDriver.URLFor(ctx, path, options)
+}
diff --git a/vendor/github.com/docker/distribution/registry/storage/driver/factory/factory.go b/vendor/github.com/docker/distribution/registry/storage/driver/factory/factory.go
new file mode 100644
index 000000000..a9c04ec59
--- /dev/null
+++ b/vendor/github.com/docker/distribution/registry/storage/driver/factory/factory.go
@@ -0,0 +1,64 @@
+package factory
+
+import (
+	"fmt"
+
+	storagedriver "github.com/docker/distribution/registry/storage/driver"
+)
+
+// driverFactories stores an internal mapping between storage driver names and their respective
+// factories
+var driverFactories = make(map[string]StorageDriverFactory)
+
+// StorageDriverFactory is a factory interface for creating storagedriver.StorageDriver interfaces
+// Storage drivers should call Register() with a factory to make the driver available by name.
+// Individual StorageDriver implementations generally register with the factory via the Register
+// func (below) in their init() funcs, and as such they should be imported anonymously before use.
+// See below for an example of how to register and get a StorageDriver for S3
+//
+//	import _ "github.com/docker/distribution/registry/storage/driver/s3-aws"
+//	s3Driver, err = factory.Create("s3", storageParams)
+//	// assuming no error, s3Driver is the StorageDriver that communicates with S3 according to storageParams
+type StorageDriverFactory interface {
+	// Create returns a new storagedriver.StorageDriver with the given parameters
+	// Parameters will vary by driver and may be ignored
+	// Each parameter key must only consist of lowercase letters and numbers
+	Create(parameters map[string]interface{}) (storagedriver.StorageDriver, error)
+}
+
+// Register makes a storage driver available by the provided name.
+// If Register is called twice with the same name or if driver factory is nil, it panics.
+// Additionally, it is not concurrency safe. Most Storage Drivers call this function
+// in their init() functions. See the documentation for StorageDriverFactory for more.
+func Register(name string, factory StorageDriverFactory) {
+	if factory == nil {
+		panic("Must not provide nil StorageDriverFactory")
+	}
+	_, registered := driverFactories[name]
+	if registered {
+		panic(fmt.Sprintf("StorageDriverFactory named %s already registered", name))
+	}
+
+	driverFactories[name] = factory
+}
+
+// Create a new storagedriver.StorageDriver with the given name and
+// parameters. To use a driver, the StorageDriverFactory must first be
+// registered with the given name. If no drivers are found, an
+// InvalidStorageDriverError is returned
+func Create(name string, parameters map[string]interface{}) (storagedriver.StorageDriver, error) {
+	driverFactory, ok := driverFactories[name]
+	if !ok {
+		return nil, InvalidStorageDriverError{name}
+	}
+	return driverFactory.Create(parameters)
+}
+
+// InvalidStorageDriverError records an attempt to construct an unregistered storage driver
+type InvalidStorageDriverError struct {
+	Name string
+}
+
+func (err InvalidStorageDriverError) Error() string {
+	return fmt.Sprintf("StorageDriver not registered: %s", err.Name)
+}
diff --git a/vendor/github.com/docker/distribution/registry/storage/driver/fileinfo.go b/vendor/github.com/docker/distribution/registry/storage/driver/fileinfo.go
new file mode 100644
index 000000000..e5064029a
--- /dev/null
+++ b/vendor/github.com/docker/distribution/registry/storage/driver/fileinfo.go
@@ -0,0 +1,79 @@
+package driver
+
+import "time"
+
+// FileInfo returns information about a given path. Inspired by os.FileInfo,
+// it elides the base name method for a full path instead.
+type FileInfo interface {
+	// Path provides the full path of the target of this file info.
+	Path() string
+
+	// Size returns current length in bytes of the file. The return value can
+	// be used to write to the end of the file at path. The value is
+	// meaningless if IsDir returns true.
+	Size() int64
+
+	// ModTime returns the modification time for the file. For backends that
+	// don't have a modification time, the creation time should be returned.
+	ModTime() time.Time
+
+	// IsDir returns true if the path is a directory.
+	IsDir() bool
+}
+
+// NOTE(stevvooe): The next two types, FileInfoFields and FileInfoInternal
+// should only be used by storagedriver implementations. They should moved to
+// a "driver" package, similar to database/sql.
+
+// FileInfoFields provides the exported fields for implementing FileInfo
+// interface in storagedriver implementations. It should be used with
+// InternalFileInfo.
+type FileInfoFields struct {
+	// Path provides the full path of the target of this file info.
+	Path string
+
+	// Size is current length in bytes of the file. The value of this field
+	// can be used to write to the end of the file at path. The value is
+	// meaningless if IsDir is set to true.
+	Size int64
+
+	// ModTime returns the modification time for the file. For backends that
+	// don't have a modification time, the creation time should be returned.
+	ModTime time.Time
+
+	// IsDir returns true if the path is a directory.
+	IsDir bool
+}
+
+// FileInfoInternal implements the FileInfo interface. This should only be
+// used by storagedriver implementations that don't have a specialized
+// FileInfo type.
+type FileInfoInternal struct {
+	FileInfoFields
+}
+
+var _ FileInfo = FileInfoInternal{}
+var _ FileInfo = &FileInfoInternal{}
+
+// Path provides the full path of the target of this file info.
+func (fi FileInfoInternal) Path() string {
+	return fi.FileInfoFields.Path
+}
+
+// Size returns current length in bytes of the file. The return value can
+// be used to write to the end of the file at path. The value is
+// meaningless if IsDir returns true.
+func (fi FileInfoInternal) Size() int64 {
+	return fi.FileInfoFields.Size
+}
+
+// ModTime returns the modification time for the file. For backends that
+// don't have a modification time, the creation time should be returned.
+func (fi FileInfoInternal) ModTime() time.Time {
+	return fi.FileInfoFields.ModTime
+}
+
+// IsDir returns true if the path is a directory.
+func (fi FileInfoInternal) IsDir() bool {
+	return fi.FileInfoFields.IsDir
+}
diff --git a/vendor/github.com/docker/distribution/registry/storage/driver/filesystem/driver.go b/vendor/github.com/docker/distribution/registry/storage/driver/filesystem/driver.go
new file mode 100644
index 000000000..8fc9d1ca0
--- /dev/null
+++ b/vendor/github.com/docker/distribution/registry/storage/driver/filesystem/driver.go
@@ -0,0 +1,420 @@
+package filesystem
+
+import (
+	"bufio"
+	"bytes"
+	"context"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"os"
+	"path"
+	"time"
+
+	storagedriver "github.com/docker/distribution/registry/storage/driver"
+	"github.com/docker/distribution/registry/storage/driver/base"
+	"github.com/docker/distribution/registry/storage/driver/factory"
+)
+
+const (
+	driverName           = "filesystem"
+	defaultRootDirectory = "/var/lib/registry"
+	defaultMaxThreads    = uint64(100)
+
+	// minThreads is the minimum value for the maxthreads configuration
+	// parameter. If the driver's parameters are less than this we set
+	// the parameters to minThreads
+	minThreads = uint64(25)
+)
+
+// DriverParameters represents all configuration options available for the
+// filesystem driver
+type DriverParameters struct {
+	RootDirectory string
+	MaxThreads    uint64
+}
+
+func init() {
+	factory.Register(driverName, &filesystemDriverFactory{})
+}
+
+// filesystemDriverFactory implements the factory.StorageDriverFactory interface
+type filesystemDriverFactory struct{}
+
+func (factory *filesystemDriverFactory) Create(parameters map[string]interface{}) (storagedriver.StorageDriver, error) {
+	return FromParameters(parameters)
+}
+
+type driver struct {
+	rootDirectory string
+}
+
+type baseEmbed struct {
+	base.Base
+}
+
+// Driver is a storagedriver.StorageDriver implementation backed by a local
+// filesystem. All provided paths will be subpaths of the RootDirectory.
+type Driver struct {
+	baseEmbed
+}
+
+// FromParameters constructs a new Driver with a given parameters map
+// Optional Parameters:
+// - rootdirectory
+// - maxthreads
+func FromParameters(parameters map[string]interface{}) (*Driver, error) {
+	params, err := fromParametersImpl(parameters)
+	if err != nil || params == nil {
+		return nil, err
+	}
+	return New(*params), nil
+}
+
+func fromParametersImpl(parameters map[string]interface{}) (*DriverParameters, error) {
+	var (
+		err           error
+		maxThreads    = defaultMaxThreads
+		rootDirectory = defaultRootDirectory
+	)
+
+	if parameters != nil {
+		if rootDir, ok := parameters["rootdirectory"]; ok {
+			rootDirectory = fmt.Sprint(rootDir)
+		}
+
+		maxThreads, err = base.GetLimitFromParameter(parameters["maxthreads"], minThreads, defaultMaxThreads)
+		if err != nil {
+			return nil, fmt.Errorf("maxthreads config error: %s", err.Error())
+		}
+	}
+
+	params := &DriverParameters{
+		RootDirectory: rootDirectory,
+		MaxThreads:    maxThreads,
+	}
+	return params, nil
+}
+
+// New constructs a new Driver with a given rootDirectory
+func New(params DriverParameters) *Driver {
+	fsDriver := &driver{rootDirectory: params.RootDirectory}
+
+	return &Driver{
+		baseEmbed: baseEmbed{
+			Base: base.Base{
+				StorageDriver: base.NewRegulator(fsDriver, params.MaxThreads),
+			},
+		},
+	}
+}
+
+// Implement the storagedriver.StorageDriver interface
+
+func (d *driver) Name() string {
+	return driverName
+}
+
+// GetContent retrieves the content stored at "path" as a []byte.
+func (d *driver) GetContent(ctx context.Context, path string) ([]byte, error) {
+	rc, err := d.Reader(ctx, path, 0)
+	if err != nil {
+		return nil, err
+	}
+	defer rc.Close()
+
+	p, err := ioutil.ReadAll(rc)
+	if err != nil {
+		return nil, err
+	}
+
+	return p, nil
+}
+
+// PutContent stores the []byte content at a location designated by "path".
+func (d *driver) PutContent(ctx context.Context, subPath string, contents []byte) error {
+	writer, err := d.Writer(ctx, subPath, false)
+	if err != nil {
+		return err
+	}
+	defer writer.Close()
+	_, err = io.Copy(writer, bytes.NewReader(contents))
+	if err != nil {
+		writer.Cancel()
+		return err
+	}
+	return writer.Commit()
+}
+
+// Reader retrieves an io.ReadCloser for the content stored at "path" with a
+// given byte offset.
+func (d *driver) Reader(ctx context.Context, path string, offset int64) (io.ReadCloser, error) {
+	file, err := os.OpenFile(d.fullPath(path), os.O_RDONLY, 0644)
+	if err != nil {
+		if os.IsNotExist(err) {
+			return nil, storagedriver.PathNotFoundError{Path: path}
+		}
+
+		return nil, err
+	}
+
+	seekPos, err := file.Seek(offset, io.SeekStart)
+	if err != nil {
+		file.Close()
+		return nil, err
+	} else if seekPos < offset {
+		file.Close()
+		return nil, storagedriver.InvalidOffsetError{Path: path, Offset: offset}
+	}
+
+	return file, nil
+}
+
+func (d *driver) Writer(ctx context.Context, subPath string, append bool) (storagedriver.FileWriter, error) {
+	fullPath := d.fullPath(subPath)
+	parentDir := path.Dir(fullPath)
+	if err := os.MkdirAll(parentDir, 0777); err != nil {
+		return nil, err
+	}
+
+	fp, err := os.OpenFile(fullPath, os.O_WRONLY|os.O_CREATE, 0666)
+	if err != nil {
+		return nil, err
+	}
+
+	var offset int64
+
+	if !append {
+		err := fp.Truncate(0)
+		if err != nil {
+			fp.Close()
+			return nil, err
+		}
+	} else {
+		n, err := fp.Seek(0, io.SeekEnd)
+		if err != nil {
+			fp.Close()
+			return nil, err
+		}
+		offset = n
+	}
+
+	return newFileWriter(fp, offset), nil
+}
+
+// Stat retrieves the FileInfo for the given path, including the current size
+// in bytes and the creation time.
+func (d *driver) Stat(ctx context.Context, subPath string) (storagedriver.FileInfo, error) {
+	fullPath := d.fullPath(subPath)
+
+	fi, err := os.Stat(fullPath)
+	if err != nil {
+		if os.IsNotExist(err) {
+			return nil, storagedriver.PathNotFoundError{Path: subPath}
+		}
+
+		return nil, err
+	}
+
+	return fileInfo{
+		path:     subPath,
+		FileInfo: fi,
+	}, nil
+}
+
+// List returns a list of the objects that are direct descendants of the given
+// path.
+func (d *driver) List(ctx context.Context, subPath string) ([]string, error) {
+	fullPath := d.fullPath(subPath)
+
+	dir, err := os.Open(fullPath)
+	if err != nil {
+		if os.IsNotExist(err) {
+			return nil, storagedriver.PathNotFoundError{Path: subPath}
+		}
+		return nil, err
+	}
+
+	defer dir.Close()
+
+	fileNames, err := dir.Readdirnames(0)
+	if err != nil {
+		return nil, err
+	}
+
+	keys := make([]string, 0, len(fileNames))
+	for _, fileName := range fileNames {
+		keys = append(keys, path.Join(subPath, fileName))
+	}
+
+	return keys, nil
+}
+
+// Move moves an object stored at sourcePath to destPath, removing the original
+// object.
+func (d *driver) Move(ctx context.Context, sourcePath string, destPath string) error {
+	source := d.fullPath(sourcePath)
+	dest := d.fullPath(destPath)
+
+	if _, err := os.Stat(source); os.IsNotExist(err) {
+		return storagedriver.PathNotFoundError{Path: sourcePath}
+	}
+
+	if err := os.MkdirAll(path.Dir(dest), 0755); err != nil {
+		return err
+	}
+
+	err := os.Rename(source, dest)
+	return err
+}
+
+// Delete recursively deletes all objects stored at "path" and its subpaths.
+func (d *driver) Delete(ctx context.Context, subPath string) error {
+	fullPath := d.fullPath(subPath)
+
+	_, err := os.Stat(fullPath)
+	if err != nil && !os.IsNotExist(err) {
+		return err
+	} else if err != nil {
+		return storagedriver.PathNotFoundError{Path: subPath}
+	}
+
+	err = os.RemoveAll(fullPath)
+	return err
+}
+
+// URLFor returns a URL which may be used to retrieve the content stored at the given path.
+// May return an UnsupportedMethodErr in certain StorageDriver implementations.
+func (d *driver) URLFor(ctx context.Context, path string, options map[string]interface{}) (string, error) {
+	return "", storagedriver.ErrUnsupportedMethod{}
+}
+
+// Walk traverses a filesystem defined within driver, starting
+// from the given path, calling f on each file
+func (d *driver) Walk(ctx context.Context, path string, f storagedriver.WalkFn) error {
+	return storagedriver.WalkFallback(ctx, d, path, f)
+}
+
+// fullPath returns the absolute path of a key within the Driver's storage.
+func (d *driver) fullPath(subPath string) string {
+	return path.Join(d.rootDirectory, subPath)
+}
+
+type fileInfo struct {
+	os.FileInfo
+	path string
+}
+
+var _ storagedriver.FileInfo = fileInfo{}
+
+// Path provides the full path of the target of this file info.
+func (fi fileInfo) Path() string {
+	return fi.path
+}
+
+// Size returns current length in bytes of the file. The return value can
+// be used to write to the end of the file at path. The value is
+// meaningless if IsDir returns true.
+func (fi fileInfo) Size() int64 {
+	if fi.IsDir() {
+		return 0
+	}
+
+	return fi.FileInfo.Size()
+}
+
+// ModTime returns the modification time for the file. For backends that
+// don't have a modification time, the creation time should be returned.
+func (fi fileInfo) ModTime() time.Time {
+	return fi.FileInfo.ModTime()
+}
+
+// IsDir returns true if the path is a directory.
+func (fi fileInfo) IsDir() bool {
+	return fi.FileInfo.IsDir()
+}
+
+type fileWriter struct {
+	file      *os.File
+	size      int64
+	bw        *bufio.Writer
+	closed    bool
+	committed bool
+	cancelled bool
+}
+
+func newFileWriter(file *os.File, size int64) *fileWriter {
+	return &fileWriter{
+		file: file,
+		size: size,
+		bw:   bufio.NewWriter(file),
+	}
+}
+
+func (fw *fileWriter) Write(p []byte) (int, error) {
+	if fw.closed {
+		return 0, fmt.Errorf("already closed")
+	} else if fw.committed {
+		return 0, fmt.Errorf("already committed")
+	} else if fw.cancelled {
+		return 0, fmt.Errorf("already cancelled")
+	}
+	n, err := fw.bw.Write(p)
+	fw.size += int64(n)
+	return n, err
+}
+
+func (fw *fileWriter) Size() int64 {
+	return fw.size
+}
+
+func (fw *fileWriter) Close() error {
+	if fw.closed {
+		return fmt.Errorf("already closed")
+	}
+
+	if err := fw.bw.Flush(); err != nil {
+		return err
+	}
+
+	if err := fw.file.Sync(); err != nil {
+		return err
+	}
+
+	if err := fw.file.Close(); err != nil {
+		return err
+	}
+	fw.closed = true
+	return nil
+}
+
+func (fw *fileWriter) Cancel() error {
+	if fw.closed {
+		return fmt.Errorf("already closed")
+	}
+
+	fw.cancelled = true
+	fw.file.Close()
+	return os.Remove(fw.file.Name())
+}
+
+func (fw *fileWriter) Commit() error {
+	if fw.closed {
+		return fmt.Errorf("already closed")
+	} else if fw.committed {
+		return fmt.Errorf("already committed")
+	} else if fw.cancelled {
+		return fmt.Errorf("already cancelled")
+	}
+
+	if err := fw.bw.Flush(); err != nil {
+		return err
+	}
+
+	if err := fw.file.Sync(); err != nil {
+		return err
+	}
+
+	fw.committed = true
+	return nil
+}
diff --git a/vendor/github.com/docker/distribution/registry/storage/driver/gcs/doc.go b/vendor/github.com/docker/distribution/registry/storage/driver/gcs/doc.go
new file mode 100644
index 000000000..0f23ea785
--- /dev/null
+++ b/vendor/github.com/docker/distribution/registry/storage/driver/gcs/doc.go
@@ -0,0 +1,3 @@
+// Package gcs implements the Google Cloud Storage driver backend. Support can be
+// enabled by including the "include_gcs" build tag.
+package gcs
diff --git a/vendor/github.com/docker/distribution/registry/storage/driver/gcs/gcs.go b/vendor/github.com/docker/distribution/registry/storage/driver/gcs/gcs.go
new file mode 100644
index 000000000..66d0d1ad7
--- /dev/null
+++ b/vendor/github.com/docker/distribution/registry/storage/driver/gcs/gcs.go
@@ -0,0 +1,931 @@
+// Package gcs provides a storagedriver.StorageDriver implementation to
+// store blobs in Google cloud storage.
+//
+// This package leverages the google.golang.org/cloud/storage client library
+//for interfacing with gcs.
+//
+// Because gcs is a key, value store the Stat call does not support last modification
+// time for directories (directories are an abstraction for key, value stores)
+//
+// Note that the contents of incomplete uploads are not accessible even though
+// Stat returns their length
+//
+//go:build include_gcs
+// +build include_gcs
+
+package gcs
+
+import (
+	"bytes"
+	"context"
+	"encoding/json"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"math/rand"
+	"net/http"
+	"net/url"
+	"reflect"
+	"regexp"
+	"sort"
+	"strconv"
+	"strings"
+	"time"
+
+	storagedriver "github.com/docker/distribution/registry/storage/driver"
+	"github.com/docker/distribution/registry/storage/driver/base"
+	"github.com/docker/distribution/registry/storage/driver/factory"
+	"github.com/sirupsen/logrus"
+	"golang.org/x/oauth2"
+	"golang.org/x/oauth2/google"
+	"golang.org/x/oauth2/jwt"
+	"google.golang.org/api/googleapi"
+	"google.golang.org/cloud"
+	"google.golang.org/cloud/storage"
+)
+
+const (
+	driverName     = "gcs"
+	dummyProjectID = "<unknown>"
+
+	uploadSessionContentType = "application/x-docker-upload-session"
+	minChunkSize             = 256 * 1024
+	defaultChunkSize         = 20 * minChunkSize
+	defaultMaxConcurrency    = 50
+	minConcurrency           = 25
+
+	maxTries = 5
+)
+
+var rangeHeader = regexp.MustCompile(`^bytes=([0-9])+-([0-9]+)$`)
+
+// driverParameters is a struct that encapsulates all of the driver parameters after all values have been set
+type driverParameters struct {
+	bucket        string
+	config        *jwt.Config
+	email         string
+	privateKey    []byte
+	client        *http.Client
+	rootDirectory string
+	chunkSize     int
+
+	// maxConcurrency limits the number of concurrent driver operations
+	// to GCS, which ultimately increases reliability of many simultaneous
+	// pushes by ensuring we aren't DoSing our own server with many
+	// connections.
+	maxConcurrency uint64
+}
+
+func init() {
+	factory.Register(driverName, &gcsDriverFactory{})
+}
+
+// gcsDriverFactory implements the factory.StorageDriverFactory interface
+type gcsDriverFactory struct{}
+
+// Create StorageDriver from parameters
+func (factory *gcsDriverFactory) Create(parameters map[string]interface{}) (storagedriver.StorageDriver, error) {
+	return FromParameters(parameters)
+}
+
+// driver is a storagedriver.StorageDriver implementation backed by GCS
+// Objects are stored at absolute keys in the provided bucket.
+type driver struct {
+	client        *http.Client
+	bucket        string
+	email         string
+	privateKey    []byte
+	rootDirectory string
+	chunkSize     int
+}
+
+// Wrapper wraps `driver` with a throttler, ensuring that no more than N
+// GCS actions can occur concurrently. The default limit is 75.
+type Wrapper struct {
+	baseEmbed
+}
+
+type baseEmbed struct {
+	base.Base
+}
+
+// FromParameters constructs a new Driver with a given parameters map
+// Required parameters:
+// - bucket
+func FromParameters(parameters map[string]interface{}) (storagedriver.StorageDriver, error) {
+	bucket, ok := parameters["bucket"]
+	if !ok || fmt.Sprint(bucket) == "" {
+		return nil, fmt.Errorf("No bucket parameter provided")
+	}
+
+	rootDirectory, ok := parameters["rootdirectory"]
+	if !ok {
+		rootDirectory = ""
+	}
+
+	chunkSize := defaultChunkSize
+	chunkSizeParam, ok := parameters["chunksize"]
+	if ok {
+		switch v := chunkSizeParam.(type) {
+		case string:
+			vv, err := strconv.Atoi(v)
+			if err != nil {
+				return nil, fmt.Errorf("chunksize parameter must be an integer, %v invalid", chunkSizeParam)
+			}
+			chunkSize = vv
+		case int, uint, int32, uint32, uint64, int64:
+			chunkSize = int(reflect.ValueOf(v).Convert(reflect.TypeOf(chunkSize)).Int())
+		default:
+			return nil, fmt.Errorf("invalid valud for chunksize: %#v", chunkSizeParam)
+		}
+
+		if chunkSize < minChunkSize {
+			return nil, fmt.Errorf("The chunksize %#v parameter should be a number that is larger than or equal to %d", chunkSize, minChunkSize)
+		}
+
+		if chunkSize%minChunkSize != 0 {
+			return nil, fmt.Errorf("chunksize should be a multiple of %d", minChunkSize)
+		}
+	}
+
+	var ts oauth2.TokenSource
+	jwtConf := new(jwt.Config)
+	if keyfile, ok := parameters["keyfile"]; ok {
+		jsonKey, err := ioutil.ReadFile(fmt.Sprint(keyfile))
+		if err != nil {
+			return nil, err
+		}
+		jwtConf, err = google.JWTConfigFromJSON(jsonKey, storage.ScopeFullControl)
+		if err != nil {
+			return nil, err
+		}
+		ts = jwtConf.TokenSource(context.Background())
+	} else if credentials, ok := parameters["credentials"]; ok {
+		credentialMap, ok := credentials.(map[interface{}]interface{})
+		if !ok {
+			return nil, fmt.Errorf("The credentials were not specified in the correct format")
+		}
+
+		stringMap := map[string]interface{}{}
+		for k, v := range credentialMap {
+			key, ok := k.(string)
+			if !ok {
+				return nil, fmt.Errorf("One of the credential keys was not a string: %s", fmt.Sprint(k))
+			}
+			stringMap[key] = v
+		}
+
+		data, err := json.Marshal(stringMap)
+		if err != nil {
+			return nil, fmt.Errorf("Failed to marshal gcs credentials to json")
+		}
+
+		jwtConf, err = google.JWTConfigFromJSON(data, storage.ScopeFullControl)
+		if err != nil {
+			return nil, err
+		}
+		ts = jwtConf.TokenSource(context.Background())
+	} else {
+		var err error
+		ts, err = google.DefaultTokenSource(context.Background(), storage.ScopeFullControl)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	maxConcurrency, err := base.GetLimitFromParameter(parameters["maxconcurrency"], minConcurrency, defaultMaxConcurrency)
+	if err != nil {
+		return nil, fmt.Errorf("maxconcurrency config error: %s", err)
+	}
+
+	params := driverParameters{
+		bucket:         fmt.Sprint(bucket),
+		rootDirectory:  fmt.Sprint(rootDirectory),
+		email:          jwtConf.Email,
+		privateKey:     jwtConf.PrivateKey,
+		client:         oauth2.NewClient(context.Background(), ts),
+		chunkSize:      chunkSize,
+		maxConcurrency: maxConcurrency,
+	}
+
+	return New(params)
+}
+
+// New constructs a new driver
+func New(params driverParameters) (storagedriver.StorageDriver, error) {
+	rootDirectory := strings.Trim(params.rootDirectory, "/")
+	if rootDirectory != "" {
+		rootDirectory += "/"
+	}
+	if params.chunkSize <= 0 || params.chunkSize%minChunkSize != 0 {
+		return nil, fmt.Errorf("Invalid chunksize: %d is not a positive multiple of %d", params.chunkSize, minChunkSize)
+	}
+	d := &driver{
+		bucket:        params.bucket,
+		rootDirectory: rootDirectory,
+		email:         params.email,
+		privateKey:    params.privateKey,
+		client:        params.client,
+		chunkSize:     params.chunkSize,
+	}
+
+	return &Wrapper{
+		baseEmbed: baseEmbed{
+			Base: base.Base{
+				StorageDriver: base.NewRegulator(d, params.maxConcurrency),
+			},
+		},
+	}, nil
+}
+
+// Implement the storagedriver.StorageDriver interface
+
+func (d *driver) Name() string {
+	return driverName
+}
+
+// GetContent retrieves the content stored at "path" as a []byte.
+// This should primarily be used for small objects.
+func (d *driver) GetContent(context context.Context, path string) ([]byte, error) {
+	gcsContext := d.context(context)
+	name := d.pathToKey(path)
+	var rc io.ReadCloser
+	err := retry(func() error {
+		var err error
+		rc, err = storage.NewReader(gcsContext, d.bucket, name)
+		return err
+	})
+	if err == storage.ErrObjectNotExist {
+		return nil, storagedriver.PathNotFoundError{Path: path}
+	}
+	if err != nil {
+		return nil, err
+	}
+	defer rc.Close()
+
+	p, err := ioutil.ReadAll(rc)
+	if err != nil {
+		return nil, err
+	}
+	return p, nil
+}
+
+// PutContent stores the []byte content at a location designated by "path".
+// This should primarily be used for small objects.
+func (d *driver) PutContent(context context.Context, path string, contents []byte) error {
+	return retry(func() error {
+		wc := storage.NewWriter(d.context(context), d.bucket, d.pathToKey(path))
+		wc.ContentType = "application/octet-stream"
+		return putContentsClose(wc, contents)
+	})
+}
+
+// Reader retrieves an io.ReadCloser for the content stored at "path"
+// with a given byte offset.
+// May be used to resume reading a stream by providing a nonzero offset.
+func (d *driver) Reader(context context.Context, path string, offset int64) (io.ReadCloser, error) {
+	res, err := getObject(d.client, d.bucket, d.pathToKey(path), offset)
+	if err != nil {
+		if res != nil {
+			if res.StatusCode == http.StatusNotFound {
+				res.Body.Close()
+				return nil, storagedriver.PathNotFoundError{Path: path}
+			}
+
+			if res.StatusCode == http.StatusRequestedRangeNotSatisfiable {
+				res.Body.Close()
+				obj, err := storageStatObject(d.context(context), d.bucket, d.pathToKey(path))
+				if err != nil {
+					return nil, err
+				}
+				if offset == int64(obj.Size) {
+					return ioutil.NopCloser(bytes.NewReader([]byte{})), nil
+				}
+				return nil, storagedriver.InvalidOffsetError{Path: path, Offset: offset}
+			}
+		}
+		return nil, err
+	}
+	if res.Header.Get("Content-Type") == uploadSessionContentType {
+		defer res.Body.Close()
+		return nil, storagedriver.PathNotFoundError{Path: path}
+	}
+	return res.Body, nil
+}
+
+func getObject(client *http.Client, bucket string, name string, offset int64) (*http.Response, error) {
+	// copied from google.golang.org/cloud/storage#NewReader :
+	// to set the additional "Range" header
+	u := &url.URL{
+		Scheme: "https",
+		Host:   "storage.googleapis.com",
+		Path:   fmt.Sprintf("/%s/%s", bucket, name),
+	}
+	req, err := http.NewRequest("GET", u.String(), nil)
+	if err != nil {
+		return nil, err
+	}
+	if offset > 0 {
+		req.Header.Set("Range", fmt.Sprintf("bytes=%v-", offset))
+	}
+	var res *http.Response
+	err = retry(func() error {
+		var err error
+		res, err = client.Do(req)
+		return err
+	})
+	if err != nil {
+		return nil, err
+	}
+	return res, googleapi.CheckMediaResponse(res)
+}
+
+// Writer returns a FileWriter which will store the content written to it
+// at the location designated by "path" after the call to Commit.
+func (d *driver) Writer(context context.Context, path string, append bool) (storagedriver.FileWriter, error) {
+	writer := &writer{
+		client: d.client,
+		bucket: d.bucket,
+		name:   d.pathToKey(path),
+		buffer: make([]byte, d.chunkSize),
+	}
+
+	if append {
+		err := writer.init(path)
+		if err != nil {
+			return nil, err
+		}
+	}
+	return writer, nil
+}
+
+type writer struct {
+	client     *http.Client
+	bucket     string
+	name       string
+	size       int64
+	offset     int64
+	closed     bool
+	sessionURI string
+	buffer     []byte
+	buffSize   int
+}
+
+// Cancel removes any written content from this FileWriter.
+func (w *writer) Cancel() error {
+	w.closed = true
+	err := storageDeleteObject(cloud.NewContext(dummyProjectID, w.client), w.bucket, w.name)
+	if err != nil {
+		if status, ok := err.(*googleapi.Error); ok {
+			if status.Code == http.StatusNotFound {
+				err = nil
+			}
+		}
+	}
+	return err
+}
+
+func (w *writer) Close() error {
+	if w.closed {
+		return nil
+	}
+	w.closed = true
+
+	err := w.writeChunk()
+	if err != nil {
+		return err
+	}
+
+	// Copy the remaining bytes from the buffer to the upload session
+	// Normally buffSize will be smaller than minChunkSize. However, in the
+	// unlikely event that the upload session failed to start, this number could be higher.
+	// In this case we can safely clip the remaining bytes to the minChunkSize
+	if w.buffSize > minChunkSize {
+		w.buffSize = minChunkSize
+	}
+
+	// commit the writes by updating the upload session
+	err = retry(func() error {
+		wc := storage.NewWriter(cloud.NewContext(dummyProjectID, w.client), w.bucket, w.name)
+		wc.ContentType = uploadSessionContentType
+		wc.Metadata = map[string]string{
+			"Session-URI": w.sessionURI,
+			"Offset":      strconv.FormatInt(w.offset, 10),
+		}
+		return putContentsClose(wc, w.buffer[0:w.buffSize])
+	})
+	if err != nil {
+		return err
+	}
+	w.size = w.offset + int64(w.buffSize)
+	w.buffSize = 0
+	return nil
+}
+
+func putContentsClose(wc *storage.Writer, contents []byte) error {
+	size := len(contents)
+	var nn int
+	var err error
+	for nn < size {
+		n, err := wc.Write(contents[nn:size])
+		nn += n
+		if err != nil {
+			break
+		}
+	}
+	if err != nil {
+		wc.CloseWithError(err)
+		return err
+	}
+	return wc.Close()
+}
+
+// Commit flushes all content written to this FileWriter and makes it
+// available for future calls to StorageDriver.GetContent and
+// StorageDriver.Reader.
+func (w *writer) Commit() error {
+
+	if err := w.checkClosed(); err != nil {
+		return err
+	}
+	w.closed = true
+
+	// no session started yet just perform a simple upload
+	if w.sessionURI == "" {
+		err := retry(func() error {
+			wc := storage.NewWriter(cloud.NewContext(dummyProjectID, w.client), w.bucket, w.name)
+			wc.ContentType = "application/octet-stream"
+			return putContentsClose(wc, w.buffer[0:w.buffSize])
+		})
+		if err != nil {
+			return err
+		}
+		w.size = w.offset + int64(w.buffSize)
+		w.buffSize = 0
+		return nil
+	}
+	size := w.offset + int64(w.buffSize)
+	var nn int
+	// loop must be performed at least once to ensure the file is committed even when
+	// the buffer is empty
+	for {
+		n, err := putChunk(w.client, w.sessionURI, w.buffer[nn:w.buffSize], w.offset, size)
+		nn += int(n)
+		w.offset += n
+		w.size = w.offset
+		if err != nil {
+			w.buffSize = copy(w.buffer, w.buffer[nn:w.buffSize])
+			return err
+		}
+		if nn == w.buffSize {
+			break
+		}
+	}
+	w.buffSize = 0
+	return nil
+}
+
+func (w *writer) checkClosed() error {
+	if w.closed {
+		return fmt.Errorf("Writer already closed")
+	}
+	return nil
+}
+
+func (w *writer) writeChunk() error {
+	var err error
+	// chunks can be uploaded only in multiples of minChunkSize
+	// chunkSize is a multiple of minChunkSize less than or equal to buffSize
+	chunkSize := w.buffSize - (w.buffSize % minChunkSize)
+	if chunkSize == 0 {
+		return nil
+	}
+	// if their is no sessionURI yet, obtain one by starting the session
+	if w.sessionURI == "" {
+		w.sessionURI, err = startSession(w.client, w.bucket, w.name)
+	}
+	if err != nil {
+		return err
+	}
+	nn, err := putChunk(w.client, w.sessionURI, w.buffer[0:chunkSize], w.offset, -1)
+	w.offset += nn
+	if w.offset > w.size {
+		w.size = w.offset
+	}
+	// shift the remaining bytes to the start of the buffer
+	w.buffSize = copy(w.buffer, w.buffer[int(nn):w.buffSize])
+
+	return err
+}
+
+func (w *writer) Write(p []byte) (int, error) {
+	err := w.checkClosed()
+	if err != nil {
+		return 0, err
+	}
+
+	var nn int
+	for nn < len(p) {
+		n := copy(w.buffer[w.buffSize:], p[nn:])
+		w.buffSize += n
+		if w.buffSize == cap(w.buffer) {
+			err = w.writeChunk()
+			if err != nil {
+				break
+			}
+		}
+		nn += n
+	}
+	return nn, err
+}
+
+// Size returns the number of bytes written to this FileWriter.
+func (w *writer) Size() int64 {
+	return w.size
+}
+
+func (w *writer) init(path string) error {
+	res, err := getObject(w.client, w.bucket, w.name, 0)
+	if err != nil {
+		return err
+	}
+	defer res.Body.Close()
+	if res.Header.Get("Content-Type") != uploadSessionContentType {
+		return storagedriver.PathNotFoundError{Path: path}
+	}
+	offset, err := strconv.ParseInt(res.Header.Get("X-Goog-Meta-Offset"), 10, 64)
+	if err != nil {
+		return err
+	}
+	buffer, err := ioutil.ReadAll(res.Body)
+	if err != nil {
+		return err
+	}
+	w.sessionURI = res.Header.Get("X-Goog-Meta-Session-URI")
+	w.buffSize = copy(w.buffer, buffer)
+	w.offset = offset
+	w.size = offset + int64(w.buffSize)
+	return nil
+}
+
+type request func() error
+
+func retry(req request) error {
+	backoff := time.Second
+	var err error
+	for i := 0; i < maxTries; i++ {
+		err = req()
+		if err == nil {
+			return nil
+		}
+
+		status, ok := err.(*googleapi.Error)
+		if !ok || (status.Code != 429 && status.Code < http.StatusInternalServerError) {
+			return err
+		}
+
+		time.Sleep(backoff - time.Second + (time.Duration(rand.Int31n(1000)) * time.Millisecond))
+		if i <= 4 {
+			backoff = backoff * 2
+		}
+	}
+	return err
+}
+
+// Stat retrieves the FileInfo for the given path, including the current
+// size in bytes and the creation time.
+func (d *driver) Stat(context context.Context, path string) (storagedriver.FileInfo, error) {
+	var fi storagedriver.FileInfoFields
+	//try to get as file
+	gcsContext := d.context(context)
+	obj, err := storageStatObject(gcsContext, d.bucket, d.pathToKey(path))
+	if err == nil {
+		if obj.ContentType == uploadSessionContentType {
+			return nil, storagedriver.PathNotFoundError{Path: path}
+		}
+		fi = storagedriver.FileInfoFields{
+			Path:    path,
+			Size:    obj.Size,
+			ModTime: obj.Updated,
+			IsDir:   false,
+		}
+		return storagedriver.FileInfoInternal{FileInfoFields: fi}, nil
+	}
+	//try to get as folder
+	dirpath := d.pathToDirKey(path)
+
+	var query *storage.Query
+	query = &storage.Query{}
+	query.Prefix = dirpath
+	query.MaxResults = 1
+
+	objects, err := storageListObjects(gcsContext, d.bucket, query)
+	if err != nil {
+		return nil, err
+	}
+	if len(objects.Results) < 1 {
+		return nil, storagedriver.PathNotFoundError{Path: path}
+	}
+	fi = storagedriver.FileInfoFields{
+		Path:  path,
+		IsDir: true,
+	}
+	obj = objects.Results[0]
+	if obj.Name == dirpath {
+		fi.Size = obj.Size
+		fi.ModTime = obj.Updated
+	}
+	return storagedriver.FileInfoInternal{FileInfoFields: fi}, nil
+}
+
+// List returns a list of the objects that are direct descendants of the
+//given path.
+func (d *driver) List(context context.Context, path string) ([]string, error) {
+	var query *storage.Query
+	query = &storage.Query{}
+	query.Delimiter = "/"
+	query.Prefix = d.pathToDirKey(path)
+	list := make([]string, 0, 64)
+	for {
+		objects, err := storageListObjects(d.context(context), d.bucket, query)
+		if err != nil {
+			return nil, err
+		}
+		for _, object := range objects.Results {
+			// GCS does not guarantee strong consistency between
+			// DELETE and LIST operations. Check that the object is not deleted,
+			// and filter out any objects with a non-zero time-deleted
+			if object.Deleted.IsZero() && object.ContentType != uploadSessionContentType {
+				list = append(list, d.keyToPath(object.Name))
+			}
+		}
+		for _, subpath := range objects.Prefixes {
+			subpath = d.keyToPath(subpath)
+			list = append(list, subpath)
+		}
+		query = objects.Next
+		if query == nil {
+			break
+		}
+	}
+	if path != "/" && len(list) == 0 {
+		// Treat empty response as missing directory, since we don't actually
+		// have directories in Google Cloud Storage.
+		return nil, storagedriver.PathNotFoundError{Path: path}
+	}
+	return list, nil
+}
+
+// Move moves an object stored at sourcePath to destPath, removing the
+// original object.
+func (d *driver) Move(context context.Context, sourcePath string, destPath string) error {
+	gcsContext := d.context(context)
+	_, err := storageCopyObject(gcsContext, d.bucket, d.pathToKey(sourcePath), d.bucket, d.pathToKey(destPath), nil)
+	if err != nil {
+		if status, ok := err.(*googleapi.Error); ok {
+			if status.Code == http.StatusNotFound {
+				return storagedriver.PathNotFoundError{Path: sourcePath}
+			}
+		}
+		return err
+	}
+	err = storageDeleteObject(gcsContext, d.bucket, d.pathToKey(sourcePath))
+	// if deleting the file fails, log the error, but do not fail; the file was successfully copied,
+	// and the original should eventually be cleaned when purging the uploads folder.
+	if err != nil {
+		logrus.Infof("error deleting file: %v due to %v", sourcePath, err)
+	}
+	return nil
+}
+
+// listAll recursively lists all names of objects stored at "prefix" and its subpaths.
+func (d *driver) listAll(context context.Context, prefix string) ([]string, error) {
+	list := make([]string, 0, 64)
+	query := &storage.Query{}
+	query.Prefix = prefix
+	query.Versions = false
+	for {
+		objects, err := storageListObjects(d.context(context), d.bucket, query)
+		if err != nil {
+			return nil, err
+		}
+		for _, obj := range objects.Results {
+			// GCS does not guarantee strong consistency between
+			// DELETE and LIST operations. Check that the object is not deleted,
+			// and filter out any objects with a non-zero time-deleted
+			if obj.Deleted.IsZero() {
+				list = append(list, obj.Name)
+			}
+		}
+		query = objects.Next
+		if query == nil {
+			break
+		}
+	}
+	return list, nil
+}
+
+// Delete recursively deletes all objects stored at "path" and its subpaths.
+func (d *driver) Delete(context context.Context, path string) error {
+	prefix := d.pathToDirKey(path)
+	gcsContext := d.context(context)
+	keys, err := d.listAll(gcsContext, prefix)
+	if err != nil {
+		return err
+	}
+	if len(keys) > 0 {
+		sort.Sort(sort.Reverse(sort.StringSlice(keys)))
+		for _, key := range keys {
+			err := storageDeleteObject(gcsContext, d.bucket, key)
+			// GCS only guarantees eventual consistency, so listAll might return
+			// paths that no longer exist. If this happens, just ignore any not
+			// found error
+			if status, ok := err.(*googleapi.Error); ok {
+				if status.Code == http.StatusNotFound {
+					err = nil
+				}
+			}
+			if err != nil {
+				return err
+			}
+		}
+		return nil
+	}
+	err = storageDeleteObject(gcsContext, d.bucket, d.pathToKey(path))
+	if err != nil {
+		if status, ok := err.(*googleapi.Error); ok {
+			if status.Code == http.StatusNotFound {
+				return storagedriver.PathNotFoundError{Path: path}
+			}
+		}
+	}
+	return err
+}
+
+func storageDeleteObject(context context.Context, bucket string, name string) error {
+	return retry(func() error {
+		return storage.DeleteObject(context, bucket, name)
+	})
+}
+
+func storageStatObject(context context.Context, bucket string, name string) (*storage.Object, error) {
+	var obj *storage.Object
+	err := retry(func() error {
+		var err error
+		obj, err = storage.StatObject(context, bucket, name)
+		return err
+	})
+	return obj, err
+}
+
+func storageListObjects(context context.Context, bucket string, q *storage.Query) (*storage.Objects, error) {
+	var objs *storage.Objects
+	err := retry(func() error {
+		var err error
+		objs, err = storage.ListObjects(context, bucket, q)
+		return err
+	})
+	return objs, err
+}
+
+func storageCopyObject(context context.Context, srcBucket, srcName string, destBucket, destName string, attrs *storage.ObjectAttrs) (*storage.Object, error) {
+	var obj *storage.Object
+	err := retry(func() error {
+		var err error
+		obj, err = storage.CopyObject(context, srcBucket, srcName, destBucket, destName, attrs)
+		return err
+	})
+	return obj, err
+}
+
+// URLFor returns a URL which may be used to retrieve the content stored at
+// the given path, possibly using the given options.
+// Returns ErrUnsupportedMethod if this driver has no privateKey
+func (d *driver) URLFor(context context.Context, path string, options map[string]interface{}) (string, error) {
+	if d.privateKey == nil {
+		return "", storagedriver.ErrUnsupportedMethod{}
+	}
+
+	name := d.pathToKey(path)
+	methodString := "GET"
+	method, ok := options["method"]
+	if ok {
+		methodString, ok = method.(string)
+		if !ok || (methodString != "GET" && methodString != "HEAD") {
+			return "", storagedriver.ErrUnsupportedMethod{}
+		}
+	}
+
+	expiresTime := time.Now().Add(20 * time.Minute)
+	expires, ok := options["expiry"]
+	if ok {
+		et, ok := expires.(time.Time)
+		if ok {
+			expiresTime = et
+		}
+	}
+
+	opts := &storage.SignedURLOptions{
+		GoogleAccessID: d.email,
+		PrivateKey:     d.privateKey,
+		Method:         methodString,
+		Expires:        expiresTime,
+	}
+	return storage.SignedURL(d.bucket, name, opts)
+}
+
+// Walk traverses a filesystem defined within driver, starting
+// from the given path, calling f on each file
+func (d *driver) Walk(ctx context.Context, path string, f storagedriver.WalkFn) error {
+	return storagedriver.WalkFallback(ctx, d, path, f)
+}
+
+func startSession(client *http.Client, bucket string, name string) (uri string, err error) {
+	u := &url.URL{
+		Scheme:   "https",
+		Host:     "www.googleapis.com",
+		Path:     fmt.Sprintf("/upload/storage/v1/b/%v/o", bucket),
+		RawQuery: fmt.Sprintf("uploadType=resumable&name=%v", name),
+	}
+	err = retry(func() error {
+		req, err := http.NewRequest("POST", u.String(), nil)
+		if err != nil {
+			return err
+		}
+		req.Header.Set("X-Upload-Content-Type", "application/octet-stream")
+		req.Header.Set("Content-Length", "0")
+		resp, err := client.Do(req)
+		if err != nil {
+			return err
+		}
+		defer resp.Body.Close()
+		err = googleapi.CheckMediaResponse(resp)
+		if err != nil {
+			return err
+		}
+		uri = resp.Header.Get("Location")
+		return nil
+	})
+	return uri, err
+}
+
+func putChunk(client *http.Client, sessionURI string, chunk []byte, from int64, totalSize int64) (int64, error) {
+	bytesPut := int64(0)
+	err := retry(func() error {
+		req, err := http.NewRequest("PUT", sessionURI, bytes.NewReader(chunk))
+		if err != nil {
+			return err
+		}
+		length := int64(len(chunk))
+		to := from + length - 1
+		size := "*"
+		if totalSize >= 0 {
+			size = strconv.FormatInt(totalSize, 10)
+		}
+		req.Header.Set("Content-Type", "application/octet-stream")
+		if from == to+1 {
+			req.Header.Set("Content-Range", fmt.Sprintf("bytes */%v", size))
+		} else {
+			req.Header.Set("Content-Range", fmt.Sprintf("bytes %v-%v/%v", from, to, size))
+		}
+		req.Header.Set("Content-Length", strconv.FormatInt(length, 10))
+
+		resp, err := client.Do(req)
+		if err != nil {
+			return err
+		}
+		defer resp.Body.Close()
+		if totalSize < 0 && resp.StatusCode == 308 {
+			groups := rangeHeader.FindStringSubmatch(resp.Header.Get("Range"))
+			end, err := strconv.ParseInt(groups[2], 10, 64)
+			if err != nil {
+				return err
+			}
+			bytesPut = end - from + 1
+			return nil
+		}
+		err = googleapi.CheckMediaResponse(resp)
+		if err != nil {
+			return err
+		}
+		bytesPut = to - from + 1
+		return nil
+	})
+	return bytesPut, err
+}
+
+func (d *driver) context(context context.Context) context.Context {
+	return cloud.WithContext(context, dummyProjectID, d.client)
+}
+
+func (d *driver) pathToKey(path string) string {
+	return strings.TrimSpace(strings.TrimRight(d.rootDirectory+strings.TrimLeft(path, "/"), "/"))
+}
+
+func (d *driver) pathToDirKey(path string) string {
+	return d.pathToKey(path) + "/"
+}
+
+func (d *driver) keyToPath(key string) string {
+	return "/" + strings.Trim(strings.TrimPrefix(key, d.rootDirectory), "/")
+}
diff --git a/vendor/github.com/docker/distribution/registry/storage/driver/inmemory/driver.go b/vendor/github.com/docker/distribution/registry/storage/driver/inmemory/driver.go
new file mode 100644
index 000000000..4b1f5f48d
--- /dev/null
+++ b/vendor/github.com/docker/distribution/registry/storage/driver/inmemory/driver.go
@@ -0,0 +1,322 @@
+package inmemory
+
+import (
+	"context"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"sync"
+	"time"
+
+	storagedriver "github.com/docker/distribution/registry/storage/driver"
+	"github.com/docker/distribution/registry/storage/driver/base"
+	"github.com/docker/distribution/registry/storage/driver/factory"
+)
+
+const driverName = "inmemory"
+
+func init() {
+	factory.Register(driverName, &inMemoryDriverFactory{})
+}
+
+// inMemoryDriverFacotry implements the factory.StorageDriverFactory interface.
+type inMemoryDriverFactory struct{}
+
+func (factory *inMemoryDriverFactory) Create(parameters map[string]interface{}) (storagedriver.StorageDriver, error) {
+	return New(), nil
+}
+
+type driver struct {
+	root  *dir
+	mutex sync.RWMutex
+}
+
+// baseEmbed allows us to hide the Base embed.
+type baseEmbed struct {
+	base.Base
+}
+
+// Driver is a storagedriver.StorageDriver implementation backed by a local map.
+// Intended solely for example and testing purposes.
+type Driver struct {
+	baseEmbed // embedded, hidden base driver.
+}
+
+var _ storagedriver.StorageDriver = &Driver{}
+
+// New constructs a new Driver.
+func New() *Driver {
+	return &Driver{
+		baseEmbed: baseEmbed{
+			Base: base.Base{
+				StorageDriver: &driver{
+					root: &dir{
+						common: common{
+							p:   "/",
+							mod: time.Now(),
+						},
+					},
+				},
+			},
+		},
+	}
+}
+
+// Implement the storagedriver.StorageDriver interface.
+
+func (d *driver) Name() string {
+	return driverName
+}
+
+// GetContent retrieves the content stored at "path" as a []byte.
+func (d *driver) GetContent(ctx context.Context, path string) ([]byte, error) {
+	d.mutex.RLock()
+	defer d.mutex.RUnlock()
+
+	rc, err := d.reader(ctx, path, 0)
+	if err != nil {
+		return nil, err
+	}
+	defer rc.Close()
+
+	return ioutil.ReadAll(rc)
+}
+
+// PutContent stores the []byte content at a location designated by "path".
+func (d *driver) PutContent(ctx context.Context, p string, contents []byte) error {
+	d.mutex.Lock()
+	defer d.mutex.Unlock()
+
+	normalized := normalize(p)
+
+	f, err := d.root.mkfile(normalized)
+	if err != nil {
+		// TODO(stevvooe): Again, we need to clarify when this is not a
+		// directory in StorageDriver API.
+		return fmt.Errorf("not a file")
+	}
+
+	f.truncate()
+	f.WriteAt(contents, 0)
+
+	return nil
+}
+
+// Reader retrieves an io.ReadCloser for the content stored at "path" with a
+// given byte offset.
+func (d *driver) Reader(ctx context.Context, path string, offset int64) (io.ReadCloser, error) {
+	d.mutex.RLock()
+	defer d.mutex.RUnlock()
+
+	return d.reader(ctx, path, offset)
+}
+
+func (d *driver) reader(ctx context.Context, path string, offset int64) (io.ReadCloser, error) {
+	if offset < 0 {
+		return nil, storagedriver.InvalidOffsetError{Path: path, Offset: offset}
+	}
+
+	normalized := normalize(path)
+	found := d.root.find(normalized)
+
+	if found.path() != normalized {
+		return nil, storagedriver.PathNotFoundError{Path: path}
+	}
+
+	if found.isdir() {
+		return nil, fmt.Errorf("%q is a directory", path)
+	}
+
+	return ioutil.NopCloser(found.(*file).sectionReader(offset)), nil
+}
+
+// Writer returns a FileWriter which will store the content written to it
+// at the location designated by "path" after the call to Commit.
+func (d *driver) Writer(ctx context.Context, path string, append bool) (storagedriver.FileWriter, error) {
+	d.mutex.Lock()
+	defer d.mutex.Unlock()
+
+	normalized := normalize(path)
+
+	f, err := d.root.mkfile(normalized)
+	if err != nil {
+		return nil, fmt.Errorf("not a file")
+	}
+
+	if !append {
+		f.truncate()
+	}
+
+	return d.newWriter(f), nil
+}
+
+// Stat returns info about the provided path.
+func (d *driver) Stat(ctx context.Context, path string) (storagedriver.FileInfo, error) {
+	d.mutex.RLock()
+	defer d.mutex.RUnlock()
+
+	normalized := normalize(path)
+	found := d.root.find(normalized)
+
+	if found.path() != normalized {
+		return nil, storagedriver.PathNotFoundError{Path: path}
+	}
+
+	fi := storagedriver.FileInfoFields{
+		Path:    path,
+		IsDir:   found.isdir(),
+		ModTime: found.modtime(),
+	}
+
+	if !fi.IsDir {
+		fi.Size = int64(len(found.(*file).data))
+	}
+
+	return storagedriver.FileInfoInternal{FileInfoFields: fi}, nil
+}
+
+// List returns a list of the objects that are direct descendants of the given
+// path.
+func (d *driver) List(ctx context.Context, path string) ([]string, error) {
+	d.mutex.RLock()
+	defer d.mutex.RUnlock()
+
+	normalized := normalize(path)
+
+	found := d.root.find(normalized)
+
+	if !found.isdir() {
+		return nil, fmt.Errorf("not a directory") // TODO(stevvooe): Need error type for this...
+	}
+
+	entries, err := found.(*dir).list(normalized)
+
+	if err != nil {
+		switch err {
+		case errNotExists:
+			return nil, storagedriver.PathNotFoundError{Path: path}
+		case errIsNotDir:
+			return nil, fmt.Errorf("not a directory")
+		default:
+			return nil, err
+		}
+	}
+
+	return entries, nil
+}
+
+// Move moves an object stored at sourcePath to destPath, removing the original
+// object.
+func (d *driver) Move(ctx context.Context, sourcePath string, destPath string) error {
+	d.mutex.Lock()
+	defer d.mutex.Unlock()
+
+	normalizedSrc, normalizedDst := normalize(sourcePath), normalize(destPath)
+
+	err := d.root.move(normalizedSrc, normalizedDst)
+	switch err {
+	case errNotExists:
+		return storagedriver.PathNotFoundError{Path: destPath}
+	default:
+		return err
+	}
+}
+
+// Delete recursively deletes all objects stored at "path" and its subpaths.
+func (d *driver) Delete(ctx context.Context, path string) error {
+	d.mutex.Lock()
+	defer d.mutex.Unlock()
+
+	normalized := normalize(path)
+
+	err := d.root.delete(normalized)
+	switch err {
+	case errNotExists:
+		return storagedriver.PathNotFoundError{Path: path}
+	default:
+		return err
+	}
+}
+
+// URLFor returns a URL which may be used to retrieve the content stored at the given path.
+// May return an UnsupportedMethodErr in certain StorageDriver implementations.
+func (d *driver) URLFor(ctx context.Context, path string, options map[string]interface{}) (string, error) {
+	return "", storagedriver.ErrUnsupportedMethod{}
+}
+
+// Walk traverses a filesystem defined within driver, starting
+// from the given path, calling f on each file
+func (d *driver) Walk(ctx context.Context, path string, f storagedriver.WalkFn) error {
+	return storagedriver.WalkFallback(ctx, d, path, f)
+}
+
+type writer struct {
+	d         *driver
+	f         *file
+	closed    bool
+	committed bool
+	cancelled bool
+}
+
+func (d *driver) newWriter(f *file) storagedriver.FileWriter {
+	return &writer{
+		d: d,
+		f: f,
+	}
+}
+
+func (w *writer) Write(p []byte) (int, error) {
+	if w.closed {
+		return 0, fmt.Errorf("already closed")
+	} else if w.committed {
+		return 0, fmt.Errorf("already committed")
+	} else if w.cancelled {
+		return 0, fmt.Errorf("already cancelled")
+	}
+
+	w.d.mutex.Lock()
+	defer w.d.mutex.Unlock()
+
+	return w.f.WriteAt(p, int64(len(w.f.data)))
+}
+
+func (w *writer) Size() int64 {
+	w.d.mutex.RLock()
+	defer w.d.mutex.RUnlock()
+
+	return int64(len(w.f.data))
+}
+
+func (w *writer) Close() error {
+	if w.closed {
+		return fmt.Errorf("already closed")
+	}
+	w.closed = true
+	return nil
+}
+
+func (w *writer) Cancel() error {
+	if w.closed {
+		return fmt.Errorf("already closed")
+	} else if w.committed {
+		return fmt.Errorf("already committed")
+	}
+	w.cancelled = true
+
+	w.d.mutex.Lock()
+	defer w.d.mutex.Unlock()
+
+	return w.d.root.delete(w.f.path())
+}
+
+func (w *writer) Commit() error {
+	if w.closed {
+		return fmt.Errorf("already closed")
+	} else if w.committed {
+		return fmt.Errorf("already committed")
+	} else if w.cancelled {
+		return fmt.Errorf("already cancelled")
+	}
+	w.committed = true
+	return nil
+}
diff --git a/vendor/github.com/docker/distribution/registry/storage/driver/inmemory/mfs.go b/vendor/github.com/docker/distribution/registry/storage/driver/inmemory/mfs.go
new file mode 100644
index 000000000..24eeef98d
--- /dev/null
+++ b/vendor/github.com/docker/distribution/registry/storage/driver/inmemory/mfs.go
@@ -0,0 +1,327 @@
+package inmemory
+
+import (
+	"fmt"
+	"io"
+	"path"
+	"sort"
+	"strings"
+	"time"
+)
+
+var (
+	errExists    = fmt.Errorf("exists")
+	errNotExists = fmt.Errorf("notexists")
+	errIsNotDir  = fmt.Errorf("notdir")
+	errIsDir     = fmt.Errorf("isdir")
+)
+
+type node interface {
+	name() string
+	path() string
+	isdir() bool
+	modtime() time.Time
+}
+
+// dir is the central type for the memory-based  storagedriver. All operations
+// are dispatched from a root dir.
+type dir struct {
+	common
+
+	// TODO(stevvooe): Use sorted slice + search.
+	children map[string]node
+}
+
+var _ node = &dir{}
+
+func (d *dir) isdir() bool {
+	return true
+}
+
+// add places the node n into dir d.
+func (d *dir) add(n node) {
+	if d.children == nil {
+		d.children = make(map[string]node)
+	}
+
+	d.children[n.name()] = n
+	d.mod = time.Now()
+}
+
+// find searches for the node, given path q in dir. If the node is found, it
+// will be returned. If the node is not found, the closet existing parent. If
+// the node is found, the returned (node).path() will match q.
+func (d *dir) find(q string) node {
+	q = strings.Trim(q, "/")
+	i := strings.Index(q, "/")
+
+	if q == "" {
+		return d
+	}
+
+	if i == 0 {
+		panic("shouldn't happen, no root paths")
+	}
+
+	var component string
+	if i < 0 {
+		// No more path components
+		component = q
+	} else {
+		component = q[:i]
+	}
+
+	child, ok := d.children[component]
+	if !ok {
+		// Node was not found. Return p and the current node.
+		return d
+	}
+
+	if child.isdir() {
+		// traverse down!
+		q = q[i+1:]
+		return child.(*dir).find(q)
+	}
+
+	return child
+}
+
+func (d *dir) list(p string) ([]string, error) {
+	n := d.find(p)
+
+	if n.path() != p {
+		return nil, errNotExists
+	}
+
+	if !n.isdir() {
+		return nil, errIsNotDir
+	}
+
+	var children []string
+	for _, child := range n.(*dir).children {
+		children = append(children, child.path())
+	}
+
+	sort.Strings(children)
+	return children, nil
+}
+
+// mkfile or return the existing one. returns an error if it exists and is a
+// directory. Essentially, this is open or create.
+func (d *dir) mkfile(p string) (*file, error) {
+	n := d.find(p)
+	if n.path() == p {
+		if n.isdir() {
+			return nil, errIsDir
+		}
+
+		return n.(*file), nil
+	}
+
+	dirpath, filename := path.Split(p)
+	// Make any non-existent directories
+	n, err := d.mkdirs(dirpath)
+	if err != nil {
+		return nil, err
+	}
+
+	dd := n.(*dir)
+	n = &file{
+		common: common{
+			p:   path.Join(dd.path(), filename),
+			mod: time.Now(),
+		},
+	}
+
+	dd.add(n)
+	return n.(*file), nil
+}
+
+// mkdirs creates any missing directory entries in p and returns the result.
+func (d *dir) mkdirs(p string) (*dir, error) {
+	p = normalize(p)
+
+	n := d.find(p)
+
+	if !n.isdir() {
+		// Found something there
+		return nil, errIsNotDir
+	}
+
+	if n.path() == p {
+		return n.(*dir), nil
+	}
+
+	dd := n.(*dir)
+
+	relative := strings.Trim(strings.TrimPrefix(p, n.path()), "/")
+
+	if relative == "" {
+		return dd, nil
+	}
+
+	components := strings.Split(relative, "/")
+	for _, component := range components {
+		d, err := dd.mkdir(component)
+
+		if err != nil {
+			// This should actually never happen, since there are no children.
+			return nil, err
+		}
+		dd = d
+	}
+
+	return dd, nil
+}
+
+// mkdir creates a child directory under d with the given name.
+func (d *dir) mkdir(name string) (*dir, error) {
+	if name == "" {
+		return nil, fmt.Errorf("invalid dirname")
+	}
+
+	_, ok := d.children[name]
+	if ok {
+		return nil, errExists
+	}
+
+	child := &dir{
+		common: common{
+			p:   path.Join(d.path(), name),
+			mod: time.Now(),
+		},
+	}
+	d.add(child)
+	d.mod = time.Now()
+
+	return child, nil
+}
+
+func (d *dir) move(src, dst string) error {
+	dstDirname, _ := path.Split(dst)
+
+	dp, err := d.mkdirs(dstDirname)
+	if err != nil {
+		return err
+	}
+
+	srcDirname, srcFilename := path.Split(src)
+	sp := d.find(srcDirname)
+
+	if normalize(srcDirname) != normalize(sp.path()) {
+		return errNotExists
+	}
+
+	spd, ok := sp.(*dir)
+	if !ok {
+		return errIsNotDir // paranoid.
+	}
+
+	s, ok := spd.children[srcFilename]
+	if !ok {
+		return errNotExists
+	}
+
+	delete(spd.children, srcFilename)
+
+	switch n := s.(type) {
+	case *dir:
+		n.p = dst
+	case *file:
+		n.p = dst
+	}
+
+	dp.add(s)
+
+	return nil
+}
+
+func (d *dir) delete(p string) error {
+	dirname, filename := path.Split(p)
+	parent := d.find(dirname)
+
+	if normalize(dirname) != normalize(parent.path()) {
+		return errNotExists
+	}
+
+	if _, ok := parent.(*dir).children[filename]; !ok {
+		return errNotExists
+	}
+
+	delete(parent.(*dir).children, filename)
+	return nil
+}
+
+func (d *dir) String() string {
+	return fmt.Sprintf("&dir{path: %v, children: %v}", d.p, d.children)
+}
+
+// file stores actual data in the fs tree. It acts like an open, seekable file
+// where operations are conducted through ReadAt and WriteAt. Use it with
+// SectionReader for the best effect.
+type file struct {
+	common
+	data []byte
+}
+
+var _ node = &file{}
+
+func (f *file) isdir() bool {
+	return false
+}
+
+func (f *file) truncate() {
+	f.data = f.data[:0]
+}
+
+func (f *file) sectionReader(offset int64) io.Reader {
+	return io.NewSectionReader(f, offset, int64(len(f.data))-offset)
+}
+
+func (f *file) ReadAt(p []byte, offset int64) (n int, err error) {
+	if offset >= int64(len(f.data)) {
+		return 0, io.EOF
+	}
+	return copy(p, f.data[offset:]), nil
+}
+
+func (f *file) WriteAt(p []byte, offset int64) (n int, err error) {
+	off := int(offset)
+	if cap(f.data) < off+len(p) {
+		data := make([]byte, len(f.data), off+len(p))
+		copy(data, f.data)
+		f.data = data
+	}
+
+	f.mod = time.Now()
+	f.data = f.data[:off+len(p)]
+
+	return copy(f.data[off:off+len(p)], p), nil
+}
+
+func (f *file) String() string {
+	return fmt.Sprintf("&file{path: %q}", f.p)
+}
+
+// common provides shared fields and methods for node implementations.
+type common struct {
+	p   string
+	mod time.Time
+}
+
+func (c *common) name() string {
+	_, name := path.Split(c.p)
+	return name
+}
+
+func (c *common) path() string {
+	return c.p
+}
+
+func (c *common) modtime() time.Time {
+	return c.mod
+}
+
+func normalize(p string) string {
+	return "/" + strings.Trim(p, "/")
+}
diff --git a/vendor/github.com/docker/distribution/registry/storage/driver/middleware/cloudfront/middleware.go b/vendor/github.com/docker/distribution/registry/storage/driver/middleware/cloudfront/middleware.go
new file mode 100644
index 000000000..632578310
--- /dev/null
+++ b/vendor/github.com/docker/distribution/registry/storage/driver/middleware/cloudfront/middleware.go
@@ -0,0 +1,211 @@
+// Package middleware - cloudfront wrapper for storage libs
+// N.B. currently only works with S3, not arbitrary sites
+package middleware
+
+import (
+	"context"
+	"crypto/x509"
+	"encoding/pem"
+	"fmt"
+	"io/ioutil"
+	"net/url"
+	"strings"
+	"time"
+
+	"github.com/aws/aws-sdk-go/service/cloudfront/sign"
+	dcontext "github.com/docker/distribution/context"
+	storagedriver "github.com/docker/distribution/registry/storage/driver"
+	storagemiddleware "github.com/docker/distribution/registry/storage/driver/middleware"
+)
+
+// cloudFrontStorageMiddleware provides a simple implementation of layerHandler that
+// constructs temporary signed CloudFront URLs from the storagedriver layer URL,
+// then issues HTTP Temporary Redirects to this CloudFront content URL.
+type cloudFrontStorageMiddleware struct {
+	storagedriver.StorageDriver
+	awsIPs    *awsIPs
+	urlSigner *sign.URLSigner
+	baseURL   string
+	duration  time.Duration
+}
+
+var _ storagedriver.StorageDriver = &cloudFrontStorageMiddleware{}
+
+// newCloudFrontLayerHandler constructs and returns a new CloudFront
+// LayerHandler implementation.
+// Required options: baseurl, privatekey, keypairid
+
+// Optional options: ipFilteredBy, awsregion
+// ipfilteredby: valid value "none|aws|awsregion". "none", do not filter any IP, default value. "aws", only aws IP goes
+//
+//	to S3 directly. "awsregion", only regions listed in awsregion options goes to S3 directly
+//
+// awsregion: a comma separated string of AWS regions.
+func newCloudFrontStorageMiddleware(storageDriver storagedriver.StorageDriver, options map[string]interface{}) (storagedriver.StorageDriver, error) {
+	// parse baseurl
+	base, ok := options["baseurl"]
+	if !ok {
+		return nil, fmt.Errorf("no baseurl provided")
+	}
+	baseURL, ok := base.(string)
+	if !ok {
+		return nil, fmt.Errorf("baseurl must be a string")
+	}
+	if !strings.Contains(baseURL, "://") {
+		baseURL = "https://" + baseURL
+	}
+	if !strings.HasSuffix(baseURL, "/") {
+		baseURL += "/"
+	}
+	if _, err := url.Parse(baseURL); err != nil {
+		return nil, fmt.Errorf("invalid baseurl: %v", err)
+	}
+
+	// parse privatekey to get pkPath
+	pk, ok := options["privatekey"]
+	if !ok {
+		return nil, fmt.Errorf("no privatekey provided")
+	}
+	pkPath, ok := pk.(string)
+	if !ok {
+		return nil, fmt.Errorf("privatekey must be a string")
+	}
+
+	// parse keypairid
+	kpid, ok := options["keypairid"]
+	if !ok {
+		return nil, fmt.Errorf("no keypairid provided")
+	}
+	keypairID, ok := kpid.(string)
+	if !ok {
+		return nil, fmt.Errorf("keypairid must be a string")
+	}
+
+	// get urlSigner from the file specified in pkPath
+	pkBytes, err := ioutil.ReadFile(pkPath)
+	if err != nil {
+		return nil, fmt.Errorf("failed to read privatekey file: %s", err)
+	}
+
+	block, _ := pem.Decode(pkBytes)
+	if block == nil {
+		return nil, fmt.Errorf("failed to decode private key as an rsa private key")
+	}
+	privateKey, err := x509.ParsePKCS1PrivateKey(block.Bytes)
+	if err != nil {
+		return nil, err
+	}
+	urlSigner := sign.NewURLSigner(keypairID, privateKey)
+
+	// parse duration
+	duration := 20 * time.Minute
+	if d, ok := options["duration"]; ok {
+		switch d := d.(type) {
+		case time.Duration:
+			duration = d
+		case string:
+			dur, err := time.ParseDuration(d)
+			if err != nil {
+				return nil, fmt.Errorf("invalid duration: %s", err)
+			}
+			duration = dur
+		}
+	}
+
+	// parse updatefrenquency
+	updateFrequency := defaultUpdateFrequency
+	if u, ok := options["updatefrenquency"]; ok {
+		switch u := u.(type) {
+		case time.Duration:
+			updateFrequency = u
+		case string:
+			updateFreq, err := time.ParseDuration(u)
+			if err != nil {
+				return nil, fmt.Errorf("invalid updatefrenquency: %s", err)
+			}
+			duration = updateFreq
+		}
+	}
+
+	// parse iprangesurl
+	ipRangesURL := defaultIPRangesURL
+	if i, ok := options["iprangesurl"]; ok {
+		if iprangeurl, ok := i.(string); ok {
+			ipRangesURL = iprangeurl
+		} else {
+			return nil, fmt.Errorf("iprangesurl must be a string")
+		}
+	}
+
+	// parse ipfilteredby
+	var awsIPs *awsIPs
+	if i, ok := options["ipfilteredby"]; ok {
+		if ipFilteredBy, ok := i.(string); ok {
+			switch strings.ToLower(strings.TrimSpace(ipFilteredBy)) {
+			case "", "none":
+				awsIPs = nil
+			case "aws":
+				awsIPs = newAWSIPs(ipRangesURL, updateFrequency, nil)
+			case "awsregion":
+				var awsRegion []string
+				if i, ok := options["awsregion"]; ok {
+					if regions, ok := i.(string); ok {
+						for _, awsRegions := range strings.Split(regions, ",") {
+							awsRegion = append(awsRegion, strings.ToLower(strings.TrimSpace(awsRegions)))
+						}
+						awsIPs = newAWSIPs(ipRangesURL, updateFrequency, awsRegion)
+					} else {
+						return nil, fmt.Errorf("awsRegion must be a comma separated string of valid aws regions")
+					}
+				} else {
+					return nil, fmt.Errorf("awsRegion is not defined")
+				}
+			default:
+				return nil, fmt.Errorf("ipfilteredby only allows a string the following value: none|aws|awsregion")
+			}
+		} else {
+			return nil, fmt.Errorf("ipfilteredby only allows a string with the following value: none|aws|awsregion")
+		}
+	}
+
+	return &cloudFrontStorageMiddleware{
+		StorageDriver: storageDriver,
+		urlSigner:     urlSigner,
+		baseURL:       baseURL,
+		duration:      duration,
+		awsIPs:        awsIPs,
+	}, nil
+}
+
+// S3BucketKeyer is any type that is capable of returning the S3 bucket key
+// which should be cached by AWS CloudFront.
+type S3BucketKeyer interface {
+	S3BucketKey(path string) string
+}
+
+// URLFor attempts to find a url which may be used to retrieve the file at the given path.
+// Returns an error if the file cannot be found.
+func (lh *cloudFrontStorageMiddleware) URLFor(ctx context.Context, path string, options map[string]interface{}) (string, error) {
+	// TODO(endophage): currently only supports S3
+	keyer, ok := lh.StorageDriver.(S3BucketKeyer)
+	if !ok {
+		dcontext.GetLogger(ctx).Warn("the CloudFront middleware does not support this backend storage driver")
+		return lh.StorageDriver.URLFor(ctx, path, options)
+	}
+
+	if eligibleForS3(ctx, lh.awsIPs) {
+		return lh.StorageDriver.URLFor(ctx, path, options)
+	}
+
+	// Get signed cloudfront url.
+	cfURL, err := lh.urlSigner.Sign(lh.baseURL+keyer.S3BucketKey(path), time.Now().Add(lh.duration))
+	if err != nil {
+		return "", err
+	}
+	return cfURL, nil
+}
+
+// init registers the cloudfront layerHandler backend.
+func init() {
+	storagemiddleware.Register("cloudfront", storagemiddleware.InitFunc(newCloudFrontStorageMiddleware))
+}
diff --git a/vendor/github.com/docker/distribution/registry/storage/driver/middleware/cloudfront/s3filter.go b/vendor/github.com/docker/distribution/registry/storage/driver/middleware/cloudfront/s3filter.go
new file mode 100644
index 000000000..c8c7f5703
--- /dev/null
+++ b/vendor/github.com/docker/distribution/registry/storage/driver/middleware/cloudfront/s3filter.go
@@ -0,0 +1,223 @@
+package middleware
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"net"
+	"net/http"
+	"strings"
+	"sync"
+	"time"
+
+	dcontext "github.com/docker/distribution/context"
+)
+
+const (
+	// ipRangesURL is the URL to get definition of AWS IPs
+	defaultIPRangesURL = "https://ip-ranges.amazonaws.com/ip-ranges.json"
+	// updateFrequency tells how frequently AWS IPs need to be updated
+	defaultUpdateFrequency = time.Hour * 12
+)
+
+// newAWSIPs returns a New awsIP object.
+// If awsRegion is `nil`, it accepts any region. Otherwise, it only allow the regions specified
+func newAWSIPs(host string, updateFrequency time.Duration, awsRegion []string) *awsIPs {
+	ips := &awsIPs{
+		host:            host,
+		updateFrequency: updateFrequency,
+		awsRegion:       awsRegion,
+		updaterStopChan: make(chan bool),
+	}
+	if err := ips.tryUpdate(); err != nil {
+		dcontext.GetLogger(context.Background()).WithError(err).Warn("failed to update AWS IP")
+	}
+	go ips.updater()
+	return ips
+}
+
+// awsIPs tracks a list of AWS ips, filtered by awsRegion
+type awsIPs struct {
+	host            string
+	updateFrequency time.Duration
+	ipv4            []net.IPNet
+	ipv6            []net.IPNet
+	mutex           sync.RWMutex
+	awsRegion       []string
+	updaterStopChan chan bool
+	initialized     bool
+}
+
+type awsIPResponse struct {
+	Prefixes   []prefixEntry `json:"prefixes"`
+	V6Prefixes []prefixEntry `json:"ipv6_prefixes"`
+}
+
+type prefixEntry struct {
+	IPV4Prefix string `json:"ip_prefix"`
+	IPV6Prefix string `json:"ipv6_prefix"`
+	Region     string `json:"region"`
+	Service    string `json:"service"`
+}
+
+func fetchAWSIPs(url string) (awsIPResponse, error) {
+	var response awsIPResponse
+	resp, err := http.Get(url)
+	if err != nil {
+		return response, err
+	}
+	if resp.StatusCode != 200 {
+		body, _ := ioutil.ReadAll(resp.Body)
+		return response, fmt.Errorf("failed to fetch network data. response = %s", body)
+	}
+	decoder := json.NewDecoder(resp.Body)
+	err = decoder.Decode(&response)
+	if err != nil {
+		return response, err
+	}
+	return response, nil
+}
+
+// tryUpdate attempts to download the new set of ip addresses.
+// tryUpdate must be thread safe with contains
+func (s *awsIPs) tryUpdate() error {
+	response, err := fetchAWSIPs(s.host)
+	if err != nil {
+		return err
+	}
+
+	var ipv4 []net.IPNet
+	var ipv6 []net.IPNet
+
+	processAddress := func(output *[]net.IPNet, prefix string, region string) {
+		regionAllowed := false
+		if len(s.awsRegion) > 0 {
+			for _, ar := range s.awsRegion {
+				if strings.ToLower(region) == ar {
+					regionAllowed = true
+					break
+				}
+			}
+		} else {
+			regionAllowed = true
+		}
+
+		_, network, err := net.ParseCIDR(prefix)
+		if err != nil {
+			dcontext.GetLoggerWithFields(dcontext.Background(), map[interface{}]interface{}{
+				"cidr": prefix,
+			}).Error("unparseable cidr")
+			return
+		}
+		if regionAllowed {
+			*output = append(*output, *network)
+		}
+
+	}
+
+	for _, prefix := range response.Prefixes {
+		processAddress(&ipv4, prefix.IPV4Prefix, prefix.Region)
+	}
+	for _, prefix := range response.V6Prefixes {
+		processAddress(&ipv6, prefix.IPV6Prefix, prefix.Region)
+	}
+	s.mutex.Lock()
+	defer s.mutex.Unlock()
+	// Update each attr of awsips atomically.
+	s.ipv4 = ipv4
+	s.ipv6 = ipv6
+	s.initialized = true
+	return nil
+}
+
+// This function is meant to be run in a background goroutine.
+// It will periodically update the ips from aws.
+func (s *awsIPs) updater() {
+	defer close(s.updaterStopChan)
+	for {
+		time.Sleep(s.updateFrequency)
+		select {
+		case <-s.updaterStopChan:
+			dcontext.GetLogger(context.Background()).Info("aws ip updater received stop signal")
+			return
+		default:
+			err := s.tryUpdate()
+			if err != nil {
+				dcontext.GetLogger(context.Background()).WithError(err).Error("git  AWS IP")
+			}
+		}
+	}
+}
+
+// getCandidateNetworks returns either the ipv4 or ipv6 networks
+// that were last read from aws. The networks returned
+// have the same type as the ip address provided.
+func (s *awsIPs) getCandidateNetworks(ip net.IP) []net.IPNet {
+	s.mutex.RLock()
+	defer s.mutex.RUnlock()
+	if ip.To4() != nil {
+		return s.ipv4
+	} else if ip.To16() != nil {
+		return s.ipv6
+	} else {
+		dcontext.GetLoggerWithFields(dcontext.Background(), map[interface{}]interface{}{
+			"ip": ip,
+		}).Error("unknown ip address format")
+		// assume mismatch, pass through cloudfront
+		return nil
+	}
+}
+
+// Contains determines whether the host is within aws.
+func (s *awsIPs) contains(ip net.IP) bool {
+	networks := s.getCandidateNetworks(ip)
+	for _, network := range networks {
+		if network.Contains(ip) {
+			return true
+		}
+	}
+	return false
+}
+
+// parseIPFromRequest attempts to extract the ip address of the
+// client that made the request
+func parseIPFromRequest(ctx context.Context) (net.IP, error) {
+	request, err := dcontext.GetRequest(ctx)
+	if err != nil {
+		return nil, err
+	}
+	ipStr := dcontext.RemoteIP(request)
+	ip := net.ParseIP(ipStr)
+	if ip == nil {
+		return nil, fmt.Errorf("invalid ip address from requester: %s", ipStr)
+	}
+
+	return ip, nil
+}
+
+// eligibleForS3 checks if a request is eligible for using S3 directly
+// Return true only when the IP belongs to a specific aws region and user-agent is docker
+func eligibleForS3(ctx context.Context, awsIPs *awsIPs) bool {
+	if awsIPs != nil && awsIPs.initialized {
+		if addr, err := parseIPFromRequest(ctx); err == nil {
+			request, err := dcontext.GetRequest(ctx)
+			if err != nil {
+				dcontext.GetLogger(ctx).Warnf("the CloudFront middleware cannot parse the request: %s", err)
+			} else {
+				loggerField := map[interface{}]interface{}{
+					"user-client": request.UserAgent(),
+					"ip":          dcontext.RemoteIP(request),
+				}
+				if awsIPs.contains(addr) {
+					dcontext.GetLoggerWithFields(ctx, loggerField).Info("request from the allowed AWS region, skipping CloudFront")
+					return true
+				}
+				dcontext.GetLoggerWithFields(ctx, loggerField).Warn("request not from the allowed AWS region, fallback to CloudFront")
+			}
+		} else {
+			dcontext.GetLogger(ctx).WithError(err).Warn("failed to parse ip address from context, fallback to CloudFront")
+		}
+	}
+	return false
+}
diff --git a/vendor/github.com/docker/distribution/registry/storage/driver/middleware/redirect/middleware.go b/vendor/github.com/docker/distribution/registry/storage/driver/middleware/redirect/middleware.go
new file mode 100644
index 000000000..8f63674c6
--- /dev/null
+++ b/vendor/github.com/docker/distribution/registry/storage/driver/middleware/redirect/middleware.go
@@ -0,0 +1,50 @@
+package middleware
+
+import (
+	"context"
+	"fmt"
+	"net/url"
+
+	storagedriver "github.com/docker/distribution/registry/storage/driver"
+	storagemiddleware "github.com/docker/distribution/registry/storage/driver/middleware"
+)
+
+type redirectStorageMiddleware struct {
+	storagedriver.StorageDriver
+	scheme string
+	host   string
+}
+
+var _ storagedriver.StorageDriver = &redirectStorageMiddleware{}
+
+func newRedirectStorageMiddleware(sd storagedriver.StorageDriver, options map[string]interface{}) (storagedriver.StorageDriver, error) {
+	o, ok := options["baseurl"]
+	if !ok {
+		return nil, fmt.Errorf("no baseurl provided")
+	}
+	b, ok := o.(string)
+	if !ok {
+		return nil, fmt.Errorf("baseurl must be a string")
+	}
+	u, err := url.Parse(b)
+	if err != nil {
+		return nil, fmt.Errorf("unable to parse redirect baseurl: %s", b)
+	}
+	if u.Scheme == "" {
+		return nil, fmt.Errorf("no scheme specified for redirect baseurl")
+	}
+	if u.Host == "" {
+		return nil, fmt.Errorf("no host specified for redirect baseurl")
+	}
+
+	return &redirectStorageMiddleware{StorageDriver: sd, scheme: u.Scheme, host: u.Host}, nil
+}
+
+func (r *redirectStorageMiddleware) URLFor(ctx context.Context, path string, options map[string]interface{}) (string, error) {
+	u := &url.URL{Scheme: r.scheme, Host: r.host, Path: path}
+	return u.String(), nil
+}
+
+func init() {
+	storagemiddleware.Register("redirect", storagemiddleware.InitFunc(newRedirectStorageMiddleware))
+}
diff --git a/vendor/github.com/docker/distribution/registry/storage/driver/middleware/storagemiddleware.go b/vendor/github.com/docker/distribution/registry/storage/driver/middleware/storagemiddleware.go
new file mode 100644
index 000000000..7e40a8dd9
--- /dev/null
+++ b/vendor/github.com/docker/distribution/registry/storage/driver/middleware/storagemiddleware.go
@@ -0,0 +1,39 @@
+package storagemiddleware
+
+import (
+	"fmt"
+
+	storagedriver "github.com/docker/distribution/registry/storage/driver"
+)
+
+// InitFunc is the type of a StorageMiddleware factory function and is
+// used to register the constructor for different StorageMiddleware backends.
+type InitFunc func(storageDriver storagedriver.StorageDriver, options map[string]interface{}) (storagedriver.StorageDriver, error)
+
+var storageMiddlewares map[string]InitFunc
+
+// Register is used to register an InitFunc for
+// a StorageMiddleware backend with the given name.
+func Register(name string, initFunc InitFunc) error {
+	if storageMiddlewares == nil {
+		storageMiddlewares = make(map[string]InitFunc)
+	}
+	if _, exists := storageMiddlewares[name]; exists {
+		return fmt.Errorf("name already registered: %s", name)
+	}
+
+	storageMiddlewares[name] = initFunc
+
+	return nil
+}
+
+// Get constructs a StorageMiddleware with the given options using the named backend.
+func Get(name string, options map[string]interface{}, storageDriver storagedriver.StorageDriver) (storagedriver.StorageDriver, error) {
+	if storageMiddlewares != nil {
+		if initFunc, exists := storageMiddlewares[name]; exists {
+			return initFunc(storageDriver, options)
+		}
+	}
+
+	return nil, fmt.Errorf("no storage middleware registered with name: %s", name)
+}
diff --git a/vendor/github.com/docker/distribution/registry/storage/driver/oss/doc.go b/vendor/github.com/docker/distribution/registry/storage/driver/oss/doc.go
new file mode 100644
index 000000000..d1bc932f8
--- /dev/null
+++ b/vendor/github.com/docker/distribution/registry/storage/driver/oss/doc.go
@@ -0,0 +1,3 @@
+// Package oss implements the Aliyun OSS Storage driver backend. Support can be
+// enabled by including the "include_oss" build tag.
+package oss
diff --git a/vendor/github.com/docker/distribution/registry/storage/driver/oss/oss.go b/vendor/github.com/docker/distribution/registry/storage/driver/oss/oss.go
new file mode 100644
index 000000000..8738b1e0c
--- /dev/null
+++ b/vendor/github.com/docker/distribution/registry/storage/driver/oss/oss.go
@@ -0,0 +1,695 @@
+// Package oss provides a storagedriver.StorageDriver implementation to
+// store blobs in Aliyun OSS cloud storage.
+//
+// This package leverages the denverdino/aliyungo client library for interfacing with
+// oss.
+//
+// Because OSS is a key, value store the Stat call does not support last modification
+// time for directories (directories are an abstraction for key, value stores)
+//
+//go:build include_oss
+// +build include_oss
+
+package oss
+
+import (
+	"bytes"
+	"context"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"net/http"
+	"reflect"
+	"strconv"
+	"strings"
+	"time"
+
+	"github.com/denverdino/aliyungo/oss"
+	storagedriver "github.com/docker/distribution/registry/storage/driver"
+	"github.com/docker/distribution/registry/storage/driver/base"
+	"github.com/docker/distribution/registry/storage/driver/factory"
+	"github.com/sirupsen/logrus"
+)
+
+const driverName = "oss"
+
+// minChunkSize defines the minimum multipart upload chunk size
+// OSS API requires multipart upload chunks to be at least 5MB
+const minChunkSize = 5 << 20
+
+const defaultChunkSize = 2 * minChunkSize
+const defaultTimeout = 2 * time.Minute // 2 minute timeout per chunk
+
+// listMax is the largest amount of objects you can request from OSS in a list call
+const listMax = 1000
+
+//DriverParameters A struct that encapsulates all of the driver parameters after all values have been set
+type DriverParameters struct {
+	AccessKeyID     string
+	AccessKeySecret string
+	Bucket          string
+	Region          oss.Region
+	Internal        bool
+	Encrypt         bool
+	Secure          bool
+	ChunkSize       int64
+	RootDirectory   string
+	Endpoint        string
+}
+
+func init() {
+	factory.Register(driverName, &ossDriverFactory{})
+}
+
+// ossDriverFactory implements the factory.StorageDriverFactory interface
+type ossDriverFactory struct{}
+
+func (factory *ossDriverFactory) Create(parameters map[string]interface{}) (storagedriver.StorageDriver, error) {
+	return FromParameters(parameters)
+}
+
+type driver struct {
+	Client        *oss.Client
+	Bucket        *oss.Bucket
+	ChunkSize     int64
+	Encrypt       bool
+	RootDirectory string
+}
+
+type baseEmbed struct {
+	base.Base
+}
+
+// Driver is a storagedriver.StorageDriver implementation backed by Aliyun OSS
+// Objects are stored at absolute keys in the provided bucket.
+type Driver struct {
+	baseEmbed
+}
+
+// FromParameters constructs a new Driver with a given parameters map
+// Required parameters:
+// - accesskey
+// - secretkey
+// - region
+// - bucket
+// - encrypt
+func FromParameters(parameters map[string]interface{}) (*Driver, error) {
+	// Providing no values for these is valid in case the user is authenticating
+
+	accessKey, ok := parameters["accesskeyid"]
+	if !ok {
+		return nil, fmt.Errorf("No accesskeyid parameter provided")
+	}
+	secretKey, ok := parameters["accesskeysecret"]
+	if !ok {
+		return nil, fmt.Errorf("No accesskeysecret parameter provided")
+	}
+
+	regionName, ok := parameters["region"]
+	if !ok || fmt.Sprint(regionName) == "" {
+		return nil, fmt.Errorf("No region parameter provided")
+	}
+
+	bucket, ok := parameters["bucket"]
+	if !ok || fmt.Sprint(bucket) == "" {
+		return nil, fmt.Errorf("No bucket parameter provided")
+	}
+
+	internalBool := false
+	internal, ok := parameters["internal"]
+	if ok {
+		internalBool, ok = internal.(bool)
+		if !ok {
+			return nil, fmt.Errorf("The internal parameter should be a boolean")
+		}
+	}
+
+	encryptBool := false
+	encrypt, ok := parameters["encrypt"]
+	if ok {
+		encryptBool, ok = encrypt.(bool)
+		if !ok {
+			return nil, fmt.Errorf("The encrypt parameter should be a boolean")
+		}
+	}
+
+	secureBool := true
+	secure, ok := parameters["secure"]
+	if ok {
+		secureBool, ok = secure.(bool)
+		if !ok {
+			return nil, fmt.Errorf("The secure parameter should be a boolean")
+		}
+	}
+
+	chunkSize := int64(defaultChunkSize)
+	chunkSizeParam, ok := parameters["chunksize"]
+	if ok {
+		switch v := chunkSizeParam.(type) {
+		case string:
+			vv, err := strconv.ParseInt(v, 0, 64)
+			if err != nil {
+				return nil, fmt.Errorf("chunksize parameter must be an integer, %v invalid", chunkSizeParam)
+			}
+			chunkSize = vv
+		case int64:
+			chunkSize = v
+		case int, uint, int32, uint32, uint64:
+			chunkSize = reflect.ValueOf(v).Convert(reflect.TypeOf(chunkSize)).Int()
+		default:
+			return nil, fmt.Errorf("invalid valud for chunksize: %#v", chunkSizeParam)
+		}
+
+		if chunkSize < minChunkSize {
+			return nil, fmt.Errorf("The chunksize %#v parameter should be a number that is larger than or equal to %d", chunkSize, minChunkSize)
+		}
+	}
+
+	rootDirectory, ok := parameters["rootdirectory"]
+	if !ok {
+		rootDirectory = ""
+	}
+
+	endpoint, ok := parameters["endpoint"]
+	if !ok {
+		endpoint = ""
+	}
+
+	params := DriverParameters{
+		AccessKeyID:     fmt.Sprint(accessKey),
+		AccessKeySecret: fmt.Sprint(secretKey),
+		Bucket:          fmt.Sprint(bucket),
+		Region:          oss.Region(fmt.Sprint(regionName)),
+		ChunkSize:       chunkSize,
+		RootDirectory:   fmt.Sprint(rootDirectory),
+		Encrypt:         encryptBool,
+		Secure:          secureBool,
+		Internal:        internalBool,
+		Endpoint:        fmt.Sprint(endpoint),
+	}
+
+	return New(params)
+}
+
+// New constructs a new Driver with the given Aliyun credentials, region, encryption flag, and
+// bucketName
+func New(params DriverParameters) (*Driver, error) {
+
+	client := oss.NewOSSClient(params.Region, params.Internal, params.AccessKeyID, params.AccessKeySecret, params.Secure)
+	client.SetEndpoint(params.Endpoint)
+	bucket := client.Bucket(params.Bucket)
+	client.SetDebug(false)
+
+	// Validate that the given credentials have at least read permissions in the
+	// given bucket scope.
+	if _, err := bucket.List(strings.TrimRight(params.RootDirectory, "/"), "", "", 1); err != nil {
+		return nil, err
+	}
+
+	// TODO(tg123): Currently multipart uploads have no timestamps, so this would be unwise
+	// if you initiated a new OSS client while another one is running on the same bucket.
+
+	d := &driver{
+		Client:        client,
+		Bucket:        bucket,
+		ChunkSize:     params.ChunkSize,
+		Encrypt:       params.Encrypt,
+		RootDirectory: params.RootDirectory,
+	}
+
+	return &Driver{
+		baseEmbed: baseEmbed{
+			Base: base.Base{
+				StorageDriver: d,
+			},
+		},
+	}, nil
+}
+
+// Implement the storagedriver.StorageDriver interface
+
+func (d *driver) Name() string {
+	return driverName
+}
+
+// GetContent retrieves the content stored at "path" as a []byte.
+func (d *driver) GetContent(ctx context.Context, path string) ([]byte, error) {
+	content, err := d.Bucket.Get(d.ossPath(path))
+	if err != nil {
+		return nil, parseError(path, err)
+	}
+	return content, nil
+}
+
+// PutContent stores the []byte content at a location designated by "path".
+func (d *driver) PutContent(ctx context.Context, path string, contents []byte) error {
+	return parseError(path, d.Bucket.Put(d.ossPath(path), contents, d.getContentType(), getPermissions(), d.getOptions()))
+}
+
+// Reader retrieves an io.ReadCloser for the content stored at "path" with a
+// given byte offset.
+func (d *driver) Reader(ctx context.Context, path string, offset int64) (io.ReadCloser, error) {
+	headers := make(http.Header)
+	headers.Add("Range", "bytes="+strconv.FormatInt(offset, 10)+"-")
+
+	resp, err := d.Bucket.GetResponseWithHeaders(d.ossPath(path), headers)
+	if err != nil {
+		return nil, parseError(path, err)
+	}
+
+	// Due to Aliyun OSS API, status 200 and whole object will be return instead of an
+	// InvalidRange error when range is invalid.
+	//
+	// OSS sever will always return http.StatusPartialContent if range is acceptable.
+	if resp.StatusCode != http.StatusPartialContent {
+		resp.Body.Close()
+		return ioutil.NopCloser(bytes.NewReader(nil)), nil
+	}
+
+	return resp.Body, nil
+}
+
+// Writer returns a FileWriter which will store the content written to it
+// at the location designated by "path" after the call to Commit.
+func (d *driver) Writer(ctx context.Context, path string, append bool) (storagedriver.FileWriter, error) {
+	key := d.ossPath(path)
+	if !append {
+		// TODO (brianbland): cancel other uploads at this path
+		multi, err := d.Bucket.InitMulti(key, d.getContentType(), getPermissions(), d.getOptions())
+		if err != nil {
+			return nil, err
+		}
+		return d.newWriter(key, multi, nil), nil
+	}
+	multis, _, err := d.Bucket.ListMulti(key, "")
+	if err != nil {
+		return nil, parseError(path, err)
+	}
+	for _, multi := range multis {
+		if key != multi.Key {
+			continue
+		}
+		parts, err := multi.ListParts()
+		if err != nil {
+			return nil, parseError(path, err)
+		}
+		var multiSize int64
+		for _, part := range parts {
+			multiSize += part.Size
+		}
+		return d.newWriter(key, multi, parts), nil
+	}
+	return nil, storagedriver.PathNotFoundError{Path: path}
+}
+
+// Stat retrieves the FileInfo for the given path, including the current size
+// in bytes and the creation time.
+func (d *driver) Stat(ctx context.Context, path string) (storagedriver.FileInfo, error) {
+	listResponse, err := d.Bucket.List(d.ossPath(path), "", "", 1)
+	if err != nil {
+		return nil, err
+	}
+
+	fi := storagedriver.FileInfoFields{
+		Path: path,
+	}
+
+	if len(listResponse.Contents) == 1 {
+		if listResponse.Contents[0].Key != d.ossPath(path) {
+			fi.IsDir = true
+		} else {
+			fi.IsDir = false
+			fi.Size = listResponse.Contents[0].Size
+
+			timestamp, err := time.Parse(time.RFC3339Nano, listResponse.Contents[0].LastModified)
+			if err != nil {
+				return nil, err
+			}
+			fi.ModTime = timestamp
+		}
+	} else if len(listResponse.CommonPrefixes) == 1 {
+		fi.IsDir = true
+	} else {
+		return nil, storagedriver.PathNotFoundError{Path: path}
+	}
+
+	return storagedriver.FileInfoInternal{FileInfoFields: fi}, nil
+}
+
+// List returns a list of the objects that are direct descendants of the given path.
+func (d *driver) List(ctx context.Context, opath string) ([]string, error) {
+	path := opath
+	if path != "/" && opath[len(path)-1] != '/' {
+		path = path + "/"
+	}
+
+	// This is to cover for the cases when the rootDirectory of the driver is either "" or "/".
+	// In those cases, there is no root prefix to replace and we must actually add a "/" to all
+	// results in order to keep them as valid paths as recognized by storagedriver.PathRegexp
+	prefix := ""
+	if d.ossPath("") == "" {
+		prefix = "/"
+	}
+
+	ossPath := d.ossPath(path)
+	listResponse, err := d.Bucket.List(ossPath, "/", "", listMax)
+	if err != nil {
+		return nil, parseError(opath, err)
+	}
+
+	files := []string{}
+	directories := []string{}
+
+	for {
+		for _, key := range listResponse.Contents {
+			files = append(files, strings.Replace(key.Key, d.ossPath(""), prefix, 1))
+		}
+
+		for _, commonPrefix := range listResponse.CommonPrefixes {
+			directories = append(directories, strings.Replace(commonPrefix[0:len(commonPrefix)-1], d.ossPath(""), prefix, 1))
+		}
+
+		if listResponse.IsTruncated {
+			listResponse, err = d.Bucket.List(ossPath, "/", listResponse.NextMarker, listMax)
+			if err != nil {
+				return nil, err
+			}
+		} else {
+			break
+		}
+	}
+
+	// This is to cover for the cases when the first key equal to ossPath.
+	if len(files) > 0 && files[0] == strings.Replace(ossPath, d.ossPath(""), prefix, 1) {
+		files = files[1:]
+	}
+
+	if opath != "/" {
+		if len(files) == 0 && len(directories) == 0 {
+			// Treat empty response as missing directory, since we don't actually
+			// have directories in s3.
+			return nil, storagedriver.PathNotFoundError{Path: opath}
+		}
+	}
+
+	return append(files, directories...), nil
+}
+
+const maxConcurrency = 10
+
+// Move moves an object stored at sourcePath to destPath, removing the original
+// object.
+func (d *driver) Move(ctx context.Context, sourcePath string, destPath string) error {
+	logrus.Infof("Move from %s to %s", d.ossPath(sourcePath), d.ossPath(destPath))
+	err := d.Bucket.CopyLargeFileInParallel(d.ossPath(sourcePath), d.ossPath(destPath),
+		d.getContentType(),
+		getPermissions(),
+		oss.Options{},
+		maxConcurrency)
+	if err != nil {
+		logrus.Errorf("Failed for move from %s to %s: %v", d.ossPath(sourcePath), d.ossPath(destPath), err)
+		return parseError(sourcePath, err)
+	}
+
+	return d.Delete(ctx, sourcePath)
+}
+
+// Delete recursively deletes all objects stored at "path" and its subpaths.
+func (d *driver) Delete(ctx context.Context, path string) error {
+	ossPath := d.ossPath(path)
+	listResponse, err := d.Bucket.List(ossPath, "", "", listMax)
+	if err != nil || len(listResponse.Contents) == 0 {
+		return storagedriver.PathNotFoundError{Path: path}
+	}
+
+	ossObjects := make([]oss.Object, listMax)
+
+	for len(listResponse.Contents) > 0 {
+		numOssObjects := len(listResponse.Contents)
+		for index, key := range listResponse.Contents {
+			// Stop if we encounter a key that is not a subpath (so that deleting "/a" does not delete "/ab").
+			if len(key.Key) > len(ossPath) && (key.Key)[len(ossPath)] != '/' {
+				numOssObjects = index
+				break
+			}
+			ossObjects[index].Key = key.Key
+		}
+
+		err := d.Bucket.DelMulti(oss.Delete{Quiet: false, Objects: ossObjects[0:numOssObjects]})
+		if err != nil {
+			return nil
+		}
+
+		if numOssObjects < len(listResponse.Contents) {
+			return nil
+		}
+
+		listResponse, err = d.Bucket.List(d.ossPath(path), "", "", listMax)
+		if err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+// URLFor returns a URL which may be used to retrieve the content stored at the given path.
+// May return an UnsupportedMethodErr in certain StorageDriver implementations.
+func (d *driver) URLFor(ctx context.Context, path string, options map[string]interface{}) (string, error) {
+	methodString := "GET"
+	method, ok := options["method"]
+	if ok {
+		methodString, ok = method.(string)
+		if !ok || (methodString != "GET") {
+			return "", storagedriver.ErrUnsupportedMethod{}
+		}
+	}
+
+	expiresTime := time.Now().Add(20 * time.Minute)
+
+	expires, ok := options["expiry"]
+	if ok {
+		et, ok := expires.(time.Time)
+		if ok {
+			expiresTime = et
+		}
+	}
+	logrus.Infof("methodString: %s, expiresTime: %v", methodString, expiresTime)
+	signedURL := d.Bucket.SignedURLWithMethod(methodString, d.ossPath(path), expiresTime, nil, nil)
+	logrus.Infof("signed URL: %s", signedURL)
+	return signedURL, nil
+}
+
+// Walk traverses a filesystem defined within driver, starting
+// from the given path, calling f on each file
+func (d *driver) Walk(ctx context.Context, path string, f storagedriver.WalkFn) error {
+	return storagedriver.WalkFallback(ctx, d, path, f)
+}
+
+func (d *driver) ossPath(path string) string {
+	return strings.TrimLeft(strings.TrimRight(d.RootDirectory, "/")+path, "/")
+}
+
+func parseError(path string, err error) error {
+	if ossErr, ok := err.(*oss.Error); ok && ossErr.StatusCode == http.StatusNotFound && (ossErr.Code == "NoSuchKey" || ossErr.Code == "") {
+		return storagedriver.PathNotFoundError{Path: path}
+	}
+
+	return err
+}
+
+func hasCode(err error, code string) bool {
+	ossErr, ok := err.(*oss.Error)
+	return ok && ossErr.Code == code
+}
+
+func (d *driver) getOptions() oss.Options {
+	return oss.Options{ServerSideEncryption: d.Encrypt}
+}
+
+func getPermissions() oss.ACL {
+	return oss.Private
+}
+
+func (d *driver) getContentType() string {
+	return "application/octet-stream"
+}
+
+// writer attempts to upload parts to S3 in a buffered fashion where the last
+// part is at least as large as the chunksize, so the multipart upload could be
+// cleanly resumed in the future. This is violated if Close is called after less
+// than a full chunk is written.
+type writer struct {
+	driver      *driver
+	key         string
+	multi       *oss.Multi
+	parts       []oss.Part
+	size        int64
+	readyPart   []byte
+	pendingPart []byte
+	closed      bool
+	committed   bool
+	cancelled   bool
+}
+
+func (d *driver) newWriter(key string, multi *oss.Multi, parts []oss.Part) storagedriver.FileWriter {
+	var size int64
+	for _, part := range parts {
+		size += part.Size
+	}
+	return &writer{
+		driver: d,
+		key:    key,
+		multi:  multi,
+		parts:  parts,
+		size:   size,
+	}
+}
+
+func (w *writer) Write(p []byte) (int, error) {
+	if w.closed {
+		return 0, fmt.Errorf("already closed")
+	} else if w.committed {
+		return 0, fmt.Errorf("already committed")
+	} else if w.cancelled {
+		return 0, fmt.Errorf("already cancelled")
+	}
+
+	// If the last written part is smaller than minChunkSize, we need to make a
+	// new multipart upload :sadface:
+	if len(w.parts) > 0 && int(w.parts[len(w.parts)-1].Size) < minChunkSize {
+		err := w.multi.Complete(w.parts)
+		if err != nil {
+			w.multi.Abort()
+			return 0, err
+		}
+
+		multi, err := w.driver.Bucket.InitMulti(w.key, w.driver.getContentType(), getPermissions(), w.driver.getOptions())
+		if err != nil {
+			return 0, err
+		}
+		w.multi = multi
+
+		// If the entire written file is smaller than minChunkSize, we need to make
+		// a new part from scratch :double sad face:
+		if w.size < minChunkSize {
+			contents, err := w.driver.Bucket.Get(w.key)
+			if err != nil {
+				return 0, err
+			}
+			w.parts = nil
+			w.readyPart = contents
+		} else {
+			// Otherwise we can use the old file as the new first part
+			_, part, err := multi.PutPartCopy(1, oss.CopyOptions{}, w.driver.Bucket.Name+"/"+w.key)
+			if err != nil {
+				return 0, err
+			}
+			w.parts = []oss.Part{part}
+		}
+	}
+
+	var n int
+
+	for len(p) > 0 {
+		// If no parts are ready to write, fill up the first part
+		if neededBytes := int(w.driver.ChunkSize) - len(w.readyPart); neededBytes > 0 {
+			if len(p) >= neededBytes {
+				w.readyPart = append(w.readyPart, p[:neededBytes]...)
+				n += neededBytes
+				p = p[neededBytes:]
+			} else {
+				w.readyPart = append(w.readyPart, p...)
+				n += len(p)
+				p = nil
+			}
+		}
+
+		if neededBytes := int(w.driver.ChunkSize) - len(w.pendingPart); neededBytes > 0 {
+			if len(p) >= neededBytes {
+				w.pendingPart = append(w.pendingPart, p[:neededBytes]...)
+				n += neededBytes
+				p = p[neededBytes:]
+				err := w.flushPart()
+				if err != nil {
+					w.size += int64(n)
+					return n, err
+				}
+			} else {
+				w.pendingPart = append(w.pendingPart, p...)
+				n += len(p)
+				p = nil
+			}
+		}
+	}
+	w.size += int64(n)
+	return n, nil
+}
+
+func (w *writer) Size() int64 {
+	return w.size
+}
+
+func (w *writer) Close() error {
+	if w.closed {
+		return fmt.Errorf("already closed")
+	}
+	w.closed = true
+	return w.flushPart()
+}
+
+func (w *writer) Cancel() error {
+	if w.closed {
+		return fmt.Errorf("already closed")
+	} else if w.committed {
+		return fmt.Errorf("already committed")
+	}
+	w.cancelled = true
+	err := w.multi.Abort()
+	return err
+}
+
+func (w *writer) Commit() error {
+	if w.closed {
+		return fmt.Errorf("already closed")
+	} else if w.committed {
+		return fmt.Errorf("already committed")
+	} else if w.cancelled {
+		return fmt.Errorf("already cancelled")
+	}
+	err := w.flushPart()
+	if err != nil {
+		return err
+	}
+	w.committed = true
+	err = w.multi.Complete(w.parts)
+	if err != nil {
+		w.multi.Abort()
+		return err
+	}
+	return nil
+}
+
+// flushPart flushes buffers to write a part to S3.
+// Only called by Write (with both buffers full) and Close/Commit (always)
+func (w *writer) flushPart() error {
+	if len(w.readyPart) == 0 && len(w.pendingPart) == 0 {
+		// nothing to write
+		return nil
+	}
+	if len(w.pendingPart) < int(w.driver.ChunkSize) {
+		// closing with a small pending part
+		// combine ready and pending to avoid writing a small part
+		w.readyPart = append(w.readyPart, w.pendingPart...)
+		w.pendingPart = nil
+	}
+
+	part, err := w.multi.PutPart(len(w.parts)+1, bytes.NewReader(w.readyPart))
+	if err != nil {
+		return err
+	}
+	w.parts = append(w.parts, part)
+	w.readyPart = w.pendingPart
+	w.pendingPart = nil
+	return nil
+}
diff --git a/vendor/github.com/docker/distribution/registry/storage/driver/s3-aws/s3.go b/vendor/github.com/docker/distribution/registry/storage/driver/s3-aws/s3.go
new file mode 100644
index 000000000..77b821f82
--- /dev/null
+++ b/vendor/github.com/docker/distribution/registry/storage/driver/s3-aws/s3.go
@@ -0,0 +1,1371 @@
+// Package s3 provides a storagedriver.StorageDriver implementation to
+// store blobs in Amazon S3 cloud storage.
+//
+// This package leverages the official aws client library for interfacing with
+// S3.
+//
+// Because S3 is a key, value store the Stat call does not support last modification
+// time for directories (directories are an abstraction for key, value stores)
+//
+// Keep in mind that S3 guarantees only read-after-write consistency for new
+// objects, but no read-after-update or list-after-write consistency.
+package s3
+
+import (
+	"bytes"
+	"context"
+	"crypto/tls"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"math"
+	"net/http"
+	"reflect"
+	"sort"
+	"strconv"
+	"strings"
+	"time"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/awserr"
+	"github.com/aws/aws-sdk-go/aws/credentials"
+	"github.com/aws/aws-sdk-go/aws/credentials/ec2rolecreds"
+	"github.com/aws/aws-sdk-go/aws/ec2metadata"
+	"github.com/aws/aws-sdk-go/aws/endpoints"
+	"github.com/aws/aws-sdk-go/aws/request"
+	"github.com/aws/aws-sdk-go/aws/session"
+	"github.com/aws/aws-sdk-go/service/s3"
+
+	dcontext "github.com/docker/distribution/context"
+	"github.com/docker/distribution/registry/client/transport"
+	storagedriver "github.com/docker/distribution/registry/storage/driver"
+	"github.com/docker/distribution/registry/storage/driver/base"
+	"github.com/docker/distribution/registry/storage/driver/factory"
+)
+
+const driverName = "s3aws"
+
+// minChunkSize defines the minimum multipart upload chunk size
+// S3 API requires multipart upload chunks to be at least 5MB
+const minChunkSize = 5 << 20
+
+// maxChunkSize defines the maximum multipart upload chunk size allowed by S3.
+const maxChunkSize = 5 << 30
+
+const defaultChunkSize = 2 * minChunkSize
+
+const (
+	// defaultMultipartCopyChunkSize defines the default chunk size for all
+	// but the last Upload Part - Copy operation of a multipart copy.
+	// Empirically, 32 MB is optimal.
+	defaultMultipartCopyChunkSize = 32 << 20
+
+	// defaultMultipartCopyMaxConcurrency defines the default maximum number
+	// of concurrent Upload Part - Copy operations for a multipart copy.
+	defaultMultipartCopyMaxConcurrency = 100
+
+	// defaultMultipartCopyThresholdSize defines the default object size
+	// above which multipart copy will be used. (PUT Object - Copy is used
+	// for objects at or below this size.)  Empirically, 32 MB is optimal.
+	defaultMultipartCopyThresholdSize = 32 << 20
+)
+
+// listMax is the largest amount of objects you can request from S3 in a list call
+const listMax = 1000
+
+// noStorageClass defines the value to be used if storage class is not supported by the S3 endpoint
+const noStorageClass = "NONE"
+
+// validRegions maps known s3 region identifiers to region descriptors
+var validRegions = map[string]struct{}{}
+
+// validObjectACLs contains known s3 object Acls
+var validObjectACLs = map[string]struct{}{}
+
+// DriverParameters A struct that encapsulates all of the driver parameters after all values have been set
+type DriverParameters struct {
+	AccessKey                   string
+	SecretKey                   string
+	Bucket                      string
+	Region                      string
+	RegionEndpoint              string
+	Encrypt                     bool
+	KeyID                       string
+	Secure                      bool
+	SkipVerify                  bool
+	V4Auth                      bool
+	ChunkSize                   int64
+	MultipartCopyChunkSize      int64
+	MultipartCopyMaxConcurrency int64
+	MultipartCopyThresholdSize  int64
+	RootDirectory               string
+	StorageClass                string
+	UserAgent                   string
+	ObjectACL                   string
+	SessionToken                string
+}
+
+func init() {
+	partitions := endpoints.DefaultPartitions()
+	for _, p := range partitions {
+		for region := range p.Regions() {
+			validRegions[region] = struct{}{}
+		}
+	}
+
+	for _, objectACL := range []string{
+		s3.ObjectCannedACLPrivate,
+		s3.ObjectCannedACLPublicRead,
+		s3.ObjectCannedACLPublicReadWrite,
+		s3.ObjectCannedACLAuthenticatedRead,
+		s3.ObjectCannedACLAwsExecRead,
+		s3.ObjectCannedACLBucketOwnerRead,
+		s3.ObjectCannedACLBucketOwnerFullControl,
+	} {
+		validObjectACLs[objectACL] = struct{}{}
+	}
+
+	// Register this as the default s3 driver in addition to s3aws
+	factory.Register("s3", &s3DriverFactory{})
+	factory.Register(driverName, &s3DriverFactory{})
+}
+
+// s3DriverFactory implements the factory.StorageDriverFactory interface
+type s3DriverFactory struct{}
+
+func (factory *s3DriverFactory) Create(parameters map[string]interface{}) (storagedriver.StorageDriver, error) {
+	return FromParameters(parameters)
+}
+
+type driver struct {
+	S3                          *s3.S3
+	Bucket                      string
+	ChunkSize                   int64
+	Encrypt                     bool
+	KeyID                       string
+	MultipartCopyChunkSize      int64
+	MultipartCopyMaxConcurrency int64
+	MultipartCopyThresholdSize  int64
+	RootDirectory               string
+	StorageClass                string
+	ObjectACL                   string
+}
+
+type baseEmbed struct {
+	base.Base
+}
+
+// Driver is a storagedriver.StorageDriver implementation backed by Amazon S3
+// Objects are stored at absolute keys in the provided bucket.
+type Driver struct {
+	baseEmbed
+}
+
+// FromParameters constructs a new Driver with a given parameters map
+// Required parameters:
+// - accesskey
+// - secretkey
+// - region
+// - bucket
+// - encrypt
+func FromParameters(parameters map[string]interface{}) (*Driver, error) {
+	// Providing no values for these is valid in case the user is authenticating
+	// with an IAM on an ec2 instance (in which case the instance credentials will
+	// be summoned when GetAuth is called)
+	accessKey := parameters["accesskey"]
+	if accessKey == nil {
+		accessKey = ""
+	}
+	secretKey := parameters["secretkey"]
+	if secretKey == nil {
+		secretKey = ""
+	}
+
+	regionEndpoint := parameters["regionendpoint"]
+	if regionEndpoint == nil {
+		regionEndpoint = ""
+	}
+
+	regionName := parameters["region"]
+	if regionName == nil || fmt.Sprint(regionName) == "" {
+		return nil, fmt.Errorf("no region parameter provided")
+	}
+	region := fmt.Sprint(regionName)
+	// Don't check the region value if a custom endpoint is provided.
+	if regionEndpoint == "" {
+		if _, ok := validRegions[region]; !ok {
+			return nil, fmt.Errorf("invalid region provided: %v", region)
+		}
+	}
+
+	bucket := parameters["bucket"]
+	if bucket == nil || fmt.Sprint(bucket) == "" {
+		return nil, fmt.Errorf("no bucket parameter provided")
+	}
+
+	encryptBool := false
+	encrypt := parameters["encrypt"]
+	switch encrypt := encrypt.(type) {
+	case string:
+		b, err := strconv.ParseBool(encrypt)
+		if err != nil {
+			return nil, fmt.Errorf("the encrypt parameter should be a boolean")
+		}
+		encryptBool = b
+	case bool:
+		encryptBool = encrypt
+	case nil:
+		// do nothing
+	default:
+		return nil, fmt.Errorf("the encrypt parameter should be a boolean")
+	}
+
+	secureBool := true
+	secure := parameters["secure"]
+	switch secure := secure.(type) {
+	case string:
+		b, err := strconv.ParseBool(secure)
+		if err != nil {
+			return nil, fmt.Errorf("the secure parameter should be a boolean")
+		}
+		secureBool = b
+	case bool:
+		secureBool = secure
+	case nil:
+		// do nothing
+	default:
+		return nil, fmt.Errorf("the secure parameter should be a boolean")
+	}
+
+	skipVerifyBool := false
+	skipVerify := parameters["skipverify"]
+	switch skipVerify := skipVerify.(type) {
+	case string:
+		b, err := strconv.ParseBool(skipVerify)
+		if err != nil {
+			return nil, fmt.Errorf("the skipVerify parameter should be a boolean")
+		}
+		skipVerifyBool = b
+	case bool:
+		skipVerifyBool = skipVerify
+	case nil:
+		// do nothing
+	default:
+		return nil, fmt.Errorf("the skipVerify parameter should be a boolean")
+	}
+
+	v4Bool := true
+	v4auth := parameters["v4auth"]
+	switch v4auth := v4auth.(type) {
+	case string:
+		b, err := strconv.ParseBool(v4auth)
+		if err != nil {
+			return nil, fmt.Errorf("the v4auth parameter should be a boolean")
+		}
+		v4Bool = b
+	case bool:
+		v4Bool = v4auth
+	case nil:
+		// do nothing
+	default:
+		return nil, fmt.Errorf("the v4auth parameter should be a boolean")
+	}
+
+	keyID := parameters["keyid"]
+	if keyID == nil {
+		keyID = ""
+	}
+
+	chunkSize, err := getParameterAsInt64(parameters, "chunksize", defaultChunkSize, minChunkSize, maxChunkSize)
+	if err != nil {
+		return nil, err
+	}
+
+	multipartCopyChunkSize, err := getParameterAsInt64(parameters, "multipartcopychunksize", defaultMultipartCopyChunkSize, minChunkSize, maxChunkSize)
+	if err != nil {
+		return nil, err
+	}
+
+	multipartCopyMaxConcurrency, err := getParameterAsInt64(parameters, "multipartcopymaxconcurrency", defaultMultipartCopyMaxConcurrency, 1, math.MaxInt64)
+	if err != nil {
+		return nil, err
+	}
+
+	multipartCopyThresholdSize, err := getParameterAsInt64(parameters, "multipartcopythresholdsize", defaultMultipartCopyThresholdSize, 0, maxChunkSize)
+	if err != nil {
+		return nil, err
+	}
+
+	rootDirectory := parameters["rootdirectory"]
+	if rootDirectory == nil {
+		rootDirectory = ""
+	}
+
+	storageClass := s3.StorageClassStandard
+	storageClassParam := parameters["storageclass"]
+	if storageClassParam != nil {
+		storageClassString, ok := storageClassParam.(string)
+		if !ok {
+			return nil, fmt.Errorf("the storageclass parameter must be one of %v, %v invalid",
+				[]string{s3.StorageClassStandard, s3.StorageClassReducedRedundancy}, storageClassParam)
+		}
+		// All valid storage class parameters are UPPERCASE, so be a bit more flexible here
+		storageClassString = strings.ToUpper(storageClassString)
+		if storageClassString != noStorageClass &&
+			storageClassString != s3.StorageClassStandard &&
+			storageClassString != s3.StorageClassReducedRedundancy {
+			return nil, fmt.Errorf("the storageclass parameter must be one of %v, %v invalid",
+				[]string{noStorageClass, s3.StorageClassStandard, s3.StorageClassReducedRedundancy}, storageClassParam)
+		}
+		storageClass = storageClassString
+	}
+
+	userAgent := parameters["useragent"]
+	if userAgent == nil {
+		userAgent = ""
+	}
+
+	objectACL := s3.ObjectCannedACLPrivate
+	objectACLParam := parameters["objectacl"]
+	if objectACLParam != nil {
+		objectACLString, ok := objectACLParam.(string)
+		if !ok {
+			return nil, fmt.Errorf("invalid value for objectacl parameter: %v", objectACLParam)
+		}
+
+		if _, ok = validObjectACLs[objectACLString]; !ok {
+			return nil, fmt.Errorf("invalid value for objectacl parameter: %v", objectACLParam)
+		}
+		objectACL = objectACLString
+	}
+
+	sessionToken := ""
+
+	params := DriverParameters{
+		fmt.Sprint(accessKey),
+		fmt.Sprint(secretKey),
+		fmt.Sprint(bucket),
+		region,
+		fmt.Sprint(regionEndpoint),
+		encryptBool,
+		fmt.Sprint(keyID),
+		secureBool,
+		skipVerifyBool,
+		v4Bool,
+		chunkSize,
+		multipartCopyChunkSize,
+		multipartCopyMaxConcurrency,
+		multipartCopyThresholdSize,
+		fmt.Sprint(rootDirectory),
+		storageClass,
+		fmt.Sprint(userAgent),
+		objectACL,
+		fmt.Sprint(sessionToken),
+	}
+
+	return New(params)
+}
+
+// getParameterAsInt64 converts parameters[name] to an int64 value (using
+// defaultt if nil), verifies it is no smaller than min, and returns it.
+func getParameterAsInt64(parameters map[string]interface{}, name string, defaultt int64, min int64, max int64) (int64, error) {
+	rv := defaultt
+	param := parameters[name]
+	switch v := param.(type) {
+	case string:
+		vv, err := strconv.ParseInt(v, 0, 64)
+		if err != nil {
+			return 0, fmt.Errorf("%s parameter must be an integer, %v invalid", name, param)
+		}
+		rv = vv
+	case int64:
+		rv = v
+	case int, uint, int32, uint32, uint64:
+		rv = reflect.ValueOf(v).Convert(reflect.TypeOf(rv)).Int()
+	case nil:
+		// do nothing
+	default:
+		return 0, fmt.Errorf("invalid value for %s: %#v", name, param)
+	}
+
+	if rv < min || rv > max {
+		return 0, fmt.Errorf("the %s %#v parameter should be a number between %d and %d (inclusive)", name, rv, min, max)
+	}
+
+	return rv, nil
+}
+
+// New constructs a new Driver with the given AWS credentials, region, encryption flag, and
+// bucketName
+func New(params DriverParameters) (*Driver, error) {
+	if !params.V4Auth &&
+		(params.RegionEndpoint == "" ||
+			strings.Contains(params.RegionEndpoint, "s3.amazonaws.com")) {
+		return nil, fmt.Errorf("on Amazon S3 this storage driver can only be used with v4 authentication")
+	}
+
+	awsConfig := aws.NewConfig()
+	sess, err := session.NewSession()
+	if err != nil {
+		return nil, fmt.Errorf("failed to create new session: %v", err)
+	}
+	creds := credentials.NewChainCredentials([]credentials.Provider{
+		&credentials.StaticProvider{
+			Value: credentials.Value{
+				AccessKeyID:     params.AccessKey,
+				SecretAccessKey: params.SecretKey,
+				SessionToken:    params.SessionToken,
+			},
+		},
+		&credentials.EnvProvider{},
+		&credentials.SharedCredentialsProvider{},
+		&ec2rolecreds.EC2RoleProvider{Client: ec2metadata.New(sess)},
+	})
+
+	if params.RegionEndpoint != "" {
+		awsConfig.WithS3ForcePathStyle(true)
+		awsConfig.WithEndpoint(params.RegionEndpoint)
+	}
+
+	awsConfig.WithCredentials(creds)
+	awsConfig.WithRegion(params.Region)
+	awsConfig.WithDisableSSL(!params.Secure)
+
+	if params.UserAgent != "" || params.SkipVerify {
+		httpTransport := http.DefaultTransport
+		if params.SkipVerify {
+			httpTransport = &http.Transport{
+				TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
+			}
+		}
+		if params.UserAgent != "" {
+			awsConfig.WithHTTPClient(&http.Client{
+				Transport: transport.NewTransport(httpTransport, transport.NewHeaderRequestModifier(http.Header{http.CanonicalHeaderKey("User-Agent"): []string{params.UserAgent}})),
+			})
+		} else {
+			awsConfig.WithHTTPClient(&http.Client{
+				Transport: transport.NewTransport(httpTransport),
+			})
+		}
+	}
+
+	sess, err = session.NewSession(awsConfig)
+	if err != nil {
+		return nil, fmt.Errorf("failed to create new session with aws config: %v", err)
+	}
+	s3obj := s3.New(sess)
+
+	// enable S3 compatible signature v2 signing instead
+	if !params.V4Auth {
+		setv2Handlers(s3obj)
+	}
+
+	// TODO Currently multipart uploads have no timestamps, so this would be unwise
+	// if you initiated a new s3driver while another one is running on the same bucket.
+	// multis, _, err := bucket.ListMulti("", "")
+	// if err != nil {
+	// 	return nil, err
+	// }
+
+	// for _, multi := range multis {
+	// 	err := multi.Abort()
+	// 	//TODO appropriate to do this error checking?
+	// 	if err != nil {
+	// 		return nil, err
+	// 	}
+	// }
+
+	d := &driver{
+		S3:                          s3obj,
+		Bucket:                      params.Bucket,
+		ChunkSize:                   params.ChunkSize,
+		Encrypt:                     params.Encrypt,
+		KeyID:                       params.KeyID,
+		MultipartCopyChunkSize:      params.MultipartCopyChunkSize,
+		MultipartCopyMaxConcurrency: params.MultipartCopyMaxConcurrency,
+		MultipartCopyThresholdSize:  params.MultipartCopyThresholdSize,
+		RootDirectory:               params.RootDirectory,
+		StorageClass:                params.StorageClass,
+		ObjectACL:                   params.ObjectACL,
+	}
+
+	return &Driver{
+		baseEmbed: baseEmbed{
+			Base: base.Base{
+				StorageDriver: d,
+			},
+		},
+	}, nil
+}
+
+// Implement the storagedriver.StorageDriver interface
+
+func (d *driver) Name() string {
+	return driverName
+}
+
+// GetContent retrieves the content stored at "path" as a []byte.
+func (d *driver) GetContent(ctx context.Context, path string) ([]byte, error) {
+	reader, err := d.Reader(ctx, path, 0)
+	if err != nil {
+		return nil, err
+	}
+	return ioutil.ReadAll(reader)
+}
+
+// PutContent stores the []byte content at a location designated by "path".
+func (d *driver) PutContent(ctx context.Context, path string, contents []byte) error {
+	_, err := d.S3.PutObject(&s3.PutObjectInput{
+		Bucket:               aws.String(d.Bucket),
+		Key:                  aws.String(d.s3Path(path)),
+		ContentType:          d.getContentType(),
+		ACL:                  d.getACL(),
+		ServerSideEncryption: d.getEncryptionMode(),
+		SSEKMSKeyId:          d.getSSEKMSKeyID(),
+		StorageClass:         d.getStorageClass(),
+		Body:                 bytes.NewReader(contents),
+	})
+	return parseError(path, err)
+}
+
+// Reader retrieves an io.ReadCloser for the content stored at "path" with a
+// given byte offset.
+func (d *driver) Reader(ctx context.Context, path string, offset int64) (io.ReadCloser, error) {
+	resp, err := d.S3.GetObject(&s3.GetObjectInput{
+		Bucket: aws.String(d.Bucket),
+		Key:    aws.String(d.s3Path(path)),
+		Range:  aws.String("bytes=" + strconv.FormatInt(offset, 10) + "-"),
+	})
+
+	if err != nil {
+		if s3Err, ok := err.(awserr.Error); ok && s3Err.Code() == "InvalidRange" {
+			return ioutil.NopCloser(bytes.NewReader(nil)), nil
+		}
+
+		return nil, parseError(path, err)
+	}
+	return resp.Body, nil
+}
+
+// Writer returns a FileWriter which will store the content written to it
+// at the location designated by "path" after the call to Commit.
+func (d *driver) Writer(ctx context.Context, path string, appendParam bool) (storagedriver.FileWriter, error) {
+	key := d.s3Path(path)
+	if !appendParam {
+		// TODO (brianbland): cancel other uploads at this path
+		resp, err := d.S3.CreateMultipartUpload(&s3.CreateMultipartUploadInput{
+			Bucket:               aws.String(d.Bucket),
+			Key:                  aws.String(key),
+			ContentType:          d.getContentType(),
+			ACL:                  d.getACL(),
+			ServerSideEncryption: d.getEncryptionMode(),
+			SSEKMSKeyId:          d.getSSEKMSKeyID(),
+			StorageClass:         d.getStorageClass(),
+		})
+		if err != nil {
+			return nil, err
+		}
+		return d.newWriter(key, *resp.UploadId, nil), nil
+	}
+	resp, err := d.S3.ListMultipartUploads(&s3.ListMultipartUploadsInput{
+		Bucket: aws.String(d.Bucket),
+		Prefix: aws.String(key),
+	})
+	if err != nil {
+		return nil, parseError(path, err)
+	}
+	var allParts []*s3.Part
+	for _, multi := range resp.Uploads {
+		if key != *multi.Key {
+			continue
+		}
+		resp, err := d.S3.ListParts(&s3.ListPartsInput{
+			Bucket:   aws.String(d.Bucket),
+			Key:      aws.String(key),
+			UploadId: multi.UploadId,
+		})
+		if err != nil {
+			return nil, parseError(path, err)
+		}
+		allParts = append(allParts, resp.Parts...)
+		for *resp.IsTruncated {
+			resp, err = d.S3.ListParts(&s3.ListPartsInput{
+				Bucket:           aws.String(d.Bucket),
+				Key:              aws.String(key),
+				UploadId:         multi.UploadId,
+				PartNumberMarker: resp.NextPartNumberMarker,
+			})
+			if err != nil {
+				return nil, parseError(path, err)
+			}
+			allParts = append(allParts, resp.Parts...)
+		}
+		return d.newWriter(key, *multi.UploadId, allParts), nil
+	}
+	return nil, storagedriver.PathNotFoundError{Path: path}
+}
+
+// Stat retrieves the FileInfo for the given path, including the current size
+// in bytes and the creation time.
+func (d *driver) Stat(ctx context.Context, path string) (storagedriver.FileInfo, error) {
+	resp, err := d.S3.ListObjects(&s3.ListObjectsInput{
+		Bucket:  aws.String(d.Bucket),
+		Prefix:  aws.String(d.s3Path(path)),
+		MaxKeys: aws.Int64(1),
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	fi := storagedriver.FileInfoFields{
+		Path: path,
+	}
+
+	if len(resp.Contents) == 1 {
+		if *resp.Contents[0].Key != d.s3Path(path) {
+			fi.IsDir = true
+		} else {
+			fi.IsDir = false
+			fi.Size = *resp.Contents[0].Size
+			fi.ModTime = *resp.Contents[0].LastModified
+		}
+	} else if len(resp.CommonPrefixes) == 1 {
+		fi.IsDir = true
+	} else {
+		return nil, storagedriver.PathNotFoundError{Path: path}
+	}
+
+	return storagedriver.FileInfoInternal{FileInfoFields: fi}, nil
+}
+
+// List returns a list of the objects that are direct descendants of the given path.
+func (d *driver) List(ctx context.Context, opath string) ([]string, error) {
+	path := opath
+	if path != "/" && path[len(path)-1] != '/' {
+		path = path + "/"
+	}
+
+	// This is to cover for the cases when the rootDirectory of the driver is either "" or "/".
+	// In those cases, there is no root prefix to replace and we must actually add a "/" to all
+	// results in order to keep them as valid paths as recognized by storagedriver.PathRegexp
+	prefix := ""
+	if d.s3Path("") == "" {
+		prefix = "/"
+	}
+
+	resp, err := d.S3.ListObjects(&s3.ListObjectsInput{
+		Bucket:    aws.String(d.Bucket),
+		Prefix:    aws.String(d.s3Path(path)),
+		Delimiter: aws.String("/"),
+		MaxKeys:   aws.Int64(listMax),
+	})
+	if err != nil {
+		return nil, parseError(opath, err)
+	}
+
+	files := []string{}
+	directories := []string{}
+
+	for {
+		for _, key := range resp.Contents {
+			files = append(files, strings.Replace(*key.Key, d.s3Path(""), prefix, 1))
+		}
+
+		for _, commonPrefix := range resp.CommonPrefixes {
+			commonPrefix := *commonPrefix.Prefix
+			directories = append(directories, strings.Replace(commonPrefix[0:len(commonPrefix)-1], d.s3Path(""), prefix, 1))
+		}
+
+		if *resp.IsTruncated {
+			resp, err = d.S3.ListObjects(&s3.ListObjectsInput{
+				Bucket:    aws.String(d.Bucket),
+				Prefix:    aws.String(d.s3Path(path)),
+				Delimiter: aws.String("/"),
+				MaxKeys:   aws.Int64(listMax),
+				Marker:    resp.NextMarker,
+			})
+			if err != nil {
+				return nil, err
+			}
+		} else {
+			break
+		}
+	}
+
+	if opath != "/" {
+		if len(files) == 0 && len(directories) == 0 {
+			// Treat empty response as missing directory, since we don't actually
+			// have directories in s3.
+			return nil, storagedriver.PathNotFoundError{Path: opath}
+		}
+	}
+
+	return append(files, directories...), nil
+}
+
+// Move moves an object stored at sourcePath to destPath, removing the original
+// object.
+func (d *driver) Move(ctx context.Context, sourcePath string, destPath string) error {
+	/* This is terrible, but aws doesn't have an actual move. */
+	if err := d.copy(ctx, sourcePath, destPath); err != nil {
+		return err
+	}
+	return d.Delete(ctx, sourcePath)
+}
+
+// copy copies an object stored at sourcePath to destPath.
+func (d *driver) copy(ctx context.Context, sourcePath string, destPath string) error {
+	// S3 can copy objects up to 5 GB in size with a single PUT Object - Copy
+	// operation. For larger objects, the multipart upload API must be used.
+	//
+	// Empirically, multipart copy is fastest with 32 MB parts and is faster
+	// than PUT Object - Copy for objects larger than 32 MB.
+
+	fileInfo, err := d.Stat(ctx, sourcePath)
+	if err != nil {
+		return parseError(sourcePath, err)
+	}
+
+	if fileInfo.Size() <= d.MultipartCopyThresholdSize {
+		_, err := d.S3.CopyObject(&s3.CopyObjectInput{
+			Bucket:               aws.String(d.Bucket),
+			Key:                  aws.String(d.s3Path(destPath)),
+			ContentType:          d.getContentType(),
+			ACL:                  d.getACL(),
+			ServerSideEncryption: d.getEncryptionMode(),
+			SSEKMSKeyId:          d.getSSEKMSKeyID(),
+			StorageClass:         d.getStorageClass(),
+			CopySource:           aws.String(d.Bucket + "/" + d.s3Path(sourcePath)),
+		})
+		if err != nil {
+			return parseError(sourcePath, err)
+		}
+		return nil
+	}
+
+	createResp, err := d.S3.CreateMultipartUpload(&s3.CreateMultipartUploadInput{
+		Bucket:               aws.String(d.Bucket),
+		Key:                  aws.String(d.s3Path(destPath)),
+		ContentType:          d.getContentType(),
+		ACL:                  d.getACL(),
+		SSEKMSKeyId:          d.getSSEKMSKeyID(),
+		ServerSideEncryption: d.getEncryptionMode(),
+		StorageClass:         d.getStorageClass(),
+	})
+	if err != nil {
+		return err
+	}
+
+	numParts := (fileInfo.Size() + d.MultipartCopyChunkSize - 1) / d.MultipartCopyChunkSize
+	completedParts := make([]*s3.CompletedPart, numParts)
+	errChan := make(chan error, numParts)
+	limiter := make(chan struct{}, d.MultipartCopyMaxConcurrency)
+
+	for i := range completedParts {
+		i := int64(i)
+		go func() {
+			limiter <- struct{}{}
+			firstByte := i * d.MultipartCopyChunkSize
+			lastByte := firstByte + d.MultipartCopyChunkSize - 1
+			if lastByte >= fileInfo.Size() {
+				lastByte = fileInfo.Size() - 1
+			}
+			uploadResp, err := d.S3.UploadPartCopy(&s3.UploadPartCopyInput{
+				Bucket:          aws.String(d.Bucket),
+				CopySource:      aws.String(d.Bucket + "/" + d.s3Path(sourcePath)),
+				Key:             aws.String(d.s3Path(destPath)),
+				PartNumber:      aws.Int64(i + 1),
+				UploadId:        createResp.UploadId,
+				CopySourceRange: aws.String(fmt.Sprintf("bytes=%d-%d", firstByte, lastByte)),
+			})
+			if err == nil {
+				completedParts[i] = &s3.CompletedPart{
+					ETag:       uploadResp.CopyPartResult.ETag,
+					PartNumber: aws.Int64(i + 1),
+				}
+			}
+			errChan <- err
+			<-limiter
+		}()
+	}
+
+	for range completedParts {
+		err := <-errChan
+		if err != nil {
+			return err
+		}
+	}
+
+	_, err = d.S3.CompleteMultipartUpload(&s3.CompleteMultipartUploadInput{
+		Bucket:          aws.String(d.Bucket),
+		Key:             aws.String(d.s3Path(destPath)),
+		UploadId:        createResp.UploadId,
+		MultipartUpload: &s3.CompletedMultipartUpload{Parts: completedParts},
+	})
+	return err
+}
+
+func min(a, b int) int {
+	if a < b {
+		return a
+	}
+	return b
+}
+
+// Delete recursively deletes all objects stored at "path" and its subpaths.
+// We must be careful since S3 does not guarantee read after delete consistency
+func (d *driver) Delete(ctx context.Context, path string) error {
+	s3Objects := make([]*s3.ObjectIdentifier, 0, listMax)
+	s3Path := d.s3Path(path)
+	listObjectsInput := &s3.ListObjectsInput{
+		Bucket: aws.String(d.Bucket),
+		Prefix: aws.String(s3Path),
+	}
+ListLoop:
+	for {
+		// list all the objects
+		resp, err := d.S3.ListObjects(listObjectsInput)
+
+		// resp.Contents can only be empty on the first call
+		// if there were no more results to return after the first call, resp.IsTruncated would have been false
+		// and the loop would be exited without recalling ListObjects
+		if err != nil || len(resp.Contents) == 0 {
+			return storagedriver.PathNotFoundError{Path: path}
+		}
+
+		for _, key := range resp.Contents {
+			// Stop if we encounter a key that is not a subpath (so that deleting "/a" does not delete "/ab").
+			if len(*key.Key) > len(s3Path) && (*key.Key)[len(s3Path)] != '/' {
+				break ListLoop
+			}
+			s3Objects = append(s3Objects, &s3.ObjectIdentifier{
+				Key: key.Key,
+			})
+		}
+
+		// resp.Contents must have at least one element or we would have returned not found
+		listObjectsInput.Marker = resp.Contents[len(resp.Contents)-1].Key
+
+		// from the s3 api docs, IsTruncated "specifies whether (true) or not (false) all of the results were returned"
+		// if everything has been returned, break
+		if resp.IsTruncated == nil || !*resp.IsTruncated {
+			break
+		}
+	}
+
+	// need to chunk objects into groups of 1000 per s3 restrictions
+	total := len(s3Objects)
+	for i := 0; i < total; i += 1000 {
+		_, err := d.S3.DeleteObjects(&s3.DeleteObjectsInput{
+			Bucket: aws.String(d.Bucket),
+			Delete: &s3.Delete{
+				Objects: s3Objects[i:min(i+1000, total)],
+				Quiet:   aws.Bool(false),
+			},
+		})
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+// URLFor returns a URL which may be used to retrieve the content stored at the given path.
+// May return an UnsupportedMethodErr in certain StorageDriver implementations.
+func (d *driver) URLFor(ctx context.Context, path string, options map[string]interface{}) (string, error) {
+	methodString := "GET"
+	method, ok := options["method"]
+	if ok {
+		methodString, ok = method.(string)
+		if !ok || (methodString != "GET" && methodString != "HEAD") {
+			return "", storagedriver.ErrUnsupportedMethod{}
+		}
+	}
+
+	expiresIn := 20 * time.Minute
+	expires, ok := options["expiry"]
+	if ok {
+		et, ok := expires.(time.Time)
+		if ok {
+			expiresIn = time.Until(et)
+		}
+	}
+
+	var req *request.Request
+
+	switch methodString {
+	case "GET":
+		req, _ = d.S3.GetObjectRequest(&s3.GetObjectInput{
+			Bucket: aws.String(d.Bucket),
+			Key:    aws.String(d.s3Path(path)),
+		})
+	case "HEAD":
+		req, _ = d.S3.HeadObjectRequest(&s3.HeadObjectInput{
+			Bucket: aws.String(d.Bucket),
+			Key:    aws.String(d.s3Path(path)),
+		})
+	default:
+		panic("unreachable")
+	}
+
+	return req.Presign(expiresIn)
+}
+
+// Walk traverses a filesystem defined within driver, starting
+// from the given path, calling f on each file
+func (d *driver) Walk(ctx context.Context, from string, f storagedriver.WalkFn) error {
+	path := from
+	if !strings.HasSuffix(path, "/") {
+		path = path + "/"
+	}
+
+	prefix := ""
+	if d.s3Path("") == "" {
+		prefix = "/"
+	}
+
+	var objectCount int64
+	if err := d.doWalk(ctx, &objectCount, d.s3Path(path), prefix, f); err != nil {
+		return err
+	}
+
+	// S3 doesn't have the concept of empty directories, so it'll return path not found if there are no objects
+	if objectCount == 0 {
+		return storagedriver.PathNotFoundError{Path: from}
+	}
+
+	return nil
+}
+
+type walkInfoContainer struct {
+	storagedriver.FileInfoFields
+	prefix *string
+}
+
+// Path provides the full path of the target of this file info.
+func (wi walkInfoContainer) Path() string {
+	return wi.FileInfoFields.Path
+}
+
+// Size returns current length in bytes of the file. The return value can
+// be used to write to the end of the file at path. The value is
+// meaningless if IsDir returns true.
+func (wi walkInfoContainer) Size() int64 {
+	return wi.FileInfoFields.Size
+}
+
+// ModTime returns the modification time for the file. For backends that
+// don't have a modification time, the creation time should be returned.
+func (wi walkInfoContainer) ModTime() time.Time {
+	return wi.FileInfoFields.ModTime
+}
+
+// IsDir returns true if the path is a directory.
+func (wi walkInfoContainer) IsDir() bool {
+	return wi.FileInfoFields.IsDir
+}
+
+func (d *driver) doWalk(parentCtx context.Context, objectCount *int64, path, prefix string, f storagedriver.WalkFn) error {
+	var retError error
+
+	listObjectsInput := &s3.ListObjectsV2Input{
+		Bucket:    aws.String(d.Bucket),
+		Prefix:    aws.String(path),
+		Delimiter: aws.String("/"),
+		MaxKeys:   aws.Int64(listMax),
+	}
+
+	ctx, done := dcontext.WithTrace(parentCtx)
+	defer done("s3aws.ListObjectsV2Pages(%s)", path)
+	listObjectErr := d.S3.ListObjectsV2PagesWithContext(ctx, listObjectsInput, func(objects *s3.ListObjectsV2Output, lastPage bool) bool {
+
+		var count int64
+		// KeyCount was introduced with version 2 of the GET Bucket operation in S3.
+		// Some S3 implementations don't support V2 now, so we fall back to manual
+		// calculation of the key count if required
+		if objects.KeyCount != nil {
+			count = *objects.KeyCount
+			*objectCount += *objects.KeyCount
+		} else {
+			count = int64(len(objects.Contents) + len(objects.CommonPrefixes))
+			*objectCount += count
+		}
+
+		walkInfos := make([]walkInfoContainer, 0, count)
+
+		for _, dir := range objects.CommonPrefixes {
+			commonPrefix := *dir.Prefix
+			walkInfos = append(walkInfos, walkInfoContainer{
+				prefix: dir.Prefix,
+				FileInfoFields: storagedriver.FileInfoFields{
+					IsDir: true,
+					Path:  strings.Replace(commonPrefix[:len(commonPrefix)-1], d.s3Path(""), prefix, 1),
+				},
+			})
+		}
+
+		for _, file := range objects.Contents {
+			walkInfos = append(walkInfos, walkInfoContainer{
+				FileInfoFields: storagedriver.FileInfoFields{
+					IsDir:   false,
+					Size:    *file.Size,
+					ModTime: *file.LastModified,
+					Path:    strings.Replace(*file.Key, d.s3Path(""), prefix, 1),
+				},
+			})
+		}
+
+		sort.SliceStable(walkInfos, func(i, j int) bool { return walkInfos[i].FileInfoFields.Path < walkInfos[j].FileInfoFields.Path })
+
+		for _, walkInfo := range walkInfos {
+			err := f(walkInfo)
+
+			if err == storagedriver.ErrSkipDir {
+				if walkInfo.IsDir() {
+					continue
+				} else {
+					break
+				}
+			} else if err != nil {
+				retError = err
+				return false
+			}
+
+			if walkInfo.IsDir() {
+				if err := d.doWalk(ctx, objectCount, *walkInfo.prefix, prefix, f); err != nil {
+					retError = err
+					return false
+				}
+			}
+		}
+		return true
+	})
+
+	if retError != nil {
+		return retError
+	}
+
+	if listObjectErr != nil {
+		return listObjectErr
+	}
+
+	return nil
+}
+
+func (d *driver) s3Path(path string) string {
+	return strings.TrimLeft(strings.TrimRight(d.RootDirectory, "/")+path, "/")
+}
+
+// S3BucketKey returns the s3 bucket key for the given storage driver path.
+func (d *Driver) S3BucketKey(path string) string {
+	return d.StorageDriver.(*driver).s3Path(path)
+}
+
+func parseError(path string, err error) error {
+	if s3Err, ok := err.(awserr.Error); ok && s3Err.Code() == "NoSuchKey" {
+		return storagedriver.PathNotFoundError{Path: path}
+	}
+
+	return err
+}
+
+func (d *driver) getEncryptionMode() *string {
+	if !d.Encrypt {
+		return nil
+	}
+	if d.KeyID == "" {
+		return aws.String("AES256")
+	}
+	return aws.String("aws:kms")
+}
+
+func (d *driver) getSSEKMSKeyID() *string {
+	if d.KeyID != "" {
+		return aws.String(d.KeyID)
+	}
+	return nil
+}
+
+func (d *driver) getContentType() *string {
+	return aws.String("application/octet-stream")
+}
+
+func (d *driver) getACL() *string {
+	return aws.String(d.ObjectACL)
+}
+
+func (d *driver) getStorageClass() *string {
+	if d.StorageClass == noStorageClass {
+		return nil
+	}
+	return aws.String(d.StorageClass)
+}
+
+// writer attempts to upload parts to S3 in a buffered fashion where the last
+// part is at least as large as the chunksize, so the multipart upload could be
+// cleanly resumed in the future. This is violated if Close is called after less
+// than a full chunk is written.
+type writer struct {
+	driver      *driver
+	key         string
+	uploadID    string
+	parts       []*s3.Part
+	size        int64
+	readyPart   []byte
+	pendingPart []byte
+	closed      bool
+	committed   bool
+	cancelled   bool
+}
+
+func (d *driver) newWriter(key, uploadID string, parts []*s3.Part) storagedriver.FileWriter {
+	var size int64
+	for _, part := range parts {
+		size += *part.Size
+	}
+	return &writer{
+		driver:   d,
+		key:      key,
+		uploadID: uploadID,
+		parts:    parts,
+		size:     size,
+	}
+}
+
+type completedParts []*s3.CompletedPart
+
+func (a completedParts) Len() int           { return len(a) }
+func (a completedParts) Swap(i, j int)      { a[i], a[j] = a[j], a[i] }
+func (a completedParts) Less(i, j int) bool { return *a[i].PartNumber < *a[j].PartNumber }
+
+func (w *writer) Write(p []byte) (int, error) {
+	if w.closed {
+		return 0, fmt.Errorf("already closed")
+	} else if w.committed {
+		return 0, fmt.Errorf("already committed")
+	} else if w.cancelled {
+		return 0, fmt.Errorf("already cancelled")
+	}
+
+	// If the last written part is smaller than minChunkSize, we need to make a
+	// new multipart upload :sadface:
+	if len(w.parts) > 0 && int(*w.parts[len(w.parts)-1].Size) < minChunkSize {
+		var completedUploadedParts completedParts
+		for _, part := range w.parts {
+			completedUploadedParts = append(completedUploadedParts, &s3.CompletedPart{
+				ETag:       part.ETag,
+				PartNumber: part.PartNumber,
+			})
+		}
+
+		sort.Sort(completedUploadedParts)
+
+		_, err := w.driver.S3.CompleteMultipartUpload(&s3.CompleteMultipartUploadInput{
+			Bucket:   aws.String(w.driver.Bucket),
+			Key:      aws.String(w.key),
+			UploadId: aws.String(w.uploadID),
+			MultipartUpload: &s3.CompletedMultipartUpload{
+				Parts: completedUploadedParts,
+			},
+		})
+		if err != nil {
+			w.driver.S3.AbortMultipartUpload(&s3.AbortMultipartUploadInput{
+				Bucket:   aws.String(w.driver.Bucket),
+				Key:      aws.String(w.key),
+				UploadId: aws.String(w.uploadID),
+			})
+			return 0, err
+		}
+
+		resp, err := w.driver.S3.CreateMultipartUpload(&s3.CreateMultipartUploadInput{
+			Bucket:               aws.String(w.driver.Bucket),
+			Key:                  aws.String(w.key),
+			ContentType:          w.driver.getContentType(),
+			ACL:                  w.driver.getACL(),
+			ServerSideEncryption: w.driver.getEncryptionMode(),
+			StorageClass:         w.driver.getStorageClass(),
+		})
+		if err != nil {
+			return 0, err
+		}
+		w.uploadID = *resp.UploadId
+
+		// If the entire written file is smaller than minChunkSize, we need to make
+		// a new part from scratch :double sad face:
+		if w.size < minChunkSize {
+			resp, err := w.driver.S3.GetObject(&s3.GetObjectInput{
+				Bucket: aws.String(w.driver.Bucket),
+				Key:    aws.String(w.key),
+			})
+			if err != nil {
+				return 0, err
+			}
+			defer resp.Body.Close()
+			w.parts = nil
+			w.readyPart, err = ioutil.ReadAll(resp.Body)
+			if err != nil {
+				return 0, err
+			}
+		} else {
+			// Otherwise we can use the old file as the new first part
+			copyPartResp, err := w.driver.S3.UploadPartCopy(&s3.UploadPartCopyInput{
+				Bucket:     aws.String(w.driver.Bucket),
+				CopySource: aws.String(w.driver.Bucket + "/" + w.key),
+				Key:        aws.String(w.key),
+				PartNumber: aws.Int64(1),
+				UploadId:   resp.UploadId,
+			})
+			if err != nil {
+				return 0, err
+			}
+			w.parts = []*s3.Part{
+				{
+					ETag:       copyPartResp.CopyPartResult.ETag,
+					PartNumber: aws.Int64(1),
+					Size:       aws.Int64(w.size),
+				},
+			}
+		}
+	}
+
+	var n int
+
+	for len(p) > 0 {
+		// If no parts are ready to write, fill up the first part
+		if neededBytes := int(w.driver.ChunkSize) - len(w.readyPart); neededBytes > 0 {
+			if len(p) >= neededBytes {
+				w.readyPart = append(w.readyPart, p[:neededBytes]...)
+				n += neededBytes
+				p = p[neededBytes:]
+			} else {
+				w.readyPart = append(w.readyPart, p...)
+				n += len(p)
+				p = nil
+			}
+		}
+
+		if neededBytes := int(w.driver.ChunkSize) - len(w.pendingPart); neededBytes > 0 {
+			if len(p) >= neededBytes {
+				w.pendingPart = append(w.pendingPart, p[:neededBytes]...)
+				n += neededBytes
+				p = p[neededBytes:]
+				err := w.flushPart()
+				if err != nil {
+					w.size += int64(n)
+					return n, err
+				}
+			} else {
+				w.pendingPart = append(w.pendingPart, p...)
+				n += len(p)
+				p = nil
+			}
+		}
+	}
+	w.size += int64(n)
+	return n, nil
+}
+
+func (w *writer) Size() int64 {
+	return w.size
+}
+
+func (w *writer) Close() error {
+	if w.closed {
+		return fmt.Errorf("already closed")
+	}
+	w.closed = true
+	return w.flushPart()
+}
+
+func (w *writer) Cancel() error {
+	if w.closed {
+		return fmt.Errorf("already closed")
+	} else if w.committed {
+		return fmt.Errorf("already committed")
+	}
+	w.cancelled = true
+	_, err := w.driver.S3.AbortMultipartUpload(&s3.AbortMultipartUploadInput{
+		Bucket:   aws.String(w.driver.Bucket),
+		Key:      aws.String(w.key),
+		UploadId: aws.String(w.uploadID),
+	})
+	return err
+}
+
+func (w *writer) Commit() error {
+	if w.closed {
+		return fmt.Errorf("already closed")
+	} else if w.committed {
+		return fmt.Errorf("already committed")
+	} else if w.cancelled {
+		return fmt.Errorf("already cancelled")
+	}
+	err := w.flushPart()
+	if err != nil {
+		return err
+	}
+	w.committed = true
+
+	var completedUploadedParts completedParts
+	for _, part := range w.parts {
+		completedUploadedParts = append(completedUploadedParts, &s3.CompletedPart{
+			ETag:       part.ETag,
+			PartNumber: part.PartNumber,
+		})
+	}
+
+	sort.Sort(completedUploadedParts)
+
+	_, err = w.driver.S3.CompleteMultipartUpload(&s3.CompleteMultipartUploadInput{
+		Bucket:   aws.String(w.driver.Bucket),
+		Key:      aws.String(w.key),
+		UploadId: aws.String(w.uploadID),
+		MultipartUpload: &s3.CompletedMultipartUpload{
+			Parts: completedUploadedParts,
+		},
+	})
+	if err != nil {
+		w.driver.S3.AbortMultipartUpload(&s3.AbortMultipartUploadInput{
+			Bucket:   aws.String(w.driver.Bucket),
+			Key:      aws.String(w.key),
+			UploadId: aws.String(w.uploadID),
+		})
+		return err
+	}
+	return nil
+}
+
+// flushPart flushes buffers to write a part to S3.
+// Only called by Write (with both buffers full) and Close/Commit (always)
+func (w *writer) flushPart() error {
+	if len(w.readyPart) == 0 && len(w.pendingPart) == 0 {
+		// nothing to write
+		return nil
+	}
+	if len(w.pendingPart) < int(w.driver.ChunkSize) {
+		// closing with a small pending part
+		// combine ready and pending to avoid writing a small part
+		w.readyPart = append(w.readyPart, w.pendingPart...)
+		w.pendingPart = nil
+	}
+
+	partNumber := aws.Int64(int64(len(w.parts) + 1))
+	resp, err := w.driver.S3.UploadPart(&s3.UploadPartInput{
+		Bucket:     aws.String(w.driver.Bucket),
+		Key:        aws.String(w.key),
+		PartNumber: partNumber,
+		UploadId:   aws.String(w.uploadID),
+		Body:       bytes.NewReader(w.readyPart),
+	})
+	if err != nil {
+		return err
+	}
+	w.parts = append(w.parts, &s3.Part{
+		ETag:       resp.ETag,
+		PartNumber: partNumber,
+		Size:       aws.Int64(int64(len(w.readyPart))),
+	})
+	w.readyPart = w.pendingPart
+	w.pendingPart = nil
+	return nil
+}
diff --git a/vendor/github.com/docker/distribution/registry/storage/driver/s3-aws/s3_v2_signer.go b/vendor/github.com/docker/distribution/registry/storage/driver/s3-aws/s3_v2_signer.go
new file mode 100644
index 000000000..9f1e621cf
--- /dev/null
+++ b/vendor/github.com/docker/distribution/registry/storage/driver/s3-aws/s3_v2_signer.go
@@ -0,0 +1,216 @@
+package s3
+
+// Source: https://github.com/pivotal-golang/s3cli
+
+// Copyright (c) 2013 Damien Le Berrigaud and Nick Wade
+
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files (the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions:
+
+// The above copyright notice and this permission notice shall be included in
+// all copies or substantial portions of the Software.
+
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+// THE SOFTWARE.
+
+import (
+	"crypto/hmac"
+	"crypto/sha1"
+	"encoding/base64"
+	"net/http"
+	"net/url"
+	"sort"
+	"strings"
+	"time"
+
+	"github.com/aws/aws-sdk-go/aws/corehandlers"
+	"github.com/aws/aws-sdk-go/aws/credentials"
+	"github.com/aws/aws-sdk-go/aws/request"
+	"github.com/aws/aws-sdk-go/service/s3"
+	log "github.com/sirupsen/logrus"
+)
+
+type signer struct {
+	// Values that must be populated from the request
+	Request      *http.Request
+	Time         time.Time
+	Credentials  *credentials.Credentials
+	Query        url.Values
+	stringToSign string
+	signature    string
+}
+
+var s3ParamsToSign = map[string]bool{
+	"acl":                          true,
+	"location":                     true,
+	"logging":                      true,
+	"notification":                 true,
+	"partNumber":                   true,
+	"policy":                       true,
+	"requestPayment":               true,
+	"torrent":                      true,
+	"uploadId":                     true,
+	"uploads":                      true,
+	"versionId":                    true,
+	"versioning":                   true,
+	"versions":                     true,
+	"response-content-type":        true,
+	"response-content-language":    true,
+	"response-expires":             true,
+	"response-cache-control":       true,
+	"response-content-disposition": true,
+	"response-content-encoding":    true,
+	"website":                      true,
+	"delete":                       true,
+}
+
+// setv2Handlers will setup v2 signature signing on the S3 driver
+func setv2Handlers(svc *s3.S3) {
+	svc.Handlers.Build.PushBack(func(r *request.Request) {
+		parsedURL, err := url.Parse(r.HTTPRequest.URL.String())
+		if err != nil {
+			log.Fatalf("Failed to parse URL: %v", err)
+		}
+		r.HTTPRequest.URL.Opaque = parsedURL.Path
+	})
+
+	svc.Handlers.Sign.Clear()
+	svc.Handlers.Sign.PushBack(Sign)
+	svc.Handlers.Sign.PushBackNamed(corehandlers.BuildContentLengthHandler)
+}
+
+// Sign requests with signature version 2.
+//
+// Will sign the requests with the service config's Credentials object
+// Signing is skipped if the credentials is the credentials.AnonymousCredentials
+// object.
+func Sign(req *request.Request) {
+	// If the request does not need to be signed ignore the signing of the
+	// request if the AnonymousCredentials object is used.
+	if req.Config.Credentials == credentials.AnonymousCredentials {
+		return
+	}
+
+	v2 := signer{
+		Request:     req.HTTPRequest,
+		Time:        req.Time,
+		Credentials: req.Config.Credentials,
+	}
+	v2.Sign()
+}
+
+func (v2 *signer) Sign() error {
+	credValue, err := v2.Credentials.Get()
+	if err != nil {
+		return err
+	}
+	accessKey := credValue.AccessKeyID
+	var (
+		md5, ctype, date, xamz string
+		xamzDate               bool
+		sarray                 []string
+		smap                   map[string]string
+		sharray                []string
+	)
+
+	headers := v2.Request.Header
+	params := v2.Request.URL.Query()
+	parsedURL, err := url.Parse(v2.Request.URL.String())
+	if err != nil {
+		return err
+	}
+	host, canonicalPath := parsedURL.Host, parsedURL.Path
+	v2.Request.Header["Host"] = []string{host}
+	v2.Request.Header["date"] = []string{v2.Time.In(time.UTC).Format(time.RFC1123)}
+	if credValue.SessionToken != "" {
+		v2.Request.Header["x-amz-security-token"] = []string{credValue.SessionToken}
+	}
+
+	smap = make(map[string]string)
+	for k, v := range headers {
+		k = strings.ToLower(k)
+		switch k {
+		case "content-md5":
+			md5 = v[0]
+		case "content-type":
+			ctype = v[0]
+		case "date":
+			if !xamzDate {
+				date = v[0]
+			}
+		default:
+			if strings.HasPrefix(k, "x-amz-") {
+				vall := strings.Join(v, ",")
+				smap[k] = k + ":" + vall
+				if k == "x-amz-date" {
+					xamzDate = true
+					date = ""
+				}
+				sharray = append(sharray, k)
+			}
+		}
+	}
+	if len(sharray) > 0 {
+		sort.StringSlice(sharray).Sort()
+		for _, h := range sharray {
+			sarray = append(sarray, smap[h])
+		}
+		xamz = strings.Join(sarray, "\n") + "\n"
+	}
+
+	expires := false
+	if v, ok := params["Expires"]; ok {
+		expires = true
+		date = v[0]
+		params["AWSAccessKeyId"] = []string{accessKey}
+	}
+
+	sarray = sarray[0:0]
+	for k, v := range params {
+		if s3ParamsToSign[k] {
+			for _, vi := range v {
+				if vi == "" {
+					sarray = append(sarray, k)
+				} else {
+					sarray = append(sarray, k+"="+vi)
+				}
+			}
+		}
+	}
+	if len(sarray) > 0 {
+		sort.StringSlice(sarray).Sort()
+		canonicalPath = canonicalPath + "?" + strings.Join(sarray, "&")
+	}
+
+	v2.stringToSign = strings.Join([]string{
+		v2.Request.Method,
+		md5,
+		ctype,
+		date,
+		xamz + canonicalPath,
+	}, "\n")
+	hash := hmac.New(sha1.New, []byte(credValue.SecretAccessKey))
+	hash.Write([]byte(v2.stringToSign))
+	v2.signature = base64.StdEncoding.EncodeToString(hash.Sum(nil))
+
+	if expires {
+		params["Signature"] = []string{v2.signature}
+	} else {
+		headers["Authorization"] = []string{"AWS " + accessKey + ":" + v2.signature}
+	}
+
+	log.WithFields(log.Fields{
+		"string-to-sign": v2.stringToSign,
+		"signature":      v2.signature,
+	}).Debugln("request signature")
+	return nil
+}
diff --git a/vendor/github.com/docker/distribution/registry/storage/driver/storagedriver.go b/vendor/github.com/docker/distribution/registry/storage/driver/storagedriver.go
new file mode 100644
index 000000000..b220713f2
--- /dev/null
+++ b/vendor/github.com/docker/distribution/registry/storage/driver/storagedriver.go
@@ -0,0 +1,171 @@
+package driver
+
+import (
+	"context"
+	"fmt"
+	"io"
+	"regexp"
+	"strconv"
+	"strings"
+)
+
+// Version is a string representing the storage driver version, of the form
+// Major.Minor.
+// The registry must accept storage drivers with equal major version and greater
+// minor version, but may not be compatible with older storage driver versions.
+type Version string
+
+// Major returns the major (primary) component of a version.
+func (version Version) Major() uint {
+	majorPart := strings.Split(string(version), ".")[0]
+	major, _ := strconv.ParseUint(majorPart, 10, 0)
+	return uint(major)
+}
+
+// Minor returns the minor (secondary) component of a version.
+func (version Version) Minor() uint {
+	minorPart := strings.Split(string(version), ".")[1]
+	minor, _ := strconv.ParseUint(minorPart, 10, 0)
+	return uint(minor)
+}
+
+// CurrentVersion is the current storage driver Version.
+const CurrentVersion Version = "0.1"
+
+// StorageDriver defines methods that a Storage Driver must implement for a
+// filesystem-like key/value object storage. Storage Drivers are automatically
+// registered via an internal registration mechanism, and generally created
+// via the StorageDriverFactory interface (https://godoc.org/github.com/docker/distribution/registry/storage/driver/factory).
+// Please see the aforementioned factory package for example code showing how to get an instance
+// of a StorageDriver
+type StorageDriver interface {
+	// Name returns the human-readable "name" of the driver, useful in error
+	// messages and logging. By convention, this will just be the registration
+	// name, but drivers may provide other information here.
+	Name() string
+
+	// GetContent retrieves the content stored at "path" as a []byte.
+	// This should primarily be used for small objects.
+	GetContent(ctx context.Context, path string) ([]byte, error)
+
+	// PutContent stores the []byte content at a location designated by "path".
+	// This should primarily be used for small objects.
+	PutContent(ctx context.Context, path string, content []byte) error
+
+	// Reader retrieves an io.ReadCloser for the content stored at "path"
+	// with a given byte offset.
+	// May be used to resume reading a stream by providing a nonzero offset.
+	Reader(ctx context.Context, path string, offset int64) (io.ReadCloser, error)
+
+	// Writer returns a FileWriter which will store the content written to it
+	// at the location designated by "path" after the call to Commit.
+	Writer(ctx context.Context, path string, append bool) (FileWriter, error)
+
+	// Stat retrieves the FileInfo for the given path, including the current
+	// size in bytes and the creation time.
+	Stat(ctx context.Context, path string) (FileInfo, error)
+
+	// List returns a list of the objects that are direct descendants of the
+	//given path.
+	List(ctx context.Context, path string) ([]string, error)
+
+	// Move moves an object stored at sourcePath to destPath, removing the
+	// original object.
+	// Note: This may be no more efficient than a copy followed by a delete for
+	// many implementations.
+	Move(ctx context.Context, sourcePath string, destPath string) error
+
+	// Delete recursively deletes all objects stored at "path" and its subpaths.
+	Delete(ctx context.Context, path string) error
+
+	// URLFor returns a URL which may be used to retrieve the content stored at
+	// the given path, possibly using the given options.
+	// May return an ErrUnsupportedMethod in certain StorageDriver
+	// implementations.
+	URLFor(ctx context.Context, path string, options map[string]interface{}) (string, error)
+
+	// Walk traverses a filesystem defined within driver, starting
+	// from the given path, calling f on each file.
+	// If the returned error from the WalkFn is ErrSkipDir and fileInfo refers
+	// to a directory, the directory will not be entered and Walk
+	// will continue the traversal.  If fileInfo refers to a normal file, processing stops
+	Walk(ctx context.Context, path string, f WalkFn) error
+}
+
+// FileWriter provides an abstraction for an opened writable file-like object in
+// the storage backend. The FileWriter must flush all content written to it on
+// the call to Close, but is only required to make its content readable on a
+// call to Commit.
+type FileWriter interface {
+	io.WriteCloser
+
+	// Size returns the number of bytes written to this FileWriter.
+	Size() int64
+
+	// Cancel removes any written content from this FileWriter.
+	Cancel() error
+
+	// Commit flushes all content written to this FileWriter and makes it
+	// available for future calls to StorageDriver.GetContent and
+	// StorageDriver.Reader.
+	Commit() error
+}
+
+// PathRegexp is the regular expression which each file path must match. A
+// file path is absolute, beginning with a slash and containing a positive
+// number of path components separated by slashes, where each component is
+// restricted to alphanumeric characters or a period, underscore, or
+// hyphen.
+var PathRegexp = regexp.MustCompile(`^(/[A-Za-z0-9._-]+)+$`)
+
+// ErrUnsupportedMethod may be returned in the case where a StorageDriver implementation does not support an optional method.
+type ErrUnsupportedMethod struct {
+	DriverName string
+}
+
+func (err ErrUnsupportedMethod) Error() string {
+	return fmt.Sprintf("%s: unsupported method", err.DriverName)
+}
+
+// PathNotFoundError is returned when operating on a nonexistent path.
+type PathNotFoundError struct {
+	Path       string
+	DriverName string
+}
+
+func (err PathNotFoundError) Error() string {
+	return fmt.Sprintf("%s: Path not found: %s", err.DriverName, err.Path)
+}
+
+// InvalidPathError is returned when the provided path is malformed.
+type InvalidPathError struct {
+	Path       string
+	DriverName string
+}
+
+func (err InvalidPathError) Error() string {
+	return fmt.Sprintf("%s: invalid path: %s", err.DriverName, err.Path)
+}
+
+// InvalidOffsetError is returned when attempting to read or write from an
+// invalid offset.
+type InvalidOffsetError struct {
+	Path       string
+	Offset     int64
+	DriverName string
+}
+
+func (err InvalidOffsetError) Error() string {
+	return fmt.Sprintf("%s: invalid offset: %d for path: %s", err.DriverName, err.Offset, err.Path)
+}
+
+// Error is a catch-all error type which captures an error string and
+// the driver type on which it occurred.
+type Error struct {
+	DriverName string
+	Enclosed   error
+}
+
+func (err Error) Error() string {
+	return fmt.Sprintf("%s: %s", err.DriverName, err.Enclosed)
+}
diff --git a/vendor/github.com/docker/distribution/registry/storage/driver/swift/swift.go b/vendor/github.com/docker/distribution/registry/storage/driver/swift/swift.go
new file mode 100644
index 000000000..adbe8aa99
--- /dev/null
+++ b/vendor/github.com/docker/distribution/registry/storage/driver/swift/swift.go
@@ -0,0 +1,934 @@
+// Package swift provides a storagedriver.StorageDriver implementation to
+// store blobs in Openstack Swift object storage.
+//
+// This package leverages the ncw/swift client library for interfacing with
+// Swift.
+//
+// It supports both TempAuth authentication and Keystone authentication
+// (up to version 3).
+//
+// As Swift has a limit on the size of a single uploaded object (by default
+// this is 5GB), the driver makes use of the Swift Large Object Support
+// (http://docs.openstack.org/developer/swift/overview_large_objects.html).
+// Only one container is used for both manifests and data objects. Manifests
+// are stored in the 'files' pseudo directory, data objects are stored under
+// 'segments'.
+package swift
+
+import (
+	"bufio"
+	"bytes"
+	"context"
+	"crypto/rand"
+	"crypto/sha1"
+	"crypto/tls"
+	"encoding/hex"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"net/http"
+	"net/url"
+	"strconv"
+	"strings"
+	"time"
+
+	"github.com/mitchellh/mapstructure"
+	"github.com/ncw/swift"
+
+	storagedriver "github.com/docker/distribution/registry/storage/driver"
+	"github.com/docker/distribution/registry/storage/driver/base"
+	"github.com/docker/distribution/registry/storage/driver/factory"
+	"github.com/docker/distribution/version"
+)
+
+const driverName = "swift"
+
+// defaultChunkSize defines the default size of a segment
+const defaultChunkSize = 20 * 1024 * 1024
+
+// minChunkSize defines the minimum size of a segment
+const minChunkSize = 1 << 20
+
+// contentType defines the Content-Type header associated with stored segments
+const contentType = "application/octet-stream"
+
+// readAfterWriteTimeout defines the time we wait before an object appears after having been uploaded
+var readAfterWriteTimeout = 15 * time.Second
+
+// readAfterWriteWait defines the time to sleep between two retries
+var readAfterWriteWait = 200 * time.Millisecond
+
+// Parameters A struct that encapsulates all of the driver parameters after all values have been set
+type Parameters struct {
+	Username            string
+	Password            string
+	AuthURL             string
+	Tenant              string
+	TenantID            string
+	Domain              string
+	DomainID            string
+	TenantDomain        string
+	TenantDomainID      string
+	TrustID             string
+	Region              string
+	AuthVersion         int
+	Container           string
+	Prefix              string
+	EndpointType        string
+	InsecureSkipVerify  bool
+	ChunkSize           int
+	SecretKey           string
+	AccessKey           string
+	TempURLContainerKey bool
+	TempURLMethods      []string
+}
+
+// swiftInfo maps the JSON structure returned by Swift /info endpoint
+type swiftInfo struct {
+	Swift struct {
+		Version string `mapstructure:"version"`
+	}
+	Tempurl struct {
+		Methods []string `mapstructure:"methods"`
+	}
+	BulkDelete struct {
+		MaxDeletesPerRequest int `mapstructure:"max_deletes_per_request"`
+	} `mapstructure:"bulk_delete"`
+}
+
+func init() {
+	factory.Register(driverName, &swiftDriverFactory{})
+}
+
+// swiftDriverFactory implements the factory.StorageDriverFactory interface
+type swiftDriverFactory struct{}
+
+func (factory *swiftDriverFactory) Create(parameters map[string]interface{}) (storagedriver.StorageDriver, error) {
+	return FromParameters(parameters)
+}
+
+type driver struct {
+	Conn                 *swift.Connection
+	Container            string
+	Prefix               string
+	BulkDeleteSupport    bool
+	BulkDeleteMaxDeletes int
+	ChunkSize            int
+	SecretKey            string
+	AccessKey            string
+	TempURLContainerKey  bool
+	TempURLMethods       []string
+}
+
+type baseEmbed struct {
+	base.Base
+}
+
+// Driver is a storagedriver.StorageDriver implementation backed by Openstack Swift
+// Objects are stored at absolute keys in the provided container.
+type Driver struct {
+	baseEmbed
+}
+
+// FromParameters constructs a new Driver with a given parameters map
+// Required parameters:
+// - username
+// - password
+// - authurl
+// - container
+func FromParameters(parameters map[string]interface{}) (*Driver, error) {
+	params := Parameters{
+		ChunkSize:          defaultChunkSize,
+		InsecureSkipVerify: false,
+	}
+
+	// Sanitize some entries before trying to decode parameters with mapstructure
+	// TenantID and Tenant when integers only and passed as ENV variables
+	// are considered as integer and not string. The parser fails in this
+	// case.
+	_, ok := parameters["tenant"]
+	if ok {
+		parameters["tenant"] = fmt.Sprint(parameters["tenant"])
+	}
+	_, ok = parameters["tenantid"]
+	if ok {
+		parameters["tenantid"] = fmt.Sprint(parameters["tenantid"])
+	}
+
+	if err := mapstructure.Decode(parameters, &params); err != nil {
+		return nil, err
+	}
+
+	if params.Username == "" {
+		return nil, fmt.Errorf("no username parameter provided")
+	}
+
+	if params.Password == "" {
+		return nil, fmt.Errorf("no password parameter provided")
+	}
+
+	if params.AuthURL == "" {
+		return nil, fmt.Errorf("no authurl parameter provided")
+	}
+
+	if params.Container == "" {
+		return nil, fmt.Errorf("no container parameter provided")
+	}
+
+	if params.ChunkSize < minChunkSize {
+		return nil, fmt.Errorf("the chunksize %#v parameter should be a number that is larger than or equal to %d", params.ChunkSize, minChunkSize)
+	}
+
+	return New(params)
+}
+
+// New constructs a new Driver with the given Openstack Swift credentials and container name
+func New(params Parameters) (*Driver, error) {
+	transport := &http.Transport{
+		Proxy:               http.ProxyFromEnvironment,
+		MaxIdleConnsPerHost: 2048,
+		TLSClientConfig:     &tls.Config{InsecureSkipVerify: params.InsecureSkipVerify},
+	}
+
+	ct := &swift.Connection{
+		UserName:       params.Username,
+		ApiKey:         params.Password,
+		AuthUrl:        params.AuthURL,
+		Region:         params.Region,
+		AuthVersion:    params.AuthVersion,
+		UserAgent:      "distribution/" + version.Version,
+		Tenant:         params.Tenant,
+		TenantId:       params.TenantID,
+		Domain:         params.Domain,
+		DomainId:       params.DomainID,
+		TenantDomain:   params.TenantDomain,
+		TenantDomainId: params.TenantDomainID,
+		TrustId:        params.TrustID,
+		EndpointType:   swift.EndpointType(params.EndpointType),
+		Transport:      transport,
+		ConnectTimeout: 60 * time.Second,
+		Timeout:        15 * 60 * time.Second,
+	}
+	err := ct.Authenticate()
+	if err != nil {
+		return nil, fmt.Errorf("swift authentication failed: %s", err)
+	}
+
+	if _, _, err := ct.Container(params.Container); err == swift.ContainerNotFound {
+		if err := ct.ContainerCreate(params.Container, nil); err != nil {
+			return nil, fmt.Errorf("failed to create container %s (%s)", params.Container, err)
+		}
+	} else if err != nil {
+		return nil, fmt.Errorf("failed to retrieve info about container %s (%s)", params.Container, err)
+	}
+
+	d := &driver{
+		Conn:           ct,
+		Container:      params.Container,
+		Prefix:         params.Prefix,
+		ChunkSize:      params.ChunkSize,
+		TempURLMethods: make([]string, 0),
+		AccessKey:      params.AccessKey,
+	}
+
+	info := swiftInfo{}
+	if config, err := d.Conn.QueryInfo(); err == nil {
+		_, d.BulkDeleteSupport = config["bulk_delete"]
+
+		if err := mapstructure.Decode(config, &info); err == nil {
+			d.TempURLContainerKey = info.Swift.Version >= "2.3.0"
+			d.TempURLMethods = info.Tempurl.Methods
+			if d.BulkDeleteSupport {
+				d.BulkDeleteMaxDeletes = info.BulkDelete.MaxDeletesPerRequest
+			}
+		}
+	} else {
+		d.TempURLContainerKey = params.TempURLContainerKey
+		d.TempURLMethods = params.TempURLMethods
+	}
+
+	if len(d.TempURLMethods) > 0 {
+		secretKey := params.SecretKey
+		if secretKey == "" {
+			secretKey, _ = generateSecret()
+		}
+
+		// Since Swift 2.2.2, we can now set secret keys on containers
+		// in addition to the account secret keys. Use them in preference.
+		if d.TempURLContainerKey {
+			_, containerHeaders, err := d.Conn.Container(d.Container)
+			if err != nil {
+				return nil, fmt.Errorf("failed to fetch container info %s (%s)", d.Container, err)
+			}
+
+			d.SecretKey = containerHeaders["X-Container-Meta-Temp-Url-Key"]
+			if d.SecretKey == "" || (params.SecretKey != "" && d.SecretKey != params.SecretKey) {
+				m := swift.Metadata{}
+				m["temp-url-key"] = secretKey
+				if d.Conn.ContainerUpdate(d.Container, m.ContainerHeaders()); err == nil {
+					d.SecretKey = secretKey
+				}
+			}
+		} else {
+			// Use the account secret key
+			_, accountHeaders, err := d.Conn.Account()
+			if err != nil {
+				return nil, fmt.Errorf("failed to fetch account info (%s)", err)
+			}
+
+			d.SecretKey = accountHeaders["X-Account-Meta-Temp-Url-Key"]
+			if d.SecretKey == "" || (params.SecretKey != "" && d.SecretKey != params.SecretKey) {
+				m := swift.Metadata{}
+				m["temp-url-key"] = secretKey
+				if err := d.Conn.AccountUpdate(m.AccountHeaders()); err == nil {
+					d.SecretKey = secretKey
+				}
+			}
+		}
+	}
+
+	return &Driver{
+		baseEmbed: baseEmbed{
+			Base: base.Base{
+				StorageDriver: d,
+			},
+		},
+	}, nil
+}
+
+// Implement the storagedriver.StorageDriver interface
+
+func (d *driver) Name() string {
+	return driverName
+}
+
+// GetContent retrieves the content stored at "path" as a []byte.
+func (d *driver) GetContent(ctx context.Context, path string) ([]byte, error) {
+	content, err := d.Conn.ObjectGetBytes(d.Container, d.swiftPath(path))
+	if err == swift.ObjectNotFound {
+		return nil, storagedriver.PathNotFoundError{Path: path}
+	}
+	return content, err
+}
+
+// PutContent stores the []byte content at a location designated by "path".
+func (d *driver) PutContent(ctx context.Context, path string, contents []byte) error {
+	err := d.Conn.ObjectPutBytes(d.Container, d.swiftPath(path), contents, contentType)
+	if err == swift.ObjectNotFound {
+		return storagedriver.PathNotFoundError{Path: path}
+	}
+	return err
+}
+
+// Reader retrieves an io.ReadCloser for the content stored at "path" with a
+// given byte offset.
+func (d *driver) Reader(ctx context.Context, path string, offset int64) (io.ReadCloser, error) {
+	headers := make(swift.Headers)
+	headers["Range"] = "bytes=" + strconv.FormatInt(offset, 10) + "-"
+
+	waitingTime := readAfterWriteWait
+	endTime := time.Now().Add(readAfterWriteTimeout)
+
+	for {
+		file, headers, err := d.Conn.ObjectOpen(d.Container, d.swiftPath(path), false, headers)
+		if err != nil {
+			if err == swift.ObjectNotFound {
+				return nil, storagedriver.PathNotFoundError{Path: path}
+			}
+			if swiftErr, ok := err.(*swift.Error); ok && swiftErr.StatusCode == http.StatusRequestedRangeNotSatisfiable {
+				return ioutil.NopCloser(bytes.NewReader(nil)), nil
+			}
+			return file, err
+		}
+
+		//if this is a DLO and it is clear that segments are still missing,
+		//wait until they show up
+		_, isDLO := headers["X-Object-Manifest"]
+		size, err := file.Length()
+		if err != nil {
+			return file, err
+		}
+		if isDLO && size == 0 {
+			if time.Now().Add(waitingTime).After(endTime) {
+				return nil, fmt.Errorf("timeout expired while waiting for segments of %s to show up", path)
+			}
+			time.Sleep(waitingTime)
+			waitingTime *= 2
+			continue
+		}
+
+		//if not, then this reader will be fine
+		return file, nil
+	}
+}
+
+// Writer returns a FileWriter which will store the content written to it
+// at the location designated by "path" after the call to Commit.
+func (d *driver) Writer(ctx context.Context, path string, append bool) (storagedriver.FileWriter, error) {
+	var (
+		segments     []swift.Object
+		segmentsPath string
+		err          error
+	)
+
+	if !append {
+		segmentsPath, err = d.swiftSegmentPath(path)
+		if err != nil {
+			return nil, err
+		}
+	} else {
+		info, headers, err := d.Conn.Object(d.Container, d.swiftPath(path))
+		if err == swift.ObjectNotFound {
+			return nil, storagedriver.PathNotFoundError{Path: path}
+		} else if err != nil {
+			return nil, err
+		}
+		manifest, ok := headers["X-Object-Manifest"]
+		if !ok {
+			segmentsPath, err = d.swiftSegmentPath(path)
+			if err != nil {
+				return nil, err
+			}
+			if err := d.Conn.ObjectMove(d.Container, d.swiftPath(path), d.Container, getSegmentPath(segmentsPath, len(segments))); err != nil {
+				return nil, err
+			}
+			segments = []swift.Object{info}
+		} else {
+			_, segmentsPath = parseManifest(manifest)
+			if segments, err = d.getAllSegments(segmentsPath); err != nil {
+				return nil, err
+			}
+		}
+	}
+
+	return d.newWriter(path, segmentsPath, segments), nil
+}
+
+// Stat retrieves the FileInfo for the given path, including the current size
+// in bytes and the creation time.
+func (d *driver) Stat(ctx context.Context, path string) (storagedriver.FileInfo, error) {
+	swiftPath := d.swiftPath(path)
+	opts := &swift.ObjectsOpts{
+		Prefix:    swiftPath,
+		Delimiter: '/',
+	}
+
+	objects, err := d.Conn.ObjectsAll(d.Container, opts)
+	if err != nil {
+		if err == swift.ContainerNotFound {
+			return nil, storagedriver.PathNotFoundError{Path: path}
+		}
+		return nil, err
+	}
+
+	fi := storagedriver.FileInfoFields{
+		Path: strings.TrimPrefix(strings.TrimSuffix(swiftPath, "/"), d.swiftPath("/")),
+	}
+
+	for _, obj := range objects {
+		if obj.PseudoDirectory && obj.Name == swiftPath+"/" {
+			fi.IsDir = true
+			return storagedriver.FileInfoInternal{FileInfoFields: fi}, nil
+		} else if obj.Name == swiftPath {
+			// The file exists. But on Swift 1.12, the 'bytes' field is always 0 so
+			// we need to do a separate HEAD request.
+			break
+		}
+	}
+
+	//Don't trust an empty `objects` slice. A container listing can be
+	//outdated. For files, we can make a HEAD request on the object which
+	//reports existence (at least) much more reliably.
+	waitingTime := readAfterWriteWait
+	endTime := time.Now().Add(readAfterWriteTimeout)
+
+	for {
+		info, headers, err := d.Conn.Object(d.Container, swiftPath)
+		if err != nil {
+			if err == swift.ObjectNotFound {
+				return nil, storagedriver.PathNotFoundError{Path: path}
+			}
+			return nil, err
+		}
+
+		//if this is a DLO and it is clear that segments are still missing,
+		//wait until they show up
+		_, isDLO := headers["X-Object-Manifest"]
+		if isDLO && info.Bytes == 0 {
+			if time.Now().Add(waitingTime).After(endTime) {
+				return nil, fmt.Errorf("timeout expired while waiting for segments of %s to show up", path)
+			}
+			time.Sleep(waitingTime)
+			waitingTime *= 2
+			continue
+		}
+
+		//otherwise, accept the result
+		fi.IsDir = false
+		fi.Size = info.Bytes
+		fi.ModTime = info.LastModified
+		return storagedriver.FileInfoInternal{FileInfoFields: fi}, nil
+	}
+}
+
+// List returns a list of the objects that are direct descendants of the given path.
+func (d *driver) List(ctx context.Context, path string) ([]string, error) {
+	var files []string
+
+	prefix := d.swiftPath(path)
+	if prefix != "" {
+		prefix += "/"
+	}
+
+	opts := &swift.ObjectsOpts{
+		Prefix:    prefix,
+		Delimiter: '/',
+	}
+
+	objects, err := d.Conn.ObjectsAll(d.Container, opts)
+	for _, obj := range objects {
+		files = append(files, strings.TrimPrefix(strings.TrimSuffix(obj.Name, "/"), d.swiftPath("/")))
+	}
+
+	if err == swift.ContainerNotFound || (len(objects) == 0 && path != "/") {
+		return files, storagedriver.PathNotFoundError{Path: path}
+	}
+	return files, err
+}
+
+// Move moves an object stored at sourcePath to destPath, removing the original
+// object.
+func (d *driver) Move(ctx context.Context, sourcePath string, destPath string) error {
+	_, headers, err := d.Conn.Object(d.Container, d.swiftPath(sourcePath))
+	if err == nil {
+		if manifest, ok := headers["X-Object-Manifest"]; ok {
+			if err = d.createManifest(destPath, manifest); err != nil {
+				return err
+			}
+			err = d.Conn.ObjectDelete(d.Container, d.swiftPath(sourcePath))
+		} else {
+			err = d.Conn.ObjectMove(d.Container, d.swiftPath(sourcePath), d.Container, d.swiftPath(destPath))
+		}
+	}
+	if err == swift.ObjectNotFound {
+		return storagedriver.PathNotFoundError{Path: sourcePath}
+	}
+	return err
+}
+
+// Delete recursively deletes all objects stored at "path" and its subpaths.
+func (d *driver) Delete(ctx context.Context, path string) error {
+	opts := swift.ObjectsOpts{
+		Prefix: d.swiftPath(path) + "/",
+	}
+
+	objects, err := d.Conn.ObjectsAll(d.Container, &opts)
+	if err != nil {
+		if err == swift.ContainerNotFound {
+			return storagedriver.PathNotFoundError{Path: path}
+		}
+		return err
+	}
+
+	for _, obj := range objects {
+		if obj.PseudoDirectory {
+			continue
+		}
+		if _, headers, err := d.Conn.Object(d.Container, obj.Name); err == nil {
+			manifest, ok := headers["X-Object-Manifest"]
+			if ok {
+				_, prefix := parseManifest(manifest)
+				segments, err := d.getAllSegments(prefix)
+				if err != nil {
+					return err
+				}
+				objects = append(objects, segments...)
+			}
+		} else {
+			if err == swift.ObjectNotFound {
+				return storagedriver.PathNotFoundError{Path: obj.Name}
+			}
+			return err
+		}
+	}
+
+	if d.BulkDeleteSupport && len(objects) > 0 && d.BulkDeleteMaxDeletes > 0 {
+		filenames := make([]string, len(objects))
+		for i, obj := range objects {
+			filenames[i] = obj.Name
+		}
+
+		chunks, err := chunkFilenames(filenames, d.BulkDeleteMaxDeletes)
+		if err != nil {
+			return err
+		}
+		for _, chunk := range chunks {
+			_, err := d.Conn.BulkDelete(d.Container, chunk)
+			// Don't fail on ObjectNotFound because eventual consistency
+			// makes this situation normal.
+			if err != nil && err != swift.Forbidden && err != swift.ObjectNotFound {
+				if err == swift.ContainerNotFound {
+					return storagedriver.PathNotFoundError{Path: path}
+				}
+				return err
+			}
+		}
+	} else {
+		for _, obj := range objects {
+			if err := d.Conn.ObjectDelete(d.Container, obj.Name); err != nil {
+				if err == swift.ObjectNotFound {
+					return storagedriver.PathNotFoundError{Path: obj.Name}
+				}
+				return err
+			}
+		}
+	}
+
+	_, _, err = d.Conn.Object(d.Container, d.swiftPath(path))
+	if err == nil {
+		if err := d.Conn.ObjectDelete(d.Container, d.swiftPath(path)); err != nil {
+			if err == swift.ObjectNotFound {
+				return storagedriver.PathNotFoundError{Path: path}
+			}
+			return err
+		}
+	} else if err == swift.ObjectNotFound {
+		if len(objects) == 0 {
+			return storagedriver.PathNotFoundError{Path: path}
+		}
+	} else {
+		return err
+	}
+	return nil
+}
+
+// URLFor returns a URL which may be used to retrieve the content stored at the given path.
+func (d *driver) URLFor(ctx context.Context, path string, options map[string]interface{}) (string, error) {
+	if d.SecretKey == "" {
+		return "", storagedriver.ErrUnsupportedMethod{}
+	}
+
+	methodString := "GET"
+	method, ok := options["method"]
+	if ok {
+		if methodString, ok = method.(string); !ok {
+			return "", storagedriver.ErrUnsupportedMethod{}
+		}
+	}
+
+	if methodString == "HEAD" {
+		// A "HEAD" request on a temporary URL is allowed if the
+		// signature was generated with "GET", "POST" or "PUT"
+		methodString = "GET"
+	}
+
+	supported := false
+	for _, method := range d.TempURLMethods {
+		if method == methodString {
+			supported = true
+			break
+		}
+	}
+
+	if !supported {
+		return "", storagedriver.ErrUnsupportedMethod{}
+	}
+
+	expiresTime := time.Now().Add(20 * time.Minute)
+	expires, ok := options["expiry"]
+	if ok {
+		et, ok := expires.(time.Time)
+		if ok {
+			expiresTime = et
+		}
+	}
+
+	tempURL := d.Conn.ObjectTempUrl(d.Container, d.swiftPath(path), d.SecretKey, methodString, expiresTime)
+
+	if d.AccessKey != "" {
+		// On HP Cloud, the signature must be in the form of tenant_id:access_key:signature
+		url, _ := url.Parse(tempURL)
+		query := url.Query()
+		query.Set("temp_url_sig", fmt.Sprintf("%s:%s:%s", d.Conn.TenantId, d.AccessKey, query.Get("temp_url_sig")))
+		url.RawQuery = query.Encode()
+		tempURL = url.String()
+	}
+
+	return tempURL, nil
+}
+
+// Walk traverses a filesystem defined within driver, starting
+// from the given path, calling f on each file
+func (d *driver) Walk(ctx context.Context, path string, f storagedriver.WalkFn) error {
+	return storagedriver.WalkFallback(ctx, d, path, f)
+}
+
+func (d *driver) swiftPath(path string) string {
+	return strings.TrimLeft(strings.TrimRight(d.Prefix+"/files"+path, "/"), "/")
+}
+
+func (d *driver) swiftSegmentPath(path string) (string, error) {
+	checksum := sha1.New()
+	random := make([]byte, 32)
+	if _, err := rand.Read(random); err != nil {
+		return "", err
+	}
+	path = hex.EncodeToString(checksum.Sum(append([]byte(path), random...)))
+	return strings.TrimLeft(strings.TrimRight(d.Prefix+"/segments/"+path[0:3]+"/"+path[3:], "/"), "/"), nil
+}
+
+func (d *driver) getAllSegments(path string) ([]swift.Object, error) {
+	//a simple container listing works 99.9% of the time
+	segments, err := d.Conn.ObjectsAll(d.Container, &swift.ObjectsOpts{Prefix: path})
+	if err != nil {
+		if err == swift.ContainerNotFound {
+			return nil, storagedriver.PathNotFoundError{Path: path}
+		}
+		return nil, err
+	}
+
+	//build a lookup table by object name
+	hasObjectName := make(map[string]struct{})
+	for _, segment := range segments {
+		hasObjectName[segment.Name] = struct{}{}
+	}
+
+	//The container listing might be outdated (i.e. not contain all existing
+	//segment objects yet) because of temporary inconsistency (Swift is only
+	//eventually consistent!). Check its completeness.
+	segmentNumber := 0
+	for {
+		segmentNumber++
+		segmentPath := getSegmentPath(path, segmentNumber)
+
+		if _, seen := hasObjectName[segmentPath]; seen {
+			continue
+		}
+
+		//This segment is missing in the container listing. Use a more reliable
+		//request to check its existence. (HEAD requests on segments are
+		//guaranteed to return the correct metadata, except for the pathological
+		//case of an outage of large parts of the Swift cluster or its network,
+		//since every segment is only written once.)
+		segment, _, err := d.Conn.Object(d.Container, segmentPath)
+		switch err {
+		case nil:
+			//found new segment -> keep going, more might be missing
+			segments = append(segments, segment)
+			continue
+		case swift.ObjectNotFound:
+			//This segment is missing. Since we upload segments sequentially,
+			//there won't be any more segments after it.
+			return segments, nil
+		default:
+			return nil, err //unexpected error
+		}
+	}
+}
+
+func (d *driver) createManifest(path string, segments string) error {
+	headers := make(swift.Headers)
+	headers["X-Object-Manifest"] = segments
+	manifest, err := d.Conn.ObjectCreate(d.Container, d.swiftPath(path), false, "", contentType, headers)
+	if err != nil {
+		if err == swift.ObjectNotFound {
+			return storagedriver.PathNotFoundError{Path: path}
+		}
+		return err
+	}
+	if err := manifest.Close(); err != nil {
+		if err == swift.ObjectNotFound {
+			return storagedriver.PathNotFoundError{Path: path}
+		}
+		return err
+	}
+	return nil
+}
+
+func chunkFilenames(slice []string, maxSize int) (chunks [][]string, err error) {
+	if maxSize > 0 {
+		for offset := 0; offset < len(slice); offset += maxSize {
+			chunkSize := maxSize
+			if offset+chunkSize > len(slice) {
+				chunkSize = len(slice) - offset
+			}
+			chunks = append(chunks, slice[offset:offset+chunkSize])
+		}
+	} else {
+		return nil, fmt.Errorf("max chunk size must be > 0")
+	}
+	return
+}
+
+func parseManifest(manifest string) (container string, prefix string) {
+	components := strings.SplitN(manifest, "/", 2)
+	container = components[0]
+	if len(components) > 1 {
+		prefix = components[1]
+	}
+	return container, prefix
+}
+
+func generateSecret() (string, error) {
+	var secretBytes [32]byte
+	if _, err := rand.Read(secretBytes[:]); err != nil {
+		return "", fmt.Errorf("could not generate random bytes for Swift secret key: %v", err)
+	}
+	return hex.EncodeToString(secretBytes[:]), nil
+}
+
+func getSegmentPath(segmentsPath string, partNumber int) string {
+	return fmt.Sprintf("%s/%016d", segmentsPath, partNumber)
+}
+
+type writer struct {
+	driver       *driver
+	path         string
+	segmentsPath string
+	size         int64
+	bw           *bufio.Writer
+	closed       bool
+	committed    bool
+	cancelled    bool
+}
+
+func (d *driver) newWriter(path, segmentsPath string, segments []swift.Object) storagedriver.FileWriter {
+	var size int64
+	for _, segment := range segments {
+		size += segment.Bytes
+	}
+	return &writer{
+		driver:       d,
+		path:         path,
+		segmentsPath: segmentsPath,
+		size:         size,
+		bw: bufio.NewWriterSize(&segmentWriter{
+			conn:          d.Conn,
+			container:     d.Container,
+			segmentsPath:  segmentsPath,
+			segmentNumber: len(segments) + 1,
+			maxChunkSize:  d.ChunkSize,
+		}, d.ChunkSize),
+	}
+}
+
+func (w *writer) Write(p []byte) (int, error) {
+	if w.closed {
+		return 0, fmt.Errorf("already closed")
+	} else if w.committed {
+		return 0, fmt.Errorf("already committed")
+	} else if w.cancelled {
+		return 0, fmt.Errorf("already cancelled")
+	}
+
+	n, err := w.bw.Write(p)
+	w.size += int64(n)
+	return n, err
+}
+
+func (w *writer) Size() int64 {
+	return w.size
+}
+
+func (w *writer) Close() error {
+	if w.closed {
+		return fmt.Errorf("already closed")
+	}
+
+	if err := w.bw.Flush(); err != nil {
+		return err
+	}
+
+	if !w.committed && !w.cancelled {
+		if err := w.driver.createManifest(w.path, w.driver.Container+"/"+w.segmentsPath); err != nil {
+			return err
+		}
+		if err := w.waitForSegmentsToShowUp(); err != nil {
+			return err
+		}
+	}
+	w.closed = true
+
+	return nil
+}
+
+func (w *writer) Cancel() error {
+	if w.closed {
+		return fmt.Errorf("already closed")
+	} else if w.committed {
+		return fmt.Errorf("already committed")
+	}
+	w.cancelled = true
+	return w.driver.Delete(context.Background(), w.path)
+}
+
+func (w *writer) Commit() error {
+	if w.closed {
+		return fmt.Errorf("already closed")
+	} else if w.committed {
+		return fmt.Errorf("already committed")
+	} else if w.cancelled {
+		return fmt.Errorf("already cancelled")
+	}
+
+	if err := w.bw.Flush(); err != nil {
+		return err
+	}
+
+	if err := w.driver.createManifest(w.path, w.driver.Container+"/"+w.segmentsPath); err != nil {
+		return err
+	}
+
+	w.committed = true
+	return w.waitForSegmentsToShowUp()
+}
+
+func (w *writer) waitForSegmentsToShowUp() error {
+	var err error
+	waitingTime := readAfterWriteWait
+	endTime := time.Now().Add(readAfterWriteTimeout)
+
+	for {
+		var info swift.Object
+		if info, _, err = w.driver.Conn.Object(w.driver.Container, w.driver.swiftPath(w.path)); err == nil {
+			if info.Bytes == w.size {
+				break
+			}
+			err = fmt.Errorf("timeout expired while waiting for segments of %s to show up", w.path)
+		}
+		if time.Now().Add(waitingTime).After(endTime) {
+			break
+		}
+		time.Sleep(waitingTime)
+		waitingTime *= 2
+	}
+
+	return err
+}
+
+type segmentWriter struct {
+	conn          *swift.Connection
+	container     string
+	segmentsPath  string
+	segmentNumber int
+	maxChunkSize  int
+}
+
+func (sw *segmentWriter) Write(p []byte) (int, error) {
+	n := 0
+	for offset := 0; offset < len(p); offset += sw.maxChunkSize {
+		chunkSize := sw.maxChunkSize
+		if offset+chunkSize > len(p) {
+			chunkSize = len(p) - offset
+		}
+		_, err := sw.conn.ObjectPut(sw.container, getSegmentPath(sw.segmentsPath, sw.segmentNumber), bytes.NewReader(p[offset:offset+chunkSize]), false, "", contentType, nil)
+		if err != nil {
+			return n, err
+		}
+
+		sw.segmentNumber++
+		n += chunkSize
+	}
+
+	return n, nil
+}
diff --git a/vendor/github.com/docker/distribution/registry/storage/driver/testdriver/testdriver.go b/vendor/github.com/docker/distribution/registry/storage/driver/testdriver/testdriver.go
new file mode 100644
index 000000000..91254627b
--- /dev/null
+++ b/vendor/github.com/docker/distribution/registry/storage/driver/testdriver/testdriver.go
@@ -0,0 +1,72 @@
+package testdriver
+
+import (
+	"context"
+
+	storagedriver "github.com/docker/distribution/registry/storage/driver"
+	"github.com/docker/distribution/registry/storage/driver/factory"
+	"github.com/docker/distribution/registry/storage/driver/inmemory"
+)
+
+const driverName = "testdriver"
+
+func init() {
+	factory.Register(driverName, &testDriverFactory{})
+}
+
+// testDriverFactory implements the factory.StorageDriverFactory interface.
+type testDriverFactory struct{}
+
+func (factory *testDriverFactory) Create(parameters map[string]interface{}) (storagedriver.StorageDriver, error) {
+	return New(), nil
+}
+
+// TestDriver is a StorageDriver for testing purposes. The Writer returned by this driver
+// simulates the case where Write operations are buffered. This causes the value returned by Size to lag
+// behind until Close (or Commit, or Cancel) is called.
+type TestDriver struct {
+	storagedriver.StorageDriver
+}
+
+type testFileWriter struct {
+	storagedriver.FileWriter
+	prevchunk []byte
+}
+
+var _ storagedriver.StorageDriver = &TestDriver{}
+
+// New constructs a new StorageDriver for testing purposes. The Writer returned by this driver
+// simulates the case where Write operations are buffered. This causes the value returned by Size to lag
+// behind until Close (or Commit, or Cancel) is called.
+func New() *TestDriver {
+	return &TestDriver{StorageDriver: inmemory.New()}
+}
+
+// Writer returns a FileWriter which will store the content written to it
+// at the location designated by "path" after the call to Commit.
+func (td *TestDriver) Writer(ctx context.Context, path string, append bool) (storagedriver.FileWriter, error) {
+	fw, err := td.StorageDriver.Writer(ctx, path, append)
+	return &testFileWriter{FileWriter: fw}, err
+}
+
+func (tfw *testFileWriter) Write(p []byte) (int, error) {
+	_, err := tfw.FileWriter.Write(tfw.prevchunk)
+	tfw.prevchunk = make([]byte, len(p))
+	copy(tfw.prevchunk, p)
+	return len(p), err
+}
+
+func (tfw *testFileWriter) Close() error {
+	tfw.Write(nil)
+	return tfw.FileWriter.Close()
+}
+
+func (tfw *testFileWriter) Cancel() error {
+	tfw.Write(nil)
+	return tfw.FileWriter.Cancel()
+}
+
+func (tfw *testFileWriter) Commit() error {
+	tfw.Write(nil)
+	return tfw.FileWriter.Commit()
+}
diff --git a/vendor/github.com/docker/distribution/registry/storage/driver/testsuites/testsuites.go b/vendor/github.com/docker/distribution/registry/storage/driver/testsuites/testsuites.go
new file mode 100644
index 000000000..5e37c5f3c
--- /dev/null
+++ b/vendor/github.com/docker/distribution/registry/storage/driver/testsuites/testsuites.go
@@ -0,0 +1,1272 @@
+package testsuites
+
+import (
+	"bytes"
+	"context"
+	"crypto/sha1"
+	"io"
+	"io/ioutil"
+	"math/rand"
+	"net/http"
+	"os"
+	"path"
+	"sort"
+	"strings"
+	"sync"
+	"testing"
+	"time"
+
+	storagedriver "github.com/docker/distribution/registry/storage/driver"
+	"gopkg.in/check.v1"
+)
+
+// Test hooks up gocheck into the "go test" runner.
+func Test(t *testing.T) { check.TestingT(t) }
+
+// RegisterSuite registers an in-process storage driver test suite with
+// the go test runner.
+func RegisterSuite(driverConstructor DriverConstructor, skipCheck SkipCheck) {
+	check.Suite(&DriverSuite{
+		Constructor: driverConstructor,
+		SkipCheck:   skipCheck,
+		ctx:         context.Background(),
+	})
+}
+
+// SkipCheck is a function used to determine if a test suite should be skipped.
+// If a SkipCheck returns a non-empty skip reason, the suite is skipped with
+// the given reason.
+type SkipCheck func() (reason string)
+
+// NeverSkip is a default SkipCheck which never skips the suite.
+var NeverSkip SkipCheck = func() string { return "" }
+
+// DriverConstructor is a function which returns a new
+// storagedriver.StorageDriver.
+type DriverConstructor func() (storagedriver.StorageDriver, error)
+
+// DriverTeardown is a function which cleans up a suite's
+// storagedriver.StorageDriver.
+type DriverTeardown func() error
+
+// DriverSuite is a gocheck test suite designed to test a
+// storagedriver.StorageDriver. The intended way to create a DriverSuite is
+// with RegisterSuite.
+type DriverSuite struct {
+	Constructor DriverConstructor
+	Teardown    DriverTeardown
+	SkipCheck
+	storagedriver.StorageDriver
+	ctx context.Context
+}
+
+// SetUpSuite sets up the gocheck test suite.
+func (suite *DriverSuite) SetUpSuite(c *check.C) {
+	if reason := suite.SkipCheck(); reason != "" {
+		c.Skip(reason)
+	}
+	d, err := suite.Constructor()
+	c.Assert(err, check.IsNil)
+	suite.StorageDriver = d
+}
+
+// TearDownSuite tears down the gocheck test suite.
+func (suite *DriverSuite) TearDownSuite(c *check.C) {
+	if suite.Teardown != nil {
+		err := suite.Teardown()
+		c.Assert(err, check.IsNil)
+	}
+}
+
+// TearDownTest tears down the gocheck test.
+// This causes the suite to abort if any files are left around in the storage
+// driver.
+func (suite *DriverSuite) TearDownTest(c *check.C) {
+	files, _ := suite.StorageDriver.List(suite.ctx, "/")
+	if len(files) > 0 {
+		c.Fatalf("Storage driver did not clean up properly. Offending files: %#v", files)
+	}
+}
+
+// TestRootExists ensures that all storage drivers have a root path by default.
+func (suite *DriverSuite) TestRootExists(c *check.C) {
+	_, err := suite.StorageDriver.List(suite.ctx, "/")
+	if err != nil {
+		c.Fatalf(`the root path "/" should always exist: %v`, err)
+	}
+}
+
+// TestValidPaths checks that various valid file paths are accepted by the
+// storage driver.
+func (suite *DriverSuite) TestValidPaths(c *check.C) {
+	contents := randomContents(64)
+	validFiles := []string{
+		"/a",
+		"/2",
+		"/aa",
+		"/a.a",
+		"/0-9/abcdefg",
+		"/abcdefg/z.75",
+		"/abc/1.2.3.4.5-6_zyx/123.z/4",
+		"/docker/docker-registry",
+		"/123.abc",
+		"/abc./abc",
+		"/.abc",
+		"/a--b",
+		"/a-.b",
+		"/_.abc",
+		"/Docker/docker-registry",
+		"/Abc/Cba"}
+
+	for _, filename := range validFiles {
+		err := suite.StorageDriver.PutContent(suite.ctx, filename, contents)
+		defer suite.deletePath(c, firstPart(filename))
+		c.Assert(err, check.IsNil)
+
+		received, err := suite.StorageDriver.GetContent(suite.ctx, filename)
+		c.Assert(err, check.IsNil)
+		c.Assert(received, check.DeepEquals, contents)
+	}
+}
+
+func (suite *DriverSuite) deletePath(c *check.C, path string) {
+	for tries := 2; tries > 0; tries-- {
+		err := suite.StorageDriver.Delete(suite.ctx, path)
+		if _, ok := err.(storagedriver.PathNotFoundError); ok {
+			err = nil
+		}
+		c.Assert(err, check.IsNil)
+		paths, _ := suite.StorageDriver.List(suite.ctx, path)
+		if len(paths) == 0 {
+			break
+		}
+		time.Sleep(time.Second * 2)
+	}
+}
+
+// TestInvalidPaths checks that various invalid file paths are rejected by the
+// storage driver.
+func (suite *DriverSuite) TestInvalidPaths(c *check.C) {
+	contents := randomContents(64)
+	invalidFiles := []string{
+		"",
+		"/",
+		"abc",
+		"123.abc",
+		"//bcd",
+		"/abc_123/"}
+
+	for _, filename := range invalidFiles {
+		err := suite.StorageDriver.PutContent(suite.ctx, filename, contents)
+		// only delete if file was successfully written
+		if err == nil {
+			defer suite.deletePath(c, firstPart(filename))
+		}
+		c.Assert(err, check.NotNil)
+		c.Assert(err, check.FitsTypeOf, storagedriver.InvalidPathError{})
+		c.Assert(strings.Contains(err.Error(), suite.Name()), check.Equals, true)
+
+		_, err = suite.StorageDriver.GetContent(suite.ctx, filename)
+		c.Assert(err, check.NotNil)
+		c.Assert(err, check.FitsTypeOf, storagedriver.InvalidPathError{})
+		c.Assert(strings.Contains(err.Error(), suite.Name()), check.Equals, true)
+	}
+}
+
+// TestWriteRead1 tests a simple write-read workflow.
+func (suite *DriverSuite) TestWriteRead1(c *check.C) {
+	filename := randomPath(32)
+	contents := []byte("a")
+	suite.writeReadCompare(c, filename, contents)
+}
+
+// TestWriteRead2 tests a simple write-read workflow with unicode data.
+func (suite *DriverSuite) TestWriteRead2(c *check.C) {
+	filename := randomPath(32)
+	contents := []byte("\xc3\x9f")
+	suite.writeReadCompare(c, filename, contents)
+}
+
+// TestWriteRead3 tests a simple write-read workflow with a small string.
+func (suite *DriverSuite) TestWriteRead3(c *check.C) {
+	filename := randomPath(32)
+	contents := randomContents(32)
+	suite.writeReadCompare(c, filename, contents)
+}
+
+// TestWriteRead4 tests a simple write-read workflow with 1MB of data.
+func (suite *DriverSuite) TestWriteRead4(c *check.C) {
+	filename := randomPath(32)
+	contents := randomContents(1024 * 1024)
+	suite.writeReadCompare(c, filename, contents)
+}
+
+// TestWriteReadNonUTF8 tests that non-utf8 data may be written to the storage
+// driver safely.
+func (suite *DriverSuite) TestWriteReadNonUTF8(c *check.C) {
+	filename := randomPath(32)
+	contents := []byte{0x80, 0x80, 0x80, 0x80}
+	suite.writeReadCompare(c, filename, contents)
+}
+
+// TestTruncate tests that putting smaller contents than an original file does
+// remove the excess contents.
+func (suite *DriverSuite) TestTruncate(c *check.C) {
+	filename := randomPath(32)
+	contents := randomContents(1024 * 1024)
+	suite.writeReadCompare(c, filename, contents)
+
+	contents = randomContents(1024)
+	suite.writeReadCompare(c, filename, contents)
+}
+
+// TestReadNonexistent tests reading content from an empty path.
+func (suite *DriverSuite) TestReadNonexistent(c *check.C) {
+	filename := randomPath(32)
+	_, err := suite.StorageDriver.GetContent(suite.ctx, filename)
+	c.Assert(err, check.NotNil)
+	c.Assert(err, check.FitsTypeOf, storagedriver.PathNotFoundError{})
+	c.Assert(strings.Contains(err.Error(), suite.Name()), check.Equals, true)
+}
+
+// TestWriteReadStreams1 tests a simple write-read streaming workflow.
+func (suite *DriverSuite) TestWriteReadStreams1(c *check.C) {
+	filename := randomPath(32)
+	contents := []byte("a")
+	suite.writeReadCompareStreams(c, filename, contents)
+}
+
+// TestWriteReadStreams2 tests a simple write-read streaming workflow with
+// unicode data.
+func (suite *DriverSuite) TestWriteReadStreams2(c *check.C) {
+	filename := randomPath(32)
+	contents := []byte("\xc3\x9f")
+	suite.writeReadCompareStreams(c, filename, contents)
+}
+
+// TestWriteReadStreams3 tests a simple write-read streaming workflow with a
+// small amount of data.
+func (suite *DriverSuite) TestWriteReadStreams3(c *check.C) {
+	filename := randomPath(32)
+	contents := randomContents(32)
+	suite.writeReadCompareStreams(c, filename, contents)
+}
+
+// TestWriteReadStreams4 tests a simple write-read streaming workflow with 1MB
+// of data.
+func (suite *DriverSuite) TestWriteReadStreams4(c *check.C) {
+	filename := randomPath(32)
+	contents := randomContents(1024 * 1024)
+	suite.writeReadCompareStreams(c, filename, contents)
+}
+
+// TestWriteReadStreamsNonUTF8 tests that non-utf8 data may be written to the
+// storage driver safely.
+func (suite *DriverSuite) TestWriteReadStreamsNonUTF8(c *check.C) {
+	filename := randomPath(32)
+	contents := []byte{0x80, 0x80, 0x80, 0x80}
+	suite.writeReadCompareStreams(c, filename, contents)
+}
+
+// TestWriteReadLargeStreams tests that a 5GB file may be written to the storage
+// driver safely.
+func (suite *DriverSuite) TestWriteReadLargeStreams(c *check.C) {
+	if testing.Short() {
+		c.Skip("Skipping test in short mode")
+	}
+
+	filename := randomPath(32)
+	defer suite.deletePath(c, firstPart(filename))
+
+	checksum := sha1.New()
+	var fileSize int64 = 5 * 1024 * 1024 * 1024
+
+	contents := newRandReader(fileSize)
+
+	writer, err := suite.StorageDriver.Writer(suite.ctx, filename, false)
+	c.Assert(err, check.IsNil)
+	written, err := io.Copy(writer, io.TeeReader(contents, checksum))
+	c.Assert(err, check.IsNil)
+	c.Assert(written, check.Equals, fileSize)
+
+	err = writer.Commit()
+	c.Assert(err, check.IsNil)
+	err = writer.Close()
+	c.Assert(err, check.IsNil)
+
+	reader, err := suite.StorageDriver.Reader(suite.ctx, filename, 0)
+	c.Assert(err, check.IsNil)
+	defer reader.Close()
+
+	writtenChecksum := sha1.New()
+	io.Copy(writtenChecksum, reader)
+
+	c.Assert(writtenChecksum.Sum(nil), check.DeepEquals, checksum.Sum(nil))
+}
+
+// TestReaderWithOffset tests that the appropriate data is streamed when
+// reading with a given offset.
+func (suite *DriverSuite) TestReaderWithOffset(c *check.C) {
+	filename := randomPath(32)
+	defer suite.deletePath(c, firstPart(filename))
+
+	chunkSize := int64(32)
+
+	contentsChunk1 := randomContents(chunkSize)
+	contentsChunk2 := randomContents(chunkSize)
+	contentsChunk3 := randomContents(chunkSize)
+
+	err := suite.StorageDriver.PutContent(suite.ctx, filename, append(append(contentsChunk1, contentsChunk2...), contentsChunk3...))
+	c.Assert(err, check.IsNil)
+
+	reader, err := suite.StorageDriver.Reader(suite.ctx, filename, 0)
+	c.Assert(err, check.IsNil)
+	defer reader.Close()
+
+	readContents, err := ioutil.ReadAll(reader)
+	c.Assert(err, check.IsNil)
+
+	c.Assert(readContents, check.DeepEquals, append(append(contentsChunk1, contentsChunk2...), contentsChunk3...))
+
+	reader, err = suite.StorageDriver.Reader(suite.ctx, filename, chunkSize)
+	c.Assert(err, check.IsNil)
+	defer reader.Close()
+
+	readContents, err = ioutil.ReadAll(reader)
+	c.Assert(err, check.IsNil)
+
+	c.Assert(readContents, check.DeepEquals, append(contentsChunk2, contentsChunk3...))
+
+	reader, err = suite.StorageDriver.Reader(suite.ctx, filename, chunkSize*2)
+	c.Assert(err, check.IsNil)
+	defer reader.Close()
+
+	readContents, err = ioutil.ReadAll(reader)
+	c.Assert(err, check.IsNil)
+	c.Assert(readContents, check.DeepEquals, contentsChunk3)
+
+	// Ensure we get invalid offest for negative offsets.
+	reader, err = suite.StorageDriver.Reader(suite.ctx, filename, -1)
+	c.Assert(err, check.FitsTypeOf, storagedriver.InvalidOffsetError{})
+	c.Assert(err.(storagedriver.InvalidOffsetError).Offset, check.Equals, int64(-1))
+	c.Assert(err.(storagedriver.InvalidOffsetError).Path, check.Equals, filename)
+	c.Assert(reader, check.IsNil)
+	c.Assert(strings.Contains(err.Error(), suite.Name()), check.Equals, true)
+
+	// Read past the end of the content and make sure we get a reader that
+	// returns 0 bytes and io.EOF
+	reader, err = suite.StorageDriver.Reader(suite.ctx, filename, chunkSize*3)
+	c.Assert(err, check.IsNil)
+	defer reader.Close()
+
+	buf := make([]byte, chunkSize)
+	n, err := reader.Read(buf)
+	c.Assert(err, check.Equals, io.EOF)
+	c.Assert(n, check.Equals, 0)
+
+	// Check the N-1 boundary condition, ensuring we get 1 byte then io.EOF.
+	reader, err = suite.StorageDriver.Reader(suite.ctx, filename, chunkSize*3-1)
+	c.Assert(err, check.IsNil)
+	defer reader.Close()
+
+	n, err = reader.Read(buf)
+	c.Assert(n, check.Equals, 1)
+
+	// We don't care whether the io.EOF comes on the this read or the first
+	// zero read, but the only error acceptable here is io.EOF.
+	if err != nil {
+		c.Assert(err, check.Equals, io.EOF)
+	}
+
+	// Any more reads should result in zero bytes and io.EOF
+	n, err = reader.Read(buf)
+	c.Assert(n, check.Equals, 0)
+	c.Assert(err, check.Equals, io.EOF)
+}
+
+// TestContinueStreamAppendLarge tests that a stream write can be appended to without
+// corrupting the data with a large chunk size.
+func (suite *DriverSuite) TestContinueStreamAppendLarge(c *check.C) {
+	suite.testContinueStreamAppend(c, int64(10*1024*1024))
+}
+
+// TestContinueStreamAppendSmall is the same as TestContinueStreamAppendLarge, but only
+// with a tiny chunk size in order to test corner cases for some cloud storage drivers.
+func (suite *DriverSuite) TestContinueStreamAppendSmall(c *check.C) {
+	suite.testContinueStreamAppend(c, int64(32))
+}
+
+func (suite *DriverSuite) testContinueStreamAppend(c *check.C, chunkSize int64) {
+	filename := randomPath(32)
+	defer suite.deletePath(c, firstPart(filename))
+
+	contentsChunk1 := randomContents(chunkSize)
+	contentsChunk2 := randomContents(chunkSize)
+	contentsChunk3 := randomContents(chunkSize)
+
+	fullContents := append(append(contentsChunk1, contentsChunk2...), contentsChunk3...)
+
+	writer, err := suite.StorageDriver.Writer(suite.ctx, filename, false)
+	c.Assert(err, check.IsNil)
+	nn, err := io.Copy(writer, bytes.NewReader(contentsChunk1))
+	c.Assert(err, check.IsNil)
+	c.Assert(nn, check.Equals, int64(len(contentsChunk1)))
+
+	err = writer.Close()
+	c.Assert(err, check.IsNil)
+
+	curSize := writer.Size()
+	c.Assert(curSize, check.Equals, int64(len(contentsChunk1)))
+
+	writer, err = suite.StorageDriver.Writer(suite.ctx, filename, true)
+	c.Assert(err, check.IsNil)
+	c.Assert(writer.Size(), check.Equals, curSize)
+
+	nn, err = io.Copy(writer, bytes.NewReader(contentsChunk2))
+	c.Assert(err, check.IsNil)
+	c.Assert(nn, check.Equals, int64(len(contentsChunk2)))
+
+	err = writer.Close()
+	c.Assert(err, check.IsNil)
+
+	curSize = writer.Size()
+	c.Assert(curSize, check.Equals, 2*chunkSize)
+
+	writer, err = suite.StorageDriver.Writer(suite.ctx, filename, true)
+	c.Assert(err, check.IsNil)
+	c.Assert(writer.Size(), check.Equals, curSize)
+
+	nn, err = io.Copy(writer, bytes.NewReader(fullContents[curSize:]))
+	c.Assert(err, check.IsNil)
+	c.Assert(nn, check.Equals, int64(len(fullContents[curSize:])))
+
+	err = writer.Commit()
+	c.Assert(err, check.IsNil)
+	err = writer.Close()
+	c.Assert(err, check.IsNil)
+
+	received, err := suite.StorageDriver.GetContent(suite.ctx, filename)
+	c.Assert(err, check.IsNil)
+	c.Assert(received, check.DeepEquals, fullContents)
+}
+
+// TestReadNonexistentStream tests that reading a stream for a nonexistent path
+// fails.
+func (suite *DriverSuite) TestReadNonexistentStream(c *check.C) {
+	filename := randomPath(32)
+
+	_, err := suite.StorageDriver.Reader(suite.ctx, filename, 0)
+	c.Assert(err, check.NotNil)
+	c.Assert(err, check.FitsTypeOf, storagedriver.PathNotFoundError{})
+	c.Assert(strings.Contains(err.Error(), suite.Name()), check.Equals, true)
+
+	_, err = suite.StorageDriver.Reader(suite.ctx, filename, 64)
+	c.Assert(err, check.NotNil)
+	c.Assert(err, check.FitsTypeOf, storagedriver.PathNotFoundError{})
+	c.Assert(strings.Contains(err.Error(), suite.Name()), check.Equals, true)
+}
+
+// TestList checks the returned list of keys after populating a directory tree.
+func (suite *DriverSuite) TestList(c *check.C) {
+	rootDirectory := "/" + randomFilename(int64(8+rand.Intn(8)))
+	defer suite.deletePath(c, rootDirectory)
+
+	doesnotexist := path.Join(rootDirectory, "nonexistent")
+	_, err := suite.StorageDriver.List(suite.ctx, doesnotexist)
+	c.Assert(err, check.Equals, storagedriver.PathNotFoundError{
+		Path:       doesnotexist,
+		DriverName: suite.StorageDriver.Name(),
+	})
+
+	parentDirectory := rootDirectory + "/" + randomFilename(int64(8+rand.Intn(8)))
+	childFiles := make([]string, 50)
+	for i := 0; i < len(childFiles); i++ {
+		childFile := parentDirectory + "/" + randomFilename(int64(8+rand.Intn(8)))
+		childFiles[i] = childFile
+		err := suite.StorageDriver.PutContent(suite.ctx, childFile, randomContents(32))
+		c.Assert(err, check.IsNil)
+	}
+	sort.Strings(childFiles)
+
+	keys, err := suite.StorageDriver.List(suite.ctx, "/")
+	c.Assert(err, check.IsNil)
+	c.Assert(keys, check.DeepEquals, []string{rootDirectory})
+
+	keys, err = suite.StorageDriver.List(suite.ctx, rootDirectory)
+	c.Assert(err, check.IsNil)
+	c.Assert(keys, check.DeepEquals, []string{parentDirectory})
+
+	keys, err = suite.StorageDriver.List(suite.ctx, parentDirectory)
+	c.Assert(err, check.IsNil)
+
+	sort.Strings(keys)
+	c.Assert(keys, check.DeepEquals, childFiles)
+
+	// A few checks to add here (check out #819 for more discussion on this):
+	// 1. Ensure that all paths are absolute.
+	// 2. Ensure that listings only include direct children.
+	// 3. Ensure that we only respond to directory listings that end with a slash (maybe?).
+}
+
+// TestMove checks that a moved object no longer exists at the source path and
+// does exist at the destination.
+func (suite *DriverSuite) TestMove(c *check.C) {
+	contents := randomContents(32)
+	sourcePath := randomPath(32)
+	destPath := randomPath(32)
+
+	defer suite.deletePath(c, firstPart(sourcePath))
+	defer suite.deletePath(c, firstPart(destPath))
+
+	err := suite.StorageDriver.PutContent(suite.ctx, sourcePath, contents)
+	c.Assert(err, check.IsNil)
+
+	err = suite.StorageDriver.Move(suite.ctx, sourcePath, destPath)
+	c.Assert(err, check.IsNil)
+
+	received, err := suite.StorageDriver.GetContent(suite.ctx, destPath)
+	c.Assert(err, check.IsNil)
+	c.Assert(received, check.DeepEquals, contents)
+
+	_, err = suite.StorageDriver.GetContent(suite.ctx, sourcePath)
+	c.Assert(err, check.NotNil)
+	c.Assert(err, check.FitsTypeOf, storagedriver.PathNotFoundError{})
+	c.Assert(strings.Contains(err.Error(), suite.Name()), check.Equals, true)
+}
+
+// TestMoveOverwrite checks that a moved object no longer exists at the source
+// path and overwrites the contents at the destination.
+func (suite *DriverSuite) TestMoveOverwrite(c *check.C) {
+	sourcePath := randomPath(32)
+	destPath := randomPath(32)
+	sourceContents := randomContents(32)
+	destContents := randomContents(64)
+
+	defer suite.deletePath(c, firstPart(sourcePath))
+	defer suite.deletePath(c, firstPart(destPath))
+
+	err := suite.StorageDriver.PutContent(suite.ctx, sourcePath, sourceContents)
+	c.Assert(err, check.IsNil)
+
+	err = suite.StorageDriver.PutContent(suite.ctx, destPath, destContents)
+	c.Assert(err, check.IsNil)
+
+	err = suite.StorageDriver.Move(suite.ctx, sourcePath, destPath)
+	c.Assert(err, check.IsNil)
+
+	received, err := suite.StorageDriver.GetContent(suite.ctx, destPath)
+	c.Assert(err, check.IsNil)
+	c.Assert(received, check.DeepEquals, sourceContents)
+
+	_, err = suite.StorageDriver.GetContent(suite.ctx, sourcePath)
+	c.Assert(err, check.NotNil)
+	c.Assert(err, check.FitsTypeOf, storagedriver.PathNotFoundError{})
+	c.Assert(strings.Contains(err.Error(), suite.Name()), check.Equals, true)
+}
+
+// TestMoveNonexistent checks that moving a nonexistent key fails and does not
+// delete the data at the destination path.
+func (suite *DriverSuite) TestMoveNonexistent(c *check.C) {
+	contents := randomContents(32)
+	sourcePath := randomPath(32)
+	destPath := randomPath(32)
+
+	defer suite.deletePath(c, firstPart(destPath))
+
+	err := suite.StorageDriver.PutContent(suite.ctx, destPath, contents)
+	c.Assert(err, check.IsNil)
+
+	err = suite.StorageDriver.Move(suite.ctx, sourcePath, destPath)
+	c.Assert(err, check.NotNil)
+	c.Assert(err, check.FitsTypeOf, storagedriver.PathNotFoundError{})
+	c.Assert(strings.Contains(err.Error(), suite.Name()), check.Equals, true)
+
+	received, err := suite.StorageDriver.GetContent(suite.ctx, destPath)
+	c.Assert(err, check.IsNil)
+	c.Assert(received, check.DeepEquals, contents)
+}
+
+// TestMoveInvalid provides various checks for invalid moves.
+func (suite *DriverSuite) TestMoveInvalid(c *check.C) {
+	contents := randomContents(32)
+
+	// Create a regular file.
+	err := suite.StorageDriver.PutContent(suite.ctx, "/notadir", contents)
+	c.Assert(err, check.IsNil)
+	defer suite.deletePath(c, "/notadir")
+
+	// Now try to move a non-existent file under it.
+	err = suite.StorageDriver.Move(suite.ctx, "/notadir/foo", "/notadir/bar")
+	c.Assert(err, check.NotNil) // non-nil error
+}
+
+// TestDelete checks that the delete operation removes data from the storage
+// driver
+func (suite *DriverSuite) TestDelete(c *check.C) {
+	filename := randomPath(32)
+	contents := randomContents(32)
+
+	defer suite.deletePath(c, firstPart(filename))
+
+	err := suite.StorageDriver.PutContent(suite.ctx, filename, contents)
+	c.Assert(err, check.IsNil)
+
+	err = suite.StorageDriver.Delete(suite.ctx, filename)
+	c.Assert(err, check.IsNil)
+
+	_, err = suite.StorageDriver.GetContent(suite.ctx, filename)
+	c.Assert(err, check.NotNil)
+	c.Assert(err, check.FitsTypeOf, storagedriver.PathNotFoundError{})
+	c.Assert(strings.Contains(err.Error(), suite.Name()), check.Equals, true)
+}
+
+// TestURLFor checks that the URLFor method functions properly, but only if it
+// is implemented
+func (suite *DriverSuite) TestURLFor(c *check.C) {
+	filename := randomPath(32)
+	contents := randomContents(32)
+
+	defer suite.deletePath(c, firstPart(filename))
+
+	err := suite.StorageDriver.PutContent(suite.ctx, filename, contents)
+	c.Assert(err, check.IsNil)
+
+	url, err := suite.StorageDriver.URLFor(suite.ctx, filename, nil)
+	if _, ok := err.(storagedriver.ErrUnsupportedMethod); ok {
+		return
+	}
+	c.Assert(err, check.IsNil)
+
+	response, err := http.Get(url)
+	c.Assert(err, check.IsNil)
+	defer response.Body.Close()
+
+	read, err := ioutil.ReadAll(response.Body)
+	c.Assert(err, check.IsNil)
+	c.Assert(read, check.DeepEquals, contents)
+
+	url, err = suite.StorageDriver.URLFor(suite.ctx, filename, map[string]interface{}{"method": "HEAD"})
+	if _, ok := err.(storagedriver.ErrUnsupportedMethod); ok {
+		return
+	}
+	c.Assert(err, check.IsNil)
+
+	response, _ = http.Head(url)
+	c.Assert(response.StatusCode, check.Equals, 200)
+	c.Assert(response.ContentLength, check.Equals, int64(32))
+}
+
+// TestDeleteNonexistent checks that removing a nonexistent key fails.
+func (suite *DriverSuite) TestDeleteNonexistent(c *check.C) {
+	filename := randomPath(32)
+	err := suite.StorageDriver.Delete(suite.ctx, filename)
+	c.Assert(err, check.NotNil)
+	c.Assert(err, check.FitsTypeOf, storagedriver.PathNotFoundError{})
+	c.Assert(strings.Contains(err.Error(), suite.Name()), check.Equals, true)
+}
+
+// TestDeleteFolder checks that deleting a folder removes all child elements.
+func (suite *DriverSuite) TestDeleteFolder(c *check.C) {
+	dirname := randomPath(32)
+	filename1 := randomPath(32)
+	filename2 := randomPath(32)
+	filename3 := randomPath(32)
+	contents := randomContents(32)
+
+	defer suite.deletePath(c, firstPart(dirname))
+
+	err := suite.StorageDriver.PutContent(suite.ctx, path.Join(dirname, filename1), contents)
+	c.Assert(err, check.IsNil)
+
+	err = suite.StorageDriver.PutContent(suite.ctx, path.Join(dirname, filename2), contents)
+	c.Assert(err, check.IsNil)
+
+	err = suite.StorageDriver.PutContent(suite.ctx, path.Join(dirname, filename3), contents)
+	c.Assert(err, check.IsNil)
+
+	err = suite.StorageDriver.Delete(suite.ctx, path.Join(dirname, filename1))
+	c.Assert(err, check.IsNil)
+
+	_, err = suite.StorageDriver.GetContent(suite.ctx, path.Join(dirname, filename1))
+	c.Assert(err, check.NotNil)
+	c.Assert(err, check.FitsTypeOf, storagedriver.PathNotFoundError{})
+	c.Assert(strings.Contains(err.Error(), suite.Name()), check.Equals, true)
+
+	_, err = suite.StorageDriver.GetContent(suite.ctx, path.Join(dirname, filename2))
+	c.Assert(err, check.IsNil)
+
+	_, err = suite.StorageDriver.GetContent(suite.ctx, path.Join(dirname, filename3))
+	c.Assert(err, check.IsNil)
+
+	err = suite.StorageDriver.Delete(suite.ctx, dirname)
+	c.Assert(err, check.IsNil)
+
+	_, err = suite.StorageDriver.GetContent(suite.ctx, path.Join(dirname, filename1))
+	c.Assert(err, check.NotNil)
+	c.Assert(err, check.FitsTypeOf, storagedriver.PathNotFoundError{})
+	c.Assert(strings.Contains(err.Error(), suite.Name()), check.Equals, true)
+
+	_, err = suite.StorageDriver.GetContent(suite.ctx, path.Join(dirname, filename2))
+	c.Assert(err, check.NotNil)
+	c.Assert(err, check.FitsTypeOf, storagedriver.PathNotFoundError{})
+	c.Assert(strings.Contains(err.Error(), suite.Name()), check.Equals, true)
+
+	_, err = suite.StorageDriver.GetContent(suite.ctx, path.Join(dirname, filename3))
+	c.Assert(err, check.NotNil)
+	c.Assert(err, check.FitsTypeOf, storagedriver.PathNotFoundError{})
+	c.Assert(strings.Contains(err.Error(), suite.Name()), check.Equals, true)
+}
+
+// TestDeleteOnlyDeletesSubpaths checks that deleting path A does not
+// delete path B when A is a prefix of B but B is not a subpath of A (so that
+// deleting "/a" does not delete "/ab").  This matters for services like S3 that
+// do not implement directories.
+func (suite *DriverSuite) TestDeleteOnlyDeletesSubpaths(c *check.C) {
+	dirname := randomPath(32)
+	filename := randomPath(32)
+	contents := randomContents(32)
+
+	defer suite.deletePath(c, firstPart(dirname))
+
+	err := suite.StorageDriver.PutContent(suite.ctx, path.Join(dirname, filename), contents)
+	c.Assert(err, check.IsNil)
+
+	err = suite.StorageDriver.PutContent(suite.ctx, path.Join(dirname, filename+"suffix"), contents)
+	c.Assert(err, check.IsNil)
+
+	err = suite.StorageDriver.PutContent(suite.ctx, path.Join(dirname, dirname, filename), contents)
+	c.Assert(err, check.IsNil)
+
+	err = suite.StorageDriver.PutContent(suite.ctx, path.Join(dirname, dirname+"suffix", filename), contents)
+	c.Assert(err, check.IsNil)
+
+	err = suite.StorageDriver.Delete(suite.ctx, path.Join(dirname, filename))
+	c.Assert(err, check.IsNil)
+
+	_, err = suite.StorageDriver.GetContent(suite.ctx, path.Join(dirname, filename))
+	c.Assert(err, check.NotNil)
+	c.Assert(err, check.FitsTypeOf, storagedriver.PathNotFoundError{})
+	c.Assert(strings.Contains(err.Error(), suite.Name()), check.Equals, true)
+
+	_, err = suite.StorageDriver.GetContent(suite.ctx, path.Join(dirname, filename+"suffix"))
+	c.Assert(err, check.IsNil)
+
+	err = suite.StorageDriver.Delete(suite.ctx, path.Join(dirname, dirname))
+	c.Assert(err, check.IsNil)
+
+	_, err = suite.StorageDriver.GetContent(suite.ctx, path.Join(dirname, dirname, filename))
+	c.Assert(err, check.NotNil)
+	c.Assert(err, check.FitsTypeOf, storagedriver.PathNotFoundError{})
+	c.Assert(strings.Contains(err.Error(), suite.Name()), check.Equals, true)
+
+	_, err = suite.StorageDriver.GetContent(suite.ctx, path.Join(dirname, dirname+"suffix", filename))
+	c.Assert(err, check.IsNil)
+}
+
+// TestStatCall runs verifies the implementation of the storagedriver's Stat call.
+func (suite *DriverSuite) TestStatCall(c *check.C) {
+	content := randomContents(4096)
+	dirPath := randomPath(32)
+	fileName := randomFilename(32)
+	filePath := path.Join(dirPath, fileName)
+
+	defer suite.deletePath(c, firstPart(dirPath))
+
+	// Call on non-existent file/dir, check error.
+	fi, err := suite.StorageDriver.Stat(suite.ctx, dirPath)
+	c.Assert(err, check.NotNil)
+	c.Assert(err, check.FitsTypeOf, storagedriver.PathNotFoundError{})
+	c.Assert(strings.Contains(err.Error(), suite.Name()), check.Equals, true)
+	c.Assert(fi, check.IsNil)
+
+	fi, err = suite.StorageDriver.Stat(suite.ctx, filePath)
+	c.Assert(err, check.NotNil)
+	c.Assert(err, check.FitsTypeOf, storagedriver.PathNotFoundError{})
+	c.Assert(strings.Contains(err.Error(), suite.Name()), check.Equals, true)
+	c.Assert(fi, check.IsNil)
+
+	err = suite.StorageDriver.PutContent(suite.ctx, filePath, content)
+	c.Assert(err, check.IsNil)
+
+	// Call on regular file, check results
+	fi, err = suite.StorageDriver.Stat(suite.ctx, filePath)
+	c.Assert(err, check.IsNil)
+	c.Assert(fi, check.NotNil)
+	c.Assert(fi.Path(), check.Equals, filePath)
+	c.Assert(fi.Size(), check.Equals, int64(len(content)))
+	c.Assert(fi.IsDir(), check.Equals, false)
+	createdTime := fi.ModTime()
+
+	// Sleep and modify the file
+	time.Sleep(time.Second * 10)
+	content = randomContents(4096)
+	err = suite.StorageDriver.PutContent(suite.ctx, filePath, content)
+	c.Assert(err, check.IsNil)
+	fi, err = suite.StorageDriver.Stat(suite.ctx, filePath)
+	c.Assert(err, check.IsNil)
+	c.Assert(fi, check.NotNil)
+	time.Sleep(time.Second * 5) // allow changes to propagate (eventual consistency)
+
+	// Check if the modification time is after the creation time.
+	// In case of cloud storage services, storage frontend nodes might have
+	// time drift between them, however that should be solved with sleeping
+	// before update.
+	modTime := fi.ModTime()
+	if !modTime.After(createdTime) {
+		c.Errorf("modtime (%s) is before the creation time (%s)", modTime, createdTime)
+	}
+
+	// Call on directory (do not check ModTime as dirs don't need to support it)
+	fi, err = suite.StorageDriver.Stat(suite.ctx, dirPath)
+	c.Assert(err, check.IsNil)
+	c.Assert(fi, check.NotNil)
+	c.Assert(fi.Path(), check.Equals, dirPath)
+	c.Assert(fi.Size(), check.Equals, int64(0))
+	c.Assert(fi.IsDir(), check.Equals, true)
+}
+
+// TestPutContentMultipleTimes checks that if storage driver can overwrite the content
+// in the subsequent puts. Validates that PutContent does not have to work
+// with an offset like Writer does and overwrites the file entirely
+// rather than writing the data to the [0,len(data)) of the file.
+func (suite *DriverSuite) TestPutContentMultipleTimes(c *check.C) {
+	filename := randomPath(32)
+	contents := randomContents(4096)
+
+	defer suite.deletePath(c, firstPart(filename))
+	err := suite.StorageDriver.PutContent(suite.ctx, filename, contents)
+	c.Assert(err, check.IsNil)
+
+	contents = randomContents(2048) // upload a different, smaller file
+	err = suite.StorageDriver.PutContent(suite.ctx, filename, contents)
+	c.Assert(err, check.IsNil)
+
+	readContents, err := suite.StorageDriver.GetContent(suite.ctx, filename)
+	c.Assert(err, check.IsNil)
+	c.Assert(readContents, check.DeepEquals, contents)
+}
+
+// TestConcurrentStreamReads checks that multiple clients can safely read from
+// the same file simultaneously with various offsets.
+func (suite *DriverSuite) TestConcurrentStreamReads(c *check.C) {
+	var filesize int64 = 128 * 1024 * 1024
+
+	if testing.Short() {
+		filesize = 10 * 1024 * 1024
+		c.Log("Reducing file size to 10MB for short mode")
+	}
+
+	filename := randomPath(32)
+	contents := randomContents(filesize)
+
+	defer suite.deletePath(c, firstPart(filename))
+
+	err := suite.StorageDriver.PutContent(suite.ctx, filename, contents)
+	c.Assert(err, check.IsNil)
+
+	var wg sync.WaitGroup
+
+	readContents := func() {
+		defer wg.Done()
+		offset := rand.Int63n(int64(len(contents)))
+		reader, err := suite.StorageDriver.Reader(suite.ctx, filename, offset)
+		c.Assert(err, check.IsNil)
+
+		readContents, err := ioutil.ReadAll(reader)
+		c.Assert(err, check.IsNil)
+		c.Assert(readContents, check.DeepEquals, contents[offset:])
+	}
+
+	wg.Add(10)
+	for i := 0; i < 10; i++ {
+		go readContents()
+	}
+	wg.Wait()
+}
+
+// TestConcurrentFileStreams checks that multiple *os.File objects can be passed
+// in to Writer concurrently without hanging.
+func (suite *DriverSuite) TestConcurrentFileStreams(c *check.C) {
+	numStreams := 32
+
+	if testing.Short() {
+		numStreams = 8
+		c.Log("Reducing number of streams to 8 for short mode")
+	}
+
+	var wg sync.WaitGroup
+
+	testStream := func(size int64) {
+		defer wg.Done()
+		suite.testFileStreams(c, size)
+	}
+
+	wg.Add(numStreams)
+	for i := numStreams; i > 0; i-- {
+		go testStream(int64(numStreams) * 1024 * 1024)
+	}
+
+	wg.Wait()
+}
+
+// TODO (brianbland): evaluate the relevancy of this test
+// TestEventualConsistency checks that if stat says that a file is a certain size, then
+// you can freely read from the file (this is the only guarantee that the driver needs to provide)
+// func (suite *DriverSuite) TestEventualConsistency(c *check.C) {
+// 	if testing.Short() {
+// 		c.Skip("Skipping test in short mode")
+// 	}
+//
+// 	filename := randomPath(32)
+// 	defer suite.deletePath(c, firstPart(filename))
+//
+// 	var offset int64
+// 	var misswrites int
+// 	var chunkSize int64 = 32
+//
+// 	for i := 0; i < 1024; i++ {
+// 		contents := randomContents(chunkSize)
+// 		read, err := suite.StorageDriver.Writer(suite.ctx, filename, offset, bytes.NewReader(contents))
+// 		c.Assert(err, check.IsNil)
+//
+// 		fi, err := suite.StorageDriver.Stat(suite.ctx, filename)
+// 		c.Assert(err, check.IsNil)
+//
+// 		// We are most concerned with being able to read data as soon as Stat declares
+// 		// it is uploaded. This is the strongest guarantee that some drivers (that guarantee
+// 		// at best eventual consistency) absolutely need to provide.
+// 		if fi.Size() == offset+chunkSize {
+// 			reader, err := suite.StorageDriver.Reader(suite.ctx, filename, offset)
+// 			c.Assert(err, check.IsNil)
+//
+// 			readContents, err := ioutil.ReadAll(reader)
+// 			c.Assert(err, check.IsNil)
+//
+// 			c.Assert(readContents, check.DeepEquals, contents)
+//
+// 			reader.Close()
+// 			offset += read
+// 		} else {
+// 			misswrites++
+// 		}
+// 	}
+//
+// 	if misswrites > 0 {
+//		c.Log("There were " + string(misswrites) + " occurrences of a write not being instantly available.")
+// 	}
+//
+// 	c.Assert(misswrites, check.Not(check.Equals), 1024)
+// }
+
+// BenchmarkPutGetEmptyFiles benchmarks PutContent/GetContent for 0B files
+func (suite *DriverSuite) BenchmarkPutGetEmptyFiles(c *check.C) {
+	suite.benchmarkPutGetFiles(c, 0)
+}
+
+// BenchmarkPutGet1KBFiles benchmarks PutContent/GetContent for 1KB files
+func (suite *DriverSuite) BenchmarkPutGet1KBFiles(c *check.C) {
+	suite.benchmarkPutGetFiles(c, 1024)
+}
+
+// BenchmarkPutGet1MBFiles benchmarks PutContent/GetContent for 1MB files
+func (suite *DriverSuite) BenchmarkPutGet1MBFiles(c *check.C) {
+	suite.benchmarkPutGetFiles(c, 1024*1024)
+}
+
+// BenchmarkPutGet1GBFiles benchmarks PutContent/GetContent for 1GB files
+func (suite *DriverSuite) BenchmarkPutGet1GBFiles(c *check.C) {
+	suite.benchmarkPutGetFiles(c, 1024*1024*1024)
+}
+
+func (suite *DriverSuite) benchmarkPutGetFiles(c *check.C, size int64) {
+	c.SetBytes(size)
+	parentDir := randomPath(8)
+	defer func() {
+		c.StopTimer()
+		suite.StorageDriver.Delete(suite.ctx, firstPart(parentDir))
+	}()
+
+	for i := 0; i < c.N; i++ {
+		filename := path.Join(parentDir, randomPath(32))
+		err := suite.StorageDriver.PutContent(suite.ctx, filename, randomContents(size))
+		c.Assert(err, check.IsNil)
+
+		_, err = suite.StorageDriver.GetContent(suite.ctx, filename)
+		c.Assert(err, check.IsNil)
+	}
+}
+
+// BenchmarkStreamEmptyFiles benchmarks Writer/Reader for 0B files
+func (suite *DriverSuite) BenchmarkStreamEmptyFiles(c *check.C) {
+	suite.benchmarkStreamFiles(c, 0)
+}
+
+// BenchmarkStream1KBFiles benchmarks Writer/Reader for 1KB files
+func (suite *DriverSuite) BenchmarkStream1KBFiles(c *check.C) {
+	suite.benchmarkStreamFiles(c, 1024)
+}
+
+// BenchmarkStream1MBFiles benchmarks Writer/Reader for 1MB files
+func (suite *DriverSuite) BenchmarkStream1MBFiles(c *check.C) {
+	suite.benchmarkStreamFiles(c, 1024*1024)
+}
+
+// BenchmarkStream1GBFiles benchmarks Writer/Reader for 1GB files
+func (suite *DriverSuite) BenchmarkStream1GBFiles(c *check.C) {
+	suite.benchmarkStreamFiles(c, 1024*1024*1024)
+}
+
+func (suite *DriverSuite) benchmarkStreamFiles(c *check.C, size int64) {
+	c.SetBytes(size)
+	parentDir := randomPath(8)
+	defer func() {
+		c.StopTimer()
+		suite.StorageDriver.Delete(suite.ctx, firstPart(parentDir))
+	}()
+
+	for i := 0; i < c.N; i++ {
+		filename := path.Join(parentDir, randomPath(32))
+		writer, err := suite.StorageDriver.Writer(suite.ctx, filename, false)
+		c.Assert(err, check.IsNil)
+		written, err := io.Copy(writer, bytes.NewReader(randomContents(size)))
+		c.Assert(err, check.IsNil)
+		c.Assert(written, check.Equals, size)
+
+		err = writer.Commit()
+		c.Assert(err, check.IsNil)
+		err = writer.Close()
+		c.Assert(err, check.IsNil)
+
+		rc, err := suite.StorageDriver.Reader(suite.ctx, filename, 0)
+		c.Assert(err, check.IsNil)
+		rc.Close()
+	}
+}
+
+// BenchmarkList5Files benchmarks List for 5 small files
+func (suite *DriverSuite) BenchmarkList5Files(c *check.C) {
+	suite.benchmarkListFiles(c, 5)
+}
+
+// BenchmarkList50Files benchmarks List for 50 small files
+func (suite *DriverSuite) BenchmarkList50Files(c *check.C) {
+	suite.benchmarkListFiles(c, 50)
+}
+
+func (suite *DriverSuite) benchmarkListFiles(c *check.C, numFiles int64) {
+	parentDir := randomPath(8)
+	defer func() {
+		c.StopTimer()
+		suite.StorageDriver.Delete(suite.ctx, firstPart(parentDir))
+	}()
+
+	for i := int64(0); i < numFiles; i++ {
+		err := suite.StorageDriver.PutContent(suite.ctx, path.Join(parentDir, randomPath(32)), nil)
+		c.Assert(err, check.IsNil)
+	}
+
+	c.ResetTimer()
+	for i := 0; i < c.N; i++ {
+		files, err := suite.StorageDriver.List(suite.ctx, parentDir)
+		c.Assert(err, check.IsNil)
+		c.Assert(int64(len(files)), check.Equals, numFiles)
+	}
+}
+
+// BenchmarkDelete5Files benchmarks Delete for 5 small files
+func (suite *DriverSuite) BenchmarkDelete5Files(c *check.C) {
+	suite.benchmarkDeleteFiles(c, 5)
+}
+
+// BenchmarkDelete50Files benchmarks Delete for 50 small files
+func (suite *DriverSuite) BenchmarkDelete50Files(c *check.C) {
+	suite.benchmarkDeleteFiles(c, 50)
+}
+
+func (suite *DriverSuite) benchmarkDeleteFiles(c *check.C, numFiles int64) {
+	for i := 0; i < c.N; i++ {
+		parentDir := randomPath(8)
+		defer suite.deletePath(c, firstPart(parentDir))
+
+		c.StopTimer()
+		for j := int64(0); j < numFiles; j++ {
+			err := suite.StorageDriver.PutContent(suite.ctx, path.Join(parentDir, randomPath(32)), nil)
+			c.Assert(err, check.IsNil)
+		}
+		c.StartTimer()
+
+		// This is the operation we're benchmarking
+		err := suite.StorageDriver.Delete(suite.ctx, firstPart(parentDir))
+		c.Assert(err, check.IsNil)
+	}
+}
+
+func (suite *DriverSuite) testFileStreams(c *check.C, size int64) {
+	tf, err := ioutil.TempFile("", "tf")
+	c.Assert(err, check.IsNil)
+	defer os.Remove(tf.Name())
+	defer tf.Close()
+
+	filename := randomPath(32)
+	defer suite.deletePath(c, firstPart(filename))
+
+	contents := randomContents(size)
+
+	_, err = tf.Write(contents)
+	c.Assert(err, check.IsNil)
+
+	tf.Sync()
+	tf.Seek(0, io.SeekStart)
+
+	writer, err := suite.StorageDriver.Writer(suite.ctx, filename, false)
+	c.Assert(err, check.IsNil)
+	nn, err := io.Copy(writer, tf)
+	c.Assert(err, check.IsNil)
+	c.Assert(nn, check.Equals, size)
+
+	err = writer.Commit()
+	c.Assert(err, check.IsNil)
+	err = writer.Close()
+	c.Assert(err, check.IsNil)
+
+	reader, err := suite.StorageDriver.Reader(suite.ctx, filename, 0)
+	c.Assert(err, check.IsNil)
+	defer reader.Close()
+
+	readContents, err := ioutil.ReadAll(reader)
+	c.Assert(err, check.IsNil)
+
+	c.Assert(readContents, check.DeepEquals, contents)
+}
+
+func (suite *DriverSuite) writeReadCompare(c *check.C, filename string, contents []byte) {
+	defer suite.deletePath(c, firstPart(filename))
+
+	err := suite.StorageDriver.PutContent(suite.ctx, filename, contents)
+	c.Assert(err, check.IsNil)
+
+	readContents, err := suite.StorageDriver.GetContent(suite.ctx, filename)
+	c.Assert(err, check.IsNil)
+
+	c.Assert(readContents, check.DeepEquals, contents)
+}
+
+func (suite *DriverSuite) writeReadCompareStreams(c *check.C, filename string, contents []byte) {
+	defer suite.deletePath(c, firstPart(filename))
+
+	writer, err := suite.StorageDriver.Writer(suite.ctx, filename, false)
+	c.Assert(err, check.IsNil)
+	nn, err := io.Copy(writer, bytes.NewReader(contents))
+	c.Assert(err, check.IsNil)
+	c.Assert(nn, check.Equals, int64(len(contents)))
+
+	err = writer.Commit()
+	c.Assert(err, check.IsNil)
+	err = writer.Close()
+	c.Assert(err, check.IsNil)
+
+	reader, err := suite.StorageDriver.Reader(suite.ctx, filename, 0)
+	c.Assert(err, check.IsNil)
+	defer reader.Close()
+
+	readContents, err := ioutil.ReadAll(reader)
+	c.Assert(err, check.IsNil)
+
+	c.Assert(readContents, check.DeepEquals, contents)
+}
+
+var filenameChars = []byte("abcdefghijklmnopqrstuvwxyz0123456789")
+var separatorChars = []byte("._-")
+
+func randomPath(length int64) string {
+	path := "/"
+	for int64(len(path)) < length {
+		chunkLength := rand.Int63n(length-int64(len(path))) + 1
+		chunk := randomFilename(chunkLength)
+		path += chunk
+		remaining := length - int64(len(path))
+		if remaining == 1 {
+			path += randomFilename(1)
+		} else if remaining > 1 {
+			path += "/"
+		}
+	}
+	return path
+}
+
+func randomFilename(length int64) string {
+	b := make([]byte, length)
+	wasSeparator := true
+	for i := range b {
+		if !wasSeparator && i < len(b)-1 && rand.Intn(4) == 0 {
+			b[i] = separatorChars[rand.Intn(len(separatorChars))]
+			wasSeparator = true
+		} else {
+			b[i] = filenameChars[rand.Intn(len(filenameChars))]
+			wasSeparator = false
+		}
+	}
+	return string(b)
+}
+
+// randomBytes pre-allocates all of the memory sizes needed for the test. If
+// anything panics while accessing randomBytes, just make this number bigger.
+var randomBytes = make([]byte, 128<<20)
+
+func init() {
+	_, _ = rand.Read(randomBytes) // always returns len(randomBytes) and nil error
+}
+
+func randomContents(length int64) []byte {
+	return randomBytes[:length]
+}
+
+type randReader struct {
+	r int64
+	m sync.Mutex
+}
+
+func (rr *randReader) Read(p []byte) (n int, err error) {
+	rr.m.Lock()
+	defer rr.m.Unlock()
+
+	toread := int64(len(p))
+	if toread > rr.r {
+		toread = rr.r
+	}
+	n = copy(p, randomContents(toread))
+	rr.r -= int64(n)
+
+	if rr.r <= 0 {
+		err = io.EOF
+	}
+
+	return
+}
+
+func newRandReader(n int64) *randReader {
+	return &randReader{r: n}
+}
+
+func firstPart(filePath string) string {
+	if filePath == "" {
+		return "/"
+	}
+	for {
+		if filePath[len(filePath)-1] == '/' {
+			filePath = filePath[:len(filePath)-1]
+		}
+
+		dir, file := path.Split(filePath)
+		if dir == "" && file == "" {
+			return "/"
+		}
+		if dir == "/" || dir == "" {
+			return "/" + file
+		}
+		if file == "" {
+			return dir
+		}
+		filePath = dir
+	}
+}
diff --git a/vendor/github.com/docker/distribution/registry/storage/driver/walk.go b/vendor/github.com/docker/distribution/registry/storage/driver/walk.go
new file mode 100644
index 000000000..8ded5b8be
--- /dev/null
+++ b/vendor/github.com/docker/distribution/registry/storage/driver/walk.go
@@ -0,0 +1,61 @@
+package driver
+
+import (
+	"context"
+	"errors"
+	"sort"
+
+	"github.com/sirupsen/logrus"
+)
+
+// ErrSkipDir is used as a return value from onFileFunc to indicate that
+// the directory named in the call is to be skipped. It is not returned
+// as an error by any function.
+var ErrSkipDir = errors.New("skip this directory")
+
+// WalkFn is called once per file by Walk
+type WalkFn func(fileInfo FileInfo) error
+
+// WalkFallback traverses a filesystem defined within driver, starting
+// from the given path, calling f on each file. It uses the List method and Stat to drive itself.
+// If the returned error from the WalkFn is ErrSkipDir and fileInfo refers
+// to a directory, the directory will not be entered and Walk
+// will continue the traversal.  If fileInfo refers to a normal file, processing stops
+func WalkFallback(ctx context.Context, driver StorageDriver, from string, f WalkFn) error {
+	children, err := driver.List(ctx, from)
+	if err != nil {
+		return err
+	}
+	sort.Stable(sort.StringSlice(children))
+	for _, child := range children {
+		// TODO(stevvooe): Calling driver.Stat for every entry is quite
+		// expensive when running against backends with a slow Stat
+		// implementation, such as s3. This is very likely a serious
+		// performance bottleneck.
+		fileInfo, err := driver.Stat(ctx, child)
+		if err != nil {
+			switch err.(type) {
+			case PathNotFoundError:
+				// repository was removed in between listing and enumeration. Ignore it.
+				logrus.WithField("path", child).Infof("ignoring deleted path")
+				continue
+			default:
+				return err
+			}
+		}
+		err = f(fileInfo)
+		if err == nil && fileInfo.IsDir() {
+			if err := WalkFallback(ctx, driver, child, f); err != nil {
+				return err
+			}
+		} else if err == ErrSkipDir {
+			// Stop iteration if it's a file, otherwise noop if it's a directory
+			if !fileInfo.IsDir() {
+				return nil
+			}
+		} else if err != nil {
+			return err
+		}
+	}
+	return nil
+}
diff --git a/vendor/github.com/docker/distribution/registry/storage/error.go b/vendor/github.com/docker/distribution/registry/storage/error.go
new file mode 100644
index 000000000..109136586
--- /dev/null
+++ b/vendor/github.com/docker/distribution/registry/storage/error.go
@@ -0,0 +1,9 @@
+package storage
+
+import "fmt"
+
+// pushError formats an error type given a path and an error
+// and pushes it to a slice of errors
+func pushError(errors []error, path string, err error) []error {
+	return append(errors, fmt.Errorf("%s: %s", path, err))
+}
diff --git a/vendor/github.com/docker/distribution/registry/storage/filereader.go b/vendor/github.com/docker/distribution/registry/storage/filereader.go
new file mode 100644
index 000000000..90afaad0a
--- /dev/null
+++ b/vendor/github.com/docker/distribution/registry/storage/filereader.go
@@ -0,0 +1,176 @@
+package storage
+
+import (
+	"bufio"
+	"bytes"
+	"context"
+	"fmt"
+	"io"
+	"io/ioutil"
+
+	storagedriver "github.com/docker/distribution/registry/storage/driver"
+)
+
+// TODO(stevvooe): Set an optimal buffer size here. We'll have to
+// understand the latency characteristics of the underlying network to
+// set this correctly, so we may want to leave it to the driver. For
+// out of process drivers, we'll have to optimize this buffer size for
+// local communication.
+const fileReaderBufferSize = 4 << 20
+
+// remoteFileReader provides a read seeker interface to files stored in
+// storagedriver. Used to implement part of layer interface and will be used
+// to implement read side of LayerUpload.
+type fileReader struct {
+	driver storagedriver.StorageDriver
+
+	ctx context.Context
+
+	// identifying fields
+	path string
+	size int64 // size is the total size, must be set.
+
+	// mutable fields
+	rc     io.ReadCloser // remote read closer
+	brd    *bufio.Reader // internal buffered io
+	offset int64         // offset is the current read offset
+	err    error         // terminal error, if set, reader is closed
+}
+
+// newFileReader initializes a file reader for the remote file. The reader
+// takes on the size and path that must be determined externally with a stat
+// call. The reader operates optimistically, assuming that the file is already
+// there.
+func newFileReader(ctx context.Context, driver storagedriver.StorageDriver, path string, size int64) (*fileReader, error) {
+	return &fileReader{
+		ctx:    ctx,
+		driver: driver,
+		path:   path,
+		size:   size,
+	}, nil
+}
+
+func (fr *fileReader) Read(p []byte) (n int, err error) {
+	if fr.err != nil {
+		return 0, fr.err
+	}
+
+	rd, err := fr.reader()
+	if err != nil {
+		return 0, err
+	}
+
+	n, err = rd.Read(p)
+	fr.offset += int64(n)
+
+	// Simulate io.EOR error if we reach filesize.
+	if err == nil && fr.offset >= fr.size {
+		err = io.EOF
+	}
+
+	return n, err
+}
+
+func (fr *fileReader) Seek(offset int64, whence int) (int64, error) {
+	if fr.err != nil {
+		return 0, fr.err
+	}
+
+	var err error
+	newOffset := fr.offset
+
+	switch whence {
+	case io.SeekCurrent:
+		newOffset += offset
+	case io.SeekEnd:
+		newOffset = fr.size + offset
+	case io.SeekStart:
+		newOffset = offset
+	}
+
+	if newOffset < 0 {
+		err = fmt.Errorf("cannot seek to negative position")
+	} else {
+		if fr.offset != newOffset {
+			fr.reset()
+		}
+
+		// No problems, set the offset.
+		fr.offset = newOffset
+	}
+
+	return fr.offset, err
+}
+
+func (fr *fileReader) Close() error {
+	return fr.closeWithErr(fmt.Errorf("fileReader: closed"))
+}
+
+// reader prepares the current reader at the lrs offset, ensuring its buffered
+// and ready to go.
+func (fr *fileReader) reader() (io.Reader, error) {
+	if fr.err != nil {
+		return nil, fr.err
+	}
+
+	if fr.rc != nil {
+		return fr.brd, nil
+	}
+
+	// If we don't have a reader, open one up.
+	rc, err := fr.driver.Reader(fr.ctx, fr.path, fr.offset)
+	if err != nil {
+		switch err := err.(type) {
+		case storagedriver.PathNotFoundError:
+			// NOTE(stevvooe): If the path is not found, we simply return a
+			// reader that returns io.EOF. However, we do not set fr.rc,
+			// allowing future attempts at getting a reader to possibly
+			// succeed if the file turns up later.
+			return ioutil.NopCloser(bytes.NewReader([]byte{})), nil
+		default:
+			return nil, err
+		}
+	}
+
+	fr.rc = rc
+
+	if fr.brd == nil {
+		fr.brd = bufio.NewReaderSize(fr.rc, fileReaderBufferSize)
+	} else {
+		fr.brd.Reset(fr.rc)
+	}
+
+	return fr.brd, nil
+}
+
+// resetReader resets the reader, forcing the read method to open up a new
+// connection and rebuild the buffered reader. This should be called when the
+// offset and the reader will become out of sync, such as during a seek
+// operation.
+func (fr *fileReader) reset() {
+	if fr.err != nil {
+		return
+	}
+	if fr.rc != nil {
+		fr.rc.Close()
+		fr.rc = nil
+	}
+}
+
+func (fr *fileReader) closeWithErr(err error) error {
+	if fr.err != nil {
+		return fr.err
+	}
+
+	fr.err = err
+
+	// close and release reader chain
+	if fr.rc != nil {
+		fr.rc.Close()
+	}
+
+	fr.rc = nil
+	fr.brd = nil
+
+	return fr.err
+}
diff --git a/vendor/github.com/docker/distribution/registry/storage/garbagecollect.go b/vendor/github.com/docker/distribution/registry/storage/garbagecollect.go
new file mode 100644
index 000000000..317c792da
--- /dev/null
+++ b/vendor/github.com/docker/distribution/registry/storage/garbagecollect.go
@@ -0,0 +1,152 @@
+package storage
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/docker/distribution"
+	"github.com/docker/distribution/reference"
+	"github.com/docker/distribution/registry/storage/driver"
+	"github.com/opencontainers/go-digest"
+)
+
+func emit(format string, a ...interface{}) {
+	fmt.Printf(format+"\n", a...)
+}
+
+// GCOpts contains options for garbage collector
+type GCOpts struct {
+	DryRun         bool
+	RemoveUntagged bool
+}
+
+// ManifestDel contains manifest structure which will be deleted
+type ManifestDel struct {
+	Name   string
+	Digest digest.Digest
+	Tags   []string
+}
+
+// MarkAndSweep performs a mark and sweep of registry data
+func MarkAndSweep(ctx context.Context, storageDriver driver.StorageDriver, registry distribution.Namespace, opts GCOpts) error {
+	repositoryEnumerator, ok := registry.(distribution.RepositoryEnumerator)
+	if !ok {
+		return fmt.Errorf("unable to convert Namespace to RepositoryEnumerator")
+	}
+
+	// mark
+	markSet := make(map[digest.Digest]struct{})
+	manifestArr := make([]ManifestDel, 0)
+	err := repositoryEnumerator.Enumerate(ctx, func(repoName string) error {
+		emit(repoName)
+
+		var err error
+		named, err := reference.WithName(repoName)
+		if err != nil {
+			return fmt.Errorf("failed to parse repo name %s: %v", repoName, err)
+		}
+		repository, err := registry.Repository(ctx, named)
+		if err != nil {
+			return fmt.Errorf("failed to construct repository: %v", err)
+		}
+
+		manifestService, err := repository.Manifests(ctx)
+		if err != nil {
+			return fmt.Errorf("failed to construct manifest service: %v", err)
+		}
+
+		manifestEnumerator, ok := manifestService.(distribution.ManifestEnumerator)
+		if !ok {
+			return fmt.Errorf("unable to convert ManifestService into ManifestEnumerator")
+		}
+
+		err = manifestEnumerator.Enumerate(ctx, func(dgst digest.Digest) error {
+			if opts.RemoveUntagged {
+				// fetch all tags where this manifest is the latest one
+				tags, err := repository.Tags(ctx).Lookup(ctx, distribution.Descriptor{Digest: dgst})
+				if err != nil {
+					return fmt.Errorf("failed to retrieve tags for digest %v: %v", dgst, err)
+				}
+				if len(tags) == 0 {
+					emit("manifest eligible for deletion: %s", dgst)
+					// fetch all tags from repository
+					// all of these tags could contain manifest in history
+					// which means that we need check (and delete) those references when deleting manifest
+					allTags, err := repository.Tags(ctx).All(ctx)
+					if err != nil {
+						return fmt.Errorf("failed to retrieve tags %v", err)
+					}
+					manifestArr = append(manifestArr, ManifestDel{Name: repoName, Digest: dgst, Tags: allTags})
+					return nil
+				}
+			}
+			// Mark the manifest's blob
+			emit("%s: marking manifest %s ", repoName, dgst)
+			markSet[dgst] = struct{}{}
+
+			manifest, err := manifestService.Get(ctx, dgst)
+			if err != nil {
+				return fmt.Errorf("failed to retrieve manifest for digest %v: %v", dgst, err)
+			}
+
+			descriptors := manifest.References()
+			for _, descriptor := range descriptors {
+				markSet[descriptor.Digest] = struct{}{}
+				emit("%s: marking blob %s", repoName, descriptor.Digest)
+			}
+
+			return nil
+		})
+
+		// In certain situations such as unfinished uploads, deleting all
+		// tags in S3 or removing the _manifests folder manually, this
+		// error may be of type PathNotFound.
+		//
+		// In these cases we can continue marking other manifests safely.
+		if _, ok := err.(driver.PathNotFoundError); ok {
+			return nil
+		}
+
+		return err
+	})
+
+	if err != nil {
+		return fmt.Errorf("failed to mark: %v", err)
+	}
+
+	// sweep
+	vacuum := NewVacuum(ctx, storageDriver)
+	if !opts.DryRun {
+		for _, obj := range manifestArr {
+			err = vacuum.RemoveManifest(obj.Name, obj.Digest, obj.Tags)
+			if err != nil {
+				return fmt.Errorf("failed to delete manifest %s: %v", obj.Digest, err)
+			}
+		}
+	}
+	blobService := registry.Blobs()
+	deleteSet := make(map[digest.Digest]struct{})
+	err = blobService.Enumerate(ctx, func(dgst digest.Digest) error {
+		// check if digest is in markSet. If not, delete it!
+		if _, ok := markSet[dgst]; !ok {
+			deleteSet[dgst] = struct{}{}
+		}
+		return nil
+	})
+	if err != nil {
+		return fmt.Errorf("error enumerating blobs: %v", err)
+	}
+	emit("\n%d blobs marked, %d blobs and %d manifests eligible for deletion", len(markSet), len(deleteSet), len(manifestArr))
+	for dgst := range deleteSet {
+		emit("blob eligible for deletion: %s", dgst)
+		if opts.DryRun {
+			continue
+		}
+		err = vacuum.RemoveBlob(string(dgst))
+		if err != nil {
+			return fmt.Errorf("failed to delete blob %s: %v", dgst, err)
+		}
+	}
+
+	return err
+}
diff --git a/vendor/github.com/docker/distribution/registry/storage/io.go b/vendor/github.com/docker/distribution/registry/storage/io.go
new file mode 100644
index 000000000..7cde6a334
--- /dev/null
+++ b/vendor/github.com/docker/distribution/registry/storage/io.go
@@ -0,0 +1,72 @@
+package storage
+
+import (
+	"context"
+	"errors"
+	"io"
+	"io/ioutil"
+
+	"github.com/docker/distribution/registry/storage/driver"
+)
+
+const (
+	maxBlobGetSize = 4 << 20
+)
+
+func getContent(ctx context.Context, driver driver.StorageDriver, p string) ([]byte, error) {
+	r, err := driver.Reader(ctx, p, 0)
+	if err != nil {
+		return nil, err
+	}
+	defer r.Close()
+
+	return readAllLimited(r, maxBlobGetSize)
+}
+
+func readAllLimited(r io.Reader, limit int64) ([]byte, error) {
+	r = limitReader(r, limit)
+	return ioutil.ReadAll(r)
+}
+
+// limitReader returns a new reader limited to n bytes. Unlike io.LimitReader,
+// this returns an error when the limit reached.
+func limitReader(r io.Reader, n int64) io.Reader {
+	return &limitedReader{r: r, n: n}
+}
+
+// limitedReader implements a reader that errors when the limit is reached.
+//
+// Partially cribbed from net/http.MaxBytesReader.
+type limitedReader struct {
+	r   io.Reader // underlying reader
+	n   int64     // max bytes remaining
+	err error     // sticky error
+}
+
+func (l *limitedReader) Read(p []byte) (n int, err error) {
+	if l.err != nil {
+		return 0, l.err
+	}
+	if len(p) == 0 {
+		return 0, nil
+	}
+	// If they asked for a 32KB byte read but only 5 bytes are
+	// remaining, no need to read 32KB. 6 bytes will answer the
+	// question of the whether we hit the limit or go past it.
+	if int64(len(p)) > l.n+1 {
+		p = p[:l.n+1]
+	}
+	n, err = l.r.Read(p)
+
+	if int64(n) <= l.n {
+		l.n -= int64(n)
+		l.err = err
+		return n, err
+	}
+
+	n = int(l.n)
+	l.n = 0
+
+	l.err = errors.New("storage: read exceeds limit")
+	return n, l.err
+}
diff --git a/vendor/github.com/docker/distribution/registry/storage/linkedblobstore.go b/vendor/github.com/docker/distribution/registry/storage/linkedblobstore.go
new file mode 100644
index 000000000..de591c8a5
--- /dev/null
+++ b/vendor/github.com/docker/distribution/registry/storage/linkedblobstore.go
@@ -0,0 +1,465 @@
+package storage
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"path"
+	"time"
+
+	"github.com/docker/distribution"
+	dcontext "github.com/docker/distribution/context"
+	"github.com/docker/distribution/reference"
+	"github.com/docker/distribution/registry/storage/driver"
+	"github.com/docker/distribution/uuid"
+	"github.com/opencontainers/go-digest"
+)
+
+// linkPathFunc describes a function that can resolve a link based on the
+// repository name and digest.
+type linkPathFunc func(name string, dgst digest.Digest) (string, error)
+
+// linkedBlobStore provides a full BlobService that namespaces the blobs to a
+// given repository. Effectively, it manages the links in a given repository
+// that grant access to the global blob store.
+type linkedBlobStore struct {
+	*blobStore
+	registry               *registry
+	blobServer             distribution.BlobServer
+	blobAccessController   distribution.BlobDescriptorService
+	repository             distribution.Repository
+	ctx                    context.Context // only to be used where context can't come through method args
+	deleteEnabled          bool
+	resumableDigestEnabled bool
+
+	// linkPathFns specifies one or more path functions allowing one to
+	// control the repository blob link set to which the blob store
+	// dispatches. This is required because manifest and layer blobs have not
+	// yet been fully merged. At some point, this functionality should be
+	// removed the blob links folder should be merged. The first entry is
+	// treated as the "canonical" link location and will be used for writes.
+	linkPathFns []linkPathFunc
+
+	// linkDirectoryPathSpec locates the root directories in which one might find links
+	linkDirectoryPathSpec pathSpec
+}
+
+var _ distribution.BlobStore = &linkedBlobStore{}
+
+func (lbs *linkedBlobStore) Stat(ctx context.Context, dgst digest.Digest) (distribution.Descriptor, error) {
+	return lbs.blobAccessController.Stat(ctx, dgst)
+}
+
+func (lbs *linkedBlobStore) Get(ctx context.Context, dgst digest.Digest) ([]byte, error) {
+	canonical, err := lbs.Stat(ctx, dgst) // access check
+	if err != nil {
+		return nil, err
+	}
+
+	return lbs.blobStore.Get(ctx, canonical.Digest)
+}
+
+func (lbs *linkedBlobStore) Open(ctx context.Context, dgst digest.Digest) (distribution.ReadSeekCloser, error) {
+	canonical, err := lbs.Stat(ctx, dgst) // access check
+	if err != nil {
+		return nil, err
+	}
+
+	return lbs.blobStore.Open(ctx, canonical.Digest)
+}
+
+func (lbs *linkedBlobStore) ServeBlob(ctx context.Context, w http.ResponseWriter, r *http.Request, dgst digest.Digest) error {
+	canonical, err := lbs.Stat(ctx, dgst) // access check
+	if err != nil {
+		return err
+	}
+
+	if canonical.MediaType != "" {
+		// Set the repository local content type.
+		w.Header().Set("Content-Type", canonical.MediaType)
+	}
+
+	return lbs.blobServer.ServeBlob(ctx, w, r, canonical.Digest)
+}
+
+func (lbs *linkedBlobStore) Put(ctx context.Context, mediaType string, p []byte) (distribution.Descriptor, error) {
+	dgst := digest.FromBytes(p)
+	// Place the data in the blob store first.
+	desc, err := lbs.blobStore.Put(ctx, mediaType, p)
+	if err != nil {
+		dcontext.GetLogger(ctx).Errorf("error putting into main store: %v", err)
+		return distribution.Descriptor{}, err
+	}
+
+	if err := lbs.blobAccessController.SetDescriptor(ctx, dgst, desc); err != nil {
+		return distribution.Descriptor{}, err
+	}
+
+	// TODO(stevvooe): Write out mediatype if incoming differs from what is
+	// returned by Put above. Note that we should allow updates for a given
+	// repository.
+
+	return desc, lbs.linkBlob(ctx, desc)
+}
+
+type optionFunc func(interface{}) error
+
+func (f optionFunc) Apply(v interface{}) error {
+	return f(v)
+}
+
+// WithMountFrom returns a BlobCreateOption which designates that the blob should be
+// mounted from the given canonical reference.
+func WithMountFrom(ref reference.Canonical) distribution.BlobCreateOption {
+	return optionFunc(func(v interface{}) error {
+		opts, ok := v.(*distribution.CreateOptions)
+		if !ok {
+			return fmt.Errorf("unexpected options type: %T", v)
+		}
+
+		opts.Mount.ShouldMount = true
+		opts.Mount.From = ref
+
+		return nil
+	})
+}
+
+// Writer begins a blob write session, returning a handle.
+func (lbs *linkedBlobStore) Create(ctx context.Context, options ...distribution.BlobCreateOption) (distribution.BlobWriter, error) {
+	dcontext.GetLogger(ctx).Debug("(*linkedBlobStore).Writer")
+
+	var opts distribution.CreateOptions
+
+	for _, option := range options {
+		err := option.Apply(&opts)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	if opts.Mount.ShouldMount {
+		desc, err := lbs.mount(ctx, opts.Mount.From, opts.Mount.From.Digest(), opts.Mount.Stat)
+		if err == nil {
+			// Mount successful, no need to initiate an upload session
+			return nil, distribution.ErrBlobMounted{From: opts.Mount.From, Descriptor: desc}
+		}
+	}
+
+	uuid := uuid.Generate().String()
+	startedAt := time.Now().UTC()
+
+	path, err := pathFor(uploadDataPathSpec{
+		name: lbs.repository.Named().Name(),
+		id:   uuid,
+	})
+
+	if err != nil {
+		return nil, err
+	}
+
+	startedAtPath, err := pathFor(uploadStartedAtPathSpec{
+		name: lbs.repository.Named().Name(),
+		id:   uuid,
+	})
+
+	if err != nil {
+		return nil, err
+	}
+
+	// Write a startedat file for this upload
+	if err := lbs.blobStore.driver.PutContent(ctx, startedAtPath, []byte(startedAt.Format(time.RFC3339))); err != nil {
+		return nil, err
+	}
+
+	return lbs.newBlobUpload(ctx, uuid, path, startedAt, false)
+}
+
+func (lbs *linkedBlobStore) Resume(ctx context.Context, id string) (distribution.BlobWriter, error) {
+	dcontext.GetLogger(ctx).Debug("(*linkedBlobStore).Resume")
+
+	startedAtPath, err := pathFor(uploadStartedAtPathSpec{
+		name: lbs.repository.Named().Name(),
+		id:   id,
+	})
+
+	if err != nil {
+		return nil, err
+	}
+
+	startedAtBytes, err := lbs.blobStore.driver.GetContent(ctx, startedAtPath)
+	if err != nil {
+		switch err := err.(type) {
+		case driver.PathNotFoundError:
+			return nil, distribution.ErrBlobUploadUnknown
+		default:
+			return nil, err
+		}
+	}
+
+	startedAt, err := time.Parse(time.RFC3339, string(startedAtBytes))
+	if err != nil {
+		return nil, err
+	}
+
+	path, err := pathFor(uploadDataPathSpec{
+		name: lbs.repository.Named().Name(),
+		id:   id,
+	})
+
+	if err != nil {
+		return nil, err
+	}
+
+	return lbs.newBlobUpload(ctx, id, path, startedAt, true)
+}
+
+func (lbs *linkedBlobStore) Delete(ctx context.Context, dgst digest.Digest) error {
+	if !lbs.deleteEnabled {
+		return distribution.ErrUnsupported
+	}
+
+	// Ensure the blob is available for deletion
+	_, err := lbs.blobAccessController.Stat(ctx, dgst)
+	if err != nil {
+		return err
+	}
+
+	err = lbs.blobAccessController.Clear(ctx, dgst)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (lbs *linkedBlobStore) Enumerate(ctx context.Context, ingestor func(digest.Digest) error) error {
+	rootPath, err := pathFor(lbs.linkDirectoryPathSpec)
+	if err != nil {
+		return err
+	}
+	return lbs.driver.Walk(ctx, rootPath, func(fileInfo driver.FileInfo) error {
+		// exit early if directory...
+		if fileInfo.IsDir() {
+			return nil
+		}
+		filePath := fileInfo.Path()
+
+		// check if it's a link
+		_, fileName := path.Split(filePath)
+		if fileName != "link" {
+			return nil
+		}
+
+		// read the digest found in link
+		digest, err := lbs.blobStore.readlink(ctx, filePath)
+		if err != nil {
+			return err
+		}
+
+		// ensure this conforms to the linkPathFns
+		_, err = lbs.Stat(ctx, digest)
+		if err != nil {
+			// we expect this error to occur so we move on
+			if err == distribution.ErrBlobUnknown {
+				return nil
+			}
+			return err
+		}
+
+		err = ingestor(digest)
+		if err != nil {
+			return err
+		}
+
+		return nil
+	})
+}
+
+func (lbs *linkedBlobStore) mount(ctx context.Context, sourceRepo reference.Named, dgst digest.Digest, sourceStat *distribution.Descriptor) (distribution.Descriptor, error) {
+	var stat distribution.Descriptor
+	if sourceStat == nil {
+		// look up the blob info from the sourceRepo if not already provided
+		repo, err := lbs.registry.Repository(ctx, sourceRepo)
+		if err != nil {
+			return distribution.Descriptor{}, err
+		}
+		stat, err = repo.Blobs(ctx).Stat(ctx, dgst)
+		if err != nil {
+			return distribution.Descriptor{}, err
+		}
+	} else {
+		// use the provided blob info
+		stat = *sourceStat
+	}
+
+	desc := distribution.Descriptor{
+		Size: stat.Size,
+
+		// NOTE(stevvooe): The central blob store firewalls media types from
+		// other users. The caller should look this up and override the value
+		// for the specific repository.
+		MediaType: "application/octet-stream",
+		Digest:    dgst,
+	}
+	return desc, lbs.linkBlob(ctx, desc)
+}
+
+// newBlobUpload allocates a new upload controller with the given state.
+func (lbs *linkedBlobStore) newBlobUpload(ctx context.Context, uuid, path string, startedAt time.Time, append bool) (distribution.BlobWriter, error) {
+	fw, err := lbs.driver.Writer(ctx, path, append)
+	if err != nil {
+		return nil, err
+	}
+
+	bw := &blobWriter{
+		ctx:                    ctx,
+		blobStore:              lbs,
+		id:                     uuid,
+		startedAt:              startedAt,
+		digester:               digest.Canonical.Digester(),
+		fileWriter:             fw,
+		driver:                 lbs.driver,
+		path:                   path,
+		resumableDigestEnabled: lbs.resumableDigestEnabled,
+	}
+
+	return bw, nil
+}
+
+// linkBlob links a valid, written blob into the registry under the named
+// repository for the upload controller.
+func (lbs *linkedBlobStore) linkBlob(ctx context.Context, canonical distribution.Descriptor, aliases ...digest.Digest) error {
+	dgsts := append([]digest.Digest{canonical.Digest}, aliases...)
+
+	// TODO(stevvooe): Need to write out mediatype for only canonical hash
+	// since we don't care about the aliases. They are generally unused except
+	// for tarsum but those versions don't care about mediatype.
+
+	// Don't make duplicate links.
+	seenDigests := make(map[digest.Digest]struct{}, len(dgsts))
+
+	// only use the first link
+	linkPathFn := lbs.linkPathFns[0]
+
+	for _, dgst := range dgsts {
+		if _, seen := seenDigests[dgst]; seen {
+			continue
+		}
+		seenDigests[dgst] = struct{}{}
+
+		blobLinkPath, err := linkPathFn(lbs.repository.Named().Name(), dgst)
+		if err != nil {
+			return err
+		}
+
+		if err := lbs.blobStore.link(ctx, blobLinkPath, canonical.Digest); err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+type linkedBlobStatter struct {
+	*blobStore
+	repository distribution.Repository
+
+	// linkPathFns specifies one or more path functions allowing one to
+	// control the repository blob link set to which the blob store
+	// dispatches. This is required because manifest and layer blobs have not
+	// yet been fully merged. At some point, this functionality should be
+	// removed an the blob links folder should be merged. The first entry is
+	// treated as the "canonical" link location and will be used for writes.
+	linkPathFns []linkPathFunc
+}
+
+var _ distribution.BlobDescriptorService = &linkedBlobStatter{}
+
+func (lbs *linkedBlobStatter) Stat(ctx context.Context, dgst digest.Digest) (distribution.Descriptor, error) {
+	var (
+		found  bool
+		target digest.Digest
+	)
+
+	// try the many link path functions until we get success or an error that
+	// is not PathNotFoundError.
+	for _, linkPathFn := range lbs.linkPathFns {
+		var err error
+		target, err = lbs.resolveWithLinkFunc(ctx, dgst, linkPathFn)
+
+		if err == nil {
+			found = true
+			break // success!
+		}
+
+		switch err := err.(type) {
+		case driver.PathNotFoundError:
+			// do nothing, just move to the next linkPathFn
+		default:
+			return distribution.Descriptor{}, err
+		}
+	}
+
+	if !found {
+		return distribution.Descriptor{}, distribution.ErrBlobUnknown
+	}
+
+	if target != dgst {
+		// Track when we are doing cross-digest domain lookups. ie, sha512 to sha256.
+		dcontext.GetLogger(ctx).Warnf("looking up blob with canonical target: %v -> %v", dgst, target)
+	}
+
+	// TODO(stevvooe): Look up repository local mediatype and replace that on
+	// the returned descriptor.
+
+	return lbs.blobStore.statter.Stat(ctx, target)
+}
+
+func (lbs *linkedBlobStatter) Clear(ctx context.Context, dgst digest.Digest) (err error) {
+	// clear any possible existence of a link described in linkPathFns
+	for _, linkPathFn := range lbs.linkPathFns {
+		blobLinkPath, err := linkPathFn(lbs.repository.Named().Name(), dgst)
+		if err != nil {
+			return err
+		}
+
+		err = lbs.blobStore.driver.Delete(ctx, blobLinkPath)
+		if err != nil {
+			switch err := err.(type) {
+			case driver.PathNotFoundError:
+				continue // just ignore this error and continue
+			default:
+				return err
+			}
+		}
+	}
+
+	return nil
+}
+
+// resolveTargetWithFunc allows us to read a link to a resource with different
+// linkPathFuncs to let us try a few different paths before returning not
+// found.
+func (lbs *linkedBlobStatter) resolveWithLinkFunc(ctx context.Context, dgst digest.Digest, linkPathFn linkPathFunc) (digest.Digest, error) {
+	blobLinkPath, err := linkPathFn(lbs.repository.Named().Name(), dgst)
+	if err != nil {
+		return "", err
+	}
+
+	return lbs.blobStore.readlink(ctx, blobLinkPath)
+}
+
+func (lbs *linkedBlobStatter) SetDescriptor(ctx context.Context, dgst digest.Digest, desc distribution.Descriptor) error {
+	// The canonical descriptor for a blob is set at the commit phase of upload
+	return nil
+}
+
+// blobLinkPath provides the path to the blob link, also known as layers.
+func blobLinkPath(name string, dgst digest.Digest) (string, error) {
+	return pathFor(layerLinkPathSpec{name: name, digest: dgst})
+}
+
+// manifestRevisionLinkPath provides the path to the manifest revision link.
+func manifestRevisionLinkPath(name string, dgst digest.Digest) (string, error) {
+	return pathFor(manifestRevisionLinkPathSpec{name: name, revision: dgst})
+}
diff --git a/vendor/github.com/docker/distribution/registry/storage/manifestlisthandler.go b/vendor/github.com/docker/distribution/registry/storage/manifestlisthandler.go
new file mode 100644
index 000000000..ffc391617
--- /dev/null
+++ b/vendor/github.com/docker/distribution/registry/storage/manifestlisthandler.go
@@ -0,0 +1,96 @@
+package storage
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/docker/distribution"
+	dcontext "github.com/docker/distribution/context"
+	"github.com/docker/distribution/manifest/manifestlist"
+	"github.com/opencontainers/go-digest"
+)
+
+// manifestListHandler is a ManifestHandler that covers schema2 manifest lists.
+type manifestListHandler struct {
+	repository distribution.Repository
+	blobStore  distribution.BlobStore
+	ctx        context.Context
+}
+
+var _ ManifestHandler = &manifestListHandler{}
+
+func (ms *manifestListHandler) Unmarshal(ctx context.Context, dgst digest.Digest, content []byte) (distribution.Manifest, error) {
+	dcontext.GetLogger(ms.ctx).Debug("(*manifestListHandler).Unmarshal")
+
+	m := &manifestlist.DeserializedManifestList{}
+	if err := m.UnmarshalJSON(content); err != nil {
+		return nil, err
+	}
+
+	return m, nil
+}
+
+func (ms *manifestListHandler) Put(ctx context.Context, manifestList distribution.Manifest, skipDependencyVerification bool) (digest.Digest, error) {
+	dcontext.GetLogger(ms.ctx).Debug("(*manifestListHandler).Put")
+
+	m, ok := manifestList.(*manifestlist.DeserializedManifestList)
+	if !ok {
+		return "", fmt.Errorf("wrong type put to manifestListHandler: %T", manifestList)
+	}
+
+	if err := ms.verifyManifest(ms.ctx, *m, skipDependencyVerification); err != nil {
+		return "", err
+	}
+
+	mt, payload, err := m.Payload()
+	if err != nil {
+		return "", err
+	}
+
+	revision, err := ms.blobStore.Put(ctx, mt, payload)
+	if err != nil {
+		dcontext.GetLogger(ctx).Errorf("error putting payload into blobstore: %v", err)
+		return "", err
+	}
+
+	return revision.Digest, nil
+}
+
+// verifyManifest ensures that the manifest content is valid from the
+// perspective of the registry. As a policy, the registry only tries to
+// store valid content, leaving trust policies of that content up to
+// consumers.
+func (ms *manifestListHandler) verifyManifest(ctx context.Context, mnfst manifestlist.DeserializedManifestList, skipDependencyVerification bool) error {
+	var errs distribution.ErrManifestVerification
+
+	if mnfst.SchemaVersion != 2 {
+		return fmt.Errorf("unrecognized manifest list schema version %d", mnfst.SchemaVersion)
+	}
+
+	if !skipDependencyVerification {
+		// This manifest service is different from the blob service
+		// returned by Blob. It uses a linked blob store to ensure that
+		// only manifests are accessible.
+
+		manifestService, err := ms.repository.Manifests(ctx)
+		if err != nil {
+			return err
+		}
+
+		for _, manifestDescriptor := range mnfst.References() {
+			exists, err := manifestService.Exists(ctx, manifestDescriptor.Digest)
+			if err != nil && err != distribution.ErrBlobUnknown {
+				errs = append(errs, err)
+			}
+			if err != nil || !exists {
+				// On error here, we always append unknown blob errors.
+				errs = append(errs, distribution.ErrManifestBlobUnknown{Digest: manifestDescriptor.Digest})
+			}
+		}
+	}
+	if len(errs) != 0 {
+		return errs
+	}
+
+	return nil
+}
diff --git a/vendor/github.com/docker/distribution/registry/storage/manifeststore.go b/vendor/github.com/docker/distribution/registry/storage/manifeststore.go
new file mode 100644
index 000000000..7daa9a729
--- /dev/null
+++ b/vendor/github.com/docker/distribution/registry/storage/manifeststore.go
@@ -0,0 +1,161 @@
+package storage
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+
+	"github.com/docker/distribution"
+	dcontext "github.com/docker/distribution/context"
+	"github.com/docker/distribution/manifest"
+	"github.com/docker/distribution/manifest/manifestlist"
+	"github.com/docker/distribution/manifest/ocischema"
+	"github.com/docker/distribution/manifest/schema1"
+	"github.com/docker/distribution/manifest/schema2"
+	"github.com/opencontainers/go-digest"
+	v1 "github.com/opencontainers/image-spec/specs-go/v1"
+)
+
+// A ManifestHandler gets and puts manifests of a particular type.
+type ManifestHandler interface {
+	// Unmarshal unmarshals the manifest from a byte slice.
+	Unmarshal(ctx context.Context, dgst digest.Digest, content []byte) (distribution.Manifest, error)
+
+	// Put creates or updates the given manifest returning the manifest digest.
+	Put(ctx context.Context, manifest distribution.Manifest, skipDependencyVerification bool) (digest.Digest, error)
+}
+
+// SkipLayerVerification allows a manifest to be Put before its
+// layers are on the filesystem
+func SkipLayerVerification() distribution.ManifestServiceOption {
+	return skipLayerOption{}
+}
+
+type skipLayerOption struct{}
+
+func (o skipLayerOption) Apply(m distribution.ManifestService) error {
+	if ms, ok := m.(*manifestStore); ok {
+		ms.skipDependencyVerification = true
+		return nil
+	}
+	return fmt.Errorf("skip layer verification only valid for manifestStore")
+}
+
+type manifestStore struct {
+	repository *repository
+	blobStore  *linkedBlobStore
+	ctx        context.Context
+
+	skipDependencyVerification bool
+
+	schema1Handler      ManifestHandler
+	schema2Handler      ManifestHandler
+	ocischemaHandler    ManifestHandler
+	manifestListHandler ManifestHandler
+}
+
+var _ distribution.ManifestService = &manifestStore{}
+
+func (ms *manifestStore) Exists(ctx context.Context, dgst digest.Digest) (bool, error) {
+	dcontext.GetLogger(ms.ctx).Debug("(*manifestStore).Exists")
+
+	_, err := ms.blobStore.Stat(ms.ctx, dgst)
+	if err != nil {
+		if err == distribution.ErrBlobUnknown {
+			return false, nil
+		}
+
+		return false, err
+	}
+
+	return true, nil
+}
+
+func (ms *manifestStore) Get(ctx context.Context, dgst digest.Digest, options ...distribution.ManifestServiceOption) (distribution.Manifest, error) {
+	dcontext.GetLogger(ms.ctx).Debug("(*manifestStore).Get")
+
+	// TODO(stevvooe): Need to check descriptor from above to ensure that the
+	// mediatype is as we expect for the manifest store.
+
+	content, err := ms.blobStore.Get(ctx, dgst)
+	if err != nil {
+		if err == distribution.ErrBlobUnknown {
+			return nil, distribution.ErrManifestUnknownRevision{
+				Name:     ms.repository.Named().Name(),
+				Revision: dgst,
+			}
+		}
+
+		return nil, err
+	}
+
+	var versioned manifest.Versioned
+	if err = json.Unmarshal(content, &versioned); err != nil {
+		return nil, err
+	}
+
+	switch versioned.SchemaVersion {
+	case 1:
+		return ms.schema1Handler.Unmarshal(ctx, dgst, content)
+	case 2:
+		// This can be an image manifest or a manifest list
+		switch versioned.MediaType {
+		case schema2.MediaTypeManifest:
+			return ms.schema2Handler.Unmarshal(ctx, dgst, content)
+		case v1.MediaTypeImageManifest:
+			return ms.ocischemaHandler.Unmarshal(ctx, dgst, content)
+		case manifestlist.MediaTypeManifestList, v1.MediaTypeImageIndex:
+			return ms.manifestListHandler.Unmarshal(ctx, dgst, content)
+		case "":
+			// OCI image or image index - no media type in the content
+
+			// First see if it looks like an image index
+			res, err := ms.manifestListHandler.Unmarshal(ctx, dgst, content)
+			resIndex := res.(*manifestlist.DeserializedManifestList)
+			if err == nil && resIndex.Manifests != nil {
+				return resIndex, nil
+			}
+
+			// Otherwise, assume it must be an image manifest
+			return ms.ocischemaHandler.Unmarshal(ctx, dgst, content)
+		default:
+			return nil, distribution.ErrManifestVerification{fmt.Errorf("unrecognized manifest content type %s", versioned.MediaType)}
+		}
+	}
+
+	return nil, fmt.Errorf("unrecognized manifest schema version %d", versioned.SchemaVersion)
+}
+
+func (ms *manifestStore) Put(ctx context.Context, manifest distribution.Manifest, options ...distribution.ManifestServiceOption) (digest.Digest, error) {
+	dcontext.GetLogger(ms.ctx).Debug("(*manifestStore).Put")
+
+	switch manifest.(type) {
+	case *schema1.SignedManifest:
+		return ms.schema1Handler.Put(ctx, manifest, ms.skipDependencyVerification)
+	case *schema2.DeserializedManifest:
+		return ms.schema2Handler.Put(ctx, manifest, ms.skipDependencyVerification)
+	case *ocischema.DeserializedManifest:
+		return ms.ocischemaHandler.Put(ctx, manifest, ms.skipDependencyVerification)
+	case *manifestlist.DeserializedManifestList:
+		return ms.manifestListHandler.Put(ctx, manifest, ms.skipDependencyVerification)
+	}
+
+	return "", fmt.Errorf("unrecognized manifest type %T", manifest)
+}
+
+// Delete removes the revision of the specified manifest.
+func (ms *manifestStore) Delete(ctx context.Context, dgst digest.Digest) error {
+	dcontext.GetLogger(ms.ctx).Debug("(*manifestStore).Delete")
+	return ms.blobStore.Delete(ctx, dgst)
+}
+
+func (ms *manifestStore) Enumerate(ctx context.Context, ingester func(digest.Digest) error) error {
+	err := ms.blobStore.Enumerate(ctx, func(dgst digest.Digest) error {
+		err := ingester(dgst)
+		if err != nil {
+			return err
+		}
+		return nil
+	})
+	return err
+}
diff --git a/vendor/github.com/docker/distribution/registry/storage/ocimanifesthandler.go b/vendor/github.com/docker/distribution/registry/storage/ocimanifesthandler.go
new file mode 100644
index 000000000..6fa499fe7
--- /dev/null
+++ b/vendor/github.com/docker/distribution/registry/storage/ocimanifesthandler.go
@@ -0,0 +1,133 @@
+package storage
+
+import (
+	"context"
+	"fmt"
+	"net/url"
+
+	"github.com/docker/distribution"
+	dcontext "github.com/docker/distribution/context"
+	"github.com/docker/distribution/manifest/ocischema"
+	"github.com/opencontainers/go-digest"
+	v1 "github.com/opencontainers/image-spec/specs-go/v1"
+)
+
+// ocischemaManifestHandler is a ManifestHandler that covers ocischema manifests.
+type ocischemaManifestHandler struct {
+	repository   distribution.Repository
+	blobStore    distribution.BlobStore
+	ctx          context.Context
+	manifestURLs manifestURLs
+}
+
+var _ ManifestHandler = &ocischemaManifestHandler{}
+
+func (ms *ocischemaManifestHandler) Unmarshal(ctx context.Context, dgst digest.Digest, content []byte) (distribution.Manifest, error) {
+	dcontext.GetLogger(ms.ctx).Debug("(*ocischemaManifestHandler).Unmarshal")
+
+	m := &ocischema.DeserializedManifest{}
+	if err := m.UnmarshalJSON(content); err != nil {
+		return nil, err
+	}
+
+	return m, nil
+}
+
+func (ms *ocischemaManifestHandler) Put(ctx context.Context, manifest distribution.Manifest, skipDependencyVerification bool) (digest.Digest, error) {
+	dcontext.GetLogger(ms.ctx).Debug("(*ocischemaManifestHandler).Put")
+
+	m, ok := manifest.(*ocischema.DeserializedManifest)
+	if !ok {
+		return "", fmt.Errorf("non-ocischema manifest put to ocischemaManifestHandler: %T", manifest)
+	}
+
+	if err := ms.verifyManifest(ms.ctx, *m, skipDependencyVerification); err != nil {
+		return "", err
+	}
+
+	mt, payload, err := m.Payload()
+	if err != nil {
+		return "", err
+	}
+
+	revision, err := ms.blobStore.Put(ctx, mt, payload)
+	if err != nil {
+		dcontext.GetLogger(ctx).Errorf("error putting payload into blobstore: %v", err)
+		return "", err
+	}
+
+	return revision.Digest, nil
+}
+
+// verifyManifest ensures that the manifest content is valid from the
+// perspective of the registry. As a policy, the registry only tries to store
+// valid content, leaving trust policies of that content up to consumers.
+func (ms *ocischemaManifestHandler) verifyManifest(ctx context.Context, mnfst ocischema.DeserializedManifest, skipDependencyVerification bool) error {
+	var errs distribution.ErrManifestVerification
+
+	if mnfst.Manifest.SchemaVersion != 2 {
+		return fmt.Errorf("unrecognized manifest schema version %d", mnfst.Manifest.SchemaVersion)
+	}
+
+	if skipDependencyVerification {
+		return nil
+	}
+
+	manifestService, err := ms.repository.Manifests(ctx)
+	if err != nil {
+		return err
+	}
+
+	blobsService := ms.repository.Blobs(ctx)
+
+	for _, descriptor := range mnfst.References() {
+		var err error
+
+		switch descriptor.MediaType {
+		case v1.MediaTypeImageLayer, v1.MediaTypeImageLayerGzip, v1.MediaTypeImageLayerNonDistributable, v1.MediaTypeImageLayerNonDistributableGzip:
+			allow := ms.manifestURLs.allow
+			deny := ms.manifestURLs.deny
+			for _, u := range descriptor.URLs {
+				var pu *url.URL
+				pu, err = url.Parse(u)
+				if err != nil || (pu.Scheme != "http" && pu.Scheme != "https") || pu.Fragment != "" || (allow != nil && !allow.MatchString(u)) || (deny != nil && deny.MatchString(u)) {
+					err = errInvalidURL
+					break
+				}
+			}
+			if err == nil && len(descriptor.URLs) == 0 {
+				// If no URLs, require that the blob exists
+				_, err = blobsService.Stat(ctx, descriptor.Digest)
+			}
+
+		case v1.MediaTypeImageManifest:
+			var exists bool
+			exists, err = manifestService.Exists(ctx, descriptor.Digest)
+			if err != nil || !exists {
+				err = distribution.ErrBlobUnknown // just coerce to unknown.
+			}
+
+			fallthrough // double check the blob store.
+		default:
+			// forward all else to blob storage
+			if len(descriptor.URLs) == 0 {
+				_, err = blobsService.Stat(ctx, descriptor.Digest)
+			}
+		}
+
+		if err != nil {
+			if err != distribution.ErrBlobUnknown {
+				errs = append(errs, err)
+			}
+
+			// On error here, we always append unknown blob errors.
+			errs = append(errs, distribution.ErrManifestBlobUnknown{Digest: descriptor.Digest})
+		}
+	}
+
+	if len(errs) != 0 {
+		return errs
+	}
+
+	return nil
+}
diff --git a/vendor/github.com/docker/distribution/registry/storage/paths.go b/vendor/github.com/docker/distribution/registry/storage/paths.go
new file mode 100644
index 000000000..b8f327267
--- /dev/null
+++ b/vendor/github.com/docker/distribution/registry/storage/paths.go
@@ -0,0 +1,476 @@
+package storage
+
+import (
+	"fmt"
+	"path"
+	"strings"
+
+	"github.com/opencontainers/go-digest"
+)
+
+const (
+	storagePathVersion = "v2"                // fixed storage layout version
+	storagePathRoot    = "/docker/registry/" // all driver paths have a prefix
+
+	// TODO(stevvooe): Get rid of the "storagePathRoot". Initially, we though
+	// storage path root would configurable for all drivers through this
+	// package. In reality, we've found it simpler to do this on a per driver
+	// basis.
+)
+
+// pathFor maps paths based on "object names" and their ids. The "object
+// names" mapped by are internal to the storage system.
+//
+// The path layout in the storage backend is roughly as follows:
+//
+//	<root>/v2
+//		-> repositories/
+//			-><name>/
+//				-> _manifests/
+//					revisions
+//						-> <manifest digest path>
+//							-> link
+//					tags/<tag>
+//						-> current/link
+//						-> index
+//							-> <algorithm>/<hex digest>/link
+//				-> _layers/
+//					<layer links to blob store>
+//				-> _uploads/<id>
+//					data
+//					startedat
+//					hashstates/<algorithm>/<offset>
+//		-> blob/<algorithm>
+//			<split directory content addressable storage>
+//
+// The storage backend layout is broken up into a content-addressable blob
+// store and repositories. The content-addressable blob store holds most data
+// throughout the backend, keyed by algorithm and digests of the underlying
+// content. Access to the blob store is controlled through links from the
+// repository to blobstore.
+//
+// A repository is made up of layers, manifests and tags. The layers component
+// is just a directory of layers which are "linked" into a repository. A layer
+// can only be accessed through a qualified repository name if it is linked in
+// the repository. Uploads of layers are managed in the uploads directory,
+// which is key by upload id. When all data for an upload is received, the
+// data is moved into the blob store and the upload directory is deleted.
+// Abandoned uploads can be garbage collected by reading the startedat file
+// and removing uploads that have been active for longer than a certain time.
+//
+// The third component of the repository directory is the manifests store,
+// which is made up of a revision store and tag store. Manifests are stored in
+// the blob store and linked into the revision store.
+// While the registry can save all revisions of a manifest, no relationship is
+// implied as to the ordering of changes to a manifest. The tag store provides
+// support for name, tag lookups of manifests, using "current/link" under a
+// named tag directory. An index is maintained to support deletions of all
+// revisions of a given manifest tag.
+//
+// We cover the path formats implemented by this path mapper below.
+//
+//	Manifests:
+//
+//	manifestRevisionsPathSpec:      <root>/v2/repositories/<name>/_manifests/revisions/
+//	manifestRevisionPathSpec:      <root>/v2/repositories/<name>/_manifests/revisions/<algorithm>/<hex digest>/
+//	manifestRevisionLinkPathSpec:  <root>/v2/repositories/<name>/_manifests/revisions/<algorithm>/<hex digest>/link
+//
+//	Tags:
+//
+//	manifestTagsPathSpec:                  <root>/v2/repositories/<name>/_manifests/tags/
+//	manifestTagPathSpec:                   <root>/v2/repositories/<name>/_manifests/tags/<tag>/
+//	manifestTagCurrentPathSpec:            <root>/v2/repositories/<name>/_manifests/tags/<tag>/current/link
+//	manifestTagIndexPathSpec:              <root>/v2/repositories/<name>/_manifests/tags/<tag>/index/
+//	manifestTagIndexEntryPathSpec:         <root>/v2/repositories/<name>/_manifests/tags/<tag>/index/<algorithm>/<hex digest>/
+//	manifestTagIndexEntryLinkPathSpec:     <root>/v2/repositories/<name>/_manifests/tags/<tag>/index/<algorithm>/<hex digest>/link
+//
+//	Blobs:
+//
+//	layerLinkPathSpec:            <root>/v2/repositories/<name>/_layers/<algorithm>/<hex digest>/link
+//
+//	Uploads:
+//
+//	uploadDataPathSpec:             <root>/v2/repositories/<name>/_uploads/<id>/data
+//	uploadStartedAtPathSpec:        <root>/v2/repositories/<name>/_uploads/<id>/startedat
+//	uploadHashStatePathSpec:        <root>/v2/repositories/<name>/_uploads/<id>/hashstates/<algorithm>/<offset>
+//
+//	Blob Store:
+//
+//	blobsPathSpec:                  <root>/v2/blobs/
+//	blobPathSpec:                   <root>/v2/blobs/<algorithm>/<first two hex bytes of digest>/<hex digest>
+//	blobDataPathSpec:               <root>/v2/blobs/<algorithm>/<first two hex bytes of digest>/<hex digest>/data
+//	blobMediaTypePathSpec:               <root>/v2/blobs/<algorithm>/<first two hex bytes of digest>/<hex digest>/data
+//
+// For more information on the semantic meaning of each path and their
+// contents, please see the path spec documentation.
+func pathFor(spec pathSpec) (string, error) {
+
+	// Switch on the path object type and return the appropriate path. At
+	// first glance, one may wonder why we don't use an interface to
+	// accomplish this. By keep the formatting separate from the pathSpec, we
+	// keep separate the path generation componentized. These specs could be
+	// passed to a completely different mapper implementation and generate a
+	// different set of paths.
+	//
+	// For example, imagine migrating from one backend to the other: one could
+	// build a filesystem walker that converts a string path in one version,
+	// to an intermediate path object, than can be consumed and mapped by the
+	// other version.
+
+	rootPrefix := []string{storagePathRoot, storagePathVersion}
+	repoPrefix := append(rootPrefix, "repositories")
+
+	switch v := spec.(type) {
+
+	case manifestRevisionsPathSpec:
+		return path.Join(append(repoPrefix, v.name, "_manifests", "revisions")...), nil
+
+	case manifestRevisionPathSpec:
+		components, err := digestPathComponents(v.revision, false)
+		if err != nil {
+			return "", err
+		}
+
+		return path.Join(append(append(repoPrefix, v.name, "_manifests", "revisions"), components...)...), nil
+	case manifestRevisionLinkPathSpec:
+		root, err := pathFor(manifestRevisionPathSpec(v))
+
+		if err != nil {
+			return "", err
+		}
+
+		return path.Join(root, "link"), nil
+	case manifestTagsPathSpec:
+		return path.Join(append(repoPrefix, v.name, "_manifests", "tags")...), nil
+	case manifestTagPathSpec:
+		root, err := pathFor(manifestTagsPathSpec{
+			name: v.name,
+		})
+
+		if err != nil {
+			return "", err
+		}
+
+		return path.Join(root, v.tag), nil
+	case manifestTagCurrentPathSpec:
+		root, err := pathFor(manifestTagPathSpec(v))
+
+		if err != nil {
+			return "", err
+		}
+
+		return path.Join(root, "current", "link"), nil
+	case manifestTagIndexPathSpec:
+		root, err := pathFor(manifestTagPathSpec(v))
+
+		if err != nil {
+			return "", err
+		}
+
+		return path.Join(root, "index"), nil
+	case manifestTagIndexEntryLinkPathSpec:
+		root, err := pathFor(manifestTagIndexEntryPathSpec(v))
+
+		if err != nil {
+			return "", err
+		}
+
+		return path.Join(root, "link"), nil
+	case manifestTagIndexEntryPathSpec:
+		root, err := pathFor(manifestTagIndexPathSpec{
+			name: v.name,
+			tag:  v.tag,
+		})
+
+		if err != nil {
+			return "", err
+		}
+
+		components, err := digestPathComponents(v.revision, false)
+		if err != nil {
+			return "", err
+		}
+
+		return path.Join(root, path.Join(components...)), nil
+	case layerLinkPathSpec:
+		components, err := digestPathComponents(v.digest, false)
+		if err != nil {
+			return "", err
+		}
+
+		// TODO(stevvooe): Right now, all blobs are linked under "_layers". If
+		// we have future migrations, we may want to rename this to "_blobs".
+		// A migration strategy would simply leave existing items in place and
+		// write the new paths, commit a file then delete the old files.
+
+		blobLinkPathComponents := append(repoPrefix, v.name, "_layers")
+
+		return path.Join(path.Join(append(blobLinkPathComponents, components...)...), "link"), nil
+	case blobsPathSpec:
+		blobsPathPrefix := append(rootPrefix, "blobs")
+		return path.Join(blobsPathPrefix...), nil
+	case blobPathSpec:
+		components, err := digestPathComponents(v.digest, true)
+		if err != nil {
+			return "", err
+		}
+
+		blobPathPrefix := append(rootPrefix, "blobs")
+		return path.Join(append(blobPathPrefix, components...)...), nil
+	case blobDataPathSpec:
+		components, err := digestPathComponents(v.digest, true)
+		if err != nil {
+			return "", err
+		}
+
+		components = append(components, "data")
+		blobPathPrefix := append(rootPrefix, "blobs")
+		return path.Join(append(blobPathPrefix, components...)...), nil
+
+	case uploadDataPathSpec:
+		return path.Join(append(repoPrefix, v.name, "_uploads", v.id, "data")...), nil
+	case uploadStartedAtPathSpec:
+		return path.Join(append(repoPrefix, v.name, "_uploads", v.id, "startedat")...), nil
+	case uploadHashStatePathSpec:
+		offset := fmt.Sprintf("%d", v.offset)
+		if v.list {
+			offset = "" // Limit to the prefix for listing offsets.
+		}
+		return path.Join(append(repoPrefix, v.name, "_uploads", v.id, "hashstates", string(v.alg), offset)...), nil
+	case repositoriesRootPathSpec:
+		return path.Join(repoPrefix...), nil
+	default:
+		// TODO(sday): This is an internal error. Ensure it doesn't escape (panic?).
+		return "", fmt.Errorf("unknown path spec: %#v", v)
+	}
+}
+
+// pathSpec is a type to mark structs as path specs. There is no
+// implementation because we'd like to keep the specs and the mappers
+// decoupled.
+type pathSpec interface {
+	pathSpec()
+}
+
+// manifestRevisionsPathSpec describes the directory path for
+// a manifest revision.
+type manifestRevisionsPathSpec struct {
+	name string
+}
+
+func (manifestRevisionsPathSpec) pathSpec() {}
+
+// manifestRevisionPathSpec describes the components of the directory path for
+// a manifest revision.
+type manifestRevisionPathSpec struct {
+	name     string
+	revision digest.Digest
+}
+
+func (manifestRevisionPathSpec) pathSpec() {}
+
+// manifestRevisionLinkPathSpec describes the path components required to look
+// up the data link for a revision of a manifest. If this file is not present,
+// the manifest blob is not available in the given repo. The contents of this
+// file should just be the digest.
+type manifestRevisionLinkPathSpec struct {
+	name     string
+	revision digest.Digest
+}
+
+func (manifestRevisionLinkPathSpec) pathSpec() {}
+
+// manifestTagsPathSpec describes the path elements required to point to the
+// manifest tags directory.
+type manifestTagsPathSpec struct {
+	name string
+}
+
+func (manifestTagsPathSpec) pathSpec() {}
+
+// manifestTagPathSpec describes the path elements required to point to the
+// manifest tag links files under a repository. These contain a blob id that
+// can be used to look up the data and signatures.
+type manifestTagPathSpec struct {
+	name string
+	tag  string
+}
+
+func (manifestTagPathSpec) pathSpec() {}
+
+// manifestTagCurrentPathSpec describes the link to the current revision for a
+// given tag.
+type manifestTagCurrentPathSpec struct {
+	name string
+	tag  string
+}
+
+func (manifestTagCurrentPathSpec) pathSpec() {}
+
+// manifestTagCurrentPathSpec describes the link to the index of revisions
+// with the given tag.
+type manifestTagIndexPathSpec struct {
+	name string
+	tag  string
+}
+
+func (manifestTagIndexPathSpec) pathSpec() {}
+
+// manifestTagIndexEntryPathSpec contains the entries of the index by revision.
+type manifestTagIndexEntryPathSpec struct {
+	name     string
+	tag      string
+	revision digest.Digest
+}
+
+func (manifestTagIndexEntryPathSpec) pathSpec() {}
+
+// manifestTagIndexEntryLinkPathSpec describes the link to a revisions of a
+// manifest with given tag within the index.
+type manifestTagIndexEntryLinkPathSpec struct {
+	name     string
+	tag      string
+	revision digest.Digest
+}
+
+func (manifestTagIndexEntryLinkPathSpec) pathSpec() {}
+
+// blobLinkPathSpec specifies a path for a blob link, which is a file with a
+// blob id. The blob link will contain a content addressable blob id reference
+// into the blob store. The format of the contents is as follows:
+//
+//	<algorithm>:<hex digest of layer data>
+//
+// The following example of the file contents is more illustrative:
+//
+//	sha256:96443a84ce518ac22acb2e985eda402b58ac19ce6f91980bde63726a79d80b36
+//
+// This  indicates that there is a blob with the id/digest, calculated via
+// sha256 that can be fetched from the blob store.
+type layerLinkPathSpec struct {
+	name   string
+	digest digest.Digest
+}
+
+func (layerLinkPathSpec) pathSpec() {}
+
+// blobAlgorithmReplacer does some very simple path sanitization for user
+// input. Paths should be "safe" before getting this far due to strict digest
+// requirements but we can add further path conversion here, if needed.
+var blobAlgorithmReplacer = strings.NewReplacer(
+	"+", "/",
+	".", "/",
+	";", "/",
+)
+
+// blobsPathSpec contains the path for the blobs directory
+type blobsPathSpec struct{}
+
+func (blobsPathSpec) pathSpec() {}
+
+// blobPathSpec contains the path for the registry global blob store.
+type blobPathSpec struct {
+	digest digest.Digest
+}
+
+func (blobPathSpec) pathSpec() {}
+
+// blobDataPathSpec contains the path for the registry global blob store. For
+// now, this contains layer data, exclusively.
+type blobDataPathSpec struct {
+	digest digest.Digest
+}
+
+func (blobDataPathSpec) pathSpec() {}
+
+// uploadDataPathSpec defines the path parameters of the data file for
+// uploads.
+type uploadDataPathSpec struct {
+	name string
+	id   string
+}
+
+func (uploadDataPathSpec) pathSpec() {}
+
+// uploadDataPathSpec defines the path parameters for the file that stores the
+// start time of an uploads. If it is missing, the upload is considered
+// unknown. Admittedly, the presence of this file is an ugly hack to make sure
+// we have a way to cleanup old or stalled uploads that doesn't rely on driver
+// FileInfo behavior. If we come up with a more clever way to do this, we
+// should remove this file immediately and rely on the startetAt field from
+// the client to enforce time out policies.
+type uploadStartedAtPathSpec struct {
+	name string
+	id   string
+}
+
+func (uploadStartedAtPathSpec) pathSpec() {}
+
+// uploadHashStatePathSpec defines the path parameters for the file that stores
+// the hash function state of an upload at a specific byte offset. If `list` is
+// set, then the path mapper will generate a list prefix for all hash state
+// offsets for the upload identified by the name, id, and alg.
+type uploadHashStatePathSpec struct {
+	name   string
+	id     string
+	alg    digest.Algorithm
+	offset int64
+	list   bool
+}
+
+func (uploadHashStatePathSpec) pathSpec() {}
+
+// repositoriesRootPathSpec returns the root of repositories
+type repositoriesRootPathSpec struct {
+}
+
+func (repositoriesRootPathSpec) pathSpec() {}
+
+// digestPathComponents provides a consistent path breakdown for a given
+// digest. For a generic digest, it will be as follows:
+//
+//	<algorithm>/<hex digest>
+//
+// If multilevel is true, the first two bytes of the digest will separate
+// groups of digest folder. It will be as follows:
+//
+//	<algorithm>/<first two bytes of digest>/<full digest>
+func digestPathComponents(dgst digest.Digest, multilevel bool) ([]string, error) {
+	if err := dgst.Validate(); err != nil {
+		return nil, err
+	}
+
+	algorithm := blobAlgorithmReplacer.Replace(string(dgst.Algorithm()))
+	hex := dgst.Hex()
+	prefix := []string{algorithm}
+
+	var suffix []string
+
+	if multilevel {
+		suffix = append(suffix, hex[:2])
+	}
+
+	suffix = append(suffix, hex)
+
+	return append(prefix, suffix...), nil
+}
+
+// Reconstructs a digest from a path
+func digestFromPath(digestPath string) (digest.Digest, error) {
+
+	digestPath = strings.TrimSuffix(digestPath, "/data")
+	dir, hex := path.Split(digestPath)
+	dir = path.Dir(dir)
+	dir, next := path.Split(dir)
+
+	// next is either the algorithm OR the first two characters in the hex string
+	var algo string
+	if next == hex[:2] {
+		algo = path.Base(dir)
+	} else {
+		algo = next
+	}
+
+	dgst := digest.NewDigestFromHex(algo, hex)
+	return dgst, dgst.Validate()
+}
diff --git a/vendor/github.com/docker/distribution/registry/storage/purgeuploads.go b/vendor/github.com/docker/distribution/registry/storage/purgeuploads.go
new file mode 100644
index 000000000..cac921210
--- /dev/null
+++ b/vendor/github.com/docker/distribution/registry/storage/purgeuploads.go
@@ -0,0 +1,139 @@
+package storage
+
+import (
+	"context"
+	"path"
+	"strings"
+	"time"
+
+	storageDriver "github.com/docker/distribution/registry/storage/driver"
+	"github.com/docker/distribution/uuid"
+	"github.com/sirupsen/logrus"
+)
+
+// uploadData stored the location of temporary files created during a layer upload
+// along with the date the upload was started
+type uploadData struct {
+	containingDir string
+	startedAt     time.Time
+}
+
+func newUploadData() uploadData {
+	return uploadData{
+		containingDir: "",
+		// default to far in future to protect against missing startedat
+		startedAt: time.Now().Add(10000 * time.Hour),
+	}
+}
+
+// PurgeUploads deletes files from the upload directory
+// created before olderThan.  The list of files deleted and errors
+// encountered are returned
+func PurgeUploads(ctx context.Context, driver storageDriver.StorageDriver, olderThan time.Time, actuallyDelete bool) ([]string, []error) {
+	logrus.Infof("PurgeUploads starting: olderThan=%s, actuallyDelete=%t", olderThan, actuallyDelete)
+	uploadData, errors := getOutstandingUploads(ctx, driver)
+	var deleted []string
+	for _, uploadData := range uploadData {
+		if uploadData.startedAt.Before(olderThan) {
+			var err error
+			logrus.Infof("Upload files in %s have older date (%s) than purge date (%s).  Removing upload directory.",
+				uploadData.containingDir, uploadData.startedAt, olderThan)
+			if actuallyDelete {
+				err = driver.Delete(ctx, uploadData.containingDir)
+			}
+			if err == nil {
+				deleted = append(deleted, uploadData.containingDir)
+			} else {
+				errors = append(errors, err)
+			}
+		}
+	}
+
+	logrus.Infof("Purge uploads finished.  Num deleted=%d, num errors=%d", len(deleted), len(errors))
+	return deleted, errors
+}
+
+// getOutstandingUploads walks the upload directory, collecting files
+// which could be eligible for deletion.  The only reliable way to
+// classify the age of a file is with the date stored in the startedAt
+// file, so gather files by UUID with a date from startedAt.
+func getOutstandingUploads(ctx context.Context, driver storageDriver.StorageDriver) (map[string]uploadData, []error) {
+	var errors []error
+	uploads := make(map[string]uploadData)
+
+	inUploadDir := false
+	root, err := pathFor(repositoriesRootPathSpec{})
+	if err != nil {
+		return uploads, append(errors, err)
+	}
+
+	err = driver.Walk(ctx, root, func(fileInfo storageDriver.FileInfo) error {
+		filePath := fileInfo.Path()
+		_, file := path.Split(filePath)
+		if file[0] == '_' {
+			// Reserved directory
+			inUploadDir = (file == "_uploads")
+
+			if fileInfo.IsDir() && !inUploadDir {
+				return storageDriver.ErrSkipDir
+			}
+
+		}
+
+		uuid, isContainingDir := uuidFromPath(filePath)
+		if uuid == "" {
+			// Cannot reliably delete
+			return nil
+		}
+		ud, ok := uploads[uuid]
+		if !ok {
+			ud = newUploadData()
+		}
+		if isContainingDir {
+			ud.containingDir = filePath
+		}
+		if file == "startedat" {
+			if t, err := readStartedAtFile(driver, filePath); err == nil {
+				ud.startedAt = t
+			} else {
+				errors = pushError(errors, filePath, err)
+			}
+
+		}
+
+		uploads[uuid] = ud
+		return nil
+	})
+
+	if err != nil {
+		errors = pushError(errors, root, err)
+	}
+	return uploads, errors
+}
+
+// uuidFromPath extracts the upload UUID from a given path
+// If the UUID is the last path component, this is the containing
+// directory for all upload files
+func uuidFromPath(path string) (string, bool) {
+	components := strings.Split(path, "/")
+	for i := len(components) - 1; i >= 0; i-- {
+		if u, err := uuid.Parse(components[i]); err == nil {
+			return u.String(), i == len(components)-1
+		}
+	}
+	return "", false
+}
+
+// readStartedAtFile reads the date from an upload's startedAtFile
+func readStartedAtFile(driver storageDriver.StorageDriver, path string) (time.Time, error) {
+	// todo:(richardscothern) - pass in a context
+	startedAtBytes, err := driver.GetContent(context.Background(), path)
+	if err != nil {
+		return time.Now(), err
+	}
+	startedAt, err := time.Parse(time.RFC3339, string(startedAtBytes))
+	if err != nil {
+		return time.Now(), err
+	}
+	return startedAt, nil
+}
diff --git a/vendor/github.com/docker/distribution/registry/storage/registry.go b/vendor/github.com/docker/distribution/registry/storage/registry.go
new file mode 100644
index 000000000..7e932ab9a
--- /dev/null
+++ b/vendor/github.com/docker/distribution/registry/storage/registry.go
@@ -0,0 +1,336 @@
+package storage
+
+import (
+	"context"
+	"regexp"
+
+	"github.com/docker/distribution"
+	"github.com/docker/distribution/reference"
+	"github.com/docker/distribution/registry/storage/cache"
+	storagedriver "github.com/docker/distribution/registry/storage/driver"
+	"github.com/docker/libtrust"
+)
+
+// registry is the top-level implementation of Registry for use in the storage
+// package. All instances should descend from this object.
+type registry struct {
+	blobStore                    *blobStore
+	blobServer                   *blobServer
+	statter                      *blobStatter // global statter service.
+	blobDescriptorCacheProvider  cache.BlobDescriptorCacheProvider
+	deleteEnabled                bool
+	schema1Enabled               bool
+	resumableDigestEnabled       bool
+	schema1SigningKey            libtrust.PrivateKey
+	blobDescriptorServiceFactory distribution.BlobDescriptorServiceFactory
+	manifestURLs                 manifestURLs
+	driver                       storagedriver.StorageDriver
+}
+
+// manifestURLs holds regular expressions for controlling manifest URL whitelisting
+type manifestURLs struct {
+	allow *regexp.Regexp
+	deny  *regexp.Regexp
+}
+
+// RegistryOption is the type used for functional options for NewRegistry.
+type RegistryOption func(*registry) error
+
+// EnableRedirect is a functional option for NewRegistry. It causes the backend
+// blob server to attempt using (StorageDriver).URLFor to serve all blobs.
+func EnableRedirect(registry *registry) error {
+	registry.blobServer.redirect = true
+	return nil
+}
+
+// EnableDelete is a functional option for NewRegistry. It enables deletion on
+// the registry.
+func EnableDelete(registry *registry) error {
+	registry.deleteEnabled = true
+	return nil
+}
+
+// EnableSchema1 is a functional option for NewRegistry. It enables pushing of
+// schema1 manifests.
+func EnableSchema1(registry *registry) error {
+	registry.schema1Enabled = true
+	return nil
+}
+
+// DisableDigestResumption is a functional option for NewRegistry. It should be
+// used if the registry is acting as a caching proxy.
+func DisableDigestResumption(registry *registry) error {
+	registry.resumableDigestEnabled = false
+	return nil
+}
+
+// ManifestURLsAllowRegexp is a functional option for NewRegistry.
+func ManifestURLsAllowRegexp(r *regexp.Regexp) RegistryOption {
+	return func(registry *registry) error {
+		registry.manifestURLs.allow = r
+		return nil
+	}
+}
+
+// ManifestURLsDenyRegexp is a functional option for NewRegistry.
+func ManifestURLsDenyRegexp(r *regexp.Regexp) RegistryOption {
+	return func(registry *registry) error {
+		registry.manifestURLs.deny = r
+		return nil
+	}
+}
+
+// Schema1SigningKey returns a functional option for NewRegistry. It sets the
+// key for signing  all schema1 manifests.
+func Schema1SigningKey(key libtrust.PrivateKey) RegistryOption {
+	return func(registry *registry) error {
+		registry.schema1SigningKey = key
+		return nil
+	}
+}
+
+// BlobDescriptorServiceFactory returns a functional option for NewRegistry. It sets the
+// factory to create BlobDescriptorServiceFactory middleware.
+func BlobDescriptorServiceFactory(factory distribution.BlobDescriptorServiceFactory) RegistryOption {
+	return func(registry *registry) error {
+		registry.blobDescriptorServiceFactory = factory
+		return nil
+	}
+}
+
+// BlobDescriptorCacheProvider returns a functional option for
+// NewRegistry. It creates a cached blob statter for use by the
+// registry.
+func BlobDescriptorCacheProvider(blobDescriptorCacheProvider cache.BlobDescriptorCacheProvider) RegistryOption {
+	// TODO(aaronl): The duplication of statter across several objects is
+	// ugly, and prevents us from using interface types in the registry
+	// struct. Ideally, blobStore and blobServer should be lazily
+	// initialized, and use the current value of
+	// blobDescriptorCacheProvider.
+	return func(registry *registry) error {
+		if blobDescriptorCacheProvider != nil {
+			statter := cache.NewCachedBlobStatter(blobDescriptorCacheProvider, registry.statter)
+			registry.blobStore.statter = statter
+			registry.blobServer.statter = statter
+			registry.blobDescriptorCacheProvider = blobDescriptorCacheProvider
+		}
+		return nil
+	}
+}
+
+// NewRegistry creates a new registry instance from the provided driver. The
+// resulting registry may be shared by multiple goroutines but is cheap to
+// allocate. If the Redirect option is specified, the backend blob server will
+// attempt to use (StorageDriver).URLFor to serve all blobs.
+func NewRegistry(ctx context.Context, driver storagedriver.StorageDriver, options ...RegistryOption) (distribution.Namespace, error) {
+	// create global statter
+	statter := &blobStatter{
+		driver: driver,
+	}
+
+	bs := &blobStore{
+		driver:  driver,
+		statter: statter,
+	}
+
+	registry := &registry{
+		blobStore: bs,
+		blobServer: &blobServer{
+			driver:  driver,
+			statter: statter,
+			pathFn:  bs.path,
+		},
+		statter:                statter,
+		resumableDigestEnabled: true,
+		driver:                 driver,
+	}
+
+	for _, option := range options {
+		if err := option(registry); err != nil {
+			return nil, err
+		}
+	}
+
+	return registry, nil
+}
+
+// Scope returns the namespace scope for a registry. The registry
+// will only serve repositories contained within this scope.
+func (reg *registry) Scope() distribution.Scope {
+	return distribution.GlobalScope
+}
+
+// Repository returns an instance of the repository tied to the registry.
+// Instances should not be shared between goroutines but are cheap to
+// allocate. In general, they should be request scoped.
+func (reg *registry) Repository(ctx context.Context, canonicalName reference.Named) (distribution.Repository, error) {
+	var descriptorCache distribution.BlobDescriptorService
+	if reg.blobDescriptorCacheProvider != nil {
+		var err error
+		descriptorCache, err = reg.blobDescriptorCacheProvider.RepositoryScoped(canonicalName.Name())
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	return &repository{
+		ctx:             ctx,
+		registry:        reg,
+		name:            canonicalName,
+		descriptorCache: descriptorCache,
+	}, nil
+}
+
+func (reg *registry) Blobs() distribution.BlobEnumerator {
+	return reg.blobStore
+}
+
+func (reg *registry) BlobStatter() distribution.BlobStatter {
+	return reg.statter
+}
+
+// repository provides name-scoped access to various services.
+type repository struct {
+	*registry
+	ctx             context.Context
+	name            reference.Named
+	descriptorCache distribution.BlobDescriptorService
+}
+
+// Name returns the name of the repository.
+func (repo *repository) Named() reference.Named {
+	return repo.name
+}
+
+func (repo *repository) Tags(ctx context.Context) distribution.TagService {
+	tags := &tagStore{
+		repository: repo,
+		blobStore:  repo.registry.blobStore,
+	}
+
+	return tags
+}
+
+// Manifests returns an instance of ManifestService. Instantiation is cheap and
+// may be context sensitive in the future. The instance should be used similar
+// to a request local.
+func (repo *repository) Manifests(ctx context.Context, options ...distribution.ManifestServiceOption) (distribution.ManifestService, error) {
+	manifestLinkPathFns := []linkPathFunc{
+		// NOTE(stevvooe): Need to search through multiple locations since
+		// 2.1.0 unintentionally linked into  _layers.
+		manifestRevisionLinkPath,
+		blobLinkPath,
+	}
+
+	manifestDirectoryPathSpec := manifestRevisionsPathSpec{name: repo.name.Name()}
+
+	var statter distribution.BlobDescriptorService = &linkedBlobStatter{
+		blobStore:   repo.blobStore,
+		repository:  repo,
+		linkPathFns: manifestLinkPathFns,
+	}
+
+	if repo.registry.blobDescriptorServiceFactory != nil {
+		statter = repo.registry.blobDescriptorServiceFactory.BlobAccessController(statter)
+	}
+
+	blobStore := &linkedBlobStore{
+		ctx:                  ctx,
+		blobStore:            repo.blobStore,
+		repository:           repo,
+		deleteEnabled:        repo.registry.deleteEnabled,
+		blobAccessController: statter,
+
+		// TODO(stevvooe): linkPath limits this blob store to only
+		// manifests. This instance cannot be used for blob checks.
+		linkPathFns:           manifestLinkPathFns,
+		linkDirectoryPathSpec: manifestDirectoryPathSpec,
+	}
+
+	var v1Handler ManifestHandler
+	if repo.schema1Enabled {
+		v1Handler = &signedManifestHandler{
+			ctx:               ctx,
+			schema1SigningKey: repo.schema1SigningKey,
+			repository:        repo,
+			blobStore:         blobStore,
+		}
+	} else {
+		v1Handler = &v1UnsupportedHandler{
+			innerHandler: &signedManifestHandler{
+				ctx:               ctx,
+				schema1SigningKey: repo.schema1SigningKey,
+				repository:        repo,
+				blobStore:         blobStore,
+			},
+		}
+	}
+
+	ms := &manifestStore{
+		ctx:            ctx,
+		repository:     repo,
+		blobStore:      blobStore,
+		schema1Handler: v1Handler,
+		schema2Handler: &schema2ManifestHandler{
+			ctx:          ctx,
+			repository:   repo,
+			blobStore:    blobStore,
+			manifestURLs: repo.registry.manifestURLs,
+		},
+		manifestListHandler: &manifestListHandler{
+			ctx:        ctx,
+			repository: repo,
+			blobStore:  blobStore,
+		},
+		ocischemaHandler: &ocischemaManifestHandler{
+			ctx:          ctx,
+			repository:   repo,
+			blobStore:    blobStore,
+			manifestURLs: repo.registry.manifestURLs,
+		},
+	}
+
+	// Apply options
+	for _, option := range options {
+		err := option.Apply(ms)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	return ms, nil
+}
+
+// Blobs returns an instance of the BlobStore. Instantiation is cheap and
+// may be context sensitive in the future. The instance should be used similar
+// to a request local.
+func (repo *repository) Blobs(ctx context.Context) distribution.BlobStore {
+	var statter distribution.BlobDescriptorService = &linkedBlobStatter{
+		blobStore:   repo.blobStore,
+		repository:  repo,
+		linkPathFns: []linkPathFunc{blobLinkPath},
+	}
+
+	if repo.descriptorCache != nil {
+		statter = cache.NewCachedBlobStatter(repo.descriptorCache, statter)
+	}
+
+	if repo.registry.blobDescriptorServiceFactory != nil {
+		statter = repo.registry.blobDescriptorServiceFactory.BlobAccessController(statter)
+	}
+
+	return &linkedBlobStore{
+		registry:             repo.registry,
+		blobStore:            repo.blobStore,
+		blobServer:           repo.blobServer,
+		blobAccessController: statter,
+		repository:           repo,
+		ctx:                  ctx,
+
+		// TODO(stevvooe): linkPath limits this blob store to only layers.
+		// This instance cannot be used for manifest checks.
+		linkPathFns:            []linkPathFunc{blobLinkPath},
+		deleteEnabled:          repo.registry.deleteEnabled,
+		resumableDigestEnabled: repo.resumableDigestEnabled,
+	}
+}
diff --git a/vendor/github.com/docker/distribution/registry/storage/schema2manifesthandler.go b/vendor/github.com/docker/distribution/registry/storage/schema2manifesthandler.go
new file mode 100644
index 000000000..d9339403a
--- /dev/null
+++ b/vendor/github.com/docker/distribution/registry/storage/schema2manifesthandler.go
@@ -0,0 +1,139 @@
+package storage
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"net/url"
+
+	"github.com/docker/distribution"
+	dcontext "github.com/docker/distribution/context"
+	"github.com/docker/distribution/manifest/schema1"
+	"github.com/docker/distribution/manifest/schema2"
+	"github.com/opencontainers/go-digest"
+)
+
+var (
+	errMissingURL = errors.New("missing URL on layer")
+	errInvalidURL = errors.New("invalid URL on layer")
+)
+
+// schema2ManifestHandler is a ManifestHandler that covers schema2 manifests.
+type schema2ManifestHandler struct {
+	repository   distribution.Repository
+	blobStore    distribution.BlobStore
+	ctx          context.Context
+	manifestURLs manifestURLs
+}
+
+var _ ManifestHandler = &schema2ManifestHandler{}
+
+func (ms *schema2ManifestHandler) Unmarshal(ctx context.Context, dgst digest.Digest, content []byte) (distribution.Manifest, error) {
+	dcontext.GetLogger(ms.ctx).Debug("(*schema2ManifestHandler).Unmarshal")
+
+	m := &schema2.DeserializedManifest{}
+	if err := m.UnmarshalJSON(content); err != nil {
+		return nil, err
+	}
+
+	return m, nil
+}
+
+func (ms *schema2ManifestHandler) Put(ctx context.Context, manifest distribution.Manifest, skipDependencyVerification bool) (digest.Digest, error) {
+	dcontext.GetLogger(ms.ctx).Debug("(*schema2ManifestHandler).Put")
+
+	m, ok := manifest.(*schema2.DeserializedManifest)
+	if !ok {
+		return "", fmt.Errorf("non-schema2 manifest put to schema2ManifestHandler: %T", manifest)
+	}
+
+	if err := ms.verifyManifest(ms.ctx, *m, skipDependencyVerification); err != nil {
+		return "", err
+	}
+
+	mt, payload, err := m.Payload()
+	if err != nil {
+		return "", err
+	}
+
+	revision, err := ms.blobStore.Put(ctx, mt, payload)
+	if err != nil {
+		dcontext.GetLogger(ctx).Errorf("error putting payload into blobstore: %v", err)
+		return "", err
+	}
+
+	return revision.Digest, nil
+}
+
+// verifyManifest ensures that the manifest content is valid from the
+// perspective of the registry. As a policy, the registry only tries to store
+// valid content, leaving trust policies of that content up to consumers.
+func (ms *schema2ManifestHandler) verifyManifest(ctx context.Context, mnfst schema2.DeserializedManifest, skipDependencyVerification bool) error {
+	var errs distribution.ErrManifestVerification
+
+	if mnfst.Manifest.SchemaVersion != 2 {
+		return fmt.Errorf("unrecognized manifest schema version %d", mnfst.Manifest.SchemaVersion)
+	}
+
+	if skipDependencyVerification {
+		return nil
+	}
+
+	manifestService, err := ms.repository.Manifests(ctx)
+	if err != nil {
+		return err
+	}
+
+	blobsService := ms.repository.Blobs(ctx)
+
+	for _, descriptor := range mnfst.References() {
+		var err error
+
+		switch descriptor.MediaType {
+		case schema2.MediaTypeForeignLayer:
+			// Clients download this layer from an external URL, so do not check for
+			// its presence.
+			if len(descriptor.URLs) == 0 {
+				err = errMissingURL
+			}
+			allow := ms.manifestURLs.allow
+			deny := ms.manifestURLs.deny
+			for _, u := range descriptor.URLs {
+				var pu *url.URL
+				pu, err = url.Parse(u)
+				if err != nil || (pu.Scheme != "http" && pu.Scheme != "https") || pu.Fragment != "" || (allow != nil && !allow.MatchString(u)) || (deny != nil && deny.MatchString(u)) {
+					err = errInvalidURL
+					break
+				}
+			}
+		case schema2.MediaTypeManifest, schema1.MediaTypeManifest:
+			var exists bool
+			exists, err = manifestService.Exists(ctx, descriptor.Digest)
+			if err != nil || !exists {
+				err = distribution.ErrBlobUnknown // just coerce to unknown.
+			}
+
+			fallthrough // double check the blob store.
+		default:
+			// forward all else to blob storage
+			if len(descriptor.URLs) == 0 {
+				_, err = blobsService.Stat(ctx, descriptor.Digest)
+			}
+		}
+
+		if err != nil {
+			if err != distribution.ErrBlobUnknown {
+				errs = append(errs, err)
+			}
+
+			// On error here, we always append unknown blob errors.
+			errs = append(errs, distribution.ErrManifestBlobUnknown{Digest: descriptor.Digest})
+		}
+	}
+
+	if len(errs) != 0 {
+		return errs
+	}
+
+	return nil
+}
diff --git a/vendor/github.com/docker/distribution/registry/storage/signedmanifesthandler.go b/vendor/github.com/docker/distribution/registry/storage/signedmanifesthandler.go
new file mode 100644
index 000000000..f94ecbea5
--- /dev/null
+++ b/vendor/github.com/docker/distribution/registry/storage/signedmanifesthandler.go
@@ -0,0 +1,142 @@
+package storage
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+
+	"github.com/docker/distribution"
+	dcontext "github.com/docker/distribution/context"
+	"github.com/docker/distribution/manifest/schema1"
+	"github.com/docker/distribution/reference"
+	"github.com/docker/libtrust"
+	"github.com/opencontainers/go-digest"
+)
+
+// signedManifestHandler is a ManifestHandler that covers schema1 manifests. It
+// can unmarshal and put schema1 manifests that have been signed by libtrust.
+type signedManifestHandler struct {
+	repository        distribution.Repository
+	schema1SigningKey libtrust.PrivateKey
+	blobStore         distribution.BlobStore
+	ctx               context.Context
+}
+
+var _ ManifestHandler = &signedManifestHandler{}
+
+func (ms *signedManifestHandler) Unmarshal(ctx context.Context, dgst digest.Digest, content []byte) (distribution.Manifest, error) {
+	dcontext.GetLogger(ms.ctx).Debug("(*signedManifestHandler).Unmarshal")
+
+	var (
+		signatures [][]byte
+		err        error
+	)
+
+	jsig, err := libtrust.NewJSONSignature(content, signatures...)
+	if err != nil {
+		return nil, err
+	}
+
+	if ms.schema1SigningKey != nil {
+		if err := jsig.Sign(ms.schema1SigningKey); err != nil {
+			return nil, err
+		}
+	}
+
+	// Extract the pretty JWS
+	raw, err := jsig.PrettySignature("signatures")
+	if err != nil {
+		return nil, err
+	}
+
+	var sm schema1.SignedManifest
+	if err := json.Unmarshal(raw, &sm); err != nil {
+		return nil, err
+	}
+	return &sm, nil
+}
+
+func (ms *signedManifestHandler) Put(ctx context.Context, manifest distribution.Manifest, skipDependencyVerification bool) (digest.Digest, error) {
+	dcontext.GetLogger(ms.ctx).Debug("(*signedManifestHandler).Put")
+
+	sm, ok := manifest.(*schema1.SignedManifest)
+	if !ok {
+		return "", fmt.Errorf("non-schema1 manifest put to signedManifestHandler: %T", manifest)
+	}
+
+	if err := ms.verifyManifest(ms.ctx, *sm, skipDependencyVerification); err != nil {
+		return "", err
+	}
+
+	mt := schema1.MediaTypeManifest
+	payload := sm.Canonical
+
+	revision, err := ms.blobStore.Put(ctx, mt, payload)
+	if err != nil {
+		dcontext.GetLogger(ctx).Errorf("error putting payload into blobstore: %v", err)
+		return "", err
+	}
+
+	return revision.Digest, nil
+}
+
+// verifyManifest ensures that the manifest content is valid from the
+// perspective of the registry. It ensures that the signature is valid for the
+// enclosed payload. As a policy, the registry only tries to store valid
+// content, leaving trust policies of that content up to consumers.
+func (ms *signedManifestHandler) verifyManifest(ctx context.Context, mnfst schema1.SignedManifest, skipDependencyVerification bool) error {
+	var errs distribution.ErrManifestVerification
+
+	if len(mnfst.Name) > reference.NameTotalLengthMax {
+		errs = append(errs,
+			distribution.ErrManifestNameInvalid{
+				Name:   mnfst.Name,
+				Reason: fmt.Errorf("manifest name must not be more than %v characters", reference.NameTotalLengthMax),
+			})
+	}
+
+	if !reference.NameRegexp.MatchString(mnfst.Name) {
+		errs = append(errs,
+			distribution.ErrManifestNameInvalid{
+				Name:   mnfst.Name,
+				Reason: fmt.Errorf("invalid manifest name format"),
+			})
+	}
+
+	if len(mnfst.History) != len(mnfst.FSLayers) {
+		errs = append(errs, fmt.Errorf("mismatched history and fslayer cardinality %d != %d",
+			len(mnfst.History), len(mnfst.FSLayers)))
+	}
+
+	if _, err := schema1.Verify(&mnfst); err != nil {
+		switch err {
+		case libtrust.ErrMissingSignatureKey, libtrust.ErrInvalidJSONContent, libtrust.ErrMissingSignatureKey:
+			errs = append(errs, distribution.ErrManifestUnverified{})
+		default:
+			if err.Error() == "invalid signature" { // TODO(stevvooe): This should be exported by libtrust
+				errs = append(errs, distribution.ErrManifestUnverified{})
+			} else {
+				errs = append(errs, err)
+			}
+		}
+	}
+
+	if !skipDependencyVerification {
+		for _, fsLayer := range mnfst.References() {
+			_, err := ms.repository.Blobs(ctx).Stat(ctx, fsLayer.Digest)
+			if err != nil {
+				if err != distribution.ErrBlobUnknown {
+					errs = append(errs, err)
+				}
+
+				// On error here, we always append unknown blob errors.
+				errs = append(errs, distribution.ErrManifestBlobUnknown{Digest: fsLayer.Digest})
+			}
+		}
+	}
+	if len(errs) != 0 {
+		return errs
+	}
+
+	return nil
+}
diff --git a/vendor/github.com/docker/distribution/registry/storage/tagstore.go b/vendor/github.com/docker/distribution/registry/storage/tagstore.go
new file mode 100644
index 000000000..a3c766b4f
--- /dev/null
+++ b/vendor/github.com/docker/distribution/registry/storage/tagstore.go
@@ -0,0 +1,179 @@
+package storage
+
+import (
+	"context"
+	"path"
+
+	"github.com/docker/distribution"
+	storagedriver "github.com/docker/distribution/registry/storage/driver"
+	"github.com/opencontainers/go-digest"
+)
+
+var _ distribution.TagService = &tagStore{}
+
+// tagStore provides methods to manage manifest tags in a backend storage driver.
+// This implementation uses the same on-disk layout as the (now deleted) tag
+// store.  This provides backward compatibility with current registry deployments
+// which only makes use of the Digest field of the returned distribution.Descriptor
+// but does not enable full roundtripping of Descriptor objects
+type tagStore struct {
+	repository *repository
+	blobStore  *blobStore
+}
+
+// All returns all tags
+func (ts *tagStore) All(ctx context.Context) ([]string, error) {
+	var tags []string
+
+	pathSpec, err := pathFor(manifestTagPathSpec{
+		name: ts.repository.Named().Name(),
+	})
+	if err != nil {
+		return tags, err
+	}
+
+	entries, err := ts.blobStore.driver.List(ctx, pathSpec)
+	if err != nil {
+		switch err := err.(type) {
+		case storagedriver.PathNotFoundError:
+			return tags, distribution.ErrRepositoryUnknown{Name: ts.repository.Named().Name()}
+		default:
+			return tags, err
+		}
+	}
+
+	for _, entry := range entries {
+		_, filename := path.Split(entry)
+		tags = append(tags, filename)
+	}
+
+	return tags, nil
+}
+
+// Tag tags the digest with the given tag, updating the the store to point at
+// the current tag. The digest must point to a manifest.
+func (ts *tagStore) Tag(ctx context.Context, tag string, desc distribution.Descriptor) error {
+	currentPath, err := pathFor(manifestTagCurrentPathSpec{
+		name: ts.repository.Named().Name(),
+		tag:  tag,
+	})
+
+	if err != nil {
+		return err
+	}
+
+	lbs := ts.linkedBlobStore(ctx, tag)
+
+	// Link into the index
+	if err := lbs.linkBlob(ctx, desc); err != nil {
+		return err
+	}
+
+	// Overwrite the current link
+	return ts.blobStore.link(ctx, currentPath, desc.Digest)
+}
+
+// resolve the current revision for name and tag.
+func (ts *tagStore) Get(ctx context.Context, tag string) (distribution.Descriptor, error) {
+	currentPath, err := pathFor(manifestTagCurrentPathSpec{
+		name: ts.repository.Named().Name(),
+		tag:  tag,
+	})
+
+	if err != nil {
+		return distribution.Descriptor{}, err
+	}
+
+	revision, err := ts.blobStore.readlink(ctx, currentPath)
+	if err != nil {
+		switch err.(type) {
+		case storagedriver.PathNotFoundError:
+			return distribution.Descriptor{}, distribution.ErrTagUnknown{Tag: tag}
+		}
+
+		return distribution.Descriptor{}, err
+	}
+
+	return distribution.Descriptor{Digest: revision}, nil
+}
+
+// Untag removes the tag association
+func (ts *tagStore) Untag(ctx context.Context, tag string) error {
+	tagPath, err := pathFor(manifestTagPathSpec{
+		name: ts.repository.Named().Name(),
+		tag:  tag,
+	})
+	if err != nil {
+		return err
+	}
+
+	if err := ts.blobStore.driver.Delete(ctx, tagPath); err != nil {
+		switch err.(type) {
+		case storagedriver.PathNotFoundError:
+			return nil // Untag is idempotent, we don't care if it didn't exist
+		default:
+			return err
+		}
+	}
+
+	return nil
+}
+
+// linkedBlobStore returns the linkedBlobStore for the named tag, allowing one
+// to index manifest blobs by tag name. While the tag store doesn't map
+// precisely to the linked blob store, using this ensures the links are
+// managed via the same code path.
+func (ts *tagStore) linkedBlobStore(ctx context.Context, tag string) *linkedBlobStore {
+	return &linkedBlobStore{
+		blobStore:  ts.blobStore,
+		repository: ts.repository,
+		ctx:        ctx,
+		linkPathFns: []linkPathFunc{func(name string, dgst digest.Digest) (string, error) {
+			return pathFor(manifestTagIndexEntryLinkPathSpec{
+				name:     name,
+				tag:      tag,
+				revision: dgst,
+			})
+
+		}},
+	}
+}
+
+// Lookup recovers a list of tags which refer to this digest.  When a manifest is deleted by
+// digest, tag entries which point to it need to be recovered to avoid dangling tags.
+func (ts *tagStore) Lookup(ctx context.Context, desc distribution.Descriptor) ([]string, error) {
+	allTags, err := ts.All(ctx)
+	switch err.(type) {
+	case distribution.ErrRepositoryUnknown:
+		// This tag store has been initialized but not yet populated
+		break
+	case nil:
+		break
+	default:
+		return nil, err
+	}
+
+	var tags []string
+	for _, tag := range allTags {
+		tagLinkPathSpec := manifestTagCurrentPathSpec{
+			name: ts.repository.Named().Name(),
+			tag:  tag,
+		}
+
+		tagLinkPath, _ := pathFor(tagLinkPathSpec)
+		tagDigest, err := ts.blobStore.readlink(ctx, tagLinkPath)
+		if err != nil {
+			switch err.(type) {
+			case storagedriver.PathNotFoundError:
+				continue
+			}
+			return nil, err
+		}
+
+		if tagDigest == desc.Digest {
+			tags = append(tags, tag)
+		}
+	}
+
+	return tags, nil
+}
diff --git a/vendor/github.com/docker/distribution/registry/storage/v1unsupportedhandler.go b/vendor/github.com/docker/distribution/registry/storage/v1unsupportedhandler.go
new file mode 100644
index 000000000..fb6ca14e3
--- /dev/null
+++ b/vendor/github.com/docker/distribution/registry/storage/v1unsupportedhandler.go
@@ -0,0 +1,23 @@
+package storage
+
+import (
+	"context"
+
+	"github.com/docker/distribution"
+	digest "github.com/opencontainers/go-digest"
+)
+
+// signedManifestHandler is a ManifestHandler that unmarshals v1 manifests but
+// refuses to Put v1 manifests
+type v1UnsupportedHandler struct {
+	innerHandler ManifestHandler
+}
+
+var _ ManifestHandler = &v1UnsupportedHandler{}
+
+func (v *v1UnsupportedHandler) Unmarshal(ctx context.Context, dgst digest.Digest, content []byte) (distribution.Manifest, error) {
+	return v.innerHandler.Unmarshal(ctx, dgst, content)
+}
+func (v *v1UnsupportedHandler) Put(ctx context.Context, manifest distribution.Manifest, skipDependencyVerification bool) (digest.Digest, error) {
+	return digest.Digest(""), distribution.ErrSchemaV1Unsupported
+}
diff --git a/vendor/github.com/docker/distribution/registry/storage/vacuum.go b/vendor/github.com/docker/distribution/registry/storage/vacuum.go
new file mode 100644
index 000000000..a43db17a4
--- /dev/null
+++ b/vendor/github.com/docker/distribution/registry/storage/vacuum.go
@@ -0,0 +1,102 @@
+package storage
+
+import (
+	"context"
+	"path"
+
+	dcontext "github.com/docker/distribution/context"
+	"github.com/docker/distribution/registry/storage/driver"
+	"github.com/opencontainers/go-digest"
+)
+
+// vacuum contains functions for cleaning up repositories and blobs
+// These functions will only reliably work on strongly consistent
+// storage systems.
+// https://en.wikipedia.org/wiki/Consistency_model
+
+// NewVacuum creates a new Vacuum
+func NewVacuum(ctx context.Context, driver driver.StorageDriver) Vacuum {
+	return Vacuum{
+		ctx:    ctx,
+		driver: driver,
+	}
+}
+
+// Vacuum removes content from the filesystem
+type Vacuum struct {
+	driver driver.StorageDriver
+	ctx    context.Context
+}
+
+// RemoveBlob removes a blob from the filesystem
+func (v Vacuum) RemoveBlob(dgst string) error {
+	d, err := digest.Parse(dgst)
+	if err != nil {
+		return err
+	}
+
+	blobPath, err := pathFor(blobPathSpec{digest: d})
+	if err != nil {
+		return err
+	}
+
+	dcontext.GetLogger(v.ctx).Infof("Deleting blob: %s", blobPath)
+
+	err = v.driver.Delete(v.ctx, blobPath)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// RemoveManifest removes a manifest from the filesystem
+func (v Vacuum) RemoveManifest(name string, dgst digest.Digest, tags []string) error {
+	// remove a tag manifest reference, in case of not found continue to next one
+	for _, tag := range tags {
+
+		tagsPath, err := pathFor(manifestTagIndexEntryPathSpec{name: name, revision: dgst, tag: tag})
+		if err != nil {
+			return err
+		}
+
+		_, err = v.driver.Stat(v.ctx, tagsPath)
+		if err != nil {
+			switch err := err.(type) {
+			case driver.PathNotFoundError:
+				continue
+			default:
+				return err
+			}
+		}
+		dcontext.GetLogger(v.ctx).Infof("deleting manifest tag reference: %s", tagsPath)
+		err = v.driver.Delete(v.ctx, tagsPath)
+		if err != nil {
+			return err
+		}
+	}
+
+	manifestPath, err := pathFor(manifestRevisionPathSpec{name: name, revision: dgst})
+	if err != nil {
+		return err
+	}
+	dcontext.GetLogger(v.ctx).Infof("deleting manifest: %s", manifestPath)
+	return v.driver.Delete(v.ctx, manifestPath)
+}
+
+// RemoveRepository removes a repository directory from the
+// filesystem
+func (v Vacuum) RemoveRepository(repoName string) error {
+	rootForRepository, err := pathFor(repositoriesRootPathSpec{})
+	if err != nil {
+		return err
+	}
+	repoDir := path.Join(rootForRepository, repoName)
+	dcontext.GetLogger(v.ctx).Infof("Deleting repo: %s", repoDir)
+	err = v.driver.Delete(v.ctx, repoDir)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
diff --git a/vendor/github.com/docker/distribution/testutil/handler.go b/vendor/github.com/docker/distribution/testutil/handler.go
new file mode 100644
index 000000000..00cd8a6ac
--- /dev/null
+++ b/vendor/github.com/docker/distribution/testutil/handler.go
@@ -0,0 +1,148 @@
+package testutil
+
+import (
+	"bytes"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"net/http"
+	"net/url"
+	"sort"
+	"strings"
+)
+
+// RequestResponseMap is an ordered mapping from Requests to Responses
+type RequestResponseMap []RequestResponseMapping
+
+// RequestResponseMapping defines a Response to be sent in response to a given
+// Request
+type RequestResponseMapping struct {
+	Request  Request
+	Response Response
+}
+
+// Request is a simplified http.Request object
+type Request struct {
+	// Method is the http method of the request, for example GET
+	Method string
+
+	// Route is the http route of this request
+	Route string
+
+	// QueryParams are the query parameters of this request
+	QueryParams map[string][]string
+
+	// Body is the byte contents of the http request
+	Body []byte
+
+	// Headers are the header for this request
+	Headers http.Header
+}
+
+func (r Request) String() string {
+	queryString := ""
+	if len(r.QueryParams) > 0 {
+		keys := make([]string, 0, len(r.QueryParams))
+		queryParts := make([]string, 0, len(r.QueryParams))
+		for k := range r.QueryParams {
+			keys = append(keys, k)
+		}
+		sort.Strings(keys)
+		for _, k := range keys {
+			for _, val := range r.QueryParams[k] {
+				queryParts = append(queryParts, fmt.Sprintf("%s=%s", k, url.QueryEscape(val)))
+			}
+		}
+		queryString = "?" + strings.Join(queryParts, "&")
+	}
+	var headers []string
+	if len(r.Headers) > 0 {
+		var headerKeys []string
+		for k := range r.Headers {
+			headerKeys = append(headerKeys, k)
+		}
+		sort.Strings(headerKeys)
+
+		for _, k := range headerKeys {
+			for _, val := range r.Headers[k] {
+				headers = append(headers, fmt.Sprintf("%s:%s", k, val))
+			}
+		}
+
+	}
+	return fmt.Sprintf("%s %s%s\n%s\n%s", r.Method, r.Route, queryString, headers, r.Body)
+}
+
+// Response is a simplified http.Response object
+type Response struct {
+	// Statuscode is the http status code of the Response
+	StatusCode int
+
+	// Headers are the http headers of this Response
+	Headers http.Header
+
+	// Body is the response body
+	Body []byte
+}
+
+// testHandler is an http.Handler with a defined mapping from Request to an
+// ordered list of Response objects
+type testHandler struct {
+	responseMap map[string][]Response
+}
+
+// NewHandler returns a new test handler that responds to defined requests
+// with specified responses
+// Each time a Request is received, the next Response is returned in the
+// mapping, until no Responses are defined, at which point a 404 is sent back
+func NewHandler(requestResponseMap RequestResponseMap) http.Handler {
+	responseMap := make(map[string][]Response)
+	for _, mapping := range requestResponseMap {
+		responses, ok := responseMap[mapping.Request.String()]
+		if ok {
+			responseMap[mapping.Request.String()] = append(responses, mapping.Response)
+		} else {
+			responseMap[mapping.Request.String()] = []Response{mapping.Response}
+		}
+	}
+	return &testHandler{responseMap: responseMap}
+}
+
+func (app *testHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
+	defer r.Body.Close()
+
+	requestBody, _ := ioutil.ReadAll(r.Body)
+	request := Request{
+		Method:      r.Method,
+		Route:       r.URL.Path,
+		QueryParams: r.URL.Query(),
+		Body:        requestBody,
+		Headers:     make(map[string][]string),
+	}
+
+	// Add headers of interest here
+	for k, v := range r.Header {
+		if k == "If-None-Match" {
+			request.Headers[k] = v
+		}
+	}
+
+	responses, ok := app.responseMap[request.String()]
+
+	if !ok || len(responses) == 0 {
+		http.NotFound(w, r)
+		return
+	}
+
+	response := responses[0]
+	app.responseMap[request.String()] = responses[1:]
+
+	responseHeader := w.Header()
+	for k, v := range response.Headers {
+		responseHeader[k] = v
+	}
+
+	w.WriteHeader(response.StatusCode)
+
+	io.Copy(w, bytes.NewReader(response.Body))
+}
diff --git a/vendor/github.com/docker/distribution/testutil/manifests.go b/vendor/github.com/docker/distribution/testutil/manifests.go
new file mode 100644
index 000000000..8afe82e48
--- /dev/null
+++ b/vendor/github.com/docker/distribution/testutil/manifests.go
@@ -0,0 +1,87 @@
+package testutil
+
+import (
+	"fmt"
+
+	"github.com/docker/distribution"
+	"github.com/docker/distribution/context"
+	"github.com/docker/distribution/manifest"
+	"github.com/docker/distribution/manifest/manifestlist"
+	"github.com/docker/distribution/manifest/schema1"
+	"github.com/docker/distribution/manifest/schema2"
+	"github.com/docker/libtrust"
+	"github.com/opencontainers/go-digest"
+)
+
+// MakeManifestList constructs a manifest list out of a list of manifest digests
+func MakeManifestList(blobstatter distribution.BlobStatter, manifestDigests []digest.Digest) (*manifestlist.DeserializedManifestList, error) {
+	ctx := context.Background()
+
+	var manifestDescriptors []manifestlist.ManifestDescriptor
+	for _, manifestDigest := range manifestDigests {
+		descriptor, err := blobstatter.Stat(ctx, manifestDigest)
+		if err != nil {
+			return nil, err
+		}
+		platformSpec := manifestlist.PlatformSpec{
+			Architecture: "atari2600",
+			OS:           "CP/M",
+			Variant:      "ternary",
+			Features:     []string{"VLIW", "superscalaroutoforderdevnull"},
+		}
+		manifestDescriptor := manifestlist.ManifestDescriptor{
+			Descriptor: descriptor,
+			Platform:   platformSpec,
+		}
+		manifestDescriptors = append(manifestDescriptors, manifestDescriptor)
+	}
+
+	return manifestlist.FromDescriptors(manifestDescriptors)
+}
+
+// MakeSchema1Manifest constructs a schema 1 manifest from a given list of digests and returns
+// the digest of the manifest
+func MakeSchema1Manifest(digests []digest.Digest) (distribution.Manifest, error) {
+	manifest := schema1.Manifest{
+		Versioned: manifest.Versioned{
+			SchemaVersion: 1,
+		},
+		Name: "who",
+		Tag:  "cares",
+	}
+
+	for _, digest := range digests {
+		manifest.FSLayers = append(manifest.FSLayers, schema1.FSLayer{BlobSum: digest})
+		manifest.History = append(manifest.History, schema1.History{V1Compatibility: ""})
+	}
+
+	pk, err := libtrust.GenerateECP256PrivateKey()
+	if err != nil {
+		return nil, fmt.Errorf("unexpected error generating private key: %v", err)
+	}
+
+	signedManifest, err := schema1.Sign(&manifest, pk)
+	if err != nil {
+		return nil, fmt.Errorf("error signing manifest: %v", err)
+	}
+
+	return signedManifest, nil
+}
+
+// MakeSchema2Manifest constructs a schema 2 manifest from a given list of digests and returns
+// the digest of the manifest
+func MakeSchema2Manifest(repository distribution.Repository, digests []digest.Digest) (distribution.Manifest, error) {
+	ctx := context.Background()
+	blobStore := repository.Blobs(ctx)
+	builder := schema2.NewManifestBuilder(blobStore, schema2.MediaTypeImageConfig, []byte{})
+	for _, digest := range digests {
+		builder.AppendReference(distribution.Descriptor{Digest: digest})
+	}
+
+	manifest, err := builder.Build(ctx)
+	if err != nil {
+		return nil, fmt.Errorf("unexpected error generating manifest: %v", err)
+	}
+
+	return manifest, nil
+}
diff --git a/vendor/github.com/docker/distribution/testutil/tarfile.go b/vendor/github.com/docker/distribution/testutil/tarfile.go
new file mode 100644
index 000000000..2ebd364a2
--- /dev/null
+++ b/vendor/github.com/docker/distribution/testutil/tarfile.go
@@ -0,0 +1,114 @@
+package testutil
+
+import (
+	"archive/tar"
+	"bytes"
+	"fmt"
+	"io"
+	mrand "math/rand"
+	"time"
+
+	"github.com/docker/distribution"
+	"github.com/docker/distribution/context"
+	"github.com/opencontainers/go-digest"
+)
+
+// CreateRandomTarFile creates a random tarfile, returning it as an
+// io.ReadSeeker along with its digest. An error is returned if there is a
+// problem generating valid content.
+func CreateRandomTarFile() (rs io.ReadSeeker, dgst digest.Digest, err error) {
+	nFiles := mrand.Intn(10) + 10
+	target := &bytes.Buffer{}
+	wr := tar.NewWriter(target)
+
+	// Perturb this on each iteration of the loop below.
+	header := &tar.Header{
+		Mode:       0644,
+		ModTime:    time.Now(),
+		Typeflag:   tar.TypeReg,
+		Uname:      "randocalrissian",
+		Gname:      "cloudcity",
+		AccessTime: time.Now(),
+		ChangeTime: time.Now(),
+	}
+
+	for fileNumber := 0; fileNumber < nFiles; fileNumber++ {
+		fileSize := mrand.Int63n(1<<20) + 1<<20
+
+		header.Name = fmt.Sprint(fileNumber)
+		header.Size = fileSize
+
+		if err := wr.WriteHeader(header); err != nil {
+			return nil, "", err
+		}
+
+		randomData := make([]byte, fileSize)
+
+		// Fill up the buffer with some random data.
+		n, err := mrand.Read(randomData)
+
+		if n != len(randomData) {
+			return nil, "", fmt.Errorf("short read creating random reader: %v bytes != %v bytes", n, len(randomData))
+		}
+
+		if err != nil {
+			return nil, "", err
+		}
+
+		nn, err := io.Copy(wr, bytes.NewReader(randomData))
+		if nn != fileSize {
+			return nil, "", fmt.Errorf("short copy writing random file to tar")
+		}
+
+		if err != nil {
+			return nil, "", err
+		}
+
+		if err := wr.Flush(); err != nil {
+			return nil, "", err
+		}
+	}
+
+	if err := wr.Close(); err != nil {
+		return nil, "", err
+	}
+
+	dgst = digest.FromBytes(target.Bytes())
+
+	return bytes.NewReader(target.Bytes()), dgst, nil
+}
+
+// CreateRandomLayers returns a map of n digests. We don't particularly care
+// about the order of said digests (since they're all random anyway).
+func CreateRandomLayers(n int) (map[digest.Digest]io.ReadSeeker, error) {
+	digestMap := map[digest.Digest]io.ReadSeeker{}
+	for i := 0; i < n; i++ {
+		rs, ds, err := CreateRandomTarFile()
+		if err != nil {
+			return nil, fmt.Errorf("unexpected error generating test layer file: %v", err)
+		}
+
+		digestMap[ds] = rs
+	}
+	return digestMap, nil
+}
+
+// UploadBlobs lets you upload blobs to a repository
+func UploadBlobs(repository distribution.Repository, layers map[digest.Digest]io.ReadSeeker) error {
+	ctx := context.Background()
+	for digest, rs := range layers {
+		wr, err := repository.Blobs(ctx).Create(ctx)
+		if err != nil {
+			return fmt.Errorf("unexpected error creating upload: %v", err)
+		}
+
+		if _, err := io.Copy(wr, rs); err != nil {
+			return fmt.Errorf("unexpected error copying to upload: %v", err)
+		}
+
+		if _, err := wr.Commit(ctx, distribution.Descriptor{Digest: digest}); err != nil {
+			return fmt.Errorf("unexpected error committinng upload: %v", err)
+		}
+	}
+	return nil
+}
diff --git a/vendor/github.com/docker/distribution/version/print.go b/vendor/github.com/docker/distribution/version/print.go
new file mode 100644
index 000000000..318ac6953
--- /dev/null
+++ b/vendor/github.com/docker/distribution/version/print.go
@@ -0,0 +1,25 @@
+package version
+
+import (
+	"fmt"
+	"io"
+	"os"
+)
+
+// FprintVersion outputs the version string to the writer, in the following
+// format, followed by a newline:
+//
+//	<cmd> <project> <version>
+//
+// For example, a binary "registry" built from github.com/docker/distribution
+// with version "v2.0" would print the following:
+//
+//	registry github.com/docker/distribution v2.0
+func FprintVersion(w io.Writer) {
+	fmt.Fprintln(w, os.Args[0], Package, Version)
+}
+
+// PrintVersion outputs the version information, from Fprint, to stdout.
+func PrintVersion() {
+	FprintVersion(os.Stdout)
+}
diff --git a/vendor/github.com/docker/distribution/version/version.go b/vendor/github.com/docker/distribution/version/version.go
new file mode 100644
index 000000000..567610d9d
--- /dev/null
+++ b/vendor/github.com/docker/distribution/version/version.go
@@ -0,0 +1,15 @@
+package version
+
+// Package is the overall, canonical project import path under which the
+// package was built.
+var Package = "github.com/docker/distribution"
+
+// Version indicates which version of the binary is running. This is set to
+// the latest release tag by hand, always suffixed by "+unknown". During
+// build, it will be replaced by the actual version. The value here will be
+// used if the registry is run after a go get based install.
+var Version = "v2.8.2+unknown"
+
+// Revision is filled with the VCS (e.g. git) revision being used to build
+// the program at linking time.
+var Revision = ""
diff --git a/vendor/github.com/docker/distribution/version/version.sh b/vendor/github.com/docker/distribution/version/version.sh
new file mode 100644
index 000000000..dd8296968
--- /dev/null
+++ b/vendor/github.com/docker/distribution/version/version.sh
@@ -0,0 +1,26 @@
+#!/bin/sh
+
+# This bash script outputs the current, desired content of version.go, using
+# git describe. For best effect, pipe this to the target file. Generally, this
+# only needs to updated for releases. The actual value of will be replaced
+# during build time if the makefile is used.
+
+set -e
+
+cat <<EOF
+package version
+
+// Package is the overall, canonical project import path under which the
+// package was built.
+var Package = "$(go list)"
+
+// Version indicates which version of the binary is running. This is set to
+// the latest release tag by hand, always suffixed by "+unknown". During
+// build, it will be replaced by the actual version. The value here will be
+// used if the registry is run after a go install based install.
+var Version = "$(git describe --match 'v[0-9]*' --dirty='.m' --always)+unknown"
+
+// Revision is filled with the VCS (e.g. git) revision being used to build
+// the program at linking time.
+var Revision = ""
+EOF
diff --git a/vendor/github.com/docker/libtrust/CONTRIBUTING.md b/vendor/github.com/docker/libtrust/CONTRIBUTING.md
new file mode 100644
index 000000000..05be0f8ab
--- /dev/null
+++ b/vendor/github.com/docker/libtrust/CONTRIBUTING.md
@@ -0,0 +1,13 @@
+# Contributing to libtrust
+
+Want to hack on libtrust? Awesome! Here are instructions to get you
+started.
+
+libtrust is a part of the [Docker](https://www.docker.com) project, and follows
+the same rules and principles. If you're already familiar with the way
+Docker does things, you'll feel right at home.
+
+Otherwise, go read
+[Docker's contributions guidelines](https://github.com/docker/docker/blob/master/CONTRIBUTING.md).
+
+Happy hacking!
diff --git a/vendor/github.com/docker/libtrust/LICENSE b/vendor/github.com/docker/libtrust/LICENSE
new file mode 100644
index 000000000..27448585a
--- /dev/null
+++ b/vendor/github.com/docker/libtrust/LICENSE
@@ -0,0 +1,191 @@
+
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   Copyright 2014 Docker, Inc.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
diff --git a/vendor/github.com/docker/libtrust/MAINTAINERS b/vendor/github.com/docker/libtrust/MAINTAINERS
new file mode 100644
index 000000000..9768175fe
--- /dev/null
+++ b/vendor/github.com/docker/libtrust/MAINTAINERS
@@ -0,0 +1,3 @@
+Solomon Hykes <solomon@docker.com>
+Josh Hawn <josh@docker.com> (github: jlhawn)
+Derek McGowan <derek@docker.com> (github: dmcgowan)
diff --git a/vendor/github.com/docker/libtrust/README.md b/vendor/github.com/docker/libtrust/README.md
new file mode 100644
index 000000000..dcffb31ae
--- /dev/null
+++ b/vendor/github.com/docker/libtrust/README.md
@@ -0,0 +1,22 @@
+# libtrust
+
+> **WARNING** this library is no longer actively developed, and will be integrated
+> in the [docker/distribution][https://www.github.com/docker/distribution]
+> repository in future.
+
+Libtrust is library for managing authentication and authorization using public key cryptography.
+
+Authentication is handled using the identity attached to the public key.
+Libtrust provides multiple methods to prove possession of the private key associated with an identity.
+ - TLS x509 certificates
+ - Signature verification
+ - Key Challenge
+
+Authorization and access control is managed through a distributed trust graph.
+Trust servers are used as the authorities of the trust graph and allow caching portions of the graph for faster access.
+
+## Copyright and license
+
+Code and documentation copyright 2014 Docker, inc. Code released under the Apache 2.0 license.
+Docs released under Creative commons.
+
diff --git a/vendor/github.com/docker/libtrust/certificates.go b/vendor/github.com/docker/libtrust/certificates.go
new file mode 100644
index 000000000..3dcca33cb
--- /dev/null
+++ b/vendor/github.com/docker/libtrust/certificates.go
@@ -0,0 +1,175 @@
+package libtrust
+
+import (
+	"crypto/rand"
+	"crypto/x509"
+	"crypto/x509/pkix"
+	"encoding/pem"
+	"fmt"
+	"io/ioutil"
+	"math/big"
+	"net"
+	"time"
+)
+
+type certTemplateInfo struct {
+	commonName  string
+	domains     []string
+	ipAddresses []net.IP
+	isCA        bool
+	clientAuth  bool
+	serverAuth  bool
+}
+
+func generateCertTemplate(info *certTemplateInfo) *x509.Certificate {
+	// Generate a certificate template which is valid from the past week to
+	// 10 years from now. The usage of the certificate depends on the
+	// specified fields in the given certTempInfo object.
+	var (
+		keyUsage    x509.KeyUsage
+		extKeyUsage []x509.ExtKeyUsage
+	)
+
+	if info.isCA {
+		keyUsage = x509.KeyUsageCertSign
+	}
+
+	if info.clientAuth {
+		extKeyUsage = append(extKeyUsage, x509.ExtKeyUsageClientAuth)
+	}
+
+	if info.serverAuth {
+		extKeyUsage = append(extKeyUsage, x509.ExtKeyUsageServerAuth)
+	}
+
+	return &x509.Certificate{
+		SerialNumber: big.NewInt(0),
+		Subject: pkix.Name{
+			CommonName: info.commonName,
+		},
+		NotBefore:             time.Now().Add(-time.Hour * 24 * 7),
+		NotAfter:              time.Now().Add(time.Hour * 24 * 365 * 10),
+		DNSNames:              info.domains,
+		IPAddresses:           info.ipAddresses,
+		IsCA:                  info.isCA,
+		KeyUsage:              keyUsage,
+		ExtKeyUsage:           extKeyUsage,
+		BasicConstraintsValid: info.isCA,
+	}
+}
+
+func generateCert(pub PublicKey, priv PrivateKey, subInfo, issInfo *certTemplateInfo) (cert *x509.Certificate, err error) {
+	pubCertTemplate := generateCertTemplate(subInfo)
+	privCertTemplate := generateCertTemplate(issInfo)
+
+	certDER, err := x509.CreateCertificate(
+		rand.Reader, pubCertTemplate, privCertTemplate,
+		pub.CryptoPublicKey(), priv.CryptoPrivateKey(),
+	)
+	if err != nil {
+		return nil, fmt.Errorf("failed to create certificate: %s", err)
+	}
+
+	cert, err = x509.ParseCertificate(certDER)
+	if err != nil {
+		return nil, fmt.Errorf("failed to parse certificate: %s", err)
+	}
+
+	return
+}
+
+// GenerateSelfSignedServerCert creates a self-signed certificate for the
+// given key which is to be used for TLS servers with the given domains and
+// IP addresses.
+func GenerateSelfSignedServerCert(key PrivateKey, domains []string, ipAddresses []net.IP) (*x509.Certificate, error) {
+	info := &certTemplateInfo{
+		commonName:  key.KeyID(),
+		domains:     domains,
+		ipAddresses: ipAddresses,
+		serverAuth:  true,
+	}
+
+	return generateCert(key.PublicKey(), key, info, info)
+}
+
+// GenerateSelfSignedClientCert creates a self-signed certificate for the
+// given key which is to be used for TLS clients.
+func GenerateSelfSignedClientCert(key PrivateKey) (*x509.Certificate, error) {
+	info := &certTemplateInfo{
+		commonName: key.KeyID(),
+		clientAuth: true,
+	}
+
+	return generateCert(key.PublicKey(), key, info, info)
+}
+
+// GenerateCACert creates a certificate which can be used as a trusted
+// certificate authority.
+func GenerateCACert(signer PrivateKey, trustedKey PublicKey) (*x509.Certificate, error) {
+	subjectInfo := &certTemplateInfo{
+		commonName: trustedKey.KeyID(),
+		isCA:       true,
+	}
+	issuerInfo := &certTemplateInfo{
+		commonName: signer.KeyID(),
+	}
+
+	return generateCert(trustedKey, signer, subjectInfo, issuerInfo)
+}
+
+// GenerateCACertPool creates a certificate authority pool to be used for a
+// TLS configuration. Any self-signed certificates issued by the specified
+// trusted keys will be verified during a TLS handshake
+func GenerateCACertPool(signer PrivateKey, trustedKeys []PublicKey) (*x509.CertPool, error) {
+	certPool := x509.NewCertPool()
+
+	for _, trustedKey := range trustedKeys {
+		cert, err := GenerateCACert(signer, trustedKey)
+		if err != nil {
+			return nil, fmt.Errorf("failed to generate CA certificate: %s", err)
+		}
+
+		certPool.AddCert(cert)
+	}
+
+	return certPool, nil
+}
+
+// LoadCertificateBundle loads certificates from the given file.  The file should be pem encoded
+// containing one or more certificates.  The expected pem type is "CERTIFICATE".
+func LoadCertificateBundle(filename string) ([]*x509.Certificate, error) {
+	b, err := ioutil.ReadFile(filename)
+	if err != nil {
+		return nil, err
+	}
+	certificates := []*x509.Certificate{}
+	var block *pem.Block
+	block, b = pem.Decode(b)
+	for ; block != nil; block, b = pem.Decode(b) {
+		if block.Type == "CERTIFICATE" {
+			cert, err := x509.ParseCertificate(block.Bytes)
+			if err != nil {
+				return nil, err
+			}
+			certificates = append(certificates, cert)
+		} else {
+			return nil, fmt.Errorf("invalid pem block type: %s", block.Type)
+		}
+	}
+
+	return certificates, nil
+}
+
+// LoadCertificatePool loads a CA pool from the given file.  The file should be pem encoded
+// containing one or more certificates. The expected pem type is "CERTIFICATE".
+func LoadCertificatePool(filename string) (*x509.CertPool, error) {
+	certs, err := LoadCertificateBundle(filename)
+	if err != nil {
+		return nil, err
+	}
+	pool := x509.NewCertPool()
+	for _, cert := range certs {
+		pool.AddCert(cert)
+	}
+	return pool, nil
+}
diff --git a/vendor/github.com/docker/libtrust/doc.go b/vendor/github.com/docker/libtrust/doc.go
new file mode 100644
index 000000000..ec5d2159c
--- /dev/null
+++ b/vendor/github.com/docker/libtrust/doc.go
@@ -0,0 +1,9 @@
+/*
+Package libtrust provides an interface for managing authentication and
+authorization using public key cryptography. Authentication is handled
+using the identity attached to the public key and verified through TLS
+x509 certificates, a key challenge, or signature. Authorization and
+access control is managed through a trust graph distributed between
+both remote trust servers and locally cached and managed data.
+*/
+package libtrust
diff --git a/vendor/github.com/docker/libtrust/ec_key.go b/vendor/github.com/docker/libtrust/ec_key.go
new file mode 100644
index 000000000..00bbe4b3c
--- /dev/null
+++ b/vendor/github.com/docker/libtrust/ec_key.go
@@ -0,0 +1,428 @@
+package libtrust
+
+import (
+	"crypto"
+	"crypto/ecdsa"
+	"crypto/elliptic"
+	"crypto/rand"
+	"crypto/x509"
+	"encoding/json"
+	"encoding/pem"
+	"errors"
+	"fmt"
+	"io"
+	"math/big"
+)
+
+/*
+ * EC DSA PUBLIC KEY
+ */
+
+// ecPublicKey implements a libtrust.PublicKey using elliptic curve digital
+// signature algorithms.
+type ecPublicKey struct {
+	*ecdsa.PublicKey
+	curveName          string
+	signatureAlgorithm *signatureAlgorithm
+	extended           map[string]interface{}
+}
+
+func fromECPublicKey(cryptoPublicKey *ecdsa.PublicKey) (*ecPublicKey, error) {
+	curve := cryptoPublicKey.Curve
+
+	switch {
+	case curve == elliptic.P256():
+		return &ecPublicKey{cryptoPublicKey, "P-256", es256, map[string]interface{}{}}, nil
+	case curve == elliptic.P384():
+		return &ecPublicKey{cryptoPublicKey, "P-384", es384, map[string]interface{}{}}, nil
+	case curve == elliptic.P521():
+		return &ecPublicKey{cryptoPublicKey, "P-521", es512, map[string]interface{}{}}, nil
+	default:
+		return nil, errors.New("unsupported elliptic curve")
+	}
+}
+
+// KeyType returns the key type for elliptic curve keys, i.e., "EC".
+func (k *ecPublicKey) KeyType() string {
+	return "EC"
+}
+
+// CurveName returns the elliptic curve identifier.
+// Possible values are "P-256", "P-384", and "P-521".
+func (k *ecPublicKey) CurveName() string {
+	return k.curveName
+}
+
+// KeyID returns a distinct identifier which is unique to this Public Key.
+func (k *ecPublicKey) KeyID() string {
+	return keyIDFromCryptoKey(k)
+}
+
+func (k *ecPublicKey) String() string {
+	return fmt.Sprintf("EC Public Key <%s>", k.KeyID())
+}
+
+// Verify verifyies the signature of the data in the io.Reader using this
+// PublicKey. The alg parameter should identify the digital signature
+// algorithm which was used to produce the signature and should be supported
+// by this public key. Returns a nil error if the signature is valid.
+func (k *ecPublicKey) Verify(data io.Reader, alg string, signature []byte) error {
+	// For EC keys there is only one supported signature algorithm depending
+	// on the curve parameters.
+	if k.signatureAlgorithm.HeaderParam() != alg {
+		return fmt.Errorf("unable to verify signature: EC Public Key with curve %q does not support signature algorithm %q", k.curveName, alg)
+	}
+
+	// signature is the concatenation of (r, s), base64Url encoded.
+	sigLength := len(signature)
+	expectedOctetLength := 2 * ((k.Params().BitSize + 7) >> 3)
+	if sigLength != expectedOctetLength {
+		return fmt.Errorf("signature length is %d octets long, should be %d", sigLength, expectedOctetLength)
+	}
+
+	rBytes, sBytes := signature[:sigLength/2], signature[sigLength/2:]
+	r := new(big.Int).SetBytes(rBytes)
+	s := new(big.Int).SetBytes(sBytes)
+
+	hasher := k.signatureAlgorithm.HashID().New()
+	_, err := io.Copy(hasher, data)
+	if err != nil {
+		return fmt.Errorf("error reading data to sign: %s", err)
+	}
+	hash := hasher.Sum(nil)
+
+	if !ecdsa.Verify(k.PublicKey, hash, r, s) {
+		return errors.New("invalid signature")
+	}
+
+	return nil
+}
+
+// CryptoPublicKey returns the internal object which can be used as a
+// crypto.PublicKey for use with other standard library operations. The type
+// is either *rsa.PublicKey or *ecdsa.PublicKey
+func (k *ecPublicKey) CryptoPublicKey() crypto.PublicKey {
+	return k.PublicKey
+}
+
+func (k *ecPublicKey) toMap() map[string]interface{} {
+	jwk := make(map[string]interface{})
+	for k, v := range k.extended {
+		jwk[k] = v
+	}
+	jwk["kty"] = k.KeyType()
+	jwk["kid"] = k.KeyID()
+	jwk["crv"] = k.CurveName()
+
+	xBytes := k.X.Bytes()
+	yBytes := k.Y.Bytes()
+	octetLength := (k.Params().BitSize + 7) >> 3
+	// MUST include leading zeros in the output so that x, y are each
+	// *octetLength* bytes long.
+	xBuf := make([]byte, octetLength-len(xBytes), octetLength)
+	yBuf := make([]byte, octetLength-len(yBytes), octetLength)
+	xBuf = append(xBuf, xBytes...)
+	yBuf = append(yBuf, yBytes...)
+
+	jwk["x"] = joseBase64UrlEncode(xBuf)
+	jwk["y"] = joseBase64UrlEncode(yBuf)
+
+	return jwk
+}
+
+// MarshalJSON serializes this Public Key using the JWK JSON serialization format for
+// elliptic curve keys.
+func (k *ecPublicKey) MarshalJSON() (data []byte, err error) {
+	return json.Marshal(k.toMap())
+}
+
+// PEMBlock serializes this Public Key to DER-encoded PKIX format.
+func (k *ecPublicKey) PEMBlock() (*pem.Block, error) {
+	derBytes, err := x509.MarshalPKIXPublicKey(k.PublicKey)
+	if err != nil {
+		return nil, fmt.Errorf("unable to serialize EC PublicKey to DER-encoded PKIX format: %s", err)
+	}
+	k.extended["kid"] = k.KeyID() // For display purposes.
+	return createPemBlock("PUBLIC KEY", derBytes, k.extended)
+}
+
+func (k *ecPublicKey) AddExtendedField(field string, value interface{}) {
+	k.extended[field] = value
+}
+
+func (k *ecPublicKey) GetExtendedField(field string) interface{} {
+	v, ok := k.extended[field]
+	if !ok {
+		return nil
+	}
+	return v
+}
+
+func ecPublicKeyFromMap(jwk map[string]interface{}) (*ecPublicKey, error) {
+	// JWK key type (kty) has already been determined to be "EC".
+	// Need to extract 'crv', 'x', 'y', and 'kid' and check for
+	// consistency.
+
+	// Get the curve identifier value.
+	crv, err := stringFromMap(jwk, "crv")
+	if err != nil {
+		return nil, fmt.Errorf("JWK EC Public Key curve identifier: %s", err)
+	}
+
+	var (
+		curve  elliptic.Curve
+		sigAlg *signatureAlgorithm
+	)
+
+	switch {
+	case crv == "P-256":
+		curve = elliptic.P256()
+		sigAlg = es256
+	case crv == "P-384":
+		curve = elliptic.P384()
+		sigAlg = es384
+	case crv == "P-521":
+		curve = elliptic.P521()
+		sigAlg = es512
+	default:
+		return nil, fmt.Errorf("JWK EC Public Key curve identifier not supported: %q\n", crv)
+	}
+
+	// Get the X and Y coordinates for the public key point.
+	xB64Url, err := stringFromMap(jwk, "x")
+	if err != nil {
+		return nil, fmt.Errorf("JWK EC Public Key x-coordinate: %s", err)
+	}
+	x, err := parseECCoordinate(xB64Url, curve)
+	if err != nil {
+		return nil, fmt.Errorf("JWK EC Public Key x-coordinate: %s", err)
+	}
+
+	yB64Url, err := stringFromMap(jwk, "y")
+	if err != nil {
+		return nil, fmt.Errorf("JWK EC Public Key y-coordinate: %s", err)
+	}
+	y, err := parseECCoordinate(yB64Url, curve)
+	if err != nil {
+		return nil, fmt.Errorf("JWK EC Public Key y-coordinate: %s", err)
+	}
+
+	key := &ecPublicKey{
+		PublicKey: &ecdsa.PublicKey{Curve: curve, X: x, Y: y},
+		curveName: crv, signatureAlgorithm: sigAlg,
+	}
+
+	// Key ID is optional too, but if it exists, it should match the key.
+	_, ok := jwk["kid"]
+	if ok {
+		kid, err := stringFromMap(jwk, "kid")
+		if err != nil {
+			return nil, fmt.Errorf("JWK EC Public Key ID: %s", err)
+		}
+		if kid != key.KeyID() {
+			return nil, fmt.Errorf("JWK EC Public Key ID does not match: %s", kid)
+		}
+	}
+
+	key.extended = jwk
+
+	return key, nil
+}
+
+/*
+ * EC DSA PRIVATE KEY
+ */
+
+// ecPrivateKey implements a JWK Private Key using elliptic curve digital signature
+// algorithms.
+type ecPrivateKey struct {
+	ecPublicKey
+	*ecdsa.PrivateKey
+}
+
+func fromECPrivateKey(cryptoPrivateKey *ecdsa.PrivateKey) (*ecPrivateKey, error) {
+	publicKey, err := fromECPublicKey(&cryptoPrivateKey.PublicKey)
+	if err != nil {
+		return nil, err
+	}
+
+	return &ecPrivateKey{*publicKey, cryptoPrivateKey}, nil
+}
+
+// PublicKey returns the Public Key data associated with this Private Key.
+func (k *ecPrivateKey) PublicKey() PublicKey {
+	return &k.ecPublicKey
+}
+
+func (k *ecPrivateKey) String() string {
+	return fmt.Sprintf("EC Private Key <%s>", k.KeyID())
+}
+
+// Sign signs the data read from the io.Reader using a signature algorithm supported
+// by the elliptic curve private key. If the specified hashing algorithm is
+// supported by this key, that hash function is used to generate the signature
+// otherwise the the default hashing algorithm for this key is used. Returns
+// the signature and the name of the JWK signature algorithm used, e.g.,
+// "ES256", "ES384", "ES512".
+func (k *ecPrivateKey) Sign(data io.Reader, hashID crypto.Hash) (signature []byte, alg string, err error) {
+	// Generate a signature of the data using the internal alg.
+	// The given hashId is only a suggestion, and since EC keys only support
+	// on signature/hash algorithm given the curve name, we disregard it for
+	// the elliptic curve JWK signature implementation.
+	hasher := k.signatureAlgorithm.HashID().New()
+	_, err = io.Copy(hasher, data)
+	if err != nil {
+		return nil, "", fmt.Errorf("error reading data to sign: %s", err)
+	}
+	hash := hasher.Sum(nil)
+
+	r, s, err := ecdsa.Sign(rand.Reader, k.PrivateKey, hash)
+	if err != nil {
+		return nil, "", fmt.Errorf("error producing signature: %s", err)
+	}
+	rBytes, sBytes := r.Bytes(), s.Bytes()
+	octetLength := (k.ecPublicKey.Params().BitSize + 7) >> 3
+	// MUST include leading zeros in the output
+	rBuf := make([]byte, octetLength-len(rBytes), octetLength)
+	sBuf := make([]byte, octetLength-len(sBytes), octetLength)
+
+	rBuf = append(rBuf, rBytes...)
+	sBuf = append(sBuf, sBytes...)
+
+	signature = append(rBuf, sBuf...)
+	alg = k.signatureAlgorithm.HeaderParam()
+
+	return
+}
+
+// CryptoPrivateKey returns the internal object which can be used as a
+// crypto.PublicKey for use with other standard library operations. The type
+// is either *rsa.PublicKey or *ecdsa.PublicKey
+func (k *ecPrivateKey) CryptoPrivateKey() crypto.PrivateKey {
+	return k.PrivateKey
+}
+
+func (k *ecPrivateKey) toMap() map[string]interface{} {
+	jwk := k.ecPublicKey.toMap()
+
+	dBytes := k.D.Bytes()
+	// The length of this octet string MUST be ceiling(log-base-2(n)/8)
+	// octets (where n is the order of the curve). This is because the private
+	// key d must be in the interval [1, n-1] so the bitlength of d should be
+	// no larger than the bitlength of n-1. The easiest way to find the octet
+	// length is to take bitlength(n-1), add 7 to force a carry, and shift this
+	// bit sequence right by 3, which is essentially dividing by 8 and adding
+	// 1 if there is any remainder. Thus, the private key value d should be
+	// output to (bitlength(n-1)+7)>>3 octets.
+	n := k.ecPublicKey.Params().N
+	octetLength := (new(big.Int).Sub(n, big.NewInt(1)).BitLen() + 7) >> 3
+	// Create a buffer with the necessary zero-padding.
+	dBuf := make([]byte, octetLength-len(dBytes), octetLength)
+	dBuf = append(dBuf, dBytes...)
+
+	jwk["d"] = joseBase64UrlEncode(dBuf)
+
+	return jwk
+}
+
+// MarshalJSON serializes this Private Key using the JWK JSON serialization format for
+// elliptic curve keys.
+func (k *ecPrivateKey) MarshalJSON() (data []byte, err error) {
+	return json.Marshal(k.toMap())
+}
+
+// PEMBlock serializes this Private Key to DER-encoded PKIX format.
+func (k *ecPrivateKey) PEMBlock() (*pem.Block, error) {
+	derBytes, err := x509.MarshalECPrivateKey(k.PrivateKey)
+	if err != nil {
+		return nil, fmt.Errorf("unable to serialize EC PrivateKey to DER-encoded PKIX format: %s", err)
+	}
+	k.extended["keyID"] = k.KeyID() // For display purposes.
+	return createPemBlock("EC PRIVATE KEY", derBytes, k.extended)
+}
+
+func ecPrivateKeyFromMap(jwk map[string]interface{}) (*ecPrivateKey, error) {
+	dB64Url, err := stringFromMap(jwk, "d")
+	if err != nil {
+		return nil, fmt.Errorf("JWK EC Private Key: %s", err)
+	}
+
+	// JWK key type (kty) has already been determined to be "EC".
+	// Need to extract the public key information, then extract the private
+	// key value 'd'.
+	publicKey, err := ecPublicKeyFromMap(jwk)
+	if err != nil {
+		return nil, err
+	}
+
+	d, err := parseECPrivateParam(dB64Url, publicKey.Curve)
+	if err != nil {
+		return nil, fmt.Errorf("JWK EC Private Key d-param: %s", err)
+	}
+
+	key := &ecPrivateKey{
+		ecPublicKey: *publicKey,
+		PrivateKey: &ecdsa.PrivateKey{
+			PublicKey: *publicKey.PublicKey,
+			D:         d,
+		},
+	}
+
+	return key, nil
+}
+
+/*
+ *	Key Generation Functions.
+ */
+
+func generateECPrivateKey(curve elliptic.Curve) (k *ecPrivateKey, err error) {
+	k = new(ecPrivateKey)
+	k.PrivateKey, err = ecdsa.GenerateKey(curve, rand.Reader)
+	if err != nil {
+		return nil, err
+	}
+
+	k.ecPublicKey.PublicKey = &k.PrivateKey.PublicKey
+	k.extended = make(map[string]interface{})
+
+	return
+}
+
+// GenerateECP256PrivateKey generates a key pair using elliptic curve P-256.
+func GenerateECP256PrivateKey() (PrivateKey, error) {
+	k, err := generateECPrivateKey(elliptic.P256())
+	if err != nil {
+		return nil, fmt.Errorf("error generating EC P-256 key: %s", err)
+	}
+
+	k.curveName = "P-256"
+	k.signatureAlgorithm = es256
+
+	return k, nil
+}
+
+// GenerateECP384PrivateKey generates a key pair using elliptic curve P-384.
+func GenerateECP384PrivateKey() (PrivateKey, error) {
+	k, err := generateECPrivateKey(elliptic.P384())
+	if err != nil {
+		return nil, fmt.Errorf("error generating EC P-384 key: %s", err)
+	}
+
+	k.curveName = "P-384"
+	k.signatureAlgorithm = es384
+
+	return k, nil
+}
+
+// GenerateECP521PrivateKey generates aß key pair using elliptic curve P-521.
+func GenerateECP521PrivateKey() (PrivateKey, error) {
+	k, err := generateECPrivateKey(elliptic.P521())
+	if err != nil {
+		return nil, fmt.Errorf("error generating EC P-521 key: %s", err)
+	}
+
+	k.curveName = "P-521"
+	k.signatureAlgorithm = es512
+
+	return k, nil
+}
diff --git a/vendor/github.com/docker/libtrust/filter.go b/vendor/github.com/docker/libtrust/filter.go
new file mode 100644
index 000000000..5b2b4fca6
--- /dev/null
+++ b/vendor/github.com/docker/libtrust/filter.go
@@ -0,0 +1,50 @@
+package libtrust
+
+import (
+	"path/filepath"
+)
+
+// FilterByHosts filters the list of PublicKeys to only those which contain a
+// 'hosts' pattern which matches the given host. If *includeEmpty* is true,
+// then keys which do not specify any hosts are also returned.
+func FilterByHosts(keys []PublicKey, host string, includeEmpty bool) ([]PublicKey, error) {
+	filtered := make([]PublicKey, 0, len(keys))
+
+	for _, pubKey := range keys {
+		var hosts []string
+		switch v := pubKey.GetExtendedField("hosts").(type) {
+		case []string:
+			hosts = v
+		case []interface{}:
+			for _, value := range v {
+				h, ok := value.(string)
+				if !ok {
+					continue
+				}
+				hosts = append(hosts, h)
+			}
+		}
+
+		if len(hosts) == 0 {
+			if includeEmpty {
+				filtered = append(filtered, pubKey)
+			}
+			continue
+		}
+
+		// Check if any hosts match pattern
+		for _, hostPattern := range hosts {
+			match, err := filepath.Match(hostPattern, host)
+			if err != nil {
+				return nil, err
+			}
+
+			if match {
+				filtered = append(filtered, pubKey)
+				continue
+			}
+		}
+	}
+
+	return filtered, nil
+}
diff --git a/vendor/github.com/docker/libtrust/hash.go b/vendor/github.com/docker/libtrust/hash.go
new file mode 100644
index 000000000..a2df787dd
--- /dev/null
+++ b/vendor/github.com/docker/libtrust/hash.go
@@ -0,0 +1,56 @@
+package libtrust
+
+import (
+	"crypto"
+	_ "crypto/sha256" // Registrer SHA224 and SHA256
+	_ "crypto/sha512" // Registrer SHA384 and SHA512
+	"fmt"
+)
+
+type signatureAlgorithm struct {
+	algHeaderParam string
+	hashID         crypto.Hash
+}
+
+func (h *signatureAlgorithm) HeaderParam() string {
+	return h.algHeaderParam
+}
+
+func (h *signatureAlgorithm) HashID() crypto.Hash {
+	return h.hashID
+}
+
+var (
+	rs256 = &signatureAlgorithm{"RS256", crypto.SHA256}
+	rs384 = &signatureAlgorithm{"RS384", crypto.SHA384}
+	rs512 = &signatureAlgorithm{"RS512", crypto.SHA512}
+	es256 = &signatureAlgorithm{"ES256", crypto.SHA256}
+	es384 = &signatureAlgorithm{"ES384", crypto.SHA384}
+	es512 = &signatureAlgorithm{"ES512", crypto.SHA512}
+)
+
+func rsaSignatureAlgorithmByName(alg string) (*signatureAlgorithm, error) {
+	switch {
+	case alg == "RS256":
+		return rs256, nil
+	case alg == "RS384":
+		return rs384, nil
+	case alg == "RS512":
+		return rs512, nil
+	default:
+		return nil, fmt.Errorf("RSA Digital Signature Algorithm %q not supported", alg)
+	}
+}
+
+func rsaPKCS1v15SignatureAlgorithmForHashID(hashID crypto.Hash) *signatureAlgorithm {
+	switch {
+	case hashID == crypto.SHA512:
+		return rs512
+	case hashID == crypto.SHA384:
+		return rs384
+	case hashID == crypto.SHA256:
+		fallthrough
+	default:
+		return rs256
+	}
+}
diff --git a/vendor/github.com/docker/libtrust/jsonsign.go b/vendor/github.com/docker/libtrust/jsonsign.go
new file mode 100644
index 000000000..cb2ca9a76
--- /dev/null
+++ b/vendor/github.com/docker/libtrust/jsonsign.go
@@ -0,0 +1,657 @@
+package libtrust
+
+import (
+	"bytes"
+	"crypto"
+	"crypto/x509"
+	"encoding/base64"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"sort"
+	"time"
+	"unicode"
+)
+
+var (
+	// ErrInvalidSignContent is used when the content to be signed is invalid.
+	ErrInvalidSignContent = errors.New("invalid sign content")
+
+	// ErrInvalidJSONContent is used when invalid json is encountered.
+	ErrInvalidJSONContent = errors.New("invalid json content")
+
+	// ErrMissingSignatureKey is used when the specified signature key
+	// does not exist in the JSON content.
+	ErrMissingSignatureKey = errors.New("missing signature key")
+)
+
+type jsHeader struct {
+	JWK       PublicKey `json:"jwk,omitempty"`
+	Algorithm string    `json:"alg"`
+	Chain     []string  `json:"x5c,omitempty"`
+}
+
+type jsSignature struct {
+	Header    jsHeader `json:"header"`
+	Signature string   `json:"signature"`
+	Protected string   `json:"protected,omitempty"`
+}
+
+type jsSignaturesSorted []jsSignature
+
+func (jsbkid jsSignaturesSorted) Swap(i, j int) { jsbkid[i], jsbkid[j] = jsbkid[j], jsbkid[i] }
+func (jsbkid jsSignaturesSorted) Len() int      { return len(jsbkid) }
+
+func (jsbkid jsSignaturesSorted) Less(i, j int) bool {
+	ki, kj := jsbkid[i].Header.JWK.KeyID(), jsbkid[j].Header.JWK.KeyID()
+	si, sj := jsbkid[i].Signature, jsbkid[j].Signature
+
+	if ki == kj {
+		return si < sj
+	}
+
+	return ki < kj
+}
+
+type signKey struct {
+	PrivateKey
+	Chain []*x509.Certificate
+}
+
+// JSONSignature represents a signature of a json object.
+type JSONSignature struct {
+	payload      string
+	signatures   []jsSignature
+	indent       string
+	formatLength int
+	formatTail   []byte
+}
+
+func newJSONSignature() *JSONSignature {
+	return &JSONSignature{
+		signatures: make([]jsSignature, 0, 1),
+	}
+}
+
+// Payload returns the encoded payload of the signature. This
+// payload should not be signed directly
+func (js *JSONSignature) Payload() ([]byte, error) {
+	return joseBase64UrlDecode(js.payload)
+}
+
+func (js *JSONSignature) protectedHeader() (string, error) {
+	protected := map[string]interface{}{
+		"formatLength": js.formatLength,
+		"formatTail":   joseBase64UrlEncode(js.formatTail),
+		"time":         time.Now().UTC().Format(time.RFC3339),
+	}
+	protectedBytes, err := json.Marshal(protected)
+	if err != nil {
+		return "", err
+	}
+
+	return joseBase64UrlEncode(protectedBytes), nil
+}
+
+func (js *JSONSignature) signBytes(protectedHeader string) ([]byte, error) {
+	buf := make([]byte, len(js.payload)+len(protectedHeader)+1)
+	copy(buf, protectedHeader)
+	buf[len(protectedHeader)] = '.'
+	copy(buf[len(protectedHeader)+1:], js.payload)
+	return buf, nil
+}
+
+// Sign adds a signature using the given private key.
+func (js *JSONSignature) Sign(key PrivateKey) error {
+	protected, err := js.protectedHeader()
+	if err != nil {
+		return err
+	}
+	signBytes, err := js.signBytes(protected)
+	if err != nil {
+		return err
+	}
+	sigBytes, algorithm, err := key.Sign(bytes.NewReader(signBytes), crypto.SHA256)
+	if err != nil {
+		return err
+	}
+
+	js.signatures = append(js.signatures, jsSignature{
+		Header: jsHeader{
+			JWK:       key.PublicKey(),
+			Algorithm: algorithm,
+		},
+		Signature: joseBase64UrlEncode(sigBytes),
+		Protected: protected,
+	})
+
+	return nil
+}
+
+// SignWithChain adds a signature using the given private key
+// and setting the x509 chain. The public key of the first element
+// in the chain must be the public key corresponding with the sign key.
+func (js *JSONSignature) SignWithChain(key PrivateKey, chain []*x509.Certificate) error {
+	// Ensure key.Chain[0] is public key for key
+	//key.Chain.PublicKey
+	//key.PublicKey().CryptoPublicKey()
+
+	// Verify chain
+	protected, err := js.protectedHeader()
+	if err != nil {
+		return err
+	}
+	signBytes, err := js.signBytes(protected)
+	if err != nil {
+		return err
+	}
+	sigBytes, algorithm, err := key.Sign(bytes.NewReader(signBytes), crypto.SHA256)
+	if err != nil {
+		return err
+	}
+
+	header := jsHeader{
+		Chain:     make([]string, len(chain)),
+		Algorithm: algorithm,
+	}
+
+	for i, cert := range chain {
+		header.Chain[i] = base64.StdEncoding.EncodeToString(cert.Raw)
+	}
+
+	js.signatures = append(js.signatures, jsSignature{
+		Header:    header,
+		Signature: joseBase64UrlEncode(sigBytes),
+		Protected: protected,
+	})
+
+	return nil
+}
+
+// Verify verifies all the signatures and returns the list of
+// public keys used to sign. Any x509 chains are not checked.
+func (js *JSONSignature) Verify() ([]PublicKey, error) {
+	keys := make([]PublicKey, len(js.signatures))
+	for i, signature := range js.signatures {
+		signBytes, err := js.signBytes(signature.Protected)
+		if err != nil {
+			return nil, err
+		}
+		var publicKey PublicKey
+		if len(signature.Header.Chain) > 0 {
+			certBytes, err := base64.StdEncoding.DecodeString(signature.Header.Chain[0])
+			if err != nil {
+				return nil, err
+			}
+			cert, err := x509.ParseCertificate(certBytes)
+			if err != nil {
+				return nil, err
+			}
+			publicKey, err = FromCryptoPublicKey(cert.PublicKey)
+			if err != nil {
+				return nil, err
+			}
+		} else if signature.Header.JWK != nil {
+			publicKey = signature.Header.JWK
+		} else {
+			return nil, errors.New("missing public key")
+		}
+
+		sigBytes, err := joseBase64UrlDecode(signature.Signature)
+		if err != nil {
+			return nil, err
+		}
+
+		err = publicKey.Verify(bytes.NewReader(signBytes), signature.Header.Algorithm, sigBytes)
+		if err != nil {
+			return nil, err
+		}
+
+		keys[i] = publicKey
+	}
+	return keys, nil
+}
+
+// VerifyChains verifies all the signatures and the chains associated
+// with each signature and returns the list of verified chains.
+// Signatures without an x509 chain are not checked.
+func (js *JSONSignature) VerifyChains(ca *x509.CertPool) ([][]*x509.Certificate, error) {
+	chains := make([][]*x509.Certificate, 0, len(js.signatures))
+	for _, signature := range js.signatures {
+		signBytes, err := js.signBytes(signature.Protected)
+		if err != nil {
+			return nil, err
+		}
+		var publicKey PublicKey
+		if len(signature.Header.Chain) > 0 {
+			certBytes, err := base64.StdEncoding.DecodeString(signature.Header.Chain[0])
+			if err != nil {
+				return nil, err
+			}
+			cert, err := x509.ParseCertificate(certBytes)
+			if err != nil {
+				return nil, err
+			}
+			publicKey, err = FromCryptoPublicKey(cert.PublicKey)
+			if err != nil {
+				return nil, err
+			}
+			intermediates := x509.NewCertPool()
+			if len(signature.Header.Chain) > 1 {
+				intermediateChain := signature.Header.Chain[1:]
+				for i := range intermediateChain {
+					certBytes, err := base64.StdEncoding.DecodeString(intermediateChain[i])
+					if err != nil {
+						return nil, err
+					}
+					intermediate, err := x509.ParseCertificate(certBytes)
+					if err != nil {
+						return nil, err
+					}
+					intermediates.AddCert(intermediate)
+				}
+			}
+
+			verifyOptions := x509.VerifyOptions{
+				Intermediates: intermediates,
+				Roots:         ca,
+			}
+
+			verifiedChains, err := cert.Verify(verifyOptions)
+			if err != nil {
+				return nil, err
+			}
+			chains = append(chains, verifiedChains...)
+
+			sigBytes, err := joseBase64UrlDecode(signature.Signature)
+			if err != nil {
+				return nil, err
+			}
+
+			err = publicKey.Verify(bytes.NewReader(signBytes), signature.Header.Algorithm, sigBytes)
+			if err != nil {
+				return nil, err
+			}
+		}
+
+	}
+	return chains, nil
+}
+
+// JWS returns JSON serialized JWS according to
+// http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-31#section-7.2
+func (js *JSONSignature) JWS() ([]byte, error) {
+	if len(js.signatures) == 0 {
+		return nil, errors.New("missing signature")
+	}
+
+	sort.Sort(jsSignaturesSorted(js.signatures))
+
+	jsonMap := map[string]interface{}{
+		"payload":    js.payload,
+		"signatures": js.signatures,
+	}
+
+	return json.MarshalIndent(jsonMap, "", "   ")
+}
+
+func notSpace(r rune) bool {
+	return !unicode.IsSpace(r)
+}
+
+func detectJSONIndent(jsonContent []byte) (indent string) {
+	if len(jsonContent) > 2 && jsonContent[0] == '{' && jsonContent[1] == '\n' {
+		quoteIndex := bytes.IndexRune(jsonContent[1:], '"')
+		if quoteIndex > 0 {
+			indent = string(jsonContent[2 : quoteIndex+1])
+		}
+	}
+	return
+}
+
+type jsParsedHeader struct {
+	JWK       json.RawMessage `json:"jwk"`
+	Algorithm string          `json:"alg"`
+	Chain     []string        `json:"x5c"`
+}
+
+type jsParsedSignature struct {
+	Header    jsParsedHeader `json:"header"`
+	Signature string         `json:"signature"`
+	Protected string         `json:"protected"`
+}
+
+// ParseJWS parses a JWS serialized JSON object into a Json Signature.
+func ParseJWS(content []byte) (*JSONSignature, error) {
+	type jsParsed struct {
+		Payload    string              `json:"payload"`
+		Signatures []jsParsedSignature `json:"signatures"`
+	}
+	parsed := &jsParsed{}
+	err := json.Unmarshal(content, parsed)
+	if err != nil {
+		return nil, err
+	}
+	if len(parsed.Signatures) == 0 {
+		return nil, errors.New("missing signatures")
+	}
+	payload, err := joseBase64UrlDecode(parsed.Payload)
+	if err != nil {
+		return nil, err
+	}
+
+	js, err := NewJSONSignature(payload)
+	if err != nil {
+		return nil, err
+	}
+	js.signatures = make([]jsSignature, len(parsed.Signatures))
+	for i, signature := range parsed.Signatures {
+		header := jsHeader{
+			Algorithm: signature.Header.Algorithm,
+		}
+		if signature.Header.Chain != nil {
+			header.Chain = signature.Header.Chain
+		}
+		if signature.Header.JWK != nil {
+			publicKey, err := UnmarshalPublicKeyJWK([]byte(signature.Header.JWK))
+			if err != nil {
+				return nil, err
+			}
+			header.JWK = publicKey
+		}
+		js.signatures[i] = jsSignature{
+			Header:    header,
+			Signature: signature.Signature,
+			Protected: signature.Protected,
+		}
+	}
+
+	return js, nil
+}
+
+// NewJSONSignature returns a new unsigned JWS from a json byte array.
+// JSONSignature will need to be signed before serializing or storing.
+// Optionally, one or more signatures can be provided as byte buffers,
+// containing serialized JWS signatures, to assemble a fully signed JWS
+// package. It is the callers responsibility to ensure uniqueness of the
+// provided signatures.
+func NewJSONSignature(content []byte, signatures ...[]byte) (*JSONSignature, error) {
+	var dataMap map[string]interface{}
+	err := json.Unmarshal(content, &dataMap)
+	if err != nil {
+		return nil, err
+	}
+
+	js := newJSONSignature()
+	js.indent = detectJSONIndent(content)
+
+	js.payload = joseBase64UrlEncode(content)
+
+	// Find trailing } and whitespace, put in protected header
+	closeIndex := bytes.LastIndexFunc(content, notSpace)
+	if content[closeIndex] != '}' {
+		return nil, ErrInvalidJSONContent
+	}
+	lastRuneIndex := bytes.LastIndexFunc(content[:closeIndex], notSpace)
+	if content[lastRuneIndex] == ',' {
+		return nil, ErrInvalidJSONContent
+	}
+	js.formatLength = lastRuneIndex + 1
+	js.formatTail = content[js.formatLength:]
+
+	if len(signatures) > 0 {
+		for _, signature := range signatures {
+			var parsedJSig jsParsedSignature
+
+			if err := json.Unmarshal(signature, &parsedJSig); err != nil {
+				return nil, err
+			}
+
+			// TODO(stevvooe): A lot of the code below is repeated in
+			// ParseJWS. It will require more refactoring to fix that.
+			jsig := jsSignature{
+				Header: jsHeader{
+					Algorithm: parsedJSig.Header.Algorithm,
+				},
+				Signature: parsedJSig.Signature,
+				Protected: parsedJSig.Protected,
+			}
+
+			if parsedJSig.Header.Chain != nil {
+				jsig.Header.Chain = parsedJSig.Header.Chain
+			}
+
+			if parsedJSig.Header.JWK != nil {
+				publicKey, err := UnmarshalPublicKeyJWK([]byte(parsedJSig.Header.JWK))
+				if err != nil {
+					return nil, err
+				}
+				jsig.Header.JWK = publicKey
+			}
+
+			js.signatures = append(js.signatures, jsig)
+		}
+	}
+
+	return js, nil
+}
+
+// NewJSONSignatureFromMap returns a new unsigned JSONSignature from a map or
+// struct. JWS will need to be signed before serializing or storing.
+func NewJSONSignatureFromMap(content interface{}) (*JSONSignature, error) {
+	switch content.(type) {
+	case map[string]interface{}:
+	case struct{}:
+	default:
+		return nil, errors.New("invalid data type")
+	}
+
+	js := newJSONSignature()
+	js.indent = "   "
+
+	payload, err := json.MarshalIndent(content, "", js.indent)
+	if err != nil {
+		return nil, err
+	}
+	js.payload = joseBase64UrlEncode(payload)
+
+	// Remove '\n}' from formatted section, put in protected header
+	js.formatLength = len(payload) - 2
+	js.formatTail = payload[js.formatLength:]
+
+	return js, nil
+}
+
+func readIntFromMap(key string, m map[string]interface{}) (int, bool) {
+	value, ok := m[key]
+	if !ok {
+		return 0, false
+	}
+	switch v := value.(type) {
+	case int:
+		return v, true
+	case float64:
+		return int(v), true
+	default:
+		return 0, false
+	}
+}
+
+func readStringFromMap(key string, m map[string]interface{}) (v string, ok bool) {
+	value, ok := m[key]
+	if !ok {
+		return "", false
+	}
+	v, ok = value.(string)
+	return
+}
+
+// ParsePrettySignature parses a formatted signature into a
+// JSON signature. If the signatures are missing the format information
+// an error is thrown. The formatted signature must be created by
+// the same method as format signature.
+func ParsePrettySignature(content []byte, signatureKey string) (*JSONSignature, error) {
+	var contentMap map[string]json.RawMessage
+	err := json.Unmarshal(content, &contentMap)
+	if err != nil {
+		return nil, fmt.Errorf("error unmarshalling content: %s", err)
+	}
+	sigMessage, ok := contentMap[signatureKey]
+	if !ok {
+		return nil, ErrMissingSignatureKey
+	}
+
+	var signatureBlocks []jsParsedSignature
+	err = json.Unmarshal([]byte(sigMessage), &signatureBlocks)
+	if err != nil {
+		return nil, fmt.Errorf("error unmarshalling signatures: %s", err)
+	}
+
+	js := newJSONSignature()
+	js.signatures = make([]jsSignature, len(signatureBlocks))
+
+	for i, signatureBlock := range signatureBlocks {
+		protectedBytes, err := joseBase64UrlDecode(signatureBlock.Protected)
+		if err != nil {
+			return nil, fmt.Errorf("base64 decode error: %s", err)
+		}
+		var protectedHeader map[string]interface{}
+		err = json.Unmarshal(protectedBytes, &protectedHeader)
+		if err != nil {
+			return nil, fmt.Errorf("error unmarshalling protected header: %s", err)
+		}
+
+		formatLength, ok := readIntFromMap("formatLength", protectedHeader)
+		if !ok {
+			return nil, errors.New("missing formatted length")
+		}
+		encodedTail, ok := readStringFromMap("formatTail", protectedHeader)
+		if !ok {
+			return nil, errors.New("missing formatted tail")
+		}
+		formatTail, err := joseBase64UrlDecode(encodedTail)
+		if err != nil {
+			return nil, fmt.Errorf("base64 decode error on tail: %s", err)
+		}
+		if js.formatLength == 0 {
+			js.formatLength = formatLength
+		} else if js.formatLength != formatLength {
+			return nil, errors.New("conflicting format length")
+		}
+		if len(js.formatTail) == 0 {
+			js.formatTail = formatTail
+		} else if bytes.Compare(js.formatTail, formatTail) != 0 {
+			return nil, errors.New("conflicting format tail")
+		}
+
+		header := jsHeader{
+			Algorithm: signatureBlock.Header.Algorithm,
+			Chain:     signatureBlock.Header.Chain,
+		}
+		if signatureBlock.Header.JWK != nil {
+			publicKey, err := UnmarshalPublicKeyJWK([]byte(signatureBlock.Header.JWK))
+			if err != nil {
+				return nil, fmt.Errorf("error unmarshalling public key: %s", err)
+			}
+			header.JWK = publicKey
+		}
+		js.signatures[i] = jsSignature{
+			Header:    header,
+			Signature: signatureBlock.Signature,
+			Protected: signatureBlock.Protected,
+		}
+	}
+	if js.formatLength > len(content) {
+		return nil, errors.New("invalid format length")
+	}
+	formatted := make([]byte, js.formatLength+len(js.formatTail))
+	copy(formatted, content[:js.formatLength])
+	copy(formatted[js.formatLength:], js.formatTail)
+	js.indent = detectJSONIndent(formatted)
+	js.payload = joseBase64UrlEncode(formatted)
+
+	return js, nil
+}
+
+// PrettySignature formats a json signature into an easy to read
+// single json serialized object.
+func (js *JSONSignature) PrettySignature(signatureKey string) ([]byte, error) {
+	if len(js.signatures) == 0 {
+		return nil, errors.New("no signatures")
+	}
+	payload, err := joseBase64UrlDecode(js.payload)
+	if err != nil {
+		return nil, err
+	}
+	payload = payload[:js.formatLength]
+
+	sort.Sort(jsSignaturesSorted(js.signatures))
+
+	var marshalled []byte
+	var marshallErr error
+	if js.indent != "" {
+		marshalled, marshallErr = json.MarshalIndent(js.signatures, js.indent, js.indent)
+	} else {
+		marshalled, marshallErr = json.Marshal(js.signatures)
+	}
+	if marshallErr != nil {
+		return nil, marshallErr
+	}
+
+	buf := bytes.NewBuffer(make([]byte, 0, len(payload)+len(marshalled)+34))
+	buf.Write(payload)
+	buf.WriteByte(',')
+	if js.indent != "" {
+		buf.WriteByte('\n')
+		buf.WriteString(js.indent)
+		buf.WriteByte('"')
+		buf.WriteString(signatureKey)
+		buf.WriteString("\": ")
+		buf.Write(marshalled)
+		buf.WriteByte('\n')
+	} else {
+		buf.WriteByte('"')
+		buf.WriteString(signatureKey)
+		buf.WriteString("\":")
+		buf.Write(marshalled)
+	}
+	buf.WriteByte('}')
+
+	return buf.Bytes(), nil
+}
+
+// Signatures provides the signatures on this JWS as opaque blobs, sorted by
+// keyID. These blobs can be stored and reassembled with payloads. Internally,
+// they are simply marshaled json web signatures but implementations should
+// not rely on this.
+func (js *JSONSignature) Signatures() ([][]byte, error) {
+	sort.Sort(jsSignaturesSorted(js.signatures))
+
+	var sb [][]byte
+	for _, jsig := range js.signatures {
+		p, err := json.Marshal(jsig)
+		if err != nil {
+			return nil, err
+		}
+
+		sb = append(sb, p)
+	}
+
+	return sb, nil
+}
+
+// Merge combines the signatures from one or more other signatures into the
+// method receiver. If the payloads differ for any argument, an error will be
+// returned and the receiver will not be modified.
+func (js *JSONSignature) Merge(others ...*JSONSignature) error {
+	merged := js.signatures
+	for _, other := range others {
+		if js.payload != other.payload {
+			return fmt.Errorf("payloads differ from merge target")
+		}
+		merged = append(merged, other.signatures...)
+	}
+
+	js.signatures = merged
+	return nil
+}
diff --git a/vendor/github.com/docker/libtrust/key.go b/vendor/github.com/docker/libtrust/key.go
new file mode 100644
index 000000000..73642db2a
--- /dev/null
+++ b/vendor/github.com/docker/libtrust/key.go
@@ -0,0 +1,253 @@
+package libtrust
+
+import (
+	"crypto"
+	"crypto/ecdsa"
+	"crypto/rsa"
+	"crypto/x509"
+	"encoding/json"
+	"encoding/pem"
+	"errors"
+	"fmt"
+	"io"
+)
+
+// PublicKey is a generic interface for a Public Key.
+type PublicKey interface {
+	// KeyType returns the key type for this key. For elliptic curve keys,
+	// this value should be "EC". For RSA keys, this value should be "RSA".
+	KeyType() string
+	// KeyID returns a distinct identifier which is unique to this Public Key.
+	// The format generated by this library is a base32 encoding of a 240 bit
+	// hash of the public key data divided into 12 groups like so:
+	//    ABCD:EFGH:IJKL:MNOP:QRST:UVWX:YZ23:4567:ABCD:EFGH:IJKL:MNOP
+	KeyID() string
+	// Verify verifyies the signature of the data in the io.Reader using this
+	// Public Key. The alg parameter should identify the digital signature
+	// algorithm which was used to produce the signature and should be
+	// supported by this public key. Returns a nil error if the signature
+	// is valid.
+	Verify(data io.Reader, alg string, signature []byte) error
+	// CryptoPublicKey returns the internal object which can be used as a
+	// crypto.PublicKey for use with other standard library operations. The type
+	// is either *rsa.PublicKey or *ecdsa.PublicKey
+	CryptoPublicKey() crypto.PublicKey
+	// These public keys can be serialized to the standard JSON encoding for
+	// JSON Web Keys. See section 6 of the IETF draft RFC for JOSE JSON Web
+	// Algorithms.
+	MarshalJSON() ([]byte, error)
+	// These keys can also be serialized to the standard PEM encoding.
+	PEMBlock() (*pem.Block, error)
+	// The string representation of a key is its key type and ID.
+	String() string
+	AddExtendedField(string, interface{})
+	GetExtendedField(string) interface{}
+}
+
+// PrivateKey is a generic interface for a Private Key.
+type PrivateKey interface {
+	// A PrivateKey contains all fields and methods of a PublicKey of the
+	// same type. The MarshalJSON method also outputs the private key as a
+	// JSON Web Key, and the PEMBlock method outputs the private key as a
+	// PEM block.
+	PublicKey
+	// PublicKey returns the PublicKey associated with this PrivateKey.
+	PublicKey() PublicKey
+	// Sign signs the data read from the io.Reader using a signature algorithm
+	// supported by the private key. If the specified hashing algorithm is
+	// supported by this key, that hash function is used to generate the
+	// signature otherwise the the default hashing algorithm for this key is
+	// used. Returns the signature and identifier of the algorithm used.
+	Sign(data io.Reader, hashID crypto.Hash) (signature []byte, alg string, err error)
+	// CryptoPrivateKey returns the internal object which can be used as a
+	// crypto.PublicKey for use with other standard library operations. The
+	// type is either *rsa.PublicKey or *ecdsa.PublicKey
+	CryptoPrivateKey() crypto.PrivateKey
+}
+
+// FromCryptoPublicKey returns a libtrust PublicKey representation of the given
+// *ecdsa.PublicKey or *rsa.PublicKey. Returns a non-nil error when the given
+// key is of an unsupported type.
+func FromCryptoPublicKey(cryptoPublicKey crypto.PublicKey) (PublicKey, error) {
+	switch cryptoPublicKey := cryptoPublicKey.(type) {
+	case *ecdsa.PublicKey:
+		return fromECPublicKey(cryptoPublicKey)
+	case *rsa.PublicKey:
+		return fromRSAPublicKey(cryptoPublicKey), nil
+	default:
+		return nil, fmt.Errorf("public key type %T is not supported", cryptoPublicKey)
+	}
+}
+
+// FromCryptoPrivateKey returns a libtrust PrivateKey representation of the given
+// *ecdsa.PrivateKey or *rsa.PrivateKey. Returns a non-nil error when the given
+// key is of an unsupported type.
+func FromCryptoPrivateKey(cryptoPrivateKey crypto.PrivateKey) (PrivateKey, error) {
+	switch cryptoPrivateKey := cryptoPrivateKey.(type) {
+	case *ecdsa.PrivateKey:
+		return fromECPrivateKey(cryptoPrivateKey)
+	case *rsa.PrivateKey:
+		return fromRSAPrivateKey(cryptoPrivateKey), nil
+	default:
+		return nil, fmt.Errorf("private key type %T is not supported", cryptoPrivateKey)
+	}
+}
+
+// UnmarshalPublicKeyPEM parses the PEM encoded data and returns a libtrust
+// PublicKey or an error if there is a problem with the encoding.
+func UnmarshalPublicKeyPEM(data []byte) (PublicKey, error) {
+	pemBlock, _ := pem.Decode(data)
+	if pemBlock == nil {
+		return nil, errors.New("unable to find PEM encoded data")
+	} else if pemBlock.Type != "PUBLIC KEY" {
+		return nil, fmt.Errorf("unable to get PublicKey from PEM type: %s", pemBlock.Type)
+	}
+
+	return pubKeyFromPEMBlock(pemBlock)
+}
+
+// UnmarshalPublicKeyPEMBundle parses the PEM encoded data as a bundle of
+// PEM blocks appended one after the other and returns a slice of PublicKey
+// objects that it finds.
+func UnmarshalPublicKeyPEMBundle(data []byte) ([]PublicKey, error) {
+	pubKeys := []PublicKey{}
+
+	for {
+		var pemBlock *pem.Block
+		pemBlock, data = pem.Decode(data)
+		if pemBlock == nil {
+			break
+		} else if pemBlock.Type != "PUBLIC KEY" {
+			return nil, fmt.Errorf("unable to get PublicKey from PEM type: %s", pemBlock.Type)
+		}
+
+		pubKey, err := pubKeyFromPEMBlock(pemBlock)
+		if err != nil {
+			return nil, err
+		}
+
+		pubKeys = append(pubKeys, pubKey)
+	}
+
+	return pubKeys, nil
+}
+
+// UnmarshalPrivateKeyPEM parses the PEM encoded data and returns a libtrust
+// PrivateKey or an error if there is a problem with the encoding.
+func UnmarshalPrivateKeyPEM(data []byte) (PrivateKey, error) {
+	pemBlock, _ := pem.Decode(data)
+	if pemBlock == nil {
+		return nil, errors.New("unable to find PEM encoded data")
+	}
+
+	var key PrivateKey
+
+	switch {
+	case pemBlock.Type == "RSA PRIVATE KEY":
+		rsaPrivateKey, err := x509.ParsePKCS1PrivateKey(pemBlock.Bytes)
+		if err != nil {
+			return nil, fmt.Errorf("unable to decode RSA Private Key PEM data: %s", err)
+		}
+		key = fromRSAPrivateKey(rsaPrivateKey)
+	case pemBlock.Type == "EC PRIVATE KEY":
+		ecPrivateKey, err := x509.ParseECPrivateKey(pemBlock.Bytes)
+		if err != nil {
+			return nil, fmt.Errorf("unable to decode EC Private Key PEM data: %s", err)
+		}
+		key, err = fromECPrivateKey(ecPrivateKey)
+		if err != nil {
+			return nil, err
+		}
+	default:
+		return nil, fmt.Errorf("unable to get PrivateKey from PEM type: %s", pemBlock.Type)
+	}
+
+	addPEMHeadersToKey(pemBlock, key.PublicKey())
+
+	return key, nil
+}
+
+// UnmarshalPublicKeyJWK unmarshals the given JSON Web Key into a generic
+// Public Key to be used with libtrust.
+func UnmarshalPublicKeyJWK(data []byte) (PublicKey, error) {
+	jwk := make(map[string]interface{})
+
+	err := json.Unmarshal(data, &jwk)
+	if err != nil {
+		return nil, fmt.Errorf(
+			"decoding JWK Public Key JSON data: %s\n", err,
+		)
+	}
+
+	// Get the Key Type value.
+	kty, err := stringFromMap(jwk, "kty")
+	if err != nil {
+		return nil, fmt.Errorf("JWK Public Key type: %s", err)
+	}
+
+	switch {
+	case kty == "EC":
+		// Call out to unmarshal EC public key.
+		return ecPublicKeyFromMap(jwk)
+	case kty == "RSA":
+		// Call out to unmarshal RSA public key.
+		return rsaPublicKeyFromMap(jwk)
+	default:
+		return nil, fmt.Errorf(
+			"JWK Public Key type not supported: %q\n", kty,
+		)
+	}
+}
+
+// UnmarshalPublicKeyJWKSet parses the JSON encoded data as a JSON Web Key Set
+// and returns a slice of Public Key objects.
+func UnmarshalPublicKeyJWKSet(data []byte) ([]PublicKey, error) {
+	rawKeys, err := loadJSONKeySetRaw(data)
+	if err != nil {
+		return nil, err
+	}
+
+	pubKeys := make([]PublicKey, 0, len(rawKeys))
+
+	for _, rawKey := range rawKeys {
+		pubKey, err := UnmarshalPublicKeyJWK(rawKey)
+		if err != nil {
+			return nil, err
+		}
+		pubKeys = append(pubKeys, pubKey)
+	}
+
+	return pubKeys, nil
+}
+
+// UnmarshalPrivateKeyJWK unmarshals the given JSON Web Key into a generic
+// Private Key to be used with libtrust.
+func UnmarshalPrivateKeyJWK(data []byte) (PrivateKey, error) {
+	jwk := make(map[string]interface{})
+
+	err := json.Unmarshal(data, &jwk)
+	if err != nil {
+		return nil, fmt.Errorf(
+			"decoding JWK Private Key JSON data: %s\n", err,
+		)
+	}
+
+	// Get the Key Type value.
+	kty, err := stringFromMap(jwk, "kty")
+	if err != nil {
+		return nil, fmt.Errorf("JWK Private Key type: %s", err)
+	}
+
+	switch {
+	case kty == "EC":
+		// Call out to unmarshal EC private key.
+		return ecPrivateKeyFromMap(jwk)
+	case kty == "RSA":
+		// Call out to unmarshal RSA private key.
+		return rsaPrivateKeyFromMap(jwk)
+	default:
+		return nil, fmt.Errorf(
+			"JWK Private Key type not supported: %q\n", kty,
+		)
+	}
+}
diff --git a/vendor/github.com/docker/libtrust/key_files.go b/vendor/github.com/docker/libtrust/key_files.go
new file mode 100644
index 000000000..c526de545
--- /dev/null
+++ b/vendor/github.com/docker/libtrust/key_files.go
@@ -0,0 +1,255 @@
+package libtrust
+
+import (
+	"encoding/json"
+	"encoding/pem"
+	"errors"
+	"fmt"
+	"io/ioutil"
+	"os"
+	"strings"
+)
+
+var (
+	// ErrKeyFileDoesNotExist indicates that the private key file does not exist.
+	ErrKeyFileDoesNotExist = errors.New("key file does not exist")
+)
+
+func readKeyFileBytes(filename string) ([]byte, error) {
+	data, err := ioutil.ReadFile(filename)
+	if err != nil {
+		if os.IsNotExist(err) {
+			err = ErrKeyFileDoesNotExist
+		} else {
+			err = fmt.Errorf("unable to read key file %s: %s", filename, err)
+		}
+
+		return nil, err
+	}
+
+	return data, nil
+}
+
+/*
+	Loading and Saving of Public and Private Keys in either PEM or JWK format.
+*/
+
+// LoadKeyFile opens the given filename and attempts to read a Private Key
+// encoded in either PEM or JWK format (if .json or .jwk file extension).
+func LoadKeyFile(filename string) (PrivateKey, error) {
+	contents, err := readKeyFileBytes(filename)
+	if err != nil {
+		return nil, err
+	}
+
+	var key PrivateKey
+
+	if strings.HasSuffix(filename, ".json") || strings.HasSuffix(filename, ".jwk") {
+		key, err = UnmarshalPrivateKeyJWK(contents)
+		if err != nil {
+			return nil, fmt.Errorf("unable to decode private key JWK: %s", err)
+		}
+	} else {
+		key, err = UnmarshalPrivateKeyPEM(contents)
+		if err != nil {
+			return nil, fmt.Errorf("unable to decode private key PEM: %s", err)
+		}
+	}
+
+	return key, nil
+}
+
+// LoadPublicKeyFile opens the given filename and attempts to read a Public Key
+// encoded in either PEM or JWK format (if .json or .jwk file extension).
+func LoadPublicKeyFile(filename string) (PublicKey, error) {
+	contents, err := readKeyFileBytes(filename)
+	if err != nil {
+		return nil, err
+	}
+
+	var key PublicKey
+
+	if strings.HasSuffix(filename, ".json") || strings.HasSuffix(filename, ".jwk") {
+		key, err = UnmarshalPublicKeyJWK(contents)
+		if err != nil {
+			return nil, fmt.Errorf("unable to decode public key JWK: %s", err)
+		}
+	} else {
+		key, err = UnmarshalPublicKeyPEM(contents)
+		if err != nil {
+			return nil, fmt.Errorf("unable to decode public key PEM: %s", err)
+		}
+	}
+
+	return key, nil
+}
+
+// SaveKey saves the given key to a file using the provided filename.
+// This process will overwrite any existing file at the provided location.
+func SaveKey(filename string, key PrivateKey) error {
+	var encodedKey []byte
+	var err error
+
+	if strings.HasSuffix(filename, ".json") || strings.HasSuffix(filename, ".jwk") {
+		// Encode in JSON Web Key format.
+		encodedKey, err = json.MarshalIndent(key, "", "    ")
+		if err != nil {
+			return fmt.Errorf("unable to encode private key JWK: %s", err)
+		}
+	} else {
+		// Encode in PEM format.
+		pemBlock, err := key.PEMBlock()
+		if err != nil {
+			return fmt.Errorf("unable to encode private key PEM: %s", err)
+		}
+		encodedKey = pem.EncodeToMemory(pemBlock)
+	}
+
+	err = ioutil.WriteFile(filename, encodedKey, os.FileMode(0600))
+	if err != nil {
+		return fmt.Errorf("unable to write private key file %s: %s", filename, err)
+	}
+
+	return nil
+}
+
+// SavePublicKey saves the given public key to the file.
+func SavePublicKey(filename string, key PublicKey) error {
+	var encodedKey []byte
+	var err error
+
+	if strings.HasSuffix(filename, ".json") || strings.HasSuffix(filename, ".jwk") {
+		// Encode in JSON Web Key format.
+		encodedKey, err = json.MarshalIndent(key, "", "    ")
+		if err != nil {
+			return fmt.Errorf("unable to encode public key JWK: %s", err)
+		}
+	} else {
+		// Encode in PEM format.
+		pemBlock, err := key.PEMBlock()
+		if err != nil {
+			return fmt.Errorf("unable to encode public key PEM: %s", err)
+		}
+		encodedKey = pem.EncodeToMemory(pemBlock)
+	}
+
+	err = ioutil.WriteFile(filename, encodedKey, os.FileMode(0644))
+	if err != nil {
+		return fmt.Errorf("unable to write public key file %s: %s", filename, err)
+	}
+
+	return nil
+}
+
+// Public Key Set files
+
+type jwkSet struct {
+	Keys []json.RawMessage `json:"keys"`
+}
+
+// LoadKeySetFile loads a key set
+func LoadKeySetFile(filename string) ([]PublicKey, error) {
+	if strings.HasSuffix(filename, ".json") || strings.HasSuffix(filename, ".jwk") {
+		return loadJSONKeySetFile(filename)
+	}
+
+	// Must be a PEM format file
+	return loadPEMKeySetFile(filename)
+}
+
+func loadJSONKeySetRaw(data []byte) ([]json.RawMessage, error) {
+	if len(data) == 0 {
+		// This is okay, just return an empty slice.
+		return []json.RawMessage{}, nil
+	}
+
+	keySet := jwkSet{}
+
+	err := json.Unmarshal(data, &keySet)
+	if err != nil {
+		return nil, fmt.Errorf("unable to decode JSON Web Key Set: %s", err)
+	}
+
+	return keySet.Keys, nil
+}
+
+func loadJSONKeySetFile(filename string) ([]PublicKey, error) {
+	contents, err := readKeyFileBytes(filename)
+	if err != nil && err != ErrKeyFileDoesNotExist {
+		return nil, err
+	}
+
+	return UnmarshalPublicKeyJWKSet(contents)
+}
+
+func loadPEMKeySetFile(filename string) ([]PublicKey, error) {
+	data, err := readKeyFileBytes(filename)
+	if err != nil && err != ErrKeyFileDoesNotExist {
+		return nil, err
+	}
+
+	return UnmarshalPublicKeyPEMBundle(data)
+}
+
+// AddKeySetFile adds a key to a key set
+func AddKeySetFile(filename string, key PublicKey) error {
+	if strings.HasSuffix(filename, ".json") || strings.HasSuffix(filename, ".jwk") {
+		return addKeySetJSONFile(filename, key)
+	}
+
+	// Must be a PEM format file
+	return addKeySetPEMFile(filename, key)
+}
+
+func addKeySetJSONFile(filename string, key PublicKey) error {
+	encodedKey, err := json.Marshal(key)
+	if err != nil {
+		return fmt.Errorf("unable to encode trusted client key: %s", err)
+	}
+
+	contents, err := readKeyFileBytes(filename)
+	if err != nil && err != ErrKeyFileDoesNotExist {
+		return err
+	}
+
+	rawEntries, err := loadJSONKeySetRaw(contents)
+	if err != nil {
+		return err
+	}
+
+	rawEntries = append(rawEntries, json.RawMessage(encodedKey))
+	entriesWrapper := jwkSet{Keys: rawEntries}
+
+	encodedEntries, err := json.MarshalIndent(entriesWrapper, "", "    ")
+	if err != nil {
+		return fmt.Errorf("unable to encode trusted client keys: %s", err)
+	}
+
+	err = ioutil.WriteFile(filename, encodedEntries, os.FileMode(0644))
+	if err != nil {
+		return fmt.Errorf("unable to write trusted client keys file %s: %s", filename, err)
+	}
+
+	return nil
+}
+
+func addKeySetPEMFile(filename string, key PublicKey) error {
+	// Encode to PEM, open file for appending, write PEM.
+	file, err := os.OpenFile(filename, os.O_CREATE|os.O_APPEND|os.O_RDWR, os.FileMode(0644))
+	if err != nil {
+		return fmt.Errorf("unable to open trusted client keys file %s: %s", filename, err)
+	}
+	defer file.Close()
+
+	pemBlock, err := key.PEMBlock()
+	if err != nil {
+		return fmt.Errorf("unable to encoded trusted key: %s", err)
+	}
+
+	_, err = file.Write(pem.EncodeToMemory(pemBlock))
+	if err != nil {
+		return fmt.Errorf("unable to write trusted keys file: %s", err)
+	}
+
+	return nil
+}
diff --git a/vendor/github.com/docker/libtrust/key_manager.go b/vendor/github.com/docker/libtrust/key_manager.go
new file mode 100644
index 000000000..9a98ae357
--- /dev/null
+++ b/vendor/github.com/docker/libtrust/key_manager.go
@@ -0,0 +1,175 @@
+package libtrust
+
+import (
+	"crypto/tls"
+	"crypto/x509"
+	"fmt"
+	"io/ioutil"
+	"net"
+	"os"
+	"path"
+	"sync"
+)
+
+// ClientKeyManager manages client keys on the filesystem
+type ClientKeyManager struct {
+	key        PrivateKey
+	clientFile string
+	clientDir  string
+
+	clientLock sync.RWMutex
+	clients    []PublicKey
+
+	configLock sync.Mutex
+	configs    []*tls.Config
+}
+
+// NewClientKeyManager loads a new manager from a set of key files
+// and managed by the given private key.
+func NewClientKeyManager(trustKey PrivateKey, clientFile, clientDir string) (*ClientKeyManager, error) {
+	m := &ClientKeyManager{
+		key:        trustKey,
+		clientFile: clientFile,
+		clientDir:  clientDir,
+	}
+	if err := m.loadKeys(); err != nil {
+		return nil, err
+	}
+	// TODO Start watching file and directory
+
+	return m, nil
+}
+
+func (c *ClientKeyManager) loadKeys() (err error) {
+	// Load authorized keys file
+	var clients []PublicKey
+	if c.clientFile != "" {
+		clients, err = LoadKeySetFile(c.clientFile)
+		if err != nil {
+			return fmt.Errorf("unable to load authorized keys: %s", err)
+		}
+	}
+
+	// Add clients from authorized keys directory
+	files, err := ioutil.ReadDir(c.clientDir)
+	if err != nil && !os.IsNotExist(err) {
+		return fmt.Errorf("unable to open authorized keys directory: %s", err)
+	}
+	for _, f := range files {
+		if !f.IsDir() {
+			publicKey, err := LoadPublicKeyFile(path.Join(c.clientDir, f.Name()))
+			if err != nil {
+				return fmt.Errorf("unable to load authorized key file: %s", err)
+			}
+			clients = append(clients, publicKey)
+		}
+	}
+
+	c.clientLock.Lock()
+	c.clients = clients
+	c.clientLock.Unlock()
+
+	return nil
+}
+
+// RegisterTLSConfig registers a tls configuration to manager
+// such that any changes to the keys may be reflected in
+// the tls client CA pool
+func (c *ClientKeyManager) RegisterTLSConfig(tlsConfig *tls.Config) error {
+	c.clientLock.RLock()
+	certPool, err := GenerateCACertPool(c.key, c.clients)
+	if err != nil {
+		return fmt.Errorf("CA pool generation error: %s", err)
+	}
+	c.clientLock.RUnlock()
+
+	tlsConfig.ClientCAs = certPool
+
+	c.configLock.Lock()
+	c.configs = append(c.configs, tlsConfig)
+	c.configLock.Unlock()
+
+	return nil
+}
+
+// NewIdentityAuthTLSConfig creates a tls.Config for the server to use for
+// libtrust identity authentication for the domain specified
+func NewIdentityAuthTLSConfig(trustKey PrivateKey, clients *ClientKeyManager, addr string, domain string) (*tls.Config, error) {
+	tlsConfig := newTLSConfig()
+
+	tlsConfig.ClientAuth = tls.RequireAndVerifyClientCert
+	if err := clients.RegisterTLSConfig(tlsConfig); err != nil {
+		return nil, err
+	}
+
+	// Generate cert
+	ips, domains, err := parseAddr(addr)
+	if err != nil {
+		return nil, err
+	}
+	// add domain that it expects clients to use
+	domains = append(domains, domain)
+	x509Cert, err := GenerateSelfSignedServerCert(trustKey, domains, ips)
+	if err != nil {
+		return nil, fmt.Errorf("certificate generation error: %s", err)
+	}
+	tlsConfig.Certificates = []tls.Certificate{{
+		Certificate: [][]byte{x509Cert.Raw},
+		PrivateKey:  trustKey.CryptoPrivateKey(),
+		Leaf:        x509Cert,
+	}}
+
+	return tlsConfig, nil
+}
+
+// NewCertAuthTLSConfig creates a tls.Config for the server to use for
+// certificate authentication
+func NewCertAuthTLSConfig(caPath, certPath, keyPath string) (*tls.Config, error) {
+	tlsConfig := newTLSConfig()
+
+	cert, err := tls.LoadX509KeyPair(certPath, keyPath)
+	if err != nil {
+		return nil, fmt.Errorf("Couldn't load X509 key pair (%s, %s): %s. Key encrypted?", certPath, keyPath, err)
+	}
+	tlsConfig.Certificates = []tls.Certificate{cert}
+
+	// Verify client certificates against a CA?
+	if caPath != "" {
+		certPool := x509.NewCertPool()
+		file, err := ioutil.ReadFile(caPath)
+		if err != nil {
+			return nil, fmt.Errorf("Couldn't read CA certificate: %s", err)
+		}
+		certPool.AppendCertsFromPEM(file)
+
+		tlsConfig.ClientAuth = tls.RequireAndVerifyClientCert
+		tlsConfig.ClientCAs = certPool
+	}
+
+	return tlsConfig, nil
+}
+
+func newTLSConfig() *tls.Config {
+	return &tls.Config{
+		NextProtos: []string{"http/1.1"},
+		// Avoid fallback on insecure SSL protocols
+		MinVersion: tls.VersionTLS10,
+	}
+}
+
+// parseAddr parses an address into an array of IPs and domains
+func parseAddr(addr string) ([]net.IP, []string, error) {
+	host, _, err := net.SplitHostPort(addr)
+	if err != nil {
+		return nil, nil, err
+	}
+	var domains []string
+	var ips []net.IP
+	ip := net.ParseIP(host)
+	if ip != nil {
+		ips = []net.IP{ip}
+	} else {
+		domains = []string{host}
+	}
+	return ips, domains, nil
+}
diff --git a/vendor/github.com/docker/libtrust/rsa_key.go b/vendor/github.com/docker/libtrust/rsa_key.go
new file mode 100644
index 000000000..dac4cacf2
--- /dev/null
+++ b/vendor/github.com/docker/libtrust/rsa_key.go
@@ -0,0 +1,427 @@
+package libtrust
+
+import (
+	"crypto"
+	"crypto/rand"
+	"crypto/rsa"
+	"crypto/x509"
+	"encoding/json"
+	"encoding/pem"
+	"errors"
+	"fmt"
+	"io"
+	"math/big"
+)
+
+/*
+ * RSA DSA PUBLIC KEY
+ */
+
+// rsaPublicKey implements a JWK Public Key using RSA digital signature algorithms.
+type rsaPublicKey struct {
+	*rsa.PublicKey
+	extended map[string]interface{}
+}
+
+func fromRSAPublicKey(cryptoPublicKey *rsa.PublicKey) *rsaPublicKey {
+	return &rsaPublicKey{cryptoPublicKey, map[string]interface{}{}}
+}
+
+// KeyType returns the JWK key type for RSA keys, i.e., "RSA".
+func (k *rsaPublicKey) KeyType() string {
+	return "RSA"
+}
+
+// KeyID returns a distinct identifier which is unique to this Public Key.
+func (k *rsaPublicKey) KeyID() string {
+	return keyIDFromCryptoKey(k)
+}
+
+func (k *rsaPublicKey) String() string {
+	return fmt.Sprintf("RSA Public Key <%s>", k.KeyID())
+}
+
+// Verify verifyies the signature of the data in the io.Reader using this Public Key.
+// The alg parameter should be the name of the JWA digital signature algorithm
+// which was used to produce the signature and should be supported by this
+// public key. Returns a nil error if the signature is valid.
+func (k *rsaPublicKey) Verify(data io.Reader, alg string, signature []byte) error {
+	// Verify the signature of the given date, return non-nil error if valid.
+	sigAlg, err := rsaSignatureAlgorithmByName(alg)
+	if err != nil {
+		return fmt.Errorf("unable to verify Signature: %s", err)
+	}
+
+	hasher := sigAlg.HashID().New()
+	_, err = io.Copy(hasher, data)
+	if err != nil {
+		return fmt.Errorf("error reading data to sign: %s", err)
+	}
+	hash := hasher.Sum(nil)
+
+	err = rsa.VerifyPKCS1v15(k.PublicKey, sigAlg.HashID(), hash, signature)
+	if err != nil {
+		return fmt.Errorf("invalid %s signature: %s", sigAlg.HeaderParam(), err)
+	}
+
+	return nil
+}
+
+// CryptoPublicKey returns the internal object which can be used as a
+// crypto.PublicKey for use with other standard library operations. The type
+// is either *rsa.PublicKey or *ecdsa.PublicKey
+func (k *rsaPublicKey) CryptoPublicKey() crypto.PublicKey {
+	return k.PublicKey
+}
+
+func (k *rsaPublicKey) toMap() map[string]interface{} {
+	jwk := make(map[string]interface{})
+	for k, v := range k.extended {
+		jwk[k] = v
+	}
+	jwk["kty"] = k.KeyType()
+	jwk["kid"] = k.KeyID()
+	jwk["n"] = joseBase64UrlEncode(k.N.Bytes())
+	jwk["e"] = joseBase64UrlEncode(serializeRSAPublicExponentParam(k.E))
+
+	return jwk
+}
+
+// MarshalJSON serializes this Public Key using the JWK JSON serialization format for
+// RSA keys.
+func (k *rsaPublicKey) MarshalJSON() (data []byte, err error) {
+	return json.Marshal(k.toMap())
+}
+
+// PEMBlock serializes this Public Key to DER-encoded PKIX format.
+func (k *rsaPublicKey) PEMBlock() (*pem.Block, error) {
+	derBytes, err := x509.MarshalPKIXPublicKey(k.PublicKey)
+	if err != nil {
+		return nil, fmt.Errorf("unable to serialize RSA PublicKey to DER-encoded PKIX format: %s", err)
+	}
+	k.extended["kid"] = k.KeyID() // For display purposes.
+	return createPemBlock("PUBLIC KEY", derBytes, k.extended)
+}
+
+func (k *rsaPublicKey) AddExtendedField(field string, value interface{}) {
+	k.extended[field] = value
+}
+
+func (k *rsaPublicKey) GetExtendedField(field string) interface{} {
+	v, ok := k.extended[field]
+	if !ok {
+		return nil
+	}
+	return v
+}
+
+func rsaPublicKeyFromMap(jwk map[string]interface{}) (*rsaPublicKey, error) {
+	// JWK key type (kty) has already been determined to be "RSA".
+	// Need to extract 'n', 'e', and 'kid' and check for
+	// consistency.
+
+	// Get the modulus parameter N.
+	nB64Url, err := stringFromMap(jwk, "n")
+	if err != nil {
+		return nil, fmt.Errorf("JWK RSA Public Key modulus: %s", err)
+	}
+
+	n, err := parseRSAModulusParam(nB64Url)
+	if err != nil {
+		return nil, fmt.Errorf("JWK RSA Public Key modulus: %s", err)
+	}
+
+	// Get the public exponent E.
+	eB64Url, err := stringFromMap(jwk, "e")
+	if err != nil {
+		return nil, fmt.Errorf("JWK RSA Public Key exponent: %s", err)
+	}
+
+	e, err := parseRSAPublicExponentParam(eB64Url)
+	if err != nil {
+		return nil, fmt.Errorf("JWK RSA Public Key exponent: %s", err)
+	}
+
+	key := &rsaPublicKey{
+		PublicKey: &rsa.PublicKey{N: n, E: e},
+	}
+
+	// Key ID is optional, but if it exists, it should match the key.
+	_, ok := jwk["kid"]
+	if ok {
+		kid, err := stringFromMap(jwk, "kid")
+		if err != nil {
+			return nil, fmt.Errorf("JWK RSA Public Key ID: %s", err)
+		}
+		if kid != key.KeyID() {
+			return nil, fmt.Errorf("JWK RSA Public Key ID does not match: %s", kid)
+		}
+	}
+
+	if _, ok := jwk["d"]; ok {
+		return nil, fmt.Errorf("JWK RSA Public Key cannot contain private exponent")
+	}
+
+	key.extended = jwk
+
+	return key, nil
+}
+
+/*
+ * RSA DSA PRIVATE KEY
+ */
+
+// rsaPrivateKey implements a JWK Private Key using RSA digital signature algorithms.
+type rsaPrivateKey struct {
+	rsaPublicKey
+	*rsa.PrivateKey
+}
+
+func fromRSAPrivateKey(cryptoPrivateKey *rsa.PrivateKey) *rsaPrivateKey {
+	return &rsaPrivateKey{
+		*fromRSAPublicKey(&cryptoPrivateKey.PublicKey),
+		cryptoPrivateKey,
+	}
+}
+
+// PublicKey returns the Public Key data associated with this Private Key.
+func (k *rsaPrivateKey) PublicKey() PublicKey {
+	return &k.rsaPublicKey
+}
+
+func (k *rsaPrivateKey) String() string {
+	return fmt.Sprintf("RSA Private Key <%s>", k.KeyID())
+}
+
+// Sign signs the data read from the io.Reader using a signature algorithm supported
+// by the RSA private key. If the specified hashing algorithm is supported by
+// this key, that hash function is used to generate the signature otherwise the
+// the default hashing algorithm for this key is used. Returns the signature
+// and the name of the JWK signature algorithm used, e.g., "RS256", "RS384",
+// "RS512".
+func (k *rsaPrivateKey) Sign(data io.Reader, hashID crypto.Hash) (signature []byte, alg string, err error) {
+	// Generate a signature of the data using the internal alg.
+	sigAlg := rsaPKCS1v15SignatureAlgorithmForHashID(hashID)
+	hasher := sigAlg.HashID().New()
+
+	_, err = io.Copy(hasher, data)
+	if err != nil {
+		return nil, "", fmt.Errorf("error reading data to sign: %s", err)
+	}
+	hash := hasher.Sum(nil)
+
+	signature, err = rsa.SignPKCS1v15(rand.Reader, k.PrivateKey, sigAlg.HashID(), hash)
+	if err != nil {
+		return nil, "", fmt.Errorf("error producing signature: %s", err)
+	}
+
+	alg = sigAlg.HeaderParam()
+
+	return
+}
+
+// CryptoPrivateKey returns the internal object which can be used as a
+// crypto.PublicKey for use with other standard library operations. The type
+// is either *rsa.PublicKey or *ecdsa.PublicKey
+func (k *rsaPrivateKey) CryptoPrivateKey() crypto.PrivateKey {
+	return k.PrivateKey
+}
+
+func (k *rsaPrivateKey) toMap() map[string]interface{} {
+	k.Precompute() // Make sure the precomputed values are stored.
+	jwk := k.rsaPublicKey.toMap()
+
+	jwk["d"] = joseBase64UrlEncode(k.D.Bytes())
+	jwk["p"] = joseBase64UrlEncode(k.Primes[0].Bytes())
+	jwk["q"] = joseBase64UrlEncode(k.Primes[1].Bytes())
+	jwk["dp"] = joseBase64UrlEncode(k.Precomputed.Dp.Bytes())
+	jwk["dq"] = joseBase64UrlEncode(k.Precomputed.Dq.Bytes())
+	jwk["qi"] = joseBase64UrlEncode(k.Precomputed.Qinv.Bytes())
+
+	otherPrimes := k.Primes[2:]
+
+	if len(otherPrimes) > 0 {
+		otherPrimesInfo := make([]interface{}, len(otherPrimes))
+		for i, r := range otherPrimes {
+			otherPrimeInfo := make(map[string]string, 3)
+			otherPrimeInfo["r"] = joseBase64UrlEncode(r.Bytes())
+			crtVal := k.Precomputed.CRTValues[i]
+			otherPrimeInfo["d"] = joseBase64UrlEncode(crtVal.Exp.Bytes())
+			otherPrimeInfo["t"] = joseBase64UrlEncode(crtVal.Coeff.Bytes())
+			otherPrimesInfo[i] = otherPrimeInfo
+		}
+		jwk["oth"] = otherPrimesInfo
+	}
+
+	return jwk
+}
+
+// MarshalJSON serializes this Private Key using the JWK JSON serialization format for
+// RSA keys.
+func (k *rsaPrivateKey) MarshalJSON() (data []byte, err error) {
+	return json.Marshal(k.toMap())
+}
+
+// PEMBlock serializes this Private Key to DER-encoded PKIX format.
+func (k *rsaPrivateKey) PEMBlock() (*pem.Block, error) {
+	derBytes := x509.MarshalPKCS1PrivateKey(k.PrivateKey)
+	k.extended["keyID"] = k.KeyID() // For display purposes.
+	return createPemBlock("RSA PRIVATE KEY", derBytes, k.extended)
+}
+
+func rsaPrivateKeyFromMap(jwk map[string]interface{}) (*rsaPrivateKey, error) {
+	// The JWA spec for RSA Private Keys (draft rfc section 5.3.2) states that
+	// only the private key exponent 'd' is REQUIRED, the others are just for
+	// signature/decryption optimizations and SHOULD be included when the JWK
+	// is produced. We MAY choose to accept a JWK which only includes 'd', but
+	// we're going to go ahead and not choose to accept it without the extra
+	// fields. Only the 'oth' field will be optional (for multi-prime keys).
+	privateExponent, err := parseRSAPrivateKeyParamFromMap(jwk, "d")
+	if err != nil {
+		return nil, fmt.Errorf("JWK RSA Private Key exponent: %s", err)
+	}
+	firstPrimeFactor, err := parseRSAPrivateKeyParamFromMap(jwk, "p")
+	if err != nil {
+		return nil, fmt.Errorf("JWK RSA Private Key prime factor: %s", err)
+	}
+	secondPrimeFactor, err := parseRSAPrivateKeyParamFromMap(jwk, "q")
+	if err != nil {
+		return nil, fmt.Errorf("JWK RSA Private Key prime factor: %s", err)
+	}
+	firstFactorCRT, err := parseRSAPrivateKeyParamFromMap(jwk, "dp")
+	if err != nil {
+		return nil, fmt.Errorf("JWK RSA Private Key CRT exponent: %s", err)
+	}
+	secondFactorCRT, err := parseRSAPrivateKeyParamFromMap(jwk, "dq")
+	if err != nil {
+		return nil, fmt.Errorf("JWK RSA Private Key CRT exponent: %s", err)
+	}
+	crtCoeff, err := parseRSAPrivateKeyParamFromMap(jwk, "qi")
+	if err != nil {
+		return nil, fmt.Errorf("JWK RSA Private Key CRT coefficient: %s", err)
+	}
+
+	var oth interface{}
+	if _, ok := jwk["oth"]; ok {
+		oth = jwk["oth"]
+		delete(jwk, "oth")
+	}
+
+	// JWK key type (kty) has already been determined to be "RSA".
+	// Need to extract the public key information, then extract the private
+	// key values.
+	publicKey, err := rsaPublicKeyFromMap(jwk)
+	if err != nil {
+		return nil, err
+	}
+
+	privateKey := &rsa.PrivateKey{
+		PublicKey: *publicKey.PublicKey,
+		D:         privateExponent,
+		Primes:    []*big.Int{firstPrimeFactor, secondPrimeFactor},
+		Precomputed: rsa.PrecomputedValues{
+			Dp:   firstFactorCRT,
+			Dq:   secondFactorCRT,
+			Qinv: crtCoeff,
+		},
+	}
+
+	if oth != nil {
+		// Should be an array of more JSON objects.
+		otherPrimesInfo, ok := oth.([]interface{})
+		if !ok {
+			return nil, errors.New("JWK RSA Private Key: Invalid other primes info: must be an array")
+		}
+		numOtherPrimeFactors := len(otherPrimesInfo)
+		if numOtherPrimeFactors == 0 {
+			return nil, errors.New("JWK RSA Privake Key: Invalid other primes info: must be absent or non-empty")
+		}
+		otherPrimeFactors := make([]*big.Int, numOtherPrimeFactors)
+		productOfPrimes := new(big.Int).Mul(firstPrimeFactor, secondPrimeFactor)
+		crtValues := make([]rsa.CRTValue, numOtherPrimeFactors)
+
+		for i, val := range otherPrimesInfo {
+			otherPrimeinfo, ok := val.(map[string]interface{})
+			if !ok {
+				return nil, errors.New("JWK RSA Private Key: Invalid other prime info: must be a JSON object")
+			}
+
+			otherPrimeFactor, err := parseRSAPrivateKeyParamFromMap(otherPrimeinfo, "r")
+			if err != nil {
+				return nil, fmt.Errorf("JWK RSA Private Key prime factor: %s", err)
+			}
+			otherFactorCRT, err := parseRSAPrivateKeyParamFromMap(otherPrimeinfo, "d")
+			if err != nil {
+				return nil, fmt.Errorf("JWK RSA Private Key CRT exponent: %s", err)
+			}
+			otherCrtCoeff, err := parseRSAPrivateKeyParamFromMap(otherPrimeinfo, "t")
+			if err != nil {
+				return nil, fmt.Errorf("JWK RSA Private Key CRT coefficient: %s", err)
+			}
+
+			crtValue := crtValues[i]
+			crtValue.Exp = otherFactorCRT
+			crtValue.Coeff = otherCrtCoeff
+			crtValue.R = productOfPrimes
+			otherPrimeFactors[i] = otherPrimeFactor
+			productOfPrimes = new(big.Int).Mul(productOfPrimes, otherPrimeFactor)
+		}
+
+		privateKey.Primes = append(privateKey.Primes, otherPrimeFactors...)
+		privateKey.Precomputed.CRTValues = crtValues
+	}
+
+	key := &rsaPrivateKey{
+		rsaPublicKey: *publicKey,
+		PrivateKey:   privateKey,
+	}
+
+	return key, nil
+}
+
+/*
+ *	Key Generation Functions.
+ */
+
+func generateRSAPrivateKey(bits int) (k *rsaPrivateKey, err error) {
+	k = new(rsaPrivateKey)
+	k.PrivateKey, err = rsa.GenerateKey(rand.Reader, bits)
+	if err != nil {
+		return nil, err
+	}
+
+	k.rsaPublicKey.PublicKey = &k.PrivateKey.PublicKey
+	k.extended = make(map[string]interface{})
+
+	return
+}
+
+// GenerateRSA2048PrivateKey generates a key pair using 2048-bit RSA.
+func GenerateRSA2048PrivateKey() (PrivateKey, error) {
+	k, err := generateRSAPrivateKey(2048)
+	if err != nil {
+		return nil, fmt.Errorf("error generating RSA 2048-bit key: %s", err)
+	}
+
+	return k, nil
+}
+
+// GenerateRSA3072PrivateKey generates a key pair using 3072-bit RSA.
+func GenerateRSA3072PrivateKey() (PrivateKey, error) {
+	k, err := generateRSAPrivateKey(3072)
+	if err != nil {
+		return nil, fmt.Errorf("error generating RSA 3072-bit key: %s", err)
+	}
+
+	return k, nil
+}
+
+// GenerateRSA4096PrivateKey generates a key pair using 4096-bit RSA.
+func GenerateRSA4096PrivateKey() (PrivateKey, error) {
+	k, err := generateRSAPrivateKey(4096)
+	if err != nil {
+		return nil, fmt.Errorf("error generating RSA 4096-bit key: %s", err)
+	}
+
+	return k, nil
+}
diff --git a/vendor/github.com/docker/libtrust/util.go b/vendor/github.com/docker/libtrust/util.go
new file mode 100644
index 000000000..a5a101d3f
--- /dev/null
+++ b/vendor/github.com/docker/libtrust/util.go
@@ -0,0 +1,363 @@
+package libtrust
+
+import (
+	"bytes"
+	"crypto"
+	"crypto/elliptic"
+	"crypto/tls"
+	"crypto/x509"
+	"encoding/base32"
+	"encoding/base64"
+	"encoding/binary"
+	"encoding/pem"
+	"errors"
+	"fmt"
+	"math/big"
+	"net/url"
+	"os"
+	"path/filepath"
+	"strings"
+	"time"
+)
+
+// LoadOrCreateTrustKey will load a PrivateKey from the specified path
+func LoadOrCreateTrustKey(trustKeyPath string) (PrivateKey, error) {
+	if err := os.MkdirAll(filepath.Dir(trustKeyPath), 0700); err != nil {
+		return nil, err
+	}
+
+	trustKey, err := LoadKeyFile(trustKeyPath)
+	if err == ErrKeyFileDoesNotExist {
+		trustKey, err = GenerateECP256PrivateKey()
+		if err != nil {
+			return nil, fmt.Errorf("error generating key: %s", err)
+		}
+
+		if err := SaveKey(trustKeyPath, trustKey); err != nil {
+			return nil, fmt.Errorf("error saving key file: %s", err)
+		}
+
+		dir, file := filepath.Split(trustKeyPath)
+		if err := SavePublicKey(filepath.Join(dir, "public-"+file), trustKey.PublicKey()); err != nil {
+			return nil, fmt.Errorf("error saving public key file: %s", err)
+		}
+	} else if err != nil {
+		return nil, fmt.Errorf("error loading key file: %s", err)
+	}
+	return trustKey, nil
+}
+
+// NewIdentityAuthTLSClientConfig returns a tls.Config configured to use identity
+// based authentication from the specified dockerUrl, the rootConfigPath and
+// the server name to which it is connecting.
+// If trustUnknownHosts is true it will automatically add the host to the
+// known-hosts.json in rootConfigPath.
+func NewIdentityAuthTLSClientConfig(dockerUrl string, trustUnknownHosts bool, rootConfigPath string, serverName string) (*tls.Config, error) {
+	tlsConfig := newTLSConfig()
+
+	trustKeyPath := filepath.Join(rootConfigPath, "key.json")
+	knownHostsPath := filepath.Join(rootConfigPath, "known-hosts.json")
+
+	u, err := url.Parse(dockerUrl)
+	if err != nil {
+		return nil, fmt.Errorf("unable to parse machine url")
+	}
+
+	if u.Scheme == "unix" {
+		return nil, nil
+	}
+
+	addr := u.Host
+	proto := "tcp"
+
+	trustKey, err := LoadOrCreateTrustKey(trustKeyPath)
+	if err != nil {
+		return nil, fmt.Errorf("unable to load trust key: %s", err)
+	}
+
+	knownHosts, err := LoadKeySetFile(knownHostsPath)
+	if err != nil {
+		return nil, fmt.Errorf("could not load trusted hosts file: %s", err)
+	}
+
+	allowedHosts, err := FilterByHosts(knownHosts, addr, false)
+	if err != nil {
+		return nil, fmt.Errorf("error filtering hosts: %s", err)
+	}
+
+	certPool, err := GenerateCACertPool(trustKey, allowedHosts)
+	if err != nil {
+		return nil, fmt.Errorf("Could not create CA pool: %s", err)
+	}
+
+	tlsConfig.ServerName = serverName
+	tlsConfig.RootCAs = certPool
+
+	x509Cert, err := GenerateSelfSignedClientCert(trustKey)
+	if err != nil {
+		return nil, fmt.Errorf("certificate generation error: %s", err)
+	}
+
+	tlsConfig.Certificates = []tls.Certificate{{
+		Certificate: [][]byte{x509Cert.Raw},
+		PrivateKey:  trustKey.CryptoPrivateKey(),
+		Leaf:        x509Cert,
+	}}
+
+	tlsConfig.InsecureSkipVerify = true
+
+	testConn, err := tls.Dial(proto, addr, tlsConfig)
+	if err != nil {
+		return nil, fmt.Errorf("tls Handshake error: %s", err)
+	}
+
+	opts := x509.VerifyOptions{
+		Roots:         tlsConfig.RootCAs,
+		CurrentTime:   time.Now(),
+		DNSName:       tlsConfig.ServerName,
+		Intermediates: x509.NewCertPool(),
+	}
+
+	certs := testConn.ConnectionState().PeerCertificates
+	for i, cert := range certs {
+		if i == 0 {
+			continue
+		}
+		opts.Intermediates.AddCert(cert)
+	}
+
+	if _, err := certs[0].Verify(opts); err != nil {
+		if _, ok := err.(x509.UnknownAuthorityError); ok {
+			if trustUnknownHosts {
+				pubKey, err := FromCryptoPublicKey(certs[0].PublicKey)
+				if err != nil {
+					return nil, fmt.Errorf("error extracting public key from cert: %s", err)
+				}
+
+				pubKey.AddExtendedField("hosts", []string{addr})
+
+				if err := AddKeySetFile(knownHostsPath, pubKey); err != nil {
+					return nil, fmt.Errorf("error adding machine to known hosts: %s", err)
+				}
+			} else {
+				return nil, fmt.Errorf("unable to connect.  unknown host: %s", addr)
+			}
+		}
+	}
+
+	testConn.Close()
+	tlsConfig.InsecureSkipVerify = false
+
+	return tlsConfig, nil
+}
+
+// joseBase64UrlEncode encodes the given data using the standard base64 url
+// encoding format but with all trailing '=' characters omitted in accordance
+// with the jose specification.
+// http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-31#section-2
+func joseBase64UrlEncode(b []byte) string {
+	return strings.TrimRight(base64.URLEncoding.EncodeToString(b), "=")
+}
+
+// joseBase64UrlDecode decodes the given string using the standard base64 url
+// decoder but first adds the appropriate number of trailing '=' characters in
+// accordance with the jose specification.
+// http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-31#section-2
+func joseBase64UrlDecode(s string) ([]byte, error) {
+	s = strings.Replace(s, "\n", "", -1)
+	s = strings.Replace(s, " ", "", -1)
+	switch len(s) % 4 {
+	case 0:
+	case 2:
+		s += "=="
+	case 3:
+		s += "="
+	default:
+		return nil, errors.New("illegal base64url string")
+	}
+	return base64.URLEncoding.DecodeString(s)
+}
+
+func keyIDEncode(b []byte) string {
+	s := strings.TrimRight(base32.StdEncoding.EncodeToString(b), "=")
+	var buf bytes.Buffer
+	var i int
+	for i = 0; i < len(s)/4-1; i++ {
+		start := i * 4
+		end := start + 4
+		buf.WriteString(s[start:end] + ":")
+	}
+	buf.WriteString(s[i*4:])
+	return buf.String()
+}
+
+func keyIDFromCryptoKey(pubKey PublicKey) string {
+	// Generate and return a 'libtrust' fingerprint of the public key.
+	// For an RSA key this should be:
+	//   SHA256(DER encoded ASN1)
+	// Then truncated to 240 bits and encoded into 12 base32 groups like so:
+	//   ABCD:EFGH:IJKL:MNOP:QRST:UVWX:YZ23:4567:ABCD:EFGH:IJKL:MNOP
+	derBytes, err := x509.MarshalPKIXPublicKey(pubKey.CryptoPublicKey())
+	if err != nil {
+		return ""
+	}
+	hasher := crypto.SHA256.New()
+	hasher.Write(derBytes)
+	return keyIDEncode(hasher.Sum(nil)[:30])
+}
+
+func stringFromMap(m map[string]interface{}, key string) (string, error) {
+	val, ok := m[key]
+	if !ok {
+		return "", fmt.Errorf("%q value not specified", key)
+	}
+
+	str, ok := val.(string)
+	if !ok {
+		return "", fmt.Errorf("%q value must be a string", key)
+	}
+	delete(m, key)
+
+	return str, nil
+}
+
+func parseECCoordinate(cB64Url string, curve elliptic.Curve) (*big.Int, error) {
+	curveByteLen := (curve.Params().BitSize + 7) >> 3
+
+	cBytes, err := joseBase64UrlDecode(cB64Url)
+	if err != nil {
+		return nil, fmt.Errorf("invalid base64 URL encoding: %s", err)
+	}
+	cByteLength := len(cBytes)
+	if cByteLength != curveByteLen {
+		return nil, fmt.Errorf("invalid number of octets: got %d, should be %d", cByteLength, curveByteLen)
+	}
+	return new(big.Int).SetBytes(cBytes), nil
+}
+
+func parseECPrivateParam(dB64Url string, curve elliptic.Curve) (*big.Int, error) {
+	dBytes, err := joseBase64UrlDecode(dB64Url)
+	if err != nil {
+		return nil, fmt.Errorf("invalid base64 URL encoding: %s", err)
+	}
+
+	// The length of this octet string MUST be ceiling(log-base-2(n)/8)
+	// octets (where n is the order of the curve). This is because the private
+	// key d must be in the interval [1, n-1] so the bitlength of d should be
+	// no larger than the bitlength of n-1. The easiest way to find the octet
+	// length is to take bitlength(n-1), add 7 to force a carry, and shift this
+	// bit sequence right by 3, which is essentially dividing by 8 and adding
+	// 1 if there is any remainder. Thus, the private key value d should be
+	// output to (bitlength(n-1)+7)>>3 octets.
+	n := curve.Params().N
+	octetLength := (new(big.Int).Sub(n, big.NewInt(1)).BitLen() + 7) >> 3
+	dByteLength := len(dBytes)
+
+	if dByteLength != octetLength {
+		return nil, fmt.Errorf("invalid number of octets: got %d, should be %d", dByteLength, octetLength)
+	}
+
+	return new(big.Int).SetBytes(dBytes), nil
+}
+
+func parseRSAModulusParam(nB64Url string) (*big.Int, error) {
+	nBytes, err := joseBase64UrlDecode(nB64Url)
+	if err != nil {
+		return nil, fmt.Errorf("invalid base64 URL encoding: %s", err)
+	}
+
+	return new(big.Int).SetBytes(nBytes), nil
+}
+
+func serializeRSAPublicExponentParam(e int) []byte {
+	// We MUST use the minimum number of octets to represent E.
+	// E is supposed to be 65537 for performance and security reasons
+	// and is what golang's rsa package generates, but it might be
+	// different if imported from some other generator.
+	buf := make([]byte, 4)
+	binary.BigEndian.PutUint32(buf, uint32(e))
+	var i int
+	for i = 0; i < 8; i++ {
+		if buf[i] != 0 {
+			break
+		}
+	}
+	return buf[i:]
+}
+
+func parseRSAPublicExponentParam(eB64Url string) (int, error) {
+	eBytes, err := joseBase64UrlDecode(eB64Url)
+	if err != nil {
+		return 0, fmt.Errorf("invalid base64 URL encoding: %s", err)
+	}
+	// Only the minimum number of bytes were used to represent E, but
+	// binary.BigEndian.Uint32 expects at least 4 bytes, so we need
+	// to add zero padding if necassary.
+	byteLen := len(eBytes)
+	buf := make([]byte, 4-byteLen, 4)
+	eBytes = append(buf, eBytes...)
+
+	return int(binary.BigEndian.Uint32(eBytes)), nil
+}
+
+func parseRSAPrivateKeyParamFromMap(m map[string]interface{}, key string) (*big.Int, error) {
+	b64Url, err := stringFromMap(m, key)
+	if err != nil {
+		return nil, err
+	}
+
+	paramBytes, err := joseBase64UrlDecode(b64Url)
+	if err != nil {
+		return nil, fmt.Errorf("invaled base64 URL encoding: %s", err)
+	}
+
+	return new(big.Int).SetBytes(paramBytes), nil
+}
+
+func createPemBlock(name string, derBytes []byte, headers map[string]interface{}) (*pem.Block, error) {
+	pemBlock := &pem.Block{Type: name, Bytes: derBytes, Headers: map[string]string{}}
+	for k, v := range headers {
+		switch val := v.(type) {
+		case string:
+			pemBlock.Headers[k] = val
+		case []string:
+			if k == "hosts" {
+				pemBlock.Headers[k] = strings.Join(val, ",")
+			} else {
+				// Return error, non-encodable type
+			}
+		default:
+			// Return error, non-encodable type
+		}
+	}
+
+	return pemBlock, nil
+}
+
+func pubKeyFromPEMBlock(pemBlock *pem.Block) (PublicKey, error) {
+	cryptoPublicKey, err := x509.ParsePKIXPublicKey(pemBlock.Bytes)
+	if err != nil {
+		return nil, fmt.Errorf("unable to decode Public Key PEM data: %s", err)
+	}
+
+	pubKey, err := FromCryptoPublicKey(cryptoPublicKey)
+	if err != nil {
+		return nil, err
+	}
+
+	addPEMHeadersToKey(pemBlock, pubKey)
+
+	return pubKey, nil
+}
+
+func addPEMHeadersToKey(pemBlock *pem.Block, pubKey PublicKey) {
+	for key, value := range pemBlock.Headers {
+		var safeVal interface{}
+		if key == "hosts" {
+			safeVal = strings.Split(value, ",")
+		} else {
+			safeVal = value
+		}
+		pubKey.AddExtendedField(key, safeVal)
+	}
+}
diff --git a/vendor/github.com/felixge/httpsnoop/.gitignore b/vendor/github.com/felixge/httpsnoop/.gitignore
new file mode 100644
index 000000000..e69de29bb
diff --git a/vendor/github.com/felixge/httpsnoop/.travis.yml b/vendor/github.com/felixge/httpsnoop/.travis.yml
new file mode 100644
index 000000000..bfc421200
--- /dev/null
+++ b/vendor/github.com/felixge/httpsnoop/.travis.yml
@@ -0,0 +1,6 @@
+language: go
+
+go:
+  - 1.6
+  - 1.7
+  - 1.8
diff --git a/vendor/github.com/felixge/httpsnoop/LICENSE.txt b/vendor/github.com/felixge/httpsnoop/LICENSE.txt
new file mode 100644
index 000000000..e028b46a9
--- /dev/null
+++ b/vendor/github.com/felixge/httpsnoop/LICENSE.txt
@@ -0,0 +1,19 @@
+Copyright (c) 2016 Felix Geisendörfer (felix@debuggable.com)
+
+ Permission is hereby granted, free of charge, to any person obtaining a copy
+ of this software and associated documentation files (the "Software"), to deal
+ in the Software without restriction, including without limitation the rights
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ copies of the Software, and to permit persons to whom the Software is
+ furnished to do so, subject to the following conditions:
+
+ The above copyright notice and this permission notice shall be included in
+ all copies or substantial portions of the Software.
+
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ THE SOFTWARE.
diff --git a/vendor/github.com/felixge/httpsnoop/Makefile b/vendor/github.com/felixge/httpsnoop/Makefile
new file mode 100644
index 000000000..2d84889ae
--- /dev/null
+++ b/vendor/github.com/felixge/httpsnoop/Makefile
@@ -0,0 +1,10 @@
+.PHONY: ci generate clean
+
+ci: clean generate
+	go test -v ./...
+
+generate:
+	go generate .
+
+clean:
+	rm -rf *_generated*.go
diff --git a/vendor/github.com/felixge/httpsnoop/README.md b/vendor/github.com/felixge/httpsnoop/README.md
new file mode 100644
index 000000000..ddcecd13e
--- /dev/null
+++ b/vendor/github.com/felixge/httpsnoop/README.md
@@ -0,0 +1,95 @@
+# httpsnoop
+
+Package httpsnoop provides an easy way to capture http related metrics (i.e.
+response time, bytes written, and http status code) from your application's
+http.Handlers.
+
+Doing this requires non-trivial wrapping of the http.ResponseWriter interface,
+which is also exposed for users interested in a more low-level API.
+
+[![GoDoc](https://godoc.org/github.com/felixge/httpsnoop?status.svg)](https://godoc.org/github.com/felixge/httpsnoop)
+[![Build Status](https://travis-ci.org/felixge/httpsnoop.svg?branch=master)](https://travis-ci.org/felixge/httpsnoop)
+
+## Usage Example
+
+```go
+// myH is your app's http handler, perhaps a http.ServeMux or similar.
+var myH http.Handler
+// wrappedH wraps myH in order to log every request.
+wrappedH := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+	m := httpsnoop.CaptureMetrics(myH, w, r)
+	log.Printf(
+		"%s %s (code=%d dt=%s written=%d)",
+		r.Method,
+		r.URL,
+		m.Code,
+		m.Duration,
+		m.Written,
+	)
+})
+http.ListenAndServe(":8080", wrappedH)
+```
+
+## Why this package exists
+
+Instrumenting an application's http.Handler is surprisingly difficult.
+
+However if you google for e.g. "capture ResponseWriter status code" you'll find
+lots of advise and code examples that suggest it to be a fairly trivial
+undertaking. Unfortunately everything I've seen so far has a high chance of
+breaking your application.
+
+The main problem is that a `http.ResponseWriter` often implements additional
+interfaces such as `http.Flusher`, `http.CloseNotifier`, `http.Hijacker`, `http.Pusher`, and
+`io.ReaderFrom`. So the naive approach of just wrapping `http.ResponseWriter`
+in your own struct that also implements the `http.ResponseWriter` interface
+will hide the additional interfaces mentioned above. This has a high change of
+introducing subtle bugs into any non-trivial application.
+
+Another approach I've seen people take is to return a struct that implements
+all of the interfaces above. However, that's also problematic, because it's
+difficult to fake some of these interfaces behaviors when the underlying
+`http.ResponseWriter` doesn't have an implementation. It's also dangerous,
+because an application may choose to operate differently, merely because it
+detects the presence of these additional interfaces.
+
+This package solves this problem by checking which additional interfaces a
+`http.ResponseWriter` implements, returning a wrapped version implementing the
+exact same set of interfaces.
+
+Additionally this package properly handles edge cases such as `WriteHeader` not
+being called, or called more than once, as well as concurrent calls to
+`http.ResponseWriter` methods, and even calls happening after the wrapped
+`ServeHTTP` has already returned.
+
+Unfortunately this package is not perfect either. It's possible that it is
+still missing some interfaces provided by the go core (let me know if you find
+one), and it won't work for applications adding their own interfaces into the
+mix. You can however use `httpsnoop.Unwrap(w)` to access the underlying
+`http.ResponseWriter` and type-assert the result to its other interfaces.
+
+However, hopefully the explanation above has sufficiently scared you of rolling
+your own solution to this problem. httpsnoop may still break your application,
+but at least it tries to avoid it as much as possible.
+
+Anyway, the real problem here is that smuggling additional interfaces inside
+`http.ResponseWriter` is a problematic design choice, but it probably goes as
+deep as the Go language specification itself. But that's okay, I still prefer
+Go over the alternatives ;).
+
+## Performance
+
+```
+BenchmarkBaseline-8      	   20000	     94912 ns/op
+BenchmarkCaptureMetrics-8	   20000	     95461 ns/op
+```
+
+As you can see, using `CaptureMetrics` on a vanilla http.Handler introduces an
+overhead of ~500 ns per http request on my machine. However, the margin of
+error appears to be larger than that, therefor it should be reasonable to
+assume that the overhead introduced by `CaptureMetrics` is absolutely
+negligible.
+
+## License
+
+MIT
diff --git a/vendor/github.com/felixge/httpsnoop/capture_metrics.go b/vendor/github.com/felixge/httpsnoop/capture_metrics.go
new file mode 100644
index 000000000..b77cc7c00
--- /dev/null
+++ b/vendor/github.com/felixge/httpsnoop/capture_metrics.go
@@ -0,0 +1,86 @@
+package httpsnoop
+
+import (
+	"io"
+	"net/http"
+	"time"
+)
+
+// Metrics holds metrics captured from CaptureMetrics.
+type Metrics struct {
+	// Code is the first http response code passed to the WriteHeader func of
+	// the ResponseWriter. If no such call is made, a default code of 200 is
+	// assumed instead.
+	Code int
+	// Duration is the time it took to execute the handler.
+	Duration time.Duration
+	// Written is the number of bytes successfully written by the Write or
+	// ReadFrom function of the ResponseWriter. ResponseWriters may also write
+	// data to their underlaying connection directly (e.g. headers), but those
+	// are not tracked. Therefor the number of Written bytes will usually match
+	// the size of the response body.
+	Written int64
+}
+
+// CaptureMetrics wraps the given hnd, executes it with the given w and r, and
+// returns the metrics it captured from it.
+func CaptureMetrics(hnd http.Handler, w http.ResponseWriter, r *http.Request) Metrics {
+	return CaptureMetricsFn(w, func(ww http.ResponseWriter) {
+		hnd.ServeHTTP(ww, r)
+	})
+}
+
+// CaptureMetricsFn wraps w and calls fn with the wrapped w and returns the
+// resulting metrics. This is very similar to CaptureMetrics (which is just
+// sugar on top of this func), but is a more usable interface if your
+// application doesn't use the Go http.Handler interface.
+func CaptureMetricsFn(w http.ResponseWriter, fn func(http.ResponseWriter)) Metrics {
+	m := Metrics{Code: http.StatusOK}
+	m.CaptureMetrics(w, fn)
+	return m
+}
+
+// CaptureMetrics wraps w and calls fn with the wrapped w and updates
+// Metrics m with the resulting metrics. This is similar to CaptureMetricsFn,
+// but allows one to customize starting Metrics object.
+func (m *Metrics) CaptureMetrics(w http.ResponseWriter, fn func(http.ResponseWriter)) {
+	var (
+		start         = time.Now()
+		headerWritten bool
+		hooks         = Hooks{
+			WriteHeader: func(next WriteHeaderFunc) WriteHeaderFunc {
+				return func(code int) {
+					next(code)
+
+					if !headerWritten {
+						m.Code = code
+						headerWritten = true
+					}
+				}
+			},
+
+			Write: func(next WriteFunc) WriteFunc {
+				return func(p []byte) (int, error) {
+					n, err := next(p)
+
+					m.Written += int64(n)
+					headerWritten = true
+					return n, err
+				}
+			},
+
+			ReadFrom: func(next ReadFromFunc) ReadFromFunc {
+				return func(src io.Reader) (int64, error) {
+					n, err := next(src)
+
+					headerWritten = true
+					m.Written += n
+					return n, err
+				}
+			},
+		}
+	)
+
+	fn(Wrap(w, hooks))
+	m.Duration += time.Since(start)
+}
diff --git a/vendor/github.com/felixge/httpsnoop/docs.go b/vendor/github.com/felixge/httpsnoop/docs.go
new file mode 100644
index 000000000..203c35b3c
--- /dev/null
+++ b/vendor/github.com/felixge/httpsnoop/docs.go
@@ -0,0 +1,10 @@
+// Package httpsnoop provides an easy way to capture http related metrics (i.e.
+// response time, bytes written, and http status code) from your application's
+// http.Handlers.
+//
+// Doing this requires non-trivial wrapping of the http.ResponseWriter
+// interface, which is also exposed for users interested in a more low-level
+// API.
+package httpsnoop
+
+//go:generate go run codegen/main.go
diff --git a/vendor/github.com/felixge/httpsnoop/wrap_generated_gteq_1.8.go b/vendor/github.com/felixge/httpsnoop/wrap_generated_gteq_1.8.go
new file mode 100644
index 000000000..31cbdfb8e
--- /dev/null
+++ b/vendor/github.com/felixge/httpsnoop/wrap_generated_gteq_1.8.go
@@ -0,0 +1,436 @@
+// +build go1.8
+// Code generated by "httpsnoop/codegen"; DO NOT EDIT
+
+package httpsnoop
+
+import (
+	"bufio"
+	"io"
+	"net"
+	"net/http"
+)
+
+// HeaderFunc is part of the http.ResponseWriter interface.
+type HeaderFunc func() http.Header
+
+// WriteHeaderFunc is part of the http.ResponseWriter interface.
+type WriteHeaderFunc func(code int)
+
+// WriteFunc is part of the http.ResponseWriter interface.
+type WriteFunc func(b []byte) (int, error)
+
+// FlushFunc is part of the http.Flusher interface.
+type FlushFunc func()
+
+// CloseNotifyFunc is part of the http.CloseNotifier interface.
+type CloseNotifyFunc func() <-chan bool
+
+// HijackFunc is part of the http.Hijacker interface.
+type HijackFunc func() (net.Conn, *bufio.ReadWriter, error)
+
+// ReadFromFunc is part of the io.ReaderFrom interface.
+type ReadFromFunc func(src io.Reader) (int64, error)
+
+// PushFunc is part of the http.Pusher interface.
+type PushFunc func(target string, opts *http.PushOptions) error
+
+// Hooks defines a set of method interceptors for methods included in
+// http.ResponseWriter as well as some others. You can think of them as
+// middleware for the function calls they target. See Wrap for more details.
+type Hooks struct {
+	Header      func(HeaderFunc) HeaderFunc
+	WriteHeader func(WriteHeaderFunc) WriteHeaderFunc
+	Write       func(WriteFunc) WriteFunc
+	Flush       func(FlushFunc) FlushFunc
+	CloseNotify func(CloseNotifyFunc) CloseNotifyFunc
+	Hijack      func(HijackFunc) HijackFunc
+	ReadFrom    func(ReadFromFunc) ReadFromFunc
+	Push        func(PushFunc) PushFunc
+}
+
+// Wrap returns a wrapped version of w that provides the exact same interface
+// as w. Specifically if w implements any combination of:
+//
+// - http.Flusher
+// - http.CloseNotifier
+// - http.Hijacker
+// - io.ReaderFrom
+// - http.Pusher
+//
+// The wrapped version will implement the exact same combination. If no hooks
+// are set, the wrapped version also behaves exactly as w. Hooks targeting
+// methods not supported by w are ignored. Any other hooks will intercept the
+// method they target and may modify the call's arguments and/or return values.
+// The CaptureMetrics implementation serves as a working example for how the
+// hooks can be used.
+func Wrap(w http.ResponseWriter, hooks Hooks) http.ResponseWriter {
+	rw := &rw{w: w, h: hooks}
+	_, i0 := w.(http.Flusher)
+	_, i1 := w.(http.CloseNotifier)
+	_, i2 := w.(http.Hijacker)
+	_, i3 := w.(io.ReaderFrom)
+	_, i4 := w.(http.Pusher)
+	switch {
+	// combination 1/32
+	case !i0 && !i1 && !i2 && !i3 && !i4:
+		return struct {
+			Unwrapper
+			http.ResponseWriter
+		}{rw, rw}
+	// combination 2/32
+	case !i0 && !i1 && !i2 && !i3 && i4:
+		return struct {
+			Unwrapper
+			http.ResponseWriter
+			http.Pusher
+		}{rw, rw, rw}
+	// combination 3/32
+	case !i0 && !i1 && !i2 && i3 && !i4:
+		return struct {
+			Unwrapper
+			http.ResponseWriter
+			io.ReaderFrom
+		}{rw, rw, rw}
+	// combination 4/32
+	case !i0 && !i1 && !i2 && i3 && i4:
+		return struct {
+			Unwrapper
+			http.ResponseWriter
+			io.ReaderFrom
+			http.Pusher
+		}{rw, rw, rw, rw}
+	// combination 5/32
+	case !i0 && !i1 && i2 && !i3 && !i4:
+		return struct {
+			Unwrapper
+			http.ResponseWriter
+			http.Hijacker
+		}{rw, rw, rw}
+	// combination 6/32
+	case !i0 && !i1 && i2 && !i3 && i4:
+		return struct {
+			Unwrapper
+			http.ResponseWriter
+			http.Hijacker
+			http.Pusher
+		}{rw, rw, rw, rw}
+	// combination 7/32
+	case !i0 && !i1 && i2 && i3 && !i4:
+		return struct {
+			Unwrapper
+			http.ResponseWriter
+			http.Hijacker
+			io.ReaderFrom
+		}{rw, rw, rw, rw}
+	// combination 8/32
+	case !i0 && !i1 && i2 && i3 && i4:
+		return struct {
+			Unwrapper
+			http.ResponseWriter
+			http.Hijacker
+			io.ReaderFrom
+			http.Pusher
+		}{rw, rw, rw, rw, rw}
+	// combination 9/32
+	case !i0 && i1 && !i2 && !i3 && !i4:
+		return struct {
+			Unwrapper
+			http.ResponseWriter
+			http.CloseNotifier
+		}{rw, rw, rw}
+	// combination 10/32
+	case !i0 && i1 && !i2 && !i3 && i4:
+		return struct {
+			Unwrapper
+			http.ResponseWriter
+			http.CloseNotifier
+			http.Pusher
+		}{rw, rw, rw, rw}
+	// combination 11/32
+	case !i0 && i1 && !i2 && i3 && !i4:
+		return struct {
+			Unwrapper
+			http.ResponseWriter
+			http.CloseNotifier
+			io.ReaderFrom
+		}{rw, rw, rw, rw}
+	// combination 12/32
+	case !i0 && i1 && !i2 && i3 && i4:
+		return struct {
+			Unwrapper
+			http.ResponseWriter
+			http.CloseNotifier
+			io.ReaderFrom
+			http.Pusher
+		}{rw, rw, rw, rw, rw}
+	// combination 13/32
+	case !i0 && i1 && i2 && !i3 && !i4:
+		return struct {
+			Unwrapper
+			http.ResponseWriter
+			http.CloseNotifier
+			http.Hijacker
+		}{rw, rw, rw, rw}
+	// combination 14/32
+	case !i0 && i1 && i2 && !i3 && i4:
+		return struct {
+			Unwrapper
+			http.ResponseWriter
+			http.CloseNotifier
+			http.Hijacker
+			http.Pusher
+		}{rw, rw, rw, rw, rw}
+	// combination 15/32
+	case !i0 && i1 && i2 && i3 && !i4:
+		return struct {
+			Unwrapper
+			http.ResponseWriter
+			http.CloseNotifier
+			http.Hijacker
+			io.ReaderFrom
+		}{rw, rw, rw, rw, rw}
+	// combination 16/32
+	case !i0 && i1 && i2 && i3 && i4:
+		return struct {
+			Unwrapper
+			http.ResponseWriter
+			http.CloseNotifier
+			http.Hijacker
+			io.ReaderFrom
+			http.Pusher
+		}{rw, rw, rw, rw, rw, rw}
+	// combination 17/32
+	case i0 && !i1 && !i2 && !i3 && !i4:
+		return struct {
+			Unwrapper
+			http.ResponseWriter
+			http.Flusher
+		}{rw, rw, rw}
+	// combination 18/32
+	case i0 && !i1 && !i2 && !i3 && i4:
+		return struct {
+			Unwrapper
+			http.ResponseWriter
+			http.Flusher
+			http.Pusher
+		}{rw, rw, rw, rw}
+	// combination 19/32
+	case i0 && !i1 && !i2 && i3 && !i4:
+		return struct {
+			Unwrapper
+			http.ResponseWriter
+			http.Flusher
+			io.ReaderFrom
+		}{rw, rw, rw, rw}
+	// combination 20/32
+	case i0 && !i1 && !i2 && i3 && i4:
+		return struct {
+			Unwrapper
+			http.ResponseWriter
+			http.Flusher
+			io.ReaderFrom
+			http.Pusher
+		}{rw, rw, rw, rw, rw}
+	// combination 21/32
+	case i0 && !i1 && i2 && !i3 && !i4:
+		return struct {
+			Unwrapper
+			http.ResponseWriter
+			http.Flusher
+			http.Hijacker
+		}{rw, rw, rw, rw}
+	// combination 22/32
+	case i0 && !i1 && i2 && !i3 && i4:
+		return struct {
+			Unwrapper
+			http.ResponseWriter
+			http.Flusher
+			http.Hijacker
+			http.Pusher
+		}{rw, rw, rw, rw, rw}
+	// combination 23/32
+	case i0 && !i1 && i2 && i3 && !i4:
+		return struct {
+			Unwrapper
+			http.ResponseWriter
+			http.Flusher
+			http.Hijacker
+			io.ReaderFrom
+		}{rw, rw, rw, rw, rw}
+	// combination 24/32
+	case i0 && !i1 && i2 && i3 && i4:
+		return struct {
+			Unwrapper
+			http.ResponseWriter
+			http.Flusher
+			http.Hijacker
+			io.ReaderFrom
+			http.Pusher
+		}{rw, rw, rw, rw, rw, rw}
+	// combination 25/32
+	case i0 && i1 && !i2 && !i3 && !i4:
+		return struct {
+			Unwrapper
+			http.ResponseWriter
+			http.Flusher
+			http.CloseNotifier
+		}{rw, rw, rw, rw}
+	// combination 26/32
+	case i0 && i1 && !i2 && !i3 && i4:
+		return struct {
+			Unwrapper
+			http.ResponseWriter
+			http.Flusher
+			http.CloseNotifier
+			http.Pusher
+		}{rw, rw, rw, rw, rw}
+	// combination 27/32
+	case i0 && i1 && !i2 && i3 && !i4:
+		return struct {
+			Unwrapper
+			http.ResponseWriter
+			http.Flusher
+			http.CloseNotifier
+			io.ReaderFrom
+		}{rw, rw, rw, rw, rw}
+	// combination 28/32
+	case i0 && i1 && !i2 && i3 && i4:
+		return struct {
+			Unwrapper
+			http.ResponseWriter
+			http.Flusher
+			http.CloseNotifier
+			io.ReaderFrom
+			http.Pusher
+		}{rw, rw, rw, rw, rw, rw}
+	// combination 29/32
+	case i0 && i1 && i2 && !i3 && !i4:
+		return struct {
+			Unwrapper
+			http.ResponseWriter
+			http.Flusher
+			http.CloseNotifier
+			http.Hijacker
+		}{rw, rw, rw, rw, rw}
+	// combination 30/32
+	case i0 && i1 && i2 && !i3 && i4:
+		return struct {
+			Unwrapper
+			http.ResponseWriter
+			http.Flusher
+			http.CloseNotifier
+			http.Hijacker
+			http.Pusher
+		}{rw, rw, rw, rw, rw, rw}
+	// combination 31/32
+	case i0 && i1 && i2 && i3 && !i4:
+		return struct {
+			Unwrapper
+			http.ResponseWriter
+			http.Flusher
+			http.CloseNotifier
+			http.Hijacker
+			io.ReaderFrom
+		}{rw, rw, rw, rw, rw, rw}
+	// combination 32/32
+	case i0 && i1 && i2 && i3 && i4:
+		return struct {
+			Unwrapper
+			http.ResponseWriter
+			http.Flusher
+			http.CloseNotifier
+			http.Hijacker
+			io.ReaderFrom
+			http.Pusher
+		}{rw, rw, rw, rw, rw, rw, rw}
+	}
+	panic("unreachable")
+}
+
+type rw struct {
+	w http.ResponseWriter
+	h Hooks
+}
+
+func (w *rw) Unwrap() http.ResponseWriter {
+	return w.w
+}
+
+func (w *rw) Header() http.Header {
+	f := w.w.(http.ResponseWriter).Header
+	if w.h.Header != nil {
+		f = w.h.Header(f)
+	}
+	return f()
+}
+
+func (w *rw) WriteHeader(code int) {
+	f := w.w.(http.ResponseWriter).WriteHeader
+	if w.h.WriteHeader != nil {
+		f = w.h.WriteHeader(f)
+	}
+	f(code)
+}
+
+func (w *rw) Write(b []byte) (int, error) {
+	f := w.w.(http.ResponseWriter).Write
+	if w.h.Write != nil {
+		f = w.h.Write(f)
+	}
+	return f(b)
+}
+
+func (w *rw) Flush() {
+	f := w.w.(http.Flusher).Flush
+	if w.h.Flush != nil {
+		f = w.h.Flush(f)
+	}
+	f()
+}
+
+func (w *rw) CloseNotify() <-chan bool {
+	f := w.w.(http.CloseNotifier).CloseNotify
+	if w.h.CloseNotify != nil {
+		f = w.h.CloseNotify(f)
+	}
+	return f()
+}
+
+func (w *rw) Hijack() (net.Conn, *bufio.ReadWriter, error) {
+	f := w.w.(http.Hijacker).Hijack
+	if w.h.Hijack != nil {
+		f = w.h.Hijack(f)
+	}
+	return f()
+}
+
+func (w *rw) ReadFrom(src io.Reader) (int64, error) {
+	f := w.w.(io.ReaderFrom).ReadFrom
+	if w.h.ReadFrom != nil {
+		f = w.h.ReadFrom(f)
+	}
+	return f(src)
+}
+
+func (w *rw) Push(target string, opts *http.PushOptions) error {
+	f := w.w.(http.Pusher).Push
+	if w.h.Push != nil {
+		f = w.h.Push(f)
+	}
+	return f(target, opts)
+}
+
+type Unwrapper interface {
+	Unwrap() http.ResponseWriter
+}
+
+// Unwrap returns the underlying http.ResponseWriter from within zero or more
+// layers of httpsnoop wrappers.
+func Unwrap(w http.ResponseWriter) http.ResponseWriter {
+	if rw, ok := w.(Unwrapper); ok {
+		// recurse until rw.Unwrap() returns a non-Unwrapper
+		return Unwrap(rw.Unwrap())
+	} else {
+		return w
+	}
+}
diff --git a/vendor/github.com/felixge/httpsnoop/wrap_generated_lt_1.8.go b/vendor/github.com/felixge/httpsnoop/wrap_generated_lt_1.8.go
new file mode 100644
index 000000000..ab99c07c7
--- /dev/null
+++ b/vendor/github.com/felixge/httpsnoop/wrap_generated_lt_1.8.go
@@ -0,0 +1,278 @@
+// +build !go1.8
+// Code generated by "httpsnoop/codegen"; DO NOT EDIT
+
+package httpsnoop
+
+import (
+	"bufio"
+	"io"
+	"net"
+	"net/http"
+)
+
+// HeaderFunc is part of the http.ResponseWriter interface.
+type HeaderFunc func() http.Header
+
+// WriteHeaderFunc is part of the http.ResponseWriter interface.
+type WriteHeaderFunc func(code int)
+
+// WriteFunc is part of the http.ResponseWriter interface.
+type WriteFunc func(b []byte) (int, error)
+
+// FlushFunc is part of the http.Flusher interface.
+type FlushFunc func()
+
+// CloseNotifyFunc is part of the http.CloseNotifier interface.
+type CloseNotifyFunc func() <-chan bool
+
+// HijackFunc is part of the http.Hijacker interface.
+type HijackFunc func() (net.Conn, *bufio.ReadWriter, error)
+
+// ReadFromFunc is part of the io.ReaderFrom interface.
+type ReadFromFunc func(src io.Reader) (int64, error)
+
+// Hooks defines a set of method interceptors for methods included in
+// http.ResponseWriter as well as some others. You can think of them as
+// middleware for the function calls they target. See Wrap for more details.
+type Hooks struct {
+	Header      func(HeaderFunc) HeaderFunc
+	WriteHeader func(WriteHeaderFunc) WriteHeaderFunc
+	Write       func(WriteFunc) WriteFunc
+	Flush       func(FlushFunc) FlushFunc
+	CloseNotify func(CloseNotifyFunc) CloseNotifyFunc
+	Hijack      func(HijackFunc) HijackFunc
+	ReadFrom    func(ReadFromFunc) ReadFromFunc
+}
+
+// Wrap returns a wrapped version of w that provides the exact same interface
+// as w. Specifically if w implements any combination of:
+//
+// - http.Flusher
+// - http.CloseNotifier
+// - http.Hijacker
+// - io.ReaderFrom
+//
+// The wrapped version will implement the exact same combination. If no hooks
+// are set, the wrapped version also behaves exactly as w. Hooks targeting
+// methods not supported by w are ignored. Any other hooks will intercept the
+// method they target and may modify the call's arguments and/or return values.
+// The CaptureMetrics implementation serves as a working example for how the
+// hooks can be used.
+func Wrap(w http.ResponseWriter, hooks Hooks) http.ResponseWriter {
+	rw := &rw{w: w, h: hooks}
+	_, i0 := w.(http.Flusher)
+	_, i1 := w.(http.CloseNotifier)
+	_, i2 := w.(http.Hijacker)
+	_, i3 := w.(io.ReaderFrom)
+	switch {
+	// combination 1/16
+	case !i0 && !i1 && !i2 && !i3:
+		return struct {
+			Unwrapper
+			http.ResponseWriter
+		}{rw, rw}
+	// combination 2/16
+	case !i0 && !i1 && !i2 && i3:
+		return struct {
+			Unwrapper
+			http.ResponseWriter
+			io.ReaderFrom
+		}{rw, rw, rw}
+	// combination 3/16
+	case !i0 && !i1 && i2 && !i3:
+		return struct {
+			Unwrapper
+			http.ResponseWriter
+			http.Hijacker
+		}{rw, rw, rw}
+	// combination 4/16
+	case !i0 && !i1 && i2 && i3:
+		return struct {
+			Unwrapper
+			http.ResponseWriter
+			http.Hijacker
+			io.ReaderFrom
+		}{rw, rw, rw, rw}
+	// combination 5/16
+	case !i0 && i1 && !i2 && !i3:
+		return struct {
+			Unwrapper
+			http.ResponseWriter
+			http.CloseNotifier
+		}{rw, rw, rw}
+	// combination 6/16
+	case !i0 && i1 && !i2 && i3:
+		return struct {
+			Unwrapper
+			http.ResponseWriter
+			http.CloseNotifier
+			io.ReaderFrom
+		}{rw, rw, rw, rw}
+	// combination 7/16
+	case !i0 && i1 && i2 && !i3:
+		return struct {
+			Unwrapper
+			http.ResponseWriter
+			http.CloseNotifier
+			http.Hijacker
+		}{rw, rw, rw, rw}
+	// combination 8/16
+	case !i0 && i1 && i2 && i3:
+		return struct {
+			Unwrapper
+			http.ResponseWriter
+			http.CloseNotifier
+			http.Hijacker
+			io.ReaderFrom
+		}{rw, rw, rw, rw, rw}
+	// combination 9/16
+	case i0 && !i1 && !i2 && !i3:
+		return struct {
+			Unwrapper
+			http.ResponseWriter
+			http.Flusher
+		}{rw, rw, rw}
+	// combination 10/16
+	case i0 && !i1 && !i2 && i3:
+		return struct {
+			Unwrapper
+			http.ResponseWriter
+			http.Flusher
+			io.ReaderFrom
+		}{rw, rw, rw, rw}
+	// combination 11/16
+	case i0 && !i1 && i2 && !i3:
+		return struct {
+			Unwrapper
+			http.ResponseWriter
+			http.Flusher
+			http.Hijacker
+		}{rw, rw, rw, rw}
+	// combination 12/16
+	case i0 && !i1 && i2 && i3:
+		return struct {
+			Unwrapper
+			http.ResponseWriter
+			http.Flusher
+			http.Hijacker
+			io.ReaderFrom
+		}{rw, rw, rw, rw, rw}
+	// combination 13/16
+	case i0 && i1 && !i2 && !i3:
+		return struct {
+			Unwrapper
+			http.ResponseWriter
+			http.Flusher
+			http.CloseNotifier
+		}{rw, rw, rw, rw}
+	// combination 14/16
+	case i0 && i1 && !i2 && i3:
+		return struct {
+			Unwrapper
+			http.ResponseWriter
+			http.Flusher
+			http.CloseNotifier
+			io.ReaderFrom
+		}{rw, rw, rw, rw, rw}
+	// combination 15/16
+	case i0 && i1 && i2 && !i3:
+		return struct {
+			Unwrapper
+			http.ResponseWriter
+			http.Flusher
+			http.CloseNotifier
+			http.Hijacker
+		}{rw, rw, rw, rw, rw}
+	// combination 16/16
+	case i0 && i1 && i2 && i3:
+		return struct {
+			Unwrapper
+			http.ResponseWriter
+			http.Flusher
+			http.CloseNotifier
+			http.Hijacker
+			io.ReaderFrom
+		}{rw, rw, rw, rw, rw, rw}
+	}
+	panic("unreachable")
+}
+
+type rw struct {
+	w http.ResponseWriter
+	h Hooks
+}
+
+func (w *rw) Unwrap() http.ResponseWriter {
+	return w.w
+}
+
+func (w *rw) Header() http.Header {
+	f := w.w.(http.ResponseWriter).Header
+	if w.h.Header != nil {
+		f = w.h.Header(f)
+	}
+	return f()
+}
+
+func (w *rw) WriteHeader(code int) {
+	f := w.w.(http.ResponseWriter).WriteHeader
+	if w.h.WriteHeader != nil {
+		f = w.h.WriteHeader(f)
+	}
+	f(code)
+}
+
+func (w *rw) Write(b []byte) (int, error) {
+	f := w.w.(http.ResponseWriter).Write
+	if w.h.Write != nil {
+		f = w.h.Write(f)
+	}
+	return f(b)
+}
+
+func (w *rw) Flush() {
+	f := w.w.(http.Flusher).Flush
+	if w.h.Flush != nil {
+		f = w.h.Flush(f)
+	}
+	f()
+}
+
+func (w *rw) CloseNotify() <-chan bool {
+	f := w.w.(http.CloseNotifier).CloseNotify
+	if w.h.CloseNotify != nil {
+		f = w.h.CloseNotify(f)
+	}
+	return f()
+}
+
+func (w *rw) Hijack() (net.Conn, *bufio.ReadWriter, error) {
+	f := w.w.(http.Hijacker).Hijack
+	if w.h.Hijack != nil {
+		f = w.h.Hijack(f)
+	}
+	return f()
+}
+
+func (w *rw) ReadFrom(src io.Reader) (int64, error) {
+	f := w.w.(io.ReaderFrom).ReadFrom
+	if w.h.ReadFrom != nil {
+		f = w.h.ReadFrom(f)
+	}
+	return f(src)
+}
+
+type Unwrapper interface {
+	Unwrap() http.ResponseWriter
+}
+
+// Unwrap returns the underlying http.ResponseWriter from within zero or more
+// layers of httpsnoop wrappers.
+func Unwrap(w http.ResponseWriter) http.ResponseWriter {
+	if rw, ok := w.(Unwrapper); ok {
+		// recurse until rw.Unwrap() returns a non-Unwrapper
+		return Unwrap(rw.Unwrap())
+	} else {
+		return w
+	}
+}
diff --git a/vendor/github.com/garyburd/redigo/internal/commandinfo.go b/vendor/github.com/garyburd/redigo/internal/commandinfo.go
new file mode 100644
index 000000000..7ad1ade57
--- /dev/null
+++ b/vendor/github.com/garyburd/redigo/internal/commandinfo.go
@@ -0,0 +1,45 @@
+// Copyright 2014 Gary Burd
+//
+// Licensed under the Apache License, Version 2.0 (the "License"): you may
+// not use this file except in compliance with the License. You may obtain
+// a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+// WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+// License for the specific language governing permissions and limitations
+// under the License.
+
+package internal // import "github.com/garyburd/redigo/internal"
+
+import (
+	"strings"
+)
+
+const (
+	WatchState = 1 << iota
+	MultiState
+	SubscribeState
+	MonitorState
+)
+
+type CommandInfo struct {
+	Set, Clear int
+}
+
+var commandInfos = map[string]CommandInfo{
+	"WATCH":      {Set: WatchState},
+	"UNWATCH":    {Clear: WatchState},
+	"MULTI":      {Set: MultiState},
+	"EXEC":       {Clear: WatchState | MultiState},
+	"DISCARD":    {Clear: WatchState | MultiState},
+	"PSUBSCRIBE": {Set: SubscribeState},
+	"SUBSCRIBE":  {Set: SubscribeState},
+	"MONITOR":    {Set: MonitorState},
+}
+
+func LookupCommandInfo(commandName string) CommandInfo {
+	return commandInfos[strings.ToUpper(commandName)]
+}
diff --git a/vendor/github.com/garyburd/redigo/redis/conn.go b/vendor/github.com/garyburd/redigo/redis/conn.go
new file mode 100644
index 000000000..ac0e971c4
--- /dev/null
+++ b/vendor/github.com/garyburd/redigo/redis/conn.go
@@ -0,0 +1,455 @@
+// Copyright 2012 Gary Burd
+//
+// Licensed under the Apache License, Version 2.0 (the "License"): you may
+// not use this file except in compliance with the License. You may obtain
+// a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+// WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+// License for the specific language governing permissions and limitations
+// under the License.
+
+package redis
+
+import (
+	"bufio"
+	"bytes"
+	"errors"
+	"fmt"
+	"io"
+	"net"
+	"strconv"
+	"sync"
+	"time"
+)
+
+// conn is the low-level implementation of Conn
+type conn struct {
+
+	// Shared
+	mu      sync.Mutex
+	pending int
+	err     error
+	conn    net.Conn
+
+	// Read
+	readTimeout time.Duration
+	br          *bufio.Reader
+
+	// Write
+	writeTimeout time.Duration
+	bw           *bufio.Writer
+
+	// Scratch space for formatting argument length.
+	// '*' or '$', length, "\r\n"
+	lenScratch [32]byte
+
+	// Scratch space for formatting integers and floats.
+	numScratch [40]byte
+}
+
+// Dial connects to the Redis server at the given network and address.
+func Dial(network, address string) (Conn, error) {
+	dialer := xDialer{}
+	return dialer.Dial(network, address)
+}
+
+// DialTimeout acts like Dial but takes timeouts for establishing the
+// connection to the server, writing a command and reading a reply.
+func DialTimeout(network, address string, connectTimeout, readTimeout, writeTimeout time.Duration) (Conn, error) {
+	netDialer := net.Dialer{Timeout: connectTimeout}
+	dialer := xDialer{
+		NetDial:      netDialer.Dial,
+		ReadTimeout:  readTimeout,
+		WriteTimeout: writeTimeout,
+	}
+	return dialer.Dial(network, address)
+}
+
+// A Dialer specifies options for connecting to a Redis server.
+type xDialer struct {
+	// NetDial specifies the dial function for creating TCP connections. If
+	// NetDial is nil, then net.Dial is used.
+	NetDial func(network, addr string) (net.Conn, error)
+
+	// ReadTimeout specifies the timeout for reading a single command
+	// reply. If ReadTimeout is zero, then no timeout is used.
+	ReadTimeout time.Duration
+
+	// WriteTimeout specifies the timeout for writing a single command.  If
+	// WriteTimeout is zero, then no timeout is used.
+	WriteTimeout time.Duration
+}
+
+// Dial connects to the Redis server at address on the named network.
+func (d *xDialer) Dial(network, address string) (Conn, error) {
+	dial := d.NetDial
+	if dial == nil {
+		dial = net.Dial
+	}
+	netConn, err := dial(network, address)
+	if err != nil {
+		return nil, err
+	}
+	return &conn{
+		conn:         netConn,
+		bw:           bufio.NewWriter(netConn),
+		br:           bufio.NewReader(netConn),
+		readTimeout:  d.ReadTimeout,
+		writeTimeout: d.WriteTimeout,
+	}, nil
+}
+
+// NewConn returns a new Redigo connection for the given net connection.
+func NewConn(netConn net.Conn, readTimeout, writeTimeout time.Duration) Conn {
+	return &conn{
+		conn:         netConn,
+		bw:           bufio.NewWriter(netConn),
+		br:           bufio.NewReader(netConn),
+		readTimeout:  readTimeout,
+		writeTimeout: writeTimeout,
+	}
+}
+
+func (c *conn) Close() error {
+	c.mu.Lock()
+	err := c.err
+	if c.err == nil {
+		c.err = errors.New("redigo: closed")
+		err = c.conn.Close()
+	}
+	c.mu.Unlock()
+	return err
+}
+
+func (c *conn) fatal(err error) error {
+	c.mu.Lock()
+	if c.err == nil {
+		c.err = err
+		// Close connection to force errors on subsequent calls and to unblock
+		// other reader or writer.
+		c.conn.Close()
+	}
+	c.mu.Unlock()
+	return err
+}
+
+func (c *conn) Err() error {
+	c.mu.Lock()
+	err := c.err
+	c.mu.Unlock()
+	return err
+}
+
+func (c *conn) writeLen(prefix byte, n int) error {
+	c.lenScratch[len(c.lenScratch)-1] = '\n'
+	c.lenScratch[len(c.lenScratch)-2] = '\r'
+	i := len(c.lenScratch) - 3
+	for {
+		c.lenScratch[i] = byte('0' + n%10)
+		i -= 1
+		n = n / 10
+		if n == 0 {
+			break
+		}
+	}
+	c.lenScratch[i] = prefix
+	_, err := c.bw.Write(c.lenScratch[i:])
+	return err
+}
+
+func (c *conn) writeString(s string) error {
+	c.writeLen('$', len(s))
+	c.bw.WriteString(s)
+	_, err := c.bw.WriteString("\r\n")
+	return err
+}
+
+func (c *conn) writeBytes(p []byte) error {
+	c.writeLen('$', len(p))
+	c.bw.Write(p)
+	_, err := c.bw.WriteString("\r\n")
+	return err
+}
+
+func (c *conn) writeInt64(n int64) error {
+	return c.writeBytes(strconv.AppendInt(c.numScratch[:0], n, 10))
+}
+
+func (c *conn) writeFloat64(n float64) error {
+	return c.writeBytes(strconv.AppendFloat(c.numScratch[:0], n, 'g', -1, 64))
+}
+
+func (c *conn) writeCommand(cmd string, args []interface{}) (err error) {
+	c.writeLen('*', 1+len(args))
+	err = c.writeString(cmd)
+	for _, arg := range args {
+		if err != nil {
+			break
+		}
+		switch arg := arg.(type) {
+		case string:
+			err = c.writeString(arg)
+		case []byte:
+			err = c.writeBytes(arg)
+		case int:
+			err = c.writeInt64(int64(arg))
+		case int64:
+			err = c.writeInt64(arg)
+		case float64:
+			err = c.writeFloat64(arg)
+		case bool:
+			if arg {
+				err = c.writeString("1")
+			} else {
+				err = c.writeString("0")
+			}
+		case nil:
+			err = c.writeString("")
+		default:
+			var buf bytes.Buffer
+			fmt.Fprint(&buf, arg)
+			err = c.writeBytes(buf.Bytes())
+		}
+	}
+	return err
+}
+
+type protocolError string
+
+func (pe protocolError) Error() string {
+	return fmt.Sprintf("redigo: %s (possible server error or unsupported concurrent read by application)", string(pe))
+}
+
+func (c *conn) readLine() ([]byte, error) {
+	p, err := c.br.ReadSlice('\n')
+	if err == bufio.ErrBufferFull {
+		return nil, protocolError("long response line")
+	}
+	if err != nil {
+		return nil, err
+	}
+	i := len(p) - 2
+	if i < 0 || p[i] != '\r' {
+		return nil, protocolError("bad response line terminator")
+	}
+	return p[:i], nil
+}
+
+// parseLen parses bulk string and array lengths.
+func parseLen(p []byte) (int, error) {
+	if len(p) == 0 {
+		return -1, protocolError("malformed length")
+	}
+
+	if p[0] == '-' && len(p) == 2 && p[1] == '1' {
+		// handle $-1 and $-1 null replies.
+		return -1, nil
+	}
+
+	var n int
+	for _, b := range p {
+		n *= 10
+		if b < '0' || b > '9' {
+			return -1, protocolError("illegal bytes in length")
+		}
+		n += int(b - '0')
+	}
+
+	return n, nil
+}
+
+// parseInt parses an integer reply.
+func parseInt(p []byte) (interface{}, error) {
+	if len(p) == 0 {
+		return 0, protocolError("malformed integer")
+	}
+
+	var negate bool
+	if p[0] == '-' {
+		negate = true
+		p = p[1:]
+		if len(p) == 0 {
+			return 0, protocolError("malformed integer")
+		}
+	}
+
+	var n int64
+	for _, b := range p {
+		n *= 10
+		if b < '0' || b > '9' {
+			return 0, protocolError("illegal bytes in length")
+		}
+		n += int64(b - '0')
+	}
+
+	if negate {
+		n = -n
+	}
+	return n, nil
+}
+
+var (
+	okReply   interface{} = "OK"
+	pongReply interface{} = "PONG"
+)
+
+func (c *conn) readReply() (interface{}, error) {
+	line, err := c.readLine()
+	if err != nil {
+		return nil, err
+	}
+	if len(line) == 0 {
+		return nil, protocolError("short response line")
+	}
+	switch line[0] {
+	case '+':
+		switch {
+		case len(line) == 3 && line[1] == 'O' && line[2] == 'K':
+			// Avoid allocation for frequent "+OK" response.
+			return okReply, nil
+		case len(line) == 5 && line[1] == 'P' && line[2] == 'O' && line[3] == 'N' && line[4] == 'G':
+			// Avoid allocation in PING command benchmarks :)
+			return pongReply, nil
+		default:
+			return string(line[1:]), nil
+		}
+	case '-':
+		return Error(string(line[1:])), nil
+	case ':':
+		return parseInt(line[1:])
+	case '$':
+		n, err := parseLen(line[1:])
+		if n < 0 || err != nil {
+			return nil, err
+		}
+		p := make([]byte, n)
+		_, err = io.ReadFull(c.br, p)
+		if err != nil {
+			return nil, err
+		}
+		if line, err := c.readLine(); err != nil {
+			return nil, err
+		} else if len(line) != 0 {
+			return nil, protocolError("bad bulk string format")
+		}
+		return p, nil
+	case '*':
+		n, err := parseLen(line[1:])
+		if n < 0 || err != nil {
+			return nil, err
+		}
+		r := make([]interface{}, n)
+		for i := range r {
+			r[i], err = c.readReply()
+			if err != nil {
+				return nil, err
+			}
+		}
+		return r, nil
+	}
+	return nil, protocolError("unexpected response line")
+}
+
+func (c *conn) Send(cmd string, args ...interface{}) error {
+	c.mu.Lock()
+	c.pending += 1
+	c.mu.Unlock()
+	if c.writeTimeout != 0 {
+		c.conn.SetWriteDeadline(time.Now().Add(c.writeTimeout))
+	}
+	if err := c.writeCommand(cmd, args); err != nil {
+		return c.fatal(err)
+	}
+	return nil
+}
+
+func (c *conn) Flush() error {
+	if c.writeTimeout != 0 {
+		c.conn.SetWriteDeadline(time.Now().Add(c.writeTimeout))
+	}
+	if err := c.bw.Flush(); err != nil {
+		return c.fatal(err)
+	}
+	return nil
+}
+
+func (c *conn) Receive() (reply interface{}, err error) {
+	if c.readTimeout != 0 {
+		c.conn.SetReadDeadline(time.Now().Add(c.readTimeout))
+	}
+	if reply, err = c.readReply(); err != nil {
+		return nil, c.fatal(err)
+	}
+	// When using pub/sub, the number of receives can be greater than the
+	// number of sends. To enable normal use of the connection after
+	// unsubscribing from all channels, we do not decrement pending to a
+	// negative value.
+	//
+	// The pending field is decremented after the reply is read to handle the
+	// case where Receive is called before Send.
+	c.mu.Lock()
+	if c.pending > 0 {
+		c.pending -= 1
+	}
+	c.mu.Unlock()
+	if err, ok := reply.(Error); ok {
+		return nil, err
+	}
+	return
+}
+
+func (c *conn) Do(cmd string, args ...interface{}) (interface{}, error) {
+	c.mu.Lock()
+	pending := c.pending
+	c.pending = 0
+	c.mu.Unlock()
+
+	if cmd == "" && pending == 0 {
+		return nil, nil
+	}
+
+	if c.writeTimeout != 0 {
+		c.conn.SetWriteDeadline(time.Now().Add(c.writeTimeout))
+	}
+
+	if cmd != "" {
+		c.writeCommand(cmd, args)
+	}
+
+	if err := c.bw.Flush(); err != nil {
+		return nil, c.fatal(err)
+	}
+
+	if c.readTimeout != 0 {
+		c.conn.SetReadDeadline(time.Now().Add(c.readTimeout))
+	}
+
+	if cmd == "" {
+		reply := make([]interface{}, pending)
+		for i := range reply {
+			r, e := c.readReply()
+			if e != nil {
+				return nil, c.fatal(e)
+			}
+			reply[i] = r
+		}
+		return reply, nil
+	}
+
+	var err error
+	var reply interface{}
+	for i := 0; i <= pending; i++ {
+		var e error
+		if reply, e = c.readReply(); e != nil {
+			return nil, c.fatal(e)
+		}
+		if e, ok := reply.(Error); ok && err == nil {
+			err = e
+		}
+	}
+	return reply, err
+}
diff --git a/vendor/github.com/garyburd/redigo/redis/doc.go b/vendor/github.com/garyburd/redigo/redis/doc.go
new file mode 100644
index 000000000..a5cd454af
--- /dev/null
+++ b/vendor/github.com/garyburd/redigo/redis/doc.go
@@ -0,0 +1,169 @@
+// Copyright 2012 Gary Burd
+//
+// Licensed under the Apache License, Version 2.0 (the "License"): you may
+// not use this file except in compliance with the License. You may obtain
+// a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+// WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+// License for the specific language governing permissions and limitations
+// under the License.
+
+// Package redis is a client for the Redis database.
+//
+// The Redigo FAQ (https://github.com/garyburd/redigo/wiki/FAQ) contains more
+// documentation about this package.
+//
+// Connections
+//
+// The Conn interface is the primary interface for working with Redis.
+// Applications create connections by calling the Dial, DialWithTimeout or
+// NewConn functions. In the future, functions will be added for creating
+// sharded and other types of connections.
+//
+// The application must call the connection Close method when the application
+// is done with the connection.
+//
+// Executing Commands
+//
+// The Conn interface has a generic method for executing Redis commands:
+//
+//  Do(commandName string, args ...interface{}) (reply interface{}, err error)
+//
+// The Redis command reference (http://redis.io/commands) lists the available
+// commands. An example of using the Redis APPEND command is:
+//
+//  n, err := conn.Do("APPEND", "key", "value")
+//
+// The Do method converts command arguments to binary strings for transmission
+// to the server as follows:
+//
+//  Go Type                 Conversion
+//  []byte                  Sent as is
+//  string                  Sent as is
+//  int, int64              strconv.FormatInt(v)
+//  float64                 strconv.FormatFloat(v, 'g', -1, 64)
+//  bool                    true -> "1", false -> "0"
+//  nil                     ""
+//  all other types         fmt.Print(v)
+//
+// Redis command reply types are represented using the following Go types:
+//
+//  Redis type              Go type
+//  error                   redis.Error
+//  integer                 int64
+//  simple string           string
+//  bulk string             []byte or nil if value not present.
+//  array                   []interface{} or nil if value not present.
+//
+// Use type assertions or the reply helper functions to convert from
+// interface{} to the specific Go type for the command result.
+//
+// Pipelining
+//
+// Connections support pipelining using the Send, Flush and Receive methods.
+//
+//  Send(commandName string, args ...interface{}) error
+//  Flush() error
+//  Receive() (reply interface{}, err error)
+//
+// Send writes the command to the connection's output buffer. Flush flushes the
+// connection's output buffer to the server. Receive reads a single reply from
+// the server. The following example shows a simple pipeline.
+//
+//  c.Send("SET", "foo", "bar")
+//  c.Send("GET", "foo")
+//  c.Flush()
+//  c.Receive() // reply from SET
+//  v, err = c.Receive() // reply from GET
+//
+// The Do method combines the functionality of the Send, Flush and Receive
+// methods. The Do method starts by writing the command and flushing the output
+// buffer. Next, the Do method receives all pending replies including the reply
+// for the command just sent by Do. If any of the received replies is an error,
+// then Do returns the error. If there are no errors, then Do returns the last
+// reply. If the command argument to the Do method is "", then the Do method
+// will flush the output buffer and receive pending replies without sending a
+// command.
+//
+// Use the Send and Do methods to implement pipelined transactions.
+//
+//  c.Send("MULTI")
+//  c.Send("INCR", "foo")
+//  c.Send("INCR", "bar")
+//  r, err := c.Do("EXEC")
+//  fmt.Println(r) // prints [1, 1]
+//
+// Concurrency
+//
+// Connections do not support concurrent calls to the write methods (Send,
+// Flush) or concurrent calls to the read method (Receive). Connections do
+// allow a concurrent reader and writer.
+//
+// Because the Do method combines the functionality of Send, Flush and Receive,
+// the Do method cannot be called concurrently with the other methods.
+//
+// For full concurrent access to Redis, use the thread-safe Pool to get and
+// release connections from within a goroutine.
+//
+// Publish and Subscribe
+//
+// Use the Send, Flush and Receive methods to implement Pub/Sub subscribers.
+//
+//  c.Send("SUBSCRIBE", "example")
+//  c.Flush()
+//  for {
+//      reply, err := c.Receive()
+//      if err != nil {
+//          return err
+//      }
+//      // process pushed message
+//  }
+//
+// The PubSubConn type wraps a Conn with convenience methods for implementing
+// subscribers. The Subscribe, PSubscribe, Unsubscribe and PUnsubscribe methods
+// send and flush a subscription management command. The receive method
+// converts a pushed message to convenient types for use in a type switch.
+//
+//  psc := redis.PubSubConn{c}
+//  psc.Subscribe("example")
+//  for {
+//      switch v := psc.Receive().(type) {
+//      case redis.Message:
+//          fmt.Printf("%s: message: %s\n", v.Channel, v.Data)
+//      case redis.Subscription:
+//          fmt.Printf("%s: %s %d\n", v.Channel, v.Kind, v.Count)
+//      case error:
+//          return v
+//      }
+//  }
+//
+// Reply Helpers
+//
+// The Bool, Int, Bytes, String, Strings and Values functions convert a reply
+// to a value of a specific type. To allow convenient wrapping of calls to the
+// connection Do and Receive methods, the functions take a second argument of
+// type error.  If the error is non-nil, then the helper function returns the
+// error. If the error is nil, the function converts the reply to the specified
+// type:
+//
+//  exists, err := redis.Bool(c.Do("EXISTS", "foo"))
+//  if err != nil {
+//      // handle error return from c.Do or type conversion error.
+//  }
+//
+// The Scan function converts elements of a array reply to Go types:
+//
+//  var value1 int
+//  var value2 string
+//  reply, err := redis.Values(c.Do("MGET", "key1", "key2"))
+//  if err != nil {
+//      // handle error
+//  }
+//   if _, err := redis.Scan(reply, &value1, &value2); err != nil {
+//      // handle error
+//  }
+package redis // import "github.com/garyburd/redigo/redis"
diff --git a/vendor/github.com/garyburd/redigo/redis/log.go b/vendor/github.com/garyburd/redigo/redis/log.go
new file mode 100644
index 000000000..129b86d67
--- /dev/null
+++ b/vendor/github.com/garyburd/redigo/redis/log.go
@@ -0,0 +1,117 @@
+// Copyright 2012 Gary Burd
+//
+// Licensed under the Apache License, Version 2.0 (the "License"): you may
+// not use this file except in compliance with the License. You may obtain
+// a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+// WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+// License for the specific language governing permissions and limitations
+// under the License.
+
+package redis
+
+import (
+	"bytes"
+	"fmt"
+	"log"
+)
+
+// NewLoggingConn returns a logging wrapper around a connection.
+func NewLoggingConn(conn Conn, logger *log.Logger, prefix string) Conn {
+	if prefix != "" {
+		prefix = prefix + "."
+	}
+	return &loggingConn{conn, logger, prefix}
+}
+
+type loggingConn struct {
+	Conn
+	logger *log.Logger
+	prefix string
+}
+
+func (c *loggingConn) Close() error {
+	err := c.Conn.Close()
+	var buf bytes.Buffer
+	fmt.Fprintf(&buf, "%sClose() -> (%v)", c.prefix, err)
+	c.logger.Output(2, buf.String())
+	return err
+}
+
+func (c *loggingConn) printValue(buf *bytes.Buffer, v interface{}) {
+	const chop = 32
+	switch v := v.(type) {
+	case []byte:
+		if len(v) > chop {
+			fmt.Fprintf(buf, "%q...", v[:chop])
+		} else {
+			fmt.Fprintf(buf, "%q", v)
+		}
+	case string:
+		if len(v) > chop {
+			fmt.Fprintf(buf, "%q...", v[:chop])
+		} else {
+			fmt.Fprintf(buf, "%q", v)
+		}
+	case []interface{}:
+		if len(v) == 0 {
+			buf.WriteString("[]")
+		} else {
+			sep := "["
+			fin := "]"
+			if len(v) > chop {
+				v = v[:chop]
+				fin = "...]"
+			}
+			for _, vv := range v {
+				buf.WriteString(sep)
+				c.printValue(buf, vv)
+				sep = ", "
+			}
+			buf.WriteString(fin)
+		}
+	default:
+		fmt.Fprint(buf, v)
+	}
+}
+
+func (c *loggingConn) print(method, commandName string, args []interface{}, reply interface{}, err error) {
+	var buf bytes.Buffer
+	fmt.Fprintf(&buf, "%s%s(", c.prefix, method)
+	if method != "Receive" {
+		buf.WriteString(commandName)
+		for _, arg := range args {
+			buf.WriteString(", ")
+			c.printValue(&buf, arg)
+		}
+	}
+	buf.WriteString(") -> (")
+	if method != "Send" {
+		c.printValue(&buf, reply)
+		buf.WriteString(", ")
+	}
+	fmt.Fprintf(&buf, "%v)", err)
+	c.logger.Output(3, buf.String())
+}
+
+func (c *loggingConn) Do(commandName string, args ...interface{}) (interface{}, error) {
+	reply, err := c.Conn.Do(commandName, args...)
+	c.print("Do", commandName, args, reply, err)
+	return reply, err
+}
+
+func (c *loggingConn) Send(commandName string, args ...interface{}) error {
+	err := c.Conn.Send(commandName, args...)
+	c.print("Send", commandName, args, nil, err)
+	return err
+}
+
+func (c *loggingConn) Receive() (interface{}, error) {
+	reply, err := c.Conn.Receive()
+	c.print("Receive", "", nil, reply, err)
+	return reply, err
+}
diff --git a/vendor/github.com/garyburd/redigo/redis/pool.go b/vendor/github.com/garyburd/redigo/redis/pool.go
new file mode 100644
index 000000000..9daf2e33f
--- /dev/null
+++ b/vendor/github.com/garyburd/redigo/redis/pool.go
@@ -0,0 +1,389 @@
+// Copyright 2012 Gary Burd
+//
+// Licensed under the Apache License, Version 2.0 (the "License"): you may
+// not use this file except in compliance with the License. You may obtain
+// a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+// WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+// License for the specific language governing permissions and limitations
+// under the License.
+
+package redis
+
+import (
+	"bytes"
+	"container/list"
+	"crypto/rand"
+	"crypto/sha1"
+	"errors"
+	"io"
+	"strconv"
+	"sync"
+	"time"
+
+	"github.com/garyburd/redigo/internal"
+)
+
+var nowFunc = time.Now // for testing
+
+// ErrPoolExhausted is returned from a pool connection method (Do, Send,
+// Receive, Flush, Err) when the maximum number of database connections in the
+// pool has been reached.
+var ErrPoolExhausted = errors.New("redigo: connection pool exhausted")
+
+var (
+	errPoolClosed = errors.New("redigo: connection pool closed")
+	errConnClosed = errors.New("redigo: connection closed")
+)
+
+// Pool maintains a pool of connections. The application calls the Get method
+// to get a connection from the pool and the connection's Close method to
+// return the connection's resources to the pool.
+//
+// The following example shows how to use a pool in a web application. The
+// application creates a pool at application startup and makes it available to
+// request handlers using a global variable.
+//
+//  func newPool(server, password string) *redis.Pool {
+//      return &redis.Pool{
+//          MaxIdle: 3,
+//          IdleTimeout: 240 * time.Second,
+//          Dial: func () (redis.Conn, error) {
+//              c, err := redis.Dial("tcp", server)
+//              if err != nil {
+//                  return nil, err
+//              }
+//              if _, err := c.Do("AUTH", password); err != nil {
+//                  c.Close()
+//                  return nil, err
+//              }
+//              return c, err
+//          },
+//          TestOnBorrow: func(c redis.Conn, t time.Time) error {
+//              _, err := c.Do("PING")
+//              return err
+//          },
+//      }
+//  }
+//
+//  var (
+//      pool *redis.Pool
+//      redisServer = flag.String("redisServer", ":6379", "")
+//      redisPassword = flag.String("redisPassword", "", "")
+//  )
+//
+//  func main() {
+//      flag.Parse()
+//      pool = newPool(*redisServer, *redisPassword)
+//      ...
+//  }
+//
+// A request handler gets a connection from the pool and closes the connection
+// when the handler is done:
+//
+//  func serveHome(w http.ResponseWriter, r *http.Request) {
+//      conn := pool.Get()
+//      defer conn.Close()
+//      ....
+//  }
+//
+type Pool struct {
+
+	// Dial is an application supplied function for creating and configuring a
+	// connection
+	Dial func() (Conn, error)
+
+	// TestOnBorrow is an optional application supplied function for checking
+	// the health of an idle connection before the connection is used again by
+	// the application. Argument t is the time that the connection was returned
+	// to the pool. If the function returns an error, then the connection is
+	// closed.
+	TestOnBorrow func(c Conn, t time.Time) error
+
+	// Maximum number of idle connections in the pool.
+	MaxIdle int
+
+	// Maximum number of connections allocated by the pool at a given time.
+	// When zero, there is no limit on the number of connections in the pool.
+	MaxActive int
+
+	// Close connections after remaining idle for this duration. If the value
+	// is zero, then idle connections are not closed. Applications should set
+	// the timeout to a value less than the server's timeout.
+	IdleTimeout time.Duration
+
+	// If Wait is true and the pool is at the MaxIdle limit, then Get() waits
+	// for a connection to be returned to the pool before returning.
+	Wait bool
+
+	// mu protects fields defined below.
+	mu     sync.Mutex
+	cond   *sync.Cond
+	closed bool
+	active int
+
+	// Stack of idleConn with most recently used at the front.
+	idle list.List
+}
+
+type idleConn struct {
+	c Conn
+	t time.Time
+}
+
+// NewPool creates a new pool. This function is deprecated. Applications should
+// initialize the Pool fields directly as shown in example.
+func NewPool(newFn func() (Conn, error), maxIdle int) *Pool {
+	return &Pool{Dial: newFn, MaxIdle: maxIdle}
+}
+
+// Get gets a connection. The application must close the returned connection.
+// This method always returns a valid connection so that applications can defer
+// error handling to the first use of the connection. If there is an error
+// getting an underlying connection, then the connection Err, Do, Send, Flush
+// and Receive methods return that error.
+func (p *Pool) Get() Conn {
+	c, err := p.get()
+	if err != nil {
+		return errorConnection{err}
+	}
+	return &pooledConnection{p: p, c: c}
+}
+
+// ActiveCount returns the number of active connections in the pool.
+func (p *Pool) ActiveCount() int {
+	p.mu.Lock()
+	active := p.active
+	p.mu.Unlock()
+	return active
+}
+
+// Close releases the resources used by the pool.
+func (p *Pool) Close() error {
+	p.mu.Lock()
+	idle := p.idle
+	p.idle.Init()
+	p.closed = true
+	p.active -= idle.Len()
+	if p.cond != nil {
+		p.cond.Broadcast()
+	}
+	p.mu.Unlock()
+	for e := idle.Front(); e != nil; e = e.Next() {
+		e.Value.(idleConn).c.Close()
+	}
+	return nil
+}
+
+// release decrements the active count and signals waiters. The caller must
+// hold p.mu during the call.
+func (p *Pool) release() {
+	p.active -= 1
+	if p.cond != nil {
+		p.cond.Signal()
+	}
+}
+
+// get prunes stale connections and returns a connection from the idle list or
+// creates a new connection.
+func (p *Pool) get() (Conn, error) {
+	p.mu.Lock()
+
+	// Prune stale connections.
+
+	if timeout := p.IdleTimeout; timeout > 0 {
+		for i, n := 0, p.idle.Len(); i < n; i++ {
+			e := p.idle.Back()
+			if e == nil {
+				break
+			}
+			ic := e.Value.(idleConn)
+			if ic.t.Add(timeout).After(nowFunc()) {
+				break
+			}
+			p.idle.Remove(e)
+			p.release()
+			p.mu.Unlock()
+			ic.c.Close()
+			p.mu.Lock()
+		}
+	}
+
+	for {
+
+		// Get idle connection.
+
+		for i, n := 0, p.idle.Len(); i < n; i++ {
+			e := p.idle.Front()
+			if e == nil {
+				break
+			}
+			ic := e.Value.(idleConn)
+			p.idle.Remove(e)
+			test := p.TestOnBorrow
+			p.mu.Unlock()
+			if test == nil || test(ic.c, ic.t) == nil {
+				return ic.c, nil
+			}
+			ic.c.Close()
+			p.mu.Lock()
+			p.release()
+		}
+
+		// Check for pool closed before dialing a new connection.
+
+		if p.closed {
+			p.mu.Unlock()
+			return nil, errors.New("redigo: get on closed pool")
+		}
+
+		// Dial new connection if under limit.
+
+		if p.MaxActive == 0 || p.active < p.MaxActive {
+			dial := p.Dial
+			p.active += 1
+			p.mu.Unlock()
+			c, err := dial()
+			if err != nil {
+				p.mu.Lock()
+				p.release()
+				p.mu.Unlock()
+				c = nil
+			}
+			return c, err
+		}
+
+		if !p.Wait {
+			p.mu.Unlock()
+			return nil, ErrPoolExhausted
+		}
+
+		if p.cond == nil {
+			p.cond = sync.NewCond(&p.mu)
+		}
+		p.cond.Wait()
+	}
+}
+
+func (p *Pool) put(c Conn, forceClose bool) error {
+	err := c.Err()
+	p.mu.Lock()
+	if !p.closed && err == nil && !forceClose {
+		p.idle.PushFront(idleConn{t: nowFunc(), c: c})
+		if p.idle.Len() > p.MaxIdle {
+			c = p.idle.Remove(p.idle.Back()).(idleConn).c
+		} else {
+			c = nil
+		}
+	}
+
+	if c == nil {
+		if p.cond != nil {
+			p.cond.Signal()
+		}
+		p.mu.Unlock()
+		return nil
+	}
+
+	p.release()
+	p.mu.Unlock()
+	return c.Close()
+}
+
+type pooledConnection struct {
+	p     *Pool
+	c     Conn
+	state int
+}
+
+var (
+	sentinel     []byte
+	sentinelOnce sync.Once
+)
+
+func initSentinel() {
+	p := make([]byte, 64)
+	if _, err := rand.Read(p); err == nil {
+		sentinel = p
+	} else {
+		h := sha1.New()
+		io.WriteString(h, "Oops, rand failed. Use time instead.")
+		io.WriteString(h, strconv.FormatInt(time.Now().UnixNano(), 10))
+		sentinel = h.Sum(nil)
+	}
+}
+
+func (pc *pooledConnection) Close() error {
+	c := pc.c
+	if _, ok := c.(errorConnection); ok {
+		return nil
+	}
+	pc.c = errorConnection{errConnClosed}
+
+	if pc.state&internal.MultiState != 0 {
+		c.Send("DISCARD")
+		pc.state &^= (internal.MultiState | internal.WatchState)
+	} else if pc.state&internal.WatchState != 0 {
+		c.Send("UNWATCH")
+		pc.state &^= internal.WatchState
+	}
+	if pc.state&internal.SubscribeState != 0 {
+		c.Send("UNSUBSCRIBE")
+		c.Send("PUNSUBSCRIBE")
+		// To detect the end of the message stream, ask the server to echo
+		// a sentinel value and read until we see that value.
+		sentinelOnce.Do(initSentinel)
+		c.Send("ECHO", sentinel)
+		c.Flush()
+		for {
+			p, err := c.Receive()
+			if err != nil {
+				break
+			}
+			if p, ok := p.([]byte); ok && bytes.Equal(p, sentinel) {
+				pc.state &^= internal.SubscribeState
+				break
+			}
+		}
+	}
+	c.Do("")
+	pc.p.put(c, pc.state != 0)
+	return nil
+}
+
+func (pc *pooledConnection) Err() error {
+	return pc.c.Err()
+}
+
+func (pc *pooledConnection) Do(commandName string, args ...interface{}) (reply interface{}, err error) {
+	ci := internal.LookupCommandInfo(commandName)
+	pc.state = (pc.state | ci.Set) &^ ci.Clear
+	return pc.c.Do(commandName, args...)
+}
+
+func (pc *pooledConnection) Send(commandName string, args ...interface{}) error {
+	ci := internal.LookupCommandInfo(commandName)
+	pc.state = (pc.state | ci.Set) &^ ci.Clear
+	return pc.c.Send(commandName, args...)
+}
+
+func (pc *pooledConnection) Flush() error {
+	return pc.c.Flush()
+}
+
+func (pc *pooledConnection) Receive() (reply interface{}, err error) {
+	return pc.c.Receive()
+}
+
+type errorConnection struct{ err error }
+
+func (ec errorConnection) Do(string, ...interface{}) (interface{}, error) { return nil, ec.err }
+func (ec errorConnection) Send(string, ...interface{}) error              { return ec.err }
+func (ec errorConnection) Err() error                                     { return ec.err }
+func (ec errorConnection) Close() error                                   { return ec.err }
+func (ec errorConnection) Flush() error                                   { return ec.err }
+func (ec errorConnection) Receive() (interface{}, error)                  { return nil, ec.err }
diff --git a/vendor/github.com/garyburd/redigo/redis/pubsub.go b/vendor/github.com/garyburd/redigo/redis/pubsub.go
new file mode 100644
index 000000000..f0790429f
--- /dev/null
+++ b/vendor/github.com/garyburd/redigo/redis/pubsub.go
@@ -0,0 +1,129 @@
+// Copyright 2012 Gary Burd
+//
+// Licensed under the Apache License, Version 2.0 (the "License"): you may
+// not use this file except in compliance with the License. You may obtain
+// a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+// WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+// License for the specific language governing permissions and limitations
+// under the License.
+
+package redis
+
+import (
+	"errors"
+)
+
+// Subscription represents a subscribe or unsubscribe notification.
+type Subscription struct {
+
+	// Kind is "subscribe", "unsubscribe", "psubscribe" or "punsubscribe"
+	Kind string
+
+	// The channel that was changed.
+	Channel string
+
+	// The current number of subscriptions for connection.
+	Count int
+}
+
+// Message represents a message notification.
+type Message struct {
+
+	// The originating channel.
+	Channel string
+
+	// The message data.
+	Data []byte
+}
+
+// PMessage represents a pmessage notification.
+type PMessage struct {
+
+	// The matched pattern.
+	Pattern string
+
+	// The originating channel.
+	Channel string
+
+	// The message data.
+	Data []byte
+}
+
+// PubSubConn wraps a Conn with convenience methods for subscribers.
+type PubSubConn struct {
+	Conn Conn
+}
+
+// Close closes the connection.
+func (c PubSubConn) Close() error {
+	return c.Conn.Close()
+}
+
+// Subscribe subscribes the connection to the specified channels.
+func (c PubSubConn) Subscribe(channel ...interface{}) error {
+	c.Conn.Send("SUBSCRIBE", channel...)
+	return c.Conn.Flush()
+}
+
+// PSubscribe subscribes the connection to the given patterns.
+func (c PubSubConn) PSubscribe(channel ...interface{}) error {
+	c.Conn.Send("PSUBSCRIBE", channel...)
+	return c.Conn.Flush()
+}
+
+// Unsubscribe unsubscribes the connection from the given channels, or from all
+// of them if none is given.
+func (c PubSubConn) Unsubscribe(channel ...interface{}) error {
+	c.Conn.Send("UNSUBSCRIBE", channel...)
+	return c.Conn.Flush()
+}
+
+// PUnsubscribe unsubscribes the connection from the given patterns, or from all
+// of them if none is given.
+func (c PubSubConn) PUnsubscribe(channel ...interface{}) error {
+	c.Conn.Send("PUNSUBSCRIBE", channel...)
+	return c.Conn.Flush()
+}
+
+// Receive returns a pushed message as a Subscription, Message, PMessage or
+// error. The return value is intended to be used directly in a type switch as
+// illustrated in the PubSubConn example.
+func (c PubSubConn) Receive() interface{} {
+	reply, err := Values(c.Conn.Receive())
+	if err != nil {
+		return err
+	}
+
+	var kind string
+	reply, err = Scan(reply, &kind)
+	if err != nil {
+		return err
+	}
+
+	switch kind {
+	case "message":
+		var m Message
+		if _, err := Scan(reply, &m.Channel, &m.Data); err != nil {
+			return err
+		}
+		return m
+	case "pmessage":
+		var pm PMessage
+		if _, err := Scan(reply, &pm.Pattern, &pm.Channel, &pm.Data); err != nil {
+			return err
+		}
+		return pm
+	case "subscribe", "psubscribe", "unsubscribe", "punsubscribe":
+		s := Subscription{Kind: kind}
+		if _, err := Scan(reply, &s.Channel, &s.Count); err != nil {
+			return err
+		}
+		return s
+	}
+	return errors.New("redigo: unknown pubsub notification")
+}
diff --git a/vendor/github.com/garyburd/redigo/redis/redis.go b/vendor/github.com/garyburd/redigo/redis/redis.go
new file mode 100644
index 000000000..c90a48ed4
--- /dev/null
+++ b/vendor/github.com/garyburd/redigo/redis/redis.go
@@ -0,0 +1,44 @@
+// Copyright 2012 Gary Burd
+//
+// Licensed under the Apache License, Version 2.0 (the "License"): you may
+// not use this file except in compliance with the License. You may obtain
+// a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+// WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+// License for the specific language governing permissions and limitations
+// under the License.
+
+package redis
+
+// Error represents an error returned in a command reply.
+type Error string
+
+func (err Error) Error() string { return string(err) }
+
+// Conn represents a connection to a Redis server.
+type Conn interface {
+	// Close closes the connection.
+	Close() error
+
+	// Err returns a non-nil value if the connection is broken. The returned
+	// value is either the first non-nil value returned from the underlying
+	// network connection or a protocol parsing error. Applications should
+	// close broken connections.
+	Err() error
+
+	// Do sends a command to the server and returns the received reply.
+	Do(commandName string, args ...interface{}) (reply interface{}, err error)
+
+	// Send writes the command to the client's output buffer.
+	Send(commandName string, args ...interface{}) error
+
+	// Flush flushes the output buffer to the Redis server.
+	Flush() error
+
+	// Receive receives a single reply from the Redis server
+	Receive() (reply interface{}, err error)
+}
diff --git a/vendor/github.com/garyburd/redigo/redis/reply.go b/vendor/github.com/garyburd/redigo/redis/reply.go
new file mode 100644
index 000000000..5648f930d
--- /dev/null
+++ b/vendor/github.com/garyburd/redigo/redis/reply.go
@@ -0,0 +1,312 @@
+// Copyright 2012 Gary Burd
+//
+// Licensed under the Apache License, Version 2.0 (the "License"): you may
+// not use this file except in compliance with the License. You may obtain
+// a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+// WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+// License for the specific language governing permissions and limitations
+// under the License.
+
+package redis
+
+import (
+	"errors"
+	"fmt"
+	"strconv"
+)
+
+// ErrNil indicates that a reply value is nil.
+var ErrNil = errors.New("redigo: nil returned")
+
+// Int is a helper that converts a command reply to an integer. If err is not
+// equal to nil, then Int returns 0, err. Otherwise, Int converts the
+// reply to an int as follows:
+//
+//  Reply type    Result
+//  integer       int(reply), nil
+//  bulk string   parsed reply, nil
+//  nil           0, ErrNil
+//  other         0, error
+func Int(reply interface{}, err error) (int, error) {
+	if err != nil {
+		return 0, err
+	}
+	switch reply := reply.(type) {
+	case int64:
+		x := int(reply)
+		if int64(x) != reply {
+			return 0, strconv.ErrRange
+		}
+		return x, nil
+	case []byte:
+		n, err := strconv.ParseInt(string(reply), 10, 0)
+		return int(n), err
+	case nil:
+		return 0, ErrNil
+	case Error:
+		return 0, reply
+	}
+	return 0, fmt.Errorf("redigo: unexpected type for Int, got type %T", reply)
+}
+
+// Int64 is a helper that converts a command reply to 64 bit integer. If err is
+// not equal to nil, then Int returns 0, err. Otherwise, Int64 converts the
+// reply to an int64 as follows:
+//
+//  Reply type    Result
+//  integer       reply, nil
+//  bulk string   parsed reply, nil
+//  nil           0, ErrNil
+//  other         0, error
+func Int64(reply interface{}, err error) (int64, error) {
+	if err != nil {
+		return 0, err
+	}
+	switch reply := reply.(type) {
+	case int64:
+		return reply, nil
+	case []byte:
+		n, err := strconv.ParseInt(string(reply), 10, 64)
+		return n, err
+	case nil:
+		return 0, ErrNil
+	case Error:
+		return 0, reply
+	}
+	return 0, fmt.Errorf("redigo: unexpected type for Int64, got type %T", reply)
+}
+
+var errNegativeInt = errors.New("redigo: unexpected value for Uint64")
+
+// Uint64 is a helper that converts a command reply to 64 bit integer. If err is
+// not equal to nil, then Int returns 0, err. Otherwise, Int64 converts the
+// reply to an int64 as follows:
+//
+//  Reply type    Result
+//  integer       reply, nil
+//  bulk string   parsed reply, nil
+//  nil           0, ErrNil
+//  other         0, error
+func Uint64(reply interface{}, err error) (uint64, error) {
+	if err != nil {
+		return 0, err
+	}
+	switch reply := reply.(type) {
+	case int64:
+		if reply < 0 {
+			return 0, errNegativeInt
+		}
+		return uint64(reply), nil
+	case []byte:
+		n, err := strconv.ParseUint(string(reply), 10, 64)
+		return n, err
+	case nil:
+		return 0, ErrNil
+	case Error:
+		return 0, reply
+	}
+	return 0, fmt.Errorf("redigo: unexpected type for Uint64, got type %T", reply)
+}
+
+// Float64 is a helper that converts a command reply to 64 bit float. If err is
+// not equal to nil, then Float64 returns 0, err. Otherwise, Float64 converts
+// the reply to an int as follows:
+//
+//  Reply type    Result
+//  bulk string   parsed reply, nil
+//  nil           0, ErrNil
+//  other         0, error
+func Float64(reply interface{}, err error) (float64, error) {
+	if err != nil {
+		return 0, err
+	}
+	switch reply := reply.(type) {
+	case []byte:
+		n, err := strconv.ParseFloat(string(reply), 64)
+		return n, err
+	case nil:
+		return 0, ErrNil
+	case Error:
+		return 0, reply
+	}
+	return 0, fmt.Errorf("redigo: unexpected type for Float64, got type %T", reply)
+}
+
+// String is a helper that converts a command reply to a string. If err is not
+// equal to nil, then String returns "", err. Otherwise String converts the
+// reply to a string as follows:
+//
+//  Reply type      Result
+//  bulk string     string(reply), nil
+//  simple string   reply, nil
+//  nil             "",  ErrNil
+//  other           "",  error
+func String(reply interface{}, err error) (string, error) {
+	if err != nil {
+		return "", err
+	}
+	switch reply := reply.(type) {
+	case []byte:
+		return string(reply), nil
+	case string:
+		return reply, nil
+	case nil:
+		return "", ErrNil
+	case Error:
+		return "", reply
+	}
+	return "", fmt.Errorf("redigo: unexpected type for String, got type %T", reply)
+}
+
+// Bytes is a helper that converts a command reply to a slice of bytes. If err
+// is not equal to nil, then Bytes returns nil, err. Otherwise Bytes converts
+// the reply to a slice of bytes as follows:
+//
+//  Reply type      Result
+//  bulk string     reply, nil
+//  simple string   []byte(reply), nil
+//  nil             nil, ErrNil
+//  other           nil, error
+func Bytes(reply interface{}, err error) ([]byte, error) {
+	if err != nil {
+		return nil, err
+	}
+	switch reply := reply.(type) {
+	case []byte:
+		return reply, nil
+	case string:
+		return []byte(reply), nil
+	case nil:
+		return nil, ErrNil
+	case Error:
+		return nil, reply
+	}
+	return nil, fmt.Errorf("redigo: unexpected type for Bytes, got type %T", reply)
+}
+
+// Bool is a helper that converts a command reply to a boolean. If err is not
+// equal to nil, then Bool returns false, err. Otherwise Bool converts the
+// reply to boolean as follows:
+//
+//  Reply type      Result
+//  integer         value != 0, nil
+//  bulk string     strconv.ParseBool(reply)
+//  nil             false, ErrNil
+//  other           false, error
+func Bool(reply interface{}, err error) (bool, error) {
+	if err != nil {
+		return false, err
+	}
+	switch reply := reply.(type) {
+	case int64:
+		return reply != 0, nil
+	case []byte:
+		return strconv.ParseBool(string(reply))
+	case nil:
+		return false, ErrNil
+	case Error:
+		return false, reply
+	}
+	return false, fmt.Errorf("redigo: unexpected type for Bool, got type %T", reply)
+}
+
+// MultiBulk is deprecated. Use Values.
+func MultiBulk(reply interface{}, err error) ([]interface{}, error) { return Values(reply, err) }
+
+// Values is a helper that converts an array command reply to a []interface{}.
+// If err is not equal to nil, then Values returns nil, err. Otherwise, Values
+// converts the reply as follows:
+//
+//  Reply type      Result
+//  array           reply, nil
+//  nil             nil, ErrNil
+//  other           nil, error
+func Values(reply interface{}, err error) ([]interface{}, error) {
+	if err != nil {
+		return nil, err
+	}
+	switch reply := reply.(type) {
+	case []interface{}:
+		return reply, nil
+	case nil:
+		return nil, ErrNil
+	case Error:
+		return nil, reply
+	}
+	return nil, fmt.Errorf("redigo: unexpected type for Values, got type %T", reply)
+}
+
+// Strings is a helper that converts an array command reply to a []string. If
+// err is not equal to nil, then Strings returns nil, err. Nil array items are
+// converted to "" in the output slice. Strings returns an error if an array
+// item is not a bulk string or nil.
+func Strings(reply interface{}, err error) ([]string, error) {
+	if err != nil {
+		return nil, err
+	}
+	switch reply := reply.(type) {
+	case []interface{}:
+		result := make([]string, len(reply))
+		for i := range reply {
+			if reply[i] == nil {
+				continue
+			}
+			p, ok := reply[i].([]byte)
+			if !ok {
+				return nil, fmt.Errorf("redigo: unexpected element type for Strings, got type %T", reply[i])
+			}
+			result[i] = string(p)
+		}
+		return result, nil
+	case nil:
+		return nil, ErrNil
+	case Error:
+		return nil, reply
+	}
+	return nil, fmt.Errorf("redigo: unexpected type for Strings, got type %T", reply)
+}
+
+// Ints is a helper that converts an array command reply to a []int. If
+// err is not equal to nil, then Ints returns nil, err.
+func Ints(reply interface{}, err error) ([]int, error) {
+	var ints []int
+	if reply == nil {
+		return ints, ErrNil
+	}
+	values, err := Values(reply, err)
+	if err != nil {
+		return ints, err
+	}
+	if err := ScanSlice(values, &ints); err != nil {
+		return ints, err
+	}
+	return ints, nil
+}
+
+// StringMap is a helper that converts an array of strings (alternating key, value)
+// into a map[string]string. The HGETALL and CONFIG GET commands return replies in this format.
+// Requires an even number of values in result.
+func StringMap(result interface{}, err error) (map[string]string, error) {
+	values, err := Values(result, err)
+	if err != nil {
+		return nil, err
+	}
+	if len(values)%2 != 0 {
+		return nil, errors.New("redigo: StringMap expects even number of values result")
+	}
+	m := make(map[string]string, len(values)/2)
+	for i := 0; i < len(values); i += 2 {
+		key, okKey := values[i].([]byte)
+		value, okValue := values[i+1].([]byte)
+		if !okKey || !okValue {
+			return nil, errors.New("redigo: ScanMap key not a bulk string value")
+		}
+		m[string(key)] = string(value)
+	}
+	return m, nil
+}
diff --git a/vendor/github.com/garyburd/redigo/redis/scan.go b/vendor/github.com/garyburd/redigo/redis/scan.go
new file mode 100644
index 000000000..8c9cfa18d
--- /dev/null
+++ b/vendor/github.com/garyburd/redigo/redis/scan.go
@@ -0,0 +1,513 @@
+// Copyright 2012 Gary Burd
+//
+// Licensed under the Apache License, Version 2.0 (the "License"): you may
+// not use this file except in compliance with the License. You may obtain
+// a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+// WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+// License for the specific language governing permissions and limitations
+// under the License.
+
+package redis
+
+import (
+	"errors"
+	"fmt"
+	"reflect"
+	"strconv"
+	"strings"
+	"sync"
+)
+
+func ensureLen(d reflect.Value, n int) {
+	if n > d.Cap() {
+		d.Set(reflect.MakeSlice(d.Type(), n, n))
+	} else {
+		d.SetLen(n)
+	}
+}
+
+func cannotConvert(d reflect.Value, s interface{}) error {
+	return fmt.Errorf("redigo: Scan cannot convert from %s to %s",
+		reflect.TypeOf(s), d.Type())
+}
+
+func convertAssignBytes(d reflect.Value, s []byte) (err error) {
+	switch d.Type().Kind() {
+	case reflect.Float32, reflect.Float64:
+		var x float64
+		x, err = strconv.ParseFloat(string(s), d.Type().Bits())
+		d.SetFloat(x)
+	case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64:
+		var x int64
+		x, err = strconv.ParseInt(string(s), 10, d.Type().Bits())
+		d.SetInt(x)
+	case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64:
+		var x uint64
+		x, err = strconv.ParseUint(string(s), 10, d.Type().Bits())
+		d.SetUint(x)
+	case reflect.Bool:
+		var x bool
+		x, err = strconv.ParseBool(string(s))
+		d.SetBool(x)
+	case reflect.String:
+		d.SetString(string(s))
+	case reflect.Slice:
+		if d.Type().Elem().Kind() != reflect.Uint8 {
+			err = cannotConvert(d, s)
+		} else {
+			d.SetBytes(s)
+		}
+	default:
+		err = cannotConvert(d, s)
+	}
+	return
+}
+
+func convertAssignInt(d reflect.Value, s int64) (err error) {
+	switch d.Type().Kind() {
+	case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64:
+		d.SetInt(s)
+		if d.Int() != s {
+			err = strconv.ErrRange
+			d.SetInt(0)
+		}
+	case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64:
+		if s < 0 {
+			err = strconv.ErrRange
+		} else {
+			x := uint64(s)
+			d.SetUint(x)
+			if d.Uint() != x {
+				err = strconv.ErrRange
+				d.SetUint(0)
+			}
+		}
+	case reflect.Bool:
+		d.SetBool(s != 0)
+	default:
+		err = cannotConvert(d, s)
+	}
+	return
+}
+
+func convertAssignValue(d reflect.Value, s interface{}) (err error) {
+	switch s := s.(type) {
+	case []byte:
+		err = convertAssignBytes(d, s)
+	case int64:
+		err = convertAssignInt(d, s)
+	default:
+		err = cannotConvert(d, s)
+	}
+	return err
+}
+
+func convertAssignValues(d reflect.Value, s []interface{}) error {
+	if d.Type().Kind() != reflect.Slice {
+		return cannotConvert(d, s)
+	}
+	ensureLen(d, len(s))
+	for i := 0; i < len(s); i++ {
+		if err := convertAssignValue(d.Index(i), s[i]); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func convertAssign(d interface{}, s interface{}) (err error) {
+	// Handle the most common destination types using type switches and
+	// fall back to reflection for all other types.
+	switch s := s.(type) {
+	case nil:
+		// ingore
+	case []byte:
+		switch d := d.(type) {
+		case *string:
+			*d = string(s)
+		case *int:
+			*d, err = strconv.Atoi(string(s))
+		case *bool:
+			*d, err = strconv.ParseBool(string(s))
+		case *[]byte:
+			*d = s
+		case *interface{}:
+			*d = s
+		case nil:
+			// skip value
+		default:
+			if d := reflect.ValueOf(d); d.Type().Kind() != reflect.Ptr {
+				err = cannotConvert(d, s)
+			} else {
+				err = convertAssignBytes(d.Elem(), s)
+			}
+		}
+	case int64:
+		switch d := d.(type) {
+		case *int:
+			x := int(s)
+			if int64(x) != s {
+				err = strconv.ErrRange
+				x = 0
+			}
+			*d = x
+		case *bool:
+			*d = s != 0
+		case *interface{}:
+			*d = s
+		case nil:
+			// skip value
+		default:
+			if d := reflect.ValueOf(d); d.Type().Kind() != reflect.Ptr {
+				err = cannotConvert(d, s)
+			} else {
+				err = convertAssignInt(d.Elem(), s)
+			}
+		}
+	case []interface{}:
+		switch d := d.(type) {
+		case *[]interface{}:
+			*d = s
+		case *interface{}:
+			*d = s
+		case nil:
+			// skip value
+		default:
+			if d := reflect.ValueOf(d); d.Type().Kind() != reflect.Ptr {
+				err = cannotConvert(d, s)
+			} else {
+				err = convertAssignValues(d.Elem(), s)
+			}
+		}
+	case Error:
+		err = s
+	default:
+		err = cannotConvert(reflect.ValueOf(d), s)
+	}
+	return
+}
+
+// Scan copies from src to the values pointed at by dest.
+//
+// The values pointed at by dest must be an integer, float, boolean, string,
+// []byte, interface{} or slices of these types. Scan uses the standard strconv
+// package to convert bulk strings to numeric and boolean types.
+//
+// If a dest value is nil, then the corresponding src value is skipped.
+//
+// If a src element is nil, then the corresponding dest value is not modified.
+//
+// To enable easy use of Scan in a loop, Scan returns the slice of src
+// following the copied values.
+func Scan(src []interface{}, dest ...interface{}) ([]interface{}, error) {
+	if len(src) < len(dest) {
+		return nil, errors.New("redigo: Scan array short")
+	}
+	var err error
+	for i, d := range dest {
+		err = convertAssign(d, src[i])
+		if err != nil {
+			break
+		}
+	}
+	return src[len(dest):], err
+}
+
+type fieldSpec struct {
+	name  string
+	index []int
+	//omitEmpty bool
+}
+
+type structSpec struct {
+	m map[string]*fieldSpec
+	l []*fieldSpec
+}
+
+func (ss *structSpec) fieldSpec(name []byte) *fieldSpec {
+	return ss.m[string(name)]
+}
+
+func compileStructSpec(t reflect.Type, depth map[string]int, index []int, ss *structSpec) {
+	for i := 0; i < t.NumField(); i++ {
+		f := t.Field(i)
+		switch {
+		case f.PkgPath != "":
+			// Ignore unexported fields.
+		case f.Anonymous:
+			// TODO: Handle pointers. Requires change to decoder and
+			// protection against infinite recursion.
+			if f.Type.Kind() == reflect.Struct {
+				compileStructSpec(f.Type, depth, append(index, i), ss)
+			}
+		default:
+			fs := &fieldSpec{name: f.Name}
+			tag := f.Tag.Get("redis")
+			p := strings.Split(tag, ",")
+			if len(p) > 0 {
+				if p[0] == "-" {
+					continue
+				}
+				if len(p[0]) > 0 {
+					fs.name = p[0]
+				}
+				for _, s := range p[1:] {
+					switch s {
+					//case "omitempty":
+					//  fs.omitempty = true
+					default:
+						panic(errors.New("redigo: unknown field flag " + s + " for type " + t.Name()))
+					}
+				}
+			}
+			d, found := depth[fs.name]
+			if !found {
+				d = 1 << 30
+			}
+			switch {
+			case len(index) == d:
+				// At same depth, remove from result.
+				delete(ss.m, fs.name)
+				j := 0
+				for i := 0; i < len(ss.l); i++ {
+					if fs.name != ss.l[i].name {
+						ss.l[j] = ss.l[i]
+						j += 1
+					}
+				}
+				ss.l = ss.l[:j]
+			case len(index) < d:
+				fs.index = make([]int, len(index)+1)
+				copy(fs.index, index)
+				fs.index[len(index)] = i
+				depth[fs.name] = len(index)
+				ss.m[fs.name] = fs
+				ss.l = append(ss.l, fs)
+			}
+		}
+	}
+}
+
+var (
+	structSpecMutex  sync.RWMutex
+	structSpecCache  = make(map[reflect.Type]*structSpec)
+	defaultFieldSpec = &fieldSpec{}
+)
+
+func structSpecForType(t reflect.Type) *structSpec {
+
+	structSpecMutex.RLock()
+	ss, found := structSpecCache[t]
+	structSpecMutex.RUnlock()
+	if found {
+		return ss
+	}
+
+	structSpecMutex.Lock()
+	defer structSpecMutex.Unlock()
+	ss, found = structSpecCache[t]
+	if found {
+		return ss
+	}
+
+	ss = &structSpec{m: make(map[string]*fieldSpec)}
+	compileStructSpec(t, make(map[string]int), nil, ss)
+	structSpecCache[t] = ss
+	return ss
+}
+
+var errScanStructValue = errors.New("redigo: ScanStruct value must be non-nil pointer to a struct")
+
+// ScanStruct scans alternating names and values from src to a struct. The
+// HGETALL and CONFIG GET commands return replies in this format.
+//
+// ScanStruct uses exported field names to match values in the response. Use
+// 'redis' field tag to override the name:
+//
+//      Field int `redis:"myName"`
+//
+// Fields with the tag redis:"-" are ignored.
+//
+// Integer, float, boolean, string and []byte fields are supported. Scan uses the
+// standard strconv package to convert bulk string values to numeric and
+// boolean types.
+//
+// If a src element is nil, then the corresponding field is not modified.
+func ScanStruct(src []interface{}, dest interface{}) error {
+	d := reflect.ValueOf(dest)
+	if d.Kind() != reflect.Ptr || d.IsNil() {
+		return errScanStructValue
+	}
+	d = d.Elem()
+	if d.Kind() != reflect.Struct {
+		return errScanStructValue
+	}
+	ss := structSpecForType(d.Type())
+
+	if len(src)%2 != 0 {
+		return errors.New("redigo: ScanStruct expects even number of values in values")
+	}
+
+	for i := 0; i < len(src); i += 2 {
+		s := src[i+1]
+		if s == nil {
+			continue
+		}
+		name, ok := src[i].([]byte)
+		if !ok {
+			return errors.New("redigo: ScanStruct key not a bulk string value")
+		}
+		fs := ss.fieldSpec(name)
+		if fs == nil {
+			continue
+		}
+		if err := convertAssignValue(d.FieldByIndex(fs.index), s); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+var (
+	errScanSliceValue = errors.New("redigo: ScanSlice dest must be non-nil pointer to a struct")
+)
+
+// ScanSlice scans src to the slice pointed to by dest. The elements the dest
+// slice must be integer, float, boolean, string, struct or pointer to struct
+// values.
+//
+// Struct fields must be integer, float, boolean or string values. All struct
+// fields are used unless a subset is specified using fieldNames.
+func ScanSlice(src []interface{}, dest interface{}, fieldNames ...string) error {
+	d := reflect.ValueOf(dest)
+	if d.Kind() != reflect.Ptr || d.IsNil() {
+		return errScanSliceValue
+	}
+	d = d.Elem()
+	if d.Kind() != reflect.Slice {
+		return errScanSliceValue
+	}
+
+	isPtr := false
+	t := d.Type().Elem()
+	if t.Kind() == reflect.Ptr && t.Elem().Kind() == reflect.Struct {
+		isPtr = true
+		t = t.Elem()
+	}
+
+	if t.Kind() != reflect.Struct {
+		ensureLen(d, len(src))
+		for i, s := range src {
+			if s == nil {
+				continue
+			}
+			if err := convertAssignValue(d.Index(i), s); err != nil {
+				return err
+			}
+		}
+		return nil
+	}
+
+	ss := structSpecForType(t)
+	fss := ss.l
+	if len(fieldNames) > 0 {
+		fss = make([]*fieldSpec, len(fieldNames))
+		for i, name := range fieldNames {
+			fss[i] = ss.m[name]
+			if fss[i] == nil {
+				return errors.New("redigo: ScanSlice bad field name " + name)
+			}
+		}
+	}
+
+	if len(fss) == 0 {
+		return errors.New("redigo: ScanSlice no struct fields")
+	}
+
+	n := len(src) / len(fss)
+	if n*len(fss) != len(src) {
+		return errors.New("redigo: ScanSlice length not a multiple of struct field count")
+	}
+
+	ensureLen(d, n)
+	for i := 0; i < n; i++ {
+		d := d.Index(i)
+		if isPtr {
+			if d.IsNil() {
+				d.Set(reflect.New(t))
+			}
+			d = d.Elem()
+		}
+		for j, fs := range fss {
+			s := src[i*len(fss)+j]
+			if s == nil {
+				continue
+			}
+			if err := convertAssignValue(d.FieldByIndex(fs.index), s); err != nil {
+				return err
+			}
+		}
+	}
+	return nil
+}
+
+// Args is a helper for constructing command arguments from structured values.
+type Args []interface{}
+
+// Add returns the result of appending value to args.
+func (args Args) Add(value ...interface{}) Args {
+	return append(args, value...)
+}
+
+// AddFlat returns the result of appending the flattened value of v to args.
+//
+// Maps are flattened by appending the alternating keys and map values to args.
+//
+// Slices are flattened by appending the slice elements to args.
+//
+// Structs are flattened by appending the alternating names and values of
+// exported fields to args. If v is a nil struct pointer, then nothing is
+// appended. The 'redis' field tag overrides struct field names. See ScanStruct
+// for more information on the use of the 'redis' field tag.
+//
+// Other types are appended to args as is.
+func (args Args) AddFlat(v interface{}) Args {
+	rv := reflect.ValueOf(v)
+	switch rv.Kind() {
+	case reflect.Struct:
+		args = flattenStruct(args, rv)
+	case reflect.Slice:
+		for i := 0; i < rv.Len(); i++ {
+			args = append(args, rv.Index(i).Interface())
+		}
+	case reflect.Map:
+		for _, k := range rv.MapKeys() {
+			args = append(args, k.Interface(), rv.MapIndex(k).Interface())
+		}
+	case reflect.Ptr:
+		if rv.Type().Elem().Kind() == reflect.Struct {
+			if !rv.IsNil() {
+				args = flattenStruct(args, rv.Elem())
+			}
+		} else {
+			args = append(args, v)
+		}
+	default:
+		args = append(args, v)
+	}
+	return args
+}
+
+func flattenStruct(args Args, v reflect.Value) Args {
+	ss := structSpecForType(v.Type())
+	for _, fs := range ss.l {
+		fv := v.FieldByIndex(fs.index)
+		args = append(args, fs.name, fv.Interface())
+	}
+	return args
+}
diff --git a/vendor/github.com/garyburd/redigo/redis/script.go b/vendor/github.com/garyburd/redigo/redis/script.go
new file mode 100644
index 000000000..78605a90a
--- /dev/null
+++ b/vendor/github.com/garyburd/redigo/redis/script.go
@@ -0,0 +1,86 @@
+// Copyright 2012 Gary Burd
+//
+// Licensed under the Apache License, Version 2.0 (the "License"): you may
+// not use this file except in compliance with the License. You may obtain
+// a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+// WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+// License for the specific language governing permissions and limitations
+// under the License.
+
+package redis
+
+import (
+	"crypto/sha1"
+	"encoding/hex"
+	"io"
+	"strings"
+)
+
+// Script encapsulates the source, hash and key count for a Lua script. See
+// http://redis.io/commands/eval for information on scripts in Redis.
+type Script struct {
+	keyCount int
+	src      string
+	hash     string
+}
+
+// NewScript returns a new script object. If keyCount is greater than or equal
+// to zero, then the count is automatically inserted in the EVAL command
+// argument list. If keyCount is less than zero, then the application supplies
+// the count as the first value in the keysAndArgs argument to the Do, Send and
+// SendHash methods.
+func NewScript(keyCount int, src string) *Script {
+	h := sha1.New()
+	io.WriteString(h, src)
+	return &Script{keyCount, src, hex.EncodeToString(h.Sum(nil))}
+}
+
+func (s *Script) args(spec string, keysAndArgs []interface{}) []interface{} {
+	var args []interface{}
+	if s.keyCount < 0 {
+		args = make([]interface{}, 1+len(keysAndArgs))
+		args[0] = spec
+		copy(args[1:], keysAndArgs)
+	} else {
+		args = make([]interface{}, 2+len(keysAndArgs))
+		args[0] = spec
+		args[1] = s.keyCount
+		copy(args[2:], keysAndArgs)
+	}
+	return args
+}
+
+// Do evaluates the script. Under the covers, Do optimistically evaluates the
+// script using the EVALSHA command. If the command fails because the script is
+// not loaded, then Do evaluates the script using the EVAL command (thus
+// causing the script to load).
+func (s *Script) Do(c Conn, keysAndArgs ...interface{}) (interface{}, error) {
+	v, err := c.Do("EVALSHA", s.args(s.hash, keysAndArgs)...)
+	if e, ok := err.(Error); ok && strings.HasPrefix(string(e), "NOSCRIPT ") {
+		v, err = c.Do("EVAL", s.args(s.src, keysAndArgs)...)
+	}
+	return v, err
+}
+
+// SendHash evaluates the script without waiting for the reply. The script is
+// evaluated with the EVALSHA command. The application must ensure that the
+// script is loaded by a previous call to Send, Do or Load methods.
+func (s *Script) SendHash(c Conn, keysAndArgs ...interface{}) error {
+	return c.Send("EVALSHA", s.args(s.hash, keysAndArgs)...)
+}
+
+// Send evaluates the script without waiting for the reply.
+func (s *Script) Send(c Conn, keysAndArgs ...interface{}) error {
+	return c.Send("EVAL", s.args(s.src, keysAndArgs)...)
+}
+
+// Load loads the script without evaluating it.
+func (s *Script) Load(c Conn) error {
+	_, err := c.Do("SCRIPT", "LOAD", s.src)
+	return err
+}
diff --git a/vendor/github.com/gofrs/uuid/.gitignore b/vendor/github.com/gofrs/uuid/.gitignore
new file mode 100644
index 000000000..666dbbb5b
--- /dev/null
+++ b/vendor/github.com/gofrs/uuid/.gitignore
@@ -0,0 +1,15 @@
+# Binaries for programs and plugins
+*.exe
+*.exe~
+*.dll
+*.so
+*.dylib
+
+# Test binary, build with `go test -c`
+*.test
+
+# Output of the go coverage tool, specifically when used with LiteIDE
+*.out
+
+# binary bundle generated by go-fuzz
+uuid-fuzz.zip
diff --git a/vendor/github.com/gofrs/uuid/LICENSE b/vendor/github.com/gofrs/uuid/LICENSE
new file mode 100644
index 000000000..926d54987
--- /dev/null
+++ b/vendor/github.com/gofrs/uuid/LICENSE
@@ -0,0 +1,20 @@
+Copyright (C) 2013-2018 by Maxim Bublis <b@codemonkey.ru>
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/vendor/github.com/gofrs/uuid/README.md b/vendor/github.com/gofrs/uuid/README.md
new file mode 100644
index 000000000..4f73bec82
--- /dev/null
+++ b/vendor/github.com/gofrs/uuid/README.md
@@ -0,0 +1,117 @@
+# UUID
+
+[![License](https://img.shields.io/github/license/gofrs/uuid.svg)](https://github.com/gofrs/uuid/blob/master/LICENSE)
+[![Build Status](https://travis-ci.org/gofrs/uuid.svg?branch=master)](https://travis-ci.org/gofrs/uuid)
+[![GoDoc](http://godoc.org/github.com/gofrs/uuid?status.svg)](http://godoc.org/github.com/gofrs/uuid)
+[![Coverage Status](https://codecov.io/gh/gofrs/uuid/branch/master/graphs/badge.svg?branch=master)](https://codecov.io/gh/gofrs/uuid/)
+[![Go Report Card](https://goreportcard.com/badge/github.com/gofrs/uuid)](https://goreportcard.com/report/github.com/gofrs/uuid)
+
+Package uuid provides a pure Go implementation of Universally Unique Identifiers
+(UUID) variant as defined in RFC-4122. This package supports both the creation
+and parsing of UUIDs in different formats.
+
+This package supports the following UUID versions:
+* Version 1, based on timestamp and MAC address (RFC-4122)
+* Version 3, based on MD5 hashing of a named value (RFC-4122)
+* Version 4, based on random numbers (RFC-4122)
+* Version 5, based on SHA-1 hashing of a named value (RFC-4122)
+
+This package also supports experimental Universally Unique Identifier implementations based on a
+[draft RFC](https://www.ietf.org/archive/id/draft-peabody-dispatch-new-uuid-format-04.html) that updates RFC-4122
+* Version 6, a k-sortable id based on timestamp, and field-compatible with v1 (draft-peabody-dispatch-new-uuid-format, RFC-4122)
+* Version 7, a k-sortable id based on timestamp (draft-peabody-dispatch-new-uuid-format, RFC-4122)
+
+The v6 and v7 IDs are **not** considered a part of the stable API, and may be subject to behavior or API changes as part of minor releases
+to this package. They will be updated as the draft RFC changes, and will become stable if and when the draft RFC is accepted.
+
+## Project History
+
+This project was originally forked from the
+[github.com/satori/go.uuid](https://github.com/satori/go.uuid) repository after
+it appeared to be no longer maintained, while exhibiting [critical
+flaws](https://github.com/satori/go.uuid/issues/73). We have decided to take
+over this project to ensure it receives regular maintenance for the benefit of
+the larger Go community.
+
+We'd like to thank Maxim Bublis for his hard work on the original iteration of
+the package.
+
+## License
+
+This source code of this package is released under the MIT License. Please see
+the [LICENSE](https://github.com/gofrs/uuid/blob/master/LICENSE) for the full
+content of the license.
+
+## Recommended Package Version
+
+We recommend using v2.0.0+ of this package, as versions prior to 2.0.0 were
+created before our fork of the original package and have some known
+deficiencies.
+
+## Installation
+
+It is recommended to use a package manager like `dep` that understands tagged
+releases of a package, as well as semantic versioning.
+
+If you are unable to make use of a dependency manager with your project, you can
+use the `go get` command to download it directly:
+
+```Shell
+$ go get github.com/gofrs/uuid
+```
+
+## Requirements
+
+Due to subtests not being supported in older versions of Go, this package is
+only regularly tested against Go 1.7+. This package may work perfectly fine with
+Go 1.2+, but support for these older versions is not actively maintained.
+
+## Go 1.11 Modules
+
+As of v3.2.0, this repository no longer adopts Go modules, and v3.2.0 no longer has a `go.mod` file.  As a result, v3.2.0 also drops support for the `github.com/gofrs/uuid/v3` import path. Only module-based consumers are impacted.  With the v3.2.0 release, _all_ gofrs/uuid consumers should use the `github.com/gofrs/uuid` import path.
+
+An existing module-based consumer will continue to be able to build using the `github.com/gofrs/uuid/v3` import path using any valid consumer `go.mod` that worked prior to the publishing of v3.2.0, but any module-based consumer should start using the `github.com/gofrs/uuid` import path when possible and _must_ use the `github.com/gofrs/uuid` import path prior to upgrading to v3.2.0.
+
+Please refer to [Issue #61](https://github.com/gofrs/uuid/issues/61) and [Issue #66](https://github.com/gofrs/uuid/issues/66) for more details.
+
+## Usage
+
+Here is a quick overview of how to use this package. For more detailed
+documentation, please see the [GoDoc Page](http://godoc.org/github.com/gofrs/uuid).
+
+```go
+package main
+
+import (
+	"log"
+
+	"github.com/gofrs/uuid"
+)
+
+// Create a Version 4 UUID, panicking on error.
+// Use this form to initialize package-level variables.
+var u1 = uuid.Must(uuid.NewV4())
+
+func main() {
+	// Create a Version 4 UUID.
+	u2, err := uuid.NewV4()
+	if err != nil {
+		log.Fatalf("failed to generate UUID: %v", err)
+	}
+	log.Printf("generated Version 4 UUID %v", u2)
+
+	// Parse a UUID from a string.
+	s := "6ba7b810-9dad-11d1-80b4-00c04fd430c8"
+	u3, err := uuid.FromString(s)
+	if err != nil {
+		log.Fatalf("failed to parse UUID %q: %v", s, err)
+	}
+	log.Printf("successfully parsed UUID %v", u3)
+}
+```
+
+## References
+
+* [RFC-4122](https://tools.ietf.org/html/rfc4122)
+* [DCE 1.1: Authentication and Security Services](http://pubs.opengroup.org/onlinepubs/9696989899/chap5.htm#tagcjh_08_02_01_01)
+* [New UUID Formats RFC Draft (Peabody) Rev 04](https://www.ietf.org/archive/id/draft-peabody-dispatch-new-uuid-format-04.html#)
diff --git a/vendor/github.com/gofrs/uuid/codec.go b/vendor/github.com/gofrs/uuid/codec.go
new file mode 100644
index 000000000..665026414
--- /dev/null
+++ b/vendor/github.com/gofrs/uuid/codec.go
@@ -0,0 +1,234 @@
+// Copyright (C) 2013-2018 by Maxim Bublis <b@codemonkey.ru>
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+//
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+package uuid
+
+import (
+	"errors"
+	"fmt"
+)
+
+// FromBytes returns a UUID generated from the raw byte slice input.
+// It will return an error if the slice isn't 16 bytes long.
+func FromBytes(input []byte) (UUID, error) {
+	u := UUID{}
+	err := u.UnmarshalBinary(input)
+	return u, err
+}
+
+// FromBytesOrNil returns a UUID generated from the raw byte slice input.
+// Same behavior as FromBytes(), but returns uuid.Nil instead of an error.
+func FromBytesOrNil(input []byte) UUID {
+	uuid, err := FromBytes(input)
+	if err != nil {
+		return Nil
+	}
+	return uuid
+}
+
+var errInvalidFormat = errors.New("uuid: invalid UUID format")
+
+func fromHexChar(c byte) byte {
+	switch {
+	case '0' <= c && c <= '9':
+		return c - '0'
+	case 'a' <= c && c <= 'f':
+		return c - 'a' + 10
+	case 'A' <= c && c <= 'F':
+		return c - 'A' + 10
+	}
+	return 255
+}
+
+// Parse parses the UUID stored in the string text. Parsing and supported
+// formats are the same as UnmarshalText.
+func (u *UUID) Parse(s string) error {
+	switch len(s) {
+	case 32: // hash
+	case 36: // canonical
+	case 34, 38:
+		if s[0] != '{' || s[len(s)-1] != '}' {
+			return fmt.Errorf("uuid: incorrect UUID format in string %q", s)
+		}
+		s = s[1 : len(s)-1]
+	case 41, 45:
+		if s[:9] != "urn:uuid:" {
+			return fmt.Errorf("uuid: incorrect UUID format in string %q", s[:9])
+		}
+		s = s[9:]
+	default:
+		return fmt.Errorf("uuid: incorrect UUID length %d in string %q", len(s), s)
+	}
+	// canonical
+	if len(s) == 36 {
+		if s[8] != '-' || s[13] != '-' || s[18] != '-' || s[23] != '-' {
+			return fmt.Errorf("uuid: incorrect UUID format in string %q", s)
+		}
+		for i, x := range [16]byte{
+			0, 2, 4, 6,
+			9, 11,
+			14, 16,
+			19, 21,
+			24, 26, 28, 30, 32, 34,
+		} {
+			v1 := fromHexChar(s[x])
+			v2 := fromHexChar(s[x+1])
+			if v1|v2 == 255 {
+				return errInvalidFormat
+			}
+			u[i] = (v1 << 4) | v2
+		}
+		return nil
+	}
+	// hash like
+	for i := 0; i < 32; i += 2 {
+		v1 := fromHexChar(s[i])
+		v2 := fromHexChar(s[i+1])
+		if v1|v2 == 255 {
+			return errInvalidFormat
+		}
+		u[i/2] = (v1 << 4) | v2
+	}
+	return nil
+}
+
+// FromString returns a UUID parsed from the input string.
+// Input is expected in a form accepted by UnmarshalText.
+func FromString(text string) (UUID, error) {
+	var u UUID
+	err := u.Parse(text)
+	return u, err
+}
+
+// FromStringOrNil returns a UUID parsed from the input string.
+// Same behavior as FromString(), but returns uuid.Nil instead of an error.
+func FromStringOrNil(input string) UUID {
+	uuid, err := FromString(input)
+	if err != nil {
+		return Nil
+	}
+	return uuid
+}
+
+// MarshalText implements the encoding.TextMarshaler interface.
+// The encoding is the same as returned by the String() method.
+func (u UUID) MarshalText() ([]byte, error) {
+	var buf [36]byte
+	encodeCanonical(buf[:], u)
+	return buf[:], nil
+}
+
+// UnmarshalText implements the encoding.TextUnmarshaler interface.
+// Following formats are supported:
+//
+//	"6ba7b810-9dad-11d1-80b4-00c04fd430c8",
+//	"{6ba7b810-9dad-11d1-80b4-00c04fd430c8}",
+//	"urn:uuid:6ba7b810-9dad-11d1-80b4-00c04fd430c8"
+//	"6ba7b8109dad11d180b400c04fd430c8"
+//	"{6ba7b8109dad11d180b400c04fd430c8}",
+//	"urn:uuid:6ba7b8109dad11d180b400c04fd430c8"
+//
+// ABNF for supported UUID text representation follows:
+//
+//	URN := 'urn'
+//	UUID-NID := 'uuid'
+//
+//	hexdig := '0' | '1' | '2' | '3' | '4' | '5' | '6' | '7' | '8' | '9' |
+//	          'a' | 'b' | 'c' | 'd' | 'e' | 'f' |
+//	          'A' | 'B' | 'C' | 'D' | 'E' | 'F'
+//
+//	hexoct := hexdig hexdig
+//	2hexoct := hexoct hexoct
+//	4hexoct := 2hexoct 2hexoct
+//	6hexoct := 4hexoct 2hexoct
+//	12hexoct := 6hexoct 6hexoct
+//
+//	hashlike := 12hexoct
+//	canonical := 4hexoct '-' 2hexoct '-' 2hexoct '-' 6hexoct
+//
+//	plain := canonical | hashlike
+//	uuid := canonical | hashlike | braced | urn
+//
+//	braced := '{' plain '}' | '{' hashlike  '}'
+//	urn := URN ':' UUID-NID ':' plain
+func (u *UUID) UnmarshalText(b []byte) error {
+	switch len(b) {
+	case 32: // hash
+	case 36: // canonical
+	case 34, 38:
+		if b[0] != '{' || b[len(b)-1] != '}' {
+			return fmt.Errorf("uuid: incorrect UUID format in string %q", b)
+		}
+		b = b[1 : len(b)-1]
+	case 41, 45:
+		if string(b[:9]) != "urn:uuid:" {
+			return fmt.Errorf("uuid: incorrect UUID format in string %q", b[:9])
+		}
+		b = b[9:]
+	default:
+		return fmt.Errorf("uuid: incorrect UUID length %d in string %q", len(b), b)
+	}
+	if len(b) == 36 {
+		if b[8] != '-' || b[13] != '-' || b[18] != '-' || b[23] != '-' {
+			return fmt.Errorf("uuid: incorrect UUID format in string %q", b)
+		}
+		for i, x := range [16]byte{
+			0, 2, 4, 6,
+			9, 11,
+			14, 16,
+			19, 21,
+			24, 26, 28, 30, 32, 34,
+		} {
+			v1 := fromHexChar(b[x])
+			v2 := fromHexChar(b[x+1])
+			if v1|v2 == 255 {
+				return errInvalidFormat
+			}
+			u[i] = (v1 << 4) | v2
+		}
+		return nil
+	}
+	for i := 0; i < 32; i += 2 {
+		v1 := fromHexChar(b[i])
+		v2 := fromHexChar(b[i+1])
+		if v1|v2 == 255 {
+			return errInvalidFormat
+		}
+		u[i/2] = (v1 << 4) | v2
+	}
+	return nil
+}
+
+// MarshalBinary implements the encoding.BinaryMarshaler interface.
+func (u UUID) MarshalBinary() ([]byte, error) {
+	return u.Bytes(), nil
+}
+
+// UnmarshalBinary implements the encoding.BinaryUnmarshaler interface.
+// It will return an error if the slice isn't 16 bytes long.
+func (u *UUID) UnmarshalBinary(data []byte) error {
+	if len(data) != Size {
+		return fmt.Errorf("uuid: UUID must be exactly 16 bytes long, got %d bytes", len(data))
+	}
+	copy(u[:], data)
+
+	return nil
+}
diff --git a/vendor/github.com/gofrs/uuid/fuzz.go b/vendor/github.com/gofrs/uuid/fuzz.go
new file mode 100644
index 000000000..ccf8d4ca2
--- /dev/null
+++ b/vendor/github.com/gofrs/uuid/fuzz.go
@@ -0,0 +1,48 @@
+// Copyright (c) 2018 Andrei Tudor Călin <mail@acln.ro>
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+//
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+//go:build gofuzz
+// +build gofuzz
+
+package uuid
+
+// Fuzz implements a simple fuzz test for FromString / UnmarshalText.
+//
+// To run:
+//
+//	$ go get github.com/dvyukov/go-fuzz/...
+//	$ cd $GOPATH/src/github.com/gofrs/uuid
+//	$ go-fuzz-build github.com/gofrs/uuid
+//	$ go-fuzz -bin=uuid-fuzz.zip -workdir=./testdata
+//
+// If you make significant changes to FromString / UnmarshalText and add
+// new cases to fromStringTests (in codec_test.go), please run
+//
+//	$ go test -seed_fuzz_corpus
+//
+// to seed the corpus with the new interesting inputs, then run the fuzzer.
+func Fuzz(data []byte) int {
+	_, err := FromString(string(data))
+	if err != nil {
+		return 0
+	}
+	return 1
+}
diff --git a/vendor/github.com/gofrs/uuid/generator.go b/vendor/github.com/gofrs/uuid/generator.go
new file mode 100644
index 000000000..44be9e158
--- /dev/null
+++ b/vendor/github.com/gofrs/uuid/generator.go
@@ -0,0 +1,456 @@
+// Copyright (C) 2013-2018 by Maxim Bublis <b@codemonkey.ru>
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+//
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+package uuid
+
+import (
+	"crypto/md5"
+	"crypto/rand"
+	"crypto/sha1"
+	"encoding/binary"
+	"fmt"
+	"hash"
+	"io"
+	"net"
+	"sync"
+	"time"
+)
+
+// Difference in 100-nanosecond intervals between
+// UUID epoch (October 15, 1582) and Unix epoch (January 1, 1970).
+const epochStart = 122192928000000000
+
+// EpochFunc is the function type used to provide the current time.
+type EpochFunc func() time.Time
+
+// HWAddrFunc is the function type used to provide hardware (MAC) addresses.
+type HWAddrFunc func() (net.HardwareAddr, error)
+
+// DefaultGenerator is the default UUID Generator used by this package.
+var DefaultGenerator Generator = NewGen()
+
+// NewV1 returns a UUID based on the current timestamp and MAC address.
+func NewV1() (UUID, error) {
+	return DefaultGenerator.NewV1()
+}
+
+// NewV3 returns a UUID based on the MD5 hash of the namespace UUID and name.
+func NewV3(ns UUID, name string) UUID {
+	return DefaultGenerator.NewV3(ns, name)
+}
+
+// NewV4 returns a randomly generated UUID.
+func NewV4() (UUID, error) {
+	return DefaultGenerator.NewV4()
+}
+
+// NewV5 returns a UUID based on SHA-1 hash of the namespace UUID and name.
+func NewV5(ns UUID, name string) UUID {
+	return DefaultGenerator.NewV5(ns, name)
+}
+
+// NewV6 returns a k-sortable UUID based on a timestamp and 48 bits of
+// pseudorandom data. The timestamp in a V6 UUID is the same as V1, with the bit
+// order being adjusted to allow the UUID to be k-sortable.
+//
+// This is implemented based on revision 03 of the Peabody UUID draft, and may
+// be subject to change pending further revisions. Until the final specification
+// revision is finished, changes required to implement updates to the spec will
+// not be considered a breaking change. They will happen as a minor version
+// releases until the spec is final.
+func NewV6() (UUID, error) {
+	return DefaultGenerator.NewV6()
+}
+
+// NewV7 returns a k-sortable UUID based on the current millisecond precision
+// UNIX epoch and 74 bits of pseudorandom data. It supports single-node batch generation (multiple UUIDs in the same timestamp) with a Monotonic Random counter.
+//
+// This is implemented based on revision 04 of the Peabody UUID draft, and may
+// be subject to change pending further revisions. Until the final specification
+// revision is finished, changes required to implement updates to the spec will
+// not be considered a breaking change. They will happen as a minor version
+// releases until the spec is final.
+func NewV7() (UUID, error) {
+	return DefaultGenerator.NewV7()
+}
+
+// Generator provides an interface for generating UUIDs.
+type Generator interface {
+	NewV1() (UUID, error)
+	NewV3(ns UUID, name string) UUID
+	NewV4() (UUID, error)
+	NewV5(ns UUID, name string) UUID
+	NewV6() (UUID, error)
+	NewV7() (UUID, error)
+}
+
+// Gen is a reference UUID generator based on the specifications laid out in
+// RFC-4122 and DCE 1.1: Authentication and Security Services. This type
+// satisfies the Generator interface as defined in this package.
+//
+// For consumers who are generating V1 UUIDs, but don't want to expose the MAC
+// address of the node generating the UUIDs, the NewGenWithHWAF() function has been
+// provided as a convenience. See the function's documentation for more info.
+//
+// The authors of this package do not feel that the majority of users will need
+// to obfuscate their MAC address, and so we recommend using NewGen() to create
+// a new generator.
+type Gen struct {
+	clockSequenceOnce sync.Once
+	hardwareAddrOnce  sync.Once
+	storageMutex      sync.Mutex
+
+	rand io.Reader
+
+	epochFunc     EpochFunc
+	hwAddrFunc    HWAddrFunc
+	lastTime      uint64
+	clockSequence uint16
+	hardwareAddr  [6]byte
+}
+
+// GenOption is a function type that can be used to configure a Gen generator.
+type GenOption func(*Gen)
+
+// interface check -- build will fail if *Gen doesn't satisfy Generator
+var _ Generator = (*Gen)(nil)
+
+// NewGen returns a new instance of Gen with some default values set. Most
+// people should use this.
+func NewGen() *Gen {
+	return NewGenWithHWAF(defaultHWAddrFunc)
+}
+
+// NewGenWithHWAF builds a new UUID generator with the HWAddrFunc provided. Most
+// consumers should use NewGen() instead.
+//
+// This is used so that consumers can generate their own MAC addresses, for use
+// in the generated UUIDs, if there is some concern about exposing the physical
+// address of the machine generating the UUID.
+//
+// The Gen generator will only invoke the HWAddrFunc once, and cache that MAC
+// address for all the future UUIDs generated by it. If you'd like to switch the
+// MAC address being used, you'll need to create a new generator using this
+// function.
+func NewGenWithHWAF(hwaf HWAddrFunc) *Gen {
+	return NewGenWithOptions(WithHWAddrFunc(hwaf))
+}
+
+// NewGenWithOptions returns a new instance of Gen with the options provided.
+// Most people should use NewGen() or NewGenWithHWAF() instead.
+//
+// To customize the generator, you can pass in one or more GenOption functions.
+// For example:
+//
+//	gen := NewGenWithOptions(
+//	    WithHWAddrFunc(myHWAddrFunc),
+//	    WithEpochFunc(myEpochFunc),
+//	    WithRandomReader(myRandomReader),
+//	)
+//
+// NewGenWithOptions(WithHWAddrFunc(myHWAddrFunc)) is equivalent to calling
+// NewGenWithHWAF(myHWAddrFunc)
+// NewGenWithOptions() is equivalent to calling NewGen()
+func NewGenWithOptions(opts ...GenOption) *Gen {
+	gen := &Gen{
+		epochFunc:  time.Now,
+		hwAddrFunc: defaultHWAddrFunc,
+		rand:       rand.Reader,
+	}
+
+	for _, opt := range opts {
+		opt(gen)
+	}
+
+	return gen
+}
+
+// WithHWAddrFunc is a GenOption that allows you to provide your own HWAddrFunc
+// function.
+// When this option is nil, the defaultHWAddrFunc is used.
+func WithHWAddrFunc(hwaf HWAddrFunc) GenOption {
+	return func(gen *Gen) {
+		if hwaf == nil {
+			hwaf = defaultHWAddrFunc
+		}
+
+		gen.hwAddrFunc = hwaf
+	}
+}
+
+// WithEpochFunc is a GenOption that allows you to provide your own EpochFunc
+// function.
+// When this option is nil, time.Now is used.
+func WithEpochFunc(epochf EpochFunc) GenOption {
+	return func(gen *Gen) {
+		if epochf == nil {
+			epochf = time.Now
+		}
+
+		gen.epochFunc = epochf
+	}
+}
+
+// WithRandomReader is a GenOption that allows you to provide your own random
+// reader.
+// When this option is nil, the default rand.Reader is used.
+func WithRandomReader(reader io.Reader) GenOption {
+	return func(gen *Gen) {
+		if reader == nil {
+			reader = rand.Reader
+		}
+
+		gen.rand = reader
+	}
+}
+
+// NewV1 returns a UUID based on the current timestamp and MAC address.
+func (g *Gen) NewV1() (UUID, error) {
+	u := UUID{}
+
+	timeNow, clockSeq, err := g.getClockSequence(false)
+	if err != nil {
+		return Nil, err
+	}
+	binary.BigEndian.PutUint32(u[0:], uint32(timeNow))
+	binary.BigEndian.PutUint16(u[4:], uint16(timeNow>>32))
+	binary.BigEndian.PutUint16(u[6:], uint16(timeNow>>48))
+	binary.BigEndian.PutUint16(u[8:], clockSeq)
+
+	hardwareAddr, err := g.getHardwareAddr()
+	if err != nil {
+		return Nil, err
+	}
+	copy(u[10:], hardwareAddr)
+
+	u.SetVersion(V1)
+	u.SetVariant(VariantRFC4122)
+
+	return u, nil
+}
+
+// NewV3 returns a UUID based on the MD5 hash of the namespace UUID and name.
+func (g *Gen) NewV3(ns UUID, name string) UUID {
+	u := newFromHash(md5.New(), ns, name)
+	u.SetVersion(V3)
+	u.SetVariant(VariantRFC4122)
+
+	return u
+}
+
+// NewV4 returns a randomly generated UUID.
+func (g *Gen) NewV4() (UUID, error) {
+	u := UUID{}
+	if _, err := io.ReadFull(g.rand, u[:]); err != nil {
+		return Nil, err
+	}
+	u.SetVersion(V4)
+	u.SetVariant(VariantRFC4122)
+
+	return u, nil
+}
+
+// NewV5 returns a UUID based on SHA-1 hash of the namespace UUID and name.
+func (g *Gen) NewV5(ns UUID, name string) UUID {
+	u := newFromHash(sha1.New(), ns, name)
+	u.SetVersion(V5)
+	u.SetVariant(VariantRFC4122)
+
+	return u
+}
+
+// NewV6 returns a k-sortable UUID based on a timestamp and 48 bits of
+// pseudorandom data. The timestamp in a V6 UUID is the same as V1, with the bit
+// order being adjusted to allow the UUID to be k-sortable.
+//
+// This is implemented based on revision 03 of the Peabody UUID draft, and may
+// be subject to change pending further revisions. Until the final specification
+// revision is finished, changes required to implement updates to the spec will
+// not be considered a breaking change. They will happen as a minor version
+// releases until the spec is final.
+func (g *Gen) NewV6() (UUID, error) {
+	var u UUID
+
+	if _, err := io.ReadFull(g.rand, u[10:]); err != nil {
+		return Nil, err
+	}
+
+	timeNow, clockSeq, err := g.getClockSequence(false)
+	if err != nil {
+		return Nil, err
+	}
+
+	binary.BigEndian.PutUint32(u[0:], uint32(timeNow>>28))   // set time_high
+	binary.BigEndian.PutUint16(u[4:], uint16(timeNow>>12))   // set time_mid
+	binary.BigEndian.PutUint16(u[6:], uint16(timeNow&0xfff)) // set time_low (minus four version bits)
+	binary.BigEndian.PutUint16(u[8:], clockSeq&0x3fff)       // set clk_seq_hi_res (minus two variant bits)
+
+	u.SetVersion(V6)
+	u.SetVariant(VariantRFC4122)
+
+	return u, nil
+}
+
+// getClockSequence returns the epoch and clock sequence for V1,V6 and V7 UUIDs.
+//
+//	When useUnixTSMs is false, it uses the Coordinated Universal Time (UTC) as a count of 100-
+//
+// nanosecond intervals since 00:00:00.00, 15 October 1582 (the date of Gregorian reform to the Christian calendar).
+func (g *Gen) getClockSequence(useUnixTSMs bool) (uint64, uint16, error) {
+	var err error
+	g.clockSequenceOnce.Do(func() {
+		buf := make([]byte, 2)
+		if _, err = io.ReadFull(g.rand, buf); err != nil {
+			return
+		}
+		g.clockSequence = binary.BigEndian.Uint16(buf)
+	})
+	if err != nil {
+		return 0, 0, err
+	}
+
+	g.storageMutex.Lock()
+	defer g.storageMutex.Unlock()
+
+	var timeNow uint64
+	if useUnixTSMs {
+		timeNow = uint64(g.epochFunc().UnixMilli())
+	} else {
+		timeNow = g.getEpoch()
+	}
+	// Clock didn't change since last UUID generation.
+	// Should increase clock sequence.
+	if timeNow <= g.lastTime {
+		g.clockSequence++
+	}
+	g.lastTime = timeNow
+
+	return timeNow, g.clockSequence, nil
+}
+
+// NewV7 returns a k-sortable UUID based on the current millisecond precision
+// UNIX epoch and 74 bits of pseudorandom data.
+//
+// This is implemented based on revision 04 of the Peabody UUID draft, and may
+// be subject to change pending further revisions. Until the final specification
+// revision is finished, changes required to implement updates to the spec will
+// not be considered a breaking change. They will happen as a minor version
+// releases until the spec is final.
+func (g *Gen) NewV7() (UUID, error) {
+	var u UUID
+	/* https://www.ietf.org/archive/id/draft-peabody-dispatch-new-uuid-format-04.html#name-uuid-version-7
+		0                   1                   2                   3
+	    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+	   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+	   |                           unix_ts_ms                          |
+	   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+	   |          unix_ts_ms           |  ver  |       rand_a          |
+	   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+	   |var|                        rand_b                             |
+	   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+	   |                            rand_b                             |
+	   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ */
+
+	ms, clockSeq, err := g.getClockSequence(true)
+	if err != nil {
+		return Nil, err
+	}
+	//UUIDv7 features a 48 bit timestamp. First 32bit (4bytes) represents seconds since 1970, followed by 2 bytes for the ms granularity.
+	u[0] = byte(ms >> 40) //1-6 bytes: big-endian unsigned number of Unix epoch timestamp
+	u[1] = byte(ms >> 32)
+	u[2] = byte(ms >> 24)
+	u[3] = byte(ms >> 16)
+	u[4] = byte(ms >> 8)
+	u[5] = byte(ms)
+
+	//support batching by using a monotonic pseudo-random sequence
+	//The 6th byte contains the version and partially rand_a data.
+	//We will lose the most significant bites from the clockSeq (with SetVersion), but it is ok, we need the least significant that contains the counter to ensure the monotonic property
+	binary.BigEndian.PutUint16(u[6:8], clockSeq) // set rand_a with clock seq which is random and monotonic
+
+	//override first 4bits of u[6].
+	u.SetVersion(V7)
+
+	//set rand_b 64bits of pseudo-random bits (first 2 will be overridden)
+	if _, err = io.ReadFull(g.rand, u[8:16]); err != nil {
+		return Nil, err
+	}
+	//override first 2 bits of byte[8] for the variant
+	u.SetVariant(VariantRFC4122)
+
+	return u, nil
+}
+
+// Returns the hardware address.
+func (g *Gen) getHardwareAddr() ([]byte, error) {
+	var err error
+	g.hardwareAddrOnce.Do(func() {
+		var hwAddr net.HardwareAddr
+		if hwAddr, err = g.hwAddrFunc(); err == nil {
+			copy(g.hardwareAddr[:], hwAddr)
+			return
+		}
+
+		// Initialize hardwareAddr randomly in case
+		// of real network interfaces absence.
+		if _, err = io.ReadFull(g.rand, g.hardwareAddr[:]); err != nil {
+			return
+		}
+		// Set multicast bit as recommended by RFC-4122
+		g.hardwareAddr[0] |= 0x01
+	})
+	if err != nil {
+		return []byte{}, err
+	}
+	return g.hardwareAddr[:], nil
+}
+
+// Returns the difference between UUID epoch (October 15, 1582)
+// and current time in 100-nanosecond intervals.
+func (g *Gen) getEpoch() uint64 {
+	return epochStart + uint64(g.epochFunc().UnixNano()/100)
+}
+
+// Returns the UUID based on the hashing of the namespace UUID and name.
+func newFromHash(h hash.Hash, ns UUID, name string) UUID {
+	u := UUID{}
+	h.Write(ns[:])
+	h.Write([]byte(name))
+	copy(u[:], h.Sum(nil))
+
+	return u
+}
+
+var netInterfaces = net.Interfaces
+
+// Returns the hardware address.
+func defaultHWAddrFunc() (net.HardwareAddr, error) {
+	ifaces, err := netInterfaces()
+	if err != nil {
+		return []byte{}, err
+	}
+	for _, iface := range ifaces {
+		if len(iface.HardwareAddr) >= 6 {
+			return iface.HardwareAddr, nil
+		}
+	}
+	return []byte{}, fmt.Errorf("uuid: no HW address found")
+}
diff --git a/vendor/github.com/gofrs/uuid/sql.go b/vendor/github.com/gofrs/uuid/sql.go
new file mode 100644
index 000000000..01d5d8849
--- /dev/null
+++ b/vendor/github.com/gofrs/uuid/sql.go
@@ -0,0 +1,116 @@
+// Copyright (C) 2013-2018 by Maxim Bublis <b@codemonkey.ru>
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+//
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+package uuid
+
+import (
+	"database/sql"
+	"database/sql/driver"
+	"fmt"
+)
+
+var _ driver.Valuer = UUID{}
+var _ sql.Scanner = (*UUID)(nil)
+
+// Value implements the driver.Valuer interface.
+func (u UUID) Value() (driver.Value, error) {
+	return u.String(), nil
+}
+
+// Scan implements the sql.Scanner interface.
+// A 16-byte slice will be handled by UnmarshalBinary, while
+// a longer byte slice or a string will be handled by UnmarshalText.
+func (u *UUID) Scan(src interface{}) error {
+	switch src := src.(type) {
+	case UUID: // support gorm convert from UUID to NullUUID
+		*u = src
+		return nil
+
+	case []byte:
+		if len(src) == Size {
+			return u.UnmarshalBinary(src)
+		}
+		return u.UnmarshalText(src)
+
+	case string:
+		uu, err := FromString(src)
+		*u = uu
+		return err
+	}
+
+	return fmt.Errorf("uuid: cannot convert %T to UUID", src)
+}
+
+// NullUUID can be used with the standard sql package to represent a
+// UUID value that can be NULL in the database.
+type NullUUID struct {
+	UUID  UUID
+	Valid bool
+}
+
+// Value implements the driver.Valuer interface.
+func (u NullUUID) Value() (driver.Value, error) {
+	if !u.Valid {
+		return nil, nil
+	}
+	// Delegate to UUID Value function
+	return u.UUID.Value()
+}
+
+// Scan implements the sql.Scanner interface.
+func (u *NullUUID) Scan(src interface{}) error {
+	if src == nil {
+		u.UUID, u.Valid = Nil, false
+		return nil
+	}
+
+	// Delegate to UUID Scan function
+	u.Valid = true
+	return u.UUID.Scan(src)
+}
+
+var nullJSON = []byte("null")
+
+// MarshalJSON marshals the NullUUID as null or the nested UUID
+func (u NullUUID) MarshalJSON() ([]byte, error) {
+	if !u.Valid {
+		return nullJSON, nil
+	}
+	var buf [38]byte
+	buf[0] = '"'
+	encodeCanonical(buf[1:37], u.UUID)
+	buf[37] = '"'
+	return buf[:], nil
+}
+
+// UnmarshalJSON unmarshals a NullUUID
+func (u *NullUUID) UnmarshalJSON(b []byte) error {
+	if string(b) == "null" {
+		u.UUID, u.Valid = Nil, false
+		return nil
+	}
+	if n := len(b); n >= 2 && b[0] == '"' {
+		b = b[1 : n-1]
+	}
+	err := u.UUID.UnmarshalText(b)
+	u.Valid = (err == nil)
+	return err
+}
diff --git a/vendor/github.com/gofrs/uuid/uuid.go b/vendor/github.com/gofrs/uuid/uuid.go
new file mode 100644
index 000000000..5320fb538
--- /dev/null
+++ b/vendor/github.com/gofrs/uuid/uuid.go
@@ -0,0 +1,285 @@
+// Copyright (C) 2013-2018 by Maxim Bublis <b@codemonkey.ru>
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+//
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+// Package uuid provides implementations of the Universally Unique Identifier
+// (UUID), as specified in RFC-4122 and the Peabody RFC Draft (revision 03).
+//
+// RFC-4122[1] provides the specification for versions 1, 3, 4, and 5. The
+// Peabody UUID RFC Draft[2] provides the specification for the new k-sortable
+// UUIDs, versions 6 and 7.
+//
+// DCE 1.1[3] provides the specification for version 2, but version 2 support
+// was removed from this package in v4 due to some concerns with the
+// specification itself. Reading the spec, it seems that it would result in
+// generating UUIDs that aren't very unique. In having read the spec it seemed
+// that our implementation did not meet the spec. It also seems to be at-odds
+// with RFC 4122, meaning we would need quite a bit of special code to support
+// it. Lastly, there were no Version 2 implementations that we could find to
+// ensure we were understanding the specification correctly.
+//
+// [1] https://tools.ietf.org/html/rfc4122
+// [2] https://datatracker.ietf.org/doc/html/draft-peabody-dispatch-new-uuid-format-03
+// [3] http://pubs.opengroup.org/onlinepubs/9696989899/chap5.htm#tagcjh_08_02_01_01
+package uuid
+
+import (
+	"encoding/binary"
+	"encoding/hex"
+	"fmt"
+	"time"
+)
+
+// Size of a UUID in bytes.
+const Size = 16
+
+// UUID is an array type to represent the value of a UUID, as defined in RFC-4122.
+type UUID [Size]byte
+
+// UUID versions.
+const (
+	_  byte = iota
+	V1      // Version 1 (date-time and MAC address)
+	_       // Version 2 (date-time and MAC address, DCE security version) [removed]
+	V3      // Version 3 (namespace name-based)
+	V4      // Version 4 (random)
+	V5      // Version 5 (namespace name-based)
+	V6      // Version 6 (k-sortable timestamp and random data, field-compatible with v1) [peabody draft]
+	V7      // Version 7 (k-sortable timestamp and random data) [peabody draft]
+	_       // Version 8 (k-sortable timestamp, meant for custom implementations) [peabody draft] [not implemented]
+)
+
+// UUID layout variants.
+const (
+	VariantNCS byte = iota
+	VariantRFC4122
+	VariantMicrosoft
+	VariantFuture
+)
+
+// UUID DCE domains.
+const (
+	DomainPerson = iota
+	DomainGroup
+	DomainOrg
+)
+
+// Timestamp is the count of 100-nanosecond intervals since 00:00:00.00,
+// 15 October 1582 within a V1 UUID. This type has no meaning for other
+// UUID versions since they don't have an embedded timestamp.
+type Timestamp uint64
+
+const _100nsPerSecond = 10000000
+
+// Time returns the UTC time.Time representation of a Timestamp
+func (t Timestamp) Time() (time.Time, error) {
+	secs := uint64(t) / _100nsPerSecond
+	nsecs := 100 * (uint64(t) % _100nsPerSecond)
+
+	return time.Unix(int64(secs)-(epochStart/_100nsPerSecond), int64(nsecs)), nil
+}
+
+// TimestampFromV1 returns the Timestamp embedded within a V1 UUID.
+// Returns an error if the UUID is any version other than 1.
+func TimestampFromV1(u UUID) (Timestamp, error) {
+	if u.Version() != 1 {
+		err := fmt.Errorf("uuid: %s is version %d, not version 1", u, u.Version())
+		return 0, err
+	}
+
+	low := binary.BigEndian.Uint32(u[0:4])
+	mid := binary.BigEndian.Uint16(u[4:6])
+	hi := binary.BigEndian.Uint16(u[6:8]) & 0xfff
+
+	return Timestamp(uint64(low) + (uint64(mid) << 32) + (uint64(hi) << 48)), nil
+}
+
+// TimestampFromV6 returns the Timestamp embedded within a V6 UUID. This
+// function returns an error if the UUID is any version other than 6.
+//
+// This is implemented based on revision 03 of the Peabody UUID draft, and may
+// be subject to change pending further revisions. Until the final specification
+// revision is finished, changes required to implement updates to the spec will
+// not be considered a breaking change. They will happen as a minor version
+// releases until the spec is final.
+func TimestampFromV6(u UUID) (Timestamp, error) {
+	if u.Version() != 6 {
+		return 0, fmt.Errorf("uuid: %s is version %d, not version 6", u, u.Version())
+	}
+
+	hi := binary.BigEndian.Uint32(u[0:4])
+	mid := binary.BigEndian.Uint16(u[4:6])
+	low := binary.BigEndian.Uint16(u[6:8]) & 0xfff
+
+	return Timestamp(uint64(low) + (uint64(mid) << 12) + (uint64(hi) << 28)), nil
+}
+
+// Nil is the nil UUID, as specified in RFC-4122, that has all 128 bits set to
+// zero.
+var Nil = UUID{}
+
+// Predefined namespace UUIDs.
+var (
+	NamespaceDNS  = Must(FromString("6ba7b810-9dad-11d1-80b4-00c04fd430c8"))
+	NamespaceURL  = Must(FromString("6ba7b811-9dad-11d1-80b4-00c04fd430c8"))
+	NamespaceOID  = Must(FromString("6ba7b812-9dad-11d1-80b4-00c04fd430c8"))
+	NamespaceX500 = Must(FromString("6ba7b814-9dad-11d1-80b4-00c04fd430c8"))
+)
+
+// IsNil returns if the UUID is equal to the nil UUID
+func (u UUID) IsNil() bool {
+	return u == Nil
+}
+
+// Version returns the algorithm version used to generate the UUID.
+func (u UUID) Version() byte {
+	return u[6] >> 4
+}
+
+// Variant returns the UUID layout variant.
+func (u UUID) Variant() byte {
+	switch {
+	case (u[8] >> 7) == 0x00:
+		return VariantNCS
+	case (u[8] >> 6) == 0x02:
+		return VariantRFC4122
+	case (u[8] >> 5) == 0x06:
+		return VariantMicrosoft
+	case (u[8] >> 5) == 0x07:
+		fallthrough
+	default:
+		return VariantFuture
+	}
+}
+
+// Bytes returns a byte slice representation of the UUID.
+func (u UUID) Bytes() []byte {
+	return u[:]
+}
+
+// encodeCanonical encodes the canonical RFC-4122 form of UUID u into the
+// first 36 bytes dst.
+func encodeCanonical(dst []byte, u UUID) {
+	const hextable = "0123456789abcdef"
+	dst[8] = '-'
+	dst[13] = '-'
+	dst[18] = '-'
+	dst[23] = '-'
+	for i, x := range [16]byte{
+		0, 2, 4, 6,
+		9, 11,
+		14, 16,
+		19, 21,
+		24, 26, 28, 30, 32, 34,
+	} {
+		c := u[i]
+		dst[x] = hextable[c>>4]
+		dst[x+1] = hextable[c&0x0f]
+	}
+}
+
+// String returns a canonical RFC-4122 string representation of the UUID:
+// xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx.
+func (u UUID) String() string {
+	var buf [36]byte
+	encodeCanonical(buf[:], u)
+	return string(buf[:])
+}
+
+// Format implements fmt.Formatter for UUID values.
+//
+// The behavior is as follows:
+// The 'x' and 'X' verbs output only the hex digits of the UUID, using a-f for 'x' and A-F for 'X'.
+// The 'v', '+v', 's' and 'q' verbs return the canonical RFC-4122 string representation.
+// The 'S' verb returns the RFC-4122 format, but with capital hex digits.
+// The '#v' verb returns the "Go syntax" representation, which is a 16 byte array initializer.
+// All other verbs not handled directly by the fmt package (like '%p') are unsupported and will return
+// "%!verb(uuid.UUID=value)" as recommended by the fmt package.
+func (u UUID) Format(f fmt.State, c rune) {
+	if c == 'v' && f.Flag('#') {
+		fmt.Fprintf(f, "%#v", [Size]byte(u))
+		return
+	}
+	switch c {
+	case 'x', 'X':
+		b := make([]byte, 32)
+		hex.Encode(b, u[:])
+		if c == 'X' {
+			toUpperHex(b)
+		}
+		_, _ = f.Write(b)
+	case 'v', 's', 'S':
+		b, _ := u.MarshalText()
+		if c == 'S' {
+			toUpperHex(b)
+		}
+		_, _ = f.Write(b)
+	case 'q':
+		b := make([]byte, 38)
+		b[0] = '"'
+		encodeCanonical(b[1:], u)
+		b[37] = '"'
+		_, _ = f.Write(b)
+	default:
+		// invalid/unsupported format verb
+		fmt.Fprintf(f, "%%!%c(uuid.UUID=%s)", c, u.String())
+	}
+}
+
+func toUpperHex(b []byte) {
+	for i, c := range b {
+		if 'a' <= c && c <= 'f' {
+			b[i] = c - ('a' - 'A')
+		}
+	}
+}
+
+// SetVersion sets the version bits.
+func (u *UUID) SetVersion(v byte) {
+	u[6] = (u[6] & 0x0f) | (v << 4)
+}
+
+// SetVariant sets the variant bits.
+func (u *UUID) SetVariant(v byte) {
+	switch v {
+	case VariantNCS:
+		u[8] = (u[8]&(0xff>>1) | (0x00 << 7))
+	case VariantRFC4122:
+		u[8] = (u[8]&(0xff>>2) | (0x02 << 6))
+	case VariantMicrosoft:
+		u[8] = (u[8]&(0xff>>3) | (0x06 << 5))
+	case VariantFuture:
+		fallthrough
+	default:
+		u[8] = (u[8]&(0xff>>3) | (0x07 << 5))
+	}
+}
+
+// Must is a helper that wraps a call to a function returning (UUID, error)
+// and panics if the error is non-nil. It is intended for use in variable
+// initializations such as
+//
+//	var packageUUID = uuid.Must(uuid.FromString("123e4567-e89b-12d3-a456-426655440000"))
+func Must(u UUID, err error) UUID {
+	if err != nil {
+		panic(err)
+	}
+	return u
+}
diff --git a/vendor/github.com/googleapis/gax-go/v2/.release-please-manifest.json b/vendor/github.com/googleapis/gax-go/v2/.release-please-manifest.json
new file mode 100644
index 000000000..91d60a809
--- /dev/null
+++ b/vendor/github.com/googleapis/gax-go/v2/.release-please-manifest.json
@@ -0,0 +1,3 @@
+{
+    "v2": "2.11.0"
+}
diff --git a/vendor/github.com/googleapis/gax-go/v2/CHANGES.md b/vendor/github.com/googleapis/gax-go/v2/CHANGES.md
new file mode 100644
index 000000000..e17b196f6
--- /dev/null
+++ b/vendor/github.com/googleapis/gax-go/v2/CHANGES.md
@@ -0,0 +1,99 @@
+# Changelog
+
+## [2.11.0](https://github.com/googleapis/gax-go/compare/v2.10.0...v2.11.0) (2023-06-13)
+
+
+### Features
+
+* **v2:** add GoVersion package variable ([#283](https://github.com/googleapis/gax-go/issues/283)) ([26553cc](https://github.com/googleapis/gax-go/commit/26553ccadb4016b189881f52e6c253b68bb3e3d5))
+
+
+### Bug Fixes
+
+* **v2:** handle space in non-devel go version ([#288](https://github.com/googleapis/gax-go/issues/288)) ([fd7bca0](https://github.com/googleapis/gax-go/commit/fd7bca029a1c5e63def8f0a5fd1ec3f725d92f75))
+
+## [2.10.0](https://github.com/googleapis/gax-go/compare/v2.9.1...v2.10.0) (2023-05-30)
+
+
+### Features
+
+* update dependencies ([#280](https://github.com/googleapis/gax-go/issues/280)) ([4514281](https://github.com/googleapis/gax-go/commit/4514281058590f3637c36bfd49baa65c4d3cfb21))
+
+## [2.9.1](https://github.com/googleapis/gax-go/compare/v2.9.0...v2.9.1) (2023-05-23)
+
+
+### Bug Fixes
+
+* **v2:** drop cloud lro test dep ([#276](https://github.com/googleapis/gax-go/issues/276)) ([c67eeba](https://github.com/googleapis/gax-go/commit/c67eeba0f10a3294b1d93c1b8fbe40211a55ae5f)), refs [#270](https://github.com/googleapis/gax-go/issues/270)
+
+## [2.9.0](https://github.com/googleapis/gax-go/compare/v2.8.0...v2.9.0) (2023-05-22)
+
+
+### Features
+
+* **apierror:** add method to return HTTP status code conditionally ([#274](https://github.com/googleapis/gax-go/issues/274)) ([5874431](https://github.com/googleapis/gax-go/commit/587443169acd10f7f86d1989dc8aaf189e645e98)), refs [#229](https://github.com/googleapis/gax-go/issues/229)
+
+
+### Documentation
+
+* add ref to usage with clients ([#272](https://github.com/googleapis/gax-go/issues/272)) ([ea4d72d](https://github.com/googleapis/gax-go/commit/ea4d72d514beba4de450868b5fb028601a29164e)), refs [#228](https://github.com/googleapis/gax-go/issues/228)
+
+## [2.8.0](https://github.com/googleapis/gax-go/compare/v2.7.1...v2.8.0) (2023-03-15)
+
+
+### Features
+
+* **v2:** add WithTimeout option ([#259](https://github.com/googleapis/gax-go/issues/259)) ([9a8da43](https://github.com/googleapis/gax-go/commit/9a8da43693002448b1e8758023699387481866d1))
+
+## [2.7.1](https://github.com/googleapis/gax-go/compare/v2.7.0...v2.7.1) (2023-03-06)
+
+
+### Bug Fixes
+
+* **v2/apierror:** return Unknown GRPCStatus when err source is HTTP ([#260](https://github.com/googleapis/gax-go/issues/260)) ([043b734](https://github.com/googleapis/gax-go/commit/043b73437a240a91229207fb3ee52a9935a36f23)), refs [#254](https://github.com/googleapis/gax-go/issues/254)
+
+## [2.7.0](https://github.com/googleapis/gax-go/compare/v2.6.0...v2.7.0) (2022-11-02)
+
+
+### Features
+
+* update google.golang.org/api to latest ([#240](https://github.com/googleapis/gax-go/issues/240)) ([f690a02](https://github.com/googleapis/gax-go/commit/f690a02c806a2903bdee943ede3a58e3a331ebd6))
+* **v2/apierror:** add apierror.FromWrappingError ([#238](https://github.com/googleapis/gax-go/issues/238)) ([9dbd96d](https://github.com/googleapis/gax-go/commit/9dbd96d59b9d54ceb7c025513aa8c1a9d727382f))
+
+## [2.6.0](https://github.com/googleapis/gax-go/compare/v2.5.1...v2.6.0) (2022-10-13)
+
+
+### Features
+
+* **v2:** copy DetermineContentType functionality ([#230](https://github.com/googleapis/gax-go/issues/230)) ([2c52a70](https://github.com/googleapis/gax-go/commit/2c52a70bae965397f740ed27d46aabe89ff249b3))
+
+## [2.5.1](https://github.com/googleapis/gax-go/compare/v2.5.0...v2.5.1) (2022-08-04)
+
+
+### Bug Fixes
+
+* **v2:** resolve bad genproto pseudoversion in go.mod ([#218](https://github.com/googleapis/gax-go/issues/218)) ([1379b27](https://github.com/googleapis/gax-go/commit/1379b27e9846d959f7e1163b9ef298b3c92c8d23))
+
+## [2.5.0](https://github.com/googleapis/gax-go/compare/v2.4.0...v2.5.0) (2022-08-04)
+
+
+### Features
+
+* add ExtractProtoMessage to apierror ([#213](https://github.com/googleapis/gax-go/issues/213)) ([a6ce70c](https://github.com/googleapis/gax-go/commit/a6ce70c725c890533a9de6272d3b5ba2e336d6bb))
+
+## [2.4.0](https://github.com/googleapis/gax-go/compare/v2.3.0...v2.4.0) (2022-05-09)
+
+
+### Features
+
+* **v2:** add OnHTTPCodes CallOption ([#188](https://github.com/googleapis/gax-go/issues/188)) ([ba7c534](https://github.com/googleapis/gax-go/commit/ba7c5348363ab6c33e1cee3c03c0be68a46ca07c))
+
+
+### Bug Fixes
+
+* **v2/apierror:** use errors.As in FromError ([#189](https://github.com/googleapis/gax-go/issues/189)) ([f30f05b](https://github.com/googleapis/gax-go/commit/f30f05be583828f4c09cca4091333ea88ff8d79e))
+
+
+### Miscellaneous Chores
+
+* **v2:** bump release-please processing ([#192](https://github.com/googleapis/gax-go/issues/192)) ([56172f9](https://github.com/googleapis/gax-go/commit/56172f971d1141d7687edaac053ad3470af76719))
diff --git a/vendor/github.com/googleapis/gax-go/v2/LICENSE b/vendor/github.com/googleapis/gax-go/v2/LICENSE
new file mode 100644
index 000000000..6d16b6578
--- /dev/null
+++ b/vendor/github.com/googleapis/gax-go/v2/LICENSE
@@ -0,0 +1,27 @@
+Copyright 2016, Google Inc.
+All rights reserved.
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+   * Redistributions of source code must retain the above copyright
+notice, this list of conditions and the following disclaimer.
+   * Redistributions in binary form must reproduce the above
+copyright notice, this list of conditions and the following disclaimer
+in the documentation and/or other materials provided with the
+distribution.
+   * Neither the name of Google Inc. nor the names of its
+contributors may be used to endorse or promote products derived from
+this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/vendor/github.com/googleapis/gax-go/v2/apierror/apierror.go b/vendor/github.com/googleapis/gax-go/v2/apierror/apierror.go
new file mode 100644
index 000000000..d785a065c
--- /dev/null
+++ b/vendor/github.com/googleapis/gax-go/v2/apierror/apierror.go
@@ -0,0 +1,361 @@
+// Copyright 2021, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+// Package apierror implements a wrapper error for parsing error details from
+// API calls. Both HTTP & gRPC status errors are supported.
+//
+// For examples of how to use [APIError] with client libraries please reference
+// [Inspecting errors](https://pkg.go.dev/cloud.google.com/go#hdr-Inspecting_errors)
+// in the client library documentation.
+package apierror
+
+import (
+	"errors"
+	"fmt"
+	"strings"
+
+	jsonerror "github.com/googleapis/gax-go/v2/apierror/internal/proto"
+	"google.golang.org/api/googleapi"
+	"google.golang.org/genproto/googleapis/rpc/errdetails"
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/status"
+	"google.golang.org/protobuf/encoding/protojson"
+	"google.golang.org/protobuf/proto"
+)
+
+// ErrDetails holds the google/rpc/error_details.proto messages.
+type ErrDetails struct {
+	ErrorInfo           *errdetails.ErrorInfo
+	BadRequest          *errdetails.BadRequest
+	PreconditionFailure *errdetails.PreconditionFailure
+	QuotaFailure        *errdetails.QuotaFailure
+	RetryInfo           *errdetails.RetryInfo
+	ResourceInfo        *errdetails.ResourceInfo
+	RequestInfo         *errdetails.RequestInfo
+	DebugInfo           *errdetails.DebugInfo
+	Help                *errdetails.Help
+	LocalizedMessage    *errdetails.LocalizedMessage
+
+	// Unknown stores unidentifiable error details.
+	Unknown []interface{}
+}
+
+// ErrMessageNotFound is used to signal ExtractProtoMessage found no matching messages.
+var ErrMessageNotFound = errors.New("message not found")
+
+// ExtractProtoMessage provides a mechanism for extracting protobuf messages from the
+// Unknown error details. If ExtractProtoMessage finds an unknown message of the same type,
+// the content of the message is copied to the provided message.
+//
+// ExtractProtoMessage will return ErrMessageNotFound if there are no message matching the
+// protocol buffer type of the provided message.
+func (e ErrDetails) ExtractProtoMessage(v proto.Message) error {
+	if v == nil {
+		return ErrMessageNotFound
+	}
+	for _, elem := range e.Unknown {
+		if elemProto, ok := elem.(proto.Message); ok {
+			if v.ProtoReflect().Type() == elemProto.ProtoReflect().Type() {
+				proto.Merge(v, elemProto)
+				return nil
+			}
+		}
+	}
+	return ErrMessageNotFound
+}
+
+func (e ErrDetails) String() string {
+	var d strings.Builder
+	if e.ErrorInfo != nil {
+		d.WriteString(fmt.Sprintf("error details: name = ErrorInfo reason = %s domain = %s metadata = %s\n",
+			e.ErrorInfo.GetReason(), e.ErrorInfo.GetDomain(), e.ErrorInfo.GetMetadata()))
+	}
+
+	if e.BadRequest != nil {
+		v := e.BadRequest.GetFieldViolations()
+		var f []string
+		var desc []string
+		for _, x := range v {
+			f = append(f, x.GetField())
+			desc = append(desc, x.GetDescription())
+		}
+		d.WriteString(fmt.Sprintf("error details: name = BadRequest field = %s desc = %s\n",
+			strings.Join(f, " "), strings.Join(desc, " ")))
+	}
+
+	if e.PreconditionFailure != nil {
+		v := e.PreconditionFailure.GetViolations()
+		var t []string
+		var s []string
+		var desc []string
+		for _, x := range v {
+			t = append(t, x.GetType())
+			s = append(s, x.GetSubject())
+			desc = append(desc, x.GetDescription())
+		}
+		d.WriteString(fmt.Sprintf("error details: name = PreconditionFailure type = %s subj = %s desc = %s\n", strings.Join(t, " "),
+			strings.Join(s, " "), strings.Join(desc, " ")))
+	}
+
+	if e.QuotaFailure != nil {
+		v := e.QuotaFailure.GetViolations()
+		var s []string
+		var desc []string
+		for _, x := range v {
+			s = append(s, x.GetSubject())
+			desc = append(desc, x.GetDescription())
+		}
+		d.WriteString(fmt.Sprintf("error details: name = QuotaFailure subj = %s desc = %s\n",
+			strings.Join(s, " "), strings.Join(desc, " ")))
+	}
+
+	if e.RequestInfo != nil {
+		d.WriteString(fmt.Sprintf("error details: name = RequestInfo id = %s data = %s\n",
+			e.RequestInfo.GetRequestId(), e.RequestInfo.GetServingData()))
+	}
+
+	if e.ResourceInfo != nil {
+		d.WriteString(fmt.Sprintf("error details: name = ResourceInfo type = %s resourcename = %s owner = %s desc = %s\n",
+			e.ResourceInfo.GetResourceType(), e.ResourceInfo.GetResourceName(),
+			e.ResourceInfo.GetOwner(), e.ResourceInfo.GetDescription()))
+
+	}
+	if e.RetryInfo != nil {
+		d.WriteString(fmt.Sprintf("error details: retry in %s\n", e.RetryInfo.GetRetryDelay().AsDuration()))
+
+	}
+	if e.Unknown != nil {
+		var s []string
+		for _, x := range e.Unknown {
+			s = append(s, fmt.Sprintf("%v", x))
+		}
+		d.WriteString(fmt.Sprintf("error details: name = Unknown  desc = %s\n", strings.Join(s, " ")))
+	}
+
+	if e.DebugInfo != nil {
+		d.WriteString(fmt.Sprintf("error details: name = DebugInfo detail = %s stack = %s\n", e.DebugInfo.GetDetail(),
+			strings.Join(e.DebugInfo.GetStackEntries(), " ")))
+	}
+	if e.Help != nil {
+		var desc []string
+		var url []string
+		for _, x := range e.Help.Links {
+			desc = append(desc, x.GetDescription())
+			url = append(url, x.GetUrl())
+		}
+		d.WriteString(fmt.Sprintf("error details: name = Help desc = %s url = %s\n",
+			strings.Join(desc, " "), strings.Join(url, " ")))
+	}
+	if e.LocalizedMessage != nil {
+		d.WriteString(fmt.Sprintf("error details: name = LocalizedMessage locale = %s msg = %s\n",
+			e.LocalizedMessage.GetLocale(), e.LocalizedMessage.GetMessage()))
+	}
+
+	return d.String()
+}
+
+// APIError wraps either a gRPC Status error or a HTTP googleapi.Error. It
+// implements error and Status interfaces.
+type APIError struct {
+	err     error
+	status  *status.Status
+	httpErr *googleapi.Error
+	details ErrDetails
+}
+
+// Details presents the error details of the APIError.
+func (a *APIError) Details() ErrDetails {
+	return a.details
+}
+
+// Unwrap extracts the original error.
+func (a *APIError) Unwrap() error {
+	return a.err
+}
+
+// Error returns a readable representation of the APIError.
+func (a *APIError) Error() string {
+	var msg string
+	if a.httpErr != nil {
+		// Truncate the googleapi.Error message because it dumps the Details in
+		// an ugly way.
+		msg = fmt.Sprintf("googleapi: Error %d: %s", a.httpErr.Code, a.httpErr.Message)
+	} else if a.status != nil {
+		msg = a.err.Error()
+	}
+	return strings.TrimSpace(fmt.Sprintf("%s\n%s", msg, a.details))
+}
+
+// GRPCStatus extracts the underlying gRPC Status error.
+// This method is necessary to fulfill the interface
+// described in https://pkg.go.dev/google.golang.org/grpc/status#FromError.
+func (a *APIError) GRPCStatus() *status.Status {
+	return a.status
+}
+
+// Reason returns the reason in an ErrorInfo.
+// If ErrorInfo is nil, it returns an empty string.
+func (a *APIError) Reason() string {
+	return a.details.ErrorInfo.GetReason()
+}
+
+// Domain returns the domain in an ErrorInfo.
+// If ErrorInfo is nil, it returns an empty string.
+func (a *APIError) Domain() string {
+	return a.details.ErrorInfo.GetDomain()
+}
+
+// Metadata returns the metadata in an ErrorInfo.
+// If ErrorInfo is nil, it returns nil.
+func (a *APIError) Metadata() map[string]string {
+	return a.details.ErrorInfo.GetMetadata()
+
+}
+
+// setDetailsFromError parses a Status error or a googleapi.Error
+// and sets status and details or httpErr and details, respectively.
+// It returns false if neither Status nor googleapi.Error can be parsed.
+// When err is a googleapi.Error, the status of the returned error will
+// be set to an Unknown error, rather than nil, since a nil code is
+// interpreted as OK in the gRPC status package.
+func (a *APIError) setDetailsFromError(err error) bool {
+	st, isStatus := status.FromError(err)
+	var herr *googleapi.Error
+	isHTTPErr := errors.As(err, &herr)
+
+	switch {
+	case isStatus:
+		a.status = st
+		a.details = parseDetails(st.Details())
+	case isHTTPErr:
+		a.httpErr = herr
+		a.details = parseHTTPDetails(herr)
+		a.status = status.New(codes.Unknown, herr.Message)
+	default:
+		return false
+	}
+	return true
+}
+
+// FromError parses a Status error or a googleapi.Error and builds an
+// APIError, wrapping the provided error in the new APIError. It
+// returns false if neither Status nor googleapi.Error can be parsed.
+func FromError(err error) (*APIError, bool) {
+	return ParseError(err, true)
+}
+
+// ParseError parses a Status error or a googleapi.Error and builds an
+// APIError. If wrap is true, it wraps the error in the new APIError.
+// It returns false if neither Status nor googleapi.Error can be parsed.
+func ParseError(err error, wrap bool) (*APIError, bool) {
+	if err == nil {
+		return nil, false
+	}
+	ae := APIError{}
+	if wrap {
+		ae = APIError{err: err}
+	}
+	if !ae.setDetailsFromError(err) {
+		return nil, false
+	}
+	return &ae, true
+}
+
+// parseDetails accepts a slice of interface{} that should be backed by some
+// sort of proto.Message that can be cast to the google/rpc/error_details.proto
+// types.
+//
+// This is for internal use only.
+func parseDetails(details []interface{}) ErrDetails {
+	var ed ErrDetails
+	for _, d := range details {
+		switch d := d.(type) {
+		case *errdetails.ErrorInfo:
+			ed.ErrorInfo = d
+		case *errdetails.BadRequest:
+			ed.BadRequest = d
+		case *errdetails.PreconditionFailure:
+			ed.PreconditionFailure = d
+		case *errdetails.QuotaFailure:
+			ed.QuotaFailure = d
+		case *errdetails.RetryInfo:
+			ed.RetryInfo = d
+		case *errdetails.ResourceInfo:
+			ed.ResourceInfo = d
+		case *errdetails.RequestInfo:
+			ed.RequestInfo = d
+		case *errdetails.DebugInfo:
+			ed.DebugInfo = d
+		case *errdetails.Help:
+			ed.Help = d
+		case *errdetails.LocalizedMessage:
+			ed.LocalizedMessage = d
+		default:
+			ed.Unknown = append(ed.Unknown, d)
+		}
+	}
+
+	return ed
+}
+
+// parseHTTPDetails will convert the given googleapi.Error into the protobuf
+// representation then parse the Any values that contain the error details.
+//
+// This is for internal use only.
+func parseHTTPDetails(gae *googleapi.Error) ErrDetails {
+	e := &jsonerror.Error{}
+	if err := protojson.Unmarshal([]byte(gae.Body), e); err != nil {
+		// If the error body does not conform to the error schema, ignore it
+		// altogther. See https://cloud.google.com/apis/design/errors#http_mapping.
+		return ErrDetails{}
+	}
+
+	// Coerce the Any messages into proto.Message then parse the details.
+	details := []interface{}{}
+	for _, any := range e.GetError().GetDetails() {
+		m, err := any.UnmarshalNew()
+		if err != nil {
+			// Ignore malformed Any values.
+			continue
+		}
+		details = append(details, m)
+	}
+
+	return parseDetails(details)
+}
+
+// HTTPCode returns the underlying HTTP response status code. This method returns
+// `-1` if the underlying error is a [google.golang.org/grpc/status.Status]. To
+// check gRPC error codes use [google.golang.org/grpc/status.Code].
+func (a *APIError) HTTPCode() int {
+	if a.httpErr == nil {
+		return -1
+	}
+	return a.httpErr.Code
+}
diff --git a/vendor/github.com/googleapis/gax-go/v2/apierror/internal/proto/README.md b/vendor/github.com/googleapis/gax-go/v2/apierror/internal/proto/README.md
new file mode 100644
index 000000000..9ff0caea9
--- /dev/null
+++ b/vendor/github.com/googleapis/gax-go/v2/apierror/internal/proto/README.md
@@ -0,0 +1,30 @@
+# HTTP JSON Error Schema
+
+The `error.proto` represents the HTTP-JSON schema used by Google APIs to convey
+error payloads as described by https://cloud.google.com/apis/design/errors#http_mapping.
+This package is for internal parsing logic only and should not be used in any
+other context.
+
+## Regeneration
+
+To regenerate the protobuf Go code you will need the following:
+
+* A local copy of [googleapis], the absolute path to which should be exported to
+the environment variable `GOOGLEAPIS`
+* The protobuf compiler [protoc]
+* The Go [protobuf plugin]
+* The [goimports] tool
+
+From this directory run the following command:
+```sh
+protoc -I $GOOGLEAPIS -I. --go_out=. --go_opt=module=github.com/googleapis/gax-go/v2/apierror/internal/proto error.proto
+goimports -w .
+```
+
+Note: the `module` plugin option ensures the generated code is placed in this
+directory, and not in several nested directories defined by `go_package` option.
+
+[googleapis]: https://github.com/googleapis/googleapis
+[protoc]: https://github.com/protocolbuffers/protobuf#protocol-compiler-installation
+[protobuf plugin]: https://developers.google.com/protocol-buffers/docs/reference/go-generated
+[goimports]: https://pkg.go.dev/golang.org/x/tools/cmd/goimports
\ No newline at end of file
diff --git a/vendor/github.com/googleapis/gax-go/v2/apierror/internal/proto/custom_error.pb.go b/vendor/github.com/googleapis/gax-go/v2/apierror/internal/proto/custom_error.pb.go
new file mode 100644
index 000000000..e4b03f161
--- /dev/null
+++ b/vendor/github.com/googleapis/gax-go/v2/apierror/internal/proto/custom_error.pb.go
@@ -0,0 +1,256 @@
+// Copyright 2022 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// 	protoc-gen-go v1.28.0
+// 	protoc        v3.17.3
+// source: custom_error.proto
+
+package jsonerror
+
+import (
+	reflect "reflect"
+	sync "sync"
+
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+)
+
+const (
+	// Verify that this generated code is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+	// Verify that runtime/protoimpl is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+// Error code for `CustomError`.
+type CustomError_CustomErrorCode int32
+
+const (
+	// Default error.
+	CustomError_CUSTOM_ERROR_CODE_UNSPECIFIED CustomError_CustomErrorCode = 0
+	// Too many foo.
+	CustomError_TOO_MANY_FOO CustomError_CustomErrorCode = 1
+	// Not enough foo.
+	CustomError_NOT_ENOUGH_FOO CustomError_CustomErrorCode = 2
+	// Catastrophic error.
+	CustomError_UNIVERSE_WAS_DESTROYED CustomError_CustomErrorCode = 3
+)
+
+// Enum value maps for CustomError_CustomErrorCode.
+var (
+	CustomError_CustomErrorCode_name = map[int32]string{
+		0: "CUSTOM_ERROR_CODE_UNSPECIFIED",
+		1: "TOO_MANY_FOO",
+		2: "NOT_ENOUGH_FOO",
+		3: "UNIVERSE_WAS_DESTROYED",
+	}
+	CustomError_CustomErrorCode_value = map[string]int32{
+		"CUSTOM_ERROR_CODE_UNSPECIFIED": 0,
+		"TOO_MANY_FOO":                  1,
+		"NOT_ENOUGH_FOO":                2,
+		"UNIVERSE_WAS_DESTROYED":        3,
+	}
+)
+
+func (x CustomError_CustomErrorCode) Enum() *CustomError_CustomErrorCode {
+	p := new(CustomError_CustomErrorCode)
+	*p = x
+	return p
+}
+
+func (x CustomError_CustomErrorCode) String() string {
+	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
+}
+
+func (CustomError_CustomErrorCode) Descriptor() protoreflect.EnumDescriptor {
+	return file_custom_error_proto_enumTypes[0].Descriptor()
+}
+
+func (CustomError_CustomErrorCode) Type() protoreflect.EnumType {
+	return &file_custom_error_proto_enumTypes[0]
+}
+
+func (x CustomError_CustomErrorCode) Number() protoreflect.EnumNumber {
+	return protoreflect.EnumNumber(x)
+}
+
+// Deprecated: Use CustomError_CustomErrorCode.Descriptor instead.
+func (CustomError_CustomErrorCode) EnumDescriptor() ([]byte, []int) {
+	return file_custom_error_proto_rawDescGZIP(), []int{0, 0}
+}
+
+// CustomError is an example of a custom error message  which may be included
+// in an rpc status. It is not meant to reflect a standard error.
+type CustomError struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// Error code specific to the custom API being invoked.
+	Code CustomError_CustomErrorCode `protobuf:"varint,1,opt,name=code,proto3,enum=error.CustomError_CustomErrorCode" json:"code,omitempty"`
+	// Name of the failed entity.
+	Entity string `protobuf:"bytes,2,opt,name=entity,proto3" json:"entity,omitempty"`
+	// Message that describes the error.
+	ErrorMessage string `protobuf:"bytes,3,opt,name=error_message,json=errorMessage,proto3" json:"error_message,omitempty"`
+}
+
+func (x *CustomError) Reset() {
+	*x = CustomError{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_custom_error_proto_msgTypes[0]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *CustomError) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*CustomError) ProtoMessage() {}
+
+func (x *CustomError) ProtoReflect() protoreflect.Message {
+	mi := &file_custom_error_proto_msgTypes[0]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use CustomError.ProtoReflect.Descriptor instead.
+func (*CustomError) Descriptor() ([]byte, []int) {
+	return file_custom_error_proto_rawDescGZIP(), []int{0}
+}
+
+func (x *CustomError) GetCode() CustomError_CustomErrorCode {
+	if x != nil {
+		return x.Code
+	}
+	return CustomError_CUSTOM_ERROR_CODE_UNSPECIFIED
+}
+
+func (x *CustomError) GetEntity() string {
+	if x != nil {
+		return x.Entity
+	}
+	return ""
+}
+
+func (x *CustomError) GetErrorMessage() string {
+	if x != nil {
+		return x.ErrorMessage
+	}
+	return ""
+}
+
+var File_custom_error_proto protoreflect.FileDescriptor
+
+var file_custom_error_proto_rawDesc = []byte{
+	0x0a, 0x12, 0x63, 0x75, 0x73, 0x74, 0x6f, 0x6d, 0x5f, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x2e, 0x70,
+	0x72, 0x6f, 0x74, 0x6f, 0x12, 0x05, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x22, 0xfa, 0x01, 0x0a, 0x0b,
+	0x43, 0x75, 0x73, 0x74, 0x6f, 0x6d, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x12, 0x36, 0x0a, 0x04, 0x63,
+	0x6f, 0x64, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x22, 0x2e, 0x65, 0x72, 0x72, 0x6f,
+	0x72, 0x2e, 0x43, 0x75, 0x73, 0x74, 0x6f, 0x6d, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x2e, 0x43, 0x75,
+	0x73, 0x74, 0x6f, 0x6d, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x43, 0x6f, 0x64, 0x65, 0x52, 0x04, 0x63,
+	0x6f, 0x64, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x18, 0x02, 0x20,
+	0x01, 0x28, 0x09, 0x52, 0x06, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x12, 0x23, 0x0a, 0x0d, 0x65,
+	0x72, 0x72, 0x6f, 0x72, 0x5f, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x18, 0x03, 0x20, 0x01,
+	0x28, 0x09, 0x52, 0x0c, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65,
+	0x22, 0x76, 0x0a, 0x0f, 0x43, 0x75, 0x73, 0x74, 0x6f, 0x6d, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x43,
+	0x6f, 0x64, 0x65, 0x12, 0x21, 0x0a, 0x1d, 0x43, 0x55, 0x53, 0x54, 0x4f, 0x4d, 0x5f, 0x45, 0x52,
+	0x52, 0x4f, 0x52, 0x5f, 0x43, 0x4f, 0x44, 0x45, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49,
+	0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x10, 0x0a, 0x0c, 0x54, 0x4f, 0x4f, 0x5f, 0x4d, 0x41,
+	0x4e, 0x59, 0x5f, 0x46, 0x4f, 0x4f, 0x10, 0x01, 0x12, 0x12, 0x0a, 0x0e, 0x4e, 0x4f, 0x54, 0x5f,
+	0x45, 0x4e, 0x4f, 0x55, 0x47, 0x48, 0x5f, 0x46, 0x4f, 0x4f, 0x10, 0x02, 0x12, 0x1a, 0x0a, 0x16,
+	0x55, 0x4e, 0x49, 0x56, 0x45, 0x52, 0x53, 0x45, 0x5f, 0x57, 0x41, 0x53, 0x5f, 0x44, 0x45, 0x53,
+	0x54, 0x52, 0x4f, 0x59, 0x45, 0x44, 0x10, 0x03, 0x42, 0x43, 0x5a, 0x41, 0x67, 0x69, 0x74, 0x68,
+	0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x61, 0x70, 0x69,
+	0x73, 0x2f, 0x67, 0x61, 0x78, 0x2d, 0x67, 0x6f, 0x2f, 0x76, 0x32, 0x2f, 0x61, 0x70, 0x69, 0x65,
+	0x72, 0x72, 0x6f, 0x72, 0x2f, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2f, 0x70, 0x72,
+	0x6f, 0x74, 0x6f, 0x3b, 0x6a, 0x73, 0x6f, 0x6e, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x62, 0x06, 0x70,
+	0x72, 0x6f, 0x74, 0x6f, 0x33,
+}
+
+var (
+	file_custom_error_proto_rawDescOnce sync.Once
+	file_custom_error_proto_rawDescData = file_custom_error_proto_rawDesc
+)
+
+func file_custom_error_proto_rawDescGZIP() []byte {
+	file_custom_error_proto_rawDescOnce.Do(func() {
+		file_custom_error_proto_rawDescData = protoimpl.X.CompressGZIP(file_custom_error_proto_rawDescData)
+	})
+	return file_custom_error_proto_rawDescData
+}
+
+var file_custom_error_proto_enumTypes = make([]protoimpl.EnumInfo, 1)
+var file_custom_error_proto_msgTypes = make([]protoimpl.MessageInfo, 1)
+var file_custom_error_proto_goTypes = []interface{}{
+	(CustomError_CustomErrorCode)(0), // 0: error.CustomError.CustomErrorCode
+	(*CustomError)(nil),              // 1: error.CustomError
+}
+var file_custom_error_proto_depIdxs = []int32{
+	0, // 0: error.CustomError.code:type_name -> error.CustomError.CustomErrorCode
+	1, // [1:1] is the sub-list for method output_type
+	1, // [1:1] is the sub-list for method input_type
+	1, // [1:1] is the sub-list for extension type_name
+	1, // [1:1] is the sub-list for extension extendee
+	0, // [0:1] is the sub-list for field type_name
+}
+
+func init() { file_custom_error_proto_init() }
+func file_custom_error_proto_init() {
+	if File_custom_error_proto != nil {
+		return
+	}
+	if !protoimpl.UnsafeEnabled {
+		file_custom_error_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*CustomError); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+	}
+	type x struct{}
+	out := protoimpl.TypeBuilder{
+		File: protoimpl.DescBuilder{
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+			RawDescriptor: file_custom_error_proto_rawDesc,
+			NumEnums:      1,
+			NumMessages:   1,
+			NumExtensions: 0,
+			NumServices:   0,
+		},
+		GoTypes:           file_custom_error_proto_goTypes,
+		DependencyIndexes: file_custom_error_proto_depIdxs,
+		EnumInfos:         file_custom_error_proto_enumTypes,
+		MessageInfos:      file_custom_error_proto_msgTypes,
+	}.Build()
+	File_custom_error_proto = out.File
+	file_custom_error_proto_rawDesc = nil
+	file_custom_error_proto_goTypes = nil
+	file_custom_error_proto_depIdxs = nil
+}
diff --git a/vendor/github.com/googleapis/gax-go/v2/apierror/internal/proto/custom_error.proto b/vendor/github.com/googleapis/gax-go/v2/apierror/internal/proto/custom_error.proto
new file mode 100644
index 000000000..21678ae65
--- /dev/null
+++ b/vendor/github.com/googleapis/gax-go/v2/apierror/internal/proto/custom_error.proto
@@ -0,0 +1,50 @@
+// Copyright 2022 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+syntax = "proto3";
+
+package error;
+
+option go_package = "github.com/googleapis/gax-go/v2/apierror/internal/proto;jsonerror";
+
+
+// CustomError is an example of a custom error message  which may be included
+// in an rpc status. It is not meant to reflect a standard error.
+message CustomError {
+
+  // Error code for `CustomError`.
+  enum CustomErrorCode {
+    // Default error.
+    CUSTOM_ERROR_CODE_UNSPECIFIED = 0;
+
+    // Too many foo.
+    TOO_MANY_FOO = 1;
+
+    // Not enough foo.
+    NOT_ENOUGH_FOO = 2;
+
+    // Catastrophic error.
+    UNIVERSE_WAS_DESTROYED = 3;
+
+  }
+
+  // Error code specific to the custom API being invoked.
+  CustomErrorCode code = 1;
+
+  // Name of the failed entity.
+  string entity = 2;
+
+  // Message that describes the error.
+  string error_message = 3;
+}
diff --git a/vendor/github.com/googleapis/gax-go/v2/apierror/internal/proto/error.pb.go b/vendor/github.com/googleapis/gax-go/v2/apierror/internal/proto/error.pb.go
new file mode 100644
index 000000000..7dd9b8373
--- /dev/null
+++ b/vendor/github.com/googleapis/gax-go/v2/apierror/internal/proto/error.pb.go
@@ -0,0 +1,280 @@
+// Copyright 2021 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// 	protoc-gen-go v1.28.0
+// 	protoc        v3.15.8
+// source: apierror/internal/proto/error.proto
+
+package jsonerror
+
+import (
+	reflect "reflect"
+	sync "sync"
+
+	code "google.golang.org/genproto/googleapis/rpc/code"
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+	anypb "google.golang.org/protobuf/types/known/anypb"
+)
+
+const (
+	// Verify that this generated code is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+	// Verify that runtime/protoimpl is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+// The error format v2 for Google JSON REST APIs.
+// Copied from https://cloud.google.com/apis/design/errors#http_mapping.
+//
+// NOTE: This schema is not used for other wire protocols.
+type Error struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// The actual error payload. The nested message structure is for backward
+	// compatibility with Google API client libraries. It also makes the error
+	// more readable to developers.
+	Error *Error_Status `protobuf:"bytes,1,opt,name=error,proto3" json:"error,omitempty"`
+}
+
+func (x *Error) Reset() {
+	*x = Error{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_apierror_internal_proto_error_proto_msgTypes[0]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *Error) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*Error) ProtoMessage() {}
+
+func (x *Error) ProtoReflect() protoreflect.Message {
+	mi := &file_apierror_internal_proto_error_proto_msgTypes[0]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use Error.ProtoReflect.Descriptor instead.
+func (*Error) Descriptor() ([]byte, []int) {
+	return file_apierror_internal_proto_error_proto_rawDescGZIP(), []int{0}
+}
+
+func (x *Error) GetError() *Error_Status {
+	if x != nil {
+		return x.Error
+	}
+	return nil
+}
+
+// This message has the same semantics as `google.rpc.Status`. It uses HTTP
+// status code instead of gRPC status code. It has an extra field `status`
+// for backward compatibility with Google API Client Libraries.
+type Error_Status struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// The HTTP status code that corresponds to `google.rpc.Status.code`.
+	Code int32 `protobuf:"varint,1,opt,name=code,proto3" json:"code,omitempty"`
+	// This corresponds to `google.rpc.Status.message`.
+	Message string `protobuf:"bytes,2,opt,name=message,proto3" json:"message,omitempty"`
+	// This is the enum version for `google.rpc.Status.code`.
+	Status code.Code `protobuf:"varint,4,opt,name=status,proto3,enum=google.rpc.Code" json:"status,omitempty"`
+	// This corresponds to `google.rpc.Status.details`.
+	Details []*anypb.Any `protobuf:"bytes,5,rep,name=details,proto3" json:"details,omitempty"`
+}
+
+func (x *Error_Status) Reset() {
+	*x = Error_Status{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_apierror_internal_proto_error_proto_msgTypes[1]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *Error_Status) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*Error_Status) ProtoMessage() {}
+
+func (x *Error_Status) ProtoReflect() protoreflect.Message {
+	mi := &file_apierror_internal_proto_error_proto_msgTypes[1]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use Error_Status.ProtoReflect.Descriptor instead.
+func (*Error_Status) Descriptor() ([]byte, []int) {
+	return file_apierror_internal_proto_error_proto_rawDescGZIP(), []int{0, 0}
+}
+
+func (x *Error_Status) GetCode() int32 {
+	if x != nil {
+		return x.Code
+	}
+	return 0
+}
+
+func (x *Error_Status) GetMessage() string {
+	if x != nil {
+		return x.Message
+	}
+	return ""
+}
+
+func (x *Error_Status) GetStatus() code.Code {
+	if x != nil {
+		return x.Status
+	}
+	return code.Code(0)
+}
+
+func (x *Error_Status) GetDetails() []*anypb.Any {
+	if x != nil {
+		return x.Details
+	}
+	return nil
+}
+
+var File_apierror_internal_proto_error_proto protoreflect.FileDescriptor
+
+var file_apierror_internal_proto_error_proto_rawDesc = []byte{
+	0x0a, 0x23, 0x61, 0x70, 0x69, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x2f, 0x69, 0x6e, 0x74, 0x65, 0x72,
+	0x6e, 0x61, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x2e,
+	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x05, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x1a, 0x19, 0x67, 0x6f,
+	0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x61, 0x6e,
+	0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x15, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f,
+	0x72, 0x70, 0x63, 0x2f, 0x63, 0x6f, 0x64, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xc5,
+	0x01, 0x0a, 0x05, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x12, 0x29, 0x0a, 0x05, 0x65, 0x72, 0x72, 0x6f,
+	0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x2e,
+	0x45, 0x72, 0x72, 0x6f, 0x72, 0x2e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x05, 0x65, 0x72,
+	0x72, 0x6f, 0x72, 0x1a, 0x90, 0x01, 0x0a, 0x06, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x12,
+	0x0a, 0x04, 0x63, 0x6f, 0x64, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x04, 0x63, 0x6f,
+	0x64, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x18, 0x02, 0x20,
+	0x01, 0x28, 0x09, 0x52, 0x07, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x12, 0x28, 0x0a, 0x06,
+	0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x10, 0x2e, 0x67,
+	0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x72, 0x70, 0x63, 0x2e, 0x43, 0x6f, 0x64, 0x65, 0x52, 0x06,
+	0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x2e, 0x0a, 0x07, 0x64, 0x65, 0x74, 0x61, 0x69, 0x6c,
+	0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
+	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x41, 0x6e, 0x79, 0x52, 0x07, 0x64,
+	0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x42, 0x43, 0x5a, 0x41, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62,
+	0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x61, 0x70, 0x69, 0x73, 0x2f,
+	0x67, 0x61, 0x78, 0x2d, 0x67, 0x6f, 0x2f, 0x76, 0x32, 0x2f, 0x61, 0x70, 0x69, 0x65, 0x72, 0x72,
+	0x6f, 0x72, 0x2f, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74,
+	0x6f, 0x3b, 0x6a, 0x73, 0x6f, 0x6e, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x62, 0x06, 0x70, 0x72, 0x6f,
+	0x74, 0x6f, 0x33,
+}
+
+var (
+	file_apierror_internal_proto_error_proto_rawDescOnce sync.Once
+	file_apierror_internal_proto_error_proto_rawDescData = file_apierror_internal_proto_error_proto_rawDesc
+)
+
+func file_apierror_internal_proto_error_proto_rawDescGZIP() []byte {
+	file_apierror_internal_proto_error_proto_rawDescOnce.Do(func() {
+		file_apierror_internal_proto_error_proto_rawDescData = protoimpl.X.CompressGZIP(file_apierror_internal_proto_error_proto_rawDescData)
+	})
+	return file_apierror_internal_proto_error_proto_rawDescData
+}
+
+var file_apierror_internal_proto_error_proto_msgTypes = make([]protoimpl.MessageInfo, 2)
+var file_apierror_internal_proto_error_proto_goTypes = []interface{}{
+	(*Error)(nil),        // 0: error.Error
+	(*Error_Status)(nil), // 1: error.Error.Status
+	(code.Code)(0),       // 2: google.rpc.Code
+	(*anypb.Any)(nil),    // 3: google.protobuf.Any
+}
+var file_apierror_internal_proto_error_proto_depIdxs = []int32{
+	1, // 0: error.Error.error:type_name -> error.Error.Status
+	2, // 1: error.Error.Status.status:type_name -> google.rpc.Code
+	3, // 2: error.Error.Status.details:type_name -> google.protobuf.Any
+	3, // [3:3] is the sub-list for method output_type
+	3, // [3:3] is the sub-list for method input_type
+	3, // [3:3] is the sub-list for extension type_name
+	3, // [3:3] is the sub-list for extension extendee
+	0, // [0:3] is the sub-list for field type_name
+}
+
+func init() { file_apierror_internal_proto_error_proto_init() }
+func file_apierror_internal_proto_error_proto_init() {
+	if File_apierror_internal_proto_error_proto != nil {
+		return
+	}
+	if !protoimpl.UnsafeEnabled {
+		file_apierror_internal_proto_error_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*Error); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_apierror_internal_proto_error_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*Error_Status); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+	}
+	type x struct{}
+	out := protoimpl.TypeBuilder{
+		File: protoimpl.DescBuilder{
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+			RawDescriptor: file_apierror_internal_proto_error_proto_rawDesc,
+			NumEnums:      0,
+			NumMessages:   2,
+			NumExtensions: 0,
+			NumServices:   0,
+		},
+		GoTypes:           file_apierror_internal_proto_error_proto_goTypes,
+		DependencyIndexes: file_apierror_internal_proto_error_proto_depIdxs,
+		MessageInfos:      file_apierror_internal_proto_error_proto_msgTypes,
+	}.Build()
+	File_apierror_internal_proto_error_proto = out.File
+	file_apierror_internal_proto_error_proto_rawDesc = nil
+	file_apierror_internal_proto_error_proto_goTypes = nil
+	file_apierror_internal_proto_error_proto_depIdxs = nil
+}
diff --git a/vendor/github.com/googleapis/gax-go/v2/apierror/internal/proto/error.proto b/vendor/github.com/googleapis/gax-go/v2/apierror/internal/proto/error.proto
new file mode 100644
index 000000000..4b9b13ce1
--- /dev/null
+++ b/vendor/github.com/googleapis/gax-go/v2/apierror/internal/proto/error.proto
@@ -0,0 +1,46 @@
+// Copyright 2021 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+syntax = "proto3";
+
+package error;
+
+import "google/protobuf/any.proto";
+import "google/rpc/code.proto";
+
+option go_package = "github.com/googleapis/gax-go/v2/apierror/internal/proto;jsonerror";
+
+// The error format v2 for Google JSON REST APIs.
+// Copied from https://cloud.google.com/apis/design/errors#http_mapping.
+//
+// NOTE: This schema is not used for other wire protocols.
+message Error {
+  // This message has the same semantics as `google.rpc.Status`. It uses HTTP
+  // status code instead of gRPC status code. It has an extra field `status`
+  // for backward compatibility with Google API Client Libraries.
+  message Status {
+    // The HTTP status code that corresponds to `google.rpc.Status.code`.
+    int32 code = 1;
+    // This corresponds to `google.rpc.Status.message`.
+    string message = 2;
+    // This is the enum version for `google.rpc.Status.code`.
+    google.rpc.Code status = 4;
+    // This corresponds to `google.rpc.Status.details`.
+    repeated google.protobuf.Any details = 5;
+  }
+  // The actual error payload. The nested message structure is for backward
+  // compatibility with Google API client libraries. It also makes the error
+  // more readable to developers.
+  Status error = 1;
+}
diff --git a/vendor/github.com/googleapis/gax-go/v2/call_option.go b/vendor/github.com/googleapis/gax-go/v2/call_option.go
new file mode 100644
index 000000000..c52e03f64
--- /dev/null
+++ b/vendor/github.com/googleapis/gax-go/v2/call_option.go
@@ -0,0 +1,265 @@
+// Copyright 2016, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+package gax
+
+import (
+	"errors"
+	"math/rand"
+	"time"
+
+	"google.golang.org/api/googleapi"
+	"google.golang.org/grpc"
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/status"
+)
+
+// CallOption is an option used by Invoke to control behaviors of RPC calls.
+// CallOption works by modifying relevant fields of CallSettings.
+type CallOption interface {
+	// Resolve applies the option by modifying cs.
+	Resolve(cs *CallSettings)
+}
+
+// Retryer is used by Invoke to determine retry behavior.
+type Retryer interface {
+	// Retry reports whether a request should be retried and how long to pause before retrying
+	// if the previous attempt returned with err. Invoke never calls Retry with nil error.
+	Retry(err error) (pause time.Duration, shouldRetry bool)
+}
+
+type retryerOption func() Retryer
+
+func (o retryerOption) Resolve(s *CallSettings) {
+	s.Retry = o
+}
+
+// WithRetry sets CallSettings.Retry to fn.
+func WithRetry(fn func() Retryer) CallOption {
+	return retryerOption(fn)
+}
+
+// OnErrorFunc returns a Retryer that retries if and only if the previous attempt
+// returns an error that satisfies shouldRetry.
+//
+// Pause times between retries are specified by bo. bo is only used for its
+// parameters; each Retryer has its own copy.
+func OnErrorFunc(bo Backoff, shouldRetry func(err error) bool) Retryer {
+	return &errorRetryer{
+		shouldRetry: shouldRetry,
+		backoff:     bo,
+	}
+}
+
+type errorRetryer struct {
+	backoff     Backoff
+	shouldRetry func(err error) bool
+}
+
+func (r *errorRetryer) Retry(err error) (time.Duration, bool) {
+	if r.shouldRetry(err) {
+		return r.backoff.Pause(), true
+	}
+
+	return 0, false
+}
+
+// OnCodes returns a Retryer that retries if and only if
+// the previous attempt returns a GRPC error whose error code is stored in cc.
+// Pause times between retries are specified by bo.
+//
+// bo is only used for its parameters; each Retryer has its own copy.
+func OnCodes(cc []codes.Code, bo Backoff) Retryer {
+	return &boRetryer{
+		backoff: bo,
+		codes:   append([]codes.Code(nil), cc...),
+	}
+}
+
+type boRetryer struct {
+	backoff Backoff
+	codes   []codes.Code
+}
+
+func (r *boRetryer) Retry(err error) (time.Duration, bool) {
+	st, ok := status.FromError(err)
+	if !ok {
+		return 0, false
+	}
+	c := st.Code()
+	for _, rc := range r.codes {
+		if c == rc {
+			return r.backoff.Pause(), true
+		}
+	}
+	return 0, false
+}
+
+// OnHTTPCodes returns a Retryer that retries if and only if
+// the previous attempt returns a googleapi.Error whose status code is stored in
+// cc. Pause times between retries are specified by bo.
+//
+// bo is only used for its parameters; each Retryer has its own copy.
+func OnHTTPCodes(bo Backoff, cc ...int) Retryer {
+	codes := make(map[int]bool, len(cc))
+	for _, c := range cc {
+		codes[c] = true
+	}
+
+	return &httpRetryer{
+		backoff: bo,
+		codes:   codes,
+	}
+}
+
+type httpRetryer struct {
+	backoff Backoff
+	codes   map[int]bool
+}
+
+func (r *httpRetryer) Retry(err error) (time.Duration, bool) {
+	var gerr *googleapi.Error
+	if !errors.As(err, &gerr) {
+		return 0, false
+	}
+
+	if r.codes[gerr.Code] {
+		return r.backoff.Pause(), true
+	}
+
+	return 0, false
+}
+
+// Backoff implements exponential backoff. The wait time between retries is a
+// random value between 0 and the "retry period" - the time between retries. The
+// retry period starts at Initial and increases by the factor of Multiplier
+// every retry, but is capped at Max.
+//
+// Note: MaxNumRetries / RPCDeadline is specifically not provided. These should
+// be built on top of Backoff.
+type Backoff struct {
+	// Initial is the initial value of the retry period, defaults to 1 second.
+	Initial time.Duration
+
+	// Max is the maximum value of the retry period, defaults to 30 seconds.
+	Max time.Duration
+
+	// Multiplier is the factor by which the retry period increases.
+	// It should be greater than 1 and defaults to 2.
+	Multiplier float64
+
+	// cur is the current retry period.
+	cur time.Duration
+}
+
+// Pause returns the next time.Duration that the caller should use to backoff.
+func (bo *Backoff) Pause() time.Duration {
+	if bo.Initial == 0 {
+		bo.Initial = time.Second
+	}
+	if bo.cur == 0 {
+		bo.cur = bo.Initial
+	}
+	if bo.Max == 0 {
+		bo.Max = 30 * time.Second
+	}
+	if bo.Multiplier < 1 {
+		bo.Multiplier = 2
+	}
+	// Select a duration between 1ns and the current max. It might seem
+	// counterintuitive to have so much jitter, but
+	// https://www.awsarchitectureblog.com/2015/03/backoff.html argues that
+	// that is the best strategy.
+	d := time.Duration(1 + rand.Int63n(int64(bo.cur)))
+	bo.cur = time.Duration(float64(bo.cur) * bo.Multiplier)
+	if bo.cur > bo.Max {
+		bo.cur = bo.Max
+	}
+	return d
+}
+
+type grpcOpt []grpc.CallOption
+
+func (o grpcOpt) Resolve(s *CallSettings) {
+	s.GRPC = o
+}
+
+type pathOpt struct {
+	p string
+}
+
+func (p pathOpt) Resolve(s *CallSettings) {
+	s.Path = p.p
+}
+
+type timeoutOpt struct {
+	t time.Duration
+}
+
+func (t timeoutOpt) Resolve(s *CallSettings) {
+	s.timeout = t.t
+}
+
+// WithPath applies a Path override to the HTTP-based APICall.
+//
+// This is for internal use only.
+func WithPath(p string) CallOption {
+	return &pathOpt{p: p}
+}
+
+// WithGRPCOptions allows passing gRPC call options during client creation.
+func WithGRPCOptions(opt ...grpc.CallOption) CallOption {
+	return grpcOpt(append([]grpc.CallOption(nil), opt...))
+}
+
+// WithTimeout is a convenience option for setting a context.WithTimeout on the
+// singular context.Context used for **all** APICall attempts. Calculated from
+// the start of the first APICall attempt.
+// If the context.Context provided to Invoke already has a Deadline set, that
+// will always be respected over the deadline calculated using this option.
+func WithTimeout(t time.Duration) CallOption {
+	return &timeoutOpt{t: t}
+}
+
+// CallSettings allow fine-grained control over how calls are made.
+type CallSettings struct {
+	// Retry returns a Retryer to be used to control retry logic of a method call.
+	// If Retry is nil or the returned Retryer is nil, the call will not be retried.
+	Retry func() Retryer
+
+	// CallOptions to be forwarded to GRPC.
+	GRPC []grpc.CallOption
+
+	// Path is an HTTP override for an APICall.
+	Path string
+
+	// Timeout defines the amount of time that Invoke has to complete.
+	// Unexported so it cannot be changed by the code in an APICall.
+	timeout time.Duration
+}
diff --git a/vendor/github.com/googleapis/gax-go/v2/content_type.go b/vendor/github.com/googleapis/gax-go/v2/content_type.go
new file mode 100644
index 000000000..1b53d0a3a
--- /dev/null
+++ b/vendor/github.com/googleapis/gax-go/v2/content_type.go
@@ -0,0 +1,112 @@
+// Copyright 2022, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+package gax
+
+import (
+	"io"
+	"io/ioutil"
+	"net/http"
+)
+
+const sniffBuffSize = 512
+
+func newContentSniffer(r io.Reader) *contentSniffer {
+	return &contentSniffer{r: r}
+}
+
+// contentSniffer wraps a Reader, and reports the content type determined by sniffing up to 512 bytes from the Reader.
+type contentSniffer struct {
+	r     io.Reader
+	start []byte // buffer for the sniffed bytes.
+	err   error  // set to any error encountered while reading bytes to be sniffed.
+
+	ctype   string // set on first sniff.
+	sniffed bool   // set to true on first sniff.
+}
+
+func (cs *contentSniffer) Read(p []byte) (n int, err error) {
+	// Ensure that the content type is sniffed before any data is consumed from Reader.
+	_, _ = cs.ContentType()
+
+	if len(cs.start) > 0 {
+		n := copy(p, cs.start)
+		cs.start = cs.start[n:]
+		return n, nil
+	}
+
+	// We may have read some bytes into start while sniffing, even if the read ended in an error.
+	// We should first return those bytes, then the error.
+	if cs.err != nil {
+		return 0, cs.err
+	}
+
+	// Now we have handled all bytes that were buffered while sniffing.  Now just delegate to the underlying reader.
+	return cs.r.Read(p)
+}
+
+// ContentType returns the sniffed content type, and whether the content type was successfully sniffed.
+func (cs *contentSniffer) ContentType() (string, bool) {
+	if cs.sniffed {
+		return cs.ctype, cs.ctype != ""
+	}
+	cs.sniffed = true
+	// If ReadAll hits EOF, it returns err==nil.
+	cs.start, cs.err = ioutil.ReadAll(io.LimitReader(cs.r, sniffBuffSize))
+
+	// Don't try to detect the content type based on possibly incomplete data.
+	if cs.err != nil {
+		return "", false
+	}
+
+	cs.ctype = http.DetectContentType(cs.start)
+	return cs.ctype, true
+}
+
+// DetermineContentType determines the content type of the supplied reader.
+// The content of media will be sniffed to determine the content type.
+// After calling DetectContentType the caller must not perform further reads on
+// media, but rather read from the Reader that is returned.
+func DetermineContentType(media io.Reader) (io.Reader, string) {
+	// For backwards compatibility, allow clients to set content
+	// type by providing a ContentTyper for media.
+	// Note: This is an anonymous interface definition copied from googleapi.ContentTyper.
+	if typer, ok := media.(interface {
+		ContentType() string
+	}); ok {
+		return media, typer.ContentType()
+	}
+
+	sniffer := newContentSniffer(media)
+	if ctype, ok := sniffer.ContentType(); ok {
+		return sniffer, ctype
+	}
+	// If content type could not be sniffed, reads from sniffer will eventually fail with an error.
+	return sniffer, ""
+}
diff --git a/vendor/github.com/googleapis/gax-go/v2/gax.go b/vendor/github.com/googleapis/gax-go/v2/gax.go
new file mode 100644
index 000000000..36cdfa33e
--- /dev/null
+++ b/vendor/github.com/googleapis/gax-go/v2/gax.go
@@ -0,0 +1,41 @@
+// Copyright 2016, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+// Package gax contains a set of modules which aid the development of APIs
+// for clients and servers based on gRPC and Google API conventions.
+//
+// Application code will rarely need to use this library directly.
+// However, code generated automatically from API definition files can use it
+// to simplify code generation and to provide more convenient and idiomatic API surfaces.
+package gax
+
+import "github.com/googleapis/gax-go/v2/internal"
+
+// Version specifies the gax-go version being used.
+const Version = internal.Version
diff --git a/vendor/github.com/googleapis/gax-go/v2/header.go b/vendor/github.com/googleapis/gax-go/v2/header.go
new file mode 100644
index 000000000..6488461f4
--- /dev/null
+++ b/vendor/github.com/googleapis/gax-go/v2/header.go
@@ -0,0 +1,119 @@
+// Copyright 2018, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+package gax
+
+import (
+	"bytes"
+	"runtime"
+	"strings"
+	"unicode"
+)
+
+var (
+	// GoVersion is a header-safe representation of the current runtime
+	// environment's Go version. This is for GAX consumers that need to
+	// report the Go runtime version in API calls.
+	GoVersion string
+	// version is a package internal global variable for testing purposes.
+	version = runtime.Version
+)
+
+// versionUnknown is only used when the runtime version cannot be determined.
+const versionUnknown = "UNKNOWN"
+
+func init() {
+	GoVersion = goVersion()
+}
+
+// goVersion returns a Go runtime version derived from the runtime environment
+// that is modified to be suitable for reporting in a header, meaning it has no
+// whitespace. If it is unable to determine the Go runtime version, it returns
+// versionUnknown.
+func goVersion() string {
+	const develPrefix = "devel +"
+
+	s := version()
+	if strings.HasPrefix(s, develPrefix) {
+		s = s[len(develPrefix):]
+		if p := strings.IndexFunc(s, unicode.IsSpace); p >= 0 {
+			s = s[:p]
+		}
+		return s
+	} else if p := strings.IndexFunc(s, unicode.IsSpace); p >= 0 {
+		s = s[:p]
+	}
+
+	notSemverRune := func(r rune) bool {
+		return !strings.ContainsRune("0123456789.", r)
+	}
+
+	if strings.HasPrefix(s, "go1") {
+		s = s[2:]
+		var prerelease string
+		if p := strings.IndexFunc(s, notSemverRune); p >= 0 {
+			s, prerelease = s[:p], s[p:]
+		}
+		if strings.HasSuffix(s, ".") {
+			s += "0"
+		} else if strings.Count(s, ".") < 2 {
+			s += ".0"
+		}
+		if prerelease != "" {
+			// Some release candidates already have a dash in them.
+			if !strings.HasPrefix(prerelease, "-") {
+				prerelease = "-" + prerelease
+			}
+			s += prerelease
+		}
+		return s
+	}
+	return "UNKNOWN"
+}
+
+// XGoogHeader is for use by the Google Cloud Libraries only.
+//
+// XGoogHeader formats key-value pairs.
+// The resulting string is suitable for x-goog-api-client header.
+func XGoogHeader(keyval ...string) string {
+	if len(keyval) == 0 {
+		return ""
+	}
+	if len(keyval)%2 != 0 {
+		panic("gax.Header: odd argument count")
+	}
+	var buf bytes.Buffer
+	for i := 0; i < len(keyval); i += 2 {
+		buf.WriteByte(' ')
+		buf.WriteString(keyval[i])
+		buf.WriteByte('/')
+		buf.WriteString(keyval[i+1])
+	}
+	return buf.String()[1:]
+}
diff --git a/vendor/github.com/googleapis/gax-go/v2/internal/version.go b/vendor/github.com/googleapis/gax-go/v2/internal/version.go
new file mode 100644
index 000000000..374dcdb11
--- /dev/null
+++ b/vendor/github.com/googleapis/gax-go/v2/internal/version.go
@@ -0,0 +1,33 @@
+// Copyright 2022, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+package internal
+
+// Version is the current tagged release of the library.
+const Version = "2.11.0"
diff --git a/vendor/github.com/googleapis/gax-go/v2/invoke.go b/vendor/github.com/googleapis/gax-go/v2/invoke.go
new file mode 100644
index 000000000..721d1af55
--- /dev/null
+++ b/vendor/github.com/googleapis/gax-go/v2/invoke.go
@@ -0,0 +1,114 @@
+// Copyright 2016, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+package gax
+
+import (
+	"context"
+	"strings"
+	"time"
+
+	"github.com/googleapis/gax-go/v2/apierror"
+)
+
+// APICall is a user defined call stub.
+type APICall func(context.Context, CallSettings) error
+
+// Invoke calls the given APICall, performing retries as specified by opts, if
+// any.
+func Invoke(ctx context.Context, call APICall, opts ...CallOption) error {
+	var settings CallSettings
+	for _, opt := range opts {
+		opt.Resolve(&settings)
+	}
+	return invoke(ctx, call, settings, Sleep)
+}
+
+// Sleep is similar to time.Sleep, but it can be interrupted by ctx.Done() closing.
+// If interrupted, Sleep returns ctx.Err().
+func Sleep(ctx context.Context, d time.Duration) error {
+	t := time.NewTimer(d)
+	select {
+	case <-ctx.Done():
+		t.Stop()
+		return ctx.Err()
+	case <-t.C:
+		return nil
+	}
+}
+
+type sleeper func(ctx context.Context, d time.Duration) error
+
+// invoke implements Invoke, taking an additional sleeper argument for testing.
+func invoke(ctx context.Context, call APICall, settings CallSettings, sp sleeper) error {
+	var retryer Retryer
+
+	// Only use the value provided via WithTimeout if the context doesn't
+	// already have a deadline. This is important for backwards compatibility if
+	// the user already set a deadline on the context given to Invoke.
+	if _, ok := ctx.Deadline(); !ok && settings.timeout != 0 {
+		c, cc := context.WithTimeout(ctx, settings.timeout)
+		defer cc()
+		ctx = c
+	}
+
+	for {
+		err := call(ctx, settings)
+		if err == nil {
+			return nil
+		}
+		// Never retry permanent certificate errors. (e.x. if ca-certificates
+		// are not installed). We should only make very few, targeted
+		// exceptions: many (other) status=Unavailable should be retried, such
+		// as if there's a network hiccup, or the internet goes out for a
+		// minute. This is also why here we are doing string parsing instead of
+		// simply making Unavailable a non-retried code elsewhere.
+		if strings.Contains(err.Error(), "x509: certificate signed by unknown authority") {
+			return err
+		}
+		if apierr, ok := apierror.FromError(err); ok {
+			err = apierr
+		}
+		if settings.Retry == nil {
+			return err
+		}
+		if retryer == nil {
+			if r := settings.Retry(); r != nil {
+				retryer = r
+			} else {
+				return err
+			}
+		}
+		if d, ok := retryer.Retry(err); !ok {
+			return err
+		} else if err = sp(ctx, d); err != nil {
+			return err
+		}
+	}
+}
diff --git a/vendor/github.com/googleapis/gax-go/v2/proto_json_stream.go b/vendor/github.com/googleapis/gax-go/v2/proto_json_stream.go
new file mode 100644
index 000000000..cc4486eb9
--- /dev/null
+++ b/vendor/github.com/googleapis/gax-go/v2/proto_json_stream.go
@@ -0,0 +1,126 @@
+// Copyright 2022, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+package gax
+
+import (
+	"encoding/json"
+	"errors"
+	"io"
+
+	"google.golang.org/protobuf/encoding/protojson"
+	"google.golang.org/protobuf/proto"
+	"google.golang.org/protobuf/reflect/protoreflect"
+)
+
+var (
+	arrayOpen     = json.Delim('[')
+	arrayClose    = json.Delim(']')
+	errBadOpening = errors.New("unexpected opening token, expected '['")
+)
+
+// ProtoJSONStream represents a wrapper for consuming a stream of protobuf
+// messages encoded using protobuf-JSON format. More information on this format
+// can be found at https://developers.google.com/protocol-buffers/docs/proto3#json.
+// The stream must appear as a comma-delimited, JSON array of obbjects with
+// opening and closing square braces.
+//
+// This is for internal use only.
+type ProtoJSONStream struct {
+	first, closed bool
+	reader        io.ReadCloser
+	stream        *json.Decoder
+	typ           protoreflect.MessageType
+}
+
+// NewProtoJSONStreamReader accepts a stream of bytes via an io.ReadCloser that are
+// protobuf-JSON encoded protobuf messages of the given type. The ProtoJSONStream
+// must be closed when done.
+//
+// This is for internal use only.
+func NewProtoJSONStreamReader(rc io.ReadCloser, typ protoreflect.MessageType) *ProtoJSONStream {
+	return &ProtoJSONStream{
+		first:  true,
+		reader: rc,
+		stream: json.NewDecoder(rc),
+		typ:    typ,
+	}
+}
+
+// Recv decodes the next protobuf message in the stream or returns io.EOF if
+// the stream is done. It is not safe to call Recv on the same stream from
+// different goroutines, just like it is not safe to do so with a single gRPC
+// stream. Type-cast the protobuf message returned to the type provided at
+// ProtoJSONStream creation.
+// Calls to Recv after calling Close will produce io.EOF.
+func (s *ProtoJSONStream) Recv() (proto.Message, error) {
+	if s.closed {
+		return nil, io.EOF
+	}
+	if s.first {
+		s.first = false
+
+		// Consume the opening '[' so Decode gets one object at a time.
+		if t, err := s.stream.Token(); err != nil {
+			return nil, err
+		} else if t != arrayOpen {
+			return nil, errBadOpening
+		}
+	}
+
+	// Capture the next block of data for the item (a JSON object) in the stream.
+	var raw json.RawMessage
+	if err := s.stream.Decode(&raw); err != nil {
+		e := err
+		// To avoid checking the first token of each stream, just attempt to
+		// Decode the next blob and if that fails, double check if it is just
+		// the closing token ']'. If it is the closing, return io.EOF. If it
+		// isn't, return the original error.
+		if t, _ := s.stream.Token(); t == arrayClose {
+			e = io.EOF
+		}
+		return nil, e
+	}
+
+	// Initialize a new instance of the protobuf message to unmarshal the
+	// raw data into.
+	m := s.typ.New().Interface()
+	err := protojson.Unmarshal(raw, m)
+
+	return m, err
+}
+
+// Close closes the stream so that resources are cleaned up.
+func (s *ProtoJSONStream) Close() error {
+	// Dereference the *json.Decoder so that the memory is gc'd.
+	s.stream = nil
+	s.closed = true
+
+	return s.reader.Close()
+}
diff --git a/vendor/github.com/googleapis/gax-go/v2/release-please-config.json b/vendor/github.com/googleapis/gax-go/v2/release-please-config.json
new file mode 100644
index 000000000..61ee266a1
--- /dev/null
+++ b/vendor/github.com/googleapis/gax-go/v2/release-please-config.json
@@ -0,0 +1,10 @@
+{
+    "release-type": "go-yoshi",
+    "separate-pull-requests": true,
+    "include-component-in-tag": false,
+    "packages": {
+        "v2": {
+            "component": "v2"
+        }
+    }
+}
diff --git a/vendor/github.com/gorilla/handlers/LICENSE b/vendor/github.com/gorilla/handlers/LICENSE
new file mode 100644
index 000000000..66ea3c8ae
--- /dev/null
+++ b/vendor/github.com/gorilla/handlers/LICENSE
@@ -0,0 +1,22 @@
+Copyright (c) 2013 The Gorilla Handlers Authors. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+  Redistributions of source code must retain the above copyright notice, this
+  list of conditions and the following disclaimer.
+
+  Redistributions in binary form must reproduce the above copyright notice,
+  this list of conditions and the following disclaimer in the documentation
+  and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/vendor/github.com/gorilla/handlers/README.md b/vendor/github.com/gorilla/handlers/README.md
new file mode 100644
index 000000000..6eba66bf3
--- /dev/null
+++ b/vendor/github.com/gorilla/handlers/README.md
@@ -0,0 +1,56 @@
+gorilla/handlers
+================
+[![GoDoc](https://godoc.org/github.com/gorilla/handlers?status.svg)](https://godoc.org/github.com/gorilla/handlers)
+[![CircleCI](https://circleci.com/gh/gorilla/handlers.svg?style=svg)](https://circleci.com/gh/gorilla/handlers)
+[![Sourcegraph](https://sourcegraph.com/github.com/gorilla/handlers/-/badge.svg)](https://sourcegraph.com/github.com/gorilla/handlers?badge)
+
+
+Package handlers is a collection of handlers (aka "HTTP middleware") for use
+with Go's `net/http` package (or any framework supporting `http.Handler`), including:
+
+* [**LoggingHandler**](https://godoc.org/github.com/gorilla/handlers#LoggingHandler) for logging HTTP requests in the Apache [Common Log
+  Format](http://httpd.apache.org/docs/2.2/logs.html#common).
+* [**CombinedLoggingHandler**](https://godoc.org/github.com/gorilla/handlers#CombinedLoggingHandler) for logging HTTP requests in the Apache [Combined Log
+  Format](http://httpd.apache.org/docs/2.2/logs.html#combined) commonly used by
+  both Apache and nginx.
+* [**CompressHandler**](https://godoc.org/github.com/gorilla/handlers#CompressHandler) for gzipping responses.
+* [**ContentTypeHandler**](https://godoc.org/github.com/gorilla/handlers#ContentTypeHandler) for validating requests against a list of accepted
+  content types.
+* [**MethodHandler**](https://godoc.org/github.com/gorilla/handlers#MethodHandler) for matching HTTP methods against handlers in a
+  `map[string]http.Handler`
+* [**ProxyHeaders**](https://godoc.org/github.com/gorilla/handlers#ProxyHeaders) for populating `r.RemoteAddr` and `r.URL.Scheme` based on the
+  `X-Forwarded-For`, `X-Real-IP`, `X-Forwarded-Proto` and RFC7239 `Forwarded`
+  headers when running a Go server behind a HTTP reverse proxy.
+* [**CanonicalHost**](https://godoc.org/github.com/gorilla/handlers#CanonicalHost) for re-directing to the preferred host when handling multiple 
+  domains (i.e. multiple CNAME aliases).
+* [**RecoveryHandler**](https://godoc.org/github.com/gorilla/handlers#RecoveryHandler) for recovering from unexpected panics.
+
+Other handlers are documented [on the Gorilla
+website](https://www.gorillatoolkit.org/pkg/handlers).
+
+## Example
+
+A simple example using `handlers.LoggingHandler` and `handlers.CompressHandler`:
+
+```go
+import (
+    "net/http"
+    "github.com/gorilla/handlers"
+)
+
+func main() {
+    r := http.NewServeMux()
+
+    // Only log requests to our admin dashboard to stdout
+    r.Handle("/admin", handlers.LoggingHandler(os.Stdout, http.HandlerFunc(ShowAdminDashboard)))
+    r.HandleFunc("/", ShowIndex)
+
+    // Wrap our server with our gzip handler to gzip compress all responses.
+    http.ListenAndServe(":8000", handlers.CompressHandler(r))
+}
+```
+
+## License
+
+BSD licensed. See the included LICENSE file for details.
+
diff --git a/vendor/github.com/gorilla/handlers/canonical.go b/vendor/github.com/gorilla/handlers/canonical.go
new file mode 100644
index 000000000..8437fefc1
--- /dev/null
+++ b/vendor/github.com/gorilla/handlers/canonical.go
@@ -0,0 +1,74 @@
+package handlers
+
+import (
+	"net/http"
+	"net/url"
+	"strings"
+)
+
+type canonical struct {
+	h      http.Handler
+	domain string
+	code   int
+}
+
+// CanonicalHost is HTTP middleware that re-directs requests to the canonical
+// domain. It accepts a domain and a status code (e.g. 301 or 302) and
+// re-directs clients to this domain. The existing request path is maintained.
+//
+// Note: If the provided domain is considered invalid by url.Parse or otherwise
+// returns an empty scheme or host, clients are not re-directed.
+//
+// Example:
+//
+//  r := mux.NewRouter()
+//  canonical := handlers.CanonicalHost("http://www.gorillatoolkit.org", 302)
+//  r.HandleFunc("/route", YourHandler)
+//
+//  log.Fatal(http.ListenAndServe(":7000", canonical(r)))
+//
+func CanonicalHost(domain string, code int) func(h http.Handler) http.Handler {
+	fn := func(h http.Handler) http.Handler {
+		return canonical{h, domain, code}
+	}
+
+	return fn
+}
+
+func (c canonical) ServeHTTP(w http.ResponseWriter, r *http.Request) {
+	dest, err := url.Parse(c.domain)
+	if err != nil {
+		// Call the next handler if the provided domain fails to parse.
+		c.h.ServeHTTP(w, r)
+		return
+	}
+
+	if dest.Scheme == "" || dest.Host == "" {
+		// Call the next handler if the scheme or host are empty.
+		// Note that url.Parse won't fail on in this case.
+		c.h.ServeHTTP(w, r)
+		return
+	}
+
+	if !strings.EqualFold(cleanHost(r.Host), dest.Host) {
+		// Re-build the destination URL
+		dest := dest.Scheme + "://" + dest.Host + r.URL.Path
+		if r.URL.RawQuery != "" {
+			dest += "?" + r.URL.RawQuery
+		}
+		http.Redirect(w, r, dest, c.code)
+		return
+	}
+
+	c.h.ServeHTTP(w, r)
+}
+
+// cleanHost cleans invalid Host headers by stripping anything after '/' or ' '.
+// This is backported from Go 1.5 (in response to issue #11206) and attempts to
+// mitigate malformed Host headers that do not match the format in RFC7230.
+func cleanHost(in string) string {
+	if i := strings.IndexAny(in, " /"); i != -1 {
+		return in[:i]
+	}
+	return in
+}
diff --git a/vendor/github.com/gorilla/handlers/compress.go b/vendor/github.com/gorilla/handlers/compress.go
new file mode 100644
index 000000000..1e95f1ccb
--- /dev/null
+++ b/vendor/github.com/gorilla/handlers/compress.go
@@ -0,0 +1,143 @@
+// Copyright 2013 The Gorilla Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package handlers
+
+import (
+	"compress/flate"
+	"compress/gzip"
+	"io"
+	"net/http"
+	"strings"
+
+	"github.com/felixge/httpsnoop"
+)
+
+const acceptEncoding string = "Accept-Encoding"
+
+type compressResponseWriter struct {
+	compressor io.Writer
+	w          http.ResponseWriter
+}
+
+func (cw *compressResponseWriter) WriteHeader(c int) {
+	cw.w.Header().Del("Content-Length")
+	cw.w.WriteHeader(c)
+}
+
+func (cw *compressResponseWriter) Write(b []byte) (int, error) {
+	h := cw.w.Header()
+	if h.Get("Content-Type") == "" {
+		h.Set("Content-Type", http.DetectContentType(b))
+	}
+	h.Del("Content-Length")
+
+	return cw.compressor.Write(b)
+}
+
+func (cw *compressResponseWriter) ReadFrom(r io.Reader) (int64, error) {
+	return io.Copy(cw.compressor, r)
+}
+
+type flusher interface {
+	Flush() error
+}
+
+func (w *compressResponseWriter) Flush() {
+	// Flush compressed data if compressor supports it.
+	if f, ok := w.compressor.(flusher); ok {
+		f.Flush()
+	}
+	// Flush HTTP response.
+	if f, ok := w.w.(http.Flusher); ok {
+		f.Flush()
+	}
+}
+
+// CompressHandler gzip compresses HTTP responses for clients that support it
+// via the 'Accept-Encoding' header.
+//
+// Compressing TLS traffic may leak the page contents to an attacker if the
+// page contains user input: http://security.stackexchange.com/a/102015/12208
+func CompressHandler(h http.Handler) http.Handler {
+	return CompressHandlerLevel(h, gzip.DefaultCompression)
+}
+
+// CompressHandlerLevel gzip compresses HTTP responses with specified compression level
+// for clients that support it via the 'Accept-Encoding' header.
+//
+// The compression level should be gzip.DefaultCompression, gzip.NoCompression,
+// or any integer value between gzip.BestSpeed and gzip.BestCompression inclusive.
+// gzip.DefaultCompression is used in case of invalid compression level.
+func CompressHandlerLevel(h http.Handler, level int) http.Handler {
+	if level < gzip.DefaultCompression || level > gzip.BestCompression {
+		level = gzip.DefaultCompression
+	}
+
+	const (
+		gzipEncoding  = "gzip"
+		flateEncoding = "deflate"
+	)
+
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		// detect what encoding to use
+		var encoding string
+		for _, curEnc := range strings.Split(r.Header.Get(acceptEncoding), ",") {
+			curEnc = strings.TrimSpace(curEnc)
+			if curEnc == gzipEncoding || curEnc == flateEncoding {
+				encoding = curEnc
+				break
+			}
+		}
+
+		// always add Accept-Encoding to Vary to prevent intermediate caches corruption
+		w.Header().Add("Vary", acceptEncoding)
+
+		// if we weren't able to identify an encoding we're familiar with, pass on the
+		// request to the handler and return
+		if encoding == "" {
+			h.ServeHTTP(w, r)
+			return
+		}
+
+		if r.Header.Get("Upgrade") != "" {
+			h.ServeHTTP(w, r)
+			return
+		}
+
+		// wrap the ResponseWriter with the writer for the chosen encoding
+		var encWriter io.WriteCloser
+		if encoding == gzipEncoding {
+			encWriter, _ = gzip.NewWriterLevel(w, level)
+		} else if encoding == flateEncoding {
+			encWriter, _ = flate.NewWriter(w, level)
+		}
+		defer encWriter.Close()
+
+		w.Header().Set("Content-Encoding", encoding)
+		r.Header.Del(acceptEncoding)
+
+		cw := &compressResponseWriter{
+			w:          w,
+			compressor: encWriter,
+		}
+
+		w = httpsnoop.Wrap(w, httpsnoop.Hooks{
+			Write: func(httpsnoop.WriteFunc) httpsnoop.WriteFunc {
+				return cw.Write
+			},
+			WriteHeader: func(httpsnoop.WriteHeaderFunc) httpsnoop.WriteHeaderFunc {
+				return cw.WriteHeader
+			},
+			Flush: func(httpsnoop.FlushFunc) httpsnoop.FlushFunc {
+				return cw.Flush
+			},
+			ReadFrom: func(rff httpsnoop.ReadFromFunc) httpsnoop.ReadFromFunc {
+				return cw.ReadFrom
+			},
+		})
+
+		h.ServeHTTP(w, r)
+	})
+}
diff --git a/vendor/github.com/gorilla/handlers/cors.go b/vendor/github.com/gorilla/handlers/cors.go
new file mode 100644
index 000000000..0dcdffb3d
--- /dev/null
+++ b/vendor/github.com/gorilla/handlers/cors.go
@@ -0,0 +1,355 @@
+package handlers
+
+import (
+	"net/http"
+	"strconv"
+	"strings"
+)
+
+// CORSOption represents a functional option for configuring the CORS middleware.
+type CORSOption func(*cors) error
+
+type cors struct {
+	h                      http.Handler
+	allowedHeaders         []string
+	allowedMethods         []string
+	allowedOrigins         []string
+	allowedOriginValidator OriginValidator
+	exposedHeaders         []string
+	maxAge                 int
+	ignoreOptions          bool
+	allowCredentials       bool
+	optionStatusCode       int
+}
+
+// OriginValidator takes an origin string and returns whether or not that origin is allowed.
+type OriginValidator func(string) bool
+
+var (
+	defaultCorsOptionStatusCode = 200
+	defaultCorsMethods          = []string{"GET", "HEAD", "POST"}
+	defaultCorsHeaders          = []string{"Accept", "Accept-Language", "Content-Language", "Origin"}
+	// (WebKit/Safari v9 sends the Origin header by default in AJAX requests)
+)
+
+const (
+	corsOptionMethod           string = "OPTIONS"
+	corsAllowOriginHeader      string = "Access-Control-Allow-Origin"
+	corsExposeHeadersHeader    string = "Access-Control-Expose-Headers"
+	corsMaxAgeHeader           string = "Access-Control-Max-Age"
+	corsAllowMethodsHeader     string = "Access-Control-Allow-Methods"
+	corsAllowHeadersHeader     string = "Access-Control-Allow-Headers"
+	corsAllowCredentialsHeader string = "Access-Control-Allow-Credentials"
+	corsRequestMethodHeader    string = "Access-Control-Request-Method"
+	corsRequestHeadersHeader   string = "Access-Control-Request-Headers"
+	corsOriginHeader           string = "Origin"
+	corsVaryHeader             string = "Vary"
+	corsOriginMatchAll         string = "*"
+)
+
+func (ch *cors) ServeHTTP(w http.ResponseWriter, r *http.Request) {
+	origin := r.Header.Get(corsOriginHeader)
+	if !ch.isOriginAllowed(origin) {
+		if r.Method != corsOptionMethod || ch.ignoreOptions {
+			ch.h.ServeHTTP(w, r)
+		}
+
+		return
+	}
+
+	if r.Method == corsOptionMethod {
+		if ch.ignoreOptions {
+			ch.h.ServeHTTP(w, r)
+			return
+		}
+
+		if _, ok := r.Header[corsRequestMethodHeader]; !ok {
+			w.WriteHeader(http.StatusBadRequest)
+			return
+		}
+
+		method := r.Header.Get(corsRequestMethodHeader)
+		if !ch.isMatch(method, ch.allowedMethods) {
+			w.WriteHeader(http.StatusMethodNotAllowed)
+			return
+		}
+
+		requestHeaders := strings.Split(r.Header.Get(corsRequestHeadersHeader), ",")
+		allowedHeaders := []string{}
+		for _, v := range requestHeaders {
+			canonicalHeader := http.CanonicalHeaderKey(strings.TrimSpace(v))
+			if canonicalHeader == "" || ch.isMatch(canonicalHeader, defaultCorsHeaders) {
+				continue
+			}
+
+			if !ch.isMatch(canonicalHeader, ch.allowedHeaders) {
+				w.WriteHeader(http.StatusForbidden)
+				return
+			}
+
+			allowedHeaders = append(allowedHeaders, canonicalHeader)
+		}
+
+		if len(allowedHeaders) > 0 {
+			w.Header().Set(corsAllowHeadersHeader, strings.Join(allowedHeaders, ","))
+		}
+
+		if ch.maxAge > 0 {
+			w.Header().Set(corsMaxAgeHeader, strconv.Itoa(ch.maxAge))
+		}
+
+		if !ch.isMatch(method, defaultCorsMethods) {
+			w.Header().Set(corsAllowMethodsHeader, method)
+		}
+	} else {
+		if len(ch.exposedHeaders) > 0 {
+			w.Header().Set(corsExposeHeadersHeader, strings.Join(ch.exposedHeaders, ","))
+		}
+	}
+
+	if ch.allowCredentials {
+		w.Header().Set(corsAllowCredentialsHeader, "true")
+	}
+
+	if len(ch.allowedOrigins) > 1 {
+		w.Header().Set(corsVaryHeader, corsOriginHeader)
+	}
+
+	returnOrigin := origin
+	if ch.allowedOriginValidator == nil && len(ch.allowedOrigins) == 0 {
+		returnOrigin = "*"
+	} else {
+		for _, o := range ch.allowedOrigins {
+			// A configuration of * is different than explicitly setting an allowed
+			// origin. Returning arbitrary origin headers in an access control allow
+			// origin header is unsafe and is not required by any use case.
+			if o == corsOriginMatchAll {
+				returnOrigin = "*"
+				break
+			}
+		}
+	}
+	w.Header().Set(corsAllowOriginHeader, returnOrigin)
+
+	if r.Method == corsOptionMethod {
+		w.WriteHeader(ch.optionStatusCode)
+		return
+	}
+	ch.h.ServeHTTP(w, r)
+}
+
+// CORS provides Cross-Origin Resource Sharing middleware.
+// Example:
+//
+//  import (
+//      "net/http"
+//
+//      "github.com/gorilla/handlers"
+//      "github.com/gorilla/mux"
+//  )
+//
+//  func main() {
+//      r := mux.NewRouter()
+//      r.HandleFunc("/users", UserEndpoint)
+//      r.HandleFunc("/projects", ProjectEndpoint)
+//
+//      // Apply the CORS middleware to our top-level router, with the defaults.
+//      http.ListenAndServe(":8000", handlers.CORS()(r))
+//  }
+//
+func CORS(opts ...CORSOption) func(http.Handler) http.Handler {
+	return func(h http.Handler) http.Handler {
+		ch := parseCORSOptions(opts...)
+		ch.h = h
+		return ch
+	}
+}
+
+func parseCORSOptions(opts ...CORSOption) *cors {
+	ch := &cors{
+		allowedMethods:   defaultCorsMethods,
+		allowedHeaders:   defaultCorsHeaders,
+		allowedOrigins:   []string{},
+		optionStatusCode: defaultCorsOptionStatusCode,
+	}
+
+	for _, option := range opts {
+		option(ch)
+	}
+
+	return ch
+}
+
+//
+// Functional options for configuring CORS.
+//
+
+// AllowedHeaders adds the provided headers to the list of allowed headers in a
+// CORS request.
+// This is an append operation so the headers Accept, Accept-Language,
+// and Content-Language are always allowed.
+// Content-Type must be explicitly declared if accepting Content-Types other than
+// application/x-www-form-urlencoded, multipart/form-data, or text/plain.
+func AllowedHeaders(headers []string) CORSOption {
+	return func(ch *cors) error {
+		for _, v := range headers {
+			normalizedHeader := http.CanonicalHeaderKey(strings.TrimSpace(v))
+			if normalizedHeader == "" {
+				continue
+			}
+
+			if !ch.isMatch(normalizedHeader, ch.allowedHeaders) {
+				ch.allowedHeaders = append(ch.allowedHeaders, normalizedHeader)
+			}
+		}
+
+		return nil
+	}
+}
+
+// AllowedMethods can be used to explicitly allow methods in the
+// Access-Control-Allow-Methods header.
+// This is a replacement operation so you must also
+// pass GET, HEAD, and POST if you wish to support those methods.
+func AllowedMethods(methods []string) CORSOption {
+	return func(ch *cors) error {
+		ch.allowedMethods = []string{}
+		for _, v := range methods {
+			normalizedMethod := strings.ToUpper(strings.TrimSpace(v))
+			if normalizedMethod == "" {
+				continue
+			}
+
+			if !ch.isMatch(normalizedMethod, ch.allowedMethods) {
+				ch.allowedMethods = append(ch.allowedMethods, normalizedMethod)
+			}
+		}
+
+		return nil
+	}
+}
+
+// AllowedOrigins sets the allowed origins for CORS requests, as used in the
+// 'Allow-Access-Control-Origin' HTTP header.
+// Note: Passing in a []string{"*"} will allow any domain.
+func AllowedOrigins(origins []string) CORSOption {
+	return func(ch *cors) error {
+		for _, v := range origins {
+			if v == corsOriginMatchAll {
+				ch.allowedOrigins = []string{corsOriginMatchAll}
+				return nil
+			}
+		}
+
+		ch.allowedOrigins = origins
+		return nil
+	}
+}
+
+// AllowedOriginValidator sets a function for evaluating allowed origins in CORS requests, represented by the
+// 'Allow-Access-Control-Origin' HTTP header.
+func AllowedOriginValidator(fn OriginValidator) CORSOption {
+	return func(ch *cors) error {
+		ch.allowedOriginValidator = fn
+		return nil
+	}
+}
+
+// OptionStatusCode sets a custom status code on the OPTIONS requests.
+// Default behaviour sets it to 200 to reflect best practices. This is option is not mandatory
+// and can be used if you need a custom status code (i.e 204).
+//
+// More informations on the spec:
+// https://fetch.spec.whatwg.org/#cors-preflight-fetch
+func OptionStatusCode(code int) CORSOption {
+	return func(ch *cors) error {
+		ch.optionStatusCode = code
+		return nil
+	}
+}
+
+// ExposedHeaders can be used to specify headers that are available
+// and will not be stripped out by the user-agent.
+func ExposedHeaders(headers []string) CORSOption {
+	return func(ch *cors) error {
+		ch.exposedHeaders = []string{}
+		for _, v := range headers {
+			normalizedHeader := http.CanonicalHeaderKey(strings.TrimSpace(v))
+			if normalizedHeader == "" {
+				continue
+			}
+
+			if !ch.isMatch(normalizedHeader, ch.exposedHeaders) {
+				ch.exposedHeaders = append(ch.exposedHeaders, normalizedHeader)
+			}
+		}
+
+		return nil
+	}
+}
+
+// MaxAge determines the maximum age (in seconds) between preflight requests. A
+// maximum of 10 minutes is allowed. An age above this value will default to 10
+// minutes.
+func MaxAge(age int) CORSOption {
+	return func(ch *cors) error {
+		// Maximum of 10 minutes.
+		if age > 600 {
+			age = 600
+		}
+
+		ch.maxAge = age
+		return nil
+	}
+}
+
+// IgnoreOptions causes the CORS middleware to ignore OPTIONS requests, instead
+// passing them through to the next handler. This is useful when your application
+// or framework has a pre-existing mechanism for responding to OPTIONS requests.
+func IgnoreOptions() CORSOption {
+	return func(ch *cors) error {
+		ch.ignoreOptions = true
+		return nil
+	}
+}
+
+// AllowCredentials can be used to specify that the user agent may pass
+// authentication details along with the request.
+func AllowCredentials() CORSOption {
+	return func(ch *cors) error {
+		ch.allowCredentials = true
+		return nil
+	}
+}
+
+func (ch *cors) isOriginAllowed(origin string) bool {
+	if origin == "" {
+		return false
+	}
+
+	if ch.allowedOriginValidator != nil {
+		return ch.allowedOriginValidator(origin)
+	}
+
+	if len(ch.allowedOrigins) == 0 {
+		return true
+	}
+
+	for _, allowedOrigin := range ch.allowedOrigins {
+		if allowedOrigin == origin || allowedOrigin == corsOriginMatchAll {
+			return true
+		}
+	}
+
+	return false
+}
+
+func (ch *cors) isMatch(needle string, haystack []string) bool {
+	for _, v := range haystack {
+		if v == needle {
+			return true
+		}
+	}
+
+	return false
+}
diff --git a/vendor/github.com/gorilla/handlers/doc.go b/vendor/github.com/gorilla/handlers/doc.go
new file mode 100644
index 000000000..944e5a8ae
--- /dev/null
+++ b/vendor/github.com/gorilla/handlers/doc.go
@@ -0,0 +1,9 @@
+/*
+Package handlers is a collection of handlers (aka "HTTP middleware") for use
+with Go's net/http package (or any framework supporting http.Handler).
+
+The package includes handlers for logging in standardised formats, compressing
+HTTP responses, validating content types and other useful tools for manipulating
+requests and responses.
+*/
+package handlers
diff --git a/vendor/github.com/gorilla/handlers/handlers.go b/vendor/github.com/gorilla/handlers/handlers.go
new file mode 100644
index 000000000..0509482ad
--- /dev/null
+++ b/vendor/github.com/gorilla/handlers/handlers.go
@@ -0,0 +1,147 @@
+// Copyright 2013 The Gorilla Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package handlers
+
+import (
+	"bufio"
+	"fmt"
+	"net"
+	"net/http"
+	"sort"
+	"strings"
+)
+
+// MethodHandler is an http.Handler that dispatches to a handler whose key in the
+// MethodHandler's map matches the name of the HTTP request's method, eg: GET
+//
+// If the request's method is OPTIONS and OPTIONS is not a key in the map then
+// the handler responds with a status of 200 and sets the Allow header to a
+// comma-separated list of available methods.
+//
+// If the request's method doesn't match any of its keys the handler responds
+// with a status of HTTP 405 "Method Not Allowed" and sets the Allow header to a
+// comma-separated list of available methods.
+type MethodHandler map[string]http.Handler
+
+func (h MethodHandler) ServeHTTP(w http.ResponseWriter, req *http.Request) {
+	if handler, ok := h[req.Method]; ok {
+		handler.ServeHTTP(w, req)
+	} else {
+		allow := []string{}
+		for k := range h {
+			allow = append(allow, k)
+		}
+		sort.Strings(allow)
+		w.Header().Set("Allow", strings.Join(allow, ", "))
+		if req.Method == "OPTIONS" {
+			w.WriteHeader(http.StatusOK)
+		} else {
+			http.Error(w, "Method not allowed", http.StatusMethodNotAllowed)
+		}
+	}
+}
+
+// responseLogger is wrapper of http.ResponseWriter that keeps track of its HTTP
+// status code and body size
+type responseLogger struct {
+	w      http.ResponseWriter
+	status int
+	size   int
+}
+
+func (l *responseLogger) Write(b []byte) (int, error) {
+	size, err := l.w.Write(b)
+	l.size += size
+	return size, err
+}
+
+func (l *responseLogger) WriteHeader(s int) {
+	l.w.WriteHeader(s)
+	l.status = s
+}
+
+func (l *responseLogger) Status() int {
+	return l.status
+}
+
+func (l *responseLogger) Size() int {
+	return l.size
+}
+
+func (l *responseLogger) Hijack() (net.Conn, *bufio.ReadWriter, error) {
+	conn, rw, err := l.w.(http.Hijacker).Hijack()
+	if err == nil && l.status == 0 {
+		// The status will be StatusSwitchingProtocols if there was no error and
+		// WriteHeader has not been called yet
+		l.status = http.StatusSwitchingProtocols
+	}
+	return conn, rw, err
+}
+
+// isContentType validates the Content-Type header matches the supplied
+// contentType. That is, its type and subtype match.
+func isContentType(h http.Header, contentType string) bool {
+	ct := h.Get("Content-Type")
+	if i := strings.IndexRune(ct, ';'); i != -1 {
+		ct = ct[0:i]
+	}
+	return ct == contentType
+}
+
+// ContentTypeHandler wraps and returns a http.Handler, validating the request
+// content type is compatible with the contentTypes list. It writes a HTTP 415
+// error if that fails.
+//
+// Only PUT, POST, and PATCH requests are considered.
+func ContentTypeHandler(h http.Handler, contentTypes ...string) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		if !(r.Method == "PUT" || r.Method == "POST" || r.Method == "PATCH") {
+			h.ServeHTTP(w, r)
+			return
+		}
+
+		for _, ct := range contentTypes {
+			if isContentType(r.Header, ct) {
+				h.ServeHTTP(w, r)
+				return
+			}
+		}
+		http.Error(w, fmt.Sprintf("Unsupported content type %q; expected one of %q", r.Header.Get("Content-Type"), contentTypes), http.StatusUnsupportedMediaType)
+	})
+}
+
+const (
+	// HTTPMethodOverrideHeader is a commonly used
+	// http header to override a request method.
+	HTTPMethodOverrideHeader = "X-HTTP-Method-Override"
+	// HTTPMethodOverrideFormKey is a commonly used
+	// HTML form key to override a request method.
+	HTTPMethodOverrideFormKey = "_method"
+)
+
+// HTTPMethodOverrideHandler wraps and returns a http.Handler which checks for
+// the X-HTTP-Method-Override header or the _method form key, and overrides (if
+// valid) request.Method with its value.
+//
+// This is especially useful for HTTP clients that don't support many http verbs.
+// It isn't secure to override e.g a GET to a POST, so only POST requests are
+// considered.  Likewise, the override method can only be a "write" method: PUT,
+// PATCH or DELETE.
+//
+// Form method takes precedence over header method.
+func HTTPMethodOverrideHandler(h http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		if r.Method == "POST" {
+			om := r.FormValue(HTTPMethodOverrideFormKey)
+			if om == "" {
+				om = r.Header.Get(HTTPMethodOverrideHeader)
+			}
+			if om == "PUT" || om == "PATCH" || om == "DELETE" {
+				r.Method = om
+			}
+		}
+		h.ServeHTTP(w, r)
+	})
+}
diff --git a/vendor/github.com/gorilla/handlers/logging.go b/vendor/github.com/gorilla/handlers/logging.go
new file mode 100644
index 000000000..228465eba
--- /dev/null
+++ b/vendor/github.com/gorilla/handlers/logging.go
@@ -0,0 +1,244 @@
+// Copyright 2013 The Gorilla Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package handlers
+
+import (
+	"io"
+	"net"
+	"net/http"
+	"net/url"
+	"strconv"
+	"time"
+	"unicode/utf8"
+
+	"github.com/felixge/httpsnoop"
+)
+
+// Logging
+
+// LogFormatterParams is the structure any formatter will be handed when time to log comes
+type LogFormatterParams struct {
+	Request    *http.Request
+	URL        url.URL
+	TimeStamp  time.Time
+	StatusCode int
+	Size       int
+}
+
+// LogFormatter gives the signature of the formatter function passed to CustomLoggingHandler
+type LogFormatter func(writer io.Writer, params LogFormatterParams)
+
+// loggingHandler is the http.Handler implementation for LoggingHandlerTo and its
+// friends
+
+type loggingHandler struct {
+	writer    io.Writer
+	handler   http.Handler
+	formatter LogFormatter
+}
+
+func (h loggingHandler) ServeHTTP(w http.ResponseWriter, req *http.Request) {
+	t := time.Now()
+	logger, w := makeLogger(w)
+	url := *req.URL
+
+	h.handler.ServeHTTP(w, req)
+	if req.MultipartForm != nil {
+		req.MultipartForm.RemoveAll()
+	}
+
+	params := LogFormatterParams{
+		Request:    req,
+		URL:        url,
+		TimeStamp:  t,
+		StatusCode: logger.Status(),
+		Size:       logger.Size(),
+	}
+
+	h.formatter(h.writer, params)
+}
+
+func makeLogger(w http.ResponseWriter) (*responseLogger, http.ResponseWriter) {
+	logger := &responseLogger{w: w, status: http.StatusOK}
+	return logger, httpsnoop.Wrap(w, httpsnoop.Hooks{
+		Write: func(httpsnoop.WriteFunc) httpsnoop.WriteFunc {
+			return logger.Write
+		},
+		WriteHeader: func(httpsnoop.WriteHeaderFunc) httpsnoop.WriteHeaderFunc {
+			return logger.WriteHeader
+		},
+	})
+}
+
+const lowerhex = "0123456789abcdef"
+
+func appendQuoted(buf []byte, s string) []byte {
+	var runeTmp [utf8.UTFMax]byte
+	for width := 0; len(s) > 0; s = s[width:] {
+		r := rune(s[0])
+		width = 1
+		if r >= utf8.RuneSelf {
+			r, width = utf8.DecodeRuneInString(s)
+		}
+		if width == 1 && r == utf8.RuneError {
+			buf = append(buf, `\x`...)
+			buf = append(buf, lowerhex[s[0]>>4])
+			buf = append(buf, lowerhex[s[0]&0xF])
+			continue
+		}
+		if r == rune('"') || r == '\\' { // always backslashed
+			buf = append(buf, '\\')
+			buf = append(buf, byte(r))
+			continue
+		}
+		if strconv.IsPrint(r) {
+			n := utf8.EncodeRune(runeTmp[:], r)
+			buf = append(buf, runeTmp[:n]...)
+			continue
+		}
+		switch r {
+		case '\a':
+			buf = append(buf, `\a`...)
+		case '\b':
+			buf = append(buf, `\b`...)
+		case '\f':
+			buf = append(buf, `\f`...)
+		case '\n':
+			buf = append(buf, `\n`...)
+		case '\r':
+			buf = append(buf, `\r`...)
+		case '\t':
+			buf = append(buf, `\t`...)
+		case '\v':
+			buf = append(buf, `\v`...)
+		default:
+			switch {
+			case r < ' ':
+				buf = append(buf, `\x`...)
+				buf = append(buf, lowerhex[s[0]>>4])
+				buf = append(buf, lowerhex[s[0]&0xF])
+			case r > utf8.MaxRune:
+				r = 0xFFFD
+				fallthrough
+			case r < 0x10000:
+				buf = append(buf, `\u`...)
+				for s := 12; s >= 0; s -= 4 {
+					buf = append(buf, lowerhex[r>>uint(s)&0xF])
+				}
+			default:
+				buf = append(buf, `\U`...)
+				for s := 28; s >= 0; s -= 4 {
+					buf = append(buf, lowerhex[r>>uint(s)&0xF])
+				}
+			}
+		}
+	}
+	return buf
+}
+
+// buildCommonLogLine builds a log entry for req in Apache Common Log Format.
+// ts is the timestamp with which the entry should be logged.
+// status and size are used to provide the response HTTP status and size.
+func buildCommonLogLine(req *http.Request, url url.URL, ts time.Time, status int, size int) []byte {
+	username := "-"
+	if url.User != nil {
+		if name := url.User.Username(); name != "" {
+			username = name
+		}
+	}
+
+	host, _, err := net.SplitHostPort(req.RemoteAddr)
+	if err != nil {
+		host = req.RemoteAddr
+	}
+
+	uri := req.RequestURI
+
+	// Requests using the CONNECT method over HTTP/2.0 must use
+	// the authority field (aka r.Host) to identify the target.
+	// Refer: https://httpwg.github.io/specs/rfc7540.html#CONNECT
+	if req.ProtoMajor == 2 && req.Method == "CONNECT" {
+		uri = req.Host
+	}
+	if uri == "" {
+		uri = url.RequestURI()
+	}
+
+	buf := make([]byte, 0, 3*(len(host)+len(username)+len(req.Method)+len(uri)+len(req.Proto)+50)/2)
+	buf = append(buf, host...)
+	buf = append(buf, " - "...)
+	buf = append(buf, username...)
+	buf = append(buf, " ["...)
+	buf = append(buf, ts.Format("02/Jan/2006:15:04:05 -0700")...)
+	buf = append(buf, `] "`...)
+	buf = append(buf, req.Method...)
+	buf = append(buf, " "...)
+	buf = appendQuoted(buf, uri)
+	buf = append(buf, " "...)
+	buf = append(buf, req.Proto...)
+	buf = append(buf, `" `...)
+	buf = append(buf, strconv.Itoa(status)...)
+	buf = append(buf, " "...)
+	buf = append(buf, strconv.Itoa(size)...)
+	return buf
+}
+
+// writeLog writes a log entry for req to w in Apache Common Log Format.
+// ts is the timestamp with which the entry should be logged.
+// status and size are used to provide the response HTTP status and size.
+func writeLog(writer io.Writer, params LogFormatterParams) {
+	buf := buildCommonLogLine(params.Request, params.URL, params.TimeStamp, params.StatusCode, params.Size)
+	buf = append(buf, '\n')
+	writer.Write(buf)
+}
+
+// writeCombinedLog writes a log entry for req to w in Apache Combined Log Format.
+// ts is the timestamp with which the entry should be logged.
+// status and size are used to provide the response HTTP status and size.
+func writeCombinedLog(writer io.Writer, params LogFormatterParams) {
+	buf := buildCommonLogLine(params.Request, params.URL, params.TimeStamp, params.StatusCode, params.Size)
+	buf = append(buf, ` "`...)
+	buf = appendQuoted(buf, params.Request.Referer())
+	buf = append(buf, `" "`...)
+	buf = appendQuoted(buf, params.Request.UserAgent())
+	buf = append(buf, '"', '\n')
+	writer.Write(buf)
+}
+
+// CombinedLoggingHandler return a http.Handler that wraps h and logs requests to out in
+// Apache Combined Log Format.
+//
+// See http://httpd.apache.org/docs/2.2/logs.html#combined for a description of this format.
+//
+// LoggingHandler always sets the ident field of the log to -
+func CombinedLoggingHandler(out io.Writer, h http.Handler) http.Handler {
+	return loggingHandler{out, h, writeCombinedLog}
+}
+
+// LoggingHandler return a http.Handler that wraps h and logs requests to out in
+// Apache Common Log Format (CLF).
+//
+// See http://httpd.apache.org/docs/2.2/logs.html#common for a description of this format.
+//
+// LoggingHandler always sets the ident field of the log to -
+//
+// Example:
+//
+//  r := mux.NewRouter()
+//  r.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
+//  	w.Write([]byte("This is a catch-all route"))
+//  })
+//  loggedRouter := handlers.LoggingHandler(os.Stdout, r)
+//  http.ListenAndServe(":1123", loggedRouter)
+//
+func LoggingHandler(out io.Writer, h http.Handler) http.Handler {
+	return loggingHandler{out, h, writeLog}
+}
+
+// CustomLoggingHandler provides a way to supply a custom log formatter
+// while taking advantage of the mechanisms in this package
+func CustomLoggingHandler(out io.Writer, h http.Handler, f LogFormatter) http.Handler {
+	return loggingHandler{out, h, f}
+}
diff --git a/vendor/github.com/gorilla/handlers/proxy_headers.go b/vendor/github.com/gorilla/handlers/proxy_headers.go
new file mode 100644
index 000000000..ed939dcef
--- /dev/null
+++ b/vendor/github.com/gorilla/handlers/proxy_headers.go
@@ -0,0 +1,120 @@
+package handlers
+
+import (
+	"net/http"
+	"regexp"
+	"strings"
+)
+
+var (
+	// De-facto standard header keys.
+	xForwardedFor    = http.CanonicalHeaderKey("X-Forwarded-For")
+	xForwardedHost   = http.CanonicalHeaderKey("X-Forwarded-Host")
+	xForwardedProto  = http.CanonicalHeaderKey("X-Forwarded-Proto")
+	xForwardedScheme = http.CanonicalHeaderKey("X-Forwarded-Scheme")
+	xRealIP          = http.CanonicalHeaderKey("X-Real-IP")
+)
+
+var (
+	// RFC7239 defines a new "Forwarded: " header designed to replace the
+	// existing use of X-Forwarded-* headers.
+	// e.g. Forwarded: for=192.0.2.60;proto=https;by=203.0.113.43
+	forwarded = http.CanonicalHeaderKey("Forwarded")
+	// Allows for a sub-match of the first value after 'for=' to the next
+	// comma, semi-colon or space. The match is case-insensitive.
+	forRegex = regexp.MustCompile(`(?i)(?:for=)([^(;|,| )]+)`)
+	// Allows for a sub-match for the first instance of scheme (http|https)
+	// prefixed by 'proto='. The match is case-insensitive.
+	protoRegex = regexp.MustCompile(`(?i)(?:proto=)(https|http)`)
+)
+
+// ProxyHeaders inspects common reverse proxy headers and sets the corresponding
+// fields in the HTTP request struct. These are X-Forwarded-For and X-Real-IP
+// for the remote (client) IP address, X-Forwarded-Proto or X-Forwarded-Scheme
+// for the scheme (http|https), X-Forwarded-Host for the host and the RFC7239
+// Forwarded header, which may include both client IPs and schemes.
+//
+// NOTE: This middleware should only be used when behind a reverse
+// proxy like nginx, HAProxy or Apache. Reverse proxies that don't (or are
+// configured not to) strip these headers from client requests, or where these
+// headers are accepted "as is" from a remote client (e.g. when Go is not behind
+// a proxy), can manifest as a vulnerability if your application uses these
+// headers for validating the 'trustworthiness' of a request.
+func ProxyHeaders(h http.Handler) http.Handler {
+	fn := func(w http.ResponseWriter, r *http.Request) {
+		// Set the remote IP with the value passed from the proxy.
+		if fwd := getIP(r); fwd != "" {
+			r.RemoteAddr = fwd
+		}
+
+		// Set the scheme (proto) with the value passed from the proxy.
+		if scheme := getScheme(r); scheme != "" {
+			r.URL.Scheme = scheme
+		}
+		// Set the host with the value passed by the proxy
+		if r.Header.Get(xForwardedHost) != "" {
+			r.Host = r.Header.Get(xForwardedHost)
+		}
+		// Call the next handler in the chain.
+		h.ServeHTTP(w, r)
+	}
+
+	return http.HandlerFunc(fn)
+}
+
+// getIP retrieves the IP from the X-Forwarded-For, X-Real-IP and RFC7239
+// Forwarded headers (in that order).
+func getIP(r *http.Request) string {
+	var addr string
+
+	if fwd := r.Header.Get(xForwardedFor); fwd != "" {
+		// Only grab the first (client) address. Note that '192.168.0.1,
+		// 10.1.1.1' is a valid key for X-Forwarded-For where addresses after
+		// the first may represent forwarding proxies earlier in the chain.
+		s := strings.Index(fwd, ", ")
+		if s == -1 {
+			s = len(fwd)
+		}
+		addr = fwd[:s]
+	} else if fwd := r.Header.Get(xRealIP); fwd != "" {
+		// X-Real-IP should only contain one IP address (the client making the
+		// request).
+		addr = fwd
+	} else if fwd := r.Header.Get(forwarded); fwd != "" {
+		// match should contain at least two elements if the protocol was
+		// specified in the Forwarded header. The first element will always be
+		// the 'for=' capture, which we ignore. In the case of multiple IP
+		// addresses (for=8.8.8.8, 8.8.4.4,172.16.1.20 is valid) we only
+		// extract the first, which should be the client IP.
+		if match := forRegex.FindStringSubmatch(fwd); len(match) > 1 {
+			// IPv6 addresses in Forwarded headers are quoted-strings. We strip
+			// these quotes.
+			addr = strings.Trim(match[1], `"`)
+		}
+	}
+
+	return addr
+}
+
+// getScheme retrieves the scheme from the X-Forwarded-Proto and RFC7239
+// Forwarded headers (in that order).
+func getScheme(r *http.Request) string {
+	var scheme string
+
+	// Retrieve the scheme from X-Forwarded-Proto.
+	if proto := r.Header.Get(xForwardedProto); proto != "" {
+		scheme = strings.ToLower(proto)
+	} else if proto = r.Header.Get(xForwardedScheme); proto != "" {
+		scheme = strings.ToLower(proto)
+	} else if proto = r.Header.Get(forwarded); proto != "" {
+		// match should contain at least two elements if the protocol was
+		// specified in the Forwarded header. The first element will always be
+		// the 'proto=' capture, which we ignore. In the case of multiple proto
+		// parameters (invalid) we only extract the first.
+		if match := protoRegex.FindStringSubmatch(proto); len(match) > 1 {
+			scheme = strings.ToLower(match[1])
+		}
+	}
+
+	return scheme
+}
diff --git a/vendor/github.com/gorilla/handlers/recovery.go b/vendor/github.com/gorilla/handlers/recovery.go
new file mode 100644
index 000000000..4c4c1d9c6
--- /dev/null
+++ b/vendor/github.com/gorilla/handlers/recovery.go
@@ -0,0 +1,96 @@
+package handlers
+
+import (
+	"log"
+	"net/http"
+	"runtime/debug"
+)
+
+// RecoveryHandlerLogger is an interface used by the recovering handler to print logs.
+type RecoveryHandlerLogger interface {
+	Println(...interface{})
+}
+
+type recoveryHandler struct {
+	handler    http.Handler
+	logger     RecoveryHandlerLogger
+	printStack bool
+}
+
+// RecoveryOption provides a functional approach to define
+// configuration for a handler; such as setting the logging
+// whether or not to print stack traces on panic.
+type RecoveryOption func(http.Handler)
+
+func parseRecoveryOptions(h http.Handler, opts ...RecoveryOption) http.Handler {
+	for _, option := range opts {
+		option(h)
+	}
+
+	return h
+}
+
+// RecoveryHandler is HTTP middleware that recovers from a panic,
+// logs the panic, writes http.StatusInternalServerError, and
+// continues to the next handler.
+//
+// Example:
+//
+//  r := mux.NewRouter()
+//  r.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
+//  	panic("Unexpected error!")
+//  })
+//
+//  http.ListenAndServe(":1123", handlers.RecoveryHandler()(r))
+func RecoveryHandler(opts ...RecoveryOption) func(h http.Handler) http.Handler {
+	return func(h http.Handler) http.Handler {
+		r := &recoveryHandler{handler: h}
+		return parseRecoveryOptions(r, opts...)
+	}
+}
+
+// RecoveryLogger is a functional option to override
+// the default logger
+func RecoveryLogger(logger RecoveryHandlerLogger) RecoveryOption {
+	return func(h http.Handler) {
+		r := h.(*recoveryHandler)
+		r.logger = logger
+	}
+}
+
+// PrintRecoveryStack is a functional option to enable
+// or disable printing stack traces on panic.
+func PrintRecoveryStack(print bool) RecoveryOption {
+	return func(h http.Handler) {
+		r := h.(*recoveryHandler)
+		r.printStack = print
+	}
+}
+
+func (h recoveryHandler) ServeHTTP(w http.ResponseWriter, req *http.Request) {
+	defer func() {
+		if err := recover(); err != nil {
+			w.WriteHeader(http.StatusInternalServerError)
+			h.log(err)
+		}
+	}()
+
+	h.handler.ServeHTTP(w, req)
+}
+
+func (h recoveryHandler) log(v ...interface{}) {
+	if h.logger != nil {
+		h.logger.Println(v...)
+	} else {
+		log.Println(v...)
+	}
+
+	if h.printStack {
+		stack := string(debug.Stack())
+		if h.logger != nil {
+			h.logger.Println(stack)
+		} else {
+			log.Println(stack)
+		}
+	}
+}
diff --git a/vendor/github.com/kr/pretty/.gitignore b/vendor/github.com/kr/pretty/.gitignore
new file mode 100644
index 000000000..b2d47811f
--- /dev/null
+++ b/vendor/github.com/kr/pretty/.gitignore
@@ -0,0 +1,5 @@
+[568].out
+_go*
+_test*
+_obj
+/.idea
diff --git a/vendor/github.com/kr/pretty/License b/vendor/github.com/kr/pretty/License
new file mode 100644
index 000000000..480a32805
--- /dev/null
+++ b/vendor/github.com/kr/pretty/License
@@ -0,0 +1,19 @@
+Copyright 2012 Keith Rarick
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
diff --git a/vendor/github.com/kr/pretty/Readme b/vendor/github.com/kr/pretty/Readme
new file mode 100644
index 000000000..c589fc622
--- /dev/null
+++ b/vendor/github.com/kr/pretty/Readme
@@ -0,0 +1,9 @@
+package pretty
+
+    import "github.com/kr/pretty"
+
+    Package pretty provides pretty-printing for Go values.
+
+Documentation
+
+    http://godoc.org/github.com/kr/pretty
diff --git a/vendor/github.com/kr/pretty/diff.go b/vendor/github.com/kr/pretty/diff.go
new file mode 100644
index 000000000..40a09dc64
--- /dev/null
+++ b/vendor/github.com/kr/pretty/diff.go
@@ -0,0 +1,295 @@
+package pretty
+
+import (
+	"fmt"
+	"io"
+	"reflect"
+)
+
+type sbuf []string
+
+func (p *sbuf) Printf(format string, a ...interface{}) {
+	s := fmt.Sprintf(format, a...)
+	*p = append(*p, s)
+}
+
+// Diff returns a slice where each element describes
+// a difference between a and b.
+func Diff(a, b interface{}) (desc []string) {
+	Pdiff((*sbuf)(&desc), a, b)
+	return desc
+}
+
+// wprintfer calls Fprintf on w for each Printf call
+// with a trailing newline.
+type wprintfer struct{ w io.Writer }
+
+func (p *wprintfer) Printf(format string, a ...interface{}) {
+	fmt.Fprintf(p.w, format+"\n", a...)
+}
+
+// Fdiff writes to w a description of the differences between a and b.
+func Fdiff(w io.Writer, a, b interface{}) {
+	Pdiff(&wprintfer{w}, a, b)
+}
+
+type Printfer interface {
+	Printf(format string, a ...interface{})
+}
+
+// Pdiff prints to p a description of the differences between a and b.
+// It calls Printf once for each difference, with no trailing newline.
+// The standard library log.Logger is a Printfer.
+func Pdiff(p Printfer, a, b interface{}) {
+	d := diffPrinter{
+		w:        p,
+		aVisited: make(map[visit]visit),
+		bVisited: make(map[visit]visit),
+	}
+	d.diff(reflect.ValueOf(a), reflect.ValueOf(b))
+}
+
+type Logfer interface {
+	Logf(format string, a ...interface{})
+}
+
+// logprintfer calls Fprintf on w for each Printf call
+// with a trailing newline.
+type logprintfer struct{ l Logfer }
+
+func (p *logprintfer) Printf(format string, a ...interface{}) {
+	p.l.Logf(format, a...)
+}
+
+// Ldiff prints to l a description of the differences between a and b.
+// It calls Logf once for each difference, with no trailing newline.
+// The standard library testing.T and testing.B are Logfers.
+func Ldiff(l Logfer, a, b interface{}) {
+	Pdiff(&logprintfer{l}, a, b)
+}
+
+type diffPrinter struct {
+	w Printfer
+	l string // label
+
+	aVisited map[visit]visit
+	bVisited map[visit]visit
+}
+
+func (w diffPrinter) printf(f string, a ...interface{}) {
+	var l string
+	if w.l != "" {
+		l = w.l + ": "
+	}
+	w.w.Printf(l+f, a...)
+}
+
+func (w diffPrinter) diff(av, bv reflect.Value) {
+	if !av.IsValid() && bv.IsValid() {
+		w.printf("nil != %# v", formatter{v: bv, quote: true})
+		return
+	}
+	if av.IsValid() && !bv.IsValid() {
+		w.printf("%# v != nil", formatter{v: av, quote: true})
+		return
+	}
+	if !av.IsValid() && !bv.IsValid() {
+		return
+	}
+
+	at := av.Type()
+	bt := bv.Type()
+	if at != bt {
+		w.printf("%v != %v", at, bt)
+		return
+	}
+
+	if av.CanAddr() && bv.CanAddr() {
+		avis := visit{av.UnsafeAddr(), at}
+		bvis := visit{bv.UnsafeAddr(), bt}
+		var cycle bool
+
+		// Have we seen this value before?
+		if vis, ok := w.aVisited[avis]; ok {
+			cycle = true
+			if vis != bvis {
+				w.printf("%# v (previously visited) != %# v", formatter{v: av, quote: true}, formatter{v: bv, quote: true})
+			}
+		} else if _, ok := w.bVisited[bvis]; ok {
+			cycle = true
+			w.printf("%# v != %# v (previously visited)", formatter{v: av, quote: true}, formatter{v: bv, quote: true})
+		}
+		w.aVisited[avis] = bvis
+		w.bVisited[bvis] = avis
+		if cycle {
+			return
+		}
+	}
+
+	switch kind := at.Kind(); kind {
+	case reflect.Bool:
+		if a, b := av.Bool(), bv.Bool(); a != b {
+			w.printf("%v != %v", a, b)
+		}
+	case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64:
+		if a, b := av.Int(), bv.Int(); a != b {
+			w.printf("%d != %d", a, b)
+		}
+	case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr:
+		if a, b := av.Uint(), bv.Uint(); a != b {
+			w.printf("%d != %d", a, b)
+		}
+	case reflect.Float32, reflect.Float64:
+		if a, b := av.Float(), bv.Float(); a != b {
+			w.printf("%v != %v", a, b)
+		}
+	case reflect.Complex64, reflect.Complex128:
+		if a, b := av.Complex(), bv.Complex(); a != b {
+			w.printf("%v != %v", a, b)
+		}
+	case reflect.Array:
+		n := av.Len()
+		for i := 0; i < n; i++ {
+			w.relabel(fmt.Sprintf("[%d]", i)).diff(av.Index(i), bv.Index(i))
+		}
+	case reflect.Chan, reflect.Func, reflect.UnsafePointer:
+		if a, b := av.Pointer(), bv.Pointer(); a != b {
+			w.printf("%#x != %#x", a, b)
+		}
+	case reflect.Interface:
+		w.diff(av.Elem(), bv.Elem())
+	case reflect.Map:
+		ak, both, bk := keyDiff(av.MapKeys(), bv.MapKeys())
+		for _, k := range ak {
+			w := w.relabel(fmt.Sprintf("[%#v]", k))
+			w.printf("%q != (missing)", av.MapIndex(k))
+		}
+		for _, k := range both {
+			w := w.relabel(fmt.Sprintf("[%#v]", k))
+			w.diff(av.MapIndex(k), bv.MapIndex(k))
+		}
+		for _, k := range bk {
+			w := w.relabel(fmt.Sprintf("[%#v]", k))
+			w.printf("(missing) != %q", bv.MapIndex(k))
+		}
+	case reflect.Ptr:
+		switch {
+		case av.IsNil() && !bv.IsNil():
+			w.printf("nil != %# v", formatter{v: bv, quote: true})
+		case !av.IsNil() && bv.IsNil():
+			w.printf("%# v != nil", formatter{v: av, quote: true})
+		case !av.IsNil() && !bv.IsNil():
+			w.diff(av.Elem(), bv.Elem())
+		}
+	case reflect.Slice:
+		lenA := av.Len()
+		lenB := bv.Len()
+		if lenA != lenB {
+			w.printf("%s[%d] != %s[%d]", av.Type(), lenA, bv.Type(), lenB)
+			break
+		}
+		for i := 0; i < lenA; i++ {
+			w.relabel(fmt.Sprintf("[%d]", i)).diff(av.Index(i), bv.Index(i))
+		}
+	case reflect.String:
+		if a, b := av.String(), bv.String(); a != b {
+			w.printf("%q != %q", a, b)
+		}
+	case reflect.Struct:
+		for i := 0; i < av.NumField(); i++ {
+			w.relabel(at.Field(i).Name).diff(av.Field(i), bv.Field(i))
+		}
+	default:
+		panic("unknown reflect Kind: " + kind.String())
+	}
+}
+
+func (d diffPrinter) relabel(name string) (d1 diffPrinter) {
+	d1 = d
+	if d.l != "" && name[0] != '[' {
+		d1.l += "."
+	}
+	d1.l += name
+	return d1
+}
+
+// keyEqual compares a and b for equality.
+// Both a and b must be valid map keys.
+func keyEqual(av, bv reflect.Value) bool {
+	if !av.IsValid() && !bv.IsValid() {
+		return true
+	}
+	if !av.IsValid() || !bv.IsValid() || av.Type() != bv.Type() {
+		return false
+	}
+	switch kind := av.Kind(); kind {
+	case reflect.Bool:
+		a, b := av.Bool(), bv.Bool()
+		return a == b
+	case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64:
+		a, b := av.Int(), bv.Int()
+		return a == b
+	case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr:
+		a, b := av.Uint(), bv.Uint()
+		return a == b
+	case reflect.Float32, reflect.Float64:
+		a, b := av.Float(), bv.Float()
+		return a == b
+	case reflect.Complex64, reflect.Complex128:
+		a, b := av.Complex(), bv.Complex()
+		return a == b
+	case reflect.Array:
+		for i := 0; i < av.Len(); i++ {
+			if !keyEqual(av.Index(i), bv.Index(i)) {
+				return false
+			}
+		}
+		return true
+	case reflect.Chan, reflect.UnsafePointer, reflect.Ptr:
+		a, b := av.Pointer(), bv.Pointer()
+		return a == b
+	case reflect.Interface:
+		return keyEqual(av.Elem(), bv.Elem())
+	case reflect.String:
+		a, b := av.String(), bv.String()
+		return a == b
+	case reflect.Struct:
+		for i := 0; i < av.NumField(); i++ {
+			if !keyEqual(av.Field(i), bv.Field(i)) {
+				return false
+			}
+		}
+		return true
+	default:
+		panic("invalid map key type " + av.Type().String())
+	}
+}
+
+func keyDiff(a, b []reflect.Value) (ak, both, bk []reflect.Value) {
+	for _, av := range a {
+		inBoth := false
+		for _, bv := range b {
+			if keyEqual(av, bv) {
+				inBoth = true
+				both = append(both, av)
+				break
+			}
+		}
+		if !inBoth {
+			ak = append(ak, av)
+		}
+	}
+	for _, bv := range b {
+		inBoth := false
+		for _, av := range a {
+			if keyEqual(av, bv) {
+				inBoth = true
+				break
+			}
+		}
+		if !inBoth {
+			bk = append(bk, bv)
+		}
+	}
+	return
+}
diff --git a/vendor/github.com/kr/pretty/formatter.go b/vendor/github.com/kr/pretty/formatter.go
new file mode 100644
index 000000000..8e6969c59
--- /dev/null
+++ b/vendor/github.com/kr/pretty/formatter.go
@@ -0,0 +1,355 @@
+package pretty
+
+import (
+	"fmt"
+	"io"
+	"reflect"
+	"strconv"
+	"text/tabwriter"
+
+	"github.com/kr/text"
+	"github.com/rogpeppe/go-internal/fmtsort"
+)
+
+type formatter struct {
+	v     reflect.Value
+	force bool
+	quote bool
+}
+
+// Formatter makes a wrapper, f, that will format x as go source with line
+// breaks and tabs. Object f responds to the "%v" formatting verb when both the
+// "#" and " " (space) flags are set, for example:
+//
+//     fmt.Sprintf("%# v", Formatter(x))
+//
+// If one of these two flags is not set, or any other verb is used, f will
+// format x according to the usual rules of package fmt.
+// In particular, if x satisfies fmt.Formatter, then x.Format will be called.
+func Formatter(x interface{}) (f fmt.Formatter) {
+	return formatter{v: reflect.ValueOf(x), quote: true}
+}
+
+func (fo formatter) String() string {
+	return fmt.Sprint(fo.v.Interface()) // unwrap it
+}
+
+func (fo formatter) passThrough(f fmt.State, c rune) {
+	s := "%"
+	for i := 0; i < 128; i++ {
+		if f.Flag(i) {
+			s += string(rune(i))
+		}
+	}
+	if w, ok := f.Width(); ok {
+		s += fmt.Sprintf("%d", w)
+	}
+	if p, ok := f.Precision(); ok {
+		s += fmt.Sprintf(".%d", p)
+	}
+	s += string(c)
+	fmt.Fprintf(f, s, fo.v.Interface())
+}
+
+func (fo formatter) Format(f fmt.State, c rune) {
+	if fo.force || c == 'v' && f.Flag('#') && f.Flag(' ') {
+		w := tabwriter.NewWriter(f, 4, 4, 1, ' ', 0)
+		p := &printer{tw: w, Writer: w, visited: make(map[visit]int)}
+		p.printValue(fo.v, true, fo.quote)
+		w.Flush()
+		return
+	}
+	fo.passThrough(f, c)
+}
+
+type printer struct {
+	io.Writer
+	tw      *tabwriter.Writer
+	visited map[visit]int
+	depth   int
+}
+
+func (p *printer) indent() *printer {
+	q := *p
+	q.tw = tabwriter.NewWriter(p.Writer, 4, 4, 1, ' ', 0)
+	q.Writer = text.NewIndentWriter(q.tw, []byte{'\t'})
+	return &q
+}
+
+func (p *printer) printInline(v reflect.Value, x interface{}, showType bool) {
+	if showType {
+		io.WriteString(p, v.Type().String())
+		fmt.Fprintf(p, "(%#v)", x)
+	} else {
+		fmt.Fprintf(p, "%#v", x)
+	}
+}
+
+// printValue must keep track of already-printed pointer values to avoid
+// infinite recursion.
+type visit struct {
+	v   uintptr
+	typ reflect.Type
+}
+
+func (p *printer) catchPanic(v reflect.Value, method string) {
+	if r := recover(); r != nil {
+		if v.Kind() == reflect.Ptr && v.IsNil() {
+			writeByte(p, '(')
+			io.WriteString(p, v.Type().String())
+			io.WriteString(p, ")(nil)")
+			return
+		}
+		writeByte(p, '(')
+		io.WriteString(p, v.Type().String())
+		io.WriteString(p, ")(PANIC=calling method ")
+		io.WriteString(p, strconv.Quote(method))
+		io.WriteString(p, ": ")
+		fmt.Fprint(p, r)
+		writeByte(p, ')')
+	}
+}
+
+func (p *printer) printValue(v reflect.Value, showType, quote bool) {
+	if p.depth > 10 {
+		io.WriteString(p, "!%v(DEPTH EXCEEDED)")
+		return
+	}
+
+	if v.IsValid() && v.CanInterface() {
+		i := v.Interface()
+		if goStringer, ok := i.(fmt.GoStringer); ok {
+			defer p.catchPanic(v, "GoString")
+			io.WriteString(p, goStringer.GoString())
+			return
+		}
+	}
+
+	switch v.Kind() {
+	case reflect.Bool:
+		p.printInline(v, v.Bool(), showType)
+	case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64:
+		p.printInline(v, v.Int(), showType)
+	case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr:
+		p.printInline(v, v.Uint(), showType)
+	case reflect.Float32, reflect.Float64:
+		p.printInline(v, v.Float(), showType)
+	case reflect.Complex64, reflect.Complex128:
+		fmt.Fprintf(p, "%#v", v.Complex())
+	case reflect.String:
+		p.fmtString(v.String(), quote)
+	case reflect.Map:
+		t := v.Type()
+		if showType {
+			io.WriteString(p, t.String())
+		}
+		writeByte(p, '{')
+		if nonzero(v) {
+			expand := !canInline(v.Type())
+			pp := p
+			if expand {
+				writeByte(p, '\n')
+				pp = p.indent()
+			}
+			sm := fmtsort.Sort(v)
+			for i := 0; i < v.Len(); i++ {
+				k := sm.Key[i]
+				mv := sm.Value[i]
+				pp.printValue(k, false, true)
+				writeByte(pp, ':')
+				if expand {
+					writeByte(pp, '\t')
+				}
+				showTypeInStruct := t.Elem().Kind() == reflect.Interface
+				pp.printValue(mv, showTypeInStruct, true)
+				if expand {
+					io.WriteString(pp, ",\n")
+				} else if i < v.Len()-1 {
+					io.WriteString(pp, ", ")
+				}
+			}
+			if expand {
+				pp.tw.Flush()
+			}
+		}
+		writeByte(p, '}')
+	case reflect.Struct:
+		t := v.Type()
+		if v.CanAddr() {
+			addr := v.UnsafeAddr()
+			vis := visit{addr, t}
+			if vd, ok := p.visited[vis]; ok && vd < p.depth {
+				p.fmtString(t.String()+"{(CYCLIC REFERENCE)}", false)
+				break // don't print v again
+			}
+			p.visited[vis] = p.depth
+		}
+
+		if showType {
+			io.WriteString(p, t.String())
+		}
+		writeByte(p, '{')
+		if nonzero(v) {
+			expand := !canInline(v.Type())
+			pp := p
+			if expand {
+				writeByte(p, '\n')
+				pp = p.indent()
+			}
+			for i := 0; i < v.NumField(); i++ {
+				showTypeInStruct := true
+				if f := t.Field(i); f.Name != "" {
+					io.WriteString(pp, f.Name)
+					writeByte(pp, ':')
+					if expand {
+						writeByte(pp, '\t')
+					}
+					showTypeInStruct = labelType(f.Type)
+				}
+				pp.printValue(getField(v, i), showTypeInStruct, true)
+				if expand {
+					io.WriteString(pp, ",\n")
+				} else if i < v.NumField()-1 {
+					io.WriteString(pp, ", ")
+				}
+			}
+			if expand {
+				pp.tw.Flush()
+			}
+		}
+		writeByte(p, '}')
+	case reflect.Interface:
+		switch e := v.Elem(); {
+		case e.Kind() == reflect.Invalid:
+			io.WriteString(p, "nil")
+		case e.IsValid():
+			pp := *p
+			pp.depth++
+			pp.printValue(e, showType, true)
+		default:
+			io.WriteString(p, v.Type().String())
+			io.WriteString(p, "(nil)")
+		}
+	case reflect.Array, reflect.Slice:
+		t := v.Type()
+		if showType {
+			io.WriteString(p, t.String())
+		}
+		if v.Kind() == reflect.Slice && v.IsNil() && showType {
+			io.WriteString(p, "(nil)")
+			break
+		}
+		if v.Kind() == reflect.Slice && v.IsNil() {
+			io.WriteString(p, "nil")
+			break
+		}
+		writeByte(p, '{')
+		expand := !canInline(v.Type())
+		pp := p
+		if expand {
+			writeByte(p, '\n')
+			pp = p.indent()
+		}
+		for i := 0; i < v.Len(); i++ {
+			showTypeInSlice := t.Elem().Kind() == reflect.Interface
+			pp.printValue(v.Index(i), showTypeInSlice, true)
+			if expand {
+				io.WriteString(pp, ",\n")
+			} else if i < v.Len()-1 {
+				io.WriteString(pp, ", ")
+			}
+		}
+		if expand {
+			pp.tw.Flush()
+		}
+		writeByte(p, '}')
+	case reflect.Ptr:
+		e := v.Elem()
+		if !e.IsValid() {
+			writeByte(p, '(')
+			io.WriteString(p, v.Type().String())
+			io.WriteString(p, ")(nil)")
+		} else {
+			pp := *p
+			pp.depth++
+			writeByte(pp, '&')
+			pp.printValue(e, true, true)
+		}
+	case reflect.Chan:
+		x := v.Pointer()
+		if showType {
+			writeByte(p, '(')
+			io.WriteString(p, v.Type().String())
+			fmt.Fprintf(p, ")(%#v)", x)
+		} else {
+			fmt.Fprintf(p, "%#v", x)
+		}
+	case reflect.Func:
+		io.WriteString(p, v.Type().String())
+		io.WriteString(p, " {...}")
+	case reflect.UnsafePointer:
+		p.printInline(v, v.Pointer(), showType)
+	case reflect.Invalid:
+		io.WriteString(p, "nil")
+	}
+}
+
+func canInline(t reflect.Type) bool {
+	switch t.Kind() {
+	case reflect.Map:
+		return !canExpand(t.Elem())
+	case reflect.Struct:
+		for i := 0; i < t.NumField(); i++ {
+			if canExpand(t.Field(i).Type) {
+				return false
+			}
+		}
+		return true
+	case reflect.Interface:
+		return false
+	case reflect.Array, reflect.Slice:
+		return !canExpand(t.Elem())
+	case reflect.Ptr:
+		return false
+	case reflect.Chan, reflect.Func, reflect.UnsafePointer:
+		return false
+	}
+	return true
+}
+
+func canExpand(t reflect.Type) bool {
+	switch t.Kind() {
+	case reflect.Map, reflect.Struct,
+		reflect.Interface, reflect.Array, reflect.Slice,
+		reflect.Ptr:
+		return true
+	}
+	return false
+}
+
+func labelType(t reflect.Type) bool {
+	switch t.Kind() {
+	case reflect.Interface, reflect.Struct:
+		return true
+	}
+	return false
+}
+
+func (p *printer) fmtString(s string, quote bool) {
+	if quote {
+		s = strconv.Quote(s)
+	}
+	io.WriteString(p, s)
+}
+
+func writeByte(w io.Writer, b byte) {
+	w.Write([]byte{b})
+}
+
+func getField(v reflect.Value, i int) reflect.Value {
+	val := v.Field(i)
+	if val.Kind() == reflect.Interface && !val.IsNil() {
+		val = val.Elem()
+	}
+	return val
+}
diff --git a/vendor/github.com/kr/pretty/pretty.go b/vendor/github.com/kr/pretty/pretty.go
new file mode 100644
index 000000000..b4ca583c0
--- /dev/null
+++ b/vendor/github.com/kr/pretty/pretty.go
@@ -0,0 +1,108 @@
+// Package pretty provides pretty-printing for Go values. This is
+// useful during debugging, to avoid wrapping long output lines in
+// the terminal.
+//
+// It provides a function, Formatter, that can be used with any
+// function that accepts a format string. It also provides
+// convenience wrappers for functions in packages fmt and log.
+package pretty
+
+import (
+	"fmt"
+	"io"
+	"log"
+	"reflect"
+)
+
+// Errorf is a convenience wrapper for fmt.Errorf.
+//
+// Calling Errorf(f, x, y) is equivalent to
+// fmt.Errorf(f, Formatter(x), Formatter(y)).
+func Errorf(format string, a ...interface{}) error {
+	return fmt.Errorf(format, wrap(a, false)...)
+}
+
+// Fprintf is a convenience wrapper for fmt.Fprintf.
+//
+// Calling Fprintf(w, f, x, y) is equivalent to
+// fmt.Fprintf(w, f, Formatter(x), Formatter(y)).
+func Fprintf(w io.Writer, format string, a ...interface{}) (n int, error error) {
+	return fmt.Fprintf(w, format, wrap(a, false)...)
+}
+
+// Log is a convenience wrapper for log.Printf.
+//
+// Calling Log(x, y) is equivalent to
+// log.Print(Formatter(x), Formatter(y)), but each operand is
+// formatted with "%# v".
+func Log(a ...interface{}) {
+	log.Print(wrap(a, true)...)
+}
+
+// Logf is a convenience wrapper for log.Printf.
+//
+// Calling Logf(f, x, y) is equivalent to
+// log.Printf(f, Formatter(x), Formatter(y)).
+func Logf(format string, a ...interface{}) {
+	log.Printf(format, wrap(a, false)...)
+}
+
+// Logln is a convenience wrapper for log.Printf.
+//
+// Calling Logln(x, y) is equivalent to
+// log.Println(Formatter(x), Formatter(y)), but each operand is
+// formatted with "%# v".
+func Logln(a ...interface{}) {
+	log.Println(wrap(a, true)...)
+}
+
+// Print pretty-prints its operands and writes to standard output.
+//
+// Calling Print(x, y) is equivalent to
+// fmt.Print(Formatter(x), Formatter(y)), but each operand is
+// formatted with "%# v".
+func Print(a ...interface{}) (n int, errno error) {
+	return fmt.Print(wrap(a, true)...)
+}
+
+// Printf is a convenience wrapper for fmt.Printf.
+//
+// Calling Printf(f, x, y) is equivalent to
+// fmt.Printf(f, Formatter(x), Formatter(y)).
+func Printf(format string, a ...interface{}) (n int, errno error) {
+	return fmt.Printf(format, wrap(a, false)...)
+}
+
+// Println pretty-prints its operands and writes to standard output.
+//
+// Calling Println(x, y) is equivalent to
+// fmt.Println(Formatter(x), Formatter(y)), but each operand is
+// formatted with "%# v".
+func Println(a ...interface{}) (n int, errno error) {
+	return fmt.Println(wrap(a, true)...)
+}
+
+// Sprint is a convenience wrapper for fmt.Sprintf.
+//
+// Calling Sprint(x, y) is equivalent to
+// fmt.Sprint(Formatter(x), Formatter(y)), but each operand is
+// formatted with "%# v".
+func Sprint(a ...interface{}) string {
+	return fmt.Sprint(wrap(a, true)...)
+}
+
+// Sprintf is a convenience wrapper for fmt.Sprintf.
+//
+// Calling Sprintf(f, x, y) is equivalent to
+// fmt.Sprintf(f, Formatter(x), Formatter(y)).
+func Sprintf(format string, a ...interface{}) string {
+	return fmt.Sprintf(format, wrap(a, false)...)
+}
+
+func wrap(a []interface{}, force bool) []interface{} {
+	w := make([]interface{}, len(a))
+	for i, x := range a {
+		w[i] = formatter{v: reflect.ValueOf(x), force: force}
+	}
+	return w
+}
diff --git a/vendor/github.com/kr/pretty/zero.go b/vendor/github.com/kr/pretty/zero.go
new file mode 100644
index 000000000..abb5b6fc1
--- /dev/null
+++ b/vendor/github.com/kr/pretty/zero.go
@@ -0,0 +1,41 @@
+package pretty
+
+import (
+	"reflect"
+)
+
+func nonzero(v reflect.Value) bool {
+	switch v.Kind() {
+	case reflect.Bool:
+		return v.Bool()
+	case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64:
+		return v.Int() != 0
+	case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr:
+		return v.Uint() != 0
+	case reflect.Float32, reflect.Float64:
+		return v.Float() != 0
+	case reflect.Complex64, reflect.Complex128:
+		return v.Complex() != complex(0, 0)
+	case reflect.String:
+		return v.String() != ""
+	case reflect.Struct:
+		for i := 0; i < v.NumField(); i++ {
+			if nonzero(getField(v, i)) {
+				return true
+			}
+		}
+		return false
+	case reflect.Array:
+		for i := 0; i < v.Len(); i++ {
+			if nonzero(v.Index(i)) {
+				return true
+			}
+		}
+		return false
+	case reflect.Map, reflect.Interface, reflect.Slice, reflect.Ptr, reflect.Chan, reflect.Func:
+		return !v.IsNil()
+	case reflect.UnsafePointer:
+		return v.Pointer() != 0
+	}
+	return true
+}
diff --git a/vendor/github.com/kr/text/License b/vendor/github.com/kr/text/License
new file mode 100644
index 000000000..480a32805
--- /dev/null
+++ b/vendor/github.com/kr/text/License
@@ -0,0 +1,19 @@
+Copyright 2012 Keith Rarick
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
diff --git a/vendor/github.com/kr/text/Readme b/vendor/github.com/kr/text/Readme
new file mode 100644
index 000000000..7e6e7c068
--- /dev/null
+++ b/vendor/github.com/kr/text/Readme
@@ -0,0 +1,3 @@
+This is a Go package for manipulating paragraphs of text.
+
+See http://go.pkgdoc.org/github.com/kr/text for full documentation.
diff --git a/vendor/github.com/kr/text/doc.go b/vendor/github.com/kr/text/doc.go
new file mode 100644
index 000000000..cf4c198f9
--- /dev/null
+++ b/vendor/github.com/kr/text/doc.go
@@ -0,0 +1,3 @@
+// Package text provides rudimentary functions for manipulating text in
+// paragraphs.
+package text
diff --git a/vendor/github.com/kr/text/indent.go b/vendor/github.com/kr/text/indent.go
new file mode 100644
index 000000000..4ebac45c0
--- /dev/null
+++ b/vendor/github.com/kr/text/indent.go
@@ -0,0 +1,74 @@
+package text
+
+import (
+	"io"
+)
+
+// Indent inserts prefix at the beginning of each non-empty line of s. The
+// end-of-line marker is NL.
+func Indent(s, prefix string) string {
+	return string(IndentBytes([]byte(s), []byte(prefix)))
+}
+
+// IndentBytes inserts prefix at the beginning of each non-empty line of b.
+// The end-of-line marker is NL.
+func IndentBytes(b, prefix []byte) []byte {
+	var res []byte
+	bol := true
+	for _, c := range b {
+		if bol && c != '\n' {
+			res = append(res, prefix...)
+		}
+		res = append(res, c)
+		bol = c == '\n'
+	}
+	return res
+}
+
+// Writer indents each line of its input.
+type indentWriter struct {
+	w   io.Writer
+	bol bool
+	pre [][]byte
+	sel int
+	off int
+}
+
+// NewIndentWriter makes a new write filter that indents the input
+// lines. Each line is prefixed in order with the corresponding
+// element of pre. If there are more lines than elements, the last
+// element of pre is repeated for each subsequent line.
+func NewIndentWriter(w io.Writer, pre ...[]byte) io.Writer {
+	return &indentWriter{
+		w:   w,
+		pre: pre,
+		bol: true,
+	}
+}
+
+// The only errors returned are from the underlying indentWriter.
+func (w *indentWriter) Write(p []byte) (n int, err error) {
+	for _, c := range p {
+		if w.bol {
+			var i int
+			i, err = w.w.Write(w.pre[w.sel][w.off:])
+			w.off += i
+			if err != nil {
+				return n, err
+			}
+		}
+		_, err = w.w.Write([]byte{c})
+		if err != nil {
+			return n, err
+		}
+		n++
+		w.bol = c == '\n'
+		if w.bol {
+			w.off = 0
+			if w.sel < len(w.pre)-1 {
+				w.sel++
+			}
+		}
+	}
+	return n, nil
+}
diff --git a/vendor/github.com/kr/text/wrap.go b/vendor/github.com/kr/text/wrap.go
new file mode 100644
index 000000000..b09bb0373
--- /dev/null
+++ b/vendor/github.com/kr/text/wrap.go
@@ -0,0 +1,86 @@
+package text
+
+import (
+	"bytes"
+	"math"
+)
+
+var (
+	nl = []byte{'\n'}
+	sp = []byte{' '}
+)
+
+const defaultPenalty = 1e5
+
+// Wrap wraps s into a paragraph of lines of length lim, with minimal
+// raggedness.
+func Wrap(s string, lim int) string {
+	return string(WrapBytes([]byte(s), lim))
+}
+
+// WrapBytes wraps b into a paragraph of lines of length lim, with minimal
+// raggedness.
+func WrapBytes(b []byte, lim int) []byte {
+	words := bytes.Split(bytes.Replace(bytes.TrimSpace(b), nl, sp, -1), sp)
+	var lines [][]byte
+	for _, line := range WrapWords(words, 1, lim, defaultPenalty) {
+		lines = append(lines, bytes.Join(line, sp))
+	}
+	return bytes.Join(lines, nl)
+}
+
+// WrapWords is the low-level line-breaking algorithm, useful if you need more
+// control over the details of the text wrapping process. For most uses, either
+// Wrap or WrapBytes will be sufficient and more convenient.
+//
+// WrapWords splits a list of words into lines with minimal "raggedness",
+// treating each byte as one unit, accounting for spc units between adjacent
+// words on each line, and attempting to limit lines to lim units. Raggedness
+// is the total error over all lines, where error is the square of the
+// difference of the length of the line and lim. Too-long lines (which only
+// happen when a single word is longer than lim units) have pen penalty units
+// added to the error.
+func WrapWords(words [][]byte, spc, lim, pen int) [][][]byte {
+	n := len(words)
+
+	length := make([][]int, n)
+	for i := 0; i < n; i++ {
+		length[i] = make([]int, n)
+		length[i][i] = len(words[i])
+		for j := i + 1; j < n; j++ {
+			length[i][j] = length[i][j-1] + spc + len(words[j])
+		}
+	}
+
+	nbrk := make([]int, n)
+	cost := make([]int, n)
+	for i := range cost {
+		cost[i] = math.MaxInt32
+	}
+	for i := n - 1; i >= 0; i-- {
+		if length[i][n-1] <= lim || i == n-1 {
+			cost[i] = 0
+			nbrk[i] = n
+		} else {
+			for j := i + 1; j < n; j++ {
+				d := lim - length[i][j-1]
+				c := d*d + cost[j]
+				if length[i][j-1] > lim {
+					c += pen // too-long lines get a worse penalty
+				}
+				if c < cost[i] {
+					cost[i] = c
+					nbrk[i] = j
+				}
+			}
+		}
+	}
+
+	var lines [][][]byte
+	i := 0
+	for i < n {
+		lines = append(lines, words[i:nbrk[i]])
+		i = nbrk[i]
+	}
+	return lines
+}
diff --git a/vendor/github.com/ncw/swift/.gitignore b/vendor/github.com/ncw/swift/.gitignore
new file mode 100644
index 000000000..5cdbab794
--- /dev/null
+++ b/vendor/github.com/ncw/swift/.gitignore
@@ -0,0 +1,4 @@
+*~
+*.pyc
+test-env*
+junk/
\ No newline at end of file
diff --git a/vendor/github.com/ncw/swift/.travis.yml b/vendor/github.com/ncw/swift/.travis.yml
new file mode 100644
index 000000000..e0a61643b
--- /dev/null
+++ b/vendor/github.com/ncw/swift/.travis.yml
@@ -0,0 +1,33 @@
+language: go
+sudo: false
+
+go:
+  - 1.2.x
+  - 1.3.x
+  - 1.4.x
+  - 1.5.x
+  - 1.6.x
+  - 1.7.x
+  - 1.8.x
+  - 1.9.x
+  - 1.10.x
+  - 1.11.x
+  - 1.12.x
+  - master
+
+matrix:
+  include:
+  - go: 1.12.x
+    env: TEST_REAL_SERVER=rackspace
+  - go: 1.12.x
+    env: TEST_REAL_SERVER=memset
+  allow_failures:
+  - go: 1.12.x
+    env: TEST_REAL_SERVER=rackspace
+  - go: 1.12.x
+    env: TEST_REAL_SERVER=memset
+install: go test -i ./...
+script:
+  - test -z "$(go fmt ./...)"
+  - go test
+  - ./travis_realserver.sh
diff --git a/vendor/github.com/ncw/swift/COPYING b/vendor/github.com/ncw/swift/COPYING
new file mode 100644
index 000000000..8c27c67fd
--- /dev/null
+++ b/vendor/github.com/ncw/swift/COPYING
@@ -0,0 +1,20 @@
+Copyright (C) 2012 by Nick Craig-Wood http://www.craig-wood.com/nick/
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
+
diff --git a/vendor/github.com/ncw/swift/README.md b/vendor/github.com/ncw/swift/README.md
new file mode 100644
index 000000000..0a09293d8
--- /dev/null
+++ b/vendor/github.com/ncw/swift/README.md
@@ -0,0 +1,156 @@
+Swift
+=====
+
+This package provides an easy to use library for interfacing with
+Swift / Openstack Object Storage / Rackspace cloud files from the Go
+Language
+
+See here for package docs
+
+  http://godoc.org/github.com/ncw/swift
+
+[![Build Status](https://api.travis-ci.org/ncw/swift.svg?branch=master)](https://travis-ci.org/ncw/swift) [![GoDoc](https://godoc.org/github.com/ncw/swift?status.svg)](https://godoc.org/github.com/ncw/swift) 
+
+Install
+-------
+
+Use go to install the library
+
+    go get github.com/ncw/swift
+
+Usage
+-----
+
+See here for full package docs
+
+- http://godoc.org/github.com/ncw/swift
+
+Here is a short example from the docs
+```go
+import "github.com/ncw/swift"
+
+// Create a connection
+c := swift.Connection{
+    UserName: "user",
+    ApiKey:   "key",
+    AuthUrl:  "auth_url",
+    Domain:   "domain",  // Name of the domain (v3 auth only)
+    Tenant:   "tenant",  // Name of the tenant (v2 auth only)
+}
+// Authenticate
+err := c.Authenticate()
+if err != nil {
+    panic(err)
+}
+// List all the containers
+containers, err := c.ContainerNames(nil)
+fmt.Println(containers)
+// etc...
+```
+
+Additions
+---------
+
+The `rs` sub project contains a wrapper for the Rackspace specific CDN Management interface.
+
+Testing
+-------
+
+To run the tests you can either use an embedded fake Swift server
+either use a real Openstack Swift server or a Rackspace Cloud files account.
+
+When using a real Swift server, you need to set these environment variables
+before running the tests
+
+    export SWIFT_API_USER='user'
+    export SWIFT_API_KEY='key'
+    export SWIFT_AUTH_URL='https://url.of.auth.server/v1.0'
+
+And optionally these if using v2 authentication
+
+    export SWIFT_TENANT='TenantName'
+    export SWIFT_TENANT_ID='TenantId'
+
+And optionally these if using v3 authentication
+
+    export SWIFT_TENANT='TenantName'
+    export SWIFT_TENANT_ID='TenantId'
+    export SWIFT_API_DOMAIN_ID='domain id'
+    export SWIFT_API_DOMAIN='domain name'
+
+And optionally these if using v3 trust
+
+    export SWIFT_TRUST_ID='TrustId'
+
+And optionally this if you want to skip server certificate validation
+
+    export SWIFT_AUTH_INSECURE=1
+
+And optionally this to configure the connect channel timeout, in seconds
+
+    export SWIFT_CONNECTION_CHANNEL_TIMEOUT=60
+
+And optionally this to configure the data channel timeout, in seconds
+
+    export SWIFT_DATA_CHANNEL_TIMEOUT=60
+
+Then run the tests with `go test`
+
+License
+-------
+
+This is free software under the terms of MIT license (check COPYING file
+included in this package).
+
+Contact and support
+-------------------
+
+The project website is at:
+
+- https://github.com/ncw/swift
+
+There you can file bug reports, ask for help or contribute patches.
+
+Authors
+-------
+
+- Nick Craig-Wood <nick@craig-wood.com>
+
+Contributors
+------------
+
+- Brian "bojo" Jones <mojobojo@gmail.com>
+- Janika Liiv <janika@toggl.com>
+- Yamamoto, Hirotaka <ymmt2005@gmail.com>
+- Stephen <yo@groks.org>
+- platformpurple <stephen@platformpurple.com>
+- Paul Querna <pquerna@apache.org>
+- Livio Soares <liviobs@gmail.com>
+- thesyncim <thesyncim@gmail.com>
+- lsowen <lsowen@s1network.com> <logan@s1network.com>
+- Sylvain Baubeau <sbaubeau@redhat.com>
+- Chris Kastorff <encryptio@gmail.com>
+- Dai HaoJun <haojun.dai@hp.com>
+- Hua Wang <wanghua.humble@gmail.com>
+- Fabian Ruff <fabian@progra.de> <fabian.ruff@sap.com>
+- Arturo Reuschenbach Puncernau <reuschenbach@gmail.com>
+- Petr Kotek <petr.kotek@bigcommerce.com>
+- Stefan Majewsky <stefan.majewsky@sap.com> <majewsky@gmx.net>
+- Cezar Sa Espinola <cezarsa@gmail.com>
+- Sam Gunaratne <samgzeit@gmail.com>
+- Richard Scothern <richard.scothern@gmail.com>
+- Michel Couillard <!--<couillard.michel@voxlog.ca>--> <michel.couillard@gmail.com>
+- Christopher Waldon <ckwaldon@us.ibm.com>
+- dennis <dai.haojun@gmail.com>
+- hag <hannes.georg@xing.com>
+- Alexander Neumann <alexander@bumpern.de>
+- eclipseo <30413512+eclipseo@users.noreply.github.com>
+- Yuri Per <yuri@acronis.com>
+- Falk Reimann <falk.reimann@sap.com>
+- Arthur Paim Arnold <arthurpaimarnold@gmail.com>
+- Bruno Michel <bmichel@menfin.info>
+- Charles Hsu <charles0126@gmail.com>
+- Omar Ali <omarali@users.noreply.github.com>
+- Andreas Andersen <andreas@softwaredesign.se>
+- kayrus <kay.diam@gmail.com>
+- CodeLingo Bot <bot@codelingo.io>
diff --git a/vendor/github.com/ncw/swift/auth.go b/vendor/github.com/ncw/swift/auth.go
new file mode 100644
index 000000000..25654f429
--- /dev/null
+++ b/vendor/github.com/ncw/swift/auth.go
@@ -0,0 +1,335 @@
+package swift
+
+import (
+	"bytes"
+	"encoding/json"
+	"net/http"
+	"net/url"
+	"strings"
+	"time"
+)
+
+// Auth defines the operations needed to authenticate with swift
+//
+// This encapsulates the different authentication schemes in use
+type Authenticator interface {
+	// Request creates an http.Request for the auth - return nil if not needed
+	Request(*Connection) (*http.Request, error)
+	// Response parses the http.Response
+	Response(resp *http.Response) error
+	// The public storage URL - set Internal to true to read
+	// internal/service net URL
+	StorageUrl(Internal bool) string
+	// The access token
+	Token() string
+	// The CDN url if available
+	CdnUrl() string
+}
+
+// Expireser is an optional interface to read the expiration time of the token
+type Expireser interface {
+	Expires() time.Time
+}
+
+type CustomEndpointAuthenticator interface {
+	StorageUrlForEndpoint(endpointType EndpointType) string
+}
+
+type EndpointType string
+
+const (
+	// Use public URL as storage URL
+	EndpointTypePublic = EndpointType("public")
+
+	// Use internal URL as storage URL
+	EndpointTypeInternal = EndpointType("internal")
+
+	// Use admin URL as storage URL
+	EndpointTypeAdmin = EndpointType("admin")
+)
+
+// newAuth - create a new Authenticator from the AuthUrl
+//
+// A hint for AuthVersion can be provided
+func newAuth(c *Connection) (Authenticator, error) {
+	AuthVersion := c.AuthVersion
+	if AuthVersion == 0 {
+		if strings.Contains(c.AuthUrl, "v3") {
+			AuthVersion = 3
+		} else if strings.Contains(c.AuthUrl, "v2") {
+			AuthVersion = 2
+		} else if strings.Contains(c.AuthUrl, "v1") {
+			AuthVersion = 1
+		} else {
+			return nil, newErrorf(500, "Can't find AuthVersion in AuthUrl - set explicitly")
+		}
+	}
+	switch AuthVersion {
+	case 1:
+		return &v1Auth{}, nil
+	case 2:
+		return &v2Auth{
+			// Guess as to whether using API key or
+			// password it will try both eventually so
+			// this is just an optimization.
+			useApiKey: len(c.ApiKey) >= 32,
+		}, nil
+	case 3:
+		return &v3Auth{}, nil
+	}
+	return nil, newErrorf(500, "Auth Version %d not supported", AuthVersion)
+}
+
+// ------------------------------------------------------------
+
+// v1 auth
+type v1Auth struct {
+	Headers http.Header // V1 auth: the authentication headers so extensions can access them
+}
+
+// v1 Authentication - make request
+func (auth *v1Auth) Request(c *Connection) (*http.Request, error) {
+	req, err := http.NewRequest("GET", c.AuthUrl, nil)
+	if err != nil {
+		return nil, err
+	}
+	req.Header.Set("User-Agent", c.UserAgent)
+	req.Header.Set("X-Auth-Key", c.ApiKey)
+	req.Header.Set("X-Auth-User", c.UserName)
+	return req, nil
+}
+
+// v1 Authentication - read response
+func (auth *v1Auth) Response(resp *http.Response) error {
+	auth.Headers = resp.Header
+	return nil
+}
+
+// v1 Authentication - read storage url
+func (auth *v1Auth) StorageUrl(Internal bool) string {
+	storageUrl := auth.Headers.Get("X-Storage-Url")
+	if Internal {
+		newUrl, err := url.Parse(storageUrl)
+		if err != nil {
+			return storageUrl
+		}
+		newUrl.Host = "snet-" + newUrl.Host
+		storageUrl = newUrl.String()
+	}
+	return storageUrl
+}
+
+// v1 Authentication - read auth token
+func (auth *v1Auth) Token() string {
+	return auth.Headers.Get("X-Auth-Token")
+}
+
+// v1 Authentication - read cdn url
+func (auth *v1Auth) CdnUrl() string {
+	return auth.Headers.Get("X-CDN-Management-Url")
+}
+
+// ------------------------------------------------------------
+
+// v2 Authentication
+type v2Auth struct {
+	Auth        *v2AuthResponse
+	Region      string
+	useApiKey   bool // if set will use API key not Password
+	useApiKeyOk bool // if set won't change useApiKey any more
+	notFirst    bool // set after first run
+}
+
+// v2 Authentication - make request
+func (auth *v2Auth) Request(c *Connection) (*http.Request, error) {
+	auth.Region = c.Region
+	// Toggle useApiKey if not first run and not OK yet
+	if auth.notFirst && !auth.useApiKeyOk {
+		auth.useApiKey = !auth.useApiKey
+	}
+	auth.notFirst = true
+	// Create a V2 auth request for the body of the connection
+	var v2i interface{}
+	if !auth.useApiKey {
+		// Normal swift authentication
+		v2 := v2AuthRequest{}
+		v2.Auth.PasswordCredentials.UserName = c.UserName
+		v2.Auth.PasswordCredentials.Password = c.ApiKey
+		v2.Auth.Tenant = c.Tenant
+		v2.Auth.TenantId = c.TenantId
+		v2i = v2
+	} else {
+		// Rackspace special with API Key
+		v2 := v2AuthRequestRackspace{}
+		v2.Auth.ApiKeyCredentials.UserName = c.UserName
+		v2.Auth.ApiKeyCredentials.ApiKey = c.ApiKey
+		v2.Auth.Tenant = c.Tenant
+		v2.Auth.TenantId = c.TenantId
+		v2i = v2
+	}
+	body, err := json.Marshal(v2i)
+	if err != nil {
+		return nil, err
+	}
+	url := c.AuthUrl
+	if !strings.HasSuffix(url, "/") {
+		url += "/"
+	}
+	url += "tokens"
+	req, err := http.NewRequest("POST", url, bytes.NewBuffer(body))
+	if err != nil {
+		return nil, err
+	}
+	req.Header.Set("Content-Type", "application/json")
+	req.Header.Set("User-Agent", c.UserAgent)
+	return req, nil
+}
+
+// v2 Authentication - read response
+func (auth *v2Auth) Response(resp *http.Response) error {
+	auth.Auth = new(v2AuthResponse)
+	err := readJson(resp, auth.Auth)
+	// If successfully read Auth then no need to toggle useApiKey any more
+	if err == nil {
+		auth.useApiKeyOk = true
+	}
+	return err
+}
+
+// Finds the Endpoint Url of "type" from the v2AuthResponse using the
+// Region if set or defaulting to the first one if not
+//
+// Returns "" if not found
+func (auth *v2Auth) endpointUrl(Type string, endpointType EndpointType) string {
+	for _, catalog := range auth.Auth.Access.ServiceCatalog {
+		if catalog.Type == Type {
+			for _, endpoint := range catalog.Endpoints {
+				if auth.Region == "" || (auth.Region == endpoint.Region) {
+					switch endpointType {
+					case EndpointTypeInternal:
+						return endpoint.InternalUrl
+					case EndpointTypePublic:
+						return endpoint.PublicUrl
+					case EndpointTypeAdmin:
+						return endpoint.AdminUrl
+					default:
+						return ""
+					}
+				}
+			}
+		}
+	}
+	return ""
+}
+
+// v2 Authentication - read storage url
+//
+// If Internal is true then it reads the private (internal / service
+// net) URL.
+func (auth *v2Auth) StorageUrl(Internal bool) string {
+	endpointType := EndpointTypePublic
+	if Internal {
+		endpointType = EndpointTypeInternal
+	}
+	return auth.StorageUrlForEndpoint(endpointType)
+}
+
+// v2 Authentication - read storage url
+//
+// Use the indicated endpointType to choose a URL.
+func (auth *v2Auth) StorageUrlForEndpoint(endpointType EndpointType) string {
+	return auth.endpointUrl("object-store", endpointType)
+}
+
+// v2 Authentication - read auth token
+func (auth *v2Auth) Token() string {
+	return auth.Auth.Access.Token.Id
+}
+
+// v2 Authentication - read expires
+func (auth *v2Auth) Expires() time.Time {
+	t, err := time.Parse(time.RFC3339, auth.Auth.Access.Token.Expires)
+	if err != nil {
+		return time.Time{} // return Zero if not parsed
+	}
+	return t
+}
+
+// v2 Authentication - read cdn url
+func (auth *v2Auth) CdnUrl() string {
+	return auth.endpointUrl("rax:object-cdn", EndpointTypePublic)
+}
+
+// ------------------------------------------------------------
+
+// V2 Authentication request
+//
+// http://docs.openstack.org/developer/keystone/api_curl_examples.html
+// http://docs.rackspace.com/servers/api/v2/cs-gettingstarted/content/curl_auth.html
+// http://docs.openstack.org/api/openstack-identity-service/2.0/content/POST_authenticate_v2.0_tokens_.html
+type v2AuthRequest struct {
+	Auth struct {
+		PasswordCredentials struct {
+			UserName string `json:"username"`
+			Password string `json:"password"`
+		} `json:"passwordCredentials"`
+		Tenant   string `json:"tenantName,omitempty"`
+		TenantId string `json:"tenantId,omitempty"`
+	} `json:"auth"`
+}
+
+// V2 Authentication request - Rackspace variant
+//
+// http://docs.openstack.org/developer/keystone/api_curl_examples.html
+// http://docs.rackspace.com/servers/api/v2/cs-gettingstarted/content/curl_auth.html
+// http://docs.openstack.org/api/openstack-identity-service/2.0/content/POST_authenticate_v2.0_tokens_.html
+type v2AuthRequestRackspace struct {
+	Auth struct {
+		ApiKeyCredentials struct {
+			UserName string `json:"username"`
+			ApiKey   string `json:"apiKey"`
+		} `json:"RAX-KSKEY:apiKeyCredentials"`
+		Tenant   string `json:"tenantName,omitempty"`
+		TenantId string `json:"tenantId,omitempty"`
+	} `json:"auth"`
+}
+
+// V2 Authentication reply
+//
+// http://docs.openstack.org/developer/keystone/api_curl_examples.html
+// http://docs.rackspace.com/servers/api/v2/cs-gettingstarted/content/curl_auth.html
+// http://docs.openstack.org/api/openstack-identity-service/2.0/content/POST_authenticate_v2.0_tokens_.html
+type v2AuthResponse struct {
+	Access struct {
+		ServiceCatalog []struct {
+			Endpoints []struct {
+				InternalUrl string
+				PublicUrl   string
+				AdminUrl    string
+				Region      string
+				TenantId    string
+			}
+			Name string
+			Type string
+		}
+		Token struct {
+			Expires string
+			Id      string
+			Tenant  struct {
+				Id   string
+				Name string
+			}
+		}
+		User struct {
+			DefaultRegion string `json:"RAX-AUTH:defaultRegion"`
+			Id            string
+			Name          string
+			Roles         []struct {
+				Description string
+				Id          string
+				Name        string
+				TenantId    string
+			}
+		}
+	}
+}
diff --git a/vendor/github.com/ncw/swift/auth_v3.go b/vendor/github.com/ncw/swift/auth_v3.go
new file mode 100644
index 000000000..1e34ad814
--- /dev/null
+++ b/vendor/github.com/ncw/swift/auth_v3.go
@@ -0,0 +1,300 @@
+package swift
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"net/http"
+	"strings"
+	"time"
+)
+
+const (
+	v3AuthMethodToken                 = "token"
+	v3AuthMethodPassword              = "password"
+	v3AuthMethodApplicationCredential = "application_credential"
+	v3CatalogTypeObjectStore          = "object-store"
+)
+
+// V3 Authentication request
+// http://docs.openstack.org/developer/keystone/api_curl_examples.html
+// http://developer.openstack.org/api-ref-identity-v3.html
+type v3AuthRequest struct {
+	Auth struct {
+		Identity struct {
+			Methods               []string                     `json:"methods"`
+			Password              *v3AuthPassword              `json:"password,omitempty"`
+			Token                 *v3AuthToken                 `json:"token,omitempty"`
+			ApplicationCredential *v3AuthApplicationCredential `json:"application_credential,omitempty"`
+		} `json:"identity"`
+		Scope *v3Scope `json:"scope,omitempty"`
+	} `json:"auth"`
+}
+
+type v3Scope struct {
+	Project *v3Project `json:"project,omitempty"`
+	Domain  *v3Domain  `json:"domain,omitempty"`
+	Trust   *v3Trust   `json:"OS-TRUST:trust,omitempty"`
+}
+
+type v3Domain struct {
+	Id   string `json:"id,omitempty"`
+	Name string `json:"name,omitempty"`
+}
+
+type v3Project struct {
+	Name   string    `json:"name,omitempty"`
+	Id     string    `json:"id,omitempty"`
+	Domain *v3Domain `json:"domain,omitempty"`
+}
+
+type v3Trust struct {
+	Id string `json:"id"`
+}
+
+type v3User struct {
+	Domain   *v3Domain `json:"domain,omitempty"`
+	Id       string    `json:"id,omitempty"`
+	Name     string    `json:"name,omitempty"`
+	Password string    `json:"password,omitempty"`
+}
+
+type v3AuthToken struct {
+	Id string `json:"id"`
+}
+
+type v3AuthPassword struct {
+	User v3User `json:"user"`
+}
+
+type v3AuthApplicationCredential struct {
+	Id     string  `json:"id,omitempty"`
+	Name   string  `json:"name,omitempty"`
+	Secret string  `json:"secret,omitempty"`
+	User   *v3User `json:"user,omitempty"`
+}
+
+// V3 Authentication response
+type v3AuthResponse struct {
+	Token struct {
+		ExpiresAt string `json:"expires_at"`
+		IssuedAt  string `json:"issued_at"`
+		Methods   []string
+		Roles     []struct {
+			Id, Name string
+			Links    struct {
+				Self string
+			}
+		}
+
+		Project struct {
+			Domain struct {
+				Id, Name string
+			}
+			Id, Name string
+		}
+
+		Catalog []struct {
+			Id, Namem, Type string
+			Endpoints       []struct {
+				Id, Region_Id, Url, Region string
+				Interface                  EndpointType
+			}
+		}
+
+		User struct {
+			Id, Name string
+			Domain   struct {
+				Id, Name string
+				Links    struct {
+					Self string
+				}
+			}
+		}
+
+		Audit_Ids []string
+	}
+}
+
+type v3Auth struct {
+	Region  string
+	Auth    *v3AuthResponse
+	Headers http.Header
+}
+
+func (auth *v3Auth) Request(c *Connection) (*http.Request, error) {
+	auth.Region = c.Region
+
+	var v3i interface{}
+
+	v3 := v3AuthRequest{}
+
+	if (c.ApplicationCredentialId != "" || c.ApplicationCredentialName != "") && c.ApplicationCredentialSecret != "" {
+		var user *v3User
+
+		if c.ApplicationCredentialId != "" {
+			c.ApplicationCredentialName = ""
+			user = &v3User{}
+		}
+
+		if user == nil && c.UserId != "" {
+			// UserID could be used without the domain information
+			user = &v3User{
+				Id: c.UserId,
+			}
+		}
+
+		if user == nil && c.UserName == "" {
+			// Make sure that Username or UserID are provided
+			return nil, fmt.Errorf("UserID or Name should be provided")
+		}
+
+		if user == nil && c.DomainId != "" {
+			user = &v3User{
+				Name: c.UserName,
+				Domain: &v3Domain{
+					Id: c.DomainId,
+				},
+			}
+		}
+
+		if user == nil && c.Domain != "" {
+			user = &v3User{
+				Name: c.UserName,
+				Domain: &v3Domain{
+					Name: c.Domain,
+				},
+			}
+		}
+
+		// Make sure that DomainID or DomainName are provided among Username
+		if user == nil {
+			return nil, fmt.Errorf("DomainID or Domain should be provided")
+		}
+
+		v3.Auth.Identity.Methods = []string{v3AuthMethodApplicationCredential}
+		v3.Auth.Identity.ApplicationCredential = &v3AuthApplicationCredential{
+			Id:     c.ApplicationCredentialId,
+			Name:   c.ApplicationCredentialName,
+			Secret: c.ApplicationCredentialSecret,
+			User:   user,
+		}
+	} else if c.UserName == "" && c.UserId == "" {
+		v3.Auth.Identity.Methods = []string{v3AuthMethodToken}
+		v3.Auth.Identity.Token = &v3AuthToken{Id: c.ApiKey}
+	} else {
+		v3.Auth.Identity.Methods = []string{v3AuthMethodPassword}
+		v3.Auth.Identity.Password = &v3AuthPassword{
+			User: v3User{
+				Name:     c.UserName,
+				Id:       c.UserId,
+				Password: c.ApiKey,
+			},
+		}
+
+		var domain *v3Domain
+
+		if c.Domain != "" {
+			domain = &v3Domain{Name: c.Domain}
+		} else if c.DomainId != "" {
+			domain = &v3Domain{Id: c.DomainId}
+		}
+		v3.Auth.Identity.Password.User.Domain = domain
+	}
+
+	if v3.Auth.Identity.Methods[0] != v3AuthMethodApplicationCredential {
+		if c.TrustId != "" {
+			v3.Auth.Scope = &v3Scope{Trust: &v3Trust{Id: c.TrustId}}
+		} else if c.TenantId != "" || c.Tenant != "" {
+
+			v3.Auth.Scope = &v3Scope{Project: &v3Project{}}
+
+			if c.TenantId != "" {
+				v3.Auth.Scope.Project.Id = c.TenantId
+			} else if c.Tenant != "" {
+				v3.Auth.Scope.Project.Name = c.Tenant
+				switch {
+				case c.TenantDomain != "":
+					v3.Auth.Scope.Project.Domain = &v3Domain{Name: c.TenantDomain}
+				case c.TenantDomainId != "":
+					v3.Auth.Scope.Project.Domain = &v3Domain{Id: c.TenantDomainId}
+				case c.Domain != "":
+					v3.Auth.Scope.Project.Domain = &v3Domain{Name: c.Domain}
+				case c.DomainId != "":
+					v3.Auth.Scope.Project.Domain = &v3Domain{Id: c.DomainId}
+				default:
+					v3.Auth.Scope.Project.Domain = &v3Domain{Name: "Default"}
+				}
+			}
+		}
+	}
+
+	v3i = v3
+
+	body, err := json.Marshal(v3i)
+
+	if err != nil {
+		return nil, err
+	}
+
+	url := c.AuthUrl
+	if !strings.HasSuffix(url, "/") {
+		url += "/"
+	}
+	url += "auth/tokens"
+	req, err := http.NewRequest("POST", url, bytes.NewBuffer(body))
+	if err != nil {
+		return nil, err
+	}
+	req.Header.Set("Content-Type", "application/json")
+	req.Header.Set("User-Agent", c.UserAgent)
+	return req, nil
+}
+
+func (auth *v3Auth) Response(resp *http.Response) error {
+	auth.Auth = &v3AuthResponse{}
+	auth.Headers = resp.Header
+	err := readJson(resp, auth.Auth)
+	return err
+}
+
+func (auth *v3Auth) endpointUrl(Type string, endpointType EndpointType) string {
+	for _, catalog := range auth.Auth.Token.Catalog {
+		if catalog.Type == Type {
+			for _, endpoint := range catalog.Endpoints {
+				if endpoint.Interface == endpointType && (auth.Region == "" || (auth.Region == endpoint.Region)) {
+					return endpoint.Url
+				}
+			}
+		}
+	}
+	return ""
+}
+
+func (auth *v3Auth) StorageUrl(Internal bool) string {
+	endpointType := EndpointTypePublic
+	if Internal {
+		endpointType = EndpointTypeInternal
+	}
+	return auth.StorageUrlForEndpoint(endpointType)
+}
+
+func (auth *v3Auth) StorageUrlForEndpoint(endpointType EndpointType) string {
+	return auth.endpointUrl("object-store", endpointType)
+}
+
+func (auth *v3Auth) Token() string {
+	return auth.Headers.Get("X-Subject-Token")
+}
+
+func (auth *v3Auth) Expires() time.Time {
+	t, err := time.Parse(time.RFC3339, auth.Auth.Token.ExpiresAt)
+	if err != nil {
+		return time.Time{} // return Zero if not parsed
+	}
+	return t
+}
+
+func (auth *v3Auth) CdnUrl() string {
+	return ""
+}
diff --git a/vendor/github.com/ncw/swift/compatibility_1_0.go b/vendor/github.com/ncw/swift/compatibility_1_0.go
new file mode 100644
index 000000000..7b69a757a
--- /dev/null
+++ b/vendor/github.com/ncw/swift/compatibility_1_0.go
@@ -0,0 +1,28 @@
+// Go 1.0 compatibility functions
+
+// +build !go1.1
+
+package swift
+
+import (
+	"log"
+	"net/http"
+	"time"
+)
+
+// Cancel the request - doesn't work under < go 1.1
+func cancelRequest(transport http.RoundTripper, req *http.Request) {
+	log.Printf("Tried to cancel a request but couldn't - recompile with go 1.1")
+}
+
+// Reset a timer - Doesn't work properly < go 1.1
+//
+// This is quite hard to do properly under go < 1.1 so we do a crude
+// approximation and hope that everyone upgrades to go 1.1 quickly
+func resetTimer(t *time.Timer, d time.Duration) {
+	t.Stop()
+	// Very likely this doesn't actually work if we are already
+	// selecting on t.C.  However we've stopped the original timer
+	// so won't break transfers but may not time them out :-(
+	*t = *time.NewTimer(d)
+}
diff --git a/vendor/github.com/ncw/swift/compatibility_1_1.go b/vendor/github.com/ncw/swift/compatibility_1_1.go
new file mode 100644
index 000000000..a4f9c3ab2
--- /dev/null
+++ b/vendor/github.com/ncw/swift/compatibility_1_1.go
@@ -0,0 +1,24 @@
+// Go 1.1 and later compatibility functions
+//
+// +build go1.1
+
+package swift
+
+import (
+	"net/http"
+	"time"
+)
+
+// Cancel the request
+func cancelRequest(transport http.RoundTripper, req *http.Request) {
+	if tr, ok := transport.(interface {
+		CancelRequest(*http.Request)
+	}); ok {
+		tr.CancelRequest(req)
+	}
+}
+
+// Reset a timer
+func resetTimer(t *time.Timer, d time.Duration) {
+	t.Reset(d)
+}
diff --git a/vendor/github.com/ncw/swift/compatibility_1_6.go b/vendor/github.com/ncw/swift/compatibility_1_6.go
new file mode 100644
index 000000000..b443d01d2
--- /dev/null
+++ b/vendor/github.com/ncw/swift/compatibility_1_6.go
@@ -0,0 +1,23 @@
+// +build go1.6
+
+package swift
+
+import (
+	"net/http"
+	"time"
+)
+
+const IS_AT_LEAST_GO_16 = true
+
+func SetExpectContinueTimeout(tr *http.Transport, t time.Duration) {
+	tr.ExpectContinueTimeout = t
+}
+
+func AddExpectAndTransferEncoding(req *http.Request, hasContentLength bool) {
+	if req.Body != nil {
+		req.Header.Add("Expect", "100-continue")
+	}
+	if !hasContentLength {
+		req.TransferEncoding = []string{"chunked"}
+	}
+}
diff --git a/vendor/github.com/ncw/swift/compatibility_not_1_6.go b/vendor/github.com/ncw/swift/compatibility_not_1_6.go
new file mode 100644
index 000000000..aabb44e2b
--- /dev/null
+++ b/vendor/github.com/ncw/swift/compatibility_not_1_6.go
@@ -0,0 +1,13 @@
+// +build !go1.6
+
+package swift
+
+import (
+	"net/http"
+	"time"
+)
+
+const IS_AT_LEAST_GO_16 = false
+
+func SetExpectContinueTimeout(tr *http.Transport, t time.Duration)          {}
+func AddExpectAndTransferEncoding(req *http.Request, hasContentLength bool) {}
diff --git a/vendor/github.com/ncw/swift/dlo.go b/vendor/github.com/ncw/swift/dlo.go
new file mode 100644
index 000000000..e2e2aa97e
--- /dev/null
+++ b/vendor/github.com/ncw/swift/dlo.go
@@ -0,0 +1,136 @@
+package swift
+
+import (
+	"os"
+)
+
+// DynamicLargeObjectCreateFile represents an open static large object
+type DynamicLargeObjectCreateFile struct {
+	largeObjectCreateFile
+}
+
+// DynamicLargeObjectCreateFile creates a dynamic large object
+// returning an object which satisfies io.Writer, io.Seeker, io.Closer
+// and io.ReaderFrom.  The flags are as passes to the
+// largeObjectCreate method.
+func (c *Connection) DynamicLargeObjectCreateFile(opts *LargeObjectOpts) (LargeObjectFile, error) {
+	lo, err := c.largeObjectCreate(opts)
+	if err != nil {
+		return nil, err
+	}
+
+	return withBuffer(opts, &DynamicLargeObjectCreateFile{
+		largeObjectCreateFile: *lo,
+	}), nil
+}
+
+// DynamicLargeObjectCreate creates or truncates an existing dynamic
+// large object returning a writeable object.  This sets opts.Flags to
+// an appropriate value before calling DynamicLargeObjectCreateFile
+func (c *Connection) DynamicLargeObjectCreate(opts *LargeObjectOpts) (LargeObjectFile, error) {
+	opts.Flags = os.O_TRUNC | os.O_CREATE
+	return c.DynamicLargeObjectCreateFile(opts)
+}
+
+// DynamicLargeObjectDelete deletes a dynamic large object and all of its segments.
+func (c *Connection) DynamicLargeObjectDelete(container string, path string) error {
+	return c.LargeObjectDelete(container, path)
+}
+
+// DynamicLargeObjectMove moves a dynamic large object from srcContainer, srcObjectName to dstContainer, dstObjectName
+func (c *Connection) DynamicLargeObjectMove(srcContainer string, srcObjectName string, dstContainer string, dstObjectName string) error {
+	info, headers, err := c.Object(dstContainer, srcObjectName)
+	if err != nil {
+		return err
+	}
+
+	segmentContainer, segmentPath := parseFullPath(headers["X-Object-Manifest"])
+	if err := c.createDLOManifest(dstContainer, dstObjectName, segmentContainer+"/"+segmentPath, info.ContentType); err != nil {
+		return err
+	}
+
+	if err := c.ObjectDelete(srcContainer, srcObjectName); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// createDLOManifest creates a dynamic large object manifest
+func (c *Connection) createDLOManifest(container string, objectName string, prefix string, contentType string) error {
+	headers := make(Headers)
+	headers["X-Object-Manifest"] = prefix
+	manifest, err := c.ObjectCreate(container, objectName, false, "", contentType, headers)
+	if err != nil {
+		return err
+	}
+
+	if err := manifest.Close(); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// Close satisfies the io.Closer interface
+func (file *DynamicLargeObjectCreateFile) Close() error {
+	return file.Flush()
+}
+
+func (file *DynamicLargeObjectCreateFile) Flush() error {
+	err := file.conn.createDLOManifest(file.container, file.objectName, file.segmentContainer+"/"+file.prefix, file.contentType)
+	if err != nil {
+		return err
+	}
+	return file.conn.waitForSegmentsToShowUp(file.container, file.objectName, file.Size())
+}
+
+func (c *Connection) getAllDLOSegments(segmentContainer, segmentPath string) ([]Object, error) {
+	//a simple container listing works 99.9% of the time
+	segments, err := c.ObjectsAll(segmentContainer, &ObjectsOpts{Prefix: segmentPath})
+	if err != nil {
+		return nil, err
+	}
+
+	hasObjectName := make(map[string]struct{})
+	for _, segment := range segments {
+		hasObjectName[segment.Name] = struct{}{}
+	}
+
+	//The container listing might be outdated (i.e. not contain all existing
+	//segment objects yet) because of temporary inconsistency (Swift is only
+	//eventually consistent!). Check its completeness.
+	segmentNumber := 0
+	for {
+		segmentNumber++
+		segmentName := getSegment(segmentPath, segmentNumber)
+		if _, seen := hasObjectName[segmentName]; seen {
+			continue
+		}
+
+		//This segment is missing in the container listing. Use a more reliable
+		//request to check its existence. (HEAD requests on segments are
+		//guaranteed to return the correct metadata, except for the pathological
+		//case of an outage of large parts of the Swift cluster or its network,
+		//since every segment is only written once.)
+		segment, _, err := c.Object(segmentContainer, segmentName)
+		switch err {
+		case nil:
+			//found new segment -> add it in the correct position and keep
+			//going, more might be missing
+			if segmentNumber <= len(segments) {
+				segments = append(segments[:segmentNumber], segments[segmentNumber-1:]...)
+				segments[segmentNumber-1] = segment
+			} else {
+				segments = append(segments, segment)
+			}
+			continue
+		case ObjectNotFound:
+			//This segment is missing. Since we upload segments sequentially,
+			//there won't be any more segments after it.
+			return segments, nil
+		default:
+			return nil, err //unexpected error
+		}
+	}
+}
diff --git a/vendor/github.com/ncw/swift/doc.go b/vendor/github.com/ncw/swift/doc.go
new file mode 100644
index 000000000..44efde7bf
--- /dev/null
+++ b/vendor/github.com/ncw/swift/doc.go
@@ -0,0 +1,19 @@
+/*
+Package swift provides an easy to use interface to Swift / Openstack Object Storage / Rackspace Cloud Files
+
+Standard Usage
+
+Most of the work is done through the Container*() and Object*() methods.
+
+All methods are safe to use concurrently in multiple go routines.
+
+Object Versioning
+
+As defined by http://docs.openstack.org/api/openstack-object-storage/1.0/content/Object_Versioning-e1e3230.html#d6e983 one can create a container which allows for version control of files.  The suggested method is to create a version container for holding all non-current files, and a current container for holding the latest version that the file points to.  The container and objects inside it can be used in the standard manner, however, pushing a file multiple times will result in it being copied to the version container and the new file put in it's place.  If the current file is deleted, the previous file in the version container will replace it.  This means that if a file is updated 5 times, it must be deleted 5 times to be completely removed from the system.
+
+Rackspace Sub Module
+
+This module specifically allows the enabling/disabling of Rackspace Cloud File CDN management on a container.  This is specific to the Rackspace API and not Swift/Openstack, therefore it has been placed in a submodule.  One can easily create a RsConnection and use it like the standard Connection to access and manipulate containers and objects.
+
+*/
+package swift
diff --git a/vendor/github.com/ncw/swift/largeobjects.go b/vendor/github.com/ncw/swift/largeobjects.go
new file mode 100644
index 000000000..bec640b00
--- /dev/null
+++ b/vendor/github.com/ncw/swift/largeobjects.go
@@ -0,0 +1,448 @@
+package swift
+
+import (
+	"bufio"
+	"bytes"
+	"crypto/rand"
+	"crypto/sha1"
+	"encoding/hex"
+	"errors"
+	"fmt"
+	"io"
+	"os"
+	gopath "path"
+	"strconv"
+	"strings"
+	"time"
+)
+
+// NotLargeObject is returned if an operation is performed on an object which isn't large.
+var NotLargeObject = errors.New("Not a large object")
+
+// readAfterWriteTimeout defines the time we wait before an object appears after having been uploaded
+var readAfterWriteTimeout = 15 * time.Second
+
+// readAfterWriteWait defines the time to sleep between two retries
+var readAfterWriteWait = 200 * time.Millisecond
+
+// largeObjectCreateFile represents an open static or dynamic large object
+type largeObjectCreateFile struct {
+	conn             *Connection
+	container        string
+	objectName       string
+	currentLength    int64
+	filePos          int64
+	chunkSize        int64
+	segmentContainer string
+	prefix           string
+	contentType      string
+	checkHash        bool
+	segments         []Object
+	headers          Headers
+	minChunkSize     int64
+}
+
+func swiftSegmentPath(path string) (string, error) {
+	checksum := sha1.New()
+	random := make([]byte, 32)
+	if _, err := rand.Read(random); err != nil {
+		return "", err
+	}
+	path = hex.EncodeToString(checksum.Sum(append([]byte(path), random...)))
+	return strings.TrimLeft(strings.TrimRight("segments/"+path[0:3]+"/"+path[3:], "/"), "/"), nil
+}
+
+func getSegment(segmentPath string, partNumber int) string {
+	return fmt.Sprintf("%s/%016d", segmentPath, partNumber)
+}
+
+func parseFullPath(manifest string) (container string, prefix string) {
+	components := strings.SplitN(manifest, "/", 2)
+	container = components[0]
+	if len(components) > 1 {
+		prefix = components[1]
+	}
+	return container, prefix
+}
+
+func (headers Headers) IsLargeObjectDLO() bool {
+	_, isDLO := headers["X-Object-Manifest"]
+	return isDLO
+}
+
+func (headers Headers) IsLargeObjectSLO() bool {
+	_, isSLO := headers["X-Static-Large-Object"]
+	return isSLO
+}
+
+func (headers Headers) IsLargeObject() bool {
+	return headers.IsLargeObjectSLO() || headers.IsLargeObjectDLO()
+}
+
+func (c *Connection) getAllSegments(container string, path string, headers Headers) (string, []Object, error) {
+	if manifest, isDLO := headers["X-Object-Manifest"]; isDLO {
+		segmentContainer, segmentPath := parseFullPath(manifest)
+		segments, err := c.getAllDLOSegments(segmentContainer, segmentPath)
+		return segmentContainer, segments, err
+	}
+	if headers.IsLargeObjectSLO() {
+		return c.getAllSLOSegments(container, path)
+	}
+	return "", nil, NotLargeObject
+}
+
+// LargeObjectOpts describes how a large object should be created
+type LargeObjectOpts struct {
+	Container        string  // Name of container to place object
+	ObjectName       string  // Name of object
+	Flags            int     // Creation flags
+	CheckHash        bool    // If set Check the hash
+	Hash             string  // If set use this hash to check
+	ContentType      string  // Content-Type of the object
+	Headers          Headers // Additional headers to upload the object with
+	ChunkSize        int64   // Size of chunks of the object, defaults to 10MB if not set
+	MinChunkSize     int64   // Minimum chunk size, automatically set for SLO's based on info
+	SegmentContainer string  // Name of the container to place segments
+	SegmentPrefix    string  // Prefix to use for the segments
+	NoBuffer         bool    // Prevents using a bufio.Writer to write segments
+}
+
+type LargeObjectFile interface {
+	io.Writer
+	io.Seeker
+	io.Closer
+	Size() int64
+	Flush() error
+}
+
+// largeObjectCreate creates a large object at opts.Container, opts.ObjectName.
+//
+// opts.Flags can have the following bits set
+//   os.TRUNC  - remove the contents of the large object if it exists
+//   os.APPEND - write at the end of the large object
+func (c *Connection) largeObjectCreate(opts *LargeObjectOpts) (*largeObjectCreateFile, error) {
+	var (
+		segmentPath      string
+		segmentContainer string
+		segments         []Object
+		currentLength    int64
+		err              error
+	)
+
+	if opts.SegmentPrefix != "" {
+		segmentPath = opts.SegmentPrefix
+	} else if segmentPath, err = swiftSegmentPath(opts.ObjectName); err != nil {
+		return nil, err
+	}
+
+	if info, headers, err := c.Object(opts.Container, opts.ObjectName); err == nil {
+		if opts.Flags&os.O_TRUNC != 0 {
+			c.LargeObjectDelete(opts.Container, opts.ObjectName)
+		} else {
+			currentLength = info.Bytes
+			if headers.IsLargeObject() {
+				segmentContainer, segments, err = c.getAllSegments(opts.Container, opts.ObjectName, headers)
+				if err != nil {
+					return nil, err
+				}
+				if len(segments) > 0 {
+					segmentPath = gopath.Dir(segments[0].Name)
+				}
+			} else {
+				if err = c.ObjectMove(opts.Container, opts.ObjectName, opts.Container, getSegment(segmentPath, 1)); err != nil {
+					return nil, err
+				}
+				segments = append(segments, info)
+			}
+		}
+	} else if err != ObjectNotFound {
+		return nil, err
+	}
+
+	// segmentContainer is not empty when the manifest already existed
+	if segmentContainer == "" {
+		if opts.SegmentContainer != "" {
+			segmentContainer = opts.SegmentContainer
+		} else {
+			segmentContainer = opts.Container + "_segments"
+		}
+	}
+
+	file := &largeObjectCreateFile{
+		conn:             c,
+		checkHash:        opts.CheckHash,
+		container:        opts.Container,
+		objectName:       opts.ObjectName,
+		chunkSize:        opts.ChunkSize,
+		minChunkSize:     opts.MinChunkSize,
+		headers:          opts.Headers,
+		segmentContainer: segmentContainer,
+		prefix:           segmentPath,
+		segments:         segments,
+		currentLength:    currentLength,
+	}
+
+	if file.chunkSize == 0 {
+		file.chunkSize = 10 * 1024 * 1024
+	}
+
+	if file.minChunkSize > file.chunkSize {
+		file.chunkSize = file.minChunkSize
+	}
+
+	if opts.Flags&os.O_APPEND != 0 {
+		file.filePos = currentLength
+	}
+
+	return file, nil
+}
+
+// LargeObjectDelete deletes the large object named by container, path
+func (c *Connection) LargeObjectDelete(container string, objectName string) error {
+	_, headers, err := c.Object(container, objectName)
+	if err != nil {
+		return err
+	}
+
+	var objects [][]string
+	if headers.IsLargeObject() {
+		segmentContainer, segments, err := c.getAllSegments(container, objectName, headers)
+		if err != nil {
+			return err
+		}
+		for _, obj := range segments {
+			objects = append(objects, []string{segmentContainer, obj.Name})
+		}
+	}
+	objects = append(objects, []string{container, objectName})
+
+	info, err := c.cachedQueryInfo()
+	if err == nil && info.SupportsBulkDelete() && len(objects) > 0 {
+		filenames := make([]string, len(objects))
+		for i, obj := range objects {
+			filenames[i] = obj[0] + "/" + obj[1]
+		}
+		_, err = c.doBulkDelete(filenames)
+		// Don't fail on ObjectNotFound because eventual consistency
+		// makes this situation normal.
+		if err != nil && err != Forbidden && err != ObjectNotFound {
+			return err
+		}
+	} else {
+		for _, obj := range objects {
+			if err := c.ObjectDelete(obj[0], obj[1]); err != nil {
+				return err
+			}
+		}
+	}
+
+	return nil
+}
+
+// LargeObjectGetSegments returns all the segments that compose an object
+// If the object is a Dynamic Large Object (DLO), it just returns the objects
+// that have the prefix as indicated by the manifest.
+// If the object is a Static Large Object (SLO), it retrieves the JSON content
+// of the manifest and return all the segments of it.
+func (c *Connection) LargeObjectGetSegments(container string, path string) (string, []Object, error) {
+	_, headers, err := c.Object(container, path)
+	if err != nil {
+		return "", nil, err
+	}
+
+	return c.getAllSegments(container, path, headers)
+}
+
+// Seek sets the offset for the next write operation
+func (file *largeObjectCreateFile) Seek(offset int64, whence int) (int64, error) {
+	switch whence {
+	case 0:
+		file.filePos = offset
+	case 1:
+		file.filePos += offset
+	case 2:
+		file.filePos = file.currentLength + offset
+	default:
+		return -1, fmt.Errorf("invalid value for whence")
+	}
+	if file.filePos < 0 {
+		return -1, fmt.Errorf("negative offset")
+	}
+	return file.filePos, nil
+}
+
+func (file *largeObjectCreateFile) Size() int64 {
+	return file.currentLength
+}
+
+func withLORetry(expectedSize int64, fn func() (Headers, int64, error)) (err error) {
+	endTimer := time.NewTimer(readAfterWriteTimeout)
+	defer endTimer.Stop()
+	waitingTime := readAfterWriteWait
+	for {
+		var headers Headers
+		var sz int64
+		if headers, sz, err = fn(); err == nil {
+			if !headers.IsLargeObjectDLO() || (expectedSize == 0 && sz > 0) || expectedSize == sz {
+				return
+			}
+		} else {
+			return
+		}
+		waitTimer := time.NewTimer(waitingTime)
+		select {
+		case <-endTimer.C:
+			waitTimer.Stop()
+			err = fmt.Errorf("Timeout expired while waiting for object to have size == %d, got: %d", expectedSize, sz)
+			return
+		case <-waitTimer.C:
+			waitingTime *= 2
+		}
+	}
+}
+
+func (c *Connection) waitForSegmentsToShowUp(container, objectName string, expectedSize int64) (err error) {
+	err = withLORetry(expectedSize, func() (Headers, int64, error) {
+		var info Object
+		var headers Headers
+		info, headers, err = c.objectBase(container, objectName)
+		if err != nil {
+			return headers, 0, err
+		}
+		return headers, info.Bytes, nil
+	})
+	return
+}
+
+// Write satisfies the io.Writer interface
+func (file *largeObjectCreateFile) Write(buf []byte) (int, error) {
+	var sz int64
+	var relativeFilePos int
+	writeSegmentIdx := 0
+	for i, obj := range file.segments {
+		if file.filePos < sz+obj.Bytes || (i == len(file.segments)-1 && file.filePos < sz+file.minChunkSize) {
+			relativeFilePos = int(file.filePos - sz)
+			break
+		}
+		writeSegmentIdx++
+		sz += obj.Bytes
+	}
+	sizeToWrite := len(buf)
+	for offset := 0; offset < sizeToWrite; {
+		newSegment, n, err := file.writeSegment(buf[offset:], writeSegmentIdx, relativeFilePos)
+		if err != nil {
+			return 0, err
+		}
+		if writeSegmentIdx < len(file.segments) {
+			file.segments[writeSegmentIdx] = *newSegment
+		} else {
+			file.segments = append(file.segments, *newSegment)
+		}
+		offset += n
+		writeSegmentIdx++
+		relativeFilePos = 0
+	}
+	file.filePos += int64(sizeToWrite)
+	file.currentLength = 0
+	for _, obj := range file.segments {
+		file.currentLength += obj.Bytes
+	}
+	return sizeToWrite, nil
+}
+
+func (file *largeObjectCreateFile) writeSegment(buf []byte, writeSegmentIdx int, relativeFilePos int) (*Object, int, error) {
+	var (
+		readers         []io.Reader
+		existingSegment *Object
+		segmentSize     int
+	)
+	segmentName := getSegment(file.prefix, writeSegmentIdx+1)
+	sizeToRead := int(file.chunkSize)
+	if writeSegmentIdx < len(file.segments) {
+		existingSegment = &file.segments[writeSegmentIdx]
+		if writeSegmentIdx != len(file.segments)-1 {
+			sizeToRead = int(existingSegment.Bytes)
+		}
+		if relativeFilePos > 0 {
+			headers := make(Headers)
+			headers["Range"] = "bytes=0-" + strconv.FormatInt(int64(relativeFilePos-1), 10)
+			existingSegmentReader, _, err := file.conn.ObjectOpen(file.segmentContainer, segmentName, true, headers)
+			if err != nil {
+				return nil, 0, err
+			}
+			defer existingSegmentReader.Close()
+			sizeToRead -= relativeFilePos
+			segmentSize += relativeFilePos
+			readers = []io.Reader{existingSegmentReader}
+		}
+	}
+	if sizeToRead > len(buf) {
+		sizeToRead = len(buf)
+	}
+	segmentSize += sizeToRead
+	readers = append(readers, bytes.NewReader(buf[:sizeToRead]))
+	if existingSegment != nil && segmentSize < int(existingSegment.Bytes) {
+		headers := make(Headers)
+		headers["Range"] = "bytes=" + strconv.FormatInt(int64(segmentSize), 10) + "-"
+		tailSegmentReader, _, err := file.conn.ObjectOpen(file.segmentContainer, segmentName, true, headers)
+		if err != nil {
+			return nil, 0, err
+		}
+		defer tailSegmentReader.Close()
+		segmentSize = int(existingSegment.Bytes)
+		readers = append(readers, tailSegmentReader)
+	}
+	segmentReader := io.MultiReader(readers...)
+	headers, err := file.conn.ObjectPut(file.segmentContainer, segmentName, segmentReader, true, "", file.contentType, nil)
+	if err != nil {
+		return nil, 0, err
+	}
+	return &Object{Name: segmentName, Bytes: int64(segmentSize), Hash: headers["Etag"]}, sizeToRead, nil
+}
+
+func withBuffer(opts *LargeObjectOpts, lo LargeObjectFile) LargeObjectFile {
+	if !opts.NoBuffer {
+		return &bufferedLargeObjectFile{
+			LargeObjectFile: lo,
+			bw:              bufio.NewWriterSize(lo, int(opts.ChunkSize)),
+		}
+	}
+	return lo
+}
+
+type bufferedLargeObjectFile struct {
+	LargeObjectFile
+	bw *bufio.Writer
+}
+
+func (blo *bufferedLargeObjectFile) Close() error {
+	err := blo.bw.Flush()
+	if err != nil {
+		return err
+	}
+	return blo.LargeObjectFile.Close()
+}
+
+func (blo *bufferedLargeObjectFile) Write(p []byte) (n int, err error) {
+	return blo.bw.Write(p)
+}
+
+func (blo *bufferedLargeObjectFile) Seek(offset int64, whence int) (int64, error) {
+	err := blo.bw.Flush()
+	if err != nil {
+		return 0, err
+	}
+	return blo.LargeObjectFile.Seek(offset, whence)
+}
+
+func (blo *bufferedLargeObjectFile) Size() int64 {
+	return blo.LargeObjectFile.Size() + int64(blo.bw.Buffered())
+}
+
+func (blo *bufferedLargeObjectFile) Flush() error {
+	err := blo.bw.Flush()
+	if err != nil {
+		return err
+	}
+	return blo.LargeObjectFile.Flush()
+}
diff --git a/vendor/github.com/ncw/swift/meta.go b/vendor/github.com/ncw/swift/meta.go
new file mode 100644
index 000000000..7e149e139
--- /dev/null
+++ b/vendor/github.com/ncw/swift/meta.go
@@ -0,0 +1,174 @@
+// Metadata manipulation in and out of Headers
+
+package swift
+
+import (
+	"fmt"
+	"net/http"
+	"strconv"
+	"strings"
+	"time"
+)
+
+// Metadata stores account, container or object metadata.
+type Metadata map[string]string
+
+// Metadata gets the Metadata starting with the metaPrefix out of the Headers.
+//
+// The keys in the Metadata will be converted to lower case
+func (h Headers) Metadata(metaPrefix string) Metadata {
+	m := Metadata{}
+	metaPrefix = http.CanonicalHeaderKey(metaPrefix)
+	for key, value := range h {
+		if strings.HasPrefix(key, metaPrefix) {
+			metaKey := strings.ToLower(key[len(metaPrefix):])
+			m[metaKey] = value
+		}
+	}
+	return m
+}
+
+// AccountMetadata converts Headers from account to a Metadata.
+//
+// The keys in the Metadata will be converted to lower case.
+func (h Headers) AccountMetadata() Metadata {
+	return h.Metadata("X-Account-Meta-")
+}
+
+// ContainerMetadata converts Headers from container to a Metadata.
+//
+// The keys in the Metadata will be converted to lower case.
+func (h Headers) ContainerMetadata() Metadata {
+	return h.Metadata("X-Container-Meta-")
+}
+
+// ObjectMetadata converts Headers from object to a Metadata.
+//
+// The keys in the Metadata will be converted to lower case.
+func (h Headers) ObjectMetadata() Metadata {
+	return h.Metadata("X-Object-Meta-")
+}
+
+// Headers convert the Metadata starting with the metaPrefix into a
+// Headers.
+//
+// The keys in the Metadata will be converted from lower case to http
+// Canonical (see http.CanonicalHeaderKey).
+func (m Metadata) Headers(metaPrefix string) Headers {
+	h := Headers{}
+	for key, value := range m {
+		key = http.CanonicalHeaderKey(metaPrefix + key)
+		h[key] = value
+	}
+	return h
+}
+
+// AccountHeaders converts the Metadata for the account.
+func (m Metadata) AccountHeaders() Headers {
+	return m.Headers("X-Account-Meta-")
+}
+
+// ContainerHeaders converts the Metadata for the container.
+func (m Metadata) ContainerHeaders() Headers {
+	return m.Headers("X-Container-Meta-")
+}
+
+// ObjectHeaders converts the Metadata for the object.
+func (m Metadata) ObjectHeaders() Headers {
+	return m.Headers("X-Object-Meta-")
+}
+
+// Turns a number of ns into a floating point string in seconds
+//
+// Trims trailing zeros and guaranteed to be perfectly accurate
+func nsToFloatString(ns int64) string {
+	if ns < 0 {
+		return "-" + nsToFloatString(-ns)
+	}
+	result := fmt.Sprintf("%010d", ns)
+	split := len(result) - 9
+	result, decimals := result[:split], result[split:]
+	decimals = strings.TrimRight(decimals, "0")
+	if decimals != "" {
+		result += "."
+		result += decimals
+	}
+	return result
+}
+
+// Turns a floating point string in seconds into a ns integer
+//
+// Guaranteed to be perfectly accurate
+func floatStringToNs(s string) (int64, error) {
+	const zeros = "000000000"
+	if point := strings.IndexRune(s, '.'); point >= 0 {
+		tail := s[point+1:]
+		if fill := 9 - len(tail); fill < 0 {
+			tail = tail[:9]
+		} else {
+			tail += zeros[:fill]
+		}
+		s = s[:point] + tail
+	} else if len(s) > 0 { // Make sure empty string produces an error
+		s += zeros
+	}
+	return strconv.ParseInt(s, 10, 64)
+}
+
+// FloatStringToTime converts a floating point number string to a time.Time
+//
+// The string is floating point number of seconds since the epoch
+// (Unix time).  The number should be in fixed point format (not
+// exponential), eg "1354040105.123456789" which represents the time
+// "2012-11-27T18:15:05.123456789Z"
+//
+// Some care is taken to preserve all the accuracy in the time.Time
+// (which wouldn't happen with a naive conversion through float64) so
+// a round trip conversion won't change the data.
+//
+// If an error is returned then time will be returned as the zero time.
+func FloatStringToTime(s string) (t time.Time, err error) {
+	ns, err := floatStringToNs(s)
+	if err != nil {
+		return
+	}
+	t = time.Unix(0, ns)
+	return
+}
+
+// TimeToFloatString converts a time.Time object to a floating point string
+//
+// The string is floating point number of seconds since the epoch
+// (Unix time).  The number is in fixed point format (not
+// exponential), eg "1354040105.123456789" which represents the time
+// "2012-11-27T18:15:05.123456789Z".  Trailing zeros will be dropped
+// from the output.
+//
+// Some care is taken to preserve all the accuracy in the time.Time
+// (which wouldn't happen with a naive conversion through float64) so
+// a round trip conversion won't change the data.
+func TimeToFloatString(t time.Time) string {
+	return nsToFloatString(t.UnixNano())
+}
+
+// GetModTime reads a modification time (mtime) from a Metadata object
+//
+// This is a defacto standard (used in the official python-swiftclient
+// amongst others) for storing the modification time (as read using
+// os.Stat) for an object.  It is stored using the key 'mtime', which
+// for example when written to an object will be 'X-Object-Meta-Mtime'.
+//
+// If an error is returned then time will be returned as the zero time.
+func (m Metadata) GetModTime() (t time.Time, err error) {
+	return FloatStringToTime(m["mtime"])
+}
+
+// SetModTime writes an modification time (mtime) to a Metadata object
+//
+// This is a defacto standard (used in the official python-swiftclient
+// amongst others) for storing the modification time (as read using
+// os.Stat) for an object.  It is stored using the key 'mtime', which
+// for example when written to an object will be 'X-Object-Meta-Mtime'.
+func (m Metadata) SetModTime(t time.Time) {
+	m["mtime"] = TimeToFloatString(t)
+}
diff --git a/vendor/github.com/ncw/swift/notes.txt b/vendor/github.com/ncw/swift/notes.txt
new file mode 100644
index 000000000..f738552cd
--- /dev/null
+++ b/vendor/github.com/ncw/swift/notes.txt
@@ -0,0 +1,55 @@
+Notes on Go Swift
+=================
+
+Make a builder style interface like the Google Go APIs?  Advantages
+are that it is easy to add named methods to the service object to do
+specific things.  Slightly less efficient.  Not sure about how to
+return extra stuff though - in an object?
+
+Make a container struct so these could be methods on it?
+
+Make noResponse check for 204?
+
+Make storage public so it can be extended easily?
+
+Rename to go-swift to match user agent string?
+
+Reconnect on auth error - 401 when token expires isn't tested
+
+Make more api compatible with python cloudfiles?
+
+Retry operations on timeout / network errors?
+- also 408 error
+- GET requests only?
+
+Make Connection thread safe - whenever it is changed take a write lock whenever it is read from a read lock
+
+Add extra headers field to Connection (for via etc)
+
+Make errors use an error heirachy then can catch them with a type assertion
+
+ Error(...)
+ ObjectCorrupted{ Error }
+
+Make a Debug flag in connection for logging stuff
+
+Object If-Match, If-None-Match, If-Modified-Since, If-Unmodified-Since etc
+
+Object range
+
+Object create, update with X-Delete-At or X-Delete-After
+
+Large object support
+- check uploads are less than 5GB in normal mode?
+
+Access control CORS?
+
+Swift client retries and backs off for all types of errors
+
+Implement net error interface?
+
+type Error interface {
+    error
+    Timeout() bool   // Is the error a timeout?
+    Temporary() bool // Is the error temporary?
+}
diff --git a/vendor/github.com/ncw/swift/slo.go b/vendor/github.com/ncw/swift/slo.go
new file mode 100644
index 000000000..6a10ddfc0
--- /dev/null
+++ b/vendor/github.com/ncw/swift/slo.go
@@ -0,0 +1,171 @@
+package swift
+
+import (
+	"bytes"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"io/ioutil"
+	"net/url"
+	"os"
+)
+
+// StaticLargeObjectCreateFile represents an open static large object
+type StaticLargeObjectCreateFile struct {
+	largeObjectCreateFile
+}
+
+var SLONotSupported = errors.New("SLO not supported")
+
+type swiftSegment struct {
+	Path string `json:"path,omitempty"`
+	Etag string `json:"etag,omitempty"`
+	Size int64  `json:"size_bytes,omitempty"`
+	// When uploading a manifest, the attributes must be named `path`, `etag` and `size_bytes`
+	// but when querying the JSON content of a manifest with the `multipart-manifest=get`
+	// parameter, Swift names those attributes `name`, `hash` and `bytes`.
+	// We use all the different attributes names in this structure to be able to use
+	// the same structure for both uploading and retrieving.
+	Name         string `json:"name,omitempty"`
+	Hash         string `json:"hash,omitempty"`
+	Bytes        int64  `json:"bytes,omitempty"`
+	ContentType  string `json:"content_type,omitempty"`
+	LastModified string `json:"last_modified,omitempty"`
+}
+
+// StaticLargeObjectCreateFile creates a static large object returning
+// an object which satisfies io.Writer, io.Seeker, io.Closer and
+// io.ReaderFrom.  The flags are as passed to the largeObjectCreate
+// method.
+func (c *Connection) StaticLargeObjectCreateFile(opts *LargeObjectOpts) (LargeObjectFile, error) {
+	info, err := c.cachedQueryInfo()
+	if err != nil || !info.SupportsSLO() {
+		return nil, SLONotSupported
+	}
+	realMinChunkSize := info.SLOMinSegmentSize()
+	if realMinChunkSize > opts.MinChunkSize {
+		opts.MinChunkSize = realMinChunkSize
+	}
+	lo, err := c.largeObjectCreate(opts)
+	if err != nil {
+		return nil, err
+	}
+	return withBuffer(opts, &StaticLargeObjectCreateFile{
+		largeObjectCreateFile: *lo,
+	}), nil
+}
+
+// StaticLargeObjectCreate creates or truncates an existing static
+// large object returning a writeable object. This sets opts.Flags to
+// an appropriate value before calling StaticLargeObjectCreateFile
+func (c *Connection) StaticLargeObjectCreate(opts *LargeObjectOpts) (LargeObjectFile, error) {
+	opts.Flags = os.O_TRUNC | os.O_CREATE
+	return c.StaticLargeObjectCreateFile(opts)
+}
+
+// StaticLargeObjectDelete deletes a static large object and all of its segments.
+func (c *Connection) StaticLargeObjectDelete(container string, path string) error {
+	info, err := c.cachedQueryInfo()
+	if err != nil || !info.SupportsSLO() {
+		return SLONotSupported
+	}
+	return c.LargeObjectDelete(container, path)
+}
+
+// StaticLargeObjectMove moves a static large object from srcContainer, srcObjectName to dstContainer, dstObjectName
+func (c *Connection) StaticLargeObjectMove(srcContainer string, srcObjectName string, dstContainer string, dstObjectName string) error {
+	swiftInfo, err := c.cachedQueryInfo()
+	if err != nil || !swiftInfo.SupportsSLO() {
+		return SLONotSupported
+	}
+	info, headers, err := c.Object(srcContainer, srcObjectName)
+	if err != nil {
+		return err
+	}
+
+	container, segments, err := c.getAllSegments(srcContainer, srcObjectName, headers)
+	if err != nil {
+		return err
+	}
+
+	//copy only metadata during move (other headers might not be safe for copying)
+	headers = headers.ObjectMetadata().ObjectHeaders()
+
+	if err := c.createSLOManifest(dstContainer, dstObjectName, info.ContentType, container, segments, headers); err != nil {
+		return err
+	}
+
+	if err := c.ObjectDelete(srcContainer, srcObjectName); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// createSLOManifest creates a static large object manifest
+func (c *Connection) createSLOManifest(container string, path string, contentType string, segmentContainer string, segments []Object, h Headers) error {
+	sloSegments := make([]swiftSegment, len(segments))
+	for i, segment := range segments {
+		sloSegments[i].Path = fmt.Sprintf("%s/%s", segmentContainer, segment.Name)
+		sloSegments[i].Etag = segment.Hash
+		sloSegments[i].Size = segment.Bytes
+	}
+
+	content, err := json.Marshal(sloSegments)
+	if err != nil {
+		return err
+	}
+
+	values := url.Values{}
+	values.Set("multipart-manifest", "put")
+	if _, err := c.objectPut(container, path, bytes.NewBuffer(content), false, "", contentType, h, values); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (file *StaticLargeObjectCreateFile) Close() error {
+	return file.Flush()
+}
+
+func (file *StaticLargeObjectCreateFile) Flush() error {
+	if err := file.conn.createSLOManifest(file.container, file.objectName, file.contentType, file.segmentContainer, file.segments, file.headers); err != nil {
+		return err
+	}
+	return file.conn.waitForSegmentsToShowUp(file.container, file.objectName, file.Size())
+}
+
+func (c *Connection) getAllSLOSegments(container, path string) (string, []Object, error) {
+	var (
+		segmentList      []swiftSegment
+		segments         []Object
+		segPath          string
+		segmentContainer string
+	)
+
+	values := url.Values{}
+	values.Set("multipart-manifest", "get")
+
+	file, _, err := c.objectOpen(container, path, true, nil, values)
+	if err != nil {
+		return "", nil, err
+	}
+
+	content, err := ioutil.ReadAll(file)
+	if err != nil {
+		return "", nil, err
+	}
+
+	json.Unmarshal(content, &segmentList)
+	for _, segment := range segmentList {
+		segmentContainer, segPath = parseFullPath(segment.Name[1:])
+		segments = append(segments, Object{
+			Name:  segPath,
+			Bytes: segment.Bytes,
+			Hash:  segment.Hash,
+		})
+	}
+
+	return segmentContainer, segments, nil
+}
diff --git a/vendor/github.com/ncw/swift/swift.go b/vendor/github.com/ncw/swift/swift.go
new file mode 100644
index 000000000..72ede2493
--- /dev/null
+++ b/vendor/github.com/ncw/swift/swift.go
@@ -0,0 +1,2243 @@
+package swift
+
+import (
+	"bufio"
+	"bytes"
+	"crypto/hmac"
+	"crypto/md5"
+	"crypto/sha1"
+	"encoding/hex"
+	"encoding/json"
+	"fmt"
+	"hash"
+	"io"
+	"io/ioutil"
+	"mime"
+	"net/http"
+	"net/url"
+	"os"
+	"path"
+	"strconv"
+	"strings"
+	"sync"
+	"time"
+)
+
+const (
+	DefaultUserAgent    = "goswift/1.0"         // Default user agent
+	DefaultRetries      = 3                     // Default number of retries on token expiry
+	TimeFormat          = "2006-01-02T15:04:05" // Python date format for json replies parsed as UTC
+	UploadTar           = "tar"                 // Data format specifier for Connection.BulkUpload().
+	UploadTarGzip       = "tar.gz"              // Data format specifier for Connection.BulkUpload().
+	UploadTarBzip2      = "tar.bz2"             // Data format specifier for Connection.BulkUpload().
+	allContainersLimit  = 10000                 // Number of containers to fetch at once
+	allObjectsLimit     = 10000                 // Number objects to fetch at once
+	allObjectsChanLimit = 1000                  // ...when fetching to a channel
+)
+
+// ObjectType is the type of the swift object, regular, static large,
+// or dynamic large.
+type ObjectType int
+
+// Values that ObjectType can take
+const (
+	RegularObjectType ObjectType = iota
+	StaticLargeObjectType
+	DynamicLargeObjectType
+)
+
+// Connection holds the details of the connection to the swift server.
+//
+// You need to provide UserName, ApiKey and AuthUrl when you create a
+// connection then call Authenticate on it.
+//
+// The auth version in use will be detected from the AuthURL - you can
+// override this with the AuthVersion parameter.
+//
+// If using v2 auth you can also set Region in the Connection
+// structure.  If you don't set Region you will get the default region
+// which may not be what you want.
+//
+// For reference some common AuthUrls looks like this:
+//
+//  Rackspace US        https://auth.api.rackspacecloud.com/v1.0
+//  Rackspace UK        https://lon.auth.api.rackspacecloud.com/v1.0
+//  Rackspace v2        https://identity.api.rackspacecloud.com/v2.0
+//  Memset Memstore UK  https://auth.storage.memset.com/v1.0
+//  Memstore v2         https://auth.storage.memset.com/v2.0
+//
+// When using Google Appengine you must provide the Connection with an
+// appengine-specific Transport:
+//
+//	import (
+//		"appengine/urlfetch"
+//		"fmt"
+//		"github.com/ncw/swift"
+//	)
+//
+//	func handler(w http.ResponseWriter, r *http.Request) {
+//		ctx := appengine.NewContext(r)
+//		tr := urlfetch.Transport{Context: ctx}
+//		c := swift.Connection{
+//			UserName:  "user",
+//			ApiKey:    "key",
+//			AuthUrl:   "auth_url",
+//			Transport: tr,
+//		}
+//		_ := c.Authenticate()
+//		containers, _ := c.ContainerNames(nil)
+//		fmt.Fprintf(w, "containers: %q", containers)
+//	}
+//
+// If you don't supply a Transport, one is made which relies on
+// http.ProxyFromEnvironment (http://golang.org/pkg/net/http/#ProxyFromEnvironment).
+// This means that the connection will respect the HTTP proxy specified by the
+// environment variables $HTTP_PROXY and $NO_PROXY.
+type Connection struct {
+	// Parameters - fill these in before calling Authenticate
+	// They are all optional except UserName, ApiKey and AuthUrl
+	Domain                      string            // User's domain name
+	DomainId                    string            // User's domain Id
+	UserName                    string            // UserName for api
+	UserId                      string            // User Id
+	ApiKey                      string            // Key for api access
+	ApplicationCredentialId     string            // Application Credential ID
+	ApplicationCredentialName   string            // Application Credential Name
+	ApplicationCredentialSecret string            // Application Credential Secret
+	AuthUrl                     string            // Auth URL
+	Retries                     int               // Retries on error (default is 3)
+	UserAgent                   string            // Http User agent (default goswift/1.0)
+	ConnectTimeout              time.Duration     // Connect channel timeout (default 10s)
+	Timeout                     time.Duration     // Data channel timeout (default 60s)
+	Region                      string            // Region to use eg "LON", "ORD" - default is use first region (v2,v3 auth only)
+	AuthVersion                 int               // Set to 1, 2 or 3 or leave at 0 for autodetect
+	Internal                    bool              // Set this to true to use the the internal / service network
+	Tenant                      string            // Name of the tenant (v2,v3 auth only)
+	TenantId                    string            // Id of the tenant (v2,v3 auth only)
+	EndpointType                EndpointType      // Endpoint type (v2,v3 auth only) (default is public URL unless Internal is set)
+	TenantDomain                string            // Name of the tenant's domain (v3 auth only), only needed if it differs from the user domain
+	TenantDomainId              string            // Id of the tenant's domain (v3 auth only), only needed if it differs the from user domain
+	TrustId                     string            // Id of the trust (v3 auth only)
+	Transport                   http.RoundTripper `json:"-" xml:"-"` // Optional specialised http.Transport (eg. for Google Appengine)
+	// These are filled in after Authenticate is called as are the defaults for above
+	StorageUrl string
+	AuthToken  string
+	Expires    time.Time // time the token expires, may be Zero if unknown
+	client     *http.Client
+	Auth       Authenticator `json:"-" xml:"-"` // the current authenticator
+	authLock   sync.Mutex    // lock when R/W StorageUrl, AuthToken, Auth
+	// swiftInfo is filled after QueryInfo is called
+	swiftInfo SwiftInfo
+}
+
+// setFromEnv reads the value that param points to (it must be a
+// pointer), if it isn't the zero value then it reads the environment
+// variable name passed in, parses it according to the type and writes
+// it to the pointer.
+func setFromEnv(param interface{}, name string) (err error) {
+	val := os.Getenv(name)
+	if val == "" {
+		return
+	}
+	switch result := param.(type) {
+	case *string:
+		if *result == "" {
+			*result = val
+		}
+	case *int:
+		if *result == 0 {
+			*result, err = strconv.Atoi(val)
+		}
+	case *bool:
+		if *result == false {
+			*result, err = strconv.ParseBool(val)
+		}
+	case *time.Duration:
+		if *result == 0 {
+			*result, err = time.ParseDuration(val)
+		}
+	case *EndpointType:
+		if *result == EndpointType("") {
+			*result = EndpointType(val)
+		}
+	default:
+		return newErrorf(0, "can't set var of type %T", param)
+	}
+	return err
+}
+
+// ApplyEnvironment reads environment variables and applies them to
+// the Connection structure.  It won't overwrite any parameters which
+// are already set in the Connection struct.
+//
+// To make a new Connection object entirely from the environment you
+// would do:
+//
+//    c := new(Connection)
+//    err := c.ApplyEnvironment()
+//    if err != nil { log.Fatal(err) }
+//
+// The naming of these variables follows the official Openstack naming
+// scheme so it should be compatible with OpenStack rc files.
+//
+// For v1 authentication (obsolete)
+//     ST_AUTH - Auth URL
+//     ST_USER - UserName for api
+//     ST_KEY - Key for api access
+//
+// For v2 authentication
+//     OS_AUTH_URL - Auth URL
+//     OS_USERNAME - UserName for api
+//     OS_PASSWORD - Key for api access
+//     OS_TENANT_NAME - Name of the tenant
+//     OS_TENANT_ID   - Id of the tenant
+//     OS_REGION_NAME - Region to use - default is use first region
+//
+// For v3 authentication
+//     OS_AUTH_URL - Auth URL
+//     OS_USERNAME - UserName for api
+//     OS_USER_ID - User Id
+//     OS_PASSWORD - Key for api access
+//     OS_APPLICATION_CREDENTIAL_ID - Application Credential ID
+//     OS_APPLICATION_CREDENTIAL_NAME - Application Credential Name
+//     OS_APPLICATION_CREDENTIAL_SECRET - Application Credential Secret
+//     OS_USER_DOMAIN_NAME - User's domain name
+//     OS_USER_DOMAIN_ID - User's domain Id
+//     OS_PROJECT_NAME - Name of the project
+//     OS_PROJECT_DOMAIN_NAME - Name of the tenant's domain, only needed if it differs from the user domain
+//     OS_PROJECT_DOMAIN_ID - Id of the tenant's domain, only needed if it differs the from user domain
+//     OS_TRUST_ID - If of the trust
+//     OS_REGION_NAME - Region to use - default is use first region
+//
+// Other
+//     OS_ENDPOINT_TYPE - Endpoint type public, internal or admin
+//     ST_AUTH_VERSION - Choose auth version - 1, 2 or 3 or leave at 0 for autodetect
+//
+// For manual authentication
+//     OS_STORAGE_URL - storage URL from alternate authentication
+//     OS_AUTH_TOKEN - Auth Token from alternate authentication
+//
+// Library specific
+//     GOSWIFT_RETRIES - Retries on error (default is 3)
+//     GOSWIFT_USER_AGENT - HTTP User agent (default goswift/1.0)
+//     GOSWIFT_CONNECT_TIMEOUT - Connect channel timeout with unit, eg "10s", "100ms" (default "10s")
+//     GOSWIFT_TIMEOUT - Data channel timeout with unit, eg "10s", "100ms" (default "60s")
+//     GOSWIFT_INTERNAL - Set this to "true" to use the the internal network (obsolete - use OS_ENDPOINT_TYPE)
+func (c *Connection) ApplyEnvironment() (err error) {
+	for _, item := range []struct {
+		result interface{}
+		name   string
+	}{
+		// Environment variables - keep in same order as Connection
+		{&c.Domain, "OS_USER_DOMAIN_NAME"},
+		{&c.DomainId, "OS_USER_DOMAIN_ID"},
+		{&c.UserName, "OS_USERNAME"},
+		{&c.UserId, "OS_USER_ID"},
+		{&c.ApiKey, "OS_PASSWORD"},
+		{&c.ApplicationCredentialId, "OS_APPLICATION_CREDENTIAL_ID"},
+		{&c.ApplicationCredentialName, "OS_APPLICATION_CREDENTIAL_NAME"},
+		{&c.ApplicationCredentialSecret, "OS_APPLICATION_CREDENTIAL_SECRET"},
+		{&c.AuthUrl, "OS_AUTH_URL"},
+		{&c.Retries, "GOSWIFT_RETRIES"},
+		{&c.UserAgent, "GOSWIFT_USER_AGENT"},
+		{&c.ConnectTimeout, "GOSWIFT_CONNECT_TIMEOUT"},
+		{&c.Timeout, "GOSWIFT_TIMEOUT"},
+		{&c.Region, "OS_REGION_NAME"},
+		{&c.AuthVersion, "ST_AUTH_VERSION"},
+		{&c.Internal, "GOSWIFT_INTERNAL"},
+		{&c.Tenant, "OS_TENANT_NAME"},  //v2
+		{&c.Tenant, "OS_PROJECT_NAME"}, // v3
+		{&c.TenantId, "OS_TENANT_ID"},
+		{&c.EndpointType, "OS_ENDPOINT_TYPE"},
+		{&c.TenantDomain, "OS_PROJECT_DOMAIN_NAME"},
+		{&c.TenantDomainId, "OS_PROJECT_DOMAIN_ID"},
+		{&c.TrustId, "OS_TRUST_ID"},
+		{&c.StorageUrl, "OS_STORAGE_URL"},
+		{&c.AuthToken, "OS_AUTH_TOKEN"},
+		// v1 auth alternatives
+		{&c.ApiKey, "ST_KEY"},
+		{&c.UserName, "ST_USER"},
+		{&c.AuthUrl, "ST_AUTH"},
+	} {
+		err = setFromEnv(item.result, item.name)
+		if err != nil {
+			return newErrorf(0, "failed to read env var %q: %v", item.name, err)
+		}
+	}
+	return nil
+}
+
+// Error - all errors generated by this package are of this type.  Other error
+// may be passed on from library functions though.
+type Error struct {
+	StatusCode int // HTTP status code if relevant or 0 if not
+	Text       string
+}
+
+// Error satisfy the error interface.
+func (e *Error) Error() string {
+	return e.Text
+}
+
+// newError make a new error from a string.
+func newError(StatusCode int, Text string) *Error {
+	return &Error{
+		StatusCode: StatusCode,
+		Text:       Text,
+	}
+}
+
+// newErrorf makes a new error from sprintf parameters.
+func newErrorf(StatusCode int, Text string, Parameters ...interface{}) *Error {
+	return newError(StatusCode, fmt.Sprintf(Text, Parameters...))
+}
+
+// errorMap defines http error codes to error mappings.
+type errorMap map[int]error
+
+var (
+	// Specific Errors you might want to check for equality
+	NotModified         = newError(304, "Not Modified")
+	BadRequest          = newError(400, "Bad Request")
+	AuthorizationFailed = newError(401, "Authorization Failed")
+	ContainerNotFound   = newError(404, "Container Not Found")
+	ContainerNotEmpty   = newError(409, "Container Not Empty")
+	ObjectNotFound      = newError(404, "Object Not Found")
+	ObjectCorrupted     = newError(422, "Object Corrupted")
+	TimeoutError        = newError(408, "Timeout when reading or writing data")
+	Forbidden           = newError(403, "Operation forbidden")
+	TooLargeObject      = newError(413, "Too Large Object")
+	RateLimit           = newError(498, "Rate Limit")
+	TooManyRequests     = newError(429, "TooManyRequests")
+
+	// Mappings for authentication errors
+	authErrorMap = errorMap{
+		400: BadRequest,
+		401: AuthorizationFailed,
+		403: Forbidden,
+	}
+
+	// Mappings for container errors
+	ContainerErrorMap = errorMap{
+		400: BadRequest,
+		403: Forbidden,
+		404: ContainerNotFound,
+		409: ContainerNotEmpty,
+		498: RateLimit,
+	}
+
+	// Mappings for object errors
+	objectErrorMap = errorMap{
+		304: NotModified,
+		400: BadRequest,
+		403: Forbidden,
+		404: ObjectNotFound,
+		413: TooLargeObject,
+		422: ObjectCorrupted,
+		429: TooManyRequests,
+		498: RateLimit,
+	}
+)
+
+// checkClose is used to check the return from Close in a defer
+// statement.
+func checkClose(c io.Closer, err *error) {
+	cerr := c.Close()
+	if *err == nil {
+		*err = cerr
+	}
+}
+
+// drainAndClose discards all data from rd and closes it.
+// If an error occurs during Read, it is discarded.
+func drainAndClose(rd io.ReadCloser, err *error) {
+	if rd == nil {
+		return
+	}
+
+	_, _ = io.Copy(ioutil.Discard, rd)
+	cerr := rd.Close()
+	if err != nil && *err == nil {
+		*err = cerr
+	}
+}
+
+// parseHeaders checks a response for errors and translates into
+// standard errors if necessary. If an error is returned, resp.Body
+// has been drained and closed.
+func (c *Connection) parseHeaders(resp *http.Response, errorMap errorMap) error {
+	if errorMap != nil {
+		if err, ok := errorMap[resp.StatusCode]; ok {
+			drainAndClose(resp.Body, nil)
+			return err
+		}
+	}
+	if resp.StatusCode < 200 || resp.StatusCode > 299 {
+		drainAndClose(resp.Body, nil)
+		return newErrorf(resp.StatusCode, "HTTP Error: %d: %s", resp.StatusCode, resp.Status)
+	}
+	return nil
+}
+
+// readHeaders returns a Headers object from the http.Response.
+//
+// If it receives multiple values for a key (which should never
+// happen) it will use the first one
+func readHeaders(resp *http.Response) Headers {
+	headers := Headers{}
+	for key, values := range resp.Header {
+		headers[key] = values[0]
+	}
+	return headers
+}
+
+// Headers stores HTTP headers (can only have one of each header like Swift).
+type Headers map[string]string
+
+// Does an http request using the running timer passed in
+func (c *Connection) doTimeoutRequest(timer *time.Timer, req *http.Request) (*http.Response, error) {
+	// Do the request in the background so we can check the timeout
+	type result struct {
+		resp *http.Response
+		err  error
+	}
+	done := make(chan result, 1)
+	go func() {
+		resp, err := c.client.Do(req)
+		done <- result{resp, err}
+	}()
+	// Wait for the read or the timeout
+	select {
+	case r := <-done:
+		return r.resp, r.err
+	case <-timer.C:
+		// Kill the connection on timeout so we don't leak sockets or goroutines
+		cancelRequest(c.Transport, req)
+		return nil, TimeoutError
+	}
+	panic("unreachable") // For Go 1.0
+}
+
+// Set defaults for any unset values
+//
+// Call with authLock held
+func (c *Connection) setDefaults() {
+	if c.UserAgent == "" {
+		c.UserAgent = DefaultUserAgent
+	}
+	if c.Retries == 0 {
+		c.Retries = DefaultRetries
+	}
+	if c.ConnectTimeout == 0 {
+		c.ConnectTimeout = 10 * time.Second
+	}
+	if c.Timeout == 0 {
+		c.Timeout = 60 * time.Second
+	}
+	if c.Transport == nil {
+		t := &http.Transport{
+			//		TLSClientConfig:    &tls.Config{RootCAs: pool},
+			//		DisableCompression: true,
+			Proxy: http.ProxyFromEnvironment,
+			// Half of linux's default open files limit (1024).
+			MaxIdleConnsPerHost: 512,
+		}
+		SetExpectContinueTimeout(t, 5*time.Second)
+		c.Transport = t
+	}
+	if c.client == nil {
+		c.client = &http.Client{
+			//		CheckRedirect: redirectPolicyFunc,
+			Transport: c.Transport,
+		}
+	}
+}
+
+// Authenticate connects to the Swift server.
+//
+// If you don't call it before calling one of the connection methods
+// then it will be called for you on the first access.
+func (c *Connection) Authenticate() (err error) {
+	c.authLock.Lock()
+	defer c.authLock.Unlock()
+	return c.authenticate()
+}
+
+// Internal implementation of Authenticate
+//
+// Call with authLock held
+func (c *Connection) authenticate() (err error) {
+	c.setDefaults()
+
+	// Flush the keepalives connection - if we are
+	// re-authenticating then stuff has gone wrong
+	flushKeepaliveConnections(c.Transport)
+
+	if c.Auth == nil {
+		c.Auth, err = newAuth(c)
+		if err != nil {
+			return
+		}
+	}
+
+	retries := 1
+again:
+	var req *http.Request
+	req, err = c.Auth.Request(c)
+	if err != nil {
+		return
+	}
+	if req != nil {
+		timer := time.NewTimer(c.ConnectTimeout)
+		defer timer.Stop()
+		var resp *http.Response
+		resp, err = c.doTimeoutRequest(timer, req)
+		if err != nil {
+			return
+		}
+		defer func() {
+			drainAndClose(resp.Body, &err)
+			// Flush the auth connection - we don't want to keep
+			// it open if keepalives were enabled
+			flushKeepaliveConnections(c.Transport)
+		}()
+		if err = c.parseHeaders(resp, authErrorMap); err != nil {
+			// Try again for a limited number of times on
+			// AuthorizationFailed or BadRequest. This allows us
+			// to try some alternate forms of the request
+			if (err == AuthorizationFailed || err == BadRequest) && retries > 0 {
+				retries--
+				goto again
+			}
+			return
+		}
+		err = c.Auth.Response(resp)
+		if err != nil {
+			return
+		}
+	}
+	if customAuth, isCustom := c.Auth.(CustomEndpointAuthenticator); isCustom && c.EndpointType != "" {
+		c.StorageUrl = customAuth.StorageUrlForEndpoint(c.EndpointType)
+	} else {
+		c.StorageUrl = c.Auth.StorageUrl(c.Internal)
+	}
+	c.AuthToken = c.Auth.Token()
+	if do, ok := c.Auth.(Expireser); ok {
+		c.Expires = do.Expires()
+	} else {
+		c.Expires = time.Time{}
+	}
+
+	if !c.authenticated() {
+		err = newError(0, "Response didn't have storage url and auth token")
+		return
+	}
+	return
+}
+
+// Get an authToken and url
+//
+// The Url may be updated if it needed to authenticate using the OnReAuth function
+func (c *Connection) getUrlAndAuthToken(targetUrlIn string, OnReAuth func() (string, error)) (targetUrlOut, authToken string, err error) {
+	c.authLock.Lock()
+	defer c.authLock.Unlock()
+	targetUrlOut = targetUrlIn
+	if !c.authenticated() {
+		err = c.authenticate()
+		if err != nil {
+			return
+		}
+		if OnReAuth != nil {
+			targetUrlOut, err = OnReAuth()
+			if err != nil {
+				return
+			}
+		}
+	}
+	authToken = c.AuthToken
+	return
+}
+
+// flushKeepaliveConnections is called to flush pending requests after an error.
+func flushKeepaliveConnections(transport http.RoundTripper) {
+	if tr, ok := transport.(interface {
+		CloseIdleConnections()
+	}); ok {
+		tr.CloseIdleConnections()
+	}
+}
+
+// UnAuthenticate removes the authentication from the Connection.
+func (c *Connection) UnAuthenticate() {
+	c.authLock.Lock()
+	c.StorageUrl = ""
+	c.AuthToken = ""
+	c.authLock.Unlock()
+}
+
+// Authenticated returns a boolean to show if the current connection
+// is authenticated.
+//
+// Doesn't actually check the credentials against the server.
+func (c *Connection) Authenticated() bool {
+	c.authLock.Lock()
+	defer c.authLock.Unlock()
+	return c.authenticated()
+}
+
+// Internal version of Authenticated()
+//
+// Call with authLock held
+func (c *Connection) authenticated() bool {
+	if c.StorageUrl == "" || c.AuthToken == "" {
+		return false
+	}
+	if c.Expires.IsZero() {
+		return true
+	}
+	timeUntilExpiry := c.Expires.Sub(time.Now())
+	return timeUntilExpiry >= 60*time.Second
+}
+
+// SwiftInfo contains the JSON object returned by Swift when the /info
+// route is queried. The object contains, among others, the Swift version,
+// the enabled middlewares and their configuration
+type SwiftInfo map[string]interface{}
+
+func (i SwiftInfo) SupportsBulkDelete() bool {
+	_, val := i["bulk_delete"]
+	return val
+}
+
+func (i SwiftInfo) SupportsSLO() bool {
+	_, val := i["slo"]
+	return val
+}
+
+func (i SwiftInfo) SLOMinSegmentSize() int64 {
+	if slo, ok := i["slo"].(map[string]interface{}); ok {
+		val, _ := slo["min_segment_size"].(float64)
+		return int64(val)
+	}
+	return 1
+}
+
+// Discover Swift configuration by doing a request against /info
+func (c *Connection) QueryInfo() (infos SwiftInfo, err error) {
+	infoUrl, err := url.Parse(c.StorageUrl)
+	if err != nil {
+		return nil, err
+	}
+	infoUrl.Path = path.Join(infoUrl.Path, "..", "..", "info")
+	resp, err := c.client.Get(infoUrl.String())
+	if err == nil {
+		if resp.StatusCode != http.StatusOK {
+			drainAndClose(resp.Body, nil)
+			return nil, fmt.Errorf("Invalid status code for info request: %d", resp.StatusCode)
+		}
+		err = readJson(resp, &infos)
+		if err == nil {
+			c.authLock.Lock()
+			c.swiftInfo = infos
+			c.authLock.Unlock()
+		}
+		return infos, err
+	}
+	return nil, err
+}
+
+func (c *Connection) cachedQueryInfo() (infos SwiftInfo, err error) {
+	c.authLock.Lock()
+	infos = c.swiftInfo
+	c.authLock.Unlock()
+	if infos == nil {
+		infos, err = c.QueryInfo()
+		if err != nil {
+			return
+		}
+	}
+	return infos, nil
+}
+
+// RequestOpts contains parameters for Connection.storage.
+type RequestOpts struct {
+	Container  string
+	ObjectName string
+	Operation  string
+	Parameters url.Values
+	Headers    Headers
+	ErrorMap   errorMap
+	NoResponse bool
+	Body       io.Reader
+	Retries    int
+	// if set this is called on re-authentication to refresh the targetUrl
+	OnReAuth func() (string, error)
+}
+
+// Call runs a remote command on the targetUrl, returns a
+// response, headers and possible error.
+//
+// operation is GET, HEAD etc
+// container is the name of a container
+// Any other parameters (if not None) are added to the targetUrl
+//
+// Returns a response or an error.  If response is returned then
+// the resp.Body must be read completely and
+// resp.Body.Close() must be called on it, unless noResponse is set in
+// which case the body will be closed in this function
+//
+// If "Content-Length" is set in p.Headers it will be used - this can
+// be used to override the default chunked transfer encoding for
+// uploads.
+//
+// This will Authenticate if necessary, and re-authenticate if it
+// receives a 401 error which means the token has expired
+//
+// This method is exported so extensions can call it.
+func (c *Connection) Call(targetUrl string, p RequestOpts) (resp *http.Response, headers Headers, err error) {
+	c.authLock.Lock()
+	c.setDefaults()
+	c.authLock.Unlock()
+	retries := p.Retries
+	if retries == 0 {
+		retries = c.Retries
+	}
+	var req *http.Request
+	for {
+		var authToken string
+		if targetUrl, authToken, err = c.getUrlAndAuthToken(targetUrl, p.OnReAuth); err != nil {
+			return //authentication failure
+		}
+		var URL *url.URL
+		URL, err = url.Parse(targetUrl)
+		if err != nil {
+			return
+		}
+		if p.Container != "" {
+			URL.Path += "/" + p.Container
+			if p.ObjectName != "" {
+				URL.Path += "/" + p.ObjectName
+			}
+		}
+		if p.Parameters != nil {
+			URL.RawQuery = p.Parameters.Encode()
+		}
+		timer := time.NewTimer(c.ConnectTimeout)
+		defer timer.Stop()
+		reader := p.Body
+		if reader != nil {
+			reader = newWatchdogReader(reader, c.Timeout, timer)
+		}
+		req, err = http.NewRequest(p.Operation, URL.String(), reader)
+		if err != nil {
+			return
+		}
+		if p.Headers != nil {
+			for k, v := range p.Headers {
+				// Set ContentLength in req if the user passed it in in the headers
+				if k == "Content-Length" {
+					req.ContentLength, err = strconv.ParseInt(v, 10, 64)
+					if err != nil {
+						err = fmt.Errorf("Invalid %q header %q: %v", k, v, err)
+						return
+					}
+				} else {
+					req.Header.Add(k, v)
+				}
+			}
+		}
+		req.Header.Add("User-Agent", c.UserAgent)
+		req.Header.Add("X-Auth-Token", authToken)
+
+		_, hasCL := p.Headers["Content-Length"]
+		AddExpectAndTransferEncoding(req, hasCL)
+
+		resp, err = c.doTimeoutRequest(timer, req)
+		if err != nil {
+			if (p.Operation == "HEAD" || p.Operation == "GET") && retries > 0 {
+				retries--
+				continue
+			}
+			return
+		}
+		// Check to see if token has expired
+		if resp.StatusCode == 401 && retries > 0 {
+			drainAndClose(resp.Body, nil)
+			c.UnAuthenticate()
+			retries--
+		} else {
+			break
+		}
+	}
+
+	headers = readHeaders(resp)
+	if err = c.parseHeaders(resp, p.ErrorMap); err != nil {
+		return
+	}
+	if p.NoResponse {
+		drainAndClose(resp.Body, &err)
+		if err != nil {
+			return
+		}
+	} else {
+		// Cancel the request on timeout
+		cancel := func() {
+			cancelRequest(c.Transport, req)
+		}
+		// Wrap resp.Body to make it obey an idle timeout
+		resp.Body = newTimeoutReader(resp.Body, c.Timeout, cancel)
+	}
+	return
+}
+
+// storage runs a remote command on a the storage url, returns a
+// response, headers and possible error.
+//
+// operation is GET, HEAD etc
+// container is the name of a container
+// Any other parameters (if not None) are added to the storage url
+//
+// Returns a response or an error.  If response is returned then
+// resp.Body.Close() must be called on it, unless noResponse is set in
+// which case the body will be closed in this function
+//
+// This will Authenticate if necessary, and re-authenticate if it
+// receives a 401 error which means the token has expired
+func (c *Connection) storage(p RequestOpts) (resp *http.Response, headers Headers, err error) {
+	p.OnReAuth = func() (string, error) {
+		return c.StorageUrl, nil
+	}
+	c.authLock.Lock()
+	url := c.StorageUrl
+	c.authLock.Unlock()
+	return c.Call(url, p)
+}
+
+// readLines reads the response into an array of strings.
+//
+// Closes the response when done
+func readLines(resp *http.Response) (lines []string, err error) {
+	defer drainAndClose(resp.Body, &err)
+	reader := bufio.NewReader(resp.Body)
+	buffer := bytes.NewBuffer(make([]byte, 0, 128))
+	var part []byte
+	var prefix bool
+	for {
+		if part, prefix, err = reader.ReadLine(); err != nil {
+			break
+		}
+		buffer.Write(part)
+		if !prefix {
+			lines = append(lines, buffer.String())
+			buffer.Reset()
+		}
+	}
+	if err == io.EOF {
+		err = nil
+	}
+	return
+}
+
+// readJson reads the response into the json type passed in
+//
+// Closes the response when done
+func readJson(resp *http.Response, result interface{}) (err error) {
+	defer drainAndClose(resp.Body, &err)
+	decoder := json.NewDecoder(resp.Body)
+	return decoder.Decode(result)
+}
+
+/* ------------------------------------------------------------ */
+
+// ContainersOpts is options for Containers() and ContainerNames()
+type ContainersOpts struct {
+	Limit     int     // For an integer value n, limits the number of results to at most n values.
+	Prefix    string  // Given a string value x, return container names matching the specified prefix.
+	Marker    string  // Given a string value x, return container names greater in value than the specified marker.
+	EndMarker string  // Given a string value x, return container names less in value than the specified marker.
+	Headers   Headers // Any additional HTTP headers - can be nil
+}
+
+// parse the ContainerOpts
+func (opts *ContainersOpts) parse() (url.Values, Headers) {
+	v := url.Values{}
+	var h Headers
+	if opts != nil {
+		if opts.Limit > 0 {
+			v.Set("limit", strconv.Itoa(opts.Limit))
+		}
+		if opts.Prefix != "" {
+			v.Set("prefix", opts.Prefix)
+		}
+		if opts.Marker != "" {
+			v.Set("marker", opts.Marker)
+		}
+		if opts.EndMarker != "" {
+			v.Set("end_marker", opts.EndMarker)
+		}
+		h = opts.Headers
+	}
+	return v, h
+}
+
+// ContainerNames returns a slice of names of containers in this account.
+func (c *Connection) ContainerNames(opts *ContainersOpts) ([]string, error) {
+	v, h := opts.parse()
+	resp, _, err := c.storage(RequestOpts{
+		Operation:  "GET",
+		Parameters: v,
+		ErrorMap:   ContainerErrorMap,
+		Headers:    h,
+	})
+	if err != nil {
+		return nil, err
+	}
+	lines, err := readLines(resp)
+	return lines, err
+}
+
+// Container contains information about a container
+type Container struct {
+	Name  string // Name of the container
+	Count int64  // Number of objects in the container
+	Bytes int64  // Total number of bytes used in the container
+}
+
+// Containers returns a slice of structures with full information as
+// described in Container.
+func (c *Connection) Containers(opts *ContainersOpts) ([]Container, error) {
+	v, h := opts.parse()
+	v.Set("format", "json")
+	resp, _, err := c.storage(RequestOpts{
+		Operation:  "GET",
+		Parameters: v,
+		ErrorMap:   ContainerErrorMap,
+		Headers:    h,
+	})
+	if err != nil {
+		return nil, err
+	}
+	var containers []Container
+	err = readJson(resp, &containers)
+	return containers, err
+}
+
+// containersAllOpts makes a copy of opts if set or makes a new one and
+// overrides Limit and Marker
+func containersAllOpts(opts *ContainersOpts) *ContainersOpts {
+	var newOpts ContainersOpts
+	if opts != nil {
+		newOpts = *opts
+	}
+	if newOpts.Limit == 0 {
+		newOpts.Limit = allContainersLimit
+	}
+	newOpts.Marker = ""
+	return &newOpts
+}
+
+// ContainersAll is like Containers but it returns all the Containers
+//
+// It calls Containers multiple times using the Marker parameter
+//
+// It has a default Limit parameter but you may pass in your own
+func (c *Connection) ContainersAll(opts *ContainersOpts) ([]Container, error) {
+	opts = containersAllOpts(opts)
+	containers := make([]Container, 0)
+	for {
+		newContainers, err := c.Containers(opts)
+		if err != nil {
+			return nil, err
+		}
+		containers = append(containers, newContainers...)
+		if len(newContainers) < opts.Limit {
+			break
+		}
+		opts.Marker = newContainers[len(newContainers)-1].Name
+	}
+	return containers, nil
+}
+
+// ContainerNamesAll is like ContainerNamess but it returns all the Containers
+//
+// It calls ContainerNames multiple times using the Marker parameter
+//
+// It has a default Limit parameter but you may pass in your own
+func (c *Connection) ContainerNamesAll(opts *ContainersOpts) ([]string, error) {
+	opts = containersAllOpts(opts)
+	containers := make([]string, 0)
+	for {
+		newContainers, err := c.ContainerNames(opts)
+		if err != nil {
+			return nil, err
+		}
+		containers = append(containers, newContainers...)
+		if len(newContainers) < opts.Limit {
+			break
+		}
+		opts.Marker = newContainers[len(newContainers)-1]
+	}
+	return containers, nil
+}
+
+/* ------------------------------------------------------------ */
+
+// ObjectOpts is options for Objects() and ObjectNames()
+type ObjectsOpts struct {
+	Limit     int     // For an integer value n, limits the number of results to at most n values.
+	Marker    string  // Given a string value x, return object names greater in value than the  specified marker.
+	EndMarker string  // Given a string value x, return object names less in value than the specified marker
+	Prefix    string  // For a string value x, causes the results to be limited to object names beginning with the substring x.
+	Path      string  // For a string value x, return the object names nested in the pseudo path
+	Delimiter rune    // For a character c, return all the object names nested in the container
+	Headers   Headers // Any additional HTTP headers - can be nil
+}
+
+// parse reads values out of ObjectsOpts
+func (opts *ObjectsOpts) parse() (url.Values, Headers) {
+	v := url.Values{}
+	var h Headers
+	if opts != nil {
+		if opts.Limit > 0 {
+			v.Set("limit", strconv.Itoa(opts.Limit))
+		}
+		if opts.Marker != "" {
+			v.Set("marker", opts.Marker)
+		}
+		if opts.EndMarker != "" {
+			v.Set("end_marker", opts.EndMarker)
+		}
+		if opts.Prefix != "" {
+			v.Set("prefix", opts.Prefix)
+		}
+		if opts.Path != "" {
+			v.Set("path", opts.Path)
+		}
+		if opts.Delimiter != 0 {
+			v.Set("delimiter", string(opts.Delimiter))
+		}
+		h = opts.Headers
+	}
+	return v, h
+}
+
+// ObjectNames returns a slice of names of objects in a given container.
+func (c *Connection) ObjectNames(container string, opts *ObjectsOpts) ([]string, error) {
+	v, h := opts.parse()
+	resp, _, err := c.storage(RequestOpts{
+		Container:  container,
+		Operation:  "GET",
+		Parameters: v,
+		ErrorMap:   ContainerErrorMap,
+		Headers:    h,
+	})
+	if err != nil {
+		return nil, err
+	}
+	return readLines(resp)
+}
+
+// Object contains information about an object
+type Object struct {
+	Name               string     `json:"name"`          // object name
+	ContentType        string     `json:"content_type"`  // eg application/directory
+	Bytes              int64      `json:"bytes"`         // size in bytes
+	ServerLastModified string     `json:"last_modified"` // Last modified time, eg '2011-06-30T08:20:47.736680' as a string supplied by the server
+	LastModified       time.Time  // Last modified time converted to a time.Time
+	Hash               string     `json:"hash"`     // MD5 hash, eg "d41d8cd98f00b204e9800998ecf8427e"
+	SLOHash            string     `json:"slo_etag"` // MD5 hash of all segments' MD5 hash, eg "d41d8cd98f00b204e9800998ecf8427e"
+	PseudoDirectory    bool       // Set when using delimiter to show that this directory object does not really exist
+	SubDir             string     `json:"subdir"` // returned only when using delimiter to mark "pseudo directories"
+	ObjectType         ObjectType // type of this object
+}
+
+// Objects returns a slice of Object with information about each
+// object in the container.
+//
+// If Delimiter is set in the opts then PseudoDirectory may be set,
+// with ContentType 'application/directory'.  These are not real
+// objects but represent directories of objects which haven't had an
+// object created for them.
+func (c *Connection) Objects(container string, opts *ObjectsOpts) ([]Object, error) {
+	v, h := opts.parse()
+	v.Set("format", "json")
+	resp, _, err := c.storage(RequestOpts{
+		Container:  container,
+		Operation:  "GET",
+		Parameters: v,
+		ErrorMap:   ContainerErrorMap,
+		Headers:    h,
+	})
+	if err != nil {
+		return nil, err
+	}
+	var objects []Object
+	err = readJson(resp, &objects)
+	// Convert Pseudo directories and dates
+	for i := range objects {
+		object := &objects[i]
+		if object.SubDir != "" {
+			object.Name = object.SubDir
+			object.PseudoDirectory = true
+			object.ContentType = "application/directory"
+		}
+		if object.ServerLastModified != "" {
+			// 2012-11-11T14:49:47.887250
+			//
+			// Remove fractional seconds if present. This
+			// then keeps it consistent with Object
+			// which can only return timestamps accurate
+			// to 1 second
+			//
+			// The TimeFormat will parse fractional
+			// seconds if desired though
+			datetime := strings.SplitN(object.ServerLastModified, ".", 2)[0]
+			object.LastModified, err = time.Parse(TimeFormat, datetime)
+			if err != nil {
+				return nil, err
+			}
+		}
+		if object.SLOHash != "" {
+			object.ObjectType = StaticLargeObjectType
+		}
+	}
+	return objects, err
+}
+
+// objectsAllOpts makes a copy of opts if set or makes a new one and
+// overrides Limit and Marker
+func objectsAllOpts(opts *ObjectsOpts, Limit int) *ObjectsOpts {
+	var newOpts ObjectsOpts
+	if opts != nil {
+		newOpts = *opts
+	}
+	if newOpts.Limit == 0 {
+		newOpts.Limit = Limit
+	}
+	newOpts.Marker = ""
+	return &newOpts
+}
+
+// A closure defined by the caller to iterate through all objects
+//
+// Call Objects or ObjectNames from here with the *ObjectOpts passed in
+//
+// Do whatever is required with the results then return them
+type ObjectsWalkFn func(*ObjectsOpts) (interface{}, error)
+
+// ObjectsWalk is uses to iterate through all the objects in chunks as
+// returned by Objects or ObjectNames using the Marker and Limit
+// parameters in the ObjectsOpts.
+//
+// Pass in a closure `walkFn` which calls Objects or ObjectNames with
+// the *ObjectsOpts passed to it and does something with the results.
+//
+// Errors will be returned from this function
+//
+// It has a default Limit parameter but you may pass in your own
+func (c *Connection) ObjectsWalk(container string, opts *ObjectsOpts, walkFn ObjectsWalkFn) error {
+	opts = objectsAllOpts(opts, allObjectsChanLimit)
+	for {
+		objects, err := walkFn(opts)
+		if err != nil {
+			return err
+		}
+		var n int
+		var last string
+		switch objects := objects.(type) {
+		case []string:
+			n = len(objects)
+			if n > 0 {
+				last = objects[len(objects)-1]
+			}
+		case []Object:
+			n = len(objects)
+			if n > 0 {
+				last = objects[len(objects)-1].Name
+			}
+		default:
+			panic("Unknown type returned to ObjectsWalk")
+		}
+		if n < opts.Limit {
+			break
+		}
+		opts.Marker = last
+	}
+	return nil
+}
+
+// ObjectsAll is like Objects but it returns an unlimited number of Objects in a slice
+//
+// It calls Objects multiple times using the Marker parameter
+func (c *Connection) ObjectsAll(container string, opts *ObjectsOpts) ([]Object, error) {
+	objects := make([]Object, 0)
+	err := c.ObjectsWalk(container, opts, func(opts *ObjectsOpts) (interface{}, error) {
+		newObjects, err := c.Objects(container, opts)
+		if err == nil {
+			objects = append(objects, newObjects...)
+		}
+		return newObjects, err
+	})
+	return objects, err
+}
+
+// ObjectNamesAll is like ObjectNames but it returns all the Objects
+//
+// It calls ObjectNames multiple times using the Marker parameter
+//
+// It has a default Limit parameter but you may pass in your own
+func (c *Connection) ObjectNamesAll(container string, opts *ObjectsOpts) ([]string, error) {
+	objects := make([]string, 0)
+	err := c.ObjectsWalk(container, opts, func(opts *ObjectsOpts) (interface{}, error) {
+		newObjects, err := c.ObjectNames(container, opts)
+		if err == nil {
+			objects = append(objects, newObjects...)
+		}
+		return newObjects, err
+	})
+	return objects, err
+}
+
+// Account contains information about this account.
+type Account struct {
+	BytesUsed  int64 // total number of bytes used
+	Containers int64 // total number of containers
+	Objects    int64 // total number of objects
+}
+
+// getInt64FromHeader is a helper function to decode int64 from header.
+func getInt64FromHeader(resp *http.Response, header string) (result int64, err error) {
+	value := resp.Header.Get(header)
+	result, err = strconv.ParseInt(value, 10, 64)
+	if err != nil {
+		err = newErrorf(0, "Bad Header '%s': '%s': %s", header, value, err)
+	}
+	return
+}
+
+// Account returns info about the account in an Account struct.
+func (c *Connection) Account() (info Account, headers Headers, err error) {
+	var resp *http.Response
+	resp, headers, err = c.storage(RequestOpts{
+		Operation:  "HEAD",
+		ErrorMap:   ContainerErrorMap,
+		NoResponse: true,
+	})
+	if err != nil {
+		return
+	}
+	// Parse the headers into a dict
+	//
+	//    {'Accept-Ranges': 'bytes',
+	//     'Content-Length': '0',
+	//     'Date': 'Tue, 05 Jul 2011 16:37:06 GMT',
+	//     'X-Account-Bytes-Used': '316598182',
+	//     'X-Account-Container-Count': '4',
+	//     'X-Account-Object-Count': '1433'}
+	if info.BytesUsed, err = getInt64FromHeader(resp, "X-Account-Bytes-Used"); err != nil {
+		return
+	}
+	if info.Containers, err = getInt64FromHeader(resp, "X-Account-Container-Count"); err != nil {
+		return
+	}
+	if info.Objects, err = getInt64FromHeader(resp, "X-Account-Object-Count"); err != nil {
+		return
+	}
+	return
+}
+
+// AccountUpdate adds, replaces or remove account metadata.
+//
+// Add or update keys by mentioning them in the Headers.
+//
+// Remove keys by setting them to an empty string.
+func (c *Connection) AccountUpdate(h Headers) error {
+	_, _, err := c.storage(RequestOpts{
+		Operation:  "POST",
+		ErrorMap:   ContainerErrorMap,
+		NoResponse: true,
+		Headers:    h,
+	})
+	return err
+}
+
+// ContainerCreate creates a container.
+//
+// If you don't want to add Headers just pass in nil
+//
+// No error is returned if it already exists but the metadata if any will be updated.
+func (c *Connection) ContainerCreate(container string, h Headers) error {
+	_, _, err := c.storage(RequestOpts{
+		Container:  container,
+		Operation:  "PUT",
+		ErrorMap:   ContainerErrorMap,
+		NoResponse: true,
+		Headers:    h,
+	})
+	return err
+}
+
+// ContainerDelete deletes a container.
+//
+// May return ContainerDoesNotExist or ContainerNotEmpty
+func (c *Connection) ContainerDelete(container string) error {
+	_, _, err := c.storage(RequestOpts{
+		Container:  container,
+		Operation:  "DELETE",
+		ErrorMap:   ContainerErrorMap,
+		NoResponse: true,
+	})
+	return err
+}
+
+// Container returns info about a single container including any
+// metadata in the headers.
+func (c *Connection) Container(container string) (info Container, headers Headers, err error) {
+	var resp *http.Response
+	resp, headers, err = c.storage(RequestOpts{
+		Container:  container,
+		Operation:  "HEAD",
+		ErrorMap:   ContainerErrorMap,
+		NoResponse: true,
+	})
+	if err != nil {
+		return
+	}
+	// Parse the headers into the struct
+	info.Name = container
+	if info.Bytes, err = getInt64FromHeader(resp, "X-Container-Bytes-Used"); err != nil {
+		return
+	}
+	if info.Count, err = getInt64FromHeader(resp, "X-Container-Object-Count"); err != nil {
+		return
+	}
+	return
+}
+
+// ContainerUpdate adds, replaces or removes container metadata.
+//
+// Add or update keys by mentioning them in the Metadata.
+//
+// Remove keys by setting them to an empty string.
+//
+// Container metadata can only be read with Container() not with Containers().
+func (c *Connection) ContainerUpdate(container string, h Headers) error {
+	_, _, err := c.storage(RequestOpts{
+		Container:  container,
+		Operation:  "POST",
+		ErrorMap:   ContainerErrorMap,
+		NoResponse: true,
+		Headers:    h,
+	})
+	return err
+}
+
+// ------------------------------------------------------------
+
+// ObjectCreateFile represents a swift object open for writing
+type ObjectCreateFile struct {
+	checkHash  bool           // whether we are checking the hash
+	pipeReader *io.PipeReader // pipe for the caller to use
+	pipeWriter *io.PipeWriter
+	hash       hash.Hash      // hash being build up as we go along
+	done       chan struct{}  // signals when the upload has finished
+	resp       *http.Response // valid when done has signalled
+	err        error          // ditto
+	headers    Headers        // ditto
+}
+
+// Write bytes to the object - see io.Writer
+func (file *ObjectCreateFile) Write(p []byte) (n int, err error) {
+	n, err = file.pipeWriter.Write(p)
+	if err == io.ErrClosedPipe {
+		if file.err != nil {
+			return 0, file.err
+		}
+		return 0, newError(500, "Write on closed file")
+	}
+	if err == nil && file.checkHash {
+		_, _ = file.hash.Write(p)
+	}
+	return
+}
+
+// Close the object and checks the md5sum if it was required.
+//
+// Also returns any other errors from the server (eg container not
+// found) so it is very important to check the errors on this method.
+func (file *ObjectCreateFile) Close() error {
+	// Close the body
+	err := file.pipeWriter.Close()
+	if err != nil {
+		return err
+	}
+
+	// Wait for the HTTP operation to complete
+	<-file.done
+
+	// Check errors
+	if file.err != nil {
+		return file.err
+	}
+	if file.checkHash {
+		receivedMd5 := strings.ToLower(file.headers["Etag"])
+		calculatedMd5 := fmt.Sprintf("%x", file.hash.Sum(nil))
+		if receivedMd5 != calculatedMd5 {
+			return ObjectCorrupted
+		}
+	}
+	return nil
+}
+
+// Headers returns the response headers from the created object if the upload
+// has been completed. The Close() method must be called on an ObjectCreateFile
+// before this method.
+func (file *ObjectCreateFile) Headers() (Headers, error) {
+	// error out if upload is not complete.
+	select {
+	case <-file.done:
+	default:
+		return nil, fmt.Errorf("Cannot get metadata, object upload failed or has not yet completed.")
+	}
+	return file.headers, nil
+}
+
+// Check it satisfies the interface
+var _ io.WriteCloser = &ObjectCreateFile{}
+
+// objectPutHeaders create a set of headers for a PUT
+//
+// It guesses the contentType from the objectName if it isn't set
+//
+// checkHash may be changed
+func objectPutHeaders(objectName string, checkHash *bool, Hash string, contentType string, h Headers) Headers {
+	if contentType == "" {
+		contentType = mime.TypeByExtension(path.Ext(objectName))
+		if contentType == "" {
+			contentType = "application/octet-stream"
+		}
+	}
+	// Meta stuff
+	extraHeaders := map[string]string{
+		"Content-Type": contentType,
+	}
+	for key, value := range h {
+		extraHeaders[key] = value
+	}
+	if Hash != "" {
+		extraHeaders["Etag"] = Hash
+		*checkHash = false // the server will do it
+	}
+	return extraHeaders
+}
+
+// ObjectCreate creates or updates the object in the container.  It
+// returns an io.WriteCloser you should write the contents to.  You
+// MUST call Close() on it and you MUST check the error return from
+// Close().
+//
+// If checkHash is True then it will calculate the MD5 Hash of the
+// file as it is being uploaded and check it against that returned
+// from the server.  If it is wrong then it will return
+// ObjectCorrupted on Close()
+//
+// If you know the MD5 hash of the object ahead of time then set the
+// Hash parameter and it will be sent to the server (as an Etag
+// header) and the server will check the MD5 itself after the upload,
+// and this will return ObjectCorrupted on Close() if it is incorrect.
+//
+// If you don't want any error protection (not recommended) then set
+// checkHash to false and Hash to "".
+//
+// If contentType is set it will be used, otherwise one will be
+// guessed from objectName using mime.TypeByExtension
+func (c *Connection) ObjectCreate(container string, objectName string, checkHash bool, Hash string, contentType string, h Headers) (file *ObjectCreateFile, err error) {
+	extraHeaders := objectPutHeaders(objectName, &checkHash, Hash, contentType, h)
+	pipeReader, pipeWriter := io.Pipe()
+	file = &ObjectCreateFile{
+		hash:       md5.New(),
+		checkHash:  checkHash,
+		pipeReader: pipeReader,
+		pipeWriter: pipeWriter,
+		done:       make(chan struct{}),
+	}
+	// Run the PUT in the background piping it data
+	go func() {
+		opts := RequestOpts{
+			Container:  container,
+			ObjectName: objectName,
+			Operation:  "PUT",
+			Headers:    extraHeaders,
+			Body:       pipeReader,
+			NoResponse: true,
+			ErrorMap:   objectErrorMap,
+		}
+		file.resp, file.headers, file.err = c.storage(opts)
+		// Signal finished
+		pipeReader.Close()
+		close(file.done)
+	}()
+	return
+}
+
+func (c *Connection) objectPut(container string, objectName string, contents io.Reader, checkHash bool, Hash string, contentType string, h Headers, parameters url.Values) (headers Headers, err error) {
+	extraHeaders := objectPutHeaders(objectName, &checkHash, Hash, contentType, h)
+	hash := md5.New()
+	var body io.Reader = contents
+	if checkHash {
+		body = io.TeeReader(contents, hash)
+	}
+	_, headers, err = c.storage(RequestOpts{
+		Container:  container,
+		ObjectName: objectName,
+		Operation:  "PUT",
+		Headers:    extraHeaders,
+		Body:       body,
+		NoResponse: true,
+		ErrorMap:   objectErrorMap,
+		Parameters: parameters,
+	})
+	if err != nil {
+		return
+	}
+	if checkHash {
+		receivedMd5 := strings.ToLower(headers["Etag"])
+		calculatedMd5 := fmt.Sprintf("%x", hash.Sum(nil))
+		if receivedMd5 != calculatedMd5 {
+			err = ObjectCorrupted
+			return
+		}
+	}
+	return
+}
+
+// ObjectPut creates or updates the path in the container from
+// contents.  contents should be an open io.Reader which will have all
+// its contents read.
+//
+// This is a low level interface.
+//
+// If checkHash is True then it will calculate the MD5 Hash of the
+// file as it is being uploaded and check it against that returned
+// from the server.  If it is wrong then it will return
+// ObjectCorrupted.
+//
+// If you know the MD5 hash of the object ahead of time then set the
+// Hash parameter and it will be sent to the server (as an Etag
+// header) and the server will check the MD5 itself after the upload,
+// and this will return ObjectCorrupted if it is incorrect.
+//
+// If you don't want any error protection (not recommended) then set
+// checkHash to false and Hash to "".
+//
+// If contentType is set it will be used, otherwise one will be
+// guessed from objectName using mime.TypeByExtension
+func (c *Connection) ObjectPut(container string, objectName string, contents io.Reader, checkHash bool, Hash string, contentType string, h Headers) (headers Headers, err error) {
+	return c.objectPut(container, objectName, contents, checkHash, Hash, contentType, h, nil)
+}
+
+// ObjectPutBytes creates an object from a []byte in a container.
+//
+// This is a simplified interface which checks the MD5.
+func (c *Connection) ObjectPutBytes(container string, objectName string, contents []byte, contentType string) (err error) {
+	buf := bytes.NewBuffer(contents)
+	h := Headers{"Content-Length": strconv.Itoa(len(contents))}
+	_, err = c.ObjectPut(container, objectName, buf, true, "", contentType, h)
+	return
+}
+
+// ObjectPutString creates an object from a string in a container.
+//
+// This is a simplified interface which checks the MD5
+func (c *Connection) ObjectPutString(container string, objectName string, contents string, contentType string) (err error) {
+	buf := strings.NewReader(contents)
+	h := Headers{"Content-Length": strconv.Itoa(len(contents))}
+	_, err = c.ObjectPut(container, objectName, buf, true, "", contentType, h)
+	return
+}
+
+// ObjectOpenFile represents a swift object open for reading
+type ObjectOpenFile struct {
+	connection *Connection    // stored copy of Connection used in Open
+	container  string         // stored copy of container used in Open
+	objectName string         // stored copy of objectName used in Open
+	headers    Headers        // stored copy of headers used in Open
+	resp       *http.Response // http connection
+	body       io.Reader      // read data from this
+	checkHash  bool           // true if checking MD5
+	hash       hash.Hash      // currently accumulating MD5
+	bytes      int64          // number of bytes read on this connection
+	eof        bool           // whether we have read end of file
+	pos        int64          // current position when reading
+	lengthOk   bool           // whether length is valid
+	length     int64          // length of the object if read
+	seeked     bool           // whether we have seeked this file or not
+	overSeeked bool           // set if we have seeked to the end or beyond
+}
+
+// Read bytes from the object - see io.Reader
+func (file *ObjectOpenFile) Read(p []byte) (n int, err error) {
+	if file.overSeeked {
+		return 0, io.EOF
+	}
+	n, err = file.body.Read(p)
+	file.bytes += int64(n)
+	file.pos += int64(n)
+	if err == io.EOF {
+		file.eof = true
+	}
+	return
+}
+
+// Seek sets the offset for the next Read to offset, interpreted
+// according to whence: 0 means relative to the origin of the file, 1
+// means relative to the current offset, and 2 means relative to the
+// end. Seek returns the new offset and an Error, if any.
+//
+// Seek uses HTTP Range headers which, if the file pointer is moved,
+// will involve reopening the HTTP connection.
+//
+// Note that you can't seek to the end of a file or beyond; HTTP Range
+// requests don't support the file pointer being outside the data,
+// unlike os.File
+//
+// Seek(0, 1) will return the current file pointer.
+func (file *ObjectOpenFile) Seek(offset int64, whence int) (newPos int64, err error) {
+	file.overSeeked = false
+	switch whence {
+	case 0: // relative to start
+		newPos = offset
+	case 1: // relative to current
+		newPos = file.pos + offset
+	case 2: // relative to end
+		if !file.lengthOk {
+			return file.pos, newError(0, "Length of file unknown so can't seek from end")
+		}
+		newPos = file.length + offset
+		if offset >= 0 {
+			file.overSeeked = true
+			return
+		}
+	default:
+		panic("Unknown whence in ObjectOpenFile.Seek")
+	}
+	// If at correct position (quite likely), do nothing
+	if newPos == file.pos {
+		return
+	}
+	// Close the file...
+	file.seeked = true
+	err = file.Close()
+	if err != nil {
+		return
+	}
+	// ...and re-open with a Range header
+	if file.headers == nil {
+		file.headers = Headers{}
+	}
+	if newPos > 0 {
+		file.headers["Range"] = fmt.Sprintf("bytes=%d-", newPos)
+	} else {
+		delete(file.headers, "Range")
+	}
+	newFile, _, err := file.connection.ObjectOpen(file.container, file.objectName, false, file.headers)
+	if err != nil {
+		return
+	}
+	// Update the file
+	file.resp = newFile.resp
+	file.body = newFile.body
+	file.checkHash = false
+	file.pos = newPos
+	return
+}
+
+// Length gets the objects content length either from a cached copy or
+// from the server.
+func (file *ObjectOpenFile) Length() (int64, error) {
+	if !file.lengthOk {
+		info, _, err := file.connection.Object(file.container, file.objectName)
+		file.length = info.Bytes
+		file.lengthOk = (err == nil)
+		return file.length, err
+	}
+	return file.length, nil
+}
+
+// Close the object and checks the length and md5sum if it was
+// required and all the object was read
+func (file *ObjectOpenFile) Close() (err error) {
+	// Close the body at the end
+	defer checkClose(file.resp.Body, &err)
+
+	// If not end of file or seeked then can't check anything
+	if !file.eof || file.seeked {
+		return
+	}
+
+	// Check the MD5 sum if requested
+	if file.checkHash {
+		receivedMd5 := strings.ToLower(file.resp.Header.Get("Etag"))
+		calculatedMd5 := fmt.Sprintf("%x", file.hash.Sum(nil))
+		if receivedMd5 != calculatedMd5 {
+			err = ObjectCorrupted
+			return
+		}
+	}
+
+	// Check to see we read the correct number of bytes
+	if file.lengthOk && file.length != file.bytes {
+		err = ObjectCorrupted
+		return
+	}
+	return
+}
+
+// Check it satisfies the interfaces
+var _ io.ReadCloser = &ObjectOpenFile{}
+var _ io.Seeker = &ObjectOpenFile{}
+
+func (c *Connection) objectOpenBase(container string, objectName string, checkHash bool, h Headers, parameters url.Values) (file *ObjectOpenFile, headers Headers, err error) {
+	var resp *http.Response
+	opts := RequestOpts{
+		Container:  container,
+		ObjectName: objectName,
+		Operation:  "GET",
+		ErrorMap:   objectErrorMap,
+		Headers:    h,
+		Parameters: parameters,
+	}
+	resp, headers, err = c.storage(opts)
+	if err != nil {
+		return
+	}
+	// Can't check MD5 on an object with X-Object-Manifest or X-Static-Large-Object set
+	if checkHash && headers.IsLargeObject() {
+		// log.Printf("swift: turning off md5 checking on object with manifest %v", objectName)
+		checkHash = false
+	}
+	file = &ObjectOpenFile{
+		connection: c,
+		container:  container,
+		objectName: objectName,
+		headers:    h,
+		resp:       resp,
+		checkHash:  checkHash,
+		body:       resp.Body,
+	}
+	if checkHash {
+		file.hash = md5.New()
+		file.body = io.TeeReader(resp.Body, file.hash)
+	}
+	// Read Content-Length
+	if resp.Header.Get("Content-Length") != "" {
+		file.length, err = getInt64FromHeader(resp, "Content-Length")
+		file.lengthOk = (err == nil)
+	}
+	return
+}
+
+func (c *Connection) objectOpen(container string, objectName string, checkHash bool, h Headers, parameters url.Values) (file *ObjectOpenFile, headers Headers, err error) {
+	err = withLORetry(0, func() (Headers, int64, error) {
+		file, headers, err = c.objectOpenBase(container, objectName, checkHash, h, parameters)
+		if err != nil {
+			return headers, 0, err
+		}
+		return headers, file.length, nil
+	})
+	return
+}
+
+// ObjectOpen returns an ObjectOpenFile for reading the contents of
+// the object.  This satisfies the io.ReadCloser and the io.Seeker
+// interfaces.
+//
+// You must call Close() on contents when finished
+//
+// Returns the headers of the response.
+//
+// If checkHash is true then it will calculate the md5sum of the file
+// as it is being received and check it against that returned from the
+// server.  If it is wrong then it will return ObjectCorrupted. It
+// will also check the length returned. No checking will be done if
+// you don't read all the contents.
+//
+// Note that objects with X-Object-Manifest or X-Static-Large-Object
+// set won't ever have their md5sum's checked as the md5sum reported
+// on the object is actually the md5sum of the md5sums of the
+// parts. This isn't very helpful to detect a corrupted download as
+// the size of the parts aren't known without doing more operations.
+// If you want to ensure integrity of an object with a manifest then
+// you will need to download everything in the manifest separately.
+//
+// headers["Content-Type"] will give the content type if desired.
+func (c *Connection) ObjectOpen(container string, objectName string, checkHash bool, h Headers) (file *ObjectOpenFile, headers Headers, err error) {
+	return c.objectOpen(container, objectName, checkHash, h, nil)
+}
+
+// ObjectGet gets the object into the io.Writer contents.
+//
+// Returns the headers of the response.
+//
+// If checkHash is true then it will calculate the md5sum of the file
+// as it is being received and check it against that returned from the
+// server.  If it is wrong then it will return ObjectCorrupted.
+//
+// headers["Content-Type"] will give the content type if desired.
+func (c *Connection) ObjectGet(container string, objectName string, contents io.Writer, checkHash bool, h Headers) (headers Headers, err error) {
+	file, headers, err := c.ObjectOpen(container, objectName, checkHash, h)
+	if err != nil {
+		return
+	}
+	defer checkClose(file, &err)
+	_, err = io.Copy(contents, file)
+	return
+}
+
+// ObjectGetBytes returns an object as a []byte.
+//
+// This is a simplified interface which checks the MD5
+func (c *Connection) ObjectGetBytes(container string, objectName string) (contents []byte, err error) {
+	var buf bytes.Buffer
+	_, err = c.ObjectGet(container, objectName, &buf, true, nil)
+	contents = buf.Bytes()
+	return
+}
+
+// ObjectGetString returns an object as a string.
+//
+// This is a simplified interface which checks the MD5
+func (c *Connection) ObjectGetString(container string, objectName string) (contents string, err error) {
+	var buf bytes.Buffer
+	_, err = c.ObjectGet(container, objectName, &buf, true, nil)
+	contents = buf.String()
+	return
+}
+
+// ObjectDelete deletes the object.
+//
+// May return ObjectNotFound if the object isn't found
+func (c *Connection) ObjectDelete(container string, objectName string) error {
+	_, _, err := c.storage(RequestOpts{
+		Container:  container,
+		ObjectName: objectName,
+		Operation:  "DELETE",
+		ErrorMap:   objectErrorMap,
+	})
+	return err
+}
+
+// ObjectTempUrl returns a temporary URL for an object
+func (c *Connection) ObjectTempUrl(container string, objectName string, secretKey string, method string, expires time.Time) string {
+	mac := hmac.New(sha1.New, []byte(secretKey))
+	prefix, _ := url.Parse(c.StorageUrl)
+	body := fmt.Sprintf("%s\n%d\n%s/%s/%s", method, expires.Unix(), prefix.Path, container, objectName)
+	mac.Write([]byte(body))
+	sig := hex.EncodeToString(mac.Sum(nil))
+	return fmt.Sprintf("%s/%s/%s?temp_url_sig=%s&temp_url_expires=%d", c.StorageUrl, container, objectName, sig, expires.Unix())
+}
+
+// parseResponseStatus parses string like "200 OK" and returns Error.
+//
+// For status codes beween 200 and 299, this returns nil.
+func parseResponseStatus(resp string, errorMap errorMap) error {
+	code := 0
+	reason := resp
+	t := strings.SplitN(resp, " ", 2)
+	if len(t) == 2 {
+		ncode, err := strconv.Atoi(t[0])
+		if err == nil {
+			code = ncode
+			reason = t[1]
+		}
+	}
+	if errorMap != nil {
+		if err, ok := errorMap[code]; ok {
+			return err
+		}
+	}
+	if 200 <= code && code <= 299 {
+		return nil
+	}
+	return newError(code, reason)
+}
+
+// BulkDeleteResult stores results of BulkDelete().
+//
+// Individual errors may (or may not) be returned by Errors.
+// Errors is a map whose keys are a full path of where the object was
+// to be deleted, and whose values are Error objects.  A full path of
+// object looks like "/API_VERSION/USER_ACCOUNT/CONTAINER/OBJECT_PATH".
+type BulkDeleteResult struct {
+	NumberNotFound int64            // # of objects not found.
+	NumberDeleted  int64            // # of deleted objects.
+	Errors         map[string]error // Mapping between object name and an error.
+	Headers        Headers          // Response HTTP headers.
+}
+
+func (c *Connection) doBulkDelete(objects []string) (result BulkDeleteResult, err error) {
+	var buffer bytes.Buffer
+	for _, s := range objects {
+		u := url.URL{Path: s}
+		buffer.WriteString(u.String() + "\n")
+	}
+	resp, headers, err := c.storage(RequestOpts{
+		Operation:  "DELETE",
+		Parameters: url.Values{"bulk-delete": []string{"1"}},
+		Headers: Headers{
+			"Accept":         "application/json",
+			"Content-Type":   "text/plain",
+			"Content-Length": strconv.Itoa(buffer.Len()),
+		},
+		ErrorMap: ContainerErrorMap,
+		Body:     &buffer,
+	})
+	if err != nil {
+		return
+	}
+	var jsonResult struct {
+		NotFound int64  `json:"Number Not Found"`
+		Status   string `json:"Response Status"`
+		Errors   [][]string
+		Deleted  int64 `json:"Number Deleted"`
+	}
+	err = readJson(resp, &jsonResult)
+	if err != nil {
+		return
+	}
+
+	err = parseResponseStatus(jsonResult.Status, objectErrorMap)
+	result.NumberNotFound = jsonResult.NotFound
+	result.NumberDeleted = jsonResult.Deleted
+	result.Headers = headers
+	el := make(map[string]error, len(jsonResult.Errors))
+	for _, t := range jsonResult.Errors {
+		if len(t) != 2 {
+			continue
+		}
+		el[t[0]] = parseResponseStatus(t[1], objectErrorMap)
+	}
+	result.Errors = el
+	return
+}
+
+// BulkDelete deletes multiple objectNames from container in one operation.
+//
+// Some servers may not accept bulk-delete requests since bulk-delete is
+// an optional feature of swift - these will return the Forbidden error.
+//
+// See also:
+// * http://docs.openstack.org/trunk/openstack-object-storage/admin/content/object-storage-bulk-delete.html
+// * http://docs.rackspace.com/files/api/v1/cf-devguide/content/Bulk_Delete-d1e2338.html
+func (c *Connection) BulkDelete(container string, objectNames []string) (result BulkDeleteResult, err error) {
+	if len(objectNames) == 0 {
+		result.Errors = make(map[string]error)
+		return
+	}
+	fullPaths := make([]string, len(objectNames))
+	for i, name := range objectNames {
+		fullPaths[i] = fmt.Sprintf("/%s/%s", container, name)
+	}
+	return c.doBulkDelete(fullPaths)
+}
+
+// BulkUploadResult stores results of BulkUpload().
+//
+// Individual errors may (or may not) be returned by Errors.
+// Errors is a map whose keys are a full path of where an object was
+// to be created, and whose values are Error objects.  A full path of
+// object looks like "/API_VERSION/USER_ACCOUNT/CONTAINER/OBJECT_PATH".
+type BulkUploadResult struct {
+	NumberCreated int64            // # of created objects.
+	Errors        map[string]error // Mapping between object name and an error.
+	Headers       Headers          // Response HTTP headers.
+}
+
+// BulkUpload uploads multiple files in one operation.
+//
+// uploadPath can be empty, a container name, or a pseudo-directory
+// within a container.  If uploadPath is empty, new containers may be
+// automatically created.
+//
+// Files are read from dataStream.  The format of the stream is specified
+// by the format parameter.  Available formats are:
+// * UploadTar       - Plain tar stream.
+// * UploadTarGzip   - Gzip compressed tar stream.
+// * UploadTarBzip2  - Bzip2 compressed tar stream.
+//
+// Some servers may not accept bulk-upload requests since bulk-upload is
+// an optional feature of swift - these will return the Forbidden error.
+//
+// See also:
+// * http://docs.openstack.org/trunk/openstack-object-storage/admin/content/object-storage-extract-archive.html
+// * http://docs.rackspace.com/files/api/v1/cf-devguide/content/Extract_Archive-d1e2338.html
+func (c *Connection) BulkUpload(uploadPath string, dataStream io.Reader, format string, h Headers) (result BulkUploadResult, err error) {
+	extraHeaders := Headers{"Accept": "application/json"}
+	for key, value := range h {
+		extraHeaders[key] = value
+	}
+	// The following code abuses Container parameter intentionally.
+	// The best fix might be to rename Container to UploadPath.
+	resp, headers, err := c.storage(RequestOpts{
+		Container:  uploadPath,
+		Operation:  "PUT",
+		Parameters: url.Values{"extract-archive": []string{format}},
+		Headers:    extraHeaders,
+		ErrorMap:   ContainerErrorMap,
+		Body:       dataStream,
+	})
+	if err != nil {
+		return
+	}
+	// Detect old servers which don't support this feature
+	if headers["Content-Type"] != "application/json" {
+		err = Forbidden
+		return
+	}
+	var jsonResult struct {
+		Created int64  `json:"Number Files Created"`
+		Status  string `json:"Response Status"`
+		Errors  [][]string
+	}
+	err = readJson(resp, &jsonResult)
+	if err != nil {
+		return
+	}
+
+	err = parseResponseStatus(jsonResult.Status, objectErrorMap)
+	result.NumberCreated = jsonResult.Created
+	result.Headers = headers
+	el := make(map[string]error, len(jsonResult.Errors))
+	for _, t := range jsonResult.Errors {
+		if len(t) != 2 {
+			continue
+		}
+		el[t[0]] = parseResponseStatus(t[1], objectErrorMap)
+	}
+	result.Errors = el
+	return
+}
+
+// Object returns info about a single object including any metadata in the header.
+//
+// May return ObjectNotFound.
+//
+// Use headers.ObjectMetadata() to read the metadata in the Headers.
+func (c *Connection) Object(container string, objectName string) (info Object, headers Headers, err error) {
+	err = withLORetry(0, func() (Headers, int64, error) {
+		info, headers, err = c.objectBase(container, objectName)
+		if err != nil {
+			return headers, 0, err
+		}
+		return headers, info.Bytes, nil
+	})
+	return
+}
+
+func (c *Connection) objectBase(container string, objectName string) (info Object, headers Headers, err error) {
+	var resp *http.Response
+	resp, headers, err = c.storage(RequestOpts{
+		Container:  container,
+		ObjectName: objectName,
+		Operation:  "HEAD",
+		ErrorMap:   objectErrorMap,
+		NoResponse: true,
+	})
+	if err != nil {
+		return
+	}
+	// Parse the headers into the struct
+	// HTTP/1.1 200 OK
+	// Date: Thu, 07 Jun 2010 20:59:39 GMT
+	// Server: Apache
+	// Last-Modified: Fri, 12 Jun 2010 13:40:18 GMT
+	// ETag: 8a964ee2a5e88be344f36c22562a6486
+	// Content-Length: 512000
+	// Content-Type: text/plain; charset=UTF-8
+	// X-Object-Meta-Meat: Bacon
+	// X-Object-Meta-Fruit: Bacon
+	// X-Object-Meta-Veggie: Bacon
+	// X-Object-Meta-Dairy: Bacon
+	info.Name = objectName
+	info.ContentType = resp.Header.Get("Content-Type")
+	if resp.Header.Get("Content-Length") != "" {
+		if info.Bytes, err = getInt64FromHeader(resp, "Content-Length"); err != nil {
+			return
+		}
+	}
+	// Currently ceph doesn't return a Last-Modified header for DLO manifests without any segments
+	// See ceph http://tracker.ceph.com/issues/15812
+	if resp.Header.Get("Last-Modified") != "" {
+		info.ServerLastModified = resp.Header.Get("Last-Modified")
+		if info.LastModified, err = time.Parse(http.TimeFormat, info.ServerLastModified); err != nil {
+			return
+		}
+	}
+
+	info.Hash = resp.Header.Get("Etag")
+	if resp.Header.Get("X-Object-Manifest") != "" {
+		info.ObjectType = DynamicLargeObjectType
+	} else if resp.Header.Get("X-Static-Large-Object") != "" {
+		info.ObjectType = StaticLargeObjectType
+	}
+
+	return
+}
+
+// ObjectUpdate adds, replaces or removes object metadata.
+//
+// Add or Update keys by mentioning them in the Metadata.  Use
+// Metadata.ObjectHeaders and Headers.ObjectMetadata to convert your
+// Metadata to and from normal HTTP headers.
+//
+// This removes all metadata previously added to the object and
+// replaces it with that passed in so to delete keys, just don't
+// mention them the headers you pass in.
+//
+// Object metadata can only be read with Object() not with Objects().
+//
+// This can also be used to set headers not already assigned such as
+// X-Delete-At or X-Delete-After for expiring objects.
+//
+// You cannot use this to change any of the object's other headers
+// such as Content-Type, ETag, etc.
+//
+// Refer to copying an object when you need to update metadata or
+// other headers such as Content-Type or CORS headers.
+//
+// May return ObjectNotFound.
+func (c *Connection) ObjectUpdate(container string, objectName string, h Headers) error {
+	_, _, err := c.storage(RequestOpts{
+		Container:  container,
+		ObjectName: objectName,
+		Operation:  "POST",
+		ErrorMap:   objectErrorMap,
+		NoResponse: true,
+		Headers:    h,
+	})
+	return err
+}
+
+// urlPathEscape escapes URL path the in string using URL escaping rules
+//
+// This mimics url.PathEscape which only available from go 1.8
+func urlPathEscape(in string) string {
+	var u url.URL
+	u.Path = in
+	return u.String()
+}
+
+// ObjectCopy does a server side copy of an object to a new position
+//
+// All metadata is preserved.  If metadata is set in the headers then
+// it overrides the old metadata on the copied object.
+//
+// The destination container must exist before the copy.
+//
+// You can use this to copy an object to itself - this is the only way
+// to update the content type of an object.
+func (c *Connection) ObjectCopy(srcContainer string, srcObjectName string, dstContainer string, dstObjectName string, h Headers) (headers Headers, err error) {
+	// Meta stuff
+	extraHeaders := map[string]string{
+		"Destination": urlPathEscape(dstContainer + "/" + dstObjectName),
+	}
+	for key, value := range h {
+		extraHeaders[key] = value
+	}
+	_, headers, err = c.storage(RequestOpts{
+		Container:  srcContainer,
+		ObjectName: srcObjectName,
+		Operation:  "COPY",
+		ErrorMap:   objectErrorMap,
+		NoResponse: true,
+		Headers:    extraHeaders,
+	})
+	return
+}
+
+// ObjectMove does a server side move of an object to a new position
+//
+// This is a convenience method which calls ObjectCopy then ObjectDelete
+//
+// All metadata is preserved.
+//
+// The destination container must exist before the copy.
+func (c *Connection) ObjectMove(srcContainer string, srcObjectName string, dstContainer string, dstObjectName string) (err error) {
+	_, err = c.ObjectCopy(srcContainer, srcObjectName, dstContainer, dstObjectName, nil)
+	if err != nil {
+		return
+	}
+	return c.ObjectDelete(srcContainer, srcObjectName)
+}
+
+// ObjectUpdateContentType updates the content type of an object
+//
+// This is a convenience method which calls ObjectCopy
+//
+// All other metadata is preserved.
+func (c *Connection) ObjectUpdateContentType(container string, objectName string, contentType string) (err error) {
+	h := Headers{"Content-Type": contentType}
+	_, err = c.ObjectCopy(container, objectName, container, objectName, h)
+	return
+}
+
+// ------------------------------------------------------------
+
+// VersionContainerCreate is a helper method for creating and enabling version controlled containers.
+//
+// It builds the current object container, the non-current object version container, and enables versioning.
+//
+// If the server doesn't support versioning then it will return
+// Forbidden however it will have created both the containers at that point.
+func (c *Connection) VersionContainerCreate(current, version string) error {
+	if err := c.ContainerCreate(version, nil); err != nil {
+		return err
+	}
+	if err := c.ContainerCreate(current, nil); err != nil {
+		return err
+	}
+	if err := c.VersionEnable(current, version); err != nil {
+		return err
+	}
+	return nil
+}
+
+// VersionEnable enables versioning on the current container with version as the tracking container.
+//
+// May return Forbidden if this isn't supported by the server
+func (c *Connection) VersionEnable(current, version string) error {
+	h := Headers{"X-Versions-Location": version}
+	if err := c.ContainerUpdate(current, h); err != nil {
+		return err
+	}
+	// Check to see if the header was set properly
+	_, headers, err := c.Container(current)
+	if err != nil {
+		return err
+	}
+	// If failed to set versions header, return Forbidden as the server doesn't support this
+	if headers["X-Versions-Location"] != version {
+		return Forbidden
+	}
+	return nil
+}
+
+// VersionDisable disables versioning on the current container.
+func (c *Connection) VersionDisable(current string) error {
+	h := Headers{"X-Versions-Location": ""}
+	if err := c.ContainerUpdate(current, h); err != nil {
+		return err
+	}
+	return nil
+}
+
+// VersionObjectList returns a list of older versions of the object.
+//
+// Objects are returned in the format <length><object_name>/<timestamp>
+func (c *Connection) VersionObjectList(version, object string) ([]string, error) {
+	opts := &ObjectsOpts{
+		// <3-character zero-padded hexadecimal character length><object name>/
+		Prefix: fmt.Sprintf("%03x", len(object)) + object + "/",
+	}
+	return c.ObjectNames(version, opts)
+}
diff --git a/vendor/github.com/ncw/swift/swifttest/server.go b/vendor/github.com/ncw/swift/swifttest/server.go
new file mode 100644
index 000000000..6ec50f609
--- /dev/null
+++ b/vendor/github.com/ncw/swift/swifttest/server.go
@@ -0,0 +1,1107 @@
+// This implements a very basic Swift server
+// Everything is stored in memory
+//
+// This comes from the https://github.com/mitchellh/goamz
+// and was adapted for Swift
+//
+package swifttest
+
+import (
+	"bytes"
+	"crypto/hmac"
+	"crypto/md5"
+	"crypto/rand"
+	"crypto/sha1"
+	"encoding/hex"
+	"encoding/json"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"log"
+	"mime"
+	"net"
+	"net/http"
+	"net/http/httptest"
+	"net/url"
+	"path"
+	"regexp"
+	"sort"
+	"strconv"
+	"strings"
+	"sync"
+	"sync/atomic"
+	"testing"
+	"time"
+
+	"github.com/ncw/swift"
+)
+
+const (
+	DEBUG        = false
+	TEST_ACCOUNT = "swifttest"
+)
+
+type HandlerOverrideFunc func(w http.ResponseWriter, r *http.Request, recorder *httptest.ResponseRecorder)
+
+type SwiftServer struct {
+	// `sync/atomic` expects the first word in an allocated struct to be 64-bit
+	// aligned on both ARM and x86-32.
+	// See https://golang.org/pkg/sync/atomic/#pkg-note-BUG for more details.
+	reqId int64
+	sync.RWMutex
+	t        *testing.T
+	mu       sync.Mutex
+	Listener net.Listener
+	AuthURL  string
+	URL      string
+	Accounts map[string]*account
+	Sessions map[string]*session
+	override map[string]HandlerOverrideFunc
+}
+
+// The Folder type represents a container stored in an account
+type Folder struct {
+	Count int64  `json:"count"`
+	Bytes int64  `json:"bytes"`
+	Name  string `json:"name"`
+}
+
+// The Key type represents an item stored in an container.
+type Key struct {
+	Key          string `json:"name"`
+	LastModified string `json:"last_modified"`
+	Size         int64  `json:"bytes"`
+	// ETag gives the hex-encoded MD5 sum of the contents,
+	// surrounded with double-quotes.
+	ETag        string `json:"hash"`
+	ContentType string `json:"content_type"`
+	// Owner        Owner
+}
+
+type Subdir struct {
+	Subdir string `json:"subdir"`
+}
+
+type swiftError struct {
+	statusCode int
+	Code       string
+	Message    string
+}
+
+type action struct {
+	srv   *SwiftServer
+	w     http.ResponseWriter
+	req   *http.Request
+	reqId string
+	user  *account
+}
+
+type session struct {
+	username string
+}
+
+type metadata struct {
+	meta http.Header // metadata to return with requests.
+}
+
+type account struct {
+	sync.RWMutex
+	swift.Account
+	metadata
+	password       string
+	ContainersLock sync.RWMutex
+	Containers     map[string]*container
+}
+
+type object struct {
+	sync.RWMutex
+	metadata
+	name         string
+	mtime        time.Time
+	checksum     []byte // also held as ETag in meta.
+	data         []byte
+	content_type string
+}
+
+type container struct {
+	// `sync/atomic` expects the first word in an allocated struct to be 64-bit
+	// aligned on both ARM and x86-32.
+	// See https://golang.org/pkg/sync/atomic/#pkg-note-BUG for more details.
+	bytes int64
+	sync.RWMutex
+	metadata
+	name    string
+	ctime   time.Time
+	objects map[string]*object
+}
+
+type segment struct {
+	Path string `json:"path,omitempty"`
+	Hash string `json:"hash,omitempty"`
+	Size int64  `json:"size_bytes,omitempty"`
+	// When uploading a manifest, the attributes must be named `path`, `hash` and `size`
+	// but when querying the JSON content of a manifest with the `multipart-manifest=get`
+	// parameter, Swift names those attributes `name`, `etag` and `bytes`.
+	// We use all the different attributes names in this structure to be able to use
+	// the same structure for both uploading and retrieving.
+	Name         string `json:"name,omitempty"`
+	Etag         string `json:"etag,omitempty"`
+	Bytes        int64  `json:"bytes,omitempty"`
+	ContentType  string `json:"content_type,omitempty"`
+	LastModified string `json:"last_modified,omitempty"`
+}
+
+// A resource encapsulates the subject of an HTTP request.
+// The resource referred to may or may not exist
+// when the request is made.
+type resource interface {
+	put(a *action) interface{}
+	get(a *action) interface{}
+	post(a *action) interface{}
+	delete(a *action) interface{}
+	copy(a *action) interface{}
+}
+
+type objectResource struct {
+	name      string
+	version   string
+	container *container // always non-nil.
+	object    *object    // may be nil.
+}
+
+type containerResource struct {
+	name      string
+	container *container // non-nil if the container already exists.
+}
+
+var responseParams = map[string]bool{
+	"content-type":        true,
+	"content-language":    true,
+	"expires":             true,
+	"cache-control":       true,
+	"content-disposition": true,
+	"content-encoding":    true,
+}
+
+func fatalf(code int, codeStr string, errf string, a ...interface{}) {
+	panic(&swiftError{
+		statusCode: code,
+		Code:       codeStr,
+		Message:    fmt.Sprintf(errf, a...),
+	})
+}
+
+func (m metadata) setMetadata(a *action, resource string) {
+	for key, values := range a.req.Header {
+		key = http.CanonicalHeaderKey(key)
+		if metaHeaders[key] || strings.HasPrefix(key, "X-"+strings.Title(resource)+"-Meta-") {
+			if values[0] != "" || resource == "object" {
+				m.meta[key] = values
+			} else {
+				m.meta.Del(key)
+			}
+		}
+	}
+}
+
+func (m metadata) getMetadata(a *action) {
+	h := a.w.Header()
+	for name, d := range m.meta {
+		h[name] = d
+	}
+}
+
+func (c *container) list(delimiter string, marker string, prefix string, parent string) (resp []interface{}) {
+	var tmp orderedObjects
+
+	c.RLock()
+	defer c.RUnlock()
+
+	// first get all matching objects and arrange them in alphabetical order.
+	for _, obj := range c.objects {
+		if strings.HasPrefix(obj.name, prefix) {
+			tmp = append(tmp, obj)
+		}
+	}
+	sort.Sort(tmp)
+
+	var prefixes []string
+	for _, obj := range tmp {
+		if !strings.HasPrefix(obj.name, prefix) {
+			continue
+		}
+
+		isPrefix := false
+		name := obj.name
+		if parent != "" {
+			if path.Dir(obj.name) != path.Clean(parent) {
+				continue
+			}
+		} else if delimiter != "" {
+			if i := strings.Index(obj.name[len(prefix):], delimiter); i >= 0 {
+				name = obj.name[:len(prefix)+i+len(delimiter)]
+				if prefixes != nil && prefixes[len(prefixes)-1] == name {
+					continue
+				}
+				isPrefix = true
+			}
+		}
+
+		if name <= marker {
+			continue
+		}
+
+		if isPrefix {
+			prefixes = append(prefixes, name)
+
+			resp = append(resp, Subdir{
+				Subdir: name,
+			})
+		} else {
+			resp = append(resp, obj)
+		}
+	}
+
+	return
+}
+
+// GET on a container lists the objects in the container.
+func (r containerResource) get(a *action) interface{} {
+	if r.container == nil {
+		fatalf(404, "NoSuchContainer", "The specified container does not exist")
+	}
+
+	r.container.RLock()
+
+	delimiter := a.req.Form.Get("delimiter")
+	marker := a.req.Form.Get("marker")
+	prefix := a.req.Form.Get("prefix")
+	format := a.req.URL.Query().Get("format")
+	parent := a.req.Form.Get("path")
+
+	a.w.Header().Set("X-Container-Bytes-Used", strconv.Itoa(int(r.container.bytes)))
+	a.w.Header().Set("X-Container-Object-Count", strconv.Itoa(len(r.container.objects)))
+	r.container.getMetadata(a)
+
+	if a.req.Method == "HEAD" {
+		r.container.RUnlock()
+		return nil
+	}
+	r.container.RUnlock()
+
+	objects := r.container.list(delimiter, marker, prefix, parent)
+
+	if format == "json" {
+		a.w.Header().Set("Content-Type", "application/json")
+		var resp []interface{}
+		for _, item := range objects {
+			if obj, ok := item.(*object); ok {
+				resp = append(resp, obj.Key())
+			} else {
+				resp = append(resp, item)
+			}
+		}
+		return resp
+	} else {
+		for _, item := range objects {
+			if obj, ok := item.(*object); ok {
+				a.w.Write([]byte(obj.name + "\n"))
+			} else if subdir, ok := item.(Subdir); ok {
+				a.w.Write([]byte(subdir.Subdir + "\n"))
+			}
+		}
+		return nil
+	}
+}
+
+// orderedContainers holds a slice of containers that can be sorted
+// by name.
+type orderedContainers []*container
+
+func (s orderedContainers) Len() int {
+	return len(s)
+}
+func (s orderedContainers) Swap(i, j int) {
+	s[i], s[j] = s[j], s[i]
+}
+func (s orderedContainers) Less(i, j int) bool {
+	return s[i].name < s[j].name
+}
+
+func (r containerResource) delete(a *action) interface{} {
+	b := r.container
+	if b == nil {
+		fatalf(404, "NoSuchContainer", "The specified container does not exist")
+	}
+	if len(b.objects) > 0 {
+		fatalf(409, "Conflict", "The container you tried to delete is not empty")
+	}
+	a.user.Lock()
+	delete(a.user.Containers, b.name)
+	a.user.Account.Containers--
+	a.user.Unlock()
+	return nil
+}
+
+func (r containerResource) put(a *action) interface{} {
+	if a.req.URL.Query().Get("extract-archive") != "" {
+		fatalf(403, "Operation forbidden", "Bulk upload is not supported")
+	}
+
+	if r.container == nil {
+		if !validContainerName(r.name) {
+			fatalf(400, "InvalidContainerName", "The specified container is not valid")
+		}
+		r.container = &container{
+			name:    r.name,
+			objects: make(map[string]*object),
+			metadata: metadata{
+				meta: make(http.Header),
+			},
+		}
+		r.container.setMetadata(a, "container")
+
+		a.user.Lock()
+		a.user.Containers[r.name] = r.container
+		a.user.Account.Containers++
+		a.user.Unlock()
+	}
+
+	return nil
+}
+
+func (r containerResource) post(a *action) interface{} {
+	if r.container == nil {
+		fatalf(400, "Method", "The resource could not be found.")
+	} else {
+		r.container.RLock()
+		defer r.container.RUnlock()
+
+		r.container.setMetadata(a, "container")
+		a.w.WriteHeader(201)
+		jsonMarshal(a.w, Folder{
+			Count: int64(len(r.container.objects)),
+			Bytes: r.container.bytes,
+			Name:  r.container.name,
+		})
+	}
+	return nil
+}
+
+func (containerResource) copy(a *action) interface{} { return notAllowed() }
+
+// validContainerName returns whether name is a valid bucket name.
+// Here are the rules, from:
+// http://docs.openstack.org/api/openstack-object-storage/1.0/content/ch_object-storage-dev-api-storage.html
+//
+// Container names cannot exceed 256 bytes and cannot contain the / character.
+//
+func validContainerName(name string) bool {
+	if len(name) == 0 || len(name) > 256 {
+		return false
+	}
+	for _, r := range name {
+		switch {
+		case r == '/':
+			return false
+		default:
+		}
+	}
+	return true
+}
+
+// orderedObjects holds a slice of objects that can be sorted
+// by name.
+type orderedObjects []*object
+
+func (s orderedObjects) Len() int {
+	return len(s)
+}
+func (s orderedObjects) Swap(i, j int) {
+	s[i], s[j] = s[j], s[i]
+}
+func (s orderedObjects) Less(i, j int) bool {
+	return s[i].name < s[j].name
+}
+
+func (obj *object) Key() Key {
+	return Key{
+		Key:          obj.name,
+		LastModified: obj.mtime.Format("2006-01-02T15:04:05"),
+		Size:         int64(len(obj.data)),
+		ETag:         fmt.Sprintf("%x", obj.checksum),
+		ContentType:  obj.content_type,
+	}
+}
+
+var metaHeaders = map[string]bool{
+	"Content-Type":          true,
+	"Content-Encoding":      true,
+	"Content-Disposition":   true,
+	"X-Object-Manifest":     true,
+	"X-Static-Large-Object": true,
+}
+
+var rangeRegexp = regexp.MustCompile("(bytes=)?([0-9]*)-([0-9]*)")
+
+// GET on an object gets the contents of the object.
+func (objr objectResource) get(a *action) interface{} {
+	var (
+		etag   []byte
+		reader io.Reader
+		start  int
+		end    int = -1
+	)
+	obj := objr.object
+	if obj == nil {
+		fatalf(404, "Not Found", "The resource could not be found.")
+	}
+
+	obj.RLock()
+	defer obj.RUnlock()
+
+	h := a.w.Header()
+	// add metadata
+	obj.getMetadata(a)
+
+	if r := a.req.Header.Get("Range"); r != "" {
+		m := rangeRegexp.FindStringSubmatch(r)
+		if m[2] != "" {
+			start, _ = strconv.Atoi(m[2])
+		}
+		if m[3] != "" {
+			end, _ = strconv.Atoi(m[3])
+		}
+	}
+
+	max := func(a int, b int) int {
+		if a > b {
+			return a
+		}
+		return b
+	}
+
+	if manifest, ok := obj.meta["X-Object-Manifest"]; ok {
+		var segments []io.Reader
+		components := strings.SplitN(manifest[0], "/", 2)
+		a.user.RLock()
+		segContainer := a.user.Containers[components[0]]
+		a.user.RUnlock()
+		prefix := components[1]
+		resp := segContainer.list("", "", prefix, "")
+		sum := md5.New()
+		cursor := 0
+		size := 0
+		for _, item := range resp {
+			if obj, ok := item.(*object); ok {
+				length := len(obj.data)
+				size += length
+				sum.Write([]byte(hex.EncodeToString(obj.checksum)))
+				if start >= cursor+length {
+					continue
+				}
+				segments = append(segments, bytes.NewReader(obj.data[max(0, start-cursor):]))
+				cursor += length
+			}
+		}
+		etag = sum.Sum(nil)
+		if end == -1 {
+			end = size - 1
+		}
+		reader = io.LimitReader(io.MultiReader(segments...), int64(end-start+1))
+	} else if value, ok := obj.meta["X-Static-Large-Object"]; ok && value[0] == "True" && a.req.URL.Query().Get("multipart-manifest") != "get" {
+		var segments []io.Reader
+		var segmentList []segment
+		json.Unmarshal(obj.data, &segmentList)
+		cursor := 0
+		size := 0
+		sum := md5.New()
+		for _, segment := range segmentList {
+			components := strings.SplitN(segment.Name[1:], "/", 2)
+			a.user.RLock()
+			segContainer := a.user.Containers[components[0]]
+			a.user.RUnlock()
+			objectName := components[1]
+			segObject := segContainer.objects[objectName]
+			length := len(segObject.data)
+			size += length
+			sum.Write([]byte(hex.EncodeToString(segObject.checksum)))
+			if start >= cursor+length {
+				continue
+			}
+			segments = append(segments, bytes.NewReader(segObject.data[max(0, start-cursor):]))
+			cursor += length
+		}
+		etag = sum.Sum(nil)
+		if end == -1 {
+			end = size - 1
+		}
+		reader = io.LimitReader(io.MultiReader(segments...), int64(end-start+1))
+	} else {
+		if end == -1 {
+			end = len(obj.data) - 1
+		}
+		etag = obj.checksum
+		reader = bytes.NewReader(obj.data[start : end+1])
+	}
+
+	etagHex := hex.EncodeToString(etag)
+
+	if a.req.Header.Get("If-None-Match") == etagHex {
+		a.w.WriteHeader(http.StatusNotModified)
+		return nil
+	}
+
+	h.Set("Content-Length", fmt.Sprint(end-start+1))
+	h.Set("ETag", etagHex)
+	h.Set("Last-Modified", obj.mtime.Format(http.TimeFormat))
+
+	if a.req.Method == "HEAD" {
+		return nil
+	}
+
+	// TODO avoid holding the lock when writing data.
+	_, err := io.Copy(a.w, reader)
+	if err != nil {
+		// we can't do much except just log the fact.
+		log.Printf("error writing data: %v", err)
+	}
+	return nil
+}
+
+// PUT on an object creates the object.
+func (objr objectResource) put(a *action) interface{} {
+	var expectHash []byte
+	if c := a.req.Header.Get("ETag"); c != "" {
+		var err error
+		expectHash, err = hex.DecodeString(c)
+		if err != nil || len(expectHash) != md5.Size {
+			fatalf(400, "InvalidDigest", "The ETag you specified was invalid")
+		}
+	}
+	sum := md5.New()
+	// TODO avoid holding lock while reading data.
+	data, err := ioutil.ReadAll(io.TeeReader(a.req.Body, sum))
+	if err != nil {
+		fatalf(400, "TODO", "read error")
+	}
+	gotHash := sum.Sum(nil)
+	if expectHash != nil && bytes.Compare(gotHash, expectHash) != 0 {
+		fatalf(422, "Bad ETag", "The ETag you specified did not match what we received")
+	}
+	if a.req.ContentLength >= 0 && int64(len(data)) != a.req.ContentLength {
+		fatalf(400, "IncompleteBody", "You did not provide the number of bytes specified by the Content-Length HTTP header")
+	}
+
+	// TODO is this correct, or should we erase all previous metadata?
+	obj := objr.object
+	if obj == nil {
+		obj = &object{
+			name: objr.name,
+			metadata: metadata{
+				meta: make(http.Header),
+			},
+		}
+		atomic.AddInt64(&a.user.Objects, 1)
+	} else {
+		atomic.AddInt64(&objr.container.bytes, -int64(len(obj.data)))
+		atomic.AddInt64(&a.user.BytesUsed, -int64(len(obj.data)))
+	}
+
+	var content_type string
+	if content_type = a.req.Header.Get("Content-Type"); content_type == "" {
+		content_type = mime.TypeByExtension(obj.name)
+		if content_type == "" {
+			content_type = "application/octet-stream"
+		}
+	}
+
+	if a.req.URL.Query().Get("multipart-manifest") == "put" {
+		// TODO: check the content of the SLO
+		a.req.Header.Set("X-Static-Large-Object", "True")
+
+		var segments []segment
+		json.Unmarshal(data, &segments)
+		for i := range segments {
+			segments[i].Name = "/" + segments[i].Path
+			segments[i].Path = ""
+			segments[i].Hash = segments[i].Etag
+			segments[i].Etag = ""
+			segments[i].Bytes = segments[i].Size
+			segments[i].Size = 0
+		}
+
+		data, _ = json.Marshal(segments)
+		sum = md5.New()
+		sum.Write(data)
+		gotHash = sum.Sum(nil)
+	}
+
+	// PUT request has been successful - save data and metadata
+	obj.setMetadata(a, "object")
+	obj.content_type = content_type
+	obj.data = data
+	obj.checksum = gotHash
+	obj.mtime = time.Now().UTC()
+	objr.container.Lock()
+	objr.container.objects[objr.name] = obj
+	objr.container.bytes += int64(len(data))
+	objr.container.Unlock()
+
+	atomic.AddInt64(&a.user.BytesUsed, int64(len(data)))
+
+	h := a.w.Header()
+	h.Set("ETag", hex.EncodeToString(obj.checksum))
+
+	return nil
+}
+
+func (objr objectResource) delete(a *action) interface{} {
+	if objr.object == nil {
+		fatalf(404, "NoSuchKey", "The specified key does not exist.")
+	}
+
+	objr.container.Lock()
+	defer objr.container.Unlock()
+
+	objr.object.Lock()
+	defer objr.object.Unlock()
+
+	objr.container.bytes -= int64(len(objr.object.data))
+	delete(objr.container.objects, objr.name)
+
+	atomic.AddInt64(&a.user.BytesUsed, -int64(len(objr.object.data)))
+	atomic.AddInt64(&a.user.Objects, -1)
+
+	return nil
+}
+
+func (objr objectResource) post(a *action) interface{} {
+	objr.object.Lock()
+	defer objr.object.Unlock()
+
+	obj := objr.object
+	obj.setMetadata(a, "object")
+	return nil
+}
+
+func (objr objectResource) copy(a *action) interface{} {
+	if objr.object == nil {
+		fatalf(404, "NoSuchKey", "The specified key does not exist.")
+	}
+
+	obj := objr.object
+	obj.RLock()
+	defer obj.RUnlock()
+
+	destination := a.req.Header.Get("Destination")
+	if destination == "" {
+		fatalf(400, "Bad Request", "You must provide a Destination header")
+	}
+
+	var (
+		obj2  *object
+		objr2 objectResource
+	)
+
+	destURL, _ := url.Parse("/v1/AUTH_" + TEST_ACCOUNT + "/" + destination)
+	r := a.srv.resourceForURL(destURL)
+	switch t := r.(type) {
+	case objectResource:
+		objr2 = t
+		if objr2.object == nil {
+			obj2 = &object{
+				name: objr2.name,
+				metadata: metadata{
+					meta: make(http.Header),
+				},
+			}
+			atomic.AddInt64(&a.user.Objects, 1)
+		} else {
+			obj2 = objr2.object
+			atomic.AddInt64(&objr2.container.bytes, -int64(len(obj2.data)))
+			atomic.AddInt64(&a.user.BytesUsed, -int64(len(obj2.data)))
+		}
+	default:
+		fatalf(400, "Bad Request", "Destination must point to a valid object path")
+	}
+
+	if objr2.container.name != objr2.container.name && obj2.name != obj.name {
+		obj2.Lock()
+		defer obj2.Unlock()
+	}
+
+	obj2.content_type = obj.content_type
+	obj2.data = obj.data
+	obj2.checksum = obj.checksum
+	obj2.mtime = time.Now()
+
+	for key, values := range obj.metadata.meta {
+		obj2.metadata.meta[key] = values
+	}
+	obj2.setMetadata(a, "object")
+
+	objr2.container.Lock()
+	objr2.container.objects[objr2.name] = obj2
+	objr2.container.bytes += int64(len(obj.data))
+	objr2.container.Unlock()
+
+	atomic.AddInt64(&a.user.BytesUsed, int64(len(obj.data)))
+
+	return nil
+}
+
+func (s *SwiftServer) serveHTTP(w http.ResponseWriter, req *http.Request) {
+	// ignore error from ParseForm as it's usually spurious.
+	req.ParseForm()
+
+	if fn := s.override[req.URL.Path]; fn != nil {
+		originalRW := w
+		recorder := httptest.NewRecorder()
+		w = recorder
+		defer func() {
+			fn(originalRW, req, recorder)
+		}()
+	}
+
+	if DEBUG {
+		log.Printf("swifttest %q %q", req.Method, req.URL)
+	}
+	a := &action{
+		srv:   s,
+		w:     w,
+		req:   req,
+		reqId: fmt.Sprintf("%09X", atomic.LoadInt64(&s.reqId)),
+	}
+	atomic.AddInt64(&s.reqId, 1)
+
+	var r resource
+	defer func() {
+		switch err := recover().(type) {
+		case *swiftError:
+			w.Header().Set("Content-Type", `text/plain; charset=utf-8`)
+			http.Error(w, err.Message, err.statusCode)
+		case nil:
+		default:
+			panic(err)
+		}
+	}()
+
+	var resp interface{}
+
+	if req.URL.String() == "/v1.0" {
+		username := req.Header.Get("x-auth-user")
+		key := req.Header.Get("x-auth-key")
+		s.Lock()
+		defer s.Unlock()
+		if acct, ok := s.Accounts[username]; ok {
+			if acct.password == key {
+				r := make([]byte, 16)
+				_, _ = rand.Read(r)
+				id := fmt.Sprintf("%X", r)
+				w.Header().Set("X-Storage-Url", s.URL+"/AUTH_"+username)
+				w.Header().Set("X-Auth-Token", "AUTH_tk"+string(id))
+				w.Header().Set("X-Storage-Token", "AUTH_tk"+string(id))
+				s.Sessions[id] = &session{
+					username: username,
+				}
+				return
+			}
+		}
+		panic(notAuthorized())
+	}
+
+	if req.URL.String() == "/info" {
+		jsonMarshal(w, &swift.SwiftInfo{
+			"swift": map[string]interface{}{
+				"version": "1.2",
+			},
+			"tempurl": map[string]interface{}{
+				"methods": []string{"GET", "HEAD", "PUT"},
+			},
+			"slo": map[string]interface{}{
+				"max_manifest_segments": 1000,
+				"max_manifest_size":     2097152,
+				"min_segment_size":      1,
+			},
+		})
+		return
+	}
+
+	r = s.resourceForURL(req.URL)
+
+	key := req.Header.Get("x-auth-token")
+	signature := req.URL.Query().Get("temp_url_sig")
+	expires := req.URL.Query().Get("temp_url_expires")
+	if key == "" && signature != "" && expires != "" {
+		accountName, _, _, _ := s.parseURL(req.URL)
+		secretKey := ""
+		s.RLock()
+		if account, ok := s.Accounts[accountName]; ok {
+			secretKey = account.meta.Get("X-Account-Meta-Temp-Url-Key")
+		}
+		s.RUnlock()
+
+		get_hmac := func(method string) string {
+			mac := hmac.New(sha1.New, []byte(secretKey))
+			body := fmt.Sprintf("%s\n%s\n%s", method, expires, req.URL.Path)
+			mac.Write([]byte(body))
+			return hex.EncodeToString(mac.Sum(nil))
+		}
+
+		if req.Method == "HEAD" {
+			if signature != get_hmac("GET") && signature != get_hmac("POST") && signature != get_hmac("PUT") {
+				panic(notAuthorized())
+			}
+		} else if signature != get_hmac(req.Method) {
+			panic(notAuthorized())
+		}
+	} else {
+		s.RLock()
+		session, ok := s.Sessions[key[7:]]
+		if !ok {
+			s.RUnlock()
+			panic(notAuthorized())
+			return
+		}
+
+		a.user = s.Accounts[session.username]
+		s.RUnlock()
+	}
+
+	switch req.Method {
+	case "PUT":
+		resp = r.put(a)
+	case "GET", "HEAD":
+		resp = r.get(a)
+	case "DELETE":
+		resp = r.delete(a)
+	case "POST":
+		resp = r.post(a)
+	case "COPY":
+		resp = r.copy(a)
+	default:
+		fatalf(400, "MethodNotAllowed", "unknown http request method %q", req.Method)
+	}
+
+	content_type := req.Header.Get("Content-Type")
+	if resp != nil && req.Method != "HEAD" {
+		if strings.HasPrefix(content_type, "application/json") ||
+			req.URL.Query().Get("format") == "json" {
+			jsonMarshal(w, resp)
+		} else {
+			switch r := resp.(type) {
+			case string:
+				w.Write([]byte(r))
+			default:
+				w.Write(resp.([]byte))
+			}
+		}
+	}
+}
+
+func (s *SwiftServer) SetOverride(path string, fn HandlerOverrideFunc) {
+	s.override[path] = fn
+}
+
+func (s *SwiftServer) UnsetOverride(path string) {
+	delete(s.override, path)
+}
+
+func jsonMarshal(w io.Writer, x interface{}) {
+	if err := json.NewEncoder(w).Encode(x); err != nil {
+		panic(fmt.Errorf("error marshalling %#v: %v", x, err))
+	}
+}
+
+var pathRegexp = regexp.MustCompile("/v1/AUTH_([a-zA-Z0-9]+)(/([^/]+)(/(.*))?)?")
+
+func (srv *SwiftServer) parseURL(u *url.URL) (account string, container string, object string, err error) {
+	m := pathRegexp.FindStringSubmatch(u.Path)
+	if m == nil {
+		return "", "", "", fmt.Errorf("Couldn't parse the specified URI")
+	}
+	account = m[1]
+	container = m[3]
+	object = m[5]
+	return
+}
+
+// resourceForURL returns a resource object for the given URL.
+func (srv *SwiftServer) resourceForURL(u *url.URL) (r resource) {
+	accountName, containerName, objectName, err := srv.parseURL(u)
+
+	if err != nil {
+		fatalf(404, "InvalidURI", err.Error())
+	}
+
+	srv.RLock()
+	account, ok := srv.Accounts[accountName]
+	if !ok {
+		//srv.RUnlock()
+		fatalf(404, "NoSuchAccount", "The specified account does not exist")
+	}
+	srv.RUnlock()
+
+	account.RLock()
+	if containerName == "" {
+		account.RUnlock()
+		return rootResource{}
+	}
+	account.RUnlock()
+
+	b := containerResource{
+		name:      containerName,
+		container: account.Containers[containerName],
+	}
+
+	if objectName == "" {
+		return b
+	}
+
+	if b.container == nil {
+		fatalf(404, "NoSuchContainer", "The specified container does not exist")
+	}
+
+	objr := objectResource{
+		name:      objectName,
+		version:   u.Query().Get("versionId"),
+		container: b.container,
+	}
+
+	objr.container.RLock()
+	defer objr.container.RUnlock()
+	if obj := objr.container.objects[objr.name]; obj != nil {
+		objr.object = obj
+	}
+	return objr
+}
+
+// nullResource has error stubs for all resource methods.
+type nullResource struct{}
+
+func notAllowed() interface{} {
+	fatalf(400, "MethodNotAllowed", "The specified method is not allowed against this resource")
+	return nil
+}
+
+func notAuthorized() interface{} {
+	fatalf(401, "Unauthorized", "This server could not verify that you are authorized to access the document you requested.")
+	return nil
+}
+
+func (nullResource) put(a *action) interface{}    { return notAllowed() }
+func (nullResource) get(a *action) interface{}    { return notAllowed() }
+func (nullResource) post(a *action) interface{}   { return notAllowed() }
+func (nullResource) delete(a *action) interface{} { return notAllowed() }
+func (nullResource) copy(a *action) interface{}   { return notAllowed() }
+
+type rootResource struct{}
+
+func (rootResource) put(a *action) interface{} { return notAllowed() }
+func (rootResource) get(a *action) interface{} {
+	marker := a.req.Form.Get("marker")
+	prefix := a.req.Form.Get("prefix")
+	format := a.req.URL.Query().Get("format")
+
+	h := a.w.Header()
+
+	h.Set("X-Account-Bytes-Used", strconv.Itoa(int(atomic.LoadInt64(&a.user.BytesUsed))))
+	h.Set("X-Account-Container-Count", strconv.Itoa(int(atomic.LoadInt64(&a.user.Account.Containers))))
+	h.Set("X-Account-Object-Count", strconv.Itoa(int(atomic.LoadInt64(&a.user.Objects))))
+
+	a.user.RLock()
+	defer a.user.RUnlock()
+
+	// add metadata
+	a.user.metadata.getMetadata(a)
+
+	if a.req.Method == "HEAD" {
+		return nil
+	}
+
+	var tmp orderedContainers
+	// first get all matching objects and arrange them in alphabetical order.
+	for _, container := range a.user.Containers {
+		if strings.HasPrefix(container.name, prefix) {
+			tmp = append(tmp, container)
+		}
+	}
+	sort.Sort(tmp)
+
+	resp := make([]Folder, 0)
+	for _, container := range tmp {
+		if container.name <= marker {
+			continue
+		}
+		if format == "json" {
+			resp = append(resp, Folder{
+				Count: int64(len(container.objects)),
+				Bytes: container.bytes,
+				Name:  container.name,
+			})
+		} else {
+			a.w.Write([]byte(container.name + "\n"))
+		}
+	}
+
+	if format == "json" {
+		return resp
+	} else {
+		return nil
+	}
+}
+
+func (r rootResource) post(a *action) interface{} {
+	a.user.Lock()
+	a.user.metadata.setMetadata(a, "account")
+	a.user.Unlock()
+	return nil
+}
+
+func (rootResource) delete(a *action) interface{} {
+	if a.req.URL.Query().Get("bulk-delete") == "1" {
+		fatalf(403, "Operation forbidden", "Bulk delete is not supported")
+	}
+
+	return notAllowed()
+}
+
+func (rootResource) copy(a *action) interface{} { return notAllowed() }
+
+func NewSwiftServer(address string) (*SwiftServer, error) {
+	if strings.Index(address, ":") == -1 {
+		address += ":0"
+	}
+	l, err := net.Listen("tcp", address)
+	if err != nil {
+		return nil, fmt.Errorf("cannot listen on %s: %v", address, err)
+	}
+
+	server := &SwiftServer{
+		Listener: l,
+		AuthURL:  "http://" + l.Addr().String() + "/v1.0",
+		URL:      "http://" + l.Addr().String() + "/v1",
+		Accounts: make(map[string]*account),
+		Sessions: make(map[string]*session),
+		override: make(map[string]HandlerOverrideFunc),
+	}
+
+	server.Accounts[TEST_ACCOUNT] = &account{
+		password: TEST_ACCOUNT,
+		metadata: metadata{
+			meta: make(http.Header),
+		},
+		Containers: make(map[string]*container),
+	}
+
+	go http.Serve(l, http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
+		server.serveHTTP(w, req)
+	}))
+
+	return server, nil
+}
+
+func (srv *SwiftServer) Close() {
+	srv.Listener.Close()
+}
diff --git a/vendor/github.com/ncw/swift/timeout_reader.go b/vendor/github.com/ncw/swift/timeout_reader.go
new file mode 100644
index 000000000..88ae73328
--- /dev/null
+++ b/vendor/github.com/ncw/swift/timeout_reader.go
@@ -0,0 +1,59 @@
+package swift
+
+import (
+	"io"
+	"time"
+)
+
+// An io.ReadCloser which obeys an idle timeout
+type timeoutReader struct {
+	reader  io.ReadCloser
+	timeout time.Duration
+	cancel  func()
+}
+
+// Returns a wrapper around the reader which obeys an idle
+// timeout. The cancel function is called if the timeout happens
+func newTimeoutReader(reader io.ReadCloser, timeout time.Duration, cancel func()) *timeoutReader {
+	return &timeoutReader{
+		reader:  reader,
+		timeout: timeout,
+		cancel:  cancel,
+	}
+}
+
+// Read reads up to len(p) bytes into p
+//
+// Waits at most for timeout for the read to complete otherwise returns a timeout
+func (t *timeoutReader) Read(p []byte) (int, error) {
+	// FIXME limit the amount of data read in one chunk so as to not exceed the timeout?
+	// Do the read in the background
+	type result struct {
+		n   int
+		err error
+	}
+	done := make(chan result, 1)
+	go func() {
+		n, err := t.reader.Read(p)
+		done <- result{n, err}
+	}()
+	// Wait for the read or the timeout
+	timer := time.NewTimer(t.timeout)
+	defer timer.Stop()
+	select {
+	case r := <-done:
+		return r.n, r.err
+	case <-timer.C:
+		t.cancel()
+		return 0, TimeoutError
+	}
+	panic("unreachable") // for Go 1.0
+}
+
+// Close the channel
+func (t *timeoutReader) Close() error {
+	return t.reader.Close()
+}
+
+// Check it satisfies the interface
+var _ io.ReadCloser = &timeoutReader{}
diff --git a/vendor/github.com/ncw/swift/travis_realserver.sh b/vendor/github.com/ncw/swift/travis_realserver.sh
new file mode 100644
index 000000000..970e94c0d
--- /dev/null
+++ b/vendor/github.com/ncw/swift/travis_realserver.sh
@@ -0,0 +1,22 @@
+#!/bin/bash
+set -e
+
+if [ "${TRAVIS_PULL_REQUEST}" = "true" ]; then
+    exit 0
+fi
+
+if [ "${TEST_REAL_SERVER}" = "rackspace" ] && [ ! -z "${RACKSPACE_APIKEY}" ]; then
+    echo "Running tests pointing to Rackspace"
+    export SWIFT_API_KEY=$RACKSPACE_APIKEY
+    export SWIFT_API_USER=$RACKSPACE_USER
+    export SWIFT_AUTH_URL=$RACKSPACE_AUTH
+    go test ./...
+fi
+
+if [ "${TEST_REAL_SERVER}" = "memset" ] && [ ! -z "${MEMSET_APIKEY}" ]; then
+    echo "Running tests pointing to Memset"
+    export SWIFT_API_KEY=$MEMSET_APIKEY
+    export SWIFT_API_USER=$MEMSET_USER
+    export SWIFT_AUTH_URL=$MEMSET_AUTH
+    go test
+fi
diff --git a/vendor/github.com/ncw/swift/watchdog_reader.go b/vendor/github.com/ncw/swift/watchdog_reader.go
new file mode 100644
index 000000000..2714c9e1a
--- /dev/null
+++ b/vendor/github.com/ncw/swift/watchdog_reader.go
@@ -0,0 +1,55 @@
+package swift
+
+import (
+	"io"
+	"time"
+)
+
+var watchdogChunkSize = 1 << 20 // 1 MiB
+
+// An io.Reader which resets a watchdog timer whenever data is read
+type watchdogReader struct {
+	timeout   time.Duration
+	reader    io.Reader
+	timer     *time.Timer
+	chunkSize int
+}
+
+// Returns a new reader which will kick the watchdog timer whenever data is read
+func newWatchdogReader(reader io.Reader, timeout time.Duration, timer *time.Timer) *watchdogReader {
+	return &watchdogReader{
+		timeout:   timeout,
+		reader:    reader,
+		timer:     timer,
+		chunkSize: watchdogChunkSize,
+	}
+}
+
+// Read reads up to len(p) bytes into p
+func (t *watchdogReader) Read(p []byte) (int, error) {
+	//read from underlying reader in chunks not larger than t.chunkSize
+	//while resetting the watchdog timer before every read; the small chunk
+	//size ensures that the timer does not fire when reading a large amount of
+	//data from a slow connection
+	start := 0
+	end := len(p)
+	for start < end {
+		length := end - start
+		if length > t.chunkSize {
+			length = t.chunkSize
+		}
+
+		resetTimer(t.timer, t.timeout)
+		n, err := t.reader.Read(p[start : start+length])
+		start += n
+		if n == 0 || err != nil {
+			return start, err
+		}
+	}
+
+	resetTimer(t.timer, t.timeout)
+	return start, nil
+}
+
+// Check it satisfies the interface
+var _ io.Reader = &watchdogReader{}
diff --git a/vendor/github.com/rogpeppe/go-internal/LICENSE b/vendor/github.com/rogpeppe/go-internal/LICENSE
new file mode 100644
index 000000000..49ea0f928
--- /dev/null
+++ b/vendor/github.com/rogpeppe/go-internal/LICENSE
@@ -0,0 +1,27 @@
+Copyright (c) 2018 The Go Authors. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+   * Redistributions of source code must retain the above copyright
+notice, this list of conditions and the following disclaimer.
+   * Redistributions in binary form must reproduce the above
+copyright notice, this list of conditions and the following disclaimer
+in the documentation and/or other materials provided with the
+distribution.
+   * Neither the name of Google Inc. nor the names of its
+contributors may be used to endorse or promote products derived from
+this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/vendor/github.com/rogpeppe/go-internal/fmtsort/mapelem.go b/vendor/github.com/rogpeppe/go-internal/fmtsort/mapelem.go
new file mode 100644
index 000000000..98e4e38f4
--- /dev/null
+++ b/vendor/github.com/rogpeppe/go-internal/fmtsort/mapelem.go
@@ -0,0 +1,20 @@
+package fmtsort
+
+import "reflect"
+
+const brokenNaNs = false
+
+func mapElems(mapValue reflect.Value) ([]reflect.Value, []reflect.Value) {
+	// Note: this code is arranged to not panic even in the presence
+	// of a concurrent map update. The runtime is responsible for
+	// yelling loudly if that happens. See issue 33275.
+	n := mapValue.Len()
+	key := make([]reflect.Value, 0, n)
+	value := make([]reflect.Value, 0, n)
+	iter := mapValue.MapRange()
+	for iter.Next() {
+		key = append(key, iter.Key())
+		value = append(value, iter.Value())
+	}
+	return key, value
+}
diff --git a/vendor/github.com/rogpeppe/go-internal/fmtsort/sort.go b/vendor/github.com/rogpeppe/go-internal/fmtsort/sort.go
new file mode 100644
index 000000000..7f5185417
--- /dev/null
+++ b/vendor/github.com/rogpeppe/go-internal/fmtsort/sort.go
@@ -0,0 +1,209 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package fmtsort provides a general stable ordering mechanism
+// for maps, on behalf of the fmt and text/template packages.
+// It is not guaranteed to be efficient and works only for types
+// that are valid map keys.
+package fmtsort
+
+import (
+	"reflect"
+	"sort"
+)
+
+// Note: Throughout this package we avoid calling reflect.Value.Interface as
+// it is not always legal to do so and it's easier to avoid the issue than to face it.
+
+// SortedMap represents a map's keys and values. The keys and values are
+// aligned in index order: Value[i] is the value in the map corresponding to Key[i].
+type SortedMap struct {
+	Key   []reflect.Value
+	Value []reflect.Value
+}
+
+func (o *SortedMap) Len() int           { return len(o.Key) }
+func (o *SortedMap) Less(i, j int) bool { return compare(o.Key[i], o.Key[j]) < 0 }
+func (o *SortedMap) Swap(i, j int) {
+	o.Key[i], o.Key[j] = o.Key[j], o.Key[i]
+	o.Value[i], o.Value[j] = o.Value[j], o.Value[i]
+}
+
+// Sort accepts a map and returns a SortedMap that has the same keys and
+// values but in a stable sorted order according to the keys, modulo issues
+// raised by unorderable key values such as NaNs.
+//
+// The ordering rules are more general than with Go's < operator:
+//
+//   - when applicable, nil compares low
+//   - ints, floats, and strings order by <
+//   - NaN compares less than non-NaN floats
+//   - bool compares false before true
+//   - complex compares real, then imag
+//   - pointers compare by machine address
+//   - channel values compare by machine address
+//   - structs compare each field in turn
+//   - arrays compare each element in turn.
+//     Otherwise identical arrays compare by length.
+//   - interface values compare first by reflect.Type describing the concrete type
+//     and then by concrete value as described in the previous rules.
+func Sort(mapValue reflect.Value) *SortedMap {
+	if mapValue.Type().Kind() != reflect.Map {
+		return nil
+	}
+	key, value := mapElems(mapValue)
+	sorted := &SortedMap{
+		Key:   key,
+		Value: value,
+	}
+	sort.Stable(sorted)
+	return sorted
+}
+
+// compare compares two values of the same type. It returns -1, 0, 1
+// according to whether a > b (1), a == b (0), or a < b (-1).
+// If the types differ, it returns -1.
+// See the comment on Sort for the comparison rules.
+func compare(aVal, bVal reflect.Value) int {
+	aType, bType := aVal.Type(), bVal.Type()
+	if aType != bType {
+		return -1 // No good answer possible, but don't return 0: they're not equal.
+	}
+	switch aVal.Kind() {
+	case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64:
+		a, b := aVal.Int(), bVal.Int()
+		switch {
+		case a < b:
+			return -1
+		case a > b:
+			return 1
+		default:
+			return 0
+		}
+	case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr:
+		a, b := aVal.Uint(), bVal.Uint()
+		switch {
+		case a < b:
+			return -1
+		case a > b:
+			return 1
+		default:
+			return 0
+		}
+	case reflect.String:
+		a, b := aVal.String(), bVal.String()
+		switch {
+		case a < b:
+			return -1
+		case a > b:
+			return 1
+		default:
+			return 0
+		}
+	case reflect.Float32, reflect.Float64:
+		return floatCompare(aVal.Float(), bVal.Float())
+	case reflect.Complex64, reflect.Complex128:
+		a, b := aVal.Complex(), bVal.Complex()
+		if c := floatCompare(real(a), real(b)); c != 0 {
+			return c
+		}
+		return floatCompare(imag(a), imag(b))
+	case reflect.Bool:
+		a, b := aVal.Bool(), bVal.Bool()
+		switch {
+		case a == b:
+			return 0
+		case a:
+			return 1
+		default:
+			return -1
+		}
+	case reflect.Ptr:
+		a, b := aVal.Pointer(), bVal.Pointer()
+		switch {
+		case a < b:
+			return -1
+		case a > b:
+			return 1
+		default:
+			return 0
+		}
+	case reflect.Chan:
+		if c, ok := nilCompare(aVal, bVal); ok {
+			return c
+		}
+		ap, bp := aVal.Pointer(), bVal.Pointer()
+		switch {
+		case ap < bp:
+			return -1
+		case ap > bp:
+			return 1
+		default:
+			return 0
+		}
+	case reflect.Struct:
+		for i := 0; i < aVal.NumField(); i++ {
+			if c := compare(aVal.Field(i), bVal.Field(i)); c != 0 {
+				return c
+			}
+		}
+		return 0
+	case reflect.Array:
+		for i := 0; i < aVal.Len(); i++ {
+			if c := compare(aVal.Index(i), bVal.Index(i)); c != 0 {
+				return c
+			}
+		}
+		return 0
+	case reflect.Interface:
+		if c, ok := nilCompare(aVal, bVal); ok {
+			return c
+		}
+		c := compare(reflect.ValueOf(aVal.Elem().Type()), reflect.ValueOf(bVal.Elem().Type()))
+		if c != 0 {
+			return c
+		}
+		return compare(aVal.Elem(), bVal.Elem())
+	default:
+		// Certain types cannot appear as keys (maps, funcs, slices), but be explicit.
+		panic("bad type in compare: " + aType.String())
+	}
+}
+
+// nilCompare checks whether either value is nil. If not, the boolean is false.
+// If either value is nil, the boolean is true and the integer is the comparison
+// value. The comparison is defined to be 0 if both are nil, otherwise the one
+// nil value compares low. Both arguments must represent a chan, func,
+// interface, map, pointer, or slice.
+func nilCompare(aVal, bVal reflect.Value) (int, bool) {
+	if aVal.IsNil() {
+		if bVal.IsNil() {
+			return 0, true
+		}
+		return -1, true
+	}
+	if bVal.IsNil() {
+		return 1, true
+	}
+	return 0, false
+}
+
+// floatCompare compares two floating-point values. NaNs compare low.
+func floatCompare(a, b float64) int {
+	switch {
+	case isNaN(a):
+		return -1 // No good answer if b is a NaN so don't bother checking.
+	case isNaN(b):
+		return 1
+	case a < b:
+		return -1
+	case a > b:
+		return 1
+	}
+	return 0
+}
+
+func isNaN(a float64) bool {
+	return a != a
+}
diff --git a/vendor/github.com/yvasiyarov/go-metrics/.gitignore b/vendor/github.com/yvasiyarov/go-metrics/.gitignore
new file mode 100644
index 000000000..83c8f8237
--- /dev/null
+++ b/vendor/github.com/yvasiyarov/go-metrics/.gitignore
@@ -0,0 +1,9 @@
+*.[68]
+*.a
+*.out
+*.swp
+_obj
+_testmain.go
+cmd/metrics-bench/metrics-bench
+cmd/metrics-example/metrics-example
+cmd/never-read/never-read
diff --git a/vendor/github.com/yvasiyarov/go-metrics/LICENSE b/vendor/github.com/yvasiyarov/go-metrics/LICENSE
new file mode 100644
index 000000000..363fa9ee7
--- /dev/null
+++ b/vendor/github.com/yvasiyarov/go-metrics/LICENSE
@@ -0,0 +1,29 @@
+Copyright 2012 Richard Crowley. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+    1.  Redistributions of source code must retain the above copyright
+        notice, this list of conditions and the following disclaimer.
+
+    2.  Redistributions in binary form must reproduce the above
+        copyright notice, this list of conditions and the following
+        disclaimer in the documentation and/or other materials provided
+        with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY RICHARD CROWLEY ``AS IS'' AND ANY EXPRESS
+OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL RICHARD CROWLEY OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+THE POSSIBILITY OF SUCH DAMAGE.
+
+The views and conclusions contained in the software and documentation
+are those of the authors and should not be interpreted as representing
+official policies, either expressed or implied, of Richard Crowley.
diff --git a/vendor/github.com/yvasiyarov/go-metrics/README.md b/vendor/github.com/yvasiyarov/go-metrics/README.md
new file mode 100644
index 000000000..e0091a4bd
--- /dev/null
+++ b/vendor/github.com/yvasiyarov/go-metrics/README.md
@@ -0,0 +1,104 @@
+go-metrics
+==========
+
+Go port of Coda Hale's Metrics library: <https://github.com/codahale/metrics>.
+
+Documentation: <http://godoc.org/github.com/rcrowley/go-metrics>.
+
+Usage
+-----
+
+Create and update metrics:
+
+```go
+c := metrics.NewCounter()
+metrics.Register("foo", c)
+c.Inc(47)
+
+g := metrics.NewGauge()
+metrics.Register("bar", g)
+g.Update(47)
+
+s := metrics.NewExpDecaySample(1028, 0.015) // or metrics.NewUniformSample(1028)
+h := metrics.NewHistogram(s)
+metrics.Register("baz", h)
+h.Update(47)
+
+m := metrics.NewMeter()
+metrics.Register("quux", m)
+m.Mark(47)
+
+t := metrics.NewTimer()
+metrics.Register("bang", t)
+t.Time(func() {})
+t.Update(47)
+```
+
+Periodically log every metric in human-readable form to standard error:
+
+```go
+go metrics.Log(metrics.DefaultRegistry, 60e9, log.New(os.Stderr, "metrics: ", log.Lmicroseconds))
+```
+
+Periodically log every metric in slightly-more-parseable form to syslog:
+
+```go
+w, _ := syslog.Dial("unixgram", "/dev/log", syslog.LOG_INFO, "metrics")
+go metrics.Syslog(metrics.DefaultRegistry, 60e9, w)
+```
+
+Periodically emit every metric to Graphite:
+
+```go
+addr, _ := net.ResolveTCPAddr("tcp", "127.0.0.1:2003")
+go metrics.Graphite(metrics.DefaultRegistry, 10e9, "metrics", addr)
+```
+
+Periodically emit every metric into InfluxDB:
+
+```go
+import "github.com/rcrowley/go-metrics/influxdb"
+
+go influxdb.Influxdb(metrics.DefaultRegistry, 10e9, &influxdb.Config{
+    Host:     "127.0.0.1:8086",
+    Database: "metrics",
+    Username: "test",
+    Password: "test",
+})
+```
+
+Periodically upload every metric to Librato:
+
+```go
+import "github.com/rcrowley/go-metrics/librato"
+
+go librato.Librato(metrics.DefaultRegistry,
+    10e9,                  // interval
+    "example@example.com", // account owner email address
+    "token",               // Librato API token
+    "hostname",            // source
+    []float64{0.95},       // precentiles to send
+    time.Millisecond,      // time unit
+)
+```
+
+Periodically emit every metric to StatHat:
+
+```go
+import "github.com/rcrowley/go-metrics/stathat"
+
+go stathat.Stathat(metrics.DefaultRegistry, 10e9, "example@example.com")
+```
+
+Installation
+------------
+
+```sh
+go get github.com/rcrowley/go-metrics
+```
+
+StatHat support additionally requires their Go client:
+
+```sh
+go get github.com/stathat/go
+```
diff --git a/vendor/github.com/yvasiyarov/go-metrics/counter.go b/vendor/github.com/yvasiyarov/go-metrics/counter.go
new file mode 100644
index 000000000..bb7b039cb
--- /dev/null
+++ b/vendor/github.com/yvasiyarov/go-metrics/counter.go
@@ -0,0 +1,112 @@
+package metrics
+
+import "sync/atomic"
+
+// Counters hold an int64 value that can be incremented and decremented.
+type Counter interface {
+	Clear()
+	Count() int64
+	Dec(int64)
+	Inc(int64)
+	Snapshot() Counter
+}
+
+// GetOrRegisterCounter returns an existing Counter or constructs and registers
+// a new StandardCounter.
+func GetOrRegisterCounter(name string, r Registry) Counter {
+	if nil == r {
+		r = DefaultRegistry
+	}
+	return r.GetOrRegister(name, NewCounter).(Counter)
+}
+
+// NewCounter constructs a new StandardCounter.
+func NewCounter() Counter {
+	if UseNilMetrics {
+		return NilCounter{}
+	}
+	return &StandardCounter{0}
+}
+
+// NewRegisteredCounter constructs and registers a new StandardCounter.
+func NewRegisteredCounter(name string, r Registry) Counter {
+	c := NewCounter()
+	if nil == r {
+		r = DefaultRegistry
+	}
+	r.Register(name, c)
+	return c
+}
+
+// CounterSnapshot is a read-only copy of another Counter.
+type CounterSnapshot int64
+
+// Clear panics.
+func (CounterSnapshot) Clear() {
+	panic("Clear called on a CounterSnapshot")
+}
+
+// Count returns the count at the time the snapshot was taken.
+func (c CounterSnapshot) Count() int64 { return int64(c) }
+
+// Dec panics.
+func (CounterSnapshot) Dec(int64) {
+	panic("Dec called on a CounterSnapshot")
+}
+
+// Inc panics.
+func (CounterSnapshot) Inc(int64) {
+	panic("Inc called on a CounterSnapshot")
+}
+
+// Snapshot returns the snapshot.
+func (c CounterSnapshot) Snapshot() Counter { return c }
+
+// NilCounter is a no-op Counter.
+type NilCounter struct{}
+
+// Clear is a no-op.
+func (NilCounter) Clear() {}
+
+// Count is a no-op.
+func (NilCounter) Count() int64 { return 0 }
+
+// Dec is a no-op.
+func (NilCounter) Dec(i int64) {}
+
+// Inc is a no-op.
+func (NilCounter) Inc(i int64) {}
+
+// Snapshot is a no-op.
+func (NilCounter) Snapshot() Counter { return NilCounter{} }
+
+// StandardCounter is the standard implementation of a Counter and uses the
+// sync/atomic package to manage a single int64 value.
+type StandardCounter struct {
+	count int64
+}
+
+// Clear sets the counter to zero.
+func (c *StandardCounter) Clear() {
+	atomic.StoreInt64(&c.count, 0)
+}
+
+// Count returns the current count.
+func (c *StandardCounter) Count() int64 {
+	return atomic.LoadInt64(&c.count)
+}
+
+// Dec decrements the counter by the given amount.
+func (c *StandardCounter) Dec(i int64) {
+	atomic.AddInt64(&c.count, -i)
+}
+
+// Inc increments the counter by the given amount.
+func (c *StandardCounter) Inc(i int64) {
+	atomic.AddInt64(&c.count, i)
+}
+
+// Snapshot returns a read-only copy of the counter.
+func (c *StandardCounter) Snapshot() Counter {
+	return CounterSnapshot(c.Count())
+}
diff --git a/vendor/github.com/yvasiyarov/go-metrics/debug.go b/vendor/github.com/yvasiyarov/go-metrics/debug.go
new file mode 100644
index 000000000..043ccefab
--- /dev/null
+++ b/vendor/github.com/yvasiyarov/go-metrics/debug.go
@@ -0,0 +1,76 @@
+package metrics
+
+import (
+	"runtime/debug"
+	"time"
+)
+
+var (
+	debugMetrics struct {
+		GCStats struct {
+			LastGC Gauge
+			NumGC  Gauge
+			Pause  Histogram
+			//PauseQuantiles Histogram
+			PauseTotal Gauge
+		}
+		ReadGCStats Timer
+	}
+	gcStats debug.GCStats
+)
+
+// Capture new values for the Go garbage collector statistics exported in
+// debug.GCStats.  This is designed to be called as a goroutine.
+func CaptureDebugGCStats(r Registry, d time.Duration) {
+	for _ = range time.Tick(d) {
+		CaptureDebugGCStatsOnce(r)
+	}
+}
+
+// Capture new values for the Go garbage collector statistics exported in
+// debug.GCStats.  This is designed to be called in a background goroutine.
+// Giving a registry which has not been given to RegisterDebugGCStats will
+// panic.
+//
+// Be careful (but much less so) with this because debug.ReadGCStats calls
+// the C function runtime·lock(runtime·mheap) which, while not a stop-the-world
+// operation, isn't something you want to be doing all the time.
+func CaptureDebugGCStatsOnce(r Registry) {
+	lastGC := gcStats.LastGC
+	t := time.Now()
+	debug.ReadGCStats(&gcStats)
+	debugMetrics.ReadGCStats.UpdateSince(t)
+
+	debugMetrics.GCStats.LastGC.Update(int64(gcStats.LastGC.UnixNano()))
+	debugMetrics.GCStats.NumGC.Update(int64(gcStats.NumGC))
+	if lastGC != gcStats.LastGC && 0 < len(gcStats.Pause) {
+		debugMetrics.GCStats.Pause.Update(int64(gcStats.Pause[0]))
+	}
+	//debugMetrics.GCStats.PauseQuantiles.Update(gcStats.PauseQuantiles)
+	debugMetrics.GCStats.PauseTotal.Update(int64(gcStats.PauseTotal))
+}
+
+// Register metrics for the Go garbage collector statistics exported in
+// debug.GCStats.  The metrics are named by their fully-qualified Go symbols,
+// i.e. debug.GCStats.PauseTotal.
+func RegisterDebugGCStats(r Registry) {
+	debugMetrics.GCStats.LastGC = NewGauge()
+	debugMetrics.GCStats.NumGC = NewGauge()
+	debugMetrics.GCStats.Pause = NewHistogram(NewExpDecaySample(1028, 0.015))
+	//debugMetrics.GCStats.PauseQuantiles = NewHistogram(NewExpDecaySample(1028, 0.015))
+	debugMetrics.GCStats.PauseTotal = NewGauge()
+	debugMetrics.ReadGCStats = NewTimer()
+
+	r.Register("debug.GCStats.LastGC", debugMetrics.GCStats.LastGC)
+	r.Register("debug.GCStats.NumGC", debugMetrics.GCStats.NumGC)
+	r.Register("debug.GCStats.Pause", debugMetrics.GCStats.Pause)
+	//r.Register("debug.GCStats.PauseQuantiles", debugMetrics.GCStats.PauseQuantiles)
+	r.Register("debug.GCStats.PauseTotal", debugMetrics.GCStats.PauseTotal)
+	r.Register("debug.ReadGCStats", debugMetrics.ReadGCStats)
+}
+
+// Allocate an initial slice for gcStats.Pause to avoid allocations during
+// normal operation.
+func init() {
+	gcStats.Pause = make([]time.Duration, 11)
+}
diff --git a/vendor/github.com/yvasiyarov/go-metrics/ewma.go b/vendor/github.com/yvasiyarov/go-metrics/ewma.go
new file mode 100644
index 000000000..7c152a174
--- /dev/null
+++ b/vendor/github.com/yvasiyarov/go-metrics/ewma.go
@@ -0,0 +1,118 @@
+package metrics
+
+import (
+	"math"
+	"sync"
+	"sync/atomic"
+)
+
+// EWMAs continuously calculate an exponentially-weighted moving average
+// based on an outside source of clock ticks.
+type EWMA interface {
+	Rate() float64
+	Snapshot() EWMA
+	Tick()
+	Update(int64)
+}
+
+// NewEWMA constructs a new EWMA with the given alpha.
+func NewEWMA(alpha float64) EWMA {
+	if UseNilMetrics {
+		return NilEWMA{}
+	}
+	return &StandardEWMA{alpha: alpha}
+}
+
+// NewEWMA1 constructs a new EWMA for a one-minute moving average.
+func NewEWMA1() EWMA {
+	return NewEWMA(1 - math.Exp(-5.0/60.0/1))
+}
+
+// NewEWMA5 constructs a new EWMA for a five-minute moving average.
+func NewEWMA5() EWMA {
+	return NewEWMA(1 - math.Exp(-5.0/60.0/5))
+}
+
+// NewEWMA15 constructs a new EWMA for a fifteen-minute moving average.
+func NewEWMA15() EWMA {
+	return NewEWMA(1 - math.Exp(-5.0/60.0/15))
+}
+
+// EWMASnapshot is a read-only copy of another EWMA.
+type EWMASnapshot float64
+
+// Rate returns the rate of events per second at the time the snapshot was
+// taken.
+func (a EWMASnapshot) Rate() float64 { return float64(a) }
+
+// Snapshot returns the snapshot.
+func (a EWMASnapshot) Snapshot() EWMA { return a }
+
+// Tick panics.
+func (EWMASnapshot) Tick() {
+	panic("Tick called on an EWMASnapshot")
+}
+
+// Update panics.
+func (EWMASnapshot) Update(int64) {
+	panic("Update called on an EWMASnapshot")
+}
+
+// NilEWMA is a no-op EWMA.
+type NilEWMA struct{}
+
+// Rate is a no-op.
+func (NilEWMA) Rate() float64 { return 0.0 }
+
+// Snapshot is a no-op.
+func (NilEWMA) Snapshot() EWMA { return NilEWMA{} }
+
+// Tick is a no-op.
+func (NilEWMA) Tick() {}
+
+// Update is a no-op.
+func (NilEWMA) Update(n int64) {}
+
+// StandardEWMA is the standard implementation of an EWMA and tracks the number
+// of uncounted events and processes them on each tick.  It uses the
+// sync/atomic package to manage uncounted events.
+type StandardEWMA struct {
+	uncounted int64		// /!\ this should be the first member to ensure 64-bit alignment
+	alpha     float64
+	rate      float64
+	init      bool
+	mutex     sync.Mutex
+}
+
+// Rate returns the moving average rate of events per second.
+func (a *StandardEWMA) Rate() float64 {
+	a.mutex.Lock()
+	defer a.mutex.Unlock()
+	return a.rate * float64(1e9)
+}
+
+// Snapshot returns a read-only copy of the EWMA.
+func (a *StandardEWMA) Snapshot() EWMA {
+	return EWMASnapshot(a.Rate())
+}
+
+// Tick ticks the clock to update the moving average.  It assumes it is called
+// every five seconds.
+func (a *StandardEWMA) Tick() {
+	count := atomic.LoadInt64(&a.uncounted)
+	atomic.AddInt64(&a.uncounted, -count)
+	instantRate := float64(count) / float64(5e9)
+	a.mutex.Lock()
+	defer a.mutex.Unlock()
+	if a.init {
+		a.rate += a.alpha * (instantRate - a.rate)
+	} else {
+		a.init = true
+		a.rate = instantRate
+	}
+}
+
+// Update adds n uncounted events.
+func (a *StandardEWMA) Update(n int64) {
+	atomic.AddInt64(&a.uncounted, n)
+}
diff --git a/vendor/github.com/yvasiyarov/go-metrics/gauge.go b/vendor/github.com/yvasiyarov/go-metrics/gauge.go
new file mode 100644
index 000000000..807638a31
--- /dev/null
+++ b/vendor/github.com/yvasiyarov/go-metrics/gauge.go
@@ -0,0 +1,84 @@
+package metrics
+
+import "sync/atomic"
+
+// Gauges hold an int64 value that can be set arbitrarily.
+type Gauge interface {
+	Snapshot() Gauge
+	Update(int64)
+	Value() int64
+}
+
+// GetOrRegisterGauge returns an existing Gauge or constructs and registers a
+// new StandardGauge.
+func GetOrRegisterGauge(name string, r Registry) Gauge {
+	if nil == r {
+		r = DefaultRegistry
+	}
+	return r.GetOrRegister(name, NewGauge).(Gauge)
+}
+
+// NewGauge constructs a new StandardGauge.
+func NewGauge() Gauge {
+	if UseNilMetrics {
+		return NilGauge{}
+	}
+	return &StandardGauge{0}
+}
+
+// NewRegisteredGauge constructs and registers a new StandardGauge.
+func NewRegisteredGauge(name string, r Registry) Gauge {
+	c := NewGauge()
+	if nil == r {
+		r = DefaultRegistry
+	}
+	r.Register(name, c)
+	return c
+}
+
+// GaugeSnapshot is a read-only copy of another Gauge.
+type GaugeSnapshot int64
+
+// Snapshot returns the snapshot.
+func (g GaugeSnapshot) Snapshot() Gauge { return g }
+
+// Update panics.
+func (GaugeSnapshot) Update(int64) {
+	panic("Update called on a GaugeSnapshot")
+}
+
+// Value returns the value at the time the snapshot was taken.
+func (g GaugeSnapshot) Value() int64 { return int64(g) }
+
+// NilGauge is a no-op Gauge.
+type NilGauge struct{}
+
+// Snapshot is a no-op.
+func (NilGauge) Snapshot() Gauge { return NilGauge{} }
+
+// Update is a no-op.
+func (NilGauge) Update(v int64) {}
+
+// Value is a no-op.
+func (NilGauge) Value() int64 { return 0 }
+
+// StandardGauge is the standard implementation of a Gauge and uses the
+// sync/atomic package to manage a single int64 value.
+type StandardGauge struct {
+	value int64
+}
+
+// Snapshot returns a read-only copy of the gauge.
+func (g *StandardGauge) Snapshot() Gauge {
+	return GaugeSnapshot(g.Value())
+}
+
+// Update updates the gauge's value.
+func (g *StandardGauge) Update(v int64) {
+	atomic.StoreInt64(&g.value, v)
+}
+
+// Value returns the gauge's current value.
+func (g *StandardGauge) Value() int64 {
+	return atomic.LoadInt64(&g.value)
+}
diff --git a/vendor/github.com/yvasiyarov/go-metrics/gauge_float64.go b/vendor/github.com/yvasiyarov/go-metrics/gauge_float64.go
new file mode 100644
index 000000000..47c3566c2
--- /dev/null
+++ b/vendor/github.com/yvasiyarov/go-metrics/gauge_float64.go
@@ -0,0 +1,91 @@
+package metrics
+
+import "sync"
+
+// GaugeFloat64s hold a float64 value that can be set arbitrarily.
+type GaugeFloat64 interface {
+	Snapshot() GaugeFloat64
+	Update(float64)
+	Value() float64
+}
+
+// GetOrRegisterGaugeFloat64 returns an existing GaugeFloat64 or constructs and registers a
+// new StandardGaugeFloat64.
+func GetOrRegisterGaugeFloat64(name string, r Registry) GaugeFloat64 {
+	if nil == r {
+		r = DefaultRegistry
+	}
+	return r.GetOrRegister(name, NewGaugeFloat64()).(GaugeFloat64)
+}
+
+// NewGaugeFloat64 constructs a new StandardGaugeFloat64.
+func NewGaugeFloat64() GaugeFloat64 {
+	if UseNilMetrics {
+		return NilGaugeFloat64{}
+	}
+	return &StandardGaugeFloat64{
+		value: 0.0,
+	}
+}
+
+// NewRegisteredGaugeFloat64 constructs and registers a new StandardGaugeFloat64.
+func NewRegisteredGaugeFloat64(name string, r Registry) GaugeFloat64 {
+	c := NewGaugeFloat64()
+	if nil == r {
+		r = DefaultRegistry
+	}
+	r.Register(name, c)
+	return c
+}
+
+// GaugeFloat64Snapshot is a read-only copy of another GaugeFloat64.
+type GaugeFloat64Snapshot float64
+
+// Snapshot returns the snapshot.
+func (g GaugeFloat64Snapshot) Snapshot() GaugeFloat64 { return g }
+
+// Update panics.
+func (GaugeFloat64Snapshot) Update(float64) {
+	panic("Update called on a GaugeFloat64Snapshot")
+}
+
+// Value returns the value at the time the snapshot was taken.
+func (g GaugeFloat64Snapshot) Value() float64 { return float64(g) }
+
+// NilGauge is a no-op Gauge.
+type NilGaugeFloat64 struct{}
+
+// Snapshot is a no-op.
+func (NilGaugeFloat64) Snapshot() GaugeFloat64 { return NilGaugeFloat64{} }
+
+// Update is a no-op.
+func (NilGaugeFloat64) Update(v float64) {}
+
+// Value is a no-op.
+func (NilGaugeFloat64) Value() float64 { return 0.0 }
+
+// StandardGaugeFloat64 is the standard implementation of a GaugeFloat64 and uses
+// sync.Mutex to manage a single float64 value.
+type StandardGaugeFloat64 struct {
+	mutex sync.Mutex
+	value float64
+}
+
+// Snapshot returns a read-only copy of the gauge.
+func (g *StandardGaugeFloat64) Snapshot() GaugeFloat64 {
+	return GaugeFloat64Snapshot(g.Value())
+}
+
+// Update updates the gauge's value.
+func (g *StandardGaugeFloat64) Update(v float64) {
+	g.mutex.Lock()
+	defer g.mutex.Unlock()
+	g.value = v
+}
+
+// Value returns the gauge's current value.
+func (g *StandardGaugeFloat64) Value() float64 {
+	g.mutex.Lock()
+	defer g.mutex.Unlock()
+	return g.value
+}
diff --git a/vendor/github.com/yvasiyarov/go-metrics/graphite.go b/vendor/github.com/yvasiyarov/go-metrics/graphite.go
new file mode 100644
index 000000000..643b3ec50
--- /dev/null
+++ b/vendor/github.com/yvasiyarov/go-metrics/graphite.go
@@ -0,0 +1,104 @@
+package metrics
+
+import (
+	"bufio"
+	"fmt"
+	"log"
+	"net"
+	"strconv"
+	"strings"
+	"time"
+)
+
+// GraphiteConfig provides a container with configuration parameters for
+// the Graphite exporter
+type GraphiteConfig struct {
+	Addr          *net.TCPAddr  // Network address to connect to
+	Registry      Registry      // Registry to be exported
+	FlushInterval time.Duration // Flush interval
+	DurationUnit  time.Duration // Time conversion unit for durations
+	Prefix        string        // Prefix to be prepended to metric names
+	Percentiles   []float64     // Percentiles to export from timers and histograms
+}
+
+// Graphite is a blocking exporter function which reports metrics in r
+// to a graphite server located at addr, flushing them every d duration
+// and prepending metric names with prefix.
+func Graphite(r Registry, d time.Duration, prefix string, addr *net.TCPAddr) {
+	GraphiteWithConfig(GraphiteConfig{
+		Addr:          addr,
+		Registry:      r,
+		FlushInterval: d,
+		DurationUnit:  time.Nanosecond,
+		Prefix:        prefix,
+		Percentiles:   []float64{0.5, 0.75, 0.95, 0.99, 0.999},
+	})
+}
+
+// GraphiteWithConfig is a blocking exporter function just like Graphite,
+// but it takes a GraphiteConfig instead.
+func GraphiteWithConfig(c GraphiteConfig) {
+	for _ = range time.Tick(c.FlushInterval) {
+		if err := graphite(&c); nil != err {
+			log.Println(err)
+		}
+	}
+}
+
+func graphite(c *GraphiteConfig) error {
+	now := time.Now().Unix()
+	du := float64(c.DurationUnit)
+	conn, err := net.DialTCP("tcp", nil, c.Addr)
+	if nil != err {
+		return err
+	}
+	defer conn.Close()
+	w := bufio.NewWriter(conn)
+	c.Registry.Each(func(name string, i interface{}) {
+		switch metric := i.(type) {
+		case Counter:
+			fmt.Fprintf(w, "%s.%s.count %d %d\n", c.Prefix, name, metric.Count(), now)
+		case Gauge:
+			fmt.Fprintf(w, "%s.%s.value %d %d\n", c.Prefix, name, metric.Value(), now)
+		case GaugeFloat64:
+			fmt.Fprintf(w, "%s.%s.value %f %d\n", c.Prefix, name, metric.Value(), now)
+		case Histogram:
+			h := metric.Snapshot()
+			ps := h.Percentiles(c.Percentiles)
+			fmt.Fprintf(w, "%s.%s.count %d %d\n", c.Prefix, name, h.Count(), now)
+			fmt.Fprintf(w, "%s.%s.min %d %d\n", c.Prefix, name, h.Min(), now)
+			fmt.Fprintf(w, "%s.%s.max %d %d\n", c.Prefix, name, h.Max(), now)
+			fmt.Fprintf(w, "%s.%s.mean %.2f %d\n", c.Prefix, name, h.Mean(), now)
+			fmt.Fprintf(w, "%s.%s.std-dev %.2f %d\n", c.Prefix, name, h.StdDev(), now)
+			for psIdx, psKey := range c.Percentiles {
+				key := strings.Replace(strconv.FormatFloat(psKey*100.0, 'f', -1, 64), ".", "", 1)
+				fmt.Fprintf(w, "%s.%s.%s-percentile %.2f %d\n", c.Prefix, name, key, ps[psIdx], now)
+			}
+		case Meter:
+			m := metric.Snapshot()
+			fmt.Fprintf(w, "%s.%s.count %d %d\n", c.Prefix, name, m.Count(), now)
+			fmt.Fprintf(w, "%s.%s.one-minute %.2f %d\n", c.Prefix, name, m.Rate1(), now)
+			fmt.Fprintf(w, "%s.%s.five-minute %.2f %d\n", c.Prefix, name, m.Rate5(), now)
+			fmt.Fprintf(w, "%s.%s.fifteen-minute %.2f %d\n", c.Prefix, name, m.Rate15(), now)
+			fmt.Fprintf(w, "%s.%s.mean %.2f %d\n", c.Prefix, name, m.RateMean(), now)
+		case Timer:
+			t := metric.Snapshot()
+			ps := t.Percentiles(c.Percentiles)
+			fmt.Fprintf(w, "%s.%s.count %d %d\n", c.Prefix, name, t.Count(), now)
+			fmt.Fprintf(w, "%s.%s.min %d %d\n", c.Prefix, name, int64(du)*t.Min(), now)
+			fmt.Fprintf(w, "%s.%s.max %d %d\n", c.Prefix, name, int64(du)*t.Max(), now)
+			fmt.Fprintf(w, "%s.%s.mean %.2f %d\n", c.Prefix, name, du*t.Mean(), now)
+			fmt.Fprintf(w, "%s.%s.std-dev %.2f %d\n", c.Prefix, name, du*t.StdDev(), now)
+			for psIdx, psKey := range c.Percentiles {
+				key := strings.Replace(strconv.FormatFloat(psKey*100.0, 'f', -1, 64), ".", "", 1)
+				fmt.Fprintf(w, "%s.%s.%s-percentile %.2f %d\n", c.Prefix, name, key, ps[psIdx], now)
+			}
+			fmt.Fprintf(w, "%s.%s.one-minute %.2f %d\n", c.Prefix, name, t.Rate1(), now)
+			fmt.Fprintf(w, "%s.%s.five-minute %.2f %d\n", c.Prefix, name, t.Rate5(), now)
+			fmt.Fprintf(w, "%s.%s.fifteen-minute %.2f %d\n", c.Prefix, name, t.Rate15(), now)
+			fmt.Fprintf(w, "%s.%s.mean-rate %.2f %d\n", c.Prefix, name, t.RateMean(), now)
+		}
+		w.Flush()
+	})
+	return nil
+}
diff --git a/vendor/github.com/yvasiyarov/go-metrics/healthcheck.go b/vendor/github.com/yvasiyarov/go-metrics/healthcheck.go
new file mode 100644
index 000000000..445131cae
--- /dev/null
+++ b/vendor/github.com/yvasiyarov/go-metrics/healthcheck.go
@@ -0,0 +1,61 @@
+package metrics
+
+// Healthchecks hold an error value describing an arbitrary up/down status.
+type Healthcheck interface {
+	Check()
+	Error() error
+	Healthy()
+	Unhealthy(error)
+}
+
+// NewHealthcheck constructs a new Healthcheck which will use the given
+// function to update its status.
+func NewHealthcheck(f func(Healthcheck)) Healthcheck {
+	if UseNilMetrics {
+		return NilHealthcheck{}
+	}
+	return &StandardHealthcheck{nil, f}
+}
+
+// NilHealthcheck is a no-op.
+type NilHealthcheck struct{}
+
+// Check is a no-op.
+func (NilHealthcheck) Check() {}
+
+// Error is a no-op.
+func (NilHealthcheck) Error() error { return nil }
+
+// Healthy is a no-op.
+func (NilHealthcheck) Healthy() {}
+
+// Unhealthy is a no-op.
+func (NilHealthcheck) Unhealthy(error) {}
+
+// StandardHealthcheck is the standard implementation of a Healthcheck and
+// stores the status and a function to call to update the status.
+type StandardHealthcheck struct {
+	err error
+	f   func(Healthcheck)
+}
+
+// Check runs the healthcheck function to update the healthcheck's status.
+func (h *StandardHealthcheck) Check() {
+	h.f(h)
+}
+
+// Error returns the healthcheck's status, which will be nil if it is healthy.
+func (h *StandardHealthcheck) Error() error {
+	return h.err
+}
+
+// Healthy marks the healthcheck as healthy.
+func (h *StandardHealthcheck) Healthy() {
+	h.err = nil
+}
+
+// Unhealthy marks the healthcheck as unhealthy.  The error is stored and
+// may be retrieved by the Error method.
+func (h *StandardHealthcheck) Unhealthy(err error) {
+	h.err = err
+}
diff --git a/vendor/github.com/yvasiyarov/go-metrics/histogram.go b/vendor/github.com/yvasiyarov/go-metrics/histogram.go
new file mode 100644
index 000000000..7f3ee70cc
--- /dev/null
+++ b/vendor/github.com/yvasiyarov/go-metrics/histogram.go
@@ -0,0 +1,192 @@
+package metrics
+
+// Histograms calculate distribution statistics from a series of int64 values.
+type Histogram interface {
+	Clear()
+	Count() int64
+	Max() int64
+	Mean() float64
+	Min() int64
+	Percentile(float64) float64
+	Percentiles([]float64) []float64
+	Sample() Sample
+	Snapshot() Histogram
+	StdDev() float64
+	Update(int64)
+	Variance() float64
+}
+
+// GetOrRegisterHistogram returns an existing Histogram or constructs and
+// registers a new StandardHistogram.
+func GetOrRegisterHistogram(name string, r Registry, s Sample) Histogram {
+	if nil == r {
+		r = DefaultRegistry
+	}
+	return r.GetOrRegister(name, func() Histogram { return NewHistogram(s) }).(Histogram)
+}
+
+// NewHistogram constructs a new StandardHistogram from a Sample.
+func NewHistogram(s Sample) Histogram {
+	if UseNilMetrics {
+		return NilHistogram{}
+	}
+	return &StandardHistogram{sample: s}
+}
+
+// NewRegisteredHistogram constructs and registers a new StandardHistogram from
+// a Sample.
+func NewRegisteredHistogram(name string, r Registry, s Sample) Histogram {
+	c := NewHistogram(s)
+	if nil == r {
+		r = DefaultRegistry
+	}
+	r.Register(name, c)
+	return c
+}
+
+// HistogramSnapshot is a read-only copy of another Histogram.
+type HistogramSnapshot struct {
+	sample *SampleSnapshot
+}
+
+// Clear panics.
+func (*HistogramSnapshot) Clear() {
+	panic("Clear called on a HistogramSnapshot")
+}
+
+// Count returns the number of samples recorded at the time the snapshot was
+// taken.
+func (h *HistogramSnapshot) Count() int64 { return h.sample.Count() }
+
+// Max returns the maximum value in the sample at the time the snapshot was
+// taken.
+func (h *HistogramSnapshot) Max() int64 { return h.sample.Max() }
+
+// Mean returns the mean of the values in the sample at the time the snapshot
+// was taken.
+func (h *HistogramSnapshot) Mean() float64 { return h.sample.Mean() }
+
+// Min returns the minimum value in the sample at the time the snapshot was
+// taken.
+func (h *HistogramSnapshot) Min() int64 { return h.sample.Min() }
+
+// Percentile returns an arbitrary percentile of values in the sample at the
+// time the snapshot was taken.
+func (h *HistogramSnapshot) Percentile(p float64) float64 {
+	return h.sample.Percentile(p)
+}
+
+// Percentiles returns a slice of arbitrary percentiles of values in the sample
+// at the time the snapshot was taken.
+func (h *HistogramSnapshot) Percentiles(ps []float64) []float64 {
+	return h.sample.Percentiles(ps)
+}
+
+// Sample returns the Sample underlying the histogram.
+func (h *HistogramSnapshot) Sample() Sample { return h.sample }
+
+// Snapshot returns the snapshot.
+func (h *HistogramSnapshot) Snapshot() Histogram { return h }
+
+// StdDev returns the standard deviation of the values in the sample at the
+// time the snapshot was taken.
+func (h *HistogramSnapshot) StdDev() float64 { return h.sample.StdDev() }
+
+// Update panics.
+func (*HistogramSnapshot) Update(int64) {
+	panic("Update called on a HistogramSnapshot")
+}
+
+// Variance returns the variance of inputs at the time the snapshot was taken.
+func (h *HistogramSnapshot) Variance() float64 { return h.sample.Variance() }
+
+// NilHistogram is a no-op Histogram.
+type NilHistogram struct{}
+
+// Clear is a no-op.
+func (NilHistogram) Clear() {}
+
+// Count is a no-op.
+func (NilHistogram) Count() int64 { return 0 }
+
+// Max is a no-op.
+func (NilHistogram) Max() int64 { return 0 }
+
+// Mean is a no-op.
+func (NilHistogram) Mean() float64 { return 0.0 }
+
+// Min is a no-op.
+func (NilHistogram) Min() int64 { return 0 }
+
+// Percentile is a no-op.
+func (NilHistogram) Percentile(p float64) float64 { return 0.0 }
+
+// Percentiles is a no-op.
+func (NilHistogram) Percentiles(ps []float64) []float64 {
+	return make([]float64, len(ps))
+}
+
+// Sample is a no-op.
+func (NilHistogram) Sample() Sample { return NilSample{} }
+
+// Snapshot is a no-op.
+func (NilHistogram) Snapshot() Histogram { return NilHistogram{} }
+
+// StdDev is a no-op.
+func (NilHistogram) StdDev() float64 { return 0.0 }
+
+// Update is a no-op.
+func (NilHistogram) Update(v int64) {}
+
+// Variance is a no-op.
+func (NilHistogram) Variance() float64 { return 0.0 }
+
+// StandardHistogram is the standard implementation of a Histogram and uses a
+// Sample to bound its memory use.
+type StandardHistogram struct {
+	sample Sample
+}
+
+// Clear clears the histogram and its sample.
+func (h *StandardHistogram) Clear() { h.sample.Clear() }
+
+// Count returns the number of samples recorded since the histogram was last
+// cleared.
+func (h *StandardHistogram) Count() int64 { return h.sample.Count() }
+
+// Max returns the maximum value in the sample.
+func (h *StandardHistogram) Max() int64 { return h.sample.Max() }
+
+// Mean returns the mean of the values in the sample.
+func (h *StandardHistogram) Mean() float64 { return h.sample.Mean() }
+
+// Min returns the minimum value in the sample.
+func (h *StandardHistogram) Min() int64 { return h.sample.Min() }
+
+// Percentile returns an arbitrary percentile of the values in the sample.
+func (h *StandardHistogram) Percentile(p float64) float64 {
+	return h.sample.Percentile(p)
+}
+
+// Percentiles returns a slice of arbitrary percentiles of the values in the
+// sample.
+func (h *StandardHistogram) Percentiles(ps []float64) []float64 {
+	return h.sample.Percentiles(ps)
+}
+
+// Sample returns the Sample underlying the histogram.
+func (h *StandardHistogram) Sample() Sample { return h.sample }
+
+// Snapshot returns a read-only copy of the histogram.
+func (h *StandardHistogram) Snapshot() Histogram {
+	return &HistogramSnapshot{sample: h.sample.Snapshot().(*SampleSnapshot)}
+}
+
+// StdDev returns the standard deviation of the values in the sample.
+func (h *StandardHistogram) StdDev() float64 { return h.sample.StdDev() }
+
+// Update samples a new value.
+func (h *StandardHistogram) Update(v int64) { h.sample.Update(v) }
+
+// Variance returns the variance of the values in the sample.
+func (h *StandardHistogram) Variance() float64 { return h.sample.Variance() }
diff --git a/vendor/github.com/yvasiyarov/go-metrics/json.go b/vendor/github.com/yvasiyarov/go-metrics/json.go
new file mode 100644
index 000000000..04a9c9198
--- /dev/null
+++ b/vendor/github.com/yvasiyarov/go-metrics/json.go
@@ -0,0 +1,83 @@
+package metrics
+
+import (
+	"encoding/json"
+	"io"
+	"time"
+)
+
+// MarshalJSON returns a byte slice containing a JSON representation of all
+// the metrics in the Registry.
+func (r StandardRegistry) MarshalJSON() ([]byte, error) {
+	data := make(map[string]map[string]interface{})
+	r.Each(func(name string, i interface{}) {
+		values := make(map[string]interface{})
+		switch metric := i.(type) {
+		case Counter:
+			values["count"] = metric.Count()
+		case Gauge:
+			values["value"] = metric.Value()
+		case GaugeFloat64:
+			values["value"] = metric.Value()
+		case Healthcheck:
+			values["error"] = nil
+			metric.Check()
+			if err := metric.Error(); nil != err {
+				values["error"] = metric.Error().Error()
+			}
+		case Histogram:
+			h := metric.Snapshot()
+			ps := h.Percentiles([]float64{0.5, 0.75, 0.95, 0.99, 0.999})
+			values["count"] = h.Count()
+			values["min"] = h.Min()
+			values["max"] = h.Max()
+			values["mean"] = h.Mean()
+			values["stddev"] = h.StdDev()
+			values["median"] = ps[0]
+			values["75%"] = ps[1]
+			values["95%"] = ps[2]
+			values["99%"] = ps[3]
+			values["99.9%"] = ps[4]
+		case Meter:
+			m := metric.Snapshot()
+			values["count"] = m.Count()
+			values["1m.rate"] = m.Rate1()
+			values["5m.rate"] = m.Rate5()
+			values["15m.rate"] = m.Rate15()
+			values["mean.rate"] = m.RateMean()
+		case Timer:
+			t := metric.Snapshot()
+			ps := t.Percentiles([]float64{0.5, 0.75, 0.95, 0.99, 0.999})
+			values["count"] = t.Count()
+			values["min"] = t.Min()
+			values["max"] = t.Max()
+			values["mean"] = t.Mean()
+			values["stddev"] = t.StdDev()
+			values["median"] = ps[0]
+			values["75%"] = ps[1]
+			values["95%"] = ps[2]
+			values["99%"] = ps[3]
+			values["99.9%"] = ps[4]
+			values["1m.rate"] = t.Rate1()
+			values["5m.rate"] = t.Rate5()
+			values["15m.rate"] = t.Rate15()
+			values["mean.rate"] = t.RateMean()
+		}
+		data[name] = values
+	})
+	return json.Marshal(data)
+}
+
+// WriteJSON writes metrics from the given registry  periodically to the
+// specified io.Writer as JSON.
+func WriteJSON(r Registry, d time.Duration, w io.Writer) {
+	for _ = range time.Tick(d) {
+		WriteJSONOnce(r, w)
+	}
+}
+
+// WriteJSONOnce writes metrics from the given registry to the specified
+// io.Writer as JSON.
+func WriteJSONOnce(r Registry, w io.Writer) {
+	json.NewEncoder(w).Encode(r)
+}
diff --git a/vendor/github.com/yvasiyarov/go-metrics/log.go b/vendor/github.com/yvasiyarov/go-metrics/log.go
new file mode 100644
index 000000000..278a8a441
--- /dev/null
+++ b/vendor/github.com/yvasiyarov/go-metrics/log.go
@@ -0,0 +1,70 @@
+package metrics
+
+import (
+	"log"
+	"time"
+)
+
+// Output each metric in the given registry periodically using the given
+// logger.
+func Log(r Registry, d time.Duration, l *log.Logger) {
+	for _ = range time.Tick(d) {
+		r.Each(func(name string, i interface{}) {
+			switch metric := i.(type) {
+			case Counter:
+				l.Printf("counter %s\n", name)
+				l.Printf("  count:       %9d\n", metric.Count())
+			case Gauge:
+				l.Printf("gauge %s\n", name)
+				l.Printf("  value:       %9d\n", metric.Value())
+			case GaugeFloat64:
+				l.Printf("gauge %s\n", name)
+				l.Printf("  value:       %f\n", metric.Value())
+			case Healthcheck:
+				metric.Check()
+				l.Printf("healthcheck %s\n", name)
+				l.Printf("  error:       %v\n", metric.Error())
+			case Histogram:
+				h := metric.Snapshot()
+				ps := h.Percentiles([]float64{0.5, 0.75, 0.95, 0.99, 0.999})
+				l.Printf("histogram %s\n", name)
+				l.Printf("  count:       %9d\n", h.Count())
+				l.Printf("  min:         %9d\n", h.Min())
+				l.Printf("  max:         %9d\n", h.Max())
+				l.Printf("  mean:        %12.2f\n", h.Mean())
+				l.Printf("  stddev:      %12.2f\n", h.StdDev())
+				l.Printf("  median:      %12.2f\n", ps[0])
+				l.Printf("  75%%:         %12.2f\n", ps[1])
+				l.Printf("  95%%:         %12.2f\n", ps[2])
+				l.Printf("  99%%:         %12.2f\n", ps[3])
+				l.Printf("  99.9%%:       %12.2f\n", ps[4])
+			case Meter:
+				m := metric.Snapshot()
+				l.Printf("meter %s\n", name)
+				l.Printf("  count:       %9d\n", m.Count())
+				l.Printf("  1-min rate:  %12.2f\n", m.Rate1())
+				l.Printf("  5-min rate:  %12.2f\n", m.Rate5())
+				l.Printf("  15-min rate: %12.2f\n", m.Rate15())
+				l.Printf("  mean rate:   %12.2f\n", m.RateMean())
+			case Timer:
+				t := metric.Snapshot()
+				ps := t.Percentiles([]float64{0.5, 0.75, 0.95, 0.99, 0.999})
+				l.Printf("timer %s\n", name)
+				l.Printf("  count:       %9d\n", t.Count())
+				l.Printf("  min:         %9d\n", t.Min())
+				l.Printf("  max:         %9d\n", t.Max())
+				l.Printf("  mean:        %12.2f\n", t.Mean())
+				l.Printf("  stddev:      %12.2f\n", t.StdDev())
+				l.Printf("  median:      %12.2f\n", ps[0])
+				l.Printf("  75%%:         %12.2f\n", ps[1])
+				l.Printf("  95%%:         %12.2f\n", ps[2])
+				l.Printf("  99%%:         %12.2f\n", ps[3])
+				l.Printf("  99.9%%:       %12.2f\n", ps[4])
+				l.Printf("  1-min rate:  %12.2f\n", t.Rate1())
+				l.Printf("  5-min rate:  %12.2f\n", t.Rate5())
+				l.Printf("  15-min rate: %12.2f\n", t.Rate15())
+				l.Printf("  mean rate:   %12.2f\n", t.RateMean())
+			}
+		})
+	}
+}
diff --git a/vendor/github.com/yvasiyarov/go-metrics/memory.md b/vendor/github.com/yvasiyarov/go-metrics/memory.md
new file mode 100644
index 000000000..47454f54b
--- /dev/null
+++ b/vendor/github.com/yvasiyarov/go-metrics/memory.md
@@ -0,0 +1,285 @@
+Memory usage
+============
+
+(Highly unscientific.)
+
+Command used to gather static memory usage:
+
+```sh
+grep ^Vm "/proc/$(ps fax | grep [m]etrics-bench | awk '{print $1}')/status"
+```
+
+Program used to gather baseline memory usage:
+
+```go
+package main
+
+import "time"
+
+func main() {
+	time.Sleep(600e9)
+}
+```
+
+Baseline
+--------
+
+```
+VmPeak:    42604 kB
+VmSize:    42604 kB
+VmLck:         0 kB
+VmHWM:      1120 kB
+VmRSS:      1120 kB
+VmData:    35460 kB
+VmStk:       136 kB
+VmExe:      1020 kB
+VmLib:      1848 kB
+VmPTE:        36 kB
+VmSwap:        0 kB
+```
+
+Program used to gather metric memory usage (with other metrics being similar):
+
+```go
+package main
+
+import (
+	"fmt"
+	"metrics"
+	"time"
+)
+
+func main() {
+	fmt.Sprintf("foo")
+	metrics.NewRegistry()
+	time.Sleep(600e9)
+}
+```
+
+1000 counters registered
+------------------------
+
+```
+VmPeak:    44016 kB
+VmSize:    44016 kB
+VmLck:         0 kB
+VmHWM:      1928 kB
+VmRSS:      1928 kB
+VmData:    36868 kB
+VmStk:       136 kB
+VmExe:      1024 kB
+VmLib:      1848 kB
+VmPTE:        40 kB
+VmSwap:        0 kB
+```
+
+**1.412 kB virtual, TODO 0.808 kB resident per counter.**
+
+100000 counters registered
+--------------------------
+
+```
+VmPeak:    55024 kB
+VmSize:    55024 kB
+VmLck:         0 kB
+VmHWM:     12440 kB
+VmRSS:     12440 kB
+VmData:    47876 kB
+VmStk:       136 kB
+VmExe:      1024 kB
+VmLib:      1848 kB
+VmPTE:        64 kB
+VmSwap:        0 kB
+```
+
+**0.1242 kB virtual, 0.1132 kB resident per counter.**
+
+1000 gauges registered
+----------------------
+
+```
+VmPeak:    44012 kB
+VmSize:    44012 kB
+VmLck:         0 kB
+VmHWM:      1928 kB
+VmRSS:      1928 kB
+VmData:    36868 kB
+VmStk:       136 kB
+VmExe:      1020 kB
+VmLib:      1848 kB
+VmPTE:        40 kB
+VmSwap:        0 kB
+```
+
+**1.408 kB virtual, 0.808 kB resident per counter.**
+
+100000 gauges registered
+------------------------
+
+```
+VmPeak:    55020 kB
+VmSize:    55020 kB
+VmLck:         0 kB
+VmHWM:     12432 kB
+VmRSS:     12432 kB
+VmData:    47876 kB
+VmStk:       136 kB
+VmExe:      1020 kB
+VmLib:      1848 kB
+VmPTE:        60 kB
+VmSwap:        0 kB
+```
+
+**0.12416 kB virtual, 0.11312 resident per gauge.**
+
+1000 histograms with a uniform sample size of 1028
+--------------------------------------------------
+
+```
+VmPeak:    72272 kB
+VmSize:    72272 kB
+VmLck:         0 kB
+VmHWM:     16204 kB
+VmRSS:     16204 kB
+VmData:    65100 kB
+VmStk:       136 kB
+VmExe:      1048 kB
+VmLib:      1848 kB
+VmPTE:        80 kB
+VmSwap:        0 kB
+```
+
+**29.668 kB virtual, TODO 15.084 resident per histogram.**
+
+10000 histograms with a uniform sample size of 1028
+---------------------------------------------------
+
+```
+VmPeak:   256912 kB
+VmSize:   256912 kB
+VmLck:         0 kB
+VmHWM:    146204 kB
+VmRSS:    146204 kB
+VmData:   249740 kB
+VmStk:       136 kB
+VmExe:      1048 kB
+VmLib:      1848 kB
+VmPTE:       448 kB
+VmSwap:        0 kB
+```
+
+**21.4308 kB virtual, 14.5084 kB resident per histogram.**
+
+50000 histograms with a uniform sample size of 1028
+---------------------------------------------------
+
+```
+VmPeak:   908112 kB
+VmSize:   908112 kB
+VmLck:         0 kB
+VmHWM:    645832 kB
+VmRSS:    645588 kB
+VmData:   900940 kB
+VmStk:       136 kB
+VmExe:      1048 kB
+VmLib:      1848 kB
+VmPTE:      1716 kB
+VmSwap:     1544 kB
+```
+
+**17.31016 kB virtual, 12.88936 kB resident per histogram.**
+
+1000 histograms with an exponentially-decaying sample size of 1028 and alpha of 0.015
+-------------------------------------------------------------------------------------
+
+```
+VmPeak:    62480 kB
+VmSize:    62480 kB
+VmLck:         0 kB
+VmHWM:     11572 kB
+VmRSS:     11572 kB
+VmData:    55308 kB
+VmStk:       136 kB
+VmExe:      1048 kB
+VmLib:      1848 kB
+VmPTE:        64 kB
+VmSwap:        0 kB
+```
+
+**19.876 kB virtual, 10.452 kB resident per histogram.**
+
+10000 histograms with an exponentially-decaying sample size of 1028 and alpha of 0.015
+--------------------------------------------------------------------------------------
+
+```
+VmPeak:   153296 kB
+VmSize:   153296 kB
+VmLck:         0 kB
+VmHWM:    101176 kB
+VmRSS:    101176 kB
+VmData:   146124 kB
+VmStk:       136 kB
+VmExe:      1048 kB
+VmLib:      1848 kB
+VmPTE:       240 kB
+VmSwap:        0 kB
+```
+
+**11.0692 kB virtual, 10.0056 kB resident per histogram.**
+
+50000 histograms with an exponentially-decaying sample size of 1028 and alpha of 0.015
+--------------------------------------------------------------------------------------
+
+```
+VmPeak:   557264 kB
+VmSize:   557264 kB
+VmLck:         0 kB
+VmHWM:    501056 kB
+VmRSS:    501056 kB
+VmData:   550092 kB
+VmStk:       136 kB
+VmExe:      1048 kB
+VmLib:      1848 kB
+VmPTE:      1032 kB
+VmSwap:        0 kB
+```
+
+**10.2932 kB virtual, 9.99872 kB resident per histogram.**
+
+1000 meters
+-----------
+
+```
+VmPeak:    74504 kB
+VmSize:    74504 kB
+VmLck:         0 kB
+VmHWM:     24124 kB
+VmRSS:     24124 kB
+VmData:    67340 kB
+VmStk:       136 kB
+VmExe:      1040 kB
+VmLib:      1848 kB
+VmPTE:        92 kB
+VmSwap:        0 kB
+```
+
+**31.9 kB virtual, 23.004 kB resident per meter.**
+
+10000 meters
+------------
+
+```
+VmPeak:   278920 kB
+VmSize:   278920 kB
+VmLck:         0 kB
+VmHWM:    227300 kB
+VmRSS:    227300 kB
+VmData:   271756 kB
+VmStk:       136 kB
+VmExe:      1040 kB
+VmLib:      1848 kB
+VmPTE:       488 kB
+VmSwap:        0 kB
+```
+
+**23.6316 kB virtual, 22.618 kB resident per meter.**
diff --git a/vendor/github.com/yvasiyarov/go-metrics/meter.go b/vendor/github.com/yvasiyarov/go-metrics/meter.go
new file mode 100644
index 000000000..0389ab0b8
--- /dev/null
+++ b/vendor/github.com/yvasiyarov/go-metrics/meter.go
@@ -0,0 +1,233 @@
+package metrics
+
+import (
+	"sync"
+	"time"
+)
+
+// Meters count events to produce exponentially-weighted moving average rates
+// at one-, five-, and fifteen-minutes and a mean rate.
+type Meter interface {
+	Count() int64
+	Mark(int64)
+	Rate1() float64
+	Rate5() float64
+	Rate15() float64
+	RateMean() float64
+	Snapshot() Meter
+}
+
+// GetOrRegisterMeter returns an existing Meter or constructs and registers a
+// new StandardMeter.
+func GetOrRegisterMeter(name string, r Registry) Meter {
+	if nil == r {
+		r = DefaultRegistry
+	}
+	return r.GetOrRegister(name, NewMeter).(Meter)
+}
+
+// NewMeter constructs a new StandardMeter and launches a goroutine.
+func NewMeter() Meter {
+	if UseNilMetrics {
+		return NilMeter{}
+	}
+	m := newStandardMeter()
+	arbiter.Lock()
+	defer arbiter.Unlock()
+	arbiter.meters = append(arbiter.meters, m)
+	if !arbiter.started {
+		arbiter.started = true
+		go arbiter.tick()
+	}
+	return m
+}
+
+// NewMeter constructs and registers a new StandardMeter and launches a
+// goroutine.
+func NewRegisteredMeter(name string, r Registry) Meter {
+	c := NewMeter()
+	if nil == r {
+		r = DefaultRegistry
+	}
+	r.Register(name, c)
+	return c
+}
+
+// MeterSnapshot is a read-only copy of another Meter.
+type MeterSnapshot struct {
+	count                          int64
+	rate1, rate5, rate15, rateMean float64
+}
+
+// Count returns the count of events at the time the snapshot was taken.
+func (m *MeterSnapshot) Count() int64 { return m.count }
+
+// Mark panics.
+func (*MeterSnapshot) Mark(n int64) {
+	panic("Mark called on a MeterSnapshot")
+}
+
+// Rate1 returns the one-minute moving average rate of events per second at the
+// time the snapshot was taken.
+func (m *MeterSnapshot) Rate1() float64 { return m.rate1 }
+
+// Rate5 returns the five-minute moving average rate of events per second at
+// the time the snapshot was taken.
+func (m *MeterSnapshot) Rate5() float64 { return m.rate5 }
+
+// Rate15 returns the fifteen-minute moving average rate of events per second
+// at the time the snapshot was taken.
+func (m *MeterSnapshot) Rate15() float64 { return m.rate15 }
+
+// RateMean returns the meter's mean rate of events per second at the time the
+// snapshot was taken.
+func (m *MeterSnapshot) RateMean() float64 { return m.rateMean }
+
+// Snapshot returns the snapshot.
+func (m *MeterSnapshot) Snapshot() Meter { return m }
+
+// NilMeter is a no-op Meter.
+type NilMeter struct{}
+
+// Count is a no-op.
+func (NilMeter) Count() int64 { return 0 }
+
+// Mark is a no-op.
+func (NilMeter) Mark(n int64) {}
+
+// Rate1 is a no-op.
+func (NilMeter) Rate1() float64 { return 0.0 }
+
+// Rate5 is a no-op.
+func (NilMeter) Rate5() float64 { return 0.0 }
+
+// Rate15is a no-op.
+func (NilMeter) Rate15() float64 { return 0.0 }
+
+// RateMean is a no-op.
+func (NilMeter) RateMean() float64 { return 0.0 }
+
+// Snapshot is a no-op.
+func (NilMeter) Snapshot() Meter { return NilMeter{} }
+
+// StandardMeter is the standard implementation of a Meter.
+type StandardMeter struct {
+	lock        sync.RWMutex
+	snapshot    *MeterSnapshot
+	a1, a5, a15 EWMA
+	startTime   time.Time
+}
+
+func newStandardMeter() *StandardMeter {
+	return &StandardMeter{
+		snapshot:  &MeterSnapshot{},
+		a1:        NewEWMA1(),
+		a5:        NewEWMA5(),
+		a15:       NewEWMA15(),
+		startTime: time.Now(),
+	}
+}
+
+// Count returns the number of events recorded.
+func (m *StandardMeter) Count() int64 {
+	m.lock.RLock()
+	count := m.snapshot.count
+	m.lock.RUnlock()
+	return count
+}
+
+// Mark records the occurance of n events.
+func (m *StandardMeter) Mark(n int64) {
+	m.lock.Lock()
+	defer m.lock.Unlock()
+	m.snapshot.count += n
+	m.a1.Update(n)
+	m.a5.Update(n)
+	m.a15.Update(n)
+	m.updateSnapshot()
+}
+
+// Rate1 returns the one-minute moving average rate of events per second.
+func (m *StandardMeter) Rate1() float64 {
+	m.lock.RLock()
+	rate1 := m.snapshot.rate1
+	m.lock.RUnlock()
+	return rate1
+}
+
+// Rate5 returns the five-minute moving average rate of events per second.
+func (m *StandardMeter) Rate5() float64 {
+	m.lock.RLock()
+	rate5 := m.snapshot.rate5
+	m.lock.RUnlock()
+	return rate5
+}
+
+// Rate15 returns the fifteen-minute moving average rate of events per second.
+func (m *StandardMeter) Rate15() float64 {
+	m.lock.RLock()
+	rate15 := m.snapshot.rate15
+	m.lock.RUnlock()
+	return rate15
+}
+
+// RateMean returns the meter's mean rate of events per second.
+func (m *StandardMeter) RateMean() float64 {
+	m.lock.RLock()
+	rateMean := m.snapshot.rateMean
+	m.lock.RUnlock()
+	return rateMean
+}
+
+// Snapshot returns a read-only copy of the meter.
+func (m *StandardMeter) Snapshot() Meter {
+	m.lock.RLock()
+	snapshot := *m.snapshot
+	m.lock.RUnlock()
+	return &snapshot
+}
+
+func (m *StandardMeter) updateSnapshot() {
+	// should run with write lock held on m.lock
+	snapshot := m.snapshot
+	snapshot.rate1 = m.a1.Rate()
+	snapshot.rate5 = m.a5.Rate()
+	snapshot.rate15 = m.a15.Rate()
+	snapshot.rateMean = float64(snapshot.count) / time.Since(m.startTime).Seconds()
+}
+
+func (m *StandardMeter) tick() {
+	m.lock.Lock()
+	defer m.lock.Unlock()
+	m.a1.Tick()
+	m.a5.Tick()
+	m.a15.Tick()
+	m.updateSnapshot()
+}
+
+type meterArbiter struct {
+	sync.RWMutex
+	started bool
+	meters  []*StandardMeter
+	ticker  *time.Ticker
+}
+
+var arbiter = meterArbiter{ticker: time.NewTicker(5e9)}
+
+// Ticks meters on the scheduled interval
+func (ma *meterArbiter) tick() {
+	for {
+		select {
+		case <-ma.ticker.C:
+			ma.tickMeters()
+		}
+	}
+}
+
+func (ma *meterArbiter) tickMeters() {
+	ma.RLock()
+	defer ma.RUnlock()
+	for _, meter := range ma.meters {
+		meter.tick()
+	}
+}
diff --git a/vendor/github.com/yvasiyarov/go-metrics/metrics.go b/vendor/github.com/yvasiyarov/go-metrics/metrics.go
new file mode 100644
index 000000000..b97a49ed1
--- /dev/null
+++ b/vendor/github.com/yvasiyarov/go-metrics/metrics.go
@@ -0,0 +1,13 @@
+// Go port of Coda Hale's Metrics library
+//
+// <https://github.com/rcrowley/go-metrics>
+//
+// Coda Hale's original work: <https://github.com/codahale/metrics>
+package metrics
+
+// UseNilMetrics is checked by the constructor functions for all of the
+// standard metrics.  If it is true, the metric returned is a stub.
+//
+// This global kill-switch helps quantify the observer effect and makes
+// for less cluttered pprof profiles.
+var UseNilMetrics bool = false
diff --git a/vendor/github.com/yvasiyarov/go-metrics/opentsdb.go b/vendor/github.com/yvasiyarov/go-metrics/opentsdb.go
new file mode 100644
index 000000000..fbc292de1
--- /dev/null
+++ b/vendor/github.com/yvasiyarov/go-metrics/opentsdb.go
@@ -0,0 +1,119 @@
+package metrics
+
+import (
+	"bufio"
+	"fmt"
+	"log"
+	"net"
+	"time"
+    "os"
+    "strings"
+)
+
+var shortHostName string = ""
+
+// OpenTSDBConfig provides a container with configuration parameters for
+// the OpenTSDB exporter
+type OpenTSDBConfig struct {
+	Addr          *net.TCPAddr  // Network address to connect to
+	Registry      Registry      // Registry to be exported
+	FlushInterval time.Duration // Flush interval
+	DurationUnit  time.Duration // Time conversion unit for durations
+	Prefix        string        // Prefix to be prepended to metric names
+}
+
+// OpenTSDB is a blocking exporter function which reports metrics in r
+// to a TSDB server located at addr, flushing them every d duration
+// and prepending metric names with prefix.
+func OpenTSDB(r Registry, d time.Duration, prefix string, addr *net.TCPAddr) {
+	OpenTSDBWithConfig(OpenTSDBConfig{
+		Addr:          addr,
+		Registry:      r,
+		FlushInterval: d,
+		DurationUnit:  time.Nanosecond,
+		Prefix:        prefix,
+	})
+}
+
+// OpenTSDBWithConfig is a blocking exporter function just like OpenTSDB,
+// but it takes a OpenTSDBConfig instead.
+func OpenTSDBWithConfig(c OpenTSDBConfig) {
+	for _ = range time.Tick(c.FlushInterval) {
+		if err := openTSDB(&c); nil != err {
+			log.Println(err)
+		}
+	}
+}
+
+func getShortHostname() string {
+    if shortHostName == "" {
+        host, _ := os.Hostname()
+        if index := strings.Index(host, "."); index > 0 {
+            shortHostName = host[:index]
+        } else {
+            shortHostName = host
+        }
+    }
+    return shortHostName
+}
+
+func openTSDB(c *OpenTSDBConfig) error {
+    shortHostname := getShortHostname()
+	now := time.Now().Unix()
+	du := float64(c.DurationUnit)
+	conn, err := net.DialTCP("tcp", nil, c.Addr)
+	if nil != err {
+		return err
+	}
+	defer conn.Close()
+	w := bufio.NewWriter(conn)
+	c.Registry.Each(func(name string, i interface{}) {
+		switch metric := i.(type) {
+		case Counter:
+			fmt.Fprintf(w, "put %s.%s.count %d %d host=%s\n", c.Prefix, name, now, metric.Count(), shortHostname)
+		case Gauge:
+			fmt.Fprintf(w, "put %s.%s.value %d %d host=%s\n", c.Prefix, name, now, metric.Value(), shortHostname)
+		case GaugeFloat64:
+			fmt.Fprintf(w, "put %s.%s.value %d %f host=%s\n", c.Prefix, name, now, metric.Value(), shortHostname)
+		case Histogram:
+			h := metric.Snapshot()
+			ps := h.Percentiles([]float64{0.5, 0.75, 0.95, 0.99, 0.999})
+			fmt.Fprintf(w, "put %s.%s.count %d %d host=%s\n", c.Prefix, name, now, h.Count(), shortHostname)
+			fmt.Fprintf(w, "put %s.%s.min %d %d host=%s\n", c.Prefix, name, now, h.Min(), shortHostname)
+			fmt.Fprintf(w, "put %s.%s.max %d %d host=%s\n", c.Prefix, name, now, h.Max(), shortHostname)
+			fmt.Fprintf(w, "put %s.%s.mean %d %.2f host=%s\n", c.Prefix, name, now, h.Mean(), shortHostname)
+			fmt.Fprintf(w, "put %s.%s.std-dev %d %.2f host=%s\n", c.Prefix, name, now, h.StdDev(), shortHostname)
+			fmt.Fprintf(w, "put %s.%s.50-percentile %d %.2f host=%s\n", c.Prefix, name, now, ps[0], shortHostname)
+			fmt.Fprintf(w, "put %s.%s.75-percentile %d %.2f host=%s\n", c.Prefix, name, now, ps[1], shortHostname)
+			fmt.Fprintf(w, "put %s.%s.95-percentile %d %.2f host=%s\n", c.Prefix, name, now, ps[2], shortHostname)
+			fmt.Fprintf(w, "put %s.%s.99-percentile %d %.2f host=%s\n", c.Prefix, name, now, ps[3], shortHostname)
+			fmt.Fprintf(w, "put %s.%s.999-percentile %d %.2f host=%s\n", c.Prefix, name, now, ps[4], shortHostname)
+		case Meter:
+			m := metric.Snapshot()
+			fmt.Fprintf(w, "put %s.%s.count %d %d host=%s\n", c.Prefix, name, now, m.Count(), shortHostname)
+			fmt.Fprintf(w, "put %s.%s.one-minute %d %.2f host=%s\n", c.Prefix, name, now, m.Rate1(), shortHostname)
+			fmt.Fprintf(w, "put %s.%s.five-minute %d %.2f host=%s\n", c.Prefix, name, now, m.Rate5(), shortHostname)
+			fmt.Fprintf(w, "put %s.%s.fifteen-minute %d %.2f host=%s\n", c.Prefix, name, now, m.Rate15(), shortHostname)
+			fmt.Fprintf(w, "put %s.%s.mean %d %.2f host=%s\n", c.Prefix, name, now, m.RateMean(), shortHostname)
+		case Timer:
+			t := metric.Snapshot()
+			ps := t.Percentiles([]float64{0.5, 0.75, 0.95, 0.99, 0.999})
+			fmt.Fprintf(w, "put %s.%s.count %d %d host=%s\n", c.Prefix, name, now, t.Count(), shortHostname)
+			fmt.Fprintf(w, "put %s.%s.min %d %d host=%s\n", c.Prefix, name, now, int64(du)*t.Min(), shortHostname)
+			fmt.Fprintf(w, "put %s.%s.max %d %d host=%s\n", c.Prefix, name, now, int64(du)*t.Max(), shortHostname)
+			fmt.Fprintf(w, "put %s.%s.mean %d %.2f host=%s\n", c.Prefix, name, now, du*t.Mean(), shortHostname)
+			fmt.Fprintf(w, "put %s.%s.std-dev %d %.2f host=%s\n", c.Prefix, name, now, du*t.StdDev(), shortHostname)
+			fmt.Fprintf(w, "put %s.%s.50-percentile %d %.2f host=%s\n", c.Prefix, name, now, du*ps[0], shortHostname)
+			fmt.Fprintf(w, "put %s.%s.75-percentile %d %.2f host=%s\n", c.Prefix, name, now, du*ps[1], shortHostname)
+			fmt.Fprintf(w, "put %s.%s.95-percentile %d %.2f host=%s\n", c.Prefix, name, now, du*ps[2], shortHostname)
+			fmt.Fprintf(w, "put %s.%s.99-percentile %d %.2f host=%s\n", c.Prefix, name, now, du*ps[3], shortHostname)
+			fmt.Fprintf(w, "put %s.%s.999-percentile %d %.2f host=%s\n", c.Prefix, name, now, du*ps[4], shortHostname)
+			fmt.Fprintf(w, "put %s.%s.one-minute %d %.2f host=%s\n", c.Prefix, name, now, t.Rate1(), shortHostname)
+			fmt.Fprintf(w, "put %s.%s.five-minute %d %.2f host=%s\n", c.Prefix, name, now, t.Rate5(), shortHostname)
+			fmt.Fprintf(w, "put %s.%s.fifteen-minute %d %.2f host=%s\n", c.Prefix, name, now, t.Rate15(), shortHostname)
+			fmt.Fprintf(w, "put %s.%s.mean-rate %d %.2f host=%s\n", c.Prefix, name, now, t.RateMean(), shortHostname)
+		}
+		w.Flush()
+	})
+	return nil
+}
diff --git a/vendor/github.com/yvasiyarov/go-metrics/registry.go b/vendor/github.com/yvasiyarov/go-metrics/registry.go
new file mode 100644
index 000000000..9ef498a2a
--- /dev/null
+++ b/vendor/github.com/yvasiyarov/go-metrics/registry.go
@@ -0,0 +1,168 @@
+package metrics
+
+import (
+	"fmt"
+	"reflect"
+	"sync"
+)
+
+// DuplicateMetric is the error returned by Registry.Register when a metric
+// already exists.  If you mean to Register that metric you must first
+// Unregister the existing metric.
+type DuplicateMetric string
+
+func (err DuplicateMetric) Error() string {
+	return fmt.Sprintf("duplicate metric: %s", string(err))
+}
+
+// A Registry holds references to a set of metrics by name and can iterate
+// over them, calling callback functions provided by the user.
+//
+// This is an interface so as to encourage other structs to implement
+// the Registry API as appropriate.
+type Registry interface {
+
+	// Call the given function for each registered metric.
+	Each(func(string, interface{}))
+
+	// Get the metric by the given name or nil if none is registered.
+	Get(string) interface{}
+
+	// Gets an existing metric or registers the given one.
+	// The interface can be the metric to register if not found in registry,
+	// or a function returning the metric for lazy instantiation.
+	GetOrRegister(string, interface{}) interface{}
+
+	// Register the given metric under the given name.
+	Register(string, interface{}) error
+
+	// Run all registered healthchecks.
+	RunHealthchecks()
+
+	// Unregister the metric with the given name.
+	Unregister(string)
+}
+
+// The standard implementation of a Registry is a mutex-protected map
+// of names to metrics.
+type StandardRegistry struct {
+	metrics map[string]interface{}
+	mutex   sync.Mutex
+}
+
+// Create a new registry.
+func NewRegistry() Registry {
+	return &StandardRegistry{metrics: make(map[string]interface{})}
+}
+
+// Call the given function for each registered metric.
+func (r *StandardRegistry) Each(f func(string, interface{})) {
+	for name, i := range r.registered() {
+		f(name, i)
+	}
+}
+
+// Get the metric by the given name or nil if none is registered.
+func (r *StandardRegistry) Get(name string) interface{} {
+	r.mutex.Lock()
+	defer r.mutex.Unlock()
+	return r.metrics[name]
+}
+
+// Gets an existing metric or creates and registers a new one. Threadsafe
+// alternative to calling Get and Register on failure.
+// The interface can be the metric to register if not found in registry,
+// or a function returning the metric for lazy instantiation.
+func (r *StandardRegistry) GetOrRegister(name string, i interface{}) interface{} {
+	r.mutex.Lock()
+	defer r.mutex.Unlock()
+	if metric, ok := r.metrics[name]; ok {
+		return metric
+	}
+	if v := reflect.ValueOf(i); v.Kind() == reflect.Func {
+		i = v.Call(nil)[0].Interface()
+	}
+	r.register(name, i)
+	return i
+}
+
+// Register the given metric under the given name.  Returns a DuplicateMetric
+// if a metric by the given name is already registered.
+func (r *StandardRegistry) Register(name string, i interface{}) error {
+	r.mutex.Lock()
+	defer r.mutex.Unlock()
+	return r.register(name, i)
+}
+
+// Run all registered healthchecks.
+func (r *StandardRegistry) RunHealthchecks() {
+	r.mutex.Lock()
+	defer r.mutex.Unlock()
+	for _, i := range r.metrics {
+		if h, ok := i.(Healthcheck); ok {
+			h.Check()
+		}
+	}
+}
+
+// Unregister the metric with the given name.
+func (r *StandardRegistry) Unregister(name string) {
+	r.mutex.Lock()
+	defer r.mutex.Unlock()
+	delete(r.metrics, name)
+}
+
+func (r *StandardRegistry) register(name string, i interface{}) error {
+	if _, ok := r.metrics[name]; ok {
+		return DuplicateMetric(name)
+	}
+	switch i.(type) {
+	case Counter, Gauge, GaugeFloat64, Healthcheck, Histogram, Meter, Timer:
+		r.metrics[name] = i
+	}
+	return nil
+}
+
+func (r *StandardRegistry) registered() map[string]interface{} {
+	metrics := make(map[string]interface{}, len(r.metrics))
+	r.mutex.Lock()
+	defer r.mutex.Unlock()
+	for name, i := range r.metrics {
+		metrics[name] = i
+	}
+	return metrics
+}
+
+var DefaultRegistry Registry = NewRegistry()
+
+// Call the given function for each registered metric.
+func Each(f func(string, interface{})) {
+	DefaultRegistry.Each(f)
+}
+
+// Get the metric by the given name or nil if none is registered.
+func Get(name string) interface{} {
+	return DefaultRegistry.Get(name)
+}
+
+// Gets an existing metric or creates and registers a new one. Threadsafe
+// alternative to calling Get and Register on failure.
+func GetOrRegister(name string, i interface{}) interface{} {
+	return DefaultRegistry.GetOrRegister(name, i)
+}
+
+// Register the given metric under the given name.  Returns a DuplicateMetric
+// if a metric by the given name is already registered.
+func Register(name string, i interface{}) error {
+	return DefaultRegistry.Register(name, i)
+}
+
+// Run all registered healthchecks.
+func RunHealthchecks() {
+	DefaultRegistry.RunHealthchecks()
+}
+
+// Unregister the metric with the given name.
+func Unregister(name string) {
+	DefaultRegistry.Unregister(name)
+}
diff --git a/vendor/github.com/yvasiyarov/go-metrics/runtime.go b/vendor/github.com/yvasiyarov/go-metrics/runtime.go
new file mode 100644
index 000000000..82574bf25
--- /dev/null
+++ b/vendor/github.com/yvasiyarov/go-metrics/runtime.go
@@ -0,0 +1,200 @@
+package metrics
+
+import (
+	"runtime"
+	"time"
+)
+
+var (
+	memStats       runtime.MemStats
+	runtimeMetrics struct {
+		MemStats struct {
+			Alloc        Gauge
+			BuckHashSys  Gauge
+			DebugGC      Gauge
+			EnableGC     Gauge
+			Frees        Gauge
+			HeapAlloc    Gauge
+			HeapIdle     Gauge
+			HeapInuse    Gauge
+			HeapObjects  Gauge
+			HeapReleased Gauge
+			HeapSys      Gauge
+			LastGC       Gauge
+			Lookups      Gauge
+			Mallocs      Gauge
+			MCacheInuse  Gauge
+			MCacheSys    Gauge
+			MSpanInuse   Gauge
+			MSpanSys     Gauge
+			NextGC       Gauge
+			NumGC        Gauge
+			PauseNs      Histogram
+			PauseTotalNs Gauge
+			StackInuse   Gauge
+			StackSys     Gauge
+			Sys          Gauge
+			TotalAlloc   Gauge
+		}
+		NumCgoCall   Gauge
+		NumGoroutine Gauge
+		ReadMemStats Timer
+	}
+	frees       uint64
+	lookups     uint64
+	mallocs     uint64
+	numGC       uint32
+	numCgoCalls int64
+)
+
+// Capture new values for the Go runtime statistics exported in
+// runtime.MemStats.  This is designed to be called as a goroutine.
+func CaptureRuntimeMemStats(r Registry, d time.Duration) {
+	for _ = range time.Tick(d) {
+		CaptureRuntimeMemStatsOnce(r)
+	}
+}
+
+// Capture new values for the Go runtime statistics exported in
+// runtime.MemStats.  This is designed to be called in a background
+// goroutine.  Giving a registry which has not been given to
+// RegisterRuntimeMemStats will panic.
+//
+// Be very careful with this because runtime.ReadMemStats calls the C
+// functions runtime·semacquire(&runtime·worldsema) and runtime·stoptheworld()
+// and that last one does what it says on the tin.
+func CaptureRuntimeMemStatsOnce(r Registry) {
+	t := time.Now()
+	runtime.ReadMemStats(&memStats) // This takes 50-200us.
+	runtimeMetrics.ReadMemStats.UpdateSince(t)
+
+	runtimeMetrics.MemStats.Alloc.Update(int64(memStats.Alloc))
+	runtimeMetrics.MemStats.BuckHashSys.Update(int64(memStats.BuckHashSys))
+	if memStats.DebugGC {
+		runtimeMetrics.MemStats.DebugGC.Update(1)
+	} else {
+		runtimeMetrics.MemStats.DebugGC.Update(0)
+	}
+	if memStats.EnableGC {
+		runtimeMetrics.MemStats.EnableGC.Update(1)
+	} else {
+		runtimeMetrics.MemStats.EnableGC.Update(0)
+	}
+
+	runtimeMetrics.MemStats.Frees.Update(int64(memStats.Frees - frees))
+	runtimeMetrics.MemStats.HeapAlloc.Update(int64(memStats.HeapAlloc))
+	runtimeMetrics.MemStats.HeapIdle.Update(int64(memStats.HeapIdle))
+	runtimeMetrics.MemStats.HeapInuse.Update(int64(memStats.HeapInuse))
+	runtimeMetrics.MemStats.HeapObjects.Update(int64(memStats.HeapObjects))
+	runtimeMetrics.MemStats.HeapReleased.Update(int64(memStats.HeapReleased))
+	runtimeMetrics.MemStats.HeapSys.Update(int64(memStats.HeapSys))
+	runtimeMetrics.MemStats.LastGC.Update(int64(memStats.LastGC))
+	runtimeMetrics.MemStats.Lookups.Update(int64(memStats.Lookups - lookups))
+	runtimeMetrics.MemStats.Mallocs.Update(int64(memStats.Mallocs - mallocs))
+	runtimeMetrics.MemStats.MCacheInuse.Update(int64(memStats.MCacheInuse))
+	runtimeMetrics.MemStats.MCacheSys.Update(int64(memStats.MCacheSys))
+	runtimeMetrics.MemStats.MSpanInuse.Update(int64(memStats.MSpanInuse))
+	runtimeMetrics.MemStats.MSpanSys.Update(int64(memStats.MSpanSys))
+	runtimeMetrics.MemStats.NextGC.Update(int64(memStats.NextGC))
+	runtimeMetrics.MemStats.NumGC.Update(int64(memStats.NumGC - numGC))
+
+	// <https://code.google.com/p/go/source/browse/src/pkg/runtime/mgc0.c>
+	i := numGC % uint32(len(memStats.PauseNs))
+	ii := memStats.NumGC % uint32(len(memStats.PauseNs))
+	if memStats.NumGC-numGC >= uint32(len(memStats.PauseNs)) {
+		for i = 0; i < uint32(len(memStats.PauseNs)); i++ {
+			runtimeMetrics.MemStats.PauseNs.Update(int64(memStats.PauseNs[i]))
+		}
+	} else {
+		if i > ii {
+			for ; i < uint32(len(memStats.PauseNs)); i++ {
+				runtimeMetrics.MemStats.PauseNs.Update(int64(memStats.PauseNs[i]))
+			}
+			i = 0
+		}
+		for ; i < ii; i++ {
+			runtimeMetrics.MemStats.PauseNs.Update(int64(memStats.PauseNs[i]))
+		}
+	}
+	frees = memStats.Frees
+	lookups = memStats.Lookups
+	mallocs = memStats.Mallocs
+	numGC = memStats.NumGC
+
+	runtimeMetrics.MemStats.PauseTotalNs.Update(int64(memStats.PauseTotalNs))
+	runtimeMetrics.MemStats.StackInuse.Update(int64(memStats.StackInuse))
+	runtimeMetrics.MemStats.StackSys.Update(int64(memStats.StackSys))
+	runtimeMetrics.MemStats.Sys.Update(int64(memStats.Sys))
+	runtimeMetrics.MemStats.TotalAlloc.Update(int64(memStats.TotalAlloc))
+
+	currentNumCgoCalls := numCgoCall()
+	runtimeMetrics.NumCgoCall.Update(currentNumCgoCalls - numCgoCalls)
+	numCgoCalls = currentNumCgoCalls
+
+	runtimeMetrics.NumGoroutine.Update(int64(runtime.NumGoroutine()))
+}
+
+// Register runtimeMetrics for the Go runtime statistics exported in runtime and
+// specifically runtime.MemStats.  The runtimeMetrics are named by their
+// fully-qualified Go symbols, i.e. runtime.MemStats.Alloc.
+func RegisterRuntimeMemStats(r Registry) {
+	runtimeMetrics.MemStats.Alloc = NewGauge()
+	runtimeMetrics.MemStats.BuckHashSys = NewGauge()
+	runtimeMetrics.MemStats.DebugGC = NewGauge()
+	runtimeMetrics.MemStats.EnableGC = NewGauge()
+	runtimeMetrics.MemStats.Frees = NewGauge()
+	runtimeMetrics.MemStats.HeapAlloc = NewGauge()
+	runtimeMetrics.MemStats.HeapIdle = NewGauge()
+	runtimeMetrics.MemStats.HeapInuse = NewGauge()
+	runtimeMetrics.MemStats.HeapObjects = NewGauge()
+	runtimeMetrics.MemStats.HeapReleased = NewGauge()
+	runtimeMetrics.MemStats.HeapSys = NewGauge()
+	runtimeMetrics.MemStats.LastGC = NewGauge()
+	runtimeMetrics.MemStats.Lookups = NewGauge()
+	runtimeMetrics.MemStats.Mallocs = NewGauge()
+	runtimeMetrics.MemStats.MCacheInuse = NewGauge()
+	runtimeMetrics.MemStats.MCacheSys = NewGauge()
+	runtimeMetrics.MemStats.MSpanInuse = NewGauge()
+	runtimeMetrics.MemStats.MSpanSys = NewGauge()
+	runtimeMetrics.MemStats.NextGC = NewGauge()
+	runtimeMetrics.MemStats.NumGC = NewGauge()
+	runtimeMetrics.MemStats.PauseNs = NewHistogram(NewExpDecaySample(1028, 0.015))
+	runtimeMetrics.MemStats.PauseTotalNs = NewGauge()
+	runtimeMetrics.MemStats.StackInuse = NewGauge()
+	runtimeMetrics.MemStats.StackSys = NewGauge()
+	runtimeMetrics.MemStats.Sys = NewGauge()
+	runtimeMetrics.MemStats.TotalAlloc = NewGauge()
+	runtimeMetrics.NumCgoCall = NewGauge()
+	runtimeMetrics.NumGoroutine = NewGauge()
+	runtimeMetrics.ReadMemStats = NewTimer()
+
+	r.Register("runtime.MemStats.Alloc", runtimeMetrics.MemStats.Alloc)
+	r.Register("runtime.MemStats.BuckHashSys", runtimeMetrics.MemStats.BuckHashSys)
+	r.Register("runtime.MemStats.DebugGC", runtimeMetrics.MemStats.DebugGC)
+	r.Register("runtime.MemStats.EnableGC", runtimeMetrics.MemStats.EnableGC)
+	r.Register("runtime.MemStats.Frees", runtimeMetrics.MemStats.Frees)
+	r.Register("runtime.MemStats.HeapAlloc", runtimeMetrics.MemStats.HeapAlloc)
+	r.Register("runtime.MemStats.HeapIdle", runtimeMetrics.MemStats.HeapIdle)
+	r.Register("runtime.MemStats.HeapInuse", runtimeMetrics.MemStats.HeapInuse)
+	r.Register("runtime.MemStats.HeapObjects", runtimeMetrics.MemStats.HeapObjects)
+	r.Register("runtime.MemStats.HeapReleased", runtimeMetrics.MemStats.HeapReleased)
+	r.Register("runtime.MemStats.HeapSys", runtimeMetrics.MemStats.HeapSys)
+	r.Register("runtime.MemStats.LastGC", runtimeMetrics.MemStats.LastGC)
+	r.Register("runtime.MemStats.Lookups", runtimeMetrics.MemStats.Lookups)
+	r.Register("runtime.MemStats.Mallocs", runtimeMetrics.MemStats.Mallocs)
+	r.Register("runtime.MemStats.MCacheInuse", runtimeMetrics.MemStats.MCacheInuse)
+	r.Register("runtime.MemStats.MCacheSys", runtimeMetrics.MemStats.MCacheSys)
+	r.Register("runtime.MemStats.MSpanInuse", runtimeMetrics.MemStats.MSpanInuse)
+	r.Register("runtime.MemStats.MSpanSys", runtimeMetrics.MemStats.MSpanSys)
+	r.Register("runtime.MemStats.NextGC", runtimeMetrics.MemStats.NextGC)
+	r.Register("runtime.MemStats.NumGC", runtimeMetrics.MemStats.NumGC)
+	r.Register("runtime.MemStats.PauseNs", runtimeMetrics.MemStats.PauseNs)
+	r.Register("runtime.MemStats.PauseTotalNs", runtimeMetrics.MemStats.PauseTotalNs)
+	r.Register("runtime.MemStats.StackInuse", runtimeMetrics.MemStats.StackInuse)
+	r.Register("runtime.MemStats.StackSys", runtimeMetrics.MemStats.StackSys)
+	r.Register("runtime.MemStats.Sys", runtimeMetrics.MemStats.Sys)
+	r.Register("runtime.MemStats.TotalAlloc", runtimeMetrics.MemStats.TotalAlloc)
+	r.Register("runtime.NumCgoCall", runtimeMetrics.NumCgoCall)
+	r.Register("runtime.NumGoroutine", runtimeMetrics.NumGoroutine)
+	r.Register("runtime.ReadMemStats", runtimeMetrics.ReadMemStats)
+}
diff --git a/vendor/github.com/yvasiyarov/go-metrics/runtime_cgo.go b/vendor/github.com/yvasiyarov/go-metrics/runtime_cgo.go
new file mode 100644
index 000000000..38976a8c5
--- /dev/null
+++ b/vendor/github.com/yvasiyarov/go-metrics/runtime_cgo.go
@@ -0,0 +1,9 @@
+// +build cgo
+
+package metrics
+
+import "runtime"
+
+func numCgoCall() int64 {
+	return runtime.NumCgoCall()
+}
diff --git a/vendor/github.com/yvasiyarov/go-metrics/runtime_no_cgo.go b/vendor/github.com/yvasiyarov/go-metrics/runtime_no_cgo.go
new file mode 100644
index 000000000..38220330c
--- /dev/null
+++ b/vendor/github.com/yvasiyarov/go-metrics/runtime_no_cgo.go
@@ -0,0 +1,7 @@
+// +build !cgo
+
+package metrics
+
+func numCgoCall() int64 {
+	return 0
+}
diff --git a/vendor/github.com/yvasiyarov/go-metrics/sample.go b/vendor/github.com/yvasiyarov/go-metrics/sample.go
new file mode 100644
index 000000000..e34b7b585
--- /dev/null
+++ b/vendor/github.com/yvasiyarov/go-metrics/sample.go
@@ -0,0 +1,568 @@
+package metrics
+
+import (
+	"container/heap"
+	"math"
+	"math/rand"
+	"sort"
+	"sync"
+	"time"
+)
+
+const rescaleThreshold = time.Hour
+
+// Samples maintain a statistically-significant selection of values from
+// a stream.
+type Sample interface {
+	Clear()
+	Count() int64
+	Max() int64
+	Mean() float64
+	Min() int64
+	Percentile(float64) float64
+	Percentiles([]float64) []float64
+	Size() int
+	Snapshot() Sample
+	StdDev() float64
+	Sum() int64
+	Update(int64)
+	Values() []int64
+	Variance() float64
+}
+
+// ExpDecaySample is an exponentially-decaying sample using a forward-decaying
+// priority reservoir.  See Cormode et al's "Forward Decay: A Practical Time
+// Decay Model for Streaming Systems".
+//
+// <http://www.research.att.com/people/Cormode_Graham/library/publications/CormodeShkapenyukSrivastavaXu09.pdf>
+type ExpDecaySample struct {
+	alpha         float64
+	count         int64
+	mutex         sync.Mutex
+	reservoirSize int
+	t0, t1        time.Time
+	values        expDecaySampleHeap
+}
+
+// NewExpDecaySample constructs a new exponentially-decaying sample with the
+// given reservoir size and alpha.
+func NewExpDecaySample(reservoirSize int, alpha float64) Sample {
+	if UseNilMetrics {
+		return NilSample{}
+	}
+	s := &ExpDecaySample{
+		alpha:         alpha,
+		reservoirSize: reservoirSize,
+		t0:            time.Now(),
+		values:        make(expDecaySampleHeap, 0, reservoirSize),
+	}
+	s.t1 = time.Now().Add(rescaleThreshold)
+	return s
+}
+
+// Clear clears all samples.
+func (s *ExpDecaySample) Clear() {
+	s.mutex.Lock()
+	defer s.mutex.Unlock()
+	s.count = 0
+	s.t0 = time.Now()
+	s.t1 = s.t0.Add(rescaleThreshold)
+	s.values = make(expDecaySampleHeap, 0, s.reservoirSize)
+}
+
+// Count returns the number of samples recorded, which may exceed the
+// reservoir size.
+func (s *ExpDecaySample) Count() int64 {
+	s.mutex.Lock()
+	defer s.mutex.Unlock()
+	return s.count
+}
+
+// Max returns the maximum value in the sample, which may not be the maximum
+// value ever to be part of the sample.
+func (s *ExpDecaySample) Max() int64 {
+	return SampleMax(s.Values())
+}
+
+// Mean returns the mean of the values in the sample.
+func (s *ExpDecaySample) Mean() float64 {
+	return SampleMean(s.Values())
+}
+
+// Min returns the minimum value in the sample, which may not be the minimum
+// value ever to be part of the sample.
+func (s *ExpDecaySample) Min() int64 {
+	return SampleMin(s.Values())
+}
+
+// Percentile returns an arbitrary percentile of values in the sample.
+func (s *ExpDecaySample) Percentile(p float64) float64 {
+	return SamplePercentile(s.Values(), p)
+}
+
+// Percentiles returns a slice of arbitrary percentiles of values in the
+// sample.
+func (s *ExpDecaySample) Percentiles(ps []float64) []float64 {
+	return SamplePercentiles(s.Values(), ps)
+}
+
+// Size returns the size of the sample, which is at most the reservoir size.
+func (s *ExpDecaySample) Size() int {
+	s.mutex.Lock()
+	defer s.mutex.Unlock()
+	return len(s.values)
+}
+
+// Snapshot returns a read-only copy of the sample.
+func (s *ExpDecaySample) Snapshot() Sample {
+	s.mutex.Lock()
+	defer s.mutex.Unlock()
+	values := make([]int64, len(s.values))
+	for i, v := range s.values {
+		values[i] = v.v
+	}
+	return &SampleSnapshot{
+		count:  s.count,
+		values: values,
+	}
+}
+
+// StdDev returns the standard deviation of the values in the sample.
+func (s *ExpDecaySample) StdDev() float64 {
+	return SampleStdDev(s.Values())
+}
+
+// Sum returns the sum of the values in the sample.
+func (s *ExpDecaySample) Sum() int64 {
+	return SampleSum(s.Values())
+}
+
+// Update samples a new value.
+func (s *ExpDecaySample) Update(v int64) {
+	s.update(time.Now(), v)
+}
+
+// Values returns a copy of the values in the sample.
+func (s *ExpDecaySample) Values() []int64 {
+	s.mutex.Lock()
+	defer s.mutex.Unlock()
+	values := make([]int64, len(s.values))
+	for i, v := range s.values {
+		values[i] = v.v
+	}
+	return values
+}
+
+// Variance returns the variance of the values in the sample.
+func (s *ExpDecaySample) Variance() float64 {
+	return SampleVariance(s.Values())
+}
+
+// update samples a new value at a particular timestamp.  This is a method all
+// its own to facilitate testing.
+func (s *ExpDecaySample) update(t time.Time, v int64) {
+	s.mutex.Lock()
+	defer s.mutex.Unlock()
+	s.count++
+	if len(s.values) == s.reservoirSize {
+		heap.Pop(&s.values)
+	}
+	heap.Push(&s.values, expDecaySample{
+		k: math.Exp(t.Sub(s.t0).Seconds()*s.alpha) / rand.Float64(),
+		v: v,
+	})
+	if t.After(s.t1) {
+		values := s.values
+		t0 := s.t0
+		s.values = make(expDecaySampleHeap, 0, s.reservoirSize)
+		s.t0 = t
+		s.t1 = s.t0.Add(rescaleThreshold)
+		for _, v := range values {
+			v.k = v.k * math.Exp(-s.alpha*float64(s.t0.Sub(t0)))
+			heap.Push(&s.values, v)
+		}
+	}
+}
+
+// NilSample is a no-op Sample.
+type NilSample struct{}
+
+// Clear is a no-op.
+func (NilSample) Clear() {}
+
+// Count is a no-op.
+func (NilSample) Count() int64 { return 0 }
+
+// Max is a no-op.
+func (NilSample) Max() int64 { return 0 }
+
+// Mean is a no-op.
+func (NilSample) Mean() float64 { return 0.0 }
+
+// Min is a no-op.
+func (NilSample) Min() int64 { return 0 }
+
+// Percentile is a no-op.
+func (NilSample) Percentile(p float64) float64 { return 0.0 }
+
+// Percentiles is a no-op.
+func (NilSample) Percentiles(ps []float64) []float64 {
+	return make([]float64, len(ps))
+}
+
+// Size is a no-op.
+func (NilSample) Size() int { return 0 }
+
+// Sample is a no-op.
+func (NilSample) Snapshot() Sample { return NilSample{} }
+
+// StdDev is a no-op.
+func (NilSample) StdDev() float64 { return 0.0 }
+
+// Sum is a no-op.
+func (NilSample) Sum() int64 { return 0 }
+
+// Update is a no-op.
+func (NilSample) Update(v int64) {}
+
+// Values is a no-op.
+func (NilSample) Values() []int64 { return []int64{} }
+
+// Variance is a no-op.
+func (NilSample) Variance() float64 { return 0.0 }
+
+// SampleMax returns the maximum value of the slice of int64.
+func SampleMax(values []int64) int64 {
+	if 0 == len(values) {
+		return 0
+	}
+	var max int64 = math.MinInt64
+	for _, v := range values {
+		if max < v {
+			max = v
+		}
+	}
+	return max
+}
+
+// SampleMean returns the mean value of the slice of int64.
+func SampleMean(values []int64) float64 {
+	if 0 == len(values) {
+		return 0.0
+	}
+	return float64(SampleSum(values)) / float64(len(values))
+}
+
+// SampleMin returns the minimum value of the slice of int64.
+func SampleMin(values []int64) int64 {
+	if 0 == len(values) {
+		return 0
+	}
+	var min int64 = math.MaxInt64
+	for _, v := range values {
+		if min > v {
+			min = v
+		}
+	}
+	return min
+}
+
+// SamplePercentiles returns an arbitrary percentile of the slice of int64.
+func SamplePercentile(values int64Slice, p float64) float64 {
+	return SamplePercentiles(values, []float64{p})[0]
+}
+
+// SamplePercentiles returns a slice of arbitrary percentiles of the slice of
+// int64.
+func SamplePercentiles(values int64Slice, ps []float64) []float64 {
+	scores := make([]float64, len(ps))
+	size := len(values)
+	if size > 0 {
+		sort.Sort(values)
+		for i, p := range ps {
+			pos := p * float64(size+1)
+			if pos < 1.0 {
+				scores[i] = float64(values[0])
+			} else if pos >= float64(size) {
+				scores[i] = float64(values[size-1])
+			} else {
+				lower := float64(values[int(pos)-1])
+				upper := float64(values[int(pos)])
+				scores[i] = lower + (pos-math.Floor(pos))*(upper-lower)
+			}
+		}
+	}
+	return scores
+}
+
+// SampleSnapshot is a read-only copy of another Sample.
+type SampleSnapshot struct {
+	count  int64
+	values []int64
+}
+
+// Clear panics.
+func (*SampleSnapshot) Clear() {
+	panic("Clear called on a SampleSnapshot")
+}
+
+// Count returns the count of inputs at the time the snapshot was taken.
+func (s *SampleSnapshot) Count() int64 { return s.count }
+
+// Max returns the maximal value at the time the snapshot was taken.
+func (s *SampleSnapshot) Max() int64 { return SampleMax(s.values) }
+
+// Mean returns the mean value at the time the snapshot was taken.
+func (s *SampleSnapshot) Mean() float64 { return SampleMean(s.values) }
+
+// Min returns the minimal value at the time the snapshot was taken.
+func (s *SampleSnapshot) Min() int64 { return SampleMin(s.values) }
+
+// Percentile returns an arbitrary percentile of values at the time the
+// snapshot was taken.
+func (s *SampleSnapshot) Percentile(p float64) float64 {
+	return SamplePercentile(s.values, p)
+}
+
+// Percentiles returns a slice of arbitrary percentiles of values at the time
+// the snapshot was taken.
+func (s *SampleSnapshot) Percentiles(ps []float64) []float64 {
+	return SamplePercentiles(s.values, ps)
+}
+
+// Size returns the size of the sample at the time the snapshot was taken.
+func (s *SampleSnapshot) Size() int { return len(s.values) }
+
+// Snapshot returns the snapshot.
+func (s *SampleSnapshot) Snapshot() Sample { return s }
+
+// StdDev returns the standard deviation of values at the time the snapshot was
+// taken.
+func (s *SampleSnapshot) StdDev() float64 { return SampleStdDev(s.values) }
+
+// Sum returns the sum of values at the time the snapshot was taken.
+func (s *SampleSnapshot) Sum() int64 { return SampleSum(s.values) }
+
+// Update panics.
+func (*SampleSnapshot) Update(int64) {
+	panic("Update called on a SampleSnapshot")
+}
+
+// Values returns a copy of the values in the sample.
+func (s *SampleSnapshot) Values() []int64 {
+	values := make([]int64, len(s.values))
+	copy(values, s.values)
+	return values
+}
+
+// Variance returns the variance of values at the time the snapshot was taken.
+func (s *SampleSnapshot) Variance() float64 { return SampleVariance(s.values) }
+
+// SampleStdDev returns the standard deviation of the slice of int64.
+func SampleStdDev(values []int64) float64 {
+	return math.Sqrt(SampleVariance(values))
+}
+
+// SampleSum returns the sum of the slice of int64.
+func SampleSum(values []int64) int64 {
+	var sum int64
+	for _, v := range values {
+		sum += v
+	}
+	return sum
+}
+
+// SampleVariance returns the variance of the slice of int64.
+func SampleVariance(values []int64) float64 {
+	if 0 == len(values) {
+		return 0.0
+	}
+	m := SampleMean(values)
+	var sum float64
+	for _, v := range values {
+		d := float64(v) - m
+		sum += d * d
+	}
+	return sum / float64(len(values))
+}
+
+// A uniform sample using Vitter's Algorithm R.
+//
+// <http://www.cs.umd.edu/~samir/498/vitter.pdf>
+type UniformSample struct {
+	count         int64
+	mutex         sync.Mutex
+	reservoirSize int
+	values        []int64
+}
+
+// NewUniformSample constructs a new uniform sample with the given reservoir
+// size.
+func NewUniformSample(reservoirSize int) Sample {
+	if UseNilMetrics {
+		return NilSample{}
+	}
+	return &UniformSample{
+		reservoirSize: reservoirSize,
+		values:        make([]int64, 0, reservoirSize),
+	}
+}
+
+// Clear clears all samples.
+func (s *UniformSample) Clear() {
+	s.mutex.Lock()
+	defer s.mutex.Unlock()
+	s.count = 0
+	s.values = make([]int64, 0, s.reservoirSize)
+}
+
+// Count returns the number of samples recorded, which may exceed the
+// reservoir size.
+func (s *UniformSample) Count() int64 {
+	s.mutex.Lock()
+	defer s.mutex.Unlock()
+	return s.count
+}
+
+// Max returns the maximum value in the sample, which may not be the maximum
+// value ever to be part of the sample.
+func (s *UniformSample) Max() int64 {
+	s.mutex.Lock()
+	defer s.mutex.Unlock()
+	return SampleMax(s.values)
+}
+
+// Mean returns the mean of the values in the sample.
+func (s *UniformSample) Mean() float64 {
+	s.mutex.Lock()
+	defer s.mutex.Unlock()
+	return SampleMean(s.values)
+}
+
+// Min returns the minimum value in the sample, which may not be the minimum
+// value ever to be part of the sample.
+func (s *UniformSample) Min() int64 {
+	s.mutex.Lock()
+	defer s.mutex.Unlock()
+	return SampleMin(s.values)
+}
+
+// Percentile returns an arbitrary percentile of values in the sample.
+func (s *UniformSample) Percentile(p float64) float64 {
+	s.mutex.Lock()
+	defer s.mutex.Unlock()
+	return SamplePercentile(s.values, p)
+}
+
+// Percentiles returns a slice of arbitrary percentiles of values in the
+// sample.
+func (s *UniformSample) Percentiles(ps []float64) []float64 {
+	s.mutex.Lock()
+	defer s.mutex.Unlock()
+	return SamplePercentiles(s.values, ps)
+}
+
+// Size returns the size of the sample, which is at most the reservoir size.
+func (s *UniformSample) Size() int {
+	s.mutex.Lock()
+	defer s.mutex.Unlock()
+	return len(s.values)
+}
+
+// Snapshot returns a read-only copy of the sample.
+func (s *UniformSample) Snapshot() Sample {
+	s.mutex.Lock()
+	defer s.mutex.Unlock()
+	values := make([]int64, len(s.values))
+	copy(values, s.values)
+	return &SampleSnapshot{
+		count:  s.count,
+		values: values,
+	}
+}
+
+// StdDev returns the standard deviation of the values in the sample.
+func (s *UniformSample) StdDev() float64 {
+	s.mutex.Lock()
+	defer s.mutex.Unlock()
+	return SampleStdDev(s.values)
+}
+
+// Sum returns the sum of the values in the sample.
+func (s *UniformSample) Sum() int64 {
+	s.mutex.Lock()
+	defer s.mutex.Unlock()
+	return SampleSum(s.values)
+}
+
+// Update samples a new value.
+func (s *UniformSample) Update(v int64) {
+	s.mutex.Lock()
+	defer s.mutex.Unlock()
+	s.count++
+	if len(s.values) < s.reservoirSize {
+		s.values = append(s.values, v)
+	} else {
+		s.values[rand.Intn(s.reservoirSize)] = v
+	}
+}
+
+// Values returns a copy of the values in the sample.
+func (s *UniformSample) Values() []int64 {
+	s.mutex.Lock()
+	defer s.mutex.Unlock()
+	values := make([]int64, len(s.values))
+	copy(values, s.values)
+	return values
+}
+
+// Variance returns the variance of the values in the sample.
+func (s *UniformSample) Variance() float64 {
+	s.mutex.Lock()
+	defer s.mutex.Unlock()
+	return SampleVariance(s.values)
+}
+
+// expDecaySample represents an individual sample in a heap.
+type expDecaySample struct {
+	k float64
+	v int64
+}
+
+// expDecaySampleHeap is a min-heap of expDecaySamples.
+type expDecaySampleHeap []expDecaySample
+
+func (q expDecaySampleHeap) Len() int {
+	return len(q)
+}
+
+func (q expDecaySampleHeap) Less(i, j int) bool {
+	return q[i].k < q[j].k
+}
+
+func (q *expDecaySampleHeap) Pop() interface{} {
+	q_ := *q
+	n := len(q_)
+	i := q_[n-1]
+	q_ = q_[0 : n-1]
+	*q = q_
+	return i
+}
+
+func (q *expDecaySampleHeap) Push(x interface{}) {
+	q_ := *q
+	n := len(q_)
+	q_ = q_[0 : n+1]
+	q_[n] = x.(expDecaySample)
+	*q = q_
+}
+
+func (q expDecaySampleHeap) Swap(i, j int) {
+	q[i], q[j] = q[j], q[i]
+}
+
+type int64Slice []int64
+
+func (p int64Slice) Len() int           { return len(p) }
+func (p int64Slice) Less(i, j int) bool { return p[i] < p[j] }
+func (p int64Slice) Swap(i, j int)      { p[i], p[j] = p[j], p[i] }
diff --git a/vendor/github.com/yvasiyarov/go-metrics/syslog.go b/vendor/github.com/yvasiyarov/go-metrics/syslog.go
new file mode 100644
index 000000000..693f19085
--- /dev/null
+++ b/vendor/github.com/yvasiyarov/go-metrics/syslog.go
@@ -0,0 +1,78 @@
+// +build !windows
+
+package metrics
+
+import (
+	"fmt"
+	"log/syslog"
+	"time"
+)
+
+// Output each metric in the given registry to syslog periodically using
+// the given syslogger.
+func Syslog(r Registry, d time.Duration, w *syslog.Writer) {
+	for _ = range time.Tick(d) {
+		r.Each(func(name string, i interface{}) {
+			switch metric := i.(type) {
+			case Counter:
+				w.Info(fmt.Sprintf("counter %s: count: %d", name, metric.Count()))
+			case Gauge:
+				w.Info(fmt.Sprintf("gauge %s: value: %d", name, metric.Value()))
+			case GaugeFloat64:
+				w.Info(fmt.Sprintf("gauge %s: value: %f", name, metric.Value()))
+			case Healthcheck:
+				metric.Check()
+				w.Info(fmt.Sprintf("healthcheck %s: error: %v", name, metric.Error()))
+			case Histogram:
+				h := metric.Snapshot()
+				ps := h.Percentiles([]float64{0.5, 0.75, 0.95, 0.99, 0.999})
+				w.Info(fmt.Sprintf(
+					"histogram %s: count: %d min: %d max: %d mean: %.2f stddev: %.2f median: %.2f 75%%: %.2f 95%%: %.2f 99%%: %.2f 99.9%%: %.2f",
+					name,
+					h.Count(),
+					h.Min(),
+					h.Max(),
+					h.Mean(),
+					h.StdDev(),
+					ps[0],
+					ps[1],
+					ps[2],
+					ps[3],
+					ps[4],
+				))
+			case Meter:
+				m := metric.Snapshot()
+				w.Info(fmt.Sprintf(
+					"meter %s: count: %d 1-min: %.2f 5-min: %.2f 15-min: %.2f mean: %.2f",
+					name,
+					m.Count(),
+					m.Rate1(),
+					m.Rate5(),
+					m.Rate15(),
+					m.RateMean(),
+				))
+			case Timer:
+				t := metric.Snapshot()
+				ps := t.Percentiles([]float64{0.5, 0.75, 0.95, 0.99, 0.999})
+				w.Info(fmt.Sprintf(
+					"timer %s: count: %d min: %d max: %d mean: %.2f stddev: %.2f median: %.2f 75%%: %.2f 95%%: %.2f 99%%: %.2f 99.9%%: %.2f 1-min: %.2f 5-min: %.2f 15-min: %.2f mean-rate: %.2f",
+					name,
+					t.Count(),
+					t.Min(),
+					t.Max(),
+					t.Mean(),
+					t.StdDev(),
+					ps[0],
+					ps[1],
+					ps[2],
+					ps[3],
+					ps[4],
+					t.Rate1(),
+					t.Rate5(),
+					t.Rate15(),
+					t.RateMean(),
+				))
+			}
+		})
+	}
+}
diff --git a/vendor/github.com/yvasiyarov/go-metrics/timer.go b/vendor/github.com/yvasiyarov/go-metrics/timer.go
new file mode 100644
index 000000000..73f19b585
--- /dev/null
+++ b/vendor/github.com/yvasiyarov/go-metrics/timer.go
@@ -0,0 +1,299 @@
+package metrics
+
+import (
+	"sync"
+	"time"
+)
+
+// Timers capture the duration and rate of events.
+type Timer interface {
+	Count() int64
+	Max() int64
+	Mean() float64
+	Min() int64
+	Percentile(float64) float64
+	Percentiles([]float64) []float64
+	Rate1() float64
+	Rate5() float64
+	Rate15() float64
+	RateMean() float64
+	Snapshot() Timer
+	StdDev() float64
+	Time(func())
+	Update(time.Duration)
+	UpdateSince(time.Time)
+	Variance() float64
+}
+
+// GetOrRegisterTimer returns an existing Timer or constructs and registers a
+// new StandardTimer.
+func GetOrRegisterTimer(name string, r Registry) Timer {
+	if nil == r {
+		r = DefaultRegistry
+	}
+	return r.GetOrRegister(name, NewTimer).(Timer)
+}
+
+// NewCustomTimer constructs a new StandardTimer from a Histogram and a Meter.
+func NewCustomTimer(h Histogram, m Meter) Timer {
+	if UseNilMetrics {
+		return NilTimer{}
+	}
+	return &StandardTimer{
+		histogram: h,
+		meter:     m,
+	}
+}
+
+// NewRegisteredTimer constructs and registers a new StandardTimer.
+func NewRegisteredTimer(name string, r Registry) Timer {
+	c := NewTimer()
+	if nil == r {
+		r = DefaultRegistry
+	}
+	r.Register(name, c)
+	return c
+}
+
+// NewTimer constructs a new StandardTimer using an exponentially-decaying
+// sample with the same reservoir size and alpha as UNIX load averages.
+func NewTimer() Timer {
+	if UseNilMetrics {
+		return NilTimer{}
+	}
+	return &StandardTimer{
+		histogram: NewHistogram(NewExpDecaySample(1028, 0.015)),
+		meter:     NewMeter(),
+	}
+}
+
+// NilTimer is a no-op Timer.
+type NilTimer struct {
+	h Histogram
+	m Meter
+}
+
+// Count is a no-op.
+func (NilTimer) Count() int64 { return 0 }
+
+// Max is a no-op.
+func (NilTimer) Max() int64 { return 0 }
+
+// Mean is a no-op.
+func (NilTimer) Mean() float64 { return 0.0 }
+
+// Min is a no-op.
+func (NilTimer) Min() int64 { return 0 }
+
+// Percentile is a no-op.
+func (NilTimer) Percentile(p float64) float64 { return 0.0 }
+
+// Percentiles is a no-op.
+func (NilTimer) Percentiles(ps []float64) []float64 {
+	return make([]float64, len(ps))
+}
+
+// Rate1 is a no-op.
+func (NilTimer) Rate1() float64 { return 0.0 }
+
+// Rate5 is a no-op.
+func (NilTimer) Rate5() float64 { return 0.0 }
+
+// Rate15 is a no-op.
+func (NilTimer) Rate15() float64 { return 0.0 }
+
+// RateMean is a no-op.
+func (NilTimer) RateMean() float64 { return 0.0 }
+
+// Snapshot is a no-op.
+func (NilTimer) Snapshot() Timer { return NilTimer{} }
+
+// StdDev is a no-op.
+func (NilTimer) StdDev() float64 { return 0.0 }
+
+// Time is a no-op.
+func (NilTimer) Time(func()) {}
+
+// Update is a no-op.
+func (NilTimer) Update(time.Duration) {}
+
+// UpdateSince is a no-op.
+func (NilTimer) UpdateSince(time.Time) {}
+
+// Variance is a no-op.
+func (NilTimer) Variance() float64 { return 0.0 }
+
+// StandardTimer is the standard implementation of a Timer and uses a Histogram
+// and Meter.
+type StandardTimer struct {
+	histogram Histogram
+	meter     Meter
+	mutex     sync.Mutex
+}
+
+// Count returns the number of events recorded.
+func (t *StandardTimer) Count() int64 {
+	return t.histogram.Count()
+}
+
+// Max returns the maximum value in the sample.
+func (t *StandardTimer) Max() int64 {
+	return t.histogram.Max()
+}
+
+// Mean returns the mean of the values in the sample.
+func (t *StandardTimer) Mean() float64 {
+	return t.histogram.Mean()
+}
+
+// Min returns the minimum value in the sample.
+func (t *StandardTimer) Min() int64 {
+	return t.histogram.Min()
+}
+
+// Percentile returns an arbitrary percentile of the values in the sample.
+func (t *StandardTimer) Percentile(p float64) float64 {
+	return t.histogram.Percentile(p)
+}
+
+// Percentiles returns a slice of arbitrary percentiles of the values in the
+// sample.
+func (t *StandardTimer) Percentiles(ps []float64) []float64 {
+	return t.histogram.Percentiles(ps)
+}
+
+// Rate1 returns the one-minute moving average rate of events per second.
+func (t *StandardTimer) Rate1() float64 {
+	return t.meter.Rate1()
+}
+
+// Rate5 returns the five-minute moving average rate of events per second.
+func (t *StandardTimer) Rate5() float64 {
+	return t.meter.Rate5()
+}
+
+// Rate15 returns the fifteen-minute moving average rate of events per second.
+func (t *StandardTimer) Rate15() float64 {
+	return t.meter.Rate15()
+}
+
+// RateMean returns the meter's mean rate of events per second.
+func (t *StandardTimer) RateMean() float64 {
+	return t.meter.RateMean()
+}
+
+// Snapshot returns a read-only copy of the timer.
+func (t *StandardTimer) Snapshot() Timer {
+	t.mutex.Lock()
+	defer t.mutex.Unlock()
+	return &TimerSnapshot{
+		histogram: t.histogram.Snapshot().(*HistogramSnapshot),
+		meter:     t.meter.Snapshot().(*MeterSnapshot),
+	}
+}
+
+// StdDev returns the standard deviation of the values in the sample.
+func (t *StandardTimer) StdDev() float64 {
+	return t.histogram.StdDev()
+}
+
+// Record the duration of the execution of the given function.
+func (t *StandardTimer) Time(f func()) {
+	ts := time.Now()
+	f()
+	t.Update(time.Since(ts))
+}
+
+// Record the duration of an event.
+func (t *StandardTimer) Update(d time.Duration) {
+	t.mutex.Lock()
+	defer t.mutex.Unlock()
+	t.histogram.Update(int64(d))
+	t.meter.Mark(1)
+}
+
+// Record the duration of an event that started at a time and ends now.
+func (t *StandardTimer) UpdateSince(ts time.Time) {
+	t.mutex.Lock()
+	defer t.mutex.Unlock()
+	t.histogram.Update(int64(time.Since(ts)))
+	t.meter.Mark(1)
+}
+
+// Variance returns the variance of the values in the sample.
+func (t *StandardTimer) Variance() float64 {
+	return t.histogram.Variance()
+}
+
+// TimerSnapshot is a read-only copy of another Timer.
+type TimerSnapshot struct {
+	histogram *HistogramSnapshot
+	meter     *MeterSnapshot
+}
+
+// Count returns the number of events recorded at the time the snapshot was
+// taken.
+func (t *TimerSnapshot) Count() int64 { return t.histogram.Count() }
+
+// Max returns the maximum value at the time the snapshot was taken.
+func (t *TimerSnapshot) Max() int64 { return t.histogram.Max() }
+
+// Mean returns the mean value at the time the snapshot was taken.
+func (t *TimerSnapshot) Mean() float64 { return t.histogram.Mean() }
+
+// Min returns the minimum value at the time the snapshot was taken.
+func (t *TimerSnapshot) Min() int64 { return t.histogram.Min() }
+
+// Percentile returns an arbitrary percentile of sampled values at the time the
+// snapshot was taken.
+func (t *TimerSnapshot) Percentile(p float64) float64 {
+	return t.histogram.Percentile(p)
+}
+
+// Percentiles returns a slice of arbitrary percentiles of sampled values at
+// the time the snapshot was taken.
+func (t *TimerSnapshot) Percentiles(ps []float64) []float64 {
+	return t.histogram.Percentiles(ps)
+}
+
+// Rate1 returns the one-minute moving average rate of events per second at the
+// time the snapshot was taken.
+func (t *TimerSnapshot) Rate1() float64 { return t.meter.Rate1() }
+
+// Rate5 returns the five-minute moving average rate of events per second at
+// the time the snapshot was taken.
+func (t *TimerSnapshot) Rate5() float64 { return t.meter.Rate5() }
+
+// Rate15 returns the fifteen-minute moving average rate of events per second
+// at the time the snapshot was taken.
+func (t *TimerSnapshot) Rate15() float64 { return t.meter.Rate15() }
+
+// RateMean returns the meter's mean rate of events per second at the time the
+// snapshot was taken.
+func (t *TimerSnapshot) RateMean() float64 { return t.meter.RateMean() }
+
+// Snapshot returns the snapshot.
+func (t *TimerSnapshot) Snapshot() Timer { return t }
+
+// StdDev returns the standard deviation of the values at the time the snapshot
+// was taken.
+func (t *TimerSnapshot) StdDev() float64 { return t.histogram.StdDev() }
+
+// Time panics.
+func (*TimerSnapshot) Time(func()) {
+	panic("Time called on a TimerSnapshot")
+}
+
+// Update panics.
+func (*TimerSnapshot) Update(time.Duration) {
+	panic("Update called on a TimerSnapshot")
+}
+
+// UpdateSince panics.
+func (*TimerSnapshot) UpdateSince(time.Time) {
+	panic("UpdateSince called on a TimerSnapshot")
+}
+
+// Variance returns the variance of the values at the time the snapshot was
+// taken.
+func (t *TimerSnapshot) Variance() float64 { return t.histogram.Variance() }
diff --git a/vendor/github.com/yvasiyarov/go-metrics/writer.go b/vendor/github.com/yvasiyarov/go-metrics/writer.go
new file mode 100644
index 000000000..091e971d2
--- /dev/null
+++ b/vendor/github.com/yvasiyarov/go-metrics/writer.go
@@ -0,0 +1,100 @@
+package metrics
+
+import (
+	"fmt"
+	"io"
+	"sort"
+	"time"
+)
+
+// Write sorts writes each metric in the given registry periodically to the
+// given io.Writer.
+func Write(r Registry, d time.Duration, w io.Writer) {
+	for _ = range time.Tick(d) {
+		WriteOnce(r, w)
+	}
+}
+
+// WriteOnce sorts and writes metrics in the given registry to the given
+// io.Writer.
+func WriteOnce(r Registry, w io.Writer) {
+	var namedMetrics namedMetricSlice
+	r.Each(func(name string, i interface{}) {
+		namedMetrics = append(namedMetrics, namedMetric{name, i})
+	})
+
+	sort.Sort(namedMetrics)
+	for _, namedMetric := range namedMetrics {
+		switch metric := namedMetric.m.(type) {
+		case Counter:
+			fmt.Fprintf(w, "counter %s\n", namedMetric.name)
+			fmt.Fprintf(w, "  count:       %9d\n", metric.Count())
+		case Gauge:
+			fmt.Fprintf(w, "gauge %s\n", namedMetric.name)
+			fmt.Fprintf(w, "  value:       %9d\n", metric.Value())
+		case GaugeFloat64:
+			fmt.Fprintf(w, "gauge %s\n", namedMetric.name)
+			fmt.Fprintf(w, "  value:       %f\n", metric.Value())
+		case Healthcheck:
+			metric.Check()
+			fmt.Fprintf(w, "healthcheck %s\n", namedMetric.name)
+			fmt.Fprintf(w, "  error:       %v\n", metric.Error())
+		case Histogram:
+			h := metric.Snapshot()
+			ps := h.Percentiles([]float64{0.5, 0.75, 0.95, 0.99, 0.999})
+			fmt.Fprintf(w, "histogram %s\n", namedMetric.name)
+			fmt.Fprintf(w, "  count:       %9d\n", h.Count())
+			fmt.Fprintf(w, "  min:         %9d\n", h.Min())
+			fmt.Fprintf(w, "  max:         %9d\n", h.Max())
+			fmt.Fprintf(w, "  mean:        %12.2f\n", h.Mean())
+			fmt.Fprintf(w, "  stddev:      %12.2f\n", h.StdDev())
+			fmt.Fprintf(w, "  median:      %12.2f\n", ps[0])
+			fmt.Fprintf(w, "  75%%:         %12.2f\n", ps[1])
+			fmt.Fprintf(w, "  95%%:         %12.2f\n", ps[2])
+			fmt.Fprintf(w, "  99%%:         %12.2f\n", ps[3])
+			fmt.Fprintf(w, "  99.9%%:       %12.2f\n", ps[4])
+		case Meter:
+			m := metric.Snapshot()
+			fmt.Fprintf(w, "meter %s\n", namedMetric.name)
+			fmt.Fprintf(w, "  count:       %9d\n", m.Count())
+			fmt.Fprintf(w, "  1-min rate:  %12.2f\n", m.Rate1())
+			fmt.Fprintf(w, "  5-min rate:  %12.2f\n", m.Rate5())
+			fmt.Fprintf(w, "  15-min rate: %12.2f\n", m.Rate15())
+			fmt.Fprintf(w, "  mean rate:   %12.2f\n", m.RateMean())
+		case Timer:
+			t := metric.Snapshot()
+			ps := t.Percentiles([]float64{0.5, 0.75, 0.95, 0.99, 0.999})
+			fmt.Fprintf(w, "timer %s\n", namedMetric.name)
+			fmt.Fprintf(w, "  count:       %9d\n", t.Count())
+			fmt.Fprintf(w, "  min:         %9d\n", t.Min())
+			fmt.Fprintf(w, "  max:         %9d\n", t.Max())
+			fmt.Fprintf(w, "  mean:        %12.2f\n", t.Mean())
+			fmt.Fprintf(w, "  stddev:      %12.2f\n", t.StdDev())
+			fmt.Fprintf(w, "  median:      %12.2f\n", ps[0])
+			fmt.Fprintf(w, "  75%%:         %12.2f\n", ps[1])
+			fmt.Fprintf(w, "  95%%:         %12.2f\n", ps[2])
+			fmt.Fprintf(w, "  99%%:         %12.2f\n", ps[3])
+			fmt.Fprintf(w, "  99.9%%:       %12.2f\n", ps[4])
+			fmt.Fprintf(w, "  1-min rate:  %12.2f\n", t.Rate1())
+			fmt.Fprintf(w, "  5-min rate:  %12.2f\n", t.Rate5())
+			fmt.Fprintf(w, "  15-min rate: %12.2f\n", t.Rate15())
+			fmt.Fprintf(w, "  mean rate:   %12.2f\n", t.RateMean())
+		}
+	}
+}
+
+type namedMetric struct {
+	name string
+	m    interface{}
+}
+
+// namedMetricSlice is a slice of namedMetrics that implements sort.Interface.
+type namedMetricSlice []namedMetric
+
+func (nms namedMetricSlice) Len() int { return len(nms) }
+
+func (nms namedMetricSlice) Swap(i, j int) { nms[i], nms[j] = nms[j], nms[i] }
+
+func (nms namedMetricSlice) Less(i, j int) bool {
+	return nms[i].name < nms[j].name
+}
diff --git a/vendor/github.com/yvasiyarov/gorelic/.gitignore b/vendor/github.com/yvasiyarov/gorelic/.gitignore
new file mode 100644
index 000000000..ca502e294
--- /dev/null
+++ b/vendor/github.com/yvasiyarov/gorelic/.gitignore
@@ -0,0 +1,4 @@
+*.nut
+*.swp
+examples/example1
+examples/example_web
diff --git a/vendor/github.com/yvasiyarov/gorelic/.travis.yml b/vendor/github.com/yvasiyarov/gorelic/.travis.yml
new file mode 100644
index 000000000..4f2ee4d97
--- /dev/null
+++ b/vendor/github.com/yvasiyarov/gorelic/.travis.yml
@@ -0,0 +1 @@
+language: go
diff --git a/vendor/github.com/yvasiyarov/gorelic/LICENSE b/vendor/github.com/yvasiyarov/gorelic/LICENSE
new file mode 100644
index 000000000..01a9a5c4d
--- /dev/null
+++ b/vendor/github.com/yvasiyarov/gorelic/LICENSE
@@ -0,0 +1,24 @@
+Copyright (c) 2013 Yuriy Vasiyarov. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+   * Redistributions of source code must retain the above copyright
+notice, this list of conditions and the following disclaimer.
+   * Redistributions in binary form must reproduce the above
+copyright notice, this list of conditions and the following disclaimer
+in the documentation and/or other materials provided with the
+distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/vendor/github.com/yvasiyarov/gorelic/README.md b/vendor/github.com/yvasiyarov/gorelic/README.md
new file mode 100644
index 000000000..61068a82a
--- /dev/null
+++ b/vendor/github.com/yvasiyarov/gorelic/README.md
@@ -0,0 +1,119 @@
+# GoRelic
+
+New Relic agent for Go runtime. It collect a lot of metrics about scheduler, garbage collector and memory allocator and 
+send them to NewRelic.
+
+### Requirements  
+- Go 1.1 or higher
+- github.com/yvasiyarov/gorelic
+- github.com/yvasiyarov/newrelic_platform_go
+- github.com/yvasiyarov/go-metrics
+
+You have to install manually only first two dependencies. All other dependencies will be installed automatically 
+by Go toolchain.   
+
+### Installation   
+```bash
+go get github.com/yvasiyarov/gorelic
+```
+and add to the initialization part of your application following code:  
+```go
+import (
+    "github.com/yvasiyarov/gorelic"
+)
+....
+
+agent := gorelic.NewAgent()
+agent.Verbose = true
+agent.NewrelicLicense = "YOUR NEWRELIC LICENSE KEY THERE"
+agent.Run()
+
+```
+
+### Middleware  
+If you using Beego, Martini, Revel or Gin framework you can hook up gorelic with your application by using the following middleware:
+- https://github.com/yvasiyarov/beego_gorelic   
+- https://github.com/yvasiyarov/martini_gorelic   
+- https://github.com/yvasiyarov/gocraft_gorelic   
+- http://wiki.colar.net/revel_newelic
+- https://github.com/jingweno/negroni-gorelic
+- https://github.com/brandfolder/gin-gorelic
+   
+
+### Configuration  
+- NewrelicLicense - its the only mandatory setting of this agent.
+- NewrelicName - component name in NewRelic dashboard. Default value: "Go daemon"
+- NewrelicPollInterval - how often metrics will be sent to NewRelic. Default value: 60 seconds
+- Verbose - print some usefull for debugging information. Default value: false
+- CollectGcStat - should agent collect garbage collector statistic or not. Default value: true
+- CollectHTTPStat - should agent collect HTTP metrics. Default value: false
+- CollectMemoryStat - should agent collect memory allocator statistic or not. Default value: true
+- GCPollInterval - how often should GC statistic collected. Default value: 10 seconds. It has performance impact. For more information, please, see metrics documentation.
+- MemoryAllocatorPollInterval - how often should memory allocator statistic collected. Default value: 60 seconds. It has performance impact. For more information, please, read metrics documentation.
+
+
+## Metrics reported by plugin
+This agent use functions exposed by runtime or runtime/debug packages to collect most important information about Go runtime.
+
+### General metrics   
+- Runtime/General/NOGoroutines - number of runned go routines, as it reported by NumGoroutine() from runtime package
+- Runtime/General/NOCgoCalls - number of runned cgo calls, as it reported by NumCgoCall() from runtime package
+
+### Garbage collector metrics      
+- Runtime/GC/NumberOfGCCalls - Nuber of GC calls, as it reported by ReadGCStats() from runtime/debug 
+- Runtime/GC/PauseTotalTime - Total pause time diring GC calls, as it reported by ReadGCStats() from runtime/debug (in nanoseconds)
+- Runtime/GC/GCTime/Max - max GC time
+- Runtime/GC/GCTime/Min - min GC time
+- Runtime/GC/GCTime/Mean - GC mean time
+- Runtime/GC/GCTime/Percentile95 - 95% percentile of GC time
+
+All this metrics are measured in nanoseconds. Last 4 of them can be inaccurate if GC called more often then once in GCPollInterval. 
+If in your workload GC is called more often - you can consider decreasing value of GCPollInterval. 
+But be carefull, ReadGCStats() blocks mheap, so its not good idea to set GCPollInterval to very low values.
+
+### Memory allocator 
+- Component/Runtime/Memory/SysMem/Total - number of bytes/minute allocated from OS totally. 
+- Component/Runtime/Memory/SysMem/Stack - number of bytes/minute allocated from OS for stacks.
+- Component/Runtime/Memory/SysMem/MSpan - number of bytes/minute allocated from OS for internal MSpan structs.
+- Component/Runtime/Memory/SysMem/MCache - number of bytes/minute allocated from OS for internal MCache structs.
+- Component/Runtime/Memory/SysMem/Heap - number of bytes/minute allocated from OS for heap.
+- Component/Runtime/Memory/SysMem/BuckHash - number of bytes/minute allocated from OS for internal BuckHash structs.
+- Component/Runtime/Memory/Operations/NoFrees - number of memory frees per minute
+- Component/Runtime/Memory/Operations/NoMallocs - number of memory allocations per minute
+- Component/Runtime/Memory/Operations/NoPointerLookups - number of pointer lookups per minute
+- Component/Runtime/Memory/InUse/Total - total amount of memory in use
+- Component/Runtime/Memory/InUse/Heap - amount of memory in use for heap
+- Component/Runtime/Memory/InUse/MCacheInuse - amount of memory in use for MCache internal structures
+- Component/Runtime/Memory/InUse/MSpanInuse - amount of memory in use for MSpan internal structures  
+- Component/Runtime/Memory/InUse/Stack - amount of memory in use for stacks
+
+### Process metrics
+- Component/Runtime/System/Threads - number of OS threads used
+- Runtime/System/FDSize - number of file descriptors, used by process
+- Runtime/System/Memory/VmPeakSize - VM max size
+- Runtime/System/Memory/VmCurrent  - VM current size
+- Runtime/System/Memory/RssPeak    - max size of resident memory set
+- Runtime/System/Memory/RssCurrent - current size of resident memory set   
+
+All this metrics collected once in MemoryAllocatorPollInterval. In order to collect this statistic agent use ReadMemStats() routine.
+This routine calls stoptheworld() internally and it block everything. So, please, consider this when you change MemoryAllocatorPollInterval value.
+
+### HTTP metrics   
+- throughput (requests per second), calculated for last minute  
+- mean throughput (requests per second)   
+- mean response time  
+- min response time  
+- max response time  
+- 75%, 90%, 95% percentiles for response time
+ 
+
+In order to collect HTTP metrics, handler functions must be wrapped using WrapHTTPHandlerFunc:
+
+```go
+http.HandleFunc("/", agent.WrapHTTPHandlerFunc(handler))
+```
+
+## TODO
+- Collect per-size allocation statistic
+- Collect user defined metrics
+
diff --git a/vendor/github.com/yvasiyarov/gorelic/agent.go b/vendor/github.com/yvasiyarov/gorelic/agent.go
new file mode 100644
index 000000000..660623d6f
--- /dev/null
+++ b/vendor/github.com/yvasiyarov/gorelic/agent.go
@@ -0,0 +1,137 @@
+package gorelic
+
+import (
+	"errors"
+	"fmt"
+	metrics "github.com/yvasiyarov/go-metrics"
+	"github.com/yvasiyarov/newrelic_platform_go"
+	"log"
+	"net/http"
+)
+
+const (
+	// DefaultNewRelicPollInterval - how often we will report metrics to NewRelic.
+	// Recommended values is 60 seconds
+	DefaultNewRelicPollInterval = 60
+
+	// DefaultGcPollIntervalInSeconds - how often we will get garbage collector run statistic
+	// Default value is - every 10 seconds
+	// During GC stat pooling - mheap will be locked, so be carefull changing this value
+	DefaultGcPollIntervalInSeconds = 10
+
+	// DefaultMemoryAllocatorPollIntervalInSeconds - how often we will get memory allocator statistic.
+	// Default value is - every 60 seconds
+	// During this process stoptheword() is called, so be carefull changing this value
+	DefaultMemoryAllocatorPollIntervalInSeconds = 60
+
+	//DefaultAgentGuid is plugin ID in NewRelic.
+	//You should not change it unless you want to create your own plugin.
+	DefaultAgentGuid = "com.github.yvasiyarov.GoRelic"
+
+	//CurrentAgentVersion is plugin version
+	CurrentAgentVersion = "0.0.6"
+
+	//DefaultAgentName in NewRelic GUI. You can change it.
+	DefaultAgentName = "Go daemon"
+)
+
+//Agent - is NewRelic agent implementation.
+//Agent start separate go routine which will report data to NewRelic
+type Agent struct {
+	NewrelicName                string
+	NewrelicLicense             string
+	NewrelicPollInterval        int
+	Verbose                     bool
+	CollectGcStat               bool
+	CollectMemoryStat           bool
+	CollectHTTPStat             bool
+	GCPollInterval              int
+	MemoryAllocatorPollInterval int
+	AgentGUID                   string
+	AgentVersion                string
+	plugin                      *newrelic_platform_go.NewrelicPlugin
+	HTTPTimer                   metrics.Timer
+}
+
+//NewAgent build new Agent objects.
+func NewAgent() *Agent {
+	agent := &Agent{
+		NewrelicName:                DefaultAgentName,
+		NewrelicPollInterval:        DefaultNewRelicPollInterval,
+		Verbose:                     false,
+		CollectGcStat:               true,
+		CollectMemoryStat:           true,
+		GCPollInterval:              DefaultGcPollIntervalInSeconds,
+		MemoryAllocatorPollInterval: DefaultMemoryAllocatorPollIntervalInSeconds,
+		AgentGUID:                   DefaultAgentGuid,
+		AgentVersion:                CurrentAgentVersion,
+	}
+	return agent
+}
+
+//WrapHTTPHandlerFunc  instrument HTTP handler functions to collect HTTP metrics
+func (agent *Agent) WrapHTTPHandlerFunc(h tHTTPHandlerFunc) tHTTPHandlerFunc {
+	agent.initTimer()
+	return func(w http.ResponseWriter, req *http.Request) {
+		proxy := newHTTPHandlerFunc(h)
+		proxy.timer = agent.HTTPTimer
+		proxy.ServeHTTP(w, req)
+	}
+}
+
+//WrapHTTPHandler  instrument HTTP handler object to collect HTTP metrics
+func (agent *Agent) WrapHTTPHandler(h http.Handler) http.Handler {
+	agent.initTimer()
+
+	proxy := newHTTPHandler(h)
+	proxy.timer = agent.HTTPTimer
+	return proxy
+}
+
+//Run initialize Agent instance and start harvest go routine
+func (agent *Agent) Run() error {
+	if agent.NewrelicLicense == "" {
+		return errors.New("please, pass a valid newrelic license key")
+	}
+
+	agent.plugin = newrelic_platform_go.NewNewrelicPlugin(agent.AgentVersion, agent.NewrelicLicense, agent.NewrelicPollInterval)
+	component := newrelic_platform_go.NewPluginComponent(agent.NewrelicName, agent.AgentGUID)
+	agent.plugin.AddComponent(component)
+
+	addRuntimeMericsToComponent(component)
+
+	if agent.CollectGcStat {
+		addGCMericsToComponent(component, agent.GCPollInterval)
+		agent.debug(fmt.Sprintf("Init GC metrics collection. Poll interval %d seconds.", agent.GCPollInterval))
+	}
+	if agent.CollectMemoryStat {
+		addMemoryMericsToComponent(component, agent.MemoryAllocatorPollInterval)
+		agent.debug(fmt.Sprintf("Init memory allocator metrics collection. Poll interval %d seconds.", agent.MemoryAllocatorPollInterval))
+	}
+
+	if agent.CollectHTTPStat {
+		agent.initTimer()
+		addHTTPMericsToComponent(component, agent.HTTPTimer)
+		agent.debug(fmt.Sprintf("Init HTTP metrics collection."))
+	}
+
+	agent.plugin.Verbose = agent.Verbose
+	go agent.plugin.Run()
+	return nil
+}
+
+//Initialize global metrics.Timer object, used to collect HTTP metrics
+func (agent *Agent) initTimer() {
+	if agent.HTTPTimer == nil {
+		agent.HTTPTimer = metrics.NewTimer()
+	}
+
+	agent.CollectHTTPStat = true
+}
+
+//Print debug messages
+func (agent *Agent) debug(msg string) {
+	if agent.Verbose {
+		log.Println(msg)
+	}
+}
diff --git a/vendor/github.com/yvasiyarov/gorelic/doc.go b/vendor/github.com/yvasiyarov/gorelic/doc.go
new file mode 100644
index 000000000..69de9fee3
--- /dev/null
+++ b/vendor/github.com/yvasiyarov/gorelic/doc.go
@@ -0,0 +1,2 @@
+// Package gorelic is an New Relic agent implementation for Go runtime. It collect a lot of metrics about Go scheduler, garbage collector and memory allocator and send them to NewRelic.
+package gorelic
diff --git a/vendor/github.com/yvasiyarov/gorelic/gc_metrics.go b/vendor/github.com/yvasiyarov/gorelic/gc_metrics.go
new file mode 100644
index 000000000..394059402
--- /dev/null
+++ b/vendor/github.com/yvasiyarov/gorelic/gc_metrics.go
@@ -0,0 +1,65 @@
+package gorelic
+
+import (
+	metrics "github.com/yvasiyarov/go-metrics"
+	"github.com/yvasiyarov/newrelic_platform_go"
+	"time"
+)
+
+func newGCMetricaDataSource(pollInterval int) goMetricaDataSource {
+	r := metrics.NewRegistry()
+
+	metrics.RegisterDebugGCStats(r)
+	go metrics.CaptureDebugGCStats(r, time.Duration(pollInterval)*time.Second)
+	return goMetricaDataSource{r}
+}
+
+func addGCMericsToComponent(component newrelic_platform_go.IComponent, pollInterval int) {
+	metrics := []*baseGoMetrica{
+		&baseGoMetrica{
+			name:          "NumberOfGCCalls",
+			units:         "calls",
+			dataSourceKey: "debug.GCStats.NumGC",
+		},
+		&baseGoMetrica{
+			name:          "PauseTotalTime",
+			units:         "nanoseconds",
+			dataSourceKey: "debug.GCStats.PauseTotal",
+		},
+	}
+
+	ds := newGCMetricaDataSource(pollInterval)
+	for _, m := range metrics {
+		m.basePath = "Runtime/GC/"
+		m.dataSource = ds
+		component.AddMetrica(&gaugeMetrica{m})
+	}
+
+	histogramMetrics := []*histogramMetrica{
+		&histogramMetrica{
+			statFunction:  histogramMax,
+			baseGoMetrica: &baseGoMetrica{name: "Max"},
+		},
+		&histogramMetrica{
+			statFunction:  histogramMin,
+			baseGoMetrica: &baseGoMetrica{name: "Min"},
+		},
+		&histogramMetrica{
+			statFunction:  histogramMean,
+			baseGoMetrica: &baseGoMetrica{name: "Mean"},
+		},
+		&histogramMetrica{
+			statFunction:    histogramPercentile,
+			percentileValue: 0.95,
+			baseGoMetrica:   &baseGoMetrica{name: "Percentile95"},
+		},
+	}
+	for _, m := range histogramMetrics {
+		m.baseGoMetrica.units = "nanoseconds"
+		m.baseGoMetrica.dataSourceKey = "debug.GCStats.Pause"
+		m.baseGoMetrica.basePath = "Runtime/GC/GCTime/"
+		m.baseGoMetrica.dataSource = ds
+
+		component.AddMetrica(m)
+	}
+}
diff --git a/vendor/github.com/yvasiyarov/gorelic/gometrica.go b/vendor/github.com/yvasiyarov/gorelic/gometrica.go
new file mode 100644
index 000000000..52fcdd575
--- /dev/null
+++ b/vendor/github.com/yvasiyarov/gorelic/gometrica.go
@@ -0,0 +1,105 @@
+package gorelic
+
+import (
+	"fmt"
+	metrics "github.com/yvasiyarov/go-metrics"
+)
+
+const (
+	histogramMin = iota
+	histogramMax
+	histogramMean
+	histogramPercentile
+	histogramStdDev
+	histogramVariance
+	noHistogramFunctions
+)
+
+type goMetricaDataSource struct {
+	metrics.Registry
+}
+
+func (ds goMetricaDataSource) GetGaugeValue(key string) (float64, error) {
+	if valueContainer := ds.Get(key); valueContainer == nil {
+		return 0, fmt.Errorf("metrica with name %s is not registered\n", key)
+	} else if gauge, ok := valueContainer.(metrics.Gauge); ok {
+		return float64(gauge.Value()), nil
+	} else {
+		return 0, fmt.Errorf("metrica container has unexpected type: %T\n", valueContainer)
+	}
+}
+
+func (ds goMetricaDataSource) GetHistogramValue(key string, statFunction int, percentile float64) (float64, error) {
+	if valueContainer := ds.Get(key); valueContainer == nil {
+		return 0, fmt.Errorf("metrica with name %s is not registered\n", key)
+	} else if histogram, ok := valueContainer.(metrics.Histogram); ok {
+		switch statFunction {
+		default:
+			return 0, fmt.Errorf("unsupported stat function for histogram: %s\n", statFunction)
+		case histogramMax:
+			return float64(histogram.Max()), nil
+		case histogramMin:
+			return float64(histogram.Min()), nil
+		case histogramMean:
+			return float64(histogram.Mean()), nil
+		case histogramStdDev:
+			return float64(histogram.StdDev()), nil
+		case histogramVariance:
+			return float64(histogram.Variance()), nil
+		case histogramPercentile:
+			return float64(histogram.Percentile(percentile)), nil
+		}
+	} else {
+		return 0, fmt.Errorf("metrica container has unexpected type: %T\n", valueContainer)
+	}
+}
+
+type baseGoMetrica struct {
+	dataSource    goMetricaDataSource
+	basePath      string
+	name          string
+	units         string
+	dataSourceKey string
+}
+
+func (metrica *baseGoMetrica) GetName() string {
+	return metrica.basePath + metrica.name
+}
+
+func (metrica *baseGoMetrica) GetUnits() string {
+	return metrica.units
+}
+
+type gaugeMetrica struct {
+	*baseGoMetrica
+}
+
+func (metrica *gaugeMetrica) GetValue() (float64, error) {
+	return metrica.dataSource.GetGaugeValue(metrica.dataSourceKey)
+}
+
+type gaugeIncMetrica struct {
+	*baseGoMetrica
+	previousValue float64
+}
+
+func (metrica *gaugeIncMetrica) GetValue() (float64, error) {
+	var value float64
+	var currentValue float64
+	var err error
+	if currentValue, err = metrica.dataSource.GetGaugeValue(metrica.dataSourceKey); err == nil {
+		value = currentValue - metrica.previousValue
+		metrica.previousValue = currentValue
+	}
+	return value, err
+}
+
+type histogramMetrica struct {
+	*baseGoMetrica
+	statFunction    int
+	percentileValue float64
+}
+
+func (metrica *histogramMetrica) GetValue() (float64, error) {
+	return metrica.dataSource.GetHistogramValue(metrica.dataSourceKey, metrica.statFunction, metrica.percentileValue)
+}
diff --git a/vendor/github.com/yvasiyarov/gorelic/http_metrics.go b/vendor/github.com/yvasiyarov/gorelic/http_metrics.go
new file mode 100644
index 000000000..e54cbd371
--- /dev/null
+++ b/vendor/github.com/yvasiyarov/gorelic/http_metrics.go
@@ -0,0 +1,194 @@
+package gorelic
+
+import (
+	metrics "github.com/yvasiyarov/go-metrics"
+	"github.com/yvasiyarov/newrelic_platform_go"
+	"net/http"
+	"time"
+)
+
+type tHTTPHandlerFunc func(http.ResponseWriter, *http.Request)
+type tHTTPHandler struct {
+	originalHandler     http.Handler
+	originalHandlerFunc tHTTPHandlerFunc
+	isFunc              bool
+	timer               metrics.Timer
+}
+
+var httpTimer metrics.Timer
+
+func newHTTPHandlerFunc(h tHTTPHandlerFunc) *tHTTPHandler {
+	return &tHTTPHandler{
+		isFunc:              true,
+		originalHandlerFunc: h,
+	}
+}
+func newHTTPHandler(h http.Handler) *tHTTPHandler {
+	return &tHTTPHandler{
+		isFunc:          false,
+		originalHandler: h,
+	}
+}
+
+func (handler *tHTTPHandler) ServeHTTP(w http.ResponseWriter, req *http.Request) {
+	startTime := time.Now()
+	defer handler.timer.UpdateSince(startTime)
+
+	if handler.isFunc {
+		handler.originalHandlerFunc(w, req)
+	} else {
+		handler.originalHandler.ServeHTTP(w, req)
+	}
+}
+
+type baseTimerMetrica struct {
+	dataSource metrics.Timer
+	name       string
+	units      string
+}
+
+func (metrica *baseTimerMetrica) GetName() string {
+	return metrica.name
+}
+
+func (metrica *baseTimerMetrica) GetUnits() string {
+	return metrica.units
+}
+
+type timerRate1Metrica struct {
+	*baseTimerMetrica
+}
+
+func (metrica *timerRate1Metrica) GetValue() (float64, error) {
+	return metrica.dataSource.Rate1(), nil
+}
+
+type timerRateMeanMetrica struct {
+	*baseTimerMetrica
+}
+
+func (metrica *timerRateMeanMetrica) GetValue() (float64, error) {
+	return metrica.dataSource.RateMean(), nil
+}
+
+type timerMeanMetrica struct {
+	*baseTimerMetrica
+}
+
+func (metrica *timerMeanMetrica) GetValue() (float64, error) {
+	return metrica.dataSource.Mean() / float64(time.Millisecond), nil
+}
+
+type timerMinMetrica struct {
+	*baseTimerMetrica
+}
+
+func (metrica *timerMinMetrica) GetValue() (float64, error) {
+	return float64(metrica.dataSource.Min()) / float64(time.Millisecond), nil
+}
+
+type timerMaxMetrica struct {
+	*baseTimerMetrica
+}
+
+func (metrica *timerMaxMetrica) GetValue() (float64, error) {
+	return float64(metrica.dataSource.Max()) / float64(time.Millisecond), nil
+}
+
+type timerPercentile75Metrica struct {
+	*baseTimerMetrica
+}
+
+func (metrica *timerPercentile75Metrica) GetValue() (float64, error) {
+	return metrica.dataSource.Percentile(0.75) / float64(time.Millisecond), nil
+}
+
+type timerPercentile90Metrica struct {
+	*baseTimerMetrica
+}
+
+func (metrica *timerPercentile90Metrica) GetValue() (float64, error) {
+	return metrica.dataSource.Percentile(0.90) / float64(time.Millisecond), nil
+}
+
+type timerPercentile95Metrica struct {
+	*baseTimerMetrica
+}
+
+func (metrica *timerPercentile95Metrica) GetValue() (float64, error) {
+	return metrica.dataSource.Percentile(0.95) / float64(time.Millisecond), nil
+}
+
+func addHTTPMericsToComponent(component newrelic_platform_go.IComponent, timer metrics.Timer) {
+	rate1 := &timerRate1Metrica{
+		baseTimerMetrica: &baseTimerMetrica{
+			name:       "http/throughput/1minute",
+			units:      "rps",
+			dataSource: timer,
+		},
+	}
+	component.AddMetrica(rate1)
+
+	rateMean := &timerRateMeanMetrica{
+		baseTimerMetrica: &baseTimerMetrica{
+			name:       "http/throughput/rateMean",
+			units:      "rps",
+			dataSource: timer,
+		},
+	}
+	component.AddMetrica(rateMean)
+
+	responseTimeMean := &timerMeanMetrica{
+		baseTimerMetrica: &baseTimerMetrica{
+			name:       "http/responseTime/mean",
+			units:      "ms",
+			dataSource: timer,
+		},
+	}
+	component.AddMetrica(responseTimeMean)
+
+	responseTimeMax := &timerMaxMetrica{
+		baseTimerMetrica: &baseTimerMetrica{
+			name:       "http/responseTime/max",
+			units:      "ms",
+			dataSource: timer,
+		},
+	}
+	component.AddMetrica(responseTimeMax)
+
+	responseTimeMin := &timerMinMetrica{
+		baseTimerMetrica: &baseTimerMetrica{
+			name:       "http/responseTime/min",
+			units:      "ms",
+			dataSource: timer,
+		},
+	}
+	component.AddMetrica(responseTimeMin)
+
+	responseTimePercentile75 := &timerPercentile75Metrica{
+		baseTimerMetrica: &baseTimerMetrica{
+			name:       "http/responseTime/percentile75",
+			units:      "ms",
+			dataSource: timer,
+		},
+	}
+	component.AddMetrica(responseTimePercentile75)
+
+	responseTimePercentile90 := &timerPercentile90Metrica{
+		baseTimerMetrica: &baseTimerMetrica{
+			name:       "http/responseTime/percentile90",
+			units:      "ms",
+			dataSource: timer,
+		},
+	}
+	component.AddMetrica(responseTimePercentile90)
+
+	responseTimePercentile95 := &timerPercentile95Metrica{
+		baseTimerMetrica: &baseTimerMetrica{
+			name:       "http/responseTime/percentile95",
+			units:      "ms",
+			dataSource: timer,
+		},
+	}
+	component.AddMetrica(responseTimePercentile95)
+}
diff --git a/vendor/github.com/yvasiyarov/gorelic/memory_metrics.go b/vendor/github.com/yvasiyarov/gorelic/memory_metrics.go
new file mode 100644
index 000000000..5c8d3e4ec
--- /dev/null
+++ b/vendor/github.com/yvasiyarov/gorelic/memory_metrics.go
@@ -0,0 +1,110 @@
+package gorelic
+
+import (
+	metrics "github.com/yvasiyarov/go-metrics"
+	"github.com/yvasiyarov/newrelic_platform_go"
+	"time"
+)
+
+func newMemoryMetricaDataSource(pollInterval int) goMetricaDataSource {
+	r := metrics.NewRegistry()
+
+	metrics.RegisterRuntimeMemStats(r)
+	metrics.CaptureRuntimeMemStatsOnce(r)
+	go metrics.CaptureRuntimeMemStats(r, time.Duration(pollInterval)*time.Second)
+	return goMetricaDataSource{r}
+}
+
+func addMemoryMericsToComponent(component newrelic_platform_go.IComponent, pollInterval int) {
+	gaugeMetrics := []*baseGoMetrica{
+		//Memory in use metrics
+		&baseGoMetrica{
+			name:          "InUse/Total",
+			units:         "bytes",
+			dataSourceKey: "runtime.MemStats.Alloc",
+		},
+		&baseGoMetrica{
+			name:          "InUse/Heap",
+			units:         "bytes",
+			dataSourceKey: "runtime.MemStats.HeapAlloc",
+		},
+		&baseGoMetrica{
+			name:          "InUse/Stack",
+			units:         "bytes",
+			dataSourceKey: "runtime.MemStats.StackInuse",
+		},
+		&baseGoMetrica{
+			name:          "InUse/MSpanInuse",
+			units:         "bytes",
+			dataSourceKey: "runtime.MemStats.MSpanInuse",
+		},
+		&baseGoMetrica{
+			name:          "InUse/MCacheInuse",
+			units:         "bytes",
+			dataSourceKey: "runtime.MemStats.MCacheInuse",
+		},
+	}
+	ds := newMemoryMetricaDataSource(pollInterval)
+	for _, m := range gaugeMetrics {
+		m.basePath = "Runtime/Memory/"
+		m.dataSource = ds
+		component.AddMetrica(&gaugeMetrica{m})
+	}
+
+	gaugeIncMetrics := []*baseGoMetrica{
+		//NO operations graph
+		&baseGoMetrica{
+			name:          "Operations/NoPointerLookups",
+			units:         "lookups",
+			dataSourceKey: "runtime.MemStats.Lookups",
+		},
+		&baseGoMetrica{
+			name:          "Operations/NoMallocs",
+			units:         "mallocs",
+			dataSourceKey: "runtime.MemStats.Mallocs",
+		},
+		&baseGoMetrica{
+			name:          "Operations/NoFrees",
+			units:         "frees",
+			dataSourceKey: "runtime.MemStats.Frees",
+		},
+
+		// Sytem memory allocations
+		&baseGoMetrica{
+			name:          "SysMem/Total",
+			units:         "bytes",
+			dataSourceKey: "runtime.MemStats.Sys",
+		},
+		&baseGoMetrica{
+			name:          "SysMem/Heap",
+			units:         "bytes",
+			dataSourceKey: "runtime.MemStats.HeapSys",
+		},
+		&baseGoMetrica{
+			name:          "SysMem/Stack",
+			units:         "bytes",
+			dataSourceKey: "runtime.MemStats.StackSys",
+		},
+		&baseGoMetrica{
+			name:          "SysMem/MSpan",
+			units:         "bytes",
+			dataSourceKey: "runtime.MemStats.MSpanSys",
+		},
+		&baseGoMetrica{
+			name:          "SysMem/MCache",
+			units:         "bytes",
+			dataSourceKey: "runtime.MemStats.MCacheSys",
+		},
+		&baseGoMetrica{
+			name:          "SysMem/BuckHash",
+			units:         "bytes",
+			dataSourceKey: "runtime.MemStats.BuckHashSys",
+		},
+	}
+
+	for _, m := range gaugeIncMetrics {
+		m.basePath = "Runtime/Memory/"
+		m.dataSource = ds
+		component.AddMetrica(&gaugeIncMetrica{baseGoMetrica: m})
+	}
+}
diff --git a/vendor/github.com/yvasiyarov/gorelic/nut.json b/vendor/github.com/yvasiyarov/gorelic/nut.json
new file mode 100644
index 000000000..7abb8ec69
--- /dev/null
+++ b/vendor/github.com/yvasiyarov/gorelic/nut.json
@@ -0,0 +1,15 @@
+{
+  "Version": "0.0.6",
+  "Vendor": "yvasiyarov",
+  "Authors": [
+    {
+      "FullName": "Yuriy Vasiyarov",
+      "Email": "varyous@gmail.com"
+    }
+  ],
+  "ExtraFiles": [
+    "README.md",
+    "LICENSE"
+  ],
+  "Homepage": "https://github.com/yvasiyarov/gorelic"
+}
diff --git a/vendor/github.com/yvasiyarov/gorelic/runtime_metrics.go b/vendor/github.com/yvasiyarov/gorelic/runtime_metrics.go
new file mode 100644
index 000000000..87a42ca69
--- /dev/null
+++ b/vendor/github.com/yvasiyarov/gorelic/runtime_metrics.go
@@ -0,0 +1,196 @@
+package gorelic
+
+import (
+	"fmt"
+	"github.com/yvasiyarov/newrelic_platform_go"
+	"io/ioutil"
+	"os"
+	"runtime"
+	"strconv"
+	"strings"
+	"time"
+)
+
+const linuxSystemQueryInterval = 60
+
+// Number of goroutines metrica
+type noGoroutinesMetrica struct{}
+
+func (metrica *noGoroutinesMetrica) GetName() string {
+	return "Runtime/General/NOGoroutines"
+}
+func (metrica *noGoroutinesMetrica) GetUnits() string {
+	return "goroutines"
+}
+func (metrica *noGoroutinesMetrica) GetValue() (float64, error) {
+	return float64(runtime.NumGoroutine()), nil
+}
+
+// Number of CGO calls metrica
+type noCgoCallsMetrica struct {
+	lastValue int64
+}
+
+func (metrica *noCgoCallsMetrica) GetName() string {
+	return "Runtime/General/NOCgoCalls"
+}
+func (metrica *noCgoCallsMetrica) GetUnits() string {
+	return "calls"
+}
+func (metrica *noCgoCallsMetrica) GetValue() (float64, error) {
+	currentValue := runtime.NumCgoCall()
+	value := float64(currentValue - metrica.lastValue)
+	metrica.lastValue = currentValue
+
+	return value, nil
+}
+
+//OS specific metrics data source interface
+type iSystemMetricaDataSource interface {
+	GetValue(key string) (float64, error)
+}
+
+// iSystemMetricaDataSource fabrica
+func newSystemMetricaDataSource() iSystemMetricaDataSource {
+	var ds iSystemMetricaDataSource
+	switch runtime.GOOS {
+	default:
+		ds = &systemMetricaDataSource{}
+	case "linux":
+		ds = &linuxSystemMetricaDataSource{
+			systemData: make(map[string]string),
+		}
+	}
+	return ds
+}
+
+//Default implementation of iSystemMetricaDataSource. Just return an error
+type systemMetricaDataSource struct{}
+
+func (ds *systemMetricaDataSource) GetValue(key string) (float64, error) {
+	return 0, fmt.Errorf("this metrica was not implemented yet for %s", runtime.GOOS)
+}
+
+// Linux OS implementation of ISystemMetricaDataSource
+type linuxSystemMetricaDataSource struct {
+	lastUpdate time.Time
+	systemData map[string]string
+}
+
+func (ds *linuxSystemMetricaDataSource) GetValue(key string) (float64, error) {
+	if err := ds.checkAndUpdateData(); err != nil {
+		return 0, err
+	} else if val, ok := ds.systemData[key]; !ok {
+		return 0, fmt.Errorf("system data with key %s was not found", key)
+	} else if key == "VmSize" || key == "VmPeak" || key == "VmHWM" || key == "VmRSS" {
+		valueParts := strings.Split(val, " ")
+		if len(valueParts) != 2 {
+			return 0, fmt.Errorf("invalid format for value %s", key)
+		}
+		valConverted, err := strconv.ParseFloat(valueParts[0], 64)
+		if err != nil {
+			return 0, err
+		}
+		switch valueParts[1] {
+		case "kB":
+			valConverted *= 1 << 10
+		case "mB":
+			valConverted *= 1 << 20
+		case "gB":
+			valConverted *= 1 << 30
+		}
+		return valConverted, nil
+	} else if valConverted, err := strconv.ParseFloat(val, 64); err != nil {
+		return valConverted, nil
+	} else {
+		return valConverted, nil
+	}
+}
+func (ds *linuxSystemMetricaDataSource) checkAndUpdateData() error {
+	startTime := time.Now()
+	if startTime.Sub(ds.lastUpdate) > time.Second*linuxSystemQueryInterval {
+		path := fmt.Sprintf("/proc/%d/status", os.Getpid())
+		rawStats, err := ioutil.ReadFile(path)
+		if err != nil {
+			return err
+		}
+
+		lines := strings.Split(string(rawStats), "\n")
+		for _, line := range lines {
+			parts := strings.Split(line, ":")
+			if len(parts) == 2 {
+				k := strings.TrimSpace(parts[0])
+				v := strings.TrimSpace(parts[1])
+
+				ds.systemData[k] = v
+			}
+		}
+		ds.lastUpdate = startTime
+	}
+	return nil
+}
+
+// OS specific metrica
+type systemMetrica struct {
+	sourceKey    string
+	newrelicName string
+	units        string
+	dataSource   iSystemMetricaDataSource
+}
+
+func (metrica *systemMetrica) GetName() string {
+	return metrica.newrelicName
+}
+func (metrica *systemMetrica) GetUnits() string {
+	return metrica.units
+}
+func (metrica *systemMetrica) GetValue() (float64, error) {
+	return metrica.dataSource.GetValue(metrica.sourceKey)
+}
+
+func addRuntimeMericsToComponent(component newrelic_platform_go.IComponent) {
+	component.AddMetrica(&noGoroutinesMetrica{})
+	component.AddMetrica(&noCgoCallsMetrica{})
+
+	ds := newSystemMetricaDataSource()
+	metrics := []*systemMetrica{
+		&systemMetrica{
+			sourceKey:    "Threads",
+			units:        "Threads",
+			newrelicName: "Runtime/System/Threads",
+		},
+		&systemMetrica{
+			sourceKey:    "FDSize",
+			units:        "fd",
+			newrelicName: "Runtime/System/FDSize",
+		},
+		// Peak virtual memory size
+		&systemMetrica{
+			sourceKey:    "VmPeak",
+			units:        "bytes",
+			newrelicName: "Runtime/System/Memory/VmPeakSize",
+		},
+		//Virtual memory size
+		&systemMetrica{
+			sourceKey:    "VmSize",
+			units:        "bytes",
+			newrelicName: "Runtime/System/Memory/VmCurrent",
+		},
+		//Peak resident set size
+		&systemMetrica{
+			sourceKey:    "VmHWM",
+			units:        "bytes",
+			newrelicName: "Runtime/System/Memory/RssPeak",
+		},
+		//Resident set size
+		&systemMetrica{
+			sourceKey:    "VmRSS",
+			units:        "bytes",
+			newrelicName: "Runtime/System/Memory/RssCurrent",
+		},
+	}
+	for _, m := range metrics {
+		m.dataSource = ds
+		component.AddMetrica(m)
+	}
+}
diff --git a/vendor/github.com/yvasiyarov/newrelic_platform_go/.travis.yml b/vendor/github.com/yvasiyarov/newrelic_platform_go/.travis.yml
new file mode 100644
index 000000000..4f2ee4d97
--- /dev/null
+++ b/vendor/github.com/yvasiyarov/newrelic_platform_go/.travis.yml
@@ -0,0 +1 @@
+language: go
diff --git a/vendor/github.com/yvasiyarov/newrelic_platform_go/LICENSE b/vendor/github.com/yvasiyarov/newrelic_platform_go/LICENSE
new file mode 100644
index 000000000..01a9a5c4d
--- /dev/null
+++ b/vendor/github.com/yvasiyarov/newrelic_platform_go/LICENSE
@@ -0,0 +1,24 @@
+Copyright (c) 2013 Yuriy Vasiyarov. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+   * Redistributions of source code must retain the above copyright
+notice, this list of conditions and the following disclaimer.
+   * Redistributions in binary form must reproduce the above
+copyright notice, this list of conditions and the following disclaimer
+in the documentation and/or other materials provided with the
+distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/vendor/github.com/yvasiyarov/newrelic_platform_go/README.md b/vendor/github.com/yvasiyarov/newrelic_platform_go/README.md
new file mode 100644
index 000000000..344623440
--- /dev/null
+++ b/vendor/github.com/yvasiyarov/newrelic_platform_go/README.md
@@ -0,0 +1,11 @@
+New Relic Platform Agent SDK for Go(golang)
+====================
+
+[![Build Status](https://travis-ci.org/yvasiyarov/newrelic_platform_go.png?branch=master)](https://travis-ci.org/yvasiyarov/newrelic_platform_go)
+
+This package provide very simple interface to NewRelic Platform http://newrelic.com/platform
+
+For example of usage see examples/wave_plugin.go
+
+For real-word example, you can have a look at:   
+https://github.com/yvasiyarov/newrelic_sphinx   
diff --git a/vendor/github.com/yvasiyarov/newrelic_platform_go/agent.go b/vendor/github.com/yvasiyarov/newrelic_platform_go/agent.go
new file mode 100644
index 000000000..d9d275354
--- /dev/null
+++ b/vendor/github.com/yvasiyarov/newrelic_platform_go/agent.go
@@ -0,0 +1,27 @@
+package newrelic_platform_go
+
+import (
+	"log"
+	"os"
+)
+
+type Agent struct {
+	Host    string `json:"host"`
+	Version string `json:"version"`
+	Pid     int    `json:"pid"`
+}
+
+func NewAgent(Version string) *Agent {
+	agent := &Agent{
+		Version: Version,
+	}
+	return agent
+}
+
+func (agent *Agent) CollectEnvironmentInfo() {
+	var err error
+	agent.Pid = os.Getpid()
+	if agent.Host, err = os.Hostname(); err != nil {
+		log.Fatalf("Can not get hostname: %#v \n", err)
+	}
+}
diff --git a/vendor/github.com/yvasiyarov/newrelic_platform_go/component.go b/vendor/github.com/yvasiyarov/newrelic_platform_go/component.go
new file mode 100644
index 000000000..000f7ab76
--- /dev/null
+++ b/vendor/github.com/yvasiyarov/newrelic_platform_go/component.go
@@ -0,0 +1,71 @@
+package newrelic_platform_go
+
+import (
+	"log"
+	"math"
+)
+
+type ComponentData interface{}
+type IComponent interface {
+	Harvest(plugin INewrelicPlugin) ComponentData
+	SetDuration(duration int)
+	AddMetrica(model IMetrica)
+	ClearSentData()
+}
+
+type PluginComponent struct {
+	Name          string                  `json:"name"`
+	GUID          string                  `json:"guid"`
+	Duration      int                     `json:"duration"`
+	Metrics       map[string]MetricaValue `json:"metrics"`
+	MetricaModels []IMetrica              `json:"-"`
+}
+
+func NewPluginComponent(name string, guid string) *PluginComponent {
+	c := &PluginComponent{
+		Name: name,
+		GUID: guid,
+	}
+	return c
+}
+
+func (component *PluginComponent) AddMetrica(model IMetrica) {
+	component.MetricaModels = append(component.MetricaModels, model)
+}
+
+func (component *PluginComponent) ClearSentData() {
+	component.Metrics = nil
+}
+
+func (component *PluginComponent) SetDuration(duration int) {
+	component.Duration = duration
+}
+
+func (component *PluginComponent) Harvest(plugin INewrelicPlugin) ComponentData {
+	component.Metrics = make(map[string]MetricaValue, len(component.MetricaModels))
+	for i := 0; i < len(component.MetricaModels); i++ {
+		model := component.MetricaModels[i]
+		metricaKey := plugin.GetMetricaKey(model)
+
+		if newValue, err := model.GetValue(); err == nil {
+		        if math.IsInf(newValue, 0) || math.IsNaN(newValue) {
+                                newValue = 0
+                        }
+
+			if existMetric, ok := component.Metrics[metricaKey]; ok {
+				if floatExistVal, ok := existMetric.(float64); ok {
+					component.Metrics[metricaKey] = NewAggregatedMetricaValue(floatExistVal, newValue)
+				} else if aggregatedValue, ok := existMetric.(*AggregatedMetricaValue); ok {
+					aggregatedValue.Aggregate(newValue)
+				} else {
+					panic("Invalid type in metrica value")
+				}
+			} else {
+				component.Metrics[metricaKey] = newValue
+			}
+		} else {
+			log.Printf("Can not get metrica: %v, got error:%#v", model.GetName(), err)
+		}
+	}
+	return component
+}
diff --git a/vendor/github.com/yvasiyarov/newrelic_platform_go/doc.go b/vendor/github.com/yvasiyarov/newrelic_platform_go/doc.go
new file mode 100644
index 000000000..ef41e9697
--- /dev/null
+++ b/vendor/github.com/yvasiyarov/newrelic_platform_go/doc.go
@@ -0,0 +1,2 @@
+// Package newrelic_platform_go is New Relic Platform Agent SDK for Go language.
+package newrelic_platform_go
diff --git a/vendor/github.com/yvasiyarov/newrelic_platform_go/metrica.go b/vendor/github.com/yvasiyarov/newrelic_platform_go/metrica.go
new file mode 100644
index 000000000..fc4fbd48f
--- /dev/null
+++ b/vendor/github.com/yvasiyarov/newrelic_platform_go/metrica.go
@@ -0,0 +1,42 @@
+package newrelic_platform_go
+
+import (
+	"math"
+)
+
+type IMetrica interface {
+	GetValue() (float64, error)
+	GetName() string
+	GetUnits() string
+}
+
+type MetricaValue interface{}
+
+type SimpleMetricaValue float64
+
+type AggregatedMetricaValue struct {
+	Min          float64 `json:"min"`
+	Max          float64 `json:"max"`
+	Total        float64 `json:"total"`
+	Count        int     `json:"count"`
+	SumOfSquares float64 `json:"sum_of_squares"`
+}
+
+func NewAggregatedMetricaValue(existValue float64, newValue float64) *AggregatedMetricaValue {
+	v := &AggregatedMetricaValue{
+		Min:          math.Min(newValue, existValue),
+		Max:          math.Max(newValue, existValue),
+		Total:        newValue + existValue,
+		Count:        2,
+		SumOfSquares: newValue*newValue + existValue*existValue,
+	}
+	return v
+}
+
+func (aggregatedValue *AggregatedMetricaValue) Aggregate(newValue float64) {
+	aggregatedValue.Min = math.Min(newValue, aggregatedValue.Min)
+	aggregatedValue.Max = math.Max(newValue, aggregatedValue.Max)
+	aggregatedValue.Total += newValue
+	aggregatedValue.Count++
+	aggregatedValue.SumOfSquares += newValue * newValue
+}
diff --git a/vendor/github.com/yvasiyarov/newrelic_platform_go/nut.json b/vendor/github.com/yvasiyarov/newrelic_platform_go/nut.json
new file mode 100644
index 000000000..1e57c3952
--- /dev/null
+++ b/vendor/github.com/yvasiyarov/newrelic_platform_go/nut.json
@@ -0,0 +1,15 @@
+{
+  "Version": "0.0.1",
+  "Vendor": "yvasiyarov",
+  "Authors": [
+    {
+      "FullName": "Yuriy Vasiyarov",
+      "Email": "varyous@gmail.com"
+    }
+  ],
+  "ExtraFiles": [
+    "README.md",
+    "LICENSE"
+  ],
+  "Homepage": "https://github.com/yvasiyarov/newrelic_platform_go"
+}
diff --git a/vendor/github.com/yvasiyarov/newrelic_platform_go/plugin.go b/vendor/github.com/yvasiyarov/newrelic_platform_go/plugin.go
new file mode 100644
index 000000000..3e45666de
--- /dev/null
+++ b/vendor/github.com/yvasiyarov/newrelic_platform_go/plugin.go
@@ -0,0 +1,194 @@
+package newrelic_platform_go
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"log"
+	"net/http"
+	"strings"
+	"time"
+)
+
+const (
+	NEWRELIC_API_URL = "https://platform-api.newrelic.com/platform/v1/metrics"
+)
+
+type INewrelicPlugin interface {
+	GetMetricaKey(metrica IMetrica) string
+	Harvest() error
+	Run()
+	AddComponent(component IComponent)
+}
+type NewrelicPlugin struct {
+	Agent      *Agent          `json:"agent"`
+	Components []ComponentData `json:"components"`
+
+	ComponentModels      []IComponent `json:"-"`
+	LastPollTime         time.Time    `json:"-"`
+	Verbose              bool         `json:"-"`
+	LicenseKey           string       `json:"-"`
+	PollIntervalInSecond int          `json:"-"`
+}
+
+func NewNewrelicPlugin(version string, licenseKey string, pollInterval int) *NewrelicPlugin {
+	plugin := &NewrelicPlugin{
+		LicenseKey:           licenseKey,
+		PollIntervalInSecond: pollInterval,
+	}
+
+	plugin.Agent = NewAgent(version)
+	plugin.Agent.CollectEnvironmentInfo()
+
+	plugin.ComponentModels = []IComponent{}
+	return plugin
+}
+
+func (plugin *NewrelicPlugin) Harvest() error {
+	startTime := time.Now()
+	var duration int
+	if plugin.LastPollTime.IsZero() {
+		duration = plugin.PollIntervalInSecond
+	} else {
+		duration = int(startTime.Sub(plugin.LastPollTime).Seconds())
+	}
+
+	plugin.Components = make([]ComponentData, 0, len(plugin.ComponentModels))
+	for i := 0; i < len(plugin.ComponentModels); i++ {
+		plugin.ComponentModels[i].SetDuration(duration)
+		plugin.Components = append(plugin.Components, plugin.ComponentModels[i].Harvest(plugin))
+	}
+
+	if httpCode, err := plugin.SendMetricas(); err != nil {
+		log.Printf("Can not send metricas to newrelic: %#v\n", err)
+		return err
+	} else {
+
+		if plugin.Verbose {
+			log.Printf("Got HTTP response code:%d", httpCode)
+		}
+
+		if err, isFatal := plugin.CheckResponse(httpCode); isFatal {		
+			log.Printf("Got fatal error:%v\n", err)
+			return err
+		} else {
+			if err != nil {
+				log.Printf("WARNING: %v", err)
+			}
+			return err
+		}
+	}
+	return nil
+}
+
+func (plugin *NewrelicPlugin) GetMetricaKey(metrica IMetrica) string {
+	var keyBuffer bytes.Buffer
+
+	keyBuffer.WriteString("Component/")
+	keyBuffer.WriteString(metrica.GetName())
+	keyBuffer.WriteString("[")
+	keyBuffer.WriteString(metrica.GetUnits())
+	keyBuffer.WriteString("]")
+
+	return keyBuffer.String()
+}
+
+func (plugin *NewrelicPlugin) SendMetricas() (int, error) {
+	client := &http.Client{}
+	var metricasJson []byte
+	var encodingError error
+
+	if plugin.Verbose {
+		metricasJson, encodingError = json.MarshalIndent(plugin, "", "    ")
+	} else {
+		metricasJson, encodingError = json.Marshal(plugin)
+	}
+
+	if encodingError != nil {
+		return 0, encodingError
+	}
+
+	jsonAsString := string(metricasJson)
+	if plugin.Verbose {
+		log.Printf("Send data:%s \n", jsonAsString)
+	}
+
+	if httpRequest, err := http.NewRequest("POST", NEWRELIC_API_URL, strings.NewReader(jsonAsString)); err != nil {
+		return 0, err
+	} else {
+		httpRequest.Header.Set("X-License-Key", plugin.LicenseKey)
+		httpRequest.Header.Set("Content-Type", "application/json")
+		httpRequest.Header.Set("Accept", "application/json")
+
+		if httpResponse, err := client.Do(httpRequest); err != nil {
+			return 0, err
+		} else {
+			defer httpResponse.Body.Close()
+			return httpResponse.StatusCode, nil
+		}
+	}
+
+	// we will never get there
+	return 0, nil
+}
+
+func (plugin *NewrelicPlugin) ClearSentData() {
+	for _, component := range plugin.ComponentModels {
+		component.ClearSentData()
+	}
+	plugin.Components = nil
+	plugin.LastPollTime = time.Now()
+}
+
+func (plugin *NewrelicPlugin) CheckResponse(httpResponseCode int) (error, bool) {
+	isFatal := false
+	var err error
+	switch httpResponseCode {
+	case http.StatusOK:
+		{
+			plugin.ClearSentData()
+		}
+	case http.StatusForbidden:
+		{
+			err = fmt.Errorf("Authentication error (no license key header, or invalid license key).\n")
+			isFatal = true
+		}
+	case http.StatusBadRequest:
+		{
+			err = fmt.Errorf("The request or headers are in the wrong format or the URL is incorrect.\n")
+			isFatal = true
+		}
+	case http.StatusNotFound:
+		{
+			err = fmt.Errorf("Invalid URL\n")
+			isFatal = true
+		}
+	case http.StatusRequestEntityTooLarge:
+		{
+			err = fmt.Errorf("Too many metrics were sent in one request, or too many components (instances) were specified in one request, or other single-request limits were reached.\n")
+			//discard metrics
+			plugin.ClearSentData()
+		}
+	case http.StatusInternalServerError, http.StatusBadGateway, http.StatusServiceUnavailable, http.StatusGatewayTimeout:
+		{
+			err = fmt.Errorf("Got %v response code.Metricas will be aggregated", httpResponseCode)
+		}
+	}
+	return err, isFatal
+}
+
+func (plugin *NewrelicPlugin) Run() {
+	plugin.Harvest()
+	tickerChannel := time.Tick(time.Duration(plugin.PollIntervalInSecond) * time.Second)
+	for ts := range tickerChannel {
+		plugin.Harvest()
+
+		if plugin.Verbose {
+			log.Printf("Harvest ended at:%v\n", ts)
+		}
+	}
+}
+
+func (plugin *NewrelicPlugin) AddComponent(component IComponent) {
+	plugin.ComponentModels = append(plugin.ComponentModels, component)
+}
diff --git a/vendor/google.golang.org/api/googleapi/googleapi.go b/vendor/google.golang.org/api/googleapi/googleapi.go
new file mode 100644
index 000000000..b5e38c662
--- /dev/null
+++ b/vendor/google.golang.org/api/googleapi/googleapi.go
@@ -0,0 +1,480 @@
+// Copyright 2011 Google LLC. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package googleapi contains the common code shared by all Google API
+// libraries.
+package googleapi // import "google.golang.org/api/googleapi"
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"io"
+	"net/http"
+	"net/url"
+	"strings"
+	"time"
+
+	"google.golang.org/api/internal/third_party/uritemplates"
+)
+
+// ContentTyper is an interface for Readers which know (or would like
+// to override) their Content-Type. If a media body doesn't implement
+// ContentTyper, the type is sniffed from the content using
+// http.DetectContentType.
+type ContentTyper interface {
+	ContentType() string
+}
+
+// A SizeReaderAt is a ReaderAt with a Size method.
+// An io.SectionReader implements SizeReaderAt.
+type SizeReaderAt interface {
+	io.ReaderAt
+	Size() int64
+}
+
+// ServerResponse is embedded in each Do response and
+// provides the HTTP status code and header sent by the server.
+type ServerResponse struct {
+	// HTTPStatusCode is the server's response status code. When using a
+	// resource method's Do call, this will always be in the 2xx range.
+	HTTPStatusCode int
+	// Header contains the response header fields from the server.
+	Header http.Header
+}
+
+const (
+	// Version defines the gax version being used. This is typically sent
+	// in an HTTP header to services.
+	Version = "0.5"
+
+	// UserAgent is the header string used to identify this package.
+	UserAgent = "google-api-go-client/" + Version
+
+	// DefaultUploadChunkSize is the default chunk size to use for resumable
+	// uploads if not specified by the user.
+	DefaultUploadChunkSize = 16 * 1024 * 1024
+
+	// MinUploadChunkSize is the minimum chunk size that can be used for
+	// resumable uploads.  All user-specified chunk sizes must be multiple of
+	// this value.
+	MinUploadChunkSize = 256 * 1024
+)
+
+// Error contains an error response from the server.
+type Error struct {
+	// Code is the HTTP response status code and will always be populated.
+	Code int `json:"code"`
+	// Message is the server response message and is only populated when
+	// explicitly referenced by the JSON server response.
+	Message string `json:"message"`
+	// Details provide more context to an error.
+	Details []interface{} `json:"details"`
+	// Body is the raw response returned by the server.
+	// It is often but not always JSON, depending on how the request fails.
+	Body string
+	// Header contains the response header fields from the server.
+	Header http.Header
+
+	Errors []ErrorItem
+	// err is typically a wrapped apierror.APIError, see
+	// google-api-go-client/internal/gensupport/error.go.
+	err error
+}
+
+// ErrorItem is a detailed error code & message from the Google API frontend.
+type ErrorItem struct {
+	// Reason is the typed error code. For example: "some_example".
+	Reason string `json:"reason"`
+	// Message is the human-readable description of the error.
+	Message string `json:"message"`
+}
+
+func (e *Error) Error() string {
+	if len(e.Errors) == 0 && e.Message == "" {
+		return fmt.Sprintf("googleapi: got HTTP response code %d with body: %v", e.Code, e.Body)
+	}
+	var buf bytes.Buffer
+	fmt.Fprintf(&buf, "googleapi: Error %d: ", e.Code)
+	if e.Message != "" {
+		fmt.Fprintf(&buf, "%s", e.Message)
+	}
+	if len(e.Details) > 0 {
+		var detailBuf bytes.Buffer
+		enc := json.NewEncoder(&detailBuf)
+		enc.SetIndent("", "  ")
+		if err := enc.Encode(e.Details); err == nil {
+			fmt.Fprint(&buf, "\nDetails:")
+			fmt.Fprintf(&buf, "\n%s", detailBuf.String())
+
+		}
+	}
+	if len(e.Errors) == 0 {
+		return strings.TrimSpace(buf.String())
+	}
+	if len(e.Errors) == 1 && e.Errors[0].Message == e.Message {
+		fmt.Fprintf(&buf, ", %s", e.Errors[0].Reason)
+		return buf.String()
+	}
+	fmt.Fprintln(&buf, "\nMore details:")
+	for _, v := range e.Errors {
+		fmt.Fprintf(&buf, "Reason: %s, Message: %s\n", v.Reason, v.Message)
+	}
+	return buf.String()
+}
+
+// Wrap allows an existing Error to wrap another error. See also [Error.Unwrap].
+func (e *Error) Wrap(err error) {
+	e.err = err
+}
+
+func (e *Error) Unwrap() error {
+	return e.err
+}
+
+type errorReply struct {
+	Error *Error `json:"error"`
+}
+
+// CheckResponse returns an error (of type *Error) if the response
+// status code is not 2xx.
+func CheckResponse(res *http.Response) error {
+	if res.StatusCode >= 200 && res.StatusCode <= 299 {
+		return nil
+	}
+	slurp, err := io.ReadAll(res.Body)
+	if err == nil {
+		jerr := new(errorReply)
+		err = json.Unmarshal(slurp, jerr)
+		if err == nil && jerr.Error != nil {
+			if jerr.Error.Code == 0 {
+				jerr.Error.Code = res.StatusCode
+			}
+			jerr.Error.Body = string(slurp)
+			jerr.Error.Header = res.Header
+			return jerr.Error
+		}
+	}
+	return &Error{
+		Code:   res.StatusCode,
+		Body:   string(slurp),
+		Header: res.Header,
+	}
+}
+
+// IsNotModified reports whether err is the result of the
+// server replying with http.StatusNotModified.
+// Such error values are sometimes returned by "Do" methods
+// on calls when If-None-Match is used.
+func IsNotModified(err error) bool {
+	if err == nil {
+		return false
+	}
+	ae, ok := err.(*Error)
+	return ok && ae.Code == http.StatusNotModified
+}
+
+// CheckMediaResponse returns an error (of type *Error) if the response
+// status code is not 2xx. Unlike CheckResponse it does not assume the
+// body is a JSON error document.
+// It is the caller's responsibility to close res.Body.
+func CheckMediaResponse(res *http.Response) error {
+	if res.StatusCode >= 200 && res.StatusCode <= 299 {
+		return nil
+	}
+	slurp, _ := io.ReadAll(io.LimitReader(res.Body, 1<<20))
+	return &Error{
+		Code:   res.StatusCode,
+		Body:   string(slurp),
+		Header: res.Header,
+	}
+}
+
+// MarshalStyle defines whether to marshal JSON with a {"data": ...} wrapper.
+type MarshalStyle bool
+
+// WithDataWrapper marshals JSON with a {"data": ...} wrapper.
+var WithDataWrapper = MarshalStyle(true)
+
+// WithoutDataWrapper marshals JSON without a {"data": ...} wrapper.
+var WithoutDataWrapper = MarshalStyle(false)
+
+func (wrap MarshalStyle) JSONReader(v interface{}) (io.Reader, error) {
+	buf := new(bytes.Buffer)
+	if wrap {
+		buf.Write([]byte(`{"data": `))
+	}
+	err := json.NewEncoder(buf).Encode(v)
+	if err != nil {
+		return nil, err
+	}
+	if wrap {
+		buf.Write([]byte(`}`))
+	}
+	return buf, nil
+}
+
+// ProgressUpdater is a function that is called upon every progress update of a resumable upload.
+// This is the only part of a resumable upload (from googleapi) that is usable by the developer.
+// The remaining usable pieces of resumable uploads is exposed in each auto-generated API.
+type ProgressUpdater func(current, total int64)
+
+// MediaOption defines the interface for setting media options.
+type MediaOption interface {
+	setOptions(o *MediaOptions)
+}
+
+type contentTypeOption string
+
+func (ct contentTypeOption) setOptions(o *MediaOptions) {
+	o.ContentType = string(ct)
+	if o.ContentType == "" {
+		o.ForceEmptyContentType = true
+	}
+}
+
+// ContentType returns a MediaOption which sets the Content-Type header for media uploads.
+// If ctype is empty, the Content-Type header will be omitted.
+func ContentType(ctype string) MediaOption {
+	return contentTypeOption(ctype)
+}
+
+type chunkSizeOption int
+
+func (cs chunkSizeOption) setOptions(o *MediaOptions) {
+	size := int(cs)
+	if size%MinUploadChunkSize != 0 {
+		size += MinUploadChunkSize - (size % MinUploadChunkSize)
+	}
+	o.ChunkSize = size
+}
+
+// ChunkSize returns a MediaOption which sets the chunk size for media uploads.
+// size will be rounded up to the nearest multiple of 256K.
+// Media which contains fewer than size bytes will be uploaded in a single request.
+// Media which contains size bytes or more will be uploaded in separate chunks.
+// If size is zero, media will be uploaded in a single request.
+func ChunkSize(size int) MediaOption {
+	return chunkSizeOption(size)
+}
+
+type chunkRetryDeadlineOption time.Duration
+
+func (cd chunkRetryDeadlineOption) setOptions(o *MediaOptions) {
+	o.ChunkRetryDeadline = time.Duration(cd)
+}
+
+// ChunkRetryDeadline returns a MediaOption which sets a per-chunk retry
+// deadline. If a single chunk has been attempting to upload for longer than
+// this time and the request fails, it will no longer be retried, and the error
+// will be returned to the caller.
+// This is only applicable for files which are large enough to require
+// a multi-chunk resumable upload.
+// The default value is 32s.
+// To set a deadline on the entire upload, use context timeout or cancellation.
+func ChunkRetryDeadline(deadline time.Duration) MediaOption {
+	return chunkRetryDeadlineOption(deadline)
+}
+
+// MediaOptions stores options for customizing media upload.  It is not used by developers directly.
+type MediaOptions struct {
+	ContentType           string
+	ForceEmptyContentType bool
+	ChunkSize             int
+	ChunkRetryDeadline    time.Duration
+}
+
+// ProcessMediaOptions stores options from opts in a MediaOptions.
+// It is not used by developers directly.
+func ProcessMediaOptions(opts []MediaOption) *MediaOptions {
+	mo := &MediaOptions{ChunkSize: DefaultUploadChunkSize}
+	for _, o := range opts {
+		o.setOptions(mo)
+	}
+	return mo
+}
+
+// ResolveRelative resolves relatives such as "http://www.golang.org/" and
+// "topics/myproject/mytopic" into a single string, such as
+// "http://www.golang.org/topics/myproject/mytopic". It strips all parent
+// references (e.g. ../..) as well as anything after the host
+// (e.g. /bar/gaz gets stripped out of foo.com/bar/gaz).
+//
+// ResolveRelative panics if either basestr or relstr is not able to be parsed.
+func ResolveRelative(basestr, relstr string) string {
+	u, err := url.Parse(basestr)
+	if err != nil {
+		panic(fmt.Sprintf("failed to parse %q", basestr))
+	}
+	afterColonPath := ""
+	if i := strings.IndexRune(relstr, ':'); i > 0 {
+		afterColonPath = relstr[i+1:]
+		relstr = relstr[:i]
+	}
+	rel, err := url.Parse(relstr)
+	if err != nil {
+		panic(fmt.Sprintf("failed to parse %q", relstr))
+	}
+	u = u.ResolveReference(rel)
+	us := u.String()
+	if afterColonPath != "" {
+		us = fmt.Sprintf("%s:%s", us, afterColonPath)
+	}
+	us = strings.Replace(us, "%7B", "{", -1)
+	us = strings.Replace(us, "%7D", "}", -1)
+	us = strings.Replace(us, "%2A", "*", -1)
+	return us
+}
+
+// Expand subsitutes any {encoded} strings in the URL passed in using
+// the map supplied.
+//
+// This calls SetOpaque to avoid encoding of the parameters in the URL path.
+func Expand(u *url.URL, expansions map[string]string) {
+	escaped, unescaped, err := uritemplates.Expand(u.Path, expansions)
+	if err == nil {
+		u.Path = unescaped
+		u.RawPath = escaped
+	}
+}
+
+// CloseBody is used to close res.Body.
+// Prior to calling Close, it also tries to Read a small amount to see an EOF.
+// Not seeing an EOF can prevent HTTP Transports from reusing connections.
+func CloseBody(res *http.Response) {
+	if res == nil || res.Body == nil {
+		return
+	}
+	// Justification for 3 byte reads: two for up to "\r\n" after
+	// a JSON/XML document, and then 1 to see EOF if we haven't yet.
+	// TODO(bradfitz): detect Go 1.3+ and skip these reads.
+	// See https://codereview.appspot.com/58240043
+	// and https://codereview.appspot.com/49570044
+	buf := make([]byte, 1)
+	for i := 0; i < 3; i++ {
+		_, err := res.Body.Read(buf)
+		if err != nil {
+			break
+		}
+	}
+	res.Body.Close()
+
+}
+
+// VariantType returns the type name of the given variant.
+// If the map doesn't contain the named key or the value is not a []interface{}, "" is returned.
+// This is used to support "variant" APIs that can return one of a number of different types.
+func VariantType(t map[string]interface{}) string {
+	s, _ := t["type"].(string)
+	return s
+}
+
+// ConvertVariant uses the JSON encoder/decoder to fill in the struct 'dst' with the fields found in variant 'v'.
+// This is used to support "variant" APIs that can return one of a number of different types.
+// It reports whether the conversion was successful.
+func ConvertVariant(v map[string]interface{}, dst interface{}) bool {
+	var buf bytes.Buffer
+	err := json.NewEncoder(&buf).Encode(v)
+	if err != nil {
+		return false
+	}
+	return json.Unmarshal(buf.Bytes(), dst) == nil
+}
+
+// A Field names a field to be retrieved with a partial response.
+// https://cloud.google.com/storage/docs/json_api/v1/how-tos/performance
+//
+// Partial responses can dramatically reduce the amount of data that must be sent to your application.
+// In order to request partial responses, you can specify the full list of fields
+// that your application needs by adding the Fields option to your request.
+//
+// Field strings use camelCase with leading lower-case characters to identify fields within the response.
+//
+// For example, if your response has a "NextPageToken" and a slice of "Items" with "Id" fields,
+// you could request just those fields like this:
+//
+//	svc.Events.List().Fields("nextPageToken", "items/id").Do()
+//
+// or if you were also interested in each Item's "Updated" field, you can combine them like this:
+//
+//	svc.Events.List().Fields("nextPageToken", "items(id,updated)").Do()
+//
+// Another way to find field names is through the Google API explorer:
+// https://developers.google.com/apis-explorer/#p/
+type Field string
+
+// CombineFields combines fields into a single string.
+func CombineFields(s []Field) string {
+	r := make([]string, len(s))
+	for i, v := range s {
+		r[i] = string(v)
+	}
+	return strings.Join(r, ",")
+}
+
+// A CallOption is an optional argument to an API call.
+// It should be treated as an opaque value by users of Google APIs.
+//
+// A CallOption is something that configures an API call in a way that is
+// not specific to that API; for instance, controlling the quota user for
+// an API call is common across many APIs, and is thus a CallOption.
+type CallOption interface {
+	Get() (key, value string)
+}
+
+// A MultiCallOption is an option argument to an API call and can be passed
+// anywhere a CallOption is accepted. It additionally supports returning a slice
+// of values for a given key.
+type MultiCallOption interface {
+	CallOption
+	GetMulti() (key string, value []string)
+}
+
+// QuotaUser returns a CallOption that will set the quota user for a call.
+// The quota user can be used by server-side applications to control accounting.
+// It can be an arbitrary string up to 40 characters, and will override UserIP
+// if both are provided.
+func QuotaUser(u string) CallOption { return quotaUser(u) }
+
+type quotaUser string
+
+func (q quotaUser) Get() (string, string) { return "quotaUser", string(q) }
+
+// UserIP returns a CallOption that will set the "userIp" parameter of a call.
+// This should be the IP address of the originating request.
+func UserIP(ip string) CallOption { return userIP(ip) }
+
+type userIP string
+
+func (i userIP) Get() (string, string) { return "userIp", string(i) }
+
+// Trace returns a CallOption that enables diagnostic tracing for a call.
+// traceToken is an ID supplied by Google support.
+func Trace(traceToken string) CallOption { return traceTok(traceToken) }
+
+type traceTok string
+
+func (t traceTok) Get() (string, string) { return "trace", "token:" + string(t) }
+
+type queryParameter struct {
+	key    string
+	values []string
+}
+
+// QueryParameter allows setting the value(s) of an arbitrary key.
+func QueryParameter(key string, values ...string) CallOption {
+	return queryParameter{key: key, values: append([]string{}, values...)}
+}
+
+// Get will never actually be called -- GetMulti will.
+func (q queryParameter) Get() (string, string) {
+	return "", ""
+}
+
+// GetMulti returns the key and values values associated to that key.
+func (q queryParameter) GetMulti() (string, []string) {
+	return q.key, q.values
+}
+
+// TODO: Fields too
diff --git a/vendor/google.golang.org/api/googleapi/types.go b/vendor/google.golang.org/api/googleapi/types.go
new file mode 100644
index 000000000..fabf74d50
--- /dev/null
+++ b/vendor/google.golang.org/api/googleapi/types.go
@@ -0,0 +1,202 @@
+// Copyright 2013 Google LLC. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package googleapi
+
+import (
+	"encoding/json"
+	"errors"
+	"strconv"
+)
+
+// Int64s is a slice of int64s that marshal as quoted strings in JSON.
+type Int64s []int64
+
+func (q *Int64s) UnmarshalJSON(raw []byte) error {
+	*q = (*q)[:0]
+	var ss []string
+	if err := json.Unmarshal(raw, &ss); err != nil {
+		return err
+	}
+	for _, s := range ss {
+		v, err := strconv.ParseInt(s, 10, 64)
+		if err != nil {
+			return err
+		}
+		*q = append(*q, int64(v))
+	}
+	return nil
+}
+
+// Int32s is a slice of int32s that marshal as quoted strings in JSON.
+type Int32s []int32
+
+func (q *Int32s) UnmarshalJSON(raw []byte) error {
+	*q = (*q)[:0]
+	var ss []string
+	if err := json.Unmarshal(raw, &ss); err != nil {
+		return err
+	}
+	for _, s := range ss {
+		v, err := strconv.ParseInt(s, 10, 32)
+		if err != nil {
+			return err
+		}
+		*q = append(*q, int32(v))
+	}
+	return nil
+}
+
+// Uint64s is a slice of uint64s that marshal as quoted strings in JSON.
+type Uint64s []uint64
+
+func (q *Uint64s) UnmarshalJSON(raw []byte) error {
+	*q = (*q)[:0]
+	var ss []string
+	if err := json.Unmarshal(raw, &ss); err != nil {
+		return err
+	}
+	for _, s := range ss {
+		v, err := strconv.ParseUint(s, 10, 64)
+		if err != nil {
+			return err
+		}
+		*q = append(*q, uint64(v))
+	}
+	return nil
+}
+
+// Uint32s is a slice of uint32s that marshal as quoted strings in JSON.
+type Uint32s []uint32
+
+func (q *Uint32s) UnmarshalJSON(raw []byte) error {
+	*q = (*q)[:0]
+	var ss []string
+	if err := json.Unmarshal(raw, &ss); err != nil {
+		return err
+	}
+	for _, s := range ss {
+		v, err := strconv.ParseUint(s, 10, 32)
+		if err != nil {
+			return err
+		}
+		*q = append(*q, uint32(v))
+	}
+	return nil
+}
+
+// Float64s is a slice of float64s that marshal as quoted strings in JSON.
+type Float64s []float64
+
+func (q *Float64s) UnmarshalJSON(raw []byte) error {
+	*q = (*q)[:0]
+	var ss []string
+	if err := json.Unmarshal(raw, &ss); err != nil {
+		return err
+	}
+	for _, s := range ss {
+		v, err := strconv.ParseFloat(s, 64)
+		if err != nil {
+			return err
+		}
+		*q = append(*q, float64(v))
+	}
+	return nil
+}
+
+func quotedList(n int, fn func(dst []byte, i int) []byte) ([]byte, error) {
+	dst := make([]byte, 0, 2+n*10) // somewhat arbitrary
+	dst = append(dst, '[')
+	for i := 0; i < n; i++ {
+		if i > 0 {
+			dst = append(dst, ',')
+		}
+		dst = append(dst, '"')
+		dst = fn(dst, i)
+		dst = append(dst, '"')
+	}
+	dst = append(dst, ']')
+	return dst, nil
+}
+
+func (q Int64s) MarshalJSON() ([]byte, error) {
+	return quotedList(len(q), func(dst []byte, i int) []byte {
+		return strconv.AppendInt(dst, q[i], 10)
+	})
+}
+
+func (q Int32s) MarshalJSON() ([]byte, error) {
+	return quotedList(len(q), func(dst []byte, i int) []byte {
+		return strconv.AppendInt(dst, int64(q[i]), 10)
+	})
+}
+
+func (q Uint64s) MarshalJSON() ([]byte, error) {
+	return quotedList(len(q), func(dst []byte, i int) []byte {
+		return strconv.AppendUint(dst, q[i], 10)
+	})
+}
+
+func (q Uint32s) MarshalJSON() ([]byte, error) {
+	return quotedList(len(q), func(dst []byte, i int) []byte {
+		return strconv.AppendUint(dst, uint64(q[i]), 10)
+	})
+}
+
+func (q Float64s) MarshalJSON() ([]byte, error) {
+	return quotedList(len(q), func(dst []byte, i int) []byte {
+		return strconv.AppendFloat(dst, q[i], 'g', -1, 64)
+	})
+}
+
+// RawMessage is a raw encoded JSON value.
+// It is identical to json.RawMessage, except it does not suffer from
+// https://golang.org/issue/14493.
+type RawMessage []byte
+
+// MarshalJSON returns m.
+func (m RawMessage) MarshalJSON() ([]byte, error) {
+	return m, nil
+}
+
+// UnmarshalJSON sets *m to a copy of data.
+func (m *RawMessage) UnmarshalJSON(data []byte) error {
+	if m == nil {
+		return errors.New("googleapi.RawMessage: UnmarshalJSON on nil pointer")
+	}
+	*m = append((*m)[:0], data...)
+	return nil
+}
+
+/*
+ * Helper routines for simplifying the creation of optional fields of basic type.
+ */
+
+// Bool is a helper routine that allocates a new bool value
+// to store v and returns a pointer to it.
+func Bool(v bool) *bool { return &v }
+
+// Int32 is a helper routine that allocates a new int32 value
+// to store v and returns a pointer to it.
+func Int32(v int32) *int32 { return &v }
+
+// Int64 is a helper routine that allocates a new int64 value
+// to store v and returns a pointer to it.
+func Int64(v int64) *int64 { return &v }
+
+// Float64 is a helper routine that allocates a new float64 value
+// to store v and returns a pointer to it.
+func Float64(v float64) *float64 { return &v }
+
+// Uint32 is a helper routine that allocates a new uint32 value
+// to store v and returns a pointer to it.
+func Uint32(v uint32) *uint32 { return &v }
+
+// Uint64 is a helper routine that allocates a new uint64 value
+// to store v and returns a pointer to it.
+func Uint64(v uint64) *uint64 { return &v }
+
+// String is a helper routine that allocates a new string value
+// to store v and returns a pointer to it.
+func String(v string) *string { return &v }
diff --git a/vendor/google.golang.org/api/internal/gensupport/buffer.go b/vendor/google.golang.org/api/internal/gensupport/buffer.go
new file mode 100644
index 000000000..3d0817ede
--- /dev/null
+++ b/vendor/google.golang.org/api/internal/gensupport/buffer.go
@@ -0,0 +1,79 @@
+// Copyright 2016 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package gensupport
+
+import (
+	"bytes"
+	"io"
+
+	"google.golang.org/api/googleapi"
+)
+
+// MediaBuffer buffers data from an io.Reader to support uploading media in
+// retryable chunks. It should be created with NewMediaBuffer.
+type MediaBuffer struct {
+	media io.Reader
+
+	chunk []byte // The current chunk which is pending upload.  The capacity is the chunk size.
+	err   error  // Any error generated when populating chunk by reading media.
+
+	// The absolute position of chunk in the underlying media.
+	off int64
+}
+
+// NewMediaBuffer initializes a MediaBuffer.
+func NewMediaBuffer(media io.Reader, chunkSize int) *MediaBuffer {
+	return &MediaBuffer{media: media, chunk: make([]byte, 0, chunkSize)}
+}
+
+// Chunk returns the current buffered chunk, the offset in the underlying media
+// from which the chunk is drawn, and the size of the chunk.
+// Successive calls to Chunk return the same chunk between calls to Next.
+func (mb *MediaBuffer) Chunk() (chunk io.Reader, off int64, size int, err error) {
+	// There may already be data in chunk if Next has not been called since the previous call to Chunk.
+	if mb.err == nil && len(mb.chunk) == 0 {
+		mb.err = mb.loadChunk()
+	}
+	return bytes.NewReader(mb.chunk), mb.off, len(mb.chunk), mb.err
+}
+
+// loadChunk will read from media into chunk, up to the capacity of chunk.
+func (mb *MediaBuffer) loadChunk() error {
+	bufSize := cap(mb.chunk)
+	mb.chunk = mb.chunk[:bufSize]
+
+	read := 0
+	var err error
+	for err == nil && read < bufSize {
+		var n int
+		n, err = mb.media.Read(mb.chunk[read:])
+		read += n
+	}
+	mb.chunk = mb.chunk[:read]
+	return err
+}
+
+// Next advances to the next chunk, which will be returned by the next call to Chunk.
+// Calls to Next without a corresponding prior call to Chunk will have no effect.
+func (mb *MediaBuffer) Next() {
+	mb.off += int64(len(mb.chunk))
+	mb.chunk = mb.chunk[0:0]
+}
+
+type readerTyper struct {
+	io.Reader
+	googleapi.ContentTyper
+}
+
+// ReaderAtToReader adapts a ReaderAt to be used as a Reader.
+// If ra implements googleapi.ContentTyper, then the returned reader
+// will also implement googleapi.ContentTyper, delegating to ra.
+func ReaderAtToReader(ra io.ReaderAt, size int64) io.Reader {
+	r := io.NewSectionReader(ra, 0, size)
+	if typer, ok := ra.(googleapi.ContentTyper); ok {
+		return readerTyper{r, typer}
+	}
+	return r
+}
diff --git a/vendor/google.golang.org/api/internal/gensupport/doc.go b/vendor/google.golang.org/api/internal/gensupport/doc.go
new file mode 100644
index 000000000..752c4b411
--- /dev/null
+++ b/vendor/google.golang.org/api/internal/gensupport/doc.go
@@ -0,0 +1,10 @@
+// Copyright 2016 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package gensupport is an internal implementation detail used by code
+// generated by the google-api-go-generator tool.
+//
+// This package may be modified at any time without regard for backwards
+// compatibility. It should not be used directly by API users.
+package gensupport
diff --git a/vendor/google.golang.org/api/internal/gensupport/error.go b/vendor/google.golang.org/api/internal/gensupport/error.go
new file mode 100644
index 000000000..886c6532b
--- /dev/null
+++ b/vendor/google.golang.org/api/internal/gensupport/error.go
@@ -0,0 +1,24 @@
+// Copyright 2022 Google LLC. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package gensupport
+
+import (
+	"errors"
+
+	"github.com/googleapis/gax-go/v2/apierror"
+	"google.golang.org/api/googleapi"
+)
+
+// WrapError creates an [apierror.APIError] from err, wraps it in err, and
+// returns err. If err is not a [googleapi.Error] (or a
+// [google.golang.org/grpc/status.Status]), it returns err without modification.
+func WrapError(err error) error {
+	var herr *googleapi.Error
+	apiError, ok := apierror.ParseError(err, false)
+	if ok && errors.As(err, &herr) {
+		herr.Wrap(apiError)
+	}
+	return err
+}
diff --git a/vendor/google.golang.org/api/internal/gensupport/json.go b/vendor/google.golang.org/api/internal/gensupport/json.go
new file mode 100644
index 000000000..eab49a11e
--- /dev/null
+++ b/vendor/google.golang.org/api/internal/gensupport/json.go
@@ -0,0 +1,236 @@
+// Copyright 2015 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package gensupport
+
+import (
+	"encoding/json"
+	"fmt"
+	"reflect"
+	"strings"
+)
+
+// MarshalJSON returns a JSON encoding of schema containing only selected fields.
+// A field is selected if any of the following is true:
+//   - it has a non-empty value
+//   - its field name is present in forceSendFields and it is not a nil pointer or nil interface
+//   - its field name is present in nullFields.
+//
+// The JSON key for each selected field is taken from the field's json: struct tag.
+func MarshalJSON(schema interface{}, forceSendFields, nullFields []string) ([]byte, error) {
+	if len(forceSendFields) == 0 && len(nullFields) == 0 {
+		return json.Marshal(schema)
+	}
+
+	mustInclude := make(map[string]bool)
+	for _, f := range forceSendFields {
+		mustInclude[f] = true
+	}
+	useNull := make(map[string]bool)
+	useNullMaps := make(map[string]map[string]bool)
+	for _, nf := range nullFields {
+		parts := strings.SplitN(nf, ".", 2)
+		field := parts[0]
+		if len(parts) == 1 {
+			useNull[field] = true
+		} else {
+			if useNullMaps[field] == nil {
+				useNullMaps[field] = map[string]bool{}
+			}
+			useNullMaps[field][parts[1]] = true
+		}
+	}
+
+	dataMap, err := schemaToMap(schema, mustInclude, useNull, useNullMaps)
+	if err != nil {
+		return nil, err
+	}
+	return json.Marshal(dataMap)
+}
+
+func schemaToMap(schema interface{}, mustInclude, useNull map[string]bool, useNullMaps map[string]map[string]bool) (map[string]interface{}, error) {
+	m := make(map[string]interface{})
+	s := reflect.ValueOf(schema)
+	st := s.Type()
+
+	for i := 0; i < s.NumField(); i++ {
+		jsonTag := st.Field(i).Tag.Get("json")
+		if jsonTag == "" {
+			continue
+		}
+		tag, err := parseJSONTag(jsonTag)
+		if err != nil {
+			return nil, err
+		}
+		if tag.ignore {
+			continue
+		}
+
+		v := s.Field(i)
+		f := st.Field(i)
+
+		if useNull[f.Name] {
+			if !isEmptyValue(v) {
+				return nil, fmt.Errorf("field %q in NullFields has non-empty value", f.Name)
+			}
+			m[tag.apiName] = nil
+			continue
+		}
+
+		if !includeField(v, f, mustInclude) {
+			continue
+		}
+
+		// If map fields are explicitly set to null, use a map[string]interface{}.
+		if f.Type.Kind() == reflect.Map && useNullMaps[f.Name] != nil {
+			ms, ok := v.Interface().(map[string]string)
+			if !ok {
+				mi, err := initMapSlow(v, f.Name, useNullMaps)
+				if err != nil {
+					return nil, err
+				}
+				m[tag.apiName] = mi
+				continue
+			}
+			mi := map[string]interface{}{}
+			for k, v := range ms {
+				mi[k] = v
+			}
+			for k := range useNullMaps[f.Name] {
+				mi[k] = nil
+			}
+			m[tag.apiName] = mi
+			continue
+		}
+
+		// nil maps are treated as empty maps.
+		if f.Type.Kind() == reflect.Map && v.IsNil() {
+			m[tag.apiName] = map[string]string{}
+			continue
+		}
+
+		// nil slices are treated as empty slices.
+		if f.Type.Kind() == reflect.Slice && v.IsNil() {
+			m[tag.apiName] = []bool{}
+			continue
+		}
+
+		if tag.stringFormat {
+			m[tag.apiName] = formatAsString(v, f.Type.Kind())
+		} else {
+			m[tag.apiName] = v.Interface()
+		}
+	}
+	return m, nil
+}
+
+// initMapSlow uses reflection to build up a map object. This is slower than
+// the default behavior so it should be used only as a fallback.
+func initMapSlow(rv reflect.Value, fieldName string, useNullMaps map[string]map[string]bool) (map[string]interface{}, error) {
+	mi := map[string]interface{}{}
+	iter := rv.MapRange()
+	for iter.Next() {
+		k, ok := iter.Key().Interface().(string)
+		if !ok {
+			return nil, fmt.Errorf("field %q has keys in NullFields but is not a map[string]any", fieldName)
+		}
+		v := iter.Value().Interface()
+		mi[k] = v
+	}
+	for k := range useNullMaps[fieldName] {
+		mi[k] = nil
+	}
+	return mi, nil
+}
+
+// formatAsString returns a string representation of v, dereferencing it first if possible.
+func formatAsString(v reflect.Value, kind reflect.Kind) string {
+	if kind == reflect.Ptr && !v.IsNil() {
+		v = v.Elem()
+	}
+
+	return fmt.Sprintf("%v", v.Interface())
+}
+
+// jsonTag represents a restricted version of the struct tag format used by encoding/json.
+// It is used to describe the JSON encoding of fields in a Schema struct.
+type jsonTag struct {
+	apiName      string
+	stringFormat bool
+	ignore       bool
+}
+
+// parseJSONTag parses a restricted version of the struct tag format used by encoding/json.
+// The format of the tag must match that generated by the Schema.writeSchemaStruct method
+// in the api generator.
+func parseJSONTag(val string) (jsonTag, error) {
+	if val == "-" {
+		return jsonTag{ignore: true}, nil
+	}
+
+	var tag jsonTag
+
+	i := strings.Index(val, ",")
+	if i == -1 || val[:i] == "" {
+		return tag, fmt.Errorf("malformed json tag: %s", val)
+	}
+
+	tag = jsonTag{
+		apiName: val[:i],
+	}
+
+	switch val[i+1:] {
+	case "omitempty":
+	case "omitempty,string":
+		tag.stringFormat = true
+	default:
+		return tag, fmt.Errorf("malformed json tag: %s", val)
+	}
+
+	return tag, nil
+}
+
+// Reports whether the struct field "f" with value "v" should be included in JSON output.
+func includeField(v reflect.Value, f reflect.StructField, mustInclude map[string]bool) bool {
+	// The regular JSON encoding of a nil pointer is "null", which means "delete this field".
+	// Therefore, we could enable field deletion by honoring pointer fields' presence in the mustInclude set.
+	// However, many fields are not pointers, so there would be no way to delete these fields.
+	// Rather than partially supporting field deletion, we ignore mustInclude for nil pointer fields.
+	// Deletion will be handled by a separate mechanism.
+	if f.Type.Kind() == reflect.Ptr && v.IsNil() {
+		return false
+	}
+
+	// The "any" type is represented as an interface{}.  If this interface
+	// is nil, there is no reasonable representation to send.  We ignore
+	// these fields, for the same reasons as given above for pointers.
+	if f.Type.Kind() == reflect.Interface && v.IsNil() {
+		return false
+	}
+
+	return mustInclude[f.Name] || !isEmptyValue(v)
+}
+
+// isEmptyValue reports whether v is the empty value for its type.  This
+// implementation is based on that of the encoding/json package, but its
+// correctness does not depend on it being identical. What's important is that
+// this function return false in situations where v should not be sent as part
+// of a PATCH operation.
+func isEmptyValue(v reflect.Value) bool {
+	switch v.Kind() {
+	case reflect.Array, reflect.Map, reflect.Slice, reflect.String:
+		return v.Len() == 0
+	case reflect.Bool:
+		return !v.Bool()
+	case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64:
+		return v.Int() == 0
+	case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr:
+		return v.Uint() == 0
+	case reflect.Float32, reflect.Float64:
+		return v.Float() == 0
+	case reflect.Interface, reflect.Ptr:
+		return v.IsNil()
+	}
+	return false
+}
diff --git a/vendor/google.golang.org/api/internal/gensupport/jsonfloat.go b/vendor/google.golang.org/api/internal/gensupport/jsonfloat.go
new file mode 100644
index 000000000..13c2f9302
--- /dev/null
+++ b/vendor/google.golang.org/api/internal/gensupport/jsonfloat.go
@@ -0,0 +1,47 @@
+// Copyright 2016 Google LLC.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package gensupport
+
+import (
+	"encoding/json"
+	"errors"
+	"fmt"
+	"math"
+)
+
+// JSONFloat64 is a float64 that supports proper unmarshaling of special float
+// values in JSON, according to
+// https://developers.google.com/protocol-buffers/docs/proto3#json. Although
+// that is a proto-to-JSON spec, it applies to all Google APIs.
+//
+// The jsonpb package
+// (https://github.com/golang/protobuf/blob/master/jsonpb/jsonpb.go) has
+// similar functionality, but only for direct translation from proto messages
+// to JSON.
+type JSONFloat64 float64
+
+func (f *JSONFloat64) UnmarshalJSON(data []byte) error {
+	var ff float64
+	if err := json.Unmarshal(data, &ff); err == nil {
+		*f = JSONFloat64(ff)
+		return nil
+	}
+	var s string
+	if err := json.Unmarshal(data, &s); err == nil {
+		switch s {
+		case "NaN":
+			ff = math.NaN()
+		case "Infinity":
+			ff = math.Inf(1)
+		case "-Infinity":
+			ff = math.Inf(-1)
+		default:
+			return fmt.Errorf("google.golang.org/api/internal: bad float string %q", s)
+		}
+		*f = JSONFloat64(ff)
+		return nil
+	}
+	return errors.New("google.golang.org/api/internal: data not float or string")
+}
diff --git a/vendor/google.golang.org/api/internal/gensupport/media.go b/vendor/google.golang.org/api/internal/gensupport/media.go
new file mode 100644
index 000000000..c048a5708
--- /dev/null
+++ b/vendor/google.golang.org/api/internal/gensupport/media.go
@@ -0,0 +1,311 @@
+// Copyright 2016 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package gensupport
+
+import (
+	"bytes"
+	"fmt"
+	"io"
+	"mime"
+	"mime/multipart"
+	"net/http"
+	"net/textproto"
+	"strings"
+	"sync"
+	"time"
+
+	gax "github.com/googleapis/gax-go/v2"
+	"google.golang.org/api/googleapi"
+)
+
+type typeReader struct {
+	io.Reader
+	typ string
+}
+
+// multipartReader combines the contents of multiple readers to create a multipart/related HTTP body.
+// Close must be called if reads from the multipartReader are abandoned before reaching EOF.
+type multipartReader struct {
+	pr       *io.PipeReader
+	ctype    string
+	mu       sync.Mutex
+	pipeOpen bool
+}
+
+// boundary optionally specifies the MIME boundary
+func newMultipartReader(parts []typeReader, boundary string) *multipartReader {
+	mp := &multipartReader{pipeOpen: true}
+	var pw *io.PipeWriter
+	mp.pr, pw = io.Pipe()
+	mpw := multipart.NewWriter(pw)
+	if boundary != "" {
+		mpw.SetBoundary(boundary)
+	}
+	mp.ctype = "multipart/related; boundary=" + mpw.Boundary()
+	go func() {
+		for _, part := range parts {
+			w, err := mpw.CreatePart(typeHeader(part.typ))
+			if err != nil {
+				mpw.Close()
+				pw.CloseWithError(fmt.Errorf("googleapi: CreatePart failed: %v", err))
+				return
+			}
+			_, err = io.Copy(w, part.Reader)
+			if err != nil {
+				mpw.Close()
+				pw.CloseWithError(fmt.Errorf("googleapi: Copy failed: %v", err))
+				return
+			}
+		}
+
+		mpw.Close()
+		pw.Close()
+	}()
+	return mp
+}
+
+func (mp *multipartReader) Read(data []byte) (n int, err error) {
+	return mp.pr.Read(data)
+}
+
+func (mp *multipartReader) Close() error {
+	mp.mu.Lock()
+	if !mp.pipeOpen {
+		mp.mu.Unlock()
+		return nil
+	}
+	mp.pipeOpen = false
+	mp.mu.Unlock()
+	return mp.pr.Close()
+}
+
+// CombineBodyMedia combines a json body with media content to create a multipart/related HTTP body.
+// It returns a ReadCloser containing the combined body, and the overall "multipart/related" content type, with random boundary.
+//
+// The caller must call Close on the returned ReadCloser if reads are abandoned before reaching EOF.
+func CombineBodyMedia(body io.Reader, bodyContentType string, media io.Reader, mediaContentType string) (io.ReadCloser, string) {
+	return combineBodyMedia(body, bodyContentType, media, mediaContentType, "")
+}
+
+// combineBodyMedia is CombineBodyMedia but with an optional mimeBoundary field.
+func combineBodyMedia(body io.Reader, bodyContentType string, media io.Reader, mediaContentType, mimeBoundary string) (io.ReadCloser, string) {
+	mp := newMultipartReader([]typeReader{
+		{body, bodyContentType},
+		{media, mediaContentType},
+	}, mimeBoundary)
+	return mp, mp.ctype
+}
+
+func typeHeader(contentType string) textproto.MIMEHeader {
+	h := make(textproto.MIMEHeader)
+	if contentType != "" {
+		h.Set("Content-Type", contentType)
+	}
+	return h
+}
+
+// PrepareUpload determines whether the data in the supplied reader should be
+// uploaded in a single request, or in sequential chunks.
+// chunkSize is the size of the chunk that media should be split into.
+//
+// If chunkSize is zero, media is returned as the first value, and the other
+// two return values are nil, true.
+//
+// Otherwise, a MediaBuffer is returned, along with a bool indicating whether the
+// contents of media fit in a single chunk.
+//
+// After PrepareUpload has been called, media should no longer be used: the
+// media content should be accessed via one of the return values.
+func PrepareUpload(media io.Reader, chunkSize int) (r io.Reader, mb *MediaBuffer, singleChunk bool) {
+	if chunkSize == 0 { // do not chunk
+		return media, nil, true
+	}
+	mb = NewMediaBuffer(media, chunkSize)
+	_, _, _, err := mb.Chunk()
+	// If err is io.EOF, we can upload this in a single request. Otherwise, err is
+	// either nil or a non-EOF error. If it is the latter, then the next call to
+	// mb.Chunk will return the same error. Returning a MediaBuffer ensures that this
+	// error will be handled at some point.
+	return nil, mb, err == io.EOF
+}
+
+// MediaInfo holds information for media uploads. It is intended for use by generated
+// code only.
+type MediaInfo struct {
+	// At most one of Media and MediaBuffer will be set.
+	media              io.Reader
+	buffer             *MediaBuffer
+	singleChunk        bool
+	mType              string
+	size               int64 // mediaSize, if known.  Used only for calls to progressUpdater_.
+	progressUpdater    googleapi.ProgressUpdater
+	chunkRetryDeadline time.Duration
+}
+
+// NewInfoFromMedia should be invoked from the Media method of a call. It returns a
+// MediaInfo populated with chunk size and content type, and a reader or MediaBuffer
+// if needed.
+func NewInfoFromMedia(r io.Reader, options []googleapi.MediaOption) *MediaInfo {
+	mi := &MediaInfo{}
+	opts := googleapi.ProcessMediaOptions(options)
+	if !opts.ForceEmptyContentType {
+		mi.mType = opts.ContentType
+		if mi.mType == "" {
+			r, mi.mType = gax.DetermineContentType(r)
+		}
+	}
+	mi.chunkRetryDeadline = opts.ChunkRetryDeadline
+	mi.media, mi.buffer, mi.singleChunk = PrepareUpload(r, opts.ChunkSize)
+	return mi
+}
+
+// NewInfoFromResumableMedia should be invoked from the ResumableMedia method of a
+// call. It returns a MediaInfo using the given reader, size and media type.
+func NewInfoFromResumableMedia(r io.ReaderAt, size int64, mediaType string) *MediaInfo {
+	rdr := ReaderAtToReader(r, size)
+	mType := mediaType
+	if mType == "" {
+		rdr, mType = gax.DetermineContentType(rdr)
+	}
+
+	return &MediaInfo{
+		size:        size,
+		mType:       mType,
+		buffer:      NewMediaBuffer(rdr, googleapi.DefaultUploadChunkSize),
+		media:       nil,
+		singleChunk: false,
+	}
+}
+
+// SetProgressUpdater sets the progress updater for the media info.
+func (mi *MediaInfo) SetProgressUpdater(pu googleapi.ProgressUpdater) {
+	if mi != nil {
+		mi.progressUpdater = pu
+	}
+}
+
+// UploadType determines the type of upload: a single request, or a resumable
+// series of requests.
+func (mi *MediaInfo) UploadType() string {
+	if mi.singleChunk {
+		return "multipart"
+	}
+	return "resumable"
+}
+
+// UploadRequest sets up an HTTP request for media upload. It adds headers
+// as necessary, and returns a replacement for the body and a function for http.Request.GetBody.
+func (mi *MediaInfo) UploadRequest(reqHeaders http.Header, body io.Reader) (newBody io.Reader, getBody func() (io.ReadCloser, error), cleanup func()) {
+	cleanup = func() {}
+	if mi == nil {
+		return body, nil, cleanup
+	}
+	var media io.Reader
+	if mi.media != nil {
+		// This only happens when the caller has turned off chunking. In that
+		// case, we write all of media in a single non-retryable request.
+		media = mi.media
+	} else if mi.singleChunk {
+		// The data fits in a single chunk, which has now been read into the MediaBuffer.
+		// We obtain that chunk so we can write it in a single request. The request can
+		// be retried because the data is stored in the MediaBuffer.
+		media, _, _, _ = mi.buffer.Chunk()
+	}
+	toCleanup := []io.Closer{}
+	if media != nil {
+		fb := readerFunc(body)
+		fm := readerFunc(media)
+		combined, ctype := CombineBodyMedia(body, "application/json", media, mi.mType)
+		toCleanup = append(toCleanup, combined)
+		if fb != nil && fm != nil {
+			getBody = func() (io.ReadCloser, error) {
+				rb := io.NopCloser(fb())
+				rm := io.NopCloser(fm())
+				var mimeBoundary string
+				if _, params, err := mime.ParseMediaType(ctype); err == nil {
+					mimeBoundary = params["boundary"]
+				}
+				r, _ := combineBodyMedia(rb, "application/json", rm, mi.mType, mimeBoundary)
+				toCleanup = append(toCleanup, r)
+				return r, nil
+			}
+		}
+		reqHeaders.Set("Content-Type", ctype)
+		body = combined
+	}
+	if mi.buffer != nil && mi.mType != "" && !mi.singleChunk {
+		// This happens when initiating a resumable upload session.
+		// The initial request contains a JSON body rather than media.
+		// It can be retried with a getBody function that re-creates the request body.
+		fb := readerFunc(body)
+		if fb != nil {
+			getBody = func() (io.ReadCloser, error) {
+				rb := io.NopCloser(fb())
+				toCleanup = append(toCleanup, rb)
+				return rb, nil
+			}
+		}
+		reqHeaders.Set("X-Upload-Content-Type", mi.mType)
+	}
+	// Ensure that any bodies created in getBody are cleaned up.
+	cleanup = func() {
+		for _, closer := range toCleanup {
+			_ = closer.Close()
+		}
+
+	}
+	return body, getBody, cleanup
+}
+
+// readerFunc returns a function that always returns an io.Reader that has the same
+// contents as r, provided that can be done without consuming r. Otherwise, it
+// returns nil.
+// See http.NewRequest (in net/http/request.go).
+func readerFunc(r io.Reader) func() io.Reader {
+	switch r := r.(type) {
+	case *bytes.Buffer:
+		buf := r.Bytes()
+		return func() io.Reader { return bytes.NewReader(buf) }
+	case *bytes.Reader:
+		snapshot := *r
+		return func() io.Reader { r := snapshot; return &r }
+	case *strings.Reader:
+		snapshot := *r
+		return func() io.Reader { r := snapshot; return &r }
+	default:
+		return nil
+	}
+}
+
+// ResumableUpload returns an appropriately configured ResumableUpload value if the
+// upload is resumable, or nil otherwise.
+func (mi *MediaInfo) ResumableUpload(locURI string) *ResumableUpload {
+	if mi == nil || mi.singleChunk {
+		return nil
+	}
+	return &ResumableUpload{
+		URI:       locURI,
+		Media:     mi.buffer,
+		MediaType: mi.mType,
+		Callback: func(curr int64) {
+			if mi.progressUpdater != nil {
+				mi.progressUpdater(curr, mi.size)
+			}
+		},
+		ChunkRetryDeadline: mi.chunkRetryDeadline,
+	}
+}
+
+// SetGetBody sets the GetBody field of req to f. This was once needed
+// to gracefully support Go 1.7 and earlier which didn't have that
+// field.
+//
+// Deprecated: the code generator no longer uses this as of
+// 2019-02-19. Nothing else should be calling this anyway, but we
+// won't delete this immediately; it will be deleted in as early as 6
+// months.
+func SetGetBody(req *http.Request, f func() (io.ReadCloser, error)) {
+	req.GetBody = f
+}
diff --git a/vendor/google.golang.org/api/internal/gensupport/params.go b/vendor/google.golang.org/api/internal/gensupport/params.go
new file mode 100644
index 000000000..1a30d2ca2
--- /dev/null
+++ b/vendor/google.golang.org/api/internal/gensupport/params.go
@@ -0,0 +1,57 @@
+// Copyright 2015 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package gensupport
+
+import (
+	"net/url"
+
+	"google.golang.org/api/googleapi"
+)
+
+// URLParams is a simplified replacement for url.Values
+// that safely builds up URL parameters for encoding.
+type URLParams map[string][]string
+
+// Get returns the first value for the given key, or "".
+func (u URLParams) Get(key string) string {
+	vs := u[key]
+	if len(vs) == 0 {
+		return ""
+	}
+	return vs[0]
+}
+
+// Set sets the key to value.
+// It replaces any existing values.
+func (u URLParams) Set(key, value string) {
+	u[key] = []string{value}
+}
+
+// SetMulti sets the key to an array of values.
+// It replaces any existing values.
+// Note that values must not be modified after calling SetMulti
+// so the caller is responsible for making a copy if necessary.
+func (u URLParams) SetMulti(key string, values []string) {
+	u[key] = values
+}
+
+// Encode encodes the values into “URL encoded” form
+// ("bar=baz&foo=quux") sorted by key.
+func (u URLParams) Encode() string {
+	return url.Values(u).Encode()
+}
+
+// SetOptions sets the URL params and any additional `CallOption` or
+// `MultiCallOption` passed in.
+func SetOptions(u URLParams, opts ...googleapi.CallOption) {
+	for _, o := range opts {
+		m, ok := o.(googleapi.MultiCallOption)
+		if ok {
+			u.SetMulti(m.GetMulti())
+			continue
+		}
+		u.Set(o.Get())
+	}
+}
diff --git a/vendor/google.golang.org/api/internal/gensupport/resumable.go b/vendor/google.golang.org/api/internal/gensupport/resumable.go
new file mode 100644
index 000000000..08e7aacef
--- /dev/null
+++ b/vendor/google.golang.org/api/internal/gensupport/resumable.go
@@ -0,0 +1,269 @@
+// Copyright 2016 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package gensupport
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"io"
+	"net/http"
+	"strings"
+	"sync"
+	"time"
+
+	"github.com/google/uuid"
+	"google.golang.org/api/internal"
+)
+
+// ResumableUpload is used by the generated APIs to provide resumable uploads.
+// It is not used by developers directly.
+type ResumableUpload struct {
+	Client *http.Client
+	// URI is the resumable resource destination provided by the server after specifying "&uploadType=resumable".
+	URI       string
+	UserAgent string // User-Agent for header of the request
+	// Media is the object being uploaded.
+	Media *MediaBuffer
+	// MediaType defines the media type, e.g. "image/jpeg".
+	MediaType string
+
+	mu       sync.Mutex // guards progress
+	progress int64      // number of bytes uploaded so far
+
+	// Callback is an optional function that will be periodically called with the cumulative number of bytes uploaded.
+	Callback func(int64)
+
+	// Retry optionally configures retries for requests made against the upload.
+	Retry *RetryConfig
+
+	// ChunkRetryDeadline configures the per-chunk deadline after which no further
+	// retries should happen.
+	ChunkRetryDeadline time.Duration
+
+	// Track current request invocation ID and attempt count for retry metrics
+	// and idempotency headers.
+	invocationID string
+	attempts     int
+}
+
+// Progress returns the number of bytes uploaded at this point.
+func (rx *ResumableUpload) Progress() int64 {
+	rx.mu.Lock()
+	defer rx.mu.Unlock()
+	return rx.progress
+}
+
+// doUploadRequest performs a single HTTP request to upload data.
+// off specifies the offset in rx.Media from which data is drawn.
+// size is the number of bytes in data.
+// final specifies whether data is the final chunk to be uploaded.
+func (rx *ResumableUpload) doUploadRequest(ctx context.Context, data io.Reader, off, size int64, final bool) (*http.Response, error) {
+	req, err := http.NewRequest("POST", rx.URI, data)
+	if err != nil {
+		return nil, err
+	}
+
+	req.ContentLength = size
+	var contentRange string
+	if final {
+		if size == 0 {
+			contentRange = fmt.Sprintf("bytes */%v", off)
+		} else {
+			contentRange = fmt.Sprintf("bytes %v-%v/%v", off, off+size-1, off+size)
+		}
+	} else {
+		contentRange = fmt.Sprintf("bytes %v-%v/*", off, off+size-1)
+	}
+	req.Header.Set("Content-Range", contentRange)
+	req.Header.Set("Content-Type", rx.MediaType)
+	req.Header.Set("User-Agent", rx.UserAgent)
+
+	// TODO(b/274504690): Consider dropping gccl-invocation-id key since it
+	// duplicates the X-Goog-Gcs-Idempotency-Token header (added in v0.115.0).
+	baseXGoogHeader := "gl-go/" + GoVersion() + " gdcl/" + internal.Version
+	invocationHeader := fmt.Sprintf("gccl-invocation-id/%s gccl-attempt-count/%d", rx.invocationID, rx.attempts)
+	req.Header.Set("X-Goog-Api-Client", strings.Join([]string{baseXGoogHeader, invocationHeader}, " "))
+
+	// Set idempotency token header which is used by GCS uploads.
+	req.Header.Set("X-Goog-Gcs-Idempotency-Token", rx.invocationID)
+
+	// Google's upload endpoint uses status code 308 for a
+	// different purpose than the "308 Permanent Redirect"
+	// since-standardized in RFC 7238. Because of the conflict in
+	// semantics, Google added this new request header which
+	// causes it to not use "308" and instead reply with 200 OK
+	// and sets the upload-specific "X-HTTP-Status-Code-Override:
+	// 308" response header.
+	req.Header.Set("X-GUploader-No-308", "yes")
+
+	return SendRequest(ctx, rx.Client, req)
+}
+
+func statusResumeIncomplete(resp *http.Response) bool {
+	// This is how the server signals "status resume incomplete"
+	// when X-GUploader-No-308 is set to "yes":
+	return resp != nil && resp.Header.Get("X-Http-Status-Code-Override") == "308"
+}
+
+// reportProgress calls a user-supplied callback to report upload progress.
+// If old==updated, the callback is not called.
+func (rx *ResumableUpload) reportProgress(old, updated int64) {
+	if updated-old == 0 {
+		return
+	}
+	rx.mu.Lock()
+	rx.progress = updated
+	rx.mu.Unlock()
+	if rx.Callback != nil {
+		rx.Callback(updated)
+	}
+}
+
+// transferChunk performs a single HTTP request to upload a single chunk from rx.Media.
+func (rx *ResumableUpload) transferChunk(ctx context.Context) (*http.Response, error) {
+	chunk, off, size, err := rx.Media.Chunk()
+
+	done := err == io.EOF
+	if !done && err != nil {
+		return nil, err
+	}
+
+	res, err := rx.doUploadRequest(ctx, chunk, off, int64(size), done)
+	if err != nil {
+		return res, err
+	}
+
+	// We sent "X-GUploader-No-308: yes" (see comment elsewhere in
+	// this file), so we don't expect to get a 308.
+	if res.StatusCode == 308 {
+		return nil, errors.New("unexpected 308 response status code")
+	}
+
+	if res.StatusCode == http.StatusOK {
+		rx.reportProgress(off, off+int64(size))
+	}
+
+	if statusResumeIncomplete(res) {
+		rx.Media.Next()
+	}
+	return res, nil
+}
+
+// Upload starts the process of a resumable upload with a cancellable context.
+// It retries using the provided back off strategy until cancelled or the
+// strategy indicates to stop retrying.
+// It is called from the auto-generated API code and is not visible to the user.
+// Before sending an HTTP request, Upload calls any registered hook functions,
+// and calls the returned functions after the request returns (see send.go).
+// rx is private to the auto-generated API code.
+// Exactly one of resp or err will be nil.  If resp is non-nil, the caller must call resp.Body.Close.
+func (rx *ResumableUpload) Upload(ctx context.Context) (resp *http.Response, err error) {
+
+	// There are a couple of cases where it's possible for err and resp to both
+	// be non-nil. However, we expose a simpler contract to our callers: exactly
+	// one of resp and err will be non-nil. This means that any response body
+	// must be closed here before returning a non-nil error.
+	var prepareReturn = func(resp *http.Response, err error) (*http.Response, error) {
+		if err != nil {
+			if resp != nil && resp.Body != nil {
+				resp.Body.Close()
+			}
+			return nil, err
+		}
+		// This case is very unlikely but possible only if rx.ChunkRetryDeadline is
+		// set to a very small value, in which case no requests will be sent before
+		// the deadline. Return an error to avoid causing a panic.
+		if resp == nil {
+			return nil, fmt.Errorf("upload request to %v not sent, choose larger value for ChunkRetryDealine", rx.URI)
+		}
+		return resp, nil
+	}
+	// Configure retryable error criteria.
+	errorFunc := rx.Retry.errorFunc()
+
+	// Configure per-chunk retry deadline.
+	var retryDeadline time.Duration
+	if rx.ChunkRetryDeadline != 0 {
+		retryDeadline = rx.ChunkRetryDeadline
+	} else {
+		retryDeadline = defaultRetryDeadline
+	}
+
+	// Send all chunks.
+	for {
+		var pause time.Duration
+
+		// Each chunk gets its own initialized-at-zero backoff and invocation ID.
+		bo := rx.Retry.backoff()
+		quitAfterTimer := time.NewTimer(retryDeadline)
+		rx.attempts = 1
+		rx.invocationID = uuid.New().String()
+
+		// Retry loop for a single chunk.
+		for {
+			pauseTimer := time.NewTimer(pause)
+			select {
+			case <-ctx.Done():
+				quitAfterTimer.Stop()
+				pauseTimer.Stop()
+				if err == nil {
+					err = ctx.Err()
+				}
+				return prepareReturn(resp, err)
+			case <-pauseTimer.C:
+			case <-quitAfterTimer.C:
+				pauseTimer.Stop()
+				return prepareReturn(resp, err)
+			}
+			pauseTimer.Stop()
+
+			// Check for context cancellation or timeout once more. If more than one
+			// case in the select statement above was satisfied at the same time, Go
+			// will choose one arbitrarily.
+			// That can cause an operation to go through even if the context was
+			// canceled before or the timeout was reached.
+			select {
+			case <-ctx.Done():
+				quitAfterTimer.Stop()
+				if err == nil {
+					err = ctx.Err()
+				}
+				return prepareReturn(resp, err)
+			case <-quitAfterTimer.C:
+				return prepareReturn(resp, err)
+			default:
+			}
+
+			resp, err = rx.transferChunk(ctx)
+
+			var status int
+			if resp != nil {
+				status = resp.StatusCode
+			}
+
+			// Check if we should retry the request.
+			if !errorFunc(status, err) {
+				quitAfterTimer.Stop()
+				break
+			}
+
+			rx.attempts++
+			pause = bo.Pause()
+			if resp != nil && resp.Body != nil {
+				resp.Body.Close()
+			}
+		}
+
+		// If the chunk was uploaded successfully, but there's still
+		// more to go, upload the next chunk without any delay.
+		if statusResumeIncomplete(resp) {
+			resp.Body.Close()
+			continue
+		}
+
+		return prepareReturn(resp, err)
+	}
+}
diff --git a/vendor/google.golang.org/api/internal/gensupport/retry.go b/vendor/google.golang.org/api/internal/gensupport/retry.go
new file mode 100644
index 000000000..20b57d925
--- /dev/null
+++ b/vendor/google.golang.org/api/internal/gensupport/retry.go
@@ -0,0 +1,121 @@
+// Copyright 2021 Google LLC.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package gensupport
+
+import (
+	"errors"
+	"io"
+	"net"
+	"strings"
+	"time"
+
+	"github.com/googleapis/gax-go/v2"
+	"google.golang.org/api/googleapi"
+)
+
+// Backoff is an interface around gax.Backoff's Pause method, allowing tests to provide their
+// own implementation.
+type Backoff interface {
+	Pause() time.Duration
+}
+
+// These are declared as global variables so that tests can overwrite them.
+var (
+	// Default per-chunk deadline for resumable uploads.
+	defaultRetryDeadline = 32 * time.Second
+	// Default backoff timer.
+	backoff = func() Backoff {
+		return &gax.Backoff{Initial: 100 * time.Millisecond}
+	}
+	// syscallRetryable is a platform-specific hook, specified in retryable_linux.go
+	syscallRetryable func(error) bool = func(err error) bool { return false }
+)
+
+const (
+	// statusTooManyRequests is returned by the storage API if the
+	// per-project limits have been temporarily exceeded. The request
+	// should be retried.
+	// https://cloud.google.com/storage/docs/json_api/v1/status-codes#standardcodes
+	statusTooManyRequests = 429
+
+	// statusRequestTimeout is returned by the storage API if the
+	// upload connection was broken. The request should be retried.
+	statusRequestTimeout = 408
+)
+
+// shouldRetry indicates whether an error is retryable for the purposes of this
+// package, unless a ShouldRetry func is specified by the RetryConfig instead.
+// It follows guidance from
+// https://cloud.google.com/storage/docs/exponential-backoff .
+func shouldRetry(status int, err error) bool {
+	if 500 <= status && status <= 599 {
+		return true
+	}
+	if status == statusTooManyRequests || status == statusRequestTimeout {
+		return true
+	}
+	if err == io.ErrUnexpectedEOF {
+		return true
+	}
+	// Transient network errors should be retried.
+	if syscallRetryable(err) {
+		return true
+	}
+	if err, ok := err.(interface{ Temporary() bool }); ok {
+		if err.Temporary() {
+			return true
+		}
+	}
+	var opErr *net.OpError
+	if errors.As(err, &opErr) {
+		if strings.Contains(opErr.Error(), "use of closed network connection") {
+			// TODO: check against net.ErrClosed (go 1.16+) instead of string
+			return true
+		}
+	}
+
+	// If Go 1.13 error unwrapping is available, use this to examine wrapped
+	// errors.
+	if err, ok := err.(interface{ Unwrap() error }); ok {
+		return shouldRetry(status, err.Unwrap())
+	}
+	return false
+}
+
+// RetryConfig allows configuration of backoff timing and retryable errors.
+type RetryConfig struct {
+	Backoff     *gax.Backoff
+	ShouldRetry func(err error) bool
+}
+
+// Get a new backoff object based on the configured values.
+func (r *RetryConfig) backoff() Backoff {
+	if r == nil || r.Backoff == nil {
+		return backoff()
+	}
+	return &gax.Backoff{
+		Initial:    r.Backoff.Initial,
+		Max:        r.Backoff.Max,
+		Multiplier: r.Backoff.Multiplier,
+	}
+}
+
+// This is kind of hacky; it is necessary because ShouldRetry expects to
+// handle HTTP errors via googleapi.Error, but the error has not yet been
+// wrapped with a googleapi.Error at this layer, and the ErrorFunc type
+// in the manual layer does not pass in a status explicitly as it does
+// here. So, we must wrap error status codes in a googleapi.Error so that
+// ShouldRetry can parse this correctly.
+func (r *RetryConfig) errorFunc() func(status int, err error) bool {
+	if r == nil || r.ShouldRetry == nil {
+		return shouldRetry
+	}
+	return func(status int, err error) bool {
+		if status >= 400 {
+			return r.ShouldRetry(&googleapi.Error{Code: status})
+		}
+		return r.ShouldRetry(err)
+	}
+}
diff --git a/vendor/google.golang.org/api/internal/gensupport/retryable_linux.go b/vendor/google.golang.org/api/internal/gensupport/retryable_linux.go
new file mode 100644
index 000000000..a916c3da2
--- /dev/null
+++ b/vendor/google.golang.org/api/internal/gensupport/retryable_linux.go
@@ -0,0 +1,16 @@
+// Copyright 2020 Google LLC.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build linux
+// +build linux
+
+package gensupport
+
+import "syscall"
+
+func init() {
+	// Initialize syscallRetryable to return true on transient socket-level
+	// errors. These errors are specific to Linux.
+	syscallRetryable = func(err error) bool { return err == syscall.ECONNRESET || err == syscall.ECONNREFUSED }
+}
diff --git a/vendor/google.golang.org/api/internal/gensupport/send.go b/vendor/google.golang.org/api/internal/gensupport/send.go
new file mode 100644
index 000000000..693a1b1ab
--- /dev/null
+++ b/vendor/google.golang.org/api/internal/gensupport/send.go
@@ -0,0 +1,185 @@
+// Copyright 2016 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package gensupport
+
+import (
+	"context"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"net/http"
+	"strings"
+	"time"
+
+	"github.com/google/uuid"
+	"github.com/googleapis/gax-go/v2"
+)
+
+// Use this error type to return an error which allows introspection of both
+// the context error and the error from the service.
+type wrappedCallErr struct {
+	ctxErr     error
+	wrappedErr error
+}
+
+func (e wrappedCallErr) Error() string {
+	return fmt.Sprintf("retry failed with %v; last error: %v", e.ctxErr, e.wrappedErr)
+}
+
+func (e wrappedCallErr) Unwrap() error {
+	return e.wrappedErr
+}
+
+// Is allows errors.Is to match the error from the call as well as context
+// sentinel errors.
+func (e wrappedCallErr) Is(target error) bool {
+	return errors.Is(e.ctxErr, target) || errors.Is(e.wrappedErr, target)
+}
+
+// SendRequest sends a single HTTP request using the given client.
+// If ctx is non-nil, it calls all hooks, then sends the request with
+// req.WithContext, then calls any functions returned by the hooks in
+// reverse order.
+func SendRequest(ctx context.Context, client *http.Client, req *http.Request) (*http.Response, error) {
+	// Disallow Accept-Encoding because it interferes with the automatic gzip handling
+	// done by the default http.Transport. See https://github.com/google/google-api-go-client/issues/219.
+	if _, ok := req.Header["Accept-Encoding"]; ok {
+		return nil, errors.New("google api: custom Accept-Encoding headers not allowed")
+	}
+	if ctx == nil {
+		return client.Do(req)
+	}
+	return send(ctx, client, req)
+}
+
+func send(ctx context.Context, client *http.Client, req *http.Request) (*http.Response, error) {
+	if client == nil {
+		client = http.DefaultClient
+	}
+	resp, err := client.Do(req.WithContext(ctx))
+	// If we got an error, and the context has been canceled,
+	// the context's error is probably more useful.
+	if err != nil {
+		select {
+		case <-ctx.Done():
+			err = ctx.Err()
+		default:
+		}
+	}
+	return resp, err
+}
+
+// SendRequestWithRetry sends a single HTTP request using the given client,
+// with retries if a retryable error is returned.
+// If ctx is non-nil, it calls all hooks, then sends the request with
+// req.WithContext, then calls any functions returned by the hooks in
+// reverse order.
+func SendRequestWithRetry(ctx context.Context, client *http.Client, req *http.Request, retry *RetryConfig) (*http.Response, error) {
+	// Disallow Accept-Encoding because it interferes with the automatic gzip handling
+	// done by the default http.Transport. See https://github.com/google/google-api-go-client/issues/219.
+	if _, ok := req.Header["Accept-Encoding"]; ok {
+		return nil, errors.New("google api: custom Accept-Encoding headers not allowed")
+	}
+	if ctx == nil {
+		return client.Do(req)
+	}
+	return sendAndRetry(ctx, client, req, retry)
+}
+
+func sendAndRetry(ctx context.Context, client *http.Client, req *http.Request, retry *RetryConfig) (*http.Response, error) {
+	if client == nil {
+		client = http.DefaultClient
+	}
+
+	var resp *http.Response
+	var err error
+	attempts := 1
+	invocationID := uuid.New().String()
+	baseXGoogHeader := req.Header.Get("X-Goog-Api-Client")
+
+	// Loop to retry the request, up to the context deadline.
+	var pause time.Duration
+	var bo Backoff
+	if retry != nil && retry.Backoff != nil {
+		bo = &gax.Backoff{
+			Initial:    retry.Backoff.Initial,
+			Max:        retry.Backoff.Max,
+			Multiplier: retry.Backoff.Multiplier,
+		}
+	} else {
+		bo = backoff()
+	}
+
+	var errorFunc = retry.errorFunc()
+
+	for {
+		t := time.NewTimer(pause)
+		select {
+		case <-ctx.Done():
+			t.Stop()
+			// If we got an error and the context has been canceled, return an error acknowledging
+			// both the context cancelation and the service error.
+			if err != nil {
+				return resp, wrappedCallErr{ctx.Err(), err}
+			}
+			return resp, ctx.Err()
+		case <-t.C:
+		}
+
+		if ctx.Err() != nil {
+			// Check for context cancellation once more. If more than one case in a
+			// select is satisfied at the same time, Go will choose one arbitrarily.
+			// That can cause an operation to go through even if the context was
+			// canceled before.
+			if err != nil {
+				return resp, wrappedCallErr{ctx.Err(), err}
+			}
+			return resp, ctx.Err()
+		}
+
+		// Set retry metrics and idempotency headers for GCS.
+		// TODO(b/274504690): Consider dropping gccl-invocation-id key since it
+		// duplicates the X-Goog-Gcs-Idempotency-Token header (added in v0.115.0).
+		invocationHeader := fmt.Sprintf("gccl-invocation-id/%s gccl-attempt-count/%d", invocationID, attempts)
+		xGoogHeader := strings.Join([]string{invocationHeader, baseXGoogHeader}, " ")
+		req.Header.Set("X-Goog-Api-Client", xGoogHeader)
+		req.Header.Set("X-Goog-Gcs-Idempotency-Token", invocationID)
+
+		resp, err = client.Do(req.WithContext(ctx))
+
+		var status int
+		if resp != nil {
+			status = resp.StatusCode
+		}
+
+		// Check if we can retry the request. A retry can only be done if the error
+		// is retryable and the request body can be re-created using GetBody (this
+		// will not be possible if the body was unbuffered).
+		if req.GetBody == nil || !errorFunc(status, err) {
+			break
+		}
+		attempts++
+		var errBody error
+		req.Body, errBody = req.GetBody()
+		if errBody != nil {
+			break
+		}
+
+		pause = bo.Pause()
+		if resp != nil && resp.Body != nil {
+			resp.Body.Close()
+		}
+	}
+	return resp, err
+}
+
+// DecodeResponse decodes the body of res into target. If there is no body,
+// target is unchanged.
+func DecodeResponse(target interface{}, res *http.Response) error {
+	if res.StatusCode == http.StatusNoContent {
+		return nil
+	}
+	return json.NewDecoder(res.Body).Decode(target)
+}
diff --git a/vendor/google.golang.org/api/internal/gensupport/version.go b/vendor/google.golang.org/api/internal/gensupport/version.go
new file mode 100644
index 000000000..23f6aa24e
--- /dev/null
+++ b/vendor/google.golang.org/api/internal/gensupport/version.go
@@ -0,0 +1,53 @@
+// Copyright 2020 Google LLC. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package gensupport
+
+import (
+	"runtime"
+	"strings"
+	"unicode"
+)
+
+// GoVersion returns the Go runtime version. The returned string
+// has no whitespace.
+func GoVersion() string {
+	return goVersion
+}
+
+var goVersion = goVer(runtime.Version())
+
+const develPrefix = "devel +"
+
+func goVer(s string) string {
+	if strings.HasPrefix(s, develPrefix) {
+		s = s[len(develPrefix):]
+		if p := strings.IndexFunc(s, unicode.IsSpace); p >= 0 {
+			s = s[:p]
+		}
+		return s
+	}
+
+	if strings.HasPrefix(s, "go1") {
+		s = s[2:]
+		var prerelease string
+		if p := strings.IndexFunc(s, notSemverRune); p >= 0 {
+			s, prerelease = s[:p], s[p:]
+		}
+		if strings.HasSuffix(s, ".") {
+			s += "0"
+		} else if strings.Count(s, ".") < 2 {
+			s += ".0"
+		}
+		if prerelease != "" {
+			s += "-" + prerelease
+		}
+		return s
+	}
+	return ""
+}
+
+func notSemverRune(r rune) bool {
+	return !strings.ContainsRune("0123456789.", r)
+}
diff --git a/vendor/google.golang.org/api/internal/third_party/uritemplates/LICENSE b/vendor/google.golang.org/api/internal/third_party/uritemplates/LICENSE
new file mode 100644
index 000000000..7109c6ef9
--- /dev/null
+++ b/vendor/google.golang.org/api/internal/third_party/uritemplates/LICENSE
@@ -0,0 +1,27 @@
+Copyright (c) 2013 Joshua Tacoma. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+   * Redistributions of source code must retain the above copyright
+notice, this list of conditions and the following disclaimer.
+   * Redistributions in binary form must reproduce the above
+copyright notice, this list of conditions and the following disclaimer
+in the documentation and/or other materials provided with the
+distribution.
+   * Neither the name of Google Inc. nor the names of its
+contributors may be used to endorse or promote products derived from
+this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/vendor/google.golang.org/api/internal/third_party/uritemplates/METADATA b/vendor/google.golang.org/api/internal/third_party/uritemplates/METADATA
new file mode 100644
index 000000000..c7f86fcd5
--- /dev/null
+++ b/vendor/google.golang.org/api/internal/third_party/uritemplates/METADATA
@@ -0,0 +1,14 @@
+name: "uritemplates"
+description:
+    "Package uritemplates is a level 4 implementation of RFC 6570 (URI "
+    "Template, http://tools.ietf.org/html/rfc6570)."
+
+third_party {
+  url {
+    type: GIT
+    value: "https://github.com/jtacoma/uritemplates"
+  }
+  version: "0.1"
+  last_upgrade_date { year: 2014 month: 8 day: 18 }
+  license_type: NOTICE
+}
diff --git a/vendor/google.golang.org/api/internal/third_party/uritemplates/uritemplates.go b/vendor/google.golang.org/api/internal/third_party/uritemplates/uritemplates.go
new file mode 100644
index 000000000..8c27d19d7
--- /dev/null
+++ b/vendor/google.golang.org/api/internal/third_party/uritemplates/uritemplates.go
@@ -0,0 +1,248 @@
+// Copyright 2013 Joshua Tacoma. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package uritemplates is a level 3 implementation of RFC 6570 (URI
+// Template, http://tools.ietf.org/html/rfc6570).
+// uritemplates does not support composite values (in Go: slices or maps)
+// and so does not qualify as a level 4 implementation.
+package uritemplates
+
+import (
+	"bytes"
+	"errors"
+	"regexp"
+	"strconv"
+	"strings"
+)
+
+var (
+	unreserved = regexp.MustCompile("[^A-Za-z0-9\\-._~]")
+	reserved   = regexp.MustCompile("[^A-Za-z0-9\\-._~:/?#[\\]@!$&'()*+,;=]")
+	validname  = regexp.MustCompile("^([A-Za-z0-9_\\.]|%[0-9A-Fa-f][0-9A-Fa-f])+$")
+	hex        = []byte("0123456789ABCDEF")
+)
+
+func pctEncode(src []byte) []byte {
+	dst := make([]byte, len(src)*3)
+	for i, b := range src {
+		buf := dst[i*3 : i*3+3]
+		buf[0] = 0x25
+		buf[1] = hex[b/16]
+		buf[2] = hex[b%16]
+	}
+	return dst
+}
+
+// pairWriter is a convenience struct which allows escaped and unescaped
+// versions of the template to be written in parallel.
+type pairWriter struct {
+	escaped, unescaped bytes.Buffer
+}
+
+// Write writes the provided string directly without any escaping.
+func (w *pairWriter) Write(s string) {
+	w.escaped.WriteString(s)
+	w.unescaped.WriteString(s)
+}
+
+// Escape writes the provided string, escaping the string for the
+// escaped output.
+func (w *pairWriter) Escape(s string, allowReserved bool) {
+	w.unescaped.WriteString(s)
+	if allowReserved {
+		w.escaped.Write(reserved.ReplaceAllFunc([]byte(s), pctEncode))
+	} else {
+		w.escaped.Write(unreserved.ReplaceAllFunc([]byte(s), pctEncode))
+	}
+}
+
+// Escaped returns the escaped string.
+func (w *pairWriter) Escaped() string {
+	return w.escaped.String()
+}
+
+// Unescaped returns the unescaped string.
+func (w *pairWriter) Unescaped() string {
+	return w.unescaped.String()
+}
+
+// A uriTemplate is a parsed representation of a URI template.
+type uriTemplate struct {
+	raw   string
+	parts []templatePart
+}
+
+// parse parses a URI template string into a uriTemplate object.
+func parse(rawTemplate string) (*uriTemplate, error) {
+	split := strings.Split(rawTemplate, "{")
+	parts := make([]templatePart, len(split)*2-1)
+	for i, s := range split {
+		if i == 0 {
+			if strings.Contains(s, "}") {
+				return nil, errors.New("unexpected }")
+			}
+			parts[i].raw = s
+			continue
+		}
+		subsplit := strings.Split(s, "}")
+		if len(subsplit) != 2 {
+			return nil, errors.New("malformed template")
+		}
+		expression := subsplit[0]
+		var err error
+		parts[i*2-1], err = parseExpression(expression)
+		if err != nil {
+			return nil, err
+		}
+		parts[i*2].raw = subsplit[1]
+	}
+	return &uriTemplate{
+		raw:   rawTemplate,
+		parts: parts,
+	}, nil
+}
+
+type templatePart struct {
+	raw           string
+	terms         []templateTerm
+	first         string
+	sep           string
+	named         bool
+	ifemp         string
+	allowReserved bool
+}
+
+type templateTerm struct {
+	name     string
+	explode  bool
+	truncate int
+}
+
+func parseExpression(expression string) (result templatePart, err error) {
+	switch expression[0] {
+	case '+':
+		result.sep = ","
+		result.allowReserved = true
+		expression = expression[1:]
+	case '.':
+		result.first = "."
+		result.sep = "."
+		expression = expression[1:]
+	case '/':
+		result.first = "/"
+		result.sep = "/"
+		expression = expression[1:]
+	case ';':
+		result.first = ";"
+		result.sep = ";"
+		result.named = true
+		expression = expression[1:]
+	case '?':
+		result.first = "?"
+		result.sep = "&"
+		result.named = true
+		result.ifemp = "="
+		expression = expression[1:]
+	case '&':
+		result.first = "&"
+		result.sep = "&"
+		result.named = true
+		result.ifemp = "="
+		expression = expression[1:]
+	case '#':
+		result.first = "#"
+		result.sep = ","
+		result.allowReserved = true
+		expression = expression[1:]
+	default:
+		result.sep = ","
+	}
+	rawterms := strings.Split(expression, ",")
+	result.terms = make([]templateTerm, len(rawterms))
+	for i, raw := range rawterms {
+		result.terms[i], err = parseTerm(raw)
+		if err != nil {
+			break
+		}
+	}
+	return result, err
+}
+
+func parseTerm(term string) (result templateTerm, err error) {
+	// TODO(djd): Remove "*" suffix parsing once we check that no APIs have
+	// mistakenly used that attribute.
+	if strings.HasSuffix(term, "*") {
+		result.explode = true
+		term = term[:len(term)-1]
+	}
+	split := strings.Split(term, ":")
+	if len(split) == 1 {
+		result.name = term
+	} else if len(split) == 2 {
+		result.name = split[0]
+		var parsed int64
+		parsed, err = strconv.ParseInt(split[1], 10, 0)
+		result.truncate = int(parsed)
+	} else {
+		err = errors.New("multiple colons in same term")
+	}
+	if !validname.MatchString(result.name) {
+		err = errors.New("not a valid name: " + result.name)
+	}
+	if result.explode && result.truncate > 0 {
+		err = errors.New("both explode and prefix modifiers on same term")
+	}
+	return result, err
+}
+
+// Expand expands a URI template with a set of values to produce the
+// resultant URI. Two forms of the result are returned: one with all the
+// elements escaped, and one with the elements unescaped.
+func (t *uriTemplate) Expand(values map[string]string) (escaped, unescaped string) {
+	var w pairWriter
+	for _, p := range t.parts {
+		p.expand(&w, values)
+	}
+	return w.Escaped(), w.Unescaped()
+}
+
+func (tp *templatePart) expand(w *pairWriter, values map[string]string) {
+	if len(tp.raw) > 0 {
+		w.Write(tp.raw)
+		return
+	}
+	var first = true
+	for _, term := range tp.terms {
+		value, exists := values[term.name]
+		if !exists {
+			continue
+		}
+		if first {
+			w.Write(tp.first)
+			first = false
+		} else {
+			w.Write(tp.sep)
+		}
+		tp.expandString(w, term, value)
+	}
+}
+
+func (tp *templatePart) expandName(w *pairWriter, name string, empty bool) {
+	if tp.named {
+		w.Write(name)
+		if empty {
+			w.Write(tp.ifemp)
+		} else {
+			w.Write("=")
+		}
+	}
+}
+
+func (tp *templatePart) expandString(w *pairWriter, t templateTerm, s string) {
+	if len(s) > t.truncate && t.truncate > 0 {
+		s = s[:t.truncate]
+	}
+	tp.expandName(w, t.name, len(s) == 0)
+	w.Escape(s, tp.allowReserved)
+}
diff --git a/vendor/google.golang.org/api/internal/third_party/uritemplates/utils.go b/vendor/google.golang.org/api/internal/third_party/uritemplates/utils.go
new file mode 100644
index 000000000..2e70b8154
--- /dev/null
+++ b/vendor/google.golang.org/api/internal/third_party/uritemplates/utils.go
@@ -0,0 +1,17 @@
+// Copyright 2016 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package uritemplates
+
+// Expand parses then expands a URI template with a set of values to produce
+// the resultant URI. Two forms of the result are returned: one with all the
+// elements escaped, and one with the elements unescaped.
+func Expand(path string, values map[string]string) (escaped, unescaped string, err error) {
+	template, err := parse(path)
+	if err != nil {
+		return "", "", err
+	}
+	escaped, unescaped = template.Expand(values)
+	return escaped, unescaped, nil
+}
diff --git a/vendor/google.golang.org/api/storage/v1/storage-api.json b/vendor/google.golang.org/api/storage/v1/storage-api.json
new file mode 100644
index 000000000..edebc73ad
--- /dev/null
+++ b/vendor/google.golang.org/api/storage/v1/storage-api.json
@@ -0,0 +1,4283 @@
+{
+  "auth": {
+    "oauth2": {
+      "scopes": {
+        "https://www.googleapis.com/auth/cloud-platform": {
+          "description": "View and manage your data across Google Cloud Platform services"
+        },
+        "https://www.googleapis.com/auth/cloud-platform.read-only": {
+          "description": "View your data across Google Cloud Platform services"
+        },
+        "https://www.googleapis.com/auth/devstorage.full_control": {
+          "description": "Manage your data and permissions in Google Cloud Storage"
+        },
+        "https://www.googleapis.com/auth/devstorage.read_only": {
+          "description": "View your data in Google Cloud Storage"
+        },
+        "https://www.googleapis.com/auth/devstorage.read_write": {
+          "description": "Manage your data in Google Cloud Storage"
+        }
+      }
+    }
+  },
+  "basePath": "/storage/v1/",
+  "baseUrl": "https://storage.googleapis.com/storage/v1/",
+  "batchPath": "batch/storage/v1",
+  "description": "Stores and retrieves potentially large, immutable data objects.",
+  "discoveryVersion": "v1",
+  "documentationLink": "https://developers.google.com/storage/docs/json_api/",
+  "etag": "\"34333739363230323936363635393736363430\"",
+  "icons": {
+    "x16": "https://www.google.com/images/icons/product/cloud_storage-16.png",
+    "x32": "https://www.google.com/images/icons/product/cloud_storage-32.png"
+  },
+  "id": "storage:v1",
+  "kind": "discovery#restDescription",
+  "labels": [
+    "labs"
+  ],
+  "mtlsRootUrl": "https://storage.mtls.googleapis.com/",
+  "name": "storage",
+  "ownerDomain": "google.com",
+  "ownerName": "Google",
+  "parameters": {
+    "alt": {
+      "default": "json",
+      "description": "Data format for the response.",
+      "enum": [
+        "json"
+      ],
+      "enumDescriptions": [
+        "Responses with Content-Type of application/json"
+      ],
+      "location": "query",
+      "type": "string"
+    },
+    "fields": {
+      "description": "Selector specifying which fields to include in a partial response.",
+      "location": "query",
+      "type": "string"
+    },
+    "key": {
+      "description": "API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.",
+      "location": "query",
+      "type": "string"
+    },
+    "oauth_token": {
+      "description": "OAuth 2.0 token for the current user.",
+      "location": "query",
+      "type": "string"
+    },
+    "prettyPrint": {
+      "default": "true",
+      "description": "Returns response with indentations and line breaks.",
+      "location": "query",
+      "type": "boolean"
+    },
+    "quotaUser": {
+      "description": "An opaque string that represents a user for quota purposes. Must not exceed 40 characters.",
+      "location": "query",
+      "type": "string"
+    },
+    "uploadType": {
+      "description": "Upload protocol for media (e.g. \"media\", \"multipart\", \"resumable\").",
+      "location": "query",
+      "type": "string"
+    },
+    "userIp": {
+      "description": "Deprecated. Please use quotaUser instead.",
+      "location": "query",
+      "type": "string"
+    }
+  },
+  "protocol": "rest",
+  "resources": {
+    "bucketAccessControls": {
+      "methods": {
+        "delete": {
+          "description": "Permanently deletes the ACL entry for the specified entity on the specified bucket.",
+          "httpMethod": "DELETE",
+          "id": "storage.bucketAccessControls.delete",
+          "parameterOrder": [
+            "bucket",
+            "entity"
+          ],
+          "parameters": {
+            "bucket": {
+              "description": "Name of a bucket.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "entity": {
+              "description": "The entity holding the permission. Can be user-userId, user-emailAddress, group-groupId, group-emailAddress, allUsers, or allAuthenticatedUsers.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "userProject": {
+              "description": "The project to be billed for this request. Required for Requester Pays buckets.",
+              "location": "query",
+              "type": "string"
+            }
+          },
+          "path": "b/{bucket}/acl/{entity}",
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/devstorage.full_control"
+          ]
+        },
+        "get": {
+          "description": "Returns the ACL entry for the specified entity on the specified bucket.",
+          "httpMethod": "GET",
+          "id": "storage.bucketAccessControls.get",
+          "parameterOrder": [
+            "bucket",
+            "entity"
+          ],
+          "parameters": {
+            "bucket": {
+              "description": "Name of a bucket.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "entity": {
+              "description": "The entity holding the permission. Can be user-userId, user-emailAddress, group-groupId, group-emailAddress, allUsers, or allAuthenticatedUsers.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "userProject": {
+              "description": "The project to be billed for this request. Required for Requester Pays buckets.",
+              "location": "query",
+              "type": "string"
+            }
+          },
+          "path": "b/{bucket}/acl/{entity}",
+          "response": {
+            "$ref": "BucketAccessControl"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/devstorage.full_control"
+          ]
+        },
+        "insert": {
+          "description": "Creates a new ACL entry on the specified bucket.",
+          "httpMethod": "POST",
+          "id": "storage.bucketAccessControls.insert",
+          "parameterOrder": [
+            "bucket"
+          ],
+          "parameters": {
+            "bucket": {
+              "description": "Name of a bucket.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "userProject": {
+              "description": "The project to be billed for this request. Required for Requester Pays buckets.",
+              "location": "query",
+              "type": "string"
+            }
+          },
+          "path": "b/{bucket}/acl",
+          "request": {
+            "$ref": "BucketAccessControl"
+          },
+          "response": {
+            "$ref": "BucketAccessControl"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/devstorage.full_control"
+          ]
+        },
+        "list": {
+          "description": "Retrieves ACL entries on the specified bucket.",
+          "httpMethod": "GET",
+          "id": "storage.bucketAccessControls.list",
+          "parameterOrder": [
+            "bucket"
+          ],
+          "parameters": {
+            "bucket": {
+              "description": "Name of a bucket.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "userProject": {
+              "description": "The project to be billed for this request. Required for Requester Pays buckets.",
+              "location": "query",
+              "type": "string"
+            }
+          },
+          "path": "b/{bucket}/acl",
+          "response": {
+            "$ref": "BucketAccessControls"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/devstorage.full_control"
+          ]
+        },
+        "patch": {
+          "description": "Patches an ACL entry on the specified bucket.",
+          "httpMethod": "PATCH",
+          "id": "storage.bucketAccessControls.patch",
+          "parameterOrder": [
+            "bucket",
+            "entity"
+          ],
+          "parameters": {
+            "bucket": {
+              "description": "Name of a bucket.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "entity": {
+              "description": "The entity holding the permission. Can be user-userId, user-emailAddress, group-groupId, group-emailAddress, allUsers, or allAuthenticatedUsers.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "userProject": {
+              "description": "The project to be billed for this request. Required for Requester Pays buckets.",
+              "location": "query",
+              "type": "string"
+            }
+          },
+          "path": "b/{bucket}/acl/{entity}",
+          "request": {
+            "$ref": "BucketAccessControl"
+          },
+          "response": {
+            "$ref": "BucketAccessControl"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/devstorage.full_control"
+          ]
+        },
+        "update": {
+          "description": "Updates an ACL entry on the specified bucket.",
+          "httpMethod": "PUT",
+          "id": "storage.bucketAccessControls.update",
+          "parameterOrder": [
+            "bucket",
+            "entity"
+          ],
+          "parameters": {
+            "bucket": {
+              "description": "Name of a bucket.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "entity": {
+              "description": "The entity holding the permission. Can be user-userId, user-emailAddress, group-groupId, group-emailAddress, allUsers, or allAuthenticatedUsers.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "userProject": {
+              "description": "The project to be billed for this request. Required for Requester Pays buckets.",
+              "location": "query",
+              "type": "string"
+            }
+          },
+          "path": "b/{bucket}/acl/{entity}",
+          "request": {
+            "$ref": "BucketAccessControl"
+          },
+          "response": {
+            "$ref": "BucketAccessControl"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/devstorage.full_control"
+          ]
+        }
+      }
+    },
+    "buckets": {
+      "methods": {
+        "delete": {
+          "description": "Permanently deletes an empty bucket.",
+          "httpMethod": "DELETE",
+          "id": "storage.buckets.delete",
+          "parameterOrder": [
+            "bucket"
+          ],
+          "parameters": {
+            "bucket": {
+              "description": "Name of a bucket.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "ifMetagenerationMatch": {
+              "description": "If set, only deletes the bucket if its metageneration matches this value.",
+              "format": "int64",
+              "location": "query",
+              "type": "string"
+            },
+            "ifMetagenerationNotMatch": {
+              "description": "If set, only deletes the bucket if its metageneration does not match this value.",
+              "format": "int64",
+              "location": "query",
+              "type": "string"
+            },
+            "userProject": {
+              "description": "The project to be billed for this request. Required for Requester Pays buckets.",
+              "location": "query",
+              "type": "string"
+            }
+          },
+          "path": "b/{bucket}",
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/devstorage.full_control",
+            "https://www.googleapis.com/auth/devstorage.read_write"
+          ]
+        },
+        "get": {
+          "description": "Returns metadata for the specified bucket.",
+          "httpMethod": "GET",
+          "id": "storage.buckets.get",
+          "parameterOrder": [
+            "bucket"
+          ],
+          "parameters": {
+            "bucket": {
+              "description": "Name of a bucket.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "ifMetagenerationMatch": {
+              "description": "Makes the return of the bucket metadata conditional on whether the bucket's current metageneration matches the given value.",
+              "format": "int64",
+              "location": "query",
+              "type": "string"
+            },
+            "ifMetagenerationNotMatch": {
+              "description": "Makes the return of the bucket metadata conditional on whether the bucket's current metageneration does not match the given value.",
+              "format": "int64",
+              "location": "query",
+              "type": "string"
+            },
+            "projection": {
+              "description": "Set of properties to return. Defaults to noAcl.",
+              "enum": [
+                "full",
+                "noAcl"
+              ],
+              "enumDescriptions": [
+                "Include all properties.",
+                "Omit owner, acl and defaultObjectAcl properties."
+              ],
+              "location": "query",
+              "type": "string"
+            },
+            "userProject": {
+              "description": "The project to be billed for this request. Required for Requester Pays buckets.",
+              "location": "query",
+              "type": "string"
+            }
+          },
+          "path": "b/{bucket}",
+          "response": {
+            "$ref": "Bucket"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/cloud-platform.read-only",
+            "https://www.googleapis.com/auth/devstorage.full_control",
+            "https://www.googleapis.com/auth/devstorage.read_only",
+            "https://www.googleapis.com/auth/devstorage.read_write"
+          ]
+        },
+        "getIamPolicy": {
+          "description": "Returns an IAM policy for the specified bucket.",
+          "httpMethod": "GET",
+          "id": "storage.buckets.getIamPolicy",
+          "parameterOrder": [
+            "bucket"
+          ],
+          "parameters": {
+            "bucket": {
+              "description": "Name of a bucket.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "optionsRequestedPolicyVersion": {
+              "description": "The IAM policy format version to be returned. If the optionsRequestedPolicyVersion is for an older version that doesn't support part of the requested IAM policy, the request fails.",
+              "format": "int32",
+              "location": "query",
+              "minimum": "1",
+              "type": "integer"
+            },
+            "userProject": {
+              "description": "The project to be billed for this request. Required for Requester Pays buckets.",
+              "location": "query",
+              "type": "string"
+            }
+          },
+          "path": "b/{bucket}/iam",
+          "response": {
+            "$ref": "Policy"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/devstorage.full_control"
+          ]
+        },
+        "insert": {
+          "description": "Creates a new bucket.",
+          "httpMethod": "POST",
+          "id": "storage.buckets.insert",
+          "parameterOrder": [
+            "project"
+          ],
+          "parameters": {
+            "predefinedAcl": {
+              "description": "Apply a predefined set of access controls to this bucket.",
+              "enum": [
+                "authenticatedRead",
+                "private",
+                "projectPrivate",
+                "publicRead",
+                "publicReadWrite"
+              ],
+              "enumDescriptions": [
+                "Project team owners get OWNER access, and allAuthenticatedUsers get READER access.",
+                "Project team owners get OWNER access.",
+                "Project team members get access according to their roles.",
+                "Project team owners get OWNER access, and allUsers get READER access.",
+                "Project team owners get OWNER access, and allUsers get WRITER access."
+              ],
+              "location": "query",
+              "type": "string"
+            },
+            "predefinedDefaultObjectAcl": {
+              "description": "Apply a predefined set of default object access controls to this bucket.",
+              "enum": [
+                "authenticatedRead",
+                "bucketOwnerFullControl",
+                "bucketOwnerRead",
+                "private",
+                "projectPrivate",
+                "publicRead"
+              ],
+              "enumDescriptions": [
+                "Object owner gets OWNER access, and allAuthenticatedUsers get READER access.",
+                "Object owner gets OWNER access, and project team owners get OWNER access.",
+                "Object owner gets OWNER access, and project team owners get READER access.",
+                "Object owner gets OWNER access.",
+                "Object owner gets OWNER access, and project team members get access according to their roles.",
+                "Object owner gets OWNER access, and allUsers get READER access."
+              ],
+              "location": "query",
+              "type": "string"
+            },
+            "project": {
+              "description": "A valid API project identifier.",
+              "location": "query",
+              "required": true,
+              "type": "string"
+            },
+            "projection": {
+              "description": "Set of properties to return. Defaults to noAcl, unless the bucket resource specifies acl or defaultObjectAcl properties, when it defaults to full.",
+              "enum": [
+                "full",
+                "noAcl"
+              ],
+              "enumDescriptions": [
+                "Include all properties.",
+                "Omit owner, acl and defaultObjectAcl properties."
+              ],
+              "location": "query",
+              "type": "string"
+            },
+            "userProject": {
+              "description": "The project to be billed for this request.",
+              "location": "query",
+              "type": "string"
+            }
+          },
+          "path": "b",
+          "request": {
+            "$ref": "Bucket"
+          },
+          "response": {
+            "$ref": "Bucket"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/devstorage.full_control",
+            "https://www.googleapis.com/auth/devstorage.read_write"
+          ]
+        },
+        "list": {
+          "description": "Retrieves a list of buckets for a given project.",
+          "httpMethod": "GET",
+          "id": "storage.buckets.list",
+          "parameterOrder": [
+            "project"
+          ],
+          "parameters": {
+            "maxResults": {
+              "default": "1000",
+              "description": "Maximum number of buckets to return in a single response. The service will use this parameter or 1,000 items, whichever is smaller.",
+              "format": "uint32",
+              "location": "query",
+              "minimum": "0",
+              "type": "integer"
+            },
+            "pageToken": {
+              "description": "A previously-returned page token representing part of the larger set of results to view.",
+              "location": "query",
+              "type": "string"
+            },
+            "prefix": {
+              "description": "Filter results to buckets whose names begin with this prefix.",
+              "location": "query",
+              "type": "string"
+            },
+            "project": {
+              "description": "A valid API project identifier.",
+              "location": "query",
+              "required": true,
+              "type": "string"
+            },
+            "projection": {
+              "description": "Set of properties to return. Defaults to noAcl.",
+              "enum": [
+                "full",
+                "noAcl"
+              ],
+              "enumDescriptions": [
+                "Include all properties.",
+                "Omit owner, acl and defaultObjectAcl properties."
+              ],
+              "location": "query",
+              "type": "string"
+            },
+            "userProject": {
+              "description": "The project to be billed for this request.",
+              "location": "query",
+              "type": "string"
+            }
+          },
+          "path": "b",
+          "response": {
+            "$ref": "Buckets"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/cloud-platform.read-only",
+            "https://www.googleapis.com/auth/devstorage.full_control",
+            "https://www.googleapis.com/auth/devstorage.read_only",
+            "https://www.googleapis.com/auth/devstorage.read_write"
+          ]
+        },
+        "lockRetentionPolicy": {
+          "description": "Locks retention policy on a bucket.",
+          "httpMethod": "POST",
+          "id": "storage.buckets.lockRetentionPolicy",
+          "parameterOrder": [
+            "bucket",
+            "ifMetagenerationMatch"
+          ],
+          "parameters": {
+            "bucket": {
+              "description": "Name of a bucket.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "ifMetagenerationMatch": {
+              "description": "Makes the operation conditional on whether bucket's current metageneration matches the given value.",
+              "format": "int64",
+              "location": "query",
+              "required": true,
+              "type": "string"
+            },
+            "userProject": {
+              "description": "The project to be billed for this request. Required for Requester Pays buckets.",
+              "location": "query",
+              "type": "string"
+            }
+          },
+          "path": "b/{bucket}/lockRetentionPolicy",
+          "response": {
+            "$ref": "Bucket"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/devstorage.full_control",
+            "https://www.googleapis.com/auth/devstorage.read_write"
+          ]
+        },
+        "patch": {
+          "description": "Patches a bucket. Changes to the bucket will be readable immediately after writing, but configuration changes may take time to propagate.",
+          "httpMethod": "PATCH",
+          "id": "storage.buckets.patch",
+          "parameterOrder": [
+            "bucket"
+          ],
+          "parameters": {
+            "bucket": {
+              "description": "Name of a bucket.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "ifMetagenerationMatch": {
+              "description": "Makes the return of the bucket metadata conditional on whether the bucket's current metageneration matches the given value.",
+              "format": "int64",
+              "location": "query",
+              "type": "string"
+            },
+            "ifMetagenerationNotMatch": {
+              "description": "Makes the return of the bucket metadata conditional on whether the bucket's current metageneration does not match the given value.",
+              "format": "int64",
+              "location": "query",
+              "type": "string"
+            },
+            "predefinedAcl": {
+              "description": "Apply a predefined set of access controls to this bucket.",
+              "enum": [
+                "authenticatedRead",
+                "private",
+                "projectPrivate",
+                "publicRead",
+                "publicReadWrite"
+              ],
+              "enumDescriptions": [
+                "Project team owners get OWNER access, and allAuthenticatedUsers get READER access.",
+                "Project team owners get OWNER access.",
+                "Project team members get access according to their roles.",
+                "Project team owners get OWNER access, and allUsers get READER access.",
+                "Project team owners get OWNER access, and allUsers get WRITER access."
+              ],
+              "location": "query",
+              "type": "string"
+            },
+            "predefinedDefaultObjectAcl": {
+              "description": "Apply a predefined set of default object access controls to this bucket.",
+              "enum": [
+                "authenticatedRead",
+                "bucketOwnerFullControl",
+                "bucketOwnerRead",
+                "private",
+                "projectPrivate",
+                "publicRead"
+              ],
+              "enumDescriptions": [
+                "Object owner gets OWNER access, and allAuthenticatedUsers get READER access.",
+                "Object owner gets OWNER access, and project team owners get OWNER access.",
+                "Object owner gets OWNER access, and project team owners get READER access.",
+                "Object owner gets OWNER access.",
+                "Object owner gets OWNER access, and project team members get access according to their roles.",
+                "Object owner gets OWNER access, and allUsers get READER access."
+              ],
+              "location": "query",
+              "type": "string"
+            },
+            "projection": {
+              "description": "Set of properties to return. Defaults to full.",
+              "enum": [
+                "full",
+                "noAcl"
+              ],
+              "enumDescriptions": [
+                "Include all properties.",
+                "Omit owner, acl and defaultObjectAcl properties."
+              ],
+              "location": "query",
+              "type": "string"
+            },
+            "userProject": {
+              "description": "The project to be billed for this request. Required for Requester Pays buckets.",
+              "location": "query",
+              "type": "string"
+            }
+          },
+          "path": "b/{bucket}",
+          "request": {
+            "$ref": "Bucket"
+          },
+          "response": {
+            "$ref": "Bucket"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/devstorage.full_control"
+          ]
+        },
+        "setIamPolicy": {
+          "description": "Updates an IAM policy for the specified bucket.",
+          "httpMethod": "PUT",
+          "id": "storage.buckets.setIamPolicy",
+          "parameterOrder": [
+            "bucket"
+          ],
+          "parameters": {
+            "bucket": {
+              "description": "Name of a bucket.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "userProject": {
+              "description": "The project to be billed for this request. Required for Requester Pays buckets.",
+              "location": "query",
+              "type": "string"
+            }
+          },
+          "path": "b/{bucket}/iam",
+          "request": {
+            "$ref": "Policy"
+          },
+          "response": {
+            "$ref": "Policy"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/devstorage.full_control"
+          ]
+        },
+        "testIamPermissions": {
+          "description": "Tests a set of permissions on the given bucket to see which, if any, are held by the caller.",
+          "httpMethod": "GET",
+          "id": "storage.buckets.testIamPermissions",
+          "parameterOrder": [
+            "bucket",
+            "permissions"
+          ],
+          "parameters": {
+            "bucket": {
+              "description": "Name of a bucket.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "permissions": {
+              "description": "Permissions to test.",
+              "location": "query",
+              "repeated": true,
+              "required": true,
+              "type": "string"
+            },
+            "userProject": {
+              "description": "The project to be billed for this request. Required for Requester Pays buckets.",
+              "location": "query",
+              "type": "string"
+            }
+          },
+          "path": "b/{bucket}/iam/testPermissions",
+          "response": {
+            "$ref": "TestIamPermissionsResponse"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/cloud-platform.read-only",
+            "https://www.googleapis.com/auth/devstorage.full_control",
+            "https://www.googleapis.com/auth/devstorage.read_only",
+            "https://www.googleapis.com/auth/devstorage.read_write"
+          ]
+        },
+        "update": {
+          "description": "Updates a bucket. Changes to the bucket will be readable immediately after writing, but configuration changes may take time to propagate.",
+          "httpMethod": "PUT",
+          "id": "storage.buckets.update",
+          "parameterOrder": [
+            "bucket"
+          ],
+          "parameters": {
+            "bucket": {
+              "description": "Name of a bucket.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "ifMetagenerationMatch": {
+              "description": "Makes the return of the bucket metadata conditional on whether the bucket's current metageneration matches the given value.",
+              "format": "int64",
+              "location": "query",
+              "type": "string"
+            },
+            "ifMetagenerationNotMatch": {
+              "description": "Makes the return of the bucket metadata conditional on whether the bucket's current metageneration does not match the given value.",
+              "format": "int64",
+              "location": "query",
+              "type": "string"
+            },
+            "predefinedAcl": {
+              "description": "Apply a predefined set of access controls to this bucket.",
+              "enum": [
+                "authenticatedRead",
+                "private",
+                "projectPrivate",
+                "publicRead",
+                "publicReadWrite"
+              ],
+              "enumDescriptions": [
+                "Project team owners get OWNER access, and allAuthenticatedUsers get READER access.",
+                "Project team owners get OWNER access.",
+                "Project team members get access according to their roles.",
+                "Project team owners get OWNER access, and allUsers get READER access.",
+                "Project team owners get OWNER access, and allUsers get WRITER access."
+              ],
+              "location": "query",
+              "type": "string"
+            },
+            "predefinedDefaultObjectAcl": {
+              "description": "Apply a predefined set of default object access controls to this bucket.",
+              "enum": [
+                "authenticatedRead",
+                "bucketOwnerFullControl",
+                "bucketOwnerRead",
+                "private",
+                "projectPrivate",
+                "publicRead"
+              ],
+              "enumDescriptions": [
+                "Object owner gets OWNER access, and allAuthenticatedUsers get READER access.",
+                "Object owner gets OWNER access, and project team owners get OWNER access.",
+                "Object owner gets OWNER access, and project team owners get READER access.",
+                "Object owner gets OWNER access.",
+                "Object owner gets OWNER access, and project team members get access according to their roles.",
+                "Object owner gets OWNER access, and allUsers get READER access."
+              ],
+              "location": "query",
+              "type": "string"
+            },
+            "projection": {
+              "description": "Set of properties to return. Defaults to full.",
+              "enum": [
+                "full",
+                "noAcl"
+              ],
+              "enumDescriptions": [
+                "Include all properties.",
+                "Omit owner, acl and defaultObjectAcl properties."
+              ],
+              "location": "query",
+              "type": "string"
+            },
+            "userProject": {
+              "description": "The project to be billed for this request. Required for Requester Pays buckets.",
+              "location": "query",
+              "type": "string"
+            }
+          },
+          "path": "b/{bucket}",
+          "request": {
+            "$ref": "Bucket"
+          },
+          "response": {
+            "$ref": "Bucket"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/devstorage.full_control"
+          ]
+        }
+      }
+    },
+    "channels": {
+      "methods": {
+        "stop": {
+          "description": "Stop watching resources through this channel",
+          "httpMethod": "POST",
+          "id": "storage.channels.stop",
+          "path": "channels/stop",
+          "request": {
+            "$ref": "Channel",
+            "parameterName": "resource"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/cloud-platform.read-only",
+            "https://www.googleapis.com/auth/devstorage.full_control",
+            "https://www.googleapis.com/auth/devstorage.read_only",
+            "https://www.googleapis.com/auth/devstorage.read_write"
+          ]
+        }
+      }
+    },
+    "defaultObjectAccessControls": {
+      "methods": {
+        "delete": {
+          "description": "Permanently deletes the default object ACL entry for the specified entity on the specified bucket.",
+          "httpMethod": "DELETE",
+          "id": "storage.defaultObjectAccessControls.delete",
+          "parameterOrder": [
+            "bucket",
+            "entity"
+          ],
+          "parameters": {
+            "bucket": {
+              "description": "Name of a bucket.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "entity": {
+              "description": "The entity holding the permission. Can be user-userId, user-emailAddress, group-groupId, group-emailAddress, allUsers, or allAuthenticatedUsers.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "userProject": {
+              "description": "The project to be billed for this request. Required for Requester Pays buckets.",
+              "location": "query",
+              "type": "string"
+            }
+          },
+          "path": "b/{bucket}/defaultObjectAcl/{entity}",
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/devstorage.full_control"
+          ]
+        },
+        "get": {
+          "description": "Returns the default object ACL entry for the specified entity on the specified bucket.",
+          "httpMethod": "GET",
+          "id": "storage.defaultObjectAccessControls.get",
+          "parameterOrder": [
+            "bucket",
+            "entity"
+          ],
+          "parameters": {
+            "bucket": {
+              "description": "Name of a bucket.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "entity": {
+              "description": "The entity holding the permission. Can be user-userId, user-emailAddress, group-groupId, group-emailAddress, allUsers, or allAuthenticatedUsers.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "userProject": {
+              "description": "The project to be billed for this request. Required for Requester Pays buckets.",
+              "location": "query",
+              "type": "string"
+            }
+          },
+          "path": "b/{bucket}/defaultObjectAcl/{entity}",
+          "response": {
+            "$ref": "ObjectAccessControl"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/devstorage.full_control"
+          ]
+        },
+        "insert": {
+          "description": "Creates a new default object ACL entry on the specified bucket.",
+          "httpMethod": "POST",
+          "id": "storage.defaultObjectAccessControls.insert",
+          "parameterOrder": [
+            "bucket"
+          ],
+          "parameters": {
+            "bucket": {
+              "description": "Name of a bucket.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "userProject": {
+              "description": "The project to be billed for this request. Required for Requester Pays buckets.",
+              "location": "query",
+              "type": "string"
+            }
+          },
+          "path": "b/{bucket}/defaultObjectAcl",
+          "request": {
+            "$ref": "ObjectAccessControl"
+          },
+          "response": {
+            "$ref": "ObjectAccessControl"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/devstorage.full_control"
+          ]
+        },
+        "list": {
+          "description": "Retrieves default object ACL entries on the specified bucket.",
+          "httpMethod": "GET",
+          "id": "storage.defaultObjectAccessControls.list",
+          "parameterOrder": [
+            "bucket"
+          ],
+          "parameters": {
+            "bucket": {
+              "description": "Name of a bucket.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "ifMetagenerationMatch": {
+              "description": "If present, only return default ACL listing if the bucket's current metageneration matches this value.",
+              "format": "int64",
+              "location": "query",
+              "type": "string"
+            },
+            "ifMetagenerationNotMatch": {
+              "description": "If present, only return default ACL listing if the bucket's current metageneration does not match the given value.",
+              "format": "int64",
+              "location": "query",
+              "type": "string"
+            },
+            "userProject": {
+              "description": "The project to be billed for this request. Required for Requester Pays buckets.",
+              "location": "query",
+              "type": "string"
+            }
+          },
+          "path": "b/{bucket}/defaultObjectAcl",
+          "response": {
+            "$ref": "ObjectAccessControls"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/devstorage.full_control"
+          ]
+        },
+        "patch": {
+          "description": "Patches a default object ACL entry on the specified bucket.",
+          "httpMethod": "PATCH",
+          "id": "storage.defaultObjectAccessControls.patch",
+          "parameterOrder": [
+            "bucket",
+            "entity"
+          ],
+          "parameters": {
+            "bucket": {
+              "description": "Name of a bucket.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "entity": {
+              "description": "The entity holding the permission. Can be user-userId, user-emailAddress, group-groupId, group-emailAddress, allUsers, or allAuthenticatedUsers.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "userProject": {
+              "description": "The project to be billed for this request. Required for Requester Pays buckets.",
+              "location": "query",
+              "type": "string"
+            }
+          },
+          "path": "b/{bucket}/defaultObjectAcl/{entity}",
+          "request": {
+            "$ref": "ObjectAccessControl"
+          },
+          "response": {
+            "$ref": "ObjectAccessControl"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/devstorage.full_control"
+          ]
+        },
+        "update": {
+          "description": "Updates a default object ACL entry on the specified bucket.",
+          "httpMethod": "PUT",
+          "id": "storage.defaultObjectAccessControls.update",
+          "parameterOrder": [
+            "bucket",
+            "entity"
+          ],
+          "parameters": {
+            "bucket": {
+              "description": "Name of a bucket.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "entity": {
+              "description": "The entity holding the permission. Can be user-userId, user-emailAddress, group-groupId, group-emailAddress, allUsers, or allAuthenticatedUsers.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "userProject": {
+              "description": "The project to be billed for this request. Required for Requester Pays buckets.",
+              "location": "query",
+              "type": "string"
+            }
+          },
+          "path": "b/{bucket}/defaultObjectAcl/{entity}",
+          "request": {
+            "$ref": "ObjectAccessControl"
+          },
+          "response": {
+            "$ref": "ObjectAccessControl"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/devstorage.full_control"
+          ]
+        }
+      }
+    },
+    "notifications": {
+      "methods": {
+        "delete": {
+          "description": "Permanently deletes a notification subscription.",
+          "httpMethod": "DELETE",
+          "id": "storage.notifications.delete",
+          "parameterOrder": [
+            "bucket",
+            "notification"
+          ],
+          "parameters": {
+            "bucket": {
+              "description": "The parent bucket of the notification.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "notification": {
+              "description": "ID of the notification to delete.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "userProject": {
+              "description": "The project to be billed for this request. Required for Requester Pays buckets.",
+              "location": "query",
+              "type": "string"
+            }
+          },
+          "path": "b/{bucket}/notificationConfigs/{notification}",
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/devstorage.full_control",
+            "https://www.googleapis.com/auth/devstorage.read_write"
+          ]
+        },
+        "get": {
+          "description": "View a notification configuration.",
+          "httpMethod": "GET",
+          "id": "storage.notifications.get",
+          "parameterOrder": [
+            "bucket",
+            "notification"
+          ],
+          "parameters": {
+            "bucket": {
+              "description": "The parent bucket of the notification.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "notification": {
+              "description": "Notification ID",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "userProject": {
+              "description": "The project to be billed for this request. Required for Requester Pays buckets.",
+              "location": "query",
+              "type": "string"
+            }
+          },
+          "path": "b/{bucket}/notificationConfigs/{notification}",
+          "response": {
+            "$ref": "Notification"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/cloud-platform.read-only",
+            "https://www.googleapis.com/auth/devstorage.full_control",
+            "https://www.googleapis.com/auth/devstorage.read_only",
+            "https://www.googleapis.com/auth/devstorage.read_write"
+          ]
+        },
+        "insert": {
+          "description": "Creates a notification subscription for a given bucket.",
+          "httpMethod": "POST",
+          "id": "storage.notifications.insert",
+          "parameterOrder": [
+            "bucket"
+          ],
+          "parameters": {
+            "bucket": {
+              "description": "The parent bucket of the notification.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "userProject": {
+              "description": "The project to be billed for this request. Required for Requester Pays buckets.",
+              "location": "query",
+              "type": "string"
+            }
+          },
+          "path": "b/{bucket}/notificationConfigs",
+          "request": {
+            "$ref": "Notification"
+          },
+          "response": {
+            "$ref": "Notification"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/devstorage.full_control",
+            "https://www.googleapis.com/auth/devstorage.read_write"
+          ]
+        },
+        "list": {
+          "description": "Retrieves a list of notification subscriptions for a given bucket.",
+          "httpMethod": "GET",
+          "id": "storage.notifications.list",
+          "parameterOrder": [
+            "bucket"
+          ],
+          "parameters": {
+            "bucket": {
+              "description": "Name of a Google Cloud Storage bucket.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "userProject": {
+              "description": "The project to be billed for this request. Required for Requester Pays buckets.",
+              "location": "query",
+              "type": "string"
+            }
+          },
+          "path": "b/{bucket}/notificationConfigs",
+          "response": {
+            "$ref": "Notifications"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/cloud-platform.read-only",
+            "https://www.googleapis.com/auth/devstorage.full_control",
+            "https://www.googleapis.com/auth/devstorage.read_only",
+            "https://www.googleapis.com/auth/devstorage.read_write"
+          ]
+        }
+      }
+    },
+    "objectAccessControls": {
+      "methods": {
+        "delete": {
+          "description": "Permanently deletes the ACL entry for the specified entity on the specified object.",
+          "httpMethod": "DELETE",
+          "id": "storage.objectAccessControls.delete",
+          "parameterOrder": [
+            "bucket",
+            "object",
+            "entity"
+          ],
+          "parameters": {
+            "bucket": {
+              "description": "Name of a bucket.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "entity": {
+              "description": "The entity holding the permission. Can be user-userId, user-emailAddress, group-groupId, group-emailAddress, allUsers, or allAuthenticatedUsers.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "generation": {
+              "description": "If present, selects a specific revision of this object (as opposed to the latest version, the default).",
+              "format": "int64",
+              "location": "query",
+              "type": "string"
+            },
+            "object": {
+              "description": "Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "userProject": {
+              "description": "The project to be billed for this request. Required for Requester Pays buckets.",
+              "location": "query",
+              "type": "string"
+            }
+          },
+          "path": "b/{bucket}/o/{object}/acl/{entity}",
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/devstorage.full_control"
+          ]
+        },
+        "get": {
+          "description": "Returns the ACL entry for the specified entity on the specified object.",
+          "httpMethod": "GET",
+          "id": "storage.objectAccessControls.get",
+          "parameterOrder": [
+            "bucket",
+            "object",
+            "entity"
+          ],
+          "parameters": {
+            "bucket": {
+              "description": "Name of a bucket.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "entity": {
+              "description": "The entity holding the permission. Can be user-userId, user-emailAddress, group-groupId, group-emailAddress, allUsers, or allAuthenticatedUsers.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "generation": {
+              "description": "If present, selects a specific revision of this object (as opposed to the latest version, the default).",
+              "format": "int64",
+              "location": "query",
+              "type": "string"
+            },
+            "object": {
+              "description": "Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "userProject": {
+              "description": "The project to be billed for this request. Required for Requester Pays buckets.",
+              "location": "query",
+              "type": "string"
+            }
+          },
+          "path": "b/{bucket}/o/{object}/acl/{entity}",
+          "response": {
+            "$ref": "ObjectAccessControl"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/devstorage.full_control"
+          ]
+        },
+        "insert": {
+          "description": "Creates a new ACL entry on the specified object.",
+          "httpMethod": "POST",
+          "id": "storage.objectAccessControls.insert",
+          "parameterOrder": [
+            "bucket",
+            "object"
+          ],
+          "parameters": {
+            "bucket": {
+              "description": "Name of a bucket.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "generation": {
+              "description": "If present, selects a specific revision of this object (as opposed to the latest version, the default).",
+              "format": "int64",
+              "location": "query",
+              "type": "string"
+            },
+            "object": {
+              "description": "Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "userProject": {
+              "description": "The project to be billed for this request. Required for Requester Pays buckets.",
+              "location": "query",
+              "type": "string"
+            }
+          },
+          "path": "b/{bucket}/o/{object}/acl",
+          "request": {
+            "$ref": "ObjectAccessControl"
+          },
+          "response": {
+            "$ref": "ObjectAccessControl"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/devstorage.full_control"
+          ]
+        },
+        "list": {
+          "description": "Retrieves ACL entries on the specified object.",
+          "httpMethod": "GET",
+          "id": "storage.objectAccessControls.list",
+          "parameterOrder": [
+            "bucket",
+            "object"
+          ],
+          "parameters": {
+            "bucket": {
+              "description": "Name of a bucket.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "generation": {
+              "description": "If present, selects a specific revision of this object (as opposed to the latest version, the default).",
+              "format": "int64",
+              "location": "query",
+              "type": "string"
+            },
+            "object": {
+              "description": "Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "userProject": {
+              "description": "The project to be billed for this request. Required for Requester Pays buckets.",
+              "location": "query",
+              "type": "string"
+            }
+          },
+          "path": "b/{bucket}/o/{object}/acl",
+          "response": {
+            "$ref": "ObjectAccessControls"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/devstorage.full_control"
+          ]
+        },
+        "patch": {
+          "description": "Patches an ACL entry on the specified object.",
+          "httpMethod": "PATCH",
+          "id": "storage.objectAccessControls.patch",
+          "parameterOrder": [
+            "bucket",
+            "object",
+            "entity"
+          ],
+          "parameters": {
+            "bucket": {
+              "description": "Name of a bucket.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "entity": {
+              "description": "The entity holding the permission. Can be user-userId, user-emailAddress, group-groupId, group-emailAddress, allUsers, or allAuthenticatedUsers.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "generation": {
+              "description": "If present, selects a specific revision of this object (as opposed to the latest version, the default).",
+              "format": "int64",
+              "location": "query",
+              "type": "string"
+            },
+            "object": {
+              "description": "Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "userProject": {
+              "description": "The project to be billed for this request. Required for Requester Pays buckets.",
+              "location": "query",
+              "type": "string"
+            }
+          },
+          "path": "b/{bucket}/o/{object}/acl/{entity}",
+          "request": {
+            "$ref": "ObjectAccessControl"
+          },
+          "response": {
+            "$ref": "ObjectAccessControl"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/devstorage.full_control"
+          ]
+        },
+        "update": {
+          "description": "Updates an ACL entry on the specified object.",
+          "httpMethod": "PUT",
+          "id": "storage.objectAccessControls.update",
+          "parameterOrder": [
+            "bucket",
+            "object",
+            "entity"
+          ],
+          "parameters": {
+            "bucket": {
+              "description": "Name of a bucket.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "entity": {
+              "description": "The entity holding the permission. Can be user-userId, user-emailAddress, group-groupId, group-emailAddress, allUsers, or allAuthenticatedUsers.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "generation": {
+              "description": "If present, selects a specific revision of this object (as opposed to the latest version, the default).",
+              "format": "int64",
+              "location": "query",
+              "type": "string"
+            },
+            "object": {
+              "description": "Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "userProject": {
+              "description": "The project to be billed for this request. Required for Requester Pays buckets.",
+              "location": "query",
+              "type": "string"
+            }
+          },
+          "path": "b/{bucket}/o/{object}/acl/{entity}",
+          "request": {
+            "$ref": "ObjectAccessControl"
+          },
+          "response": {
+            "$ref": "ObjectAccessControl"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/devstorage.full_control"
+          ]
+        }
+      }
+    },
+    "objects": {
+      "methods": {
+        "compose": {
+          "description": "Concatenates a list of existing objects into a new object in the same bucket.",
+          "httpMethod": "POST",
+          "id": "storage.objects.compose",
+          "parameterOrder": [
+            "destinationBucket",
+            "destinationObject"
+          ],
+          "parameters": {
+            "destinationBucket": {
+              "description": "Name of the bucket containing the source objects. The destination object is stored in this bucket.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "destinationObject": {
+              "description": "Name of the new object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "destinationPredefinedAcl": {
+              "description": "Apply a predefined set of access controls to the destination object.",
+              "enum": [
+                "authenticatedRead",
+                "bucketOwnerFullControl",
+                "bucketOwnerRead",
+                "private",
+                "projectPrivate",
+                "publicRead"
+              ],
+              "enumDescriptions": [
+                "Object owner gets OWNER access, and allAuthenticatedUsers get READER access.",
+                "Object owner gets OWNER access, and project team owners get OWNER access.",
+                "Object owner gets OWNER access, and project team owners get READER access.",
+                "Object owner gets OWNER access.",
+                "Object owner gets OWNER access, and project team members get access according to their roles.",
+                "Object owner gets OWNER access, and allUsers get READER access."
+              ],
+              "location": "query",
+              "type": "string"
+            },
+            "ifGenerationMatch": {
+              "description": "Makes the operation conditional on whether the object's current generation matches the given value. Setting to 0 makes the operation succeed only if there are no live versions of the object.",
+              "format": "int64",
+              "location": "query",
+              "type": "string"
+            },
+            "ifMetagenerationMatch": {
+              "description": "Makes the operation conditional on whether the object's current metageneration matches the given value.",
+              "format": "int64",
+              "location": "query",
+              "type": "string"
+            },
+            "kmsKeyName": {
+              "description": "Resource name of the Cloud KMS key, of the form projects/my-project/locations/global/keyRings/my-kr/cryptoKeys/my-key, that will be used to encrypt the object. Overrides the object metadata's kms_key_name value, if any.",
+              "location": "query",
+              "type": "string"
+            },
+            "userProject": {
+              "description": "The project to be billed for this request. Required for Requester Pays buckets.",
+              "location": "query",
+              "type": "string"
+            }
+          },
+          "path": "b/{destinationBucket}/o/{destinationObject}/compose",
+          "request": {
+            "$ref": "ComposeRequest"
+          },
+          "response": {
+            "$ref": "Object"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/devstorage.full_control",
+            "https://www.googleapis.com/auth/devstorage.read_write"
+          ]
+        },
+        "copy": {
+          "description": "Copies a source object to a destination object. Optionally overrides metadata.",
+          "httpMethod": "POST",
+          "id": "storage.objects.copy",
+          "parameterOrder": [
+            "sourceBucket",
+            "sourceObject",
+            "destinationBucket",
+            "destinationObject"
+          ],
+          "parameters": {
+            "destinationBucket": {
+              "description": "Name of the bucket in which to store the new object. Overrides the provided object metadata's bucket value, if any.For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "destinationKmsKeyName": {
+              "description": "Resource name of the Cloud KMS key, of the form projects/my-project/locations/global/keyRings/my-kr/cryptoKeys/my-key, that will be used to encrypt the object. Overrides the object metadata's kms_key_name value, if any.",
+              "location": "query",
+              "type": "string"
+            },
+            "destinationObject": {
+              "description": "Name of the new object. Required when the object metadata is not otherwise provided. Overrides the object metadata's name value, if any.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "destinationPredefinedAcl": {
+              "description": "Apply a predefined set of access controls to the destination object.",
+              "enum": [
+                "authenticatedRead",
+                "bucketOwnerFullControl",
+                "bucketOwnerRead",
+                "private",
+                "projectPrivate",
+                "publicRead"
+              ],
+              "enumDescriptions": [
+                "Object owner gets OWNER access, and allAuthenticatedUsers get READER access.",
+                "Object owner gets OWNER access, and project team owners get OWNER access.",
+                "Object owner gets OWNER access, and project team owners get READER access.",
+                "Object owner gets OWNER access.",
+                "Object owner gets OWNER access, and project team members get access according to their roles.",
+                "Object owner gets OWNER access, and allUsers get READER access."
+              ],
+              "location": "query",
+              "type": "string"
+            },
+            "ifGenerationMatch": {
+              "description": "Makes the operation conditional on whether the destination object's current generation matches the given value. Setting to 0 makes the operation succeed only if there are no live versions of the object.",
+              "format": "int64",
+              "location": "query",
+              "type": "string"
+            },
+            "ifGenerationNotMatch": {
+              "description": "Makes the operation conditional on whether the destination object's current generation does not match the given value. If no live object exists, the precondition fails. Setting to 0 makes the operation succeed only if there is a live version of the object.",
+              "format": "int64",
+              "location": "query",
+              "type": "string"
+            },
+            "ifMetagenerationMatch": {
+              "description": "Makes the operation conditional on whether the destination object's current metageneration matches the given value.",
+              "format": "int64",
+              "location": "query",
+              "type": "string"
+            },
+            "ifMetagenerationNotMatch": {
+              "description": "Makes the operation conditional on whether the destination object's current metageneration does not match the given value.",
+              "format": "int64",
+              "location": "query",
+              "type": "string"
+            },
+            "ifSourceGenerationMatch": {
+              "description": "Makes the operation conditional on whether the source object's current generation matches the given value.",
+              "format": "int64",
+              "location": "query",
+              "type": "string"
+            },
+            "ifSourceGenerationNotMatch": {
+              "description": "Makes the operation conditional on whether the source object's current generation does not match the given value.",
+              "format": "int64",
+              "location": "query",
+              "type": "string"
+            },
+            "ifSourceMetagenerationMatch": {
+              "description": "Makes the operation conditional on whether the source object's current metageneration matches the given value.",
+              "format": "int64",
+              "location": "query",
+              "type": "string"
+            },
+            "ifSourceMetagenerationNotMatch": {
+              "description": "Makes the operation conditional on whether the source object's current metageneration does not match the given value.",
+              "format": "int64",
+              "location": "query",
+              "type": "string"
+            },
+            "projection": {
+              "description": "Set of properties to return. Defaults to noAcl, unless the object resource specifies the acl property, when it defaults to full.",
+              "enum": [
+                "full",
+                "noAcl"
+              ],
+              "enumDescriptions": [
+                "Include all properties.",
+                "Omit the owner, acl property."
+              ],
+              "location": "query",
+              "type": "string"
+            },
+            "sourceBucket": {
+              "description": "Name of the bucket in which to find the source object.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "sourceGeneration": {
+              "description": "If present, selects a specific revision of the source object (as opposed to the latest version, the default).",
+              "format": "int64",
+              "location": "query",
+              "type": "string"
+            },
+            "sourceObject": {
+              "description": "Name of the source object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "userProject": {
+              "description": "The project to be billed for this request. Required for Requester Pays buckets.",
+              "location": "query",
+              "type": "string"
+            }
+          },
+          "path": "b/{sourceBucket}/o/{sourceObject}/copyTo/b/{destinationBucket}/o/{destinationObject}",
+          "request": {
+            "$ref": "Object"
+          },
+          "response": {
+            "$ref": "Object"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/devstorage.full_control",
+            "https://www.googleapis.com/auth/devstorage.read_write"
+          ]
+        },
+        "delete": {
+          "description": "Deletes an object and its metadata. Deletions are permanent if versioning is not enabled for the bucket, or if the generation parameter is used.",
+          "httpMethod": "DELETE",
+          "id": "storage.objects.delete",
+          "parameterOrder": [
+            "bucket",
+            "object"
+          ],
+          "parameters": {
+            "bucket": {
+              "description": "Name of the bucket in which the object resides.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "generation": {
+              "description": "If present, permanently deletes a specific revision of this object (as opposed to the latest version, the default).",
+              "format": "int64",
+              "location": "query",
+              "type": "string"
+            },
+            "ifGenerationMatch": {
+              "description": "Makes the operation conditional on whether the object's current generation matches the given value. Setting to 0 makes the operation succeed only if there are no live versions of the object.",
+              "format": "int64",
+              "location": "query",
+              "type": "string"
+            },
+            "ifGenerationNotMatch": {
+              "description": "Makes the operation conditional on whether the object's current generation does not match the given value. If no live object exists, the precondition fails. Setting to 0 makes the operation succeed only if there is a live version of the object.",
+              "format": "int64",
+              "location": "query",
+              "type": "string"
+            },
+            "ifMetagenerationMatch": {
+              "description": "Makes the operation conditional on whether the object's current metageneration matches the given value.",
+              "format": "int64",
+              "location": "query",
+              "type": "string"
+            },
+            "ifMetagenerationNotMatch": {
+              "description": "Makes the operation conditional on whether the object's current metageneration does not match the given value.",
+              "format": "int64",
+              "location": "query",
+              "type": "string"
+            },
+            "object": {
+              "description": "Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "userProject": {
+              "description": "The project to be billed for this request. Required for Requester Pays buckets.",
+              "location": "query",
+              "type": "string"
+            }
+          },
+          "path": "b/{bucket}/o/{object}",
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/devstorage.full_control",
+            "https://www.googleapis.com/auth/devstorage.read_write"
+          ]
+        },
+        "get": {
+          "description": "Retrieves an object or its metadata.",
+          "httpMethod": "GET",
+          "id": "storage.objects.get",
+          "parameterOrder": [
+            "bucket",
+            "object"
+          ],
+          "parameters": {
+            "bucket": {
+              "description": "Name of the bucket in which the object resides.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "generation": {
+              "description": "If present, selects a specific revision of this object (as opposed to the latest version, the default).",
+              "format": "int64",
+              "location": "query",
+              "type": "string"
+            },
+            "ifGenerationMatch": {
+              "description": "Makes the operation conditional on whether the object's current generation matches the given value. Setting to 0 makes the operation succeed only if there are no live versions of the object.",
+              "format": "int64",
+              "location": "query",
+              "type": "string"
+            },
+            "ifGenerationNotMatch": {
+              "description": "Makes the operation conditional on whether the object's current generation does not match the given value. If no live object exists, the precondition fails. Setting to 0 makes the operation succeed only if there is a live version of the object.",
+              "format": "int64",
+              "location": "query",
+              "type": "string"
+            },
+            "ifMetagenerationMatch": {
+              "description": "Makes the operation conditional on whether the object's current metageneration matches the given value.",
+              "format": "int64",
+              "location": "query",
+              "type": "string"
+            },
+            "ifMetagenerationNotMatch": {
+              "description": "Makes the operation conditional on whether the object's current metageneration does not match the given value.",
+              "format": "int64",
+              "location": "query",
+              "type": "string"
+            },
+            "object": {
+              "description": "Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "projection": {
+              "description": "Set of properties to return. Defaults to noAcl.",
+              "enum": [
+                "full",
+                "noAcl"
+              ],
+              "enumDescriptions": [
+                "Include all properties.",
+                "Omit the owner, acl property."
+              ],
+              "location": "query",
+              "type": "string"
+            },
+            "userProject": {
+              "description": "The project to be billed for this request. Required for Requester Pays buckets.",
+              "location": "query",
+              "type": "string"
+            }
+          },
+          "path": "b/{bucket}/o/{object}",
+          "response": {
+            "$ref": "Object"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/cloud-platform.read-only",
+            "https://www.googleapis.com/auth/devstorage.full_control",
+            "https://www.googleapis.com/auth/devstorage.read_only",
+            "https://www.googleapis.com/auth/devstorage.read_write"
+          ],
+          "supportsMediaDownload": true,
+          "useMediaDownloadService": true
+        },
+        "getIamPolicy": {
+          "description": "Returns an IAM policy for the specified object.",
+          "httpMethod": "GET",
+          "id": "storage.objects.getIamPolicy",
+          "parameterOrder": [
+            "bucket",
+            "object"
+          ],
+          "parameters": {
+            "bucket": {
+              "description": "Name of the bucket in which the object resides.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "generation": {
+              "description": "If present, selects a specific revision of this object (as opposed to the latest version, the default).",
+              "format": "int64",
+              "location": "query",
+              "type": "string"
+            },
+            "object": {
+              "description": "Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "userProject": {
+              "description": "The project to be billed for this request. Required for Requester Pays buckets.",
+              "location": "query",
+              "type": "string"
+            }
+          },
+          "path": "b/{bucket}/o/{object}/iam",
+          "response": {
+            "$ref": "Policy"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/cloud-platform.read-only",
+            "https://www.googleapis.com/auth/devstorage.full_control",
+            "https://www.googleapis.com/auth/devstorage.read_only",
+            "https://www.googleapis.com/auth/devstorage.read_write"
+          ]
+        },
+        "insert": {
+          "description": "Stores a new object and metadata.",
+          "httpMethod": "POST",
+          "id": "storage.objects.insert",
+          "mediaUpload": {
+            "accept": [
+              "*/*"
+            ],
+            "protocols": {
+              "resumable": {
+                "multipart": true,
+                "path": "/resumable/upload/storage/v1/b/{bucket}/o"
+              },
+              "simple": {
+                "multipart": true,
+                "path": "/upload/storage/v1/b/{bucket}/o"
+              }
+            }
+          },
+          "parameterOrder": [
+            "bucket"
+          ],
+          "parameters": {
+            "bucket": {
+              "description": "Name of the bucket in which to store the new object. Overrides the provided object metadata's bucket value, if any.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "contentEncoding": {
+              "description": "If set, sets the contentEncoding property of the final object to this value. Setting this parameter is equivalent to setting the contentEncoding metadata property. This can be useful when uploading an object with uploadType=media to indicate the encoding of the content being uploaded.",
+              "location": "query",
+              "type": "string"
+            },
+            "ifGenerationMatch": {
+              "description": "Makes the operation conditional on whether the object's current generation matches the given value. Setting to 0 makes the operation succeed only if there are no live versions of the object.",
+              "format": "int64",
+              "location": "query",
+              "type": "string"
+            },
+            "ifGenerationNotMatch": {
+              "description": "Makes the operation conditional on whether the object's current generation does not match the given value. If no live object exists, the precondition fails. Setting to 0 makes the operation succeed only if there is a live version of the object.",
+              "format": "int64",
+              "location": "query",
+              "type": "string"
+            },
+            "ifMetagenerationMatch": {
+              "description": "Makes the operation conditional on whether the object's current metageneration matches the given value.",
+              "format": "int64",
+              "location": "query",
+              "type": "string"
+            },
+            "ifMetagenerationNotMatch": {
+              "description": "Makes the operation conditional on whether the object's current metageneration does not match the given value.",
+              "format": "int64",
+              "location": "query",
+              "type": "string"
+            },
+            "kmsKeyName": {
+              "description": "Resource name of the Cloud KMS key, of the form projects/my-project/locations/global/keyRings/my-kr/cryptoKeys/my-key, that will be used to encrypt the object. Overrides the object metadata's kms_key_name value, if any.",
+              "location": "query",
+              "type": "string"
+            },
+            "name": {
+              "description": "Name of the object. Required when the object metadata is not otherwise provided. Overrides the object metadata's name value, if any. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.",
+              "location": "query",
+              "type": "string"
+            },
+            "predefinedAcl": {
+              "description": "Apply a predefined set of access controls to this object.",
+              "enum": [
+                "authenticatedRead",
+                "bucketOwnerFullControl",
+                "bucketOwnerRead",
+                "private",
+                "projectPrivate",
+                "publicRead"
+              ],
+              "enumDescriptions": [
+                "Object owner gets OWNER access, and allAuthenticatedUsers get READER access.",
+                "Object owner gets OWNER access, and project team owners get OWNER access.",
+                "Object owner gets OWNER access, and project team owners get READER access.",
+                "Object owner gets OWNER access.",
+                "Object owner gets OWNER access, and project team members get access according to their roles.",
+                "Object owner gets OWNER access, and allUsers get READER access."
+              ],
+              "location": "query",
+              "type": "string"
+            },
+            "projection": {
+              "description": "Set of properties to return. Defaults to noAcl, unless the object resource specifies the acl property, when it defaults to full.",
+              "enum": [
+                "full",
+                "noAcl"
+              ],
+              "enumDescriptions": [
+                "Include all properties.",
+                "Omit the owner, acl property."
+              ],
+              "location": "query",
+              "type": "string"
+            },
+            "userProject": {
+              "description": "The project to be billed for this request. Required for Requester Pays buckets.",
+              "location": "query",
+              "type": "string"
+            }
+          },
+          "path": "b/{bucket}/o",
+          "request": {
+            "$ref": "Object"
+          },
+          "response": {
+            "$ref": "Object"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/devstorage.full_control",
+            "https://www.googleapis.com/auth/devstorage.read_write"
+          ],
+          "supportsMediaUpload": true
+        },
+        "list": {
+          "description": "Retrieves a list of objects matching the criteria.",
+          "httpMethod": "GET",
+          "id": "storage.objects.list",
+          "parameterOrder": [
+            "bucket"
+          ],
+          "parameters": {
+            "bucket": {
+              "description": "Name of the bucket in which to look for objects.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "delimiter": {
+              "description": "Returns results in a directory-like mode. items will contain only objects whose names, aside from the prefix, do not contain delimiter. Objects whose names, aside from the prefix, contain delimiter will have their name, truncated after the delimiter, returned in prefixes. Duplicate prefixes are omitted.",
+              "location": "query",
+              "type": "string"
+            },
+            "endOffset": {
+              "description": "Filter results to objects whose names are lexicographically before endOffset. If startOffset is also set, the objects listed will have names between startOffset (inclusive) and endOffset (exclusive).",
+              "location": "query",
+              "type": "string"
+            },
+            "includeTrailingDelimiter": {
+              "description": "If true, objects that end in exactly one instance of delimiter will have their metadata included in items in addition to prefixes.",
+              "location": "query",
+              "type": "boolean"
+            },
+            "matchGlob": {
+              "description": "Filter results to objects and prefixes that match this glob pattern.",
+              "location": "query",
+              "type": "string"
+            },
+            "maxResults": {
+              "default": "1000",
+              "description": "Maximum number of items plus prefixes to return in a single page of responses. As duplicate prefixes are omitted, fewer total results may be returned than requested. The service will use this parameter or 1,000 items, whichever is smaller.",
+              "format": "uint32",
+              "location": "query",
+              "minimum": "0",
+              "type": "integer"
+            },
+            "pageToken": {
+              "description": "A previously-returned page token representing part of the larger set of results to view.",
+              "location": "query",
+              "type": "string"
+            },
+            "prefix": {
+              "description": "Filter results to objects whose names begin with this prefix.",
+              "location": "query",
+              "type": "string"
+            },
+            "projection": {
+              "description": "Set of properties to return. Defaults to noAcl.",
+              "enum": [
+                "full",
+                "noAcl"
+              ],
+              "enumDescriptions": [
+                "Include all properties.",
+                "Omit the owner, acl property."
+              ],
+              "location": "query",
+              "type": "string"
+            },
+            "startOffset": {
+              "description": "Filter results to objects whose names are lexicographically equal to or after startOffset. If endOffset is also set, the objects listed will have names between startOffset (inclusive) and endOffset (exclusive).",
+              "location": "query",
+              "type": "string"
+            },
+            "userProject": {
+              "description": "The project to be billed for this request. Required for Requester Pays buckets.",
+              "location": "query",
+              "type": "string"
+            },
+            "versions": {
+              "description": "If true, lists all versions of an object as distinct results. The default is false. For more information, see Object Versioning.",
+              "location": "query",
+              "type": "boolean"
+            }
+          },
+          "path": "b/{bucket}/o",
+          "response": {
+            "$ref": "Objects"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/cloud-platform.read-only",
+            "https://www.googleapis.com/auth/devstorage.full_control",
+            "https://www.googleapis.com/auth/devstorage.read_only",
+            "https://www.googleapis.com/auth/devstorage.read_write"
+          ],
+          "supportsSubscription": true
+        },
+        "patch": {
+          "description": "Patches an object's metadata.",
+          "httpMethod": "PATCH",
+          "id": "storage.objects.patch",
+          "parameterOrder": [
+            "bucket",
+            "object"
+          ],
+          "parameters": {
+            "bucket": {
+              "description": "Name of the bucket in which the object resides.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "generation": {
+              "description": "If present, selects a specific revision of this object (as opposed to the latest version, the default).",
+              "format": "int64",
+              "location": "query",
+              "type": "string"
+            },
+            "ifGenerationMatch": {
+              "description": "Makes the operation conditional on whether the object's current generation matches the given value. Setting to 0 makes the operation succeed only if there are no live versions of the object.",
+              "format": "int64",
+              "location": "query",
+              "type": "string"
+            },
+            "ifGenerationNotMatch": {
+              "description": "Makes the operation conditional on whether the object's current generation does not match the given value. If no live object exists, the precondition fails. Setting to 0 makes the operation succeed only if there is a live version of the object.",
+              "format": "int64",
+              "location": "query",
+              "type": "string"
+            },
+            "ifMetagenerationMatch": {
+              "description": "Makes the operation conditional on whether the object's current metageneration matches the given value.",
+              "format": "int64",
+              "location": "query",
+              "type": "string"
+            },
+            "ifMetagenerationNotMatch": {
+              "description": "Makes the operation conditional on whether the object's current metageneration does not match the given value.",
+              "format": "int64",
+              "location": "query",
+              "type": "string"
+            },
+            "object": {
+              "description": "Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "predefinedAcl": {
+              "description": "Apply a predefined set of access controls to this object.",
+              "enum": [
+                "authenticatedRead",
+                "bucketOwnerFullControl",
+                "bucketOwnerRead",
+                "private",
+                "projectPrivate",
+                "publicRead"
+              ],
+              "enumDescriptions": [
+                "Object owner gets OWNER access, and allAuthenticatedUsers get READER access.",
+                "Object owner gets OWNER access, and project team owners get OWNER access.",
+                "Object owner gets OWNER access, and project team owners get READER access.",
+                "Object owner gets OWNER access.",
+                "Object owner gets OWNER access, and project team members get access according to their roles.",
+                "Object owner gets OWNER access, and allUsers get READER access."
+              ],
+              "location": "query",
+              "type": "string"
+            },
+            "projection": {
+              "description": "Set of properties to return. Defaults to full.",
+              "enum": [
+                "full",
+                "noAcl"
+              ],
+              "enumDescriptions": [
+                "Include all properties.",
+                "Omit the owner, acl property."
+              ],
+              "location": "query",
+              "type": "string"
+            },
+            "userProject": {
+              "description": "The project to be billed for this request, for Requester Pays buckets.",
+              "location": "query",
+              "type": "string"
+            }
+          },
+          "path": "b/{bucket}/o/{object}",
+          "request": {
+            "$ref": "Object"
+          },
+          "response": {
+            "$ref": "Object"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/devstorage.full_control"
+          ]
+        },
+        "rewrite": {
+          "description": "Rewrites a source object to a destination object. Optionally overrides metadata.",
+          "httpMethod": "POST",
+          "id": "storage.objects.rewrite",
+          "parameterOrder": [
+            "sourceBucket",
+            "sourceObject",
+            "destinationBucket",
+            "destinationObject"
+          ],
+          "parameters": {
+            "destinationBucket": {
+              "description": "Name of the bucket in which to store the new object. Overrides the provided object metadata's bucket value, if any.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "destinationKmsKeyName": {
+              "description": "Resource name of the Cloud KMS key, of the form projects/my-project/locations/global/keyRings/my-kr/cryptoKeys/my-key, that will be used to encrypt the object. Overrides the object metadata's kms_key_name value, if any.",
+              "location": "query",
+              "type": "string"
+            },
+            "destinationObject": {
+              "description": "Name of the new object. Required when the object metadata is not otherwise provided. Overrides the object metadata's name value, if any. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "destinationPredefinedAcl": {
+              "description": "Apply a predefined set of access controls to the destination object.",
+              "enum": [
+                "authenticatedRead",
+                "bucketOwnerFullControl",
+                "bucketOwnerRead",
+                "private",
+                "projectPrivate",
+                "publicRead"
+              ],
+              "enumDescriptions": [
+                "Object owner gets OWNER access, and allAuthenticatedUsers get READER access.",
+                "Object owner gets OWNER access, and project team owners get OWNER access.",
+                "Object owner gets OWNER access, and project team owners get READER access.",
+                "Object owner gets OWNER access.",
+                "Object owner gets OWNER access, and project team members get access according to their roles.",
+                "Object owner gets OWNER access, and allUsers get READER access."
+              ],
+              "location": "query",
+              "type": "string"
+            },
+            "ifGenerationMatch": {
+              "description": "Makes the operation conditional on whether the object's current generation matches the given value. Setting to 0 makes the operation succeed only if there are no live versions of the object.",
+              "format": "int64",
+              "location": "query",
+              "type": "string"
+            },
+            "ifGenerationNotMatch": {
+              "description": "Makes the operation conditional on whether the object's current generation does not match the given value. If no live object exists, the precondition fails. Setting to 0 makes the operation succeed only if there is a live version of the object.",
+              "format": "int64",
+              "location": "query",
+              "type": "string"
+            },
+            "ifMetagenerationMatch": {
+              "description": "Makes the operation conditional on whether the destination object's current metageneration matches the given value.",
+              "format": "int64",
+              "location": "query",
+              "type": "string"
+            },
+            "ifMetagenerationNotMatch": {
+              "description": "Makes the operation conditional on whether the destination object's current metageneration does not match the given value.",
+              "format": "int64",
+              "location": "query",
+              "type": "string"
+            },
+            "ifSourceGenerationMatch": {
+              "description": "Makes the operation conditional on whether the source object's current generation matches the given value.",
+              "format": "int64",
+              "location": "query",
+              "type": "string"
+            },
+            "ifSourceGenerationNotMatch": {
+              "description": "Makes the operation conditional on whether the source object's current generation does not match the given value.",
+              "format": "int64",
+              "location": "query",
+              "type": "string"
+            },
+            "ifSourceMetagenerationMatch": {
+              "description": "Makes the operation conditional on whether the source object's current metageneration matches the given value.",
+              "format": "int64",
+              "location": "query",
+              "type": "string"
+            },
+            "ifSourceMetagenerationNotMatch": {
+              "description": "Makes the operation conditional on whether the source object's current metageneration does not match the given value.",
+              "format": "int64",
+              "location": "query",
+              "type": "string"
+            },
+            "maxBytesRewrittenPerCall": {
+              "description": "The maximum number of bytes that will be rewritten per rewrite request. Most callers shouldn't need to specify this parameter - it is primarily in place to support testing. If specified the value must be an integral multiple of 1 MiB (1048576). Also, this only applies to requests where the source and destination span locations and/or storage classes. Finally, this value must not change across rewrite calls else you'll get an error that the rewriteToken is invalid.",
+              "format": "int64",
+              "location": "query",
+              "type": "string"
+            },
+            "projection": {
+              "description": "Set of properties to return. Defaults to noAcl, unless the object resource specifies the acl property, when it defaults to full.",
+              "enum": [
+                "full",
+                "noAcl"
+              ],
+              "enumDescriptions": [
+                "Include all properties.",
+                "Omit the owner, acl property."
+              ],
+              "location": "query",
+              "type": "string"
+            },
+            "rewriteToken": {
+              "description": "Include this field (from the previous rewrite response) on each rewrite request after the first one, until the rewrite response 'done' flag is true. Calls that provide a rewriteToken can omit all other request fields, but if included those fields must match the values provided in the first rewrite request.",
+              "location": "query",
+              "type": "string"
+            },
+            "sourceBucket": {
+              "description": "Name of the bucket in which to find the source object.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "sourceGeneration": {
+              "description": "If present, selects a specific revision of the source object (as opposed to the latest version, the default).",
+              "format": "int64",
+              "location": "query",
+              "type": "string"
+            },
+            "sourceObject": {
+              "description": "Name of the source object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "userProject": {
+              "description": "The project to be billed for this request. Required for Requester Pays buckets.",
+              "location": "query",
+              "type": "string"
+            }
+          },
+          "path": "b/{sourceBucket}/o/{sourceObject}/rewriteTo/b/{destinationBucket}/o/{destinationObject}",
+          "request": {
+            "$ref": "Object"
+          },
+          "response": {
+            "$ref": "RewriteResponse"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/devstorage.full_control",
+            "https://www.googleapis.com/auth/devstorage.read_write"
+          ]
+        },
+        "setIamPolicy": {
+          "description": "Updates an IAM policy for the specified object.",
+          "httpMethod": "PUT",
+          "id": "storage.objects.setIamPolicy",
+          "parameterOrder": [
+            "bucket",
+            "object"
+          ],
+          "parameters": {
+            "bucket": {
+              "description": "Name of the bucket in which the object resides.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "generation": {
+              "description": "If present, selects a specific revision of this object (as opposed to the latest version, the default).",
+              "format": "int64",
+              "location": "query",
+              "type": "string"
+            },
+            "object": {
+              "description": "Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "userProject": {
+              "description": "The project to be billed for this request. Required for Requester Pays buckets.",
+              "location": "query",
+              "type": "string"
+            }
+          },
+          "path": "b/{bucket}/o/{object}/iam",
+          "request": {
+            "$ref": "Policy"
+          },
+          "response": {
+            "$ref": "Policy"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/devstorage.full_control",
+            "https://www.googleapis.com/auth/devstorage.read_write"
+          ]
+        },
+        "testIamPermissions": {
+          "description": "Tests a set of permissions on the given object to see which, if any, are held by the caller.",
+          "httpMethod": "GET",
+          "id": "storage.objects.testIamPermissions",
+          "parameterOrder": [
+            "bucket",
+            "object",
+            "permissions"
+          ],
+          "parameters": {
+            "bucket": {
+              "description": "Name of the bucket in which the object resides.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "generation": {
+              "description": "If present, selects a specific revision of this object (as opposed to the latest version, the default).",
+              "format": "int64",
+              "location": "query",
+              "type": "string"
+            },
+            "object": {
+              "description": "Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "permissions": {
+              "description": "Permissions to test.",
+              "location": "query",
+              "repeated": true,
+              "required": true,
+              "type": "string"
+            },
+            "userProject": {
+              "description": "The project to be billed for this request. Required for Requester Pays buckets.",
+              "location": "query",
+              "type": "string"
+            }
+          },
+          "path": "b/{bucket}/o/{object}/iam/testPermissions",
+          "response": {
+            "$ref": "TestIamPermissionsResponse"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/cloud-platform.read-only",
+            "https://www.googleapis.com/auth/devstorage.full_control",
+            "https://www.googleapis.com/auth/devstorage.read_only",
+            "https://www.googleapis.com/auth/devstorage.read_write"
+          ]
+        },
+        "update": {
+          "description": "Updates an object's metadata.",
+          "httpMethod": "PUT",
+          "id": "storage.objects.update",
+          "parameterOrder": [
+            "bucket",
+            "object"
+          ],
+          "parameters": {
+            "bucket": {
+              "description": "Name of the bucket in which the object resides.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "generation": {
+              "description": "If present, selects a specific revision of this object (as opposed to the latest version, the default).",
+              "format": "int64",
+              "location": "query",
+              "type": "string"
+            },
+            "ifGenerationMatch": {
+              "description": "Makes the operation conditional on whether the object's current generation matches the given value. Setting to 0 makes the operation succeed only if there are no live versions of the object.",
+              "format": "int64",
+              "location": "query",
+              "type": "string"
+            },
+            "ifGenerationNotMatch": {
+              "description": "Makes the operation conditional on whether the object's current generation does not match the given value. If no live object exists, the precondition fails. Setting to 0 makes the operation succeed only if there is a live version of the object.",
+              "format": "int64",
+              "location": "query",
+              "type": "string"
+            },
+            "ifMetagenerationMatch": {
+              "description": "Makes the operation conditional on whether the object's current metageneration matches the given value.",
+              "format": "int64",
+              "location": "query",
+              "type": "string"
+            },
+            "ifMetagenerationNotMatch": {
+              "description": "Makes the operation conditional on whether the object's current metageneration does not match the given value.",
+              "format": "int64",
+              "location": "query",
+              "type": "string"
+            },
+            "object": {
+              "description": "Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "predefinedAcl": {
+              "description": "Apply a predefined set of access controls to this object.",
+              "enum": [
+                "authenticatedRead",
+                "bucketOwnerFullControl",
+                "bucketOwnerRead",
+                "private",
+                "projectPrivate",
+                "publicRead"
+              ],
+              "enumDescriptions": [
+                "Object owner gets OWNER access, and allAuthenticatedUsers get READER access.",
+                "Object owner gets OWNER access, and project team owners get OWNER access.",
+                "Object owner gets OWNER access, and project team owners get READER access.",
+                "Object owner gets OWNER access.",
+                "Object owner gets OWNER access, and project team members get access according to their roles.",
+                "Object owner gets OWNER access, and allUsers get READER access."
+              ],
+              "location": "query",
+              "type": "string"
+            },
+            "projection": {
+              "description": "Set of properties to return. Defaults to full.",
+              "enum": [
+                "full",
+                "noAcl"
+              ],
+              "enumDescriptions": [
+                "Include all properties.",
+                "Omit the owner, acl property."
+              ],
+              "location": "query",
+              "type": "string"
+            },
+            "userProject": {
+              "description": "The project to be billed for this request. Required for Requester Pays buckets.",
+              "location": "query",
+              "type": "string"
+            }
+          },
+          "path": "b/{bucket}/o/{object}",
+          "request": {
+            "$ref": "Object"
+          },
+          "response": {
+            "$ref": "Object"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/devstorage.full_control"
+          ]
+        },
+        "watchAll": {
+          "description": "Watch for changes on all objects in a bucket.",
+          "httpMethod": "POST",
+          "id": "storage.objects.watchAll",
+          "parameterOrder": [
+            "bucket"
+          ],
+          "parameters": {
+            "bucket": {
+              "description": "Name of the bucket in which to look for objects.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "delimiter": {
+              "description": "Returns results in a directory-like mode. items will contain only objects whose names, aside from the prefix, do not contain delimiter. Objects whose names, aside from the prefix, contain delimiter will have their name, truncated after the delimiter, returned in prefixes. Duplicate prefixes are omitted.",
+              "location": "query",
+              "type": "string"
+            },
+            "endOffset": {
+              "description": "Filter results to objects whose names are lexicographically before endOffset. If startOffset is also set, the objects listed will have names between startOffset (inclusive) and endOffset (exclusive).",
+              "location": "query",
+              "type": "string"
+            },
+            "includeTrailingDelimiter": {
+              "description": "If true, objects that end in exactly one instance of delimiter will have their metadata included in items in addition to prefixes.",
+              "location": "query",
+              "type": "boolean"
+            },
+            "maxResults": {
+              "default": "1000",
+              "description": "Maximum number of items plus prefixes to return in a single page of responses. As duplicate prefixes are omitted, fewer total results may be returned than requested. The service will use this parameter or 1,000 items, whichever is smaller.",
+              "format": "uint32",
+              "location": "query",
+              "minimum": "0",
+              "type": "integer"
+            },
+            "pageToken": {
+              "description": "A previously-returned page token representing part of the larger set of results to view.",
+              "location": "query",
+              "type": "string"
+            },
+            "prefix": {
+              "description": "Filter results to objects whose names begin with this prefix.",
+              "location": "query",
+              "type": "string"
+            },
+            "projection": {
+              "description": "Set of properties to return. Defaults to noAcl.",
+              "enum": [
+                "full",
+                "noAcl"
+              ],
+              "enumDescriptions": [
+                "Include all properties.",
+                "Omit the owner, acl property."
+              ],
+              "location": "query",
+              "type": "string"
+            },
+            "startOffset": {
+              "description": "Filter results to objects whose names are lexicographically equal to or after startOffset. If endOffset is also set, the objects listed will have names between startOffset (inclusive) and endOffset (exclusive).",
+              "location": "query",
+              "type": "string"
+            },
+            "userProject": {
+              "description": "The project to be billed for this request. Required for Requester Pays buckets.",
+              "location": "query",
+              "type": "string"
+            },
+            "versions": {
+              "description": "If true, lists all versions of an object as distinct results. The default is false. For more information, see Object Versioning.",
+              "location": "query",
+              "type": "boolean"
+            }
+          },
+          "path": "b/{bucket}/o/watch",
+          "request": {
+            "$ref": "Channel",
+            "parameterName": "resource"
+          },
+          "response": {
+            "$ref": "Channel"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/cloud-platform.read-only",
+            "https://www.googleapis.com/auth/devstorage.full_control",
+            "https://www.googleapis.com/auth/devstorage.read_only",
+            "https://www.googleapis.com/auth/devstorage.read_write"
+          ],
+          "supportsSubscription": true
+        }
+      }
+    },
+    "projects": {
+      "resources": {
+        "hmacKeys": {
+          "methods": {
+            "create": {
+              "description": "Creates a new HMAC key for the specified service account.",
+              "httpMethod": "POST",
+              "id": "storage.projects.hmacKeys.create",
+              "parameterOrder": [
+                "projectId",
+                "serviceAccountEmail"
+              ],
+              "parameters": {
+                "projectId": {
+                  "description": "Project ID owning the service account.",
+                  "location": "path",
+                  "required": true,
+                  "type": "string"
+                },
+                "serviceAccountEmail": {
+                  "description": "Email address of the service account.",
+                  "location": "query",
+                  "required": true,
+                  "type": "string"
+                },
+                "userProject": {
+                  "description": "The project to be billed for this request.",
+                  "location": "query",
+                  "type": "string"
+                }
+              },
+              "path": "projects/{projectId}/hmacKeys",
+              "response": {
+                "$ref": "HmacKey"
+              },
+              "scopes": [
+                "https://www.googleapis.com/auth/cloud-platform",
+                "https://www.googleapis.com/auth/devstorage.full_control"
+              ]
+            },
+            "delete": {
+              "description": "Deletes an HMAC key.",
+              "httpMethod": "DELETE",
+              "id": "storage.projects.hmacKeys.delete",
+              "parameterOrder": [
+                "projectId",
+                "accessId"
+              ],
+              "parameters": {
+                "accessId": {
+                  "description": "Name of the HMAC key to be deleted.",
+                  "location": "path",
+                  "required": true,
+                  "type": "string"
+                },
+                "projectId": {
+                  "description": "Project ID owning the requested key",
+                  "location": "path",
+                  "required": true,
+                  "type": "string"
+                },
+                "userProject": {
+                  "description": "The project to be billed for this request.",
+                  "location": "query",
+                  "type": "string"
+                }
+              },
+              "path": "projects/{projectId}/hmacKeys/{accessId}",
+              "scopes": [
+                "https://www.googleapis.com/auth/cloud-platform",
+                "https://www.googleapis.com/auth/devstorage.full_control",
+                "https://www.googleapis.com/auth/devstorage.read_write"
+              ]
+            },
+            "get": {
+              "description": "Retrieves an HMAC key's metadata",
+              "httpMethod": "GET",
+              "id": "storage.projects.hmacKeys.get",
+              "parameterOrder": [
+                "projectId",
+                "accessId"
+              ],
+              "parameters": {
+                "accessId": {
+                  "description": "Name of the HMAC key.",
+                  "location": "path",
+                  "required": true,
+                  "type": "string"
+                },
+                "projectId": {
+                  "description": "Project ID owning the service account of the requested key.",
+                  "location": "path",
+                  "required": true,
+                  "type": "string"
+                },
+                "userProject": {
+                  "description": "The project to be billed for this request.",
+                  "location": "query",
+                  "type": "string"
+                }
+              },
+              "path": "projects/{projectId}/hmacKeys/{accessId}",
+              "response": {
+                "$ref": "HmacKeyMetadata"
+              },
+              "scopes": [
+                "https://www.googleapis.com/auth/cloud-platform",
+                "https://www.googleapis.com/auth/cloud-platform.read-only",
+                "https://www.googleapis.com/auth/devstorage.full_control",
+                "https://www.googleapis.com/auth/devstorage.read_only"
+              ]
+            },
+            "list": {
+              "description": "Retrieves a list of HMAC keys matching the criteria.",
+              "httpMethod": "GET",
+              "id": "storage.projects.hmacKeys.list",
+              "parameterOrder": [
+                "projectId"
+              ],
+              "parameters": {
+                "maxResults": {
+                  "default": "250",
+                  "description": "Maximum number of items to return in a single page of responses. The service uses this parameter or 250 items, whichever is smaller. The max number of items per page will also be limited by the number of distinct service accounts in the response. If the number of service accounts in a single response is too high, the page will truncated and a next page token will be returned.",
+                  "format": "uint32",
+                  "location": "query",
+                  "minimum": "0",
+                  "type": "integer"
+                },
+                "pageToken": {
+                  "description": "A previously-returned page token representing part of the larger set of results to view.",
+                  "location": "query",
+                  "type": "string"
+                },
+                "projectId": {
+                  "description": "Name of the project in which to look for HMAC keys.",
+                  "location": "path",
+                  "required": true,
+                  "type": "string"
+                },
+                "serviceAccountEmail": {
+                  "description": "If present, only keys for the given service account are returned.",
+                  "location": "query",
+                  "type": "string"
+                },
+                "showDeletedKeys": {
+                  "description": "Whether or not to show keys in the DELETED state.",
+                  "location": "query",
+                  "type": "boolean"
+                },
+                "userProject": {
+                  "description": "The project to be billed for this request.",
+                  "location": "query",
+                  "type": "string"
+                }
+              },
+              "path": "projects/{projectId}/hmacKeys",
+              "response": {
+                "$ref": "HmacKeysMetadata"
+              },
+              "scopes": [
+                "https://www.googleapis.com/auth/cloud-platform",
+                "https://www.googleapis.com/auth/cloud-platform.read-only",
+                "https://www.googleapis.com/auth/devstorage.full_control",
+                "https://www.googleapis.com/auth/devstorage.read_only"
+              ]
+            },
+            "update": {
+              "description": "Updates the state of an HMAC key. See the HMAC Key resource descriptor for valid states.",
+              "httpMethod": "PUT",
+              "id": "storage.projects.hmacKeys.update",
+              "parameterOrder": [
+                "projectId",
+                "accessId"
+              ],
+              "parameters": {
+                "accessId": {
+                  "description": "Name of the HMAC key being updated.",
+                  "location": "path",
+                  "required": true,
+                  "type": "string"
+                },
+                "projectId": {
+                  "description": "Project ID owning the service account of the updated key.",
+                  "location": "path",
+                  "required": true,
+                  "type": "string"
+                },
+                "userProject": {
+                  "description": "The project to be billed for this request.",
+                  "location": "query",
+                  "type": "string"
+                }
+              },
+              "path": "projects/{projectId}/hmacKeys/{accessId}",
+              "request": {
+                "$ref": "HmacKeyMetadata"
+              },
+              "response": {
+                "$ref": "HmacKeyMetadata"
+              },
+              "scopes": [
+                "https://www.googleapis.com/auth/cloud-platform",
+                "https://www.googleapis.com/auth/devstorage.full_control"
+              ]
+            }
+          }
+        },
+        "serviceAccount": {
+          "methods": {
+            "get": {
+              "description": "Get the email address of this project's Google Cloud Storage service account.",
+              "httpMethod": "GET",
+              "id": "storage.projects.serviceAccount.get",
+              "parameterOrder": [
+                "projectId"
+              ],
+              "parameters": {
+                "projectId": {
+                  "description": "Project ID",
+                  "location": "path",
+                  "required": true,
+                  "type": "string"
+                },
+                "userProject": {
+                  "description": "The project to be billed for this request.",
+                  "location": "query",
+                  "type": "string"
+                }
+              },
+              "path": "projects/{projectId}/serviceAccount",
+              "response": {
+                "$ref": "ServiceAccount"
+              },
+              "scopes": [
+                "https://www.googleapis.com/auth/cloud-platform",
+                "https://www.googleapis.com/auth/cloud-platform.read-only",
+                "https://www.googleapis.com/auth/devstorage.full_control",
+                "https://www.googleapis.com/auth/devstorage.read_only",
+                "https://www.googleapis.com/auth/devstorage.read_write"
+              ]
+            }
+          }
+        }
+      }
+    }
+  },
+  "revision": "20230301",
+  "rootUrl": "https://storage.googleapis.com/",
+  "schemas": {
+    "Bucket": {
+      "description": "A bucket.",
+      "id": "Bucket",
+      "properties": {
+        "acl": {
+          "annotations": {
+            "required": [
+              "storage.buckets.update"
+            ]
+          },
+          "description": "Access controls on the bucket.",
+          "items": {
+            "$ref": "BucketAccessControl"
+          },
+          "type": "array"
+        },
+        "autoclass": {
+          "description": "The bucket's Autoclass configuration.",
+          "properties": {
+            "enabled": {
+              "description": "Whether or not Autoclass is enabled on this bucket",
+              "type": "boolean"
+            },
+            "toggleTime": {
+              "description": "A date and time in RFC 3339 format representing the instant at which \"enabled\" was last toggled.",
+              "format": "date-time",
+              "type": "string"
+            }
+          },
+          "type": "object"
+        },
+        "billing": {
+          "description": "The bucket's billing configuration.",
+          "properties": {
+            "requesterPays": {
+              "description": "When set to true, Requester Pays is enabled for this bucket.",
+              "type": "boolean"
+            }
+          },
+          "type": "object"
+        },
+        "cors": {
+          "description": "The bucket's Cross-Origin Resource Sharing (CORS) configuration.",
+          "items": {
+            "properties": {
+              "maxAgeSeconds": {
+                "description": "The value, in seconds, to return in the  Access-Control-Max-Age header used in preflight responses.",
+                "format": "int32",
+                "type": "integer"
+              },
+              "method": {
+                "description": "The list of HTTP methods on which to include CORS response headers, (GET, OPTIONS, POST, etc) Note: \"*\" is permitted in the list of methods, and means \"any method\".",
+                "items": {
+                  "type": "string"
+                },
+                "type": "array"
+              },
+              "origin": {
+                "description": "The list of Origins eligible to receive CORS response headers. Note: \"*\" is permitted in the list of origins, and means \"any Origin\".",
+                "items": {
+                  "type": "string"
+                },
+                "type": "array"
+              },
+              "responseHeader": {
+                "description": "The list of HTTP headers other than the simple response headers to give permission for the user-agent to share across domains.",
+                "items": {
+                  "type": "string"
+                },
+                "type": "array"
+              }
+            },
+            "type": "object"
+          },
+          "type": "array"
+        },
+        "customPlacementConfig": {
+          "description": "The bucket's custom placement configuration for Custom Dual Regions.",
+          "properties": {
+            "dataLocations": {
+              "description": "The list of regional locations in which data is placed.",
+              "items": {
+                "type": "string"
+              },
+              "type": "array"
+            }
+          },
+          "type": "object"
+        },
+        "defaultEventBasedHold": {
+          "description": "The default value for event-based hold on newly created objects in this bucket. Event-based hold is a way to retain objects indefinitely until an event occurs, signified by the hold's release. After being released, such objects will be subject to bucket-level retention (if any). One sample use case of this flag is for banks to hold loan documents for at least 3 years after loan is paid in full. Here, bucket-level retention is 3 years and the event is loan being paid in full. In this example, these objects will be held intact for any number of years until the event has occurred (event-based hold on the object is released) and then 3 more years after that. That means retention duration of the objects begins from the moment event-based hold transitioned from true to false. Objects under event-based hold cannot be deleted, overwritten or archived until the hold is removed.",
+          "type": "boolean"
+        },
+        "defaultObjectAcl": {
+          "description": "Default access controls to apply to new objects when no ACL is provided.",
+          "items": {
+            "$ref": "ObjectAccessControl"
+          },
+          "type": "array"
+        },
+        "encryption": {
+          "description": "Encryption configuration for a bucket.",
+          "properties": {
+            "defaultKmsKeyName": {
+              "description": "A Cloud KMS key that will be used to encrypt objects inserted into this bucket, if no encryption method is specified.",
+              "type": "string"
+            }
+          },
+          "type": "object"
+        },
+        "etag": {
+          "description": "HTTP 1.1 Entity tag for the bucket.",
+          "type": "string"
+        },
+        "iamConfiguration": {
+          "description": "The bucket's IAM configuration.",
+          "properties": {
+            "bucketPolicyOnly": {
+              "description": "The bucket's uniform bucket-level access configuration. The feature was formerly known as Bucket Policy Only. For backward compatibility, this field will be populated with identical information as the uniformBucketLevelAccess field. We recommend using the uniformBucketLevelAccess field to enable and disable the feature.",
+              "properties": {
+                "enabled": {
+                  "description": "If set, access is controlled only by bucket-level or above IAM policies.",
+                  "type": "boolean"
+                },
+                "lockedTime": {
+                  "description": "The deadline for changing iamConfiguration.bucketPolicyOnly.enabled from true to false in RFC 3339 format. iamConfiguration.bucketPolicyOnly.enabled may be changed from true to false until the locked time, after which the field is immutable.",
+                  "format": "date-time",
+                  "type": "string"
+                }
+              },
+              "type": "object"
+            },
+            "publicAccessPrevention": {
+              "description": "The bucket's Public Access Prevention configuration. Currently, 'inherited' and 'enforced' are supported.",
+              "type": "string"
+            },
+            "uniformBucketLevelAccess": {
+              "description": "The bucket's uniform bucket-level access configuration.",
+              "properties": {
+                "enabled": {
+                  "description": "If set, access is controlled only by bucket-level or above IAM policies.",
+                  "type": "boolean"
+                },
+                "lockedTime": {
+                  "description": "The deadline for changing iamConfiguration.uniformBucketLevelAccess.enabled from true to false in RFC 3339  format. iamConfiguration.uniformBucketLevelAccess.enabled may be changed from true to false until the locked time, after which the field is immutable.",
+                  "format": "date-time",
+                  "type": "string"
+                }
+              },
+              "type": "object"
+            }
+          },
+          "type": "object"
+        },
+        "id": {
+          "description": "The ID of the bucket. For buckets, the id and name properties are the same.",
+          "type": "string"
+        },
+        "kind": {
+          "default": "storage#bucket",
+          "description": "The kind of item this is. For buckets, this is always storage#bucket.",
+          "type": "string"
+        },
+        "labels": {
+          "additionalProperties": {
+            "description": "An individual label entry.",
+            "type": "string"
+          },
+          "description": "User-provided labels, in key/value pairs.",
+          "type": "object"
+        },
+        "lifecycle": {
+          "description": "The bucket's lifecycle configuration. See lifecycle management for more information.",
+          "properties": {
+            "rule": {
+              "description": "A lifecycle management rule, which is made of an action to take and the condition(s) under which the action will be taken.",
+              "items": {
+                "properties": {
+                  "action": {
+                    "description": "The action to take.",
+                    "properties": {
+                      "storageClass": {
+                        "description": "Target storage class. Required iff the type of the action is SetStorageClass.",
+                        "type": "string"
+                      },
+                      "type": {
+                        "description": "Type of the action. Currently, only Delete, SetStorageClass, and AbortIncompleteMultipartUpload are supported.",
+                        "type": "string"
+                      }
+                    },
+                    "type": "object"
+                  },
+                  "condition": {
+                    "description": "The condition(s) under which the action will be taken.",
+                    "properties": {
+                      "age": {
+                        "description": "Age of an object (in days). This condition is satisfied when an object reaches the specified age.",
+                        "format": "int32",
+                        "type": "integer"
+                      },
+                      "createdBefore": {
+                        "description": "A date in RFC 3339 format with only the date part (for instance, \"2013-01-15\"). This condition is satisfied when an object is created before midnight of the specified date in UTC.",
+                        "format": "date",
+                        "type": "string"
+                      },
+                      "customTimeBefore": {
+                        "description": "A date in RFC 3339 format with only the date part (for instance, \"2013-01-15\"). This condition is satisfied when the custom time on an object is before this date in UTC.",
+                        "format": "date",
+                        "type": "string"
+                      },
+                      "daysSinceCustomTime": {
+                        "description": "Number of days elapsed since the user-specified timestamp set on an object. The condition is satisfied if the days elapsed is at least this number. If no custom timestamp is specified on an object, the condition does not apply.",
+                        "format": "int32",
+                        "type": "integer"
+                      },
+                      "daysSinceNoncurrentTime": {
+                        "description": "Number of days elapsed since the noncurrent timestamp of an object. The condition is satisfied if the days elapsed is at least this number. This condition is relevant only for versioned objects. The value of the field must be a nonnegative integer. If it's zero, the object version will become eligible for Lifecycle action as soon as it becomes noncurrent.",
+                        "format": "int32",
+                        "type": "integer"
+                      },
+                      "isLive": {
+                        "description": "Relevant only for versioned objects. If the value is true, this condition matches live objects; if the value is false, it matches archived objects.",
+                        "type": "boolean"
+                      },
+                      "matchesPattern": {
+                        "description": "A regular expression that satisfies the RE2 syntax. This condition is satisfied when the name of the object matches the RE2 pattern. Note: This feature is currently in the \"Early Access\" launch stage and is only available to a whitelisted set of users; that means that this feature may be changed in backward-incompatible ways and that it is not guaranteed to be released.",
+                        "type": "string"
+                      },
+                      "matchesPrefix": {
+                        "description": "List of object name prefixes. This condition will be satisfied when at least one of the prefixes exactly matches the beginning of the object name.",
+                        "items": {
+                          "type": "string"
+                        },
+                        "type": "array"
+                      },
+                      "matchesStorageClass": {
+                        "description": "Objects having any of the storage classes specified by this condition will be matched. Values include MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, ARCHIVE, STANDARD, and DURABLE_REDUCED_AVAILABILITY.",
+                        "items": {
+                          "type": "string"
+                        },
+                        "type": "array"
+                      },
+                      "matchesSuffix": {
+                        "description": "List of object name suffixes. This condition will be satisfied when at least one of the suffixes exactly matches the end of the object name.",
+                        "items": {
+                          "type": "string"
+                        },
+                        "type": "array"
+                      },
+                      "noncurrentTimeBefore": {
+                        "description": "A date in RFC 3339 format with only the date part (for instance, \"2013-01-15\"). This condition is satisfied when the noncurrent time on an object is before this date in UTC. This condition is relevant only for versioned objects.",
+                        "format": "date",
+                        "type": "string"
+                      },
+                      "numNewerVersions": {
+                        "description": "Relevant only for versioned objects. If the value is N, this condition is satisfied when there are at least N versions (including the live version) newer than this version of the object.",
+                        "format": "int32",
+                        "type": "integer"
+                      }
+                    },
+                    "type": "object"
+                  }
+                },
+                "type": "object"
+              },
+              "type": "array"
+            }
+          },
+          "type": "object"
+        },
+        "location": {
+          "description": "The location of the bucket. Object data for objects in the bucket resides in physical storage within this region. Defaults to US. See the developer's guide for the authoritative list.",
+          "type": "string"
+        },
+        "locationType": {
+          "description": "The type of the bucket location.",
+          "type": "string"
+        },
+        "logging": {
+          "description": "The bucket's logging configuration, which defines the destination bucket and optional name prefix for the current bucket's logs.",
+          "properties": {
+            "logBucket": {
+              "description": "The destination bucket where the current bucket's logs should be placed.",
+              "type": "string"
+            },
+            "logObjectPrefix": {
+              "description": "A prefix for log object names.",
+              "type": "string"
+            }
+          },
+          "type": "object"
+        },
+        "metageneration": {
+          "description": "The metadata generation of this bucket.",
+          "format": "int64",
+          "type": "string"
+        },
+        "name": {
+          "annotations": {
+            "required": [
+              "storage.buckets.insert"
+            ]
+          },
+          "description": "The name of the bucket.",
+          "type": "string"
+        },
+        "owner": {
+          "description": "The owner of the bucket. This is always the project team's owner group.",
+          "properties": {
+            "entity": {
+              "description": "The entity, in the form project-owner-projectId.",
+              "type": "string"
+            },
+            "entityId": {
+              "description": "The ID for the entity.",
+              "type": "string"
+            }
+          },
+          "type": "object"
+        },
+        "projectNumber": {
+          "description": "The project number of the project the bucket belongs to.",
+          "format": "uint64",
+          "type": "string"
+        },
+        "retentionPolicy": {
+          "description": "The bucket's retention policy. The retention policy enforces a minimum retention time for all objects contained in the bucket, based on their creation time. Any attempt to overwrite or delete objects younger than the retention period will result in a PERMISSION_DENIED error. An unlocked retention policy can be modified or removed from the bucket via a storage.buckets.update operation. A locked retention policy cannot be removed or shortened in duration for the lifetime of the bucket. Attempting to remove or decrease period of a locked retention policy will result in a PERMISSION_DENIED error.",
+          "properties": {
+            "effectiveTime": {
+              "description": "Server-determined value that indicates the time from which policy was enforced and effective. This value is in RFC 3339 format.",
+              "format": "date-time",
+              "type": "string"
+            },
+            "isLocked": {
+              "description": "Once locked, an object retention policy cannot be modified.",
+              "type": "boolean"
+            },
+            "retentionPeriod": {
+              "description": "The duration in seconds that objects need to be retained. Retention duration must be greater than zero and less than 100 years. Note that enforcement of retention periods less than a day is not guaranteed. Such periods should only be used for testing purposes.",
+              "format": "int64",
+              "type": "string"
+            }
+          },
+          "type": "object"
+        },
+        "rpo": {
+          "description": "The Recovery Point Objective (RPO) of this bucket. Set to ASYNC_TURBO to turn on Turbo Replication on a bucket.",
+          "type": "string"
+        },
+        "satisfiesPZS": {
+          "description": "Reserved for future use.",
+          "type": "boolean"
+        },
+        "selfLink": {
+          "description": "The URI of this bucket.",
+          "type": "string"
+        },
+        "storageClass": {
+          "description": "The bucket's default storage class, used whenever no storageClass is specified for a newly-created object. This defines how objects in the bucket are stored and determines the SLA and the cost of storage. Values include MULTI_REGIONAL, REGIONAL, STANDARD, NEARLINE, COLDLINE, ARCHIVE, and DURABLE_REDUCED_AVAILABILITY. If this value is not specified when the bucket is created, it will default to STANDARD. For more information, see storage classes.",
+          "type": "string"
+        },
+        "timeCreated": {
+          "description": "The creation time of the bucket in RFC 3339 format.",
+          "format": "date-time",
+          "type": "string"
+        },
+        "updated": {
+          "description": "The modification time of the bucket in RFC 3339 format.",
+          "format": "date-time",
+          "type": "string"
+        },
+        "versioning": {
+          "description": "The bucket's versioning configuration.",
+          "properties": {
+            "enabled": {
+              "description": "While set to true, versioning is fully enabled for this bucket.",
+              "type": "boolean"
+            }
+          },
+          "type": "object"
+        },
+        "website": {
+          "description": "The bucket's website configuration, controlling how the service behaves when accessing bucket contents as a web site. See the Static Website Examples for more information.",
+          "properties": {
+            "mainPageSuffix": {
+              "description": "If the requested object path is missing, the service will ensure the path has a trailing '/', append this suffix, and attempt to retrieve the resulting object. This allows the creation of index.html objects to represent directory pages.",
+              "type": "string"
+            },
+            "notFoundPage": {
+              "description": "If the requested object path is missing, and any mainPageSuffix object is missing, if applicable, the service will return the named object from this bucket as the content for a 404 Not Found result.",
+              "type": "string"
+            }
+          },
+          "type": "object"
+        }
+      },
+      "type": "object"
+    },
+    "BucketAccessControl": {
+      "description": "An access-control entry.",
+      "id": "BucketAccessControl",
+      "properties": {
+        "bucket": {
+          "description": "The name of the bucket.",
+          "type": "string"
+        },
+        "domain": {
+          "description": "The domain associated with the entity, if any.",
+          "type": "string"
+        },
+        "email": {
+          "description": "The email address associated with the entity, if any.",
+          "type": "string"
+        },
+        "entity": {
+          "annotations": {
+            "required": [
+              "storage.bucketAccessControls.insert"
+            ]
+          },
+          "description": "The entity holding the permission, in one of the following forms: \n- user-userId \n- user-email \n- group-groupId \n- group-email \n- domain-domain \n- project-team-projectId \n- allUsers \n- allAuthenticatedUsers Examples: \n- The user liz@example.com would be user-liz@example.com. \n- The group example@googlegroups.com would be group-example@googlegroups.com. \n- To refer to all members of the Google Apps for Business domain example.com, the entity would be domain-example.com.",
+          "type": "string"
+        },
+        "entityId": {
+          "description": "The ID for the entity, if any.",
+          "type": "string"
+        },
+        "etag": {
+          "description": "HTTP 1.1 Entity tag for the access-control entry.",
+          "type": "string"
+        },
+        "id": {
+          "description": "The ID of the access-control entry.",
+          "type": "string"
+        },
+        "kind": {
+          "default": "storage#bucketAccessControl",
+          "description": "The kind of item this is. For bucket access control entries, this is always storage#bucketAccessControl.",
+          "type": "string"
+        },
+        "projectTeam": {
+          "description": "The project team associated with the entity, if any.",
+          "properties": {
+            "projectNumber": {
+              "description": "The project number.",
+              "type": "string"
+            },
+            "team": {
+              "description": "The team.",
+              "type": "string"
+            }
+          },
+          "type": "object"
+        },
+        "role": {
+          "annotations": {
+            "required": [
+              "storage.bucketAccessControls.insert"
+            ]
+          },
+          "description": "The access permission for the entity.",
+          "type": "string"
+        },
+        "selfLink": {
+          "description": "The link to this access-control entry.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "BucketAccessControls": {
+      "description": "An access-control list.",
+      "id": "BucketAccessControls",
+      "properties": {
+        "items": {
+          "description": "The list of items.",
+          "items": {
+            "$ref": "BucketAccessControl"
+          },
+          "type": "array"
+        },
+        "kind": {
+          "default": "storage#bucketAccessControls",
+          "description": "The kind of item this is. For lists of bucket access control entries, this is always storage#bucketAccessControls.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "Buckets": {
+      "description": "A list of buckets.",
+      "id": "Buckets",
+      "properties": {
+        "items": {
+          "description": "The list of items.",
+          "items": {
+            "$ref": "Bucket"
+          },
+          "type": "array"
+        },
+        "kind": {
+          "default": "storage#buckets",
+          "description": "The kind of item this is. For lists of buckets, this is always storage#buckets.",
+          "type": "string"
+        },
+        "nextPageToken": {
+          "description": "The continuation token, used to page through large result sets. Provide this value in a subsequent request to return the next page of results.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "Channel": {
+      "description": "An notification channel used to watch for resource changes.",
+      "id": "Channel",
+      "properties": {
+        "address": {
+          "description": "The address where notifications are delivered for this channel.",
+          "type": "string"
+        },
+        "expiration": {
+          "description": "Date and time of notification channel expiration, expressed as a Unix timestamp, in milliseconds. Optional.",
+          "format": "int64",
+          "type": "string"
+        },
+        "id": {
+          "description": "A UUID or similar unique string that identifies this channel.",
+          "type": "string"
+        },
+        "kind": {
+          "default": "api#channel",
+          "description": "Identifies this as a notification channel used to watch for changes to a resource, which is \"api#channel\".",
+          "type": "string"
+        },
+        "params": {
+          "additionalProperties": {
+            "description": "Declares a new parameter by name.",
+            "type": "string"
+          },
+          "description": "Additional parameters controlling delivery channel behavior. Optional.",
+          "type": "object"
+        },
+        "payload": {
+          "description": "A Boolean value to indicate whether payload is wanted. Optional.",
+          "type": "boolean"
+        },
+        "resourceId": {
+          "description": "An opaque ID that identifies the resource being watched on this channel. Stable across different API versions.",
+          "type": "string"
+        },
+        "resourceUri": {
+          "description": "A version-specific identifier for the watched resource.",
+          "type": "string"
+        },
+        "token": {
+          "description": "An arbitrary string delivered to the target address with each notification delivered over this channel. Optional.",
+          "type": "string"
+        },
+        "type": {
+          "description": "The type of delivery mechanism used for this channel.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "ComposeRequest": {
+      "description": "A Compose request.",
+      "id": "ComposeRequest",
+      "properties": {
+        "destination": {
+          "$ref": "Object",
+          "description": "Properties of the resulting object."
+        },
+        "kind": {
+          "default": "storage#composeRequest",
+          "description": "The kind of item this is.",
+          "type": "string"
+        },
+        "sourceObjects": {
+          "annotations": {
+            "required": [
+              "storage.objects.compose"
+            ]
+          },
+          "description": "The list of source objects that will be concatenated into a single object.",
+          "items": {
+            "properties": {
+              "generation": {
+                "description": "The generation of this object to use as the source.",
+                "format": "int64",
+                "type": "string"
+              },
+              "name": {
+                "annotations": {
+                  "required": [
+                    "storage.objects.compose"
+                  ]
+                },
+                "description": "The source object's name. All source objects must reside in the same bucket.",
+                "type": "string"
+              },
+              "objectPreconditions": {
+                "description": "Conditions that must be met for this operation to execute.",
+                "properties": {
+                  "ifGenerationMatch": {
+                    "description": "Only perform the composition if the generation of the source object that would be used matches this value. If this value and a generation are both specified, they must be the same value or the call will fail.",
+                    "format": "int64",
+                    "type": "string"
+                  }
+                },
+                "type": "object"
+              }
+            },
+            "type": "object"
+          },
+          "type": "array"
+        }
+      },
+      "type": "object"
+    },
+    "Expr": {
+      "description": "Represents an expression text. Example: title: \"User account presence\" description: \"Determines whether the request has a user account\" expression: \"size(request.user) \u003e 0\"",
+      "id": "Expr",
+      "properties": {
+        "description": {
+          "description": "An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.",
+          "type": "string"
+        },
+        "expression": {
+          "description": "Textual representation of an expression in Common Expression Language syntax. The application context of the containing message determines which well-known feature set of CEL is supported.",
+          "type": "string"
+        },
+        "location": {
+          "description": "An optional string indicating the location of the expression for error reporting, e.g. a file name and a position in the file.",
+          "type": "string"
+        },
+        "title": {
+          "description": "An optional title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "HmacKey": {
+      "description": "JSON template to produce a JSON-style HMAC Key resource for Create responses.",
+      "id": "HmacKey",
+      "properties": {
+        "kind": {
+          "default": "storage#hmacKey",
+          "description": "The kind of item this is. For HMAC keys, this is always storage#hmacKey.",
+          "type": "string"
+        },
+        "metadata": {
+          "$ref": "HmacKeyMetadata",
+          "description": "Key metadata."
+        },
+        "secret": {
+          "description": "HMAC secret key material.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "HmacKeyMetadata": {
+      "description": "JSON template to produce a JSON-style HMAC Key metadata resource.",
+      "id": "HmacKeyMetadata",
+      "properties": {
+        "accessId": {
+          "description": "The ID of the HMAC Key.",
+          "type": "string"
+        },
+        "etag": {
+          "description": "HTTP 1.1 Entity tag for the HMAC key.",
+          "type": "string"
+        },
+        "id": {
+          "description": "The ID of the HMAC key, including the Project ID and the Access ID.",
+          "type": "string"
+        },
+        "kind": {
+          "default": "storage#hmacKeyMetadata",
+          "description": "The kind of item this is. For HMAC Key metadata, this is always storage#hmacKeyMetadata.",
+          "type": "string"
+        },
+        "projectId": {
+          "description": "Project ID owning the service account to which the key authenticates.",
+          "type": "string"
+        },
+        "selfLink": {
+          "description": "The link to this resource.",
+          "type": "string"
+        },
+        "serviceAccountEmail": {
+          "description": "The email address of the key's associated service account.",
+          "type": "string"
+        },
+        "state": {
+          "description": "The state of the key. Can be one of ACTIVE, INACTIVE, or DELETED.",
+          "type": "string"
+        },
+        "timeCreated": {
+          "description": "The creation time of the HMAC key in RFC 3339 format.",
+          "format": "date-time",
+          "type": "string"
+        },
+        "updated": {
+          "description": "The last modification time of the HMAC key metadata in RFC 3339 format.",
+          "format": "date-time",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "HmacKeysMetadata": {
+      "description": "A list of hmacKeys.",
+      "id": "HmacKeysMetadata",
+      "properties": {
+        "items": {
+          "description": "The list of items.",
+          "items": {
+            "$ref": "HmacKeyMetadata"
+          },
+          "type": "array"
+        },
+        "kind": {
+          "default": "storage#hmacKeysMetadata",
+          "description": "The kind of item this is. For lists of hmacKeys, this is always storage#hmacKeysMetadata.",
+          "type": "string"
+        },
+        "nextPageToken": {
+          "description": "The continuation token, used to page through large result sets. Provide this value in a subsequent request to return the next page of results.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "Notification": {
+      "description": "A subscription to receive Google PubSub notifications.",
+      "id": "Notification",
+      "properties": {
+        "custom_attributes": {
+          "additionalProperties": {
+            "type": "string"
+          },
+          "description": "An optional list of additional attributes to attach to each Cloud PubSub message published for this notification subscription.",
+          "type": "object"
+        },
+        "etag": {
+          "description": "HTTP 1.1 Entity tag for this subscription notification.",
+          "type": "string"
+        },
+        "event_types": {
+          "description": "If present, only send notifications about listed event types. If empty, sent notifications for all event types.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "id": {
+          "description": "The ID of the notification.",
+          "type": "string"
+        },
+        "kind": {
+          "default": "storage#notification",
+          "description": "The kind of item this is. For notifications, this is always storage#notification.",
+          "type": "string"
+        },
+        "object_name_prefix": {
+          "description": "If present, only apply this notification configuration to object names that begin with this prefix.",
+          "type": "string"
+        },
+        "payload_format": {
+          "annotations": {
+            "required": [
+              "storage.notifications.insert"
+            ]
+          },
+          "default": "JSON_API_V1",
+          "description": "The desired content of the Payload.",
+          "type": "string"
+        },
+        "selfLink": {
+          "description": "The canonical URL of this notification.",
+          "type": "string"
+        },
+        "topic": {
+          "annotations": {
+            "required": [
+              "storage.notifications.insert"
+            ]
+          },
+          "description": "The Cloud PubSub topic to which this subscription publishes. Formatted as: '//pubsub.googleapis.com/projects/{project-identifier}/topics/{my-topic}'",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "Notifications": {
+      "description": "A list of notification subscriptions.",
+      "id": "Notifications",
+      "properties": {
+        "items": {
+          "description": "The list of items.",
+          "items": {
+            "$ref": "Notification"
+          },
+          "type": "array"
+        },
+        "kind": {
+          "default": "storage#notifications",
+          "description": "The kind of item this is. For lists of notifications, this is always storage#notifications.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "Object": {
+      "description": "An object.",
+      "id": "Object",
+      "properties": {
+        "acl": {
+          "annotations": {
+            "required": [
+              "storage.objects.update"
+            ]
+          },
+          "description": "Access controls on the object.",
+          "items": {
+            "$ref": "ObjectAccessControl"
+          },
+          "type": "array"
+        },
+        "bucket": {
+          "description": "The name of the bucket containing this object.",
+          "type": "string"
+        },
+        "cacheControl": {
+          "description": "Cache-Control directive for the object data. If omitted, and the object is accessible to all anonymous users, the default will be public, max-age=3600.",
+          "type": "string"
+        },
+        "componentCount": {
+          "description": "Number of underlying components that make up this object. Components are accumulated by compose operations.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "contentDisposition": {
+          "description": "Content-Disposition of the object data.",
+          "type": "string"
+        },
+        "contentEncoding": {
+          "description": "Content-Encoding of the object data.",
+          "type": "string"
+        },
+        "contentLanguage": {
+          "description": "Content-Language of the object data.",
+          "type": "string"
+        },
+        "contentType": {
+          "description": "Content-Type of the object data. If an object is stored without a Content-Type, it is served as application/octet-stream.",
+          "type": "string"
+        },
+        "crc32c": {
+          "description": "CRC32c checksum, as described in RFC 4960, Appendix B; encoded using base64 in big-endian byte order. For more information about using the CRC32c checksum, see Hashes and ETags: Best Practices.",
+          "type": "string"
+        },
+        "customTime": {
+          "description": "A timestamp in RFC 3339 format specified by the user for an object.",
+          "format": "date-time",
+          "type": "string"
+        },
+        "customerEncryption": {
+          "description": "Metadata of customer-supplied encryption key, if the object is encrypted by such a key.",
+          "properties": {
+            "encryptionAlgorithm": {
+              "description": "The encryption algorithm.",
+              "type": "string"
+            },
+            "keySha256": {
+              "description": "SHA256 hash value of the encryption key.",
+              "type": "string"
+            }
+          },
+          "type": "object"
+        },
+        "etag": {
+          "description": "HTTP 1.1 Entity tag for the object.",
+          "type": "string"
+        },
+        "eventBasedHold": {
+          "description": "Whether an object is under event-based hold. Event-based hold is a way to retain objects until an event occurs, which is signified by the hold's release (i.e. this value is set to false). After being released (set to false), such objects will be subject to bucket-level retention (if any). One sample use case of this flag is for banks to hold loan documents for at least 3 years after loan is paid in full. Here, bucket-level retention is 3 years and the event is the loan being paid in full. In this example, these objects will be held intact for any number of years until the event has occurred (event-based hold on the object is released) and then 3 more years after that. That means retention duration of the objects begins from the moment event-based hold transitioned from true to false.",
+          "type": "boolean"
+        },
+        "generation": {
+          "description": "The content generation of this object. Used for object versioning.",
+          "format": "int64",
+          "type": "string"
+        },
+        "id": {
+          "description": "The ID of the object, including the bucket name, object name, and generation number.",
+          "type": "string"
+        },
+        "kind": {
+          "default": "storage#object",
+          "description": "The kind of item this is. For objects, this is always storage#object.",
+          "type": "string"
+        },
+        "kmsKeyName": {
+          "description": "Not currently supported. Specifying the parameter causes the request to fail with status code 400 - Bad Request.",
+          "type": "string"
+        },
+        "md5Hash": {
+          "description": "MD5 hash of the data; encoded using base64. For more information about using the MD5 hash, see Hashes and ETags: Best Practices.",
+          "type": "string"
+        },
+        "mediaLink": {
+          "description": "Media download link.",
+          "type": "string"
+        },
+        "metadata": {
+          "additionalProperties": {
+            "description": "An individual metadata entry.",
+            "type": "string"
+          },
+          "description": "User-provided metadata, in key/value pairs.",
+          "type": "object"
+        },
+        "metageneration": {
+          "description": "The version of the metadata for this object at this generation. Used for preconditions and for detecting changes in metadata. A metageneration number is only meaningful in the context of a particular generation of a particular object.",
+          "format": "int64",
+          "type": "string"
+        },
+        "name": {
+          "description": "The name of the object. Required if not specified by URL parameter.",
+          "type": "string"
+        },
+        "owner": {
+          "description": "The owner of the object. This will always be the uploader of the object.",
+          "properties": {
+            "entity": {
+              "description": "The entity, in the form user-userId.",
+              "type": "string"
+            },
+            "entityId": {
+              "description": "The ID for the entity.",
+              "type": "string"
+            }
+          },
+          "type": "object"
+        },
+        "retentionExpirationTime": {
+          "description": "A server-determined value that specifies the earliest time that the object's retention period expires. This value is in RFC 3339 format. Note 1: This field is not provided for objects with an active event-based hold, since retention expiration is unknown until the hold is removed. Note 2: This value can be provided even when temporary hold is set (so that the user can reason about policy without having to first unset the temporary hold).",
+          "format": "date-time",
+          "type": "string"
+        },
+        "selfLink": {
+          "description": "The link to this object.",
+          "type": "string"
+        },
+        "size": {
+          "description": "Content-Length of the data in bytes.",
+          "format": "uint64",
+          "type": "string"
+        },
+        "storageClass": {
+          "description": "Storage class of the object.",
+          "type": "string"
+        },
+        "temporaryHold": {
+          "description": "Whether an object is under temporary hold. While this flag is set to true, the object is protected against deletion and overwrites. A common use case of this flag is regulatory investigations where objects need to be retained while the investigation is ongoing. Note that unlike event-based hold, temporary hold does not impact retention expiration time of an object.",
+          "type": "boolean"
+        },
+        "timeCreated": {
+          "description": "The creation time of the object in RFC 3339 format.",
+          "format": "date-time",
+          "type": "string"
+        },
+        "timeDeleted": {
+          "description": "The deletion time of the object in RFC 3339 format. Will be returned if and only if this version of the object has been deleted.",
+          "format": "date-time",
+          "type": "string"
+        },
+        "timeStorageClassUpdated": {
+          "description": "The time at which the object's storage class was last changed. When the object is initially created, it will be set to timeCreated.",
+          "format": "date-time",
+          "type": "string"
+        },
+        "updated": {
+          "description": "The modification time of the object metadata in RFC 3339 format. Set initially to object creation time and then updated whenever any metadata of the object changes. This includes changes made by a requester, such as modifying custom metadata, as well as changes made by Cloud Storage on behalf of a requester, such as changing the storage class based on an Object Lifecycle Configuration.",
+          "format": "date-time",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "ObjectAccessControl": {
+      "description": "An access-control entry.",
+      "id": "ObjectAccessControl",
+      "properties": {
+        "bucket": {
+          "description": "The name of the bucket.",
+          "type": "string"
+        },
+        "domain": {
+          "description": "The domain associated with the entity, if any.",
+          "type": "string"
+        },
+        "email": {
+          "description": "The email address associated with the entity, if any.",
+          "type": "string"
+        },
+        "entity": {
+          "annotations": {
+            "required": [
+              "storage.defaultObjectAccessControls.insert",
+              "storage.objectAccessControls.insert"
+            ]
+          },
+          "description": "The entity holding the permission, in one of the following forms: \n- user-userId \n- user-email \n- group-groupId \n- group-email \n- domain-domain \n- project-team-projectId \n- allUsers \n- allAuthenticatedUsers Examples: \n- The user liz@example.com would be user-liz@example.com. \n- The group example@googlegroups.com would be group-example@googlegroups.com. \n- To refer to all members of the Google Apps for Business domain example.com, the entity would be domain-example.com.",
+          "type": "string"
+        },
+        "entityId": {
+          "description": "The ID for the entity, if any.",
+          "type": "string"
+        },
+        "etag": {
+          "description": "HTTP 1.1 Entity tag for the access-control entry.",
+          "type": "string"
+        },
+        "generation": {
+          "description": "The content generation of the object, if applied to an object.",
+          "format": "int64",
+          "type": "string"
+        },
+        "id": {
+          "description": "The ID of the access-control entry.",
+          "type": "string"
+        },
+        "kind": {
+          "default": "storage#objectAccessControl",
+          "description": "The kind of item this is. For object access control entries, this is always storage#objectAccessControl.",
+          "type": "string"
+        },
+        "object": {
+          "description": "The name of the object, if applied to an object.",
+          "type": "string"
+        },
+        "projectTeam": {
+          "description": "The project team associated with the entity, if any.",
+          "properties": {
+            "projectNumber": {
+              "description": "The project number.",
+              "type": "string"
+            },
+            "team": {
+              "description": "The team.",
+              "type": "string"
+            }
+          },
+          "type": "object"
+        },
+        "role": {
+          "annotations": {
+            "required": [
+              "storage.defaultObjectAccessControls.insert",
+              "storage.objectAccessControls.insert"
+            ]
+          },
+          "description": "The access permission for the entity.",
+          "type": "string"
+        },
+        "selfLink": {
+          "description": "The link to this access-control entry.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "ObjectAccessControls": {
+      "description": "An access-control list.",
+      "id": "ObjectAccessControls",
+      "properties": {
+        "items": {
+          "description": "The list of items.",
+          "items": {
+            "$ref": "ObjectAccessControl"
+          },
+          "type": "array"
+        },
+        "kind": {
+          "default": "storage#objectAccessControls",
+          "description": "The kind of item this is. For lists of object access control entries, this is always storage#objectAccessControls.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "Objects": {
+      "description": "A list of objects.",
+      "id": "Objects",
+      "properties": {
+        "items": {
+          "description": "The list of items.",
+          "items": {
+            "$ref": "Object"
+          },
+          "type": "array"
+        },
+        "kind": {
+          "default": "storage#objects",
+          "description": "The kind of item this is. For lists of objects, this is always storage#objects.",
+          "type": "string"
+        },
+        "nextPageToken": {
+          "description": "The continuation token, used to page through large result sets. Provide this value in a subsequent request to return the next page of results.",
+          "type": "string"
+        },
+        "prefixes": {
+          "description": "The list of prefixes of objects matching-but-not-listed up to and including the requested delimiter.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        }
+      },
+      "type": "object"
+    },
+    "Policy": {
+      "description": "A bucket/object IAM policy.",
+      "id": "Policy",
+      "properties": {
+        "bindings": {
+          "annotations": {
+            "required": [
+              "storage.buckets.setIamPolicy",
+              "storage.objects.setIamPolicy"
+            ]
+          },
+          "description": "An association between a role, which comes with a set of permissions, and members who may assume that role.",
+          "items": {
+            "properties": {
+              "condition": {
+                "$ref": "Expr",
+                "description": "The condition that is associated with this binding. NOTE: an unsatisfied condition will not allow user access via current binding. Different bindings, including their conditions, are examined independently."
+              },
+              "members": {
+                "annotations": {
+                  "required": [
+                    "storage.buckets.setIamPolicy",
+                    "storage.objects.setIamPolicy"
+                  ]
+                },
+                "description": "A collection of identifiers for members who may assume the provided role. Recognized identifiers are as follows:  \n- allUsers — A special identifier that represents anyone on the internet; with or without a Google account.  \n- allAuthenticatedUsers — A special identifier that represents anyone who is authenticated with a Google account or a service account.  \n- user:emailid — An email address that represents a specific account. For example, user:alice@gmail.com or user:joe@example.com.  \n- serviceAccount:emailid — An email address that represents a service account. For example,  serviceAccount:my-other-app@appspot.gserviceaccount.com .  \n- group:emailid — An email address that represents a Google group. For example, group:admins@example.com.  \n- domain:domain — A Google Apps domain name that represents all the users of that domain. For example, domain:google.com or domain:example.com.  \n- projectOwner:projectid — Owners of the given project. For example, projectOwner:my-example-project  \n- projectEditor:projectid — Editors of the given project. For example, projectEditor:my-example-project  \n- projectViewer:projectid — Viewers of the given project. For example, projectViewer:my-example-project",
+                "items": {
+                  "type": "string"
+                },
+                "type": "array"
+              },
+              "role": {
+                "annotations": {
+                  "required": [
+                    "storage.buckets.setIamPolicy",
+                    "storage.objects.setIamPolicy"
+                  ]
+                },
+                "description": "The role to which members belong. Two types of roles are supported: new IAM roles, which grant permissions that do not map directly to those provided by ACLs, and legacy IAM roles, which do map directly to ACL permissions. All roles are of the format roles/storage.specificRole.\nThe new IAM roles are:  \n- roles/storage.admin — Full control of Google Cloud Storage resources.  \n- roles/storage.objectViewer — Read-Only access to Google Cloud Storage objects.  \n- roles/storage.objectCreator — Access to create objects in Google Cloud Storage.  \n- roles/storage.objectAdmin — Full control of Google Cloud Storage objects.   The legacy IAM roles are:  \n- roles/storage.legacyObjectReader — Read-only access to objects without listing. Equivalent to an ACL entry on an object with the READER role.  \n- roles/storage.legacyObjectOwner — Read/write access to existing objects without listing. Equivalent to an ACL entry on an object with the OWNER role.  \n- roles/storage.legacyBucketReader — Read access to buckets with object listing. Equivalent to an ACL entry on a bucket with the READER role.  \n- roles/storage.legacyBucketWriter — Read access to buckets with object listing/creation/deletion. Equivalent to an ACL entry on a bucket with the WRITER role.  \n- roles/storage.legacyBucketOwner — Read and write access to existing buckets with object listing/creation/deletion. Equivalent to an ACL entry on a bucket with the OWNER role.",
+                "type": "string"
+              }
+            },
+            "type": "object"
+          },
+          "type": "array"
+        },
+        "etag": {
+          "description": "HTTP 1.1  Entity tag for the policy.",
+          "format": "byte",
+          "type": "string"
+        },
+        "kind": {
+          "default": "storage#policy",
+          "description": "The kind of item this is. For policies, this is always storage#policy. This field is ignored on input.",
+          "type": "string"
+        },
+        "resourceId": {
+          "description": "The ID of the resource to which this policy belongs. Will be of the form projects/_/buckets/bucket for buckets, and projects/_/buckets/bucket/objects/object for objects. A specific generation may be specified by appending #generationNumber to the end of the object name, e.g. projects/_/buckets/my-bucket/objects/data.txt#17. The current generation can be denoted with #0. This field is ignored on input.",
+          "type": "string"
+        },
+        "version": {
+          "description": "The IAM policy format version.",
+          "format": "int32",
+          "type": "integer"
+        }
+      },
+      "type": "object"
+    },
+    "RewriteResponse": {
+      "description": "A rewrite response.",
+      "id": "RewriteResponse",
+      "properties": {
+        "done": {
+          "description": "true if the copy is finished; otherwise, false if the copy is in progress. This property is always present in the response.",
+          "type": "boolean"
+        },
+        "kind": {
+          "default": "storage#rewriteResponse",
+          "description": "The kind of item this is.",
+          "type": "string"
+        },
+        "objectSize": {
+          "description": "The total size of the object being copied in bytes. This property is always present in the response.",
+          "format": "int64",
+          "type": "string"
+        },
+        "resource": {
+          "$ref": "Object",
+          "description": "A resource containing the metadata for the copied-to object. This property is present in the response only when copying completes."
+        },
+        "rewriteToken": {
+          "description": "A token to use in subsequent requests to continue copying data. This token is present in the response only when there is more data to copy.",
+          "type": "string"
+        },
+        "totalBytesRewritten": {
+          "description": "The total bytes written so far, which can be used to provide a waiting user with a progress indicator. This property is always present in the response.",
+          "format": "int64",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "ServiceAccount": {
+      "description": "A subscription to receive Google PubSub notifications.",
+      "id": "ServiceAccount",
+      "properties": {
+        "email_address": {
+          "description": "The ID of the notification.",
+          "type": "string"
+        },
+        "kind": {
+          "default": "storage#serviceAccount",
+          "description": "The kind of item this is. For notifications, this is always storage#notification.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "TestIamPermissionsResponse": {
+      "description": "A storage.(buckets|objects).testIamPermissions response.",
+      "id": "TestIamPermissionsResponse",
+      "properties": {
+        "kind": {
+          "default": "storage#testIamPermissionsResponse",
+          "description": "The kind of item this is.",
+          "type": "string"
+        },
+        "permissions": {
+          "description": "The permissions held by the caller. Permissions are always of the format storage.resource.capability, where resource is one of buckets or objects. The supported permissions are as follows:  \n- storage.buckets.delete — Delete bucket.  \n- storage.buckets.get — Read bucket metadata.  \n- storage.buckets.getIamPolicy — Read bucket IAM policy.  \n- storage.buckets.create — Create bucket.  \n- storage.buckets.list — List buckets.  \n- storage.buckets.setIamPolicy — Update bucket IAM policy.  \n- storage.buckets.update — Update bucket metadata.  \n- storage.objects.delete — Delete object.  \n- storage.objects.get — Read object data and metadata.  \n- storage.objects.getIamPolicy — Read object IAM policy.  \n- storage.objects.create — Create object.  \n- storage.objects.list — List objects.  \n- storage.objects.setIamPolicy — Update object IAM policy.  \n- storage.objects.update — Update object metadata.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        }
+      },
+      "type": "object"
+    }
+  },
+  "servicePath": "storage/v1/",
+  "title": "Cloud Storage JSON API",
+  "version": "v1"
+}
\ No newline at end of file
diff --git a/vendor/google.golang.org/api/storage/v1/storage-gen.go b/vendor/google.golang.org/api/storage/v1/storage-gen.go
new file mode 100644
index 000000000..e11bf2e6d
--- /dev/null
+++ b/vendor/google.golang.org/api/storage/v1/storage-gen.go
@@ -0,0 +1,13283 @@
+// Copyright 2023 Google LLC.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Code generated file. DO NOT EDIT.
+
+// Package storage provides access to the Cloud Storage JSON API.
+//
+// This package is DEPRECATED. Use package cloud.google.com/go/storage instead.
+//
+// For product documentation, see: https://developers.google.com/storage/docs/json_api/
+//
+// # Creating a client
+//
+// Usage example:
+//
+//	import "google.golang.org/api/storage/v1"
+//	...
+//	ctx := context.Background()
+//	storageService, err := storage.NewService(ctx)
+//
+// In this example, Google Application Default Credentials are used for authentication.
+//
+// For information on how to create and obtain Application Default Credentials, see https://developers.google.com/identity/protocols/application-default-credentials.
+//
+// # Other authentication options
+//
+// By default, all available scopes (see "Constants") are used to authenticate. To restrict scopes, use option.WithScopes:
+//
+//	storageService, err := storage.NewService(ctx, option.WithScopes(storage.DevstorageReadWriteScope))
+//
+// To use an API key for authentication (note: some APIs do not support API keys), use option.WithAPIKey:
+//
+//	storageService, err := storage.NewService(ctx, option.WithAPIKey("AIza..."))
+//
+// To use an OAuth token (e.g., a user token obtained via a three-legged OAuth flow), use option.WithTokenSource:
+//
+//	config := &oauth2.Config{...}
+//	// ...
+//	token, err := config.Exchange(ctx, ...)
+//	storageService, err := storage.NewService(ctx, option.WithTokenSource(config.TokenSource(ctx, token)))
+//
+// See https://godoc.org/google.golang.org/api/option/ for details on options.
+package storage // import "google.golang.org/api/storage/v1"
+
+import (
+	"bytes"
+	"context"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"io"
+	"net/http"
+	"net/url"
+	"strconv"
+	"strings"
+
+	"github.com/googleapis/gax-go/v2"
+	googleapi "google.golang.org/api/googleapi"
+	internal "google.golang.org/api/internal"
+	gensupport "google.golang.org/api/internal/gensupport"
+	option "google.golang.org/api/option"
+	internaloption "google.golang.org/api/option/internaloption"
+	htransport "google.golang.org/api/transport/http"
+)
+
+// Always reference these packages, just in case the auto-generated code
+// below doesn't.
+var _ = bytes.NewBuffer
+var _ = strconv.Itoa
+var _ = fmt.Sprintf
+var _ = json.NewDecoder
+var _ = io.Copy
+var _ = url.Parse
+var _ = gensupport.MarshalJSON
+var _ = googleapi.Version
+var _ = errors.New
+var _ = strings.Replace
+var _ = context.Canceled
+var _ = internaloption.WithDefaultEndpoint
+var _ = internal.Version
+
+const apiId = "storage:v1"
+const apiName = "storage"
+const apiVersion = "v1"
+const basePath = "https://storage.googleapis.com/storage/v1/"
+const mtlsBasePath = "https://storage.mtls.googleapis.com/storage/v1/"
+
+// OAuth2 scopes used by this API.
+const (
+	// View and manage your data across Google Cloud Platform services
+	CloudPlatformScope = "https://www.googleapis.com/auth/cloud-platform"
+
+	// View your data across Google Cloud Platform services
+	CloudPlatformReadOnlyScope = "https://www.googleapis.com/auth/cloud-platform.read-only"
+
+	// Manage your data and permissions in Google Cloud Storage
+	DevstorageFullControlScope = "https://www.googleapis.com/auth/devstorage.full_control"
+
+	// View your data in Google Cloud Storage
+	DevstorageReadOnlyScope = "https://www.googleapis.com/auth/devstorage.read_only"
+
+	// Manage your data in Google Cloud Storage
+	DevstorageReadWriteScope = "https://www.googleapis.com/auth/devstorage.read_write"
+)
+
+// NewService creates a new Service.
+func NewService(ctx context.Context, opts ...option.ClientOption) (*Service, error) {
+	scopesOption := internaloption.WithDefaultScopes(
+		"https://www.googleapis.com/auth/cloud-platform",
+		"https://www.googleapis.com/auth/cloud-platform.read-only",
+		"https://www.googleapis.com/auth/devstorage.full_control",
+		"https://www.googleapis.com/auth/devstorage.read_only",
+		"https://www.googleapis.com/auth/devstorage.read_write",
+	)
+	// NOTE: prepend, so we don't override user-specified scopes.
+	opts = append([]option.ClientOption{scopesOption}, opts...)
+	opts = append(opts, internaloption.WithDefaultEndpoint(basePath))
+	opts = append(opts, internaloption.WithDefaultMTLSEndpoint(mtlsBasePath))
+	client, endpoint, err := htransport.NewClient(ctx, opts...)
+	if err != nil {
+		return nil, err
+	}
+	s, err := New(client)
+	if err != nil {
+		return nil, err
+	}
+	if endpoint != "" {
+		s.BasePath = endpoint
+	}
+	return s, nil
+}
+
+// New creates a new Service. It uses the provided http.Client for requests.
+//
+// Deprecated: please use NewService instead.
+// To provide a custom HTTP client, use option.WithHTTPClient.
+// If you are using google.golang.org/api/googleapis/transport.APIKey, use option.WithAPIKey with NewService instead.
+func New(client *http.Client) (*Service, error) {
+	if client == nil {
+		return nil, errors.New("client is nil")
+	}
+	s := &Service{client: client, BasePath: basePath}
+	s.BucketAccessControls = NewBucketAccessControlsService(s)
+	s.Buckets = NewBucketsService(s)
+	s.Channels = NewChannelsService(s)
+	s.DefaultObjectAccessControls = NewDefaultObjectAccessControlsService(s)
+	s.Notifications = NewNotificationsService(s)
+	s.ObjectAccessControls = NewObjectAccessControlsService(s)
+	s.Objects = NewObjectsService(s)
+	s.Projects = NewProjectsService(s)
+	return s, nil
+}
+
+type Service struct {
+	client    *http.Client
+	BasePath  string // API endpoint base URL
+	UserAgent string // optional additional User-Agent fragment
+
+	BucketAccessControls *BucketAccessControlsService
+
+	Buckets *BucketsService
+
+	Channels *ChannelsService
+
+	DefaultObjectAccessControls *DefaultObjectAccessControlsService
+
+	Notifications *NotificationsService
+
+	ObjectAccessControls *ObjectAccessControlsService
+
+	Objects *ObjectsService
+
+	Projects *ProjectsService
+}
+
+func (s *Service) userAgent() string {
+	if s.UserAgent == "" {
+		return googleapi.UserAgent
+	}
+	return googleapi.UserAgent + " " + s.UserAgent
+}
+
+func NewBucketAccessControlsService(s *Service) *BucketAccessControlsService {
+	rs := &BucketAccessControlsService{s: s}
+	return rs
+}
+
+type BucketAccessControlsService struct {
+	s *Service
+}
+
+func NewBucketsService(s *Service) *BucketsService {
+	rs := &BucketsService{s: s}
+	return rs
+}
+
+type BucketsService struct {
+	s *Service
+}
+
+func NewChannelsService(s *Service) *ChannelsService {
+	rs := &ChannelsService{s: s}
+	return rs
+}
+
+type ChannelsService struct {
+	s *Service
+}
+
+func NewDefaultObjectAccessControlsService(s *Service) *DefaultObjectAccessControlsService {
+	rs := &DefaultObjectAccessControlsService{s: s}
+	return rs
+}
+
+type DefaultObjectAccessControlsService struct {
+	s *Service
+}
+
+func NewNotificationsService(s *Service) *NotificationsService {
+	rs := &NotificationsService{s: s}
+	return rs
+}
+
+type NotificationsService struct {
+	s *Service
+}
+
+func NewObjectAccessControlsService(s *Service) *ObjectAccessControlsService {
+	rs := &ObjectAccessControlsService{s: s}
+	return rs
+}
+
+type ObjectAccessControlsService struct {
+	s *Service
+}
+
+func NewObjectsService(s *Service) *ObjectsService {
+	rs := &ObjectsService{s: s}
+	return rs
+}
+
+type ObjectsService struct {
+	s *Service
+}
+
+func NewProjectsService(s *Service) *ProjectsService {
+	rs := &ProjectsService{s: s}
+	rs.HmacKeys = NewProjectsHmacKeysService(s)
+	rs.ServiceAccount = NewProjectsServiceAccountService(s)
+	return rs
+}
+
+type ProjectsService struct {
+	s *Service
+
+	HmacKeys *ProjectsHmacKeysService
+
+	ServiceAccount *ProjectsServiceAccountService
+}
+
+func NewProjectsHmacKeysService(s *Service) *ProjectsHmacKeysService {
+	rs := &ProjectsHmacKeysService{s: s}
+	return rs
+}
+
+type ProjectsHmacKeysService struct {
+	s *Service
+}
+
+func NewProjectsServiceAccountService(s *Service) *ProjectsServiceAccountService {
+	rs := &ProjectsServiceAccountService{s: s}
+	return rs
+}
+
+type ProjectsServiceAccountService struct {
+	s *Service
+}
+
+// Bucket: A bucket.
+type Bucket struct {
+	// Acl: Access controls on the bucket.
+	Acl []*BucketAccessControl `json:"acl,omitempty"`
+
+	// Autoclass: The bucket's Autoclass configuration.
+	Autoclass *BucketAutoclass `json:"autoclass,omitempty"`
+
+	// Billing: The bucket's billing configuration.
+	Billing *BucketBilling `json:"billing,omitempty"`
+
+	// Cors: The bucket's Cross-Origin Resource Sharing (CORS)
+	// configuration.
+	Cors []*BucketCors `json:"cors,omitempty"`
+
+	// CustomPlacementConfig: The bucket's custom placement configuration
+	// for Custom Dual Regions.
+	CustomPlacementConfig *BucketCustomPlacementConfig `json:"customPlacementConfig,omitempty"`
+
+	// DefaultEventBasedHold: The default value for event-based hold on
+	// newly created objects in this bucket. Event-based hold is a way to
+	// retain objects indefinitely until an event occurs, signified by the
+	// hold's release. After being released, such objects will be subject to
+	// bucket-level retention (if any). One sample use case of this flag is
+	// for banks to hold loan documents for at least 3 years after loan is
+	// paid in full. Here, bucket-level retention is 3 years and the event
+	// is loan being paid in full. In this example, these objects will be
+	// held intact for any number of years until the event has occurred
+	// (event-based hold on the object is released) and then 3 more years
+	// after that. That means retention duration of the objects begins from
+	// the moment event-based hold transitioned from true to false. Objects
+	// under event-based hold cannot be deleted, overwritten or archived
+	// until the hold is removed.
+	DefaultEventBasedHold bool `json:"defaultEventBasedHold,omitempty"`
+
+	// DefaultObjectAcl: Default access controls to apply to new objects
+	// when no ACL is provided.
+	DefaultObjectAcl []*ObjectAccessControl `json:"defaultObjectAcl,omitempty"`
+
+	// Encryption: Encryption configuration for a bucket.
+	Encryption *BucketEncryption `json:"encryption,omitempty"`
+
+	// Etag: HTTP 1.1 Entity tag for the bucket.
+	Etag string `json:"etag,omitempty"`
+
+	// IamConfiguration: The bucket's IAM configuration.
+	IamConfiguration *BucketIamConfiguration `json:"iamConfiguration,omitempty"`
+
+	// Id: The ID of the bucket. For buckets, the id and name properties are
+	// the same.
+	Id string `json:"id,omitempty"`
+
+	// Kind: The kind of item this is. For buckets, this is always
+	// storage#bucket.
+	Kind string `json:"kind,omitempty"`
+
+	// Labels: User-provided labels, in key/value pairs.
+	Labels map[string]string `json:"labels,omitempty"`
+
+	// Lifecycle: The bucket's lifecycle configuration. See lifecycle
+	// management for more information.
+	Lifecycle *BucketLifecycle `json:"lifecycle,omitempty"`
+
+	// Location: The location of the bucket. Object data for objects in the
+	// bucket resides in physical storage within this region. Defaults to
+	// US. See the developer's guide for the authoritative list.
+	Location string `json:"location,omitempty"`
+
+	// LocationType: The type of the bucket location.
+	LocationType string `json:"locationType,omitempty"`
+
+	// Logging: The bucket's logging configuration, which defines the
+	// destination bucket and optional name prefix for the current bucket's
+	// logs.
+	Logging *BucketLogging `json:"logging,omitempty"`
+
+	// Metageneration: The metadata generation of this bucket.
+	Metageneration int64 `json:"metageneration,omitempty,string"`
+
+	// Name: The name of the bucket.
+	Name string `json:"name,omitempty"`
+
+	// Owner: The owner of the bucket. This is always the project team's
+	// owner group.
+	Owner *BucketOwner `json:"owner,omitempty"`
+
+	// ProjectNumber: The project number of the project the bucket belongs
+	// to.
+	ProjectNumber uint64 `json:"projectNumber,omitempty,string"`
+
+	// RetentionPolicy: The bucket's retention policy. The retention policy
+	// enforces a minimum retention time for all objects contained in the
+	// bucket, based on their creation time. Any attempt to overwrite or
+	// delete objects younger than the retention period will result in a
+	// PERMISSION_DENIED error. An unlocked retention policy can be modified
+	// or removed from the bucket via a storage.buckets.update operation. A
+	// locked retention policy cannot be removed or shortened in duration
+	// for the lifetime of the bucket. Attempting to remove or decrease
+	// period of a locked retention policy will result in a
+	// PERMISSION_DENIED error.
+	RetentionPolicy *BucketRetentionPolicy `json:"retentionPolicy,omitempty"`
+
+	// Rpo: The Recovery Point Objective (RPO) of this bucket. Set to
+	// ASYNC_TURBO to turn on Turbo Replication on a bucket.
+	Rpo string `json:"rpo,omitempty"`
+
+	// SatisfiesPZS: Reserved for future use.
+	SatisfiesPZS bool `json:"satisfiesPZS,omitempty"`
+
+	// SelfLink: The URI of this bucket.
+	SelfLink string `json:"selfLink,omitempty"`
+
+	// StorageClass: The bucket's default storage class, used whenever no
+	// storageClass is specified for a newly-created object. This defines
+	// how objects in the bucket are stored and determines the SLA and the
+	// cost of storage. Values include MULTI_REGIONAL, REGIONAL, STANDARD,
+	// NEARLINE, COLDLINE, ARCHIVE, and DURABLE_REDUCED_AVAILABILITY. If
+	// this value is not specified when the bucket is created, it will
+	// default to STANDARD. For more information, see storage classes.
+	StorageClass string `json:"storageClass,omitempty"`
+
+	// TimeCreated: The creation time of the bucket in RFC 3339 format.
+	TimeCreated string `json:"timeCreated,omitempty"`
+
+	// Updated: The modification time of the bucket in RFC 3339 format.
+	Updated string `json:"updated,omitempty"`
+
+	// Versioning: The bucket's versioning configuration.
+	Versioning *BucketVersioning `json:"versioning,omitempty"`
+
+	// Website: The bucket's website configuration, controlling how the
+	// service behaves when accessing bucket contents as a web site. See the
+	// Static Website Examples for more information.
+	Website *BucketWebsite `json:"website,omitempty"`
+
+	// ServerResponse contains the HTTP response code and headers from the
+	// server.
+	googleapi.ServerResponse `json:"-"`
+
+	// ForceSendFields is a list of field names (e.g. "Acl") to
+	// unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "Acl") to include in API
+	// requests with the JSON null value. By default, fields with empty
+	// values are omitted from API requests. However, any field with an
+	// empty value appearing in NullFields will be sent to the server as
+	// null. It is an error if a field in this list has a non-empty value.
+	// This may be used to include null fields in Patch requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *Bucket) MarshalJSON() ([]byte, error) {
+	type NoMethod Bucket
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
+// BucketAutoclass: The bucket's Autoclass configuration.
+type BucketAutoclass struct {
+	// Enabled: Whether or not Autoclass is enabled on this bucket
+	Enabled bool `json:"enabled,omitempty"`
+
+	// ToggleTime: A date and time in RFC 3339 format representing the
+	// instant at which "enabled" was last toggled.
+	ToggleTime string `json:"toggleTime,omitempty"`
+
+	// ForceSendFields is a list of field names (e.g. "Enabled") to
+	// unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "Enabled") to include in
+	// API requests with the JSON null value. By default, fields with empty
+	// values are omitted from API requests. However, any field with an
+	// empty value appearing in NullFields will be sent to the server as
+	// null. It is an error if a field in this list has a non-empty value.
+	// This may be used to include null fields in Patch requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *BucketAutoclass) MarshalJSON() ([]byte, error) {
+	type NoMethod BucketAutoclass
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
+// BucketBilling: The bucket's billing configuration.
+type BucketBilling struct {
+	// RequesterPays: When set to true, Requester Pays is enabled for this
+	// bucket.
+	RequesterPays bool `json:"requesterPays,omitempty"`
+
+	// ForceSendFields is a list of field names (e.g. "RequesterPays") to
+	// unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "RequesterPays") to include
+	// in API requests with the JSON null value. By default, fields with
+	// empty values are omitted from API requests. However, any field with
+	// an empty value appearing in NullFields will be sent to the server as
+	// null. It is an error if a field in this list has a non-empty value.
+	// This may be used to include null fields in Patch requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *BucketBilling) MarshalJSON() ([]byte, error) {
+	type NoMethod BucketBilling
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
+type BucketCors struct {
+	// MaxAgeSeconds: The value, in seconds, to return in the
+	// Access-Control-Max-Age header used in preflight responses.
+	MaxAgeSeconds int64 `json:"maxAgeSeconds,omitempty"`
+
+	// Method: The list of HTTP methods on which to include CORS response
+	// headers, (GET, OPTIONS, POST, etc) Note: "*" is permitted in the list
+	// of methods, and means "any method".
+	Method []string `json:"method,omitempty"`
+
+	// Origin: The list of Origins eligible to receive CORS response
+	// headers. Note: "*" is permitted in the list of origins, and means
+	// "any Origin".
+	Origin []string `json:"origin,omitempty"`
+
+	// ResponseHeader: The list of HTTP headers other than the simple
+	// response headers to give permission for the user-agent to share
+	// across domains.
+	ResponseHeader []string `json:"responseHeader,omitempty"`
+
+	// ForceSendFields is a list of field names (e.g. "MaxAgeSeconds") to
+	// unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "MaxAgeSeconds") to include
+	// in API requests with the JSON null value. By default, fields with
+	// empty values are omitted from API requests. However, any field with
+	// an empty value appearing in NullFields will be sent to the server as
+	// null. It is an error if a field in this list has a non-empty value.
+	// This may be used to include null fields in Patch requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *BucketCors) MarshalJSON() ([]byte, error) {
+	type NoMethod BucketCors
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
+// BucketCustomPlacementConfig: The bucket's custom placement
+// configuration for Custom Dual Regions.
+type BucketCustomPlacementConfig struct {
+	// DataLocations: The list of regional locations in which data is
+	// placed.
+	DataLocations []string `json:"dataLocations,omitempty"`
+
+	// ForceSendFields is a list of field names (e.g. "DataLocations") to
+	// unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "DataLocations") to include
+	// in API requests with the JSON null value. By default, fields with
+	// empty values are omitted from API requests. However, any field with
+	// an empty value appearing in NullFields will be sent to the server as
+	// null. It is an error if a field in this list has a non-empty value.
+	// This may be used to include null fields in Patch requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *BucketCustomPlacementConfig) MarshalJSON() ([]byte, error) {
+	type NoMethod BucketCustomPlacementConfig
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
+// BucketEncryption: Encryption configuration for a bucket.
+type BucketEncryption struct {
+	// DefaultKmsKeyName: A Cloud KMS key that will be used to encrypt
+	// objects inserted into this bucket, if no encryption method is
+	// specified.
+	DefaultKmsKeyName string `json:"defaultKmsKeyName,omitempty"`
+
+	// ForceSendFields is a list of field names (e.g. "DefaultKmsKeyName")
+	// to unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "DefaultKmsKeyName") to
+	// include in API requests with the JSON null value. By default, fields
+	// with empty values are omitted from API requests. However, any field
+	// with an empty value appearing in NullFields will be sent to the
+	// server as null. It is an error if a field in this list has a
+	// non-empty value. This may be used to include null fields in Patch
+	// requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *BucketEncryption) MarshalJSON() ([]byte, error) {
+	type NoMethod BucketEncryption
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
+// BucketIamConfiguration: The bucket's IAM configuration.
+type BucketIamConfiguration struct {
+	// BucketPolicyOnly: The bucket's uniform bucket-level access
+	// configuration. The feature was formerly known as Bucket Policy Only.
+	// For backward compatibility, this field will be populated with
+	// identical information as the uniformBucketLevelAccess field. We
+	// recommend using the uniformBucketLevelAccess field to enable and
+	// disable the feature.
+	BucketPolicyOnly *BucketIamConfigurationBucketPolicyOnly `json:"bucketPolicyOnly,omitempty"`
+
+	// PublicAccessPrevention: The bucket's Public Access Prevention
+	// configuration. Currently, 'inherited' and 'enforced' are supported.
+	PublicAccessPrevention string `json:"publicAccessPrevention,omitempty"`
+
+	// UniformBucketLevelAccess: The bucket's uniform bucket-level access
+	// configuration.
+	UniformBucketLevelAccess *BucketIamConfigurationUniformBucketLevelAccess `json:"uniformBucketLevelAccess,omitempty"`
+
+	// ForceSendFields is a list of field names (e.g. "BucketPolicyOnly") to
+	// unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "BucketPolicyOnly") to
+	// include in API requests with the JSON null value. By default, fields
+	// with empty values are omitted from API requests. However, any field
+	// with an empty value appearing in NullFields will be sent to the
+	// server as null. It is an error if a field in this list has a
+	// non-empty value. This may be used to include null fields in Patch
+	// requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *BucketIamConfiguration) MarshalJSON() ([]byte, error) {
+	type NoMethod BucketIamConfiguration
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
+// BucketIamConfigurationBucketPolicyOnly: The bucket's uniform
+// bucket-level access configuration. The feature was formerly known as
+// Bucket Policy Only. For backward compatibility, this field will be
+// populated with identical information as the uniformBucketLevelAccess
+// field. We recommend using the uniformBucketLevelAccess field to
+// enable and disable the feature.
+type BucketIamConfigurationBucketPolicyOnly struct {
+	// Enabled: If set, access is controlled only by bucket-level or above
+	// IAM policies.
+	Enabled bool `json:"enabled,omitempty"`
+
+	// LockedTime: The deadline for changing
+	// iamConfiguration.bucketPolicyOnly.enabled from true to false in RFC
+	// 3339 format. iamConfiguration.bucketPolicyOnly.enabled may be changed
+	// from true to false until the locked time, after which the field is
+	// immutable.
+	LockedTime string `json:"lockedTime,omitempty"`
+
+	// ForceSendFields is a list of field names (e.g. "Enabled") to
+	// unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "Enabled") to include in
+	// API requests with the JSON null value. By default, fields with empty
+	// values are omitted from API requests. However, any field with an
+	// empty value appearing in NullFields will be sent to the server as
+	// null. It is an error if a field in this list has a non-empty value.
+	// This may be used to include null fields in Patch requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *BucketIamConfigurationBucketPolicyOnly) MarshalJSON() ([]byte, error) {
+	type NoMethod BucketIamConfigurationBucketPolicyOnly
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
+// BucketIamConfigurationUniformBucketLevelAccess: The bucket's uniform
+// bucket-level access configuration.
+type BucketIamConfigurationUniformBucketLevelAccess struct {
+	// Enabled: If set, access is controlled only by bucket-level or above
+	// IAM policies.
+	Enabled bool `json:"enabled,omitempty"`
+
+	// LockedTime: The deadline for changing
+	// iamConfiguration.uniformBucketLevelAccess.enabled from true to false
+	// in RFC 3339  format.
+	// iamConfiguration.uniformBucketLevelAccess.enabled may be changed from
+	// true to false until the locked time, after which the field is
+	// immutable.
+	LockedTime string `json:"lockedTime,omitempty"`
+
+	// ForceSendFields is a list of field names (e.g. "Enabled") to
+	// unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "Enabled") to include in
+	// API requests with the JSON null value. By default, fields with empty
+	// values are omitted from API requests. However, any field with an
+	// empty value appearing in NullFields will be sent to the server as
+	// null. It is an error if a field in this list has a non-empty value.
+	// This may be used to include null fields in Patch requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *BucketIamConfigurationUniformBucketLevelAccess) MarshalJSON() ([]byte, error) {
+	type NoMethod BucketIamConfigurationUniformBucketLevelAccess
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
+// BucketLifecycle: The bucket's lifecycle configuration. See lifecycle
+// management for more information.
+type BucketLifecycle struct {
+	// Rule: A lifecycle management rule, which is made of an action to take
+	// and the condition(s) under which the action will be taken.
+	Rule []*BucketLifecycleRule `json:"rule,omitempty"`
+
+	// ForceSendFields is a list of field names (e.g. "Rule") to
+	// unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "Rule") to include in API
+	// requests with the JSON null value. By default, fields with empty
+	// values are omitted from API requests. However, any field with an
+	// empty value appearing in NullFields will be sent to the server as
+	// null. It is an error if a field in this list has a non-empty value.
+	// This may be used to include null fields in Patch requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *BucketLifecycle) MarshalJSON() ([]byte, error) {
+	type NoMethod BucketLifecycle
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
+type BucketLifecycleRule struct {
+	// Action: The action to take.
+	Action *BucketLifecycleRuleAction `json:"action,omitempty"`
+
+	// Condition: The condition(s) under which the action will be taken.
+	Condition *BucketLifecycleRuleCondition `json:"condition,omitempty"`
+
+	// ForceSendFields is a list of field names (e.g. "Action") to
+	// unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "Action") to include in API
+	// requests with the JSON null value. By default, fields with empty
+	// values are omitted from API requests. However, any field with an
+	// empty value appearing in NullFields will be sent to the server as
+	// null. It is an error if a field in this list has a non-empty value.
+	// This may be used to include null fields in Patch requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *BucketLifecycleRule) MarshalJSON() ([]byte, error) {
+	type NoMethod BucketLifecycleRule
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
+// BucketLifecycleRuleAction: The action to take.
+type BucketLifecycleRuleAction struct {
+	// StorageClass: Target storage class. Required iff the type of the
+	// action is SetStorageClass.
+	StorageClass string `json:"storageClass,omitempty"`
+
+	// Type: Type of the action. Currently, only Delete, SetStorageClass,
+	// and AbortIncompleteMultipartUpload are supported.
+	Type string `json:"type,omitempty"`
+
+	// ForceSendFields is a list of field names (e.g. "StorageClass") to
+	// unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "StorageClass") to include
+	// in API requests with the JSON null value. By default, fields with
+	// empty values are omitted from API requests. However, any field with
+	// an empty value appearing in NullFields will be sent to the server as
+	// null. It is an error if a field in this list has a non-empty value.
+	// This may be used to include null fields in Patch requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *BucketLifecycleRuleAction) MarshalJSON() ([]byte, error) {
+	type NoMethod BucketLifecycleRuleAction
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
+// BucketLifecycleRuleCondition: The condition(s) under which the action
+// will be taken.
+type BucketLifecycleRuleCondition struct {
+	// Age: Age of an object (in days). This condition is satisfied when an
+	// object reaches the specified age.
+	Age *int64 `json:"age,omitempty"`
+
+	// CreatedBefore: A date in RFC 3339 format with only the date part (for
+	// instance, "2013-01-15"). This condition is satisfied when an object
+	// is created before midnight of the specified date in UTC.
+	CreatedBefore string `json:"createdBefore,omitempty"`
+
+	// CustomTimeBefore: A date in RFC 3339 format with only the date part
+	// (for instance, "2013-01-15"). This condition is satisfied when the
+	// custom time on an object is before this date in UTC.
+	CustomTimeBefore string `json:"customTimeBefore,omitempty"`
+
+	// DaysSinceCustomTime: Number of days elapsed since the user-specified
+	// timestamp set on an object. The condition is satisfied if the days
+	// elapsed is at least this number. If no custom timestamp is specified
+	// on an object, the condition does not apply.
+	DaysSinceCustomTime int64 `json:"daysSinceCustomTime,omitempty"`
+
+	// DaysSinceNoncurrentTime: Number of days elapsed since the noncurrent
+	// timestamp of an object. The condition is satisfied if the days
+	// elapsed is at least this number. This condition is relevant only for
+	// versioned objects. The value of the field must be a nonnegative
+	// integer. If it's zero, the object version will become eligible for
+	// Lifecycle action as soon as it becomes noncurrent.
+	DaysSinceNoncurrentTime int64 `json:"daysSinceNoncurrentTime,omitempty"`
+
+	// IsLive: Relevant only for versioned objects. If the value is true,
+	// this condition matches live objects; if the value is false, it
+	// matches archived objects.
+	IsLive *bool `json:"isLive,omitempty"`
+
+	// MatchesPattern: A regular expression that satisfies the RE2 syntax.
+	// This condition is satisfied when the name of the object matches the
+	// RE2 pattern. Note: This feature is currently in the "Early Access"
+	// launch stage and is only available to a whitelisted set of users;
+	// that means that this feature may be changed in backward-incompatible
+	// ways and that it is not guaranteed to be released.
+	MatchesPattern string `json:"matchesPattern,omitempty"`
+
+	// MatchesPrefix: List of object name prefixes. This condition will be
+	// satisfied when at least one of the prefixes exactly matches the
+	// beginning of the object name.
+	MatchesPrefix []string `json:"matchesPrefix,omitempty"`
+
+	// MatchesStorageClass: Objects having any of the storage classes
+	// specified by this condition will be matched. Values include
+	// MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, ARCHIVE, STANDARD, and
+	// DURABLE_REDUCED_AVAILABILITY.
+	MatchesStorageClass []string `json:"matchesStorageClass,omitempty"`
+
+	// MatchesSuffix: List of object name suffixes. This condition will be
+	// satisfied when at least one of the suffixes exactly matches the end
+	// of the object name.
+	MatchesSuffix []string `json:"matchesSuffix,omitempty"`
+
+	// NoncurrentTimeBefore: A date in RFC 3339 format with only the date
+	// part (for instance, "2013-01-15"). This condition is satisfied when
+	// the noncurrent time on an object is before this date in UTC. This
+	// condition is relevant only for versioned objects.
+	NoncurrentTimeBefore string `json:"noncurrentTimeBefore,omitempty"`
+
+	// NumNewerVersions: Relevant only for versioned objects. If the value
+	// is N, this condition is satisfied when there are at least N versions
+	// (including the live version) newer than this version of the object.
+	NumNewerVersions int64 `json:"numNewerVersions,omitempty"`
+
+	// ForceSendFields is a list of field names (e.g. "Age") to
+	// unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "Age") to include in API
+	// requests with the JSON null value. By default, fields with empty
+	// values are omitted from API requests. However, any field with an
+	// empty value appearing in NullFields will be sent to the server as
+	// null. It is an error if a field in this list has a non-empty value.
+	// This may be used to include null fields in Patch requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *BucketLifecycleRuleCondition) MarshalJSON() ([]byte, error) {
+	type NoMethod BucketLifecycleRuleCondition
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
+// BucketLogging: The bucket's logging configuration, which defines the
+// destination bucket and optional name prefix for the current bucket's
+// logs.
+type BucketLogging struct {
+	// LogBucket: The destination bucket where the current bucket's logs
+	// should be placed.
+	LogBucket string `json:"logBucket,omitempty"`
+
+	// LogObjectPrefix: A prefix for log object names.
+	LogObjectPrefix string `json:"logObjectPrefix,omitempty"`
+
+	// ForceSendFields is a list of field names (e.g. "LogBucket") to
+	// unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "LogBucket") to include in
+	// API requests with the JSON null value. By default, fields with empty
+	// values are omitted from API requests. However, any field with an
+	// empty value appearing in NullFields will be sent to the server as
+	// null. It is an error if a field in this list has a non-empty value.
+	// This may be used to include null fields in Patch requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *BucketLogging) MarshalJSON() ([]byte, error) {
+	type NoMethod BucketLogging
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
+// BucketOwner: The owner of the bucket. This is always the project
+// team's owner group.
+type BucketOwner struct {
+	// Entity: The entity, in the form project-owner-projectId.
+	Entity string `json:"entity,omitempty"`
+
+	// EntityId: The ID for the entity.
+	EntityId string `json:"entityId,omitempty"`
+
+	// ForceSendFields is a list of field names (e.g. "Entity") to
+	// unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "Entity") to include in API
+	// requests with the JSON null value. By default, fields with empty
+	// values are omitted from API requests. However, any field with an
+	// empty value appearing in NullFields will be sent to the server as
+	// null. It is an error if a field in this list has a non-empty value.
+	// This may be used to include null fields in Patch requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *BucketOwner) MarshalJSON() ([]byte, error) {
+	type NoMethod BucketOwner
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
+// BucketRetentionPolicy: The bucket's retention policy. The retention
+// policy enforces a minimum retention time for all objects contained in
+// the bucket, based on their creation time. Any attempt to overwrite or
+// delete objects younger than the retention period will result in a
+// PERMISSION_DENIED error. An unlocked retention policy can be modified
+// or removed from the bucket via a storage.buckets.update operation. A
+// locked retention policy cannot be removed or shortened in duration
+// for the lifetime of the bucket. Attempting to remove or decrease
+// period of a locked retention policy will result in a
+// PERMISSION_DENIED error.
+type BucketRetentionPolicy struct {
+	// EffectiveTime: Server-determined value that indicates the time from
+	// which policy was enforced and effective. This value is in RFC 3339
+	// format.
+	EffectiveTime string `json:"effectiveTime,omitempty"`
+
+	// IsLocked: Once locked, an object retention policy cannot be modified.
+	IsLocked bool `json:"isLocked,omitempty"`
+
+	// RetentionPeriod: The duration in seconds that objects need to be
+	// retained. Retention duration must be greater than zero and less than
+	// 100 years. Note that enforcement of retention periods less than a day
+	// is not guaranteed. Such periods should only be used for testing
+	// purposes.
+	RetentionPeriod int64 `json:"retentionPeriod,omitempty,string"`
+
+	// ForceSendFields is a list of field names (e.g. "EffectiveTime") to
+	// unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "EffectiveTime") to include
+	// in API requests with the JSON null value. By default, fields with
+	// empty values are omitted from API requests. However, any field with
+	// an empty value appearing in NullFields will be sent to the server as
+	// null. It is an error if a field in this list has a non-empty value.
+	// This may be used to include null fields in Patch requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *BucketRetentionPolicy) MarshalJSON() ([]byte, error) {
+	type NoMethod BucketRetentionPolicy
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
+// BucketVersioning: The bucket's versioning configuration.
+type BucketVersioning struct {
+	// Enabled: While set to true, versioning is fully enabled for this
+	// bucket.
+	Enabled bool `json:"enabled,omitempty"`
+
+	// ForceSendFields is a list of field names (e.g. "Enabled") to
+	// unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "Enabled") to include in
+	// API requests with the JSON null value. By default, fields with empty
+	// values are omitted from API requests. However, any field with an
+	// empty value appearing in NullFields will be sent to the server as
+	// null. It is an error if a field in this list has a non-empty value.
+	// This may be used to include null fields in Patch requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *BucketVersioning) MarshalJSON() ([]byte, error) {
+	type NoMethod BucketVersioning
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
+// BucketWebsite: The bucket's website configuration, controlling how
+// the service behaves when accessing bucket contents as a web site. See
+// the Static Website Examples for more information.
+type BucketWebsite struct {
+	// MainPageSuffix: If the requested object path is missing, the service
+	// will ensure the path has a trailing '/', append this suffix, and
+	// attempt to retrieve the resulting object. This allows the creation of
+	// index.html objects to represent directory pages.
+	MainPageSuffix string `json:"mainPageSuffix,omitempty"`
+
+	// NotFoundPage: If the requested object path is missing, and any
+	// mainPageSuffix object is missing, if applicable, the service will
+	// return the named object from this bucket as the content for a 404 Not
+	// Found result.
+	NotFoundPage string `json:"notFoundPage,omitempty"`
+
+	// ForceSendFields is a list of field names (e.g. "MainPageSuffix") to
+	// unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "MainPageSuffix") to
+	// include in API requests with the JSON null value. By default, fields
+	// with empty values are omitted from API requests. However, any field
+	// with an empty value appearing in NullFields will be sent to the
+	// server as null. It is an error if a field in this list has a
+	// non-empty value. This may be used to include null fields in Patch
+	// requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *BucketWebsite) MarshalJSON() ([]byte, error) {
+	type NoMethod BucketWebsite
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
+// BucketAccessControl: An access-control entry.
+type BucketAccessControl struct {
+	// Bucket: The name of the bucket.
+	Bucket string `json:"bucket,omitempty"`
+
+	// Domain: The domain associated with the entity, if any.
+	Domain string `json:"domain,omitempty"`
+
+	// Email: The email address associated with the entity, if any.
+	Email string `json:"email,omitempty"`
+
+	// Entity: The entity holding the permission, in one of the following
+	// forms:
+	// - user-userId
+	// - user-email
+	// - group-groupId
+	// - group-email
+	// - domain-domain
+	// - project-team-projectId
+	// - allUsers
+	// - allAuthenticatedUsers Examples:
+	// - The user liz@example.com would be user-liz@example.com.
+	// - The group example@googlegroups.com would be
+	// group-example@googlegroups.com.
+	// - To refer to all members of the Google Apps for Business domain
+	// example.com, the entity would be domain-example.com.
+	Entity string `json:"entity,omitempty"`
+
+	// EntityId: The ID for the entity, if any.
+	EntityId string `json:"entityId,omitempty"`
+
+	// Etag: HTTP 1.1 Entity tag for the access-control entry.
+	Etag string `json:"etag,omitempty"`
+
+	// Id: The ID of the access-control entry.
+	Id string `json:"id,omitempty"`
+
+	// Kind: The kind of item this is. For bucket access control entries,
+	// this is always storage#bucketAccessControl.
+	Kind string `json:"kind,omitempty"`
+
+	// ProjectTeam: The project team associated with the entity, if any.
+	ProjectTeam *BucketAccessControlProjectTeam `json:"projectTeam,omitempty"`
+
+	// Role: The access permission for the entity.
+	Role string `json:"role,omitempty"`
+
+	// SelfLink: The link to this access-control entry.
+	SelfLink string `json:"selfLink,omitempty"`
+
+	// ServerResponse contains the HTTP response code and headers from the
+	// server.
+	googleapi.ServerResponse `json:"-"`
+
+	// ForceSendFields is a list of field names (e.g. "Bucket") to
+	// unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "Bucket") to include in API
+	// requests with the JSON null value. By default, fields with empty
+	// values are omitted from API requests. However, any field with an
+	// empty value appearing in NullFields will be sent to the server as
+	// null. It is an error if a field in this list has a non-empty value.
+	// This may be used to include null fields in Patch requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *BucketAccessControl) MarshalJSON() ([]byte, error) {
+	type NoMethod BucketAccessControl
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
+// BucketAccessControlProjectTeam: The project team associated with the
+// entity, if any.
+type BucketAccessControlProjectTeam struct {
+	// ProjectNumber: The project number.
+	ProjectNumber string `json:"projectNumber,omitempty"`
+
+	// Team: The team.
+	Team string `json:"team,omitempty"`
+
+	// ForceSendFields is a list of field names (e.g. "ProjectNumber") to
+	// unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "ProjectNumber") to include
+	// in API requests with the JSON null value. By default, fields with
+	// empty values are omitted from API requests. However, any field with
+	// an empty value appearing in NullFields will be sent to the server as
+	// null. It is an error if a field in this list has a non-empty value.
+	// This may be used to include null fields in Patch requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *BucketAccessControlProjectTeam) MarshalJSON() ([]byte, error) {
+	type NoMethod BucketAccessControlProjectTeam
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
+// BucketAccessControls: An access-control list.
+type BucketAccessControls struct {
+	// Items: The list of items.
+	Items []*BucketAccessControl `json:"items,omitempty"`
+
+	// Kind: The kind of item this is. For lists of bucket access control
+	// entries, this is always storage#bucketAccessControls.
+	Kind string `json:"kind,omitempty"`
+
+	// ServerResponse contains the HTTP response code and headers from the
+	// server.
+	googleapi.ServerResponse `json:"-"`
+
+	// ForceSendFields is a list of field names (e.g. "Items") to
+	// unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "Items") to include in API
+	// requests with the JSON null value. By default, fields with empty
+	// values are omitted from API requests. However, any field with an
+	// empty value appearing in NullFields will be sent to the server as
+	// null. It is an error if a field in this list has a non-empty value.
+	// This may be used to include null fields in Patch requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *BucketAccessControls) MarshalJSON() ([]byte, error) {
+	type NoMethod BucketAccessControls
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
+// Buckets: A list of buckets.
+type Buckets struct {
+	// Items: The list of items.
+	Items []*Bucket `json:"items,omitempty"`
+
+	// Kind: The kind of item this is. For lists of buckets, this is always
+	// storage#buckets.
+	Kind string `json:"kind,omitempty"`
+
+	// NextPageToken: The continuation token, used to page through large
+	// result sets. Provide this value in a subsequent request to return the
+	// next page of results.
+	NextPageToken string `json:"nextPageToken,omitempty"`
+
+	// ServerResponse contains the HTTP response code and headers from the
+	// server.
+	googleapi.ServerResponse `json:"-"`
+
+	// ForceSendFields is a list of field names (e.g. "Items") to
+	// unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "Items") to include in API
+	// requests with the JSON null value. By default, fields with empty
+	// values are omitted from API requests. However, any field with an
+	// empty value appearing in NullFields will be sent to the server as
+	// null. It is an error if a field in this list has a non-empty value.
+	// This may be used to include null fields in Patch requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *Buckets) MarshalJSON() ([]byte, error) {
+	type NoMethod Buckets
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
+// Channel: An notification channel used to watch for resource changes.
+type Channel struct {
+	// Address: The address where notifications are delivered for this
+	// channel.
+	Address string `json:"address,omitempty"`
+
+	// Expiration: Date and time of notification channel expiration,
+	// expressed as a Unix timestamp, in milliseconds. Optional.
+	Expiration int64 `json:"expiration,omitempty,string"`
+
+	// Id: A UUID or similar unique string that identifies this channel.
+	Id string `json:"id,omitempty"`
+
+	// Kind: Identifies this as a notification channel used to watch for
+	// changes to a resource, which is "api#channel".
+	Kind string `json:"kind,omitempty"`
+
+	// Params: Additional parameters controlling delivery channel behavior.
+	// Optional.
+	Params map[string]string `json:"params,omitempty"`
+
+	// Payload: A Boolean value to indicate whether payload is wanted.
+	// Optional.
+	Payload bool `json:"payload,omitempty"`
+
+	// ResourceId: An opaque ID that identifies the resource being watched
+	// on this channel. Stable across different API versions.
+	ResourceId string `json:"resourceId,omitempty"`
+
+	// ResourceUri: A version-specific identifier for the watched resource.
+	ResourceUri string `json:"resourceUri,omitempty"`
+
+	// Token: An arbitrary string delivered to the target address with each
+	// notification delivered over this channel. Optional.
+	Token string `json:"token,omitempty"`
+
+	// Type: The type of delivery mechanism used for this channel.
+	Type string `json:"type,omitempty"`
+
+	// ServerResponse contains the HTTP response code and headers from the
+	// server.
+	googleapi.ServerResponse `json:"-"`
+
+	// ForceSendFields is a list of field names (e.g. "Address") to
+	// unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "Address") to include in
+	// API requests with the JSON null value. By default, fields with empty
+	// values are omitted from API requests. However, any field with an
+	// empty value appearing in NullFields will be sent to the server as
+	// null. It is an error if a field in this list has a non-empty value.
+	// This may be used to include null fields in Patch requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *Channel) MarshalJSON() ([]byte, error) {
+	type NoMethod Channel
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
+// ComposeRequest: A Compose request.
+type ComposeRequest struct {
+	// Destination: Properties of the resulting object.
+	Destination *Object `json:"destination,omitempty"`
+
+	// Kind: The kind of item this is.
+	Kind string `json:"kind,omitempty"`
+
+	// SourceObjects: The list of source objects that will be concatenated
+	// into a single object.
+	SourceObjects []*ComposeRequestSourceObjects `json:"sourceObjects,omitempty"`
+
+	// ForceSendFields is a list of field names (e.g. "Destination") to
+	// unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "Destination") to include
+	// in API requests with the JSON null value. By default, fields with
+	// empty values are omitted from API requests. However, any field with
+	// an empty value appearing in NullFields will be sent to the server as
+	// null. It is an error if a field in this list has a non-empty value.
+	// This may be used to include null fields in Patch requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *ComposeRequest) MarshalJSON() ([]byte, error) {
+	type NoMethod ComposeRequest
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
+type ComposeRequestSourceObjects struct {
+	// Generation: The generation of this object to use as the source.
+	Generation int64 `json:"generation,omitempty,string"`
+
+	// Name: The source object's name. All source objects must reside in the
+	// same bucket.
+	Name string `json:"name,omitempty"`
+
+	// ObjectPreconditions: Conditions that must be met for this operation
+	// to execute.
+	ObjectPreconditions *ComposeRequestSourceObjectsObjectPreconditions `json:"objectPreconditions,omitempty"`
+
+	// ForceSendFields is a list of field names (e.g. "Generation") to
+	// unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "Generation") to include in
+	// API requests with the JSON null value. By default, fields with empty
+	// values are omitted from API requests. However, any field with an
+	// empty value appearing in NullFields will be sent to the server as
+	// null. It is an error if a field in this list has a non-empty value.
+	// This may be used to include null fields in Patch requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *ComposeRequestSourceObjects) MarshalJSON() ([]byte, error) {
+	type NoMethod ComposeRequestSourceObjects
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
+// ComposeRequestSourceObjectsObjectPreconditions: Conditions that must
+// be met for this operation to execute.
+type ComposeRequestSourceObjectsObjectPreconditions struct {
+	// IfGenerationMatch: Only perform the composition if the generation of
+	// the source object that would be used matches this value. If this
+	// value and a generation are both specified, they must be the same
+	// value or the call will fail.
+	IfGenerationMatch int64 `json:"ifGenerationMatch,omitempty,string"`
+
+	// ForceSendFields is a list of field names (e.g. "IfGenerationMatch")
+	// to unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "IfGenerationMatch") to
+	// include in API requests with the JSON null value. By default, fields
+	// with empty values are omitted from API requests. However, any field
+	// with an empty value appearing in NullFields will be sent to the
+	// server as null. It is an error if a field in this list has a
+	// non-empty value. This may be used to include null fields in Patch
+	// requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *ComposeRequestSourceObjectsObjectPreconditions) MarshalJSON() ([]byte, error) {
+	type NoMethod ComposeRequestSourceObjectsObjectPreconditions
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
+// Expr: Represents an expression text. Example: title: "User account
+// presence" description: "Determines whether the request has a user
+// account" expression: "size(request.user) > 0"
+type Expr struct {
+	// Description: An optional description of the expression. This is a
+	// longer text which describes the expression, e.g. when hovered over it
+	// in a UI.
+	Description string `json:"description,omitempty"`
+
+	// Expression: Textual representation of an expression in Common
+	// Expression Language syntax. The application context of the containing
+	// message determines which well-known feature set of CEL is supported.
+	Expression string `json:"expression,omitempty"`
+
+	// Location: An optional string indicating the location of the
+	// expression for error reporting, e.g. a file name and a position in
+	// the file.
+	Location string `json:"location,omitempty"`
+
+	// Title: An optional title for the expression, i.e. a short string
+	// describing its purpose. This can be used e.g. in UIs which allow to
+	// enter the expression.
+	Title string `json:"title,omitempty"`
+
+	// ForceSendFields is a list of field names (e.g. "Description") to
+	// unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "Description") to include
+	// in API requests with the JSON null value. By default, fields with
+	// empty values are omitted from API requests. However, any field with
+	// an empty value appearing in NullFields will be sent to the server as
+	// null. It is an error if a field in this list has a non-empty value.
+	// This may be used to include null fields in Patch requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *Expr) MarshalJSON() ([]byte, error) {
+	type NoMethod Expr
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
+// HmacKey: JSON template to produce a JSON-style HMAC Key resource for
+// Create responses.
+type HmacKey struct {
+	// Kind: The kind of item this is. For HMAC keys, this is always
+	// storage#hmacKey.
+	Kind string `json:"kind,omitempty"`
+
+	// Metadata: Key metadata.
+	Metadata *HmacKeyMetadata `json:"metadata,omitempty"`
+
+	// Secret: HMAC secret key material.
+	Secret string `json:"secret,omitempty"`
+
+	// ServerResponse contains the HTTP response code and headers from the
+	// server.
+	googleapi.ServerResponse `json:"-"`
+
+	// ForceSendFields is a list of field names (e.g. "Kind") to
+	// unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "Kind") to include in API
+	// requests with the JSON null value. By default, fields with empty
+	// values are omitted from API requests. However, any field with an
+	// empty value appearing in NullFields will be sent to the server as
+	// null. It is an error if a field in this list has a non-empty value.
+	// This may be used to include null fields in Patch requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *HmacKey) MarshalJSON() ([]byte, error) {
+	type NoMethod HmacKey
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
+// HmacKeyMetadata: JSON template to produce a JSON-style HMAC Key
+// metadata resource.
+type HmacKeyMetadata struct {
+	// AccessId: The ID of the HMAC Key.
+	AccessId string `json:"accessId,omitempty"`
+
+	// Etag: HTTP 1.1 Entity tag for the HMAC key.
+	Etag string `json:"etag,omitempty"`
+
+	// Id: The ID of the HMAC key, including the Project ID and the Access
+	// ID.
+	Id string `json:"id,omitempty"`
+
+	// Kind: The kind of item this is. For HMAC Key metadata, this is always
+	// storage#hmacKeyMetadata.
+	Kind string `json:"kind,omitempty"`
+
+	// ProjectId: Project ID owning the service account to which the key
+	// authenticates.
+	ProjectId string `json:"projectId,omitempty"`
+
+	// SelfLink: The link to this resource.
+	SelfLink string `json:"selfLink,omitempty"`
+
+	// ServiceAccountEmail: The email address of the key's associated
+	// service account.
+	ServiceAccountEmail string `json:"serviceAccountEmail,omitempty"`
+
+	// State: The state of the key. Can be one of ACTIVE, INACTIVE, or
+	// DELETED.
+	State string `json:"state,omitempty"`
+
+	// TimeCreated: The creation time of the HMAC key in RFC 3339 format.
+	TimeCreated string `json:"timeCreated,omitempty"`
+
+	// Updated: The last modification time of the HMAC key metadata in RFC
+	// 3339 format.
+	Updated string `json:"updated,omitempty"`
+
+	// ServerResponse contains the HTTP response code and headers from the
+	// server.
+	googleapi.ServerResponse `json:"-"`
+
+	// ForceSendFields is a list of field names (e.g. "AccessId") to
+	// unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "AccessId") to include in
+	// API requests with the JSON null value. By default, fields with empty
+	// values are omitted from API requests. However, any field with an
+	// empty value appearing in NullFields will be sent to the server as
+	// null. It is an error if a field in this list has a non-empty value.
+	// This may be used to include null fields in Patch requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *HmacKeyMetadata) MarshalJSON() ([]byte, error) {
+	type NoMethod HmacKeyMetadata
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
+// HmacKeysMetadata: A list of hmacKeys.
+type HmacKeysMetadata struct {
+	// Items: The list of items.
+	Items []*HmacKeyMetadata `json:"items,omitempty"`
+
+	// Kind: The kind of item this is. For lists of hmacKeys, this is always
+	// storage#hmacKeysMetadata.
+	Kind string `json:"kind,omitempty"`
+
+	// NextPageToken: The continuation token, used to page through large
+	// result sets. Provide this value in a subsequent request to return the
+	// next page of results.
+	NextPageToken string `json:"nextPageToken,omitempty"`
+
+	// ServerResponse contains the HTTP response code and headers from the
+	// server.
+	googleapi.ServerResponse `json:"-"`
+
+	// ForceSendFields is a list of field names (e.g. "Items") to
+	// unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "Items") to include in API
+	// requests with the JSON null value. By default, fields with empty
+	// values are omitted from API requests. However, any field with an
+	// empty value appearing in NullFields will be sent to the server as
+	// null. It is an error if a field in this list has a non-empty value.
+	// This may be used to include null fields in Patch requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *HmacKeysMetadata) MarshalJSON() ([]byte, error) {
+	type NoMethod HmacKeysMetadata
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
+// Notification: A subscription to receive Google PubSub notifications.
+type Notification struct {
+	// CustomAttributes: An optional list of additional attributes to attach
+	// to each Cloud PubSub message published for this notification
+	// subscription.
+	CustomAttributes map[string]string `json:"custom_attributes,omitempty"`
+
+	// Etag: HTTP 1.1 Entity tag for this subscription notification.
+	Etag string `json:"etag,omitempty"`
+
+	// EventTypes: If present, only send notifications about listed event
+	// types. If empty, sent notifications for all event types.
+	EventTypes []string `json:"event_types,omitempty"`
+
+	// Id: The ID of the notification.
+	Id string `json:"id,omitempty"`
+
+	// Kind: The kind of item this is. For notifications, this is always
+	// storage#notification.
+	Kind string `json:"kind,omitempty"`
+
+	// ObjectNamePrefix: If present, only apply this notification
+	// configuration to object names that begin with this prefix.
+	ObjectNamePrefix string `json:"object_name_prefix,omitempty"`
+
+	// PayloadFormat: The desired content of the Payload.
+	PayloadFormat string `json:"payload_format,omitempty"`
+
+	// SelfLink: The canonical URL of this notification.
+	SelfLink string `json:"selfLink,omitempty"`
+
+	// Topic: The Cloud PubSub topic to which this subscription publishes.
+	// Formatted as:
+	// '//pubsub.googleapis.com/projects/{project-identifier}/topics/{my-topi
+	// c}'
+	Topic string `json:"topic,omitempty"`
+
+	// ServerResponse contains the HTTP response code and headers from the
+	// server.
+	googleapi.ServerResponse `json:"-"`
+
+	// ForceSendFields is a list of field names (e.g. "CustomAttributes") to
+	// unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "CustomAttributes") to
+	// include in API requests with the JSON null value. By default, fields
+	// with empty values are omitted from API requests. However, any field
+	// with an empty value appearing in NullFields will be sent to the
+	// server as null. It is an error if a field in this list has a
+	// non-empty value. This may be used to include null fields in Patch
+	// requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *Notification) MarshalJSON() ([]byte, error) {
+	type NoMethod Notification
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
+// Notifications: A list of notification subscriptions.
+type Notifications struct {
+	// Items: The list of items.
+	Items []*Notification `json:"items,omitempty"`
+
+	// Kind: The kind of item this is. For lists of notifications, this is
+	// always storage#notifications.
+	Kind string `json:"kind,omitempty"`
+
+	// ServerResponse contains the HTTP response code and headers from the
+	// server.
+	googleapi.ServerResponse `json:"-"`
+
+	// ForceSendFields is a list of field names (e.g. "Items") to
+	// unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "Items") to include in API
+	// requests with the JSON null value. By default, fields with empty
+	// values are omitted from API requests. However, any field with an
+	// empty value appearing in NullFields will be sent to the server as
+	// null. It is an error if a field in this list has a non-empty value.
+	// This may be used to include null fields in Patch requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *Notifications) MarshalJSON() ([]byte, error) {
+	type NoMethod Notifications
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
+// Object: An object.
+type Object struct {
+	// Acl: Access controls on the object.
+	Acl []*ObjectAccessControl `json:"acl,omitempty"`
+
+	// Bucket: The name of the bucket containing this object.
+	Bucket string `json:"bucket,omitempty"`
+
+	// CacheControl: Cache-Control directive for the object data. If
+	// omitted, and the object is accessible to all anonymous users, the
+	// default will be public, max-age=3600.
+	CacheControl string `json:"cacheControl,omitempty"`
+
+	// ComponentCount: Number of underlying components that make up this
+	// object. Components are accumulated by compose operations.
+	ComponentCount int64 `json:"componentCount,omitempty"`
+
+	// ContentDisposition: Content-Disposition of the object data.
+	ContentDisposition string `json:"contentDisposition,omitempty"`
+
+	// ContentEncoding: Content-Encoding of the object data.
+	ContentEncoding string `json:"contentEncoding,omitempty"`
+
+	// ContentLanguage: Content-Language of the object data.
+	ContentLanguage string `json:"contentLanguage,omitempty"`
+
+	// ContentType: Content-Type of the object data. If an object is stored
+	// without a Content-Type, it is served as application/octet-stream.
+	ContentType string `json:"contentType,omitempty"`
+
+	// Crc32c: CRC32c checksum, as described in RFC 4960, Appendix B;
+	// encoded using base64 in big-endian byte order. For more information
+	// about using the CRC32c checksum, see Hashes and ETags: Best
+	// Practices.
+	Crc32c string `json:"crc32c,omitempty"`
+
+	// CustomTime: A timestamp in RFC 3339 format specified by the user for
+	// an object.
+	CustomTime string `json:"customTime,omitempty"`
+
+	// CustomerEncryption: Metadata of customer-supplied encryption key, if
+	// the object is encrypted by such a key.
+	CustomerEncryption *ObjectCustomerEncryption `json:"customerEncryption,omitempty"`
+
+	// Etag: HTTP 1.1 Entity tag for the object.
+	Etag string `json:"etag,omitempty"`
+
+	// EventBasedHold: Whether an object is under event-based hold.
+	// Event-based hold is a way to retain objects until an event occurs,
+	// which is signified by the hold's release (i.e. this value is set to
+	// false). After being released (set to false), such objects will be
+	// subject to bucket-level retention (if any). One sample use case of
+	// this flag is for banks to hold loan documents for at least 3 years
+	// after loan is paid in full. Here, bucket-level retention is 3 years
+	// and the event is the loan being paid in full. In this example, these
+	// objects will be held intact for any number of years until the event
+	// has occurred (event-based hold on the object is released) and then 3
+	// more years after that. That means retention duration of the objects
+	// begins from the moment event-based hold transitioned from true to
+	// false.
+	EventBasedHold bool `json:"eventBasedHold,omitempty"`
+
+	// Generation: The content generation of this object. Used for object
+	// versioning.
+	Generation int64 `json:"generation,omitempty,string"`
+
+	// Id: The ID of the object, including the bucket name, object name, and
+	// generation number.
+	Id string `json:"id,omitempty"`
+
+	// Kind: The kind of item this is. For objects, this is always
+	// storage#object.
+	Kind string `json:"kind,omitempty"`
+
+	// KmsKeyName: Not currently supported. Specifying the parameter causes
+	// the request to fail with status code 400 - Bad Request.
+	KmsKeyName string `json:"kmsKeyName,omitempty"`
+
+	// Md5Hash: MD5 hash of the data; encoded using base64. For more
+	// information about using the MD5 hash, see Hashes and ETags: Best
+	// Practices.
+	Md5Hash string `json:"md5Hash,omitempty"`
+
+	// MediaLink: Media download link.
+	MediaLink string `json:"mediaLink,omitempty"`
+
+	// Metadata: User-provided metadata, in key/value pairs.
+	Metadata map[string]string `json:"metadata,omitempty"`
+
+	// Metageneration: The version of the metadata for this object at this
+	// generation. Used for preconditions and for detecting changes in
+	// metadata. A metageneration number is only meaningful in the context
+	// of a particular generation of a particular object.
+	Metageneration int64 `json:"metageneration,omitempty,string"`
+
+	// Name: The name of the object. Required if not specified by URL
+	// parameter.
+	Name string `json:"name,omitempty"`
+
+	// Owner: The owner of the object. This will always be the uploader of
+	// the object.
+	Owner *ObjectOwner `json:"owner,omitempty"`
+
+	// RetentionExpirationTime: A server-determined value that specifies the
+	// earliest time that the object's retention period expires. This value
+	// is in RFC 3339 format. Note 1: This field is not provided for objects
+	// with an active event-based hold, since retention expiration is
+	// unknown until the hold is removed. Note 2: This value can be provided
+	// even when temporary hold is set (so that the user can reason about
+	// policy without having to first unset the temporary hold).
+	RetentionExpirationTime string `json:"retentionExpirationTime,omitempty"`
+
+	// SelfLink: The link to this object.
+	SelfLink string `json:"selfLink,omitempty"`
+
+	// Size: Content-Length of the data in bytes.
+	Size uint64 `json:"size,omitempty,string"`
+
+	// StorageClass: Storage class of the object.
+	StorageClass string `json:"storageClass,omitempty"`
+
+	// TemporaryHold: Whether an object is under temporary hold. While this
+	// flag is set to true, the object is protected against deletion and
+	// overwrites. A common use case of this flag is regulatory
+	// investigations where objects need to be retained while the
+	// investigation is ongoing. Note that unlike event-based hold,
+	// temporary hold does not impact retention expiration time of an
+	// object.
+	TemporaryHold bool `json:"temporaryHold,omitempty"`
+
+	// TimeCreated: The creation time of the object in RFC 3339 format.
+	TimeCreated string `json:"timeCreated,omitempty"`
+
+	// TimeDeleted: The deletion time of the object in RFC 3339 format. Will
+	// be returned if and only if this version of the object has been
+	// deleted.
+	TimeDeleted string `json:"timeDeleted,omitempty"`
+
+	// TimeStorageClassUpdated: The time at which the object's storage class
+	// was last changed. When the object is initially created, it will be
+	// set to timeCreated.
+	TimeStorageClassUpdated string `json:"timeStorageClassUpdated,omitempty"`
+
+	// Updated: The modification time of the object metadata in RFC 3339
+	// format. Set initially to object creation time and then updated
+	// whenever any metadata of the object changes. This includes changes
+	// made by a requester, such as modifying custom metadata, as well as
+	// changes made by Cloud Storage on behalf of a requester, such as
+	// changing the storage class based on an Object Lifecycle
+	// Configuration.
+	Updated string `json:"updated,omitempty"`
+
+	// ServerResponse contains the HTTP response code and headers from the
+	// server.
+	googleapi.ServerResponse `json:"-"`
+
+	// ForceSendFields is a list of field names (e.g. "Acl") to
+	// unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "Acl") to include in API
+	// requests with the JSON null value. By default, fields with empty
+	// values are omitted from API requests. However, any field with an
+	// empty value appearing in NullFields will be sent to the server as
+	// null. It is an error if a field in this list has a non-empty value.
+	// This may be used to include null fields in Patch requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *Object) MarshalJSON() ([]byte, error) {
+	type NoMethod Object
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
+// ObjectCustomerEncryption: Metadata of customer-supplied encryption
+// key, if the object is encrypted by such a key.
+type ObjectCustomerEncryption struct {
+	// EncryptionAlgorithm: The encryption algorithm.
+	EncryptionAlgorithm string `json:"encryptionAlgorithm,omitempty"`
+
+	// KeySha256: SHA256 hash value of the encryption key.
+	KeySha256 string `json:"keySha256,omitempty"`
+
+	// ForceSendFields is a list of field names (e.g. "EncryptionAlgorithm")
+	// to unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "EncryptionAlgorithm") to
+	// include in API requests with the JSON null value. By default, fields
+	// with empty values are omitted from API requests. However, any field
+	// with an empty value appearing in NullFields will be sent to the
+	// server as null. It is an error if a field in this list has a
+	// non-empty value. This may be used to include null fields in Patch
+	// requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *ObjectCustomerEncryption) MarshalJSON() ([]byte, error) {
+	type NoMethod ObjectCustomerEncryption
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
+// ObjectOwner: The owner of the object. This will always be the
+// uploader of the object.
+type ObjectOwner struct {
+	// Entity: The entity, in the form user-userId.
+	Entity string `json:"entity,omitempty"`
+
+	// EntityId: The ID for the entity.
+	EntityId string `json:"entityId,omitempty"`
+
+	// ForceSendFields is a list of field names (e.g. "Entity") to
+	// unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "Entity") to include in API
+	// requests with the JSON null value. By default, fields with empty
+	// values are omitted from API requests. However, any field with an
+	// empty value appearing in NullFields will be sent to the server as
+	// null. It is an error if a field in this list has a non-empty value.
+	// This may be used to include null fields in Patch requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *ObjectOwner) MarshalJSON() ([]byte, error) {
+	type NoMethod ObjectOwner
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
+// ObjectAccessControl: An access-control entry.
+type ObjectAccessControl struct {
+	// Bucket: The name of the bucket.
+	Bucket string `json:"bucket,omitempty"`
+
+	// Domain: The domain associated with the entity, if any.
+	Domain string `json:"domain,omitempty"`
+
+	// Email: The email address associated with the entity, if any.
+	Email string `json:"email,omitempty"`
+
+	// Entity: The entity holding the permission, in one of the following
+	// forms:
+	// - user-userId
+	// - user-email
+	// - group-groupId
+	// - group-email
+	// - domain-domain
+	// - project-team-projectId
+	// - allUsers
+	// - allAuthenticatedUsers Examples:
+	// - The user liz@example.com would be user-liz@example.com.
+	// - The group example@googlegroups.com would be
+	// group-example@googlegroups.com.
+	// - To refer to all members of the Google Apps for Business domain
+	// example.com, the entity would be domain-example.com.
+	Entity string `json:"entity,omitempty"`
+
+	// EntityId: The ID for the entity, if any.
+	EntityId string `json:"entityId,omitempty"`
+
+	// Etag: HTTP 1.1 Entity tag for the access-control entry.
+	Etag string `json:"etag,omitempty"`
+
+	// Generation: The content generation of the object, if applied to an
+	// object.
+	Generation int64 `json:"generation,omitempty,string"`
+
+	// Id: The ID of the access-control entry.
+	Id string `json:"id,omitempty"`
+
+	// Kind: The kind of item this is. For object access control entries,
+	// this is always storage#objectAccessControl.
+	Kind string `json:"kind,omitempty"`
+
+	// Object: The name of the object, if applied to an object.
+	Object string `json:"object,omitempty"`
+
+	// ProjectTeam: The project team associated with the entity, if any.
+	ProjectTeam *ObjectAccessControlProjectTeam `json:"projectTeam,omitempty"`
+
+	// Role: The access permission for the entity.
+	Role string `json:"role,omitempty"`
+
+	// SelfLink: The link to this access-control entry.
+	SelfLink string `json:"selfLink,omitempty"`
+
+	// ServerResponse contains the HTTP response code and headers from the
+	// server.
+	googleapi.ServerResponse `json:"-"`
+
+	// ForceSendFields is a list of field names (e.g. "Bucket") to
+	// unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "Bucket") to include in API
+	// requests with the JSON null value. By default, fields with empty
+	// values are omitted from API requests. However, any field with an
+	// empty value appearing in NullFields will be sent to the server as
+	// null. It is an error if a field in this list has a non-empty value.
+	// This may be used to include null fields in Patch requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *ObjectAccessControl) MarshalJSON() ([]byte, error) {
+	type NoMethod ObjectAccessControl
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
+// ObjectAccessControlProjectTeam: The project team associated with the
+// entity, if any.
+type ObjectAccessControlProjectTeam struct {
+	// ProjectNumber: The project number.
+	ProjectNumber string `json:"projectNumber,omitempty"`
+
+	// Team: The team.
+	Team string `json:"team,omitempty"`
+
+	// ForceSendFields is a list of field names (e.g. "ProjectNumber") to
+	// unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "ProjectNumber") to include
+	// in API requests with the JSON null value. By default, fields with
+	// empty values are omitted from API requests. However, any field with
+	// an empty value appearing in NullFields will be sent to the server as
+	// null. It is an error if a field in this list has a non-empty value.
+	// This may be used to include null fields in Patch requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *ObjectAccessControlProjectTeam) MarshalJSON() ([]byte, error) {
+	type NoMethod ObjectAccessControlProjectTeam
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
+// ObjectAccessControls: An access-control list.
+type ObjectAccessControls struct {
+	// Items: The list of items.
+	Items []*ObjectAccessControl `json:"items,omitempty"`
+
+	// Kind: The kind of item this is. For lists of object access control
+	// entries, this is always storage#objectAccessControls.
+	Kind string `json:"kind,omitempty"`
+
+	// ServerResponse contains the HTTP response code and headers from the
+	// server.
+	googleapi.ServerResponse `json:"-"`
+
+	// ForceSendFields is a list of field names (e.g. "Items") to
+	// unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "Items") to include in API
+	// requests with the JSON null value. By default, fields with empty
+	// values are omitted from API requests. However, any field with an
+	// empty value appearing in NullFields will be sent to the server as
+	// null. It is an error if a field in this list has a non-empty value.
+	// This may be used to include null fields in Patch requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *ObjectAccessControls) MarshalJSON() ([]byte, error) {
+	type NoMethod ObjectAccessControls
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
+// Objects: A list of objects.
+type Objects struct {
+	// Items: The list of items.
+	Items []*Object `json:"items,omitempty"`
+
+	// Kind: The kind of item this is. For lists of objects, this is always
+	// storage#objects.
+	Kind string `json:"kind,omitempty"`
+
+	// NextPageToken: The continuation token, used to page through large
+	// result sets. Provide this value in a subsequent request to return the
+	// next page of results.
+	NextPageToken string `json:"nextPageToken,omitempty"`
+
+	// Prefixes: The list of prefixes of objects matching-but-not-listed up
+	// to and including the requested delimiter.
+	Prefixes []string `json:"prefixes,omitempty"`
+
+	// ServerResponse contains the HTTP response code and headers from the
+	// server.
+	googleapi.ServerResponse `json:"-"`
+
+	// ForceSendFields is a list of field names (e.g. "Items") to
+	// unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "Items") to include in API
+	// requests with the JSON null value. By default, fields with empty
+	// values are omitted from API requests. However, any field with an
+	// empty value appearing in NullFields will be sent to the server as
+	// null. It is an error if a field in this list has a non-empty value.
+	// This may be used to include null fields in Patch requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *Objects) MarshalJSON() ([]byte, error) {
+	type NoMethod Objects
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
+// Policy: A bucket/object IAM policy.
+type Policy struct {
+	// Bindings: An association between a role, which comes with a set of
+	// permissions, and members who may assume that role.
+	Bindings []*PolicyBindings `json:"bindings,omitempty"`
+
+	// Etag: HTTP 1.1  Entity tag for the policy.
+	Etag string `json:"etag,omitempty"`
+
+	// Kind: The kind of item this is. For policies, this is always
+	// storage#policy. This field is ignored on input.
+	Kind string `json:"kind,omitempty"`
+
+	// ResourceId: The ID of the resource to which this policy belongs. Will
+	// be of the form projects/_/buckets/bucket for buckets, and
+	// projects/_/buckets/bucket/objects/object for objects. A specific
+	// generation may be specified by appending #generationNumber to the end
+	// of the object name, e.g.
+	// projects/_/buckets/my-bucket/objects/data.txt#17. The current
+	// generation can be denoted with #0. This field is ignored on input.
+	ResourceId string `json:"resourceId,omitempty"`
+
+	// Version: The IAM policy format version.
+	Version int64 `json:"version,omitempty"`
+
+	// ServerResponse contains the HTTP response code and headers from the
+	// server.
+	googleapi.ServerResponse `json:"-"`
+
+	// ForceSendFields is a list of field names (e.g. "Bindings") to
+	// unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "Bindings") to include in
+	// API requests with the JSON null value. By default, fields with empty
+	// values are omitted from API requests. However, any field with an
+	// empty value appearing in NullFields will be sent to the server as
+	// null. It is an error if a field in this list has a non-empty value.
+	// This may be used to include null fields in Patch requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *Policy) MarshalJSON() ([]byte, error) {
+	type NoMethod Policy
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
+type PolicyBindings struct {
+	// Condition: The condition that is associated with this binding. NOTE:
+	// an unsatisfied condition will not allow user access via current
+	// binding. Different bindings, including their conditions, are examined
+	// independently.
+	Condition *Expr `json:"condition,omitempty"`
+
+	// Members: A collection of identifiers for members who may assume the
+	// provided role. Recognized identifiers are as follows:
+	// - allUsers — A special identifier that represents anyone on the
+	// internet; with or without a Google account.
+	// - allAuthenticatedUsers — A special identifier that represents
+	// anyone who is authenticated with a Google account or a service
+	// account.
+	// - user:emailid — An email address that represents a specific
+	// account. For example, user:alice@gmail.com or user:joe@example.com.
+	//
+	// - serviceAccount:emailid — An email address that represents a
+	// service account. For example,
+	// serviceAccount:my-other-app@appspot.gserviceaccount.com .
+	// - group:emailid — An email address that represents a Google group.
+	// For example, group:admins@example.com.
+	// - domain:domain — A Google Apps domain name that represents all the
+	// users of that domain. For example, domain:google.com or
+	// domain:example.com.
+	// - projectOwner:projectid — Owners of the given project. For
+	// example, projectOwner:my-example-project
+	// - projectEditor:projectid — Editors of the given project. For
+	// example, projectEditor:my-example-project
+	// - projectViewer:projectid — Viewers of the given project. For
+	// example, projectViewer:my-example-project
+	Members []string `json:"members,omitempty"`
+
+	// Role: The role to which members belong. Two types of roles are
+	// supported: new IAM roles, which grant permissions that do not map
+	// directly to those provided by ACLs, and legacy IAM roles, which do
+	// map directly to ACL permissions. All roles are of the format
+	// roles/storage.specificRole.
+	// The new IAM roles are:
+	// - roles/storage.admin — Full control of Google Cloud Storage
+	// resources.
+	// - roles/storage.objectViewer — Read-Only access to Google Cloud
+	// Storage objects.
+	// - roles/storage.objectCreator — Access to create objects in Google
+	// Cloud Storage.
+	// - roles/storage.objectAdmin — Full control of Google Cloud Storage
+	// objects.   The legacy IAM roles are:
+	// - roles/storage.legacyObjectReader — Read-only access to objects
+	// without listing. Equivalent to an ACL entry on an object with the
+	// READER role.
+	// - roles/storage.legacyObjectOwner — Read/write access to existing
+	// objects without listing. Equivalent to an ACL entry on an object with
+	// the OWNER role.
+	// - roles/storage.legacyBucketReader — Read access to buckets with
+	// object listing. Equivalent to an ACL entry on a bucket with the
+	// READER role.
+	// - roles/storage.legacyBucketWriter — Read access to buckets with
+	// object listing/creation/deletion. Equivalent to an ACL entry on a
+	// bucket with the WRITER role.
+	// - roles/storage.legacyBucketOwner — Read and write access to
+	// existing buckets with object listing/creation/deletion. Equivalent to
+	// an ACL entry on a bucket with the OWNER role.
+	Role string `json:"role,omitempty"`
+
+	// ForceSendFields is a list of field names (e.g. "Condition") to
+	// unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "Condition") to include in
+	// API requests with the JSON null value. By default, fields with empty
+	// values are omitted from API requests. However, any field with an
+	// empty value appearing in NullFields will be sent to the server as
+	// null. It is an error if a field in this list has a non-empty value.
+	// This may be used to include null fields in Patch requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *PolicyBindings) MarshalJSON() ([]byte, error) {
+	type NoMethod PolicyBindings
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
+// RewriteResponse: A rewrite response.
+type RewriteResponse struct {
+	// Done: true if the copy is finished; otherwise, false if the copy is
+	// in progress. This property is always present in the response.
+	Done bool `json:"done,omitempty"`
+
+	// Kind: The kind of item this is.
+	Kind string `json:"kind,omitempty"`
+
+	// ObjectSize: The total size of the object being copied in bytes. This
+	// property is always present in the response.
+	ObjectSize int64 `json:"objectSize,omitempty,string"`
+
+	// Resource: A resource containing the metadata for the copied-to
+	// object. This property is present in the response only when copying
+	// completes.
+	Resource *Object `json:"resource,omitempty"`
+
+	// RewriteToken: A token to use in subsequent requests to continue
+	// copying data. This token is present in the response only when there
+	// is more data to copy.
+	RewriteToken string `json:"rewriteToken,omitempty"`
+
+	// TotalBytesRewritten: The total bytes written so far, which can be
+	// used to provide a waiting user with a progress indicator. This
+	// property is always present in the response.
+	TotalBytesRewritten int64 `json:"totalBytesRewritten,omitempty,string"`
+
+	// ServerResponse contains the HTTP response code and headers from the
+	// server.
+	googleapi.ServerResponse `json:"-"`
+
+	// ForceSendFields is a list of field names (e.g. "Done") to
+	// unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "Done") to include in API
+	// requests with the JSON null value. By default, fields with empty
+	// values are omitted from API requests. However, any field with an
+	// empty value appearing in NullFields will be sent to the server as
+	// null. It is an error if a field in this list has a non-empty value.
+	// This may be used to include null fields in Patch requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *RewriteResponse) MarshalJSON() ([]byte, error) {
+	type NoMethod RewriteResponse
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
+// ServiceAccount: A subscription to receive Google PubSub
+// notifications.
+type ServiceAccount struct {
+	// EmailAddress: The ID of the notification.
+	EmailAddress string `json:"email_address,omitempty"`
+
+	// Kind: The kind of item this is. For notifications, this is always
+	// storage#notification.
+	Kind string `json:"kind,omitempty"`
+
+	// ServerResponse contains the HTTP response code and headers from the
+	// server.
+	googleapi.ServerResponse `json:"-"`
+
+	// ForceSendFields is a list of field names (e.g. "EmailAddress") to
+	// unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "EmailAddress") to include
+	// in API requests with the JSON null value. By default, fields with
+	// empty values are omitted from API requests. However, any field with
+	// an empty value appearing in NullFields will be sent to the server as
+	// null. It is an error if a field in this list has a non-empty value.
+	// This may be used to include null fields in Patch requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *ServiceAccount) MarshalJSON() ([]byte, error) {
+	type NoMethod ServiceAccount
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
+// TestIamPermissionsResponse: A
+// storage.(buckets|objects).testIamPermissions response.
+type TestIamPermissionsResponse struct {
+	// Kind: The kind of item this is.
+	Kind string `json:"kind,omitempty"`
+
+	// Permissions: The permissions held by the caller. Permissions are
+	// always of the format storage.resource.capability, where resource is
+	// one of buckets or objects. The supported permissions are as follows:
+	//
+	// - storage.buckets.delete — Delete bucket.
+	// - storage.buckets.get — Read bucket metadata.
+	// - storage.buckets.getIamPolicy — Read bucket IAM policy.
+	// - storage.buckets.create — Create bucket.
+	// - storage.buckets.list — List buckets.
+	// - storage.buckets.setIamPolicy — Update bucket IAM policy.
+	// - storage.buckets.update — Update bucket metadata.
+	// - storage.objects.delete — Delete object.
+	// - storage.objects.get — Read object data and metadata.
+	// - storage.objects.getIamPolicy — Read object IAM policy.
+	// - storage.objects.create — Create object.
+	// - storage.objects.list — List objects.
+	// - storage.objects.setIamPolicy — Update object IAM policy.
+	// - storage.objects.update — Update object metadata.
+	Permissions []string `json:"permissions,omitempty"`
+
+	// ServerResponse contains the HTTP response code and headers from the
+	// server.
+	googleapi.ServerResponse `json:"-"`
+
+	// ForceSendFields is a list of field names (e.g. "Kind") to
+	// unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "Kind") to include in API
+	// requests with the JSON null value. By default, fields with empty
+	// values are omitted from API requests. However, any field with an
+	// empty value appearing in NullFields will be sent to the server as
+	// null. It is an error if a field in this list has a non-empty value.
+	// This may be used to include null fields in Patch requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *TestIamPermissionsResponse) MarshalJSON() ([]byte, error) {
+	type NoMethod TestIamPermissionsResponse
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
+// method id "storage.bucketAccessControls.delete":
+
+type BucketAccessControlsDeleteCall struct {
+	s          *Service
+	bucket     string
+	entity     string
+	urlParams_ gensupport.URLParams
+	ctx_       context.Context
+	header_    http.Header
+}
+
+// Delete: Permanently deletes the ACL entry for the specified entity on
+// the specified bucket.
+//
+//   - bucket: Name of a bucket.
+//   - entity: The entity holding the permission. Can be user-userId,
+//     user-emailAddress, group-groupId, group-emailAddress, allUsers, or
+//     allAuthenticatedUsers.
+func (r *BucketAccessControlsService) Delete(bucket string, entity string) *BucketAccessControlsDeleteCall {
+	c := &BucketAccessControlsDeleteCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+	c.bucket = bucket
+	c.entity = entity
+	return c
+}
+
+// UserProject sets the optional parameter "userProject": The project to
+// be billed for this request. Required for Requester Pays buckets.
+func (c *BucketAccessControlsDeleteCall) UserProject(userProject string) *BucketAccessControlsDeleteCall {
+	c.urlParams_.Set("userProject", userProject)
+	return c
+}
+
+// Fields allows partial responses to be retrieved. See
+// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
+// for more information.
+func (c *BucketAccessControlsDeleteCall) Fields(s ...googleapi.Field) *BucketAccessControlsDeleteCall {
+	c.urlParams_.Set("fields", googleapi.CombineFields(s))
+	return c
+}
+
+// Context sets the context to be used in this call's Do method. Any
+// pending HTTP request will be aborted if the provided context is
+// canceled.
+func (c *BucketAccessControlsDeleteCall) Context(ctx context.Context) *BucketAccessControlsDeleteCall {
+	c.ctx_ = ctx
+	return c
+}
+
+// Header returns an http.Header that can be modified by the caller to
+// add HTTP headers to the request.
+func (c *BucketAccessControlsDeleteCall) Header() http.Header {
+	if c.header_ == nil {
+		c.header_ = make(http.Header)
+	}
+	return c.header_
+}
+
+func (c *BucketAccessControlsDeleteCall) doRequest(alt string) (*http.Response, error) {
+	reqHeaders := make(http.Header)
+	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
+	for k, v := range c.header_ {
+		reqHeaders[k] = v
+	}
+	reqHeaders.Set("User-Agent", c.s.userAgent())
+	var body io.Reader = nil
+	c.urlParams_.Set("alt", alt)
+	c.urlParams_.Set("prettyPrint", "false")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "b/{bucket}/acl/{entity}")
+	urls += "?" + c.urlParams_.Encode()
+	req, err := http.NewRequest("DELETE", urls, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = reqHeaders
+	googleapi.Expand(req.URL, map[string]string{
+		"bucket": c.bucket,
+		"entity": c.entity,
+	})
+	return gensupport.SendRequest(c.ctx_, c.s.client, req)
+}
+
+// Do executes the "storage.bucketAccessControls.delete" call.
+func (c *BucketAccessControlsDeleteCall) Do(opts ...googleapi.CallOption) error {
+	gensupport.SetOptions(c.urlParams_, opts...)
+	res, err := c.doRequest("json")
+	if err != nil {
+		return err
+	}
+	defer googleapi.CloseBody(res)
+	if err := googleapi.CheckResponse(res); err != nil {
+		return gensupport.WrapError(err)
+	}
+	return nil
+	// {
+	//   "description": "Permanently deletes the ACL entry for the specified entity on the specified bucket.",
+	//   "httpMethod": "DELETE",
+	//   "id": "storage.bucketAccessControls.delete",
+	//   "parameterOrder": [
+	//     "bucket",
+	//     "entity"
+	//   ],
+	//   "parameters": {
+	//     "bucket": {
+	//       "description": "Name of a bucket.",
+	//       "location": "path",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "entity": {
+	//       "description": "The entity holding the permission. Can be user-userId, user-emailAddress, group-groupId, group-emailAddress, allUsers, or allAuthenticatedUsers.",
+	//       "location": "path",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "userProject": {
+	//       "description": "The project to be billed for this request. Required for Requester Pays buckets.",
+	//       "location": "query",
+	//       "type": "string"
+	//     }
+	//   },
+	//   "path": "b/{bucket}/acl/{entity}",
+	//   "scopes": [
+	//     "https://www.googleapis.com/auth/cloud-platform",
+	//     "https://www.googleapis.com/auth/devstorage.full_control"
+	//   ]
+	// }
+
+}
+
+// method id "storage.bucketAccessControls.get":
+
+type BucketAccessControlsGetCall struct {
+	s            *Service
+	bucket       string
+	entity       string
+	urlParams_   gensupport.URLParams
+	ifNoneMatch_ string
+	ctx_         context.Context
+	header_      http.Header
+}
+
+// Get: Returns the ACL entry for the specified entity on the specified
+// bucket.
+//
+//   - bucket: Name of a bucket.
+//   - entity: The entity holding the permission. Can be user-userId,
+//     user-emailAddress, group-groupId, group-emailAddress, allUsers, or
+//     allAuthenticatedUsers.
+func (r *BucketAccessControlsService) Get(bucket string, entity string) *BucketAccessControlsGetCall {
+	c := &BucketAccessControlsGetCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+	c.bucket = bucket
+	c.entity = entity
+	return c
+}
+
+// UserProject sets the optional parameter "userProject": The project to
+// be billed for this request. Required for Requester Pays buckets.
+func (c *BucketAccessControlsGetCall) UserProject(userProject string) *BucketAccessControlsGetCall {
+	c.urlParams_.Set("userProject", userProject)
+	return c
+}
+
+// Fields allows partial responses to be retrieved. See
+// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
+// for more information.
+func (c *BucketAccessControlsGetCall) Fields(s ...googleapi.Field) *BucketAccessControlsGetCall {
+	c.urlParams_.Set("fields", googleapi.CombineFields(s))
+	return c
+}
+
+// IfNoneMatch sets the optional parameter which makes the operation
+// fail if the object's ETag matches the given value. This is useful for
+// getting updates only after the object has changed since the last
+// request. Use googleapi.IsNotModified to check whether the response
+// error from Do is the result of In-None-Match.
+func (c *BucketAccessControlsGetCall) IfNoneMatch(entityTag string) *BucketAccessControlsGetCall {
+	c.ifNoneMatch_ = entityTag
+	return c
+}
+
+// Context sets the context to be used in this call's Do method. Any
+// pending HTTP request will be aborted if the provided context is
+// canceled.
+func (c *BucketAccessControlsGetCall) Context(ctx context.Context) *BucketAccessControlsGetCall {
+	c.ctx_ = ctx
+	return c
+}
+
+// Header returns an http.Header that can be modified by the caller to
+// add HTTP headers to the request.
+func (c *BucketAccessControlsGetCall) Header() http.Header {
+	if c.header_ == nil {
+		c.header_ = make(http.Header)
+	}
+	return c.header_
+}
+
+func (c *BucketAccessControlsGetCall) doRequest(alt string) (*http.Response, error) {
+	reqHeaders := make(http.Header)
+	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
+	for k, v := range c.header_ {
+		reqHeaders[k] = v
+	}
+	reqHeaders.Set("User-Agent", c.s.userAgent())
+	if c.ifNoneMatch_ != "" {
+		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
+	}
+	var body io.Reader = nil
+	c.urlParams_.Set("alt", alt)
+	c.urlParams_.Set("prettyPrint", "false")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "b/{bucket}/acl/{entity}")
+	urls += "?" + c.urlParams_.Encode()
+	req, err := http.NewRequest("GET", urls, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = reqHeaders
+	googleapi.Expand(req.URL, map[string]string{
+		"bucket": c.bucket,
+		"entity": c.entity,
+	})
+	return gensupport.SendRequest(c.ctx_, c.s.client, req)
+}
+
+// Do executes the "storage.bucketAccessControls.get" call.
+// Exactly one of *BucketAccessControl or error will be non-nil. Any
+// non-2xx status code is an error. Response headers are in either
+// *BucketAccessControl.ServerResponse.Header or (if a response was
+// returned at all) in error.(*googleapi.Error).Header. Use
+// googleapi.IsNotModified to check whether the returned error was
+// because http.StatusNotModified was returned.
+func (c *BucketAccessControlsGetCall) Do(opts ...googleapi.CallOption) (*BucketAccessControl, error) {
+	gensupport.SetOptions(c.urlParams_, opts...)
+	res, err := c.doRequest("json")
+	if res != nil && res.StatusCode == http.StatusNotModified {
+		if res.Body != nil {
+			res.Body.Close()
+		}
+		return nil, gensupport.WrapError(&googleapi.Error{
+			Code:   res.StatusCode,
+			Header: res.Header,
+		})
+	}
+	if err != nil {
+		return nil, err
+	}
+	defer googleapi.CloseBody(res)
+	if err := googleapi.CheckResponse(res); err != nil {
+		return nil, gensupport.WrapError(err)
+	}
+	ret := &BucketAccessControl{
+		ServerResponse: googleapi.ServerResponse{
+			Header:         res.Header,
+			HTTPStatusCode: res.StatusCode,
+		},
+	}
+	target := &ret
+	if err := gensupport.DecodeResponse(target, res); err != nil {
+		return nil, err
+	}
+	return ret, nil
+	// {
+	//   "description": "Returns the ACL entry for the specified entity on the specified bucket.",
+	//   "httpMethod": "GET",
+	//   "id": "storage.bucketAccessControls.get",
+	//   "parameterOrder": [
+	//     "bucket",
+	//     "entity"
+	//   ],
+	//   "parameters": {
+	//     "bucket": {
+	//       "description": "Name of a bucket.",
+	//       "location": "path",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "entity": {
+	//       "description": "The entity holding the permission. Can be user-userId, user-emailAddress, group-groupId, group-emailAddress, allUsers, or allAuthenticatedUsers.",
+	//       "location": "path",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "userProject": {
+	//       "description": "The project to be billed for this request. Required for Requester Pays buckets.",
+	//       "location": "query",
+	//       "type": "string"
+	//     }
+	//   },
+	//   "path": "b/{bucket}/acl/{entity}",
+	//   "response": {
+	//     "$ref": "BucketAccessControl"
+	//   },
+	//   "scopes": [
+	//     "https://www.googleapis.com/auth/cloud-platform",
+	//     "https://www.googleapis.com/auth/devstorage.full_control"
+	//   ]
+	// }
+
+}
+
+// method id "storage.bucketAccessControls.insert":
+
+type BucketAccessControlsInsertCall struct {
+	s                   *Service
+	bucket              string
+	bucketaccesscontrol *BucketAccessControl
+	urlParams_          gensupport.URLParams
+	ctx_                context.Context
+	header_             http.Header
+}
+
+// Insert: Creates a new ACL entry on the specified bucket.
+//
+// - bucket: Name of a bucket.
+func (r *BucketAccessControlsService) Insert(bucket string, bucketaccesscontrol *BucketAccessControl) *BucketAccessControlsInsertCall {
+	c := &BucketAccessControlsInsertCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+	c.bucket = bucket
+	c.bucketaccesscontrol = bucketaccesscontrol
+	return c
+}
+
+// UserProject sets the optional parameter "userProject": The project to
+// be billed for this request. Required for Requester Pays buckets.
+func (c *BucketAccessControlsInsertCall) UserProject(userProject string) *BucketAccessControlsInsertCall {
+	c.urlParams_.Set("userProject", userProject)
+	return c
+}
+
+// Fields allows partial responses to be retrieved. See
+// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
+// for more information.
+func (c *BucketAccessControlsInsertCall) Fields(s ...googleapi.Field) *BucketAccessControlsInsertCall {
+	c.urlParams_.Set("fields", googleapi.CombineFields(s))
+	return c
+}
+
+// Context sets the context to be used in this call's Do method. Any
+// pending HTTP request will be aborted if the provided context is
+// canceled.
+func (c *BucketAccessControlsInsertCall) Context(ctx context.Context) *BucketAccessControlsInsertCall {
+	c.ctx_ = ctx
+	return c
+}
+
+// Header returns an http.Header that can be modified by the caller to
+// add HTTP headers to the request.
+func (c *BucketAccessControlsInsertCall) Header() http.Header {
+	if c.header_ == nil {
+		c.header_ = make(http.Header)
+	}
+	return c.header_
+}
+
+func (c *BucketAccessControlsInsertCall) doRequest(alt string) (*http.Response, error) {
+	reqHeaders := make(http.Header)
+	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
+	for k, v := range c.header_ {
+		reqHeaders[k] = v
+	}
+	reqHeaders.Set("User-Agent", c.s.userAgent())
+	var body io.Reader = nil
+	body, err := googleapi.WithoutDataWrapper.JSONReader(c.bucketaccesscontrol)
+	if err != nil {
+		return nil, err
+	}
+	reqHeaders.Set("Content-Type", "application/json")
+	c.urlParams_.Set("alt", alt)
+	c.urlParams_.Set("prettyPrint", "false")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "b/{bucket}/acl")
+	urls += "?" + c.urlParams_.Encode()
+	req, err := http.NewRequest("POST", urls, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = reqHeaders
+	googleapi.Expand(req.URL, map[string]string{
+		"bucket": c.bucket,
+	})
+	return gensupport.SendRequest(c.ctx_, c.s.client, req)
+}
+
+// Do executes the "storage.bucketAccessControls.insert" call.
+// Exactly one of *BucketAccessControl or error will be non-nil. Any
+// non-2xx status code is an error. Response headers are in either
+// *BucketAccessControl.ServerResponse.Header or (if a response was
+// returned at all) in error.(*googleapi.Error).Header. Use
+// googleapi.IsNotModified to check whether the returned error was
+// because http.StatusNotModified was returned.
+func (c *BucketAccessControlsInsertCall) Do(opts ...googleapi.CallOption) (*BucketAccessControl, error) {
+	gensupport.SetOptions(c.urlParams_, opts...)
+	res, err := c.doRequest("json")
+	if res != nil && res.StatusCode == http.StatusNotModified {
+		if res.Body != nil {
+			res.Body.Close()
+		}
+		return nil, gensupport.WrapError(&googleapi.Error{
+			Code:   res.StatusCode,
+			Header: res.Header,
+		})
+	}
+	if err != nil {
+		return nil, err
+	}
+	defer googleapi.CloseBody(res)
+	if err := googleapi.CheckResponse(res); err != nil {
+		return nil, gensupport.WrapError(err)
+	}
+	ret := &BucketAccessControl{
+		ServerResponse: googleapi.ServerResponse{
+			Header:         res.Header,
+			HTTPStatusCode: res.StatusCode,
+		},
+	}
+	target := &ret
+	if err := gensupport.DecodeResponse(target, res); err != nil {
+		return nil, err
+	}
+	return ret, nil
+	// {
+	//   "description": "Creates a new ACL entry on the specified bucket.",
+	//   "httpMethod": "POST",
+	//   "id": "storage.bucketAccessControls.insert",
+	//   "parameterOrder": [
+	//     "bucket"
+	//   ],
+	//   "parameters": {
+	//     "bucket": {
+	//       "description": "Name of a bucket.",
+	//       "location": "path",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "userProject": {
+	//       "description": "The project to be billed for this request. Required for Requester Pays buckets.",
+	//       "location": "query",
+	//       "type": "string"
+	//     }
+	//   },
+	//   "path": "b/{bucket}/acl",
+	//   "request": {
+	//     "$ref": "BucketAccessControl"
+	//   },
+	//   "response": {
+	//     "$ref": "BucketAccessControl"
+	//   },
+	//   "scopes": [
+	//     "https://www.googleapis.com/auth/cloud-platform",
+	//     "https://www.googleapis.com/auth/devstorage.full_control"
+	//   ]
+	// }
+
+}
+
+// method id "storage.bucketAccessControls.list":
+
+type BucketAccessControlsListCall struct {
+	s            *Service
+	bucket       string
+	urlParams_   gensupport.URLParams
+	ifNoneMatch_ string
+	ctx_         context.Context
+	header_      http.Header
+}
+
+// List: Retrieves ACL entries on the specified bucket.
+//
+// - bucket: Name of a bucket.
+func (r *BucketAccessControlsService) List(bucket string) *BucketAccessControlsListCall {
+	c := &BucketAccessControlsListCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+	c.bucket = bucket
+	return c
+}
+
+// UserProject sets the optional parameter "userProject": The project to
+// be billed for this request. Required for Requester Pays buckets.
+func (c *BucketAccessControlsListCall) UserProject(userProject string) *BucketAccessControlsListCall {
+	c.urlParams_.Set("userProject", userProject)
+	return c
+}
+
+// Fields allows partial responses to be retrieved. See
+// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
+// for more information.
+func (c *BucketAccessControlsListCall) Fields(s ...googleapi.Field) *BucketAccessControlsListCall {
+	c.urlParams_.Set("fields", googleapi.CombineFields(s))
+	return c
+}
+
+// IfNoneMatch sets the optional parameter which makes the operation
+// fail if the object's ETag matches the given value. This is useful for
+// getting updates only after the object has changed since the last
+// request. Use googleapi.IsNotModified to check whether the response
+// error from Do is the result of In-None-Match.
+func (c *BucketAccessControlsListCall) IfNoneMatch(entityTag string) *BucketAccessControlsListCall {
+	c.ifNoneMatch_ = entityTag
+	return c
+}
+
+// Context sets the context to be used in this call's Do method. Any
+// pending HTTP request will be aborted if the provided context is
+// canceled.
+func (c *BucketAccessControlsListCall) Context(ctx context.Context) *BucketAccessControlsListCall {
+	c.ctx_ = ctx
+	return c
+}
+
+// Header returns an http.Header that can be modified by the caller to
+// add HTTP headers to the request.
+func (c *BucketAccessControlsListCall) Header() http.Header {
+	if c.header_ == nil {
+		c.header_ = make(http.Header)
+	}
+	return c.header_
+}
+
+func (c *BucketAccessControlsListCall) doRequest(alt string) (*http.Response, error) {
+	reqHeaders := make(http.Header)
+	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
+	for k, v := range c.header_ {
+		reqHeaders[k] = v
+	}
+	reqHeaders.Set("User-Agent", c.s.userAgent())
+	if c.ifNoneMatch_ != "" {
+		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
+	}
+	var body io.Reader = nil
+	c.urlParams_.Set("alt", alt)
+	c.urlParams_.Set("prettyPrint", "false")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "b/{bucket}/acl")
+	urls += "?" + c.urlParams_.Encode()
+	req, err := http.NewRequest("GET", urls, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = reqHeaders
+	googleapi.Expand(req.URL, map[string]string{
+		"bucket": c.bucket,
+	})
+	return gensupport.SendRequest(c.ctx_, c.s.client, req)
+}
+
+// Do executes the "storage.bucketAccessControls.list" call.
+// Exactly one of *BucketAccessControls or error will be non-nil. Any
+// non-2xx status code is an error. Response headers are in either
+// *BucketAccessControls.ServerResponse.Header or (if a response was
+// returned at all) in error.(*googleapi.Error).Header. Use
+// googleapi.IsNotModified to check whether the returned error was
+// because http.StatusNotModified was returned.
+func (c *BucketAccessControlsListCall) Do(opts ...googleapi.CallOption) (*BucketAccessControls, error) {
+	gensupport.SetOptions(c.urlParams_, opts...)
+	res, err := c.doRequest("json")
+	if res != nil && res.StatusCode == http.StatusNotModified {
+		if res.Body != nil {
+			res.Body.Close()
+		}
+		return nil, gensupport.WrapError(&googleapi.Error{
+			Code:   res.StatusCode,
+			Header: res.Header,
+		})
+	}
+	if err != nil {
+		return nil, err
+	}
+	defer googleapi.CloseBody(res)
+	if err := googleapi.CheckResponse(res); err != nil {
+		return nil, gensupport.WrapError(err)
+	}
+	ret := &BucketAccessControls{
+		ServerResponse: googleapi.ServerResponse{
+			Header:         res.Header,
+			HTTPStatusCode: res.StatusCode,
+		},
+	}
+	target := &ret
+	if err := gensupport.DecodeResponse(target, res); err != nil {
+		return nil, err
+	}
+	return ret, nil
+	// {
+	//   "description": "Retrieves ACL entries on the specified bucket.",
+	//   "httpMethod": "GET",
+	//   "id": "storage.bucketAccessControls.list",
+	//   "parameterOrder": [
+	//     "bucket"
+	//   ],
+	//   "parameters": {
+	//     "bucket": {
+	//       "description": "Name of a bucket.",
+	//       "location": "path",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "userProject": {
+	//       "description": "The project to be billed for this request. Required for Requester Pays buckets.",
+	//       "location": "query",
+	//       "type": "string"
+	//     }
+	//   },
+	//   "path": "b/{bucket}/acl",
+	//   "response": {
+	//     "$ref": "BucketAccessControls"
+	//   },
+	//   "scopes": [
+	//     "https://www.googleapis.com/auth/cloud-platform",
+	//     "https://www.googleapis.com/auth/devstorage.full_control"
+	//   ]
+	// }
+
+}
+
+// method id "storage.bucketAccessControls.patch":
+
+type BucketAccessControlsPatchCall struct {
+	s                   *Service
+	bucket              string
+	entity              string
+	bucketaccesscontrol *BucketAccessControl
+	urlParams_          gensupport.URLParams
+	ctx_                context.Context
+	header_             http.Header
+}
+
+// Patch: Patches an ACL entry on the specified bucket.
+//
+//   - bucket: Name of a bucket.
+//   - entity: The entity holding the permission. Can be user-userId,
+//     user-emailAddress, group-groupId, group-emailAddress, allUsers, or
+//     allAuthenticatedUsers.
+func (r *BucketAccessControlsService) Patch(bucket string, entity string, bucketaccesscontrol *BucketAccessControl) *BucketAccessControlsPatchCall {
+	c := &BucketAccessControlsPatchCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+	c.bucket = bucket
+	c.entity = entity
+	c.bucketaccesscontrol = bucketaccesscontrol
+	return c
+}
+
+// UserProject sets the optional parameter "userProject": The project to
+// be billed for this request. Required for Requester Pays buckets.
+func (c *BucketAccessControlsPatchCall) UserProject(userProject string) *BucketAccessControlsPatchCall {
+	c.urlParams_.Set("userProject", userProject)
+	return c
+}
+
+// Fields allows partial responses to be retrieved. See
+// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
+// for more information.
+func (c *BucketAccessControlsPatchCall) Fields(s ...googleapi.Field) *BucketAccessControlsPatchCall {
+	c.urlParams_.Set("fields", googleapi.CombineFields(s))
+	return c
+}
+
+// Context sets the context to be used in this call's Do method. Any
+// pending HTTP request will be aborted if the provided context is
+// canceled.
+func (c *BucketAccessControlsPatchCall) Context(ctx context.Context) *BucketAccessControlsPatchCall {
+	c.ctx_ = ctx
+	return c
+}
+
+// Header returns an http.Header that can be modified by the caller to
+// add HTTP headers to the request.
+func (c *BucketAccessControlsPatchCall) Header() http.Header {
+	if c.header_ == nil {
+		c.header_ = make(http.Header)
+	}
+	return c.header_
+}
+
+func (c *BucketAccessControlsPatchCall) doRequest(alt string) (*http.Response, error) {
+	reqHeaders := make(http.Header)
+	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
+	for k, v := range c.header_ {
+		reqHeaders[k] = v
+	}
+	reqHeaders.Set("User-Agent", c.s.userAgent())
+	var body io.Reader = nil
+	body, err := googleapi.WithoutDataWrapper.JSONReader(c.bucketaccesscontrol)
+	if err != nil {
+		return nil, err
+	}
+	reqHeaders.Set("Content-Type", "application/json")
+	c.urlParams_.Set("alt", alt)
+	c.urlParams_.Set("prettyPrint", "false")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "b/{bucket}/acl/{entity}")
+	urls += "?" + c.urlParams_.Encode()
+	req, err := http.NewRequest("PATCH", urls, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = reqHeaders
+	googleapi.Expand(req.URL, map[string]string{
+		"bucket": c.bucket,
+		"entity": c.entity,
+	})
+	return gensupport.SendRequest(c.ctx_, c.s.client, req)
+}
+
+// Do executes the "storage.bucketAccessControls.patch" call.
+// Exactly one of *BucketAccessControl or error will be non-nil. Any
+// non-2xx status code is an error. Response headers are in either
+// *BucketAccessControl.ServerResponse.Header or (if a response was
+// returned at all) in error.(*googleapi.Error).Header. Use
+// googleapi.IsNotModified to check whether the returned error was
+// because http.StatusNotModified was returned.
+func (c *BucketAccessControlsPatchCall) Do(opts ...googleapi.CallOption) (*BucketAccessControl, error) {
+	gensupport.SetOptions(c.urlParams_, opts...)
+	res, err := c.doRequest("json")
+	if res != nil && res.StatusCode == http.StatusNotModified {
+		if res.Body != nil {
+			res.Body.Close()
+		}
+		return nil, gensupport.WrapError(&googleapi.Error{
+			Code:   res.StatusCode,
+			Header: res.Header,
+		})
+	}
+	if err != nil {
+		return nil, err
+	}
+	defer googleapi.CloseBody(res)
+	if err := googleapi.CheckResponse(res); err != nil {
+		return nil, gensupport.WrapError(err)
+	}
+	ret := &BucketAccessControl{
+		ServerResponse: googleapi.ServerResponse{
+			Header:         res.Header,
+			HTTPStatusCode: res.StatusCode,
+		},
+	}
+	target := &ret
+	if err := gensupport.DecodeResponse(target, res); err != nil {
+		return nil, err
+	}
+	return ret, nil
+	// {
+	//   "description": "Patches an ACL entry on the specified bucket.",
+	//   "httpMethod": "PATCH",
+	//   "id": "storage.bucketAccessControls.patch",
+	//   "parameterOrder": [
+	//     "bucket",
+	//     "entity"
+	//   ],
+	//   "parameters": {
+	//     "bucket": {
+	//       "description": "Name of a bucket.",
+	//       "location": "path",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "entity": {
+	//       "description": "The entity holding the permission. Can be user-userId, user-emailAddress, group-groupId, group-emailAddress, allUsers, or allAuthenticatedUsers.",
+	//       "location": "path",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "userProject": {
+	//       "description": "The project to be billed for this request. Required for Requester Pays buckets.",
+	//       "location": "query",
+	//       "type": "string"
+	//     }
+	//   },
+	//   "path": "b/{bucket}/acl/{entity}",
+	//   "request": {
+	//     "$ref": "BucketAccessControl"
+	//   },
+	//   "response": {
+	//     "$ref": "BucketAccessControl"
+	//   },
+	//   "scopes": [
+	//     "https://www.googleapis.com/auth/cloud-platform",
+	//     "https://www.googleapis.com/auth/devstorage.full_control"
+	//   ]
+	// }
+
+}
+
+// method id "storage.bucketAccessControls.update":
+
+type BucketAccessControlsUpdateCall struct {
+	s                   *Service
+	bucket              string
+	entity              string
+	bucketaccesscontrol *BucketAccessControl
+	urlParams_          gensupport.URLParams
+	ctx_                context.Context
+	header_             http.Header
+}
+
+// Update: Updates an ACL entry on the specified bucket.
+//
+//   - bucket: Name of a bucket.
+//   - entity: The entity holding the permission. Can be user-userId,
+//     user-emailAddress, group-groupId, group-emailAddress, allUsers, or
+//     allAuthenticatedUsers.
+func (r *BucketAccessControlsService) Update(bucket string, entity string, bucketaccesscontrol *BucketAccessControl) *BucketAccessControlsUpdateCall {
+	c := &BucketAccessControlsUpdateCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+	c.bucket = bucket
+	c.entity = entity
+	c.bucketaccesscontrol = bucketaccesscontrol
+	return c
+}
+
+// UserProject sets the optional parameter "userProject": The project to
+// be billed for this request. Required for Requester Pays buckets.
+func (c *BucketAccessControlsUpdateCall) UserProject(userProject string) *BucketAccessControlsUpdateCall {
+	c.urlParams_.Set("userProject", userProject)
+	return c
+}
+
+// Fields allows partial responses to be retrieved. See
+// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
+// for more information.
+func (c *BucketAccessControlsUpdateCall) Fields(s ...googleapi.Field) *BucketAccessControlsUpdateCall {
+	c.urlParams_.Set("fields", googleapi.CombineFields(s))
+	return c
+}
+
+// Context sets the context to be used in this call's Do method. Any
+// pending HTTP request will be aborted if the provided context is
+// canceled.
+func (c *BucketAccessControlsUpdateCall) Context(ctx context.Context) *BucketAccessControlsUpdateCall {
+	c.ctx_ = ctx
+	return c
+}
+
+// Header returns an http.Header that can be modified by the caller to
+// add HTTP headers to the request.
+func (c *BucketAccessControlsUpdateCall) Header() http.Header {
+	if c.header_ == nil {
+		c.header_ = make(http.Header)
+	}
+	return c.header_
+}
+
+func (c *BucketAccessControlsUpdateCall) doRequest(alt string) (*http.Response, error) {
+	reqHeaders := make(http.Header)
+	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
+	for k, v := range c.header_ {
+		reqHeaders[k] = v
+	}
+	reqHeaders.Set("User-Agent", c.s.userAgent())
+	var body io.Reader = nil
+	body, err := googleapi.WithoutDataWrapper.JSONReader(c.bucketaccesscontrol)
+	if err != nil {
+		return nil, err
+	}
+	reqHeaders.Set("Content-Type", "application/json")
+	c.urlParams_.Set("alt", alt)
+	c.urlParams_.Set("prettyPrint", "false")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "b/{bucket}/acl/{entity}")
+	urls += "?" + c.urlParams_.Encode()
+	req, err := http.NewRequest("PUT", urls, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = reqHeaders
+	googleapi.Expand(req.URL, map[string]string{
+		"bucket": c.bucket,
+		"entity": c.entity,
+	})
+	return gensupport.SendRequest(c.ctx_, c.s.client, req)
+}
+
+// Do executes the "storage.bucketAccessControls.update" call.
+// Exactly one of *BucketAccessControl or error will be non-nil. Any
+// non-2xx status code is an error. Response headers are in either
+// *BucketAccessControl.ServerResponse.Header or (if a response was
+// returned at all) in error.(*googleapi.Error).Header. Use
+// googleapi.IsNotModified to check whether the returned error was
+// because http.StatusNotModified was returned.
+func (c *BucketAccessControlsUpdateCall) Do(opts ...googleapi.CallOption) (*BucketAccessControl, error) {
+	gensupport.SetOptions(c.urlParams_, opts...)
+	res, err := c.doRequest("json")
+	if res != nil && res.StatusCode == http.StatusNotModified {
+		if res.Body != nil {
+			res.Body.Close()
+		}
+		return nil, gensupport.WrapError(&googleapi.Error{
+			Code:   res.StatusCode,
+			Header: res.Header,
+		})
+	}
+	if err != nil {
+		return nil, err
+	}
+	defer googleapi.CloseBody(res)
+	if err := googleapi.CheckResponse(res); err != nil {
+		return nil, gensupport.WrapError(err)
+	}
+	ret := &BucketAccessControl{
+		ServerResponse: googleapi.ServerResponse{
+			Header:         res.Header,
+			HTTPStatusCode: res.StatusCode,
+		},
+	}
+	target := &ret
+	if err := gensupport.DecodeResponse(target, res); err != nil {
+		return nil, err
+	}
+	return ret, nil
+	// {
+	//   "description": "Updates an ACL entry on the specified bucket.",
+	//   "httpMethod": "PUT",
+	//   "id": "storage.bucketAccessControls.update",
+	//   "parameterOrder": [
+	//     "bucket",
+	//     "entity"
+	//   ],
+	//   "parameters": {
+	//     "bucket": {
+	//       "description": "Name of a bucket.",
+	//       "location": "path",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "entity": {
+	//       "description": "The entity holding the permission. Can be user-userId, user-emailAddress, group-groupId, group-emailAddress, allUsers, or allAuthenticatedUsers.",
+	//       "location": "path",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "userProject": {
+	//       "description": "The project to be billed for this request. Required for Requester Pays buckets.",
+	//       "location": "query",
+	//       "type": "string"
+	//     }
+	//   },
+	//   "path": "b/{bucket}/acl/{entity}",
+	//   "request": {
+	//     "$ref": "BucketAccessControl"
+	//   },
+	//   "response": {
+	//     "$ref": "BucketAccessControl"
+	//   },
+	//   "scopes": [
+	//     "https://www.googleapis.com/auth/cloud-platform",
+	//     "https://www.googleapis.com/auth/devstorage.full_control"
+	//   ]
+	// }
+
+}
+
+// method id "storage.buckets.delete":
+
+type BucketsDeleteCall struct {
+	s          *Service
+	bucket     string
+	urlParams_ gensupport.URLParams
+	ctx_       context.Context
+	header_    http.Header
+}
+
+// Delete: Permanently deletes an empty bucket.
+//
+// - bucket: Name of a bucket.
+func (r *BucketsService) Delete(bucket string) *BucketsDeleteCall {
+	c := &BucketsDeleteCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+	c.bucket = bucket
+	return c
+}
+
+// IfMetagenerationMatch sets the optional parameter
+// "ifMetagenerationMatch": If set, only deletes the bucket if its
+// metageneration matches this value.
+func (c *BucketsDeleteCall) IfMetagenerationMatch(ifMetagenerationMatch int64) *BucketsDeleteCall {
+	c.urlParams_.Set("ifMetagenerationMatch", fmt.Sprint(ifMetagenerationMatch))
+	return c
+}
+
+// IfMetagenerationNotMatch sets the optional parameter
+// "ifMetagenerationNotMatch": If set, only deletes the bucket if its
+// metageneration does not match this value.
+func (c *BucketsDeleteCall) IfMetagenerationNotMatch(ifMetagenerationNotMatch int64) *BucketsDeleteCall {
+	c.urlParams_.Set("ifMetagenerationNotMatch", fmt.Sprint(ifMetagenerationNotMatch))
+	return c
+}
+
+// UserProject sets the optional parameter "userProject": The project to
+// be billed for this request. Required for Requester Pays buckets.
+func (c *BucketsDeleteCall) UserProject(userProject string) *BucketsDeleteCall {
+	c.urlParams_.Set("userProject", userProject)
+	return c
+}
+
+// Fields allows partial responses to be retrieved. See
+// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
+// for more information.
+func (c *BucketsDeleteCall) Fields(s ...googleapi.Field) *BucketsDeleteCall {
+	c.urlParams_.Set("fields", googleapi.CombineFields(s))
+	return c
+}
+
+// Context sets the context to be used in this call's Do method. Any
+// pending HTTP request will be aborted if the provided context is
+// canceled.
+func (c *BucketsDeleteCall) Context(ctx context.Context) *BucketsDeleteCall {
+	c.ctx_ = ctx
+	return c
+}
+
+// Header returns an http.Header that can be modified by the caller to
+// add HTTP headers to the request.
+func (c *BucketsDeleteCall) Header() http.Header {
+	if c.header_ == nil {
+		c.header_ = make(http.Header)
+	}
+	return c.header_
+}
+
+func (c *BucketsDeleteCall) doRequest(alt string) (*http.Response, error) {
+	reqHeaders := make(http.Header)
+	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
+	for k, v := range c.header_ {
+		reqHeaders[k] = v
+	}
+	reqHeaders.Set("User-Agent", c.s.userAgent())
+	var body io.Reader = nil
+	c.urlParams_.Set("alt", alt)
+	c.urlParams_.Set("prettyPrint", "false")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "b/{bucket}")
+	urls += "?" + c.urlParams_.Encode()
+	req, err := http.NewRequest("DELETE", urls, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = reqHeaders
+	googleapi.Expand(req.URL, map[string]string{
+		"bucket": c.bucket,
+	})
+	return gensupport.SendRequest(c.ctx_, c.s.client, req)
+}
+
+// Do executes the "storage.buckets.delete" call.
+func (c *BucketsDeleteCall) Do(opts ...googleapi.CallOption) error {
+	gensupport.SetOptions(c.urlParams_, opts...)
+	res, err := c.doRequest("json")
+	if err != nil {
+		return err
+	}
+	defer googleapi.CloseBody(res)
+	if err := googleapi.CheckResponse(res); err != nil {
+		return gensupport.WrapError(err)
+	}
+	return nil
+	// {
+	//   "description": "Permanently deletes an empty bucket.",
+	//   "httpMethod": "DELETE",
+	//   "id": "storage.buckets.delete",
+	//   "parameterOrder": [
+	//     "bucket"
+	//   ],
+	//   "parameters": {
+	//     "bucket": {
+	//       "description": "Name of a bucket.",
+	//       "location": "path",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "ifMetagenerationMatch": {
+	//       "description": "If set, only deletes the bucket if its metageneration matches this value.",
+	//       "format": "int64",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "ifMetagenerationNotMatch": {
+	//       "description": "If set, only deletes the bucket if its metageneration does not match this value.",
+	//       "format": "int64",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "userProject": {
+	//       "description": "The project to be billed for this request. Required for Requester Pays buckets.",
+	//       "location": "query",
+	//       "type": "string"
+	//     }
+	//   },
+	//   "path": "b/{bucket}",
+	//   "scopes": [
+	//     "https://www.googleapis.com/auth/cloud-platform",
+	//     "https://www.googleapis.com/auth/devstorage.full_control",
+	//     "https://www.googleapis.com/auth/devstorage.read_write"
+	//   ]
+	// }
+
+}
+
+// method id "storage.buckets.get":
+
+type BucketsGetCall struct {
+	s            *Service
+	bucket       string
+	urlParams_   gensupport.URLParams
+	ifNoneMatch_ string
+	ctx_         context.Context
+	header_      http.Header
+}
+
+// Get: Returns metadata for the specified bucket.
+//
+// - bucket: Name of a bucket.
+func (r *BucketsService) Get(bucket string) *BucketsGetCall {
+	c := &BucketsGetCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+	c.bucket = bucket
+	return c
+}
+
+// IfMetagenerationMatch sets the optional parameter
+// "ifMetagenerationMatch": Makes the return of the bucket metadata
+// conditional on whether the bucket's current metageneration matches
+// the given value.
+func (c *BucketsGetCall) IfMetagenerationMatch(ifMetagenerationMatch int64) *BucketsGetCall {
+	c.urlParams_.Set("ifMetagenerationMatch", fmt.Sprint(ifMetagenerationMatch))
+	return c
+}
+
+// IfMetagenerationNotMatch sets the optional parameter
+// "ifMetagenerationNotMatch": Makes the return of the bucket metadata
+// conditional on whether the bucket's current metageneration does not
+// match the given value.
+func (c *BucketsGetCall) IfMetagenerationNotMatch(ifMetagenerationNotMatch int64) *BucketsGetCall {
+	c.urlParams_.Set("ifMetagenerationNotMatch", fmt.Sprint(ifMetagenerationNotMatch))
+	return c
+}
+
+// Projection sets the optional parameter "projection": Set of
+// properties to return. Defaults to noAcl.
+//
+// Possible values:
+//
+//	"full" - Include all properties.
+//	"noAcl" - Omit owner, acl and defaultObjectAcl properties.
+func (c *BucketsGetCall) Projection(projection string) *BucketsGetCall {
+	c.urlParams_.Set("projection", projection)
+	return c
+}
+
+// UserProject sets the optional parameter "userProject": The project to
+// be billed for this request. Required for Requester Pays buckets.
+func (c *BucketsGetCall) UserProject(userProject string) *BucketsGetCall {
+	c.urlParams_.Set("userProject", userProject)
+	return c
+}
+
+// Fields allows partial responses to be retrieved. See
+// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
+// for more information.
+func (c *BucketsGetCall) Fields(s ...googleapi.Field) *BucketsGetCall {
+	c.urlParams_.Set("fields", googleapi.CombineFields(s))
+	return c
+}
+
+// IfNoneMatch sets the optional parameter which makes the operation
+// fail if the object's ETag matches the given value. This is useful for
+// getting updates only after the object has changed since the last
+// request. Use googleapi.IsNotModified to check whether the response
+// error from Do is the result of In-None-Match.
+func (c *BucketsGetCall) IfNoneMatch(entityTag string) *BucketsGetCall {
+	c.ifNoneMatch_ = entityTag
+	return c
+}
+
+// Context sets the context to be used in this call's Do method. Any
+// pending HTTP request will be aborted if the provided context is
+// canceled.
+func (c *BucketsGetCall) Context(ctx context.Context) *BucketsGetCall {
+	c.ctx_ = ctx
+	return c
+}
+
+// Header returns an http.Header that can be modified by the caller to
+// add HTTP headers to the request.
+func (c *BucketsGetCall) Header() http.Header {
+	if c.header_ == nil {
+		c.header_ = make(http.Header)
+	}
+	return c.header_
+}
+
+func (c *BucketsGetCall) doRequest(alt string) (*http.Response, error) {
+	reqHeaders := make(http.Header)
+	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
+	for k, v := range c.header_ {
+		reqHeaders[k] = v
+	}
+	reqHeaders.Set("User-Agent", c.s.userAgent())
+	if c.ifNoneMatch_ != "" {
+		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
+	}
+	var body io.Reader = nil
+	c.urlParams_.Set("alt", alt)
+	c.urlParams_.Set("prettyPrint", "false")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "b/{bucket}")
+	urls += "?" + c.urlParams_.Encode()
+	req, err := http.NewRequest("GET", urls, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = reqHeaders
+	googleapi.Expand(req.URL, map[string]string{
+		"bucket": c.bucket,
+	})
+	return gensupport.SendRequest(c.ctx_, c.s.client, req)
+}
+
+// Do executes the "storage.buckets.get" call.
+// Exactly one of *Bucket or error will be non-nil. Any non-2xx status
+// code is an error. Response headers are in either
+// *Bucket.ServerResponse.Header or (if a response was returned at all)
+// in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to
+// check whether the returned error was because http.StatusNotModified
+// was returned.
+func (c *BucketsGetCall) Do(opts ...googleapi.CallOption) (*Bucket, error) {
+	gensupport.SetOptions(c.urlParams_, opts...)
+	res, err := c.doRequest("json")
+	if res != nil && res.StatusCode == http.StatusNotModified {
+		if res.Body != nil {
+			res.Body.Close()
+		}
+		return nil, gensupport.WrapError(&googleapi.Error{
+			Code:   res.StatusCode,
+			Header: res.Header,
+		})
+	}
+	if err != nil {
+		return nil, err
+	}
+	defer googleapi.CloseBody(res)
+	if err := googleapi.CheckResponse(res); err != nil {
+		return nil, gensupport.WrapError(err)
+	}
+	ret := &Bucket{
+		ServerResponse: googleapi.ServerResponse{
+			Header:         res.Header,
+			HTTPStatusCode: res.StatusCode,
+		},
+	}
+	target := &ret
+	if err := gensupport.DecodeResponse(target, res); err != nil {
+		return nil, err
+	}
+	return ret, nil
+	// {
+	//   "description": "Returns metadata for the specified bucket.",
+	//   "httpMethod": "GET",
+	//   "id": "storage.buckets.get",
+	//   "parameterOrder": [
+	//     "bucket"
+	//   ],
+	//   "parameters": {
+	//     "bucket": {
+	//       "description": "Name of a bucket.",
+	//       "location": "path",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "ifMetagenerationMatch": {
+	//       "description": "Makes the return of the bucket metadata conditional on whether the bucket's current metageneration matches the given value.",
+	//       "format": "int64",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "ifMetagenerationNotMatch": {
+	//       "description": "Makes the return of the bucket metadata conditional on whether the bucket's current metageneration does not match the given value.",
+	//       "format": "int64",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "projection": {
+	//       "description": "Set of properties to return. Defaults to noAcl.",
+	//       "enum": [
+	//         "full",
+	//         "noAcl"
+	//       ],
+	//       "enumDescriptions": [
+	//         "Include all properties.",
+	//         "Omit owner, acl and defaultObjectAcl properties."
+	//       ],
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "userProject": {
+	//       "description": "The project to be billed for this request. Required for Requester Pays buckets.",
+	//       "location": "query",
+	//       "type": "string"
+	//     }
+	//   },
+	//   "path": "b/{bucket}",
+	//   "response": {
+	//     "$ref": "Bucket"
+	//   },
+	//   "scopes": [
+	//     "https://www.googleapis.com/auth/cloud-platform",
+	//     "https://www.googleapis.com/auth/cloud-platform.read-only",
+	//     "https://www.googleapis.com/auth/devstorage.full_control",
+	//     "https://www.googleapis.com/auth/devstorage.read_only",
+	//     "https://www.googleapis.com/auth/devstorage.read_write"
+	//   ]
+	// }
+
+}
+
+// method id "storage.buckets.getIamPolicy":
+
+type BucketsGetIamPolicyCall struct {
+	s            *Service
+	bucket       string
+	urlParams_   gensupport.URLParams
+	ifNoneMatch_ string
+	ctx_         context.Context
+	header_      http.Header
+}
+
+// GetIamPolicy: Returns an IAM policy for the specified bucket.
+//
+// - bucket: Name of a bucket.
+func (r *BucketsService) GetIamPolicy(bucket string) *BucketsGetIamPolicyCall {
+	c := &BucketsGetIamPolicyCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+	c.bucket = bucket
+	return c
+}
+
+// OptionsRequestedPolicyVersion sets the optional parameter
+// "optionsRequestedPolicyVersion": The IAM policy format version to be
+// returned. If the optionsRequestedPolicyVersion is for an older
+// version that doesn't support part of the requested IAM policy, the
+// request fails.
+func (c *BucketsGetIamPolicyCall) OptionsRequestedPolicyVersion(optionsRequestedPolicyVersion int64) *BucketsGetIamPolicyCall {
+	c.urlParams_.Set("optionsRequestedPolicyVersion", fmt.Sprint(optionsRequestedPolicyVersion))
+	return c
+}
+
+// UserProject sets the optional parameter "userProject": The project to
+// be billed for this request. Required for Requester Pays buckets.
+func (c *BucketsGetIamPolicyCall) UserProject(userProject string) *BucketsGetIamPolicyCall {
+	c.urlParams_.Set("userProject", userProject)
+	return c
+}
+
+// Fields allows partial responses to be retrieved. See
+// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
+// for more information.
+func (c *BucketsGetIamPolicyCall) Fields(s ...googleapi.Field) *BucketsGetIamPolicyCall {
+	c.urlParams_.Set("fields", googleapi.CombineFields(s))
+	return c
+}
+
+// IfNoneMatch sets the optional parameter which makes the operation
+// fail if the object's ETag matches the given value. This is useful for
+// getting updates only after the object has changed since the last
+// request. Use googleapi.IsNotModified to check whether the response
+// error from Do is the result of In-None-Match.
+func (c *BucketsGetIamPolicyCall) IfNoneMatch(entityTag string) *BucketsGetIamPolicyCall {
+	c.ifNoneMatch_ = entityTag
+	return c
+}
+
+// Context sets the context to be used in this call's Do method. Any
+// pending HTTP request will be aborted if the provided context is
+// canceled.
+func (c *BucketsGetIamPolicyCall) Context(ctx context.Context) *BucketsGetIamPolicyCall {
+	c.ctx_ = ctx
+	return c
+}
+
+// Header returns an http.Header that can be modified by the caller to
+// add HTTP headers to the request.
+func (c *BucketsGetIamPolicyCall) Header() http.Header {
+	if c.header_ == nil {
+		c.header_ = make(http.Header)
+	}
+	return c.header_
+}
+
+func (c *BucketsGetIamPolicyCall) doRequest(alt string) (*http.Response, error) {
+	reqHeaders := make(http.Header)
+	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
+	for k, v := range c.header_ {
+		reqHeaders[k] = v
+	}
+	reqHeaders.Set("User-Agent", c.s.userAgent())
+	if c.ifNoneMatch_ != "" {
+		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
+	}
+	var body io.Reader = nil
+	c.urlParams_.Set("alt", alt)
+	c.urlParams_.Set("prettyPrint", "false")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "b/{bucket}/iam")
+	urls += "?" + c.urlParams_.Encode()
+	req, err := http.NewRequest("GET", urls, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = reqHeaders
+	googleapi.Expand(req.URL, map[string]string{
+		"bucket": c.bucket,
+	})
+	return gensupport.SendRequest(c.ctx_, c.s.client, req)
+}
+
+// Do executes the "storage.buckets.getIamPolicy" call.
+// Exactly one of *Policy or error will be non-nil. Any non-2xx status
+// code is an error. Response headers are in either
+// *Policy.ServerResponse.Header or (if a response was returned at all)
+// in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to
+// check whether the returned error was because http.StatusNotModified
+// was returned.
+func (c *BucketsGetIamPolicyCall) Do(opts ...googleapi.CallOption) (*Policy, error) {
+	gensupport.SetOptions(c.urlParams_, opts...)
+	res, err := c.doRequest("json")
+	if res != nil && res.StatusCode == http.StatusNotModified {
+		if res.Body != nil {
+			res.Body.Close()
+		}
+		return nil, gensupport.WrapError(&googleapi.Error{
+			Code:   res.StatusCode,
+			Header: res.Header,
+		})
+	}
+	if err != nil {
+		return nil, err
+	}
+	defer googleapi.CloseBody(res)
+	if err := googleapi.CheckResponse(res); err != nil {
+		return nil, gensupport.WrapError(err)
+	}
+	ret := &Policy{
+		ServerResponse: googleapi.ServerResponse{
+			Header:         res.Header,
+			HTTPStatusCode: res.StatusCode,
+		},
+	}
+	target := &ret
+	if err := gensupport.DecodeResponse(target, res); err != nil {
+		return nil, err
+	}
+	return ret, nil
+	// {
+	//   "description": "Returns an IAM policy for the specified bucket.",
+	//   "httpMethod": "GET",
+	//   "id": "storage.buckets.getIamPolicy",
+	//   "parameterOrder": [
+	//     "bucket"
+	//   ],
+	//   "parameters": {
+	//     "bucket": {
+	//       "description": "Name of a bucket.",
+	//       "location": "path",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "optionsRequestedPolicyVersion": {
+	//       "description": "The IAM policy format version to be returned. If the optionsRequestedPolicyVersion is for an older version that doesn't support part of the requested IAM policy, the request fails.",
+	//       "format": "int32",
+	//       "location": "query",
+	//       "minimum": "1",
+	//       "type": "integer"
+	//     },
+	//     "userProject": {
+	//       "description": "The project to be billed for this request. Required for Requester Pays buckets.",
+	//       "location": "query",
+	//       "type": "string"
+	//     }
+	//   },
+	//   "path": "b/{bucket}/iam",
+	//   "response": {
+	//     "$ref": "Policy"
+	//   },
+	//   "scopes": [
+	//     "https://www.googleapis.com/auth/cloud-platform",
+	//     "https://www.googleapis.com/auth/devstorage.full_control"
+	//   ]
+	// }
+
+}
+
+// method id "storage.buckets.insert":
+
+type BucketsInsertCall struct {
+	s          *Service
+	bucket     *Bucket
+	urlParams_ gensupport.URLParams
+	ctx_       context.Context
+	header_    http.Header
+}
+
+// Insert: Creates a new bucket.
+//
+// - project: A valid API project identifier.
+func (r *BucketsService) Insert(projectid string, bucket *Bucket) *BucketsInsertCall {
+	c := &BucketsInsertCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+	c.urlParams_.Set("project", projectid)
+	c.bucket = bucket
+	return c
+}
+
+// PredefinedAcl sets the optional parameter "predefinedAcl": Apply a
+// predefined set of access controls to this bucket.
+//
+// Possible values:
+//
+//	"authenticatedRead" - Project team owners get OWNER access, and
+//
+// allAuthenticatedUsers get READER access.
+//
+//	"private" - Project team owners get OWNER access.
+//	"projectPrivate" - Project team members get access according to
+//
+// their roles.
+//
+//	"publicRead" - Project team owners get OWNER access, and allUsers
+//
+// get READER access.
+//
+//	"publicReadWrite" - Project team owners get OWNER access, and
+//
+// allUsers get WRITER access.
+func (c *BucketsInsertCall) PredefinedAcl(predefinedAcl string) *BucketsInsertCall {
+	c.urlParams_.Set("predefinedAcl", predefinedAcl)
+	return c
+}
+
+// PredefinedDefaultObjectAcl sets the optional parameter
+// "predefinedDefaultObjectAcl": Apply a predefined set of default
+// object access controls to this bucket.
+//
+// Possible values:
+//
+//	"authenticatedRead" - Object owner gets OWNER access, and
+//
+// allAuthenticatedUsers get READER access.
+//
+//	"bucketOwnerFullControl" - Object owner gets OWNER access, and
+//
+// project team owners get OWNER access.
+//
+//	"bucketOwnerRead" - Object owner gets OWNER access, and project
+//
+// team owners get READER access.
+//
+//	"private" - Object owner gets OWNER access.
+//	"projectPrivate" - Object owner gets OWNER access, and project team
+//
+// members get access according to their roles.
+//
+//	"publicRead" - Object owner gets OWNER access, and allUsers get
+//
+// READER access.
+func (c *BucketsInsertCall) PredefinedDefaultObjectAcl(predefinedDefaultObjectAcl string) *BucketsInsertCall {
+	c.urlParams_.Set("predefinedDefaultObjectAcl", predefinedDefaultObjectAcl)
+	return c
+}
+
+// Projection sets the optional parameter "projection": Set of
+// properties to return. Defaults to noAcl, unless the bucket resource
+// specifies acl or defaultObjectAcl properties, when it defaults to
+// full.
+//
+// Possible values:
+//
+//	"full" - Include all properties.
+//	"noAcl" - Omit owner, acl and defaultObjectAcl properties.
+func (c *BucketsInsertCall) Projection(projection string) *BucketsInsertCall {
+	c.urlParams_.Set("projection", projection)
+	return c
+}
+
+// UserProject sets the optional parameter "userProject": The project to
+// be billed for this request.
+func (c *BucketsInsertCall) UserProject(userProject string) *BucketsInsertCall {
+	c.urlParams_.Set("userProject", userProject)
+	return c
+}
+
+// Fields allows partial responses to be retrieved. See
+// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
+// for more information.
+func (c *BucketsInsertCall) Fields(s ...googleapi.Field) *BucketsInsertCall {
+	c.urlParams_.Set("fields", googleapi.CombineFields(s))
+	return c
+}
+
+// Context sets the context to be used in this call's Do method. Any
+// pending HTTP request will be aborted if the provided context is
+// canceled.
+func (c *BucketsInsertCall) Context(ctx context.Context) *BucketsInsertCall {
+	c.ctx_ = ctx
+	return c
+}
+
+// Header returns an http.Header that can be modified by the caller to
+// add HTTP headers to the request.
+func (c *BucketsInsertCall) Header() http.Header {
+	if c.header_ == nil {
+		c.header_ = make(http.Header)
+	}
+	return c.header_
+}
+
+func (c *BucketsInsertCall) doRequest(alt string) (*http.Response, error) {
+	reqHeaders := make(http.Header)
+	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
+	for k, v := range c.header_ {
+		reqHeaders[k] = v
+	}
+	reqHeaders.Set("User-Agent", c.s.userAgent())
+	var body io.Reader = nil
+	body, err := googleapi.WithoutDataWrapper.JSONReader(c.bucket)
+	if err != nil {
+		return nil, err
+	}
+	reqHeaders.Set("Content-Type", "application/json")
+	c.urlParams_.Set("alt", alt)
+	c.urlParams_.Set("prettyPrint", "false")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "b")
+	urls += "?" + c.urlParams_.Encode()
+	req, err := http.NewRequest("POST", urls, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = reqHeaders
+	return gensupport.SendRequest(c.ctx_, c.s.client, req)
+}
+
+// Do executes the "storage.buckets.insert" call.
+// Exactly one of *Bucket or error will be non-nil. Any non-2xx status
+// code is an error. Response headers are in either
+// *Bucket.ServerResponse.Header or (if a response was returned at all)
+// in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to
+// check whether the returned error was because http.StatusNotModified
+// was returned.
+func (c *BucketsInsertCall) Do(opts ...googleapi.CallOption) (*Bucket, error) {
+	gensupport.SetOptions(c.urlParams_, opts...)
+	res, err := c.doRequest("json")
+	if res != nil && res.StatusCode == http.StatusNotModified {
+		if res.Body != nil {
+			res.Body.Close()
+		}
+		return nil, gensupport.WrapError(&googleapi.Error{
+			Code:   res.StatusCode,
+			Header: res.Header,
+		})
+	}
+	if err != nil {
+		return nil, err
+	}
+	defer googleapi.CloseBody(res)
+	if err := googleapi.CheckResponse(res); err != nil {
+		return nil, gensupport.WrapError(err)
+	}
+	ret := &Bucket{
+		ServerResponse: googleapi.ServerResponse{
+			Header:         res.Header,
+			HTTPStatusCode: res.StatusCode,
+		},
+	}
+	target := &ret
+	if err := gensupport.DecodeResponse(target, res); err != nil {
+		return nil, err
+	}
+	return ret, nil
+	// {
+	//   "description": "Creates a new bucket.",
+	//   "httpMethod": "POST",
+	//   "id": "storage.buckets.insert",
+	//   "parameterOrder": [
+	//     "project"
+	//   ],
+	//   "parameters": {
+	//     "predefinedAcl": {
+	//       "description": "Apply a predefined set of access controls to this bucket.",
+	//       "enum": [
+	//         "authenticatedRead",
+	//         "private",
+	//         "projectPrivate",
+	//         "publicRead",
+	//         "publicReadWrite"
+	//       ],
+	//       "enumDescriptions": [
+	//         "Project team owners get OWNER access, and allAuthenticatedUsers get READER access.",
+	//         "Project team owners get OWNER access.",
+	//         "Project team members get access according to their roles.",
+	//         "Project team owners get OWNER access, and allUsers get READER access.",
+	//         "Project team owners get OWNER access, and allUsers get WRITER access."
+	//       ],
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "predefinedDefaultObjectAcl": {
+	//       "description": "Apply a predefined set of default object access controls to this bucket.",
+	//       "enum": [
+	//         "authenticatedRead",
+	//         "bucketOwnerFullControl",
+	//         "bucketOwnerRead",
+	//         "private",
+	//         "projectPrivate",
+	//         "publicRead"
+	//       ],
+	//       "enumDescriptions": [
+	//         "Object owner gets OWNER access, and allAuthenticatedUsers get READER access.",
+	//         "Object owner gets OWNER access, and project team owners get OWNER access.",
+	//         "Object owner gets OWNER access, and project team owners get READER access.",
+	//         "Object owner gets OWNER access.",
+	//         "Object owner gets OWNER access, and project team members get access according to their roles.",
+	//         "Object owner gets OWNER access, and allUsers get READER access."
+	//       ],
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "project": {
+	//       "description": "A valid API project identifier.",
+	//       "location": "query",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "projection": {
+	//       "description": "Set of properties to return. Defaults to noAcl, unless the bucket resource specifies acl or defaultObjectAcl properties, when it defaults to full.",
+	//       "enum": [
+	//         "full",
+	//         "noAcl"
+	//       ],
+	//       "enumDescriptions": [
+	//         "Include all properties.",
+	//         "Omit owner, acl and defaultObjectAcl properties."
+	//       ],
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "userProject": {
+	//       "description": "The project to be billed for this request.",
+	//       "location": "query",
+	//       "type": "string"
+	//     }
+	//   },
+	//   "path": "b",
+	//   "request": {
+	//     "$ref": "Bucket"
+	//   },
+	//   "response": {
+	//     "$ref": "Bucket"
+	//   },
+	//   "scopes": [
+	//     "https://www.googleapis.com/auth/cloud-platform",
+	//     "https://www.googleapis.com/auth/devstorage.full_control",
+	//     "https://www.googleapis.com/auth/devstorage.read_write"
+	//   ]
+	// }
+
+}
+
+// method id "storage.buckets.list":
+
+type BucketsListCall struct {
+	s            *Service
+	urlParams_   gensupport.URLParams
+	ifNoneMatch_ string
+	ctx_         context.Context
+	header_      http.Header
+}
+
+// List: Retrieves a list of buckets for a given project.
+//
+// - project: A valid API project identifier.
+func (r *BucketsService) List(projectid string) *BucketsListCall {
+	c := &BucketsListCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+	c.urlParams_.Set("project", projectid)
+	return c
+}
+
+// MaxResults sets the optional parameter "maxResults": Maximum number
+// of buckets to return in a single response. The service will use this
+// parameter or 1,000 items, whichever is smaller.
+func (c *BucketsListCall) MaxResults(maxResults int64) *BucketsListCall {
+	c.urlParams_.Set("maxResults", fmt.Sprint(maxResults))
+	return c
+}
+
+// PageToken sets the optional parameter "pageToken": A
+// previously-returned page token representing part of the larger set of
+// results to view.
+func (c *BucketsListCall) PageToken(pageToken string) *BucketsListCall {
+	c.urlParams_.Set("pageToken", pageToken)
+	return c
+}
+
+// Prefix sets the optional parameter "prefix": Filter results to
+// buckets whose names begin with this prefix.
+func (c *BucketsListCall) Prefix(prefix string) *BucketsListCall {
+	c.urlParams_.Set("prefix", prefix)
+	return c
+}
+
+// Projection sets the optional parameter "projection": Set of
+// properties to return. Defaults to noAcl.
+//
+// Possible values:
+//
+//	"full" - Include all properties.
+//	"noAcl" - Omit owner, acl and defaultObjectAcl properties.
+func (c *BucketsListCall) Projection(projection string) *BucketsListCall {
+	c.urlParams_.Set("projection", projection)
+	return c
+}
+
+// UserProject sets the optional parameter "userProject": The project to
+// be billed for this request.
+func (c *BucketsListCall) UserProject(userProject string) *BucketsListCall {
+	c.urlParams_.Set("userProject", userProject)
+	return c
+}
+
+// Fields allows partial responses to be retrieved. See
+// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
+// for more information.
+func (c *BucketsListCall) Fields(s ...googleapi.Field) *BucketsListCall {
+	c.urlParams_.Set("fields", googleapi.CombineFields(s))
+	return c
+}
+
+// IfNoneMatch sets the optional parameter which makes the operation
+// fail if the object's ETag matches the given value. This is useful for
+// getting updates only after the object has changed since the last
+// request. Use googleapi.IsNotModified to check whether the response
+// error from Do is the result of In-None-Match.
+func (c *BucketsListCall) IfNoneMatch(entityTag string) *BucketsListCall {
+	c.ifNoneMatch_ = entityTag
+	return c
+}
+
+// Context sets the context to be used in this call's Do method. Any
+// pending HTTP request will be aborted if the provided context is
+// canceled.
+func (c *BucketsListCall) Context(ctx context.Context) *BucketsListCall {
+	c.ctx_ = ctx
+	return c
+}
+
+// Header returns an http.Header that can be modified by the caller to
+// add HTTP headers to the request.
+func (c *BucketsListCall) Header() http.Header {
+	if c.header_ == nil {
+		c.header_ = make(http.Header)
+	}
+	return c.header_
+}
+
+func (c *BucketsListCall) doRequest(alt string) (*http.Response, error) {
+	reqHeaders := make(http.Header)
+	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
+	for k, v := range c.header_ {
+		reqHeaders[k] = v
+	}
+	reqHeaders.Set("User-Agent", c.s.userAgent())
+	if c.ifNoneMatch_ != "" {
+		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
+	}
+	var body io.Reader = nil
+	c.urlParams_.Set("alt", alt)
+	c.urlParams_.Set("prettyPrint", "false")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "b")
+	urls += "?" + c.urlParams_.Encode()
+	req, err := http.NewRequest("GET", urls, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = reqHeaders
+	return gensupport.SendRequest(c.ctx_, c.s.client, req)
+}
+
+// Do executes the "storage.buckets.list" call.
+// Exactly one of *Buckets or error will be non-nil. Any non-2xx status
+// code is an error. Response headers are in either
+// *Buckets.ServerResponse.Header or (if a response was returned at all)
+// in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to
+// check whether the returned error was because http.StatusNotModified
+// was returned.
+func (c *BucketsListCall) Do(opts ...googleapi.CallOption) (*Buckets, error) {
+	gensupport.SetOptions(c.urlParams_, opts...)
+	res, err := c.doRequest("json")
+	if res != nil && res.StatusCode == http.StatusNotModified {
+		if res.Body != nil {
+			res.Body.Close()
+		}
+		return nil, gensupport.WrapError(&googleapi.Error{
+			Code:   res.StatusCode,
+			Header: res.Header,
+		})
+	}
+	if err != nil {
+		return nil, err
+	}
+	defer googleapi.CloseBody(res)
+	if err := googleapi.CheckResponse(res); err != nil {
+		return nil, gensupport.WrapError(err)
+	}
+	ret := &Buckets{
+		ServerResponse: googleapi.ServerResponse{
+			Header:         res.Header,
+			HTTPStatusCode: res.StatusCode,
+		},
+	}
+	target := &ret
+	if err := gensupport.DecodeResponse(target, res); err != nil {
+		return nil, err
+	}
+	return ret, nil
+	// {
+	//   "description": "Retrieves a list of buckets for a given project.",
+	//   "httpMethod": "GET",
+	//   "id": "storage.buckets.list",
+	//   "parameterOrder": [
+	//     "project"
+	//   ],
+	//   "parameters": {
+	//     "maxResults": {
+	//       "default": "1000",
+	//       "description": "Maximum number of buckets to return in a single response. The service will use this parameter or 1,000 items, whichever is smaller.",
+	//       "format": "uint32",
+	//       "location": "query",
+	//       "minimum": "0",
+	//       "type": "integer"
+	//     },
+	//     "pageToken": {
+	//       "description": "A previously-returned page token representing part of the larger set of results to view.",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "prefix": {
+	//       "description": "Filter results to buckets whose names begin with this prefix.",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "project": {
+	//       "description": "A valid API project identifier.",
+	//       "location": "query",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "projection": {
+	//       "description": "Set of properties to return. Defaults to noAcl.",
+	//       "enum": [
+	//         "full",
+	//         "noAcl"
+	//       ],
+	//       "enumDescriptions": [
+	//         "Include all properties.",
+	//         "Omit owner, acl and defaultObjectAcl properties."
+	//       ],
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "userProject": {
+	//       "description": "The project to be billed for this request.",
+	//       "location": "query",
+	//       "type": "string"
+	//     }
+	//   },
+	//   "path": "b",
+	//   "response": {
+	//     "$ref": "Buckets"
+	//   },
+	//   "scopes": [
+	//     "https://www.googleapis.com/auth/cloud-platform",
+	//     "https://www.googleapis.com/auth/cloud-platform.read-only",
+	//     "https://www.googleapis.com/auth/devstorage.full_control",
+	//     "https://www.googleapis.com/auth/devstorage.read_only",
+	//     "https://www.googleapis.com/auth/devstorage.read_write"
+	//   ]
+	// }
+
+}
+
+// Pages invokes f for each page of results.
+// A non-nil error returned from f will halt the iteration.
+// The provided context supersedes any context provided to the Context method.
+func (c *BucketsListCall) Pages(ctx context.Context, f func(*Buckets) error) error {
+	c.ctx_ = ctx
+	defer c.PageToken(c.urlParams_.Get("pageToken")) // reset paging to original point
+	for {
+		x, err := c.Do()
+		if err != nil {
+			return err
+		}
+		if err := f(x); err != nil {
+			return err
+		}
+		if x.NextPageToken == "" {
+			return nil
+		}
+		c.PageToken(x.NextPageToken)
+	}
+}
+
+// method id "storage.buckets.lockRetentionPolicy":
+
+type BucketsLockRetentionPolicyCall struct {
+	s          *Service
+	bucket     string
+	urlParams_ gensupport.URLParams
+	ctx_       context.Context
+	header_    http.Header
+}
+
+// LockRetentionPolicy: Locks retention policy on a bucket.
+//
+//   - bucket: Name of a bucket.
+//   - ifMetagenerationMatch: Makes the operation conditional on whether
+//     bucket's current metageneration matches the given value.
+func (r *BucketsService) LockRetentionPolicy(bucket string, ifMetagenerationMatch int64) *BucketsLockRetentionPolicyCall {
+	c := &BucketsLockRetentionPolicyCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+	c.bucket = bucket
+	c.urlParams_.Set("ifMetagenerationMatch", fmt.Sprint(ifMetagenerationMatch))
+	return c
+}
+
+// UserProject sets the optional parameter "userProject": The project to
+// be billed for this request. Required for Requester Pays buckets.
+func (c *BucketsLockRetentionPolicyCall) UserProject(userProject string) *BucketsLockRetentionPolicyCall {
+	c.urlParams_.Set("userProject", userProject)
+	return c
+}
+
+// Fields allows partial responses to be retrieved. See
+// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
+// for more information.
+func (c *BucketsLockRetentionPolicyCall) Fields(s ...googleapi.Field) *BucketsLockRetentionPolicyCall {
+	c.urlParams_.Set("fields", googleapi.CombineFields(s))
+	return c
+}
+
+// Context sets the context to be used in this call's Do method. Any
+// pending HTTP request will be aborted if the provided context is
+// canceled.
+func (c *BucketsLockRetentionPolicyCall) Context(ctx context.Context) *BucketsLockRetentionPolicyCall {
+	c.ctx_ = ctx
+	return c
+}
+
+// Header returns an http.Header that can be modified by the caller to
+// add HTTP headers to the request.
+func (c *BucketsLockRetentionPolicyCall) Header() http.Header {
+	if c.header_ == nil {
+		c.header_ = make(http.Header)
+	}
+	return c.header_
+}
+
+func (c *BucketsLockRetentionPolicyCall) doRequest(alt string) (*http.Response, error) {
+	reqHeaders := make(http.Header)
+	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
+	for k, v := range c.header_ {
+		reqHeaders[k] = v
+	}
+	reqHeaders.Set("User-Agent", c.s.userAgent())
+	var body io.Reader = nil
+	c.urlParams_.Set("alt", alt)
+	c.urlParams_.Set("prettyPrint", "false")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "b/{bucket}/lockRetentionPolicy")
+	urls += "?" + c.urlParams_.Encode()
+	req, err := http.NewRequest("POST", urls, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = reqHeaders
+	googleapi.Expand(req.URL, map[string]string{
+		"bucket": c.bucket,
+	})
+	return gensupport.SendRequest(c.ctx_, c.s.client, req)
+}
+
+// Do executes the "storage.buckets.lockRetentionPolicy" call.
+// Exactly one of *Bucket or error will be non-nil. Any non-2xx status
+// code is an error. Response headers are in either
+// *Bucket.ServerResponse.Header or (if a response was returned at all)
+// in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to
+// check whether the returned error was because http.StatusNotModified
+// was returned.
+func (c *BucketsLockRetentionPolicyCall) Do(opts ...googleapi.CallOption) (*Bucket, error) {
+	gensupport.SetOptions(c.urlParams_, opts...)
+	res, err := c.doRequest("json")
+	if res != nil && res.StatusCode == http.StatusNotModified {
+		if res.Body != nil {
+			res.Body.Close()
+		}
+		return nil, gensupport.WrapError(&googleapi.Error{
+			Code:   res.StatusCode,
+			Header: res.Header,
+		})
+	}
+	if err != nil {
+		return nil, err
+	}
+	defer googleapi.CloseBody(res)
+	if err := googleapi.CheckResponse(res); err != nil {
+		return nil, gensupport.WrapError(err)
+	}
+	ret := &Bucket{
+		ServerResponse: googleapi.ServerResponse{
+			Header:         res.Header,
+			HTTPStatusCode: res.StatusCode,
+		},
+	}
+	target := &ret
+	if err := gensupport.DecodeResponse(target, res); err != nil {
+		return nil, err
+	}
+	return ret, nil
+	// {
+	//   "description": "Locks retention policy on a bucket.",
+	//   "httpMethod": "POST",
+	//   "id": "storage.buckets.lockRetentionPolicy",
+	//   "parameterOrder": [
+	//     "bucket",
+	//     "ifMetagenerationMatch"
+	//   ],
+	//   "parameters": {
+	//     "bucket": {
+	//       "description": "Name of a bucket.",
+	//       "location": "path",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "ifMetagenerationMatch": {
+	//       "description": "Makes the operation conditional on whether bucket's current metageneration matches the given value.",
+	//       "format": "int64",
+	//       "location": "query",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "userProject": {
+	//       "description": "The project to be billed for this request. Required for Requester Pays buckets.",
+	//       "location": "query",
+	//       "type": "string"
+	//     }
+	//   },
+	//   "path": "b/{bucket}/lockRetentionPolicy",
+	//   "response": {
+	//     "$ref": "Bucket"
+	//   },
+	//   "scopes": [
+	//     "https://www.googleapis.com/auth/cloud-platform",
+	//     "https://www.googleapis.com/auth/devstorage.full_control",
+	//     "https://www.googleapis.com/auth/devstorage.read_write"
+	//   ]
+	// }
+
+}
+
+// method id "storage.buckets.patch":
+
+type BucketsPatchCall struct {
+	s          *Service
+	bucket     string
+	bucket2    *Bucket
+	urlParams_ gensupport.URLParams
+	ctx_       context.Context
+	header_    http.Header
+}
+
+// Patch: Patches a bucket. Changes to the bucket will be readable
+// immediately after writing, but configuration changes may take time to
+// propagate.
+//
+// - bucket: Name of a bucket.
+func (r *BucketsService) Patch(bucket string, bucket2 *Bucket) *BucketsPatchCall {
+	c := &BucketsPatchCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+	c.bucket = bucket
+	c.bucket2 = bucket2
+	return c
+}
+
+// IfMetagenerationMatch sets the optional parameter
+// "ifMetagenerationMatch": Makes the return of the bucket metadata
+// conditional on whether the bucket's current metageneration matches
+// the given value.
+func (c *BucketsPatchCall) IfMetagenerationMatch(ifMetagenerationMatch int64) *BucketsPatchCall {
+	c.urlParams_.Set("ifMetagenerationMatch", fmt.Sprint(ifMetagenerationMatch))
+	return c
+}
+
+// IfMetagenerationNotMatch sets the optional parameter
+// "ifMetagenerationNotMatch": Makes the return of the bucket metadata
+// conditional on whether the bucket's current metageneration does not
+// match the given value.
+func (c *BucketsPatchCall) IfMetagenerationNotMatch(ifMetagenerationNotMatch int64) *BucketsPatchCall {
+	c.urlParams_.Set("ifMetagenerationNotMatch", fmt.Sprint(ifMetagenerationNotMatch))
+	return c
+}
+
+// PredefinedAcl sets the optional parameter "predefinedAcl": Apply a
+// predefined set of access controls to this bucket.
+//
+// Possible values:
+//
+//	"authenticatedRead" - Project team owners get OWNER access, and
+//
+// allAuthenticatedUsers get READER access.
+//
+//	"private" - Project team owners get OWNER access.
+//	"projectPrivate" - Project team members get access according to
+//
+// their roles.
+//
+//	"publicRead" - Project team owners get OWNER access, and allUsers
+//
+// get READER access.
+//
+//	"publicReadWrite" - Project team owners get OWNER access, and
+//
+// allUsers get WRITER access.
+func (c *BucketsPatchCall) PredefinedAcl(predefinedAcl string) *BucketsPatchCall {
+	c.urlParams_.Set("predefinedAcl", predefinedAcl)
+	return c
+}
+
+// PredefinedDefaultObjectAcl sets the optional parameter
+// "predefinedDefaultObjectAcl": Apply a predefined set of default
+// object access controls to this bucket.
+//
+// Possible values:
+//
+//	"authenticatedRead" - Object owner gets OWNER access, and
+//
+// allAuthenticatedUsers get READER access.
+//
+//	"bucketOwnerFullControl" - Object owner gets OWNER access, and
+//
+// project team owners get OWNER access.
+//
+//	"bucketOwnerRead" - Object owner gets OWNER access, and project
+//
+// team owners get READER access.
+//
+//	"private" - Object owner gets OWNER access.
+//	"projectPrivate" - Object owner gets OWNER access, and project team
+//
+// members get access according to their roles.
+//
+//	"publicRead" - Object owner gets OWNER access, and allUsers get
+//
+// READER access.
+func (c *BucketsPatchCall) PredefinedDefaultObjectAcl(predefinedDefaultObjectAcl string) *BucketsPatchCall {
+	c.urlParams_.Set("predefinedDefaultObjectAcl", predefinedDefaultObjectAcl)
+	return c
+}
+
+// Projection sets the optional parameter "projection": Set of
+// properties to return. Defaults to full.
+//
+// Possible values:
+//
+//	"full" - Include all properties.
+//	"noAcl" - Omit owner, acl and defaultObjectAcl properties.
+func (c *BucketsPatchCall) Projection(projection string) *BucketsPatchCall {
+	c.urlParams_.Set("projection", projection)
+	return c
+}
+
+// UserProject sets the optional parameter "userProject": The project to
+// be billed for this request. Required for Requester Pays buckets.
+func (c *BucketsPatchCall) UserProject(userProject string) *BucketsPatchCall {
+	c.urlParams_.Set("userProject", userProject)
+	return c
+}
+
+// Fields allows partial responses to be retrieved. See
+// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
+// for more information.
+func (c *BucketsPatchCall) Fields(s ...googleapi.Field) *BucketsPatchCall {
+	c.urlParams_.Set("fields", googleapi.CombineFields(s))
+	return c
+}
+
+// Context sets the context to be used in this call's Do method. Any
+// pending HTTP request will be aborted if the provided context is
+// canceled.
+func (c *BucketsPatchCall) Context(ctx context.Context) *BucketsPatchCall {
+	c.ctx_ = ctx
+	return c
+}
+
+// Header returns an http.Header that can be modified by the caller to
+// add HTTP headers to the request.
+func (c *BucketsPatchCall) Header() http.Header {
+	if c.header_ == nil {
+		c.header_ = make(http.Header)
+	}
+	return c.header_
+}
+
+func (c *BucketsPatchCall) doRequest(alt string) (*http.Response, error) {
+	reqHeaders := make(http.Header)
+	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
+	for k, v := range c.header_ {
+		reqHeaders[k] = v
+	}
+	reqHeaders.Set("User-Agent", c.s.userAgent())
+	var body io.Reader = nil
+	body, err := googleapi.WithoutDataWrapper.JSONReader(c.bucket2)
+	if err != nil {
+		return nil, err
+	}
+	reqHeaders.Set("Content-Type", "application/json")
+	c.urlParams_.Set("alt", alt)
+	c.urlParams_.Set("prettyPrint", "false")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "b/{bucket}")
+	urls += "?" + c.urlParams_.Encode()
+	req, err := http.NewRequest("PATCH", urls, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = reqHeaders
+	googleapi.Expand(req.URL, map[string]string{
+		"bucket": c.bucket,
+	})
+	return gensupport.SendRequest(c.ctx_, c.s.client, req)
+}
+
+// Do executes the "storage.buckets.patch" call.
+// Exactly one of *Bucket or error will be non-nil. Any non-2xx status
+// code is an error. Response headers are in either
+// *Bucket.ServerResponse.Header or (if a response was returned at all)
+// in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to
+// check whether the returned error was because http.StatusNotModified
+// was returned.
+func (c *BucketsPatchCall) Do(opts ...googleapi.CallOption) (*Bucket, error) {
+	gensupport.SetOptions(c.urlParams_, opts...)
+	res, err := c.doRequest("json")
+	if res != nil && res.StatusCode == http.StatusNotModified {
+		if res.Body != nil {
+			res.Body.Close()
+		}
+		return nil, gensupport.WrapError(&googleapi.Error{
+			Code:   res.StatusCode,
+			Header: res.Header,
+		})
+	}
+	if err != nil {
+		return nil, err
+	}
+	defer googleapi.CloseBody(res)
+	if err := googleapi.CheckResponse(res); err != nil {
+		return nil, gensupport.WrapError(err)
+	}
+	ret := &Bucket{
+		ServerResponse: googleapi.ServerResponse{
+			Header:         res.Header,
+			HTTPStatusCode: res.StatusCode,
+		},
+	}
+	target := &ret
+	if err := gensupport.DecodeResponse(target, res); err != nil {
+		return nil, err
+	}
+	return ret, nil
+	// {
+	//   "description": "Patches a bucket. Changes to the bucket will be readable immediately after writing, but configuration changes may take time to propagate.",
+	//   "httpMethod": "PATCH",
+	//   "id": "storage.buckets.patch",
+	//   "parameterOrder": [
+	//     "bucket"
+	//   ],
+	//   "parameters": {
+	//     "bucket": {
+	//       "description": "Name of a bucket.",
+	//       "location": "path",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "ifMetagenerationMatch": {
+	//       "description": "Makes the return of the bucket metadata conditional on whether the bucket's current metageneration matches the given value.",
+	//       "format": "int64",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "ifMetagenerationNotMatch": {
+	//       "description": "Makes the return of the bucket metadata conditional on whether the bucket's current metageneration does not match the given value.",
+	//       "format": "int64",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "predefinedAcl": {
+	//       "description": "Apply a predefined set of access controls to this bucket.",
+	//       "enum": [
+	//         "authenticatedRead",
+	//         "private",
+	//         "projectPrivate",
+	//         "publicRead",
+	//         "publicReadWrite"
+	//       ],
+	//       "enumDescriptions": [
+	//         "Project team owners get OWNER access, and allAuthenticatedUsers get READER access.",
+	//         "Project team owners get OWNER access.",
+	//         "Project team members get access according to their roles.",
+	//         "Project team owners get OWNER access, and allUsers get READER access.",
+	//         "Project team owners get OWNER access, and allUsers get WRITER access."
+	//       ],
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "predefinedDefaultObjectAcl": {
+	//       "description": "Apply a predefined set of default object access controls to this bucket.",
+	//       "enum": [
+	//         "authenticatedRead",
+	//         "bucketOwnerFullControl",
+	//         "bucketOwnerRead",
+	//         "private",
+	//         "projectPrivate",
+	//         "publicRead"
+	//       ],
+	//       "enumDescriptions": [
+	//         "Object owner gets OWNER access, and allAuthenticatedUsers get READER access.",
+	//         "Object owner gets OWNER access, and project team owners get OWNER access.",
+	//         "Object owner gets OWNER access, and project team owners get READER access.",
+	//         "Object owner gets OWNER access.",
+	//         "Object owner gets OWNER access, and project team members get access according to their roles.",
+	//         "Object owner gets OWNER access, and allUsers get READER access."
+	//       ],
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "projection": {
+	//       "description": "Set of properties to return. Defaults to full.",
+	//       "enum": [
+	//         "full",
+	//         "noAcl"
+	//       ],
+	//       "enumDescriptions": [
+	//         "Include all properties.",
+	//         "Omit owner, acl and defaultObjectAcl properties."
+	//       ],
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "userProject": {
+	//       "description": "The project to be billed for this request. Required for Requester Pays buckets.",
+	//       "location": "query",
+	//       "type": "string"
+	//     }
+	//   },
+	//   "path": "b/{bucket}",
+	//   "request": {
+	//     "$ref": "Bucket"
+	//   },
+	//   "response": {
+	//     "$ref": "Bucket"
+	//   },
+	//   "scopes": [
+	//     "https://www.googleapis.com/auth/cloud-platform",
+	//     "https://www.googleapis.com/auth/devstorage.full_control"
+	//   ]
+	// }
+
+}
+
+// method id "storage.buckets.setIamPolicy":
+
+type BucketsSetIamPolicyCall struct {
+	s          *Service
+	bucket     string
+	policy     *Policy
+	urlParams_ gensupport.URLParams
+	ctx_       context.Context
+	header_    http.Header
+}
+
+// SetIamPolicy: Updates an IAM policy for the specified bucket.
+//
+// - bucket: Name of a bucket.
+func (r *BucketsService) SetIamPolicy(bucket string, policy *Policy) *BucketsSetIamPolicyCall {
+	c := &BucketsSetIamPolicyCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+	c.bucket = bucket
+	c.policy = policy
+	return c
+}
+
+// UserProject sets the optional parameter "userProject": The project to
+// be billed for this request. Required for Requester Pays buckets.
+func (c *BucketsSetIamPolicyCall) UserProject(userProject string) *BucketsSetIamPolicyCall {
+	c.urlParams_.Set("userProject", userProject)
+	return c
+}
+
+// Fields allows partial responses to be retrieved. See
+// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
+// for more information.
+func (c *BucketsSetIamPolicyCall) Fields(s ...googleapi.Field) *BucketsSetIamPolicyCall {
+	c.urlParams_.Set("fields", googleapi.CombineFields(s))
+	return c
+}
+
+// Context sets the context to be used in this call's Do method. Any
+// pending HTTP request will be aborted if the provided context is
+// canceled.
+func (c *BucketsSetIamPolicyCall) Context(ctx context.Context) *BucketsSetIamPolicyCall {
+	c.ctx_ = ctx
+	return c
+}
+
+// Header returns an http.Header that can be modified by the caller to
+// add HTTP headers to the request.
+func (c *BucketsSetIamPolicyCall) Header() http.Header {
+	if c.header_ == nil {
+		c.header_ = make(http.Header)
+	}
+	return c.header_
+}
+
+func (c *BucketsSetIamPolicyCall) doRequest(alt string) (*http.Response, error) {
+	reqHeaders := make(http.Header)
+	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
+	for k, v := range c.header_ {
+		reqHeaders[k] = v
+	}
+	reqHeaders.Set("User-Agent", c.s.userAgent())
+	var body io.Reader = nil
+	body, err := googleapi.WithoutDataWrapper.JSONReader(c.policy)
+	if err != nil {
+		return nil, err
+	}
+	reqHeaders.Set("Content-Type", "application/json")
+	c.urlParams_.Set("alt", alt)
+	c.urlParams_.Set("prettyPrint", "false")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "b/{bucket}/iam")
+	urls += "?" + c.urlParams_.Encode()
+	req, err := http.NewRequest("PUT", urls, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = reqHeaders
+	googleapi.Expand(req.URL, map[string]string{
+		"bucket": c.bucket,
+	})
+	return gensupport.SendRequest(c.ctx_, c.s.client, req)
+}
+
+// Do executes the "storage.buckets.setIamPolicy" call.
+// Exactly one of *Policy or error will be non-nil. Any non-2xx status
+// code is an error. Response headers are in either
+// *Policy.ServerResponse.Header or (if a response was returned at all)
+// in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to
+// check whether the returned error was because http.StatusNotModified
+// was returned.
+func (c *BucketsSetIamPolicyCall) Do(opts ...googleapi.CallOption) (*Policy, error) {
+	gensupport.SetOptions(c.urlParams_, opts...)
+	res, err := c.doRequest("json")
+	if res != nil && res.StatusCode == http.StatusNotModified {
+		if res.Body != nil {
+			res.Body.Close()
+		}
+		return nil, gensupport.WrapError(&googleapi.Error{
+			Code:   res.StatusCode,
+			Header: res.Header,
+		})
+	}
+	if err != nil {
+		return nil, err
+	}
+	defer googleapi.CloseBody(res)
+	if err := googleapi.CheckResponse(res); err != nil {
+		return nil, gensupport.WrapError(err)
+	}
+	ret := &Policy{
+		ServerResponse: googleapi.ServerResponse{
+			Header:         res.Header,
+			HTTPStatusCode: res.StatusCode,
+		},
+	}
+	target := &ret
+	if err := gensupport.DecodeResponse(target, res); err != nil {
+		return nil, err
+	}
+	return ret, nil
+	// {
+	//   "description": "Updates an IAM policy for the specified bucket.",
+	//   "httpMethod": "PUT",
+	//   "id": "storage.buckets.setIamPolicy",
+	//   "parameterOrder": [
+	//     "bucket"
+	//   ],
+	//   "parameters": {
+	//     "bucket": {
+	//       "description": "Name of a bucket.",
+	//       "location": "path",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "userProject": {
+	//       "description": "The project to be billed for this request. Required for Requester Pays buckets.",
+	//       "location": "query",
+	//       "type": "string"
+	//     }
+	//   },
+	//   "path": "b/{bucket}/iam",
+	//   "request": {
+	//     "$ref": "Policy"
+	//   },
+	//   "response": {
+	//     "$ref": "Policy"
+	//   },
+	//   "scopes": [
+	//     "https://www.googleapis.com/auth/cloud-platform",
+	//     "https://www.googleapis.com/auth/devstorage.full_control"
+	//   ]
+	// }
+
+}
+
+// method id "storage.buckets.testIamPermissions":
+
+type BucketsTestIamPermissionsCall struct {
+	s            *Service
+	bucket       string
+	urlParams_   gensupport.URLParams
+	ifNoneMatch_ string
+	ctx_         context.Context
+	header_      http.Header
+}
+
+// TestIamPermissions: Tests a set of permissions on the given bucket to
+// see which, if any, are held by the caller.
+//
+// - bucket: Name of a bucket.
+// - permissions: Permissions to test.
+func (r *BucketsService) TestIamPermissions(bucket string, permissions []string) *BucketsTestIamPermissionsCall {
+	c := &BucketsTestIamPermissionsCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+	c.bucket = bucket
+	c.urlParams_.SetMulti("permissions", append([]string{}, permissions...))
+	return c
+}
+
+// UserProject sets the optional parameter "userProject": The project to
+// be billed for this request. Required for Requester Pays buckets.
+func (c *BucketsTestIamPermissionsCall) UserProject(userProject string) *BucketsTestIamPermissionsCall {
+	c.urlParams_.Set("userProject", userProject)
+	return c
+}
+
+// Fields allows partial responses to be retrieved. See
+// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
+// for more information.
+func (c *BucketsTestIamPermissionsCall) Fields(s ...googleapi.Field) *BucketsTestIamPermissionsCall {
+	c.urlParams_.Set("fields", googleapi.CombineFields(s))
+	return c
+}
+
+// IfNoneMatch sets the optional parameter which makes the operation
+// fail if the object's ETag matches the given value. This is useful for
+// getting updates only after the object has changed since the last
+// request. Use googleapi.IsNotModified to check whether the response
+// error from Do is the result of In-None-Match.
+func (c *BucketsTestIamPermissionsCall) IfNoneMatch(entityTag string) *BucketsTestIamPermissionsCall {
+	c.ifNoneMatch_ = entityTag
+	return c
+}
+
+// Context sets the context to be used in this call's Do method. Any
+// pending HTTP request will be aborted if the provided context is
+// canceled.
+func (c *BucketsTestIamPermissionsCall) Context(ctx context.Context) *BucketsTestIamPermissionsCall {
+	c.ctx_ = ctx
+	return c
+}
+
+// Header returns an http.Header that can be modified by the caller to
+// add HTTP headers to the request.
+func (c *BucketsTestIamPermissionsCall) Header() http.Header {
+	if c.header_ == nil {
+		c.header_ = make(http.Header)
+	}
+	return c.header_
+}
+
+func (c *BucketsTestIamPermissionsCall) doRequest(alt string) (*http.Response, error) {
+	reqHeaders := make(http.Header)
+	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
+	for k, v := range c.header_ {
+		reqHeaders[k] = v
+	}
+	reqHeaders.Set("User-Agent", c.s.userAgent())
+	if c.ifNoneMatch_ != "" {
+		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
+	}
+	var body io.Reader = nil
+	c.urlParams_.Set("alt", alt)
+	c.urlParams_.Set("prettyPrint", "false")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "b/{bucket}/iam/testPermissions")
+	urls += "?" + c.urlParams_.Encode()
+	req, err := http.NewRequest("GET", urls, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = reqHeaders
+	googleapi.Expand(req.URL, map[string]string{
+		"bucket": c.bucket,
+	})
+	return gensupport.SendRequest(c.ctx_, c.s.client, req)
+}
+
+// Do executes the "storage.buckets.testIamPermissions" call.
+// Exactly one of *TestIamPermissionsResponse or error will be non-nil.
+// Any non-2xx status code is an error. Response headers are in either
+// *TestIamPermissionsResponse.ServerResponse.Header or (if a response
+// was returned at all) in error.(*googleapi.Error).Header. Use
+// googleapi.IsNotModified to check whether the returned error was
+// because http.StatusNotModified was returned.
+func (c *BucketsTestIamPermissionsCall) Do(opts ...googleapi.CallOption) (*TestIamPermissionsResponse, error) {
+	gensupport.SetOptions(c.urlParams_, opts...)
+	res, err := c.doRequest("json")
+	if res != nil && res.StatusCode == http.StatusNotModified {
+		if res.Body != nil {
+			res.Body.Close()
+		}
+		return nil, gensupport.WrapError(&googleapi.Error{
+			Code:   res.StatusCode,
+			Header: res.Header,
+		})
+	}
+	if err != nil {
+		return nil, err
+	}
+	defer googleapi.CloseBody(res)
+	if err := googleapi.CheckResponse(res); err != nil {
+		return nil, gensupport.WrapError(err)
+	}
+	ret := &TestIamPermissionsResponse{
+		ServerResponse: googleapi.ServerResponse{
+			Header:         res.Header,
+			HTTPStatusCode: res.StatusCode,
+		},
+	}
+	target := &ret
+	if err := gensupport.DecodeResponse(target, res); err != nil {
+		return nil, err
+	}
+	return ret, nil
+	// {
+	//   "description": "Tests a set of permissions on the given bucket to see which, if any, are held by the caller.",
+	//   "httpMethod": "GET",
+	//   "id": "storage.buckets.testIamPermissions",
+	//   "parameterOrder": [
+	//     "bucket",
+	//     "permissions"
+	//   ],
+	//   "parameters": {
+	//     "bucket": {
+	//       "description": "Name of a bucket.",
+	//       "location": "path",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "permissions": {
+	//       "description": "Permissions to test.",
+	//       "location": "query",
+	//       "repeated": true,
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "userProject": {
+	//       "description": "The project to be billed for this request. Required for Requester Pays buckets.",
+	//       "location": "query",
+	//       "type": "string"
+	//     }
+	//   },
+	//   "path": "b/{bucket}/iam/testPermissions",
+	//   "response": {
+	//     "$ref": "TestIamPermissionsResponse"
+	//   },
+	//   "scopes": [
+	//     "https://www.googleapis.com/auth/cloud-platform",
+	//     "https://www.googleapis.com/auth/cloud-platform.read-only",
+	//     "https://www.googleapis.com/auth/devstorage.full_control",
+	//     "https://www.googleapis.com/auth/devstorage.read_only",
+	//     "https://www.googleapis.com/auth/devstorage.read_write"
+	//   ]
+	// }
+
+}
+
+// method id "storage.buckets.update":
+
+type BucketsUpdateCall struct {
+	s          *Service
+	bucket     string
+	bucket2    *Bucket
+	urlParams_ gensupport.URLParams
+	ctx_       context.Context
+	header_    http.Header
+}
+
+// Update: Updates a bucket. Changes to the bucket will be readable
+// immediately after writing, but configuration changes may take time to
+// propagate.
+//
+// - bucket: Name of a bucket.
+func (r *BucketsService) Update(bucket string, bucket2 *Bucket) *BucketsUpdateCall {
+	c := &BucketsUpdateCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+	c.bucket = bucket
+	c.bucket2 = bucket2
+	return c
+}
+
+// IfMetagenerationMatch sets the optional parameter
+// "ifMetagenerationMatch": Makes the return of the bucket metadata
+// conditional on whether the bucket's current metageneration matches
+// the given value.
+func (c *BucketsUpdateCall) IfMetagenerationMatch(ifMetagenerationMatch int64) *BucketsUpdateCall {
+	c.urlParams_.Set("ifMetagenerationMatch", fmt.Sprint(ifMetagenerationMatch))
+	return c
+}
+
+// IfMetagenerationNotMatch sets the optional parameter
+// "ifMetagenerationNotMatch": Makes the return of the bucket metadata
+// conditional on whether the bucket's current metageneration does not
+// match the given value.
+func (c *BucketsUpdateCall) IfMetagenerationNotMatch(ifMetagenerationNotMatch int64) *BucketsUpdateCall {
+	c.urlParams_.Set("ifMetagenerationNotMatch", fmt.Sprint(ifMetagenerationNotMatch))
+	return c
+}
+
+// PredefinedAcl sets the optional parameter "predefinedAcl": Apply a
+// predefined set of access controls to this bucket.
+//
+// Possible values:
+//
+//	"authenticatedRead" - Project team owners get OWNER access, and
+//
+// allAuthenticatedUsers get READER access.
+//
+//	"private" - Project team owners get OWNER access.
+//	"projectPrivate" - Project team members get access according to
+//
+// their roles.
+//
+//	"publicRead" - Project team owners get OWNER access, and allUsers
+//
+// get READER access.
+//
+//	"publicReadWrite" - Project team owners get OWNER access, and
+//
+// allUsers get WRITER access.
+func (c *BucketsUpdateCall) PredefinedAcl(predefinedAcl string) *BucketsUpdateCall {
+	c.urlParams_.Set("predefinedAcl", predefinedAcl)
+	return c
+}
+
+// PredefinedDefaultObjectAcl sets the optional parameter
+// "predefinedDefaultObjectAcl": Apply a predefined set of default
+// object access controls to this bucket.
+//
+// Possible values:
+//
+//	"authenticatedRead" - Object owner gets OWNER access, and
+//
+// allAuthenticatedUsers get READER access.
+//
+//	"bucketOwnerFullControl" - Object owner gets OWNER access, and
+//
+// project team owners get OWNER access.
+//
+//	"bucketOwnerRead" - Object owner gets OWNER access, and project
+//
+// team owners get READER access.
+//
+//	"private" - Object owner gets OWNER access.
+//	"projectPrivate" - Object owner gets OWNER access, and project team
+//
+// members get access according to their roles.
+//
+//	"publicRead" - Object owner gets OWNER access, and allUsers get
+//
+// READER access.
+func (c *BucketsUpdateCall) PredefinedDefaultObjectAcl(predefinedDefaultObjectAcl string) *BucketsUpdateCall {
+	c.urlParams_.Set("predefinedDefaultObjectAcl", predefinedDefaultObjectAcl)
+	return c
+}
+
+// Projection sets the optional parameter "projection": Set of
+// properties to return. Defaults to full.
+//
+// Possible values:
+//
+//	"full" - Include all properties.
+//	"noAcl" - Omit owner, acl and defaultObjectAcl properties.
+func (c *BucketsUpdateCall) Projection(projection string) *BucketsUpdateCall {
+	c.urlParams_.Set("projection", projection)
+	return c
+}
+
+// UserProject sets the optional parameter "userProject": The project to
+// be billed for this request. Required for Requester Pays buckets.
+func (c *BucketsUpdateCall) UserProject(userProject string) *BucketsUpdateCall {
+	c.urlParams_.Set("userProject", userProject)
+	return c
+}
+
+// Fields allows partial responses to be retrieved. See
+// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
+// for more information.
+func (c *BucketsUpdateCall) Fields(s ...googleapi.Field) *BucketsUpdateCall {
+	c.urlParams_.Set("fields", googleapi.CombineFields(s))
+	return c
+}
+
+// Context sets the context to be used in this call's Do method. Any
+// pending HTTP request will be aborted if the provided context is
+// canceled.
+func (c *BucketsUpdateCall) Context(ctx context.Context) *BucketsUpdateCall {
+	c.ctx_ = ctx
+	return c
+}
+
+// Header returns an http.Header that can be modified by the caller to
+// add HTTP headers to the request.
+func (c *BucketsUpdateCall) Header() http.Header {
+	if c.header_ == nil {
+		c.header_ = make(http.Header)
+	}
+	return c.header_
+}
+
+func (c *BucketsUpdateCall) doRequest(alt string) (*http.Response, error) {
+	reqHeaders := make(http.Header)
+	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
+	for k, v := range c.header_ {
+		reqHeaders[k] = v
+	}
+	reqHeaders.Set("User-Agent", c.s.userAgent())
+	var body io.Reader = nil
+	body, err := googleapi.WithoutDataWrapper.JSONReader(c.bucket2)
+	if err != nil {
+		return nil, err
+	}
+	reqHeaders.Set("Content-Type", "application/json")
+	c.urlParams_.Set("alt", alt)
+	c.urlParams_.Set("prettyPrint", "false")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "b/{bucket}")
+	urls += "?" + c.urlParams_.Encode()
+	req, err := http.NewRequest("PUT", urls, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = reqHeaders
+	googleapi.Expand(req.URL, map[string]string{
+		"bucket": c.bucket,
+	})
+	return gensupport.SendRequest(c.ctx_, c.s.client, req)
+}
+
+// Do executes the "storage.buckets.update" call.
+// Exactly one of *Bucket or error will be non-nil. Any non-2xx status
+// code is an error. Response headers are in either
+// *Bucket.ServerResponse.Header or (if a response was returned at all)
+// in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to
+// check whether the returned error was because http.StatusNotModified
+// was returned.
+func (c *BucketsUpdateCall) Do(opts ...googleapi.CallOption) (*Bucket, error) {
+	gensupport.SetOptions(c.urlParams_, opts...)
+	res, err := c.doRequest("json")
+	if res != nil && res.StatusCode == http.StatusNotModified {
+		if res.Body != nil {
+			res.Body.Close()
+		}
+		return nil, gensupport.WrapError(&googleapi.Error{
+			Code:   res.StatusCode,
+			Header: res.Header,
+		})
+	}
+	if err != nil {
+		return nil, err
+	}
+	defer googleapi.CloseBody(res)
+	if err := googleapi.CheckResponse(res); err != nil {
+		return nil, gensupport.WrapError(err)
+	}
+	ret := &Bucket{
+		ServerResponse: googleapi.ServerResponse{
+			Header:         res.Header,
+			HTTPStatusCode: res.StatusCode,
+		},
+	}
+	target := &ret
+	if err := gensupport.DecodeResponse(target, res); err != nil {
+		return nil, err
+	}
+	return ret, nil
+	// {
+	//   "description": "Updates a bucket. Changes to the bucket will be readable immediately after writing, but configuration changes may take time to propagate.",
+	//   "httpMethod": "PUT",
+	//   "id": "storage.buckets.update",
+	//   "parameterOrder": [
+	//     "bucket"
+	//   ],
+	//   "parameters": {
+	//     "bucket": {
+	//       "description": "Name of a bucket.",
+	//       "location": "path",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "ifMetagenerationMatch": {
+	//       "description": "Makes the return of the bucket metadata conditional on whether the bucket's current metageneration matches the given value.",
+	//       "format": "int64",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "ifMetagenerationNotMatch": {
+	//       "description": "Makes the return of the bucket metadata conditional on whether the bucket's current metageneration does not match the given value.",
+	//       "format": "int64",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "predefinedAcl": {
+	//       "description": "Apply a predefined set of access controls to this bucket.",
+	//       "enum": [
+	//         "authenticatedRead",
+	//         "private",
+	//         "projectPrivate",
+	//         "publicRead",
+	//         "publicReadWrite"
+	//       ],
+	//       "enumDescriptions": [
+	//         "Project team owners get OWNER access, and allAuthenticatedUsers get READER access.",
+	//         "Project team owners get OWNER access.",
+	//         "Project team members get access according to their roles.",
+	//         "Project team owners get OWNER access, and allUsers get READER access.",
+	//         "Project team owners get OWNER access, and allUsers get WRITER access."
+	//       ],
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "predefinedDefaultObjectAcl": {
+	//       "description": "Apply a predefined set of default object access controls to this bucket.",
+	//       "enum": [
+	//         "authenticatedRead",
+	//         "bucketOwnerFullControl",
+	//         "bucketOwnerRead",
+	//         "private",
+	//         "projectPrivate",
+	//         "publicRead"
+	//       ],
+	//       "enumDescriptions": [
+	//         "Object owner gets OWNER access, and allAuthenticatedUsers get READER access.",
+	//         "Object owner gets OWNER access, and project team owners get OWNER access.",
+	//         "Object owner gets OWNER access, and project team owners get READER access.",
+	//         "Object owner gets OWNER access.",
+	//         "Object owner gets OWNER access, and project team members get access according to their roles.",
+	//         "Object owner gets OWNER access, and allUsers get READER access."
+	//       ],
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "projection": {
+	//       "description": "Set of properties to return. Defaults to full.",
+	//       "enum": [
+	//         "full",
+	//         "noAcl"
+	//       ],
+	//       "enumDescriptions": [
+	//         "Include all properties.",
+	//         "Omit owner, acl and defaultObjectAcl properties."
+	//       ],
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "userProject": {
+	//       "description": "The project to be billed for this request. Required for Requester Pays buckets.",
+	//       "location": "query",
+	//       "type": "string"
+	//     }
+	//   },
+	//   "path": "b/{bucket}",
+	//   "request": {
+	//     "$ref": "Bucket"
+	//   },
+	//   "response": {
+	//     "$ref": "Bucket"
+	//   },
+	//   "scopes": [
+	//     "https://www.googleapis.com/auth/cloud-platform",
+	//     "https://www.googleapis.com/auth/devstorage.full_control"
+	//   ]
+	// }
+
+}
+
+// method id "storage.channels.stop":
+
+type ChannelsStopCall struct {
+	s          *Service
+	channel    *Channel
+	urlParams_ gensupport.URLParams
+	ctx_       context.Context
+	header_    http.Header
+}
+
+// Stop: Stop watching resources through this channel
+func (r *ChannelsService) Stop(channel *Channel) *ChannelsStopCall {
+	c := &ChannelsStopCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+	c.channel = channel
+	return c
+}
+
+// Fields allows partial responses to be retrieved. See
+// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
+// for more information.
+func (c *ChannelsStopCall) Fields(s ...googleapi.Field) *ChannelsStopCall {
+	c.urlParams_.Set("fields", googleapi.CombineFields(s))
+	return c
+}
+
+// Context sets the context to be used in this call's Do method. Any
+// pending HTTP request will be aborted if the provided context is
+// canceled.
+func (c *ChannelsStopCall) Context(ctx context.Context) *ChannelsStopCall {
+	c.ctx_ = ctx
+	return c
+}
+
+// Header returns an http.Header that can be modified by the caller to
+// add HTTP headers to the request.
+func (c *ChannelsStopCall) Header() http.Header {
+	if c.header_ == nil {
+		c.header_ = make(http.Header)
+	}
+	return c.header_
+}
+
+func (c *ChannelsStopCall) doRequest(alt string) (*http.Response, error) {
+	reqHeaders := make(http.Header)
+	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
+	for k, v := range c.header_ {
+		reqHeaders[k] = v
+	}
+	reqHeaders.Set("User-Agent", c.s.userAgent())
+	var body io.Reader = nil
+	body, err := googleapi.WithoutDataWrapper.JSONReader(c.channel)
+	if err != nil {
+		return nil, err
+	}
+	reqHeaders.Set("Content-Type", "application/json")
+	c.urlParams_.Set("alt", alt)
+	c.urlParams_.Set("prettyPrint", "false")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "channels/stop")
+	urls += "?" + c.urlParams_.Encode()
+	req, err := http.NewRequest("POST", urls, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = reqHeaders
+	return gensupport.SendRequest(c.ctx_, c.s.client, req)
+}
+
+// Do executes the "storage.channels.stop" call.
+func (c *ChannelsStopCall) Do(opts ...googleapi.CallOption) error {
+	gensupport.SetOptions(c.urlParams_, opts...)
+	res, err := c.doRequest("json")
+	if err != nil {
+		return err
+	}
+	defer googleapi.CloseBody(res)
+	if err := googleapi.CheckResponse(res); err != nil {
+		return gensupport.WrapError(err)
+	}
+	return nil
+	// {
+	//   "description": "Stop watching resources through this channel",
+	//   "httpMethod": "POST",
+	//   "id": "storage.channels.stop",
+	//   "path": "channels/stop",
+	//   "request": {
+	//     "$ref": "Channel",
+	//     "parameterName": "resource"
+	//   },
+	//   "scopes": [
+	//     "https://www.googleapis.com/auth/cloud-platform",
+	//     "https://www.googleapis.com/auth/cloud-platform.read-only",
+	//     "https://www.googleapis.com/auth/devstorage.full_control",
+	//     "https://www.googleapis.com/auth/devstorage.read_only",
+	//     "https://www.googleapis.com/auth/devstorage.read_write"
+	//   ]
+	// }
+
+}
+
+// method id "storage.defaultObjectAccessControls.delete":
+
+type DefaultObjectAccessControlsDeleteCall struct {
+	s          *Service
+	bucket     string
+	entity     string
+	urlParams_ gensupport.URLParams
+	ctx_       context.Context
+	header_    http.Header
+}
+
+// Delete: Permanently deletes the default object ACL entry for the
+// specified entity on the specified bucket.
+//
+//   - bucket: Name of a bucket.
+//   - entity: The entity holding the permission. Can be user-userId,
+//     user-emailAddress, group-groupId, group-emailAddress, allUsers, or
+//     allAuthenticatedUsers.
+func (r *DefaultObjectAccessControlsService) Delete(bucket string, entity string) *DefaultObjectAccessControlsDeleteCall {
+	c := &DefaultObjectAccessControlsDeleteCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+	c.bucket = bucket
+	c.entity = entity
+	return c
+}
+
+// UserProject sets the optional parameter "userProject": The project to
+// be billed for this request. Required for Requester Pays buckets.
+func (c *DefaultObjectAccessControlsDeleteCall) UserProject(userProject string) *DefaultObjectAccessControlsDeleteCall {
+	c.urlParams_.Set("userProject", userProject)
+	return c
+}
+
+// Fields allows partial responses to be retrieved. See
+// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
+// for more information.
+func (c *DefaultObjectAccessControlsDeleteCall) Fields(s ...googleapi.Field) *DefaultObjectAccessControlsDeleteCall {
+	c.urlParams_.Set("fields", googleapi.CombineFields(s))
+	return c
+}
+
+// Context sets the context to be used in this call's Do method. Any
+// pending HTTP request will be aborted if the provided context is
+// canceled.
+func (c *DefaultObjectAccessControlsDeleteCall) Context(ctx context.Context) *DefaultObjectAccessControlsDeleteCall {
+	c.ctx_ = ctx
+	return c
+}
+
+// Header returns an http.Header that can be modified by the caller to
+// add HTTP headers to the request.
+func (c *DefaultObjectAccessControlsDeleteCall) Header() http.Header {
+	if c.header_ == nil {
+		c.header_ = make(http.Header)
+	}
+	return c.header_
+}
+
+func (c *DefaultObjectAccessControlsDeleteCall) doRequest(alt string) (*http.Response, error) {
+	reqHeaders := make(http.Header)
+	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
+	for k, v := range c.header_ {
+		reqHeaders[k] = v
+	}
+	reqHeaders.Set("User-Agent", c.s.userAgent())
+	var body io.Reader = nil
+	c.urlParams_.Set("alt", alt)
+	c.urlParams_.Set("prettyPrint", "false")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "b/{bucket}/defaultObjectAcl/{entity}")
+	urls += "?" + c.urlParams_.Encode()
+	req, err := http.NewRequest("DELETE", urls, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = reqHeaders
+	googleapi.Expand(req.URL, map[string]string{
+		"bucket": c.bucket,
+		"entity": c.entity,
+	})
+	return gensupport.SendRequest(c.ctx_, c.s.client, req)
+}
+
+// Do executes the "storage.defaultObjectAccessControls.delete" call.
+func (c *DefaultObjectAccessControlsDeleteCall) Do(opts ...googleapi.CallOption) error {
+	gensupport.SetOptions(c.urlParams_, opts...)
+	res, err := c.doRequest("json")
+	if err != nil {
+		return err
+	}
+	defer googleapi.CloseBody(res)
+	if err := googleapi.CheckResponse(res); err != nil {
+		return gensupport.WrapError(err)
+	}
+	return nil
+	// {
+	//   "description": "Permanently deletes the default object ACL entry for the specified entity on the specified bucket.",
+	//   "httpMethod": "DELETE",
+	//   "id": "storage.defaultObjectAccessControls.delete",
+	//   "parameterOrder": [
+	//     "bucket",
+	//     "entity"
+	//   ],
+	//   "parameters": {
+	//     "bucket": {
+	//       "description": "Name of a bucket.",
+	//       "location": "path",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "entity": {
+	//       "description": "The entity holding the permission. Can be user-userId, user-emailAddress, group-groupId, group-emailAddress, allUsers, or allAuthenticatedUsers.",
+	//       "location": "path",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "userProject": {
+	//       "description": "The project to be billed for this request. Required for Requester Pays buckets.",
+	//       "location": "query",
+	//       "type": "string"
+	//     }
+	//   },
+	//   "path": "b/{bucket}/defaultObjectAcl/{entity}",
+	//   "scopes": [
+	//     "https://www.googleapis.com/auth/cloud-platform",
+	//     "https://www.googleapis.com/auth/devstorage.full_control"
+	//   ]
+	// }
+
+}
+
+// method id "storage.defaultObjectAccessControls.get":
+
+type DefaultObjectAccessControlsGetCall struct {
+	s            *Service
+	bucket       string
+	entity       string
+	urlParams_   gensupport.URLParams
+	ifNoneMatch_ string
+	ctx_         context.Context
+	header_      http.Header
+}
+
+// Get: Returns the default object ACL entry for the specified entity on
+// the specified bucket.
+//
+//   - bucket: Name of a bucket.
+//   - entity: The entity holding the permission. Can be user-userId,
+//     user-emailAddress, group-groupId, group-emailAddress, allUsers, or
+//     allAuthenticatedUsers.
+func (r *DefaultObjectAccessControlsService) Get(bucket string, entity string) *DefaultObjectAccessControlsGetCall {
+	c := &DefaultObjectAccessControlsGetCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+	c.bucket = bucket
+	c.entity = entity
+	return c
+}
+
+// UserProject sets the optional parameter "userProject": The project to
+// be billed for this request. Required for Requester Pays buckets.
+func (c *DefaultObjectAccessControlsGetCall) UserProject(userProject string) *DefaultObjectAccessControlsGetCall {
+	c.urlParams_.Set("userProject", userProject)
+	return c
+}
+
+// Fields allows partial responses to be retrieved. See
+// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
+// for more information.
+func (c *DefaultObjectAccessControlsGetCall) Fields(s ...googleapi.Field) *DefaultObjectAccessControlsGetCall {
+	c.urlParams_.Set("fields", googleapi.CombineFields(s))
+	return c
+}
+
+// IfNoneMatch sets the optional parameter which makes the operation
+// fail if the object's ETag matches the given value. This is useful for
+// getting updates only after the object has changed since the last
+// request. Use googleapi.IsNotModified to check whether the response
+// error from Do is the result of In-None-Match.
+func (c *DefaultObjectAccessControlsGetCall) IfNoneMatch(entityTag string) *DefaultObjectAccessControlsGetCall {
+	c.ifNoneMatch_ = entityTag
+	return c
+}
+
+// Context sets the context to be used in this call's Do method. Any
+// pending HTTP request will be aborted if the provided context is
+// canceled.
+func (c *DefaultObjectAccessControlsGetCall) Context(ctx context.Context) *DefaultObjectAccessControlsGetCall {
+	c.ctx_ = ctx
+	return c
+}
+
+// Header returns an http.Header that can be modified by the caller to
+// add HTTP headers to the request.
+func (c *DefaultObjectAccessControlsGetCall) Header() http.Header {
+	if c.header_ == nil {
+		c.header_ = make(http.Header)
+	}
+	return c.header_
+}
+
+func (c *DefaultObjectAccessControlsGetCall) doRequest(alt string) (*http.Response, error) {
+	reqHeaders := make(http.Header)
+	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
+	for k, v := range c.header_ {
+		reqHeaders[k] = v
+	}
+	reqHeaders.Set("User-Agent", c.s.userAgent())
+	if c.ifNoneMatch_ != "" {
+		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
+	}
+	var body io.Reader = nil
+	c.urlParams_.Set("alt", alt)
+	c.urlParams_.Set("prettyPrint", "false")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "b/{bucket}/defaultObjectAcl/{entity}")
+	urls += "?" + c.urlParams_.Encode()
+	req, err := http.NewRequest("GET", urls, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = reqHeaders
+	googleapi.Expand(req.URL, map[string]string{
+		"bucket": c.bucket,
+		"entity": c.entity,
+	})
+	return gensupport.SendRequest(c.ctx_, c.s.client, req)
+}
+
+// Do executes the "storage.defaultObjectAccessControls.get" call.
+// Exactly one of *ObjectAccessControl or error will be non-nil. Any
+// non-2xx status code is an error. Response headers are in either
+// *ObjectAccessControl.ServerResponse.Header or (if a response was
+// returned at all) in error.(*googleapi.Error).Header. Use
+// googleapi.IsNotModified to check whether the returned error was
+// because http.StatusNotModified was returned.
+func (c *DefaultObjectAccessControlsGetCall) Do(opts ...googleapi.CallOption) (*ObjectAccessControl, error) {
+	gensupport.SetOptions(c.urlParams_, opts...)
+	res, err := c.doRequest("json")
+	if res != nil && res.StatusCode == http.StatusNotModified {
+		if res.Body != nil {
+			res.Body.Close()
+		}
+		return nil, gensupport.WrapError(&googleapi.Error{
+			Code:   res.StatusCode,
+			Header: res.Header,
+		})
+	}
+	if err != nil {
+		return nil, err
+	}
+	defer googleapi.CloseBody(res)
+	if err := googleapi.CheckResponse(res); err != nil {
+		return nil, gensupport.WrapError(err)
+	}
+	ret := &ObjectAccessControl{
+		ServerResponse: googleapi.ServerResponse{
+			Header:         res.Header,
+			HTTPStatusCode: res.StatusCode,
+		},
+	}
+	target := &ret
+	if err := gensupport.DecodeResponse(target, res); err != nil {
+		return nil, err
+	}
+	return ret, nil
+	// {
+	//   "description": "Returns the default object ACL entry for the specified entity on the specified bucket.",
+	//   "httpMethod": "GET",
+	//   "id": "storage.defaultObjectAccessControls.get",
+	//   "parameterOrder": [
+	//     "bucket",
+	//     "entity"
+	//   ],
+	//   "parameters": {
+	//     "bucket": {
+	//       "description": "Name of a bucket.",
+	//       "location": "path",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "entity": {
+	//       "description": "The entity holding the permission. Can be user-userId, user-emailAddress, group-groupId, group-emailAddress, allUsers, or allAuthenticatedUsers.",
+	//       "location": "path",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "userProject": {
+	//       "description": "The project to be billed for this request. Required for Requester Pays buckets.",
+	//       "location": "query",
+	//       "type": "string"
+	//     }
+	//   },
+	//   "path": "b/{bucket}/defaultObjectAcl/{entity}",
+	//   "response": {
+	//     "$ref": "ObjectAccessControl"
+	//   },
+	//   "scopes": [
+	//     "https://www.googleapis.com/auth/cloud-platform",
+	//     "https://www.googleapis.com/auth/devstorage.full_control"
+	//   ]
+	// }
+
+}
+
+// method id "storage.defaultObjectAccessControls.insert":
+
+type DefaultObjectAccessControlsInsertCall struct {
+	s                   *Service
+	bucket              string
+	objectaccesscontrol *ObjectAccessControl
+	urlParams_          gensupport.URLParams
+	ctx_                context.Context
+	header_             http.Header
+}
+
+// Insert: Creates a new default object ACL entry on the specified
+// bucket.
+//
+// - bucket: Name of a bucket.
+func (r *DefaultObjectAccessControlsService) Insert(bucket string, objectaccesscontrol *ObjectAccessControl) *DefaultObjectAccessControlsInsertCall {
+	c := &DefaultObjectAccessControlsInsertCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+	c.bucket = bucket
+	c.objectaccesscontrol = objectaccesscontrol
+	return c
+}
+
+// UserProject sets the optional parameter "userProject": The project to
+// be billed for this request. Required for Requester Pays buckets.
+func (c *DefaultObjectAccessControlsInsertCall) UserProject(userProject string) *DefaultObjectAccessControlsInsertCall {
+	c.urlParams_.Set("userProject", userProject)
+	return c
+}
+
+// Fields allows partial responses to be retrieved. See
+// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
+// for more information.
+func (c *DefaultObjectAccessControlsInsertCall) Fields(s ...googleapi.Field) *DefaultObjectAccessControlsInsertCall {
+	c.urlParams_.Set("fields", googleapi.CombineFields(s))
+	return c
+}
+
+// Context sets the context to be used in this call's Do method. Any
+// pending HTTP request will be aborted if the provided context is
+// canceled.
+func (c *DefaultObjectAccessControlsInsertCall) Context(ctx context.Context) *DefaultObjectAccessControlsInsertCall {
+	c.ctx_ = ctx
+	return c
+}
+
+// Header returns an http.Header that can be modified by the caller to
+// add HTTP headers to the request.
+func (c *DefaultObjectAccessControlsInsertCall) Header() http.Header {
+	if c.header_ == nil {
+		c.header_ = make(http.Header)
+	}
+	return c.header_
+}
+
+func (c *DefaultObjectAccessControlsInsertCall) doRequest(alt string) (*http.Response, error) {
+	reqHeaders := make(http.Header)
+	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
+	for k, v := range c.header_ {
+		reqHeaders[k] = v
+	}
+	reqHeaders.Set("User-Agent", c.s.userAgent())
+	var body io.Reader = nil
+	body, err := googleapi.WithoutDataWrapper.JSONReader(c.objectaccesscontrol)
+	if err != nil {
+		return nil, err
+	}
+	reqHeaders.Set("Content-Type", "application/json")
+	c.urlParams_.Set("alt", alt)
+	c.urlParams_.Set("prettyPrint", "false")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "b/{bucket}/defaultObjectAcl")
+	urls += "?" + c.urlParams_.Encode()
+	req, err := http.NewRequest("POST", urls, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = reqHeaders
+	googleapi.Expand(req.URL, map[string]string{
+		"bucket": c.bucket,
+	})
+	return gensupport.SendRequest(c.ctx_, c.s.client, req)
+}
+
+// Do executes the "storage.defaultObjectAccessControls.insert" call.
+// Exactly one of *ObjectAccessControl or error will be non-nil. Any
+// non-2xx status code is an error. Response headers are in either
+// *ObjectAccessControl.ServerResponse.Header or (if a response was
+// returned at all) in error.(*googleapi.Error).Header. Use
+// googleapi.IsNotModified to check whether the returned error was
+// because http.StatusNotModified was returned.
+func (c *DefaultObjectAccessControlsInsertCall) Do(opts ...googleapi.CallOption) (*ObjectAccessControl, error) {
+	gensupport.SetOptions(c.urlParams_, opts...)
+	res, err := c.doRequest("json")
+	if res != nil && res.StatusCode == http.StatusNotModified {
+		if res.Body != nil {
+			res.Body.Close()
+		}
+		return nil, gensupport.WrapError(&googleapi.Error{
+			Code:   res.StatusCode,
+			Header: res.Header,
+		})
+	}
+	if err != nil {
+		return nil, err
+	}
+	defer googleapi.CloseBody(res)
+	if err := googleapi.CheckResponse(res); err != nil {
+		return nil, gensupport.WrapError(err)
+	}
+	ret := &ObjectAccessControl{
+		ServerResponse: googleapi.ServerResponse{
+			Header:         res.Header,
+			HTTPStatusCode: res.StatusCode,
+		},
+	}
+	target := &ret
+	if err := gensupport.DecodeResponse(target, res); err != nil {
+		return nil, err
+	}
+	return ret, nil
+	// {
+	//   "description": "Creates a new default object ACL entry on the specified bucket.",
+	//   "httpMethod": "POST",
+	//   "id": "storage.defaultObjectAccessControls.insert",
+	//   "parameterOrder": [
+	//     "bucket"
+	//   ],
+	//   "parameters": {
+	//     "bucket": {
+	//       "description": "Name of a bucket.",
+	//       "location": "path",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "userProject": {
+	//       "description": "The project to be billed for this request. Required for Requester Pays buckets.",
+	//       "location": "query",
+	//       "type": "string"
+	//     }
+	//   },
+	//   "path": "b/{bucket}/defaultObjectAcl",
+	//   "request": {
+	//     "$ref": "ObjectAccessControl"
+	//   },
+	//   "response": {
+	//     "$ref": "ObjectAccessControl"
+	//   },
+	//   "scopes": [
+	//     "https://www.googleapis.com/auth/cloud-platform",
+	//     "https://www.googleapis.com/auth/devstorage.full_control"
+	//   ]
+	// }
+
+}
+
+// method id "storage.defaultObjectAccessControls.list":
+
+type DefaultObjectAccessControlsListCall struct {
+	s            *Service
+	bucket       string
+	urlParams_   gensupport.URLParams
+	ifNoneMatch_ string
+	ctx_         context.Context
+	header_      http.Header
+}
+
+// List: Retrieves default object ACL entries on the specified bucket.
+//
+// - bucket: Name of a bucket.
+func (r *DefaultObjectAccessControlsService) List(bucket string) *DefaultObjectAccessControlsListCall {
+	c := &DefaultObjectAccessControlsListCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+	c.bucket = bucket
+	return c
+}
+
+// IfMetagenerationMatch sets the optional parameter
+// "ifMetagenerationMatch": If present, only return default ACL listing
+// if the bucket's current metageneration matches this value.
+func (c *DefaultObjectAccessControlsListCall) IfMetagenerationMatch(ifMetagenerationMatch int64) *DefaultObjectAccessControlsListCall {
+	c.urlParams_.Set("ifMetagenerationMatch", fmt.Sprint(ifMetagenerationMatch))
+	return c
+}
+
+// IfMetagenerationNotMatch sets the optional parameter
+// "ifMetagenerationNotMatch": If present, only return default ACL
+// listing if the bucket's current metageneration does not match the
+// given value.
+func (c *DefaultObjectAccessControlsListCall) IfMetagenerationNotMatch(ifMetagenerationNotMatch int64) *DefaultObjectAccessControlsListCall {
+	c.urlParams_.Set("ifMetagenerationNotMatch", fmt.Sprint(ifMetagenerationNotMatch))
+	return c
+}
+
+// UserProject sets the optional parameter "userProject": The project to
+// be billed for this request. Required for Requester Pays buckets.
+func (c *DefaultObjectAccessControlsListCall) UserProject(userProject string) *DefaultObjectAccessControlsListCall {
+	c.urlParams_.Set("userProject", userProject)
+	return c
+}
+
+// Fields allows partial responses to be retrieved. See
+// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
+// for more information.
+func (c *DefaultObjectAccessControlsListCall) Fields(s ...googleapi.Field) *DefaultObjectAccessControlsListCall {
+	c.urlParams_.Set("fields", googleapi.CombineFields(s))
+	return c
+}
+
+// IfNoneMatch sets the optional parameter which makes the operation
+// fail if the object's ETag matches the given value. This is useful for
+// getting updates only after the object has changed since the last
+// request. Use googleapi.IsNotModified to check whether the response
+// error from Do is the result of In-None-Match.
+func (c *DefaultObjectAccessControlsListCall) IfNoneMatch(entityTag string) *DefaultObjectAccessControlsListCall {
+	c.ifNoneMatch_ = entityTag
+	return c
+}
+
+// Context sets the context to be used in this call's Do method. Any
+// pending HTTP request will be aborted if the provided context is
+// canceled.
+func (c *DefaultObjectAccessControlsListCall) Context(ctx context.Context) *DefaultObjectAccessControlsListCall {
+	c.ctx_ = ctx
+	return c
+}
+
+// Header returns an http.Header that can be modified by the caller to
+// add HTTP headers to the request.
+func (c *DefaultObjectAccessControlsListCall) Header() http.Header {
+	if c.header_ == nil {
+		c.header_ = make(http.Header)
+	}
+	return c.header_
+}
+
+func (c *DefaultObjectAccessControlsListCall) doRequest(alt string) (*http.Response, error) {
+	reqHeaders := make(http.Header)
+	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
+	for k, v := range c.header_ {
+		reqHeaders[k] = v
+	}
+	reqHeaders.Set("User-Agent", c.s.userAgent())
+	if c.ifNoneMatch_ != "" {
+		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
+	}
+	var body io.Reader = nil
+	c.urlParams_.Set("alt", alt)
+	c.urlParams_.Set("prettyPrint", "false")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "b/{bucket}/defaultObjectAcl")
+	urls += "?" + c.urlParams_.Encode()
+	req, err := http.NewRequest("GET", urls, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = reqHeaders
+	googleapi.Expand(req.URL, map[string]string{
+		"bucket": c.bucket,
+	})
+	return gensupport.SendRequest(c.ctx_, c.s.client, req)
+}
+
+// Do executes the "storage.defaultObjectAccessControls.list" call.
+// Exactly one of *ObjectAccessControls or error will be non-nil. Any
+// non-2xx status code is an error. Response headers are in either
+// *ObjectAccessControls.ServerResponse.Header or (if a response was
+// returned at all) in error.(*googleapi.Error).Header. Use
+// googleapi.IsNotModified to check whether the returned error was
+// because http.StatusNotModified was returned.
+func (c *DefaultObjectAccessControlsListCall) Do(opts ...googleapi.CallOption) (*ObjectAccessControls, error) {
+	gensupport.SetOptions(c.urlParams_, opts...)
+	res, err := c.doRequest("json")
+	if res != nil && res.StatusCode == http.StatusNotModified {
+		if res.Body != nil {
+			res.Body.Close()
+		}
+		return nil, gensupport.WrapError(&googleapi.Error{
+			Code:   res.StatusCode,
+			Header: res.Header,
+		})
+	}
+	if err != nil {
+		return nil, err
+	}
+	defer googleapi.CloseBody(res)
+	if err := googleapi.CheckResponse(res); err != nil {
+		return nil, gensupport.WrapError(err)
+	}
+	ret := &ObjectAccessControls{
+		ServerResponse: googleapi.ServerResponse{
+			Header:         res.Header,
+			HTTPStatusCode: res.StatusCode,
+		},
+	}
+	target := &ret
+	if err := gensupport.DecodeResponse(target, res); err != nil {
+		return nil, err
+	}
+	return ret, nil
+	// {
+	//   "description": "Retrieves default object ACL entries on the specified bucket.",
+	//   "httpMethod": "GET",
+	//   "id": "storage.defaultObjectAccessControls.list",
+	//   "parameterOrder": [
+	//     "bucket"
+	//   ],
+	//   "parameters": {
+	//     "bucket": {
+	//       "description": "Name of a bucket.",
+	//       "location": "path",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "ifMetagenerationMatch": {
+	//       "description": "If present, only return default ACL listing if the bucket's current metageneration matches this value.",
+	//       "format": "int64",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "ifMetagenerationNotMatch": {
+	//       "description": "If present, only return default ACL listing if the bucket's current metageneration does not match the given value.",
+	//       "format": "int64",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "userProject": {
+	//       "description": "The project to be billed for this request. Required for Requester Pays buckets.",
+	//       "location": "query",
+	//       "type": "string"
+	//     }
+	//   },
+	//   "path": "b/{bucket}/defaultObjectAcl",
+	//   "response": {
+	//     "$ref": "ObjectAccessControls"
+	//   },
+	//   "scopes": [
+	//     "https://www.googleapis.com/auth/cloud-platform",
+	//     "https://www.googleapis.com/auth/devstorage.full_control"
+	//   ]
+	// }
+
+}
+
+// method id "storage.defaultObjectAccessControls.patch":
+
+type DefaultObjectAccessControlsPatchCall struct {
+	s                   *Service
+	bucket              string
+	entity              string
+	objectaccesscontrol *ObjectAccessControl
+	urlParams_          gensupport.URLParams
+	ctx_                context.Context
+	header_             http.Header
+}
+
+// Patch: Patches a default object ACL entry on the specified bucket.
+//
+//   - bucket: Name of a bucket.
+//   - entity: The entity holding the permission. Can be user-userId,
+//     user-emailAddress, group-groupId, group-emailAddress, allUsers, or
+//     allAuthenticatedUsers.
+func (r *DefaultObjectAccessControlsService) Patch(bucket string, entity string, objectaccesscontrol *ObjectAccessControl) *DefaultObjectAccessControlsPatchCall {
+	c := &DefaultObjectAccessControlsPatchCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+	c.bucket = bucket
+	c.entity = entity
+	c.objectaccesscontrol = objectaccesscontrol
+	return c
+}
+
+// UserProject sets the optional parameter "userProject": The project to
+// be billed for this request. Required for Requester Pays buckets.
+func (c *DefaultObjectAccessControlsPatchCall) UserProject(userProject string) *DefaultObjectAccessControlsPatchCall {
+	c.urlParams_.Set("userProject", userProject)
+	return c
+}
+
+// Fields allows partial responses to be retrieved. See
+// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
+// for more information.
+func (c *DefaultObjectAccessControlsPatchCall) Fields(s ...googleapi.Field) *DefaultObjectAccessControlsPatchCall {
+	c.urlParams_.Set("fields", googleapi.CombineFields(s))
+	return c
+}
+
+// Context sets the context to be used in this call's Do method. Any
+// pending HTTP request will be aborted if the provided context is
+// canceled.
+func (c *DefaultObjectAccessControlsPatchCall) Context(ctx context.Context) *DefaultObjectAccessControlsPatchCall {
+	c.ctx_ = ctx
+	return c
+}
+
+// Header returns an http.Header that can be modified by the caller to
+// add HTTP headers to the request.
+func (c *DefaultObjectAccessControlsPatchCall) Header() http.Header {
+	if c.header_ == nil {
+		c.header_ = make(http.Header)
+	}
+	return c.header_
+}
+
+func (c *DefaultObjectAccessControlsPatchCall) doRequest(alt string) (*http.Response, error) {
+	reqHeaders := make(http.Header)
+	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
+	for k, v := range c.header_ {
+		reqHeaders[k] = v
+	}
+	reqHeaders.Set("User-Agent", c.s.userAgent())
+	var body io.Reader = nil
+	body, err := googleapi.WithoutDataWrapper.JSONReader(c.objectaccesscontrol)
+	if err != nil {
+		return nil, err
+	}
+	reqHeaders.Set("Content-Type", "application/json")
+	c.urlParams_.Set("alt", alt)
+	c.urlParams_.Set("prettyPrint", "false")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "b/{bucket}/defaultObjectAcl/{entity}")
+	urls += "?" + c.urlParams_.Encode()
+	req, err := http.NewRequest("PATCH", urls, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = reqHeaders
+	googleapi.Expand(req.URL, map[string]string{
+		"bucket": c.bucket,
+		"entity": c.entity,
+	})
+	return gensupport.SendRequest(c.ctx_, c.s.client, req)
+}
+
+// Do executes the "storage.defaultObjectAccessControls.patch" call.
+// Exactly one of *ObjectAccessControl or error will be non-nil. Any
+// non-2xx status code is an error. Response headers are in either
+// *ObjectAccessControl.ServerResponse.Header or (if a response was
+// returned at all) in error.(*googleapi.Error).Header. Use
+// googleapi.IsNotModified to check whether the returned error was
+// because http.StatusNotModified was returned.
+func (c *DefaultObjectAccessControlsPatchCall) Do(opts ...googleapi.CallOption) (*ObjectAccessControl, error) {
+	gensupport.SetOptions(c.urlParams_, opts...)
+	res, err := c.doRequest("json")
+	if res != nil && res.StatusCode == http.StatusNotModified {
+		if res.Body != nil {
+			res.Body.Close()
+		}
+		return nil, gensupport.WrapError(&googleapi.Error{
+			Code:   res.StatusCode,
+			Header: res.Header,
+		})
+	}
+	if err != nil {
+		return nil, err
+	}
+	defer googleapi.CloseBody(res)
+	if err := googleapi.CheckResponse(res); err != nil {
+		return nil, gensupport.WrapError(err)
+	}
+	ret := &ObjectAccessControl{
+		ServerResponse: googleapi.ServerResponse{
+			Header:         res.Header,
+			HTTPStatusCode: res.StatusCode,
+		},
+	}
+	target := &ret
+	if err := gensupport.DecodeResponse(target, res); err != nil {
+		return nil, err
+	}
+	return ret, nil
+	// {
+	//   "description": "Patches a default object ACL entry on the specified bucket.",
+	//   "httpMethod": "PATCH",
+	//   "id": "storage.defaultObjectAccessControls.patch",
+	//   "parameterOrder": [
+	//     "bucket",
+	//     "entity"
+	//   ],
+	//   "parameters": {
+	//     "bucket": {
+	//       "description": "Name of a bucket.",
+	//       "location": "path",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "entity": {
+	//       "description": "The entity holding the permission. Can be user-userId, user-emailAddress, group-groupId, group-emailAddress, allUsers, or allAuthenticatedUsers.",
+	//       "location": "path",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "userProject": {
+	//       "description": "The project to be billed for this request. Required for Requester Pays buckets.",
+	//       "location": "query",
+	//       "type": "string"
+	//     }
+	//   },
+	//   "path": "b/{bucket}/defaultObjectAcl/{entity}",
+	//   "request": {
+	//     "$ref": "ObjectAccessControl"
+	//   },
+	//   "response": {
+	//     "$ref": "ObjectAccessControl"
+	//   },
+	//   "scopes": [
+	//     "https://www.googleapis.com/auth/cloud-platform",
+	//     "https://www.googleapis.com/auth/devstorage.full_control"
+	//   ]
+	// }
+
+}
+
+// method id "storage.defaultObjectAccessControls.update":
+
+type DefaultObjectAccessControlsUpdateCall struct {
+	s                   *Service
+	bucket              string
+	entity              string
+	objectaccesscontrol *ObjectAccessControl
+	urlParams_          gensupport.URLParams
+	ctx_                context.Context
+	header_             http.Header
+}
+
+// Update: Updates a default object ACL entry on the specified bucket.
+//
+//   - bucket: Name of a bucket.
+//   - entity: The entity holding the permission. Can be user-userId,
+//     user-emailAddress, group-groupId, group-emailAddress, allUsers, or
+//     allAuthenticatedUsers.
+func (r *DefaultObjectAccessControlsService) Update(bucket string, entity string, objectaccesscontrol *ObjectAccessControl) *DefaultObjectAccessControlsUpdateCall {
+	c := &DefaultObjectAccessControlsUpdateCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+	c.bucket = bucket
+	c.entity = entity
+	c.objectaccesscontrol = objectaccesscontrol
+	return c
+}
+
+// UserProject sets the optional parameter "userProject": The project to
+// be billed for this request. Required for Requester Pays buckets.
+func (c *DefaultObjectAccessControlsUpdateCall) UserProject(userProject string) *DefaultObjectAccessControlsUpdateCall {
+	c.urlParams_.Set("userProject", userProject)
+	return c
+}
+
+// Fields allows partial responses to be retrieved. See
+// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
+// for more information.
+func (c *DefaultObjectAccessControlsUpdateCall) Fields(s ...googleapi.Field) *DefaultObjectAccessControlsUpdateCall {
+	c.urlParams_.Set("fields", googleapi.CombineFields(s))
+	return c
+}
+
+// Context sets the context to be used in this call's Do method. Any
+// pending HTTP request will be aborted if the provided context is
+// canceled.
+func (c *DefaultObjectAccessControlsUpdateCall) Context(ctx context.Context) *DefaultObjectAccessControlsUpdateCall {
+	c.ctx_ = ctx
+	return c
+}
+
+// Header returns an http.Header that can be modified by the caller to
+// add HTTP headers to the request.
+func (c *DefaultObjectAccessControlsUpdateCall) Header() http.Header {
+	if c.header_ == nil {
+		c.header_ = make(http.Header)
+	}
+	return c.header_
+}
+
+func (c *DefaultObjectAccessControlsUpdateCall) doRequest(alt string) (*http.Response, error) {
+	reqHeaders := make(http.Header)
+	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
+	for k, v := range c.header_ {
+		reqHeaders[k] = v
+	}
+	reqHeaders.Set("User-Agent", c.s.userAgent())
+	var body io.Reader = nil
+	body, err := googleapi.WithoutDataWrapper.JSONReader(c.objectaccesscontrol)
+	if err != nil {
+		return nil, err
+	}
+	reqHeaders.Set("Content-Type", "application/json")
+	c.urlParams_.Set("alt", alt)
+	c.urlParams_.Set("prettyPrint", "false")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "b/{bucket}/defaultObjectAcl/{entity}")
+	urls += "?" + c.urlParams_.Encode()
+	req, err := http.NewRequest("PUT", urls, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = reqHeaders
+	googleapi.Expand(req.URL, map[string]string{
+		"bucket": c.bucket,
+		"entity": c.entity,
+	})
+	return gensupport.SendRequest(c.ctx_, c.s.client, req)
+}
+
+// Do executes the "storage.defaultObjectAccessControls.update" call.
+// Exactly one of *ObjectAccessControl or error will be non-nil. Any
+// non-2xx status code is an error. Response headers are in either
+// *ObjectAccessControl.ServerResponse.Header or (if a response was
+// returned at all) in error.(*googleapi.Error).Header. Use
+// googleapi.IsNotModified to check whether the returned error was
+// because http.StatusNotModified was returned.
+func (c *DefaultObjectAccessControlsUpdateCall) Do(opts ...googleapi.CallOption) (*ObjectAccessControl, error) {
+	gensupport.SetOptions(c.urlParams_, opts...)
+	res, err := c.doRequest("json")
+	if res != nil && res.StatusCode == http.StatusNotModified {
+		if res.Body != nil {
+			res.Body.Close()
+		}
+		return nil, gensupport.WrapError(&googleapi.Error{
+			Code:   res.StatusCode,
+			Header: res.Header,
+		})
+	}
+	if err != nil {
+		return nil, err
+	}
+	defer googleapi.CloseBody(res)
+	if err := googleapi.CheckResponse(res); err != nil {
+		return nil, gensupport.WrapError(err)
+	}
+	ret := &ObjectAccessControl{
+		ServerResponse: googleapi.ServerResponse{
+			Header:         res.Header,
+			HTTPStatusCode: res.StatusCode,
+		},
+	}
+	target := &ret
+	if err := gensupport.DecodeResponse(target, res); err != nil {
+		return nil, err
+	}
+	return ret, nil
+	// {
+	//   "description": "Updates a default object ACL entry on the specified bucket.",
+	//   "httpMethod": "PUT",
+	//   "id": "storage.defaultObjectAccessControls.update",
+	//   "parameterOrder": [
+	//     "bucket",
+	//     "entity"
+	//   ],
+	//   "parameters": {
+	//     "bucket": {
+	//       "description": "Name of a bucket.",
+	//       "location": "path",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "entity": {
+	//       "description": "The entity holding the permission. Can be user-userId, user-emailAddress, group-groupId, group-emailAddress, allUsers, or allAuthenticatedUsers.",
+	//       "location": "path",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "userProject": {
+	//       "description": "The project to be billed for this request. Required for Requester Pays buckets.",
+	//       "location": "query",
+	//       "type": "string"
+	//     }
+	//   },
+	//   "path": "b/{bucket}/defaultObjectAcl/{entity}",
+	//   "request": {
+	//     "$ref": "ObjectAccessControl"
+	//   },
+	//   "response": {
+	//     "$ref": "ObjectAccessControl"
+	//   },
+	//   "scopes": [
+	//     "https://www.googleapis.com/auth/cloud-platform",
+	//     "https://www.googleapis.com/auth/devstorage.full_control"
+	//   ]
+	// }
+
+}
+
+// method id "storage.notifications.delete":
+
+type NotificationsDeleteCall struct {
+	s            *Service
+	bucket       string
+	notification string
+	urlParams_   gensupport.URLParams
+	ctx_         context.Context
+	header_      http.Header
+}
+
+// Delete: Permanently deletes a notification subscription.
+//
+// - bucket: The parent bucket of the notification.
+// - notification: ID of the notification to delete.
+func (r *NotificationsService) Delete(bucket string, notification string) *NotificationsDeleteCall {
+	c := &NotificationsDeleteCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+	c.bucket = bucket
+	c.notification = notification
+	return c
+}
+
+// UserProject sets the optional parameter "userProject": The project to
+// be billed for this request. Required for Requester Pays buckets.
+func (c *NotificationsDeleteCall) UserProject(userProject string) *NotificationsDeleteCall {
+	c.urlParams_.Set("userProject", userProject)
+	return c
+}
+
+// Fields allows partial responses to be retrieved. See
+// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
+// for more information.
+func (c *NotificationsDeleteCall) Fields(s ...googleapi.Field) *NotificationsDeleteCall {
+	c.urlParams_.Set("fields", googleapi.CombineFields(s))
+	return c
+}
+
+// Context sets the context to be used in this call's Do method. Any
+// pending HTTP request will be aborted if the provided context is
+// canceled.
+func (c *NotificationsDeleteCall) Context(ctx context.Context) *NotificationsDeleteCall {
+	c.ctx_ = ctx
+	return c
+}
+
+// Header returns an http.Header that can be modified by the caller to
+// add HTTP headers to the request.
+func (c *NotificationsDeleteCall) Header() http.Header {
+	if c.header_ == nil {
+		c.header_ = make(http.Header)
+	}
+	return c.header_
+}
+
+func (c *NotificationsDeleteCall) doRequest(alt string) (*http.Response, error) {
+	reqHeaders := make(http.Header)
+	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
+	for k, v := range c.header_ {
+		reqHeaders[k] = v
+	}
+	reqHeaders.Set("User-Agent", c.s.userAgent())
+	var body io.Reader = nil
+	c.urlParams_.Set("alt", alt)
+	c.urlParams_.Set("prettyPrint", "false")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "b/{bucket}/notificationConfigs/{notification}")
+	urls += "?" + c.urlParams_.Encode()
+	req, err := http.NewRequest("DELETE", urls, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = reqHeaders
+	googleapi.Expand(req.URL, map[string]string{
+		"bucket":       c.bucket,
+		"notification": c.notification,
+	})
+	return gensupport.SendRequest(c.ctx_, c.s.client, req)
+}
+
+// Do executes the "storage.notifications.delete" call.
+func (c *NotificationsDeleteCall) Do(opts ...googleapi.CallOption) error {
+	gensupport.SetOptions(c.urlParams_, opts...)
+	res, err := c.doRequest("json")
+	if err != nil {
+		return err
+	}
+	defer googleapi.CloseBody(res)
+	if err := googleapi.CheckResponse(res); err != nil {
+		return gensupport.WrapError(err)
+	}
+	return nil
+	// {
+	//   "description": "Permanently deletes a notification subscription.",
+	//   "httpMethod": "DELETE",
+	//   "id": "storage.notifications.delete",
+	//   "parameterOrder": [
+	//     "bucket",
+	//     "notification"
+	//   ],
+	//   "parameters": {
+	//     "bucket": {
+	//       "description": "The parent bucket of the notification.",
+	//       "location": "path",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "notification": {
+	//       "description": "ID of the notification to delete.",
+	//       "location": "path",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "userProject": {
+	//       "description": "The project to be billed for this request. Required for Requester Pays buckets.",
+	//       "location": "query",
+	//       "type": "string"
+	//     }
+	//   },
+	//   "path": "b/{bucket}/notificationConfigs/{notification}",
+	//   "scopes": [
+	//     "https://www.googleapis.com/auth/cloud-platform",
+	//     "https://www.googleapis.com/auth/devstorage.full_control",
+	//     "https://www.googleapis.com/auth/devstorage.read_write"
+	//   ]
+	// }
+
+}
+
+// method id "storage.notifications.get":
+
+type NotificationsGetCall struct {
+	s            *Service
+	bucket       string
+	notification string
+	urlParams_   gensupport.URLParams
+	ifNoneMatch_ string
+	ctx_         context.Context
+	header_      http.Header
+}
+
+// Get: View a notification configuration.
+//
+// - bucket: The parent bucket of the notification.
+// - notification: Notification ID.
+func (r *NotificationsService) Get(bucket string, notification string) *NotificationsGetCall {
+	c := &NotificationsGetCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+	c.bucket = bucket
+	c.notification = notification
+	return c
+}
+
+// UserProject sets the optional parameter "userProject": The project to
+// be billed for this request. Required for Requester Pays buckets.
+func (c *NotificationsGetCall) UserProject(userProject string) *NotificationsGetCall {
+	c.urlParams_.Set("userProject", userProject)
+	return c
+}
+
+// Fields allows partial responses to be retrieved. See
+// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
+// for more information.
+func (c *NotificationsGetCall) Fields(s ...googleapi.Field) *NotificationsGetCall {
+	c.urlParams_.Set("fields", googleapi.CombineFields(s))
+	return c
+}
+
+// IfNoneMatch sets the optional parameter which makes the operation
+// fail if the object's ETag matches the given value. This is useful for
+// getting updates only after the object has changed since the last
+// request. Use googleapi.IsNotModified to check whether the response
+// error from Do is the result of In-None-Match.
+func (c *NotificationsGetCall) IfNoneMatch(entityTag string) *NotificationsGetCall {
+	c.ifNoneMatch_ = entityTag
+	return c
+}
+
+// Context sets the context to be used in this call's Do method. Any
+// pending HTTP request will be aborted if the provided context is
+// canceled.
+func (c *NotificationsGetCall) Context(ctx context.Context) *NotificationsGetCall {
+	c.ctx_ = ctx
+	return c
+}
+
+// Header returns an http.Header that can be modified by the caller to
+// add HTTP headers to the request.
+func (c *NotificationsGetCall) Header() http.Header {
+	if c.header_ == nil {
+		c.header_ = make(http.Header)
+	}
+	return c.header_
+}
+
+func (c *NotificationsGetCall) doRequest(alt string) (*http.Response, error) {
+	reqHeaders := make(http.Header)
+	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
+	for k, v := range c.header_ {
+		reqHeaders[k] = v
+	}
+	reqHeaders.Set("User-Agent", c.s.userAgent())
+	if c.ifNoneMatch_ != "" {
+		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
+	}
+	var body io.Reader = nil
+	c.urlParams_.Set("alt", alt)
+	c.urlParams_.Set("prettyPrint", "false")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "b/{bucket}/notificationConfigs/{notification}")
+	urls += "?" + c.urlParams_.Encode()
+	req, err := http.NewRequest("GET", urls, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = reqHeaders
+	googleapi.Expand(req.URL, map[string]string{
+		"bucket":       c.bucket,
+		"notification": c.notification,
+	})
+	return gensupport.SendRequest(c.ctx_, c.s.client, req)
+}
+
+// Do executes the "storage.notifications.get" call.
+// Exactly one of *Notification or error will be non-nil. Any non-2xx
+// status code is an error. Response headers are in either
+// *Notification.ServerResponse.Header or (if a response was returned at
+// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
+// to check whether the returned error was because
+// http.StatusNotModified was returned.
+func (c *NotificationsGetCall) Do(opts ...googleapi.CallOption) (*Notification, error) {
+	gensupport.SetOptions(c.urlParams_, opts...)
+	res, err := c.doRequest("json")
+	if res != nil && res.StatusCode == http.StatusNotModified {
+		if res.Body != nil {
+			res.Body.Close()
+		}
+		return nil, gensupport.WrapError(&googleapi.Error{
+			Code:   res.StatusCode,
+			Header: res.Header,
+		})
+	}
+	if err != nil {
+		return nil, err
+	}
+	defer googleapi.CloseBody(res)
+	if err := googleapi.CheckResponse(res); err != nil {
+		return nil, gensupport.WrapError(err)
+	}
+	ret := &Notification{
+		ServerResponse: googleapi.ServerResponse{
+			Header:         res.Header,
+			HTTPStatusCode: res.StatusCode,
+		},
+	}
+	target := &ret
+	if err := gensupport.DecodeResponse(target, res); err != nil {
+		return nil, err
+	}
+	return ret, nil
+	// {
+	//   "description": "View a notification configuration.",
+	//   "httpMethod": "GET",
+	//   "id": "storage.notifications.get",
+	//   "parameterOrder": [
+	//     "bucket",
+	//     "notification"
+	//   ],
+	//   "parameters": {
+	//     "bucket": {
+	//       "description": "The parent bucket of the notification.",
+	//       "location": "path",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "notification": {
+	//       "description": "Notification ID",
+	//       "location": "path",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "userProject": {
+	//       "description": "The project to be billed for this request. Required for Requester Pays buckets.",
+	//       "location": "query",
+	//       "type": "string"
+	//     }
+	//   },
+	//   "path": "b/{bucket}/notificationConfigs/{notification}",
+	//   "response": {
+	//     "$ref": "Notification"
+	//   },
+	//   "scopes": [
+	//     "https://www.googleapis.com/auth/cloud-platform",
+	//     "https://www.googleapis.com/auth/cloud-platform.read-only",
+	//     "https://www.googleapis.com/auth/devstorage.full_control",
+	//     "https://www.googleapis.com/auth/devstorage.read_only",
+	//     "https://www.googleapis.com/auth/devstorage.read_write"
+	//   ]
+	// }
+
+}
+
+// method id "storage.notifications.insert":
+
+type NotificationsInsertCall struct {
+	s            *Service
+	bucket       string
+	notification *Notification
+	urlParams_   gensupport.URLParams
+	ctx_         context.Context
+	header_      http.Header
+}
+
+// Insert: Creates a notification subscription for a given bucket.
+//
+// - bucket: The parent bucket of the notification.
+func (r *NotificationsService) Insert(bucket string, notification *Notification) *NotificationsInsertCall {
+	c := &NotificationsInsertCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+	c.bucket = bucket
+	c.notification = notification
+	return c
+}
+
+// UserProject sets the optional parameter "userProject": The project to
+// be billed for this request. Required for Requester Pays buckets.
+func (c *NotificationsInsertCall) UserProject(userProject string) *NotificationsInsertCall {
+	c.urlParams_.Set("userProject", userProject)
+	return c
+}
+
+// Fields allows partial responses to be retrieved. See
+// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
+// for more information.
+func (c *NotificationsInsertCall) Fields(s ...googleapi.Field) *NotificationsInsertCall {
+	c.urlParams_.Set("fields", googleapi.CombineFields(s))
+	return c
+}
+
+// Context sets the context to be used in this call's Do method. Any
+// pending HTTP request will be aborted if the provided context is
+// canceled.
+func (c *NotificationsInsertCall) Context(ctx context.Context) *NotificationsInsertCall {
+	c.ctx_ = ctx
+	return c
+}
+
+// Header returns an http.Header that can be modified by the caller to
+// add HTTP headers to the request.
+func (c *NotificationsInsertCall) Header() http.Header {
+	if c.header_ == nil {
+		c.header_ = make(http.Header)
+	}
+	return c.header_
+}
+
+func (c *NotificationsInsertCall) doRequest(alt string) (*http.Response, error) {
+	reqHeaders := make(http.Header)
+	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
+	for k, v := range c.header_ {
+		reqHeaders[k] = v
+	}
+	reqHeaders.Set("User-Agent", c.s.userAgent())
+	var body io.Reader = nil
+	body, err := googleapi.WithoutDataWrapper.JSONReader(c.notification)
+	if err != nil {
+		return nil, err
+	}
+	reqHeaders.Set("Content-Type", "application/json")
+	c.urlParams_.Set("alt", alt)
+	c.urlParams_.Set("prettyPrint", "false")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "b/{bucket}/notificationConfigs")
+	urls += "?" + c.urlParams_.Encode()
+	req, err := http.NewRequest("POST", urls, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = reqHeaders
+	googleapi.Expand(req.URL, map[string]string{
+		"bucket": c.bucket,
+	})
+	return gensupport.SendRequest(c.ctx_, c.s.client, req)
+}
+
+// Do executes the "storage.notifications.insert" call.
+// Exactly one of *Notification or error will be non-nil. Any non-2xx
+// status code is an error. Response headers are in either
+// *Notification.ServerResponse.Header or (if a response was returned at
+// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
+// to check whether the returned error was because
+// http.StatusNotModified was returned.
+func (c *NotificationsInsertCall) Do(opts ...googleapi.CallOption) (*Notification, error) {
+	gensupport.SetOptions(c.urlParams_, opts...)
+	res, err := c.doRequest("json")
+	if res != nil && res.StatusCode == http.StatusNotModified {
+		if res.Body != nil {
+			res.Body.Close()
+		}
+		return nil, gensupport.WrapError(&googleapi.Error{
+			Code:   res.StatusCode,
+			Header: res.Header,
+		})
+	}
+	if err != nil {
+		return nil, err
+	}
+	defer googleapi.CloseBody(res)
+	if err := googleapi.CheckResponse(res); err != nil {
+		return nil, gensupport.WrapError(err)
+	}
+	ret := &Notification{
+		ServerResponse: googleapi.ServerResponse{
+			Header:         res.Header,
+			HTTPStatusCode: res.StatusCode,
+		},
+	}
+	target := &ret
+	if err := gensupport.DecodeResponse(target, res); err != nil {
+		return nil, err
+	}
+	return ret, nil
+	// {
+	//   "description": "Creates a notification subscription for a given bucket.",
+	//   "httpMethod": "POST",
+	//   "id": "storage.notifications.insert",
+	//   "parameterOrder": [
+	//     "bucket"
+	//   ],
+	//   "parameters": {
+	//     "bucket": {
+	//       "description": "The parent bucket of the notification.",
+	//       "location": "path",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "userProject": {
+	//       "description": "The project to be billed for this request. Required for Requester Pays buckets.",
+	//       "location": "query",
+	//       "type": "string"
+	//     }
+	//   },
+	//   "path": "b/{bucket}/notificationConfigs",
+	//   "request": {
+	//     "$ref": "Notification"
+	//   },
+	//   "response": {
+	//     "$ref": "Notification"
+	//   },
+	//   "scopes": [
+	//     "https://www.googleapis.com/auth/cloud-platform",
+	//     "https://www.googleapis.com/auth/devstorage.full_control",
+	//     "https://www.googleapis.com/auth/devstorage.read_write"
+	//   ]
+	// }
+
+}
+
+// method id "storage.notifications.list":
+
+type NotificationsListCall struct {
+	s            *Service
+	bucket       string
+	urlParams_   gensupport.URLParams
+	ifNoneMatch_ string
+	ctx_         context.Context
+	header_      http.Header
+}
+
+// List: Retrieves a list of notification subscriptions for a given
+// bucket.
+//
+// - bucket: Name of a Google Cloud Storage bucket.
+func (r *NotificationsService) List(bucket string) *NotificationsListCall {
+	c := &NotificationsListCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+	c.bucket = bucket
+	return c
+}
+
+// UserProject sets the optional parameter "userProject": The project to
+// be billed for this request. Required for Requester Pays buckets.
+func (c *NotificationsListCall) UserProject(userProject string) *NotificationsListCall {
+	c.urlParams_.Set("userProject", userProject)
+	return c
+}
+
+// Fields allows partial responses to be retrieved. See
+// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
+// for more information.
+func (c *NotificationsListCall) Fields(s ...googleapi.Field) *NotificationsListCall {
+	c.urlParams_.Set("fields", googleapi.CombineFields(s))
+	return c
+}
+
+// IfNoneMatch sets the optional parameter which makes the operation
+// fail if the object's ETag matches the given value. This is useful for
+// getting updates only after the object has changed since the last
+// request. Use googleapi.IsNotModified to check whether the response
+// error from Do is the result of In-None-Match.
+func (c *NotificationsListCall) IfNoneMatch(entityTag string) *NotificationsListCall {
+	c.ifNoneMatch_ = entityTag
+	return c
+}
+
+// Context sets the context to be used in this call's Do method. Any
+// pending HTTP request will be aborted if the provided context is
+// canceled.
+func (c *NotificationsListCall) Context(ctx context.Context) *NotificationsListCall {
+	c.ctx_ = ctx
+	return c
+}
+
+// Header returns an http.Header that can be modified by the caller to
+// add HTTP headers to the request.
+func (c *NotificationsListCall) Header() http.Header {
+	if c.header_ == nil {
+		c.header_ = make(http.Header)
+	}
+	return c.header_
+}
+
+func (c *NotificationsListCall) doRequest(alt string) (*http.Response, error) {
+	reqHeaders := make(http.Header)
+	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
+	for k, v := range c.header_ {
+		reqHeaders[k] = v
+	}
+	reqHeaders.Set("User-Agent", c.s.userAgent())
+	if c.ifNoneMatch_ != "" {
+		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
+	}
+	var body io.Reader = nil
+	c.urlParams_.Set("alt", alt)
+	c.urlParams_.Set("prettyPrint", "false")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "b/{bucket}/notificationConfigs")
+	urls += "?" + c.urlParams_.Encode()
+	req, err := http.NewRequest("GET", urls, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = reqHeaders
+	googleapi.Expand(req.URL, map[string]string{
+		"bucket": c.bucket,
+	})
+	return gensupport.SendRequest(c.ctx_, c.s.client, req)
+}
+
+// Do executes the "storage.notifications.list" call.
+// Exactly one of *Notifications or error will be non-nil. Any non-2xx
+// status code is an error. Response headers are in either
+// *Notifications.ServerResponse.Header or (if a response was returned
+// at all) in error.(*googleapi.Error).Header. Use
+// googleapi.IsNotModified to check whether the returned error was
+// because http.StatusNotModified was returned.
+func (c *NotificationsListCall) Do(opts ...googleapi.CallOption) (*Notifications, error) {
+	gensupport.SetOptions(c.urlParams_, opts...)
+	res, err := c.doRequest("json")
+	if res != nil && res.StatusCode == http.StatusNotModified {
+		if res.Body != nil {
+			res.Body.Close()
+		}
+		return nil, gensupport.WrapError(&googleapi.Error{
+			Code:   res.StatusCode,
+			Header: res.Header,
+		})
+	}
+	if err != nil {
+		return nil, err
+	}
+	defer googleapi.CloseBody(res)
+	if err := googleapi.CheckResponse(res); err != nil {
+		return nil, gensupport.WrapError(err)
+	}
+	ret := &Notifications{
+		ServerResponse: googleapi.ServerResponse{
+			Header:         res.Header,
+			HTTPStatusCode: res.StatusCode,
+		},
+	}
+	target := &ret
+	if err := gensupport.DecodeResponse(target, res); err != nil {
+		return nil, err
+	}
+	return ret, nil
+	// {
+	//   "description": "Retrieves a list of notification subscriptions for a given bucket.",
+	//   "httpMethod": "GET",
+	//   "id": "storage.notifications.list",
+	//   "parameterOrder": [
+	//     "bucket"
+	//   ],
+	//   "parameters": {
+	//     "bucket": {
+	//       "description": "Name of a Google Cloud Storage bucket.",
+	//       "location": "path",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "userProject": {
+	//       "description": "The project to be billed for this request. Required for Requester Pays buckets.",
+	//       "location": "query",
+	//       "type": "string"
+	//     }
+	//   },
+	//   "path": "b/{bucket}/notificationConfigs",
+	//   "response": {
+	//     "$ref": "Notifications"
+	//   },
+	//   "scopes": [
+	//     "https://www.googleapis.com/auth/cloud-platform",
+	//     "https://www.googleapis.com/auth/cloud-platform.read-only",
+	//     "https://www.googleapis.com/auth/devstorage.full_control",
+	//     "https://www.googleapis.com/auth/devstorage.read_only",
+	//     "https://www.googleapis.com/auth/devstorage.read_write"
+	//   ]
+	// }
+
+}
+
+// method id "storage.objectAccessControls.delete":
+
+type ObjectAccessControlsDeleteCall struct {
+	s          *Service
+	bucket     string
+	object     string
+	entity     string
+	urlParams_ gensupport.URLParams
+	ctx_       context.Context
+	header_    http.Header
+}
+
+// Delete: Permanently deletes the ACL entry for the specified entity on
+// the specified object.
+//
+//   - bucket: Name of a bucket.
+//   - entity: The entity holding the permission. Can be user-userId,
+//     user-emailAddress, group-groupId, group-emailAddress, allUsers, or
+//     allAuthenticatedUsers.
+//   - object: Name of the object. For information about how to URL encode
+//     object names to be path safe, see Encoding URI Path Parts.
+func (r *ObjectAccessControlsService) Delete(bucket string, object string, entity string) *ObjectAccessControlsDeleteCall {
+	c := &ObjectAccessControlsDeleteCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+	c.bucket = bucket
+	c.object = object
+	c.entity = entity
+	return c
+}
+
+// Generation sets the optional parameter "generation": If present,
+// selects a specific revision of this object (as opposed to the latest
+// version, the default).
+func (c *ObjectAccessControlsDeleteCall) Generation(generation int64) *ObjectAccessControlsDeleteCall {
+	c.urlParams_.Set("generation", fmt.Sprint(generation))
+	return c
+}
+
+// UserProject sets the optional parameter "userProject": The project to
+// be billed for this request. Required for Requester Pays buckets.
+func (c *ObjectAccessControlsDeleteCall) UserProject(userProject string) *ObjectAccessControlsDeleteCall {
+	c.urlParams_.Set("userProject", userProject)
+	return c
+}
+
+// Fields allows partial responses to be retrieved. See
+// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
+// for more information.
+func (c *ObjectAccessControlsDeleteCall) Fields(s ...googleapi.Field) *ObjectAccessControlsDeleteCall {
+	c.urlParams_.Set("fields", googleapi.CombineFields(s))
+	return c
+}
+
+// Context sets the context to be used in this call's Do method. Any
+// pending HTTP request will be aborted if the provided context is
+// canceled.
+func (c *ObjectAccessControlsDeleteCall) Context(ctx context.Context) *ObjectAccessControlsDeleteCall {
+	c.ctx_ = ctx
+	return c
+}
+
+// Header returns an http.Header that can be modified by the caller to
+// add HTTP headers to the request.
+func (c *ObjectAccessControlsDeleteCall) Header() http.Header {
+	if c.header_ == nil {
+		c.header_ = make(http.Header)
+	}
+	return c.header_
+}
+
+func (c *ObjectAccessControlsDeleteCall) doRequest(alt string) (*http.Response, error) {
+	reqHeaders := make(http.Header)
+	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
+	for k, v := range c.header_ {
+		reqHeaders[k] = v
+	}
+	reqHeaders.Set("User-Agent", c.s.userAgent())
+	var body io.Reader = nil
+	c.urlParams_.Set("alt", alt)
+	c.urlParams_.Set("prettyPrint", "false")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "b/{bucket}/o/{object}/acl/{entity}")
+	urls += "?" + c.urlParams_.Encode()
+	req, err := http.NewRequest("DELETE", urls, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = reqHeaders
+	googleapi.Expand(req.URL, map[string]string{
+		"bucket": c.bucket,
+		"object": c.object,
+		"entity": c.entity,
+	})
+	return gensupport.SendRequest(c.ctx_, c.s.client, req)
+}
+
+// Do executes the "storage.objectAccessControls.delete" call.
+func (c *ObjectAccessControlsDeleteCall) Do(opts ...googleapi.CallOption) error {
+	gensupport.SetOptions(c.urlParams_, opts...)
+	res, err := c.doRequest("json")
+	if err != nil {
+		return err
+	}
+	defer googleapi.CloseBody(res)
+	if err := googleapi.CheckResponse(res); err != nil {
+		return gensupport.WrapError(err)
+	}
+	return nil
+	// {
+	//   "description": "Permanently deletes the ACL entry for the specified entity on the specified object.",
+	//   "httpMethod": "DELETE",
+	//   "id": "storage.objectAccessControls.delete",
+	//   "parameterOrder": [
+	//     "bucket",
+	//     "object",
+	//     "entity"
+	//   ],
+	//   "parameters": {
+	//     "bucket": {
+	//       "description": "Name of a bucket.",
+	//       "location": "path",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "entity": {
+	//       "description": "The entity holding the permission. Can be user-userId, user-emailAddress, group-groupId, group-emailAddress, allUsers, or allAuthenticatedUsers.",
+	//       "location": "path",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "generation": {
+	//       "description": "If present, selects a specific revision of this object (as opposed to the latest version, the default).",
+	//       "format": "int64",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "object": {
+	//       "description": "Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.",
+	//       "location": "path",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "userProject": {
+	//       "description": "The project to be billed for this request. Required for Requester Pays buckets.",
+	//       "location": "query",
+	//       "type": "string"
+	//     }
+	//   },
+	//   "path": "b/{bucket}/o/{object}/acl/{entity}",
+	//   "scopes": [
+	//     "https://www.googleapis.com/auth/cloud-platform",
+	//     "https://www.googleapis.com/auth/devstorage.full_control"
+	//   ]
+	// }
+
+}
+
+// method id "storage.objectAccessControls.get":
+
+type ObjectAccessControlsGetCall struct {
+	s            *Service
+	bucket       string
+	object       string
+	entity       string
+	urlParams_   gensupport.URLParams
+	ifNoneMatch_ string
+	ctx_         context.Context
+	header_      http.Header
+}
+
+// Get: Returns the ACL entry for the specified entity on the specified
+// object.
+//
+//   - bucket: Name of a bucket.
+//   - entity: The entity holding the permission. Can be user-userId,
+//     user-emailAddress, group-groupId, group-emailAddress, allUsers, or
+//     allAuthenticatedUsers.
+//   - object: Name of the object. For information about how to URL encode
+//     object names to be path safe, see Encoding URI Path Parts.
+func (r *ObjectAccessControlsService) Get(bucket string, object string, entity string) *ObjectAccessControlsGetCall {
+	c := &ObjectAccessControlsGetCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+	c.bucket = bucket
+	c.object = object
+	c.entity = entity
+	return c
+}
+
+// Generation sets the optional parameter "generation": If present,
+// selects a specific revision of this object (as opposed to the latest
+// version, the default).
+func (c *ObjectAccessControlsGetCall) Generation(generation int64) *ObjectAccessControlsGetCall {
+	c.urlParams_.Set("generation", fmt.Sprint(generation))
+	return c
+}
+
+// UserProject sets the optional parameter "userProject": The project to
+// be billed for this request. Required for Requester Pays buckets.
+func (c *ObjectAccessControlsGetCall) UserProject(userProject string) *ObjectAccessControlsGetCall {
+	c.urlParams_.Set("userProject", userProject)
+	return c
+}
+
+// Fields allows partial responses to be retrieved. See
+// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
+// for more information.
+func (c *ObjectAccessControlsGetCall) Fields(s ...googleapi.Field) *ObjectAccessControlsGetCall {
+	c.urlParams_.Set("fields", googleapi.CombineFields(s))
+	return c
+}
+
+// IfNoneMatch sets the optional parameter which makes the operation
+// fail if the object's ETag matches the given value. This is useful for
+// getting updates only after the object has changed since the last
+// request. Use googleapi.IsNotModified to check whether the response
+// error from Do is the result of In-None-Match.
+func (c *ObjectAccessControlsGetCall) IfNoneMatch(entityTag string) *ObjectAccessControlsGetCall {
+	c.ifNoneMatch_ = entityTag
+	return c
+}
+
+// Context sets the context to be used in this call's Do method. Any
+// pending HTTP request will be aborted if the provided context is
+// canceled.
+func (c *ObjectAccessControlsGetCall) Context(ctx context.Context) *ObjectAccessControlsGetCall {
+	c.ctx_ = ctx
+	return c
+}
+
+// Header returns an http.Header that can be modified by the caller to
+// add HTTP headers to the request.
+func (c *ObjectAccessControlsGetCall) Header() http.Header {
+	if c.header_ == nil {
+		c.header_ = make(http.Header)
+	}
+	return c.header_
+}
+
+func (c *ObjectAccessControlsGetCall) doRequest(alt string) (*http.Response, error) {
+	reqHeaders := make(http.Header)
+	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
+	for k, v := range c.header_ {
+		reqHeaders[k] = v
+	}
+	reqHeaders.Set("User-Agent", c.s.userAgent())
+	if c.ifNoneMatch_ != "" {
+		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
+	}
+	var body io.Reader = nil
+	c.urlParams_.Set("alt", alt)
+	c.urlParams_.Set("prettyPrint", "false")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "b/{bucket}/o/{object}/acl/{entity}")
+	urls += "?" + c.urlParams_.Encode()
+	req, err := http.NewRequest("GET", urls, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = reqHeaders
+	googleapi.Expand(req.URL, map[string]string{
+		"bucket": c.bucket,
+		"object": c.object,
+		"entity": c.entity,
+	})
+	return gensupport.SendRequest(c.ctx_, c.s.client, req)
+}
+
+// Do executes the "storage.objectAccessControls.get" call.
+// Exactly one of *ObjectAccessControl or error will be non-nil. Any
+// non-2xx status code is an error. Response headers are in either
+// *ObjectAccessControl.ServerResponse.Header or (if a response was
+// returned at all) in error.(*googleapi.Error).Header. Use
+// googleapi.IsNotModified to check whether the returned error was
+// because http.StatusNotModified was returned.
+func (c *ObjectAccessControlsGetCall) Do(opts ...googleapi.CallOption) (*ObjectAccessControl, error) {
+	gensupport.SetOptions(c.urlParams_, opts...)
+	res, err := c.doRequest("json")
+	if res != nil && res.StatusCode == http.StatusNotModified {
+		if res.Body != nil {
+			res.Body.Close()
+		}
+		return nil, gensupport.WrapError(&googleapi.Error{
+			Code:   res.StatusCode,
+			Header: res.Header,
+		})
+	}
+	if err != nil {
+		return nil, err
+	}
+	defer googleapi.CloseBody(res)
+	if err := googleapi.CheckResponse(res); err != nil {
+		return nil, gensupport.WrapError(err)
+	}
+	ret := &ObjectAccessControl{
+		ServerResponse: googleapi.ServerResponse{
+			Header:         res.Header,
+			HTTPStatusCode: res.StatusCode,
+		},
+	}
+	target := &ret
+	if err := gensupport.DecodeResponse(target, res); err != nil {
+		return nil, err
+	}
+	return ret, nil
+	// {
+	//   "description": "Returns the ACL entry for the specified entity on the specified object.",
+	//   "httpMethod": "GET",
+	//   "id": "storage.objectAccessControls.get",
+	//   "parameterOrder": [
+	//     "bucket",
+	//     "object",
+	//     "entity"
+	//   ],
+	//   "parameters": {
+	//     "bucket": {
+	//       "description": "Name of a bucket.",
+	//       "location": "path",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "entity": {
+	//       "description": "The entity holding the permission. Can be user-userId, user-emailAddress, group-groupId, group-emailAddress, allUsers, or allAuthenticatedUsers.",
+	//       "location": "path",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "generation": {
+	//       "description": "If present, selects a specific revision of this object (as opposed to the latest version, the default).",
+	//       "format": "int64",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "object": {
+	//       "description": "Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.",
+	//       "location": "path",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "userProject": {
+	//       "description": "The project to be billed for this request. Required for Requester Pays buckets.",
+	//       "location": "query",
+	//       "type": "string"
+	//     }
+	//   },
+	//   "path": "b/{bucket}/o/{object}/acl/{entity}",
+	//   "response": {
+	//     "$ref": "ObjectAccessControl"
+	//   },
+	//   "scopes": [
+	//     "https://www.googleapis.com/auth/cloud-platform",
+	//     "https://www.googleapis.com/auth/devstorage.full_control"
+	//   ]
+	// }
+
+}
+
+// method id "storage.objectAccessControls.insert":
+
+type ObjectAccessControlsInsertCall struct {
+	s                   *Service
+	bucket              string
+	object              string
+	objectaccesscontrol *ObjectAccessControl
+	urlParams_          gensupport.URLParams
+	ctx_                context.Context
+	header_             http.Header
+}
+
+// Insert: Creates a new ACL entry on the specified object.
+//
+//   - bucket: Name of a bucket.
+//   - object: Name of the object. For information about how to URL encode
+//     object names to be path safe, see Encoding URI Path Parts.
+func (r *ObjectAccessControlsService) Insert(bucket string, object string, objectaccesscontrol *ObjectAccessControl) *ObjectAccessControlsInsertCall {
+	c := &ObjectAccessControlsInsertCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+	c.bucket = bucket
+	c.object = object
+	c.objectaccesscontrol = objectaccesscontrol
+	return c
+}
+
+// Generation sets the optional parameter "generation": If present,
+// selects a specific revision of this object (as opposed to the latest
+// version, the default).
+func (c *ObjectAccessControlsInsertCall) Generation(generation int64) *ObjectAccessControlsInsertCall {
+	c.urlParams_.Set("generation", fmt.Sprint(generation))
+	return c
+}
+
+// UserProject sets the optional parameter "userProject": The project to
+// be billed for this request. Required for Requester Pays buckets.
+func (c *ObjectAccessControlsInsertCall) UserProject(userProject string) *ObjectAccessControlsInsertCall {
+	c.urlParams_.Set("userProject", userProject)
+	return c
+}
+
+// Fields allows partial responses to be retrieved. See
+// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
+// for more information.
+func (c *ObjectAccessControlsInsertCall) Fields(s ...googleapi.Field) *ObjectAccessControlsInsertCall {
+	c.urlParams_.Set("fields", googleapi.CombineFields(s))
+	return c
+}
+
+// Context sets the context to be used in this call's Do method. Any
+// pending HTTP request will be aborted if the provided context is
+// canceled.
+func (c *ObjectAccessControlsInsertCall) Context(ctx context.Context) *ObjectAccessControlsInsertCall {
+	c.ctx_ = ctx
+	return c
+}
+
+// Header returns an http.Header that can be modified by the caller to
+// add HTTP headers to the request.
+func (c *ObjectAccessControlsInsertCall) Header() http.Header {
+	if c.header_ == nil {
+		c.header_ = make(http.Header)
+	}
+	return c.header_
+}
+
+func (c *ObjectAccessControlsInsertCall) doRequest(alt string) (*http.Response, error) {
+	reqHeaders := make(http.Header)
+	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
+	for k, v := range c.header_ {
+		reqHeaders[k] = v
+	}
+	reqHeaders.Set("User-Agent", c.s.userAgent())
+	var body io.Reader = nil
+	body, err := googleapi.WithoutDataWrapper.JSONReader(c.objectaccesscontrol)
+	if err != nil {
+		return nil, err
+	}
+	reqHeaders.Set("Content-Type", "application/json")
+	c.urlParams_.Set("alt", alt)
+	c.urlParams_.Set("prettyPrint", "false")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "b/{bucket}/o/{object}/acl")
+	urls += "?" + c.urlParams_.Encode()
+	req, err := http.NewRequest("POST", urls, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = reqHeaders
+	googleapi.Expand(req.URL, map[string]string{
+		"bucket": c.bucket,
+		"object": c.object,
+	})
+	return gensupport.SendRequest(c.ctx_, c.s.client, req)
+}
+
+// Do executes the "storage.objectAccessControls.insert" call.
+// Exactly one of *ObjectAccessControl or error will be non-nil. Any
+// non-2xx status code is an error. Response headers are in either
+// *ObjectAccessControl.ServerResponse.Header or (if a response was
+// returned at all) in error.(*googleapi.Error).Header. Use
+// googleapi.IsNotModified to check whether the returned error was
+// because http.StatusNotModified was returned.
+func (c *ObjectAccessControlsInsertCall) Do(opts ...googleapi.CallOption) (*ObjectAccessControl, error) {
+	gensupport.SetOptions(c.urlParams_, opts...)
+	res, err := c.doRequest("json")
+	if res != nil && res.StatusCode == http.StatusNotModified {
+		if res.Body != nil {
+			res.Body.Close()
+		}
+		return nil, gensupport.WrapError(&googleapi.Error{
+			Code:   res.StatusCode,
+			Header: res.Header,
+		})
+	}
+	if err != nil {
+		return nil, err
+	}
+	defer googleapi.CloseBody(res)
+	if err := googleapi.CheckResponse(res); err != nil {
+		return nil, gensupport.WrapError(err)
+	}
+	ret := &ObjectAccessControl{
+		ServerResponse: googleapi.ServerResponse{
+			Header:         res.Header,
+			HTTPStatusCode: res.StatusCode,
+		},
+	}
+	target := &ret
+	if err := gensupport.DecodeResponse(target, res); err != nil {
+		return nil, err
+	}
+	return ret, nil
+	// {
+	//   "description": "Creates a new ACL entry on the specified object.",
+	//   "httpMethod": "POST",
+	//   "id": "storage.objectAccessControls.insert",
+	//   "parameterOrder": [
+	//     "bucket",
+	//     "object"
+	//   ],
+	//   "parameters": {
+	//     "bucket": {
+	//       "description": "Name of a bucket.",
+	//       "location": "path",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "generation": {
+	//       "description": "If present, selects a specific revision of this object (as opposed to the latest version, the default).",
+	//       "format": "int64",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "object": {
+	//       "description": "Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.",
+	//       "location": "path",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "userProject": {
+	//       "description": "The project to be billed for this request. Required for Requester Pays buckets.",
+	//       "location": "query",
+	//       "type": "string"
+	//     }
+	//   },
+	//   "path": "b/{bucket}/o/{object}/acl",
+	//   "request": {
+	//     "$ref": "ObjectAccessControl"
+	//   },
+	//   "response": {
+	//     "$ref": "ObjectAccessControl"
+	//   },
+	//   "scopes": [
+	//     "https://www.googleapis.com/auth/cloud-platform",
+	//     "https://www.googleapis.com/auth/devstorage.full_control"
+	//   ]
+	// }
+
+}
+
+// method id "storage.objectAccessControls.list":
+
+type ObjectAccessControlsListCall struct {
+	s            *Service
+	bucket       string
+	object       string
+	urlParams_   gensupport.URLParams
+	ifNoneMatch_ string
+	ctx_         context.Context
+	header_      http.Header
+}
+
+// List: Retrieves ACL entries on the specified object.
+//
+//   - bucket: Name of a bucket.
+//   - object: Name of the object. For information about how to URL encode
+//     object names to be path safe, see Encoding URI Path Parts.
+func (r *ObjectAccessControlsService) List(bucket string, object string) *ObjectAccessControlsListCall {
+	c := &ObjectAccessControlsListCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+	c.bucket = bucket
+	c.object = object
+	return c
+}
+
+// Generation sets the optional parameter "generation": If present,
+// selects a specific revision of this object (as opposed to the latest
+// version, the default).
+func (c *ObjectAccessControlsListCall) Generation(generation int64) *ObjectAccessControlsListCall {
+	c.urlParams_.Set("generation", fmt.Sprint(generation))
+	return c
+}
+
+// UserProject sets the optional parameter "userProject": The project to
+// be billed for this request. Required for Requester Pays buckets.
+func (c *ObjectAccessControlsListCall) UserProject(userProject string) *ObjectAccessControlsListCall {
+	c.urlParams_.Set("userProject", userProject)
+	return c
+}
+
+// Fields allows partial responses to be retrieved. See
+// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
+// for more information.
+func (c *ObjectAccessControlsListCall) Fields(s ...googleapi.Field) *ObjectAccessControlsListCall {
+	c.urlParams_.Set("fields", googleapi.CombineFields(s))
+	return c
+}
+
+// IfNoneMatch sets the optional parameter which makes the operation
+// fail if the object's ETag matches the given value. This is useful for
+// getting updates only after the object has changed since the last
+// request. Use googleapi.IsNotModified to check whether the response
+// error from Do is the result of In-None-Match.
+func (c *ObjectAccessControlsListCall) IfNoneMatch(entityTag string) *ObjectAccessControlsListCall {
+	c.ifNoneMatch_ = entityTag
+	return c
+}
+
+// Context sets the context to be used in this call's Do method. Any
+// pending HTTP request will be aborted if the provided context is
+// canceled.
+func (c *ObjectAccessControlsListCall) Context(ctx context.Context) *ObjectAccessControlsListCall {
+	c.ctx_ = ctx
+	return c
+}
+
+// Header returns an http.Header that can be modified by the caller to
+// add HTTP headers to the request.
+func (c *ObjectAccessControlsListCall) Header() http.Header {
+	if c.header_ == nil {
+		c.header_ = make(http.Header)
+	}
+	return c.header_
+}
+
+func (c *ObjectAccessControlsListCall) doRequest(alt string) (*http.Response, error) {
+	reqHeaders := make(http.Header)
+	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
+	for k, v := range c.header_ {
+		reqHeaders[k] = v
+	}
+	reqHeaders.Set("User-Agent", c.s.userAgent())
+	if c.ifNoneMatch_ != "" {
+		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
+	}
+	var body io.Reader = nil
+	c.urlParams_.Set("alt", alt)
+	c.urlParams_.Set("prettyPrint", "false")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "b/{bucket}/o/{object}/acl")
+	urls += "?" + c.urlParams_.Encode()
+	req, err := http.NewRequest("GET", urls, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = reqHeaders
+	googleapi.Expand(req.URL, map[string]string{
+		"bucket": c.bucket,
+		"object": c.object,
+	})
+	return gensupport.SendRequest(c.ctx_, c.s.client, req)
+}
+
+// Do executes the "storage.objectAccessControls.list" call.
+// Exactly one of *ObjectAccessControls or error will be non-nil. Any
+// non-2xx status code is an error. Response headers are in either
+// *ObjectAccessControls.ServerResponse.Header or (if a response was
+// returned at all) in error.(*googleapi.Error).Header. Use
+// googleapi.IsNotModified to check whether the returned error was
+// because http.StatusNotModified was returned.
+func (c *ObjectAccessControlsListCall) Do(opts ...googleapi.CallOption) (*ObjectAccessControls, error) {
+	gensupport.SetOptions(c.urlParams_, opts...)
+	res, err := c.doRequest("json")
+	if res != nil && res.StatusCode == http.StatusNotModified {
+		if res.Body != nil {
+			res.Body.Close()
+		}
+		return nil, gensupport.WrapError(&googleapi.Error{
+			Code:   res.StatusCode,
+			Header: res.Header,
+		})
+	}
+	if err != nil {
+		return nil, err
+	}
+	defer googleapi.CloseBody(res)
+	if err := googleapi.CheckResponse(res); err != nil {
+		return nil, gensupport.WrapError(err)
+	}
+	ret := &ObjectAccessControls{
+		ServerResponse: googleapi.ServerResponse{
+			Header:         res.Header,
+			HTTPStatusCode: res.StatusCode,
+		},
+	}
+	target := &ret
+	if err := gensupport.DecodeResponse(target, res); err != nil {
+		return nil, err
+	}
+	return ret, nil
+	// {
+	//   "description": "Retrieves ACL entries on the specified object.",
+	//   "httpMethod": "GET",
+	//   "id": "storage.objectAccessControls.list",
+	//   "parameterOrder": [
+	//     "bucket",
+	//     "object"
+	//   ],
+	//   "parameters": {
+	//     "bucket": {
+	//       "description": "Name of a bucket.",
+	//       "location": "path",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "generation": {
+	//       "description": "If present, selects a specific revision of this object (as opposed to the latest version, the default).",
+	//       "format": "int64",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "object": {
+	//       "description": "Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.",
+	//       "location": "path",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "userProject": {
+	//       "description": "The project to be billed for this request. Required for Requester Pays buckets.",
+	//       "location": "query",
+	//       "type": "string"
+	//     }
+	//   },
+	//   "path": "b/{bucket}/o/{object}/acl",
+	//   "response": {
+	//     "$ref": "ObjectAccessControls"
+	//   },
+	//   "scopes": [
+	//     "https://www.googleapis.com/auth/cloud-platform",
+	//     "https://www.googleapis.com/auth/devstorage.full_control"
+	//   ]
+	// }
+
+}
+
+// method id "storage.objectAccessControls.patch":
+
+type ObjectAccessControlsPatchCall struct {
+	s                   *Service
+	bucket              string
+	object              string
+	entity              string
+	objectaccesscontrol *ObjectAccessControl
+	urlParams_          gensupport.URLParams
+	ctx_                context.Context
+	header_             http.Header
+}
+
+// Patch: Patches an ACL entry on the specified object.
+//
+//   - bucket: Name of a bucket.
+//   - entity: The entity holding the permission. Can be user-userId,
+//     user-emailAddress, group-groupId, group-emailAddress, allUsers, or
+//     allAuthenticatedUsers.
+//   - object: Name of the object. For information about how to URL encode
+//     object names to be path safe, see Encoding URI Path Parts.
+func (r *ObjectAccessControlsService) Patch(bucket string, object string, entity string, objectaccesscontrol *ObjectAccessControl) *ObjectAccessControlsPatchCall {
+	c := &ObjectAccessControlsPatchCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+	c.bucket = bucket
+	c.object = object
+	c.entity = entity
+	c.objectaccesscontrol = objectaccesscontrol
+	return c
+}
+
+// Generation sets the optional parameter "generation": If present,
+// selects a specific revision of this object (as opposed to the latest
+// version, the default).
+func (c *ObjectAccessControlsPatchCall) Generation(generation int64) *ObjectAccessControlsPatchCall {
+	c.urlParams_.Set("generation", fmt.Sprint(generation))
+	return c
+}
+
+// UserProject sets the optional parameter "userProject": The project to
+// be billed for this request. Required for Requester Pays buckets.
+func (c *ObjectAccessControlsPatchCall) UserProject(userProject string) *ObjectAccessControlsPatchCall {
+	c.urlParams_.Set("userProject", userProject)
+	return c
+}
+
+// Fields allows partial responses to be retrieved. See
+// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
+// for more information.
+func (c *ObjectAccessControlsPatchCall) Fields(s ...googleapi.Field) *ObjectAccessControlsPatchCall {
+	c.urlParams_.Set("fields", googleapi.CombineFields(s))
+	return c
+}
+
+// Context sets the context to be used in this call's Do method. Any
+// pending HTTP request will be aborted if the provided context is
+// canceled.
+func (c *ObjectAccessControlsPatchCall) Context(ctx context.Context) *ObjectAccessControlsPatchCall {
+	c.ctx_ = ctx
+	return c
+}
+
+// Header returns an http.Header that can be modified by the caller to
+// add HTTP headers to the request.
+func (c *ObjectAccessControlsPatchCall) Header() http.Header {
+	if c.header_ == nil {
+		c.header_ = make(http.Header)
+	}
+	return c.header_
+}
+
+func (c *ObjectAccessControlsPatchCall) doRequest(alt string) (*http.Response, error) {
+	reqHeaders := make(http.Header)
+	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
+	for k, v := range c.header_ {
+		reqHeaders[k] = v
+	}
+	reqHeaders.Set("User-Agent", c.s.userAgent())
+	var body io.Reader = nil
+	body, err := googleapi.WithoutDataWrapper.JSONReader(c.objectaccesscontrol)
+	if err != nil {
+		return nil, err
+	}
+	reqHeaders.Set("Content-Type", "application/json")
+	c.urlParams_.Set("alt", alt)
+	c.urlParams_.Set("prettyPrint", "false")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "b/{bucket}/o/{object}/acl/{entity}")
+	urls += "?" + c.urlParams_.Encode()
+	req, err := http.NewRequest("PATCH", urls, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = reqHeaders
+	googleapi.Expand(req.URL, map[string]string{
+		"bucket": c.bucket,
+		"object": c.object,
+		"entity": c.entity,
+	})
+	return gensupport.SendRequest(c.ctx_, c.s.client, req)
+}
+
+// Do executes the "storage.objectAccessControls.patch" call.
+// Exactly one of *ObjectAccessControl or error will be non-nil. Any
+// non-2xx status code is an error. Response headers are in either
+// *ObjectAccessControl.ServerResponse.Header or (if a response was
+// returned at all) in error.(*googleapi.Error).Header. Use
+// googleapi.IsNotModified to check whether the returned error was
+// because http.StatusNotModified was returned.
+func (c *ObjectAccessControlsPatchCall) Do(opts ...googleapi.CallOption) (*ObjectAccessControl, error) {
+	gensupport.SetOptions(c.urlParams_, opts...)
+	res, err := c.doRequest("json")
+	if res != nil && res.StatusCode == http.StatusNotModified {
+		if res.Body != nil {
+			res.Body.Close()
+		}
+		return nil, gensupport.WrapError(&googleapi.Error{
+			Code:   res.StatusCode,
+			Header: res.Header,
+		})
+	}
+	if err != nil {
+		return nil, err
+	}
+	defer googleapi.CloseBody(res)
+	if err := googleapi.CheckResponse(res); err != nil {
+		return nil, gensupport.WrapError(err)
+	}
+	ret := &ObjectAccessControl{
+		ServerResponse: googleapi.ServerResponse{
+			Header:         res.Header,
+			HTTPStatusCode: res.StatusCode,
+		},
+	}
+	target := &ret
+	if err := gensupport.DecodeResponse(target, res); err != nil {
+		return nil, err
+	}
+	return ret, nil
+	// {
+	//   "description": "Patches an ACL entry on the specified object.",
+	//   "httpMethod": "PATCH",
+	//   "id": "storage.objectAccessControls.patch",
+	//   "parameterOrder": [
+	//     "bucket",
+	//     "object",
+	//     "entity"
+	//   ],
+	//   "parameters": {
+	//     "bucket": {
+	//       "description": "Name of a bucket.",
+	//       "location": "path",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "entity": {
+	//       "description": "The entity holding the permission. Can be user-userId, user-emailAddress, group-groupId, group-emailAddress, allUsers, or allAuthenticatedUsers.",
+	//       "location": "path",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "generation": {
+	//       "description": "If present, selects a specific revision of this object (as opposed to the latest version, the default).",
+	//       "format": "int64",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "object": {
+	//       "description": "Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.",
+	//       "location": "path",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "userProject": {
+	//       "description": "The project to be billed for this request. Required for Requester Pays buckets.",
+	//       "location": "query",
+	//       "type": "string"
+	//     }
+	//   },
+	//   "path": "b/{bucket}/o/{object}/acl/{entity}",
+	//   "request": {
+	//     "$ref": "ObjectAccessControl"
+	//   },
+	//   "response": {
+	//     "$ref": "ObjectAccessControl"
+	//   },
+	//   "scopes": [
+	//     "https://www.googleapis.com/auth/cloud-platform",
+	//     "https://www.googleapis.com/auth/devstorage.full_control"
+	//   ]
+	// }
+
+}
+
+// method id "storage.objectAccessControls.update":
+
+type ObjectAccessControlsUpdateCall struct {
+	s                   *Service
+	bucket              string
+	object              string
+	entity              string
+	objectaccesscontrol *ObjectAccessControl
+	urlParams_          gensupport.URLParams
+	ctx_                context.Context
+	header_             http.Header
+}
+
+// Update: Updates an ACL entry on the specified object.
+//
+//   - bucket: Name of a bucket.
+//   - entity: The entity holding the permission. Can be user-userId,
+//     user-emailAddress, group-groupId, group-emailAddress, allUsers, or
+//     allAuthenticatedUsers.
+//   - object: Name of the object. For information about how to URL encode
+//     object names to be path safe, see Encoding URI Path Parts.
+func (r *ObjectAccessControlsService) Update(bucket string, object string, entity string, objectaccesscontrol *ObjectAccessControl) *ObjectAccessControlsUpdateCall {
+	c := &ObjectAccessControlsUpdateCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+	c.bucket = bucket
+	c.object = object
+	c.entity = entity
+	c.objectaccesscontrol = objectaccesscontrol
+	return c
+}
+
+// Generation sets the optional parameter "generation": If present,
+// selects a specific revision of this object (as opposed to the latest
+// version, the default).
+func (c *ObjectAccessControlsUpdateCall) Generation(generation int64) *ObjectAccessControlsUpdateCall {
+	c.urlParams_.Set("generation", fmt.Sprint(generation))
+	return c
+}
+
+// UserProject sets the optional parameter "userProject": The project to
+// be billed for this request. Required for Requester Pays buckets.
+func (c *ObjectAccessControlsUpdateCall) UserProject(userProject string) *ObjectAccessControlsUpdateCall {
+	c.urlParams_.Set("userProject", userProject)
+	return c
+}
+
+// Fields allows partial responses to be retrieved. See
+// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
+// for more information.
+func (c *ObjectAccessControlsUpdateCall) Fields(s ...googleapi.Field) *ObjectAccessControlsUpdateCall {
+	c.urlParams_.Set("fields", googleapi.CombineFields(s))
+	return c
+}
+
+// Context sets the context to be used in this call's Do method. Any
+// pending HTTP request will be aborted if the provided context is
+// canceled.
+func (c *ObjectAccessControlsUpdateCall) Context(ctx context.Context) *ObjectAccessControlsUpdateCall {
+	c.ctx_ = ctx
+	return c
+}
+
+// Header returns an http.Header that can be modified by the caller to
+// add HTTP headers to the request.
+func (c *ObjectAccessControlsUpdateCall) Header() http.Header {
+	if c.header_ == nil {
+		c.header_ = make(http.Header)
+	}
+	return c.header_
+}
+
+func (c *ObjectAccessControlsUpdateCall) doRequest(alt string) (*http.Response, error) {
+	reqHeaders := make(http.Header)
+	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
+	for k, v := range c.header_ {
+		reqHeaders[k] = v
+	}
+	reqHeaders.Set("User-Agent", c.s.userAgent())
+	var body io.Reader = nil
+	body, err := googleapi.WithoutDataWrapper.JSONReader(c.objectaccesscontrol)
+	if err != nil {
+		return nil, err
+	}
+	reqHeaders.Set("Content-Type", "application/json")
+	c.urlParams_.Set("alt", alt)
+	c.urlParams_.Set("prettyPrint", "false")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "b/{bucket}/o/{object}/acl/{entity}")
+	urls += "?" + c.urlParams_.Encode()
+	req, err := http.NewRequest("PUT", urls, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = reqHeaders
+	googleapi.Expand(req.URL, map[string]string{
+		"bucket": c.bucket,
+		"object": c.object,
+		"entity": c.entity,
+	})
+	return gensupport.SendRequest(c.ctx_, c.s.client, req)
+}
+
+// Do executes the "storage.objectAccessControls.update" call.
+// Exactly one of *ObjectAccessControl or error will be non-nil. Any
+// non-2xx status code is an error. Response headers are in either
+// *ObjectAccessControl.ServerResponse.Header or (if a response was
+// returned at all) in error.(*googleapi.Error).Header. Use
+// googleapi.IsNotModified to check whether the returned error was
+// because http.StatusNotModified was returned.
+func (c *ObjectAccessControlsUpdateCall) Do(opts ...googleapi.CallOption) (*ObjectAccessControl, error) {
+	gensupport.SetOptions(c.urlParams_, opts...)
+	res, err := c.doRequest("json")
+	if res != nil && res.StatusCode == http.StatusNotModified {
+		if res.Body != nil {
+			res.Body.Close()
+		}
+		return nil, gensupport.WrapError(&googleapi.Error{
+			Code:   res.StatusCode,
+			Header: res.Header,
+		})
+	}
+	if err != nil {
+		return nil, err
+	}
+	defer googleapi.CloseBody(res)
+	if err := googleapi.CheckResponse(res); err != nil {
+		return nil, gensupport.WrapError(err)
+	}
+	ret := &ObjectAccessControl{
+		ServerResponse: googleapi.ServerResponse{
+			Header:         res.Header,
+			HTTPStatusCode: res.StatusCode,
+		},
+	}
+	target := &ret
+	if err := gensupport.DecodeResponse(target, res); err != nil {
+		return nil, err
+	}
+	return ret, nil
+	// {
+	//   "description": "Updates an ACL entry on the specified object.",
+	//   "httpMethod": "PUT",
+	//   "id": "storage.objectAccessControls.update",
+	//   "parameterOrder": [
+	//     "bucket",
+	//     "object",
+	//     "entity"
+	//   ],
+	//   "parameters": {
+	//     "bucket": {
+	//       "description": "Name of a bucket.",
+	//       "location": "path",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "entity": {
+	//       "description": "The entity holding the permission. Can be user-userId, user-emailAddress, group-groupId, group-emailAddress, allUsers, or allAuthenticatedUsers.",
+	//       "location": "path",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "generation": {
+	//       "description": "If present, selects a specific revision of this object (as opposed to the latest version, the default).",
+	//       "format": "int64",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "object": {
+	//       "description": "Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.",
+	//       "location": "path",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "userProject": {
+	//       "description": "The project to be billed for this request. Required for Requester Pays buckets.",
+	//       "location": "query",
+	//       "type": "string"
+	//     }
+	//   },
+	//   "path": "b/{bucket}/o/{object}/acl/{entity}",
+	//   "request": {
+	//     "$ref": "ObjectAccessControl"
+	//   },
+	//   "response": {
+	//     "$ref": "ObjectAccessControl"
+	//   },
+	//   "scopes": [
+	//     "https://www.googleapis.com/auth/cloud-platform",
+	//     "https://www.googleapis.com/auth/devstorage.full_control"
+	//   ]
+	// }
+
+}
+
+// method id "storage.objects.compose":
+
+type ObjectsComposeCall struct {
+	s                 *Service
+	destinationBucket string
+	destinationObject string
+	composerequest    *ComposeRequest
+	urlParams_        gensupport.URLParams
+	ctx_              context.Context
+	header_           http.Header
+}
+
+// Compose: Concatenates a list of existing objects into a new object in
+// the same bucket.
+//
+//   - destinationBucket: Name of the bucket containing the source
+//     objects. The destination object is stored in this bucket.
+//   - destinationObject: Name of the new object. For information about
+//     how to URL encode object names to be path safe, see Encoding URI
+//     Path Parts.
+func (r *ObjectsService) Compose(destinationBucket string, destinationObject string, composerequest *ComposeRequest) *ObjectsComposeCall {
+	c := &ObjectsComposeCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+	c.destinationBucket = destinationBucket
+	c.destinationObject = destinationObject
+	c.composerequest = composerequest
+	return c
+}
+
+// DestinationPredefinedAcl sets the optional parameter
+// "destinationPredefinedAcl": Apply a predefined set of access controls
+// to the destination object.
+//
+// Possible values:
+//
+//	"authenticatedRead" - Object owner gets OWNER access, and
+//
+// allAuthenticatedUsers get READER access.
+//
+//	"bucketOwnerFullControl" - Object owner gets OWNER access, and
+//
+// project team owners get OWNER access.
+//
+//	"bucketOwnerRead" - Object owner gets OWNER access, and project
+//
+// team owners get READER access.
+//
+//	"private" - Object owner gets OWNER access.
+//	"projectPrivate" - Object owner gets OWNER access, and project team
+//
+// members get access according to their roles.
+//
+//	"publicRead" - Object owner gets OWNER access, and allUsers get
+//
+// READER access.
+func (c *ObjectsComposeCall) DestinationPredefinedAcl(destinationPredefinedAcl string) *ObjectsComposeCall {
+	c.urlParams_.Set("destinationPredefinedAcl", destinationPredefinedAcl)
+	return c
+}
+
+// IfGenerationMatch sets the optional parameter "ifGenerationMatch":
+// Makes the operation conditional on whether the object's current
+// generation matches the given value. Setting to 0 makes the operation
+// succeed only if there are no live versions of the object.
+func (c *ObjectsComposeCall) IfGenerationMatch(ifGenerationMatch int64) *ObjectsComposeCall {
+	c.urlParams_.Set("ifGenerationMatch", fmt.Sprint(ifGenerationMatch))
+	return c
+}
+
+// IfMetagenerationMatch sets the optional parameter
+// "ifMetagenerationMatch": Makes the operation conditional on whether
+// the object's current metageneration matches the given value.
+func (c *ObjectsComposeCall) IfMetagenerationMatch(ifMetagenerationMatch int64) *ObjectsComposeCall {
+	c.urlParams_.Set("ifMetagenerationMatch", fmt.Sprint(ifMetagenerationMatch))
+	return c
+}
+
+// KmsKeyName sets the optional parameter "kmsKeyName": Resource name of
+// the Cloud KMS key, of the form
+// projects/my-project/locations/global/keyRings/my-kr/cryptoKeys/my-key,
+//
+//	that will be used to encrypt the object. Overrides the object
+//
+// metadata's kms_key_name value, if any.
+func (c *ObjectsComposeCall) KmsKeyName(kmsKeyName string) *ObjectsComposeCall {
+	c.urlParams_.Set("kmsKeyName", kmsKeyName)
+	return c
+}
+
+// UserProject sets the optional parameter "userProject": The project to
+// be billed for this request. Required for Requester Pays buckets.
+func (c *ObjectsComposeCall) UserProject(userProject string) *ObjectsComposeCall {
+	c.urlParams_.Set("userProject", userProject)
+	return c
+}
+
+// Fields allows partial responses to be retrieved. See
+// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
+// for more information.
+func (c *ObjectsComposeCall) Fields(s ...googleapi.Field) *ObjectsComposeCall {
+	c.urlParams_.Set("fields", googleapi.CombineFields(s))
+	return c
+}
+
+// Context sets the context to be used in this call's Do method. Any
+// pending HTTP request will be aborted if the provided context is
+// canceled.
+func (c *ObjectsComposeCall) Context(ctx context.Context) *ObjectsComposeCall {
+	c.ctx_ = ctx
+	return c
+}
+
+// Header returns an http.Header that can be modified by the caller to
+// add HTTP headers to the request.
+func (c *ObjectsComposeCall) Header() http.Header {
+	if c.header_ == nil {
+		c.header_ = make(http.Header)
+	}
+	return c.header_
+}
+
+func (c *ObjectsComposeCall) doRequest(alt string) (*http.Response, error) {
+	reqHeaders := make(http.Header)
+	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
+	for k, v := range c.header_ {
+		reqHeaders[k] = v
+	}
+	reqHeaders.Set("User-Agent", c.s.userAgent())
+	var body io.Reader = nil
+	body, err := googleapi.WithoutDataWrapper.JSONReader(c.composerequest)
+	if err != nil {
+		return nil, err
+	}
+	reqHeaders.Set("Content-Type", "application/json")
+	c.urlParams_.Set("alt", alt)
+	c.urlParams_.Set("prettyPrint", "false")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "b/{destinationBucket}/o/{destinationObject}/compose")
+	urls += "?" + c.urlParams_.Encode()
+	req, err := http.NewRequest("POST", urls, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = reqHeaders
+	googleapi.Expand(req.URL, map[string]string{
+		"destinationBucket": c.destinationBucket,
+		"destinationObject": c.destinationObject,
+	})
+	return gensupport.SendRequest(c.ctx_, c.s.client, req)
+}
+
+// Do executes the "storage.objects.compose" call.
+// Exactly one of *Object or error will be non-nil. Any non-2xx status
+// code is an error. Response headers are in either
+// *Object.ServerResponse.Header or (if a response was returned at all)
+// in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to
+// check whether the returned error was because http.StatusNotModified
+// was returned.
+func (c *ObjectsComposeCall) Do(opts ...googleapi.CallOption) (*Object, error) {
+	gensupport.SetOptions(c.urlParams_, opts...)
+	res, err := c.doRequest("json")
+	if res != nil && res.StatusCode == http.StatusNotModified {
+		if res.Body != nil {
+			res.Body.Close()
+		}
+		return nil, gensupport.WrapError(&googleapi.Error{
+			Code:   res.StatusCode,
+			Header: res.Header,
+		})
+	}
+	if err != nil {
+		return nil, err
+	}
+	defer googleapi.CloseBody(res)
+	if err := googleapi.CheckResponse(res); err != nil {
+		return nil, gensupport.WrapError(err)
+	}
+	ret := &Object{
+		ServerResponse: googleapi.ServerResponse{
+			Header:         res.Header,
+			HTTPStatusCode: res.StatusCode,
+		},
+	}
+	target := &ret
+	if err := gensupport.DecodeResponse(target, res); err != nil {
+		return nil, err
+	}
+	return ret, nil
+	// {
+	//   "description": "Concatenates a list of existing objects into a new object in the same bucket.",
+	//   "httpMethod": "POST",
+	//   "id": "storage.objects.compose",
+	//   "parameterOrder": [
+	//     "destinationBucket",
+	//     "destinationObject"
+	//   ],
+	//   "parameters": {
+	//     "destinationBucket": {
+	//       "description": "Name of the bucket containing the source objects. The destination object is stored in this bucket.",
+	//       "location": "path",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "destinationObject": {
+	//       "description": "Name of the new object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.",
+	//       "location": "path",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "destinationPredefinedAcl": {
+	//       "description": "Apply a predefined set of access controls to the destination object.",
+	//       "enum": [
+	//         "authenticatedRead",
+	//         "bucketOwnerFullControl",
+	//         "bucketOwnerRead",
+	//         "private",
+	//         "projectPrivate",
+	//         "publicRead"
+	//       ],
+	//       "enumDescriptions": [
+	//         "Object owner gets OWNER access, and allAuthenticatedUsers get READER access.",
+	//         "Object owner gets OWNER access, and project team owners get OWNER access.",
+	//         "Object owner gets OWNER access, and project team owners get READER access.",
+	//         "Object owner gets OWNER access.",
+	//         "Object owner gets OWNER access, and project team members get access according to their roles.",
+	//         "Object owner gets OWNER access, and allUsers get READER access."
+	//       ],
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "ifGenerationMatch": {
+	//       "description": "Makes the operation conditional on whether the object's current generation matches the given value. Setting to 0 makes the operation succeed only if there are no live versions of the object.",
+	//       "format": "int64",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "ifMetagenerationMatch": {
+	//       "description": "Makes the operation conditional on whether the object's current metageneration matches the given value.",
+	//       "format": "int64",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "kmsKeyName": {
+	//       "description": "Resource name of the Cloud KMS key, of the form projects/my-project/locations/global/keyRings/my-kr/cryptoKeys/my-key, that will be used to encrypt the object. Overrides the object metadata's kms_key_name value, if any.",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "userProject": {
+	//       "description": "The project to be billed for this request. Required for Requester Pays buckets.",
+	//       "location": "query",
+	//       "type": "string"
+	//     }
+	//   },
+	//   "path": "b/{destinationBucket}/o/{destinationObject}/compose",
+	//   "request": {
+	//     "$ref": "ComposeRequest"
+	//   },
+	//   "response": {
+	//     "$ref": "Object"
+	//   },
+	//   "scopes": [
+	//     "https://www.googleapis.com/auth/cloud-platform",
+	//     "https://www.googleapis.com/auth/devstorage.full_control",
+	//     "https://www.googleapis.com/auth/devstorage.read_write"
+	//   ]
+	// }
+
+}
+
+// method id "storage.objects.copy":
+
+type ObjectsCopyCall struct {
+	s                 *Service
+	sourceBucket      string
+	sourceObject      string
+	destinationBucket string
+	destinationObject string
+	object            *Object
+	urlParams_        gensupport.URLParams
+	ctx_              context.Context
+	header_           http.Header
+}
+
+// Copy: Copies a source object to a destination object. Optionally
+// overrides metadata.
+//
+//   - destinationBucket: Name of the bucket in which to store the new
+//     object. Overrides the provided object metadata's bucket value, if
+//     any.For information about how to URL encode object names to be path
+//     safe, see Encoding URI Path Parts.
+//   - destinationObject: Name of the new object. Required when the object
+//     metadata is not otherwise provided. Overrides the object metadata's
+//     name value, if any.
+//   - sourceBucket: Name of the bucket in which to find the source
+//     object.
+//   - sourceObject: Name of the source object. For information about how
+//     to URL encode object names to be path safe, see Encoding URI Path
+//     Parts.
+func (r *ObjectsService) Copy(sourceBucket string, sourceObject string, destinationBucket string, destinationObject string, object *Object) *ObjectsCopyCall {
+	c := &ObjectsCopyCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+	c.sourceBucket = sourceBucket
+	c.sourceObject = sourceObject
+	c.destinationBucket = destinationBucket
+	c.destinationObject = destinationObject
+	c.object = object
+	return c
+}
+
+// DestinationKmsKeyName sets the optional parameter
+// "destinationKmsKeyName": Resource name of the Cloud KMS key, of the
+// form
+// projects/my-project/locations/global/keyRings/my-kr/cryptoKeys/my-key,
+//
+//	that will be used to encrypt the object. Overrides the object
+//
+// metadata's kms_key_name value, if any.
+func (c *ObjectsCopyCall) DestinationKmsKeyName(destinationKmsKeyName string) *ObjectsCopyCall {
+	c.urlParams_.Set("destinationKmsKeyName", destinationKmsKeyName)
+	return c
+}
+
+// DestinationPredefinedAcl sets the optional parameter
+// "destinationPredefinedAcl": Apply a predefined set of access controls
+// to the destination object.
+//
+// Possible values:
+//
+//	"authenticatedRead" - Object owner gets OWNER access, and
+//
+// allAuthenticatedUsers get READER access.
+//
+//	"bucketOwnerFullControl" - Object owner gets OWNER access, and
+//
+// project team owners get OWNER access.
+//
+//	"bucketOwnerRead" - Object owner gets OWNER access, and project
+//
+// team owners get READER access.
+//
+//	"private" - Object owner gets OWNER access.
+//	"projectPrivate" - Object owner gets OWNER access, and project team
+//
+// members get access according to their roles.
+//
+//	"publicRead" - Object owner gets OWNER access, and allUsers get
+//
+// READER access.
+func (c *ObjectsCopyCall) DestinationPredefinedAcl(destinationPredefinedAcl string) *ObjectsCopyCall {
+	c.urlParams_.Set("destinationPredefinedAcl", destinationPredefinedAcl)
+	return c
+}
+
+// IfGenerationMatch sets the optional parameter "ifGenerationMatch":
+// Makes the operation conditional on whether the destination object's
+// current generation matches the given value. Setting to 0 makes the
+// operation succeed only if there are no live versions of the object.
+func (c *ObjectsCopyCall) IfGenerationMatch(ifGenerationMatch int64) *ObjectsCopyCall {
+	c.urlParams_.Set("ifGenerationMatch", fmt.Sprint(ifGenerationMatch))
+	return c
+}
+
+// IfGenerationNotMatch sets the optional parameter
+// "ifGenerationNotMatch": Makes the operation conditional on whether
+// the destination object's current generation does not match the given
+// value. If no live object exists, the precondition fails. Setting to 0
+// makes the operation succeed only if there is a live version of the
+// object.
+func (c *ObjectsCopyCall) IfGenerationNotMatch(ifGenerationNotMatch int64) *ObjectsCopyCall {
+	c.urlParams_.Set("ifGenerationNotMatch", fmt.Sprint(ifGenerationNotMatch))
+	return c
+}
+
+// IfMetagenerationMatch sets the optional parameter
+// "ifMetagenerationMatch": Makes the operation conditional on whether
+// the destination object's current metageneration matches the given
+// value.
+func (c *ObjectsCopyCall) IfMetagenerationMatch(ifMetagenerationMatch int64) *ObjectsCopyCall {
+	c.urlParams_.Set("ifMetagenerationMatch", fmt.Sprint(ifMetagenerationMatch))
+	return c
+}
+
+// IfMetagenerationNotMatch sets the optional parameter
+// "ifMetagenerationNotMatch": Makes the operation conditional on
+// whether the destination object's current metageneration does not
+// match the given value.
+func (c *ObjectsCopyCall) IfMetagenerationNotMatch(ifMetagenerationNotMatch int64) *ObjectsCopyCall {
+	c.urlParams_.Set("ifMetagenerationNotMatch", fmt.Sprint(ifMetagenerationNotMatch))
+	return c
+}
+
+// IfSourceGenerationMatch sets the optional parameter
+// "ifSourceGenerationMatch": Makes the operation conditional on whether
+// the source object's current generation matches the given value.
+func (c *ObjectsCopyCall) IfSourceGenerationMatch(ifSourceGenerationMatch int64) *ObjectsCopyCall {
+	c.urlParams_.Set("ifSourceGenerationMatch", fmt.Sprint(ifSourceGenerationMatch))
+	return c
+}
+
+// IfSourceGenerationNotMatch sets the optional parameter
+// "ifSourceGenerationNotMatch": Makes the operation conditional on
+// whether the source object's current generation does not match the
+// given value.
+func (c *ObjectsCopyCall) IfSourceGenerationNotMatch(ifSourceGenerationNotMatch int64) *ObjectsCopyCall {
+	c.urlParams_.Set("ifSourceGenerationNotMatch", fmt.Sprint(ifSourceGenerationNotMatch))
+	return c
+}
+
+// IfSourceMetagenerationMatch sets the optional parameter
+// "ifSourceMetagenerationMatch": Makes the operation conditional on
+// whether the source object's current metageneration matches the given
+// value.
+func (c *ObjectsCopyCall) IfSourceMetagenerationMatch(ifSourceMetagenerationMatch int64) *ObjectsCopyCall {
+	c.urlParams_.Set("ifSourceMetagenerationMatch", fmt.Sprint(ifSourceMetagenerationMatch))
+	return c
+}
+
+// IfSourceMetagenerationNotMatch sets the optional parameter
+// "ifSourceMetagenerationNotMatch": Makes the operation conditional on
+// whether the source object's current metageneration does not match the
+// given value.
+func (c *ObjectsCopyCall) IfSourceMetagenerationNotMatch(ifSourceMetagenerationNotMatch int64) *ObjectsCopyCall {
+	c.urlParams_.Set("ifSourceMetagenerationNotMatch", fmt.Sprint(ifSourceMetagenerationNotMatch))
+	return c
+}
+
+// Projection sets the optional parameter "projection": Set of
+// properties to return. Defaults to noAcl, unless the object resource
+// specifies the acl property, when it defaults to full.
+//
+// Possible values:
+//
+//	"full" - Include all properties.
+//	"noAcl" - Omit the owner, acl property.
+func (c *ObjectsCopyCall) Projection(projection string) *ObjectsCopyCall {
+	c.urlParams_.Set("projection", projection)
+	return c
+}
+
+// SourceGeneration sets the optional parameter "sourceGeneration": If
+// present, selects a specific revision of the source object (as opposed
+// to the latest version, the default).
+func (c *ObjectsCopyCall) SourceGeneration(sourceGeneration int64) *ObjectsCopyCall {
+	c.urlParams_.Set("sourceGeneration", fmt.Sprint(sourceGeneration))
+	return c
+}
+
+// UserProject sets the optional parameter "userProject": The project to
+// be billed for this request. Required for Requester Pays buckets.
+func (c *ObjectsCopyCall) UserProject(userProject string) *ObjectsCopyCall {
+	c.urlParams_.Set("userProject", userProject)
+	return c
+}
+
+// Fields allows partial responses to be retrieved. See
+// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
+// for more information.
+func (c *ObjectsCopyCall) Fields(s ...googleapi.Field) *ObjectsCopyCall {
+	c.urlParams_.Set("fields", googleapi.CombineFields(s))
+	return c
+}
+
+// Context sets the context to be used in this call's Do method. Any
+// pending HTTP request will be aborted if the provided context is
+// canceled.
+func (c *ObjectsCopyCall) Context(ctx context.Context) *ObjectsCopyCall {
+	c.ctx_ = ctx
+	return c
+}
+
+// Header returns an http.Header that can be modified by the caller to
+// add HTTP headers to the request.
+func (c *ObjectsCopyCall) Header() http.Header {
+	if c.header_ == nil {
+		c.header_ = make(http.Header)
+	}
+	return c.header_
+}
+
+func (c *ObjectsCopyCall) doRequest(alt string) (*http.Response, error) {
+	reqHeaders := make(http.Header)
+	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
+	for k, v := range c.header_ {
+		reqHeaders[k] = v
+	}
+	reqHeaders.Set("User-Agent", c.s.userAgent())
+	var body io.Reader = nil
+	body, err := googleapi.WithoutDataWrapper.JSONReader(c.object)
+	if err != nil {
+		return nil, err
+	}
+	reqHeaders.Set("Content-Type", "application/json")
+	c.urlParams_.Set("alt", alt)
+	c.urlParams_.Set("prettyPrint", "false")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "b/{sourceBucket}/o/{sourceObject}/copyTo/b/{destinationBucket}/o/{destinationObject}")
+	urls += "?" + c.urlParams_.Encode()
+	req, err := http.NewRequest("POST", urls, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = reqHeaders
+	googleapi.Expand(req.URL, map[string]string{
+		"sourceBucket":      c.sourceBucket,
+		"sourceObject":      c.sourceObject,
+		"destinationBucket": c.destinationBucket,
+		"destinationObject": c.destinationObject,
+	})
+	return gensupport.SendRequest(c.ctx_, c.s.client, req)
+}
+
+// Do executes the "storage.objects.copy" call.
+// Exactly one of *Object or error will be non-nil. Any non-2xx status
+// code is an error. Response headers are in either
+// *Object.ServerResponse.Header or (if a response was returned at all)
+// in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to
+// check whether the returned error was because http.StatusNotModified
+// was returned.
+func (c *ObjectsCopyCall) Do(opts ...googleapi.CallOption) (*Object, error) {
+	gensupport.SetOptions(c.urlParams_, opts...)
+	res, err := c.doRequest("json")
+	if res != nil && res.StatusCode == http.StatusNotModified {
+		if res.Body != nil {
+			res.Body.Close()
+		}
+		return nil, gensupport.WrapError(&googleapi.Error{
+			Code:   res.StatusCode,
+			Header: res.Header,
+		})
+	}
+	if err != nil {
+		return nil, err
+	}
+	defer googleapi.CloseBody(res)
+	if err := googleapi.CheckResponse(res); err != nil {
+		return nil, gensupport.WrapError(err)
+	}
+	ret := &Object{
+		ServerResponse: googleapi.ServerResponse{
+			Header:         res.Header,
+			HTTPStatusCode: res.StatusCode,
+		},
+	}
+	target := &ret
+	if err := gensupport.DecodeResponse(target, res); err != nil {
+		return nil, err
+	}
+	return ret, nil
+	// {
+	//   "description": "Copies a source object to a destination object. Optionally overrides metadata.",
+	//   "httpMethod": "POST",
+	//   "id": "storage.objects.copy",
+	//   "parameterOrder": [
+	//     "sourceBucket",
+	//     "sourceObject",
+	//     "destinationBucket",
+	//     "destinationObject"
+	//   ],
+	//   "parameters": {
+	//     "destinationBucket": {
+	//       "description": "Name of the bucket in which to store the new object. Overrides the provided object metadata's bucket value, if any.For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.",
+	//       "location": "path",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "destinationKmsKeyName": {
+	//       "description": "Resource name of the Cloud KMS key, of the form projects/my-project/locations/global/keyRings/my-kr/cryptoKeys/my-key, that will be used to encrypt the object. Overrides the object metadata's kms_key_name value, if any.",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "destinationObject": {
+	//       "description": "Name of the new object. Required when the object metadata is not otherwise provided. Overrides the object metadata's name value, if any.",
+	//       "location": "path",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "destinationPredefinedAcl": {
+	//       "description": "Apply a predefined set of access controls to the destination object.",
+	//       "enum": [
+	//         "authenticatedRead",
+	//         "bucketOwnerFullControl",
+	//         "bucketOwnerRead",
+	//         "private",
+	//         "projectPrivate",
+	//         "publicRead"
+	//       ],
+	//       "enumDescriptions": [
+	//         "Object owner gets OWNER access, and allAuthenticatedUsers get READER access.",
+	//         "Object owner gets OWNER access, and project team owners get OWNER access.",
+	//         "Object owner gets OWNER access, and project team owners get READER access.",
+	//         "Object owner gets OWNER access.",
+	//         "Object owner gets OWNER access, and project team members get access according to their roles.",
+	//         "Object owner gets OWNER access, and allUsers get READER access."
+	//       ],
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "ifGenerationMatch": {
+	//       "description": "Makes the operation conditional on whether the destination object's current generation matches the given value. Setting to 0 makes the operation succeed only if there are no live versions of the object.",
+	//       "format": "int64",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "ifGenerationNotMatch": {
+	//       "description": "Makes the operation conditional on whether the destination object's current generation does not match the given value. If no live object exists, the precondition fails. Setting to 0 makes the operation succeed only if there is a live version of the object.",
+	//       "format": "int64",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "ifMetagenerationMatch": {
+	//       "description": "Makes the operation conditional on whether the destination object's current metageneration matches the given value.",
+	//       "format": "int64",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "ifMetagenerationNotMatch": {
+	//       "description": "Makes the operation conditional on whether the destination object's current metageneration does not match the given value.",
+	//       "format": "int64",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "ifSourceGenerationMatch": {
+	//       "description": "Makes the operation conditional on whether the source object's current generation matches the given value.",
+	//       "format": "int64",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "ifSourceGenerationNotMatch": {
+	//       "description": "Makes the operation conditional on whether the source object's current generation does not match the given value.",
+	//       "format": "int64",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "ifSourceMetagenerationMatch": {
+	//       "description": "Makes the operation conditional on whether the source object's current metageneration matches the given value.",
+	//       "format": "int64",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "ifSourceMetagenerationNotMatch": {
+	//       "description": "Makes the operation conditional on whether the source object's current metageneration does not match the given value.",
+	//       "format": "int64",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "projection": {
+	//       "description": "Set of properties to return. Defaults to noAcl, unless the object resource specifies the acl property, when it defaults to full.",
+	//       "enum": [
+	//         "full",
+	//         "noAcl"
+	//       ],
+	//       "enumDescriptions": [
+	//         "Include all properties.",
+	//         "Omit the owner, acl property."
+	//       ],
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "sourceBucket": {
+	//       "description": "Name of the bucket in which to find the source object.",
+	//       "location": "path",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "sourceGeneration": {
+	//       "description": "If present, selects a specific revision of the source object (as opposed to the latest version, the default).",
+	//       "format": "int64",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "sourceObject": {
+	//       "description": "Name of the source object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.",
+	//       "location": "path",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "userProject": {
+	//       "description": "The project to be billed for this request. Required for Requester Pays buckets.",
+	//       "location": "query",
+	//       "type": "string"
+	//     }
+	//   },
+	//   "path": "b/{sourceBucket}/o/{sourceObject}/copyTo/b/{destinationBucket}/o/{destinationObject}",
+	//   "request": {
+	//     "$ref": "Object"
+	//   },
+	//   "response": {
+	//     "$ref": "Object"
+	//   },
+	//   "scopes": [
+	//     "https://www.googleapis.com/auth/cloud-platform",
+	//     "https://www.googleapis.com/auth/devstorage.full_control",
+	//     "https://www.googleapis.com/auth/devstorage.read_write"
+	//   ]
+	// }
+
+}
+
+// method id "storage.objects.delete":
+
+type ObjectsDeleteCall struct {
+	s          *Service
+	bucket     string
+	object     string
+	urlParams_ gensupport.URLParams
+	ctx_       context.Context
+	header_    http.Header
+}
+
+// Delete: Deletes an object and its metadata. Deletions are permanent
+// if versioning is not enabled for the bucket, or if the generation
+// parameter is used.
+//
+//   - bucket: Name of the bucket in which the object resides.
+//   - object: Name of the object. For information about how to URL encode
+//     object names to be path safe, see Encoding URI Path Parts.
+func (r *ObjectsService) Delete(bucket string, object string) *ObjectsDeleteCall {
+	c := &ObjectsDeleteCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+	c.bucket = bucket
+	c.object = object
+	return c
+}
+
+// Generation sets the optional parameter "generation": If present,
+// permanently deletes a specific revision of this object (as opposed to
+// the latest version, the default).
+func (c *ObjectsDeleteCall) Generation(generation int64) *ObjectsDeleteCall {
+	c.urlParams_.Set("generation", fmt.Sprint(generation))
+	return c
+}
+
+// IfGenerationMatch sets the optional parameter "ifGenerationMatch":
+// Makes the operation conditional on whether the object's current
+// generation matches the given value. Setting to 0 makes the operation
+// succeed only if there are no live versions of the object.
+func (c *ObjectsDeleteCall) IfGenerationMatch(ifGenerationMatch int64) *ObjectsDeleteCall {
+	c.urlParams_.Set("ifGenerationMatch", fmt.Sprint(ifGenerationMatch))
+	return c
+}
+
+// IfGenerationNotMatch sets the optional parameter
+// "ifGenerationNotMatch": Makes the operation conditional on whether
+// the object's current generation does not match the given value. If no
+// live object exists, the precondition fails. Setting to 0 makes the
+// operation succeed only if there is a live version of the object.
+func (c *ObjectsDeleteCall) IfGenerationNotMatch(ifGenerationNotMatch int64) *ObjectsDeleteCall {
+	c.urlParams_.Set("ifGenerationNotMatch", fmt.Sprint(ifGenerationNotMatch))
+	return c
+}
+
+// IfMetagenerationMatch sets the optional parameter
+// "ifMetagenerationMatch": Makes the operation conditional on whether
+// the object's current metageneration matches the given value.
+func (c *ObjectsDeleteCall) IfMetagenerationMatch(ifMetagenerationMatch int64) *ObjectsDeleteCall {
+	c.urlParams_.Set("ifMetagenerationMatch", fmt.Sprint(ifMetagenerationMatch))
+	return c
+}
+
+// IfMetagenerationNotMatch sets the optional parameter
+// "ifMetagenerationNotMatch": Makes the operation conditional on
+// whether the object's current metageneration does not match the given
+// value.
+func (c *ObjectsDeleteCall) IfMetagenerationNotMatch(ifMetagenerationNotMatch int64) *ObjectsDeleteCall {
+	c.urlParams_.Set("ifMetagenerationNotMatch", fmt.Sprint(ifMetagenerationNotMatch))
+	return c
+}
+
+// UserProject sets the optional parameter "userProject": The project to
+// be billed for this request. Required for Requester Pays buckets.
+func (c *ObjectsDeleteCall) UserProject(userProject string) *ObjectsDeleteCall {
+	c.urlParams_.Set("userProject", userProject)
+	return c
+}
+
+// Fields allows partial responses to be retrieved. See
+// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
+// for more information.
+func (c *ObjectsDeleteCall) Fields(s ...googleapi.Field) *ObjectsDeleteCall {
+	c.urlParams_.Set("fields", googleapi.CombineFields(s))
+	return c
+}
+
+// Context sets the context to be used in this call's Do method. Any
+// pending HTTP request will be aborted if the provided context is
+// canceled.
+func (c *ObjectsDeleteCall) Context(ctx context.Context) *ObjectsDeleteCall {
+	c.ctx_ = ctx
+	return c
+}
+
+// Header returns an http.Header that can be modified by the caller to
+// add HTTP headers to the request.
+func (c *ObjectsDeleteCall) Header() http.Header {
+	if c.header_ == nil {
+		c.header_ = make(http.Header)
+	}
+	return c.header_
+}
+
+func (c *ObjectsDeleteCall) doRequest(alt string) (*http.Response, error) {
+	reqHeaders := make(http.Header)
+	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
+	for k, v := range c.header_ {
+		reqHeaders[k] = v
+	}
+	reqHeaders.Set("User-Agent", c.s.userAgent())
+	var body io.Reader = nil
+	c.urlParams_.Set("alt", alt)
+	c.urlParams_.Set("prettyPrint", "false")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "b/{bucket}/o/{object}")
+	urls += "?" + c.urlParams_.Encode()
+	req, err := http.NewRequest("DELETE", urls, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = reqHeaders
+	googleapi.Expand(req.URL, map[string]string{
+		"bucket": c.bucket,
+		"object": c.object,
+	})
+	return gensupport.SendRequest(c.ctx_, c.s.client, req)
+}
+
+// Do executes the "storage.objects.delete" call.
+func (c *ObjectsDeleteCall) Do(opts ...googleapi.CallOption) error {
+	gensupport.SetOptions(c.urlParams_, opts...)
+	res, err := c.doRequest("json")
+	if err != nil {
+		return err
+	}
+	defer googleapi.CloseBody(res)
+	if err := googleapi.CheckResponse(res); err != nil {
+		return gensupport.WrapError(err)
+	}
+	return nil
+	// {
+	//   "description": "Deletes an object and its metadata. Deletions are permanent if versioning is not enabled for the bucket, or if the generation parameter is used.",
+	//   "httpMethod": "DELETE",
+	//   "id": "storage.objects.delete",
+	//   "parameterOrder": [
+	//     "bucket",
+	//     "object"
+	//   ],
+	//   "parameters": {
+	//     "bucket": {
+	//       "description": "Name of the bucket in which the object resides.",
+	//       "location": "path",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "generation": {
+	//       "description": "If present, permanently deletes a specific revision of this object (as opposed to the latest version, the default).",
+	//       "format": "int64",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "ifGenerationMatch": {
+	//       "description": "Makes the operation conditional on whether the object's current generation matches the given value. Setting to 0 makes the operation succeed only if there are no live versions of the object.",
+	//       "format": "int64",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "ifGenerationNotMatch": {
+	//       "description": "Makes the operation conditional on whether the object's current generation does not match the given value. If no live object exists, the precondition fails. Setting to 0 makes the operation succeed only if there is a live version of the object.",
+	//       "format": "int64",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "ifMetagenerationMatch": {
+	//       "description": "Makes the operation conditional on whether the object's current metageneration matches the given value.",
+	//       "format": "int64",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "ifMetagenerationNotMatch": {
+	//       "description": "Makes the operation conditional on whether the object's current metageneration does not match the given value.",
+	//       "format": "int64",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "object": {
+	//       "description": "Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.",
+	//       "location": "path",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "userProject": {
+	//       "description": "The project to be billed for this request. Required for Requester Pays buckets.",
+	//       "location": "query",
+	//       "type": "string"
+	//     }
+	//   },
+	//   "path": "b/{bucket}/o/{object}",
+	//   "scopes": [
+	//     "https://www.googleapis.com/auth/cloud-platform",
+	//     "https://www.googleapis.com/auth/devstorage.full_control",
+	//     "https://www.googleapis.com/auth/devstorage.read_write"
+	//   ]
+	// }
+
+}
+
+// method id "storage.objects.get":
+
+type ObjectsGetCall struct {
+	s            *Service
+	bucket       string
+	object       string
+	urlParams_   gensupport.URLParams
+	ifNoneMatch_ string
+	ctx_         context.Context
+	header_      http.Header
+}
+
+// Get: Retrieves an object or its metadata.
+//
+//   - bucket: Name of the bucket in which the object resides.
+//   - object: Name of the object. For information about how to URL encode
+//     object names to be path safe, see Encoding URI Path Parts.
+func (r *ObjectsService) Get(bucket string, object string) *ObjectsGetCall {
+	c := &ObjectsGetCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+	c.bucket = bucket
+	c.object = object
+	return c
+}
+
+// Generation sets the optional parameter "generation": If present,
+// selects a specific revision of this object (as opposed to the latest
+// version, the default).
+func (c *ObjectsGetCall) Generation(generation int64) *ObjectsGetCall {
+	c.urlParams_.Set("generation", fmt.Sprint(generation))
+	return c
+}
+
+// IfGenerationMatch sets the optional parameter "ifGenerationMatch":
+// Makes the operation conditional on whether the object's current
+// generation matches the given value. Setting to 0 makes the operation
+// succeed only if there are no live versions of the object.
+func (c *ObjectsGetCall) IfGenerationMatch(ifGenerationMatch int64) *ObjectsGetCall {
+	c.urlParams_.Set("ifGenerationMatch", fmt.Sprint(ifGenerationMatch))
+	return c
+}
+
+// IfGenerationNotMatch sets the optional parameter
+// "ifGenerationNotMatch": Makes the operation conditional on whether
+// the object's current generation does not match the given value. If no
+// live object exists, the precondition fails. Setting to 0 makes the
+// operation succeed only if there is a live version of the object.
+func (c *ObjectsGetCall) IfGenerationNotMatch(ifGenerationNotMatch int64) *ObjectsGetCall {
+	c.urlParams_.Set("ifGenerationNotMatch", fmt.Sprint(ifGenerationNotMatch))
+	return c
+}
+
+// IfMetagenerationMatch sets the optional parameter
+// "ifMetagenerationMatch": Makes the operation conditional on whether
+// the object's current metageneration matches the given value.
+func (c *ObjectsGetCall) IfMetagenerationMatch(ifMetagenerationMatch int64) *ObjectsGetCall {
+	c.urlParams_.Set("ifMetagenerationMatch", fmt.Sprint(ifMetagenerationMatch))
+	return c
+}
+
+// IfMetagenerationNotMatch sets the optional parameter
+// "ifMetagenerationNotMatch": Makes the operation conditional on
+// whether the object's current metageneration does not match the given
+// value.
+func (c *ObjectsGetCall) IfMetagenerationNotMatch(ifMetagenerationNotMatch int64) *ObjectsGetCall {
+	c.urlParams_.Set("ifMetagenerationNotMatch", fmt.Sprint(ifMetagenerationNotMatch))
+	return c
+}
+
+// Projection sets the optional parameter "projection": Set of
+// properties to return. Defaults to noAcl.
+//
+// Possible values:
+//
+//	"full" - Include all properties.
+//	"noAcl" - Omit the owner, acl property.
+func (c *ObjectsGetCall) Projection(projection string) *ObjectsGetCall {
+	c.urlParams_.Set("projection", projection)
+	return c
+}
+
+// UserProject sets the optional parameter "userProject": The project to
+// be billed for this request. Required for Requester Pays buckets.
+func (c *ObjectsGetCall) UserProject(userProject string) *ObjectsGetCall {
+	c.urlParams_.Set("userProject", userProject)
+	return c
+}
+
+// Fields allows partial responses to be retrieved. See
+// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
+// for more information.
+func (c *ObjectsGetCall) Fields(s ...googleapi.Field) *ObjectsGetCall {
+	c.urlParams_.Set("fields", googleapi.CombineFields(s))
+	return c
+}
+
+// IfNoneMatch sets the optional parameter which makes the operation
+// fail if the object's ETag matches the given value. This is useful for
+// getting updates only after the object has changed since the last
+// request. Use googleapi.IsNotModified to check whether the response
+// error from Do is the result of In-None-Match.
+func (c *ObjectsGetCall) IfNoneMatch(entityTag string) *ObjectsGetCall {
+	c.ifNoneMatch_ = entityTag
+	return c
+}
+
+// Context sets the context to be used in this call's Do and Download
+// methods. Any pending HTTP request will be aborted if the provided
+// context is canceled.
+func (c *ObjectsGetCall) Context(ctx context.Context) *ObjectsGetCall {
+	c.ctx_ = ctx
+	return c
+}
+
+// Header returns an http.Header that can be modified by the caller to
+// add HTTP headers to the request.
+func (c *ObjectsGetCall) Header() http.Header {
+	if c.header_ == nil {
+		c.header_ = make(http.Header)
+	}
+	return c.header_
+}
+
+func (c *ObjectsGetCall) doRequest(alt string) (*http.Response, error) {
+	reqHeaders := make(http.Header)
+	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
+	for k, v := range c.header_ {
+		reqHeaders[k] = v
+	}
+	reqHeaders.Set("User-Agent", c.s.userAgent())
+	if c.ifNoneMatch_ != "" {
+		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
+	}
+	var body io.Reader = nil
+	c.urlParams_.Set("alt", alt)
+	c.urlParams_.Set("prettyPrint", "false")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "b/{bucket}/o/{object}")
+	urls += "?" + c.urlParams_.Encode()
+	req, err := http.NewRequest("GET", urls, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = reqHeaders
+	googleapi.Expand(req.URL, map[string]string{
+		"bucket": c.bucket,
+		"object": c.object,
+	})
+	return gensupport.SendRequest(c.ctx_, c.s.client, req)
+}
+
+// Download fetches the API endpoint's "media" value, instead of the normal
+// API response value. If the returned error is nil, the Response is guaranteed to
+// have a 2xx status code. Callers must close the Response.Body as usual.
+func (c *ObjectsGetCall) Download(opts ...googleapi.CallOption) (*http.Response, error) {
+	gensupport.SetOptions(c.urlParams_, opts...)
+	res, err := c.doRequest("media")
+	if err != nil {
+		return nil, err
+	}
+	if err := googleapi.CheckMediaResponse(res); err != nil {
+		res.Body.Close()
+		return nil, gensupport.WrapError(err)
+	}
+	return res, nil
+}
+
+// Do executes the "storage.objects.get" call.
+// Exactly one of *Object or error will be non-nil. Any non-2xx status
+// code is an error. Response headers are in either
+// *Object.ServerResponse.Header or (if a response was returned at all)
+// in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to
+// check whether the returned error was because http.StatusNotModified
+// was returned.
+func (c *ObjectsGetCall) Do(opts ...googleapi.CallOption) (*Object, error) {
+	gensupport.SetOptions(c.urlParams_, opts...)
+	res, err := c.doRequest("json")
+	if res != nil && res.StatusCode == http.StatusNotModified {
+		if res.Body != nil {
+			res.Body.Close()
+		}
+		return nil, gensupport.WrapError(&googleapi.Error{
+			Code:   res.StatusCode,
+			Header: res.Header,
+		})
+	}
+	if err != nil {
+		return nil, err
+	}
+	defer googleapi.CloseBody(res)
+	if err := googleapi.CheckResponse(res); err != nil {
+		return nil, gensupport.WrapError(err)
+	}
+	ret := &Object{
+		ServerResponse: googleapi.ServerResponse{
+			Header:         res.Header,
+			HTTPStatusCode: res.StatusCode,
+		},
+	}
+	target := &ret
+	if err := gensupport.DecodeResponse(target, res); err != nil {
+		return nil, err
+	}
+	return ret, nil
+	// {
+	//   "description": "Retrieves an object or its metadata.",
+	//   "httpMethod": "GET",
+	//   "id": "storage.objects.get",
+	//   "parameterOrder": [
+	//     "bucket",
+	//     "object"
+	//   ],
+	//   "parameters": {
+	//     "bucket": {
+	//       "description": "Name of the bucket in which the object resides.",
+	//       "location": "path",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "generation": {
+	//       "description": "If present, selects a specific revision of this object (as opposed to the latest version, the default).",
+	//       "format": "int64",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "ifGenerationMatch": {
+	//       "description": "Makes the operation conditional on whether the object's current generation matches the given value. Setting to 0 makes the operation succeed only if there are no live versions of the object.",
+	//       "format": "int64",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "ifGenerationNotMatch": {
+	//       "description": "Makes the operation conditional on whether the object's current generation does not match the given value. If no live object exists, the precondition fails. Setting to 0 makes the operation succeed only if there is a live version of the object.",
+	//       "format": "int64",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "ifMetagenerationMatch": {
+	//       "description": "Makes the operation conditional on whether the object's current metageneration matches the given value.",
+	//       "format": "int64",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "ifMetagenerationNotMatch": {
+	//       "description": "Makes the operation conditional on whether the object's current metageneration does not match the given value.",
+	//       "format": "int64",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "object": {
+	//       "description": "Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.",
+	//       "location": "path",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "projection": {
+	//       "description": "Set of properties to return. Defaults to noAcl.",
+	//       "enum": [
+	//         "full",
+	//         "noAcl"
+	//       ],
+	//       "enumDescriptions": [
+	//         "Include all properties.",
+	//         "Omit the owner, acl property."
+	//       ],
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "userProject": {
+	//       "description": "The project to be billed for this request. Required for Requester Pays buckets.",
+	//       "location": "query",
+	//       "type": "string"
+	//     }
+	//   },
+	//   "path": "b/{bucket}/o/{object}",
+	//   "response": {
+	//     "$ref": "Object"
+	//   },
+	//   "scopes": [
+	//     "https://www.googleapis.com/auth/cloud-platform",
+	//     "https://www.googleapis.com/auth/cloud-platform.read-only",
+	//     "https://www.googleapis.com/auth/devstorage.full_control",
+	//     "https://www.googleapis.com/auth/devstorage.read_only",
+	//     "https://www.googleapis.com/auth/devstorage.read_write"
+	//   ],
+	//   "supportsMediaDownload": true,
+	//   "useMediaDownloadService": true
+	// }
+
+}
+
+// method id "storage.objects.getIamPolicy":
+
+type ObjectsGetIamPolicyCall struct {
+	s            *Service
+	bucket       string
+	object       string
+	urlParams_   gensupport.URLParams
+	ifNoneMatch_ string
+	ctx_         context.Context
+	header_      http.Header
+}
+
+// GetIamPolicy: Returns an IAM policy for the specified object.
+//
+//   - bucket: Name of the bucket in which the object resides.
+//   - object: Name of the object. For information about how to URL encode
+//     object names to be path safe, see Encoding URI Path Parts.
+func (r *ObjectsService) GetIamPolicy(bucket string, object string) *ObjectsGetIamPolicyCall {
+	c := &ObjectsGetIamPolicyCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+	c.bucket = bucket
+	c.object = object
+	return c
+}
+
+// Generation sets the optional parameter "generation": If present,
+// selects a specific revision of this object (as opposed to the latest
+// version, the default).
+func (c *ObjectsGetIamPolicyCall) Generation(generation int64) *ObjectsGetIamPolicyCall {
+	c.urlParams_.Set("generation", fmt.Sprint(generation))
+	return c
+}
+
+// UserProject sets the optional parameter "userProject": The project to
+// be billed for this request. Required for Requester Pays buckets.
+func (c *ObjectsGetIamPolicyCall) UserProject(userProject string) *ObjectsGetIamPolicyCall {
+	c.urlParams_.Set("userProject", userProject)
+	return c
+}
+
+// Fields allows partial responses to be retrieved. See
+// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
+// for more information.
+func (c *ObjectsGetIamPolicyCall) Fields(s ...googleapi.Field) *ObjectsGetIamPolicyCall {
+	c.urlParams_.Set("fields", googleapi.CombineFields(s))
+	return c
+}
+
+// IfNoneMatch sets the optional parameter which makes the operation
+// fail if the object's ETag matches the given value. This is useful for
+// getting updates only after the object has changed since the last
+// request. Use googleapi.IsNotModified to check whether the response
+// error from Do is the result of In-None-Match.
+func (c *ObjectsGetIamPolicyCall) IfNoneMatch(entityTag string) *ObjectsGetIamPolicyCall {
+	c.ifNoneMatch_ = entityTag
+	return c
+}
+
+// Context sets the context to be used in this call's Do method. Any
+// pending HTTP request will be aborted if the provided context is
+// canceled.
+func (c *ObjectsGetIamPolicyCall) Context(ctx context.Context) *ObjectsGetIamPolicyCall {
+	c.ctx_ = ctx
+	return c
+}
+
+// Header returns an http.Header that can be modified by the caller to
+// add HTTP headers to the request.
+func (c *ObjectsGetIamPolicyCall) Header() http.Header {
+	if c.header_ == nil {
+		c.header_ = make(http.Header)
+	}
+	return c.header_
+}
+
+func (c *ObjectsGetIamPolicyCall) doRequest(alt string) (*http.Response, error) {
+	reqHeaders := make(http.Header)
+	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
+	for k, v := range c.header_ {
+		reqHeaders[k] = v
+	}
+	reqHeaders.Set("User-Agent", c.s.userAgent())
+	if c.ifNoneMatch_ != "" {
+		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
+	}
+	var body io.Reader = nil
+	c.urlParams_.Set("alt", alt)
+	c.urlParams_.Set("prettyPrint", "false")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "b/{bucket}/o/{object}/iam")
+	urls += "?" + c.urlParams_.Encode()
+	req, err := http.NewRequest("GET", urls, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = reqHeaders
+	googleapi.Expand(req.URL, map[string]string{
+		"bucket": c.bucket,
+		"object": c.object,
+	})
+	return gensupport.SendRequest(c.ctx_, c.s.client, req)
+}
+
+// Do executes the "storage.objects.getIamPolicy" call.
+// Exactly one of *Policy or error will be non-nil. Any non-2xx status
+// code is an error. Response headers are in either
+// *Policy.ServerResponse.Header or (if a response was returned at all)
+// in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to
+// check whether the returned error was because http.StatusNotModified
+// was returned.
+func (c *ObjectsGetIamPolicyCall) Do(opts ...googleapi.CallOption) (*Policy, error) {
+	gensupport.SetOptions(c.urlParams_, opts...)
+	res, err := c.doRequest("json")
+	if res != nil && res.StatusCode == http.StatusNotModified {
+		if res.Body != nil {
+			res.Body.Close()
+		}
+		return nil, gensupport.WrapError(&googleapi.Error{
+			Code:   res.StatusCode,
+			Header: res.Header,
+		})
+	}
+	if err != nil {
+		return nil, err
+	}
+	defer googleapi.CloseBody(res)
+	if err := googleapi.CheckResponse(res); err != nil {
+		return nil, gensupport.WrapError(err)
+	}
+	ret := &Policy{
+		ServerResponse: googleapi.ServerResponse{
+			Header:         res.Header,
+			HTTPStatusCode: res.StatusCode,
+		},
+	}
+	target := &ret
+	if err := gensupport.DecodeResponse(target, res); err != nil {
+		return nil, err
+	}
+	return ret, nil
+	// {
+	//   "description": "Returns an IAM policy for the specified object.",
+	//   "httpMethod": "GET",
+	//   "id": "storage.objects.getIamPolicy",
+	//   "parameterOrder": [
+	//     "bucket",
+	//     "object"
+	//   ],
+	//   "parameters": {
+	//     "bucket": {
+	//       "description": "Name of the bucket in which the object resides.",
+	//       "location": "path",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "generation": {
+	//       "description": "If present, selects a specific revision of this object (as opposed to the latest version, the default).",
+	//       "format": "int64",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "object": {
+	//       "description": "Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.",
+	//       "location": "path",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "userProject": {
+	//       "description": "The project to be billed for this request. Required for Requester Pays buckets.",
+	//       "location": "query",
+	//       "type": "string"
+	//     }
+	//   },
+	//   "path": "b/{bucket}/o/{object}/iam",
+	//   "response": {
+	//     "$ref": "Policy"
+	//   },
+	//   "scopes": [
+	//     "https://www.googleapis.com/auth/cloud-platform",
+	//     "https://www.googleapis.com/auth/cloud-platform.read-only",
+	//     "https://www.googleapis.com/auth/devstorage.full_control",
+	//     "https://www.googleapis.com/auth/devstorage.read_only",
+	//     "https://www.googleapis.com/auth/devstorage.read_write"
+	//   ]
+	// }
+
+}
+
+// method id "storage.objects.insert":
+
+type ObjectsInsertCall struct {
+	s          *Service
+	bucket     string
+	object     *Object
+	urlParams_ gensupport.URLParams
+	mediaInfo_ *gensupport.MediaInfo
+	retry      *gensupport.RetryConfig
+	ctx_       context.Context
+	header_    http.Header
+}
+
+// Insert: Stores a new object and metadata.
+//
+//   - bucket: Name of the bucket in which to store the new object.
+//     Overrides the provided object metadata's bucket value, if any.
+func (r *ObjectsService) Insert(bucket string, object *Object) *ObjectsInsertCall {
+	c := &ObjectsInsertCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+	c.bucket = bucket
+	c.object = object
+	return c
+}
+
+// ContentEncoding sets the optional parameter "contentEncoding": If
+// set, sets the contentEncoding property of the final object to this
+// value. Setting this parameter is equivalent to setting the
+// contentEncoding metadata property. This can be useful when uploading
+// an object with uploadType=media to indicate the encoding of the
+// content being uploaded.
+func (c *ObjectsInsertCall) ContentEncoding(contentEncoding string) *ObjectsInsertCall {
+	c.urlParams_.Set("contentEncoding", contentEncoding)
+	return c
+}
+
+// IfGenerationMatch sets the optional parameter "ifGenerationMatch":
+// Makes the operation conditional on whether the object's current
+// generation matches the given value. Setting to 0 makes the operation
+// succeed only if there are no live versions of the object.
+func (c *ObjectsInsertCall) IfGenerationMatch(ifGenerationMatch int64) *ObjectsInsertCall {
+	c.urlParams_.Set("ifGenerationMatch", fmt.Sprint(ifGenerationMatch))
+	return c
+}
+
+// IfGenerationNotMatch sets the optional parameter
+// "ifGenerationNotMatch": Makes the operation conditional on whether
+// the object's current generation does not match the given value. If no
+// live object exists, the precondition fails. Setting to 0 makes the
+// operation succeed only if there is a live version of the object.
+func (c *ObjectsInsertCall) IfGenerationNotMatch(ifGenerationNotMatch int64) *ObjectsInsertCall {
+	c.urlParams_.Set("ifGenerationNotMatch", fmt.Sprint(ifGenerationNotMatch))
+	return c
+}
+
+// IfMetagenerationMatch sets the optional parameter
+// "ifMetagenerationMatch": Makes the operation conditional on whether
+// the object's current metageneration matches the given value.
+func (c *ObjectsInsertCall) IfMetagenerationMatch(ifMetagenerationMatch int64) *ObjectsInsertCall {
+	c.urlParams_.Set("ifMetagenerationMatch", fmt.Sprint(ifMetagenerationMatch))
+	return c
+}
+
+// IfMetagenerationNotMatch sets the optional parameter
+// "ifMetagenerationNotMatch": Makes the operation conditional on
+// whether the object's current metageneration does not match the given
+// value.
+func (c *ObjectsInsertCall) IfMetagenerationNotMatch(ifMetagenerationNotMatch int64) *ObjectsInsertCall {
+	c.urlParams_.Set("ifMetagenerationNotMatch", fmt.Sprint(ifMetagenerationNotMatch))
+	return c
+}
+
+// KmsKeyName sets the optional parameter "kmsKeyName": Resource name of
+// the Cloud KMS key, of the form
+// projects/my-project/locations/global/keyRings/my-kr/cryptoKeys/my-key,
+//
+//	that will be used to encrypt the object. Overrides the object
+//
+// metadata's kms_key_name value, if any.
+func (c *ObjectsInsertCall) KmsKeyName(kmsKeyName string) *ObjectsInsertCall {
+	c.urlParams_.Set("kmsKeyName", kmsKeyName)
+	return c
+}
+
+// Name sets the optional parameter "name": Name of the object. Required
+// when the object metadata is not otherwise provided. Overrides the
+// object metadata's name value, if any. For information about how to
+// URL encode object names to be path safe, see Encoding URI Path Parts.
+func (c *ObjectsInsertCall) Name(name string) *ObjectsInsertCall {
+	c.urlParams_.Set("name", name)
+	return c
+}
+
+// PredefinedAcl sets the optional parameter "predefinedAcl": Apply a
+// predefined set of access controls to this object.
+//
+// Possible values:
+//
+//	"authenticatedRead" - Object owner gets OWNER access, and
+//
+// allAuthenticatedUsers get READER access.
+//
+//	"bucketOwnerFullControl" - Object owner gets OWNER access, and
+//
+// project team owners get OWNER access.
+//
+//	"bucketOwnerRead" - Object owner gets OWNER access, and project
+//
+// team owners get READER access.
+//
+//	"private" - Object owner gets OWNER access.
+//	"projectPrivate" - Object owner gets OWNER access, and project team
+//
+// members get access according to their roles.
+//
+//	"publicRead" - Object owner gets OWNER access, and allUsers get
+//
+// READER access.
+func (c *ObjectsInsertCall) PredefinedAcl(predefinedAcl string) *ObjectsInsertCall {
+	c.urlParams_.Set("predefinedAcl", predefinedAcl)
+	return c
+}
+
+// Projection sets the optional parameter "projection": Set of
+// properties to return. Defaults to noAcl, unless the object resource
+// specifies the acl property, when it defaults to full.
+//
+// Possible values:
+//
+//	"full" - Include all properties.
+//	"noAcl" - Omit the owner, acl property.
+func (c *ObjectsInsertCall) Projection(projection string) *ObjectsInsertCall {
+	c.urlParams_.Set("projection", projection)
+	return c
+}
+
+// UserProject sets the optional parameter "userProject": The project to
+// be billed for this request. Required for Requester Pays buckets.
+func (c *ObjectsInsertCall) UserProject(userProject string) *ObjectsInsertCall {
+	c.urlParams_.Set("userProject", userProject)
+	return c
+}
+
+// Media specifies the media to upload in one or more chunks. The chunk
+// size may be controlled by supplying a MediaOption generated by
+// googleapi.ChunkSize. The chunk size defaults to
+// googleapi.DefaultUploadChunkSize.The Content-Type header used in the
+// upload request will be determined by sniffing the contents of r,
+// unless a MediaOption generated by googleapi.ContentType is
+// supplied.
+// At most one of Media and ResumableMedia may be set.
+func (c *ObjectsInsertCall) Media(r io.Reader, options ...googleapi.MediaOption) *ObjectsInsertCall {
+	if ct := c.object.ContentType; ct != "" {
+		options = append([]googleapi.MediaOption{googleapi.ContentType(ct)}, options...)
+	}
+	c.mediaInfo_ = gensupport.NewInfoFromMedia(r, options)
+	return c
+}
+
+// ResumableMedia specifies the media to upload in chunks and can be
+// canceled with ctx.
+//
+// Deprecated: use Media instead.
+//
+// At most one of Media and ResumableMedia may be set. mediaType
+// identifies the MIME media type of the upload, such as "image/png". If
+// mediaType is "", it will be auto-detected. The provided ctx will
+// supersede any context previously provided to the Context method.
+func (c *ObjectsInsertCall) ResumableMedia(ctx context.Context, r io.ReaderAt, size int64, mediaType string) *ObjectsInsertCall {
+	c.ctx_ = ctx
+	c.mediaInfo_ = gensupport.NewInfoFromResumableMedia(r, size, mediaType)
+	return c
+}
+
+// ProgressUpdater provides a callback function that will be called
+// after every chunk. It should be a low-latency function in order to
+// not slow down the upload operation. This should only be called when
+// using ResumableMedia (as opposed to Media).
+func (c *ObjectsInsertCall) ProgressUpdater(pu googleapi.ProgressUpdater) *ObjectsInsertCall {
+	c.mediaInfo_.SetProgressUpdater(pu)
+	return c
+}
+
+// WithRetry causes the library to retry the initial request of the
+// upload(for resumable uploads) or the entire upload (for multipart
+// uploads) ifa transient error occurs. This is contingent on ChunkSize
+// being > 0 (sothat the input data may be buffered). The backoff
+// argument will be used todetermine exponential backoff timing, and the
+// errorFunc is used to determinewhich errors are considered retryable.
+// By default, exponetial backoff will beapplied using gax defaults, and
+// the following errors are retried:
+//
+// - HTTP responses with codes 408, 429, 502, 503, and 504.
+//
+// - Transient network errors such as connection reset and
+// io.ErrUnexpectedEOF.
+//
+// - Errors which are considered transient using the Temporary()
+// interface.
+//
+// - Wrapped versions of these errors.
+func (c *ObjectsInsertCall) WithRetry(bo *gax.Backoff, errorFunc func(err error) bool) *ObjectsInsertCall {
+	c.retry = &gensupport.RetryConfig{
+		Backoff:     bo,
+		ShouldRetry: errorFunc,
+	}
+	return c
+}
+
+// Fields allows partial responses to be retrieved. See
+// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
+// for more information.
+func (c *ObjectsInsertCall) Fields(s ...googleapi.Field) *ObjectsInsertCall {
+	c.urlParams_.Set("fields", googleapi.CombineFields(s))
+	return c
+}
+
+// Context sets the context to be used in this call's Do method. Any
+// pending HTTP request will be aborted if the provided context is
+// canceled.
+// This context will supersede any context previously provided to the
+// ResumableMedia method.
+func (c *ObjectsInsertCall) Context(ctx context.Context) *ObjectsInsertCall {
+	c.ctx_ = ctx
+	return c
+}
+
+// Header returns an http.Header that can be modified by the caller to
+// add HTTP headers to the request.
+func (c *ObjectsInsertCall) Header() http.Header {
+	if c.header_ == nil {
+		c.header_ = make(http.Header)
+	}
+	return c.header_
+}
+
+func (c *ObjectsInsertCall) doRequest(alt string) (*http.Response, error) {
+	reqHeaders := make(http.Header)
+	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
+	for k, v := range c.header_ {
+		reqHeaders[k] = v
+	}
+	reqHeaders.Set("User-Agent", c.s.userAgent())
+	var body io.Reader = nil
+	body, err := googleapi.WithoutDataWrapper.JSONReader(c.object)
+	if err != nil {
+		return nil, err
+	}
+	reqHeaders.Set("Content-Type", "application/json")
+	c.urlParams_.Set("alt", alt)
+	c.urlParams_.Set("prettyPrint", "false")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "b/{bucket}/o")
+	if c.mediaInfo_ != nil {
+		urls = googleapi.ResolveRelative(c.s.BasePath, "/upload/storage/v1/b/{bucket}/o")
+		c.urlParams_.Set("uploadType", c.mediaInfo_.UploadType())
+	}
+	if body == nil {
+		body = new(bytes.Buffer)
+		reqHeaders.Set("Content-Type", "application/json")
+	}
+	body, getBody, cleanup := c.mediaInfo_.UploadRequest(reqHeaders, body)
+	defer cleanup()
+	urls += "?" + c.urlParams_.Encode()
+	req, err := http.NewRequest("POST", urls, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = reqHeaders
+	req.GetBody = getBody
+	googleapi.Expand(req.URL, map[string]string{
+		"bucket": c.bucket,
+	})
+	if c.retry != nil {
+		return gensupport.SendRequestWithRetry(c.ctx_, c.s.client, req, c.retry)
+	}
+	return gensupport.SendRequest(c.ctx_, c.s.client, req)
+}
+
+// Do executes the "storage.objects.insert" call.
+// Exactly one of *Object or error will be non-nil. Any non-2xx status
+// code is an error. Response headers are in either
+// *Object.ServerResponse.Header or (if a response was returned at all)
+// in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to
+// check whether the returned error was because http.StatusNotModified
+// was returned.
+func (c *ObjectsInsertCall) Do(opts ...googleapi.CallOption) (*Object, error) {
+	gensupport.SetOptions(c.urlParams_, opts...)
+	res, err := c.doRequest("json")
+	if res != nil && res.StatusCode == http.StatusNotModified {
+		if res.Body != nil {
+			res.Body.Close()
+		}
+		return nil, gensupport.WrapError(&googleapi.Error{
+			Code:   res.StatusCode,
+			Header: res.Header,
+		})
+	}
+	if err != nil {
+		return nil, err
+	}
+	defer googleapi.CloseBody(res)
+	if err := googleapi.CheckResponse(res); err != nil {
+		return nil, gensupport.WrapError(err)
+	}
+	rx := c.mediaInfo_.ResumableUpload(res.Header.Get("Location"))
+	if rx != nil {
+		rx.Client = c.s.client
+		rx.UserAgent = c.s.userAgent()
+		rx.Retry = c.retry
+		ctx := c.ctx_
+		if ctx == nil {
+			ctx = context.TODO()
+		}
+		res, err = rx.Upload(ctx)
+		if err != nil {
+			return nil, err
+		}
+		defer res.Body.Close()
+		if err := googleapi.CheckResponse(res); err != nil {
+			return nil, gensupport.WrapError(err)
+		}
+	}
+	ret := &Object{
+		ServerResponse: googleapi.ServerResponse{
+			Header:         res.Header,
+			HTTPStatusCode: res.StatusCode,
+		},
+	}
+	target := &ret
+	if err := gensupport.DecodeResponse(target, res); err != nil {
+		return nil, err
+	}
+	return ret, nil
+	// {
+	//   "description": "Stores a new object and metadata.",
+	//   "httpMethod": "POST",
+	//   "id": "storage.objects.insert",
+	//   "mediaUpload": {
+	//     "accept": [
+	//       "*/*"
+	//     ],
+	//     "protocols": {
+	//       "resumable": {
+	//         "multipart": true,
+	//         "path": "/resumable/upload/storage/v1/b/{bucket}/o"
+	//       },
+	//       "simple": {
+	//         "multipart": true,
+	//         "path": "/upload/storage/v1/b/{bucket}/o"
+	//       }
+	//     }
+	//   },
+	//   "parameterOrder": [
+	//     "bucket"
+	//   ],
+	//   "parameters": {
+	//     "bucket": {
+	//       "description": "Name of the bucket in which to store the new object. Overrides the provided object metadata's bucket value, if any.",
+	//       "location": "path",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "contentEncoding": {
+	//       "description": "If set, sets the contentEncoding property of the final object to this value. Setting this parameter is equivalent to setting the contentEncoding metadata property. This can be useful when uploading an object with uploadType=media to indicate the encoding of the content being uploaded.",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "ifGenerationMatch": {
+	//       "description": "Makes the operation conditional on whether the object's current generation matches the given value. Setting to 0 makes the operation succeed only if there are no live versions of the object.",
+	//       "format": "int64",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "ifGenerationNotMatch": {
+	//       "description": "Makes the operation conditional on whether the object's current generation does not match the given value. If no live object exists, the precondition fails. Setting to 0 makes the operation succeed only if there is a live version of the object.",
+	//       "format": "int64",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "ifMetagenerationMatch": {
+	//       "description": "Makes the operation conditional on whether the object's current metageneration matches the given value.",
+	//       "format": "int64",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "ifMetagenerationNotMatch": {
+	//       "description": "Makes the operation conditional on whether the object's current metageneration does not match the given value.",
+	//       "format": "int64",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "kmsKeyName": {
+	//       "description": "Resource name of the Cloud KMS key, of the form projects/my-project/locations/global/keyRings/my-kr/cryptoKeys/my-key, that will be used to encrypt the object. Overrides the object metadata's kms_key_name value, if any.",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "name": {
+	//       "description": "Name of the object. Required when the object metadata is not otherwise provided. Overrides the object metadata's name value, if any. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "predefinedAcl": {
+	//       "description": "Apply a predefined set of access controls to this object.",
+	//       "enum": [
+	//         "authenticatedRead",
+	//         "bucketOwnerFullControl",
+	//         "bucketOwnerRead",
+	//         "private",
+	//         "projectPrivate",
+	//         "publicRead"
+	//       ],
+	//       "enumDescriptions": [
+	//         "Object owner gets OWNER access, and allAuthenticatedUsers get READER access.",
+	//         "Object owner gets OWNER access, and project team owners get OWNER access.",
+	//         "Object owner gets OWNER access, and project team owners get READER access.",
+	//         "Object owner gets OWNER access.",
+	//         "Object owner gets OWNER access, and project team members get access according to their roles.",
+	//         "Object owner gets OWNER access, and allUsers get READER access."
+	//       ],
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "projection": {
+	//       "description": "Set of properties to return. Defaults to noAcl, unless the object resource specifies the acl property, when it defaults to full.",
+	//       "enum": [
+	//         "full",
+	//         "noAcl"
+	//       ],
+	//       "enumDescriptions": [
+	//         "Include all properties.",
+	//         "Omit the owner, acl property."
+	//       ],
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "userProject": {
+	//       "description": "The project to be billed for this request. Required for Requester Pays buckets.",
+	//       "location": "query",
+	//       "type": "string"
+	//     }
+	//   },
+	//   "path": "b/{bucket}/o",
+	//   "request": {
+	//     "$ref": "Object"
+	//   },
+	//   "response": {
+	//     "$ref": "Object"
+	//   },
+	//   "scopes": [
+	//     "https://www.googleapis.com/auth/cloud-platform",
+	//     "https://www.googleapis.com/auth/devstorage.full_control",
+	//     "https://www.googleapis.com/auth/devstorage.read_write"
+	//   ],
+	//   "supportsMediaUpload": true
+	// }
+
+}
+
+// method id "storage.objects.list":
+
+type ObjectsListCall struct {
+	s            *Service
+	bucket       string
+	urlParams_   gensupport.URLParams
+	ifNoneMatch_ string
+	ctx_         context.Context
+	header_      http.Header
+}
+
+// List: Retrieves a list of objects matching the criteria.
+//
+// - bucket: Name of the bucket in which to look for objects.
+func (r *ObjectsService) List(bucket string) *ObjectsListCall {
+	c := &ObjectsListCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+	c.bucket = bucket
+	return c
+}
+
+// Delimiter sets the optional parameter "delimiter": Returns results in
+// a directory-like mode. items will contain only objects whose names,
+// aside from the prefix, do not contain delimiter. Objects whose names,
+// aside from the prefix, contain delimiter will have their name,
+// truncated after the delimiter, returned in prefixes. Duplicate
+// prefixes are omitted.
+func (c *ObjectsListCall) Delimiter(delimiter string) *ObjectsListCall {
+	c.urlParams_.Set("delimiter", delimiter)
+	return c
+}
+
+// EndOffset sets the optional parameter "endOffset": Filter results to
+// objects whose names are lexicographically before endOffset. If
+// startOffset is also set, the objects listed will have names between
+// startOffset (inclusive) and endOffset (exclusive).
+func (c *ObjectsListCall) EndOffset(endOffset string) *ObjectsListCall {
+	c.urlParams_.Set("endOffset", endOffset)
+	return c
+}
+
+// IncludeTrailingDelimiter sets the optional parameter
+// "includeTrailingDelimiter": If true, objects that end in exactly one
+// instance of delimiter will have their metadata included in items in
+// addition to prefixes.
+func (c *ObjectsListCall) IncludeTrailingDelimiter(includeTrailingDelimiter bool) *ObjectsListCall {
+	c.urlParams_.Set("includeTrailingDelimiter", fmt.Sprint(includeTrailingDelimiter))
+	return c
+}
+
+// MatchGlob sets the optional parameter "matchGlob": Filter results to
+// objects and prefixes that match this glob pattern.
+func (c *ObjectsListCall) MatchGlob(matchGlob string) *ObjectsListCall {
+	c.urlParams_.Set("matchGlob", matchGlob)
+	return c
+}
+
+// MaxResults sets the optional parameter "maxResults": Maximum number
+// of items plus prefixes to return in a single page of responses. As
+// duplicate prefixes are omitted, fewer total results may be returned
+// than requested. The service will use this parameter or 1,000 items,
+// whichever is smaller.
+func (c *ObjectsListCall) MaxResults(maxResults int64) *ObjectsListCall {
+	c.urlParams_.Set("maxResults", fmt.Sprint(maxResults))
+	return c
+}
+
+// PageToken sets the optional parameter "pageToken": A
+// previously-returned page token representing part of the larger set of
+// results to view.
+func (c *ObjectsListCall) PageToken(pageToken string) *ObjectsListCall {
+	c.urlParams_.Set("pageToken", pageToken)
+	return c
+}
+
+// Prefix sets the optional parameter "prefix": Filter results to
+// objects whose names begin with this prefix.
+func (c *ObjectsListCall) Prefix(prefix string) *ObjectsListCall {
+	c.urlParams_.Set("prefix", prefix)
+	return c
+}
+
+// Projection sets the optional parameter "projection": Set of
+// properties to return. Defaults to noAcl.
+//
+// Possible values:
+//
+//	"full" - Include all properties.
+//	"noAcl" - Omit the owner, acl property.
+func (c *ObjectsListCall) Projection(projection string) *ObjectsListCall {
+	c.urlParams_.Set("projection", projection)
+	return c
+}
+
+// StartOffset sets the optional parameter "startOffset": Filter results
+// to objects whose names are lexicographically equal to or after
+// startOffset. If endOffset is also set, the objects listed will have
+// names between startOffset (inclusive) and endOffset (exclusive).
+func (c *ObjectsListCall) StartOffset(startOffset string) *ObjectsListCall {
+	c.urlParams_.Set("startOffset", startOffset)
+	return c
+}
+
+// UserProject sets the optional parameter "userProject": The project to
+// be billed for this request. Required for Requester Pays buckets.
+func (c *ObjectsListCall) UserProject(userProject string) *ObjectsListCall {
+	c.urlParams_.Set("userProject", userProject)
+	return c
+}
+
+// Versions sets the optional parameter "versions": If true, lists all
+// versions of an object as distinct results. The default is false. For
+// more information, see Object Versioning.
+func (c *ObjectsListCall) Versions(versions bool) *ObjectsListCall {
+	c.urlParams_.Set("versions", fmt.Sprint(versions))
+	return c
+}
+
+// Fields allows partial responses to be retrieved. See
+// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
+// for more information.
+func (c *ObjectsListCall) Fields(s ...googleapi.Field) *ObjectsListCall {
+	c.urlParams_.Set("fields", googleapi.CombineFields(s))
+	return c
+}
+
+// IfNoneMatch sets the optional parameter which makes the operation
+// fail if the object's ETag matches the given value. This is useful for
+// getting updates only after the object has changed since the last
+// request. Use googleapi.IsNotModified to check whether the response
+// error from Do is the result of In-None-Match.
+func (c *ObjectsListCall) IfNoneMatch(entityTag string) *ObjectsListCall {
+	c.ifNoneMatch_ = entityTag
+	return c
+}
+
+// Context sets the context to be used in this call's Do method. Any
+// pending HTTP request will be aborted if the provided context is
+// canceled.
+func (c *ObjectsListCall) Context(ctx context.Context) *ObjectsListCall {
+	c.ctx_ = ctx
+	return c
+}
+
+// Header returns an http.Header that can be modified by the caller to
+// add HTTP headers to the request.
+func (c *ObjectsListCall) Header() http.Header {
+	if c.header_ == nil {
+		c.header_ = make(http.Header)
+	}
+	return c.header_
+}
+
+func (c *ObjectsListCall) doRequest(alt string) (*http.Response, error) {
+	reqHeaders := make(http.Header)
+	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
+	for k, v := range c.header_ {
+		reqHeaders[k] = v
+	}
+	reqHeaders.Set("User-Agent", c.s.userAgent())
+	if c.ifNoneMatch_ != "" {
+		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
+	}
+	var body io.Reader = nil
+	c.urlParams_.Set("alt", alt)
+	c.urlParams_.Set("prettyPrint", "false")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "b/{bucket}/o")
+	urls += "?" + c.urlParams_.Encode()
+	req, err := http.NewRequest("GET", urls, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = reqHeaders
+	googleapi.Expand(req.URL, map[string]string{
+		"bucket": c.bucket,
+	})
+	return gensupport.SendRequest(c.ctx_, c.s.client, req)
+}
+
+// Do executes the "storage.objects.list" call.
+// Exactly one of *Objects or error will be non-nil. Any non-2xx status
+// code is an error. Response headers are in either
+// *Objects.ServerResponse.Header or (if a response was returned at all)
+// in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to
+// check whether the returned error was because http.StatusNotModified
+// was returned.
+func (c *ObjectsListCall) Do(opts ...googleapi.CallOption) (*Objects, error) {
+	gensupport.SetOptions(c.urlParams_, opts...)
+	res, err := c.doRequest("json")
+	if res != nil && res.StatusCode == http.StatusNotModified {
+		if res.Body != nil {
+			res.Body.Close()
+		}
+		return nil, gensupport.WrapError(&googleapi.Error{
+			Code:   res.StatusCode,
+			Header: res.Header,
+		})
+	}
+	if err != nil {
+		return nil, err
+	}
+	defer googleapi.CloseBody(res)
+	if err := googleapi.CheckResponse(res); err != nil {
+		return nil, gensupport.WrapError(err)
+	}
+	ret := &Objects{
+		ServerResponse: googleapi.ServerResponse{
+			Header:         res.Header,
+			HTTPStatusCode: res.StatusCode,
+		},
+	}
+	target := &ret
+	if err := gensupport.DecodeResponse(target, res); err != nil {
+		return nil, err
+	}
+	return ret, nil
+	// {
+	//   "description": "Retrieves a list of objects matching the criteria.",
+	//   "httpMethod": "GET",
+	//   "id": "storage.objects.list",
+	//   "parameterOrder": [
+	//     "bucket"
+	//   ],
+	//   "parameters": {
+	//     "bucket": {
+	//       "description": "Name of the bucket in which to look for objects.",
+	//       "location": "path",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "delimiter": {
+	//       "description": "Returns results in a directory-like mode. items will contain only objects whose names, aside from the prefix, do not contain delimiter. Objects whose names, aside from the prefix, contain delimiter will have their name, truncated after the delimiter, returned in prefixes. Duplicate prefixes are omitted.",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "endOffset": {
+	//       "description": "Filter results to objects whose names are lexicographically before endOffset. If startOffset is also set, the objects listed will have names between startOffset (inclusive) and endOffset (exclusive).",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "includeTrailingDelimiter": {
+	//       "description": "If true, objects that end in exactly one instance of delimiter will have their metadata included in items in addition to prefixes.",
+	//       "location": "query",
+	//       "type": "boolean"
+	//     },
+	//     "matchGlob": {
+	//       "description": "Filter results to objects and prefixes that match this glob pattern.",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "maxResults": {
+	//       "default": "1000",
+	//       "description": "Maximum number of items plus prefixes to return in a single page of responses. As duplicate prefixes are omitted, fewer total results may be returned than requested. The service will use this parameter or 1,000 items, whichever is smaller.",
+	//       "format": "uint32",
+	//       "location": "query",
+	//       "minimum": "0",
+	//       "type": "integer"
+	//     },
+	//     "pageToken": {
+	//       "description": "A previously-returned page token representing part of the larger set of results to view.",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "prefix": {
+	//       "description": "Filter results to objects whose names begin with this prefix.",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "projection": {
+	//       "description": "Set of properties to return. Defaults to noAcl.",
+	//       "enum": [
+	//         "full",
+	//         "noAcl"
+	//       ],
+	//       "enumDescriptions": [
+	//         "Include all properties.",
+	//         "Omit the owner, acl property."
+	//       ],
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "startOffset": {
+	//       "description": "Filter results to objects whose names are lexicographically equal to or after startOffset. If endOffset is also set, the objects listed will have names between startOffset (inclusive) and endOffset (exclusive).",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "userProject": {
+	//       "description": "The project to be billed for this request. Required for Requester Pays buckets.",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "versions": {
+	//       "description": "If true, lists all versions of an object as distinct results. The default is false. For more information, see Object Versioning.",
+	//       "location": "query",
+	//       "type": "boolean"
+	//     }
+	//   },
+	//   "path": "b/{bucket}/o",
+	//   "response": {
+	//     "$ref": "Objects"
+	//   },
+	//   "scopes": [
+	//     "https://www.googleapis.com/auth/cloud-platform",
+	//     "https://www.googleapis.com/auth/cloud-platform.read-only",
+	//     "https://www.googleapis.com/auth/devstorage.full_control",
+	//     "https://www.googleapis.com/auth/devstorage.read_only",
+	//     "https://www.googleapis.com/auth/devstorage.read_write"
+	//   ],
+	//   "supportsSubscription": true
+	// }
+
+}
+
+// Pages invokes f for each page of results.
+// A non-nil error returned from f will halt the iteration.
+// The provided context supersedes any context provided to the Context method.
+func (c *ObjectsListCall) Pages(ctx context.Context, f func(*Objects) error) error {
+	c.ctx_ = ctx
+	defer c.PageToken(c.urlParams_.Get("pageToken")) // reset paging to original point
+	for {
+		x, err := c.Do()
+		if err != nil {
+			return err
+		}
+		if err := f(x); err != nil {
+			return err
+		}
+		if x.NextPageToken == "" {
+			return nil
+		}
+		c.PageToken(x.NextPageToken)
+	}
+}
+
+// method id "storage.objects.patch":
+
+type ObjectsPatchCall struct {
+	s          *Service
+	bucket     string
+	object     string
+	object2    *Object
+	urlParams_ gensupport.URLParams
+	ctx_       context.Context
+	header_    http.Header
+}
+
+// Patch: Patches an object's metadata.
+//
+//   - bucket: Name of the bucket in which the object resides.
+//   - object: Name of the object. For information about how to URL encode
+//     object names to be path safe, see Encoding URI Path Parts.
+func (r *ObjectsService) Patch(bucket string, object string, object2 *Object) *ObjectsPatchCall {
+	c := &ObjectsPatchCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+	c.bucket = bucket
+	c.object = object
+	c.object2 = object2
+	return c
+}
+
+// Generation sets the optional parameter "generation": If present,
+// selects a specific revision of this object (as opposed to the latest
+// version, the default).
+func (c *ObjectsPatchCall) Generation(generation int64) *ObjectsPatchCall {
+	c.urlParams_.Set("generation", fmt.Sprint(generation))
+	return c
+}
+
+// IfGenerationMatch sets the optional parameter "ifGenerationMatch":
+// Makes the operation conditional on whether the object's current
+// generation matches the given value. Setting to 0 makes the operation
+// succeed only if there are no live versions of the object.
+func (c *ObjectsPatchCall) IfGenerationMatch(ifGenerationMatch int64) *ObjectsPatchCall {
+	c.urlParams_.Set("ifGenerationMatch", fmt.Sprint(ifGenerationMatch))
+	return c
+}
+
+// IfGenerationNotMatch sets the optional parameter
+// "ifGenerationNotMatch": Makes the operation conditional on whether
+// the object's current generation does not match the given value. If no
+// live object exists, the precondition fails. Setting to 0 makes the
+// operation succeed only if there is a live version of the object.
+func (c *ObjectsPatchCall) IfGenerationNotMatch(ifGenerationNotMatch int64) *ObjectsPatchCall {
+	c.urlParams_.Set("ifGenerationNotMatch", fmt.Sprint(ifGenerationNotMatch))
+	return c
+}
+
+// IfMetagenerationMatch sets the optional parameter
+// "ifMetagenerationMatch": Makes the operation conditional on whether
+// the object's current metageneration matches the given value.
+func (c *ObjectsPatchCall) IfMetagenerationMatch(ifMetagenerationMatch int64) *ObjectsPatchCall {
+	c.urlParams_.Set("ifMetagenerationMatch", fmt.Sprint(ifMetagenerationMatch))
+	return c
+}
+
+// IfMetagenerationNotMatch sets the optional parameter
+// "ifMetagenerationNotMatch": Makes the operation conditional on
+// whether the object's current metageneration does not match the given
+// value.
+func (c *ObjectsPatchCall) IfMetagenerationNotMatch(ifMetagenerationNotMatch int64) *ObjectsPatchCall {
+	c.urlParams_.Set("ifMetagenerationNotMatch", fmt.Sprint(ifMetagenerationNotMatch))
+	return c
+}
+
+// PredefinedAcl sets the optional parameter "predefinedAcl": Apply a
+// predefined set of access controls to this object.
+//
+// Possible values:
+//
+//	"authenticatedRead" - Object owner gets OWNER access, and
+//
+// allAuthenticatedUsers get READER access.
+//
+//	"bucketOwnerFullControl" - Object owner gets OWNER access, and
+//
+// project team owners get OWNER access.
+//
+//	"bucketOwnerRead" - Object owner gets OWNER access, and project
+//
+// team owners get READER access.
+//
+//	"private" - Object owner gets OWNER access.
+//	"projectPrivate" - Object owner gets OWNER access, and project team
+//
+// members get access according to their roles.
+//
+//	"publicRead" - Object owner gets OWNER access, and allUsers get
+//
+// READER access.
+func (c *ObjectsPatchCall) PredefinedAcl(predefinedAcl string) *ObjectsPatchCall {
+	c.urlParams_.Set("predefinedAcl", predefinedAcl)
+	return c
+}
+
+// Projection sets the optional parameter "projection": Set of
+// properties to return. Defaults to full.
+//
+// Possible values:
+//
+//	"full" - Include all properties.
+//	"noAcl" - Omit the owner, acl property.
+func (c *ObjectsPatchCall) Projection(projection string) *ObjectsPatchCall {
+	c.urlParams_.Set("projection", projection)
+	return c
+}
+
+// UserProject sets the optional parameter "userProject": The project to
+// be billed for this request, for Requester Pays buckets.
+func (c *ObjectsPatchCall) UserProject(userProject string) *ObjectsPatchCall {
+	c.urlParams_.Set("userProject", userProject)
+	return c
+}
+
+// Fields allows partial responses to be retrieved. See
+// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
+// for more information.
+func (c *ObjectsPatchCall) Fields(s ...googleapi.Field) *ObjectsPatchCall {
+	c.urlParams_.Set("fields", googleapi.CombineFields(s))
+	return c
+}
+
+// Context sets the context to be used in this call's Do method. Any
+// pending HTTP request will be aborted if the provided context is
+// canceled.
+func (c *ObjectsPatchCall) Context(ctx context.Context) *ObjectsPatchCall {
+	c.ctx_ = ctx
+	return c
+}
+
+// Header returns an http.Header that can be modified by the caller to
+// add HTTP headers to the request.
+func (c *ObjectsPatchCall) Header() http.Header {
+	if c.header_ == nil {
+		c.header_ = make(http.Header)
+	}
+	return c.header_
+}
+
+func (c *ObjectsPatchCall) doRequest(alt string) (*http.Response, error) {
+	reqHeaders := make(http.Header)
+	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
+	for k, v := range c.header_ {
+		reqHeaders[k] = v
+	}
+	reqHeaders.Set("User-Agent", c.s.userAgent())
+	var body io.Reader = nil
+	body, err := googleapi.WithoutDataWrapper.JSONReader(c.object2)
+	if err != nil {
+		return nil, err
+	}
+	reqHeaders.Set("Content-Type", "application/json")
+	c.urlParams_.Set("alt", alt)
+	c.urlParams_.Set("prettyPrint", "false")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "b/{bucket}/o/{object}")
+	urls += "?" + c.urlParams_.Encode()
+	req, err := http.NewRequest("PATCH", urls, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = reqHeaders
+	googleapi.Expand(req.URL, map[string]string{
+		"bucket": c.bucket,
+		"object": c.object,
+	})
+	return gensupport.SendRequest(c.ctx_, c.s.client, req)
+}
+
+// Do executes the "storage.objects.patch" call.
+// Exactly one of *Object or error will be non-nil. Any non-2xx status
+// code is an error. Response headers are in either
+// *Object.ServerResponse.Header or (if a response was returned at all)
+// in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to
+// check whether the returned error was because http.StatusNotModified
+// was returned.
+func (c *ObjectsPatchCall) Do(opts ...googleapi.CallOption) (*Object, error) {
+	gensupport.SetOptions(c.urlParams_, opts...)
+	res, err := c.doRequest("json")
+	if res != nil && res.StatusCode == http.StatusNotModified {
+		if res.Body != nil {
+			res.Body.Close()
+		}
+		return nil, gensupport.WrapError(&googleapi.Error{
+			Code:   res.StatusCode,
+			Header: res.Header,
+		})
+	}
+	if err != nil {
+		return nil, err
+	}
+	defer googleapi.CloseBody(res)
+	if err := googleapi.CheckResponse(res); err != nil {
+		return nil, gensupport.WrapError(err)
+	}
+	ret := &Object{
+		ServerResponse: googleapi.ServerResponse{
+			Header:         res.Header,
+			HTTPStatusCode: res.StatusCode,
+		},
+	}
+	target := &ret
+	if err := gensupport.DecodeResponse(target, res); err != nil {
+		return nil, err
+	}
+	return ret, nil
+	// {
+	//   "description": "Patches an object's metadata.",
+	//   "httpMethod": "PATCH",
+	//   "id": "storage.objects.patch",
+	//   "parameterOrder": [
+	//     "bucket",
+	//     "object"
+	//   ],
+	//   "parameters": {
+	//     "bucket": {
+	//       "description": "Name of the bucket in which the object resides.",
+	//       "location": "path",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "generation": {
+	//       "description": "If present, selects a specific revision of this object (as opposed to the latest version, the default).",
+	//       "format": "int64",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "ifGenerationMatch": {
+	//       "description": "Makes the operation conditional on whether the object's current generation matches the given value. Setting to 0 makes the operation succeed only if there are no live versions of the object.",
+	//       "format": "int64",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "ifGenerationNotMatch": {
+	//       "description": "Makes the operation conditional on whether the object's current generation does not match the given value. If no live object exists, the precondition fails. Setting to 0 makes the operation succeed only if there is a live version of the object.",
+	//       "format": "int64",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "ifMetagenerationMatch": {
+	//       "description": "Makes the operation conditional on whether the object's current metageneration matches the given value.",
+	//       "format": "int64",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "ifMetagenerationNotMatch": {
+	//       "description": "Makes the operation conditional on whether the object's current metageneration does not match the given value.",
+	//       "format": "int64",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "object": {
+	//       "description": "Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.",
+	//       "location": "path",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "predefinedAcl": {
+	//       "description": "Apply a predefined set of access controls to this object.",
+	//       "enum": [
+	//         "authenticatedRead",
+	//         "bucketOwnerFullControl",
+	//         "bucketOwnerRead",
+	//         "private",
+	//         "projectPrivate",
+	//         "publicRead"
+	//       ],
+	//       "enumDescriptions": [
+	//         "Object owner gets OWNER access, and allAuthenticatedUsers get READER access.",
+	//         "Object owner gets OWNER access, and project team owners get OWNER access.",
+	//         "Object owner gets OWNER access, and project team owners get READER access.",
+	//         "Object owner gets OWNER access.",
+	//         "Object owner gets OWNER access, and project team members get access according to their roles.",
+	//         "Object owner gets OWNER access, and allUsers get READER access."
+	//       ],
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "projection": {
+	//       "description": "Set of properties to return. Defaults to full.",
+	//       "enum": [
+	//         "full",
+	//         "noAcl"
+	//       ],
+	//       "enumDescriptions": [
+	//         "Include all properties.",
+	//         "Omit the owner, acl property."
+	//       ],
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "userProject": {
+	//       "description": "The project to be billed for this request, for Requester Pays buckets.",
+	//       "location": "query",
+	//       "type": "string"
+	//     }
+	//   },
+	//   "path": "b/{bucket}/o/{object}",
+	//   "request": {
+	//     "$ref": "Object"
+	//   },
+	//   "response": {
+	//     "$ref": "Object"
+	//   },
+	//   "scopes": [
+	//     "https://www.googleapis.com/auth/cloud-platform",
+	//     "https://www.googleapis.com/auth/devstorage.full_control"
+	//   ]
+	// }
+
+}
+
+// method id "storage.objects.rewrite":
+
+type ObjectsRewriteCall struct {
+	s                 *Service
+	sourceBucket      string
+	sourceObject      string
+	destinationBucket string
+	destinationObject string
+	object            *Object
+	urlParams_        gensupport.URLParams
+	ctx_              context.Context
+	header_           http.Header
+}
+
+// Rewrite: Rewrites a source object to a destination object. Optionally
+// overrides metadata.
+//
+//   - destinationBucket: Name of the bucket in which to store the new
+//     object. Overrides the provided object metadata's bucket value, if
+//     any.
+//   - destinationObject: Name of the new object. Required when the object
+//     metadata is not otherwise provided. Overrides the object metadata's
+//     name value, if any. For information about how to URL encode object
+//     names to be path safe, see Encoding URI Path Parts.
+//   - sourceBucket: Name of the bucket in which to find the source
+//     object.
+//   - sourceObject: Name of the source object. For information about how
+//     to URL encode object names to be path safe, see Encoding URI Path
+//     Parts.
+func (r *ObjectsService) Rewrite(sourceBucket string, sourceObject string, destinationBucket string, destinationObject string, object *Object) *ObjectsRewriteCall {
+	c := &ObjectsRewriteCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+	c.sourceBucket = sourceBucket
+	c.sourceObject = sourceObject
+	c.destinationBucket = destinationBucket
+	c.destinationObject = destinationObject
+	c.object = object
+	return c
+}
+
+// DestinationKmsKeyName sets the optional parameter
+// "destinationKmsKeyName": Resource name of the Cloud KMS key, of the
+// form
+// projects/my-project/locations/global/keyRings/my-kr/cryptoKeys/my-key,
+//
+//	that will be used to encrypt the object. Overrides the object
+//
+// metadata's kms_key_name value, if any.
+func (c *ObjectsRewriteCall) DestinationKmsKeyName(destinationKmsKeyName string) *ObjectsRewriteCall {
+	c.urlParams_.Set("destinationKmsKeyName", destinationKmsKeyName)
+	return c
+}
+
+// DestinationPredefinedAcl sets the optional parameter
+// "destinationPredefinedAcl": Apply a predefined set of access controls
+// to the destination object.
+//
+// Possible values:
+//
+//	"authenticatedRead" - Object owner gets OWNER access, and
+//
+// allAuthenticatedUsers get READER access.
+//
+//	"bucketOwnerFullControl" - Object owner gets OWNER access, and
+//
+// project team owners get OWNER access.
+//
+//	"bucketOwnerRead" - Object owner gets OWNER access, and project
+//
+// team owners get READER access.
+//
+//	"private" - Object owner gets OWNER access.
+//	"projectPrivate" - Object owner gets OWNER access, and project team
+//
+// members get access according to their roles.
+//
+//	"publicRead" - Object owner gets OWNER access, and allUsers get
+//
+// READER access.
+func (c *ObjectsRewriteCall) DestinationPredefinedAcl(destinationPredefinedAcl string) *ObjectsRewriteCall {
+	c.urlParams_.Set("destinationPredefinedAcl", destinationPredefinedAcl)
+	return c
+}
+
+// IfGenerationMatch sets the optional parameter "ifGenerationMatch":
+// Makes the operation conditional on whether the object's current
+// generation matches the given value. Setting to 0 makes the operation
+// succeed only if there are no live versions of the object.
+func (c *ObjectsRewriteCall) IfGenerationMatch(ifGenerationMatch int64) *ObjectsRewriteCall {
+	c.urlParams_.Set("ifGenerationMatch", fmt.Sprint(ifGenerationMatch))
+	return c
+}
+
+// IfGenerationNotMatch sets the optional parameter
+// "ifGenerationNotMatch": Makes the operation conditional on whether
+// the object's current generation does not match the given value. If no
+// live object exists, the precondition fails. Setting to 0 makes the
+// operation succeed only if there is a live version of the object.
+func (c *ObjectsRewriteCall) IfGenerationNotMatch(ifGenerationNotMatch int64) *ObjectsRewriteCall {
+	c.urlParams_.Set("ifGenerationNotMatch", fmt.Sprint(ifGenerationNotMatch))
+	return c
+}
+
+// IfMetagenerationMatch sets the optional parameter
+// "ifMetagenerationMatch": Makes the operation conditional on whether
+// the destination object's current metageneration matches the given
+// value.
+func (c *ObjectsRewriteCall) IfMetagenerationMatch(ifMetagenerationMatch int64) *ObjectsRewriteCall {
+	c.urlParams_.Set("ifMetagenerationMatch", fmt.Sprint(ifMetagenerationMatch))
+	return c
+}
+
+// IfMetagenerationNotMatch sets the optional parameter
+// "ifMetagenerationNotMatch": Makes the operation conditional on
+// whether the destination object's current metageneration does not
+// match the given value.
+func (c *ObjectsRewriteCall) IfMetagenerationNotMatch(ifMetagenerationNotMatch int64) *ObjectsRewriteCall {
+	c.urlParams_.Set("ifMetagenerationNotMatch", fmt.Sprint(ifMetagenerationNotMatch))
+	return c
+}
+
+// IfSourceGenerationMatch sets the optional parameter
+// "ifSourceGenerationMatch": Makes the operation conditional on whether
+// the source object's current generation matches the given value.
+func (c *ObjectsRewriteCall) IfSourceGenerationMatch(ifSourceGenerationMatch int64) *ObjectsRewriteCall {
+	c.urlParams_.Set("ifSourceGenerationMatch", fmt.Sprint(ifSourceGenerationMatch))
+	return c
+}
+
+// IfSourceGenerationNotMatch sets the optional parameter
+// "ifSourceGenerationNotMatch": Makes the operation conditional on
+// whether the source object's current generation does not match the
+// given value.
+func (c *ObjectsRewriteCall) IfSourceGenerationNotMatch(ifSourceGenerationNotMatch int64) *ObjectsRewriteCall {
+	c.urlParams_.Set("ifSourceGenerationNotMatch", fmt.Sprint(ifSourceGenerationNotMatch))
+	return c
+}
+
+// IfSourceMetagenerationMatch sets the optional parameter
+// "ifSourceMetagenerationMatch": Makes the operation conditional on
+// whether the source object's current metageneration matches the given
+// value.
+func (c *ObjectsRewriteCall) IfSourceMetagenerationMatch(ifSourceMetagenerationMatch int64) *ObjectsRewriteCall {
+	c.urlParams_.Set("ifSourceMetagenerationMatch", fmt.Sprint(ifSourceMetagenerationMatch))
+	return c
+}
+
+// IfSourceMetagenerationNotMatch sets the optional parameter
+// "ifSourceMetagenerationNotMatch": Makes the operation conditional on
+// whether the source object's current metageneration does not match the
+// given value.
+func (c *ObjectsRewriteCall) IfSourceMetagenerationNotMatch(ifSourceMetagenerationNotMatch int64) *ObjectsRewriteCall {
+	c.urlParams_.Set("ifSourceMetagenerationNotMatch", fmt.Sprint(ifSourceMetagenerationNotMatch))
+	return c
+}
+
+// MaxBytesRewrittenPerCall sets the optional parameter
+// "maxBytesRewrittenPerCall": The maximum number of bytes that will be
+// rewritten per rewrite request. Most callers shouldn't need to specify
+// this parameter - it is primarily in place to support testing. If
+// specified the value must be an integral multiple of 1 MiB (1048576).
+// Also, this only applies to requests where the source and destination
+// span locations and/or storage classes. Finally, this value must not
+// change across rewrite calls else you'll get an error that the
+// rewriteToken is invalid.
+func (c *ObjectsRewriteCall) MaxBytesRewrittenPerCall(maxBytesRewrittenPerCall int64) *ObjectsRewriteCall {
+	c.urlParams_.Set("maxBytesRewrittenPerCall", fmt.Sprint(maxBytesRewrittenPerCall))
+	return c
+}
+
+// Projection sets the optional parameter "projection": Set of
+// properties to return. Defaults to noAcl, unless the object resource
+// specifies the acl property, when it defaults to full.
+//
+// Possible values:
+//
+//	"full" - Include all properties.
+//	"noAcl" - Omit the owner, acl property.
+func (c *ObjectsRewriteCall) Projection(projection string) *ObjectsRewriteCall {
+	c.urlParams_.Set("projection", projection)
+	return c
+}
+
+// RewriteToken sets the optional parameter "rewriteToken": Include this
+// field (from the previous rewrite response) on each rewrite request
+// after the first one, until the rewrite response 'done' flag is true.
+// Calls that provide a rewriteToken can omit all other request fields,
+// but if included those fields must match the values provided in the
+// first rewrite request.
+func (c *ObjectsRewriteCall) RewriteToken(rewriteToken string) *ObjectsRewriteCall {
+	c.urlParams_.Set("rewriteToken", rewriteToken)
+	return c
+}
+
+// SourceGeneration sets the optional parameter "sourceGeneration": If
+// present, selects a specific revision of the source object (as opposed
+// to the latest version, the default).
+func (c *ObjectsRewriteCall) SourceGeneration(sourceGeneration int64) *ObjectsRewriteCall {
+	c.urlParams_.Set("sourceGeneration", fmt.Sprint(sourceGeneration))
+	return c
+}
+
+// UserProject sets the optional parameter "userProject": The project to
+// be billed for this request. Required for Requester Pays buckets.
+func (c *ObjectsRewriteCall) UserProject(userProject string) *ObjectsRewriteCall {
+	c.urlParams_.Set("userProject", userProject)
+	return c
+}
+
+// Fields allows partial responses to be retrieved. See
+// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
+// for more information.
+func (c *ObjectsRewriteCall) Fields(s ...googleapi.Field) *ObjectsRewriteCall {
+	c.urlParams_.Set("fields", googleapi.CombineFields(s))
+	return c
+}
+
+// Context sets the context to be used in this call's Do method. Any
+// pending HTTP request will be aborted if the provided context is
+// canceled.
+func (c *ObjectsRewriteCall) Context(ctx context.Context) *ObjectsRewriteCall {
+	c.ctx_ = ctx
+	return c
+}
+
+// Header returns an http.Header that can be modified by the caller to
+// add HTTP headers to the request.
+func (c *ObjectsRewriteCall) Header() http.Header {
+	if c.header_ == nil {
+		c.header_ = make(http.Header)
+	}
+	return c.header_
+}
+
+func (c *ObjectsRewriteCall) doRequest(alt string) (*http.Response, error) {
+	reqHeaders := make(http.Header)
+	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
+	for k, v := range c.header_ {
+		reqHeaders[k] = v
+	}
+	reqHeaders.Set("User-Agent", c.s.userAgent())
+	var body io.Reader = nil
+	body, err := googleapi.WithoutDataWrapper.JSONReader(c.object)
+	if err != nil {
+		return nil, err
+	}
+	reqHeaders.Set("Content-Type", "application/json")
+	c.urlParams_.Set("alt", alt)
+	c.urlParams_.Set("prettyPrint", "false")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "b/{sourceBucket}/o/{sourceObject}/rewriteTo/b/{destinationBucket}/o/{destinationObject}")
+	urls += "?" + c.urlParams_.Encode()
+	req, err := http.NewRequest("POST", urls, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = reqHeaders
+	googleapi.Expand(req.URL, map[string]string{
+		"sourceBucket":      c.sourceBucket,
+		"sourceObject":      c.sourceObject,
+		"destinationBucket": c.destinationBucket,
+		"destinationObject": c.destinationObject,
+	})
+	return gensupport.SendRequest(c.ctx_, c.s.client, req)
+}
+
+// Do executes the "storage.objects.rewrite" call.
+// Exactly one of *RewriteResponse or error will be non-nil. Any non-2xx
+// status code is an error. Response headers are in either
+// *RewriteResponse.ServerResponse.Header or (if a response was returned
+// at all) in error.(*googleapi.Error).Header. Use
+// googleapi.IsNotModified to check whether the returned error was
+// because http.StatusNotModified was returned.
+func (c *ObjectsRewriteCall) Do(opts ...googleapi.CallOption) (*RewriteResponse, error) {
+	gensupport.SetOptions(c.urlParams_, opts...)
+	res, err := c.doRequest("json")
+	if res != nil && res.StatusCode == http.StatusNotModified {
+		if res.Body != nil {
+			res.Body.Close()
+		}
+		return nil, gensupport.WrapError(&googleapi.Error{
+			Code:   res.StatusCode,
+			Header: res.Header,
+		})
+	}
+	if err != nil {
+		return nil, err
+	}
+	defer googleapi.CloseBody(res)
+	if err := googleapi.CheckResponse(res); err != nil {
+		return nil, gensupport.WrapError(err)
+	}
+	ret := &RewriteResponse{
+		ServerResponse: googleapi.ServerResponse{
+			Header:         res.Header,
+			HTTPStatusCode: res.StatusCode,
+		},
+	}
+	target := &ret
+	if err := gensupport.DecodeResponse(target, res); err != nil {
+		return nil, err
+	}
+	return ret, nil
+	// {
+	//   "description": "Rewrites a source object to a destination object. Optionally overrides metadata.",
+	//   "httpMethod": "POST",
+	//   "id": "storage.objects.rewrite",
+	//   "parameterOrder": [
+	//     "sourceBucket",
+	//     "sourceObject",
+	//     "destinationBucket",
+	//     "destinationObject"
+	//   ],
+	//   "parameters": {
+	//     "destinationBucket": {
+	//       "description": "Name of the bucket in which to store the new object. Overrides the provided object metadata's bucket value, if any.",
+	//       "location": "path",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "destinationKmsKeyName": {
+	//       "description": "Resource name of the Cloud KMS key, of the form projects/my-project/locations/global/keyRings/my-kr/cryptoKeys/my-key, that will be used to encrypt the object. Overrides the object metadata's kms_key_name value, if any.",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "destinationObject": {
+	//       "description": "Name of the new object. Required when the object metadata is not otherwise provided. Overrides the object metadata's name value, if any. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.",
+	//       "location": "path",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "destinationPredefinedAcl": {
+	//       "description": "Apply a predefined set of access controls to the destination object.",
+	//       "enum": [
+	//         "authenticatedRead",
+	//         "bucketOwnerFullControl",
+	//         "bucketOwnerRead",
+	//         "private",
+	//         "projectPrivate",
+	//         "publicRead"
+	//       ],
+	//       "enumDescriptions": [
+	//         "Object owner gets OWNER access, and allAuthenticatedUsers get READER access.",
+	//         "Object owner gets OWNER access, and project team owners get OWNER access.",
+	//         "Object owner gets OWNER access, and project team owners get READER access.",
+	//         "Object owner gets OWNER access.",
+	//         "Object owner gets OWNER access, and project team members get access according to their roles.",
+	//         "Object owner gets OWNER access, and allUsers get READER access."
+	//       ],
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "ifGenerationMatch": {
+	//       "description": "Makes the operation conditional on whether the object's current generation matches the given value. Setting to 0 makes the operation succeed only if there are no live versions of the object.",
+	//       "format": "int64",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "ifGenerationNotMatch": {
+	//       "description": "Makes the operation conditional on whether the object's current generation does not match the given value. If no live object exists, the precondition fails. Setting to 0 makes the operation succeed only if there is a live version of the object.",
+	//       "format": "int64",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "ifMetagenerationMatch": {
+	//       "description": "Makes the operation conditional on whether the destination object's current metageneration matches the given value.",
+	//       "format": "int64",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "ifMetagenerationNotMatch": {
+	//       "description": "Makes the operation conditional on whether the destination object's current metageneration does not match the given value.",
+	//       "format": "int64",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "ifSourceGenerationMatch": {
+	//       "description": "Makes the operation conditional on whether the source object's current generation matches the given value.",
+	//       "format": "int64",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "ifSourceGenerationNotMatch": {
+	//       "description": "Makes the operation conditional on whether the source object's current generation does not match the given value.",
+	//       "format": "int64",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "ifSourceMetagenerationMatch": {
+	//       "description": "Makes the operation conditional on whether the source object's current metageneration matches the given value.",
+	//       "format": "int64",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "ifSourceMetagenerationNotMatch": {
+	//       "description": "Makes the operation conditional on whether the source object's current metageneration does not match the given value.",
+	//       "format": "int64",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "maxBytesRewrittenPerCall": {
+	//       "description": "The maximum number of bytes that will be rewritten per rewrite request. Most callers shouldn't need to specify this parameter - it is primarily in place to support testing. If specified the value must be an integral multiple of 1 MiB (1048576). Also, this only applies to requests where the source and destination span locations and/or storage classes. Finally, this value must not change across rewrite calls else you'll get an error that the rewriteToken is invalid.",
+	//       "format": "int64",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "projection": {
+	//       "description": "Set of properties to return. Defaults to noAcl, unless the object resource specifies the acl property, when it defaults to full.",
+	//       "enum": [
+	//         "full",
+	//         "noAcl"
+	//       ],
+	//       "enumDescriptions": [
+	//         "Include all properties.",
+	//         "Omit the owner, acl property."
+	//       ],
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "rewriteToken": {
+	//       "description": "Include this field (from the previous rewrite response) on each rewrite request after the first one, until the rewrite response 'done' flag is true. Calls that provide a rewriteToken can omit all other request fields, but if included those fields must match the values provided in the first rewrite request.",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "sourceBucket": {
+	//       "description": "Name of the bucket in which to find the source object.",
+	//       "location": "path",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "sourceGeneration": {
+	//       "description": "If present, selects a specific revision of the source object (as opposed to the latest version, the default).",
+	//       "format": "int64",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "sourceObject": {
+	//       "description": "Name of the source object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.",
+	//       "location": "path",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "userProject": {
+	//       "description": "The project to be billed for this request. Required for Requester Pays buckets.",
+	//       "location": "query",
+	//       "type": "string"
+	//     }
+	//   },
+	//   "path": "b/{sourceBucket}/o/{sourceObject}/rewriteTo/b/{destinationBucket}/o/{destinationObject}",
+	//   "request": {
+	//     "$ref": "Object"
+	//   },
+	//   "response": {
+	//     "$ref": "RewriteResponse"
+	//   },
+	//   "scopes": [
+	//     "https://www.googleapis.com/auth/cloud-platform",
+	//     "https://www.googleapis.com/auth/devstorage.full_control",
+	//     "https://www.googleapis.com/auth/devstorage.read_write"
+	//   ]
+	// }
+
+}
+
+// method id "storage.objects.setIamPolicy":
+
+type ObjectsSetIamPolicyCall struct {
+	s          *Service
+	bucket     string
+	object     string
+	policy     *Policy
+	urlParams_ gensupport.URLParams
+	ctx_       context.Context
+	header_    http.Header
+}
+
+// SetIamPolicy: Updates an IAM policy for the specified object.
+//
+//   - bucket: Name of the bucket in which the object resides.
+//   - object: Name of the object. For information about how to URL encode
+//     object names to be path safe, see Encoding URI Path Parts.
+func (r *ObjectsService) SetIamPolicy(bucket string, object string, policy *Policy) *ObjectsSetIamPolicyCall {
+	c := &ObjectsSetIamPolicyCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+	c.bucket = bucket
+	c.object = object
+	c.policy = policy
+	return c
+}
+
+// Generation sets the optional parameter "generation": If present,
+// selects a specific revision of this object (as opposed to the latest
+// version, the default).
+func (c *ObjectsSetIamPolicyCall) Generation(generation int64) *ObjectsSetIamPolicyCall {
+	c.urlParams_.Set("generation", fmt.Sprint(generation))
+	return c
+}
+
+// UserProject sets the optional parameter "userProject": The project to
+// be billed for this request. Required for Requester Pays buckets.
+func (c *ObjectsSetIamPolicyCall) UserProject(userProject string) *ObjectsSetIamPolicyCall {
+	c.urlParams_.Set("userProject", userProject)
+	return c
+}
+
+// Fields allows partial responses to be retrieved. See
+// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
+// for more information.
+func (c *ObjectsSetIamPolicyCall) Fields(s ...googleapi.Field) *ObjectsSetIamPolicyCall {
+	c.urlParams_.Set("fields", googleapi.CombineFields(s))
+	return c
+}
+
+// Context sets the context to be used in this call's Do method. Any
+// pending HTTP request will be aborted if the provided context is
+// canceled.
+func (c *ObjectsSetIamPolicyCall) Context(ctx context.Context) *ObjectsSetIamPolicyCall {
+	c.ctx_ = ctx
+	return c
+}
+
+// Header returns an http.Header that can be modified by the caller to
+// add HTTP headers to the request.
+func (c *ObjectsSetIamPolicyCall) Header() http.Header {
+	if c.header_ == nil {
+		c.header_ = make(http.Header)
+	}
+	return c.header_
+}
+
+func (c *ObjectsSetIamPolicyCall) doRequest(alt string) (*http.Response, error) {
+	reqHeaders := make(http.Header)
+	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
+	for k, v := range c.header_ {
+		reqHeaders[k] = v
+	}
+	reqHeaders.Set("User-Agent", c.s.userAgent())
+	var body io.Reader = nil
+	body, err := googleapi.WithoutDataWrapper.JSONReader(c.policy)
+	if err != nil {
+		return nil, err
+	}
+	reqHeaders.Set("Content-Type", "application/json")
+	c.urlParams_.Set("alt", alt)
+	c.urlParams_.Set("prettyPrint", "false")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "b/{bucket}/o/{object}/iam")
+	urls += "?" + c.urlParams_.Encode()
+	req, err := http.NewRequest("PUT", urls, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = reqHeaders
+	googleapi.Expand(req.URL, map[string]string{
+		"bucket": c.bucket,
+		"object": c.object,
+	})
+	return gensupport.SendRequest(c.ctx_, c.s.client, req)
+}
+
+// Do executes the "storage.objects.setIamPolicy" call.
+// Exactly one of *Policy or error will be non-nil. Any non-2xx status
+// code is an error. Response headers are in either
+// *Policy.ServerResponse.Header or (if a response was returned at all)
+// in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to
+// check whether the returned error was because http.StatusNotModified
+// was returned.
+func (c *ObjectsSetIamPolicyCall) Do(opts ...googleapi.CallOption) (*Policy, error) {
+	gensupport.SetOptions(c.urlParams_, opts...)
+	res, err := c.doRequest("json")
+	if res != nil && res.StatusCode == http.StatusNotModified {
+		if res.Body != nil {
+			res.Body.Close()
+		}
+		return nil, gensupport.WrapError(&googleapi.Error{
+			Code:   res.StatusCode,
+			Header: res.Header,
+		})
+	}
+	if err != nil {
+		return nil, err
+	}
+	defer googleapi.CloseBody(res)
+	if err := googleapi.CheckResponse(res); err != nil {
+		return nil, gensupport.WrapError(err)
+	}
+	ret := &Policy{
+		ServerResponse: googleapi.ServerResponse{
+			Header:         res.Header,
+			HTTPStatusCode: res.StatusCode,
+		},
+	}
+	target := &ret
+	if err := gensupport.DecodeResponse(target, res); err != nil {
+		return nil, err
+	}
+	return ret, nil
+	// {
+	//   "description": "Updates an IAM policy for the specified object.",
+	//   "httpMethod": "PUT",
+	//   "id": "storage.objects.setIamPolicy",
+	//   "parameterOrder": [
+	//     "bucket",
+	//     "object"
+	//   ],
+	//   "parameters": {
+	//     "bucket": {
+	//       "description": "Name of the bucket in which the object resides.",
+	//       "location": "path",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "generation": {
+	//       "description": "If present, selects a specific revision of this object (as opposed to the latest version, the default).",
+	//       "format": "int64",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "object": {
+	//       "description": "Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.",
+	//       "location": "path",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "userProject": {
+	//       "description": "The project to be billed for this request. Required for Requester Pays buckets.",
+	//       "location": "query",
+	//       "type": "string"
+	//     }
+	//   },
+	//   "path": "b/{bucket}/o/{object}/iam",
+	//   "request": {
+	//     "$ref": "Policy"
+	//   },
+	//   "response": {
+	//     "$ref": "Policy"
+	//   },
+	//   "scopes": [
+	//     "https://www.googleapis.com/auth/cloud-platform",
+	//     "https://www.googleapis.com/auth/devstorage.full_control",
+	//     "https://www.googleapis.com/auth/devstorage.read_write"
+	//   ]
+	// }
+
+}
+
+// method id "storage.objects.testIamPermissions":
+
+type ObjectsTestIamPermissionsCall struct {
+	s            *Service
+	bucket       string
+	object       string
+	urlParams_   gensupport.URLParams
+	ifNoneMatch_ string
+	ctx_         context.Context
+	header_      http.Header
+}
+
+// TestIamPermissions: Tests a set of permissions on the given object to
+// see which, if any, are held by the caller.
+//
+//   - bucket: Name of the bucket in which the object resides.
+//   - object: Name of the object. For information about how to URL encode
+//     object names to be path safe, see Encoding URI Path Parts.
+//   - permissions: Permissions to test.
+func (r *ObjectsService) TestIamPermissions(bucket string, object string, permissions []string) *ObjectsTestIamPermissionsCall {
+	c := &ObjectsTestIamPermissionsCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+	c.bucket = bucket
+	c.object = object
+	c.urlParams_.SetMulti("permissions", append([]string{}, permissions...))
+	return c
+}
+
+// Generation sets the optional parameter "generation": If present,
+// selects a specific revision of this object (as opposed to the latest
+// version, the default).
+func (c *ObjectsTestIamPermissionsCall) Generation(generation int64) *ObjectsTestIamPermissionsCall {
+	c.urlParams_.Set("generation", fmt.Sprint(generation))
+	return c
+}
+
+// UserProject sets the optional parameter "userProject": The project to
+// be billed for this request. Required for Requester Pays buckets.
+func (c *ObjectsTestIamPermissionsCall) UserProject(userProject string) *ObjectsTestIamPermissionsCall {
+	c.urlParams_.Set("userProject", userProject)
+	return c
+}
+
+// Fields allows partial responses to be retrieved. See
+// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
+// for more information.
+func (c *ObjectsTestIamPermissionsCall) Fields(s ...googleapi.Field) *ObjectsTestIamPermissionsCall {
+	c.urlParams_.Set("fields", googleapi.CombineFields(s))
+	return c
+}
+
+// IfNoneMatch sets the optional parameter which makes the operation
+// fail if the object's ETag matches the given value. This is useful for
+// getting updates only after the object has changed since the last
+// request. Use googleapi.IsNotModified to check whether the response
+// error from Do is the result of In-None-Match.
+func (c *ObjectsTestIamPermissionsCall) IfNoneMatch(entityTag string) *ObjectsTestIamPermissionsCall {
+	c.ifNoneMatch_ = entityTag
+	return c
+}
+
+// Context sets the context to be used in this call's Do method. Any
+// pending HTTP request will be aborted if the provided context is
+// canceled.
+func (c *ObjectsTestIamPermissionsCall) Context(ctx context.Context) *ObjectsTestIamPermissionsCall {
+	c.ctx_ = ctx
+	return c
+}
+
+// Header returns an http.Header that can be modified by the caller to
+// add HTTP headers to the request.
+func (c *ObjectsTestIamPermissionsCall) Header() http.Header {
+	if c.header_ == nil {
+		c.header_ = make(http.Header)
+	}
+	return c.header_
+}
+
+func (c *ObjectsTestIamPermissionsCall) doRequest(alt string) (*http.Response, error) {
+	reqHeaders := make(http.Header)
+	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
+	for k, v := range c.header_ {
+		reqHeaders[k] = v
+	}
+	reqHeaders.Set("User-Agent", c.s.userAgent())
+	if c.ifNoneMatch_ != "" {
+		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
+	}
+	var body io.Reader = nil
+	c.urlParams_.Set("alt", alt)
+	c.urlParams_.Set("prettyPrint", "false")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "b/{bucket}/o/{object}/iam/testPermissions")
+	urls += "?" + c.urlParams_.Encode()
+	req, err := http.NewRequest("GET", urls, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = reqHeaders
+	googleapi.Expand(req.URL, map[string]string{
+		"bucket": c.bucket,
+		"object": c.object,
+	})
+	return gensupport.SendRequest(c.ctx_, c.s.client, req)
+}
+
+// Do executes the "storage.objects.testIamPermissions" call.
+// Exactly one of *TestIamPermissionsResponse or error will be non-nil.
+// Any non-2xx status code is an error. Response headers are in either
+// *TestIamPermissionsResponse.ServerResponse.Header or (if a response
+// was returned at all) in error.(*googleapi.Error).Header. Use
+// googleapi.IsNotModified to check whether the returned error was
+// because http.StatusNotModified was returned.
+func (c *ObjectsTestIamPermissionsCall) Do(opts ...googleapi.CallOption) (*TestIamPermissionsResponse, error) {
+	gensupport.SetOptions(c.urlParams_, opts...)
+	res, err := c.doRequest("json")
+	if res != nil && res.StatusCode == http.StatusNotModified {
+		if res.Body != nil {
+			res.Body.Close()
+		}
+		return nil, gensupport.WrapError(&googleapi.Error{
+			Code:   res.StatusCode,
+			Header: res.Header,
+		})
+	}
+	if err != nil {
+		return nil, err
+	}
+	defer googleapi.CloseBody(res)
+	if err := googleapi.CheckResponse(res); err != nil {
+		return nil, gensupport.WrapError(err)
+	}
+	ret := &TestIamPermissionsResponse{
+		ServerResponse: googleapi.ServerResponse{
+			Header:         res.Header,
+			HTTPStatusCode: res.StatusCode,
+		},
+	}
+	target := &ret
+	if err := gensupport.DecodeResponse(target, res); err != nil {
+		return nil, err
+	}
+	return ret, nil
+	// {
+	//   "description": "Tests a set of permissions on the given object to see which, if any, are held by the caller.",
+	//   "httpMethod": "GET",
+	//   "id": "storage.objects.testIamPermissions",
+	//   "parameterOrder": [
+	//     "bucket",
+	//     "object",
+	//     "permissions"
+	//   ],
+	//   "parameters": {
+	//     "bucket": {
+	//       "description": "Name of the bucket in which the object resides.",
+	//       "location": "path",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "generation": {
+	//       "description": "If present, selects a specific revision of this object (as opposed to the latest version, the default).",
+	//       "format": "int64",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "object": {
+	//       "description": "Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.",
+	//       "location": "path",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "permissions": {
+	//       "description": "Permissions to test.",
+	//       "location": "query",
+	//       "repeated": true,
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "userProject": {
+	//       "description": "The project to be billed for this request. Required for Requester Pays buckets.",
+	//       "location": "query",
+	//       "type": "string"
+	//     }
+	//   },
+	//   "path": "b/{bucket}/o/{object}/iam/testPermissions",
+	//   "response": {
+	//     "$ref": "TestIamPermissionsResponse"
+	//   },
+	//   "scopes": [
+	//     "https://www.googleapis.com/auth/cloud-platform",
+	//     "https://www.googleapis.com/auth/cloud-platform.read-only",
+	//     "https://www.googleapis.com/auth/devstorage.full_control",
+	//     "https://www.googleapis.com/auth/devstorage.read_only",
+	//     "https://www.googleapis.com/auth/devstorage.read_write"
+	//   ]
+	// }
+
+}
+
+// method id "storage.objects.update":
+
+type ObjectsUpdateCall struct {
+	s          *Service
+	bucket     string
+	object     string
+	object2    *Object
+	urlParams_ gensupport.URLParams
+	ctx_       context.Context
+	header_    http.Header
+}
+
+// Update: Updates an object's metadata.
+//
+//   - bucket: Name of the bucket in which the object resides.
+//   - object: Name of the object. For information about how to URL encode
+//     object names to be path safe, see Encoding URI Path Parts.
+func (r *ObjectsService) Update(bucket string, object string, object2 *Object) *ObjectsUpdateCall {
+	c := &ObjectsUpdateCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+	c.bucket = bucket
+	c.object = object
+	c.object2 = object2
+	return c
+}
+
+// Generation sets the optional parameter "generation": If present,
+// selects a specific revision of this object (as opposed to the latest
+// version, the default).
+func (c *ObjectsUpdateCall) Generation(generation int64) *ObjectsUpdateCall {
+	c.urlParams_.Set("generation", fmt.Sprint(generation))
+	return c
+}
+
+// IfGenerationMatch sets the optional parameter "ifGenerationMatch":
+// Makes the operation conditional on whether the object's current
+// generation matches the given value. Setting to 0 makes the operation
+// succeed only if there are no live versions of the object.
+func (c *ObjectsUpdateCall) IfGenerationMatch(ifGenerationMatch int64) *ObjectsUpdateCall {
+	c.urlParams_.Set("ifGenerationMatch", fmt.Sprint(ifGenerationMatch))
+	return c
+}
+
+// IfGenerationNotMatch sets the optional parameter
+// "ifGenerationNotMatch": Makes the operation conditional on whether
+// the object's current generation does not match the given value. If no
+// live object exists, the precondition fails. Setting to 0 makes the
+// operation succeed only if there is a live version of the object.
+func (c *ObjectsUpdateCall) IfGenerationNotMatch(ifGenerationNotMatch int64) *ObjectsUpdateCall {
+	c.urlParams_.Set("ifGenerationNotMatch", fmt.Sprint(ifGenerationNotMatch))
+	return c
+}
+
+// IfMetagenerationMatch sets the optional parameter
+// "ifMetagenerationMatch": Makes the operation conditional on whether
+// the object's current metageneration matches the given value.
+func (c *ObjectsUpdateCall) IfMetagenerationMatch(ifMetagenerationMatch int64) *ObjectsUpdateCall {
+	c.urlParams_.Set("ifMetagenerationMatch", fmt.Sprint(ifMetagenerationMatch))
+	return c
+}
+
+// IfMetagenerationNotMatch sets the optional parameter
+// "ifMetagenerationNotMatch": Makes the operation conditional on
+// whether the object's current metageneration does not match the given
+// value.
+func (c *ObjectsUpdateCall) IfMetagenerationNotMatch(ifMetagenerationNotMatch int64) *ObjectsUpdateCall {
+	c.urlParams_.Set("ifMetagenerationNotMatch", fmt.Sprint(ifMetagenerationNotMatch))
+	return c
+}
+
+// PredefinedAcl sets the optional parameter "predefinedAcl": Apply a
+// predefined set of access controls to this object.
+//
+// Possible values:
+//
+//	"authenticatedRead" - Object owner gets OWNER access, and
+//
+// allAuthenticatedUsers get READER access.
+//
+//	"bucketOwnerFullControl" - Object owner gets OWNER access, and
+//
+// project team owners get OWNER access.
+//
+//	"bucketOwnerRead" - Object owner gets OWNER access, and project
+//
+// team owners get READER access.
+//
+//	"private" - Object owner gets OWNER access.
+//	"projectPrivate" - Object owner gets OWNER access, and project team
+//
+// members get access according to their roles.
+//
+//	"publicRead" - Object owner gets OWNER access, and allUsers get
+//
+// READER access.
+func (c *ObjectsUpdateCall) PredefinedAcl(predefinedAcl string) *ObjectsUpdateCall {
+	c.urlParams_.Set("predefinedAcl", predefinedAcl)
+	return c
+}
+
+// Projection sets the optional parameter "projection": Set of
+// properties to return. Defaults to full.
+//
+// Possible values:
+//
+//	"full" - Include all properties.
+//	"noAcl" - Omit the owner, acl property.
+func (c *ObjectsUpdateCall) Projection(projection string) *ObjectsUpdateCall {
+	c.urlParams_.Set("projection", projection)
+	return c
+}
+
+// UserProject sets the optional parameter "userProject": The project to
+// be billed for this request. Required for Requester Pays buckets.
+func (c *ObjectsUpdateCall) UserProject(userProject string) *ObjectsUpdateCall {
+	c.urlParams_.Set("userProject", userProject)
+	return c
+}
+
+// Fields allows partial responses to be retrieved. See
+// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
+// for more information.
+func (c *ObjectsUpdateCall) Fields(s ...googleapi.Field) *ObjectsUpdateCall {
+	c.urlParams_.Set("fields", googleapi.CombineFields(s))
+	return c
+}
+
+// Context sets the context to be used in this call's Do method. Any
+// pending HTTP request will be aborted if the provided context is
+// canceled.
+func (c *ObjectsUpdateCall) Context(ctx context.Context) *ObjectsUpdateCall {
+	c.ctx_ = ctx
+	return c
+}
+
+// Header returns an http.Header that can be modified by the caller to
+// add HTTP headers to the request.
+func (c *ObjectsUpdateCall) Header() http.Header {
+	if c.header_ == nil {
+		c.header_ = make(http.Header)
+	}
+	return c.header_
+}
+
+func (c *ObjectsUpdateCall) doRequest(alt string) (*http.Response, error) {
+	reqHeaders := make(http.Header)
+	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
+	for k, v := range c.header_ {
+		reqHeaders[k] = v
+	}
+	reqHeaders.Set("User-Agent", c.s.userAgent())
+	var body io.Reader = nil
+	body, err := googleapi.WithoutDataWrapper.JSONReader(c.object2)
+	if err != nil {
+		return nil, err
+	}
+	reqHeaders.Set("Content-Type", "application/json")
+	c.urlParams_.Set("alt", alt)
+	c.urlParams_.Set("prettyPrint", "false")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "b/{bucket}/o/{object}")
+	urls += "?" + c.urlParams_.Encode()
+	req, err := http.NewRequest("PUT", urls, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = reqHeaders
+	googleapi.Expand(req.URL, map[string]string{
+		"bucket": c.bucket,
+		"object": c.object,
+	})
+	return gensupport.SendRequest(c.ctx_, c.s.client, req)
+}
+
+// Do executes the "storage.objects.update" call.
+// Exactly one of *Object or error will be non-nil. Any non-2xx status
+// code is an error. Response headers are in either
+// *Object.ServerResponse.Header or (if a response was returned at all)
+// in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to
+// check whether the returned error was because http.StatusNotModified
+// was returned.
+func (c *ObjectsUpdateCall) Do(opts ...googleapi.CallOption) (*Object, error) {
+	gensupport.SetOptions(c.urlParams_, opts...)
+	res, err := c.doRequest("json")
+	if res != nil && res.StatusCode == http.StatusNotModified {
+		if res.Body != nil {
+			res.Body.Close()
+		}
+		return nil, gensupport.WrapError(&googleapi.Error{
+			Code:   res.StatusCode,
+			Header: res.Header,
+		})
+	}
+	if err != nil {
+		return nil, err
+	}
+	defer googleapi.CloseBody(res)
+	if err := googleapi.CheckResponse(res); err != nil {
+		return nil, gensupport.WrapError(err)
+	}
+	ret := &Object{
+		ServerResponse: googleapi.ServerResponse{
+			Header:         res.Header,
+			HTTPStatusCode: res.StatusCode,
+		},
+	}
+	target := &ret
+	if err := gensupport.DecodeResponse(target, res); err != nil {
+		return nil, err
+	}
+	return ret, nil
+	// {
+	//   "description": "Updates an object's metadata.",
+	//   "httpMethod": "PUT",
+	//   "id": "storage.objects.update",
+	//   "parameterOrder": [
+	//     "bucket",
+	//     "object"
+	//   ],
+	//   "parameters": {
+	//     "bucket": {
+	//       "description": "Name of the bucket in which the object resides.",
+	//       "location": "path",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "generation": {
+	//       "description": "If present, selects a specific revision of this object (as opposed to the latest version, the default).",
+	//       "format": "int64",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "ifGenerationMatch": {
+	//       "description": "Makes the operation conditional on whether the object's current generation matches the given value. Setting to 0 makes the operation succeed only if there are no live versions of the object.",
+	//       "format": "int64",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "ifGenerationNotMatch": {
+	//       "description": "Makes the operation conditional on whether the object's current generation does not match the given value. If no live object exists, the precondition fails. Setting to 0 makes the operation succeed only if there is a live version of the object.",
+	//       "format": "int64",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "ifMetagenerationMatch": {
+	//       "description": "Makes the operation conditional on whether the object's current metageneration matches the given value.",
+	//       "format": "int64",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "ifMetagenerationNotMatch": {
+	//       "description": "Makes the operation conditional on whether the object's current metageneration does not match the given value.",
+	//       "format": "int64",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "object": {
+	//       "description": "Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.",
+	//       "location": "path",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "predefinedAcl": {
+	//       "description": "Apply a predefined set of access controls to this object.",
+	//       "enum": [
+	//         "authenticatedRead",
+	//         "bucketOwnerFullControl",
+	//         "bucketOwnerRead",
+	//         "private",
+	//         "projectPrivate",
+	//         "publicRead"
+	//       ],
+	//       "enumDescriptions": [
+	//         "Object owner gets OWNER access, and allAuthenticatedUsers get READER access.",
+	//         "Object owner gets OWNER access, and project team owners get OWNER access.",
+	//         "Object owner gets OWNER access, and project team owners get READER access.",
+	//         "Object owner gets OWNER access.",
+	//         "Object owner gets OWNER access, and project team members get access according to their roles.",
+	//         "Object owner gets OWNER access, and allUsers get READER access."
+	//       ],
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "projection": {
+	//       "description": "Set of properties to return. Defaults to full.",
+	//       "enum": [
+	//         "full",
+	//         "noAcl"
+	//       ],
+	//       "enumDescriptions": [
+	//         "Include all properties.",
+	//         "Omit the owner, acl property."
+	//       ],
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "userProject": {
+	//       "description": "The project to be billed for this request. Required for Requester Pays buckets.",
+	//       "location": "query",
+	//       "type": "string"
+	//     }
+	//   },
+	//   "path": "b/{bucket}/o/{object}",
+	//   "request": {
+	//     "$ref": "Object"
+	//   },
+	//   "response": {
+	//     "$ref": "Object"
+	//   },
+	//   "scopes": [
+	//     "https://www.googleapis.com/auth/cloud-platform",
+	//     "https://www.googleapis.com/auth/devstorage.full_control"
+	//   ]
+	// }
+
+}
+
+// method id "storage.objects.watchAll":
+
+type ObjectsWatchAllCall struct {
+	s          *Service
+	bucket     string
+	channel    *Channel
+	urlParams_ gensupport.URLParams
+	ctx_       context.Context
+	header_    http.Header
+}
+
+// WatchAll: Watch for changes on all objects in a bucket.
+//
+// - bucket: Name of the bucket in which to look for objects.
+func (r *ObjectsService) WatchAll(bucket string, channel *Channel) *ObjectsWatchAllCall {
+	c := &ObjectsWatchAllCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+	c.bucket = bucket
+	c.channel = channel
+	return c
+}
+
+// Delimiter sets the optional parameter "delimiter": Returns results in
+// a directory-like mode. items will contain only objects whose names,
+// aside from the prefix, do not contain delimiter. Objects whose names,
+// aside from the prefix, contain delimiter will have their name,
+// truncated after the delimiter, returned in prefixes. Duplicate
+// prefixes are omitted.
+func (c *ObjectsWatchAllCall) Delimiter(delimiter string) *ObjectsWatchAllCall {
+	c.urlParams_.Set("delimiter", delimiter)
+	return c
+}
+
+// EndOffset sets the optional parameter "endOffset": Filter results to
+// objects whose names are lexicographically before endOffset. If
+// startOffset is also set, the objects listed will have names between
+// startOffset (inclusive) and endOffset (exclusive).
+func (c *ObjectsWatchAllCall) EndOffset(endOffset string) *ObjectsWatchAllCall {
+	c.urlParams_.Set("endOffset", endOffset)
+	return c
+}
+
+// IncludeTrailingDelimiter sets the optional parameter
+// "includeTrailingDelimiter": If true, objects that end in exactly one
+// instance of delimiter will have their metadata included in items in
+// addition to prefixes.
+func (c *ObjectsWatchAllCall) IncludeTrailingDelimiter(includeTrailingDelimiter bool) *ObjectsWatchAllCall {
+	c.urlParams_.Set("includeTrailingDelimiter", fmt.Sprint(includeTrailingDelimiter))
+	return c
+}
+
+// MaxResults sets the optional parameter "maxResults": Maximum number
+// of items plus prefixes to return in a single page of responses. As
+// duplicate prefixes are omitted, fewer total results may be returned
+// than requested. The service will use this parameter or 1,000 items,
+// whichever is smaller.
+func (c *ObjectsWatchAllCall) MaxResults(maxResults int64) *ObjectsWatchAllCall {
+	c.urlParams_.Set("maxResults", fmt.Sprint(maxResults))
+	return c
+}
+
+// PageToken sets the optional parameter "pageToken": A
+// previously-returned page token representing part of the larger set of
+// results to view.
+func (c *ObjectsWatchAllCall) PageToken(pageToken string) *ObjectsWatchAllCall {
+	c.urlParams_.Set("pageToken", pageToken)
+	return c
+}
+
+// Prefix sets the optional parameter "prefix": Filter results to
+// objects whose names begin with this prefix.
+func (c *ObjectsWatchAllCall) Prefix(prefix string) *ObjectsWatchAllCall {
+	c.urlParams_.Set("prefix", prefix)
+	return c
+}
+
+// Projection sets the optional parameter "projection": Set of
+// properties to return. Defaults to noAcl.
+//
+// Possible values:
+//
+//	"full" - Include all properties.
+//	"noAcl" - Omit the owner, acl property.
+func (c *ObjectsWatchAllCall) Projection(projection string) *ObjectsWatchAllCall {
+	c.urlParams_.Set("projection", projection)
+	return c
+}
+
+// StartOffset sets the optional parameter "startOffset": Filter results
+// to objects whose names are lexicographically equal to or after
+// startOffset. If endOffset is also set, the objects listed will have
+// names between startOffset (inclusive) and endOffset (exclusive).
+func (c *ObjectsWatchAllCall) StartOffset(startOffset string) *ObjectsWatchAllCall {
+	c.urlParams_.Set("startOffset", startOffset)
+	return c
+}
+
+// UserProject sets the optional parameter "userProject": The project to
+// be billed for this request. Required for Requester Pays buckets.
+func (c *ObjectsWatchAllCall) UserProject(userProject string) *ObjectsWatchAllCall {
+	c.urlParams_.Set("userProject", userProject)
+	return c
+}
+
+// Versions sets the optional parameter "versions": If true, lists all
+// versions of an object as distinct results. The default is false. For
+// more information, see Object Versioning.
+func (c *ObjectsWatchAllCall) Versions(versions bool) *ObjectsWatchAllCall {
+	c.urlParams_.Set("versions", fmt.Sprint(versions))
+	return c
+}
+
+// Fields allows partial responses to be retrieved. See
+// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
+// for more information.
+func (c *ObjectsWatchAllCall) Fields(s ...googleapi.Field) *ObjectsWatchAllCall {
+	c.urlParams_.Set("fields", googleapi.CombineFields(s))
+	return c
+}
+
+// Context sets the context to be used in this call's Do method. Any
+// pending HTTP request will be aborted if the provided context is
+// canceled.
+func (c *ObjectsWatchAllCall) Context(ctx context.Context) *ObjectsWatchAllCall {
+	c.ctx_ = ctx
+	return c
+}
+
+// Header returns an http.Header that can be modified by the caller to
+// add HTTP headers to the request.
+func (c *ObjectsWatchAllCall) Header() http.Header {
+	if c.header_ == nil {
+		c.header_ = make(http.Header)
+	}
+	return c.header_
+}
+
+func (c *ObjectsWatchAllCall) doRequest(alt string) (*http.Response, error) {
+	reqHeaders := make(http.Header)
+	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
+	for k, v := range c.header_ {
+		reqHeaders[k] = v
+	}
+	reqHeaders.Set("User-Agent", c.s.userAgent())
+	var body io.Reader = nil
+	body, err := googleapi.WithoutDataWrapper.JSONReader(c.channel)
+	if err != nil {
+		return nil, err
+	}
+	reqHeaders.Set("Content-Type", "application/json")
+	c.urlParams_.Set("alt", alt)
+	c.urlParams_.Set("prettyPrint", "false")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "b/{bucket}/o/watch")
+	urls += "?" + c.urlParams_.Encode()
+	req, err := http.NewRequest("POST", urls, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = reqHeaders
+	googleapi.Expand(req.URL, map[string]string{
+		"bucket": c.bucket,
+	})
+	return gensupport.SendRequest(c.ctx_, c.s.client, req)
+}
+
+// Do executes the "storage.objects.watchAll" call.
+// Exactly one of *Channel or error will be non-nil. Any non-2xx status
+// code is an error. Response headers are in either
+// *Channel.ServerResponse.Header or (if a response was returned at all)
+// in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to
+// check whether the returned error was because http.StatusNotModified
+// was returned.
+func (c *ObjectsWatchAllCall) Do(opts ...googleapi.CallOption) (*Channel, error) {
+	gensupport.SetOptions(c.urlParams_, opts...)
+	res, err := c.doRequest("json")
+	if res != nil && res.StatusCode == http.StatusNotModified {
+		if res.Body != nil {
+			res.Body.Close()
+		}
+		return nil, gensupport.WrapError(&googleapi.Error{
+			Code:   res.StatusCode,
+			Header: res.Header,
+		})
+	}
+	if err != nil {
+		return nil, err
+	}
+	defer googleapi.CloseBody(res)
+	if err := googleapi.CheckResponse(res); err != nil {
+		return nil, gensupport.WrapError(err)
+	}
+	ret := &Channel{
+		ServerResponse: googleapi.ServerResponse{
+			Header:         res.Header,
+			HTTPStatusCode: res.StatusCode,
+		},
+	}
+	target := &ret
+	if err := gensupport.DecodeResponse(target, res); err != nil {
+		return nil, err
+	}
+	return ret, nil
+	// {
+	//   "description": "Watch for changes on all objects in a bucket.",
+	//   "httpMethod": "POST",
+	//   "id": "storage.objects.watchAll",
+	//   "parameterOrder": [
+	//     "bucket"
+	//   ],
+	//   "parameters": {
+	//     "bucket": {
+	//       "description": "Name of the bucket in which to look for objects.",
+	//       "location": "path",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "delimiter": {
+	//       "description": "Returns results in a directory-like mode. items will contain only objects whose names, aside from the prefix, do not contain delimiter. Objects whose names, aside from the prefix, contain delimiter will have their name, truncated after the delimiter, returned in prefixes. Duplicate prefixes are omitted.",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "endOffset": {
+	//       "description": "Filter results to objects whose names are lexicographically before endOffset. If startOffset is also set, the objects listed will have names between startOffset (inclusive) and endOffset (exclusive).",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "includeTrailingDelimiter": {
+	//       "description": "If true, objects that end in exactly one instance of delimiter will have their metadata included in items in addition to prefixes.",
+	//       "location": "query",
+	//       "type": "boolean"
+	//     },
+	//     "maxResults": {
+	//       "default": "1000",
+	//       "description": "Maximum number of items plus prefixes to return in a single page of responses. As duplicate prefixes are omitted, fewer total results may be returned than requested. The service will use this parameter or 1,000 items, whichever is smaller.",
+	//       "format": "uint32",
+	//       "location": "query",
+	//       "minimum": "0",
+	//       "type": "integer"
+	//     },
+	//     "pageToken": {
+	//       "description": "A previously-returned page token representing part of the larger set of results to view.",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "prefix": {
+	//       "description": "Filter results to objects whose names begin with this prefix.",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "projection": {
+	//       "description": "Set of properties to return. Defaults to noAcl.",
+	//       "enum": [
+	//         "full",
+	//         "noAcl"
+	//       ],
+	//       "enumDescriptions": [
+	//         "Include all properties.",
+	//         "Omit the owner, acl property."
+	//       ],
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "startOffset": {
+	//       "description": "Filter results to objects whose names are lexicographically equal to or after startOffset. If endOffset is also set, the objects listed will have names between startOffset (inclusive) and endOffset (exclusive).",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "userProject": {
+	//       "description": "The project to be billed for this request. Required for Requester Pays buckets.",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "versions": {
+	//       "description": "If true, lists all versions of an object as distinct results. The default is false. For more information, see Object Versioning.",
+	//       "location": "query",
+	//       "type": "boolean"
+	//     }
+	//   },
+	//   "path": "b/{bucket}/o/watch",
+	//   "request": {
+	//     "$ref": "Channel",
+	//     "parameterName": "resource"
+	//   },
+	//   "response": {
+	//     "$ref": "Channel"
+	//   },
+	//   "scopes": [
+	//     "https://www.googleapis.com/auth/cloud-platform",
+	//     "https://www.googleapis.com/auth/cloud-platform.read-only",
+	//     "https://www.googleapis.com/auth/devstorage.full_control",
+	//     "https://www.googleapis.com/auth/devstorage.read_only",
+	//     "https://www.googleapis.com/auth/devstorage.read_write"
+	//   ],
+	//   "supportsSubscription": true
+	// }
+
+}
+
+// method id "storage.projects.hmacKeys.create":
+
+type ProjectsHmacKeysCreateCall struct {
+	s          *Service
+	projectId  string
+	urlParams_ gensupport.URLParams
+	ctx_       context.Context
+	header_    http.Header
+}
+
+// Create: Creates a new HMAC key for the specified service account.
+//
+// - projectId: Project ID owning the service account.
+// - serviceAccountEmail: Email address of the service account.
+func (r *ProjectsHmacKeysService) Create(projectId string, serviceAccountEmail string) *ProjectsHmacKeysCreateCall {
+	c := &ProjectsHmacKeysCreateCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+	c.projectId = projectId
+	c.urlParams_.Set("serviceAccountEmail", serviceAccountEmail)
+	return c
+}
+
+// UserProject sets the optional parameter "userProject": The project to
+// be billed for this request.
+func (c *ProjectsHmacKeysCreateCall) UserProject(userProject string) *ProjectsHmacKeysCreateCall {
+	c.urlParams_.Set("userProject", userProject)
+	return c
+}
+
+// Fields allows partial responses to be retrieved. See
+// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
+// for more information.
+func (c *ProjectsHmacKeysCreateCall) Fields(s ...googleapi.Field) *ProjectsHmacKeysCreateCall {
+	c.urlParams_.Set("fields", googleapi.CombineFields(s))
+	return c
+}
+
+// Context sets the context to be used in this call's Do method. Any
+// pending HTTP request will be aborted if the provided context is
+// canceled.
+func (c *ProjectsHmacKeysCreateCall) Context(ctx context.Context) *ProjectsHmacKeysCreateCall {
+	c.ctx_ = ctx
+	return c
+}
+
+// Header returns an http.Header that can be modified by the caller to
+// add HTTP headers to the request.
+func (c *ProjectsHmacKeysCreateCall) Header() http.Header {
+	if c.header_ == nil {
+		c.header_ = make(http.Header)
+	}
+	return c.header_
+}
+
+func (c *ProjectsHmacKeysCreateCall) doRequest(alt string) (*http.Response, error) {
+	reqHeaders := make(http.Header)
+	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
+	for k, v := range c.header_ {
+		reqHeaders[k] = v
+	}
+	reqHeaders.Set("User-Agent", c.s.userAgent())
+	var body io.Reader = nil
+	c.urlParams_.Set("alt", alt)
+	c.urlParams_.Set("prettyPrint", "false")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{projectId}/hmacKeys")
+	urls += "?" + c.urlParams_.Encode()
+	req, err := http.NewRequest("POST", urls, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = reqHeaders
+	googleapi.Expand(req.URL, map[string]string{
+		"projectId": c.projectId,
+	})
+	return gensupport.SendRequest(c.ctx_, c.s.client, req)
+}
+
+// Do executes the "storage.projects.hmacKeys.create" call.
+// Exactly one of *HmacKey or error will be non-nil. Any non-2xx status
+// code is an error. Response headers are in either
+// *HmacKey.ServerResponse.Header or (if a response was returned at all)
+// in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to
+// check whether the returned error was because http.StatusNotModified
+// was returned.
+func (c *ProjectsHmacKeysCreateCall) Do(opts ...googleapi.CallOption) (*HmacKey, error) {
+	gensupport.SetOptions(c.urlParams_, opts...)
+	res, err := c.doRequest("json")
+	if res != nil && res.StatusCode == http.StatusNotModified {
+		if res.Body != nil {
+			res.Body.Close()
+		}
+		return nil, gensupport.WrapError(&googleapi.Error{
+			Code:   res.StatusCode,
+			Header: res.Header,
+		})
+	}
+	if err != nil {
+		return nil, err
+	}
+	defer googleapi.CloseBody(res)
+	if err := googleapi.CheckResponse(res); err != nil {
+		return nil, gensupport.WrapError(err)
+	}
+	ret := &HmacKey{
+		ServerResponse: googleapi.ServerResponse{
+			Header:         res.Header,
+			HTTPStatusCode: res.StatusCode,
+		},
+	}
+	target := &ret
+	if err := gensupport.DecodeResponse(target, res); err != nil {
+		return nil, err
+	}
+	return ret, nil
+	// {
+	//   "description": "Creates a new HMAC key for the specified service account.",
+	//   "httpMethod": "POST",
+	//   "id": "storage.projects.hmacKeys.create",
+	//   "parameterOrder": [
+	//     "projectId",
+	//     "serviceAccountEmail"
+	//   ],
+	//   "parameters": {
+	//     "projectId": {
+	//       "description": "Project ID owning the service account.",
+	//       "location": "path",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "serviceAccountEmail": {
+	//       "description": "Email address of the service account.",
+	//       "location": "query",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "userProject": {
+	//       "description": "The project to be billed for this request.",
+	//       "location": "query",
+	//       "type": "string"
+	//     }
+	//   },
+	//   "path": "projects/{projectId}/hmacKeys",
+	//   "response": {
+	//     "$ref": "HmacKey"
+	//   },
+	//   "scopes": [
+	//     "https://www.googleapis.com/auth/cloud-platform",
+	//     "https://www.googleapis.com/auth/devstorage.full_control"
+	//   ]
+	// }
+
+}
+
+// method id "storage.projects.hmacKeys.delete":
+
+type ProjectsHmacKeysDeleteCall struct {
+	s          *Service
+	projectId  string
+	accessId   string
+	urlParams_ gensupport.URLParams
+	ctx_       context.Context
+	header_    http.Header
+}
+
+// Delete: Deletes an HMAC key.
+//
+// - accessId: Name of the HMAC key to be deleted.
+// - projectId: Project ID owning the requested key.
+func (r *ProjectsHmacKeysService) Delete(projectId string, accessId string) *ProjectsHmacKeysDeleteCall {
+	c := &ProjectsHmacKeysDeleteCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+	c.projectId = projectId
+	c.accessId = accessId
+	return c
+}
+
+// UserProject sets the optional parameter "userProject": The project to
+// be billed for this request.
+func (c *ProjectsHmacKeysDeleteCall) UserProject(userProject string) *ProjectsHmacKeysDeleteCall {
+	c.urlParams_.Set("userProject", userProject)
+	return c
+}
+
+// Fields allows partial responses to be retrieved. See
+// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
+// for more information.
+func (c *ProjectsHmacKeysDeleteCall) Fields(s ...googleapi.Field) *ProjectsHmacKeysDeleteCall {
+	c.urlParams_.Set("fields", googleapi.CombineFields(s))
+	return c
+}
+
+// Context sets the context to be used in this call's Do method. Any
+// pending HTTP request will be aborted if the provided context is
+// canceled.
+func (c *ProjectsHmacKeysDeleteCall) Context(ctx context.Context) *ProjectsHmacKeysDeleteCall {
+	c.ctx_ = ctx
+	return c
+}
+
+// Header returns an http.Header that can be modified by the caller to
+// add HTTP headers to the request.
+func (c *ProjectsHmacKeysDeleteCall) Header() http.Header {
+	if c.header_ == nil {
+		c.header_ = make(http.Header)
+	}
+	return c.header_
+}
+
+func (c *ProjectsHmacKeysDeleteCall) doRequest(alt string) (*http.Response, error) {
+	reqHeaders := make(http.Header)
+	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
+	for k, v := range c.header_ {
+		reqHeaders[k] = v
+	}
+	reqHeaders.Set("User-Agent", c.s.userAgent())
+	var body io.Reader = nil
+	c.urlParams_.Set("alt", alt)
+	c.urlParams_.Set("prettyPrint", "false")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{projectId}/hmacKeys/{accessId}")
+	urls += "?" + c.urlParams_.Encode()
+	req, err := http.NewRequest("DELETE", urls, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = reqHeaders
+	googleapi.Expand(req.URL, map[string]string{
+		"projectId": c.projectId,
+		"accessId":  c.accessId,
+	})
+	return gensupport.SendRequest(c.ctx_, c.s.client, req)
+}
+
+// Do executes the "storage.projects.hmacKeys.delete" call.
+func (c *ProjectsHmacKeysDeleteCall) Do(opts ...googleapi.CallOption) error {
+	gensupport.SetOptions(c.urlParams_, opts...)
+	res, err := c.doRequest("json")
+	if err != nil {
+		return err
+	}
+	defer googleapi.CloseBody(res)
+	if err := googleapi.CheckResponse(res); err != nil {
+		return gensupport.WrapError(err)
+	}
+	return nil
+	// {
+	//   "description": "Deletes an HMAC key.",
+	//   "httpMethod": "DELETE",
+	//   "id": "storage.projects.hmacKeys.delete",
+	//   "parameterOrder": [
+	//     "projectId",
+	//     "accessId"
+	//   ],
+	//   "parameters": {
+	//     "accessId": {
+	//       "description": "Name of the HMAC key to be deleted.",
+	//       "location": "path",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "projectId": {
+	//       "description": "Project ID owning the requested key",
+	//       "location": "path",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "userProject": {
+	//       "description": "The project to be billed for this request.",
+	//       "location": "query",
+	//       "type": "string"
+	//     }
+	//   },
+	//   "path": "projects/{projectId}/hmacKeys/{accessId}",
+	//   "scopes": [
+	//     "https://www.googleapis.com/auth/cloud-platform",
+	//     "https://www.googleapis.com/auth/devstorage.full_control",
+	//     "https://www.googleapis.com/auth/devstorage.read_write"
+	//   ]
+	// }
+
+}
+
+// method id "storage.projects.hmacKeys.get":
+
+type ProjectsHmacKeysGetCall struct {
+	s            *Service
+	projectId    string
+	accessId     string
+	urlParams_   gensupport.URLParams
+	ifNoneMatch_ string
+	ctx_         context.Context
+	header_      http.Header
+}
+
+// Get: Retrieves an HMAC key's metadata
+//
+//   - accessId: Name of the HMAC key.
+//   - projectId: Project ID owning the service account of the requested
+//     key.
+func (r *ProjectsHmacKeysService) Get(projectId string, accessId string) *ProjectsHmacKeysGetCall {
+	c := &ProjectsHmacKeysGetCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+	c.projectId = projectId
+	c.accessId = accessId
+	return c
+}
+
+// UserProject sets the optional parameter "userProject": The project to
+// be billed for this request.
+func (c *ProjectsHmacKeysGetCall) UserProject(userProject string) *ProjectsHmacKeysGetCall {
+	c.urlParams_.Set("userProject", userProject)
+	return c
+}
+
+// Fields allows partial responses to be retrieved. See
+// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
+// for more information.
+func (c *ProjectsHmacKeysGetCall) Fields(s ...googleapi.Field) *ProjectsHmacKeysGetCall {
+	c.urlParams_.Set("fields", googleapi.CombineFields(s))
+	return c
+}
+
+// IfNoneMatch sets the optional parameter which makes the operation
+// fail if the object's ETag matches the given value. This is useful for
+// getting updates only after the object has changed since the last
+// request. Use googleapi.IsNotModified to check whether the response
+// error from Do is the result of In-None-Match.
+func (c *ProjectsHmacKeysGetCall) IfNoneMatch(entityTag string) *ProjectsHmacKeysGetCall {
+	c.ifNoneMatch_ = entityTag
+	return c
+}
+
+// Context sets the context to be used in this call's Do method. Any
+// pending HTTP request will be aborted if the provided context is
+// canceled.
+func (c *ProjectsHmacKeysGetCall) Context(ctx context.Context) *ProjectsHmacKeysGetCall {
+	c.ctx_ = ctx
+	return c
+}
+
+// Header returns an http.Header that can be modified by the caller to
+// add HTTP headers to the request.
+func (c *ProjectsHmacKeysGetCall) Header() http.Header {
+	if c.header_ == nil {
+		c.header_ = make(http.Header)
+	}
+	return c.header_
+}
+
+func (c *ProjectsHmacKeysGetCall) doRequest(alt string) (*http.Response, error) {
+	reqHeaders := make(http.Header)
+	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
+	for k, v := range c.header_ {
+		reqHeaders[k] = v
+	}
+	reqHeaders.Set("User-Agent", c.s.userAgent())
+	if c.ifNoneMatch_ != "" {
+		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
+	}
+	var body io.Reader = nil
+	c.urlParams_.Set("alt", alt)
+	c.urlParams_.Set("prettyPrint", "false")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{projectId}/hmacKeys/{accessId}")
+	urls += "?" + c.urlParams_.Encode()
+	req, err := http.NewRequest("GET", urls, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = reqHeaders
+	googleapi.Expand(req.URL, map[string]string{
+		"projectId": c.projectId,
+		"accessId":  c.accessId,
+	})
+	return gensupport.SendRequest(c.ctx_, c.s.client, req)
+}
+
+// Do executes the "storage.projects.hmacKeys.get" call.
+// Exactly one of *HmacKeyMetadata or error will be non-nil. Any non-2xx
+// status code is an error. Response headers are in either
+// *HmacKeyMetadata.ServerResponse.Header or (if a response was returned
+// at all) in error.(*googleapi.Error).Header. Use
+// googleapi.IsNotModified to check whether the returned error was
+// because http.StatusNotModified was returned.
+func (c *ProjectsHmacKeysGetCall) Do(opts ...googleapi.CallOption) (*HmacKeyMetadata, error) {
+	gensupport.SetOptions(c.urlParams_, opts...)
+	res, err := c.doRequest("json")
+	if res != nil && res.StatusCode == http.StatusNotModified {
+		if res.Body != nil {
+			res.Body.Close()
+		}
+		return nil, gensupport.WrapError(&googleapi.Error{
+			Code:   res.StatusCode,
+			Header: res.Header,
+		})
+	}
+	if err != nil {
+		return nil, err
+	}
+	defer googleapi.CloseBody(res)
+	if err := googleapi.CheckResponse(res); err != nil {
+		return nil, gensupport.WrapError(err)
+	}
+	ret := &HmacKeyMetadata{
+		ServerResponse: googleapi.ServerResponse{
+			Header:         res.Header,
+			HTTPStatusCode: res.StatusCode,
+		},
+	}
+	target := &ret
+	if err := gensupport.DecodeResponse(target, res); err != nil {
+		return nil, err
+	}
+	return ret, nil
+	// {
+	//   "description": "Retrieves an HMAC key's metadata",
+	//   "httpMethod": "GET",
+	//   "id": "storage.projects.hmacKeys.get",
+	//   "parameterOrder": [
+	//     "projectId",
+	//     "accessId"
+	//   ],
+	//   "parameters": {
+	//     "accessId": {
+	//       "description": "Name of the HMAC key.",
+	//       "location": "path",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "projectId": {
+	//       "description": "Project ID owning the service account of the requested key.",
+	//       "location": "path",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "userProject": {
+	//       "description": "The project to be billed for this request.",
+	//       "location": "query",
+	//       "type": "string"
+	//     }
+	//   },
+	//   "path": "projects/{projectId}/hmacKeys/{accessId}",
+	//   "response": {
+	//     "$ref": "HmacKeyMetadata"
+	//   },
+	//   "scopes": [
+	//     "https://www.googleapis.com/auth/cloud-platform",
+	//     "https://www.googleapis.com/auth/cloud-platform.read-only",
+	//     "https://www.googleapis.com/auth/devstorage.full_control",
+	//     "https://www.googleapis.com/auth/devstorage.read_only"
+	//   ]
+	// }
+
+}
+
+// method id "storage.projects.hmacKeys.list":
+
+type ProjectsHmacKeysListCall struct {
+	s            *Service
+	projectId    string
+	urlParams_   gensupport.URLParams
+	ifNoneMatch_ string
+	ctx_         context.Context
+	header_      http.Header
+}
+
+// List: Retrieves a list of HMAC keys matching the criteria.
+//
+// - projectId: Name of the project in which to look for HMAC keys.
+func (r *ProjectsHmacKeysService) List(projectId string) *ProjectsHmacKeysListCall {
+	c := &ProjectsHmacKeysListCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+	c.projectId = projectId
+	return c
+}
+
+// MaxResults sets the optional parameter "maxResults": Maximum number
+// of items to return in a single page of responses. The service uses
+// this parameter or 250 items, whichever is smaller. The max number of
+// items per page will also be limited by the number of distinct service
+// accounts in the response. If the number of service accounts in a
+// single response is too high, the page will truncated and a next page
+// token will be returned.
+func (c *ProjectsHmacKeysListCall) MaxResults(maxResults int64) *ProjectsHmacKeysListCall {
+	c.urlParams_.Set("maxResults", fmt.Sprint(maxResults))
+	return c
+}
+
+// PageToken sets the optional parameter "pageToken": A
+// previously-returned page token representing part of the larger set of
+// results to view.
+func (c *ProjectsHmacKeysListCall) PageToken(pageToken string) *ProjectsHmacKeysListCall {
+	c.urlParams_.Set("pageToken", pageToken)
+	return c
+}
+
+// ServiceAccountEmail sets the optional parameter
+// "serviceAccountEmail": If present, only keys for the given service
+// account are returned.
+func (c *ProjectsHmacKeysListCall) ServiceAccountEmail(serviceAccountEmail string) *ProjectsHmacKeysListCall {
+	c.urlParams_.Set("serviceAccountEmail", serviceAccountEmail)
+	return c
+}
+
+// ShowDeletedKeys sets the optional parameter "showDeletedKeys":
+// Whether or not to show keys in the DELETED state.
+func (c *ProjectsHmacKeysListCall) ShowDeletedKeys(showDeletedKeys bool) *ProjectsHmacKeysListCall {
+	c.urlParams_.Set("showDeletedKeys", fmt.Sprint(showDeletedKeys))
+	return c
+}
+
+// UserProject sets the optional parameter "userProject": The project to
+// be billed for this request.
+func (c *ProjectsHmacKeysListCall) UserProject(userProject string) *ProjectsHmacKeysListCall {
+	c.urlParams_.Set("userProject", userProject)
+	return c
+}
+
+// Fields allows partial responses to be retrieved. See
+// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
+// for more information.
+func (c *ProjectsHmacKeysListCall) Fields(s ...googleapi.Field) *ProjectsHmacKeysListCall {
+	c.urlParams_.Set("fields", googleapi.CombineFields(s))
+	return c
+}
+
+// IfNoneMatch sets the optional parameter which makes the operation
+// fail if the object's ETag matches the given value. This is useful for
+// getting updates only after the object has changed since the last
+// request. Use googleapi.IsNotModified to check whether the response
+// error from Do is the result of In-None-Match.
+func (c *ProjectsHmacKeysListCall) IfNoneMatch(entityTag string) *ProjectsHmacKeysListCall {
+	c.ifNoneMatch_ = entityTag
+	return c
+}
+
+// Context sets the context to be used in this call's Do method. Any
+// pending HTTP request will be aborted if the provided context is
+// canceled.
+func (c *ProjectsHmacKeysListCall) Context(ctx context.Context) *ProjectsHmacKeysListCall {
+	c.ctx_ = ctx
+	return c
+}
+
+// Header returns an http.Header that can be modified by the caller to
+// add HTTP headers to the request.
+func (c *ProjectsHmacKeysListCall) Header() http.Header {
+	if c.header_ == nil {
+		c.header_ = make(http.Header)
+	}
+	return c.header_
+}
+
+func (c *ProjectsHmacKeysListCall) doRequest(alt string) (*http.Response, error) {
+	reqHeaders := make(http.Header)
+	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
+	for k, v := range c.header_ {
+		reqHeaders[k] = v
+	}
+	reqHeaders.Set("User-Agent", c.s.userAgent())
+	if c.ifNoneMatch_ != "" {
+		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
+	}
+	var body io.Reader = nil
+	c.urlParams_.Set("alt", alt)
+	c.urlParams_.Set("prettyPrint", "false")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{projectId}/hmacKeys")
+	urls += "?" + c.urlParams_.Encode()
+	req, err := http.NewRequest("GET", urls, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = reqHeaders
+	googleapi.Expand(req.URL, map[string]string{
+		"projectId": c.projectId,
+	})
+	return gensupport.SendRequest(c.ctx_, c.s.client, req)
+}
+
+// Do executes the "storage.projects.hmacKeys.list" call.
+// Exactly one of *HmacKeysMetadata or error will be non-nil. Any
+// non-2xx status code is an error. Response headers are in either
+// *HmacKeysMetadata.ServerResponse.Header or (if a response was
+// returned at all) in error.(*googleapi.Error).Header. Use
+// googleapi.IsNotModified to check whether the returned error was
+// because http.StatusNotModified was returned.
+func (c *ProjectsHmacKeysListCall) Do(opts ...googleapi.CallOption) (*HmacKeysMetadata, error) {
+	gensupport.SetOptions(c.urlParams_, opts...)
+	res, err := c.doRequest("json")
+	if res != nil && res.StatusCode == http.StatusNotModified {
+		if res.Body != nil {
+			res.Body.Close()
+		}
+		return nil, gensupport.WrapError(&googleapi.Error{
+			Code:   res.StatusCode,
+			Header: res.Header,
+		})
+	}
+	if err != nil {
+		return nil, err
+	}
+	defer googleapi.CloseBody(res)
+	if err := googleapi.CheckResponse(res); err != nil {
+		return nil, gensupport.WrapError(err)
+	}
+	ret := &HmacKeysMetadata{
+		ServerResponse: googleapi.ServerResponse{
+			Header:         res.Header,
+			HTTPStatusCode: res.StatusCode,
+		},
+	}
+	target := &ret
+	if err := gensupport.DecodeResponse(target, res); err != nil {
+		return nil, err
+	}
+	return ret, nil
+	// {
+	//   "description": "Retrieves a list of HMAC keys matching the criteria.",
+	//   "httpMethod": "GET",
+	//   "id": "storage.projects.hmacKeys.list",
+	//   "parameterOrder": [
+	//     "projectId"
+	//   ],
+	//   "parameters": {
+	//     "maxResults": {
+	//       "default": "250",
+	//       "description": "Maximum number of items to return in a single page of responses. The service uses this parameter or 250 items, whichever is smaller. The max number of items per page will also be limited by the number of distinct service accounts in the response. If the number of service accounts in a single response is too high, the page will truncated and a next page token will be returned.",
+	//       "format": "uint32",
+	//       "location": "query",
+	//       "minimum": "0",
+	//       "type": "integer"
+	//     },
+	//     "pageToken": {
+	//       "description": "A previously-returned page token representing part of the larger set of results to view.",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "projectId": {
+	//       "description": "Name of the project in which to look for HMAC keys.",
+	//       "location": "path",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "serviceAccountEmail": {
+	//       "description": "If present, only keys for the given service account are returned.",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "showDeletedKeys": {
+	//       "description": "Whether or not to show keys in the DELETED state.",
+	//       "location": "query",
+	//       "type": "boolean"
+	//     },
+	//     "userProject": {
+	//       "description": "The project to be billed for this request.",
+	//       "location": "query",
+	//       "type": "string"
+	//     }
+	//   },
+	//   "path": "projects/{projectId}/hmacKeys",
+	//   "response": {
+	//     "$ref": "HmacKeysMetadata"
+	//   },
+	//   "scopes": [
+	//     "https://www.googleapis.com/auth/cloud-platform",
+	//     "https://www.googleapis.com/auth/cloud-platform.read-only",
+	//     "https://www.googleapis.com/auth/devstorage.full_control",
+	//     "https://www.googleapis.com/auth/devstorage.read_only"
+	//   ]
+	// }
+
+}
+
+// Pages invokes f for each page of results.
+// A non-nil error returned from f will halt the iteration.
+// The provided context supersedes any context provided to the Context method.
+func (c *ProjectsHmacKeysListCall) Pages(ctx context.Context, f func(*HmacKeysMetadata) error) error {
+	c.ctx_ = ctx
+	defer c.PageToken(c.urlParams_.Get("pageToken")) // reset paging to original point
+	for {
+		x, err := c.Do()
+		if err != nil {
+			return err
+		}
+		if err := f(x); err != nil {
+			return err
+		}
+		if x.NextPageToken == "" {
+			return nil
+		}
+		c.PageToken(x.NextPageToken)
+	}
+}
+
+// method id "storage.projects.hmacKeys.update":
+
+type ProjectsHmacKeysUpdateCall struct {
+	s               *Service
+	projectId       string
+	accessId        string
+	hmackeymetadata *HmacKeyMetadata
+	urlParams_      gensupport.URLParams
+	ctx_            context.Context
+	header_         http.Header
+}
+
+// Update: Updates the state of an HMAC key. See the HMAC Key resource
+// descriptor for valid states.
+//
+//   - accessId: Name of the HMAC key being updated.
+//   - projectId: Project ID owning the service account of the updated
+//     key.
+func (r *ProjectsHmacKeysService) Update(projectId string, accessId string, hmackeymetadata *HmacKeyMetadata) *ProjectsHmacKeysUpdateCall {
+	c := &ProjectsHmacKeysUpdateCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+	c.projectId = projectId
+	c.accessId = accessId
+	c.hmackeymetadata = hmackeymetadata
+	return c
+}
+
+// UserProject sets the optional parameter "userProject": The project to
+// be billed for this request.
+func (c *ProjectsHmacKeysUpdateCall) UserProject(userProject string) *ProjectsHmacKeysUpdateCall {
+	c.urlParams_.Set("userProject", userProject)
+	return c
+}
+
+// Fields allows partial responses to be retrieved. See
+// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
+// for more information.
+func (c *ProjectsHmacKeysUpdateCall) Fields(s ...googleapi.Field) *ProjectsHmacKeysUpdateCall {
+	c.urlParams_.Set("fields", googleapi.CombineFields(s))
+	return c
+}
+
+// Context sets the context to be used in this call's Do method. Any
+// pending HTTP request will be aborted if the provided context is
+// canceled.
+func (c *ProjectsHmacKeysUpdateCall) Context(ctx context.Context) *ProjectsHmacKeysUpdateCall {
+	c.ctx_ = ctx
+	return c
+}
+
+// Header returns an http.Header that can be modified by the caller to
+// add HTTP headers to the request.
+func (c *ProjectsHmacKeysUpdateCall) Header() http.Header {
+	if c.header_ == nil {
+		c.header_ = make(http.Header)
+	}
+	return c.header_
+}
+
+func (c *ProjectsHmacKeysUpdateCall) doRequest(alt string) (*http.Response, error) {
+	reqHeaders := make(http.Header)
+	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
+	for k, v := range c.header_ {
+		reqHeaders[k] = v
+	}
+	reqHeaders.Set("User-Agent", c.s.userAgent())
+	var body io.Reader = nil
+	body, err := googleapi.WithoutDataWrapper.JSONReader(c.hmackeymetadata)
+	if err != nil {
+		return nil, err
+	}
+	reqHeaders.Set("Content-Type", "application/json")
+	c.urlParams_.Set("alt", alt)
+	c.urlParams_.Set("prettyPrint", "false")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{projectId}/hmacKeys/{accessId}")
+	urls += "?" + c.urlParams_.Encode()
+	req, err := http.NewRequest("PUT", urls, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = reqHeaders
+	googleapi.Expand(req.URL, map[string]string{
+		"projectId": c.projectId,
+		"accessId":  c.accessId,
+	})
+	return gensupport.SendRequest(c.ctx_, c.s.client, req)
+}
+
+// Do executes the "storage.projects.hmacKeys.update" call.
+// Exactly one of *HmacKeyMetadata or error will be non-nil. Any non-2xx
+// status code is an error. Response headers are in either
+// *HmacKeyMetadata.ServerResponse.Header or (if a response was returned
+// at all) in error.(*googleapi.Error).Header. Use
+// googleapi.IsNotModified to check whether the returned error was
+// because http.StatusNotModified was returned.
+func (c *ProjectsHmacKeysUpdateCall) Do(opts ...googleapi.CallOption) (*HmacKeyMetadata, error) {
+	gensupport.SetOptions(c.urlParams_, opts...)
+	res, err := c.doRequest("json")
+	if res != nil && res.StatusCode == http.StatusNotModified {
+		if res.Body != nil {
+			res.Body.Close()
+		}
+		return nil, gensupport.WrapError(&googleapi.Error{
+			Code:   res.StatusCode,
+			Header: res.Header,
+		})
+	}
+	if err != nil {
+		return nil, err
+	}
+	defer googleapi.CloseBody(res)
+	if err := googleapi.CheckResponse(res); err != nil {
+		return nil, gensupport.WrapError(err)
+	}
+	ret := &HmacKeyMetadata{
+		ServerResponse: googleapi.ServerResponse{
+			Header:         res.Header,
+			HTTPStatusCode: res.StatusCode,
+		},
+	}
+	target := &ret
+	if err := gensupport.DecodeResponse(target, res); err != nil {
+		return nil, err
+	}
+	return ret, nil
+	// {
+	//   "description": "Updates the state of an HMAC key. See the HMAC Key resource descriptor for valid states.",
+	//   "httpMethod": "PUT",
+	//   "id": "storage.projects.hmacKeys.update",
+	//   "parameterOrder": [
+	//     "projectId",
+	//     "accessId"
+	//   ],
+	//   "parameters": {
+	//     "accessId": {
+	//       "description": "Name of the HMAC key being updated.",
+	//       "location": "path",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "projectId": {
+	//       "description": "Project ID owning the service account of the updated key.",
+	//       "location": "path",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "userProject": {
+	//       "description": "The project to be billed for this request.",
+	//       "location": "query",
+	//       "type": "string"
+	//     }
+	//   },
+	//   "path": "projects/{projectId}/hmacKeys/{accessId}",
+	//   "request": {
+	//     "$ref": "HmacKeyMetadata"
+	//   },
+	//   "response": {
+	//     "$ref": "HmacKeyMetadata"
+	//   },
+	//   "scopes": [
+	//     "https://www.googleapis.com/auth/cloud-platform",
+	//     "https://www.googleapis.com/auth/devstorage.full_control"
+	//   ]
+	// }
+
+}
+
+// method id "storage.projects.serviceAccount.get":
+
+type ProjectsServiceAccountGetCall struct {
+	s            *Service
+	projectId    string
+	urlParams_   gensupport.URLParams
+	ifNoneMatch_ string
+	ctx_         context.Context
+	header_      http.Header
+}
+
+// Get: Get the email address of this project's Google Cloud Storage
+// service account.
+//
+// - projectId: Project ID.
+func (r *ProjectsServiceAccountService) Get(projectId string) *ProjectsServiceAccountGetCall {
+	c := &ProjectsServiceAccountGetCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+	c.projectId = projectId
+	return c
+}
+
+// UserProject sets the optional parameter "userProject": The project to
+// be billed for this request.
+func (c *ProjectsServiceAccountGetCall) UserProject(userProject string) *ProjectsServiceAccountGetCall {
+	c.urlParams_.Set("userProject", userProject)
+	return c
+}
+
+// Fields allows partial responses to be retrieved. See
+// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
+// for more information.
+func (c *ProjectsServiceAccountGetCall) Fields(s ...googleapi.Field) *ProjectsServiceAccountGetCall {
+	c.urlParams_.Set("fields", googleapi.CombineFields(s))
+	return c
+}
+
+// IfNoneMatch sets the optional parameter which makes the operation
+// fail if the object's ETag matches the given value. This is useful for
+// getting updates only after the object has changed since the last
+// request. Use googleapi.IsNotModified to check whether the response
+// error from Do is the result of In-None-Match.
+func (c *ProjectsServiceAccountGetCall) IfNoneMatch(entityTag string) *ProjectsServiceAccountGetCall {
+	c.ifNoneMatch_ = entityTag
+	return c
+}
+
+// Context sets the context to be used in this call's Do method. Any
+// pending HTTP request will be aborted if the provided context is
+// canceled.
+func (c *ProjectsServiceAccountGetCall) Context(ctx context.Context) *ProjectsServiceAccountGetCall {
+	c.ctx_ = ctx
+	return c
+}
+
+// Header returns an http.Header that can be modified by the caller to
+// add HTTP headers to the request.
+func (c *ProjectsServiceAccountGetCall) Header() http.Header {
+	if c.header_ == nil {
+		c.header_ = make(http.Header)
+	}
+	return c.header_
+}
+
+func (c *ProjectsServiceAccountGetCall) doRequest(alt string) (*http.Response, error) {
+	reqHeaders := make(http.Header)
+	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
+	for k, v := range c.header_ {
+		reqHeaders[k] = v
+	}
+	reqHeaders.Set("User-Agent", c.s.userAgent())
+	if c.ifNoneMatch_ != "" {
+		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
+	}
+	var body io.Reader = nil
+	c.urlParams_.Set("alt", alt)
+	c.urlParams_.Set("prettyPrint", "false")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{projectId}/serviceAccount")
+	urls += "?" + c.urlParams_.Encode()
+	req, err := http.NewRequest("GET", urls, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = reqHeaders
+	googleapi.Expand(req.URL, map[string]string{
+		"projectId": c.projectId,
+	})
+	return gensupport.SendRequest(c.ctx_, c.s.client, req)
+}
+
+// Do executes the "storage.projects.serviceAccount.get" call.
+// Exactly one of *ServiceAccount or error will be non-nil. Any non-2xx
+// status code is an error. Response headers are in either
+// *ServiceAccount.ServerResponse.Header or (if a response was returned
+// at all) in error.(*googleapi.Error).Header. Use
+// googleapi.IsNotModified to check whether the returned error was
+// because http.StatusNotModified was returned.
+func (c *ProjectsServiceAccountGetCall) Do(opts ...googleapi.CallOption) (*ServiceAccount, error) {
+	gensupport.SetOptions(c.urlParams_, opts...)
+	res, err := c.doRequest("json")
+	if res != nil && res.StatusCode == http.StatusNotModified {
+		if res.Body != nil {
+			res.Body.Close()
+		}
+		return nil, gensupport.WrapError(&googleapi.Error{
+			Code:   res.StatusCode,
+			Header: res.Header,
+		})
+	}
+	if err != nil {
+		return nil, err
+	}
+	defer googleapi.CloseBody(res)
+	if err := googleapi.CheckResponse(res); err != nil {
+		return nil, gensupport.WrapError(err)
+	}
+	ret := &ServiceAccount{
+		ServerResponse: googleapi.ServerResponse{
+			Header:         res.Header,
+			HTTPStatusCode: res.StatusCode,
+		},
+	}
+	target := &ret
+	if err := gensupport.DecodeResponse(target, res); err != nil {
+		return nil, err
+	}
+	return ret, nil
+	// {
+	//   "description": "Get the email address of this project's Google Cloud Storage service account.",
+	//   "httpMethod": "GET",
+	//   "id": "storage.projects.serviceAccount.get",
+	//   "parameterOrder": [
+	//     "projectId"
+	//   ],
+	//   "parameters": {
+	//     "projectId": {
+	//       "description": "Project ID",
+	//       "location": "path",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "userProject": {
+	//       "description": "The project to be billed for this request.",
+	//       "location": "query",
+	//       "type": "string"
+	//     }
+	//   },
+	//   "path": "projects/{projectId}/serviceAccount",
+	//   "response": {
+	//     "$ref": "ServiceAccount"
+	//   },
+	//   "scopes": [
+	//     "https://www.googleapis.com/auth/cloud-platform",
+	//     "https://www.googleapis.com/auth/cloud-platform.read-only",
+	//     "https://www.googleapis.com/auth/devstorage.full_control",
+	//     "https://www.googleapis.com/auth/devstorage.read_only",
+	//     "https://www.googleapis.com/auth/devstorage.read_write"
+	//   ]
+	// }
+
+}
diff --git a/vendor/google.golang.org/cloud/.travis.yml b/vendor/google.golang.org/cloud/.travis.yml
new file mode 100644
index 000000000..c037df0de
--- /dev/null
+++ b/vendor/google.golang.org/cloud/.travis.yml
@@ -0,0 +1,11 @@
+sudo: false
+language: go
+go:
+- 1.4
+- 1.5
+install:
+- go get -v google.golang.org/cloud/...
+script:
+- openssl aes-256-cbc -K $encrypted_912ff8fa81ad_key -iv $encrypted_912ff8fa81ad_iv -in key.json.enc -out key.json -d
+- GCLOUD_TESTS_GOLANG_PROJECT_ID="dulcet-port-762" GCLOUD_TESTS_GOLANG_KEY="$(pwd)/key.json"
+  go test -v -tags=integration google.golang.org/cloud/...
diff --git a/vendor/google.golang.org/cloud/AUTHORS b/vendor/google.golang.org/cloud/AUTHORS
new file mode 100644
index 000000000..3da443dc9
--- /dev/null
+++ b/vendor/google.golang.org/cloud/AUTHORS
@@ -0,0 +1,12 @@
+# This is the official list of cloud authors for copyright purposes.
+# This file is distinct from the CONTRIBUTORS files.
+# See the latter for an explanation.
+
+# Names should be added to this file as:
+# Name or Organization <email address>
+# The email address is not required for organizations.
+
+Google Inc.
+Palm Stone Games, Inc.
+Péter Szilágyi <peterke@gmail.com>
+Tyler Treat <ttreat31@gmail.com>
diff --git a/vendor/google.golang.org/cloud/CONTRIBUTING.md b/vendor/google.golang.org/cloud/CONTRIBUTING.md
new file mode 100644
index 000000000..9a1cab287
--- /dev/null
+++ b/vendor/google.golang.org/cloud/CONTRIBUTING.md
@@ -0,0 +1,114 @@
+# Contributing
+
+1. Sign one of the contributor license agreements below.
+1. `go get golang.org/x/review/git-codereview` to install the code reviewing tool.
+1. Get the cloud package by running `go get -d google.golang.org/cloud`.
+    1. If you have already checked out the source, make sure that the remote git
+       origin is https://code.googlesource.com/gocloud:
+
+            git remote set-url origin https://code.googlesource.com/gocloud
+1. Make changes and create a change by running `git codereview change <name>`,
+provide a command message, and use `git codereview mail` to create a Gerrit CL.
+1. Keep amending to the change and mail as your recieve feedback.
+
+## Integration Tests
+
+Additional to the unit tests, you may run the integration test suite.
+
+To run the integrations tests, creating and configuration of a project in the
+Google Developers Console is required. Once you create a project, set the
+following environment variables to be able to run the against the actual APIs.
+
+- **GCLOUD_TESTS_GOLANG_PROJECT_ID**: Developers Console project's ID (e.g. bamboo-shift-455)
+- **GCLOUD_TESTS_GOLANG_KEY**: The path to the JSON key file.
+
+Create a storage bucket with the same name as the project id set in **GCLOUD_TESTS_GOLANG_PROJECT_ID**.
+The storage integration test will create and delete some objects in this bucket.
+
+Install the [gcloud command-line tool][gcloudcli] to your machine and use it
+to create the indexes used in the datastore integration tests with indexes
+found in `datastore/testdata/index.yaml`:
+
+From the project's root directory:
+
+``` sh
+# Install the app component
+$ gcloud components update app
+
+# Set the default project in your env
+$ gcloud config set project $GCLOUD_TESTS_GOLANG_PROJECT_ID
+
+# Authenticate the gcloud tool with your account
+$ gcloud auth login
+
+# Create the indexes
+$ gcloud preview datastore create-indexes datastore/testdata/index.yaml
+
+```
+
+You can run the integration tests by running:
+
+``` sh
+$ go test -v -tags=integration google.golang.org/cloud/...
+```
+
+## Contributor License Agreements
+
+Before we can accept your pull requests you'll need to sign a Contributor
+License Agreement (CLA):
+
+- **If you are an individual writing original source code** and **you own the
+- intellectual property**, then you'll need to sign an [individual CLA][indvcla].
+- **If you work for a company that wants to allow you to contribute your work**,
+then you'll need to sign a [corporate CLA][corpcla].
+
+You can sign these electronically (just scroll to the bottom). After that,
+we'll be able to accept your pull requests.
+
+## Contributor Code of Conduct
+
+As contributors and maintainers of this project,
+and in the interest of fostering an open and welcoming community,
+we pledge to respect all people who contribute through reporting issues,
+posting feature requests, updating documentation,
+submitting pull requests or patches, and other activities.
+
+We are committed to making participation in this project
+a harassment-free experience for everyone,
+regardless of level of experience, gender, gender identity and expression,
+sexual orientation, disability, personal appearance,
+body size, race, ethnicity, age, religion, or nationality.
+
+Examples of unacceptable behavior by participants include:
+
+* The use of sexualized language or imagery
+* Personal attacks
+* Trolling or insulting/derogatory comments
+* Public or private harassment
+* Publishing other's private information,
+such as physical or electronic
+addresses, without explicit permission
+* Other unethical or unprofessional conduct.
+
+Project maintainers have the right and responsibility to remove, edit, or reject
+comments, commits, code, wiki edits, issues, and other contributions
+that are not aligned to this Code of Conduct.
+By adopting this Code of Conduct,
+project maintainers commit themselves to fairly and consistently
+applying these principles to every aspect of managing this project.
+Project maintainers who do not follow or enforce the Code of Conduct
+may be permanently removed from the project team.
+
+This code of conduct applies both within project spaces and in public spaces
+when an individual is representing the project or its community.
+
+Instances of abusive, harassing, or otherwise unacceptable behavior
+may be reported by opening an issue
+or contacting one or more of the project maintainers.
+
+This Code of Conduct is adapted from the [Contributor Covenant](http://contributor-covenant.org), version 1.2.0,
+available at [http://contributor-covenant.org/version/1/2/0/](http://contributor-covenant.org/version/1/2/0/)
+
+[gcloudcli]: https://developers.google.com/cloud/sdk/gcloud/
+[indvcla]: https://developers.google.com/open-source/cla/individual
+[corpcla]: https://developers.google.com/open-source/cla/corporate
diff --git a/vendor/google.golang.org/cloud/CONTRIBUTORS b/vendor/google.golang.org/cloud/CONTRIBUTORS
new file mode 100644
index 000000000..475ac6a66
--- /dev/null
+++ b/vendor/google.golang.org/cloud/CONTRIBUTORS
@@ -0,0 +1,24 @@
+# People who have agreed to one of the CLAs and can contribute patches.
+# The AUTHORS file lists the copyright holders; this file
+# lists people.  For example, Google employees are listed here
+# but not in AUTHORS, because Google holds the copyright.
+#
+# https://developers.google.com/open-source/cla/individual
+# https://developers.google.com/open-source/cla/corporate
+#
+# Names should be added to this file as:
+#     Name <email address>
+
+# Keep the list alphabetically sorted.
+
+Andrew Gerrand <adg@golang.org>
+Brad Fitzpatrick <bradfitz@golang.org>
+Burcu Dogan <jbd@google.com>
+Dave Day <djd@golang.org>
+David Symonds <dsymonds@golang.org>
+Glenn Lewis <gmlewis@google.com>
+Johan Euphrosine <proppy@google.com>
+Luna Duclos <luna.duclos@palmstonegames.com>
+Michael McGreevy <mcgreevy@golang.org>
+Péter Szilágyi <peterke@gmail.com>
+Tyler Treat <ttreat31@gmail.com>
diff --git a/vendor/google.golang.org/cloud/LICENSE b/vendor/google.golang.org/cloud/LICENSE
new file mode 100644
index 000000000..a4c5efd82
--- /dev/null
+++ b/vendor/google.golang.org/cloud/LICENSE
@@ -0,0 +1,202 @@
+
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright 2014 Google Inc.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
diff --git a/vendor/google.golang.org/cloud/README.md b/vendor/google.golang.org/cloud/README.md
new file mode 100644
index 000000000..10d3995d5
--- /dev/null
+++ b/vendor/google.golang.org/cloud/README.md
@@ -0,0 +1,135 @@
+# Google Cloud for Go
+
+[![Build Status](https://travis-ci.org/GoogleCloudPlatform/gcloud-golang.svg?branch=master)](https://travis-ci.org/GoogleCloudPlatform/gcloud-golang)
+
+**NOTE:** These packages are experimental, and may occasionally make
+backwards-incompatible changes.
+
+**NOTE:** Github repo is a mirror of [https://code.googlesource.com/gocloud](https://code.googlesource.com/gocloud).
+
+Go packages for Google Cloud Platform services. Supported APIs include:
+
+ * Google Cloud Datastore
+ * Google Cloud Storage
+ * Google Cloud Pub/Sub
+ * Google Cloud Container Engine
+
+``` go
+import "google.golang.org/cloud"
+```
+
+Documentation and examples are available at
+[https://godoc.org/google.golang.org/cloud](https://godoc.org/google.golang.org/cloud).
+
+## Authorization
+
+Authorization, throughout the package, is delegated to the godoc.org/golang.org/x/oauth2.
+Refer to the [godoc documentation](https://godoc.org/golang.org/x/oauth2)
+for examples on using oauth2 with the Cloud package.
+
+## Google Cloud Datastore
+
+[Google Cloud Datastore][cloud-datastore] ([docs][cloud-datastore-docs]) is a fully
+managed, schemaless database for storing non-relational data. Cloud Datastore
+automatically scales with your users and supports ACID transactions, high availability
+of reads and writes, strong consistency for reads and ancestor queries, and eventual
+consistency for all other queries.
+
+Follow the [activation instructions][cloud-datastore-activation] to use the Google
+Cloud Datastore API with your project.
+
+[https://godoc.org/google.golang.org/cloud/datastore](https://godoc.org/google.golang.org/cloud/datastore)
+
+
+```go
+type Post struct {
+	Title       string
+	Body        string `datastore:",noindex"`
+	PublishedAt time.Time
+}
+keys := []*datastore.Key{
+	datastore.NewKey(ctx, "Post", "post1", 0, nil),
+	datastore.NewKey(ctx, "Post", "post2", 0, nil),
+}
+posts := []*Post{
+	{Title: "Post 1", Body: "...", PublishedAt: time.Now()},
+	{Title: "Post 2", Body: "...", PublishedAt: time.Now()},
+}
+if _, err := datastore.PutMulti(ctx, keys, posts); err != nil {
+	log.Println(err)
+}
+```
+
+## Google Cloud Storage
+
+[Google Cloud Storage][cloud-storage] ([docs][cloud-storage-docs]) allows you to store
+data on Google infrastructure with very high reliability, performance and availability,
+and can be used to distribute large data objects to users via direct download.
+
+[https://godoc.org/google.golang.org/cloud/storage](https://godoc.org/google.golang.org/cloud/storage)
+
+
+```go
+// Read the object1 from bucket.
+rc, err := storage.NewReader(ctx, "bucket", "object1")
+if err != nil {
+	log.Fatal(err)
+}
+slurp, err := ioutil.ReadAll(rc)
+rc.Close()
+if err != nil {
+	log.Fatal(err)
+}
+```
+
+## Google Cloud Pub/Sub (Alpha)
+
+> Google Cloud Pub/Sub is in **Alpha status**. As a result, it might change in
+> backward-incompatible ways and is not recommended for production use. It is not
+> subject to any SLA or deprecation policy.
+
+[Google Cloud Pub/Sub][cloud-pubsub] ([docs][cloud-pubsub-docs]) allows you to connect
+your services with reliable, many-to-many, asynchronous messaging hosted on Google's
+infrastructure. Cloud Pub/Sub automatically scales as you need it and provides a foundation
+for building your own robust, global services.
+
+[https://godoc.org/google.golang.org/cloud/pubsub](https://godoc.org/google.golang.org/cloud/pubsub)
+
+
+```go
+// Publish "hello world" on topic1.
+msgIDs, err := pubsub.Publish(ctx, "topic1", &pubsub.Message{
+	Data: []byte("hello world"),
+})
+if err != nil {
+	log.Println(err)
+}
+// Pull messages via subscription1.
+msgs, err := pubsub.Pull(ctx, "subscription1", 1)
+if err != nil {
+	log.Println(err)
+}
+```
+
+## Contributing
+
+Contributions are welcome. Please, see the
+[CONTRIBUTING](https://github.com/GoogleCloudPlatform/gcloud-golang/blob/master/CONTRIBUTING.md)
+document for details. We're using Gerrit for our code reviews. Please don't open pull
+requests against this repo, new pull requests will be automatically closed.
+
+Please note that this project is released with a Contributor Code of Conduct.
+By participating in this project you agree to abide by its terms.
+See [Contributor Code of Conduct](https://github.com/GoogleCloudPlatform/gcloud-golang/blob/master/CONTRIBUTING.md#contributor-code-of-conduct)
+for more information.
+
+[cloud-datastore]: https://cloud.google.com/datastore/
+[cloud-datastore-docs]: https://cloud.google.com/datastore/docs
+[cloud-datastore-activation]: https://cloud.google.com/datastore/docs/activate
+
+[cloud-pubsub]: https://cloud.google.com/pubsub/
+[cloud-pubsub-docs]: https://cloud.google.com/pubsub/docs
+
+[cloud-storage]: https://cloud.google.com/storage/
+[cloud-storage-docs]: https://cloud.google.com/storage/docs/overview
+[cloud-storage-create-bucket]: https://cloud.google.com/storage/docs/cloud-console#_creatingbuckets
diff --git a/vendor/google.golang.org/cloud/cloud.go b/vendor/google.golang.org/cloud/cloud.go
new file mode 100644
index 000000000..96d36baf2
--- /dev/null
+++ b/vendor/google.golang.org/cloud/cloud.go
@@ -0,0 +1,49 @@
+// Copyright 2014 Google Inc. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Package cloud contains Google Cloud Platform APIs related types
+// and common functions.
+package cloud // import "google.golang.org/cloud"
+
+import (
+	"net/http"
+
+	"golang.org/x/net/context"
+	"google.golang.org/cloud/internal"
+)
+
+// NewContext returns a new context that uses the provided http.Client.
+// Provided http.Client is responsible to authorize and authenticate
+// the requests made to the Google Cloud APIs.
+// It mutates the client's original Transport to append the cloud
+// package's user-agent to the outgoing requests.
+// You can obtain the project ID from the Google Developers Console,
+// https://console.developers.google.com.
+func NewContext(projID string, c *http.Client) context.Context {
+	if c == nil {
+		panic("invalid nil *http.Client passed to NewContext")
+	}
+	return WithContext(context.Background(), projID, c)
+}
+
+// WithContext returns a new context in a similar way NewContext does,
+// but initiates the new context with the specified parent.
+func WithContext(parent context.Context, projID string, c *http.Client) context.Context {
+	// TODO(bradfitz): delete internal.Transport. It's too wrappy for what it does.
+	// Do User-Agent some other way.
+	if _, ok := c.Transport.(*internal.Transport); !ok {
+		c.Transport = &internal.Transport{Base: c.Transport}
+	}
+	return internal.WithContext(parent, projID, c)
+}
diff --git a/vendor/google.golang.org/cloud/internal/cloud.go b/vendor/google.golang.org/cloud/internal/cloud.go
new file mode 100644
index 000000000..8b0db1b5d
--- /dev/null
+++ b/vendor/google.golang.org/cloud/internal/cloud.go
@@ -0,0 +1,128 @@
+// Copyright 2014 Google Inc. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Package internal provides support for the cloud packages.
+//
+// Users should not import this package directly.
+package internal
+
+import (
+	"fmt"
+	"net/http"
+	"sync"
+
+	"golang.org/x/net/context"
+)
+
+type contextKey struct{}
+
+func WithContext(parent context.Context, projID string, c *http.Client) context.Context {
+	if c == nil {
+		panic("nil *http.Client passed to WithContext")
+	}
+	if projID == "" {
+		panic("empty project ID passed to WithContext")
+	}
+	return context.WithValue(parent, contextKey{}, &cloudContext{
+		ProjectID:  projID,
+		HTTPClient: c,
+	})
+}
+
+const userAgent = "gcloud-golang/0.1"
+
+type cloudContext struct {
+	ProjectID  string
+	HTTPClient *http.Client
+
+	mu  sync.Mutex             // guards svc
+	svc map[string]interface{} // e.g. "storage" => *rawStorage.Service
+}
+
+// Service returns the result of the fill function if it's never been
+// called before for the given name (which is assumed to be an API
+// service name, like "datastore"). If it has already been cached, the fill
+// func is not run.
+// It's safe for concurrent use by multiple goroutines.
+func Service(ctx context.Context, name string, fill func(*http.Client) interface{}) interface{} {
+	return cc(ctx).service(name, fill)
+}
+
+func (c *cloudContext) service(name string, fill func(*http.Client) interface{}) interface{} {
+	c.mu.Lock()
+	defer c.mu.Unlock()
+
+	if c.svc == nil {
+		c.svc = make(map[string]interface{})
+	} else if v, ok := c.svc[name]; ok {
+		return v
+	}
+	v := fill(c.HTTPClient)
+	c.svc[name] = v
+	return v
+}
+
+// Transport is an http.RoundTripper that appends
+// Google Cloud client's user-agent to the original
+// request's user-agent header.
+type Transport struct {
+	// Base represents the actual http.RoundTripper
+	// the requests will be delegated to.
+	Base http.RoundTripper
+}
+
+// RoundTrip appends a user-agent to the existing user-agent
+// header and delegates the request to the base http.RoundTripper.
+func (t *Transport) RoundTrip(req *http.Request) (*http.Response, error) {
+	req = cloneRequest(req)
+	ua := req.Header.Get("User-Agent")
+	if ua == "" {
+		ua = userAgent
+	} else {
+		ua = fmt.Sprintf("%s %s", ua, userAgent)
+	}
+	req.Header.Set("User-Agent", ua)
+	return t.Base.RoundTrip(req)
+}
+
+// cloneRequest returns a clone of the provided *http.Request.
+// The clone is a shallow copy of the struct and its Header map.
+func cloneRequest(r *http.Request) *http.Request {
+	// shallow copy of the struct
+	r2 := new(http.Request)
+	*r2 = *r
+	// deep copy of the Header
+	r2.Header = make(http.Header)
+	for k, s := range r.Header {
+		r2.Header[k] = s
+	}
+	return r2
+}
+
+func ProjID(ctx context.Context) string {
+	return cc(ctx).ProjectID
+}
+
+func HTTPClient(ctx context.Context) *http.Client {
+	return cc(ctx).HTTPClient
+}
+
+// cc returns the internal *cloudContext (cc) state for a context.Context.
+// It panics if the user did it wrong.
+func cc(ctx context.Context) *cloudContext {
+	if c, ok := ctx.Value(contextKey{}).(*cloudContext); ok {
+		return c
+	}
+	panic("invalid context.Context type; it should be created with cloud.NewContext")
+}
diff --git a/vendor/google.golang.org/cloud/internal/opts/option.go b/vendor/google.golang.org/cloud/internal/opts/option.go
new file mode 100644
index 000000000..c5ccf4f56
--- /dev/null
+++ b/vendor/google.golang.org/cloud/internal/opts/option.go
@@ -0,0 +1,24 @@
+// Package opts holds the DialOpts struct, configurable by
+// cloud.ClientOptions to set up transports for cloud packages.
+//
+// This is a separate page to prevent cycles between the core
+// cloud packages.
+package opts
+
+import (
+	"net/http"
+
+	"golang.org/x/oauth2"
+	"google.golang.org/grpc"
+)
+
+type DialOpt struct {
+	Endpoint  string
+	Scopes    []string
+	UserAgent string
+
+	TokenSource oauth2.TokenSource
+
+	HTTPClient *http.Client
+	GRPCClient *grpc.ClientConn
+}
diff --git a/vendor/google.golang.org/cloud/key.json.enc b/vendor/google.golang.org/cloud/key.json.enc
new file mode 100644
index 0000000000000000000000000000000000000000..2f673a84b143c71c53fb2b1619a9c96f48ce1f54
GIT binary patch
literal 1248
zcmV<61Rwj0Zv%9Mm*y(^-mW4!3RUy2jtHzDzqBac1!ANM5s{p;?JXvx&2>S>?&XkF
zbPIGkWM>T~87d^b%*>nJaAymr5U<`@59@t~4JOftxQT!nX^@`S7|o~~O+Q#D(Tea<
z0C6)A8SLE!<U$mE5v{iLO78DQzW1PMy_sw8IKl*4VFHTaQ~6vTBbkb4;hxzPp`-M)
z{UwL5M4Zb-AfxIrSn&+*iAkk@NEWee;JtjaAQ(QeIh*b7|JmZ(HeU_7k)dT`E5Xo_
zZW+Or5loy~JnD=nrIT0NOvnegUW)j7UK}S2W0%U=;N}xgf}Ogtjk6i!AJUUH3vi0t
z__Cy5f?&WWO!y;|d45&LlyLv_@c$_xF_4GQ0P{bqO!D_iSI`wRM;(dN!3MZXbcw^T
zUM_SQl2mb7^xe|dkZ5MLK2Q3WAOpk?<F|g!9PQ1&e$vX?58eM(%trgOqeyclhc3xv
zbH+-TX5JmM+$mm%M#UDw<*4L~8y<(s!y^4E!!v`5oN?#+86^p;e@&v=KP7!8Mduf7
zVk!@Mq(J%7+-~I}jzgC0nkJG<Im_D?_^5iO9N}3e;KFnf-r>UVU{sAQSPn29g38Y+
z<mAQnTTEhT&&qQB+8KQ=;;U;=r4QrG<7yk)VpOpeKb?k}H9i;Q1?MboL`gZF$i>rV
zh6d*@2I!vcc;^lf(cQ?Pz?3Ffe`floQ4ON~yPjBX#2YS)8P-#1)~jzFmH>!#k_@6*
z?Pa|=)iAO~EZEsyQPlyI@pPP|aa_}tTnzQ9mri9C=?}A^Int5dTDS)n9ga#mJv#L$
zBY9m{rCPaM=sSjZ=a3+0`3^E(t4n8bT_bUS3Mp<JmCCrI0vlYkubl^e>JWBpL&r6h
zJ%Xct#s$ZR(jRC3mjD0TPMY@#rsSEiCtk*Ko=v>Mh-?797)&q4y~SHHepsfE9xmSg
z4n8vqb#TmGqZ<!KGl^n5XZ-<{Pk4oy#rW?>t~l>S+M!&90~(5}z8lX}09MudKf5L=
zoQ7bN;+9yVdn_4$#-W-8a=%bwPC+qYzuI##;8LEi@-?!OqX9i;E%3&xZZ$lC!UKW0
ztI@XV?CzcLtFjWGYQ%v+Iu!2ou0&QhpI8MI0hRO^CO&sfNGho0#)!##9qVZs+e^Zn
zAM>BcIsA(NAq5bM;1+QtF)fOjm;*qDcL^dv{jdk9uv>HE?a0GDBGXJLK#`lp-e;&o
zjd}Qxu}rQ6d00k>F=`7~Y;Mfbj8Q+q+Lx(1k8^~qCv<H+7awIWwl3@e0Smzycmiur
zIp8p60E4KW!H=37LFtp%2T5E%nC>}{{z!kzo5=@e_E)7uoUE+8Hx*1ZStR~&B#Pa~
zJSQQ9U3v>5>e$B4bX1m8ykOK;!Ca5JLSVI-<Wle>@PG=TTEUyz&H?6DLda~RTskwU
z2NgP9h<51tLqz{r-|_ZmG$PUnKo>?$aw(m&R_rgQ%+~6fzd4b~_8Q{JATzF`8UL*a
zx%$Q*4uJL|74$eDw`n>9I1NL&1U~&?N&_!HUB@zp?uwL$D6`!7m4f{o_+fh{>s7&^
z`UClq@1IQ8yiYQ{rh=X+;)yZS@p`NPA$jn#OuY5sSx#Z>MroeKFfb+uaa7p&G)VRN
Kkn>IvykJ$=6K6R9

literal 0
HcmV?d00001

diff --git a/vendor/google.golang.org/cloud/option.go b/vendor/google.golang.org/cloud/option.go
new file mode 100644
index 000000000..d4a5aea29
--- /dev/null
+++ b/vendor/google.golang.org/cloud/option.go
@@ -0,0 +1,100 @@
+// Copyright 2015 Google Inc. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package cloud
+
+import (
+	"net/http"
+
+	"golang.org/x/oauth2"
+	"google.golang.org/cloud/internal/opts"
+	"google.golang.org/grpc"
+)
+
+// ClientOption is used when construct clients for each cloud service.
+type ClientOption interface {
+	// Resolve configures the given DialOpts for this option.
+	Resolve(*opts.DialOpt)
+}
+
+// WithTokenSource returns a ClientOption that specifies an OAuth2 token
+// source to be used as the basis for authentication.
+func WithTokenSource(s oauth2.TokenSource) ClientOption {
+	return withTokenSource{s}
+}
+
+type withTokenSource struct{ ts oauth2.TokenSource }
+
+func (w withTokenSource) Resolve(o *opts.DialOpt) {
+	o.TokenSource = w.ts
+}
+
+// WithEndpoint returns a ClientOption that overrides the default endpoint
+// to be used for a service.
+func WithEndpoint(url string) ClientOption {
+	return withEndpoint(url)
+}
+
+type withEndpoint string
+
+func (w withEndpoint) Resolve(o *opts.DialOpt) {
+	o.Endpoint = string(w)
+}
+
+// WithScopes returns a ClientOption that overrides the default OAuth2 scopes
+// to be used for a service.
+func WithScopes(scope ...string) ClientOption {
+	return withScopes(scope)
+}
+
+type withScopes []string
+
+func (w withScopes) Resolve(o *opts.DialOpt) {
+	o.Scopes = []string(w)
+}
+
+// WithUserAgent returns a ClientOption that sets the User-Agent.
+func WithUserAgent(ua string) ClientOption {
+	return withUA(ua)
+}
+
+type withUA string
+
+func (w withUA) Resolve(o *opts.DialOpt) { o.UserAgent = string(w) }
+
+// WithBaseHTTP returns a ClientOption that specifies the HTTP client to
+// use as the basis of communications. This option may only be used with
+// services that support HTTP as their communication transport.
+func WithBaseHTTP(client *http.Client) ClientOption {
+	return withBaseHTTP{client}
+}
+
+type withBaseHTTP struct{ client *http.Client }
+
+func (w withBaseHTTP) Resolve(o *opts.DialOpt) {
+	o.HTTPClient = w.client
+}
+
+// WithBaseGRPC returns a ClientOption that specifies the GRPC client
+// connection to use as the basis of communications. This option many only be
+// used with services that support HRPC as their communication transport.
+func WithBaseGRPC(client *grpc.ClientConn) ClientOption {
+	return withBaseGRPC{client}
+}
+
+type withBaseGRPC struct{ client *grpc.ClientConn }
+
+func (w withBaseGRPC) Resolve(o *opts.DialOpt) {
+	o.GRPCClient = w.client
+}
diff --git a/vendor/google.golang.org/cloud/storage/acl.go b/vendor/google.golang.org/cloud/storage/acl.go
new file mode 100644
index 000000000..71c5800a8
--- /dev/null
+++ b/vendor/google.golang.org/cloud/storage/acl.go
@@ -0,0 +1,176 @@
+// Copyright 2014 Google Inc. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package storage
+
+import (
+	"fmt"
+
+	"golang.org/x/net/context"
+	raw "google.golang.org/api/storage/v1"
+)
+
+// ACLRole is the the access permission for the entity.
+type ACLRole string
+
+const (
+	RoleOwner  ACLRole = "OWNER"
+	RoleReader ACLRole = "READER"
+)
+
+// ACLEntity is an entity holding an ACL permission.
+//
+// It could be in the form of:
+// "user-<userId>", "user-<email>","group-<groupId>", "group-<email>",
+// "domain-<domain>" and "project-team-<projectId>".
+//
+// Or one of the predefined constants: AllUsers, AllAuthenticatedUsers.
+type ACLEntity string
+
+const (
+	AllUsers              ACLEntity = "allUsers"
+	AllAuthenticatedUsers ACLEntity = "allAuthenticatedUsers"
+)
+
+// ACLRule represents an access control list rule entry for a Google Cloud Storage object or bucket.
+// A bucket is a Google Cloud Storage container whose name is globally unique and contains zero or
+// more objects.  An object is a blob of data that is stored in a bucket.
+type ACLRule struct {
+	// Entity identifies the entity holding the current rule's permissions.
+	Entity ACLEntity
+
+	// Role is the the access permission for the entity.
+	Role ACLRole
+}
+
+// DefaultACL returns the default object ACL entries for the named bucket.
+func DefaultACL(ctx context.Context, bucket string) ([]ACLRule, error) {
+	acls, err := rawService(ctx).DefaultObjectAccessControls.List(bucket).Context(ctx).Do()
+	if err != nil {
+		return nil, fmt.Errorf("storage: error listing default object ACL for bucket %q: %v", bucket, err)
+	}
+	r := make([]ACLRule, 0, len(acls.Items))
+	for _, v := range acls.Items {
+		if m, ok := v.(map[string]interface{}); ok {
+			entity, ok1 := m["entity"].(string)
+			role, ok2 := m["role"].(string)
+			if ok1 && ok2 {
+				r = append(r, ACLRule{Entity: ACLEntity(entity), Role: ACLRole(role)})
+			}
+		}
+	}
+	return r, nil
+}
+
+// PutDefaultACLRule saves the named default object ACL entity with the provided role for the named bucket.
+func PutDefaultACLRule(ctx context.Context, bucket string, entity ACLEntity, role ACLRole) error {
+	acl := &raw.ObjectAccessControl{
+		Bucket: bucket,
+		Entity: string(entity),
+		Role:   string(role),
+	}
+	_, err := rawService(ctx).DefaultObjectAccessControls.Update(bucket, string(entity), acl).Context(ctx).Do()
+	if err != nil {
+		return fmt.Errorf("storage: error updating default ACL rule for bucket %q, entity %q: %v", bucket, entity, err)
+	}
+	return nil
+}
+
+// DeleteDefaultACLRule deletes the named default ACL entity for the named bucket.
+func DeleteDefaultACLRule(ctx context.Context, bucket string, entity ACLEntity) error {
+	err := rawService(ctx).DefaultObjectAccessControls.Delete(bucket, string(entity)).Context(ctx).Do()
+	if err != nil {
+		return fmt.Errorf("storage: error deleting default ACL rule for bucket %q, entity %q: %v", bucket, entity, err)
+	}
+	return nil
+}
+
+// BucketACL returns the ACL entries for the named bucket.
+func BucketACL(ctx context.Context, bucket string) ([]ACLRule, error) {
+	acls, err := rawService(ctx).BucketAccessControls.List(bucket).Context(ctx).Do()
+	if err != nil {
+		return nil, fmt.Errorf("storage: error listing bucket ACL for bucket %q: %v", bucket, err)
+	}
+	r := make([]ACLRule, len(acls.Items))
+	for i, v := range acls.Items {
+		r[i].Entity = ACLEntity(v.Entity)
+		r[i].Role = ACLRole(v.Role)
+	}
+	return r, nil
+}
+
+// PutBucketACLRule saves the named ACL entity with the provided role for the named bucket.
+func PutBucketACLRule(ctx context.Context, bucket string, entity ACLEntity, role ACLRole) error {
+	acl := &raw.BucketAccessControl{
+		Bucket: bucket,
+		Entity: string(entity),
+		Role:   string(role),
+	}
+	_, err := rawService(ctx).BucketAccessControls.Update(bucket, string(entity), acl).Context(ctx).Do()
+	if err != nil {
+		return fmt.Errorf("storage: error updating bucket ACL rule for bucket %q, entity %q: %v", bucket, entity, err)
+	}
+	return nil
+}
+
+// DeleteBucketACLRule deletes the named ACL entity for the named bucket.
+func DeleteBucketACLRule(ctx context.Context, bucket string, entity ACLEntity) error {
+	err := rawService(ctx).BucketAccessControls.Delete(bucket, string(entity)).Context(ctx).Do()
+	if err != nil {
+		return fmt.Errorf("storage: error deleting bucket ACL rule for bucket %q, entity %q: %v", bucket, entity, err)
+	}
+	return nil
+}
+
+// ACL returns the ACL entries for the named object.
+func ACL(ctx context.Context, bucket, object string) ([]ACLRule, error) {
+	acls, err := rawService(ctx).ObjectAccessControls.List(bucket, object).Context(ctx).Do()
+	if err != nil {
+		return nil, fmt.Errorf("storage: error listing object ACL for bucket %q, file %q: %v", bucket, object, err)
+	}
+	r := make([]ACLRule, 0, len(acls.Items))
+	for _, v := range acls.Items {
+		if m, ok := v.(map[string]interface{}); ok {
+			entity, ok1 := m["entity"].(string)
+			role, ok2 := m["role"].(string)
+			if ok1 && ok2 {
+				r = append(r, ACLRule{Entity: ACLEntity(entity), Role: ACLRole(role)})
+			}
+		}
+	}
+	return r, nil
+}
+
+// PutACLRule saves the named ACL entity with the provided role for the named object.
+func PutACLRule(ctx context.Context, bucket, object string, entity ACLEntity, role ACLRole) error {
+	acl := &raw.ObjectAccessControl{
+		Bucket: bucket,
+		Entity: string(entity),
+		Role:   string(role),
+	}
+	_, err := rawService(ctx).ObjectAccessControls.Update(bucket, object, string(entity), acl).Context(ctx).Do()
+	if err != nil {
+		return fmt.Errorf("storage: error updating object ACL rule for bucket %q, file %q, entity %q: %v", bucket, object, entity, err)
+	}
+	return nil
+}
+
+// DeleteACLRule deletes the named ACL entity for the named object.
+func DeleteACLRule(ctx context.Context, bucket, object string, entity ACLEntity) error {
+	err := rawService(ctx).ObjectAccessControls.Delete(bucket, object, string(entity)).Context(ctx).Do()
+	if err != nil {
+		return fmt.Errorf("storage: error deleting object ACL rule for bucket %q, file %q, entity %q: %v", bucket, object, entity, err)
+	}
+	return nil
+}
diff --git a/vendor/google.golang.org/cloud/storage/storage.go b/vendor/google.golang.org/cloud/storage/storage.go
new file mode 100644
index 000000000..8aa70ff42
--- /dev/null
+++ b/vendor/google.golang.org/cloud/storage/storage.go
@@ -0,0 +1,350 @@
+// Copyright 2014 Google Inc. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Package storage contains a Google Cloud Storage client.
+//
+// This package is experimental and may make backwards-incompatible changes.
+package storage // import "google.golang.org/cloud/storage"
+
+import (
+	"crypto"
+	"crypto/rand"
+	"crypto/rsa"
+	"crypto/sha256"
+	"crypto/x509"
+	"encoding/base64"
+	"encoding/pem"
+	"errors"
+	"fmt"
+	"io"
+	"net/http"
+	"net/url"
+	"strings"
+	"time"
+
+	"google.golang.org/cloud/internal"
+
+	"golang.org/x/net/context"
+	"google.golang.org/api/googleapi"
+	raw "google.golang.org/api/storage/v1"
+)
+
+var (
+	ErrBucketNotExist = errors.New("storage: bucket doesn't exist")
+	ErrObjectNotExist = errors.New("storage: object doesn't exist")
+)
+
+const (
+	// ScopeFullControl grants permissions to manage your
+	// data and permissions in Google Cloud Storage.
+	ScopeFullControl = raw.DevstorageFullControlScope
+
+	// ScopeReadOnly grants permissions to
+	// view your data in Google Cloud Storage.
+	ScopeReadOnly = raw.DevstorageReadOnlyScope
+
+	// ScopeReadWrite grants permissions to manage your
+	// data in Google Cloud Storage.
+	ScopeReadWrite = raw.DevstorageReadWriteScope
+)
+
+// TODO(jbd): Add storage.buckets.list.
+// TODO(jbd): Add storage.buckets.insert.
+// TODO(jbd): Add storage.buckets.update.
+// TODO(jbd): Add storage.buckets.delete.
+
+// TODO(jbd): Add storage.objects.watch.
+
+// BucketInfo returns the metadata for the specified bucket.
+func BucketInfo(ctx context.Context, name string) (*Bucket, error) {
+	resp, err := rawService(ctx).Buckets.Get(name).Projection("full").Context(ctx).Do()
+	if e, ok := err.(*googleapi.Error); ok && e.Code == http.StatusNotFound {
+		return nil, ErrBucketNotExist
+	}
+	if err != nil {
+		return nil, err
+	}
+	return newBucket(resp), nil
+}
+
+// ListObjects lists objects from the bucket. You can specify a query
+// to filter the results. If q is nil, no filtering is applied.
+func ListObjects(ctx context.Context, bucket string, q *Query) (*Objects, error) {
+	c := rawService(ctx).Objects.List(bucket)
+	c.Projection("full")
+	if q != nil {
+		c.Delimiter(q.Delimiter)
+		c.Prefix(q.Prefix)
+		c.Versions(q.Versions)
+		c.PageToken(q.Cursor)
+		if q.MaxResults > 0 {
+			c.MaxResults(int64(q.MaxResults))
+		}
+	}
+	resp, err := c.Context(ctx).Do()
+	if err != nil {
+		return nil, err
+	}
+	objects := &Objects{
+		Results:  make([]*Object, len(resp.Items)),
+		Prefixes: make([]string, len(resp.Prefixes)),
+	}
+	for i, item := range resp.Items {
+		objects.Results[i] = newObject(item)
+	}
+	for i, prefix := range resp.Prefixes {
+		objects.Prefixes[i] = prefix
+	}
+	if resp.NextPageToken != "" {
+		next := Query{}
+		if q != nil {
+			// keep the other filtering
+			// criteria if there is a query
+			next = *q
+		}
+		next.Cursor = resp.NextPageToken
+		objects.Next = &next
+	}
+	return objects, nil
+}
+
+// SignedURLOptions allows you to restrict the access to the signed URL.
+type SignedURLOptions struct {
+	// GoogleAccessID represents the authorizer of the signed URL generation.
+	// It is typically the Google service account client email address from
+	// the Google Developers Console in the form of "xxx@developer.gserviceaccount.com".
+	// Required.
+	GoogleAccessID string
+
+	// PrivateKey is the Google service account private key. It is obtainable
+	// from the Google Developers Console.
+	// At https://console.developers.google.com/project/<your-project-id>/apiui/credential,
+	// create a service account client ID or reuse one of your existing service account
+	// credentials. Click on the "Generate new P12 key" to generate and download
+	// a new private key. Once you download the P12 file, use the following command
+	// to convert it into a PEM file.
+	//
+	//    $ openssl pkcs12 -in key.p12 -passin pass:notasecret -out key.pem -nodes
+	//
+	// Provide the contents of the PEM file as a byte slice.
+	// Required.
+	PrivateKey []byte
+
+	// Method is the HTTP method to be used with the signed URL.
+	// Signed URLs can be used with GET, HEAD, PUT, and DELETE requests.
+	// Required.
+	Method string
+
+	// Expires is the expiration time on the signed URL. It must be
+	// a datetime in the future.
+	// Required.
+	Expires time.Time
+
+	// ContentType is the content type header the client must provide
+	// to use the generated signed URL.
+	// Optional.
+	ContentType string
+
+	// Headers is a list of extention headers the client must provide
+	// in order to use the generated signed URL.
+	// Optional.
+	Headers []string
+
+	// MD5 is the base64 encoded MD5 checksum of the file.
+	// If provided, the client should provide the exact value on the request
+	// header in order to use the signed URL.
+	// Optional.
+	MD5 []byte
+}
+
+// SignedURL returns a URL for the specified object. Signed URLs allow
+// the users access to a restricted resource for a limited time without having a
+// Google account or signing in. For more information about the signed
+// URLs, see https://cloud.google.com/storage/docs/accesscontrol#Signed-URLs.
+func SignedURL(bucket, name string, opts *SignedURLOptions) (string, error) {
+	if opts == nil {
+		return "", errors.New("storage: missing required SignedURLOptions")
+	}
+	if opts.GoogleAccessID == "" || opts.PrivateKey == nil {
+		return "", errors.New("storage: missing required credentials to generate a signed URL")
+	}
+	if opts.Method == "" {
+		return "", errors.New("storage: missing required method option")
+	}
+	if opts.Expires.IsZero() {
+		return "", errors.New("storage: missing required expires option")
+	}
+	key, err := parseKey(opts.PrivateKey)
+	if err != nil {
+		return "", err
+	}
+	h := sha256.New()
+	fmt.Fprintf(h, "%s\n", opts.Method)
+	fmt.Fprintf(h, "%s\n", opts.MD5)
+	fmt.Fprintf(h, "%s\n", opts.ContentType)
+	fmt.Fprintf(h, "%d\n", opts.Expires.Unix())
+	fmt.Fprintf(h, "%s", strings.Join(opts.Headers, "\n"))
+	fmt.Fprintf(h, "/%s/%s", bucket, name)
+	b, err := rsa.SignPKCS1v15(
+		rand.Reader,
+		key,
+		crypto.SHA256,
+		h.Sum(nil),
+	)
+	if err != nil {
+		return "", err
+	}
+	encoded := base64.StdEncoding.EncodeToString(b)
+	u := &url.URL{
+		Scheme: "https",
+		Host:   "storage.googleapis.com",
+		Path:   fmt.Sprintf("/%s/%s", bucket, name),
+	}
+	q := u.Query()
+	q.Set("GoogleAccessId", opts.GoogleAccessID)
+	q.Set("Expires", fmt.Sprintf("%d", opts.Expires.Unix()))
+	q.Set("Signature", string(encoded))
+	u.RawQuery = q.Encode()
+	return u.String(), nil
+}
+
+// StatObject returns meta information about the specified object.
+func StatObject(ctx context.Context, bucket, name string) (*Object, error) {
+	o, err := rawService(ctx).Objects.Get(bucket, name).Projection("full").Context(ctx).Do()
+	if e, ok := err.(*googleapi.Error); ok && e.Code == http.StatusNotFound {
+		return nil, ErrObjectNotExist
+	}
+	if err != nil {
+		return nil, err
+	}
+	return newObject(o), nil
+}
+
+// UpdateAttrs updates an object with the provided attributes.
+// All zero-value attributes are ignored.
+func UpdateAttrs(ctx context.Context, bucket, name string, attrs ObjectAttrs) (*Object, error) {
+	o, err := rawService(ctx).Objects.Patch(bucket, name, attrs.toRawObject(bucket)).Projection("full").Context(ctx).Do()
+	if e, ok := err.(*googleapi.Error); ok && e.Code == http.StatusNotFound {
+		return nil, ErrObjectNotExist
+	}
+	if err != nil {
+		return nil, err
+	}
+	return newObject(o), nil
+}
+
+// DeleteObject deletes the single specified object.
+func DeleteObject(ctx context.Context, bucket, name string) error {
+	return rawService(ctx).Objects.Delete(bucket, name).Context(ctx).Do()
+}
+
+// CopyObject copies the source object to the destination.
+// The copied object's attributes are overwritten by attrs if non-nil.
+func CopyObject(ctx context.Context, srcBucket, srcName string, destBucket, destName string, attrs *ObjectAttrs) (*Object, error) {
+	if srcBucket == "" || destBucket == "" {
+		return nil, errors.New("storage: srcBucket and destBucket must both be non-empty")
+	}
+	if srcName == "" || destName == "" {
+		return nil, errors.New("storage: srcName and destName must be non-empty")
+	}
+	var rawObject *raw.Object
+	if attrs != nil {
+		attrs.Name = destName
+		if attrs.ContentType == "" {
+			return nil, errors.New("storage: attrs.ContentType must be non-empty")
+		}
+		rawObject = attrs.toRawObject(destBucket)
+	}
+	o, err := rawService(ctx).Objects.Copy(
+		srcBucket, srcName, destBucket, destName, rawObject).Projection("full").Context(ctx).Do()
+	if err != nil {
+		return nil, err
+	}
+	return newObject(o), nil
+}
+
+// NewReader creates a new io.ReadCloser to read the contents
+// of the object.
+func NewReader(ctx context.Context, bucket, name string) (io.ReadCloser, error) {
+	hc := internal.HTTPClient(ctx)
+	u := &url.URL{
+		Scheme: "https",
+		Host:   "storage.googleapis.com",
+		Path:   fmt.Sprintf("/%s/%s", bucket, name),
+	}
+	res, err := hc.Get(u.String())
+	if err != nil {
+		return nil, err
+	}
+	if res.StatusCode == http.StatusNotFound {
+		res.Body.Close()
+		return nil, ErrObjectNotExist
+	}
+	if res.StatusCode < 200 || res.StatusCode > 299 {
+		res.Body.Close()
+		return res.Body, fmt.Errorf("storage: can't read object %v/%v, status code: %v", bucket, name, res.Status)
+	}
+	return res.Body, nil
+}
+
+// NewWriter returns a storage Writer that writes to the GCS object
+// identified by the specified name.
+// If such an object doesn't exist, it creates one.
+// Attributes can be set on the object by modifying the returned Writer's
+// ObjectAttrs field before the first call to Write. The name parameter to this
+// function is ignored if the Name field of the ObjectAttrs field is set to a
+// non-empty string.
+//
+// It is the caller's responsibility to call Close when writing is done.
+//
+// The object is not available and any previous object with the same
+// name is not replaced on Cloud Storage until Close is called.
+func NewWriter(ctx context.Context, bucket, name string) *Writer {
+	return &Writer{
+		ctx:    ctx,
+		bucket: bucket,
+		name:   name,
+		donec:  make(chan struct{}),
+	}
+}
+
+func rawService(ctx context.Context) *raw.Service {
+	return internal.Service(ctx, "storage", func(hc *http.Client) interface{} {
+		svc, _ := raw.New(hc)
+		return svc
+	}).(*raw.Service)
+}
+
+// parseKey converts the binary contents of a private key file
+// to an *rsa.PrivateKey. It detects whether the private key is in a
+// PEM container or not. If so, it extracts the the private key
+// from PEM container before conversion. It only supports PEM
+// containers with no passphrase.
+func parseKey(key []byte) (*rsa.PrivateKey, error) {
+	if block, _ := pem.Decode(key); block != nil {
+		key = block.Bytes
+	}
+	parsedKey, err := x509.ParsePKCS8PrivateKey(key)
+	if err != nil {
+		parsedKey, err = x509.ParsePKCS1PrivateKey(key)
+		if err != nil {
+			return nil, err
+		}
+	}
+	parsed, ok := parsedKey.(*rsa.PrivateKey)
+	if !ok {
+		return nil, errors.New("oauth2: private key is invalid")
+	}
+	return parsed, nil
+}
diff --git a/vendor/google.golang.org/cloud/storage/types.go b/vendor/google.golang.org/cloud/storage/types.go
new file mode 100644
index 000000000..060deb6ad
--- /dev/null
+++ b/vendor/google.golang.org/cloud/storage/types.go
@@ -0,0 +1,417 @@
+// Copyright 2014 Google Inc. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package storage
+
+import (
+	"encoding/base64"
+	"io"
+	"sync"
+	"time"
+
+	"golang.org/x/net/context"
+	raw "google.golang.org/api/storage/v1"
+)
+
+// Bucket represents a Google Cloud Storage bucket.
+type Bucket struct {
+	// Name is the name of the bucket.
+	Name string
+
+	// ACL is the list of access control rules on the bucket.
+	ACL []ACLRule
+
+	// DefaultObjectACL is the list of access controls to
+	// apply to new objects when no object ACL is provided.
+	DefaultObjectACL []ACLRule
+
+	// Location is the location of the bucket. It defaults to "US".
+	Location string
+
+	// Metageneration is the metadata generation of the bucket.
+	// Read-only.
+	Metageneration int64
+
+	// StorageClass is the storage class of the bucket. This defines
+	// how objects in the bucket are stored and determines the SLA
+	// and the cost of storage. Typical values are "STANDARD" and
+	// "DURABLE_REDUCED_AVAILABILITY". Defaults to "STANDARD".
+	StorageClass string
+
+	// Created is the creation time of the bucket.
+	// Read-only.
+	Created time.Time
+}
+
+func newBucket(b *raw.Bucket) *Bucket {
+	if b == nil {
+		return nil
+	}
+	bucket := &Bucket{
+		Name:           b.Name,
+		Location:       b.Location,
+		Metageneration: b.Metageneration,
+		StorageClass:   b.StorageClass,
+		Created:        convertTime(b.TimeCreated),
+	}
+	acl := make([]ACLRule, len(b.Acl))
+	for i, rule := range b.Acl {
+		acl[i] = ACLRule{
+			Entity: ACLEntity(rule.Entity),
+			Role:   ACLRole(rule.Role),
+		}
+	}
+	bucket.ACL = acl
+	objACL := make([]ACLRule, len(b.DefaultObjectAcl))
+	for i, rule := range b.DefaultObjectAcl {
+		objACL[i] = ACLRule{
+			Entity: ACLEntity(rule.Entity),
+			Role:   ACLRole(rule.Role),
+		}
+	}
+	bucket.DefaultObjectACL = objACL
+	return bucket
+}
+
+// ObjectAttrs is the user-editable object attributes.
+type ObjectAttrs struct {
+	// Name is the name of the object.
+	Name string
+
+	// ContentType is the MIME type of the object's content.
+	// Optional.
+	ContentType string
+
+	// ContentLanguage is the optional RFC 1766 Content-Language of
+	// the object's content sent in response headers.
+	ContentLanguage string
+
+	// ContentEncoding is the optional Content-Encoding of the object
+	// sent it the response headers.
+	ContentEncoding string
+
+	// CacheControl is the optional Cache-Control header of the object
+	// sent in the response headers.
+	CacheControl string
+
+	// ContentDisposition is the optional Content-Disposition header of the object
+	// sent in the response headers.
+	ContentDisposition string
+
+	// ACL is the list of access control rules for the object.
+	// Optional. If nil or empty, existing ACL rules are preserved.
+	ACL []ACLRule
+
+	// Metadata represents user-provided metadata, in key/value pairs.
+	// It can be nil if the current metadata values needs to preserved.
+	Metadata map[string]string
+}
+
+func (o ObjectAttrs) toRawObject(bucket string) *raw.Object {
+	var acl []*raw.ObjectAccessControl
+	if len(o.ACL) > 0 {
+		acl = make([]*raw.ObjectAccessControl, len(o.ACL))
+		for i, rule := range o.ACL {
+			acl[i] = &raw.ObjectAccessControl{
+				Entity: string(rule.Entity),
+				Role:   string(rule.Role),
+			}
+		}
+	}
+	return &raw.Object{
+		Bucket:             bucket,
+		Name:               o.Name,
+		ContentType:        o.ContentType,
+		ContentEncoding:    o.ContentEncoding,
+		ContentLanguage:    o.ContentLanguage,
+		CacheControl:       o.CacheControl,
+		ContentDisposition: o.ContentDisposition,
+		Acl:                acl,
+		Metadata:           o.Metadata,
+	}
+}
+
+// Object represents a Google Cloud Storage (GCS) object.
+type Object struct {
+	// Bucket is the name of the bucket containing this GCS object.
+	Bucket string
+
+	// Name is the name of the object within the bucket.
+	Name string
+
+	// ContentType is the MIME type of the object's content.
+	ContentType string
+
+	// ContentLanguage is the content language of the object's content.
+	ContentLanguage string
+
+	// CacheControl is the Cache-Control header to be sent in the response
+	// headers when serving the object data.
+	CacheControl string
+
+	// ACL is the list of access control rules for the object.
+	ACL []ACLRule
+
+	// Owner is the owner of the object.
+	//
+	// If non-zero, it is in the form of "user-<userId>".
+	Owner string
+
+	// Size is the length of the object's content.
+	Size int64
+
+	// ContentEncoding is the encoding of the object's content.
+	ContentEncoding string
+
+	// MD5 is the MD5 hash of the object's content.
+	MD5 []byte
+
+	// CRC32C is the CRC32 checksum of the object's content using
+	// the Castagnoli93 polynomial.
+	CRC32C uint32
+
+	// MediaLink is an URL to the object's content.
+	MediaLink string
+
+	// Metadata represents user-provided metadata, in key/value pairs.
+	// It can be nil if no metadata is provided.
+	Metadata map[string]string
+
+	// Generation is the generation number of the object's content.
+	Generation int64
+
+	// MetaGeneration is the version of the metadata for this
+	// object at this generation. This field is used for preconditions
+	// and for detecting changes in metadata. A metageneration number
+	// is only meaningful in the context of a particular generation
+	// of a particular object.
+	MetaGeneration int64
+
+	// StorageClass is the storage class of the bucket.
+	// This value defines how objects in the bucket are stored and
+	// determines the SLA and the cost of storage. Typical values are
+	// "STANDARD" and "DURABLE_REDUCED_AVAILABILITY".
+	// It defaults to "STANDARD".
+	StorageClass string
+
+	// Deleted is the time the object was deleted.
+	// If not deleted, it is the zero value.
+	Deleted time.Time
+
+	// Updated is the creation or modification time of the object.
+	// For buckets with versioning enabled, changing an object's
+	// metadata does not change this property.
+	Updated time.Time
+}
+
+// convertTime converts a time in RFC3339 format to time.Time.
+// If any error occurs in parsing, the zero-value time.Time is silently returned.
+func convertTime(t string) time.Time {
+	var r time.Time
+	if t != "" {
+		r, _ = time.Parse(time.RFC3339, t)
+	}
+	return r
+}
+
+func newObject(o *raw.Object) *Object {
+	if o == nil {
+		return nil
+	}
+	acl := make([]ACLRule, len(o.Acl))
+	for i, rule := range o.Acl {
+		acl[i] = ACLRule{
+			Entity: ACLEntity(rule.Entity),
+			Role:   ACLRole(rule.Role),
+		}
+	}
+	owner := ""
+	if o.Owner != nil {
+		owner = o.Owner.Entity
+	}
+	md5, _ := base64.StdEncoding.DecodeString(o.Md5Hash)
+	var crc32c uint32
+	d, err := base64.StdEncoding.DecodeString(o.Crc32c)
+	if err == nil && len(d) == 4 {
+		crc32c = uint32(d[0])<<24 + uint32(d[1])<<16 + uint32(d[2])<<8 + uint32(d[3])
+	}
+	return &Object{
+		Bucket:          o.Bucket,
+		Name:            o.Name,
+		ContentType:     o.ContentType,
+		ContentLanguage: o.ContentLanguage,
+		CacheControl:    o.CacheControl,
+		ACL:             acl,
+		Owner:           owner,
+		ContentEncoding: o.ContentEncoding,
+		Size:            int64(o.Size),
+		MD5:             md5,
+		CRC32C:          crc32c,
+		MediaLink:       o.MediaLink,
+		Metadata:        o.Metadata,
+		Generation:      o.Generation,
+		MetaGeneration:  o.Metageneration,
+		StorageClass:    o.StorageClass,
+		Deleted:         convertTime(o.TimeDeleted),
+		Updated:         convertTime(o.Updated),
+	}
+}
+
+// Query represents a query to filter objects from a bucket.
+type Query struct {
+	// Delimiter returns results in a directory-like fashion.
+	// Results will contain only objects whose names, aside from the
+	// prefix, do not contain delimiter. Objects whose names,
+	// aside from the prefix, contain delimiter will have their name,
+	// truncated after the delimiter, returned in prefixes.
+	// Duplicate prefixes are omitted.
+	// Optional.
+	Delimiter string
+
+	// Prefix is the prefix filter to query objects
+	// whose names begin with this prefix.
+	// Optional.
+	Prefix string
+
+	// Versions indicates whether multiple versions of the same
+	// object will be included in the results.
+	Versions bool
+
+	// Cursor is a previously-returned page token
+	// representing part of the larger set of results to view.
+	// Optional.
+	Cursor string
+
+	// MaxResults is the maximum number of items plus prefixes
+	// to return. As duplicate prefixes are omitted,
+	// fewer total results may be returned than requested.
+	// The default page limit is used if it is negative or zero.
+	MaxResults int
+}
+
+// Objects represents a list of objects returned from
+// a bucket look-p request and a query to retrieve more
+// objects from the next pages.
+type Objects struct {
+	// Results represent a list of object results.
+	Results []*Object
+
+	// Next is the continuation query to retrieve more
+	// results with the same filtering criteria. If there
+	// are no more results to retrieve, it is nil.
+	Next *Query
+
+	// Prefixes represents prefixes of objects
+	// matching-but-not-listed up to and including
+	// the requested delimiter.
+	Prefixes []string
+}
+
+// contentTyper implements ContentTyper to enable an
+// io.ReadCloser to specify its MIME type.
+type contentTyper struct {
+	io.Reader
+	t string
+}
+
+func (c *contentTyper) ContentType() string {
+	return c.t
+}
+
+// A Writer writes a Cloud Storage object.
+type Writer struct {
+	// ObjectAttrs are optional attributes to set on the object. Any attributes
+	// must be initialized before the first Write call. Nil or zero-valued
+	// attributes are ignored.
+	ObjectAttrs
+
+	ctx    context.Context
+	bucket string
+	name   string
+
+	once sync.Once
+
+	opened bool
+	r      io.Reader
+	pw     *io.PipeWriter
+
+	donec chan struct{} // closed after err and obj are set.
+	err   error
+	obj   *Object
+}
+
+func (w *Writer) open() {
+	attrs := w.ObjectAttrs
+	// Always set the name, otherwise the backend
+	// rejects the request and responds with an HTTP 400.
+	if attrs.Name == "" {
+		attrs.Name = w.name
+	}
+	pr, pw := io.Pipe()
+	w.r = &contentTyper{pr, attrs.ContentType}
+	w.pw = pw
+	w.opened = true
+
+	go func() {
+		resp, err := rawService(w.ctx).Objects.Insert(
+			w.bucket, attrs.toRawObject(w.bucket)).Media(w.r).Projection("full").Context(w.ctx).Do()
+		w.err = err
+		if err == nil {
+			w.obj = newObject(resp)
+		} else {
+			pr.CloseWithError(w.err)
+		}
+		close(w.donec)
+	}()
+}
+
+// Write appends to w.
+func (w *Writer) Write(p []byte) (n int, err error) {
+	if w.err != nil {
+		return 0, w.err
+	}
+	if !w.opened {
+		w.open()
+	}
+	return w.pw.Write(p)
+}
+
+// Close completes the write operation and flushes any buffered data.
+// If Close doesn't return an error, metadata about the written object
+// can be retrieved by calling Object.
+func (w *Writer) Close() error {
+	if !w.opened {
+		w.open()
+	}
+	if err := w.pw.Close(); err != nil {
+		return err
+	}
+	<-w.donec
+	return w.err
+}
+
+// CloseWithError aborts the write operation with the provided error.
+// CloseWithError always returns nil.
+func (w *Writer) CloseWithError(err error) error {
+	if !w.opened {
+		return nil
+	}
+	return w.pw.CloseWithError(err)
+}
+
+// Object returns metadata about a successfully-written object.
+// It's only valid to call it after Close returns nil.
+func (w *Writer) Object() *Object {
+	return w.obj
+}
diff --git a/vendor/google.golang.org/genproto/googleapis/rpc/code/code.pb.go b/vendor/google.golang.org/genproto/googleapis/rpc/code/code.pb.go
new file mode 100644
index 000000000..cc5d52fbc
--- /dev/null
+++ b/vendor/google.golang.org/genproto/googleapis/rpc/code/code.pb.go
@@ -0,0 +1,336 @@
+// Copyright 2022 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// 	protoc-gen-go v1.26.0
+// 	protoc        v3.21.9
+// source: google/rpc/code.proto
+
+package code
+
+import (
+	reflect "reflect"
+	sync "sync"
+
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+)
+
+const (
+	// Verify that this generated code is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+	// Verify that runtime/protoimpl is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+// The canonical error codes for gRPC APIs.
+//
+// Sometimes multiple error codes may apply.  Services should return
+// the most specific error code that applies.  For example, prefer
+// `OUT_OF_RANGE` over `FAILED_PRECONDITION` if both codes apply.
+// Similarly prefer `NOT_FOUND` or `ALREADY_EXISTS` over `FAILED_PRECONDITION`.
+type Code int32
+
+const (
+	// Not an error; returned on success.
+	//
+	// HTTP Mapping: 200 OK
+	Code_OK Code = 0
+	// The operation was cancelled, typically by the caller.
+	//
+	// HTTP Mapping: 499 Client Closed Request
+	Code_CANCELLED Code = 1
+	// Unknown error.  For example, this error may be returned when
+	// a `Status` value received from another address space belongs to
+	// an error space that is not known in this address space.  Also
+	// errors raised by APIs that do not return enough error information
+	// may be converted to this error.
+	//
+	// HTTP Mapping: 500 Internal Server Error
+	Code_UNKNOWN Code = 2
+	// The client specified an invalid argument.  Note that this differs
+	// from `FAILED_PRECONDITION`.  `INVALID_ARGUMENT` indicates arguments
+	// that are problematic regardless of the state of the system
+	// (e.g., a malformed file name).
+	//
+	// HTTP Mapping: 400 Bad Request
+	Code_INVALID_ARGUMENT Code = 3
+	// The deadline expired before the operation could complete. For operations
+	// that change the state of the system, this error may be returned
+	// even if the operation has completed successfully.  For example, a
+	// successful response from a server could have been delayed long
+	// enough for the deadline to expire.
+	//
+	// HTTP Mapping: 504 Gateway Timeout
+	Code_DEADLINE_EXCEEDED Code = 4
+	// Some requested entity (e.g., file or directory) was not found.
+	//
+	// Note to server developers: if a request is denied for an entire class
+	// of users, such as gradual feature rollout or undocumented allowlist,
+	// `NOT_FOUND` may be used. If a request is denied for some users within
+	// a class of users, such as user-based access control, `PERMISSION_DENIED`
+	// must be used.
+	//
+	// HTTP Mapping: 404 Not Found
+	Code_NOT_FOUND Code = 5
+	// The entity that a client attempted to create (e.g., file or directory)
+	// already exists.
+	//
+	// HTTP Mapping: 409 Conflict
+	Code_ALREADY_EXISTS Code = 6
+	// The caller does not have permission to execute the specified
+	// operation. `PERMISSION_DENIED` must not be used for rejections
+	// caused by exhausting some resource (use `RESOURCE_EXHAUSTED`
+	// instead for those errors). `PERMISSION_DENIED` must not be
+	// used if the caller can not be identified (use `UNAUTHENTICATED`
+	// instead for those errors). This error code does not imply the
+	// request is valid or the requested entity exists or satisfies
+	// other pre-conditions.
+	//
+	// HTTP Mapping: 403 Forbidden
+	Code_PERMISSION_DENIED Code = 7
+	// The request does not have valid authentication credentials for the
+	// operation.
+	//
+	// HTTP Mapping: 401 Unauthorized
+	Code_UNAUTHENTICATED Code = 16
+	// Some resource has been exhausted, perhaps a per-user quota, or
+	// perhaps the entire file system is out of space.
+	//
+	// HTTP Mapping: 429 Too Many Requests
+	Code_RESOURCE_EXHAUSTED Code = 8
+	// The operation was rejected because the system is not in a state
+	// required for the operation's execution.  For example, the directory
+	// to be deleted is non-empty, an rmdir operation is applied to
+	// a non-directory, etc.
+	//
+	// Service implementors can use the following guidelines to decide
+	// between `FAILED_PRECONDITION`, `ABORTED`, and `UNAVAILABLE`:
+	//
+	//	(a) Use `UNAVAILABLE` if the client can retry just the failing call.
+	//	(b) Use `ABORTED` if the client should retry at a higher level. For
+	//	    example, when a client-specified test-and-set fails, indicating the
+	//	    client should restart a read-modify-write sequence.
+	//	(c) Use `FAILED_PRECONDITION` if the client should not retry until
+	//	    the system state has been explicitly fixed. For example, if an "rmdir"
+	//	    fails because the directory is non-empty, `FAILED_PRECONDITION`
+	//	    should be returned since the client should not retry unless
+	//	    the files are deleted from the directory.
+	//
+	// HTTP Mapping: 400 Bad Request
+	Code_FAILED_PRECONDITION Code = 9
+	// The operation was aborted, typically due to a concurrency issue such as
+	// a sequencer check failure or transaction abort.
+	//
+	// See the guidelines above for deciding between `FAILED_PRECONDITION`,
+	// `ABORTED`, and `UNAVAILABLE`.
+	//
+	// HTTP Mapping: 409 Conflict
+	Code_ABORTED Code = 10
+	// The operation was attempted past the valid range.  E.g., seeking or
+	// reading past end-of-file.
+	//
+	// Unlike `INVALID_ARGUMENT`, this error indicates a problem that may
+	// be fixed if the system state changes. For example, a 32-bit file
+	// system will generate `INVALID_ARGUMENT` if asked to read at an
+	// offset that is not in the range [0,2^32-1], but it will generate
+	// `OUT_OF_RANGE` if asked to read from an offset past the current
+	// file size.
+	//
+	// There is a fair bit of overlap between `FAILED_PRECONDITION` and
+	// `OUT_OF_RANGE`.  We recommend using `OUT_OF_RANGE` (the more specific
+	// error) when it applies so that callers who are iterating through
+	// a space can easily look for an `OUT_OF_RANGE` error to detect when
+	// they are done.
+	//
+	// HTTP Mapping: 400 Bad Request
+	Code_OUT_OF_RANGE Code = 11
+	// The operation is not implemented or is not supported/enabled in this
+	// service.
+	//
+	// HTTP Mapping: 501 Not Implemented
+	Code_UNIMPLEMENTED Code = 12
+	// Internal errors.  This means that some invariants expected by the
+	// underlying system have been broken.  This error code is reserved
+	// for serious errors.
+	//
+	// HTTP Mapping: 500 Internal Server Error
+	Code_INTERNAL Code = 13
+	// The service is currently unavailable.  This is most likely a
+	// transient condition, which can be corrected by retrying with
+	// a backoff. Note that it is not always safe to retry
+	// non-idempotent operations.
+	//
+	// See the guidelines above for deciding between `FAILED_PRECONDITION`,
+	// `ABORTED`, and `UNAVAILABLE`.
+	//
+	// HTTP Mapping: 503 Service Unavailable
+	Code_UNAVAILABLE Code = 14
+	// Unrecoverable data loss or corruption.
+	//
+	// HTTP Mapping: 500 Internal Server Error
+	Code_DATA_LOSS Code = 15
+)
+
+// Enum value maps for Code.
+var (
+	Code_name = map[int32]string{
+		0:  "OK",
+		1:  "CANCELLED",
+		2:  "UNKNOWN",
+		3:  "INVALID_ARGUMENT",
+		4:  "DEADLINE_EXCEEDED",
+		5:  "NOT_FOUND",
+		6:  "ALREADY_EXISTS",
+		7:  "PERMISSION_DENIED",
+		16: "UNAUTHENTICATED",
+		8:  "RESOURCE_EXHAUSTED",
+		9:  "FAILED_PRECONDITION",
+		10: "ABORTED",
+		11: "OUT_OF_RANGE",
+		12: "UNIMPLEMENTED",
+		13: "INTERNAL",
+		14: "UNAVAILABLE",
+		15: "DATA_LOSS",
+	}
+	Code_value = map[string]int32{
+		"OK":                  0,
+		"CANCELLED":           1,
+		"UNKNOWN":             2,
+		"INVALID_ARGUMENT":    3,
+		"DEADLINE_EXCEEDED":   4,
+		"NOT_FOUND":           5,
+		"ALREADY_EXISTS":      6,
+		"PERMISSION_DENIED":   7,
+		"UNAUTHENTICATED":     16,
+		"RESOURCE_EXHAUSTED":  8,
+		"FAILED_PRECONDITION": 9,
+		"ABORTED":             10,
+		"OUT_OF_RANGE":        11,
+		"UNIMPLEMENTED":       12,
+		"INTERNAL":            13,
+		"UNAVAILABLE":         14,
+		"DATA_LOSS":           15,
+	}
+)
+
+func (x Code) Enum() *Code {
+	p := new(Code)
+	*p = x
+	return p
+}
+
+func (x Code) String() string {
+	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
+}
+
+func (Code) Descriptor() protoreflect.EnumDescriptor {
+	return file_google_rpc_code_proto_enumTypes[0].Descriptor()
+}
+
+func (Code) Type() protoreflect.EnumType {
+	return &file_google_rpc_code_proto_enumTypes[0]
+}
+
+func (x Code) Number() protoreflect.EnumNumber {
+	return protoreflect.EnumNumber(x)
+}
+
+// Deprecated: Use Code.Descriptor instead.
+func (Code) EnumDescriptor() ([]byte, []int) {
+	return file_google_rpc_code_proto_rawDescGZIP(), []int{0}
+}
+
+var File_google_rpc_code_proto protoreflect.FileDescriptor
+
+var file_google_rpc_code_proto_rawDesc = []byte{
+	0x0a, 0x15, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x72, 0x70, 0x63, 0x2f, 0x63, 0x6f, 0x64,
+	0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x0a, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e,
+	0x72, 0x70, 0x63, 0x2a, 0xb7, 0x02, 0x0a, 0x04, 0x43, 0x6f, 0x64, 0x65, 0x12, 0x06, 0x0a, 0x02,
+	0x4f, 0x4b, 0x10, 0x00, 0x12, 0x0d, 0x0a, 0x09, 0x43, 0x41, 0x4e, 0x43, 0x45, 0x4c, 0x4c, 0x45,
+	0x44, 0x10, 0x01, 0x12, 0x0b, 0x0a, 0x07, 0x55, 0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x10, 0x02,
+	0x12, 0x14, 0x0a, 0x10, 0x49, 0x4e, 0x56, 0x41, 0x4c, 0x49, 0x44, 0x5f, 0x41, 0x52, 0x47, 0x55,
+	0x4d, 0x45, 0x4e, 0x54, 0x10, 0x03, 0x12, 0x15, 0x0a, 0x11, 0x44, 0x45, 0x41, 0x44, 0x4c, 0x49,
+	0x4e, 0x45, 0x5f, 0x45, 0x58, 0x43, 0x45, 0x45, 0x44, 0x45, 0x44, 0x10, 0x04, 0x12, 0x0d, 0x0a,
+	0x09, 0x4e, 0x4f, 0x54, 0x5f, 0x46, 0x4f, 0x55, 0x4e, 0x44, 0x10, 0x05, 0x12, 0x12, 0x0a, 0x0e,
+	0x41, 0x4c, 0x52, 0x45, 0x41, 0x44, 0x59, 0x5f, 0x45, 0x58, 0x49, 0x53, 0x54, 0x53, 0x10, 0x06,
+	0x12, 0x15, 0x0a, 0x11, 0x50, 0x45, 0x52, 0x4d, 0x49, 0x53, 0x53, 0x49, 0x4f, 0x4e, 0x5f, 0x44,
+	0x45, 0x4e, 0x49, 0x45, 0x44, 0x10, 0x07, 0x12, 0x13, 0x0a, 0x0f, 0x55, 0x4e, 0x41, 0x55, 0x54,
+	0x48, 0x45, 0x4e, 0x54, 0x49, 0x43, 0x41, 0x54, 0x45, 0x44, 0x10, 0x10, 0x12, 0x16, 0x0a, 0x12,
+	0x52, 0x45, 0x53, 0x4f, 0x55, 0x52, 0x43, 0x45, 0x5f, 0x45, 0x58, 0x48, 0x41, 0x55, 0x53, 0x54,
+	0x45, 0x44, 0x10, 0x08, 0x12, 0x17, 0x0a, 0x13, 0x46, 0x41, 0x49, 0x4c, 0x45, 0x44, 0x5f, 0x50,
+	0x52, 0x45, 0x43, 0x4f, 0x4e, 0x44, 0x49, 0x54, 0x49, 0x4f, 0x4e, 0x10, 0x09, 0x12, 0x0b, 0x0a,
+	0x07, 0x41, 0x42, 0x4f, 0x52, 0x54, 0x45, 0x44, 0x10, 0x0a, 0x12, 0x10, 0x0a, 0x0c, 0x4f, 0x55,
+	0x54, 0x5f, 0x4f, 0x46, 0x5f, 0x52, 0x41, 0x4e, 0x47, 0x45, 0x10, 0x0b, 0x12, 0x11, 0x0a, 0x0d,
+	0x55, 0x4e, 0x49, 0x4d, 0x50, 0x4c, 0x45, 0x4d, 0x45, 0x4e, 0x54, 0x45, 0x44, 0x10, 0x0c, 0x12,
+	0x0c, 0x0a, 0x08, 0x49, 0x4e, 0x54, 0x45, 0x52, 0x4e, 0x41, 0x4c, 0x10, 0x0d, 0x12, 0x0f, 0x0a,
+	0x0b, 0x55, 0x4e, 0x41, 0x56, 0x41, 0x49, 0x4c, 0x41, 0x42, 0x4c, 0x45, 0x10, 0x0e, 0x12, 0x0d,
+	0x0a, 0x09, 0x44, 0x41, 0x54, 0x41, 0x5f, 0x4c, 0x4f, 0x53, 0x53, 0x10, 0x0f, 0x42, 0x58, 0x0a,
+	0x0e, 0x63, 0x6f, 0x6d, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x72, 0x70, 0x63, 0x42,
+	0x09, 0x43, 0x6f, 0x64, 0x65, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x33, 0x67, 0x6f,
+	0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x67, 0x6f, 0x6c, 0x61, 0x6e, 0x67, 0x2e, 0x6f, 0x72, 0x67, 0x2f,
+	0x67, 0x65, 0x6e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x61,
+	0x70, 0x69, 0x73, 0x2f, 0x72, 0x70, 0x63, 0x2f, 0x63, 0x6f, 0x64, 0x65, 0x3b, 0x63, 0x6f, 0x64,
+	0x65, 0xa2, 0x02, 0x03, 0x52, 0x50, 0x43, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+}
+
+var (
+	file_google_rpc_code_proto_rawDescOnce sync.Once
+	file_google_rpc_code_proto_rawDescData = file_google_rpc_code_proto_rawDesc
+)
+
+func file_google_rpc_code_proto_rawDescGZIP() []byte {
+	file_google_rpc_code_proto_rawDescOnce.Do(func() {
+		file_google_rpc_code_proto_rawDescData = protoimpl.X.CompressGZIP(file_google_rpc_code_proto_rawDescData)
+	})
+	return file_google_rpc_code_proto_rawDescData
+}
+
+var file_google_rpc_code_proto_enumTypes = make([]protoimpl.EnumInfo, 1)
+var file_google_rpc_code_proto_goTypes = []interface{}{
+	(Code)(0), // 0: google.rpc.Code
+}
+var file_google_rpc_code_proto_depIdxs = []int32{
+	0, // [0:0] is the sub-list for method output_type
+	0, // [0:0] is the sub-list for method input_type
+	0, // [0:0] is the sub-list for extension type_name
+	0, // [0:0] is the sub-list for extension extendee
+	0, // [0:0] is the sub-list for field type_name
+}
+
+func init() { file_google_rpc_code_proto_init() }
+func file_google_rpc_code_proto_init() {
+	if File_google_rpc_code_proto != nil {
+		return
+	}
+	type x struct{}
+	out := protoimpl.TypeBuilder{
+		File: protoimpl.DescBuilder{
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+			RawDescriptor: file_google_rpc_code_proto_rawDesc,
+			NumEnums:      1,
+			NumMessages:   0,
+			NumExtensions: 0,
+			NumServices:   0,
+		},
+		GoTypes:           file_google_rpc_code_proto_goTypes,
+		DependencyIndexes: file_google_rpc_code_proto_depIdxs,
+		EnumInfos:         file_google_rpc_code_proto_enumTypes,
+	}.Build()
+	File_google_rpc_code_proto = out.File
+	file_google_rpc_code_proto_rawDesc = nil
+	file_google_rpc_code_proto_goTypes = nil
+	file_google_rpc_code_proto_depIdxs = nil
+}
diff --git a/vendor/google.golang.org/genproto/googleapis/rpc/errdetails/error_details.pb.go b/vendor/google.golang.org/genproto/googleapis/rpc/errdetails/error_details.pb.go
new file mode 100644
index 000000000..7bd161e48
--- /dev/null
+++ b/vendor/google.golang.org/genproto/googleapis/rpc/errdetails/error_details.pb.go
@@ -0,0 +1,1314 @@
+// Copyright 2022 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// 	protoc-gen-go v1.26.0
+// 	protoc        v3.21.9
+// source: google/rpc/error_details.proto
+
+package errdetails
+
+import (
+	reflect "reflect"
+	sync "sync"
+
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+	durationpb "google.golang.org/protobuf/types/known/durationpb"
+)
+
+const (
+	// Verify that this generated code is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+	// Verify that runtime/protoimpl is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+// Describes the cause of the error with structured details.
+//
+// Example of an error when contacting the "pubsub.googleapis.com" API when it
+// is not enabled:
+//
+//	{ "reason": "API_DISABLED"
+//	  "domain": "googleapis.com"
+//	  "metadata": {
+//	    "resource": "projects/123",
+//	    "service": "pubsub.googleapis.com"
+//	  }
+//	}
+//
+// This response indicates that the pubsub.googleapis.com API is not enabled.
+//
+// Example of an error that is returned when attempting to create a Spanner
+// instance in a region that is out of stock:
+//
+//	{ "reason": "STOCKOUT"
+//	  "domain": "spanner.googleapis.com",
+//	  "metadata": {
+//	    "availableRegions": "us-central1,us-east2"
+//	  }
+//	}
+type ErrorInfo struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// The reason of the error. This is a constant value that identifies the
+	// proximate cause of the error. Error reasons are unique within a particular
+	// domain of errors. This should be at most 63 characters and match a
+	// regular expression of `[A-Z][A-Z0-9_]+[A-Z0-9]`, which represents
+	// UPPER_SNAKE_CASE.
+	Reason string `protobuf:"bytes,1,opt,name=reason,proto3" json:"reason,omitempty"`
+	// The logical grouping to which the "reason" belongs. The error domain
+	// is typically the registered service name of the tool or product that
+	// generates the error. Example: "pubsub.googleapis.com". If the error is
+	// generated by some common infrastructure, the error domain must be a
+	// globally unique value that identifies the infrastructure. For Google API
+	// infrastructure, the error domain is "googleapis.com".
+	Domain string `protobuf:"bytes,2,opt,name=domain,proto3" json:"domain,omitempty"`
+	// Additional structured details about this error.
+	//
+	// Keys should match /[a-zA-Z0-9-_]/ and be limited to 64 characters in
+	// length. When identifying the current value of an exceeded limit, the units
+	// should be contained in the key, not the value.  For example, rather than
+	// {"instanceLimit": "100/request"}, should be returned as,
+	// {"instanceLimitPerRequest": "100"}, if the client exceeds the number of
+	// instances that can be created in a single (batch) request.
+	Metadata map[string]string `protobuf:"bytes,3,rep,name=metadata,proto3" json:"metadata,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+}
+
+func (x *ErrorInfo) Reset() {
+	*x = ErrorInfo{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_google_rpc_error_details_proto_msgTypes[0]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *ErrorInfo) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ErrorInfo) ProtoMessage() {}
+
+func (x *ErrorInfo) ProtoReflect() protoreflect.Message {
+	mi := &file_google_rpc_error_details_proto_msgTypes[0]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ErrorInfo.ProtoReflect.Descriptor instead.
+func (*ErrorInfo) Descriptor() ([]byte, []int) {
+	return file_google_rpc_error_details_proto_rawDescGZIP(), []int{0}
+}
+
+func (x *ErrorInfo) GetReason() string {
+	if x != nil {
+		return x.Reason
+	}
+	return ""
+}
+
+func (x *ErrorInfo) GetDomain() string {
+	if x != nil {
+		return x.Domain
+	}
+	return ""
+}
+
+func (x *ErrorInfo) GetMetadata() map[string]string {
+	if x != nil {
+		return x.Metadata
+	}
+	return nil
+}
+
+// Describes when the clients can retry a failed request. Clients could ignore
+// the recommendation here or retry when this information is missing from error
+// responses.
+//
+// It's always recommended that clients should use exponential backoff when
+// retrying.
+//
+// Clients should wait until `retry_delay` amount of time has passed since
+// receiving the error response before retrying.  If retrying requests also
+// fail, clients should use an exponential backoff scheme to gradually increase
+// the delay between retries based on `retry_delay`, until either a maximum
+// number of retries have been reached or a maximum retry delay cap has been
+// reached.
+type RetryInfo struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// Clients should wait at least this long between retrying the same request.
+	RetryDelay *durationpb.Duration `protobuf:"bytes,1,opt,name=retry_delay,json=retryDelay,proto3" json:"retry_delay,omitempty"`
+}
+
+func (x *RetryInfo) Reset() {
+	*x = RetryInfo{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_google_rpc_error_details_proto_msgTypes[1]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *RetryInfo) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*RetryInfo) ProtoMessage() {}
+
+func (x *RetryInfo) ProtoReflect() protoreflect.Message {
+	mi := &file_google_rpc_error_details_proto_msgTypes[1]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use RetryInfo.ProtoReflect.Descriptor instead.
+func (*RetryInfo) Descriptor() ([]byte, []int) {
+	return file_google_rpc_error_details_proto_rawDescGZIP(), []int{1}
+}
+
+func (x *RetryInfo) GetRetryDelay() *durationpb.Duration {
+	if x != nil {
+		return x.RetryDelay
+	}
+	return nil
+}
+
+// Describes additional debugging info.
+type DebugInfo struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// The stack trace entries indicating where the error occurred.
+	StackEntries []string `protobuf:"bytes,1,rep,name=stack_entries,json=stackEntries,proto3" json:"stack_entries,omitempty"`
+	// Additional debugging information provided by the server.
+	Detail string `protobuf:"bytes,2,opt,name=detail,proto3" json:"detail,omitempty"`
+}
+
+func (x *DebugInfo) Reset() {
+	*x = DebugInfo{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_google_rpc_error_details_proto_msgTypes[2]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *DebugInfo) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*DebugInfo) ProtoMessage() {}
+
+func (x *DebugInfo) ProtoReflect() protoreflect.Message {
+	mi := &file_google_rpc_error_details_proto_msgTypes[2]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use DebugInfo.ProtoReflect.Descriptor instead.
+func (*DebugInfo) Descriptor() ([]byte, []int) {
+	return file_google_rpc_error_details_proto_rawDescGZIP(), []int{2}
+}
+
+func (x *DebugInfo) GetStackEntries() []string {
+	if x != nil {
+		return x.StackEntries
+	}
+	return nil
+}
+
+func (x *DebugInfo) GetDetail() string {
+	if x != nil {
+		return x.Detail
+	}
+	return ""
+}
+
+// Describes how a quota check failed.
+//
+// For example if a daily limit was exceeded for the calling project,
+// a service could respond with a QuotaFailure detail containing the project
+// id and the description of the quota limit that was exceeded.  If the
+// calling project hasn't enabled the service in the developer console, then
+// a service could respond with the project id and set `service_disabled`
+// to true.
+//
+// Also see RetryInfo and Help types for other details about handling a
+// quota failure.
+type QuotaFailure struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// Describes all quota violations.
+	Violations []*QuotaFailure_Violation `protobuf:"bytes,1,rep,name=violations,proto3" json:"violations,omitempty"`
+}
+
+func (x *QuotaFailure) Reset() {
+	*x = QuotaFailure{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_google_rpc_error_details_proto_msgTypes[3]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *QuotaFailure) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*QuotaFailure) ProtoMessage() {}
+
+func (x *QuotaFailure) ProtoReflect() protoreflect.Message {
+	mi := &file_google_rpc_error_details_proto_msgTypes[3]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use QuotaFailure.ProtoReflect.Descriptor instead.
+func (*QuotaFailure) Descriptor() ([]byte, []int) {
+	return file_google_rpc_error_details_proto_rawDescGZIP(), []int{3}
+}
+
+func (x *QuotaFailure) GetViolations() []*QuotaFailure_Violation {
+	if x != nil {
+		return x.Violations
+	}
+	return nil
+}
+
+// Describes what preconditions have failed.
+//
+// For example, if an RPC failed because it required the Terms of Service to be
+// acknowledged, it could list the terms of service violation in the
+// PreconditionFailure message.
+type PreconditionFailure struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// Describes all precondition violations.
+	Violations []*PreconditionFailure_Violation `protobuf:"bytes,1,rep,name=violations,proto3" json:"violations,omitempty"`
+}
+
+func (x *PreconditionFailure) Reset() {
+	*x = PreconditionFailure{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_google_rpc_error_details_proto_msgTypes[4]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *PreconditionFailure) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*PreconditionFailure) ProtoMessage() {}
+
+func (x *PreconditionFailure) ProtoReflect() protoreflect.Message {
+	mi := &file_google_rpc_error_details_proto_msgTypes[4]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use PreconditionFailure.ProtoReflect.Descriptor instead.
+func (*PreconditionFailure) Descriptor() ([]byte, []int) {
+	return file_google_rpc_error_details_proto_rawDescGZIP(), []int{4}
+}
+
+func (x *PreconditionFailure) GetViolations() []*PreconditionFailure_Violation {
+	if x != nil {
+		return x.Violations
+	}
+	return nil
+}
+
+// Describes violations in a client request. This error type focuses on the
+// syntactic aspects of the request.
+type BadRequest struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// Describes all violations in a client request.
+	FieldViolations []*BadRequest_FieldViolation `protobuf:"bytes,1,rep,name=field_violations,json=fieldViolations,proto3" json:"field_violations,omitempty"`
+}
+
+func (x *BadRequest) Reset() {
+	*x = BadRequest{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_google_rpc_error_details_proto_msgTypes[5]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *BadRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*BadRequest) ProtoMessage() {}
+
+func (x *BadRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_google_rpc_error_details_proto_msgTypes[5]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use BadRequest.ProtoReflect.Descriptor instead.
+func (*BadRequest) Descriptor() ([]byte, []int) {
+	return file_google_rpc_error_details_proto_rawDescGZIP(), []int{5}
+}
+
+func (x *BadRequest) GetFieldViolations() []*BadRequest_FieldViolation {
+	if x != nil {
+		return x.FieldViolations
+	}
+	return nil
+}
+
+// Contains metadata about the request that clients can attach when filing a bug
+// or providing other forms of feedback.
+type RequestInfo struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// An opaque string that should only be interpreted by the service generating
+	// it. For example, it can be used to identify requests in the service's logs.
+	RequestId string `protobuf:"bytes,1,opt,name=request_id,json=requestId,proto3" json:"request_id,omitempty"`
+	// Any data that was used to serve this request. For example, an encrypted
+	// stack trace that can be sent back to the service provider for debugging.
+	ServingData string `protobuf:"bytes,2,opt,name=serving_data,json=servingData,proto3" json:"serving_data,omitempty"`
+}
+
+func (x *RequestInfo) Reset() {
+	*x = RequestInfo{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_google_rpc_error_details_proto_msgTypes[6]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *RequestInfo) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*RequestInfo) ProtoMessage() {}
+
+func (x *RequestInfo) ProtoReflect() protoreflect.Message {
+	mi := &file_google_rpc_error_details_proto_msgTypes[6]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use RequestInfo.ProtoReflect.Descriptor instead.
+func (*RequestInfo) Descriptor() ([]byte, []int) {
+	return file_google_rpc_error_details_proto_rawDescGZIP(), []int{6}
+}
+
+func (x *RequestInfo) GetRequestId() string {
+	if x != nil {
+		return x.RequestId
+	}
+	return ""
+}
+
+func (x *RequestInfo) GetServingData() string {
+	if x != nil {
+		return x.ServingData
+	}
+	return ""
+}
+
+// Describes the resource that is being accessed.
+type ResourceInfo struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// A name for the type of resource being accessed, e.g. "sql table",
+	// "cloud storage bucket", "file", "Google calendar"; or the type URL
+	// of the resource: e.g. "type.googleapis.com/google.pubsub.v1.Topic".
+	ResourceType string `protobuf:"bytes,1,opt,name=resource_type,json=resourceType,proto3" json:"resource_type,omitempty"`
+	// The name of the resource being accessed.  For example, a shared calendar
+	// name: "example.com_4fghdhgsrgh@group.calendar.google.com", if the current
+	// error is
+	// [google.rpc.Code.PERMISSION_DENIED][google.rpc.Code.PERMISSION_DENIED].
+	ResourceName string `protobuf:"bytes,2,opt,name=resource_name,json=resourceName,proto3" json:"resource_name,omitempty"`
+	// The owner of the resource (optional).
+	// For example, "user:<owner email>" or "project:<Google developer project
+	// id>".
+	Owner string `protobuf:"bytes,3,opt,name=owner,proto3" json:"owner,omitempty"`
+	// Describes what error is encountered when accessing this resource.
+	// For example, updating a cloud project may require the `writer` permission
+	// on the developer console project.
+	Description string `protobuf:"bytes,4,opt,name=description,proto3" json:"description,omitempty"`
+}
+
+func (x *ResourceInfo) Reset() {
+	*x = ResourceInfo{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_google_rpc_error_details_proto_msgTypes[7]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *ResourceInfo) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ResourceInfo) ProtoMessage() {}
+
+func (x *ResourceInfo) ProtoReflect() protoreflect.Message {
+	mi := &file_google_rpc_error_details_proto_msgTypes[7]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ResourceInfo.ProtoReflect.Descriptor instead.
+func (*ResourceInfo) Descriptor() ([]byte, []int) {
+	return file_google_rpc_error_details_proto_rawDescGZIP(), []int{7}
+}
+
+func (x *ResourceInfo) GetResourceType() string {
+	if x != nil {
+		return x.ResourceType
+	}
+	return ""
+}
+
+func (x *ResourceInfo) GetResourceName() string {
+	if x != nil {
+		return x.ResourceName
+	}
+	return ""
+}
+
+func (x *ResourceInfo) GetOwner() string {
+	if x != nil {
+		return x.Owner
+	}
+	return ""
+}
+
+func (x *ResourceInfo) GetDescription() string {
+	if x != nil {
+		return x.Description
+	}
+	return ""
+}
+
+// Provides links to documentation or for performing an out of band action.
+//
+// For example, if a quota check failed with an error indicating the calling
+// project hasn't enabled the accessed service, this can contain a URL pointing
+// directly to the right place in the developer console to flip the bit.
+type Help struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// URL(s) pointing to additional information on handling the current error.
+	Links []*Help_Link `protobuf:"bytes,1,rep,name=links,proto3" json:"links,omitempty"`
+}
+
+func (x *Help) Reset() {
+	*x = Help{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_google_rpc_error_details_proto_msgTypes[8]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *Help) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*Help) ProtoMessage() {}
+
+func (x *Help) ProtoReflect() protoreflect.Message {
+	mi := &file_google_rpc_error_details_proto_msgTypes[8]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use Help.ProtoReflect.Descriptor instead.
+func (*Help) Descriptor() ([]byte, []int) {
+	return file_google_rpc_error_details_proto_rawDescGZIP(), []int{8}
+}
+
+func (x *Help) GetLinks() []*Help_Link {
+	if x != nil {
+		return x.Links
+	}
+	return nil
+}
+
+// Provides a localized error message that is safe to return to the user
+// which can be attached to an RPC error.
+type LocalizedMessage struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// The locale used following the specification defined at
+	// https://www.rfc-editor.org/rfc/bcp/bcp47.txt.
+	// Examples are: "en-US", "fr-CH", "es-MX"
+	Locale string `protobuf:"bytes,1,opt,name=locale,proto3" json:"locale,omitempty"`
+	// The localized error message in the above locale.
+	Message string `protobuf:"bytes,2,opt,name=message,proto3" json:"message,omitempty"`
+}
+
+func (x *LocalizedMessage) Reset() {
+	*x = LocalizedMessage{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_google_rpc_error_details_proto_msgTypes[9]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *LocalizedMessage) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*LocalizedMessage) ProtoMessage() {}
+
+func (x *LocalizedMessage) ProtoReflect() protoreflect.Message {
+	mi := &file_google_rpc_error_details_proto_msgTypes[9]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use LocalizedMessage.ProtoReflect.Descriptor instead.
+func (*LocalizedMessage) Descriptor() ([]byte, []int) {
+	return file_google_rpc_error_details_proto_rawDescGZIP(), []int{9}
+}
+
+func (x *LocalizedMessage) GetLocale() string {
+	if x != nil {
+		return x.Locale
+	}
+	return ""
+}
+
+func (x *LocalizedMessage) GetMessage() string {
+	if x != nil {
+		return x.Message
+	}
+	return ""
+}
+
+// A message type used to describe a single quota violation.  For example, a
+// daily quota or a custom quota that was exceeded.
+type QuotaFailure_Violation struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// The subject on which the quota check failed.
+	// For example, "clientip:<ip address of client>" or "project:<Google
+	// developer project id>".
+	Subject string `protobuf:"bytes,1,opt,name=subject,proto3" json:"subject,omitempty"`
+	// A description of how the quota check failed. Clients can use this
+	// description to find more about the quota configuration in the service's
+	// public documentation, or find the relevant quota limit to adjust through
+	// developer console.
+	//
+	// For example: "Service disabled" or "Daily Limit for read operations
+	// exceeded".
+	Description string `protobuf:"bytes,2,opt,name=description,proto3" json:"description,omitempty"`
+}
+
+func (x *QuotaFailure_Violation) Reset() {
+	*x = QuotaFailure_Violation{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_google_rpc_error_details_proto_msgTypes[11]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *QuotaFailure_Violation) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*QuotaFailure_Violation) ProtoMessage() {}
+
+func (x *QuotaFailure_Violation) ProtoReflect() protoreflect.Message {
+	mi := &file_google_rpc_error_details_proto_msgTypes[11]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use QuotaFailure_Violation.ProtoReflect.Descriptor instead.
+func (*QuotaFailure_Violation) Descriptor() ([]byte, []int) {
+	return file_google_rpc_error_details_proto_rawDescGZIP(), []int{3, 0}
+}
+
+func (x *QuotaFailure_Violation) GetSubject() string {
+	if x != nil {
+		return x.Subject
+	}
+	return ""
+}
+
+func (x *QuotaFailure_Violation) GetDescription() string {
+	if x != nil {
+		return x.Description
+	}
+	return ""
+}
+
+// A message type used to describe a single precondition failure.
+type PreconditionFailure_Violation struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// The type of PreconditionFailure. We recommend using a service-specific
+	// enum type to define the supported precondition violation subjects. For
+	// example, "TOS" for "Terms of Service violation".
+	Type string `protobuf:"bytes,1,opt,name=type,proto3" json:"type,omitempty"`
+	// The subject, relative to the type, that failed.
+	// For example, "google.com/cloud" relative to the "TOS" type would indicate
+	// which terms of service is being referenced.
+	Subject string `protobuf:"bytes,2,opt,name=subject,proto3" json:"subject,omitempty"`
+	// A description of how the precondition failed. Developers can use this
+	// description to understand how to fix the failure.
+	//
+	// For example: "Terms of service not accepted".
+	Description string `protobuf:"bytes,3,opt,name=description,proto3" json:"description,omitempty"`
+}
+
+func (x *PreconditionFailure_Violation) Reset() {
+	*x = PreconditionFailure_Violation{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_google_rpc_error_details_proto_msgTypes[12]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *PreconditionFailure_Violation) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*PreconditionFailure_Violation) ProtoMessage() {}
+
+func (x *PreconditionFailure_Violation) ProtoReflect() protoreflect.Message {
+	mi := &file_google_rpc_error_details_proto_msgTypes[12]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use PreconditionFailure_Violation.ProtoReflect.Descriptor instead.
+func (*PreconditionFailure_Violation) Descriptor() ([]byte, []int) {
+	return file_google_rpc_error_details_proto_rawDescGZIP(), []int{4, 0}
+}
+
+func (x *PreconditionFailure_Violation) GetType() string {
+	if x != nil {
+		return x.Type
+	}
+	return ""
+}
+
+func (x *PreconditionFailure_Violation) GetSubject() string {
+	if x != nil {
+		return x.Subject
+	}
+	return ""
+}
+
+func (x *PreconditionFailure_Violation) GetDescription() string {
+	if x != nil {
+		return x.Description
+	}
+	return ""
+}
+
+// A message type used to describe a single bad request field.
+type BadRequest_FieldViolation struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// A path that leads to a field in the request body. The value will be a
+	// sequence of dot-separated identifiers that identify a protocol buffer
+	// field.
+	//
+	// Consider the following:
+	//
+	//	message CreateContactRequest {
+	//	  message EmailAddress {
+	//	    enum Type {
+	//	      TYPE_UNSPECIFIED = 0;
+	//	      HOME = 1;
+	//	      WORK = 2;
+	//	    }
+	//
+	//	    optional string email = 1;
+	//	    repeated EmailType type = 2;
+	//	  }
+	//
+	//	  string full_name = 1;
+	//	  repeated EmailAddress email_addresses = 2;
+	//	}
+	//
+	// In this example, in proto `field` could take one of the following values:
+	//
+	//   - `full_name` for a violation in the `full_name` value
+	//   - `email_addresses[1].email` for a violation in the `email` field of the
+	//     first `email_addresses` message
+	//   - `email_addresses[3].type[2]` for a violation in the second `type`
+	//     value in the third `email_addresses` message.
+	//
+	// In JSON, the same values are represented as:
+	//
+	//   - `fullName` for a violation in the `fullName` value
+	//   - `emailAddresses[1].email` for a violation in the `email` field of the
+	//     first `emailAddresses` message
+	//   - `emailAddresses[3].type[2]` for a violation in the second `type`
+	//     value in the third `emailAddresses` message.
+	Field string `protobuf:"bytes,1,opt,name=field,proto3" json:"field,omitempty"`
+	// A description of why the request element is bad.
+	Description string `protobuf:"bytes,2,opt,name=description,proto3" json:"description,omitempty"`
+}
+
+func (x *BadRequest_FieldViolation) Reset() {
+	*x = BadRequest_FieldViolation{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_google_rpc_error_details_proto_msgTypes[13]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *BadRequest_FieldViolation) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*BadRequest_FieldViolation) ProtoMessage() {}
+
+func (x *BadRequest_FieldViolation) ProtoReflect() protoreflect.Message {
+	mi := &file_google_rpc_error_details_proto_msgTypes[13]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use BadRequest_FieldViolation.ProtoReflect.Descriptor instead.
+func (*BadRequest_FieldViolation) Descriptor() ([]byte, []int) {
+	return file_google_rpc_error_details_proto_rawDescGZIP(), []int{5, 0}
+}
+
+func (x *BadRequest_FieldViolation) GetField() string {
+	if x != nil {
+		return x.Field
+	}
+	return ""
+}
+
+func (x *BadRequest_FieldViolation) GetDescription() string {
+	if x != nil {
+		return x.Description
+	}
+	return ""
+}
+
+// Describes a URL link.
+type Help_Link struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// Describes what the link offers.
+	Description string `protobuf:"bytes,1,opt,name=description,proto3" json:"description,omitempty"`
+	// The URL of the link.
+	Url string `protobuf:"bytes,2,opt,name=url,proto3" json:"url,omitempty"`
+}
+
+func (x *Help_Link) Reset() {
+	*x = Help_Link{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_google_rpc_error_details_proto_msgTypes[14]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *Help_Link) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*Help_Link) ProtoMessage() {}
+
+func (x *Help_Link) ProtoReflect() protoreflect.Message {
+	mi := &file_google_rpc_error_details_proto_msgTypes[14]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use Help_Link.ProtoReflect.Descriptor instead.
+func (*Help_Link) Descriptor() ([]byte, []int) {
+	return file_google_rpc_error_details_proto_rawDescGZIP(), []int{8, 0}
+}
+
+func (x *Help_Link) GetDescription() string {
+	if x != nil {
+		return x.Description
+	}
+	return ""
+}
+
+func (x *Help_Link) GetUrl() string {
+	if x != nil {
+		return x.Url
+	}
+	return ""
+}
+
+var File_google_rpc_error_details_proto protoreflect.FileDescriptor
+
+var file_google_rpc_error_details_proto_rawDesc = []byte{
+	0x0a, 0x1e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x72, 0x70, 0x63, 0x2f, 0x65, 0x72, 0x72,
+	0x6f, 0x72, 0x5f, 0x64, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
+	0x12, 0x0a, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x72, 0x70, 0x63, 0x1a, 0x1e, 0x67, 0x6f,
+	0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x64, 0x75,
+	0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xb9, 0x01, 0x0a,
+	0x09, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x49, 0x6e, 0x66, 0x6f, 0x12, 0x16, 0x0a, 0x06, 0x72, 0x65,
+	0x61, 0x73, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x72, 0x65, 0x61, 0x73,
+	0x6f, 0x6e, 0x12, 0x16, 0x0a, 0x06, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x18, 0x02, 0x20, 0x01,
+	0x28, 0x09, 0x52, 0x06, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x12, 0x3f, 0x0a, 0x08, 0x6d, 0x65,
+	0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x23, 0x2e, 0x67,
+	0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x72, 0x70, 0x63, 0x2e, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x49,
+	0x6e, 0x66, 0x6f, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72,
+	0x79, 0x52, 0x08, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x1a, 0x3b, 0x0a, 0x0d, 0x4d,
+	0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03,
+	0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14,
+	0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76,
+	0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x47, 0x0a, 0x09, 0x52, 0x65, 0x74, 0x72,
+	0x79, 0x49, 0x6e, 0x66, 0x6f, 0x12, 0x3a, 0x0a, 0x0b, 0x72, 0x65, 0x74, 0x72, 0x79, 0x5f, 0x64,
+	0x65, 0x6c, 0x61, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f,
+	0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72,
+	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0a, 0x72, 0x65, 0x74, 0x72, 0x79, 0x44, 0x65, 0x6c, 0x61,
+	0x79, 0x22, 0x48, 0x0a, 0x09, 0x44, 0x65, 0x62, 0x75, 0x67, 0x49, 0x6e, 0x66, 0x6f, 0x12, 0x23,
+	0x0a, 0x0d, 0x73, 0x74, 0x61, 0x63, 0x6b, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x69, 0x65, 0x73, 0x18,
+	0x01, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0c, 0x73, 0x74, 0x61, 0x63, 0x6b, 0x45, 0x6e, 0x74, 0x72,
+	0x69, 0x65, 0x73, 0x12, 0x16, 0x0a, 0x06, 0x64, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x18, 0x02, 0x20,
+	0x01, 0x28, 0x09, 0x52, 0x06, 0x64, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x22, 0x9b, 0x01, 0x0a, 0x0c,
+	0x51, 0x75, 0x6f, 0x74, 0x61, 0x46, 0x61, 0x69, 0x6c, 0x75, 0x72, 0x65, 0x12, 0x42, 0x0a, 0x0a,
+	0x76, 0x69, 0x6f, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b,
+	0x32, 0x22, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x72, 0x70, 0x63, 0x2e, 0x51, 0x75,
+	0x6f, 0x74, 0x61, 0x46, 0x61, 0x69, 0x6c, 0x75, 0x72, 0x65, 0x2e, 0x56, 0x69, 0x6f, 0x6c, 0x61,
+	0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0a, 0x76, 0x69, 0x6f, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73,
+	0x1a, 0x47, 0x0a, 0x09, 0x56, 0x69, 0x6f, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x18, 0x0a,
+	0x07, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07,
+	0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x12, 0x20, 0x0a, 0x0b, 0x64, 0x65, 0x73, 0x63, 0x72,
+	0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x64, 0x65,
+	0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0xbd, 0x01, 0x0a, 0x13, 0x50, 0x72,
+	0x65, 0x63, 0x6f, 0x6e, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x46, 0x61, 0x69, 0x6c, 0x75, 0x72,
+	0x65, 0x12, 0x49, 0x0a, 0x0a, 0x76, 0x69, 0x6f, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18,
+	0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x29, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x72,
+	0x70, 0x63, 0x2e, 0x50, 0x72, 0x65, 0x63, 0x6f, 0x6e, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x46,
+	0x61, 0x69, 0x6c, 0x75, 0x72, 0x65, 0x2e, 0x56, 0x69, 0x6f, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e,
+	0x52, 0x0a, 0x76, 0x69, 0x6f, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x1a, 0x5b, 0x0a, 0x09,
+	0x56, 0x69, 0x6f, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x12, 0x0a, 0x04, 0x74, 0x79, 0x70,
+	0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x18, 0x0a,
+	0x07, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07,
+	0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x12, 0x20, 0x0a, 0x0b, 0x64, 0x65, 0x73, 0x63, 0x72,
+	0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x64, 0x65,
+	0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0xa8, 0x01, 0x0a, 0x0a, 0x42, 0x61,
+	0x64, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x50, 0x0a, 0x10, 0x66, 0x69, 0x65, 0x6c,
+	0x64, 0x5f, 0x76, 0x69, 0x6f, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x01, 0x20, 0x03,
+	0x28, 0x0b, 0x32, 0x25, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x72, 0x70, 0x63, 0x2e,
+	0x42, 0x61, 0x64, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x2e, 0x46, 0x69, 0x65, 0x6c, 0x64,
+	0x56, 0x69, 0x6f, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0f, 0x66, 0x69, 0x65, 0x6c, 0x64,
+	0x56, 0x69, 0x6f, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x1a, 0x48, 0x0a, 0x0e, 0x46, 0x69,
+	0x65, 0x6c, 0x64, 0x56, 0x69, 0x6f, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x14, 0x0a, 0x05,
+	0x66, 0x69, 0x65, 0x6c, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x66, 0x69, 0x65,
+	0x6c, 0x64, 0x12, 0x20, 0x0a, 0x0b, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x69, 0x6f,
+	0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70,
+	0x74, 0x69, 0x6f, 0x6e, 0x22, 0x4f, 0x0a, 0x0b, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x49,
+	0x6e, 0x66, 0x6f, 0x12, 0x1d, 0x0a, 0x0a, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x5f, 0x69,
+	0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74,
+	0x49, 0x64, 0x12, 0x21, 0x0a, 0x0c, 0x73, 0x65, 0x72, 0x76, 0x69, 0x6e, 0x67, 0x5f, 0x64, 0x61,
+	0x74, 0x61, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x73, 0x65, 0x72, 0x76, 0x69, 0x6e,
+	0x67, 0x44, 0x61, 0x74, 0x61, 0x22, 0x90, 0x01, 0x0a, 0x0c, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72,
+	0x63, 0x65, 0x49, 0x6e, 0x66, 0x6f, 0x12, 0x23, 0x0a, 0x0d, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72,
+	0x63, 0x65, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x72,
+	0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x54, 0x79, 0x70, 0x65, 0x12, 0x23, 0x0a, 0x0d, 0x72,
+	0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01,
+	0x28, 0x09, 0x52, 0x0c, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x4e, 0x61, 0x6d, 0x65,
+	0x12, 0x14, 0x0a, 0x05, 0x6f, 0x77, 0x6e, 0x65, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52,
+	0x05, 0x6f, 0x77, 0x6e, 0x65, 0x72, 0x12, 0x20, 0x0a, 0x0b, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69,
+	0x70, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x64, 0x65, 0x73,
+	0x63, 0x72, 0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x6f, 0x0a, 0x04, 0x48, 0x65, 0x6c, 0x70,
+	0x12, 0x2b, 0x0a, 0x05, 0x6c, 0x69, 0x6e, 0x6b, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32,
+	0x15, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x72, 0x70, 0x63, 0x2e, 0x48, 0x65, 0x6c,
+	0x70, 0x2e, 0x4c, 0x69, 0x6e, 0x6b, 0x52, 0x05, 0x6c, 0x69, 0x6e, 0x6b, 0x73, 0x1a, 0x3a, 0x0a,
+	0x04, 0x4c, 0x69, 0x6e, 0x6b, 0x12, 0x20, 0x0a, 0x0b, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70,
+	0x74, 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x64, 0x65, 0x73, 0x63,
+	0x72, 0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x10, 0x0a, 0x03, 0x75, 0x72, 0x6c, 0x18, 0x02,
+	0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x75, 0x72, 0x6c, 0x22, 0x44, 0x0a, 0x10, 0x4c, 0x6f, 0x63,
+	0x61, 0x6c, 0x69, 0x7a, 0x65, 0x64, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x12, 0x16, 0x0a,
+	0x06, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x6c,
+	0x6f, 0x63, 0x61, 0x6c, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65,
+	0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x42,
+	0x6c, 0x0a, 0x0e, 0x63, 0x6f, 0x6d, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x72, 0x70,
+	0x63, 0x42, 0x11, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x44, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x50,
+	0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x3f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x67,
+	0x6f, 0x6c, 0x61, 0x6e, 0x67, 0x2e, 0x6f, 0x72, 0x67, 0x2f, 0x67, 0x65, 0x6e, 0x70, 0x72, 0x6f,
+	0x74, 0x6f, 0x2f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x61, 0x70, 0x69, 0x73, 0x2f, 0x72, 0x70,
+	0x63, 0x2f, 0x65, 0x72, 0x72, 0x64, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x3b, 0x65, 0x72, 0x72,
+	0x64, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0xa2, 0x02, 0x03, 0x52, 0x50, 0x43, 0x62, 0x06, 0x70,
+	0x72, 0x6f, 0x74, 0x6f, 0x33,
+}
+
+var (
+	file_google_rpc_error_details_proto_rawDescOnce sync.Once
+	file_google_rpc_error_details_proto_rawDescData = file_google_rpc_error_details_proto_rawDesc
+)
+
+func file_google_rpc_error_details_proto_rawDescGZIP() []byte {
+	file_google_rpc_error_details_proto_rawDescOnce.Do(func() {
+		file_google_rpc_error_details_proto_rawDescData = protoimpl.X.CompressGZIP(file_google_rpc_error_details_proto_rawDescData)
+	})
+	return file_google_rpc_error_details_proto_rawDescData
+}
+
+var file_google_rpc_error_details_proto_msgTypes = make([]protoimpl.MessageInfo, 15)
+var file_google_rpc_error_details_proto_goTypes = []interface{}{
+	(*ErrorInfo)(nil),                     // 0: google.rpc.ErrorInfo
+	(*RetryInfo)(nil),                     // 1: google.rpc.RetryInfo
+	(*DebugInfo)(nil),                     // 2: google.rpc.DebugInfo
+	(*QuotaFailure)(nil),                  // 3: google.rpc.QuotaFailure
+	(*PreconditionFailure)(nil),           // 4: google.rpc.PreconditionFailure
+	(*BadRequest)(nil),                    // 5: google.rpc.BadRequest
+	(*RequestInfo)(nil),                   // 6: google.rpc.RequestInfo
+	(*ResourceInfo)(nil),                  // 7: google.rpc.ResourceInfo
+	(*Help)(nil),                          // 8: google.rpc.Help
+	(*LocalizedMessage)(nil),              // 9: google.rpc.LocalizedMessage
+	nil,                                   // 10: google.rpc.ErrorInfo.MetadataEntry
+	(*QuotaFailure_Violation)(nil),        // 11: google.rpc.QuotaFailure.Violation
+	(*PreconditionFailure_Violation)(nil), // 12: google.rpc.PreconditionFailure.Violation
+	(*BadRequest_FieldViolation)(nil),     // 13: google.rpc.BadRequest.FieldViolation
+	(*Help_Link)(nil),                     // 14: google.rpc.Help.Link
+	(*durationpb.Duration)(nil),           // 15: google.protobuf.Duration
+}
+var file_google_rpc_error_details_proto_depIdxs = []int32{
+	10, // 0: google.rpc.ErrorInfo.metadata:type_name -> google.rpc.ErrorInfo.MetadataEntry
+	15, // 1: google.rpc.RetryInfo.retry_delay:type_name -> google.protobuf.Duration
+	11, // 2: google.rpc.QuotaFailure.violations:type_name -> google.rpc.QuotaFailure.Violation
+	12, // 3: google.rpc.PreconditionFailure.violations:type_name -> google.rpc.PreconditionFailure.Violation
+	13, // 4: google.rpc.BadRequest.field_violations:type_name -> google.rpc.BadRequest.FieldViolation
+	14, // 5: google.rpc.Help.links:type_name -> google.rpc.Help.Link
+	6,  // [6:6] is the sub-list for method output_type
+	6,  // [6:6] is the sub-list for method input_type
+	6,  // [6:6] is the sub-list for extension type_name
+	6,  // [6:6] is the sub-list for extension extendee
+	0,  // [0:6] is the sub-list for field type_name
+}
+
+func init() { file_google_rpc_error_details_proto_init() }
+func file_google_rpc_error_details_proto_init() {
+	if File_google_rpc_error_details_proto != nil {
+		return
+	}
+	if !protoimpl.UnsafeEnabled {
+		file_google_rpc_error_details_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*ErrorInfo); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_google_rpc_error_details_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*RetryInfo); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_google_rpc_error_details_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*DebugInfo); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_google_rpc_error_details_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*QuotaFailure); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_google_rpc_error_details_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*PreconditionFailure); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_google_rpc_error_details_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*BadRequest); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_google_rpc_error_details_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*RequestInfo); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_google_rpc_error_details_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*ResourceInfo); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_google_rpc_error_details_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*Help); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_google_rpc_error_details_proto_msgTypes[9].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*LocalizedMessage); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_google_rpc_error_details_proto_msgTypes[11].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*QuotaFailure_Violation); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_google_rpc_error_details_proto_msgTypes[12].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*PreconditionFailure_Violation); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_google_rpc_error_details_proto_msgTypes[13].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*BadRequest_FieldViolation); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_google_rpc_error_details_proto_msgTypes[14].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*Help_Link); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+	}
+	type x struct{}
+	out := protoimpl.TypeBuilder{
+		File: protoimpl.DescBuilder{
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+			RawDescriptor: file_google_rpc_error_details_proto_rawDesc,
+			NumEnums:      0,
+			NumMessages:   15,
+			NumExtensions: 0,
+			NumServices:   0,
+		},
+		GoTypes:           file_google_rpc_error_details_proto_goTypes,
+		DependencyIndexes: file_google_rpc_error_details_proto_depIdxs,
+		MessageInfos:      file_google_rpc_error_details_proto_msgTypes,
+	}.Build()
+	File_google_rpc_error_details_proto = out.File
+	file_google_rpc_error_details_proto_rawDesc = nil
+	file_google_rpc_error_details_proto_goTypes = nil
+	file_google_rpc_error_details_proto_depIdxs = nil
+}
diff --git a/vendor/gopkg.in/check.v1/.gitignore b/vendor/gopkg.in/check.v1/.gitignore
new file mode 100644
index 000000000..191a5360b
--- /dev/null
+++ b/vendor/gopkg.in/check.v1/.gitignore
@@ -0,0 +1,4 @@
+_*
+*.swp
+*.[568]
+[568].out
diff --git a/vendor/gopkg.in/check.v1/.travis.yml b/vendor/gopkg.in/check.v1/.travis.yml
new file mode 100644
index 000000000..ead6735fc
--- /dev/null
+++ b/vendor/gopkg.in/check.v1/.travis.yml
@@ -0,0 +1,3 @@
+language: go
+
+go_import_path: gopkg.in/check.v1
diff --git a/vendor/gopkg.in/check.v1/LICENSE b/vendor/gopkg.in/check.v1/LICENSE
new file mode 100644
index 000000000..545cf2d33
--- /dev/null
+++ b/vendor/gopkg.in/check.v1/LICENSE
@@ -0,0 +1,25 @@
+Gocheck - A rich testing framework for Go
+ 
+Copyright (c) 2010-2013 Gustavo Niemeyer <gustavo@niemeyer.net>
+
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met: 
+
+1. Redistributions of source code must retain the above copyright notice, this
+   list of conditions and the following disclaimer. 
+2. Redistributions in binary form must reproduce the above copyright notice,
+   this list of conditions and the following disclaimer in the documentation
+   and/or other materials provided with the distribution. 
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
+ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/vendor/gopkg.in/check.v1/README.md b/vendor/gopkg.in/check.v1/README.md
new file mode 100644
index 000000000..0ca9e5726
--- /dev/null
+++ b/vendor/gopkg.in/check.v1/README.md
@@ -0,0 +1,20 @@
+Instructions
+============
+
+Install the package with:
+
+    go get gopkg.in/check.v1
+    
+Import it with:
+
+    import "gopkg.in/check.v1"
+
+and use _check_ as the package name inside the code.
+
+For more details, visit the project page:
+
+* http://labix.org/gocheck
+
+and the API documentation:
+
+* https://gopkg.in/check.v1
diff --git a/vendor/gopkg.in/check.v1/TODO b/vendor/gopkg.in/check.v1/TODO
new file mode 100644
index 000000000..33498270e
--- /dev/null
+++ b/vendor/gopkg.in/check.v1/TODO
@@ -0,0 +1,2 @@
+- Assert(slice, Contains, item)
+- Parallel test support
diff --git a/vendor/gopkg.in/check.v1/benchmark.go b/vendor/gopkg.in/check.v1/benchmark.go
new file mode 100644
index 000000000..46ea9dc6d
--- /dev/null
+++ b/vendor/gopkg.in/check.v1/benchmark.go
@@ -0,0 +1,187 @@
+// Copyright (c) 2012 The Go Authors. All rights reserved.
+// 
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+// 
+//    * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//    * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//    * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+// 
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+package check
+
+import (
+	"fmt"
+	"runtime"
+	"time"
+)
+
+var memStats runtime.MemStats
+
+// testingB is a type passed to Benchmark functions to manage benchmark
+// timing and to specify the number of iterations to run.
+type timer struct {
+	start     time.Time // Time test or benchmark started
+	duration  time.Duration
+	N         int
+	bytes     int64
+	timerOn   bool
+	benchTime time.Duration
+	// The initial states of memStats.Mallocs and memStats.TotalAlloc.
+	startAllocs uint64
+	startBytes  uint64
+	// The net total of this test after being run.
+	netAllocs uint64
+	netBytes  uint64
+}
+
+// StartTimer starts timing a test. This function is called automatically
+// before a benchmark starts, but it can also used to resume timing after
+// a call to StopTimer.
+func (c *C) StartTimer() {
+	if !c.timerOn {
+		c.start = time.Now()
+		c.timerOn = true
+
+		runtime.ReadMemStats(&memStats)
+		c.startAllocs = memStats.Mallocs
+		c.startBytes = memStats.TotalAlloc
+	}
+}
+
+// StopTimer stops timing a test. This can be used to pause the timer
+// while performing complex initialization that you don't
+// want to measure.
+func (c *C) StopTimer() {
+	if c.timerOn {
+		c.duration += time.Now().Sub(c.start)
+		c.timerOn = false
+		runtime.ReadMemStats(&memStats)
+		c.netAllocs += memStats.Mallocs - c.startAllocs
+		c.netBytes += memStats.TotalAlloc - c.startBytes
+	}
+}
+
+// ResetTimer sets the elapsed benchmark time to zero.
+// It does not affect whether the timer is running.
+func (c *C) ResetTimer() {
+	if c.timerOn {
+		c.start = time.Now()
+		runtime.ReadMemStats(&memStats)
+		c.startAllocs = memStats.Mallocs
+		c.startBytes = memStats.TotalAlloc
+	}
+	c.duration = 0
+	c.netAllocs = 0
+	c.netBytes = 0
+}
+
+// SetBytes informs the number of bytes that the benchmark processes
+// on each iteration. If this is called in a benchmark it will also
+// report MB/s.
+func (c *C) SetBytes(n int64) {
+	c.bytes = n
+}
+
+func (c *C) nsPerOp() int64 {
+	if c.N <= 0 {
+		return 0
+	}
+	return c.duration.Nanoseconds() / int64(c.N)
+}
+
+func (c *C) mbPerSec() float64 {
+	if c.bytes <= 0 || c.duration <= 0 || c.N <= 0 {
+		return 0
+	}
+	return (float64(c.bytes) * float64(c.N) / 1e6) / c.duration.Seconds()
+}
+
+func (c *C) timerString() string {
+	if c.N <= 0 {
+		return fmt.Sprintf("%3.3fs", float64(c.duration.Nanoseconds())/1e9)
+	}
+	mbs := c.mbPerSec()
+	mb := ""
+	if mbs != 0 {
+		mb = fmt.Sprintf("\t%7.2f MB/s", mbs)
+	}
+	nsop := c.nsPerOp()
+	ns := fmt.Sprintf("%10d ns/op", nsop)
+	if c.N > 0 && nsop < 100 {
+		// The format specifiers here make sure that
+		// the ones digits line up for all three possible formats.
+		if nsop < 10 {
+			ns = fmt.Sprintf("%13.2f ns/op", float64(c.duration.Nanoseconds())/float64(c.N))
+		} else {
+			ns = fmt.Sprintf("%12.1f ns/op", float64(c.duration.Nanoseconds())/float64(c.N))
+		}
+	}
+	memStats := ""
+	if c.benchMem {
+		allocedBytes := fmt.Sprintf("%8d B/op", int64(c.netBytes)/int64(c.N))
+		allocs := fmt.Sprintf("%8d allocs/op", int64(c.netAllocs)/int64(c.N))
+		memStats = fmt.Sprintf("\t%s\t%s", allocedBytes, allocs)
+	}
+	return fmt.Sprintf("%8d\t%s%s%s", c.N, ns, mb, memStats)
+}
+
+func min(x, y int) int {
+	if x > y {
+		return y
+	}
+	return x
+}
+
+func max(x, y int) int {
+	if x < y {
+		return y
+	}
+	return x
+}
+
+// roundDown10 rounds a number down to the nearest power of 10.
+func roundDown10(n int) int {
+	var tens = 0
+	// tens = floor(log_10(n))
+	for n > 10 {
+		n = n / 10
+		tens++
+	}
+	// result = 10^tens
+	result := 1
+	for i := 0; i < tens; i++ {
+		result *= 10
+	}
+	return result
+}
+
+// roundUp rounds x up to a number of the form [1eX, 2eX, 5eX].
+func roundUp(n int) int {
+	base := roundDown10(n)
+	if n < (2 * base) {
+		return 2 * base
+	}
+	if n < (5 * base) {
+		return 5 * base
+	}
+	return 10 * base
+}
diff --git a/vendor/gopkg.in/check.v1/check.go b/vendor/gopkg.in/check.v1/check.go
new file mode 100644
index 000000000..bba8d8bf6
--- /dev/null
+++ b/vendor/gopkg.in/check.v1/check.go
@@ -0,0 +1,876 @@
+// Package check is a rich testing extension for Go's testing package.
+//
+// For details about the project, see:
+//
+//     http://labix.org/gocheck
+//
+package check
+
+import (
+	"bytes"
+	"errors"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"os"
+	"path"
+	"path/filepath"
+	"reflect"
+	"regexp"
+	"runtime"
+	"strconv"
+	"strings"
+	"sync"
+	"sync/atomic"
+	"time"
+)
+
+// -----------------------------------------------------------------------
+// Internal type which deals with suite method calling.
+
+const (
+	fixtureKd = iota
+	testKd
+)
+
+type funcKind int
+
+const (
+	succeededSt = iota
+	failedSt
+	skippedSt
+	panickedSt
+	fixturePanickedSt
+	missedSt
+)
+
+type funcStatus uint32
+
+// A method value can't reach its own Method structure.
+type methodType struct {
+	reflect.Value
+	Info reflect.Method
+}
+
+func newMethod(receiver reflect.Value, i int) *methodType {
+	return &methodType{receiver.Method(i), receiver.Type().Method(i)}
+}
+
+func (method *methodType) PC() uintptr {
+	return method.Info.Func.Pointer()
+}
+
+func (method *methodType) suiteName() string {
+	t := method.Info.Type.In(0)
+	if t.Kind() == reflect.Ptr {
+		t = t.Elem()
+	}
+	return t.Name()
+}
+
+func (method *methodType) String() string {
+	return method.suiteName() + "." + method.Info.Name
+}
+
+func (method *methodType) matches(re *regexp.Regexp) bool {
+	return (re.MatchString(method.Info.Name) ||
+		re.MatchString(method.suiteName()) ||
+		re.MatchString(method.String()))
+}
+
+type C struct {
+	method    *methodType
+	kind      funcKind
+	testName  string
+	_status   funcStatus
+	logb      *logger
+	logw      io.Writer
+	done      chan *C
+	reason    string
+	mustFail  bool
+	tempDir   *tempDir
+	benchMem  bool
+	startTime time.Time
+	timer
+}
+
+func (c *C) status() funcStatus {
+	return funcStatus(atomic.LoadUint32((*uint32)(&c._status)))
+}
+
+func (c *C) setStatus(s funcStatus) {
+	atomic.StoreUint32((*uint32)(&c._status), uint32(s))
+}
+
+func (c *C) stopNow() {
+	runtime.Goexit()
+}
+
+// logger is a concurrency safe byte.Buffer
+type logger struct {
+	sync.Mutex
+	writer bytes.Buffer
+}
+
+func (l *logger) Write(buf []byte) (int, error) {
+	l.Lock()
+	defer l.Unlock()
+	return l.writer.Write(buf)
+}
+
+func (l *logger) WriteTo(w io.Writer) (int64, error) {
+	l.Lock()
+	defer l.Unlock()
+	return l.writer.WriteTo(w)
+}
+
+func (l *logger) String() string {
+	l.Lock()
+	defer l.Unlock()
+	return l.writer.String()
+}
+
+// -----------------------------------------------------------------------
+// Handling of temporary files and directories.
+
+type tempDir struct {
+	sync.Mutex
+	path    string
+	counter int
+}
+
+func (td *tempDir) newPath() string {
+	td.Lock()
+	defer td.Unlock()
+	if td.path == "" {
+		path, err := ioutil.TempDir("", "check-")
+		if err != nil {
+			panic("Couldn't create temporary directory: " + err.Error())
+		}
+		td.path = path
+	}
+	result := filepath.Join(td.path, strconv.Itoa(td.counter))
+	td.counter++
+	return result
+}
+
+func (td *tempDir) removeAll() {
+	td.Lock()
+	defer td.Unlock()
+	if td.path != "" {
+		err := os.RemoveAll(td.path)
+		if err != nil {
+			fmt.Fprintf(os.Stderr, "WARNING: Error cleaning up temporaries: "+err.Error())
+		}
+	}
+}
+
+// Create a new temporary directory which is automatically removed after
+// the suite finishes running.
+func (c *C) MkDir() string {
+	path := c.tempDir.newPath()
+	if err := os.Mkdir(path, 0700); err != nil {
+		panic(fmt.Sprintf("Couldn't create temporary directory %s: %s", path, err.Error()))
+	}
+	return path
+}
+
+// -----------------------------------------------------------------------
+// Low-level logging functions.
+
+func (c *C) log(args ...interface{}) {
+	c.writeLog([]byte(fmt.Sprint(args...) + "\n"))
+}
+
+func (c *C) logf(format string, args ...interface{}) {
+	c.writeLog([]byte(fmt.Sprintf(format+"\n", args...)))
+}
+
+func (c *C) logNewLine() {
+	c.writeLog([]byte{'\n'})
+}
+
+func (c *C) writeLog(buf []byte) {
+	c.logb.Write(buf)
+	if c.logw != nil {
+		c.logw.Write(buf)
+	}
+}
+
+func hasStringOrError(x interface{}) (ok bool) {
+	_, ok = x.(fmt.Stringer)
+	if ok {
+		return
+	}
+	_, ok = x.(error)
+	return
+}
+
+func (c *C) logValue(label string, value interface{}) {
+	if label == "" {
+		if hasStringOrError(value) {
+			c.logf("... %#v (%q)", value, value)
+		} else {
+			c.logf("... %#v", value)
+		}
+	} else if value == nil {
+		c.logf("... %s = nil", label)
+	} else {
+		if hasStringOrError(value) {
+			fv := fmt.Sprintf("%#v", value)
+			qv := fmt.Sprintf("%q", value)
+			if fv != qv {
+				c.logf("... %s %s = %s (%s)", label, reflect.TypeOf(value), fv, qv)
+				return
+			}
+		}
+		if s, ok := value.(string); ok && isMultiLine(s) {
+			c.logf(`... %s %s = "" +`, label, reflect.TypeOf(value))
+			c.logMultiLine(s)
+		} else {
+			c.logf("... %s %s = %#v", label, reflect.TypeOf(value), value)
+		}
+	}
+}
+
+func formatMultiLine(s string, quote bool) []byte {
+	b := make([]byte, 0, len(s)*2)
+	i := 0
+	n := len(s)
+	for i < n {
+		j := i + 1
+		for j < n && s[j-1] != '\n' {
+			j++
+		}
+		b = append(b, "...     "...)
+		if quote {
+			b = strconv.AppendQuote(b, s[i:j])
+		} else {
+			b = append(b, s[i:j]...)
+			b = bytes.TrimSpace(b)
+		}
+		if quote && j < n {
+			b = append(b, " +"...)
+		}
+		b = append(b, '\n')
+		i = j
+	}
+	return b
+}
+
+func (c *C) logMultiLine(s string) {
+	c.writeLog(formatMultiLine(s, true))
+}
+
+func isMultiLine(s string) bool {
+	for i := 0; i+1 < len(s); i++ {
+		if s[i] == '\n' {
+			return true
+		}
+	}
+	return false
+}
+
+func (c *C) logString(issue string) {
+	c.log("... ", issue)
+}
+
+func (c *C) logCaller(skip int) {
+	// This is a bit heavier than it ought to be.
+	skip++ // Our own frame.
+	pc, callerFile, callerLine, ok := runtime.Caller(skip)
+	if !ok {
+		return
+	}
+	var testFile string
+	var testLine int
+	testFunc := runtime.FuncForPC(c.method.PC())
+	if runtime.FuncForPC(pc) != testFunc {
+		for {
+			skip++
+			if pc, file, line, ok := runtime.Caller(skip); ok {
+				// Note that the test line may be different on
+				// distinct calls for the same test.  Showing
+				// the "internal" line is helpful when debugging.
+				if runtime.FuncForPC(pc) == testFunc {
+					testFile, testLine = file, line
+					break
+				}
+			} else {
+				break
+			}
+		}
+	}
+	if testFile != "" && (testFile != callerFile || testLine != callerLine) {
+		c.logCode(testFile, testLine)
+	}
+	c.logCode(callerFile, callerLine)
+}
+
+func (c *C) logCode(path string, line int) {
+	c.logf("%s:%d:", nicePath(path), line)
+	code, err := printLine(path, line)
+	if code == "" {
+		code = "..." // XXX Open the file and take the raw line.
+		if err != nil {
+			code += err.Error()
+		}
+	}
+	c.log(indent(code, "    "))
+}
+
+var valueGo = filepath.Join("reflect", "value.go")
+var asmGo = filepath.Join("runtime", "asm_")
+
+func (c *C) logPanic(skip int, value interface{}) {
+	skip++ // Our own frame.
+	initialSkip := skip
+	for ; ; skip++ {
+		if pc, file, line, ok := runtime.Caller(skip); ok {
+			if skip == initialSkip {
+				c.logf("... Panic: %s (PC=0x%X)\n", value, pc)
+			}
+			name := niceFuncName(pc)
+			path := nicePath(file)
+			if strings.Contains(path, "/gopkg.in/check.v") {
+				continue
+			}
+			if name == "Value.call" && strings.HasSuffix(path, valueGo) {
+				continue
+			}
+			if (name == "call16" || name == "call32") && strings.Contains(path, asmGo) {
+				continue
+			}
+			c.logf("%s:%d\n  in %s", nicePath(file), line, name)
+		} else {
+			break
+		}
+	}
+}
+
+func (c *C) logSoftPanic(issue string) {
+	c.log("... Panic: ", issue)
+}
+
+func (c *C) logArgPanic(method *methodType, expectedType string) {
+	c.logf("... Panic: %s argument should be %s",
+		niceFuncName(method.PC()), expectedType)
+}
+
+// -----------------------------------------------------------------------
+// Some simple formatting helpers.
+
+var initWD, initWDErr = os.Getwd()
+
+func init() {
+	if initWDErr == nil {
+		initWD = strings.Replace(initWD, "\\", "/", -1) + "/"
+	}
+}
+
+func nicePath(path string) string {
+	if initWDErr == nil {
+		if strings.HasPrefix(path, initWD) {
+			return path[len(initWD):]
+		}
+	}
+	return path
+}
+
+func niceFuncPath(pc uintptr) string {
+	function := runtime.FuncForPC(pc)
+	if function != nil {
+		filename, line := function.FileLine(pc)
+		return fmt.Sprintf("%s:%d", nicePath(filename), line)
+	}
+	return "<unknown path>"
+}
+
+func niceFuncName(pc uintptr) string {
+	function := runtime.FuncForPC(pc)
+	if function != nil {
+		name := path.Base(function.Name())
+		if i := strings.Index(name, "."); i > 0 {
+			name = name[i+1:]
+		}
+		if strings.HasPrefix(name, "(*") {
+			if i := strings.Index(name, ")"); i > 0 {
+				name = name[2:i] + name[i+1:]
+			}
+		}
+		if i := strings.LastIndex(name, ".*"); i != -1 {
+			name = name[:i] + "." + name[i+2:]
+		}
+		if i := strings.LastIndex(name, "·"); i != -1 {
+			name = name[:i] + "." + name[i+2:]
+		}
+		return name
+	}
+	return "<unknown function>"
+}
+
+// -----------------------------------------------------------------------
+// Result tracker to aggregate call results.
+
+type Result struct {
+	Succeeded        int
+	Failed           int
+	Skipped          int
+	Panicked         int
+	FixturePanicked  int
+	ExpectedFailures int
+	Missed           int    // Not even tried to run, related to a panic in the fixture.
+	RunError         error  // Houston, we've got a problem.
+	WorkDir          string // If KeepWorkDir is true
+}
+
+type resultTracker struct {
+	result          Result
+	_lastWasProblem bool
+	_waiting        int
+	_missed         int
+	_expectChan     chan *C
+	_doneChan       chan *C
+	_stopChan       chan bool
+}
+
+func newResultTracker() *resultTracker {
+	return &resultTracker{_expectChan: make(chan *C), // Synchronous
+		_doneChan: make(chan *C, 32), // Asynchronous
+		_stopChan: make(chan bool)}   // Synchronous
+}
+
+func (tracker *resultTracker) start() {
+	go tracker._loopRoutine()
+}
+
+func (tracker *resultTracker) waitAndStop() {
+	<-tracker._stopChan
+}
+
+func (tracker *resultTracker) expectCall(c *C) {
+	tracker._expectChan <- c
+}
+
+func (tracker *resultTracker) callDone(c *C) {
+	tracker._doneChan <- c
+}
+
+func (tracker *resultTracker) _loopRoutine() {
+	for {
+		var c *C
+		if tracker._waiting > 0 {
+			// Calls still running. Can't stop.
+			select {
+			// XXX Reindent this (not now to make diff clear)
+			case <-tracker._expectChan:
+				tracker._waiting++
+			case c = <-tracker._doneChan:
+				tracker._waiting--
+				switch c.status() {
+				case succeededSt:
+					if c.kind == testKd {
+						if c.mustFail {
+							tracker.result.ExpectedFailures++
+						} else {
+							tracker.result.Succeeded++
+						}
+					}
+				case failedSt:
+					tracker.result.Failed++
+				case panickedSt:
+					if c.kind == fixtureKd {
+						tracker.result.FixturePanicked++
+					} else {
+						tracker.result.Panicked++
+					}
+				case fixturePanickedSt:
+					// Track it as missed, since the panic
+					// was on the fixture, not on the test.
+					tracker.result.Missed++
+				case missedSt:
+					tracker.result.Missed++
+				case skippedSt:
+					if c.kind == testKd {
+						tracker.result.Skipped++
+					}
+				}
+			}
+		} else {
+			// No calls.  Can stop, but no done calls here.
+			select {
+			case tracker._stopChan <- true:
+				return
+			case <-tracker._expectChan:
+				tracker._waiting++
+			case <-tracker._doneChan:
+				panic("Tracker got an unexpected done call.")
+			}
+		}
+	}
+}
+
+// -----------------------------------------------------------------------
+// The underlying suite runner.
+
+type suiteRunner struct {
+	suite                     interface{}
+	setUpSuite, tearDownSuite *methodType
+	setUpTest, tearDownTest   *methodType
+	tests                     []*methodType
+	tracker                   *resultTracker
+	tempDir                   *tempDir
+	keepDir                   bool
+	output                    *outputWriter
+	reportedProblemLast       bool
+	benchTime                 time.Duration
+	benchMem                  bool
+}
+
+type RunConf struct {
+	Output        io.Writer
+	Stream        bool
+	Verbose       bool
+	Filter        string
+	Benchmark     bool
+	BenchmarkTime time.Duration // Defaults to 1 second
+	BenchmarkMem  bool
+	KeepWorkDir   bool
+}
+
+// Create a new suiteRunner able to run all methods in the given suite.
+func newSuiteRunner(suite interface{}, runConf *RunConf) *suiteRunner {
+	var conf RunConf
+	if runConf != nil {
+		conf = *runConf
+	}
+	if conf.Output == nil {
+		conf.Output = os.Stdout
+	}
+	if conf.Benchmark {
+		conf.Verbose = true
+	}
+
+	suiteType := reflect.TypeOf(suite)
+	suiteNumMethods := suiteType.NumMethod()
+	suiteValue := reflect.ValueOf(suite)
+
+	runner := &suiteRunner{
+		suite:     suite,
+		output:    newOutputWriter(conf.Output, conf.Stream, conf.Verbose),
+		tracker:   newResultTracker(),
+		benchTime: conf.BenchmarkTime,
+		benchMem:  conf.BenchmarkMem,
+		tempDir:   &tempDir{},
+		keepDir:   conf.KeepWorkDir,
+		tests:     make([]*methodType, 0, suiteNumMethods),
+	}
+	if runner.benchTime == 0 {
+		runner.benchTime = 1 * time.Second
+	}
+
+	var filterRegexp *regexp.Regexp
+	if conf.Filter != "" {
+		regexp, err := regexp.Compile(conf.Filter)
+		if err != nil {
+			msg := "Bad filter expression: " + err.Error()
+			runner.tracker.result.RunError = errors.New(msg)
+			return runner
+		}
+		filterRegexp = regexp
+	}
+
+	for i := 0; i != suiteNumMethods; i++ {
+		method := newMethod(suiteValue, i)
+		switch method.Info.Name {
+		case "SetUpSuite":
+			runner.setUpSuite = method
+		case "TearDownSuite":
+			runner.tearDownSuite = method
+		case "SetUpTest":
+			runner.setUpTest = method
+		case "TearDownTest":
+			runner.tearDownTest = method
+		default:
+			prefix := "Test"
+			if conf.Benchmark {
+				prefix = "Benchmark"
+			}
+			if !strings.HasPrefix(method.Info.Name, prefix) {
+				continue
+			}
+			if filterRegexp == nil || method.matches(filterRegexp) {
+				runner.tests = append(runner.tests, method)
+			}
+		}
+	}
+	return runner
+}
+
+// Run all methods in the given suite.
+func (runner *suiteRunner) run() *Result {
+	if runner.tracker.result.RunError == nil && len(runner.tests) > 0 {
+		runner.tracker.start()
+		if runner.checkFixtureArgs() {
+			c := runner.runFixture(runner.setUpSuite, "", nil)
+			if c == nil || c.status() == succeededSt {
+				for i := 0; i != len(runner.tests); i++ {
+					c := runner.runTest(runner.tests[i])
+					if c.status() == fixturePanickedSt {
+						runner.skipTests(missedSt, runner.tests[i+1:])
+						break
+					}
+				}
+			} else if c != nil && c.status() == skippedSt {
+				runner.skipTests(skippedSt, runner.tests)
+			} else {
+				runner.skipTests(missedSt, runner.tests)
+			}
+			runner.runFixture(runner.tearDownSuite, "", nil)
+		} else {
+			runner.skipTests(missedSt, runner.tests)
+		}
+		runner.tracker.waitAndStop()
+		if runner.keepDir {
+			runner.tracker.result.WorkDir = runner.tempDir.path
+		} else {
+			runner.tempDir.removeAll()
+		}
+	}
+	return &runner.tracker.result
+}
+
+// Create a call object with the given suite method, and fork a
+// goroutine with the provided dispatcher for running it.
+func (runner *suiteRunner) forkCall(method *methodType, kind funcKind, testName string, logb *logger, dispatcher func(c *C)) *C {
+	var logw io.Writer
+	if runner.output.Stream {
+		logw = runner.output
+	}
+	if logb == nil {
+		logb = new(logger)
+	}
+	c := &C{
+		method:    method,
+		kind:      kind,
+		testName:  testName,
+		logb:      logb,
+		logw:      logw,
+		tempDir:   runner.tempDir,
+		done:      make(chan *C, 1),
+		timer:     timer{benchTime: runner.benchTime},
+		startTime: time.Now(),
+		benchMem:  runner.benchMem,
+	}
+	runner.tracker.expectCall(c)
+	go (func() {
+		runner.reportCallStarted(c)
+		defer runner.callDone(c)
+		dispatcher(c)
+	})()
+	return c
+}
+
+// Same as forkCall(), but wait for call to finish before returning.
+func (runner *suiteRunner) runFunc(method *methodType, kind funcKind, testName string, logb *logger, dispatcher func(c *C)) *C {
+	c := runner.forkCall(method, kind, testName, logb, dispatcher)
+	<-c.done
+	return c
+}
+
+// Handle a finished call.  If there were any panics, update the call status
+// accordingly.  Then, mark the call as done and report to the tracker.
+func (runner *suiteRunner) callDone(c *C) {
+	value := recover()
+	if value != nil {
+		switch v := value.(type) {
+		case *fixturePanic:
+			if v.status == skippedSt {
+				c.setStatus(skippedSt)
+			} else {
+				c.logSoftPanic("Fixture has panicked (see related PANIC)")
+				c.setStatus(fixturePanickedSt)
+			}
+		default:
+			c.logPanic(1, value)
+			c.setStatus(panickedSt)
+		}
+	}
+	if c.mustFail {
+		switch c.status() {
+		case failedSt:
+			c.setStatus(succeededSt)
+		case succeededSt:
+			c.setStatus(failedSt)
+			c.logString("Error: Test succeeded, but was expected to fail")
+			c.logString("Reason: " + c.reason)
+		}
+	}
+
+	runner.reportCallDone(c)
+	c.done <- c
+}
+
+// Runs a fixture call synchronously.  The fixture will still be run in a
+// goroutine like all suite methods, but this method will not return
+// while the fixture goroutine is not done, because the fixture must be
+// run in a desired order.
+func (runner *suiteRunner) runFixture(method *methodType, testName string, logb *logger) *C {
+	if method != nil {
+		c := runner.runFunc(method, fixtureKd, testName, logb, func(c *C) {
+			c.ResetTimer()
+			c.StartTimer()
+			defer c.StopTimer()
+			c.method.Call([]reflect.Value{reflect.ValueOf(c)})
+		})
+		return c
+	}
+	return nil
+}
+
+// Run the fixture method with runFixture(), but panic with a fixturePanic{}
+// in case the fixture method panics.  This makes it easier to track the
+// fixture panic together with other call panics within forkTest().
+func (runner *suiteRunner) runFixtureWithPanic(method *methodType, testName string, logb *logger, skipped *bool) *C {
+	if skipped != nil && *skipped {
+		return nil
+	}
+	c := runner.runFixture(method, testName, logb)
+	if c != nil && c.status() != succeededSt {
+		if skipped != nil {
+			*skipped = c.status() == skippedSt
+		}
+		panic(&fixturePanic{c.status(), method})
+	}
+	return c
+}
+
+type fixturePanic struct {
+	status funcStatus
+	method *methodType
+}
+
+// Run the suite test method, together with the test-specific fixture,
+// asynchronously.
+func (runner *suiteRunner) forkTest(method *methodType) *C {
+	testName := method.String()
+	return runner.forkCall(method, testKd, testName, nil, func(c *C) {
+		var skipped bool
+		defer runner.runFixtureWithPanic(runner.tearDownTest, testName, nil, &skipped)
+		defer c.StopTimer()
+		benchN := 1
+		for {
+			runner.runFixtureWithPanic(runner.setUpTest, testName, c.logb, &skipped)
+			mt := c.method.Type()
+			if mt.NumIn() != 1 || mt.In(0) != reflect.TypeOf(c) {
+				// Rather than a plain panic, provide a more helpful message when
+				// the argument type is incorrect.
+				c.setStatus(panickedSt)
+				c.logArgPanic(c.method, "*check.C")
+				return
+			}
+			if strings.HasPrefix(c.method.Info.Name, "Test") {
+				c.ResetTimer()
+				c.StartTimer()
+				c.method.Call([]reflect.Value{reflect.ValueOf(c)})
+				return
+			}
+			if !strings.HasPrefix(c.method.Info.Name, "Benchmark") {
+				panic("unexpected method prefix: " + c.method.Info.Name)
+			}
+
+			runtime.GC()
+			c.N = benchN
+			c.ResetTimer()
+			c.StartTimer()
+			c.method.Call([]reflect.Value{reflect.ValueOf(c)})
+			c.StopTimer()
+			if c.status() != succeededSt || c.duration >= c.benchTime || benchN >= 1e9 {
+				return
+			}
+			perOpN := int(1e9)
+			if c.nsPerOp() != 0 {
+				perOpN = int(c.benchTime.Nanoseconds() / c.nsPerOp())
+			}
+
+			// Logic taken from the stock testing package:
+			// - Run more iterations than we think we'll need for a second (1.5x).
+			// - Don't grow too fast in case we had timing errors previously.
+			// - Be sure to run at least one more than last time.
+			benchN = max(min(perOpN+perOpN/2, 100*benchN), benchN+1)
+			benchN = roundUp(benchN)
+
+			skipped = true // Don't run the deferred one if this panics.
+			runner.runFixtureWithPanic(runner.tearDownTest, testName, nil, nil)
+			skipped = false
+		}
+	})
+}
+
+// Same as forkTest(), but wait for the test to finish before returning.
+func (runner *suiteRunner) runTest(method *methodType) *C {
+	c := runner.forkTest(method)
+	<-c.done
+	return c
+}
+
+// Helper to mark tests as skipped or missed.  A bit heavy for what
+// it does, but it enables homogeneous handling of tracking, including
+// nice verbose output.
+func (runner *suiteRunner) skipTests(status funcStatus, methods []*methodType) {
+	for _, method := range methods {
+		runner.runFunc(method, testKd, "", nil, func(c *C) {
+			c.setStatus(status)
+		})
+	}
+}
+
+// Verify if the fixture arguments are *check.C.  In case of errors,
+// log the error as a panic in the fixture method call, and return false.
+func (runner *suiteRunner) checkFixtureArgs() bool {
+	succeeded := true
+	argType := reflect.TypeOf(&C{})
+	for _, method := range []*methodType{runner.setUpSuite, runner.tearDownSuite, runner.setUpTest, runner.tearDownTest} {
+		if method != nil {
+			mt := method.Type()
+			if mt.NumIn() != 1 || mt.In(0) != argType {
+				succeeded = false
+				runner.runFunc(method, fixtureKd, "", nil, func(c *C) {
+					c.logArgPanic(method, "*check.C")
+					c.setStatus(panickedSt)
+				})
+			}
+		}
+	}
+	return succeeded
+}
+
+func (runner *suiteRunner) reportCallStarted(c *C) {
+	runner.output.WriteCallStarted("START", c)
+}
+
+func (runner *suiteRunner) reportCallDone(c *C) {
+	runner.tracker.callDone(c)
+	switch c.status() {
+	case succeededSt:
+		if c.mustFail {
+			runner.output.WriteCallSuccess("FAIL EXPECTED", c)
+		} else {
+			runner.output.WriteCallSuccess("PASS", c)
+		}
+	case skippedSt:
+		runner.output.WriteCallSuccess("SKIP", c)
+	case failedSt:
+		runner.output.WriteCallProblem("FAIL", c)
+	case panickedSt:
+		runner.output.WriteCallProblem("PANIC", c)
+	case fixturePanickedSt:
+		// That's a testKd call reporting that its fixture
+		// has panicked. The fixture call which caused the
+		// panic itself was tracked above. We'll report to
+		// aid debugging.
+		runner.output.WriteCallProblem("PANIC", c)
+	case missedSt:
+		runner.output.WriteCallSuccess("MISS", c)
+	}
+}
diff --git a/vendor/gopkg.in/check.v1/checkers.go b/vendor/gopkg.in/check.v1/checkers.go
new file mode 100644
index 000000000..032619792
--- /dev/null
+++ b/vendor/gopkg.in/check.v1/checkers.go
@@ -0,0 +1,528 @@
+package check
+
+import (
+	"fmt"
+	"reflect"
+	"regexp"
+	"strings"
+
+	"github.com/kr/pretty"
+)
+
+// -----------------------------------------------------------------------
+// CommentInterface and Commentf helper, to attach extra information to checks.
+
+type comment struct {
+	format string
+	args   []interface{}
+}
+
+// Commentf returns an infomational value to use with Assert or Check calls.
+// If the checker test fails, the provided arguments will be passed to
+// fmt.Sprintf, and will be presented next to the logged failure.
+//
+// For example:
+//
+//     c.Assert(v, Equals, 42, Commentf("Iteration #%d failed.", i))
+//
+// Note that if the comment is constant, a better option is to
+// simply use a normal comment right above or next to the line, as
+// it will also get printed with any errors:
+//
+//     c.Assert(l, Equals, 8192) // Ensure buffer size is correct (bug #123)
+//
+func Commentf(format string, args ...interface{}) CommentInterface {
+	return &comment{format, args}
+}
+
+// CommentInterface must be implemented by types that attach extra
+// information to failed checks. See the Commentf function for details.
+type CommentInterface interface {
+	CheckCommentString() string
+}
+
+func (c *comment) CheckCommentString() string {
+	return fmt.Sprintf(c.format, c.args...)
+}
+
+// -----------------------------------------------------------------------
+// The Checker interface.
+
+// The Checker interface must be provided by checkers used with
+// the Assert and Check verification methods.
+type Checker interface {
+	Info() *CheckerInfo
+	Check(params []interface{}, names []string) (result bool, error string)
+}
+
+// See the Checker interface.
+type CheckerInfo struct {
+	Name   string
+	Params []string
+}
+
+func (info *CheckerInfo) Info() *CheckerInfo {
+	return info
+}
+
+// -----------------------------------------------------------------------
+// Not checker logic inverter.
+
+// The Not checker inverts the logic of the provided checker.  The
+// resulting checker will succeed where the original one failed, and
+// vice-versa.
+//
+// For example:
+//
+//     c.Assert(a, Not(Equals), b)
+//
+func Not(checker Checker) Checker {
+	return &notChecker{checker}
+}
+
+type notChecker struct {
+	sub Checker
+}
+
+func (checker *notChecker) Info() *CheckerInfo {
+	info := *checker.sub.Info()
+	info.Name = "Not(" + info.Name + ")"
+	return &info
+}
+
+func (checker *notChecker) Check(params []interface{}, names []string) (result bool, error string) {
+	result, error = checker.sub.Check(params, names)
+	result = !result
+	if result {
+		// clear error message if the new result is true
+		error = ""
+	}
+	return
+}
+
+// -----------------------------------------------------------------------
+// IsNil checker.
+
+type isNilChecker struct {
+	*CheckerInfo
+}
+
+// The IsNil checker tests whether the obtained value is nil.
+//
+// For example:
+//
+//    c.Assert(err, IsNil)
+//
+var IsNil Checker = &isNilChecker{
+	&CheckerInfo{Name: "IsNil", Params: []string{"value"}},
+}
+
+func (checker *isNilChecker) Check(params []interface{}, names []string) (result bool, error string) {
+	return isNil(params[0]), ""
+}
+
+func isNil(obtained interface{}) (result bool) {
+	if obtained == nil {
+		result = true
+	} else {
+		switch v := reflect.ValueOf(obtained); v.Kind() {
+		case reflect.Chan, reflect.Func, reflect.Interface, reflect.Map, reflect.Ptr, reflect.Slice:
+			return v.IsNil()
+		}
+	}
+	return
+}
+
+// -----------------------------------------------------------------------
+// NotNil checker. Alias for Not(IsNil), since it's so common.
+
+type notNilChecker struct {
+	*CheckerInfo
+}
+
+// The NotNil checker verifies that the obtained value is not nil.
+//
+// For example:
+//
+//     c.Assert(iface, NotNil)
+//
+// This is an alias for Not(IsNil), made available since it's a
+// fairly common check.
+//
+var NotNil Checker = &notNilChecker{
+	&CheckerInfo{Name: "NotNil", Params: []string{"value"}},
+}
+
+func (checker *notNilChecker) Check(params []interface{}, names []string) (result bool, error string) {
+	return !isNil(params[0]), ""
+}
+
+// -----------------------------------------------------------------------
+// Equals checker.
+
+func diffworthy(a interface{}) bool {
+	if a == nil {
+		return false
+	}
+
+	t := reflect.TypeOf(a)
+	switch t.Kind() {
+	case reflect.Array, reflect.Map, reflect.Slice, reflect.Struct, reflect.String, reflect.Ptr:
+		return true
+	}
+	return false
+}
+
+// formatUnequal will dump the actual and expected values into a textual
+// representation and return an error message containing a diff.
+func formatUnequal(obtained interface{}, expected interface{}) string {
+	// We do not do diffs for basic types because go-check already
+	// shows them very cleanly.
+	if !diffworthy(obtained) || !diffworthy(expected) {
+		return ""
+	}
+
+	// Handle strings, short strings are ignored (go-check formats
+	// them very nicely already). We do multi-line strings by
+	// generating two string slices and using kr.Diff to compare
+	// those (kr.Diff does not do string diffs by itself).
+	aStr, aOK := obtained.(string)
+	bStr, bOK := expected.(string)
+	if aOK && bOK {
+		l1 := strings.Split(aStr, "\n")
+		l2 := strings.Split(bStr, "\n")
+		// the "2" here is a bit arbitrary
+		if len(l1) > 2 && len(l2) > 2 {
+			diff := pretty.Diff(l1, l2)
+			return fmt.Sprintf(`String difference:
+%s`, formatMultiLine(strings.Join(diff, "\n"), false))
+		}
+		// string too short
+		return ""
+	}
+
+	// generic diff
+	diff := pretty.Diff(obtained, expected)
+	if len(diff) == 0 {
+		// No diff, this happens when e.g. just struct
+		// pointers are different but the structs have
+		// identical values.
+		return ""
+	}
+
+	return fmt.Sprintf(`Difference:
+%s`, formatMultiLine(strings.Join(diff, "\n"), false))
+}
+
+type equalsChecker struct {
+	*CheckerInfo
+}
+
+// The Equals checker verifies that the obtained value is equal to
+// the expected value, according to usual Go semantics for ==.
+//
+// For example:
+//
+//     c.Assert(value, Equals, 42)
+//
+var Equals Checker = &equalsChecker{
+	&CheckerInfo{Name: "Equals", Params: []string{"obtained", "expected"}},
+}
+
+func (checker *equalsChecker) Check(params []interface{}, names []string) (result bool, error string) {
+	defer func() {
+		if v := recover(); v != nil {
+			result = false
+			error = fmt.Sprint(v)
+		}
+	}()
+
+	result = params[0] == params[1]
+	if !result {
+		error = formatUnequal(params[0], params[1])
+	}
+	return
+}
+
+// -----------------------------------------------------------------------
+// DeepEquals checker.
+
+type deepEqualsChecker struct {
+	*CheckerInfo
+}
+
+// The DeepEquals checker verifies that the obtained value is deep-equal to
+// the expected value.  The check will work correctly even when facing
+// slices, interfaces, and values of different types (which always fail
+// the test).
+//
+// For example:
+//
+//     c.Assert(value, DeepEquals, 42)
+//     c.Assert(array, DeepEquals, []string{"hi", "there"})
+//
+var DeepEquals Checker = &deepEqualsChecker{
+	&CheckerInfo{Name: "DeepEquals", Params: []string{"obtained", "expected"}},
+}
+
+func (checker *deepEqualsChecker) Check(params []interface{}, names []string) (result bool, error string) {
+	result = reflect.DeepEqual(params[0], params[1])
+	if !result {
+		error = formatUnequal(params[0], params[1])
+	}
+	return
+}
+
+// -----------------------------------------------------------------------
+// HasLen checker.
+
+type hasLenChecker struct {
+	*CheckerInfo
+}
+
+// The HasLen checker verifies that the obtained value has the
+// provided length. In many cases this is superior to using Equals
+// in conjunction with the len function because in case the check
+// fails the value itself will be printed, instead of its length,
+// providing more details for figuring the problem.
+//
+// For example:
+//
+//     c.Assert(list, HasLen, 5)
+//
+var HasLen Checker = &hasLenChecker{
+	&CheckerInfo{Name: "HasLen", Params: []string{"obtained", "n"}},
+}
+
+func (checker *hasLenChecker) Check(params []interface{}, names []string) (result bool, error string) {
+	n, ok := params[1].(int)
+	if !ok {
+		return false, "n must be an int"
+	}
+	value := reflect.ValueOf(params[0])
+	switch value.Kind() {
+	case reflect.Map, reflect.Array, reflect.Slice, reflect.Chan, reflect.String:
+	default:
+		return false, "obtained value type has no length"
+	}
+	return value.Len() == n, ""
+}
+
+// -----------------------------------------------------------------------
+// ErrorMatches checker.
+
+type errorMatchesChecker struct {
+	*CheckerInfo
+}
+
+// The ErrorMatches checker verifies that the error value
+// is non nil and matches the regular expression provided.
+//
+// For example:
+//
+//     c.Assert(err, ErrorMatches, "perm.*denied")
+//
+var ErrorMatches Checker = errorMatchesChecker{
+	&CheckerInfo{Name: "ErrorMatches", Params: []string{"value", "regex"}},
+}
+
+func (checker errorMatchesChecker) Check(params []interface{}, names []string) (result bool, errStr string) {
+	if params[0] == nil {
+		return false, "Error value is nil"
+	}
+	err, ok := params[0].(error)
+	if !ok {
+		return false, "Value is not an error"
+	}
+	params[0] = err.Error()
+	names[0] = "error"
+	return matches(params[0], params[1])
+}
+
+// -----------------------------------------------------------------------
+// Matches checker.
+
+type matchesChecker struct {
+	*CheckerInfo
+}
+
+// The Matches checker verifies that the string provided as the obtained
+// value (or the string resulting from obtained.String()) matches the
+// regular expression provided.
+//
+// For example:
+//
+//     c.Assert(err, Matches, "perm.*denied")
+//
+var Matches Checker = &matchesChecker{
+	&CheckerInfo{Name: "Matches", Params: []string{"value", "regex"}},
+}
+
+func (checker *matchesChecker) Check(params []interface{}, names []string) (result bool, error string) {
+	return matches(params[0], params[1])
+}
+
+func matches(value, regex interface{}) (result bool, error string) {
+	reStr, ok := regex.(string)
+	if !ok {
+		return false, "Regex must be a string"
+	}
+	valueStr, valueIsStr := value.(string)
+	if !valueIsStr {
+		if valueWithStr, valueHasStr := value.(fmt.Stringer); valueHasStr {
+			valueStr, valueIsStr = valueWithStr.String(), true
+		}
+	}
+	if valueIsStr {
+		matches, err := regexp.MatchString("^"+reStr+"$", valueStr)
+		if err != nil {
+			return false, "Can't compile regex: " + err.Error()
+		}
+		return matches, ""
+	}
+	return false, "Obtained value is not a string and has no .String()"
+}
+
+// -----------------------------------------------------------------------
+// Panics checker.
+
+type panicsChecker struct {
+	*CheckerInfo
+}
+
+// The Panics checker verifies that calling the provided zero-argument
+// function will cause a panic which is deep-equal to the provided value.
+//
+// For example:
+//
+//     c.Assert(func() { f(1, 2) }, Panics, &SomeErrorType{"BOOM"}).
+//
+//
+var Panics Checker = &panicsChecker{
+	&CheckerInfo{Name: "Panics", Params: []string{"function", "expected"}},
+}
+
+func (checker *panicsChecker) Check(params []interface{}, names []string) (result bool, error string) {
+	f := reflect.ValueOf(params[0])
+	if f.Kind() != reflect.Func || f.Type().NumIn() != 0 {
+		return false, "Function must take zero arguments"
+	}
+	defer func() {
+		// If the function has not panicked, then don't do the check.
+		if error != "" {
+			return
+		}
+		params[0] = recover()
+		names[0] = "panic"
+		result = reflect.DeepEqual(params[0], params[1])
+	}()
+	f.Call(nil)
+	return false, "Function has not panicked"
+}
+
+type panicMatchesChecker struct {
+	*CheckerInfo
+}
+
+// The PanicMatches checker verifies that calling the provided zero-argument
+// function will cause a panic with an error value matching
+// the regular expression provided.
+//
+// For example:
+//
+//     c.Assert(func() { f(1, 2) }, PanicMatches, `open.*: no such file or directory`).
+//
+//
+var PanicMatches Checker = &panicMatchesChecker{
+	&CheckerInfo{Name: "PanicMatches", Params: []string{"function", "expected"}},
+}
+
+func (checker *panicMatchesChecker) Check(params []interface{}, names []string) (result bool, errmsg string) {
+	f := reflect.ValueOf(params[0])
+	if f.Kind() != reflect.Func || f.Type().NumIn() != 0 {
+		return false, "Function must take zero arguments"
+	}
+	defer func() {
+		// If the function has not panicked, then don't do the check.
+		if errmsg != "" {
+			return
+		}
+		obtained := recover()
+		names[0] = "panic"
+		if e, ok := obtained.(error); ok {
+			params[0] = e.Error()
+		} else if _, ok := obtained.(string); ok {
+			params[0] = obtained
+		} else {
+			errmsg = "Panic value is not a string or an error"
+			return
+		}
+		result, errmsg = matches(params[0], params[1])
+	}()
+	f.Call(nil)
+	return false, "Function has not panicked"
+}
+
+// -----------------------------------------------------------------------
+// FitsTypeOf checker.
+
+type fitsTypeChecker struct {
+	*CheckerInfo
+}
+
+// The FitsTypeOf checker verifies that the obtained value is
+// assignable to a variable with the same type as the provided
+// sample value.
+//
+// For example:
+//
+//     c.Assert(value, FitsTypeOf, int64(0))
+//     c.Assert(value, FitsTypeOf, os.Error(nil))
+//
+var FitsTypeOf Checker = &fitsTypeChecker{
+	&CheckerInfo{Name: "FitsTypeOf", Params: []string{"obtained", "sample"}},
+}
+
+func (checker *fitsTypeChecker) Check(params []interface{}, names []string) (result bool, error string) {
+	obtained := reflect.ValueOf(params[0])
+	sample := reflect.ValueOf(params[1])
+	if !obtained.IsValid() {
+		return false, ""
+	}
+	if !sample.IsValid() {
+		return false, "Invalid sample value"
+	}
+	return obtained.Type().AssignableTo(sample.Type()), ""
+}
+
+// -----------------------------------------------------------------------
+// Implements checker.
+
+type implementsChecker struct {
+	*CheckerInfo
+}
+
+// The Implements checker verifies that the obtained value
+// implements the interface specified via a pointer to an interface
+// variable.
+//
+// For example:
+//
+//     var e os.Error
+//     c.Assert(err, Implements, &e)
+//
+var Implements Checker = &implementsChecker{
+	&CheckerInfo{Name: "Implements", Params: []string{"obtained", "ifaceptr"}},
+}
+
+func (checker *implementsChecker) Check(params []interface{}, names []string) (result bool, error string) {
+	obtained := reflect.ValueOf(params[0])
+	ifaceptr := reflect.ValueOf(params[1])
+	if !obtained.IsValid() {
+		return false, ""
+	}
+	if !ifaceptr.IsValid() || ifaceptr.Kind() != reflect.Ptr || ifaceptr.Elem().Kind() != reflect.Interface {
+		return false, "ifaceptr should be a pointer to an interface variable"
+	}
+	return obtained.Type().Implements(ifaceptr.Elem().Type()), ""
+}
diff --git a/vendor/gopkg.in/check.v1/helpers.go b/vendor/gopkg.in/check.v1/helpers.go
new file mode 100644
index 000000000..9e0d0bac4
--- /dev/null
+++ b/vendor/gopkg.in/check.v1/helpers.go
@@ -0,0 +1,233 @@
+package check
+
+import (
+	"fmt"
+	"strings"
+	"time"
+)
+
+// TestName returns the current test name in the form "SuiteName.TestName"
+func (c *C) TestName() string {
+	return c.testName
+}
+
+// -----------------------------------------------------------------------
+// Basic succeeding/failing logic.
+
+// Failed returns whether the currently running test has already failed.
+func (c *C) Failed() bool {
+	return c.status() == failedSt
+}
+
+// Fail marks the currently running test as failed.
+//
+// Something ought to have been previously logged so the developer can tell
+// what went wrong. The higher level helper functions will fail the test
+// and do the logging properly.
+func (c *C) Fail() {
+	c.setStatus(failedSt)
+}
+
+// FailNow marks the currently running test as failed and stops running it.
+// Something ought to have been previously logged so the developer can tell
+// what went wrong. The higher level helper functions will fail the test
+// and do the logging properly.
+func (c *C) FailNow() {
+	c.Fail()
+	c.stopNow()
+}
+
+// Succeed marks the currently running test as succeeded, undoing any
+// previous failures.
+func (c *C) Succeed() {
+	c.setStatus(succeededSt)
+}
+
+// SucceedNow marks the currently running test as succeeded, undoing any
+// previous failures, and stops running the test.
+func (c *C) SucceedNow() {
+	c.Succeed()
+	c.stopNow()
+}
+
+// ExpectFailure informs that the running test is knowingly broken for
+// the provided reason. If the test does not fail, an error will be reported
+// to raise attention to this fact. This method is useful to temporarily
+// disable tests which cover well known problems until a better time to
+// fix the problem is found, without forgetting about the fact that a
+// failure still exists.
+func (c *C) ExpectFailure(reason string) {
+	if reason == "" {
+		panic("Missing reason why the test is expected to fail")
+	}
+	c.mustFail = true
+	c.reason = reason
+}
+
+// Skip skips the running test for the provided reason. If run from within
+// SetUpTest, the individual test being set up will be skipped, and if run
+// from within SetUpSuite, the whole suite is skipped.
+func (c *C) Skip(reason string) {
+	if reason == "" {
+		panic("Missing reason why the test is being skipped")
+	}
+	c.reason = reason
+	c.setStatus(skippedSt)
+	c.stopNow()
+}
+
+// -----------------------------------------------------------------------
+// Basic logging.
+
+// GetTestLog returns the current test error output.
+func (c *C) GetTestLog() string {
+	return c.logb.String()
+}
+
+// Log logs some information into the test error output.
+// The provided arguments are assembled together into a string with fmt.Sprint.
+func (c *C) Log(args ...interface{}) {
+	c.log(args...)
+}
+
+// Log logs some information into the test error output.
+// The provided arguments are assembled together into a string with fmt.Sprintf.
+func (c *C) Logf(format string, args ...interface{}) {
+	c.logf(format, args...)
+}
+
+// Output enables *C to be used as a logger in functions that require only
+// the minimum interface of *log.Logger.
+func (c *C) Output(calldepth int, s string) error {
+	d := time.Now().Sub(c.startTime)
+	msec := d / time.Millisecond
+	sec := d / time.Second
+	min := d / time.Minute
+
+	c.Logf("[LOG] %d:%02d.%03d %s", min, sec%60, msec%1000, s)
+	return nil
+}
+
+// Error logs an error into the test error output and marks the test as failed.
+// The provided arguments are assembled together into a string with fmt.Sprint.
+func (c *C) Error(args ...interface{}) {
+	c.logCaller(1)
+	c.logString(fmt.Sprint("Error: ", fmt.Sprint(args...)))
+	c.logNewLine()
+	c.Fail()
+}
+
+// Errorf logs an error into the test error output and marks the test as failed.
+// The provided arguments are assembled together into a string with fmt.Sprintf.
+func (c *C) Errorf(format string, args ...interface{}) {
+	c.logCaller(1)
+	c.logString(fmt.Sprintf("Error: "+format, args...))
+	c.logNewLine()
+	c.Fail()
+}
+
+// Fatal logs an error into the test error output, marks the test as failed, and
+// stops the test execution. The provided arguments are assembled together into
+// a string with fmt.Sprint.
+func (c *C) Fatal(args ...interface{}) {
+	c.logCaller(1)
+	c.logString(fmt.Sprint("Error: ", fmt.Sprint(args...)))
+	c.logNewLine()
+	c.FailNow()
+}
+
+// Fatlaf logs an error into the test error output, marks the test as failed, and
+// stops the test execution. The provided arguments are assembled together into
+// a string with fmt.Sprintf.
+func (c *C) Fatalf(format string, args ...interface{}) {
+	c.logCaller(1)
+	c.logString(fmt.Sprint("Error: ", fmt.Sprintf(format, args...)))
+	c.logNewLine()
+	c.FailNow()
+}
+
+// -----------------------------------------------------------------------
+// Generic checks and assertions based on checkers.
+
+// Check verifies if the first value matches the expected value according
+// to the provided checker. If they do not match, an error is logged, the
+// test is marked as failed, and the test execution continues.
+//
+// Some checkers may not need the expected argument (e.g. IsNil).
+//
+// If the last value in args implements CommentInterface, it is used to log
+// additional information instead of being passed to the checker (see Commentf
+// for an example).
+func (c *C) Check(obtained interface{}, checker Checker, args ...interface{}) bool {
+	return c.internalCheck("Check", obtained, checker, args...)
+}
+
+// Assert ensures that the first value matches the expected value according
+// to the provided checker. If they do not match, an error is logged, the
+// test is marked as failed, and the test execution stops.
+//
+// Some checkers may not need the expected argument (e.g. IsNil).
+//
+// If the last value in args implements CommentInterface, it is used to log
+// additional information instead of being passed to the checker (see Commentf
+// for an example).
+func (c *C) Assert(obtained interface{}, checker Checker, args ...interface{}) {
+	if !c.internalCheck("Assert", obtained, checker, args...) {
+		c.stopNow()
+	}
+}
+
+func (c *C) internalCheck(funcName string, obtained interface{}, checker Checker, args ...interface{}) bool {
+	if checker == nil {
+		c.logCaller(2)
+		c.logString(fmt.Sprintf("%s(obtained, nil!?, ...):", funcName))
+		c.logString("Oops.. you've provided a nil checker!")
+		c.logNewLine()
+		c.Fail()
+		return false
+	}
+
+	// If the last argument is a bug info, extract it out.
+	var comment CommentInterface
+	if len(args) > 0 {
+		if c, ok := args[len(args)-1].(CommentInterface); ok {
+			comment = c
+			args = args[:len(args)-1]
+		}
+	}
+
+	params := append([]interface{}{obtained}, args...)
+	info := checker.Info()
+
+	if len(params) != len(info.Params) {
+		names := append([]string{info.Params[0], info.Name}, info.Params[1:]...)
+		c.logCaller(2)
+		c.logString(fmt.Sprintf("%s(%s):", funcName, strings.Join(names, ", ")))
+		c.logString(fmt.Sprintf("Wrong number of parameters for %s: want %d, got %d", info.Name, len(names), len(params)+1))
+		c.logNewLine()
+		c.Fail()
+		return false
+	}
+
+	// Copy since it may be mutated by Check.
+	names := append([]string{}, info.Params...)
+
+	// Do the actual check.
+	result, error := checker.Check(params, names)
+	if !result || error != "" {
+		c.logCaller(2)
+		for i := 0; i != len(params); i++ {
+			c.logValue(names[i], params[i])
+		}
+		if comment != nil {
+			c.logString(comment.CheckCommentString())
+		}
+		if error != "" {
+			c.logString(error)
+		}
+		c.logNewLine()
+		c.Fail()
+		return false
+	}
+	return true
+}
diff --git a/vendor/gopkg.in/check.v1/printer.go b/vendor/gopkg.in/check.v1/printer.go
new file mode 100644
index 000000000..e0f7557b5
--- /dev/null
+++ b/vendor/gopkg.in/check.v1/printer.go
@@ -0,0 +1,168 @@
+package check
+
+import (
+	"bytes"
+	"go/ast"
+	"go/parser"
+	"go/printer"
+	"go/token"
+	"os"
+)
+
+func indent(s, with string) (r string) {
+	eol := true
+	for i := 0; i != len(s); i++ {
+		c := s[i]
+		switch {
+		case eol && c == '\n' || c == '\r':
+		case c == '\n' || c == '\r':
+			eol = true
+		case eol:
+			eol = false
+			s = s[:i] + with + s[i:]
+			i += len(with)
+		}
+	}
+	return s
+}
+
+func printLine(filename string, line int) (string, error) {
+	fset := token.NewFileSet()
+	file, err := os.Open(filename)
+	if err != nil {
+		return "", err
+	}
+	fnode, err := parser.ParseFile(fset, filename, file, parser.ParseComments)
+	if err != nil {
+		return "", err
+	}
+	config := &printer.Config{Mode: printer.UseSpaces, Tabwidth: 4}
+	lp := &linePrinter{fset: fset, fnode: fnode, line: line, config: config}
+	ast.Walk(lp, fnode)
+	result := lp.output.Bytes()
+	// Comments leave \n at the end.
+	n := len(result)
+	for n > 0 && result[n-1] == '\n' {
+		n--
+	}
+	return string(result[:n]), nil
+}
+
+type linePrinter struct {
+	config *printer.Config
+	fset   *token.FileSet
+	fnode  *ast.File
+	line   int
+	output bytes.Buffer
+	stmt   ast.Stmt
+}
+
+func (lp *linePrinter) emit() bool {
+	if lp.stmt != nil {
+		lp.trim(lp.stmt)
+		lp.printWithComments(lp.stmt)
+		lp.stmt = nil
+		return true
+	}
+	return false
+}
+
+func (lp *linePrinter) printWithComments(n ast.Node) {
+	nfirst := lp.fset.Position(n.Pos()).Line
+	nlast := lp.fset.Position(n.End()).Line
+	for _, g := range lp.fnode.Comments {
+		cfirst := lp.fset.Position(g.Pos()).Line
+		clast := lp.fset.Position(g.End()).Line
+		if clast == nfirst-1 && lp.fset.Position(n.Pos()).Column == lp.fset.Position(g.Pos()).Column {
+			for _, c := range g.List {
+				lp.output.WriteString(c.Text)
+				lp.output.WriteByte('\n')
+			}
+		}
+		if cfirst >= nfirst && cfirst <= nlast && n.End() <= g.List[0].Slash {
+			// The printer will not include the comment if it starts past
+			// the node itself. Trick it into printing by overlapping the
+			// slash with the end of the statement.
+			g.List[0].Slash = n.End() - 1
+		}
+	}
+	node := &printer.CommentedNode{n, lp.fnode.Comments}
+	lp.config.Fprint(&lp.output, lp.fset, node)
+}
+
+func (lp *linePrinter) Visit(n ast.Node) (w ast.Visitor) {
+	if n == nil {
+		if lp.output.Len() == 0 {
+			lp.emit()
+		}
+		return nil
+	}
+	first := lp.fset.Position(n.Pos()).Line
+	last := lp.fset.Position(n.End()).Line
+	if first <= lp.line && last >= lp.line {
+		// Print the innermost statement containing the line.
+		if stmt, ok := n.(ast.Stmt); ok {
+			if _, ok := n.(*ast.BlockStmt); !ok {
+				lp.stmt = stmt
+			}
+		}
+		if first == lp.line && lp.emit() {
+			return nil
+		}
+		return lp
+	}
+	return nil
+}
+
+func (lp *linePrinter) trim(n ast.Node) bool {
+	stmt, ok := n.(ast.Stmt)
+	if !ok {
+		return true
+	}
+	line := lp.fset.Position(n.Pos()).Line
+	if line != lp.line {
+		return false
+	}
+	switch stmt := stmt.(type) {
+	case *ast.IfStmt:
+		stmt.Body = lp.trimBlock(stmt.Body)
+	case *ast.SwitchStmt:
+		stmt.Body = lp.trimBlock(stmt.Body)
+	case *ast.TypeSwitchStmt:
+		stmt.Body = lp.trimBlock(stmt.Body)
+	case *ast.CaseClause:
+		stmt.Body = lp.trimList(stmt.Body)
+	case *ast.CommClause:
+		stmt.Body = lp.trimList(stmt.Body)
+	case *ast.BlockStmt:
+		stmt.List = lp.trimList(stmt.List)
+	}
+	return true
+}
+
+func (lp *linePrinter) trimBlock(stmt *ast.BlockStmt) *ast.BlockStmt {
+	if !lp.trim(stmt) {
+		return lp.emptyBlock(stmt)
+	}
+	stmt.Rbrace = stmt.Lbrace
+	return stmt
+}
+
+func (lp *linePrinter) trimList(stmts []ast.Stmt) []ast.Stmt {
+	for i := 0; i != len(stmts); i++ {
+		if !lp.trim(stmts[i]) {
+			stmts[i] = lp.emptyStmt(stmts[i])
+			break
+		}
+	}
+	return stmts
+}
+
+func (lp *linePrinter) emptyStmt(n ast.Node) *ast.ExprStmt {
+	return &ast.ExprStmt{&ast.Ellipsis{n.Pos(), nil}}
+}
+
+func (lp *linePrinter) emptyBlock(n ast.Node) *ast.BlockStmt {
+	p := n.Pos()
+	return &ast.BlockStmt{p, []ast.Stmt{lp.emptyStmt(n)}, p}
+}
diff --git a/vendor/gopkg.in/check.v1/reporter.go b/vendor/gopkg.in/check.v1/reporter.go
new file mode 100644
index 000000000..fb04f76f6
--- /dev/null
+++ b/vendor/gopkg.in/check.v1/reporter.go
@@ -0,0 +1,88 @@
+package check
+
+import (
+	"fmt"
+	"io"
+	"sync"
+)
+
+// -----------------------------------------------------------------------
+// Output writer manages atomic output writing according to settings.
+
+type outputWriter struct {
+	m                    sync.Mutex
+	writer               io.Writer
+	wroteCallProblemLast bool
+	Stream               bool
+	Verbose              bool
+}
+
+func newOutputWriter(writer io.Writer, stream, verbose bool) *outputWriter {
+	return &outputWriter{writer: writer, Stream: stream, Verbose: verbose}
+}
+
+func (ow *outputWriter) Write(content []byte) (n int, err error) {
+	ow.m.Lock()
+	n, err = ow.writer.Write(content)
+	ow.m.Unlock()
+	return
+}
+
+func (ow *outputWriter) WriteCallStarted(label string, c *C) {
+	if ow.Stream {
+		header := renderCallHeader(label, c, "", "\n")
+		ow.m.Lock()
+		ow.writer.Write([]byte(header))
+		ow.m.Unlock()
+	}
+}
+
+func (ow *outputWriter) WriteCallProblem(label string, c *C) {
+	var prefix string
+	if !ow.Stream {
+		prefix = "\n-----------------------------------" +
+			"-----------------------------------\n"
+	}
+	header := renderCallHeader(label, c, prefix, "\n\n")
+	ow.m.Lock()
+	ow.wroteCallProblemLast = true
+	ow.writer.Write([]byte(header))
+	if !ow.Stream {
+		c.logb.WriteTo(ow.writer)
+	}
+	ow.m.Unlock()
+}
+
+func (ow *outputWriter) WriteCallSuccess(label string, c *C) {
+	if ow.Stream || (ow.Verbose && c.kind == testKd) {
+		// TODO Use a buffer here.
+		var suffix string
+		if c.reason != "" {
+			suffix = " (" + c.reason + ")"
+		}
+		if c.status() == succeededSt {
+			suffix += "\t" + c.timerString()
+		}
+		suffix += "\n"
+		if ow.Stream {
+			suffix += "\n"
+		}
+		header := renderCallHeader(label, c, "", suffix)
+		ow.m.Lock()
+		// Resist temptation of using line as prefix above due to race.
+		if !ow.Stream && ow.wroteCallProblemLast {
+			header = "\n-----------------------------------" +
+				"-----------------------------------\n" +
+				header
+		}
+		ow.wroteCallProblemLast = false
+		ow.writer.Write([]byte(header))
+		ow.m.Unlock()
+	}
+}
+
+func renderCallHeader(label string, c *C, prefix, suffix string) string {
+	pc := c.method.PC()
+	return fmt.Sprintf("%s%s: %s: %s%s", prefix, label, niceFuncPath(pc),
+		niceFuncName(pc), suffix)
+}
diff --git a/vendor/gopkg.in/check.v1/run.go b/vendor/gopkg.in/check.v1/run.go
new file mode 100644
index 000000000..da8fd7987
--- /dev/null
+++ b/vendor/gopkg.in/check.v1/run.go
@@ -0,0 +1,175 @@
+package check
+
+import (
+	"bufio"
+	"flag"
+	"fmt"
+	"os"
+	"testing"
+	"time"
+)
+
+// -----------------------------------------------------------------------
+// Test suite registry.
+
+var allSuites []interface{}
+
+// Suite registers the given value as a test suite to be run. Any methods
+// starting with the Test prefix in the given value will be considered as
+// a test method.
+func Suite(suite interface{}) interface{} {
+	allSuites = append(allSuites, suite)
+	return suite
+}
+
+// -----------------------------------------------------------------------
+// Public running interface.
+
+var (
+	oldFilterFlag  = flag.String("gocheck.f", "", "Regular expression selecting which tests and/or suites to run")
+	oldVerboseFlag = flag.Bool("gocheck.v", false, "Verbose mode")
+	oldStreamFlag  = flag.Bool("gocheck.vv", false, "Super verbose mode (disables output caching)")
+	oldBenchFlag   = flag.Bool("gocheck.b", false, "Run benchmarks")
+	oldBenchTime   = flag.Duration("gocheck.btime", 1*time.Second, "approximate run time for each benchmark")
+	oldListFlag    = flag.Bool("gocheck.list", false, "List the names of all tests that will be run")
+	oldWorkFlag    = flag.Bool("gocheck.work", false, "Display and do not remove the test working directory")
+
+	newFilterFlag  = flag.String("check.f", "", "Regular expression selecting which tests and/or suites to run")
+	newVerboseFlag = flag.Bool("check.v", false, "Verbose mode")
+	newStreamFlag  = flag.Bool("check.vv", false, "Super verbose mode (disables output caching)")
+	newBenchFlag   = flag.Bool("check.b", false, "Run benchmarks")
+	newBenchTime   = flag.Duration("check.btime", 1*time.Second, "approximate run time for each benchmark")
+	newBenchMem    = flag.Bool("check.bmem", false, "Report memory benchmarks")
+	newListFlag    = flag.Bool("check.list", false, "List the names of all tests that will be run")
+	newWorkFlag    = flag.Bool("check.work", false, "Display and do not remove the test working directory")
+)
+
+// TestingT runs all test suites registered with the Suite function,
+// printing results to stdout, and reporting any failures back to
+// the "testing" package.
+func TestingT(testingT *testing.T) {
+	benchTime := *newBenchTime
+	if benchTime == 1*time.Second {
+		benchTime = *oldBenchTime
+	}
+	conf := &RunConf{
+		Filter:        *oldFilterFlag + *newFilterFlag,
+		Verbose:       *oldVerboseFlag || *newVerboseFlag,
+		Stream:        *oldStreamFlag || *newStreamFlag,
+		Benchmark:     *oldBenchFlag || *newBenchFlag,
+		BenchmarkTime: benchTime,
+		BenchmarkMem:  *newBenchMem,
+		KeepWorkDir:   *oldWorkFlag || *newWorkFlag,
+	}
+	if *oldListFlag || *newListFlag {
+		w := bufio.NewWriter(os.Stdout)
+		for _, name := range ListAll(conf) {
+			fmt.Fprintln(w, name)
+		}
+		w.Flush()
+		return
+	}
+	result := RunAll(conf)
+	println(result.String())
+	if !result.Passed() {
+		testingT.Fail()
+	}
+}
+
+// RunAll runs all test suites registered with the Suite function, using the
+// provided run configuration.
+func RunAll(runConf *RunConf) *Result {
+	result := Result{}
+	for _, suite := range allSuites {
+		result.Add(Run(suite, runConf))
+	}
+	return &result
+}
+
+// Run runs the provided test suite using the provided run configuration.
+func Run(suite interface{}, runConf *RunConf) *Result {
+	runner := newSuiteRunner(suite, runConf)
+	return runner.run()
+}
+
+// ListAll returns the names of all the test functions registered with the
+// Suite function that will be run with the provided run configuration.
+func ListAll(runConf *RunConf) []string {
+	var names []string
+	for _, suite := range allSuites {
+		names = append(names, List(suite, runConf)...)
+	}
+	return names
+}
+
+// List returns the names of the test functions in the given
+// suite that will be run with the provided run configuration.
+func List(suite interface{}, runConf *RunConf) []string {
+	var names []string
+	runner := newSuiteRunner(suite, runConf)
+	for _, t := range runner.tests {
+		names = append(names, t.String())
+	}
+	return names
+}
+
+// -----------------------------------------------------------------------
+// Result methods.
+
+func (r *Result) Add(other *Result) {
+	r.Succeeded += other.Succeeded
+	r.Skipped += other.Skipped
+	r.Failed += other.Failed
+	r.Panicked += other.Panicked
+	r.FixturePanicked += other.FixturePanicked
+	r.ExpectedFailures += other.ExpectedFailures
+	r.Missed += other.Missed
+	if r.WorkDir != "" && other.WorkDir != "" {
+		r.WorkDir += ":" + other.WorkDir
+	} else if other.WorkDir != "" {
+		r.WorkDir = other.WorkDir
+	}
+}
+
+func (r *Result) Passed() bool {
+	return (r.Failed == 0 && r.Panicked == 0 &&
+		r.FixturePanicked == 0 && r.Missed == 0 &&
+		r.RunError == nil)
+}
+
+func (r *Result) String() string {
+	if r.RunError != nil {
+		return "ERROR: " + r.RunError.Error()
+	}
+
+	var value string
+	if r.Failed == 0 && r.Panicked == 0 && r.FixturePanicked == 0 &&
+		r.Missed == 0 {
+		value = "OK: "
+	} else {
+		value = "OOPS: "
+	}
+	value += fmt.Sprintf("%d passed", r.Succeeded)
+	if r.Skipped != 0 {
+		value += fmt.Sprintf(", %d skipped", r.Skipped)
+	}
+	if r.ExpectedFailures != 0 {
+		value += fmt.Sprintf(", %d expected failures", r.ExpectedFailures)
+	}
+	if r.Failed != 0 {
+		value += fmt.Sprintf(", %d FAILED", r.Failed)
+	}
+	if r.Panicked != 0 {
+		value += fmt.Sprintf(", %d PANICKED", r.Panicked)
+	}
+	if r.FixturePanicked != 0 {
+		value += fmt.Sprintf(", %d FIXTURE-PANICKED", r.FixturePanicked)
+	}
+	if r.Missed != 0 {
+		value += fmt.Sprintf(", %d MISSED", r.Missed)
+	}
+	if r.WorkDir != "" {
+		value += "\nWORK=" + r.WorkDir
+	}
+	return value
+}
diff --git a/vendor/modules.txt b/vendor/modules.txt
index 9bb392e68..882c5093d 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -17,6 +17,7 @@ github.com/AliyunContainerService/ack-ram-tool/pkg/credentials/alibabacloudsdkgo
 # github.com/Azure/azure-sdk-for-go v68.0.0+incompatible
 ## explicit
 github.com/Azure/azure-sdk-for-go/services/preview/containerregistry/runtime/2019-08-15-preview/containerregistry
+github.com/Azure/azure-sdk-for-go/storage
 github.com/Azure/azure-sdk-for-go/version
 # github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161
 ## explicit; go 1.16
@@ -134,6 +135,9 @@ github.com/ProtonMail/go-crypto/openpgp/internal/ecc
 github.com/ProtonMail/go-crypto/openpgp/internal/encoding
 github.com/ProtonMail/go-crypto/openpgp/packet
 github.com/ProtonMail/go-crypto/openpgp/s2k
+# github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d
+## explicit
+github.com/Shopify/logrus-bugsnag
 # github.com/ThalesIgnite/crypto11 v1.2.5
 ## explicit; go 1.13
 github.com/ThalesIgnite/crypto11
@@ -485,18 +489,51 @@ github.com/docker/distribution
 github.com/docker/distribution/manifest
 github.com/docker/distribution/manifest/manifestlist
 github.com/docker/distribution/manifest/ocischema
+github.com/docker/distribution/manifest/schema1
 github.com/docker/distribution/manifest/schema2
 github.com/docker/distribution/metrics
+github.com/docker/distribution/notifications
 github.com/docker/distribution/reference
+github.com/docker/distribution/registry
 github.com/docker/distribution/registry/api/errcode
 github.com/docker/distribution/registry/api/v2
+github.com/docker/distribution/registry/auth
+github.com/docker/distribution/registry/auth/htpasswd
+github.com/docker/distribution/registry/auth/silly
+github.com/docker/distribution/registry/auth/token
 github.com/docker/distribution/registry/client
 github.com/docker/distribution/registry/client/auth
 github.com/docker/distribution/registry/client/auth/challenge
 github.com/docker/distribution/registry/client/transport
+github.com/docker/distribution/registry/handlers
+github.com/docker/distribution/registry/listener
+github.com/docker/distribution/registry/middleware/registry
+github.com/docker/distribution/registry/middleware/repository
+github.com/docker/distribution/registry/proxy
+github.com/docker/distribution/registry/proxy/scheduler
+github.com/docker/distribution/registry/storage
 github.com/docker/distribution/registry/storage/cache
+github.com/docker/distribution/registry/storage/cache/cachecheck
 github.com/docker/distribution/registry/storage/cache/memory
+github.com/docker/distribution/registry/storage/cache/redis
+github.com/docker/distribution/registry/storage/driver
+github.com/docker/distribution/registry/storage/driver/azure
+github.com/docker/distribution/registry/storage/driver/base
+github.com/docker/distribution/registry/storage/driver/factory
+github.com/docker/distribution/registry/storage/driver/filesystem
+github.com/docker/distribution/registry/storage/driver/gcs
+github.com/docker/distribution/registry/storage/driver/inmemory
+github.com/docker/distribution/registry/storage/driver/middleware
+github.com/docker/distribution/registry/storage/driver/middleware/cloudfront
+github.com/docker/distribution/registry/storage/driver/middleware/redirect
+github.com/docker/distribution/registry/storage/driver/oss
+github.com/docker/distribution/registry/storage/driver/s3-aws
+github.com/docker/distribution/registry/storage/driver/swift
+github.com/docker/distribution/registry/storage/driver/testdriver
+github.com/docker/distribution/registry/storage/driver/testsuites
+github.com/docker/distribution/testutil
 github.com/docker/distribution/uuid
+github.com/docker/distribution/version
 # github.com/docker/docker v24.0.7+incompatible
 ## explicit
 github.com/docker/docker/api
@@ -540,6 +577,9 @@ github.com/docker/go-metrics
 # github.com/docker/go-units v0.5.0
 ## explicit
 github.com/docker/go-units
+# github.com/docker/libtrust v0.0.0-20160708172513-aabc10ec26b7
+## explicit
+github.com/docker/libtrust
 # github.com/drone/envsubst v1.0.3
 ## explicit; go 1.13
 github.com/drone/envsubst
@@ -661,6 +701,10 @@ github.com/gardener/landscaper/controller-utils/pkg/logging/constants
 github.com/gardener/landscaper/controller-utils/pkg/utils
 github.com/gardener/landscaper/controller-utils/pkg/webhook
 github.com/gardener/landscaper/controller-utils/pkg/webhook/certificates
+# github.com/garyburd/redigo v0.0.0-20150301180006-535138d7bcd7
+## explicit
+github.com/garyburd/redigo/internal
+github.com/garyburd/redigo/redis
 # github.com/ghodss/yaml v1.0.0
 ## explicit
 github.com/ghodss/yaml
@@ -908,6 +952,15 @@ github.com/google/uuid
 ## explicit; go 1.19
 github.com/googleapis/enterprise-certificate-proxy/client
 github.com/googleapis/enterprise-certificate-proxy/client/util
+# github.com/googleapis/gax-go/v2 v2.11.0
+## explicit; go 1.19
+github.com/googleapis/gax-go/v2
+github.com/googleapis/gax-go/v2/apierror
+github.com/googleapis/gax-go/v2/apierror/internal/proto
+github.com/googleapis/gax-go/v2/internal
+# github.com/gorilla/handlers v1.5.1
+## explicit; go 1.14
+github.com/gorilla/handlers
 # github.com/gorilla/mux v1.8.0
 ## explicit; go 1.12
 github.com/gorilla/mux
@@ -991,6 +1044,12 @@ github.com/klauspost/compress/zstd/internal/xxhash
 # github.com/klauspost/pgzip v1.2.6
 ## explicit
 github.com/klauspost/pgzip
+# github.com/kr/pretty v0.3.1
+## explicit; go 1.12
+github.com/kr/pretty
+# github.com/kr/text v0.2.0
+## explicit
+github.com/kr/text
 # github.com/lann/builder v0.0.0-20180802200727-47ae307949d0
 ## explicit
 github.com/lann/builder
@@ -1158,6 +1217,10 @@ github.com/mozillazg/docker-credential-acr-helper/pkg/version
 # github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822
 ## explicit
 github.com/munnerz/goautoneg
+# github.com/ncw/swift v1.0.47
+## explicit
+github.com/ncw/swift
+github.com/ncw/swift/swifttest
 # github.com/nozzle/throttler v0.0.0-20180817012639-2ea982251481
 ## explicit
 github.com/nozzle/throttler
@@ -1493,6 +1556,9 @@ github.com/rivo/uniseg
 # github.com/robfig/cron/v3 v3.0.1
 ## explicit; go 1.12
 github.com/robfig/cron/v3
+# github.com/rogpeppe/go-internal v1.10.0
+## explicit; go 1.19
+github.com/rogpeppe/go-internal/fmtsort
 # github.com/rubenv/sql-migrate v1.3.1
 ## explicit; go 1.16
 github.com/rubenv/sql-migrate
@@ -1772,6 +1838,15 @@ github.com/xeipuuv/gojsonschema
 # github.com/xlab/treeprint v1.1.0
 ## explicit; go 1.13
 github.com/xlab/treeprint
+# github.com/yvasiyarov/go-metrics v0.0.0-20140926110328-57bccd1ccd43
+## explicit
+github.com/yvasiyarov/go-metrics
+# github.com/yvasiyarov/gorelic v0.0.0-20141212073537-a9bba5b9ab50
+## explicit
+github.com/yvasiyarov/gorelic
+# github.com/yvasiyarov/newrelic_platform_go v0.0.0-20140908184405-b21fdbd4370f
+## explicit
+github.com/yvasiyarov/newrelic_platform_go
 # github.com/zeebo/errs v1.3.0
 ## explicit; go 1.12
 github.com/zeebo/errs
@@ -2024,14 +2099,18 @@ golang.org/x/xerrors/internal
 gomodules.xyz/jsonpatch/v2
 # google.golang.org/api v0.149.0
 ## explicit; go 1.19
+google.golang.org/api/googleapi
 google.golang.org/api/googleapi/transport
 google.golang.org/api/idtoken
 google.golang.org/api/impersonate
 google.golang.org/api/internal
 google.golang.org/api/internal/cert
+google.golang.org/api/internal/gensupport
 google.golang.org/api/internal/impersonate
+google.golang.org/api/internal/third_party/uritemplates
 google.golang.org/api/option
 google.golang.org/api/option/internaloption
+google.golang.org/api/storage/v1
 google.golang.org/api/transport/http
 google.golang.org/api/transport/http/internal/propagation
 # google.golang.org/appengine v1.6.8
@@ -2048,6 +2127,8 @@ google.golang.org/appengine/internal/urlfetch
 google.golang.org/appengine/urlfetch
 # google.golang.org/genproto/googleapis/rpc v0.0.0-20231016165738-49dd2c1f3d0b
 ## explicit; go 1.19
+google.golang.org/genproto/googleapis/rpc/code
+google.golang.org/genproto/googleapis/rpc/errdetails
 google.golang.org/genproto/googleapis/rpc/status
 # google.golang.org/grpc v1.59.0
 ## explicit; go 1.19
@@ -2601,6 +2682,9 @@ oras.land/oras-go/pkg/registry/remote/auth
 oras.land/oras-go/pkg/registry/remote/internal/errutil
 oras.land/oras-go/pkg/registry/remote/internal/syncutil
 oras.land/oras-go/pkg/target
+# rsc.io/letsencrypt v0.0.3
+## explicit
+rsc.io/letsencrypt
 # sigs.k8s.io/controller-runtime v0.15.1
 ## explicit; go 1.20
 sigs.k8s.io/controller-runtime
diff --git a/vendor/rsc.io/letsencrypt/LICENSE b/vendor/rsc.io/letsencrypt/LICENSE
new file mode 100644
index 000000000..6a66aea5e
--- /dev/null
+++ b/vendor/rsc.io/letsencrypt/LICENSE
@@ -0,0 +1,27 @@
+Copyright (c) 2009 The Go Authors. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+   * Redistributions of source code must retain the above copyright
+notice, this list of conditions and the following disclaimer.
+   * Redistributions in binary form must reproduce the above
+copyright notice, this list of conditions and the following disclaimer
+in the documentation and/or other materials provided with the
+distribution.
+   * Neither the name of Google Inc. nor the names of its
+contributors may be used to endorse or promote products derived from
+this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/vendor/rsc.io/letsencrypt/README.md b/vendor/rsc.io/letsencrypt/README.md
new file mode 100644
index 000000000..99cc2f98b
--- /dev/null
+++ b/vendor/rsc.io/letsencrypt/README.md
@@ -0,0 +1,9 @@
+## rsc.io/letsencrypt is superseded by [golang.org/x/crypto/acme/autocert](https://golang.org/x/crypto/acme/autocert).
+
+The latest old rsc.io/letsencrypt is tagged v0.0.2 if you must use it.
+
+But don't.
+
+It hasn't been updated in years and probably carries security problems with it.
+
+**Use [golang.org/x/crypto/acme/autocert](https://golang.org/x/crypto/acme/autocert) instead.**
diff --git a/vendor/rsc.io/letsencrypt/doc.go b/vendor/rsc.io/letsencrypt/doc.go
new file mode 100644
index 000000000..63ebffe28
--- /dev/null
+++ b/vendor/rsc.io/letsencrypt/doc.go
@@ -0,0 +1,11 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package letsencrypt is superseded by golang.org/x/crypto/acme/autocert.
+// Use that instead.
+//
+// Everything in this package has been deleted.
+// If you need the latest non-deleted copy, use v0.0.2
+// (but really, use golang.org/x/crypto/acme/autocert).
+package letsencrypt

From 5c473c3cb5db66f9e004591189db9f2b88882dcc Mon Sep 17 00:00:00 2001
From: achimweigel <achim.weigel@sap.com>
Date: Wed, 6 Dec 2023 10:59:36 +0100
Subject: [PATCH 11/23] Log read ops (#915)

* log reads on debug level with read id (run-int-tests)
---
 .../pkg/logging/constants/constants.go        |   2 +
 pkg/agent/agent.go                            |   8 +-
 pkg/deployer/container/container_reconcile.go |   3 +-
 pkg/deployer/container/garbage_collector.go   |  16 +-
 pkg/deployer/container/pod.go                 |  11 +-
 pkg/deployer/container/state/state.go         |   8 +-
 pkg/deployer/container/wait/uploadexport.go   |   4 +-
 pkg/deployer/container/wait/wait.go           |   4 +-
 pkg/deployer/lib/controller.go                |   7 +-
 pkg/deployer/lib/interruption_checker.go      |   2 +-
 .../readinesscheck/customreadinesscheck.go    |   6 +-
 pkg/deployer/lib/readinesscheck/readiness.go  |   4 +-
 pkg/deployer/lib/resourcemanager/exporter.go  |   9 +-
 .../lib/resourcemanager/objectapplier.go      |   8 +-
 pkg/deployer/lib/utils.go                     |  10 +-
 pkg/deployer/manifest/ensure.go               |   2 +-
 .../controller/controller.go                  |   2 +-
 .../controller/deployer_management_delete.go  |   4 +-
 .../deployer_management_reconcile.go          |   2 +-
 .../controllers/deployitem/reconcile.go       |   2 +-
 .../controllers/execution/controller.go       |   5 +-
 .../controllers/healthcheck/healthchecker.go  |   9 +-
 .../controllers/installations/cleaner.go      |   8 +-
 .../controllers/installations/controller.go   |   5 +-
 .../controllers/installations/reconcile.go    |   4 +-
 .../targetsync/targetsync_controller.go       |  17 +-
 pkg/landscaper/execution/execution.go         |   7 +-
 pkg/landscaper/execution/helper.go            |   5 +-
 pkg/landscaper/installations/context.go       |   3 +-
 .../installations/executions/complete.go      |   3 +-
 .../installations/executions/operation.go     |   3 +-
 .../installations/exports/constructor.go      |  10 +-
 pkg/landscaper/installations/helper.go        |   6 +-
 pkg/landscaper/installations/operation.go     |  12 +-
 pkg/landscaper/installations/trigger.go       |   2 +-
 pkg/utils/clusters/source_client_provider.go  |   4 +-
 pkg/utils/landscaper/landscaper.go            |  19 ++-
 pkg/utils/lock/lock_cleaner.go                |   6 +-
 pkg/utils/lock/locker.go                      |   4 +-
 pkg/utils/read_write_layer/consts.go          |  86 ++++++++++
 pkg/utils/read_write_layer/read.go            | 152 +++++++++++++++---
 .../pkg/logging/constants/constants.go        |   2 +
 42 files changed, 374 insertions(+), 112 deletions(-)

diff --git a/controller-utils/pkg/logging/constants/constants.go b/controller-utils/pkg/logging/constants/constants.go
index d6055eb3f..a86840318 100755
--- a/controller-utils/pkg/logging/constants/constants.go
+++ b/controller-utils/pkg/logging/constants/constants.go
@@ -33,6 +33,8 @@ const (
 	KeyExecutionPhase = "executionPhase"
 	// KeyDeployItemPhase is for the phase of a deployitem.
 	KeyDeployItemPhase = "deployitemPhase"
+	// KeyReadID is for a reader ID.
+	KeyReadID = "readID"
 	// KeyWriteID is for a writer ID.
 	KeyWriteID = "writeID"
 	// KeyGeneration is for the generation of a resource.
diff --git a/pkg/agent/agent.go b/pkg/agent/agent.go
index 5cf4e5b21..20624ca11 100644
--- a/pkg/agent/agent.go
+++ b/pkg/agent/agent.go
@@ -10,6 +10,8 @@ import (
 	"os"
 	"time"
 
+	"github.com/gardener/landscaper/pkg/utils/read_write_layer"
+
 	corev1 "k8s.io/api/core/v1"
 	rbacv1 "k8s.io/api/rbac/v1"
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
@@ -103,7 +105,7 @@ func (a *Agent) EnsureLandscaperResources(ctx context.Context, lsClient, hostCli
 		env.Spec.HostTarget.TargetSpec = target.Spec
 	}
 
-	if err := lsClient.Get(ctx, kutil.ObjectKeyFromObject(env), env); err != nil {
+	if err := read_write_layer.GetEnv(ctx, lsClient, kutil.ObjectKeyFromObject(env), env, read_write_layer.R000038); err != nil {
 		if apierrors.IsNotFound(err) {
 			logger.Info("Environment not found, creating it")
 			mutateFunc()
@@ -230,9 +232,11 @@ func (a *Agent) RemoveHostResources(ctx context.Context, kubeClient client.Clien
 			}
 		}
 	}
+
 	err := wait.PollUntilContextTimeout(ctx, 10*time.Second, 5*time.Minute, true, func(ctx context.Context) (done bool, err error) {
 		for _, obj := range resources {
-			if err := kubeClient.Get(ctx, kutil.ObjectKeyFromObject(obj), obj); err != nil {
+
+			if err := read_write_layer.GetObject(ctx, kubeClient, kutil.ObjectKeyFromObject(obj), obj, read_write_layer.R000039); err != nil {
 				if apierrors.IsNotFound(err) {
 					continue
 				}
diff --git a/pkg/deployer/container/container_reconcile.go b/pkg/deployer/container/container_reconcile.go
index 772ad6a5f..5ae4ceb21 100644
--- a/pkg/deployer/container/container_reconcile.go
+++ b/pkg/deployer/container/container_reconcile.go
@@ -89,7 +89,8 @@ func (c *Container) Reconcile(ctx context.Context, operation container.Operation
 
 		// before we start syncing lets read the current deploy item from the server
 		oldDeployItem := &lsv1alpha1.DeployItem{}
-		if err := read_write_layer.GetDeployItem(ctx, c.lsClient, kutil.ObjectKey(c.DeployItem.GetName(), c.DeployItem.GetNamespace()), oldDeployItem); err != nil {
+		if err := read_write_layer.GetDeployItem(ctx, c.lsClient, kutil.ObjectKey(c.DeployItem.GetName(),
+			c.DeployItem.GetNamespace()), oldDeployItem, read_write_layer.R000027); err != nil {
 			return lserrors.NewWrappedError(err,
 				operationName, "FetchDeployItem", err.Error())
 		}
diff --git a/pkg/deployer/container/garbage_collector.go b/pkg/deployer/container/garbage_collector.go
index 88ee27a55..caf6951ec 100644
--- a/pkg/deployer/container/garbage_collector.go
+++ b/pkg/deployer/container/garbage_collector.go
@@ -121,7 +121,7 @@ func (gc *GarbageCollector) Cleanup(ctx context.Context) {
 
 	// cleanup secrets
 	secretList := &corev1.SecretList{}
-	if err := gc.hostClient.List(ctx, secretList, listOptions...); err != nil {
+	if err := read_write_layer.ListSecrets(ctx, gc.hostClient, secretList, read_write_layer.R000074, listOptions...); err != nil {
 		logger.Error(err, err.Error())
 	}
 
@@ -135,7 +135,7 @@ func (gc *GarbageCollector) Cleanup(ctx context.Context) {
 	if !gc.keepPods {
 		// cleanup pods
 		podList := &corev1.PodList{}
-		if err := gc.hostClient.List(ctx, podList, listOptions...); err != nil {
+		if err := read_write_layer.ListPods(ctx, gc.hostClient, podList, read_write_layer.R000075, listOptions...); err != nil {
 			logger.Error(err, err.Error())
 		}
 
@@ -233,10 +233,12 @@ func (gc *GarbageCollector) isLatestPod(ctx context.Context, pod *corev1.Pod) (b
 	)
 
 	podList := &corev1.PodList{}
-	if err := gc.hostClient.List(ctx, podList, client.InNamespace(gc.hostNamespace), client.MatchingLabels{
-		container.ContainerDeployerDeployItemNameLabel:      diName,
-		container.ContainerDeployerDeployItemNamespaceLabel: diNamespace,
-	}); err != nil {
+	if err := read_write_layer.ListPods(ctx, gc.hostClient, podList, read_write_layer.R000076,
+		client.InNamespace(gc.hostNamespace),
+		client.MatchingLabels{
+			container.ContainerDeployerDeployItemNameLabel:      diName,
+			container.ContainerDeployerDeployItemNamespaceLabel: diNamespace,
+		}); err != nil {
 		return false, err
 	}
 
@@ -280,7 +282,7 @@ func (gc *GarbageCollector) shouldGarbageCollect(ctx context.Context, obj client
 		Name:      obj.GetLabels()[container.ContainerDeployerDeployItemNameLabel],
 	}
 	logger := gc.log.WithValues("deployItem", key.String(), lc.KeyResource, kutil.ObjectKeyFromObject(obj).String())
-	if err := read_write_layer.GetDeployItem(ctx, gc.lsClient, key, di); err != nil {
+	if err := read_write_layer.GetDeployItem(ctx, gc.lsClient, key, di, read_write_layer.R000036); err != nil {
 		if apierrors.IsNotFound(err) {
 			return true, nil
 		}
diff --git a/pkg/deployer/container/pod.go b/pkg/deployer/container/pod.go
index 800307697..cde1fae75 100644
--- a/pkg/deployer/container/pod.go
+++ b/pkg/deployer/container/pod.go
@@ -11,6 +11,8 @@ import (
 	"path/filepath"
 	"strconv"
 
+	"github.com/gardener/landscaper/pkg/utils/read_write_layer"
+
 	corev1 "k8s.io/api/core/v1"
 	rbacv1 "k8s.io/api/rbac/v1"
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
@@ -364,10 +366,11 @@ func generatePod(opts PodOptions) (*corev1.Pod, error) {
 // Pods that have no finalizer are ignored.
 func (c *Container) getPod(ctx context.Context) (*corev1.Pod, error) {
 	podList := &corev1.PodList{}
-	if err := c.hostClient.List(ctx, podList, client.InNamespace(c.Configuration.Namespace), client.MatchingLabels{
-		container.ContainerDeployerDeployItemNameLabel:      c.DeployItem.Name,
-		container.ContainerDeployerDeployItemNamespaceLabel: c.DeployItem.Namespace,
-	}); err != nil {
+	if err := read_write_layer.ListPods(ctx, c.hostClient, podList, read_write_layer.R000077,
+		client.InNamespace(c.Configuration.Namespace), client.MatchingLabels{
+			container.ContainerDeployerDeployItemNameLabel:      c.DeployItem.Name,
+			container.ContainerDeployerDeployItemNamespaceLabel: c.DeployItem.Namespace,
+		}); err != nil {
 		return nil, err
 	}
 
diff --git a/pkg/deployer/container/state/state.go b/pkg/deployer/container/state/state.go
index 12c3e9e19..ac64ccfd3 100644
--- a/pkg/deployer/container/state/state.go
+++ b/pkg/deployer/container/state/state.go
@@ -16,6 +16,8 @@ import (
 	"sync"
 	"time"
 
+	"github.com/gardener/landscaper/pkg/utils/read_write_layer"
+
 	"github.com/google/uuid"
 	"github.com/mandelsoft/vfs/pkg/osfs"
 	"github.com/mandelsoft/vfs/pkg/vfs"
@@ -127,7 +129,8 @@ func (s *State) Restore(ctx context.Context) error {
 	}
 
 	secretList := &corev1.SecretList{}
-	if err := s.kubeClient.List(ctx, secretList, StateSecretListOptions(s.namespace, s.deployItem)...); err != nil {
+	if err := read_write_layer.ListSecrets(ctx, s.kubeClient, secretList, read_write_layer.R000078,
+		StateSecretListOptions(s.namespace, s.deployItem)...); err != nil {
 		if apierrors.IsNotFound(err) {
 			return nil
 		}
@@ -264,7 +267,8 @@ func (s stateSecretsList) Less(i, j int) bool {
 // CleanupState deletes all state secrets for a deployitem
 func CleanupState(ctx context.Context, log logging.Logger, kubeClient client.Client, namespace string, deployItem lsv1alpha1.ObjectReference) error {
 	secretList := &corev1.SecretList{}
-	if err := kubeClient.List(ctx, secretList, StateSecretListOptions(namespace, deployItem)...); err != nil {
+	if err := read_write_layer.ListSecrets(ctx, kubeClient, secretList, read_write_layer.R000079,
+		StateSecretListOptions(namespace, deployItem)...); err != nil {
 		return nil
 	}
 
diff --git a/pkg/deployer/container/wait/uploadexport.go b/pkg/deployer/container/wait/uploadexport.go
index faa0a9425..7a2fa4028 100644
--- a/pkg/deployer/container/wait/uploadexport.go
+++ b/pkg/deployer/container/wait/uploadexport.go
@@ -10,6 +10,8 @@ import (
 	"fmt"
 	"os"
 
+	"github.com/gardener/landscaper/pkg/utils/read_write_layer"
+
 	corev1 "k8s.io/api/core/v1"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
@@ -26,7 +28,7 @@ import (
 func UploadExport(ctx context.Context, kubeClient client.Client, deployItemKey lsv1alpha1.ObjectReference, podKey lsv1alpha1.ObjectReference, exportFilePath string) error {
 	log, ctx := logging.FromContextOrNew(ctx, nil)
 	pod := &corev1.Pod{}
-	if err := kubeClient.Get(ctx, podKey.NamespacedName(), pod); err != nil {
+	if err := read_write_layer.GetPod(ctx, kubeClient, podKey.NamespacedName(), pod, read_write_layer.R000040); err != nil {
 		return err
 	}
 	mainContainerStatus, err := kutil.GetStatusForContainer(pod.Status.ContainerStatuses, container.MainContainerName)
diff --git a/pkg/deployer/container/wait/wait.go b/pkg/deployer/container/wait/wait.go
index 00d16935d..866c5e609 100644
--- a/pkg/deployer/container/wait/wait.go
+++ b/pkg/deployer/container/wait/wait.go
@@ -9,6 +9,8 @@ import (
 	"math"
 	"time"
 
+	"github.com/gardener/landscaper/pkg/utils/read_write_layer"
+
 	corev1 "k8s.io/api/core/v1"
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	"k8s.io/apimachinery/pkg/util/wait"
@@ -35,7 +37,7 @@ func WaitUntilMainContainerFinished(ctx context.Context, kubeClient client.Clien
 	// no timeout is needed as we use the max active seconds of the pod to react on the timeout
 	return wait.ExponentialBackoff(backoff, func() (bool, error) {
 		pod := &corev1.Pod{}
-		if err := kubeClient.Get(ctx, podKey, pod); err != nil {
+		if err := read_write_layer.GetPod(ctx, kubeClient, podKey, pod, read_write_layer.R000041); err != nil {
 			if apierrors.IsNotFound(err) {
 				return false, err
 			}
diff --git a/pkg/deployer/lib/controller.go b/pkg/deployer/lib/controller.go
index d5114b680..b74d0d022 100644
--- a/pkg/deployer/lib/controller.go
+++ b/pkg/deployer/lib/controller.go
@@ -170,7 +170,7 @@ func (c *controller) Reconcile(ctx context.Context, req reconcile.Request) (reco
 	defer c.workerCounter.Exit()
 
 	metadata := lsutil.EmptyDeployItemMetadata()
-	if err := c.lsClient.Get(ctx, req.NamespacedName, metadata); err != nil {
+	if err := read_write_layer.GetMetaData(ctx, c.lsClient, req.NamespacedName, metadata, read_write_layer.R000042); err != nil {
 		if apierrors.IsNotFound(err) {
 			logger.Debug(err.Error())
 			return reconcile.Result{}, nil
@@ -214,7 +214,7 @@ func (c *controller) reconcilePrivate(ctx context.Context, metadata *metav1.Part
 
 	logger, ctx := logging.FromContextOrNew(ctx, nil)
 	di := &lsv1alpha1.DeployItem{}
-	if err := read_write_layer.GetDeployItem(ctx, c.lsClient, client.ObjectKeyFromObject(metadata), di); err != nil {
+	if err := read_write_layer.GetDeployItem(ctx, c.lsClient, client.ObjectKeyFromObject(metadata), di, read_write_layer.R000035); err != nil {
 		if apierrors.IsNotFound(err) {
 			logger.Debug(err.Error())
 			return reconcile.Result{}, nil
@@ -328,7 +328,8 @@ func (c *controller) getContext(ctx context.Context, deployItem *lsv1alpha1.Depl
 	}
 
 	lsCtx := &lsv1alpha1.Context{}
-	if err := c.lsClient.Get(ctx, kutil.ObjectKey(contextName, deployItem.Namespace), lsCtx); err != nil {
+	if err := read_write_layer.GetContext(ctx, c.lsClient, kutil.ObjectKey(contextName, deployItem.Namespace), lsCtx,
+		read_write_layer.R000043); err != nil {
 		return nil, lserrors.NewWrappedError(err, operation, "GetLandscaperContext", err.Error())
 	}
 
diff --git a/pkg/deployer/lib/interruption_checker.go b/pkg/deployer/lib/interruption_checker.go
index 95d2c4e01..7bf82ceef 100644
--- a/pkg/deployer/lib/interruption_checker.go
+++ b/pkg/deployer/lib/interruption_checker.go
@@ -28,7 +28,7 @@ func (c *InterruptionChecker) Check(ctx context.Context) error {
 	}
 
 	di := &lsv1alpha1.DeployItem{}
-	err := read_write_layer.GetDeployItem(ctx, c.lsClient, client.ObjectKeyFromObject(c.deployItem), di)
+	err := read_write_layer.GetDeployItem(ctx, c.lsClient, client.ObjectKeyFromObject(c.deployItem), di, read_write_layer.R000026)
 	if err != nil {
 		return err
 	}
diff --git a/pkg/deployer/lib/readinesscheck/customreadinesscheck.go b/pkg/deployer/lib/readinesscheck/customreadinesscheck.go
index 11ff6a37c..05f423876 100644
--- a/pkg/deployer/lib/readinesscheck/customreadinesscheck.go
+++ b/pkg/deployer/lib/readinesscheck/customreadinesscheck.go
@@ -11,6 +11,8 @@ import (
 	"reflect"
 	"strings"
 
+	"github.com/gardener/landscaper/pkg/utils/read_write_layer"
+
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	"k8s.io/apimachinery/pkg/labels"
 
@@ -160,7 +162,7 @@ func getObjectsByTypedReference(ctx context.Context, cl client.Client, key []lsv
 		obj := &unstructured.Unstructured{}
 		obj.SetAPIVersion(k.APIVersion)
 		obj.SetKind(k.Kind)
-		if err := cl.Get(ctx, k.ObjectReference.NamespacedName(), obj); err != nil {
+		if err := read_write_layer.GetUnstructured(ctx, cl, k.ObjectReference.NamespacedName(), obj, read_write_layer.R000044); err != nil {
 			if apierrors.IsNotFound(err) {
 				return nil, NewObjectNotReadyError(obj, err)
 			} else {
@@ -181,7 +183,7 @@ func getObjectsByLabels(ctx context.Context, cl client.Client, selector *health.
 	objList.SetAPIVersion(selector.APIVersion)
 	objList.SetKind(selector.Kind)
 
-	if err := cl.List(ctx, objList, &client.ListOptions{
+	if err := read_write_layer.ListUnstructured(ctx, cl, objList, read_write_layer.R000080, &client.ListOptions{
 		LabelSelector: labels.SelectorFromSet(selector.Labels),
 	}); err != nil {
 		return nil, NewRecoverableError(err)
diff --git a/pkg/deployer/lib/readinesscheck/readiness.go b/pkg/deployer/lib/readinesscheck/readiness.go
index c24f9ee66..210ea6e2a 100644
--- a/pkg/deployer/lib/readinesscheck/readiness.go
+++ b/pkg/deployer/lib/readinesscheck/readiness.go
@@ -9,6 +9,8 @@ import (
 	"fmt"
 	"time"
 
+	"github.com/gardener/landscaper/pkg/utils/read_write_layer"
+
 	lsv1alpha1 "github.com/gardener/landscaper/apis/core/v1alpha1"
 	lserror "github.com/gardener/landscaper/apis/errors"
 
@@ -169,7 +171,7 @@ func IsObjectReady(ctx context.Context, kubeClient client.Client, obj *unstructu
 		lc.KeyResource, kutil.ObjectKey(obj.GetName(), obj.GetNamespace()).String())
 
 	key := kutil.ObjectKey(obj.GetName(), obj.GetNamespace())
-	if err := kubeClient.Get(ctx, key, obj); err != nil {
+	if err := read_write_layer.GetUnstructured(ctx, kubeClient, key, obj, read_write_layer.R000045); err != nil {
 		objLog.Debug("Resource status", lc.KeyStatus, StatusUnknown)
 		return NewRecoverableError(fmt.Errorf("unable to get %s %s/%s: %w",
 			obj.GroupVersionKind().String(),
diff --git a/pkg/deployer/lib/resourcemanager/exporter.go b/pkg/deployer/lib/resourcemanager/exporter.go
index 9dce84571..124939d27 100644
--- a/pkg/deployer/lib/resourcemanager/exporter.go
+++ b/pkg/deployer/lib/resourcemanager/exporter.go
@@ -9,6 +9,8 @@ import (
 	"fmt"
 	"time"
 
+	"github.com/gardener/landscaper/pkg/utils/read_write_layer"
+
 	"k8s.io/apimachinery/pkg/util/wait"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 
@@ -100,7 +102,8 @@ func (e *Exporter) Export(ctx context.Context, exports *managedresource.Exports)
 func (e *Exporter) doExport(ctx context.Context, export managedresource.Export) (map[string]interface{}, error) {
 	// get resource from client
 	obj := kutil.ObjectFromTypedObjectReference(export.FromResource)
-	if err := e.kubeClient.Get(ctx, kutil.ObjectKeyFromObject(obj), obj); err != nil {
+	if err := read_write_layer.GetUnstructured(ctx, e.kubeClient, kutil.ObjectKeyFromObject(obj), obj,
+		read_write_layer.R000046); err != nil {
 		return nil, err
 	}
 
@@ -157,7 +160,9 @@ func (e *Exporter) exportFromReferencedResource(ctx context.Context, export mana
 			Namespace: namespace,
 		},
 	})
-	if err := e.kubeClient.Get(ctx, kutil.ObjectKeyFromObject(obj), obj); err != nil {
+
+	if err := read_write_layer.GetUnstructured(ctx, e.kubeClient, kutil.ObjectKeyFromObject(obj), obj,
+		read_write_layer.R000047); err != nil {
 		return nil, err
 	}
 
diff --git a/pkg/deployer/lib/resourcemanager/objectapplier.go b/pkg/deployer/lib/resourcemanager/objectapplier.go
index 49786c616..59dc2e14f 100644
--- a/pkg/deployer/lib/resourcemanager/objectapplier.go
+++ b/pkg/deployer/lib/resourcemanager/objectapplier.go
@@ -12,6 +12,8 @@ import (
 	"sort"
 	"sync"
 
+	"github.com/gardener/landscaper/pkg/utils/read_write_layer"
+
 	"github.com/imdario/mergo"
 	corev1 "k8s.io/api/core/v1"
 	extv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
@@ -233,7 +235,8 @@ func (a *ManifestApplier) applyObject(ctx context.Context, manifest *Manifest) (
 	currObj := unstructured.Unstructured{} // can't use obj.NewEmptyInstance() as this returns a runtime.Unstructured object which doesn't implement client.Object
 	currObj.GetObjectKind().SetGroupVersionKind(obj.GetObjectKind().GroupVersionKind())
 	key := kutil.ObjectKey(obj.GetName(), obj.GetNamespace())
-	if err := a.kubeClient.Get(ctx, key, &currObj); err != nil {
+
+	if err := read_write_layer.GetUnstructured(ctx, a.kubeClient, key, &currObj, read_write_layer.R000048); err != nil {
 		if !apierrors.IsNotFound(err) {
 			return nil, fmt.Errorf("unable to get object: %w", err)
 		}
@@ -370,7 +373,8 @@ func (a *ManifestApplier) cleanupOrphanedResources(ctx context.Context, managedR
 		ref := mr.Resource
 		obj := kutil.ObjectFromCoreObjectReference(&ref)
 		key := kutil.ObjectKey(ref.Name, ref.Namespace)
-		if err := a.kubeClient.Get(ctx, key, obj); err != nil {
+
+		if err := read_write_layer.GetUnstructured(ctx, a.kubeClient, key, obj, read_write_layer.R000049); err != nil {
 			if apierrors.IsNotFound(err) {
 				logger2.Debug("Object not found")
 				continue
diff --git a/pkg/deployer/lib/utils.go b/pkg/deployer/lib/utils.go
index a1cf3b94f..82489ac23 100644
--- a/pkg/deployer/lib/utils.go
+++ b/pkg/deployer/lib/utils.go
@@ -58,7 +58,7 @@ func GetKubeconfigFromSecretRef(ctx context.Context, ref *lsv1alpha1.SecretRefer
 
 	secret := &corev1.Secret{}
 	secretKey := client.ObjectKey{Name: ref.Name, Namespace: targetNamespace}
-	if err := lsClient.Get(ctx, secretKey, secret); err != nil {
+	if err := read_write_layer.GetSecret(ctx, lsClient, secretKey, secret, read_write_layer.R000050); err != nil {
 		return nil, apierrors.NewNotFound(schema.GroupResource{
 			Resource: "secret",
 		}, ref.Name)
@@ -167,7 +167,8 @@ func HandleReconcileResult(ctx context.Context, err lserrors.LsError, oldDeployI
 			if !deployItem.DeletionTimestamp.IsZero() {
 				// recheck if already deleted
 				diRecheck := &lsv1alpha1.DeployItem{}
-				errRecheck := read_write_layer.GetDeployItem(ctx, lsClient, kutil.ObjectKey(deployItem.Name, deployItem.Namespace), diRecheck)
+				errRecheck := read_write_layer.GetDeployItem(ctx, lsClient, kutil.ObjectKey(deployItem.Name, deployItem.Namespace),
+					diRecheck, read_write_layer.R000030)
 				if errRecheck != nil && apierrors.IsNotFound(errRecheck) {
 					return nil
 				}
@@ -195,7 +196,7 @@ func CheckResponsibility(ctx context.Context, lsClient client.Client, obj *metav
 	if !found {
 		// deploy item in old version
 		di := &lsv1alpha1.DeployItem{}
-		if err := read_write_layer.GetDeployItem(ctx, lsClient, client.ObjectKeyFromObject(obj), di); err != nil {
+		if err := read_write_layer.GetDeployItem(ctx, lsClient, client.ObjectKeyFromObject(obj), di, read_write_layer.R000032); err != nil {
 			return nil, false, false, lserrors.NewWrappedError(err, "CheckResponsibility", "fetchDeployItem",
 				"fetching deploy item failed")
 		}
@@ -259,7 +260,8 @@ func checkTargetResponsibility(ctx context.Context, lsClient client.Client,
 
 	logger.Debug("Found target. Checking responsibility")
 	target := &lsv1alpha1.Target{}
-	if err := lsClient.Get(ctx, client.ObjectKey{Namespace: targetNamespace, Name: targetName}, target); err != nil {
+	if err := read_write_layer.GetTarget(ctx, lsClient, client.ObjectKey{Namespace: targetNamespace, Name: targetName},
+		target, read_write_layer.R000051); err != nil {
 		lsError := lserrors.NewWrappedError(err, op, "FetchTarget", "unable to get target for deploy item - other error")
 		if apierrors.IsNotFound(err) {
 			return nil, true, true, nil
diff --git a/pkg/deployer/manifest/ensure.go b/pkg/deployer/manifest/ensure.go
index 0ebfc6e10..16263890c 100644
--- a/pkg/deployer/manifest/ensure.go
+++ b/pkg/deployer/manifest/ensure.go
@@ -214,7 +214,7 @@ func (m *Manifest) Delete(ctx context.Context) error {
 		currObj := unstructured.Unstructured{} // can't use obj.NewEmptyInstance() as this returns a runtime.Unstructured object which doesn't implement client.Object
 		currObj.GetObjectKind().SetGroupVersionKind(obj.GetObjectKind().GroupVersionKind())
 		key := kutil.ObjectKey(obj.GetName(), obj.GetNamespace())
-		if err := kubeClient.Get(ctx, key, &currObj); err != nil {
+		if err := read_write_layer.GetUnstructured(ctx, kubeClient, key, &currObj, read_write_layer.R000052); err != nil {
 			if apierrors.IsNotFound(err) {
 				continue
 			}
diff --git a/pkg/deployermanagement/controller/controller.go b/pkg/deployermanagement/controller/controller.go
index 2fcfb9bbc..e99785f77 100644
--- a/pkg/deployermanagement/controller/controller.go
+++ b/pkg/deployermanagement/controller/controller.go
@@ -251,7 +251,7 @@ func (con *InstallationController) Reconcile(ctx context.Context, req reconcile.
 	}
 
 	inst := &lsv1alpha1.Installation{}
-	if err := read_write_layer.GetInstallation(ctx, con.client, req.NamespacedName, inst); err != nil {
+	if err := read_write_layer.GetInstallation(ctx, con.client, req.NamespacedName, inst, read_write_layer.R000005); err != nil {
 		if apierrors.IsNotFound(err) {
 			logger.Info(err.Error())
 			return reconcile.Result{}, nil
diff --git a/pkg/deployermanagement/controller/deployer_management_delete.go b/pkg/deployermanagement/controller/deployer_management_delete.go
index 8e4054092..4308c3d92 100644
--- a/pkg/deployermanagement/controller/deployer_management_delete.go
+++ b/pkg/deployermanagement/controller/deployer_management_delete.go
@@ -25,7 +25,7 @@ func (dm *DeployerManagement) Delete(ctx context.Context, registration *lsv1alph
 	}
 	instKey := kutil.ObjectKeyFromObject(inst)
 
-	if err := read_write_layer.GetInstallation(ctx, dm.client, instKey, inst); err != nil {
+	if err := read_write_layer.GetInstallation(ctx, dm.client, instKey, inst, read_write_layer.R000013); err != nil {
 		if apierrors.IsNotFound(err) {
 			// installation is already deleted
 			// nothing to do.
@@ -40,7 +40,7 @@ func (dm *DeployerManagement) Delete(ctx context.Context, registration *lsv1alph
 	}
 	// wait for installation deletion.
 	return wait.PollUntilContextTimeout(ctx, 20*time.Second, 5*time.Minute, true, func(ctx context.Context) (done bool, err error) {
-		if err := read_write_layer.GetInstallation(ctx, dm.client, instKey, inst); err != nil {
+		if err := read_write_layer.GetInstallation(ctx, dm.client, instKey, inst, read_write_layer.R000007); err != nil {
 			if apierrors.IsNotFound(err) {
 				return true, nil
 			}
diff --git a/pkg/deployermanagement/controller/deployer_management_reconcile.go b/pkg/deployermanagement/controller/deployer_management_reconcile.go
index fef4605a7..a586a9dfa 100644
--- a/pkg/deployermanagement/controller/deployer_management_reconcile.go
+++ b/pkg/deployermanagement/controller/deployer_management_reconcile.go
@@ -133,7 +133,7 @@ func (dm *DeployerManagement) getInstallation(ctx context.Context,
 	log, ctx := logging.FromContextOrNew(ctx, nil, lc.KeyMethod, "getInstallation")
 
 	installations := &lsv1alpha1.InstallationList{}
-	if err := read_write_layer.ListInstallations(ctx, dm.client, installations,
+	if err := read_write_layer.ListInstallations(ctx, dm.client, installations, read_write_layer.R000017,
 		client.InNamespace(dm.config.Namespace),
 		client.MatchingLabels{
 			lsv1alpha1.DeployerEnvironmentLabelName:  env.Name,
diff --git a/pkg/landscaper/controllers/deployitem/reconcile.go b/pkg/landscaper/controllers/deployitem/reconcile.go
index d53c5bbc8..ed7bd02b1 100644
--- a/pkg/landscaper/controllers/deployitem/reconcile.go
+++ b/pkg/landscaper/controllers/deployitem/reconcile.go
@@ -30,7 +30,7 @@ func (con *controller) Reconcile(ctx context.Context, req reconcile.Request) (re
 	defer con.workerCounter.Exit()
 
 	di := &lsv1alpha1.DeployItem{}
-	if err := read_write_layer.GetDeployItem(ctx, con.c, req.NamespacedName, di); err != nil {
+	if err := read_write_layer.GetDeployItem(ctx, con.c, req.NamespacedName, di, read_write_layer.R000028); err != nil {
 		if apierrors.IsNotFound(err) {
 			logger.Info(err.Error())
 			return reconcile.Result{}, nil
diff --git a/pkg/landscaper/controllers/execution/controller.go b/pkg/landscaper/controllers/execution/controller.go
index bee4986b4..658678ba4 100644
--- a/pkg/landscaper/controllers/execution/controller.go
+++ b/pkg/landscaper/controllers/execution/controller.go
@@ -90,7 +90,7 @@ func (c *controller) Reconcile(ctx context.Context, req reconcile.Request) (reco
 	}
 
 	exec := &lsv1alpha1.Execution{}
-	if err := read_write_layer.GetExecution(ctx, c.lsClient, req.NamespacedName, exec); err != nil {
+	if err := read_write_layer.GetExecution(ctx, c.lsClient, req.NamespacedName, exec, read_write_layer.R000019); err != nil {
 		if apierrors.IsNotFound(err) {
 			logger.Info(err.Error())
 			return reconcile.Result{}, nil
@@ -370,7 +370,8 @@ func (c *controller) setExecutionPhaseAndUpdate(ctx context.Context, exec *lsv1a
 		if exec.Status.ExecutionPhase == lsv1alpha1.ExecutionPhases.Deleting {
 			// recheck if already deleted
 			execRecheck := &lsv1alpha1.Execution{}
-			errRecheck := read_write_layer.GetExecution(ctx, c.lsClient, kutil.ObjectKey(exec.Name, exec.Namespace), execRecheck)
+			errRecheck := read_write_layer.GetExecution(ctx, c.lsClient, kutil.ObjectKey(exec.Name, exec.Namespace),
+				execRecheck, read_write_layer.R000021)
 			if errRecheck != nil && apierrors.IsNotFound(errRecheck) {
 				return nil
 			}
diff --git a/pkg/landscaper/controllers/healthcheck/healthchecker.go b/pkg/landscaper/controllers/healthcheck/healthchecker.go
index 72ed37059..3dd2564ba 100644
--- a/pkg/landscaper/controllers/healthcheck/healthchecker.go
+++ b/pkg/landscaper/controllers/healthcheck/healthchecker.go
@@ -8,6 +8,8 @@ import (
 	"fmt"
 	"time"
 
+	"github.com/gardener/landscaper/pkg/utils/read_write_layer"
+
 	v1 "k8s.io/api/apps/v1"
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -70,7 +72,8 @@ func (c *HealthChecker) initializeHealthCheck(ctx context.Context) error {
 	log.Info("initializing healthcheck")
 
 	lsHealthCheckList := &lsv1alpha1.LsHealthCheckList{}
-	if err := c.hostClient.List(ctx, lsHealthCheckList, client.InNamespace(c.lsDeployments.DeploymentsNamespace)); err == nil {
+	if err := read_write_layer.ListHealthChecks(ctx, c.hostClient, lsHealthCheckList, read_write_layer.R000059,
+		client.InNamespace(c.lsDeployments.DeploymentsNamespace)); err == nil {
 		for _, item := range lsHealthCheckList.Items {
 			if item.Name != c.lsDeployments.LsHealthCheckName {
 				if err := c.hostClient.Delete(ctx, &item); err != nil {
@@ -81,7 +84,7 @@ func (c *HealthChecker) initializeHealthCheck(ctx context.Context) error {
 	}
 
 	lsHealthCheck := &lsv1alpha1.LsHealthCheck{}
-	if err := c.hostClient.Get(ctx, c.healthCheckKey(), lsHealthCheck); err != nil {
+	if err := read_write_layer.GetHealthCheck(ctx, c.hostClient, c.healthCheckKey(), lsHealthCheck, read_write_layer.R000053); err != nil {
 		if apierrors.IsNotFound(err) {
 			lsHealthCheck = &lsv1alpha1.LsHealthCheck{
 				ObjectMeta:     metav1.ObjectMeta{Name: c.lsDeployments.LsHealthCheckName, Namespace: c.lsDeployments.DeploymentsNamespace},
@@ -106,7 +109,7 @@ func (c *HealthChecker) ExecuteHealthCheck(ctx context.Context) {
 
 	// The healthcheck object was created during initialization.
 	lsHealthCheck := &lsv1alpha1.LsHealthCheck{}
-	if err := c.hostClient.Get(ctx, c.healthCheckKey(), lsHealthCheck); err != nil {
+	if err := read_write_layer.GetHealthCheck(ctx, c.hostClient, c.healthCheckKey(), lsHealthCheck, read_write_layer.R000054); err != nil {
 		log.Error(err, "lsHealthCheck object could not be accessed")
 		return
 	}
diff --git a/pkg/landscaper/controllers/installations/cleaner.go b/pkg/landscaper/controllers/installations/cleaner.go
index 5a60fa4ee..9aac81a00 100644
--- a/pkg/landscaper/controllers/installations/cleaner.go
+++ b/pkg/landscaper/controllers/installations/cleaner.go
@@ -28,7 +28,7 @@ func NewDataObjectAndTargetCleaner(installation *lsv1alpha1.Installation, cl cli
 // label (data.landscaper.gardener.cloud/source) indicating that they have been exported by the Installation.
 func (c *DataObjectAndTargetCleaner) CleanupExports(ctx context.Context) error {
 	doList := &lsv1alpha1.DataObjectList{}
-	if err := c.client.List(ctx, doList,
+	if err := read_write_layer.ListDataObjects(ctx, c.client, doList, read_write_layer.R000060,
 		client.InNamespace(c.installation.Namespace),
 		client.MatchingLabels{
 			lsv1alpha1.DataObjectSourceLabel:     lsv1alpha1helper.DataObjectSourceFromInstallation(c.installation),
@@ -42,7 +42,7 @@ func (c *DataObjectAndTargetCleaner) CleanupExports(ctx context.Context) error {
 	}
 
 	targetList := &lsv1alpha1.TargetList{}
-	if err := c.client.List(ctx, targetList,
+	if err := read_write_layer.ListTargets(ctx, c.client, targetList, read_write_layer.R000061,
 		client.InNamespace(c.installation.Namespace),
 		client.MatchingLabels{
 			lsv1alpha1.DataObjectSourceLabel:     lsv1alpha1helper.DataObjectSourceFromInstallation(c.installation),
@@ -61,7 +61,7 @@ func (c *DataObjectAndTargetCleaner) CleanupExports(ctx context.Context) error {
 // CleanupContext deletes all DataObjects and Targets in the context of the given Installation.
 func (c *DataObjectAndTargetCleaner) CleanupContext(ctx context.Context) error {
 	doList := &lsv1alpha1.DataObjectList{}
-	if err := c.client.List(ctx, doList,
+	if err := read_write_layer.ListDataObjects(ctx, c.client, doList, read_write_layer.R000062,
 		client.InNamespace(c.installation.Namespace),
 		client.MatchingLabels{
 			lsv1alpha1.DataObjectContextLabel: lsv1alpha1helper.DataObjectSourceFromInstallation(c.installation),
@@ -74,7 +74,7 @@ func (c *DataObjectAndTargetCleaner) CleanupContext(ctx context.Context) error {
 	}
 
 	targetList := &lsv1alpha1.TargetList{}
-	if err := c.client.List(ctx, targetList,
+	if err := read_write_layer.ListTargets(ctx, c.client, targetList, read_write_layer.R000063,
 		client.InNamespace(c.installation.Namespace),
 		client.MatchingLabels{
 			lsv1alpha1.DataObjectContextLabel: lsv1alpha1helper.DataObjectSourceFromInstallation(c.installation),
diff --git a/pkg/landscaper/controllers/installations/controller.go b/pkg/landscaper/controllers/installations/controller.go
index 49e5f1b47..0289b389f 100644
--- a/pkg/landscaper/controllers/installations/controller.go
+++ b/pkg/landscaper/controllers/installations/controller.go
@@ -144,7 +144,7 @@ func (c *Controller) Reconcile(ctx context.Context, req reconcile.Request) (reco
 	}
 
 	inst := &lsv1alpha1.Installation{}
-	if err := read_write_layer.GetInstallation(ctx, c.Client(), req.NamespacedName, inst); err != nil {
+	if err := read_write_layer.GetInstallation(ctx, c.Client(), req.NamespacedName, inst, read_write_layer.R000010); err != nil {
 		if apierrors.IsNotFound(err) {
 			logger.Info(err.Error())
 			return reconcile.Result{}, nil
@@ -407,7 +407,8 @@ func (c *Controller) setInstallationPhaseAndUpdate(ctx context.Context, inst *ls
 		if inst.Status.InstallationPhase == lsv1alpha1.InstallationPhases.Deleting {
 			// recheck if already deleted
 			instRecheck := &lsv1alpha1.Installation{}
-			errRecheck := read_write_layer.GetInstallation(ctx, c.Client(), kutil.ObjectKey(inst.Name, inst.Namespace), instRecheck)
+			errRecheck := read_write_layer.GetInstallation(ctx, c.Client(), kutil.ObjectKey(inst.Name, inst.Namespace),
+				instRecheck, read_write_layer.R000009)
 			if errRecheck != nil && apierrors.IsNotFound(errRecheck) {
 				return nil
 			}
diff --git a/pkg/landscaper/controllers/installations/reconcile.go b/pkg/landscaper/controllers/installations/reconcile.go
index 7ff057043..2d705b667 100644
--- a/pkg/landscaper/controllers/installations/reconcile.go
+++ b/pkg/landscaper/controllers/installations/reconcile.go
@@ -410,7 +410,7 @@ func (c *Controller) handlePhaseObjectsCreated(ctx context.Context, inst *lsv1al
 	if inst.Status.ExecutionReference != nil {
 		key := client.ObjectKey{Namespace: inst.Status.ExecutionReference.Namespace, Name: inst.Status.ExecutionReference.Name}
 		exec := &lsv1alpha1.Execution{}
-		if err := read_write_layer.GetExecution(ctx, c.Client(), key, exec); err != nil {
+		if err := read_write_layer.GetExecution(ctx, c.Client(), key, exec, read_write_layer.R000020); err != nil {
 			return lserrors.NewWrappedError(err, currentOperation, "GetExecution", err.Error())
 		}
 
@@ -450,7 +450,7 @@ func (c *Controller) handlePhaseProgressing(ctx context.Context, inst *lsv1alpha
 	if inst.Status.ExecutionReference != nil {
 		key := client.ObjectKey{Namespace: inst.Status.ExecutionReference.Namespace, Name: inst.Status.ExecutionReference.Name}
 		exec := &lsv1alpha1.Execution{}
-		if err := read_write_layer.GetExecution(ctx, c.Client(), key, exec); err != nil {
+		if err := read_write_layer.GetExecution(ctx, c.Client(), key, exec, read_write_layer.R000024); err != nil {
 			return false, lserrors.NewWrappedError(err, currentOperation, "GetExecution", err.Error())
 		}
 
diff --git a/pkg/landscaper/controllers/targetsync/targetsync_controller.go b/pkg/landscaper/controllers/targetsync/targetsync_controller.go
index 6fa374c92..f946f0adc 100644
--- a/pkg/landscaper/controllers/targetsync/targetsync_controller.go
+++ b/pkg/landscaper/controllers/targetsync/targetsync_controller.go
@@ -10,6 +10,8 @@ import (
 	"fmt"
 	"time"
 
+	"github.com/gardener/landscaper/pkg/utils/read_write_layer"
+
 	"github.com/gardener/landscaper/pkg/utils"
 
 	"github.com/go-logr/logr"
@@ -251,7 +253,8 @@ func (c *TargetSyncController) handleSecretsAndShoots(ctx context.Context, targe
 		}
 
 		secrets := &corev1.SecretList{}
-		if err = sourceClient.List(ctx, secrets, client.InNamespace(targetSync.Spec.SourceNamespace)); err != nil {
+		if err = read_write_layer.ListSecrets(ctx, sourceClient, secrets, read_write_layer.R000064,
+			client.InNamespace(targetSync.Spec.SourceNamespace)); err != nil {
 			logger.Error(err, "fetching secret list for targetsync object failed")
 			errors = append(errors, err)
 			return errors
@@ -514,7 +517,8 @@ func (c *TargetSyncController) removeTargetsAndSecrets(ctx context.Context, targ
 	logger, ctx := logging.FromContextOrNew(ctx, nil)
 
 	secrets := &corev1.SecretList{}
-	if err := c.targetClient.List(ctx, secrets, client.InNamespace(targetSync.Namespace),
+	if err := read_write_layer.ListSecrets(ctx, c.targetClient, secrets, read_write_layer.R000065,
+		client.InNamespace(targetSync.Namespace),
 		client.MatchingLabels{labelKeyTargetSync: labelValueOk}); err != nil {
 		logger.Error(err, "listing secrets for deleting targetsync object failed")
 		return err
@@ -532,7 +536,8 @@ func (c *TargetSyncController) removeTargetsAndSecrets(ctx context.Context, targ
 	}
 
 	targets := &lsv1alpha1.TargetList{}
-	if err := c.targetClient.List(ctx, targets, client.InNamespace(targetSync.Namespace),
+	if err := read_write_layer.ListTargets(ctx, c.targetClient, targets, read_write_layer.R000066,
+		client.InNamespace(targetSync.Namespace),
 		client.MatchingLabels{labelKeyTargetSync: labelValueOk}); err != nil {
 		logger.Error(err, "listing targets for deleting targetsync object failed")
 		return err
@@ -554,7 +559,8 @@ func (c *TargetSyncController) fetchTargetSyncs(ctx context.Context, targetSync
 	logger, ctx := logging.FromContextOrNew(ctx, nil)
 
 	targetSyncs := &lsv1alpha1.TargetSyncList{}
-	if err := c.targetClient.List(ctx, targetSyncs, client.InNamespace(targetSync.Namespace)); err != nil {
+	if err := read_write_layer.ListTargetSyncs(ctx, c.targetClient, targetSyncs, read_write_layer.R000067,
+		client.InNamespace(targetSync.Namespace)); err != nil {
 		logger.Error(err, "targetsync failed: could not fetch targetsync list")
 		return nil, err
 	}
@@ -566,7 +572,8 @@ func (c *TargetSyncController) fetchOldTargets(ctx context.Context, targetSync *
 	logger, ctx := logging.FromContextOrNew(ctx, nil)
 
 	targets := &lsv1alpha1.TargetList{}
-	if err := c.targetClient.List(ctx, targets, client.InNamespace(targetSync.Namespace), client.MatchingLabels{labelKeyTargetSync: labelValueOk}); err != nil {
+	if err := read_write_layer.ListTargets(ctx, c.targetClient, targets, read_write_layer.R000068,
+		client.InNamespace(targetSync.Namespace), client.MatchingLabels{labelKeyTargetSync: labelValueOk}); err != nil {
 		logger.Error(err, "targetsync failed: old targets could not be fetched")
 		return nil, err
 	}
diff --git a/pkg/landscaper/execution/execution.go b/pkg/landscaper/execution/execution.go
index a46f4377e..7270dea40 100644
--- a/pkg/landscaper/execution/execution.go
+++ b/pkg/landscaper/execution/execution.go
@@ -180,7 +180,7 @@ func (o *Operation) triggerDeployItem(ctx context.Context, di *lsv1alpha1.Deploy
 
 	key := kutil.ObjectKeyFromObject(di)
 	di = &lsv1alpha1.DeployItem{}
-	if err := read_write_layer.GetDeployItem(ctx, o.Client(), key, di); err != nil {
+	if err := read_write_layer.GetDeployItem(ctx, o.Client(), key, di, read_write_layer.R000034); err != nil {
 		return lserrors.NewWrappedError(err, op, "GetDeployItem", err.Error())
 	}
 
@@ -211,7 +211,8 @@ func (o *Operation) skipUninstall(ctx context.Context, di *lsv1alpha1.DeployItem
 	}
 
 	targetSyncs := &lsv1alpha1.TargetSyncList{}
-	if err := o.Client().List(ctx, targetSyncs, client.InNamespace(di.GetNamespace())); err != nil {
+	if err := read_write_layer.ListTargetSyncs(ctx, o.Client(), targetSyncs, read_write_layer.R000069,
+		client.InNamespace(di.GetNamespace())); err != nil {
 		msg := fmt.Sprintf("unable to retrieve targetsync object for namespace%s", di.GetNamespace())
 		return false, lserrors.NewWrappedError(err, op, msg, err.Error())
 	}
@@ -240,7 +241,7 @@ func (o *Operation) removeFinalizerFromDeployItem(ctx context.Context, di *lsv1a
 
 	key := kutil.ObjectKeyFromObject(di)
 	di = &lsv1alpha1.DeployItem{}
-	if err := read_write_layer.GetDeployItem(ctx, o.Client(), key, di); err != nil {
+	if err := read_write_layer.GetDeployItem(ctx, o.Client(), key, di, read_write_layer.R000031); err != nil {
 		return lserrors.NewWrappedError(err, op, "GetDeployItem", err.Error())
 	}
 
diff --git a/pkg/landscaper/execution/helper.go b/pkg/landscaper/execution/helper.go
index f6009cbad..07bd303b3 100644
--- a/pkg/landscaper/execution/helper.go
+++ b/pkg/landscaper/execution/helper.go
@@ -55,8 +55,9 @@ func getDeployItemIndexByManagedName(items []lsv1alpha1.DeployItem, name string)
 func (o *Operation) ListManagedDeployItems(ctx context.Context) ([]lsv1alpha1.DeployItem, error) {
 	deployItemList := &lsv1alpha1.DeployItemList{}
 	// todo: maybe use name and namespace
-	if err := read_write_layer.ListDeployItems(ctx, o.Client(), deployItemList,
-		client.MatchingLabels{lsv1alpha1.ExecutionManagedByLabel: o.exec.Name}, client.InNamespace(o.exec.Namespace)); err != nil {
+	if err := read_write_layer.ListDeployItems(ctx, o.Client(), deployItemList, read_write_layer.R000037,
+		client.MatchingLabels{lsv1alpha1.ExecutionManagedByLabel: o.exec.Name},
+		client.InNamespace(o.exec.Namespace)); err != nil {
 		return nil, err
 	}
 	return deployItemList.Items, nil
diff --git a/pkg/landscaper/installations/context.go b/pkg/landscaper/installations/context.go
index 6588cd48e..811f9439c 100644
--- a/pkg/landscaper/installations/context.go
+++ b/pkg/landscaper/installations/context.go
@@ -181,7 +181,8 @@ func GetParent(ctx context.Context, kubeClient client.Client, inst *lsv1alpha1.I
 	// get the parent by owner reference
 	parentName := GetParentInstallationName(inst)
 	parent := &lsv1alpha1.Installation{}
-	if err := read_write_layer.GetInstallation(ctx, kubeClient, client.ObjectKey{Name: parentName, Namespace: inst.Namespace}, parent); err != nil {
+	if err := read_write_layer.GetInstallation(ctx, kubeClient, client.ObjectKey{Name: parentName, Namespace: inst.Namespace},
+		parent, read_write_layer.R000003); err != nil {
 		return nil, err
 	}
 	return parent, nil
diff --git a/pkg/landscaper/installations/executions/complete.go b/pkg/landscaper/installations/executions/complete.go
index df4aca6c6..99e6a25df 100644
--- a/pkg/landscaper/installations/executions/complete.go
+++ b/pkg/landscaper/installations/executions/complete.go
@@ -21,7 +21,8 @@ import (
 // GetExportedValues returns the exported values of the execution
 func (o *ExecutionOperation) GetExportedValues(ctx context.Context, inst *installations.InstallationImportsAndBlueprint) (*dataobjects.DataObject, error) {
 	exec := &lsv1alpha1.Execution{}
-	if err := read_write_layer.GetExecution(ctx, o.Client(), kutil.ObjectKey(inst.GetInstallation().Name, inst.GetInstallation().Namespace), exec); err != nil {
+	if err := read_write_layer.GetExecution(ctx, o.Client(), kutil.ObjectKey(inst.GetInstallation().Name, inst.GetInstallation().Namespace),
+		exec, read_write_layer.R000022); err != nil {
 		if apierrors.IsNotFound(err) {
 			return nil, nil
 		}
diff --git a/pkg/landscaper/installations/executions/operation.go b/pkg/landscaper/installations/executions/operation.go
index 84e233627..e6104f950 100644
--- a/pkg/landscaper/installations/executions/operation.go
+++ b/pkg/landscaper/installations/executions/operation.go
@@ -205,7 +205,8 @@ func (o *ExecutionOperation) Ensure(ctx context.Context, inst *installations.Ins
 // The execution can be nil if no execution has been found.
 func GetExecutionForInstallation(ctx context.Context, kubeClient client.Client, inst *lsv1alpha1.Installation) (*lsv1alpha1.Execution, error) {
 	exec := &lsv1alpha1.Execution{}
-	if err := read_write_layer.GetExecution(ctx, kubeClient, kutil.ObjectKeyFromObject(inst), exec); err != nil {
+	if err := read_write_layer.GetExecution(ctx, kubeClient, kutil.ObjectKeyFromObject(inst), exec,
+		read_write_layer.R000025); err != nil {
 		if apierrors.IsNotFound(err) {
 			return nil, nil
 		}
diff --git a/pkg/landscaper/installations/exports/constructor.go b/pkg/landscaper/installations/exports/constructor.go
index b9f1e986d..b74499ceb 100644
--- a/pkg/landscaper/installations/exports/constructor.go
+++ b/pkg/landscaper/installations/exports/constructor.go
@@ -16,6 +16,8 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/yaml"
 
+	"github.com/gardener/landscaper/pkg/utils/read_write_layer"
+
 	lsv1alpha1 "github.com/gardener/landscaper/apis/core/v1alpha1"
 	lsv1alpha1helper "github.com/gardener/landscaper/apis/core/v1alpha1/helper"
 	genericresolver "github.com/gardener/landscaper/controller-utils/pkg/landscaper/targetresolver/generic"
@@ -180,7 +182,9 @@ func (c *Constructor) Construct(ctx context.Context) ([]*dataobjects.DataObject,
 func (c *Constructor) aggregateDataObjectsInContext(ctx context.Context) (map[string]interface{}, error) {
 	installationContext := lsv1alpha1helper.DataObjectSourceFromInstallation(c.Inst.GetInstallation())
 	dataObjectList := &lsv1alpha1.DataObjectList{}
-	if err := c.Client().List(ctx, dataObjectList, client.InNamespace(c.Inst.GetInstallation().Namespace), client.MatchingLabels{lsv1alpha1.DataObjectContextLabel: installationContext}); err != nil {
+	if err := read_write_layer.ListDataObjects(ctx, c.Client(), dataObjectList, read_write_layer.R000070,
+		client.InNamespace(c.Inst.GetInstallation().Namespace),
+		client.MatchingLabels{lsv1alpha1.DataObjectContextLabel: installationContext}); err != nil {
 		return nil, err
 	}
 
@@ -199,7 +203,9 @@ func (c *Constructor) aggregateDataObjectsInContext(ctx context.Context) (map[st
 func (c *Constructor) aggregateTargetsInContext(ctx context.Context) (map[string]interface{}, error) {
 	installationContext := lsv1alpha1helper.DataObjectSourceFromInstallation(c.Inst.GetInstallation())
 	targetList := &lsv1alpha1.TargetList{}
-	if err := c.Client().List(ctx, targetList, client.InNamespace(c.Inst.GetInstallation().Namespace), client.MatchingLabels{lsv1alpha1.DataObjectContextLabel: installationContext}); err != nil {
+	if err := read_write_layer.ListTargets(ctx, c.Client(), targetList, read_write_layer.R000071,
+		client.InNamespace(c.Inst.GetInstallation().Namespace),
+		client.MatchingLabels{lsv1alpha1.DataObjectContextLabel: installationContext}); err != nil {
 		return nil, err
 	}
 
diff --git a/pkg/landscaper/installations/helper.go b/pkg/landscaper/installations/helper.go
index e55fd37b3..9af5f18cb 100644
--- a/pkg/landscaper/installations/helper.go
+++ b/pkg/landscaper/installations/helper.go
@@ -17,6 +17,8 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/client/apiutil"
 
+	"github.com/gardener/landscaper/pkg/utils/read_write_layer"
+
 	lsv1alpha1 "github.com/gardener/landscaper/apis/core/v1alpha1"
 	lsv1alpha1helper "github.com/gardener/landscaper/apis/core/v1alpha1/helper"
 	"github.com/gardener/landscaper/controller-utils/pkg/kubernetes"
@@ -298,7 +300,9 @@ func GetTargetListImportBySelector(
 		}
 		contextSelector = contextSelector.Add(*r)
 	}
-	if err := kubeClient.List(ctx, targets, client.InNamespace(inst.Namespace), &client.ListOptions{LabelSelector: contextSelector}); err != nil {
+
+	if err := read_write_layer.ListTargets(ctx, kubeClient, targets, read_write_layer.R000072,
+		client.InNamespace(inst.Namespace), &client.ListOptions{LabelSelector: contextSelector}); err != nil {
 		return nil, err
 	}
 	targetExtensionList := dataobjects.NewTargetExtensionList(targets.Items, &targetImport)
diff --git a/pkg/landscaper/installations/operation.go b/pkg/landscaper/installations/operation.go
index 9f90d70af..40722f4ac 100644
--- a/pkg/landscaper/installations/operation.go
+++ b/pkg/landscaper/installations/operation.go
@@ -133,7 +133,8 @@ func ListSubinstallations(ctx context.Context, kubeClient client.Client, inst *l
 
 	// the controller-runtime cache does currently not support field selectors (except a simple equal matcher).
 	// Therefore, we have to use our own filtering.
-	err := read_write_layer.ListInstallations(ctx, kubeClient, installationList, client.InNamespace(inst.Namespace),
+	err := read_write_layer.ListInstallations(ctx, kubeClient, installationList, read_write_layer.R000018,
+		client.InNamespace(inst.Namespace),
 		client.MatchingLabels{
 			lsv1alpha1.EncompassedByLabel: inst.Name,
 		})
@@ -199,7 +200,7 @@ func (o *Operation) GetImportedDataObjects(ctx context.Context) (map[string]*dat
 				Namespace: o.Inst.GetInstallation().Namespace,
 			}
 			inst := &lsv1alpha1.Installation{}
-			if err := read_write_layer.GetInstallation(ctx, o.Client(), sourceRef.NamespacedName(), inst); err != nil {
+			if err := read_write_layer.GetInstallation(ctx, o.Client(), sourceRef.NamespacedName(), inst, read_write_layer.R000008); err != nil {
 				return nil, fmt.Errorf("unable to get source installation '%s' for import '%s': %w",
 					sourceRef.NamespacedName().String(), def.Name, err)
 			}
@@ -254,7 +255,8 @@ func (o *Operation) GetImportedTargets(ctx context.Context) (map[string]*dataobj
 				Namespace: o.Inst.GetInstallation().Namespace,
 			}
 			inst := &lsv1alpha1.Installation{}
-			if err := read_write_layer.GetInstallation(ctx, o.Client(), sourceRef.NamespacedName(), inst); err != nil {
+			if err := read_write_layer.GetInstallation(ctx, o.Client(), sourceRef.NamespacedName(), inst,
+				read_write_layer.R000004); err != nil {
 				return nil, fmt.Errorf("unable to get source installation '%s' for import '%s': %w",
 					sourceRef.NamespacedName().String(), def.Name, err)
 			}
@@ -313,7 +315,7 @@ func (o *Operation) GetImportedTargetLists(ctx context.Context) (map[string]*dat
 					Namespace: o.Inst.GetInstallation().Namespace,
 				}
 				inst := &lsv1alpha1.Installation{}
-				if err := read_write_layer.GetInstallation(ctx, o.Client(), sourceRef.NamespacedName(), inst); err != nil {
+				if err := read_write_layer.GetInstallation(ctx, o.Client(), sourceRef.NamespacedName(), inst, read_write_layer.R000011); err != nil {
 					return nil, fmt.Errorf("unable to get source installation '%s' for import '%s': %w",
 						sourceRef.NamespacedName().String(), def.Name, err)
 				}
@@ -356,7 +358,7 @@ func GetRootInstallations(ctx context.Context, kubeClient client.Client, filter
 	opts = append(opts, client.MatchingLabelsSelector{Selector: labels.NewSelector().Add(*r)})
 
 	installationList := &lsv1alpha1.InstallationList{}
-	if err := read_write_layer.ListInstallations(ctx, kubeClient, installationList, opts...); err != nil {
+	if err := read_write_layer.ListInstallations(ctx, kubeClient, installationList, read_write_layer.R000016, opts...); err != nil {
 		return nil, err
 	}
 
diff --git a/pkg/landscaper/installations/trigger.go b/pkg/landscaper/installations/trigger.go
index bbc66a420..64aa77dc0 100644
--- a/pkg/landscaper/installations/trigger.go
+++ b/pkg/landscaper/installations/trigger.go
@@ -98,7 +98,7 @@ func (t *InstallationTrigger) getDependent(ctx context.Context, dependent lsv1al
 		Namespace: t.inst.GetNamespace(),
 		Name:      dependent.Name,
 	}
-	if err := read_write_layer.GetInstallation(ctx, t.client, dependentKey, dependentInst); err != nil {
+	if err := read_write_layer.GetInstallation(ctx, t.client, dependentKey, dependentInst, read_write_layer.R000014); err != nil {
 		return nil, err
 	}
 	return dependentInst, nil
diff --git a/pkg/utils/clusters/source_client_provider.go b/pkg/utils/clusters/source_client_provider.go
index e4b00db9e..a90de2923 100644
--- a/pkg/utils/clusters/source_client_provider.go
+++ b/pkg/utils/clusters/source_client_provider.go
@@ -14,6 +14,8 @@ import (
 	"k8s.io/client-go/tools/clientcmd"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 
+	"github.com/gardener/landscaper/pkg/utils/read_write_layer"
+
 	lsv1alpha1 "github.com/gardener/landscaper/apis/core/v1alpha1"
 )
 
@@ -100,7 +102,7 @@ func (p *DefaultSourceClientProvider) resolveSecretRef(ctx context.Context, targ
 		Name:      secretRef.Name,
 	}
 
-	if err := targetClient.Get(ctx, secretKey, secret); err != nil {
+	if err := read_write_layer.GetSecret(ctx, targetClient, secretKey, secret, read_write_layer.R000055); err != nil {
 		return nil, err
 	}
 
diff --git a/pkg/utils/landscaper/landscaper.go b/pkg/utils/landscaper/landscaper.go
index 02fcf6d1a..14bfd9a6e 100644
--- a/pkg/utils/landscaper/landscaper.go
+++ b/pkg/utils/landscaper/landscaper.go
@@ -61,7 +61,8 @@ func WaitForInstallationToBeDeleted(
 
 	pollErr := wait.PollUntilContextTimeout(ctx, 1*time.Second, timeout, true, func(ctx context.Context) (done bool, err error) {
 		updated := &lsv1alpha1.Installation{}
-		getErr := read_write_layer.GetInstallation(ctx, kubeClient, kutil.ObjectKey(inst.Name, inst.Namespace), updated)
+		getErr := read_write_layer.GetInstallation(ctx, kubeClient, kutil.ObjectKey(inst.Name, inst.Namespace),
+			updated, read_write_layer.R000012)
 		return getErr != nil && apierrors.IsNotFound(getErr), nil
 	})
 
@@ -84,7 +85,8 @@ func WaitForInstallationToHaveCondition(
 
 	return wait.PollUntilContextTimeout(ctx, 1*time.Second, timeout, true, func(ctx context.Context) (bool, error) {
 		updated := &lsv1alpha1.Installation{}
-		if err := read_write_layer.GetInstallation(ctx, kubeClient, kutil.ObjectKey(inst.Name, inst.Namespace), updated); err != nil {
+		if err := read_write_layer.GetInstallation(ctx, kubeClient, kutil.ObjectKey(inst.Name, inst.Namespace), updated,
+			read_write_layer.R000015); err != nil {
 			return false, err
 		}
 		*inst = *updated
@@ -102,7 +104,8 @@ func WaitForDeployItemToFinish(
 
 	err := wait.PollUntilContextTimeout(ctx, 5*time.Second, timeout, false, func(ctx context.Context) (bool, error) {
 		updated := &lsv1alpha1.DeployItem{}
-		if err := read_write_layer.GetDeployItem(ctx, kubeClient, kutil.ObjectKey(deployItem.Name, deployItem.Namespace), updated); err != nil {
+		if err := read_write_layer.GetDeployItem(ctx, kubeClient, kutil.ObjectKey(deployItem.Name, deployItem.Namespace),
+			updated, read_write_layer.R000029); err != nil {
 			return false, err
 		}
 		*deployItem = *updated
@@ -127,14 +130,16 @@ func GetDeployItemsOfInstallation(ctx context.Context, kubeClient client.Client,
 		return nil, errors.New("no execution reference defined for the installation")
 	}
 	exec := &lsv1alpha1.Execution{}
-	if err := read_write_layer.GetExecution(ctx, kubeClient, inst.Status.ExecutionReference.NamespacedName(), exec); err != nil {
+	if err := read_write_layer.GetExecution(ctx, kubeClient, inst.Status.ExecutionReference.NamespacedName(), exec,
+		read_write_layer.R000023); err != nil {
 		return nil, err
 	}
 
 	items := make([]*lsv1alpha1.DeployItem, 0)
 	for _, ref := range exec.Status.DeployItemReferences {
 		item := &lsv1alpha1.DeployItem{}
-		if err := read_write_layer.GetDeployItem(ctx, kubeClient, ref.Reference.NamespacedName(), item); err != nil {
+		if err := read_write_layer.GetDeployItem(ctx, kubeClient, ref.Reference.NamespacedName(),
+			item, read_write_layer.R000033); err != nil {
 			return nil, fmt.Errorf("unable to find deploy item %q: %w", ref.Name, err)
 		}
 		items = append(items, item)
@@ -151,7 +156,7 @@ func GetSubInstallationsOfInstallation(ctx context.Context, kubeClient client.Cl
 
 	for _, ref := range inst.Status.InstallationReferences {
 		inst := &lsv1alpha1.Installation{}
-		if err := read_write_layer.GetInstallation(ctx, kubeClient, ref.Reference.NamespacedName(), inst); err != nil {
+		if err := read_write_layer.GetInstallation(ctx, kubeClient, ref.Reference.NamespacedName(), inst, read_write_layer.R000006); err != nil {
 			return nil, fmt.Errorf("unable to find installation %q: %w", ref.Name, err)
 		}
 		list = append(list, inst)
@@ -165,7 +170,7 @@ func GetDeployItemExport(ctx context.Context, kubeClient client.Client, di *lsv1
 		return nil, errors.New("no export defined")
 	}
 	secret := &corev1.Secret{}
-	if err := kubeClient.Get(ctx, di.Status.ExportReference.NamespacedName(), secret); err != nil {
+	if err := read_write_layer.GetSecret(ctx, kubeClient, di.Status.ExportReference.NamespacedName(), secret, read_write_layer.R000056); err != nil {
 		return nil, fmt.Errorf("unable to get export from %q: %w", di.Status.ExportReference.NamespacedName(), err)
 	}
 
diff --git a/pkg/utils/lock/lock_cleaner.go b/pkg/utils/lock/lock_cleaner.go
index 4f70cf84f..41954e80f 100644
--- a/pkg/utils/lock/lock_cleaner.go
+++ b/pkg/utils/lock/lock_cleaner.go
@@ -55,14 +55,14 @@ func (l *LockCleaner) cleanupSyncObjects(ctx context.Context) {
 	log.Info("locker: starting syncobject cleanup")
 
 	namespaces := &v1.NamespaceList{}
-	if err := l.lsReadClient.List(ctx, namespaces); err != nil {
+	if err := read_write_layer.ListNamespaces(ctx, l.lsReadClient, namespaces, read_write_layer.R000073); err != nil {
 		log.Error(err, "locker: failed to list namespaces")
 		return
 	}
 
 	for _, namespace := range namespaces.Items {
 		syncObjects := &lsv1alpha1.SyncObjectList{}
-		if err := read_write_layer.ListSyncObjects(ctx, l.lsReadClient, syncObjects, client.InNamespace(namespace.Name)); err != nil {
+		if err := read_write_layer.ListSyncObjects(ctx, l.lsReadClient, syncObjects, read_write_layer.R000002, client.InNamespace(namespace.Name)); err != nil {
 			log.Error(err, "locker: failed to list syncobjects in namespace", keyNamespace, namespace.Name)
 			continue
 		}
@@ -117,7 +117,7 @@ func (l *LockCleaner) existsResource(ctx context.Context, syncObject *lsv1alpha1
 		Name:      syncObject.Spec.Name,
 	}
 
-	if err := l.lsReadClient.Get(ctx, resourceKey, resource); err != nil {
+	if err := read_write_layer.GetMetaData(ctx, l.lsReadClient, resourceKey, resource, read_write_layer.R000057); err != nil {
 		if apierrors.IsNotFound(err) {
 			return false, nil
 		}
diff --git a/pkg/utils/lock/locker.go b/pkg/utils/lock/locker.go
index 77daf3b64..501871a97 100644
--- a/pkg/utils/lock/locker.go
+++ b/pkg/utils/lock/locker.go
@@ -188,7 +188,7 @@ func (l *Locker) getSyncObject(ctx context.Context, namespace, name string) (*ls
 		Name:      name,
 	}
 	syncObject := &lsv1alpha1.SyncObject{}
-	if err := read_write_layer.GetSyncObject(ctx, l.lsReadClient, syncObjectKey, syncObject); err != nil {
+	if err := read_write_layer.GetSyncObject(ctx, l.lsReadClient, syncObjectKey, syncObject, read_write_layer.R000001); err != nil {
 		if apierrors.IsNotFound(err) {
 			return nil, nil
 		}
@@ -216,7 +216,7 @@ func (l *Locker) existsPod(ctx context.Context, podName string) (bool, error) {
 		Name:      podName,
 	}
 	pod := &v1.Pod{}
-	if err := l.hostClient.Get(ctx, podKey, pod); err != nil {
+	if err := read_write_layer.GetPod(ctx, l.hostClient, podKey, pod, read_write_layer.R000058); err != nil {
 		if apierrors.IsNotFound(err) {
 			return false, nil
 		}
diff --git a/pkg/utils/read_write_layer/consts.go b/pkg/utils/read_write_layer/consts.go
index ad9c12444..69bebaaa5 100644
--- a/pkg/utils/read_write_layer/consts.go
+++ b/pkg/utils/read_write_layer/consts.go
@@ -155,6 +155,92 @@ const (
 	W000149 WriteID = "w000149"
 )
 
+type ReadID string
+
+const (
+	// Constants to identify different read operations. Every constant must be used only once.
+	R000001 ReadID = "r000001"
+	R000002 ReadID = "r000002"
+	R000003 ReadID = "r000003"
+	R000004 ReadID = "r000004"
+	R000005 ReadID = "r000005"
+	R000006 ReadID = "r000006"
+	R000007 ReadID = "r000007"
+	R000008 ReadID = "r000008"
+	R000009 ReadID = "r000009"
+	R000010 ReadID = "r000010"
+	R000011 ReadID = "r000011"
+	R000012 ReadID = "r000012"
+	R000013 ReadID = "r000013"
+	R000014 ReadID = "r000014"
+	R000015 ReadID = "r000015"
+	R000016 ReadID = "r000016"
+	R000017 ReadID = "r000017"
+	R000018 ReadID = "r000018"
+	R000019 ReadID = "r000019"
+	R000020 ReadID = "r000020"
+	R000021 ReadID = "r000021"
+	R000022 ReadID = "r000022"
+	R000023 ReadID = "r000023"
+	R000024 ReadID = "r000024"
+	R000025 ReadID = "r000025"
+	R000026 ReadID = "r000026"
+	R000027 ReadID = "r000027"
+	R000028 ReadID = "r000028"
+	R000029 ReadID = "r000029"
+	R000030 ReadID = "r000030"
+	R000031 ReadID = "r000031"
+	R000032 ReadID = "r000032"
+	R000033 ReadID = "r000033"
+	R000034 ReadID = "r000034"
+	R000035 ReadID = "r000035"
+	R000036 ReadID = "r000036"
+	R000037 ReadID = "r000037"
+	R000038 ReadID = "r000038"
+	R000039 ReadID = "r000039"
+	R000040 ReadID = "r000040"
+	R000041 ReadID = "r000041"
+	R000042 ReadID = "r000042"
+	R000043 ReadID = "r000043"
+	R000044 ReadID = "r000044"
+	R000045 ReadID = "r000045"
+	R000046 ReadID = "r000046"
+	R000047 ReadID = "r000047"
+	R000048 ReadID = "r000048"
+	R000049 ReadID = "r000049"
+	R000050 ReadID = "r000050"
+	R000051 ReadID = "r000051"
+	R000052 ReadID = "r000052"
+	R000053 ReadID = "r000053"
+	R000054 ReadID = "r000054"
+	R000055 ReadID = "r000055"
+	R000056 ReadID = "r000056"
+	R000057 ReadID = "r000057"
+	R000058 ReadID = "r000058"
+	R000059 ReadID = "r000059"
+	R000060 ReadID = "r000060"
+	R000061 ReadID = "r000061"
+	R000062 ReadID = "r000062"
+	R000063 ReadID = "r000063"
+	R000064 ReadID = "r000064"
+	R000065 ReadID = "r000065"
+	R000066 ReadID = "r000066"
+	R000067 ReadID = "r000067"
+	R000068 ReadID = "r000068"
+	R000069 ReadID = "r000069"
+	R000070 ReadID = "r000070"
+	R000071 ReadID = "r000071"
+	R000072 ReadID = "r000072"
+	R000073 ReadID = "r000073"
+	R000074 ReadID = "r000074"
+	R000075 ReadID = "r000075"
+	R000076 ReadID = "r000076"
+	R000077 ReadID = "r000077"
+	R000078 ReadID = "r000078"
+	R000079 ReadID = "r000079"
+	R000080 ReadID = "r000080"
+)
+
 const (
 	opContextCreateOrUpdate = "history: context create or update"
 	opDOCreateOrUpdate      = "history: dataobject create or update"
diff --git a/pkg/utils/read_write_layer/read.go b/pkg/utils/read_write_layer/read.go
index 895e6896d..09b081c6a 100644
--- a/pkg/utils/read_write_layer/read.go
+++ b/pkg/utils/read_write_layer/read.go
@@ -4,6 +4,12 @@ import (
 	"context"
 	"fmt"
 
+	lc "github.com/gardener/landscaper/controller-utils/pkg/logging/constants"
+
+	v1 "k8s.io/api/core/v1"
+	v12 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
+
 	"github.com/gardener/landscaper/controller-utils/pkg/logging"
 
 	"sigs.k8s.io/controller-runtime/pkg/client"
@@ -14,52 +20,148 @@ import (
 // read methods get, list
 
 // read methods for sync objects
-func GetSyncObject(ctx context.Context, c client.Reader, key client.ObjectKey, syncObject *lsv1alpha1.SyncObject) error {
-	return get(ctx, c, key, syncObject)
+func GetSyncObject(ctx context.Context, c client.Reader, key client.ObjectKey, syncObject *lsv1alpha1.SyncObject, readID ReadID) error {
+	return get(ctx, c, key, syncObject, readID, "syncObject")
 }
 
-func ListSyncObjects(ctx context.Context, c client.Reader, syncObjects *lsv1alpha1.SyncObjectList, opts ...client.ListOption) error {
-	return list(ctx, c, syncObjects, opts...)
+func ListSyncObjects(ctx context.Context, c client.Reader, syncObjects *lsv1alpha1.SyncObjectList, readID ReadID, opts ...client.ListOption) error {
+	return list(ctx, c, syncObjects, readID, "syncObjects", opts...)
 }
 
 // read methods for installations
-func GetInstallation(ctx context.Context, c client.Reader, key client.ObjectKey, installation *lsv1alpha1.Installation) error {
-	return get(ctx, c, key, installation)
+func GetInstallation(ctx context.Context, c client.Reader, key client.ObjectKey, installation *lsv1alpha1.Installation, readID ReadID) error {
+	return get(ctx, c, key, installation, readID, "installation")
 }
 
-func ListInstallations(ctx context.Context, c client.Reader, installations *lsv1alpha1.InstallationList, opts ...client.ListOption) error {
-	return list(ctx, c, installations, opts...)
+func ListInstallations(ctx context.Context, c client.Reader, installations *lsv1alpha1.InstallationList, readID ReadID, opts ...client.ListOption) error {
+	return list(ctx, c, installations, readID, "installations", opts...)
 }
 
 // read methods for executions
-func GetExecution(ctx context.Context, c client.Reader, key client.ObjectKey, execution *lsv1alpha1.Execution) error {
-	return get(ctx, c, key, execution)
+func GetExecution(ctx context.Context, c client.Reader, key client.ObjectKey, execution *lsv1alpha1.Execution, readID ReadID) error {
+	return get(ctx, c, key, execution, readID, "execution")
+}
+
+// read methods for deploy items
+func GetDeployItem(ctx context.Context, c client.Reader, key client.ObjectKey, deployItem *lsv1alpha1.DeployItem, readID ReadID) error {
+	return get(ctx, c, key, deployItem, readID, "deployItem")
 }
 
-func ListExecutions(ctx context.Context, c client.Reader, executions *lsv1alpha1.ExecutionList, opts ...client.ListOption) error {
-	return list(ctx, c, executions, opts...)
+func ListDeployItems(ctx context.Context, c client.Reader, deployItems *lsv1alpha1.DeployItemList, readID ReadID, opts ...client.ListOption) error {
+	return list(ctx, c, deployItems, readID, "deployItems", opts...)
 }
 
-// read methods for deploy items
-func GetDeployItem(ctx context.Context, c client.Reader, key client.ObjectKey, deployItem *lsv1alpha1.DeployItem) error {
-	return get(ctx, c, key, deployItem)
+// read methods for target
+
+func GetTarget(ctx context.Context, c client.Reader, key client.ObjectKey, target *lsv1alpha1.Target, readID ReadID) error {
+	return get(ctx, c, key, target, readID, "target")
+}
+
+func ListTargets(ctx context.Context, c client.Reader, targets *lsv1alpha1.TargetList, readID ReadID, opts ...client.ListOption) error {
+	return list(ctx, c, targets, readID, "targets", opts...)
+}
+
+// read methods for data objects
+
+func ListDataObjects(ctx context.Context, c client.Reader, dataObjects *lsv1alpha1.DataObjectList, readID ReadID, opts ...client.ListOption) error {
+	return list(ctx, c, dataObjects, readID, "dataObjects", opts...)
+}
+
+// read methods for targetsync
+
+func ListTargetSyncs(ctx context.Context, c client.Reader, targetSyncs *lsv1alpha1.TargetSyncList, readID ReadID, opts ...client.ListOption) error {
+	return list(ctx, c, targetSyncs, readID, "targetSyncs", opts...)
+}
+
+// read methods for secret
+
+func GetSecret(ctx context.Context, c client.Reader, key client.ObjectKey, secret *v1.Secret, readID ReadID) error {
+	return get(ctx, c, key, secret, readID, "secret")
+}
+
+func ListSecrets(ctx context.Context, c client.Reader, secrets *v1.SecretList, readID ReadID, opts ...client.ListOption) error {
+	return list(ctx, c, secrets, readID, "secrets", opts...)
+}
+
+// read methods for health checks
+
+func GetHealthCheck(ctx context.Context, c client.Reader, key client.ObjectKey, health *lsv1alpha1.LsHealthCheck, readID ReadID) error {
+	return get(ctx, c, key, health, readID, "healthCheck")
 }
 
-func ListDeployItems(ctx context.Context, c client.Reader, deployItems *lsv1alpha1.DeployItemList, opts ...client.ListOption) error {
-	return list(ctx, c, deployItems, opts...)
+func ListHealthChecks(ctx context.Context, c client.Reader, healthChecks *lsv1alpha1.LsHealthCheckList, readID ReadID, opts ...client.ListOption) error {
+	return list(ctx, c, healthChecks, readID, "healthChecks", opts...)
+}
+
+// read methods for context
+func GetContext(ctx context.Context, c client.Reader, key client.ObjectKey, lsContext *lsv1alpha1.Context, readID ReadID) error {
+	return get(ctx, c, key, lsContext, readID, "context")
+}
+
+// read methods for env
+
+func GetEnv(ctx context.Context, c client.Reader, key client.ObjectKey, env *lsv1alpha1.Environment, readID ReadID) error {
+	return get(ctx, c, key, env, readID, "env")
+}
+
+// read methods for object
+func GetObject(ctx context.Context, c client.Reader, key client.ObjectKey, object client.Object, readID ReadID) error {
+	return get(ctx, c, key, object, readID, "object")
+}
+
+// read methods for pods
+func GetPod(ctx context.Context, c client.Reader, key client.ObjectKey, pod *v1.Pod, readID ReadID) error {
+	return get(ctx, c, key, pod, readID, "pod")
+}
+
+func ListPods(ctx context.Context, c client.Reader, pods *v1.PodList, readID ReadID, opts ...client.ListOption) error {
+	return list(ctx, c, pods, readID, "pods", opts...)
+}
+
+// read methods for namespaces
+func ListNamespaces(ctx context.Context, c client.Reader, namespaces *v1.NamespaceList, readID ReadID, opts ...client.ListOption) error {
+	return list(ctx, c, namespaces, readID, "namespaces", opts...)
+}
+
+// read methods for metadata
+func GetMetaData(ctx context.Context, c client.Reader, key client.ObjectKey, metadata *v12.PartialObjectMetadata, readID ReadID) error {
+	return get(ctx, c, key, metadata, readID, "metadata")
+}
+
+// read methods for unstructured
+func GetUnstructured(ctx context.Context, c client.Reader, key client.ObjectKey, unstruc *unstructured.Unstructured, readID ReadID) error {
+	return get(ctx, c, key, unstruc, readID, "unstructured")
+}
+
+func ListUnstructured(ctx context.Context, c client.Reader, unstrucs *unstructured.UnstructuredList, readID ReadID, opts ...client.ListOption) error {
+	return list(ctx, c, unstrucs, readID, "unstructureds", opts...)
 }
 
 // basic functions
-func get(ctx context.Context, c client.Reader, key client.ObjectKey, object client.Object) error {
-	log, ctx := logging.FromContextOrNew(ctx, nil, keyFetchedResource, fmt.Sprintf("%s/%s", key.Namespace, key.Name))
-	log.Debug("ReadLayer get")
+func get(ctx context.Context, c client.Reader, key client.ObjectKey, object client.Object, readID ReadID, msg string) error {
+	log, ctx := logging.FromContextOrNew(ctx, nil,
+		keyFetchedResource, fmt.Sprintf("%s/%s", key.Namespace, key.Name),
+		lc.KeyReadID, readID)
+
+	err := c.Get(ctx, key, object)
+	if err != nil {
+		log = log.WithValues(lc.KeyError, err.Error())
+	}
+
+	log.Debug("ReadLayer get: " + msg)
 
-	return c.Get(ctx, key, object)
+	return err
 }
 
-func list(ctx context.Context, c client.Reader, objects client.ObjectList, opts ...client.ListOption) error {
-	log, ctx := logging.FromContextOrNew(ctx, nil)
-	log.Debug("ReadLayer list")
+func list(ctx context.Context, c client.Reader, objects client.ObjectList, readID ReadID, msg string, opts ...client.ListOption) error {
+	log, ctx := logging.FromContextOrNew(ctx, nil, lc.KeyReadID, readID)
+
+	err := c.List(ctx, objects, opts...)
+	if err != nil {
+		log = log.WithValues(lc.KeyError, err.Error())
+	}
+
+	log.Debug("ReadLayer list: " + msg)
 
-	return c.List(ctx, objects, opts...)
+	return err
 }
diff --git a/vendor/github.com/gardener/landscaper/controller-utils/pkg/logging/constants/constants.go b/vendor/github.com/gardener/landscaper/controller-utils/pkg/logging/constants/constants.go
index d6055eb3f..a86840318 100644
--- a/vendor/github.com/gardener/landscaper/controller-utils/pkg/logging/constants/constants.go
+++ b/vendor/github.com/gardener/landscaper/controller-utils/pkg/logging/constants/constants.go
@@ -33,6 +33,8 @@ const (
 	KeyExecutionPhase = "executionPhase"
 	// KeyDeployItemPhase is for the phase of a deployitem.
 	KeyDeployItemPhase = "deployitemPhase"
+	// KeyReadID is for a reader ID.
+	KeyReadID = "readID"
 	// KeyWriteID is for a writer ID.
 	KeyWriteID = "writeID"
 	// KeyGeneration is for the generation of a resource.

From 65b7aaaa7c220902244d9446200b6c92d3ec3a24 Mon Sep 17 00:00:00 2001
From: guewa <72857276+guewa@users.noreply.github.com>
Date: Wed, 6 Dec 2023 13:58:03 +0100
Subject: [PATCH 12/23] go dependency opentelemetry v1.21 (#916)

* go dependency opentelemetry v1.21 (runt-int-tests)

* run (run-int-tests)
---
 apis/go.mod                                   |    40 +-
 apis/go.sum                                   |   122 +-
 .../cenkalti/backoff/v4/.travis.yml           |    10 -
 .../github.com/cenkalti/backoff/v4/retry.go   |    50 +-
 .../github.com/felixge/httpsnoop/.travis.yml  |     6 -
 .../github.com/felixge/httpsnoop/Makefile     |     2 +-
 .../github.com/felixge/httpsnoop/README.md    |     4 +-
 .../felixge/httpsnoop/capture_metrics.go      |     2 +-
 .../httpsnoop/wrap_generated_gteq_1.8.go      |     2 +-
 .../httpsnoop/wrap_generated_lt_1.8.go        |     2 +-
 apis/vendor/github.com/go-logr/logr/README.md |   113 +-
 .../github.com/go-logr/logr/SECURITY.md       |    18 +
 .../github.com/go-logr/logr/funcr/funcr.go    |    48 +-
 apis/vendor/github.com/go-logr/logr/logr.go   |    35 +-
 .../github.com/google/go-cmp/cmp/compare.go   |    38 +-
 .../github.com/google/go-cmp/cmp/export.go    |     5 -
 .../google/go-cmp/cmp/export_panic.go         |    16 -
 .../value/{pointer_unsafe.go => pointer.go}   |     3 -
 .../cmp/internal/value/pointer_purego.go      |    34 -
 .../github.com/google/go-cmp/cmp/options.go   |    84 +-
 .../github.com/google/go-cmp/cmp/path.go      |    46 +-
 .../google/go-cmp/cmp/report_reflect.go       |     2 +-
 .../vendor/github.com/google/uuid/.travis.yml |     9 -
 .../github.com/google/uuid/CHANGELOG.md       |    10 +
 .../github.com/google/uuid/CONTRIBUTING.md    |    16 +
 apis/vendor/github.com/google/uuid/README.md  |    10 +-
 apis/vendor/github.com/google/uuid/node_js.go |     2 +-
 apis/vendor/github.com/google/uuid/uuid.go    |    10 +-
 .../grpc-gateway/v2/internal/httprule/fuzz.go |     4 +-
 .../v2/internal/httprule/parse.go             |    30 +-
 .../grpc-gateway/v2/runtime/BUILD.bazel       |    10 +-
 .../grpc-gateway/v2/runtime/context.go        |    72 +-
 .../grpc-gateway/v2/runtime/convert.go        |    46 +-
 .../grpc-gateway/v2/runtime/errors.go         |    17 +-
 .../grpc-gateway/v2/runtime/fieldmask.go      |     9 +-
 .../grpc-gateway/v2/runtime/handler.go        |    26 +-
 .../grpc-gateway/v2/runtime/marshal_jsonpb.go |    38 +-
 .../grpc-gateway/v2/runtime/marshal_proto.go  |     9 +-
 .../grpc-gateway/v2/runtime/mux.go            |   162 +-
 .../grpc-gateway/v2/runtime/pattern.go        |     2 -
 .../grpc-gateway/v2/runtime/query.go          |    69 +-
 .../grpc-gateway/v2/utilities/BUILD.bazel     |     6 +-
 .../v2/utilities/readerfactory.go             |     3 +-
 .../v2/utilities/string_array_flag.go         |    33 +
 .../grpc-gateway/v2/utilities/trie.go         |     2 +-
 .../net/http/otelhttp/common.go               |     4 +-
 .../net/http/otelhttp/config.go               |    21 +-
 .../net/http/otelhttp/handler.go              |   128 +-
 .../http/otelhttp/internal/semconvutil/gen.go |    21 +
 .../otelhttp/internal/semconvutil/httpconv.go |   552 +
 .../otelhttp/internal/semconvutil/netconv.go  |   368 +
 .../net/http/otelhttp/transport.go            |    10 +-
 .../net/http/otelhttp/version.go              |     6 +-
 .../instrumentation/net/http/otelhttp/wrap.go |    14 +-
 .../go.opentelemetry.io/otel/.codespellignore |     5 +
 .../go.opentelemetry.io/otel/.codespellrc     |    10 +
 .../go.opentelemetry.io/otel/.gitignore       |     9 +-
 .../go.opentelemetry.io/otel/.golangci.yml    |   104 +-
 .../go.opentelemetry.io/otel/.lycheeignore    |     3 +
 .../go.opentelemetry.io/otel/CHANGELOG.md     |   867 +-
 .../go.opentelemetry.io/otel/CODEOWNERS       |     4 +-
 .../go.opentelemetry.io/otel/CONTRIBUTING.md  |   202 +-
 apis/vendor/go.opentelemetry.io/otel/Makefile |   142 +-
 .../vendor/go.opentelemetry.io/otel/README.md |    54 +-
 .../go.opentelemetry.io/otel/RELEASING.md     |    35 +-
 .../otel/attribute/filter.go                  |    60 +
 .../go.opentelemetry.io/otel/attribute/set.go |    27 +-
 .../otel/attribute/value.go                   |    95 +-
 .../otel/baggage/baggage.go                   |    88 +-
 .../go.opentelemetry.io/otel/codes/codes.go   |    10 +
 .../go.opentelemetry.io/otel/codes/doc.go     |     2 +-
 .../otel/exporters/otlp/internal/config.go    |    34 -
 .../exporters/otlp/internal/retry/LICENSE     |   201 -
 .../otel/exporters/otlp/otlptrace/README.md   |    51 -
 .../otel/exporters/otlp/otlptrace/doc.go      |    21 +
 .../otel/exporters/otlp/otlptrace/exporter.go |    13 +-
 .../otlp/otlptrace/otlptracegrpc/client.go    |    45 +-
 .../otlp/otlptrace/otlptracegrpc/doc.go       |    77 +
 .../internal/envconfig/envconfig.go           |    94 +-
 .../otlptrace/otlptracegrpc/internal/gen.go   |    35 +
 .../internal/otlpconfig/envconfig.go          |    34 +-
 .../internal/otlpconfig/options.go            |    32 +-
 .../internal/otlpconfig/optiontypes.go        |     5 +-
 .../internal/otlpconfig/tls.go                |     5 +-
 .../otlptracegrpc}/internal/partialsuccess.go |    39 +-
 .../otlptracegrpc}/internal/retry/retry.go    |    40 +-
 .../otlp/otlptrace/otlptracegrpc/options.go   |    12 +-
 .../otlp/otlptrace/version.go}                |    12 +-
 .../go.opentelemetry.io/otel/handler.go       |    65 +-
 .../otel/internal/attribute/attribute.go      |   111 +
 .../go.opentelemetry.io/otel/internal/gen.go  |    29 +
 .../otel/internal/global/handler.go           |   102 +
 .../otel/internal/global/instruments.go       |   371 +
 .../otel/internal/global/internal_logging.go  |    44 +-
 .../otel/internal/global/meter.go             |   354 +
 .../otel/internal/global/state.go             |    45 +-
 .../otel/internal/global/trace.go             |     7 +
 .../vendor/go.opentelemetry.io/otel/metric.go |    53 +
 .../otel/metric/asyncfloat64.go               |   271 +
 .../otel/metric/asyncint64.go                 |   269 +
 .../go.opentelemetry.io/otel/metric/config.go |    25 +-
 .../go.opentelemetry.io/otel/metric/doc.go    |   157 +-
 .../otel/metric/embedded/embedded.go          |   234 +
 .../otel/metric/global/global.go              |    42 -
 .../otel/metric/instrument.go                 |   357 +
 .../instrument/asyncfloat64/asyncfloat64.go   |    70 -
 .../instrument/asyncint64/asyncint64.go       |    70 -
 .../otel/metric/instrument/config.go          |    69 -
 .../otel/metric/instrument/instrument.go      |    30 -
 .../instrument/syncfloat64/syncfloat64.go     |    56 -
 .../metric/instrument/syncint64/syncint64.go  |    56 -
 .../metric/internal/global/instruments.go     |   360 -
 .../otel/metric/internal/global/meter.go      |   347 -
 .../otel/metric/internal/global/state.go      |    68 -
 .../go.opentelemetry.io/otel/metric/meter.go  |   204 +-
 .../go.opentelemetry.io/otel/metric/noop.go   |   181 -
 .../otel/metric/syncfloat64.go                |   185 +
 .../otel/metric/syncint64.go                  |   185 +
 .../otel/propagation/trace_context.go         |     6 +-
 .../go.opentelemetry.io/otel/requirements.txt |     1 +
 .../otel/sdk/internal/env/env.go              |    10 +-
 .../otel/sdk/internal/gen.go                  |    29 +
 .../otel/sdk/internal/internal.go             |    11 +-
 .../otel/sdk/resource/auto.go                 |    68 +-
 .../otel/sdk/resource/builtin.go              |    10 +-
 .../otel/sdk/resource/config.go               |     7 +
 .../otel/sdk/resource/container.go            |     4 +-
 .../otel/sdk/resource/doc.go                  |     3 +
 .../otel/sdk/resource/env.go                  |    31 +-
 .../otel/sdk/resource/host_id.go              |   120 +
 .../otel/sdk/resource/host_id_bsd.go          |    23 +
 .../otel/sdk/resource/host_id_darwin.go       |    19 +
 .../otel/sdk/resource/host_id_exec.go         |    29 +
 .../otel/sdk/resource/host_id_linux.go        |    22 +
 .../otel/sdk/resource/host_id_readfile.go     |    28 +
 .../otel/sdk/resource/host_id_unsupported.go  |    36 +
 .../otel/sdk/resource/host_id_windows.go      |    48 +
 .../otel/sdk/resource/os.go                   |    13 +-
 .../otel/sdk/resource/os_release_unix.go      |     8 +-
 .../otel/sdk/resource/process.go              |    54 +-
 .../otel/sdk/resource/resource.go             |    27 +-
 .../otel/sdk/trace/batch_span_processor.go    |    70 +-
 .../otel/sdk/trace/provider.go                |   129 +-
 .../otel/sdk/trace/sampling.go                |    14 +-
 .../otel/sdk/trace/simple_span_processor.go   |     9 +-
 .../otel/sdk/trace/span.go                    |    66 +-
 .../otel/sdk/trace/span_exporter.go           |     2 +-
 .../otel/sdk/trace/span_processor.go          |     7 +-
 .../otel/sdk/trace/tracer.go                  |     5 +-
 .../otel/sdk/trace/version.go                 |    20 +
 .../go.opentelemetry.io/otel/sdk/version.go   |    20 +
 .../otel/semconv/internal/http.go             |   336 -
 .../otel/semconv/v1.12.0/http.go              |   114 -
 .../otel/semconv/v1.12.0/resource.go          |  1042 -
 .../otel/semconv/v1.12.0/trace.go             |  1704 -
 .../otel/semconv/{v1.12.0 => v1.17.0}/doc.go  |     4 +-
 .../otel/semconv/v1.17.0/event.go             |   199 +
 .../semconv/{v1.12.0 => v1.17.0}/exception.go |     2 +-
 .../otel/semconv/v1.17.0/http.go              |    21 +
 .../otel/semconv/v1.17.0/resource.go          |  2010 +
 .../semconv/{v1.12.0 => v1.17.0}/schema.go    |     4 +-
 .../otel/semconv/v1.17.0/trace.go             |  3375 ++
 .../otel/semconv/v1.21.0/attribute_group.go   |  1877 +
 .../otel/semconv/v1.21.0/doc.go               |    20 +
 .../otel/semconv/v1.21.0/event.go             |   199 +
 .../unit.go => semconv/v1.21.0/exception.go}  |    11 +-
 .../otel/semconv/v1.21.0/resource.go          |  2310 +
 .../otel/semconv/v1.21.0/schema.go            |    20 +
 .../otel/semconv/v1.21.0/trace.go             |  2495 +
 .../go.opentelemetry.io/otel/trace/config.go  |    18 +
 .../go.opentelemetry.io/otel/trace/doc.go     |    66 +-
 .../otel/trace/embedded/embedded.go           |    56 +
 .../go.opentelemetry.io/otel/trace/noop.go    |    14 +-
 .../otel/trace/noop/noop.go                   |   118 +
 .../go.opentelemetry.io/otel/trace/trace.go   |    45 +-
 .../otel/trace/tracestate.go                  |    38 +-
 .../go.opentelemetry.io/otel/version.go       |     2 +-
 .../go.opentelemetry.io/otel/versions.yaml    |    30 +-
 .../collector/trace/v1/trace_service.pb.go    |     2 +-
 .../collector/trace/v1/trace_service.pb.gw.go |    26 +-
 .../trace/v1/trace_service_grpc.pb.go         |     2 +-
 .../proto/otlp/common/v1/common.pb.go         |     9 +-
 .../proto/otlp/resource/v1/resource.pb.go     |     2 +-
 .../proto/otlp/trace/v1/trace.pb.go           |    26 +-
 .../x/oauth2/internal/client_appengine.go     |     1 -
 .../golang.org/x/oauth2/internal/oauth2.go    |     2 +-
 .../golang.org/x/oauth2/internal/token.go     |    60 +-
 apis/vendor/golang.org/x/oauth2/token.go      |    19 +-
 .../golang.org/x/sys/execabs/execabs_go118.go |     1 -
 .../golang.org/x/sys/execabs/execabs_go119.go |     1 -
 .../golang.org/x/sys/plan9/pwd_go15_plan9.go  |     1 -
 .../golang.org/x/sys/plan9/pwd_plan9.go       |     1 -
 apis/vendor/golang.org/x/sys/plan9/race.go    |     1 -
 apis/vendor/golang.org/x/sys/plan9/race0.go   |     1 -
 apis/vendor/golang.org/x/sys/plan9/str.go     |     1 -
 apis/vendor/golang.org/x/sys/plan9/syscall.go |     1 -
 .../x/sys/plan9/zsyscall_plan9_386.go         |     1 -
 .../x/sys/plan9/zsyscall_plan9_amd64.go       |     1 -
 .../x/sys/plan9/zsyscall_plan9_arm.go         |     1 -
 apis/vendor/golang.org/x/sys/unix/aliases.go  |     2 -
 .../golang.org/x/sys/unix/asm_aix_ppc64.s     |     1 -
 .../golang.org/x/sys/unix/asm_bsd_386.s       |     2 -
 .../golang.org/x/sys/unix/asm_bsd_amd64.s     |     2 -
 .../golang.org/x/sys/unix/asm_bsd_arm.s       |     2 -
 .../golang.org/x/sys/unix/asm_bsd_arm64.s     |     2 -
 .../golang.org/x/sys/unix/asm_bsd_ppc64.s     |     2 -
 .../golang.org/x/sys/unix/asm_bsd_riscv64.s   |     2 -
 .../golang.org/x/sys/unix/asm_linux_386.s     |     1 -
 .../golang.org/x/sys/unix/asm_linux_amd64.s   |     1 -
 .../golang.org/x/sys/unix/asm_linux_arm.s     |     1 -
 .../golang.org/x/sys/unix/asm_linux_arm64.s   |     3 -
 .../golang.org/x/sys/unix/asm_linux_loong64.s |     3 -
 .../golang.org/x/sys/unix/asm_linux_mips64x.s |     3 -
 .../golang.org/x/sys/unix/asm_linux_mipsx.s   |     3 -
 .../golang.org/x/sys/unix/asm_linux_ppc64x.s  |     3 -
 .../golang.org/x/sys/unix/asm_linux_riscv64.s |     2 -
 .../golang.org/x/sys/unix/asm_linux_s390x.s   |     3 -
 .../x/sys/unix/asm_openbsd_mips64.s           |     1 -
 .../golang.org/x/sys/unix/asm_solaris_amd64.s |     1 -
 .../golang.org/x/sys/unix/asm_zos_s390x.s     |     3 -
 .../golang.org/x/sys/unix/cap_freebsd.go      |     1 -
 .../vendor/golang.org/x/sys/unix/constants.go |     1 -
 .../golang.org/x/sys/unix/dev_aix_ppc.go      |     1 -
 .../golang.org/x/sys/unix/dev_aix_ppc64.go    |     1 -
 apis/vendor/golang.org/x/sys/unix/dev_zos.go  |     1 -
 apis/vendor/golang.org/x/sys/unix/dirent.go   |     1 -
 .../golang.org/x/sys/unix/endian_big.go       |     1 -
 .../golang.org/x/sys/unix/endian_little.go    |     1 -
 apis/vendor/golang.org/x/sys/unix/env_unix.go |     1 -
 .../vendor/golang.org/x/sys/unix/epoll_zos.go |     1 -
 apis/vendor/golang.org/x/sys/unix/fcntl.go    |     1 -
 .../x/sys/unix/fcntl_linux_32bit.go           |     1 -
 apis/vendor/golang.org/x/sys/unix/fdset.go    |     1 -
 .../golang.org/x/sys/unix/fstatfs_zos.go      |     1 -
 apis/vendor/golang.org/x/sys/unix/gccgo.go    |     1 -
 apis/vendor/golang.org/x/sys/unix/gccgo_c.c   |     1 -
 .../x/sys/unix/gccgo_linux_amd64.go           |     1 -
 .../golang.org/x/sys/unix/ifreq_linux.go      |     1 -
 .../golang.org/x/sys/unix/ioctl_signed.go     |     1 -
 .../golang.org/x/sys/unix/ioctl_unsigned.go   |     1 -
 .../vendor/golang.org/x/sys/unix/ioctl_zos.go |     1 -
 apis/vendor/golang.org/x/sys/unix/mkerrors.sh |     1 -
 .../golang.org/x/sys/unix/mmap_nomremap.go    |     1 -
 apis/vendor/golang.org/x/sys/unix/mremap.go   |     1 -
 .../golang.org/x/sys/unix/pagesize_unix.go    |     1 -
 .../golang.org/x/sys/unix/pledge_openbsd.go   |    92 +-
 .../golang.org/x/sys/unix/ptrace_darwin.go    |     1 -
 .../golang.org/x/sys/unix/ptrace_ios.go       |     1 -
 apis/vendor/golang.org/x/sys/unix/race.go     |     1 -
 apis/vendor/golang.org/x/sys/unix/race0.go    |     1 -
 .../x/sys/unix/readdirent_getdents.go         |     1 -
 .../x/sys/unix/readdirent_getdirentries.go    |     1 -
 .../golang.org/x/sys/unix/sockcmsg_unix.go    |     1 -
 .../x/sys/unix/sockcmsg_unix_other.go         |     1 -
 apis/vendor/golang.org/x/sys/unix/syscall.go  |     1 -
 .../golang.org/x/sys/unix/syscall_aix.go      |     4 +-
 .../golang.org/x/sys/unix/syscall_aix_ppc.go  |     1 -
 .../x/sys/unix/syscall_aix_ppc64.go           |     1 -
 .../golang.org/x/sys/unix/syscall_bsd.go      |     1 -
 .../x/sys/unix/syscall_darwin_amd64.go        |     1 -
 .../x/sys/unix/syscall_darwin_arm64.go        |     1 -
 .../x/sys/unix/syscall_darwin_libSystem.go    |     1 -
 .../x/sys/unix/syscall_dragonfly_amd64.go     |     1 -
 .../x/sys/unix/syscall_freebsd_386.go         |     1 -
 .../x/sys/unix/syscall_freebsd_amd64.go       |     1 -
 .../x/sys/unix/syscall_freebsd_arm.go         |     1 -
 .../x/sys/unix/syscall_freebsd_arm64.go       |     1 -
 .../x/sys/unix/syscall_freebsd_riscv64.go     |     1 -
 .../golang.org/x/sys/unix/syscall_hurd.go     |     1 -
 .../golang.org/x/sys/unix/syscall_hurd_386.go |     1 -
 .../golang.org/x/sys/unix/syscall_illumos.go  |     1 -
 .../golang.org/x/sys/unix/syscall_linux.go    |     5 +-
 .../x/sys/unix/syscall_linux_386.go           |     1 -
 .../x/sys/unix/syscall_linux_alarm.go         |     2 -
 .../x/sys/unix/syscall_linux_amd64.go         |     1 -
 .../x/sys/unix/syscall_linux_amd64_gc.go      |     1 -
 .../x/sys/unix/syscall_linux_arm.go           |     1 -
 .../x/sys/unix/syscall_linux_arm64.go         |     1 -
 .../golang.org/x/sys/unix/syscall_linux_gc.go |     1 -
 .../x/sys/unix/syscall_linux_gc_386.go        |     1 -
 .../x/sys/unix/syscall_linux_gc_arm.go        |     1 -
 .../x/sys/unix/syscall_linux_gccgo_386.go     |     1 -
 .../x/sys/unix/syscall_linux_gccgo_arm.go     |     1 -
 .../x/sys/unix/syscall_linux_loong64.go       |     1 -
 .../x/sys/unix/syscall_linux_mips64x.go       |     2 -
 .../x/sys/unix/syscall_linux_mipsx.go         |     2 -
 .../x/sys/unix/syscall_linux_ppc.go           |     1 -
 .../x/sys/unix/syscall_linux_ppc64x.go        |     2 -
 .../x/sys/unix/syscall_linux_riscv64.go       |     1 -
 .../x/sys/unix/syscall_linux_s390x.go         |     1 -
 .../x/sys/unix/syscall_linux_sparc64.go       |     1 -
 .../x/sys/unix/syscall_netbsd_386.go          |     1 -
 .../x/sys/unix/syscall_netbsd_amd64.go        |     1 -
 .../x/sys/unix/syscall_netbsd_arm.go          |     1 -
 .../x/sys/unix/syscall_netbsd_arm64.go        |     1 -
 .../golang.org/x/sys/unix/syscall_openbsd.go  |    14 +-
 .../x/sys/unix/syscall_openbsd_386.go         |     1 -
 .../x/sys/unix/syscall_openbsd_amd64.go       |     1 -
 .../x/sys/unix/syscall_openbsd_arm.go         |     1 -
 .../x/sys/unix/syscall_openbsd_arm64.go       |     1 -
 .../x/sys/unix/syscall_openbsd_libc.go        |     1 -
 .../x/sys/unix/syscall_openbsd_ppc64.go       |     1 -
 .../x/sys/unix/syscall_openbsd_riscv64.go     |     1 -
 .../golang.org/x/sys/unix/syscall_solaris.go  |     3 +-
 .../x/sys/unix/syscall_solaris_amd64.go       |     1 -
 .../golang.org/x/sys/unix/syscall_unix.go     |     1 -
 .../golang.org/x/sys/unix/syscall_unix_gc.go  |     2 -
 .../x/sys/unix/syscall_unix_gc_ppc64x.go      |     3 -
 .../x/sys/unix/syscall_zos_s390x.go           |     1 -
 .../golang.org/x/sys/unix/sysvshm_linux.go    |     1 -
 .../golang.org/x/sys/unix/sysvshm_unix.go     |     1 -
 .../x/sys/unix/sysvshm_unix_other.go          |     1 -
 .../golang.org/x/sys/unix/timestruct.go       |     1 -
 .../golang.org/x/sys/unix/unveil_openbsd.go   |    41 +-
 .../vendor/golang.org/x/sys/unix/xattr_bsd.go |     1 -
 .../golang.org/x/sys/unix/zerrors_aix_ppc.go  |     1 -
 .../x/sys/unix/zerrors_aix_ppc64.go           |     1 -
 .../x/sys/unix/zerrors_darwin_amd64.go        |     1 -
 .../x/sys/unix/zerrors_darwin_arm64.go        |     1 -
 .../x/sys/unix/zerrors_dragonfly_amd64.go     |     1 -
 .../x/sys/unix/zerrors_freebsd_386.go         |     1 -
 .../x/sys/unix/zerrors_freebsd_amd64.go       |     1 -
 .../x/sys/unix/zerrors_freebsd_arm.go         |     1 -
 .../x/sys/unix/zerrors_freebsd_arm64.go       |     1 -
 .../x/sys/unix/zerrors_freebsd_riscv64.go     |     1 -
 .../golang.org/x/sys/unix/zerrors_linux.go    |    14 +-
 .../x/sys/unix/zerrors_linux_386.go           |     1 -
 .../x/sys/unix/zerrors_linux_amd64.go         |     1 -
 .../x/sys/unix/zerrors_linux_arm.go           |     1 -
 .../x/sys/unix/zerrors_linux_arm64.go         |     1 -
 .../x/sys/unix/zerrors_linux_loong64.go       |     2 +-
 .../x/sys/unix/zerrors_linux_mips.go          |     1 -
 .../x/sys/unix/zerrors_linux_mips64.go        |     1 -
 .../x/sys/unix/zerrors_linux_mips64le.go      |     1 -
 .../x/sys/unix/zerrors_linux_mipsle.go        |     1 -
 .../x/sys/unix/zerrors_linux_ppc.go           |     1 -
 .../x/sys/unix/zerrors_linux_ppc64.go         |     1 -
 .../x/sys/unix/zerrors_linux_ppc64le.go       |     1 -
 .../x/sys/unix/zerrors_linux_riscv64.go       |     4 +-
 .../x/sys/unix/zerrors_linux_s390x.go         |     1 -
 .../x/sys/unix/zerrors_linux_sparc64.go       |     1 -
 .../x/sys/unix/zerrors_netbsd_386.go          |     1 -
 .../x/sys/unix/zerrors_netbsd_amd64.go        |     1 -
 .../x/sys/unix/zerrors_netbsd_arm.go          |     1 -
 .../x/sys/unix/zerrors_netbsd_arm64.go        |     1 -
 .../x/sys/unix/zerrors_openbsd_386.go         |     1 -
 .../x/sys/unix/zerrors_openbsd_amd64.go       |     1 -
 .../x/sys/unix/zerrors_openbsd_arm.go         |     1 -
 .../x/sys/unix/zerrors_openbsd_arm64.go       |     1 -
 .../x/sys/unix/zerrors_openbsd_mips64.go      |     1 -
 .../x/sys/unix/zerrors_openbsd_ppc64.go       |     1 -
 .../x/sys/unix/zerrors_openbsd_riscv64.go     |     1 -
 .../x/sys/unix/zerrors_solaris_amd64.go       |     1 -
 .../x/sys/unix/zerrors_zos_s390x.go           |     1 -
 .../x/sys/unix/zptrace_armnn_linux.go         |     2 -
 .../x/sys/unix/zptrace_mipsnn_linux.go        |     2 -
 .../x/sys/unix/zptrace_mipsnnle_linux.go      |     2 -
 .../x/sys/unix/zptrace_x86_linux.go           |     2 -
 .../golang.org/x/sys/unix/zsyscall_aix_ppc.go |     1 -
 .../x/sys/unix/zsyscall_aix_ppc64.go          |     1 -
 .../x/sys/unix/zsyscall_aix_ppc64_gc.go       |     1 -
 .../x/sys/unix/zsyscall_aix_ppc64_gccgo.go    |     1 -
 .../x/sys/unix/zsyscall_darwin_amd64.go       |     1 -
 .../x/sys/unix/zsyscall_darwin_arm64.go       |     1 -
 .../x/sys/unix/zsyscall_dragonfly_amd64.go    |     1 -
 .../x/sys/unix/zsyscall_freebsd_386.go        |     1 -
 .../x/sys/unix/zsyscall_freebsd_amd64.go      |     1 -
 .../x/sys/unix/zsyscall_freebsd_arm.go        |     1 -
 .../x/sys/unix/zsyscall_freebsd_arm64.go      |     1 -
 .../x/sys/unix/zsyscall_freebsd_riscv64.go    |     1 -
 .../x/sys/unix/zsyscall_illumos_amd64.go      |     1 -
 .../golang.org/x/sys/unix/zsyscall_linux.go   |    11 +-
 .../x/sys/unix/zsyscall_linux_386.go          |     1 -
 .../x/sys/unix/zsyscall_linux_amd64.go        |     1 -
 .../x/sys/unix/zsyscall_linux_arm.go          |     1 -
 .../x/sys/unix/zsyscall_linux_arm64.go        |     1 -
 .../x/sys/unix/zsyscall_linux_loong64.go      |     1 -
 .../x/sys/unix/zsyscall_linux_mips.go         |     1 -
 .../x/sys/unix/zsyscall_linux_mips64.go       |     1 -
 .../x/sys/unix/zsyscall_linux_mips64le.go     |     1 -
 .../x/sys/unix/zsyscall_linux_mipsle.go       |     1 -
 .../x/sys/unix/zsyscall_linux_ppc.go          |     1 -
 .../x/sys/unix/zsyscall_linux_ppc64.go        |     1 -
 .../x/sys/unix/zsyscall_linux_ppc64le.go      |     1 -
 .../x/sys/unix/zsyscall_linux_riscv64.go      |     1 -
 .../x/sys/unix/zsyscall_linux_s390x.go        |     1 -
 .../x/sys/unix/zsyscall_linux_sparc64.go      |     1 -
 .../x/sys/unix/zsyscall_netbsd_386.go         |     1 -
 .../x/sys/unix/zsyscall_netbsd_amd64.go       |     1 -
 .../x/sys/unix/zsyscall_netbsd_arm.go         |     1 -
 .../x/sys/unix/zsyscall_netbsd_arm64.go       |     1 -
 .../x/sys/unix/zsyscall_openbsd_386.go        |    46 +-
 .../x/sys/unix/zsyscall_openbsd_386.s         |    15 +
 .../x/sys/unix/zsyscall_openbsd_amd64.go      |    46 +-
 .../x/sys/unix/zsyscall_openbsd_amd64.s       |    15 +
 .../x/sys/unix/zsyscall_openbsd_arm.go        |    46 +-
 .../x/sys/unix/zsyscall_openbsd_arm.s         |    15 +
 .../x/sys/unix/zsyscall_openbsd_arm64.go      |    46 +-
 .../x/sys/unix/zsyscall_openbsd_arm64.s       |    15 +
 .../x/sys/unix/zsyscall_openbsd_mips64.go     |    46 +-
 .../x/sys/unix/zsyscall_openbsd_mips64.s      |    15 +
 .../x/sys/unix/zsyscall_openbsd_ppc64.go      |    46 +-
 .../x/sys/unix/zsyscall_openbsd_ppc64.s       |    18 +
 .../x/sys/unix/zsyscall_openbsd_riscv64.go    |    46 +-
 .../x/sys/unix/zsyscall_openbsd_riscv64.s     |    15 +
 .../x/sys/unix/zsyscall_solaris_amd64.go      |     1 -
 .../x/sys/unix/zsyscall_zos_s390x.go          |     1 -
 .../x/sys/unix/zsysctl_openbsd_386.go         |     1 -
 .../x/sys/unix/zsysctl_openbsd_amd64.go       |     1 -
 .../x/sys/unix/zsysctl_openbsd_arm.go         |     1 -
 .../x/sys/unix/zsysctl_openbsd_arm64.go       |     1 -
 .../x/sys/unix/zsysctl_openbsd_mips64.go      |     1 -
 .../x/sys/unix/zsysctl_openbsd_ppc64.go       |     1 -
 .../x/sys/unix/zsysctl_openbsd_riscv64.go     |     1 -
 .../x/sys/unix/zsysnum_darwin_amd64.go        |     1 -
 .../x/sys/unix/zsysnum_darwin_arm64.go        |     1 -
 .../x/sys/unix/zsysnum_dragonfly_amd64.go     |     1 -
 .../x/sys/unix/zsysnum_freebsd_386.go         |     1 -
 .../x/sys/unix/zsysnum_freebsd_amd64.go       |     1 -
 .../x/sys/unix/zsysnum_freebsd_arm.go         |     1 -
 .../x/sys/unix/zsysnum_freebsd_arm64.go       |     1 -
 .../x/sys/unix/zsysnum_freebsd_riscv64.go     |     1 -
 .../x/sys/unix/zsysnum_linux_386.go           |     2 +-
 .../x/sys/unix/zsysnum_linux_amd64.go         |     3 +-
 .../x/sys/unix/zsysnum_linux_arm.go           |     2 +-
 .../x/sys/unix/zsysnum_linux_arm64.go         |     2 +-
 .../x/sys/unix/zsysnum_linux_loong64.go       |     2 +-
 .../x/sys/unix/zsysnum_linux_mips.go          |     2 +-
 .../x/sys/unix/zsysnum_linux_mips64.go        |     2 +-
 .../x/sys/unix/zsysnum_linux_mips64le.go      |     2 +-
 .../x/sys/unix/zsysnum_linux_mipsle.go        |     2 +-
 .../x/sys/unix/zsysnum_linux_ppc.go           |     2 +-
 .../x/sys/unix/zsysnum_linux_ppc64.go         |     2 +-
 .../x/sys/unix/zsysnum_linux_ppc64le.go       |     2 +-
 .../x/sys/unix/zsysnum_linux_riscv64.go       |     2 +-
 .../x/sys/unix/zsysnum_linux_s390x.go         |     2 +-
 .../x/sys/unix/zsysnum_linux_sparc64.go       |     2 +-
 .../x/sys/unix/zsysnum_netbsd_386.go          |     1 -
 .../x/sys/unix/zsysnum_netbsd_amd64.go        |     1 -
 .../x/sys/unix/zsysnum_netbsd_arm.go          |     1 -
 .../x/sys/unix/zsysnum_netbsd_arm64.go        |     1 -
 .../x/sys/unix/zsysnum_openbsd_386.go         |     1 -
 .../x/sys/unix/zsysnum_openbsd_amd64.go       |     1 -
 .../x/sys/unix/zsysnum_openbsd_arm.go         |     1 -
 .../x/sys/unix/zsysnum_openbsd_arm64.go       |     1 -
 .../x/sys/unix/zsysnum_openbsd_mips64.go      |     1 -
 .../x/sys/unix/zsysnum_openbsd_ppc64.go       |     1 -
 .../x/sys/unix/zsysnum_openbsd_riscv64.go     |     1 -
 .../x/sys/unix/zsysnum_zos_s390x.go           |     1 -
 .../golang.org/x/sys/unix/ztypes_aix_ppc.go   |     1 -
 .../golang.org/x/sys/unix/ztypes_aix_ppc64.go |     1 -
 .../x/sys/unix/ztypes_darwin_amd64.go         |     1 -
 .../x/sys/unix/ztypes_darwin_arm64.go         |     1 -
 .../x/sys/unix/ztypes_dragonfly_amd64.go      |     1 -
 .../x/sys/unix/ztypes_freebsd_386.go          |     1 -
 .../x/sys/unix/ztypes_freebsd_amd64.go        |     1 -
 .../x/sys/unix/ztypes_freebsd_arm.go          |     1 -
 .../x/sys/unix/ztypes_freebsd_arm64.go        |     1 -
 .../x/sys/unix/ztypes_freebsd_riscv64.go      |     1 -
 .../golang.org/x/sys/unix/ztypes_linux.go     |    13 +-
 .../golang.org/x/sys/unix/ztypes_linux_386.go |     1 -
 .../x/sys/unix/ztypes_linux_amd64.go          |     1 -
 .../golang.org/x/sys/unix/ztypes_linux_arm.go |     1 -
 .../x/sys/unix/ztypes_linux_arm64.go          |     1 -
 .../x/sys/unix/ztypes_linux_loong64.go        |     1 -
 .../x/sys/unix/ztypes_linux_mips.go           |     1 -
 .../x/sys/unix/ztypes_linux_mips64.go         |     1 -
 .../x/sys/unix/ztypes_linux_mips64le.go       |     1 -
 .../x/sys/unix/ztypes_linux_mipsle.go         |     1 -
 .../golang.org/x/sys/unix/ztypes_linux_ppc.go |     1 -
 .../x/sys/unix/ztypes_linux_ppc64.go          |     1 -
 .../x/sys/unix/ztypes_linux_ppc64le.go        |     1 -
 .../x/sys/unix/ztypes_linux_riscv64.go        |     1 -
 .../x/sys/unix/ztypes_linux_s390x.go          |     1 -
 .../x/sys/unix/ztypes_linux_sparc64.go        |     1 -
 .../x/sys/unix/ztypes_netbsd_386.go           |     1 -
 .../x/sys/unix/ztypes_netbsd_amd64.go         |     1 -
 .../x/sys/unix/ztypes_netbsd_arm.go           |     1 -
 .../x/sys/unix/ztypes_netbsd_arm64.go         |     1 -
 .../x/sys/unix/ztypes_openbsd_386.go          |     1 -
 .../x/sys/unix/ztypes_openbsd_amd64.go        |     1 -
 .../x/sys/unix/ztypes_openbsd_arm.go          |     1 -
 .../x/sys/unix/ztypes_openbsd_arm64.go        |     1 -
 .../x/sys/unix/ztypes_openbsd_mips64.go       |     1 -
 .../x/sys/unix/ztypes_openbsd_ppc64.go        |     1 -
 .../x/sys/unix/ztypes_openbsd_riscv64.go      |     1 -
 .../x/sys/unix/ztypes_solaris_amd64.go        |     1 -
 .../golang.org/x/sys/unix/ztypes_zos_s390x.go |     1 -
 .../golang.org/x/sys/windows/aliases.go       |     1 -
 apis/vendor/golang.org/x/sys/windows/empty.s  |     1 -
 .../golang.org/x/sys/windows/eventlog.go      |     1 -
 .../golang.org/x/sys/windows/mksyscall.go     |     1 -
 apis/vendor/golang.org/x/sys/windows/race.go  |     1 -
 apis/vendor/golang.org/x/sys/windows/race0.go |     1 -
 .../golang.org/x/sys/windows/registry/key.go  |     1 -
 .../x/sys/windows/registry/mksyscall.go       |     1 -
 .../x/sys/windows/registry/syscall.go         |     1 -
 .../x/sys/windows/registry/value.go           |     1 -
 .../golang.org/x/sys/windows/service.go       |     1 -
 apis/vendor/golang.org/x/sys/windows/str.go   |     1 -
 .../golang.org/x/sys/windows/syscall.go       |     1 -
 .../x/sys/windows/syscall_windows.go          |     4 +-
 .../golang.org/x/sys/windows/types_windows.go |    28 +-
 .../x/sys/windows/zsyscall_windows.go         |     9 +
 .../genproto/{ => googleapis/api}/LICENSE     |     0
 .../genproto/googleapis/rpc/LICENSE           |     0
 .../protobuf/field_mask/field_mask.go         |    23 -
 apis/vendor/google.golang.org/grpc/README.md  |    60 +-
 .../grpc/attributes/attributes.go             |    59 +-
 .../grpc/balancer/balancer.go                 |    62 +-
 .../grpc/balancer/base/balancer.go            |    22 +-
 .../grpc/balancer_conn_wrappers.go            |    75 +-
 .../grpc_binarylog_v1/binarylog.pb.go         |     2 +-
 apis/vendor/google.golang.org/grpc/call.go    |    11 +-
 .../google.golang.org/grpc/clientconn.go      |   248 +-
 apis/vendor/google.golang.org/grpc/codec.go   |     8 +-
 .../google.golang.org/grpc/dialoptions.go     |    42 +-
 .../grpc/encoding/encoding.go                 |    17 +-
 .../grpc/encoding/gzip/gzip.go                |     4 +-
 .../grpc/encoding/proto/proto.go              |     4 +-
 .../grpc/grpclog/component.go                 |    40 +-
 .../google.golang.org/grpc/grpclog/grpclog.go |    30 +-
 .../google.golang.org/grpc/grpclog/logger.go  |    30 +-
 .../grpc/grpclog/loggerv2.go                  |    56 +-
 .../grpc/health/grpc_health_v1/health.pb.go   |   308 +
 .../health/grpc_health_v1/health_grpc.pb.go   |   237 +
 .../google.golang.org/grpc/interceptor.go     |    12 +-
 .../grpc/internal/backoff/backoff.go          |    36 +
 .../balancer/gracefulswitch/gracefulswitch.go |    59 +-
 .../grpc/internal/balancerload/load.go        |     4 +-
 .../grpc/internal/binarylog/method_logger.go  |     4 +-
 .../grpc/internal/buffer/unbounded.go         |    18 +-
 .../grpc/internal/channelz/funcs.go           |    69 +-
 .../grpc/internal/channelz/logging.go         |    12 +-
 .../grpc/internal/channelz/types.go           |     5 +
 .../grpc/internal/channelz/util_linux.go      |     2 +-
 .../grpc/internal/channelz/util_nonlinux.go   |     2 +-
 .../grpc/internal/credentials/credentials.go  |     8 +-
 .../grpc/internal/envconfig/envconfig.go      |    12 +-
 .../grpc/internal/grpclog/grpclog.go          |    40 +-
 .../grpc/internal/grpclog/prefixLogger.go     |     8 +-
 .../grpc/internal/grpcrand/grpcrand.go        |     7 +
 .../internal/grpcsync/callback_serializer.go  |    54 +-
 .../grpc/internal/grpcsync/pubsub.go          |   121 +
 .../grpc/{ => internal/idle}/idle.go          |   188 +-
 .../grpc/internal/internal.go                 |    51 +-
 .../grpc/internal/metadata/metadata.go        |     2 +-
 .../grpc/internal/pretty/pretty.go            |     2 +-
 .../grpc/internal/resolver/config_selector.go |     4 +-
 .../internal/resolver/dns/dns_resolver.go     |    74 +-
 .../grpc/internal/status/status.go            |    36 +-
 .../grpc/internal/transport/controlbuf.go     |    16 +-
 .../grpc/internal/transport/handler_server.go |    13 +-
 .../grpc/internal/transport/http2_client.go   |    56 +-
 .../grpc/internal/transport/http2_server.go   |    22 +-
 .../grpc/internal/transport/http_util.go      |    77 +-
 .../grpc/internal/transport/transport.go      |    19 +-
 .../google.golang.org/grpc/picker_wrapper.go  |    34 +-
 .../google.golang.org/grpc/pickfirst.go       |    88 +-
 .../google.golang.org/grpc/preloader.go       |     2 +-
 .../google.golang.org/grpc/resolver/map.go    |    10 +-
 .../grpc/resolver/resolver.go                 |    84 +-
 .../grpc/resolver_conn_wrapper.go             |    10 +-
 .../vendor/google.golang.org/grpc/rpc_util.go |    44 +-
 apis/vendor/google.golang.org/grpc/server.go  |   231 +-
 .../grpc/shared_buffer_pool.go                |   154 +
 .../google.golang.org/grpc/stats/stats.go     |    14 +-
 .../google.golang.org/grpc/status/status.go   |    14 +-
 apis/vendor/google.golang.org/grpc/stream.go  |   130 +-
 apis/vendor/google.golang.org/grpc/tap/tap.go |     6 +
 apis/vendor/google.golang.org/grpc/trace.go   |     6 +-
 apis/vendor/google.golang.org/grpc/version.go |     2 +-
 apis/vendor/google.golang.org/grpc/vet.sh     |    10 +-
 .../protobuf/encoding/protojson/encode.go     |    14 +-
 .../protobuf/encoding/prototext/encode.go     |    14 +-
 .../protobuf/internal/encoding/json/encode.go |    10 +-
 .../protobuf/internal/encoding/text/encode.go |    10 +-
 .../protobuf/internal/genid/descriptor_gen.go |    48 +
 .../protobuf/internal/genid/type_gen.go       |     6 +
 .../protobuf/internal/order/order.go          |     2 +-
 .../protobuf/internal/version/version.go      |     2 +-
 .../google.golang.org/protobuf/proto/size.go  |    10 +-
 .../reflect/protoreflect/source_gen.go        |    27 +
 .../types/descriptorpb/descriptor.pb.go       |  1011 +-
 .../protobuf/types/dynamicpb/types.go         |   177 +
 .../protobuf/types/known/anypb/any.pb.go      |    70 +-
 .../types/known/structpb/struct.pb.go         |     2 +-
 .../types/known/timestamppb/timestamp.pb.go   |     2 +-
 apis/vendor/modules.txt                       |    99 +-
 controller-utils/go.mod                       |    12 +-
 controller-utils/go.sum                       |    23 +-
 .../vendor/github.com/go-logr/logr/README.md  |   113 +-
 .../github.com/go-logr/logr/SECURITY.md       |    18 +
 .../vendor/github.com/go-logr/logr/logr.go    |    35 +-
 .../github.com/google/go-cmp/cmp/compare.go   |    38 +-
 .../github.com/google/go-cmp/cmp/export.go    |     5 -
 .../google/go-cmp/cmp/export_panic.go         |    16 -
 .../value/{pointer_unsafe.go => pointer.go}   |     3 -
 .../cmp/internal/value/pointer_purego.go      |    34 -
 .../github.com/google/go-cmp/cmp/options.go   |    84 +-
 .../github.com/google/go-cmp/cmp/path.go      |    46 +-
 .../google/go-cmp/cmp/report_reflect.go       |     2 +-
 .../vendor/github.com/google/uuid/.travis.yml |     9 -
 .../github.com/google/uuid/CHANGELOG.md       |    10 +
 .../github.com/google/uuid/CONTRIBUTING.md    |    16 +
 .../vendor/github.com/google/uuid/README.md   |    10 +-
 .../vendor/github.com/google/uuid/node_js.go  |     2 +-
 .../vendor/github.com/google/uuid/uuid.go     |    10 +-
 .../x/oauth2/internal/client_appengine.go     |     1 -
 .../golang.org/x/oauth2/internal/oauth2.go    |     2 +-
 .../golang.org/x/oauth2/internal/token.go     |    60 +-
 .../vendor/golang.org/x/oauth2/token.go       |    19 +-
 .../golang.org/x/sys/cpu/asm_aix_ppc64.s      |     1 -
 .../vendor/golang.org/x/sys/cpu/cpu_aix.go    |     1 -
 .../vendor/golang.org/x/sys/cpu/cpu_arm64.s   |     1 -
 .../golang.org/x/sys/cpu/cpu_gc_arm64.go      |     1 -
 .../golang.org/x/sys/cpu/cpu_gc_s390x.go      |     1 -
 .../vendor/golang.org/x/sys/cpu/cpu_gc_x86.go |     2 -
 .../golang.org/x/sys/cpu/cpu_gccgo_arm64.go   |     1 -
 .../golang.org/x/sys/cpu/cpu_gccgo_s390x.go   |     1 -
 .../golang.org/x/sys/cpu/cpu_gccgo_x86.c      |     2 -
 .../golang.org/x/sys/cpu/cpu_gccgo_x86.go     |     2 -
 .../vendor/golang.org/x/sys/cpu/cpu_linux.go  |     1 -
 .../golang.org/x/sys/cpu/cpu_linux_mips64x.go |     2 -
 .../golang.org/x/sys/cpu/cpu_linux_noinit.go  |     1 -
 .../golang.org/x/sys/cpu/cpu_linux_ppc64x.go  |     2 -
 .../golang.org/x/sys/cpu/cpu_loong64.go       |     1 -
 .../golang.org/x/sys/cpu/cpu_mips64x.go       |     1 -
 .../vendor/golang.org/x/sys/cpu/cpu_mipsx.go  |     1 -
 .../golang.org/x/sys/cpu/cpu_other_arm.go     |     1 -
 .../golang.org/x/sys/cpu/cpu_other_arm64.go   |     1 -
 .../golang.org/x/sys/cpu/cpu_other_mips64x.go |     2 -
 .../golang.org/x/sys/cpu/cpu_other_ppc64x.go  |     3 -
 .../golang.org/x/sys/cpu/cpu_other_riscv64.go |     1 -
 .../vendor/golang.org/x/sys/cpu/cpu_ppc64x.go |     1 -
 .../golang.org/x/sys/cpu/cpu_riscv64.go       |     1 -
 .../vendor/golang.org/x/sys/cpu/cpu_s390x.s   |     1 -
 .../vendor/golang.org/x/sys/cpu/cpu_wasm.go   |     1 -
 .../vendor/golang.org/x/sys/cpu/cpu_x86.go    |     1 -
 .../vendor/golang.org/x/sys/cpu/cpu_x86.s     |     2 -
 .../vendor/golang.org/x/sys/cpu/endian_big.go |     1 -
 .../golang.org/x/sys/cpu/endian_little.go     |     1 -
 .../x/sys/cpu/proc_cpuinfo_linux.go           |     1 -
 .../x/sys/cpu/runtime_auxv_go121.go           |     1 -
 .../golang.org/x/sys/cpu/syscall_aix_gccgo.go |     1 -
 .../x/sys/cpu/syscall_aix_ppc64_gc.go         |     1 -
 .../golang.org/x/sys/plan9/pwd_go15_plan9.go  |     1 -
 .../golang.org/x/sys/plan9/pwd_plan9.go       |     1 -
 .../vendor/golang.org/x/sys/plan9/race.go     |     1 -
 .../vendor/golang.org/x/sys/plan9/race0.go    |     1 -
 .../vendor/golang.org/x/sys/plan9/str.go      |     1 -
 .../vendor/golang.org/x/sys/plan9/syscall.go  |     1 -
 .../x/sys/plan9/zsyscall_plan9_386.go         |     1 -
 .../x/sys/plan9/zsyscall_plan9_amd64.go       |     1 -
 .../x/sys/plan9/zsyscall_plan9_arm.go         |     1 -
 .../vendor/golang.org/x/sys/unix/aliases.go   |     2 -
 .../golang.org/x/sys/unix/asm_aix_ppc64.s     |     1 -
 .../golang.org/x/sys/unix/asm_bsd_386.s       |     2 -
 .../golang.org/x/sys/unix/asm_bsd_amd64.s     |     2 -
 .../golang.org/x/sys/unix/asm_bsd_arm.s       |     2 -
 .../golang.org/x/sys/unix/asm_bsd_arm64.s     |     2 -
 .../golang.org/x/sys/unix/asm_bsd_ppc64.s     |     2 -
 .../golang.org/x/sys/unix/asm_bsd_riscv64.s   |     2 -
 .../golang.org/x/sys/unix/asm_linux_386.s     |     1 -
 .../golang.org/x/sys/unix/asm_linux_amd64.s   |     1 -
 .../golang.org/x/sys/unix/asm_linux_arm.s     |     1 -
 .../golang.org/x/sys/unix/asm_linux_arm64.s   |     3 -
 .../golang.org/x/sys/unix/asm_linux_loong64.s |     3 -
 .../golang.org/x/sys/unix/asm_linux_mips64x.s |     3 -
 .../golang.org/x/sys/unix/asm_linux_mipsx.s   |     3 -
 .../golang.org/x/sys/unix/asm_linux_ppc64x.s  |     3 -
 .../golang.org/x/sys/unix/asm_linux_riscv64.s |     2 -
 .../golang.org/x/sys/unix/asm_linux_s390x.s   |     3 -
 .../x/sys/unix/asm_openbsd_mips64.s           |     1 -
 .../golang.org/x/sys/unix/asm_solaris_amd64.s |     1 -
 .../golang.org/x/sys/unix/asm_zos_s390x.s     |     3 -
 .../golang.org/x/sys/unix/cap_freebsd.go      |     1 -
 .../vendor/golang.org/x/sys/unix/constants.go |     1 -
 .../golang.org/x/sys/unix/dev_aix_ppc.go      |     1 -
 .../golang.org/x/sys/unix/dev_aix_ppc64.go    |     1 -
 .../vendor/golang.org/x/sys/unix/dev_zos.go   |     1 -
 .../vendor/golang.org/x/sys/unix/dirent.go    |     1 -
 .../golang.org/x/sys/unix/endian_big.go       |     1 -
 .../golang.org/x/sys/unix/endian_little.go    |     1 -
 .../vendor/golang.org/x/sys/unix/env_unix.go  |     1 -
 .../vendor/golang.org/x/sys/unix/epoll_zos.go |     1 -
 .../vendor/golang.org/x/sys/unix/fcntl.go     |     1 -
 .../x/sys/unix/fcntl_linux_32bit.go           |     1 -
 .../vendor/golang.org/x/sys/unix/fdset.go     |     1 -
 .../golang.org/x/sys/unix/fstatfs_zos.go      |     1 -
 .../vendor/golang.org/x/sys/unix/gccgo.go     |     1 -
 .../vendor/golang.org/x/sys/unix/gccgo_c.c    |     1 -
 .../x/sys/unix/gccgo_linux_amd64.go           |     1 -
 .../golang.org/x/sys/unix/ifreq_linux.go      |     1 -
 .../golang.org/x/sys/unix/ioctl_signed.go     |     1 -
 .../golang.org/x/sys/unix/ioctl_unsigned.go   |     1 -
 .../vendor/golang.org/x/sys/unix/ioctl_zos.go |     1 -
 .../vendor/golang.org/x/sys/unix/mkerrors.sh  |     1 -
 .../golang.org/x/sys/unix/mmap_nomremap.go    |     1 -
 .../vendor/golang.org/x/sys/unix/mremap.go    |     1 -
 .../golang.org/x/sys/unix/pagesize_unix.go    |     1 -
 .../golang.org/x/sys/unix/pledge_openbsd.go   |    92 +-
 .../golang.org/x/sys/unix/ptrace_darwin.go    |     1 -
 .../golang.org/x/sys/unix/ptrace_ios.go       |     1 -
 .../vendor/golang.org/x/sys/unix/race.go      |     1 -
 .../vendor/golang.org/x/sys/unix/race0.go     |     1 -
 .../x/sys/unix/readdirent_getdents.go         |     1 -
 .../x/sys/unix/readdirent_getdirentries.go    |     1 -
 .../golang.org/x/sys/unix/sockcmsg_unix.go    |     1 -
 .../x/sys/unix/sockcmsg_unix_other.go         |     1 -
 .../vendor/golang.org/x/sys/unix/syscall.go   |     1 -
 .../golang.org/x/sys/unix/syscall_aix.go      |     4 +-
 .../golang.org/x/sys/unix/syscall_aix_ppc.go  |     1 -
 .../x/sys/unix/syscall_aix_ppc64.go           |     1 -
 .../golang.org/x/sys/unix/syscall_bsd.go      |     1 -
 .../x/sys/unix/syscall_darwin_amd64.go        |     1 -
 .../x/sys/unix/syscall_darwin_arm64.go        |     1 -
 .../x/sys/unix/syscall_darwin_libSystem.go    |     1 -
 .../x/sys/unix/syscall_dragonfly_amd64.go     |     1 -
 .../x/sys/unix/syscall_freebsd_386.go         |     1 -
 .../x/sys/unix/syscall_freebsd_amd64.go       |     1 -
 .../x/sys/unix/syscall_freebsd_arm.go         |     1 -
 .../x/sys/unix/syscall_freebsd_arm64.go       |     1 -
 .../x/sys/unix/syscall_freebsd_riscv64.go     |     1 -
 .../golang.org/x/sys/unix/syscall_hurd.go     |     1 -
 .../golang.org/x/sys/unix/syscall_hurd_386.go |     1 -
 .../golang.org/x/sys/unix/syscall_illumos.go  |     1 -
 .../golang.org/x/sys/unix/syscall_linux.go    |     5 +-
 .../x/sys/unix/syscall_linux_386.go           |     1 -
 .../x/sys/unix/syscall_linux_alarm.go         |     2 -
 .../x/sys/unix/syscall_linux_amd64.go         |     1 -
 .../x/sys/unix/syscall_linux_amd64_gc.go      |     1 -
 .../x/sys/unix/syscall_linux_arm.go           |     1 -
 .../x/sys/unix/syscall_linux_arm64.go         |     1 -
 .../golang.org/x/sys/unix/syscall_linux_gc.go |     1 -
 .../x/sys/unix/syscall_linux_gc_386.go        |     1 -
 .../x/sys/unix/syscall_linux_gc_arm.go        |     1 -
 .../x/sys/unix/syscall_linux_gccgo_386.go     |     1 -
 .../x/sys/unix/syscall_linux_gccgo_arm.go     |     1 -
 .../x/sys/unix/syscall_linux_loong64.go       |     1 -
 .../x/sys/unix/syscall_linux_mips64x.go       |     2 -
 .../x/sys/unix/syscall_linux_mipsx.go         |     2 -
 .../x/sys/unix/syscall_linux_ppc.go           |     1 -
 .../x/sys/unix/syscall_linux_ppc64x.go        |     2 -
 .../x/sys/unix/syscall_linux_riscv64.go       |     1 -
 .../x/sys/unix/syscall_linux_s390x.go         |     1 -
 .../x/sys/unix/syscall_linux_sparc64.go       |     1 -
 .../x/sys/unix/syscall_netbsd_386.go          |     1 -
 .../x/sys/unix/syscall_netbsd_amd64.go        |     1 -
 .../x/sys/unix/syscall_netbsd_arm.go          |     1 -
 .../x/sys/unix/syscall_netbsd_arm64.go        |     1 -
 .../golang.org/x/sys/unix/syscall_openbsd.go  |    14 +-
 .../x/sys/unix/syscall_openbsd_386.go         |     1 -
 .../x/sys/unix/syscall_openbsd_amd64.go       |     1 -
 .../x/sys/unix/syscall_openbsd_arm.go         |     1 -
 .../x/sys/unix/syscall_openbsd_arm64.go       |     1 -
 .../x/sys/unix/syscall_openbsd_libc.go        |     1 -
 .../x/sys/unix/syscall_openbsd_ppc64.go       |     1 -
 .../x/sys/unix/syscall_openbsd_riscv64.go     |     1 -
 .../golang.org/x/sys/unix/syscall_solaris.go  |     3 +-
 .../x/sys/unix/syscall_solaris_amd64.go       |     1 -
 .../golang.org/x/sys/unix/syscall_unix.go     |     1 -
 .../golang.org/x/sys/unix/syscall_unix_gc.go  |     2 -
 .../x/sys/unix/syscall_unix_gc_ppc64x.go      |     3 -
 .../x/sys/unix/syscall_zos_s390x.go           |     1 -
 .../golang.org/x/sys/unix/sysvshm_linux.go    |     1 -
 .../golang.org/x/sys/unix/sysvshm_unix.go     |     1 -
 .../x/sys/unix/sysvshm_unix_other.go          |     1 -
 .../golang.org/x/sys/unix/timestruct.go       |     1 -
 .../golang.org/x/sys/unix/unveil_openbsd.go   |    41 +-
 .../vendor/golang.org/x/sys/unix/xattr_bsd.go |     1 -
 .../golang.org/x/sys/unix/zerrors_aix_ppc.go  |     1 -
 .../x/sys/unix/zerrors_aix_ppc64.go           |     1 -
 .../x/sys/unix/zerrors_darwin_amd64.go        |     1 -
 .../x/sys/unix/zerrors_darwin_arm64.go        |     1 -
 .../x/sys/unix/zerrors_dragonfly_amd64.go     |     1 -
 .../x/sys/unix/zerrors_freebsd_386.go         |     1 -
 .../x/sys/unix/zerrors_freebsd_amd64.go       |     1 -
 .../x/sys/unix/zerrors_freebsd_arm.go         |     1 -
 .../x/sys/unix/zerrors_freebsd_arm64.go       |     1 -
 .../x/sys/unix/zerrors_freebsd_riscv64.go     |     1 -
 .../golang.org/x/sys/unix/zerrors_linux.go    |    14 +-
 .../x/sys/unix/zerrors_linux_386.go           |     1 -
 .../x/sys/unix/zerrors_linux_amd64.go         |     1 -
 .../x/sys/unix/zerrors_linux_arm.go           |     1 -
 .../x/sys/unix/zerrors_linux_arm64.go         |     1 -
 .../x/sys/unix/zerrors_linux_loong64.go       |     2 +-
 .../x/sys/unix/zerrors_linux_mips.go          |     1 -
 .../x/sys/unix/zerrors_linux_mips64.go        |     1 -
 .../x/sys/unix/zerrors_linux_mips64le.go      |     1 -
 .../x/sys/unix/zerrors_linux_mipsle.go        |     1 -
 .../x/sys/unix/zerrors_linux_ppc.go           |     1 -
 .../x/sys/unix/zerrors_linux_ppc64.go         |     1 -
 .../x/sys/unix/zerrors_linux_ppc64le.go       |     1 -
 .../x/sys/unix/zerrors_linux_riscv64.go       |     4 +-
 .../x/sys/unix/zerrors_linux_s390x.go         |     1 -
 .../x/sys/unix/zerrors_linux_sparc64.go       |     1 -
 .../x/sys/unix/zerrors_netbsd_386.go          |     1 -
 .../x/sys/unix/zerrors_netbsd_amd64.go        |     1 -
 .../x/sys/unix/zerrors_netbsd_arm.go          |     1 -
 .../x/sys/unix/zerrors_netbsd_arm64.go        |     1 -
 .../x/sys/unix/zerrors_openbsd_386.go         |     1 -
 .../x/sys/unix/zerrors_openbsd_amd64.go       |     1 -
 .../x/sys/unix/zerrors_openbsd_arm.go         |     1 -
 .../x/sys/unix/zerrors_openbsd_arm64.go       |     1 -
 .../x/sys/unix/zerrors_openbsd_mips64.go      |     1 -
 .../x/sys/unix/zerrors_openbsd_ppc64.go       |     1 -
 .../x/sys/unix/zerrors_openbsd_riscv64.go     |     1 -
 .../x/sys/unix/zerrors_solaris_amd64.go       |     1 -
 .../x/sys/unix/zerrors_zos_s390x.go           |     1 -
 .../x/sys/unix/zptrace_armnn_linux.go         |     2 -
 .../x/sys/unix/zptrace_mipsnn_linux.go        |     2 -
 .../x/sys/unix/zptrace_mipsnnle_linux.go      |     2 -
 .../x/sys/unix/zptrace_x86_linux.go           |     2 -
 .../golang.org/x/sys/unix/zsyscall_aix_ppc.go |     1 -
 .../x/sys/unix/zsyscall_aix_ppc64.go          |     1 -
 .../x/sys/unix/zsyscall_aix_ppc64_gc.go       |     1 -
 .../x/sys/unix/zsyscall_aix_ppc64_gccgo.go    |     1 -
 .../x/sys/unix/zsyscall_darwin_amd64.go       |     1 -
 .../x/sys/unix/zsyscall_darwin_arm64.go       |     1 -
 .../x/sys/unix/zsyscall_dragonfly_amd64.go    |     1 -
 .../x/sys/unix/zsyscall_freebsd_386.go        |     1 -
 .../x/sys/unix/zsyscall_freebsd_amd64.go      |     1 -
 .../x/sys/unix/zsyscall_freebsd_arm.go        |     1 -
 .../x/sys/unix/zsyscall_freebsd_arm64.go      |     1 -
 .../x/sys/unix/zsyscall_freebsd_riscv64.go    |     1 -
 .../x/sys/unix/zsyscall_illumos_amd64.go      |     1 -
 .../golang.org/x/sys/unix/zsyscall_linux.go   |    11 +-
 .../x/sys/unix/zsyscall_linux_386.go          |     1 -
 .../x/sys/unix/zsyscall_linux_amd64.go        |     1 -
 .../x/sys/unix/zsyscall_linux_arm.go          |     1 -
 .../x/sys/unix/zsyscall_linux_arm64.go        |     1 -
 .../x/sys/unix/zsyscall_linux_loong64.go      |     1 -
 .../x/sys/unix/zsyscall_linux_mips.go         |     1 -
 .../x/sys/unix/zsyscall_linux_mips64.go       |     1 -
 .../x/sys/unix/zsyscall_linux_mips64le.go     |     1 -
 .../x/sys/unix/zsyscall_linux_mipsle.go       |     1 -
 .../x/sys/unix/zsyscall_linux_ppc.go          |     1 -
 .../x/sys/unix/zsyscall_linux_ppc64.go        |     1 -
 .../x/sys/unix/zsyscall_linux_ppc64le.go      |     1 -
 .../x/sys/unix/zsyscall_linux_riscv64.go      |     1 -
 .../x/sys/unix/zsyscall_linux_s390x.go        |     1 -
 .../x/sys/unix/zsyscall_linux_sparc64.go      |     1 -
 .../x/sys/unix/zsyscall_netbsd_386.go         |     1 -
 .../x/sys/unix/zsyscall_netbsd_amd64.go       |     1 -
 .../x/sys/unix/zsyscall_netbsd_arm.go         |     1 -
 .../x/sys/unix/zsyscall_netbsd_arm64.go       |     1 -
 .../x/sys/unix/zsyscall_openbsd_386.go        |    46 +-
 .../x/sys/unix/zsyscall_openbsd_386.s         |    15 +
 .../x/sys/unix/zsyscall_openbsd_amd64.go      |    46 +-
 .../x/sys/unix/zsyscall_openbsd_amd64.s       |    15 +
 .../x/sys/unix/zsyscall_openbsd_arm.go        |    46 +-
 .../x/sys/unix/zsyscall_openbsd_arm.s         |    15 +
 .../x/sys/unix/zsyscall_openbsd_arm64.go      |    46 +-
 .../x/sys/unix/zsyscall_openbsd_arm64.s       |    15 +
 .../x/sys/unix/zsyscall_openbsd_mips64.go     |    46 +-
 .../x/sys/unix/zsyscall_openbsd_mips64.s      |    15 +
 .../x/sys/unix/zsyscall_openbsd_ppc64.go      |    46 +-
 .../x/sys/unix/zsyscall_openbsd_ppc64.s       |    18 +
 .../x/sys/unix/zsyscall_openbsd_riscv64.go    |    46 +-
 .../x/sys/unix/zsyscall_openbsd_riscv64.s     |    15 +
 .../x/sys/unix/zsyscall_solaris_amd64.go      |     1 -
 .../x/sys/unix/zsyscall_zos_s390x.go          |     1 -
 .../x/sys/unix/zsysctl_openbsd_386.go         |     1 -
 .../x/sys/unix/zsysctl_openbsd_amd64.go       |     1 -
 .../x/sys/unix/zsysctl_openbsd_arm.go         |     1 -
 .../x/sys/unix/zsysctl_openbsd_arm64.go       |     1 -
 .../x/sys/unix/zsysctl_openbsd_mips64.go      |     1 -
 .../x/sys/unix/zsysctl_openbsd_ppc64.go       |     1 -
 .../x/sys/unix/zsysctl_openbsd_riscv64.go     |     1 -
 .../x/sys/unix/zsysnum_darwin_amd64.go        |     1 -
 .../x/sys/unix/zsysnum_darwin_arm64.go        |     1 -
 .../x/sys/unix/zsysnum_dragonfly_amd64.go     |     1 -
 .../x/sys/unix/zsysnum_freebsd_386.go         |     1 -
 .../x/sys/unix/zsysnum_freebsd_amd64.go       |     1 -
 .../x/sys/unix/zsysnum_freebsd_arm.go         |     1 -
 .../x/sys/unix/zsysnum_freebsd_arm64.go       |     1 -
 .../x/sys/unix/zsysnum_freebsd_riscv64.go     |     1 -
 .../x/sys/unix/zsysnum_linux_386.go           |     2 +-
 .../x/sys/unix/zsysnum_linux_amd64.go         |     3 +-
 .../x/sys/unix/zsysnum_linux_arm.go           |     2 +-
 .../x/sys/unix/zsysnum_linux_arm64.go         |     2 +-
 .../x/sys/unix/zsysnum_linux_loong64.go       |     2 +-
 .../x/sys/unix/zsysnum_linux_mips.go          |     2 +-
 .../x/sys/unix/zsysnum_linux_mips64.go        |     2 +-
 .../x/sys/unix/zsysnum_linux_mips64le.go      |     2 +-
 .../x/sys/unix/zsysnum_linux_mipsle.go        |     2 +-
 .../x/sys/unix/zsysnum_linux_ppc.go           |     2 +-
 .../x/sys/unix/zsysnum_linux_ppc64.go         |     2 +-
 .../x/sys/unix/zsysnum_linux_ppc64le.go       |     2 +-
 .../x/sys/unix/zsysnum_linux_riscv64.go       |     2 +-
 .../x/sys/unix/zsysnum_linux_s390x.go         |     2 +-
 .../x/sys/unix/zsysnum_linux_sparc64.go       |     2 +-
 .../x/sys/unix/zsysnum_netbsd_386.go          |     1 -
 .../x/sys/unix/zsysnum_netbsd_amd64.go        |     1 -
 .../x/sys/unix/zsysnum_netbsd_arm.go          |     1 -
 .../x/sys/unix/zsysnum_netbsd_arm64.go        |     1 -
 .../x/sys/unix/zsysnum_openbsd_386.go         |     1 -
 .../x/sys/unix/zsysnum_openbsd_amd64.go       |     1 -
 .../x/sys/unix/zsysnum_openbsd_arm.go         |     1 -
 .../x/sys/unix/zsysnum_openbsd_arm64.go       |     1 -
 .../x/sys/unix/zsysnum_openbsd_mips64.go      |     1 -
 .../x/sys/unix/zsysnum_openbsd_ppc64.go       |     1 -
 .../x/sys/unix/zsysnum_openbsd_riscv64.go     |     1 -
 .../x/sys/unix/zsysnum_zos_s390x.go           |     1 -
 .../golang.org/x/sys/unix/ztypes_aix_ppc.go   |     1 -
 .../golang.org/x/sys/unix/ztypes_aix_ppc64.go |     1 -
 .../x/sys/unix/ztypes_darwin_amd64.go         |     1 -
 .../x/sys/unix/ztypes_darwin_arm64.go         |     1 -
 .../x/sys/unix/ztypes_dragonfly_amd64.go      |     1 -
 .../x/sys/unix/ztypes_freebsd_386.go          |     1 -
 .../x/sys/unix/ztypes_freebsd_amd64.go        |     1 -
 .../x/sys/unix/ztypes_freebsd_arm.go          |     1 -
 .../x/sys/unix/ztypes_freebsd_arm64.go        |     1 -
 .../x/sys/unix/ztypes_freebsd_riscv64.go      |     1 -
 .../golang.org/x/sys/unix/ztypes_linux.go     |    13 +-
 .../golang.org/x/sys/unix/ztypes_linux_386.go |     1 -
 .../x/sys/unix/ztypes_linux_amd64.go          |     1 -
 .../golang.org/x/sys/unix/ztypes_linux_arm.go |     1 -
 .../x/sys/unix/ztypes_linux_arm64.go          |     1 -
 .../x/sys/unix/ztypes_linux_loong64.go        |     1 -
 .../x/sys/unix/ztypes_linux_mips.go           |     1 -
 .../x/sys/unix/ztypes_linux_mips64.go         |     1 -
 .../x/sys/unix/ztypes_linux_mips64le.go       |     1 -
 .../x/sys/unix/ztypes_linux_mipsle.go         |     1 -
 .../golang.org/x/sys/unix/ztypes_linux_ppc.go |     1 -
 .../x/sys/unix/ztypes_linux_ppc64.go          |     1 -
 .../x/sys/unix/ztypes_linux_ppc64le.go        |     1 -
 .../x/sys/unix/ztypes_linux_riscv64.go        |     1 -
 .../x/sys/unix/ztypes_linux_s390x.go          |     1 -
 .../x/sys/unix/ztypes_linux_sparc64.go        |     1 -
 .../x/sys/unix/ztypes_netbsd_386.go           |     1 -
 .../x/sys/unix/ztypes_netbsd_amd64.go         |     1 -
 .../x/sys/unix/ztypes_netbsd_arm.go           |     1 -
 .../x/sys/unix/ztypes_netbsd_arm64.go         |     1 -
 .../x/sys/unix/ztypes_openbsd_386.go          |     1 -
 .../x/sys/unix/ztypes_openbsd_amd64.go        |     1 -
 .../x/sys/unix/ztypes_openbsd_arm.go          |     1 -
 .../x/sys/unix/ztypes_openbsd_arm64.go        |     1 -
 .../x/sys/unix/ztypes_openbsd_mips64.go       |     1 -
 .../x/sys/unix/ztypes_openbsd_ppc64.go        |     1 -
 .../x/sys/unix/ztypes_openbsd_riscv64.go      |     1 -
 .../x/sys/unix/ztypes_solaris_amd64.go        |     1 -
 .../golang.org/x/sys/unix/ztypes_zos_s390x.go |     1 -
 .../golang.org/x/sys/windows/aliases.go       |     1 -
 .../vendor/golang.org/x/sys/windows/empty.s   |     1 -
 .../golang.org/x/sys/windows/eventlog.go      |     1 -
 .../golang.org/x/sys/windows/mksyscall.go     |     1 -
 .../vendor/golang.org/x/sys/windows/race.go   |     1 -
 .../vendor/golang.org/x/sys/windows/race0.go  |     1 -
 .../golang.org/x/sys/windows/service.go       |     1 -
 .../vendor/golang.org/x/sys/windows/str.go    |     1 -
 .../golang.org/x/sys/windows/syscall.go       |     1 -
 .../x/sys/windows/syscall_windows.go          |     4 +-
 .../golang.org/x/sys/windows/types_windows.go |    28 +-
 .../x/sys/windows/zsyscall_windows.go         |     9 +
 .../protobuf/encoding/prototext/encode.go     |    14 +-
 .../protobuf/internal/encoding/text/encode.go |    10 +-
 .../protobuf/internal/genid/descriptor_gen.go |    48 +
 .../protobuf/internal/genid/type_gen.go       |     6 +
 .../protobuf/internal/order/order.go          |     2 +-
 .../protobuf/internal/version/version.go      |     2 +-
 .../google.golang.org/protobuf/proto/size.go  |    10 +-
 .../reflect/protoreflect/source_gen.go        |    27 +
 .../types/descriptorpb/descriptor.pb.go       |  1011 +-
 .../protobuf/types/known/anypb/any.pb.go      |    70 +-
 .../types/known/timestamppb/timestamp.pb.go   |     2 +-
 controller-utils/vendor/modules.txt           |    18 +-
 go.mod                                        |    16 +-
 go.sum                                        |    17 -
 .../Azure/azure-sdk-for-go/storage/README.md  |    23 -
 .../azure-sdk-for-go/storage/appendblob.go    |    79 -
 .../azure-sdk-for-go/storage/authorization.go |   235 -
 .../Azure/azure-sdk-for-go/storage/blob.go    |   621 -
 .../azure-sdk-for-go/storage/blobsasuri.go    |   168 -
 .../storage/blobserviceclient.go              |   175 -
 .../azure-sdk-for-go/storage/blockblob.go     |   300 -
 .../Azure/azure-sdk-for-go/storage/client.go  |  1061 -
 .../azure-sdk-for-go/storage/commonsasuri.go  |    27 -
 .../azure-sdk-for-go/storage/container.go     |   629 -
 .../azure-sdk-for-go/storage/copyblob.go      |   226 -
 .../azure-sdk-for-go/storage/directory.go     |   227 -
 .../Azure/azure-sdk-for-go/storage/entity.go  |   455 -
 .../Azure/azure-sdk-for-go/storage/file.go    |   473 -
 .../storage/fileserviceclient.go              |   327 -
 .../azure-sdk-for-go/storage/leaseblob.go     |   190 -
 .../Azure/azure-sdk-for-go/storage/message.go |   160 -
 .../Azure/azure-sdk-for-go/storage/odata.go   |    37 -
 .../azure-sdk-for-go/storage/pageblob.go      |   192 -
 .../Azure/azure-sdk-for-go/storage/queue.go   |   425 -
 .../azure-sdk-for-go/storage/queuesasuri.go   |   135 -
 .../storage/queueserviceclient.go             |    31 -
 .../Azure/azure-sdk-for-go/storage/share.go   |   205 -
 .../azure-sdk-for-go/storage/storagepolicy.go |    50 -
 .../storage/storageservice.go                 |   139 -
 .../Azure/azure-sdk-for-go/storage/table.go   |   412 -
 .../azure-sdk-for-go/storage/table_batch.go   |   314 -
 .../storage/tableserviceclient.go             |   193 -
 .../Azure/azure-sdk-for-go/storage/util.go    |   249 -
 .../Shopify/logrus-bugsnag/.travis.yml        |     4 -
 .../github.com/Shopify/logrus-bugsnag/LICENSE |    21 -
 .../Shopify/logrus-bugsnag/README.md          |    24 -
 .../Shopify/logrus-bugsnag/bugsnag.go         |    81 -
 .../github.com/Shopify/logrus-bugsnag/dev.yml |     8 -
 vendor/github.com/aws/aws-sdk-go/NOTICE.txt   |     3 -
 .../github.com/aws/aws-sdk-go/aws/arn/arn.go  |    93 -
 .../aws/aws-sdk-go/aws/awserr/error.go        |   164 -
 .../aws/aws-sdk-go/aws/awserr/types.go        |   221 -
 .../aws/aws-sdk-go/aws/awsutil/copy.go        |   108 -
 .../aws/aws-sdk-go/aws/awsutil/equal.go       |    27 -
 .../aws/aws-sdk-go/aws/awsutil/path_value.go  |   221 -
 .../aws/aws-sdk-go/aws/awsutil/prettify.go    |   123 -
 .../aws-sdk-go/aws/awsutil/string_value.go    |    90 -
 .../aws/aws-sdk-go/aws/client/client.go       |    94 -
 .../aws-sdk-go/aws/client/default_retryer.go  |   177 -
 .../aws/aws-sdk-go/aws/client/logger.go       |   206 -
 .../aws/client/metadata/client_info.go        |    15 -
 .../aws-sdk-go/aws/client/no_op_retryer.go    |    28 -
 .../github.com/aws/aws-sdk-go/aws/config.go   |   659 -
 .../aws/aws-sdk-go/aws/context_1_5.go         |    38 -
 .../aws/aws-sdk-go/aws/context_1_9.go         |    12 -
 .../aws-sdk-go/aws/context_background_1_5.go  |    23 -
 .../aws-sdk-go/aws/context_background_1_7.go  |    21 -
 .../aws/aws-sdk-go/aws/context_sleep.go       |    24 -
 .../aws/aws-sdk-go/aws/convert_types.go       |   918 -
 .../aws-sdk-go/aws/corehandlers/handlers.go   |   232 -
 .../aws/corehandlers/param_validator.go       |    17 -
 .../aws-sdk-go/aws/corehandlers/user_agent.go |    37 -
 .../aws/credentials/chain_provider.go         |   100 -
 .../credentials/context_background_go1.5.go   |    23 -
 .../credentials/context_background_go1.7.go   |    21 -
 .../aws/credentials/context_go1.5.go          |    40 -
 .../aws/credentials/context_go1.9.go          |    14 -
 .../aws-sdk-go/aws/credentials/credentials.go |   383 -
 .../ec2rolecreds/ec2_role_provider.go         |   188 -
 .../aws/credentials/endpointcreds/provider.go |   210 -
 .../aws/credentials/env_provider.go           |    74 -
 .../aws-sdk-go/aws/credentials/example.ini    |    12 -
 .../aws/credentials/processcreds/provider.go  |   438 -
 .../shared_credentials_provider.go            |   151 -
 .../aws/credentials/ssocreds/doc.go           |    60 -
 .../aws-sdk-go/aws/credentials/ssocreds/os.go |    10 -
 .../aws/credentials/ssocreds/os_windows.go    |     7 -
 .../aws/credentials/ssocreds/provider.go      |   180 -
 .../aws/credentials/static_provider.go        |    57 -
 .../stscreds/assume_role_provider.go          |   371 -
 .../stscreds/web_identity_provider.go         |   182 -
 .../github.com/aws/aws-sdk-go/aws/csm/doc.go  |    69 -
 .../aws/aws-sdk-go/aws/csm/enable.go          |    89 -
 .../aws/aws-sdk-go/aws/csm/metric.go          |   109 -
 .../aws/aws-sdk-go/aws/csm/metric_chan.go     |    55 -
 .../aws-sdk-go/aws/csm/metric_exception.go    |    26 -
 .../aws/aws-sdk-go/aws/csm/reporter.go        |   264 -
 .../aws/aws-sdk-go/aws/defaults/defaults.go   |   207 -
 .../aws-sdk-go/aws/defaults/shared_config.go  |    27 -
 vendor/github.com/aws/aws-sdk-go/aws/doc.go   |    56 -
 .../aws/aws-sdk-go/aws/ec2metadata/api.go     |   250 -
 .../aws/aws-sdk-go/aws/ec2metadata/service.go |   245 -
 .../aws/ec2metadata/token_provider.go         |    96 -
 .../aws/aws-sdk-go/aws/endpoints/decode.go    |   193 -
 .../aws/aws-sdk-go/aws/endpoints/defaults.go  | 40212 ---------------
 .../aws/endpoints/dep_service_ids.go          |   141 -
 .../aws/aws-sdk-go/aws/endpoints/doc.go       |    65 -
 .../aws/aws-sdk-go/aws/endpoints/endpoints.go |   708 -
 .../aws/endpoints/legacy_regions.go           |    24 -
 .../aws/aws-sdk-go/aws/endpoints/v3model.go   |   594 -
 .../aws/endpoints/v3model_codegen.go          |   412 -
 .../github.com/aws/aws-sdk-go/aws/errors.go   |    13 -
 .../aws/aws-sdk-go/aws/jsonvalue.go           |    12 -
 .../github.com/aws/aws-sdk-go/aws/logger.go   |   121 -
 .../aws/request/connection_reset_error.go     |    19 -
 .../aws/aws-sdk-go/aws/request/handlers.go    |   346 -
 .../aws-sdk-go/aws/request/http_request.go    |    24 -
 .../aws-sdk-go/aws/request/offset_reader.go   |    65 -
 .../aws/aws-sdk-go/aws/request/request.go     |   722 -
 .../aws/aws-sdk-go/aws/request/request_1_7.go |    40 -
 .../aws/aws-sdk-go/aws/request/request_1_8.go |    37 -
 .../aws-sdk-go/aws/request/request_context.go |    15 -
 .../aws/request/request_context_1_6.go        |    15 -
 .../aws/request/request_pagination.go         |   266 -
 .../aws/aws-sdk-go/aws/request/retryer.go     |   309 -
 .../aws/request/timeout_read_closer.go        |    94 -
 .../aws/aws-sdk-go/aws/request/validation.go  |   286 -
 .../aws/aws-sdk-go/aws/request/waiter.go      |   295 -
 .../aws/aws-sdk-go/aws/session/credentials.go |   303 -
 .../aws/session/custom_transport.go           |    28 -
 .../aws/session/custom_transport_go1.12.go    |    27 -
 .../aws/session/custom_transport_go1.5.go     |    23 -
 .../aws/session/custom_transport_go1.6.go     |    24 -
 .../aws/aws-sdk-go/aws/session/doc.go         |   367 -
 .../aws/aws-sdk-go/aws/session/env_config.go  |   471 -
 .../aws/aws-sdk-go/aws/session/session.go     |   997 -
 .../aws-sdk-go/aws/session/shared_config.go   |   729 -
 .../aws-sdk-go/aws/signer/v4/header_rules.go  |    81 -
 .../aws/aws-sdk-go/aws/signer/v4/options.go   |     7 -
 .../aws/signer/v4/request_context_go1.5.go    |    14 -
 .../aws/signer/v4/request_context_go1.7.go    |    14 -
 .../aws/aws-sdk-go/aws/signer/v4/stream.go    |    63 -
 .../aws/aws-sdk-go/aws/signer/v4/uri_path.go  |    25 -
 .../aws/aws-sdk-go/aws/signer/v4/v4.go        |   855 -
 vendor/github.com/aws/aws-sdk-go/aws/types.go |   264 -
 vendor/github.com/aws/aws-sdk-go/aws/url.go   |    13 -
 .../github.com/aws/aws-sdk-go/aws/url_1_7.go  |    30 -
 .../github.com/aws/aws-sdk-go/aws/version.go  |     8 -
 .../internal/context/background_go1.5.go      |    41 -
 .../aws/aws-sdk-go/internal/ini/ast.go        |   120 -
 .../aws-sdk-go/internal/ini/comma_token.go    |    11 -
 .../aws-sdk-go/internal/ini/comment_token.go  |    35 -
 .../aws/aws-sdk-go/internal/ini/doc.go        |    42 -
 .../aws-sdk-go/internal/ini/empty_token.go    |     4 -
 .../aws/aws-sdk-go/internal/ini/expression.go |    24 -
 .../aws/aws-sdk-go/internal/ini/fuzz.go       |    18 -
 .../aws/aws-sdk-go/internal/ini/ini.go        |    51 -
 .../aws/aws-sdk-go/internal/ini/ini_lexer.go  |   165 -
 .../aws/aws-sdk-go/internal/ini/ini_parser.go |   350 -
 .../aws-sdk-go/internal/ini/literal_tokens.go |   340 -
 .../aws-sdk-go/internal/ini/newline_token.go  |    30 -
 .../aws-sdk-go/internal/ini/number_helper.go  |   152 -
 .../aws/aws-sdk-go/internal/ini/op_tokens.go  |    39 -
 .../aws-sdk-go/internal/ini/parse_error.go    |    43 -
 .../aws-sdk-go/internal/ini/parse_stack.go    |    60 -
 .../aws/aws-sdk-go/internal/ini/sep_tokens.go |    41 -
 .../aws/aws-sdk-go/internal/ini/skipper.go    |    45 -
 .../aws/aws-sdk-go/internal/ini/statement.go  |    35 -
 .../aws/aws-sdk-go/internal/ini/value_util.go |   284 -
 .../aws/aws-sdk-go/internal/ini/visitor.go    |   169 -
 .../aws/aws-sdk-go/internal/ini/walker.go     |    25 -
 .../aws/aws-sdk-go/internal/ini/ws_token.go   |    24 -
 .../internal/s3shared/arn/accesspoint_arn.go  |    50 -
 .../aws-sdk-go/internal/s3shared/arn/arn.go   |    94 -
 .../internal/s3shared/arn/outpost_arn.go      |   126 -
 .../s3shared/arn/s3_object_lambda_arn.go      |    15 -
 .../internal/s3shared/endpoint_errors.go      |   202 -
 .../internal/s3shared/resource_request.go     |    45 -
 .../internal/s3shared/s3err/error.go          |    57 -
 .../aws/aws-sdk-go/internal/sdkio/byte.go     |    12 -
 .../aws/aws-sdk-go/internal/sdkio/io_go1.6.go |    11 -
 .../aws/aws-sdk-go/internal/sdkio/io_go1.7.go |    13 -
 .../aws/aws-sdk-go/internal/sdkmath/floor.go  |    16 -
 .../internal/sdkmath/floor_go1.9.go           |    57 -
 .../internal/sdkrand/locked_source.go         |    29 -
 .../aws/aws-sdk-go/internal/sdkrand/read.go   |    12 -
 .../aws-sdk-go/internal/sdkrand/read_1_5.go   |    25 -
 .../aws/aws-sdk-go/internal/sdkuri/path.go    |    23 -
 .../internal/shareddefaults/ecs_container.go  |    12 -
 .../internal/shareddefaults/shared_config.go  |    46 -
 .../shared_config_resolve_home.go             |    18 -
 .../shared_config_resolve_home_go1.12.go      |    13 -
 .../aws-sdk-go/internal/strings/strings.go    |    11 -
 .../internal/sync/singleflight/LICENSE        |    27 -
 .../sync/singleflight/singleflight.go         |   120 -
 .../private/checksum/content_md5.go           |    53 -
 .../private/protocol/eventstream/debug.go     |   144 -
 .../private/protocol/eventstream/decode.go    |   216 -
 .../private/protocol/eventstream/encode.go    |   162 -
 .../private/protocol/eventstream/error.go     |    23 -
 .../eventstream/eventstreamapi/error.go       |    81 -
 .../eventstream/eventstreamapi/reader.go      |   173 -
 .../eventstream/eventstreamapi/shared.go      |    23 -
 .../eventstream/eventstreamapi/signer.go      |   123 -
 .../eventstreamapi/stream_writer.go           |   129 -
 .../eventstream/eventstreamapi/transport.go   |    10 -
 .../eventstreamapi/transport_go1.17.go        |    19 -
 .../eventstream/eventstreamapi/writer.go      |    63 -
 .../private/protocol/eventstream/header.go    |   175 -
 .../protocol/eventstream/header_value.go      |   506 -
 .../private/protocol/eventstream/message.go   |   117 -
 .../aws/aws-sdk-go/private/protocol/host.go   |   104 -
 .../private/protocol/host_prefix.go           |    54 -
 .../private/protocol/idempotency.go           |    75 -
 .../private/protocol/json/jsonutil/build.go   |   309 -
 .../protocol/json/jsonutil/unmarshal.go       |   317 -
 .../private/protocol/jsonrpc/jsonrpc.go       |    87 -
 .../protocol/jsonrpc/unmarshal_error.go       |   160 -
 .../aws-sdk-go/private/protocol/jsonvalue.go  |    76 -
 .../aws-sdk-go/private/protocol/payload.go    |    81 -
 .../aws-sdk-go/private/protocol/protocol.go   |    49 -
 .../private/protocol/query/build.go           |    36 -
 .../protocol/query/queryutil/queryutil.go     |   276 -
 .../private/protocol/query/unmarshal.go       |    39 -
 .../private/protocol/query/unmarshal_error.go |    70 -
 .../aws-sdk-go/private/protocol/rest/build.go |   349 -
 .../private/protocol/rest/payload.go          |    54 -
 .../private/protocol/rest/unmarshal.go        |   276 -
 .../private/protocol/restjson/restjson.go     |    59 -
 .../protocol/restjson/unmarshal_error.go      |   157 -
 .../private/protocol/restxml/restxml.go       |    79 -
 .../aws-sdk-go/private/protocol/timestamp.go  |   134 -
 .../aws-sdk-go/private/protocol/unmarshal.go  |    27 -
 .../private/protocol/unmarshal_error.go       |    65 -
 .../private/protocol/xml/xmlutil/build.go     |   345 -
 .../private/protocol/xml/xmlutil/sort.go      |    32 -
 .../private/protocol/xml/xmlutil/unmarshal.go |   311 -
 .../protocol/xml/xmlutil/xml_to_struct.go     |   173 -
 .../service/cloudfront/sign/policy.go         |   238 -
 .../cloudfront/sign/policy_json_1_6.go        |    15 -
 .../cloudfront/sign/policy_json_1_7.go        |    17 -
 .../service/cloudfront/sign/privkey.go        |    68 -
 .../service/cloudfront/sign/randomreader.go   |    30 -
 .../service/cloudfront/sign/sign_cookie.go    |   243 -
 .../service/cloudfront/sign/sign_url.go       |   202 -
 .../aws/aws-sdk-go/service/s3/api.go          | 42420 ----------------
 .../aws/aws-sdk-go/service/s3/body_hash.go    |   202 -
 .../aws-sdk-go/service/s3/bucket_location.go  |   107 -
 .../aws-sdk-go/service/s3/customizations.go   |    89 -
 .../aws/aws-sdk-go/service/s3/doc.go          |    26 -
 .../aws/aws-sdk-go/service/s3/doc_custom.go   |   109 -
 .../aws/aws-sdk-go/service/s3/endpoint.go     |   298 -
 .../aws-sdk-go/service/s3/endpoint_builder.go |   239 -
 .../aws/aws-sdk-go/service/s3/errors.go       |    60 -
 .../service/s3/host_style_bucket.go           |   136 -
 .../service/s3/platform_handlers.go           |     9 -
 .../service/s3/platform_handlers_go1.6.go     |    29 -
 .../aws/aws-sdk-go/service/s3/service.go      |   108 -
 .../aws/aws-sdk-go/service/s3/sse.go          |    84 -
 .../aws-sdk-go/service/s3/statusok_error.go   |    47 -
 .../aws-sdk-go/service/s3/unmarshal_error.go  |   114 -
 .../aws/aws-sdk-go/service/s3/waiters.go      |   214 -
 .../aws/aws-sdk-go/service/sso/api.go         |  1367 -
 .../aws/aws-sdk-go/service/sso/doc.go         |    45 -
 .../aws/aws-sdk-go/service/sso/errors.go      |    44 -
 .../aws/aws-sdk-go/service/sso/service.go     |   106 -
 .../service/sso/ssoiface/interface.go         |    86 -
 .../aws/aws-sdk-go/service/sts/api.go         |  3464 --
 .../aws-sdk-go/service/sts/customizations.go  |    11 -
 .../aws/aws-sdk-go/service/sts/doc.go         |    31 -
 .../aws/aws-sdk-go/service/sts/errors.go      |    84 -
 .../aws/aws-sdk-go/service/sts/service.go     |   104 -
 .../service/sts/stsiface/interface.go         |    96 -
 .../logrus-logstash-hook/.gitignore           |    26 -
 .../logrus-logstash-hook/.travis.yml          |    16 -
 .../logrus-logstash-hook/CHANGELOG.md         |    24 -
 .../logrus-logstash-hook/LICENSE              |    21 -
 .../logrus-logstash-hook/README.md            |    58 -
 .../logrus-logstash-hook/hook.go              |   126 -
 .../github.com/bugsnag/bugsnag-go/.travis.yml |    13 -
 .../bugsnag/bugsnag-go/CHANGELOG.md           |    22 -
 .../bugsnag/bugsnag-go/CONTRIBUTING.md        |    78 -
 .../github.com/bugsnag/bugsnag-go/LICENSE.txt |    20 -
 vendor/github.com/bugsnag/bugsnag-go/Makefile |     2 -
 .../github.com/bugsnag/bugsnag-go/README.md   |   522 -
 .../bugsnag/bugsnag-go/appengine.go           |    81 -
 .../github.com/bugsnag/bugsnag-go/bugsnag.go  |   131 -
 .../bugsnag/bugsnag-go/configuration.go       |   161 -
 vendor/github.com/bugsnag/bugsnag-go/doc.go   |    69 -
 .../bugsnag/bugsnag-go/errors/README.md       |     6 -
 .../bugsnag/bugsnag-go/errors/error.go        |    90 -
 .../bugsnag/bugsnag-go/errors/parse_panic.go  |   127 -
 .../bugsnag/bugsnag-go/errors/stackframe.go   |    97 -
 vendor/github.com/bugsnag/bugsnag-go/event.go |   143 -
 .../bugsnag/bugsnag-go/json_tags.go           |    43 -
 .../github.com/bugsnag/bugsnag-go/metadata.go |   189 -
 .../bugsnag/bugsnag-go/middleware.go          |    96 -
 .../github.com/bugsnag/bugsnag-go/notifier.go |    95 -
 .../bugsnag/bugsnag-go/panicwrap.go           |    27 -
 .../github.com/bugsnag/bugsnag-go/payload.go  |    96 -
 vendor/github.com/bugsnag/osext/LICENSE       |    20 -
 vendor/github.com/bugsnag/osext/osext.go      |    32 -
 .../github.com/bugsnag/osext/osext_plan9.go   |    16 -
 .../github.com/bugsnag/osext/osext_procfs.go  |    25 -
 .../github.com/bugsnag/osext/osext_sysctl.go  |    64 -
 .../github.com/bugsnag/osext/osext_windows.go |    34 -
 vendor/github.com/bugsnag/panicwrap/LICENSE   |    21 -
 vendor/github.com/bugsnag/panicwrap/README.md |   101 -
 vendor/github.com/bugsnag/panicwrap/dup2.go   |    11 -
 vendor/github.com/bugsnag/panicwrap/dup3.go   |    11 -
 .../github.com/bugsnag/panicwrap/monitor.go   |    62 -
 .../bugsnag/panicwrap/monitor_windows.go      |     7 -
 .../github.com/bugsnag/panicwrap/panicwrap.go |   339 -
 .../denverdino/aliyungo/LICENSE.txt           |   191 -
 .../denverdino/aliyungo/common/client.go      |   550 -
 .../denverdino/aliyungo/common/endpoint.go    |   208 -
 .../denverdino/aliyungo/common/endpoints.xml  |  1370 -
 .../denverdino/aliyungo/common/regions.go     |    55 -
 .../denverdino/aliyungo/common/request.go     |   105 -
 .../denverdino/aliyungo/common/types.go       |   107 -
 .../denverdino/aliyungo/common/version.go     |     3 -
 .../aliyungo/oss/authenticate_callback.go     |    88 -
 .../denverdino/aliyungo/oss/client.go         |  1421 -
 .../denverdino/aliyungo/oss/export.go         |    23 -
 .../denverdino/aliyungo/oss/multi.go          |   489 -
 .../denverdino/aliyungo/oss/regions.go        |    80 -
 .../denverdino/aliyungo/oss/signature.go      |   125 -
 .../denverdino/aliyungo/util/attempt.go       |    76 -
 .../denverdino/aliyungo/util/encoding.go      |   331 -
 .../denverdino/aliyungo/util/iso6801.go       |    80 -
 .../denverdino/aliyungo/util/signature.go     |    39 -
 .../denverdino/aliyungo/util/util.go          |   185 -
 .../distribution/reference/.gitattributes     |     1 -
 .../distribution/reference/.gitignore         |     2 -
 .../distribution/reference/.golangci.yml      |    18 -
 .../distribution/reference/CODE-OF-CONDUCT.md |     5 -
 .../distribution/reference/CONTRIBUTING.md    |   114 -
 .../distribution/reference/GOVERNANCE.md      |   144 -
 .../github.com/distribution/reference/LICENSE |   202 -
 .../distribution/reference/MAINTAINERS        |    26 -
 .../distribution/reference/Makefile           |    25 -
 .../distribution/reference/README.md          |    30 -
 .../distribution/reference/SECURITY.md        |     7 -
 .../reference/distribution-logo.svg           |     1 -
 .../distribution/reference/helpers.go         |    42 -
 .../distribution/reference/normalize.go       |   224 -
 .../distribution/reference/reference.go       |   436 -
 .../distribution/reference/regexp.go          |   163 -
 .../github.com/distribution/reference/sort.go |    75 -
 .../configuration/configuration.go            |   706 -
 .../distribution/configuration/parser.go      |   283 -
 .../docker/distribution/context/context.go    |    73 -
 .../docker/distribution/context/doc.go        |    88 -
 .../docker/distribution/context/http.go       |   333 -
 .../docker/distribution/context/logger.go     |   121 -
 .../docker/distribution/context/trace.go      |   105 -
 .../docker/distribution/context/util.go       |    25 -
 .../docker/distribution/context/version.go    |    22 -
 .../distribution/health/checks/checks.go      |    73 -
 .../docker/distribution/health/doc.go         |   136 -
 .../docker/distribution/health/health.go      |   306 -
 .../manifest/schema1/config_builder.go        |   287 -
 .../distribution/manifest/schema1/manifest.go |   184 -
 .../manifest/schema1/reference_builder.go     |    98 -
 .../distribution/manifest/schema1/sign.go     |    68 -
 .../distribution/manifest/schema1/verify.go   |    32 -
 .../distribution/notifications/bridge.go      |   225 -
 .../distribution/notifications/endpoint.go    |    97 -
 .../distribution/notifications/event.go       |   163 -
 .../docker/distribution/notifications/http.go |   149 -
 .../distribution/notifications/listener.go    |   263 -
 .../distribution/notifications/metrics.go     |   152 -
 .../distribution/notifications/sinks.go       |   387 -
 .../docker/distribution/registry/auth/auth.go |   200 -
 .../registry/auth/htpasswd/access.go          |   160 -
 .../registry/auth/htpasswd/htpasswd.go        |    82 -
 .../registry/auth/silly/access.go             |   102 -
 .../registry/auth/token/accesscontroller.go   |   293 -
 .../registry/auth/token/stringset.go          |    35 -
 .../distribution/registry/auth/token/token.go |   380 -
 .../distribution/registry/auth/token/util.go  |    58 -
 .../docker/distribution/registry/doc.go       |     2 -
 .../distribution/registry/handlers/app.go     |  1080 -
 .../registry/handlers/basicauth.go            |    12 -
 .../registry/handlers/basicauth_prego14.go    |    42 -
 .../distribution/registry/handlers/blob.go    |    99 -
 .../registry/handlers/blobupload.go           |   368 -
 .../distribution/registry/handlers/catalog.go |   126 -
 .../distribution/registry/handlers/context.go |    95 -
 .../distribution/registry/handlers/helpers.go |    66 -
 .../distribution/registry/handlers/hmac.go    |    74 -
 .../distribution/registry/handlers/hooks.go   |    53 -
 .../distribution/registry/handlers/mail.go    |    45 -
 .../registry/handlers/manifests.go            |   531 -
 .../distribution/registry/handlers/tags.go    |    62 -
 .../registry/listener/listener.go             |    74 -
 .../middleware/registry/middleware.go         |    54 -
 .../middleware/repository/middleware.go       |    40 -
 .../distribution/registry/proxy/proxyauth.go  |    83 -
 .../registry/proxy/proxyblobstore.go          |   221 -
 .../registry/proxy/proxymanifeststore.go      |    96 -
 .../registry/proxy/proxymetrics.go            |    74 -
 .../registry/proxy/proxyregistry.go           |   263 -
 .../registry/proxy/proxytagservice.go         |    66 -
 .../registry/proxy/scheduler/scheduler.go     |   260 -
 .../docker/distribution/registry/registry.go  |   497 -
 .../docker/distribution/registry/root.go      |    89 -
 .../registry/storage/blobcachemetrics.go      |    66 -
 .../registry/storage/blobserver.go            |    78 -
 .../registry/storage/blobstore.go             |   212 -
 .../registry/storage/blobwriter.go            |   406 -
 .../storage/blobwriter_nonresumable.go        |    18 -
 .../registry/storage/blobwriter_resumable.go  |   145 -
 .../storage/cache/cachecheck/suite.go         |   179 -
 .../registry/storage/cache/redis/redis.go     |   268 -
 .../distribution/registry/storage/catalog.go  |   159 -
 .../distribution/registry/storage/doc.go      |     3 -
 .../registry/storage/driver/azure/azure.go    |   532 -
 .../registry/storage/driver/base/base.go      |   240 -
 .../registry/storage/driver/base/regulator.go |   184 -
 .../storage/driver/factory/factory.go         |    64 -
 .../registry/storage/driver/fileinfo.go       |    79 -
 .../storage/driver/filesystem/driver.go       |   420 -
 .../registry/storage/driver/gcs/doc.go        |     3 -
 .../registry/storage/driver/gcs/gcs.go        |   931 -
 .../storage/driver/inmemory/driver.go         |   322 -
 .../registry/storage/driver/inmemory/mfs.go   |   327 -
 .../middleware/cloudfront/middleware.go       |   211 -
 .../driver/middleware/cloudfront/s3filter.go  |   223 -
 .../driver/middleware/redirect/middleware.go  |    50 -
 .../driver/middleware/storagemiddleware.go    |    39 -
 .../registry/storage/driver/oss/doc.go        |     3 -
 .../registry/storage/driver/oss/oss.go        |   695 -
 .../registry/storage/driver/s3-aws/s3.go      |  1371 -
 .../storage/driver/s3-aws/s3_v2_signer.go     |   216 -
 .../registry/storage/driver/storagedriver.go  |   171 -
 .../registry/storage/driver/swift/swift.go    |   934 -
 .../storage/driver/testdriver/testdriver.go   |    72 -
 .../storage/driver/testsuites/testsuites.go   |  1272 -
 .../registry/storage/driver/walk.go           |    61 -
 .../distribution/registry/storage/error.go    |     9 -
 .../registry/storage/filereader.go            |   176 -
 .../registry/storage/garbagecollect.go        |   152 -
 .../distribution/registry/storage/io.go       |    72 -
 .../registry/storage/linkedblobstore.go       |   465 -
 .../registry/storage/manifestlisthandler.go   |    96 -
 .../registry/storage/manifeststore.go         |   161 -
 .../registry/storage/ocimanifesthandler.go    |   133 -
 .../distribution/registry/storage/paths.go    |   476 -
 .../registry/storage/purgeuploads.go          |   139 -
 .../distribution/registry/storage/registry.go |   336 -
 .../storage/schema2manifesthandler.go         |   139 -
 .../registry/storage/signedmanifesthandler.go |   142 -
 .../distribution/registry/storage/tagstore.go |   179 -
 .../registry/storage/v1unsupportedhandler.go  |    23 -
 .../distribution/registry/storage/vacuum.go   |   102 -
 .../docker/distribution/testutil/handler.go   |   148 -
 .../docker/distribution/testutil/manifests.go |    87 -
 .../docker/distribution/testutil/tarfile.go   |   114 -
 .../docker/distribution/version/print.go      |    25 -
 .../docker/distribution/version/version.go    |    15 -
 .../docker/distribution/version/version.sh    |    26 -
 .../docker/libtrust/CONTRIBUTING.md           |    13 -
 vendor/github.com/docker/libtrust/LICENSE     |   191 -
 vendor/github.com/docker/libtrust/MAINTAINERS |     3 -
 vendor/github.com/docker/libtrust/README.md   |    22 -
 .../docker/libtrust/certificates.go           |   175 -
 vendor/github.com/docker/libtrust/doc.go      |     9 -
 vendor/github.com/docker/libtrust/ec_key.go   |   428 -
 vendor/github.com/docker/libtrust/filter.go   |    50 -
 vendor/github.com/docker/libtrust/hash.go     |    56 -
 vendor/github.com/docker/libtrust/jsonsign.go |   657 -
 vendor/github.com/docker/libtrust/key.go      |   253 -
 .../github.com/docker/libtrust/key_files.go   |   255 -
 .../github.com/docker/libtrust/key_manager.go |   175 -
 vendor/github.com/docker/libtrust/rsa_key.go  |   427 -
 vendor/github.com/docker/libtrust/util.go     |   363 -
 .../github.com/felixge/httpsnoop/.gitignore   |     0
 .../github.com/felixge/httpsnoop/.travis.yml  |     6 -
 .../github.com/felixge/httpsnoop/LICENSE.txt  |    19 -
 vendor/github.com/felixge/httpsnoop/Makefile  |    10 -
 vendor/github.com/felixge/httpsnoop/README.md |    95 -
 .../felixge/httpsnoop/capture_metrics.go      |    86 -
 vendor/github.com/felixge/httpsnoop/docs.go   |    10 -
 .../httpsnoop/wrap_generated_gteq_1.8.go      |   436 -
 .../httpsnoop/wrap_generated_lt_1.8.go        |   278 -
 .../garyburd/redigo/internal/commandinfo.go   |    45 -
 .../github.com/garyburd/redigo/redis/conn.go  |   455 -
 .../github.com/garyburd/redigo/redis/doc.go   |   169 -
 .../github.com/garyburd/redigo/redis/log.go   |   117 -
 .../github.com/garyburd/redigo/redis/pool.go  |   389 -
 .../garyburd/redigo/redis/pubsub.go           |   129 -
 .../github.com/garyburd/redigo/redis/redis.go |    44 -
 .../github.com/garyburd/redigo/redis/reply.go |   312 -
 .../github.com/garyburd/redigo/redis/scan.go  |   513 -
 .../garyburd/redigo/redis/script.go           |    86 -
 vendor/github.com/gofrs/uuid/.gitignore       |    15 -
 vendor/github.com/gofrs/uuid/LICENSE          |    20 -
 vendor/github.com/gofrs/uuid/README.md        |   117 -
 vendor/github.com/gofrs/uuid/codec.go         |   234 -
 vendor/github.com/gofrs/uuid/fuzz.go          |    48 -
 vendor/github.com/gofrs/uuid/generator.go     |   456 -
 vendor/github.com/gofrs/uuid/sql.go           |   116 -
 vendor/github.com/gofrs/uuid/uuid.go          |   285 -
 .../gax-go/v2/.release-please-manifest.json   |     3 -
 .../googleapis/gax-go/v2/CHANGES.md           |    99 -
 .../github.com/googleapis/gax-go/v2/LICENSE   |    27 -
 .../googleapis/gax-go/v2/apierror/apierror.go |   361 -
 .../v2/apierror/internal/proto/README.md      |    30 -
 .../internal/proto/custom_error.pb.go         |   256 -
 .../internal/proto/custom_error.proto         |    50 -
 .../v2/apierror/internal/proto/error.pb.go    |   280 -
 .../v2/apierror/internal/proto/error.proto    |    46 -
 .../googleapis/gax-go/v2/call_option.go       |   265 -
 .../googleapis/gax-go/v2/content_type.go      |   112 -
 vendor/github.com/googleapis/gax-go/v2/gax.go |    41 -
 .../github.com/googleapis/gax-go/v2/header.go |   119 -
 .../googleapis/gax-go/v2/internal/version.go  |    33 -
 .../github.com/googleapis/gax-go/v2/invoke.go |   114 -
 .../googleapis/gax-go/v2/proto_json_stream.go |   126 -
 .../gax-go/v2/release-please-config.json      |    10 -
 vendor/github.com/gorilla/handlers/LICENSE    |    22 -
 vendor/github.com/gorilla/handlers/README.md  |    56 -
 .../github.com/gorilla/handlers/canonical.go  |    74 -
 .../github.com/gorilla/handlers/compress.go   |   143 -
 vendor/github.com/gorilla/handlers/cors.go    |   355 -
 vendor/github.com/gorilla/handlers/doc.go     |     9 -
 .../github.com/gorilla/handlers/handlers.go   |   147 -
 vendor/github.com/gorilla/handlers/logging.go |   244 -
 .../gorilla/handlers/proxy_headers.go         |   120 -
 .../github.com/gorilla/handlers/recovery.go   |    96 -
 vendor/github.com/kr/pretty/.gitignore        |     5 -
 vendor/github.com/kr/pretty/License           |    19 -
 vendor/github.com/kr/pretty/Readme            |     9 -
 vendor/github.com/kr/pretty/diff.go           |   295 -
 vendor/github.com/kr/pretty/formatter.go      |   355 -
 vendor/github.com/kr/pretty/pretty.go         |   108 -
 vendor/github.com/kr/pretty/zero.go           |    41 -
 vendor/github.com/kr/text/License             |    19 -
 vendor/github.com/kr/text/Readme              |     3 -
 vendor/github.com/kr/text/doc.go              |     3 -
 vendor/github.com/kr/text/indent.go           |    74 -
 vendor/github.com/kr/text/wrap.go             |    86 -
 vendor/github.com/ncw/swift/.gitignore        |     4 -
 vendor/github.com/ncw/swift/.travis.yml       |    33 -
 vendor/github.com/ncw/swift/COPYING           |    20 -
 vendor/github.com/ncw/swift/README.md         |   156 -
 vendor/github.com/ncw/swift/auth.go           |   335 -
 vendor/github.com/ncw/swift/auth_v3.go        |   300 -
 .../github.com/ncw/swift/compatibility_1_0.go |    28 -
 .../github.com/ncw/swift/compatibility_1_1.go |    24 -
 .../github.com/ncw/swift/compatibility_1_6.go |    23 -
 .../ncw/swift/compatibility_not_1_6.go        |    13 -
 vendor/github.com/ncw/swift/dlo.go            |   136 -
 vendor/github.com/ncw/swift/doc.go            |    19 -
 vendor/github.com/ncw/swift/largeobjects.go   |   448 -
 vendor/github.com/ncw/swift/meta.go           |   174 -
 vendor/github.com/ncw/swift/notes.txt         |    55 -
 vendor/github.com/ncw/swift/slo.go            |   171 -
 vendor/github.com/ncw/swift/swift.go          |  2243 -
 .../github.com/ncw/swift/swifttest/server.go  |  1107 -
 vendor/github.com/ncw/swift/timeout_reader.go |    59 -
 .../github.com/ncw/swift/travis_realserver.sh |    22 -
 .../github.com/ncw/swift/watchdog_reader.go   |    55 -
 .../opencontainers/go-digest/digestset/set.go |   262 -
 .../github.com/rogpeppe/go-internal/LICENSE   |    27 -
 .../rogpeppe/go-internal/fmtsort/mapelem.go   |    20 -
 .../rogpeppe/go-internal/fmtsort/sort.go      |   209 -
 .../yvasiyarov/go-metrics/.gitignore          |     9 -
 .../github.com/yvasiyarov/go-metrics/LICENSE  |    29 -
 .../yvasiyarov/go-metrics/README.md           |   104 -
 .../yvasiyarov/go-metrics/counter.go          |   112 -
 .../github.com/yvasiyarov/go-metrics/debug.go |    76 -
 .../github.com/yvasiyarov/go-metrics/ewma.go  |   118 -
 .../github.com/yvasiyarov/go-metrics/gauge.go |    84 -
 .../yvasiyarov/go-metrics/gauge_float64.go    |    91 -
 .../yvasiyarov/go-metrics/graphite.go         |   104 -
 .../yvasiyarov/go-metrics/healthcheck.go      |    61 -
 .../yvasiyarov/go-metrics/histogram.go        |   192 -
 .../github.com/yvasiyarov/go-metrics/json.go  |    83 -
 .../github.com/yvasiyarov/go-metrics/log.go   |    70 -
 .../yvasiyarov/go-metrics/memory.md           |   285 -
 .../github.com/yvasiyarov/go-metrics/meter.go |   233 -
 .../yvasiyarov/go-metrics/metrics.go          |    13 -
 .../yvasiyarov/go-metrics/opentsdb.go         |   119 -
 .../yvasiyarov/go-metrics/registry.go         |   168 -
 .../yvasiyarov/go-metrics/runtime.go          |   200 -
 .../yvasiyarov/go-metrics/runtime_cgo.go      |     9 -
 .../yvasiyarov/go-metrics/runtime_no_cgo.go   |     7 -
 .../yvasiyarov/go-metrics/sample.go           |   568 -
 .../yvasiyarov/go-metrics/syslog.go           |    78 -
 .../github.com/yvasiyarov/go-metrics/timer.go |   299 -
 .../yvasiyarov/go-metrics/writer.go           |   100 -
 .../github.com/yvasiyarov/gorelic/.gitignore  |     4 -
 .../github.com/yvasiyarov/gorelic/.travis.yml |     1 -
 vendor/github.com/yvasiyarov/gorelic/LICENSE  |    24 -
 .../github.com/yvasiyarov/gorelic/README.md   |   119 -
 vendor/github.com/yvasiyarov/gorelic/agent.go |   137 -
 vendor/github.com/yvasiyarov/gorelic/doc.go   |     2 -
 .../yvasiyarov/gorelic/gc_metrics.go          |    65 -
 .../yvasiyarov/gorelic/gometrica.go           |   105 -
 .../yvasiyarov/gorelic/http_metrics.go        |   194 -
 .../yvasiyarov/gorelic/memory_metrics.go      |   110 -
 vendor/github.com/yvasiyarov/gorelic/nut.json |    15 -
 .../yvasiyarov/gorelic/runtime_metrics.go     |   196 -
 .../newrelic_platform_go/.travis.yml          |     1 -
 .../yvasiyarov/newrelic_platform_go/LICENSE   |    24 -
 .../yvasiyarov/newrelic_platform_go/README.md |    11 -
 .../yvasiyarov/newrelic_platform_go/agent.go  |    27 -
 .../newrelic_platform_go/component.go         |    71 -
 .../yvasiyarov/newrelic_platform_go/doc.go    |     2 -
 .../newrelic_platform_go/metrica.go           |    42 -
 .../yvasiyarov/newrelic_platform_go/nut.json  |    15 -
 .../yvasiyarov/newrelic_platform_go/plugin.go |   194 -
 .../api/googleapi/googleapi.go                |   480 -
 .../google.golang.org/api/googleapi/types.go  |   202 -
 .../api/internal/gensupport/buffer.go         |    79 -
 .../api/internal/gensupport/doc.go            |    10 -
 .../api/internal/gensupport/error.go          |    24 -
 .../api/internal/gensupport/json.go           |   236 -
 .../api/internal/gensupport/jsonfloat.go      |    47 -
 .../api/internal/gensupport/media.go          |   311 -
 .../api/internal/gensupport/params.go         |    57 -
 .../api/internal/gensupport/resumable.go      |   269 -
 .../api/internal/gensupport/retry.go          |   121 -
 .../internal/gensupport/retryable_linux.go    |    16 -
 .../api/internal/gensupport/send.go           |   185 -
 .../api/internal/gensupport/version.go        |    53 -
 .../internal/third_party/uritemplates/LICENSE |    27 -
 .../third_party/uritemplates/METADATA         |    14 -
 .../third_party/uritemplates/uritemplates.go  |   248 -
 .../third_party/uritemplates/utils.go         |    17 -
 .../api/storage/v1/storage-api.json           |  4283 --
 .../api/storage/v1/storage-gen.go             | 13283 -----
 vendor/google.golang.org/cloud/.travis.yml    |    11 -
 vendor/google.golang.org/cloud/AUTHORS        |    12 -
 .../google.golang.org/cloud/CONTRIBUTING.md   |   114 -
 vendor/google.golang.org/cloud/CONTRIBUTORS   |    24 -
 vendor/google.golang.org/cloud/LICENSE        |   202 -
 vendor/google.golang.org/cloud/README.md      |   135 -
 vendor/google.golang.org/cloud/cloud.go       |    49 -
 .../google.golang.org/cloud/internal/cloud.go |   128 -
 .../cloud/internal/opts/option.go             |    24 -
 vendor/google.golang.org/cloud/key.json.enc   |   Bin 1248 -> 0 bytes
 vendor/google.golang.org/cloud/option.go      |   100 -
 vendor/google.golang.org/cloud/storage/acl.go |   176 -
 .../cloud/storage/storage.go                  |   350 -
 .../google.golang.org/cloud/storage/types.go  |   417 -
 .../genproto/googleapis/rpc/code/code.pb.go   |   336 -
 .../rpc/errdetails/error_details.pb.go        |  1314 -
 vendor/gopkg.in/check.v1/.gitignore           |     4 -
 vendor/gopkg.in/check.v1/.travis.yml          |     3 -
 vendor/gopkg.in/check.v1/LICENSE              |    25 -
 vendor/gopkg.in/check.v1/README.md            |    20 -
 vendor/gopkg.in/check.v1/TODO                 |     2 -
 vendor/gopkg.in/check.v1/benchmark.go         |   187 -
 vendor/gopkg.in/check.v1/check.go             |   876 -
 vendor/gopkg.in/check.v1/checkers.go          |   528 -
 vendor/gopkg.in/check.v1/helpers.go           |   233 -
 vendor/gopkg.in/check.v1/printer.go           |   168 -
 vendor/gopkg.in/check.v1/reporter.go          |    88 -
 vendor/gopkg.in/check.v1/run.go               |   175 -
 vendor/modules.txt                            |    85 -
 vendor/rsc.io/letsencrypt/LICENSE             |    27 -
 vendor/rsc.io/letsencrypt/README.md           |     9 -
 vendor/rsc.io/letsencrypt/doc.go              |    11 -
 1622 files changed, 25850 insertions(+), 215245 deletions(-)
 delete mode 100644 apis/vendor/github.com/cenkalti/backoff/v4/.travis.yml
 delete mode 100644 apis/vendor/github.com/felixge/httpsnoop/.travis.yml
 create mode 100644 apis/vendor/github.com/go-logr/logr/SECURITY.md
 rename controller-utils/vendor/github.com/google/go-cmp/cmp/export_unsafe.go => apis/vendor/github.com/google/go-cmp/cmp/export.go (94%)
 delete mode 100644 apis/vendor/github.com/google/go-cmp/cmp/export_panic.go
 rename apis/vendor/github.com/google/go-cmp/cmp/internal/value/{pointer_unsafe.go => pointer.go} (95%)
 delete mode 100644 apis/vendor/github.com/google/go-cmp/cmp/internal/value/pointer_purego.go
 delete mode 100644 apis/vendor/github.com/google/uuid/.travis.yml
 create mode 100644 apis/vendor/github.com/google/uuid/CHANGELOG.md
 create mode 100644 apis/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/utilities/string_array_flag.go
 create mode 100644 apis/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/internal/semconvutil/gen.go
 create mode 100644 apis/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/internal/semconvutil/httpconv.go
 create mode 100644 apis/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/internal/semconvutil/netconv.go
 create mode 100644 apis/vendor/go.opentelemetry.io/otel/.codespellignore
 create mode 100644 apis/vendor/go.opentelemetry.io/otel/.codespellrc
 create mode 100644 apis/vendor/go.opentelemetry.io/otel/attribute/filter.go
 delete mode 100644 apis/vendor/go.opentelemetry.io/otel/exporters/otlp/internal/config.go
 delete mode 100644 apis/vendor/go.opentelemetry.io/otel/exporters/otlp/internal/retry/LICENSE
 delete mode 100644 apis/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/README.md
 create mode 100644 apis/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/doc.go
 create mode 100644 apis/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/doc.go
 rename apis/vendor/go.opentelemetry.io/otel/exporters/otlp/{ => otlptrace/otlptracegrpc}/internal/envconfig/envconfig.go (57%)
 create mode 100644 apis/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/internal/gen.go
 rename apis/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/{ => otlptracegrpc}/internal/otlpconfig/envconfig.go (74%)
 rename apis/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/{ => otlptracegrpc}/internal/otlpconfig/options.go (89%)
 rename apis/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/{ => otlptracegrpc}/internal/otlpconfig/optiontypes.go (90%)
 rename apis/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/{ => otlptracegrpc}/internal/otlpconfig/tls.go (87%)
 rename apis/vendor/go.opentelemetry.io/otel/exporters/otlp/{ => otlptrace/otlptracegrpc}/internal/partialsuccess.go (64%)
 rename apis/vendor/go.opentelemetry.io/otel/exporters/otlp/{ => otlptrace/otlptracegrpc}/internal/retry/retry.go (80%)
 rename apis/vendor/go.opentelemetry.io/otel/{metric/unit/doc.go => exporters/otlp/otlptrace/version.go} (65%)
 create mode 100644 apis/vendor/go.opentelemetry.io/otel/internal/attribute/attribute.go
 create mode 100644 apis/vendor/go.opentelemetry.io/otel/internal/gen.go
 create mode 100644 apis/vendor/go.opentelemetry.io/otel/internal/global/handler.go
 create mode 100644 apis/vendor/go.opentelemetry.io/otel/internal/global/instruments.go
 create mode 100644 apis/vendor/go.opentelemetry.io/otel/internal/global/meter.go
 create mode 100644 apis/vendor/go.opentelemetry.io/otel/metric.go
 create mode 100644 apis/vendor/go.opentelemetry.io/otel/metric/asyncfloat64.go
 create mode 100644 apis/vendor/go.opentelemetry.io/otel/metric/asyncint64.go
 create mode 100644 apis/vendor/go.opentelemetry.io/otel/metric/embedded/embedded.go
 delete mode 100644 apis/vendor/go.opentelemetry.io/otel/metric/global/global.go
 create mode 100644 apis/vendor/go.opentelemetry.io/otel/metric/instrument.go
 delete mode 100644 apis/vendor/go.opentelemetry.io/otel/metric/instrument/asyncfloat64/asyncfloat64.go
 delete mode 100644 apis/vendor/go.opentelemetry.io/otel/metric/instrument/asyncint64/asyncint64.go
 delete mode 100644 apis/vendor/go.opentelemetry.io/otel/metric/instrument/config.go
 delete mode 100644 apis/vendor/go.opentelemetry.io/otel/metric/instrument/instrument.go
 delete mode 100644 apis/vendor/go.opentelemetry.io/otel/metric/instrument/syncfloat64/syncfloat64.go
 delete mode 100644 apis/vendor/go.opentelemetry.io/otel/metric/instrument/syncint64/syncint64.go
 delete mode 100644 apis/vendor/go.opentelemetry.io/otel/metric/internal/global/instruments.go
 delete mode 100644 apis/vendor/go.opentelemetry.io/otel/metric/internal/global/meter.go
 delete mode 100644 apis/vendor/go.opentelemetry.io/otel/metric/internal/global/state.go
 delete mode 100644 apis/vendor/go.opentelemetry.io/otel/metric/noop.go
 create mode 100644 apis/vendor/go.opentelemetry.io/otel/metric/syncfloat64.go
 create mode 100644 apis/vendor/go.opentelemetry.io/otel/metric/syncint64.go
 create mode 100644 apis/vendor/go.opentelemetry.io/otel/requirements.txt
 create mode 100644 apis/vendor/go.opentelemetry.io/otel/sdk/internal/gen.go
 create mode 100644 apis/vendor/go.opentelemetry.io/otel/sdk/resource/host_id.go
 create mode 100644 apis/vendor/go.opentelemetry.io/otel/sdk/resource/host_id_bsd.go
 create mode 100644 apis/vendor/go.opentelemetry.io/otel/sdk/resource/host_id_darwin.go
 create mode 100644 apis/vendor/go.opentelemetry.io/otel/sdk/resource/host_id_exec.go
 create mode 100644 apis/vendor/go.opentelemetry.io/otel/sdk/resource/host_id_linux.go
 create mode 100644 apis/vendor/go.opentelemetry.io/otel/sdk/resource/host_id_readfile.go
 create mode 100644 apis/vendor/go.opentelemetry.io/otel/sdk/resource/host_id_unsupported.go
 create mode 100644 apis/vendor/go.opentelemetry.io/otel/sdk/resource/host_id_windows.go
 create mode 100644 apis/vendor/go.opentelemetry.io/otel/sdk/trace/version.go
 create mode 100644 apis/vendor/go.opentelemetry.io/otel/sdk/version.go
 delete mode 100644 apis/vendor/go.opentelemetry.io/otel/semconv/internal/http.go
 delete mode 100644 apis/vendor/go.opentelemetry.io/otel/semconv/v1.12.0/http.go
 delete mode 100644 apis/vendor/go.opentelemetry.io/otel/semconv/v1.12.0/resource.go
 delete mode 100644 apis/vendor/go.opentelemetry.io/otel/semconv/v1.12.0/trace.go
 rename apis/vendor/go.opentelemetry.io/otel/semconv/{v1.12.0 => v1.17.0}/doc.go (92%)
 create mode 100644 apis/vendor/go.opentelemetry.io/otel/semconv/v1.17.0/event.go
 rename apis/vendor/go.opentelemetry.io/otel/semconv/{v1.12.0 => v1.17.0}/exception.go (99%)
 create mode 100644 apis/vendor/go.opentelemetry.io/otel/semconv/v1.17.0/http.go
 create mode 100644 apis/vendor/go.opentelemetry.io/otel/semconv/v1.17.0/resource.go
 rename apis/vendor/go.opentelemetry.io/otel/semconv/{v1.12.0 => v1.17.0}/schema.go (93%)
 create mode 100644 apis/vendor/go.opentelemetry.io/otel/semconv/v1.17.0/trace.go
 create mode 100644 apis/vendor/go.opentelemetry.io/otel/semconv/v1.21.0/attribute_group.go
 create mode 100644 apis/vendor/go.opentelemetry.io/otel/semconv/v1.21.0/doc.go
 create mode 100644 apis/vendor/go.opentelemetry.io/otel/semconv/v1.21.0/event.go
 rename apis/vendor/go.opentelemetry.io/otel/{metric/unit/unit.go => semconv/v1.21.0/exception.go} (70%)
 create mode 100644 apis/vendor/go.opentelemetry.io/otel/semconv/v1.21.0/resource.go
 create mode 100644 apis/vendor/go.opentelemetry.io/otel/semconv/v1.21.0/schema.go
 create mode 100644 apis/vendor/go.opentelemetry.io/otel/semconv/v1.21.0/trace.go
 create mode 100644 apis/vendor/go.opentelemetry.io/otel/trace/embedded/embedded.go
 create mode 100644 apis/vendor/go.opentelemetry.io/otel/trace/noop/noop.go
 rename apis/vendor/google.golang.org/genproto/{ => googleapis/api}/LICENSE (100%)
 rename vendor/github.com/aws/aws-sdk-go/LICENSE.txt => apis/vendor/google.golang.org/genproto/googleapis/rpc/LICENSE (100%)
 delete mode 100644 apis/vendor/google.golang.org/genproto/protobuf/field_mask/field_mask.go
 create mode 100644 apis/vendor/google.golang.org/grpc/health/grpc_health_v1/health.pb.go
 create mode 100644 apis/vendor/google.golang.org/grpc/health/grpc_health_v1/health_grpc.pb.go
 create mode 100644 apis/vendor/google.golang.org/grpc/internal/grpcsync/pubsub.go
 rename apis/vendor/google.golang.org/grpc/{ => internal/idle}/idle.go (61%)
 create mode 100644 apis/vendor/google.golang.org/grpc/shared_buffer_pool.go
 create mode 100644 apis/vendor/google.golang.org/protobuf/types/dynamicpb/types.go
 create mode 100644 controller-utils/vendor/github.com/go-logr/logr/SECURITY.md
 rename apis/vendor/github.com/google/go-cmp/cmp/export_unsafe.go => controller-utils/vendor/github.com/google/go-cmp/cmp/export.go (94%)
 delete mode 100644 controller-utils/vendor/github.com/google/go-cmp/cmp/export_panic.go
 rename controller-utils/vendor/github.com/google/go-cmp/cmp/internal/value/{pointer_unsafe.go => pointer.go} (95%)
 delete mode 100644 controller-utils/vendor/github.com/google/go-cmp/cmp/internal/value/pointer_purego.go
 delete mode 100644 controller-utils/vendor/github.com/google/uuid/.travis.yml
 create mode 100644 controller-utils/vendor/github.com/google/uuid/CHANGELOG.md
 delete mode 100644 vendor/github.com/Azure/azure-sdk-for-go/storage/README.md
 delete mode 100644 vendor/github.com/Azure/azure-sdk-for-go/storage/appendblob.go
 delete mode 100644 vendor/github.com/Azure/azure-sdk-for-go/storage/authorization.go
 delete mode 100644 vendor/github.com/Azure/azure-sdk-for-go/storage/blob.go
 delete mode 100644 vendor/github.com/Azure/azure-sdk-for-go/storage/blobsasuri.go
 delete mode 100644 vendor/github.com/Azure/azure-sdk-for-go/storage/blobserviceclient.go
 delete mode 100644 vendor/github.com/Azure/azure-sdk-for-go/storage/blockblob.go
 delete mode 100644 vendor/github.com/Azure/azure-sdk-for-go/storage/client.go
 delete mode 100644 vendor/github.com/Azure/azure-sdk-for-go/storage/commonsasuri.go
 delete mode 100644 vendor/github.com/Azure/azure-sdk-for-go/storage/container.go
 delete mode 100644 vendor/github.com/Azure/azure-sdk-for-go/storage/copyblob.go
 delete mode 100644 vendor/github.com/Azure/azure-sdk-for-go/storage/directory.go
 delete mode 100644 vendor/github.com/Azure/azure-sdk-for-go/storage/entity.go
 delete mode 100644 vendor/github.com/Azure/azure-sdk-for-go/storage/file.go
 delete mode 100644 vendor/github.com/Azure/azure-sdk-for-go/storage/fileserviceclient.go
 delete mode 100644 vendor/github.com/Azure/azure-sdk-for-go/storage/leaseblob.go
 delete mode 100644 vendor/github.com/Azure/azure-sdk-for-go/storage/message.go
 delete mode 100644 vendor/github.com/Azure/azure-sdk-for-go/storage/odata.go
 delete mode 100644 vendor/github.com/Azure/azure-sdk-for-go/storage/pageblob.go
 delete mode 100644 vendor/github.com/Azure/azure-sdk-for-go/storage/queue.go
 delete mode 100644 vendor/github.com/Azure/azure-sdk-for-go/storage/queuesasuri.go
 delete mode 100644 vendor/github.com/Azure/azure-sdk-for-go/storage/queueserviceclient.go
 delete mode 100644 vendor/github.com/Azure/azure-sdk-for-go/storage/share.go
 delete mode 100644 vendor/github.com/Azure/azure-sdk-for-go/storage/storagepolicy.go
 delete mode 100644 vendor/github.com/Azure/azure-sdk-for-go/storage/storageservice.go
 delete mode 100644 vendor/github.com/Azure/azure-sdk-for-go/storage/table.go
 delete mode 100644 vendor/github.com/Azure/azure-sdk-for-go/storage/table_batch.go
 delete mode 100644 vendor/github.com/Azure/azure-sdk-for-go/storage/tableserviceclient.go
 delete mode 100644 vendor/github.com/Azure/azure-sdk-for-go/storage/util.go
 delete mode 100644 vendor/github.com/Shopify/logrus-bugsnag/.travis.yml
 delete mode 100644 vendor/github.com/Shopify/logrus-bugsnag/LICENSE
 delete mode 100644 vendor/github.com/Shopify/logrus-bugsnag/README.md
 delete mode 100644 vendor/github.com/Shopify/logrus-bugsnag/bugsnag.go
 delete mode 100644 vendor/github.com/Shopify/logrus-bugsnag/dev.yml
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/NOTICE.txt
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/aws/arn/arn.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/aws/awserr/error.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/aws/awserr/types.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/aws/awsutil/copy.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/aws/awsutil/equal.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/aws/awsutil/path_value.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/aws/awsutil/prettify.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/aws/awsutil/string_value.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/aws/client/client.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/aws/client/default_retryer.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/aws/client/logger.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/aws/client/metadata/client_info.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/aws/client/no_op_retryer.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/aws/config.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/aws/context_1_5.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/aws/context_1_9.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/aws/context_background_1_5.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/aws/context_background_1_7.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/aws/context_sleep.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/aws/convert_types.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/aws/corehandlers/handlers.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/aws/corehandlers/param_validator.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/aws/corehandlers/user_agent.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/aws/credentials/chain_provider.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/aws/credentials/context_background_go1.5.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/aws/credentials/context_background_go1.7.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/aws/credentials/context_go1.5.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/aws/credentials/context_go1.9.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/aws/credentials/credentials.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/aws/credentials/ec2rolecreds/ec2_role_provider.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/aws/credentials/endpointcreds/provider.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/aws/credentials/env_provider.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/aws/credentials/example.ini
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/aws/credentials/processcreds/provider.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/aws/credentials/shared_credentials_provider.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/aws/credentials/ssocreds/doc.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/aws/credentials/ssocreds/os.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/aws/credentials/ssocreds/os_windows.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/aws/credentials/ssocreds/provider.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/aws/credentials/static_provider.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/assume_role_provider.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/web_identity_provider.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/aws/csm/doc.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/aws/csm/enable.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/aws/csm/metric.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/aws/csm/metric_chan.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/aws/csm/metric_exception.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/aws/csm/reporter.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/aws/defaults/defaults.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/aws/defaults/shared_config.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/aws/doc.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/api.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/service.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/token_provider.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/aws/endpoints/decode.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/aws/endpoints/dep_service_ids.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/aws/endpoints/doc.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/aws/endpoints/endpoints.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/aws/endpoints/legacy_regions.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/aws/endpoints/v3model.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/aws/endpoints/v3model_codegen.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/aws/errors.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/aws/jsonvalue.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/aws/logger.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/aws/request/connection_reset_error.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/aws/request/handlers.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/aws/request/http_request.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/aws/request/offset_reader.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/aws/request/request.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/aws/request/request_1_7.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/aws/request/request_1_8.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/aws/request/request_context.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/aws/request/request_context_1_6.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/aws/request/request_pagination.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/aws/request/retryer.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/aws/request/timeout_read_closer.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/aws/request/validation.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/aws/request/waiter.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/aws/session/credentials.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/aws/session/custom_transport.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/aws/session/custom_transport_go1.12.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/aws/session/custom_transport_go1.5.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/aws/session/custom_transport_go1.6.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/aws/session/doc.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/aws/session/env_config.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/aws/session/session.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/aws/signer/v4/header_rules.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/aws/signer/v4/options.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/aws/signer/v4/request_context_go1.5.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/aws/signer/v4/request_context_go1.7.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/aws/signer/v4/stream.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/aws/signer/v4/uri_path.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/aws/signer/v4/v4.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/aws/types.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/aws/url.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/aws/url_1_7.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/aws/version.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/internal/context/background_go1.5.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/internal/ini/ast.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/internal/ini/comma_token.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/internal/ini/comment_token.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/internal/ini/doc.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/internal/ini/empty_token.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/internal/ini/expression.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/internal/ini/fuzz.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/internal/ini/ini.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/internal/ini/ini_lexer.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/internal/ini/ini_parser.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/internal/ini/literal_tokens.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/internal/ini/newline_token.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/internal/ini/number_helper.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/internal/ini/op_tokens.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/internal/ini/parse_error.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/internal/ini/parse_stack.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/internal/ini/sep_tokens.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/internal/ini/skipper.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/internal/ini/statement.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/internal/ini/value_util.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/internal/ini/visitor.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/internal/ini/walker.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/internal/ini/ws_token.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/internal/s3shared/arn/accesspoint_arn.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/internal/s3shared/arn/arn.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/internal/s3shared/arn/outpost_arn.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/internal/s3shared/arn/s3_object_lambda_arn.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/internal/s3shared/endpoint_errors.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/internal/s3shared/resource_request.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/internal/s3shared/s3err/error.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/internal/sdkio/byte.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/internal/sdkio/io_go1.6.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/internal/sdkio/io_go1.7.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/internal/sdkmath/floor.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/internal/sdkmath/floor_go1.9.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/internal/sdkrand/locked_source.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/internal/sdkrand/read.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/internal/sdkrand/read_1_5.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/internal/sdkuri/path.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/internal/shareddefaults/ecs_container.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/internal/shareddefaults/shared_config.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/internal/shareddefaults/shared_config_resolve_home.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/internal/shareddefaults/shared_config_resolve_home_go1.12.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/internal/strings/strings.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/internal/sync/singleflight/LICENSE
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/internal/sync/singleflight/singleflight.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/private/checksum/content_md5.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/debug.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/decode.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/encode.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/error.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/error.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/reader.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/shared.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/signer.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/stream_writer.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/transport.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/transport_go1.17.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/writer.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/header.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/header_value.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/message.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/private/protocol/host.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/private/protocol/host_prefix.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/private/protocol/idempotency.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/private/protocol/json/jsonutil/build.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/private/protocol/json/jsonutil/unmarshal.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/private/protocol/jsonrpc/jsonrpc.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/private/protocol/jsonrpc/unmarshal_error.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/private/protocol/jsonvalue.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/private/protocol/payload.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/private/protocol/protocol.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/private/protocol/query/build.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/private/protocol/query/queryutil/queryutil.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/private/protocol/query/unmarshal.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/private/protocol/query/unmarshal_error.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/private/protocol/rest/build.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/private/protocol/rest/payload.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/private/protocol/rest/unmarshal.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/private/protocol/restjson/restjson.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/private/protocol/restjson/unmarshal_error.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/private/protocol/restxml/restxml.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/private/protocol/timestamp.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/private/protocol/unmarshal.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/private/protocol/unmarshal_error.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/build.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/sort.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/unmarshal.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/xml_to_struct.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/service/cloudfront/sign/policy.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/service/cloudfront/sign/policy_json_1_6.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/service/cloudfront/sign/policy_json_1_7.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/service/cloudfront/sign/privkey.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/service/cloudfront/sign/randomreader.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/service/cloudfront/sign/sign_cookie.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/service/cloudfront/sign/sign_url.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/service/s3/api.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/service/s3/body_hash.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/service/s3/bucket_location.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/service/s3/customizations.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/service/s3/doc.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/service/s3/doc_custom.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/service/s3/endpoint.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/service/s3/endpoint_builder.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/service/s3/errors.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/service/s3/host_style_bucket.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/service/s3/platform_handlers.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/service/s3/platform_handlers_go1.6.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/service/s3/service.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/service/s3/sse.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/service/s3/statusok_error.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/service/s3/unmarshal_error.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/service/s3/waiters.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/service/sso/api.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/service/sso/doc.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/service/sso/errors.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/service/sso/service.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/service/sso/ssoiface/interface.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/service/sts/api.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/service/sts/customizations.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/service/sts/doc.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/service/sts/errors.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/service/sts/service.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go/service/sts/stsiface/interface.go
 delete mode 100644 vendor/github.com/bshuster-repo/logrus-logstash-hook/.gitignore
 delete mode 100644 vendor/github.com/bshuster-repo/logrus-logstash-hook/.travis.yml
 delete mode 100644 vendor/github.com/bshuster-repo/logrus-logstash-hook/CHANGELOG.md
 delete mode 100644 vendor/github.com/bshuster-repo/logrus-logstash-hook/LICENSE
 delete mode 100644 vendor/github.com/bshuster-repo/logrus-logstash-hook/README.md
 delete mode 100644 vendor/github.com/bshuster-repo/logrus-logstash-hook/hook.go
 delete mode 100644 vendor/github.com/bugsnag/bugsnag-go/.travis.yml
 delete mode 100644 vendor/github.com/bugsnag/bugsnag-go/CHANGELOG.md
 delete mode 100644 vendor/github.com/bugsnag/bugsnag-go/CONTRIBUTING.md
 delete mode 100644 vendor/github.com/bugsnag/bugsnag-go/LICENSE.txt
 delete mode 100644 vendor/github.com/bugsnag/bugsnag-go/Makefile
 delete mode 100644 vendor/github.com/bugsnag/bugsnag-go/README.md
 delete mode 100644 vendor/github.com/bugsnag/bugsnag-go/appengine.go
 delete mode 100644 vendor/github.com/bugsnag/bugsnag-go/bugsnag.go
 delete mode 100644 vendor/github.com/bugsnag/bugsnag-go/configuration.go
 delete mode 100644 vendor/github.com/bugsnag/bugsnag-go/doc.go
 delete mode 100644 vendor/github.com/bugsnag/bugsnag-go/errors/README.md
 delete mode 100644 vendor/github.com/bugsnag/bugsnag-go/errors/error.go
 delete mode 100644 vendor/github.com/bugsnag/bugsnag-go/errors/parse_panic.go
 delete mode 100644 vendor/github.com/bugsnag/bugsnag-go/errors/stackframe.go
 delete mode 100644 vendor/github.com/bugsnag/bugsnag-go/event.go
 delete mode 100644 vendor/github.com/bugsnag/bugsnag-go/json_tags.go
 delete mode 100644 vendor/github.com/bugsnag/bugsnag-go/metadata.go
 delete mode 100644 vendor/github.com/bugsnag/bugsnag-go/middleware.go
 delete mode 100644 vendor/github.com/bugsnag/bugsnag-go/notifier.go
 delete mode 100644 vendor/github.com/bugsnag/bugsnag-go/panicwrap.go
 delete mode 100644 vendor/github.com/bugsnag/bugsnag-go/payload.go
 delete mode 100644 vendor/github.com/bugsnag/osext/LICENSE
 delete mode 100644 vendor/github.com/bugsnag/osext/osext.go
 delete mode 100644 vendor/github.com/bugsnag/osext/osext_plan9.go
 delete mode 100644 vendor/github.com/bugsnag/osext/osext_procfs.go
 delete mode 100644 vendor/github.com/bugsnag/osext/osext_sysctl.go
 delete mode 100644 vendor/github.com/bugsnag/osext/osext_windows.go
 delete mode 100644 vendor/github.com/bugsnag/panicwrap/LICENSE
 delete mode 100644 vendor/github.com/bugsnag/panicwrap/README.md
 delete mode 100644 vendor/github.com/bugsnag/panicwrap/dup2.go
 delete mode 100644 vendor/github.com/bugsnag/panicwrap/dup3.go
 delete mode 100644 vendor/github.com/bugsnag/panicwrap/monitor.go
 delete mode 100644 vendor/github.com/bugsnag/panicwrap/monitor_windows.go
 delete mode 100644 vendor/github.com/bugsnag/panicwrap/panicwrap.go
 delete mode 100644 vendor/github.com/denverdino/aliyungo/LICENSE.txt
 delete mode 100644 vendor/github.com/denverdino/aliyungo/common/client.go
 delete mode 100644 vendor/github.com/denverdino/aliyungo/common/endpoint.go
 delete mode 100644 vendor/github.com/denverdino/aliyungo/common/endpoints.xml
 delete mode 100644 vendor/github.com/denverdino/aliyungo/common/regions.go
 delete mode 100644 vendor/github.com/denverdino/aliyungo/common/request.go
 delete mode 100644 vendor/github.com/denverdino/aliyungo/common/types.go
 delete mode 100644 vendor/github.com/denverdino/aliyungo/common/version.go
 delete mode 100644 vendor/github.com/denverdino/aliyungo/oss/authenticate_callback.go
 delete mode 100644 vendor/github.com/denverdino/aliyungo/oss/client.go
 delete mode 100644 vendor/github.com/denverdino/aliyungo/oss/export.go
 delete mode 100644 vendor/github.com/denverdino/aliyungo/oss/multi.go
 delete mode 100644 vendor/github.com/denverdino/aliyungo/oss/regions.go
 delete mode 100644 vendor/github.com/denverdino/aliyungo/oss/signature.go
 delete mode 100644 vendor/github.com/denverdino/aliyungo/util/attempt.go
 delete mode 100644 vendor/github.com/denverdino/aliyungo/util/encoding.go
 delete mode 100644 vendor/github.com/denverdino/aliyungo/util/iso6801.go
 delete mode 100644 vendor/github.com/denverdino/aliyungo/util/signature.go
 delete mode 100644 vendor/github.com/denverdino/aliyungo/util/util.go
 delete mode 100644 vendor/github.com/distribution/reference/.gitattributes
 delete mode 100644 vendor/github.com/distribution/reference/.gitignore
 delete mode 100644 vendor/github.com/distribution/reference/.golangci.yml
 delete mode 100644 vendor/github.com/distribution/reference/CODE-OF-CONDUCT.md
 delete mode 100644 vendor/github.com/distribution/reference/CONTRIBUTING.md
 delete mode 100644 vendor/github.com/distribution/reference/GOVERNANCE.md
 delete mode 100644 vendor/github.com/distribution/reference/LICENSE
 delete mode 100644 vendor/github.com/distribution/reference/MAINTAINERS
 delete mode 100644 vendor/github.com/distribution/reference/Makefile
 delete mode 100644 vendor/github.com/distribution/reference/README.md
 delete mode 100644 vendor/github.com/distribution/reference/SECURITY.md
 delete mode 100644 vendor/github.com/distribution/reference/distribution-logo.svg
 delete mode 100644 vendor/github.com/distribution/reference/helpers.go
 delete mode 100644 vendor/github.com/distribution/reference/normalize.go
 delete mode 100644 vendor/github.com/distribution/reference/reference.go
 delete mode 100644 vendor/github.com/distribution/reference/regexp.go
 delete mode 100644 vendor/github.com/distribution/reference/sort.go
 delete mode 100644 vendor/github.com/docker/distribution/configuration/configuration.go
 delete mode 100644 vendor/github.com/docker/distribution/configuration/parser.go
 delete mode 100644 vendor/github.com/docker/distribution/context/context.go
 delete mode 100644 vendor/github.com/docker/distribution/context/doc.go
 delete mode 100644 vendor/github.com/docker/distribution/context/http.go
 delete mode 100644 vendor/github.com/docker/distribution/context/logger.go
 delete mode 100644 vendor/github.com/docker/distribution/context/trace.go
 delete mode 100644 vendor/github.com/docker/distribution/context/util.go
 delete mode 100644 vendor/github.com/docker/distribution/context/version.go
 delete mode 100644 vendor/github.com/docker/distribution/health/checks/checks.go
 delete mode 100644 vendor/github.com/docker/distribution/health/doc.go
 delete mode 100644 vendor/github.com/docker/distribution/health/health.go
 delete mode 100644 vendor/github.com/docker/distribution/manifest/schema1/config_builder.go
 delete mode 100644 vendor/github.com/docker/distribution/manifest/schema1/manifest.go
 delete mode 100644 vendor/github.com/docker/distribution/manifest/schema1/reference_builder.go
 delete mode 100644 vendor/github.com/docker/distribution/manifest/schema1/sign.go
 delete mode 100644 vendor/github.com/docker/distribution/manifest/schema1/verify.go
 delete mode 100644 vendor/github.com/docker/distribution/notifications/bridge.go
 delete mode 100644 vendor/github.com/docker/distribution/notifications/endpoint.go
 delete mode 100644 vendor/github.com/docker/distribution/notifications/event.go
 delete mode 100644 vendor/github.com/docker/distribution/notifications/http.go
 delete mode 100644 vendor/github.com/docker/distribution/notifications/listener.go
 delete mode 100644 vendor/github.com/docker/distribution/notifications/metrics.go
 delete mode 100644 vendor/github.com/docker/distribution/notifications/sinks.go
 delete mode 100644 vendor/github.com/docker/distribution/registry/auth/auth.go
 delete mode 100644 vendor/github.com/docker/distribution/registry/auth/htpasswd/access.go
 delete mode 100644 vendor/github.com/docker/distribution/registry/auth/htpasswd/htpasswd.go
 delete mode 100644 vendor/github.com/docker/distribution/registry/auth/silly/access.go
 delete mode 100644 vendor/github.com/docker/distribution/registry/auth/token/accesscontroller.go
 delete mode 100644 vendor/github.com/docker/distribution/registry/auth/token/stringset.go
 delete mode 100644 vendor/github.com/docker/distribution/registry/auth/token/token.go
 delete mode 100644 vendor/github.com/docker/distribution/registry/auth/token/util.go
 delete mode 100644 vendor/github.com/docker/distribution/registry/doc.go
 delete mode 100644 vendor/github.com/docker/distribution/registry/handlers/app.go
 delete mode 100644 vendor/github.com/docker/distribution/registry/handlers/basicauth.go
 delete mode 100644 vendor/github.com/docker/distribution/registry/handlers/basicauth_prego14.go
 delete mode 100644 vendor/github.com/docker/distribution/registry/handlers/blob.go
 delete mode 100644 vendor/github.com/docker/distribution/registry/handlers/blobupload.go
 delete mode 100644 vendor/github.com/docker/distribution/registry/handlers/catalog.go
 delete mode 100644 vendor/github.com/docker/distribution/registry/handlers/context.go
 delete mode 100644 vendor/github.com/docker/distribution/registry/handlers/helpers.go
 delete mode 100644 vendor/github.com/docker/distribution/registry/handlers/hmac.go
 delete mode 100644 vendor/github.com/docker/distribution/registry/handlers/hooks.go
 delete mode 100644 vendor/github.com/docker/distribution/registry/handlers/mail.go
 delete mode 100644 vendor/github.com/docker/distribution/registry/handlers/manifests.go
 delete mode 100644 vendor/github.com/docker/distribution/registry/handlers/tags.go
 delete mode 100644 vendor/github.com/docker/distribution/registry/listener/listener.go
 delete mode 100644 vendor/github.com/docker/distribution/registry/middleware/registry/middleware.go
 delete mode 100644 vendor/github.com/docker/distribution/registry/middleware/repository/middleware.go
 delete mode 100644 vendor/github.com/docker/distribution/registry/proxy/proxyauth.go
 delete mode 100644 vendor/github.com/docker/distribution/registry/proxy/proxyblobstore.go
 delete mode 100644 vendor/github.com/docker/distribution/registry/proxy/proxymanifeststore.go
 delete mode 100644 vendor/github.com/docker/distribution/registry/proxy/proxymetrics.go
 delete mode 100644 vendor/github.com/docker/distribution/registry/proxy/proxyregistry.go
 delete mode 100644 vendor/github.com/docker/distribution/registry/proxy/proxytagservice.go
 delete mode 100644 vendor/github.com/docker/distribution/registry/proxy/scheduler/scheduler.go
 delete mode 100644 vendor/github.com/docker/distribution/registry/registry.go
 delete mode 100644 vendor/github.com/docker/distribution/registry/root.go
 delete mode 100644 vendor/github.com/docker/distribution/registry/storage/blobcachemetrics.go
 delete mode 100644 vendor/github.com/docker/distribution/registry/storage/blobserver.go
 delete mode 100644 vendor/github.com/docker/distribution/registry/storage/blobstore.go
 delete mode 100644 vendor/github.com/docker/distribution/registry/storage/blobwriter.go
 delete mode 100644 vendor/github.com/docker/distribution/registry/storage/blobwriter_nonresumable.go
 delete mode 100644 vendor/github.com/docker/distribution/registry/storage/blobwriter_resumable.go
 delete mode 100644 vendor/github.com/docker/distribution/registry/storage/cache/cachecheck/suite.go
 delete mode 100644 vendor/github.com/docker/distribution/registry/storage/cache/redis/redis.go
 delete mode 100644 vendor/github.com/docker/distribution/registry/storage/catalog.go
 delete mode 100644 vendor/github.com/docker/distribution/registry/storage/doc.go
 delete mode 100644 vendor/github.com/docker/distribution/registry/storage/driver/azure/azure.go
 delete mode 100644 vendor/github.com/docker/distribution/registry/storage/driver/base/base.go
 delete mode 100644 vendor/github.com/docker/distribution/registry/storage/driver/base/regulator.go
 delete mode 100644 vendor/github.com/docker/distribution/registry/storage/driver/factory/factory.go
 delete mode 100644 vendor/github.com/docker/distribution/registry/storage/driver/fileinfo.go
 delete mode 100644 vendor/github.com/docker/distribution/registry/storage/driver/filesystem/driver.go
 delete mode 100644 vendor/github.com/docker/distribution/registry/storage/driver/gcs/doc.go
 delete mode 100644 vendor/github.com/docker/distribution/registry/storage/driver/gcs/gcs.go
 delete mode 100644 vendor/github.com/docker/distribution/registry/storage/driver/inmemory/driver.go
 delete mode 100644 vendor/github.com/docker/distribution/registry/storage/driver/inmemory/mfs.go
 delete mode 100644 vendor/github.com/docker/distribution/registry/storage/driver/middleware/cloudfront/middleware.go
 delete mode 100644 vendor/github.com/docker/distribution/registry/storage/driver/middleware/cloudfront/s3filter.go
 delete mode 100644 vendor/github.com/docker/distribution/registry/storage/driver/middleware/redirect/middleware.go
 delete mode 100644 vendor/github.com/docker/distribution/registry/storage/driver/middleware/storagemiddleware.go
 delete mode 100644 vendor/github.com/docker/distribution/registry/storage/driver/oss/doc.go
 delete mode 100644 vendor/github.com/docker/distribution/registry/storage/driver/oss/oss.go
 delete mode 100644 vendor/github.com/docker/distribution/registry/storage/driver/s3-aws/s3.go
 delete mode 100644 vendor/github.com/docker/distribution/registry/storage/driver/s3-aws/s3_v2_signer.go
 delete mode 100644 vendor/github.com/docker/distribution/registry/storage/driver/storagedriver.go
 delete mode 100644 vendor/github.com/docker/distribution/registry/storage/driver/swift/swift.go
 delete mode 100644 vendor/github.com/docker/distribution/registry/storage/driver/testdriver/testdriver.go
 delete mode 100644 vendor/github.com/docker/distribution/registry/storage/driver/testsuites/testsuites.go
 delete mode 100644 vendor/github.com/docker/distribution/registry/storage/driver/walk.go
 delete mode 100644 vendor/github.com/docker/distribution/registry/storage/error.go
 delete mode 100644 vendor/github.com/docker/distribution/registry/storage/filereader.go
 delete mode 100644 vendor/github.com/docker/distribution/registry/storage/garbagecollect.go
 delete mode 100644 vendor/github.com/docker/distribution/registry/storage/io.go
 delete mode 100644 vendor/github.com/docker/distribution/registry/storage/linkedblobstore.go
 delete mode 100644 vendor/github.com/docker/distribution/registry/storage/manifestlisthandler.go
 delete mode 100644 vendor/github.com/docker/distribution/registry/storage/manifeststore.go
 delete mode 100644 vendor/github.com/docker/distribution/registry/storage/ocimanifesthandler.go
 delete mode 100644 vendor/github.com/docker/distribution/registry/storage/paths.go
 delete mode 100644 vendor/github.com/docker/distribution/registry/storage/purgeuploads.go
 delete mode 100644 vendor/github.com/docker/distribution/registry/storage/registry.go
 delete mode 100644 vendor/github.com/docker/distribution/registry/storage/schema2manifesthandler.go
 delete mode 100644 vendor/github.com/docker/distribution/registry/storage/signedmanifesthandler.go
 delete mode 100644 vendor/github.com/docker/distribution/registry/storage/tagstore.go
 delete mode 100644 vendor/github.com/docker/distribution/registry/storage/v1unsupportedhandler.go
 delete mode 100644 vendor/github.com/docker/distribution/registry/storage/vacuum.go
 delete mode 100644 vendor/github.com/docker/distribution/testutil/handler.go
 delete mode 100644 vendor/github.com/docker/distribution/testutil/manifests.go
 delete mode 100644 vendor/github.com/docker/distribution/testutil/tarfile.go
 delete mode 100644 vendor/github.com/docker/distribution/version/print.go
 delete mode 100644 vendor/github.com/docker/distribution/version/version.go
 delete mode 100644 vendor/github.com/docker/distribution/version/version.sh
 delete mode 100644 vendor/github.com/docker/libtrust/CONTRIBUTING.md
 delete mode 100644 vendor/github.com/docker/libtrust/LICENSE
 delete mode 100644 vendor/github.com/docker/libtrust/MAINTAINERS
 delete mode 100644 vendor/github.com/docker/libtrust/README.md
 delete mode 100644 vendor/github.com/docker/libtrust/certificates.go
 delete mode 100644 vendor/github.com/docker/libtrust/doc.go
 delete mode 100644 vendor/github.com/docker/libtrust/ec_key.go
 delete mode 100644 vendor/github.com/docker/libtrust/filter.go
 delete mode 100644 vendor/github.com/docker/libtrust/hash.go
 delete mode 100644 vendor/github.com/docker/libtrust/jsonsign.go
 delete mode 100644 vendor/github.com/docker/libtrust/key.go
 delete mode 100644 vendor/github.com/docker/libtrust/key_files.go
 delete mode 100644 vendor/github.com/docker/libtrust/key_manager.go
 delete mode 100644 vendor/github.com/docker/libtrust/rsa_key.go
 delete mode 100644 vendor/github.com/docker/libtrust/util.go
 delete mode 100644 vendor/github.com/felixge/httpsnoop/.gitignore
 delete mode 100644 vendor/github.com/felixge/httpsnoop/.travis.yml
 delete mode 100644 vendor/github.com/felixge/httpsnoop/LICENSE.txt
 delete mode 100644 vendor/github.com/felixge/httpsnoop/Makefile
 delete mode 100644 vendor/github.com/felixge/httpsnoop/README.md
 delete mode 100644 vendor/github.com/felixge/httpsnoop/capture_metrics.go
 delete mode 100644 vendor/github.com/felixge/httpsnoop/docs.go
 delete mode 100644 vendor/github.com/felixge/httpsnoop/wrap_generated_gteq_1.8.go
 delete mode 100644 vendor/github.com/felixge/httpsnoop/wrap_generated_lt_1.8.go
 delete mode 100644 vendor/github.com/garyburd/redigo/internal/commandinfo.go
 delete mode 100644 vendor/github.com/garyburd/redigo/redis/conn.go
 delete mode 100644 vendor/github.com/garyburd/redigo/redis/doc.go
 delete mode 100644 vendor/github.com/garyburd/redigo/redis/log.go
 delete mode 100644 vendor/github.com/garyburd/redigo/redis/pool.go
 delete mode 100644 vendor/github.com/garyburd/redigo/redis/pubsub.go
 delete mode 100644 vendor/github.com/garyburd/redigo/redis/redis.go
 delete mode 100644 vendor/github.com/garyburd/redigo/redis/reply.go
 delete mode 100644 vendor/github.com/garyburd/redigo/redis/scan.go
 delete mode 100644 vendor/github.com/garyburd/redigo/redis/script.go
 delete mode 100644 vendor/github.com/gofrs/uuid/.gitignore
 delete mode 100644 vendor/github.com/gofrs/uuid/LICENSE
 delete mode 100644 vendor/github.com/gofrs/uuid/README.md
 delete mode 100644 vendor/github.com/gofrs/uuid/codec.go
 delete mode 100644 vendor/github.com/gofrs/uuid/fuzz.go
 delete mode 100644 vendor/github.com/gofrs/uuid/generator.go
 delete mode 100644 vendor/github.com/gofrs/uuid/sql.go
 delete mode 100644 vendor/github.com/gofrs/uuid/uuid.go
 delete mode 100644 vendor/github.com/googleapis/gax-go/v2/.release-please-manifest.json
 delete mode 100644 vendor/github.com/googleapis/gax-go/v2/CHANGES.md
 delete mode 100644 vendor/github.com/googleapis/gax-go/v2/LICENSE
 delete mode 100644 vendor/github.com/googleapis/gax-go/v2/apierror/apierror.go
 delete mode 100644 vendor/github.com/googleapis/gax-go/v2/apierror/internal/proto/README.md
 delete mode 100644 vendor/github.com/googleapis/gax-go/v2/apierror/internal/proto/custom_error.pb.go
 delete mode 100644 vendor/github.com/googleapis/gax-go/v2/apierror/internal/proto/custom_error.proto
 delete mode 100644 vendor/github.com/googleapis/gax-go/v2/apierror/internal/proto/error.pb.go
 delete mode 100644 vendor/github.com/googleapis/gax-go/v2/apierror/internal/proto/error.proto
 delete mode 100644 vendor/github.com/googleapis/gax-go/v2/call_option.go
 delete mode 100644 vendor/github.com/googleapis/gax-go/v2/content_type.go
 delete mode 100644 vendor/github.com/googleapis/gax-go/v2/gax.go
 delete mode 100644 vendor/github.com/googleapis/gax-go/v2/header.go
 delete mode 100644 vendor/github.com/googleapis/gax-go/v2/internal/version.go
 delete mode 100644 vendor/github.com/googleapis/gax-go/v2/invoke.go
 delete mode 100644 vendor/github.com/googleapis/gax-go/v2/proto_json_stream.go
 delete mode 100644 vendor/github.com/googleapis/gax-go/v2/release-please-config.json
 delete mode 100644 vendor/github.com/gorilla/handlers/LICENSE
 delete mode 100644 vendor/github.com/gorilla/handlers/README.md
 delete mode 100644 vendor/github.com/gorilla/handlers/canonical.go
 delete mode 100644 vendor/github.com/gorilla/handlers/compress.go
 delete mode 100644 vendor/github.com/gorilla/handlers/cors.go
 delete mode 100644 vendor/github.com/gorilla/handlers/doc.go
 delete mode 100644 vendor/github.com/gorilla/handlers/handlers.go
 delete mode 100644 vendor/github.com/gorilla/handlers/logging.go
 delete mode 100644 vendor/github.com/gorilla/handlers/proxy_headers.go
 delete mode 100644 vendor/github.com/gorilla/handlers/recovery.go
 delete mode 100644 vendor/github.com/kr/pretty/.gitignore
 delete mode 100644 vendor/github.com/kr/pretty/License
 delete mode 100644 vendor/github.com/kr/pretty/Readme
 delete mode 100644 vendor/github.com/kr/pretty/diff.go
 delete mode 100644 vendor/github.com/kr/pretty/formatter.go
 delete mode 100644 vendor/github.com/kr/pretty/pretty.go
 delete mode 100644 vendor/github.com/kr/pretty/zero.go
 delete mode 100644 vendor/github.com/kr/text/License
 delete mode 100644 vendor/github.com/kr/text/Readme
 delete mode 100644 vendor/github.com/kr/text/doc.go
 delete mode 100644 vendor/github.com/kr/text/indent.go
 delete mode 100644 vendor/github.com/kr/text/wrap.go
 delete mode 100644 vendor/github.com/ncw/swift/.gitignore
 delete mode 100644 vendor/github.com/ncw/swift/.travis.yml
 delete mode 100644 vendor/github.com/ncw/swift/COPYING
 delete mode 100644 vendor/github.com/ncw/swift/README.md
 delete mode 100644 vendor/github.com/ncw/swift/auth.go
 delete mode 100644 vendor/github.com/ncw/swift/auth_v3.go
 delete mode 100644 vendor/github.com/ncw/swift/compatibility_1_0.go
 delete mode 100644 vendor/github.com/ncw/swift/compatibility_1_1.go
 delete mode 100644 vendor/github.com/ncw/swift/compatibility_1_6.go
 delete mode 100644 vendor/github.com/ncw/swift/compatibility_not_1_6.go
 delete mode 100644 vendor/github.com/ncw/swift/dlo.go
 delete mode 100644 vendor/github.com/ncw/swift/doc.go
 delete mode 100644 vendor/github.com/ncw/swift/largeobjects.go
 delete mode 100644 vendor/github.com/ncw/swift/meta.go
 delete mode 100644 vendor/github.com/ncw/swift/notes.txt
 delete mode 100644 vendor/github.com/ncw/swift/slo.go
 delete mode 100644 vendor/github.com/ncw/swift/swift.go
 delete mode 100644 vendor/github.com/ncw/swift/swifttest/server.go
 delete mode 100644 vendor/github.com/ncw/swift/timeout_reader.go
 delete mode 100644 vendor/github.com/ncw/swift/travis_realserver.sh
 delete mode 100644 vendor/github.com/ncw/swift/watchdog_reader.go
 delete mode 100644 vendor/github.com/opencontainers/go-digest/digestset/set.go
 delete mode 100644 vendor/github.com/rogpeppe/go-internal/LICENSE
 delete mode 100644 vendor/github.com/rogpeppe/go-internal/fmtsort/mapelem.go
 delete mode 100644 vendor/github.com/rogpeppe/go-internal/fmtsort/sort.go
 delete mode 100644 vendor/github.com/yvasiyarov/go-metrics/.gitignore
 delete mode 100644 vendor/github.com/yvasiyarov/go-metrics/LICENSE
 delete mode 100644 vendor/github.com/yvasiyarov/go-metrics/README.md
 delete mode 100644 vendor/github.com/yvasiyarov/go-metrics/counter.go
 delete mode 100644 vendor/github.com/yvasiyarov/go-metrics/debug.go
 delete mode 100644 vendor/github.com/yvasiyarov/go-metrics/ewma.go
 delete mode 100644 vendor/github.com/yvasiyarov/go-metrics/gauge.go
 delete mode 100644 vendor/github.com/yvasiyarov/go-metrics/gauge_float64.go
 delete mode 100644 vendor/github.com/yvasiyarov/go-metrics/graphite.go
 delete mode 100644 vendor/github.com/yvasiyarov/go-metrics/healthcheck.go
 delete mode 100644 vendor/github.com/yvasiyarov/go-metrics/histogram.go
 delete mode 100644 vendor/github.com/yvasiyarov/go-metrics/json.go
 delete mode 100644 vendor/github.com/yvasiyarov/go-metrics/log.go
 delete mode 100644 vendor/github.com/yvasiyarov/go-metrics/memory.md
 delete mode 100644 vendor/github.com/yvasiyarov/go-metrics/meter.go
 delete mode 100644 vendor/github.com/yvasiyarov/go-metrics/metrics.go
 delete mode 100644 vendor/github.com/yvasiyarov/go-metrics/opentsdb.go
 delete mode 100644 vendor/github.com/yvasiyarov/go-metrics/registry.go
 delete mode 100644 vendor/github.com/yvasiyarov/go-metrics/runtime.go
 delete mode 100644 vendor/github.com/yvasiyarov/go-metrics/runtime_cgo.go
 delete mode 100644 vendor/github.com/yvasiyarov/go-metrics/runtime_no_cgo.go
 delete mode 100644 vendor/github.com/yvasiyarov/go-metrics/sample.go
 delete mode 100644 vendor/github.com/yvasiyarov/go-metrics/syslog.go
 delete mode 100644 vendor/github.com/yvasiyarov/go-metrics/timer.go
 delete mode 100644 vendor/github.com/yvasiyarov/go-metrics/writer.go
 delete mode 100644 vendor/github.com/yvasiyarov/gorelic/.gitignore
 delete mode 100644 vendor/github.com/yvasiyarov/gorelic/.travis.yml
 delete mode 100644 vendor/github.com/yvasiyarov/gorelic/LICENSE
 delete mode 100644 vendor/github.com/yvasiyarov/gorelic/README.md
 delete mode 100644 vendor/github.com/yvasiyarov/gorelic/agent.go
 delete mode 100644 vendor/github.com/yvasiyarov/gorelic/doc.go
 delete mode 100644 vendor/github.com/yvasiyarov/gorelic/gc_metrics.go
 delete mode 100644 vendor/github.com/yvasiyarov/gorelic/gometrica.go
 delete mode 100644 vendor/github.com/yvasiyarov/gorelic/http_metrics.go
 delete mode 100644 vendor/github.com/yvasiyarov/gorelic/memory_metrics.go
 delete mode 100644 vendor/github.com/yvasiyarov/gorelic/nut.json
 delete mode 100644 vendor/github.com/yvasiyarov/gorelic/runtime_metrics.go
 delete mode 100644 vendor/github.com/yvasiyarov/newrelic_platform_go/.travis.yml
 delete mode 100644 vendor/github.com/yvasiyarov/newrelic_platform_go/LICENSE
 delete mode 100644 vendor/github.com/yvasiyarov/newrelic_platform_go/README.md
 delete mode 100644 vendor/github.com/yvasiyarov/newrelic_platform_go/agent.go
 delete mode 100644 vendor/github.com/yvasiyarov/newrelic_platform_go/component.go
 delete mode 100644 vendor/github.com/yvasiyarov/newrelic_platform_go/doc.go
 delete mode 100644 vendor/github.com/yvasiyarov/newrelic_platform_go/metrica.go
 delete mode 100644 vendor/github.com/yvasiyarov/newrelic_platform_go/nut.json
 delete mode 100644 vendor/github.com/yvasiyarov/newrelic_platform_go/plugin.go
 delete mode 100644 vendor/google.golang.org/api/googleapi/googleapi.go
 delete mode 100644 vendor/google.golang.org/api/googleapi/types.go
 delete mode 100644 vendor/google.golang.org/api/internal/gensupport/buffer.go
 delete mode 100644 vendor/google.golang.org/api/internal/gensupport/doc.go
 delete mode 100644 vendor/google.golang.org/api/internal/gensupport/error.go
 delete mode 100644 vendor/google.golang.org/api/internal/gensupport/json.go
 delete mode 100644 vendor/google.golang.org/api/internal/gensupport/jsonfloat.go
 delete mode 100644 vendor/google.golang.org/api/internal/gensupport/media.go
 delete mode 100644 vendor/google.golang.org/api/internal/gensupport/params.go
 delete mode 100644 vendor/google.golang.org/api/internal/gensupport/resumable.go
 delete mode 100644 vendor/google.golang.org/api/internal/gensupport/retry.go
 delete mode 100644 vendor/google.golang.org/api/internal/gensupport/retryable_linux.go
 delete mode 100644 vendor/google.golang.org/api/internal/gensupport/send.go
 delete mode 100644 vendor/google.golang.org/api/internal/gensupport/version.go
 delete mode 100644 vendor/google.golang.org/api/internal/third_party/uritemplates/LICENSE
 delete mode 100644 vendor/google.golang.org/api/internal/third_party/uritemplates/METADATA
 delete mode 100644 vendor/google.golang.org/api/internal/third_party/uritemplates/uritemplates.go
 delete mode 100644 vendor/google.golang.org/api/internal/third_party/uritemplates/utils.go
 delete mode 100644 vendor/google.golang.org/api/storage/v1/storage-api.json
 delete mode 100644 vendor/google.golang.org/api/storage/v1/storage-gen.go
 delete mode 100644 vendor/google.golang.org/cloud/.travis.yml
 delete mode 100644 vendor/google.golang.org/cloud/AUTHORS
 delete mode 100644 vendor/google.golang.org/cloud/CONTRIBUTING.md
 delete mode 100644 vendor/google.golang.org/cloud/CONTRIBUTORS
 delete mode 100644 vendor/google.golang.org/cloud/LICENSE
 delete mode 100644 vendor/google.golang.org/cloud/README.md
 delete mode 100644 vendor/google.golang.org/cloud/cloud.go
 delete mode 100644 vendor/google.golang.org/cloud/internal/cloud.go
 delete mode 100644 vendor/google.golang.org/cloud/internal/opts/option.go
 delete mode 100644 vendor/google.golang.org/cloud/key.json.enc
 delete mode 100644 vendor/google.golang.org/cloud/option.go
 delete mode 100644 vendor/google.golang.org/cloud/storage/acl.go
 delete mode 100644 vendor/google.golang.org/cloud/storage/storage.go
 delete mode 100644 vendor/google.golang.org/cloud/storage/types.go
 delete mode 100644 vendor/google.golang.org/genproto/googleapis/rpc/code/code.pb.go
 delete mode 100644 vendor/google.golang.org/genproto/googleapis/rpc/errdetails/error_details.pb.go
 delete mode 100644 vendor/gopkg.in/check.v1/.gitignore
 delete mode 100644 vendor/gopkg.in/check.v1/.travis.yml
 delete mode 100644 vendor/gopkg.in/check.v1/LICENSE
 delete mode 100644 vendor/gopkg.in/check.v1/README.md
 delete mode 100644 vendor/gopkg.in/check.v1/TODO
 delete mode 100644 vendor/gopkg.in/check.v1/benchmark.go
 delete mode 100644 vendor/gopkg.in/check.v1/check.go
 delete mode 100644 vendor/gopkg.in/check.v1/checkers.go
 delete mode 100644 vendor/gopkg.in/check.v1/helpers.go
 delete mode 100644 vendor/gopkg.in/check.v1/printer.go
 delete mode 100644 vendor/gopkg.in/check.v1/reporter.go
 delete mode 100644 vendor/gopkg.in/check.v1/run.go
 delete mode 100644 vendor/rsc.io/letsencrypt/LICENSE
 delete mode 100644 vendor/rsc.io/letsencrypt/README.md
 delete mode 100644 vendor/rsc.io/letsencrypt/doc.go

diff --git a/apis/go.mod b/apis/go.mod
index 0a7d35d2c..1d5245a4c 100644
--- a/apis/go.mod
+++ b/apis/go.mod
@@ -23,14 +23,14 @@ require (
 	github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/blang/semver/v4 v4.0.0 // indirect
-	github.com/cenkalti/backoff/v4 v4.1.3 // indirect
+	github.com/cenkalti/backoff/v4 v4.2.1 // indirect
 	github.com/cespare/xxhash/v2 v2.2.0 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/emicklei/go-restful/v3 v3.9.0 // indirect
-	github.com/felixge/httpsnoop v1.0.3 // indirect
+	github.com/felixge/httpsnoop v1.0.4 // indirect
 	github.com/fsnotify/fsnotify v1.6.0 // indirect
 	github.com/ghodss/yaml v1.0.0 // indirect
-	github.com/go-logr/logr v1.2.4 // indirect
+	github.com/go-logr/logr v1.3.0 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/go-openapi/jsonpointer v0.19.6 // indirect
 	github.com/go-openapi/swag v0.22.3 // indirect
@@ -38,10 +38,10 @@ require (
 	github.com/golang/protobuf v1.5.3 // indirect
 	github.com/google/cel-go v0.12.6 // indirect
 	github.com/google/gnostic v0.5.7-v3refs // indirect
-	github.com/google/go-cmp v0.5.9 // indirect
+	github.com/google/go-cmp v0.6.0 // indirect
 	github.com/google/gofuzz v1.1.0 // indirect
-	github.com/google/uuid v1.3.0 // indirect
-	github.com/grpc-ecosystem/grpc-gateway/v2 v2.7.0 // indirect
+	github.com/google/uuid v1.3.1 // indirect
+	github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.0 // indirect
 	github.com/imdario/mergo v0.3.6 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
@@ -61,27 +61,27 @@ require (
 	github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f // indirect
 	github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
 	github.com/xeipuuv/gojsonschema v1.2.0 // indirect
-	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.35.1 // indirect
-	go.opentelemetry.io/otel v1.10.0 // indirect
-	go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.10.0 // indirect
-	go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.10.0 // indirect
-	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.10.0 // indirect
-	go.opentelemetry.io/otel/metric v0.31.0 // indirect
-	go.opentelemetry.io/otel/sdk v1.10.0 // indirect
-	go.opentelemetry.io/otel/trace v1.10.0 // indirect
-	go.opentelemetry.io/proto/otlp v0.19.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.46.1 // indirect
+	go.opentelemetry.io/otel v1.21.0 // indirect
+	go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.21.0 // indirect
+	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.21.0 // indirect
+	go.opentelemetry.io/otel/metric v1.21.0 // indirect
+	go.opentelemetry.io/otel/sdk v1.21.0 // indirect
+	go.opentelemetry.io/otel/trace v1.21.0 // indirect
+	go.opentelemetry.io/proto/otlp v1.0.0 // indirect
 	golang.org/x/mod v0.10.0 // indirect
 	golang.org/x/net v0.17.0 // indirect
-	golang.org/x/oauth2 v0.7.0 // indirect
-	golang.org/x/sys v0.13.0 // indirect
+	golang.org/x/oauth2 v0.11.0 // indirect
+	golang.org/x/sys v0.14.0 // indirect
 	golang.org/x/term v0.13.0 // indirect
 	golang.org/x/text v0.13.0 // indirect
 	golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 // indirect
 	golang.org/x/tools v0.9.1 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
-	google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 // indirect
-	google.golang.org/grpc v1.56.3 // indirect
-	google.golang.org/protobuf v1.30.0 // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20230822172742-b8732ec3820d // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20230822172742-b8732ec3820d // indirect
+	google.golang.org/grpc v1.59.0 // indirect
+	google.golang.org/protobuf v1.31.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
diff --git a/apis/go.sum b/apis/go.sum
index 1c3978a96..80233a4f7 100644
--- a/apis/go.sum
+++ b/apis/go.sum
@@ -33,13 +33,11 @@ cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9
 dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
-github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
 github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
 github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
 github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
 github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
 github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho=
-github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
 github.com/antlr/antlr4/runtime/Go/antlr v1.4.10 h1:yL7+Jz0jTC6yykIK/Wh74gnTJnrGr5AyrNMXuA0gves=
 github.com/antlr/antlr4/runtime/Go/antlr v1.4.10/go.mod h1:F7bn7fEU90QkQ3tnmaTx3LTKLEDqnwWODIYppRQ5hnY=
 github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a h1:idn718Q4B6AGu/h5Sxe66HYVdqdGu2l9Iebqhi/AEoA=
@@ -50,10 +48,9 @@ github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
 github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM=
 github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ=
-github.com/cenkalti/backoff/v4 v4.1.3 h1:cFAlzYUlVYDysBEH2T5hyJZMh3+5+WCBvSnK6Q8UtC4=
-github.com/cenkalti/backoff/v4 v4.1.3/go.mod h1:scbssz8iZGpm3xbr14ovlUdkxfGXNInqkPWOWmG2CLw=
+github.com/cenkalti/backoff/v4 v4.2.1 h1:y4OZtCnogmCPw98Zjyt5a6+QwPLGkiQsYW5oUqylYbM=
+github.com/cenkalti/backoff/v4 v4.2.1/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
-github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc=
 github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/cespare/xxhash/v2 v2.1.2/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44=
@@ -63,12 +60,6 @@ github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5P
 github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
-github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
-github.com/cncf/udpa/go v0.0.0-20210930031921-04548b0d99d4/go.mod h1:6pvJx4me5XPnfI9Z40ddWsdw2W/uZgQLFXToKeRcDiI=
-github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
-github.com/cncf/xds/go v0.0.0-20210805033703-aa0b78936158/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
-github.com/cncf/xds/go v0.0.0-20210922020428-25de7278fc84/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
-github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
@@ -79,12 +70,9 @@ github.com/emicklei/go-restful/v3 v3.9.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry
 github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
-github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk=
-github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ=
-github.com/envoyproxy/go-control-plane v0.9.10-0.20210907150352-cf90f659a021/go.mod h1:AFq3mo9L8Lqqiid3OhADV3RfLJnjiw63cSpi+fDTRC0=
 github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
-github.com/felixge/httpsnoop v1.0.3 h1:s/nj+GCswXYzN5v2DpNMuMQYe+0DDwt5WVCU6CWBdXk=
-github.com/felixge/httpsnoop v1.0.3/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
+github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg=
+github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
 github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
 github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
 github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4HY=
@@ -107,8 +95,8 @@ github.com/go-logfmt/logfmt v0.5.1/go.mod h1:WYhtIu8zTZfxdn5+rREduYbwxfcBr/Vr6KE
 github.com/go-logr/logr v0.2.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU=
 github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
 github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
-github.com/go-logr/logr v1.2.4 h1:g01GSCwiDw2xSZfjJ2/T9M+S6pFdcNtFYsp+Y43HYDQ=
-github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
+github.com/go-logr/logr v1.3.0 h1:2y3SDp0ZXuc6/cjLSZ+Q3ir+QB9T/iG5yYRXqsagWSY=
+github.com/go-logr/logr v1.3.0/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
 github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
 github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
 github.com/go-openapi/jsonpointer v0.19.6 h1:eCs3fxoIi3Wh6vtgmLTOjdhSpiqphQ+DaPn38N2ZdrE=
@@ -124,8 +112,7 @@ github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7a
 github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
 github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
-github.com/golang/glog v1.0.0/go.mod h1:EWib/APOK0SL3dFbYqvxE3UYd8E6s1ouQ7iEp/0LWV4=
-github.com/golang/glog v1.1.0 h1:/d3pCKDPWNnvIWe0vVUpNP32qc8U3PDVxySP/y360qE=
+github.com/golang/glog v1.1.2 h1:DVjP2PbBOzHyzA+dn3WhHIq4NdVu3Q+pvivFICf/7fo=
 github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
@@ -169,9 +156,8 @@ github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
 github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
-github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
+github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/gofuzz v1.1.0 h1:Hsa8mG0dQ46ij8Sl2AYJDUv1oA9/d6Vk+3LG99Oe02g=
 github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
@@ -186,14 +172,12 @@ github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hf
 github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
 github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 h1:K6RDEckDVWvDI9JAJYCmNdQXq6neHJOYx3V6jnqNEec=
 github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
-github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
-github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/google/uuid v1.3.1 h1:KjJaJ9iWZ3jOFZIf1Lqf4laDRCasjl0BCmnEGxkdLb4=
+github.com/google/uuid v1.3.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
 github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
-github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw=
-github.com/grpc-ecosystem/grpc-gateway/v2 v2.7.0 h1:BZHcxBETFHIdVyhyEfOvn/RdU/QGdLI4y34qQGjGWO0=
-github.com/grpc-ecosystem/grpc-gateway/v2 v2.7.0/go.mod h1:hgWBS7lorOAVIJEQMi4ZsPv9hVvWI6+ch50m39Pf2Ks=
+github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.0 h1:YBftPWNWd4WwGqtY2yeZL2ef8rHAxPBD8KFhJpmcqms=
+github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.0/go.mod h1:YN5jB8ie0yfIUg6VvR9Kz84aCaG7AsGZnLjhHbUqwPg=
 github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
 github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
 github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
@@ -220,7 +204,7 @@ github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFB
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
 github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
 github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
-github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0=
+github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
@@ -288,13 +272,11 @@ github.com/prometheus/procfs v0.8.0 h1:ODq8ZFEaYeCaZOJlZZdJA2AbQR98dSHSM1KW/You5
 github.com/prometheus/procfs v0.8.0/go.mod h1:z7EfXMXOkbkqb9IINtpCn86r/to3BnA0uaxHdg830/4=
 github.com/robfig/cron/v3 v3.0.1 h1:WdRxkvbJztn8LMz/QEvLN5sBU+xKpSqwwUO1Pjr4qDs=
 github.com/robfig/cron/v3 v3.0.1/go.mod h1:eQICP3HwyT7UooqI/z+Ov+PtYAWygg1TEWWzGIFLtro=
-github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ=
 github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
 github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ=
 github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
 github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
 github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88=
-github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
 github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
 github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
 github.com/stoewer/go-strcase v1.2.0 h1:Z2iHWqGXH00XYgqDmNgQbIBxf3wrNq0F3feEy0ainaU=
@@ -307,11 +289,10 @@ github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXf
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
 github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
-github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
-github.com/stretchr/testify v1.8.1 h1:w7B6lhMri9wdJUVmEZPGGhZzrYTPvgJArz7wNPgYKsk=
 github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
+github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
 github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f h1:J9EGpcZtP0E/raorCMxlFGSTBrsSlaDGf3jU/qvAE2c=
 github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
 github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 h1:EzJWgHovont7NscjpAxXsDA8S8BMYve8Y5+7cuRE7R0=
@@ -327,26 +308,23 @@ go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
 go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
 go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
 go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
-go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.35.1 h1:sxoY9kG1s1WpSYNyzm24rlwH4lnRYFXUVVBmKMBfRgw=
-go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.35.1/go.mod h1:9NiG9I2aHTKkcxqCILhjtyNA1QEiCjdBACv4IvrFQ+c=
-go.opentelemetry.io/otel v1.10.0 h1:Y7DTJMR6zs1xkS/upamJYk0SxxN4C9AqRd77jmZnyY4=
-go.opentelemetry.io/otel v1.10.0/go.mod h1:NbvWjCthWHKBEUMpf0/v8ZRZlni86PpGFEMA9pnQSnQ=
-go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.10.0 h1:TaB+1rQhddO1sF71MpZOZAuSPW1klK2M8XxfrBMfK7Y=
-go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.10.0/go.mod h1:78XhIg8Ht9vR4tbLNUhXsiOnE2HOuSeKAiAcoVQEpOY=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.10.0 h1:pDDYmo0QadUPal5fwXoY1pmMpFcdyhXOmL5drCrI3vU=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.10.0/go.mod h1:Krqnjl22jUJ0HgMzw5eveuCvFDXY4nSYb4F8t5gdrag=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.10.0 h1:KtiUEhQmj/Pa874bVYKGNVdq8NPKiacPbaRRtgXi+t4=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.10.0/go.mod h1:OfUCyyIiDvNXHWpcWgbF+MWvqPZiNa3YDEnivcnYsV0=
-go.opentelemetry.io/otel/metric v0.31.0 h1:6SiklT+gfWAwWUR0meEMxQBtihpiEs4c+vL9spDTqUs=
-go.opentelemetry.io/otel/metric v0.31.0/go.mod h1:ohmwj9KTSIeBnDBm/ZwH2PSZxZzoOaG2xZeekTRzL5A=
-go.opentelemetry.io/otel/sdk v1.10.0 h1:jZ6K7sVn04kk/3DNUdJ4mqRlGDiXAVuIG+MMENpTNdY=
-go.opentelemetry.io/otel/sdk v1.10.0/go.mod h1:vO06iKzD5baltJz1zarxMCNHFpUlUiOy4s65ECtn6kE=
-go.opentelemetry.io/otel/trace v1.10.0 h1:npQMbR8o7mum8uF95yFbOEJffhs1sbCOfDh8zAJiH5E=
-go.opentelemetry.io/otel/trace v1.10.0/go.mod h1:Sij3YYczqAdz+EhmGhE6TpTxUO5/F/AzrK+kxfGqySM=
-go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI=
-go.opentelemetry.io/proto/otlp v0.19.0 h1:IVN6GR+mhC4s5yfcTbmzHYODqvWAp3ZedA2SJPI1Nnw=
-go.opentelemetry.io/proto/otlp v0.19.0/go.mod h1:H7XAot3MsfNsj7EXtrA2q5xSNQ10UqI405h3+duxN4U=
-go.uber.org/goleak v1.2.1 h1:NBol2c7O1ZokfZ0LEU9K6Whx/KnwvepVetCUhtKja4A=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.46.1 h1:aFJWCqJMNjENlcleuuOkGAPH82y0yULBScfXcIEdS24=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.46.1/go.mod h1:sEGXWArGqc3tVa+ekntsN65DmVbVeW+7lTKTjZF3/Fo=
+go.opentelemetry.io/otel v1.21.0 h1:hzLeKBZEL7Okw2mGzZ0cc4k/A7Fta0uoPgaJCr8fsFc=
+go.opentelemetry.io/otel v1.21.0/go.mod h1:QZzNPQPm1zLX4gZK4cMi+71eaorMSGT3A4znnUvNNEo=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.21.0 h1:cl5P5/GIfFh4t6xyruOgJP5QiA1pw4fYYdv6nc6CBWw=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.21.0/go.mod h1:zgBdWWAu7oEEMC06MMKc5NLbA/1YDXV1sMpSqEeLQLg=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.21.0 h1:tIqheXEFWAZ7O8A7m+J0aPTmpJN3YQ7qetUAdkkkKpk=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.21.0/go.mod h1:nUeKExfxAQVbiVFn32YXpXZZHZ61Cc3s3Rn1pDBGAb0=
+go.opentelemetry.io/otel/metric v1.21.0 h1:tlYWfeo+Bocx5kLEloTjbcDwBuELRrIFxwdQ36PlJu4=
+go.opentelemetry.io/otel/metric v1.21.0/go.mod h1:o1p3CA8nNHW8j5yuQLdc1eeqEaPfzug24uvsyIEJRWM=
+go.opentelemetry.io/otel/sdk v1.21.0 h1:FTt8qirL1EysG6sTQRZ5TokkU8d0ugCj8htOgThZXQ8=
+go.opentelemetry.io/otel/sdk v1.21.0/go.mod h1:Nna6Yv7PWTdgJHVRD9hIYywQBRx7pbox6nwBnZIxl/E=
+go.opentelemetry.io/otel/trace v1.21.0 h1:WD9i5gzvoUPuXIXH24ZNBudiarZDKuekPqi/E8fpfLc=
+go.opentelemetry.io/otel/trace v1.21.0/go.mod h1:LGbsEB0f9LGjN+OZaQQ26sohbOmiMR+BaslueVtS/qQ=
+go.opentelemetry.io/proto/otlp v1.0.0 h1:T0TX0tmXU8a3CbNXzEKGeU5mIVOdf0oykP+u2lIVU/I=
+go.opentelemetry.io/proto/otlp v1.0.0/go.mod h1:Sy6pihPLfYHkr3NkUbEhGHFhINUSI/v80hjKIs5JXpM=
+go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
 golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
@@ -416,7 +394,6 @@ golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81R
 golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
 golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
 golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
 golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
 golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
@@ -428,10 +405,9 @@ golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4Iltr
 golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc=
-golang.org/x/oauth2 v0.7.0 h1:qe6s0zUXlPX80/dITx3440hWZ7GwMwgDDyrSGTPJG/g=
-golang.org/x/oauth2 v0.7.0/go.mod h1:hPLQkd9LyjfXTiRohC/41GhcFqxisoUQ99sCUOHO9x4=
+golang.org/x/oauth2 v0.11.0 h1:vPL4xzxBM4niKCW6g9whtaWVXTJf1U5e4aZxxFx/gbU=
+golang.org/x/oauth2 v0.11.0/go.mod h1:LdF7O/8bLR/qWK9DrpXmbHLTouvRHK0SgJl0GmDBchk=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -481,16 +457,14 @@ golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210112080510-489259a85091/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE=
-golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.14.0 h1:Vz7Qs629MkJkGyHxUlRHizWJRG2j8fbQKjELVSNhy7Q=
+golang.org/x/sys v0.14.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.13.0 h1:bb+I9cTfFazGW51MZqBVmZy7+JEJMouUHTUSKVQLBek=
@@ -500,7 +474,6 @@ golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k=
@@ -607,7 +580,6 @@ google.golang.org/genproto v0.0.0-20200312145019-da6875a35672/go.mod h1:55QSHmfG
 google.golang.org/genproto v0.0.0-20200331122359-1ee6d9798940/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
 google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
 google.golang.org/genproto v0.0.0-20200511104702-f5ebc3bea380/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200513103714-09dca8ec2884/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
 google.golang.org/genproto v0.0.0-20200515170657-fc4c6c6a6587/go.mod h1:YsZOwe1myG/8QRHRsmBRE1LrgQY60beZKjly0O1fX9U=
 google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
 google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA=
@@ -615,9 +587,11 @@ google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6D
 google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20201019141844-1ed22bb0c154/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20211118181313-81c1377c94b1/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
-google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 h1:KpwkzHKEF7B9Zxg18WzOa7djJ+Ha5DzthMyZYQfEn2A=
-google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1/go.mod h1:nKE/iIaLqn2bQwXBg8f1g2Ylh6r5MN5CmZvuzZCgsCU=
+google.golang.org/genproto v0.0.0-20230822172742-b8732ec3820d h1:VBu5YqKPv6XiJ199exd8Br+Aetz+o08F+PLMnwJQHAY=
+google.golang.org/genproto/googleapis/api v0.0.0-20230822172742-b8732ec3820d h1:DoPTO70H+bcDXcd39vOqb2viZxgqeBeSGtZ55yZU4/Q=
+google.golang.org/genproto/googleapis/api v0.0.0-20230822172742-b8732ec3820d/go.mod h1:KjSP20unUpOx5kyQUFa7k4OJg0qeJ7DEZflGDu2p6Bk=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20230822172742-b8732ec3820d h1:uvYuEyMHKNt+lT4K3bN6fGswmK8qSvcreM3BwjDh+y4=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20230822172742-b8732ec3820d/go.mod h1:+Bk1OCOj40wS2hwAMA+aCW9ypzm63QTBBHp6lQ3p+9M=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
 google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
@@ -630,12 +604,8 @@ google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKa
 google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk=
 google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
 google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
-google.golang.org/grpc v1.33.1/go.mod h1:fr5YgcSWrqhRRxogOsw7RzIpsmvOZ6IcH4kBYTpR3n0=
-google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
-google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34=
-google.golang.org/grpc v1.42.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU=
-google.golang.org/grpc v1.56.3 h1:8I4C0Yq1EjstUzUJzpcRVbuYA2mODtEmpWiQoN/b2nc=
-google.golang.org/grpc v1.56.3/go.mod h1:I9bI3vqKfayGqPUAwGdOSu7kt6oIJLixfffKrpXqQ9s=
+google.golang.org/grpc v1.59.0 h1:Z5Iec2pjwb+LEOqzpB2MR12/eKFhDPhuqW91O+4bwUk=
+google.golang.org/grpc v1.59.0/go.mod h1:aUPDwccQo6OTjy7Hct4AfBPD1GptF4fyUjIkQ9YtF98=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
 google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
 google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
@@ -648,9 +618,8 @@ google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGj
 google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
 google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-google.golang.org/protobuf v1.30.0 h1:kPPoIgf3TsEvrm0PFe15JQ+570QVxYzEvvHqChK+cng=
-google.golang.org/protobuf v1.30.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
+google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs8=
+google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
 gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
@@ -665,7 +634,6 @@ gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkep
 gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
 gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
diff --git a/apis/vendor/github.com/cenkalti/backoff/v4/.travis.yml b/apis/vendor/github.com/cenkalti/backoff/v4/.travis.yml
deleted file mode 100644
index c79105c2f..000000000
--- a/apis/vendor/github.com/cenkalti/backoff/v4/.travis.yml
+++ /dev/null
@@ -1,10 +0,0 @@
-language: go
-go:
-  - 1.13
-  - 1.x
-  - tip
-before_install:
-  - go get github.com/mattn/goveralls
-  - go get golang.org/x/tools/cmd/cover
-script:
-  - $HOME/gopath/bin/goveralls -service=travis-ci
diff --git a/apis/vendor/github.com/cenkalti/backoff/v4/retry.go b/apis/vendor/github.com/cenkalti/backoff/v4/retry.go
index 1ce2507eb..b9c0c51cd 100644
--- a/apis/vendor/github.com/cenkalti/backoff/v4/retry.go
+++ b/apis/vendor/github.com/cenkalti/backoff/v4/retry.go
@@ -5,10 +5,20 @@ import (
 	"time"
 )
 
+// An OperationWithData is executing by RetryWithData() or RetryNotifyWithData().
+// The operation will be retried using a backoff policy if it returns an error.
+type OperationWithData[T any] func() (T, error)
+
 // An Operation is executing by Retry() or RetryNotify().
 // The operation will be retried using a backoff policy if it returns an error.
 type Operation func() error
 
+func (o Operation) withEmptyData() OperationWithData[struct{}] {
+	return func() (struct{}, error) {
+		return struct{}{}, o()
+	}
+}
+
 // Notify is a notify-on-error function. It receives an operation error and
 // backoff delay if the operation failed (with an error).
 //
@@ -28,18 +38,41 @@ func Retry(o Operation, b BackOff) error {
 	return RetryNotify(o, b, nil)
 }
 
+// RetryWithData is like Retry but returns data in the response too.
+func RetryWithData[T any](o OperationWithData[T], b BackOff) (T, error) {
+	return RetryNotifyWithData(o, b, nil)
+}
+
 // RetryNotify calls notify function with the error and wait duration
 // for each failed attempt before sleep.
 func RetryNotify(operation Operation, b BackOff, notify Notify) error {
 	return RetryNotifyWithTimer(operation, b, notify, nil)
 }
 
+// RetryNotifyWithData is like RetryNotify but returns data in the response too.
+func RetryNotifyWithData[T any](operation OperationWithData[T], b BackOff, notify Notify) (T, error) {
+	return doRetryNotify(operation, b, notify, nil)
+}
+
 // RetryNotifyWithTimer calls notify function with the error and wait duration using the given Timer
 // for each failed attempt before sleep.
 // A default timer that uses system timer is used when nil is passed.
 func RetryNotifyWithTimer(operation Operation, b BackOff, notify Notify, t Timer) error {
-	var err error
-	var next time.Duration
+	_, err := doRetryNotify(operation.withEmptyData(), b, notify, t)
+	return err
+}
+
+// RetryNotifyWithTimerAndData is like RetryNotifyWithTimer but returns data in the response too.
+func RetryNotifyWithTimerAndData[T any](operation OperationWithData[T], b BackOff, notify Notify, t Timer) (T, error) {
+	return doRetryNotify(operation, b, notify, t)
+}
+
+func doRetryNotify[T any](operation OperationWithData[T], b BackOff, notify Notify, t Timer) (T, error) {
+	var (
+		err  error
+		next time.Duration
+		res  T
+	)
 	if t == nil {
 		t = &defaultTimer{}
 	}
@@ -52,21 +85,22 @@ func RetryNotifyWithTimer(operation Operation, b BackOff, notify Notify, t Timer
 
 	b.Reset()
 	for {
-		if err = operation(); err == nil {
-			return nil
+		res, err = operation()
+		if err == nil {
+			return res, nil
 		}
 
 		var permanent *PermanentError
 		if errors.As(err, &permanent) {
-			return permanent.Err
+			return res, permanent.Err
 		}
 
 		if next = b.NextBackOff(); next == Stop {
 			if cerr := ctx.Err(); cerr != nil {
-				return cerr
+				return res, cerr
 			}
 
-			return err
+			return res, err
 		}
 
 		if notify != nil {
@@ -77,7 +111,7 @@ func RetryNotifyWithTimer(operation Operation, b BackOff, notify Notify, t Timer
 
 		select {
 		case <-ctx.Done():
-			return ctx.Err()
+			return res, ctx.Err()
 		case <-t.C():
 		}
 	}
diff --git a/apis/vendor/github.com/felixge/httpsnoop/.travis.yml b/apis/vendor/github.com/felixge/httpsnoop/.travis.yml
deleted file mode 100644
index bfc421200..000000000
--- a/apis/vendor/github.com/felixge/httpsnoop/.travis.yml
+++ /dev/null
@@ -1,6 +0,0 @@
-language: go
-
-go:
-  - 1.6
-  - 1.7
-  - 1.8
diff --git a/apis/vendor/github.com/felixge/httpsnoop/Makefile b/apis/vendor/github.com/felixge/httpsnoop/Makefile
index 2d84889ae..4e12afdd9 100644
--- a/apis/vendor/github.com/felixge/httpsnoop/Makefile
+++ b/apis/vendor/github.com/felixge/httpsnoop/Makefile
@@ -1,7 +1,7 @@
 .PHONY: ci generate clean
 
 ci: clean generate
-	go test -v ./...
+	go test -race -v ./...
 
 generate:
 	go generate .
diff --git a/apis/vendor/github.com/felixge/httpsnoop/README.md b/apis/vendor/github.com/felixge/httpsnoop/README.md
index ddcecd13e..cf6b42f3d 100644
--- a/apis/vendor/github.com/felixge/httpsnoop/README.md
+++ b/apis/vendor/github.com/felixge/httpsnoop/README.md
@@ -7,8 +7,8 @@ http.Handlers.
 Doing this requires non-trivial wrapping of the http.ResponseWriter interface,
 which is also exposed for users interested in a more low-level API.
 
-[![GoDoc](https://godoc.org/github.com/felixge/httpsnoop?status.svg)](https://godoc.org/github.com/felixge/httpsnoop)
-[![Build Status](https://travis-ci.org/felixge/httpsnoop.svg?branch=master)](https://travis-ci.org/felixge/httpsnoop)
+[![Go Reference](https://pkg.go.dev/badge/github.com/felixge/httpsnoop.svg)](https://pkg.go.dev/github.com/felixge/httpsnoop)
+[![Build Status](https://github.com/felixge/httpsnoop/actions/workflows/main.yaml/badge.svg)](https://github.com/felixge/httpsnoop/actions/workflows/main.yaml)
 
 ## Usage Example
 
diff --git a/apis/vendor/github.com/felixge/httpsnoop/capture_metrics.go b/apis/vendor/github.com/felixge/httpsnoop/capture_metrics.go
index b77cc7c00..bec7b71b3 100644
--- a/apis/vendor/github.com/felixge/httpsnoop/capture_metrics.go
+++ b/apis/vendor/github.com/felixge/httpsnoop/capture_metrics.go
@@ -52,7 +52,7 @@ func (m *Metrics) CaptureMetrics(w http.ResponseWriter, fn func(http.ResponseWri
 				return func(code int) {
 					next(code)
 
-					if !headerWritten {
+					if !(code >= 100 && code <= 199) && !headerWritten {
 						m.Code = code
 						headerWritten = true
 					}
diff --git a/apis/vendor/github.com/felixge/httpsnoop/wrap_generated_gteq_1.8.go b/apis/vendor/github.com/felixge/httpsnoop/wrap_generated_gteq_1.8.go
index 31cbdfb8e..101cedde6 100644
--- a/apis/vendor/github.com/felixge/httpsnoop/wrap_generated_gteq_1.8.go
+++ b/apis/vendor/github.com/felixge/httpsnoop/wrap_generated_gteq_1.8.go
@@ -1,5 +1,5 @@
 // +build go1.8
-// Code generated by "httpsnoop/codegen"; DO NOT EDIT
+// Code generated by "httpsnoop/codegen"; DO NOT EDIT.
 
 package httpsnoop
 
diff --git a/apis/vendor/github.com/felixge/httpsnoop/wrap_generated_lt_1.8.go b/apis/vendor/github.com/felixge/httpsnoop/wrap_generated_lt_1.8.go
index ab99c07c7..e0951df15 100644
--- a/apis/vendor/github.com/felixge/httpsnoop/wrap_generated_lt_1.8.go
+++ b/apis/vendor/github.com/felixge/httpsnoop/wrap_generated_lt_1.8.go
@@ -1,5 +1,5 @@
 // +build !go1.8
-// Code generated by "httpsnoop/codegen"; DO NOT EDIT
+// Code generated by "httpsnoop/codegen"; DO NOT EDIT.
 
 package httpsnoop
 
diff --git a/apis/vendor/github.com/go-logr/logr/README.md b/apis/vendor/github.com/go-logr/logr/README.md
index ab5931181..a8c29bfbd 100644
--- a/apis/vendor/github.com/go-logr/logr/README.md
+++ b/apis/vendor/github.com/go-logr/logr/README.md
@@ -1,6 +1,7 @@
 # A minimal logging API for Go
 
 [![Go Reference](https://pkg.go.dev/badge/github.com/go-logr/logr.svg)](https://pkg.go.dev/github.com/go-logr/logr)
+[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/go-logr/logr/badge)](https://securityscorecards.dev/viewer/?platform=github.com&org=go-logr&repo=logr)
 
 logr offers an(other) opinion on how Go programs and libraries can do logging
 without becoming coupled to a particular logging implementation.  This is not
@@ -73,6 +74,29 @@ received:
 If the Go standard library had defined an interface for logging, this project
 probably would not be needed.  Alas, here we are.
 
+When the Go developers started developing such an interface with
+[slog](https://github.com/golang/go/issues/56345), they adopted some of the
+logr design but also left out some parts and changed others:
+
+| Feature | logr | slog |
+|---------|------|------|
+| High-level API | `Logger` (passed by value) | `Logger` (passed by [pointer](https://github.com/golang/go/issues/59126)) |
+| Low-level API | `LogSink` | `Handler` |
+| Stack unwinding | done by `LogSink` | done by `Logger` |
+| Skipping helper functions | `WithCallDepth`, `WithCallStackHelper` | [not supported by Logger](https://github.com/golang/go/issues/59145) |
+| Generating a value for logging on demand | `Marshaler` | `LogValuer` |
+| Log levels | >= 0, higher meaning "less important" | positive and negative, with 0 for "info" and higher meaning "more important" |
+| Error log entries | always logged, don't have a verbosity level | normal log entries with level >= `LevelError` |
+| Passing logger via context | `NewContext`, `FromContext` | no API |
+| Adding a name to a logger | `WithName` | no API |
+| Modify verbosity of log entries in a call chain | `V` | no API |
+| Grouping of key/value pairs | not supported | `WithGroup`, `GroupValue` |
+
+The high-level slog API is explicitly meant to be one of many different APIs
+that can be layered on top of a shared `slog.Handler`. logr is one such
+alternative API, with [interoperability](#slog-interoperability) provided by the [`slogr`](slogr)
+package.
+
 ### Inspiration
 
 Before you consider this package, please read [this blog post by the
@@ -118,6 +142,91 @@ There are implementations for the following logging libraries:
 - **github.com/go-kit/log**: [gokitlogr](https://github.com/tonglil/gokitlogr) (also compatible with github.com/go-kit/kit/log since v0.12.0)
 - **bytes.Buffer** (writing to a buffer): [bufrlogr](https://github.com/tonglil/buflogr) (useful for ensuring values were logged, like during testing)
 
+## slog interoperability
+
+Interoperability goes both ways, using the `logr.Logger` API with a `slog.Handler`
+and using the `slog.Logger` API with a `logr.LogSink`. [slogr](./slogr) provides `NewLogr` and
+`NewSlogHandler` API calls to convert between a `logr.Logger` and a `slog.Handler`.
+As usual, `slog.New` can be used to wrap such a `slog.Handler` in the high-level
+slog API. `slogr` itself leaves that to the caller.
+
+## Using a `logr.Sink` as backend for slog
+
+Ideally, a logr sink implementation should support both logr and slog by
+implementing both the normal logr interface(s) and `slogr.SlogSink`.  Because
+of a conflict in the parameters of the common `Enabled` method, it is [not
+possible to implement both slog.Handler and logr.Sink in the same
+type](https://github.com/golang/go/issues/59110).
+
+If both are supported, log calls can go from the high-level APIs to the backend
+without the need to convert parameters. `NewLogr` and `NewSlogHandler` can
+convert back and forth without adding additional wrappers, with one exception:
+when `Logger.V` was used to adjust the verbosity for a `slog.Handler`, then
+`NewSlogHandler` has to use a wrapper which adjusts the verbosity for future
+log calls.
+
+Such an implementation should also support values that implement specific
+interfaces from both packages for logging (`logr.Marshaler`, `slog.LogValuer`,
+`slog.GroupValue`). logr does not convert those.
+
+Not supporting slog has several drawbacks:
+- Recording source code locations works correctly if the handler gets called
+  through `slog.Logger`, but may be wrong in other cases. That's because a
+  `logr.Sink` does its own stack unwinding instead of using the program counter
+  provided by the high-level API.
+- slog levels <= 0 can be mapped to logr levels by negating the level without a
+  loss of information. But all slog levels > 0 (e.g. `slog.LevelWarning` as
+  used by `slog.Logger.Warn`) must be mapped to 0 before calling the sink
+  because logr does not support "more important than info" levels.
+- The slog group concept is supported by prefixing each key in a key/value
+  pair with the group names, separated by a dot. For structured output like
+  JSON it would be better to group the key/value pairs inside an object.
+- Special slog values and interfaces don't work as expected.
+- The overhead is likely to be higher.
+
+These drawbacks are severe enough that applications using a mixture of slog and
+logr should switch to a different backend.
+
+## Using a `slog.Handler` as backend for logr
+
+Using a plain `slog.Handler` without support for logr works better than the
+other direction:
+- All logr verbosity levels can be mapped 1:1 to their corresponding slog level
+  by negating them.
+- Stack unwinding is done by the `slogr.SlogSink` and the resulting program
+  counter is passed to the `slog.Handler`.
+- Names added via `Logger.WithName` are gathered and recorded in an additional
+  attribute with `logger` as key and the names separated by slash as value.
+- `Logger.Error` is turned into a log record with `slog.LevelError` as level
+  and an additional attribute with `err` as key, if an error was provided.
+
+The main drawback is that `logr.Marshaler` will not be supported. Types should
+ideally support both `logr.Marshaler` and `slog.Valuer`. If compatibility
+with logr implementations without slog support is not important, then
+`slog.Valuer` is sufficient.
+
+## Context support for slog
+
+Storing a logger in a `context.Context` is not supported by
+slog. `logr.NewContext` and `logr.FromContext` can be used with slog like this
+to fill this gap:
+
+    func HandlerFromContext(ctx context.Context) slog.Handler {
+        logger, err := logr.FromContext(ctx)
+        if err == nil {
+            return slogr.NewSlogHandler(logger)
+        }
+        return slog.Default().Handler()
+    }
+
+    func ContextWithHandler(ctx context.Context, handler slog.Handler) context.Context {
+        return logr.NewContext(ctx, slogr.NewLogr(handler))
+    }
+
+The downside is that storing and retrieving a `slog.Handler` needs more
+allocations compared to using a `logr.Logger`. Therefore the recommendation is
+to use the `logr.Logger` API in code which uses contextual logging.
+
 ## FAQ
 
 ### Conceptual
@@ -241,7 +350,9 @@ Otherwise, you can start out with `0` as "you always want to see this",
 
 Then gradually choose levels in between as you need them, working your way
 down from 10 (for debug and trace style logs) and up from 1 (for chattier
-info-type logs.)
+info-type logs). For reference, slog pre-defines -4 for debug logs
+(corresponds to 4 in logr), which matches what is
+[recommended for Kubernetes](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-instrumentation/logging.md#what-method-to-use).
 
 #### How do I choose my keys?
 
diff --git a/apis/vendor/github.com/go-logr/logr/SECURITY.md b/apis/vendor/github.com/go-logr/logr/SECURITY.md
new file mode 100644
index 000000000..1ca756fc7
--- /dev/null
+++ b/apis/vendor/github.com/go-logr/logr/SECURITY.md
@@ -0,0 +1,18 @@
+# Security Policy
+
+If you have discovered a security vulnerability in this project, please report it
+privately. **Do not disclose it as a public issue.** This gives us time to work with you
+to fix the issue before public exposure, reducing the chance that the exploit will be
+used before a patch is released.
+
+You may submit the report in the following ways:
+
+- send an email to go-logr-security@googlegroups.com
+- send us a [private vulnerability report](https://github.com/go-logr/logr/security/advisories/new)
+
+Please provide the following information in your report:
+
+- A description of the vulnerability and its impact
+- How to reproduce the issue
+
+We ask that you give us 90 days to work on a fix before public exposure.
diff --git a/apis/vendor/github.com/go-logr/logr/funcr/funcr.go b/apis/vendor/github.com/go-logr/logr/funcr/funcr.go
index e52f0cd01..12e5807cc 100644
--- a/apis/vendor/github.com/go-logr/logr/funcr/funcr.go
+++ b/apis/vendor/github.com/go-logr/logr/funcr/funcr.go
@@ -116,17 +116,17 @@ type Options struct {
 	// Equivalent hooks are offered for key-value pairs saved via
 	// logr.Logger.WithValues or Formatter.AddValues (see RenderValuesHook) and
 	// for user-provided pairs (see RenderArgsHook).
-	RenderBuiltinsHook func(kvList []interface{}) []interface{}
+	RenderBuiltinsHook func(kvList []any) []any
 
 	// RenderValuesHook is the same as RenderBuiltinsHook, except that it is
 	// only called for key-value pairs saved via logr.Logger.WithValues.  See
 	// RenderBuiltinsHook for more details.
-	RenderValuesHook func(kvList []interface{}) []interface{}
+	RenderValuesHook func(kvList []any) []any
 
 	// RenderArgsHook is the same as RenderBuiltinsHook, except that it is only
 	// called for key-value pairs passed directly to Info and Error.  See
 	// RenderBuiltinsHook for more details.
-	RenderArgsHook func(kvList []interface{}) []interface{}
+	RenderArgsHook func(kvList []any) []any
 
 	// MaxLogDepth tells funcr how many levels of nested fields (e.g. a struct
 	// that contains a struct, etc.) it may log.  Every time it finds a struct,
@@ -163,7 +163,7 @@ func (l fnlogger) WithName(name string) logr.LogSink {
 	return &l
 }
 
-func (l fnlogger) WithValues(kvList ...interface{}) logr.LogSink {
+func (l fnlogger) WithValues(kvList ...any) logr.LogSink {
 	l.Formatter.AddValues(kvList)
 	return &l
 }
@@ -173,12 +173,12 @@ func (l fnlogger) WithCallDepth(depth int) logr.LogSink {
 	return &l
 }
 
-func (l fnlogger) Info(level int, msg string, kvList ...interface{}) {
+func (l fnlogger) Info(level int, msg string, kvList ...any) {
 	prefix, args := l.FormatInfo(level, msg, kvList)
 	l.write(prefix, args)
 }
 
-func (l fnlogger) Error(err error, msg string, kvList ...interface{}) {
+func (l fnlogger) Error(err error, msg string, kvList ...any) {
 	prefix, args := l.FormatError(err, msg, kvList)
 	l.write(prefix, args)
 }
@@ -229,7 +229,7 @@ func newFormatter(opts Options, outfmt outputFormat) Formatter {
 type Formatter struct {
 	outputFormat outputFormat
 	prefix       string
-	values       []interface{}
+	values       []any
 	valuesStr    string
 	depth        int
 	opts         *Options
@@ -246,10 +246,10 @@ const (
 )
 
 // PseudoStruct is a list of key-value pairs that gets logged as a struct.
-type PseudoStruct []interface{}
+type PseudoStruct []any
 
 // render produces a log line, ready to use.
-func (f Formatter) render(builtins, args []interface{}) string {
+func (f Formatter) render(builtins, args []any) string {
 	// Empirically bytes.Buffer is faster than strings.Builder for this.
 	buf := bytes.NewBuffer(make([]byte, 0, 1024))
 	if f.outputFormat == outputJSON {
@@ -292,7 +292,7 @@ func (f Formatter) render(builtins, args []interface{}) string {
 // This function returns a potentially modified version of kvList, which
 // ensures that there is a value for every key (adding a value if needed) and
 // that each key is a string (substituting a key if needed).
-func (f Formatter) flatten(buf *bytes.Buffer, kvList []interface{}, continuing bool, escapeKeys bool) []interface{} {
+func (f Formatter) flatten(buf *bytes.Buffer, kvList []any, continuing bool, escapeKeys bool) []any {
 	// This logic overlaps with sanitize() but saves one type-cast per key,
 	// which can be measurable.
 	if len(kvList)%2 != 0 {
@@ -334,7 +334,7 @@ func (f Formatter) flatten(buf *bytes.Buffer, kvList []interface{}, continuing b
 	return kvList
 }
 
-func (f Formatter) pretty(value interface{}) string {
+func (f Formatter) pretty(value any) string {
 	return f.prettyWithFlags(value, 0, 0)
 }
 
@@ -343,7 +343,7 @@ const (
 )
 
 // TODO: This is not fast. Most of the overhead goes here.
-func (f Formatter) prettyWithFlags(value interface{}, flags uint32, depth int) string {
+func (f Formatter) prettyWithFlags(value any, flags uint32, depth int) string {
 	if depth > f.opts.MaxLogDepth {
 		return `"<max-log-depth-exceeded>"`
 	}
@@ -614,7 +614,7 @@ func isEmpty(v reflect.Value) bool {
 	return false
 }
 
-func invokeMarshaler(m logr.Marshaler) (ret interface{}) {
+func invokeMarshaler(m logr.Marshaler) (ret any) {
 	defer func() {
 		if r := recover(); r != nil {
 			ret = fmt.Sprintf("<panic: %s>", r)
@@ -675,12 +675,12 @@ func (f Formatter) caller() Caller {
 
 const noValue = "<no-value>"
 
-func (f Formatter) nonStringKey(v interface{}) string {
+func (f Formatter) nonStringKey(v any) string {
 	return fmt.Sprintf("<non-string-key: %s>", f.snippet(v))
 }
 
 // snippet produces a short snippet string of an arbitrary value.
-func (f Formatter) snippet(v interface{}) string {
+func (f Formatter) snippet(v any) string {
 	const snipLen = 16
 
 	snip := f.pretty(v)
@@ -693,7 +693,7 @@ func (f Formatter) snippet(v interface{}) string {
 // sanitize ensures that a list of key-value pairs has a value for every key
 // (adding a value if needed) and that each key is a string (substituting a key
 // if needed).
-func (f Formatter) sanitize(kvList []interface{}) []interface{} {
+func (f Formatter) sanitize(kvList []any) []any {
 	if len(kvList)%2 != 0 {
 		kvList = append(kvList, noValue)
 	}
@@ -727,8 +727,8 @@ func (f Formatter) GetDepth() int {
 // FormatInfo renders an Info log message into strings.  The prefix will be
 // empty when no names were set (via AddNames), or when the output is
 // configured for JSON.
-func (f Formatter) FormatInfo(level int, msg string, kvList []interface{}) (prefix, argsStr string) {
-	args := make([]interface{}, 0, 64) // using a constant here impacts perf
+func (f Formatter) FormatInfo(level int, msg string, kvList []any) (prefix, argsStr string) {
+	args := make([]any, 0, 64) // using a constant here impacts perf
 	prefix = f.prefix
 	if f.outputFormat == outputJSON {
 		args = append(args, "logger", prefix)
@@ -745,10 +745,10 @@ func (f Formatter) FormatInfo(level int, msg string, kvList []interface{}) (pref
 }
 
 // FormatError renders an Error log message into strings.  The prefix will be
-// empty when no names were set (via AddNames),  or when the output is
+// empty when no names were set (via AddNames), or when the output is
 // configured for JSON.
-func (f Formatter) FormatError(err error, msg string, kvList []interface{}) (prefix, argsStr string) {
-	args := make([]interface{}, 0, 64) // using a constant here impacts perf
+func (f Formatter) FormatError(err error, msg string, kvList []any) (prefix, argsStr string) {
+	args := make([]any, 0, 64) // using a constant here impacts perf
 	prefix = f.prefix
 	if f.outputFormat == outputJSON {
 		args = append(args, "logger", prefix)
@@ -761,12 +761,12 @@ func (f Formatter) FormatError(err error, msg string, kvList []interface{}) (pre
 		args = append(args, "caller", f.caller())
 	}
 	args = append(args, "msg", msg)
-	var loggableErr interface{}
+	var loggableErr any
 	if err != nil {
 		loggableErr = err.Error()
 	}
 	args = append(args, "error", loggableErr)
-	return f.prefix, f.render(args, kvList)
+	return prefix, f.render(args, kvList)
 }
 
 // AddName appends the specified name.  funcr uses '/' characters to separate
@@ -781,7 +781,7 @@ func (f *Formatter) AddName(name string) {
 
 // AddValues adds key-value pairs to the set of saved values to be logged with
 // each log line.
-func (f *Formatter) AddValues(kvList []interface{}) {
+func (f *Formatter) AddValues(kvList []any) {
 	// Three slice args forces a copy.
 	n := len(f.values)
 	f.values = append(f.values[:n:n], kvList...)
diff --git a/apis/vendor/github.com/go-logr/logr/logr.go b/apis/vendor/github.com/go-logr/logr/logr.go
index e027aea3f..2a5075a18 100644
--- a/apis/vendor/github.com/go-logr/logr/logr.go
+++ b/apis/vendor/github.com/go-logr/logr/logr.go
@@ -127,9 +127,9 @@ limitations under the License.
 // such a value can call its methods without having to check whether the
 // instance is ready for use.
 //
-// Calling methods with the null logger (Logger{}) as instance will crash
-// because it has no LogSink. Therefore this null logger should never be passed
-// around. For cases where passing a logger is optional, a pointer to Logger
+// The zero logger (= Logger{}) is identical to Discard() and discards all log
+// entries. Code that receives a Logger by value can simply call it, the methods
+// will never crash. For cases where passing a logger is optional, a pointer to Logger
 // should be used.
 //
 // # Key Naming Conventions
@@ -258,6 +258,12 @@ type Logger struct {
 // Enabled tests whether this Logger is enabled.  For example, commandline
 // flags might be used to set the logging verbosity and disable some info logs.
 func (l Logger) Enabled() bool {
+	// Some implementations of LogSink look at the caller in Enabled (e.g.
+	// different verbosity levels per package or file), but we only pass one
+	// CallDepth in (via Init).  This means that all calls from Logger to the
+	// LogSink's Enabled, Info, and Error methods must have the same number of
+	// frames.  In other words, Logger methods can't call other Logger methods
+	// which call these LogSink methods unless we do it the same in all paths.
 	return l.sink != nil && l.sink.Enabled(l.level)
 }
 
@@ -267,11 +273,11 @@ func (l Logger) Enabled() bool {
 // line.  The key/value pairs can then be used to add additional variable
 // information.  The key/value pairs must alternate string keys and arbitrary
 // values.
-func (l Logger) Info(msg string, keysAndValues ...interface{}) {
+func (l Logger) Info(msg string, keysAndValues ...any) {
 	if l.sink == nil {
 		return
 	}
-	if l.Enabled() {
+	if l.sink.Enabled(l.level) { // see comment in Enabled
 		if withHelper, ok := l.sink.(CallStackHelperLogSink); ok {
 			withHelper.GetCallStackHelper()()
 		}
@@ -289,7 +295,7 @@ func (l Logger) Info(msg string, keysAndValues ...interface{}) {
 // while the err argument should be used to attach the actual error that
 // triggered this log line, if present. The err parameter is optional
 // and nil may be passed instead of an error instance.
-func (l Logger) Error(err error, msg string, keysAndValues ...interface{}) {
+func (l Logger) Error(err error, msg string, keysAndValues ...any) {
 	if l.sink == nil {
 		return
 	}
@@ -314,9 +320,16 @@ func (l Logger) V(level int) Logger {
 	return l
 }
 
+// GetV returns the verbosity level of the logger. If the logger's LogSink is
+// nil as in the Discard logger, this will always return 0.
+func (l Logger) GetV() int {
+	// 0 if l.sink nil because of the if check in V above.
+	return l.level
+}
+
 // WithValues returns a new Logger instance with additional key/value pairs.
 // See Info for documentation on how key/value pairs work.
-func (l Logger) WithValues(keysAndValues ...interface{}) Logger {
+func (l Logger) WithValues(keysAndValues ...any) Logger {
 	if l.sink == nil {
 		return l
 	}
@@ -467,15 +480,15 @@ type LogSink interface {
 	// The level argument is provided for optional logging.  This method will
 	// only be called when Enabled(level) is true. See Logger.Info for more
 	// details.
-	Info(level int, msg string, keysAndValues ...interface{})
+	Info(level int, msg string, keysAndValues ...any)
 
 	// Error logs an error, with the given message and key/value pairs as
 	// context.  See Logger.Error for more details.
-	Error(err error, msg string, keysAndValues ...interface{})
+	Error(err error, msg string, keysAndValues ...any)
 
 	// WithValues returns a new LogSink with additional key/value pairs.  See
 	// Logger.WithValues for more details.
-	WithValues(keysAndValues ...interface{}) LogSink
+	WithValues(keysAndValues ...any) LogSink
 
 	// WithName returns a new LogSink with the specified name appended.  See
 	// Logger.WithName for more details.
@@ -546,5 +559,5 @@ type Marshaler interface {
 	//     with exported fields
 	//
 	// It may return any value of any type.
-	MarshalLog() interface{}
+	MarshalLog() any
 }
diff --git a/apis/vendor/github.com/google/go-cmp/cmp/compare.go b/apis/vendor/github.com/google/go-cmp/cmp/compare.go
index 087320da7..0f5b8a48c 100644
--- a/apis/vendor/github.com/google/go-cmp/cmp/compare.go
+++ b/apis/vendor/github.com/google/go-cmp/cmp/compare.go
@@ -5,7 +5,7 @@
 // Package cmp determines equality of values.
 //
 // This package is intended to be a more powerful and safer alternative to
-// reflect.DeepEqual for comparing whether two values are semantically equal.
+// [reflect.DeepEqual] for comparing whether two values are semantically equal.
 // It is intended to only be used in tests, as performance is not a goal and
 // it may panic if it cannot compare the values. Its propensity towards
 // panicking means that its unsuitable for production environments where a
@@ -18,16 +18,17 @@
 //     For example, an equality function may report floats as equal so long as
 //     they are within some tolerance of each other.
 //
-//   - Types with an Equal method may use that method to determine equality.
-//     This allows package authors to determine the equality operation
-//     for the types that they define.
+//   - Types with an Equal method (e.g., [time.Time.Equal]) may use that method
+//     to determine equality. This allows package authors to determine
+//     the equality operation for the types that they define.
 //
 //   - If no custom equality functions are used and no Equal method is defined,
 //     equality is determined by recursively comparing the primitive kinds on
-//     both values, much like reflect.DeepEqual. Unlike reflect.DeepEqual,
+//     both values, much like [reflect.DeepEqual]. Unlike [reflect.DeepEqual],
 //     unexported fields are not compared by default; they result in panics
-//     unless suppressed by using an Ignore option (see cmpopts.IgnoreUnexported)
-//     or explicitly compared using the Exporter option.
+//     unless suppressed by using an [Ignore] option
+//     (see [github.com/google/go-cmp/cmp/cmpopts.IgnoreUnexported])
+//     or explicitly compared using the [Exporter] option.
 package cmp
 
 import (
@@ -45,14 +46,14 @@ import (
 // Equal reports whether x and y are equal by recursively applying the
 // following rules in the given order to x and y and all of their sub-values:
 //
-//   - Let S be the set of all Ignore, Transformer, and Comparer options that
+//   - Let S be the set of all [Ignore], [Transformer], and [Comparer] options that
 //     remain after applying all path filters, value filters, and type filters.
-//     If at least one Ignore exists in S, then the comparison is ignored.
-//     If the number of Transformer and Comparer options in S is non-zero,
+//     If at least one [Ignore] exists in S, then the comparison is ignored.
+//     If the number of [Transformer] and [Comparer] options in S is non-zero,
 //     then Equal panics because it is ambiguous which option to use.
-//     If S contains a single Transformer, then use that to transform
+//     If S contains a single [Transformer], then use that to transform
 //     the current values and recursively call Equal on the output values.
-//     If S contains a single Comparer, then use that to compare the current values.
+//     If S contains a single [Comparer], then use that to compare the current values.
 //     Otherwise, evaluation proceeds to the next rule.
 //
 //   - If the values have an Equal method of the form "(T) Equal(T) bool" or
@@ -66,21 +67,22 @@ import (
 //     Functions are only equal if they are both nil, otherwise they are unequal.
 //
 // Structs are equal if recursively calling Equal on all fields report equal.
-// If a struct contains unexported fields, Equal panics unless an Ignore option
-// (e.g., cmpopts.IgnoreUnexported) ignores that field or the Exporter option
-// explicitly permits comparing the unexported field.
+// If a struct contains unexported fields, Equal panics unless an [Ignore] option
+// (e.g., [github.com/google/go-cmp/cmp/cmpopts.IgnoreUnexported]) ignores that field
+// or the [Exporter] option explicitly permits comparing the unexported field.
 //
 // Slices are equal if they are both nil or both non-nil, where recursively
 // calling Equal on all non-ignored slice or array elements report equal.
 // Empty non-nil slices and nil slices are not equal; to equate empty slices,
-// consider using cmpopts.EquateEmpty.
+// consider using [github.com/google/go-cmp/cmp/cmpopts.EquateEmpty].
 //
 // Maps are equal if they are both nil or both non-nil, where recursively
 // calling Equal on all non-ignored map entries report equal.
 // Map keys are equal according to the == operator.
-// To use custom comparisons for map keys, consider using cmpopts.SortMaps.
+// To use custom comparisons for map keys, consider using
+// [github.com/google/go-cmp/cmp/cmpopts.SortMaps].
 // Empty non-nil maps and nil maps are not equal; to equate empty maps,
-// consider using cmpopts.EquateEmpty.
+// consider using [github.com/google/go-cmp/cmp/cmpopts.EquateEmpty].
 //
 // Pointers and interfaces are equal if they are both nil or both non-nil,
 // where they have the same underlying concrete type and recursively
diff --git a/controller-utils/vendor/github.com/google/go-cmp/cmp/export_unsafe.go b/apis/vendor/github.com/google/go-cmp/cmp/export.go
similarity index 94%
rename from controller-utils/vendor/github.com/google/go-cmp/cmp/export_unsafe.go
rename to apis/vendor/github.com/google/go-cmp/cmp/export.go
index e2c0f74e8..29f82fe6b 100644
--- a/controller-utils/vendor/github.com/google/go-cmp/cmp/export_unsafe.go
+++ b/apis/vendor/github.com/google/go-cmp/cmp/export.go
@@ -2,9 +2,6 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-//go:build !purego
-// +build !purego
-
 package cmp
 
 import (
@@ -12,8 +9,6 @@ import (
 	"unsafe"
 )
 
-const supportExporters = true
-
 // retrieveUnexportedField uses unsafe to forcibly retrieve any field from
 // a struct such that the value has read-write permissions.
 //
diff --git a/apis/vendor/github.com/google/go-cmp/cmp/export_panic.go b/apis/vendor/github.com/google/go-cmp/cmp/export_panic.go
deleted file mode 100644
index ae851fe53..000000000
--- a/apis/vendor/github.com/google/go-cmp/cmp/export_panic.go
+++ /dev/null
@@ -1,16 +0,0 @@
-// Copyright 2017, The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build purego
-// +build purego
-
-package cmp
-
-import "reflect"
-
-const supportExporters = false
-
-func retrieveUnexportedField(reflect.Value, reflect.StructField, bool) reflect.Value {
-	panic("no support for forcibly accessing unexported fields")
-}
diff --git a/apis/vendor/github.com/google/go-cmp/cmp/internal/value/pointer_unsafe.go b/apis/vendor/github.com/google/go-cmp/cmp/internal/value/pointer.go
similarity index 95%
rename from apis/vendor/github.com/google/go-cmp/cmp/internal/value/pointer_unsafe.go
rename to apis/vendor/github.com/google/go-cmp/cmp/internal/value/pointer.go
index 16e6860af..e5dfff69a 100644
--- a/apis/vendor/github.com/google/go-cmp/cmp/internal/value/pointer_unsafe.go
+++ b/apis/vendor/github.com/google/go-cmp/cmp/internal/value/pointer.go
@@ -2,9 +2,6 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-//go:build !purego
-// +build !purego
-
 package value
 
 import (
diff --git a/apis/vendor/github.com/google/go-cmp/cmp/internal/value/pointer_purego.go b/apis/vendor/github.com/google/go-cmp/cmp/internal/value/pointer_purego.go
deleted file mode 100644
index 1a71bfcbd..000000000
--- a/apis/vendor/github.com/google/go-cmp/cmp/internal/value/pointer_purego.go
+++ /dev/null
@@ -1,34 +0,0 @@
-// Copyright 2018, The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build purego
-// +build purego
-
-package value
-
-import "reflect"
-
-// Pointer is an opaque typed pointer and is guaranteed to be comparable.
-type Pointer struct {
-	p uintptr
-	t reflect.Type
-}
-
-// PointerOf returns a Pointer from v, which must be a
-// reflect.Ptr, reflect.Slice, or reflect.Map.
-func PointerOf(v reflect.Value) Pointer {
-	// NOTE: Storing a pointer as an uintptr is technically incorrect as it
-	// assumes that the GC implementation does not use a moving collector.
-	return Pointer{v.Pointer(), v.Type()}
-}
-
-// IsNil reports whether the pointer is nil.
-func (p Pointer) IsNil() bool {
-	return p.p == 0
-}
-
-// Uintptr returns the pointer as a uintptr.
-func (p Pointer) Uintptr() uintptr {
-	return p.p
-}
diff --git a/apis/vendor/github.com/google/go-cmp/cmp/options.go b/apis/vendor/github.com/google/go-cmp/cmp/options.go
index 1f9ca9c48..754496f3b 100644
--- a/apis/vendor/github.com/google/go-cmp/cmp/options.go
+++ b/apis/vendor/github.com/google/go-cmp/cmp/options.go
@@ -13,15 +13,15 @@ import (
 	"github.com/google/go-cmp/cmp/internal/function"
 )
 
-// Option configures for specific behavior of Equal and Diff. In particular,
-// the fundamental Option functions (Ignore, Transformer, and Comparer),
+// Option configures for specific behavior of [Equal] and [Diff]. In particular,
+// the fundamental Option functions ([Ignore], [Transformer], and [Comparer]),
 // configure how equality is determined.
 //
-// The fundamental options may be composed with filters (FilterPath and
-// FilterValues) to control the scope over which they are applied.
+// The fundamental options may be composed with filters ([FilterPath] and
+// [FilterValues]) to control the scope over which they are applied.
 //
-// The cmp/cmpopts package provides helper functions for creating options that
-// may be used with Equal and Diff.
+// The [github.com/google/go-cmp/cmp/cmpopts] package provides helper functions
+// for creating options that may be used with [Equal] and [Diff].
 type Option interface {
 	// filter applies all filters and returns the option that remains.
 	// Each option may only read s.curPath and call s.callTTBFunc.
@@ -56,9 +56,9 @@ type core struct{}
 
 func (core) isCore() {}
 
-// Options is a list of Option values that also satisfies the Option interface.
+// Options is a list of [Option] values that also satisfies the [Option] interface.
 // Helper comparison packages may return an Options value when packing multiple
-// Option values into a single Option. When this package processes an Options,
+// [Option] values into a single [Option]. When this package processes an Options,
 // it will be implicitly expanded into a flat list.
 //
 // Applying a filter on an Options is equivalent to applying that same filter
@@ -105,16 +105,16 @@ func (opts Options) String() string {
 	return fmt.Sprintf("Options{%s}", strings.Join(ss, ", "))
 }
 
-// FilterPath returns a new Option where opt is only evaluated if filter f
-// returns true for the current Path in the value tree.
+// FilterPath returns a new [Option] where opt is only evaluated if filter f
+// returns true for the current [Path] in the value tree.
 //
 // This filter is called even if a slice element or map entry is missing and
 // provides an opportunity to ignore such cases. The filter function must be
 // symmetric such that the filter result is identical regardless of whether the
 // missing value is from x or y.
 //
-// The option passed in may be an Ignore, Transformer, Comparer, Options, or
-// a previously filtered Option.
+// The option passed in may be an [Ignore], [Transformer], [Comparer], [Options], or
+// a previously filtered [Option].
 func FilterPath(f func(Path) bool, opt Option) Option {
 	if f == nil {
 		panic("invalid path filter function")
@@ -142,7 +142,7 @@ func (f pathFilter) String() string {
 	return fmt.Sprintf("FilterPath(%s, %v)", function.NameOf(reflect.ValueOf(f.fnc)), f.opt)
 }
 
-// FilterValues returns a new Option where opt is only evaluated if filter f,
+// FilterValues returns a new [Option] where opt is only evaluated if filter f,
 // which is a function of the form "func(T, T) bool", returns true for the
 // current pair of values being compared. If either value is invalid or
 // the type of the values is not assignable to T, then this filter implicitly
@@ -154,8 +154,8 @@ func (f pathFilter) String() string {
 // If T is an interface, it is possible that f is called with two values with
 // different concrete types that both implement T.
 //
-// The option passed in may be an Ignore, Transformer, Comparer, Options, or
-// a previously filtered Option.
+// The option passed in may be an [Ignore], [Transformer], [Comparer], [Options], or
+// a previously filtered [Option].
 func FilterValues(f interface{}, opt Option) Option {
 	v := reflect.ValueOf(f)
 	if !function.IsType(v.Type(), function.ValueFilter) || v.IsNil() {
@@ -192,9 +192,9 @@ func (f valuesFilter) String() string {
 	return fmt.Sprintf("FilterValues(%s, %v)", function.NameOf(f.fnc), f.opt)
 }
 
-// Ignore is an Option that causes all comparisons to be ignored.
-// This value is intended to be combined with FilterPath or FilterValues.
-// It is an error to pass an unfiltered Ignore option to Equal.
+// Ignore is an [Option] that causes all comparisons to be ignored.
+// This value is intended to be combined with [FilterPath] or [FilterValues].
+// It is an error to pass an unfiltered Ignore option to [Equal].
 func Ignore() Option { return ignore{} }
 
 type ignore struct{ core }
@@ -234,6 +234,8 @@ func (validator) apply(s *state, vx, vy reflect.Value) {
 			name = fmt.Sprintf("%q.%v", t.PkgPath(), t.Name()) // e.g., "path/to/package".MyType
 			if _, ok := reflect.New(t).Interface().(error); ok {
 				help = "consider using cmpopts.EquateErrors to compare error values"
+			} else if t.Comparable() {
+				help = "consider using cmpopts.EquateComparable to compare comparable Go types"
 			}
 		} else {
 			// Unnamed type with unexported fields. Derive PkgPath from field.
@@ -254,7 +256,7 @@ const identRx = `[_\p{L}][_\p{L}\p{N}]*`
 
 var identsRx = regexp.MustCompile(`^` + identRx + `(\.` + identRx + `)*$`)
 
-// Transformer returns an Option that applies a transformation function that
+// Transformer returns an [Option] that applies a transformation function that
 // converts values of a certain type into that of another.
 //
 // The transformer f must be a function "func(T) R" that converts values of
@@ -265,13 +267,14 @@ var identsRx = regexp.MustCompile(`^` + identRx + `(\.` + identRx + `)*$`)
 // same transform to the output of itself (e.g., in the case where the
 // input and output types are the same), an implicit filter is added such that
 // a transformer is applicable only if that exact transformer is not already
-// in the tail of the Path since the last non-Transform step.
+// in the tail of the [Path] since the last non-[Transform] step.
 // For situations where the implicit filter is still insufficient,
-// consider using cmpopts.AcyclicTransformer, which adds a filter
-// to prevent the transformer from being recursively applied upon itself.
+// consider using [github.com/google/go-cmp/cmp/cmpopts.AcyclicTransformer],
+// which adds a filter to prevent the transformer from
+// being recursively applied upon itself.
 //
-// The name is a user provided label that is used as the Transform.Name in the
-// transformation PathStep (and eventually shown in the Diff output).
+// The name is a user provided label that is used as the [Transform.Name] in the
+// transformation [PathStep] (and eventually shown in the [Diff] output).
 // The name must be a valid identifier or qualified identifier in Go syntax.
 // If empty, an arbitrary name is used.
 func Transformer(name string, f interface{}) Option {
@@ -329,7 +332,7 @@ func (tr transformer) String() string {
 	return fmt.Sprintf("Transformer(%s, %s)", tr.name, function.NameOf(tr.fnc))
 }
 
-// Comparer returns an Option that determines whether two values are equal
+// Comparer returns an [Option] that determines whether two values are equal
 // to each other.
 //
 // The comparer f must be a function "func(T, T) bool" and is implicitly
@@ -377,35 +380,32 @@ func (cm comparer) String() string {
 	return fmt.Sprintf("Comparer(%s)", function.NameOf(cm.fnc))
 }
 
-// Exporter returns an Option that specifies whether Equal is allowed to
+// Exporter returns an [Option] that specifies whether [Equal] is allowed to
 // introspect into the unexported fields of certain struct types.
 //
 // Users of this option must understand that comparing on unexported fields
 // from external packages is not safe since changes in the internal
-// implementation of some external package may cause the result of Equal
+// implementation of some external package may cause the result of [Equal]
 // to unexpectedly change. However, it may be valid to use this option on types
 // defined in an internal package where the semantic meaning of an unexported
 // field is in the control of the user.
 //
-// In many cases, a custom Comparer should be used instead that defines
+// In many cases, a custom [Comparer] should be used instead that defines
 // equality as a function of the public API of a type rather than the underlying
 // unexported implementation.
 //
-// For example, the reflect.Type documentation defines equality to be determined
+// For example, the [reflect.Type] documentation defines equality to be determined
 // by the == operator on the interface (essentially performing a shallow pointer
-// comparison) and most attempts to compare *regexp.Regexp types are interested
+// comparison) and most attempts to compare *[regexp.Regexp] types are interested
 // in only checking that the regular expression strings are equal.
-// Both of these are accomplished using Comparers:
+// Both of these are accomplished using [Comparer] options:
 //
 //	Comparer(func(x, y reflect.Type) bool { return x == y })
 //	Comparer(func(x, y *regexp.Regexp) bool { return x.String() == y.String() })
 //
-// In other cases, the cmpopts.IgnoreUnexported option can be used to ignore
-// all unexported fields on specified struct types.
+// In other cases, the [github.com/google/go-cmp/cmp/cmpopts.IgnoreUnexported]
+// option can be used to ignore all unexported fields on specified struct types.
 func Exporter(f func(reflect.Type) bool) Option {
-	if !supportExporters {
-		panic("Exporter is not supported on purego builds")
-	}
 	return exporter(f)
 }
 
@@ -415,10 +415,10 @@ func (exporter) filter(_ *state, _ reflect.Type, _, _ reflect.Value) applicableO
 	panic("not implemented")
 }
 
-// AllowUnexported returns an Options that allows Equal to forcibly introspect
+// AllowUnexported returns an [Option] that allows [Equal] to forcibly introspect
 // unexported fields of the specified struct types.
 //
-// See Exporter for the proper use of this option.
+// See [Exporter] for the proper use of this option.
 func AllowUnexported(types ...interface{}) Option {
 	m := make(map[reflect.Type]bool)
 	for _, typ := range types {
@@ -432,7 +432,7 @@ func AllowUnexported(types ...interface{}) Option {
 }
 
 // Result represents the comparison result for a single node and
-// is provided by cmp when calling Report (see Reporter).
+// is provided by cmp when calling Report (see [Reporter]).
 type Result struct {
 	_     [0]func() // Make Result incomparable
 	flags resultFlags
@@ -445,7 +445,7 @@ func (r Result) Equal() bool {
 }
 
 // ByIgnore reports whether the node is equal because it was ignored.
-// This never reports true if Equal reports false.
+// This never reports true if [Result.Equal] reports false.
 func (r Result) ByIgnore() bool {
 	return r.flags&reportByIgnore != 0
 }
@@ -455,7 +455,7 @@ func (r Result) ByMethod() bool {
 	return r.flags&reportByMethod != 0
 }
 
-// ByFunc reports whether a Comparer function determined equality.
+// ByFunc reports whether a [Comparer] function determined equality.
 func (r Result) ByFunc() bool {
 	return r.flags&reportByFunc != 0
 }
@@ -478,7 +478,7 @@ const (
 	reportByCycle
 )
 
-// Reporter is an Option that can be passed to Equal. When Equal traverses
+// Reporter is an [Option] that can be passed to [Equal]. When [Equal] traverses
 // the value trees, it calls PushStep as it descends into each node in the
 // tree and PopStep as it ascend out of the node. The leaves of the tree are
 // either compared (determined to be equal or not equal) or ignored and reported
diff --git a/apis/vendor/github.com/google/go-cmp/cmp/path.go b/apis/vendor/github.com/google/go-cmp/cmp/path.go
index a0a588502..c3c145642 100644
--- a/apis/vendor/github.com/google/go-cmp/cmp/path.go
+++ b/apis/vendor/github.com/google/go-cmp/cmp/path.go
@@ -14,9 +14,9 @@ import (
 	"github.com/google/go-cmp/cmp/internal/value"
 )
 
-// Path is a list of PathSteps describing the sequence of operations to get
+// Path is a list of [PathStep] describing the sequence of operations to get
 // from some root type to the current position in the value tree.
-// The first Path element is always an operation-less PathStep that exists
+// The first Path element is always an operation-less [PathStep] that exists
 // simply to identify the initial type.
 //
 // When traversing structs with embedded structs, the embedded struct will
@@ -29,8 +29,13 @@ type Path []PathStep
 // a value's tree structure. Users of this package never need to implement
 // these types as values of this type will be returned by this package.
 //
-// Implementations of this interface are
-// StructField, SliceIndex, MapIndex, Indirect, TypeAssertion, and Transform.
+// Implementations of this interface:
+//   - [StructField]
+//   - [SliceIndex]
+//   - [MapIndex]
+//   - [Indirect]
+//   - [TypeAssertion]
+//   - [Transform]
 type PathStep interface {
 	String() string
 
@@ -70,8 +75,9 @@ func (pa *Path) pop() {
 	*pa = (*pa)[:len(*pa)-1]
 }
 
-// Last returns the last PathStep in the Path.
-// If the path is empty, this returns a non-nil PathStep that reports a nil Type.
+// Last returns the last [PathStep] in the Path.
+// If the path is empty, this returns a non-nil [PathStep]
+// that reports a nil [PathStep.Type].
 func (pa Path) Last() PathStep {
 	return pa.Index(-1)
 }
@@ -79,7 +85,8 @@ func (pa Path) Last() PathStep {
 // Index returns the ith step in the Path and supports negative indexing.
 // A negative index starts counting from the tail of the Path such that -1
 // refers to the last step, -2 refers to the second-to-last step, and so on.
-// If index is invalid, this returns a non-nil PathStep that reports a nil Type.
+// If index is invalid, this returns a non-nil [PathStep]
+// that reports a nil [PathStep.Type].
 func (pa Path) Index(i int) PathStep {
 	if i < 0 {
 		i = len(pa) + i
@@ -168,7 +175,8 @@ func (ps pathStep) String() string {
 	return fmt.Sprintf("{%s}", s)
 }
 
-// StructField represents a struct field access on a field called Name.
+// StructField is a [PathStep] that represents a struct field access
+// on a field called [StructField.Name].
 type StructField struct{ *structField }
 type structField struct {
 	pathStep
@@ -204,10 +212,11 @@ func (sf StructField) String() string { return fmt.Sprintf(".%s", sf.name) }
 func (sf StructField) Name() string { return sf.name }
 
 // Index is the index of the field in the parent struct type.
-// See reflect.Type.Field.
+// See [reflect.Type.Field].
 func (sf StructField) Index() int { return sf.idx }
 
-// SliceIndex is an index operation on a slice or array at some index Key.
+// SliceIndex is a [PathStep] that represents an index operation on
+// a slice or array at some index [SliceIndex.Key].
 type SliceIndex struct{ *sliceIndex }
 type sliceIndex struct {
 	pathStep
@@ -247,12 +256,12 @@ func (si SliceIndex) Key() int {
 // all of the indexes to be shifted. If an index is -1, then that
 // indicates that the element does not exist in the associated slice.
 //
-// Key is guaranteed to return -1 if and only if the indexes returned
-// by SplitKeys are not the same. SplitKeys will never return -1 for
+// [SliceIndex.Key] is guaranteed to return -1 if and only if the indexes
+// returned by SplitKeys are not the same. SplitKeys will never return -1 for
 // both indexes.
 func (si SliceIndex) SplitKeys() (ix, iy int) { return si.xkey, si.ykey }
 
-// MapIndex is an index operation on a map at some index Key.
+// MapIndex is a [PathStep] that represents an index operation on a map at some index Key.
 type MapIndex struct{ *mapIndex }
 type mapIndex struct {
 	pathStep
@@ -266,7 +275,7 @@ func (mi MapIndex) String() string                 { return fmt.Sprintf("[%#v]",
 // Key is the value of the map key.
 func (mi MapIndex) Key() reflect.Value { return mi.key }
 
-// Indirect represents pointer indirection on the parent type.
+// Indirect is a [PathStep] that represents pointer indirection on the parent type.
 type Indirect struct{ *indirect }
 type indirect struct {
 	pathStep
@@ -276,7 +285,7 @@ func (in Indirect) Type() reflect.Type             { return in.typ }
 func (in Indirect) Values() (vx, vy reflect.Value) { return in.vx, in.vy }
 func (in Indirect) String() string                 { return "*" }
 
-// TypeAssertion represents a type assertion on an interface.
+// TypeAssertion is a [PathStep] that represents a type assertion on an interface.
 type TypeAssertion struct{ *typeAssertion }
 type typeAssertion struct {
 	pathStep
@@ -286,7 +295,8 @@ func (ta TypeAssertion) Type() reflect.Type             { return ta.typ }
 func (ta TypeAssertion) Values() (vx, vy reflect.Value) { return ta.vx, ta.vy }
 func (ta TypeAssertion) String() string                 { return fmt.Sprintf(".(%v)", value.TypeString(ta.typ, false)) }
 
-// Transform is a transformation from the parent type to the current type.
+// Transform is a [PathStep] that represents a transformation
+// from the parent type to the current type.
 type Transform struct{ *transform }
 type transform struct {
 	pathStep
@@ -297,13 +307,13 @@ func (tf Transform) Type() reflect.Type             { return tf.typ }
 func (tf Transform) Values() (vx, vy reflect.Value) { return tf.vx, tf.vy }
 func (tf Transform) String() string                 { return fmt.Sprintf("%s()", tf.trans.name) }
 
-// Name is the name of the Transformer.
+// Name is the name of the [Transformer].
 func (tf Transform) Name() string { return tf.trans.name }
 
 // Func is the function pointer to the transformer function.
 func (tf Transform) Func() reflect.Value { return tf.trans.fnc }
 
-// Option returns the originally constructed Transformer option.
+// Option returns the originally constructed [Transformer] option.
 // The == operator can be used to detect the exact option used.
 func (tf Transform) Option() Option { return tf.trans }
 
diff --git a/apis/vendor/github.com/google/go-cmp/cmp/report_reflect.go b/apis/vendor/github.com/google/go-cmp/cmp/report_reflect.go
index 2ab41fad3..e39f42284 100644
--- a/apis/vendor/github.com/google/go-cmp/cmp/report_reflect.go
+++ b/apis/vendor/github.com/google/go-cmp/cmp/report_reflect.go
@@ -199,7 +199,7 @@ func (opts formatOptions) FormatValue(v reflect.Value, parentKind reflect.Kind,
 				break
 			}
 			sf := t.Field(i)
-			if supportExporters && !isExported(sf.Name) {
+			if !isExported(sf.Name) {
 				vv = retrieveUnexportedField(v, sf, true)
 			}
 			s := opts.WithTypeMode(autoType).FormatValue(vv, t.Kind(), ptrs)
diff --git a/apis/vendor/github.com/google/uuid/.travis.yml b/apis/vendor/github.com/google/uuid/.travis.yml
deleted file mode 100644
index d8156a60b..000000000
--- a/apis/vendor/github.com/google/uuid/.travis.yml
+++ /dev/null
@@ -1,9 +0,0 @@
-language: go
-
-go:
-  - 1.4.3
-  - 1.5.3
-  - tip
-
-script:
-  - go test -v ./...
diff --git a/apis/vendor/github.com/google/uuid/CHANGELOG.md b/apis/vendor/github.com/google/uuid/CHANGELOG.md
new file mode 100644
index 000000000..2bd78667a
--- /dev/null
+++ b/apis/vendor/github.com/google/uuid/CHANGELOG.md
@@ -0,0 +1,10 @@
+# Changelog
+
+## [1.3.1](https://github.com/google/uuid/compare/v1.3.0...v1.3.1) (2023-08-18)
+
+
+### Bug Fixes
+
+* Use .EqualFold() to parse urn prefixed UUIDs ([#118](https://github.com/google/uuid/issues/118)) ([574e687](https://github.com/google/uuid/commit/574e6874943741fb99d41764c705173ada5293f0))
+
+## Changelog
diff --git a/apis/vendor/github.com/google/uuid/CONTRIBUTING.md b/apis/vendor/github.com/google/uuid/CONTRIBUTING.md
index 04fdf09f1..556688872 100644
--- a/apis/vendor/github.com/google/uuid/CONTRIBUTING.md
+++ b/apis/vendor/github.com/google/uuid/CONTRIBUTING.md
@@ -2,6 +2,22 @@
 
 We definitely welcome patches and contribution to this project!
 
+### Tips
+
+Commits must be formatted according to the [Conventional Commits Specification](https://www.conventionalcommits.org).
+
+Always try to include a test case! If it is not possible or not necessary,
+please explain why in the pull request description.
+
+### Releasing
+
+Commits that would precipitate a SemVer change, as desrcibed in the Conventional
+Commits Specification, will trigger [`release-please`](https://github.com/google-github-actions/release-please-action)
+to create a release candidate pull request. Once submitted, `release-please`
+will create a release.
+
+For tips on how to work with `release-please`, see its documentation.
+
 ### Legal requirements
 
 In order to protect both you and ourselves, you will need to sign the
diff --git a/apis/vendor/github.com/google/uuid/README.md b/apis/vendor/github.com/google/uuid/README.md
index f765a46f9..3e9a61889 100644
--- a/apis/vendor/github.com/google/uuid/README.md
+++ b/apis/vendor/github.com/google/uuid/README.md
@@ -1,6 +1,6 @@
-# uuid ![build status](https://travis-ci.org/google/uuid.svg?branch=master)
+# uuid
 The uuid package generates and inspects UUIDs based on
-[RFC 4122](http://tools.ietf.org/html/rfc4122)
+[RFC 4122](https://datatracker.ietf.org/doc/html/rfc4122)
 and DCE 1.1: Authentication and Security Services. 
 
 This package is based on the github.com/pborman/uuid package (previously named
@@ -9,10 +9,12 @@ a UUID is a 16 byte array rather than a byte slice.  One loss due to this
 change is the ability to represent an invalid UUID (vs a NIL UUID).
 
 ###### Install
-`go get github.com/google/uuid`
+```sh
+go get github.com/google/uuid
+```
 
 ###### Documentation 
-[![GoDoc](https://godoc.org/github.com/google/uuid?status.svg)](http://godoc.org/github.com/google/uuid)
+[![Go Reference](https://pkg.go.dev/badge/github.com/google/uuid.svg)](https://pkg.go.dev/github.com/google/uuid)
 
 Full `go doc` style documentation for the package can be viewed online without
 installing this package by using the GoDoc site here: 
diff --git a/apis/vendor/github.com/google/uuid/node_js.go b/apis/vendor/github.com/google/uuid/node_js.go
index 24b78edc9..b2a0bc871 100644
--- a/apis/vendor/github.com/google/uuid/node_js.go
+++ b/apis/vendor/github.com/google/uuid/node_js.go
@@ -7,6 +7,6 @@
 package uuid
 
 // getHardwareInterface returns nil values for the JS version of the code.
-// This remvoves the "net" dependency, because it is not used in the browser.
+// This removes the "net" dependency, because it is not used in the browser.
 // Using the "net" library inflates the size of the transpiled JS code by 673k bytes.
 func getHardwareInterface(name string) (string, []byte) { return "", nil }
diff --git a/apis/vendor/github.com/google/uuid/uuid.go b/apis/vendor/github.com/google/uuid/uuid.go
index a57207aeb..a56138cc4 100644
--- a/apis/vendor/github.com/google/uuid/uuid.go
+++ b/apis/vendor/github.com/google/uuid/uuid.go
@@ -69,7 +69,7 @@ func Parse(s string) (UUID, error) {
 
 	// urn:uuid:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
 	case 36 + 9:
-		if strings.ToLower(s[:9]) != "urn:uuid:" {
+		if !strings.EqualFold(s[:9], "urn:uuid:") {
 			return uuid, fmt.Errorf("invalid urn prefix: %q", s[:9])
 		}
 		s = s[9:]
@@ -101,7 +101,8 @@ func Parse(s string) (UUID, error) {
 		9, 11,
 		14, 16,
 		19, 21,
-		24, 26, 28, 30, 32, 34} {
+		24, 26, 28, 30, 32, 34,
+	} {
 		v, ok := xtob(s[x], s[x+1])
 		if !ok {
 			return uuid, errors.New("invalid UUID format")
@@ -117,7 +118,7 @@ func ParseBytes(b []byte) (UUID, error) {
 	switch len(b) {
 	case 36: // xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
 	case 36 + 9: // urn:uuid:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
-		if !bytes.Equal(bytes.ToLower(b[:9]), []byte("urn:uuid:")) {
+		if !bytes.EqualFold(b[:9], []byte("urn:uuid:")) {
 			return uuid, fmt.Errorf("invalid urn prefix: %q", b[:9])
 		}
 		b = b[9:]
@@ -145,7 +146,8 @@ func ParseBytes(b []byte) (UUID, error) {
 		9, 11,
 		14, 16,
 		19, 21,
-		24, 26, 28, 30, 32, 34} {
+		24, 26, 28, 30, 32, 34,
+	} {
 		v, ok := xtob(b[x], b[x+1])
 		if !ok {
 			return uuid, errors.New("invalid UUID format")
diff --git a/apis/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/internal/httprule/fuzz.go b/apis/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/internal/httprule/fuzz.go
index 138f7c12f..c056bd305 100644
--- a/apis/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/internal/httprule/fuzz.go
+++ b/apis/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/internal/httprule/fuzz.go
@@ -1,10 +1,10 @@
+//go:build gofuzz
 // +build gofuzz
 
 package httprule
 
 func Fuzz(data []byte) int {
-	_, err := Parse(string(data))
-	if err != nil {
+	if _, err := Parse(string(data)); err != nil {
 		return 0
 	}
 	return 0
diff --git a/apis/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/internal/httprule/parse.go b/apis/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/internal/httprule/parse.go
index 5edd784e6..65ffcf5cf 100644
--- a/apis/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/internal/httprule/parse.go
+++ b/apis/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/internal/httprule/parse.go
@@ -1,6 +1,7 @@
 package httprule
 
 import (
+	"errors"
 	"fmt"
 	"strings"
 )
@@ -164,9 +165,9 @@ func (p *parser) segment() (segment, error) {
 
 	v, err := p.variable()
 	if err != nil {
-		return nil, fmt.Errorf("segment neither wildcards, literal or variable: %v", err)
+		return nil, fmt.Errorf("segment neither wildcards, literal or variable: %w", err)
 	}
-	return v, err
+	return v, nil
 }
 
 func (p *parser) literal() (segment, error) {
@@ -191,7 +192,7 @@ func (p *parser) variable() (segment, error) {
 	if _, err := p.accept("="); err == nil {
 		segs, err = p.segments()
 		if err != nil {
-			return nil, fmt.Errorf("invalid segment in variable %q: %v", path, err)
+			return nil, fmt.Errorf("invalid segment in variable %q: %w", path, err)
 		}
 	} else {
 		segs = []segment{wildcard{}}
@@ -213,12 +214,12 @@ func (p *parser) fieldPath() (string, error) {
 	}
 	components := []string{c}
 	for {
-		if _, err = p.accept("."); err != nil {
+		if _, err := p.accept("."); err != nil {
 			return strings.Join(components, "."), nil
 		}
 		c, err := p.accept(typeIdent)
 		if err != nil {
-			return "", fmt.Errorf("invalid field path component: %v", err)
+			return "", fmt.Errorf("invalid field path component: %w", err)
 		}
 		components = append(components, c)
 	}
@@ -237,10 +238,8 @@ const (
 	typeEOF     = termType("$")
 )
 
-const (
-	// eof is the terminal symbol which always appears at the end of token sequence.
-	eof = "\u0000"
-)
+// eof is the terminal symbol which always appears at the end of token sequence.
+const eof = "\u0000"
 
 // accept tries to accept a token in "p".
 // This function consumes a token and returns it if it matches to the specified "term".
@@ -275,11 +274,12 @@ func (p *parser) accept(term termType) (string, error) {
 // expectPChars determines if "t" consists of only pchars defined in RFC3986.
 //
 // https://www.ietf.org/rfc/rfc3986.txt, P.49
-//   pchar         = unreserved / pct-encoded / sub-delims / ":" / "@"
-//   unreserved    = ALPHA / DIGIT / "-" / "." / "_" / "~"
-//   sub-delims    = "!" / "$" / "&" / "'" / "(" / ")"
-//                 / "*" / "+" / "," / ";" / "="
-//   pct-encoded   = "%" HEXDIG HEXDIG
+//
+//	pchar         = unreserved / pct-encoded / sub-delims / ":" / "@"
+//	unreserved    = ALPHA / DIGIT / "-" / "." / "_" / "~"
+//	sub-delims    = "!" / "$" / "&" / "'" / "(" / ")"
+//	              / "*" / "+" / "," / ";" / "="
+//	pct-encoded   = "%" HEXDIG HEXDIG
 func expectPChars(t string) error {
 	const (
 		init = iota
@@ -333,7 +333,7 @@ func expectPChars(t string) error {
 // expectIdent determines if "ident" is a valid identifier in .proto schema ([[:alpha:]_][[:alphanum:]_]*).
 func expectIdent(ident string) error {
 	if ident == "" {
-		return fmt.Errorf("empty identifier")
+		return errors.New("empty identifier")
 	}
 	for pos, r := range ident {
 		switch {
diff --git a/apis/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/BUILD.bazel b/apis/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/BUILD.bazel
index 95f867a52..a8789f170 100644
--- a/apis/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/BUILD.bazel
+++ b/apis/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/BUILD.bazel
@@ -27,9 +27,9 @@ go_library(
         "//internal/httprule",
         "//utilities",
         "@go_googleapis//google/api:httpbody_go_proto",
-        "@io_bazel_rules_go//proto/wkt:field_mask_go_proto",
         "@org_golang_google_grpc//codes",
         "@org_golang_google_grpc//grpclog",
+        "@org_golang_google_grpc//health/grpc_health_v1",
         "@org_golang_google_grpc//metadata",
         "@org_golang_google_grpc//status",
         "@org_golang_google_protobuf//encoding/protojson",
@@ -37,6 +37,8 @@ go_library(
         "@org_golang_google_protobuf//reflect/protoreflect",
         "@org_golang_google_protobuf//reflect/protoregistry",
         "@org_golang_google_protobuf//types/known/durationpb",
+        "@org_golang_google_protobuf//types/known/fieldmaskpb",
+        "@org_golang_google_protobuf//types/known/structpb",
         "@org_golang_google_protobuf//types/known/timestamppb",
         "@org_golang_google_protobuf//types/known/wrapperspb",
     ],
@@ -56,8 +58,10 @@ go_test(
         "marshal_jsonpb_test.go",
         "marshal_proto_test.go",
         "marshaler_registry_test.go",
+        "mux_internal_test.go",
         "mux_test.go",
         "pattern_test.go",
+        "query_fuzz_test.go",
         "query_test.go",
     ],
     embed = [":runtime"],
@@ -69,8 +73,9 @@ go_test(
         "@go_googleapis//google/api:httpbody_go_proto",
         "@go_googleapis//google/rpc:errdetails_go_proto",
         "@go_googleapis//google/rpc:status_go_proto",
-        "@io_bazel_rules_go//proto/wkt:field_mask_go_proto",
+        "@org_golang_google_grpc//:go_default_library",
         "@org_golang_google_grpc//codes",
+        "@org_golang_google_grpc//health/grpc_health_v1",
         "@org_golang_google_grpc//metadata",
         "@org_golang_google_grpc//status",
         "@org_golang_google_protobuf//encoding/protojson",
@@ -78,6 +83,7 @@ go_test(
         "@org_golang_google_protobuf//testing/protocmp",
         "@org_golang_google_protobuf//types/known/durationpb",
         "@org_golang_google_protobuf//types/known/emptypb",
+        "@org_golang_google_protobuf//types/known/fieldmaskpb",
         "@org_golang_google_protobuf//types/known/structpb",
         "@org_golang_google_protobuf//types/known/timestamppb",
         "@org_golang_google_protobuf//types/known/wrapperspb",
diff --git a/apis/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/context.go b/apis/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/context.go
index fb57b9366..31553e784 100644
--- a/apis/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/context.go
+++ b/apis/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/context.go
@@ -13,6 +13,7 @@ import (
 	"time"
 
 	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/grpclog"
 	"google.golang.org/grpc/metadata"
 	"google.golang.org/grpc/status"
 )
@@ -35,11 +36,15 @@ const metadataHeaderBinarySuffix = "-Bin"
 const xForwardedFor = "X-Forwarded-For"
 const xForwardedHost = "X-Forwarded-Host"
 
-var (
-	// DefaultContextTimeout is used for gRPC call context.WithTimeout whenever a Grpc-Timeout inbound
-	// header isn't present. If the value is 0 the sent `context` will not have a timeout.
-	DefaultContextTimeout = 0 * time.Second
-)
+// DefaultContextTimeout is used for gRPC call context.WithTimeout whenever a Grpc-Timeout inbound
+// header isn't present. If the value is 0 the sent `context` will not have a timeout.
+var DefaultContextTimeout = 0 * time.Second
+
+// malformedHTTPHeaders lists the headers that the gRPC server may reject outright as malformed.
+// See https://github.com/grpc/grpc-go/pull/4803#issuecomment-986093310 for more context.
+var malformedHTTPHeaders = map[string]struct{}{
+	"connection": {},
+}
 
 type (
 	rpcMethodKey       struct{}
@@ -95,12 +100,43 @@ func AnnotateIncomingContext(ctx context.Context, mux *ServeMux, req *http.Reque
 	return metadata.NewIncomingContext(ctx, md), nil
 }
 
+func isValidGRPCMetadataKey(key string) bool {
+	// Must be a valid gRPC "Header-Name" as defined here:
+	//   https://github.com/grpc/grpc/blob/4b05dc88b724214d0c725c8e7442cbc7a61b1374/doc/PROTOCOL-HTTP2.md
+	// This means 0-9 a-z _ - .
+	// Only lowercase letters are valid in the wire protocol, but the client library will normalize
+	// uppercase ASCII to lowercase, so uppercase ASCII is also acceptable.
+	bytes := []byte(key) // gRPC validates strings on the byte level, not Unicode.
+	for _, ch := range bytes {
+		validLowercaseLetter := ch >= 'a' && ch <= 'z'
+		validUppercaseLetter := ch >= 'A' && ch <= 'Z'
+		validDigit := ch >= '0' && ch <= '9'
+		validOther := ch == '.' || ch == '-' || ch == '_'
+		if !validLowercaseLetter && !validUppercaseLetter && !validDigit && !validOther {
+			return false
+		}
+	}
+	return true
+}
+
+func isValidGRPCMetadataTextValue(textValue string) bool {
+	// Must be a valid gRPC "ASCII-Value" as defined here:
+	//   https://github.com/grpc/grpc/blob/4b05dc88b724214d0c725c8e7442cbc7a61b1374/doc/PROTOCOL-HTTP2.md
+	// This means printable ASCII (including/plus spaces); 0x20 to 0x7E inclusive.
+	bytes := []byte(textValue) // gRPC validates strings on the byte level, not Unicode.
+	for _, ch := range bytes {
+		if ch < 0x20 || ch > 0x7E {
+			return false
+		}
+	}
+	return true
+}
+
 func annotateContext(ctx context.Context, mux *ServeMux, req *http.Request, rpcMethodName string, options ...AnnotateContextOption) (context.Context, metadata.MD, error) {
 	ctx = withRPCMethod(ctx, rpcMethodName)
 	for _, o := range options {
 		ctx = o(ctx)
 	}
-	var pairs []string
 	timeout := DefaultContextTimeout
 	if tm := req.Header.Get(metadataGrpcTimeout); tm != "" {
 		var err error
@@ -109,7 +145,7 @@ func annotateContext(ctx context.Context, mux *ServeMux, req *http.Request, rpcM
 			return nil, nil, status.Errorf(codes.InvalidArgument, "invalid grpc-timeout: %s", tm)
 		}
 	}
-
+	var pairs []string
 	for key, vals := range req.Header {
 		key = textproto.CanonicalMIMEHeaderKey(key)
 		for _, val := range vals {
@@ -118,6 +154,10 @@ func annotateContext(ctx context.Context, mux *ServeMux, req *http.Request, rpcM
 				pairs = append(pairs, "authorization", val)
 			}
 			if h, ok := mux.incomingHeaderMatcher(key); ok {
+				if !isValidGRPCMetadataKey(h) {
+					grpclog.Errorf("HTTP header name %q is not valid as gRPC metadata key; skipping", h)
+					continue
+				}
 				// Handles "-bin" metadata in grpc, since grpc will do another base64
 				// encode before sending to server, we need to decode it first.
 				if strings.HasSuffix(key, metadataHeaderBinarySuffix) {
@@ -127,6 +167,9 @@ func annotateContext(ctx context.Context, mux *ServeMux, req *http.Request, rpcM
 					}
 
 					val = string(b)
+				} else if !isValidGRPCMetadataTextValue(val) {
+					grpclog.Errorf("Value of HTTP header %q contains non-ASCII value (not valid as gRPC metadata): skipping", h)
+					continue
 				}
 				pairs = append(pairs, h, val)
 			}
@@ -172,11 +215,17 @@ type serverMetadataKey struct{}
 
 // NewServerMetadataContext creates a new context with ServerMetadata
 func NewServerMetadataContext(ctx context.Context, md ServerMetadata) context.Context {
+	if ctx == nil {
+		ctx = context.Background()
+	}
 	return context.WithValue(ctx, serverMetadataKey{}, md)
 }
 
 // ServerMetadataFromContext returns the ServerMetadata in ctx
 func ServerMetadataFromContext(ctx context.Context) (md ServerMetadata, ok bool) {
+	if ctx == nil {
+		return md, false
+	}
 	md, ok = ctx.Value(serverMetadataKey{}).(ServerMetadata)
 	return
 }
@@ -269,8 +318,8 @@ func timeoutUnitToDuration(u uint8) (d time.Duration, ok bool) {
 	case 'n':
 		return time.Nanosecond, true
 	default:
+		return
 	}
-	return
 }
 
 // isPermanentHTTPHeader checks whether hdr belongs to the list of
@@ -308,6 +357,13 @@ func isPermanentHTTPHeader(hdr string) bool {
 	return false
 }
 
+// isMalformedHTTPHeader checks whether header belongs to the list of
+// "malformed headers" and would be rejected by the gRPC server.
+func isMalformedHTTPHeader(header string) bool {
+	_, isMalformed := malformedHTTPHeaders[strings.ToLower(header)]
+	return isMalformed
+}
+
 // RPCMethod returns the method string for the server context. The returned
 // string is in the format of "/package.service/method".
 func RPCMethod(ctx context.Context) (string, bool) {
diff --git a/apis/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/convert.go b/apis/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/convert.go
index e6bc4e6ce..d7b15fcfb 100644
--- a/apis/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/convert.go
+++ b/apis/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/convert.go
@@ -37,7 +37,7 @@ func BoolSlice(val, sep string) ([]bool, error) {
 	for i, v := range s {
 		value, err := Bool(v)
 		if err != nil {
-			return values, err
+			return nil, err
 		}
 		values[i] = value
 	}
@@ -57,7 +57,7 @@ func Float64Slice(val, sep string) ([]float64, error) {
 	for i, v := range s {
 		value, err := Float64(v)
 		if err != nil {
-			return values, err
+			return nil, err
 		}
 		values[i] = value
 	}
@@ -81,7 +81,7 @@ func Float32Slice(val, sep string) ([]float32, error) {
 	for i, v := range s {
 		value, err := Float32(v)
 		if err != nil {
-			return values, err
+			return nil, err
 		}
 		values[i] = value
 	}
@@ -101,7 +101,7 @@ func Int64Slice(val, sep string) ([]int64, error) {
 	for i, v := range s {
 		value, err := Int64(v)
 		if err != nil {
-			return values, err
+			return nil, err
 		}
 		values[i] = value
 	}
@@ -125,7 +125,7 @@ func Int32Slice(val, sep string) ([]int32, error) {
 	for i, v := range s {
 		value, err := Int32(v)
 		if err != nil {
-			return values, err
+			return nil, err
 		}
 		values[i] = value
 	}
@@ -145,7 +145,7 @@ func Uint64Slice(val, sep string) ([]uint64, error) {
 	for i, v := range s {
 		value, err := Uint64(v)
 		if err != nil {
-			return values, err
+			return nil, err
 		}
 		values[i] = value
 	}
@@ -169,7 +169,7 @@ func Uint32Slice(val, sep string) ([]uint32, error) {
 	for i, v := range s {
 		value, err := Uint32(v)
 		if err != nil {
-			return values, err
+			return nil, err
 		}
 		values[i] = value
 	}
@@ -197,7 +197,7 @@ func BytesSlice(val, sep string) ([][]byte, error) {
 	for i, v := range s {
 		value, err := Bytes(v)
 		if err != nil {
-			return values, err
+			return nil, err
 		}
 		values[i] = value
 	}
@@ -209,8 +209,7 @@ func Timestamp(val string) (*timestamppb.Timestamp, error) {
 	var r timestamppb.Timestamp
 	val = strconv.Quote(strings.Trim(val, `"`))
 	unmarshaler := &protojson.UnmarshalOptions{}
-	err := unmarshaler.Unmarshal([]byte(val), &r)
-	if err != nil {
+	if err := unmarshaler.Unmarshal([]byte(val), &r); err != nil {
 		return nil, err
 	}
 	return &r, nil
@@ -221,8 +220,7 @@ func Duration(val string) (*durationpb.Duration, error) {
 	var r durationpb.Duration
 	val = strconv.Quote(strings.Trim(val, `"`))
 	unmarshaler := &protojson.UnmarshalOptions{}
-	err := unmarshaler.Unmarshal([]byte(val), &r)
-	if err != nil {
+	if err := unmarshaler.Unmarshal([]byte(val), &r); err != nil {
 		return nil, err
 	}
 	return &r, nil
@@ -257,66 +255,64 @@ func EnumSlice(val, sep string, enumValMap map[string]int32) ([]int32, error) {
 	for i, v := range s {
 		value, err := Enum(v, enumValMap)
 		if err != nil {
-			return values, err
+			return nil, err
 		}
 		values[i] = value
 	}
 	return values, nil
 }
 
-/*
-	Support fot google.protobuf.wrappers on top of primitive types
-*/
+// Support for google.protobuf.wrappers on top of primitive types
 
 // StringValue well-known type support as wrapper around string type
 func StringValue(val string) (*wrapperspb.StringValue, error) {
-	return &wrapperspb.StringValue{Value: val}, nil
+	return wrapperspb.String(val), nil
 }
 
 // FloatValue well-known type support as wrapper around float32 type
 func FloatValue(val string) (*wrapperspb.FloatValue, error) {
 	parsedVal, err := Float32(val)
-	return &wrapperspb.FloatValue{Value: parsedVal}, err
+	return wrapperspb.Float(parsedVal), err
 }
 
 // DoubleValue well-known type support as wrapper around float64 type
 func DoubleValue(val string) (*wrapperspb.DoubleValue, error) {
 	parsedVal, err := Float64(val)
-	return &wrapperspb.DoubleValue{Value: parsedVal}, err
+	return wrapperspb.Double(parsedVal), err
 }
 
 // BoolValue well-known type support as wrapper around bool type
 func BoolValue(val string) (*wrapperspb.BoolValue, error) {
 	parsedVal, err := Bool(val)
-	return &wrapperspb.BoolValue{Value: parsedVal}, err
+	return wrapperspb.Bool(parsedVal), err
 }
 
 // Int32Value well-known type support as wrapper around int32 type
 func Int32Value(val string) (*wrapperspb.Int32Value, error) {
 	parsedVal, err := Int32(val)
-	return &wrapperspb.Int32Value{Value: parsedVal}, err
+	return wrapperspb.Int32(parsedVal), err
 }
 
 // UInt32Value well-known type support as wrapper around uint32 type
 func UInt32Value(val string) (*wrapperspb.UInt32Value, error) {
 	parsedVal, err := Uint32(val)
-	return &wrapperspb.UInt32Value{Value: parsedVal}, err
+	return wrapperspb.UInt32(parsedVal), err
 }
 
 // Int64Value well-known type support as wrapper around int64 type
 func Int64Value(val string) (*wrapperspb.Int64Value, error) {
 	parsedVal, err := Int64(val)
-	return &wrapperspb.Int64Value{Value: parsedVal}, err
+	return wrapperspb.Int64(parsedVal), err
 }
 
 // UInt64Value well-known type support as wrapper around uint64 type
 func UInt64Value(val string) (*wrapperspb.UInt64Value, error) {
 	parsedVal, err := Uint64(val)
-	return &wrapperspb.UInt64Value{Value: parsedVal}, err
+	return wrapperspb.UInt64(parsedVal), err
 }
 
 // BytesValue well-known type support as wrapper around bytes[] type
 func BytesValue(val string) (*wrapperspb.BytesValue, error) {
 	parsedVal, err := Bytes(val)
-	return &wrapperspb.BytesValue{Value: parsedVal}, err
+	return wrapperspb.Bytes(parsedVal), err
 }
diff --git a/apis/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/errors.go b/apis/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/errors.go
index d9e0013c4..d2bcbb7d2 100644
--- a/apis/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/errors.go
+++ b/apis/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/errors.go
@@ -38,7 +38,7 @@ func HTTPStatusFromCode(code codes.Code) int {
 	case codes.OK:
 		return http.StatusOK
 	case codes.Canceled:
-		return http.StatusRequestTimeout
+		return 499
 	case codes.Unknown:
 		return http.StatusInternalServerError
 	case codes.InvalidArgument:
@@ -70,10 +70,10 @@ func HTTPStatusFromCode(code codes.Code) int {
 		return http.StatusServiceUnavailable
 	case codes.DataLoss:
 		return http.StatusInternalServerError
+	default:
+		grpclog.Infof("Unknown gRPC error code: %v", code)
+		return http.StatusInternalServerError
 	}
-
-	grpclog.Infof("Unknown gRPC error code: %v", code)
-	return http.StatusInternalServerError
 }
 
 // HTTPError uses the mux-configured error handler.
@@ -162,10 +162,11 @@ func DefaultStreamErrorHandler(_ context.Context, err error) *status.Status {
 
 // DefaultRoutingErrorHandler is our default handler for routing errors.
 // By default http error codes mapped on the following error codes:
-//   NotFound -> grpc.NotFound
-//   StatusBadRequest -> grpc.InvalidArgument
-//   MethodNotAllowed -> grpc.Unimplemented
-//   Other -> grpc.Internal, method is not expecting to be called for anything else
+//
+//	NotFound -> grpc.NotFound
+//	StatusBadRequest -> grpc.InvalidArgument
+//	MethodNotAllowed -> grpc.Unimplemented
+//	Other -> grpc.Internal, method is not expecting to be called for anything else
 func DefaultRoutingErrorHandler(ctx context.Context, mux *ServeMux, marshaler Marshaler, w http.ResponseWriter, r *http.Request, httpStatus int) {
 	sterr := status.Error(codes.Internal, "Unexpected routing error")
 	switch httpStatus {
diff --git a/apis/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/fieldmask.go b/apis/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/fieldmask.go
index 0138ed2f7..a03dd166b 100644
--- a/apis/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/fieldmask.go
+++ b/apis/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/fieldmask.go
@@ -2,13 +2,14 @@ package runtime
 
 import (
 	"encoding/json"
+	"errors"
 	"fmt"
 	"io"
 	"sort"
 
-	"google.golang.org/genproto/protobuf/field_mask"
 	"google.golang.org/protobuf/proto"
 	"google.golang.org/protobuf/reflect/protoreflect"
+	field_mask "google.golang.org/protobuf/types/known/fieldmaskpb"
 )
 
 func getFieldByName(fields protoreflect.FieldDescriptors, name string) protoreflect.FieldDescriptor {
@@ -44,7 +45,7 @@ func FieldMaskFromRequestBody(r io.Reader, msg proto.Message) (*field_mask.Field
 			// if the item is an object, then enqueue all of its children
 			for k, v := range m {
 				if item.msg == nil {
-					return nil, fmt.Errorf("JSON structure did not match request type")
+					return nil, errors.New("JSON structure did not match request type")
 				}
 
 				fd := getFieldByName(item.msg.Descriptor().Fields(), k)
@@ -53,7 +54,7 @@ func FieldMaskFromRequestBody(r io.Reader, msg proto.Message) (*field_mask.Field
 				}
 
 				if isDynamicProtoMessage(fd.Message()) {
-					for _, p := range buildPathsBlindly(k, v) {
+					for _, p := range buildPathsBlindly(string(fd.FullName().Name()), v) {
 						newPath := p
 						if item.path != "" {
 							newPath = item.path + "." + newPath
@@ -63,7 +64,7 @@ func FieldMaskFromRequestBody(r io.Reader, msg proto.Message) (*field_mask.Field
 					continue
 				}
 
-				if isProtobufAnyMessage(fd.Message()) {
+				if isProtobufAnyMessage(fd.Message()) && !fd.IsList() {
 					_, hasTypeField := v.(map[string]interface{})["@type"]
 					if hasTypeField {
 						queue = append(queue, fieldMaskPathItem{path: k})
diff --git a/apis/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/handler.go b/apis/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/handler.go
index d1e21df48..945f3a5eb 100644
--- a/apis/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/handler.go
+++ b/apis/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/handler.go
@@ -52,11 +52,11 @@ func ForwardResponseStream(ctx context.Context, mux *ServeMux, marshaler Marshal
 			return
 		}
 		if err != nil {
-			handleForwardResponseStreamError(ctx, wroteHeader, marshaler, w, req, mux, err)
+			handleForwardResponseStreamError(ctx, wroteHeader, marshaler, w, req, mux, err, delimiter)
 			return
 		}
 		if err := handleForwardResponseOptions(ctx, w, resp, opts); err != nil {
-			handleForwardResponseStreamError(ctx, wroteHeader, marshaler, w, req, mux, err)
+			handleForwardResponseStreamError(ctx, wroteHeader, marshaler, w, req, mux, err, delimiter)
 			return
 		}
 
@@ -82,15 +82,15 @@ func ForwardResponseStream(ctx context.Context, mux *ServeMux, marshaler Marshal
 
 		if err != nil {
 			grpclog.Infof("Failed to marshal response chunk: %v", err)
-			handleForwardResponseStreamError(ctx, wroteHeader, marshaler, w, req, mux, err)
+			handleForwardResponseStreamError(ctx, wroteHeader, marshaler, w, req, mux, err, delimiter)
 			return
 		}
-		if _, err = w.Write(buf); err != nil {
+		if _, err := w.Write(buf); err != nil {
 			grpclog.Infof("Failed to send response chunk: %v", err)
 			return
 		}
 		wroteHeader = true
-		if _, err = w.Write(delimiter); err != nil {
+		if _, err := w.Write(delimiter); err != nil {
 			grpclog.Infof("Failed to send delimiter chunk: %v", err)
 			return
 		}
@@ -200,20 +200,24 @@ func handleForwardResponseOptions(ctx context.Context, w http.ResponseWriter, re
 	return nil
 }
 
-func handleForwardResponseStreamError(ctx context.Context, wroteHeader bool, marshaler Marshaler, w http.ResponseWriter, req *http.Request, mux *ServeMux, err error) {
+func handleForwardResponseStreamError(ctx context.Context, wroteHeader bool, marshaler Marshaler, w http.ResponseWriter, req *http.Request, mux *ServeMux, err error, delimiter []byte) {
 	st := mux.streamErrorHandler(ctx, err)
 	msg := errorChunk(st)
 	if !wroteHeader {
 		w.Header().Set("Content-Type", marshaler.ContentType(msg))
 		w.WriteHeader(HTTPStatusFromCode(st.Code()))
 	}
-	buf, merr := marshaler.Marshal(msg)
-	if merr != nil {
-		grpclog.Infof("Failed to marshal an error: %v", merr)
+	buf, err := marshaler.Marshal(msg)
+	if err != nil {
+		grpclog.Infof("Failed to marshal an error: %v", err)
+		return
+	}
+	if _, err := w.Write(buf); err != nil {
+		grpclog.Infof("Failed to notify error to client: %v", err)
 		return
 	}
-	if _, werr := w.Write(buf); werr != nil {
-		grpclog.Infof("Failed to notify error to client: %v", werr)
+	if _, err := w.Write(delimiter); err != nil {
+		grpclog.Infof("Failed to send delimiter chunk: %v", err)
 		return
 	}
 }
diff --git a/apis/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/marshal_jsonpb.go b/apis/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/marshal_jsonpb.go
index 7387c8e39..51b8247da 100644
--- a/apis/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/marshal_jsonpb.go
+++ b/apis/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/marshal_jsonpb.go
@@ -92,23 +92,20 @@ func (j *JSONPb) marshalNonProtoField(v interface{}) ([]byte, error) {
 
 		if rv.Type().Elem().Implements(protoMessageType) {
 			var buf bytes.Buffer
-			err := buf.WriteByte('[')
-			if err != nil {
+			if err := buf.WriteByte('['); err != nil {
 				return nil, err
 			}
 			for i := 0; i < rv.Len(); i++ {
 				if i != 0 {
-					err = buf.WriteByte(',')
-					if err != nil {
+					if err := buf.WriteByte(','); err != nil {
 						return nil, err
 					}
 				}
-				if err = j.marshalTo(&buf, rv.Index(i).Interface().(proto.Message)); err != nil {
+				if err := j.marshalTo(&buf, rv.Index(i).Interface().(proto.Message)); err != nil {
 					return nil, err
 				}
 			}
-			err = buf.WriteByte(']')
-			if err != nil {
+			if err := buf.WriteByte(']'); err != nil {
 				return nil, err
 			}
 
@@ -117,17 +114,16 @@ func (j *JSONPb) marshalNonProtoField(v interface{}) ([]byte, error) {
 
 		if rv.Type().Elem().Implements(typeProtoEnum) {
 			var buf bytes.Buffer
-			err := buf.WriteByte('[')
-			if err != nil {
+			if err := buf.WriteByte('['); err != nil {
 				return nil, err
 			}
 			for i := 0; i < rv.Len(); i++ {
 				if i != 0 {
-					err = buf.WriteByte(',')
-					if err != nil {
+					if err := buf.WriteByte(','); err != nil {
 						return nil, err
 					}
 				}
+				var err error
 				if j.UseEnumNumbers {
 					_, err = buf.WriteString(strconv.FormatInt(rv.Index(i).Int(), 10))
 				} else {
@@ -137,8 +133,7 @@ func (j *JSONPb) marshalNonProtoField(v interface{}) ([]byte, error) {
 					return nil, err
 				}
 			}
-			err = buf.WriteByte(']')
-			if err != nil {
+			if err := buf.WriteByte(']'); err != nil {
 				return nil, err
 			}
 
@@ -219,8 +214,7 @@ func decodeJSONPb(d *json.Decoder, unmarshaler protojson.UnmarshalOptions, v int
 
 	// Decode into bytes for marshalling
 	var b json.RawMessage
-	err := d.Decode(&b)
-	if err != nil {
+	if err := d.Decode(&b); err != nil {
 		return err
 	}
 
@@ -239,8 +233,7 @@ func decodeNonProtoField(d *json.Decoder, unmarshaler protojson.UnmarshalOptions
 		if rv.Type().ConvertibleTo(typeProtoMessage) {
 			// Decode into bytes for marshalling
 			var b json.RawMessage
-			err := d.Decode(&b)
-			if err != nil {
+			if err := d.Decode(&b); err != nil {
 				return err
 			}
 
@@ -280,6 +273,17 @@ func decodeNonProtoField(d *json.Decoder, unmarshaler protojson.UnmarshalOptions
 		return nil
 	}
 	if rv.Kind() == reflect.Slice {
+		if rv.Type().Elem().Kind() == reflect.Uint8 {
+			var sl []byte
+			if err := d.Decode(&sl); err != nil {
+				return err
+			}
+			if sl != nil {
+				rv.SetBytes(sl)
+			}
+			return nil
+		}
+
 		var sl []json.RawMessage
 		if err := d.Decode(&sl); err != nil {
 			return err
diff --git a/apis/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/marshal_proto.go b/apis/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/marshal_proto.go
index 007f8f1a2..398c780dc 100644
--- a/apis/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/marshal_proto.go
+++ b/apis/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/marshal_proto.go
@@ -1,10 +1,8 @@
 package runtime
 
 import (
-	"io"
-
 	"errors"
-	"io/ioutil"
+	"io"
 
 	"google.golang.org/protobuf/proto"
 )
@@ -38,7 +36,7 @@ func (*ProtoMarshaller) Unmarshal(data []byte, value interface{}) error {
 // NewDecoder returns a Decoder which reads proto stream from "reader".
 func (marshaller *ProtoMarshaller) NewDecoder(reader io.Reader) Decoder {
 	return DecoderFunc(func(value interface{}) error {
-		buffer, err := ioutil.ReadAll(reader)
+		buffer, err := io.ReadAll(reader)
 		if err != nil {
 			return err
 		}
@@ -53,8 +51,7 @@ func (marshaller *ProtoMarshaller) NewEncoder(writer io.Writer) Encoder {
 		if err != nil {
 			return err
 		}
-		_, err = writer.Write(buffer)
-		if err != nil {
+		if _, err := writer.Write(buffer); err != nil {
 			return err
 		}
 
diff --git a/apis/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/mux.go b/apis/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/mux.go
index 46a4aabaf..f451cb441 100644
--- a/apis/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/mux.go
+++ b/apis/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/mux.go
@@ -6,10 +6,13 @@ import (
 	"fmt"
 	"net/http"
 	"net/textproto"
+	"regexp"
 	"strings"
 
 	"github.com/grpc-ecosystem/grpc-gateway/v2/internal/httprule"
 	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/grpclog"
+	"google.golang.org/grpc/health/grpc_health_v1"
 	"google.golang.org/grpc/metadata"
 	"google.golang.org/grpc/status"
 	"google.golang.org/protobuf/proto"
@@ -23,15 +26,15 @@ const (
 	// path string before doing any routing.
 	UnescapingModeLegacy UnescapingMode = iota
 
-	// EscapingTypeExceptReserved unescapes all path parameters except RFC 6570
+	// UnescapingModeAllExceptReserved unescapes all path parameters except RFC 6570
 	// reserved characters.
 	UnescapingModeAllExceptReserved
 
-	// EscapingTypeExceptSlash unescapes URL path parameters except path
-	// seperators, which will be left as "%2F".
+	// UnescapingModeAllExceptSlash unescapes URL path parameters except path
+	// separators, which will be left as "%2F".
 	UnescapingModeAllExceptSlash
 
-	// URL path parameters will be fully decoded.
+	// UnescapingModeAllCharacters unescapes all URL path parameters.
 	UnescapingModeAllCharacters
 
 	// UnescapingModeDefault is the default escaping type.
@@ -40,6 +43,8 @@ const (
 	UnescapingModeDefault = UnescapingModeLegacy
 )
 
+var encodedPathSplitter = regexp.MustCompile("(/|%2F)")
+
 // A HandlerFunc handles a specific pair of path pattern and HTTP method.
 type HandlerFunc func(w http.ResponseWriter, r *http.Request, pathParams map[string]string)
 
@@ -75,7 +80,7 @@ func WithForwardResponseOption(forwardResponseOption func(context.Context, http.
 	}
 }
 
-// WithEscapingType sets the escaping type. See the definitions of UnescapingMode
+// WithUnescapingMode sets the escaping type. See the definitions of UnescapingMode
 // for more information.
 func WithUnescapingMode(mode UnescapingMode) ServeMuxOption {
 	return func(serveMux *ServeMux) {
@@ -96,13 +101,14 @@ func SetQueryParameterParser(queryParameterParser QueryParameterParser) ServeMux
 type HeaderMatcherFunc func(string) (string, bool)
 
 // DefaultHeaderMatcher is used to pass http request headers to/from gRPC context. This adds permanent HTTP header
-// keys (as specified by the IANA) to gRPC context with grpcgateway- prefix. HTTP headers that start with
-// 'Grpc-Metadata-' are mapped to gRPC metadata after removing prefix 'Grpc-Metadata-'.
+// keys (as specified by the IANA, e.g: Accept, Cookie, Host) to the gRPC metadata with the grpcgateway- prefix. If you want to know which headers are considered permanent, you can view the isPermanentHTTPHeader function.
+// HTTP headers that start with 'Grpc-Metadata-' are mapped to gRPC metadata after removing the prefix 'Grpc-Metadata-'.
+// Other headers are not added to the gRPC metadata.
 func DefaultHeaderMatcher(key string) (string, bool) {
-	key = textproto.CanonicalMIMEHeaderKey(key)
-	if isPermanentHTTPHeader(key) {
+	switch key = textproto.CanonicalMIMEHeaderKey(key); {
+	case isPermanentHTTPHeader(key):
 		return MetadataPrefix + key, true
-	} else if strings.HasPrefix(key, MetadataHeaderPrefix) {
+	case strings.HasPrefix(key, MetadataHeaderPrefix):
 		return key[len(MetadataHeaderPrefix):], true
 	}
 	return "", false
@@ -113,11 +119,30 @@ func DefaultHeaderMatcher(key string) (string, bool) {
 // This matcher will be called with each header in http.Request. If matcher returns true, that header will be
 // passed to gRPC context. To transform the header before passing to gRPC context, matcher should return modified header.
 func WithIncomingHeaderMatcher(fn HeaderMatcherFunc) ServeMuxOption {
+	for _, header := range fn.matchedMalformedHeaders() {
+		grpclog.Warningf("The configured forwarding filter would allow %q to be sent to the gRPC server, which will likely cause errors. See https://github.com/grpc/grpc-go/pull/4803#issuecomment-986093310 for more information.", header)
+	}
+
 	return func(mux *ServeMux) {
 		mux.incomingHeaderMatcher = fn
 	}
 }
 
+// matchedMalformedHeaders returns the malformed headers that would be forwarded to gRPC server.
+func (fn HeaderMatcherFunc) matchedMalformedHeaders() []string {
+	if fn == nil {
+		return nil
+	}
+	headers := make([]string, 0)
+	for header := range malformedHTTPHeaders {
+		out, accept := fn(header)
+		if accept && isMalformedHTTPHeader(out) {
+			headers = append(headers, out)
+		}
+	}
+	return headers
+}
+
 // WithOutgoingHeaderMatcher returns a ServeMuxOption representing a headerMatcher for outgoing response from gateway.
 //
 // This matcher will be called with each header in response header metadata. If matcher returns true, that header will be
@@ -179,6 +204,56 @@ func WithDisablePathLengthFallback() ServeMuxOption {
 	}
 }
 
+// WithHealthEndpointAt returns a ServeMuxOption that will add an endpoint to the created ServeMux at the path specified by endpointPath.
+// When called the handler will forward the request to the upstream grpc service health check (defined in the
+// gRPC Health Checking Protocol).
+//
+// See here https://grpc-ecosystem.github.io/grpc-gateway/docs/operations/health_check/ for more information on how
+// to setup the protocol in the grpc server.
+//
+// If you define a service as query parameter, this will also be forwarded as service in the HealthCheckRequest.
+func WithHealthEndpointAt(healthCheckClient grpc_health_v1.HealthClient, endpointPath string) ServeMuxOption {
+	return func(s *ServeMux) {
+		// error can be ignored since pattern is definitely valid
+		_ = s.HandlePath(
+			http.MethodGet, endpointPath, func(w http.ResponseWriter, r *http.Request, _ map[string]string,
+			) {
+				_, outboundMarshaler := MarshalerForRequest(s, r)
+
+				resp, err := healthCheckClient.Check(r.Context(), &grpc_health_v1.HealthCheckRequest{
+					Service: r.URL.Query().Get("service"),
+				})
+				if err != nil {
+					s.errorHandler(r.Context(), s, outboundMarshaler, w, r, err)
+					return
+				}
+
+				w.Header().Set("Content-Type", "application/json")
+
+				if resp.GetStatus() != grpc_health_v1.HealthCheckResponse_SERVING {
+					switch resp.GetStatus() {
+					case grpc_health_v1.HealthCheckResponse_NOT_SERVING, grpc_health_v1.HealthCheckResponse_UNKNOWN:
+						err = status.Error(codes.Unavailable, resp.String())
+					case grpc_health_v1.HealthCheckResponse_SERVICE_UNKNOWN:
+						err = status.Error(codes.NotFound, resp.String())
+					}
+
+					s.errorHandler(r.Context(), s, outboundMarshaler, w, r, err)
+					return
+				}
+
+				_ = outboundMarshaler.NewEncoder(w).Encode(resp)
+			})
+	}
+}
+
+// WithHealthzEndpoint returns a ServeMuxOption that will add a /healthz endpoint to the created ServeMux.
+//
+// See WithHealthEndpointAt for the general implementation.
+func WithHealthzEndpoint(healthCheckClient grpc_health_v1.HealthClient) ServeMuxOption {
+	return WithHealthEndpointAt(healthCheckClient, "/healthz")
+}
+
 // NewServeMux returns a new ServeMux whose internal mapping is empty.
 func NewServeMux(opts ...ServeMuxOption) *ServeMux {
 	serveMux := &ServeMux{
@@ -229,7 +304,7 @@ func (s *ServeMux) HandlePath(meth string, pathPattern string, h HandlerFunc) er
 	return nil
 }
 
-// ServeHTTP dispatches the request to the first handler whose pattern matches to r.Method and r.Path.
+// ServeHTTP dispatches the request to the first handler whose pattern matches to r.Method and r.URL.Path.
 func (s *ServeMux) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
 
@@ -245,8 +320,6 @@ func (s *ServeMux) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 		path = r.URL.RawPath
 	}
 
-	components := strings.Split(path[1:], "/")
-
 	if override := r.Header.Get("X-HTTP-Method-Override"); override != "" && s.isPathLengthFallback(r) {
 		r.Method = strings.ToUpper(override)
 		if err := r.ParseForm(); err != nil {
@@ -257,8 +330,18 @@ func (s *ServeMux) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 		}
 	}
 
-	// Verb out here is to memoize for the fallback case below
-	var verb string
+	var pathComponents []string
+	// since in UnescapeModeLegacy, the URL will already have been fully unescaped, if we also split on "%2F"
+	// in this escaping mode we would be double unescaping but in UnescapingModeAllCharacters, we still do as the
+	// path is the RawPath (i.e. unescaped). That does mean that the behavior of this function will change its default
+	// behavior when the UnescapingModeDefault gets changed from UnescapingModeLegacy to UnescapingModeAllExceptReserved
+	if s.unescapingMode == UnescapingModeAllCharacters {
+		pathComponents = encodedPathSplitter.Split(path[1:], -1)
+	} else {
+		pathComponents = strings.Split(path[1:], "/")
+	}
+
+	lastPathComponent := pathComponents[len(pathComponents)-1]
 
 	for _, h := range s.handlers[r.Method] {
 		// If the pattern has a verb, explicitly look for a suffix in the last
@@ -269,23 +352,28 @@ func (s *ServeMux) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 		// parser because we know what verb we're looking for, however, there
 		// are still some cases that the parser itself cannot disambiguate. See
 		// the comment there if interested.
+
+		var verb string
 		patVerb := h.pat.Verb()
-		l := len(components)
-		lastComponent := components[l-1]
-		var idx int = -1
-		if patVerb != "" && strings.HasSuffix(lastComponent, ":"+patVerb) {
-			idx = len(lastComponent) - len(patVerb) - 1
+
+		idx := -1
+		if patVerb != "" && strings.HasSuffix(lastPathComponent, ":"+patVerb) {
+			idx = len(lastPathComponent) - len(patVerb) - 1
 		}
 		if idx == 0 {
 			_, outboundMarshaler := MarshalerForRequest(s, r)
 			s.routingErrorHandler(ctx, s, outboundMarshaler, w, r, http.StatusNotFound)
 			return
 		}
+
+		comps := make([]string, len(pathComponents))
+		copy(comps, pathComponents)
+
 		if idx > 0 {
-			components[l-1], verb = lastComponent[:idx], lastComponent[idx+1:]
+			comps[len(comps)-1], verb = lastPathComponent[:idx], lastPathComponent[idx+1:]
 		}
 
-		pathParams, err := h.pat.MatchAndEscape(components, verb, s.unescapingMode)
+		pathParams, err := h.pat.MatchAndEscape(comps, verb, s.unescapingMode)
 		if err != nil {
 			var mse MalformedSequenceError
 			if ok := errors.As(err, &mse); ok {
@@ -301,14 +389,33 @@ func (s *ServeMux) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	// lookup other methods to handle fallback from GET to POST and
-	// to determine if it is NotImplemented or NotFound.
+	// if no handler has found for the request, lookup for other methods
+	// to handle POST -> GET fallback if the request is subject to path
+	// length fallback.
+	// Note we are not eagerly checking the request here as we want to return the
+	// right HTTP status code, and we need to process the fallback candidates in
+	// order to do that.
 	for m, handlers := range s.handlers {
 		if m == r.Method {
 			continue
 		}
 		for _, h := range handlers {
-			pathParams, err := h.pat.MatchAndEscape(components, verb, s.unescapingMode)
+			var verb string
+			patVerb := h.pat.Verb()
+
+			idx := -1
+			if patVerb != "" && strings.HasSuffix(lastPathComponent, ":"+patVerb) {
+				idx = len(lastPathComponent) - len(patVerb) - 1
+			}
+
+			comps := make([]string, len(pathComponents))
+			copy(comps, pathComponents)
+
+			if idx > 0 {
+				comps[len(comps)-1], verb = lastPathComponent[:idx], lastPathComponent[idx+1:]
+			}
+
+			pathParams, err := h.pat.MatchAndEscape(comps, verb, s.unescapingMode)
 			if err != nil {
 				var mse MalformedSequenceError
 				if ok := errors.As(err, &mse); ok {
@@ -320,8 +427,11 @@ func (s *ServeMux) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 				}
 				continue
 			}
+
 			// X-HTTP-Method-Override is optional. Always allow fallback to POST.
-			if s.isPathLengthFallback(r) {
+			// Also, only consider POST -> GET fallbacks, and avoid falling back to
+			// potentially dangerous operations like DELETE.
+			if s.isPathLengthFallback(r) && m == http.MethodGet {
 				if err := r.ParseForm(); err != nil {
 					_, outboundMarshaler := MarshalerForRequest(s, r)
 					sterr := status.Error(codes.InvalidArgument, err.Error())
diff --git a/apis/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/pattern.go b/apis/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/pattern.go
index df7cb8142..8f90d15a5 100644
--- a/apis/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/pattern.go
+++ b/apis/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/pattern.go
@@ -15,8 +15,6 @@ var (
 	ErrNotMatch = errors.New("not match to the path pattern")
 	// ErrInvalidPattern indicates that the given definition of Pattern is not valid.
 	ErrInvalidPattern = errors.New("invalid pattern")
-	// ErrMalformedSequence indicates that an escape sequence was malformed.
-	ErrMalformedSequence = errors.New("malformed escape sequence")
 )
 
 type MalformedSequenceError string
diff --git a/apis/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/query.go b/apis/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/query.go
index fb0c84ef0..d01933c4f 100644
--- a/apis/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/query.go
+++ b/apis/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/query.go
@@ -1,7 +1,6 @@
 package runtime
 
 import (
-	"encoding/base64"
 	"errors"
 	"fmt"
 	"net/url"
@@ -11,19 +10,21 @@ import (
 	"time"
 
 	"github.com/grpc-ecosystem/grpc-gateway/v2/utilities"
-	"google.golang.org/genproto/protobuf/field_mask"
 	"google.golang.org/grpc/grpclog"
+	"google.golang.org/protobuf/encoding/protojson"
 	"google.golang.org/protobuf/proto"
 	"google.golang.org/protobuf/reflect/protoreflect"
 	"google.golang.org/protobuf/reflect/protoregistry"
 	"google.golang.org/protobuf/types/known/durationpb"
+	field_mask "google.golang.org/protobuf/types/known/fieldmaskpb"
+	"google.golang.org/protobuf/types/known/structpb"
 	"google.golang.org/protobuf/types/known/timestamppb"
 	"google.golang.org/protobuf/types/known/wrapperspb"
 )
 
 var valuesKeyRegexp = regexp.MustCompile(`^(.*)\[(.*)\]$`)
 
-var currentQueryParser QueryParameterParser = &defaultQueryParser{}
+var currentQueryParser QueryParameterParser = &DefaultQueryParser{}
 
 // QueryParameterParser defines interface for all query parameter parsers
 type QueryParameterParser interface {
@@ -36,14 +37,17 @@ func PopulateQueryParameters(msg proto.Message, values url.Values, filter *utili
 	return currentQueryParser.Parse(msg, values, filter)
 }
 
-type defaultQueryParser struct{}
+// DefaultQueryParser is a QueryParameterParser which implements the default
+// query parameters parsing behavior.
+//
+// See https://github.com/grpc-ecosystem/grpc-gateway/issues/2632 for more context.
+type DefaultQueryParser struct{}
 
 // Parse populates "values" into "msg".
 // A value is ignored if its key starts with one of the elements in "filter".
-func (*defaultQueryParser) Parse(msg proto.Message, values url.Values, filter *utilities.DoubleArray) error {
+func (*DefaultQueryParser) Parse(msg proto.Message, values url.Values, filter *utilities.DoubleArray) error {
 	for key, values := range values {
-		match := valuesKeyRegexp.FindStringSubmatch(key)
-		if len(match) == 3 {
+		if match := valuesKeyRegexp.FindStringSubmatch(key); len(match) == 3 {
 			key = match[1]
 			values = append([]string{match[2]}, values...)
 		}
@@ -175,10 +179,10 @@ func parseField(fieldDescriptor protoreflect.FieldDescriptor, value string) (pro
 		return protoreflect.ValueOfBool(v), nil
 	case protoreflect.EnumKind:
 		enum, err := protoregistry.GlobalTypes.FindEnumByName(fieldDescriptor.Enum().FullName())
-		switch {
-		case errors.Is(err, protoregistry.NotFound):
-			return protoreflect.Value{}, fmt.Errorf("enum %q is not registered", fieldDescriptor.Enum().FullName())
-		case err != nil:
+		if err != nil {
+			if errors.Is(err, protoregistry.NotFound) {
+				return protoreflect.Value{}, fmt.Errorf("enum %q is not registered", fieldDescriptor.Enum().FullName())
+			}
 			return protoreflect.Value{}, fmt.Errorf("failed to look up enum: %w", err)
 		}
 		// Look for enum by name
@@ -189,8 +193,7 @@ func parseField(fieldDescriptor protoreflect.FieldDescriptor, value string) (pro
 				return protoreflect.Value{}, fmt.Errorf("%q is not a valid value", value)
 			}
 			// Look for enum by number
-			v = enum.Descriptor().Values().ByNumber(protoreflect.EnumNumber(i))
-			if v == nil {
+			if v = enum.Descriptor().Values().ByNumber(protoreflect.EnumNumber(i)); v == nil {
 				return protoreflect.Value{}, fmt.Errorf("%q is not a valid value", value)
 			}
 		}
@@ -234,7 +237,7 @@ func parseField(fieldDescriptor protoreflect.FieldDescriptor, value string) (pro
 	case protoreflect.StringKind:
 		return protoreflect.ValueOfString(value), nil
 	case protoreflect.BytesKind:
-		v, err := base64.URLEncoding.DecodeString(value)
+		v, err := Bytes(value)
 		if err != nil {
 			return protoreflect.Value{}, err
 		}
@@ -250,18 +253,12 @@ func parseMessage(msgDescriptor protoreflect.MessageDescriptor, value string) (p
 	var msg proto.Message
 	switch msgDescriptor.FullName() {
 	case "google.protobuf.Timestamp":
-		if value == "null" {
-			break
-		}
 		t, err := time.Parse(time.RFC3339Nano, value)
 		if err != nil {
 			return protoreflect.Value{}, err
 		}
 		msg = timestamppb.New(t)
 	case "google.protobuf.Duration":
-		if value == "null" {
-			break
-		}
 		d, err := time.ParseDuration(value)
 		if err != nil {
 			return protoreflect.Value{}, err
@@ -272,55 +269,67 @@ func parseMessage(msgDescriptor protoreflect.MessageDescriptor, value string) (p
 		if err != nil {
 			return protoreflect.Value{}, err
 		}
-		msg = &wrapperspb.DoubleValue{Value: v}
+		msg = wrapperspb.Double(v)
 	case "google.protobuf.FloatValue":
 		v, err := strconv.ParseFloat(value, 32)
 		if err != nil {
 			return protoreflect.Value{}, err
 		}
-		msg = &wrapperspb.FloatValue{Value: float32(v)}
+		msg = wrapperspb.Float(float32(v))
 	case "google.protobuf.Int64Value":
 		v, err := strconv.ParseInt(value, 10, 64)
 		if err != nil {
 			return protoreflect.Value{}, err
 		}
-		msg = &wrapperspb.Int64Value{Value: v}
+		msg = wrapperspb.Int64(v)
 	case "google.protobuf.Int32Value":
 		v, err := strconv.ParseInt(value, 10, 32)
 		if err != nil {
 			return protoreflect.Value{}, err
 		}
-		msg = &wrapperspb.Int32Value{Value: int32(v)}
+		msg = wrapperspb.Int32(int32(v))
 	case "google.protobuf.UInt64Value":
 		v, err := strconv.ParseUint(value, 10, 64)
 		if err != nil {
 			return protoreflect.Value{}, err
 		}
-		msg = &wrapperspb.UInt64Value{Value: v}
+		msg = wrapperspb.UInt64(v)
 	case "google.protobuf.UInt32Value":
 		v, err := strconv.ParseUint(value, 10, 32)
 		if err != nil {
 			return protoreflect.Value{}, err
 		}
-		msg = &wrapperspb.UInt32Value{Value: uint32(v)}
+		msg = wrapperspb.UInt32(uint32(v))
 	case "google.protobuf.BoolValue":
 		v, err := strconv.ParseBool(value)
 		if err != nil {
 			return protoreflect.Value{}, err
 		}
-		msg = &wrapperspb.BoolValue{Value: v}
+		msg = wrapperspb.Bool(v)
 	case "google.protobuf.StringValue":
-		msg = &wrapperspb.StringValue{Value: value}
+		msg = wrapperspb.String(value)
 	case "google.protobuf.BytesValue":
-		v, err := base64.URLEncoding.DecodeString(value)
+		v, err := Bytes(value)
 		if err != nil {
 			return protoreflect.Value{}, err
 		}
-		msg = &wrapperspb.BytesValue{Value: v}
+		msg = wrapperspb.Bytes(v)
 	case "google.protobuf.FieldMask":
 		fm := &field_mask.FieldMask{}
 		fm.Paths = append(fm.Paths, strings.Split(value, ",")...)
 		msg = fm
+	case "google.protobuf.Value":
+		var v structpb.Value
+		if err := protojson.Unmarshal([]byte(value), &v); err != nil {
+			return protoreflect.Value{}, err
+		}
+		msg = &v
+	case "google.protobuf.Struct":
+		var v structpb.Struct
+		if err := protojson.Unmarshal([]byte(value), &v); err != nil {
+			return protoreflect.Value{}, err
+		}
+		msg = &v
 	default:
 		return protoreflect.Value{}, fmt.Errorf("unsupported message type: %q", string(msgDescriptor.FullName()))
 	}
diff --git a/apis/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/utilities/BUILD.bazel b/apis/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/utilities/BUILD.bazel
index 5d8d12bc4..b89409465 100644
--- a/apis/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/utilities/BUILD.bazel
+++ b/apis/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/utilities/BUILD.bazel
@@ -8,6 +8,7 @@ go_library(
         "doc.go",
         "pattern.go",
         "readerfactory.go",
+        "string_array_flag.go",
         "trie.go",
     ],
     importpath = "github.com/grpc-ecosystem/grpc-gateway/v2/utilities",
@@ -16,7 +17,10 @@ go_library(
 go_test(
     name = "utilities_test",
     size = "small",
-    srcs = ["trie_test.go"],
+    srcs = [
+        "string_array_flag_test.go",
+        "trie_test.go",
+    ],
     deps = [":utilities"],
 )
 
diff --git a/apis/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/utilities/readerfactory.go b/apis/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/utilities/readerfactory.go
index 6dd385466..01d26edae 100644
--- a/apis/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/utilities/readerfactory.go
+++ b/apis/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/utilities/readerfactory.go
@@ -3,13 +3,12 @@ package utilities
 import (
 	"bytes"
 	"io"
-	"io/ioutil"
 )
 
 // IOReaderFactory takes in an io.Reader and returns a function that will allow you to create a new reader that begins
 // at the start of the stream
 func IOReaderFactory(r io.Reader) (func() io.Reader, error) {
-	b, err := ioutil.ReadAll(r)
+	b, err := io.ReadAll(r)
 	if err != nil {
 		return nil, err
 	}
diff --git a/apis/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/utilities/string_array_flag.go b/apis/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/utilities/string_array_flag.go
new file mode 100644
index 000000000..d224ab776
--- /dev/null
+++ b/apis/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/utilities/string_array_flag.go
@@ -0,0 +1,33 @@
+package utilities
+
+import (
+	"flag"
+	"strings"
+)
+
+// flagInterface is an cut down interface to `flag`
+type flagInterface interface {
+	Var(value flag.Value, name string, usage string)
+}
+
+// StringArrayFlag defines a flag with the specified name and usage string.
+// The return value is the address of a `StringArrayFlags` variable that stores the repeated values of the flag.
+func StringArrayFlag(f flagInterface, name string, usage string) *StringArrayFlags {
+	value := &StringArrayFlags{}
+	f.Var(value, name, usage)
+	return value
+}
+
+// StringArrayFlags is a wrapper of `[]string` to provider an interface for `flag.Var`
+type StringArrayFlags []string
+
+// String returns a string representation of `StringArrayFlags`
+func (i *StringArrayFlags) String() string {
+	return strings.Join(*i, ",")
+}
+
+// Set appends a value to `StringArrayFlags`
+func (i *StringArrayFlags) Set(value string) error {
+	*i = append(*i, value)
+	return nil
+}
diff --git a/apis/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/utilities/trie.go b/apis/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/utilities/trie.go
index af3b703d5..dd99b0ed2 100644
--- a/apis/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/utilities/trie.go
+++ b/apis/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/utilities/trie.go
@@ -40,7 +40,7 @@ func NewDoubleArray(seqs [][]string) *DoubleArray {
 func registerTokens(da *DoubleArray, seqs [][]string) [][]int {
 	var result [][]int
 	for _, seq := range seqs {
-		var encoded []int
+		encoded := make([]int, 0, len(seq))
 		for _, token := range seq {
 			if _, ok := da.Encoding[token]; !ok {
 				da.Encoding[token] = len(da.Encoding)
diff --git a/apis/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/common.go b/apis/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/common.go
index 728be09d0..9509014e8 100644
--- a/apis/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/common.go
+++ b/apis/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/common.go
@@ -34,7 +34,7 @@ const (
 	RequestCount          = "http.server.request_count"           // Incoming request count total
 	RequestContentLength  = "http.server.request_content_length"  // Incoming request bytes total
 	ResponseContentLength = "http.server.response_content_length" // Incoming response bytes total
-	ServerLatency         = "http.server.duration"                // Incoming end to end duration, microseconds
+	ServerLatency         = "http.server.duration"                // Incoming end to end duration, milliseconds
 )
 
 // Filter is a predicate used to determine whether a given http.request should
@@ -42,5 +42,5 @@ const (
 type Filter func(*http.Request) bool
 
 func newTracer(tp trace.TracerProvider) trace.Tracer {
-	return tp.Tracer(instrumentationName, trace.WithInstrumentationVersion(SemVersion()))
+	return tp.Tracer(ScopeName, trace.WithInstrumentationVersion(Version()))
 }
diff --git a/apis/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/config.go b/apis/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/config.go
index d0337f3a5..a1b5b5e5a 100644
--- a/apis/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/config.go
+++ b/apis/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/config.go
@@ -21,18 +21,17 @@ import (
 
 	"go.opentelemetry.io/otel"
 	"go.opentelemetry.io/otel/metric"
-	"go.opentelemetry.io/otel/metric/global"
 	"go.opentelemetry.io/otel/propagation"
 	"go.opentelemetry.io/otel/trace"
 )
 
-const (
-	instrumentationName = "go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp"
-)
+// ScopeName is the instrumentation scope name.
+const ScopeName = "go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp"
 
 // config represents the configuration options available for the http.Handler
 // and http.Transport types.
 type config struct {
+	ServerName        string
 	Tracer            trace.Tracer
 	Meter             metric.Meter
 	Propagators       propagation.TextMapPropagator
@@ -64,7 +63,7 @@ func (o optionFunc) apply(c *config) {
 func newConfig(opts ...Option) *config {
 	c := &config{
 		Propagators:   otel.GetTextMapPropagator(),
-		MeterProvider: global.MeterProvider(),
+		MeterProvider: otel.GetMeterProvider(),
 	}
 	for _, opt := range opts {
 		opt.apply(c)
@@ -76,8 +75,8 @@ func newConfig(opts ...Option) *config {
 	}
 
 	c.Meter = c.MeterProvider.Meter(
-		instrumentationName,
-		metric.WithInstrumentationVersion(SemVersion()),
+		ScopeName,
+		metric.WithInstrumentationVersion(Version()),
 	)
 
 	return c
@@ -198,3 +197,11 @@ func WithClientTrace(f func(context.Context) *httptrace.ClientTrace) Option {
 		c.ClientTrace = f
 	})
 }
+
+// WithServerName returns an Option that sets the name of the (virtual) server
+// handling requests.
+func WithServerName(server string) Option {
+	return optionFunc(func(c *config) {
+		c.ServerName = server
+	})
+}
diff --git a/apis/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/handler.go b/apis/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/handler.go
index 5b7d9daaf..9a8260059 100644
--- a/apis/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/handler.go
+++ b/apis/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/handler.go
@@ -21,25 +21,19 @@ import (
 
 	"github.com/felixge/httpsnoop"
 
+	"go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/internal/semconvutil"
 	"go.opentelemetry.io/otel"
 	"go.opentelemetry.io/otel/attribute"
 	"go.opentelemetry.io/otel/metric"
-	"go.opentelemetry.io/otel/metric/instrument/syncfloat64"
-	"go.opentelemetry.io/otel/metric/instrument/syncint64"
 	"go.opentelemetry.io/otel/propagation"
-	semconv "go.opentelemetry.io/otel/semconv/v1.12.0"
+	semconv "go.opentelemetry.io/otel/semconv/v1.17.0"
 	"go.opentelemetry.io/otel/trace"
 )
 
-var _ http.Handler = &Handler{}
-
-// Handler is http middleware that corresponds to the http.Handler interface and
-// is designed to wrap a http.Mux (or equivalent), while individual routes on
-// the mux are wrapped with WithRouteTag. A Handler will add various attributes
-// to the span using the attribute.Keys defined in this package.
-type Handler struct {
+// middleware is an http middleware which wraps the next handler in a span.
+type middleware struct {
 	operation string
-	handler   http.Handler
+	server    string
 
 	tracer            trace.Tracer
 	meter             metric.Meter
@@ -49,8 +43,8 @@ type Handler struct {
 	writeEvent        bool
 	filters           []Filter
 	spanNameFormatter func(string, *http.Request) string
-	counters          map[string]syncint64.Counter
-	valueRecorders    map[string]syncfloat64.Histogram
+	counters          map[string]metric.Int64Counter
+	valueRecorders    map[string]metric.Float64Histogram
 	publicEndpoint    bool
 	publicEndpointFn  func(*http.Request) bool
 }
@@ -59,11 +53,17 @@ func defaultHandlerFormatter(operation string, _ *http.Request) string {
 	return operation
 }
 
-// NewHandler wraps the passed handler, functioning like middleware, in a span
-// named after the operation and with any provided Options.
+// NewHandler wraps the passed handler in a span named after the operation and
+// enriches it with metrics.
 func NewHandler(handler http.Handler, operation string, opts ...Option) http.Handler {
-	h := Handler{
-		handler:   handler,
+	return NewMiddleware(operation, opts...)(handler)
+}
+
+// NewMiddleware returns a tracing and metrics instrumentation middleware.
+// The handler returned by the middleware wraps a handler
+// in a span named after the operation and enriches it with metrics.
+func NewMiddleware(operation string, opts ...Option) func(http.Handler) http.Handler {
+	h := middleware{
 		operation: operation,
 	}
 
@@ -76,10 +76,14 @@ func NewHandler(handler http.Handler, operation string, opts ...Option) http.Han
 	h.configure(c)
 	h.createMeasures()
 
-	return &h
+	return func(next http.Handler) http.Handler {
+		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			h.serveHTTP(w, r, next)
+		})
+	}
 }
 
-func (h *Handler) configure(c *config) {
+func (h *middleware) configure(c *config) {
 	h.tracer = c.Tracer
 	h.meter = c.Meter
 	h.propagators = c.Propagators
@@ -90,6 +94,7 @@ func (h *Handler) configure(c *config) {
 	h.spanNameFormatter = c.SpanNameFormatter
 	h.publicEndpoint = c.PublicEndpoint
 	h.publicEndpointFn = c.PublicEndpointFn
+	h.server = c.ServerName
 }
 
 func handleErr(err error) {
@@ -98,17 +103,29 @@ func handleErr(err error) {
 	}
 }
 
-func (h *Handler) createMeasures() {
-	h.counters = make(map[string]syncint64.Counter)
-	h.valueRecorders = make(map[string]syncfloat64.Histogram)
+func (h *middleware) createMeasures() {
+	h.counters = make(map[string]metric.Int64Counter)
+	h.valueRecorders = make(map[string]metric.Float64Histogram)
 
-	requestBytesCounter, err := h.meter.SyncInt64().Counter(RequestContentLength)
+	requestBytesCounter, err := h.meter.Int64Counter(
+		RequestContentLength,
+		metric.WithUnit("By"),
+		metric.WithDescription("Measures the size of HTTP request content length (uncompressed)"),
+	)
 	handleErr(err)
 
-	responseBytesCounter, err := h.meter.SyncInt64().Counter(ResponseContentLength)
+	responseBytesCounter, err := h.meter.Int64Counter(
+		ResponseContentLength,
+		metric.WithUnit("By"),
+		metric.WithDescription("Measures the size of HTTP response content length (uncompressed)"),
+	)
 	handleErr(err)
 
-	serverLatencyMeasure, err := h.meter.SyncFloat64().Histogram(ServerLatency)
+	serverLatencyMeasure, err := h.meter.Float64Histogram(
+		ServerLatency,
+		metric.WithUnit("ms"),
+		metric.WithDescription("Measures the duration of HTTP request handling"),
+	)
 	handleErr(err)
 
 	h.counters[RequestContentLength] = requestBytesCounter
@@ -116,19 +133,27 @@ func (h *Handler) createMeasures() {
 	h.valueRecorders[ServerLatency] = serverLatencyMeasure
 }
 
-// ServeHTTP serves HTTP requests (http.Handler).
-func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
+// serveHTTP sets up tracing and calls the given next http.Handler with the span
+// context injected into the request context.
+func (h *middleware) serveHTTP(w http.ResponseWriter, r *http.Request, next http.Handler) {
 	requestStartTime := time.Now()
 	for _, f := range h.filters {
 		if !f(r) {
 			// Simply pass through to the handler if a filter rejects the request
-			h.handler.ServeHTTP(w, r)
+			next.ServeHTTP(w, r)
 			return
 		}
 	}
 
 	ctx := h.propagators.Extract(r.Context(), propagation.HeaderCarrier(r.Header))
-	opts := h.spanStartOptions
+	opts := []trace.SpanStartOption{
+		trace.WithAttributes(semconvutil.HTTPServerRequest(h.server, r)...),
+	}
+	if h.server != "" {
+		hostAttr := semconv.NetHostName(h.server)
+		opts = append(opts, trace.WithAttributes(hostAttr))
+	}
+	opts = append(opts, h.spanStartOptions...)
 	if h.publicEndpoint || (h.publicEndpointFn != nil && h.publicEndpointFn(r.WithContext(ctx))) {
 		opts = append(opts, trace.WithNewRoot())
 		// Linking incoming span context if any for public endpoint.
@@ -137,12 +162,6 @@ func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 		}
 	}
 
-	opts = append([]trace.SpanStartOption{
-		trace.WithAttributes(semconv.NetAttributesFromHTTPRequest("tcp", r)...),
-		trace.WithAttributes(semconv.EndUserAttributesFromHTTPRequest(r)...),
-		trace.WithAttributes(semconv.HTTPServerAttributesFromHTTPRequest(h.operation, "", r)...),
-	}, opts...) // start with the configured options
-
 	tracer := h.tracer
 
 	if tracer == nil {
@@ -180,7 +199,13 @@ func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 		}
 	}
 
-	rww := &respWriterWrapper{ResponseWriter: w, record: writeRecordFunc, ctx: ctx, props: h.propagators}
+	rww := &respWriterWrapper{
+		ResponseWriter: w,
+		record:         writeRecordFunc,
+		ctx:            ctx,
+		props:          h.propagators,
+		statusCode:     http.StatusOK, // default status code in case the Handler doesn't write anything
+	}
 
 	// Wrap w to use our ResponseWriter methods while also exposing
 	// other interfaces that w may implement (http.CloseNotifier,
@@ -201,19 +226,23 @@ func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	labeler := &Labeler{}
 	ctx = injectLabeler(ctx, labeler)
 
-	h.handler.ServeHTTP(w, r.WithContext(ctx))
+	next.ServeHTTP(w, r.WithContext(ctx))
 
 	setAfterServeAttributes(span, bw.read, rww.written, rww.statusCode, bw.err, rww.err)
 
 	// Add metrics
-	attributes := append(labeler.Get(), semconv.HTTPServerMetricAttributesFromHTTPRequest(h.operation, r)...)
-	h.counters[RequestContentLength].Add(ctx, bw.read, attributes...)
-	h.counters[ResponseContentLength].Add(ctx, rww.written, attributes...)
+	attributes := append(labeler.Get(), semconvutil.HTTPServerRequestMetrics(h.server, r)...)
+	if rww.statusCode > 0 {
+		attributes = append(attributes, semconv.HTTPStatusCode(rww.statusCode))
+	}
+	o := metric.WithAttributes(attributes...)
+	h.counters[RequestContentLength].Add(ctx, bw.read, o)
+	h.counters[ResponseContentLength].Add(ctx, rww.written, o)
 
 	// Use floating point division here for higher precision (instead of Millisecond method).
 	elapsedTime := float64(time.Since(requestStartTime)) / float64(time.Millisecond)
 
-	h.valueRecorders[ServerLatency].Record(ctx, elapsedTime, attributes...)
+	h.valueRecorders[ServerLatency].Record(ctx, elapsedTime, o)
 }
 
 func setAfterServeAttributes(span trace.Span, read, wrote int64, statusCode int, rerr, werr error) {
@@ -231,21 +260,28 @@ func setAfterServeAttributes(span trace.Span, read, wrote int64, statusCode int,
 		attributes = append(attributes, WroteBytesKey.Int64(wrote))
 	}
 	if statusCode > 0 {
-		attributes = append(attributes, semconv.HTTPAttributesFromHTTPStatusCode(statusCode)...)
-		span.SetStatus(semconv.SpanStatusFromHTTPStatusCodeAndSpanKind(statusCode, trace.SpanKindServer))
+		attributes = append(attributes, semconv.HTTPStatusCode(statusCode))
 	}
+	span.SetStatus(semconvutil.HTTPServerStatus(statusCode))
+
 	if werr != nil && werr != io.EOF {
 		attributes = append(attributes, WriteErrorKey.String(werr.Error()))
 	}
 	span.SetAttributes(attributes...)
 }
 
-// WithRouteTag annotates a span with the provided route name using the
-// RouteKey Tag.
+// WithRouteTag annotates spans and metrics with the provided route name
+// with HTTP route attribute.
 func WithRouteTag(route string, h http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		attr := semconv.HTTPRouteKey.String(route)
+
 		span := trace.SpanFromContext(r.Context())
-		span.SetAttributes(semconv.HTTPRouteKey.String(route))
+		span.SetAttributes(attr)
+
+		labeler, _ := LabelerFromContext(r.Context())
+		labeler.Add(attr)
+
 		h.ServeHTTP(w, r)
 	})
 }
diff --git a/apis/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/internal/semconvutil/gen.go b/apis/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/internal/semconvutil/gen.go
new file mode 100644
index 000000000..edf4ce3d3
--- /dev/null
+++ b/apis/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/internal/semconvutil/gen.go
@@ -0,0 +1,21 @@
+// Copyright The OpenTelemetry Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package semconvutil // import "go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/internal/semconvutil"
+
+// Generate semconvutil package:
+//go:generate gotmpl --body=../../../../../../internal/shared/semconvutil/httpconv_test.go.tmpl "--data={}" --out=httpconv_test.go
+//go:generate gotmpl --body=../../../../../../internal/shared/semconvutil/httpconv.go.tmpl "--data={}" --out=httpconv.go
+//go:generate gotmpl --body=../../../../../../internal/shared/semconvutil/netconv_test.go.tmpl "--data={}" --out=netconv_test.go
+//go:generate gotmpl --body=../../../../../../internal/shared/semconvutil/netconv.go.tmpl "--data={}" --out=netconv.go
diff --git a/apis/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/internal/semconvutil/httpconv.go b/apis/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/internal/semconvutil/httpconv.go
new file mode 100644
index 000000000..d3dede9eb
--- /dev/null
+++ b/apis/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/internal/semconvutil/httpconv.go
@@ -0,0 +1,552 @@
+// Code created by gotmpl. DO NOT MODIFY.
+// source: internal/shared/semconvutil/httpconv.go.tmpl
+
+// Copyright The OpenTelemetry Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package semconvutil // import "go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/internal/semconvutil"
+
+import (
+	"fmt"
+	"net/http"
+	"strings"
+
+	"go.opentelemetry.io/otel/attribute"
+	"go.opentelemetry.io/otel/codes"
+	semconv "go.opentelemetry.io/otel/semconv/v1.17.0"
+)
+
+// HTTPClientResponse returns trace attributes for an HTTP response received by a
+// client from a server. It will return the following attributes if the related
+// values are defined in resp: "http.status.code",
+// "http.response_content_length".
+//
+// This does not add all OpenTelemetry required attributes for an HTTP event,
+// it assumes ClientRequest was used to create the span with a complete set of
+// attributes. If a complete set of attributes can be generated using the
+// request contained in resp. For example:
+//
+//	append(HTTPClientResponse(resp), ClientRequest(resp.Request)...)
+func HTTPClientResponse(resp *http.Response) []attribute.KeyValue {
+	return hc.ClientResponse(resp)
+}
+
+// HTTPClientRequest returns trace attributes for an HTTP request made by a client.
+// The following attributes are always returned: "http.url", "http.flavor",
+// "http.method", "net.peer.name". The following attributes are returned if the
+// related values are defined in req: "net.peer.port", "http.user_agent",
+// "http.request_content_length", "enduser.id".
+func HTTPClientRequest(req *http.Request) []attribute.KeyValue {
+	return hc.ClientRequest(req)
+}
+
+// HTTPClientStatus returns a span status code and message for an HTTP status code
+// value received by a client.
+func HTTPClientStatus(code int) (codes.Code, string) {
+	return hc.ClientStatus(code)
+}
+
+// HTTPServerRequest returns trace attributes for an HTTP request received by a
+// server.
+//
+// The server must be the primary server name if it is known. For example this
+// would be the ServerName directive
+// (https://httpd.apache.org/docs/2.4/mod/core.html#servername) for an Apache
+// server, and the server_name directive
+// (http://nginx.org/en/docs/http/ngx_http_core_module.html#server_name) for an
+// nginx server. More generically, the primary server name would be the host
+// header value that matches the default virtual host of an HTTP server. It
+// should include the host identifier and if a port is used to route to the
+// server that port identifier should be included as an appropriate port
+// suffix.
+//
+// If the primary server name is not known, server should be an empty string.
+// The req Host will be used to determine the server instead.
+//
+// The following attributes are always returned: "http.method", "http.scheme",
+// "http.flavor", "http.target", "net.host.name". The following attributes are
+// returned if they related values are defined in req: "net.host.port",
+// "net.sock.peer.addr", "net.sock.peer.port", "http.user_agent", "enduser.id",
+// "http.client_ip".
+func HTTPServerRequest(server string, req *http.Request) []attribute.KeyValue {
+	return hc.ServerRequest(server, req)
+}
+
+// HTTPServerRequestMetrics returns metric attributes for an HTTP request received by a
+// server.
+//
+// The server must be the primary server name if it is known. For example this
+// would be the ServerName directive
+// (https://httpd.apache.org/docs/2.4/mod/core.html#servername) for an Apache
+// server, and the server_name directive
+// (http://nginx.org/en/docs/http/ngx_http_core_module.html#server_name) for an
+// nginx server. More generically, the primary server name would be the host
+// header value that matches the default virtual host of an HTTP server. It
+// should include the host identifier and if a port is used to route to the
+// server that port identifier should be included as an appropriate port
+// suffix.
+//
+// If the primary server name is not known, server should be an empty string.
+// The req Host will be used to determine the server instead.
+//
+// The following attributes are always returned: "http.method", "http.scheme",
+// "http.flavor", "net.host.name". The following attributes are
+// returned if they related values are defined in req: "net.host.port".
+func HTTPServerRequestMetrics(server string, req *http.Request) []attribute.KeyValue {
+	return hc.ServerRequestMetrics(server, req)
+}
+
+// HTTPServerStatus returns a span status code and message for an HTTP status code
+// value returned by a server. Status codes in the 400-499 range are not
+// returned as errors.
+func HTTPServerStatus(code int) (codes.Code, string) {
+	return hc.ServerStatus(code)
+}
+
+// HTTPRequestHeader returns the contents of h as attributes.
+//
+// Instrumentation should require an explicit configuration of which headers to
+// captured and then prune what they pass here. Including all headers can be a
+// security risk - explicit configuration helps avoid leaking sensitive
+// information.
+//
+// The User-Agent header is already captured in the http.user_agent attribute
+// from ClientRequest and ServerRequest. Instrumentation may provide an option
+// to capture that header here even though it is not recommended. Otherwise,
+// instrumentation should filter that out of what is passed.
+func HTTPRequestHeader(h http.Header) []attribute.KeyValue {
+	return hc.RequestHeader(h)
+}
+
+// HTTPResponseHeader returns the contents of h as attributes.
+//
+// Instrumentation should require an explicit configuration of which headers to
+// captured and then prune what they pass here. Including all headers can be a
+// security risk - explicit configuration helps avoid leaking sensitive
+// information.
+//
+// The User-Agent header is already captured in the http.user_agent attribute
+// from ClientRequest and ServerRequest. Instrumentation may provide an option
+// to capture that header here even though it is not recommended. Otherwise,
+// instrumentation should filter that out of what is passed.
+func HTTPResponseHeader(h http.Header) []attribute.KeyValue {
+	return hc.ResponseHeader(h)
+}
+
+// httpConv are the HTTP semantic convention attributes defined for a version
+// of the OpenTelemetry specification.
+type httpConv struct {
+	NetConv *netConv
+
+	EnduserIDKey                 attribute.Key
+	HTTPClientIPKey              attribute.Key
+	HTTPFlavorKey                attribute.Key
+	HTTPMethodKey                attribute.Key
+	HTTPRequestContentLengthKey  attribute.Key
+	HTTPResponseContentLengthKey attribute.Key
+	HTTPRouteKey                 attribute.Key
+	HTTPSchemeHTTP               attribute.KeyValue
+	HTTPSchemeHTTPS              attribute.KeyValue
+	HTTPStatusCodeKey            attribute.Key
+	HTTPTargetKey                attribute.Key
+	HTTPURLKey                   attribute.Key
+	HTTPUserAgentKey             attribute.Key
+}
+
+var hc = &httpConv{
+	NetConv: nc,
+
+	EnduserIDKey:                 semconv.EnduserIDKey,
+	HTTPClientIPKey:              semconv.HTTPClientIPKey,
+	HTTPFlavorKey:                semconv.HTTPFlavorKey,
+	HTTPMethodKey:                semconv.HTTPMethodKey,
+	HTTPRequestContentLengthKey:  semconv.HTTPRequestContentLengthKey,
+	HTTPResponseContentLengthKey: semconv.HTTPResponseContentLengthKey,
+	HTTPRouteKey:                 semconv.HTTPRouteKey,
+	HTTPSchemeHTTP:               semconv.HTTPSchemeHTTP,
+	HTTPSchemeHTTPS:              semconv.HTTPSchemeHTTPS,
+	HTTPStatusCodeKey:            semconv.HTTPStatusCodeKey,
+	HTTPTargetKey:                semconv.HTTPTargetKey,
+	HTTPURLKey:                   semconv.HTTPURLKey,
+	HTTPUserAgentKey:             semconv.HTTPUserAgentKey,
+}
+
+// ClientResponse returns attributes for an HTTP response received by a client
+// from a server. The following attributes are returned if the related values
+// are defined in resp: "http.status.code", "http.response_content_length".
+//
+// This does not add all OpenTelemetry required attributes for an HTTP event,
+// it assumes ClientRequest was used to create the span with a complete set of
+// attributes. If a complete set of attributes can be generated using the
+// request contained in resp. For example:
+//
+//	append(ClientResponse(resp), ClientRequest(resp.Request)...)
+func (c *httpConv) ClientResponse(resp *http.Response) []attribute.KeyValue {
+	var n int
+	if resp.StatusCode > 0 {
+		n++
+	}
+	if resp.ContentLength > 0 {
+		n++
+	}
+
+	attrs := make([]attribute.KeyValue, 0, n)
+	if resp.StatusCode > 0 {
+		attrs = append(attrs, c.HTTPStatusCodeKey.Int(resp.StatusCode))
+	}
+	if resp.ContentLength > 0 {
+		attrs = append(attrs, c.HTTPResponseContentLengthKey.Int(int(resp.ContentLength)))
+	}
+	return attrs
+}
+
+// ClientRequest returns attributes for an HTTP request made by a client. The
+// following attributes are always returned: "http.url", "http.flavor",
+// "http.method", "net.peer.name". The following attributes are returned if the
+// related values are defined in req: "net.peer.port", "http.user_agent",
+// "http.request_content_length", "enduser.id".
+func (c *httpConv) ClientRequest(req *http.Request) []attribute.KeyValue {
+	n := 3 // URL, peer name, proto, and method.
+	var h string
+	if req.URL != nil {
+		h = req.URL.Host
+	}
+	peer, p := firstHostPort(h, req.Header.Get("Host"))
+	port := requiredHTTPPort(req.URL != nil && req.URL.Scheme == "https", p)
+	if port > 0 {
+		n++
+	}
+	useragent := req.UserAgent()
+	if useragent != "" {
+		n++
+	}
+	if req.ContentLength > 0 {
+		n++
+	}
+	userID, _, hasUserID := req.BasicAuth()
+	if hasUserID {
+		n++
+	}
+	attrs := make([]attribute.KeyValue, 0, n)
+
+	attrs = append(attrs, c.method(req.Method))
+	attrs = append(attrs, c.flavor(req.Proto))
+
+	var u string
+	if req.URL != nil {
+		// Remove any username/password info that may be in the URL.
+		userinfo := req.URL.User
+		req.URL.User = nil
+		u = req.URL.String()
+		// Restore any username/password info that was removed.
+		req.URL.User = userinfo
+	}
+	attrs = append(attrs, c.HTTPURLKey.String(u))
+
+	attrs = append(attrs, c.NetConv.PeerName(peer))
+	if port > 0 {
+		attrs = append(attrs, c.NetConv.PeerPort(port))
+	}
+
+	if useragent != "" {
+		attrs = append(attrs, c.HTTPUserAgentKey.String(useragent))
+	}
+
+	if l := req.ContentLength; l > 0 {
+		attrs = append(attrs, c.HTTPRequestContentLengthKey.Int64(l))
+	}
+
+	if hasUserID {
+		attrs = append(attrs, c.EnduserIDKey.String(userID))
+	}
+
+	return attrs
+}
+
+// ServerRequest returns attributes for an HTTP request received by a server.
+//
+// The server must be the primary server name if it is known. For example this
+// would be the ServerName directive
+// (https://httpd.apache.org/docs/2.4/mod/core.html#servername) for an Apache
+// server, and the server_name directive
+// (http://nginx.org/en/docs/http/ngx_http_core_module.html#server_name) for an
+// nginx server. More generically, the primary server name would be the host
+// header value that matches the default virtual host of an HTTP server. It
+// should include the host identifier and if a port is used to route to the
+// server that port identifier should be included as an appropriate port
+// suffix.
+//
+// If the primary server name is not known, server should be an empty string.
+// The req Host will be used to determine the server instead.
+//
+// The following attributes are always returned: "http.method", "http.scheme",
+// "http.flavor", "http.target", "net.host.name". The following attributes are
+// returned if they related values are defined in req: "net.host.port",
+// "net.sock.peer.addr", "net.sock.peer.port", "http.user_agent", "enduser.id",
+// "http.client_ip".
+func (c *httpConv) ServerRequest(server string, req *http.Request) []attribute.KeyValue {
+	// TODO: This currently does not add the specification required
+	// `http.target` attribute. It has too high of a cardinality to safely be
+	// added. An alternate should be added, or this comment removed, when it is
+	// addressed by the specification. If it is ultimately decided to continue
+	// not including the attribute, the HTTPTargetKey field of the httpConv
+	// should be removed as well.
+
+	n := 4 // Method, scheme, proto, and host name.
+	var host string
+	var p int
+	if server == "" {
+		host, p = splitHostPort(req.Host)
+	} else {
+		// Prioritize the primary server name.
+		host, p = splitHostPort(server)
+		if p < 0 {
+			_, p = splitHostPort(req.Host)
+		}
+	}
+	hostPort := requiredHTTPPort(req.TLS != nil, p)
+	if hostPort > 0 {
+		n++
+	}
+	peer, peerPort := splitHostPort(req.RemoteAddr)
+	if peer != "" {
+		n++
+		if peerPort > 0 {
+			n++
+		}
+	}
+	useragent := req.UserAgent()
+	if useragent != "" {
+		n++
+	}
+	userID, _, hasUserID := req.BasicAuth()
+	if hasUserID {
+		n++
+	}
+	clientIP := serverClientIP(req.Header.Get("X-Forwarded-For"))
+	if clientIP != "" {
+		n++
+	}
+	attrs := make([]attribute.KeyValue, 0, n)
+
+	attrs = append(attrs, c.method(req.Method))
+	attrs = append(attrs, c.scheme(req.TLS != nil))
+	attrs = append(attrs, c.flavor(req.Proto))
+	attrs = append(attrs, c.NetConv.HostName(host))
+
+	if hostPort > 0 {
+		attrs = append(attrs, c.NetConv.HostPort(hostPort))
+	}
+
+	if peer != "" {
+		// The Go HTTP server sets RemoteAddr to "IP:port", this will not be a
+		// file-path that would be interpreted with a sock family.
+		attrs = append(attrs, c.NetConv.SockPeerAddr(peer))
+		if peerPort > 0 {
+			attrs = append(attrs, c.NetConv.SockPeerPort(peerPort))
+		}
+	}
+
+	if useragent != "" {
+		attrs = append(attrs, c.HTTPUserAgentKey.String(useragent))
+	}
+
+	if hasUserID {
+		attrs = append(attrs, c.EnduserIDKey.String(userID))
+	}
+
+	if clientIP != "" {
+		attrs = append(attrs, c.HTTPClientIPKey.String(clientIP))
+	}
+
+	return attrs
+}
+
+// ServerRequestMetrics returns metric attributes for an HTTP request received
+// by a server.
+//
+// The server must be the primary server name if it is known. For example this
+// would be the ServerName directive
+// (https://httpd.apache.org/docs/2.4/mod/core.html#servername) for an Apache
+// server, and the server_name directive
+// (http://nginx.org/en/docs/http/ngx_http_core_module.html#server_name) for an
+// nginx server. More generically, the primary server name would be the host
+// header value that matches the default virtual host of an HTTP server. It
+// should include the host identifier and if a port is used to route to the
+// server that port identifier should be included as an appropriate port
+// suffix.
+//
+// If the primary server name is not known, server should be an empty string.
+// The req Host will be used to determine the server instead.
+//
+// The following attributes are always returned: "http.method", "http.scheme",
+// "http.flavor", "net.host.name". The following attributes are
+// returned if they related values are defined in req: "net.host.port".
+func (c *httpConv) ServerRequestMetrics(server string, req *http.Request) []attribute.KeyValue {
+	// TODO: This currently does not add the specification required
+	// `http.target` attribute. It has too high of a cardinality to safely be
+	// added. An alternate should be added, or this comment removed, when it is
+	// addressed by the specification. If it is ultimately decided to continue
+	// not including the attribute, the HTTPTargetKey field of the httpConv
+	// should be removed as well.
+
+	n := 4 // Method, scheme, proto, and host name.
+	var host string
+	var p int
+	if server == "" {
+		host, p = splitHostPort(req.Host)
+	} else {
+		// Prioritize the primary server name.
+		host, p = splitHostPort(server)
+		if p < 0 {
+			_, p = splitHostPort(req.Host)
+		}
+	}
+	hostPort := requiredHTTPPort(req.TLS != nil, p)
+	if hostPort > 0 {
+		n++
+	}
+	attrs := make([]attribute.KeyValue, 0, n)
+
+	attrs = append(attrs, c.methodMetric(req.Method))
+	attrs = append(attrs, c.scheme(req.TLS != nil))
+	attrs = append(attrs, c.flavor(req.Proto))
+	attrs = append(attrs, c.NetConv.HostName(host))
+
+	if hostPort > 0 {
+		attrs = append(attrs, c.NetConv.HostPort(hostPort))
+	}
+
+	return attrs
+}
+
+func (c *httpConv) method(method string) attribute.KeyValue {
+	if method == "" {
+		return c.HTTPMethodKey.String(http.MethodGet)
+	}
+	return c.HTTPMethodKey.String(method)
+}
+
+func (c *httpConv) methodMetric(method string) attribute.KeyValue {
+	method = strings.ToUpper(method)
+	switch method {
+	case http.MethodConnect, http.MethodDelete, http.MethodGet, http.MethodHead, http.MethodOptions, http.MethodPatch, http.MethodPost, http.MethodPut, http.MethodTrace:
+	default:
+		method = "_OTHER"
+	}
+	return c.HTTPMethodKey.String(method)
+}
+
+func (c *httpConv) scheme(https bool) attribute.KeyValue { // nolint:revive
+	if https {
+		return c.HTTPSchemeHTTPS
+	}
+	return c.HTTPSchemeHTTP
+}
+
+func (c *httpConv) flavor(proto string) attribute.KeyValue {
+	switch proto {
+	case "HTTP/1.0":
+		return c.HTTPFlavorKey.String("1.0")
+	case "HTTP/1.1":
+		return c.HTTPFlavorKey.String("1.1")
+	case "HTTP/2":
+		return c.HTTPFlavorKey.String("2.0")
+	case "HTTP/3":
+		return c.HTTPFlavorKey.String("3.0")
+	default:
+		return c.HTTPFlavorKey.String(proto)
+	}
+}
+
+func serverClientIP(xForwardedFor string) string {
+	if idx := strings.Index(xForwardedFor, ","); idx >= 0 {
+		xForwardedFor = xForwardedFor[:idx]
+	}
+	return xForwardedFor
+}
+
+func requiredHTTPPort(https bool, port int) int { // nolint:revive
+	if https {
+		if port > 0 && port != 443 {
+			return port
+		}
+	} else {
+		if port > 0 && port != 80 {
+			return port
+		}
+	}
+	return -1
+}
+
+// Return the request host and port from the first non-empty source.
+func firstHostPort(source ...string) (host string, port int) {
+	for _, hostport := range source {
+		host, port = splitHostPort(hostport)
+		if host != "" || port > 0 {
+			break
+		}
+	}
+	return
+}
+
+// RequestHeader returns the contents of h as OpenTelemetry attributes.
+func (c *httpConv) RequestHeader(h http.Header) []attribute.KeyValue {
+	return c.header("http.request.header", h)
+}
+
+// ResponseHeader returns the contents of h as OpenTelemetry attributes.
+func (c *httpConv) ResponseHeader(h http.Header) []attribute.KeyValue {
+	return c.header("http.response.header", h)
+}
+
+func (c *httpConv) header(prefix string, h http.Header) []attribute.KeyValue {
+	key := func(k string) attribute.Key {
+		k = strings.ToLower(k)
+		k = strings.ReplaceAll(k, "-", "_")
+		k = fmt.Sprintf("%s.%s", prefix, k)
+		return attribute.Key(k)
+	}
+
+	attrs := make([]attribute.KeyValue, 0, len(h))
+	for k, v := range h {
+		attrs = append(attrs, key(k).StringSlice(v))
+	}
+	return attrs
+}
+
+// ClientStatus returns a span status code and message for an HTTP status code
+// value received by a client.
+func (c *httpConv) ClientStatus(code int) (codes.Code, string) {
+	if code < 100 || code >= 600 {
+		return codes.Error, fmt.Sprintf("Invalid HTTP status code %d", code)
+	}
+	if code >= 400 {
+		return codes.Error, ""
+	}
+	return codes.Unset, ""
+}
+
+// ServerStatus returns a span status code and message for an HTTP status code
+// value returned by a server. Status codes in the 400-499 range are not
+// returned as errors.
+func (c *httpConv) ServerStatus(code int) (codes.Code, string) {
+	if code < 100 || code >= 600 {
+		return codes.Error, fmt.Sprintf("Invalid HTTP status code %d", code)
+	}
+	if code >= 500 {
+		return codes.Error, ""
+	}
+	return codes.Unset, ""
+}
diff --git a/apis/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/internal/semconvutil/netconv.go b/apis/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/internal/semconvutil/netconv.go
new file mode 100644
index 000000000..bde889343
--- /dev/null
+++ b/apis/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/internal/semconvutil/netconv.go
@@ -0,0 +1,368 @@
+// Code created by gotmpl. DO NOT MODIFY.
+// source: internal/shared/semconvutil/netconv.go.tmpl
+
+// Copyright The OpenTelemetry Authors
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package semconvutil // import "go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/internal/semconvutil"
+
+import (
+	"net"
+	"strconv"
+	"strings"
+
+	"go.opentelemetry.io/otel/attribute"
+	semconv "go.opentelemetry.io/otel/semconv/v1.17.0"
+)
+
+// NetTransport returns a trace attribute describing the transport protocol of the
+// passed network. See the net.Dial for information about acceptable network
+// values.
+func NetTransport(network string) attribute.KeyValue {
+	return nc.Transport(network)
+}
+
+// NetClient returns trace attributes for a client network connection to address.
+// See net.Dial for information about acceptable address values, address should
+// be the same as the one used to create conn. If conn is nil, only network
+// peer attributes will be returned that describe address. Otherwise, the
+// socket level information about conn will also be included.
+func NetClient(address string, conn net.Conn) []attribute.KeyValue {
+	return nc.Client(address, conn)
+}
+
+// NetServer returns trace attributes for a network listener listening at address.
+// See net.Listen for information about acceptable address values, address
+// should be the same as the one used to create ln. If ln is nil, only network
+// host attributes will be returned that describe address. Otherwise, the
+// socket level information about ln will also be included.
+func NetServer(address string, ln net.Listener) []attribute.KeyValue {
+	return nc.Server(address, ln)
+}
+
+// netConv are the network semantic convention attributes defined for a version
+// of the OpenTelemetry specification.
+type netConv struct {
+	NetHostNameKey     attribute.Key
+	NetHostPortKey     attribute.Key
+	NetPeerNameKey     attribute.Key
+	NetPeerPortKey     attribute.Key
+	NetSockFamilyKey   attribute.Key
+	NetSockPeerAddrKey attribute.Key
+	NetSockPeerPortKey attribute.Key
+	NetSockHostAddrKey attribute.Key
+	NetSockHostPortKey attribute.Key
+	NetTransportOther  attribute.KeyValue
+	NetTransportTCP    attribute.KeyValue
+	NetTransportUDP    attribute.KeyValue
+	NetTransportInProc attribute.KeyValue
+}
+
+var nc = &netConv{
+	NetHostNameKey:     semconv.NetHostNameKey,
+	NetHostPortKey:     semconv.NetHostPortKey,
+	NetPeerNameKey:     semconv.NetPeerNameKey,
+	NetPeerPortKey:     semconv.NetPeerPortKey,
+	NetSockFamilyKey:   semconv.NetSockFamilyKey,
+	NetSockPeerAddrKey: semconv.NetSockPeerAddrKey,
+	NetSockPeerPortKey: semconv.NetSockPeerPortKey,
+	NetSockHostAddrKey: semconv.NetSockHostAddrKey,
+	NetSockHostPortKey: semconv.NetSockHostPortKey,
+	NetTransportOther:  semconv.NetTransportOther,
+	NetTransportTCP:    semconv.NetTransportTCP,
+	NetTransportUDP:    semconv.NetTransportUDP,
+	NetTransportInProc: semconv.NetTransportInProc,
+}
+
+func (c *netConv) Transport(network string) attribute.KeyValue {
+	switch network {
+	case "tcp", "tcp4", "tcp6":
+		return c.NetTransportTCP
+	case "udp", "udp4", "udp6":
+		return c.NetTransportUDP
+	case "unix", "unixgram", "unixpacket":
+		return c.NetTransportInProc
+	default:
+		// "ip:*", "ip4:*", and "ip6:*" all are considered other.
+		return c.NetTransportOther
+	}
+}
+
+// Host returns attributes for a network host address.
+func (c *netConv) Host(address string) []attribute.KeyValue {
+	h, p := splitHostPort(address)
+	var n int
+	if h != "" {
+		n++
+		if p > 0 {
+			n++
+		}
+	}
+
+	if n == 0 {
+		return nil
+	}
+
+	attrs := make([]attribute.KeyValue, 0, n)
+	attrs = append(attrs, c.HostName(h))
+	if p > 0 {
+		attrs = append(attrs, c.HostPort(int(p)))
+	}
+	return attrs
+}
+
+// Server returns attributes for a network listener listening at address. See
+// net.Listen for information about acceptable address values, address should
+// be the same as the one used to create ln. If ln is nil, only network host
+// attributes will be returned that describe address. Otherwise, the socket
+// level information about ln will also be included.
+func (c *netConv) Server(address string, ln net.Listener) []attribute.KeyValue {
+	if ln == nil {
+		return c.Host(address)
+	}
+
+	lAddr := ln.Addr()
+	if lAddr == nil {
+		return c.Host(address)
+	}
+
+	hostName, hostPort := splitHostPort(address)
+	sockHostAddr, sockHostPort := splitHostPort(lAddr.String())
+	network := lAddr.Network()
+	sockFamily := family(network, sockHostAddr)
+
+	n := nonZeroStr(hostName, network, sockHostAddr, sockFamily)
+	n += positiveInt(hostPort, sockHostPort)
+	attr := make([]attribute.KeyValue, 0, n)
+	if hostName != "" {
+		attr = append(attr, c.HostName(hostName))
+		if hostPort > 0 {
+			// Only if net.host.name is set should net.host.port be.
+			attr = append(attr, c.HostPort(hostPort))
+		}
+	}
+	if network != "" {
+		attr = append(attr, c.Transport(network))
+	}
+	if sockFamily != "" {
+		attr = append(attr, c.NetSockFamilyKey.String(sockFamily))
+	}
+	if sockHostAddr != "" {
+		attr = append(attr, c.NetSockHostAddrKey.String(sockHostAddr))
+		if sockHostPort > 0 {
+			// Only if net.sock.host.addr is set should net.sock.host.port be.
+			attr = append(attr, c.NetSockHostPortKey.Int(sockHostPort))
+		}
+	}
+	return attr
+}
+
+func (c *netConv) HostName(name string) attribute.KeyValue {
+	return c.NetHostNameKey.String(name)
+}
+
+func (c *netConv) HostPort(port int) attribute.KeyValue {
+	return c.NetHostPortKey.Int(port)
+}
+
+// Client returns attributes for a client network connection to address. See
+// net.Dial for information about acceptable address values, address should be
+// the same as the one used to create conn. If conn is nil, only network peer
+// attributes will be returned that describe address. Otherwise, the socket
+// level information about conn will also be included.
+func (c *netConv) Client(address string, conn net.Conn) []attribute.KeyValue {
+	if conn == nil {
+		return c.Peer(address)
+	}
+
+	lAddr, rAddr := conn.LocalAddr(), conn.RemoteAddr()
+
+	var network string
+	switch {
+	case lAddr != nil:
+		network = lAddr.Network()
+	case rAddr != nil:
+		network = rAddr.Network()
+	default:
+		return c.Peer(address)
+	}
+
+	peerName, peerPort := splitHostPort(address)
+	var (
+		sockFamily   string
+		sockPeerAddr string
+		sockPeerPort int
+		sockHostAddr string
+		sockHostPort int
+	)
+
+	if lAddr != nil {
+		sockHostAddr, sockHostPort = splitHostPort(lAddr.String())
+	}
+
+	if rAddr != nil {
+		sockPeerAddr, sockPeerPort = splitHostPort(rAddr.String())
+	}
+
+	switch {
+	case sockHostAddr != "":
+		sockFamily = family(network, sockHostAddr)
+	case sockPeerAddr != "":
+		sockFamily = family(network, sockPeerAddr)
+	}
+
+	n := nonZeroStr(peerName, network, sockPeerAddr, sockHostAddr, sockFamily)
+	n += positiveInt(peerPort, sockPeerPort, sockHostPort)
+	attr := make([]attribute.KeyValue, 0, n)
+	if peerName != "" {
+		attr = append(attr, c.PeerName(peerName))
+		if peerPort > 0 {
+			// Only if net.peer.name is set should net.peer.port be.
+			attr = append(attr, c.PeerPort(peerPort))
+		}
+	}
+	if network != "" {
+		attr = append(attr, c.Transport(network))
+	}
+	if sockFamily != "" {
+		attr = append(attr, c.NetSockFamilyKey.String(sockFamily))
+	}
+	if sockPeerAddr != "" {
+		attr = append(attr, c.NetSockPeerAddrKey.String(sockPeerAddr))
+		if sockPeerPort > 0 {
+			// Only if net.sock.peer.addr is set should net.sock.peer.port be.
+			attr = append(attr, c.NetSockPeerPortKey.Int(sockPeerPort))
+		}
+	}
+	if sockHostAddr != "" {
+		attr = append(attr, c.NetSockHostAddrKey.String(sockHostAddr))
+		if sockHostPort > 0 {
+			// Only if net.sock.host.addr is set should net.sock.host.port be.
+			attr = append(attr, c.NetSockHostPortKey.Int(sockHostPort))
+		}
+	}
+	return attr
+}
+
+func family(network, address string) string {
+	switch network {
+	case "unix", "unixgram", "unixpacket":
+		return "unix"
+	default:
+		if ip := net.ParseIP(address); ip != nil {
+			if ip.To4() == nil {
+				return "inet6"
+			}
+			return "inet"
+		}
+	}
+	return ""
+}
+
+func nonZeroStr(strs ...string) int {
+	var n int
+	for _, str := range strs {
+		if str != "" {
+			n++
+		}
+	}
+	return n
+}
+
+func positiveInt(ints ...int) int {
+	var n int
+	for _, i := range ints {
+		if i > 0 {
+			n++
+		}
+	}
+	return n
+}
+
+// Peer returns attributes for a network peer address.
+func (c *netConv) Peer(address string) []attribute.KeyValue {
+	h, p := splitHostPort(address)
+	var n int
+	if h != "" {
+		n++
+		if p > 0 {
+			n++
+		}
+	}
+
+	if n == 0 {
+		return nil
+	}
+
+	attrs := make([]attribute.KeyValue, 0, n)
+	attrs = append(attrs, c.PeerName(h))
+	if p > 0 {
+		attrs = append(attrs, c.PeerPort(int(p)))
+	}
+	return attrs
+}
+
+func (c *netConv) PeerName(name string) attribute.KeyValue {
+	return c.NetPeerNameKey.String(name)
+}
+
+func (c *netConv) PeerPort(port int) attribute.KeyValue {
+	return c.NetPeerPortKey.Int(port)
+}
+
+func (c *netConv) SockPeerAddr(addr string) attribute.KeyValue {
+	return c.NetSockPeerAddrKey.String(addr)
+}
+
+func (c *netConv) SockPeerPort(port int) attribute.KeyValue {
+	return c.NetSockPeerPortKey.Int(port)
+}
+
+// splitHostPort splits a network address hostport of the form "host",
+// "host%zone", "[host]", "[host%zone], "host:port", "host%zone:port",
+// "[host]:port", "[host%zone]:port", or ":port" into host or host%zone and
+// port.
+//
+// An empty host is returned if it is not provided or unparsable. A negative
+// port is returned if it is not provided or unparsable.
+func splitHostPort(hostport string) (host string, port int) {
+	port = -1
+
+	if strings.HasPrefix(hostport, "[") {
+		addrEnd := strings.LastIndex(hostport, "]")
+		if addrEnd < 0 {
+			// Invalid hostport.
+			return
+		}
+		if i := strings.LastIndex(hostport[addrEnd:], ":"); i < 0 {
+			host = hostport[1:addrEnd]
+			return
+		}
+	} else {
+		if i := strings.LastIndex(hostport, ":"); i < 0 {
+			host = hostport
+			return
+		}
+	}
+
+	host, pStr, err := net.SplitHostPort(hostport)
+	if err != nil {
+		return
+	}
+
+	p, err := strconv.ParseUint(pStr, 10, 16)
+	if err != nil {
+		return
+	}
+	return host, int(p)
+}
diff --git a/apis/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/transport.go b/apis/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/transport.go
index fd5e1e9bc..e835cac12 100644
--- a/apis/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/transport.go
+++ b/apis/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/transport.go
@@ -20,10 +20,10 @@ import (
 	"net/http"
 	"net/http/httptrace"
 
+	"go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/internal/semconvutil"
 	"go.opentelemetry.io/otel"
 	"go.opentelemetry.io/otel/codes"
 	"go.opentelemetry.io/otel/propagation"
-	semconv "go.opentelemetry.io/otel/semconv/v1.12.0"
 	"go.opentelemetry.io/otel/trace"
 )
 
@@ -109,8 +109,8 @@ func (t *Transport) RoundTrip(r *http.Request) (*http.Response, error) {
 		ctx = httptrace.WithClientTrace(ctx, t.clientTrace(ctx))
 	}
 
-	r = r.WithContext(ctx)
-	span.SetAttributes(semconv.HTTPClientAttributesFromHTTPRequest(r)...)
+	r = r.Clone(ctx) // According to RoundTripper spec, we shouldn't modify the origin request.
+	span.SetAttributes(semconvutil.HTTPClientRequest(r)...)
 	t.propagators.Inject(ctx, propagation.HeaderCarrier(r.Header))
 
 	res, err := t.rt.RoundTrip(r)
@@ -121,8 +121,8 @@ func (t *Transport) RoundTrip(r *http.Request) (*http.Response, error) {
 		return res, err
 	}
 
-	span.SetAttributes(semconv.HTTPAttributesFromHTTPStatusCode(res.StatusCode)...)
-	span.SetStatus(semconv.SpanStatusFromHTTPStatusCode(res.StatusCode))
+	span.SetAttributes(semconvutil.HTTPClientResponse(res)...)
+	span.SetStatus(semconvutil.HTTPClientStatus(res.StatusCode))
 	res.Body = newWrappedBody(span, res.Body)
 
 	return res, err
diff --git a/apis/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/version.go b/apis/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/version.go
index 210ee0b78..bd41c1804 100644
--- a/apis/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/version.go
+++ b/apis/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/version.go
@@ -16,11 +16,13 @@ package otelhttp // import "go.opentelemetry.io/contrib/instrumentation/net/http
 
 // Version is the current release version of the otelhttp instrumentation.
 func Version() string {
-	return "0.35.1"
+	return "0.46.1"
 	// This string is updated by the pre_release.sh script during release
 }
 
 // SemVersion is the semantic version to be supplied to tracer/meter creation.
+//
+// Deprecated: Use [Version] instead.
 func SemVersion() string {
-	return "semver:" + Version()
+	return Version()
 }
diff --git a/apis/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/wrap.go b/apis/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/wrap.go
index da6468c4e..11a35ed16 100644
--- a/apis/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/wrap.go
+++ b/apis/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/wrap.go
@@ -50,7 +50,7 @@ func (w *bodyWrapper) Close() error {
 var _ http.ResponseWriter = &respWriterWrapper{}
 
 // respWriterWrapper wraps a http.ResponseWriter in order to track the number of
-// bytes written, the last error, and to catch the returned statusCode
+// bytes written, the last error, and to catch the first written statusCode.
 // TODO: The wrapped http.ResponseWriter doesn't implement any of the optional
 // types (http.Hijacker, http.Pusher, http.CloseNotifier, http.Flusher, etc)
 // that may be useful when using it in real life situations.
@@ -85,11 +85,15 @@ func (w *respWriterWrapper) Write(p []byte) (int, error) {
 	return n, err
 }
 
+// WriteHeader persists initial statusCode for span attribution.
+// All calls to WriteHeader will be propagated to the underlying ResponseWriter
+// and will persist the statusCode from the first call.
+// Blocking consecutive calls to WriteHeader alters expected behavior and will
+// remove warning logs from net/http where developers will notice incorrect handler implementations.
 func (w *respWriterWrapper) WriteHeader(statusCode int) {
-	if w.wroteHeader {
-		return
+	if !w.wroteHeader {
+		w.wroteHeader = true
+		w.statusCode = statusCode
 	}
-	w.wroteHeader = true
-	w.statusCode = statusCode
 	w.ResponseWriter.WriteHeader(statusCode)
 }
diff --git a/apis/vendor/go.opentelemetry.io/otel/.codespellignore b/apis/vendor/go.opentelemetry.io/otel/.codespellignore
new file mode 100644
index 000000000..ae6a3bcf1
--- /dev/null
+++ b/apis/vendor/go.opentelemetry.io/otel/.codespellignore
@@ -0,0 +1,5 @@
+ot
+fo
+te
+collison
+consequentially
diff --git a/apis/vendor/go.opentelemetry.io/otel/.codespellrc b/apis/vendor/go.opentelemetry.io/otel/.codespellrc
new file mode 100644
index 000000000..4afbb1fb3
--- /dev/null
+++ b/apis/vendor/go.opentelemetry.io/otel/.codespellrc
@@ -0,0 +1,10 @@
+# https://github.com/codespell-project/codespell
+[codespell]
+builtin = clear,rare,informal
+check-filenames =
+check-hidden =
+ignore-words = .codespellignore
+interactive = 1
+skip = .git,go.mod,go.sum,semconv,venv,.tools
+uri-ignore-words-list = *
+write =
diff --git a/apis/vendor/go.opentelemetry.io/otel/.gitignore b/apis/vendor/go.opentelemetry.io/otel/.gitignore
index 0b605b3d6..895c7664b 100644
--- a/apis/vendor/go.opentelemetry.io/otel/.gitignore
+++ b/apis/vendor/go.opentelemetry.io/otel/.gitignore
@@ -2,20 +2,21 @@
 Thumbs.db
 
 .tools/
+venv/
 .idea/
 .vscode/
 *.iml
 *.so
 coverage.*
+go.work
+go.work.sum
 
 gen/
 
-/example/fib/fib
-/example/fib/traces.txt
-/example/jaeger/jaeger
+/example/dice/dice
 /example/namedtracer/namedtracer
+/example/otel-collector/otel-collector
 /example/opencensus/opencensus
 /example/passthrough/passthrough
 /example/prometheus/prometheus
 /example/zipkin/zipkin
-/example/otel-collector/otel-collector
diff --git a/apis/vendor/go.opentelemetry.io/otel/.golangci.yml b/apis/vendor/go.opentelemetry.io/otel/.golangci.yml
index 253e3b35b..a62511f38 100644
--- a/apis/vendor/go.opentelemetry.io/otel/.golangci.yml
+++ b/apis/vendor/go.opentelemetry.io/otel/.golangci.yml
@@ -9,22 +9,20 @@ linters:
   disable-all: true
   # Specifically enable linters we want to use.
   enable:
-    - deadcode
     - depguard
     - errcheck
     - godot
-    - gofmt
+    - gofumpt
     - goimports
+    - gosec
     - gosimple
     - govet
     - ineffassign
     - misspell
     - revive
     - staticcheck
-    - structcheck
     - typecheck
     - unused
-    - varcheck
 
 issues:
   # Maximum issues count per one linter.
@@ -56,6 +54,20 @@ issues:
       text: "calls to (.+) only in main[(][)] or init[(][)] functions"
       linters:
         - revive
+    # It's okay to not run gosec in a test.
+    - path: _test\.go
+      linters:
+        - gosec
+    # Igonoring gosec G404: Use of weak random number generator (math/rand instead of crypto/rand)
+    # as we commonly use it in tests and examples.
+    - text: "G404:"
+      linters:
+        - gosec
+    # Igonoring gosec G402: TLS MinVersion too low
+    # as the https://pkg.go.dev/crypto/tls#Config handles MinVersion default well.
+    - text: "G402: TLS MinVersion too low."
+      linters:
+        - gosec
   include:
     # revive exported should have comment or be unexported.
     - EXC0012
@@ -64,30 +76,67 @@ issues:
 
 linters-settings:
   depguard:
-    # Check the list against standard lib.
-    # Default: false
-    include-go-root: true
-    # A list of packages for the list type specified.
-    # Default: []
-    packages:
-      - "crypto/md5"
-      - "crypto/sha1"
-      - "crypto/**/pkix"
-    ignore-file-rules:
-      - "**/*_test.go"
-    additional-guards:
-      # Do not allow testing packages in non-test files.
-      - list-type: denylist
-        include-go-root: true
-        packages:
-          - testing
-          - github.com/stretchr/testify
-        ignore-file-rules:
-          - "**/*_test.go"
-          - "**/*test/*.go"
-          - "**/internal/matchers/*.go"
+    rules:
+      non-tests:
+        files:
+          - "!$test"
+          - "!**/*test/*.go"
+          - "!**/internal/matchers/*.go"
+        deny:
+          - pkg: "testing"
+          - pkg: "github.com/stretchr/testify"
+          - pkg: "crypto/md5"
+          - pkg: "crypto/sha1"
+          - pkg: "crypto/**/pkix"
+      otlp-internal:
+        files:
+          - "!**/exporters/otlp/internal/**/*.go"
+        deny:
+          - pkg: "go.opentelemetry.io/otel/exporters/otlp/internal"
+            desc: Do not use cross-module internal packages.
+      otlptrace-internal:
+        files:
+          - "!**/exporters/otlp/otlptrace/*.go"
+          - "!**/exporters/otlp/otlptrace/internal/**.go"
+        deny:
+          - pkg: "go.opentelemetry.io/otel/exporters/otlp/otlptrace/internal"
+            desc: Do not use cross-module internal packages.
+      otlpmetric-internal:
+        files:
+          - "!**/exporters/otlp/otlpmetric/internal/*.go"
+          - "!**/exporters/otlp/otlpmetric/internal/**/*.go"
+        deny:
+          - pkg: "go.opentelemetry.io/otel/exporters/otlp/otlpmetric/internal"
+            desc: Do not use cross-module internal packages.
+      otel-internal:
+        files:
+          - "**/sdk/*.go"
+          - "**/sdk/**/*.go"
+          - "**/exporters/*.go"
+          - "**/exporters/**/*.go"
+          - "**/schema/*.go"
+          - "**/schema/**/*.go"
+          - "**/metric/*.go"
+          - "**/metric/**/*.go"
+          - "**/bridge/*.go"
+          - "**/bridge/**/*.go"
+          - "**/example/*.go"
+          - "**/example/**/*.go"
+          - "**/trace/*.go"
+          - "**/trace/**/*.go"
+        deny:
+          - pkg: "go.opentelemetry.io/otel/internal$"
+            desc: Do not use cross-module internal packages.
+          - pkg: "go.opentelemetry.io/otel/internal/attribute"
+            desc: Do not use cross-module internal packages.
+          - pkg: "go.opentelemetry.io/otel/internal/internaltest"
+            desc: Do not use cross-module internal packages.
+          - pkg: "go.opentelemetry.io/otel/internal/matchers"
+            desc: Do not use cross-module internal packages.
   godot:
     exclude:
+      # Exclude links.
+      - '^ *\[[^]]+\]:'
       # Exclude sentence fragments for lists.
       - '^[ ]*[-•]'
       # Exclude sentences prefixing a list.
@@ -114,8 +163,9 @@ linters-settings:
       - name: constant-logical-expr
         disabled: false
       # https://github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md#context-as-argument
+      # TODO (#3372) re-enable linter when it is compatible. https://github.com/golangci/golangci-lint/issues/3280
       - name: context-as-argument
-        disabled: false
+        disabled: true
         arguments:
           allowTypesBefore: "*testing.T"
       # https://github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md#context-keys-type
diff --git a/apis/vendor/go.opentelemetry.io/otel/.lycheeignore b/apis/vendor/go.opentelemetry.io/otel/.lycheeignore
index 545d63452..40d62fa2e 100644
--- a/apis/vendor/go.opentelemetry.io/otel/.lycheeignore
+++ b/apis/vendor/go.opentelemetry.io/otel/.lycheeignore
@@ -1,3 +1,6 @@
 http://localhost
 http://jaeger-collector
 https://github.com/open-telemetry/opentelemetry-go/milestone/
+https://github.com/open-telemetry/opentelemetry-go/projects
+file:///home/runner/work/opentelemetry-go/opentelemetry-go/libraries
+file:///home/runner/work/opentelemetry-go/opentelemetry-go/manual
diff --git a/apis/vendor/go.opentelemetry.io/otel/CHANGELOG.md b/apis/vendor/go.opentelemetry.io/otel/CHANGELOG.md
index 906e17ce9..24874f856 100644
--- a/apis/vendor/go.opentelemetry.io/otel/CHANGELOG.md
+++ b/apis/vendor/go.opentelemetry.io/otel/CHANGELOG.md
@@ -8,6 +8,834 @@ This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.htm
 
 ## [Unreleased]
 
+## [1.21.0/0.44.0] 2023-11-16
+
+### Removed
+
+- Remove the deprecated `go.opentelemetry.io/otel/bridge/opencensus.NewTracer`. (#4706)
+- Remove the deprecated `go.opentelemetry.io/otel/exporters/otlp/otlpmetric` module. (#4707)
+- Remove the deprecated `go.opentelemetry.io/otel/example/view` module. (#4708)
+- Remove the deprecated `go.opentelemetry.io/otel/example/fib` module. (#4723)
+
+### Fixed
+
+- Do not parse non-protobuf responses in `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp`. (#4719)
+- Do not parse non-protobuf responses in `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp`. (#4719)
+
+## [1.20.0/0.43.0] 2023-11-10
+
+This release brings a breaking change for custom trace API implementations. Some interfaces (`TracerProvider`, `Tracer`, `Span`) now embed the `go.opentelemetry.io/otel/trace/embedded` types. Implementors need to update their implementations based on what they want the default behavior to be. See the "API Implementations" section of the [trace API] package documentation for more information about how to accomplish this.
+
+### Added
+
+- Add `go.opentelemetry.io/otel/bridge/opencensus.InstallTraceBridge`, which installs the OpenCensus trace bridge, and replaces `opencensus.NewTracer`. (#4567)
+- Add scope version to trace and metric bridges in `go.opentelemetry.io/otel/bridge/opencensus`. (#4584)
+- Add the `go.opentelemetry.io/otel/trace/embedded` package to be embedded in the exported trace API interfaces. (#4620)
+- Add the `go.opentelemetry.io/otel/trace/noop` package as a default no-op implementation of the trace API. (#4620)
+- Add context propagation in `go.opentelemetry.io/otel/example/dice`. (#4644)
+- Add view configuration to `go.opentelemetry.io/otel/example/prometheus`. (#4649)
+- Add `go.opentelemetry.io/otel/metric.WithExplicitBucketBoundaries`, which allows defining default explicit bucket boundaries when creating histogram instruments. (#4603)
+- Add `Version` function in `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc`. (#4660)
+- Add `Version` function in `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp`. (#4660)
+- Add Summary, SummaryDataPoint, and QuantileValue to `go.opentelemetry.io/sdk/metric/metricdata`. (#4622)
+- `go.opentelemetry.io/otel/bridge/opencensus.NewMetricProducer` now supports exemplars from OpenCensus. (#4585)
+- Add support for `WithExplicitBucketBoundaries` in `go.opentelemetry.io/otel/sdk/metric`. (#4605)
+- Add support for Summary metrics in `go.opentelemetry.io/otel/bridge/opencensus`. (#4668)
+
+### Deprecated
+
+- Deprecate `go.opentelemetry.io/otel/bridge/opencensus.NewTracer` in favor of `opencensus.InstallTraceBridge`. (#4567)
+- Deprecate `go.opentelemetry.io/otel/example/fib` package is in favor of `go.opentelemetry.io/otel/example/dice`. (#4618)
+- Deprecate `go.opentelemetry.io/otel/trace.NewNoopTracerProvider`.
+  Use the added `NewTracerProvider` function in `go.opentelemetry.io/otel/trace/noop` instead. (#4620)
+- Deprecate `go.opentelemetry.io/otel/example/view` package in favor of `go.opentelemetry.io/otel/example/prometheus`. (#4649)
+- Deprecate `go.opentelemetry.io/otel/exporters/otlp/otlpmetric`. (#4693)
+
+### Changed
+
+- `go.opentelemetry.io/otel/bridge/opencensus.NewMetricProducer` returns a `*MetricProducer` struct instead of the metric.Producer interface. (#4583)
+- The `TracerProvider` in `go.opentelemetry.io/otel/trace` now embeds the `go.opentelemetry.io/otel/trace/embedded.TracerProvider` type.
+  This extends the `TracerProvider` interface and is is a breaking change for any existing implementation.
+  Implementors need to update their implementations based on what they want the default behavior of the interface to be.
+  See the "API Implementations" section of the `go.opentelemetry.io/otel/trace` package documentation for more information about how to accomplish this. (#4620)
+- The `Tracer` in `go.opentelemetry.io/otel/trace` now embeds the `go.opentelemetry.io/otel/trace/embedded.Tracer` type.
+  This extends the `Tracer` interface and is is a breaking change for any existing implementation.
+  Implementors need to update their implementations based on what they want the default behavior of the interface to be.
+  See the "API Implementations" section of the `go.opentelemetry.io/otel/trace` package documentation for more information about how to accomplish this. (#4620)
+- The `Span` in `go.opentelemetry.io/otel/trace` now embeds the `go.opentelemetry.io/otel/trace/embedded.Span` type.
+  This extends the `Span` interface and is is a breaking change for any existing implementation.
+  Implementors need to update their implementations based on what they want the default behavior of the interface to be.
+  See the "API Implementations" section of the `go.opentelemetry.io/otel/trace` package documentation for more information about how to accomplish this. (#4620)
+- `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc` does no longer depend on `go.opentelemetry.io/otel/exporters/otlp/otlpmetric`. (#4660)
+- `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp` does no longer depend on `go.opentelemetry.io/otel/exporters/otlp/otlpmetric`. (#4660)
+- Retry for `502 Bad Gateway` and `504 Gateway Timeout` HTTP statuses in `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp`. (#4670)
+- Retry for `502 Bad Gateway` and `504 Gateway Timeout` HTTP statuses in `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp`. (#4670)
+- Retry for `RESOURCE_EXHAUSTED` only if RetryInfo is returned in `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc`. (#4669)
+- Retry for `RESOURCE_EXHAUSTED` only if RetryInfo is returned in `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc`. (#4669)
+- Retry temporary HTTP request failures in `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp`. (#4679)
+- Retry temporary HTTP request failures in `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp`. (#4679)
+
+### Fixed
+
+- Fix improper parsing of characters such us `+`, `/` by `Parse` in `go.opentelemetry.io/otel/baggage` as they were rendered as a whitespace. (#4667)
+- Fix improper parsing of characters such us `+`, `/` passed via `OTEL_RESOURCE_ATTRIBUTES` in `go.opentelemetry.io/otel/sdk/resource` as they were rendered as a whitespace. (#4699)
+- Fix improper parsing of characters such us `+`, `/` passed via `OTEL_EXPORTER_OTLP_HEADERS` and `OTEL_EXPORTER_OTLP_METRICS_HEADERS` in `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc` as they were rendered as a whitespace. (#4699)
+- Fix improper parsing of characters such us `+`, `/` passed via `OTEL_EXPORTER_OTLP_HEADERS` and `OTEL_EXPORTER_OTLP_METRICS_HEADERS` in `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp` as they were rendered as a whitespace. (#4699)
+- Fix improper parsing of characters such us `+`, `/` passed via `OTEL_EXPORTER_OTLP_HEADERS` and `OTEL_EXPORTER_OTLP_TRACES_HEADERS` in `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlptracegrpc` as they were rendered as a whitespace. (#4699)
+- Fix improper parsing of characters such us `+`, `/` passed via `OTEL_EXPORTER_OTLP_HEADERS` and `OTEL_EXPORTER_OTLP_TRACES_HEADERS` in `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlptracehttp` as they were rendered as a whitespace. (#4699)
+- In `go.opentelemetry.op/otel/exporters/prometheus`, the exporter no longer `Collect`s metrics after `Shutdown` is invoked. (#4648)
+- Fix documentation for `WithCompressor` in `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc`. (#4695)
+- Fix documentation for `WithCompressor` in `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc`. (#4695)
+
+## [1.19.0/0.42.0/0.0.7] 2023-09-28
+
+This release contains the first stable release of the OpenTelemetry Go [metric SDK].
+Our project stability guarantees now apply to the `go.opentelemetry.io/otel/sdk/metric` package.
+See our [versioning policy](VERSIONING.md) for more information about these stability guarantees.
+
+### Added
+
+- Add the "Roll the dice" getting started application example in `go.opentelemetry.io/otel/example/dice`. (#4539)
+- The `WithWriter` and `WithPrettyPrint` options to `go.opentelemetry.io/otel/exporters/stdout/stdoutmetric` to set a custom `io.Writer`, and allow displaying the output in human-readable JSON. (#4507)
+
+### Changed
+
+- Allow '/' characters in metric instrument names. (#4501)
+- The exporter in `go.opentelemetry.io/otel/exporters/stdout/stdoutmetric` does not prettify its output by default anymore. (#4507)
+- Upgrade `gopkg.io/yaml` from `v2` to `v3` in `go.opentelemetry.io/otel/schema`. (#4535)
+
+### Fixed
+
+- In `go.opentelemetry.op/otel/exporters/prometheus`, don't try to create the Prometheus metric on every `Collect` if we know the scope is invalid. (#4499)
+
+### Removed
+
+- Remove `"go.opentelemetry.io/otel/bridge/opencensus".NewMetricExporter`, which is replaced by `NewMetricProducer`. (#4566)
+
+## [1.19.0-rc.1/0.42.0-rc.1] 2023-09-14
+
+This is a release candidate for the v1.19.0/v0.42.0 release.
+That release is expected to include the `v1` release of the OpenTelemetry Go metric SDK and will provide stability guarantees of that SDK.
+See our [versioning policy](VERSIONING.md) for more information about these stability guarantees.
+
+### Changed
+
+- Allow '/' characters in metric instrument names. (#4501)
+
+### Fixed
+
+- In `go.opentelemetry.op/otel/exporters/prometheus`, don't try to create the prometheus metric on every `Collect` if we know the scope is invalid. (#4499)
+
+## [1.18.0/0.41.0/0.0.6] 2023-09-12
+
+This release drops the compatibility guarantee of [Go 1.19].
+
+### Added
+
+- Add `WithProducer` option in `go.opentelemetry.op/otel/exporters/prometheus` to restore the ability to register producers on the prometheus exporter's manual reader. (#4473)
+- Add `IgnoreValue` option in `go.opentelemetry.io/otel/sdk/metric/metricdata/metricdatatest` to allow ignoring values when comparing metrics. (#4447)
+
+### Changed
+
+- Use a `TestingT` interface instead of `*testing.T` struct in `go.opentelemetry.io/otel/sdk/metric/metricdata/metricdatatest`. (#4483)
+
+### Deprecated
+
+- The `NewMetricExporter` in `go.opentelemetry.io/otel/bridge/opencensus` was deprecated in `v0.35.0` (#3541).
+  The deprecation notice format for the function has been corrected to trigger Go documentation and build tooling. (#4470)
+
+### Removed
+
+- Removed the deprecated `go.opentelemetry.io/otel/exporters/jaeger` package. (#4467)
+- Removed the deprecated `go.opentelemetry.io/otel/example/jaeger` package. (#4467)
+- Removed the deprecated `go.opentelemetry.io/otel/sdk/metric/aggregation` package. (#4468)
+- Removed the deprecated internal packages in `go.opentelemetry.io/otel/exporters/otlp` and its sub-packages. (#4469)
+- Dropped guaranteed support for versions of Go less than 1.20. (#4481)
+
+## [1.17.0/0.40.0/0.0.5] 2023-08-28
+
+### Added
+
+- Export the `ManualReader` struct in `go.opentelemetry.io/otel/sdk/metric`. (#4244)
+- Export the `PeriodicReader` struct in `go.opentelemetry.io/otel/sdk/metric`. (#4244)
+- Add support for exponential histogram aggregations.
+  A histogram can be configured as an exponential histogram using a view with `"go.opentelemetry.io/otel/sdk/metric".ExponentialHistogram` as the aggregation. (#4245)
+- Export the `Exporter` struct in `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc`. (#4272)
+- Export the `Exporter` struct in `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp`. (#4272)
+- The exporters in `go.opentelemetry.io/otel/exporters/otlp/otlpmetric` now support the `OTEL_EXPORTER_OTLP_METRICS_TEMPORALITY_PREFERENCE` environment variable. (#4287)
+- Add `WithoutCounterSuffixes` option in `go.opentelemetry.io/otel/exporters/prometheus` to disable addition of `_total` suffixes. (#4306)
+- Add info and debug logging to the metric SDK in `go.opentelemetry.io/otel/sdk/metric`. (#4315)
+- The `go.opentelemetry.io/otel/semconv/v1.21.0` package.
+  The package contains semantic conventions from the `v1.21.0` version of the OpenTelemetry Semantic Conventions. (#4362)
+- Accept 201 to 299 HTTP status as success in `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp` and `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp`. (#4365)
+- Document the `Temporality` and `Aggregation` methods of the `"go.opentelemetry.io/otel/sdk/metric".Exporter"` need to be concurrent safe. (#4381)
+- Expand the set of units supported by the Prometheus exporter, and don't add unit suffixes if they are already present in `go.opentelemetry.op/otel/exporters/prometheus` (#4374)
+- Move the `Aggregation` interface and its implementations from `go.opentelemetry.io/otel/sdk/metric/aggregation` to `go.opentelemetry.io/otel/sdk/metric`. (#4435)
+- The exporters in `go.opentelemetry.io/otel/exporters/otlp/otlpmetric` now support the `OTEL_EXPORTER_OTLP_METRICS_DEFAULT_HISTOGRAM_AGGREGATION` environment variable. (#4437)
+- Add the `NewAllowKeysFilter` and `NewDenyKeysFilter` functions to `go.opentelemetry.io/otel/attribute` to allow convenient creation of allow-keys and deny-keys filters. (#4444)
+- Support Go 1.21. (#4463)
+
+### Changed
+
+- Starting from `v1.21.0` of semantic conventions, `go.opentelemetry.io/otel/semconv/{version}/httpconv` and `go.opentelemetry.io/otel/semconv/{version}/netconv` packages will no longer be published. (#4145)
+- Log duplicate instrument conflict at a warning level instead of info in `go.opentelemetry.io/otel/sdk/metric`. (#4202)
+- Return an error on the creation of new instruments in `go.opentelemetry.io/otel/sdk/metric` if their name doesn't pass regexp validation. (#4210)
+- `NewManualReader` in `go.opentelemetry.io/otel/sdk/metric` returns `*ManualReader` instead of `Reader`. (#4244)
+- `NewPeriodicReader` in `go.opentelemetry.io/otel/sdk/metric` returns `*PeriodicReader` instead of `Reader`. (#4244)
+- Count the Collect time in the `PeriodicReader` timeout in `go.opentelemetry.io/otel/sdk/metric`. (#4221)
+- The function `New` in `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc` returns `*Exporter` instead of `"go.opentelemetry.io/otel/sdk/metric".Exporter`. (#4272)
+- The function `New` in `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp` returns `*Exporter` instead of `"go.opentelemetry.io/otel/sdk/metric".Exporter`. (#4272)
+- If an attribute set is omitted from an async callback, the previous value will no longer be exported in `go.opentelemetry.io/otel/sdk/metric`. (#4290)
+- If an attribute set is observed multiple times in an async callback in `go.opentelemetry.io/otel/sdk/metric`, the values will be summed instead of the last observation winning. (#4289)
+- Allow the explicit bucket histogram aggregation to be used for the up-down counter, observable counter, observable up-down counter, and observable gauge in the `go.opentelemetry.io/otel/sdk/metric` package. (#4332)
+- Restrict `Meter`s in `go.opentelemetry.io/otel/sdk/metric` to only register and collect instruments it created. (#4333)
+- `PeriodicReader.Shutdown` and `PeriodicReader.ForceFlush` in `go.opentelemetry.io/otel/sdk/metric` now apply the periodic reader's timeout to the operation if the user provided context does not contain a deadline. (#4356, #4377)
+- Upgrade all use of `go.opentelemetry.io/otel/semconv` to use `v1.21.0`. (#4408)
+- Increase instrument name maximum length from 63 to 255 characters in `go.opentelemetry.io/otel/sdk/metric`. (#4434)
+- Add `go.opentelemetry.op/otel/sdk/metric.WithProducer` as an `Option` for `"go.opentelemetry.io/otel/sdk/metric".NewManualReader` and `"go.opentelemetry.io/otel/sdk/metric".NewPeriodicReader`. (#4346)
+
+### Removed
+
+- Remove `Reader.RegisterProducer` in `go.opentelemetry.io/otel/metric`.
+  Use the added `WithProducer` option instead. (#4346)
+- Remove `Reader.ForceFlush` in `go.opentelemetry.io/otel/metric`.
+  Notice that `PeriodicReader.ForceFlush` is still available. (#4375)
+
+### Fixed
+
+- Correctly format log messages from the `go.opentelemetry.io/otel/exporters/zipkin` exporter. (#4143)
+- Log an error for calls to `NewView` in `go.opentelemetry.io/otel/sdk/metric` that have empty criteria. (#4307)
+- Fix `"go.opentelemetry.io/otel/sdk/resource".WithHostID()` to not set an empty `host.id`. (#4317)
+- Use the instrument identifying fields to cache aggregators and determine duplicate instrument registrations in `go.opentelemetry.io/otel/sdk/metric`. (#4337)
+- Detect duplicate instruments for case-insensitive names in `go.opentelemetry.io/otel/sdk/metric`. (#4338)
+- The `ManualReader` will not panic if `AggregationSelector` returns `nil` in `go.opentelemetry.io/otel/sdk/metric`. (#4350)
+- If a `Reader`'s `AggregationSelector` returns `nil` or `DefaultAggregation` the pipeline will use the default aggregation. (#4350)
+- Log a suggested view that fixes instrument conflicts in `go.opentelemetry.io/otel/sdk/metric`. (#4349)
+- Fix possible panic, deadlock and race condition in batch span processor in `go.opentelemetry.io/otel/sdk/trace`. (#4353)
+- Improve context cancellation handling in batch span processor's `ForceFlush` in  `go.opentelemetry.io/otel/sdk/trace`. (#4369)
+- Decouple `go.opentelemetry.io/otel/exporters/otlp/otlptrace/internal` from `go.opentelemetry.io/otel/exporters/otlp/internal` using gotmpl. (#4397, #3846)
+- Decouple `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc/internal` from `go.opentelemetry.io/otel/exporters/otlp/internal` and `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/internal` using gotmpl. (#4404, #3846)
+- Decouple `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp/internal` from `go.opentelemetry.io/otel/exporters/otlp/internal` and `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/internal` using gotmpl. (#4407, #3846)
+- Decouple `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/internal` from `go.opentelemetry.io/otel/exporters/otlp/internal` and `go.opentelemetry.io/otel/exporters/otlp/otlptrace/internal` using gotmpl. (#4400, #3846)
+- Decouple `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp/internal` from `go.opentelemetry.io/otel/exporters/otlp/internal` and `go.opentelemetry.io/otel/exporters/otlp/otlptrace/internal` using gotmpl. (#4401, #3846)
+- Do not block the metric SDK when OTLP metric exports are blocked in `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc` and `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp`. (#3925, #4395)
+- Do not append `_total` if the counter already has that suffix for the Prometheus exproter in `go.opentelemetry.io/otel/exporter/prometheus`. (#4373)
+- Fix resource detection data race in `go.opentelemetry.io/otel/sdk/resource`. (#4409)
+- Use the first-seen instrument name during instrument name conflicts in `go.opentelemetry.io/otel/sdk/metric`. (#4428)
+
+### Deprecated
+
+- The `go.opentelemetry.io/otel/exporters/jaeger` package is deprecated.
+  OpenTelemetry dropped support for Jaeger exporter in July 2023.
+  Use `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp`
+  or `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc` instead. (#4423)
+- The `go.opentelemetry.io/otel/example/jaeger` package is deprecated. (#4423)
+- The `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/internal` package is deprecated. (#4420)
+- The `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/internal/oconf` package is deprecated. (#4420)
+- The `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/internal/otest` package is deprecated. (#4420)
+- The `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/internal/transform` package is deprecated. (#4420)
+- The `go.opentelemetry.io/otel/exporters/otlp/internal` package is deprecated. (#4421)
+- The `go.opentelemetry.io/otel/exporters/otlp/internal/envconfig` package is deprecated. (#4421)
+- The `go.opentelemetry.io/otel/exporters/otlp/internal/retry` package is deprecated. (#4421)
+- The `go.opentelemetry.io/otel/exporters/otlp/otlptrace/internal` package is deprecated. (#4425)
+- The `go.opentelemetry.io/otel/exporters/otlp/otlptrace/internal/envconfig` package is deprecated. (#4425)
+- The `go.opentelemetry.io/otel/exporters/otlp/otlptrace/internal/otlpconfig` package is deprecated. (#4425)
+- The `go.opentelemetry.io/otel/exporters/otlp/otlptrace/internal/otlptracetest` package is deprecated. (#4425)
+- The `go.opentelemetry.io/otel/exporters/otlp/otlptrace/internal/retry` package is deprecated. (#4425)
+- The `go.opentelemetry.io/otel/sdk/metric/aggregation` package is deprecated.
+  Use the aggregation types added to `go.opentelemetry.io/otel/sdk/metric` instead. (#4435)
+
+## [1.16.0/0.39.0] 2023-05-18
+
+This release contains the first stable release of the OpenTelemetry Go [metric API].
+Our project stability guarantees now apply to the `go.opentelemetry.io/otel/metric` package.
+See our [versioning policy](VERSIONING.md) for more information about these stability guarantees.
+
+### Added
+
+- The `go.opentelemetry.io/otel/semconv/v1.19.0` package.
+  The package contains semantic conventions from the `v1.19.0` version of the OpenTelemetry specification. (#3848)
+- The `go.opentelemetry.io/otel/semconv/v1.20.0` package.
+  The package contains semantic conventions from the `v1.20.0` version of the OpenTelemetry specification. (#4078)
+- The Exponential Histogram data types in `go.opentelemetry.io/otel/sdk/metric/metricdata`. (#4165)
+- OTLP metrics exporter now supports the Exponential Histogram Data Type. (#4222)
+- Fix serialization of `time.Time` zero values in `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc` and `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp` packages. (#4271)
+
+### Changed
+
+- Use `strings.Cut()` instead of `string.SplitN()` for better readability and memory use. (#4049)
+- `MeterProvider` returns noop meters once it has been shutdown. (#4154)
+
+### Removed
+
+- The deprecated `go.opentelemetry.io/otel/metric/instrument` package is removed.
+  Use `go.opentelemetry.io/otel/metric` instead. (#4055)
+
+### Fixed
+
+- Fix build for BSD based systems in `go.opentelemetry.io/otel/sdk/resource`. (#4077)
+
+## [1.16.0-rc.1/0.39.0-rc.1] 2023-05-03
+
+This is a release candidate for the v1.16.0/v0.39.0 release.
+That release is expected to include the `v1` release of the OpenTelemetry Go metric API and will provide stability guarantees of that API.
+See our [versioning policy](VERSIONING.md) for more information about these stability guarantees.
+
+### Added
+
+- Support global `MeterProvider` in `go.opentelemetry.io/otel`. (#4039)
+  - Use `Meter` for a `metric.Meter` from the global `metric.MeterProvider`.
+  - Use `GetMeterProivder` for a global `metric.MeterProvider`.
+  - Use `SetMeterProivder` to set the global `metric.MeterProvider`.
+
+### Changed
+
+- Move the `go.opentelemetry.io/otel/metric` module to the `stable-v1` module set.
+  This stages the metric API to be released as a stable module. (#4038)
+
+### Removed
+
+- The `go.opentelemetry.io/otel/metric/global` package is removed.
+  Use `go.opentelemetry.io/otel` instead. (#4039)
+
+## [1.15.1/0.38.1] 2023-05-02
+
+### Fixed
+
+- Remove unused imports from `sdk/resource/host_id_bsd.go` which caused build failures. (#4040, #4041)
+
+## [1.15.0/0.38.0] 2023-04-27
+
+### Added
+
+- The `go.opentelemetry.io/otel/metric/embedded` package. (#3916)
+- The `Version` function to `go.opentelemetry.io/otel/sdk` to return the SDK version. (#3949)
+- Add a `WithNamespace` option to `go.opentelemetry.io/otel/exporters/prometheus` to allow users to prefix metrics with a namespace. (#3970)
+- The following configuration types were added to `go.opentelemetry.io/otel/metric/instrument` to be used in the configuration of measurement methods. (#3971)
+  - The `AddConfig` used to hold configuration for addition measurements
+    - `NewAddConfig` used to create a new `AddConfig`
+    - `AddOption` used to configure an `AddConfig`
+  - The `RecordConfig` used to hold configuration for recorded measurements
+    - `NewRecordConfig` used to create a new `RecordConfig`
+    - `RecordOption` used to configure a `RecordConfig`
+  - The `ObserveConfig` used to hold configuration for observed measurements
+    - `NewObserveConfig` used to create a new `ObserveConfig`
+    - `ObserveOption` used to configure an `ObserveConfig`
+- `WithAttributeSet` and `WithAttributes` are added to `go.opentelemetry.io/otel/metric/instrument`.
+  They return an option used during a measurement that defines the attribute Set associated with the measurement. (#3971)
+- The `Version` function to `go.opentelemetry.io/otel/exporters/otlp/otlpmetric` to return the OTLP metrics client version. (#3956)
+- The `Version` function to `go.opentelemetry.io/otel/exporters/otlp/otlptrace` to return the OTLP trace client version. (#3956)
+
+### Changed
+
+- The `Extrema` in `go.opentelemetry.io/otel/sdk/metric/metricdata` is redefined with a generic argument of `[N int64 | float64]`. (#3870)
+- Update all exported interfaces from `go.opentelemetry.io/otel/metric` to embed their corresponding interface from `go.opentelemetry.io/otel/metric/embedded`.
+  This adds an implementation requirement to set the interface default behavior for unimplemented methods. (#3916)
+- Move No-Op implementation from `go.opentelemetry.io/otel/metric` into its own package `go.opentelemetry.io/otel/metric/noop`. (#3941)
+  - `metric.NewNoopMeterProvider` is replaced with `noop.NewMeterProvider`
+- Add all the methods from `"go.opentelemetry.io/otel/trace".SpanContext` to `bridgeSpanContext` by embedding `otel.SpanContext` in `bridgeSpanContext`. (#3966)
+- Wrap `UploadMetrics` error in `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/` to improve error message when encountering generic grpc errors. (#3974)
+- The measurement methods for all instruments in `go.opentelemetry.io/otel/metric/instrument` accept an option instead of the variadic `"go.opentelemetry.io/otel/attribute".KeyValue`. (#3971)
+  - The `Int64Counter.Add` method now accepts `...AddOption`
+  - The `Float64Counter.Add` method now accepts `...AddOption`
+  - The `Int64UpDownCounter.Add` method now accepts `...AddOption`
+  - The `Float64UpDownCounter.Add` method now accepts `...AddOption`
+  - The `Int64Histogram.Record` method now accepts `...RecordOption`
+  - The `Float64Histogram.Record` method now accepts `...RecordOption`
+  - The `Int64Observer.Observe` method now accepts `...ObserveOption`
+  - The `Float64Observer.Observe` method now accepts `...ObserveOption`
+- The `Observer` methods in `go.opentelemetry.io/otel/metric` accept an option instead of the variadic `"go.opentelemetry.io/otel/attribute".KeyValue`. (#3971)
+  - The `Observer.ObserveInt64` method now accepts `...ObserveOption`
+  - The `Observer.ObserveFloat64` method now accepts `...ObserveOption`
+- Move global metric back to `go.opentelemetry.io/otel/metric/global` from `go.opentelemetry.io/otel`. (#3986)
+
+### Fixed
+
+- `TracerProvider` allows calling `Tracer()` while it's shutting down.
+  It used to deadlock. (#3924)
+- Use the SDK version for the Telemetry SDK resource detector in `go.opentelemetry.io/otel/sdk/resource`. (#3949)
+- Fix a data race in `SpanProcessor` returned by `NewSimpleSpanProcessor` in `go.opentelemetry.io/otel/sdk/trace`. (#3951)
+- Automatically figure out the default aggregation with `aggregation.Default`. (#3967)
+
+### Deprecated
+
+- The `go.opentelemetry.io/otel/metric/instrument` package is deprecated.
+  Use the equivalent types added to `go.opentelemetry.io/otel/metric` instead. (#4018)
+
+## [1.15.0-rc.2/0.38.0-rc.2] 2023-03-23
+
+This is a release candidate for the v1.15.0/v0.38.0 release.
+That release will include the `v1` release of the OpenTelemetry Go metric API and will provide stability guarantees of that API.
+See our [versioning policy](VERSIONING.md) for more information about these stability guarantees.
+
+### Added
+
+- The `WithHostID` option to `go.opentelemetry.io/otel/sdk/resource`. (#3812)
+- The `WithoutTimestamps` option to `go.opentelemetry.io/otel/exporters/stdout/stdoutmetric` to sets all timestamps to zero. (#3828)
+- The new `Exemplar` type is added to `go.opentelemetry.io/otel/sdk/metric/metricdata`.
+  Both the `DataPoint` and `HistogramDataPoint` types from that package have a new field of `Exemplars` containing the sampled exemplars for their timeseries. (#3849)
+- Configuration for each metric instrument in `go.opentelemetry.io/otel/sdk/metric/instrument`. (#3895)
+- The internal logging introduces a warning level verbosity equal to `V(1)`. (#3900)
+- Added a log message warning about usage of `SimpleSpanProcessor` in production environments. (#3854)
+
+### Changed
+
+- Optimize memory allocation when creation a new `Set` using `NewSet` or `NewSetWithFiltered` in `go.opentelemetry.io/otel/attribute`. (#3832)
+- Optimize memory allocation when creation new metric instruments in `go.opentelemetry.io/otel/sdk/metric`. (#3832)
+- Avoid creating new objects on all calls to `WithDeferredSetup` and `SkipContextSetup` in OpenTracing bridge. (#3833)
+- The `New` and `Detect` functions from `go.opentelemetry.io/otel/sdk/resource` return errors that wrap underlying errors instead of just containing the underlying error strings. (#3844)
+- Both the `Histogram` and `HistogramDataPoint` are redefined with a generic argument of `[N int64 | float64]` in `go.opentelemetry.io/otel/sdk/metric/metricdata`. (#3849)
+- The metric `Export` interface from `go.opentelemetry.io/otel/sdk/metric` accepts a `*ResourceMetrics` instead of `ResourceMetrics`. (#3853)
+- Rename `Asynchronous` to `Observable` in `go.opentelemetry.io/otel/metric/instrument`. (#3892)
+- Rename `Int64ObserverOption` to `Int64ObservableOption` in `go.opentelemetry.io/otel/metric/instrument`. (#3895)
+- Rename `Float64ObserverOption` to `Float64ObservableOption` in `go.opentelemetry.io/otel/metric/instrument`. (#3895)
+- The internal logging changes the verbosity level of info to `V(4)`, the verbosity level of debug to `V(8)`. (#3900)
+
+### Fixed
+
+- `TracerProvider` consistently doesn't allow to register a `SpanProcessor` after shutdown. (#3845)
+
+### Removed
+
+- The deprecated `go.opentelemetry.io/otel/metric/global` package is removed. (#3829)
+- The unneeded `Synchronous` interface in `go.opentelemetry.io/otel/metric/instrument` was removed. (#3892)
+- The `Float64ObserverConfig` and `NewFloat64ObserverConfig` in `go.opentelemetry.io/otel/sdk/metric/instrument`.
+  Use the added `float64` instrument configuration instead. (#3895)
+- The `Int64ObserverConfig` and `NewInt64ObserverConfig` in `go.opentelemetry.io/otel/sdk/metric/instrument`.
+  Use the added `int64` instrument configuration instead. (#3895)
+- The `NewNoopMeter` function in `go.opentelemetry.io/otel/metric`, use `NewMeterProvider().Meter("")` instead. (#3893)
+
+## [1.15.0-rc.1/0.38.0-rc.1] 2023-03-01
+
+This is a release candidate for the v1.15.0/v0.38.0 release.
+That release will include the `v1` release of the OpenTelemetry Go metric API and will provide stability guarantees of that API.
+See our [versioning policy](VERSIONING.md) for more information about these stability guarantees.
+
+This release drops the compatibility guarantee of [Go 1.18].
+
+### Added
+
+- Support global `MeterProvider` in `go.opentelemetry.io/otel`. (#3818)
+  - Use `Meter` for a `metric.Meter` from the global `metric.MeterProvider`.
+  - Use `GetMeterProivder` for a global `metric.MeterProvider`.
+  - Use `SetMeterProivder` to set the global `metric.MeterProvider`.
+
+### Changed
+
+- Dropped compatibility testing for [Go 1.18].
+  The project no longer guarantees support for this version of Go. (#3813)
+
+### Fixed
+
+- Handle empty environment variable as it they were not set. (#3764)
+- Clarify the `httpconv` and `netconv` packages in `go.opentelemetry.io/otel/semconv/*` provide tracing semantic conventions. (#3823)
+- Fix race conditions in `go.opentelemetry.io/otel/exporters/metric/prometheus` that could cause a panic. (#3899)
+- Fix sending nil `scopeInfo` to metrics channel in `go.opentelemetry.io/otel/exporters/metric/prometheus` that could cause a panic in `github.com/prometheus/client_golang/prometheus`. (#3899)
+
+### Deprecated
+
+- The `go.opentelemetry.io/otel/metric/global` package is deprecated.
+  Use `go.opentelemetry.io/otel` instead. (#3818)
+
+### Removed
+
+- The deprecated `go.opentelemetry.io/otel/metric/unit` package is removed. (#3814)
+
+## [1.14.0/0.37.0/0.0.4] 2023-02-27
+
+This release is the last to support [Go 1.18].
+The next release will require at least [Go 1.19].
+
+### Added
+
+- The `event` type semantic conventions are added to `go.opentelemetry.io/otel/semconv/v1.17.0`. (#3697)
+- Support [Go 1.20]. (#3693)
+- The `go.opentelemetry.io/otel/semconv/v1.18.0` package.
+  The package contains semantic conventions from the `v1.18.0` version of the OpenTelemetry specification. (#3719)
+  - The following `const` renames from `go.opentelemetry.io/otel/semconv/v1.17.0` are included:
+    - `OtelScopeNameKey` -> `OTelScopeNameKey`
+    - `OtelScopeVersionKey` -> `OTelScopeVersionKey`
+    - `OtelLibraryNameKey` -> `OTelLibraryNameKey`
+    - `OtelLibraryVersionKey` -> `OTelLibraryVersionKey`
+    - `OtelStatusCodeKey` -> `OTelStatusCodeKey`
+    - `OtelStatusDescriptionKey` -> `OTelStatusDescriptionKey`
+    - `OtelStatusCodeOk` -> `OTelStatusCodeOk`
+    - `OtelStatusCodeError` -> `OTelStatusCodeError`
+  - The following `func` renames from `go.opentelemetry.io/otel/semconv/v1.17.0` are included:
+    - `OtelScopeName` -> `OTelScopeName`
+    - `OtelScopeVersion` -> `OTelScopeVersion`
+    - `OtelLibraryName` -> `OTelLibraryName`
+    - `OtelLibraryVersion` -> `OTelLibraryVersion`
+    - `OtelStatusDescription` -> `OTelStatusDescription`
+- A `IsSampled` method is added to the `SpanContext` implementation in `go.opentelemetry.io/otel/bridge/opentracing` to expose the span sampled state.
+  See the [README](./bridge/opentracing/README.md) for more information. (#3570)
+- The `WithInstrumentationAttributes` option to `go.opentelemetry.io/otel/metric`. (#3738)
+- The `WithInstrumentationAttributes` option to `go.opentelemetry.io/otel/trace`. (#3739)
+- The following environment variables are supported by the periodic `Reader` in `go.opentelemetry.io/otel/sdk/metric`. (#3763)
+  - `OTEL_METRIC_EXPORT_INTERVAL` sets the time between collections and exports.
+  - `OTEL_METRIC_EXPORT_TIMEOUT` sets the timeout an export is attempted.
+
+### Changed
+
+- Fall-back to `TextMapCarrier` when it's not `HttpHeader`s in `go.opentelemetry.io/otel/bridge/opentracing`. (#3679)
+- The `Collect` method of the `"go.opentelemetry.io/otel/sdk/metric".Reader` interface is updated to accept the `metricdata.ResourceMetrics` value the collection will be made into.
+  This change is made to enable memory reuse by SDK users. (#3732)
+- The `WithUnit` option in `go.opentelemetry.io/otel/sdk/metric/instrument` is updated to accept a `string` for the unit value. (#3776)
+
+### Fixed
+
+- Ensure `go.opentelemetry.io/otel` does not use generics. (#3723, #3725)
+- Multi-reader `MeterProvider`s now export metrics for all readers, instead of just the first reader. (#3720, #3724)
+- Remove use of deprecated `"math/rand".Seed` in `go.opentelemetry.io/otel/example/prometheus`. (#3733)
+- Do not silently drop unknown schema data with `Parse` in  `go.opentelemetry.io/otel/schema/v1.1`. (#3743)
+- Data race issue in OTLP exporter retry mechanism. (#3755, #3756)
+- Wrapping empty errors when exporting in `go.opentelemetry.io/otel/sdk/metric`. (#3698, #3772)
+- Incorrect "all" and "resource" definition for schema files in `go.opentelemetry.io/otel/schema/v1.1`. (#3777)
+
+### Deprecated
+
+- The `go.opentelemetry.io/otel/metric/unit` package is deprecated.
+  Use the equivalent unit string instead. (#3776)
+  - Use `"1"` instead of `unit.Dimensionless`
+  - Use `"By"` instead of `unit.Bytes`
+  - Use `"ms"` instead of `unit.Milliseconds`
+
+## [1.13.0/0.36.0] 2023-02-07
+
+### Added
+
+- Attribute `KeyValue` creations functions to `go.opentelemetry.io/otel/semconv/v1.17.0` for all non-enum semantic conventions.
+  These functions ensure semantic convention type correctness. (#3675)
+
+### Fixed
+
+- Removed the `http.target` attribute from being added by `ServerRequest` in the following packages. (#3687)
+  - `go.opentelemetry.io/otel/semconv/v1.13.0/httpconv`
+  - `go.opentelemetry.io/otel/semconv/v1.14.0/httpconv`
+  - `go.opentelemetry.io/otel/semconv/v1.15.0/httpconv`
+  - `go.opentelemetry.io/otel/semconv/v1.16.0/httpconv`
+  - `go.opentelemetry.io/otel/semconv/v1.17.0/httpconv`
+
+### Removed
+
+- The deprecated `go.opentelemetry.io/otel/metric/instrument/asyncfloat64` package is removed. (#3631)
+- The deprecated `go.opentelemetry.io/otel/metric/instrument/asyncint64` package is removed. (#3631)
+- The deprecated `go.opentelemetry.io/otel/metric/instrument/syncfloat64` package is removed. (#3631)
+- The deprecated `go.opentelemetry.io/otel/metric/instrument/syncint64` package is removed. (#3631)
+
+## [1.12.0/0.35.0] 2023-01-28
+
+### Added
+
+- The `WithInt64Callback` option to `go.opentelemetry.io/otel/metric/instrument`.
+  This options is used to configure `int64` Observer callbacks during their creation. (#3507)
+- The `WithFloat64Callback` option to `go.opentelemetry.io/otel/metric/instrument`.
+  This options is used to configure `float64` Observer callbacks during their creation. (#3507)
+- The `Producer` interface and `Reader.RegisterProducer(Producer)` to `go.opentelemetry.io/otel/sdk/metric`.
+  These additions are used to enable external metric Producers. (#3524)
+- The `Callback` function type to `go.opentelemetry.io/otel/metric`.
+  This new named function type is registered with a `Meter`. (#3564)
+- The `go.opentelemetry.io/otel/semconv/v1.13.0` package.
+  The package contains semantic conventions from the `v1.13.0` version of the OpenTelemetry specification. (#3499)
+  - The `EndUserAttributesFromHTTPRequest` function in `go.opentelemetry.io/otel/semconv/v1.12.0` is merged into `ClientRequest` and `ServerRequest` in `go.opentelemetry.io/otel/semconv/v1.13.0/httpconv`.
+  - The `HTTPAttributesFromHTTPStatusCode` function in `go.opentelemetry.io/otel/semconv/v1.12.0` is merged into `ClientResponse` in `go.opentelemetry.io/otel/semconv/v1.13.0/httpconv`.
+  - The `HTTPClientAttributesFromHTTPRequest` function in `go.opentelemetry.io/otel/semconv/v1.12.0` is replaced by `ClientRequest` in `go.opentelemetry.io/otel/semconv/v1.13.0/httpconv`.
+  - The `HTTPServerAttributesFromHTTPRequest` function in `go.opentelemetry.io/otel/semconv/v1.12.0` is replaced by `ServerRequest` in `go.opentelemetry.io/otel/semconv/v1.13.0/httpconv`.
+  - The `HTTPServerMetricAttributesFromHTTPRequest` function in `go.opentelemetry.io/otel/semconv/v1.12.0` is replaced by `ServerRequest` in `go.opentelemetry.io/otel/semconv/v1.13.0/httpconv`.
+  - The `NetAttributesFromHTTPRequest` function in `go.opentelemetry.io/otel/semconv/v1.12.0` is split into `Transport` in `go.opentelemetry.io/otel/semconv/v1.13.0/netconv` and `ClientRequest` or `ServerRequest` in `go.opentelemetry.io/otel/semconv/v1.13.0/httpconv`.
+  - The `SpanStatusFromHTTPStatusCode` function in `go.opentelemetry.io/otel/semconv/v1.12.0` is replaced by `ClientStatus` in `go.opentelemetry.io/otel/semconv/v1.13.0/httpconv`.
+  - The `SpanStatusFromHTTPStatusCodeAndSpanKind` function in `go.opentelemetry.io/otel/semconv/v1.12.0` is split into `ClientStatus` and `ServerStatus` in `go.opentelemetry.io/otel/semconv/v1.13.0/httpconv`.
+  - The `Client` function is included in `go.opentelemetry.io/otel/semconv/v1.13.0/netconv` to generate attributes for a `net.Conn`.
+  - The `Server` function is included in `go.opentelemetry.io/otel/semconv/v1.13.0/netconv` to generate attributes for a `net.Listener`.
+- The `go.opentelemetry.io/otel/semconv/v1.14.0` package.
+  The package contains semantic conventions from the `v1.14.0` version of the OpenTelemetry specification. (#3566)
+- The `go.opentelemetry.io/otel/semconv/v1.15.0` package.
+  The package contains semantic conventions from the `v1.15.0` version of the OpenTelemetry specification. (#3578)
+- The `go.opentelemetry.io/otel/semconv/v1.16.0` package.
+  The package contains semantic conventions from the `v1.16.0` version of the OpenTelemetry specification. (#3579)
+- Metric instruments to `go.opentelemetry.io/otel/metric/instrument`.
+  These instruments are use as replacements of the deprecated `go.opentelemetry.io/otel/metric/instrument/{asyncfloat64,asyncint64,syncfloat64,syncint64}` packages.(#3575, #3586)
+  - `Float64ObservableCounter` replaces the `asyncfloat64.Counter`
+  - `Float64ObservableUpDownCounter` replaces the `asyncfloat64.UpDownCounter`
+  - `Float64ObservableGauge` replaces the `asyncfloat64.Gauge`
+  - `Int64ObservableCounter` replaces the `asyncint64.Counter`
+  - `Int64ObservableUpDownCounter` replaces the `asyncint64.UpDownCounter`
+  - `Int64ObservableGauge` replaces the `asyncint64.Gauge`
+  - `Float64Counter` replaces the `syncfloat64.Counter`
+  - `Float64UpDownCounter` replaces the `syncfloat64.UpDownCounter`
+  - `Float64Histogram` replaces the `syncfloat64.Histogram`
+  - `Int64Counter` replaces the `syncint64.Counter`
+  - `Int64UpDownCounter` replaces the `syncint64.UpDownCounter`
+  - `Int64Histogram` replaces the `syncint64.Histogram`
+- `NewTracerProvider` to `go.opentelemetry.io/otel/bridge/opentracing`.
+  This is used to create `WrapperTracer` instances from a `TracerProvider`. (#3116)
+- The `Extrema` type to `go.opentelemetry.io/otel/sdk/metric/metricdata`.
+  This type is used to represent min/max values and still be able to distinguish unset and zero values. (#3487)
+- The `go.opentelemetry.io/otel/semconv/v1.17.0` package.
+  The package contains semantic conventions from the `v1.17.0` version of the OpenTelemetry specification. (#3599)
+
+### Changed
+
+- Jaeger and Zipkin exporter use `github.com/go-logr/logr` as the logging interface, and add the `WithLogr` option. (#3497, #3500)
+- Instrument configuration in `go.opentelemetry.io/otel/metric/instrument` is split into specific options and configuration based on the instrument type. (#3507)
+  - Use the added `Int64Option` type to configure instruments from `go.opentelemetry.io/otel/metric/instrument/syncint64`.
+  - Use the added `Float64Option` type to configure instruments from `go.opentelemetry.io/otel/metric/instrument/syncfloat64`.
+  - Use the added `Int64ObserverOption` type to configure instruments from `go.opentelemetry.io/otel/metric/instrument/asyncint64`.
+  - Use the added `Float64ObserverOption` type to configure instruments from `go.opentelemetry.io/otel/metric/instrument/asyncfloat64`.
+- Return a `Registration` from the `RegisterCallback` method of a `Meter` in the `go.opentelemetry.io/otel/metric` package.
+  This `Registration` can be used to unregister callbacks. (#3522)
+- Global error handler uses an atomic value instead of a mutex. (#3543)
+- Add `NewMetricProducer` to `go.opentelemetry.io/otel/bridge/opencensus`, which can be used to pass OpenCensus metrics to an OpenTelemetry Reader. (#3541)
+- Global logger uses an atomic value instead of a mutex. (#3545)
+- The `Shutdown` method of the `"go.opentelemetry.io/otel/sdk/trace".TracerProvider` releases all computational resources when called the first time. (#3551)
+- The `Sampler` returned from `TraceIDRatioBased` `go.opentelemetry.io/otel/sdk/trace` now uses the rightmost bits for sampling decisions.
+  This fixes random sampling when using ID generators like `xray.IDGenerator` and increasing parity with other language implementations. (#3557)
+- Errors from `go.opentelemetry.io/otel/exporters/otlp/otlptrace` exporters are wrapped in errors identifying their signal name.
+  Existing users of the exporters attempting to identify specific errors will need to use `errors.Unwrap()` to get the underlying error. (#3516)
+- Exporters from `go.opentelemetry.io/otel/exporters/otlp` will print the final retryable error message when attempts to retry time out. (#3514)
+- The instrument kind names in `go.opentelemetry.io/otel/sdk/metric` are updated to match the API. (#3562)
+  - `InstrumentKindSyncCounter` is renamed to `InstrumentKindCounter`
+  - `InstrumentKindSyncUpDownCounter` is renamed to `InstrumentKindUpDownCounter`
+  - `InstrumentKindSyncHistogram` is renamed to `InstrumentKindHistogram`
+  - `InstrumentKindAsyncCounter` is renamed to `InstrumentKindObservableCounter`
+  - `InstrumentKindAsyncUpDownCounter` is renamed to `InstrumentKindObservableUpDownCounter`
+  - `InstrumentKindAsyncGauge` is renamed to `InstrumentKindObservableGauge`
+- The `RegisterCallback` method of the `Meter` in `go.opentelemetry.io/otel/metric` changed.
+  - The named `Callback` replaces the inline function parameter. (#3564)
+  - `Callback` is required to return an error. (#3576)
+  - `Callback` accepts the added `Observer` parameter added.
+    This new parameter is used by `Callback` implementations to observe values for asynchronous instruments instead of calling the `Observe` method of the instrument directly. (#3584)
+  - The slice of `instrument.Asynchronous` is now passed as a variadic argument. (#3587)
+- The exporter from `go.opentelemetry.io/otel/exporters/zipkin` is updated to use the `v1.16.0` version of semantic conventions.
+  This means it no longer uses the removed `net.peer.ip` or `http.host` attributes to determine the remote endpoint.
+  Instead it uses the `net.sock.peer` attributes. (#3581)
+- The `Min` and `Max` fields of the `HistogramDataPoint` in `go.opentelemetry.io/otel/sdk/metric/metricdata` are now defined with the added `Extrema` type instead of a `*float64`. (#3487)
+
+### Fixed
+
+- Asynchronous instruments that use sum aggregators and attribute filters correctly add values from equivalent attribute sets that have been filtered. (#3439, #3549)
+- The `RegisterCallback` method of the `Meter` from `go.opentelemetry.io/otel/sdk/metric` only registers a callback for instruments created by that meter.
+  Trying to register a callback with instruments from a different meter will result in an error being returned. (#3584)
+
+### Deprecated
+
+- The `NewMetricExporter` in `go.opentelemetry.io/otel/bridge/opencensus` is deprecated.
+  Use `NewMetricProducer` instead. (#3541)
+- The `go.opentelemetry.io/otel/metric/instrument/asyncfloat64` package is deprecated.
+  Use the instruments from `go.opentelemetry.io/otel/metric/instrument` instead. (#3575)
+- The `go.opentelemetry.io/otel/metric/instrument/asyncint64` package is deprecated.
+  Use the instruments from `go.opentelemetry.io/otel/metric/instrument` instead. (#3575)
+- The `go.opentelemetry.io/otel/metric/instrument/syncfloat64` package is deprecated.
+  Use the instruments from `go.opentelemetry.io/otel/metric/instrument` instead. (#3575)
+- The `go.opentelemetry.io/otel/metric/instrument/syncint64` package is deprecated.
+  Use the instruments from `go.opentelemetry.io/otel/metric/instrument` instead. (#3575)
+- The `NewWrappedTracerProvider` in `go.opentelemetry.io/otel/bridge/opentracing` is now deprecated.
+  Use `NewTracerProvider` instead. (#3116)
+
+### Removed
+
+- The deprecated `go.opentelemetry.io/otel/sdk/metric/view` package is removed. (#3520)
+- The `InstrumentProvider` from `go.opentelemetry.io/otel/sdk/metric/asyncint64` is removed.
+  Use the new creation methods of the `Meter` in `go.opentelemetry.io/otel/sdk/metric` instead. (#3530)
+  - The `Counter` method is replaced by `Meter.Int64ObservableCounter`
+  - The `UpDownCounter` method is replaced by `Meter.Int64ObservableUpDownCounter`
+  - The `Gauge` method is replaced by `Meter.Int64ObservableGauge`
+- The `InstrumentProvider` from `go.opentelemetry.io/otel/sdk/metric/asyncfloat64` is removed.
+  Use the new creation methods of the `Meter` in `go.opentelemetry.io/otel/sdk/metric` instead. (#3530)
+  - The `Counter` method is replaced by `Meter.Float64ObservableCounter`
+  - The `UpDownCounter` method is replaced by `Meter.Float64ObservableUpDownCounter`
+  - The `Gauge` method is replaced by `Meter.Float64ObservableGauge`
+- The `InstrumentProvider` from `go.opentelemetry.io/otel/sdk/metric/syncint64` is removed.
+  Use the new creation methods of the `Meter` in `go.opentelemetry.io/otel/sdk/metric` instead. (#3530)
+  - The `Counter` method is replaced by `Meter.Int64Counter`
+  - The `UpDownCounter` method is replaced by `Meter.Int64UpDownCounter`
+  - The `Histogram` method is replaced by `Meter.Int64Histogram`
+- The `InstrumentProvider` from `go.opentelemetry.io/otel/sdk/metric/syncfloat64` is removed.
+  Use the new creation methods of the `Meter` in `go.opentelemetry.io/otel/sdk/metric` instead. (#3530)
+  - The `Counter` method is replaced by `Meter.Float64Counter`
+  - The `UpDownCounter` method is replaced by `Meter.Float64UpDownCounter`
+  - The `Histogram` method is replaced by `Meter.Float64Histogram`
+
+## [1.11.2/0.34.0] 2022-12-05
+
+### Added
+
+- The `WithView` `Option` is added to the `go.opentelemetry.io/otel/sdk/metric` package.
+   This option is used to configure the view(s) a `MeterProvider` will use for all `Reader`s that are registered with it. (#3387)
+- Add Instrumentation Scope and Version as info metric and label in Prometheus exporter.
+  This can be disabled using the `WithoutScopeInfo()` option added to that package.(#3273, #3357)
+- OTLP exporters now recognize: (#3363)
+  - `OTEL_EXPORTER_OTLP_INSECURE`
+  - `OTEL_EXPORTER_OTLP_TRACES_INSECURE`
+  - `OTEL_EXPORTER_OTLP_METRICS_INSECURE`
+  - `OTEL_EXPORTER_OTLP_CLIENT_KEY`
+  - `OTEL_EXPORTER_OTLP_TRACES_CLIENT_KEY`
+  - `OTEL_EXPORTER_OTLP_METRICS_CLIENT_KEY`
+  - `OTEL_EXPORTER_OTLP_CLIENT_CERTIFICATE`
+  - `OTEL_EXPORTER_OTLP_TRACES_CLIENT_CERTIFICATE`
+  - `OTEL_EXPORTER_OTLP_METRICS_CLIENT_CERTIFICATE`
+- The `View` type and related `NewView` function to create a view according to the OpenTelemetry specification are added to `go.opentelemetry.io/otel/sdk/metric`.
+  These additions are replacements for the `View` type and `New` function from `go.opentelemetry.io/otel/sdk/metric/view`. (#3459)
+- The `Instrument` and `InstrumentKind` type are added to `go.opentelemetry.io/otel/sdk/metric`.
+  These additions are replacements for the `Instrument` and `InstrumentKind` types from `go.opentelemetry.io/otel/sdk/metric/view`. (#3459)
+- The `Stream` type is added to `go.opentelemetry.io/otel/sdk/metric` to define a metric data stream a view will produce. (#3459)
+- The `AssertHasAttributes` allows instrument authors to test that datapoints returned have appropriate attributes. (#3487)
+
+### Changed
+
+- The `"go.opentelemetry.io/otel/sdk/metric".WithReader` option no longer accepts views to associate with the `Reader`.
+   Instead, views are now registered directly with the `MeterProvider` via the new `WithView` option.
+   The views registered with the `MeterProvider` apply to all `Reader`s. (#3387)
+- The `Temporality(view.InstrumentKind) metricdata.Temporality` and `Aggregation(view.InstrumentKind) aggregation.Aggregation` methods are added to the `"go.opentelemetry.io/otel/sdk/metric".Exporter` interface. (#3260)
+- The `Temporality(view.InstrumentKind) metricdata.Temporality` and `Aggregation(view.InstrumentKind) aggregation.Aggregation` methods are added to the `"go.opentelemetry.io/otel/exporters/otlp/otlpmetric".Client` interface. (#3260)
+- The `WithTemporalitySelector` and `WithAggregationSelector` `ReaderOption`s have been changed to `ManualReaderOption`s in the `go.opentelemetry.io/otel/sdk/metric` package. (#3260)
+- The periodic reader in the `go.opentelemetry.io/otel/sdk/metric` package now uses the temporality and aggregation selectors from its configured exporter instead of accepting them as options. (#3260)
+
+### Fixed
+
+- The `go.opentelemetry.io/otel/exporters/prometheus` exporter fixes duplicated `_total` suffixes. (#3369)
+- Remove comparable requirement for `Reader`s. (#3387)
+- Cumulative metrics from the OpenCensus bridge (`go.opentelemetry.io/otel/bridge/opencensus`) are defined as monotonic sums, instead of non-monotonic. (#3389)
+- Asynchronous counters (`Counter` and `UpDownCounter`) from the metric SDK now produce delta sums when configured with delta temporality. (#3398)
+- Exported `Status` codes in the `go.opentelemetry.io/otel/exporters/zipkin` exporter are now exported as all upper case values. (#3340)
+- `Aggregation`s from `go.opentelemetry.io/otel/sdk/metric` with no data are not exported. (#3394, #3436)
+- Re-enabled Attribute Filters in the Metric SDK. (#3396)
+- Asynchronous callbacks are only called if they are registered with at least one instrument that does not use drop aggragation. (#3408)
+- Do not report empty partial-success responses in the `go.opentelemetry.io/otel/exporters/otlp` exporters. (#3438, #3432)
+- Handle partial success responses in `go.opentelemetry.io/otel/exporters/otlp/otlpmetric` exporters. (#3162, #3440)
+- Prevent duplicate Prometheus description, unit, and type. (#3469)
+- Prevents panic when using incorrect `attribute.Value.As[Type]Slice()`. (#3489)
+
+### Removed
+
+- The `go.opentelemetry.io/otel/exporters/otlp/otlpmetric.Client` interface is removed. (#3486)
+- The `go.opentelemetry.io/otel/exporters/otlp/otlpmetric.New` function is removed. Use the `otlpmetric[http|grpc].New` directly. (#3486)
+
+### Deprecated
+
+- The `go.opentelemetry.io/otel/sdk/metric/view` package is deprecated.
+  Use `Instrument`, `InstrumentKind`, `View`, and `NewView` in `go.opentelemetry.io/otel/sdk/metric` instead. (#3476)
+
+## [1.11.1/0.33.0] 2022-10-19
+
+### Added
+
+- The Prometheus exporter in `go.opentelemetry.io/otel/exporters/prometheus` registers with a Prometheus registerer on creation.
+   By default, it will register with the default Prometheus registerer.
+   A non-default registerer can be used by passing the `WithRegisterer` option. (#3239)
+- Added the `WithAggregationSelector` option to the `go.opentelemetry.io/otel/exporters/prometheus` package to change the default `AggregationSelector` used. (#3341)
+- The Prometheus exporter in `go.opentelemetry.io/otel/exporters/prometheus` converts the `Resource` associated with metric exports into a `target_info` metric. (#3285)
+
+### Changed
+
+- The `"go.opentelemetry.io/otel/exporters/prometheus".New` function is updated to return an error.
+   It will return an error if the exporter fails to register with Prometheus. (#3239)
+
+### Fixed
+
+- The URL-encoded values from the `OTEL_RESOURCE_ATTRIBUTES` environment variable are decoded. (#2963)
+- The `baggage.NewMember` function decodes the `value` parameter instead of directly using it.
+   This fixes the implementation to be compliant with the W3C specification. (#3226)
+- Slice attributes of the `attribute` package are now comparable based on their value, not instance. (#3108 #3252)
+- The `Shutdown` and `ForceFlush` methods of the `"go.opentelemetry.io/otel/sdk/trace".TraceProvider` no longer return an error when no processor is registered. (#3268)
+- The Prometheus exporter in `go.opentelemetry.io/otel/exporters/prometheus` cumulatively sums histogram buckets. (#3281)
+- The sum of each histogram data point is now uniquely exported by the `go.opentelemetry.io/otel/exporters/otlpmetric` exporters. (#3284, #3293)
+- Recorded values for asynchronous counters (`Counter` and `UpDownCounter`) are interpreted as exact, not incremental, sum values by the metric SDK. (#3350, #3278)
+- `UpDownCounters` are now correctly output as Prometheus gauges in the `go.opentelemetry.io/otel/exporters/prometheus` exporter. (#3358)
+- The Prometheus exporter in `go.opentelemetry.io/otel/exporters/prometheus` no longer describes the metrics it will send to Prometheus on startup.
+   Instead the exporter is defined as an "unchecked" collector for Prometheus.
+   This fixes the `reader is not registered` warning currently emitted on startup. (#3291 #3342)
+- The `go.opentelemetry.io/otel/exporters/prometheus` exporter now correctly adds `_total` suffixes to counter metrics. (#3360)
+- The `go.opentelemetry.io/otel/exporters/prometheus` exporter now adds a unit suffix to metric names.
+   This can be disabled using the `WithoutUnits()` option added to that package. (#3352)
+
+## [1.11.0/0.32.3] 2022-10-12
+
+### Added
+
+- Add default User-Agent header to OTLP exporter requests (`go.opentelemetry.io/otel/exporters/otlptrace/otlptracegrpc` and `go.opentelemetry.io/otel/exporters/otlptrace/otlptracehttp`). (#3261)
+
+### Changed
+
+- `span.SetStatus` has been updated such that calls that lower the status are now no-ops. (#3214)
+- Upgrade `golang.org/x/sys/unix` from `v0.0.0-20210423185535-09eb48e85fd7` to `v0.0.0-20220919091848-fb04ddd9f9c8`.
+  This addresses [GO-2022-0493](https://pkg.go.dev/vuln/GO-2022-0493). (#3235)
+
+## [0.32.2] Metric SDK (Alpha) - 2022-10-11
+
+### Added
+
+- Added an example of using metric views to customize instruments. (#3177)
+- Add default User-Agent header to OTLP exporter requests (`go.opentelemetry.io/otel/exporters/otlpmetric/otlpmetricgrpc` and `go.opentelemetry.io/otel/exporters/otlpmetric/otlpmetrichttp`). (#3261)
+
+### Changed
+
+- Flush pending measurements with the `PeriodicReader` in the `go.opentelemetry.io/otel/sdk/metric` when `ForceFlush` or `Shutdown` are called. (#3220)
+- Update histogram default bounds to match the requirements of the latest specification. (#3222)
+- Encode the HTTP status code in the OpenTracing bridge (`go.opentelemetry.io/otel/bridge/opentracing`) as an integer.  (#3265)
+
+### Fixed
+
+- Use default view if instrument does not match any registered view of a reader. (#3224, #3237)
+- Return the same instrument every time a user makes the exact same instrument creation call. (#3229, #3251)
+- Return the existing instrument when a view transforms a creation call to match an existing instrument. (#3240, #3251)
+- Log a warning when a conflicting instrument (e.g. description, unit, data-type) is created instead of returning an error. (#3251)
+- The OpenCensus bridge no longer sends empty batches of metrics. (#3263)
+
+## [0.32.1] Metric SDK (Alpha) - 2022-09-22
+
+### Changed
+
+- The Prometheus exporter sanitizes OpenTelemetry instrument names when exporting.
+   Invalid characters are replaced with `_`. (#3212)
+
+### Added
+
+- The metric portion of the OpenCensus bridge (`go.opentelemetry.io/otel/bridge/opencensus`) has been reintroduced. (#3192)
+- The OpenCensus bridge example (`go.opentelemetry.io/otel/example/opencensus`) has been reintroduced. (#3206)
+
+### Fixed
+
+- Updated go.mods to point to valid versions of the sdk. (#3216)
+- Set the `MeterProvider` resource on all exported metric data. (#3218)
+
+## [0.32.0] Revised Metric SDK (Alpha) - 2022-09-18
+
+### Changed
+
+- The metric SDK in `go.opentelemetry.io/otel/sdk/metric` is completely refactored to comply with the OpenTelemetry specification.
+  Please see the package documentation for how the new SDK is initialized and configured. (#3175)
+- Update the minimum supported go version to go1.18. Removes support for go1.17 (#3179)
+
+### Removed
+
+- The metric portion of the OpenCensus bridge (`go.opentelemetry.io/otel/bridge/opencensus`) has been removed.
+  A new bridge compliant with the revised metric SDK will be added back in a future release. (#3175)
+- The `go.opentelemetry.io/otel/sdk/metric/aggregator/aggregatortest` package is removed, see the new metric SDK. (#3175)
+- The `go.opentelemetry.io/otel/sdk/metric/aggregator/histogram` package is removed, see the new metric SDK. (#3175)
+- The `go.opentelemetry.io/otel/sdk/metric/aggregator/lastvalue` package is removed, see the new metric SDK. (#3175)
+- The `go.opentelemetry.io/otel/sdk/metric/aggregator/sum` package is removed, see the new metric SDK. (#3175)
+- The `go.opentelemetry.io/otel/sdk/metric/aggregator` package is removed, see the new metric SDK. (#3175)
+- The `go.opentelemetry.io/otel/sdk/metric/controller/basic` package is removed, see the new metric SDK. (#3175)
+- The `go.opentelemetry.io/otel/sdk/metric/controller/controllertest` package is removed, see the new metric SDK. (#3175)
+- The `go.opentelemetry.io/otel/sdk/metric/controller/time` package is removed, see the new metric SDK. (#3175)
+- The `go.opentelemetry.io/otel/sdk/metric/export/aggregation` package is removed, see the new metric SDK. (#3175)
+- The `go.opentelemetry.io/otel/sdk/metric/export` package is removed, see the new metric SDK. (#3175)
+- The `go.opentelemetry.io/otel/sdk/metric/metrictest` package is removed.
+  A replacement package that supports the new metric SDK will be added back in a future release. (#3175)
+- The `go.opentelemetry.io/otel/sdk/metric/number` package is removed, see the new metric SDK. (#3175)
+- The `go.opentelemetry.io/otel/sdk/metric/processor/basic` package is removed, see the new metric SDK. (#3175)
+- The `go.opentelemetry.io/otel/sdk/metric/processor/processortest` package is removed, see the new metric SDK. (#3175)
+- The `go.opentelemetry.io/otel/sdk/metric/processor/reducer` package is removed, see the new metric SDK. (#3175)
+- The `go.opentelemetry.io/otel/sdk/metric/registry` package is removed, see the new metric SDK. (#3175)
+- The `go.opentelemetry.io/otel/sdk/metric/sdkapi` package is removed, see the new metric SDK. (#3175)
+- The `go.opentelemetry.io/otel/sdk/metric/selector/simple` package is removed, see the new metric SDK. (#3175)
+- The `"go.opentelemetry.io/otel/sdk/metric".ErrUninitializedInstrument` variable was removed. (#3175)
+- The `"go.opentelemetry.io/otel/sdk/metric".ErrBadInstrument` variable was removed. (#3175)
+- The `"go.opentelemetry.io/otel/sdk/metric".Accumulator` type was removed, see the `MeterProvider`in the new metric SDK. (#3175)
+- The `"go.opentelemetry.io/otel/sdk/metric".NewAccumulator` function was removed, see `NewMeterProvider`in the new metric SDK. (#3175)
+- The deprecated `"go.opentelemetry.io/otel/sdk/metric".AtomicFieldOffsets` function was removed. (#3175)
+
 ## [1.10.0] - 2022-09-09
 
 ### Added
@@ -191,7 +1019,7 @@ Code instrumented with the `go.opentelemetry.io/otel/metric` will need to be mod
   - `OTEL_EVENT_ATTRIBUTE_COUNT_LIMIT`
   - `OTEL_SPAN_LINK_COUNT_LIMIT`
   - `OTEL_LINK_ATTRIBUTE_COUNT_LIMIT`
-  
+
   If the provided environment variables are invalid (negative), the default values would be used.
 - Rename the `gc` runtime name to `go` (#2560)
 - Add resource container ID detection. (#2418)
@@ -452,7 +1280,7 @@ This release includes an API and SDK for the tracing signal that will comply wit
 - Setting the global `ErrorHandler` with `"go.opentelemetry.io/otel".SetErrorHandler` multiple times is now supported. (#2160, #2140)
 - The `"go.opentelemetry.io/otel/attribute".Any` function now supports `int32` values. (#2169)
 - Multiple calls to `"go.opentelemetry.io/otel/sdk/metric/controller/basic".WithResource()` are handled correctly, and when no resources are provided `"go.opentelemetry.io/otel/sdk/resource".Default()` is used. (#2120)
-- The `WithoutTimestamps` option for the `go.opentelemetry.io/otel/exporters/stdout/stdouttrace` exporter causes the exporter to correctly ommit timestamps. (#2195)
+- The `WithoutTimestamps` option for the `go.opentelemetry.io/otel/exporters/stdout/stdouttrace` exporter causes the exporter to correctly omit timestamps. (#2195)
 - Fixed typos in resources.go. (#2201)
 
 ## [1.0.0-RC2] - 2021-07-26
@@ -898,7 +1726,7 @@ with major version 0.
 - `NewGRPCDriver` function returns a `ProtocolDriver` that maintains a single gRPC connection to the collector. (#1369)
 - Added documentation about the project's versioning policy. (#1388)
 - Added `NewSplitDriver` for OTLP exporter that allows sending traces and metrics to different endpoints. (#1418)
-- Added codeql worfklow to GitHub Actions (#1428)
+- Added codeql workflow to GitHub Actions (#1428)
 - Added Gosec workflow to GitHub Actions (#1429)
 - Add new HTTP driver for OTLP exporter in `exporters/otlp/otlphttp`. Currently it only supports the binary protobuf payloads. (#1420)
 - Add an OpenCensus exporter bridge. (#1444)
@@ -1741,7 +2569,7 @@ There is still a possibility of breaking changes.
 
 ### Fixed
 
-- Use stateful batcher on Prometheus exporter fixing regresion introduced in #395. (#428)
+- Use stateful batcher on Prometheus exporter fixing regression introduced in #395. (#428)
 
 ## [0.2.1] - 2020-01-08
 
@@ -1907,7 +2735,28 @@ It contains api and sdk for trace and meter.
 - CircleCI build CI manifest files.
 - CODEOWNERS file to track owners of this project.
 
-[Unreleased]: https://github.com/open-telemetry/opentelemetry-go/compare/v1.10.0...HEAD
+[Unreleased]: https://github.com/open-telemetry/opentelemetry-go/compare/v1.21.0...HEAD
+[1.21.0/0.44.0]: https://github.com/open-telemetry/opentelemetry-go/releases/tag/v1.21.0
+[1.20.0/0.43.0]: https://github.com/open-telemetry/opentelemetry-go/releases/tag/v1.20.0
+[1.19.0/0.42.0/0.0.7]: https://github.com/open-telemetry/opentelemetry-go/releases/tag/v1.19.0
+[1.19.0-rc.1/0.42.0-rc.1]: https://github.com/open-telemetry/opentelemetry-go/releases/tag/v1.19.0-rc.1
+[1.18.0/0.41.0/0.0.6]: https://github.com/open-telemetry/opentelemetry-go/releases/tag/v1.18.0
+[1.17.0/0.40.0/0.0.5]: https://github.com/open-telemetry/opentelemetry-go/releases/tag/v1.17.0
+[1.16.0/0.39.0]: https://github.com/open-telemetry/opentelemetry-go/releases/tag/v1.16.0
+[1.16.0-rc.1/0.39.0-rc.1]: https://github.com/open-telemetry/opentelemetry-go/releases/tag/v1.16.0-rc.1
+[1.15.1/0.38.1]: https://github.com/open-telemetry/opentelemetry-go/releases/tag/v1.15.1
+[1.15.0/0.38.0]: https://github.com/open-telemetry/opentelemetry-go/releases/tag/v1.15.0
+[1.15.0-rc.2/0.38.0-rc.2]: https://github.com/open-telemetry/opentelemetry-go/releases/tag/v1.15.0-rc.2
+[1.15.0-rc.1/0.38.0-rc.1]: https://github.com/open-telemetry/opentelemetry-go/releases/tag/v1.15.0-rc.1
+[1.14.0/0.37.0/0.0.4]: https://github.com/open-telemetry/opentelemetry-go/releases/tag/v1.14.0
+[1.13.0/0.36.0]: https://github.com/open-telemetry/opentelemetry-go/releases/tag/v1.13.0
+[1.12.0/0.35.0]: https://github.com/open-telemetry/opentelemetry-go/releases/tag/v1.12.0
+[1.11.2/0.34.0]: https://github.com/open-telemetry/opentelemetry-go/releases/tag/v1.11.2
+[1.11.1/0.33.0]: https://github.com/open-telemetry/opentelemetry-go/releases/tag/v1.11.1
+[1.11.0/0.32.3]: https://github.com/open-telemetry/opentelemetry-go/releases/tag/v1.11.0
+[0.32.2]: https://github.com/open-telemetry/opentelemetry-go/releases/tag/sdk/metric/v0.32.2
+[0.32.1]: https://github.com/open-telemetry/opentelemetry-go/releases/tag/sdk/metric/v0.32.1
+[0.32.0]: https://github.com/open-telemetry/opentelemetry-go/releases/tag/sdk/metric/v0.32.0
 [1.10.0]: https://github.com/open-telemetry/opentelemetry-go/releases/tag/v1.10.0
 [1.9.0/0.0.3]: https://github.com/open-telemetry/opentelemetry-go/releases/tag/v1.9.0
 [1.8.0/0.31.0]: https://github.com/open-telemetry/opentelemetry-go/releases/tag/v1.8.0
@@ -1959,3 +2808,11 @@ It contains api and sdk for trace and meter.
 [0.1.2]: https://github.com/open-telemetry/opentelemetry-go/releases/tag/v0.1.2
 [0.1.1]: https://github.com/open-telemetry/opentelemetry-go/releases/tag/v0.1.1
 [0.1.0]: https://github.com/open-telemetry/opentelemetry-go/releases/tag/v0.1.0
+
+[Go 1.20]: https://go.dev/doc/go1.20
+[Go 1.19]: https://go.dev/doc/go1.19
+[Go 1.18]: https://go.dev/doc/go1.18
+
+[metric API]:https://pkg.go.dev/go.opentelemetry.io/otel/metric
+[metric SDK]:https://pkg.go.dev/go.opentelemetry.io/otel/sdk/metric
+[trace API]:https://pkg.go.dev/go.opentelemetry.io/otel/trace
diff --git a/apis/vendor/go.opentelemetry.io/otel/CODEOWNERS b/apis/vendor/go.opentelemetry.io/otel/CODEOWNERS
index c4012ed6c..623740007 100644
--- a/apis/vendor/go.opentelemetry.io/otel/CODEOWNERS
+++ b/apis/vendor/go.opentelemetry.io/otel/CODEOWNERS
@@ -12,6 +12,6 @@
 #  https://help.github.com/en/articles/about-code-owners
 #
 
-* @jmacd @MrAlias @Aneurysm9 @evantorrie @XSAM @dashpole @MadVikingGod @pellared @hanyuancheung @dmathieu
+* @MrAlias @Aneurysm9 @evantorrie @XSAM @dashpole @MadVikingGod @pellared @hanyuancheung @dmathieu
 
-CODEOWNERS @MrAlias @Aneurysm9 @MadVikingGod
+CODEOWNERS @MrAlias @MadVikingGod @pellared
\ No newline at end of file
diff --git a/apis/vendor/go.opentelemetry.io/otel/CONTRIBUTING.md b/apis/vendor/go.opentelemetry.io/otel/CONTRIBUTING.md
index 9371a481a..850606ae6 100644
--- a/apis/vendor/go.opentelemetry.io/otel/CONTRIBUTING.md
+++ b/apis/vendor/go.opentelemetry.io/otel/CONTRIBUTING.md
@@ -6,7 +6,7 @@ OpenTelemetry
 repo for information on this and other language SIGs.
 
 See the [public meeting
-notes](https://docs.google.com/document/d/1A63zSWX0x2CyCK_LoNhmQC4rqhLpYXJzXbEPDUQ2n6w/edit#heading=h.9tngw7jdwd6b)
+notes](https://docs.google.com/document/d/1E5e7Ld0NuU1iVvf-42tOBpu2VBBLYnh73GJuITGJTTU/edit)
 for a summary description of past meetings. To request edit access,
 join the meeting or get in touch on
 [Slack](https://cloud-native.slack.com/archives/C01NPAXACKT).
@@ -28,6 +28,11 @@ precommit` - the `precommit` target is the default).
 The `precommit` target also fixes the formatting of the code and
 checks the status of the go module files.
 
+Additionally, there is a `codespell` target that checks for common
+typos in the code. It is not run by default, but you can run it
+manually with `make codespell`. It will set up a virtual environment
+in `venv` and install `codespell` there.
+
 If after running `make precommit` the output of `git status` contains
 `nothing to commit, working tree clean` then it means that everything
 is up-to-date and properly formatted.
@@ -85,6 +90,10 @@ git push <YOUR_FORK> <YOUR_BRANCH_NAME>
 Open a pull request against the main `opentelemetry-go` repo. Be sure to add the pull
 request ID to the entry you added to `CHANGELOG.md`.
 
+Avoid rebasing and force-pushing to your branch to facilitate reviewing the pull request.
+Rewriting Git history makes it difficult to keep track of iterations during code review.
+All pull requests are squashed to a single commit upon merge to `main`.
+
 ### How to Receive Comments
 
 * If the PR is not ready for review, please put `[WIP]` in the title,
@@ -94,38 +103,66 @@ request ID to the entry you added to `CHANGELOG.md`.
 
 ### How to Get PRs Merged
 
-A PR is considered to be **ready to merge** when:
-
-* It has received two approvals from Collaborators/Maintainers (at
-  different companies). This is not enforced through technical means
-  and a PR may be **ready to merge** with a single approval if the change
-  and its approach have been discussed and consensus reached.
-* Feedback has been addressed.
-* Any substantive changes to your PR will require that you clear any prior
-  Approval reviews, this includes changes resulting from other feedback. Unless
-  the approver explicitly stated that their approval will persist across
-  changes it should be assumed that the PR needs their review again. Other
-  project members (e.g. approvers, maintainers) can help with this if there are
-  any questions or if you forget to clear reviews.
-* It has been open for review for at least one working day. This gives
-  people reasonable time to review.
-* Trivial changes (typo, cosmetic, doc, etc.) do not have to wait for
-  one day and may be merged with a single Maintainer's approval.
-* `CHANGELOG.md` has been updated to reflect what has been
-  added, changed, removed, or fixed.
-* `README.md` has been updated if necessary.
-* Urgent fix can take exception as long as it has been actively
-  communicated.
-
-Any Maintainer can merge the PR once it is **ready to merge**.
+A PR is considered **ready to merge** when:
+
+* It has received two qualified approvals[^1].
+
+  This is not enforced through automation, but needs to be validated by the
+  maintainer merging.
+  * The qualified approvals need to be from [Approver]s/[Maintainer]s
+    affiliated with different companies. Two qualified approvals from
+    [Approver]s or [Maintainer]s affiliated with the same company counts as a
+    single qualified approval.
+  * PRs introducing changes that have already been discussed and consensus
+    reached only need one qualified approval. The discussion and resolution
+    needs to be linked to the PR.
+  * Trivial changes[^2] only need one qualified approval.
+
+* All feedback has been addressed.
+  * All PR comments and suggestions are resolved.
+  * All GitHub Pull Request reviews with a status of "Request changes" have
+    been addressed. Another review by the objecting reviewer with a different
+    status can be submitted to clear the original review, or the review can be
+    dismissed by a [Maintainer] when the issues from the original review have
+    been addressed.
+  * Any comments or reviews that cannot be resolved between the PR author and
+    reviewers can be submitted to the community [Approver]s and [Maintainer]s
+    during the weekly SIG meeting. If consensus is reached among the
+    [Approver]s and [Maintainer]s during the SIG meeting the objections to the
+    PR may be dismissed or resolved or the PR closed by a [Maintainer].
+  * Any substantive changes to the PR require existing Approval reviews be
+    cleared unless the approver explicitly states that their approval persists
+    across changes. This includes changes resulting from other feedback.
+    [Approver]s and [Maintainer]s can help in clearing reviews and they should
+    be consulted if there are any questions.
+
+* The PR branch is up to date with the base branch it is merging into.
+  * To ensure this does not block the PR, it should be configured to allow
+    maintainers to update it.
+
+* It has been open for review for at least one working day. This gives people
+  reasonable time to review.
+  * Trivial changes[^2] do not have to wait for one day and may be merged with
+    a single [Maintainer]'s approval.
+
+* All required GitHub workflows have succeeded.
+* Urgent fix can take exception as long as it has been actively communicated
+  among [Maintainer]s.
+
+Any [Maintainer] can merge the PR once the above criteria have been met.
+
+[^1]: A qualified approval is a GitHub Pull Request review with "Approve"
+  status from an OpenTelemetry Go [Approver] or [Maintainer].
+[^2]: Trivial changes include: typo corrections, cosmetic non-substantive
+  changes, documentation corrections or updates, dependency updates, etc.
 
 ## Design Choices
 
 As with other OpenTelemetry clients, opentelemetry-go follows the
-[opentelemetry-specification](https://github.com/open-telemetry/opentelemetry-specification).
+[OpenTelemetry Specification](https://opentelemetry.io/docs/specs/otel).
 
 It's especially valuable to read through the [library
-guidelines](https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/library-guidelines.md).
+guidelines](https://opentelemetry.io/docs/specs/otel/library-guidelines).
 
 ### Focus on Capabilities, Not Structure Compliance
 
@@ -146,23 +183,23 @@ For a deeper discussion, see
 
 ## Documentation
 
-Each non-example Go Module should have its own `README.md` containing:
+Each (non-internal, non-test) package must be documented using
+[Go Doc Comments](https://go.dev/doc/comment),
+preferably in a `doc.go` file.
 
-- A pkg.go.dev badge which can be generated [here](https://pkg.go.dev/badge/).
-- Brief description.
-- Installation instructions (and requirements if applicable).
-- Hyperlink to an example. Depending on the component the example can be:
-  - An `example_test.go` like [here](exporters/stdout/stdouttrace/example_test.go).
-  - A sample Go application with its own `README.md`, like [here](example/zipkin).
-- Additional documentation sections such us:
-  - Configuration,
-  - Contributing,
-  - References.
+Prefer using [Examples](https://pkg.go.dev/testing#hdr-Examples)
+instead of putting code snippets in Go doc comments.
+In some cases, you can even create [Testable Examples](https://go.dev/blog/examples).
 
-[Here](exporters/jaeger/README.md) is an example of a concise `README.md`.
+You can install and run a "local Go Doc site" in the following way:
 
-Moreover, it should be possible to navigate to any `README.md` from the
-root `README.md`.
+  ```sh
+  go install golang.org/x/pkgsite/cmd/pkgsite@latest
+  pkgsite
+  ```
+
+[`go.opentelemetry.io/otel/metric`](https://pkg.go.dev/go.opentelemetry.io/otel/metric)
+is an example of a very well-documented package.
 
 ## Style Guide
 
@@ -216,7 +253,7 @@ Meaning a `config` from one package should not be directly used by another. The
 one exception is the API packages.  The configs from the base API, eg.
 `go.opentelemetry.io/otel/trace.TracerConfig` and
 `go.opentelemetry.io/otel/metric.InstrumentConfig`, are intended to be consumed
-by the SDK therefor it is expected that these are exported.
+by the SDK therefore it is expected that these are exported.
 
 When a config is exported we want to maintain forward and backward
 compatibility, to achieve this no fields should be exported but should
@@ -234,12 +271,12 @@ func newConfig(options ...Option) config {
 	for _, option := range options {
 		config = option.apply(config)
 	}
-	// Preform any validation here.
+	// Perform any validation here.
 	return config
 }
 ```
 
-If validation of the `config` options is also preformed this can return an
+If validation of the `config` options is also performed this can return an
 error as well that is expected to be handled by the instantiation function
 or propagated to the user.
 
@@ -438,12 +475,37 @@ their parameters appropriately named.
 #### Interface Stability
 
 All exported stable interfaces that include the following warning in their
-doumentation are allowed to be extended with additional methods.
+documentation are allowed to be extended with additional methods.
 
 > Warning: methods may be added to this interface in minor releases.
 
+These interfaces are defined by the OpenTelemetry specification and will be
+updated as the specification evolves.
+
 Otherwise, stable interfaces MUST NOT be modified.
 
+#### How to Change Specification Interfaces
+
+When an API change must be made, we will update the SDK with the new method one
+release before the API change. This will allow the SDK one version before the
+API change to work seamlessly with the new API.
+
+If an incompatible version of the SDK is used with the new API the application
+will fail to compile.
+
+#### How Not to Change Specification Interfaces
+
+We have explored using a v2 of the API to change interfaces and found that there
+was no way to introduce a v2 and have it work seamlessly with the v1 of the API.
+Problems happened with libraries that upgraded to v2 when an application did not,
+and would not produce any telemetry.
+
+More detail of the approaches considered and their limitations can be found in
+the [Use a V2 API to evolve interfaces](https://github.com/open-telemetry/opentelemetry-go/issues/3920)
+issue.
+
+#### How to Change Other Interfaces
+
 If new functionality is needed for an interface that cannot be changed it MUST
 be added by including an additional interface. That added interface can be a
 simple interface for the specific functionality that you want to add or it can
@@ -498,29 +560,65 @@ functionality should be added, each one will need their own super-set
 interfaces and will duplicate the pattern. For this reason, the simple targeted
 interface that defines the specific functionality should be preferred.
 
+### Testing
+
+The tests should never leak goroutines.
+
+Use the term `ConcurrentSafe` in the test name when it aims to verify the
+absence of race conditions.
+
+### Internal packages
+
+The use of internal packages should be scoped to a single module. A sub-module
+should never import from a parent internal package. This creates a coupling
+between the two modules where a user can upgrade the parent without the child
+and if the internal package API has changed it will fail to upgrade[^3].
+
+There are two known exceptions to this rule:
+
+- `go.opentelemetry.io/otel/internal/global`
+  - This package manages global state for all of opentelemetry-go. It needs to
+  be a single package in order to ensure the uniqueness of the global state.
+- `go.opentelemetry.io/otel/internal/baggage`
+  - This package provides values in a `context.Context` that need to be
+  recognized by `go.opentelemetry.io/otel/baggage` and
+  `go.opentelemetry.io/otel/bridge/opentracing` but remain private.
+
+If you have duplicate code in multiple modules, make that code into a Go
+template stored in `go.opentelemetry.io/otel/internal/shared` and use [gotmpl]
+to render the templates in the desired locations. See [#4404] for an example of
+this.
+
+[^3]: https://github.com/open-telemetry/opentelemetry-go/issues/3548
+
 ## Approvers and Maintainers
 
-Approvers:
+### Approvers
 
 - [Evan Torrie](https://github.com/evantorrie), Verizon Media
-- [Josh MacDonald](https://github.com/jmacd), LightStep
 - [Sam Xie](https://github.com/XSAM), Cisco/AppDynamics
 - [David Ashpole](https://github.com/dashpole), Google
-- [Robert Pająk](https://github.com/pellared), Splunk
 - [Chester Cheung](https://github.com/hanyuancheung), Tencent
-- [Damien Mathieu](https://github.com/dmathieu), Auth0/Okta
+- [Damien Mathieu](https://github.com/dmathieu), Elastic
+- [Anthony Mirabella](https://github.com/Aneurysm9), AWS
 
-Maintainers:
+### Maintainers
 
 - [Aaron Clawson](https://github.com/MadVikingGod), LightStep
-- [Anthony Mirabella](https://github.com/Aneurysm9), AWS
+- [Robert Pająk](https://github.com/pellared), Splunk
 - [Tyler Yahn](https://github.com/MrAlias), Splunk
 
-Emeritus:
+### Emeritus
 
 - [Gustavo Silva Paiva](https://github.com/paivagustavo), LightStep
+- [Josh MacDonald](https://github.com/jmacd), LightStep
 
 ### Become an Approver or a Maintainer
 
 See the [community membership document in OpenTelemetry community
 repo](https://github.com/open-telemetry/community/blob/main/community-membership.md).
+
+[Approver]: #approvers
+[Maintainer]: #maintainers
+[gotmpl]: https://pkg.go.dev/go.opentelemetry.io/build-tools/gotmpl
+[#4404]: https://github.com/open-telemetry/opentelemetry-go/pull/4404
diff --git a/apis/vendor/go.opentelemetry.io/otel/Makefile b/apis/vendor/go.opentelemetry.io/otel/Makefile
index 18ffaa33a..35fc18996 100644
--- a/apis/vendor/go.opentelemetry.io/otel/Makefile
+++ b/apis/vendor/go.opentelemetry.io/otel/Makefile
@@ -17,7 +17,7 @@ TOOLS_MOD_DIR := ./internal/tools
 ALL_DOCS := $(shell find . -name '*.md' -type f | sort)
 ALL_GO_MOD_DIRS := $(shell find . -type f -name 'go.mod' -exec dirname {} \; | sort)
 OTEL_GO_MOD_DIRS := $(filter-out $(TOOLS_MOD_DIR), $(ALL_GO_MOD_DIRS))
-ALL_COVERAGE_MOD_DIRS := $(shell find . -type f -name 'go.mod' -exec dirname {} \; | egrep -v '^./example|^$(TOOLS_MOD_DIR)' | sort)
+ALL_COVERAGE_MOD_DIRS := $(shell find . -type f -name 'go.mod' -exec dirname {} \; | grep -E -v '^./example|^$(TOOLS_MOD_DIR)' | sort)
 
 GO = go
 TIMEOUT = 60
@@ -25,8 +25,8 @@ TIMEOUT = 60
 .DEFAULT_GOAL := precommit
 
 .PHONY: precommit ci
-precommit: dependabot-generate license-check vanity-import-fix misspell go-mod-tidy golangci-lint-fix test-default
-ci: dependabot-check license-check lint vanity-import-check build test-default check-clean-work-tree test-coverage
+precommit: generate dependabot-generate license-check misspell go-mod-tidy golangci-lint-fix test-default
+ci: generate dependabot-check license-check lint vanity-import-check build test-default check-clean-work-tree test-coverage
 
 # Tools
 
@@ -71,21 +71,78 @@ $(TOOLS)/porto: PACKAGE=github.com/jcchavezs/porto/cmd/porto
 GOJQ = $(TOOLS)/gojq
 $(TOOLS)/gojq: PACKAGE=github.com/itchyny/gojq/cmd/gojq
 
+GOTMPL = $(TOOLS)/gotmpl
+$(GOTMPL): PACKAGE=go.opentelemetry.io/build-tools/gotmpl
+
+GORELEASE = $(TOOLS)/gorelease
+$(GORELEASE): PACKAGE=golang.org/x/exp/cmd/gorelease
+
+GOVULNCHECK = $(TOOLS)/govulncheck
+$(TOOLS)/govulncheck: PACKAGE=golang.org/x/vuln/cmd/govulncheck
+
 .PHONY: tools
-tools: $(CROSSLINK) $(DBOTCONF) $(GOLANGCI_LINT) $(MISSPELL) $(GOCOVMERGE) $(STRINGER) $(PORTO) $(GOJQ) $(SEMCONVGEN) $(MULTIMOD) $(SEMCONVKIT)
+tools: $(CROSSLINK) $(DBOTCONF) $(GOLANGCI_LINT) $(MISSPELL) $(GOCOVMERGE) $(STRINGER) $(PORTO) $(GOJQ) $(SEMCONVGEN) $(MULTIMOD) $(SEMCONVKIT) $(GOTMPL) $(GORELEASE)
 
-# Build
+# Virtualized python tools via docker
+
+# The directory where the virtual environment is created.
+VENVDIR := venv
+
+# The directory where the python tools are installed.
+PYTOOLS := $(VENVDIR)/bin
+
+# The pip executable in the virtual environment.
+PIP := $(PYTOOLS)/pip
+
+# The directory in the docker image where the current directory is mounted.
+WORKDIR := /workdir
 
-.PHONY: generate build
+# The python image to use for the virtual environment.
+PYTHONIMAGE := python:3.11.3-slim-bullseye
 
-generate: $(OTEL_GO_MOD_DIRS:%=generate/%)
-generate/%: DIR=$*
-generate/%: | $(STRINGER) $(PORTO)
+# Run the python image with the current directory mounted.
+DOCKERPY := docker run --rm -v "$(CURDIR):$(WORKDIR)" -w $(WORKDIR) $(PYTHONIMAGE)
+
+# Create a virtual environment for Python tools.
+$(PYTOOLS):
+# The `--upgrade` flag is needed to ensure that the virtual environment is
+# created with the latest pip version.
+	@$(DOCKERPY) bash -c "python3 -m venv $(VENVDIR) && $(PIP) install --upgrade pip"
+
+# Install python packages into the virtual environment.
+$(PYTOOLS)/%: | $(PYTOOLS)
+	@$(DOCKERPY) $(PIP) install -r requirements.txt
+
+CODESPELL = $(PYTOOLS)/codespell
+$(CODESPELL): PACKAGE=codespell
+
+# Generate
+
+.PHONY: generate
+generate: go-generate vanity-import-fix
+
+.PHONY: go-generate
+go-generate: $(OTEL_GO_MOD_DIRS:%=go-generate/%)
+go-generate/%: DIR=$*
+go-generate/%: | $(STRINGER) $(GOTMPL)
 	@echo "$(GO) generate $(DIR)/..." \
 		&& cd $(DIR) \
-		&& PATH="$(TOOLS):$${PATH}" $(GO) generate ./... && $(PORTO) -w .
+		&& PATH="$(TOOLS):$${PATH}" $(GO) generate ./...
+
+.PHONY: vanity-import-fix
+vanity-import-fix: | $(PORTO)
+	@$(PORTO) --include-internal -w .
+
+# Generate go.work file for local development.
+.PHONY: go-work
+go-work: | $(CROSSLINK)
+	$(CROSSLINK) work --root=$(shell pwd)
+
+# Build
+
+.PHONY: build
 
-build: generate $(OTEL_GO_MOD_DIRS:%=build/%) $(OTEL_GO_MOD_DIRS:%=build-tests/%)
+build: $(OTEL_GO_MOD_DIRS:%=build/%) $(OTEL_GO_MOD_DIRS:%=build-tests/%)
 build/%: DIR=$*
 build/%:
 	@echo "$(GO) build $(DIR)/..." \
@@ -135,6 +192,18 @@ test-coverage: | $(GOCOVMERGE)
 	done; \
 	$(GOCOVMERGE) $$(find . -name coverage.out) > coverage.txt
 
+# Adding a directory will include all benchmarks in that direcotry if a filter is not specified.
+BENCHMARK_TARGETS := sdk/trace
+.PHONY: benchmark
+benchmark: $(BENCHMARK_TARGETS:%=benchmark/%)
+BENCHMARK_FILTER = .
+# You can override the filter for a particular directory by adding a rule here.
+benchmark/sdk/trace: BENCHMARK_FILTER = SpanWithAttributes_8/AlwaysSample
+benchmark/%:
+	@echo "$(GO) test -timeout $(TIMEOUT)s -run=xxxxxMatchNothingxxxxx -bench=$(BENCHMARK_FILTER) $*..." \
+		&& cd $* \
+		$(foreach filter, $(BENCHMARK_FILTER), && $(GO) test -timeout $(TIMEOUT)s -run=xxxxxMatchNothingxxxxx -bench=$(filter))
+
 .PHONY: golangci-lint golangci-lint-fix
 golangci-lint-fix: ARGS=--fix
 golangci-lint-fix: golangci-lint
@@ -156,30 +225,38 @@ go-mod-tidy/%: DIR=$*
 go-mod-tidy/%: | crosslink
 	@echo "$(GO) mod tidy in $(DIR)" \
 		&& cd $(DIR) \
-		&& $(GO) mod tidy -compat=1.17
+		&& $(GO) mod tidy -compat=1.20
 
 .PHONY: lint-modules
 lint-modules: go-mod-tidy
 
 .PHONY: lint
-lint: misspell lint-modules golangci-lint
+lint: misspell lint-modules golangci-lint govulncheck
 
 .PHONY: vanity-import-check
 vanity-import-check: | $(PORTO)
-	@$(PORTO) --include-internal -l . || echo "(run: make vanity-import-fix)"
-
-.PHONY: vanity-import-fix
-vanity-import-fix: | $(PORTO)
-	@$(PORTO) --include-internal -w .
+	@$(PORTO) --include-internal -l . || ( echo "(run: make vanity-import-fix)"; exit 1 )
 
 .PHONY: misspell
 misspell: | $(MISSPELL)
 	@$(MISSPELL) -w $(ALL_DOCS)
 
+.PHONY: govulncheck
+govulncheck: $(OTEL_GO_MOD_DIRS:%=govulncheck/%)
+govulncheck/%: DIR=$*
+govulncheck/%: | $(GOVULNCHECK)
+	@echo "govulncheck ./... in $(DIR)" \
+		&& cd $(DIR) \
+		&& $(GOVULNCHECK) ./...
+
+.PHONY: codespell
+codespell: | $(CODESPELL)
+	@$(DOCKERPY) $(CODESPELL)
+
 .PHONY: license-check
 license-check:
 	@licRes=$$(for f in $$(find . -type f \( -iname '*.go' -o -iname '*.sh' \) ! -path '**/third_party/*' ! -path './.git/*' ) ; do \
-	           awk '/Copyright The OpenTelemetry Authors|generated|GENERATED/ && NR<=3 { found=1; next } END { if (!found) print FILENAME }' $$f; \
+	           awk '/Copyright The OpenTelemetry Authors|generated|GENERATED/ && NR<=4 { found=1; next } END { if (!found) print FILENAME }' $$f; \
 	   done); \
 	   if [ -n "$${licRes}" ]; then \
 	           echo "license header checking failed:"; echo "$${licRes}"; \
@@ -189,7 +266,7 @@ license-check:
 DEPENDABOT_CONFIG = .github/dependabot.yml
 .PHONY: dependabot-check
 dependabot-check: | $(DBOTCONF)
-	@$(DBOTCONF) verify $(DEPENDABOT_CONFIG) || echo "(run: make dependabot-generate)"
+	@$(DBOTCONF) verify $(DEPENDABOT_CONFIG) || ( echo "(run: make dependabot-generate)"; exit 1 )
 
 .PHONY: dependabot-generate
 dependabot-generate: | $(DBOTCONF)
@@ -208,11 +285,22 @@ check-clean-work-tree:
 SEMCONVPKG ?= "semconv/"
 .PHONY: semconv-generate
 semconv-generate: | $(SEMCONVGEN) $(SEMCONVKIT)
-	@[ "$(TAG)" ] || ( echo "TAG unset: missing opentelemetry specification tag"; exit 1 )
-	@[ "$(OTEL_SPEC_REPO)" ] || ( echo "OTEL_SPEC_REPO unset: missing path to opentelemetry specification repo"; exit 1 )
-	@$(SEMCONVGEN) -i "$(OTEL_SPEC_REPO)/semantic_conventions/trace" -t "$(SEMCONVPKG)/template.j2" -s "$(TAG)"
-	@$(SEMCONVGEN) -i "$(OTEL_SPEC_REPO)/semantic_conventions/resource" -t "$(SEMCONVPKG)/template.j2" -s "$(TAG)"
-	@$(SEMCONVKIT) -output "$(SEMCONVPKG)/$(TAG)" -tag "$(TAG)"
+	[ "$(TAG)" ] || ( echo "TAG unset: missing opentelemetry semantic-conventions tag"; exit 1 )
+	[ "$(OTEL_SEMCONV_REPO)" ] || ( echo "OTEL_SEMCONV_REPO unset: missing path to opentelemetry semantic-conventions repo"; exit 1 )
+	$(SEMCONVGEN) -i "$(OTEL_SEMCONV_REPO)/model/." --only=span -p conventionType=trace -f trace.go -t "$(SEMCONVPKG)/template.j2" -s "$(TAG)"
+	$(SEMCONVGEN) -i "$(OTEL_SEMCONV_REPO)/model/." --only=attribute_group -p conventionType=trace -f attribute_group.go -t "$(SEMCONVPKG)/template.j2" -s "$(TAG)"
+	$(SEMCONVGEN) -i "$(OTEL_SEMCONV_REPO)/model/." --only=event -p conventionType=event -f event.go -t "$(SEMCONVPKG)/template.j2" -s "$(TAG)"
+	$(SEMCONVGEN) -i "$(OTEL_SEMCONV_REPO)/model/." --only=resource -p conventionType=resource -f resource.go -t "$(SEMCONVPKG)/template.j2" -s "$(TAG)"
+	$(SEMCONVKIT) -output "$(SEMCONVPKG)/$(TAG)" -tag "$(TAG)"
+
+.PHONY: gorelease
+gorelease: $(OTEL_GO_MOD_DIRS:%=gorelease/%)
+gorelease/%: DIR=$*
+gorelease/%:| $(GORELEASE)
+	@echo "gorelease in $(DIR):" \
+		&& cd $(DIR) \
+		&& $(GORELEASE) \
+		|| echo ""
 
 .PHONY: prerelease
 prerelease: | $(MULTIMOD)
@@ -224,3 +312,7 @@ COMMIT ?= "HEAD"
 add-tags: | $(MULTIMOD)
 	@[ "${MODSET}" ] || ( echo ">> env var MODSET is not set"; exit 1 )
 	$(MULTIMOD) verify && $(MULTIMOD) tag -m ${MODSET} -c ${COMMIT}
+
+.PHONY: lint-markdown
+lint-markdown: 
+	docker run -v "$(CURDIR):$(WORKDIR)" docker://avtodev/markdown-lint:v1 -c $(WORKDIR)/.markdownlint.yaml $(WORKDIR)/**/*.md
diff --git a/apis/vendor/go.opentelemetry.io/otel/README.md b/apis/vendor/go.opentelemetry.io/otel/README.md
index 4aeecb8bf..2c5b0cc28 100644
--- a/apis/vendor/go.opentelemetry.io/otel/README.md
+++ b/apis/vendor/go.opentelemetry.io/otel/README.md
@@ -11,22 +11,22 @@ It provides a set of APIs to directly measure performance and behavior of your s
 
 ## Project Status
 
-| Signal  | Status     | Project |
-| ------- | ---------- | ------- |
-| Traces  | Stable     | N/A     |
-| Metrics | Alpha      | N/A     |
-| Logs    | Frozen [1] | N/A     |
+| Signal  | Status     |
+|---------|------------|
+| Traces  | Stable     |
+| Metrics | Stable     |
+| Logs    | Design [1] |
 
-- [1]: The Logs signal development is halted for this project while we develop both Traces and Metrics.
+- [1]: Currently the logs signal development is in a design phase ([#4696](https://github.com/open-telemetry/opentelemetry-go/issues/4696)).
    No Logs Pull Requests are currently being accepted.
 
-Progress and status specific to this repository is tracked in our local
+Progress and status specific to this repository is tracked in our
 [project boards](https://github.com/open-telemetry/opentelemetry-go/projects)
 and
 [milestones](https://github.com/open-telemetry/opentelemetry-go/milestones).
 
 Project versioning information and stability guarantees can be found in the
-[versioning documentation](./VERSIONING.md).
+[versioning documentation](VERSIONING.md).
 
 ### Compatibility
 
@@ -49,22 +49,17 @@ stop ensuring compatibility with these versions in the following manner:
 Currently, this project supports the following environments.
 
 | OS      | Go Version | Architecture |
-| ------- | ---------- | ------------ |
-| Ubuntu  | 1.19       | amd64        |
-| Ubuntu  | 1.18       | amd64        |
-| Ubuntu  | 1.17       | amd64        |
-| Ubuntu  | 1.19       | 386          |
-| Ubuntu  | 1.18       | 386          |
-| Ubuntu  | 1.17       | 386          |
-| MacOS   | 1.19       | amd64        |
-| MacOS   | 1.18       | amd64        |
-| MacOS   | 1.17       | amd64        |
-| Windows | 1.19       | amd64        |
-| Windows | 1.18       | amd64        |
-| Windows | 1.17       | amd64        |
-| Windows | 1.19       | 386          |
-| Windows | 1.18       | 386          |
-| Windows | 1.17       | 386          |
+|---------|------------|--------------|
+| Ubuntu  | 1.21       | amd64        |
+| Ubuntu  | 1.20       | amd64        |
+| Ubuntu  | 1.21       | 386          |
+| Ubuntu  | 1.20       | 386          |
+| MacOS   | 1.21       | amd64        |
+| MacOS   | 1.20       | amd64        |
+| Windows | 1.21       | amd64        |
+| Windows | 1.20       | amd64        |
+| Windows | 1.21       | 386          |
+| Windows | 1.20       | 386          |
 
 While this project should work for other systems, no compatibility guarantees
 are made for those systems currently.
@@ -102,12 +97,11 @@ export pipeline to send that telemetry to an observability platform.
 All officially supported exporters for the OpenTelemetry project are contained in the [exporters directory](./exporters).
 
 | Exporter                              | Metrics | Traces |
-| :-----------------------------------: | :-----: | :----: |
-| [Jaeger](./exporters/jaeger/)         |         | ✓      |
-| [OTLP](./exporters/otlp/)             | ✓       | ✓      |
-| [Prometheus](./exporters/prometheus/) | ✓       |        |
-| [stdout](./exporters/stdout/)         | ✓       | ✓      |
-| [Zipkin](./exporters/zipkin/)         |         | ✓      |
+|---------------------------------------|:-------:|:------:|
+| [OTLP](./exporters/otlp/)             |    ✓    |   ✓    |
+| [Prometheus](./exporters/prometheus/) |    ✓    |        |
+| [stdout](./exporters/stdout/)         |    ✓    |   ✓    |
+| [Zipkin](./exporters/zipkin/)         |         |   ✓    |
 
 ## Contributing
 
diff --git a/apis/vendor/go.opentelemetry.io/otel/RELEASING.md b/apis/vendor/go.opentelemetry.io/otel/RELEASING.md
index 71e576254..82ce3ee46 100644
--- a/apis/vendor/go.opentelemetry.io/otel/RELEASING.md
+++ b/apis/vendor/go.opentelemetry.io/otel/RELEASING.md
@@ -2,24 +2,31 @@
 
 ## Semantic Convention Generation
 
-New versions of the [OpenTelemetry specification] mean new versions of the `semconv` package need to be generated.
+New versions of the [OpenTelemetry Semantic Conventions] mean new versions of the `semconv` package need to be generated.
 The `semconv-generate` make target is used for this.
 
-1. Checkout a local copy of the [OpenTelemetry specification] to the desired release tag.
-2. Run the `make semconv-generate ...` target from this repository.
+1. Checkout a local copy of the [OpenTelemetry Semantic Conventions] to the desired release tag.
+2. Pull the latest `otel/semconvgen` image: `docker pull otel/semconvgen:latest`
+3. Run the `make semconv-generate ...` target from this repository.
 
 For example,
 
 ```sh
-export TAG="v1.7.0" # Change to the release version you are generating.
-export OTEL_SPEC_REPO="/absolute/path/to/opentelemetry-specification"
-git -C "$OTEL_SPEC_REPO" checkout "tags/$TAG"
-make semconv-generate # Uses the exported TAG and OTEL_SPEC_REPO.
+export TAG="v1.21.0" # Change to the release version you are generating.
+export OTEL_SEMCONV_REPO="/absolute/path/to/opentelemetry/semantic-conventions"
+docker pull otel/semconvgen:latest
+make semconv-generate # Uses the exported TAG and OTEL_SEMCONV_REPO.
 ```
 
 This should create a new sub-package of [`semconv`](./semconv).
 Ensure things look correct before submitting a pull request to include the addition.
 
+## Breaking changes validation
+
+You can run `make gorelease` that runs [gorelease](https://pkg.go.dev/golang.org/x/exp/cmd/gorelease) to ensure that there are no unwanted changes done in the public API.
+
+You can check/report problems with `gorelease` [here](https://golang.org/issues/26420).
+
 ## Pre-Release
 
 First, decide which module sets will be released and update their versions
@@ -116,7 +123,17 @@ Once verified be sure to [make a release for the `contrib` repository](https://g
 
 ### Website Documentation
 
-Update [the documentation](./website_docs) for [the OpenTelemetry website](https://opentelemetry.io/docs/go/).
+Update the [Go instrumentation documentation] in the OpenTelemetry website under [content/en/docs/instrumentation/go].
 Importantly, bump any package versions referenced to be the latest one you just released and ensure all code examples still compile and are accurate.
 
-[OpenTelemetry specification]: https://github.com/open-telemetry/opentelemetry-specification
+[OpenTelemetry Semantic Conventions]: https://github.com/open-telemetry/semantic-conventions
+[Go instrumentation documentation]: https://opentelemetry.io/docs/instrumentation/go/
+[content/en/docs/instrumentation/go]: https://github.com/open-telemetry/opentelemetry.io/tree/main/content/en/docs/instrumentation/go
+
+### Demo Repository
+
+Bump the dependencies in the following Go services:
+
+- [`accountingservice`](https://github.com/open-telemetry/opentelemetry-demo/tree/main/src/accountingservice)
+- [`checkoutservice`](https://github.com/open-telemetry/opentelemetry-demo/tree/main/src/checkoutservice)
+- [`productcatalogservice`](https://github.com/open-telemetry/opentelemetry-demo/tree/main/src/productcatalogservice)
diff --git a/apis/vendor/go.opentelemetry.io/otel/attribute/filter.go b/apis/vendor/go.opentelemetry.io/otel/attribute/filter.go
new file mode 100644
index 000000000..638c213d5
--- /dev/null
+++ b/apis/vendor/go.opentelemetry.io/otel/attribute/filter.go
@@ -0,0 +1,60 @@
+// Copyright The OpenTelemetry Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package attribute // import "go.opentelemetry.io/otel/attribute"
+
+// Filter supports removing certain attributes from attribute sets. When
+// the filter returns true, the attribute will be kept in the filtered
+// attribute set. When the filter returns false, the attribute is excluded
+// from the filtered attribute set, and the attribute instead appears in
+// the removed list of excluded attributes.
+type Filter func(KeyValue) bool
+
+// NewAllowKeysFilter returns a Filter that only allows attributes with one of
+// the provided keys.
+//
+// If keys is empty a deny-all filter is returned.
+func NewAllowKeysFilter(keys ...Key) Filter {
+	if len(keys) <= 0 {
+		return func(kv KeyValue) bool { return false }
+	}
+
+	allowed := make(map[Key]struct{})
+	for _, k := range keys {
+		allowed[k] = struct{}{}
+	}
+	return func(kv KeyValue) bool {
+		_, ok := allowed[kv.Key]
+		return ok
+	}
+}
+
+// NewDenyKeysFilter returns a Filter that only allows attributes
+// that do not have one of the provided keys.
+//
+// If keys is empty an allow-all filter is returned.
+func NewDenyKeysFilter(keys ...Key) Filter {
+	if len(keys) <= 0 {
+		return func(kv KeyValue) bool { return true }
+	}
+
+	forbid := make(map[Key]struct{})
+	for _, k := range keys {
+		forbid[k] = struct{}{}
+	}
+	return func(kv KeyValue) bool {
+		_, ok := forbid[kv.Key]
+		return !ok
+	}
+}
diff --git a/apis/vendor/go.opentelemetry.io/otel/attribute/set.go b/apis/vendor/go.opentelemetry.io/otel/attribute/set.go
index 26be59832..9f9303d4f 100644
--- a/apis/vendor/go.opentelemetry.io/otel/attribute/set.go
+++ b/apis/vendor/go.opentelemetry.io/otel/attribute/set.go
@@ -18,6 +18,7 @@ import (
 	"encoding/json"
 	"reflect"
 	"sort"
+	"sync"
 )
 
 type (
@@ -38,13 +39,6 @@ type (
 		iface interface{}
 	}
 
-	// Filter supports removing certain attributes from attribute sets. When
-	// the filter returns true, the attribute will be kept in the filtered
-	// attribute set. When the filter returns false, the attribute is excluded
-	// from the filtered attribute set, and the attribute instead appears in
-	// the removed list of excluded attributes.
-	Filter func(KeyValue) bool
-
 	// Sortable implements sort.Interface, used for sorting KeyValue. This is
 	// an exported type to support a memory optimization. A pointer to one of
 	// these is needed for the call to sort.Stable(), which the caller may
@@ -62,6 +56,12 @@ var (
 			iface: [0]KeyValue{},
 		},
 	}
+
+	// sortables is a pool of Sortables used to create Sets with a user does
+	// not provide one.
+	sortables = sync.Pool{
+		New: func() interface{} { return new(Sortable) },
+	}
 )
 
 // EmptySet returns a reference to a Set with no elements.
@@ -91,7 +91,7 @@ func (l *Set) Len() int {
 
 // Get returns the KeyValue at ordered position idx in this set.
 func (l *Set) Get(idx int) (KeyValue, bool) {
-	if l == nil {
+	if l == nil || !l.equivalent.Valid() {
 		return KeyValue{}, false
 	}
 	value := l.equivalent.reflectValue()
@@ -107,7 +107,7 @@ func (l *Set) Get(idx int) (KeyValue, bool) {
 
 // Value returns the value of a specified key in this set.
 func (l *Set) Value(k Key) (Value, bool) {
-	if l == nil {
+	if l == nil || !l.equivalent.Valid() {
 		return Value{}, false
 	}
 	rValue := l.equivalent.reflectValue()
@@ -191,7 +191,9 @@ func NewSet(kvs ...KeyValue) Set {
 	if len(kvs) == 0 {
 		return empty()
 	}
-	s, _ := NewSetWithSortableFiltered(kvs, new(Sortable), nil)
+	srt := sortables.Get().(*Sortable)
+	s, _ := NewSetWithSortableFiltered(kvs, srt, nil)
+	sortables.Put(srt)
 	return s
 }
 
@@ -218,7 +220,10 @@ func NewSetWithFiltered(kvs []KeyValue, filter Filter) (Set, []KeyValue) {
 	if len(kvs) == 0 {
 		return empty(), nil
 	}
-	return NewSetWithSortableFiltered(kvs, new(Sortable), filter)
+	srt := sortables.Get().(*Sortable)
+	s, filtered := NewSetWithSortableFiltered(kvs, srt, filter)
+	sortables.Put(srt)
+	return s, filtered
 }
 
 // NewSetWithSortableFiltered returns a new Set.
diff --git a/apis/vendor/go.opentelemetry.io/otel/attribute/value.go b/apis/vendor/go.opentelemetry.io/otel/attribute/value.go
index 57899f682..cb21dd5c0 100644
--- a/apis/vendor/go.opentelemetry.io/otel/attribute/value.go
+++ b/apis/vendor/go.opentelemetry.io/otel/attribute/value.go
@@ -17,9 +17,11 @@ package attribute // import "go.opentelemetry.io/otel/attribute"
 import (
 	"encoding/json"
 	"fmt"
+	"reflect"
 	"strconv"
 
 	"go.opentelemetry.io/otel/internal"
+	"go.opentelemetry.io/otel/internal/attribute"
 )
 
 //go:generate stringer -type=Type
@@ -66,12 +68,7 @@ func BoolValue(v bool) Value {
 
 // BoolSliceValue creates a BOOLSLICE Value.
 func BoolSliceValue(v []bool) Value {
-	cp := make([]bool, len(v))
-	copy(cp, v)
-	return Value{
-		vtype: BOOLSLICE,
-		slice: &cp,
-	}
+	return Value{vtype: BOOLSLICE, slice: attribute.BoolSliceValue(v)}
 }
 
 // IntValue creates an INT64 Value.
@@ -81,13 +78,14 @@ func IntValue(v int) Value {
 
 // IntSliceValue creates an INTSLICE Value.
 func IntSliceValue(v []int) Value {
-	cp := make([]int64, 0, len(v))
-	for _, i := range v {
-		cp = append(cp, int64(i))
+	var int64Val int64
+	cp := reflect.New(reflect.ArrayOf(len(v), reflect.TypeOf(int64Val)))
+	for i, val := range v {
+		cp.Elem().Index(i).SetInt(int64(val))
 	}
 	return Value{
 		vtype: INT64SLICE,
-		slice: &cp,
+		slice: cp.Elem().Interface(),
 	}
 }
 
@@ -101,12 +99,7 @@ func Int64Value(v int64) Value {
 
 // Int64SliceValue creates an INT64SLICE Value.
 func Int64SliceValue(v []int64) Value {
-	cp := make([]int64, len(v))
-	copy(cp, v)
-	return Value{
-		vtype: INT64SLICE,
-		slice: &cp,
-	}
+	return Value{vtype: INT64SLICE, slice: attribute.Int64SliceValue(v)}
 }
 
 // Float64Value creates a FLOAT64 Value.
@@ -119,12 +112,7 @@ func Float64Value(v float64) Value {
 
 // Float64SliceValue creates a FLOAT64SLICE Value.
 func Float64SliceValue(v []float64) Value {
-	cp := make([]float64, len(v))
-	copy(cp, v)
-	return Value{
-		vtype: FLOAT64SLICE,
-		slice: &cp,
-	}
+	return Value{vtype: FLOAT64SLICE, slice: attribute.Float64SliceValue(v)}
 }
 
 // StringValue creates a STRING Value.
@@ -137,12 +125,7 @@ func StringValue(v string) Value {
 
 // StringSliceValue creates a STRINGSLICE Value.
 func StringSliceValue(v []string) Value {
-	cp := make([]string, len(v))
-	copy(cp, v)
-	return Value{
-		vtype: STRINGSLICE,
-		slice: &cp,
-	}
+	return Value{vtype: STRINGSLICE, slice: attribute.StringSliceValue(v)}
 }
 
 // Type returns a type of the Value.
@@ -159,10 +142,14 @@ func (v Value) AsBool() bool {
 // AsBoolSlice returns the []bool value. Make sure that the Value's type is
 // BOOLSLICE.
 func (v Value) AsBoolSlice() []bool {
-	if s, ok := v.slice.(*[]bool); ok {
-		return *s
+	if v.vtype != BOOLSLICE {
+		return nil
 	}
-	return nil
+	return v.asBoolSlice()
+}
+
+func (v Value) asBoolSlice() []bool {
+	return attribute.AsBoolSlice(v.slice)
 }
 
 // AsInt64 returns the int64 value. Make sure that the Value's type is
@@ -174,10 +161,14 @@ func (v Value) AsInt64() int64 {
 // AsInt64Slice returns the []int64 value. Make sure that the Value's type is
 // INT64SLICE.
 func (v Value) AsInt64Slice() []int64 {
-	if s, ok := v.slice.(*[]int64); ok {
-		return *s
+	if v.vtype != INT64SLICE {
+		return nil
 	}
-	return nil
+	return v.asInt64Slice()
+}
+
+func (v Value) asInt64Slice() []int64 {
+	return attribute.AsInt64Slice(v.slice)
 }
 
 // AsFloat64 returns the float64 value. Make sure that the Value's
@@ -189,10 +180,14 @@ func (v Value) AsFloat64() float64 {
 // AsFloat64Slice returns the []float64 value. Make sure that the Value's type is
 // FLOAT64SLICE.
 func (v Value) AsFloat64Slice() []float64 {
-	if s, ok := v.slice.(*[]float64); ok {
-		return *s
+	if v.vtype != FLOAT64SLICE {
+		return nil
 	}
-	return nil
+	return v.asFloat64Slice()
+}
+
+func (v Value) asFloat64Slice() []float64 {
+	return attribute.AsFloat64Slice(v.slice)
 }
 
 // AsString returns the string value. Make sure that the Value's type
@@ -204,10 +199,14 @@ func (v Value) AsString() string {
 // AsStringSlice returns the []string value. Make sure that the Value's type is
 // STRINGSLICE.
 func (v Value) AsStringSlice() []string {
-	if s, ok := v.slice.(*[]string); ok {
-		return *s
+	if v.vtype != STRINGSLICE {
+		return nil
 	}
-	return nil
+	return v.asStringSlice()
+}
+
+func (v Value) asStringSlice() []string {
+	return attribute.AsStringSlice(v.slice)
 }
 
 type unknownValueType struct{}
@@ -218,19 +217,19 @@ func (v Value) AsInterface() interface{} {
 	case BOOL:
 		return v.AsBool()
 	case BOOLSLICE:
-		return v.AsBoolSlice()
+		return v.asBoolSlice()
 	case INT64:
 		return v.AsInt64()
 	case INT64SLICE:
-		return v.AsInt64Slice()
+		return v.asInt64Slice()
 	case FLOAT64:
 		return v.AsFloat64()
 	case FLOAT64SLICE:
-		return v.AsFloat64Slice()
+		return v.asFloat64Slice()
 	case STRING:
 		return v.stringly
 	case STRINGSLICE:
-		return v.AsStringSlice()
+		return v.asStringSlice()
 	}
 	return unknownValueType{}
 }
@@ -239,19 +238,19 @@ func (v Value) AsInterface() interface{} {
 func (v Value) Emit() string {
 	switch v.Type() {
 	case BOOLSLICE:
-		return fmt.Sprint(*(v.slice.(*[]bool)))
+		return fmt.Sprint(v.asBoolSlice())
 	case BOOL:
 		return strconv.FormatBool(v.AsBool())
 	case INT64SLICE:
-		return fmt.Sprint(*(v.slice.(*[]int64)))
+		return fmt.Sprint(v.asInt64Slice())
 	case INT64:
 		return strconv.FormatInt(v.AsInt64(), 10)
 	case FLOAT64SLICE:
-		return fmt.Sprint(*(v.slice.(*[]float64)))
+		return fmt.Sprint(v.asFloat64Slice())
 	case FLOAT64:
 		return fmt.Sprint(v.AsFloat64())
 	case STRINGSLICE:
-		return fmt.Sprint(*(v.slice.(*[]string)))
+		return fmt.Sprint(v.asStringSlice())
 	case STRING:
 		return v.stringly
 	default:
diff --git a/apis/vendor/go.opentelemetry.io/otel/baggage/baggage.go b/apis/vendor/go.opentelemetry.io/otel/baggage/baggage.go
index eba180e04..84532cb1d 100644
--- a/apis/vendor/go.opentelemetry.io/otel/baggage/baggage.go
+++ b/apis/vendor/go.opentelemetry.io/otel/baggage/baggage.go
@@ -61,11 +61,6 @@ type Property struct {
 	// hasValue indicates if a zero-value value means the property does not
 	// have a value or if it was the zero-value.
 	hasValue bool
-
-	// hasData indicates whether the created property contains data or not.
-	// Properties that do not contain data are invalid with no other check
-	// required.
-	hasData bool
 }
 
 // NewKeyProperty returns a new Property for key.
@@ -76,7 +71,7 @@ func NewKeyProperty(key string) (Property, error) {
 		return newInvalidProperty(), fmt.Errorf("%w: %q", errInvalidKey, key)
 	}
 
-	p := Property{key: key, hasData: true}
+	p := Property{key: key}
 	return p, nil
 }
 
@@ -95,7 +90,6 @@ func NewKeyValueProperty(key, value string) (Property, error) {
 		key:      key,
 		value:    value,
 		hasValue: true,
-		hasData:  true,
 	}
 	return p, nil
 }
@@ -117,7 +111,7 @@ func parseProperty(property string) (Property, error) {
 		return newInvalidProperty(), fmt.Errorf("%w: %q", errInvalidProperty, property)
 	}
 
-	p := Property{hasData: true}
+	var p Property
 	if match[1] != "" {
 		p.key = match[1]
 	} else {
@@ -136,10 +130,6 @@ func (p Property) validate() error {
 		return fmt.Errorf("invalid property: %w", err)
 	}
 
-	if !p.hasData {
-		return errFunc(fmt.Errorf("%w: %q", errInvalidProperty, p))
-	}
-
 	if !keyRe.MatchString(p.key) {
 		return errFunc(fmt.Errorf("%w: %q", errInvalidKey, p.key))
 	}
@@ -250,8 +240,9 @@ type Member struct {
 	hasData bool
 }
 
-// NewMember returns a new Member from the passed arguments. An error is
-// returned if the created Member would be invalid according to the W3C
+// NewMember returns a new Member from the passed arguments. The key will be
+// used directly while the value will be url decoded after validation. An error
+// is returned if the created Member would be invalid according to the W3C
 // Baggage specification.
 func NewMember(key, value string, props ...Property) (Member, error) {
 	m := Member{
@@ -263,7 +254,11 @@ func NewMember(key, value string, props ...Property) (Member, error) {
 	if err := m.validate(); err != nil {
 		return newInvalidMember(), err
 	}
-
+	decodedValue, err := url.PathUnescape(value)
+	if err != nil {
+		return newInvalidMember(), fmt.Errorf("%w: %q", errInvalidValue, value)
+	}
+	m.value = decodedValue
 	return m, nil
 }
 
@@ -284,52 +279,45 @@ func parseMember(member string) (Member, error) {
 		props      properties
 	)
 
-	parts := strings.SplitN(member, propertyDelimiter, 2)
-	switch len(parts) {
-	case 2:
+	keyValue, properties, found := strings.Cut(member, propertyDelimiter)
+	if found {
 		// Parse the member properties.
-		for _, pStr := range strings.Split(parts[1], propertyDelimiter) {
+		for _, pStr := range strings.Split(properties, propertyDelimiter) {
 			p, err := parseProperty(pStr)
 			if err != nil {
 				return newInvalidMember(), err
 			}
 			props = append(props, p)
 		}
-		fallthrough
-	case 1:
-		// Parse the member key/value pair.
-
-		// Take into account a value can contain equal signs (=).
-		kv := strings.SplitN(parts[0], keyValueDelimiter, 2)
-		if len(kv) != 2 {
-			return newInvalidMember(), fmt.Errorf("%w: %q", errInvalidMember, member)
-		}
-		// "Leading and trailing whitespaces are allowed but MUST be trimmed
-		// when converting the header into a data structure."
-		key = strings.TrimSpace(kv[0])
-		var err error
-		value, err = url.QueryUnescape(strings.TrimSpace(kv[1]))
-		if err != nil {
-			return newInvalidMember(), fmt.Errorf("%w: %q", err, value)
-		}
-		if !keyRe.MatchString(key) {
-			return newInvalidMember(), fmt.Errorf("%w: %q", errInvalidKey, key)
-		}
-		if !valueRe.MatchString(value) {
-			return newInvalidMember(), fmt.Errorf("%w: %q", errInvalidValue, value)
-		}
-	default:
-		// This should never happen unless a developer has changed the string
-		// splitting somehow. Panic instead of failing silently and allowing
-		// the bug to slip past the CI checks.
-		panic("failed to parse baggage member")
+	}
+	// Parse the member key/value pair.
+
+	// Take into account a value can contain equal signs (=).
+	k, v, found := strings.Cut(keyValue, keyValueDelimiter)
+	if !found {
+		return newInvalidMember(), fmt.Errorf("%w: %q", errInvalidMember, member)
+	}
+	// "Leading and trailing whitespaces are allowed but MUST be trimmed
+	// when converting the header into a data structure."
+	key = strings.TrimSpace(k)
+	var err error
+	value, err = url.PathUnescape(strings.TrimSpace(v))
+	if err != nil {
+		return newInvalidMember(), fmt.Errorf("%w: %q", err, value)
+	}
+	if !keyRe.MatchString(key) {
+		return newInvalidMember(), fmt.Errorf("%w: %q", errInvalidKey, key)
+	}
+	if !valueRe.MatchString(value) {
+		return newInvalidMember(), fmt.Errorf("%w: %q", errInvalidValue, value)
 	}
 
 	return Member{key: key, value: value, properties: props, hasData: true}, nil
 }
 
-// validate ensures m conforms to the W3C Baggage specification, returning an
-// error otherwise.
+// validate ensures m conforms to the W3C Baggage specification.
+// A key is just an ASCII string, but a value must be URL encoded UTF-8,
+// returning an error otherwise.
 func (m Member) validate() error {
 	if !m.hasData {
 		return fmt.Errorf("%w: %q", errInvalidMember, m)
@@ -465,6 +453,7 @@ func (b Baggage) Member(key string) Member {
 		key:        key,
 		value:      v.Value,
 		properties: fromInternalProperties(v.Properties),
+		hasData:    true,
 	}
 }
 
@@ -484,6 +473,7 @@ func (b Baggage) Members() []Member {
 			key:        k,
 			value:      v.Value,
 			properties: fromInternalProperties(v.Properties),
+			hasData:    true,
 		})
 	}
 	return members
diff --git a/apis/vendor/go.opentelemetry.io/otel/codes/codes.go b/apis/vendor/go.opentelemetry.io/otel/codes/codes.go
index 064a9279f..587ebae4e 100644
--- a/apis/vendor/go.opentelemetry.io/otel/codes/codes.go
+++ b/apis/vendor/go.opentelemetry.io/otel/codes/codes.go
@@ -23,10 +23,20 @@ import (
 const (
 	// Unset is the default status code.
 	Unset Code = 0
+
 	// Error indicates the operation contains an error.
+	//
+	// NOTE: The error code in OTLP is 2.
+	// The value of this enum is only relevant to the internals
+	// of the Go SDK.
 	Error Code = 1
+
 	// Ok indicates operation has been validated by an Application developers
 	// or Operator to have completed successfully, or contain no error.
+	//
+	// NOTE: The Ok code in OTLP is 1.
+	// The value of this enum is only relevant to the internals
+	// of the Go SDK.
 	Ok Code = 2
 
 	maxCode = 3
diff --git a/apis/vendor/go.opentelemetry.io/otel/codes/doc.go b/apis/vendor/go.opentelemetry.io/otel/codes/doc.go
index df3e0f1b6..4e328fbb4 100644
--- a/apis/vendor/go.opentelemetry.io/otel/codes/doc.go
+++ b/apis/vendor/go.opentelemetry.io/otel/codes/doc.go
@@ -16,6 +16,6 @@
 Package codes defines the canonical error codes used by OpenTelemetry.
 
 It conforms to [the OpenTelemetry
-specification](https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/trace/api.md#statuscanonicalcode).
+specification](https://github.com/open-telemetry/opentelemetry-specification/blob/v1.20.0/specification/trace/api.md#set-status).
 */
 package codes // import "go.opentelemetry.io/otel/codes"
diff --git a/apis/vendor/go.opentelemetry.io/otel/exporters/otlp/internal/config.go b/apis/vendor/go.opentelemetry.io/otel/exporters/otlp/internal/config.go
deleted file mode 100644
index b3fd45d9d..000000000
--- a/apis/vendor/go.opentelemetry.io/otel/exporters/otlp/internal/config.go
+++ /dev/null
@@ -1,34 +0,0 @@
-// Copyright The OpenTelemetry Authors
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-// Package internal contains common functionality for all OTLP exporters.
-package internal // import "go.opentelemetry.io/otel/exporters/otlp/internal"
-
-import (
-	"fmt"
-	"path"
-	"strings"
-)
-
-// CleanPath returns a path with all spaces trimmed and all redundancies removed. If urlPath is empty or cleaning it results in an empty string, defaultPath is returned instead.
-func CleanPath(urlPath string, defaultPath string) string {
-	tmp := path.Clean(strings.TrimSpace(urlPath))
-	if tmp == "." {
-		return defaultPath
-	}
-	if !path.IsAbs(tmp) {
-		tmp = fmt.Sprintf("/%s", tmp)
-	}
-	return tmp
-}
diff --git a/apis/vendor/go.opentelemetry.io/otel/exporters/otlp/internal/retry/LICENSE b/apis/vendor/go.opentelemetry.io/otel/exporters/otlp/internal/retry/LICENSE
deleted file mode 100644
index 261eeb9e9..000000000
--- a/apis/vendor/go.opentelemetry.io/otel/exporters/otlp/internal/retry/LICENSE
+++ /dev/null
@@ -1,201 +0,0 @@
-                                 Apache License
-                           Version 2.0, January 2004
-                        http://www.apache.org/licenses/
-
-   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
-
-   1. Definitions.
-
-      "License" shall mean the terms and conditions for use, reproduction,
-      and distribution as defined by Sections 1 through 9 of this document.
-
-      "Licensor" shall mean the copyright owner or entity authorized by
-      the copyright owner that is granting the License.
-
-      "Legal Entity" shall mean the union of the acting entity and all
-      other entities that control, are controlled by, or are under common
-      control with that entity. For the purposes of this definition,
-      "control" means (i) the power, direct or indirect, to cause the
-      direction or management of such entity, whether by contract or
-      otherwise, or (ii) ownership of fifty percent (50%) or more of the
-      outstanding shares, or (iii) beneficial ownership of such entity.
-
-      "You" (or "Your") shall mean an individual or Legal Entity
-      exercising permissions granted by this License.
-
-      "Source" form shall mean the preferred form for making modifications,
-      including but not limited to software source code, documentation
-      source, and configuration files.
-
-      "Object" form shall mean any form resulting from mechanical
-      transformation or translation of a Source form, including but
-      not limited to compiled object code, generated documentation,
-      and conversions to other media types.
-
-      "Work" shall mean the work of authorship, whether in Source or
-      Object form, made available under the License, as indicated by a
-      copyright notice that is included in or attached to the work
-      (an example is provided in the Appendix below).
-
-      "Derivative Works" shall mean any work, whether in Source or Object
-      form, that is based on (or derived from) the Work and for which the
-      editorial revisions, annotations, elaborations, or other modifications
-      represent, as a whole, an original work of authorship. For the purposes
-      of this License, Derivative Works shall not include works that remain
-      separable from, or merely link (or bind by name) to the interfaces of,
-      the Work and Derivative Works thereof.
-
-      "Contribution" shall mean any work of authorship, including
-      the original version of the Work and any modifications or additions
-      to that Work or Derivative Works thereof, that is intentionally
-      submitted to Licensor for inclusion in the Work by the copyright owner
-      or by an individual or Legal Entity authorized to submit on behalf of
-      the copyright owner. For the purposes of this definition, "submitted"
-      means any form of electronic, verbal, or written communication sent
-      to the Licensor or its representatives, including but not limited to
-      communication on electronic mailing lists, source code control systems,
-      and issue tracking systems that are managed by, or on behalf of, the
-      Licensor for the purpose of discussing and improving the Work, but
-      excluding communication that is conspicuously marked or otherwise
-      designated in writing by the copyright owner as "Not a Contribution."
-
-      "Contributor" shall mean Licensor and any individual or Legal Entity
-      on behalf of whom a Contribution has been received by Licensor and
-      subsequently incorporated within the Work.
-
-   2. Grant of Copyright License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      copyright license to reproduce, prepare Derivative Works of,
-      publicly display, publicly perform, sublicense, and distribute the
-      Work and such Derivative Works in Source or Object form.
-
-   3. Grant of Patent License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      (except as stated in this section) patent license to make, have made,
-      use, offer to sell, sell, import, and otherwise transfer the Work,
-      where such license applies only to those patent claims licensable
-      by such Contributor that are necessarily infringed by their
-      Contribution(s) alone or by combination of their Contribution(s)
-      with the Work to which such Contribution(s) was submitted. If You
-      institute patent litigation against any entity (including a
-      cross-claim or counterclaim in a lawsuit) alleging that the Work
-      or a Contribution incorporated within the Work constitutes direct
-      or contributory patent infringement, then any patent licenses
-      granted to You under this License for that Work shall terminate
-      as of the date such litigation is filed.
-
-   4. Redistribution. You may reproduce and distribute copies of the
-      Work or Derivative Works thereof in any medium, with or without
-      modifications, and in Source or Object form, provided that You
-      meet the following conditions:
-
-      (a) You must give any other recipients of the Work or
-          Derivative Works a copy of this License; and
-
-      (b) You must cause any modified files to carry prominent notices
-          stating that You changed the files; and
-
-      (c) You must retain, in the Source form of any Derivative Works
-          that You distribute, all copyright, patent, trademark, and
-          attribution notices from the Source form of the Work,
-          excluding those notices that do not pertain to any part of
-          the Derivative Works; and
-
-      (d) If the Work includes a "NOTICE" text file as part of its
-          distribution, then any Derivative Works that You distribute must
-          include a readable copy of the attribution notices contained
-          within such NOTICE file, excluding those notices that do not
-          pertain to any part of the Derivative Works, in at least one
-          of the following places: within a NOTICE text file distributed
-          as part of the Derivative Works; within the Source form or
-          documentation, if provided along with the Derivative Works; or,
-          within a display generated by the Derivative Works, if and
-          wherever such third-party notices normally appear. The contents
-          of the NOTICE file are for informational purposes only and
-          do not modify the License. You may add Your own attribution
-          notices within Derivative Works that You distribute, alongside
-          or as an addendum to the NOTICE text from the Work, provided
-          that such additional attribution notices cannot be construed
-          as modifying the License.
-
-      You may add Your own copyright statement to Your modifications and
-      may provide additional or different license terms and conditions
-      for use, reproduction, or distribution of Your modifications, or
-      for any such Derivative Works as a whole, provided Your use,
-      reproduction, and distribution of the Work otherwise complies with
-      the conditions stated in this License.
-
-   5. Submission of Contributions. Unless You explicitly state otherwise,
-      any Contribution intentionally submitted for inclusion in the Work
-      by You to the Licensor shall be under the terms and conditions of
-      this License, without any additional terms or conditions.
-      Notwithstanding the above, nothing herein shall supersede or modify
-      the terms of any separate license agreement you may have executed
-      with Licensor regarding such Contributions.
-
-   6. Trademarks. This License does not grant permission to use the trade
-      names, trademarks, service marks, or product names of the Licensor,
-      except as required for reasonable and customary use in describing the
-      origin of the Work and reproducing the content of the NOTICE file.
-
-   7. Disclaimer of Warranty. Unless required by applicable law or
-      agreed to in writing, Licensor provides the Work (and each
-      Contributor provides its Contributions) on an "AS IS" BASIS,
-      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
-      implied, including, without limitation, any warranties or conditions
-      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
-      PARTICULAR PURPOSE. You are solely responsible for determining the
-      appropriateness of using or redistributing the Work and assume any
-      risks associated with Your exercise of permissions under this License.
-
-   8. Limitation of Liability. In no event and under no legal theory,
-      whether in tort (including negligence), contract, or otherwise,
-      unless required by applicable law (such as deliberate and grossly
-      negligent acts) or agreed to in writing, shall any Contributor be
-      liable to You for damages, including any direct, indirect, special,
-      incidental, or consequential damages of any character arising as a
-      result of this License or out of the use or inability to use the
-      Work (including but not limited to damages for loss of goodwill,
-      work stoppage, computer failure or malfunction, or any and all
-      other commercial damages or losses), even if such Contributor
-      has been advised of the possibility of such damages.
-
-   9. Accepting Warranty or Additional Liability. While redistributing
-      the Work or Derivative Works thereof, You may choose to offer,
-      and charge a fee for, acceptance of support, warranty, indemnity,
-      or other liability obligations and/or rights consistent with this
-      License. However, in accepting such obligations, You may act only
-      on Your own behalf and on Your sole responsibility, not on behalf
-      of any other Contributor, and only if You agree to indemnify,
-      defend, and hold each Contributor harmless for any liability
-      incurred by, or claims asserted against, such Contributor by reason
-      of your accepting any such warranty or additional liability.
-
-   END OF TERMS AND CONDITIONS
-
-   APPENDIX: How to apply the Apache License to your work.
-
-      To apply the Apache License to your work, attach the following
-      boilerplate notice, with the fields enclosed by brackets "[]"
-      replaced with your own identifying information. (Don't include
-      the brackets!)  The text should be enclosed in the appropriate
-      comment syntax for the file format. We also recommend that a
-      file or class name and description of purpose be included on the
-      same "printed page" as the copyright notice for easier
-      identification within third-party archives.
-
-   Copyright [yyyy] [name of copyright owner]
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
diff --git a/apis/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/README.md b/apis/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/README.md
deleted file mode 100644
index ca91fd4f4..000000000
--- a/apis/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/README.md
+++ /dev/null
@@ -1,51 +0,0 @@
-# OpenTelemetry-Go OTLP Span Exporter
-
-[![Go Reference](https://pkg.go.dev/badge/go.opentelemetry.io/otel/exporters/otlp/otlptrace.svg)](https://pkg.go.dev/go.opentelemetry.io/otel/exporters/otlp/otlptrace)
-
-[OpenTelemetry Protocol Exporter](https://github.com/open-telemetry/opentelemetry-specification/blob/v1.5.0/specification/protocol/exporter.md) implementation.
-
-## Installation
-
-```
-go get -u go.opentelemetry.io/otel/exporters/otlp/otlptrace
-```
-
-## Examples
-
-- [Exporter setup and examples](./otlptracehttp/example_test.go)
-- [Full example sending telemetry to a local collector](../../../example/otel-collector)
-
-## [`otlptrace`](https://pkg.go.dev/go.opentelemetry.io/otel/exporters/otlp/otlptrace)
-
-The `otlptrace` package provides an exporter implementing the OTel span exporter interface.
-This exporter is configured using a client satisfying the `otlptrace.Client` interface.
-This client handles the transformation of data into wire format and the transmission of that data to the collector.
-
-## [`otlptracegrpc`](https://pkg.go.dev/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc)
-
-The `otlptracegrpc` package implements a client for the span exporter that sends trace telemetry data to the collector using gRPC with protobuf-encoded payloads.
-
-## [`otlptracehttp`](https://pkg.go.dev/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp)
-
-The `otlptracehttp` package implements a client for the span exporter that sends trace telemetry data to the collector using HTTP with protobuf-encoded payloads.
-
-## Configuration
-
-### Environment Variables
-
-The following environment variables can be used (instead of options objects) to
-override the default configuration. For more information about how each of
-these environment variables is interpreted, see [the OpenTelemetry
-specification](https://github.com/open-telemetry/opentelemetry-specification/blob/v1.8.0/specification/protocol/exporter.md).
-
-| Environment variable                                                     | Option                        | Default value                                            |
-| ------------------------------------------------------------------------ |------------------------------ | -------------------------------------------------------- |
-| `OTEL_EXPORTER_OTLP_ENDPOINT` `OTEL_EXPORTER_OTLP_TRACES_ENDPOINT`       | `WithEndpoint` `WithInsecure` | `https://localhost:4317` or `https://localhost:4318`[^1] |
-| `OTEL_EXPORTER_OTLP_CERTIFICATE` `OTEL_EXPORTER_OTLP_TRACES_CERTIFICATE` | `WithTLSClientConfig`         |                                                          |
-| `OTEL_EXPORTER_OTLP_HEADERS` `OTEL_EXPORTER_OTLP_TRACES_HEADERS`         | `WithHeaders`                 |                                                          |
-| `OTEL_EXPORTER_OTLP_COMPRESSION` `OTEL_EXPORTER_OTLP_TRACES_COMPRESSION` | `WithCompression`             |                                                          |
-| `OTEL_EXPORTER_OTLP_TIMEOUT` `OTEL_EXPORTER_OTLP_TRACES_TIMEOUT`         | `WithTimeout`                 | `10s`                                                    |
-
-[^1]: The gRPC client defaults to `https://localhost:4317` and the HTTP client `https://localhost:4318`.
-
-Configuration using options have precedence over the environment variables.
diff --git a/apis/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/doc.go b/apis/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/doc.go
new file mode 100644
index 000000000..9e642235a
--- /dev/null
+++ b/apis/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/doc.go
@@ -0,0 +1,21 @@
+// Copyright The OpenTelemetry Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+/*
+Package otlptrace contains abstractions for OTLP span exporters.
+See the official OTLP span exporter implementations:
+  - [go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc],
+  - [go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp].
+*/
+package otlptrace // import "go.opentelemetry.io/otel/exporters/otlp/otlptrace"
diff --git a/apis/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/exporter.go b/apis/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/exporter.go
index c5ee6c098..b46a38d60 100644
--- a/apis/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/exporter.go
+++ b/apis/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/exporter.go
@@ -17,15 +17,14 @@ package otlptrace // import "go.opentelemetry.io/otel/exporters/otlp/otlptrace"
 import (
 	"context"
 	"errors"
+	"fmt"
 	"sync"
 
 	"go.opentelemetry.io/otel/exporters/otlp/otlptrace/internal/tracetransform"
 	tracesdk "go.opentelemetry.io/otel/sdk/trace"
 )
 
-var (
-	errAlreadyStarted = errors.New("already started")
-)
+var errAlreadyStarted = errors.New("already started")
 
 // Exporter exports trace data in the OTLP wire format.
 type Exporter struct {
@@ -45,12 +44,16 @@ func (e *Exporter) ExportSpans(ctx context.Context, ss []tracesdk.ReadOnlySpan)
 		return nil
 	}
 
-	return e.client.UploadTraces(ctx, protoSpans)
+	err := e.client.UploadTraces(ctx, protoSpans)
+	if err != nil {
+		return fmt.Errorf("traces export: %w", err)
+	}
+	return nil
 }
 
 // Start establishes a connection to the receiving endpoint.
 func (e *Exporter) Start(ctx context.Context) error {
-	var err = errAlreadyStarted
+	err := errAlreadyStarted
 	e.startOnce.Do(func() {
 		e.mu.Lock()
 		e.started = true
diff --git a/apis/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/client.go b/apis/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/client.go
index 9d6e1898b..b4cc21d7a 100644
--- a/apis/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/client.go
+++ b/apis/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/client.go
@@ -27,10 +27,10 @@ import (
 	"google.golang.org/grpc/status"
 
 	"go.opentelemetry.io/otel"
-	"go.opentelemetry.io/otel/exporters/otlp/internal"
-	"go.opentelemetry.io/otel/exporters/otlp/internal/retry"
 	"go.opentelemetry.io/otel/exporters/otlp/otlptrace"
-	"go.opentelemetry.io/otel/exporters/otlp/otlptrace/internal/otlpconfig"
+	"go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/internal"
+	"go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/internal/otlpconfig"
+	"go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/internal/retry"
 	coltracepb "go.opentelemetry.io/proto/otlp/collector/trace/v1"
 	tracepb "go.opentelemetry.io/proto/otlp/trace/v1"
 )
@@ -130,13 +130,16 @@ var errAlreadyStopped = errors.New("the client is already stopped")
 // If the client has already stopped, an error will be returned describing
 // this.
 func (c *client) Stop(ctx context.Context) error {
+	// Make sure to return context error if the context is done when calling this method.
+	err := ctx.Err()
+
 	// Acquire the c.tscMu lock within the ctx lifetime.
 	acquired := make(chan struct{})
 	go func() {
 		c.tscMu.Lock()
 		close(acquired)
 	}()
-	var err error
+
 	select {
 	case <-ctx.Done():
 		// The Stop timeout is reached. Kill any remaining exports to force
@@ -202,11 +205,12 @@ func (c *client) UploadTraces(ctx context.Context, protoSpans []*tracepb.Resourc
 			ResourceSpans: protoSpans,
 		})
 		if resp != nil && resp.PartialSuccess != nil {
-			otel.Handle(internal.PartialSuccessToError(
-				internal.TracingPartialSuccess,
-				resp.PartialSuccess.RejectedSpans,
-				resp.PartialSuccess.ErrorMessage,
-			))
+			msg := resp.PartialSuccess.GetErrorMessage()
+			n := resp.PartialSuccess.GetRejectedSpans()
+			if n != 0 || msg != "" {
+				err := internal.TracePartialSuccessError(n, msg)
+				otel.Handle(err)
+			}
 		}
 		// nil is converted to OK.
 		if status.Code(err) == codes.OK {
@@ -255,32 +259,39 @@ func (c *client) exportContext(parent context.Context) (context.Context, context
 // retryable returns if err identifies a request that can be retried and a
 // duration to wait for if an explicit throttle time is included in err.
 func retryable(err error) (bool, time.Duration) {
-	//func retryable(err error) (bool, time.Duration) {
 	s := status.Convert(err)
+	return retryableGRPCStatus(s)
+}
+
+func retryableGRPCStatus(s *status.Status) (bool, time.Duration) {
 	switch s.Code() {
 	case codes.Canceled,
 		codes.DeadlineExceeded,
-		codes.ResourceExhausted,
 		codes.Aborted,
 		codes.OutOfRange,
 		codes.Unavailable,
 		codes.DataLoss:
-		return true, throttleDelay(s)
+		// Additionally handle RetryInfo.
+		_, d := throttleDelay(s)
+		return true, d
+	case codes.ResourceExhausted:
+		// Retry only if the server signals that the recovery from resource exhaustion is possible.
+		return throttleDelay(s)
 	}
 
 	// Not a retry-able error.
 	return false, 0
 }
 
-// throttleDelay returns a duration to wait for if an explicit throttle time
-// is included in the response status.
-func throttleDelay(s *status.Status) time.Duration {
+// throttleDelay returns of the status is RetryInfo
+// and the its duration to wait for if an explicit throttle time.
+func throttleDelay(s *status.Status) (bool, time.Duration) {
 	for _, detail := range s.Details() {
 		if t, ok := detail.(*errdetails.RetryInfo); ok {
-			return t.RetryDelay.AsDuration()
+			return true, t.RetryDelay.AsDuration()
 		}
 	}
-	return 0
+	return false, 0
 }
 
 // MarshalLog is the marshaling function used by the logging system to represent this Client.
diff --git a/apis/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/doc.go b/apis/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/doc.go
new file mode 100644
index 000000000..1f514ef9e
--- /dev/null
+++ b/apis/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/doc.go
@@ -0,0 +1,77 @@
+// Copyright The OpenTelemetry Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+/*
+Package otlptracegrpc provides an OTLP span exporter using gRPC.
+By default the telemetry is sent to https://localhost:4317.
+
+Exporter should be created using [New].
+
+The environment variables described below can be used for configuration.
+
+OTEL_EXPORTER_OTLP_ENDPOINT, OTEL_EXPORTER_OTLP_TRACES_ENDPOINT (default: "https://localhost:4317") -
+target to which the exporter sends telemetry.
+The target syntax is defined in https://github.com/grpc/grpc/blob/master/doc/naming.md.
+The value must contain a host.
+The value may additionally a port, a scheme, and a path.
+The value accepts "http" and "https" scheme.
+The value should not contain a query string or fragment.
+OTEL_EXPORTER_OTLP_TRACES_ENDPOINT takes precedence over OTEL_EXPORTER_OTLP_ENDPOINT.
+The configuration can be overridden by [WithEndpoint], [WithInsecure], [WithGRPCConn] options.
+
+OTEL_EXPORTER_OTLP_INSECURE, OTEL_EXPORTER_OTLP_TRACES_INSECURE (default: "false") -
+setting "true" disables client transport security for the exporter's gRPC connection.
+You can use this only when an endpoint is provided without the http or https scheme.
+OTEL_EXPORTER_OTLP_ENDPOINT, OTEL_EXPORTER_OTLP_TRACES_ENDPOINT setting overrides
+the scheme defined via OTEL_EXPORTER_OTLP_ENDPOINT, OTEL_EXPORTER_OTLP_TRACES_ENDPOINT.
+OTEL_EXPORTER_OTLP_TRACES_INSECURE takes precedence over OTEL_EXPORTER_OTLP_INSECURE.
+The configuration can be overridden by [WithInsecure], [WithGRPCConn] options.
+
+OTEL_EXPORTER_OTLP_HEADERS, OTEL_EXPORTER_OTLP_TRACES_HEADERS (default: none) -
+key-value pairs used as gRPC metadata associated with gRPC requests.
+The value is expected to be represented in a format matching to the [W3C Baggage HTTP Header Content Format],
+except that additional semi-colon delimited metadata is not supported.
+Example value: "key1=value1,key2=value2".
+OTEL_EXPORTER_OTLP_TRACES_HEADERS takes precedence over OTEL_EXPORTER_OTLP_HEADERS.
+The configuration can be overridden by [WithHeaders] option.
+
+OTEL_EXPORTER_OTLP_TIMEOUT, OTEL_EXPORTER_OTLP_TRACES_TIMEOUT (default: "10000") -
+maximum time in milliseconds the OTLP exporter waits for each batch export.
+OTEL_EXPORTER_OTLP_TRACES_TIMEOUT takes precedence over OTEL_EXPORTER_OTLP_TIMEOUT.
+The configuration can be overridden by [WithTimeout] option.
+
+OTEL_EXPORTER_OTLP_COMPRESSION, OTEL_EXPORTER_OTLP_TRACES_COMPRESSION (default: none) -
+the gRPC compressor the exporter uses.
+Supported value: "gzip".
+OTEL_EXPORTER_OTLP_TRACES_COMPRESSION takes precedence over OTEL_EXPORTER_OTLP_COMPRESSION.
+The configuration can be overridden by [WithCompressor], [WithGRPCConn] options.
+
+OTEL_EXPORTER_OTLP_CERTIFICATE, OTEL_EXPORTER_OTLP_TRACES_CERTIFICATE (default: none) -
+the filepath to the trusted certificate to use when verifying a server's TLS credentials.
+OTEL_EXPORTER_OTLP_TRACES_CERTIFICATE takes precedence over OTEL_EXPORTER_OTLP_CERTIFICATE.
+The configuration can be overridden by [WithTLSCredentials], [WithGRPCConn] options.
+
+OTEL_EXPORTER_OTLP_CLIENT_CERTIFICATE, OTEL_EXPORTER_OTLP_TRACES_CLIENT_CERTIFICATE (default: none) -
+the filepath to the client certificate/chain trust for clients private key to use in mTLS communication in PEM format.
+OTEL_EXPORTER_OTLP_TRACES_CLIENT_CERTIFICATE takes precedence over OTEL_EXPORTER_OTLP_CLIENT_CERTIFICATE.
+The configuration can be overridden by [WithTLSCredentials], [WithGRPCConn] options.
+
+OTEL_EXPORTER_OTLP_CLIENT_KEY, OTEL_EXPORTER_OTLP_TRACES_CLIENT_KEY (default: none) -
+the filepath  to the clients private key to use in mTLS communication in PEM format.
+OTEL_EXPORTER_OTLP_TRACES_CLIENT_KEY takes precedence over OTEL_EXPORTER_OTLP_CLIENT_KEY.
+The configuration can be overridden by [WithTLSCredentials], [WithGRPCConn] option.
+
+[W3C Baggage HTTP Header Content Format]: https://www.w3.org/TR/baggage/#header-content
+*/
+package otlptracegrpc // import "go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc"
diff --git a/apis/vendor/go.opentelemetry.io/otel/exporters/otlp/internal/envconfig/envconfig.go b/apis/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/internal/envconfig/envconfig.go
similarity index 57%
rename from apis/vendor/go.opentelemetry.io/otel/exporters/otlp/internal/envconfig/envconfig.go
rename to apis/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/internal/envconfig/envconfig.go
index 67003c4a2..5530119e4 100644
--- a/apis/vendor/go.opentelemetry.io/otel/exporters/otlp/internal/envconfig/envconfig.go
+++ b/apis/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/internal/envconfig/envconfig.go
@@ -1,3 +1,6 @@
+// Code created by gotmpl. DO NOT MODIFY.
+// source: internal/shared/otlp/envconfig/envconfig.go.tmpl
+
 // Copyright The OpenTelemetry Authors
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
@@ -12,7 +15,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-package envconfig // import "go.opentelemetry.io/otel/exporters/otlp/internal/envconfig"
+package envconfig // import "go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/internal/envconfig"
 
 import (
 	"crypto/tls"
@@ -23,6 +26,8 @@ import (
 	"strconv"
 	"strings"
 	"time"
+
+	"go.opentelemetry.io/otel/internal/global"
 )
 
 // ConfigFn is the generic function used to set a config.
@@ -59,13 +64,26 @@ func WithString(n string, fn func(string)) func(e *EnvOptionsReader) {
 	}
 }
 
+// WithBool returns a ConfigFn that reads the environment variable n and if it exists passes its parsed bool value to fn.
+func WithBool(n string, fn func(bool)) ConfigFn {
+	return func(e *EnvOptionsReader) {
+		if v, ok := e.GetEnvValue(n); ok {
+			b := strings.ToLower(v) == "true"
+			fn(b)
+		}
+	}
+}
+
 // WithDuration retrieves the specified config and passes it to ConfigFn as a duration.
 func WithDuration(n string, fn func(time.Duration)) func(e *EnvOptionsReader) {
 	return func(e *EnvOptionsReader) {
 		if v, ok := e.GetEnvValue(n); ok {
-			if d, err := strconv.Atoi(v); err == nil {
-				fn(time.Duration(d) * time.Millisecond)
+			d, err := strconv.Atoi(v)
+			if err != nil {
+				global.Error(err, "parse duration", "input", v)
+				return
 			}
+			fn(time.Duration(d) * time.Millisecond)
 		}
 	}
 }
@@ -83,26 +101,62 @@ func WithHeaders(n string, fn func(map[string]string)) func(e *EnvOptionsReader)
 func WithURL(n string, fn func(*url.URL)) func(e *EnvOptionsReader) {
 	return func(e *EnvOptionsReader) {
 		if v, ok := e.GetEnvValue(n); ok {
-			if u, err := url.Parse(v); err == nil {
-				fn(u)
+			u, err := url.Parse(v)
+			if err != nil {
+				global.Error(err, "parse url", "input", v)
+				return
 			}
+			fn(u)
 		}
 	}
 }
 
-// WithTLSConfig retrieves the specified config and passes it to ConfigFn as a crypto/tls.Config.
-func WithTLSConfig(n string, fn func(*tls.Config)) func(e *EnvOptionsReader) {
+// WithCertPool returns a ConfigFn that reads the environment variable n as a filepath to a TLS certificate pool. If it exists, it is parsed as a crypto/x509.CertPool and it is passed to fn.
+func WithCertPool(n string, fn func(*x509.CertPool)) ConfigFn {
 	return func(e *EnvOptionsReader) {
 		if v, ok := e.GetEnvValue(n); ok {
-			if b, err := e.ReadFile(v); err == nil {
-				if c, err := createTLSConfig(b); err == nil {
-					fn(c)
-				}
+			b, err := e.ReadFile(v)
+			if err != nil {
+				global.Error(err, "read tls ca cert file", "file", v)
+				return
+			}
+			c, err := createCertPool(b)
+			if err != nil {
+				global.Error(err, "create tls cert pool")
+				return
 			}
+			fn(c)
 		}
 	}
 }
 
+// WithClientCert returns a ConfigFn that reads the environment variable nc and nk as filepaths to a client certificate and key pair. If they exists, they are parsed as a crypto/tls.Certificate and it is passed to fn.
+func WithClientCert(nc, nk string, fn func(tls.Certificate)) ConfigFn {
+	return func(e *EnvOptionsReader) {
+		vc, okc := e.GetEnvValue(nc)
+		vk, okk := e.GetEnvValue(nk)
+		if !okc || !okk {
+			return
+		}
+		cert, err := e.ReadFile(vc)
+		if err != nil {
+			global.Error(err, "read tls client cert", "file", vc)
+			return
+		}
+		key, err := e.ReadFile(vk)
+		if err != nil {
+			global.Error(err, "read tls client key", "file", vk)
+			return
+		}
+		crt, err := tls.X509KeyPair(cert, key)
+		if err != nil {
+			global.Error(err, "create tls client key pair")
+			return
+		}
+		fn(crt)
+	}
+}
+
 func keyWithNamespace(ns, key string) string {
 	if ns == "" {
 		return key
@@ -115,17 +169,20 @@ func stringToHeader(value string) map[string]string {
 	headers := make(map[string]string)
 
 	for _, header := range headersPairs {
-		nameValue := strings.SplitN(header, "=", 2)
-		if len(nameValue) < 2 {
+		n, v, found := strings.Cut(header, "=")
+		if !found {
+			global.Error(errors.New("missing '="), "parse headers", "input", header)
 			continue
 		}
-		name, err := url.QueryUnescape(nameValue[0])
+		name, err := url.PathUnescape(n)
 		if err != nil {
+			global.Error(err, "escape header key", "key", n)
 			continue
 		}
 		trimmedName := strings.TrimSpace(name)
-		value, err := url.QueryUnescape(nameValue[1])
+		value, err := url.PathUnescape(v)
 		if err != nil {
+			global.Error(err, "escape header value", "value", v)
 			continue
 		}
 		trimmedValue := strings.TrimSpace(value)
@@ -136,13 +193,10 @@ func stringToHeader(value string) map[string]string {
 	return headers
 }
 
-func createTLSConfig(certBytes []byte) (*tls.Config, error) {
+func createCertPool(certBytes []byte) (*x509.CertPool, error) {
 	cp := x509.NewCertPool()
 	if ok := cp.AppendCertsFromPEM(certBytes); !ok {
 		return nil, errors.New("failed to append certificate to the cert pool")
 	}
-
-	return &tls.Config{
-		RootCAs: cp,
-	}, nil
+	return cp, nil
 }
diff --git a/apis/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/internal/gen.go b/apis/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/internal/gen.go
new file mode 100644
index 000000000..1fb290618
--- /dev/null
+++ b/apis/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/internal/gen.go
@@ -0,0 +1,35 @@
+// Copyright The OpenTelemetry Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package internal // import "go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/internal"
+
+//go:generate gotmpl --body=../../../../../internal/shared/otlp/partialsuccess.go.tmpl "--data={}" --out=partialsuccess.go
+//go:generate gotmpl --body=../../../../../internal/shared/otlp/partialsuccess_test.go.tmpl "--data={}" --out=partialsuccess_test.go
+
+//go:generate gotmpl --body=../../../../../internal/shared/otlp/retry/retry.go.tmpl "--data={}" --out=retry/retry.go
+//go:generate gotmpl --body=../../../../../internal/shared/otlp/retry/retry_test.go.tmpl "--data={}" --out=retry/retry_test.go
+
+//go:generate gotmpl --body=../../../../../internal/shared/otlp/envconfig/envconfig.go.tmpl "--data={}" --out=envconfig/envconfig.go
+//go:generate gotmpl --body=../../../../../internal/shared/otlp/envconfig/envconfig_test.go.tmpl "--data={}" --out=envconfig/envconfig_test.go
+
+//go:generate gotmpl --body=../../../../../internal/shared/otlp/otlptrace/otlpconfig/envconfig.go.tmpl "--data={\"envconfigImportPath\": \"go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/internal/envconfig\"}" --out=otlpconfig/envconfig.go
+//go:generate gotmpl --body=../../../../../internal/shared/otlp/otlptrace/otlpconfig/options.go.tmpl "--data={\"retryImportPath\": \"go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/internal/retry\"}" --out=otlpconfig/options.go
+//go:generate gotmpl --body=../../../../../internal/shared/otlp/otlptrace/otlpconfig/options_test.go.tmpl "--data={\"envconfigImportPath\": \"go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/internal/envconfig\"}" --out=otlpconfig/options_test.go
+//go:generate gotmpl --body=../../../../../internal/shared/otlp/otlptrace/otlpconfig/optiontypes.go.tmpl "--data={}" --out=otlpconfig/optiontypes.go
+//go:generate gotmpl --body=../../../../../internal/shared/otlp/otlptrace/otlpconfig/tls.go.tmpl "--data={}" --out=otlpconfig/tls.go
+
+//go:generate gotmpl --body=../../../../../internal/shared/otlp/otlptrace/otlptracetest/client.go.tmpl "--data={}" --out=otlptracetest/client.go
+//go:generate gotmpl --body=../../../../../internal/shared/otlp/otlptrace/otlptracetest/collector.go.tmpl "--data={}" --out=otlptracetest/collector.go
+//go:generate gotmpl --body=../../../../../internal/shared/otlp/otlptrace/otlptracetest/data.go.tmpl "--data={}" --out=otlptracetest/data.go
+//go:generate gotmpl --body=../../../../../internal/shared/otlp/otlptrace/otlptracetest/otlptest.go.tmpl "--data={}" --out=otlptracetest/otlptest.go
diff --git a/apis/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/internal/otlpconfig/envconfig.go b/apis/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/internal/otlpconfig/envconfig.go
similarity index 74%
rename from apis/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/internal/otlpconfig/envconfig.go
rename to apis/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/internal/otlpconfig/envconfig.go
index b29f618e3..32f6dddb4 100644
--- a/apis/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/internal/otlpconfig/envconfig.go
+++ b/apis/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/internal/otlpconfig/envconfig.go
@@ -1,3 +1,6 @@
+// Code created by gotmpl. DO NOT MODIFY.
+// source: internal/shared/otlp/otlptrace/otlpconfig/envconfig.go.tmpl
+
 // Copyright The OpenTelemetry Authors
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
@@ -12,17 +15,18 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-package otlpconfig // import "go.opentelemetry.io/otel/exporters/otlp/otlptrace/internal/otlpconfig"
+package otlpconfig // import "go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/internal/otlpconfig"
 
 import (
 	"crypto/tls"
+	"crypto/x509"
 	"net/url"
 	"os"
 	"path"
 	"strings"
 	"time"
 
-	"go.opentelemetry.io/otel/exporters/otlp/internal/envconfig"
+	"go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/internal/envconfig"
 )
 
 // DefaultEnvOptionsReader is the default environments reader.
@@ -53,6 +57,7 @@ func ApplyHTTPEnvConfigs(cfg Config) Config {
 func getOptionsFromEnv() []GenericOption {
 	opts := []GenericOption{}
 
+	tlsConf := &tls.Config{}
 	DefaultEnvOptionsReader.Apply(
 		envconfig.WithURL("ENDPOINT", func(u *url.URL) {
 			opts = append(opts, withEndpointScheme(u))
@@ -81,8 +86,13 @@ func getOptionsFromEnv() []GenericOption {
 				return cfg
 			}, withEndpointForGRPC(u)))
 		}),
-		envconfig.WithTLSConfig("CERTIFICATE", func(c *tls.Config) { opts = append(opts, WithTLSClientConfig(c)) }),
-		envconfig.WithTLSConfig("TRACES_CERTIFICATE", func(c *tls.Config) { opts = append(opts, WithTLSClientConfig(c)) }),
+		envconfig.WithCertPool("CERTIFICATE", func(p *x509.CertPool) { tlsConf.RootCAs = p }),
+		envconfig.WithCertPool("TRACES_CERTIFICATE", func(p *x509.CertPool) { tlsConf.RootCAs = p }),
+		envconfig.WithClientCert("CLIENT_CERTIFICATE", "CLIENT_KEY", func(c tls.Certificate) { tlsConf.Certificates = []tls.Certificate{c} }),
+		envconfig.WithClientCert("TRACES_CLIENT_CERTIFICATE", "TRACES_CLIENT_KEY", func(c tls.Certificate) { tlsConf.Certificates = []tls.Certificate{c} }),
+		withTLSConfig(tlsConf, func(c *tls.Config) { opts = append(opts, WithTLSClientConfig(c)) }),
+		envconfig.WithBool("INSECURE", func(b bool) { opts = append(opts, withInsecure(b)) }),
+		envconfig.WithBool("TRACES_INSECURE", func(b bool) { opts = append(opts, withInsecure(b)) }),
 		envconfig.WithHeaders("HEADERS", func(h map[string]string) { opts = append(opts, WithHeaders(h)) }),
 		envconfig.WithHeaders("TRACES_HEADERS", func(h map[string]string) { opts = append(opts, WithHeaders(h)) }),
 		WithEnvCompression("COMPRESSION", func(c Compression) { opts = append(opts, WithCompression(c)) }),
@@ -125,3 +135,19 @@ func WithEnvCompression(n string, fn func(Compression)) func(e *envconfig.EnvOpt
 		}
 	}
 }
+
+// revive:disable-next-line:flag-parameter
+func withInsecure(b bool) GenericOption {
+	if b {
+		return WithInsecure()
+	}
+	return WithSecure()
+}
+
+func withTLSConfig(c *tls.Config, fn func(*tls.Config)) func(e *envconfig.EnvOptionsReader) {
+	return func(e *envconfig.EnvOptionsReader) {
+		if c.RootCAs != nil || len(c.Certificates) > 0 {
+			fn(c)
+		}
+	}
+}
diff --git a/apis/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/internal/otlpconfig/options.go b/apis/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/internal/otlpconfig/options.go
similarity index 89%
rename from apis/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/internal/otlpconfig/options.go
rename to apis/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/internal/otlpconfig/options.go
index 56e83b853..dddb1f334 100644
--- a/apis/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/internal/otlpconfig/options.go
+++ b/apis/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/internal/otlpconfig/options.go
@@ -1,3 +1,6 @@
+// Code created by gotmpl. DO NOT MODIFY.
+// source: internal/shared/otlp/otlptrace/otlpconfig/options.go.tmpl
+
 // Copyright The OpenTelemetry Authors
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
@@ -12,11 +15,13 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-package otlpconfig // import "go.opentelemetry.io/otel/exporters/otlp/otlptrace/internal/otlpconfig"
+package otlpconfig // import "go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/internal/otlpconfig"
 
 import (
 	"crypto/tls"
 	"fmt"
+	"path"
+	"strings"
 	"time"
 
 	"google.golang.org/grpc"
@@ -25,8 +30,8 @@ import (
 	"google.golang.org/grpc/credentials/insecure"
 	"google.golang.org/grpc/encoding/gzip"
 
-	"go.opentelemetry.io/otel/exporters/otlp/internal"
-	"go.opentelemetry.io/otel/exporters/otlp/internal/retry"
+	"go.opentelemetry.io/otel/exporters/otlp/otlptrace"
+	"go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/internal/retry"
 )
 
 const (
@@ -82,13 +87,28 @@ func NewHTTPConfig(opts ...HTTPOption) Config {
 	for _, opt := range opts {
 		cfg = opt.ApplyHTTPOption(cfg)
 	}
-	cfg.Traces.URLPath = internal.CleanPath(cfg.Traces.URLPath, DefaultTracesPath)
+	cfg.Traces.URLPath = cleanPath(cfg.Traces.URLPath, DefaultTracesPath)
 	return cfg
 }
 
+// cleanPath returns a path with all spaces trimmed and all redundancies
+// removed. If urlPath is empty or cleaning it results in an empty string,
+// defaultPath is returned instead.
+func cleanPath(urlPath string, defaultPath string) string {
+	tmp := path.Clean(strings.TrimSpace(urlPath))
+	if tmp == "." {
+		return defaultPath
+	}
+	if !path.IsAbs(tmp) {
+		tmp = fmt.Sprintf("/%s", tmp)
+	}
+	return tmp
+}
+
 // NewGRPCConfig returns a new Config with all settings applied from opts and
 // any unset setting using the default gRPC config values.
 func NewGRPCConfig(opts ...GRPCOption) Config {
+	userAgent := "OTel OTLP Exporter Go/" + otlptrace.Version()
 	cfg := Config{
 		Traces: SignalConfig{
 			Endpoint:    fmt.Sprintf("%s:%d", DefaultCollectorHost, DefaultCollectorGRPCPort),
@@ -97,6 +117,7 @@ func NewGRPCConfig(opts ...GRPCOption) Config {
 			Timeout:     DefaultTimeout,
 		},
 		RetryConfig: retry.DefaultConfig,
+		DialOptions: []grpc.DialOption{grpc.WithUserAgent(userAgent)},
 	}
 	cfg = ApplyGRPCEnvConfigs(cfg)
 	for _, opt := range opts {
@@ -120,9 +141,6 @@ func NewGRPCConfig(opts ...GRPCOption) Config {
 	if cfg.Traces.Compression == GzipCompression {
 		cfg.DialOptions = append(cfg.DialOptions, grpc.WithDefaultCallOptions(grpc.UseCompressor(gzip.Name)))
 	}
-	if len(cfg.DialOptions) != 0 {
-		cfg.DialOptions = append(cfg.DialOptions, cfg.DialOptions...)
-	}
 	if cfg.ReconnectionPeriod != 0 {
 		p := grpc.ConnectParams{
 			Backoff:           backoff.DefaultConfig,
diff --git a/apis/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/internal/otlpconfig/optiontypes.go b/apis/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/internal/otlpconfig/optiontypes.go
similarity index 90%
rename from apis/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/internal/otlpconfig/optiontypes.go
rename to apis/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/internal/otlpconfig/optiontypes.go
index c2d6c0361..d9dcdc96e 100644
--- a/apis/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/internal/otlpconfig/optiontypes.go
+++ b/apis/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/internal/otlpconfig/optiontypes.go
@@ -1,3 +1,6 @@
+// Code created by gotmpl. DO NOT MODIFY.
+// source: internal/shared/otlp/otlptrace/otlpconfig/optiontypes.go.tmpl
+
 // Copyright The OpenTelemetry Authors
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
@@ -12,7 +15,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-package otlpconfig // import "go.opentelemetry.io/otel/exporters/otlp/otlptrace/internal/otlpconfig"
+package otlpconfig // import "go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/internal/otlpconfig"
 
 const (
 	// DefaultCollectorGRPCPort is the default gRPC port of the collector.
diff --git a/apis/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/internal/otlpconfig/tls.go b/apis/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/internal/otlpconfig/tls.go
similarity index 87%
rename from apis/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/internal/otlpconfig/tls.go
rename to apis/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/internal/otlpconfig/tls.go
index 7287cf6cf..19b6d4b21 100644
--- a/apis/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/internal/otlpconfig/tls.go
+++ b/apis/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/internal/otlpconfig/tls.go
@@ -1,3 +1,6 @@
+// Code created by gotmpl. DO NOT MODIFY.
+// source: internal/shared/otlp/otlptrace/otlpconfig/tls.go.tmpl
+
 // Copyright The OpenTelemetry Authors
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
@@ -12,7 +15,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-package otlpconfig // import "go.opentelemetry.io/otel/exporters/otlp/otlptrace/internal/otlpconfig"
+package otlpconfig // import "go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/internal/otlpconfig"
 
 import (
 	"crypto/tls"
diff --git a/apis/vendor/go.opentelemetry.io/otel/exporters/otlp/internal/partialsuccess.go b/apis/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/internal/partialsuccess.go
similarity index 64%
rename from apis/vendor/go.opentelemetry.io/otel/exporters/otlp/internal/partialsuccess.go
rename to apis/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/internal/partialsuccess.go
index 7994706ab..076905e54 100644
--- a/apis/vendor/go.opentelemetry.io/otel/exporters/otlp/internal/partialsuccess.go
+++ b/apis/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/internal/partialsuccess.go
@@ -1,3 +1,6 @@
+// Code created by gotmpl. DO NOT MODIFY.
+// source: internal/shared/otlp/partialsuccess.go
+
 // Copyright The OpenTelemetry Authors
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
@@ -12,23 +15,10 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-package internal // import "go.opentelemetry.io/otel/exporters/otlp/internal"
+package internal // import "go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/internal"
 
 import "fmt"
 
-// PartialSuccessDropKind indicates the kind of partial success error
-// received by an OTLP exporter, which corresponds with the signal
-// being exported.
-type PartialSuccessDropKind string
-
-const (
-	// TracingPartialSuccess indicates that some spans were rejected.
-	TracingPartialSuccess PartialSuccessDropKind = "spans"
-
-	// MetricsPartialSuccess indicates that some metric data points were rejected.
-	MetricsPartialSuccess PartialSuccessDropKind = "metric data points"
-)
-
 // PartialSuccess represents the underlying error for all handling
 // OTLP partial success messages.  Use `errors.Is(err,
 // PartialSuccess{})` to test whether an error passed to the OTel
@@ -36,7 +26,7 @@ const (
 type PartialSuccess struct {
 	ErrorMessage  string
 	RejectedItems int64
-	RejectedKind  PartialSuccessDropKind
+	RejectedKind  string
 }
 
 var _ error = PartialSuccess{}
@@ -56,13 +46,22 @@ func (ps PartialSuccess) Is(err error) bool {
 	return ok
 }
 
-// PartialSuccessToError produces an error suitable for passing to
-// `otel.Handle()` out of the fields in a partial success response,
-// independent of which signal produced the outcome.
-func PartialSuccessToError(kind PartialSuccessDropKind, itemsRejected int64, errorMessage string) error {
+// TracePartialSuccessError returns an error describing a partial success
+// response for the trace signal.
+func TracePartialSuccessError(itemsRejected int64, errorMessage string) error {
+	return PartialSuccess{
+		ErrorMessage:  errorMessage,
+		RejectedItems: itemsRejected,
+		RejectedKind:  "spans",
+	}
+}
+
+// MetricPartialSuccessError returns an error describing a partial success
+// response for the metric signal.
+func MetricPartialSuccessError(itemsRejected int64, errorMessage string) error {
 	return PartialSuccess{
 		ErrorMessage:  errorMessage,
 		RejectedItems: itemsRejected,
-		RejectedKind:  kind,
+		RejectedKind:  "metric data points",
 	}
 }
diff --git a/apis/vendor/go.opentelemetry.io/otel/exporters/otlp/internal/retry/retry.go b/apis/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/internal/retry/retry.go
similarity index 80%
rename from apis/vendor/go.opentelemetry.io/otel/exporters/otlp/internal/retry/retry.go
rename to apis/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/internal/retry/retry.go
index 3d43f7aea..3ce7d6632 100644
--- a/apis/vendor/go.opentelemetry.io/otel/exporters/otlp/internal/retry/retry.go
+++ b/apis/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/internal/retry/retry.go
@@ -1,3 +1,6 @@
+// Code created by gotmpl. DO NOT MODIFY.
+// source: internal/shared/otlp/retry/retry.go.tmpl
+
 // Copyright The OpenTelemetry Authors
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
@@ -15,7 +18,7 @@
 // Package retry provides request retry functionality that can perform
 // configurable exponential backoff for transient errors and honor any
 // explicit throttle responses received.
-package retry // import "go.opentelemetry.io/otel/exporters/otlp/internal/retry"
+package retry // import "go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/internal/retry"
 
 import (
 	"context"
@@ -76,21 +79,21 @@ func (c Config) RequestFunc(evaluate EvaluateFunc) RequestFunc {
 		}
 	}
 
-	// Do not use NewExponentialBackOff since it calls Reset and the code here
-	// must call Reset after changing the InitialInterval (this saves an
-	// unnecessary call to Now).
-	b := &backoff.ExponentialBackOff{
-		InitialInterval:     c.InitialInterval,
-		RandomizationFactor: backoff.DefaultRandomizationFactor,
-		Multiplier:          backoff.DefaultMultiplier,
-		MaxInterval:         c.MaxInterval,
-		MaxElapsedTime:      c.MaxElapsedTime,
-		Stop:                backoff.Stop,
-		Clock:               backoff.SystemClock,
-	}
-	b.Reset()
-
 	return func(ctx context.Context, fn func(context.Context) error) error {
+		// Do not use NewExponentialBackOff since it calls Reset and the code here
+		// must call Reset after changing the InitialInterval (this saves an
+		// unnecessary call to Now).
+		b := &backoff.ExponentialBackOff{
+			InitialInterval:     c.InitialInterval,
+			RandomizationFactor: backoff.DefaultRandomizationFactor,
+			Multiplier:          backoff.DefaultMultiplier,
+			MaxInterval:         c.MaxInterval,
+			MaxElapsedTime:      c.MaxElapsedTime,
+			Stop:                backoff.Stop,
+			Clock:               backoff.SystemClock,
+		}
+		b.Reset()
+
 		for {
 			err := fn(ctx)
 			if err == nil {
@@ -119,8 +122,8 @@ func (c Config) RequestFunc(evaluate EvaluateFunc) RequestFunc {
 				delay = throttle
 			}
 
-			if err := waitFunc(ctx, delay); err != nil {
-				return err
+			if ctxErr := waitFunc(ctx, delay); ctxErr != nil {
+				return fmt.Errorf("%w: %s", ctxErr, err)
 			}
 		}
 	}
@@ -129,6 +132,9 @@ func (c Config) RequestFunc(evaluate EvaluateFunc) RequestFunc {
 // Allow override for testing.
 var waitFunc = wait
 
+// wait takes the caller's context, and the amount of time to wait.  It will
+// return nil if the timer fires before or at the same time as the context's
+// deadline.  This indicates that the call can be retried.
 func wait(ctx context.Context, delay time.Duration) error {
 	timer := time.NewTimer(delay)
 	defer timer.Stop()
diff --git a/apis/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/options.go b/apis/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/options.go
index 3d09ce590..17ffeaf6e 100644
--- a/apis/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/options.go
+++ b/apis/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/options.go
@@ -22,8 +22,8 @@ import (
 	"google.golang.org/grpc/credentials"
 
 	"go.opentelemetry.io/otel"
-	"go.opentelemetry.io/otel/exporters/otlp/internal/retry"
-	"go.opentelemetry.io/otel/exporters/otlp/otlptrace/internal/otlpconfig"
+	"go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/internal/otlpconfig"
+	"go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/internal/retry"
 )
 
 // Option applies an option to the gRPC driver.
@@ -93,13 +93,7 @@ func compressorToCompression(compressor string) otlpconfig.Compression {
 }
 
 // WithCompressor sets the compressor for the gRPC client to use when sending
-// requests. It is the responsibility of the caller to ensure that the
-// compressor set has been registered with google.golang.org/grpc/encoding.
-// This can be done by encoding.RegisterCompressor. Some compressors
-// auto-register on import, such as gzip, which can be registered by calling
-// `import _ "google.golang.org/grpc/encoding/gzip"`.
-//
-// This option has no effect if WithGRPCConn is used.
+// requests. Supported compressor values: "gzip".
 func WithCompressor(compressor string) Option {
 	return wrappedOption{otlpconfig.WithCompression(compressorToCompression(compressor))}
 }
diff --git a/apis/vendor/go.opentelemetry.io/otel/metric/unit/doc.go b/apis/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/version.go
similarity index 65%
rename from apis/vendor/go.opentelemetry.io/otel/metric/unit/doc.go
rename to apis/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/version.go
index f8e723593..8ee285b8d 100644
--- a/apis/vendor/go.opentelemetry.io/otel/metric/unit/doc.go
+++ b/apis/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/version.go
@@ -12,9 +12,9 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-// Package unit provides units.
-//
-// This package is currently in a pre-GA phase. Backwards incompatible changes
-// may be introduced in subsequent minor version releases as we work to track
-// the evolving OpenTelemetry specification and user feedback.
-package unit // import "go.opentelemetry.io/otel/metric/unit"
+package otlptrace // import "go.opentelemetry.io/otel/exporters/otlp/otlptrace"
+
+// Version is the current release version of the OpenTelemetry OTLP trace exporter in use.
+func Version() string {
+	return "1.21.0"
+}
diff --git a/apis/vendor/go.opentelemetry.io/otel/handler.go b/apis/vendor/go.opentelemetry.io/otel/handler.go
index 36cf09f72..4115fe3bb 100644
--- a/apis/vendor/go.opentelemetry.io/otel/handler.go
+++ b/apis/vendor/go.opentelemetry.io/otel/handler.go
@@ -15,59 +15,16 @@
 package otel // import "go.opentelemetry.io/otel"
 
 import (
-	"log"
-	"os"
-	"sync"
+	"go.opentelemetry.io/otel/internal/global"
 )
 
 var (
-	// globalErrorHandler provides an ErrorHandler that can be used
-	// throughout an OpenTelemetry instrumented project. When a user
-	// specified ErrorHandler is registered (`SetErrorHandler`) all calls to
-	// `Handle` and will be delegated to the registered ErrorHandler.
-	globalErrorHandler = defaultErrorHandler()
-
-	// Compile-time check that delegator implements ErrorHandler.
-	_ ErrorHandler = (*delegator)(nil)
-	// Compile-time check that errLogger implements ErrorHandler.
-	_ ErrorHandler = (*errLogger)(nil)
+	// Compile-time check global.ErrDelegator implements ErrorHandler.
+	_ ErrorHandler = (*global.ErrDelegator)(nil)
+	// Compile-time check global.ErrLogger implements ErrorHandler.
+	_ ErrorHandler = (*global.ErrLogger)(nil)
 )
 
-type delegator struct {
-	lock *sync.RWMutex
-	eh   ErrorHandler
-}
-
-func (d *delegator) Handle(err error) {
-	d.lock.RLock()
-	defer d.lock.RUnlock()
-	d.eh.Handle(err)
-}
-
-// setDelegate sets the ErrorHandler delegate.
-func (d *delegator) setDelegate(eh ErrorHandler) {
-	d.lock.Lock()
-	defer d.lock.Unlock()
-	d.eh = eh
-}
-
-func defaultErrorHandler() *delegator {
-	return &delegator{
-		lock: &sync.RWMutex{},
-		eh:   &errLogger{l: log.New(os.Stderr, "", log.LstdFlags)},
-	}
-}
-
-// errLogger logs errors if no delegate is set, otherwise they are delegated.
-type errLogger struct {
-	l *log.Logger
-}
-
-// Handle logs err if no delegate is set, otherwise it is delegated.
-func (h *errLogger) Handle(err error) {
-	h.l.Print(err)
-}
-
 // GetErrorHandler returns the global ErrorHandler instance.
 //
 // The default ErrorHandler instance returned will log all errors to STDERR
@@ -77,9 +34,7 @@ func (h *errLogger) Handle(err error) {
 //
 // Subsequent calls to SetErrorHandler after the first will not forward errors
 // to the new ErrorHandler for prior returned instances.
-func GetErrorHandler() ErrorHandler {
-	return globalErrorHandler
-}
+func GetErrorHandler() ErrorHandler { return global.GetErrorHandler() }
 
 // SetErrorHandler sets the global ErrorHandler to h.
 //
@@ -87,11 +42,7 @@ func GetErrorHandler() ErrorHandler {
 // GetErrorHandler will send errors to h instead of the default logging
 // ErrorHandler. Subsequent calls will set the global ErrorHandler, but not
 // delegate errors to h.
-func SetErrorHandler(h ErrorHandler) {
-	globalErrorHandler.setDelegate(h)
-}
+func SetErrorHandler(h ErrorHandler) { global.SetErrorHandler(h) }
 
 // Handle is a convenience function for ErrorHandler().Handle(err).
-func Handle(err error) {
-	GetErrorHandler().Handle(err)
-}
+func Handle(err error) { global.Handle(err) }
diff --git a/apis/vendor/go.opentelemetry.io/otel/internal/attribute/attribute.go b/apis/vendor/go.opentelemetry.io/otel/internal/attribute/attribute.go
new file mode 100644
index 000000000..622c3ee3f
--- /dev/null
+++ b/apis/vendor/go.opentelemetry.io/otel/internal/attribute/attribute.go
@@ -0,0 +1,111 @@
+// Copyright The OpenTelemetry Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+/*
+Package attribute provide several helper functions for some commonly used
+logic of processing attributes.
+*/
+package attribute // import "go.opentelemetry.io/otel/internal/attribute"
+
+import (
+	"reflect"
+)
+
+// BoolSliceValue converts a bool slice into an array with same elements as slice.
+func BoolSliceValue(v []bool) interface{} {
+	var zero bool
+	cp := reflect.New(reflect.ArrayOf(len(v), reflect.TypeOf(zero)))
+	copy(cp.Elem().Slice(0, len(v)).Interface().([]bool), v)
+	return cp.Elem().Interface()
+}
+
+// Int64SliceValue converts an int64 slice into an array with same elements as slice.
+func Int64SliceValue(v []int64) interface{} {
+	var zero int64
+	cp := reflect.New(reflect.ArrayOf(len(v), reflect.TypeOf(zero)))
+	copy(cp.Elem().Slice(0, len(v)).Interface().([]int64), v)
+	return cp.Elem().Interface()
+}
+
+// Float64SliceValue converts a float64 slice into an array with same elements as slice.
+func Float64SliceValue(v []float64) interface{} {
+	var zero float64
+	cp := reflect.New(reflect.ArrayOf(len(v), reflect.TypeOf(zero)))
+	copy(cp.Elem().Slice(0, len(v)).Interface().([]float64), v)
+	return cp.Elem().Interface()
+}
+
+// StringSliceValue converts a string slice into an array with same elements as slice.
+func StringSliceValue(v []string) interface{} {
+	var zero string
+	cp := reflect.New(reflect.ArrayOf(len(v), reflect.TypeOf(zero)))
+	copy(cp.Elem().Slice(0, len(v)).Interface().([]string), v)
+	return cp.Elem().Interface()
+}
+
+// AsBoolSlice converts a bool array into a slice into with same elements as array.
+func AsBoolSlice(v interface{}) []bool {
+	rv := reflect.ValueOf(v)
+	if rv.Type().Kind() != reflect.Array {
+		return nil
+	}
+	var zero bool
+	correctLen := rv.Len()
+	correctType := reflect.ArrayOf(correctLen, reflect.TypeOf(zero))
+	cpy := reflect.New(correctType)
+	_ = reflect.Copy(cpy.Elem(), rv)
+	return cpy.Elem().Slice(0, correctLen).Interface().([]bool)
+}
+
+// AsInt64Slice converts an int64 array into a slice into with same elements as array.
+func AsInt64Slice(v interface{}) []int64 {
+	rv := reflect.ValueOf(v)
+	if rv.Type().Kind() != reflect.Array {
+		return nil
+	}
+	var zero int64
+	correctLen := rv.Len()
+	correctType := reflect.ArrayOf(correctLen, reflect.TypeOf(zero))
+	cpy := reflect.New(correctType)
+	_ = reflect.Copy(cpy.Elem(), rv)
+	return cpy.Elem().Slice(0, correctLen).Interface().([]int64)
+}
+
+// AsFloat64Slice converts a float64 array into a slice into with same elements as array.
+func AsFloat64Slice(v interface{}) []float64 {
+	rv := reflect.ValueOf(v)
+	if rv.Type().Kind() != reflect.Array {
+		return nil
+	}
+	var zero float64
+	correctLen := rv.Len()
+	correctType := reflect.ArrayOf(correctLen, reflect.TypeOf(zero))
+	cpy := reflect.New(correctType)
+	_ = reflect.Copy(cpy.Elem(), rv)
+	return cpy.Elem().Slice(0, correctLen).Interface().([]float64)
+}
+
+// AsStringSlice converts a string array into a slice into with same elements as array.
+func AsStringSlice(v interface{}) []string {
+	rv := reflect.ValueOf(v)
+	if rv.Type().Kind() != reflect.Array {
+		return nil
+	}
+	var zero string
+	correctLen := rv.Len()
+	correctType := reflect.ArrayOf(correctLen, reflect.TypeOf(zero))
+	cpy := reflect.New(correctType)
+	_ = reflect.Copy(cpy.Elem(), rv)
+	return cpy.Elem().Slice(0, correctLen).Interface().([]string)
+}
diff --git a/apis/vendor/go.opentelemetry.io/otel/internal/gen.go b/apis/vendor/go.opentelemetry.io/otel/internal/gen.go
new file mode 100644
index 000000000..f532f07e9
--- /dev/null
+++ b/apis/vendor/go.opentelemetry.io/otel/internal/gen.go
@@ -0,0 +1,29 @@
+// Copyright The OpenTelemetry Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package internal // import "go.opentelemetry.io/otel/internal"
+
+//go:generate gotmpl --body=./shared/matchers/expectation.go.tmpl "--data={}" --out=matchers/expectation.go
+//go:generate gotmpl --body=./shared/matchers/expecter.go.tmpl "--data={}" --out=matchers/expecter.go
+//go:generate gotmpl --body=./shared/matchers/temporal_matcher.go.tmpl "--data={}" --out=matchers/temporal_matcher.go
+
+//go:generate gotmpl --body=./shared/internaltest/alignment.go.tmpl "--data={}" --out=internaltest/alignment.go
+//go:generate gotmpl --body=./shared/internaltest/env.go.tmpl "--data={}" --out=internaltest/env.go
+//go:generate gotmpl --body=./shared/internaltest/env_test.go.tmpl "--data={}" --out=internaltest/env_test.go
+//go:generate gotmpl --body=./shared/internaltest/errors.go.tmpl "--data={}" --out=internaltest/errors.go
+//go:generate gotmpl --body=./shared/internaltest/harness.go.tmpl "--data={\"matchersImportPath\": \"go.opentelemetry.io/otel/internal/matchers\"}" --out=internaltest/harness.go
+//go:generate gotmpl --body=./shared/internaltest/text_map_carrier.go.tmpl "--data={}" --out=internaltest/text_map_carrier.go
+//go:generate gotmpl --body=./shared/internaltest/text_map_carrier_test.go.tmpl "--data={}" --out=internaltest/text_map_carrier_test.go
+//go:generate gotmpl --body=./shared/internaltest/text_map_propagator.go.tmpl "--data={}" --out=internaltest/text_map_propagator.go
+//go:generate gotmpl --body=./shared/internaltest/text_map_propagator_test.go.tmpl "--data={}" --out=internaltest/text_map_propagator_test.go
diff --git a/apis/vendor/go.opentelemetry.io/otel/internal/global/handler.go b/apis/vendor/go.opentelemetry.io/otel/internal/global/handler.go
new file mode 100644
index 000000000..5e9b83047
--- /dev/null
+++ b/apis/vendor/go.opentelemetry.io/otel/internal/global/handler.go
@@ -0,0 +1,102 @@
+// Copyright The OpenTelemetry Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package global // import "go.opentelemetry.io/otel/internal/global"
+
+import (
+	"log"
+	"os"
+	"sync/atomic"
+)
+
+var (
+	// GlobalErrorHandler provides an ErrorHandler that can be used
+	// throughout an OpenTelemetry instrumented project. When a user
+	// specified ErrorHandler is registered (`SetErrorHandler`) all calls to
+	// `Handle` and will be delegated to the registered ErrorHandler.
+	GlobalErrorHandler = defaultErrorHandler()
+
+	// Compile-time check that delegator implements ErrorHandler.
+	_ ErrorHandler = (*ErrDelegator)(nil)
+	// Compile-time check that errLogger implements ErrorHandler.
+	_ ErrorHandler = (*ErrLogger)(nil)
+)
+
+// ErrorHandler handles irremediable events.
+type ErrorHandler interface {
+	// Handle handles any error deemed irremediable by an OpenTelemetry
+	// component.
+	Handle(error)
+}
+
+type ErrDelegator struct {
+	delegate atomic.Pointer[ErrorHandler]
+}
+
+func (d *ErrDelegator) Handle(err error) {
+	d.getDelegate().Handle(err)
+}
+
+func (d *ErrDelegator) getDelegate() ErrorHandler {
+	return *d.delegate.Load()
+}
+
+// setDelegate sets the ErrorHandler delegate.
+func (d *ErrDelegator) setDelegate(eh ErrorHandler) {
+	d.delegate.Store(&eh)
+}
+
+func defaultErrorHandler() *ErrDelegator {
+	d := &ErrDelegator{}
+	d.setDelegate(&ErrLogger{l: log.New(os.Stderr, "", log.LstdFlags)})
+	return d
+}
+
+// ErrLogger logs errors if no delegate is set, otherwise they are delegated.
+type ErrLogger struct {
+	l *log.Logger
+}
+
+// Handle logs err if no delegate is set, otherwise it is delegated.
+func (h *ErrLogger) Handle(err error) {
+	h.l.Print(err)
+}
+
+// GetErrorHandler returns the global ErrorHandler instance.
+//
+// The default ErrorHandler instance returned will log all errors to STDERR
+// until an override ErrorHandler is set with SetErrorHandler. All
+// ErrorHandler returned prior to this will automatically forward errors to
+// the set instance instead of logging.
+//
+// Subsequent calls to SetErrorHandler after the first will not forward errors
+// to the new ErrorHandler for prior returned instances.
+func GetErrorHandler() ErrorHandler {
+	return GlobalErrorHandler
+}
+
+// SetErrorHandler sets the global ErrorHandler to h.
+//
+// The first time this is called all ErrorHandler previously returned from
+// GetErrorHandler will send errors to h instead of the default logging
+// ErrorHandler. Subsequent calls will set the global ErrorHandler, but not
+// delegate errors to h.
+func SetErrorHandler(h ErrorHandler) {
+	GlobalErrorHandler.setDelegate(h)
+}
+
+// Handle is a convenience function for ErrorHandler().Handle(err).
+func Handle(err error) {
+	GetErrorHandler().Handle(err)
+}
diff --git a/apis/vendor/go.opentelemetry.io/otel/internal/global/instruments.go b/apis/vendor/go.opentelemetry.io/otel/internal/global/instruments.go
new file mode 100644
index 000000000..ebb13c206
--- /dev/null
+++ b/apis/vendor/go.opentelemetry.io/otel/internal/global/instruments.go
@@ -0,0 +1,371 @@
+// Copyright The OpenTelemetry Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package global // import "go.opentelemetry.io/otel/internal/global"
+
+import (
+	"context"
+	"sync/atomic"
+
+	"go.opentelemetry.io/otel/metric"
+	"go.opentelemetry.io/otel/metric/embedded"
+)
+
+// unwrapper unwraps to return the underlying instrument implementation.
+type unwrapper interface {
+	Unwrap() metric.Observable
+}
+
+type afCounter struct {
+	embedded.Float64ObservableCounter
+	metric.Float64Observable
+
+	name string
+	opts []metric.Float64ObservableCounterOption
+
+	delegate atomic.Value // metric.Float64ObservableCounter
+}
+
+var (
+	_ unwrapper                       = (*afCounter)(nil)
+	_ metric.Float64ObservableCounter = (*afCounter)(nil)
+)
+
+func (i *afCounter) setDelegate(m metric.Meter) {
+	ctr, err := m.Float64ObservableCounter(i.name, i.opts...)
+	if err != nil {
+		GetErrorHandler().Handle(err)
+		return
+	}
+	i.delegate.Store(ctr)
+}
+
+func (i *afCounter) Unwrap() metric.Observable {
+	if ctr := i.delegate.Load(); ctr != nil {
+		return ctr.(metric.Float64ObservableCounter)
+	}
+	return nil
+}
+
+type afUpDownCounter struct {
+	embedded.Float64ObservableUpDownCounter
+	metric.Float64Observable
+
+	name string
+	opts []metric.Float64ObservableUpDownCounterOption
+
+	delegate atomic.Value // metric.Float64ObservableUpDownCounter
+}
+
+var (
+	_ unwrapper                             = (*afUpDownCounter)(nil)
+	_ metric.Float64ObservableUpDownCounter = (*afUpDownCounter)(nil)
+)
+
+func (i *afUpDownCounter) setDelegate(m metric.Meter) {
+	ctr, err := m.Float64ObservableUpDownCounter(i.name, i.opts...)
+	if err != nil {
+		GetErrorHandler().Handle(err)
+		return
+	}
+	i.delegate.Store(ctr)
+}
+
+func (i *afUpDownCounter) Unwrap() metric.Observable {
+	if ctr := i.delegate.Load(); ctr != nil {
+		return ctr.(metric.Float64ObservableUpDownCounter)
+	}
+	return nil
+}
+
+type afGauge struct {
+	embedded.Float64ObservableGauge
+	metric.Float64Observable
+
+	name string
+	opts []metric.Float64ObservableGaugeOption
+
+	delegate atomic.Value // metric.Float64ObservableGauge
+}
+
+var (
+	_ unwrapper                     = (*afGauge)(nil)
+	_ metric.Float64ObservableGauge = (*afGauge)(nil)
+)
+
+func (i *afGauge) setDelegate(m metric.Meter) {
+	ctr, err := m.Float64ObservableGauge(i.name, i.opts...)
+	if err != nil {
+		GetErrorHandler().Handle(err)
+		return
+	}
+	i.delegate.Store(ctr)
+}
+
+func (i *afGauge) Unwrap() metric.Observable {
+	if ctr := i.delegate.Load(); ctr != nil {
+		return ctr.(metric.Float64ObservableGauge)
+	}
+	return nil
+}
+
+type aiCounter struct {
+	embedded.Int64ObservableCounter
+	metric.Int64Observable
+
+	name string
+	opts []metric.Int64ObservableCounterOption
+
+	delegate atomic.Value // metric.Int64ObservableCounter
+}
+
+var (
+	_ unwrapper                     = (*aiCounter)(nil)
+	_ metric.Int64ObservableCounter = (*aiCounter)(nil)
+)
+
+func (i *aiCounter) setDelegate(m metric.Meter) {
+	ctr, err := m.Int64ObservableCounter(i.name, i.opts...)
+	if err != nil {
+		GetErrorHandler().Handle(err)
+		return
+	}
+	i.delegate.Store(ctr)
+}
+
+func (i *aiCounter) Unwrap() metric.Observable {
+	if ctr := i.delegate.Load(); ctr != nil {
+		return ctr.(metric.Int64ObservableCounter)
+	}
+	return nil
+}
+
+type aiUpDownCounter struct {
+	embedded.Int64ObservableUpDownCounter
+	metric.Int64Observable
+
+	name string
+	opts []metric.Int64ObservableUpDownCounterOption
+
+	delegate atomic.Value // metric.Int64ObservableUpDownCounter
+}
+
+var (
+	_ unwrapper                           = (*aiUpDownCounter)(nil)
+	_ metric.Int64ObservableUpDownCounter = (*aiUpDownCounter)(nil)
+)
+
+func (i *aiUpDownCounter) setDelegate(m metric.Meter) {
+	ctr, err := m.Int64ObservableUpDownCounter(i.name, i.opts...)
+	if err != nil {
+		GetErrorHandler().Handle(err)
+		return
+	}
+	i.delegate.Store(ctr)
+}
+
+func (i *aiUpDownCounter) Unwrap() metric.Observable {
+	if ctr := i.delegate.Load(); ctr != nil {
+		return ctr.(metric.Int64ObservableUpDownCounter)
+	}
+	return nil
+}
+
+type aiGauge struct {
+	embedded.Int64ObservableGauge
+	metric.Int64Observable
+
+	name string
+	opts []metric.Int64ObservableGaugeOption
+
+	delegate atomic.Value // metric.Int64ObservableGauge
+}
+
+var (
+	_ unwrapper                   = (*aiGauge)(nil)
+	_ metric.Int64ObservableGauge = (*aiGauge)(nil)
+)
+
+func (i *aiGauge) setDelegate(m metric.Meter) {
+	ctr, err := m.Int64ObservableGauge(i.name, i.opts...)
+	if err != nil {
+		GetErrorHandler().Handle(err)
+		return
+	}
+	i.delegate.Store(ctr)
+}
+
+func (i *aiGauge) Unwrap() metric.Observable {
+	if ctr := i.delegate.Load(); ctr != nil {
+		return ctr.(metric.Int64ObservableGauge)
+	}
+	return nil
+}
+
+// Sync Instruments.
+type sfCounter struct {
+	embedded.Float64Counter
+
+	name string
+	opts []metric.Float64CounterOption
+
+	delegate atomic.Value // metric.Float64Counter
+}
+
+var _ metric.Float64Counter = (*sfCounter)(nil)
+
+func (i *sfCounter) setDelegate(m metric.Meter) {
+	ctr, err := m.Float64Counter(i.name, i.opts...)
+	if err != nil {
+		GetErrorHandler().Handle(err)
+		return
+	}
+	i.delegate.Store(ctr)
+}
+
+func (i *sfCounter) Add(ctx context.Context, incr float64, opts ...metric.AddOption) {
+	if ctr := i.delegate.Load(); ctr != nil {
+		ctr.(metric.Float64Counter).Add(ctx, incr, opts...)
+	}
+}
+
+type sfUpDownCounter struct {
+	embedded.Float64UpDownCounter
+
+	name string
+	opts []metric.Float64UpDownCounterOption
+
+	delegate atomic.Value // metric.Float64UpDownCounter
+}
+
+var _ metric.Float64UpDownCounter = (*sfUpDownCounter)(nil)
+
+func (i *sfUpDownCounter) setDelegate(m metric.Meter) {
+	ctr, err := m.Float64UpDownCounter(i.name, i.opts...)
+	if err != nil {
+		GetErrorHandler().Handle(err)
+		return
+	}
+	i.delegate.Store(ctr)
+}
+
+func (i *sfUpDownCounter) Add(ctx context.Context, incr float64, opts ...metric.AddOption) {
+	if ctr := i.delegate.Load(); ctr != nil {
+		ctr.(metric.Float64UpDownCounter).Add(ctx, incr, opts...)
+	}
+}
+
+type sfHistogram struct {
+	embedded.Float64Histogram
+
+	name string
+	opts []metric.Float64HistogramOption
+
+	delegate atomic.Value // metric.Float64Histogram
+}
+
+var _ metric.Float64Histogram = (*sfHistogram)(nil)
+
+func (i *sfHistogram) setDelegate(m metric.Meter) {
+	ctr, err := m.Float64Histogram(i.name, i.opts...)
+	if err != nil {
+		GetErrorHandler().Handle(err)
+		return
+	}
+	i.delegate.Store(ctr)
+}
+
+func (i *sfHistogram) Record(ctx context.Context, x float64, opts ...metric.RecordOption) {
+	if ctr := i.delegate.Load(); ctr != nil {
+		ctr.(metric.Float64Histogram).Record(ctx, x, opts...)
+	}
+}
+
+type siCounter struct {
+	embedded.Int64Counter
+
+	name string
+	opts []metric.Int64CounterOption
+
+	delegate atomic.Value // metric.Int64Counter
+}
+
+var _ metric.Int64Counter = (*siCounter)(nil)
+
+func (i *siCounter) setDelegate(m metric.Meter) {
+	ctr, err := m.Int64Counter(i.name, i.opts...)
+	if err != nil {
+		GetErrorHandler().Handle(err)
+		return
+	}
+	i.delegate.Store(ctr)
+}
+
+func (i *siCounter) Add(ctx context.Context, x int64, opts ...metric.AddOption) {
+	if ctr := i.delegate.Load(); ctr != nil {
+		ctr.(metric.Int64Counter).Add(ctx, x, opts...)
+	}
+}
+
+type siUpDownCounter struct {
+	embedded.Int64UpDownCounter
+
+	name string
+	opts []metric.Int64UpDownCounterOption
+
+	delegate atomic.Value // metric.Int64UpDownCounter
+}
+
+var _ metric.Int64UpDownCounter = (*siUpDownCounter)(nil)
+
+func (i *siUpDownCounter) setDelegate(m metric.Meter) {
+	ctr, err := m.Int64UpDownCounter(i.name, i.opts...)
+	if err != nil {
+		GetErrorHandler().Handle(err)
+		return
+	}
+	i.delegate.Store(ctr)
+}
+
+func (i *siUpDownCounter) Add(ctx context.Context, x int64, opts ...metric.AddOption) {
+	if ctr := i.delegate.Load(); ctr != nil {
+		ctr.(metric.Int64UpDownCounter).Add(ctx, x, opts...)
+	}
+}
+
+type siHistogram struct {
+	embedded.Int64Histogram
+
+	name string
+	opts []metric.Int64HistogramOption
+
+	delegate atomic.Value // metric.Int64Histogram
+}
+
+var _ metric.Int64Histogram = (*siHistogram)(nil)
+
+func (i *siHistogram) setDelegate(m metric.Meter) {
+	ctr, err := m.Int64Histogram(i.name, i.opts...)
+	if err != nil {
+		GetErrorHandler().Handle(err)
+		return
+	}
+	i.delegate.Store(ctr)
+}
+
+func (i *siHistogram) Record(ctx context.Context, x int64, opts ...metric.RecordOption) {
+	if ctr := i.delegate.Load(); ctr != nil {
+		ctr.(metric.Int64Histogram).Record(ctx, x, opts...)
+	}
+}
diff --git a/apis/vendor/go.opentelemetry.io/otel/internal/global/internal_logging.go b/apis/vendor/go.opentelemetry.io/otel/internal/global/internal_logging.go
index ccb325871..c6f305a2b 100644
--- a/apis/vendor/go.opentelemetry.io/otel/internal/global/internal_logging.go
+++ b/apis/vendor/go.opentelemetry.io/otel/internal/global/internal_logging.go
@@ -17,47 +17,53 @@ package global // import "go.opentelemetry.io/otel/internal/global"
 import (
 	"log"
 	"os"
-	"sync"
+	"sync/atomic"
 
 	"github.com/go-logr/logr"
 	"github.com/go-logr/stdr"
 )
 
-// globalLogger is the logging interface used within the otel api and sdk provide deatails of the internals.
+// globalLogger is the logging interface used within the otel api and sdk provide details of the internals.
 //
 // The default logger uses stdr which is backed by the standard `log.Logger`
 // interface. This logger will only show messages at the Error Level.
-var globalLogger logr.Logger = stdr.New(log.New(os.Stderr, "", log.LstdFlags|log.Lshortfile))
-var globalLoggerLock = &sync.RWMutex{}
+var globalLogger atomic.Pointer[logr.Logger]
+
+func init() {
+	SetLogger(stdr.New(log.New(os.Stderr, "", log.LstdFlags|log.Lshortfile)))
+}
 
 // SetLogger overrides the globalLogger with l.
 //
-// To see Info messages use a logger with `l.V(1).Enabled() == true`
-// To see Debug messages use a logger with `l.V(5).Enabled() == true`.
+// To see Warn messages use a logger with `l.V(1).Enabled() == true`
+// To see Info messages use a logger with `l.V(4).Enabled() == true`
+// To see Debug messages use a logger with `l.V(8).Enabled() == true`.
 func SetLogger(l logr.Logger) {
-	globalLoggerLock.Lock()
-	defer globalLoggerLock.Unlock()
-	globalLogger = l
+	globalLogger.Store(&l)
+}
+
+func getLogger() logr.Logger {
+	return *globalLogger.Load()
 }
 
 // Info prints messages about the general state of the API or SDK.
-// This should usually be less then 5 messages a minute.
+// This should usually be less than 5 messages a minute.
 func Info(msg string, keysAndValues ...interface{}) {
-	globalLoggerLock.RLock()
-	defer globalLoggerLock.RUnlock()
-	globalLogger.V(1).Info(msg, keysAndValues...)
+	getLogger().V(4).Info(msg, keysAndValues...)
 }
 
 // Error prints messages about exceptional states of the API or SDK.
 func Error(err error, msg string, keysAndValues ...interface{}) {
-	globalLoggerLock.RLock()
-	defer globalLoggerLock.RUnlock()
-	globalLogger.Error(err, msg, keysAndValues...)
+	getLogger().Error(err, msg, keysAndValues...)
 }
 
 // Debug prints messages about all internal changes in the API or SDK.
 func Debug(msg string, keysAndValues ...interface{}) {
-	globalLoggerLock.RLock()
-	defer globalLoggerLock.RUnlock()
-	globalLogger.V(5).Info(msg, keysAndValues...)
+	getLogger().V(8).Info(msg, keysAndValues...)
+}
+
+// Warn prints messages about warnings in the API or SDK.
+// Not an error but is likely more important than an informational event.
+func Warn(msg string, keysAndValues ...interface{}) {
+	getLogger().V(1).Info(msg, keysAndValues...)
 }
diff --git a/apis/vendor/go.opentelemetry.io/otel/internal/global/meter.go b/apis/vendor/go.opentelemetry.io/otel/internal/global/meter.go
new file mode 100644
index 000000000..0097db478
--- /dev/null
+++ b/apis/vendor/go.opentelemetry.io/otel/internal/global/meter.go
@@ -0,0 +1,354 @@
+// Copyright The OpenTelemetry Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package global // import "go.opentelemetry.io/otel/internal/global"
+
+import (
+	"container/list"
+	"sync"
+	"sync/atomic"
+
+	"go.opentelemetry.io/otel/metric"
+	"go.opentelemetry.io/otel/metric/embedded"
+)
+
+// meterProvider is a placeholder for a configured SDK MeterProvider.
+//
+// All MeterProvider functionality is forwarded to a delegate once
+// configured.
+type meterProvider struct {
+	embedded.MeterProvider
+
+	mtx    sync.Mutex
+	meters map[il]*meter
+
+	delegate metric.MeterProvider
+}
+
+// setDelegate configures p to delegate all MeterProvider functionality to
+// provider.
+//
+// All Meters provided prior to this function call are switched out to be
+// Meters provided by provider. All instruments and callbacks are recreated and
+// delegated.
+//
+// It is guaranteed by the caller that this happens only once.
+func (p *meterProvider) setDelegate(provider metric.MeterProvider) {
+	p.mtx.Lock()
+	defer p.mtx.Unlock()
+
+	p.delegate = provider
+
+	if len(p.meters) == 0 {
+		return
+	}
+
+	for _, meter := range p.meters {
+		meter.setDelegate(provider)
+	}
+
+	p.meters = nil
+}
+
+// Meter implements MeterProvider.
+func (p *meterProvider) Meter(name string, opts ...metric.MeterOption) metric.Meter {
+	p.mtx.Lock()
+	defer p.mtx.Unlock()
+
+	if p.delegate != nil {
+		return p.delegate.Meter(name, opts...)
+	}
+
+	// At this moment it is guaranteed that no sdk is installed, save the meter in the meters map.
+
+	c := metric.NewMeterConfig(opts...)
+	key := il{
+		name:    name,
+		version: c.InstrumentationVersion(),
+	}
+
+	if p.meters == nil {
+		p.meters = make(map[il]*meter)
+	}
+
+	if val, ok := p.meters[key]; ok {
+		return val
+	}
+
+	t := &meter{name: name, opts: opts}
+	p.meters[key] = t
+	return t
+}
+
+// meter is a placeholder for a metric.Meter.
+//
+// All Meter functionality is forwarded to a delegate once configured.
+// Otherwise, all functionality is forwarded to a NoopMeter.
+type meter struct {
+	embedded.Meter
+
+	name string
+	opts []metric.MeterOption
+
+	mtx         sync.Mutex
+	instruments []delegatedInstrument
+
+	registry list.List
+
+	delegate atomic.Value // metric.Meter
+}
+
+type delegatedInstrument interface {
+	setDelegate(metric.Meter)
+}
+
+// setDelegate configures m to delegate all Meter functionality to Meters
+// created by provider.
+//
+// All subsequent calls to the Meter methods will be passed to the delegate.
+//
+// It is guaranteed by the caller that this happens only once.
+func (m *meter) setDelegate(provider metric.MeterProvider) {
+	meter := provider.Meter(m.name, m.opts...)
+	m.delegate.Store(meter)
+
+	m.mtx.Lock()
+	defer m.mtx.Unlock()
+
+	for _, inst := range m.instruments {
+		inst.setDelegate(meter)
+	}
+
+	for e := m.registry.Front(); e != nil; e = e.Next() {
+		r := e.Value.(*registration)
+		r.setDelegate(meter)
+		m.registry.Remove(e)
+	}
+
+	m.instruments = nil
+	m.registry.Init()
+}
+
+func (m *meter) Int64Counter(name string, options ...metric.Int64CounterOption) (metric.Int64Counter, error) {
+	if del, ok := m.delegate.Load().(metric.Meter); ok {
+		return del.Int64Counter(name, options...)
+	}
+	m.mtx.Lock()
+	defer m.mtx.Unlock()
+	i := &siCounter{name: name, opts: options}
+	m.instruments = append(m.instruments, i)
+	return i, nil
+}
+
+func (m *meter) Int64UpDownCounter(name string, options ...metric.Int64UpDownCounterOption) (metric.Int64UpDownCounter, error) {
+	if del, ok := m.delegate.Load().(metric.Meter); ok {
+		return del.Int64UpDownCounter(name, options...)
+	}
+	m.mtx.Lock()
+	defer m.mtx.Unlock()
+	i := &siUpDownCounter{name: name, opts: options}
+	m.instruments = append(m.instruments, i)
+	return i, nil
+}
+
+func (m *meter) Int64Histogram(name string, options ...metric.Int64HistogramOption) (metric.Int64Histogram, error) {
+	if del, ok := m.delegate.Load().(metric.Meter); ok {
+		return del.Int64Histogram(name, options...)
+	}
+	m.mtx.Lock()
+	defer m.mtx.Unlock()
+	i := &siHistogram{name: name, opts: options}
+	m.instruments = append(m.instruments, i)
+	return i, nil
+}
+
+func (m *meter) Int64ObservableCounter(name string, options ...metric.Int64ObservableCounterOption) (metric.Int64ObservableCounter, error) {
+	if del, ok := m.delegate.Load().(metric.Meter); ok {
+		return del.Int64ObservableCounter(name, options...)
+	}
+	m.mtx.Lock()
+	defer m.mtx.Unlock()
+	i := &aiCounter{name: name, opts: options}
+	m.instruments = append(m.instruments, i)
+	return i, nil
+}
+
+func (m *meter) Int64ObservableUpDownCounter(name string, options ...metric.Int64ObservableUpDownCounterOption) (metric.Int64ObservableUpDownCounter, error) {
+	if del, ok := m.delegate.Load().(metric.Meter); ok {
+		return del.Int64ObservableUpDownCounter(name, options...)
+	}
+	m.mtx.Lock()
+	defer m.mtx.Unlock()
+	i := &aiUpDownCounter{name: name, opts: options}
+	m.instruments = append(m.instruments, i)
+	return i, nil
+}
+
+func (m *meter) Int64ObservableGauge(name string, options ...metric.Int64ObservableGaugeOption) (metric.Int64ObservableGauge, error) {
+	if del, ok := m.delegate.Load().(metric.Meter); ok {
+		return del.Int64ObservableGauge(name, options...)
+	}
+	m.mtx.Lock()
+	defer m.mtx.Unlock()
+	i := &aiGauge{name: name, opts: options}
+	m.instruments = append(m.instruments, i)
+	return i, nil
+}
+
+func (m *meter) Float64Counter(name string, options ...metric.Float64CounterOption) (metric.Float64Counter, error) {
+	if del, ok := m.delegate.Load().(metric.Meter); ok {
+		return del.Float64Counter(name, options...)
+	}
+	m.mtx.Lock()
+	defer m.mtx.Unlock()
+	i := &sfCounter{name: name, opts: options}
+	m.instruments = append(m.instruments, i)
+	return i, nil
+}
+
+func (m *meter) Float64UpDownCounter(name string, options ...metric.Float64UpDownCounterOption) (metric.Float64UpDownCounter, error) {
+	if del, ok := m.delegate.Load().(metric.Meter); ok {
+		return del.Float64UpDownCounter(name, options...)
+	}
+	m.mtx.Lock()
+	defer m.mtx.Unlock()
+	i := &sfUpDownCounter{name: name, opts: options}
+	m.instruments = append(m.instruments, i)
+	return i, nil
+}
+
+func (m *meter) Float64Histogram(name string, options ...metric.Float64HistogramOption) (metric.Float64Histogram, error) {
+	if del, ok := m.delegate.Load().(metric.Meter); ok {
+		return del.Float64Histogram(name, options...)
+	}
+	m.mtx.Lock()
+	defer m.mtx.Unlock()
+	i := &sfHistogram{name: name, opts: options}
+	m.instruments = append(m.instruments, i)
+	return i, nil
+}
+
+func (m *meter) Float64ObservableCounter(name string, options ...metric.Float64ObservableCounterOption) (metric.Float64ObservableCounter, error) {
+	if del, ok := m.delegate.Load().(metric.Meter); ok {
+		return del.Float64ObservableCounter(name, options...)
+	}
+	m.mtx.Lock()
+	defer m.mtx.Unlock()
+	i := &afCounter{name: name, opts: options}
+	m.instruments = append(m.instruments, i)
+	return i, nil
+}
+
+func (m *meter) Float64ObservableUpDownCounter(name string, options ...metric.Float64ObservableUpDownCounterOption) (metric.Float64ObservableUpDownCounter, error) {
+	if del, ok := m.delegate.Load().(metric.Meter); ok {
+		return del.Float64ObservableUpDownCounter(name, options...)
+	}
+	m.mtx.Lock()
+	defer m.mtx.Unlock()
+	i := &afUpDownCounter{name: name, opts: options}
+	m.instruments = append(m.instruments, i)
+	return i, nil
+}
+
+func (m *meter) Float64ObservableGauge(name string, options ...metric.Float64ObservableGaugeOption) (metric.Float64ObservableGauge, error) {
+	if del, ok := m.delegate.Load().(metric.Meter); ok {
+		return del.Float64ObservableGauge(name, options...)
+	}
+	m.mtx.Lock()
+	defer m.mtx.Unlock()
+	i := &afGauge{name: name, opts: options}
+	m.instruments = append(m.instruments, i)
+	return i, nil
+}
+
+// RegisterCallback captures the function that will be called during Collect.
+func (m *meter) RegisterCallback(f metric.Callback, insts ...metric.Observable) (metric.Registration, error) {
+	if del, ok := m.delegate.Load().(metric.Meter); ok {
+		insts = unwrapInstruments(insts)
+		return del.RegisterCallback(f, insts...)
+	}
+
+	m.mtx.Lock()
+	defer m.mtx.Unlock()
+
+	reg := &registration{instruments: insts, function: f}
+	e := m.registry.PushBack(reg)
+	reg.unreg = func() error {
+		m.mtx.Lock()
+		_ = m.registry.Remove(e)
+		m.mtx.Unlock()
+		return nil
+	}
+	return reg, nil
+}
+
+type wrapped interface {
+	unwrap() metric.Observable
+}
+
+func unwrapInstruments(instruments []metric.Observable) []metric.Observable {
+	out := make([]metric.Observable, 0, len(instruments))
+
+	for _, inst := range instruments {
+		if in, ok := inst.(wrapped); ok {
+			out = append(out, in.unwrap())
+		} else {
+			out = append(out, inst)
+		}
+	}
+
+	return out
+}
+
+type registration struct {
+	embedded.Registration
+
+	instruments []metric.Observable
+	function    metric.Callback
+
+	unreg   func() error
+	unregMu sync.Mutex
+}
+
+func (c *registration) setDelegate(m metric.Meter) {
+	insts := unwrapInstruments(c.instruments)
+
+	c.unregMu.Lock()
+	defer c.unregMu.Unlock()
+
+	if c.unreg == nil {
+		// Unregister already called.
+		return
+	}
+
+	reg, err := m.RegisterCallback(c.function, insts...)
+	if err != nil {
+		GetErrorHandler().Handle(err)
+	}
+
+	c.unreg = reg.Unregister
+}
+
+func (c *registration) Unregister() error {
+	c.unregMu.Lock()
+	defer c.unregMu.Unlock()
+	if c.unreg == nil {
+		// Unregister already called.
+		return nil
+	}
+
+	var err error
+	err, c.unreg = c.unreg(), nil
+	return err
+}
diff --git a/apis/vendor/go.opentelemetry.io/otel/internal/global/state.go b/apis/vendor/go.opentelemetry.io/otel/internal/global/state.go
index 1ad38f828..7985005bc 100644
--- a/apis/vendor/go.opentelemetry.io/otel/internal/global/state.go
+++ b/apis/vendor/go.opentelemetry.io/otel/internal/global/state.go
@@ -19,6 +19,7 @@ import (
 	"sync"
 	"sync/atomic"
 
+	"go.opentelemetry.io/otel/metric"
 	"go.opentelemetry.io/otel/propagation"
 	"go.opentelemetry.io/otel/trace"
 )
@@ -31,14 +32,20 @@ type (
 	propagatorsHolder struct {
 		tm propagation.TextMapPropagator
 	}
+
+	meterProviderHolder struct {
+		mp metric.MeterProvider
+	}
 )
 
 var (
-	globalTracer      = defaultTracerValue()
-	globalPropagators = defaultPropagatorsValue()
+	globalTracer        = defaultTracerValue()
+	globalPropagators   = defaultPropagatorsValue()
+	globalMeterProvider = defaultMeterProvider()
 
 	delegateTraceOnce             sync.Once
 	delegateTextMapPropagatorOnce sync.Once
+	delegateMeterOnce             sync.Once
 )
 
 // TracerProvider is the internal implementation for global.TracerProvider.
@@ -102,6 +109,34 @@ func SetTextMapPropagator(p propagation.TextMapPropagator) {
 	globalPropagators.Store(propagatorsHolder{tm: p})
 }
 
+// MeterProvider is the internal implementation for global.MeterProvider.
+func MeterProvider() metric.MeterProvider {
+	return globalMeterProvider.Load().(meterProviderHolder).mp
+}
+
+// SetMeterProvider is the internal implementation for global.SetMeterProvider.
+func SetMeterProvider(mp metric.MeterProvider) {
+	current := MeterProvider()
+	if _, cOk := current.(*meterProvider); cOk {
+		if _, mpOk := mp.(*meterProvider); mpOk && current == mp {
+			// Do not assign the default delegating MeterProvider to delegate
+			// to itself.
+			Error(
+				errors.New("no delegate configured in meter provider"),
+				"Setting meter provider to it's current value. No delegate will be configured",
+			)
+			return
+		}
+	}
+
+	delegateMeterOnce.Do(func() {
+		if def, ok := current.(*meterProvider); ok {
+			def.setDelegate(mp)
+		}
+	})
+	globalMeterProvider.Store(meterProviderHolder{mp: mp})
+}
+
 func defaultTracerValue() *atomic.Value {
 	v := &atomic.Value{}
 	v.Store(tracerProviderHolder{tp: &tracerProvider{}})
@@ -113,3 +148,9 @@ func defaultPropagatorsValue() *atomic.Value {
 	v.Store(propagatorsHolder{tm: newTextMapPropagator()})
 	return v
 }
+
+func defaultMeterProvider() *atomic.Value {
+	v := &atomic.Value{}
+	v.Store(meterProviderHolder{mp: &meterProvider{}})
+	return v
+}
diff --git a/apis/vendor/go.opentelemetry.io/otel/internal/global/trace.go b/apis/vendor/go.opentelemetry.io/otel/internal/global/trace.go
index 5f008d098..3f61ec12a 100644
--- a/apis/vendor/go.opentelemetry.io/otel/internal/global/trace.go
+++ b/apis/vendor/go.opentelemetry.io/otel/internal/global/trace.go
@@ -39,6 +39,7 @@ import (
 	"go.opentelemetry.io/otel/attribute"
 	"go.opentelemetry.io/otel/codes"
 	"go.opentelemetry.io/otel/trace"
+	"go.opentelemetry.io/otel/trace/embedded"
 )
 
 // tracerProvider is a placeholder for a configured SDK TracerProvider.
@@ -46,6 +47,8 @@ import (
 // All TracerProvider functionality is forwarded to a delegate once
 // configured.
 type tracerProvider struct {
+	embedded.TracerProvider
+
 	mtx      sync.Mutex
 	tracers  map[il]*tracer
 	delegate trace.TracerProvider
@@ -119,6 +122,8 @@ type il struct {
 // All Tracer functionality is forwarded to a delegate once configured.
 // Otherwise, all functionality is forwarded to a NoopTracer.
 type tracer struct {
+	embedded.Tracer
+
 	name     string
 	opts     []trace.TracerOption
 	provider *tracerProvider
@@ -156,6 +161,8 @@ func (t *tracer) Start(ctx context.Context, name string, opts ...trace.SpanStart
 // SpanContext. It performs no operations other than to return the wrapped
 // SpanContext.
 type nonRecordingSpan struct {
+	embedded.Span
+
 	sc     trace.SpanContext
 	tracer *tracer
 }
diff --git a/apis/vendor/go.opentelemetry.io/otel/metric.go b/apis/vendor/go.opentelemetry.io/otel/metric.go
new file mode 100644
index 000000000..f95517195
--- /dev/null
+++ b/apis/vendor/go.opentelemetry.io/otel/metric.go
@@ -0,0 +1,53 @@
+// Copyright The OpenTelemetry Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package otel // import "go.opentelemetry.io/otel"
+
+import (
+	"go.opentelemetry.io/otel/internal/global"
+	"go.opentelemetry.io/otel/metric"
+)
+
+// Meter returns a Meter from the global MeterProvider. The name must be the
+// name of the library providing instrumentation. This name may be the same as
+// the instrumented code only if that code provides built-in instrumentation.
+// If the name is empty, then a implementation defined default name will be
+// used instead.
+//
+// If this is called before a global MeterProvider is registered the returned
+// Meter will be a No-op implementation of a Meter. When a global MeterProvider
+// is registered for the first time, the returned Meter, and all the
+// instruments it has created or will create, are recreated automatically from
+// the new MeterProvider.
+//
+// This is short for GetMeterProvider().Meter(name).
+func Meter(name string, opts ...metric.MeterOption) metric.Meter {
+	return GetMeterProvider().Meter(name, opts...)
+}
+
+// GetMeterProvider returns the registered global meter provider.
+//
+// If no global GetMeterProvider has been registered, a No-op GetMeterProvider
+// implementation is returned. When a global GetMeterProvider is registered for
+// the first time, the returned GetMeterProvider, and all the Meters it has
+// created or will create, are recreated automatically from the new
+// GetMeterProvider.
+func GetMeterProvider() metric.MeterProvider {
+	return global.MeterProvider()
+}
+
+// SetMeterProvider registers mp as the global MeterProvider.
+func SetMeterProvider(mp metric.MeterProvider) {
+	global.SetMeterProvider(mp)
+}
diff --git a/apis/vendor/go.opentelemetry.io/otel/metric/asyncfloat64.go b/apis/vendor/go.opentelemetry.io/otel/metric/asyncfloat64.go
new file mode 100644
index 000000000..072baa8e8
--- /dev/null
+++ b/apis/vendor/go.opentelemetry.io/otel/metric/asyncfloat64.go
@@ -0,0 +1,271 @@
+// Copyright The OpenTelemetry Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package metric // import "go.opentelemetry.io/otel/metric"
+
+import (
+	"context"
+
+	"go.opentelemetry.io/otel/metric/embedded"
+)
+
+// Float64Observable describes a set of instruments used asynchronously to
+// record float64 measurements once per collection cycle. Observations of
+// these instruments are only made within a callback.
+//
+// Warning: Methods may be added to this interface in minor releases.
+type Float64Observable interface {
+	Observable
+
+	float64Observable()
+}
+
+// Float64ObservableCounter is an instrument used to asynchronously record
+// increasing float64 measurements once per collection cycle. Observations are
+// only made within a callback for this instrument. The value observed is
+// assumed the to be the cumulative sum of the count.
+//
+// Warning: Methods may be added to this interface in minor releases. See
+// package documentation on API implementation for information on how to set
+// default behavior for
+// unimplemented methods.
+type Float64ObservableCounter interface {
+	// Users of the interface can ignore this. This embedded type is only used
+	// by implementations of this interface. See the "API Implementations"
+	// section of the package documentation for more information.
+	embedded.Float64ObservableCounter
+
+	Float64Observable
+}
+
+// Float64ObservableCounterConfig contains options for asynchronous counter
+// instruments that record int64 values.
+type Float64ObservableCounterConfig struct {
+	description string
+	unit        string
+	callbacks   []Float64Callback
+}
+
+// NewFloat64ObservableCounterConfig returns a new
+// [Float64ObservableCounterConfig] with all opts applied.
+func NewFloat64ObservableCounterConfig(opts ...Float64ObservableCounterOption) Float64ObservableCounterConfig {
+	var config Float64ObservableCounterConfig
+	for _, o := range opts {
+		config = o.applyFloat64ObservableCounter(config)
+	}
+	return config
+}
+
+// Description returns the configured description.
+func (c Float64ObservableCounterConfig) Description() string {
+	return c.description
+}
+
+// Unit returns the configured unit.
+func (c Float64ObservableCounterConfig) Unit() string {
+	return c.unit
+}
+
+// Callbacks returns the configured callbacks.
+func (c Float64ObservableCounterConfig) Callbacks() []Float64Callback {
+	return c.callbacks
+}
+
+// Float64ObservableCounterOption applies options to a
+// [Float64ObservableCounterConfig]. See [Float64ObservableOption] and
+// [InstrumentOption] for other options that can be used as a
+// Float64ObservableCounterOption.
+type Float64ObservableCounterOption interface {
+	applyFloat64ObservableCounter(Float64ObservableCounterConfig) Float64ObservableCounterConfig
+}
+
+// Float64ObservableUpDownCounter is an instrument used to asynchronously
+// record float64 measurements once per collection cycle. Observations are only
+// made within a callback for this instrument. The value observed is assumed
+// the to be the cumulative sum of the count.
+//
+// Warning: Methods may be added to this interface in minor releases. See
+// package documentation on API implementation for information on how to set
+// default behavior for unimplemented methods.
+type Float64ObservableUpDownCounter interface {
+	// Users of the interface can ignore this. This embedded type is only used
+	// by implementations of this interface. See the "API Implementations"
+	// section of the package documentation for more information.
+	embedded.Float64ObservableUpDownCounter
+
+	Float64Observable
+}
+
+// Float64ObservableUpDownCounterConfig contains options for asynchronous
+// counter instruments that record int64 values.
+type Float64ObservableUpDownCounterConfig struct {
+	description string
+	unit        string
+	callbacks   []Float64Callback
+}
+
+// NewFloat64ObservableUpDownCounterConfig returns a new
+// [Float64ObservableUpDownCounterConfig] with all opts applied.
+func NewFloat64ObservableUpDownCounterConfig(opts ...Float64ObservableUpDownCounterOption) Float64ObservableUpDownCounterConfig {
+	var config Float64ObservableUpDownCounterConfig
+	for _, o := range opts {
+		config = o.applyFloat64ObservableUpDownCounter(config)
+	}
+	return config
+}
+
+// Description returns the configured description.
+func (c Float64ObservableUpDownCounterConfig) Description() string {
+	return c.description
+}
+
+// Unit returns the configured unit.
+func (c Float64ObservableUpDownCounterConfig) Unit() string {
+	return c.unit
+}
+
+// Callbacks returns the configured callbacks.
+func (c Float64ObservableUpDownCounterConfig) Callbacks() []Float64Callback {
+	return c.callbacks
+}
+
+// Float64ObservableUpDownCounterOption applies options to a
+// [Float64ObservableUpDownCounterConfig]. See [Float64ObservableOption] and
+// [InstrumentOption] for other options that can be used as a
+// Float64ObservableUpDownCounterOption.
+type Float64ObservableUpDownCounterOption interface {
+	applyFloat64ObservableUpDownCounter(Float64ObservableUpDownCounterConfig) Float64ObservableUpDownCounterConfig
+}
+
+// Float64ObservableGauge is an instrument used to asynchronously record
+// instantaneous float64 measurements once per collection cycle. Observations
+// are only made within a callback for this instrument.
+//
+// Warning: Methods may be added to this interface in minor releases. See
+// package documentation on API implementation for information on how to set
+// default behavior for unimplemented methods.
+type Float64ObservableGauge interface {
+	// Users of the interface can ignore this. This embedded type is only used
+	// by implementations of this interface. See the "API Implementations"
+	// section of the package documentation for more information.
+	embedded.Float64ObservableGauge
+
+	Float64Observable
+}
+
+// Float64ObservableGaugeConfig contains options for asynchronous counter
+// instruments that record int64 values.
+type Float64ObservableGaugeConfig struct {
+	description string
+	unit        string
+	callbacks   []Float64Callback
+}
+
+// NewFloat64ObservableGaugeConfig returns a new [Float64ObservableGaugeConfig]
+// with all opts applied.
+func NewFloat64ObservableGaugeConfig(opts ...Float64ObservableGaugeOption) Float64ObservableGaugeConfig {
+	var config Float64ObservableGaugeConfig
+	for _, o := range opts {
+		config = o.applyFloat64ObservableGauge(config)
+	}
+	return config
+}
+
+// Description returns the configured description.
+func (c Float64ObservableGaugeConfig) Description() string {
+	return c.description
+}
+
+// Unit returns the configured unit.
+func (c Float64ObservableGaugeConfig) Unit() string {
+	return c.unit
+}
+
+// Callbacks returns the configured callbacks.
+func (c Float64ObservableGaugeConfig) Callbacks() []Float64Callback {
+	return c.callbacks
+}
+
+// Float64ObservableGaugeOption applies options to a
+// [Float64ObservableGaugeConfig]. See [Float64ObservableOption] and
+// [InstrumentOption] for other options that can be used as a
+// Float64ObservableGaugeOption.
+type Float64ObservableGaugeOption interface {
+	applyFloat64ObservableGauge(Float64ObservableGaugeConfig) Float64ObservableGaugeConfig
+}
+
+// Float64Observer is a recorder of float64 measurements.
+//
+// Warning: Methods may be added to this interface in minor releases. See
+// package documentation on API implementation for information on how to set
+// default behavior for unimplemented methods.
+type Float64Observer interface {
+	// Users of the interface can ignore this. This embedded type is only used
+	// by implementations of this interface. See the "API Implementations"
+	// section of the package documentation for more information.
+	embedded.Float64Observer
+
+	// Observe records the float64 value.
+	//
+	// Use the WithAttributeSet (or, if performance is not a concern,
+	// the WithAttributes) option to include measurement attributes.
+	Observe(value float64, options ...ObserveOption)
+}
+
+// Float64Callback is a function registered with a Meter that makes
+// observations for a Float64Observerable instrument it is registered with.
+// Calls to the Float64Observer record measurement values for the
+// Float64Observable.
+//
+// The function needs to complete in a finite amount of time and the deadline
+// of the passed context is expected to be honored.
+//
+// The function needs to make unique observations across all registered
+// Float64Callbacks. Meaning, it should not report measurements with the same
+// attributes as another Float64Callbacks also registered for the same
+// instrument.
+//
+// The function needs to be concurrent safe.
+type Float64Callback func(context.Context, Float64Observer) error
+
+// Float64ObservableOption applies options to float64 Observer instruments.
+type Float64ObservableOption interface {
+	Float64ObservableCounterOption
+	Float64ObservableUpDownCounterOption
+	Float64ObservableGaugeOption
+}
+
+type float64CallbackOpt struct {
+	cback Float64Callback
+}
+
+func (o float64CallbackOpt) applyFloat64ObservableCounter(cfg Float64ObservableCounterConfig) Float64ObservableCounterConfig {
+	cfg.callbacks = append(cfg.callbacks, o.cback)
+	return cfg
+}
+
+func (o float64CallbackOpt) applyFloat64ObservableUpDownCounter(cfg Float64ObservableUpDownCounterConfig) Float64ObservableUpDownCounterConfig {
+	cfg.callbacks = append(cfg.callbacks, o.cback)
+	return cfg
+}
+
+func (o float64CallbackOpt) applyFloat64ObservableGauge(cfg Float64ObservableGaugeConfig) Float64ObservableGaugeConfig {
+	cfg.callbacks = append(cfg.callbacks, o.cback)
+	return cfg
+}
+
+// WithFloat64Callback adds callback to be called for an instrument.
+func WithFloat64Callback(callback Float64Callback) Float64ObservableOption {
+	return float64CallbackOpt{callback}
+}
diff --git a/apis/vendor/go.opentelemetry.io/otel/metric/asyncint64.go b/apis/vendor/go.opentelemetry.io/otel/metric/asyncint64.go
new file mode 100644
index 000000000..9bd6ebf02
--- /dev/null
+++ b/apis/vendor/go.opentelemetry.io/otel/metric/asyncint64.go
@@ -0,0 +1,269 @@
+// Copyright The OpenTelemetry Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package metric // import "go.opentelemetry.io/otel/metric"
+
+import (
+	"context"
+
+	"go.opentelemetry.io/otel/metric/embedded"
+)
+
+// Int64Observable describes a set of instruments used asynchronously to record
+// int64 measurements once per collection cycle. Observations of these
+// instruments are only made within a callback.
+//
+// Warning: Methods may be added to this interface in minor releases.
+type Int64Observable interface {
+	Observable
+
+	int64Observable()
+}
+
+// Int64ObservableCounter is an instrument used to asynchronously record
+// increasing int64 measurements once per collection cycle. Observations are
+// only made within a callback for this instrument. The value observed is
+// assumed the to be the cumulative sum of the count.
+//
+// Warning: Methods may be added to this interface in minor releases. See
+// package documentation on API implementation for information on how to set
+// default behavior for unimplemented methods.
+type Int64ObservableCounter interface {
+	// Users of the interface can ignore this. This embedded type is only used
+	// by implementations of this interface. See the "API Implementations"
+	// section of the package documentation for more information.
+	embedded.Int64ObservableCounter
+
+	Int64Observable
+}
+
+// Int64ObservableCounterConfig contains options for asynchronous counter
+// instruments that record int64 values.
+type Int64ObservableCounterConfig struct {
+	description string
+	unit        string
+	callbacks   []Int64Callback
+}
+
+// NewInt64ObservableCounterConfig returns a new [Int64ObservableCounterConfig]
+// with all opts applied.
+func NewInt64ObservableCounterConfig(opts ...Int64ObservableCounterOption) Int64ObservableCounterConfig {
+	var config Int64ObservableCounterConfig
+	for _, o := range opts {
+		config = o.applyInt64ObservableCounter(config)
+	}
+	return config
+}
+
+// Description returns the configured description.
+func (c Int64ObservableCounterConfig) Description() string {
+	return c.description
+}
+
+// Unit returns the configured unit.
+func (c Int64ObservableCounterConfig) Unit() string {
+	return c.unit
+}
+
+// Callbacks returns the configured callbacks.
+func (c Int64ObservableCounterConfig) Callbacks() []Int64Callback {
+	return c.callbacks
+}
+
+// Int64ObservableCounterOption applies options to a
+// [Int64ObservableCounterConfig]. See [Int64ObservableOption] and
+// [InstrumentOption] for other options that can be used as an
+// Int64ObservableCounterOption.
+type Int64ObservableCounterOption interface {
+	applyInt64ObservableCounter(Int64ObservableCounterConfig) Int64ObservableCounterConfig
+}
+
+// Int64ObservableUpDownCounter is an instrument used to asynchronously record
+// int64 measurements once per collection cycle. Observations are only made
+// within a callback for this instrument. The value observed is assumed the to
+// be the cumulative sum of the count.
+//
+// Warning: Methods may be added to this interface in minor releases. See
+// package documentation on API implementation for information on how to set
+// default behavior for unimplemented methods.
+type Int64ObservableUpDownCounter interface {
+	// Users of the interface can ignore this. This embedded type is only used
+	// by implementations of this interface. See the "API Implementations"
+	// section of the package documentation for more information.
+	embedded.Int64ObservableUpDownCounter
+
+	Int64Observable
+}
+
+// Int64ObservableUpDownCounterConfig contains options for asynchronous counter
+// instruments that record int64 values.
+type Int64ObservableUpDownCounterConfig struct {
+	description string
+	unit        string
+	callbacks   []Int64Callback
+}
+
+// NewInt64ObservableUpDownCounterConfig returns a new
+// [Int64ObservableUpDownCounterConfig] with all opts applied.
+func NewInt64ObservableUpDownCounterConfig(opts ...Int64ObservableUpDownCounterOption) Int64ObservableUpDownCounterConfig {
+	var config Int64ObservableUpDownCounterConfig
+	for _, o := range opts {
+		config = o.applyInt64ObservableUpDownCounter(config)
+	}
+	return config
+}
+
+// Description returns the configured description.
+func (c Int64ObservableUpDownCounterConfig) Description() string {
+	return c.description
+}
+
+// Unit returns the configured unit.
+func (c Int64ObservableUpDownCounterConfig) Unit() string {
+	return c.unit
+}
+
+// Callbacks returns the configured callbacks.
+func (c Int64ObservableUpDownCounterConfig) Callbacks() []Int64Callback {
+	return c.callbacks
+}
+
+// Int64ObservableUpDownCounterOption applies options to a
+// [Int64ObservableUpDownCounterConfig]. See [Int64ObservableOption] and
+// [InstrumentOption] for other options that can be used as an
+// Int64ObservableUpDownCounterOption.
+type Int64ObservableUpDownCounterOption interface {
+	applyInt64ObservableUpDownCounter(Int64ObservableUpDownCounterConfig) Int64ObservableUpDownCounterConfig
+}
+
+// Int64ObservableGauge is an instrument used to asynchronously record
+// instantaneous int64 measurements once per collection cycle. Observations are
+// only made within a callback for this instrument.
+//
+// Warning: Methods may be added to this interface in minor releases. See
+// package documentation on API implementation for information on how to set
+// default behavior for unimplemented methods.
+type Int64ObservableGauge interface {
+	// Users of the interface can ignore this. This embedded type is only used
+	// by implementations of this interface. See the "API Implementations"
+	// section of the package documentation for more information.
+	embedded.Int64ObservableGauge
+
+	Int64Observable
+}
+
+// Int64ObservableGaugeConfig contains options for asynchronous counter
+// instruments that record int64 values.
+type Int64ObservableGaugeConfig struct {
+	description string
+	unit        string
+	callbacks   []Int64Callback
+}
+
+// NewInt64ObservableGaugeConfig returns a new [Int64ObservableGaugeConfig]
+// with all opts applied.
+func NewInt64ObservableGaugeConfig(opts ...Int64ObservableGaugeOption) Int64ObservableGaugeConfig {
+	var config Int64ObservableGaugeConfig
+	for _, o := range opts {
+		config = o.applyInt64ObservableGauge(config)
+	}
+	return config
+}
+
+// Description returns the configured description.
+func (c Int64ObservableGaugeConfig) Description() string {
+	return c.description
+}
+
+// Unit returns the configured unit.
+func (c Int64ObservableGaugeConfig) Unit() string {
+	return c.unit
+}
+
+// Callbacks returns the configured callbacks.
+func (c Int64ObservableGaugeConfig) Callbacks() []Int64Callback {
+	return c.callbacks
+}
+
+// Int64ObservableGaugeOption applies options to a
+// [Int64ObservableGaugeConfig]. See [Int64ObservableOption] and
+// [InstrumentOption] for other options that can be used as an
+// Int64ObservableGaugeOption.
+type Int64ObservableGaugeOption interface {
+	applyInt64ObservableGauge(Int64ObservableGaugeConfig) Int64ObservableGaugeConfig
+}
+
+// Int64Observer is a recorder of int64 measurements.
+//
+// Warning: Methods may be added to this interface in minor releases. See
+// package documentation on API implementation for information on how to set
+// default behavior for unimplemented methods.
+type Int64Observer interface {
+	// Users of the interface can ignore this. This embedded type is only used
+	// by implementations of this interface. See the "API Implementations"
+	// section of the package documentation for more information.
+	embedded.Int64Observer
+
+	// Observe records the int64 value.
+	//
+	// Use the WithAttributeSet (or, if performance is not a concern,
+	// the WithAttributes) option to include measurement attributes.
+	Observe(value int64, options ...ObserveOption)
+}
+
+// Int64Callback is a function registered with a Meter that makes observations
+// for an Int64Observerable instrument it is registered with. Calls to the
+// Int64Observer record measurement values for the Int64Observable.
+//
+// The function needs to complete in a finite amount of time and the deadline
+// of the passed context is expected to be honored.
+//
+// The function needs to make unique observations across all registered
+// Int64Callbacks. Meaning, it should not report measurements with the same
+// attributes as another Int64Callbacks also registered for the same
+// instrument.
+//
+// The function needs to be concurrent safe.
+type Int64Callback func(context.Context, Int64Observer) error
+
+// Int64ObservableOption applies options to int64 Observer instruments.
+type Int64ObservableOption interface {
+	Int64ObservableCounterOption
+	Int64ObservableUpDownCounterOption
+	Int64ObservableGaugeOption
+}
+
+type int64CallbackOpt struct {
+	cback Int64Callback
+}
+
+func (o int64CallbackOpt) applyInt64ObservableCounter(cfg Int64ObservableCounterConfig) Int64ObservableCounterConfig {
+	cfg.callbacks = append(cfg.callbacks, o.cback)
+	return cfg
+}
+
+func (o int64CallbackOpt) applyInt64ObservableUpDownCounter(cfg Int64ObservableUpDownCounterConfig) Int64ObservableUpDownCounterConfig {
+	cfg.callbacks = append(cfg.callbacks, o.cback)
+	return cfg
+}
+
+func (o int64CallbackOpt) applyInt64ObservableGauge(cfg Int64ObservableGaugeConfig) Int64ObservableGaugeConfig {
+	cfg.callbacks = append(cfg.callbacks, o.cback)
+	return cfg
+}
+
+// WithInt64Callback adds callback to be called for an instrument.
+func WithInt64Callback(callback Int64Callback) Int64ObservableOption {
+	return int64CallbackOpt{callback}
+}
diff --git a/apis/vendor/go.opentelemetry.io/otel/metric/config.go b/apis/vendor/go.opentelemetry.io/otel/metric/config.go
index 621e4c5fc..778ad2d74 100644
--- a/apis/vendor/go.opentelemetry.io/otel/metric/config.go
+++ b/apis/vendor/go.opentelemetry.io/otel/metric/config.go
@@ -14,17 +14,30 @@
 
 package metric // import "go.opentelemetry.io/otel/metric"
 
+import "go.opentelemetry.io/otel/attribute"
+
 // MeterConfig contains options for Meters.
 type MeterConfig struct {
 	instrumentationVersion string
 	schemaURL              string
+	attrs                  attribute.Set
+
+	// Ensure forward compatibility by explicitly making this not comparable.
+	noCmp [0]func() //nolint: unused  // This is indeed used.
 }
 
-// InstrumentationVersion is the version of the library providing instrumentation.
+// InstrumentationVersion returns the version of the library providing
+// instrumentation.
 func (cfg MeterConfig) InstrumentationVersion() string {
 	return cfg.instrumentationVersion
 }
 
+// InstrumentationAttributes returns the attributes associated with the library
+// providing instrumentation.
+func (cfg MeterConfig) InstrumentationAttributes() attribute.Set {
+	return cfg.attrs
+}
+
 // SchemaURL is the schema_url of the library providing instrumentation.
 func (cfg MeterConfig) SchemaURL() string {
 	return cfg.schemaURL
@@ -60,6 +73,16 @@ func WithInstrumentationVersion(version string) MeterOption {
 	})
 }
 
+// WithInstrumentationAttributes sets the instrumentation attributes.
+//
+// The passed attributes will be de-duplicated.
+func WithInstrumentationAttributes(attr ...attribute.KeyValue) MeterOption {
+	return meterOptionFunc(func(config MeterConfig) MeterConfig {
+		config.attrs = attribute.NewSet(attr...)
+		return config
+	})
+}
+
 // WithSchemaURL sets the schema URL.
 func WithSchemaURL(schemaURL string) MeterOption {
 	return meterOptionFunc(func(config MeterConfig) MeterConfig {
diff --git a/apis/vendor/go.opentelemetry.io/otel/metric/doc.go b/apis/vendor/go.opentelemetry.io/otel/metric/doc.go
index bd6f43437..54716e13b 100644
--- a/apis/vendor/go.opentelemetry.io/otel/metric/doc.go
+++ b/apis/vendor/go.opentelemetry.io/otel/metric/doc.go
@@ -13,11 +13,158 @@
 // limitations under the License.
 
 /*
-Package metric provides an implementation of the metrics part of the
-OpenTelemetry API.
+Package metric provides the OpenTelemetry API used to measure metrics about
+source code operation.
 
-This package is currently in a pre-GA phase. Backwards incompatible changes
-may be introduced in subsequent minor version releases as we work to track the
-evolving OpenTelemetry specification and user feedback.
+This API is separate from its implementation so the instrumentation built from
+it is reusable. See [go.opentelemetry.io/otel/sdk/metric] for the official
+OpenTelemetry implementation of this API.
+
+All measurements made with this package are made via instruments. These
+instruments are created by a [Meter] which itself is created by a
+[MeterProvider]. Applications need to accept a [MeterProvider] implementation
+as a starting point when instrumenting. This can be done directly, or by using
+the OpenTelemetry global MeterProvider via [GetMeterProvider]. Using an
+appropriately named [Meter] from the accepted [MeterProvider], instrumentation
+can then be built from the [Meter]'s instruments.
+
+# Instruments
+
+Each instrument is designed to make measurements of a particular type. Broadly,
+all instruments fall into two overlapping logical categories: asynchronous or
+synchronous, and int64 or float64.
+
+All synchronous instruments ([Int64Counter], [Int64UpDownCounter],
+[Int64Histogram], [Float64Counter], [Float64UpDownCounter], and
+[Float64Histogram]) are used to measure the operation and performance of source
+code during the source code execution. These instruments only make measurements
+when the source code they instrument is run.
+
+All asynchronous instruments ([Int64ObservableCounter],
+[Int64ObservableUpDownCounter], [Int64ObservableGauge],
+[Float64ObservableCounter], [Float64ObservableUpDownCounter], and
+[Float64ObservableGauge]) are used to measure metrics outside of the execution
+of source code. They are said to make "observations" via a callback function
+called once every measurement collection cycle.
+
+Each instrument is also grouped by the value type it measures. Either int64 or
+float64. The value being measured will dictate which instrument in these
+categories to use.
+
+Outside of these two broad categories, instruments are described by the
+function they are designed to serve. All Counters ([Int64Counter],
+[Float64Counter], [Int64ObservableCounter], and [Float64ObservableCounter]) are
+designed to measure values that never decrease in value, but instead only
+incrementally increase in value. UpDownCounters ([Int64UpDownCounter],
+[Float64UpDownCounter], [Int64ObservableUpDownCounter], and
+[Float64ObservableUpDownCounter]) on the other hand, are designed to measure
+values that can increase and decrease. When more information needs to be
+conveyed about all the synchronous measurements made during a collection cycle,
+a Histogram ([Int64Histogram] and [Float64Histogram]) should be used. Finally,
+when just the most recent measurement needs to be conveyed about an
+asynchronous measurement, a Gauge ([Int64ObservableGauge] and
+[Float64ObservableGauge]) should be used.
+
+See the [OpenTelemetry documentation] for more information about instruments
+and their intended use.
+
+# Measurements
+
+Measurements are made by recording values and information about the values with
+an instrument. How these measurements are recorded depends on the instrument.
+
+Measurements for synchronous instruments ([Int64Counter], [Int64UpDownCounter],
+[Int64Histogram], [Float64Counter], [Float64UpDownCounter], and
+[Float64Histogram]) are recorded using the instrument methods directly. All
+counter instruments have an Add method that is used to measure an increment
+value, and all histogram instruments have a Record method to measure a data
+point.
+
+Asynchronous instruments ([Int64ObservableCounter],
+[Int64ObservableUpDownCounter], [Int64ObservableGauge],
+[Float64ObservableCounter], [Float64ObservableUpDownCounter], and
+[Float64ObservableGauge]) record measurements within a callback function. The
+callback is registered with the Meter which ensures the callback is called once
+per collection cycle. A callback can be registered two ways: during the
+instrument's creation using an option, or later using the RegisterCallback
+method of the [Meter] that created the instrument.
+
+If the following criteria are met, an option ([WithInt64Callback] or
+[WithFloat64Callback]) can be used during the asynchronous instrument's
+creation to register a callback ([Int64Callback] or [Float64Callback],
+respectively):
+
+  - The measurement process is known when the instrument is created
+  - Only that instrument will make a measurement within the callback
+  - The callback never needs to be unregistered
+
+If the criteria are not met, use the RegisterCallback method of the [Meter] that
+created the instrument to register a [Callback].
+
+# API Implementations
+
+This package does not conform to the standard Go versioning policy, all of its
+interfaces may have methods added to them without a package major version bump.
+This non-standard API evolution could surprise an uninformed implementation
+author. They could unknowingly build their implementation in a way that would
+result in a runtime panic for their users that update to the new API.
+
+The API is designed to help inform an instrumentation author about this
+non-standard API evolution. It requires them to choose a default behavior for
+unimplemented interface methods. There are three behavior choices they can
+make:
+
+  - Compilation failure
+  - Panic
+  - Default to another implementation
+
+All interfaces in this API embed a corresponding interface from
+[go.opentelemetry.io/otel/metric/embedded]. If an author wants the default
+behavior of their implementations to be a compilation failure, signaling to
+their users they need to update to the latest version of that implementation,
+they need to embed the corresponding interface from
+[go.opentelemetry.io/otel/metric/embedded] in their implementation. For
+example,
+
+	import "go.opentelemetry.io/otel/metric/embedded"
+
+	type MeterProvider struct {
+		embedded.MeterProvider
+		// ...
+	}
+
+If an author wants the default behavior of their implementations to a panic,
+they need to embed the API interface directly.
+
+	import "go.opentelemetry.io/otel/metric"
+
+	type MeterProvider struct {
+		metric.MeterProvider
+		// ...
+	}
+
+This is not a recommended behavior as it could lead to publishing packages that
+contain runtime panics when users update other package that use newer versions
+of [go.opentelemetry.io/otel/metric].
+
+Finally, an author can embed another implementation in theirs. The embedded
+implementation will be used for methods not defined by the author. For example,
+an author who wants to default to silently dropping the call can use
+[go.opentelemetry.io/otel/metric/noop]:
+
+	import "go.opentelemetry.io/otel/metric/noop"
+
+	type MeterProvider struct {
+		noop.MeterProvider
+		// ...
+	}
+
+It is strongly recommended that authors only embed
+[go.opentelemetry.io/otel/metric/noop] if they choose this default behavior.
+That implementation is the only one OpenTelemetry authors can guarantee will
+fully implement all the API interfaces when a user updates their API.
+
+[OpenTelemetry documentation]: https://opentelemetry.io/docs/concepts/signals/metrics/
+[GetMeterProvider]: https://pkg.go.dev/go.opentelemetry.io/otel#GetMeterProvider
 */
 package metric // import "go.opentelemetry.io/otel/metric"
diff --git a/apis/vendor/go.opentelemetry.io/otel/metric/embedded/embedded.go b/apis/vendor/go.opentelemetry.io/otel/metric/embedded/embedded.go
new file mode 100644
index 000000000..ae0bdbd2e
--- /dev/null
+++ b/apis/vendor/go.opentelemetry.io/otel/metric/embedded/embedded.go
@@ -0,0 +1,234 @@
+// Copyright The OpenTelemetry Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Package embedded provides interfaces embedded within the [OpenTelemetry
+// metric API].
+//
+// Implementers of the [OpenTelemetry metric API] can embed the relevant type
+// from this package into their implementation directly. Doing so will result
+// in a compilation error for users when the [OpenTelemetry metric API] is
+// extended (which is something that can happen without a major version bump of
+// the API package).
+//
+// [OpenTelemetry metric API]: https://pkg.go.dev/go.opentelemetry.io/otel/metric
+package embedded // import "go.opentelemetry.io/otel/metric/embedded"
+
+// MeterProvider is embedded in
+// [go.opentelemetry.io/otel/metric.MeterProvider].
+//
+// Embed this interface in your implementation of the
+// [go.opentelemetry.io/otel/metric.MeterProvider] if you want users to
+// experience a compilation error, signaling they need to update to your latest
+// implementation, when the [go.opentelemetry.io/otel/metric.MeterProvider]
+// interface is extended (which is something that can happen without a major
+// version bump of the API package).
+type MeterProvider interface{ meterProvider() }
+
+// Meter is embedded in [go.opentelemetry.io/otel/metric.Meter].
+//
+// Embed this interface in your implementation of the
+// [go.opentelemetry.io/otel/metric.Meter] if you want users to experience a
+// compilation error, signaling they need to update to your latest
+// implementation, when the [go.opentelemetry.io/otel/metric.Meter] interface
+// is extended (which is something that can happen without a major version bump
+// of the API package).
+type Meter interface{ meter() }
+
+// Float64Observer is embedded in
+// [go.opentelemetry.io/otel/metric.Float64Observer].
+//
+// Embed this interface in your implementation of the
+// [go.opentelemetry.io/otel/metric.Float64Observer] if you want
+// users to experience a compilation error, signaling they need to update to
+// your latest implementation, when the
+// [go.opentelemetry.io/otel/metric.Float64Observer] interface is
+// extended (which is something that can happen without a major version bump of
+// the API package).
+type Float64Observer interface{ float64Observer() }
+
+// Int64Observer is embedded in
+// [go.opentelemetry.io/otel/metric.Int64Observer].
+//
+// Embed this interface in your implementation of the
+// [go.opentelemetry.io/otel/metric.Int64Observer] if you want users
+// to experience a compilation error, signaling they need to update to your
+// latest implementation, when the
+// [go.opentelemetry.io/otel/metric.Int64Observer] interface is
+// extended (which is something that can happen without a major version bump of
+// the API package).
+type Int64Observer interface{ int64Observer() }
+
+// Observer is embedded in [go.opentelemetry.io/otel/metric.Observer].
+//
+// Embed this interface in your implementation of the
+// [go.opentelemetry.io/otel/metric.Observer] if you want users to experience a
+// compilation error, signaling they need to update to your latest
+// implementation, when the [go.opentelemetry.io/otel/metric.Observer]
+// interface is extended (which is something that can happen without a major
+// version bump of the API package).
+type Observer interface{ observer() }
+
+// Registration is embedded in [go.opentelemetry.io/otel/metric.Registration].
+//
+// Embed this interface in your implementation of the
+// [go.opentelemetry.io/otel/metric.Registration] if you want users to
+// experience a compilation error, signaling they need to update to your latest
+// implementation, when the [go.opentelemetry.io/otel/metric.Registration]
+// interface is extended (which is something that can happen without a major
+// version bump of the API package).
+type Registration interface{ registration() }
+
+// Float64Counter is embedded in
+// [go.opentelemetry.io/otel/metric.Float64Counter].
+//
+// Embed this interface in your implementation of the
+// [go.opentelemetry.io/otel/metric.Float64Counter] if you want
+// users to experience a compilation error, signaling they need to update to
+// your latest implementation, when the
+// [go.opentelemetry.io/otel/metric.Float64Counter] interface is
+// extended (which is something that can happen without a major version bump of
+// the API package).
+type Float64Counter interface{ float64Counter() }
+
+// Float64Histogram is embedded in
+// [go.opentelemetry.io/otel/metric.Float64Histogram].
+//
+// Embed this interface in your implementation of the
+// [go.opentelemetry.io/otel/metric.Float64Histogram] if you want
+// users to experience a compilation error, signaling they need to update to
+// your latest implementation, when the
+// [go.opentelemetry.io/otel/metric.Float64Histogram] interface is
+// extended (which is something that can happen without a major version bump of
+// the API package).
+type Float64Histogram interface{ float64Histogram() }
+
+// Float64ObservableCounter is embedded in
+// [go.opentelemetry.io/otel/metric.Float64ObservableCounter].
+//
+// Embed this interface in your implementation of the
+// [go.opentelemetry.io/otel/metric.Float64ObservableCounter] if you
+// want users to experience a compilation error, signaling they need to update
+// to your latest implementation, when the
+// [go.opentelemetry.io/otel/metric.Float64ObservableCounter]
+// interface is extended (which is something that can happen without a major
+// version bump of the API package).
+type Float64ObservableCounter interface{ float64ObservableCounter() }
+
+// Float64ObservableGauge is embedded in
+// [go.opentelemetry.io/otel/metric.Float64ObservableGauge].
+//
+// Embed this interface in your implementation of the
+// [go.opentelemetry.io/otel/metric.Float64ObservableGauge] if you
+// want users to experience a compilation error, signaling they need to update
+// to your latest implementation, when the
+// [go.opentelemetry.io/otel/metric.Float64ObservableGauge]
+// interface is extended (which is something that can happen without a major
+// version bump of the API package).
+type Float64ObservableGauge interface{ float64ObservableGauge() }
+
+// Float64ObservableUpDownCounter is embedded in
+// [go.opentelemetry.io/otel/metric.Float64ObservableUpDownCounter].
+//
+// Embed this interface in your implementation of the
+// [go.opentelemetry.io/otel/metric.Float64ObservableUpDownCounter]
+// if you want users to experience a compilation error, signaling they need to
+// update to your latest implementation, when the
+// [go.opentelemetry.io/otel/metric.Float64ObservableUpDownCounter]
+// interface is extended (which is something that can happen without a major
+// version bump of the API package).
+type Float64ObservableUpDownCounter interface{ float64ObservableUpDownCounter() }
+
+// Float64UpDownCounter is embedded in
+// [go.opentelemetry.io/otel/metric.Float64UpDownCounter].
+//
+// Embed this interface in your implementation of the
+// [go.opentelemetry.io/otel/metric.Float64UpDownCounter] if you
+// want users to experience a compilation error, signaling they need to update
+// to your latest implementation, when the
+// [go.opentelemetry.io/otel/metric.Float64UpDownCounter] interface
+// is extended (which is something that can happen without a major version bump
+// of the API package).
+type Float64UpDownCounter interface{ float64UpDownCounter() }
+
+// Int64Counter is embedded in
+// [go.opentelemetry.io/otel/metric.Int64Counter].
+//
+// Embed this interface in your implementation of the
+// [go.opentelemetry.io/otel/metric.Int64Counter] if you want users
+// to experience a compilation error, signaling they need to update to your
+// latest implementation, when the
+// [go.opentelemetry.io/otel/metric.Int64Counter] interface is
+// extended (which is something that can happen without a major version bump of
+// the API package).
+type Int64Counter interface{ int64Counter() }
+
+// Int64Histogram is embedded in
+// [go.opentelemetry.io/otel/metric.Int64Histogram].
+//
+// Embed this interface in your implementation of the
+// [go.opentelemetry.io/otel/metric.Int64Histogram] if you want
+// users to experience a compilation error, signaling they need to update to
+// your latest implementation, when the
+// [go.opentelemetry.io/otel/metric.Int64Histogram] interface is
+// extended (which is something that can happen without a major version bump of
+// the API package).
+type Int64Histogram interface{ int64Histogram() }
+
+// Int64ObservableCounter is embedded in
+// [go.opentelemetry.io/otel/metric.Int64ObservableCounter].
+//
+// Embed this interface in your implementation of the
+// [go.opentelemetry.io/otel/metric.Int64ObservableCounter] if you
+// want users to experience a compilation error, signaling they need to update
+// to your latest implementation, when the
+// [go.opentelemetry.io/otel/metric.Int64ObservableCounter]
+// interface is extended (which is something that can happen without a major
+// version bump of the API package).
+type Int64ObservableCounter interface{ int64ObservableCounter() }
+
+// Int64ObservableGauge is embedded in
+// [go.opentelemetry.io/otel/metric.Int64ObservableGauge].
+//
+// Embed this interface in your implementation of the
+// [go.opentelemetry.io/otel/metric.Int64ObservableGauge] if you
+// want users to experience a compilation error, signaling they need to update
+// to your latest implementation, when the
+// [go.opentelemetry.io/otel/metric.Int64ObservableGauge] interface
+// is extended (which is something that can happen without a major version bump
+// of the API package).
+type Int64ObservableGauge interface{ int64ObservableGauge() }
+
+// Int64ObservableUpDownCounter is embedded in
+// [go.opentelemetry.io/otel/metric.Int64ObservableUpDownCounter].
+//
+// Embed this interface in your implementation of the
+// [go.opentelemetry.io/otel/metric.Int64ObservableUpDownCounter] if
+// you want users to experience a compilation error, signaling they need to
+// update to your latest implementation, when the
+// [go.opentelemetry.io/otel/metric.Int64ObservableUpDownCounter]
+// interface is extended (which is something that can happen without a major
+// version bump of the API package).
+type Int64ObservableUpDownCounter interface{ int64ObservableUpDownCounter() }
+
+// Int64UpDownCounter is embedded in
+// [go.opentelemetry.io/otel/metric.Int64UpDownCounter].
+//
+// Embed this interface in your implementation of the
+// [go.opentelemetry.io/otel/metric.Int64UpDownCounter] if you want
+// users to experience a compilation error, signaling they need to update to
+// your latest implementation, when the
+// [go.opentelemetry.io/otel/metric.Int64UpDownCounter] interface is
+// extended (which is something that can happen without a major version bump of
+// the API package).
+type Int64UpDownCounter interface{ int64UpDownCounter() }
diff --git a/apis/vendor/go.opentelemetry.io/otel/metric/global/global.go b/apis/vendor/go.opentelemetry.io/otel/metric/global/global.go
deleted file mode 100644
index 05a67c2e9..000000000
--- a/apis/vendor/go.opentelemetry.io/otel/metric/global/global.go
+++ /dev/null
@@ -1,42 +0,0 @@
-// Copyright The OpenTelemetry Authors
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package global // import "go.opentelemetry.io/otel/metric/global"
-
-import (
-	"go.opentelemetry.io/otel/metric"
-	"go.opentelemetry.io/otel/metric/internal/global"
-)
-
-// Meter returns a Meter from the global MeterProvider. The
-// instrumentationName must be the name of the library providing
-// instrumentation. This name may be the same as the instrumented code only if
-// that code provides built-in instrumentation. If the instrumentationName is
-// empty, then a implementation defined default name will be used instead.
-//
-// This is short for MeterProvider().Meter(name).
-func Meter(instrumentationName string, opts ...metric.MeterOption) metric.Meter {
-	return MeterProvider().Meter(instrumentationName, opts...)
-}
-
-// MeterProvider returns the registered global trace provider.
-// If none is registered then a No-op MeterProvider is returned.
-func MeterProvider() metric.MeterProvider {
-	return global.MeterProvider()
-}
-
-// SetMeterProvider registers `mp` as the global meter provider.
-func SetMeterProvider(mp metric.MeterProvider) {
-	global.SetMeterProvider(mp)
-}
diff --git a/apis/vendor/go.opentelemetry.io/otel/metric/instrument.go b/apis/vendor/go.opentelemetry.io/otel/metric/instrument.go
new file mode 100644
index 000000000..be89cd533
--- /dev/null
+++ b/apis/vendor/go.opentelemetry.io/otel/metric/instrument.go
@@ -0,0 +1,357 @@
+// Copyright The OpenTelemetry Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package metric // import "go.opentelemetry.io/otel/metric"
+
+import "go.opentelemetry.io/otel/attribute"
+
+// Observable is used as a grouping mechanism for all instruments that are
+// updated within a Callback.
+type Observable interface {
+	observable()
+}
+
+// InstrumentOption applies options to all instruments.
+type InstrumentOption interface {
+	Int64CounterOption
+	Int64UpDownCounterOption
+	Int64HistogramOption
+	Int64ObservableCounterOption
+	Int64ObservableUpDownCounterOption
+	Int64ObservableGaugeOption
+
+	Float64CounterOption
+	Float64UpDownCounterOption
+	Float64HistogramOption
+	Float64ObservableCounterOption
+	Float64ObservableUpDownCounterOption
+	Float64ObservableGaugeOption
+}
+
+// HistogramOption applies options to histogram instruments.
+type HistogramOption interface {
+	Int64HistogramOption
+	Float64HistogramOption
+}
+
+type descOpt string
+
+func (o descOpt) applyFloat64Counter(c Float64CounterConfig) Float64CounterConfig {
+	c.description = string(o)
+	return c
+}
+
+func (o descOpt) applyFloat64UpDownCounter(c Float64UpDownCounterConfig) Float64UpDownCounterConfig {
+	c.description = string(o)
+	return c
+}
+
+func (o descOpt) applyFloat64Histogram(c Float64HistogramConfig) Float64HistogramConfig {
+	c.description = string(o)
+	return c
+}
+
+func (o descOpt) applyFloat64ObservableCounter(c Float64ObservableCounterConfig) Float64ObservableCounterConfig {
+	c.description = string(o)
+	return c
+}
+
+func (o descOpt) applyFloat64ObservableUpDownCounter(c Float64ObservableUpDownCounterConfig) Float64ObservableUpDownCounterConfig {
+	c.description = string(o)
+	return c
+}
+
+func (o descOpt) applyFloat64ObservableGauge(c Float64ObservableGaugeConfig) Float64ObservableGaugeConfig {
+	c.description = string(o)
+	return c
+}
+
+func (o descOpt) applyInt64Counter(c Int64CounterConfig) Int64CounterConfig {
+	c.description = string(o)
+	return c
+}
+
+func (o descOpt) applyInt64UpDownCounter(c Int64UpDownCounterConfig) Int64UpDownCounterConfig {
+	c.description = string(o)
+	return c
+}
+
+func (o descOpt) applyInt64Histogram(c Int64HistogramConfig) Int64HistogramConfig {
+	c.description = string(o)
+	return c
+}
+
+func (o descOpt) applyInt64ObservableCounter(c Int64ObservableCounterConfig) Int64ObservableCounterConfig {
+	c.description = string(o)
+	return c
+}
+
+func (o descOpt) applyInt64ObservableUpDownCounter(c Int64ObservableUpDownCounterConfig) Int64ObservableUpDownCounterConfig {
+	c.description = string(o)
+	return c
+}
+
+func (o descOpt) applyInt64ObservableGauge(c Int64ObservableGaugeConfig) Int64ObservableGaugeConfig {
+	c.description = string(o)
+	return c
+}
+
+// WithDescription sets the instrument description.
+func WithDescription(desc string) InstrumentOption { return descOpt(desc) }
+
+type unitOpt string
+
+func (o unitOpt) applyFloat64Counter(c Float64CounterConfig) Float64CounterConfig {
+	c.unit = string(o)
+	return c
+}
+
+func (o unitOpt) applyFloat64UpDownCounter(c Float64UpDownCounterConfig) Float64UpDownCounterConfig {
+	c.unit = string(o)
+	return c
+}
+
+func (o unitOpt) applyFloat64Histogram(c Float64HistogramConfig) Float64HistogramConfig {
+	c.unit = string(o)
+	return c
+}
+
+func (o unitOpt) applyFloat64ObservableCounter(c Float64ObservableCounterConfig) Float64ObservableCounterConfig {
+	c.unit = string(o)
+	return c
+}
+
+func (o unitOpt) applyFloat64ObservableUpDownCounter(c Float64ObservableUpDownCounterConfig) Float64ObservableUpDownCounterConfig {
+	c.unit = string(o)
+	return c
+}
+
+func (o unitOpt) applyFloat64ObservableGauge(c Float64ObservableGaugeConfig) Float64ObservableGaugeConfig {
+	c.unit = string(o)
+	return c
+}
+
+func (o unitOpt) applyInt64Counter(c Int64CounterConfig) Int64CounterConfig {
+	c.unit = string(o)
+	return c
+}
+
+func (o unitOpt) applyInt64UpDownCounter(c Int64UpDownCounterConfig) Int64UpDownCounterConfig {
+	c.unit = string(o)
+	return c
+}
+
+func (o unitOpt) applyInt64Histogram(c Int64HistogramConfig) Int64HistogramConfig {
+	c.unit = string(o)
+	return c
+}
+
+func (o unitOpt) applyInt64ObservableCounter(c Int64ObservableCounterConfig) Int64ObservableCounterConfig {
+	c.unit = string(o)
+	return c
+}
+
+func (o unitOpt) applyInt64ObservableUpDownCounter(c Int64ObservableUpDownCounterConfig) Int64ObservableUpDownCounterConfig {
+	c.unit = string(o)
+	return c
+}
+
+func (o unitOpt) applyInt64ObservableGauge(c Int64ObservableGaugeConfig) Int64ObservableGaugeConfig {
+	c.unit = string(o)
+	return c
+}
+
+// WithUnit sets the instrument unit.
+//
+// The unit u should be defined using the appropriate [UCUM](https://ucum.org) case-sensitive code.
+func WithUnit(u string) InstrumentOption { return unitOpt(u) }
+
+// WithExplicitBucketBoundaries sets the instrument explicit bucket boundaries.
+//
+// This option is considered "advisory", and may be ignored by API implementations.
+func WithExplicitBucketBoundaries(bounds ...float64) HistogramOption { return bucketOpt(bounds) }
+
+type bucketOpt []float64
+
+func (o bucketOpt) applyFloat64Histogram(c Float64HistogramConfig) Float64HistogramConfig {
+	c.explicitBucketBoundaries = o
+	return c
+}
+
+func (o bucketOpt) applyInt64Histogram(c Int64HistogramConfig) Int64HistogramConfig {
+	c.explicitBucketBoundaries = o
+	return c
+}
+
+// AddOption applies options to an addition measurement. See
+// [MeasurementOption] for other options that can be used as an AddOption.
+type AddOption interface {
+	applyAdd(AddConfig) AddConfig
+}
+
+// AddConfig contains options for an addition measurement.
+type AddConfig struct {
+	attrs attribute.Set
+}
+
+// NewAddConfig returns a new [AddConfig] with all opts applied.
+func NewAddConfig(opts []AddOption) AddConfig {
+	config := AddConfig{attrs: *attribute.EmptySet()}
+	for _, o := range opts {
+		config = o.applyAdd(config)
+	}
+	return config
+}
+
+// Attributes returns the configured attribute set.
+func (c AddConfig) Attributes() attribute.Set {
+	return c.attrs
+}
+
+// RecordOption applies options to an addition measurement. See
+// [MeasurementOption] for other options that can be used as a RecordOption.
+type RecordOption interface {
+	applyRecord(RecordConfig) RecordConfig
+}
+
+// RecordConfig contains options for a recorded measurement.
+type RecordConfig struct {
+	attrs attribute.Set
+}
+
+// NewRecordConfig returns a new [RecordConfig] with all opts applied.
+func NewRecordConfig(opts []RecordOption) RecordConfig {
+	config := RecordConfig{attrs: *attribute.EmptySet()}
+	for _, o := range opts {
+		config = o.applyRecord(config)
+	}
+	return config
+}
+
+// Attributes returns the configured attribute set.
+func (c RecordConfig) Attributes() attribute.Set {
+	return c.attrs
+}
+
+// ObserveOption applies options to an addition measurement. See
+// [MeasurementOption] for other options that can be used as a ObserveOption.
+type ObserveOption interface {
+	applyObserve(ObserveConfig) ObserveConfig
+}
+
+// ObserveConfig contains options for an observed measurement.
+type ObserveConfig struct {
+	attrs attribute.Set
+}
+
+// NewObserveConfig returns a new [ObserveConfig] with all opts applied.
+func NewObserveConfig(opts []ObserveOption) ObserveConfig {
+	config := ObserveConfig{attrs: *attribute.EmptySet()}
+	for _, o := range opts {
+		config = o.applyObserve(config)
+	}
+	return config
+}
+
+// Attributes returns the configured attribute set.
+func (c ObserveConfig) Attributes() attribute.Set {
+	return c.attrs
+}
+
+// MeasurementOption applies options to all instrument measurement.
+type MeasurementOption interface {
+	AddOption
+	RecordOption
+	ObserveOption
+}
+
+type attrOpt struct {
+	set attribute.Set
+}
+
+// mergeSets returns the union of keys between a and b. Any duplicate keys will
+// use the value associated with b.
+func mergeSets(a, b attribute.Set) attribute.Set {
+	// NewMergeIterator uses the first value for any duplicates.
+	iter := attribute.NewMergeIterator(&b, &a)
+	merged := make([]attribute.KeyValue, 0, a.Len()+b.Len())
+	for iter.Next() {
+		merged = append(merged, iter.Attribute())
+	}
+	return attribute.NewSet(merged...)
+}
+
+func (o attrOpt) applyAdd(c AddConfig) AddConfig {
+	switch {
+	case o.set.Len() == 0:
+	case c.attrs.Len() == 0:
+		c.attrs = o.set
+	default:
+		c.attrs = mergeSets(c.attrs, o.set)
+	}
+	return c
+}
+
+func (o attrOpt) applyRecord(c RecordConfig) RecordConfig {
+	switch {
+	case o.set.Len() == 0:
+	case c.attrs.Len() == 0:
+		c.attrs = o.set
+	default:
+		c.attrs = mergeSets(c.attrs, o.set)
+	}
+	return c
+}
+
+func (o attrOpt) applyObserve(c ObserveConfig) ObserveConfig {
+	switch {
+	case o.set.Len() == 0:
+	case c.attrs.Len() == 0:
+		c.attrs = o.set
+	default:
+		c.attrs = mergeSets(c.attrs, o.set)
+	}
+	return c
+}
+
+// WithAttributeSet sets the attribute Set associated with a measurement is
+// made with.
+//
+// If multiple WithAttributeSet or WithAttributes options are passed the
+// attributes will be merged together in the order they are passed. Attributes
+// with duplicate keys will use the last value passed.
+func WithAttributeSet(attributes attribute.Set) MeasurementOption {
+	return attrOpt{set: attributes}
+}
+
+// WithAttributes converts attributes into an attribute Set and sets the Set to
+// be associated with a measurement. This is shorthand for:
+//
+//	cp := make([]attribute.KeyValue, len(attributes))
+//	copy(cp, attributes)
+//	WithAttributes(attribute.NewSet(cp...))
+//
+// [attribute.NewSet] may modify the passed attributes so this will make a copy
+// of attributes before creating a set in order to ensure this function is
+// concurrent safe. This makes this option function less optimized in
+// comparison to [WithAttributeSet]. Therefore, [WithAttributeSet] should be
+// preferred for performance sensitive code.
+//
+// See [WithAttributeSet] for information about how multiple WithAttributes are
+// merged.
+func WithAttributes(attributes ...attribute.KeyValue) MeasurementOption {
+	cp := make([]attribute.KeyValue, len(attributes))
+	copy(cp, attributes)
+	return attrOpt{set: attribute.NewSet(cp...)}
+}
diff --git a/apis/vendor/go.opentelemetry.io/otel/metric/instrument/asyncfloat64/asyncfloat64.go b/apis/vendor/go.opentelemetry.io/otel/metric/instrument/asyncfloat64/asyncfloat64.go
deleted file mode 100644
index 370715f69..000000000
--- a/apis/vendor/go.opentelemetry.io/otel/metric/instrument/asyncfloat64/asyncfloat64.go
+++ /dev/null
@@ -1,70 +0,0 @@
-// Copyright The OpenTelemetry Authors
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package asyncfloat64 // import "go.opentelemetry.io/otel/metric/instrument/asyncfloat64"
-
-import (
-	"context"
-
-	"go.opentelemetry.io/otel/attribute"
-	"go.opentelemetry.io/otel/metric/instrument"
-)
-
-// InstrumentProvider provides access to individual instruments.
-type InstrumentProvider interface {
-	// Counter creates an instrument for recording increasing values.
-	Counter(name string, opts ...instrument.Option) (Counter, error)
-
-	// UpDownCounter creates an instrument for recording changes of a value.
-	UpDownCounter(name string, opts ...instrument.Option) (UpDownCounter, error)
-
-	// Gauge creates an instrument for recording the current value.
-	Gauge(name string, opts ...instrument.Option) (Gauge, error)
-}
-
-// Counter is an instrument that records increasing values.
-type Counter interface {
-	// Observe records the state of the instrument.
-	//
-	// It is only valid to call this within a callback. If called outside of the
-	// registered callback it should have no effect on the instrument, and an
-	// error will be reported via the error handler.
-	Observe(ctx context.Context, x float64, attrs ...attribute.KeyValue)
-
-	instrument.Asynchronous
-}
-
-// UpDownCounter is an instrument that records increasing or decreasing values.
-type UpDownCounter interface {
-	// Observe records the state of the instrument.
-	//
-	// It is only valid to call this within a callback. If called outside of the
-	// registered callback it should have no effect on the instrument, and an
-	// error will be reported via the error handler.
-	Observe(ctx context.Context, x float64, attrs ...attribute.KeyValue)
-
-	instrument.Asynchronous
-}
-
-// Gauge is an instrument that records independent readings.
-type Gauge interface {
-	// Observe records the state of the instrument.
-	//
-	// It is only valid to call this within a callback. If called outside of the
-	// registered callback it should have no effect on the instrument, and an
-	// error will be reported via the error handler.
-	Observe(ctx context.Context, x float64, attrs ...attribute.KeyValue)
-
-	instrument.Asynchronous
-}
diff --git a/apis/vendor/go.opentelemetry.io/otel/metric/instrument/asyncint64/asyncint64.go b/apis/vendor/go.opentelemetry.io/otel/metric/instrument/asyncint64/asyncint64.go
deleted file mode 100644
index 41a561bc4..000000000
--- a/apis/vendor/go.opentelemetry.io/otel/metric/instrument/asyncint64/asyncint64.go
+++ /dev/null
@@ -1,70 +0,0 @@
-// Copyright The OpenTelemetry Authors
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package asyncint64 // import "go.opentelemetry.io/otel/metric/instrument/asyncint64"
-
-import (
-	"context"
-
-	"go.opentelemetry.io/otel/attribute"
-	"go.opentelemetry.io/otel/metric/instrument"
-)
-
-// InstrumentProvider provides access to individual instruments.
-type InstrumentProvider interface {
-	// Counter creates an instrument for recording increasing values.
-	Counter(name string, opts ...instrument.Option) (Counter, error)
-
-	// UpDownCounter creates an instrument for recording changes of a value.
-	UpDownCounter(name string, opts ...instrument.Option) (UpDownCounter, error)
-
-	// Gauge creates an instrument for recording the current value.
-	Gauge(name string, opts ...instrument.Option) (Gauge, error)
-}
-
-// Counter is an instrument that records increasing values.
-type Counter interface {
-	// Observe records the state of the instrument.
-	//
-	// It is only valid to call this within a callback. If called outside of the
-	// registered callback it should have no effect on the instrument, and an
-	// error will be reported via the error handler.
-	Observe(ctx context.Context, x int64, attrs ...attribute.KeyValue)
-
-	instrument.Asynchronous
-}
-
-// UpDownCounter is an instrument that records increasing or decreasing values.
-type UpDownCounter interface {
-	// Observe records the state of the instrument.
-	//
-	// It is only valid to call this within a callback. If called outside of the
-	// registered callback it should have no effect on the instrument, and an
-	// error will be reported via the error handler.
-	Observe(ctx context.Context, x int64, attrs ...attribute.KeyValue)
-
-	instrument.Asynchronous
-}
-
-// Gauge is an instrument that records independent readings.
-type Gauge interface {
-	// Observe records the state of the instrument.
-	//
-	// It is only valid to call this within a callback. If called outside of the
-	// registered callback it should have no effect on the instrument, and an
-	// error will be reported via the error handler.
-	Observe(ctx context.Context, x int64, attrs ...attribute.KeyValue)
-
-	instrument.Asynchronous
-}
diff --git a/apis/vendor/go.opentelemetry.io/otel/metric/instrument/config.go b/apis/vendor/go.opentelemetry.io/otel/metric/instrument/config.go
deleted file mode 100644
index 8778bce16..000000000
--- a/apis/vendor/go.opentelemetry.io/otel/metric/instrument/config.go
+++ /dev/null
@@ -1,69 +0,0 @@
-// Copyright The OpenTelemetry Authors
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package instrument // import "go.opentelemetry.io/otel/metric/instrument"
-
-import "go.opentelemetry.io/otel/metric/unit"
-
-// Config contains options for metric instrument descriptors.
-type Config struct {
-	description string
-	unit        unit.Unit
-}
-
-// Description describes the instrument in human-readable terms.
-func (cfg Config) Description() string {
-	return cfg.description
-}
-
-// Unit describes the measurement unit for an instrument.
-func (cfg Config) Unit() unit.Unit {
-	return cfg.unit
-}
-
-// Option is an interface for applying metric instrument options.
-type Option interface {
-	applyInstrument(Config) Config
-}
-
-// NewConfig creates a new Config and applies all the given options.
-func NewConfig(opts ...Option) Config {
-	var config Config
-	for _, o := range opts {
-		config = o.applyInstrument(config)
-	}
-	return config
-}
-
-type optionFunc func(Config) Config
-
-func (fn optionFunc) applyInstrument(cfg Config) Config {
-	return fn(cfg)
-}
-
-// WithDescription applies provided description.
-func WithDescription(desc string) Option {
-	return optionFunc(func(cfg Config) Config {
-		cfg.description = desc
-		return cfg
-	})
-}
-
-// WithUnit applies provided unit.
-func WithUnit(u unit.Unit) Option {
-	return optionFunc(func(cfg Config) Config {
-		cfg.unit = u
-		return cfg
-	})
-}
diff --git a/apis/vendor/go.opentelemetry.io/otel/metric/instrument/instrument.go b/apis/vendor/go.opentelemetry.io/otel/metric/instrument/instrument.go
deleted file mode 100644
index e1bbb850d..000000000
--- a/apis/vendor/go.opentelemetry.io/otel/metric/instrument/instrument.go
+++ /dev/null
@@ -1,30 +0,0 @@
-// Copyright The OpenTelemetry Authors
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package instrument // import "go.opentelemetry.io/otel/metric/instrument"
-
-// Asynchronous instruments are instruments that are updated within a Callback.
-// If an instrument is observed outside of it's callback it should be an error.
-//
-// This interface is used as a grouping mechanism.
-type Asynchronous interface {
-	asynchronous()
-}
-
-// Synchronous instruments are updated in line with application code.
-//
-// This interface is used as a grouping mechanism.
-type Synchronous interface {
-	synchronous()
-}
diff --git a/apis/vendor/go.opentelemetry.io/otel/metric/instrument/syncfloat64/syncfloat64.go b/apis/vendor/go.opentelemetry.io/otel/metric/instrument/syncfloat64/syncfloat64.go
deleted file mode 100644
index 435db1127..000000000
--- a/apis/vendor/go.opentelemetry.io/otel/metric/instrument/syncfloat64/syncfloat64.go
+++ /dev/null
@@ -1,56 +0,0 @@
-// Copyright The OpenTelemetry Authors
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package syncfloat64 // import "go.opentelemetry.io/otel/metric/instrument/syncfloat64"
-
-import (
-	"context"
-
-	"go.opentelemetry.io/otel/attribute"
-	"go.opentelemetry.io/otel/metric/instrument"
-)
-
-// InstrumentProvider provides access to individual instruments.
-type InstrumentProvider interface {
-	// Counter creates an instrument for recording increasing values.
-	Counter(name string, opts ...instrument.Option) (Counter, error)
-	// UpDownCounter creates an instrument for recording changes of a value.
-	UpDownCounter(name string, opts ...instrument.Option) (UpDownCounter, error)
-	// Histogram creates an instrument for recording a distribution of values.
-	Histogram(name string, opts ...instrument.Option) (Histogram, error)
-}
-
-// Counter is an instrument that records increasing values.
-type Counter interface {
-	// Add records a change to the counter.
-	Add(ctx context.Context, incr float64, attrs ...attribute.KeyValue)
-
-	instrument.Synchronous
-}
-
-// UpDownCounter is an instrument that records increasing or decreasing values.
-type UpDownCounter interface {
-	// Add records a change to the counter.
-	Add(ctx context.Context, incr float64, attrs ...attribute.KeyValue)
-
-	instrument.Synchronous
-}
-
-// Histogram is an instrument that records a distribution of values.
-type Histogram interface {
-	// Record adds an additional value to the distribution.
-	Record(ctx context.Context, incr float64, attrs ...attribute.KeyValue)
-
-	instrument.Synchronous
-}
diff --git a/apis/vendor/go.opentelemetry.io/otel/metric/instrument/syncint64/syncint64.go b/apis/vendor/go.opentelemetry.io/otel/metric/instrument/syncint64/syncint64.go
deleted file mode 100644
index c77a46728..000000000
--- a/apis/vendor/go.opentelemetry.io/otel/metric/instrument/syncint64/syncint64.go
+++ /dev/null
@@ -1,56 +0,0 @@
-// Copyright The OpenTelemetry Authors
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package syncint64 // import "go.opentelemetry.io/otel/metric/instrument/syncint64"
-
-import (
-	"context"
-
-	"go.opentelemetry.io/otel/attribute"
-	"go.opentelemetry.io/otel/metric/instrument"
-)
-
-// InstrumentProvider provides access to individual instruments.
-type InstrumentProvider interface {
-	// Counter creates an instrument for recording increasing values.
-	Counter(name string, opts ...instrument.Option) (Counter, error)
-	// UpDownCounter creates an instrument for recording changes of a value.
-	UpDownCounter(name string, opts ...instrument.Option) (UpDownCounter, error)
-	// Histogram creates an instrument for recording a distribution of values.
-	Histogram(name string, opts ...instrument.Option) (Histogram, error)
-}
-
-// Counter is an instrument that records increasing values.
-type Counter interface {
-	// Add records a change to the counter.
-	Add(ctx context.Context, incr int64, attrs ...attribute.KeyValue)
-
-	instrument.Synchronous
-}
-
-// UpDownCounter is an instrument that records increasing or decreasing values.
-type UpDownCounter interface {
-	// Add records a change to the counter.
-	Add(ctx context.Context, incr int64, attrs ...attribute.KeyValue)
-
-	instrument.Synchronous
-}
-
-// Histogram is an instrument that records a distribution of values.
-type Histogram interface {
-	// Record adds an additional value to the distribution.
-	Record(ctx context.Context, incr int64, attrs ...attribute.KeyValue)
-
-	instrument.Synchronous
-}
diff --git a/apis/vendor/go.opentelemetry.io/otel/metric/internal/global/instruments.go b/apis/vendor/go.opentelemetry.io/otel/metric/internal/global/instruments.go
deleted file mode 100644
index aed8b6660..000000000
--- a/apis/vendor/go.opentelemetry.io/otel/metric/internal/global/instruments.go
+++ /dev/null
@@ -1,360 +0,0 @@
-// Copyright The OpenTelemetry Authors
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package global // import "go.opentelemetry.io/otel/metric/internal/global"
-
-import (
-	"context"
-	"sync/atomic"
-
-	"go.opentelemetry.io/otel"
-	"go.opentelemetry.io/otel/attribute"
-	"go.opentelemetry.io/otel/metric"
-	"go.opentelemetry.io/otel/metric/instrument"
-	"go.opentelemetry.io/otel/metric/instrument/asyncfloat64"
-	"go.opentelemetry.io/otel/metric/instrument/asyncint64"
-	"go.opentelemetry.io/otel/metric/instrument/syncfloat64"
-	"go.opentelemetry.io/otel/metric/instrument/syncint64"
-)
-
-type afCounter struct {
-	name string
-	opts []instrument.Option
-
-	delegate atomic.Value //asyncfloat64.Counter
-
-	instrument.Asynchronous
-}
-
-func (i *afCounter) setDelegate(m metric.Meter) {
-	ctr, err := m.AsyncFloat64().Counter(i.name, i.opts...)
-	if err != nil {
-		otel.Handle(err)
-		return
-	}
-	i.delegate.Store(ctr)
-}
-
-func (i *afCounter) Observe(ctx context.Context, x float64, attrs ...attribute.KeyValue) {
-	if ctr := i.delegate.Load(); ctr != nil {
-		ctr.(asyncfloat64.Counter).Observe(ctx, x, attrs...)
-	}
-}
-
-func (i *afCounter) unwrap() instrument.Asynchronous {
-	if ctr := i.delegate.Load(); ctr != nil {
-		return ctr.(asyncfloat64.Counter)
-	}
-	return nil
-}
-
-type afUpDownCounter struct {
-	name string
-	opts []instrument.Option
-
-	delegate atomic.Value //asyncfloat64.UpDownCounter
-
-	instrument.Asynchronous
-}
-
-func (i *afUpDownCounter) setDelegate(m metric.Meter) {
-	ctr, err := m.AsyncFloat64().UpDownCounter(i.name, i.opts...)
-	if err != nil {
-		otel.Handle(err)
-		return
-	}
-	i.delegate.Store(ctr)
-}
-
-func (i *afUpDownCounter) Observe(ctx context.Context, x float64, attrs ...attribute.KeyValue) {
-	if ctr := i.delegate.Load(); ctr != nil {
-		ctr.(asyncfloat64.UpDownCounter).Observe(ctx, x, attrs...)
-	}
-}
-
-func (i *afUpDownCounter) unwrap() instrument.Asynchronous {
-	if ctr := i.delegate.Load(); ctr != nil {
-		return ctr.(asyncfloat64.UpDownCounter)
-	}
-	return nil
-}
-
-type afGauge struct {
-	name string
-	opts []instrument.Option
-
-	delegate atomic.Value //asyncfloat64.Gauge
-
-	instrument.Asynchronous
-}
-
-func (i *afGauge) setDelegate(m metric.Meter) {
-	ctr, err := m.AsyncFloat64().Gauge(i.name, i.opts...)
-	if err != nil {
-		otel.Handle(err)
-		return
-	}
-	i.delegate.Store(ctr)
-}
-
-func (i *afGauge) Observe(ctx context.Context, x float64, attrs ...attribute.KeyValue) {
-	if ctr := i.delegate.Load(); ctr != nil {
-		ctr.(asyncfloat64.Gauge).Observe(ctx, x, attrs...)
-	}
-}
-
-func (i *afGauge) unwrap() instrument.Asynchronous {
-	if ctr := i.delegate.Load(); ctr != nil {
-		return ctr.(asyncfloat64.Gauge)
-	}
-	return nil
-}
-
-type aiCounter struct {
-	name string
-	opts []instrument.Option
-
-	delegate atomic.Value //asyncint64.Counter
-
-	instrument.Asynchronous
-}
-
-func (i *aiCounter) setDelegate(m metric.Meter) {
-	ctr, err := m.AsyncInt64().Counter(i.name, i.opts...)
-	if err != nil {
-		otel.Handle(err)
-		return
-	}
-	i.delegate.Store(ctr)
-}
-
-func (i *aiCounter) Observe(ctx context.Context, x int64, attrs ...attribute.KeyValue) {
-	if ctr := i.delegate.Load(); ctr != nil {
-		ctr.(asyncint64.Counter).Observe(ctx, x, attrs...)
-	}
-}
-
-func (i *aiCounter) unwrap() instrument.Asynchronous {
-	if ctr := i.delegate.Load(); ctr != nil {
-		return ctr.(asyncint64.Counter)
-	}
-	return nil
-}
-
-type aiUpDownCounter struct {
-	name string
-	opts []instrument.Option
-
-	delegate atomic.Value //asyncint64.UpDownCounter
-
-	instrument.Asynchronous
-}
-
-func (i *aiUpDownCounter) setDelegate(m metric.Meter) {
-	ctr, err := m.AsyncInt64().UpDownCounter(i.name, i.opts...)
-	if err != nil {
-		otel.Handle(err)
-		return
-	}
-	i.delegate.Store(ctr)
-}
-
-func (i *aiUpDownCounter) Observe(ctx context.Context, x int64, attrs ...attribute.KeyValue) {
-	if ctr := i.delegate.Load(); ctr != nil {
-		ctr.(asyncint64.UpDownCounter).Observe(ctx, x, attrs...)
-	}
-}
-
-func (i *aiUpDownCounter) unwrap() instrument.Asynchronous {
-	if ctr := i.delegate.Load(); ctr != nil {
-		return ctr.(asyncint64.UpDownCounter)
-	}
-	return nil
-}
-
-type aiGauge struct {
-	name string
-	opts []instrument.Option
-
-	delegate atomic.Value //asyncint64.Gauge
-
-	instrument.Asynchronous
-}
-
-func (i *aiGauge) setDelegate(m metric.Meter) {
-	ctr, err := m.AsyncInt64().Gauge(i.name, i.opts...)
-	if err != nil {
-		otel.Handle(err)
-		return
-	}
-	i.delegate.Store(ctr)
-}
-
-func (i *aiGauge) Observe(ctx context.Context, x int64, attrs ...attribute.KeyValue) {
-	if ctr := i.delegate.Load(); ctr != nil {
-		ctr.(asyncint64.Gauge).Observe(ctx, x, attrs...)
-	}
-}
-
-func (i *aiGauge) unwrap() instrument.Asynchronous {
-	if ctr := i.delegate.Load(); ctr != nil {
-		return ctr.(asyncint64.Gauge)
-	}
-	return nil
-}
-
-//Sync Instruments.
-type sfCounter struct {
-	name string
-	opts []instrument.Option
-
-	delegate atomic.Value //syncfloat64.Counter
-
-	instrument.Synchronous
-}
-
-func (i *sfCounter) setDelegate(m metric.Meter) {
-	ctr, err := m.SyncFloat64().Counter(i.name, i.opts...)
-	if err != nil {
-		otel.Handle(err)
-		return
-	}
-	i.delegate.Store(ctr)
-}
-
-func (i *sfCounter) Add(ctx context.Context, incr float64, attrs ...attribute.KeyValue) {
-	if ctr := i.delegate.Load(); ctr != nil {
-		ctr.(syncfloat64.Counter).Add(ctx, incr, attrs...)
-	}
-}
-
-type sfUpDownCounter struct {
-	name string
-	opts []instrument.Option
-
-	delegate atomic.Value //syncfloat64.UpDownCounter
-
-	instrument.Synchronous
-}
-
-func (i *sfUpDownCounter) setDelegate(m metric.Meter) {
-	ctr, err := m.SyncFloat64().UpDownCounter(i.name, i.opts...)
-	if err != nil {
-		otel.Handle(err)
-		return
-	}
-	i.delegate.Store(ctr)
-}
-
-func (i *sfUpDownCounter) Add(ctx context.Context, incr float64, attrs ...attribute.KeyValue) {
-	if ctr := i.delegate.Load(); ctr != nil {
-		ctr.(syncfloat64.UpDownCounter).Add(ctx, incr, attrs...)
-	}
-}
-
-type sfHistogram struct {
-	name string
-	opts []instrument.Option
-
-	delegate atomic.Value //syncfloat64.Histogram
-
-	instrument.Synchronous
-}
-
-func (i *sfHistogram) setDelegate(m metric.Meter) {
-	ctr, err := m.SyncFloat64().Histogram(i.name, i.opts...)
-	if err != nil {
-		otel.Handle(err)
-		return
-	}
-	i.delegate.Store(ctr)
-}
-
-func (i *sfHistogram) Record(ctx context.Context, x float64, attrs ...attribute.KeyValue) {
-	if ctr := i.delegate.Load(); ctr != nil {
-		ctr.(syncfloat64.Histogram).Record(ctx, x, attrs...)
-	}
-}
-
-type siCounter struct {
-	name string
-	opts []instrument.Option
-
-	delegate atomic.Value //syncint64.Counter
-
-	instrument.Synchronous
-}
-
-func (i *siCounter) setDelegate(m metric.Meter) {
-	ctr, err := m.SyncInt64().Counter(i.name, i.opts...)
-	if err != nil {
-		otel.Handle(err)
-		return
-	}
-	i.delegate.Store(ctr)
-}
-
-func (i *siCounter) Add(ctx context.Context, x int64, attrs ...attribute.KeyValue) {
-	if ctr := i.delegate.Load(); ctr != nil {
-		ctr.(syncint64.Counter).Add(ctx, x, attrs...)
-	}
-}
-
-type siUpDownCounter struct {
-	name string
-	opts []instrument.Option
-
-	delegate atomic.Value //syncint64.UpDownCounter
-
-	instrument.Synchronous
-}
-
-func (i *siUpDownCounter) setDelegate(m metric.Meter) {
-	ctr, err := m.SyncInt64().UpDownCounter(i.name, i.opts...)
-	if err != nil {
-		otel.Handle(err)
-		return
-	}
-	i.delegate.Store(ctr)
-}
-
-func (i *siUpDownCounter) Add(ctx context.Context, x int64, attrs ...attribute.KeyValue) {
-	if ctr := i.delegate.Load(); ctr != nil {
-		ctr.(syncint64.UpDownCounter).Add(ctx, x, attrs...)
-	}
-}
-
-type siHistogram struct {
-	name string
-	opts []instrument.Option
-
-	delegate atomic.Value //syncint64.Histogram
-
-	instrument.Synchronous
-}
-
-func (i *siHistogram) setDelegate(m metric.Meter) {
-	ctr, err := m.SyncInt64().Histogram(i.name, i.opts...)
-	if err != nil {
-		otel.Handle(err)
-		return
-	}
-	i.delegate.Store(ctr)
-}
-
-func (i *siHistogram) Record(ctx context.Context, x int64, attrs ...attribute.KeyValue) {
-	if ctr := i.delegate.Load(); ctr != nil {
-		ctr.(syncint64.Histogram).Record(ctx, x, attrs...)
-	}
-}
diff --git a/apis/vendor/go.opentelemetry.io/otel/metric/internal/global/meter.go b/apis/vendor/go.opentelemetry.io/otel/metric/internal/global/meter.go
deleted file mode 100644
index 0fa924f39..000000000
--- a/apis/vendor/go.opentelemetry.io/otel/metric/internal/global/meter.go
+++ /dev/null
@@ -1,347 +0,0 @@
-// Copyright The OpenTelemetry Authors
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package global // import "go.opentelemetry.io/otel/metric/internal/global"
-
-import (
-	"context"
-	"sync"
-	"sync/atomic"
-
-	"go.opentelemetry.io/otel"
-	"go.opentelemetry.io/otel/metric"
-	"go.opentelemetry.io/otel/metric/instrument"
-	"go.opentelemetry.io/otel/metric/instrument/asyncfloat64"
-	"go.opentelemetry.io/otel/metric/instrument/asyncint64"
-	"go.opentelemetry.io/otel/metric/instrument/syncfloat64"
-	"go.opentelemetry.io/otel/metric/instrument/syncint64"
-)
-
-// meterProvider is a placeholder for a configured SDK MeterProvider.
-//
-// All MeterProvider functionality is forwarded to a delegate once
-// configured.
-type meterProvider struct {
-	mtx    sync.Mutex
-	meters map[il]*meter
-
-	delegate metric.MeterProvider
-}
-
-type il struct {
-	name    string
-	version string
-}
-
-// setDelegate configures p to delegate all MeterProvider functionality to
-// provider.
-//
-// All Meters provided prior to this function call are switched out to be
-// Meters provided by provider. All instruments and callbacks are recreated and
-// delegated.
-//
-// It is guaranteed by the caller that this happens only once.
-func (p *meterProvider) setDelegate(provider metric.MeterProvider) {
-	p.mtx.Lock()
-	defer p.mtx.Unlock()
-
-	p.delegate = provider
-
-	if len(p.meters) == 0 {
-		return
-	}
-
-	for _, meter := range p.meters {
-		meter.setDelegate(provider)
-	}
-
-	p.meters = nil
-}
-
-// Meter implements MeterProvider.
-func (p *meterProvider) Meter(name string, opts ...metric.MeterOption) metric.Meter {
-	p.mtx.Lock()
-	defer p.mtx.Unlock()
-
-	if p.delegate != nil {
-		return p.delegate.Meter(name, opts...)
-	}
-
-	// At this moment it is guaranteed that no sdk is installed, save the meter in the meters map.
-
-	c := metric.NewMeterConfig(opts...)
-	key := il{
-		name:    name,
-		version: c.InstrumentationVersion(),
-	}
-
-	if p.meters == nil {
-		p.meters = make(map[il]*meter)
-	}
-
-	if val, ok := p.meters[key]; ok {
-		return val
-	}
-
-	t := &meter{name: name, opts: opts}
-	p.meters[key] = t
-	return t
-}
-
-// meter is a placeholder for a metric.Meter.
-//
-// All Meter functionality is forwarded to a delegate once configured.
-// Otherwise, all functionality is forwarded to a NoopMeter.
-type meter struct {
-	name string
-	opts []metric.MeterOption
-
-	mtx         sync.Mutex
-	instruments []delegatedInstrument
-	callbacks   []delegatedCallback
-
-	delegate atomic.Value // metric.Meter
-}
-
-type delegatedInstrument interface {
-	setDelegate(metric.Meter)
-}
-
-// setDelegate configures m to delegate all Meter functionality to Meters
-// created by provider.
-//
-// All subsequent calls to the Meter methods will be passed to the delegate.
-//
-// It is guaranteed by the caller that this happens only once.
-func (m *meter) setDelegate(provider metric.MeterProvider) {
-	meter := provider.Meter(m.name, m.opts...)
-	m.delegate.Store(meter)
-
-	m.mtx.Lock()
-	defer m.mtx.Unlock()
-
-	for _, inst := range m.instruments {
-		inst.setDelegate(meter)
-	}
-
-	for _, callback := range m.callbacks {
-		callback.setDelegate(meter)
-	}
-
-	m.instruments = nil
-	m.callbacks = nil
-}
-
-// AsyncInt64 is the namespace for the Asynchronous Integer instruments.
-//
-// To Observe data with instruments it must be registered in a callback.
-func (m *meter) AsyncInt64() asyncint64.InstrumentProvider {
-	if del, ok := m.delegate.Load().(metric.Meter); ok {
-		return del.AsyncInt64()
-	}
-	return (*aiInstProvider)(m)
-}
-
-// AsyncFloat64 is the namespace for the Asynchronous Float instruments.
-//
-// To Observe data with instruments it must be registered in a callback.
-func (m *meter) AsyncFloat64() asyncfloat64.InstrumentProvider {
-	if del, ok := m.delegate.Load().(metric.Meter); ok {
-		return del.AsyncFloat64()
-	}
-	return (*afInstProvider)(m)
-}
-
-// RegisterCallback captures the function that will be called during Collect.
-//
-// It is only valid to call Observe within the scope of the passed function,
-// and only on the instruments that were registered with this call.
-func (m *meter) RegisterCallback(insts []instrument.Asynchronous, function func(context.Context)) error {
-	if del, ok := m.delegate.Load().(metric.Meter); ok {
-		insts = unwrapInstruments(insts)
-		return del.RegisterCallback(insts, function)
-	}
-
-	m.mtx.Lock()
-	defer m.mtx.Unlock()
-	m.callbacks = append(m.callbacks, delegatedCallback{
-		instruments: insts,
-		function:    function,
-	})
-
-	return nil
-}
-
-type wrapped interface {
-	unwrap() instrument.Asynchronous
-}
-
-func unwrapInstruments(instruments []instrument.Asynchronous) []instrument.Asynchronous {
-	out := make([]instrument.Asynchronous, 0, len(instruments))
-
-	for _, inst := range instruments {
-		if in, ok := inst.(wrapped); ok {
-			out = append(out, in.unwrap())
-		} else {
-			out = append(out, inst)
-		}
-	}
-
-	return out
-}
-
-// SyncInt64 is the namespace for the Synchronous Integer instruments.
-func (m *meter) SyncInt64() syncint64.InstrumentProvider {
-	if del, ok := m.delegate.Load().(metric.Meter); ok {
-		return del.SyncInt64()
-	}
-	return (*siInstProvider)(m)
-}
-
-// SyncFloat64 is the namespace for the Synchronous Float instruments.
-func (m *meter) SyncFloat64() syncfloat64.InstrumentProvider {
-	if del, ok := m.delegate.Load().(metric.Meter); ok {
-		return del.SyncFloat64()
-	}
-	return (*sfInstProvider)(m)
-}
-
-type delegatedCallback struct {
-	instruments []instrument.Asynchronous
-	function    func(context.Context)
-}
-
-func (c *delegatedCallback) setDelegate(m metric.Meter) {
-	insts := unwrapInstruments(c.instruments)
-	err := m.RegisterCallback(insts, c.function)
-	if err != nil {
-		otel.Handle(err)
-	}
-}
-
-type afInstProvider meter
-
-// Counter creates an instrument for recording increasing values.
-func (ip *afInstProvider) Counter(name string, opts ...instrument.Option) (asyncfloat64.Counter, error) {
-	ip.mtx.Lock()
-	defer ip.mtx.Unlock()
-	ctr := &afCounter{name: name, opts: opts}
-	ip.instruments = append(ip.instruments, ctr)
-	return ctr, nil
-}
-
-// UpDownCounter creates an instrument for recording changes of a value.
-func (ip *afInstProvider) UpDownCounter(name string, opts ...instrument.Option) (asyncfloat64.UpDownCounter, error) {
-	ip.mtx.Lock()
-	defer ip.mtx.Unlock()
-	ctr := &afUpDownCounter{name: name, opts: opts}
-	ip.instruments = append(ip.instruments, ctr)
-	return ctr, nil
-}
-
-// Gauge creates an instrument for recording the current value.
-func (ip *afInstProvider) Gauge(name string, opts ...instrument.Option) (asyncfloat64.Gauge, error) {
-	ip.mtx.Lock()
-	defer ip.mtx.Unlock()
-	ctr := &afGauge{name: name, opts: opts}
-	ip.instruments = append(ip.instruments, ctr)
-	return ctr, nil
-}
-
-type aiInstProvider meter
-
-// Counter creates an instrument for recording increasing values.
-func (ip *aiInstProvider) Counter(name string, opts ...instrument.Option) (asyncint64.Counter, error) {
-	ip.mtx.Lock()
-	defer ip.mtx.Unlock()
-	ctr := &aiCounter{name: name, opts: opts}
-	ip.instruments = append(ip.instruments, ctr)
-	return ctr, nil
-}
-
-// UpDownCounter creates an instrument for recording changes of a value.
-func (ip *aiInstProvider) UpDownCounter(name string, opts ...instrument.Option) (asyncint64.UpDownCounter, error) {
-	ip.mtx.Lock()
-	defer ip.mtx.Unlock()
-	ctr := &aiUpDownCounter{name: name, opts: opts}
-	ip.instruments = append(ip.instruments, ctr)
-	return ctr, nil
-}
-
-// Gauge creates an instrument for recording the current value.
-func (ip *aiInstProvider) Gauge(name string, opts ...instrument.Option) (asyncint64.Gauge, error) {
-	ip.mtx.Lock()
-	defer ip.mtx.Unlock()
-	ctr := &aiGauge{name: name, opts: opts}
-	ip.instruments = append(ip.instruments, ctr)
-	return ctr, nil
-}
-
-type sfInstProvider meter
-
-// Counter creates an instrument for recording increasing values.
-func (ip *sfInstProvider) Counter(name string, opts ...instrument.Option) (syncfloat64.Counter, error) {
-	ip.mtx.Lock()
-	defer ip.mtx.Unlock()
-	ctr := &sfCounter{name: name, opts: opts}
-	ip.instruments = append(ip.instruments, ctr)
-	return ctr, nil
-}
-
-// UpDownCounter creates an instrument for recording changes of a value.
-func (ip *sfInstProvider) UpDownCounter(name string, opts ...instrument.Option) (syncfloat64.UpDownCounter, error) {
-	ip.mtx.Lock()
-	defer ip.mtx.Unlock()
-	ctr := &sfUpDownCounter{name: name, opts: opts}
-	ip.instruments = append(ip.instruments, ctr)
-	return ctr, nil
-}
-
-// Histogram creates an instrument for recording a distribution of values.
-func (ip *sfInstProvider) Histogram(name string, opts ...instrument.Option) (syncfloat64.Histogram, error) {
-	ip.mtx.Lock()
-	defer ip.mtx.Unlock()
-	ctr := &sfHistogram{name: name, opts: opts}
-	ip.instruments = append(ip.instruments, ctr)
-	return ctr, nil
-}
-
-type siInstProvider meter
-
-// Counter creates an instrument for recording increasing values.
-func (ip *siInstProvider) Counter(name string, opts ...instrument.Option) (syncint64.Counter, error) {
-	ip.mtx.Lock()
-	defer ip.mtx.Unlock()
-	ctr := &siCounter{name: name, opts: opts}
-	ip.instruments = append(ip.instruments, ctr)
-	return ctr, nil
-}
-
-// UpDownCounter creates an instrument for recording changes of a value.
-func (ip *siInstProvider) UpDownCounter(name string, opts ...instrument.Option) (syncint64.UpDownCounter, error) {
-	ip.mtx.Lock()
-	defer ip.mtx.Unlock()
-	ctr := &siUpDownCounter{name: name, opts: opts}
-	ip.instruments = append(ip.instruments, ctr)
-	return ctr, nil
-}
-
-// Histogram creates an instrument for recording a distribution of values.
-func (ip *siInstProvider) Histogram(name string, opts ...instrument.Option) (syncint64.Histogram, error) {
-	ip.mtx.Lock()
-	defer ip.mtx.Unlock()
-	ctr := &siHistogram{name: name, opts: opts}
-	ip.instruments = append(ip.instruments, ctr)
-	return ctr, nil
-}
diff --git a/apis/vendor/go.opentelemetry.io/otel/metric/internal/global/state.go b/apis/vendor/go.opentelemetry.io/otel/metric/internal/global/state.go
deleted file mode 100644
index 47c0d787d..000000000
--- a/apis/vendor/go.opentelemetry.io/otel/metric/internal/global/state.go
+++ /dev/null
@@ -1,68 +0,0 @@
-// Copyright The OpenTelemetry Authors
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     htmp://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package global // import "go.opentelemetry.io/otel/metric/internal/global"
-
-import (
-	"errors"
-	"sync"
-	"sync/atomic"
-
-	"go.opentelemetry.io/otel/internal/global"
-	"go.opentelemetry.io/otel/metric"
-)
-
-var (
-	globalMeterProvider = defaultMeterProvider()
-
-	delegateMeterOnce sync.Once
-)
-
-type meterProviderHolder struct {
-	mp metric.MeterProvider
-}
-
-// MeterProvider is the internal implementation for global.MeterProvider.
-func MeterProvider() metric.MeterProvider {
-	return globalMeterProvider.Load().(meterProviderHolder).mp
-}
-
-// SetMeterProvider is the internal implementation for global.SetMeterProvider.
-func SetMeterProvider(mp metric.MeterProvider) {
-	current := MeterProvider()
-	if _, cOk := current.(*meterProvider); cOk {
-		if _, mpOk := mp.(*meterProvider); mpOk && current == mp {
-			// Do not assign the default delegating MeterProvider to delegate
-			// to itself.
-			global.Error(
-				errors.New("no delegate configured in meter provider"),
-				"Setting meter provider to it's current value. No delegate will be configured",
-			)
-			return
-		}
-	}
-
-	delegateMeterOnce.Do(func() {
-		if def, ok := current.(*meterProvider); ok {
-			def.setDelegate(mp)
-		}
-	})
-	globalMeterProvider.Store(meterProviderHolder{mp: mp})
-}
-
-func defaultMeterProvider() *atomic.Value {
-	v := &atomic.Value{}
-	v.Store(meterProviderHolder{mp: &meterProvider{}})
-	return v
-}
diff --git a/apis/vendor/go.opentelemetry.io/otel/metric/meter.go b/apis/vendor/go.opentelemetry.io/otel/metric/meter.go
index 21fc1c499..2520bc74a 100644
--- a/apis/vendor/go.opentelemetry.io/otel/metric/meter.go
+++ b/apis/vendor/go.opentelemetry.io/otel/metric/meter.go
@@ -17,44 +17,196 @@ package metric // import "go.opentelemetry.io/otel/metric"
 import (
 	"context"
 
-	"go.opentelemetry.io/otel/metric/instrument"
-	"go.opentelemetry.io/otel/metric/instrument/asyncfloat64"
-	"go.opentelemetry.io/otel/metric/instrument/asyncint64"
-	"go.opentelemetry.io/otel/metric/instrument/syncfloat64"
-	"go.opentelemetry.io/otel/metric/instrument/syncint64"
+	"go.opentelemetry.io/otel/metric/embedded"
 )
 
 // MeterProvider provides access to named Meter instances, for instrumenting
-// an application or library.
+// an application or package.
+//
+// Warning: Methods may be added to this interface in minor releases. See
+// package documentation on API implementation for information on how to set
+// default behavior for unimplemented methods.
 type MeterProvider interface {
-	// Meter creates an instance of a `Meter` interface. The instrumentationName
-	// must be the name of the library providing instrumentation. This name may
-	// be the same as the instrumented code only if that code provides built-in
-	// instrumentation. If the instrumentationName is empty, then a
-	// implementation defined default name will be used instead.
-	Meter(instrumentationName string, opts ...MeterOption) Meter
+	// Users of the interface can ignore this. This embedded type is only used
+	// by implementations of this interface. See the "API Implementations"
+	// section of the package documentation for more information.
+	embedded.MeterProvider
+
+	// Meter returns a new Meter with the provided name and configuration.
+	//
+	// A Meter should be scoped at most to a single package. The name needs to
+	// be unique so it does not collide with other names used by
+	// an application, nor other applications. To achieve this, the import path
+	// of the instrumentation package is recommended to be used as name.
+	//
+	// If the name is empty, then an implementation defined default name will
+	// be used instead.
+	Meter(name string, opts ...MeterOption) Meter
 }
 
 // Meter provides access to instrument instances for recording metrics.
+//
+// Warning: Methods may be added to this interface in minor releases. See
+// package documentation on API implementation for information on how to set
+// default behavior for unimplemented methods.
 type Meter interface {
-	// AsyncInt64 is the namespace for the Asynchronous Integer instruments.
+	// Users of the interface can ignore this. This embedded type is only used
+	// by implementations of this interface. See the "API Implementations"
+	// section of the package documentation for more information.
+	embedded.Meter
+
+	// Int64Counter returns a new Int64Counter instrument identified by name
+	// and configured with options. The instrument is used to synchronously
+	// record increasing int64 measurements during a computational operation.
+	Int64Counter(name string, options ...Int64CounterOption) (Int64Counter, error)
+	// Int64UpDownCounter returns a new Int64UpDownCounter instrument
+	// identified by name and configured with options. The instrument is used
+	// to synchronously record int64 measurements during a computational
+	// operation.
+	Int64UpDownCounter(name string, options ...Int64UpDownCounterOption) (Int64UpDownCounter, error)
+	// Int64Histogram returns a new Int64Histogram instrument identified by
+	// name and configured with options. The instrument is used to
+	// synchronously record the distribution of int64 measurements during a
+	// computational operation.
+	Int64Histogram(name string, options ...Int64HistogramOption) (Int64Histogram, error)
+	// Int64ObservableCounter returns a new Int64ObservableCounter identified
+	// by name and configured with options. The instrument is used to
+	// asynchronously record increasing int64 measurements once per a
+	// measurement collection cycle.
+	//
+	// Measurements for the returned instrument are made via a callback. Use
+	// the WithInt64Callback option to register the callback here, or use the
+	// RegisterCallback method of this Meter to register one later. See the
+	// Measurements section of the package documentation for more information.
+	Int64ObservableCounter(name string, options ...Int64ObservableCounterOption) (Int64ObservableCounter, error)
+	// Int64ObservableUpDownCounter returns a new Int64ObservableUpDownCounter
+	// instrument identified by name and configured with options. The
+	// instrument is used to asynchronously record int64 measurements once per
+	// a measurement collection cycle.
 	//
-	// To Observe data with instruments it must be registered in a callback.
-	AsyncInt64() asyncint64.InstrumentProvider
+	// Measurements for the returned instrument are made via a callback. Use
+	// the WithInt64Callback option to register the callback here, or use the
+	// RegisterCallback method of this Meter to register one later. See the
+	// Measurements section of the package documentation for more information.
+	Int64ObservableUpDownCounter(name string, options ...Int64ObservableUpDownCounterOption) (Int64ObservableUpDownCounter, error)
+	// Int64ObservableGauge returns a new Int64ObservableGauge instrument
+	// identified by name and configured with options. The instrument is used
+	// to asynchronously record instantaneous int64 measurements once per a
+	// measurement collection cycle.
+	//
+	// Measurements for the returned instrument are made via a callback. Use
+	// the WithInt64Callback option to register the callback here, or use the
+	// RegisterCallback method of this Meter to register one later. See the
+	// Measurements section of the package documentation for more information.
+	Int64ObservableGauge(name string, options ...Int64ObservableGaugeOption) (Int64ObservableGauge, error)
 
-	// AsyncFloat64 is the namespace for the Asynchronous Float instruments
+	// Float64Counter returns a new Float64Counter instrument identified by
+	// name and configured with options. The instrument is used to
+	// synchronously record increasing float64 measurements during a
+	// computational operation.
+	Float64Counter(name string, options ...Float64CounterOption) (Float64Counter, error)
+	// Float64UpDownCounter returns a new Float64UpDownCounter instrument
+	// identified by name and configured with options. The instrument is used
+	// to synchronously record float64 measurements during a computational
+	// operation.
+	Float64UpDownCounter(name string, options ...Float64UpDownCounterOption) (Float64UpDownCounter, error)
+	// Float64Histogram returns a new Float64Histogram instrument identified by
+	// name and configured with options. The instrument is used to
+	// synchronously record the distribution of float64 measurements during a
+	// computational operation.
+	Float64Histogram(name string, options ...Float64HistogramOption) (Float64Histogram, error)
+	// Float64ObservableCounter returns a new Float64ObservableCounter
+	// instrument identified by name and configured with options. The
+	// instrument is used to asynchronously record increasing float64
+	// measurements once per a measurement collection cycle.
+	//
+	// Measurements for the returned instrument are made via a callback. Use
+	// the WithFloat64Callback option to register the callback here, or use the
+	// RegisterCallback method of this Meter to register one later. See the
+	// Measurements section of the package documentation for more information.
+	Float64ObservableCounter(name string, options ...Float64ObservableCounterOption) (Float64ObservableCounter, error)
+	// Float64ObservableUpDownCounter returns a new
+	// Float64ObservableUpDownCounter instrument identified by name and
+	// configured with options. The instrument is used to asynchronously record
+	// float64 measurements once per a measurement collection cycle.
+	//
+	// Measurements for the returned instrument are made via a callback. Use
+	// the WithFloat64Callback option to register the callback here, or use the
+	// RegisterCallback method of this Meter to register one later. See the
+	// Measurements section of the package documentation for more information.
+	Float64ObservableUpDownCounter(name string, options ...Float64ObservableUpDownCounterOption) (Float64ObservableUpDownCounter, error)
+	// Float64ObservableGauge returns a new Float64ObservableGauge instrument
+	// identified by name and configured with options. The instrument is used
+	// to asynchronously record instantaneous float64 measurements once per a
+	// measurement collection cycle.
 	//
-	// To Observe data with instruments it must be registered in a callback.
-	AsyncFloat64() asyncfloat64.InstrumentProvider
+	// Measurements for the returned instrument are made via a callback. Use
+	// the WithFloat64Callback option to register the callback here, or use the
+	// RegisterCallback method of this Meter to register one later. See the
+	// Measurements section of the package documentation for more information.
+	Float64ObservableGauge(name string, options ...Float64ObservableGaugeOption) (Float64ObservableGauge, error)
 
-	// RegisterCallback captures the function that will be called during Collect.
+	// RegisterCallback registers f to be called during the collection of a
+	// measurement cycle.
+	//
+	// If Unregister of the returned Registration is called, f needs to be
+	// unregistered and not called during collection.
+	//
+	// The instruments f is registered with are the only instruments that f may
+	// observe values for.
+	//
+	// If no instruments are passed, f should not be registered nor called
+	// during collection.
 	//
-	// It is only valid to call Observe within the scope of the passed function,
-	// and only on the instruments that were registered with this call.
-	RegisterCallback(insts []instrument.Asynchronous, function func(context.Context)) error
+	// The function f needs to be concurrent safe.
+	RegisterCallback(f Callback, instruments ...Observable) (Registration, error)
+}
+
+// Callback is a function registered with a Meter that makes observations for
+// the set of instruments it is registered with. The Observer parameter is used
+// to record measurement observations for these instruments.
+//
+// The function needs to complete in a finite amount of time and the deadline
+// of the passed context is expected to be honored.
+//
+// The function needs to make unique observations across all registered
+// Callbacks. Meaning, it should not report measurements for an instrument with
+// the same attributes as another Callback will report.
+//
+// The function needs to be concurrent safe.
+type Callback func(context.Context, Observer) error
+
+// Observer records measurements for multiple instruments in a Callback.
+//
+// Warning: Methods may be added to this interface in minor releases. See
+// package documentation on API implementation for information on how to set
+// default behavior for unimplemented methods.
+type Observer interface {
+	// Users of the interface can ignore this. This embedded type is only used
+	// by implementations of this interface. See the "API Implementations"
+	// section of the package documentation for more information.
+	embedded.Observer
+
+	// ObserveFloat64 records the float64 value for obsrv.
+	ObserveFloat64(obsrv Float64Observable, value float64, opts ...ObserveOption)
+	// ObserveInt64 records the int64 value for obsrv.
+	ObserveInt64(obsrv Int64Observable, value int64, opts ...ObserveOption)
+}
 
-	// SyncInt64 is the namespace for the Synchronous Integer instruments
-	SyncInt64() syncint64.InstrumentProvider
-	// SyncFloat64 is the namespace for the Synchronous Float instruments
-	SyncFloat64() syncfloat64.InstrumentProvider
+// Registration is an token representing the unique registration of a callback
+// for a set of instruments with a Meter.
+//
+// Warning: Methods may be added to this interface in minor releases. See
+// package documentation on API implementation for information on how to set
+// default behavior for unimplemented methods.
+type Registration interface {
+	// Users of the interface can ignore this. This embedded type is only used
+	// by implementations of this interface. See the "API Implementations"
+	// section of the package documentation for more information.
+	embedded.Registration
+
+	// Unregister removes the callback registration from a Meter.
+	//
+	// This method needs to be idempotent and concurrent safe.
+	Unregister() error
 }
diff --git a/apis/vendor/go.opentelemetry.io/otel/metric/noop.go b/apis/vendor/go.opentelemetry.io/otel/metric/noop.go
deleted file mode 100644
index e8b9a9a14..000000000
--- a/apis/vendor/go.opentelemetry.io/otel/metric/noop.go
+++ /dev/null
@@ -1,181 +0,0 @@
-// Copyright The OpenTelemetry Authors
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package metric // import "go.opentelemetry.io/otel/metric"
-
-import (
-	"context"
-
-	"go.opentelemetry.io/otel/attribute"
-	"go.opentelemetry.io/otel/metric/instrument"
-	"go.opentelemetry.io/otel/metric/instrument/asyncfloat64"
-	"go.opentelemetry.io/otel/metric/instrument/asyncint64"
-	"go.opentelemetry.io/otel/metric/instrument/syncfloat64"
-	"go.opentelemetry.io/otel/metric/instrument/syncint64"
-)
-
-// NewNoopMeterProvider creates a MeterProvider that does not record any metrics.
-func NewNoopMeterProvider() MeterProvider {
-	return noopMeterProvider{}
-}
-
-type noopMeterProvider struct{}
-
-func (noopMeterProvider) Meter(string, ...MeterOption) Meter {
-	return noopMeter{}
-}
-
-// NewNoopMeter creates a Meter that does not record any metrics.
-func NewNoopMeter() Meter {
-	return noopMeter{}
-}
-
-type noopMeter struct{}
-
-// AsyncInt64 creates an instrument that does not record any metrics.
-func (noopMeter) AsyncInt64() asyncint64.InstrumentProvider {
-	return nonrecordingAsyncInt64Instrument{}
-}
-
-// AsyncFloat64 creates an instrument that does not record any metrics.
-func (noopMeter) AsyncFloat64() asyncfloat64.InstrumentProvider {
-	return nonrecordingAsyncFloat64Instrument{}
-}
-
-// SyncInt64 creates an instrument that does not record any metrics.
-func (noopMeter) SyncInt64() syncint64.InstrumentProvider {
-	return nonrecordingSyncInt64Instrument{}
-}
-
-// SyncFloat64 creates an instrument that does not record any metrics.
-func (noopMeter) SyncFloat64() syncfloat64.InstrumentProvider {
-	return nonrecordingSyncFloat64Instrument{}
-}
-
-// RegisterCallback creates a register callback that does not record any metrics.
-func (noopMeter) RegisterCallback([]instrument.Asynchronous, func(context.Context)) error {
-	return nil
-}
-
-type nonrecordingAsyncFloat64Instrument struct {
-	instrument.Asynchronous
-}
-
-var (
-	_ asyncfloat64.InstrumentProvider = nonrecordingAsyncFloat64Instrument{}
-	_ asyncfloat64.Counter            = nonrecordingAsyncFloat64Instrument{}
-	_ asyncfloat64.UpDownCounter      = nonrecordingAsyncFloat64Instrument{}
-	_ asyncfloat64.Gauge              = nonrecordingAsyncFloat64Instrument{}
-)
-
-func (n nonrecordingAsyncFloat64Instrument) Counter(string, ...instrument.Option) (asyncfloat64.Counter, error) {
-	return n, nil
-}
-
-func (n nonrecordingAsyncFloat64Instrument) UpDownCounter(string, ...instrument.Option) (asyncfloat64.UpDownCounter, error) {
-	return n, nil
-}
-
-func (n nonrecordingAsyncFloat64Instrument) Gauge(string, ...instrument.Option) (asyncfloat64.Gauge, error) {
-	return n, nil
-}
-
-func (nonrecordingAsyncFloat64Instrument) Observe(context.Context, float64, ...attribute.KeyValue) {
-
-}
-
-type nonrecordingAsyncInt64Instrument struct {
-	instrument.Asynchronous
-}
-
-var (
-	_ asyncint64.InstrumentProvider = nonrecordingAsyncInt64Instrument{}
-	_ asyncint64.Counter            = nonrecordingAsyncInt64Instrument{}
-	_ asyncint64.UpDownCounter      = nonrecordingAsyncInt64Instrument{}
-	_ asyncint64.Gauge              = nonrecordingAsyncInt64Instrument{}
-)
-
-func (n nonrecordingAsyncInt64Instrument) Counter(string, ...instrument.Option) (asyncint64.Counter, error) {
-	return n, nil
-}
-
-func (n nonrecordingAsyncInt64Instrument) UpDownCounter(string, ...instrument.Option) (asyncint64.UpDownCounter, error) {
-	return n, nil
-}
-
-func (n nonrecordingAsyncInt64Instrument) Gauge(string, ...instrument.Option) (asyncint64.Gauge, error) {
-	return n, nil
-}
-
-func (nonrecordingAsyncInt64Instrument) Observe(context.Context, int64, ...attribute.KeyValue) {
-}
-
-type nonrecordingSyncFloat64Instrument struct {
-	instrument.Synchronous
-}
-
-var (
-	_ syncfloat64.InstrumentProvider = nonrecordingSyncFloat64Instrument{}
-	_ syncfloat64.Counter            = nonrecordingSyncFloat64Instrument{}
-	_ syncfloat64.UpDownCounter      = nonrecordingSyncFloat64Instrument{}
-	_ syncfloat64.Histogram          = nonrecordingSyncFloat64Instrument{}
-)
-
-func (n nonrecordingSyncFloat64Instrument) Counter(string, ...instrument.Option) (syncfloat64.Counter, error) {
-	return n, nil
-}
-
-func (n nonrecordingSyncFloat64Instrument) UpDownCounter(string, ...instrument.Option) (syncfloat64.UpDownCounter, error) {
-	return n, nil
-}
-
-func (n nonrecordingSyncFloat64Instrument) Histogram(string, ...instrument.Option) (syncfloat64.Histogram, error) {
-	return n, nil
-}
-
-func (nonrecordingSyncFloat64Instrument) Add(context.Context, float64, ...attribute.KeyValue) {
-
-}
-
-func (nonrecordingSyncFloat64Instrument) Record(context.Context, float64, ...attribute.KeyValue) {
-
-}
-
-type nonrecordingSyncInt64Instrument struct {
-	instrument.Synchronous
-}
-
-var (
-	_ syncint64.InstrumentProvider = nonrecordingSyncInt64Instrument{}
-	_ syncint64.Counter            = nonrecordingSyncInt64Instrument{}
-	_ syncint64.UpDownCounter      = nonrecordingSyncInt64Instrument{}
-	_ syncint64.Histogram          = nonrecordingSyncInt64Instrument{}
-)
-
-func (n nonrecordingSyncInt64Instrument) Counter(string, ...instrument.Option) (syncint64.Counter, error) {
-	return n, nil
-}
-
-func (n nonrecordingSyncInt64Instrument) UpDownCounter(string, ...instrument.Option) (syncint64.UpDownCounter, error) {
-	return n, nil
-}
-
-func (n nonrecordingSyncInt64Instrument) Histogram(string, ...instrument.Option) (syncint64.Histogram, error) {
-	return n, nil
-}
-
-func (nonrecordingSyncInt64Instrument) Add(context.Context, int64, ...attribute.KeyValue) {
-}
-func (nonrecordingSyncInt64Instrument) Record(context.Context, int64, ...attribute.KeyValue) {
-}
diff --git a/apis/vendor/go.opentelemetry.io/otel/metric/syncfloat64.go b/apis/vendor/go.opentelemetry.io/otel/metric/syncfloat64.go
new file mode 100644
index 000000000..0a4825ae6
--- /dev/null
+++ b/apis/vendor/go.opentelemetry.io/otel/metric/syncfloat64.go
@@ -0,0 +1,185 @@
+// Copyright The OpenTelemetry Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package metric // import "go.opentelemetry.io/otel/metric"
+
+import (
+	"context"
+
+	"go.opentelemetry.io/otel/metric/embedded"
+)
+
+// Float64Counter is an instrument that records increasing float64 values.
+//
+// Warning: Methods may be added to this interface in minor releases. See
+// package documentation on API implementation for information on how to set
+// default behavior for unimplemented methods.
+type Float64Counter interface {
+	// Users of the interface can ignore this. This embedded type is only used
+	// by implementations of this interface. See the "API Implementations"
+	// section of the package documentation for more information.
+	embedded.Float64Counter
+
+	// Add records a change to the counter.
+	//
+	// Use the WithAttributeSet (or, if performance is not a concern,
+	// the WithAttributes) option to include measurement attributes.
+	Add(ctx context.Context, incr float64, options ...AddOption)
+}
+
+// Float64CounterConfig contains options for synchronous counter instruments that
+// record int64 values.
+type Float64CounterConfig struct {
+	description string
+	unit        string
+}
+
+// NewFloat64CounterConfig returns a new [Float64CounterConfig] with all opts
+// applied.
+func NewFloat64CounterConfig(opts ...Float64CounterOption) Float64CounterConfig {
+	var config Float64CounterConfig
+	for _, o := range opts {
+		config = o.applyFloat64Counter(config)
+	}
+	return config
+}
+
+// Description returns the configured description.
+func (c Float64CounterConfig) Description() string {
+	return c.description
+}
+
+// Unit returns the configured unit.
+func (c Float64CounterConfig) Unit() string {
+	return c.unit
+}
+
+// Float64CounterOption applies options to a [Float64CounterConfig]. See
+// [InstrumentOption] for other options that can be used as a
+// Float64CounterOption.
+type Float64CounterOption interface {
+	applyFloat64Counter(Float64CounterConfig) Float64CounterConfig
+}
+
+// Float64UpDownCounter is an instrument that records increasing or decreasing
+// float64 values.
+//
+// Warning: Methods may be added to this interface in minor releases. See
+// package documentation on API implementation for information on how to set
+// default behavior for unimplemented methods.
+type Float64UpDownCounter interface {
+	// Users of the interface can ignore this. This embedded type is only used
+	// by implementations of this interface. See the "API Implementations"
+	// section of the package documentation for more information.
+	embedded.Float64UpDownCounter
+
+	// Add records a change to the counter.
+	//
+	// Use the WithAttributeSet (or, if performance is not a concern,
+	// the WithAttributes) option to include measurement attributes.
+	Add(ctx context.Context, incr float64, options ...AddOption)
+}
+
+// Float64UpDownCounterConfig contains options for synchronous counter
+// instruments that record int64 values.
+type Float64UpDownCounterConfig struct {
+	description string
+	unit        string
+}
+
+// NewFloat64UpDownCounterConfig returns a new [Float64UpDownCounterConfig]
+// with all opts applied.
+func NewFloat64UpDownCounterConfig(opts ...Float64UpDownCounterOption) Float64UpDownCounterConfig {
+	var config Float64UpDownCounterConfig
+	for _, o := range opts {
+		config = o.applyFloat64UpDownCounter(config)
+	}
+	return config
+}
+
+// Description returns the configured description.
+func (c Float64UpDownCounterConfig) Description() string {
+	return c.description
+}
+
+// Unit returns the configured unit.
+func (c Float64UpDownCounterConfig) Unit() string {
+	return c.unit
+}
+
+// Float64UpDownCounterOption applies options to a
+// [Float64UpDownCounterConfig]. See [InstrumentOption] for other options that
+// can be used as a Float64UpDownCounterOption.
+type Float64UpDownCounterOption interface {
+	applyFloat64UpDownCounter(Float64UpDownCounterConfig) Float64UpDownCounterConfig
+}
+
+// Float64Histogram is an instrument that records a distribution of float64
+// values.
+//
+// Warning: Methods may be added to this interface in minor releases. See
+// package documentation on API implementation for information on how to set
+// default behavior for unimplemented methods.
+type Float64Histogram interface {
+	// Users of the interface can ignore this. This embedded type is only used
+	// by implementations of this interface. See the "API Implementations"
+	// section of the package documentation for more information.
+	embedded.Float64Histogram
+
+	// Record adds an additional value to the distribution.
+	//
+	// Use the WithAttributeSet (or, if performance is not a concern,
+	// the WithAttributes) option to include measurement attributes.
+	Record(ctx context.Context, incr float64, options ...RecordOption)
+}
+
+// Float64HistogramConfig contains options for synchronous counter instruments
+// that record int64 values.
+type Float64HistogramConfig struct {
+	description              string
+	unit                     string
+	explicitBucketBoundaries []float64
+}
+
+// NewFloat64HistogramConfig returns a new [Float64HistogramConfig] with all
+// opts applied.
+func NewFloat64HistogramConfig(opts ...Float64HistogramOption) Float64HistogramConfig {
+	var config Float64HistogramConfig
+	for _, o := range opts {
+		config = o.applyFloat64Histogram(config)
+	}
+	return config
+}
+
+// Description returns the configured description.
+func (c Float64HistogramConfig) Description() string {
+	return c.description
+}
+
+// Unit returns the configured unit.
+func (c Float64HistogramConfig) Unit() string {
+	return c.unit
+}
+
+// ExplicitBucketBoundaries returns the configured explicit bucket boundaries.
+func (c Float64HistogramConfig) ExplicitBucketBoundaries() []float64 {
+	return c.explicitBucketBoundaries
+}
+
+// Float64HistogramOption applies options to a [Float64HistogramConfig]. See
+// [InstrumentOption] for other options that can be used as a
+// Float64HistogramOption.
+type Float64HistogramOption interface {
+	applyFloat64Histogram(Float64HistogramConfig) Float64HistogramConfig
+}
diff --git a/apis/vendor/go.opentelemetry.io/otel/metric/syncint64.go b/apis/vendor/go.opentelemetry.io/otel/metric/syncint64.go
new file mode 100644
index 000000000..56667d32f
--- /dev/null
+++ b/apis/vendor/go.opentelemetry.io/otel/metric/syncint64.go
@@ -0,0 +1,185 @@
+// Copyright The OpenTelemetry Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package metric // import "go.opentelemetry.io/otel/metric"
+
+import (
+	"context"
+
+	"go.opentelemetry.io/otel/metric/embedded"
+)
+
+// Int64Counter is an instrument that records increasing int64 values.
+//
+// Warning: Methods may be added to this interface in minor releases. See
+// package documentation on API implementation for information on how to set
+// default behavior for unimplemented methods.
+type Int64Counter interface {
+	// Users of the interface can ignore this. This embedded type is only used
+	// by implementations of this interface. See the "API Implementations"
+	// section of the package documentation for more information.
+	embedded.Int64Counter
+
+	// Add records a change to the counter.
+	//
+	// Use the WithAttributeSet (or, if performance is not a concern,
+	// the WithAttributes) option to include measurement attributes.
+	Add(ctx context.Context, incr int64, options ...AddOption)
+}
+
+// Int64CounterConfig contains options for synchronous counter instruments that
+// record int64 values.
+type Int64CounterConfig struct {
+	description string
+	unit        string
+}
+
+// NewInt64CounterConfig returns a new [Int64CounterConfig] with all opts
+// applied.
+func NewInt64CounterConfig(opts ...Int64CounterOption) Int64CounterConfig {
+	var config Int64CounterConfig
+	for _, o := range opts {
+		config = o.applyInt64Counter(config)
+	}
+	return config
+}
+
+// Description returns the configured description.
+func (c Int64CounterConfig) Description() string {
+	return c.description
+}
+
+// Unit returns the configured unit.
+func (c Int64CounterConfig) Unit() string {
+	return c.unit
+}
+
+// Int64CounterOption applies options to a [Int64CounterConfig]. See
+// [InstrumentOption] for other options that can be used as an
+// Int64CounterOption.
+type Int64CounterOption interface {
+	applyInt64Counter(Int64CounterConfig) Int64CounterConfig
+}
+
+// Int64UpDownCounter is an instrument that records increasing or decreasing
+// int64 values.
+//
+// Warning: Methods may be added to this interface in minor releases. See
+// package documentation on API implementation for information on how to set
+// default behavior for unimplemented methods.
+type Int64UpDownCounter interface {
+	// Users of the interface can ignore this. This embedded type is only used
+	// by implementations of this interface. See the "API Implementations"
+	// section of the package documentation for more information.
+	embedded.Int64UpDownCounter
+
+	// Add records a change to the counter.
+	//
+	// Use the WithAttributeSet (or, if performance is not a concern,
+	// the WithAttributes) option to include measurement attributes.
+	Add(ctx context.Context, incr int64, options ...AddOption)
+}
+
+// Int64UpDownCounterConfig contains options for synchronous counter
+// instruments that record int64 values.
+type Int64UpDownCounterConfig struct {
+	description string
+	unit        string
+}
+
+// NewInt64UpDownCounterConfig returns a new [Int64UpDownCounterConfig] with
+// all opts applied.
+func NewInt64UpDownCounterConfig(opts ...Int64UpDownCounterOption) Int64UpDownCounterConfig {
+	var config Int64UpDownCounterConfig
+	for _, o := range opts {
+		config = o.applyInt64UpDownCounter(config)
+	}
+	return config
+}
+
+// Description returns the configured description.
+func (c Int64UpDownCounterConfig) Description() string {
+	return c.description
+}
+
+// Unit returns the configured unit.
+func (c Int64UpDownCounterConfig) Unit() string {
+	return c.unit
+}
+
+// Int64UpDownCounterOption applies options to a [Int64UpDownCounterConfig].
+// See [InstrumentOption] for other options that can be used as an
+// Int64UpDownCounterOption.
+type Int64UpDownCounterOption interface {
+	applyInt64UpDownCounter(Int64UpDownCounterConfig) Int64UpDownCounterConfig
+}
+
+// Int64Histogram is an instrument that records a distribution of int64
+// values.
+//
+// Warning: Methods may be added to this interface in minor releases. See
+// package documentation on API implementation for information on how to set
+// default behavior for unimplemented methods.
+type Int64Histogram interface {
+	// Users of the interface can ignore this. This embedded type is only used
+	// by implementations of this interface. See the "API Implementations"
+	// section of the package documentation for more information.
+	embedded.Int64Histogram
+
+	// Record adds an additional value to the distribution.
+	//
+	// Use the WithAttributeSet (or, if performance is not a concern,
+	// the WithAttributes) option to include measurement attributes.
+	Record(ctx context.Context, incr int64, options ...RecordOption)
+}
+
+// Int64HistogramConfig contains options for synchronous counter instruments
+// that record int64 values.
+type Int64HistogramConfig struct {
+	description              string
+	unit                     string
+	explicitBucketBoundaries []float64
+}
+
+// NewInt64HistogramConfig returns a new [Int64HistogramConfig] with all opts
+// applied.
+func NewInt64HistogramConfig(opts ...Int64HistogramOption) Int64HistogramConfig {
+	var config Int64HistogramConfig
+	for _, o := range opts {
+		config = o.applyInt64Histogram(config)
+	}
+	return config
+}
+
+// Description returns the configured description.
+func (c Int64HistogramConfig) Description() string {
+	return c.description
+}
+
+// Unit returns the configured unit.
+func (c Int64HistogramConfig) Unit() string {
+	return c.unit
+}
+
+// ExplicitBucketBoundaries returns the configured explicit bucket boundaries.
+func (c Int64HistogramConfig) ExplicitBucketBoundaries() []float64 {
+	return c.explicitBucketBoundaries
+}
+
+// Int64HistogramOption applies options to a [Int64HistogramConfig]. See
+// [InstrumentOption] for other options that can be used as an
+// Int64HistogramOption.
+type Int64HistogramOption interface {
+	applyInt64Histogram(Int64HistogramConfig) Int64HistogramConfig
+}
diff --git a/apis/vendor/go.opentelemetry.io/otel/propagation/trace_context.go b/apis/vendor/go.opentelemetry.io/otel/propagation/trace_context.go
index 902692da0..75a8f3435 100644
--- a/apis/vendor/go.opentelemetry.io/otel/propagation/trace_context.go
+++ b/apis/vendor/go.opentelemetry.io/otel/propagation/trace_context.go
@@ -40,8 +40,10 @@ const (
 // their proprietary information.
 type TraceContext struct{}
 
-var _ TextMapPropagator = TraceContext{}
-var traceCtxRegExp = regexp.MustCompile("^(?P<version>[0-9a-f]{2})-(?P<traceID>[a-f0-9]{32})-(?P<spanID>[a-f0-9]{16})-(?P<traceFlags>[a-f0-9]{2})(?:-.*)?$")
+var (
+	_              TextMapPropagator = TraceContext{}
+	traceCtxRegExp                   = regexp.MustCompile("^(?P<version>[0-9a-f]{2})-(?P<traceID>[a-f0-9]{32})-(?P<spanID>[a-f0-9]{16})-(?P<traceFlags>[a-f0-9]{2})(?:-.*)?$")
+)
 
 // Inject set tracecontext from the Context into the carrier.
 func (tc TraceContext) Inject(ctx context.Context, carrier TextMapCarrier) {
diff --git a/apis/vendor/go.opentelemetry.io/otel/requirements.txt b/apis/vendor/go.opentelemetry.io/otel/requirements.txt
new file mode 100644
index 000000000..e0a43e138
--- /dev/null
+++ b/apis/vendor/go.opentelemetry.io/otel/requirements.txt
@@ -0,0 +1 @@
+codespell==2.2.6
diff --git a/apis/vendor/go.opentelemetry.io/otel/sdk/internal/env/env.go b/apis/vendor/go.opentelemetry.io/otel/sdk/internal/env/env.go
index 5e94b8ae5..59dcfab25 100644
--- a/apis/vendor/go.opentelemetry.io/otel/sdk/internal/env/env.go
+++ b/apis/vendor/go.opentelemetry.io/otel/sdk/internal/env/env.go
@@ -70,8 +70,8 @@ const (
 // returned.
 func firstInt(defaultValue int, keys ...string) int {
 	for _, key := range keys {
-		value, ok := os.LookupEnv(key)
-		if !ok {
+		value := os.Getenv(key)
+		if value == "" {
 			continue
 		}
 
@@ -88,10 +88,10 @@ func firstInt(defaultValue int, keys ...string) int {
 }
 
 // IntEnvOr returns the int value of the environment variable with name key if
-// it exists and the value is an int. Otherwise, defaultValue is returned.
+// it exists, it is not empty, and the value is an int. Otherwise, defaultValue is returned.
 func IntEnvOr(key string, defaultValue int) int {
-	value, ok := os.LookupEnv(key)
-	if !ok {
+	value := os.Getenv(key)
+	if value == "" {
 		return defaultValue
 	}
 
diff --git a/apis/vendor/go.opentelemetry.io/otel/sdk/internal/gen.go b/apis/vendor/go.opentelemetry.io/otel/sdk/internal/gen.go
new file mode 100644
index 000000000..bd84f624b
--- /dev/null
+++ b/apis/vendor/go.opentelemetry.io/otel/sdk/internal/gen.go
@@ -0,0 +1,29 @@
+// Copyright The OpenTelemetry Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package internal // import "go.opentelemetry.io/otel/sdk/internal"
+
+//go:generate gotmpl --body=../../internal/shared/matchers/expectation.go.tmpl "--data={}" --out=matchers/expectation.go
+//go:generate gotmpl --body=../../internal/shared/matchers/expecter.go.tmpl "--data={}" --out=matchers/expecter.go
+//go:generate gotmpl --body=../../internal/shared/matchers/temporal_matcher.go.tmpl "--data={}" --out=matchers/temporal_matcher.go
+
+//go:generate gotmpl --body=../../internal/shared/internaltest/alignment.go.tmpl "--data={}" --out=internaltest/alignment.go
+//go:generate gotmpl --body=../../internal/shared/internaltest/env.go.tmpl "--data={}" --out=internaltest/env.go
+//go:generate gotmpl --body=../../internal/shared/internaltest/env_test.go.tmpl "--data={}" --out=internaltest/env_test.go
+//go:generate gotmpl --body=../../internal/shared/internaltest/errors.go.tmpl "--data={}" --out=internaltest/errors.go
+//go:generate gotmpl --body=../../internal/shared/internaltest/harness.go.tmpl "--data={\"matchersImportPath\": \"go.opentelemetry.io/otel/sdk/internal/matchers\"}" --out=internaltest/harness.go
+//go:generate gotmpl --body=../../internal/shared/internaltest/text_map_carrier.go.tmpl "--data={}" --out=internaltest/text_map_carrier.go
+//go:generate gotmpl --body=../../internal/shared/internaltest/text_map_carrier_test.go.tmpl "--data={}" --out=internaltest/text_map_carrier_test.go
+//go:generate gotmpl --body=../../internal/shared/internaltest/text_map_propagator.go.tmpl "--data={}" --out=internaltest/text_map_propagator.go
+//go:generate gotmpl --body=../../internal/shared/internaltest/text_map_propagator_test.go.tmpl "--data={}" --out=internaltest/text_map_propagator_test.go
diff --git a/apis/vendor/go.opentelemetry.io/otel/sdk/internal/internal.go b/apis/vendor/go.opentelemetry.io/otel/sdk/internal/internal.go
index 84a02306e..dfeaaa8ca 100644
--- a/apis/vendor/go.opentelemetry.io/otel/sdk/internal/internal.go
+++ b/apis/vendor/go.opentelemetry.io/otel/sdk/internal/internal.go
@@ -14,16 +14,7 @@
 
 package internal // import "go.opentelemetry.io/otel/sdk/internal"
 
-import (
-	"fmt"
-	"time"
-
-	"go.opentelemetry.io/otel"
-)
-
-// UserAgent is the user agent to be added to the outgoing
-// requests from the exporters.
-var UserAgent = fmt.Sprintf("opentelemetry-go/%s", otel.Version())
+import "time"
 
 // MonotonicEndTime returns the end time at present
 // but offset from start, monotonically.
diff --git a/apis/vendor/go.opentelemetry.io/otel/sdk/resource/auto.go b/apis/vendor/go.opentelemetry.io/otel/sdk/resource/auto.go
index c1d220408..4279013be 100644
--- a/apis/vendor/go.opentelemetry.io/otel/sdk/resource/auto.go
+++ b/apis/vendor/go.opentelemetry.io/otel/sdk/resource/auto.go
@@ -18,14 +18,13 @@ import (
 	"context"
 	"errors"
 	"fmt"
+	"strings"
 )
 
-var (
-	// ErrPartialResource is returned by a detector when complete source
-	// information for a Resource is unavailable or the source information
-	// contains invalid values that are omitted from the returned Resource.
-	ErrPartialResource = errors.New("partial resource")
-)
+// ErrPartialResource is returned by a detector when complete source
+// information for a Resource is unavailable or the source information
+// contains invalid values that are omitted from the returned Resource.
+var ErrPartialResource = errors.New("partial resource")
 
 // Detector detects OpenTelemetry resource information.
 type Detector interface {
@@ -45,28 +44,65 @@ type Detector interface {
 // Detect calls all input detectors sequentially and merges each result with the previous one.
 // It returns the merged error too.
 func Detect(ctx context.Context, detectors ...Detector) (*Resource, error) {
-	var autoDetectedRes *Resource
-	var errInfo []string
+	r := new(Resource)
+	return r, detect(ctx, r, detectors)
+}
+
+// detect runs all detectors using ctx and merges the result into res. This
+// assumes res is allocated and not nil, it will panic otherwise.
+func detect(ctx context.Context, res *Resource, detectors []Detector) error {
+	var (
+		r    *Resource
+		errs detectErrs
+		err  error
+	)
+
 	for _, detector := range detectors {
 		if detector == nil {
 			continue
 		}
-		res, err := detector.Detect(ctx)
+		r, err = detector.Detect(ctx)
 		if err != nil {
-			errInfo = append(errInfo, err.Error())
+			errs = append(errs, err)
 			if !errors.Is(err, ErrPartialResource) {
 				continue
 			}
 		}
-		autoDetectedRes, err = Merge(autoDetectedRes, res)
+		r, err = Merge(res, r)
 		if err != nil {
-			errInfo = append(errInfo, err.Error())
+			errs = append(errs, err)
 		}
+		*res = *r
+	}
+
+	if len(errs) == 0 {
+		return nil
+	}
+	return errs
+}
+
+type detectErrs []error
+
+func (e detectErrs) Error() string {
+	errStr := make([]string, len(e))
+	for i, err := range e {
+		errStr[i] = fmt.Sprintf("* %s", err)
 	}
 
-	var aggregatedError error
-	if len(errInfo) > 0 {
-		aggregatedError = fmt.Errorf("detecting resources: %s", errInfo)
+	format := "%d errors occurred detecting resource:\n\t%s"
+	return fmt.Sprintf(format, len(e), strings.Join(errStr, "\n\t"))
+}
+
+func (e detectErrs) Unwrap() error {
+	switch len(e) {
+	case 0:
+		return nil
+	case 1:
+		return e[0]
 	}
-	return autoDetectedRes, aggregatedError
+	return e[1:]
+}
+
+func (e detectErrs) Is(target error) bool {
+	return len(e) != 0 && errors.Is(e[0], target)
 }
diff --git a/apis/vendor/go.opentelemetry.io/otel/sdk/resource/builtin.go b/apis/vendor/go.opentelemetry.io/otel/sdk/resource/builtin.go
index 7af46c61a..c63a0dd1f 100644
--- a/apis/vendor/go.opentelemetry.io/otel/sdk/resource/builtin.go
+++ b/apis/vendor/go.opentelemetry.io/otel/sdk/resource/builtin.go
@@ -20,9 +20,9 @@ import (
 	"os"
 	"path/filepath"
 
-	"go.opentelemetry.io/otel"
 	"go.opentelemetry.io/otel/attribute"
-	semconv "go.opentelemetry.io/otel/semconv/v1.12.0"
+	"go.opentelemetry.io/otel/sdk"
+	semconv "go.opentelemetry.io/otel/semconv/v1.21.0"
 )
 
 type (
@@ -60,9 +60,9 @@ var (
 func (telemetrySDK) Detect(context.Context) (*Resource, error) {
 	return NewWithAttributes(
 		semconv.SchemaURL,
-		semconv.TelemetrySDKNameKey.String("opentelemetry"),
-		semconv.TelemetrySDKLanguageKey.String("go"),
-		semconv.TelemetrySDKVersionKey.String(otel.Version()),
+		semconv.TelemetrySDKName("opentelemetry"),
+		semconv.TelemetrySDKLanguageGo,
+		semconv.TelemetrySDKVersion(sdk.Version()),
 	), nil
 }
 
diff --git a/apis/vendor/go.opentelemetry.io/otel/sdk/resource/config.go b/apis/vendor/go.opentelemetry.io/otel/sdk/resource/config.go
index 8e212b121..f263919f6 100644
--- a/apis/vendor/go.opentelemetry.io/otel/sdk/resource/config.go
+++ b/apis/vendor/go.opentelemetry.io/otel/sdk/resource/config.go
@@ -71,6 +71,11 @@ func WithHost() Option {
 	return WithDetectors(host{})
 }
 
+// WithHostID adds host ID information to the configured resource.
+func WithHostID() Option {
+	return WithDetectors(hostIDDetector{})
+}
+
 // WithTelemetrySDK adds TelemetrySDK version info to the configured resource.
 func WithTelemetrySDK() Option {
 	return WithDetectors(telemetrySDK{})
@@ -194,6 +199,8 @@ func WithContainer() Option {
 }
 
 // WithContainerID adds an attribute with the id of the container to the configured Resource.
+// Note: WithContainerID will not extract the correct container ID in an ECS environment.
+// Please use the ECS resource detector instead (https://pkg.go.dev/go.opentelemetry.io/contrib/detectors/aws/ecs).
 func WithContainerID() Option {
 	return WithDetectors(cgroupContainerIDDetector{})
 }
diff --git a/apis/vendor/go.opentelemetry.io/otel/sdk/resource/container.go b/apis/vendor/go.opentelemetry.io/otel/sdk/resource/container.go
index 7a897e969..3d5362282 100644
--- a/apis/vendor/go.opentelemetry.io/otel/sdk/resource/container.go
+++ b/apis/vendor/go.opentelemetry.io/otel/sdk/resource/container.go
@@ -22,7 +22,7 @@ import (
 	"os"
 	"regexp"
 
-	semconv "go.opentelemetry.io/otel/semconv/v1.12.0"
+	semconv "go.opentelemetry.io/otel/semconv/v1.21.0"
 )
 
 type containerIDProvider func() (string, error)
@@ -47,7 +47,7 @@ func (cgroupContainerIDDetector) Detect(ctx context.Context) (*Resource, error)
 	if containerID == "" {
 		return Empty(), nil
 	}
-	return NewWithAttributes(semconv.SchemaURL, semconv.ContainerIDKey.String(containerID)), nil
+	return NewWithAttributes(semconv.SchemaURL, semconv.ContainerID(containerID)), nil
 }
 
 var (
diff --git a/apis/vendor/go.opentelemetry.io/otel/sdk/resource/doc.go b/apis/vendor/go.opentelemetry.io/otel/sdk/resource/doc.go
index 9aab3d839..d55a50b0d 100644
--- a/apis/vendor/go.opentelemetry.io/otel/sdk/resource/doc.go
+++ b/apis/vendor/go.opentelemetry.io/otel/sdk/resource/doc.go
@@ -25,4 +25,7 @@
 // OTEL_RESOURCE_ATTRIBUTES the FromEnv Detector can be used. It will interpret
 // the value as a list of comma delimited key/value pairs
 // (e.g. `<key1>=<value1>,<key2>=<value2>,...`).
+//
+// While this package provides a stable API,
+// the attributes added by resource detectors may change.
 package resource // import "go.opentelemetry.io/otel/sdk/resource"
diff --git a/apis/vendor/go.opentelemetry.io/otel/sdk/resource/env.go b/apis/vendor/go.opentelemetry.io/otel/sdk/resource/env.go
index eb22d0079..e29ae563a 100644
--- a/apis/vendor/go.opentelemetry.io/otel/sdk/resource/env.go
+++ b/apis/vendor/go.opentelemetry.io/otel/sdk/resource/env.go
@@ -17,25 +17,25 @@ package resource // import "go.opentelemetry.io/otel/sdk/resource"
 import (
 	"context"
 	"fmt"
+	"net/url"
 	"os"
 	"strings"
 
+	"go.opentelemetry.io/otel"
 	"go.opentelemetry.io/otel/attribute"
-	semconv "go.opentelemetry.io/otel/semconv/v1.12.0"
+	semconv "go.opentelemetry.io/otel/semconv/v1.21.0"
 )
 
 const (
 	// resourceAttrKey is the environment variable name OpenTelemetry Resource information will be read from.
-	resourceAttrKey = "OTEL_RESOURCE_ATTRIBUTES"
+	resourceAttrKey = "OTEL_RESOURCE_ATTRIBUTES" //nolint:gosec // False positive G101: Potential hardcoded credentials
 
 	// svcNameKey is the environment variable name that Service Name information will be read from.
 	svcNameKey = "OTEL_SERVICE_NAME"
 )
 
-var (
-	// errMissingValue is returned when a resource value is missing.
-	errMissingValue = fmt.Errorf("%w: missing value", ErrPartialResource)
-)
+// errMissingValue is returned when a resource value is missing.
+var errMissingValue = fmt.Errorf("%w: missing value", ErrPartialResource)
 
 // fromEnv is a Detector that implements the Detector and collects
 // resources from environment.  This Detector is included as a
@@ -57,7 +57,7 @@ func (fromEnv) Detect(context.Context) (*Resource, error) {
 	var res *Resource
 
 	if svcName != "" {
-		res = NewSchemaless(semconv.ServiceNameKey.String(svcName))
+		res = NewSchemaless(semconv.ServiceName(svcName))
 	}
 
 	r2, err := constructOTResources(attrs)
@@ -80,16 +80,23 @@ func constructOTResources(s string) (*Resource, error) {
 		return Empty(), nil
 	}
 	pairs := strings.Split(s, ",")
-	attrs := []attribute.KeyValue{}
+	var attrs []attribute.KeyValue
 	var invalid []string
 	for _, p := range pairs {
-		field := strings.SplitN(p, "=", 2)
-		if len(field) != 2 {
+		k, v, found := strings.Cut(p, "=")
+		if !found {
 			invalid = append(invalid, p)
 			continue
 		}
-		k, v := strings.TrimSpace(field[0]), strings.TrimSpace(field[1])
-		attrs = append(attrs, attribute.String(k, v))
+		key := strings.TrimSpace(k)
+		val, err := url.PathUnescape(strings.TrimSpace(v))
+		if err != nil {
+			// Retain original value if decoding fails, otherwise it will be
+			// an empty string.
+			val = v
+			otel.Handle(err)
+		}
+		attrs = append(attrs, attribute.String(key, val))
 	}
 	var err error
 	if len(invalid) > 0 {
diff --git a/apis/vendor/go.opentelemetry.io/otel/sdk/resource/host_id.go b/apis/vendor/go.opentelemetry.io/otel/sdk/resource/host_id.go
new file mode 100644
index 000000000..fb1ebf2ca
--- /dev/null
+++ b/apis/vendor/go.opentelemetry.io/otel/sdk/resource/host_id.go
@@ -0,0 +1,120 @@
+// Copyright The OpenTelemetry Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//	http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package resource // import "go.opentelemetry.io/otel/sdk/resource"
+
+import (
+	"context"
+	"errors"
+	"strings"
+
+	semconv "go.opentelemetry.io/otel/semconv/v1.21.0"
+)
+
+type hostIDProvider func() (string, error)
+
+var defaultHostIDProvider hostIDProvider = platformHostIDReader.read
+
+var hostID = defaultHostIDProvider
+
+type hostIDReader interface {
+	read() (string, error)
+}
+
+type fileReader func(string) (string, error)
+
+type commandExecutor func(string, ...string) (string, error)
+
+// hostIDReaderBSD implements hostIDReader.
+type hostIDReaderBSD struct {
+	execCommand commandExecutor
+	readFile    fileReader
+}
+
+// read attempts to read the machine-id from /etc/hostid. If not found it will
+// execute `kenv -q smbios.system.uuid`. If neither location yields an id an
+// error will be returned.
+func (r *hostIDReaderBSD) read() (string, error) {
+	if result, err := r.readFile("/etc/hostid"); err == nil {
+		return strings.TrimSpace(result), nil
+	}
+
+	if result, err := r.execCommand("kenv", "-q", "smbios.system.uuid"); err == nil {
+		return strings.TrimSpace(result), nil
+	}
+
+	return "", errors.New("host id not found in: /etc/hostid or kenv")
+}
+
+// hostIDReaderDarwin implements hostIDReader.
+type hostIDReaderDarwin struct {
+	execCommand commandExecutor
+}
+
+// read executes `ioreg -rd1 -c "IOPlatformExpertDevice"` and parses host id
+// from the IOPlatformUUID line. If the command fails or the uuid cannot be
+// parsed an error will be returned.
+func (r *hostIDReaderDarwin) read() (string, error) {
+	result, err := r.execCommand("ioreg", "-rd1", "-c", "IOPlatformExpertDevice")
+	if err != nil {
+		return "", err
+	}
+
+	lines := strings.Split(result, "\n")
+	for _, line := range lines {
+		if strings.Contains(line, "IOPlatformUUID") {
+			parts := strings.Split(line, " = ")
+			if len(parts) == 2 {
+				return strings.Trim(parts[1], "\""), nil
+			}
+			break
+		}
+	}
+
+	return "", errors.New("could not parse IOPlatformUUID")
+}
+
+type hostIDReaderLinux struct {
+	readFile fileReader
+}
+
+// read attempts to read the machine-id from /etc/machine-id followed by
+// /var/lib/dbus/machine-id. If neither location yields an ID an error will
+// be returned.
+func (r *hostIDReaderLinux) read() (string, error) {
+	if result, err := r.readFile("/etc/machine-id"); err == nil {
+		return strings.TrimSpace(result), nil
+	}
+
+	if result, err := r.readFile("/var/lib/dbus/machine-id"); err == nil {
+		return strings.TrimSpace(result), nil
+	}
+
+	return "", errors.New("host id not found in: /etc/machine-id or /var/lib/dbus/machine-id")
+}
+
+type hostIDDetector struct{}
+
+// Detect returns a *Resource containing the platform specific host id.
+func (hostIDDetector) Detect(ctx context.Context) (*Resource, error) {
+	hostID, err := hostID()
+	if err != nil {
+		return nil, err
+	}
+
+	return NewWithAttributes(
+		semconv.SchemaURL,
+		semconv.HostID(hostID),
+	), nil
+}
diff --git a/apis/vendor/go.opentelemetry.io/otel/sdk/resource/host_id_bsd.go b/apis/vendor/go.opentelemetry.io/otel/sdk/resource/host_id_bsd.go
new file mode 100644
index 000000000..1778bbacf
--- /dev/null
+++ b/apis/vendor/go.opentelemetry.io/otel/sdk/resource/host_id_bsd.go
@@ -0,0 +1,23 @@
+// Copyright The OpenTelemetry Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+//go:build dragonfly || freebsd || netbsd || openbsd || solaris
+// +build dragonfly freebsd netbsd openbsd solaris
+
+package resource // import "go.opentelemetry.io/otel/sdk/resource"
+
+var platformHostIDReader hostIDReader = &hostIDReaderBSD{
+	execCommand: execCommand,
+	readFile:    readFile,
+}
diff --git a/apis/vendor/go.opentelemetry.io/otel/sdk/resource/host_id_darwin.go b/apis/vendor/go.opentelemetry.io/otel/sdk/resource/host_id_darwin.go
new file mode 100644
index 000000000..ba41409b2
--- /dev/null
+++ b/apis/vendor/go.opentelemetry.io/otel/sdk/resource/host_id_darwin.go
@@ -0,0 +1,19 @@
+// Copyright The OpenTelemetry Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package resource // import "go.opentelemetry.io/otel/sdk/resource"
+
+var platformHostIDReader hostIDReader = &hostIDReaderDarwin{
+	execCommand: execCommand,
+}
diff --git a/apis/vendor/go.opentelemetry.io/otel/sdk/resource/host_id_exec.go b/apis/vendor/go.opentelemetry.io/otel/sdk/resource/host_id_exec.go
new file mode 100644
index 000000000..207acb0ed
--- /dev/null
+++ b/apis/vendor/go.opentelemetry.io/otel/sdk/resource/host_id_exec.go
@@ -0,0 +1,29 @@
+// Copyright The OpenTelemetry Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+//go:build darwin || dragonfly || freebsd || netbsd || openbsd || solaris
+
+package resource // import "go.opentelemetry.io/otel/sdk/resource"
+
+import "os/exec"
+
+func execCommand(name string, arg ...string) (string, error) {
+	cmd := exec.Command(name, arg...)
+	b, err := cmd.Output()
+	if err != nil {
+		return "", err
+	}
+
+	return string(b), nil
+}
diff --git a/apis/vendor/go.opentelemetry.io/otel/sdk/resource/host_id_linux.go b/apis/vendor/go.opentelemetry.io/otel/sdk/resource/host_id_linux.go
new file mode 100644
index 000000000..410579b8f
--- /dev/null
+++ b/apis/vendor/go.opentelemetry.io/otel/sdk/resource/host_id_linux.go
@@ -0,0 +1,22 @@
+// Copyright The OpenTelemetry Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+//go:build linux
+// +build linux
+
+package resource // import "go.opentelemetry.io/otel/sdk/resource"
+
+var platformHostIDReader hostIDReader = &hostIDReaderLinux{
+	readFile: readFile,
+}
diff --git a/apis/vendor/go.opentelemetry.io/otel/sdk/resource/host_id_readfile.go b/apis/vendor/go.opentelemetry.io/otel/sdk/resource/host_id_readfile.go
new file mode 100644
index 000000000..721e3ca6e
--- /dev/null
+++ b/apis/vendor/go.opentelemetry.io/otel/sdk/resource/host_id_readfile.go
@@ -0,0 +1,28 @@
+// Copyright The OpenTelemetry Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+//go:build linux || dragonfly || freebsd || netbsd || openbsd || solaris
+
+package resource // import "go.opentelemetry.io/otel/sdk/resource"
+
+import "os"
+
+func readFile(filename string) (string, error) {
+	b, err := os.ReadFile(filename)
+	if err != nil {
+		return "", err
+	}
+
+	return string(b), nil
+}
diff --git a/apis/vendor/go.opentelemetry.io/otel/sdk/resource/host_id_unsupported.go b/apis/vendor/go.opentelemetry.io/otel/sdk/resource/host_id_unsupported.go
new file mode 100644
index 000000000..89df9d688
--- /dev/null
+++ b/apis/vendor/go.opentelemetry.io/otel/sdk/resource/host_id_unsupported.go
@@ -0,0 +1,36 @@
+// Copyright The OpenTelemetry Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// +build !darwin
+// +build !dragonfly
+// +build !freebsd
+// +build !linux
+// +build !netbsd
+// +build !openbsd
+// +build !solaris
+// +build !windows
+
+package resource // import "go.opentelemetry.io/otel/sdk/resource"
+
+// hostIDReaderUnsupported is a placeholder implementation for operating systems
+// for which this project currently doesn't support host.id
+// attribute detection. See build tags declaration early on this file
+// for a list of unsupported OSes.
+type hostIDReaderUnsupported struct{}
+
+func (*hostIDReaderUnsupported) read() (string, error) {
+	return "<unknown>", nil
+}
+
+var platformHostIDReader hostIDReader = &hostIDReaderUnsupported{}
diff --git a/apis/vendor/go.opentelemetry.io/otel/sdk/resource/host_id_windows.go b/apis/vendor/go.opentelemetry.io/otel/sdk/resource/host_id_windows.go
new file mode 100644
index 000000000..5b431c6ee
--- /dev/null
+++ b/apis/vendor/go.opentelemetry.io/otel/sdk/resource/host_id_windows.go
@@ -0,0 +1,48 @@
+// Copyright The OpenTelemetry Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+//go:build windows
+// +build windows
+
+package resource // import "go.opentelemetry.io/otel/sdk/resource"
+
+import (
+	"golang.org/x/sys/windows/registry"
+)
+
+// implements hostIDReader
+type hostIDReaderWindows struct{}
+
+// read reads MachineGuid from the windows registry key:
+// SOFTWARE\Microsoft\Cryptography
+func (*hostIDReaderWindows) read() (string, error) {
+	k, err := registry.OpenKey(
+		registry.LOCAL_MACHINE, `SOFTWARE\Microsoft\Cryptography`,
+		registry.QUERY_VALUE|registry.WOW64_64KEY,
+	)
+
+	if err != nil {
+		return "", err
+	}
+	defer k.Close()
+
+	guid, _, err := k.GetStringValue("MachineGuid")
+	if err != nil {
+		return "", err
+	}
+
+	return guid, nil
+}
+
+var platformHostIDReader hostIDReader = &hostIDReaderWindows{}
diff --git a/apis/vendor/go.opentelemetry.io/otel/sdk/resource/os.go b/apis/vendor/go.opentelemetry.io/otel/sdk/resource/os.go
index 3b4d0c14d..0cbd55973 100644
--- a/apis/vendor/go.opentelemetry.io/otel/sdk/resource/os.go
+++ b/apis/vendor/go.opentelemetry.io/otel/sdk/resource/os.go
@@ -19,7 +19,7 @@ import (
 	"strings"
 
 	"go.opentelemetry.io/otel/attribute"
-	semconv "go.opentelemetry.io/otel/semconv/v1.12.0"
+	semconv "go.opentelemetry.io/otel/semconv/v1.21.0"
 )
 
 type osDescriptionProvider func() (string, error)
@@ -36,8 +36,10 @@ func setOSDescriptionProvider(osDescriptionProvider osDescriptionProvider) {
 	osDescription = osDescriptionProvider
 }
 
-type osTypeDetector struct{}
-type osDescriptionDetector struct{}
+type (
+	osTypeDetector        struct{}
+	osDescriptionDetector struct{}
+)
 
 // Detect returns a *Resource that describes the operating system type the
 // service is running on.
@@ -56,14 +58,13 @@ func (osTypeDetector) Detect(ctx context.Context) (*Resource, error) {
 // service is running on.
 func (osDescriptionDetector) Detect(ctx context.Context) (*Resource, error) {
 	description, err := osDescription()
-
 	if err != nil {
 		return nil, err
 	}
 
 	return NewWithAttributes(
 		semconv.SchemaURL,
-		semconv.OSDescriptionKey.String(description),
+		semconv.OSDescription(description),
 	), nil
 }
 
@@ -75,6 +76,7 @@ func mapRuntimeOSToSemconvOSType(osType string) attribute.KeyValue {
 	// the elements in this map are the intersection between
 	// available GOOS values and defined semconv OS types
 	osTypeAttributeMap := map[string]attribute.KeyValue{
+		"aix":       semconv.OSTypeAIX,
 		"darwin":    semconv.OSTypeDarwin,
 		"dragonfly": semconv.OSTypeDragonflyBSD,
 		"freebsd":   semconv.OSTypeFreeBSD,
@@ -83,6 +85,7 @@ func mapRuntimeOSToSemconvOSType(osType string) attribute.KeyValue {
 		"openbsd":   semconv.OSTypeOpenBSD,
 		"solaris":   semconv.OSTypeSolaris,
 		"windows":   semconv.OSTypeWindows,
+		"zos":       semconv.OSTypeZOS,
 	}
 
 	var osTypeAttribute attribute.KeyValue
diff --git a/apis/vendor/go.opentelemetry.io/otel/sdk/resource/os_release_unix.go b/apis/vendor/go.opentelemetry.io/otel/sdk/resource/os_release_unix.go
index fba6790e4..c771942de 100644
--- a/apis/vendor/go.opentelemetry.io/otel/sdk/resource/os_release_unix.go
+++ b/apis/vendor/go.opentelemetry.io/otel/sdk/resource/os_release_unix.go
@@ -85,14 +85,14 @@ func skip(line string) bool {
 // parse attempts to split the provided line on the first '=' character, and then
 // sanitize each side of the split before returning them as a key-value pair.
 func parse(line string) (string, string, bool) {
-	parts := strings.SplitN(line, "=", 2)
+	k, v, found := strings.Cut(line, "=")
 
-	if len(parts) != 2 || len(parts[0]) == 0 {
+	if !found || len(k) == 0 {
 		return "", "", false
 	}
 
-	key := strings.TrimSpace(parts[0])
-	value := unescape(unquote(strings.TrimSpace(parts[1])))
+	key := strings.TrimSpace(k)
+	value := unescape(unquote(strings.TrimSpace(v)))
 
 	return key, value, true
 }
diff --git a/apis/vendor/go.opentelemetry.io/otel/sdk/resource/process.go b/apis/vendor/go.opentelemetry.io/otel/sdk/resource/process.go
index 9a169f663..ecdd11dd7 100644
--- a/apis/vendor/go.opentelemetry.io/otel/sdk/resource/process.go
+++ b/apis/vendor/go.opentelemetry.io/otel/sdk/resource/process.go
@@ -22,17 +22,19 @@ import (
 	"path/filepath"
 	"runtime"
 
-	semconv "go.opentelemetry.io/otel/semconv/v1.12.0"
+	semconv "go.opentelemetry.io/otel/semconv/v1.21.0"
 )
 
-type pidProvider func() int
-type executablePathProvider func() (string, error)
-type commandArgsProvider func() []string
-type ownerProvider func() (*user.User, error)
-type runtimeNameProvider func() string
-type runtimeVersionProvider func() string
-type runtimeOSProvider func() string
-type runtimeArchProvider func() string
+type (
+	pidProvider            func() int
+	executablePathProvider func() (string, error)
+	commandArgsProvider    func() []string
+	ownerProvider          func() (*user.User, error)
+	runtimeNameProvider    func() string
+	runtimeVersionProvider func() string
+	runtimeOSProvider      func() string
+	runtimeArchProvider    func() string
+)
 
 var (
 	defaultPidProvider            pidProvider            = os.Getpid
@@ -108,26 +110,28 @@ func setUserProviders(ownerProvider ownerProvider) {
 	owner = ownerProvider
 }
 
-type processPIDDetector struct{}
-type processExecutableNameDetector struct{}
-type processExecutablePathDetector struct{}
-type processCommandArgsDetector struct{}
-type processOwnerDetector struct{}
-type processRuntimeNameDetector struct{}
-type processRuntimeVersionDetector struct{}
-type processRuntimeDescriptionDetector struct{}
+type (
+	processPIDDetector                struct{}
+	processExecutableNameDetector     struct{}
+	processExecutablePathDetector     struct{}
+	processCommandArgsDetector        struct{}
+	processOwnerDetector              struct{}
+	processRuntimeNameDetector        struct{}
+	processRuntimeVersionDetector     struct{}
+	processRuntimeDescriptionDetector struct{}
+)
 
 // Detect returns a *Resource that describes the process identifier (PID) of the
 // executing process.
 func (processPIDDetector) Detect(ctx context.Context) (*Resource, error) {
-	return NewWithAttributes(semconv.SchemaURL, semconv.ProcessPIDKey.Int(pid())), nil
+	return NewWithAttributes(semconv.SchemaURL, semconv.ProcessPID(pid())), nil
 }
 
 // Detect returns a *Resource that describes the name of the process executable.
 func (processExecutableNameDetector) Detect(ctx context.Context) (*Resource, error) {
 	executableName := filepath.Base(commandArgs()[0])
 
-	return NewWithAttributes(semconv.SchemaURL, semconv.ProcessExecutableNameKey.String(executableName)), nil
+	return NewWithAttributes(semconv.SchemaURL, semconv.ProcessExecutableName(executableName)), nil
 }
 
 // Detect returns a *Resource that describes the full path of the process executable.
@@ -137,13 +141,13 @@ func (processExecutablePathDetector) Detect(ctx context.Context) (*Resource, err
 		return nil, err
 	}
 
-	return NewWithAttributes(semconv.SchemaURL, semconv.ProcessExecutablePathKey.String(executablePath)), nil
+	return NewWithAttributes(semconv.SchemaURL, semconv.ProcessExecutablePath(executablePath)), nil
 }
 
 // Detect returns a *Resource that describes all the command arguments as received
 // by the process.
 func (processCommandArgsDetector) Detect(ctx context.Context) (*Resource, error) {
-	return NewWithAttributes(semconv.SchemaURL, semconv.ProcessCommandArgsKey.StringSlice(commandArgs())), nil
+	return NewWithAttributes(semconv.SchemaURL, semconv.ProcessCommandArgs(commandArgs()...)), nil
 }
 
 // Detect returns a *Resource that describes the username of the user that owns the
@@ -154,18 +158,18 @@ func (processOwnerDetector) Detect(ctx context.Context) (*Resource, error) {
 		return nil, err
 	}
 
-	return NewWithAttributes(semconv.SchemaURL, semconv.ProcessOwnerKey.String(owner.Username)), nil
+	return NewWithAttributes(semconv.SchemaURL, semconv.ProcessOwner(owner.Username)), nil
 }
 
 // Detect returns a *Resource that describes the name of the compiler used to compile
 // this process image.
 func (processRuntimeNameDetector) Detect(ctx context.Context) (*Resource, error) {
-	return NewWithAttributes(semconv.SchemaURL, semconv.ProcessRuntimeNameKey.String(runtimeName())), nil
+	return NewWithAttributes(semconv.SchemaURL, semconv.ProcessRuntimeName(runtimeName())), nil
 }
 
 // Detect returns a *Resource that describes the version of the runtime of this process.
 func (processRuntimeVersionDetector) Detect(ctx context.Context) (*Resource, error) {
-	return NewWithAttributes(semconv.SchemaURL, semconv.ProcessRuntimeVersionKey.String(runtimeVersion())), nil
+	return NewWithAttributes(semconv.SchemaURL, semconv.ProcessRuntimeVersion(runtimeVersion())), nil
 }
 
 // Detect returns a *Resource that describes the runtime of this process.
@@ -175,6 +179,6 @@ func (processRuntimeDescriptionDetector) Detect(ctx context.Context) (*Resource,
 
 	return NewWithAttributes(
 		semconv.SchemaURL,
-		semconv.ProcessRuntimeDescriptionKey.String(runtimeDescription),
+		semconv.ProcessRuntimeDescription(runtimeDescription),
 	), nil
 }
diff --git a/apis/vendor/go.opentelemetry.io/otel/sdk/resource/resource.go b/apis/vendor/go.opentelemetry.io/otel/sdk/resource/resource.go
index c425ff05d..176ff1066 100644
--- a/apis/vendor/go.opentelemetry.io/otel/sdk/resource/resource.go
+++ b/apis/vendor/go.opentelemetry.io/otel/sdk/resource/resource.go
@@ -17,7 +17,6 @@ package resource // import "go.opentelemetry.io/otel/sdk/resource"
 import (
 	"context"
 	"errors"
-	"fmt"
 	"sync"
 
 	"go.opentelemetry.io/otel"
@@ -37,7 +36,6 @@ type Resource struct {
 }
 
 var (
-	emptyResource       Resource
 	defaultResource     *Resource
 	defaultResourceOnce sync.Once
 )
@@ -51,17 +49,8 @@ func New(ctx context.Context, opts ...Option) (*Resource, error) {
 		cfg = opt.apply(cfg)
 	}
 
-	resource, err := Detect(ctx, cfg.detectors...)
-
-	var err2 error
-	resource, err2 = Merge(resource, &Resource{schemaURL: cfg.schemaURL})
-	if err == nil {
-		err = err2
-	} else if err2 != nil {
-		err = fmt.Errorf("detecting resources: %s", []string{err.Error(), err2.Error()})
-	}
-
-	return resource, err
+	r := &Resource{schemaURL: cfg.schemaURL}
+	return r, detect(ctx, r, cfg.detectors)
 }
 
 // NewWithAttributes creates a resource from attrs and associates the resource with a
@@ -80,18 +69,18 @@ func NewWithAttributes(schemaURL string, attrs ...attribute.KeyValue) *Resource
 // of the attrs is known use NewWithAttributes instead.
 func NewSchemaless(attrs ...attribute.KeyValue) *Resource {
 	if len(attrs) == 0 {
-		return &emptyResource
+		return &Resource{}
 	}
 
 	// Ensure attributes comply with the specification:
-	// https://github.com/open-telemetry/opentelemetry-specification/blob/v1.0.1/specification/common/common.md#attributes
+	// https://github.com/open-telemetry/opentelemetry-specification/blob/v1.20.0/specification/common/README.md#attribute
 	s, _ := attribute.NewSetWithFiltered(attrs, func(kv attribute.KeyValue) bool {
 		return kv.Valid()
 	})
 
 	// If attrs only contains invalid entries do not allocate a new resource.
 	if s.Len() == 0 {
-		return &emptyResource
+		return &Resource{}
 	}
 
 	return &Resource{attrs: s} //nolint
@@ -164,7 +153,7 @@ func (r *Resource) Equal(eq *Resource) bool {
 // if resource b's value is empty.
 //
 // The SchemaURL of the resources will be merged according to the spec rules:
-// https://github.com/open-telemetry/opentelemetry-specification/blob/bad49c714a62da5493f2d1d9bafd7ebe8c8ce7eb/specification/resource/sdk.md#merge
+// https://github.com/open-telemetry/opentelemetry-specification/blob/v1.20.0/specification/resource/sdk.md#merge
 // If the resources have different non-empty schemaURL an empty resource and an error
 // will be returned.
 func Merge(a, b *Resource) (*Resource, error) {
@@ -205,7 +194,7 @@ func Merge(a, b *Resource) (*Resource, error) {
 // Empty returns an instance of Resource with no attributes. It is
 // equivalent to a `nil` Resource.
 func Empty() *Resource {
-	return &emptyResource
+	return &Resource{}
 }
 
 // Default returns an instance of Resource with a default
@@ -224,7 +213,7 @@ func Default() *Resource {
 		}
 		// If Detect did not return a valid resource, fall back to emptyResource.
 		if defaultResource == nil {
-			defaultResource = &emptyResource
+			defaultResource = &Resource{}
 		}
 	})
 	return defaultResource
diff --git a/apis/vendor/go.opentelemetry.io/otel/sdk/trace/batch_span_processor.go b/apis/vendor/go.opentelemetry.io/otel/sdk/trace/batch_span_processor.go
index a2d7db490..c9c7effbf 100644
--- a/apis/vendor/go.opentelemetry.io/otel/sdk/trace/batch_span_processor.go
+++ b/apis/vendor/go.opentelemetry.io/otel/sdk/trace/batch_span_processor.go
@@ -16,7 +16,6 @@ package trace // import "go.opentelemetry.io/otel/sdk/trace"
 
 import (
 	"context"
-	"runtime"
 	"sync"
 	"sync/atomic"
 	"time"
@@ -84,6 +83,7 @@ type batchSpanProcessor struct {
 	stopWait   sync.WaitGroup
 	stopOnce   sync.Once
 	stopCh     chan struct{}
+	stopped    atomic.Bool
 }
 
 var _ SpanProcessor = (*batchSpanProcessor)(nil)
@@ -91,7 +91,7 @@ var _ SpanProcessor = (*batchSpanProcessor)(nil)
 // NewBatchSpanProcessor creates a new SpanProcessor that will send completed
 // span batches to the exporter with the supplied options.
 //
-// If the exporter is nil, the span processor will preform no action.
+// If the exporter is nil, the span processor will perform no action.
 func NewBatchSpanProcessor(exporter SpanExporter, options ...BatchSpanProcessorOption) SpanProcessor {
 	maxQueueSize := env.BatchSpanProcessorMaxQueueSize(DefaultMaxQueueSize)
 	maxExportBatchSize := env.BatchSpanProcessorMaxExportBatchSize(DefaultMaxExportBatchSize)
@@ -137,6 +137,11 @@ func (bsp *batchSpanProcessor) OnStart(parent context.Context, s ReadWriteSpan)
 
 // OnEnd method enqueues a ReadOnlySpan for later processing.
 func (bsp *batchSpanProcessor) OnEnd(s ReadOnlySpan) {
+	// Do not enqueue spans after Shutdown.
+	if bsp.stopped.Load() {
+		return
+	}
+
 	// Do not enqueue spans if we are just going to drop them.
 	if bsp.e == nil {
 		return
@@ -149,6 +154,7 @@ func (bsp *batchSpanProcessor) OnEnd(s ReadOnlySpan) {
 func (bsp *batchSpanProcessor) Shutdown(ctx context.Context) error {
 	var err error
 	bsp.stopOnce.Do(func() {
+		bsp.stopped.Store(true)
 		wait := make(chan struct{})
 		go func() {
 			close(bsp.stopCh)
@@ -181,11 +187,24 @@ func (f forceFlushSpan) SpanContext() trace.SpanContext {
 
 // ForceFlush exports all ended spans that have not yet been exported.
 func (bsp *batchSpanProcessor) ForceFlush(ctx context.Context) error {
+	// Interrupt if context is already canceled.
+	if err := ctx.Err(); err != nil {
+		return err
+	}
+
+	// Do nothing after Shutdown.
+	if bsp.stopped.Load() {
+		return nil
+	}
+
 	var err error
 	if bsp.e != nil {
 		flushCh := make(chan struct{})
 		if bsp.enqueueBlockOnQueueFull(ctx, forceFlushSpan{flushed: flushCh}) {
 			select {
+			case <-bsp.stopCh:
+				// The batchSpanProcessor is Shutdown.
+				return nil
 			case <-flushCh:
 				// Processed any items in queue prior to ForceFlush being called
 			case <-ctx.Done():
@@ -326,11 +345,9 @@ func (bsp *batchSpanProcessor) drainQueue() {
 	for {
 		select {
 		case sd := <-bsp.queue:
-			if sd == nil {
-				if err := bsp.exportSpans(ctx); err != nil {
-					otel.Handle(err)
-				}
-				return
+			if _, ok := sd.(forceFlushSpan); ok {
+				// Ignore flush requests as they are not valid spans.
+				continue
 			}
 
 			bsp.batchMutex.Lock()
@@ -344,7 +361,11 @@ func (bsp *batchSpanProcessor) drainQueue() {
 				}
 			}
 		default:
-			close(bsp.queue)
+			// There are no more enqueued spans. Make final export.
+			if err := bsp.exportSpans(ctx); err != nil {
+				otel.Handle(err)
+			}
+			return
 		}
 	}
 }
@@ -358,34 +379,11 @@ func (bsp *batchSpanProcessor) enqueue(sd ReadOnlySpan) {
 	}
 }
 
-func recoverSendOnClosedChan() {
-	x := recover()
-	switch err := x.(type) {
-	case nil:
-		return
-	case runtime.Error:
-		if err.Error() == "send on closed channel" {
-			return
-		}
-	}
-	panic(x)
-}
-
 func (bsp *batchSpanProcessor) enqueueBlockOnQueueFull(ctx context.Context, sd ReadOnlySpan) bool {
 	if !sd.SpanContext().IsSampled() {
 		return false
 	}
 
-	// This ensures the bsp.queue<- below does not panic as the
-	// processor shuts down.
-	defer recoverSendOnClosedChan()
-
-	select {
-	case <-bsp.stopCh:
-		return false
-	default:
-	}
-
 	select {
 	case bsp.queue <- sd:
 		return true
@@ -399,16 +397,6 @@ func (bsp *batchSpanProcessor) enqueueDrop(ctx context.Context, sd ReadOnlySpan)
 		return false
 	}
 
-	// This ensures the bsp.queue<- below does not panic as the
-	// processor shuts down.
-	defer recoverSendOnClosedChan()
-
-	select {
-	case <-bsp.stopCh:
-		return false
-	default:
-	}
-
 	select {
 	case bsp.queue <- sd:
 		return true
diff --git a/apis/vendor/go.opentelemetry.io/otel/sdk/trace/provider.go b/apis/vendor/go.opentelemetry.io/otel/sdk/trace/provider.go
index 292ea5481..7d46c4b48 100644
--- a/apis/vendor/go.opentelemetry.io/otel/sdk/trace/provider.go
+++ b/apis/vendor/go.opentelemetry.io/otel/sdk/trace/provider.go
@@ -25,6 +25,8 @@ import (
 	"go.opentelemetry.io/otel/sdk/instrumentation"
 	"go.opentelemetry.io/otel/sdk/resource"
 	"go.opentelemetry.io/otel/trace"
+	"go.opentelemetry.io/otel/trace/embedded"
+	"go.opentelemetry.io/otel/trace/noop"
 )
 
 const (
@@ -73,9 +75,13 @@ func (cfg tracerProviderConfig) MarshalLog() interface{} {
 // TracerProvider is an OpenTelemetry TracerProvider. It provides Tracers to
 // instrumentation so it can trace operational flow through a system.
 type TracerProvider struct {
+	embedded.TracerProvider
+
 	mu             sync.Mutex
 	namedTracer    map[instrumentation.Scope]*tracer
-	spanProcessors atomic.Value
+	spanProcessors atomic.Pointer[spanProcessorStates]
+
+	isShutdown atomic.Bool
 
 	// These fields are not protected by the lock mu. They are assumed to be
 	// immutable after creation of the TracerProvider.
@@ -116,12 +122,13 @@ func NewTracerProvider(opts ...TracerProviderOption) *TracerProvider {
 		spanLimits:  o.spanLimits,
 		resource:    o.resource,
 	}
-
 	global.Info("TracerProvider created", "config", o)
 
+	spss := make(spanProcessorStates, 0, len(o.processors))
 	for _, sp := range o.processors {
-		tp.RegisterSpanProcessor(sp)
+		spss = append(spss, newSpanProcessorState(sp))
 	}
+	tp.spanProcessors.Store(&spss)
 
 	return tp
 }
@@ -134,10 +141,11 @@ func NewTracerProvider(opts ...TracerProviderOption) *TracerProvider {
 //
 // This method is safe to be called concurrently.
 func (p *TracerProvider) Tracer(name string, opts ...trace.TracerOption) trace.Tracer {
+	// This check happens before the mutex is acquired to avoid deadlocking if Tracer() is called from within Shutdown().
+	if p.isShutdown.Load() {
+		return noop.NewTracerProvider().Tracer(name, opts...)
+	}
 	c := trace.NewTracerConfig(opts...)
-
-	p.mu.Lock()
-	defer p.mu.Unlock()
 	if name == "" {
 		name = defaultTracerName
 	}
@@ -146,57 +154,87 @@ func (p *TracerProvider) Tracer(name string, opts ...trace.TracerOption) trace.T
 		Version:   c.InstrumentationVersion(),
 		SchemaURL: c.SchemaURL(),
 	}
-	t, ok := p.namedTracer[is]
-	if !ok {
-		t = &tracer{
-			provider:             p,
-			instrumentationScope: is,
+
+	t, ok := func() (trace.Tracer, bool) {
+		p.mu.Lock()
+		defer p.mu.Unlock()
+		// Must check the flag after acquiring the mutex to avoid returning a valid tracer if Shutdown() ran
+		// after the first check above but before we acquired the mutex.
+		if p.isShutdown.Load() {
+			return noop.NewTracerProvider().Tracer(name, opts...), true
 		}
-		p.namedTracer[is] = t
-		global.Info("Tracer created", "name", name, "version", c.InstrumentationVersion(), "schemaURL", c.SchemaURL())
+		t, ok := p.namedTracer[is]
+		if !ok {
+			t = &tracer{
+				provider:             p,
+				instrumentationScope: is,
+			}
+			p.namedTracer[is] = t
+		}
+		return t, ok
+	}()
+	if !ok {
+		// This code is outside the mutex to not hold the lock while calling third party logging code:
+		// - That code may do slow things like I/O, which would prolong the duration the lock is held,
+		//   slowing down all tracing consumers.
+		// - Logging code may be instrumented with tracing and deadlock because it could try
+		//   acquiring the same non-reentrant mutex.
+		global.Info("Tracer created", "name", name, "version", is.Version, "schemaURL", is.SchemaURL)
 	}
 	return t
 }
 
 // RegisterSpanProcessor adds the given SpanProcessor to the list of SpanProcessors.
-func (p *TracerProvider) RegisterSpanProcessor(s SpanProcessor) {
+func (p *TracerProvider) RegisterSpanProcessor(sp SpanProcessor) {
+	// This check prevents calls during a shutdown.
+	if p.isShutdown.Load() {
+		return
+	}
 	p.mu.Lock()
 	defer p.mu.Unlock()
-	newSPS := spanProcessorStates{}
-	if old, ok := p.spanProcessors.Load().(spanProcessorStates); ok {
-		newSPS = append(newSPS, old...)
-	}
-	newSpanSync := &spanProcessorState{
-		sp:    s,
-		state: &sync.Once{},
+	// This check prevents calls after a shutdown.
+	if p.isShutdown.Load() {
+		return
 	}
-	newSPS = append(newSPS, newSpanSync)
-	p.spanProcessors.Store(newSPS)
+
+	current := p.getSpanProcessors()
+	newSPS := make(spanProcessorStates, 0, len(current)+1)
+	newSPS = append(newSPS, current...)
+	newSPS = append(newSPS, newSpanProcessorState(sp))
+	p.spanProcessors.Store(&newSPS)
 }
 
 // UnregisterSpanProcessor removes the given SpanProcessor from the list of SpanProcessors.
-func (p *TracerProvider) UnregisterSpanProcessor(s SpanProcessor) {
+func (p *TracerProvider) UnregisterSpanProcessor(sp SpanProcessor) {
+	// This check prevents calls during a shutdown.
+	if p.isShutdown.Load() {
+		return
+	}
 	p.mu.Lock()
 	defer p.mu.Unlock()
-	spss := spanProcessorStates{}
-	old, ok := p.spanProcessors.Load().(spanProcessorStates)
-	if !ok || len(old) == 0 {
+	// This check prevents calls after a shutdown.
+	if p.isShutdown.Load() {
+		return
+	}
+	old := p.getSpanProcessors()
+	if len(old) == 0 {
 		return
 	}
-	spss = append(spss, old...)
+	spss := make(spanProcessorStates, len(old))
+	copy(spss, old)
 
 	// stop the span processor if it is started and remove it from the list
 	var stopOnce *spanProcessorState
 	var idx int
 	for i, sps := range spss {
-		if sps.sp == s {
+		if sps.sp == sp {
 			stopOnce = sps
 			idx = i
 		}
 	}
 	if stopOnce != nil {
 		stopOnce.state.Do(func() {
-			if err := s.Shutdown(context.Background()); err != nil {
+			if err := sp.Shutdown(context.Background()); err != nil {
 				otel.Handle(err)
 			}
 		})
@@ -207,16 +245,13 @@ func (p *TracerProvider) UnregisterSpanProcessor(s SpanProcessor) {
 	spss[len(spss)-1] = nil
 	spss = spss[:len(spss)-1]
 
-	p.spanProcessors.Store(spss)
+	p.spanProcessors.Store(&spss)
 }
 
 // ForceFlush immediately exports all spans that have not yet been exported for
 // all the registered span processors.
 func (p *TracerProvider) ForceFlush(ctx context.Context) error {
-	spss, ok := p.spanProcessors.Load().(spanProcessorStates)
-	if !ok {
-		return fmt.Errorf("failed to load span processors")
-	}
+	spss := p.getSpanProcessors()
 	if len(spss) == 0 {
 		return nil
 	}
@@ -235,14 +270,23 @@ func (p *TracerProvider) ForceFlush(ctx context.Context) error {
 	return nil
 }
 
-// Shutdown shuts down the span processors in the order they were registered.
+// Shutdown shuts down TracerProvider. All registered span processors are shut down
+// in the order they were registered and any held computational resources are released.
+// After Shutdown is called, all methods are no-ops.
 func (p *TracerProvider) Shutdown(ctx context.Context) error {
-	spss, ok := p.spanProcessors.Load().(spanProcessorStates)
-	if !ok {
-		return fmt.Errorf("failed to load span processors")
+	// This check prevents deadlocks in case of recursive shutdown.
+	if p.isShutdown.Load() {
+		return nil
 	}
+	p.mu.Lock()
+	defer p.mu.Unlock()
+	// This check prevents calls after a shutdown has already been done concurrently.
+	if !p.isShutdown.CompareAndSwap(false, true) { // did toggle?
+		return nil
+	}
+
 	var retErr error
-	for _, sps := range spss {
+	for _, sps := range p.getSpanProcessors() {
 		select {
 		case <-ctx.Done():
 			return ctx.Err()
@@ -262,9 +306,14 @@ func (p *TracerProvider) Shutdown(ctx context.Context) error {
 			}
 		}
 	}
+	p.spanProcessors.Store(&spanProcessorStates{})
 	return retErr
 }
 
+func (p *TracerProvider) getSpanProcessors() spanProcessorStates {
+	return *(p.spanProcessors.Load())
+}
+
 // TracerProviderOption configures a TracerProvider.
 type TracerProviderOption interface {
 	apply(tracerProviderConfig) tracerProviderConfig
diff --git a/apis/vendor/go.opentelemetry.io/otel/sdk/trace/sampling.go b/apis/vendor/go.opentelemetry.io/otel/sdk/trace/sampling.go
index a6dcf4b30..a7bc125b9 100644
--- a/apis/vendor/go.opentelemetry.io/otel/sdk/trace/sampling.go
+++ b/apis/vendor/go.opentelemetry.io/otel/sdk/trace/sampling.go
@@ -81,7 +81,7 @@ type traceIDRatioSampler struct {
 
 func (ts traceIDRatioSampler) ShouldSample(p SamplingParameters) SamplingResult {
 	psc := trace.SpanContextFromContext(p.ParentContext)
-	x := binary.BigEndian.Uint64(p.TraceID[0:8]) >> 1
+	x := binary.BigEndian.Uint64(p.TraceID[8:16]) >> 1
 	if x < ts.traceIDUpperBound {
 		return SamplingResult{
 			Decision:   RecordAndSample,
@@ -158,15 +158,15 @@ func NeverSample() Sampler {
 	return alwaysOffSampler{}
 }
 
-// ParentBased returns a composite sampler which behaves differently,
+// ParentBased returns a sampler decorator which behaves differently,
 // based on the parent of the span. If the span has no parent,
-// the root(Sampler) is used to make sampling decision. If the span has
+// the decorated sampler is used to make sampling decision. If the span has
 // a parent, depending on whether the parent is remote and whether it
 // is sampled, one of the following samplers will apply:
-// - remoteParentSampled(Sampler) (default: AlwaysOn)
-// - remoteParentNotSampled(Sampler) (default: AlwaysOff)
-// - localParentSampled(Sampler) (default: AlwaysOn)
-// - localParentNotSampled(Sampler) (default: AlwaysOff)
+//   - remoteParentSampled(Sampler) (default: AlwaysOn)
+//   - remoteParentNotSampled(Sampler) (default: AlwaysOff)
+//   - localParentSampled(Sampler) (default: AlwaysOn)
+//   - localParentNotSampled(Sampler) (default: AlwaysOff)
 func ParentBased(root Sampler, samplers ...ParentBasedSamplerOption) Sampler {
 	return parentBased{
 		root:   root,
diff --git a/apis/vendor/go.opentelemetry.io/otel/sdk/trace/simple_span_processor.go b/apis/vendor/go.opentelemetry.io/otel/sdk/trace/simple_span_processor.go
index e8530a959..f8770fff7 100644
--- a/apis/vendor/go.opentelemetry.io/otel/sdk/trace/simple_span_processor.go
+++ b/apis/vendor/go.opentelemetry.io/otel/sdk/trace/simple_span_processor.go
@@ -19,12 +19,13 @@ import (
 	"sync"
 
 	"go.opentelemetry.io/otel"
+	"go.opentelemetry.io/otel/internal/global"
 )
 
 // simpleSpanProcessor is a SpanProcessor that synchronously sends all
 // completed Spans to a trace.Exporter immediately.
 type simpleSpanProcessor struct {
-	exporterMu sync.RWMutex
+	exporterMu sync.Mutex
 	exporter   SpanExporter
 	stopOnce   sync.Once
 }
@@ -43,6 +44,8 @@ func NewSimpleSpanProcessor(exporter SpanExporter) SpanProcessor {
 	ssp := &simpleSpanProcessor{
 		exporter: exporter,
 	}
+	global.Warn("SimpleSpanProcessor is not recommended for production use, consider using BatchSpanProcessor instead.")
+
 	return ssp
 }
 
@@ -51,8 +54,8 @@ func (ssp *simpleSpanProcessor) OnStart(context.Context, ReadWriteSpan) {}
 
 // OnEnd immediately exports a ReadOnlySpan.
 func (ssp *simpleSpanProcessor) OnEnd(s ReadOnlySpan) {
-	ssp.exporterMu.RLock()
-	defer ssp.exporterMu.RUnlock()
+	ssp.exporterMu.Lock()
+	defer ssp.exporterMu.Unlock()
 
 	if ssp.exporter != nil && s.SpanContext().TraceFlags().IsSampled() {
 		if err := ssp.exporter.ExportSpans(context.Background(), []ReadOnlySpan{s}); err != nil {
diff --git a/apis/vendor/go.opentelemetry.io/otel/sdk/trace/span.go b/apis/vendor/go.opentelemetry.io/otel/sdk/trace/span.go
index 449cf6c25..36dbf6776 100644
--- a/apis/vendor/go.opentelemetry.io/otel/sdk/trace/span.go
+++ b/apis/vendor/go.opentelemetry.io/otel/sdk/trace/span.go
@@ -30,8 +30,9 @@ import (
 	"go.opentelemetry.io/otel/sdk/instrumentation"
 	"go.opentelemetry.io/otel/sdk/internal"
 	"go.opentelemetry.io/otel/sdk/resource"
-	semconv "go.opentelemetry.io/otel/semconv/v1.12.0"
+	semconv "go.opentelemetry.io/otel/semconv/v1.21.0"
 	"go.opentelemetry.io/otel/trace"
+	"go.opentelemetry.io/otel/trace/embedded"
 )
 
 // ReadOnlySpan allows reading information from the data structure underlying a
@@ -108,6 +109,8 @@ type ReadWriteSpan interface {
 // recordingSpan is an implementation of the OpenTelemetry Span API
 // representing the individual component of a trace that is sampled.
 type recordingSpan struct {
+	embedded.Span
+
 	// mu protects the contents of this span.
 	mu sync.Mutex
 
@@ -158,8 +161,10 @@ type recordingSpan struct {
 	tracer *tracer
 }
 
-var _ ReadWriteSpan = (*recordingSpan)(nil)
-var _ runtimeTracer = (*recordingSpan)(nil)
+var (
+	_ ReadWriteSpan = (*recordingSpan)(nil)
+	_ runtimeTracer = (*recordingSpan)(nil)
+)
 
 // SpanContext returns the SpanContext of this span.
 func (s *recordingSpan) SpanContext() trace.SpanContext {
@@ -189,15 +194,18 @@ func (s *recordingSpan) SetStatus(code codes.Code, description string) {
 	if !s.IsRecording() {
 		return
 	}
+	s.mu.Lock()
+	defer s.mu.Unlock()
+	if s.status.Code > code {
+		return
+	}
 
 	status := Status{Code: code}
 	if code == codes.Error {
 		status.Description = description
 	}
 
-	s.mu.Lock()
 	s.status = status
-	s.mu.Unlock()
 }
 
 // SetAttributes sets attributes of this span.
@@ -299,7 +307,7 @@ func (s *recordingSpan) addOverCapAttrs(limit int, attrs []attribute.KeyValue) {
 // most a length of limit. Each string slice value is truncated in this fashion
 // (the slice length itself is unaffected).
 //
-// No truncation is perfromed for a negative limit.
+// No truncation is performed for a negative limit.
 func truncateAttr(limit int, attr attribute.KeyValue) attribute.KeyValue {
 	if limit < 0 {
 		return attr
@@ -310,26 +318,13 @@ func truncateAttr(limit int, attr attribute.KeyValue) attribute.KeyValue {
 			return attr.Key.String(safeTruncate(v, limit))
 		}
 	case attribute.STRINGSLICE:
-		// Do no mutate the original, make a copy.
-		trucated := attr.Key.StringSlice(attr.Value.AsStringSlice())
-		// Do not do this.
-		//
-		//   v := trucated.Value.AsStringSlice()
-		//   cp := make([]string, len(v))
-		//   /* Copy and truncate values to cp ... */
-		//   trucated.Value = attribute.StringSliceValue(cp)
-		//
-		// Copying the []string and then assigning it back as a new value with
-		// attribute.StringSliceValue will copy the data twice. Instead, we
-		// already made a copy above that only this function owns, update the
-		// underlying slice data of our copy.
-		v := trucated.Value.AsStringSlice()
+		v := attr.Value.AsStringSlice()
 		for i := range v {
 			if len(v[i]) > limit {
 				v[i] = safeTruncate(v[i], limit)
 			}
 		}
-		return trucated
+		return attr.Key.StringSlice(v)
 	}
 	return attr
 }
@@ -393,14 +388,14 @@ func (s *recordingSpan) End(options ...trace.SpanEndOption) {
 		defer panic(recovered)
 		opts := []trace.EventOption{
 			trace.WithAttributes(
-				semconv.ExceptionTypeKey.String(typeStr(recovered)),
-				semconv.ExceptionMessageKey.String(fmt.Sprint(recovered)),
+				semconv.ExceptionType(typeStr(recovered)),
+				semconv.ExceptionMessage(fmt.Sprint(recovered)),
 			),
 		}
 
 		if config.StackTrace() {
 			opts = append(opts, trace.WithAttributes(
-				semconv.ExceptionStacktraceKey.String(recordStackTrace()),
+				semconv.ExceptionStacktrace(recordStackTrace()),
 			))
 		}
 
@@ -420,14 +415,13 @@ func (s *recordingSpan) End(options ...trace.SpanEndOption) {
 	}
 	s.mu.Unlock()
 
-	if sps, ok := s.tracer.provider.spanProcessors.Load().(spanProcessorStates); ok {
-		if len(sps) == 0 {
-			return
-		}
-		snap := s.snapshot()
-		for _, sp := range sps {
-			sp.sp.OnEnd(snap)
-		}
+	sps := s.tracer.provider.getSpanProcessors()
+	if len(sps) == 0 {
+		return
+	}
+	snap := s.snapshot()
+	for _, sp := range sps {
+		sp.sp.OnEnd(snap)
 	}
 }
 
@@ -441,14 +435,14 @@ func (s *recordingSpan) RecordError(err error, opts ...trace.EventOption) {
 	}
 
 	opts = append(opts, trace.WithAttributes(
-		semconv.ExceptionTypeKey.String(typeStr(err)),
-		semconv.ExceptionMessageKey.String(err.Error()),
+		semconv.ExceptionType(typeStr(err)),
+		semconv.ExceptionMessage(err.Error()),
 	))
 
 	c := trace.NewEventConfig(opts...)
 	if c.StackTrace() {
 		opts = append(opts, trace.WithAttributes(
-			semconv.ExceptionStacktraceKey.String(recordStackTrace()),
+			semconv.ExceptionStacktrace(recordStackTrace()),
 		))
 	}
 
@@ -783,6 +777,8 @@ func (s *recordingSpan) runtimeTrace(ctx context.Context) context.Context {
 // that wraps a SpanContext. It performs no operations other than to return
 // the wrapped SpanContext or TracerProvider that created it.
 type nonRecordingSpan struct {
+	embedded.Span
+
 	// tracer is the SDK tracer that created this span.
 	tracer *tracer
 	sc     trace.SpanContext
diff --git a/apis/vendor/go.opentelemetry.io/otel/sdk/trace/span_exporter.go b/apis/vendor/go.opentelemetry.io/otel/sdk/trace/span_exporter.go
index 9fb3d6eac..c9bd52f7a 100644
--- a/apis/vendor/go.opentelemetry.io/otel/sdk/trace/span_exporter.go
+++ b/apis/vendor/go.opentelemetry.io/otel/sdk/trace/span_exporter.go
@@ -38,7 +38,7 @@ type SpanExporter interface {
 	// must never be done outside of a new major release.
 
 	// Shutdown notifies the exporter of a pending halt to operations. The
-	// exporter is expected to preform any cleanup or synchronization it
+	// exporter is expected to perform any cleanup or synchronization it
 	// requires while honoring all timeouts and cancellations contained in
 	// the passed context.
 	Shutdown(ctx context.Context) error
diff --git a/apis/vendor/go.opentelemetry.io/otel/sdk/trace/span_processor.go b/apis/vendor/go.opentelemetry.io/otel/sdk/trace/span_processor.go
index b649a2ff0..9c53657a7 100644
--- a/apis/vendor/go.opentelemetry.io/otel/sdk/trace/span_processor.go
+++ b/apis/vendor/go.opentelemetry.io/otel/sdk/trace/span_processor.go
@@ -62,6 +62,11 @@ type SpanProcessor interface {
 
 type spanProcessorState struct {
 	sp    SpanProcessor
-	state *sync.Once
+	state sync.Once
 }
+
+func newSpanProcessorState(sp SpanProcessor) *spanProcessorState {
+	return &spanProcessorState{sp: sp}
+}
+
 type spanProcessorStates []*spanProcessorState
diff --git a/apis/vendor/go.opentelemetry.io/otel/sdk/trace/tracer.go b/apis/vendor/go.opentelemetry.io/otel/sdk/trace/tracer.go
index 7b11fc465..301e1a7ab 100644
--- a/apis/vendor/go.opentelemetry.io/otel/sdk/trace/tracer.go
+++ b/apis/vendor/go.opentelemetry.io/otel/sdk/trace/tracer.go
@@ -20,9 +20,12 @@ import (
 
 	"go.opentelemetry.io/otel/sdk/instrumentation"
 	"go.opentelemetry.io/otel/trace"
+	"go.opentelemetry.io/otel/trace/embedded"
 )
 
 type tracer struct {
+	embedded.Tracer
+
 	provider             *TracerProvider
 	instrumentationScope instrumentation.Scope
 }
@@ -51,7 +54,7 @@ func (tr *tracer) Start(ctx context.Context, name string, options ...trace.SpanS
 
 	s := tr.newSpan(ctx, name, &config)
 	if rw, ok := s.(ReadWriteSpan); ok && s.IsRecording() {
-		sps, _ := tr.provider.spanProcessors.Load().(spanProcessorStates)
+		sps := tr.provider.getSpanProcessors()
 		for _, sp := range sps {
 			sp.sp.OnStart(ctx, rw)
 		}
diff --git a/apis/vendor/go.opentelemetry.io/otel/sdk/trace/version.go b/apis/vendor/go.opentelemetry.io/otel/sdk/trace/version.go
new file mode 100644
index 000000000..d3457ed13
--- /dev/null
+++ b/apis/vendor/go.opentelemetry.io/otel/sdk/trace/version.go
@@ -0,0 +1,20 @@
+// Copyright The OpenTelemetry Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package trace // import "go.opentelemetry.io/otel/sdk/trace"
+
+// version is the current release version of the metric SDK in use.
+func version() string {
+	return "1.16.0-rc.1"
+}
diff --git a/apis/vendor/go.opentelemetry.io/otel/sdk/version.go b/apis/vendor/go.opentelemetry.io/otel/sdk/version.go
new file mode 100644
index 000000000..422d4c964
--- /dev/null
+++ b/apis/vendor/go.opentelemetry.io/otel/sdk/version.go
@@ -0,0 +1,20 @@
+// Copyright The OpenTelemetry Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package sdk // import "go.opentelemetry.io/otel/sdk"
+
+// Version is the current release version of the OpenTelemetry SDK in use.
+func Version() string {
+	return "1.21.0"
+}
diff --git a/apis/vendor/go.opentelemetry.io/otel/semconv/internal/http.go b/apis/vendor/go.opentelemetry.io/otel/semconv/internal/http.go
deleted file mode 100644
index b580eedef..000000000
--- a/apis/vendor/go.opentelemetry.io/otel/semconv/internal/http.go
+++ /dev/null
@@ -1,336 +0,0 @@
-// Copyright The OpenTelemetry Authors
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package internal // import "go.opentelemetry.io/otel/semconv/internal"
-
-import (
-	"fmt"
-	"net"
-	"net/http"
-	"strconv"
-	"strings"
-
-	"go.opentelemetry.io/otel/attribute"
-	"go.opentelemetry.io/otel/codes"
-	"go.opentelemetry.io/otel/trace"
-)
-
-// SemanticConventions are the semantic convention values defined for a
-// version of the OpenTelemetry specification.
-type SemanticConventions struct {
-	EnduserIDKey                attribute.Key
-	HTTPClientIPKey             attribute.Key
-	HTTPFlavorKey               attribute.Key
-	HTTPHostKey                 attribute.Key
-	HTTPMethodKey               attribute.Key
-	HTTPRequestContentLengthKey attribute.Key
-	HTTPRouteKey                attribute.Key
-	HTTPSchemeHTTP              attribute.KeyValue
-	HTTPSchemeHTTPS             attribute.KeyValue
-	HTTPServerNameKey           attribute.Key
-	HTTPStatusCodeKey           attribute.Key
-	HTTPTargetKey               attribute.Key
-	HTTPURLKey                  attribute.Key
-	HTTPUserAgentKey            attribute.Key
-	NetHostIPKey                attribute.Key
-	NetHostNameKey              attribute.Key
-	NetHostPortKey              attribute.Key
-	NetPeerIPKey                attribute.Key
-	NetPeerNameKey              attribute.Key
-	NetPeerPortKey              attribute.Key
-	NetTransportIP              attribute.KeyValue
-	NetTransportOther           attribute.KeyValue
-	NetTransportTCP             attribute.KeyValue
-	NetTransportUDP             attribute.KeyValue
-	NetTransportUnix            attribute.KeyValue
-}
-
-// NetAttributesFromHTTPRequest generates attributes of the net
-// namespace as specified by the OpenTelemetry specification for a
-// span.  The network parameter is a string that net.Dial function
-// from standard library can understand.
-func (sc *SemanticConventions) NetAttributesFromHTTPRequest(network string, request *http.Request) []attribute.KeyValue {
-	attrs := []attribute.KeyValue{}
-
-	switch network {
-	case "tcp", "tcp4", "tcp6":
-		attrs = append(attrs, sc.NetTransportTCP)
-	case "udp", "udp4", "udp6":
-		attrs = append(attrs, sc.NetTransportUDP)
-	case "ip", "ip4", "ip6":
-		attrs = append(attrs, sc.NetTransportIP)
-	case "unix", "unixgram", "unixpacket":
-		attrs = append(attrs, sc.NetTransportUnix)
-	default:
-		attrs = append(attrs, sc.NetTransportOther)
-	}
-
-	peerIP, peerName, peerPort := hostIPNamePort(request.RemoteAddr)
-	if peerIP != "" {
-		attrs = append(attrs, sc.NetPeerIPKey.String(peerIP))
-	}
-	if peerName != "" {
-		attrs = append(attrs, sc.NetPeerNameKey.String(peerName))
-	}
-	if peerPort != 0 {
-		attrs = append(attrs, sc.NetPeerPortKey.Int(peerPort))
-	}
-
-	hostIP, hostName, hostPort := "", "", 0
-	for _, someHost := range []string{request.Host, request.Header.Get("Host"), request.URL.Host} {
-		hostIP, hostName, hostPort = hostIPNamePort(someHost)
-		if hostIP != "" || hostName != "" || hostPort != 0 {
-			break
-		}
-	}
-	if hostIP != "" {
-		attrs = append(attrs, sc.NetHostIPKey.String(hostIP))
-	}
-	if hostName != "" {
-		attrs = append(attrs, sc.NetHostNameKey.String(hostName))
-	}
-	if hostPort != 0 {
-		attrs = append(attrs, sc.NetHostPortKey.Int(hostPort))
-	}
-
-	return attrs
-}
-
-// hostIPNamePort extracts the IP address, name and (optional) port from hostWithPort.
-// It handles both IPv4 and IPv6 addresses. If the host portion is not recognized
-// as a valid IPv4 or IPv6 address, the `ip` result will be empty and the
-// host portion will instead be returned in `name`.
-func hostIPNamePort(hostWithPort string) (ip string, name string, port int) {
-	var (
-		hostPart, portPart string
-		parsedPort         uint64
-		err                error
-	)
-	if hostPart, portPart, err = net.SplitHostPort(hostWithPort); err != nil {
-		hostPart, portPart = hostWithPort, ""
-	}
-	if parsedIP := net.ParseIP(hostPart); parsedIP != nil {
-		ip = parsedIP.String()
-	} else {
-		name = hostPart
-	}
-	if parsedPort, err = strconv.ParseUint(portPart, 10, 16); err == nil {
-		port = int(parsedPort)
-	}
-	return
-}
-
-// EndUserAttributesFromHTTPRequest generates attributes of the
-// enduser namespace as specified by the OpenTelemetry specification
-// for a span.
-func (sc *SemanticConventions) EndUserAttributesFromHTTPRequest(request *http.Request) []attribute.KeyValue {
-	if username, _, ok := request.BasicAuth(); ok {
-		return []attribute.KeyValue{sc.EnduserIDKey.String(username)}
-	}
-	return nil
-}
-
-// HTTPClientAttributesFromHTTPRequest generates attributes of the
-// http namespace as specified by the OpenTelemetry specification for
-// a span on the client side.
-func (sc *SemanticConventions) HTTPClientAttributesFromHTTPRequest(request *http.Request) []attribute.KeyValue {
-	attrs := []attribute.KeyValue{}
-
-	// remove any username/password info that may be in the URL
-	// before adding it to the attributes
-	userinfo := request.URL.User
-	request.URL.User = nil
-
-	attrs = append(attrs, sc.HTTPURLKey.String(request.URL.String()))
-
-	// restore any username/password info that was removed
-	request.URL.User = userinfo
-
-	return append(attrs, sc.httpCommonAttributesFromHTTPRequest(request)...)
-}
-
-func (sc *SemanticConventions) httpCommonAttributesFromHTTPRequest(request *http.Request) []attribute.KeyValue {
-	attrs := []attribute.KeyValue{}
-	if ua := request.UserAgent(); ua != "" {
-		attrs = append(attrs, sc.HTTPUserAgentKey.String(ua))
-	}
-	if request.ContentLength > 0 {
-		attrs = append(attrs, sc.HTTPRequestContentLengthKey.Int64(request.ContentLength))
-	}
-
-	return append(attrs, sc.httpBasicAttributesFromHTTPRequest(request)...)
-}
-
-func (sc *SemanticConventions) httpBasicAttributesFromHTTPRequest(request *http.Request) []attribute.KeyValue {
-	// as these attributes are used by HTTPServerMetricAttributesFromHTTPRequest, they should be low-cardinality
-	attrs := []attribute.KeyValue{}
-
-	if request.TLS != nil {
-		attrs = append(attrs, sc.HTTPSchemeHTTPS)
-	} else {
-		attrs = append(attrs, sc.HTTPSchemeHTTP)
-	}
-
-	if request.Host != "" {
-		attrs = append(attrs, sc.HTTPHostKey.String(request.Host))
-	} else if request.URL != nil && request.URL.Host != "" {
-		attrs = append(attrs, sc.HTTPHostKey.String(request.URL.Host))
-	}
-
-	flavor := ""
-	if request.ProtoMajor == 1 {
-		flavor = fmt.Sprintf("1.%d", request.ProtoMinor)
-	} else if request.ProtoMajor == 2 {
-		flavor = "2"
-	}
-	if flavor != "" {
-		attrs = append(attrs, sc.HTTPFlavorKey.String(flavor))
-	}
-
-	if request.Method != "" {
-		attrs = append(attrs, sc.HTTPMethodKey.String(request.Method))
-	} else {
-		attrs = append(attrs, sc.HTTPMethodKey.String(http.MethodGet))
-	}
-
-	return attrs
-}
-
-// HTTPServerMetricAttributesFromHTTPRequest generates low-cardinality attributes
-// to be used with server-side HTTP metrics.
-func (sc *SemanticConventions) HTTPServerMetricAttributesFromHTTPRequest(serverName string, request *http.Request) []attribute.KeyValue {
-	attrs := []attribute.KeyValue{}
-	if serverName != "" {
-		attrs = append(attrs, sc.HTTPServerNameKey.String(serverName))
-	}
-	return append(attrs, sc.httpBasicAttributesFromHTTPRequest(request)...)
-}
-
-// HTTPServerAttributesFromHTTPRequest generates attributes of the
-// http namespace as specified by the OpenTelemetry specification for
-// a span on the server side. Currently, only basic authentication is
-// supported.
-func (sc *SemanticConventions) HTTPServerAttributesFromHTTPRequest(serverName, route string, request *http.Request) []attribute.KeyValue {
-	attrs := []attribute.KeyValue{
-		sc.HTTPTargetKey.String(request.RequestURI),
-	}
-
-	if serverName != "" {
-		attrs = append(attrs, sc.HTTPServerNameKey.String(serverName))
-	}
-	if route != "" {
-		attrs = append(attrs, sc.HTTPRouteKey.String(route))
-	}
-	if values, ok := request.Header["X-Forwarded-For"]; ok && len(values) > 0 {
-		if addresses := strings.SplitN(values[0], ",", 2); len(addresses) > 0 {
-			attrs = append(attrs, sc.HTTPClientIPKey.String(addresses[0]))
-		}
-	}
-
-	return append(attrs, sc.httpCommonAttributesFromHTTPRequest(request)...)
-}
-
-// HTTPAttributesFromHTTPStatusCode generates attributes of the http
-// namespace as specified by the OpenTelemetry specification for a
-// span.
-func (sc *SemanticConventions) HTTPAttributesFromHTTPStatusCode(code int) []attribute.KeyValue {
-	attrs := []attribute.KeyValue{
-		sc.HTTPStatusCodeKey.Int(code),
-	}
-	return attrs
-}
-
-type codeRange struct {
-	fromInclusive int
-	toInclusive   int
-}
-
-func (r codeRange) contains(code int) bool {
-	return r.fromInclusive <= code && code <= r.toInclusive
-}
-
-var validRangesPerCategory = map[int][]codeRange{
-	1: {
-		{http.StatusContinue, http.StatusEarlyHints},
-	},
-	2: {
-		{http.StatusOK, http.StatusAlreadyReported},
-		{http.StatusIMUsed, http.StatusIMUsed},
-	},
-	3: {
-		{http.StatusMultipleChoices, http.StatusUseProxy},
-		{http.StatusTemporaryRedirect, http.StatusPermanentRedirect},
-	},
-	4: {
-		{http.StatusBadRequest, http.StatusTeapot}, // yes, teapot is so useful…
-		{http.StatusMisdirectedRequest, http.StatusUpgradeRequired},
-		{http.StatusPreconditionRequired, http.StatusTooManyRequests},
-		{http.StatusRequestHeaderFieldsTooLarge, http.StatusRequestHeaderFieldsTooLarge},
-		{http.StatusUnavailableForLegalReasons, http.StatusUnavailableForLegalReasons},
-	},
-	5: {
-		{http.StatusInternalServerError, http.StatusLoopDetected},
-		{http.StatusNotExtended, http.StatusNetworkAuthenticationRequired},
-	},
-}
-
-// SpanStatusFromHTTPStatusCode generates a status code and a message
-// as specified by the OpenTelemetry specification for a span.
-func SpanStatusFromHTTPStatusCode(code int) (codes.Code, string) {
-	spanCode, valid := validateHTTPStatusCode(code)
-	if !valid {
-		return spanCode, fmt.Sprintf("Invalid HTTP status code %d", code)
-	}
-	return spanCode, ""
-}
-
-// SpanStatusFromHTTPStatusCodeAndSpanKind generates a status code and a message
-// as specified by the OpenTelemetry specification for a span.
-// Exclude 4xx for SERVER to set the appropriate status.
-func SpanStatusFromHTTPStatusCodeAndSpanKind(code int, spanKind trace.SpanKind) (codes.Code, string) {
-	spanCode, valid := validateHTTPStatusCode(code)
-	if !valid {
-		return spanCode, fmt.Sprintf("Invalid HTTP status code %d", code)
-	}
-	category := code / 100
-	if spanKind == trace.SpanKindServer && category == 4 {
-		return codes.Unset, ""
-	}
-	return spanCode, ""
-}
-
-// validateHTTPStatusCode validates the HTTP status code and returns
-// corresponding span status code. If the `code` is not a valid HTTP status
-// code, returns span status Error and false.
-func validateHTTPStatusCode(code int) (codes.Code, bool) {
-	category := code / 100
-	ranges, ok := validRangesPerCategory[category]
-	if !ok {
-		return codes.Error, false
-	}
-	ok = false
-	for _, crange := range ranges {
-		ok = crange.contains(code)
-		if ok {
-			break
-		}
-	}
-	if !ok {
-		return codes.Error, false
-	}
-	if category > 0 && category < 4 {
-		return codes.Unset, true
-	}
-	return codes.Error, true
-}
diff --git a/apis/vendor/go.opentelemetry.io/otel/semconv/v1.12.0/http.go b/apis/vendor/go.opentelemetry.io/otel/semconv/v1.12.0/http.go
deleted file mode 100644
index 4b4f3cbaf..000000000
--- a/apis/vendor/go.opentelemetry.io/otel/semconv/v1.12.0/http.go
+++ /dev/null
@@ -1,114 +0,0 @@
-// Copyright The OpenTelemetry Authors
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package semconv // import "go.opentelemetry.io/otel/semconv/v1.12.0"
-
-import (
-	"net/http"
-
-	"go.opentelemetry.io/otel/attribute"
-	"go.opentelemetry.io/otel/codes"
-	"go.opentelemetry.io/otel/semconv/internal"
-	"go.opentelemetry.io/otel/trace"
-)
-
-// HTTP scheme attributes.
-var (
-	HTTPSchemeHTTP  = HTTPSchemeKey.String("http")
-	HTTPSchemeHTTPS = HTTPSchemeKey.String("https")
-)
-
-var sc = &internal.SemanticConventions{
-	EnduserIDKey:                EnduserIDKey,
-	HTTPClientIPKey:             HTTPClientIPKey,
-	HTTPFlavorKey:               HTTPFlavorKey,
-	HTTPHostKey:                 HTTPHostKey,
-	HTTPMethodKey:               HTTPMethodKey,
-	HTTPRequestContentLengthKey: HTTPRequestContentLengthKey,
-	HTTPRouteKey:                HTTPRouteKey,
-	HTTPSchemeHTTP:              HTTPSchemeHTTP,
-	HTTPSchemeHTTPS:             HTTPSchemeHTTPS,
-	HTTPServerNameKey:           HTTPServerNameKey,
-	HTTPStatusCodeKey:           HTTPStatusCodeKey,
-	HTTPTargetKey:               HTTPTargetKey,
-	HTTPURLKey:                  HTTPURLKey,
-	HTTPUserAgentKey:            HTTPUserAgentKey,
-	NetHostIPKey:                NetHostIPKey,
-	NetHostNameKey:              NetHostNameKey,
-	NetHostPortKey:              NetHostPortKey,
-	NetPeerIPKey:                NetPeerIPKey,
-	NetPeerNameKey:              NetPeerNameKey,
-	NetPeerPortKey:              NetPeerPortKey,
-	NetTransportIP:              NetTransportIP,
-	NetTransportOther:           NetTransportOther,
-	NetTransportTCP:             NetTransportTCP,
-	NetTransportUDP:             NetTransportUDP,
-	NetTransportUnix:            NetTransportUnix,
-}
-
-// NetAttributesFromHTTPRequest generates attributes of the net
-// namespace as specified by the OpenTelemetry specification for a
-// span.  The network parameter is a string that net.Dial function
-// from standard library can understand.
-func NetAttributesFromHTTPRequest(network string, request *http.Request) []attribute.KeyValue {
-	return sc.NetAttributesFromHTTPRequest(network, request)
-}
-
-// EndUserAttributesFromHTTPRequest generates attributes of the
-// enduser namespace as specified by the OpenTelemetry specification
-// for a span.
-func EndUserAttributesFromHTTPRequest(request *http.Request) []attribute.KeyValue {
-	return sc.EndUserAttributesFromHTTPRequest(request)
-}
-
-// HTTPClientAttributesFromHTTPRequest generates attributes of the
-// http namespace as specified by the OpenTelemetry specification for
-// a span on the client side.
-func HTTPClientAttributesFromHTTPRequest(request *http.Request) []attribute.KeyValue {
-	return sc.HTTPClientAttributesFromHTTPRequest(request)
-}
-
-// HTTPServerMetricAttributesFromHTTPRequest generates low-cardinality attributes
-// to be used with server-side HTTP metrics.
-func HTTPServerMetricAttributesFromHTTPRequest(serverName string, request *http.Request) []attribute.KeyValue {
-	return sc.HTTPServerMetricAttributesFromHTTPRequest(serverName, request)
-}
-
-// HTTPServerAttributesFromHTTPRequest generates attributes of the
-// http namespace as specified by the OpenTelemetry specification for
-// a span on the server side. Currently, only basic authentication is
-// supported.
-func HTTPServerAttributesFromHTTPRequest(serverName, route string, request *http.Request) []attribute.KeyValue {
-	return sc.HTTPServerAttributesFromHTTPRequest(serverName, route, request)
-}
-
-// HTTPAttributesFromHTTPStatusCode generates attributes of the http
-// namespace as specified by the OpenTelemetry specification for a
-// span.
-func HTTPAttributesFromHTTPStatusCode(code int) []attribute.KeyValue {
-	return sc.HTTPAttributesFromHTTPStatusCode(code)
-}
-
-// SpanStatusFromHTTPStatusCode generates a status code and a message
-// as specified by the OpenTelemetry specification for a span.
-func SpanStatusFromHTTPStatusCode(code int) (codes.Code, string) {
-	return internal.SpanStatusFromHTTPStatusCode(code)
-}
-
-// SpanStatusFromHTTPStatusCodeAndSpanKind generates a status code and a message
-// as specified by the OpenTelemetry specification for a span.
-// Exclude 4xx for SERVER to set the appropriate status.
-func SpanStatusFromHTTPStatusCodeAndSpanKind(code int, spanKind trace.SpanKind) (codes.Code, string) {
-	return internal.SpanStatusFromHTTPStatusCodeAndSpanKind(code, spanKind)
-}
diff --git a/apis/vendor/go.opentelemetry.io/otel/semconv/v1.12.0/resource.go b/apis/vendor/go.opentelemetry.io/otel/semconv/v1.12.0/resource.go
deleted file mode 100644
index b2155676f..000000000
--- a/apis/vendor/go.opentelemetry.io/otel/semconv/v1.12.0/resource.go
+++ /dev/null
@@ -1,1042 +0,0 @@
-// Copyright The OpenTelemetry Authors
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-// Code generated from semantic convention specification. DO NOT EDIT.
-
-package semconv // import "go.opentelemetry.io/otel/semconv/v1.12.0"
-
-import "go.opentelemetry.io/otel/attribute"
-
-// The web browser in which the application represented by the resource is running. The `browser.*` attributes MUST be used only for resources that represent applications running in a web browser (regardless of whether running on a mobile or desktop device).
-const (
-	// Array of brand name and version separated by a space
-	//
-	// Type: string[]
-	// Required: No
-	// Stability: stable
-	// Examples: ' Not A;Brand 99', 'Chromium 99', 'Chrome 99'
-	// Note: This value is intended to be taken from the [UA client hints
-	// API](https://wicg.github.io/ua-client-hints/#interface)
-	// (navigator.userAgentData.brands).
-	BrowserBrandsKey = attribute.Key("browser.brands")
-	// The platform on which the browser is running
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'Windows', 'macOS', 'Android'
-	// Note: This value is intended to be taken from the [UA client hints
-	// API](https://wicg.github.io/ua-client-hints/#interface)
-	// (navigator.userAgentData.platform). If unavailable, the legacy
-	// `navigator.platform` API SHOULD NOT be used instead and this attribute SHOULD
-	// be left unset in order for the values to be consistent.
-	// The list of possible values is defined in the [W3C User-Agent Client Hints
-	// specification](https://wicg.github.io/ua-client-hints/#sec-ch-ua-platform).
-	// Note that some (but not all) of these values can overlap with values in the
-	// [os.type and os.name attributes](./os.md). However, for consistency, the values
-	// in the `browser.platform` attribute should capture the exact value that the
-	// user agent provides.
-	BrowserPlatformKey = attribute.Key("browser.platform")
-	// Full user-agent string provided by the browser
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36
-	// (KHTML, '
-	//  'like Gecko) Chrome/95.0.4638.54 Safari/537.36'
-	// Note: The user-agent value SHOULD be provided only from browsers that do not
-	// have a mechanism to retrieve brands and platform individually from the User-
-	// Agent Client Hints API. To retrieve the value, the legacy `navigator.userAgent`
-	// API can be used.
-	BrowserUserAgentKey = attribute.Key("browser.user_agent")
-)
-
-// A cloud environment (e.g. GCP, Azure, AWS)
-const (
-	// Name of the cloud provider.
-	//
-	// Type: Enum
-	// Required: No
-	// Stability: stable
-	CloudProviderKey = attribute.Key("cloud.provider")
-	// The cloud account ID the resource is assigned to.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: '111111111111', 'opentelemetry'
-	CloudAccountIDKey = attribute.Key("cloud.account.id")
-	// The geographical region the resource is running.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'us-central1', 'us-east-1'
-	// Note: Refer to your provider's docs to see the available regions, for example
-	// [Alibaba Cloud regions](https://www.alibabacloud.com/help/doc-
-	// detail/40654.htm), [AWS regions](https://aws.amazon.com/about-aws/global-
-	// infrastructure/regions_az/), [Azure regions](https://azure.microsoft.com/en-
-	// us/global-infrastructure/geographies/), [Google Cloud
-	// regions](https://cloud.google.com/about/locations), or [Tencent Cloud
-	// regions](https://intl.cloud.tencent.com/document/product/213/6091).
-	CloudRegionKey = attribute.Key("cloud.region")
-	// Cloud regions often have multiple, isolated locations known as zones to
-	// increase availability. Availability zone represents the zone where the resource
-	// is running.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'us-east-1c'
-	// Note: Availability zones are called "zones" on Alibaba Cloud and Google Cloud.
-	CloudAvailabilityZoneKey = attribute.Key("cloud.availability_zone")
-	// The cloud platform in use.
-	//
-	// Type: Enum
-	// Required: No
-	// Stability: stable
-	// Note: The prefix of the service SHOULD match the one specified in
-	// `cloud.provider`.
-	CloudPlatformKey = attribute.Key("cloud.platform")
-)
-
-var (
-	// Alibaba Cloud
-	CloudProviderAlibabaCloud = CloudProviderKey.String("alibaba_cloud")
-	// Amazon Web Services
-	CloudProviderAWS = CloudProviderKey.String("aws")
-	// Microsoft Azure
-	CloudProviderAzure = CloudProviderKey.String("azure")
-	// Google Cloud Platform
-	CloudProviderGCP = CloudProviderKey.String("gcp")
-	// Tencent Cloud
-	CloudProviderTencentCloud = CloudProviderKey.String("tencent_cloud")
-)
-
-var (
-	// Alibaba Cloud Elastic Compute Service
-	CloudPlatformAlibabaCloudECS = CloudPlatformKey.String("alibaba_cloud_ecs")
-	// Alibaba Cloud Function Compute
-	CloudPlatformAlibabaCloudFc = CloudPlatformKey.String("alibaba_cloud_fc")
-	// AWS Elastic Compute Cloud
-	CloudPlatformAWSEC2 = CloudPlatformKey.String("aws_ec2")
-	// AWS Elastic Container Service
-	CloudPlatformAWSECS = CloudPlatformKey.String("aws_ecs")
-	// AWS Elastic Kubernetes Service
-	CloudPlatformAWSEKS = CloudPlatformKey.String("aws_eks")
-	// AWS Lambda
-	CloudPlatformAWSLambda = CloudPlatformKey.String("aws_lambda")
-	// AWS Elastic Beanstalk
-	CloudPlatformAWSElasticBeanstalk = CloudPlatformKey.String("aws_elastic_beanstalk")
-	// AWS App Runner
-	CloudPlatformAWSAppRunner = CloudPlatformKey.String("aws_app_runner")
-	// Azure Virtual Machines
-	CloudPlatformAzureVM = CloudPlatformKey.String("azure_vm")
-	// Azure Container Instances
-	CloudPlatformAzureContainerInstances = CloudPlatformKey.String("azure_container_instances")
-	// Azure Kubernetes Service
-	CloudPlatformAzureAKS = CloudPlatformKey.String("azure_aks")
-	// Azure Functions
-	CloudPlatformAzureFunctions = CloudPlatformKey.String("azure_functions")
-	// Azure App Service
-	CloudPlatformAzureAppService = CloudPlatformKey.String("azure_app_service")
-	// Google Cloud Compute Engine (GCE)
-	CloudPlatformGCPComputeEngine = CloudPlatformKey.String("gcp_compute_engine")
-	// Google Cloud Run
-	CloudPlatformGCPCloudRun = CloudPlatformKey.String("gcp_cloud_run")
-	// Google Cloud Kubernetes Engine (GKE)
-	CloudPlatformGCPKubernetesEngine = CloudPlatformKey.String("gcp_kubernetes_engine")
-	// Google Cloud Functions (GCF)
-	CloudPlatformGCPCloudFunctions = CloudPlatformKey.String("gcp_cloud_functions")
-	// Google Cloud App Engine (GAE)
-	CloudPlatformGCPAppEngine = CloudPlatformKey.String("gcp_app_engine")
-	// Tencent Cloud Cloud Virtual Machine (CVM)
-	CloudPlatformTencentCloudCvm = CloudPlatformKey.String("tencent_cloud_cvm")
-	// Tencent Cloud Elastic Kubernetes Service (EKS)
-	CloudPlatformTencentCloudEKS = CloudPlatformKey.String("tencent_cloud_eks")
-	// Tencent Cloud Serverless Cloud Function (SCF)
-	CloudPlatformTencentCloudScf = CloudPlatformKey.String("tencent_cloud_scf")
-)
-
-// Resources used by AWS Elastic Container Service (ECS).
-const (
-	// The Amazon Resource Name (ARN) of an [ECS container instance](https://docs.aws.
-	// amazon.com/AmazonECS/latest/developerguide/ECS_instances.html).
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'arn:aws:ecs:us-
-	// west-1:123456789123:container/32624152-9086-4f0e-acae-1a75b14fe4d9'
-	AWSECSContainerARNKey = attribute.Key("aws.ecs.container.arn")
-	// The ARN of an [ECS cluster](https://docs.aws.amazon.com/AmazonECS/latest/develo
-	// perguide/clusters.html).
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'arn:aws:ecs:us-west-2:123456789123:cluster/my-cluster'
-	AWSECSClusterARNKey = attribute.Key("aws.ecs.cluster.arn")
-	// The [launch type](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/l
-	// aunch_types.html) for an ECS task.
-	//
-	// Type: Enum
-	// Required: No
-	// Stability: stable
-	AWSECSLaunchtypeKey = attribute.Key("aws.ecs.launchtype")
-	// The ARN of an [ECS task definition](https://docs.aws.amazon.com/AmazonECS/lates
-	// t/developerguide/task_definitions.html).
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'arn:aws:ecs:us-
-	// west-1:123456789123:task/10838bed-421f-43ef-870a-f43feacbbb5b'
-	AWSECSTaskARNKey = attribute.Key("aws.ecs.task.arn")
-	// The task definition family this task definition is a member of.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'opentelemetry-family'
-	AWSECSTaskFamilyKey = attribute.Key("aws.ecs.task.family")
-	// The revision for this task definition.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: '8', '26'
-	AWSECSTaskRevisionKey = attribute.Key("aws.ecs.task.revision")
-)
-
-var (
-	// ec2
-	AWSECSLaunchtypeEC2 = AWSECSLaunchtypeKey.String("ec2")
-	// fargate
-	AWSECSLaunchtypeFargate = AWSECSLaunchtypeKey.String("fargate")
-)
-
-// Resources used by AWS Elastic Kubernetes Service (EKS).
-const (
-	// The ARN of an EKS cluster.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'arn:aws:ecs:us-west-2:123456789123:cluster/my-cluster'
-	AWSEKSClusterARNKey = attribute.Key("aws.eks.cluster.arn")
-)
-
-// Resources specific to Amazon Web Services.
-const (
-	// The name(s) of the AWS log group(s) an application is writing to.
-	//
-	// Type: string[]
-	// Required: No
-	// Stability: stable
-	// Examples: '/aws/lambda/my-function', 'opentelemetry-service'
-	// Note: Multiple log groups must be supported for cases like multi-container
-	// applications, where a single application has sidecar containers, and each write
-	// to their own log group.
-	AWSLogGroupNamesKey = attribute.Key("aws.log.group.names")
-	// The Amazon Resource Name(s) (ARN) of the AWS log group(s).
-	//
-	// Type: string[]
-	// Required: No
-	// Stability: stable
-	// Examples: 'arn:aws:logs:us-west-1:123456789012:log-group:/aws/my/group:*'
-	// Note: See the [log group ARN format
-	// documentation](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/iam-
-	// access-control-overview-cwl.html#CWL_ARN_Format).
-	AWSLogGroupARNsKey = attribute.Key("aws.log.group.arns")
-	// The name(s) of the AWS log stream(s) an application is writing to.
-	//
-	// Type: string[]
-	// Required: No
-	// Stability: stable
-	// Examples: 'logs/main/10838bed-421f-43ef-870a-f43feacbbb5b'
-	AWSLogStreamNamesKey = attribute.Key("aws.log.stream.names")
-	// The ARN(s) of the AWS log stream(s).
-	//
-	// Type: string[]
-	// Required: No
-	// Stability: stable
-	// Examples: 'arn:aws:logs:us-west-1:123456789012:log-group:/aws/my/group:log-
-	// stream:logs/main/10838bed-421f-43ef-870a-f43feacbbb5b'
-	// Note: See the [log stream ARN format
-	// documentation](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/iam-
-	// access-control-overview-cwl.html#CWL_ARN_Format). One log group can contain
-	// several log streams, so these ARNs necessarily identify both a log group and a
-	// log stream.
-	AWSLogStreamARNsKey = attribute.Key("aws.log.stream.arns")
-)
-
-// A container instance.
-const (
-	// Container name used by container runtime.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'opentelemetry-autoconf'
-	ContainerNameKey = attribute.Key("container.name")
-	// Container ID. Usually a UUID, as for example used to [identify Docker
-	// containers](https://docs.docker.com/engine/reference/run/#container-
-	// identification). The UUID might be abbreviated.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'a3bf90e006b2'
-	ContainerIDKey = attribute.Key("container.id")
-	// The container runtime managing this container.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'docker', 'containerd', 'rkt'
-	ContainerRuntimeKey = attribute.Key("container.runtime")
-	// Name of the image the container was built on.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'gcr.io/opentelemetry/operator'
-	ContainerImageNameKey = attribute.Key("container.image.name")
-	// Container image tag.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: '0.1'
-	ContainerImageTagKey = attribute.Key("container.image.tag")
-)
-
-// The software deployment.
-const (
-	// Name of the [deployment
-	// environment](https://en.wikipedia.org/wiki/Deployment_environment) (aka
-	// deployment tier).
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'staging', 'production'
-	DeploymentEnvironmentKey = attribute.Key("deployment.environment")
-)
-
-// The device on which the process represented by this resource is running.
-const (
-	// A unique identifier representing the device
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: '2ab2916d-a51f-4ac8-80ee-45ac31a28092'
-	// Note: The device identifier MUST only be defined using the values outlined
-	// below. This value is not an advertising identifier and MUST NOT be used as
-	// such. On iOS (Swift or Objective-C), this value MUST be equal to the [vendor id
-	// entifier](https://developer.apple.com/documentation/uikit/uidevice/1620059-iden
-	// tifierforvendor). On Android (Java or Kotlin), this value MUST be equal to the
-	// Firebase Installation ID or a globally unique UUID which is persisted across
-	// sessions in your application. More information can be found
-	// [here](https://developer.android.com/training/articles/user-data-ids) on best
-	// practices and exact implementation details. Caution should be taken when
-	// storing personal data or anything which can identify a user. GDPR and data
-	// protection laws may apply, ensure you do your own due diligence.
-	DeviceIDKey = attribute.Key("device.id")
-	// The model identifier for the device
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'iPhone3,4', 'SM-G920F'
-	// Note: It's recommended this value represents a machine readable version of the
-	// model identifier rather than the market or consumer-friendly name of the
-	// device.
-	DeviceModelIdentifierKey = attribute.Key("device.model.identifier")
-	// The marketing name for the device model
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'iPhone 6s Plus', 'Samsung Galaxy S6'
-	// Note: It's recommended this value represents a human readable version of the
-	// device model rather than a machine readable alternative.
-	DeviceModelNameKey = attribute.Key("device.model.name")
-	// The name of the device manufacturer
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'Apple', 'Samsung'
-	// Note: The Android OS provides this field via
-	// [Build](https://developer.android.com/reference/android/os/Build#MANUFACTURER).
-	// iOS apps SHOULD hardcode the value `Apple`.
-	DeviceManufacturerKey = attribute.Key("device.manufacturer")
-)
-
-// A serverless instance.
-const (
-	// The name of the single function that this runtime instance executes.
-	//
-	// Type: string
-	// Required: Always
-	// Stability: stable
-	// Examples: 'my-function', 'myazurefunctionapp/some-function-name'
-	// Note: This is the name of the function as configured/deployed on the FaaS
-	// platform and is usually different from the name of the callback
-	// function (which may be stored in the
-	// [`code.namespace`/`code.function`](../../trace/semantic_conventions/span-
-	// general.md#source-code-attributes)
-	// span attributes).
-
-	// For some cloud providers, the above definition is ambiguous. The following
-	// definition of function name MUST be used for this attribute
-	// (and consequently the span name) for the listed cloud providers/products:
-
-	// * **Azure:**  The full name `<FUNCAPP>/<FUNC>`, i.e., function app name
-	//   followed by a forward slash followed by the function name (this form
-	//   can also be seen in the resource JSON for the function).
-	//   This means that a span attribute MUST be used, as an Azure function
-	//   app can host multiple functions that would usually share
-	//   a TracerProvider (see also the `faas.id` attribute).
-	FaaSNameKey = attribute.Key("faas.name")
-	// The unique ID of the single function that this runtime instance executes.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'arn:aws:lambda:us-west-2:123456789012:function:my-function'
-	// Note: On some cloud providers, it may not be possible to determine the full ID
-	// at startup,
-	// so consider setting `faas.id` as a span attribute instead.
-
-	// The exact value to use for `faas.id` depends on the cloud provider:
-
-	// * **AWS Lambda:** The function
-	// [ARN](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-
-	// namespaces.html).
-	//   Take care not to use the "invoked ARN" directly but replace any
-	//   [alias suffix](https://docs.aws.amazon.com/lambda/latest/dg/configuration-
-	// aliases.html)
-	//   with the resolved function version, as the same runtime instance may be
-	// invokable with
-	//   multiple different aliases.
-	// * **GCP:** The [URI of the resource](https://cloud.google.com/iam/docs/full-
-	// resource-names)
-	// * **Azure:** The [Fully Qualified Resource ID](https://docs.microsoft.com/en-
-	// us/rest/api/resources/resources/get-by-id) of the invoked function,
-	//   *not* the function app, having the form
-	//   `/subscriptions/<SUBSCIPTION_GUID>/resourceGroups/<RG>/providers/Microsoft.We
-	// b/sites/<FUNCAPP>/functions/<FUNC>`.
-	//   This means that a span attribute MUST be used, as an Azure function app can
-	// host multiple functions that would usually share
-	//   a TracerProvider.
-	FaaSIDKey = attribute.Key("faas.id")
-	// The immutable version of the function being executed.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: '26', 'pinkfroid-00002'
-	// Note: Depending on the cloud provider and platform, use:
-
-	// * **AWS Lambda:** The [function
-	// version](https://docs.aws.amazon.com/lambda/latest/dg/configuration-
-	// versions.html)
-	//   (an integer represented as a decimal string).
-	// * **Google Cloud Run:** The
-	// [revision](https://cloud.google.com/run/docs/managing/revisions)
-	//   (i.e., the function name plus the revision suffix).
-	// * **Google Cloud Functions:** The value of the
-	//   [`K_REVISION` environment
-	// variable](https://cloud.google.com/functions/docs/env-
-	// var#runtime_environment_variables_set_automatically).
-	// * **Azure Functions:** Not applicable. Do not set this attribute.
-	FaaSVersionKey = attribute.Key("faas.version")
-	// The execution environment ID as a string, that will be potentially reused for
-	// other invocations to the same function/function version.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: '2021/06/28/[$LATEST]2f399eb14537447da05ab2a2e39309de'
-	// Note: * **AWS Lambda:** Use the (full) log stream name.
-	FaaSInstanceKey = attribute.Key("faas.instance")
-	// The amount of memory available to the serverless function in MiB.
-	//
-	// Type: int
-	// Required: No
-	// Stability: stable
-	// Examples: 128
-	// Note: It's recommended to set this attribute since e.g. too little memory can
-	// easily stop a Java AWS Lambda function from working correctly. On AWS Lambda,
-	// the environment variable `AWS_LAMBDA_FUNCTION_MEMORY_SIZE` provides this
-	// information.
-	FaaSMaxMemoryKey = attribute.Key("faas.max_memory")
-)
-
-// A host is defined as a general computing instance.
-const (
-	// Unique host ID. For Cloud, this must be the instance_id assigned by the cloud
-	// provider.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'opentelemetry-test'
-	HostIDKey = attribute.Key("host.id")
-	// Name of the host. On Unix systems, it may contain what the hostname command
-	// returns, or the fully qualified hostname, or another name specified by the
-	// user.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'opentelemetry-test'
-	HostNameKey = attribute.Key("host.name")
-	// Type of host. For Cloud, this must be the machine type.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'n1-standard-1'
-	HostTypeKey = attribute.Key("host.type")
-	// The CPU architecture the host system is running on.
-	//
-	// Type: Enum
-	// Required: No
-	// Stability: stable
-	HostArchKey = attribute.Key("host.arch")
-	// Name of the VM image or OS install the host was instantiated from.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'infra-ami-eks-worker-node-7d4ec78312', 'CentOS-8-x86_64-1905'
-	HostImageNameKey = attribute.Key("host.image.name")
-	// VM image ID. For Cloud, this value is from the provider.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'ami-07b06b442921831e5'
-	HostImageIDKey = attribute.Key("host.image.id")
-	// The version string of the VM image as defined in [Version
-	// Attributes](README.md#version-attributes).
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: '0.1'
-	HostImageVersionKey = attribute.Key("host.image.version")
-)
-
-var (
-	// AMD64
-	HostArchAMD64 = HostArchKey.String("amd64")
-	// ARM32
-	HostArchARM32 = HostArchKey.String("arm32")
-	// ARM64
-	HostArchARM64 = HostArchKey.String("arm64")
-	// Itanium
-	HostArchIA64 = HostArchKey.String("ia64")
-	// 32-bit PowerPC
-	HostArchPPC32 = HostArchKey.String("ppc32")
-	// 64-bit PowerPC
-	HostArchPPC64 = HostArchKey.String("ppc64")
-	// IBM z/Architecture
-	HostArchS390x = HostArchKey.String("s390x")
-	// 32-bit x86
-	HostArchX86 = HostArchKey.String("x86")
-)
-
-// A Kubernetes Cluster.
-const (
-	// The name of the cluster.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'opentelemetry-cluster'
-	K8SClusterNameKey = attribute.Key("k8s.cluster.name")
-)
-
-// A Kubernetes Node object.
-const (
-	// The name of the Node.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'node-1'
-	K8SNodeNameKey = attribute.Key("k8s.node.name")
-	// The UID of the Node.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: '1eb3a0c6-0477-4080-a9cb-0cb7db65c6a2'
-	K8SNodeUIDKey = attribute.Key("k8s.node.uid")
-)
-
-// A Kubernetes Namespace.
-const (
-	// The name of the namespace that the pod is running in.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'default'
-	K8SNamespaceNameKey = attribute.Key("k8s.namespace.name")
-)
-
-// A Kubernetes Pod object.
-const (
-	// The UID of the Pod.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: '275ecb36-5aa8-4c2a-9c47-d8bb681b9aff'
-	K8SPodUIDKey = attribute.Key("k8s.pod.uid")
-	// The name of the Pod.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'opentelemetry-pod-autoconf'
-	K8SPodNameKey = attribute.Key("k8s.pod.name")
-)
-
-// A container in a [PodTemplate](https://kubernetes.io/docs/concepts/workloads/pods/#pod-templates).
-const (
-	// The name of the Container from Pod specification, must be unique within a Pod.
-	// Container runtime usually uses different globally unique name
-	// (`container.name`).
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'redis'
-	K8SContainerNameKey = attribute.Key("k8s.container.name")
-	// Number of times the container was restarted. This attribute can be used to
-	// identify a particular container (running or stopped) within a container spec.
-	//
-	// Type: int
-	// Required: No
-	// Stability: stable
-	// Examples: 0, 2
-	K8SContainerRestartCountKey = attribute.Key("k8s.container.restart_count")
-)
-
-// A Kubernetes ReplicaSet object.
-const (
-	// The UID of the ReplicaSet.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: '275ecb36-5aa8-4c2a-9c47-d8bb681b9aff'
-	K8SReplicaSetUIDKey = attribute.Key("k8s.replicaset.uid")
-	// The name of the ReplicaSet.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'opentelemetry'
-	K8SReplicaSetNameKey = attribute.Key("k8s.replicaset.name")
-)
-
-// A Kubernetes Deployment object.
-const (
-	// The UID of the Deployment.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: '275ecb36-5aa8-4c2a-9c47-d8bb681b9aff'
-	K8SDeploymentUIDKey = attribute.Key("k8s.deployment.uid")
-	// The name of the Deployment.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'opentelemetry'
-	K8SDeploymentNameKey = attribute.Key("k8s.deployment.name")
-)
-
-// A Kubernetes StatefulSet object.
-const (
-	// The UID of the StatefulSet.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: '275ecb36-5aa8-4c2a-9c47-d8bb681b9aff'
-	K8SStatefulSetUIDKey = attribute.Key("k8s.statefulset.uid")
-	// The name of the StatefulSet.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'opentelemetry'
-	K8SStatefulSetNameKey = attribute.Key("k8s.statefulset.name")
-)
-
-// A Kubernetes DaemonSet object.
-const (
-	// The UID of the DaemonSet.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: '275ecb36-5aa8-4c2a-9c47-d8bb681b9aff'
-	K8SDaemonSetUIDKey = attribute.Key("k8s.daemonset.uid")
-	// The name of the DaemonSet.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'opentelemetry'
-	K8SDaemonSetNameKey = attribute.Key("k8s.daemonset.name")
-)
-
-// A Kubernetes Job object.
-const (
-	// The UID of the Job.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: '275ecb36-5aa8-4c2a-9c47-d8bb681b9aff'
-	K8SJobUIDKey = attribute.Key("k8s.job.uid")
-	// The name of the Job.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'opentelemetry'
-	K8SJobNameKey = attribute.Key("k8s.job.name")
-)
-
-// A Kubernetes CronJob object.
-const (
-	// The UID of the CronJob.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: '275ecb36-5aa8-4c2a-9c47-d8bb681b9aff'
-	K8SCronJobUIDKey = attribute.Key("k8s.cronjob.uid")
-	// The name of the CronJob.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'opentelemetry'
-	K8SCronJobNameKey = attribute.Key("k8s.cronjob.name")
-)
-
-// The operating system (OS) on which the process represented by this resource is running.
-const (
-	// The operating system type.
-	//
-	// Type: Enum
-	// Required: Always
-	// Stability: stable
-	OSTypeKey = attribute.Key("os.type")
-	// Human readable (not intended to be parsed) OS version information, like e.g.
-	// reported by `ver` or `lsb_release -a` commands.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'Microsoft Windows [Version 10.0.18363.778]', 'Ubuntu 18.04.1 LTS'
-	OSDescriptionKey = attribute.Key("os.description")
-	// Human readable operating system name.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'iOS', 'Android', 'Ubuntu'
-	OSNameKey = attribute.Key("os.name")
-	// The version string of the operating system as defined in [Version
-	// Attributes](../../resource/semantic_conventions/README.md#version-attributes).
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: '14.2.1', '18.04.1'
-	OSVersionKey = attribute.Key("os.version")
-)
-
-var (
-	// Microsoft Windows
-	OSTypeWindows = OSTypeKey.String("windows")
-	// Linux
-	OSTypeLinux = OSTypeKey.String("linux")
-	// Apple Darwin
-	OSTypeDarwin = OSTypeKey.String("darwin")
-	// FreeBSD
-	OSTypeFreeBSD = OSTypeKey.String("freebsd")
-	// NetBSD
-	OSTypeNetBSD = OSTypeKey.String("netbsd")
-	// OpenBSD
-	OSTypeOpenBSD = OSTypeKey.String("openbsd")
-	// DragonFly BSD
-	OSTypeDragonflyBSD = OSTypeKey.String("dragonflybsd")
-	// HP-UX (Hewlett Packard Unix)
-	OSTypeHPUX = OSTypeKey.String("hpux")
-	// AIX (Advanced Interactive eXecutive)
-	OSTypeAIX = OSTypeKey.String("aix")
-	// SunOS, Oracle Solaris
-	OSTypeSolaris = OSTypeKey.String("solaris")
-	// IBM z/OS
-	OSTypeZOS = OSTypeKey.String("z_os")
-)
-
-// An operating system process.
-const (
-	// Process identifier (PID).
-	//
-	// Type: int
-	// Required: No
-	// Stability: stable
-	// Examples: 1234
-	ProcessPIDKey = attribute.Key("process.pid")
-	// The name of the process executable. On Linux based systems, can be set to the
-	// `Name` in `proc/[pid]/status`. On Windows, can be set to the base name of
-	// `GetProcessImageFileNameW`.
-	//
-	// Type: string
-	// Required: See below
-	// Stability: stable
-	// Examples: 'otelcol'
-	ProcessExecutableNameKey = attribute.Key("process.executable.name")
-	// The full path to the process executable. On Linux based systems, can be set to
-	// the target of `proc/[pid]/exe`. On Windows, can be set to the result of
-	// `GetProcessImageFileNameW`.
-	//
-	// Type: string
-	// Required: See below
-	// Stability: stable
-	// Examples: '/usr/bin/cmd/otelcol'
-	ProcessExecutablePathKey = attribute.Key("process.executable.path")
-	// The command used to launch the process (i.e. the command name). On Linux based
-	// systems, can be set to the zeroth string in `proc/[pid]/cmdline`. On Windows,
-	// can be set to the first parameter extracted from `GetCommandLineW`.
-	//
-	// Type: string
-	// Required: See below
-	// Stability: stable
-	// Examples: 'cmd/otelcol'
-	ProcessCommandKey = attribute.Key("process.command")
-	// The full command used to launch the process as a single string representing the
-	// full command. On Windows, can be set to the result of `GetCommandLineW`. Do not
-	// set this if you have to assemble it just for monitoring; use
-	// `process.command_args` instead.
-	//
-	// Type: string
-	// Required: See below
-	// Stability: stable
-	// Examples: 'C:\\cmd\\otecol --config="my directory\\config.yaml"'
-	ProcessCommandLineKey = attribute.Key("process.command_line")
-	// All the command arguments (including the command/executable itself) as received
-	// by the process. On Linux-based systems (and some other Unixoid systems
-	// supporting procfs), can be set according to the list of null-delimited strings
-	// extracted from `proc/[pid]/cmdline`. For libc-based executables, this would be
-	// the full argv vector passed to `main`.
-	//
-	// Type: string[]
-	// Required: See below
-	// Stability: stable
-	// Examples: 'cmd/otecol', '--config=config.yaml'
-	ProcessCommandArgsKey = attribute.Key("process.command_args")
-	// The username of the user that owns the process.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'root'
-	ProcessOwnerKey = attribute.Key("process.owner")
-)
-
-// The single (language) runtime instance which is monitored.
-const (
-	// The name of the runtime of this process. For compiled native binaries, this
-	// SHOULD be the name of the compiler.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'OpenJDK Runtime Environment'
-	ProcessRuntimeNameKey = attribute.Key("process.runtime.name")
-	// The version of the runtime of this process, as returned by the runtime without
-	// modification.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: '14.0.2'
-	ProcessRuntimeVersionKey = attribute.Key("process.runtime.version")
-	// An additional description about the runtime of the process, for example a
-	// specific vendor customization of the runtime environment.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'Eclipse OpenJ9 Eclipse OpenJ9 VM openj9-0.21.0'
-	ProcessRuntimeDescriptionKey = attribute.Key("process.runtime.description")
-)
-
-// A service instance.
-const (
-	// Logical name of the service.
-	//
-	// Type: string
-	// Required: Always
-	// Stability: stable
-	// Examples: 'shoppingcart'
-	// Note: MUST be the same for all instances of horizontally scaled services. If
-	// the value was not specified, SDKs MUST fallback to `unknown_service:`
-	// concatenated with [`process.executable.name`](process.md#process), e.g.
-	// `unknown_service:bash`. If `process.executable.name` is not available, the
-	// value MUST be set to `unknown_service`.
-	ServiceNameKey = attribute.Key("service.name")
-	// A namespace for `service.name`.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'Shop'
-	// Note: A string value having a meaning that helps to distinguish a group of
-	// services, for example the team name that owns a group of services.
-	// `service.name` is expected to be unique within the same namespace. If
-	// `service.namespace` is not specified in the Resource then `service.name` is
-	// expected to be unique for all services that have no explicit namespace defined
-	// (so the empty/unspecified namespace is simply one more valid namespace). Zero-
-	// length namespace string is assumed equal to unspecified namespace.
-	ServiceNamespaceKey = attribute.Key("service.namespace")
-	// The string ID of the service instance.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: '627cc493-f310-47de-96bd-71410b7dec09'
-	// Note: MUST be unique for each instance of the same
-	// `service.namespace,service.name` pair (in other words
-	// `service.namespace,service.name,service.instance.id` triplet MUST be globally
-	// unique). The ID helps to distinguish instances of the same service that exist
-	// at the same time (e.g. instances of a horizontally scaled service). It is
-	// preferable for the ID to be persistent and stay the same for the lifetime of
-	// the service instance, however it is acceptable that the ID is ephemeral and
-	// changes during important lifetime events for the service (e.g. service
-	// restarts). If the service has no inherent unique ID that can be used as the
-	// value of this attribute it is recommended to generate a random Version 1 or
-	// Version 4 RFC 4122 UUID (services aiming for reproducible UUIDs may also use
-	// Version 5, see RFC 4122 for more recommendations).
-	ServiceInstanceIDKey = attribute.Key("service.instance.id")
-	// The version string of the service API or implementation.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: '2.0.0'
-	ServiceVersionKey = attribute.Key("service.version")
-)
-
-// The telemetry SDK used to capture data recorded by the instrumentation libraries.
-const (
-	// The name of the telemetry SDK as defined above.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'opentelemetry'
-	TelemetrySDKNameKey = attribute.Key("telemetry.sdk.name")
-	// The language of the telemetry SDK.
-	//
-	// Type: Enum
-	// Required: No
-	// Stability: stable
-	TelemetrySDKLanguageKey = attribute.Key("telemetry.sdk.language")
-	// The version string of the telemetry SDK.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: '1.2.3'
-	TelemetrySDKVersionKey = attribute.Key("telemetry.sdk.version")
-	// The version string of the auto instrumentation agent, if used.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: '1.2.3'
-	TelemetryAutoVersionKey = attribute.Key("telemetry.auto.version")
-)
-
-var (
-	// cpp
-	TelemetrySDKLanguageCPP = TelemetrySDKLanguageKey.String("cpp")
-	// dotnet
-	TelemetrySDKLanguageDotnet = TelemetrySDKLanguageKey.String("dotnet")
-	// erlang
-	TelemetrySDKLanguageErlang = TelemetrySDKLanguageKey.String("erlang")
-	// go
-	TelemetrySDKLanguageGo = TelemetrySDKLanguageKey.String("go")
-	// java
-	TelemetrySDKLanguageJava = TelemetrySDKLanguageKey.String("java")
-	// nodejs
-	TelemetrySDKLanguageNodejs = TelemetrySDKLanguageKey.String("nodejs")
-	// php
-	TelemetrySDKLanguagePHP = TelemetrySDKLanguageKey.String("php")
-	// python
-	TelemetrySDKLanguagePython = TelemetrySDKLanguageKey.String("python")
-	// ruby
-	TelemetrySDKLanguageRuby = TelemetrySDKLanguageKey.String("ruby")
-	// webjs
-	TelemetrySDKLanguageWebjs = TelemetrySDKLanguageKey.String("webjs")
-	// swift
-	TelemetrySDKLanguageSwift = TelemetrySDKLanguageKey.String("swift")
-)
-
-// Resource describing the packaged software running the application code. Web engines are typically executed using process.runtime.
-const (
-	// The name of the web engine.
-	//
-	// Type: string
-	// Required: Always
-	// Stability: stable
-	// Examples: 'WildFly'
-	WebEngineNameKey = attribute.Key("webengine.name")
-	// The version of the web engine.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: '21.0.0'
-	WebEngineVersionKey = attribute.Key("webengine.version")
-	// Additional description of the web engine (e.g. detailed version and edition
-	// information).
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'WildFly Full 21.0.0.Final (WildFly Core 13.0.1.Final) - 2.2.2.Final'
-	WebEngineDescriptionKey = attribute.Key("webengine.description")
-)
diff --git a/apis/vendor/go.opentelemetry.io/otel/semconv/v1.12.0/trace.go b/apis/vendor/go.opentelemetry.io/otel/semconv/v1.12.0/trace.go
deleted file mode 100644
index 047d8e95c..000000000
--- a/apis/vendor/go.opentelemetry.io/otel/semconv/v1.12.0/trace.go
+++ /dev/null
@@ -1,1704 +0,0 @@
-// Copyright The OpenTelemetry Authors
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-// Code generated from semantic convention specification. DO NOT EDIT.
-
-package semconv // import "go.opentelemetry.io/otel/semconv/v1.12.0"
-
-import "go.opentelemetry.io/otel/attribute"
-
-// Span attributes used by AWS Lambda (in addition to general `faas` attributes).
-const (
-	// The full invoked ARN as provided on the `Context` passed to the function
-	// (`Lambda-Runtime-Invoked-Function-ARN` header on the `/runtime/invocation/next`
-	// applicable).
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'arn:aws:lambda:us-east-1:123456:function:myfunction:myalias'
-	// Note: This may be different from `faas.id` if an alias is involved.
-	AWSLambdaInvokedARNKey = attribute.Key("aws.lambda.invoked_arn")
-)
-
-// This document defines attributes for CloudEvents. CloudEvents is a specification on how to define event data in a standard way. These attributes can be attached to spans when performing operations with CloudEvents, regardless of the protocol being used.
-const (
-	// The [event_id](https://github.com/cloudevents/spec/blob/v1.0.2/cloudevents/spec
-	// .md#id) uniquely identifies the event.
-	//
-	// Type: string
-	// Required: Always
-	// Stability: stable
-	// Examples: '123e4567-e89b-12d3-a456-426614174000', '0001'
-	CloudeventsEventIDKey = attribute.Key("cloudevents.event_id")
-	// The [source](https://github.com/cloudevents/spec/blob/v1.0.2/cloudevents/spec.m
-	// d#source-1) identifies the context in which an event happened.
-	//
-	// Type: string
-	// Required: Always
-	// Stability: stable
-	// Examples: 'https://github.com/cloudevents', '/cloudevents/spec/pull/123', 'my-
-	// service'
-	CloudeventsEventSourceKey = attribute.Key("cloudevents.event_source")
-	// The [version of the CloudEvents specification](https://github.com/cloudevents/s
-	// pec/blob/v1.0.2/cloudevents/spec.md#specversion) which the event uses.
-	//
-	// Type: string
-	// Required: Always
-	// Stability: stable
-	// Examples: '1.0'
-	CloudeventsEventSpecVersionKey = attribute.Key("cloudevents.event_spec_version")
-	// The [event_type](https://github.com/cloudevents/spec/blob/v1.0.2/cloudevents/sp
-	// ec.md#type) contains a value describing the type of event related to the
-	// originating occurrence.
-	//
-	// Type: string
-	// Required: Always
-	// Stability: stable
-	// Examples: 'com.github.pull_request.opened', 'com.example.object.deleted.v2'
-	CloudeventsEventTypeKey = attribute.Key("cloudevents.event_type")
-	// The [subject](https://github.com/cloudevents/spec/blob/v1.0.2/cloudevents/spec.
-	// md#subject) of the event in the context of the event producer (identified by
-	// source).
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'mynewfile.jpg'
-	CloudeventsEventSubjectKey = attribute.Key("cloudevents.event_subject")
-)
-
-// This document defines semantic conventions for the OpenTracing Shim
-const (
-	// Parent-child Reference type
-	//
-	// Type: Enum
-	// Required: No
-	// Stability: stable
-	// Note: The causal relationship between a child Span and a parent Span.
-	OpentracingRefTypeKey = attribute.Key("opentracing.ref_type")
-)
-
-var (
-	// The parent Span depends on the child Span in some capacity
-	OpentracingRefTypeChildOf = OpentracingRefTypeKey.String("child_of")
-	// The parent Span does not depend in any way on the result of the child Span
-	OpentracingRefTypeFollowsFrom = OpentracingRefTypeKey.String("follows_from")
-)
-
-// This document defines the attributes used to perform database client calls.
-const (
-	// An identifier for the database management system (DBMS) product being used. See
-	// below for a list of well-known identifiers.
-	//
-	// Type: Enum
-	// Required: Always
-	// Stability: stable
-	DBSystemKey = attribute.Key("db.system")
-	// The connection string used to connect to the database. It is recommended to
-	// remove embedded credentials.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'Server=(localdb)\\v11.0;Integrated Security=true;'
-	DBConnectionStringKey = attribute.Key("db.connection_string")
-	// Username for accessing the database.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'readonly_user', 'reporting_user'
-	DBUserKey = attribute.Key("db.user")
-	// The fully-qualified class name of the [Java Database Connectivity
-	// (JDBC)](https://docs.oracle.com/javase/8/docs/technotes/guides/jdbc/) driver
-	// used to connect.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'org.postgresql.Driver',
-	// 'com.microsoft.sqlserver.jdbc.SQLServerDriver'
-	DBJDBCDriverClassnameKey = attribute.Key("db.jdbc.driver_classname")
-	// This attribute is used to report the name of the database being accessed. For
-	// commands that switch the database, this should be set to the target database
-	// (even if the command fails).
-	//
-	// Type: string
-	// Required: Required, if applicable.
-	// Stability: stable
-	// Examples: 'customers', 'main'
-	// Note: In some SQL databases, the database name to be used is called "schema
-	// name". In case there are multiple layers that could be considered for database
-	// name (e.g. Oracle instance name and schema name), the database name to be used
-	// is the more specific layer (e.g. Oracle schema name).
-	DBNameKey = attribute.Key("db.name")
-	// The database statement being executed.
-	//
-	// Type: string
-	// Required: Required if applicable and not explicitly disabled via
-	// instrumentation configuration.
-	// Stability: stable
-	// Examples: 'SELECT * FROM wuser_table', 'SET mykey "WuValue"'
-	// Note: The value may be sanitized to exclude sensitive information.
-	DBStatementKey = attribute.Key("db.statement")
-	// The name of the operation being executed, e.g. the [MongoDB command
-	// name](https://docs.mongodb.com/manual/reference/command/#database-operations)
-	// such as `findAndModify`, or the SQL keyword.
-	//
-	// Type: string
-	// Required: Required, if `db.statement` is not applicable.
-	// Stability: stable
-	// Examples: 'findAndModify', 'HMSET', 'SELECT'
-	// Note: When setting this to an SQL keyword, it is not recommended to attempt any
-	// client-side parsing of `db.statement` just to get this property, but it should
-	// be set if the operation name is provided by the library being instrumented. If
-	// the SQL statement has an ambiguous operation, or performs more than one
-	// operation, this value may be omitted.
-	DBOperationKey = attribute.Key("db.operation")
-)
-
-var (
-	// Some other SQL database. Fallback only. See notes
-	DBSystemOtherSQL = DBSystemKey.String("other_sql")
-	// Microsoft SQL Server
-	DBSystemMSSQL = DBSystemKey.String("mssql")
-	// MySQL
-	DBSystemMySQL = DBSystemKey.String("mysql")
-	// Oracle Database
-	DBSystemOracle = DBSystemKey.String("oracle")
-	// IBM DB2
-	DBSystemDB2 = DBSystemKey.String("db2")
-	// PostgreSQL
-	DBSystemPostgreSQL = DBSystemKey.String("postgresql")
-	// Amazon Redshift
-	DBSystemRedshift = DBSystemKey.String("redshift")
-	// Apache Hive
-	DBSystemHive = DBSystemKey.String("hive")
-	// Cloudscape
-	DBSystemCloudscape = DBSystemKey.String("cloudscape")
-	// HyperSQL DataBase
-	DBSystemHSQLDB = DBSystemKey.String("hsqldb")
-	// Progress Database
-	DBSystemProgress = DBSystemKey.String("progress")
-	// SAP MaxDB
-	DBSystemMaxDB = DBSystemKey.String("maxdb")
-	// SAP HANA
-	DBSystemHanaDB = DBSystemKey.String("hanadb")
-	// Ingres
-	DBSystemIngres = DBSystemKey.String("ingres")
-	// FirstSQL
-	DBSystemFirstSQL = DBSystemKey.String("firstsql")
-	// EnterpriseDB
-	DBSystemEDB = DBSystemKey.String("edb")
-	// InterSystems Caché
-	DBSystemCache = DBSystemKey.String("cache")
-	// Adabas (Adaptable Database System)
-	DBSystemAdabas = DBSystemKey.String("adabas")
-	// Firebird
-	DBSystemFirebird = DBSystemKey.String("firebird")
-	// Apache Derby
-	DBSystemDerby = DBSystemKey.String("derby")
-	// FileMaker
-	DBSystemFilemaker = DBSystemKey.String("filemaker")
-	// Informix
-	DBSystemInformix = DBSystemKey.String("informix")
-	// InstantDB
-	DBSystemInstantDB = DBSystemKey.String("instantdb")
-	// InterBase
-	DBSystemInterbase = DBSystemKey.String("interbase")
-	// MariaDB
-	DBSystemMariaDB = DBSystemKey.String("mariadb")
-	// Netezza
-	DBSystemNetezza = DBSystemKey.String("netezza")
-	// Pervasive PSQL
-	DBSystemPervasive = DBSystemKey.String("pervasive")
-	// PointBase
-	DBSystemPointbase = DBSystemKey.String("pointbase")
-	// SQLite
-	DBSystemSqlite = DBSystemKey.String("sqlite")
-	// Sybase
-	DBSystemSybase = DBSystemKey.String("sybase")
-	// Teradata
-	DBSystemTeradata = DBSystemKey.String("teradata")
-	// Vertica
-	DBSystemVertica = DBSystemKey.String("vertica")
-	// H2
-	DBSystemH2 = DBSystemKey.String("h2")
-	// ColdFusion IMQ
-	DBSystemColdfusion = DBSystemKey.String("coldfusion")
-	// Apache Cassandra
-	DBSystemCassandra = DBSystemKey.String("cassandra")
-	// Apache HBase
-	DBSystemHBase = DBSystemKey.String("hbase")
-	// MongoDB
-	DBSystemMongoDB = DBSystemKey.String("mongodb")
-	// Redis
-	DBSystemRedis = DBSystemKey.String("redis")
-	// Couchbase
-	DBSystemCouchbase = DBSystemKey.String("couchbase")
-	// CouchDB
-	DBSystemCouchDB = DBSystemKey.String("couchdb")
-	// Microsoft Azure Cosmos DB
-	DBSystemCosmosDB = DBSystemKey.String("cosmosdb")
-	// Amazon DynamoDB
-	DBSystemDynamoDB = DBSystemKey.String("dynamodb")
-	// Neo4j
-	DBSystemNeo4j = DBSystemKey.String("neo4j")
-	// Apache Geode
-	DBSystemGeode = DBSystemKey.String("geode")
-	// Elasticsearch
-	DBSystemElasticsearch = DBSystemKey.String("elasticsearch")
-	// Memcached
-	DBSystemMemcached = DBSystemKey.String("memcached")
-	// CockroachDB
-	DBSystemCockroachdb = DBSystemKey.String("cockroachdb")
-)
-
-// Connection-level attributes for Microsoft SQL Server
-const (
-	// The Microsoft SQL Server [instance name](https://docs.microsoft.com/en-
-	// us/sql/connect/jdbc/building-the-connection-url?view=sql-server-ver15)
-	// connecting to. This name is used to determine the port of a named instance.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'MSSQLSERVER'
-	// Note: If setting a `db.mssql.instance_name`, `net.peer.port` is no longer
-	// required (but still recommended if non-standard).
-	DBMSSQLInstanceNameKey = attribute.Key("db.mssql.instance_name")
-)
-
-// Call-level attributes for Cassandra
-const (
-	// The fetch size used for paging, i.e. how many rows will be returned at once.
-	//
-	// Type: int
-	// Required: No
-	// Stability: stable
-	// Examples: 5000
-	DBCassandraPageSizeKey = attribute.Key("db.cassandra.page_size")
-	// The consistency level of the query. Based on consistency values from
-	// [CQL](https://docs.datastax.com/en/cassandra-
-	// oss/3.0/cassandra/dml/dmlConfigConsistency.html).
-	//
-	// Type: Enum
-	// Required: No
-	// Stability: stable
-	DBCassandraConsistencyLevelKey = attribute.Key("db.cassandra.consistency_level")
-	// The name of the primary table that the operation is acting upon, including the
-	// keyspace name (if applicable).
-	//
-	// Type: string
-	// Required: Recommended if available.
-	// Stability: stable
-	// Examples: 'mytable'
-	// Note: This mirrors the db.sql.table attribute but references cassandra rather
-	// than sql. It is not recommended to attempt any client-side parsing of
-	// `db.statement` just to get this property, but it should be set if it is
-	// provided by the library being instrumented. If the operation is acting upon an
-	// anonymous table, or more than one table, this value MUST NOT be set.
-	DBCassandraTableKey = attribute.Key("db.cassandra.table")
-	// Whether or not the query is idempotent.
-	//
-	// Type: boolean
-	// Required: No
-	// Stability: stable
-	DBCassandraIdempotenceKey = attribute.Key("db.cassandra.idempotence")
-	// The number of times a query was speculatively executed. Not set or `0` if the
-	// query was not executed speculatively.
-	//
-	// Type: int
-	// Required: No
-	// Stability: stable
-	// Examples: 0, 2
-	DBCassandraSpeculativeExecutionCountKey = attribute.Key("db.cassandra.speculative_execution_count")
-	// The ID of the coordinating node for a query.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'be13faa2-8574-4d71-926d-27f16cf8a7af'
-	DBCassandraCoordinatorIDKey = attribute.Key("db.cassandra.coordinator.id")
-	// The data center of the coordinating node for a query.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'us-west-2'
-	DBCassandraCoordinatorDCKey = attribute.Key("db.cassandra.coordinator.dc")
-)
-
-var (
-	// all
-	DBCassandraConsistencyLevelAll = DBCassandraConsistencyLevelKey.String("all")
-	// each_quorum
-	DBCassandraConsistencyLevelEachQuorum = DBCassandraConsistencyLevelKey.String("each_quorum")
-	// quorum
-	DBCassandraConsistencyLevelQuorum = DBCassandraConsistencyLevelKey.String("quorum")
-	// local_quorum
-	DBCassandraConsistencyLevelLocalQuorum = DBCassandraConsistencyLevelKey.String("local_quorum")
-	// one
-	DBCassandraConsistencyLevelOne = DBCassandraConsistencyLevelKey.String("one")
-	// two
-	DBCassandraConsistencyLevelTwo = DBCassandraConsistencyLevelKey.String("two")
-	// three
-	DBCassandraConsistencyLevelThree = DBCassandraConsistencyLevelKey.String("three")
-	// local_one
-	DBCassandraConsistencyLevelLocalOne = DBCassandraConsistencyLevelKey.String("local_one")
-	// any
-	DBCassandraConsistencyLevelAny = DBCassandraConsistencyLevelKey.String("any")
-	// serial
-	DBCassandraConsistencyLevelSerial = DBCassandraConsistencyLevelKey.String("serial")
-	// local_serial
-	DBCassandraConsistencyLevelLocalSerial = DBCassandraConsistencyLevelKey.String("local_serial")
-)
-
-// Call-level attributes for Redis
-const (
-	// The index of the database being accessed as used in the [`SELECT`
-	// command](https://redis.io/commands/select), provided as an integer. To be used
-	// instead of the generic `db.name` attribute.
-	//
-	// Type: int
-	// Required: Required, if other than the default database (`0`).
-	// Stability: stable
-	// Examples: 0, 1, 15
-	DBRedisDBIndexKey = attribute.Key("db.redis.database_index")
-)
-
-// Call-level attributes for MongoDB
-const (
-	// The collection being accessed within the database stated in `db.name`.
-	//
-	// Type: string
-	// Required: Always
-	// Stability: stable
-	// Examples: 'customers', 'products'
-	DBMongoDBCollectionKey = attribute.Key("db.mongodb.collection")
-)
-
-// Call-level attributes for SQL databases
-const (
-	// The name of the primary table that the operation is acting upon, including the
-	// database name (if applicable).
-	//
-	// Type: string
-	// Required: Recommended if available.
-	// Stability: stable
-	// Examples: 'public.users', 'customers'
-	// Note: It is not recommended to attempt any client-side parsing of
-	// `db.statement` just to get this property, but it should be set if it is
-	// provided by the library being instrumented. If the operation is acting upon an
-	// anonymous table, or more than one table, this value MUST NOT be set.
-	DBSQLTableKey = attribute.Key("db.sql.table")
-)
-
-// This document defines the attributes used to report a single exception associated with a span.
-const (
-	// The type of the exception (its fully-qualified class name, if applicable). The
-	// dynamic type of the exception should be preferred over the static type in
-	// languages that support it.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'java.net.ConnectException', 'OSError'
-	ExceptionTypeKey = attribute.Key("exception.type")
-	// The exception message.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'Division by zero', "Can't convert 'int' object to str implicitly"
-	ExceptionMessageKey = attribute.Key("exception.message")
-	// A stacktrace as a string in the natural representation for the language
-	// runtime. The representation is to be determined and documented by each language
-	// SIG.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'Exception in thread "main" java.lang.RuntimeException: Test
-	// exception\\n at '
-	//  'com.example.GenerateTrace.methodB(GenerateTrace.java:13)\\n at '
-	//  'com.example.GenerateTrace.methodA(GenerateTrace.java:9)\\n at '
-	//  'com.example.GenerateTrace.main(GenerateTrace.java:5)'
-	ExceptionStacktraceKey = attribute.Key("exception.stacktrace")
-	// SHOULD be set to true if the exception event is recorded at a point where it is
-	// known that the exception is escaping the scope of the span.
-	//
-	// Type: boolean
-	// Required: No
-	// Stability: stable
-	// Note: An exception is considered to have escaped (or left) the scope of a span,
-	// if that span is ended while the exception is still logically "in flight".
-	// This may be actually "in flight" in some languages (e.g. if the exception
-	// is passed to a Context manager's `__exit__` method in Python) but will
-	// usually be caught at the point of recording the exception in most languages.
-
-	// It is usually not possible to determine at the point where an exception is
-	// thrown
-	// whether it will escape the scope of a span.
-	// However, it is trivial to know that an exception
-	// will escape, if one checks for an active exception just before ending the span,
-	// as done in the [example above](#recording-an-exception).
-
-	// It follows that an exception may still escape the scope of the span
-	// even if the `exception.escaped` attribute was not set or set to false,
-	// since the event might have been recorded at a time where it was not
-	// clear whether the exception will escape.
-	ExceptionEscapedKey = attribute.Key("exception.escaped")
-)
-
-// This semantic convention describes an instance of a function that runs without provisioning or managing of servers (also known as serverless functions or Function as a Service (FaaS)) with spans.
-const (
-	// Type of the trigger which caused this function execution.
-	//
-	// Type: Enum
-	// Required: No
-	// Stability: stable
-	// Note: For the server/consumer span on the incoming side,
-	// `faas.trigger` MUST be set.
-
-	// Clients invoking FaaS instances usually cannot set `faas.trigger`,
-	// since they would typically need to look in the payload to determine
-	// the event type. If clients set it, it should be the same as the
-	// trigger that corresponding incoming would have (i.e., this has
-	// nothing to do with the underlying transport used to make the API
-	// call to invoke the lambda, which is often HTTP).
-	FaaSTriggerKey = attribute.Key("faas.trigger")
-	// The execution ID of the current function execution.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'af9d5aa4-a685-4c5f-a22b-444f80b3cc28'
-	FaaSExecutionKey = attribute.Key("faas.execution")
-)
-
-var (
-	// A response to some data source operation such as a database or filesystem read/write
-	FaaSTriggerDatasource = FaaSTriggerKey.String("datasource")
-	// To provide an answer to an inbound HTTP request
-	FaaSTriggerHTTP = FaaSTriggerKey.String("http")
-	// A function is set to be executed when messages are sent to a messaging system
-	FaaSTriggerPubsub = FaaSTriggerKey.String("pubsub")
-	// A function is scheduled to be executed regularly
-	FaaSTriggerTimer = FaaSTriggerKey.String("timer")
-	// If none of the others apply
-	FaaSTriggerOther = FaaSTriggerKey.String("other")
-)
-
-// Semantic Convention for FaaS triggered as a response to some data source operation such as a database or filesystem read/write.
-const (
-	// The name of the source on which the triggering operation was performed. For
-	// example, in Cloud Storage or S3 corresponds to the bucket name, and in Cosmos
-	// DB to the database name.
-	//
-	// Type: string
-	// Required: Always
-	// Stability: stable
-	// Examples: 'myBucketName', 'myDBName'
-	FaaSDocumentCollectionKey = attribute.Key("faas.document.collection")
-	// Describes the type of the operation that was performed on the data.
-	//
-	// Type: Enum
-	// Required: Always
-	// Stability: stable
-	FaaSDocumentOperationKey = attribute.Key("faas.document.operation")
-	// A string containing the time when the data was accessed in the [ISO
-	// 8601](https://www.iso.org/iso-8601-date-and-time-format.html) format expressed
-	// in [UTC](https://www.w3.org/TR/NOTE-datetime).
-	//
-	// Type: string
-	// Required: Always
-	// Stability: stable
-	// Examples: '2020-01-23T13:47:06Z'
-	FaaSDocumentTimeKey = attribute.Key("faas.document.time")
-	// The document name/table subjected to the operation. For example, in Cloud
-	// Storage or S3 is the name of the file, and in Cosmos DB the table name.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'myFile.txt', 'myTableName'
-	FaaSDocumentNameKey = attribute.Key("faas.document.name")
-)
-
-var (
-	// When a new object is created
-	FaaSDocumentOperationInsert = FaaSDocumentOperationKey.String("insert")
-	// When an object is modified
-	FaaSDocumentOperationEdit = FaaSDocumentOperationKey.String("edit")
-	// When an object is deleted
-	FaaSDocumentOperationDelete = FaaSDocumentOperationKey.String("delete")
-)
-
-// Semantic Convention for FaaS scheduled to be executed regularly.
-const (
-	// A string containing the function invocation time in the [ISO
-	// 8601](https://www.iso.org/iso-8601-date-and-time-format.html) format expressed
-	// in [UTC](https://www.w3.org/TR/NOTE-datetime).
-	//
-	// Type: string
-	// Required: Always
-	// Stability: stable
-	// Examples: '2020-01-23T13:47:06Z'
-	FaaSTimeKey = attribute.Key("faas.time")
-	// A string containing the schedule period as [Cron Expression](https://docs.oracl
-	// e.com/cd/E12058_01/doc/doc.1014/e12030/cron_expressions.htm).
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: '0/5 * * * ? *'
-	FaaSCronKey = attribute.Key("faas.cron")
-)
-
-// Contains additional attributes for incoming FaaS spans.
-const (
-	// A boolean that is true if the serverless function is executed for the first
-	// time (aka cold-start).
-	//
-	// Type: boolean
-	// Required: No
-	// Stability: stable
-	FaaSColdstartKey = attribute.Key("faas.coldstart")
-)
-
-// Contains additional attributes for outgoing FaaS spans.
-const (
-	// The name of the invoked function.
-	//
-	// Type: string
-	// Required: Always
-	// Stability: stable
-	// Examples: 'my-function'
-	// Note: SHOULD be equal to the `faas.name` resource attribute of the invoked
-	// function.
-	FaaSInvokedNameKey = attribute.Key("faas.invoked_name")
-	// The cloud provider of the invoked function.
-	//
-	// Type: Enum
-	// Required: Always
-	// Stability: stable
-	// Note: SHOULD be equal to the `cloud.provider` resource attribute of the invoked
-	// function.
-	FaaSInvokedProviderKey = attribute.Key("faas.invoked_provider")
-	// The cloud region of the invoked function.
-	//
-	// Type: string
-	// Required: For some cloud providers, like AWS or GCP, the region in which a
-	// function is hosted is essential to uniquely identify the function and also part
-	// of its endpoint. Since it's part of the endpoint being called, the region is
-	// always known to clients. In these cases, `faas.invoked_region` MUST be set
-	// accordingly. If the region is unknown to the client or not required for
-	// identifying the invoked function, setting `faas.invoked_region` is optional.
-	// Stability: stable
-	// Examples: 'eu-central-1'
-	// Note: SHOULD be equal to the `cloud.region` resource attribute of the invoked
-	// function.
-	FaaSInvokedRegionKey = attribute.Key("faas.invoked_region")
-)
-
-var (
-	// Alibaba Cloud
-	FaaSInvokedProviderAlibabaCloud = FaaSInvokedProviderKey.String("alibaba_cloud")
-	// Amazon Web Services
-	FaaSInvokedProviderAWS = FaaSInvokedProviderKey.String("aws")
-	// Microsoft Azure
-	FaaSInvokedProviderAzure = FaaSInvokedProviderKey.String("azure")
-	// Google Cloud Platform
-	FaaSInvokedProviderGCP = FaaSInvokedProviderKey.String("gcp")
-	// Tencent Cloud
-	FaaSInvokedProviderTencentCloud = FaaSInvokedProviderKey.String("tencent_cloud")
-)
-
-// These attributes may be used for any network related operation.
-const (
-	// Transport protocol used. See note below.
-	//
-	// Type: Enum
-	// Required: No
-	// Stability: stable
-	NetTransportKey = attribute.Key("net.transport")
-	// Remote address of the peer (dotted decimal for IPv4 or
-	// [RFC5952](https://tools.ietf.org/html/rfc5952) for IPv6)
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: '127.0.0.1'
-	NetPeerIPKey = attribute.Key("net.peer.ip")
-	// Remote port number.
-	//
-	// Type: int
-	// Required: No
-	// Stability: stable
-	// Examples: 80, 8080, 443
-	NetPeerPortKey = attribute.Key("net.peer.port")
-	// Remote hostname or similar, see note below.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'example.com'
-	// Note: `net.peer.name` SHOULD NOT be set if capturing it would require an extra
-	// DNS lookup.
-	NetPeerNameKey = attribute.Key("net.peer.name")
-	// Like `net.peer.ip` but for the host IP. Useful in case of a multi-IP host.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: '192.168.0.1'
-	NetHostIPKey = attribute.Key("net.host.ip")
-	// Like `net.peer.port` but for the host port.
-	//
-	// Type: int
-	// Required: No
-	// Stability: stable
-	// Examples: 35555
-	NetHostPortKey = attribute.Key("net.host.port")
-	// Local hostname or similar, see note below.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'localhost'
-	NetHostNameKey = attribute.Key("net.host.name")
-	// The internet connection type currently being used by the host.
-	//
-	// Type: Enum
-	// Required: No
-	// Stability: stable
-	// Examples: 'wifi'
-	NetHostConnectionTypeKey = attribute.Key("net.host.connection.type")
-	// This describes more details regarding the connection.type. It may be the type
-	// of cell technology connection, but it could be used for describing details
-	// about a wifi connection.
-	//
-	// Type: Enum
-	// Required: No
-	// Stability: stable
-	// Examples: 'LTE'
-	NetHostConnectionSubtypeKey = attribute.Key("net.host.connection.subtype")
-	// The name of the mobile carrier.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'sprint'
-	NetHostCarrierNameKey = attribute.Key("net.host.carrier.name")
-	// The mobile carrier country code.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: '310'
-	NetHostCarrierMccKey = attribute.Key("net.host.carrier.mcc")
-	// The mobile carrier network code.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: '001'
-	NetHostCarrierMncKey = attribute.Key("net.host.carrier.mnc")
-	// The ISO 3166-1 alpha-2 2-character country code associated with the mobile
-	// carrier network.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'DE'
-	NetHostCarrierIccKey = attribute.Key("net.host.carrier.icc")
-)
-
-var (
-	// ip_tcp
-	NetTransportTCP = NetTransportKey.String("ip_tcp")
-	// ip_udp
-	NetTransportUDP = NetTransportKey.String("ip_udp")
-	// Another IP-based protocol
-	NetTransportIP = NetTransportKey.String("ip")
-	// Unix Domain socket. See below
-	NetTransportUnix = NetTransportKey.String("unix")
-	// Named or anonymous pipe. See note below
-	NetTransportPipe = NetTransportKey.String("pipe")
-	// In-process communication
-	NetTransportInProc = NetTransportKey.String("inproc")
-	// Something else (non IP-based)
-	NetTransportOther = NetTransportKey.String("other")
-)
-
-var (
-	// wifi
-	NetHostConnectionTypeWifi = NetHostConnectionTypeKey.String("wifi")
-	// wired
-	NetHostConnectionTypeWired = NetHostConnectionTypeKey.String("wired")
-	// cell
-	NetHostConnectionTypeCell = NetHostConnectionTypeKey.String("cell")
-	// unavailable
-	NetHostConnectionTypeUnavailable = NetHostConnectionTypeKey.String("unavailable")
-	// unknown
-	NetHostConnectionTypeUnknown = NetHostConnectionTypeKey.String("unknown")
-)
-
-var (
-	// GPRS
-	NetHostConnectionSubtypeGprs = NetHostConnectionSubtypeKey.String("gprs")
-	// EDGE
-	NetHostConnectionSubtypeEdge = NetHostConnectionSubtypeKey.String("edge")
-	// UMTS
-	NetHostConnectionSubtypeUmts = NetHostConnectionSubtypeKey.String("umts")
-	// CDMA
-	NetHostConnectionSubtypeCdma = NetHostConnectionSubtypeKey.String("cdma")
-	// EVDO Rel. 0
-	NetHostConnectionSubtypeEvdo0 = NetHostConnectionSubtypeKey.String("evdo_0")
-	// EVDO Rev. A
-	NetHostConnectionSubtypeEvdoA = NetHostConnectionSubtypeKey.String("evdo_a")
-	// CDMA2000 1XRTT
-	NetHostConnectionSubtypeCdma20001xrtt = NetHostConnectionSubtypeKey.String("cdma2000_1xrtt")
-	// HSDPA
-	NetHostConnectionSubtypeHsdpa = NetHostConnectionSubtypeKey.String("hsdpa")
-	// HSUPA
-	NetHostConnectionSubtypeHsupa = NetHostConnectionSubtypeKey.String("hsupa")
-	// HSPA
-	NetHostConnectionSubtypeHspa = NetHostConnectionSubtypeKey.String("hspa")
-	// IDEN
-	NetHostConnectionSubtypeIden = NetHostConnectionSubtypeKey.String("iden")
-	// EVDO Rev. B
-	NetHostConnectionSubtypeEvdoB = NetHostConnectionSubtypeKey.String("evdo_b")
-	// LTE
-	NetHostConnectionSubtypeLte = NetHostConnectionSubtypeKey.String("lte")
-	// EHRPD
-	NetHostConnectionSubtypeEhrpd = NetHostConnectionSubtypeKey.String("ehrpd")
-	// HSPAP
-	NetHostConnectionSubtypeHspap = NetHostConnectionSubtypeKey.String("hspap")
-	// GSM
-	NetHostConnectionSubtypeGsm = NetHostConnectionSubtypeKey.String("gsm")
-	// TD-SCDMA
-	NetHostConnectionSubtypeTdScdma = NetHostConnectionSubtypeKey.String("td_scdma")
-	// IWLAN
-	NetHostConnectionSubtypeIwlan = NetHostConnectionSubtypeKey.String("iwlan")
-	// 5G NR (New Radio)
-	NetHostConnectionSubtypeNr = NetHostConnectionSubtypeKey.String("nr")
-	// 5G NRNSA (New Radio Non-Standalone)
-	NetHostConnectionSubtypeNrnsa = NetHostConnectionSubtypeKey.String("nrnsa")
-	// LTE CA
-	NetHostConnectionSubtypeLteCa = NetHostConnectionSubtypeKey.String("lte_ca")
-)
-
-// Operations that access some remote service.
-const (
-	// The [`service.name`](../../resource/semantic_conventions/README.md#service) of
-	// the remote service. SHOULD be equal to the actual `service.name` resource
-	// attribute of the remote service if any.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'AuthTokenCache'
-	PeerServiceKey = attribute.Key("peer.service")
-)
-
-// These attributes may be used for any operation with an authenticated and/or authorized enduser.
-const (
-	// Username or client_id extracted from the access token or
-	// [Authorization](https://tools.ietf.org/html/rfc7235#section-4.2) header in the
-	// inbound request from outside the system.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'username'
-	EnduserIDKey = attribute.Key("enduser.id")
-	// Actual/assumed role the client is making the request under extracted from token
-	// or application security context.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'admin'
-	EnduserRoleKey = attribute.Key("enduser.role")
-	// Scopes or granted authorities the client currently possesses extracted from
-	// token or application security context. The value would come from the scope
-	// associated with an [OAuth 2.0 Access
-	// Token](https://tools.ietf.org/html/rfc6749#section-3.3) or an attribute value
-	// in a [SAML 2.0 Assertion](http://docs.oasis-
-	// open.org/security/saml/Post2.0/sstc-saml-tech-overview-2.0.html).
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'read:message, write:files'
-	EnduserScopeKey = attribute.Key("enduser.scope")
-)
-
-// These attributes may be used for any operation to store information about a thread that started a span.
-const (
-	// Current "managed" thread ID (as opposed to OS thread ID).
-	//
-	// Type: int
-	// Required: No
-	// Stability: stable
-	// Examples: 42
-	ThreadIDKey = attribute.Key("thread.id")
-	// Current thread name.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'main'
-	ThreadNameKey = attribute.Key("thread.name")
-)
-
-// These attributes allow to report this unit of code and therefore to provide more context about the span.
-const (
-	// The method or function name, or equivalent (usually rightmost part of the code
-	// unit's name).
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'serveRequest'
-	CodeFunctionKey = attribute.Key("code.function")
-	// The "namespace" within which `code.function` is defined. Usually the qualified
-	// class or module name, such that `code.namespace` + some separator +
-	// `code.function` form a unique identifier for the code unit.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'com.example.MyHTTPService'
-	CodeNamespaceKey = attribute.Key("code.namespace")
-	// The source code file name that identifies the code unit as uniquely as possible
-	// (preferably an absolute file path).
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: '/usr/local/MyApplication/content_root/app/index.php'
-	CodeFilepathKey = attribute.Key("code.filepath")
-	// The line number in `code.filepath` best representing the operation. It SHOULD
-	// point within the code unit named in `code.function`.
-	//
-	// Type: int
-	// Required: No
-	// Stability: stable
-	// Examples: 42
-	CodeLineNumberKey = attribute.Key("code.lineno")
-)
-
-// This document defines semantic conventions for HTTP client and server Spans.
-const (
-	// HTTP request method.
-	//
-	// Type: string
-	// Required: Always
-	// Stability: stable
-	// Examples: 'GET', 'POST', 'HEAD'
-	HTTPMethodKey = attribute.Key("http.method")
-	// Full HTTP request URL in the form `scheme://host[:port]/path?query[#fragment]`.
-	// Usually the fragment is not transmitted over HTTP, but if it is known, it
-	// should be included nevertheless.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'https://www.foo.bar/search?q=OpenTelemetry#SemConv'
-	// Note: `http.url` MUST NOT contain credentials passed via URL in form of
-	// `https://username:password@www.example.com/`. In such case the attribute's
-	// value should be `https://www.example.com/`.
-	HTTPURLKey = attribute.Key("http.url")
-	// The full request target as passed in a HTTP request line or equivalent.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: '/path/12314/?q=ddds#123'
-	HTTPTargetKey = attribute.Key("http.target")
-	// The value of the [HTTP host
-	// header](https://tools.ietf.org/html/rfc7230#section-5.4). An empty Host header
-	// should also be reported, see note.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'www.example.org'
-	// Note: When the header is present but empty the attribute SHOULD be set to the
-	// empty string. Note that this is a valid situation that is expected in certain
-	// cases, according the aforementioned [section of RFC
-	// 7230](https://tools.ietf.org/html/rfc7230#section-5.4). When the header is not
-	// set the attribute MUST NOT be set.
-	HTTPHostKey = attribute.Key("http.host")
-	// The URI scheme identifying the used protocol.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'http', 'https'
-	HTTPSchemeKey = attribute.Key("http.scheme")
-	// [HTTP response status code](https://tools.ietf.org/html/rfc7231#section-6).
-	//
-	// Type: int
-	// Required: If and only if one was received/sent.
-	// Stability: stable
-	// Examples: 200
-	HTTPStatusCodeKey = attribute.Key("http.status_code")
-	// Kind of HTTP protocol used.
-	//
-	// Type: Enum
-	// Required: No
-	// Stability: stable
-	// Note: If `net.transport` is not specified, it can be assumed to be `IP.TCP`
-	// except if `http.flavor` is `QUIC`, in which case `IP.UDP` is assumed.
-	HTTPFlavorKey = attribute.Key("http.flavor")
-	// Value of the [HTTP User-
-	// Agent](https://tools.ietf.org/html/rfc7231#section-5.5.3) header sent by the
-	// client.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'CERN-LineMode/2.15 libwww/2.17b3'
-	HTTPUserAgentKey = attribute.Key("http.user_agent")
-	// The size of the request payload body in bytes. This is the number of bytes
-	// transferred excluding headers and is often, but not always, present as the
-	// [Content-Length](https://tools.ietf.org/html/rfc7230#section-3.3.2) header. For
-	// requests using transport encoding, this should be the compressed size.
-	//
-	// Type: int
-	// Required: No
-	// Stability: stable
-	// Examples: 3495
-	HTTPRequestContentLengthKey = attribute.Key("http.request_content_length")
-	// The size of the uncompressed request payload body after transport decoding. Not
-	// set if transport encoding not used.
-	//
-	// Type: int
-	// Required: No
-	// Stability: stable
-	// Examples: 5493
-	HTTPRequestContentLengthUncompressedKey = attribute.Key("http.request_content_length_uncompressed")
-	// The size of the response payload body in bytes. This is the number of bytes
-	// transferred excluding headers and is often, but not always, present as the
-	// [Content-Length](https://tools.ietf.org/html/rfc7230#section-3.3.2) header. For
-	// requests using transport encoding, this should be the compressed size.
-	//
-	// Type: int
-	// Required: No
-	// Stability: stable
-	// Examples: 3495
-	HTTPResponseContentLengthKey = attribute.Key("http.response_content_length")
-	// The size of the uncompressed response payload body after transport decoding.
-	// Not set if transport encoding not used.
-	//
-	// Type: int
-	// Required: No
-	// Stability: stable
-	// Examples: 5493
-	HTTPResponseContentLengthUncompressedKey = attribute.Key("http.response_content_length_uncompressed")
-	// The ordinal number of request re-sending attempt.
-	//
-	// Type: int
-	// Required: If and only if a request was retried.
-	// Stability: stable
-	// Examples: 3
-	HTTPRetryCountKey = attribute.Key("http.retry_count")
-)
-
-var (
-	// HTTP/1.0
-	HTTPFlavorHTTP10 = HTTPFlavorKey.String("1.0")
-	// HTTP/1.1
-	HTTPFlavorHTTP11 = HTTPFlavorKey.String("1.1")
-	// HTTP/2
-	HTTPFlavorHTTP20 = HTTPFlavorKey.String("2.0")
-	// HTTP/3
-	HTTPFlavorHTTP30 = HTTPFlavorKey.String("3.0")
-	// SPDY protocol
-	HTTPFlavorSPDY = HTTPFlavorKey.String("SPDY")
-	// QUIC protocol
-	HTTPFlavorQUIC = HTTPFlavorKey.String("QUIC")
-)
-
-// Semantic Convention for HTTP Server
-const (
-	// The primary server name of the matched virtual host. This should be obtained
-	// via configuration. If no such configuration can be obtained, this attribute
-	// MUST NOT be set ( `net.host.name` should be used instead).
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'example.com'
-	// Note: `http.url` is usually not readily available on the server side but would
-	// have to be assembled in a cumbersome and sometimes lossy process from other
-	// information (see e.g. open-telemetry/opentelemetry-python/pull/148). It is thus
-	// preferred to supply the raw data that is available.
-	HTTPServerNameKey = attribute.Key("http.server_name")
-	// The matched route (path template).
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: '/users/:userID?'
-	HTTPRouteKey = attribute.Key("http.route")
-	// The IP address of the original client behind all proxies, if known (e.g. from
-	// [X-Forwarded-For](https://developer.mozilla.org/en-
-	// US/docs/Web/HTTP/Headers/X-Forwarded-For)).
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: '83.164.160.102'
-	// Note: This is not necessarily the same as `net.peer.ip`, which would
-	// identify the network-level peer, which may be a proxy.
-
-	// This attribute should be set when a source of information different
-	// from the one used for `net.peer.ip`, is available even if that other
-	// source just confirms the same value as `net.peer.ip`.
-	// Rationale: For `net.peer.ip`, one typically does not know if it
-	// comes from a proxy, reverse proxy, or the actual client. Setting
-	// `http.client_ip` when it's the same as `net.peer.ip` means that
-	// one is at least somewhat confident that the address is not that of
-	// the closest proxy.
-	HTTPClientIPKey = attribute.Key("http.client_ip")
-)
-
-// Attributes that exist for multiple DynamoDB request types.
-const (
-	// The keys in the `RequestItems` object field.
-	//
-	// Type: string[]
-	// Required: No
-	// Stability: stable
-	// Examples: 'Users', 'Cats'
-	AWSDynamoDBTableNamesKey = attribute.Key("aws.dynamodb.table_names")
-	// The JSON-serialized value of each item in the `ConsumedCapacity` response
-	// field.
-	//
-	// Type: string[]
-	// Required: No
-	// Stability: stable
-	// Examples: '{ "CapacityUnits": number, "GlobalSecondaryIndexes": { "string" : {
-	// "CapacityUnits": number, "ReadCapacityUnits": number, "WriteCapacityUnits":
-	// number } }, "LocalSecondaryIndexes": { "string" : { "CapacityUnits": number,
-	// "ReadCapacityUnits": number, "WriteCapacityUnits": number } },
-	// "ReadCapacityUnits": number, "Table": { "CapacityUnits": number,
-	// "ReadCapacityUnits": number, "WriteCapacityUnits": number }, "TableName":
-	// "string", "WriteCapacityUnits": number }'
-	AWSDynamoDBConsumedCapacityKey = attribute.Key("aws.dynamodb.consumed_capacity")
-	// The JSON-serialized value of the `ItemCollectionMetrics` response field.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: '{ "string" : [ { "ItemCollectionKey": { "string" : { "B": blob,
-	// "BOOL": boolean, "BS": [ blob ], "L": [ "AttributeValue" ], "M": { "string" :
-	// "AttributeValue" }, "N": "string", "NS": [ "string" ], "NULL": boolean, "S":
-	// "string", "SS": [ "string" ] } }, "SizeEstimateRangeGB": [ number ] } ] }'
-	AWSDynamoDBItemCollectionMetricsKey = attribute.Key("aws.dynamodb.item_collection_metrics")
-	// The value of the `ProvisionedThroughput.ReadCapacityUnits` request parameter.
-	//
-	// Type: double
-	// Required: No
-	// Stability: stable
-	// Examples: 1.0, 2.0
-	AWSDynamoDBProvisionedReadCapacityKey = attribute.Key("aws.dynamodb.provisioned_read_capacity")
-	// The value of the `ProvisionedThroughput.WriteCapacityUnits` request parameter.
-	//
-	// Type: double
-	// Required: No
-	// Stability: stable
-	// Examples: 1.0, 2.0
-	AWSDynamoDBProvisionedWriteCapacityKey = attribute.Key("aws.dynamodb.provisioned_write_capacity")
-	// The value of the `ConsistentRead` request parameter.
-	//
-	// Type: boolean
-	// Required: No
-	// Stability: stable
-	AWSDynamoDBConsistentReadKey = attribute.Key("aws.dynamodb.consistent_read")
-	// The value of the `ProjectionExpression` request parameter.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'Title', 'Title, Price, Color', 'Title, Description, RelatedItems,
-	// ProductReviews'
-	AWSDynamoDBProjectionKey = attribute.Key("aws.dynamodb.projection")
-	// The value of the `Limit` request parameter.
-	//
-	// Type: int
-	// Required: No
-	// Stability: stable
-	// Examples: 10
-	AWSDynamoDBLimitKey = attribute.Key("aws.dynamodb.limit")
-	// The value of the `AttributesToGet` request parameter.
-	//
-	// Type: string[]
-	// Required: No
-	// Stability: stable
-	// Examples: 'lives', 'id'
-	AWSDynamoDBAttributesToGetKey = attribute.Key("aws.dynamodb.attributes_to_get")
-	// The value of the `IndexName` request parameter.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'name_to_group'
-	AWSDynamoDBIndexNameKey = attribute.Key("aws.dynamodb.index_name")
-	// The value of the `Select` request parameter.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'ALL_ATTRIBUTES', 'COUNT'
-	AWSDynamoDBSelectKey = attribute.Key("aws.dynamodb.select")
-)
-
-// DynamoDB.CreateTable
-const (
-	// The JSON-serialized value of each item of the `GlobalSecondaryIndexes` request
-	// field
-	//
-	// Type: string[]
-	// Required: No
-	// Stability: stable
-	// Examples: '{ "IndexName": "string", "KeySchema": [ { "AttributeName": "string",
-	// "KeyType": "string" } ], "Projection": { "NonKeyAttributes": [ "string" ],
-	// "ProjectionType": "string" }, "ProvisionedThroughput": { "ReadCapacityUnits":
-	// number, "WriteCapacityUnits": number } }'
-	AWSDynamoDBGlobalSecondaryIndexesKey = attribute.Key("aws.dynamodb.global_secondary_indexes")
-	// The JSON-serialized value of each item of the `LocalSecondaryIndexes` request
-	// field.
-	//
-	// Type: string[]
-	// Required: No
-	// Stability: stable
-	// Examples: '{ "IndexARN": "string", "IndexName": "string", "IndexSizeBytes":
-	// number, "ItemCount": number, "KeySchema": [ { "AttributeName": "string",
-	// "KeyType": "string" } ], "Projection": { "NonKeyAttributes": [ "string" ],
-	// "ProjectionType": "string" } }'
-	AWSDynamoDBLocalSecondaryIndexesKey = attribute.Key("aws.dynamodb.local_secondary_indexes")
-)
-
-// DynamoDB.ListTables
-const (
-	// The value of the `ExclusiveStartTableName` request parameter.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'Users', 'CatsTable'
-	AWSDynamoDBExclusiveStartTableKey = attribute.Key("aws.dynamodb.exclusive_start_table")
-	// The the number of items in the `TableNames` response parameter.
-	//
-	// Type: int
-	// Required: No
-	// Stability: stable
-	// Examples: 20
-	AWSDynamoDBTableCountKey = attribute.Key("aws.dynamodb.table_count")
-)
-
-// DynamoDB.Query
-const (
-	// The value of the `ScanIndexForward` request parameter.
-	//
-	// Type: boolean
-	// Required: No
-	// Stability: stable
-	AWSDynamoDBScanForwardKey = attribute.Key("aws.dynamodb.scan_forward")
-)
-
-// DynamoDB.Scan
-const (
-	// The value of the `Segment` request parameter.
-	//
-	// Type: int
-	// Required: No
-	// Stability: stable
-	// Examples: 10
-	AWSDynamoDBSegmentKey = attribute.Key("aws.dynamodb.segment")
-	// The value of the `TotalSegments` request parameter.
-	//
-	// Type: int
-	// Required: No
-	// Stability: stable
-	// Examples: 100
-	AWSDynamoDBTotalSegmentsKey = attribute.Key("aws.dynamodb.total_segments")
-	// The value of the `Count` response parameter.
-	//
-	// Type: int
-	// Required: No
-	// Stability: stable
-	// Examples: 10
-	AWSDynamoDBCountKey = attribute.Key("aws.dynamodb.count")
-	// The value of the `ScannedCount` response parameter.
-	//
-	// Type: int
-	// Required: No
-	// Stability: stable
-	// Examples: 50
-	AWSDynamoDBScannedCountKey = attribute.Key("aws.dynamodb.scanned_count")
-)
-
-// DynamoDB.UpdateTable
-const (
-	// The JSON-serialized value of each item in the `AttributeDefinitions` request
-	// field.
-	//
-	// Type: string[]
-	// Required: No
-	// Stability: stable
-	// Examples: '{ "AttributeName": "string", "AttributeType": "string" }'
-	AWSDynamoDBAttributeDefinitionsKey = attribute.Key("aws.dynamodb.attribute_definitions")
-	// The JSON-serialized value of each item in the the `GlobalSecondaryIndexUpdates`
-	// request field.
-	//
-	// Type: string[]
-	// Required: No
-	// Stability: stable
-	// Examples: '{ "Create": { "IndexName": "string", "KeySchema": [ {
-	// "AttributeName": "string", "KeyType": "string" } ], "Projection": {
-	// "NonKeyAttributes": [ "string" ], "ProjectionType": "string" },
-	// "ProvisionedThroughput": { "ReadCapacityUnits": number, "WriteCapacityUnits":
-	// number } }'
-	AWSDynamoDBGlobalSecondaryIndexUpdatesKey = attribute.Key("aws.dynamodb.global_secondary_index_updates")
-)
-
-// This document defines the attributes used in messaging systems.
-const (
-	// A string identifying the messaging system.
-	//
-	// Type: string
-	// Required: Always
-	// Stability: stable
-	// Examples: 'kafka', 'rabbitmq', 'rocketmq', 'activemq', 'AmazonSQS'
-	MessagingSystemKey = attribute.Key("messaging.system")
-	// The message destination name. This might be equal to the span name but is
-	// required nevertheless.
-	//
-	// Type: string
-	// Required: Always
-	// Stability: stable
-	// Examples: 'MyQueue', 'MyTopic'
-	MessagingDestinationKey = attribute.Key("messaging.destination")
-	// The kind of message destination
-	//
-	// Type: Enum
-	// Required: Required only if the message destination is either a `queue` or
-	// `topic`.
-	// Stability: stable
-	MessagingDestinationKindKey = attribute.Key("messaging.destination_kind")
-	// A boolean that is true if the message destination is temporary.
-	//
-	// Type: boolean
-	// Required: If missing, it is assumed to be false.
-	// Stability: stable
-	MessagingTempDestinationKey = attribute.Key("messaging.temp_destination")
-	// The name of the transport protocol.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'AMQP', 'MQTT'
-	MessagingProtocolKey = attribute.Key("messaging.protocol")
-	// The version of the transport protocol.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: '0.9.1'
-	MessagingProtocolVersionKey = attribute.Key("messaging.protocol_version")
-	// Connection string.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'tibjmsnaming://localhost:7222',
-	// 'https://queue.amazonaws.com/80398EXAMPLE/MyQueue'
-	MessagingURLKey = attribute.Key("messaging.url")
-	// A value used by the messaging system as an identifier for the message,
-	// represented as a string.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: '452a7c7c7c7048c2f887f61572b18fc2'
-	MessagingMessageIDKey = attribute.Key("messaging.message_id")
-	// The [conversation ID](#conversations) identifying the conversation to which the
-	// message belongs, represented as a string. Sometimes called "Correlation ID".
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'MyConversationID'
-	MessagingConversationIDKey = attribute.Key("messaging.conversation_id")
-	// The (uncompressed) size of the message payload in bytes. Also use this
-	// attribute if it is unknown whether the compressed or uncompressed payload size
-	// is reported.
-	//
-	// Type: int
-	// Required: No
-	// Stability: stable
-	// Examples: 2738
-	MessagingMessagePayloadSizeBytesKey = attribute.Key("messaging.message_payload_size_bytes")
-	// The compressed size of the message payload in bytes.
-	//
-	// Type: int
-	// Required: No
-	// Stability: stable
-	// Examples: 2048
-	MessagingMessagePayloadCompressedSizeBytesKey = attribute.Key("messaging.message_payload_compressed_size_bytes")
-)
-
-var (
-	// A message sent to a queue
-	MessagingDestinationKindQueue = MessagingDestinationKindKey.String("queue")
-	// A message sent to a topic
-	MessagingDestinationKindTopic = MessagingDestinationKindKey.String("topic")
-)
-
-// Semantic convention for a consumer of messages received from a messaging system
-const (
-	// A string identifying the kind of message consumption as defined in the
-	// [Operation names](#operation-names) section above. If the operation is "send",
-	// this attribute MUST NOT be set, since the operation can be inferred from the
-	// span kind in that case.
-	//
-	// Type: Enum
-	// Required: No
-	// Stability: stable
-	MessagingOperationKey = attribute.Key("messaging.operation")
-	// The identifier for the consumer receiving a message. For Kafka, set it to
-	// `{messaging.kafka.consumer_group} - {messaging.kafka.client_id}`, if both are
-	// present, or only `messaging.kafka.consumer_group`. For brokers, such as
-	// RabbitMQ and Artemis, set it to the `client_id` of the client consuming the
-	// message.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'mygroup - client-6'
-	MessagingConsumerIDKey = attribute.Key("messaging.consumer_id")
-)
-
-var (
-	// receive
-	MessagingOperationReceive = MessagingOperationKey.String("receive")
-	// process
-	MessagingOperationProcess = MessagingOperationKey.String("process")
-)
-
-// Attributes for RabbitMQ
-const (
-	// RabbitMQ message routing key.
-	//
-	// Type: string
-	// Required: Unless it is empty.
-	// Stability: stable
-	// Examples: 'myKey'
-	MessagingRabbitmqRoutingKeyKey = attribute.Key("messaging.rabbitmq.routing_key")
-)
-
-// Attributes for Apache Kafka
-const (
-	// Message keys in Kafka are used for grouping alike messages to ensure they're
-	// processed on the same partition. They differ from `messaging.message_id` in
-	// that they're not unique. If the key is `null`, the attribute MUST NOT be set.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'myKey'
-	// Note: If the key type is not string, it's string representation has to be
-	// supplied for the attribute. If the key has no unambiguous, canonical string
-	// form, don't include its value.
-	MessagingKafkaMessageKeyKey = attribute.Key("messaging.kafka.message_key")
-	// Name of the Kafka Consumer Group that is handling the message. Only applies to
-	// consumers, not producers.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'my-group'
-	MessagingKafkaConsumerGroupKey = attribute.Key("messaging.kafka.consumer_group")
-	// Client ID for the Consumer or Producer that is handling the message.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'client-5'
-	MessagingKafkaClientIDKey = attribute.Key("messaging.kafka.client_id")
-	// Partition the message is sent to.
-	//
-	// Type: int
-	// Required: No
-	// Stability: stable
-	// Examples: 2
-	MessagingKafkaPartitionKey = attribute.Key("messaging.kafka.partition")
-	// A boolean that is true if the message is a tombstone.
-	//
-	// Type: boolean
-	// Required: If missing, it is assumed to be false.
-	// Stability: stable
-	MessagingKafkaTombstoneKey = attribute.Key("messaging.kafka.tombstone")
-)
-
-// Attributes for Apache RocketMQ
-const (
-	// Namespace of RocketMQ resources, resources in different namespaces are
-	// individual.
-	//
-	// Type: string
-	// Required: Always
-	// Stability: stable
-	// Examples: 'myNamespace'
-	MessagingRocketmqNamespaceKey = attribute.Key("messaging.rocketmq.namespace")
-	// Name of the RocketMQ producer/consumer group that is handling the message. The
-	// client type is identified by the SpanKind.
-	//
-	// Type: string
-	// Required: Always
-	// Stability: stable
-	// Examples: 'myConsumerGroup'
-	MessagingRocketmqClientGroupKey = attribute.Key("messaging.rocketmq.client_group")
-	// The unique identifier for each client.
-	//
-	// Type: string
-	// Required: Always
-	// Stability: stable
-	// Examples: 'myhost@8742@s8083jm'
-	MessagingRocketmqClientIDKey = attribute.Key("messaging.rocketmq.client_id")
-	// Type of message.
-	//
-	// Type: Enum
-	// Required: No
-	// Stability: stable
-	MessagingRocketmqMessageTypeKey = attribute.Key("messaging.rocketmq.message_type")
-	// The secondary classifier of message besides topic.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'tagA'
-	MessagingRocketmqMessageTagKey = attribute.Key("messaging.rocketmq.message_tag")
-	// Key(s) of message, another way to mark message besides message id.
-	//
-	// Type: string[]
-	// Required: No
-	// Stability: stable
-	// Examples: 'keyA', 'keyB'
-	MessagingRocketmqMessageKeysKey = attribute.Key("messaging.rocketmq.message_keys")
-	// Model of message consumption. This only applies to consumer spans.
-	//
-	// Type: Enum
-	// Required: No
-	// Stability: stable
-	MessagingRocketmqConsumptionModelKey = attribute.Key("messaging.rocketmq.consumption_model")
-)
-
-var (
-	// Normal message
-	MessagingRocketmqMessageTypeNormal = MessagingRocketmqMessageTypeKey.String("normal")
-	// FIFO message
-	MessagingRocketmqMessageTypeFifo = MessagingRocketmqMessageTypeKey.String("fifo")
-	// Delay message
-	MessagingRocketmqMessageTypeDelay = MessagingRocketmqMessageTypeKey.String("delay")
-	// Transaction message
-	MessagingRocketmqMessageTypeTransaction = MessagingRocketmqMessageTypeKey.String("transaction")
-)
-
-var (
-	// Clustering consumption model
-	MessagingRocketmqConsumptionModelClustering = MessagingRocketmqConsumptionModelKey.String("clustering")
-	// Broadcasting consumption model
-	MessagingRocketmqConsumptionModelBroadcasting = MessagingRocketmqConsumptionModelKey.String("broadcasting")
-)
-
-// This document defines semantic conventions for remote procedure calls.
-const (
-	// A string identifying the remoting system. See below for a list of well-known
-	// identifiers.
-	//
-	// Type: Enum
-	// Required: Always
-	// Stability: stable
-	RPCSystemKey = attribute.Key("rpc.system")
-	// The full (logical) name of the service being called, including its package
-	// name, if applicable.
-	//
-	// Type: string
-	// Required: No, but recommended
-	// Stability: stable
-	// Examples: 'myservice.EchoService'
-	// Note: This is the logical name of the service from the RPC interface
-	// perspective, which can be different from the name of any implementing class.
-	// The `code.namespace` attribute may be used to store the latter (despite the
-	// attribute name, it may include a class name; e.g., class with method actually
-	// executing the call on the server side, RPC client stub class on the client
-	// side).
-	RPCServiceKey = attribute.Key("rpc.service")
-	// The name of the (logical) method being called, must be equal to the $method
-	// part in the span name.
-	//
-	// Type: string
-	// Required: No, but recommended
-	// Stability: stable
-	// Examples: 'exampleMethod'
-	// Note: This is the logical name of the method from the RPC interface
-	// perspective, which can be different from the name of any implementing
-	// method/function. The `code.function` attribute may be used to store the latter
-	// (e.g., method actually executing the call on the server side, RPC client stub
-	// method on the client side).
-	RPCMethodKey = attribute.Key("rpc.method")
-)
-
-var (
-	// gRPC
-	RPCSystemGRPC = RPCSystemKey.String("grpc")
-	// Java RMI
-	RPCSystemJavaRmi = RPCSystemKey.String("java_rmi")
-	// .NET WCF
-	RPCSystemDotnetWcf = RPCSystemKey.String("dotnet_wcf")
-	// Apache Dubbo
-	RPCSystemApacheDubbo = RPCSystemKey.String("apache_dubbo")
-)
-
-// Tech-specific attributes for gRPC.
-const (
-	// The [numeric status
-	// code](https://github.com/grpc/grpc/blob/v1.33.2/doc/statuscodes.md) of the gRPC
-	// request.
-	//
-	// Type: Enum
-	// Required: Always
-	// Stability: stable
-	RPCGRPCStatusCodeKey = attribute.Key("rpc.grpc.status_code")
-)
-
-var (
-	// OK
-	RPCGRPCStatusCodeOk = RPCGRPCStatusCodeKey.Int(0)
-	// CANCELLED
-	RPCGRPCStatusCodeCancelled = RPCGRPCStatusCodeKey.Int(1)
-	// UNKNOWN
-	RPCGRPCStatusCodeUnknown = RPCGRPCStatusCodeKey.Int(2)
-	// INVALID_ARGUMENT
-	RPCGRPCStatusCodeInvalidArgument = RPCGRPCStatusCodeKey.Int(3)
-	// DEADLINE_EXCEEDED
-	RPCGRPCStatusCodeDeadlineExceeded = RPCGRPCStatusCodeKey.Int(4)
-	// NOT_FOUND
-	RPCGRPCStatusCodeNotFound = RPCGRPCStatusCodeKey.Int(5)
-	// ALREADY_EXISTS
-	RPCGRPCStatusCodeAlreadyExists = RPCGRPCStatusCodeKey.Int(6)
-	// PERMISSION_DENIED
-	RPCGRPCStatusCodePermissionDenied = RPCGRPCStatusCodeKey.Int(7)
-	// RESOURCE_EXHAUSTED
-	RPCGRPCStatusCodeResourceExhausted = RPCGRPCStatusCodeKey.Int(8)
-	// FAILED_PRECONDITION
-	RPCGRPCStatusCodeFailedPrecondition = RPCGRPCStatusCodeKey.Int(9)
-	// ABORTED
-	RPCGRPCStatusCodeAborted = RPCGRPCStatusCodeKey.Int(10)
-	// OUT_OF_RANGE
-	RPCGRPCStatusCodeOutOfRange = RPCGRPCStatusCodeKey.Int(11)
-	// UNIMPLEMENTED
-	RPCGRPCStatusCodeUnimplemented = RPCGRPCStatusCodeKey.Int(12)
-	// INTERNAL
-	RPCGRPCStatusCodeInternal = RPCGRPCStatusCodeKey.Int(13)
-	// UNAVAILABLE
-	RPCGRPCStatusCodeUnavailable = RPCGRPCStatusCodeKey.Int(14)
-	// DATA_LOSS
-	RPCGRPCStatusCodeDataLoss = RPCGRPCStatusCodeKey.Int(15)
-	// UNAUTHENTICATED
-	RPCGRPCStatusCodeUnauthenticated = RPCGRPCStatusCodeKey.Int(16)
-)
-
-// Tech-specific attributes for [JSON RPC](https://www.jsonrpc.org/).
-const (
-	// Protocol version as in `jsonrpc` property of request/response. Since JSON-RPC
-	// 1.0 does not specify this, the value can be omitted.
-	//
-	// Type: string
-	// Required: If missing, it is assumed to be "1.0".
-	// Stability: stable
-	// Examples: '2.0', '1.0'
-	RPCJsonrpcVersionKey = attribute.Key("rpc.jsonrpc.version")
-	// `id` property of request or response. Since protocol allows id to be int,
-	// string, `null` or missing (for notifications), value is expected to be cast to
-	// string for simplicity. Use empty string in case of `null` value. Omit entirely
-	// if this is a notification.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: '10', 'request-7', ''
-	RPCJsonrpcRequestIDKey = attribute.Key("rpc.jsonrpc.request_id")
-	// `error.code` property of response if it is an error response.
-	//
-	// Type: int
-	// Required: If missing, response is assumed to be successful.
-	// Stability: stable
-	// Examples: -32700, 100
-	RPCJsonrpcErrorCodeKey = attribute.Key("rpc.jsonrpc.error_code")
-	// `error.message` property of response if it is an error response.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'Parse error', 'User already exists'
-	RPCJsonrpcErrorMessageKey = attribute.Key("rpc.jsonrpc.error_message")
-)
-
-// RPC received/sent message.
-const (
-	// Whether this is a received or sent message.
-	//
-	// Type: Enum
-	// Required: No
-	// Stability: stable
-	MessageTypeKey = attribute.Key("message.type")
-	// MUST be calculated as two different counters starting from `1` one for sent
-	// messages and one for received message.
-	//
-	// Type: int
-	// Required: No
-	// Stability: stable
-	// Note: This way we guarantee that the values will be consistent between
-	// different implementations.
-	MessageIDKey = attribute.Key("message.id")
-	// Compressed size of the message in bytes.
-	//
-	// Type: int
-	// Required: No
-	// Stability: stable
-	MessageCompressedSizeKey = attribute.Key("message.compressed_size")
-	// Uncompressed size of the message in bytes.
-	//
-	// Type: int
-	// Required: No
-	// Stability: stable
-	MessageUncompressedSizeKey = attribute.Key("message.uncompressed_size")
-)
-
-var (
-	// sent
-	MessageTypeSent = MessageTypeKey.String("SENT")
-	// received
-	MessageTypeReceived = MessageTypeKey.String("RECEIVED")
-)
diff --git a/apis/vendor/go.opentelemetry.io/otel/semconv/v1.12.0/doc.go b/apis/vendor/go.opentelemetry.io/otel/semconv/v1.17.0/doc.go
similarity index 92%
rename from apis/vendor/go.opentelemetry.io/otel/semconv/v1.12.0/doc.go
rename to apis/vendor/go.opentelemetry.io/otel/semconv/v1.17.0/doc.go
index 181fcc9c5..71a1f7748 100644
--- a/apis/vendor/go.opentelemetry.io/otel/semconv/v1.12.0/doc.go
+++ b/apis/vendor/go.opentelemetry.io/otel/semconv/v1.17.0/doc.go
@@ -16,5 +16,5 @@
 //
 // OpenTelemetry semantic conventions are agreed standardized naming
 // patterns for OpenTelemetry things. This package represents the conventions
-// as of the v1.12.0 version of the OpenTelemetry specification.
-package semconv // import "go.opentelemetry.io/otel/semconv/v1.12.0"
+// as of the v1.17.0 version of the OpenTelemetry specification.
+package semconv // import "go.opentelemetry.io/otel/semconv/v1.17.0"
diff --git a/apis/vendor/go.opentelemetry.io/otel/semconv/v1.17.0/event.go b/apis/vendor/go.opentelemetry.io/otel/semconv/v1.17.0/event.go
new file mode 100644
index 000000000..679c40c4d
--- /dev/null
+++ b/apis/vendor/go.opentelemetry.io/otel/semconv/v1.17.0/event.go
@@ -0,0 +1,199 @@
+// Copyright The OpenTelemetry Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Code generated from semantic convention specification. DO NOT EDIT.
+
+package semconv // import "go.opentelemetry.io/otel/semconv/v1.17.0"
+
+import "go.opentelemetry.io/otel/attribute"
+
+// This semantic convention defines the attributes used to represent a feature
+// flag evaluation as an event.
+const (
+	// FeatureFlagKeyKey is the attribute Key conforming to the
+	// "feature_flag.key" semantic conventions. It represents the unique
+	// identifier of the feature flag.
+	//
+	// Type: string
+	// RequirementLevel: Required
+	// Stability: stable
+	// Examples: 'logo-color'
+	FeatureFlagKeyKey = attribute.Key("feature_flag.key")
+
+	// FeatureFlagProviderNameKey is the attribute Key conforming to the
+	// "feature_flag.provider_name" semantic conventions. It represents the
+	// name of the service provider that performs the flag evaluation.
+	//
+	// Type: string
+	// RequirementLevel: Recommended
+	// Stability: stable
+	// Examples: 'Flag Manager'
+	FeatureFlagProviderNameKey = attribute.Key("feature_flag.provider_name")
+
+	// FeatureFlagVariantKey is the attribute Key conforming to the
+	// "feature_flag.variant" semantic conventions. It represents the sHOULD be
+	// a semantic identifier for a value. If one is unavailable, a stringified
+	// version of the value can be used.
+	//
+	// Type: string
+	// RequirementLevel: Recommended
+	// Stability: stable
+	// Examples: 'red', 'true', 'on'
+	// Note: A semantic identifier, commonly referred to as a variant, provides
+	// a means
+	// for referring to a value without including the value itself. This can
+	// provide additional context for understanding the meaning behind a value.
+	// For example, the variant `red` maybe be used for the value `#c05543`.
+	//
+	// A stringified version of the value can be used in situations where a
+	// semantic identifier is unavailable. String representation of the value
+	// should be determined by the implementer.
+	FeatureFlagVariantKey = attribute.Key("feature_flag.variant")
+)
+
+// FeatureFlagKey returns an attribute KeyValue conforming to the
+// "feature_flag.key" semantic conventions. It represents the unique identifier
+// of the feature flag.
+func FeatureFlagKey(val string) attribute.KeyValue {
+	return FeatureFlagKeyKey.String(val)
+}
+
+// FeatureFlagProviderName returns an attribute KeyValue conforming to the
+// "feature_flag.provider_name" semantic conventions. It represents the name of
+// the service provider that performs the flag evaluation.
+func FeatureFlagProviderName(val string) attribute.KeyValue {
+	return FeatureFlagProviderNameKey.String(val)
+}
+
+// FeatureFlagVariant returns an attribute KeyValue conforming to the
+// "feature_flag.variant" semantic conventions. It represents the sHOULD be a
+// semantic identifier for a value. If one is unavailable, a stringified
+// version of the value can be used.
+func FeatureFlagVariant(val string) attribute.KeyValue {
+	return FeatureFlagVariantKey.String(val)
+}
+
+// RPC received/sent message.
+const (
+	// MessageTypeKey is the attribute Key conforming to the "message.type"
+	// semantic conventions. It represents the whether this is a received or
+	// sent message.
+	//
+	// Type: Enum
+	// RequirementLevel: Optional
+	// Stability: stable
+	MessageTypeKey = attribute.Key("message.type")
+
+	// MessageIDKey is the attribute Key conforming to the "message.id"
+	// semantic conventions. It represents the mUST be calculated as two
+	// different counters starting from `1` one for sent messages and one for
+	// received message.
+	//
+	// Type: int
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Note: This way we guarantee that the values will be consistent between
+	// different implementations.
+	MessageIDKey = attribute.Key("message.id")
+
+	// MessageCompressedSizeKey is the attribute Key conforming to the
+	// "message.compressed_size" semantic conventions. It represents the
+	// compressed size of the message in bytes.
+	//
+	// Type: int
+	// RequirementLevel: Optional
+	// Stability: stable
+	MessageCompressedSizeKey = attribute.Key("message.compressed_size")
+
+	// MessageUncompressedSizeKey is the attribute Key conforming to the
+	// "message.uncompressed_size" semantic conventions. It represents the
+	// uncompressed size of the message in bytes.
+	//
+	// Type: int
+	// RequirementLevel: Optional
+	// Stability: stable
+	MessageUncompressedSizeKey = attribute.Key("message.uncompressed_size")
+)
+
+var (
+	// sent
+	MessageTypeSent = MessageTypeKey.String("SENT")
+	// received
+	MessageTypeReceived = MessageTypeKey.String("RECEIVED")
+)
+
+// MessageID returns an attribute KeyValue conforming to the "message.id"
+// semantic conventions. It represents the mUST be calculated as two different
+// counters starting from `1` one for sent messages and one for received
+// message.
+func MessageID(val int) attribute.KeyValue {
+	return MessageIDKey.Int(val)
+}
+
+// MessageCompressedSize returns an attribute KeyValue conforming to the
+// "message.compressed_size" semantic conventions. It represents the compressed
+// size of the message in bytes.
+func MessageCompressedSize(val int) attribute.KeyValue {
+	return MessageCompressedSizeKey.Int(val)
+}
+
+// MessageUncompressedSize returns an attribute KeyValue conforming to the
+// "message.uncompressed_size" semantic conventions. It represents the
+// uncompressed size of the message in bytes.
+func MessageUncompressedSize(val int) attribute.KeyValue {
+	return MessageUncompressedSizeKey.Int(val)
+}
+
+// The attributes used to report a single exception associated with a span.
+const (
+	// ExceptionEscapedKey is the attribute Key conforming to the
+	// "exception.escaped" semantic conventions. It represents the sHOULD be
+	// set to true if the exception event is recorded at a point where it is
+	// known that the exception is escaping the scope of the span.
+	//
+	// Type: boolean
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Note: An exception is considered to have escaped (or left) the scope of
+	// a span,
+	// if that span is ended while the exception is still logically "in
+	// flight".
+	// This may be actually "in flight" in some languages (e.g. if the
+	// exception
+	// is passed to a Context manager's `__exit__` method in Python) but will
+	// usually be caught at the point of recording the exception in most
+	// languages.
+	//
+	// It is usually not possible to determine at the point where an exception
+	// is thrown
+	// whether it will escape the scope of a span.
+	// However, it is trivial to know that an exception
+	// will escape, if one checks for an active exception just before ending
+	// the span,
+	// as done in the [example above](#recording-an-exception).
+	//
+	// It follows that an exception may still escape the scope of the span
+	// even if the `exception.escaped` attribute was not set or set to false,
+	// since the event might have been recorded at a time where it was not
+	// clear whether the exception will escape.
+	ExceptionEscapedKey = attribute.Key("exception.escaped")
+)
+
+// ExceptionEscaped returns an attribute KeyValue conforming to the
+// "exception.escaped" semantic conventions. It represents the sHOULD be set to
+// true if the exception event is recorded at a point where it is known that
+// the exception is escaping the scope of the span.
+func ExceptionEscaped(val bool) attribute.KeyValue {
+	return ExceptionEscapedKey.Bool(val)
+}
diff --git a/apis/vendor/go.opentelemetry.io/otel/semconv/v1.12.0/exception.go b/apis/vendor/go.opentelemetry.io/otel/semconv/v1.17.0/exception.go
similarity index 99%
rename from apis/vendor/go.opentelemetry.io/otel/semconv/v1.12.0/exception.go
rename to apis/vendor/go.opentelemetry.io/otel/semconv/v1.17.0/exception.go
index d68927094..9b8c559de 100644
--- a/apis/vendor/go.opentelemetry.io/otel/semconv/v1.12.0/exception.go
+++ b/apis/vendor/go.opentelemetry.io/otel/semconv/v1.17.0/exception.go
@@ -12,7 +12,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-package semconv // import "go.opentelemetry.io/otel/semconv/v1.12.0"
+package semconv // import "go.opentelemetry.io/otel/semconv/v1.17.0"
 
 const (
 	// ExceptionEventName is the name of the Span event representing an exception.
diff --git a/apis/vendor/go.opentelemetry.io/otel/semconv/v1.17.0/http.go b/apis/vendor/go.opentelemetry.io/otel/semconv/v1.17.0/http.go
new file mode 100644
index 000000000..d5c4b5c13
--- /dev/null
+++ b/apis/vendor/go.opentelemetry.io/otel/semconv/v1.17.0/http.go
@@ -0,0 +1,21 @@
+// Copyright The OpenTelemetry Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package semconv // import "go.opentelemetry.io/otel/semconv/v1.17.0"
+
+// HTTP scheme attributes.
+var (
+	HTTPSchemeHTTP  = HTTPSchemeKey.String("http")
+	HTTPSchemeHTTPS = HTTPSchemeKey.String("https")
+)
diff --git a/apis/vendor/go.opentelemetry.io/otel/semconv/v1.17.0/resource.go b/apis/vendor/go.opentelemetry.io/otel/semconv/v1.17.0/resource.go
new file mode 100644
index 000000000..39a2eab3a
--- /dev/null
+++ b/apis/vendor/go.opentelemetry.io/otel/semconv/v1.17.0/resource.go
@@ -0,0 +1,2010 @@
+// Copyright The OpenTelemetry Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Code generated from semantic convention specification. DO NOT EDIT.
+
+package semconv // import "go.opentelemetry.io/otel/semconv/v1.17.0"
+
+import "go.opentelemetry.io/otel/attribute"
+
+// The web browser in which the application represented by the resource is
+// running. The `browser.*` attributes MUST be used only for resources that
+// represent applications running in a web browser (regardless of whether
+// running on a mobile or desktop device).
+const (
+	// BrowserBrandsKey is the attribute Key conforming to the "browser.brands"
+	// semantic conventions. It represents the array of brand name and version
+	// separated by a space
+	//
+	// Type: string[]
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: ' Not A;Brand 99', 'Chromium 99', 'Chrome 99'
+	// Note: This value is intended to be taken from the [UA client hints
+	// API](https://wicg.github.io/ua-client-hints/#interface)
+	// (`navigator.userAgentData.brands`).
+	BrowserBrandsKey = attribute.Key("browser.brands")
+
+	// BrowserPlatformKey is the attribute Key conforming to the
+	// "browser.platform" semantic conventions. It represents the platform on
+	// which the browser is running
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'Windows', 'macOS', 'Android'
+	// Note: This value is intended to be taken from the [UA client hints
+	// API](https://wicg.github.io/ua-client-hints/#interface)
+	// (`navigator.userAgentData.platform`). If unavailable, the legacy
+	// `navigator.platform` API SHOULD NOT be used instead and this attribute
+	// SHOULD be left unset in order for the values to be consistent.
+	// The list of possible values is defined in the [W3C User-Agent Client
+	// Hints
+	// specification](https://wicg.github.io/ua-client-hints/#sec-ch-ua-platform).
+	// Note that some (but not all) of these values can overlap with values in
+	// the [`os.type` and `os.name` attributes](./os.md). However, for
+	// consistency, the values in the `browser.platform` attribute should
+	// capture the exact value that the user agent provides.
+	BrowserPlatformKey = attribute.Key("browser.platform")
+
+	// BrowserMobileKey is the attribute Key conforming to the "browser.mobile"
+	// semantic conventions. It represents a boolean that is true if the
+	// browser is running on a mobile device
+	//
+	// Type: boolean
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Note: This value is intended to be taken from the [UA client hints
+	// API](https://wicg.github.io/ua-client-hints/#interface)
+	// (`navigator.userAgentData.mobile`). If unavailable, this attribute
+	// SHOULD be left unset.
+	BrowserMobileKey = attribute.Key("browser.mobile")
+
+	// BrowserUserAgentKey is the attribute Key conforming to the
+	// "browser.user_agent" semantic conventions. It represents the full
+	// user-agent string provided by the browser
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7)
+	// AppleWebKit/537.36 (KHTML, '
+	//  'like Gecko) Chrome/95.0.4638.54 Safari/537.36'
+	// Note: The user-agent value SHOULD be provided only from browsers that do
+	// not have a mechanism to retrieve brands and platform individually from
+	// the User-Agent Client Hints API. To retrieve the value, the legacy
+	// `navigator.userAgent` API can be used.
+	BrowserUserAgentKey = attribute.Key("browser.user_agent")
+
+	// BrowserLanguageKey is the attribute Key conforming to the
+	// "browser.language" semantic conventions. It represents the preferred
+	// language of the user using the browser
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'en', 'en-US', 'fr', 'fr-FR'
+	// Note: This value is intended to be taken from the Navigator API
+	// `navigator.language`.
+	BrowserLanguageKey = attribute.Key("browser.language")
+)
+
+// BrowserBrands returns an attribute KeyValue conforming to the
+// "browser.brands" semantic conventions. It represents the array of brand name
+// and version separated by a space
+func BrowserBrands(val ...string) attribute.KeyValue {
+	return BrowserBrandsKey.StringSlice(val)
+}
+
+// BrowserPlatform returns an attribute KeyValue conforming to the
+// "browser.platform" semantic conventions. It represents the platform on which
+// the browser is running
+func BrowserPlatform(val string) attribute.KeyValue {
+	return BrowserPlatformKey.String(val)
+}
+
+// BrowserMobile returns an attribute KeyValue conforming to the
+// "browser.mobile" semantic conventions. It represents a boolean that is true
+// if the browser is running on a mobile device
+func BrowserMobile(val bool) attribute.KeyValue {
+	return BrowserMobileKey.Bool(val)
+}
+
+// BrowserUserAgent returns an attribute KeyValue conforming to the
+// "browser.user_agent" semantic conventions. It represents the full user-agent
+// string provided by the browser
+func BrowserUserAgent(val string) attribute.KeyValue {
+	return BrowserUserAgentKey.String(val)
+}
+
+// BrowserLanguage returns an attribute KeyValue conforming to the
+// "browser.language" semantic conventions. It represents the preferred
+// language of the user using the browser
+func BrowserLanguage(val string) attribute.KeyValue {
+	return BrowserLanguageKey.String(val)
+}
+
+// A cloud environment (e.g. GCP, Azure, AWS)
+const (
+	// CloudProviderKey is the attribute Key conforming to the "cloud.provider"
+	// semantic conventions. It represents the name of the cloud provider.
+	//
+	// Type: Enum
+	// RequirementLevel: Optional
+	// Stability: stable
+	CloudProviderKey = attribute.Key("cloud.provider")
+
+	// CloudAccountIDKey is the attribute Key conforming to the
+	// "cloud.account.id" semantic conventions. It represents the cloud account
+	// ID the resource is assigned to.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: '111111111111', 'opentelemetry'
+	CloudAccountIDKey = attribute.Key("cloud.account.id")
+
+	// CloudRegionKey is the attribute Key conforming to the "cloud.region"
+	// semantic conventions. It represents the geographical region the resource
+	// is running.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'us-central1', 'us-east-1'
+	// Note: Refer to your provider's docs to see the available regions, for
+	// example [Alibaba Cloud
+	// regions](https://www.alibabacloud.com/help/doc-detail/40654.htm), [AWS
+	// regions](https://aws.amazon.com/about-aws/global-infrastructure/regions_az/),
+	// [Azure
+	// regions](https://azure.microsoft.com/en-us/global-infrastructure/geographies/),
+	// [Google Cloud regions](https://cloud.google.com/about/locations), or
+	// [Tencent Cloud
+	// regions](https://intl.cloud.tencent.com/document/product/213/6091).
+	CloudRegionKey = attribute.Key("cloud.region")
+
+	// CloudAvailabilityZoneKey is the attribute Key conforming to the
+	// "cloud.availability_zone" semantic conventions. It represents the cloud
+	// regions often have multiple, isolated locations known as zones to
+	// increase availability. Availability zone represents the zone where the
+	// resource is running.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'us-east-1c'
+	// Note: Availability zones are called "zones" on Alibaba Cloud and Google
+	// Cloud.
+	CloudAvailabilityZoneKey = attribute.Key("cloud.availability_zone")
+
+	// CloudPlatformKey is the attribute Key conforming to the "cloud.platform"
+	// semantic conventions. It represents the cloud platform in use.
+	//
+	// Type: Enum
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Note: The prefix of the service SHOULD match the one specified in
+	// `cloud.provider`.
+	CloudPlatformKey = attribute.Key("cloud.platform")
+)
+
+var (
+	// Alibaba Cloud
+	CloudProviderAlibabaCloud = CloudProviderKey.String("alibaba_cloud")
+	// Amazon Web Services
+	CloudProviderAWS = CloudProviderKey.String("aws")
+	// Microsoft Azure
+	CloudProviderAzure = CloudProviderKey.String("azure")
+	// Google Cloud Platform
+	CloudProviderGCP = CloudProviderKey.String("gcp")
+	// IBM Cloud
+	CloudProviderIbmCloud = CloudProviderKey.String("ibm_cloud")
+	// Tencent Cloud
+	CloudProviderTencentCloud = CloudProviderKey.String("tencent_cloud")
+)
+
+var (
+	// Alibaba Cloud Elastic Compute Service
+	CloudPlatformAlibabaCloudECS = CloudPlatformKey.String("alibaba_cloud_ecs")
+	// Alibaba Cloud Function Compute
+	CloudPlatformAlibabaCloudFc = CloudPlatformKey.String("alibaba_cloud_fc")
+	// Red Hat OpenShift on Alibaba Cloud
+	CloudPlatformAlibabaCloudOpenshift = CloudPlatformKey.String("alibaba_cloud_openshift")
+	// AWS Elastic Compute Cloud
+	CloudPlatformAWSEC2 = CloudPlatformKey.String("aws_ec2")
+	// AWS Elastic Container Service
+	CloudPlatformAWSECS = CloudPlatformKey.String("aws_ecs")
+	// AWS Elastic Kubernetes Service
+	CloudPlatformAWSEKS = CloudPlatformKey.String("aws_eks")
+	// AWS Lambda
+	CloudPlatformAWSLambda = CloudPlatformKey.String("aws_lambda")
+	// AWS Elastic Beanstalk
+	CloudPlatformAWSElasticBeanstalk = CloudPlatformKey.String("aws_elastic_beanstalk")
+	// AWS App Runner
+	CloudPlatformAWSAppRunner = CloudPlatformKey.String("aws_app_runner")
+	// Red Hat OpenShift on AWS (ROSA)
+	CloudPlatformAWSOpenshift = CloudPlatformKey.String("aws_openshift")
+	// Azure Virtual Machines
+	CloudPlatformAzureVM = CloudPlatformKey.String("azure_vm")
+	// Azure Container Instances
+	CloudPlatformAzureContainerInstances = CloudPlatformKey.String("azure_container_instances")
+	// Azure Kubernetes Service
+	CloudPlatformAzureAKS = CloudPlatformKey.String("azure_aks")
+	// Azure Functions
+	CloudPlatformAzureFunctions = CloudPlatformKey.String("azure_functions")
+	// Azure App Service
+	CloudPlatformAzureAppService = CloudPlatformKey.String("azure_app_service")
+	// Azure Red Hat OpenShift
+	CloudPlatformAzureOpenshift = CloudPlatformKey.String("azure_openshift")
+	// Google Cloud Compute Engine (GCE)
+	CloudPlatformGCPComputeEngine = CloudPlatformKey.String("gcp_compute_engine")
+	// Google Cloud Run
+	CloudPlatformGCPCloudRun = CloudPlatformKey.String("gcp_cloud_run")
+	// Google Cloud Kubernetes Engine (GKE)
+	CloudPlatformGCPKubernetesEngine = CloudPlatformKey.String("gcp_kubernetes_engine")
+	// Google Cloud Functions (GCF)
+	CloudPlatformGCPCloudFunctions = CloudPlatformKey.String("gcp_cloud_functions")
+	// Google Cloud App Engine (GAE)
+	CloudPlatformGCPAppEngine = CloudPlatformKey.String("gcp_app_engine")
+	// Red Hat OpenShift on Google Cloud
+	CloudPlatformGoogleCloudOpenshift = CloudPlatformKey.String("google_cloud_openshift")
+	// Red Hat OpenShift on IBM Cloud
+	CloudPlatformIbmCloudOpenshift = CloudPlatformKey.String("ibm_cloud_openshift")
+	// Tencent Cloud Cloud Virtual Machine (CVM)
+	CloudPlatformTencentCloudCvm = CloudPlatformKey.String("tencent_cloud_cvm")
+	// Tencent Cloud Elastic Kubernetes Service (EKS)
+	CloudPlatformTencentCloudEKS = CloudPlatformKey.String("tencent_cloud_eks")
+	// Tencent Cloud Serverless Cloud Function (SCF)
+	CloudPlatformTencentCloudScf = CloudPlatformKey.String("tencent_cloud_scf")
+)
+
+// CloudAccountID returns an attribute KeyValue conforming to the
+// "cloud.account.id" semantic conventions. It represents the cloud account ID
+// the resource is assigned to.
+func CloudAccountID(val string) attribute.KeyValue {
+	return CloudAccountIDKey.String(val)
+}
+
+// CloudRegion returns an attribute KeyValue conforming to the
+// "cloud.region" semantic conventions. It represents the geographical region
+// the resource is running.
+func CloudRegion(val string) attribute.KeyValue {
+	return CloudRegionKey.String(val)
+}
+
+// CloudAvailabilityZone returns an attribute KeyValue conforming to the
+// "cloud.availability_zone" semantic conventions. It represents the cloud
+// regions often have multiple, isolated locations known as zones to increase
+// availability. Availability zone represents the zone where the resource is
+// running.
+func CloudAvailabilityZone(val string) attribute.KeyValue {
+	return CloudAvailabilityZoneKey.String(val)
+}
+
+// Resources used by AWS Elastic Container Service (ECS).
+const (
+	// AWSECSContainerARNKey is the attribute Key conforming to the
+	// "aws.ecs.container.arn" semantic conventions. It represents the Amazon
+	// Resource Name (ARN) of an [ECS container
+	// instance](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ECS_instances.html).
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples:
+	// 'arn:aws:ecs:us-west-1:123456789123:container/32624152-9086-4f0e-acae-1a75b14fe4d9'
+	AWSECSContainerARNKey = attribute.Key("aws.ecs.container.arn")
+
+	// AWSECSClusterARNKey is the attribute Key conforming to the
+	// "aws.ecs.cluster.arn" semantic conventions. It represents the ARN of an
+	// [ECS
+	// cluster](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/clusters.html).
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'arn:aws:ecs:us-west-2:123456789123:cluster/my-cluster'
+	AWSECSClusterARNKey = attribute.Key("aws.ecs.cluster.arn")
+
+	// AWSECSLaunchtypeKey is the attribute Key conforming to the
+	// "aws.ecs.launchtype" semantic conventions. It represents the [launch
+	// type](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/launch_types.html)
+	// for an ECS task.
+	//
+	// Type: Enum
+	// RequirementLevel: Optional
+	// Stability: stable
+	AWSECSLaunchtypeKey = attribute.Key("aws.ecs.launchtype")
+
+	// AWSECSTaskARNKey is the attribute Key conforming to the
+	// "aws.ecs.task.arn" semantic conventions. It represents the ARN of an
+	// [ECS task
+	// definition](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definitions.html).
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples:
+	// 'arn:aws:ecs:us-west-1:123456789123:task/10838bed-421f-43ef-870a-f43feacbbb5b'
+	AWSECSTaskARNKey = attribute.Key("aws.ecs.task.arn")
+
+	// AWSECSTaskFamilyKey is the attribute Key conforming to the
+	// "aws.ecs.task.family" semantic conventions. It represents the task
+	// definition family this task definition is a member of.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'opentelemetry-family'
+	AWSECSTaskFamilyKey = attribute.Key("aws.ecs.task.family")
+
+	// AWSECSTaskRevisionKey is the attribute Key conforming to the
+	// "aws.ecs.task.revision" semantic conventions. It represents the revision
+	// for this task definition.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: '8', '26'
+	AWSECSTaskRevisionKey = attribute.Key("aws.ecs.task.revision")
+)
+
+var (
+	// ec2
+	AWSECSLaunchtypeEC2 = AWSECSLaunchtypeKey.String("ec2")
+	// fargate
+	AWSECSLaunchtypeFargate = AWSECSLaunchtypeKey.String("fargate")
+)
+
+// AWSECSContainerARN returns an attribute KeyValue conforming to the
+// "aws.ecs.container.arn" semantic conventions. It represents the Amazon
+// Resource Name (ARN) of an [ECS container
+// instance](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ECS_instances.html).
+func AWSECSContainerARN(val string) attribute.KeyValue {
+	return AWSECSContainerARNKey.String(val)
+}
+
+// AWSECSClusterARN returns an attribute KeyValue conforming to the
+// "aws.ecs.cluster.arn" semantic conventions. It represents the ARN of an [ECS
+// cluster](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/clusters.html).
+func AWSECSClusterARN(val string) attribute.KeyValue {
+	return AWSECSClusterARNKey.String(val)
+}
+
+// AWSECSTaskARN returns an attribute KeyValue conforming to the
+// "aws.ecs.task.arn" semantic conventions. It represents the ARN of an [ECS
+// task
+// definition](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definitions.html).
+func AWSECSTaskARN(val string) attribute.KeyValue {
+	return AWSECSTaskARNKey.String(val)
+}
+
+// AWSECSTaskFamily returns an attribute KeyValue conforming to the
+// "aws.ecs.task.family" semantic conventions. It represents the task
+// definition family this task definition is a member of.
+func AWSECSTaskFamily(val string) attribute.KeyValue {
+	return AWSECSTaskFamilyKey.String(val)
+}
+
+// AWSECSTaskRevision returns an attribute KeyValue conforming to the
+// "aws.ecs.task.revision" semantic conventions. It represents the revision for
+// this task definition.
+func AWSECSTaskRevision(val string) attribute.KeyValue {
+	return AWSECSTaskRevisionKey.String(val)
+}
+
+// Resources used by AWS Elastic Kubernetes Service (EKS).
+const (
+	// AWSEKSClusterARNKey is the attribute Key conforming to the
+	// "aws.eks.cluster.arn" semantic conventions. It represents the ARN of an
+	// EKS cluster.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'arn:aws:ecs:us-west-2:123456789123:cluster/my-cluster'
+	AWSEKSClusterARNKey = attribute.Key("aws.eks.cluster.arn")
+)
+
+// AWSEKSClusterARN returns an attribute KeyValue conforming to the
+// "aws.eks.cluster.arn" semantic conventions. It represents the ARN of an EKS
+// cluster.
+func AWSEKSClusterARN(val string) attribute.KeyValue {
+	return AWSEKSClusterARNKey.String(val)
+}
+
+// Resources specific to Amazon Web Services.
+const (
+	// AWSLogGroupNamesKey is the attribute Key conforming to the
+	// "aws.log.group.names" semantic conventions. It represents the name(s) of
+	// the AWS log group(s) an application is writing to.
+	//
+	// Type: string[]
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: '/aws/lambda/my-function', 'opentelemetry-service'
+	// Note: Multiple log groups must be supported for cases like
+	// multi-container applications, where a single application has sidecar
+	// containers, and each write to their own log group.
+	AWSLogGroupNamesKey = attribute.Key("aws.log.group.names")
+
+	// AWSLogGroupARNsKey is the attribute Key conforming to the
+	// "aws.log.group.arns" semantic conventions. It represents the Amazon
+	// Resource Name(s) (ARN) of the AWS log group(s).
+	//
+	// Type: string[]
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples:
+	// 'arn:aws:logs:us-west-1:123456789012:log-group:/aws/my/group:*'
+	// Note: See the [log group ARN format
+	// documentation](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/iam-access-control-overview-cwl.html#CWL_ARN_Format).
+	AWSLogGroupARNsKey = attribute.Key("aws.log.group.arns")
+
+	// AWSLogStreamNamesKey is the attribute Key conforming to the
+	// "aws.log.stream.names" semantic conventions. It represents the name(s)
+	// of the AWS log stream(s) an application is writing to.
+	//
+	// Type: string[]
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'logs/main/10838bed-421f-43ef-870a-f43feacbbb5b'
+	AWSLogStreamNamesKey = attribute.Key("aws.log.stream.names")
+
+	// AWSLogStreamARNsKey is the attribute Key conforming to the
+	// "aws.log.stream.arns" semantic conventions. It represents the ARN(s) of
+	// the AWS log stream(s).
+	//
+	// Type: string[]
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples:
+	// 'arn:aws:logs:us-west-1:123456789012:log-group:/aws/my/group:log-stream:logs/main/10838bed-421f-43ef-870a-f43feacbbb5b'
+	// Note: See the [log stream ARN format
+	// documentation](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/iam-access-control-overview-cwl.html#CWL_ARN_Format).
+	// One log group can contain several log streams, so these ARNs necessarily
+	// identify both a log group and a log stream.
+	AWSLogStreamARNsKey = attribute.Key("aws.log.stream.arns")
+)
+
+// AWSLogGroupNames returns an attribute KeyValue conforming to the
+// "aws.log.group.names" semantic conventions. It represents the name(s) of the
+// AWS log group(s) an application is writing to.
+func AWSLogGroupNames(val ...string) attribute.KeyValue {
+	return AWSLogGroupNamesKey.StringSlice(val)
+}
+
+// AWSLogGroupARNs returns an attribute KeyValue conforming to the
+// "aws.log.group.arns" semantic conventions. It represents the Amazon Resource
+// Name(s) (ARN) of the AWS log group(s).
+func AWSLogGroupARNs(val ...string) attribute.KeyValue {
+	return AWSLogGroupARNsKey.StringSlice(val)
+}
+
+// AWSLogStreamNames returns an attribute KeyValue conforming to the
+// "aws.log.stream.names" semantic conventions. It represents the name(s) of
+// the AWS log stream(s) an application is writing to.
+func AWSLogStreamNames(val ...string) attribute.KeyValue {
+	return AWSLogStreamNamesKey.StringSlice(val)
+}
+
+// AWSLogStreamARNs returns an attribute KeyValue conforming to the
+// "aws.log.stream.arns" semantic conventions. It represents the ARN(s) of the
+// AWS log stream(s).
+func AWSLogStreamARNs(val ...string) attribute.KeyValue {
+	return AWSLogStreamARNsKey.StringSlice(val)
+}
+
+// A container instance.
+const (
+	// ContainerNameKey is the attribute Key conforming to the "container.name"
+	// semantic conventions. It represents the container name used by container
+	// runtime.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'opentelemetry-autoconf'
+	ContainerNameKey = attribute.Key("container.name")
+
+	// ContainerIDKey is the attribute Key conforming to the "container.id"
+	// semantic conventions. It represents the container ID. Usually a UUID, as
+	// for example used to [identify Docker
+	// containers](https://docs.docker.com/engine/reference/run/#container-identification).
+	// The UUID might be abbreviated.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'a3bf90e006b2'
+	ContainerIDKey = attribute.Key("container.id")
+
+	// ContainerRuntimeKey is the attribute Key conforming to the
+	// "container.runtime" semantic conventions. It represents the container
+	// runtime managing this container.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'docker', 'containerd', 'rkt'
+	ContainerRuntimeKey = attribute.Key("container.runtime")
+
+	// ContainerImageNameKey is the attribute Key conforming to the
+	// "container.image.name" semantic conventions. It represents the name of
+	// the image the container was built on.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'gcr.io/opentelemetry/operator'
+	ContainerImageNameKey = attribute.Key("container.image.name")
+
+	// ContainerImageTagKey is the attribute Key conforming to the
+	// "container.image.tag" semantic conventions. It represents the container
+	// image tag.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: '0.1'
+	ContainerImageTagKey = attribute.Key("container.image.tag")
+)
+
+// ContainerName returns an attribute KeyValue conforming to the
+// "container.name" semantic conventions. It represents the container name used
+// by container runtime.
+func ContainerName(val string) attribute.KeyValue {
+	return ContainerNameKey.String(val)
+}
+
+// ContainerID returns an attribute KeyValue conforming to the
+// "container.id" semantic conventions. It represents the container ID. Usually
+// a UUID, as for example used to [identify Docker
+// containers](https://docs.docker.com/engine/reference/run/#container-identification).
+// The UUID might be abbreviated.
+func ContainerID(val string) attribute.KeyValue {
+	return ContainerIDKey.String(val)
+}
+
+// ContainerRuntime returns an attribute KeyValue conforming to the
+// "container.runtime" semantic conventions. It represents the container
+// runtime managing this container.
+func ContainerRuntime(val string) attribute.KeyValue {
+	return ContainerRuntimeKey.String(val)
+}
+
+// ContainerImageName returns an attribute KeyValue conforming to the
+// "container.image.name" semantic conventions. It represents the name of the
+// image the container was built on.
+func ContainerImageName(val string) attribute.KeyValue {
+	return ContainerImageNameKey.String(val)
+}
+
+// ContainerImageTag returns an attribute KeyValue conforming to the
+// "container.image.tag" semantic conventions. It represents the container
+// image tag.
+func ContainerImageTag(val string) attribute.KeyValue {
+	return ContainerImageTagKey.String(val)
+}
+
+// The software deployment.
+const (
+	// DeploymentEnvironmentKey is the attribute Key conforming to the
+	// "deployment.environment" semantic conventions. It represents the name of
+	// the [deployment
+	// environment](https://en.wikipedia.org/wiki/Deployment_environment) (aka
+	// deployment tier).
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'staging', 'production'
+	DeploymentEnvironmentKey = attribute.Key("deployment.environment")
+)
+
+// DeploymentEnvironment returns an attribute KeyValue conforming to the
+// "deployment.environment" semantic conventions. It represents the name of the
+// [deployment
+// environment](https://en.wikipedia.org/wiki/Deployment_environment) (aka
+// deployment tier).
+func DeploymentEnvironment(val string) attribute.KeyValue {
+	return DeploymentEnvironmentKey.String(val)
+}
+
+// The device on which the process represented by this resource is running.
+const (
+	// DeviceIDKey is the attribute Key conforming to the "device.id" semantic
+	// conventions. It represents a unique identifier representing the device
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: '2ab2916d-a51f-4ac8-80ee-45ac31a28092'
+	// Note: The device identifier MUST only be defined using the values
+	// outlined below. This value is not an advertising identifier and MUST NOT
+	// be used as such. On iOS (Swift or Objective-C), this value MUST be equal
+	// to the [vendor
+	// identifier](https://developer.apple.com/documentation/uikit/uidevice/1620059-identifierforvendor).
+	// On Android (Java or Kotlin), this value MUST be equal to the Firebase
+	// Installation ID or a globally unique UUID which is persisted across
+	// sessions in your application. More information can be found
+	// [here](https://developer.android.com/training/articles/user-data-ids) on
+	// best practices and exact implementation details. Caution should be taken
+	// when storing personal data or anything which can identify a user. GDPR
+	// and data protection laws may apply, ensure you do your own due
+	// diligence.
+	DeviceIDKey = attribute.Key("device.id")
+
+	// DeviceModelIdentifierKey is the attribute Key conforming to the
+	// "device.model.identifier" semantic conventions. It represents the model
+	// identifier for the device
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'iPhone3,4', 'SM-G920F'
+	// Note: It's recommended this value represents a machine readable version
+	// of the model identifier rather than the market or consumer-friendly name
+	// of the device.
+	DeviceModelIdentifierKey = attribute.Key("device.model.identifier")
+
+	// DeviceModelNameKey is the attribute Key conforming to the
+	// "device.model.name" semantic conventions. It represents the marketing
+	// name for the device model
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'iPhone 6s Plus', 'Samsung Galaxy S6'
+	// Note: It's recommended this value represents a human readable version of
+	// the device model rather than a machine readable alternative.
+	DeviceModelNameKey = attribute.Key("device.model.name")
+
+	// DeviceManufacturerKey is the attribute Key conforming to the
+	// "device.manufacturer" semantic conventions. It represents the name of
+	// the device manufacturer
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'Apple', 'Samsung'
+	// Note: The Android OS provides this field via
+	// [Build](https://developer.android.com/reference/android/os/Build#MANUFACTURER).
+	// iOS apps SHOULD hardcode the value `Apple`.
+	DeviceManufacturerKey = attribute.Key("device.manufacturer")
+)
+
+// DeviceID returns an attribute KeyValue conforming to the "device.id"
+// semantic conventions. It represents a unique identifier representing the
+// device
+func DeviceID(val string) attribute.KeyValue {
+	return DeviceIDKey.String(val)
+}
+
+// DeviceModelIdentifier returns an attribute KeyValue conforming to the
+// "device.model.identifier" semantic conventions. It represents the model
+// identifier for the device
+func DeviceModelIdentifier(val string) attribute.KeyValue {
+	return DeviceModelIdentifierKey.String(val)
+}
+
+// DeviceModelName returns an attribute KeyValue conforming to the
+// "device.model.name" semantic conventions. It represents the marketing name
+// for the device model
+func DeviceModelName(val string) attribute.KeyValue {
+	return DeviceModelNameKey.String(val)
+}
+
+// DeviceManufacturer returns an attribute KeyValue conforming to the
+// "device.manufacturer" semantic conventions. It represents the name of the
+// device manufacturer
+func DeviceManufacturer(val string) attribute.KeyValue {
+	return DeviceManufacturerKey.String(val)
+}
+
+// A serverless instance.
+const (
+	// FaaSNameKey is the attribute Key conforming to the "faas.name" semantic
+	// conventions. It represents the name of the single function that this
+	// runtime instance executes.
+	//
+	// Type: string
+	// RequirementLevel: Required
+	// Stability: stable
+	// Examples: 'my-function', 'myazurefunctionapp/some-function-name'
+	// Note: This is the name of the function as configured/deployed on the
+	// FaaS
+	// platform and is usually different from the name of the callback
+	// function (which may be stored in the
+	// [`code.namespace`/`code.function`](../../trace/semantic_conventions/span-general.md#source-code-attributes)
+	// span attributes).
+	//
+	// For some cloud providers, the above definition is ambiguous. The
+	// following
+	// definition of function name MUST be used for this attribute
+	// (and consequently the span name) for the listed cloud
+	// providers/products:
+	//
+	// * **Azure:**  The full name `<FUNCAPP>/<FUNC>`, i.e., function app name
+	//   followed by a forward slash followed by the function name (this form
+	//   can also be seen in the resource JSON for the function).
+	//   This means that a span attribute MUST be used, as an Azure function
+	//   app can host multiple functions that would usually share
+	//   a TracerProvider (see also the `faas.id` attribute).
+	FaaSNameKey = attribute.Key("faas.name")
+
+	// FaaSIDKey is the attribute Key conforming to the "faas.id" semantic
+	// conventions. It represents the unique ID of the single function that
+	// this runtime instance executes.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'arn:aws:lambda:us-west-2:123456789012:function:my-function'
+	// Note: On some cloud providers, it may not be possible to determine the
+	// full ID at startup,
+	// so consider setting `faas.id` as a span attribute instead.
+	//
+	// The exact value to use for `faas.id` depends on the cloud provider:
+	//
+	// * **AWS Lambda:** The function
+	// [ARN](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html).
+	//   Take care not to use the "invoked ARN" directly but replace any
+	//   [alias
+	// suffix](https://docs.aws.amazon.com/lambda/latest/dg/configuration-aliases.html)
+	//   with the resolved function version, as the same runtime instance may
+	// be invokable with
+	//   multiple different aliases.
+	// * **GCP:** The [URI of the
+	// resource](https://cloud.google.com/iam/docs/full-resource-names)
+	// * **Azure:** The [Fully Qualified Resource
+	// ID](https://docs.microsoft.com/en-us/rest/api/resources/resources/get-by-id)
+	// of the invoked function,
+	//   *not* the function app, having the form
+	// `/subscriptions/<SUBSCIPTION_GUID>/resourceGroups/<RG>/providers/Microsoft.Web/sites/<FUNCAPP>/functions/<FUNC>`.
+	//   This means that a span attribute MUST be used, as an Azure function
+	// app can host multiple functions that would usually share
+	//   a TracerProvider.
+	FaaSIDKey = attribute.Key("faas.id")
+
+	// FaaSVersionKey is the attribute Key conforming to the "faas.version"
+	// semantic conventions. It represents the immutable version of the
+	// function being executed.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: '26', 'pinkfroid-00002'
+	// Note: Depending on the cloud provider and platform, use:
+	//
+	// * **AWS Lambda:** The [function
+	// version](https://docs.aws.amazon.com/lambda/latest/dg/configuration-versions.html)
+	//   (an integer represented as a decimal string).
+	// * **Google Cloud Run:** The
+	// [revision](https://cloud.google.com/run/docs/managing/revisions)
+	//   (i.e., the function name plus the revision suffix).
+	// * **Google Cloud Functions:** The value of the
+	//   [`K_REVISION` environment
+	// variable](https://cloud.google.com/functions/docs/env-var#runtime_environment_variables_set_automatically).
+	// * **Azure Functions:** Not applicable. Do not set this attribute.
+	FaaSVersionKey = attribute.Key("faas.version")
+
+	// FaaSInstanceKey is the attribute Key conforming to the "faas.instance"
+	// semantic conventions. It represents the execution environment ID as a
+	// string, that will be potentially reused for other invocations to the
+	// same function/function version.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: '2021/06/28/[$LATEST]2f399eb14537447da05ab2a2e39309de'
+	// Note: * **AWS Lambda:** Use the (full) log stream name.
+	FaaSInstanceKey = attribute.Key("faas.instance")
+
+	// FaaSMaxMemoryKey is the attribute Key conforming to the
+	// "faas.max_memory" semantic conventions. It represents the amount of
+	// memory available to the serverless function in MiB.
+	//
+	// Type: int
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 128
+	// Note: It's recommended to set this attribute since e.g. too little
+	// memory can easily stop a Java AWS Lambda function from working
+	// correctly. On AWS Lambda, the environment variable
+	// `AWS_LAMBDA_FUNCTION_MEMORY_SIZE` provides this information.
+	FaaSMaxMemoryKey = attribute.Key("faas.max_memory")
+)
+
+// FaaSName returns an attribute KeyValue conforming to the "faas.name"
+// semantic conventions. It represents the name of the single function that
+// this runtime instance executes.
+func FaaSName(val string) attribute.KeyValue {
+	return FaaSNameKey.String(val)
+}
+
+// FaaSID returns an attribute KeyValue conforming to the "faas.id" semantic
+// conventions. It represents the unique ID of the single function that this
+// runtime instance executes.
+func FaaSID(val string) attribute.KeyValue {
+	return FaaSIDKey.String(val)
+}
+
+// FaaSVersion returns an attribute KeyValue conforming to the
+// "faas.version" semantic conventions. It represents the immutable version of
+// the function being executed.
+func FaaSVersion(val string) attribute.KeyValue {
+	return FaaSVersionKey.String(val)
+}
+
+// FaaSInstance returns an attribute KeyValue conforming to the
+// "faas.instance" semantic conventions. It represents the execution
+// environment ID as a string, that will be potentially reused for other
+// invocations to the same function/function version.
+func FaaSInstance(val string) attribute.KeyValue {
+	return FaaSInstanceKey.String(val)
+}
+
+// FaaSMaxMemory returns an attribute KeyValue conforming to the
+// "faas.max_memory" semantic conventions. It represents the amount of memory
+// available to the serverless function in MiB.
+func FaaSMaxMemory(val int) attribute.KeyValue {
+	return FaaSMaxMemoryKey.Int(val)
+}
+
+// A host is defined as a general computing instance.
+const (
+	// HostIDKey is the attribute Key conforming to the "host.id" semantic
+	// conventions. It represents the unique host ID. For Cloud, this must be
+	// the instance_id assigned by the cloud provider. For non-containerized
+	// Linux systems, the `machine-id` located in `/etc/machine-id` or
+	// `/var/lib/dbus/machine-id` may be used.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'fdbf79e8af94cb7f9e8df36789187052'
+	HostIDKey = attribute.Key("host.id")
+
+	// HostNameKey is the attribute Key conforming to the "host.name" semantic
+	// conventions. It represents the name of the host. On Unix systems, it may
+	// contain what the hostname command returns, or the fully qualified
+	// hostname, or another name specified by the user.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'opentelemetry-test'
+	HostNameKey = attribute.Key("host.name")
+
+	// HostTypeKey is the attribute Key conforming to the "host.type" semantic
+	// conventions. It represents the type of host. For Cloud, this must be the
+	// machine type.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'n1-standard-1'
+	HostTypeKey = attribute.Key("host.type")
+
+	// HostArchKey is the attribute Key conforming to the "host.arch" semantic
+	// conventions. It represents the CPU architecture the host system is
+	// running on.
+	//
+	// Type: Enum
+	// RequirementLevel: Optional
+	// Stability: stable
+	HostArchKey = attribute.Key("host.arch")
+
+	// HostImageNameKey is the attribute Key conforming to the
+	// "host.image.name" semantic conventions. It represents the name of the VM
+	// image or OS install the host was instantiated from.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'infra-ami-eks-worker-node-7d4ec78312', 'CentOS-8-x86_64-1905'
+	HostImageNameKey = attribute.Key("host.image.name")
+
+	// HostImageIDKey is the attribute Key conforming to the "host.image.id"
+	// semantic conventions. It represents the vM image ID. For Cloud, this
+	// value is from the provider.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'ami-07b06b442921831e5'
+	HostImageIDKey = attribute.Key("host.image.id")
+
+	// HostImageVersionKey is the attribute Key conforming to the
+	// "host.image.version" semantic conventions. It represents the version
+	// string of the VM image as defined in [Version
+	// Attributes](README.md#version-attributes).
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: '0.1'
+	HostImageVersionKey = attribute.Key("host.image.version")
+)
+
+var (
+	// AMD64
+	HostArchAMD64 = HostArchKey.String("amd64")
+	// ARM32
+	HostArchARM32 = HostArchKey.String("arm32")
+	// ARM64
+	HostArchARM64 = HostArchKey.String("arm64")
+	// Itanium
+	HostArchIA64 = HostArchKey.String("ia64")
+	// 32-bit PowerPC
+	HostArchPPC32 = HostArchKey.String("ppc32")
+	// 64-bit PowerPC
+	HostArchPPC64 = HostArchKey.String("ppc64")
+	// IBM z/Architecture
+	HostArchS390x = HostArchKey.String("s390x")
+	// 32-bit x86
+	HostArchX86 = HostArchKey.String("x86")
+)
+
+// HostID returns an attribute KeyValue conforming to the "host.id" semantic
+// conventions. It represents the unique host ID. For Cloud, this must be the
+// instance_id assigned by the cloud provider. For non-containerized Linux
+// systems, the `machine-id` located in `/etc/machine-id` or
+// `/var/lib/dbus/machine-id` may be used.
+func HostID(val string) attribute.KeyValue {
+	return HostIDKey.String(val)
+}
+
+// HostName returns an attribute KeyValue conforming to the "host.name"
+// semantic conventions. It represents the name of the host. On Unix systems,
+// it may contain what the hostname command returns, or the fully qualified
+// hostname, or another name specified by the user.
+func HostName(val string) attribute.KeyValue {
+	return HostNameKey.String(val)
+}
+
+// HostType returns an attribute KeyValue conforming to the "host.type"
+// semantic conventions. It represents the type of host. For Cloud, this must
+// be the machine type.
+func HostType(val string) attribute.KeyValue {
+	return HostTypeKey.String(val)
+}
+
+// HostImageName returns an attribute KeyValue conforming to the
+// "host.image.name" semantic conventions. It represents the name of the VM
+// image or OS install the host was instantiated from.
+func HostImageName(val string) attribute.KeyValue {
+	return HostImageNameKey.String(val)
+}
+
+// HostImageID returns an attribute KeyValue conforming to the
+// "host.image.id" semantic conventions. It represents the vM image ID. For
+// Cloud, this value is from the provider.
+func HostImageID(val string) attribute.KeyValue {
+	return HostImageIDKey.String(val)
+}
+
+// HostImageVersion returns an attribute KeyValue conforming to the
+// "host.image.version" semantic conventions. It represents the version string
+// of the VM image as defined in [Version
+// Attributes](README.md#version-attributes).
+func HostImageVersion(val string) attribute.KeyValue {
+	return HostImageVersionKey.String(val)
+}
+
+// A Kubernetes Cluster.
+const (
+	// K8SClusterNameKey is the attribute Key conforming to the
+	// "k8s.cluster.name" semantic conventions. It represents the name of the
+	// cluster.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'opentelemetry-cluster'
+	K8SClusterNameKey = attribute.Key("k8s.cluster.name")
+)
+
+// K8SClusterName returns an attribute KeyValue conforming to the
+// "k8s.cluster.name" semantic conventions. It represents the name of the
+// cluster.
+func K8SClusterName(val string) attribute.KeyValue {
+	return K8SClusterNameKey.String(val)
+}
+
+// A Kubernetes Node object.
+const (
+	// K8SNodeNameKey is the attribute Key conforming to the "k8s.node.name"
+	// semantic conventions. It represents the name of the Node.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'node-1'
+	K8SNodeNameKey = attribute.Key("k8s.node.name")
+
+	// K8SNodeUIDKey is the attribute Key conforming to the "k8s.node.uid"
+	// semantic conventions. It represents the UID of the Node.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: '1eb3a0c6-0477-4080-a9cb-0cb7db65c6a2'
+	K8SNodeUIDKey = attribute.Key("k8s.node.uid")
+)
+
+// K8SNodeName returns an attribute KeyValue conforming to the
+// "k8s.node.name" semantic conventions. It represents the name of the Node.
+func K8SNodeName(val string) attribute.KeyValue {
+	return K8SNodeNameKey.String(val)
+}
+
+// K8SNodeUID returns an attribute KeyValue conforming to the "k8s.node.uid"
+// semantic conventions. It represents the UID of the Node.
+func K8SNodeUID(val string) attribute.KeyValue {
+	return K8SNodeUIDKey.String(val)
+}
+
+// A Kubernetes Namespace.
+const (
+	// K8SNamespaceNameKey is the attribute Key conforming to the
+	// "k8s.namespace.name" semantic conventions. It represents the name of the
+	// namespace that the pod is running in.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'default'
+	K8SNamespaceNameKey = attribute.Key("k8s.namespace.name")
+)
+
+// K8SNamespaceName returns an attribute KeyValue conforming to the
+// "k8s.namespace.name" semantic conventions. It represents the name of the
+// namespace that the pod is running in.
+func K8SNamespaceName(val string) attribute.KeyValue {
+	return K8SNamespaceNameKey.String(val)
+}
+
+// A Kubernetes Pod object.
+const (
+	// K8SPodUIDKey is the attribute Key conforming to the "k8s.pod.uid"
+	// semantic conventions. It represents the UID of the Pod.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: '275ecb36-5aa8-4c2a-9c47-d8bb681b9aff'
+	K8SPodUIDKey = attribute.Key("k8s.pod.uid")
+
+	// K8SPodNameKey is the attribute Key conforming to the "k8s.pod.name"
+	// semantic conventions. It represents the name of the Pod.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'opentelemetry-pod-autoconf'
+	K8SPodNameKey = attribute.Key("k8s.pod.name")
+)
+
+// K8SPodUID returns an attribute KeyValue conforming to the "k8s.pod.uid"
+// semantic conventions. It represents the UID of the Pod.
+func K8SPodUID(val string) attribute.KeyValue {
+	return K8SPodUIDKey.String(val)
+}
+
+// K8SPodName returns an attribute KeyValue conforming to the "k8s.pod.name"
+// semantic conventions. It represents the name of the Pod.
+func K8SPodName(val string) attribute.KeyValue {
+	return K8SPodNameKey.String(val)
+}
+
+// A container in a
+// [PodTemplate](https://kubernetes.io/docs/concepts/workloads/pods/#pod-templates).
+const (
+	// K8SContainerNameKey is the attribute Key conforming to the
+	// "k8s.container.name" semantic conventions. It represents the name of the
+	// Container from Pod specification, must be unique within a Pod. Container
+	// runtime usually uses different globally unique name (`container.name`).
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'redis'
+	K8SContainerNameKey = attribute.Key("k8s.container.name")
+
+	// K8SContainerRestartCountKey is the attribute Key conforming to the
+	// "k8s.container.restart_count" semantic conventions. It represents the
+	// number of times the container was restarted. This attribute can be used
+	// to identify a particular container (running or stopped) within a
+	// container spec.
+	//
+	// Type: int
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 0, 2
+	K8SContainerRestartCountKey = attribute.Key("k8s.container.restart_count")
+)
+
+// K8SContainerName returns an attribute KeyValue conforming to the
+// "k8s.container.name" semantic conventions. It represents the name of the
+// Container from Pod specification, must be unique within a Pod. Container
+// runtime usually uses different globally unique name (`container.name`).
+func K8SContainerName(val string) attribute.KeyValue {
+	return K8SContainerNameKey.String(val)
+}
+
+// K8SContainerRestartCount returns an attribute KeyValue conforming to the
+// "k8s.container.restart_count" semantic conventions. It represents the number
+// of times the container was restarted. This attribute can be used to identify
+// a particular container (running or stopped) within a container spec.
+func K8SContainerRestartCount(val int) attribute.KeyValue {
+	return K8SContainerRestartCountKey.Int(val)
+}
+
+// A Kubernetes ReplicaSet object.
+const (
+	// K8SReplicaSetUIDKey is the attribute Key conforming to the
+	// "k8s.replicaset.uid" semantic conventions. It represents the UID of the
+	// ReplicaSet.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: '275ecb36-5aa8-4c2a-9c47-d8bb681b9aff'
+	K8SReplicaSetUIDKey = attribute.Key("k8s.replicaset.uid")
+
+	// K8SReplicaSetNameKey is the attribute Key conforming to the
+	// "k8s.replicaset.name" semantic conventions. It represents the name of
+	// the ReplicaSet.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'opentelemetry'
+	K8SReplicaSetNameKey = attribute.Key("k8s.replicaset.name")
+)
+
+// K8SReplicaSetUID returns an attribute KeyValue conforming to the
+// "k8s.replicaset.uid" semantic conventions. It represents the UID of the
+// ReplicaSet.
+func K8SReplicaSetUID(val string) attribute.KeyValue {
+	return K8SReplicaSetUIDKey.String(val)
+}
+
+// K8SReplicaSetName returns an attribute KeyValue conforming to the
+// "k8s.replicaset.name" semantic conventions. It represents the name of the
+// ReplicaSet.
+func K8SReplicaSetName(val string) attribute.KeyValue {
+	return K8SReplicaSetNameKey.String(val)
+}
+
+// A Kubernetes Deployment object.
+const (
+	// K8SDeploymentUIDKey is the attribute Key conforming to the
+	// "k8s.deployment.uid" semantic conventions. It represents the UID of the
+	// Deployment.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: '275ecb36-5aa8-4c2a-9c47-d8bb681b9aff'
+	K8SDeploymentUIDKey = attribute.Key("k8s.deployment.uid")
+
+	// K8SDeploymentNameKey is the attribute Key conforming to the
+	// "k8s.deployment.name" semantic conventions. It represents the name of
+	// the Deployment.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'opentelemetry'
+	K8SDeploymentNameKey = attribute.Key("k8s.deployment.name")
+)
+
+// K8SDeploymentUID returns an attribute KeyValue conforming to the
+// "k8s.deployment.uid" semantic conventions. It represents the UID of the
+// Deployment.
+func K8SDeploymentUID(val string) attribute.KeyValue {
+	return K8SDeploymentUIDKey.String(val)
+}
+
+// K8SDeploymentName returns an attribute KeyValue conforming to the
+// "k8s.deployment.name" semantic conventions. It represents the name of the
+// Deployment.
+func K8SDeploymentName(val string) attribute.KeyValue {
+	return K8SDeploymentNameKey.String(val)
+}
+
+// A Kubernetes StatefulSet object.
+const (
+	// K8SStatefulSetUIDKey is the attribute Key conforming to the
+	// "k8s.statefulset.uid" semantic conventions. It represents the UID of the
+	// StatefulSet.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: '275ecb36-5aa8-4c2a-9c47-d8bb681b9aff'
+	K8SStatefulSetUIDKey = attribute.Key("k8s.statefulset.uid")
+
+	// K8SStatefulSetNameKey is the attribute Key conforming to the
+	// "k8s.statefulset.name" semantic conventions. It represents the name of
+	// the StatefulSet.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'opentelemetry'
+	K8SStatefulSetNameKey = attribute.Key("k8s.statefulset.name")
+)
+
+// K8SStatefulSetUID returns an attribute KeyValue conforming to the
+// "k8s.statefulset.uid" semantic conventions. It represents the UID of the
+// StatefulSet.
+func K8SStatefulSetUID(val string) attribute.KeyValue {
+	return K8SStatefulSetUIDKey.String(val)
+}
+
+// K8SStatefulSetName returns an attribute KeyValue conforming to the
+// "k8s.statefulset.name" semantic conventions. It represents the name of the
+// StatefulSet.
+func K8SStatefulSetName(val string) attribute.KeyValue {
+	return K8SStatefulSetNameKey.String(val)
+}
+
+// A Kubernetes DaemonSet object.
+const (
+	// K8SDaemonSetUIDKey is the attribute Key conforming to the
+	// "k8s.daemonset.uid" semantic conventions. It represents the UID of the
+	// DaemonSet.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: '275ecb36-5aa8-4c2a-9c47-d8bb681b9aff'
+	K8SDaemonSetUIDKey = attribute.Key("k8s.daemonset.uid")
+
+	// K8SDaemonSetNameKey is the attribute Key conforming to the
+	// "k8s.daemonset.name" semantic conventions. It represents the name of the
+	// DaemonSet.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'opentelemetry'
+	K8SDaemonSetNameKey = attribute.Key("k8s.daemonset.name")
+)
+
+// K8SDaemonSetUID returns an attribute KeyValue conforming to the
+// "k8s.daemonset.uid" semantic conventions. It represents the UID of the
+// DaemonSet.
+func K8SDaemonSetUID(val string) attribute.KeyValue {
+	return K8SDaemonSetUIDKey.String(val)
+}
+
+// K8SDaemonSetName returns an attribute KeyValue conforming to the
+// "k8s.daemonset.name" semantic conventions. It represents the name of the
+// DaemonSet.
+func K8SDaemonSetName(val string) attribute.KeyValue {
+	return K8SDaemonSetNameKey.String(val)
+}
+
+// A Kubernetes Job object.
+const (
+	// K8SJobUIDKey is the attribute Key conforming to the "k8s.job.uid"
+	// semantic conventions. It represents the UID of the Job.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: '275ecb36-5aa8-4c2a-9c47-d8bb681b9aff'
+	K8SJobUIDKey = attribute.Key("k8s.job.uid")
+
+	// K8SJobNameKey is the attribute Key conforming to the "k8s.job.name"
+	// semantic conventions. It represents the name of the Job.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'opentelemetry'
+	K8SJobNameKey = attribute.Key("k8s.job.name")
+)
+
+// K8SJobUID returns an attribute KeyValue conforming to the "k8s.job.uid"
+// semantic conventions. It represents the UID of the Job.
+func K8SJobUID(val string) attribute.KeyValue {
+	return K8SJobUIDKey.String(val)
+}
+
+// K8SJobName returns an attribute KeyValue conforming to the "k8s.job.name"
+// semantic conventions. It represents the name of the Job.
+func K8SJobName(val string) attribute.KeyValue {
+	return K8SJobNameKey.String(val)
+}
+
+// A Kubernetes CronJob object.
+const (
+	// K8SCronJobUIDKey is the attribute Key conforming to the
+	// "k8s.cronjob.uid" semantic conventions. It represents the UID of the
+	// CronJob.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: '275ecb36-5aa8-4c2a-9c47-d8bb681b9aff'
+	K8SCronJobUIDKey = attribute.Key("k8s.cronjob.uid")
+
+	// K8SCronJobNameKey is the attribute Key conforming to the
+	// "k8s.cronjob.name" semantic conventions. It represents the name of the
+	// CronJob.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'opentelemetry'
+	K8SCronJobNameKey = attribute.Key("k8s.cronjob.name")
+)
+
+// K8SCronJobUID returns an attribute KeyValue conforming to the
+// "k8s.cronjob.uid" semantic conventions. It represents the UID of the
+// CronJob.
+func K8SCronJobUID(val string) attribute.KeyValue {
+	return K8SCronJobUIDKey.String(val)
+}
+
+// K8SCronJobName returns an attribute KeyValue conforming to the
+// "k8s.cronjob.name" semantic conventions. It represents the name of the
+// CronJob.
+func K8SCronJobName(val string) attribute.KeyValue {
+	return K8SCronJobNameKey.String(val)
+}
+
+// The operating system (OS) on which the process represented by this resource
+// is running.
+const (
+	// OSTypeKey is the attribute Key conforming to the "os.type" semantic
+	// conventions. It represents the operating system type.
+	//
+	// Type: Enum
+	// RequirementLevel: Required
+	// Stability: stable
+	OSTypeKey = attribute.Key("os.type")
+
+	// OSDescriptionKey is the attribute Key conforming to the "os.description"
+	// semantic conventions. It represents the human readable (not intended to
+	// be parsed) OS version information, like e.g. reported by `ver` or
+	// `lsb_release -a` commands.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'Microsoft Windows [Version 10.0.18363.778]', 'Ubuntu 18.04.1
+	// LTS'
+	OSDescriptionKey = attribute.Key("os.description")
+
+	// OSNameKey is the attribute Key conforming to the "os.name" semantic
+	// conventions. It represents the human readable operating system name.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'iOS', 'Android', 'Ubuntu'
+	OSNameKey = attribute.Key("os.name")
+
+	// OSVersionKey is the attribute Key conforming to the "os.version"
+	// semantic conventions. It represents the version string of the operating
+	// system as defined in [Version
+	// Attributes](../../resource/semantic_conventions/README.md#version-attributes).
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: '14.2.1', '18.04.1'
+	OSVersionKey = attribute.Key("os.version")
+)
+
+var (
+	// Microsoft Windows
+	OSTypeWindows = OSTypeKey.String("windows")
+	// Linux
+	OSTypeLinux = OSTypeKey.String("linux")
+	// Apple Darwin
+	OSTypeDarwin = OSTypeKey.String("darwin")
+	// FreeBSD
+	OSTypeFreeBSD = OSTypeKey.String("freebsd")
+	// NetBSD
+	OSTypeNetBSD = OSTypeKey.String("netbsd")
+	// OpenBSD
+	OSTypeOpenBSD = OSTypeKey.String("openbsd")
+	// DragonFly BSD
+	OSTypeDragonflyBSD = OSTypeKey.String("dragonflybsd")
+	// HP-UX (Hewlett Packard Unix)
+	OSTypeHPUX = OSTypeKey.String("hpux")
+	// AIX (Advanced Interactive eXecutive)
+	OSTypeAIX = OSTypeKey.String("aix")
+	// SunOS, Oracle Solaris
+	OSTypeSolaris = OSTypeKey.String("solaris")
+	// IBM z/OS
+	OSTypeZOS = OSTypeKey.String("z_os")
+)
+
+// OSDescription returns an attribute KeyValue conforming to the
+// "os.description" semantic conventions. It represents the human readable (not
+// intended to be parsed) OS version information, like e.g. reported by `ver`
+// or `lsb_release -a` commands.
+func OSDescription(val string) attribute.KeyValue {
+	return OSDescriptionKey.String(val)
+}
+
+// OSName returns an attribute KeyValue conforming to the "os.name" semantic
+// conventions. It represents the human readable operating system name.
+func OSName(val string) attribute.KeyValue {
+	return OSNameKey.String(val)
+}
+
+// OSVersion returns an attribute KeyValue conforming to the "os.version"
+// semantic conventions. It represents the version string of the operating
+// system as defined in [Version
+// Attributes](../../resource/semantic_conventions/README.md#version-attributes).
+func OSVersion(val string) attribute.KeyValue {
+	return OSVersionKey.String(val)
+}
+
+// An operating system process.
+const (
+	// ProcessPIDKey is the attribute Key conforming to the "process.pid"
+	// semantic conventions. It represents the process identifier (PID).
+	//
+	// Type: int
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 1234
+	ProcessPIDKey = attribute.Key("process.pid")
+
+	// ProcessParentPIDKey is the attribute Key conforming to the
+	// "process.parent_pid" semantic conventions. It represents the parent
+	// Process identifier (PID).
+	//
+	// Type: int
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 111
+	ProcessParentPIDKey = attribute.Key("process.parent_pid")
+
+	// ProcessExecutableNameKey is the attribute Key conforming to the
+	// "process.executable.name" semantic conventions. It represents the name
+	// of the process executable. On Linux based systems, can be set to the
+	// `Name` in `proc/[pid]/status`. On Windows, can be set to the base name
+	// of `GetProcessImageFileNameW`.
+	//
+	// Type: string
+	// RequirementLevel: ConditionallyRequired (See alternative attributes
+	// below.)
+	// Stability: stable
+	// Examples: 'otelcol'
+	ProcessExecutableNameKey = attribute.Key("process.executable.name")
+
+	// ProcessExecutablePathKey is the attribute Key conforming to the
+	// "process.executable.path" semantic conventions. It represents the full
+	// path to the process executable. On Linux based systems, can be set to
+	// the target of `proc/[pid]/exe`. On Windows, can be set to the result of
+	// `GetProcessImageFileNameW`.
+	//
+	// Type: string
+	// RequirementLevel: ConditionallyRequired (See alternative attributes
+	// below.)
+	// Stability: stable
+	// Examples: '/usr/bin/cmd/otelcol'
+	ProcessExecutablePathKey = attribute.Key("process.executable.path")
+
+	// ProcessCommandKey is the attribute Key conforming to the
+	// "process.command" semantic conventions. It represents the command used
+	// to launch the process (i.e. the command name). On Linux based systems,
+	// can be set to the zeroth string in `proc/[pid]/cmdline`. On Windows, can
+	// be set to the first parameter extracted from `GetCommandLineW`.
+	//
+	// Type: string
+	// RequirementLevel: ConditionallyRequired (See alternative attributes
+	// below.)
+	// Stability: stable
+	// Examples: 'cmd/otelcol'
+	ProcessCommandKey = attribute.Key("process.command")
+
+	// ProcessCommandLineKey is the attribute Key conforming to the
+	// "process.command_line" semantic conventions. It represents the full
+	// command used to launch the process as a single string representing the
+	// full command. On Windows, can be set to the result of `GetCommandLineW`.
+	// Do not set this if you have to assemble it just for monitoring; use
+	// `process.command_args` instead.
+	//
+	// Type: string
+	// RequirementLevel: ConditionallyRequired (See alternative attributes
+	// below.)
+	// Stability: stable
+	// Examples: 'C:\\cmd\\otecol --config="my directory\\config.yaml"'
+	ProcessCommandLineKey = attribute.Key("process.command_line")
+
+	// ProcessCommandArgsKey is the attribute Key conforming to the
+	// "process.command_args" semantic conventions. It represents the all the
+	// command arguments (including the command/executable itself) as received
+	// by the process. On Linux-based systems (and some other Unixoid systems
+	// supporting procfs), can be set according to the list of null-delimited
+	// strings extracted from `proc/[pid]/cmdline`. For libc-based executables,
+	// this would be the full argv vector passed to `main`.
+	//
+	// Type: string[]
+	// RequirementLevel: ConditionallyRequired (See alternative attributes
+	// below.)
+	// Stability: stable
+	// Examples: 'cmd/otecol', '--config=config.yaml'
+	ProcessCommandArgsKey = attribute.Key("process.command_args")
+
+	// ProcessOwnerKey is the attribute Key conforming to the "process.owner"
+	// semantic conventions. It represents the username of the user that owns
+	// the process.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'root'
+	ProcessOwnerKey = attribute.Key("process.owner")
+)
+
+// ProcessPID returns an attribute KeyValue conforming to the "process.pid"
+// semantic conventions. It represents the process identifier (PID).
+func ProcessPID(val int) attribute.KeyValue {
+	return ProcessPIDKey.Int(val)
+}
+
+// ProcessParentPID returns an attribute KeyValue conforming to the
+// "process.parent_pid" semantic conventions. It represents the parent Process
+// identifier (PID).
+func ProcessParentPID(val int) attribute.KeyValue {
+	return ProcessParentPIDKey.Int(val)
+}
+
+// ProcessExecutableName returns an attribute KeyValue conforming to the
+// "process.executable.name" semantic conventions. It represents the name of
+// the process executable. On Linux based systems, can be set to the `Name` in
+// `proc/[pid]/status`. On Windows, can be set to the base name of
+// `GetProcessImageFileNameW`.
+func ProcessExecutableName(val string) attribute.KeyValue {
+	return ProcessExecutableNameKey.String(val)
+}
+
+// ProcessExecutablePath returns an attribute KeyValue conforming to the
+// "process.executable.path" semantic conventions. It represents the full path
+// to the process executable. On Linux based systems, can be set to the target
+// of `proc/[pid]/exe`. On Windows, can be set to the result of
+// `GetProcessImageFileNameW`.
+func ProcessExecutablePath(val string) attribute.KeyValue {
+	return ProcessExecutablePathKey.String(val)
+}
+
+// ProcessCommand returns an attribute KeyValue conforming to the
+// "process.command" semantic conventions. It represents the command used to
+// launch the process (i.e. the command name). On Linux based systems, can be
+// set to the zeroth string in `proc/[pid]/cmdline`. On Windows, can be set to
+// the first parameter extracted from `GetCommandLineW`.
+func ProcessCommand(val string) attribute.KeyValue {
+	return ProcessCommandKey.String(val)
+}
+
+// ProcessCommandLine returns an attribute KeyValue conforming to the
+// "process.command_line" semantic conventions. It represents the full command
+// used to launch the process as a single string representing the full command.
+// On Windows, can be set to the result of `GetCommandLineW`. Do not set this
+// if you have to assemble it just for monitoring; use `process.command_args`
+// instead.
+func ProcessCommandLine(val string) attribute.KeyValue {
+	return ProcessCommandLineKey.String(val)
+}
+
+// ProcessCommandArgs returns an attribute KeyValue conforming to the
+// "process.command_args" semantic conventions. It represents the all the
+// command arguments (including the command/executable itself) as received by
+// the process. On Linux-based systems (and some other Unixoid systems
+// supporting procfs), can be set according to the list of null-delimited
+// strings extracted from `proc/[pid]/cmdline`. For libc-based executables,
+// this would be the full argv vector passed to `main`.
+func ProcessCommandArgs(val ...string) attribute.KeyValue {
+	return ProcessCommandArgsKey.StringSlice(val)
+}
+
+// ProcessOwner returns an attribute KeyValue conforming to the
+// "process.owner" semantic conventions. It represents the username of the user
+// that owns the process.
+func ProcessOwner(val string) attribute.KeyValue {
+	return ProcessOwnerKey.String(val)
+}
+
+// The single (language) runtime instance which is monitored.
+const (
+	// ProcessRuntimeNameKey is the attribute Key conforming to the
+	// "process.runtime.name" semantic conventions. It represents the name of
+	// the runtime of this process. For compiled native binaries, this SHOULD
+	// be the name of the compiler.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'OpenJDK Runtime Environment'
+	ProcessRuntimeNameKey = attribute.Key("process.runtime.name")
+
+	// ProcessRuntimeVersionKey is the attribute Key conforming to the
+	// "process.runtime.version" semantic conventions. It represents the
+	// version of the runtime of this process, as returned by the runtime
+	// without modification.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: '14.0.2'
+	ProcessRuntimeVersionKey = attribute.Key("process.runtime.version")
+
+	// ProcessRuntimeDescriptionKey is the attribute Key conforming to the
+	// "process.runtime.description" semantic conventions. It represents an
+	// additional description about the runtime of the process, for example a
+	// specific vendor customization of the runtime environment.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'Eclipse OpenJ9 Eclipse OpenJ9 VM openj9-0.21.0'
+	ProcessRuntimeDescriptionKey = attribute.Key("process.runtime.description")
+)
+
+// ProcessRuntimeName returns an attribute KeyValue conforming to the
+// "process.runtime.name" semantic conventions. It represents the name of the
+// runtime of this process. For compiled native binaries, this SHOULD be the
+// name of the compiler.
+func ProcessRuntimeName(val string) attribute.KeyValue {
+	return ProcessRuntimeNameKey.String(val)
+}
+
+// ProcessRuntimeVersion returns an attribute KeyValue conforming to the
+// "process.runtime.version" semantic conventions. It represents the version of
+// the runtime of this process, as returned by the runtime without
+// modification.
+func ProcessRuntimeVersion(val string) attribute.KeyValue {
+	return ProcessRuntimeVersionKey.String(val)
+}
+
+// ProcessRuntimeDescription returns an attribute KeyValue conforming to the
+// "process.runtime.description" semantic conventions. It represents an
+// additional description about the runtime of the process, for example a
+// specific vendor customization of the runtime environment.
+func ProcessRuntimeDescription(val string) attribute.KeyValue {
+	return ProcessRuntimeDescriptionKey.String(val)
+}
+
+// A service instance.
+const (
+	// ServiceNameKey is the attribute Key conforming to the "service.name"
+	// semantic conventions. It represents the logical name of the service.
+	//
+	// Type: string
+	// RequirementLevel: Required
+	// Stability: stable
+	// Examples: 'shoppingcart'
+	// Note: MUST be the same for all instances of horizontally scaled
+	// services. If the value was not specified, SDKs MUST fallback to
+	// `unknown_service:` concatenated with
+	// [`process.executable.name`](process.md#process), e.g.
+	// `unknown_service:bash`. If `process.executable.name` is not available,
+	// the value MUST be set to `unknown_service`.
+	ServiceNameKey = attribute.Key("service.name")
+
+	// ServiceNamespaceKey is the attribute Key conforming to the
+	// "service.namespace" semantic conventions. It represents a namespace for
+	// `service.name`.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'Shop'
+	// Note: A string value having a meaning that helps to distinguish a group
+	// of services, for example the team name that owns a group of services.
+	// `service.name` is expected to be unique within the same namespace. If
+	// `service.namespace` is not specified in the Resource then `service.name`
+	// is expected to be unique for all services that have no explicit
+	// namespace defined (so the empty/unspecified namespace is simply one more
+	// valid namespace). Zero-length namespace string is assumed equal to
+	// unspecified namespace.
+	ServiceNamespaceKey = attribute.Key("service.namespace")
+
+	// ServiceInstanceIDKey is the attribute Key conforming to the
+	// "service.instance.id" semantic conventions. It represents the string ID
+	// of the service instance.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: '627cc493-f310-47de-96bd-71410b7dec09'
+	// Note: MUST be unique for each instance of the same
+	// `service.namespace,service.name` pair (in other words
+	// `service.namespace,service.name,service.instance.id` triplet MUST be
+	// globally unique). The ID helps to distinguish instances of the same
+	// service that exist at the same time (e.g. instances of a horizontally
+	// scaled service). It is preferable for the ID to be persistent and stay
+	// the same for the lifetime of the service instance, however it is
+	// acceptable that the ID is ephemeral and changes during important
+	// lifetime events for the service (e.g. service restarts). If the service
+	// has no inherent unique ID that can be used as the value of this
+	// attribute it is recommended to generate a random Version 1 or Version 4
+	// RFC 4122 UUID (services aiming for reproducible UUIDs may also use
+	// Version 5, see RFC 4122 for more recommendations).
+	ServiceInstanceIDKey = attribute.Key("service.instance.id")
+
+	// ServiceVersionKey is the attribute Key conforming to the
+	// "service.version" semantic conventions. It represents the version string
+	// of the service API or implementation.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: '2.0.0'
+	ServiceVersionKey = attribute.Key("service.version")
+)
+
+// ServiceName returns an attribute KeyValue conforming to the
+// "service.name" semantic conventions. It represents the logical name of the
+// service.
+func ServiceName(val string) attribute.KeyValue {
+	return ServiceNameKey.String(val)
+}
+
+// ServiceNamespace returns an attribute KeyValue conforming to the
+// "service.namespace" semantic conventions. It represents a namespace for
+// `service.name`.
+func ServiceNamespace(val string) attribute.KeyValue {
+	return ServiceNamespaceKey.String(val)
+}
+
+// ServiceInstanceID returns an attribute KeyValue conforming to the
+// "service.instance.id" semantic conventions. It represents the string ID of
+// the service instance.
+func ServiceInstanceID(val string) attribute.KeyValue {
+	return ServiceInstanceIDKey.String(val)
+}
+
+// ServiceVersion returns an attribute KeyValue conforming to the
+// "service.version" semantic conventions. It represents the version string of
+// the service API or implementation.
+func ServiceVersion(val string) attribute.KeyValue {
+	return ServiceVersionKey.String(val)
+}
+
+// The telemetry SDK used to capture data recorded by the instrumentation
+// libraries.
+const (
+	// TelemetrySDKNameKey is the attribute Key conforming to the
+	// "telemetry.sdk.name" semantic conventions. It represents the name of the
+	// telemetry SDK as defined above.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'opentelemetry'
+	TelemetrySDKNameKey = attribute.Key("telemetry.sdk.name")
+
+	// TelemetrySDKLanguageKey is the attribute Key conforming to the
+	// "telemetry.sdk.language" semantic conventions. It represents the
+	// language of the telemetry SDK.
+	//
+	// Type: Enum
+	// RequirementLevel: Optional
+	// Stability: stable
+	TelemetrySDKLanguageKey = attribute.Key("telemetry.sdk.language")
+
+	// TelemetrySDKVersionKey is the attribute Key conforming to the
+	// "telemetry.sdk.version" semantic conventions. It represents the version
+	// string of the telemetry SDK.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: '1.2.3'
+	TelemetrySDKVersionKey = attribute.Key("telemetry.sdk.version")
+
+	// TelemetryAutoVersionKey is the attribute Key conforming to the
+	// "telemetry.auto.version" semantic conventions. It represents the version
+	// string of the auto instrumentation agent, if used.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: '1.2.3'
+	TelemetryAutoVersionKey = attribute.Key("telemetry.auto.version")
+)
+
+var (
+	// cpp
+	TelemetrySDKLanguageCPP = TelemetrySDKLanguageKey.String("cpp")
+	// dotnet
+	TelemetrySDKLanguageDotnet = TelemetrySDKLanguageKey.String("dotnet")
+	// erlang
+	TelemetrySDKLanguageErlang = TelemetrySDKLanguageKey.String("erlang")
+	// go
+	TelemetrySDKLanguageGo = TelemetrySDKLanguageKey.String("go")
+	// java
+	TelemetrySDKLanguageJava = TelemetrySDKLanguageKey.String("java")
+	// nodejs
+	TelemetrySDKLanguageNodejs = TelemetrySDKLanguageKey.String("nodejs")
+	// php
+	TelemetrySDKLanguagePHP = TelemetrySDKLanguageKey.String("php")
+	// python
+	TelemetrySDKLanguagePython = TelemetrySDKLanguageKey.String("python")
+	// ruby
+	TelemetrySDKLanguageRuby = TelemetrySDKLanguageKey.String("ruby")
+	// webjs
+	TelemetrySDKLanguageWebjs = TelemetrySDKLanguageKey.String("webjs")
+	// swift
+	TelemetrySDKLanguageSwift = TelemetrySDKLanguageKey.String("swift")
+)
+
+// TelemetrySDKName returns an attribute KeyValue conforming to the
+// "telemetry.sdk.name" semantic conventions. It represents the name of the
+// telemetry SDK as defined above.
+func TelemetrySDKName(val string) attribute.KeyValue {
+	return TelemetrySDKNameKey.String(val)
+}
+
+// TelemetrySDKVersion returns an attribute KeyValue conforming to the
+// "telemetry.sdk.version" semantic conventions. It represents the version
+// string of the telemetry SDK.
+func TelemetrySDKVersion(val string) attribute.KeyValue {
+	return TelemetrySDKVersionKey.String(val)
+}
+
+// TelemetryAutoVersion returns an attribute KeyValue conforming to the
+// "telemetry.auto.version" semantic conventions. It represents the version
+// string of the auto instrumentation agent, if used.
+func TelemetryAutoVersion(val string) attribute.KeyValue {
+	return TelemetryAutoVersionKey.String(val)
+}
+
+// Resource describing the packaged software running the application code. Web
+// engines are typically executed using process.runtime.
+const (
+	// WebEngineNameKey is the attribute Key conforming to the "webengine.name"
+	// semantic conventions. It represents the name of the web engine.
+	//
+	// Type: string
+	// RequirementLevel: Required
+	// Stability: stable
+	// Examples: 'WildFly'
+	WebEngineNameKey = attribute.Key("webengine.name")
+
+	// WebEngineVersionKey is the attribute Key conforming to the
+	// "webengine.version" semantic conventions. It represents the version of
+	// the web engine.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: '21.0.0'
+	WebEngineVersionKey = attribute.Key("webengine.version")
+
+	// WebEngineDescriptionKey is the attribute Key conforming to the
+	// "webengine.description" semantic conventions. It represents the
+	// additional description of the web engine (e.g. detailed version and
+	// edition information).
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'WildFly Full 21.0.0.Final (WildFly Core 13.0.1.Final) -
+	// 2.2.2.Final'
+	WebEngineDescriptionKey = attribute.Key("webengine.description")
+)
+
+// WebEngineName returns an attribute KeyValue conforming to the
+// "webengine.name" semantic conventions. It represents the name of the web
+// engine.
+func WebEngineName(val string) attribute.KeyValue {
+	return WebEngineNameKey.String(val)
+}
+
+// WebEngineVersion returns an attribute KeyValue conforming to the
+// "webengine.version" semantic conventions. It represents the version of the
+// web engine.
+func WebEngineVersion(val string) attribute.KeyValue {
+	return WebEngineVersionKey.String(val)
+}
+
+// WebEngineDescription returns an attribute KeyValue conforming to the
+// "webengine.description" semantic conventions. It represents the additional
+// description of the web engine (e.g. detailed version and edition
+// information).
+func WebEngineDescription(val string) attribute.KeyValue {
+	return WebEngineDescriptionKey.String(val)
+}
+
+// Attributes used by non-OTLP exporters to represent OpenTelemetry Scope's
+// concepts.
+const (
+	// OtelScopeNameKey is the attribute Key conforming to the
+	// "otel.scope.name" semantic conventions. It represents the name of the
+	// instrumentation scope - (`InstrumentationScope.Name` in OTLP).
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'io.opentelemetry.contrib.mongodb'
+	OtelScopeNameKey = attribute.Key("otel.scope.name")
+
+	// OtelScopeVersionKey is the attribute Key conforming to the
+	// "otel.scope.version" semantic conventions. It represents the version of
+	// the instrumentation scope - (`InstrumentationScope.Version` in OTLP).
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: '1.0.0'
+	OtelScopeVersionKey = attribute.Key("otel.scope.version")
+)
+
+// OtelScopeName returns an attribute KeyValue conforming to the
+// "otel.scope.name" semantic conventions. It represents the name of the
+// instrumentation scope - (`InstrumentationScope.Name` in OTLP).
+func OtelScopeName(val string) attribute.KeyValue {
+	return OtelScopeNameKey.String(val)
+}
+
+// OtelScopeVersion returns an attribute KeyValue conforming to the
+// "otel.scope.version" semantic conventions. It represents the version of the
+// instrumentation scope - (`InstrumentationScope.Version` in OTLP).
+func OtelScopeVersion(val string) attribute.KeyValue {
+	return OtelScopeVersionKey.String(val)
+}
+
+// Span attributes used by non-OTLP exporters to represent OpenTelemetry
+// Scope's concepts.
+const (
+	// OtelLibraryNameKey is the attribute Key conforming to the
+	// "otel.library.name" semantic conventions. It represents the deprecated,
+	// use the `otel.scope.name` attribute.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: deprecated
+	// Examples: 'io.opentelemetry.contrib.mongodb'
+	OtelLibraryNameKey = attribute.Key("otel.library.name")
+
+	// OtelLibraryVersionKey is the attribute Key conforming to the
+	// "otel.library.version" semantic conventions. It represents the
+	// deprecated, use the `otel.scope.version` attribute.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: deprecated
+	// Examples: '1.0.0'
+	OtelLibraryVersionKey = attribute.Key("otel.library.version")
+)
+
+// OtelLibraryName returns an attribute KeyValue conforming to the
+// "otel.library.name" semantic conventions. It represents the deprecated, use
+// the `otel.scope.name` attribute.
+func OtelLibraryName(val string) attribute.KeyValue {
+	return OtelLibraryNameKey.String(val)
+}
+
+// OtelLibraryVersion returns an attribute KeyValue conforming to the
+// "otel.library.version" semantic conventions. It represents the deprecated,
+// use the `otel.scope.version` attribute.
+func OtelLibraryVersion(val string) attribute.KeyValue {
+	return OtelLibraryVersionKey.String(val)
+}
diff --git a/apis/vendor/go.opentelemetry.io/otel/semconv/v1.12.0/schema.go b/apis/vendor/go.opentelemetry.io/otel/semconv/v1.17.0/schema.go
similarity index 93%
rename from apis/vendor/go.opentelemetry.io/otel/semconv/v1.12.0/schema.go
rename to apis/vendor/go.opentelemetry.io/otel/semconv/v1.17.0/schema.go
index 2f2a019e4..42fc525d1 100644
--- a/apis/vendor/go.opentelemetry.io/otel/semconv/v1.12.0/schema.go
+++ b/apis/vendor/go.opentelemetry.io/otel/semconv/v1.17.0/schema.go
@@ -12,9 +12,9 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-package semconv // import "go.opentelemetry.io/otel/semconv/v1.12.0"
+package semconv // import "go.opentelemetry.io/otel/semconv/v1.17.0"
 
 // SchemaURL is the schema URL that matches the version of the semantic conventions
 // that this package defines. Semconv packages starting from v1.4.0 must declare
 // non-empty schema URL in the form https://opentelemetry.io/schemas/<version>
-const SchemaURL = "https://opentelemetry.io/schemas/1.12.0"
+const SchemaURL = "https://opentelemetry.io/schemas/1.17.0"
diff --git a/apis/vendor/go.opentelemetry.io/otel/semconv/v1.17.0/trace.go b/apis/vendor/go.opentelemetry.io/otel/semconv/v1.17.0/trace.go
new file mode 100644
index 000000000..8c4a7299d
--- /dev/null
+++ b/apis/vendor/go.opentelemetry.io/otel/semconv/v1.17.0/trace.go
@@ -0,0 +1,3375 @@
+// Copyright The OpenTelemetry Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Code generated from semantic convention specification. DO NOT EDIT.
+
+package semconv // import "go.opentelemetry.io/otel/semconv/v1.17.0"
+
+import "go.opentelemetry.io/otel/attribute"
+
+// The shared attributes used to report a single exception associated with a
+// span or log.
+const (
+	// ExceptionTypeKey is the attribute Key conforming to the "exception.type"
+	// semantic conventions. It represents the type of the exception (its
+	// fully-qualified class name, if applicable). The dynamic type of the
+	// exception should be preferred over the static type in languages that
+	// support it.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'java.net.ConnectException', 'OSError'
+	ExceptionTypeKey = attribute.Key("exception.type")
+
+	// ExceptionMessageKey is the attribute Key conforming to the
+	// "exception.message" semantic conventions. It represents the exception
+	// message.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'Division by zero', "Can't convert 'int' object to str
+	// implicitly"
+	ExceptionMessageKey = attribute.Key("exception.message")
+
+	// ExceptionStacktraceKey is the attribute Key conforming to the
+	// "exception.stacktrace" semantic conventions. It represents a stacktrace
+	// as a string in the natural representation for the language runtime. The
+	// representation is to be determined and documented by each language SIG.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'Exception in thread "main" java.lang.RuntimeException: Test
+	// exception\\n at '
+	//  'com.example.GenerateTrace.methodB(GenerateTrace.java:13)\\n at '
+	//  'com.example.GenerateTrace.methodA(GenerateTrace.java:9)\\n at '
+	//  'com.example.GenerateTrace.main(GenerateTrace.java:5)'
+	ExceptionStacktraceKey = attribute.Key("exception.stacktrace")
+)
+
+// ExceptionType returns an attribute KeyValue conforming to the
+// "exception.type" semantic conventions. It represents the type of the
+// exception (its fully-qualified class name, if applicable). The dynamic type
+// of the exception should be preferred over the static type in languages that
+// support it.
+func ExceptionType(val string) attribute.KeyValue {
+	return ExceptionTypeKey.String(val)
+}
+
+// ExceptionMessage returns an attribute KeyValue conforming to the
+// "exception.message" semantic conventions. It represents the exception
+// message.
+func ExceptionMessage(val string) attribute.KeyValue {
+	return ExceptionMessageKey.String(val)
+}
+
+// ExceptionStacktrace returns an attribute KeyValue conforming to the
+// "exception.stacktrace" semantic conventions. It represents a stacktrace as a
+// string in the natural representation for the language runtime. The
+// representation is to be determined and documented by each language SIG.
+func ExceptionStacktrace(val string) attribute.KeyValue {
+	return ExceptionStacktraceKey.String(val)
+}
+
+// Attributes for Events represented using Log Records.
+const (
+	// EventNameKey is the attribute Key conforming to the "event.name"
+	// semantic conventions. It represents the name identifies the event.
+	//
+	// Type: string
+	// RequirementLevel: Required
+	// Stability: stable
+	// Examples: 'click', 'exception'
+	EventNameKey = attribute.Key("event.name")
+
+	// EventDomainKey is the attribute Key conforming to the "event.domain"
+	// semantic conventions. It represents the domain identifies the business
+	// context for the events.
+	//
+	// Type: Enum
+	// RequirementLevel: Required
+	// Stability: stable
+	// Note: Events across different domains may have same `event.name`, yet be
+	// unrelated events.
+	EventDomainKey = attribute.Key("event.domain")
+)
+
+var (
+	// Events from browser apps
+	EventDomainBrowser = EventDomainKey.String("browser")
+	// Events from mobile apps
+	EventDomainDevice = EventDomainKey.String("device")
+	// Events from Kubernetes
+	EventDomainK8S = EventDomainKey.String("k8s")
+)
+
+// EventName returns an attribute KeyValue conforming to the "event.name"
+// semantic conventions. It represents the name identifies the event.
+func EventName(val string) attribute.KeyValue {
+	return EventNameKey.String(val)
+}
+
+// Span attributes used by AWS Lambda (in addition to general `faas`
+// attributes).
+const (
+	// AWSLambdaInvokedARNKey is the attribute Key conforming to the
+	// "aws.lambda.invoked_arn" semantic conventions. It represents the full
+	// invoked ARN as provided on the `Context` passed to the function
+	// (`Lambda-Runtime-Invoked-Function-ARN` header on the
+	// `/runtime/invocation/next` applicable).
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'arn:aws:lambda:us-east-1:123456:function:myfunction:myalias'
+	// Note: This may be different from `faas.id` if an alias is involved.
+	AWSLambdaInvokedARNKey = attribute.Key("aws.lambda.invoked_arn")
+)
+
+// AWSLambdaInvokedARN returns an attribute KeyValue conforming to the
+// "aws.lambda.invoked_arn" semantic conventions. It represents the full
+// invoked ARN as provided on the `Context` passed to the function
+// (`Lambda-Runtime-Invoked-Function-ARN` header on the
+// `/runtime/invocation/next` applicable).
+func AWSLambdaInvokedARN(val string) attribute.KeyValue {
+	return AWSLambdaInvokedARNKey.String(val)
+}
+
+// Attributes for CloudEvents. CloudEvents is a specification on how to define
+// event data in a standard way. These attributes can be attached to spans when
+// performing operations with CloudEvents, regardless of the protocol being
+// used.
+const (
+	// CloudeventsEventIDKey is the attribute Key conforming to the
+	// "cloudevents.event_id" semantic conventions. It represents the
+	// [event_id](https://github.com/cloudevents/spec/blob/v1.0.2/cloudevents/spec.md#id)
+	// uniquely identifies the event.
+	//
+	// Type: string
+	// RequirementLevel: Required
+	// Stability: stable
+	// Examples: '123e4567-e89b-12d3-a456-426614174000', '0001'
+	CloudeventsEventIDKey = attribute.Key("cloudevents.event_id")
+
+	// CloudeventsEventSourceKey is the attribute Key conforming to the
+	// "cloudevents.event_source" semantic conventions. It represents the
+	// [source](https://github.com/cloudevents/spec/blob/v1.0.2/cloudevents/spec.md#source-1)
+	// identifies the context in which an event happened.
+	//
+	// Type: string
+	// RequirementLevel: Required
+	// Stability: stable
+	// Examples: 'https://github.com/cloudevents',
+	// '/cloudevents/spec/pull/123', 'my-service'
+	CloudeventsEventSourceKey = attribute.Key("cloudevents.event_source")
+
+	// CloudeventsEventSpecVersionKey is the attribute Key conforming to the
+	// "cloudevents.event_spec_version" semantic conventions. It represents the
+	// [version of the CloudEvents
+	// specification](https://github.com/cloudevents/spec/blob/v1.0.2/cloudevents/spec.md#specversion)
+	// which the event uses.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: '1.0'
+	CloudeventsEventSpecVersionKey = attribute.Key("cloudevents.event_spec_version")
+
+	// CloudeventsEventTypeKey is the attribute Key conforming to the
+	// "cloudevents.event_type" semantic conventions. It represents the
+	// [event_type](https://github.com/cloudevents/spec/blob/v1.0.2/cloudevents/spec.md#type)
+	// contains a value describing the type of event related to the originating
+	// occurrence.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'com.github.pull_request.opened',
+	// 'com.example.object.deleted.v2'
+	CloudeventsEventTypeKey = attribute.Key("cloudevents.event_type")
+
+	// CloudeventsEventSubjectKey is the attribute Key conforming to the
+	// "cloudevents.event_subject" semantic conventions. It represents the
+	// [subject](https://github.com/cloudevents/spec/blob/v1.0.2/cloudevents/spec.md#subject)
+	// of the event in the context of the event producer (identified by
+	// source).
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'mynewfile.jpg'
+	CloudeventsEventSubjectKey = attribute.Key("cloudevents.event_subject")
+)
+
+// CloudeventsEventID returns an attribute KeyValue conforming to the
+// "cloudevents.event_id" semantic conventions. It represents the
+// [event_id](https://github.com/cloudevents/spec/blob/v1.0.2/cloudevents/spec.md#id)
+// uniquely identifies the event.
+func CloudeventsEventID(val string) attribute.KeyValue {
+	return CloudeventsEventIDKey.String(val)
+}
+
+// CloudeventsEventSource returns an attribute KeyValue conforming to the
+// "cloudevents.event_source" semantic conventions. It represents the
+// [source](https://github.com/cloudevents/spec/blob/v1.0.2/cloudevents/spec.md#source-1)
+// identifies the context in which an event happened.
+func CloudeventsEventSource(val string) attribute.KeyValue {
+	return CloudeventsEventSourceKey.String(val)
+}
+
+// CloudeventsEventSpecVersion returns an attribute KeyValue conforming to
+// the "cloudevents.event_spec_version" semantic conventions. It represents the
+// [version of the CloudEvents
+// specification](https://github.com/cloudevents/spec/blob/v1.0.2/cloudevents/spec.md#specversion)
+// which the event uses.
+func CloudeventsEventSpecVersion(val string) attribute.KeyValue {
+	return CloudeventsEventSpecVersionKey.String(val)
+}
+
+// CloudeventsEventType returns an attribute KeyValue conforming to the
+// "cloudevents.event_type" semantic conventions. It represents the
+// [event_type](https://github.com/cloudevents/spec/blob/v1.0.2/cloudevents/spec.md#type)
+// contains a value describing the type of event related to the originating
+// occurrence.
+func CloudeventsEventType(val string) attribute.KeyValue {
+	return CloudeventsEventTypeKey.String(val)
+}
+
+// CloudeventsEventSubject returns an attribute KeyValue conforming to the
+// "cloudevents.event_subject" semantic conventions. It represents the
+// [subject](https://github.com/cloudevents/spec/blob/v1.0.2/cloudevents/spec.md#subject)
+// of the event in the context of the event producer (identified by source).
+func CloudeventsEventSubject(val string) attribute.KeyValue {
+	return CloudeventsEventSubjectKey.String(val)
+}
+
+// Semantic conventions for the OpenTracing Shim
+const (
+	// OpentracingRefTypeKey is the attribute Key conforming to the
+	// "opentracing.ref_type" semantic conventions. It represents the
+	// parent-child Reference type
+	//
+	// Type: Enum
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Note: The causal relationship between a child Span and a parent Span.
+	OpentracingRefTypeKey = attribute.Key("opentracing.ref_type")
+)
+
+var (
+	// The parent Span depends on the child Span in some capacity
+	OpentracingRefTypeChildOf = OpentracingRefTypeKey.String("child_of")
+	// The parent Span does not depend in any way on the result of the child Span
+	OpentracingRefTypeFollowsFrom = OpentracingRefTypeKey.String("follows_from")
+)
+
+// The attributes used to perform database client calls.
+const (
+	// DBSystemKey is the attribute Key conforming to the "db.system" semantic
+	// conventions. It represents an identifier for the database management
+	// system (DBMS) product being used. See below for a list of well-known
+	// identifiers.
+	//
+	// Type: Enum
+	// RequirementLevel: Required
+	// Stability: stable
+	DBSystemKey = attribute.Key("db.system")
+
+	// DBConnectionStringKey is the attribute Key conforming to the
+	// "db.connection_string" semantic conventions. It represents the
+	// connection string used to connect to the database. It is recommended to
+	// remove embedded credentials.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'Server=(localdb)\\v11.0;Integrated Security=true;'
+	DBConnectionStringKey = attribute.Key("db.connection_string")
+
+	// DBUserKey is the attribute Key conforming to the "db.user" semantic
+	// conventions. It represents the username for accessing the database.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'readonly_user', 'reporting_user'
+	DBUserKey = attribute.Key("db.user")
+
+	// DBJDBCDriverClassnameKey is the attribute Key conforming to the
+	// "db.jdbc.driver_classname" semantic conventions. It represents the
+	// fully-qualified class name of the [Java Database Connectivity
+	// (JDBC)](https://docs.oracle.com/javase/8/docs/technotes/guides/jdbc/)
+	// driver used to connect.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'org.postgresql.Driver',
+	// 'com.microsoft.sqlserver.jdbc.SQLServerDriver'
+	DBJDBCDriverClassnameKey = attribute.Key("db.jdbc.driver_classname")
+
+	// DBNameKey is the attribute Key conforming to the "db.name" semantic
+	// conventions. It represents the this attribute is used to report the name
+	// of the database being accessed. For commands that switch the database,
+	// this should be set to the target database (even if the command fails).
+	//
+	// Type: string
+	// RequirementLevel: ConditionallyRequired (If applicable.)
+	// Stability: stable
+	// Examples: 'customers', 'main'
+	// Note: In some SQL databases, the database name to be used is called
+	// "schema name". In case there are multiple layers that could be
+	// considered for database name (e.g. Oracle instance name and schema
+	// name), the database name to be used is the more specific layer (e.g.
+	// Oracle schema name).
+	DBNameKey = attribute.Key("db.name")
+
+	// DBStatementKey is the attribute Key conforming to the "db.statement"
+	// semantic conventions. It represents the database statement being
+	// executed.
+	//
+	// Type: string
+	// RequirementLevel: ConditionallyRequired (If applicable and not
+	// explicitly disabled via instrumentation configuration.)
+	// Stability: stable
+	// Examples: 'SELECT * FROM wuser_table', 'SET mykey "WuValue"'
+	// Note: The value may be sanitized to exclude sensitive information.
+	DBStatementKey = attribute.Key("db.statement")
+
+	// DBOperationKey is the attribute Key conforming to the "db.operation"
+	// semantic conventions. It represents the name of the operation being
+	// executed, e.g. the [MongoDB command
+	// name](https://docs.mongodb.com/manual/reference/command/#database-operations)
+	// such as `findAndModify`, or the SQL keyword.
+	//
+	// Type: string
+	// RequirementLevel: ConditionallyRequired (If `db.statement` is not
+	// applicable.)
+	// Stability: stable
+	// Examples: 'findAndModify', 'HMSET', 'SELECT'
+	// Note: When setting this to an SQL keyword, it is not recommended to
+	// attempt any client-side parsing of `db.statement` just to get this
+	// property, but it should be set if the operation name is provided by the
+	// library being instrumented. If the SQL statement has an ambiguous
+	// operation, or performs more than one operation, this value may be
+	// omitted.
+	DBOperationKey = attribute.Key("db.operation")
+)
+
+var (
+	// Some other SQL database. Fallback only. See notes
+	DBSystemOtherSQL = DBSystemKey.String("other_sql")
+	// Microsoft SQL Server
+	DBSystemMSSQL = DBSystemKey.String("mssql")
+	// MySQL
+	DBSystemMySQL = DBSystemKey.String("mysql")
+	// Oracle Database
+	DBSystemOracle = DBSystemKey.String("oracle")
+	// IBM DB2
+	DBSystemDB2 = DBSystemKey.String("db2")
+	// PostgreSQL
+	DBSystemPostgreSQL = DBSystemKey.String("postgresql")
+	// Amazon Redshift
+	DBSystemRedshift = DBSystemKey.String("redshift")
+	// Apache Hive
+	DBSystemHive = DBSystemKey.String("hive")
+	// Cloudscape
+	DBSystemCloudscape = DBSystemKey.String("cloudscape")
+	// HyperSQL DataBase
+	DBSystemHSQLDB = DBSystemKey.String("hsqldb")
+	// Progress Database
+	DBSystemProgress = DBSystemKey.String("progress")
+	// SAP MaxDB
+	DBSystemMaxDB = DBSystemKey.String("maxdb")
+	// SAP HANA
+	DBSystemHanaDB = DBSystemKey.String("hanadb")
+	// Ingres
+	DBSystemIngres = DBSystemKey.String("ingres")
+	// FirstSQL
+	DBSystemFirstSQL = DBSystemKey.String("firstsql")
+	// EnterpriseDB
+	DBSystemEDB = DBSystemKey.String("edb")
+	// InterSystems Caché
+	DBSystemCache = DBSystemKey.String("cache")
+	// Adabas (Adaptable Database System)
+	DBSystemAdabas = DBSystemKey.String("adabas")
+	// Firebird
+	DBSystemFirebird = DBSystemKey.String("firebird")
+	// Apache Derby
+	DBSystemDerby = DBSystemKey.String("derby")
+	// FileMaker
+	DBSystemFilemaker = DBSystemKey.String("filemaker")
+	// Informix
+	DBSystemInformix = DBSystemKey.String("informix")
+	// InstantDB
+	DBSystemInstantDB = DBSystemKey.String("instantdb")
+	// InterBase
+	DBSystemInterbase = DBSystemKey.String("interbase")
+	// MariaDB
+	DBSystemMariaDB = DBSystemKey.String("mariadb")
+	// Netezza
+	DBSystemNetezza = DBSystemKey.String("netezza")
+	// Pervasive PSQL
+	DBSystemPervasive = DBSystemKey.String("pervasive")
+	// PointBase
+	DBSystemPointbase = DBSystemKey.String("pointbase")
+	// SQLite
+	DBSystemSqlite = DBSystemKey.String("sqlite")
+	// Sybase
+	DBSystemSybase = DBSystemKey.String("sybase")
+	// Teradata
+	DBSystemTeradata = DBSystemKey.String("teradata")
+	// Vertica
+	DBSystemVertica = DBSystemKey.String("vertica")
+	// H2
+	DBSystemH2 = DBSystemKey.String("h2")
+	// ColdFusion IMQ
+	DBSystemColdfusion = DBSystemKey.String("coldfusion")
+	// Apache Cassandra
+	DBSystemCassandra = DBSystemKey.String("cassandra")
+	// Apache HBase
+	DBSystemHBase = DBSystemKey.String("hbase")
+	// MongoDB
+	DBSystemMongoDB = DBSystemKey.String("mongodb")
+	// Redis
+	DBSystemRedis = DBSystemKey.String("redis")
+	// Couchbase
+	DBSystemCouchbase = DBSystemKey.String("couchbase")
+	// CouchDB
+	DBSystemCouchDB = DBSystemKey.String("couchdb")
+	// Microsoft Azure Cosmos DB
+	DBSystemCosmosDB = DBSystemKey.String("cosmosdb")
+	// Amazon DynamoDB
+	DBSystemDynamoDB = DBSystemKey.String("dynamodb")
+	// Neo4j
+	DBSystemNeo4j = DBSystemKey.String("neo4j")
+	// Apache Geode
+	DBSystemGeode = DBSystemKey.String("geode")
+	// Elasticsearch
+	DBSystemElasticsearch = DBSystemKey.String("elasticsearch")
+	// Memcached
+	DBSystemMemcached = DBSystemKey.String("memcached")
+	// CockroachDB
+	DBSystemCockroachdb = DBSystemKey.String("cockroachdb")
+	// OpenSearch
+	DBSystemOpensearch = DBSystemKey.String("opensearch")
+	// ClickHouse
+	DBSystemClickhouse = DBSystemKey.String("clickhouse")
+)
+
+// DBConnectionString returns an attribute KeyValue conforming to the
+// "db.connection_string" semantic conventions. It represents the connection
+// string used to connect to the database. It is recommended to remove embedded
+// credentials.
+func DBConnectionString(val string) attribute.KeyValue {
+	return DBConnectionStringKey.String(val)
+}
+
+// DBUser returns an attribute KeyValue conforming to the "db.user" semantic
+// conventions. It represents the username for accessing the database.
+func DBUser(val string) attribute.KeyValue {
+	return DBUserKey.String(val)
+}
+
+// DBJDBCDriverClassname returns an attribute KeyValue conforming to the
+// "db.jdbc.driver_classname" semantic conventions. It represents the
+// fully-qualified class name of the [Java Database Connectivity
+// (JDBC)](https://docs.oracle.com/javase/8/docs/technotes/guides/jdbc/) driver
+// used to connect.
+func DBJDBCDriverClassname(val string) attribute.KeyValue {
+	return DBJDBCDriverClassnameKey.String(val)
+}
+
+// DBName returns an attribute KeyValue conforming to the "db.name" semantic
+// conventions. It represents the this attribute is used to report the name of
+// the database being accessed. For commands that switch the database, this
+// should be set to the target database (even if the command fails).
+func DBName(val string) attribute.KeyValue {
+	return DBNameKey.String(val)
+}
+
+// DBStatement returns an attribute KeyValue conforming to the
+// "db.statement" semantic conventions. It represents the database statement
+// being executed.
+func DBStatement(val string) attribute.KeyValue {
+	return DBStatementKey.String(val)
+}
+
+// DBOperation returns an attribute KeyValue conforming to the
+// "db.operation" semantic conventions. It represents the name of the operation
+// being executed, e.g. the [MongoDB command
+// name](https://docs.mongodb.com/manual/reference/command/#database-operations)
+// such as `findAndModify`, or the SQL keyword.
+func DBOperation(val string) attribute.KeyValue {
+	return DBOperationKey.String(val)
+}
+
+// Connection-level attributes for Microsoft SQL Server
+const (
+	// DBMSSQLInstanceNameKey is the attribute Key conforming to the
+	// "db.mssql.instance_name" semantic conventions. It represents the
+	// Microsoft SQL Server [instance
+	// name](https://docs.microsoft.com/en-us/sql/connect/jdbc/building-the-connection-url?view=sql-server-ver15)
+	// connecting to. This name is used to determine the port of a named
+	// instance.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'MSSQLSERVER'
+	// Note: If setting a `db.mssql.instance_name`, `net.peer.port` is no
+	// longer required (but still recommended if non-standard).
+	DBMSSQLInstanceNameKey = attribute.Key("db.mssql.instance_name")
+)
+
+// DBMSSQLInstanceName returns an attribute KeyValue conforming to the
+// "db.mssql.instance_name" semantic conventions. It represents the Microsoft
+// SQL Server [instance
+// name](https://docs.microsoft.com/en-us/sql/connect/jdbc/building-the-connection-url?view=sql-server-ver15)
+// connecting to. This name is used to determine the port of a named instance.
+func DBMSSQLInstanceName(val string) attribute.KeyValue {
+	return DBMSSQLInstanceNameKey.String(val)
+}
+
+// Call-level attributes for Cassandra
+const (
+	// DBCassandraPageSizeKey is the attribute Key conforming to the
+	// "db.cassandra.page_size" semantic conventions. It represents the fetch
+	// size used for paging, i.e. how many rows will be returned at once.
+	//
+	// Type: int
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 5000
+	DBCassandraPageSizeKey = attribute.Key("db.cassandra.page_size")
+
+	// DBCassandraConsistencyLevelKey is the attribute Key conforming to the
+	// "db.cassandra.consistency_level" semantic conventions. It represents the
+	// consistency level of the query. Based on consistency values from
+	// [CQL](https://docs.datastax.com/en/cassandra-oss/3.0/cassandra/dml/dmlConfigConsistency.html).
+	//
+	// Type: Enum
+	// RequirementLevel: Optional
+	// Stability: stable
+	DBCassandraConsistencyLevelKey = attribute.Key("db.cassandra.consistency_level")
+
+	// DBCassandraTableKey is the attribute Key conforming to the
+	// "db.cassandra.table" semantic conventions. It represents the name of the
+	// primary table that the operation is acting upon, including the keyspace
+	// name (if applicable).
+	//
+	// Type: string
+	// RequirementLevel: Recommended
+	// Stability: stable
+	// Examples: 'mytable'
+	// Note: This mirrors the db.sql.table attribute but references cassandra
+	// rather than sql. It is not recommended to attempt any client-side
+	// parsing of `db.statement` just to get this property, but it should be
+	// set if it is provided by the library being instrumented. If the
+	// operation is acting upon an anonymous table, or more than one table,
+	// this value MUST NOT be set.
+	DBCassandraTableKey = attribute.Key("db.cassandra.table")
+
+	// DBCassandraIdempotenceKey is the attribute Key conforming to the
+	// "db.cassandra.idempotence" semantic conventions. It represents the
+	// whether or not the query is idempotent.
+	//
+	// Type: boolean
+	// RequirementLevel: Optional
+	// Stability: stable
+	DBCassandraIdempotenceKey = attribute.Key("db.cassandra.idempotence")
+
+	// DBCassandraSpeculativeExecutionCountKey is the attribute Key conforming
+	// to the "db.cassandra.speculative_execution_count" semantic conventions.
+	// It represents the number of times a query was speculatively executed.
+	// Not set or `0` if the query was not executed speculatively.
+	//
+	// Type: int
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 0, 2
+	DBCassandraSpeculativeExecutionCountKey = attribute.Key("db.cassandra.speculative_execution_count")
+
+	// DBCassandraCoordinatorIDKey is the attribute Key conforming to the
+	// "db.cassandra.coordinator.id" semantic conventions. It represents the ID
+	// of the coordinating node for a query.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'be13faa2-8574-4d71-926d-27f16cf8a7af'
+	DBCassandraCoordinatorIDKey = attribute.Key("db.cassandra.coordinator.id")
+
+	// DBCassandraCoordinatorDCKey is the attribute Key conforming to the
+	// "db.cassandra.coordinator.dc" semantic conventions. It represents the
+	// data center of the coordinating node for a query.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'us-west-2'
+	DBCassandraCoordinatorDCKey = attribute.Key("db.cassandra.coordinator.dc")
+)
+
+var (
+	// all
+	DBCassandraConsistencyLevelAll = DBCassandraConsistencyLevelKey.String("all")
+	// each_quorum
+	DBCassandraConsistencyLevelEachQuorum = DBCassandraConsistencyLevelKey.String("each_quorum")
+	// quorum
+	DBCassandraConsistencyLevelQuorum = DBCassandraConsistencyLevelKey.String("quorum")
+	// local_quorum
+	DBCassandraConsistencyLevelLocalQuorum = DBCassandraConsistencyLevelKey.String("local_quorum")
+	// one
+	DBCassandraConsistencyLevelOne = DBCassandraConsistencyLevelKey.String("one")
+	// two
+	DBCassandraConsistencyLevelTwo = DBCassandraConsistencyLevelKey.String("two")
+	// three
+	DBCassandraConsistencyLevelThree = DBCassandraConsistencyLevelKey.String("three")
+	// local_one
+	DBCassandraConsistencyLevelLocalOne = DBCassandraConsistencyLevelKey.String("local_one")
+	// any
+	DBCassandraConsistencyLevelAny = DBCassandraConsistencyLevelKey.String("any")
+	// serial
+	DBCassandraConsistencyLevelSerial = DBCassandraConsistencyLevelKey.String("serial")
+	// local_serial
+	DBCassandraConsistencyLevelLocalSerial = DBCassandraConsistencyLevelKey.String("local_serial")
+)
+
+// DBCassandraPageSize returns an attribute KeyValue conforming to the
+// "db.cassandra.page_size" semantic conventions. It represents the fetch size
+// used for paging, i.e. how many rows will be returned at once.
+func DBCassandraPageSize(val int) attribute.KeyValue {
+	return DBCassandraPageSizeKey.Int(val)
+}
+
+// DBCassandraTable returns an attribute KeyValue conforming to the
+// "db.cassandra.table" semantic conventions. It represents the name of the
+// primary table that the operation is acting upon, including the keyspace name
+// (if applicable).
+func DBCassandraTable(val string) attribute.KeyValue {
+	return DBCassandraTableKey.String(val)
+}
+
+// DBCassandraIdempotence returns an attribute KeyValue conforming to the
+// "db.cassandra.idempotence" semantic conventions. It represents the whether
+// or not the query is idempotent.
+func DBCassandraIdempotence(val bool) attribute.KeyValue {
+	return DBCassandraIdempotenceKey.Bool(val)
+}
+
+// DBCassandraSpeculativeExecutionCount returns an attribute KeyValue
+// conforming to the "db.cassandra.speculative_execution_count" semantic
+// conventions. It represents the number of times a query was speculatively
+// executed. Not set or `0` if the query was not executed speculatively.
+func DBCassandraSpeculativeExecutionCount(val int) attribute.KeyValue {
+	return DBCassandraSpeculativeExecutionCountKey.Int(val)
+}
+
+// DBCassandraCoordinatorID returns an attribute KeyValue conforming to the
+// "db.cassandra.coordinator.id" semantic conventions. It represents the ID of
+// the coordinating node for a query.
+func DBCassandraCoordinatorID(val string) attribute.KeyValue {
+	return DBCassandraCoordinatorIDKey.String(val)
+}
+
+// DBCassandraCoordinatorDC returns an attribute KeyValue conforming to the
+// "db.cassandra.coordinator.dc" semantic conventions. It represents the data
+// center of the coordinating node for a query.
+func DBCassandraCoordinatorDC(val string) attribute.KeyValue {
+	return DBCassandraCoordinatorDCKey.String(val)
+}
+
+// Call-level attributes for Redis
+const (
+	// DBRedisDBIndexKey is the attribute Key conforming to the
+	// "db.redis.database_index" semantic conventions. It represents the index
+	// of the database being accessed as used in the [`SELECT`
+	// command](https://redis.io/commands/select), provided as an integer. To
+	// be used instead of the generic `db.name` attribute.
+	//
+	// Type: int
+	// RequirementLevel: ConditionallyRequired (If other than the default
+	// database (`0`).)
+	// Stability: stable
+	// Examples: 0, 1, 15
+	DBRedisDBIndexKey = attribute.Key("db.redis.database_index")
+)
+
+// DBRedisDBIndex returns an attribute KeyValue conforming to the
+// "db.redis.database_index" semantic conventions. It represents the index of
+// the database being accessed as used in the [`SELECT`
+// command](https://redis.io/commands/select), provided as an integer. To be
+// used instead of the generic `db.name` attribute.
+func DBRedisDBIndex(val int) attribute.KeyValue {
+	return DBRedisDBIndexKey.Int(val)
+}
+
+// Call-level attributes for MongoDB
+const (
+	// DBMongoDBCollectionKey is the attribute Key conforming to the
+	// "db.mongodb.collection" semantic conventions. It represents the
+	// collection being accessed within the database stated in `db.name`.
+	//
+	// Type: string
+	// RequirementLevel: Required
+	// Stability: stable
+	// Examples: 'customers', 'products'
+	DBMongoDBCollectionKey = attribute.Key("db.mongodb.collection")
+)
+
+// DBMongoDBCollection returns an attribute KeyValue conforming to the
+// "db.mongodb.collection" semantic conventions. It represents the collection
+// being accessed within the database stated in `db.name`.
+func DBMongoDBCollection(val string) attribute.KeyValue {
+	return DBMongoDBCollectionKey.String(val)
+}
+
+// Call-level attributes for SQL databases
+const (
+	// DBSQLTableKey is the attribute Key conforming to the "db.sql.table"
+	// semantic conventions. It represents the name of the primary table that
+	// the operation is acting upon, including the database name (if
+	// applicable).
+	//
+	// Type: string
+	// RequirementLevel: Recommended
+	// Stability: stable
+	// Examples: 'public.users', 'customers'
+	// Note: It is not recommended to attempt any client-side parsing of
+	// `db.statement` just to get this property, but it should be set if it is
+	// provided by the library being instrumented. If the operation is acting
+	// upon an anonymous table, or more than one table, this value MUST NOT be
+	// set.
+	DBSQLTableKey = attribute.Key("db.sql.table")
+)
+
+// DBSQLTable returns an attribute KeyValue conforming to the "db.sql.table"
+// semantic conventions. It represents the name of the primary table that the
+// operation is acting upon, including the database name (if applicable).
+func DBSQLTable(val string) attribute.KeyValue {
+	return DBSQLTableKey.String(val)
+}
+
+// Span attributes used by non-OTLP exporters to represent OpenTelemetry Span's
+// concepts.
+const (
+	// OtelStatusCodeKey is the attribute Key conforming to the
+	// "otel.status_code" semantic conventions. It represents the name of the
+	// code, either "OK" or "ERROR". MUST NOT be set if the status code is
+	// UNSET.
+	//
+	// Type: Enum
+	// RequirementLevel: Optional
+	// Stability: stable
+	OtelStatusCodeKey = attribute.Key("otel.status_code")
+
+	// OtelStatusDescriptionKey is the attribute Key conforming to the
+	// "otel.status_description" semantic conventions. It represents the
+	// description of the Status if it has a value, otherwise not set.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'resource not found'
+	OtelStatusDescriptionKey = attribute.Key("otel.status_description")
+)
+
+var (
+	// The operation has been validated by an Application developer or Operator to have completed successfully
+	OtelStatusCodeOk = OtelStatusCodeKey.String("OK")
+	// The operation contains an error
+	OtelStatusCodeError = OtelStatusCodeKey.String("ERROR")
+)
+
+// OtelStatusDescription returns an attribute KeyValue conforming to the
+// "otel.status_description" semantic conventions. It represents the
+// description of the Status if it has a value, otherwise not set.
+func OtelStatusDescription(val string) attribute.KeyValue {
+	return OtelStatusDescriptionKey.String(val)
+}
+
+// This semantic convention describes an instance of a function that runs
+// without provisioning or managing of servers (also known as serverless
+// functions or Function as a Service (FaaS)) with spans.
+const (
+	// FaaSTriggerKey is the attribute Key conforming to the "faas.trigger"
+	// semantic conventions. It represents the type of the trigger which caused
+	// this function execution.
+	//
+	// Type: Enum
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Note: For the server/consumer span on the incoming side,
+	// `faas.trigger` MUST be set.
+	//
+	// Clients invoking FaaS instances usually cannot set `faas.trigger`,
+	// since they would typically need to look in the payload to determine
+	// the event type. If clients set it, it should be the same as the
+	// trigger that corresponding incoming would have (i.e., this has
+	// nothing to do with the underlying transport used to make the API
+	// call to invoke the lambda, which is often HTTP).
+	FaaSTriggerKey = attribute.Key("faas.trigger")
+
+	// FaaSExecutionKey is the attribute Key conforming to the "faas.execution"
+	// semantic conventions. It represents the execution ID of the current
+	// function execution.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'af9d5aa4-a685-4c5f-a22b-444f80b3cc28'
+	FaaSExecutionKey = attribute.Key("faas.execution")
+)
+
+var (
+	// A response to some data source operation such as a database or filesystem read/write
+	FaaSTriggerDatasource = FaaSTriggerKey.String("datasource")
+	// To provide an answer to an inbound HTTP request
+	FaaSTriggerHTTP = FaaSTriggerKey.String("http")
+	// A function is set to be executed when messages are sent to a messaging system
+	FaaSTriggerPubsub = FaaSTriggerKey.String("pubsub")
+	// A function is scheduled to be executed regularly
+	FaaSTriggerTimer = FaaSTriggerKey.String("timer")
+	// If none of the others apply
+	FaaSTriggerOther = FaaSTriggerKey.String("other")
+)
+
+// FaaSExecution returns an attribute KeyValue conforming to the
+// "faas.execution" semantic conventions. It represents the execution ID of the
+// current function execution.
+func FaaSExecution(val string) attribute.KeyValue {
+	return FaaSExecutionKey.String(val)
+}
+
+// Semantic Convention for FaaS triggered as a response to some data source
+// operation such as a database or filesystem read/write.
+const (
+	// FaaSDocumentCollectionKey is the attribute Key conforming to the
+	// "faas.document.collection" semantic conventions. It represents the name
+	// of the source on which the triggering operation was performed. For
+	// example, in Cloud Storage or S3 corresponds to the bucket name, and in
+	// Cosmos DB to the database name.
+	//
+	// Type: string
+	// RequirementLevel: Required
+	// Stability: stable
+	// Examples: 'myBucketName', 'myDBName'
+	FaaSDocumentCollectionKey = attribute.Key("faas.document.collection")
+
+	// FaaSDocumentOperationKey is the attribute Key conforming to the
+	// "faas.document.operation" semantic conventions. It represents the
+	// describes the type of the operation that was performed on the data.
+	//
+	// Type: Enum
+	// RequirementLevel: Required
+	// Stability: stable
+	FaaSDocumentOperationKey = attribute.Key("faas.document.operation")
+
+	// FaaSDocumentTimeKey is the attribute Key conforming to the
+	// "faas.document.time" semantic conventions. It represents a string
+	// containing the time when the data was accessed in the [ISO
+	// 8601](https://www.iso.org/iso-8601-date-and-time-format.html) format
+	// expressed in [UTC](https://www.w3.org/TR/NOTE-datetime).
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: '2020-01-23T13:47:06Z'
+	FaaSDocumentTimeKey = attribute.Key("faas.document.time")
+
+	// FaaSDocumentNameKey is the attribute Key conforming to the
+	// "faas.document.name" semantic conventions. It represents the document
+	// name/table subjected to the operation. For example, in Cloud Storage or
+	// S3 is the name of the file, and in Cosmos DB the table name.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'myFile.txt', 'myTableName'
+	FaaSDocumentNameKey = attribute.Key("faas.document.name")
+)
+
+var (
+	// When a new object is created
+	FaaSDocumentOperationInsert = FaaSDocumentOperationKey.String("insert")
+	// When an object is modified
+	FaaSDocumentOperationEdit = FaaSDocumentOperationKey.String("edit")
+	// When an object is deleted
+	FaaSDocumentOperationDelete = FaaSDocumentOperationKey.String("delete")
+)
+
+// FaaSDocumentCollection returns an attribute KeyValue conforming to the
+// "faas.document.collection" semantic conventions. It represents the name of
+// the source on which the triggering operation was performed. For example, in
+// Cloud Storage or S3 corresponds to the bucket name, and in Cosmos DB to the
+// database name.
+func FaaSDocumentCollection(val string) attribute.KeyValue {
+	return FaaSDocumentCollectionKey.String(val)
+}
+
+// FaaSDocumentTime returns an attribute KeyValue conforming to the
+// "faas.document.time" semantic conventions. It represents a string containing
+// the time when the data was accessed in the [ISO
+// 8601](https://www.iso.org/iso-8601-date-and-time-format.html) format
+// expressed in [UTC](https://www.w3.org/TR/NOTE-datetime).
+func FaaSDocumentTime(val string) attribute.KeyValue {
+	return FaaSDocumentTimeKey.String(val)
+}
+
+// FaaSDocumentName returns an attribute KeyValue conforming to the
+// "faas.document.name" semantic conventions. It represents the document
+// name/table subjected to the operation. For example, in Cloud Storage or S3
+// is the name of the file, and in Cosmos DB the table name.
+func FaaSDocumentName(val string) attribute.KeyValue {
+	return FaaSDocumentNameKey.String(val)
+}
+
+// Semantic Convention for FaaS scheduled to be executed regularly.
+const (
+	// FaaSTimeKey is the attribute Key conforming to the "faas.time" semantic
+	// conventions. It represents a string containing the function invocation
+	// time in the [ISO
+	// 8601](https://www.iso.org/iso-8601-date-and-time-format.html) format
+	// expressed in [UTC](https://www.w3.org/TR/NOTE-datetime).
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: '2020-01-23T13:47:06Z'
+	FaaSTimeKey = attribute.Key("faas.time")
+
+	// FaaSCronKey is the attribute Key conforming to the "faas.cron" semantic
+	// conventions. It represents a string containing the schedule period as
+	// [Cron
+	// Expression](https://docs.oracle.com/cd/E12058_01/doc/doc.1014/e12030/cron_expressions.htm).
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: '0/5 * * * ? *'
+	FaaSCronKey = attribute.Key("faas.cron")
+)
+
+// FaaSTime returns an attribute KeyValue conforming to the "faas.time"
+// semantic conventions. It represents a string containing the function
+// invocation time in the [ISO
+// 8601](https://www.iso.org/iso-8601-date-and-time-format.html) format
+// expressed in [UTC](https://www.w3.org/TR/NOTE-datetime).
+func FaaSTime(val string) attribute.KeyValue {
+	return FaaSTimeKey.String(val)
+}
+
+// FaaSCron returns an attribute KeyValue conforming to the "faas.cron"
+// semantic conventions. It represents a string containing the schedule period
+// as [Cron
+// Expression](https://docs.oracle.com/cd/E12058_01/doc/doc.1014/e12030/cron_expressions.htm).
+func FaaSCron(val string) attribute.KeyValue {
+	return FaaSCronKey.String(val)
+}
+
+// Contains additional attributes for incoming FaaS spans.
+const (
+	// FaaSColdstartKey is the attribute Key conforming to the "faas.coldstart"
+	// semantic conventions. It represents a boolean that is true if the
+	// serverless function is executed for the first time (aka cold-start).
+	//
+	// Type: boolean
+	// RequirementLevel: Optional
+	// Stability: stable
+	FaaSColdstartKey = attribute.Key("faas.coldstart")
+)
+
+// FaaSColdstart returns an attribute KeyValue conforming to the
+// "faas.coldstart" semantic conventions. It represents a boolean that is true
+// if the serverless function is executed for the first time (aka cold-start).
+func FaaSColdstart(val bool) attribute.KeyValue {
+	return FaaSColdstartKey.Bool(val)
+}
+
+// Contains additional attributes for outgoing FaaS spans.
+const (
+	// FaaSInvokedNameKey is the attribute Key conforming to the
+	// "faas.invoked_name" semantic conventions. It represents the name of the
+	// invoked function.
+	//
+	// Type: string
+	// RequirementLevel: Required
+	// Stability: stable
+	// Examples: 'my-function'
+	// Note: SHOULD be equal to the `faas.name` resource attribute of the
+	// invoked function.
+	FaaSInvokedNameKey = attribute.Key("faas.invoked_name")
+
+	// FaaSInvokedProviderKey is the attribute Key conforming to the
+	// "faas.invoked_provider" semantic conventions. It represents the cloud
+	// provider of the invoked function.
+	//
+	// Type: Enum
+	// RequirementLevel: Required
+	// Stability: stable
+	// Note: SHOULD be equal to the `cloud.provider` resource attribute of the
+	// invoked function.
+	FaaSInvokedProviderKey = attribute.Key("faas.invoked_provider")
+
+	// FaaSInvokedRegionKey is the attribute Key conforming to the
+	// "faas.invoked_region" semantic conventions. It represents the cloud
+	// region of the invoked function.
+	//
+	// Type: string
+	// RequirementLevel: ConditionallyRequired (For some cloud providers, like
+	// AWS or GCP, the region in which a function is hosted is essential to
+	// uniquely identify the function and also part of its endpoint. Since it's
+	// part of the endpoint being called, the region is always known to
+	// clients. In these cases, `faas.invoked_region` MUST be set accordingly.
+	// If the region is unknown to the client or not required for identifying
+	// the invoked function, setting `faas.invoked_region` is optional.)
+	// Stability: stable
+	// Examples: 'eu-central-1'
+	// Note: SHOULD be equal to the `cloud.region` resource attribute of the
+	// invoked function.
+	FaaSInvokedRegionKey = attribute.Key("faas.invoked_region")
+)
+
+var (
+	// Alibaba Cloud
+	FaaSInvokedProviderAlibabaCloud = FaaSInvokedProviderKey.String("alibaba_cloud")
+	// Amazon Web Services
+	FaaSInvokedProviderAWS = FaaSInvokedProviderKey.String("aws")
+	// Microsoft Azure
+	FaaSInvokedProviderAzure = FaaSInvokedProviderKey.String("azure")
+	// Google Cloud Platform
+	FaaSInvokedProviderGCP = FaaSInvokedProviderKey.String("gcp")
+	// Tencent Cloud
+	FaaSInvokedProviderTencentCloud = FaaSInvokedProviderKey.String("tencent_cloud")
+)
+
+// FaaSInvokedName returns an attribute KeyValue conforming to the
+// "faas.invoked_name" semantic conventions. It represents the name of the
+// invoked function.
+func FaaSInvokedName(val string) attribute.KeyValue {
+	return FaaSInvokedNameKey.String(val)
+}
+
+// FaaSInvokedRegion returns an attribute KeyValue conforming to the
+// "faas.invoked_region" semantic conventions. It represents the cloud region
+// of the invoked function.
+func FaaSInvokedRegion(val string) attribute.KeyValue {
+	return FaaSInvokedRegionKey.String(val)
+}
+
+// These attributes may be used for any network related operation.
+const (
+	// NetTransportKey is the attribute Key conforming to the "net.transport"
+	// semantic conventions. It represents the transport protocol used. See
+	// note below.
+	//
+	// Type: Enum
+	// RequirementLevel: Optional
+	// Stability: stable
+	NetTransportKey = attribute.Key("net.transport")
+
+	// NetAppProtocolNameKey is the attribute Key conforming to the
+	// "net.app.protocol.name" semantic conventions. It represents the
+	// application layer protocol used. The value SHOULD be normalized to
+	// lowercase.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'amqp', 'http', 'mqtt'
+	NetAppProtocolNameKey = attribute.Key("net.app.protocol.name")
+
+	// NetAppProtocolVersionKey is the attribute Key conforming to the
+	// "net.app.protocol.version" semantic conventions. It represents the
+	// version of the application layer protocol used. See note below.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: '3.1.1'
+	// Note: `net.app.protocol.version` refers to the version of the protocol
+	// used and might be different from the protocol client's version. If the
+	// HTTP client used has a version of `0.27.2`, but sends HTTP version
+	// `1.1`, this attribute should be set to `1.1`.
+	NetAppProtocolVersionKey = attribute.Key("net.app.protocol.version")
+
+	// NetSockPeerNameKey is the attribute Key conforming to the
+	// "net.sock.peer.name" semantic conventions. It represents the remote
+	// socket peer name.
+	//
+	// Type: string
+	// RequirementLevel: Recommended (If available and different from
+	// `net.peer.name` and if `net.sock.peer.addr` is set.)
+	// Stability: stable
+	// Examples: 'proxy.example.com'
+	NetSockPeerNameKey = attribute.Key("net.sock.peer.name")
+
+	// NetSockPeerAddrKey is the attribute Key conforming to the
+	// "net.sock.peer.addr" semantic conventions. It represents the remote
+	// socket peer address: IPv4 or IPv6 for internet protocols, path for local
+	// communication,
+	// [etc](https://man7.org/linux/man-pages/man7/address_families.7.html).
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: '127.0.0.1', '/tmp/mysql.sock'
+	NetSockPeerAddrKey = attribute.Key("net.sock.peer.addr")
+
+	// NetSockPeerPortKey is the attribute Key conforming to the
+	// "net.sock.peer.port" semantic conventions. It represents the remote
+	// socket peer port.
+	//
+	// Type: int
+	// RequirementLevel: Recommended (If defined for the address family and if
+	// different than `net.peer.port` and if `net.sock.peer.addr` is set.)
+	// Stability: stable
+	// Examples: 16456
+	NetSockPeerPortKey = attribute.Key("net.sock.peer.port")
+
+	// NetSockFamilyKey is the attribute Key conforming to the
+	// "net.sock.family" semantic conventions. It represents the protocol
+	// [address
+	// family](https://man7.org/linux/man-pages/man7/address_families.7.html)
+	// which is used for communication.
+	//
+	// Type: Enum
+	// RequirementLevel: ConditionallyRequired (If different than `inet` and if
+	// any of `net.sock.peer.addr` or `net.sock.host.addr` are set. Consumers
+	// of telemetry SHOULD accept both IPv4 and IPv6 formats for the address in
+	// `net.sock.peer.addr` if `net.sock.family` is not set. This is to support
+	// instrumentations that follow previous versions of this document.)
+	// Stability: stable
+	// Examples: 'inet6', 'bluetooth'
+	NetSockFamilyKey = attribute.Key("net.sock.family")
+
+	// NetPeerNameKey is the attribute Key conforming to the "net.peer.name"
+	// semantic conventions. It represents the logical remote hostname, see
+	// note below.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'example.com'
+	// Note: `net.peer.name` SHOULD NOT be set if capturing it would require an
+	// extra DNS lookup.
+	NetPeerNameKey = attribute.Key("net.peer.name")
+
+	// NetPeerPortKey is the attribute Key conforming to the "net.peer.port"
+	// semantic conventions. It represents the logical remote port number
+	//
+	// Type: int
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 80, 8080, 443
+	NetPeerPortKey = attribute.Key("net.peer.port")
+
+	// NetHostNameKey is the attribute Key conforming to the "net.host.name"
+	// semantic conventions. It represents the logical local hostname or
+	// similar, see note below.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'localhost'
+	NetHostNameKey = attribute.Key("net.host.name")
+
+	// NetHostPortKey is the attribute Key conforming to the "net.host.port"
+	// semantic conventions. It represents the logical local port number,
+	// preferably the one that the peer used to connect
+	//
+	// Type: int
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 8080
+	NetHostPortKey = attribute.Key("net.host.port")
+
+	// NetSockHostAddrKey is the attribute Key conforming to the
+	// "net.sock.host.addr" semantic conventions. It represents the local
+	// socket address. Useful in case of a multi-IP host.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: '192.168.0.1'
+	NetSockHostAddrKey = attribute.Key("net.sock.host.addr")
+
+	// NetSockHostPortKey is the attribute Key conforming to the
+	// "net.sock.host.port" semantic conventions. It represents the local
+	// socket port number.
+	//
+	// Type: int
+	// RequirementLevel: Recommended (If defined for the address family and if
+	// different than `net.host.port` and if `net.sock.host.addr` is set.)
+	// Stability: stable
+	// Examples: 35555
+	NetSockHostPortKey = attribute.Key("net.sock.host.port")
+
+	// NetHostConnectionTypeKey is the attribute Key conforming to the
+	// "net.host.connection.type" semantic conventions. It represents the
+	// internet connection type currently being used by the host.
+	//
+	// Type: Enum
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'wifi'
+	NetHostConnectionTypeKey = attribute.Key("net.host.connection.type")
+
+	// NetHostConnectionSubtypeKey is the attribute Key conforming to the
+	// "net.host.connection.subtype" semantic conventions. It represents the
+	// this describes more details regarding the connection.type. It may be the
+	// type of cell technology connection, but it could be used for describing
+	// details about a wifi connection.
+	//
+	// Type: Enum
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'LTE'
+	NetHostConnectionSubtypeKey = attribute.Key("net.host.connection.subtype")
+
+	// NetHostCarrierNameKey is the attribute Key conforming to the
+	// "net.host.carrier.name" semantic conventions. It represents the name of
+	// the mobile carrier.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'sprint'
+	NetHostCarrierNameKey = attribute.Key("net.host.carrier.name")
+
+	// NetHostCarrierMccKey is the attribute Key conforming to the
+	// "net.host.carrier.mcc" semantic conventions. It represents the mobile
+	// carrier country code.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: '310'
+	NetHostCarrierMccKey = attribute.Key("net.host.carrier.mcc")
+
+	// NetHostCarrierMncKey is the attribute Key conforming to the
+	// "net.host.carrier.mnc" semantic conventions. It represents the mobile
+	// carrier network code.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: '001'
+	NetHostCarrierMncKey = attribute.Key("net.host.carrier.mnc")
+
+	// NetHostCarrierIccKey is the attribute Key conforming to the
+	// "net.host.carrier.icc" semantic conventions. It represents the ISO
+	// 3166-1 alpha-2 2-character country code associated with the mobile
+	// carrier network.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'DE'
+	NetHostCarrierIccKey = attribute.Key("net.host.carrier.icc")
+)
+
+var (
+	// ip_tcp
+	NetTransportTCP = NetTransportKey.String("ip_tcp")
+	// ip_udp
+	NetTransportUDP = NetTransportKey.String("ip_udp")
+	// Named or anonymous pipe. See note below
+	NetTransportPipe = NetTransportKey.String("pipe")
+	// In-process communication
+	NetTransportInProc = NetTransportKey.String("inproc")
+	// Something else (non IP-based)
+	NetTransportOther = NetTransportKey.String("other")
+)
+
+var (
+	// IPv4 address
+	NetSockFamilyInet = NetSockFamilyKey.String("inet")
+	// IPv6 address
+	NetSockFamilyInet6 = NetSockFamilyKey.String("inet6")
+	// Unix domain socket path
+	NetSockFamilyUnix = NetSockFamilyKey.String("unix")
+)
+
+var (
+	// wifi
+	NetHostConnectionTypeWifi = NetHostConnectionTypeKey.String("wifi")
+	// wired
+	NetHostConnectionTypeWired = NetHostConnectionTypeKey.String("wired")
+	// cell
+	NetHostConnectionTypeCell = NetHostConnectionTypeKey.String("cell")
+	// unavailable
+	NetHostConnectionTypeUnavailable = NetHostConnectionTypeKey.String("unavailable")
+	// unknown
+	NetHostConnectionTypeUnknown = NetHostConnectionTypeKey.String("unknown")
+)
+
+var (
+	// GPRS
+	NetHostConnectionSubtypeGprs = NetHostConnectionSubtypeKey.String("gprs")
+	// EDGE
+	NetHostConnectionSubtypeEdge = NetHostConnectionSubtypeKey.String("edge")
+	// UMTS
+	NetHostConnectionSubtypeUmts = NetHostConnectionSubtypeKey.String("umts")
+	// CDMA
+	NetHostConnectionSubtypeCdma = NetHostConnectionSubtypeKey.String("cdma")
+	// EVDO Rel. 0
+	NetHostConnectionSubtypeEvdo0 = NetHostConnectionSubtypeKey.String("evdo_0")
+	// EVDO Rev. A
+	NetHostConnectionSubtypeEvdoA = NetHostConnectionSubtypeKey.String("evdo_a")
+	// CDMA2000 1XRTT
+	NetHostConnectionSubtypeCdma20001xrtt = NetHostConnectionSubtypeKey.String("cdma2000_1xrtt")
+	// HSDPA
+	NetHostConnectionSubtypeHsdpa = NetHostConnectionSubtypeKey.String("hsdpa")
+	// HSUPA
+	NetHostConnectionSubtypeHsupa = NetHostConnectionSubtypeKey.String("hsupa")
+	// HSPA
+	NetHostConnectionSubtypeHspa = NetHostConnectionSubtypeKey.String("hspa")
+	// IDEN
+	NetHostConnectionSubtypeIden = NetHostConnectionSubtypeKey.String("iden")
+	// EVDO Rev. B
+	NetHostConnectionSubtypeEvdoB = NetHostConnectionSubtypeKey.String("evdo_b")
+	// LTE
+	NetHostConnectionSubtypeLte = NetHostConnectionSubtypeKey.String("lte")
+	// EHRPD
+	NetHostConnectionSubtypeEhrpd = NetHostConnectionSubtypeKey.String("ehrpd")
+	// HSPAP
+	NetHostConnectionSubtypeHspap = NetHostConnectionSubtypeKey.String("hspap")
+	// GSM
+	NetHostConnectionSubtypeGsm = NetHostConnectionSubtypeKey.String("gsm")
+	// TD-SCDMA
+	NetHostConnectionSubtypeTdScdma = NetHostConnectionSubtypeKey.String("td_scdma")
+	// IWLAN
+	NetHostConnectionSubtypeIwlan = NetHostConnectionSubtypeKey.String("iwlan")
+	// 5G NR (New Radio)
+	NetHostConnectionSubtypeNr = NetHostConnectionSubtypeKey.String("nr")
+	// 5G NRNSA (New Radio Non-Standalone)
+	NetHostConnectionSubtypeNrnsa = NetHostConnectionSubtypeKey.String("nrnsa")
+	// LTE CA
+	NetHostConnectionSubtypeLteCa = NetHostConnectionSubtypeKey.String("lte_ca")
+)
+
+// NetAppProtocolName returns an attribute KeyValue conforming to the
+// "net.app.protocol.name" semantic conventions. It represents the application
+// layer protocol used. The value SHOULD be normalized to lowercase.
+func NetAppProtocolName(val string) attribute.KeyValue {
+	return NetAppProtocolNameKey.String(val)
+}
+
+// NetAppProtocolVersion returns an attribute KeyValue conforming to the
+// "net.app.protocol.version" semantic conventions. It represents the version
+// of the application layer protocol used. See note below.
+func NetAppProtocolVersion(val string) attribute.KeyValue {
+	return NetAppProtocolVersionKey.String(val)
+}
+
+// NetSockPeerName returns an attribute KeyValue conforming to the
+// "net.sock.peer.name" semantic conventions. It represents the remote socket
+// peer name.
+func NetSockPeerName(val string) attribute.KeyValue {
+	return NetSockPeerNameKey.String(val)
+}
+
+// NetSockPeerAddr returns an attribute KeyValue conforming to the
+// "net.sock.peer.addr" semantic conventions. It represents the remote socket
+// peer address: IPv4 or IPv6 for internet protocols, path for local
+// communication,
+// [etc](https://man7.org/linux/man-pages/man7/address_families.7.html).
+func NetSockPeerAddr(val string) attribute.KeyValue {
+	return NetSockPeerAddrKey.String(val)
+}
+
+// NetSockPeerPort returns an attribute KeyValue conforming to the
+// "net.sock.peer.port" semantic conventions. It represents the remote socket
+// peer port.
+func NetSockPeerPort(val int) attribute.KeyValue {
+	return NetSockPeerPortKey.Int(val)
+}
+
+// NetPeerName returns an attribute KeyValue conforming to the
+// "net.peer.name" semantic conventions. It represents the logical remote
+// hostname, see note below.
+func NetPeerName(val string) attribute.KeyValue {
+	return NetPeerNameKey.String(val)
+}
+
+// NetPeerPort returns an attribute KeyValue conforming to the
+// "net.peer.port" semantic conventions. It represents the logical remote port
+// number
+func NetPeerPort(val int) attribute.KeyValue {
+	return NetPeerPortKey.Int(val)
+}
+
+// NetHostName returns an attribute KeyValue conforming to the
+// "net.host.name" semantic conventions. It represents the logical local
+// hostname or similar, see note below.
+func NetHostName(val string) attribute.KeyValue {
+	return NetHostNameKey.String(val)
+}
+
+// NetHostPort returns an attribute KeyValue conforming to the
+// "net.host.port" semantic conventions. It represents the logical local port
+// number, preferably the one that the peer used to connect
+func NetHostPort(val int) attribute.KeyValue {
+	return NetHostPortKey.Int(val)
+}
+
+// NetSockHostAddr returns an attribute KeyValue conforming to the
+// "net.sock.host.addr" semantic conventions. It represents the local socket
+// address. Useful in case of a multi-IP host.
+func NetSockHostAddr(val string) attribute.KeyValue {
+	return NetSockHostAddrKey.String(val)
+}
+
+// NetSockHostPort returns an attribute KeyValue conforming to the
+// "net.sock.host.port" semantic conventions. It represents the local socket
+// port number.
+func NetSockHostPort(val int) attribute.KeyValue {
+	return NetSockHostPortKey.Int(val)
+}
+
+// NetHostCarrierName returns an attribute KeyValue conforming to the
+// "net.host.carrier.name" semantic conventions. It represents the name of the
+// mobile carrier.
+func NetHostCarrierName(val string) attribute.KeyValue {
+	return NetHostCarrierNameKey.String(val)
+}
+
+// NetHostCarrierMcc returns an attribute KeyValue conforming to the
+// "net.host.carrier.mcc" semantic conventions. It represents the mobile
+// carrier country code.
+func NetHostCarrierMcc(val string) attribute.KeyValue {
+	return NetHostCarrierMccKey.String(val)
+}
+
+// NetHostCarrierMnc returns an attribute KeyValue conforming to the
+// "net.host.carrier.mnc" semantic conventions. It represents the mobile
+// carrier network code.
+func NetHostCarrierMnc(val string) attribute.KeyValue {
+	return NetHostCarrierMncKey.String(val)
+}
+
+// NetHostCarrierIcc returns an attribute KeyValue conforming to the
+// "net.host.carrier.icc" semantic conventions. It represents the ISO 3166-1
+// alpha-2 2-character country code associated with the mobile carrier network.
+func NetHostCarrierIcc(val string) attribute.KeyValue {
+	return NetHostCarrierIccKey.String(val)
+}
+
+// Operations that access some remote service.
+const (
+	// PeerServiceKey is the attribute Key conforming to the "peer.service"
+	// semantic conventions. It represents the
+	// [`service.name`](../../resource/semantic_conventions/README.md#service)
+	// of the remote service. SHOULD be equal to the actual `service.name`
+	// resource attribute of the remote service if any.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'AuthTokenCache'
+	PeerServiceKey = attribute.Key("peer.service")
+)
+
+// PeerService returns an attribute KeyValue conforming to the
+// "peer.service" semantic conventions. It represents the
+// [`service.name`](../../resource/semantic_conventions/README.md#service) of
+// the remote service. SHOULD be equal to the actual `service.name` resource
+// attribute of the remote service if any.
+func PeerService(val string) attribute.KeyValue {
+	return PeerServiceKey.String(val)
+}
+
+// These attributes may be used for any operation with an authenticated and/or
+// authorized enduser.
+const (
+	// EnduserIDKey is the attribute Key conforming to the "enduser.id"
+	// semantic conventions. It represents the username or client_id extracted
+	// from the access token or
+	// [Authorization](https://tools.ietf.org/html/rfc7235#section-4.2) header
+	// in the inbound request from outside the system.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'username'
+	EnduserIDKey = attribute.Key("enduser.id")
+
+	// EnduserRoleKey is the attribute Key conforming to the "enduser.role"
+	// semantic conventions. It represents the actual/assumed role the client
+	// is making the request under extracted from token or application security
+	// context.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'admin'
+	EnduserRoleKey = attribute.Key("enduser.role")
+
+	// EnduserScopeKey is the attribute Key conforming to the "enduser.scope"
+	// semantic conventions. It represents the scopes or granted authorities
+	// the client currently possesses extracted from token or application
+	// security context. The value would come from the scope associated with an
+	// [OAuth 2.0 Access
+	// Token](https://tools.ietf.org/html/rfc6749#section-3.3) or an attribute
+	// value in a [SAML 2.0
+	// Assertion](http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-tech-overview-2.0.html).
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'read:message, write:files'
+	EnduserScopeKey = attribute.Key("enduser.scope")
+)
+
+// EnduserID returns an attribute KeyValue conforming to the "enduser.id"
+// semantic conventions. It represents the username or client_id extracted from
+// the access token or
+// [Authorization](https://tools.ietf.org/html/rfc7235#section-4.2) header in
+// the inbound request from outside the system.
+func EnduserID(val string) attribute.KeyValue {
+	return EnduserIDKey.String(val)
+}
+
+// EnduserRole returns an attribute KeyValue conforming to the
+// "enduser.role" semantic conventions. It represents the actual/assumed role
+// the client is making the request under extracted from token or application
+// security context.
+func EnduserRole(val string) attribute.KeyValue {
+	return EnduserRoleKey.String(val)
+}
+
+// EnduserScope returns an attribute KeyValue conforming to the
+// "enduser.scope" semantic conventions. It represents the scopes or granted
+// authorities the client currently possesses extracted from token or
+// application security context. The value would come from the scope associated
+// with an [OAuth 2.0 Access
+// Token](https://tools.ietf.org/html/rfc6749#section-3.3) or an attribute
+// value in a [SAML 2.0
+// Assertion](http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-tech-overview-2.0.html).
+func EnduserScope(val string) attribute.KeyValue {
+	return EnduserScopeKey.String(val)
+}
+
+// These attributes may be used for any operation to store information about a
+// thread that started a span.
+const (
+	// ThreadIDKey is the attribute Key conforming to the "thread.id" semantic
+	// conventions. It represents the current "managed" thread ID (as opposed
+	// to OS thread ID).
+	//
+	// Type: int
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 42
+	ThreadIDKey = attribute.Key("thread.id")
+
+	// ThreadNameKey is the attribute Key conforming to the "thread.name"
+	// semantic conventions. It represents the current thread name.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'main'
+	ThreadNameKey = attribute.Key("thread.name")
+)
+
+// ThreadID returns an attribute KeyValue conforming to the "thread.id"
+// semantic conventions. It represents the current "managed" thread ID (as
+// opposed to OS thread ID).
+func ThreadID(val int) attribute.KeyValue {
+	return ThreadIDKey.Int(val)
+}
+
+// ThreadName returns an attribute KeyValue conforming to the "thread.name"
+// semantic conventions. It represents the current thread name.
+func ThreadName(val string) attribute.KeyValue {
+	return ThreadNameKey.String(val)
+}
+
+// These attributes allow to report this unit of code and therefore to provide
+// more context about the span.
+const (
+	// CodeFunctionKey is the attribute Key conforming to the "code.function"
+	// semantic conventions. It represents the method or function name, or
+	// equivalent (usually rightmost part of the code unit's name).
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'serveRequest'
+	CodeFunctionKey = attribute.Key("code.function")
+
+	// CodeNamespaceKey is the attribute Key conforming to the "code.namespace"
+	// semantic conventions. It represents the "namespace" within which
+	// `code.function` is defined. Usually the qualified class or module name,
+	// such that `code.namespace` + some separator + `code.function` form a
+	// unique identifier for the code unit.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'com.example.MyHTTPService'
+	CodeNamespaceKey = attribute.Key("code.namespace")
+
+	// CodeFilepathKey is the attribute Key conforming to the "code.filepath"
+	// semantic conventions. It represents the source code file name that
+	// identifies the code unit as uniquely as possible (preferably an absolute
+	// file path).
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: '/usr/local/MyApplication/content_root/app/index.php'
+	CodeFilepathKey = attribute.Key("code.filepath")
+
+	// CodeLineNumberKey is the attribute Key conforming to the "code.lineno"
+	// semantic conventions. It represents the line number in `code.filepath`
+	// best representing the operation. It SHOULD point within the code unit
+	// named in `code.function`.
+	//
+	// Type: int
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 42
+	CodeLineNumberKey = attribute.Key("code.lineno")
+
+	// CodeColumnKey is the attribute Key conforming to the "code.column"
+	// semantic conventions. It represents the column number in `code.filepath`
+	// best representing the operation. It SHOULD point within the code unit
+	// named in `code.function`.
+	//
+	// Type: int
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 16
+	CodeColumnKey = attribute.Key("code.column")
+)
+
+// CodeFunction returns an attribute KeyValue conforming to the
+// "code.function" semantic conventions. It represents the method or function
+// name, or equivalent (usually rightmost part of the code unit's name).
+func CodeFunction(val string) attribute.KeyValue {
+	return CodeFunctionKey.String(val)
+}
+
+// CodeNamespace returns an attribute KeyValue conforming to the
+// "code.namespace" semantic conventions. It represents the "namespace" within
+// which `code.function` is defined. Usually the qualified class or module
+// name, such that `code.namespace` + some separator + `code.function` form a
+// unique identifier for the code unit.
+func CodeNamespace(val string) attribute.KeyValue {
+	return CodeNamespaceKey.String(val)
+}
+
+// CodeFilepath returns an attribute KeyValue conforming to the
+// "code.filepath" semantic conventions. It represents the source code file
+// name that identifies the code unit as uniquely as possible (preferably an
+// absolute file path).
+func CodeFilepath(val string) attribute.KeyValue {
+	return CodeFilepathKey.String(val)
+}
+
+// CodeLineNumber returns an attribute KeyValue conforming to the "code.lineno"
+// semantic conventions. It represents the line number in `code.filepath` best
+// representing the operation. It SHOULD point within the code unit named in
+// `code.function`.
+func CodeLineNumber(val int) attribute.KeyValue {
+	return CodeLineNumberKey.Int(val)
+}
+
+// CodeColumn returns an attribute KeyValue conforming to the "code.column"
+// semantic conventions. It represents the column number in `code.filepath`
+// best representing the operation. It SHOULD point within the code unit named
+// in `code.function`.
+func CodeColumn(val int) attribute.KeyValue {
+	return CodeColumnKey.Int(val)
+}
+
+// Semantic conventions for HTTP client and server Spans.
+const (
+	// HTTPMethodKey is the attribute Key conforming to the "http.method"
+	// semantic conventions. It represents the hTTP request method.
+	//
+	// Type: string
+	// RequirementLevel: Required
+	// Stability: stable
+	// Examples: 'GET', 'POST', 'HEAD'
+	HTTPMethodKey = attribute.Key("http.method")
+
+	// HTTPStatusCodeKey is the attribute Key conforming to the
+	// "http.status_code" semantic conventions. It represents the [HTTP
+	// response status code](https://tools.ietf.org/html/rfc7231#section-6).
+	//
+	// Type: int
+	// RequirementLevel: ConditionallyRequired (If and only if one was
+	// received/sent.)
+	// Stability: stable
+	// Examples: 200
+	HTTPStatusCodeKey = attribute.Key("http.status_code")
+
+	// HTTPFlavorKey is the attribute Key conforming to the "http.flavor"
+	// semantic conventions. It represents the kind of HTTP protocol used.
+	//
+	// Type: Enum
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Note: If `net.transport` is not specified, it can be assumed to be
+	// `IP.TCP` except if `http.flavor` is `QUIC`, in which case `IP.UDP` is
+	// assumed.
+	HTTPFlavorKey = attribute.Key("http.flavor")
+
+	// HTTPUserAgentKey is the attribute Key conforming to the
+	// "http.user_agent" semantic conventions. It represents the value of the
+	// [HTTP
+	// User-Agent](https://www.rfc-editor.org/rfc/rfc9110.html#field.user-agent)
+	// header sent by the client.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'CERN-LineMode/2.15 libwww/2.17b3'
+	HTTPUserAgentKey = attribute.Key("http.user_agent")
+
+	// HTTPRequestContentLengthKey is the attribute Key conforming to the
+	// "http.request_content_length" semantic conventions. It represents the
+	// size of the request payload body in bytes. This is the number of bytes
+	// transferred excluding headers and is often, but not always, present as
+	// the
+	// [Content-Length](https://www.rfc-editor.org/rfc/rfc9110.html#field.content-length)
+	// header. For requests using transport encoding, this should be the
+	// compressed size.
+	//
+	// Type: int
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 3495
+	HTTPRequestContentLengthKey = attribute.Key("http.request_content_length")
+
+	// HTTPResponseContentLengthKey is the attribute Key conforming to the
+	// "http.response_content_length" semantic conventions. It represents the
+	// size of the response payload body in bytes. This is the number of bytes
+	// transferred excluding headers and is often, but not always, present as
+	// the
+	// [Content-Length](https://www.rfc-editor.org/rfc/rfc9110.html#field.content-length)
+	// header. For requests using transport encoding, this should be the
+	// compressed size.
+	//
+	// Type: int
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 3495
+	HTTPResponseContentLengthKey = attribute.Key("http.response_content_length")
+)
+
+var (
+	// HTTP/1.0
+	HTTPFlavorHTTP10 = HTTPFlavorKey.String("1.0")
+	// HTTP/1.1
+	HTTPFlavorHTTP11 = HTTPFlavorKey.String("1.1")
+	// HTTP/2
+	HTTPFlavorHTTP20 = HTTPFlavorKey.String("2.0")
+	// HTTP/3
+	HTTPFlavorHTTP30 = HTTPFlavorKey.String("3.0")
+	// SPDY protocol
+	HTTPFlavorSPDY = HTTPFlavorKey.String("SPDY")
+	// QUIC protocol
+	HTTPFlavorQUIC = HTTPFlavorKey.String("QUIC")
+)
+
+// HTTPMethod returns an attribute KeyValue conforming to the "http.method"
+// semantic conventions. It represents the hTTP request method.
+func HTTPMethod(val string) attribute.KeyValue {
+	return HTTPMethodKey.String(val)
+}
+
+// HTTPStatusCode returns an attribute KeyValue conforming to the
+// "http.status_code" semantic conventions. It represents the [HTTP response
+// status code](https://tools.ietf.org/html/rfc7231#section-6).
+func HTTPStatusCode(val int) attribute.KeyValue {
+	return HTTPStatusCodeKey.Int(val)
+}
+
+// HTTPUserAgent returns an attribute KeyValue conforming to the
+// "http.user_agent" semantic conventions. It represents the value of the [HTTP
+// User-Agent](https://www.rfc-editor.org/rfc/rfc9110.html#field.user-agent)
+// header sent by the client.
+func HTTPUserAgent(val string) attribute.KeyValue {
+	return HTTPUserAgentKey.String(val)
+}
+
+// HTTPRequestContentLength returns an attribute KeyValue conforming to the
+// "http.request_content_length" semantic conventions. It represents the size
+// of the request payload body in bytes. This is the number of bytes
+// transferred excluding headers and is often, but not always, present as the
+// [Content-Length](https://www.rfc-editor.org/rfc/rfc9110.html#field.content-length)
+// header. For requests using transport encoding, this should be the compressed
+// size.
+func HTTPRequestContentLength(val int) attribute.KeyValue {
+	return HTTPRequestContentLengthKey.Int(val)
+}
+
+// HTTPResponseContentLength returns an attribute KeyValue conforming to the
+// "http.response_content_length" semantic conventions. It represents the size
+// of the response payload body in bytes. This is the number of bytes
+// transferred excluding headers and is often, but not always, present as the
+// [Content-Length](https://www.rfc-editor.org/rfc/rfc9110.html#field.content-length)
+// header. For requests using transport encoding, this should be the compressed
+// size.
+func HTTPResponseContentLength(val int) attribute.KeyValue {
+	return HTTPResponseContentLengthKey.Int(val)
+}
+
+// Semantic Convention for HTTP Client
+const (
+	// HTTPURLKey is the attribute Key conforming to the "http.url" semantic
+	// conventions. It represents the full HTTP request URL in the form
+	// `scheme://host[:port]/path?query[#fragment]`. Usually the fragment is
+	// not transmitted over HTTP, but if it is known, it should be included
+	// nevertheless.
+	//
+	// Type: string
+	// RequirementLevel: Required
+	// Stability: stable
+	// Examples: 'https://www.foo.bar/search?q=OpenTelemetry#SemConv'
+	// Note: `http.url` MUST NOT contain credentials passed via URL in form of
+	// `https://username:password@www.example.com/`. In such case the
+	// attribute's value should be `https://www.example.com/`.
+	HTTPURLKey = attribute.Key("http.url")
+
+	// HTTPResendCountKey is the attribute Key conforming to the
+	// "http.resend_count" semantic conventions. It represents the ordinal
+	// number of request resending attempt (for any reason, including
+	// redirects).
+	//
+	// Type: int
+	// RequirementLevel: Recommended (if and only if request was retried.)
+	// Stability: stable
+	// Examples: 3
+	// Note: The resend count SHOULD be updated each time an HTTP request gets
+	// resent by the client, regardless of what was the cause of the resending
+	// (e.g. redirection, authorization failure, 503 Server Unavailable,
+	// network issues, or any other).
+	HTTPResendCountKey = attribute.Key("http.resend_count")
+)
+
+// HTTPURL returns an attribute KeyValue conforming to the "http.url"
+// semantic conventions. It represents the full HTTP request URL in the form
+// `scheme://host[:port]/path?query[#fragment]`. Usually the fragment is not
+// transmitted over HTTP, but if it is known, it should be included
+// nevertheless.
+func HTTPURL(val string) attribute.KeyValue {
+	return HTTPURLKey.String(val)
+}
+
+// HTTPResendCount returns an attribute KeyValue conforming to the
+// "http.resend_count" semantic conventions. It represents the ordinal number
+// of request resending attempt (for any reason, including redirects).
+func HTTPResendCount(val int) attribute.KeyValue {
+	return HTTPResendCountKey.Int(val)
+}
+
+// Semantic Convention for HTTP Server
+const (
+	// HTTPSchemeKey is the attribute Key conforming to the "http.scheme"
+	// semantic conventions. It represents the URI scheme identifying the used
+	// protocol.
+	//
+	// Type: string
+	// RequirementLevel: Required
+	// Stability: stable
+	// Examples: 'http', 'https'
+	HTTPSchemeKey = attribute.Key("http.scheme")
+
+	// HTTPTargetKey is the attribute Key conforming to the "http.target"
+	// semantic conventions. It represents the full request target as passed in
+	// a HTTP request line or equivalent.
+	//
+	// Type: string
+	// RequirementLevel: Required
+	// Stability: stable
+	// Examples: '/path/12314/?q=ddds'
+	HTTPTargetKey = attribute.Key("http.target")
+
+	// HTTPRouteKey is the attribute Key conforming to the "http.route"
+	// semantic conventions. It represents the matched route (path template in
+	// the format used by the respective server framework). See note below
+	//
+	// Type: string
+	// RequirementLevel: ConditionallyRequired (If and only if it's available)
+	// Stability: stable
+	// Examples: '/users/:userID?', '{controller}/{action}/{id?}'
+	// Note: 'http.route' MUST NOT be populated when this is not supported by
+	// the HTTP server framework as the route attribute should have
+	// low-cardinality and the URI path can NOT substitute it.
+	HTTPRouteKey = attribute.Key("http.route")
+
+	// HTTPClientIPKey is the attribute Key conforming to the "http.client_ip"
+	// semantic conventions. It represents the IP address of the original
+	// client behind all proxies, if known (e.g. from
+	// [X-Forwarded-For](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For)).
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: '83.164.160.102'
+	// Note: This is not necessarily the same as `net.sock.peer.addr`, which
+	// would
+	// identify the network-level peer, which may be a proxy.
+	//
+	// This attribute should be set when a source of information different
+	// from the one used for `net.sock.peer.addr`, is available even if that
+	// other
+	// source just confirms the same value as `net.sock.peer.addr`.
+	// Rationale: For `net.sock.peer.addr`, one typically does not know if it
+	// comes from a proxy, reverse proxy, or the actual client. Setting
+	// `http.client_ip` when it's the same as `net.sock.peer.addr` means that
+	// one is at least somewhat confident that the address is not that of
+	// the closest proxy.
+	HTTPClientIPKey = attribute.Key("http.client_ip")
+)
+
+// HTTPScheme returns an attribute KeyValue conforming to the "http.scheme"
+// semantic conventions. It represents the URI scheme identifying the used
+// protocol.
+func HTTPScheme(val string) attribute.KeyValue {
+	return HTTPSchemeKey.String(val)
+}
+
+// HTTPTarget returns an attribute KeyValue conforming to the "http.target"
+// semantic conventions. It represents the full request target as passed in a
+// HTTP request line or equivalent.
+func HTTPTarget(val string) attribute.KeyValue {
+	return HTTPTargetKey.String(val)
+}
+
+// HTTPRoute returns an attribute KeyValue conforming to the "http.route"
+// semantic conventions. It represents the matched route (path template in the
+// format used by the respective server framework). See note below
+func HTTPRoute(val string) attribute.KeyValue {
+	return HTTPRouteKey.String(val)
+}
+
+// HTTPClientIP returns an attribute KeyValue conforming to the
+// "http.client_ip" semantic conventions. It represents the IP address of the
+// original client behind all proxies, if known (e.g. from
+// [X-Forwarded-For](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For)).
+func HTTPClientIP(val string) attribute.KeyValue {
+	return HTTPClientIPKey.String(val)
+}
+
+// Attributes that exist for multiple DynamoDB request types.
+const (
+	// AWSDynamoDBTableNamesKey is the attribute Key conforming to the
+	// "aws.dynamodb.table_names" semantic conventions. It represents the keys
+	// in the `RequestItems` object field.
+	//
+	// Type: string[]
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'Users', 'Cats'
+	AWSDynamoDBTableNamesKey = attribute.Key("aws.dynamodb.table_names")
+
+	// AWSDynamoDBConsumedCapacityKey is the attribute Key conforming to the
+	// "aws.dynamodb.consumed_capacity" semantic conventions. It represents the
+	// JSON-serialized value of each item in the `ConsumedCapacity` response
+	// field.
+	//
+	// Type: string[]
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: '{ "CapacityUnits": number, "GlobalSecondaryIndexes": {
+	// "string" : { "CapacityUnits": number, "ReadCapacityUnits": number,
+	// "WriteCapacityUnits": number } }, "LocalSecondaryIndexes": { "string" :
+	// { "CapacityUnits": number, "ReadCapacityUnits": number,
+	// "WriteCapacityUnits": number } }, "ReadCapacityUnits": number, "Table":
+	// { "CapacityUnits": number, "ReadCapacityUnits": number,
+	// "WriteCapacityUnits": number }, "TableName": "string",
+	// "WriteCapacityUnits": number }'
+	AWSDynamoDBConsumedCapacityKey = attribute.Key("aws.dynamodb.consumed_capacity")
+
+	// AWSDynamoDBItemCollectionMetricsKey is the attribute Key conforming to
+	// the "aws.dynamodb.item_collection_metrics" semantic conventions. It
+	// represents the JSON-serialized value of the `ItemCollectionMetrics`
+	// response field.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: '{ "string" : [ { "ItemCollectionKey": { "string" : { "B":
+	// blob, "BOOL": boolean, "BS": [ blob ], "L": [ "AttributeValue" ], "M": {
+	// "string" : "AttributeValue" }, "N": "string", "NS": [ "string" ],
+	// "NULL": boolean, "S": "string", "SS": [ "string" ] } },
+	// "SizeEstimateRangeGB": [ number ] } ] }'
+	AWSDynamoDBItemCollectionMetricsKey = attribute.Key("aws.dynamodb.item_collection_metrics")
+
+	// AWSDynamoDBProvisionedReadCapacityKey is the attribute Key conforming to
+	// the "aws.dynamodb.provisioned_read_capacity" semantic conventions. It
+	// represents the value of the `ProvisionedThroughput.ReadCapacityUnits`
+	// request parameter.
+	//
+	// Type: double
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 1.0, 2.0
+	AWSDynamoDBProvisionedReadCapacityKey = attribute.Key("aws.dynamodb.provisioned_read_capacity")
+
+	// AWSDynamoDBProvisionedWriteCapacityKey is the attribute Key conforming
+	// to the "aws.dynamodb.provisioned_write_capacity" semantic conventions.
+	// It represents the value of the
+	// `ProvisionedThroughput.WriteCapacityUnits` request parameter.
+	//
+	// Type: double
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 1.0, 2.0
+	AWSDynamoDBProvisionedWriteCapacityKey = attribute.Key("aws.dynamodb.provisioned_write_capacity")
+
+	// AWSDynamoDBConsistentReadKey is the attribute Key conforming to the
+	// "aws.dynamodb.consistent_read" semantic conventions. It represents the
+	// value of the `ConsistentRead` request parameter.
+	//
+	// Type: boolean
+	// RequirementLevel: Optional
+	// Stability: stable
+	AWSDynamoDBConsistentReadKey = attribute.Key("aws.dynamodb.consistent_read")
+
+	// AWSDynamoDBProjectionKey is the attribute Key conforming to the
+	// "aws.dynamodb.projection" semantic conventions. It represents the value
+	// of the `ProjectionExpression` request parameter.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'Title', 'Title, Price, Color', 'Title, Description,
+	// RelatedItems, ProductReviews'
+	AWSDynamoDBProjectionKey = attribute.Key("aws.dynamodb.projection")
+
+	// AWSDynamoDBLimitKey is the attribute Key conforming to the
+	// "aws.dynamodb.limit" semantic conventions. It represents the value of
+	// the `Limit` request parameter.
+	//
+	// Type: int
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 10
+	AWSDynamoDBLimitKey = attribute.Key("aws.dynamodb.limit")
+
+	// AWSDynamoDBAttributesToGetKey is the attribute Key conforming to the
+	// "aws.dynamodb.attributes_to_get" semantic conventions. It represents the
+	// value of the `AttributesToGet` request parameter.
+	//
+	// Type: string[]
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'lives', 'id'
+	AWSDynamoDBAttributesToGetKey = attribute.Key("aws.dynamodb.attributes_to_get")
+
+	// AWSDynamoDBIndexNameKey is the attribute Key conforming to the
+	// "aws.dynamodb.index_name" semantic conventions. It represents the value
+	// of the `IndexName` request parameter.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'name_to_group'
+	AWSDynamoDBIndexNameKey = attribute.Key("aws.dynamodb.index_name")
+
+	// AWSDynamoDBSelectKey is the attribute Key conforming to the
+	// "aws.dynamodb.select" semantic conventions. It represents the value of
+	// the `Select` request parameter.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'ALL_ATTRIBUTES', 'COUNT'
+	AWSDynamoDBSelectKey = attribute.Key("aws.dynamodb.select")
+)
+
+// AWSDynamoDBTableNames returns an attribute KeyValue conforming to the
+// "aws.dynamodb.table_names" semantic conventions. It represents the keys in
+// the `RequestItems` object field.
+func AWSDynamoDBTableNames(val ...string) attribute.KeyValue {
+	return AWSDynamoDBTableNamesKey.StringSlice(val)
+}
+
+// AWSDynamoDBConsumedCapacity returns an attribute KeyValue conforming to
+// the "aws.dynamodb.consumed_capacity" semantic conventions. It represents the
+// JSON-serialized value of each item in the `ConsumedCapacity` response field.
+func AWSDynamoDBConsumedCapacity(val ...string) attribute.KeyValue {
+	return AWSDynamoDBConsumedCapacityKey.StringSlice(val)
+}
+
+// AWSDynamoDBItemCollectionMetrics returns an attribute KeyValue conforming
+// to the "aws.dynamodb.item_collection_metrics" semantic conventions. It
+// represents the JSON-serialized value of the `ItemCollectionMetrics` response
+// field.
+func AWSDynamoDBItemCollectionMetrics(val string) attribute.KeyValue {
+	return AWSDynamoDBItemCollectionMetricsKey.String(val)
+}
+
+// AWSDynamoDBProvisionedReadCapacity returns an attribute KeyValue
+// conforming to the "aws.dynamodb.provisioned_read_capacity" semantic
+// conventions. It represents the value of the
+// `ProvisionedThroughput.ReadCapacityUnits` request parameter.
+func AWSDynamoDBProvisionedReadCapacity(val float64) attribute.KeyValue {
+	return AWSDynamoDBProvisionedReadCapacityKey.Float64(val)
+}
+
+// AWSDynamoDBProvisionedWriteCapacity returns an attribute KeyValue
+// conforming to the "aws.dynamodb.provisioned_write_capacity" semantic
+// conventions. It represents the value of the
+// `ProvisionedThroughput.WriteCapacityUnits` request parameter.
+func AWSDynamoDBProvisionedWriteCapacity(val float64) attribute.KeyValue {
+	return AWSDynamoDBProvisionedWriteCapacityKey.Float64(val)
+}
+
+// AWSDynamoDBConsistentRead returns an attribute KeyValue conforming to the
+// "aws.dynamodb.consistent_read" semantic conventions. It represents the value
+// of the `ConsistentRead` request parameter.
+func AWSDynamoDBConsistentRead(val bool) attribute.KeyValue {
+	return AWSDynamoDBConsistentReadKey.Bool(val)
+}
+
+// AWSDynamoDBProjection returns an attribute KeyValue conforming to the
+// "aws.dynamodb.projection" semantic conventions. It represents the value of
+// the `ProjectionExpression` request parameter.
+func AWSDynamoDBProjection(val string) attribute.KeyValue {
+	return AWSDynamoDBProjectionKey.String(val)
+}
+
+// AWSDynamoDBLimit returns an attribute KeyValue conforming to the
+// "aws.dynamodb.limit" semantic conventions. It represents the value of the
+// `Limit` request parameter.
+func AWSDynamoDBLimit(val int) attribute.KeyValue {
+	return AWSDynamoDBLimitKey.Int(val)
+}
+
+// AWSDynamoDBAttributesToGet returns an attribute KeyValue conforming to
+// the "aws.dynamodb.attributes_to_get" semantic conventions. It represents the
+// value of the `AttributesToGet` request parameter.
+func AWSDynamoDBAttributesToGet(val ...string) attribute.KeyValue {
+	return AWSDynamoDBAttributesToGetKey.StringSlice(val)
+}
+
+// AWSDynamoDBIndexName returns an attribute KeyValue conforming to the
+// "aws.dynamodb.index_name" semantic conventions. It represents the value of
+// the `IndexName` request parameter.
+func AWSDynamoDBIndexName(val string) attribute.KeyValue {
+	return AWSDynamoDBIndexNameKey.String(val)
+}
+
+// AWSDynamoDBSelect returns an attribute KeyValue conforming to the
+// "aws.dynamodb.select" semantic conventions. It represents the value of the
+// `Select` request parameter.
+func AWSDynamoDBSelect(val string) attribute.KeyValue {
+	return AWSDynamoDBSelectKey.String(val)
+}
+
+// DynamoDB.CreateTable
+const (
+	// AWSDynamoDBGlobalSecondaryIndexesKey is the attribute Key conforming to
+	// the "aws.dynamodb.global_secondary_indexes" semantic conventions. It
+	// represents the JSON-serialized value of each item of the
+	// `GlobalSecondaryIndexes` request field
+	//
+	// Type: string[]
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: '{ "IndexName": "string", "KeySchema": [ { "AttributeName":
+	// "string", "KeyType": "string" } ], "Projection": { "NonKeyAttributes": [
+	// "string" ], "ProjectionType": "string" }, "ProvisionedThroughput": {
+	// "ReadCapacityUnits": number, "WriteCapacityUnits": number } }'
+	AWSDynamoDBGlobalSecondaryIndexesKey = attribute.Key("aws.dynamodb.global_secondary_indexes")
+
+	// AWSDynamoDBLocalSecondaryIndexesKey is the attribute Key conforming to
+	// the "aws.dynamodb.local_secondary_indexes" semantic conventions. It
+	// represents the JSON-serialized value of each item of the
+	// `LocalSecondaryIndexes` request field.
+	//
+	// Type: string[]
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: '{ "IndexARN": "string", "IndexName": "string",
+	// "IndexSizeBytes": number, "ItemCount": number, "KeySchema": [ {
+	// "AttributeName": "string", "KeyType": "string" } ], "Projection": {
+	// "NonKeyAttributes": [ "string" ], "ProjectionType": "string" } }'
+	AWSDynamoDBLocalSecondaryIndexesKey = attribute.Key("aws.dynamodb.local_secondary_indexes")
+)
+
+// AWSDynamoDBGlobalSecondaryIndexes returns an attribute KeyValue
+// conforming to the "aws.dynamodb.global_secondary_indexes" semantic
+// conventions. It represents the JSON-serialized value of each item of the
+// `GlobalSecondaryIndexes` request field
+func AWSDynamoDBGlobalSecondaryIndexes(val ...string) attribute.KeyValue {
+	return AWSDynamoDBGlobalSecondaryIndexesKey.StringSlice(val)
+}
+
+// AWSDynamoDBLocalSecondaryIndexes returns an attribute KeyValue conforming
+// to the "aws.dynamodb.local_secondary_indexes" semantic conventions. It
+// represents the JSON-serialized value of each item of the
+// `LocalSecondaryIndexes` request field.
+func AWSDynamoDBLocalSecondaryIndexes(val ...string) attribute.KeyValue {
+	return AWSDynamoDBLocalSecondaryIndexesKey.StringSlice(val)
+}
+
+// DynamoDB.ListTables
+const (
+	// AWSDynamoDBExclusiveStartTableKey is the attribute Key conforming to the
+	// "aws.dynamodb.exclusive_start_table" semantic conventions. It represents
+	// the value of the `ExclusiveStartTableName` request parameter.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'Users', 'CatsTable'
+	AWSDynamoDBExclusiveStartTableKey = attribute.Key("aws.dynamodb.exclusive_start_table")
+
+	// AWSDynamoDBTableCountKey is the attribute Key conforming to the
+	// "aws.dynamodb.table_count" semantic conventions. It represents the the
+	// number of items in the `TableNames` response parameter.
+	//
+	// Type: int
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 20
+	AWSDynamoDBTableCountKey = attribute.Key("aws.dynamodb.table_count")
+)
+
+// AWSDynamoDBExclusiveStartTable returns an attribute KeyValue conforming
+// to the "aws.dynamodb.exclusive_start_table" semantic conventions. It
+// represents the value of the `ExclusiveStartTableName` request parameter.
+func AWSDynamoDBExclusiveStartTable(val string) attribute.KeyValue {
+	return AWSDynamoDBExclusiveStartTableKey.String(val)
+}
+
+// AWSDynamoDBTableCount returns an attribute KeyValue conforming to the
+// "aws.dynamodb.table_count" semantic conventions. It represents the the
+// number of items in the `TableNames` response parameter.
+func AWSDynamoDBTableCount(val int) attribute.KeyValue {
+	return AWSDynamoDBTableCountKey.Int(val)
+}
+
+// DynamoDB.Query
+const (
+	// AWSDynamoDBScanForwardKey is the attribute Key conforming to the
+	// "aws.dynamodb.scan_forward" semantic conventions. It represents the
+	// value of the `ScanIndexForward` request parameter.
+	//
+	// Type: boolean
+	// RequirementLevel: Optional
+	// Stability: stable
+	AWSDynamoDBScanForwardKey = attribute.Key("aws.dynamodb.scan_forward")
+)
+
+// AWSDynamoDBScanForward returns an attribute KeyValue conforming to the
+// "aws.dynamodb.scan_forward" semantic conventions. It represents the value of
+// the `ScanIndexForward` request parameter.
+func AWSDynamoDBScanForward(val bool) attribute.KeyValue {
+	return AWSDynamoDBScanForwardKey.Bool(val)
+}
+
+// DynamoDB.Scan
+const (
+	// AWSDynamoDBSegmentKey is the attribute Key conforming to the
+	// "aws.dynamodb.segment" semantic conventions. It represents the value of
+	// the `Segment` request parameter.
+	//
+	// Type: int
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 10
+	AWSDynamoDBSegmentKey = attribute.Key("aws.dynamodb.segment")
+
+	// AWSDynamoDBTotalSegmentsKey is the attribute Key conforming to the
+	// "aws.dynamodb.total_segments" semantic conventions. It represents the
+	// value of the `TotalSegments` request parameter.
+	//
+	// Type: int
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 100
+	AWSDynamoDBTotalSegmentsKey = attribute.Key("aws.dynamodb.total_segments")
+
+	// AWSDynamoDBCountKey is the attribute Key conforming to the
+	// "aws.dynamodb.count" semantic conventions. It represents the value of
+	// the `Count` response parameter.
+	//
+	// Type: int
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 10
+	AWSDynamoDBCountKey = attribute.Key("aws.dynamodb.count")
+
+	// AWSDynamoDBScannedCountKey is the attribute Key conforming to the
+	// "aws.dynamodb.scanned_count" semantic conventions. It represents the
+	// value of the `ScannedCount` response parameter.
+	//
+	// Type: int
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 50
+	AWSDynamoDBScannedCountKey = attribute.Key("aws.dynamodb.scanned_count")
+)
+
+// AWSDynamoDBSegment returns an attribute KeyValue conforming to the
+// "aws.dynamodb.segment" semantic conventions. It represents the value of the
+// `Segment` request parameter.
+func AWSDynamoDBSegment(val int) attribute.KeyValue {
+	return AWSDynamoDBSegmentKey.Int(val)
+}
+
+// AWSDynamoDBTotalSegments returns an attribute KeyValue conforming to the
+// "aws.dynamodb.total_segments" semantic conventions. It represents the value
+// of the `TotalSegments` request parameter.
+func AWSDynamoDBTotalSegments(val int) attribute.KeyValue {
+	return AWSDynamoDBTotalSegmentsKey.Int(val)
+}
+
+// AWSDynamoDBCount returns an attribute KeyValue conforming to the
+// "aws.dynamodb.count" semantic conventions. It represents the value of the
+// `Count` response parameter.
+func AWSDynamoDBCount(val int) attribute.KeyValue {
+	return AWSDynamoDBCountKey.Int(val)
+}
+
+// AWSDynamoDBScannedCount returns an attribute KeyValue conforming to the
+// "aws.dynamodb.scanned_count" semantic conventions. It represents the value
+// of the `ScannedCount` response parameter.
+func AWSDynamoDBScannedCount(val int) attribute.KeyValue {
+	return AWSDynamoDBScannedCountKey.Int(val)
+}
+
+// DynamoDB.UpdateTable
+const (
+	// AWSDynamoDBAttributeDefinitionsKey is the attribute Key conforming to
+	// the "aws.dynamodb.attribute_definitions" semantic conventions. It
+	// represents the JSON-serialized value of each item in the
+	// `AttributeDefinitions` request field.
+	//
+	// Type: string[]
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: '{ "AttributeName": "string", "AttributeType": "string" }'
+	AWSDynamoDBAttributeDefinitionsKey = attribute.Key("aws.dynamodb.attribute_definitions")
+
+	// AWSDynamoDBGlobalSecondaryIndexUpdatesKey is the attribute Key
+	// conforming to the "aws.dynamodb.global_secondary_index_updates" semantic
+	// conventions. It represents the JSON-serialized value of each item in the
+	// the `GlobalSecondaryIndexUpdates` request field.
+	//
+	// Type: string[]
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: '{ "Create": { "IndexName": "string", "KeySchema": [ {
+	// "AttributeName": "string", "KeyType": "string" } ], "Projection": {
+	// "NonKeyAttributes": [ "string" ], "ProjectionType": "string" },
+	// "ProvisionedThroughput": { "ReadCapacityUnits": number,
+	// "WriteCapacityUnits": number } }'
+	AWSDynamoDBGlobalSecondaryIndexUpdatesKey = attribute.Key("aws.dynamodb.global_secondary_index_updates")
+)
+
+// AWSDynamoDBAttributeDefinitions returns an attribute KeyValue conforming
+// to the "aws.dynamodb.attribute_definitions" semantic conventions. It
+// represents the JSON-serialized value of each item in the
+// `AttributeDefinitions` request field.
+func AWSDynamoDBAttributeDefinitions(val ...string) attribute.KeyValue {
+	return AWSDynamoDBAttributeDefinitionsKey.StringSlice(val)
+}
+
+// AWSDynamoDBGlobalSecondaryIndexUpdates returns an attribute KeyValue
+// conforming to the "aws.dynamodb.global_secondary_index_updates" semantic
+// conventions. It represents the JSON-serialized value of each item in the the
+// `GlobalSecondaryIndexUpdates` request field.
+func AWSDynamoDBGlobalSecondaryIndexUpdates(val ...string) attribute.KeyValue {
+	return AWSDynamoDBGlobalSecondaryIndexUpdatesKey.StringSlice(val)
+}
+
+// Semantic conventions to apply when instrumenting the GraphQL implementation.
+// They map GraphQL operations to attributes on a Span.
+const (
+	// GraphqlOperationNameKey is the attribute Key conforming to the
+	// "graphql.operation.name" semantic conventions. It represents the name of
+	// the operation being executed.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'findBookByID'
+	GraphqlOperationNameKey = attribute.Key("graphql.operation.name")
+
+	// GraphqlOperationTypeKey is the attribute Key conforming to the
+	// "graphql.operation.type" semantic conventions. It represents the type of
+	// the operation being executed.
+	//
+	// Type: Enum
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'query', 'mutation', 'subscription'
+	GraphqlOperationTypeKey = attribute.Key("graphql.operation.type")
+
+	// GraphqlDocumentKey is the attribute Key conforming to the
+	// "graphql.document" semantic conventions. It represents the GraphQL
+	// document being executed.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'query findBookByID { bookByID(id: ?) { name } }'
+	// Note: The value may be sanitized to exclude sensitive information.
+	GraphqlDocumentKey = attribute.Key("graphql.document")
+)
+
+var (
+	// GraphQL query
+	GraphqlOperationTypeQuery = GraphqlOperationTypeKey.String("query")
+	// GraphQL mutation
+	GraphqlOperationTypeMutation = GraphqlOperationTypeKey.String("mutation")
+	// GraphQL subscription
+	GraphqlOperationTypeSubscription = GraphqlOperationTypeKey.String("subscription")
+)
+
+// GraphqlOperationName returns an attribute KeyValue conforming to the
+// "graphql.operation.name" semantic conventions. It represents the name of the
+// operation being executed.
+func GraphqlOperationName(val string) attribute.KeyValue {
+	return GraphqlOperationNameKey.String(val)
+}
+
+// GraphqlDocument returns an attribute KeyValue conforming to the
+// "graphql.document" semantic conventions. It represents the GraphQL document
+// being executed.
+func GraphqlDocument(val string) attribute.KeyValue {
+	return GraphqlDocumentKey.String(val)
+}
+
+// Semantic convention describing per-message attributes populated on messaging
+// spans or links.
+const (
+	// MessagingMessageIDKey is the attribute Key conforming to the
+	// "messaging.message.id" semantic conventions. It represents a value used
+	// by the messaging system as an identifier for the message, represented as
+	// a string.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: '452a7c7c7c7048c2f887f61572b18fc2'
+	MessagingMessageIDKey = attribute.Key("messaging.message.id")
+
+	// MessagingMessageConversationIDKey is the attribute Key conforming to the
+	// "messaging.message.conversation_id" semantic conventions. It represents
+	// the [conversation ID](#conversations) identifying the conversation to
+	// which the message belongs, represented as a string. Sometimes called
+	// "Correlation ID".
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'MyConversationID'
+	MessagingMessageConversationIDKey = attribute.Key("messaging.message.conversation_id")
+
+	// MessagingMessagePayloadSizeBytesKey is the attribute Key conforming to
+	// the "messaging.message.payload_size_bytes" semantic conventions. It
+	// represents the (uncompressed) size of the message payload in bytes. Also
+	// use this attribute if it is unknown whether the compressed or
+	// uncompressed payload size is reported.
+	//
+	// Type: int
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 2738
+	MessagingMessagePayloadSizeBytesKey = attribute.Key("messaging.message.payload_size_bytes")
+
+	// MessagingMessagePayloadCompressedSizeBytesKey is the attribute Key
+	// conforming to the "messaging.message.payload_compressed_size_bytes"
+	// semantic conventions. It represents the compressed size of the message
+	// payload in bytes.
+	//
+	// Type: int
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 2048
+	MessagingMessagePayloadCompressedSizeBytesKey = attribute.Key("messaging.message.payload_compressed_size_bytes")
+)
+
+// MessagingMessageID returns an attribute KeyValue conforming to the
+// "messaging.message.id" semantic conventions. It represents a value used by
+// the messaging system as an identifier for the message, represented as a
+// string.
+func MessagingMessageID(val string) attribute.KeyValue {
+	return MessagingMessageIDKey.String(val)
+}
+
+// MessagingMessageConversationID returns an attribute KeyValue conforming
+// to the "messaging.message.conversation_id" semantic conventions. It
+// represents the [conversation ID](#conversations) identifying the
+// conversation to which the message belongs, represented as a string.
+// Sometimes called "Correlation ID".
+func MessagingMessageConversationID(val string) attribute.KeyValue {
+	return MessagingMessageConversationIDKey.String(val)
+}
+
+// MessagingMessagePayloadSizeBytes returns an attribute KeyValue conforming
+// to the "messaging.message.payload_size_bytes" semantic conventions. It
+// represents the (uncompressed) size of the message payload in bytes. Also use
+// this attribute if it is unknown whether the compressed or uncompressed
+// payload size is reported.
+func MessagingMessagePayloadSizeBytes(val int) attribute.KeyValue {
+	return MessagingMessagePayloadSizeBytesKey.Int(val)
+}
+
+// MessagingMessagePayloadCompressedSizeBytes returns an attribute KeyValue
+// conforming to the "messaging.message.payload_compressed_size_bytes" semantic
+// conventions. It represents the compressed size of the message payload in
+// bytes.
+func MessagingMessagePayloadCompressedSizeBytes(val int) attribute.KeyValue {
+	return MessagingMessagePayloadCompressedSizeBytesKey.Int(val)
+}
+
+// Semantic convention for attributes that describe messaging destination on
+// broker
+const (
+	// MessagingDestinationNameKey is the attribute Key conforming to the
+	// "messaging.destination.name" semantic conventions. It represents the
+	// message destination name
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'MyQueue', 'MyTopic'
+	// Note: Destination name SHOULD uniquely identify a specific queue, topic
+	// or other entity within the broker. If
+	// the broker does not have such notion, the destination name SHOULD
+	// uniquely identify the broker.
+	MessagingDestinationNameKey = attribute.Key("messaging.destination.name")
+
+	// MessagingDestinationKindKey is the attribute Key conforming to the
+	// "messaging.destination.kind" semantic conventions. It represents the
+	// kind of message destination
+	//
+	// Type: Enum
+	// RequirementLevel: Optional
+	// Stability: stable
+	MessagingDestinationKindKey = attribute.Key("messaging.destination.kind")
+
+	// MessagingDestinationTemplateKey is the attribute Key conforming to the
+	// "messaging.destination.template" semantic conventions. It represents the
+	// low cardinality representation of the messaging destination name
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: '/customers/{customerID}'
+	// Note: Destination names could be constructed from templates. An example
+	// would be a destination name involving a user name or product id.
+	// Although the destination name in this case is of high cardinality, the
+	// underlying template is of low cardinality and can be effectively used
+	// for grouping and aggregation.
+	MessagingDestinationTemplateKey = attribute.Key("messaging.destination.template")
+
+	// MessagingDestinationTemporaryKey is the attribute Key conforming to the
+	// "messaging.destination.temporary" semantic conventions. It represents a
+	// boolean that is true if the message destination is temporary and might
+	// not exist anymore after messages are processed.
+	//
+	// Type: boolean
+	// RequirementLevel: Optional
+	// Stability: stable
+	MessagingDestinationTemporaryKey = attribute.Key("messaging.destination.temporary")
+
+	// MessagingDestinationAnonymousKey is the attribute Key conforming to the
+	// "messaging.destination.anonymous" semantic conventions. It represents a
+	// boolean that is true if the message destination is anonymous (could be
+	// unnamed or have auto-generated name).
+	//
+	// Type: boolean
+	// RequirementLevel: Optional
+	// Stability: stable
+	MessagingDestinationAnonymousKey = attribute.Key("messaging.destination.anonymous")
+)
+
+var (
+	// A message sent to a queue
+	MessagingDestinationKindQueue = MessagingDestinationKindKey.String("queue")
+	// A message sent to a topic
+	MessagingDestinationKindTopic = MessagingDestinationKindKey.String("topic")
+)
+
+// MessagingDestinationName returns an attribute KeyValue conforming to the
+// "messaging.destination.name" semantic conventions. It represents the message
+// destination name
+func MessagingDestinationName(val string) attribute.KeyValue {
+	return MessagingDestinationNameKey.String(val)
+}
+
+// MessagingDestinationTemplate returns an attribute KeyValue conforming to
+// the "messaging.destination.template" semantic conventions. It represents the
+// low cardinality representation of the messaging destination name
+func MessagingDestinationTemplate(val string) attribute.KeyValue {
+	return MessagingDestinationTemplateKey.String(val)
+}
+
+// MessagingDestinationTemporary returns an attribute KeyValue conforming to
+// the "messaging.destination.temporary" semantic conventions. It represents a
+// boolean that is true if the message destination is temporary and might not
+// exist anymore after messages are processed.
+func MessagingDestinationTemporary(val bool) attribute.KeyValue {
+	return MessagingDestinationTemporaryKey.Bool(val)
+}
+
+// MessagingDestinationAnonymous returns an attribute KeyValue conforming to
+// the "messaging.destination.anonymous" semantic conventions. It represents a
+// boolean that is true if the message destination is anonymous (could be
+// unnamed or have auto-generated name).
+func MessagingDestinationAnonymous(val bool) attribute.KeyValue {
+	return MessagingDestinationAnonymousKey.Bool(val)
+}
+
+// Semantic convention for attributes that describe messaging source on broker
+const (
+	// MessagingSourceNameKey is the attribute Key conforming to the
+	// "messaging.source.name" semantic conventions. It represents the message
+	// source name
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'MyQueue', 'MyTopic'
+	// Note: Source name SHOULD uniquely identify a specific queue, topic, or
+	// other entity within the broker. If
+	// the broker does not have such notion, the source name SHOULD uniquely
+	// identify the broker.
+	MessagingSourceNameKey = attribute.Key("messaging.source.name")
+
+	// MessagingSourceKindKey is the attribute Key conforming to the
+	// "messaging.source.kind" semantic conventions. It represents the kind of
+	// message source
+	//
+	// Type: Enum
+	// RequirementLevel: Optional
+	// Stability: stable
+	MessagingSourceKindKey = attribute.Key("messaging.source.kind")
+
+	// MessagingSourceTemplateKey is the attribute Key conforming to the
+	// "messaging.source.template" semantic conventions. It represents the low
+	// cardinality representation of the messaging source name
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: '/customers/{customerID}'
+	// Note: Source names could be constructed from templates. An example would
+	// be a source name involving a user name or product id. Although the
+	// source name in this case is of high cardinality, the underlying template
+	// is of low cardinality and can be effectively used for grouping and
+	// aggregation.
+	MessagingSourceTemplateKey = attribute.Key("messaging.source.template")
+
+	// MessagingSourceTemporaryKey is the attribute Key conforming to the
+	// "messaging.source.temporary" semantic conventions. It represents a
+	// boolean that is true if the message source is temporary and might not
+	// exist anymore after messages are processed.
+	//
+	// Type: boolean
+	// RequirementLevel: Optional
+	// Stability: stable
+	MessagingSourceTemporaryKey = attribute.Key("messaging.source.temporary")
+
+	// MessagingSourceAnonymousKey is the attribute Key conforming to the
+	// "messaging.source.anonymous" semantic conventions. It represents a
+	// boolean that is true if the message source is anonymous (could be
+	// unnamed or have auto-generated name).
+	//
+	// Type: boolean
+	// RequirementLevel: Optional
+	// Stability: stable
+	MessagingSourceAnonymousKey = attribute.Key("messaging.source.anonymous")
+)
+
+var (
+	// A message received from a queue
+	MessagingSourceKindQueue = MessagingSourceKindKey.String("queue")
+	// A message received from a topic
+	MessagingSourceKindTopic = MessagingSourceKindKey.String("topic")
+)
+
+// MessagingSourceName returns an attribute KeyValue conforming to the
+// "messaging.source.name" semantic conventions. It represents the message
+// source name
+func MessagingSourceName(val string) attribute.KeyValue {
+	return MessagingSourceNameKey.String(val)
+}
+
+// MessagingSourceTemplate returns an attribute KeyValue conforming to the
+// "messaging.source.template" semantic conventions. It represents the low
+// cardinality representation of the messaging source name
+func MessagingSourceTemplate(val string) attribute.KeyValue {
+	return MessagingSourceTemplateKey.String(val)
+}
+
+// MessagingSourceTemporary returns an attribute KeyValue conforming to the
+// "messaging.source.temporary" semantic conventions. It represents a boolean
+// that is true if the message source is temporary and might not exist anymore
+// after messages are processed.
+func MessagingSourceTemporary(val bool) attribute.KeyValue {
+	return MessagingSourceTemporaryKey.Bool(val)
+}
+
+// MessagingSourceAnonymous returns an attribute KeyValue conforming to the
+// "messaging.source.anonymous" semantic conventions. It represents a boolean
+// that is true if the message source is anonymous (could be unnamed or have
+// auto-generated name).
+func MessagingSourceAnonymous(val bool) attribute.KeyValue {
+	return MessagingSourceAnonymousKey.Bool(val)
+}
+
+// General attributes used in messaging systems.
+const (
+	// MessagingSystemKey is the attribute Key conforming to the
+	// "messaging.system" semantic conventions. It represents a string
+	// identifying the messaging system.
+	//
+	// Type: string
+	// RequirementLevel: Required
+	// Stability: stable
+	// Examples: 'kafka', 'rabbitmq', 'rocketmq', 'activemq', 'AmazonSQS'
+	MessagingSystemKey = attribute.Key("messaging.system")
+
+	// MessagingOperationKey is the attribute Key conforming to the
+	// "messaging.operation" semantic conventions. It represents a string
+	// identifying the kind of messaging operation as defined in the [Operation
+	// names](#operation-names) section above.
+	//
+	// Type: Enum
+	// RequirementLevel: Required
+	// Stability: stable
+	// Note: If a custom value is used, it MUST be of low cardinality.
+	MessagingOperationKey = attribute.Key("messaging.operation")
+
+	// MessagingBatchMessageCountKey is the attribute Key conforming to the
+	// "messaging.batch.message_count" semantic conventions. It represents the
+	// number of messages sent, received, or processed in the scope of the
+	// batching operation.
+	//
+	// Type: int
+	// RequirementLevel: ConditionallyRequired (If the span describes an
+	// operation on a batch of messages.)
+	// Stability: stable
+	// Examples: 0, 1, 2
+	// Note: Instrumentations SHOULD NOT set `messaging.batch.message_count` on
+	// spans that operate with a single message. When a messaging client
+	// library supports both batch and single-message API for the same
+	// operation, instrumentations SHOULD use `messaging.batch.message_count`
+	// for batching APIs and SHOULD NOT use it for single-message APIs.
+	MessagingBatchMessageCountKey = attribute.Key("messaging.batch.message_count")
+)
+
+var (
+	// publish
+	MessagingOperationPublish = MessagingOperationKey.String("publish")
+	// receive
+	MessagingOperationReceive = MessagingOperationKey.String("receive")
+	// process
+	MessagingOperationProcess = MessagingOperationKey.String("process")
+)
+
+// MessagingSystem returns an attribute KeyValue conforming to the
+// "messaging.system" semantic conventions. It represents a string identifying
+// the messaging system.
+func MessagingSystem(val string) attribute.KeyValue {
+	return MessagingSystemKey.String(val)
+}
+
+// MessagingBatchMessageCount returns an attribute KeyValue conforming to
+// the "messaging.batch.message_count" semantic conventions. It represents the
+// number of messages sent, received, or processed in the scope of the batching
+// operation.
+func MessagingBatchMessageCount(val int) attribute.KeyValue {
+	return MessagingBatchMessageCountKey.Int(val)
+}
+
+// Semantic convention for a consumer of messages received from a messaging
+// system
+const (
+	// MessagingConsumerIDKey is the attribute Key conforming to the
+	// "messaging.consumer.id" semantic conventions. It represents the
+	// identifier for the consumer receiving a message. For Kafka, set it to
+	// `{messaging.kafka.consumer.group} - {messaging.kafka.client_id}`, if
+	// both are present, or only `messaging.kafka.consumer.group`. For brokers,
+	// such as RabbitMQ and Artemis, set it to the `client_id` of the client
+	// consuming the message.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'mygroup - client-6'
+	MessagingConsumerIDKey = attribute.Key("messaging.consumer.id")
+)
+
+// MessagingConsumerID returns an attribute KeyValue conforming to the
+// "messaging.consumer.id" semantic conventions. It represents the identifier
+// for the consumer receiving a message. For Kafka, set it to
+// `{messaging.kafka.consumer.group} - {messaging.kafka.client_id}`, if both
+// are present, or only `messaging.kafka.consumer.group`. For brokers, such as
+// RabbitMQ and Artemis, set it to the `client_id` of the client consuming the
+// message.
+func MessagingConsumerID(val string) attribute.KeyValue {
+	return MessagingConsumerIDKey.String(val)
+}
+
+// Attributes for RabbitMQ
+const (
+	// MessagingRabbitmqDestinationRoutingKeyKey is the attribute Key
+	// conforming to the "messaging.rabbitmq.destination.routing_key" semantic
+	// conventions. It represents the rabbitMQ message routing key.
+	//
+	// Type: string
+	// RequirementLevel: ConditionallyRequired (If not empty.)
+	// Stability: stable
+	// Examples: 'myKey'
+	MessagingRabbitmqDestinationRoutingKeyKey = attribute.Key("messaging.rabbitmq.destination.routing_key")
+)
+
+// MessagingRabbitmqDestinationRoutingKey returns an attribute KeyValue
+// conforming to the "messaging.rabbitmq.destination.routing_key" semantic
+// conventions. It represents the rabbitMQ message routing key.
+func MessagingRabbitmqDestinationRoutingKey(val string) attribute.KeyValue {
+	return MessagingRabbitmqDestinationRoutingKeyKey.String(val)
+}
+
+// Attributes for Apache Kafka
+const (
+	// MessagingKafkaMessageKeyKey is the attribute Key conforming to the
+	// "messaging.kafka.message.key" semantic conventions. It represents the
+	// message keys in Kafka are used for grouping alike messages to ensure
+	// they're processed on the same partition. They differ from
+	// `messaging.message.id` in that they're not unique. If the key is `null`,
+	// the attribute MUST NOT be set.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'myKey'
+	// Note: If the key type is not string, it's string representation has to
+	// be supplied for the attribute. If the key has no unambiguous, canonical
+	// string form, don't include its value.
+	MessagingKafkaMessageKeyKey = attribute.Key("messaging.kafka.message.key")
+
+	// MessagingKafkaConsumerGroupKey is the attribute Key conforming to the
+	// "messaging.kafka.consumer.group" semantic conventions. It represents the
+	// name of the Kafka Consumer Group that is handling the message. Only
+	// applies to consumers, not producers.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'my-group'
+	MessagingKafkaConsumerGroupKey = attribute.Key("messaging.kafka.consumer.group")
+
+	// MessagingKafkaClientIDKey is the attribute Key conforming to the
+	// "messaging.kafka.client_id" semantic conventions. It represents the
+	// client ID for the Consumer or Producer that is handling the message.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'client-5'
+	MessagingKafkaClientIDKey = attribute.Key("messaging.kafka.client_id")
+
+	// MessagingKafkaDestinationPartitionKey is the attribute Key conforming to
+	// the "messaging.kafka.destination.partition" semantic conventions. It
+	// represents the partition the message is sent to.
+	//
+	// Type: int
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 2
+	MessagingKafkaDestinationPartitionKey = attribute.Key("messaging.kafka.destination.partition")
+
+	// MessagingKafkaSourcePartitionKey is the attribute Key conforming to the
+	// "messaging.kafka.source.partition" semantic conventions. It represents
+	// the partition the message is received from.
+	//
+	// Type: int
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 2
+	MessagingKafkaSourcePartitionKey = attribute.Key("messaging.kafka.source.partition")
+
+	// MessagingKafkaMessageOffsetKey is the attribute Key conforming to the
+	// "messaging.kafka.message.offset" semantic conventions. It represents the
+	// offset of a record in the corresponding Kafka partition.
+	//
+	// Type: int
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 42
+	MessagingKafkaMessageOffsetKey = attribute.Key("messaging.kafka.message.offset")
+
+	// MessagingKafkaMessageTombstoneKey is the attribute Key conforming to the
+	// "messaging.kafka.message.tombstone" semantic conventions. It represents
+	// a boolean that is true if the message is a tombstone.
+	//
+	// Type: boolean
+	// RequirementLevel: ConditionallyRequired (If value is `true`. When
+	// missing, the value is assumed to be `false`.)
+	// Stability: stable
+	MessagingKafkaMessageTombstoneKey = attribute.Key("messaging.kafka.message.tombstone")
+)
+
+// MessagingKafkaMessageKey returns an attribute KeyValue conforming to the
+// "messaging.kafka.message.key" semantic conventions. It represents the
+// message keys in Kafka are used for grouping alike messages to ensure they're
+// processed on the same partition. They differ from `messaging.message.id` in
+// that they're not unique. If the key is `null`, the attribute MUST NOT be
+// set.
+func MessagingKafkaMessageKey(val string) attribute.KeyValue {
+	return MessagingKafkaMessageKeyKey.String(val)
+}
+
+// MessagingKafkaConsumerGroup returns an attribute KeyValue conforming to
+// the "messaging.kafka.consumer.group" semantic conventions. It represents the
+// name of the Kafka Consumer Group that is handling the message. Only applies
+// to consumers, not producers.
+func MessagingKafkaConsumerGroup(val string) attribute.KeyValue {
+	return MessagingKafkaConsumerGroupKey.String(val)
+}
+
+// MessagingKafkaClientID returns an attribute KeyValue conforming to the
+// "messaging.kafka.client_id" semantic conventions. It represents the client
+// ID for the Consumer or Producer that is handling the message.
+func MessagingKafkaClientID(val string) attribute.KeyValue {
+	return MessagingKafkaClientIDKey.String(val)
+}
+
+// MessagingKafkaDestinationPartition returns an attribute KeyValue
+// conforming to the "messaging.kafka.destination.partition" semantic
+// conventions. It represents the partition the message is sent to.
+func MessagingKafkaDestinationPartition(val int) attribute.KeyValue {
+	return MessagingKafkaDestinationPartitionKey.Int(val)
+}
+
+// MessagingKafkaSourcePartition returns an attribute KeyValue conforming to
+// the "messaging.kafka.source.partition" semantic conventions. It represents
+// the partition the message is received from.
+func MessagingKafkaSourcePartition(val int) attribute.KeyValue {
+	return MessagingKafkaSourcePartitionKey.Int(val)
+}
+
+// MessagingKafkaMessageOffset returns an attribute KeyValue conforming to
+// the "messaging.kafka.message.offset" semantic conventions. It represents the
+// offset of a record in the corresponding Kafka partition.
+func MessagingKafkaMessageOffset(val int) attribute.KeyValue {
+	return MessagingKafkaMessageOffsetKey.Int(val)
+}
+
+// MessagingKafkaMessageTombstone returns an attribute KeyValue conforming
+// to the "messaging.kafka.message.tombstone" semantic conventions. It
+// represents a boolean that is true if the message is a tombstone.
+func MessagingKafkaMessageTombstone(val bool) attribute.KeyValue {
+	return MessagingKafkaMessageTombstoneKey.Bool(val)
+}
+
+// Attributes for Apache RocketMQ
+const (
+	// MessagingRocketmqNamespaceKey is the attribute Key conforming to the
+	// "messaging.rocketmq.namespace" semantic conventions. It represents the
+	// namespace of RocketMQ resources, resources in different namespaces are
+	// individual.
+	//
+	// Type: string
+	// RequirementLevel: Required
+	// Stability: stable
+	// Examples: 'myNamespace'
+	MessagingRocketmqNamespaceKey = attribute.Key("messaging.rocketmq.namespace")
+
+	// MessagingRocketmqClientGroupKey is the attribute Key conforming to the
+	// "messaging.rocketmq.client_group" semantic conventions. It represents
+	// the name of the RocketMQ producer/consumer group that is handling the
+	// message. The client type is identified by the SpanKind.
+	//
+	// Type: string
+	// RequirementLevel: Required
+	// Stability: stable
+	// Examples: 'myConsumerGroup'
+	MessagingRocketmqClientGroupKey = attribute.Key("messaging.rocketmq.client_group")
+
+	// MessagingRocketmqClientIDKey is the attribute Key conforming to the
+	// "messaging.rocketmq.client_id" semantic conventions. It represents the
+	// unique identifier for each client.
+	//
+	// Type: string
+	// RequirementLevel: Required
+	// Stability: stable
+	// Examples: 'myhost@8742@s8083jm'
+	MessagingRocketmqClientIDKey = attribute.Key("messaging.rocketmq.client_id")
+
+	// MessagingRocketmqMessageDeliveryTimestampKey is the attribute Key
+	// conforming to the "messaging.rocketmq.message.delivery_timestamp"
+	// semantic conventions. It represents the timestamp in milliseconds that
+	// the delay message is expected to be delivered to consumer.
+	//
+	// Type: int
+	// RequirementLevel: ConditionallyRequired (If the message type is delay
+	// and delay time level is not specified.)
+	// Stability: stable
+	// Examples: 1665987217045
+	MessagingRocketmqMessageDeliveryTimestampKey = attribute.Key("messaging.rocketmq.message.delivery_timestamp")
+
+	// MessagingRocketmqMessageDelayTimeLevelKey is the attribute Key
+	// conforming to the "messaging.rocketmq.message.delay_time_level" semantic
+	// conventions. It represents the delay time level for delay message, which
+	// determines the message delay time.
+	//
+	// Type: int
+	// RequirementLevel: ConditionallyRequired (If the message type is delay
+	// and delivery timestamp is not specified.)
+	// Stability: stable
+	// Examples: 3
+	MessagingRocketmqMessageDelayTimeLevelKey = attribute.Key("messaging.rocketmq.message.delay_time_level")
+
+	// MessagingRocketmqMessageGroupKey is the attribute Key conforming to the
+	// "messaging.rocketmq.message.group" semantic conventions. It represents
+	// the it is essential for FIFO message. Messages that belong to the same
+	// message group are always processed one by one within the same consumer
+	// group.
+	//
+	// Type: string
+	// RequirementLevel: ConditionallyRequired (If the message type is FIFO.)
+	// Stability: stable
+	// Examples: 'myMessageGroup'
+	MessagingRocketmqMessageGroupKey = attribute.Key("messaging.rocketmq.message.group")
+
+	// MessagingRocketmqMessageTypeKey is the attribute Key conforming to the
+	// "messaging.rocketmq.message.type" semantic conventions. It represents
+	// the type of message.
+	//
+	// Type: Enum
+	// RequirementLevel: Optional
+	// Stability: stable
+	MessagingRocketmqMessageTypeKey = attribute.Key("messaging.rocketmq.message.type")
+
+	// MessagingRocketmqMessageTagKey is the attribute Key conforming to the
+	// "messaging.rocketmq.message.tag" semantic conventions. It represents the
+	// secondary classifier of message besides topic.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'tagA'
+	MessagingRocketmqMessageTagKey = attribute.Key("messaging.rocketmq.message.tag")
+
+	// MessagingRocketmqMessageKeysKey is the attribute Key conforming to the
+	// "messaging.rocketmq.message.keys" semantic conventions. It represents
+	// the key(s) of message, another way to mark message besides message id.
+	//
+	// Type: string[]
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'keyA', 'keyB'
+	MessagingRocketmqMessageKeysKey = attribute.Key("messaging.rocketmq.message.keys")
+
+	// MessagingRocketmqConsumptionModelKey is the attribute Key conforming to
+	// the "messaging.rocketmq.consumption_model" semantic conventions. It
+	// represents the model of message consumption. This only applies to
+	// consumer spans.
+	//
+	// Type: Enum
+	// RequirementLevel: Optional
+	// Stability: stable
+	MessagingRocketmqConsumptionModelKey = attribute.Key("messaging.rocketmq.consumption_model")
+)
+
+var (
+	// Normal message
+	MessagingRocketmqMessageTypeNormal = MessagingRocketmqMessageTypeKey.String("normal")
+	// FIFO message
+	MessagingRocketmqMessageTypeFifo = MessagingRocketmqMessageTypeKey.String("fifo")
+	// Delay message
+	MessagingRocketmqMessageTypeDelay = MessagingRocketmqMessageTypeKey.String("delay")
+	// Transaction message
+	MessagingRocketmqMessageTypeTransaction = MessagingRocketmqMessageTypeKey.String("transaction")
+)
+
+var (
+	// Clustering consumption model
+	MessagingRocketmqConsumptionModelClustering = MessagingRocketmqConsumptionModelKey.String("clustering")
+	// Broadcasting consumption model
+	MessagingRocketmqConsumptionModelBroadcasting = MessagingRocketmqConsumptionModelKey.String("broadcasting")
+)
+
+// MessagingRocketmqNamespace returns an attribute KeyValue conforming to
+// the "messaging.rocketmq.namespace" semantic conventions. It represents the
+// namespace of RocketMQ resources, resources in different namespaces are
+// individual.
+func MessagingRocketmqNamespace(val string) attribute.KeyValue {
+	return MessagingRocketmqNamespaceKey.String(val)
+}
+
+// MessagingRocketmqClientGroup returns an attribute KeyValue conforming to
+// the "messaging.rocketmq.client_group" semantic conventions. It represents
+// the name of the RocketMQ producer/consumer group that is handling the
+// message. The client type is identified by the SpanKind.
+func MessagingRocketmqClientGroup(val string) attribute.KeyValue {
+	return MessagingRocketmqClientGroupKey.String(val)
+}
+
+// MessagingRocketmqClientID returns an attribute KeyValue conforming to the
+// "messaging.rocketmq.client_id" semantic conventions. It represents the
+// unique identifier for each client.
+func MessagingRocketmqClientID(val string) attribute.KeyValue {
+	return MessagingRocketmqClientIDKey.String(val)
+}
+
+// MessagingRocketmqMessageDeliveryTimestamp returns an attribute KeyValue
+// conforming to the "messaging.rocketmq.message.delivery_timestamp" semantic
+// conventions. It represents the timestamp in milliseconds that the delay
+// message is expected to be delivered to consumer.
+func MessagingRocketmqMessageDeliveryTimestamp(val int) attribute.KeyValue {
+	return MessagingRocketmqMessageDeliveryTimestampKey.Int(val)
+}
+
+// MessagingRocketmqMessageDelayTimeLevel returns an attribute KeyValue
+// conforming to the "messaging.rocketmq.message.delay_time_level" semantic
+// conventions. It represents the delay time level for delay message, which
+// determines the message delay time.
+func MessagingRocketmqMessageDelayTimeLevel(val int) attribute.KeyValue {
+	return MessagingRocketmqMessageDelayTimeLevelKey.Int(val)
+}
+
+// MessagingRocketmqMessageGroup returns an attribute KeyValue conforming to
+// the "messaging.rocketmq.message.group" semantic conventions. It represents
+// the it is essential for FIFO message. Messages that belong to the same
+// message group are always processed one by one within the same consumer
+// group.
+func MessagingRocketmqMessageGroup(val string) attribute.KeyValue {
+	return MessagingRocketmqMessageGroupKey.String(val)
+}
+
+// MessagingRocketmqMessageTag returns an attribute KeyValue conforming to
+// the "messaging.rocketmq.message.tag" semantic conventions. It represents the
+// secondary classifier of message besides topic.
+func MessagingRocketmqMessageTag(val string) attribute.KeyValue {
+	return MessagingRocketmqMessageTagKey.String(val)
+}
+
+// MessagingRocketmqMessageKeys returns an attribute KeyValue conforming to
+// the "messaging.rocketmq.message.keys" semantic conventions. It represents
+// the key(s) of message, another way to mark message besides message id.
+func MessagingRocketmqMessageKeys(val ...string) attribute.KeyValue {
+	return MessagingRocketmqMessageKeysKey.StringSlice(val)
+}
+
+// Semantic conventions for remote procedure calls.
+const (
+	// RPCSystemKey is the attribute Key conforming to the "rpc.system"
+	// semantic conventions. It represents a string identifying the remoting
+	// system. See below for a list of well-known identifiers.
+	//
+	// Type: Enum
+	// RequirementLevel: Required
+	// Stability: stable
+	RPCSystemKey = attribute.Key("rpc.system")
+
+	// RPCServiceKey is the attribute Key conforming to the "rpc.service"
+	// semantic conventions. It represents the full (logical) name of the
+	// service being called, including its package name, if applicable.
+	//
+	// Type: string
+	// RequirementLevel: Recommended
+	// Stability: stable
+	// Examples: 'myservice.EchoService'
+	// Note: This is the logical name of the service from the RPC interface
+	// perspective, which can be different from the name of any implementing
+	// class. The `code.namespace` attribute may be used to store the latter
+	// (despite the attribute name, it may include a class name; e.g., class
+	// with method actually executing the call on the server side, RPC client
+	// stub class on the client side).
+	RPCServiceKey = attribute.Key("rpc.service")
+
+	// RPCMethodKey is the attribute Key conforming to the "rpc.method"
+	// semantic conventions. It represents the name of the (logical) method
+	// being called, must be equal to the $method part in the span name.
+	//
+	// Type: string
+	// RequirementLevel: Recommended
+	// Stability: stable
+	// Examples: 'exampleMethod'
+	// Note: This is the logical name of the method from the RPC interface
+	// perspective, which can be different from the name of any implementing
+	// method/function. The `code.function` attribute may be used to store the
+	// latter (e.g., method actually executing the call on the server side, RPC
+	// client stub method on the client side).
+	RPCMethodKey = attribute.Key("rpc.method")
+)
+
+var (
+	// gRPC
+	RPCSystemGRPC = RPCSystemKey.String("grpc")
+	// Java RMI
+	RPCSystemJavaRmi = RPCSystemKey.String("java_rmi")
+	// .NET WCF
+	RPCSystemDotnetWcf = RPCSystemKey.String("dotnet_wcf")
+	// Apache Dubbo
+	RPCSystemApacheDubbo = RPCSystemKey.String("apache_dubbo")
+)
+
+// RPCService returns an attribute KeyValue conforming to the "rpc.service"
+// semantic conventions. It represents the full (logical) name of the service
+// being called, including its package name, if applicable.
+func RPCService(val string) attribute.KeyValue {
+	return RPCServiceKey.String(val)
+}
+
+// RPCMethod returns an attribute KeyValue conforming to the "rpc.method"
+// semantic conventions. It represents the name of the (logical) method being
+// called, must be equal to the $method part in the span name.
+func RPCMethod(val string) attribute.KeyValue {
+	return RPCMethodKey.String(val)
+}
+
+// Tech-specific attributes for gRPC.
+const (
+	// RPCGRPCStatusCodeKey is the attribute Key conforming to the
+	// "rpc.grpc.status_code" semantic conventions. It represents the [numeric
+	// status
+	// code](https://github.com/grpc/grpc/blob/v1.33.2/doc/statuscodes.md) of
+	// the gRPC request.
+	//
+	// Type: Enum
+	// RequirementLevel: Required
+	// Stability: stable
+	RPCGRPCStatusCodeKey = attribute.Key("rpc.grpc.status_code")
+)
+
+var (
+	// OK
+	RPCGRPCStatusCodeOk = RPCGRPCStatusCodeKey.Int(0)
+	// CANCELLED
+	RPCGRPCStatusCodeCancelled = RPCGRPCStatusCodeKey.Int(1)
+	// UNKNOWN
+	RPCGRPCStatusCodeUnknown = RPCGRPCStatusCodeKey.Int(2)
+	// INVALID_ARGUMENT
+	RPCGRPCStatusCodeInvalidArgument = RPCGRPCStatusCodeKey.Int(3)
+	// DEADLINE_EXCEEDED
+	RPCGRPCStatusCodeDeadlineExceeded = RPCGRPCStatusCodeKey.Int(4)
+	// NOT_FOUND
+	RPCGRPCStatusCodeNotFound = RPCGRPCStatusCodeKey.Int(5)
+	// ALREADY_EXISTS
+	RPCGRPCStatusCodeAlreadyExists = RPCGRPCStatusCodeKey.Int(6)
+	// PERMISSION_DENIED
+	RPCGRPCStatusCodePermissionDenied = RPCGRPCStatusCodeKey.Int(7)
+	// RESOURCE_EXHAUSTED
+	RPCGRPCStatusCodeResourceExhausted = RPCGRPCStatusCodeKey.Int(8)
+	// FAILED_PRECONDITION
+	RPCGRPCStatusCodeFailedPrecondition = RPCGRPCStatusCodeKey.Int(9)
+	// ABORTED
+	RPCGRPCStatusCodeAborted = RPCGRPCStatusCodeKey.Int(10)
+	// OUT_OF_RANGE
+	RPCGRPCStatusCodeOutOfRange = RPCGRPCStatusCodeKey.Int(11)
+	// UNIMPLEMENTED
+	RPCGRPCStatusCodeUnimplemented = RPCGRPCStatusCodeKey.Int(12)
+	// INTERNAL
+	RPCGRPCStatusCodeInternal = RPCGRPCStatusCodeKey.Int(13)
+	// UNAVAILABLE
+	RPCGRPCStatusCodeUnavailable = RPCGRPCStatusCodeKey.Int(14)
+	// DATA_LOSS
+	RPCGRPCStatusCodeDataLoss = RPCGRPCStatusCodeKey.Int(15)
+	// UNAUTHENTICATED
+	RPCGRPCStatusCodeUnauthenticated = RPCGRPCStatusCodeKey.Int(16)
+)
+
+// Tech-specific attributes for [JSON RPC](https://www.jsonrpc.org/).
+const (
+	// RPCJsonrpcVersionKey is the attribute Key conforming to the
+	// "rpc.jsonrpc.version" semantic conventions. It represents the protocol
+	// version as in `jsonrpc` property of request/response. Since JSON-RPC 1.0
+	// does not specify this, the value can be omitted.
+	//
+	// Type: string
+	// RequirementLevel: ConditionallyRequired (If other than the default
+	// version (`1.0`))
+	// Stability: stable
+	// Examples: '2.0', '1.0'
+	RPCJsonrpcVersionKey = attribute.Key("rpc.jsonrpc.version")
+
+	// RPCJsonrpcRequestIDKey is the attribute Key conforming to the
+	// "rpc.jsonrpc.request_id" semantic conventions. It represents the `id`
+	// property of request or response. Since protocol allows id to be int,
+	// string, `null` or missing (for notifications), value is expected to be
+	// cast to string for simplicity. Use empty string in case of `null` value.
+	// Omit entirely if this is a notification.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: '10', 'request-7', ''
+	RPCJsonrpcRequestIDKey = attribute.Key("rpc.jsonrpc.request_id")
+
+	// RPCJsonrpcErrorCodeKey is the attribute Key conforming to the
+	// "rpc.jsonrpc.error_code" semantic conventions. It represents the
+	// `error.code` property of response if it is an error response.
+	//
+	// Type: int
+	// RequirementLevel: ConditionallyRequired (If response is not successful.)
+	// Stability: stable
+	// Examples: -32700, 100
+	RPCJsonrpcErrorCodeKey = attribute.Key("rpc.jsonrpc.error_code")
+
+	// RPCJsonrpcErrorMessageKey is the attribute Key conforming to the
+	// "rpc.jsonrpc.error_message" semantic conventions. It represents the
+	// `error.message` property of response if it is an error response.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'Parse error', 'User already exists'
+	RPCJsonrpcErrorMessageKey = attribute.Key("rpc.jsonrpc.error_message")
+)
+
+// RPCJsonrpcVersion returns an attribute KeyValue conforming to the
+// "rpc.jsonrpc.version" semantic conventions. It represents the protocol
+// version as in `jsonrpc` property of request/response. Since JSON-RPC 1.0
+// does not specify this, the value can be omitted.
+func RPCJsonrpcVersion(val string) attribute.KeyValue {
+	return RPCJsonrpcVersionKey.String(val)
+}
+
+// RPCJsonrpcRequestID returns an attribute KeyValue conforming to the
+// "rpc.jsonrpc.request_id" semantic conventions. It represents the `id`
+// property of request or response. Since protocol allows id to be int, string,
+// `null` or missing (for notifications), value is expected to be cast to
+// string for simplicity. Use empty string in case of `null` value. Omit
+// entirely if this is a notification.
+func RPCJsonrpcRequestID(val string) attribute.KeyValue {
+	return RPCJsonrpcRequestIDKey.String(val)
+}
+
+// RPCJsonrpcErrorCode returns an attribute KeyValue conforming to the
+// "rpc.jsonrpc.error_code" semantic conventions. It represents the
+// `error.code` property of response if it is an error response.
+func RPCJsonrpcErrorCode(val int) attribute.KeyValue {
+	return RPCJsonrpcErrorCodeKey.Int(val)
+}
+
+// RPCJsonrpcErrorMessage returns an attribute KeyValue conforming to the
+// "rpc.jsonrpc.error_message" semantic conventions. It represents the
+// `error.message` property of response if it is an error response.
+func RPCJsonrpcErrorMessage(val string) attribute.KeyValue {
+	return RPCJsonrpcErrorMessageKey.String(val)
+}
diff --git a/apis/vendor/go.opentelemetry.io/otel/semconv/v1.21.0/attribute_group.go b/apis/vendor/go.opentelemetry.io/otel/semconv/v1.21.0/attribute_group.go
new file mode 100644
index 000000000..e6cf89510
--- /dev/null
+++ b/apis/vendor/go.opentelemetry.io/otel/semconv/v1.21.0/attribute_group.go
@@ -0,0 +1,1877 @@
+// Copyright The OpenTelemetry Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Code generated from semantic convention specification. DO NOT EDIT.
+
+package semconv // import "go.opentelemetry.io/otel/semconv/v1.21.0"
+
+import "go.opentelemetry.io/otel/attribute"
+
+// These attributes may be used to describe the client in a connection-based
+// network interaction where there is one side that initiates the connection
+// (the client is the side that initiates the connection). This covers all TCP
+// network interactions since TCP is connection-based and one side initiates
+// the connection (an exception is made for peer-to-peer communication over TCP
+// where the "user-facing" surface of the protocol / API does not expose a
+// clear notion of client and server). This also covers UDP network
+// interactions where one side initiates the interaction, e.g. QUIC (HTTP/3)
+// and DNS.
+const (
+	// ClientAddressKey is the attribute Key conforming to the "client.address"
+	// semantic conventions. It represents the client address - unix domain
+	// socket name, IPv4 or IPv6 address.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: '/tmp/my.sock', '10.1.2.80'
+	// Note: When observed from the server side, and when communicating through
+	// an intermediary, `client.address` SHOULD represent client address behind
+	// any intermediaries (e.g. proxies) if it's available.
+	ClientAddressKey = attribute.Key("client.address")
+
+	// ClientPortKey is the attribute Key conforming to the "client.port"
+	// semantic conventions. It represents the client port number
+	//
+	// Type: int
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 65123
+	// Note: When observed from the server side, and when communicating through
+	// an intermediary, `client.port` SHOULD represent client port behind any
+	// intermediaries (e.g. proxies) if it's available.
+	ClientPortKey = attribute.Key("client.port")
+
+	// ClientSocketAddressKey is the attribute Key conforming to the
+	// "client.socket.address" semantic conventions. It represents the
+	// immediate client peer address - unix domain socket name, IPv4 or IPv6
+	// address.
+	//
+	// Type: string
+	// RequirementLevel: Recommended (If different than `client.address`.)
+	// Stability: stable
+	// Examples: '/tmp/my.sock', '127.0.0.1'
+	ClientSocketAddressKey = attribute.Key("client.socket.address")
+
+	// ClientSocketPortKey is the attribute Key conforming to the
+	// "client.socket.port" semantic conventions. It represents the immediate
+	// client peer port number
+	//
+	// Type: int
+	// RequirementLevel: Recommended (If different than `client.port`.)
+	// Stability: stable
+	// Examples: 35555
+	ClientSocketPortKey = attribute.Key("client.socket.port")
+)
+
+// ClientAddress returns an attribute KeyValue conforming to the
+// "client.address" semantic conventions. It represents the client address -
+// unix domain socket name, IPv4 or IPv6 address.
+func ClientAddress(val string) attribute.KeyValue {
+	return ClientAddressKey.String(val)
+}
+
+// ClientPort returns an attribute KeyValue conforming to the "client.port"
+// semantic conventions. It represents the client port number
+func ClientPort(val int) attribute.KeyValue {
+	return ClientPortKey.Int(val)
+}
+
+// ClientSocketAddress returns an attribute KeyValue conforming to the
+// "client.socket.address" semantic conventions. It represents the immediate
+// client peer address - unix domain socket name, IPv4 or IPv6 address.
+func ClientSocketAddress(val string) attribute.KeyValue {
+	return ClientSocketAddressKey.String(val)
+}
+
+// ClientSocketPort returns an attribute KeyValue conforming to the
+// "client.socket.port" semantic conventions. It represents the immediate
+// client peer port number
+func ClientSocketPort(val int) attribute.KeyValue {
+	return ClientSocketPortKey.Int(val)
+}
+
+// Describes deprecated HTTP attributes.
+const (
+	// HTTPMethodKey is the attribute Key conforming to the "http.method"
+	// semantic conventions. It represents the deprecated, use
+	// `http.request.method` instead.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: deprecated
+	// Examples: 'GET', 'POST', 'HEAD'
+	HTTPMethodKey = attribute.Key("http.method")
+
+	// HTTPStatusCodeKey is the attribute Key conforming to the
+	// "http.status_code" semantic conventions. It represents the deprecated,
+	// use `http.response.status_code` instead.
+	//
+	// Type: int
+	// RequirementLevel: Optional
+	// Stability: deprecated
+	// Examples: 200
+	HTTPStatusCodeKey = attribute.Key("http.status_code")
+
+	// HTTPSchemeKey is the attribute Key conforming to the "http.scheme"
+	// semantic conventions. It represents the deprecated, use `url.scheme`
+	// instead.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: deprecated
+	// Examples: 'http', 'https'
+	HTTPSchemeKey = attribute.Key("http.scheme")
+
+	// HTTPURLKey is the attribute Key conforming to the "http.url" semantic
+	// conventions. It represents the deprecated, use `url.full` instead.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: deprecated
+	// Examples: 'https://www.foo.bar/search?q=OpenTelemetry#SemConv'
+	HTTPURLKey = attribute.Key("http.url")
+
+	// HTTPTargetKey is the attribute Key conforming to the "http.target"
+	// semantic conventions. It represents the deprecated, use `url.path` and
+	// `url.query` instead.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: deprecated
+	// Examples: '/search?q=OpenTelemetry#SemConv'
+	HTTPTargetKey = attribute.Key("http.target")
+
+	// HTTPRequestContentLengthKey is the attribute Key conforming to the
+	// "http.request_content_length" semantic conventions. It represents the
+	// deprecated, use `http.request.body.size` instead.
+	//
+	// Type: int
+	// RequirementLevel: Optional
+	// Stability: deprecated
+	// Examples: 3495
+	HTTPRequestContentLengthKey = attribute.Key("http.request_content_length")
+
+	// HTTPResponseContentLengthKey is the attribute Key conforming to the
+	// "http.response_content_length" semantic conventions. It represents the
+	// deprecated, use `http.response.body.size` instead.
+	//
+	// Type: int
+	// RequirementLevel: Optional
+	// Stability: deprecated
+	// Examples: 3495
+	HTTPResponseContentLengthKey = attribute.Key("http.response_content_length")
+)
+
+// HTTPMethod returns an attribute KeyValue conforming to the "http.method"
+// semantic conventions. It represents the deprecated, use
+// `http.request.method` instead.
+func HTTPMethod(val string) attribute.KeyValue {
+	return HTTPMethodKey.String(val)
+}
+
+// HTTPStatusCode returns an attribute KeyValue conforming to the
+// "http.status_code" semantic conventions. It represents the deprecated, use
+// `http.response.status_code` instead.
+func HTTPStatusCode(val int) attribute.KeyValue {
+	return HTTPStatusCodeKey.Int(val)
+}
+
+// HTTPScheme returns an attribute KeyValue conforming to the "http.scheme"
+// semantic conventions. It represents the deprecated, use `url.scheme`
+// instead.
+func HTTPScheme(val string) attribute.KeyValue {
+	return HTTPSchemeKey.String(val)
+}
+
+// HTTPURL returns an attribute KeyValue conforming to the "http.url"
+// semantic conventions. It represents the deprecated, use `url.full` instead.
+func HTTPURL(val string) attribute.KeyValue {
+	return HTTPURLKey.String(val)
+}
+
+// HTTPTarget returns an attribute KeyValue conforming to the "http.target"
+// semantic conventions. It represents the deprecated, use `url.path` and
+// `url.query` instead.
+func HTTPTarget(val string) attribute.KeyValue {
+	return HTTPTargetKey.String(val)
+}
+
+// HTTPRequestContentLength returns an attribute KeyValue conforming to the
+// "http.request_content_length" semantic conventions. It represents the
+// deprecated, use `http.request.body.size` instead.
+func HTTPRequestContentLength(val int) attribute.KeyValue {
+	return HTTPRequestContentLengthKey.Int(val)
+}
+
+// HTTPResponseContentLength returns an attribute KeyValue conforming to the
+// "http.response_content_length" semantic conventions. It represents the
+// deprecated, use `http.response.body.size` instead.
+func HTTPResponseContentLength(val int) attribute.KeyValue {
+	return HTTPResponseContentLengthKey.Int(val)
+}
+
+// These attributes may be used for any network related operation.
+const (
+	// NetSockPeerNameKey is the attribute Key conforming to the
+	// "net.sock.peer.name" semantic conventions. It represents the deprecated,
+	// use `server.socket.domain` on client spans.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: deprecated
+	// Examples: '/var/my.sock'
+	NetSockPeerNameKey = attribute.Key("net.sock.peer.name")
+
+	// NetSockPeerAddrKey is the attribute Key conforming to the
+	// "net.sock.peer.addr" semantic conventions. It represents the deprecated,
+	// use `server.socket.address` on client spans and `client.socket.address`
+	// on server spans.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: deprecated
+	// Examples: '192.168.0.1'
+	NetSockPeerAddrKey = attribute.Key("net.sock.peer.addr")
+
+	// NetSockPeerPortKey is the attribute Key conforming to the
+	// "net.sock.peer.port" semantic conventions. It represents the deprecated,
+	// use `server.socket.port` on client spans and `client.socket.port` on
+	// server spans.
+	//
+	// Type: int
+	// RequirementLevel: Optional
+	// Stability: deprecated
+	// Examples: 65531
+	NetSockPeerPortKey = attribute.Key("net.sock.peer.port")
+
+	// NetPeerNameKey is the attribute Key conforming to the "net.peer.name"
+	// semantic conventions. It represents the deprecated, use `server.address`
+	// on client spans and `client.address` on server spans.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: deprecated
+	// Examples: 'example.com'
+	NetPeerNameKey = attribute.Key("net.peer.name")
+
+	// NetPeerPortKey is the attribute Key conforming to the "net.peer.port"
+	// semantic conventions. It represents the deprecated, use `server.port` on
+	// client spans and `client.port` on server spans.
+	//
+	// Type: int
+	// RequirementLevel: Optional
+	// Stability: deprecated
+	// Examples: 8080
+	NetPeerPortKey = attribute.Key("net.peer.port")
+
+	// NetHostNameKey is the attribute Key conforming to the "net.host.name"
+	// semantic conventions. It represents the deprecated, use
+	// `server.address`.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: deprecated
+	// Examples: 'example.com'
+	NetHostNameKey = attribute.Key("net.host.name")
+
+	// NetHostPortKey is the attribute Key conforming to the "net.host.port"
+	// semantic conventions. It represents the deprecated, use `server.port`.
+	//
+	// Type: int
+	// RequirementLevel: Optional
+	// Stability: deprecated
+	// Examples: 8080
+	NetHostPortKey = attribute.Key("net.host.port")
+
+	// NetSockHostAddrKey is the attribute Key conforming to the
+	// "net.sock.host.addr" semantic conventions. It represents the deprecated,
+	// use `server.socket.address`.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: deprecated
+	// Examples: '/var/my.sock'
+	NetSockHostAddrKey = attribute.Key("net.sock.host.addr")
+
+	// NetSockHostPortKey is the attribute Key conforming to the
+	// "net.sock.host.port" semantic conventions. It represents the deprecated,
+	// use `server.socket.port`.
+	//
+	// Type: int
+	// RequirementLevel: Optional
+	// Stability: deprecated
+	// Examples: 8080
+	NetSockHostPortKey = attribute.Key("net.sock.host.port")
+
+	// NetTransportKey is the attribute Key conforming to the "net.transport"
+	// semantic conventions. It represents the deprecated, use
+	// `network.transport`.
+	//
+	// Type: Enum
+	// RequirementLevel: Optional
+	// Stability: deprecated
+	NetTransportKey = attribute.Key("net.transport")
+
+	// NetProtocolNameKey is the attribute Key conforming to the
+	// "net.protocol.name" semantic conventions. It represents the deprecated,
+	// use `network.protocol.name`.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: deprecated
+	// Examples: 'amqp', 'http', 'mqtt'
+	NetProtocolNameKey = attribute.Key("net.protocol.name")
+
+	// NetProtocolVersionKey is the attribute Key conforming to the
+	// "net.protocol.version" semantic conventions. It represents the
+	// deprecated, use `network.protocol.version`.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: deprecated
+	// Examples: '3.1.1'
+	NetProtocolVersionKey = attribute.Key("net.protocol.version")
+
+	// NetSockFamilyKey is the attribute Key conforming to the
+	// "net.sock.family" semantic conventions. It represents the deprecated,
+	// use `network.transport` and `network.type`.
+	//
+	// Type: Enum
+	// RequirementLevel: Optional
+	// Stability: deprecated
+	NetSockFamilyKey = attribute.Key("net.sock.family")
+)
+
+var (
+	// ip_tcp
+	NetTransportTCP = NetTransportKey.String("ip_tcp")
+	// ip_udp
+	NetTransportUDP = NetTransportKey.String("ip_udp")
+	// Named or anonymous pipe
+	NetTransportPipe = NetTransportKey.String("pipe")
+	// In-process communication
+	NetTransportInProc = NetTransportKey.String("inproc")
+	// Something else (non IP-based)
+	NetTransportOther = NetTransportKey.String("other")
+)
+
+var (
+	// IPv4 address
+	NetSockFamilyInet = NetSockFamilyKey.String("inet")
+	// IPv6 address
+	NetSockFamilyInet6 = NetSockFamilyKey.String("inet6")
+	// Unix domain socket path
+	NetSockFamilyUnix = NetSockFamilyKey.String("unix")
+)
+
+// NetSockPeerName returns an attribute KeyValue conforming to the
+// "net.sock.peer.name" semantic conventions. It represents the deprecated, use
+// `server.socket.domain` on client spans.
+func NetSockPeerName(val string) attribute.KeyValue {
+	return NetSockPeerNameKey.String(val)
+}
+
+// NetSockPeerAddr returns an attribute KeyValue conforming to the
+// "net.sock.peer.addr" semantic conventions. It represents the deprecated, use
+// `server.socket.address` on client spans and `client.socket.address` on
+// server spans.
+func NetSockPeerAddr(val string) attribute.KeyValue {
+	return NetSockPeerAddrKey.String(val)
+}
+
+// NetSockPeerPort returns an attribute KeyValue conforming to the
+// "net.sock.peer.port" semantic conventions. It represents the deprecated, use
+// `server.socket.port` on client spans and `client.socket.port` on server
+// spans.
+func NetSockPeerPort(val int) attribute.KeyValue {
+	return NetSockPeerPortKey.Int(val)
+}
+
+// NetPeerName returns an attribute KeyValue conforming to the
+// "net.peer.name" semantic conventions. It represents the deprecated, use
+// `server.address` on client spans and `client.address` on server spans.
+func NetPeerName(val string) attribute.KeyValue {
+	return NetPeerNameKey.String(val)
+}
+
+// NetPeerPort returns an attribute KeyValue conforming to the
+// "net.peer.port" semantic conventions. It represents the deprecated, use
+// `server.port` on client spans and `client.port` on server spans.
+func NetPeerPort(val int) attribute.KeyValue {
+	return NetPeerPortKey.Int(val)
+}
+
+// NetHostName returns an attribute KeyValue conforming to the
+// "net.host.name" semantic conventions. It represents the deprecated, use
+// `server.address`.
+func NetHostName(val string) attribute.KeyValue {
+	return NetHostNameKey.String(val)
+}
+
+// NetHostPort returns an attribute KeyValue conforming to the
+// "net.host.port" semantic conventions. It represents the deprecated, use
+// `server.port`.
+func NetHostPort(val int) attribute.KeyValue {
+	return NetHostPortKey.Int(val)
+}
+
+// NetSockHostAddr returns an attribute KeyValue conforming to the
+// "net.sock.host.addr" semantic conventions. It represents the deprecated, use
+// `server.socket.address`.
+func NetSockHostAddr(val string) attribute.KeyValue {
+	return NetSockHostAddrKey.String(val)
+}
+
+// NetSockHostPort returns an attribute KeyValue conforming to the
+// "net.sock.host.port" semantic conventions. It represents the deprecated, use
+// `server.socket.port`.
+func NetSockHostPort(val int) attribute.KeyValue {
+	return NetSockHostPortKey.Int(val)
+}
+
+// NetProtocolName returns an attribute KeyValue conforming to the
+// "net.protocol.name" semantic conventions. It represents the deprecated, use
+// `network.protocol.name`.
+func NetProtocolName(val string) attribute.KeyValue {
+	return NetProtocolNameKey.String(val)
+}
+
+// NetProtocolVersion returns an attribute KeyValue conforming to the
+// "net.protocol.version" semantic conventions. It represents the deprecated,
+// use `network.protocol.version`.
+func NetProtocolVersion(val string) attribute.KeyValue {
+	return NetProtocolVersionKey.String(val)
+}
+
+// These attributes may be used to describe the receiver of a network
+// exchange/packet. These should be used when there is no client/server
+// relationship between the two sides, or when that relationship is unknown.
+// This covers low-level network interactions (e.g. packet tracing) where you
+// don't know if there was a connection or which side initiated it. This also
+// covers unidirectional UDP flows and peer-to-peer communication where the
+// "user-facing" surface of the protocol / API does not expose a clear notion
+// of client and server.
+const (
+	// DestinationDomainKey is the attribute Key conforming to the
+	// "destination.domain" semantic conventions. It represents the domain name
+	// of the destination system.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'foo.example.com'
+	// Note: This value may be a host name, a fully qualified domain name, or
+	// another host naming format.
+	DestinationDomainKey = attribute.Key("destination.domain")
+
+	// DestinationAddressKey is the attribute Key conforming to the
+	// "destination.address" semantic conventions. It represents the peer
+	// address, for example IP address or UNIX socket name.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: '10.5.3.2'
+	DestinationAddressKey = attribute.Key("destination.address")
+
+	// DestinationPortKey is the attribute Key conforming to the
+	// "destination.port" semantic conventions. It represents the peer port
+	// number
+	//
+	// Type: int
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 3389, 2888
+	DestinationPortKey = attribute.Key("destination.port")
+)
+
+// DestinationDomain returns an attribute KeyValue conforming to the
+// "destination.domain" semantic conventions. It represents the domain name of
+// the destination system.
+func DestinationDomain(val string) attribute.KeyValue {
+	return DestinationDomainKey.String(val)
+}
+
+// DestinationAddress returns an attribute KeyValue conforming to the
+// "destination.address" semantic conventions. It represents the peer address,
+// for example IP address or UNIX socket name.
+func DestinationAddress(val string) attribute.KeyValue {
+	return DestinationAddressKey.String(val)
+}
+
+// DestinationPort returns an attribute KeyValue conforming to the
+// "destination.port" semantic conventions. It represents the peer port number
+func DestinationPort(val int) attribute.KeyValue {
+	return DestinationPortKey.Int(val)
+}
+
+// Describes HTTP attributes.
+const (
+	// HTTPRequestMethodKey is the attribute Key conforming to the
+	// "http.request.method" semantic conventions. It represents the hTTP
+	// request method.
+	//
+	// Type: Enum
+	// RequirementLevel: Required
+	// Stability: stable
+	// Examples: 'GET', 'POST', 'HEAD'
+	// Note: HTTP request method value SHOULD be "known" to the
+	// instrumentation.
+	// By default, this convention defines "known" methods as the ones listed
+	// in [RFC9110](https://www.rfc-editor.org/rfc/rfc9110.html#name-methods)
+	// and the PATCH method defined in
+	// [RFC5789](https://www.rfc-editor.org/rfc/rfc5789.html).
+	//
+	// If the HTTP request method is not known to instrumentation, it MUST set
+	// the `http.request.method` attribute to `_OTHER` and, except if reporting
+	// a metric, MUST
+	// set the exact method received in the request line as value of the
+	// `http.request.method_original` attribute.
+	//
+	// If the HTTP instrumentation could end up converting valid HTTP request
+	// methods to `_OTHER`, then it MUST provide a way to override
+	// the list of known HTTP methods. If this override is done via environment
+	// variable, then the environment variable MUST be named
+	// OTEL_INSTRUMENTATION_HTTP_KNOWN_METHODS and support a comma-separated
+	// list of case-sensitive known HTTP methods
+	// (this list MUST be a full override of the default known method, it is
+	// not a list of known methods in addition to the defaults).
+	//
+	// HTTP method names are case-sensitive and `http.request.method` attribute
+	// value MUST match a known HTTP method name exactly.
+	// Instrumentations for specific web frameworks that consider HTTP methods
+	// to be case insensitive, SHOULD populate a canonical equivalent.
+	// Tracing instrumentations that do so, MUST also set
+	// `http.request.method_original` to the original value.
+	HTTPRequestMethodKey = attribute.Key("http.request.method")
+
+	// HTTPResponseStatusCodeKey is the attribute Key conforming to the
+	// "http.response.status_code" semantic conventions. It represents the
+	// [HTTP response status
+	// code](https://tools.ietf.org/html/rfc7231#section-6).
+	//
+	// Type: int
+	// RequirementLevel: ConditionallyRequired (If and only if one was
+	// received/sent.)
+	// Stability: stable
+	// Examples: 200
+	HTTPResponseStatusCodeKey = attribute.Key("http.response.status_code")
+)
+
+var (
+	// CONNECT method
+	HTTPRequestMethodConnect = HTTPRequestMethodKey.String("CONNECT")
+	// DELETE method
+	HTTPRequestMethodDelete = HTTPRequestMethodKey.String("DELETE")
+	// GET method
+	HTTPRequestMethodGet = HTTPRequestMethodKey.String("GET")
+	// HEAD method
+	HTTPRequestMethodHead = HTTPRequestMethodKey.String("HEAD")
+	// OPTIONS method
+	HTTPRequestMethodOptions = HTTPRequestMethodKey.String("OPTIONS")
+	// PATCH method
+	HTTPRequestMethodPatch = HTTPRequestMethodKey.String("PATCH")
+	// POST method
+	HTTPRequestMethodPost = HTTPRequestMethodKey.String("POST")
+	// PUT method
+	HTTPRequestMethodPut = HTTPRequestMethodKey.String("PUT")
+	// TRACE method
+	HTTPRequestMethodTrace = HTTPRequestMethodKey.String("TRACE")
+	// Any HTTP method that the instrumentation has no prior knowledge of
+	HTTPRequestMethodOther = HTTPRequestMethodKey.String("_OTHER")
+)
+
+// HTTPResponseStatusCode returns an attribute KeyValue conforming to the
+// "http.response.status_code" semantic conventions. It represents the [HTTP
+// response status code](https://tools.ietf.org/html/rfc7231#section-6).
+func HTTPResponseStatusCode(val int) attribute.KeyValue {
+	return HTTPResponseStatusCodeKey.Int(val)
+}
+
+// HTTP Server attributes
+const (
+	// HTTPRouteKey is the attribute Key conforming to the "http.route"
+	// semantic conventions. It represents the matched route (path template in
+	// the format used by the respective server framework). See note below
+	//
+	// Type: string
+	// RequirementLevel: ConditionallyRequired (If and only if it's available)
+	// Stability: stable
+	// Examples: '/users/:userID?', '{controller}/{action}/{id?}'
+	// Note: MUST NOT be populated when this is not supported by the HTTP
+	// server framework as the route attribute should have low-cardinality and
+	// the URI path can NOT substitute it.
+	// SHOULD include the [application
+	// root](/docs/http/http-spans.md#http-server-definitions) if there is one.
+	HTTPRouteKey = attribute.Key("http.route")
+)
+
+// HTTPRoute returns an attribute KeyValue conforming to the "http.route"
+// semantic conventions. It represents the matched route (path template in the
+// format used by the respective server framework). See note below
+func HTTPRoute(val string) attribute.KeyValue {
+	return HTTPRouteKey.String(val)
+}
+
+// Attributes for Events represented using Log Records.
+const (
+	// EventNameKey is the attribute Key conforming to the "event.name"
+	// semantic conventions. It represents the name identifies the event.
+	//
+	// Type: string
+	// RequirementLevel: Required
+	// Stability: stable
+	// Examples: 'click', 'exception'
+	EventNameKey = attribute.Key("event.name")
+
+	// EventDomainKey is the attribute Key conforming to the "event.domain"
+	// semantic conventions. It represents the domain identifies the business
+	// context for the events.
+	//
+	// Type: Enum
+	// RequirementLevel: Required
+	// Stability: stable
+	// Note: Events across different domains may have same `event.name`, yet be
+	// unrelated events.
+	EventDomainKey = attribute.Key("event.domain")
+)
+
+var (
+	// Events from browser apps
+	EventDomainBrowser = EventDomainKey.String("browser")
+	// Events from mobile apps
+	EventDomainDevice = EventDomainKey.String("device")
+	// Events from Kubernetes
+	EventDomainK8S = EventDomainKey.String("k8s")
+)
+
+// EventName returns an attribute KeyValue conforming to the "event.name"
+// semantic conventions. It represents the name identifies the event.
+func EventName(val string) attribute.KeyValue {
+	return EventNameKey.String(val)
+}
+
+// The attributes described in this section are rather generic. They may be
+// used in any Log Record they apply to.
+const (
+	// LogRecordUIDKey is the attribute Key conforming to the "log.record.uid"
+	// semantic conventions. It represents a unique identifier for the Log
+	// Record.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: '01ARZ3NDEKTSV4RRFFQ69G5FAV'
+	// Note: If an id is provided, other log records with the same id will be
+	// considered duplicates and can be removed safely. This means, that two
+	// distinguishable log records MUST have different values.
+	// The id MAY be an [Universally Unique Lexicographically Sortable
+	// Identifier (ULID)](https://github.com/ulid/spec), but other identifiers
+	// (e.g. UUID) may be used as needed.
+	LogRecordUIDKey = attribute.Key("log.record.uid")
+)
+
+// LogRecordUID returns an attribute KeyValue conforming to the
+// "log.record.uid" semantic conventions. It represents a unique identifier for
+// the Log Record.
+func LogRecordUID(val string) attribute.KeyValue {
+	return LogRecordUIDKey.String(val)
+}
+
+// Describes Log attributes
+const (
+	// LogIostreamKey is the attribute Key conforming to the "log.iostream"
+	// semantic conventions. It represents the stream associated with the log.
+	// See below for a list of well-known values.
+	//
+	// Type: Enum
+	// RequirementLevel: Optional
+	// Stability: stable
+	LogIostreamKey = attribute.Key("log.iostream")
+)
+
+var (
+	// Logs from stdout stream
+	LogIostreamStdout = LogIostreamKey.String("stdout")
+	// Events from stderr stream
+	LogIostreamStderr = LogIostreamKey.String("stderr")
+)
+
+// A file to which log was emitted.
+const (
+	// LogFileNameKey is the attribute Key conforming to the "log.file.name"
+	// semantic conventions. It represents the basename of the file.
+	//
+	// Type: string
+	// RequirementLevel: Recommended
+	// Stability: stable
+	// Examples: 'audit.log'
+	LogFileNameKey = attribute.Key("log.file.name")
+
+	// LogFilePathKey is the attribute Key conforming to the "log.file.path"
+	// semantic conventions. It represents the full path to the file.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: '/var/log/mysql/audit.log'
+	LogFilePathKey = attribute.Key("log.file.path")
+
+	// LogFileNameResolvedKey is the attribute Key conforming to the
+	// "log.file.name_resolved" semantic conventions. It represents the
+	// basename of the file, with symlinks resolved.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'uuid.log'
+	LogFileNameResolvedKey = attribute.Key("log.file.name_resolved")
+
+	// LogFilePathResolvedKey is the attribute Key conforming to the
+	// "log.file.path_resolved" semantic conventions. It represents the full
+	// path to the file, with symlinks resolved.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: '/var/lib/docker/uuid.log'
+	LogFilePathResolvedKey = attribute.Key("log.file.path_resolved")
+)
+
+// LogFileName returns an attribute KeyValue conforming to the
+// "log.file.name" semantic conventions. It represents the basename of the
+// file.
+func LogFileName(val string) attribute.KeyValue {
+	return LogFileNameKey.String(val)
+}
+
+// LogFilePath returns an attribute KeyValue conforming to the
+// "log.file.path" semantic conventions. It represents the full path to the
+// file.
+func LogFilePath(val string) attribute.KeyValue {
+	return LogFilePathKey.String(val)
+}
+
+// LogFileNameResolved returns an attribute KeyValue conforming to the
+// "log.file.name_resolved" semantic conventions. It represents the basename of
+// the file, with symlinks resolved.
+func LogFileNameResolved(val string) attribute.KeyValue {
+	return LogFileNameResolvedKey.String(val)
+}
+
+// LogFilePathResolved returns an attribute KeyValue conforming to the
+// "log.file.path_resolved" semantic conventions. It represents the full path
+// to the file, with symlinks resolved.
+func LogFilePathResolved(val string) attribute.KeyValue {
+	return LogFilePathResolvedKey.String(val)
+}
+
+// Describes JVM memory metric attributes.
+const (
+	// TypeKey is the attribute Key conforming to the "type" semantic
+	// conventions. It represents the type of memory.
+	//
+	// Type: Enum
+	// RequirementLevel: Recommended
+	// Stability: stable
+	// Examples: 'heap', 'non_heap'
+	TypeKey = attribute.Key("type")
+
+	// PoolKey is the attribute Key conforming to the "pool" semantic
+	// conventions. It represents the name of the memory pool.
+	//
+	// Type: string
+	// RequirementLevel: Recommended
+	// Stability: stable
+	// Examples: 'G1 Old Gen', 'G1 Eden space', 'G1 Survivor Space'
+	// Note: Pool names are generally obtained via
+	// [MemoryPoolMXBean#getName()](https://docs.oracle.com/en/java/javase/11/docs/api/java.management/java/lang/management/MemoryPoolMXBean.html#getName()).
+	PoolKey = attribute.Key("pool")
+)
+
+var (
+	// Heap memory
+	TypeHeap = TypeKey.String("heap")
+	// Non-heap memory
+	TypeNonHeap = TypeKey.String("non_heap")
+)
+
+// Pool returns an attribute KeyValue conforming to the "pool" semantic
+// conventions. It represents the name of the memory pool.
+func Pool(val string) attribute.KeyValue {
+	return PoolKey.String(val)
+}
+
+// These attributes may be used to describe the server in a connection-based
+// network interaction where there is one side that initiates the connection
+// (the client is the side that initiates the connection). This covers all TCP
+// network interactions since TCP is connection-based and one side initiates
+// the connection (an exception is made for peer-to-peer communication over TCP
+// where the "user-facing" surface of the protocol / API does not expose a
+// clear notion of client and server). This also covers UDP network
+// interactions where one side initiates the interaction, e.g. QUIC (HTTP/3)
+// and DNS.
+const (
+	// ServerAddressKey is the attribute Key conforming to the "server.address"
+	// semantic conventions. It represents the logical server hostname, matches
+	// server FQDN if available, and IP or socket address if FQDN is not known.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'example.com'
+	ServerAddressKey = attribute.Key("server.address")
+
+	// ServerPortKey is the attribute Key conforming to the "server.port"
+	// semantic conventions. It represents the logical server port number
+	//
+	// Type: int
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 80, 8080, 443
+	ServerPortKey = attribute.Key("server.port")
+
+	// ServerSocketDomainKey is the attribute Key conforming to the
+	// "server.socket.domain" semantic conventions. It represents the domain
+	// name of an immediate peer.
+	//
+	// Type: string
+	// RequirementLevel: Recommended (If different than `server.address`.)
+	// Stability: stable
+	// Examples: 'proxy.example.com'
+	// Note: Typically observed from the client side, and represents a proxy or
+	// other intermediary domain name.
+	ServerSocketDomainKey = attribute.Key("server.socket.domain")
+
+	// ServerSocketAddressKey is the attribute Key conforming to the
+	// "server.socket.address" semantic conventions. It represents the physical
+	// server IP address or Unix socket address. If set from the client, should
+	// simply use the socket's peer address, and not attempt to find any actual
+	// server IP (i.e., if set from client, this may represent some proxy
+	// server instead of the logical server).
+	//
+	// Type: string
+	// RequirementLevel: Recommended (If different than `server.address`.)
+	// Stability: stable
+	// Examples: '10.5.3.2'
+	ServerSocketAddressKey = attribute.Key("server.socket.address")
+
+	// ServerSocketPortKey is the attribute Key conforming to the
+	// "server.socket.port" semantic conventions. It represents the physical
+	// server port.
+	//
+	// Type: int
+	// RequirementLevel: Recommended (If different than `server.port`.)
+	// Stability: stable
+	// Examples: 16456
+	ServerSocketPortKey = attribute.Key("server.socket.port")
+)
+
+// ServerAddress returns an attribute KeyValue conforming to the
+// "server.address" semantic conventions. It represents the logical server
+// hostname, matches server FQDN if available, and IP or socket address if FQDN
+// is not known.
+func ServerAddress(val string) attribute.KeyValue {
+	return ServerAddressKey.String(val)
+}
+
+// ServerPort returns an attribute KeyValue conforming to the "server.port"
+// semantic conventions. It represents the logical server port number
+func ServerPort(val int) attribute.KeyValue {
+	return ServerPortKey.Int(val)
+}
+
+// ServerSocketDomain returns an attribute KeyValue conforming to the
+// "server.socket.domain" semantic conventions. It represents the domain name
+// of an immediate peer.
+func ServerSocketDomain(val string) attribute.KeyValue {
+	return ServerSocketDomainKey.String(val)
+}
+
+// ServerSocketAddress returns an attribute KeyValue conforming to the
+// "server.socket.address" semantic conventions. It represents the physical
+// server IP address or Unix socket address. If set from the client, should
+// simply use the socket's peer address, and not attempt to find any actual
+// server IP (i.e., if set from client, this may represent some proxy server
+// instead of the logical server).
+func ServerSocketAddress(val string) attribute.KeyValue {
+	return ServerSocketAddressKey.String(val)
+}
+
+// ServerSocketPort returns an attribute KeyValue conforming to the
+// "server.socket.port" semantic conventions. It represents the physical server
+// port.
+func ServerSocketPort(val int) attribute.KeyValue {
+	return ServerSocketPortKey.Int(val)
+}
+
+// These attributes may be used to describe the sender of a network
+// exchange/packet. These should be used when there is no client/server
+// relationship between the two sides, or when that relationship is unknown.
+// This covers low-level network interactions (e.g. packet tracing) where you
+// don't know if there was a connection or which side initiated it. This also
+// covers unidirectional UDP flows and peer-to-peer communication where the
+// "user-facing" surface of the protocol / API does not expose a clear notion
+// of client and server.
+const (
+	// SourceDomainKey is the attribute Key conforming to the "source.domain"
+	// semantic conventions. It represents the domain name of the source
+	// system.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'foo.example.com'
+	// Note: This value may be a host name, a fully qualified domain name, or
+	// another host naming format.
+	SourceDomainKey = attribute.Key("source.domain")
+
+	// SourceAddressKey is the attribute Key conforming to the "source.address"
+	// semantic conventions. It represents the source address, for example IP
+	// address or Unix socket name.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: '10.5.3.2'
+	SourceAddressKey = attribute.Key("source.address")
+
+	// SourcePortKey is the attribute Key conforming to the "source.port"
+	// semantic conventions. It represents the source port number
+	//
+	// Type: int
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 3389, 2888
+	SourcePortKey = attribute.Key("source.port")
+)
+
+// SourceDomain returns an attribute KeyValue conforming to the
+// "source.domain" semantic conventions. It represents the domain name of the
+// source system.
+func SourceDomain(val string) attribute.KeyValue {
+	return SourceDomainKey.String(val)
+}
+
+// SourceAddress returns an attribute KeyValue conforming to the
+// "source.address" semantic conventions. It represents the source address, for
+// example IP address or Unix socket name.
+func SourceAddress(val string) attribute.KeyValue {
+	return SourceAddressKey.String(val)
+}
+
+// SourcePort returns an attribute KeyValue conforming to the "source.port"
+// semantic conventions. It represents the source port number
+func SourcePort(val int) attribute.KeyValue {
+	return SourcePortKey.Int(val)
+}
+
+// These attributes may be used for any network related operation.
+const (
+	// NetworkTransportKey is the attribute Key conforming to the
+	// "network.transport" semantic conventions. It represents the [OSI
+	// Transport Layer](https://osi-model.com/transport-layer/) or
+	// [Inter-process Communication
+	// method](https://en.wikipedia.org/wiki/Inter-process_communication). The
+	// value SHOULD be normalized to lowercase.
+	//
+	// Type: Enum
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'tcp', 'udp'
+	NetworkTransportKey = attribute.Key("network.transport")
+
+	// NetworkTypeKey is the attribute Key conforming to the "network.type"
+	// semantic conventions. It represents the [OSI Network
+	// Layer](https://osi-model.com/network-layer/) or non-OSI equivalent. The
+	// value SHOULD be normalized to lowercase.
+	//
+	// Type: Enum
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'ipv4', 'ipv6'
+	NetworkTypeKey = attribute.Key("network.type")
+
+	// NetworkProtocolNameKey is the attribute Key conforming to the
+	// "network.protocol.name" semantic conventions. It represents the [OSI
+	// Application Layer](https://osi-model.com/application-layer/) or non-OSI
+	// equivalent. The value SHOULD be normalized to lowercase.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'amqp', 'http', 'mqtt'
+	NetworkProtocolNameKey = attribute.Key("network.protocol.name")
+
+	// NetworkProtocolVersionKey is the attribute Key conforming to the
+	// "network.protocol.version" semantic conventions. It represents the
+	// version of the application layer protocol used. See note below.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: '3.1.1'
+	// Note: `network.protocol.version` refers to the version of the protocol
+	// used and might be different from the protocol client's version. If the
+	// HTTP client used has a version of `0.27.2`, but sends HTTP version
+	// `1.1`, this attribute should be set to `1.1`.
+	NetworkProtocolVersionKey = attribute.Key("network.protocol.version")
+)
+
+var (
+	// TCP
+	NetworkTransportTCP = NetworkTransportKey.String("tcp")
+	// UDP
+	NetworkTransportUDP = NetworkTransportKey.String("udp")
+	// Named or anonymous pipe. See note below
+	NetworkTransportPipe = NetworkTransportKey.String("pipe")
+	// Unix domain socket
+	NetworkTransportUnix = NetworkTransportKey.String("unix")
+)
+
+var (
+	// IPv4
+	NetworkTypeIpv4 = NetworkTypeKey.String("ipv4")
+	// IPv6
+	NetworkTypeIpv6 = NetworkTypeKey.String("ipv6")
+)
+
+// NetworkProtocolName returns an attribute KeyValue conforming to the
+// "network.protocol.name" semantic conventions. It represents the [OSI
+// Application Layer](https://osi-model.com/application-layer/) or non-OSI
+// equivalent. The value SHOULD be normalized to lowercase.
+func NetworkProtocolName(val string) attribute.KeyValue {
+	return NetworkProtocolNameKey.String(val)
+}
+
+// NetworkProtocolVersion returns an attribute KeyValue conforming to the
+// "network.protocol.version" semantic conventions. It represents the version
+// of the application layer protocol used. See note below.
+func NetworkProtocolVersion(val string) attribute.KeyValue {
+	return NetworkProtocolVersionKey.String(val)
+}
+
+// These attributes may be used for any network related operation.
+const (
+	// NetworkConnectionTypeKey is the attribute Key conforming to the
+	// "network.connection.type" semantic conventions. It represents the
+	// internet connection type.
+	//
+	// Type: Enum
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'wifi'
+	NetworkConnectionTypeKey = attribute.Key("network.connection.type")
+
+	// NetworkConnectionSubtypeKey is the attribute Key conforming to the
+	// "network.connection.subtype" semantic conventions. It represents the
+	// this describes more details regarding the connection.type. It may be the
+	// type of cell technology connection, but it could be used for describing
+	// details about a wifi connection.
+	//
+	// Type: Enum
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'LTE'
+	NetworkConnectionSubtypeKey = attribute.Key("network.connection.subtype")
+
+	// NetworkCarrierNameKey is the attribute Key conforming to the
+	// "network.carrier.name" semantic conventions. It represents the name of
+	// the mobile carrier.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'sprint'
+	NetworkCarrierNameKey = attribute.Key("network.carrier.name")
+
+	// NetworkCarrierMccKey is the attribute Key conforming to the
+	// "network.carrier.mcc" semantic conventions. It represents the mobile
+	// carrier country code.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: '310'
+	NetworkCarrierMccKey = attribute.Key("network.carrier.mcc")
+
+	// NetworkCarrierMncKey is the attribute Key conforming to the
+	// "network.carrier.mnc" semantic conventions. It represents the mobile
+	// carrier network code.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: '001'
+	NetworkCarrierMncKey = attribute.Key("network.carrier.mnc")
+
+	// NetworkCarrierIccKey is the attribute Key conforming to the
+	// "network.carrier.icc" semantic conventions. It represents the ISO 3166-1
+	// alpha-2 2-character country code associated with the mobile carrier
+	// network.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'DE'
+	NetworkCarrierIccKey = attribute.Key("network.carrier.icc")
+)
+
+var (
+	// wifi
+	NetworkConnectionTypeWifi = NetworkConnectionTypeKey.String("wifi")
+	// wired
+	NetworkConnectionTypeWired = NetworkConnectionTypeKey.String("wired")
+	// cell
+	NetworkConnectionTypeCell = NetworkConnectionTypeKey.String("cell")
+	// unavailable
+	NetworkConnectionTypeUnavailable = NetworkConnectionTypeKey.String("unavailable")
+	// unknown
+	NetworkConnectionTypeUnknown = NetworkConnectionTypeKey.String("unknown")
+)
+
+var (
+	// GPRS
+	NetworkConnectionSubtypeGprs = NetworkConnectionSubtypeKey.String("gprs")
+	// EDGE
+	NetworkConnectionSubtypeEdge = NetworkConnectionSubtypeKey.String("edge")
+	// UMTS
+	NetworkConnectionSubtypeUmts = NetworkConnectionSubtypeKey.String("umts")
+	// CDMA
+	NetworkConnectionSubtypeCdma = NetworkConnectionSubtypeKey.String("cdma")
+	// EVDO Rel. 0
+	NetworkConnectionSubtypeEvdo0 = NetworkConnectionSubtypeKey.String("evdo_0")
+	// EVDO Rev. A
+	NetworkConnectionSubtypeEvdoA = NetworkConnectionSubtypeKey.String("evdo_a")
+	// CDMA2000 1XRTT
+	NetworkConnectionSubtypeCdma20001xrtt = NetworkConnectionSubtypeKey.String("cdma2000_1xrtt")
+	// HSDPA
+	NetworkConnectionSubtypeHsdpa = NetworkConnectionSubtypeKey.String("hsdpa")
+	// HSUPA
+	NetworkConnectionSubtypeHsupa = NetworkConnectionSubtypeKey.String("hsupa")
+	// HSPA
+	NetworkConnectionSubtypeHspa = NetworkConnectionSubtypeKey.String("hspa")
+	// IDEN
+	NetworkConnectionSubtypeIden = NetworkConnectionSubtypeKey.String("iden")
+	// EVDO Rev. B
+	NetworkConnectionSubtypeEvdoB = NetworkConnectionSubtypeKey.String("evdo_b")
+	// LTE
+	NetworkConnectionSubtypeLte = NetworkConnectionSubtypeKey.String("lte")
+	// EHRPD
+	NetworkConnectionSubtypeEhrpd = NetworkConnectionSubtypeKey.String("ehrpd")
+	// HSPAP
+	NetworkConnectionSubtypeHspap = NetworkConnectionSubtypeKey.String("hspap")
+	// GSM
+	NetworkConnectionSubtypeGsm = NetworkConnectionSubtypeKey.String("gsm")
+	// TD-SCDMA
+	NetworkConnectionSubtypeTdScdma = NetworkConnectionSubtypeKey.String("td_scdma")
+	// IWLAN
+	NetworkConnectionSubtypeIwlan = NetworkConnectionSubtypeKey.String("iwlan")
+	// 5G NR (New Radio)
+	NetworkConnectionSubtypeNr = NetworkConnectionSubtypeKey.String("nr")
+	// 5G NRNSA (New Radio Non-Standalone)
+	NetworkConnectionSubtypeNrnsa = NetworkConnectionSubtypeKey.String("nrnsa")
+	// LTE CA
+	NetworkConnectionSubtypeLteCa = NetworkConnectionSubtypeKey.String("lte_ca")
+)
+
+// NetworkCarrierName returns an attribute KeyValue conforming to the
+// "network.carrier.name" semantic conventions. It represents the name of the
+// mobile carrier.
+func NetworkCarrierName(val string) attribute.KeyValue {
+	return NetworkCarrierNameKey.String(val)
+}
+
+// NetworkCarrierMcc returns an attribute KeyValue conforming to the
+// "network.carrier.mcc" semantic conventions. It represents the mobile carrier
+// country code.
+func NetworkCarrierMcc(val string) attribute.KeyValue {
+	return NetworkCarrierMccKey.String(val)
+}
+
+// NetworkCarrierMnc returns an attribute KeyValue conforming to the
+// "network.carrier.mnc" semantic conventions. It represents the mobile carrier
+// network code.
+func NetworkCarrierMnc(val string) attribute.KeyValue {
+	return NetworkCarrierMncKey.String(val)
+}
+
+// NetworkCarrierIcc returns an attribute KeyValue conforming to the
+// "network.carrier.icc" semantic conventions. It represents the ISO 3166-1
+// alpha-2 2-character country code associated with the mobile carrier network.
+func NetworkCarrierIcc(val string) attribute.KeyValue {
+	return NetworkCarrierIccKey.String(val)
+}
+
+// Semantic conventions for HTTP client and server Spans.
+const (
+	// HTTPRequestMethodOriginalKey is the attribute Key conforming to the
+	// "http.request.method_original" semantic conventions. It represents the
+	// original HTTP method sent by the client in the request line.
+	//
+	// Type: string
+	// RequirementLevel: ConditionallyRequired (If and only if it's different
+	// than `http.request.method`.)
+	// Stability: stable
+	// Examples: 'GeT', 'ACL', 'foo'
+	HTTPRequestMethodOriginalKey = attribute.Key("http.request.method_original")
+
+	// HTTPRequestBodySizeKey is the attribute Key conforming to the
+	// "http.request.body.size" semantic conventions. It represents the size of
+	// the request payload body in bytes. This is the number of bytes
+	// transferred excluding headers and is often, but not always, present as
+	// the
+	// [Content-Length](https://www.rfc-editor.org/rfc/rfc9110.html#field.content-length)
+	// header. For requests using transport encoding, this should be the
+	// compressed size.
+	//
+	// Type: int
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 3495
+	HTTPRequestBodySizeKey = attribute.Key("http.request.body.size")
+
+	// HTTPResponseBodySizeKey is the attribute Key conforming to the
+	// "http.response.body.size" semantic conventions. It represents the size
+	// of the response payload body in bytes. This is the number of bytes
+	// transferred excluding headers and is often, but not always, present as
+	// the
+	// [Content-Length](https://www.rfc-editor.org/rfc/rfc9110.html#field.content-length)
+	// header. For requests using transport encoding, this should be the
+	// compressed size.
+	//
+	// Type: int
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 3495
+	HTTPResponseBodySizeKey = attribute.Key("http.response.body.size")
+)
+
+// HTTPRequestMethodOriginal returns an attribute KeyValue conforming to the
+// "http.request.method_original" semantic conventions. It represents the
+// original HTTP method sent by the client in the request line.
+func HTTPRequestMethodOriginal(val string) attribute.KeyValue {
+	return HTTPRequestMethodOriginalKey.String(val)
+}
+
+// HTTPRequestBodySize returns an attribute KeyValue conforming to the
+// "http.request.body.size" semantic conventions. It represents the size of the
+// request payload body in bytes. This is the number of bytes transferred
+// excluding headers and is often, but not always, present as the
+// [Content-Length](https://www.rfc-editor.org/rfc/rfc9110.html#field.content-length)
+// header. For requests using transport encoding, this should be the compressed
+// size.
+func HTTPRequestBodySize(val int) attribute.KeyValue {
+	return HTTPRequestBodySizeKey.Int(val)
+}
+
+// HTTPResponseBodySize returns an attribute KeyValue conforming to the
+// "http.response.body.size" semantic conventions. It represents the size of
+// the response payload body in bytes. This is the number of bytes transferred
+// excluding headers and is often, but not always, present as the
+// [Content-Length](https://www.rfc-editor.org/rfc/rfc9110.html#field.content-length)
+// header. For requests using transport encoding, this should be the compressed
+// size.
+func HTTPResponseBodySize(val int) attribute.KeyValue {
+	return HTTPResponseBodySizeKey.Int(val)
+}
+
+// Semantic convention describing per-message attributes populated on messaging
+// spans or links.
+const (
+	// MessagingMessageIDKey is the attribute Key conforming to the
+	// "messaging.message.id" semantic conventions. It represents a value used
+	// by the messaging system as an identifier for the message, represented as
+	// a string.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: '452a7c7c7c7048c2f887f61572b18fc2'
+	MessagingMessageIDKey = attribute.Key("messaging.message.id")
+
+	// MessagingMessageConversationIDKey is the attribute Key conforming to the
+	// "messaging.message.conversation_id" semantic conventions. It represents
+	// the [conversation ID](#conversations) identifying the conversation to
+	// which the message belongs, represented as a string. Sometimes called
+	// "Correlation ID".
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'MyConversationID'
+	MessagingMessageConversationIDKey = attribute.Key("messaging.message.conversation_id")
+
+	// MessagingMessagePayloadSizeBytesKey is the attribute Key conforming to
+	// the "messaging.message.payload_size_bytes" semantic conventions. It
+	// represents the (uncompressed) size of the message payload in bytes. Also
+	// use this attribute if it is unknown whether the compressed or
+	// uncompressed payload size is reported.
+	//
+	// Type: int
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 2738
+	MessagingMessagePayloadSizeBytesKey = attribute.Key("messaging.message.payload_size_bytes")
+
+	// MessagingMessagePayloadCompressedSizeBytesKey is the attribute Key
+	// conforming to the "messaging.message.payload_compressed_size_bytes"
+	// semantic conventions. It represents the compressed size of the message
+	// payload in bytes.
+	//
+	// Type: int
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 2048
+	MessagingMessagePayloadCompressedSizeBytesKey = attribute.Key("messaging.message.payload_compressed_size_bytes")
+)
+
+// MessagingMessageID returns an attribute KeyValue conforming to the
+// "messaging.message.id" semantic conventions. It represents a value used by
+// the messaging system as an identifier for the message, represented as a
+// string.
+func MessagingMessageID(val string) attribute.KeyValue {
+	return MessagingMessageIDKey.String(val)
+}
+
+// MessagingMessageConversationID returns an attribute KeyValue conforming
+// to the "messaging.message.conversation_id" semantic conventions. It
+// represents the [conversation ID](#conversations) identifying the
+// conversation to which the message belongs, represented as a string.
+// Sometimes called "Correlation ID".
+func MessagingMessageConversationID(val string) attribute.KeyValue {
+	return MessagingMessageConversationIDKey.String(val)
+}
+
+// MessagingMessagePayloadSizeBytes returns an attribute KeyValue conforming
+// to the "messaging.message.payload_size_bytes" semantic conventions. It
+// represents the (uncompressed) size of the message payload in bytes. Also use
+// this attribute if it is unknown whether the compressed or uncompressed
+// payload size is reported.
+func MessagingMessagePayloadSizeBytes(val int) attribute.KeyValue {
+	return MessagingMessagePayloadSizeBytesKey.Int(val)
+}
+
+// MessagingMessagePayloadCompressedSizeBytes returns an attribute KeyValue
+// conforming to the "messaging.message.payload_compressed_size_bytes" semantic
+// conventions. It represents the compressed size of the message payload in
+// bytes.
+func MessagingMessagePayloadCompressedSizeBytes(val int) attribute.KeyValue {
+	return MessagingMessagePayloadCompressedSizeBytesKey.Int(val)
+}
+
+// Semantic convention for attributes that describe messaging destination on
+// broker
+const (
+	// MessagingDestinationNameKey is the attribute Key conforming to the
+	// "messaging.destination.name" semantic conventions. It represents the
+	// message destination name
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'MyQueue', 'MyTopic'
+	// Note: Destination name SHOULD uniquely identify a specific queue, topic
+	// or other entity within the broker. If
+	// the broker does not have such notion, the destination name SHOULD
+	// uniquely identify the broker.
+	MessagingDestinationNameKey = attribute.Key("messaging.destination.name")
+
+	// MessagingDestinationTemplateKey is the attribute Key conforming to the
+	// "messaging.destination.template" semantic conventions. It represents the
+	// low cardinality representation of the messaging destination name
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: '/customers/{customerID}'
+	// Note: Destination names could be constructed from templates. An example
+	// would be a destination name involving a user name or product id.
+	// Although the destination name in this case is of high cardinality, the
+	// underlying template is of low cardinality and can be effectively used
+	// for grouping and aggregation.
+	MessagingDestinationTemplateKey = attribute.Key("messaging.destination.template")
+
+	// MessagingDestinationTemporaryKey is the attribute Key conforming to the
+	// "messaging.destination.temporary" semantic conventions. It represents a
+	// boolean that is true if the message destination is temporary and might
+	// not exist anymore after messages are processed.
+	//
+	// Type: boolean
+	// RequirementLevel: Optional
+	// Stability: stable
+	MessagingDestinationTemporaryKey = attribute.Key("messaging.destination.temporary")
+
+	// MessagingDestinationAnonymousKey is the attribute Key conforming to the
+	// "messaging.destination.anonymous" semantic conventions. It represents a
+	// boolean that is true if the message destination is anonymous (could be
+	// unnamed or have auto-generated name).
+	//
+	// Type: boolean
+	// RequirementLevel: Optional
+	// Stability: stable
+	MessagingDestinationAnonymousKey = attribute.Key("messaging.destination.anonymous")
+)
+
+// MessagingDestinationName returns an attribute KeyValue conforming to the
+// "messaging.destination.name" semantic conventions. It represents the message
+// destination name
+func MessagingDestinationName(val string) attribute.KeyValue {
+	return MessagingDestinationNameKey.String(val)
+}
+
+// MessagingDestinationTemplate returns an attribute KeyValue conforming to
+// the "messaging.destination.template" semantic conventions. It represents the
+// low cardinality representation of the messaging destination name
+func MessagingDestinationTemplate(val string) attribute.KeyValue {
+	return MessagingDestinationTemplateKey.String(val)
+}
+
+// MessagingDestinationTemporary returns an attribute KeyValue conforming to
+// the "messaging.destination.temporary" semantic conventions. It represents a
+// boolean that is true if the message destination is temporary and might not
+// exist anymore after messages are processed.
+func MessagingDestinationTemporary(val bool) attribute.KeyValue {
+	return MessagingDestinationTemporaryKey.Bool(val)
+}
+
+// MessagingDestinationAnonymous returns an attribute KeyValue conforming to
+// the "messaging.destination.anonymous" semantic conventions. It represents a
+// boolean that is true if the message destination is anonymous (could be
+// unnamed or have auto-generated name).
+func MessagingDestinationAnonymous(val bool) attribute.KeyValue {
+	return MessagingDestinationAnonymousKey.Bool(val)
+}
+
+// Attributes for RabbitMQ
+const (
+	// MessagingRabbitmqDestinationRoutingKeyKey is the attribute Key
+	// conforming to the "messaging.rabbitmq.destination.routing_key" semantic
+	// conventions. It represents the rabbitMQ message routing key.
+	//
+	// Type: string
+	// RequirementLevel: ConditionallyRequired (If not empty.)
+	// Stability: stable
+	// Examples: 'myKey'
+	MessagingRabbitmqDestinationRoutingKeyKey = attribute.Key("messaging.rabbitmq.destination.routing_key")
+)
+
+// MessagingRabbitmqDestinationRoutingKey returns an attribute KeyValue
+// conforming to the "messaging.rabbitmq.destination.routing_key" semantic
+// conventions. It represents the rabbitMQ message routing key.
+func MessagingRabbitmqDestinationRoutingKey(val string) attribute.KeyValue {
+	return MessagingRabbitmqDestinationRoutingKeyKey.String(val)
+}
+
+// Attributes for Apache Kafka
+const (
+	// MessagingKafkaMessageKeyKey is the attribute Key conforming to the
+	// "messaging.kafka.message.key" semantic conventions. It represents the
+	// message keys in Kafka are used for grouping alike messages to ensure
+	// they're processed on the same partition. They differ from
+	// `messaging.message.id` in that they're not unique. If the key is `null`,
+	// the attribute MUST NOT be set.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'myKey'
+	// Note: If the key type is not string, it's string representation has to
+	// be supplied for the attribute. If the key has no unambiguous, canonical
+	// string form, don't include its value.
+	MessagingKafkaMessageKeyKey = attribute.Key("messaging.kafka.message.key")
+
+	// MessagingKafkaConsumerGroupKey is the attribute Key conforming to the
+	// "messaging.kafka.consumer.group" semantic conventions. It represents the
+	// name of the Kafka Consumer Group that is handling the message. Only
+	// applies to consumers, not producers.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'my-group'
+	MessagingKafkaConsumerGroupKey = attribute.Key("messaging.kafka.consumer.group")
+
+	// MessagingKafkaDestinationPartitionKey is the attribute Key conforming to
+	// the "messaging.kafka.destination.partition" semantic conventions. It
+	// represents the partition the message is sent to.
+	//
+	// Type: int
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 2
+	MessagingKafkaDestinationPartitionKey = attribute.Key("messaging.kafka.destination.partition")
+
+	// MessagingKafkaMessageOffsetKey is the attribute Key conforming to the
+	// "messaging.kafka.message.offset" semantic conventions. It represents the
+	// offset of a record in the corresponding Kafka partition.
+	//
+	// Type: int
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 42
+	MessagingKafkaMessageOffsetKey = attribute.Key("messaging.kafka.message.offset")
+
+	// MessagingKafkaMessageTombstoneKey is the attribute Key conforming to the
+	// "messaging.kafka.message.tombstone" semantic conventions. It represents
+	// a boolean that is true if the message is a tombstone.
+	//
+	// Type: boolean
+	// RequirementLevel: ConditionallyRequired (If value is `true`. When
+	// missing, the value is assumed to be `false`.)
+	// Stability: stable
+	MessagingKafkaMessageTombstoneKey = attribute.Key("messaging.kafka.message.tombstone")
+)
+
+// MessagingKafkaMessageKey returns an attribute KeyValue conforming to the
+// "messaging.kafka.message.key" semantic conventions. It represents the
+// message keys in Kafka are used for grouping alike messages to ensure they're
+// processed on the same partition. They differ from `messaging.message.id` in
+// that they're not unique. If the key is `null`, the attribute MUST NOT be
+// set.
+func MessagingKafkaMessageKey(val string) attribute.KeyValue {
+	return MessagingKafkaMessageKeyKey.String(val)
+}
+
+// MessagingKafkaConsumerGroup returns an attribute KeyValue conforming to
+// the "messaging.kafka.consumer.group" semantic conventions. It represents the
+// name of the Kafka Consumer Group that is handling the message. Only applies
+// to consumers, not producers.
+func MessagingKafkaConsumerGroup(val string) attribute.KeyValue {
+	return MessagingKafkaConsumerGroupKey.String(val)
+}
+
+// MessagingKafkaDestinationPartition returns an attribute KeyValue
+// conforming to the "messaging.kafka.destination.partition" semantic
+// conventions. It represents the partition the message is sent to.
+func MessagingKafkaDestinationPartition(val int) attribute.KeyValue {
+	return MessagingKafkaDestinationPartitionKey.Int(val)
+}
+
+// MessagingKafkaMessageOffset returns an attribute KeyValue conforming to
+// the "messaging.kafka.message.offset" semantic conventions. It represents the
+// offset of a record in the corresponding Kafka partition.
+func MessagingKafkaMessageOffset(val int) attribute.KeyValue {
+	return MessagingKafkaMessageOffsetKey.Int(val)
+}
+
+// MessagingKafkaMessageTombstone returns an attribute KeyValue conforming
+// to the "messaging.kafka.message.tombstone" semantic conventions. It
+// represents a boolean that is true if the message is a tombstone.
+func MessagingKafkaMessageTombstone(val bool) attribute.KeyValue {
+	return MessagingKafkaMessageTombstoneKey.Bool(val)
+}
+
+// Attributes for Apache RocketMQ
+const (
+	// MessagingRocketmqNamespaceKey is the attribute Key conforming to the
+	// "messaging.rocketmq.namespace" semantic conventions. It represents the
+	// namespace of RocketMQ resources, resources in different namespaces are
+	// individual.
+	//
+	// Type: string
+	// RequirementLevel: Required
+	// Stability: stable
+	// Examples: 'myNamespace'
+	MessagingRocketmqNamespaceKey = attribute.Key("messaging.rocketmq.namespace")
+
+	// MessagingRocketmqClientGroupKey is the attribute Key conforming to the
+	// "messaging.rocketmq.client_group" semantic conventions. It represents
+	// the name of the RocketMQ producer/consumer group that is handling the
+	// message. The client type is identified by the SpanKind.
+	//
+	// Type: string
+	// RequirementLevel: Required
+	// Stability: stable
+	// Examples: 'myConsumerGroup'
+	MessagingRocketmqClientGroupKey = attribute.Key("messaging.rocketmq.client_group")
+
+	// MessagingRocketmqMessageDeliveryTimestampKey is the attribute Key
+	// conforming to the "messaging.rocketmq.message.delivery_timestamp"
+	// semantic conventions. It represents the timestamp in milliseconds that
+	// the delay message is expected to be delivered to consumer.
+	//
+	// Type: int
+	// RequirementLevel: ConditionallyRequired (If the message type is delay
+	// and delay time level is not specified.)
+	// Stability: stable
+	// Examples: 1665987217045
+	MessagingRocketmqMessageDeliveryTimestampKey = attribute.Key("messaging.rocketmq.message.delivery_timestamp")
+
+	// MessagingRocketmqMessageDelayTimeLevelKey is the attribute Key
+	// conforming to the "messaging.rocketmq.message.delay_time_level" semantic
+	// conventions. It represents the delay time level for delay message, which
+	// determines the message delay time.
+	//
+	// Type: int
+	// RequirementLevel: ConditionallyRequired (If the message type is delay
+	// and delivery timestamp is not specified.)
+	// Stability: stable
+	// Examples: 3
+	MessagingRocketmqMessageDelayTimeLevelKey = attribute.Key("messaging.rocketmq.message.delay_time_level")
+
+	// MessagingRocketmqMessageGroupKey is the attribute Key conforming to the
+	// "messaging.rocketmq.message.group" semantic conventions. It represents
+	// the it is essential for FIFO message. Messages that belong to the same
+	// message group are always processed one by one within the same consumer
+	// group.
+	//
+	// Type: string
+	// RequirementLevel: ConditionallyRequired (If the message type is FIFO.)
+	// Stability: stable
+	// Examples: 'myMessageGroup'
+	MessagingRocketmqMessageGroupKey = attribute.Key("messaging.rocketmq.message.group")
+
+	// MessagingRocketmqMessageTypeKey is the attribute Key conforming to the
+	// "messaging.rocketmq.message.type" semantic conventions. It represents
+	// the type of message.
+	//
+	// Type: Enum
+	// RequirementLevel: Optional
+	// Stability: stable
+	MessagingRocketmqMessageTypeKey = attribute.Key("messaging.rocketmq.message.type")
+
+	// MessagingRocketmqMessageTagKey is the attribute Key conforming to the
+	// "messaging.rocketmq.message.tag" semantic conventions. It represents the
+	// secondary classifier of message besides topic.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'tagA'
+	MessagingRocketmqMessageTagKey = attribute.Key("messaging.rocketmq.message.tag")
+
+	// MessagingRocketmqMessageKeysKey is the attribute Key conforming to the
+	// "messaging.rocketmq.message.keys" semantic conventions. It represents
+	// the key(s) of message, another way to mark message besides message id.
+	//
+	// Type: string[]
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'keyA', 'keyB'
+	MessagingRocketmqMessageKeysKey = attribute.Key("messaging.rocketmq.message.keys")
+
+	// MessagingRocketmqConsumptionModelKey is the attribute Key conforming to
+	// the "messaging.rocketmq.consumption_model" semantic conventions. It
+	// represents the model of message consumption. This only applies to
+	// consumer spans.
+	//
+	// Type: Enum
+	// RequirementLevel: Optional
+	// Stability: stable
+	MessagingRocketmqConsumptionModelKey = attribute.Key("messaging.rocketmq.consumption_model")
+)
+
+var (
+	// Normal message
+	MessagingRocketmqMessageTypeNormal = MessagingRocketmqMessageTypeKey.String("normal")
+	// FIFO message
+	MessagingRocketmqMessageTypeFifo = MessagingRocketmqMessageTypeKey.String("fifo")
+	// Delay message
+	MessagingRocketmqMessageTypeDelay = MessagingRocketmqMessageTypeKey.String("delay")
+	// Transaction message
+	MessagingRocketmqMessageTypeTransaction = MessagingRocketmqMessageTypeKey.String("transaction")
+)
+
+var (
+	// Clustering consumption model
+	MessagingRocketmqConsumptionModelClustering = MessagingRocketmqConsumptionModelKey.String("clustering")
+	// Broadcasting consumption model
+	MessagingRocketmqConsumptionModelBroadcasting = MessagingRocketmqConsumptionModelKey.String("broadcasting")
+)
+
+// MessagingRocketmqNamespace returns an attribute KeyValue conforming to
+// the "messaging.rocketmq.namespace" semantic conventions. It represents the
+// namespace of RocketMQ resources, resources in different namespaces are
+// individual.
+func MessagingRocketmqNamespace(val string) attribute.KeyValue {
+	return MessagingRocketmqNamespaceKey.String(val)
+}
+
+// MessagingRocketmqClientGroup returns an attribute KeyValue conforming to
+// the "messaging.rocketmq.client_group" semantic conventions. It represents
+// the name of the RocketMQ producer/consumer group that is handling the
+// message. The client type is identified by the SpanKind.
+func MessagingRocketmqClientGroup(val string) attribute.KeyValue {
+	return MessagingRocketmqClientGroupKey.String(val)
+}
+
+// MessagingRocketmqMessageDeliveryTimestamp returns an attribute KeyValue
+// conforming to the "messaging.rocketmq.message.delivery_timestamp" semantic
+// conventions. It represents the timestamp in milliseconds that the delay
+// message is expected to be delivered to consumer.
+func MessagingRocketmqMessageDeliveryTimestamp(val int) attribute.KeyValue {
+	return MessagingRocketmqMessageDeliveryTimestampKey.Int(val)
+}
+
+// MessagingRocketmqMessageDelayTimeLevel returns an attribute KeyValue
+// conforming to the "messaging.rocketmq.message.delay_time_level" semantic
+// conventions. It represents the delay time level for delay message, which
+// determines the message delay time.
+func MessagingRocketmqMessageDelayTimeLevel(val int) attribute.KeyValue {
+	return MessagingRocketmqMessageDelayTimeLevelKey.Int(val)
+}
+
+// MessagingRocketmqMessageGroup returns an attribute KeyValue conforming to
+// the "messaging.rocketmq.message.group" semantic conventions. It represents
+// the it is essential for FIFO message. Messages that belong to the same
+// message group are always processed one by one within the same consumer
+// group.
+func MessagingRocketmqMessageGroup(val string) attribute.KeyValue {
+	return MessagingRocketmqMessageGroupKey.String(val)
+}
+
+// MessagingRocketmqMessageTag returns an attribute KeyValue conforming to
+// the "messaging.rocketmq.message.tag" semantic conventions. It represents the
+// secondary classifier of message besides topic.
+func MessagingRocketmqMessageTag(val string) attribute.KeyValue {
+	return MessagingRocketmqMessageTagKey.String(val)
+}
+
+// MessagingRocketmqMessageKeys returns an attribute KeyValue conforming to
+// the "messaging.rocketmq.message.keys" semantic conventions. It represents
+// the key(s) of message, another way to mark message besides message id.
+func MessagingRocketmqMessageKeys(val ...string) attribute.KeyValue {
+	return MessagingRocketmqMessageKeysKey.StringSlice(val)
+}
+
+// Attributes describing URL.
+const (
+	// URLSchemeKey is the attribute Key conforming to the "url.scheme"
+	// semantic conventions. It represents the [URI
+	// scheme](https://www.rfc-editor.org/rfc/rfc3986#section-3.1) component
+	// identifying the used protocol.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'https', 'ftp', 'telnet'
+	URLSchemeKey = attribute.Key("url.scheme")
+
+	// URLFullKey is the attribute Key conforming to the "url.full" semantic
+	// conventions. It represents the absolute URL describing a network
+	// resource according to [RFC3986](https://www.rfc-editor.org/rfc/rfc3986)
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'https://www.foo.bar/search?q=OpenTelemetry#SemConv',
+	// '//localhost'
+	// Note: For network calls, URL usually has
+	// `scheme://host[:port][path][?query][#fragment]` format, where the
+	// fragment is not transmitted over HTTP, but if it is known, it should be
+	// included nevertheless.
+	// `url.full` MUST NOT contain credentials passed via URL in form of
+	// `https://username:password@www.example.com/`. In such case username and
+	// password should be redacted and attribute's value should be
+	// `https://REDACTED:REDACTED@www.example.com/`.
+	// `url.full` SHOULD capture the absolute URL when it is available (or can
+	// be reconstructed) and SHOULD NOT be validated or modified except for
+	// sanitizing purposes.
+	URLFullKey = attribute.Key("url.full")
+
+	// URLPathKey is the attribute Key conforming to the "url.path" semantic
+	// conventions. It represents the [URI
+	// path](https://www.rfc-editor.org/rfc/rfc3986#section-3.3) component
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: '/search'
+	// Note: When missing, the value is assumed to be `/`
+	URLPathKey = attribute.Key("url.path")
+
+	// URLQueryKey is the attribute Key conforming to the "url.query" semantic
+	// conventions. It represents the [URI
+	// query](https://www.rfc-editor.org/rfc/rfc3986#section-3.4) component
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'q=OpenTelemetry'
+	// Note: Sensitive content provided in query string SHOULD be scrubbed when
+	// instrumentations can identify it.
+	URLQueryKey = attribute.Key("url.query")
+
+	// URLFragmentKey is the attribute Key conforming to the "url.fragment"
+	// semantic conventions. It represents the [URI
+	// fragment](https://www.rfc-editor.org/rfc/rfc3986#section-3.5) component
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'SemConv'
+	URLFragmentKey = attribute.Key("url.fragment")
+)
+
+// URLScheme returns an attribute KeyValue conforming to the "url.scheme"
+// semantic conventions. It represents the [URI
+// scheme](https://www.rfc-editor.org/rfc/rfc3986#section-3.1) component
+// identifying the used protocol.
+func URLScheme(val string) attribute.KeyValue {
+	return URLSchemeKey.String(val)
+}
+
+// URLFull returns an attribute KeyValue conforming to the "url.full"
+// semantic conventions. It represents the absolute URL describing a network
+// resource according to [RFC3986](https://www.rfc-editor.org/rfc/rfc3986)
+func URLFull(val string) attribute.KeyValue {
+	return URLFullKey.String(val)
+}
+
+// URLPath returns an attribute KeyValue conforming to the "url.path"
+// semantic conventions. It represents the [URI
+// path](https://www.rfc-editor.org/rfc/rfc3986#section-3.3) component
+func URLPath(val string) attribute.KeyValue {
+	return URLPathKey.String(val)
+}
+
+// URLQuery returns an attribute KeyValue conforming to the "url.query"
+// semantic conventions. It represents the [URI
+// query](https://www.rfc-editor.org/rfc/rfc3986#section-3.4) component
+func URLQuery(val string) attribute.KeyValue {
+	return URLQueryKey.String(val)
+}
+
+// URLFragment returns an attribute KeyValue conforming to the
+// "url.fragment" semantic conventions. It represents the [URI
+// fragment](https://www.rfc-editor.org/rfc/rfc3986#section-3.5) component
+func URLFragment(val string) attribute.KeyValue {
+	return URLFragmentKey.String(val)
+}
+
+// Describes user-agent attributes.
+const (
+	// UserAgentOriginalKey is the attribute Key conforming to the
+	// "user_agent.original" semantic conventions. It represents the value of
+	// the [HTTP
+	// User-Agent](https://www.rfc-editor.org/rfc/rfc9110.html#field.user-agent)
+	// header sent by the client.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'CERN-LineMode/2.15 libwww/2.17b3'
+	UserAgentOriginalKey = attribute.Key("user_agent.original")
+)
+
+// UserAgentOriginal returns an attribute KeyValue conforming to the
+// "user_agent.original" semantic conventions. It represents the value of the
+// [HTTP
+// User-Agent](https://www.rfc-editor.org/rfc/rfc9110.html#field.user-agent)
+// header sent by the client.
+func UserAgentOriginal(val string) attribute.KeyValue {
+	return UserAgentOriginalKey.String(val)
+}
diff --git a/apis/vendor/go.opentelemetry.io/otel/semconv/v1.21.0/doc.go b/apis/vendor/go.opentelemetry.io/otel/semconv/v1.21.0/doc.go
new file mode 100644
index 000000000..7cf424855
--- /dev/null
+++ b/apis/vendor/go.opentelemetry.io/otel/semconv/v1.21.0/doc.go
@@ -0,0 +1,20 @@
+// Copyright The OpenTelemetry Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Package semconv implements OpenTelemetry semantic conventions.
+//
+// OpenTelemetry semantic conventions are agreed standardized naming
+// patterns for OpenTelemetry things. This package represents the conventions
+// as of the v1.21.0 version of the OpenTelemetry specification.
+package semconv // import "go.opentelemetry.io/otel/semconv/v1.21.0"
diff --git a/apis/vendor/go.opentelemetry.io/otel/semconv/v1.21.0/event.go b/apis/vendor/go.opentelemetry.io/otel/semconv/v1.21.0/event.go
new file mode 100644
index 000000000..30ae34fe4
--- /dev/null
+++ b/apis/vendor/go.opentelemetry.io/otel/semconv/v1.21.0/event.go
@@ -0,0 +1,199 @@
+// Copyright The OpenTelemetry Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Code generated from semantic convention specification. DO NOT EDIT.
+
+package semconv // import "go.opentelemetry.io/otel/semconv/v1.21.0"
+
+import "go.opentelemetry.io/otel/attribute"
+
+// This semantic convention defines the attributes used to represent a feature
+// flag evaluation as an event.
+const (
+	// FeatureFlagKeyKey is the attribute Key conforming to the
+	// "feature_flag.key" semantic conventions. It represents the unique
+	// identifier of the feature flag.
+	//
+	// Type: string
+	// RequirementLevel: Required
+	// Stability: stable
+	// Examples: 'logo-color'
+	FeatureFlagKeyKey = attribute.Key("feature_flag.key")
+
+	// FeatureFlagProviderNameKey is the attribute Key conforming to the
+	// "feature_flag.provider_name" semantic conventions. It represents the
+	// name of the service provider that performs the flag evaluation.
+	//
+	// Type: string
+	// RequirementLevel: Recommended
+	// Stability: stable
+	// Examples: 'Flag Manager'
+	FeatureFlagProviderNameKey = attribute.Key("feature_flag.provider_name")
+
+	// FeatureFlagVariantKey is the attribute Key conforming to the
+	// "feature_flag.variant" semantic conventions. It represents the sHOULD be
+	// a semantic identifier for a value. If one is unavailable, a stringified
+	// version of the value can be used.
+	//
+	// Type: string
+	// RequirementLevel: Recommended
+	// Stability: stable
+	// Examples: 'red', 'true', 'on'
+	// Note: A semantic identifier, commonly referred to as a variant, provides
+	// a means
+	// for referring to a value without including the value itself. This can
+	// provide additional context for understanding the meaning behind a value.
+	// For example, the variant `red` maybe be used for the value `#c05543`.
+	//
+	// A stringified version of the value can be used in situations where a
+	// semantic identifier is unavailable. String representation of the value
+	// should be determined by the implementer.
+	FeatureFlagVariantKey = attribute.Key("feature_flag.variant")
+)
+
+// FeatureFlagKey returns an attribute KeyValue conforming to the
+// "feature_flag.key" semantic conventions. It represents the unique identifier
+// of the feature flag.
+func FeatureFlagKey(val string) attribute.KeyValue {
+	return FeatureFlagKeyKey.String(val)
+}
+
+// FeatureFlagProviderName returns an attribute KeyValue conforming to the
+// "feature_flag.provider_name" semantic conventions. It represents the name of
+// the service provider that performs the flag evaluation.
+func FeatureFlagProviderName(val string) attribute.KeyValue {
+	return FeatureFlagProviderNameKey.String(val)
+}
+
+// FeatureFlagVariant returns an attribute KeyValue conforming to the
+// "feature_flag.variant" semantic conventions. It represents the sHOULD be a
+// semantic identifier for a value. If one is unavailable, a stringified
+// version of the value can be used.
+func FeatureFlagVariant(val string) attribute.KeyValue {
+	return FeatureFlagVariantKey.String(val)
+}
+
+// RPC received/sent message.
+const (
+	// MessageTypeKey is the attribute Key conforming to the "message.type"
+	// semantic conventions. It represents the whether this is a received or
+	// sent message.
+	//
+	// Type: Enum
+	// RequirementLevel: Optional
+	// Stability: stable
+	MessageTypeKey = attribute.Key("message.type")
+
+	// MessageIDKey is the attribute Key conforming to the "message.id"
+	// semantic conventions. It represents the mUST be calculated as two
+	// different counters starting from `1` one for sent messages and one for
+	// received message.
+	//
+	// Type: int
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Note: This way we guarantee that the values will be consistent between
+	// different implementations.
+	MessageIDKey = attribute.Key("message.id")
+
+	// MessageCompressedSizeKey is the attribute Key conforming to the
+	// "message.compressed_size" semantic conventions. It represents the
+	// compressed size of the message in bytes.
+	//
+	// Type: int
+	// RequirementLevel: Optional
+	// Stability: stable
+	MessageCompressedSizeKey = attribute.Key("message.compressed_size")
+
+	// MessageUncompressedSizeKey is the attribute Key conforming to the
+	// "message.uncompressed_size" semantic conventions. It represents the
+	// uncompressed size of the message in bytes.
+	//
+	// Type: int
+	// RequirementLevel: Optional
+	// Stability: stable
+	MessageUncompressedSizeKey = attribute.Key("message.uncompressed_size")
+)
+
+var (
+	// sent
+	MessageTypeSent = MessageTypeKey.String("SENT")
+	// received
+	MessageTypeReceived = MessageTypeKey.String("RECEIVED")
+)
+
+// MessageID returns an attribute KeyValue conforming to the "message.id"
+// semantic conventions. It represents the mUST be calculated as two different
+// counters starting from `1` one for sent messages and one for received
+// message.
+func MessageID(val int) attribute.KeyValue {
+	return MessageIDKey.Int(val)
+}
+
+// MessageCompressedSize returns an attribute KeyValue conforming to the
+// "message.compressed_size" semantic conventions. It represents the compressed
+// size of the message in bytes.
+func MessageCompressedSize(val int) attribute.KeyValue {
+	return MessageCompressedSizeKey.Int(val)
+}
+
+// MessageUncompressedSize returns an attribute KeyValue conforming to the
+// "message.uncompressed_size" semantic conventions. It represents the
+// uncompressed size of the message in bytes.
+func MessageUncompressedSize(val int) attribute.KeyValue {
+	return MessageUncompressedSizeKey.Int(val)
+}
+
+// The attributes used to report a single exception associated with a span.
+const (
+	// ExceptionEscapedKey is the attribute Key conforming to the
+	// "exception.escaped" semantic conventions. It represents the sHOULD be
+	// set to true if the exception event is recorded at a point where it is
+	// known that the exception is escaping the scope of the span.
+	//
+	// Type: boolean
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Note: An exception is considered to have escaped (or left) the scope of
+	// a span,
+	// if that span is ended while the exception is still logically "in
+	// flight".
+	// This may be actually "in flight" in some languages (e.g. if the
+	// exception
+	// is passed to a Context manager's `__exit__` method in Python) but will
+	// usually be caught at the point of recording the exception in most
+	// languages.
+	//
+	// It is usually not possible to determine at the point where an exception
+	// is thrown
+	// whether it will escape the scope of a span.
+	// However, it is trivial to know that an exception
+	// will escape, if one checks for an active exception just before ending
+	// the span,
+	// as done in the [example above](#recording-an-exception).
+	//
+	// It follows that an exception may still escape the scope of the span
+	// even if the `exception.escaped` attribute was not set or set to false,
+	// since the event might have been recorded at a time where it was not
+	// clear whether the exception will escape.
+	ExceptionEscapedKey = attribute.Key("exception.escaped")
+)
+
+// ExceptionEscaped returns an attribute KeyValue conforming to the
+// "exception.escaped" semantic conventions. It represents the sHOULD be set to
+// true if the exception event is recorded at a point where it is known that
+// the exception is escaping the scope of the span.
+func ExceptionEscaped(val bool) attribute.KeyValue {
+	return ExceptionEscapedKey.Bool(val)
+}
diff --git a/apis/vendor/go.opentelemetry.io/otel/metric/unit/unit.go b/apis/vendor/go.opentelemetry.io/otel/semconv/v1.21.0/exception.go
similarity index 70%
rename from apis/vendor/go.opentelemetry.io/otel/metric/unit/unit.go
rename to apis/vendor/go.opentelemetry.io/otel/semconv/v1.21.0/exception.go
index 647d77302..93d3c1760 100644
--- a/apis/vendor/go.opentelemetry.io/otel/metric/unit/unit.go
+++ b/apis/vendor/go.opentelemetry.io/otel/semconv/v1.21.0/exception.go
@@ -12,14 +12,9 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-package unit // import "go.opentelemetry.io/otel/metric/unit"
+package semconv // import "go.opentelemetry.io/otel/semconv/v1.21.0"
 
-// Unit is a determinate standard quantity of measurement.
-type Unit string
-
-// Units defined by OpenTelemetry.
 const (
-	Dimensionless Unit = "1"
-	Bytes         Unit = "By"
-	Milliseconds  Unit = "ms"
+	// ExceptionEventName is the name of the Span event representing an exception.
+	ExceptionEventName = "exception"
 )
diff --git a/apis/vendor/go.opentelemetry.io/otel/semconv/v1.21.0/resource.go b/apis/vendor/go.opentelemetry.io/otel/semconv/v1.21.0/resource.go
new file mode 100644
index 000000000..b6d8935cf
--- /dev/null
+++ b/apis/vendor/go.opentelemetry.io/otel/semconv/v1.21.0/resource.go
@@ -0,0 +1,2310 @@
+// Copyright The OpenTelemetry Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Code generated from semantic convention specification. DO NOT EDIT.
+
+package semconv // import "go.opentelemetry.io/otel/semconv/v1.21.0"
+
+import "go.opentelemetry.io/otel/attribute"
+
+// The web browser in which the application represented by the resource is
+// running. The `browser.*` attributes MUST be used only for resources that
+// represent applications running in a web browser (regardless of whether
+// running on a mobile or desktop device).
+const (
+	// BrowserBrandsKey is the attribute Key conforming to the "browser.brands"
+	// semantic conventions. It represents the array of brand name and version
+	// separated by a space
+	//
+	// Type: string[]
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: ' Not A;Brand 99', 'Chromium 99', 'Chrome 99'
+	// Note: This value is intended to be taken from the [UA client hints
+	// API](https://wicg.github.io/ua-client-hints/#interface)
+	// (`navigator.userAgentData.brands`).
+	BrowserBrandsKey = attribute.Key("browser.brands")
+
+	// BrowserPlatformKey is the attribute Key conforming to the
+	// "browser.platform" semantic conventions. It represents the platform on
+	// which the browser is running
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'Windows', 'macOS', 'Android'
+	// Note: This value is intended to be taken from the [UA client hints
+	// API](https://wicg.github.io/ua-client-hints/#interface)
+	// (`navigator.userAgentData.platform`). If unavailable, the legacy
+	// `navigator.platform` API SHOULD NOT be used instead and this attribute
+	// SHOULD be left unset in order for the values to be consistent.
+	// The list of possible values is defined in the [W3C User-Agent Client
+	// Hints
+	// specification](https://wicg.github.io/ua-client-hints/#sec-ch-ua-platform).
+	// Note that some (but not all) of these values can overlap with values in
+	// the [`os.type` and `os.name` attributes](./os.md). However, for
+	// consistency, the values in the `browser.platform` attribute should
+	// capture the exact value that the user agent provides.
+	BrowserPlatformKey = attribute.Key("browser.platform")
+
+	// BrowserMobileKey is the attribute Key conforming to the "browser.mobile"
+	// semantic conventions. It represents a boolean that is true if the
+	// browser is running on a mobile device
+	//
+	// Type: boolean
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Note: This value is intended to be taken from the [UA client hints
+	// API](https://wicg.github.io/ua-client-hints/#interface)
+	// (`navigator.userAgentData.mobile`). If unavailable, this attribute
+	// SHOULD be left unset.
+	BrowserMobileKey = attribute.Key("browser.mobile")
+
+	// BrowserLanguageKey is the attribute Key conforming to the
+	// "browser.language" semantic conventions. It represents the preferred
+	// language of the user using the browser
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'en', 'en-US', 'fr', 'fr-FR'
+	// Note: This value is intended to be taken from the Navigator API
+	// `navigator.language`.
+	BrowserLanguageKey = attribute.Key("browser.language")
+)
+
+// BrowserBrands returns an attribute KeyValue conforming to the
+// "browser.brands" semantic conventions. It represents the array of brand name
+// and version separated by a space
+func BrowserBrands(val ...string) attribute.KeyValue {
+	return BrowserBrandsKey.StringSlice(val)
+}
+
+// BrowserPlatform returns an attribute KeyValue conforming to the
+// "browser.platform" semantic conventions. It represents the platform on which
+// the browser is running
+func BrowserPlatform(val string) attribute.KeyValue {
+	return BrowserPlatformKey.String(val)
+}
+
+// BrowserMobile returns an attribute KeyValue conforming to the
+// "browser.mobile" semantic conventions. It represents a boolean that is true
+// if the browser is running on a mobile device
+func BrowserMobile(val bool) attribute.KeyValue {
+	return BrowserMobileKey.Bool(val)
+}
+
+// BrowserLanguage returns an attribute KeyValue conforming to the
+// "browser.language" semantic conventions. It represents the preferred
+// language of the user using the browser
+func BrowserLanguage(val string) attribute.KeyValue {
+	return BrowserLanguageKey.String(val)
+}
+
+// A cloud environment (e.g. GCP, Azure, AWS)
+const (
+	// CloudProviderKey is the attribute Key conforming to the "cloud.provider"
+	// semantic conventions. It represents the name of the cloud provider.
+	//
+	// Type: Enum
+	// RequirementLevel: Optional
+	// Stability: stable
+	CloudProviderKey = attribute.Key("cloud.provider")
+
+	// CloudAccountIDKey is the attribute Key conforming to the
+	// "cloud.account.id" semantic conventions. It represents the cloud account
+	// ID the resource is assigned to.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: '111111111111', 'opentelemetry'
+	CloudAccountIDKey = attribute.Key("cloud.account.id")
+
+	// CloudRegionKey is the attribute Key conforming to the "cloud.region"
+	// semantic conventions. It represents the geographical region the resource
+	// is running.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'us-central1', 'us-east-1'
+	// Note: Refer to your provider's docs to see the available regions, for
+	// example [Alibaba Cloud
+	// regions](https://www.alibabacloud.com/help/doc-detail/40654.htm), [AWS
+	// regions](https://aws.amazon.com/about-aws/global-infrastructure/regions_az/),
+	// [Azure
+	// regions](https://azure.microsoft.com/en-us/global-infrastructure/geographies/),
+	// [Google Cloud regions](https://cloud.google.com/about/locations), or
+	// [Tencent Cloud
+	// regions](https://www.tencentcloud.com/document/product/213/6091).
+	CloudRegionKey = attribute.Key("cloud.region")
+
+	// CloudResourceIDKey is the attribute Key conforming to the
+	// "cloud.resource_id" semantic conventions. It represents the cloud
+	// provider-specific native identifier of the monitored cloud resource
+	// (e.g. an
+	// [ARN](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+	// on AWS, a [fully qualified resource
+	// ID](https://learn.microsoft.com/en-us/rest/api/resources/resources/get-by-id)
+	// on Azure, a [full resource
+	// name](https://cloud.google.com/apis/design/resource_names#full_resource_name)
+	// on GCP)
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'arn:aws:lambda:REGION:ACCOUNT_ID:function:my-function',
+	// '//run.googleapis.com/projects/PROJECT_ID/locations/LOCATION_ID/services/SERVICE_ID',
+	// '/subscriptions/<SUBSCIPTION_GUID>/resourceGroups/<RG>/providers/Microsoft.Web/sites/<FUNCAPP>/functions/<FUNC>'
+	// Note: On some cloud providers, it may not be possible to determine the
+	// full ID at startup,
+	// so it may be necessary to set `cloud.resource_id` as a span attribute
+	// instead.
+	//
+	// The exact value to use for `cloud.resource_id` depends on the cloud
+	// provider.
+	// The following well-known definitions MUST be used if you set this
+	// attribute and they apply:
+	//
+	// * **AWS Lambda:** The function
+	// [ARN](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html).
+	//   Take care not to use the "invoked ARN" directly but replace any
+	//   [alias
+	// suffix](https://docs.aws.amazon.com/lambda/latest/dg/configuration-aliases.html)
+	//   with the resolved function version, as the same runtime instance may
+	// be invokable with
+	//   multiple different aliases.
+	// * **GCP:** The [URI of the
+	// resource](https://cloud.google.com/iam/docs/full-resource-names)
+	// * **Azure:** The [Fully Qualified Resource
+	// ID](https://docs.microsoft.com/en-us/rest/api/resources/resources/get-by-id)
+	// of the invoked function,
+	//   *not* the function app, having the form
+	// `/subscriptions/<SUBSCIPTION_GUID>/resourceGroups/<RG>/providers/Microsoft.Web/sites/<FUNCAPP>/functions/<FUNC>`.
+	//   This means that a span attribute MUST be used, as an Azure function
+	// app can host multiple functions that would usually share
+	//   a TracerProvider.
+	CloudResourceIDKey = attribute.Key("cloud.resource_id")
+
+	// CloudAvailabilityZoneKey is the attribute Key conforming to the
+	// "cloud.availability_zone" semantic conventions. It represents the cloud
+	// regions often have multiple, isolated locations known as zones to
+	// increase availability. Availability zone represents the zone where the
+	// resource is running.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'us-east-1c'
+	// Note: Availability zones are called "zones" on Alibaba Cloud and Google
+	// Cloud.
+	CloudAvailabilityZoneKey = attribute.Key("cloud.availability_zone")
+
+	// CloudPlatformKey is the attribute Key conforming to the "cloud.platform"
+	// semantic conventions. It represents the cloud platform in use.
+	//
+	// Type: Enum
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Note: The prefix of the service SHOULD match the one specified in
+	// `cloud.provider`.
+	CloudPlatformKey = attribute.Key("cloud.platform")
+)
+
+var (
+	// Alibaba Cloud
+	CloudProviderAlibabaCloud = CloudProviderKey.String("alibaba_cloud")
+	// Amazon Web Services
+	CloudProviderAWS = CloudProviderKey.String("aws")
+	// Microsoft Azure
+	CloudProviderAzure = CloudProviderKey.String("azure")
+	// Google Cloud Platform
+	CloudProviderGCP = CloudProviderKey.String("gcp")
+	// Heroku Platform as a Service
+	CloudProviderHeroku = CloudProviderKey.String("heroku")
+	// IBM Cloud
+	CloudProviderIbmCloud = CloudProviderKey.String("ibm_cloud")
+	// Tencent Cloud
+	CloudProviderTencentCloud = CloudProviderKey.String("tencent_cloud")
+)
+
+var (
+	// Alibaba Cloud Elastic Compute Service
+	CloudPlatformAlibabaCloudECS = CloudPlatformKey.String("alibaba_cloud_ecs")
+	// Alibaba Cloud Function Compute
+	CloudPlatformAlibabaCloudFc = CloudPlatformKey.String("alibaba_cloud_fc")
+	// Red Hat OpenShift on Alibaba Cloud
+	CloudPlatformAlibabaCloudOpenshift = CloudPlatformKey.String("alibaba_cloud_openshift")
+	// AWS Elastic Compute Cloud
+	CloudPlatformAWSEC2 = CloudPlatformKey.String("aws_ec2")
+	// AWS Elastic Container Service
+	CloudPlatformAWSECS = CloudPlatformKey.String("aws_ecs")
+	// AWS Elastic Kubernetes Service
+	CloudPlatformAWSEKS = CloudPlatformKey.String("aws_eks")
+	// AWS Lambda
+	CloudPlatformAWSLambda = CloudPlatformKey.String("aws_lambda")
+	// AWS Elastic Beanstalk
+	CloudPlatformAWSElasticBeanstalk = CloudPlatformKey.String("aws_elastic_beanstalk")
+	// AWS App Runner
+	CloudPlatformAWSAppRunner = CloudPlatformKey.String("aws_app_runner")
+	// Red Hat OpenShift on AWS (ROSA)
+	CloudPlatformAWSOpenshift = CloudPlatformKey.String("aws_openshift")
+	// Azure Virtual Machines
+	CloudPlatformAzureVM = CloudPlatformKey.String("azure_vm")
+	// Azure Container Instances
+	CloudPlatformAzureContainerInstances = CloudPlatformKey.String("azure_container_instances")
+	// Azure Kubernetes Service
+	CloudPlatformAzureAKS = CloudPlatformKey.String("azure_aks")
+	// Azure Functions
+	CloudPlatformAzureFunctions = CloudPlatformKey.String("azure_functions")
+	// Azure App Service
+	CloudPlatformAzureAppService = CloudPlatformKey.String("azure_app_service")
+	// Azure Red Hat OpenShift
+	CloudPlatformAzureOpenshift = CloudPlatformKey.String("azure_openshift")
+	// Google Bare Metal Solution (BMS)
+	CloudPlatformGCPBareMetalSolution = CloudPlatformKey.String("gcp_bare_metal_solution")
+	// Google Cloud Compute Engine (GCE)
+	CloudPlatformGCPComputeEngine = CloudPlatformKey.String("gcp_compute_engine")
+	// Google Cloud Run
+	CloudPlatformGCPCloudRun = CloudPlatformKey.String("gcp_cloud_run")
+	// Google Cloud Kubernetes Engine (GKE)
+	CloudPlatformGCPKubernetesEngine = CloudPlatformKey.String("gcp_kubernetes_engine")
+	// Google Cloud Functions (GCF)
+	CloudPlatformGCPCloudFunctions = CloudPlatformKey.String("gcp_cloud_functions")
+	// Google Cloud App Engine (GAE)
+	CloudPlatformGCPAppEngine = CloudPlatformKey.String("gcp_app_engine")
+	// Red Hat OpenShift on Google Cloud
+	CloudPlatformGCPOpenshift = CloudPlatformKey.String("gcp_openshift")
+	// Red Hat OpenShift on IBM Cloud
+	CloudPlatformIbmCloudOpenshift = CloudPlatformKey.String("ibm_cloud_openshift")
+	// Tencent Cloud Cloud Virtual Machine (CVM)
+	CloudPlatformTencentCloudCvm = CloudPlatformKey.String("tencent_cloud_cvm")
+	// Tencent Cloud Elastic Kubernetes Service (EKS)
+	CloudPlatformTencentCloudEKS = CloudPlatformKey.String("tencent_cloud_eks")
+	// Tencent Cloud Serverless Cloud Function (SCF)
+	CloudPlatformTencentCloudScf = CloudPlatformKey.String("tencent_cloud_scf")
+)
+
+// CloudAccountID returns an attribute KeyValue conforming to the
+// "cloud.account.id" semantic conventions. It represents the cloud account ID
+// the resource is assigned to.
+func CloudAccountID(val string) attribute.KeyValue {
+	return CloudAccountIDKey.String(val)
+}
+
+// CloudRegion returns an attribute KeyValue conforming to the
+// "cloud.region" semantic conventions. It represents the geographical region
+// the resource is running.
+func CloudRegion(val string) attribute.KeyValue {
+	return CloudRegionKey.String(val)
+}
+
+// CloudResourceID returns an attribute KeyValue conforming to the
+// "cloud.resource_id" semantic conventions. It represents the cloud
+// provider-specific native identifier of the monitored cloud resource (e.g. an
+// [ARN](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+// on AWS, a [fully qualified resource
+// ID](https://learn.microsoft.com/en-us/rest/api/resources/resources/get-by-id)
+// on Azure, a [full resource
+// name](https://cloud.google.com/apis/design/resource_names#full_resource_name)
+// on GCP)
+func CloudResourceID(val string) attribute.KeyValue {
+	return CloudResourceIDKey.String(val)
+}
+
+// CloudAvailabilityZone returns an attribute KeyValue conforming to the
+// "cloud.availability_zone" semantic conventions. It represents the cloud
+// regions often have multiple, isolated locations known as zones to increase
+// availability. Availability zone represents the zone where the resource is
+// running.
+func CloudAvailabilityZone(val string) attribute.KeyValue {
+	return CloudAvailabilityZoneKey.String(val)
+}
+
+// Resources used by AWS Elastic Container Service (ECS).
+const (
+	// AWSECSContainerARNKey is the attribute Key conforming to the
+	// "aws.ecs.container.arn" semantic conventions. It represents the Amazon
+	// Resource Name (ARN) of an [ECS container
+	// instance](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ECS_instances.html).
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples:
+	// 'arn:aws:ecs:us-west-1:123456789123:container/32624152-9086-4f0e-acae-1a75b14fe4d9'
+	AWSECSContainerARNKey = attribute.Key("aws.ecs.container.arn")
+
+	// AWSECSClusterARNKey is the attribute Key conforming to the
+	// "aws.ecs.cluster.arn" semantic conventions. It represents the ARN of an
+	// [ECS
+	// cluster](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/clusters.html).
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'arn:aws:ecs:us-west-2:123456789123:cluster/my-cluster'
+	AWSECSClusterARNKey = attribute.Key("aws.ecs.cluster.arn")
+
+	// AWSECSLaunchtypeKey is the attribute Key conforming to the
+	// "aws.ecs.launchtype" semantic conventions. It represents the [launch
+	// type](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/launch_types.html)
+	// for an ECS task.
+	//
+	// Type: Enum
+	// RequirementLevel: Optional
+	// Stability: stable
+	AWSECSLaunchtypeKey = attribute.Key("aws.ecs.launchtype")
+
+	// AWSECSTaskARNKey is the attribute Key conforming to the
+	// "aws.ecs.task.arn" semantic conventions. It represents the ARN of an
+	// [ECS task
+	// definition](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definitions.html).
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples:
+	// 'arn:aws:ecs:us-west-1:123456789123:task/10838bed-421f-43ef-870a-f43feacbbb5b'
+	AWSECSTaskARNKey = attribute.Key("aws.ecs.task.arn")
+
+	// AWSECSTaskFamilyKey is the attribute Key conforming to the
+	// "aws.ecs.task.family" semantic conventions. It represents the task
+	// definition family this task definition is a member of.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'opentelemetry-family'
+	AWSECSTaskFamilyKey = attribute.Key("aws.ecs.task.family")
+
+	// AWSECSTaskRevisionKey is the attribute Key conforming to the
+	// "aws.ecs.task.revision" semantic conventions. It represents the revision
+	// for this task definition.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: '8', '26'
+	AWSECSTaskRevisionKey = attribute.Key("aws.ecs.task.revision")
+)
+
+var (
+	// ec2
+	AWSECSLaunchtypeEC2 = AWSECSLaunchtypeKey.String("ec2")
+	// fargate
+	AWSECSLaunchtypeFargate = AWSECSLaunchtypeKey.String("fargate")
+)
+
+// AWSECSContainerARN returns an attribute KeyValue conforming to the
+// "aws.ecs.container.arn" semantic conventions. It represents the Amazon
+// Resource Name (ARN) of an [ECS container
+// instance](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ECS_instances.html).
+func AWSECSContainerARN(val string) attribute.KeyValue {
+	return AWSECSContainerARNKey.String(val)
+}
+
+// AWSECSClusterARN returns an attribute KeyValue conforming to the
+// "aws.ecs.cluster.arn" semantic conventions. It represents the ARN of an [ECS
+// cluster](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/clusters.html).
+func AWSECSClusterARN(val string) attribute.KeyValue {
+	return AWSECSClusterARNKey.String(val)
+}
+
+// AWSECSTaskARN returns an attribute KeyValue conforming to the
+// "aws.ecs.task.arn" semantic conventions. It represents the ARN of an [ECS
+// task
+// definition](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definitions.html).
+func AWSECSTaskARN(val string) attribute.KeyValue {
+	return AWSECSTaskARNKey.String(val)
+}
+
+// AWSECSTaskFamily returns an attribute KeyValue conforming to the
+// "aws.ecs.task.family" semantic conventions. It represents the task
+// definition family this task definition is a member of.
+func AWSECSTaskFamily(val string) attribute.KeyValue {
+	return AWSECSTaskFamilyKey.String(val)
+}
+
+// AWSECSTaskRevision returns an attribute KeyValue conforming to the
+// "aws.ecs.task.revision" semantic conventions. It represents the revision for
+// this task definition.
+func AWSECSTaskRevision(val string) attribute.KeyValue {
+	return AWSECSTaskRevisionKey.String(val)
+}
+
+// Resources used by AWS Elastic Kubernetes Service (EKS).
+const (
+	// AWSEKSClusterARNKey is the attribute Key conforming to the
+	// "aws.eks.cluster.arn" semantic conventions. It represents the ARN of an
+	// EKS cluster.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'arn:aws:ecs:us-west-2:123456789123:cluster/my-cluster'
+	AWSEKSClusterARNKey = attribute.Key("aws.eks.cluster.arn")
+)
+
+// AWSEKSClusterARN returns an attribute KeyValue conforming to the
+// "aws.eks.cluster.arn" semantic conventions. It represents the ARN of an EKS
+// cluster.
+func AWSEKSClusterARN(val string) attribute.KeyValue {
+	return AWSEKSClusterARNKey.String(val)
+}
+
+// Resources specific to Amazon Web Services.
+const (
+	// AWSLogGroupNamesKey is the attribute Key conforming to the
+	// "aws.log.group.names" semantic conventions. It represents the name(s) of
+	// the AWS log group(s) an application is writing to.
+	//
+	// Type: string[]
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: '/aws/lambda/my-function', 'opentelemetry-service'
+	// Note: Multiple log groups must be supported for cases like
+	// multi-container applications, where a single application has sidecar
+	// containers, and each write to their own log group.
+	AWSLogGroupNamesKey = attribute.Key("aws.log.group.names")
+
+	// AWSLogGroupARNsKey is the attribute Key conforming to the
+	// "aws.log.group.arns" semantic conventions. It represents the Amazon
+	// Resource Name(s) (ARN) of the AWS log group(s).
+	//
+	// Type: string[]
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples:
+	// 'arn:aws:logs:us-west-1:123456789012:log-group:/aws/my/group:*'
+	// Note: See the [log group ARN format
+	// documentation](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/iam-access-control-overview-cwl.html#CWL_ARN_Format).
+	AWSLogGroupARNsKey = attribute.Key("aws.log.group.arns")
+
+	// AWSLogStreamNamesKey is the attribute Key conforming to the
+	// "aws.log.stream.names" semantic conventions. It represents the name(s)
+	// of the AWS log stream(s) an application is writing to.
+	//
+	// Type: string[]
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'logs/main/10838bed-421f-43ef-870a-f43feacbbb5b'
+	AWSLogStreamNamesKey = attribute.Key("aws.log.stream.names")
+
+	// AWSLogStreamARNsKey is the attribute Key conforming to the
+	// "aws.log.stream.arns" semantic conventions. It represents the ARN(s) of
+	// the AWS log stream(s).
+	//
+	// Type: string[]
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples:
+	// 'arn:aws:logs:us-west-1:123456789012:log-group:/aws/my/group:log-stream:logs/main/10838bed-421f-43ef-870a-f43feacbbb5b'
+	// Note: See the [log stream ARN format
+	// documentation](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/iam-access-control-overview-cwl.html#CWL_ARN_Format).
+	// One log group can contain several log streams, so these ARNs necessarily
+	// identify both a log group and a log stream.
+	AWSLogStreamARNsKey = attribute.Key("aws.log.stream.arns")
+)
+
+// AWSLogGroupNames returns an attribute KeyValue conforming to the
+// "aws.log.group.names" semantic conventions. It represents the name(s) of the
+// AWS log group(s) an application is writing to.
+func AWSLogGroupNames(val ...string) attribute.KeyValue {
+	return AWSLogGroupNamesKey.StringSlice(val)
+}
+
+// AWSLogGroupARNs returns an attribute KeyValue conforming to the
+// "aws.log.group.arns" semantic conventions. It represents the Amazon Resource
+// Name(s) (ARN) of the AWS log group(s).
+func AWSLogGroupARNs(val ...string) attribute.KeyValue {
+	return AWSLogGroupARNsKey.StringSlice(val)
+}
+
+// AWSLogStreamNames returns an attribute KeyValue conforming to the
+// "aws.log.stream.names" semantic conventions. It represents the name(s) of
+// the AWS log stream(s) an application is writing to.
+func AWSLogStreamNames(val ...string) attribute.KeyValue {
+	return AWSLogStreamNamesKey.StringSlice(val)
+}
+
+// AWSLogStreamARNs returns an attribute KeyValue conforming to the
+// "aws.log.stream.arns" semantic conventions. It represents the ARN(s) of the
+// AWS log stream(s).
+func AWSLogStreamARNs(val ...string) attribute.KeyValue {
+	return AWSLogStreamARNsKey.StringSlice(val)
+}
+
+// Resource used by Google Cloud Run.
+const (
+	// GCPCloudRunJobExecutionKey is the attribute Key conforming to the
+	// "gcp.cloud_run.job.execution" semantic conventions. It represents the
+	// name of the Cloud Run
+	// [execution](https://cloud.google.com/run/docs/managing/job-executions)
+	// being run for the Job, as set by the
+	// [`CLOUD_RUN_EXECUTION`](https://cloud.google.com/run/docs/container-contract#jobs-env-vars)
+	// environment variable.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'job-name-xxxx', 'sample-job-mdw84'
+	GCPCloudRunJobExecutionKey = attribute.Key("gcp.cloud_run.job.execution")
+
+	// GCPCloudRunJobTaskIndexKey is the attribute Key conforming to the
+	// "gcp.cloud_run.job.task_index" semantic conventions. It represents the
+	// index for a task within an execution as provided by the
+	// [`CLOUD_RUN_TASK_INDEX`](https://cloud.google.com/run/docs/container-contract#jobs-env-vars)
+	// environment variable.
+	//
+	// Type: int
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 0, 1
+	GCPCloudRunJobTaskIndexKey = attribute.Key("gcp.cloud_run.job.task_index")
+)
+
+// GCPCloudRunJobExecution returns an attribute KeyValue conforming to the
+// "gcp.cloud_run.job.execution" semantic conventions. It represents the name
+// of the Cloud Run
+// [execution](https://cloud.google.com/run/docs/managing/job-executions) being
+// run for the Job, as set by the
+// [`CLOUD_RUN_EXECUTION`](https://cloud.google.com/run/docs/container-contract#jobs-env-vars)
+// environment variable.
+func GCPCloudRunJobExecution(val string) attribute.KeyValue {
+	return GCPCloudRunJobExecutionKey.String(val)
+}
+
+// GCPCloudRunJobTaskIndex returns an attribute KeyValue conforming to the
+// "gcp.cloud_run.job.task_index" semantic conventions. It represents the index
+// for a task within an execution as provided by the
+// [`CLOUD_RUN_TASK_INDEX`](https://cloud.google.com/run/docs/container-contract#jobs-env-vars)
+// environment variable.
+func GCPCloudRunJobTaskIndex(val int) attribute.KeyValue {
+	return GCPCloudRunJobTaskIndexKey.Int(val)
+}
+
+// Resources used by Google Compute Engine (GCE).
+const (
+	// GCPGceInstanceNameKey is the attribute Key conforming to the
+	// "gcp.gce.instance.name" semantic conventions. It represents the instance
+	// name of a GCE instance. This is the value provided by `host.name`, the
+	// visible name of the instance in the Cloud Console UI, and the prefix for
+	// the default hostname of the instance as defined by the [default internal
+	// DNS
+	// name](https://cloud.google.com/compute/docs/internal-dns#instance-fully-qualified-domain-names).
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'instance-1', 'my-vm-name'
+	GCPGceInstanceNameKey = attribute.Key("gcp.gce.instance.name")
+
+	// GCPGceInstanceHostnameKey is the attribute Key conforming to the
+	// "gcp.gce.instance.hostname" semantic conventions. It represents the
+	// hostname of a GCE instance. This is the full value of the default or
+	// [custom
+	// hostname](https://cloud.google.com/compute/docs/instances/custom-hostname-vm).
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'my-host1234.example.com',
+	// 'sample-vm.us-west1-b.c.my-project.internal'
+	GCPGceInstanceHostnameKey = attribute.Key("gcp.gce.instance.hostname")
+)
+
+// GCPGceInstanceName returns an attribute KeyValue conforming to the
+// "gcp.gce.instance.name" semantic conventions. It represents the instance
+// name of a GCE instance. This is the value provided by `host.name`, the
+// visible name of the instance in the Cloud Console UI, and the prefix for the
+// default hostname of the instance as defined by the [default internal DNS
+// name](https://cloud.google.com/compute/docs/internal-dns#instance-fully-qualified-domain-names).
+func GCPGceInstanceName(val string) attribute.KeyValue {
+	return GCPGceInstanceNameKey.String(val)
+}
+
+// GCPGceInstanceHostname returns an attribute KeyValue conforming to the
+// "gcp.gce.instance.hostname" semantic conventions. It represents the hostname
+// of a GCE instance. This is the full value of the default or [custom
+// hostname](https://cloud.google.com/compute/docs/instances/custom-hostname-vm).
+func GCPGceInstanceHostname(val string) attribute.KeyValue {
+	return GCPGceInstanceHostnameKey.String(val)
+}
+
+// Heroku dyno metadata
+const (
+	// HerokuReleaseCreationTimestampKey is the attribute Key conforming to the
+	// "heroku.release.creation_timestamp" semantic conventions. It represents
+	// the time and date the release was created
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: '2022-10-23T18:00:42Z'
+	HerokuReleaseCreationTimestampKey = attribute.Key("heroku.release.creation_timestamp")
+
+	// HerokuReleaseCommitKey is the attribute Key conforming to the
+	// "heroku.release.commit" semantic conventions. It represents the commit
+	// hash for the current release
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'e6134959463efd8966b20e75b913cafe3f5ec'
+	HerokuReleaseCommitKey = attribute.Key("heroku.release.commit")
+
+	// HerokuAppIDKey is the attribute Key conforming to the "heroku.app.id"
+	// semantic conventions. It represents the unique identifier for the
+	// application
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: '2daa2797-e42b-4624-9322-ec3f968df4da'
+	HerokuAppIDKey = attribute.Key("heroku.app.id")
+)
+
+// HerokuReleaseCreationTimestamp returns an attribute KeyValue conforming
+// to the "heroku.release.creation_timestamp" semantic conventions. It
+// represents the time and date the release was created
+func HerokuReleaseCreationTimestamp(val string) attribute.KeyValue {
+	return HerokuReleaseCreationTimestampKey.String(val)
+}
+
+// HerokuReleaseCommit returns an attribute KeyValue conforming to the
+// "heroku.release.commit" semantic conventions. It represents the commit hash
+// for the current release
+func HerokuReleaseCommit(val string) attribute.KeyValue {
+	return HerokuReleaseCommitKey.String(val)
+}
+
+// HerokuAppID returns an attribute KeyValue conforming to the
+// "heroku.app.id" semantic conventions. It represents the unique identifier
+// for the application
+func HerokuAppID(val string) attribute.KeyValue {
+	return HerokuAppIDKey.String(val)
+}
+
+// A container instance.
+const (
+	// ContainerNameKey is the attribute Key conforming to the "container.name"
+	// semantic conventions. It represents the container name used by container
+	// runtime.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'opentelemetry-autoconf'
+	ContainerNameKey = attribute.Key("container.name")
+
+	// ContainerIDKey is the attribute Key conforming to the "container.id"
+	// semantic conventions. It represents the container ID. Usually a UUID, as
+	// for example used to [identify Docker
+	// containers](https://docs.docker.com/engine/reference/run/#container-identification).
+	// The UUID might be abbreviated.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'a3bf90e006b2'
+	ContainerIDKey = attribute.Key("container.id")
+
+	// ContainerRuntimeKey is the attribute Key conforming to the
+	// "container.runtime" semantic conventions. It represents the container
+	// runtime managing this container.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'docker', 'containerd', 'rkt'
+	ContainerRuntimeKey = attribute.Key("container.runtime")
+
+	// ContainerImageNameKey is the attribute Key conforming to the
+	// "container.image.name" semantic conventions. It represents the name of
+	// the image the container was built on.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'gcr.io/opentelemetry/operator'
+	ContainerImageNameKey = attribute.Key("container.image.name")
+
+	// ContainerImageTagKey is the attribute Key conforming to the
+	// "container.image.tag" semantic conventions. It represents the container
+	// image tag.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: '0.1'
+	ContainerImageTagKey = attribute.Key("container.image.tag")
+
+	// ContainerImageIDKey is the attribute Key conforming to the
+	// "container.image.id" semantic conventions. It represents the runtime
+	// specific image identifier. Usually a hash algorithm followed by a UUID.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples:
+	// 'sha256:19c92d0a00d1b66d897bceaa7319bee0dd38a10a851c60bcec9474aa3f01e50f'
+	// Note: Docker defines a sha256 of the image id; `container.image.id`
+	// corresponds to the `Image` field from the Docker container inspect
+	// [API](https://docs.docker.com/engine/api/v1.43/#tag/Container/operation/ContainerInspect)
+	// endpoint.
+	// K8S defines a link to the container registry repository with digest
+	// `"imageID": "registry.azurecr.io
+	// /namespace/service/dockerfile@sha256:bdeabd40c3a8a492eaf9e8e44d0ebbb84bac7ee25ac0cf8a7159d25f62555625"`.
+	// OCI defines a digest of manifest.
+	ContainerImageIDKey = attribute.Key("container.image.id")
+
+	// ContainerCommandKey is the attribute Key conforming to the
+	// "container.command" semantic conventions. It represents the command used
+	// to run the container (i.e. the command name).
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'otelcontribcol'
+	// Note: If using embedded credentials or sensitive data, it is recommended
+	// to remove them to prevent potential leakage.
+	ContainerCommandKey = attribute.Key("container.command")
+
+	// ContainerCommandLineKey is the attribute Key conforming to the
+	// "container.command_line" semantic conventions. It represents the full
+	// command run by the container as a single string representing the full
+	// command. [2]
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'otelcontribcol --config config.yaml'
+	ContainerCommandLineKey = attribute.Key("container.command_line")
+
+	// ContainerCommandArgsKey is the attribute Key conforming to the
+	// "container.command_args" semantic conventions. It represents the all the
+	// command arguments (including the command/executable itself) run by the
+	// container. [2]
+	//
+	// Type: string[]
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'otelcontribcol, --config, config.yaml'
+	ContainerCommandArgsKey = attribute.Key("container.command_args")
+)
+
+// ContainerName returns an attribute KeyValue conforming to the
+// "container.name" semantic conventions. It represents the container name used
+// by container runtime.
+func ContainerName(val string) attribute.KeyValue {
+	return ContainerNameKey.String(val)
+}
+
+// ContainerID returns an attribute KeyValue conforming to the
+// "container.id" semantic conventions. It represents the container ID. Usually
+// a UUID, as for example used to [identify Docker
+// containers](https://docs.docker.com/engine/reference/run/#container-identification).
+// The UUID might be abbreviated.
+func ContainerID(val string) attribute.KeyValue {
+	return ContainerIDKey.String(val)
+}
+
+// ContainerRuntime returns an attribute KeyValue conforming to the
+// "container.runtime" semantic conventions. It represents the container
+// runtime managing this container.
+func ContainerRuntime(val string) attribute.KeyValue {
+	return ContainerRuntimeKey.String(val)
+}
+
+// ContainerImageName returns an attribute KeyValue conforming to the
+// "container.image.name" semantic conventions. It represents the name of the
+// image the container was built on.
+func ContainerImageName(val string) attribute.KeyValue {
+	return ContainerImageNameKey.String(val)
+}
+
+// ContainerImageTag returns an attribute KeyValue conforming to the
+// "container.image.tag" semantic conventions. It represents the container
+// image tag.
+func ContainerImageTag(val string) attribute.KeyValue {
+	return ContainerImageTagKey.String(val)
+}
+
+// ContainerImageID returns an attribute KeyValue conforming to the
+// "container.image.id" semantic conventions. It represents the runtime
+// specific image identifier. Usually a hash algorithm followed by a UUID.
+func ContainerImageID(val string) attribute.KeyValue {
+	return ContainerImageIDKey.String(val)
+}
+
+// ContainerCommand returns an attribute KeyValue conforming to the
+// "container.command" semantic conventions. It represents the command used to
+// run the container (i.e. the command name).
+func ContainerCommand(val string) attribute.KeyValue {
+	return ContainerCommandKey.String(val)
+}
+
+// ContainerCommandLine returns an attribute KeyValue conforming to the
+// "container.command_line" semantic conventions. It represents the full
+// command run by the container as a single string representing the full
+// command. [2]
+func ContainerCommandLine(val string) attribute.KeyValue {
+	return ContainerCommandLineKey.String(val)
+}
+
+// ContainerCommandArgs returns an attribute KeyValue conforming to the
+// "container.command_args" semantic conventions. It represents the all the
+// command arguments (including the command/executable itself) run by the
+// container. [2]
+func ContainerCommandArgs(val ...string) attribute.KeyValue {
+	return ContainerCommandArgsKey.StringSlice(val)
+}
+
+// The software deployment.
+const (
+	// DeploymentEnvironmentKey is the attribute Key conforming to the
+	// "deployment.environment" semantic conventions. It represents the name of
+	// the [deployment
+	// environment](https://en.wikipedia.org/wiki/Deployment_environment) (aka
+	// deployment tier).
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'staging', 'production'
+	DeploymentEnvironmentKey = attribute.Key("deployment.environment")
+)
+
+// DeploymentEnvironment returns an attribute KeyValue conforming to the
+// "deployment.environment" semantic conventions. It represents the name of the
+// [deployment
+// environment](https://en.wikipedia.org/wiki/Deployment_environment) (aka
+// deployment tier).
+func DeploymentEnvironment(val string) attribute.KeyValue {
+	return DeploymentEnvironmentKey.String(val)
+}
+
+// The device on which the process represented by this resource is running.
+const (
+	// DeviceIDKey is the attribute Key conforming to the "device.id" semantic
+	// conventions. It represents a unique identifier representing the device
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: '2ab2916d-a51f-4ac8-80ee-45ac31a28092'
+	// Note: The device identifier MUST only be defined using the values
+	// outlined below. This value is not an advertising identifier and MUST NOT
+	// be used as such. On iOS (Swift or Objective-C), this value MUST be equal
+	// to the [vendor
+	// identifier](https://developer.apple.com/documentation/uikit/uidevice/1620059-identifierforvendor).
+	// On Android (Java or Kotlin), this value MUST be equal to the Firebase
+	// Installation ID or a globally unique UUID which is persisted across
+	// sessions in your application. More information can be found
+	// [here](https://developer.android.com/training/articles/user-data-ids) on
+	// best practices and exact implementation details. Caution should be taken
+	// when storing personal data or anything which can identify a user. GDPR
+	// and data protection laws may apply, ensure you do your own due
+	// diligence.
+	DeviceIDKey = attribute.Key("device.id")
+
+	// DeviceModelIdentifierKey is the attribute Key conforming to the
+	// "device.model.identifier" semantic conventions. It represents the model
+	// identifier for the device
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'iPhone3,4', 'SM-G920F'
+	// Note: It's recommended this value represents a machine readable version
+	// of the model identifier rather than the market or consumer-friendly name
+	// of the device.
+	DeviceModelIdentifierKey = attribute.Key("device.model.identifier")
+
+	// DeviceModelNameKey is the attribute Key conforming to the
+	// "device.model.name" semantic conventions. It represents the marketing
+	// name for the device model
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'iPhone 6s Plus', 'Samsung Galaxy S6'
+	// Note: It's recommended this value represents a human readable version of
+	// the device model rather than a machine readable alternative.
+	DeviceModelNameKey = attribute.Key("device.model.name")
+
+	// DeviceManufacturerKey is the attribute Key conforming to the
+	// "device.manufacturer" semantic conventions. It represents the name of
+	// the device manufacturer
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'Apple', 'Samsung'
+	// Note: The Android OS provides this field via
+	// [Build](https://developer.android.com/reference/android/os/Build#MANUFACTURER).
+	// iOS apps SHOULD hardcode the value `Apple`.
+	DeviceManufacturerKey = attribute.Key("device.manufacturer")
+)
+
+// DeviceID returns an attribute KeyValue conforming to the "device.id"
+// semantic conventions. It represents a unique identifier representing the
+// device
+func DeviceID(val string) attribute.KeyValue {
+	return DeviceIDKey.String(val)
+}
+
+// DeviceModelIdentifier returns an attribute KeyValue conforming to the
+// "device.model.identifier" semantic conventions. It represents the model
+// identifier for the device
+func DeviceModelIdentifier(val string) attribute.KeyValue {
+	return DeviceModelIdentifierKey.String(val)
+}
+
+// DeviceModelName returns an attribute KeyValue conforming to the
+// "device.model.name" semantic conventions. It represents the marketing name
+// for the device model
+func DeviceModelName(val string) attribute.KeyValue {
+	return DeviceModelNameKey.String(val)
+}
+
+// DeviceManufacturer returns an attribute KeyValue conforming to the
+// "device.manufacturer" semantic conventions. It represents the name of the
+// device manufacturer
+func DeviceManufacturer(val string) attribute.KeyValue {
+	return DeviceManufacturerKey.String(val)
+}
+
+// A serverless instance.
+const (
+	// FaaSNameKey is the attribute Key conforming to the "faas.name" semantic
+	// conventions. It represents the name of the single function that this
+	// runtime instance executes.
+	//
+	// Type: string
+	// RequirementLevel: Required
+	// Stability: stable
+	// Examples: 'my-function', 'myazurefunctionapp/some-function-name'
+	// Note: This is the name of the function as configured/deployed on the
+	// FaaS
+	// platform and is usually different from the name of the callback
+	// function (which may be stored in the
+	// [`code.namespace`/`code.function`](/docs/general/general-attributes.md#source-code-attributes)
+	// span attributes).
+	//
+	// For some cloud providers, the above definition is ambiguous. The
+	// following
+	// definition of function name MUST be used for this attribute
+	// (and consequently the span name) for the listed cloud
+	// providers/products:
+	//
+	// * **Azure:**  The full name `<FUNCAPP>/<FUNC>`, i.e., function app name
+	//   followed by a forward slash followed by the function name (this form
+	//   can also be seen in the resource JSON for the function).
+	//   This means that a span attribute MUST be used, as an Azure function
+	//   app can host multiple functions that would usually share
+	//   a TracerProvider (see also the `cloud.resource_id` attribute).
+	FaaSNameKey = attribute.Key("faas.name")
+
+	// FaaSVersionKey is the attribute Key conforming to the "faas.version"
+	// semantic conventions. It represents the immutable version of the
+	// function being executed.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: '26', 'pinkfroid-00002'
+	// Note: Depending on the cloud provider and platform, use:
+	//
+	// * **AWS Lambda:** The [function
+	// version](https://docs.aws.amazon.com/lambda/latest/dg/configuration-versions.html)
+	//   (an integer represented as a decimal string).
+	// * **Google Cloud Run (Services):** The
+	// [revision](https://cloud.google.com/run/docs/managing/revisions)
+	//   (i.e., the function name plus the revision suffix).
+	// * **Google Cloud Functions:** The value of the
+	//   [`K_REVISION` environment
+	// variable](https://cloud.google.com/functions/docs/env-var#runtime_environment_variables_set_automatically).
+	// * **Azure Functions:** Not applicable. Do not set this attribute.
+	FaaSVersionKey = attribute.Key("faas.version")
+
+	// FaaSInstanceKey is the attribute Key conforming to the "faas.instance"
+	// semantic conventions. It represents the execution environment ID as a
+	// string, that will be potentially reused for other invocations to the
+	// same function/function version.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: '2021/06/28/[$LATEST]2f399eb14537447da05ab2a2e39309de'
+	// Note: * **AWS Lambda:** Use the (full) log stream name.
+	FaaSInstanceKey = attribute.Key("faas.instance")
+
+	// FaaSMaxMemoryKey is the attribute Key conforming to the
+	// "faas.max_memory" semantic conventions. It represents the amount of
+	// memory available to the serverless function converted to Bytes.
+	//
+	// Type: int
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 134217728
+	// Note: It's recommended to set this attribute since e.g. too little
+	// memory can easily stop a Java AWS Lambda function from working
+	// correctly. On AWS Lambda, the environment variable
+	// `AWS_LAMBDA_FUNCTION_MEMORY_SIZE` provides this information (which must
+	// be multiplied by 1,048,576).
+	FaaSMaxMemoryKey = attribute.Key("faas.max_memory")
+)
+
+// FaaSName returns an attribute KeyValue conforming to the "faas.name"
+// semantic conventions. It represents the name of the single function that
+// this runtime instance executes.
+func FaaSName(val string) attribute.KeyValue {
+	return FaaSNameKey.String(val)
+}
+
+// FaaSVersion returns an attribute KeyValue conforming to the
+// "faas.version" semantic conventions. It represents the immutable version of
+// the function being executed.
+func FaaSVersion(val string) attribute.KeyValue {
+	return FaaSVersionKey.String(val)
+}
+
+// FaaSInstance returns an attribute KeyValue conforming to the
+// "faas.instance" semantic conventions. It represents the execution
+// environment ID as a string, that will be potentially reused for other
+// invocations to the same function/function version.
+func FaaSInstance(val string) attribute.KeyValue {
+	return FaaSInstanceKey.String(val)
+}
+
+// FaaSMaxMemory returns an attribute KeyValue conforming to the
+// "faas.max_memory" semantic conventions. It represents the amount of memory
+// available to the serverless function converted to Bytes.
+func FaaSMaxMemory(val int) attribute.KeyValue {
+	return FaaSMaxMemoryKey.Int(val)
+}
+
+// A host is defined as a computing instance. For example, physical servers,
+// virtual machines, switches or disk array.
+const (
+	// HostIDKey is the attribute Key conforming to the "host.id" semantic
+	// conventions. It represents the unique host ID. For Cloud, this must be
+	// the instance_id assigned by the cloud provider. For non-containerized
+	// systems, this should be the `machine-id`. See the table below for the
+	// sources to use to determine the `machine-id` based on operating system.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'fdbf79e8af94cb7f9e8df36789187052'
+	HostIDKey = attribute.Key("host.id")
+
+	// HostNameKey is the attribute Key conforming to the "host.name" semantic
+	// conventions. It represents the name of the host. On Unix systems, it may
+	// contain what the hostname command returns, or the fully qualified
+	// hostname, or another name specified by the user.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'opentelemetry-test'
+	HostNameKey = attribute.Key("host.name")
+
+	// HostTypeKey is the attribute Key conforming to the "host.type" semantic
+	// conventions. It represents the type of host. For Cloud, this must be the
+	// machine type.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'n1-standard-1'
+	HostTypeKey = attribute.Key("host.type")
+
+	// HostArchKey is the attribute Key conforming to the "host.arch" semantic
+	// conventions. It represents the CPU architecture the host system is
+	// running on.
+	//
+	// Type: Enum
+	// RequirementLevel: Optional
+	// Stability: stable
+	HostArchKey = attribute.Key("host.arch")
+
+	// HostImageNameKey is the attribute Key conforming to the
+	// "host.image.name" semantic conventions. It represents the name of the VM
+	// image or OS install the host was instantiated from.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'infra-ami-eks-worker-node-7d4ec78312', 'CentOS-8-x86_64-1905'
+	HostImageNameKey = attribute.Key("host.image.name")
+
+	// HostImageIDKey is the attribute Key conforming to the "host.image.id"
+	// semantic conventions. It represents the vM image ID or host OS image ID.
+	// For Cloud, this value is from the provider.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'ami-07b06b442921831e5'
+	HostImageIDKey = attribute.Key("host.image.id")
+
+	// HostImageVersionKey is the attribute Key conforming to the
+	// "host.image.version" semantic conventions. It represents the version
+	// string of the VM image or host OS as defined in [Version
+	// Attributes](README.md#version-attributes).
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: '0.1'
+	HostImageVersionKey = attribute.Key("host.image.version")
+)
+
+var (
+	// AMD64
+	HostArchAMD64 = HostArchKey.String("amd64")
+	// ARM32
+	HostArchARM32 = HostArchKey.String("arm32")
+	// ARM64
+	HostArchARM64 = HostArchKey.String("arm64")
+	// Itanium
+	HostArchIA64 = HostArchKey.String("ia64")
+	// 32-bit PowerPC
+	HostArchPPC32 = HostArchKey.String("ppc32")
+	// 64-bit PowerPC
+	HostArchPPC64 = HostArchKey.String("ppc64")
+	// IBM z/Architecture
+	HostArchS390x = HostArchKey.String("s390x")
+	// 32-bit x86
+	HostArchX86 = HostArchKey.String("x86")
+)
+
+// HostID returns an attribute KeyValue conforming to the "host.id" semantic
+// conventions. It represents the unique host ID. For Cloud, this must be the
+// instance_id assigned by the cloud provider. For non-containerized systems,
+// this should be the `machine-id`. See the table below for the sources to use
+// to determine the `machine-id` based on operating system.
+func HostID(val string) attribute.KeyValue {
+	return HostIDKey.String(val)
+}
+
+// HostName returns an attribute KeyValue conforming to the "host.name"
+// semantic conventions. It represents the name of the host. On Unix systems,
+// it may contain what the hostname command returns, or the fully qualified
+// hostname, or another name specified by the user.
+func HostName(val string) attribute.KeyValue {
+	return HostNameKey.String(val)
+}
+
+// HostType returns an attribute KeyValue conforming to the "host.type"
+// semantic conventions. It represents the type of host. For Cloud, this must
+// be the machine type.
+func HostType(val string) attribute.KeyValue {
+	return HostTypeKey.String(val)
+}
+
+// HostImageName returns an attribute KeyValue conforming to the
+// "host.image.name" semantic conventions. It represents the name of the VM
+// image or OS install the host was instantiated from.
+func HostImageName(val string) attribute.KeyValue {
+	return HostImageNameKey.String(val)
+}
+
+// HostImageID returns an attribute KeyValue conforming to the
+// "host.image.id" semantic conventions. It represents the vM image ID or host
+// OS image ID. For Cloud, this value is from the provider.
+func HostImageID(val string) attribute.KeyValue {
+	return HostImageIDKey.String(val)
+}
+
+// HostImageVersion returns an attribute KeyValue conforming to the
+// "host.image.version" semantic conventions. It represents the version string
+// of the VM image or host OS as defined in [Version
+// Attributes](README.md#version-attributes).
+func HostImageVersion(val string) attribute.KeyValue {
+	return HostImageVersionKey.String(val)
+}
+
+// A Kubernetes Cluster.
+const (
+	// K8SClusterNameKey is the attribute Key conforming to the
+	// "k8s.cluster.name" semantic conventions. It represents the name of the
+	// cluster.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'opentelemetry-cluster'
+	K8SClusterNameKey = attribute.Key("k8s.cluster.name")
+
+	// K8SClusterUIDKey is the attribute Key conforming to the
+	// "k8s.cluster.uid" semantic conventions. It represents a pseudo-ID for
+	// the cluster, set to the UID of the `kube-system` namespace.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: '218fc5a9-a5f1-4b54-aa05-46717d0ab26d'
+	// Note: K8S does not have support for obtaining a cluster ID. If this is
+	// ever
+	// added, we will recommend collecting the `k8s.cluster.uid` through the
+	// official APIs. In the meantime, we are able to use the `uid` of the
+	// `kube-system` namespace as a proxy for cluster ID. Read on for the
+	// rationale.
+	//
+	// Every object created in a K8S cluster is assigned a distinct UID. The
+	// `kube-system` namespace is used by Kubernetes itself and will exist
+	// for the lifetime of the cluster. Using the `uid` of the `kube-system`
+	// namespace is a reasonable proxy for the K8S ClusterID as it will only
+	// change if the cluster is rebuilt. Furthermore, Kubernetes UIDs are
+	// UUIDs as standardized by
+	// [ISO/IEC 9834-8 and ITU-T
+	// X.667](https://www.itu.int/ITU-T/studygroups/com17/oid.html).
+	// Which states:
+	//
+	// > If generated according to one of the mechanisms defined in Rec.
+	//   ITU-T X.667 | ISO/IEC 9834-8, a UUID is either guaranteed to be
+	//   different from all other UUIDs generated before 3603 A.D., or is
+	//   extremely likely to be different (depending on the mechanism chosen).
+	//
+	// Therefore, UIDs between clusters should be extremely unlikely to
+	// conflict.
+	K8SClusterUIDKey = attribute.Key("k8s.cluster.uid")
+)
+
+// K8SClusterName returns an attribute KeyValue conforming to the
+// "k8s.cluster.name" semantic conventions. It represents the name of the
+// cluster.
+func K8SClusterName(val string) attribute.KeyValue {
+	return K8SClusterNameKey.String(val)
+}
+
+// K8SClusterUID returns an attribute KeyValue conforming to the
+// "k8s.cluster.uid" semantic conventions. It represents a pseudo-ID for the
+// cluster, set to the UID of the `kube-system` namespace.
+func K8SClusterUID(val string) attribute.KeyValue {
+	return K8SClusterUIDKey.String(val)
+}
+
+// A Kubernetes Node object.
+const (
+	// K8SNodeNameKey is the attribute Key conforming to the "k8s.node.name"
+	// semantic conventions. It represents the name of the Node.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'node-1'
+	K8SNodeNameKey = attribute.Key("k8s.node.name")
+
+	// K8SNodeUIDKey is the attribute Key conforming to the "k8s.node.uid"
+	// semantic conventions. It represents the UID of the Node.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: '1eb3a0c6-0477-4080-a9cb-0cb7db65c6a2'
+	K8SNodeUIDKey = attribute.Key("k8s.node.uid")
+)
+
+// K8SNodeName returns an attribute KeyValue conforming to the
+// "k8s.node.name" semantic conventions. It represents the name of the Node.
+func K8SNodeName(val string) attribute.KeyValue {
+	return K8SNodeNameKey.String(val)
+}
+
+// K8SNodeUID returns an attribute KeyValue conforming to the "k8s.node.uid"
+// semantic conventions. It represents the UID of the Node.
+func K8SNodeUID(val string) attribute.KeyValue {
+	return K8SNodeUIDKey.String(val)
+}
+
+// A Kubernetes Namespace.
+const (
+	// K8SNamespaceNameKey is the attribute Key conforming to the
+	// "k8s.namespace.name" semantic conventions. It represents the name of the
+	// namespace that the pod is running in.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'default'
+	K8SNamespaceNameKey = attribute.Key("k8s.namespace.name")
+)
+
+// K8SNamespaceName returns an attribute KeyValue conforming to the
+// "k8s.namespace.name" semantic conventions. It represents the name of the
+// namespace that the pod is running in.
+func K8SNamespaceName(val string) attribute.KeyValue {
+	return K8SNamespaceNameKey.String(val)
+}
+
+// A Kubernetes Pod object.
+const (
+	// K8SPodUIDKey is the attribute Key conforming to the "k8s.pod.uid"
+	// semantic conventions. It represents the UID of the Pod.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: '275ecb36-5aa8-4c2a-9c47-d8bb681b9aff'
+	K8SPodUIDKey = attribute.Key("k8s.pod.uid")
+
+	// K8SPodNameKey is the attribute Key conforming to the "k8s.pod.name"
+	// semantic conventions. It represents the name of the Pod.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'opentelemetry-pod-autoconf'
+	K8SPodNameKey = attribute.Key("k8s.pod.name")
+)
+
+// K8SPodUID returns an attribute KeyValue conforming to the "k8s.pod.uid"
+// semantic conventions. It represents the UID of the Pod.
+func K8SPodUID(val string) attribute.KeyValue {
+	return K8SPodUIDKey.String(val)
+}
+
+// K8SPodName returns an attribute KeyValue conforming to the "k8s.pod.name"
+// semantic conventions. It represents the name of the Pod.
+func K8SPodName(val string) attribute.KeyValue {
+	return K8SPodNameKey.String(val)
+}
+
+// A container in a
+// [PodTemplate](https://kubernetes.io/docs/concepts/workloads/pods/#pod-templates).
+const (
+	// K8SContainerNameKey is the attribute Key conforming to the
+	// "k8s.container.name" semantic conventions. It represents the name of the
+	// Container from Pod specification, must be unique within a Pod. Container
+	// runtime usually uses different globally unique name (`container.name`).
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'redis'
+	K8SContainerNameKey = attribute.Key("k8s.container.name")
+
+	// K8SContainerRestartCountKey is the attribute Key conforming to the
+	// "k8s.container.restart_count" semantic conventions. It represents the
+	// number of times the container was restarted. This attribute can be used
+	// to identify a particular container (running or stopped) within a
+	// container spec.
+	//
+	// Type: int
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 0, 2
+	K8SContainerRestartCountKey = attribute.Key("k8s.container.restart_count")
+)
+
+// K8SContainerName returns an attribute KeyValue conforming to the
+// "k8s.container.name" semantic conventions. It represents the name of the
+// Container from Pod specification, must be unique within a Pod. Container
+// runtime usually uses different globally unique name (`container.name`).
+func K8SContainerName(val string) attribute.KeyValue {
+	return K8SContainerNameKey.String(val)
+}
+
+// K8SContainerRestartCount returns an attribute KeyValue conforming to the
+// "k8s.container.restart_count" semantic conventions. It represents the number
+// of times the container was restarted. This attribute can be used to identify
+// a particular container (running or stopped) within a container spec.
+func K8SContainerRestartCount(val int) attribute.KeyValue {
+	return K8SContainerRestartCountKey.Int(val)
+}
+
+// A Kubernetes ReplicaSet object.
+const (
+	// K8SReplicaSetUIDKey is the attribute Key conforming to the
+	// "k8s.replicaset.uid" semantic conventions. It represents the UID of the
+	// ReplicaSet.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: '275ecb36-5aa8-4c2a-9c47-d8bb681b9aff'
+	K8SReplicaSetUIDKey = attribute.Key("k8s.replicaset.uid")
+
+	// K8SReplicaSetNameKey is the attribute Key conforming to the
+	// "k8s.replicaset.name" semantic conventions. It represents the name of
+	// the ReplicaSet.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'opentelemetry'
+	K8SReplicaSetNameKey = attribute.Key("k8s.replicaset.name")
+)
+
+// K8SReplicaSetUID returns an attribute KeyValue conforming to the
+// "k8s.replicaset.uid" semantic conventions. It represents the UID of the
+// ReplicaSet.
+func K8SReplicaSetUID(val string) attribute.KeyValue {
+	return K8SReplicaSetUIDKey.String(val)
+}
+
+// K8SReplicaSetName returns an attribute KeyValue conforming to the
+// "k8s.replicaset.name" semantic conventions. It represents the name of the
+// ReplicaSet.
+func K8SReplicaSetName(val string) attribute.KeyValue {
+	return K8SReplicaSetNameKey.String(val)
+}
+
+// A Kubernetes Deployment object.
+const (
+	// K8SDeploymentUIDKey is the attribute Key conforming to the
+	// "k8s.deployment.uid" semantic conventions. It represents the UID of the
+	// Deployment.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: '275ecb36-5aa8-4c2a-9c47-d8bb681b9aff'
+	K8SDeploymentUIDKey = attribute.Key("k8s.deployment.uid")
+
+	// K8SDeploymentNameKey is the attribute Key conforming to the
+	// "k8s.deployment.name" semantic conventions. It represents the name of
+	// the Deployment.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'opentelemetry'
+	K8SDeploymentNameKey = attribute.Key("k8s.deployment.name")
+)
+
+// K8SDeploymentUID returns an attribute KeyValue conforming to the
+// "k8s.deployment.uid" semantic conventions. It represents the UID of the
+// Deployment.
+func K8SDeploymentUID(val string) attribute.KeyValue {
+	return K8SDeploymentUIDKey.String(val)
+}
+
+// K8SDeploymentName returns an attribute KeyValue conforming to the
+// "k8s.deployment.name" semantic conventions. It represents the name of the
+// Deployment.
+func K8SDeploymentName(val string) attribute.KeyValue {
+	return K8SDeploymentNameKey.String(val)
+}
+
+// A Kubernetes StatefulSet object.
+const (
+	// K8SStatefulSetUIDKey is the attribute Key conforming to the
+	// "k8s.statefulset.uid" semantic conventions. It represents the UID of the
+	// StatefulSet.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: '275ecb36-5aa8-4c2a-9c47-d8bb681b9aff'
+	K8SStatefulSetUIDKey = attribute.Key("k8s.statefulset.uid")
+
+	// K8SStatefulSetNameKey is the attribute Key conforming to the
+	// "k8s.statefulset.name" semantic conventions. It represents the name of
+	// the StatefulSet.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'opentelemetry'
+	K8SStatefulSetNameKey = attribute.Key("k8s.statefulset.name")
+)
+
+// K8SStatefulSetUID returns an attribute KeyValue conforming to the
+// "k8s.statefulset.uid" semantic conventions. It represents the UID of the
+// StatefulSet.
+func K8SStatefulSetUID(val string) attribute.KeyValue {
+	return K8SStatefulSetUIDKey.String(val)
+}
+
+// K8SStatefulSetName returns an attribute KeyValue conforming to the
+// "k8s.statefulset.name" semantic conventions. It represents the name of the
+// StatefulSet.
+func K8SStatefulSetName(val string) attribute.KeyValue {
+	return K8SStatefulSetNameKey.String(val)
+}
+
+// A Kubernetes DaemonSet object.
+const (
+	// K8SDaemonSetUIDKey is the attribute Key conforming to the
+	// "k8s.daemonset.uid" semantic conventions. It represents the UID of the
+	// DaemonSet.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: '275ecb36-5aa8-4c2a-9c47-d8bb681b9aff'
+	K8SDaemonSetUIDKey = attribute.Key("k8s.daemonset.uid")
+
+	// K8SDaemonSetNameKey is the attribute Key conforming to the
+	// "k8s.daemonset.name" semantic conventions. It represents the name of the
+	// DaemonSet.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'opentelemetry'
+	K8SDaemonSetNameKey = attribute.Key("k8s.daemonset.name")
+)
+
+// K8SDaemonSetUID returns an attribute KeyValue conforming to the
+// "k8s.daemonset.uid" semantic conventions. It represents the UID of the
+// DaemonSet.
+func K8SDaemonSetUID(val string) attribute.KeyValue {
+	return K8SDaemonSetUIDKey.String(val)
+}
+
+// K8SDaemonSetName returns an attribute KeyValue conforming to the
+// "k8s.daemonset.name" semantic conventions. It represents the name of the
+// DaemonSet.
+func K8SDaemonSetName(val string) attribute.KeyValue {
+	return K8SDaemonSetNameKey.String(val)
+}
+
+// A Kubernetes Job object.
+const (
+	// K8SJobUIDKey is the attribute Key conforming to the "k8s.job.uid"
+	// semantic conventions. It represents the UID of the Job.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: '275ecb36-5aa8-4c2a-9c47-d8bb681b9aff'
+	K8SJobUIDKey = attribute.Key("k8s.job.uid")
+
+	// K8SJobNameKey is the attribute Key conforming to the "k8s.job.name"
+	// semantic conventions. It represents the name of the Job.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'opentelemetry'
+	K8SJobNameKey = attribute.Key("k8s.job.name")
+)
+
+// K8SJobUID returns an attribute KeyValue conforming to the "k8s.job.uid"
+// semantic conventions. It represents the UID of the Job.
+func K8SJobUID(val string) attribute.KeyValue {
+	return K8SJobUIDKey.String(val)
+}
+
+// K8SJobName returns an attribute KeyValue conforming to the "k8s.job.name"
+// semantic conventions. It represents the name of the Job.
+func K8SJobName(val string) attribute.KeyValue {
+	return K8SJobNameKey.String(val)
+}
+
+// A Kubernetes CronJob object.
+const (
+	// K8SCronJobUIDKey is the attribute Key conforming to the
+	// "k8s.cronjob.uid" semantic conventions. It represents the UID of the
+	// CronJob.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: '275ecb36-5aa8-4c2a-9c47-d8bb681b9aff'
+	K8SCronJobUIDKey = attribute.Key("k8s.cronjob.uid")
+
+	// K8SCronJobNameKey is the attribute Key conforming to the
+	// "k8s.cronjob.name" semantic conventions. It represents the name of the
+	// CronJob.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'opentelemetry'
+	K8SCronJobNameKey = attribute.Key("k8s.cronjob.name")
+)
+
+// K8SCronJobUID returns an attribute KeyValue conforming to the
+// "k8s.cronjob.uid" semantic conventions. It represents the UID of the
+// CronJob.
+func K8SCronJobUID(val string) attribute.KeyValue {
+	return K8SCronJobUIDKey.String(val)
+}
+
+// K8SCronJobName returns an attribute KeyValue conforming to the
+// "k8s.cronjob.name" semantic conventions. It represents the name of the
+// CronJob.
+func K8SCronJobName(val string) attribute.KeyValue {
+	return K8SCronJobNameKey.String(val)
+}
+
+// The operating system (OS) on which the process represented by this resource
+// is running.
+const (
+	// OSTypeKey is the attribute Key conforming to the "os.type" semantic
+	// conventions. It represents the operating system type.
+	//
+	// Type: Enum
+	// RequirementLevel: Required
+	// Stability: stable
+	OSTypeKey = attribute.Key("os.type")
+
+	// OSDescriptionKey is the attribute Key conforming to the "os.description"
+	// semantic conventions. It represents the human readable (not intended to
+	// be parsed) OS version information, like e.g. reported by `ver` or
+	// `lsb_release -a` commands.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'Microsoft Windows [Version 10.0.18363.778]', 'Ubuntu 18.04.1
+	// LTS'
+	OSDescriptionKey = attribute.Key("os.description")
+
+	// OSNameKey is the attribute Key conforming to the "os.name" semantic
+	// conventions. It represents the human readable operating system name.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'iOS', 'Android', 'Ubuntu'
+	OSNameKey = attribute.Key("os.name")
+
+	// OSVersionKey is the attribute Key conforming to the "os.version"
+	// semantic conventions. It represents the version string of the operating
+	// system as defined in [Version
+	// Attributes](/docs/resource/README.md#version-attributes).
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: '14.2.1', '18.04.1'
+	OSVersionKey = attribute.Key("os.version")
+)
+
+var (
+	// Microsoft Windows
+	OSTypeWindows = OSTypeKey.String("windows")
+	// Linux
+	OSTypeLinux = OSTypeKey.String("linux")
+	// Apple Darwin
+	OSTypeDarwin = OSTypeKey.String("darwin")
+	// FreeBSD
+	OSTypeFreeBSD = OSTypeKey.String("freebsd")
+	// NetBSD
+	OSTypeNetBSD = OSTypeKey.String("netbsd")
+	// OpenBSD
+	OSTypeOpenBSD = OSTypeKey.String("openbsd")
+	// DragonFly BSD
+	OSTypeDragonflyBSD = OSTypeKey.String("dragonflybsd")
+	// HP-UX (Hewlett Packard Unix)
+	OSTypeHPUX = OSTypeKey.String("hpux")
+	// AIX (Advanced Interactive eXecutive)
+	OSTypeAIX = OSTypeKey.String("aix")
+	// SunOS, Oracle Solaris
+	OSTypeSolaris = OSTypeKey.String("solaris")
+	// IBM z/OS
+	OSTypeZOS = OSTypeKey.String("z_os")
+)
+
+// OSDescription returns an attribute KeyValue conforming to the
+// "os.description" semantic conventions. It represents the human readable (not
+// intended to be parsed) OS version information, like e.g. reported by `ver`
+// or `lsb_release -a` commands.
+func OSDescription(val string) attribute.KeyValue {
+	return OSDescriptionKey.String(val)
+}
+
+// OSName returns an attribute KeyValue conforming to the "os.name" semantic
+// conventions. It represents the human readable operating system name.
+func OSName(val string) attribute.KeyValue {
+	return OSNameKey.String(val)
+}
+
+// OSVersion returns an attribute KeyValue conforming to the "os.version"
+// semantic conventions. It represents the version string of the operating
+// system as defined in [Version
+// Attributes](/docs/resource/README.md#version-attributes).
+func OSVersion(val string) attribute.KeyValue {
+	return OSVersionKey.String(val)
+}
+
+// An operating system process.
+const (
+	// ProcessPIDKey is the attribute Key conforming to the "process.pid"
+	// semantic conventions. It represents the process identifier (PID).
+	//
+	// Type: int
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 1234
+	ProcessPIDKey = attribute.Key("process.pid")
+
+	// ProcessParentPIDKey is the attribute Key conforming to the
+	// "process.parent_pid" semantic conventions. It represents the parent
+	// Process identifier (PID).
+	//
+	// Type: int
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 111
+	ProcessParentPIDKey = attribute.Key("process.parent_pid")
+
+	// ProcessExecutableNameKey is the attribute Key conforming to the
+	// "process.executable.name" semantic conventions. It represents the name
+	// of the process executable. On Linux based systems, can be set to the
+	// `Name` in `proc/[pid]/status`. On Windows, can be set to the base name
+	// of `GetProcessImageFileNameW`.
+	//
+	// Type: string
+	// RequirementLevel: ConditionallyRequired (See alternative attributes
+	// below.)
+	// Stability: stable
+	// Examples: 'otelcol'
+	ProcessExecutableNameKey = attribute.Key("process.executable.name")
+
+	// ProcessExecutablePathKey is the attribute Key conforming to the
+	// "process.executable.path" semantic conventions. It represents the full
+	// path to the process executable. On Linux based systems, can be set to
+	// the target of `proc/[pid]/exe`. On Windows, can be set to the result of
+	// `GetProcessImageFileNameW`.
+	//
+	// Type: string
+	// RequirementLevel: ConditionallyRequired (See alternative attributes
+	// below.)
+	// Stability: stable
+	// Examples: '/usr/bin/cmd/otelcol'
+	ProcessExecutablePathKey = attribute.Key("process.executable.path")
+
+	// ProcessCommandKey is the attribute Key conforming to the
+	// "process.command" semantic conventions. It represents the command used
+	// to launch the process (i.e. the command name). On Linux based systems,
+	// can be set to the zeroth string in `proc/[pid]/cmdline`. On Windows, can
+	// be set to the first parameter extracted from `GetCommandLineW`.
+	//
+	// Type: string
+	// RequirementLevel: ConditionallyRequired (See alternative attributes
+	// below.)
+	// Stability: stable
+	// Examples: 'cmd/otelcol'
+	ProcessCommandKey = attribute.Key("process.command")
+
+	// ProcessCommandLineKey is the attribute Key conforming to the
+	// "process.command_line" semantic conventions. It represents the full
+	// command used to launch the process as a single string representing the
+	// full command. On Windows, can be set to the result of `GetCommandLineW`.
+	// Do not set this if you have to assemble it just for monitoring; use
+	// `process.command_args` instead.
+	//
+	// Type: string
+	// RequirementLevel: ConditionallyRequired (See alternative attributes
+	// below.)
+	// Stability: stable
+	// Examples: 'C:\\cmd\\otecol --config="my directory\\config.yaml"'
+	ProcessCommandLineKey = attribute.Key("process.command_line")
+
+	// ProcessCommandArgsKey is the attribute Key conforming to the
+	// "process.command_args" semantic conventions. It represents the all the
+	// command arguments (including the command/executable itself) as received
+	// by the process. On Linux-based systems (and some other Unixoid systems
+	// supporting procfs), can be set according to the list of null-delimited
+	// strings extracted from `proc/[pid]/cmdline`. For libc-based executables,
+	// this would be the full argv vector passed to `main`.
+	//
+	// Type: string[]
+	// RequirementLevel: ConditionallyRequired (See alternative attributes
+	// below.)
+	// Stability: stable
+	// Examples: 'cmd/otecol', '--config=config.yaml'
+	ProcessCommandArgsKey = attribute.Key("process.command_args")
+
+	// ProcessOwnerKey is the attribute Key conforming to the "process.owner"
+	// semantic conventions. It represents the username of the user that owns
+	// the process.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'root'
+	ProcessOwnerKey = attribute.Key("process.owner")
+)
+
+// ProcessPID returns an attribute KeyValue conforming to the "process.pid"
+// semantic conventions. It represents the process identifier (PID).
+func ProcessPID(val int) attribute.KeyValue {
+	return ProcessPIDKey.Int(val)
+}
+
+// ProcessParentPID returns an attribute KeyValue conforming to the
+// "process.parent_pid" semantic conventions. It represents the parent Process
+// identifier (PID).
+func ProcessParentPID(val int) attribute.KeyValue {
+	return ProcessParentPIDKey.Int(val)
+}
+
+// ProcessExecutableName returns an attribute KeyValue conforming to the
+// "process.executable.name" semantic conventions. It represents the name of
+// the process executable. On Linux based systems, can be set to the `Name` in
+// `proc/[pid]/status`. On Windows, can be set to the base name of
+// `GetProcessImageFileNameW`.
+func ProcessExecutableName(val string) attribute.KeyValue {
+	return ProcessExecutableNameKey.String(val)
+}
+
+// ProcessExecutablePath returns an attribute KeyValue conforming to the
+// "process.executable.path" semantic conventions. It represents the full path
+// to the process executable. On Linux based systems, can be set to the target
+// of `proc/[pid]/exe`. On Windows, can be set to the result of
+// `GetProcessImageFileNameW`.
+func ProcessExecutablePath(val string) attribute.KeyValue {
+	return ProcessExecutablePathKey.String(val)
+}
+
+// ProcessCommand returns an attribute KeyValue conforming to the
+// "process.command" semantic conventions. It represents the command used to
+// launch the process (i.e. the command name). On Linux based systems, can be
+// set to the zeroth string in `proc/[pid]/cmdline`. On Windows, can be set to
+// the first parameter extracted from `GetCommandLineW`.
+func ProcessCommand(val string) attribute.KeyValue {
+	return ProcessCommandKey.String(val)
+}
+
+// ProcessCommandLine returns an attribute KeyValue conforming to the
+// "process.command_line" semantic conventions. It represents the full command
+// used to launch the process as a single string representing the full command.
+// On Windows, can be set to the result of `GetCommandLineW`. Do not set this
+// if you have to assemble it just for monitoring; use `process.command_args`
+// instead.
+func ProcessCommandLine(val string) attribute.KeyValue {
+	return ProcessCommandLineKey.String(val)
+}
+
+// ProcessCommandArgs returns an attribute KeyValue conforming to the
+// "process.command_args" semantic conventions. It represents the all the
+// command arguments (including the command/executable itself) as received by
+// the process. On Linux-based systems (and some other Unixoid systems
+// supporting procfs), can be set according to the list of null-delimited
+// strings extracted from `proc/[pid]/cmdline`. For libc-based executables,
+// this would be the full argv vector passed to `main`.
+func ProcessCommandArgs(val ...string) attribute.KeyValue {
+	return ProcessCommandArgsKey.StringSlice(val)
+}
+
+// ProcessOwner returns an attribute KeyValue conforming to the
+// "process.owner" semantic conventions. It represents the username of the user
+// that owns the process.
+func ProcessOwner(val string) attribute.KeyValue {
+	return ProcessOwnerKey.String(val)
+}
+
+// The single (language) runtime instance which is monitored.
+const (
+	// ProcessRuntimeNameKey is the attribute Key conforming to the
+	// "process.runtime.name" semantic conventions. It represents the name of
+	// the runtime of this process. For compiled native binaries, this SHOULD
+	// be the name of the compiler.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'OpenJDK Runtime Environment'
+	ProcessRuntimeNameKey = attribute.Key("process.runtime.name")
+
+	// ProcessRuntimeVersionKey is the attribute Key conforming to the
+	// "process.runtime.version" semantic conventions. It represents the
+	// version of the runtime of this process, as returned by the runtime
+	// without modification.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: '14.0.2'
+	ProcessRuntimeVersionKey = attribute.Key("process.runtime.version")
+
+	// ProcessRuntimeDescriptionKey is the attribute Key conforming to the
+	// "process.runtime.description" semantic conventions. It represents an
+	// additional description about the runtime of the process, for example a
+	// specific vendor customization of the runtime environment.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'Eclipse OpenJ9 Eclipse OpenJ9 VM openj9-0.21.0'
+	ProcessRuntimeDescriptionKey = attribute.Key("process.runtime.description")
+)
+
+// ProcessRuntimeName returns an attribute KeyValue conforming to the
+// "process.runtime.name" semantic conventions. It represents the name of the
+// runtime of this process. For compiled native binaries, this SHOULD be the
+// name of the compiler.
+func ProcessRuntimeName(val string) attribute.KeyValue {
+	return ProcessRuntimeNameKey.String(val)
+}
+
+// ProcessRuntimeVersion returns an attribute KeyValue conforming to the
+// "process.runtime.version" semantic conventions. It represents the version of
+// the runtime of this process, as returned by the runtime without
+// modification.
+func ProcessRuntimeVersion(val string) attribute.KeyValue {
+	return ProcessRuntimeVersionKey.String(val)
+}
+
+// ProcessRuntimeDescription returns an attribute KeyValue conforming to the
+// "process.runtime.description" semantic conventions. It represents an
+// additional description about the runtime of the process, for example a
+// specific vendor customization of the runtime environment.
+func ProcessRuntimeDescription(val string) attribute.KeyValue {
+	return ProcessRuntimeDescriptionKey.String(val)
+}
+
+// A service instance.
+const (
+	// ServiceNameKey is the attribute Key conforming to the "service.name"
+	// semantic conventions. It represents the logical name of the service.
+	//
+	// Type: string
+	// RequirementLevel: Required
+	// Stability: stable
+	// Examples: 'shoppingcart'
+	// Note: MUST be the same for all instances of horizontally scaled
+	// services. If the value was not specified, SDKs MUST fallback to
+	// `unknown_service:` concatenated with
+	// [`process.executable.name`](process.md#process), e.g.
+	// `unknown_service:bash`. If `process.executable.name` is not available,
+	// the value MUST be set to `unknown_service`.
+	ServiceNameKey = attribute.Key("service.name")
+
+	// ServiceVersionKey is the attribute Key conforming to the
+	// "service.version" semantic conventions. It represents the version string
+	// of the service API or implementation. The format is not defined by these
+	// conventions.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: '2.0.0', 'a01dbef8a'
+	ServiceVersionKey = attribute.Key("service.version")
+)
+
+// ServiceName returns an attribute KeyValue conforming to the
+// "service.name" semantic conventions. It represents the logical name of the
+// service.
+func ServiceName(val string) attribute.KeyValue {
+	return ServiceNameKey.String(val)
+}
+
+// ServiceVersion returns an attribute KeyValue conforming to the
+// "service.version" semantic conventions. It represents the version string of
+// the service API or implementation. The format is not defined by these
+// conventions.
+func ServiceVersion(val string) attribute.KeyValue {
+	return ServiceVersionKey.String(val)
+}
+
+// A service instance.
+const (
+	// ServiceNamespaceKey is the attribute Key conforming to the
+	// "service.namespace" semantic conventions. It represents a namespace for
+	// `service.name`.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'Shop'
+	// Note: A string value having a meaning that helps to distinguish a group
+	// of services, for example the team name that owns a group of services.
+	// `service.name` is expected to be unique within the same namespace. If
+	// `service.namespace` is not specified in the Resource then `service.name`
+	// is expected to be unique for all services that have no explicit
+	// namespace defined (so the empty/unspecified namespace is simply one more
+	// valid namespace). Zero-length namespace string is assumed equal to
+	// unspecified namespace.
+	ServiceNamespaceKey = attribute.Key("service.namespace")
+
+	// ServiceInstanceIDKey is the attribute Key conforming to the
+	// "service.instance.id" semantic conventions. It represents the string ID
+	// of the service instance.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'my-k8s-pod-deployment-1',
+	// '627cc493-f310-47de-96bd-71410b7dec09'
+	// Note: MUST be unique for each instance of the same
+	// `service.namespace,service.name` pair (in other words
+	// `service.namespace,service.name,service.instance.id` triplet MUST be
+	// globally unique). The ID helps to distinguish instances of the same
+	// service that exist at the same time (e.g. instances of a horizontally
+	// scaled service). It is preferable for the ID to be persistent and stay
+	// the same for the lifetime of the service instance, however it is
+	// acceptable that the ID is ephemeral and changes during important
+	// lifetime events for the service (e.g. service restarts). If the service
+	// has no inherent unique ID that can be used as the value of this
+	// attribute it is recommended to generate a random Version 1 or Version 4
+	// RFC 4122 UUID (services aiming for reproducible UUIDs may also use
+	// Version 5, see RFC 4122 for more recommendations).
+	ServiceInstanceIDKey = attribute.Key("service.instance.id")
+)
+
+// ServiceNamespace returns an attribute KeyValue conforming to the
+// "service.namespace" semantic conventions. It represents a namespace for
+// `service.name`.
+func ServiceNamespace(val string) attribute.KeyValue {
+	return ServiceNamespaceKey.String(val)
+}
+
+// ServiceInstanceID returns an attribute KeyValue conforming to the
+// "service.instance.id" semantic conventions. It represents the string ID of
+// the service instance.
+func ServiceInstanceID(val string) attribute.KeyValue {
+	return ServiceInstanceIDKey.String(val)
+}
+
+// The telemetry SDK used to capture data recorded by the instrumentation
+// libraries.
+const (
+	// TelemetrySDKNameKey is the attribute Key conforming to the
+	// "telemetry.sdk.name" semantic conventions. It represents the name of the
+	// telemetry SDK as defined above.
+	//
+	// Type: string
+	// RequirementLevel: Required
+	// Stability: stable
+	// Examples: 'opentelemetry'
+	// Note: The OpenTelemetry SDK MUST set the `telemetry.sdk.name` attribute
+	// to `opentelemetry`.
+	// If another SDK, like a fork or a vendor-provided implementation, is
+	// used, this SDK MUST set the
+	// `telemetry.sdk.name` attribute to the fully-qualified class or module
+	// name of this SDK's main entry point
+	// or another suitable identifier depending on the language.
+	// The identifier `opentelemetry` is reserved and MUST NOT be used in this
+	// case.
+	// All custom identifiers SHOULD be stable across different versions of an
+	// implementation.
+	TelemetrySDKNameKey = attribute.Key("telemetry.sdk.name")
+
+	// TelemetrySDKLanguageKey is the attribute Key conforming to the
+	// "telemetry.sdk.language" semantic conventions. It represents the
+	// language of the telemetry SDK.
+	//
+	// Type: Enum
+	// RequirementLevel: Required
+	// Stability: stable
+	TelemetrySDKLanguageKey = attribute.Key("telemetry.sdk.language")
+
+	// TelemetrySDKVersionKey is the attribute Key conforming to the
+	// "telemetry.sdk.version" semantic conventions. It represents the version
+	// string of the telemetry SDK.
+	//
+	// Type: string
+	// RequirementLevel: Required
+	// Stability: stable
+	// Examples: '1.2.3'
+	TelemetrySDKVersionKey = attribute.Key("telemetry.sdk.version")
+)
+
+var (
+	// cpp
+	TelemetrySDKLanguageCPP = TelemetrySDKLanguageKey.String("cpp")
+	// dotnet
+	TelemetrySDKLanguageDotnet = TelemetrySDKLanguageKey.String("dotnet")
+	// erlang
+	TelemetrySDKLanguageErlang = TelemetrySDKLanguageKey.String("erlang")
+	// go
+	TelemetrySDKLanguageGo = TelemetrySDKLanguageKey.String("go")
+	// java
+	TelemetrySDKLanguageJava = TelemetrySDKLanguageKey.String("java")
+	// nodejs
+	TelemetrySDKLanguageNodejs = TelemetrySDKLanguageKey.String("nodejs")
+	// php
+	TelemetrySDKLanguagePHP = TelemetrySDKLanguageKey.String("php")
+	// python
+	TelemetrySDKLanguagePython = TelemetrySDKLanguageKey.String("python")
+	// ruby
+	TelemetrySDKLanguageRuby = TelemetrySDKLanguageKey.String("ruby")
+	// rust
+	TelemetrySDKLanguageRust = TelemetrySDKLanguageKey.String("rust")
+	// swift
+	TelemetrySDKLanguageSwift = TelemetrySDKLanguageKey.String("swift")
+	// webjs
+	TelemetrySDKLanguageWebjs = TelemetrySDKLanguageKey.String("webjs")
+)
+
+// TelemetrySDKName returns an attribute KeyValue conforming to the
+// "telemetry.sdk.name" semantic conventions. It represents the name of the
+// telemetry SDK as defined above.
+func TelemetrySDKName(val string) attribute.KeyValue {
+	return TelemetrySDKNameKey.String(val)
+}
+
+// TelemetrySDKVersion returns an attribute KeyValue conforming to the
+// "telemetry.sdk.version" semantic conventions. It represents the version
+// string of the telemetry SDK.
+func TelemetrySDKVersion(val string) attribute.KeyValue {
+	return TelemetrySDKVersionKey.String(val)
+}
+
+// The telemetry SDK used to capture data recorded by the instrumentation
+// libraries.
+const (
+	// TelemetryAutoVersionKey is the attribute Key conforming to the
+	// "telemetry.auto.version" semantic conventions. It represents the version
+	// string of the auto instrumentation agent, if used.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: '1.2.3'
+	TelemetryAutoVersionKey = attribute.Key("telemetry.auto.version")
+)
+
+// TelemetryAutoVersion returns an attribute KeyValue conforming to the
+// "telemetry.auto.version" semantic conventions. It represents the version
+// string of the auto instrumentation agent, if used.
+func TelemetryAutoVersion(val string) attribute.KeyValue {
+	return TelemetryAutoVersionKey.String(val)
+}
+
+// Resource describing the packaged software running the application code. Web
+// engines are typically executed using process.runtime.
+const (
+	// WebEngineNameKey is the attribute Key conforming to the "webengine.name"
+	// semantic conventions. It represents the name of the web engine.
+	//
+	// Type: string
+	// RequirementLevel: Required
+	// Stability: stable
+	// Examples: 'WildFly'
+	WebEngineNameKey = attribute.Key("webengine.name")
+
+	// WebEngineVersionKey is the attribute Key conforming to the
+	// "webengine.version" semantic conventions. It represents the version of
+	// the web engine.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: '21.0.0'
+	WebEngineVersionKey = attribute.Key("webengine.version")
+
+	// WebEngineDescriptionKey is the attribute Key conforming to the
+	// "webengine.description" semantic conventions. It represents the
+	// additional description of the web engine (e.g. detailed version and
+	// edition information).
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'WildFly Full 21.0.0.Final (WildFly Core 13.0.1.Final) -
+	// 2.2.2.Final'
+	WebEngineDescriptionKey = attribute.Key("webengine.description")
+)
+
+// WebEngineName returns an attribute KeyValue conforming to the
+// "webengine.name" semantic conventions. It represents the name of the web
+// engine.
+func WebEngineName(val string) attribute.KeyValue {
+	return WebEngineNameKey.String(val)
+}
+
+// WebEngineVersion returns an attribute KeyValue conforming to the
+// "webengine.version" semantic conventions. It represents the version of the
+// web engine.
+func WebEngineVersion(val string) attribute.KeyValue {
+	return WebEngineVersionKey.String(val)
+}
+
+// WebEngineDescription returns an attribute KeyValue conforming to the
+// "webengine.description" semantic conventions. It represents the additional
+// description of the web engine (e.g. detailed version and edition
+// information).
+func WebEngineDescription(val string) attribute.KeyValue {
+	return WebEngineDescriptionKey.String(val)
+}
+
+// Attributes used by non-OTLP exporters to represent OpenTelemetry Scope's
+// concepts.
+const (
+	// OTelScopeNameKey is the attribute Key conforming to the
+	// "otel.scope.name" semantic conventions. It represents the name of the
+	// instrumentation scope - (`InstrumentationScope.Name` in OTLP).
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'io.opentelemetry.contrib.mongodb'
+	OTelScopeNameKey = attribute.Key("otel.scope.name")
+
+	// OTelScopeVersionKey is the attribute Key conforming to the
+	// "otel.scope.version" semantic conventions. It represents the version of
+	// the instrumentation scope - (`InstrumentationScope.Version` in OTLP).
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: '1.0.0'
+	OTelScopeVersionKey = attribute.Key("otel.scope.version")
+)
+
+// OTelScopeName returns an attribute KeyValue conforming to the
+// "otel.scope.name" semantic conventions. It represents the name of the
+// instrumentation scope - (`InstrumentationScope.Name` in OTLP).
+func OTelScopeName(val string) attribute.KeyValue {
+	return OTelScopeNameKey.String(val)
+}
+
+// OTelScopeVersion returns an attribute KeyValue conforming to the
+// "otel.scope.version" semantic conventions. It represents the version of the
+// instrumentation scope - (`InstrumentationScope.Version` in OTLP).
+func OTelScopeVersion(val string) attribute.KeyValue {
+	return OTelScopeVersionKey.String(val)
+}
+
+// Span attributes used by non-OTLP exporters to represent OpenTelemetry
+// Scope's concepts.
+const (
+	// OTelLibraryNameKey is the attribute Key conforming to the
+	// "otel.library.name" semantic conventions. It represents the deprecated,
+	// use the `otel.scope.name` attribute.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: deprecated
+	// Examples: 'io.opentelemetry.contrib.mongodb'
+	OTelLibraryNameKey = attribute.Key("otel.library.name")
+
+	// OTelLibraryVersionKey is the attribute Key conforming to the
+	// "otel.library.version" semantic conventions. It represents the
+	// deprecated, use the `otel.scope.version` attribute.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: deprecated
+	// Examples: '1.0.0'
+	OTelLibraryVersionKey = attribute.Key("otel.library.version")
+)
+
+// OTelLibraryName returns an attribute KeyValue conforming to the
+// "otel.library.name" semantic conventions. It represents the deprecated, use
+// the `otel.scope.name` attribute.
+func OTelLibraryName(val string) attribute.KeyValue {
+	return OTelLibraryNameKey.String(val)
+}
+
+// OTelLibraryVersion returns an attribute KeyValue conforming to the
+// "otel.library.version" semantic conventions. It represents the deprecated,
+// use the `otel.scope.version` attribute.
+func OTelLibraryVersion(val string) attribute.KeyValue {
+	return OTelLibraryVersionKey.String(val)
+}
diff --git a/apis/vendor/go.opentelemetry.io/otel/semconv/v1.21.0/schema.go b/apis/vendor/go.opentelemetry.io/otel/semconv/v1.21.0/schema.go
new file mode 100644
index 000000000..66ffd5989
--- /dev/null
+++ b/apis/vendor/go.opentelemetry.io/otel/semconv/v1.21.0/schema.go
@@ -0,0 +1,20 @@
+// Copyright The OpenTelemetry Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package semconv // import "go.opentelemetry.io/otel/semconv/v1.21.0"
+
+// SchemaURL is the schema URL that matches the version of the semantic conventions
+// that this package defines. Semconv packages starting from v1.4.0 must declare
+// non-empty schema URL in the form https://opentelemetry.io/schemas/<version>
+const SchemaURL = "https://opentelemetry.io/schemas/1.21.0"
diff --git a/apis/vendor/go.opentelemetry.io/otel/semconv/v1.21.0/trace.go b/apis/vendor/go.opentelemetry.io/otel/semconv/v1.21.0/trace.go
new file mode 100644
index 000000000..b5a91450d
--- /dev/null
+++ b/apis/vendor/go.opentelemetry.io/otel/semconv/v1.21.0/trace.go
@@ -0,0 +1,2495 @@
+// Copyright The OpenTelemetry Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Code generated from semantic convention specification. DO NOT EDIT.
+
+package semconv // import "go.opentelemetry.io/otel/semconv/v1.21.0"
+
+import "go.opentelemetry.io/otel/attribute"
+
+// The shared attributes used to report a single exception associated with a
+// span or log.
+const (
+	// ExceptionTypeKey is the attribute Key conforming to the "exception.type"
+	// semantic conventions. It represents the type of the exception (its
+	// fully-qualified class name, if applicable). The dynamic type of the
+	// exception should be preferred over the static type in languages that
+	// support it.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'java.net.ConnectException', 'OSError'
+	ExceptionTypeKey = attribute.Key("exception.type")
+
+	// ExceptionMessageKey is the attribute Key conforming to the
+	// "exception.message" semantic conventions. It represents the exception
+	// message.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'Division by zero', "Can't convert 'int' object to str
+	// implicitly"
+	ExceptionMessageKey = attribute.Key("exception.message")
+
+	// ExceptionStacktraceKey is the attribute Key conforming to the
+	// "exception.stacktrace" semantic conventions. It represents a stacktrace
+	// as a string in the natural representation for the language runtime. The
+	// representation is to be determined and documented by each language SIG.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'Exception in thread "main" java.lang.RuntimeException: Test
+	// exception\\n at '
+	//  'com.example.GenerateTrace.methodB(GenerateTrace.java:13)\\n at '
+	//  'com.example.GenerateTrace.methodA(GenerateTrace.java:9)\\n at '
+	//  'com.example.GenerateTrace.main(GenerateTrace.java:5)'
+	ExceptionStacktraceKey = attribute.Key("exception.stacktrace")
+)
+
+// ExceptionType returns an attribute KeyValue conforming to the
+// "exception.type" semantic conventions. It represents the type of the
+// exception (its fully-qualified class name, if applicable). The dynamic type
+// of the exception should be preferred over the static type in languages that
+// support it.
+func ExceptionType(val string) attribute.KeyValue {
+	return ExceptionTypeKey.String(val)
+}
+
+// ExceptionMessage returns an attribute KeyValue conforming to the
+// "exception.message" semantic conventions. It represents the exception
+// message.
+func ExceptionMessage(val string) attribute.KeyValue {
+	return ExceptionMessageKey.String(val)
+}
+
+// ExceptionStacktrace returns an attribute KeyValue conforming to the
+// "exception.stacktrace" semantic conventions. It represents a stacktrace as a
+// string in the natural representation for the language runtime. The
+// representation is to be determined and documented by each language SIG.
+func ExceptionStacktrace(val string) attribute.KeyValue {
+	return ExceptionStacktraceKey.String(val)
+}
+
+// Span attributes used by AWS Lambda (in addition to general `faas`
+// attributes).
+const (
+	// AWSLambdaInvokedARNKey is the attribute Key conforming to the
+	// "aws.lambda.invoked_arn" semantic conventions. It represents the full
+	// invoked ARN as provided on the `Context` passed to the function
+	// (`Lambda-Runtime-Invoked-Function-ARN` header on the
+	// `/runtime/invocation/next` applicable).
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'arn:aws:lambda:us-east-1:123456:function:myfunction:myalias'
+	// Note: This may be different from `cloud.resource_id` if an alias is
+	// involved.
+	AWSLambdaInvokedARNKey = attribute.Key("aws.lambda.invoked_arn")
+)
+
+// AWSLambdaInvokedARN returns an attribute KeyValue conforming to the
+// "aws.lambda.invoked_arn" semantic conventions. It represents the full
+// invoked ARN as provided on the `Context` passed to the function
+// (`Lambda-Runtime-Invoked-Function-ARN` header on the
+// `/runtime/invocation/next` applicable).
+func AWSLambdaInvokedARN(val string) attribute.KeyValue {
+	return AWSLambdaInvokedARNKey.String(val)
+}
+
+// Attributes for CloudEvents. CloudEvents is a specification on how to define
+// event data in a standard way. These attributes can be attached to spans when
+// performing operations with CloudEvents, regardless of the protocol being
+// used.
+const (
+	// CloudeventsEventIDKey is the attribute Key conforming to the
+	// "cloudevents.event_id" semantic conventions. It represents the
+	// [event_id](https://github.com/cloudevents/spec/blob/v1.0.2/cloudevents/spec.md#id)
+	// uniquely identifies the event.
+	//
+	// Type: string
+	// RequirementLevel: Required
+	// Stability: stable
+	// Examples: '123e4567-e89b-12d3-a456-426614174000', '0001'
+	CloudeventsEventIDKey = attribute.Key("cloudevents.event_id")
+
+	// CloudeventsEventSourceKey is the attribute Key conforming to the
+	// "cloudevents.event_source" semantic conventions. It represents the
+	// [source](https://github.com/cloudevents/spec/blob/v1.0.2/cloudevents/spec.md#source-1)
+	// identifies the context in which an event happened.
+	//
+	// Type: string
+	// RequirementLevel: Required
+	// Stability: stable
+	// Examples: 'https://github.com/cloudevents',
+	// '/cloudevents/spec/pull/123', 'my-service'
+	CloudeventsEventSourceKey = attribute.Key("cloudevents.event_source")
+
+	// CloudeventsEventSpecVersionKey is the attribute Key conforming to the
+	// "cloudevents.event_spec_version" semantic conventions. It represents the
+	// [version of the CloudEvents
+	// specification](https://github.com/cloudevents/spec/blob/v1.0.2/cloudevents/spec.md#specversion)
+	// which the event uses.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: '1.0'
+	CloudeventsEventSpecVersionKey = attribute.Key("cloudevents.event_spec_version")
+
+	// CloudeventsEventTypeKey is the attribute Key conforming to the
+	// "cloudevents.event_type" semantic conventions. It represents the
+	// [event_type](https://github.com/cloudevents/spec/blob/v1.0.2/cloudevents/spec.md#type)
+	// contains a value describing the type of event related to the originating
+	// occurrence.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'com.github.pull_request.opened',
+	// 'com.example.object.deleted.v2'
+	CloudeventsEventTypeKey = attribute.Key("cloudevents.event_type")
+
+	// CloudeventsEventSubjectKey is the attribute Key conforming to the
+	// "cloudevents.event_subject" semantic conventions. It represents the
+	// [subject](https://github.com/cloudevents/spec/blob/v1.0.2/cloudevents/spec.md#subject)
+	// of the event in the context of the event producer (identified by
+	// source).
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'mynewfile.jpg'
+	CloudeventsEventSubjectKey = attribute.Key("cloudevents.event_subject")
+)
+
+// CloudeventsEventID returns an attribute KeyValue conforming to the
+// "cloudevents.event_id" semantic conventions. It represents the
+// [event_id](https://github.com/cloudevents/spec/blob/v1.0.2/cloudevents/spec.md#id)
+// uniquely identifies the event.
+func CloudeventsEventID(val string) attribute.KeyValue {
+	return CloudeventsEventIDKey.String(val)
+}
+
+// CloudeventsEventSource returns an attribute KeyValue conforming to the
+// "cloudevents.event_source" semantic conventions. It represents the
+// [source](https://github.com/cloudevents/spec/blob/v1.0.2/cloudevents/spec.md#source-1)
+// identifies the context in which an event happened.
+func CloudeventsEventSource(val string) attribute.KeyValue {
+	return CloudeventsEventSourceKey.String(val)
+}
+
+// CloudeventsEventSpecVersion returns an attribute KeyValue conforming to
+// the "cloudevents.event_spec_version" semantic conventions. It represents the
+// [version of the CloudEvents
+// specification](https://github.com/cloudevents/spec/blob/v1.0.2/cloudevents/spec.md#specversion)
+// which the event uses.
+func CloudeventsEventSpecVersion(val string) attribute.KeyValue {
+	return CloudeventsEventSpecVersionKey.String(val)
+}
+
+// CloudeventsEventType returns an attribute KeyValue conforming to the
+// "cloudevents.event_type" semantic conventions. It represents the
+// [event_type](https://github.com/cloudevents/spec/blob/v1.0.2/cloudevents/spec.md#type)
+// contains a value describing the type of event related to the originating
+// occurrence.
+func CloudeventsEventType(val string) attribute.KeyValue {
+	return CloudeventsEventTypeKey.String(val)
+}
+
+// CloudeventsEventSubject returns an attribute KeyValue conforming to the
+// "cloudevents.event_subject" semantic conventions. It represents the
+// [subject](https://github.com/cloudevents/spec/blob/v1.0.2/cloudevents/spec.md#subject)
+// of the event in the context of the event producer (identified by source).
+func CloudeventsEventSubject(val string) attribute.KeyValue {
+	return CloudeventsEventSubjectKey.String(val)
+}
+
+// Semantic conventions for the OpenTracing Shim
+const (
+	// OpentracingRefTypeKey is the attribute Key conforming to the
+	// "opentracing.ref_type" semantic conventions. It represents the
+	// parent-child Reference type
+	//
+	// Type: Enum
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Note: The causal relationship between a child Span and a parent Span.
+	OpentracingRefTypeKey = attribute.Key("opentracing.ref_type")
+)
+
+var (
+	// The parent Span depends on the child Span in some capacity
+	OpentracingRefTypeChildOf = OpentracingRefTypeKey.String("child_of")
+	// The parent Span does not depend in any way on the result of the child Span
+	OpentracingRefTypeFollowsFrom = OpentracingRefTypeKey.String("follows_from")
+)
+
+// The attributes used to perform database client calls.
+const (
+	// DBSystemKey is the attribute Key conforming to the "db.system" semantic
+	// conventions. It represents an identifier for the database management
+	// system (DBMS) product being used. See below for a list of well-known
+	// identifiers.
+	//
+	// Type: Enum
+	// RequirementLevel: Required
+	// Stability: stable
+	DBSystemKey = attribute.Key("db.system")
+
+	// DBConnectionStringKey is the attribute Key conforming to the
+	// "db.connection_string" semantic conventions. It represents the
+	// connection string used to connect to the database. It is recommended to
+	// remove embedded credentials.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'Server=(localdb)\\v11.0;Integrated Security=true;'
+	DBConnectionStringKey = attribute.Key("db.connection_string")
+
+	// DBUserKey is the attribute Key conforming to the "db.user" semantic
+	// conventions. It represents the username for accessing the database.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'readonly_user', 'reporting_user'
+	DBUserKey = attribute.Key("db.user")
+
+	// DBJDBCDriverClassnameKey is the attribute Key conforming to the
+	// "db.jdbc.driver_classname" semantic conventions. It represents the
+	// fully-qualified class name of the [Java Database Connectivity
+	// (JDBC)](https://docs.oracle.com/javase/8/docs/technotes/guides/jdbc/)
+	// driver used to connect.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'org.postgresql.Driver',
+	// 'com.microsoft.sqlserver.jdbc.SQLServerDriver'
+	DBJDBCDriverClassnameKey = attribute.Key("db.jdbc.driver_classname")
+
+	// DBNameKey is the attribute Key conforming to the "db.name" semantic
+	// conventions. It represents the this attribute is used to report the name
+	// of the database being accessed. For commands that switch the database,
+	// this should be set to the target database (even if the command fails).
+	//
+	// Type: string
+	// RequirementLevel: ConditionallyRequired (If applicable.)
+	// Stability: stable
+	// Examples: 'customers', 'main'
+	// Note: In some SQL databases, the database name to be used is called
+	// "schema name". In case there are multiple layers that could be
+	// considered for database name (e.g. Oracle instance name and schema
+	// name), the database name to be used is the more specific layer (e.g.
+	// Oracle schema name).
+	DBNameKey = attribute.Key("db.name")
+
+	// DBStatementKey is the attribute Key conforming to the "db.statement"
+	// semantic conventions. It represents the database statement being
+	// executed.
+	//
+	// Type: string
+	// RequirementLevel: Recommended (Should be collected by default only if
+	// there is sanitization that excludes sensitive information.)
+	// Stability: stable
+	// Examples: 'SELECT * FROM wuser_table', 'SET mykey "WuValue"'
+	DBStatementKey = attribute.Key("db.statement")
+
+	// DBOperationKey is the attribute Key conforming to the "db.operation"
+	// semantic conventions. It represents the name of the operation being
+	// executed, e.g. the [MongoDB command
+	// name](https://docs.mongodb.com/manual/reference/command/#database-operations)
+	// such as `findAndModify`, or the SQL keyword.
+	//
+	// Type: string
+	// RequirementLevel: ConditionallyRequired (If `db.statement` is not
+	// applicable.)
+	// Stability: stable
+	// Examples: 'findAndModify', 'HMSET', 'SELECT'
+	// Note: When setting this to an SQL keyword, it is not recommended to
+	// attempt any client-side parsing of `db.statement` just to get this
+	// property, but it should be set if the operation name is provided by the
+	// library being instrumented. If the SQL statement has an ambiguous
+	// operation, or performs more than one operation, this value may be
+	// omitted.
+	DBOperationKey = attribute.Key("db.operation")
+)
+
+var (
+	// Some other SQL database. Fallback only. See notes
+	DBSystemOtherSQL = DBSystemKey.String("other_sql")
+	// Microsoft SQL Server
+	DBSystemMSSQL = DBSystemKey.String("mssql")
+	// Microsoft SQL Server Compact
+	DBSystemMssqlcompact = DBSystemKey.String("mssqlcompact")
+	// MySQL
+	DBSystemMySQL = DBSystemKey.String("mysql")
+	// Oracle Database
+	DBSystemOracle = DBSystemKey.String("oracle")
+	// IBM DB2
+	DBSystemDB2 = DBSystemKey.String("db2")
+	// PostgreSQL
+	DBSystemPostgreSQL = DBSystemKey.String("postgresql")
+	// Amazon Redshift
+	DBSystemRedshift = DBSystemKey.String("redshift")
+	// Apache Hive
+	DBSystemHive = DBSystemKey.String("hive")
+	// Cloudscape
+	DBSystemCloudscape = DBSystemKey.String("cloudscape")
+	// HyperSQL DataBase
+	DBSystemHSQLDB = DBSystemKey.String("hsqldb")
+	// Progress Database
+	DBSystemProgress = DBSystemKey.String("progress")
+	// SAP MaxDB
+	DBSystemMaxDB = DBSystemKey.String("maxdb")
+	// SAP HANA
+	DBSystemHanaDB = DBSystemKey.String("hanadb")
+	// Ingres
+	DBSystemIngres = DBSystemKey.String("ingres")
+	// FirstSQL
+	DBSystemFirstSQL = DBSystemKey.String("firstsql")
+	// EnterpriseDB
+	DBSystemEDB = DBSystemKey.String("edb")
+	// InterSystems Caché
+	DBSystemCache = DBSystemKey.String("cache")
+	// Adabas (Adaptable Database System)
+	DBSystemAdabas = DBSystemKey.String("adabas")
+	// Firebird
+	DBSystemFirebird = DBSystemKey.String("firebird")
+	// Apache Derby
+	DBSystemDerby = DBSystemKey.String("derby")
+	// FileMaker
+	DBSystemFilemaker = DBSystemKey.String("filemaker")
+	// Informix
+	DBSystemInformix = DBSystemKey.String("informix")
+	// InstantDB
+	DBSystemInstantDB = DBSystemKey.String("instantdb")
+	// InterBase
+	DBSystemInterbase = DBSystemKey.String("interbase")
+	// MariaDB
+	DBSystemMariaDB = DBSystemKey.String("mariadb")
+	// Netezza
+	DBSystemNetezza = DBSystemKey.String("netezza")
+	// Pervasive PSQL
+	DBSystemPervasive = DBSystemKey.String("pervasive")
+	// PointBase
+	DBSystemPointbase = DBSystemKey.String("pointbase")
+	// SQLite
+	DBSystemSqlite = DBSystemKey.String("sqlite")
+	// Sybase
+	DBSystemSybase = DBSystemKey.String("sybase")
+	// Teradata
+	DBSystemTeradata = DBSystemKey.String("teradata")
+	// Vertica
+	DBSystemVertica = DBSystemKey.String("vertica")
+	// H2
+	DBSystemH2 = DBSystemKey.String("h2")
+	// ColdFusion IMQ
+	DBSystemColdfusion = DBSystemKey.String("coldfusion")
+	// Apache Cassandra
+	DBSystemCassandra = DBSystemKey.String("cassandra")
+	// Apache HBase
+	DBSystemHBase = DBSystemKey.String("hbase")
+	// MongoDB
+	DBSystemMongoDB = DBSystemKey.String("mongodb")
+	// Redis
+	DBSystemRedis = DBSystemKey.String("redis")
+	// Couchbase
+	DBSystemCouchbase = DBSystemKey.String("couchbase")
+	// CouchDB
+	DBSystemCouchDB = DBSystemKey.String("couchdb")
+	// Microsoft Azure Cosmos DB
+	DBSystemCosmosDB = DBSystemKey.String("cosmosdb")
+	// Amazon DynamoDB
+	DBSystemDynamoDB = DBSystemKey.String("dynamodb")
+	// Neo4j
+	DBSystemNeo4j = DBSystemKey.String("neo4j")
+	// Apache Geode
+	DBSystemGeode = DBSystemKey.String("geode")
+	// Elasticsearch
+	DBSystemElasticsearch = DBSystemKey.String("elasticsearch")
+	// Memcached
+	DBSystemMemcached = DBSystemKey.String("memcached")
+	// CockroachDB
+	DBSystemCockroachdb = DBSystemKey.String("cockroachdb")
+	// OpenSearch
+	DBSystemOpensearch = DBSystemKey.String("opensearch")
+	// ClickHouse
+	DBSystemClickhouse = DBSystemKey.String("clickhouse")
+	// Cloud Spanner
+	DBSystemSpanner = DBSystemKey.String("spanner")
+	// Trino
+	DBSystemTrino = DBSystemKey.String("trino")
+)
+
+// DBConnectionString returns an attribute KeyValue conforming to the
+// "db.connection_string" semantic conventions. It represents the connection
+// string used to connect to the database. It is recommended to remove embedded
+// credentials.
+func DBConnectionString(val string) attribute.KeyValue {
+	return DBConnectionStringKey.String(val)
+}
+
+// DBUser returns an attribute KeyValue conforming to the "db.user" semantic
+// conventions. It represents the username for accessing the database.
+func DBUser(val string) attribute.KeyValue {
+	return DBUserKey.String(val)
+}
+
+// DBJDBCDriverClassname returns an attribute KeyValue conforming to the
+// "db.jdbc.driver_classname" semantic conventions. It represents the
+// fully-qualified class name of the [Java Database Connectivity
+// (JDBC)](https://docs.oracle.com/javase/8/docs/technotes/guides/jdbc/) driver
+// used to connect.
+func DBJDBCDriverClassname(val string) attribute.KeyValue {
+	return DBJDBCDriverClassnameKey.String(val)
+}
+
+// DBName returns an attribute KeyValue conforming to the "db.name" semantic
+// conventions. It represents the this attribute is used to report the name of
+// the database being accessed. For commands that switch the database, this
+// should be set to the target database (even if the command fails).
+func DBName(val string) attribute.KeyValue {
+	return DBNameKey.String(val)
+}
+
+// DBStatement returns an attribute KeyValue conforming to the
+// "db.statement" semantic conventions. It represents the database statement
+// being executed.
+func DBStatement(val string) attribute.KeyValue {
+	return DBStatementKey.String(val)
+}
+
+// DBOperation returns an attribute KeyValue conforming to the
+// "db.operation" semantic conventions. It represents the name of the operation
+// being executed, e.g. the [MongoDB command
+// name](https://docs.mongodb.com/manual/reference/command/#database-operations)
+// such as `findAndModify`, or the SQL keyword.
+func DBOperation(val string) attribute.KeyValue {
+	return DBOperationKey.String(val)
+}
+
+// Connection-level attributes for Microsoft SQL Server
+const (
+	// DBMSSQLInstanceNameKey is the attribute Key conforming to the
+	// "db.mssql.instance_name" semantic conventions. It represents the
+	// Microsoft SQL Server [instance
+	// name](https://docs.microsoft.com/en-us/sql/connect/jdbc/building-the-connection-url?view=sql-server-ver15)
+	// connecting to. This name is used to determine the port of a named
+	// instance.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'MSSQLSERVER'
+	// Note: If setting a `db.mssql.instance_name`, `server.port` is no longer
+	// required (but still recommended if non-standard).
+	DBMSSQLInstanceNameKey = attribute.Key("db.mssql.instance_name")
+)
+
+// DBMSSQLInstanceName returns an attribute KeyValue conforming to the
+// "db.mssql.instance_name" semantic conventions. It represents the Microsoft
+// SQL Server [instance
+// name](https://docs.microsoft.com/en-us/sql/connect/jdbc/building-the-connection-url?view=sql-server-ver15)
+// connecting to. This name is used to determine the port of a named instance.
+func DBMSSQLInstanceName(val string) attribute.KeyValue {
+	return DBMSSQLInstanceNameKey.String(val)
+}
+
+// Call-level attributes for Cassandra
+const (
+	// DBCassandraPageSizeKey is the attribute Key conforming to the
+	// "db.cassandra.page_size" semantic conventions. It represents the fetch
+	// size used for paging, i.e. how many rows will be returned at once.
+	//
+	// Type: int
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 5000
+	DBCassandraPageSizeKey = attribute.Key("db.cassandra.page_size")
+
+	// DBCassandraConsistencyLevelKey is the attribute Key conforming to the
+	// "db.cassandra.consistency_level" semantic conventions. It represents the
+	// consistency level of the query. Based on consistency values from
+	// [CQL](https://docs.datastax.com/en/cassandra-oss/3.0/cassandra/dml/dmlConfigConsistency.html).
+	//
+	// Type: Enum
+	// RequirementLevel: Optional
+	// Stability: stable
+	DBCassandraConsistencyLevelKey = attribute.Key("db.cassandra.consistency_level")
+
+	// DBCassandraTableKey is the attribute Key conforming to the
+	// "db.cassandra.table" semantic conventions. It represents the name of the
+	// primary table that the operation is acting upon, including the keyspace
+	// name (if applicable).
+	//
+	// Type: string
+	// RequirementLevel: Recommended
+	// Stability: stable
+	// Examples: 'mytable'
+	// Note: This mirrors the db.sql.table attribute but references cassandra
+	// rather than sql. It is not recommended to attempt any client-side
+	// parsing of `db.statement` just to get this property, but it should be
+	// set if it is provided by the library being instrumented. If the
+	// operation is acting upon an anonymous table, or more than one table,
+	// this value MUST NOT be set.
+	DBCassandraTableKey = attribute.Key("db.cassandra.table")
+
+	// DBCassandraIdempotenceKey is the attribute Key conforming to the
+	// "db.cassandra.idempotence" semantic conventions. It represents the
+	// whether or not the query is idempotent.
+	//
+	// Type: boolean
+	// RequirementLevel: Optional
+	// Stability: stable
+	DBCassandraIdempotenceKey = attribute.Key("db.cassandra.idempotence")
+
+	// DBCassandraSpeculativeExecutionCountKey is the attribute Key conforming
+	// to the "db.cassandra.speculative_execution_count" semantic conventions.
+	// It represents the number of times a query was speculatively executed.
+	// Not set or `0` if the query was not executed speculatively.
+	//
+	// Type: int
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 0, 2
+	DBCassandraSpeculativeExecutionCountKey = attribute.Key("db.cassandra.speculative_execution_count")
+
+	// DBCassandraCoordinatorIDKey is the attribute Key conforming to the
+	// "db.cassandra.coordinator.id" semantic conventions. It represents the ID
+	// of the coordinating node for a query.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'be13faa2-8574-4d71-926d-27f16cf8a7af'
+	DBCassandraCoordinatorIDKey = attribute.Key("db.cassandra.coordinator.id")
+
+	// DBCassandraCoordinatorDCKey is the attribute Key conforming to the
+	// "db.cassandra.coordinator.dc" semantic conventions. It represents the
+	// data center of the coordinating node for a query.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'us-west-2'
+	DBCassandraCoordinatorDCKey = attribute.Key("db.cassandra.coordinator.dc")
+)
+
+var (
+	// all
+	DBCassandraConsistencyLevelAll = DBCassandraConsistencyLevelKey.String("all")
+	// each_quorum
+	DBCassandraConsistencyLevelEachQuorum = DBCassandraConsistencyLevelKey.String("each_quorum")
+	// quorum
+	DBCassandraConsistencyLevelQuorum = DBCassandraConsistencyLevelKey.String("quorum")
+	// local_quorum
+	DBCassandraConsistencyLevelLocalQuorum = DBCassandraConsistencyLevelKey.String("local_quorum")
+	// one
+	DBCassandraConsistencyLevelOne = DBCassandraConsistencyLevelKey.String("one")
+	// two
+	DBCassandraConsistencyLevelTwo = DBCassandraConsistencyLevelKey.String("two")
+	// three
+	DBCassandraConsistencyLevelThree = DBCassandraConsistencyLevelKey.String("three")
+	// local_one
+	DBCassandraConsistencyLevelLocalOne = DBCassandraConsistencyLevelKey.String("local_one")
+	// any
+	DBCassandraConsistencyLevelAny = DBCassandraConsistencyLevelKey.String("any")
+	// serial
+	DBCassandraConsistencyLevelSerial = DBCassandraConsistencyLevelKey.String("serial")
+	// local_serial
+	DBCassandraConsistencyLevelLocalSerial = DBCassandraConsistencyLevelKey.String("local_serial")
+)
+
+// DBCassandraPageSize returns an attribute KeyValue conforming to the
+// "db.cassandra.page_size" semantic conventions. It represents the fetch size
+// used for paging, i.e. how many rows will be returned at once.
+func DBCassandraPageSize(val int) attribute.KeyValue {
+	return DBCassandraPageSizeKey.Int(val)
+}
+
+// DBCassandraTable returns an attribute KeyValue conforming to the
+// "db.cassandra.table" semantic conventions. It represents the name of the
+// primary table that the operation is acting upon, including the keyspace name
+// (if applicable).
+func DBCassandraTable(val string) attribute.KeyValue {
+	return DBCassandraTableKey.String(val)
+}
+
+// DBCassandraIdempotence returns an attribute KeyValue conforming to the
+// "db.cassandra.idempotence" semantic conventions. It represents the whether
+// or not the query is idempotent.
+func DBCassandraIdempotence(val bool) attribute.KeyValue {
+	return DBCassandraIdempotenceKey.Bool(val)
+}
+
+// DBCassandraSpeculativeExecutionCount returns an attribute KeyValue
+// conforming to the "db.cassandra.speculative_execution_count" semantic
+// conventions. It represents the number of times a query was speculatively
+// executed. Not set or `0` if the query was not executed speculatively.
+func DBCassandraSpeculativeExecutionCount(val int) attribute.KeyValue {
+	return DBCassandraSpeculativeExecutionCountKey.Int(val)
+}
+
+// DBCassandraCoordinatorID returns an attribute KeyValue conforming to the
+// "db.cassandra.coordinator.id" semantic conventions. It represents the ID of
+// the coordinating node for a query.
+func DBCassandraCoordinatorID(val string) attribute.KeyValue {
+	return DBCassandraCoordinatorIDKey.String(val)
+}
+
+// DBCassandraCoordinatorDC returns an attribute KeyValue conforming to the
+// "db.cassandra.coordinator.dc" semantic conventions. It represents the data
+// center of the coordinating node for a query.
+func DBCassandraCoordinatorDC(val string) attribute.KeyValue {
+	return DBCassandraCoordinatorDCKey.String(val)
+}
+
+// Call-level attributes for Redis
+const (
+	// DBRedisDBIndexKey is the attribute Key conforming to the
+	// "db.redis.database_index" semantic conventions. It represents the index
+	// of the database being accessed as used in the [`SELECT`
+	// command](https://redis.io/commands/select), provided as an integer. To
+	// be used instead of the generic `db.name` attribute.
+	//
+	// Type: int
+	// RequirementLevel: ConditionallyRequired (If other than the default
+	// database (`0`).)
+	// Stability: stable
+	// Examples: 0, 1, 15
+	DBRedisDBIndexKey = attribute.Key("db.redis.database_index")
+)
+
+// DBRedisDBIndex returns an attribute KeyValue conforming to the
+// "db.redis.database_index" semantic conventions. It represents the index of
+// the database being accessed as used in the [`SELECT`
+// command](https://redis.io/commands/select), provided as an integer. To be
+// used instead of the generic `db.name` attribute.
+func DBRedisDBIndex(val int) attribute.KeyValue {
+	return DBRedisDBIndexKey.Int(val)
+}
+
+// Call-level attributes for MongoDB
+const (
+	// DBMongoDBCollectionKey is the attribute Key conforming to the
+	// "db.mongodb.collection" semantic conventions. It represents the
+	// collection being accessed within the database stated in `db.name`.
+	//
+	// Type: string
+	// RequirementLevel: Required
+	// Stability: stable
+	// Examples: 'customers', 'products'
+	DBMongoDBCollectionKey = attribute.Key("db.mongodb.collection")
+)
+
+// DBMongoDBCollection returns an attribute KeyValue conforming to the
+// "db.mongodb.collection" semantic conventions. It represents the collection
+// being accessed within the database stated in `db.name`.
+func DBMongoDBCollection(val string) attribute.KeyValue {
+	return DBMongoDBCollectionKey.String(val)
+}
+
+// Call-level attributes for SQL databases
+const (
+	// DBSQLTableKey is the attribute Key conforming to the "db.sql.table"
+	// semantic conventions. It represents the name of the primary table that
+	// the operation is acting upon, including the database name (if
+	// applicable).
+	//
+	// Type: string
+	// RequirementLevel: Recommended
+	// Stability: stable
+	// Examples: 'public.users', 'customers'
+	// Note: It is not recommended to attempt any client-side parsing of
+	// `db.statement` just to get this property, but it should be set if it is
+	// provided by the library being instrumented. If the operation is acting
+	// upon an anonymous table, or more than one table, this value MUST NOT be
+	// set.
+	DBSQLTableKey = attribute.Key("db.sql.table")
+)
+
+// DBSQLTable returns an attribute KeyValue conforming to the "db.sql.table"
+// semantic conventions. It represents the name of the primary table that the
+// operation is acting upon, including the database name (if applicable).
+func DBSQLTable(val string) attribute.KeyValue {
+	return DBSQLTableKey.String(val)
+}
+
+// Call-level attributes for Cosmos DB.
+const (
+	// DBCosmosDBClientIDKey is the attribute Key conforming to the
+	// "db.cosmosdb.client_id" semantic conventions. It represents the unique
+	// Cosmos client instance id.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: '3ba4827d-4422-483f-b59f-85b74211c11d'
+	DBCosmosDBClientIDKey = attribute.Key("db.cosmosdb.client_id")
+
+	// DBCosmosDBOperationTypeKey is the attribute Key conforming to the
+	// "db.cosmosdb.operation_type" semantic conventions. It represents the
+	// cosmosDB Operation Type.
+	//
+	// Type: Enum
+	// RequirementLevel: ConditionallyRequired (when performing one of the
+	// operations in this list)
+	// Stability: stable
+	DBCosmosDBOperationTypeKey = attribute.Key("db.cosmosdb.operation_type")
+
+	// DBCosmosDBConnectionModeKey is the attribute Key conforming to the
+	// "db.cosmosdb.connection_mode" semantic conventions. It represents the
+	// cosmos client connection mode.
+	//
+	// Type: Enum
+	// RequirementLevel: ConditionallyRequired (if not `direct` (or pick gw as
+	// default))
+	// Stability: stable
+	DBCosmosDBConnectionModeKey = attribute.Key("db.cosmosdb.connection_mode")
+
+	// DBCosmosDBContainerKey is the attribute Key conforming to the
+	// "db.cosmosdb.container" semantic conventions. It represents the cosmos
+	// DB container name.
+	//
+	// Type: string
+	// RequirementLevel: ConditionallyRequired (if available)
+	// Stability: stable
+	// Examples: 'anystring'
+	DBCosmosDBContainerKey = attribute.Key("db.cosmosdb.container")
+
+	// DBCosmosDBRequestContentLengthKey is the attribute Key conforming to the
+	// "db.cosmosdb.request_content_length" semantic conventions. It represents
+	// the request payload size in bytes
+	//
+	// Type: int
+	// RequirementLevel: Optional
+	// Stability: stable
+	DBCosmosDBRequestContentLengthKey = attribute.Key("db.cosmosdb.request_content_length")
+
+	// DBCosmosDBStatusCodeKey is the attribute Key conforming to the
+	// "db.cosmosdb.status_code" semantic conventions. It represents the cosmos
+	// DB status code.
+	//
+	// Type: int
+	// RequirementLevel: ConditionallyRequired (if response was received)
+	// Stability: stable
+	// Examples: 200, 201
+	DBCosmosDBStatusCodeKey = attribute.Key("db.cosmosdb.status_code")
+
+	// DBCosmosDBSubStatusCodeKey is the attribute Key conforming to the
+	// "db.cosmosdb.sub_status_code" semantic conventions. It represents the
+	// cosmos DB sub status code.
+	//
+	// Type: int
+	// RequirementLevel: ConditionallyRequired (when response was received and
+	// contained sub-code.)
+	// Stability: stable
+	// Examples: 1000, 1002
+	DBCosmosDBSubStatusCodeKey = attribute.Key("db.cosmosdb.sub_status_code")
+
+	// DBCosmosDBRequestChargeKey is the attribute Key conforming to the
+	// "db.cosmosdb.request_charge" semantic conventions. It represents the rU
+	// consumed for that operation
+	//
+	// Type: double
+	// RequirementLevel: ConditionallyRequired (when available)
+	// Stability: stable
+	// Examples: 46.18, 1.0
+	DBCosmosDBRequestChargeKey = attribute.Key("db.cosmosdb.request_charge")
+)
+
+var (
+	// invalid
+	DBCosmosDBOperationTypeInvalid = DBCosmosDBOperationTypeKey.String("Invalid")
+	// create
+	DBCosmosDBOperationTypeCreate = DBCosmosDBOperationTypeKey.String("Create")
+	// patch
+	DBCosmosDBOperationTypePatch = DBCosmosDBOperationTypeKey.String("Patch")
+	// read
+	DBCosmosDBOperationTypeRead = DBCosmosDBOperationTypeKey.String("Read")
+	// read_feed
+	DBCosmosDBOperationTypeReadFeed = DBCosmosDBOperationTypeKey.String("ReadFeed")
+	// delete
+	DBCosmosDBOperationTypeDelete = DBCosmosDBOperationTypeKey.String("Delete")
+	// replace
+	DBCosmosDBOperationTypeReplace = DBCosmosDBOperationTypeKey.String("Replace")
+	// execute
+	DBCosmosDBOperationTypeExecute = DBCosmosDBOperationTypeKey.String("Execute")
+	// query
+	DBCosmosDBOperationTypeQuery = DBCosmosDBOperationTypeKey.String("Query")
+	// head
+	DBCosmosDBOperationTypeHead = DBCosmosDBOperationTypeKey.String("Head")
+	// head_feed
+	DBCosmosDBOperationTypeHeadFeed = DBCosmosDBOperationTypeKey.String("HeadFeed")
+	// upsert
+	DBCosmosDBOperationTypeUpsert = DBCosmosDBOperationTypeKey.String("Upsert")
+	// batch
+	DBCosmosDBOperationTypeBatch = DBCosmosDBOperationTypeKey.String("Batch")
+	// query_plan
+	DBCosmosDBOperationTypeQueryPlan = DBCosmosDBOperationTypeKey.String("QueryPlan")
+	// execute_javascript
+	DBCosmosDBOperationTypeExecuteJavascript = DBCosmosDBOperationTypeKey.String("ExecuteJavaScript")
+)
+
+var (
+	// Gateway (HTTP) connections mode
+	DBCosmosDBConnectionModeGateway = DBCosmosDBConnectionModeKey.String("gateway")
+	// Direct connection
+	DBCosmosDBConnectionModeDirect = DBCosmosDBConnectionModeKey.String("direct")
+)
+
+// DBCosmosDBClientID returns an attribute KeyValue conforming to the
+// "db.cosmosdb.client_id" semantic conventions. It represents the unique
+// Cosmos client instance id.
+func DBCosmosDBClientID(val string) attribute.KeyValue {
+	return DBCosmosDBClientIDKey.String(val)
+}
+
+// DBCosmosDBContainer returns an attribute KeyValue conforming to the
+// "db.cosmosdb.container" semantic conventions. It represents the cosmos DB
+// container name.
+func DBCosmosDBContainer(val string) attribute.KeyValue {
+	return DBCosmosDBContainerKey.String(val)
+}
+
+// DBCosmosDBRequestContentLength returns an attribute KeyValue conforming
+// to the "db.cosmosdb.request_content_length" semantic conventions. It
+// represents the request payload size in bytes
+func DBCosmosDBRequestContentLength(val int) attribute.KeyValue {
+	return DBCosmosDBRequestContentLengthKey.Int(val)
+}
+
+// DBCosmosDBStatusCode returns an attribute KeyValue conforming to the
+// "db.cosmosdb.status_code" semantic conventions. It represents the cosmos DB
+// status code.
+func DBCosmosDBStatusCode(val int) attribute.KeyValue {
+	return DBCosmosDBStatusCodeKey.Int(val)
+}
+
+// DBCosmosDBSubStatusCode returns an attribute KeyValue conforming to the
+// "db.cosmosdb.sub_status_code" semantic conventions. It represents the cosmos
+// DB sub status code.
+func DBCosmosDBSubStatusCode(val int) attribute.KeyValue {
+	return DBCosmosDBSubStatusCodeKey.Int(val)
+}
+
+// DBCosmosDBRequestCharge returns an attribute KeyValue conforming to the
+// "db.cosmosdb.request_charge" semantic conventions. It represents the rU
+// consumed for that operation
+func DBCosmosDBRequestCharge(val float64) attribute.KeyValue {
+	return DBCosmosDBRequestChargeKey.Float64(val)
+}
+
+// Span attributes used by non-OTLP exporters to represent OpenTelemetry Span's
+// concepts.
+const (
+	// OTelStatusCodeKey is the attribute Key conforming to the
+	// "otel.status_code" semantic conventions. It represents the name of the
+	// code, either "OK" or "ERROR". MUST NOT be set if the status code is
+	// UNSET.
+	//
+	// Type: Enum
+	// RequirementLevel: Optional
+	// Stability: stable
+	OTelStatusCodeKey = attribute.Key("otel.status_code")
+
+	// OTelStatusDescriptionKey is the attribute Key conforming to the
+	// "otel.status_description" semantic conventions. It represents the
+	// description of the Status if it has a value, otherwise not set.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'resource not found'
+	OTelStatusDescriptionKey = attribute.Key("otel.status_description")
+)
+
+var (
+	// The operation has been validated by an Application developer or Operator to have completed successfully
+	OTelStatusCodeOk = OTelStatusCodeKey.String("OK")
+	// The operation contains an error
+	OTelStatusCodeError = OTelStatusCodeKey.String("ERROR")
+)
+
+// OTelStatusDescription returns an attribute KeyValue conforming to the
+// "otel.status_description" semantic conventions. It represents the
+// description of the Status if it has a value, otherwise not set.
+func OTelStatusDescription(val string) attribute.KeyValue {
+	return OTelStatusDescriptionKey.String(val)
+}
+
+// This semantic convention describes an instance of a function that runs
+// without provisioning or managing of servers (also known as serverless
+// functions or Function as a Service (FaaS)) with spans.
+const (
+	// FaaSTriggerKey is the attribute Key conforming to the "faas.trigger"
+	// semantic conventions. It represents the type of the trigger which caused
+	// this function invocation.
+	//
+	// Type: Enum
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Note: For the server/consumer span on the incoming side,
+	// `faas.trigger` MUST be set.
+	//
+	// Clients invoking FaaS instances usually cannot set `faas.trigger`,
+	// since they would typically need to look in the payload to determine
+	// the event type. If clients set it, it should be the same as the
+	// trigger that corresponding incoming would have (i.e., this has
+	// nothing to do with the underlying transport used to make the API
+	// call to invoke the lambda, which is often HTTP).
+	FaaSTriggerKey = attribute.Key("faas.trigger")
+
+	// FaaSInvocationIDKey is the attribute Key conforming to the
+	// "faas.invocation_id" semantic conventions. It represents the invocation
+	// ID of the current function invocation.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'af9d5aa4-a685-4c5f-a22b-444f80b3cc28'
+	FaaSInvocationIDKey = attribute.Key("faas.invocation_id")
+)
+
+var (
+	// A response to some data source operation such as a database or filesystem read/write
+	FaaSTriggerDatasource = FaaSTriggerKey.String("datasource")
+	// To provide an answer to an inbound HTTP request
+	FaaSTriggerHTTP = FaaSTriggerKey.String("http")
+	// A function is set to be executed when messages are sent to a messaging system
+	FaaSTriggerPubsub = FaaSTriggerKey.String("pubsub")
+	// A function is scheduled to be executed regularly
+	FaaSTriggerTimer = FaaSTriggerKey.String("timer")
+	// If none of the others apply
+	FaaSTriggerOther = FaaSTriggerKey.String("other")
+)
+
+// FaaSInvocationID returns an attribute KeyValue conforming to the
+// "faas.invocation_id" semantic conventions. It represents the invocation ID
+// of the current function invocation.
+func FaaSInvocationID(val string) attribute.KeyValue {
+	return FaaSInvocationIDKey.String(val)
+}
+
+// Semantic Convention for FaaS triggered as a response to some data source
+// operation such as a database or filesystem read/write.
+const (
+	// FaaSDocumentCollectionKey is the attribute Key conforming to the
+	// "faas.document.collection" semantic conventions. It represents the name
+	// of the source on which the triggering operation was performed. For
+	// example, in Cloud Storage or S3 corresponds to the bucket name, and in
+	// Cosmos DB to the database name.
+	//
+	// Type: string
+	// RequirementLevel: Required
+	// Stability: stable
+	// Examples: 'myBucketName', 'myDBName'
+	FaaSDocumentCollectionKey = attribute.Key("faas.document.collection")
+
+	// FaaSDocumentOperationKey is the attribute Key conforming to the
+	// "faas.document.operation" semantic conventions. It represents the
+	// describes the type of the operation that was performed on the data.
+	//
+	// Type: Enum
+	// RequirementLevel: Required
+	// Stability: stable
+	FaaSDocumentOperationKey = attribute.Key("faas.document.operation")
+
+	// FaaSDocumentTimeKey is the attribute Key conforming to the
+	// "faas.document.time" semantic conventions. It represents a string
+	// containing the time when the data was accessed in the [ISO
+	// 8601](https://www.iso.org/iso-8601-date-and-time-format.html) format
+	// expressed in [UTC](https://www.w3.org/TR/NOTE-datetime).
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: '2020-01-23T13:47:06Z'
+	FaaSDocumentTimeKey = attribute.Key("faas.document.time")
+
+	// FaaSDocumentNameKey is the attribute Key conforming to the
+	// "faas.document.name" semantic conventions. It represents the document
+	// name/table subjected to the operation. For example, in Cloud Storage or
+	// S3 is the name of the file, and in Cosmos DB the table name.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'myFile.txt', 'myTableName'
+	FaaSDocumentNameKey = attribute.Key("faas.document.name")
+)
+
+var (
+	// When a new object is created
+	FaaSDocumentOperationInsert = FaaSDocumentOperationKey.String("insert")
+	// When an object is modified
+	FaaSDocumentOperationEdit = FaaSDocumentOperationKey.String("edit")
+	// When an object is deleted
+	FaaSDocumentOperationDelete = FaaSDocumentOperationKey.String("delete")
+)
+
+// FaaSDocumentCollection returns an attribute KeyValue conforming to the
+// "faas.document.collection" semantic conventions. It represents the name of
+// the source on which the triggering operation was performed. For example, in
+// Cloud Storage or S3 corresponds to the bucket name, and in Cosmos DB to the
+// database name.
+func FaaSDocumentCollection(val string) attribute.KeyValue {
+	return FaaSDocumentCollectionKey.String(val)
+}
+
+// FaaSDocumentTime returns an attribute KeyValue conforming to the
+// "faas.document.time" semantic conventions. It represents a string containing
+// the time when the data was accessed in the [ISO
+// 8601](https://www.iso.org/iso-8601-date-and-time-format.html) format
+// expressed in [UTC](https://www.w3.org/TR/NOTE-datetime).
+func FaaSDocumentTime(val string) attribute.KeyValue {
+	return FaaSDocumentTimeKey.String(val)
+}
+
+// FaaSDocumentName returns an attribute KeyValue conforming to the
+// "faas.document.name" semantic conventions. It represents the document
+// name/table subjected to the operation. For example, in Cloud Storage or S3
+// is the name of the file, and in Cosmos DB the table name.
+func FaaSDocumentName(val string) attribute.KeyValue {
+	return FaaSDocumentNameKey.String(val)
+}
+
+// Semantic Convention for FaaS scheduled to be executed regularly.
+const (
+	// FaaSTimeKey is the attribute Key conforming to the "faas.time" semantic
+	// conventions. It represents a string containing the function invocation
+	// time in the [ISO
+	// 8601](https://www.iso.org/iso-8601-date-and-time-format.html) format
+	// expressed in [UTC](https://www.w3.org/TR/NOTE-datetime).
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: '2020-01-23T13:47:06Z'
+	FaaSTimeKey = attribute.Key("faas.time")
+
+	// FaaSCronKey is the attribute Key conforming to the "faas.cron" semantic
+	// conventions. It represents a string containing the schedule period as
+	// [Cron
+	// Expression](https://docs.oracle.com/cd/E12058_01/doc/doc.1014/e12030/cron_expressions.htm).
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: '0/5 * * * ? *'
+	FaaSCronKey = attribute.Key("faas.cron")
+)
+
+// FaaSTime returns an attribute KeyValue conforming to the "faas.time"
+// semantic conventions. It represents a string containing the function
+// invocation time in the [ISO
+// 8601](https://www.iso.org/iso-8601-date-and-time-format.html) format
+// expressed in [UTC](https://www.w3.org/TR/NOTE-datetime).
+func FaaSTime(val string) attribute.KeyValue {
+	return FaaSTimeKey.String(val)
+}
+
+// FaaSCron returns an attribute KeyValue conforming to the "faas.cron"
+// semantic conventions. It represents a string containing the schedule period
+// as [Cron
+// Expression](https://docs.oracle.com/cd/E12058_01/doc/doc.1014/e12030/cron_expressions.htm).
+func FaaSCron(val string) attribute.KeyValue {
+	return FaaSCronKey.String(val)
+}
+
+// Contains additional attributes for incoming FaaS spans.
+const (
+	// FaaSColdstartKey is the attribute Key conforming to the "faas.coldstart"
+	// semantic conventions. It represents a boolean that is true if the
+	// serverless function is executed for the first time (aka cold-start).
+	//
+	// Type: boolean
+	// RequirementLevel: Optional
+	// Stability: stable
+	FaaSColdstartKey = attribute.Key("faas.coldstart")
+)
+
+// FaaSColdstart returns an attribute KeyValue conforming to the
+// "faas.coldstart" semantic conventions. It represents a boolean that is true
+// if the serverless function is executed for the first time (aka cold-start).
+func FaaSColdstart(val bool) attribute.KeyValue {
+	return FaaSColdstartKey.Bool(val)
+}
+
+// Contains additional attributes for outgoing FaaS spans.
+const (
+	// FaaSInvokedNameKey is the attribute Key conforming to the
+	// "faas.invoked_name" semantic conventions. It represents the name of the
+	// invoked function.
+	//
+	// Type: string
+	// RequirementLevel: Required
+	// Stability: stable
+	// Examples: 'my-function'
+	// Note: SHOULD be equal to the `faas.name` resource attribute of the
+	// invoked function.
+	FaaSInvokedNameKey = attribute.Key("faas.invoked_name")
+
+	// FaaSInvokedProviderKey is the attribute Key conforming to the
+	// "faas.invoked_provider" semantic conventions. It represents the cloud
+	// provider of the invoked function.
+	//
+	// Type: Enum
+	// RequirementLevel: Required
+	// Stability: stable
+	// Note: SHOULD be equal to the `cloud.provider` resource attribute of the
+	// invoked function.
+	FaaSInvokedProviderKey = attribute.Key("faas.invoked_provider")
+
+	// FaaSInvokedRegionKey is the attribute Key conforming to the
+	// "faas.invoked_region" semantic conventions. It represents the cloud
+	// region of the invoked function.
+	//
+	// Type: string
+	// RequirementLevel: ConditionallyRequired (For some cloud providers, like
+	// AWS or GCP, the region in which a function is hosted is essential to
+	// uniquely identify the function and also part of its endpoint. Since it's
+	// part of the endpoint being called, the region is always known to
+	// clients. In these cases, `faas.invoked_region` MUST be set accordingly.
+	// If the region is unknown to the client or not required for identifying
+	// the invoked function, setting `faas.invoked_region` is optional.)
+	// Stability: stable
+	// Examples: 'eu-central-1'
+	// Note: SHOULD be equal to the `cloud.region` resource attribute of the
+	// invoked function.
+	FaaSInvokedRegionKey = attribute.Key("faas.invoked_region")
+)
+
+var (
+	// Alibaba Cloud
+	FaaSInvokedProviderAlibabaCloud = FaaSInvokedProviderKey.String("alibaba_cloud")
+	// Amazon Web Services
+	FaaSInvokedProviderAWS = FaaSInvokedProviderKey.String("aws")
+	// Microsoft Azure
+	FaaSInvokedProviderAzure = FaaSInvokedProviderKey.String("azure")
+	// Google Cloud Platform
+	FaaSInvokedProviderGCP = FaaSInvokedProviderKey.String("gcp")
+	// Tencent Cloud
+	FaaSInvokedProviderTencentCloud = FaaSInvokedProviderKey.String("tencent_cloud")
+)
+
+// FaaSInvokedName returns an attribute KeyValue conforming to the
+// "faas.invoked_name" semantic conventions. It represents the name of the
+// invoked function.
+func FaaSInvokedName(val string) attribute.KeyValue {
+	return FaaSInvokedNameKey.String(val)
+}
+
+// FaaSInvokedRegion returns an attribute KeyValue conforming to the
+// "faas.invoked_region" semantic conventions. It represents the cloud region
+// of the invoked function.
+func FaaSInvokedRegion(val string) attribute.KeyValue {
+	return FaaSInvokedRegionKey.String(val)
+}
+
+// Operations that access some remote service.
+const (
+	// PeerServiceKey is the attribute Key conforming to the "peer.service"
+	// semantic conventions. It represents the
+	// [`service.name`](/docs/resource/README.md#service) of the remote
+	// service. SHOULD be equal to the actual `service.name` resource attribute
+	// of the remote service if any.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'AuthTokenCache'
+	PeerServiceKey = attribute.Key("peer.service")
+)
+
+// PeerService returns an attribute KeyValue conforming to the
+// "peer.service" semantic conventions. It represents the
+// [`service.name`](/docs/resource/README.md#service) of the remote service.
+// SHOULD be equal to the actual `service.name` resource attribute of the
+// remote service if any.
+func PeerService(val string) attribute.KeyValue {
+	return PeerServiceKey.String(val)
+}
+
+// These attributes may be used for any operation with an authenticated and/or
+// authorized enduser.
+const (
+	// EnduserIDKey is the attribute Key conforming to the "enduser.id"
+	// semantic conventions. It represents the username or client_id extracted
+	// from the access token or
+	// [Authorization](https://tools.ietf.org/html/rfc7235#section-4.2) header
+	// in the inbound request from outside the system.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'username'
+	EnduserIDKey = attribute.Key("enduser.id")
+
+	// EnduserRoleKey is the attribute Key conforming to the "enduser.role"
+	// semantic conventions. It represents the actual/assumed role the client
+	// is making the request under extracted from token or application security
+	// context.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'admin'
+	EnduserRoleKey = attribute.Key("enduser.role")
+
+	// EnduserScopeKey is the attribute Key conforming to the "enduser.scope"
+	// semantic conventions. It represents the scopes or granted authorities
+	// the client currently possesses extracted from token or application
+	// security context. The value would come from the scope associated with an
+	// [OAuth 2.0 Access
+	// Token](https://tools.ietf.org/html/rfc6749#section-3.3) or an attribute
+	// value in a [SAML 2.0
+	// Assertion](http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-tech-overview-2.0.html).
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'read:message, write:files'
+	EnduserScopeKey = attribute.Key("enduser.scope")
+)
+
+// EnduserID returns an attribute KeyValue conforming to the "enduser.id"
+// semantic conventions. It represents the username or client_id extracted from
+// the access token or
+// [Authorization](https://tools.ietf.org/html/rfc7235#section-4.2) header in
+// the inbound request from outside the system.
+func EnduserID(val string) attribute.KeyValue {
+	return EnduserIDKey.String(val)
+}
+
+// EnduserRole returns an attribute KeyValue conforming to the
+// "enduser.role" semantic conventions. It represents the actual/assumed role
+// the client is making the request under extracted from token or application
+// security context.
+func EnduserRole(val string) attribute.KeyValue {
+	return EnduserRoleKey.String(val)
+}
+
+// EnduserScope returns an attribute KeyValue conforming to the
+// "enduser.scope" semantic conventions. It represents the scopes or granted
+// authorities the client currently possesses extracted from token or
+// application security context. The value would come from the scope associated
+// with an [OAuth 2.0 Access
+// Token](https://tools.ietf.org/html/rfc6749#section-3.3) or an attribute
+// value in a [SAML 2.0
+// Assertion](http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-tech-overview-2.0.html).
+func EnduserScope(val string) attribute.KeyValue {
+	return EnduserScopeKey.String(val)
+}
+
+// These attributes may be used for any operation to store information about a
+// thread that started a span.
+const (
+	// ThreadIDKey is the attribute Key conforming to the "thread.id" semantic
+	// conventions. It represents the current "managed" thread ID (as opposed
+	// to OS thread ID).
+	//
+	// Type: int
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 42
+	ThreadIDKey = attribute.Key("thread.id")
+
+	// ThreadNameKey is the attribute Key conforming to the "thread.name"
+	// semantic conventions. It represents the current thread name.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'main'
+	ThreadNameKey = attribute.Key("thread.name")
+)
+
+// ThreadID returns an attribute KeyValue conforming to the "thread.id"
+// semantic conventions. It represents the current "managed" thread ID (as
+// opposed to OS thread ID).
+func ThreadID(val int) attribute.KeyValue {
+	return ThreadIDKey.Int(val)
+}
+
+// ThreadName returns an attribute KeyValue conforming to the "thread.name"
+// semantic conventions. It represents the current thread name.
+func ThreadName(val string) attribute.KeyValue {
+	return ThreadNameKey.String(val)
+}
+
+// These attributes allow to report this unit of code and therefore to provide
+// more context about the span.
+const (
+	// CodeFunctionKey is the attribute Key conforming to the "code.function"
+	// semantic conventions. It represents the method or function name, or
+	// equivalent (usually rightmost part of the code unit's name).
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'serveRequest'
+	CodeFunctionKey = attribute.Key("code.function")
+
+	// CodeNamespaceKey is the attribute Key conforming to the "code.namespace"
+	// semantic conventions. It represents the "namespace" within which
+	// `code.function` is defined. Usually the qualified class or module name,
+	// such that `code.namespace` + some separator + `code.function` form a
+	// unique identifier for the code unit.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'com.example.MyHTTPService'
+	CodeNamespaceKey = attribute.Key("code.namespace")
+
+	// CodeFilepathKey is the attribute Key conforming to the "code.filepath"
+	// semantic conventions. It represents the source code file name that
+	// identifies the code unit as uniquely as possible (preferably an absolute
+	// file path).
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: '/usr/local/MyApplication/content_root/app/index.php'
+	CodeFilepathKey = attribute.Key("code.filepath")
+
+	// CodeLineNumberKey is the attribute Key conforming to the "code.lineno"
+	// semantic conventions. It represents the line number in `code.filepath`
+	// best representing the operation. It SHOULD point within the code unit
+	// named in `code.function`.
+	//
+	// Type: int
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 42
+	CodeLineNumberKey = attribute.Key("code.lineno")
+
+	// CodeColumnKey is the attribute Key conforming to the "code.column"
+	// semantic conventions. It represents the column number in `code.filepath`
+	// best representing the operation. It SHOULD point within the code unit
+	// named in `code.function`.
+	//
+	// Type: int
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 16
+	CodeColumnKey = attribute.Key("code.column")
+)
+
+// CodeFunction returns an attribute KeyValue conforming to the
+// "code.function" semantic conventions. It represents the method or function
+// name, or equivalent (usually rightmost part of the code unit's name).
+func CodeFunction(val string) attribute.KeyValue {
+	return CodeFunctionKey.String(val)
+}
+
+// CodeNamespace returns an attribute KeyValue conforming to the
+// "code.namespace" semantic conventions. It represents the "namespace" within
+// which `code.function` is defined. Usually the qualified class or module
+// name, such that `code.namespace` + some separator + `code.function` form a
+// unique identifier for the code unit.
+func CodeNamespace(val string) attribute.KeyValue {
+	return CodeNamespaceKey.String(val)
+}
+
+// CodeFilepath returns an attribute KeyValue conforming to the
+// "code.filepath" semantic conventions. It represents the source code file
+// name that identifies the code unit as uniquely as possible (preferably an
+// absolute file path).
+func CodeFilepath(val string) attribute.KeyValue {
+	return CodeFilepathKey.String(val)
+}
+
+// CodeLineNumber returns an attribute KeyValue conforming to the "code.lineno"
+// semantic conventions. It represents the line number in `code.filepath` best
+// representing the operation. It SHOULD point within the code unit named in
+// `code.function`.
+func CodeLineNumber(val int) attribute.KeyValue {
+	return CodeLineNumberKey.Int(val)
+}
+
+// CodeColumn returns an attribute KeyValue conforming to the "code.column"
+// semantic conventions. It represents the column number in `code.filepath`
+// best representing the operation. It SHOULD point within the code unit named
+// in `code.function`.
+func CodeColumn(val int) attribute.KeyValue {
+	return CodeColumnKey.Int(val)
+}
+
+// Semantic Convention for HTTP Client
+const (
+	// HTTPResendCountKey is the attribute Key conforming to the
+	// "http.resend_count" semantic conventions. It represents the ordinal
+	// number of request resending attempt (for any reason, including
+	// redirects).
+	//
+	// Type: int
+	// RequirementLevel: Recommended (if and only if request was retried.)
+	// Stability: stable
+	// Examples: 3
+	// Note: The resend count SHOULD be updated each time an HTTP request gets
+	// resent by the client, regardless of what was the cause of the resending
+	// (e.g. redirection, authorization failure, 503 Server Unavailable,
+	// network issues, or any other).
+	HTTPResendCountKey = attribute.Key("http.resend_count")
+)
+
+// HTTPResendCount returns an attribute KeyValue conforming to the
+// "http.resend_count" semantic conventions. It represents the ordinal number
+// of request resending attempt (for any reason, including redirects).
+func HTTPResendCount(val int) attribute.KeyValue {
+	return HTTPResendCountKey.Int(val)
+}
+
+// The `aws` conventions apply to operations using the AWS SDK. They map
+// request or response parameters in AWS SDK API calls to attributes on a Span.
+// The conventions have been collected over time based on feedback from AWS
+// users of tracing and will continue to evolve as new interesting conventions
+// are found.
+// Some descriptions are also provided for populating general OpenTelemetry
+// semantic conventions based on these APIs.
+const (
+	// AWSRequestIDKey is the attribute Key conforming to the "aws.request_id"
+	// semantic conventions. It represents the AWS request ID as returned in
+	// the response headers `x-amz-request-id` or `x-amz-requestid`.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: '79b9da39-b7ae-508a-a6bc-864b2829c622', 'C9ER4AJX75574TDJ'
+	AWSRequestIDKey = attribute.Key("aws.request_id")
+)
+
+// AWSRequestID returns an attribute KeyValue conforming to the
+// "aws.request_id" semantic conventions. It represents the AWS request ID as
+// returned in the response headers `x-amz-request-id` or `x-amz-requestid`.
+func AWSRequestID(val string) attribute.KeyValue {
+	return AWSRequestIDKey.String(val)
+}
+
+// Attributes that exist for multiple DynamoDB request types.
+const (
+	// AWSDynamoDBTableNamesKey is the attribute Key conforming to the
+	// "aws.dynamodb.table_names" semantic conventions. It represents the keys
+	// in the `RequestItems` object field.
+	//
+	// Type: string[]
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'Users', 'Cats'
+	AWSDynamoDBTableNamesKey = attribute.Key("aws.dynamodb.table_names")
+
+	// AWSDynamoDBConsumedCapacityKey is the attribute Key conforming to the
+	// "aws.dynamodb.consumed_capacity" semantic conventions. It represents the
+	// JSON-serialized value of each item in the `ConsumedCapacity` response
+	// field.
+	//
+	// Type: string[]
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: '{ "CapacityUnits": number, "GlobalSecondaryIndexes": {
+	// "string" : { "CapacityUnits": number, "ReadCapacityUnits": number,
+	// "WriteCapacityUnits": number } }, "LocalSecondaryIndexes": { "string" :
+	// { "CapacityUnits": number, "ReadCapacityUnits": number,
+	// "WriteCapacityUnits": number } }, "ReadCapacityUnits": number, "Table":
+	// { "CapacityUnits": number, "ReadCapacityUnits": number,
+	// "WriteCapacityUnits": number }, "TableName": "string",
+	// "WriteCapacityUnits": number }'
+	AWSDynamoDBConsumedCapacityKey = attribute.Key("aws.dynamodb.consumed_capacity")
+
+	// AWSDynamoDBItemCollectionMetricsKey is the attribute Key conforming to
+	// the "aws.dynamodb.item_collection_metrics" semantic conventions. It
+	// represents the JSON-serialized value of the `ItemCollectionMetrics`
+	// response field.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: '{ "string" : [ { "ItemCollectionKey": { "string" : { "B":
+	// blob, "BOOL": boolean, "BS": [ blob ], "L": [ "AttributeValue" ], "M": {
+	// "string" : "AttributeValue" }, "N": "string", "NS": [ "string" ],
+	// "NULL": boolean, "S": "string", "SS": [ "string" ] } },
+	// "SizeEstimateRangeGB": [ number ] } ] }'
+	AWSDynamoDBItemCollectionMetricsKey = attribute.Key("aws.dynamodb.item_collection_metrics")
+
+	// AWSDynamoDBProvisionedReadCapacityKey is the attribute Key conforming to
+	// the "aws.dynamodb.provisioned_read_capacity" semantic conventions. It
+	// represents the value of the `ProvisionedThroughput.ReadCapacityUnits`
+	// request parameter.
+	//
+	// Type: double
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 1.0, 2.0
+	AWSDynamoDBProvisionedReadCapacityKey = attribute.Key("aws.dynamodb.provisioned_read_capacity")
+
+	// AWSDynamoDBProvisionedWriteCapacityKey is the attribute Key conforming
+	// to the "aws.dynamodb.provisioned_write_capacity" semantic conventions.
+	// It represents the value of the
+	// `ProvisionedThroughput.WriteCapacityUnits` request parameter.
+	//
+	// Type: double
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 1.0, 2.0
+	AWSDynamoDBProvisionedWriteCapacityKey = attribute.Key("aws.dynamodb.provisioned_write_capacity")
+
+	// AWSDynamoDBConsistentReadKey is the attribute Key conforming to the
+	// "aws.dynamodb.consistent_read" semantic conventions. It represents the
+	// value of the `ConsistentRead` request parameter.
+	//
+	// Type: boolean
+	// RequirementLevel: Optional
+	// Stability: stable
+	AWSDynamoDBConsistentReadKey = attribute.Key("aws.dynamodb.consistent_read")
+
+	// AWSDynamoDBProjectionKey is the attribute Key conforming to the
+	// "aws.dynamodb.projection" semantic conventions. It represents the value
+	// of the `ProjectionExpression` request parameter.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'Title', 'Title, Price, Color', 'Title, Description,
+	// RelatedItems, ProductReviews'
+	AWSDynamoDBProjectionKey = attribute.Key("aws.dynamodb.projection")
+
+	// AWSDynamoDBLimitKey is the attribute Key conforming to the
+	// "aws.dynamodb.limit" semantic conventions. It represents the value of
+	// the `Limit` request parameter.
+	//
+	// Type: int
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 10
+	AWSDynamoDBLimitKey = attribute.Key("aws.dynamodb.limit")
+
+	// AWSDynamoDBAttributesToGetKey is the attribute Key conforming to the
+	// "aws.dynamodb.attributes_to_get" semantic conventions. It represents the
+	// value of the `AttributesToGet` request parameter.
+	//
+	// Type: string[]
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'lives', 'id'
+	AWSDynamoDBAttributesToGetKey = attribute.Key("aws.dynamodb.attributes_to_get")
+
+	// AWSDynamoDBIndexNameKey is the attribute Key conforming to the
+	// "aws.dynamodb.index_name" semantic conventions. It represents the value
+	// of the `IndexName` request parameter.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'name_to_group'
+	AWSDynamoDBIndexNameKey = attribute.Key("aws.dynamodb.index_name")
+
+	// AWSDynamoDBSelectKey is the attribute Key conforming to the
+	// "aws.dynamodb.select" semantic conventions. It represents the value of
+	// the `Select` request parameter.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'ALL_ATTRIBUTES', 'COUNT'
+	AWSDynamoDBSelectKey = attribute.Key("aws.dynamodb.select")
+)
+
+// AWSDynamoDBTableNames returns an attribute KeyValue conforming to the
+// "aws.dynamodb.table_names" semantic conventions. It represents the keys in
+// the `RequestItems` object field.
+func AWSDynamoDBTableNames(val ...string) attribute.KeyValue {
+	return AWSDynamoDBTableNamesKey.StringSlice(val)
+}
+
+// AWSDynamoDBConsumedCapacity returns an attribute KeyValue conforming to
+// the "aws.dynamodb.consumed_capacity" semantic conventions. It represents the
+// JSON-serialized value of each item in the `ConsumedCapacity` response field.
+func AWSDynamoDBConsumedCapacity(val ...string) attribute.KeyValue {
+	return AWSDynamoDBConsumedCapacityKey.StringSlice(val)
+}
+
+// AWSDynamoDBItemCollectionMetrics returns an attribute KeyValue conforming
+// to the "aws.dynamodb.item_collection_metrics" semantic conventions. It
+// represents the JSON-serialized value of the `ItemCollectionMetrics` response
+// field.
+func AWSDynamoDBItemCollectionMetrics(val string) attribute.KeyValue {
+	return AWSDynamoDBItemCollectionMetricsKey.String(val)
+}
+
+// AWSDynamoDBProvisionedReadCapacity returns an attribute KeyValue
+// conforming to the "aws.dynamodb.provisioned_read_capacity" semantic
+// conventions. It represents the value of the
+// `ProvisionedThroughput.ReadCapacityUnits` request parameter.
+func AWSDynamoDBProvisionedReadCapacity(val float64) attribute.KeyValue {
+	return AWSDynamoDBProvisionedReadCapacityKey.Float64(val)
+}
+
+// AWSDynamoDBProvisionedWriteCapacity returns an attribute KeyValue
+// conforming to the "aws.dynamodb.provisioned_write_capacity" semantic
+// conventions. It represents the value of the
+// `ProvisionedThroughput.WriteCapacityUnits` request parameter.
+func AWSDynamoDBProvisionedWriteCapacity(val float64) attribute.KeyValue {
+	return AWSDynamoDBProvisionedWriteCapacityKey.Float64(val)
+}
+
+// AWSDynamoDBConsistentRead returns an attribute KeyValue conforming to the
+// "aws.dynamodb.consistent_read" semantic conventions. It represents the value
+// of the `ConsistentRead` request parameter.
+func AWSDynamoDBConsistentRead(val bool) attribute.KeyValue {
+	return AWSDynamoDBConsistentReadKey.Bool(val)
+}
+
+// AWSDynamoDBProjection returns an attribute KeyValue conforming to the
+// "aws.dynamodb.projection" semantic conventions. It represents the value of
+// the `ProjectionExpression` request parameter.
+func AWSDynamoDBProjection(val string) attribute.KeyValue {
+	return AWSDynamoDBProjectionKey.String(val)
+}
+
+// AWSDynamoDBLimit returns an attribute KeyValue conforming to the
+// "aws.dynamodb.limit" semantic conventions. It represents the value of the
+// `Limit` request parameter.
+func AWSDynamoDBLimit(val int) attribute.KeyValue {
+	return AWSDynamoDBLimitKey.Int(val)
+}
+
+// AWSDynamoDBAttributesToGet returns an attribute KeyValue conforming to
+// the "aws.dynamodb.attributes_to_get" semantic conventions. It represents the
+// value of the `AttributesToGet` request parameter.
+func AWSDynamoDBAttributesToGet(val ...string) attribute.KeyValue {
+	return AWSDynamoDBAttributesToGetKey.StringSlice(val)
+}
+
+// AWSDynamoDBIndexName returns an attribute KeyValue conforming to the
+// "aws.dynamodb.index_name" semantic conventions. It represents the value of
+// the `IndexName` request parameter.
+func AWSDynamoDBIndexName(val string) attribute.KeyValue {
+	return AWSDynamoDBIndexNameKey.String(val)
+}
+
+// AWSDynamoDBSelect returns an attribute KeyValue conforming to the
+// "aws.dynamodb.select" semantic conventions. It represents the value of the
+// `Select` request parameter.
+func AWSDynamoDBSelect(val string) attribute.KeyValue {
+	return AWSDynamoDBSelectKey.String(val)
+}
+
+// DynamoDB.CreateTable
+const (
+	// AWSDynamoDBGlobalSecondaryIndexesKey is the attribute Key conforming to
+	// the "aws.dynamodb.global_secondary_indexes" semantic conventions. It
+	// represents the JSON-serialized value of each item of the
+	// `GlobalSecondaryIndexes` request field
+	//
+	// Type: string[]
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: '{ "IndexName": "string", "KeySchema": [ { "AttributeName":
+	// "string", "KeyType": "string" } ], "Projection": { "NonKeyAttributes": [
+	// "string" ], "ProjectionType": "string" }, "ProvisionedThroughput": {
+	// "ReadCapacityUnits": number, "WriteCapacityUnits": number } }'
+	AWSDynamoDBGlobalSecondaryIndexesKey = attribute.Key("aws.dynamodb.global_secondary_indexes")
+
+	// AWSDynamoDBLocalSecondaryIndexesKey is the attribute Key conforming to
+	// the "aws.dynamodb.local_secondary_indexes" semantic conventions. It
+	// represents the JSON-serialized value of each item of the
+	// `LocalSecondaryIndexes` request field.
+	//
+	// Type: string[]
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: '{ "IndexARN": "string", "IndexName": "string",
+	// "IndexSizeBytes": number, "ItemCount": number, "KeySchema": [ {
+	// "AttributeName": "string", "KeyType": "string" } ], "Projection": {
+	// "NonKeyAttributes": [ "string" ], "ProjectionType": "string" } }'
+	AWSDynamoDBLocalSecondaryIndexesKey = attribute.Key("aws.dynamodb.local_secondary_indexes")
+)
+
+// AWSDynamoDBGlobalSecondaryIndexes returns an attribute KeyValue
+// conforming to the "aws.dynamodb.global_secondary_indexes" semantic
+// conventions. It represents the JSON-serialized value of each item of the
+// `GlobalSecondaryIndexes` request field
+func AWSDynamoDBGlobalSecondaryIndexes(val ...string) attribute.KeyValue {
+	return AWSDynamoDBGlobalSecondaryIndexesKey.StringSlice(val)
+}
+
+// AWSDynamoDBLocalSecondaryIndexes returns an attribute KeyValue conforming
+// to the "aws.dynamodb.local_secondary_indexes" semantic conventions. It
+// represents the JSON-serialized value of each item of the
+// `LocalSecondaryIndexes` request field.
+func AWSDynamoDBLocalSecondaryIndexes(val ...string) attribute.KeyValue {
+	return AWSDynamoDBLocalSecondaryIndexesKey.StringSlice(val)
+}
+
+// DynamoDB.ListTables
+const (
+	// AWSDynamoDBExclusiveStartTableKey is the attribute Key conforming to the
+	// "aws.dynamodb.exclusive_start_table" semantic conventions. It represents
+	// the value of the `ExclusiveStartTableName` request parameter.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'Users', 'CatsTable'
+	AWSDynamoDBExclusiveStartTableKey = attribute.Key("aws.dynamodb.exclusive_start_table")
+
+	// AWSDynamoDBTableCountKey is the attribute Key conforming to the
+	// "aws.dynamodb.table_count" semantic conventions. It represents the the
+	// number of items in the `TableNames` response parameter.
+	//
+	// Type: int
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 20
+	AWSDynamoDBTableCountKey = attribute.Key("aws.dynamodb.table_count")
+)
+
+// AWSDynamoDBExclusiveStartTable returns an attribute KeyValue conforming
+// to the "aws.dynamodb.exclusive_start_table" semantic conventions. It
+// represents the value of the `ExclusiveStartTableName` request parameter.
+func AWSDynamoDBExclusiveStartTable(val string) attribute.KeyValue {
+	return AWSDynamoDBExclusiveStartTableKey.String(val)
+}
+
+// AWSDynamoDBTableCount returns an attribute KeyValue conforming to the
+// "aws.dynamodb.table_count" semantic conventions. It represents the the
+// number of items in the `TableNames` response parameter.
+func AWSDynamoDBTableCount(val int) attribute.KeyValue {
+	return AWSDynamoDBTableCountKey.Int(val)
+}
+
+// DynamoDB.Query
+const (
+	// AWSDynamoDBScanForwardKey is the attribute Key conforming to the
+	// "aws.dynamodb.scan_forward" semantic conventions. It represents the
+	// value of the `ScanIndexForward` request parameter.
+	//
+	// Type: boolean
+	// RequirementLevel: Optional
+	// Stability: stable
+	AWSDynamoDBScanForwardKey = attribute.Key("aws.dynamodb.scan_forward")
+)
+
+// AWSDynamoDBScanForward returns an attribute KeyValue conforming to the
+// "aws.dynamodb.scan_forward" semantic conventions. It represents the value of
+// the `ScanIndexForward` request parameter.
+func AWSDynamoDBScanForward(val bool) attribute.KeyValue {
+	return AWSDynamoDBScanForwardKey.Bool(val)
+}
+
+// DynamoDB.Scan
+const (
+	// AWSDynamoDBSegmentKey is the attribute Key conforming to the
+	// "aws.dynamodb.segment" semantic conventions. It represents the value of
+	// the `Segment` request parameter.
+	//
+	// Type: int
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 10
+	AWSDynamoDBSegmentKey = attribute.Key("aws.dynamodb.segment")
+
+	// AWSDynamoDBTotalSegmentsKey is the attribute Key conforming to the
+	// "aws.dynamodb.total_segments" semantic conventions. It represents the
+	// value of the `TotalSegments` request parameter.
+	//
+	// Type: int
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 100
+	AWSDynamoDBTotalSegmentsKey = attribute.Key("aws.dynamodb.total_segments")
+
+	// AWSDynamoDBCountKey is the attribute Key conforming to the
+	// "aws.dynamodb.count" semantic conventions. It represents the value of
+	// the `Count` response parameter.
+	//
+	// Type: int
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 10
+	AWSDynamoDBCountKey = attribute.Key("aws.dynamodb.count")
+
+	// AWSDynamoDBScannedCountKey is the attribute Key conforming to the
+	// "aws.dynamodb.scanned_count" semantic conventions. It represents the
+	// value of the `ScannedCount` response parameter.
+	//
+	// Type: int
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 50
+	AWSDynamoDBScannedCountKey = attribute.Key("aws.dynamodb.scanned_count")
+)
+
+// AWSDynamoDBSegment returns an attribute KeyValue conforming to the
+// "aws.dynamodb.segment" semantic conventions. It represents the value of the
+// `Segment` request parameter.
+func AWSDynamoDBSegment(val int) attribute.KeyValue {
+	return AWSDynamoDBSegmentKey.Int(val)
+}
+
+// AWSDynamoDBTotalSegments returns an attribute KeyValue conforming to the
+// "aws.dynamodb.total_segments" semantic conventions. It represents the value
+// of the `TotalSegments` request parameter.
+func AWSDynamoDBTotalSegments(val int) attribute.KeyValue {
+	return AWSDynamoDBTotalSegmentsKey.Int(val)
+}
+
+// AWSDynamoDBCount returns an attribute KeyValue conforming to the
+// "aws.dynamodb.count" semantic conventions. It represents the value of the
+// `Count` response parameter.
+func AWSDynamoDBCount(val int) attribute.KeyValue {
+	return AWSDynamoDBCountKey.Int(val)
+}
+
+// AWSDynamoDBScannedCount returns an attribute KeyValue conforming to the
+// "aws.dynamodb.scanned_count" semantic conventions. It represents the value
+// of the `ScannedCount` response parameter.
+func AWSDynamoDBScannedCount(val int) attribute.KeyValue {
+	return AWSDynamoDBScannedCountKey.Int(val)
+}
+
+// DynamoDB.UpdateTable
+const (
+	// AWSDynamoDBAttributeDefinitionsKey is the attribute Key conforming to
+	// the "aws.dynamodb.attribute_definitions" semantic conventions. It
+	// represents the JSON-serialized value of each item in the
+	// `AttributeDefinitions` request field.
+	//
+	// Type: string[]
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: '{ "AttributeName": "string", "AttributeType": "string" }'
+	AWSDynamoDBAttributeDefinitionsKey = attribute.Key("aws.dynamodb.attribute_definitions")
+
+	// AWSDynamoDBGlobalSecondaryIndexUpdatesKey is the attribute Key
+	// conforming to the "aws.dynamodb.global_secondary_index_updates" semantic
+	// conventions. It represents the JSON-serialized value of each item in the
+	// the `GlobalSecondaryIndexUpdates` request field.
+	//
+	// Type: string[]
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: '{ "Create": { "IndexName": "string", "KeySchema": [ {
+	// "AttributeName": "string", "KeyType": "string" } ], "Projection": {
+	// "NonKeyAttributes": [ "string" ], "ProjectionType": "string" },
+	// "ProvisionedThroughput": { "ReadCapacityUnits": number,
+	// "WriteCapacityUnits": number } }'
+	AWSDynamoDBGlobalSecondaryIndexUpdatesKey = attribute.Key("aws.dynamodb.global_secondary_index_updates")
+)
+
+// AWSDynamoDBAttributeDefinitions returns an attribute KeyValue conforming
+// to the "aws.dynamodb.attribute_definitions" semantic conventions. It
+// represents the JSON-serialized value of each item in the
+// `AttributeDefinitions` request field.
+func AWSDynamoDBAttributeDefinitions(val ...string) attribute.KeyValue {
+	return AWSDynamoDBAttributeDefinitionsKey.StringSlice(val)
+}
+
+// AWSDynamoDBGlobalSecondaryIndexUpdates returns an attribute KeyValue
+// conforming to the "aws.dynamodb.global_secondary_index_updates" semantic
+// conventions. It represents the JSON-serialized value of each item in the the
+// `GlobalSecondaryIndexUpdates` request field.
+func AWSDynamoDBGlobalSecondaryIndexUpdates(val ...string) attribute.KeyValue {
+	return AWSDynamoDBGlobalSecondaryIndexUpdatesKey.StringSlice(val)
+}
+
+// Attributes that exist for S3 request types.
+const (
+	// AWSS3BucketKey is the attribute Key conforming to the "aws.s3.bucket"
+	// semantic conventions. It represents the S3 bucket name the request
+	// refers to. Corresponds to the `--bucket` parameter of the [S3
+	// API](https://docs.aws.amazon.com/cli/latest/reference/s3api/index.html)
+	// operations.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'some-bucket-name'
+	// Note: The `bucket` attribute is applicable to all S3 operations that
+	// reference a bucket, i.e. that require the bucket name as a mandatory
+	// parameter.
+	// This applies to almost all S3 operations except `list-buckets`.
+	AWSS3BucketKey = attribute.Key("aws.s3.bucket")
+
+	// AWSS3KeyKey is the attribute Key conforming to the "aws.s3.key" semantic
+	// conventions. It represents the S3 object key the request refers to.
+	// Corresponds to the `--key` parameter of the [S3
+	// API](https://docs.aws.amazon.com/cli/latest/reference/s3api/index.html)
+	// operations.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'someFile.yml'
+	// Note: The `key` attribute is applicable to all object-related S3
+	// operations, i.e. that require the object key as a mandatory parameter.
+	// This applies in particular to the following operations:
+	//
+	// -
+	// [copy-object](https://docs.aws.amazon.com/cli/latest/reference/s3api/copy-object.html)
+	// -
+	// [delete-object](https://docs.aws.amazon.com/cli/latest/reference/s3api/delete-object.html)
+	// -
+	// [get-object](https://docs.aws.amazon.com/cli/latest/reference/s3api/get-object.html)
+	// -
+	// [head-object](https://docs.aws.amazon.com/cli/latest/reference/s3api/head-object.html)
+	// -
+	// [put-object](https://docs.aws.amazon.com/cli/latest/reference/s3api/put-object.html)
+	// -
+	// [restore-object](https://docs.aws.amazon.com/cli/latest/reference/s3api/restore-object.html)
+	// -
+	// [select-object-content](https://docs.aws.amazon.com/cli/latest/reference/s3api/select-object-content.html)
+	// -
+	// [abort-multipart-upload](https://docs.aws.amazon.com/cli/latest/reference/s3api/abort-multipart-upload.html)
+	// -
+	// [complete-multipart-upload](https://docs.aws.amazon.com/cli/latest/reference/s3api/complete-multipart-upload.html)
+	// -
+	// [create-multipart-upload](https://docs.aws.amazon.com/cli/latest/reference/s3api/create-multipart-upload.html)
+	// -
+	// [list-parts](https://docs.aws.amazon.com/cli/latest/reference/s3api/list-parts.html)
+	// -
+	// [upload-part](https://docs.aws.amazon.com/cli/latest/reference/s3api/upload-part.html)
+	// -
+	// [upload-part-copy](https://docs.aws.amazon.com/cli/latest/reference/s3api/upload-part-copy.html)
+	AWSS3KeyKey = attribute.Key("aws.s3.key")
+
+	// AWSS3CopySourceKey is the attribute Key conforming to the
+	// "aws.s3.copy_source" semantic conventions. It represents the source
+	// object (in the form `bucket`/`key`) for the copy operation.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'someFile.yml'
+	// Note: The `copy_source` attribute applies to S3 copy operations and
+	// corresponds to the `--copy-source` parameter
+	// of the [copy-object operation within the S3
+	// API](https://docs.aws.amazon.com/cli/latest/reference/s3api/copy-object.html).
+	// This applies in particular to the following operations:
+	//
+	// -
+	// [copy-object](https://docs.aws.amazon.com/cli/latest/reference/s3api/copy-object.html)
+	// -
+	// [upload-part-copy](https://docs.aws.amazon.com/cli/latest/reference/s3api/upload-part-copy.html)
+	AWSS3CopySourceKey = attribute.Key("aws.s3.copy_source")
+
+	// AWSS3UploadIDKey is the attribute Key conforming to the
+	// "aws.s3.upload_id" semantic conventions. It represents the upload ID
+	// that identifies the multipart upload.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'dfRtDYWFbkRONycy.Yxwh66Yjlx.cph0gtNBtJ'
+	// Note: The `upload_id` attribute applies to S3 multipart-upload
+	// operations and corresponds to the `--upload-id` parameter
+	// of the [S3
+	// API](https://docs.aws.amazon.com/cli/latest/reference/s3api/index.html)
+	// multipart operations.
+	// This applies in particular to the following operations:
+	//
+	// -
+	// [abort-multipart-upload](https://docs.aws.amazon.com/cli/latest/reference/s3api/abort-multipart-upload.html)
+	// -
+	// [complete-multipart-upload](https://docs.aws.amazon.com/cli/latest/reference/s3api/complete-multipart-upload.html)
+	// -
+	// [list-parts](https://docs.aws.amazon.com/cli/latest/reference/s3api/list-parts.html)
+	// -
+	// [upload-part](https://docs.aws.amazon.com/cli/latest/reference/s3api/upload-part.html)
+	// -
+	// [upload-part-copy](https://docs.aws.amazon.com/cli/latest/reference/s3api/upload-part-copy.html)
+	AWSS3UploadIDKey = attribute.Key("aws.s3.upload_id")
+
+	// AWSS3DeleteKey is the attribute Key conforming to the "aws.s3.delete"
+	// semantic conventions. It represents the delete request container that
+	// specifies the objects to be deleted.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples:
+	// 'Objects=[{Key=string,VersionID=string},{Key=string,VersionID=string}],Quiet=boolean'
+	// Note: The `delete` attribute is only applicable to the
+	// [delete-object](https://docs.aws.amazon.com/cli/latest/reference/s3api/delete-object.html)
+	// operation.
+	// The `delete` attribute corresponds to the `--delete` parameter of the
+	// [delete-objects operation within the S3
+	// API](https://docs.aws.amazon.com/cli/latest/reference/s3api/delete-objects.html).
+	AWSS3DeleteKey = attribute.Key("aws.s3.delete")
+
+	// AWSS3PartNumberKey is the attribute Key conforming to the
+	// "aws.s3.part_number" semantic conventions. It represents the part number
+	// of the part being uploaded in a multipart-upload operation. This is a
+	// positive integer between 1 and 10,000.
+	//
+	// Type: int
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 3456
+	// Note: The `part_number` attribute is only applicable to the
+	// [upload-part](https://docs.aws.amazon.com/cli/latest/reference/s3api/upload-part.html)
+	// and
+	// [upload-part-copy](https://docs.aws.amazon.com/cli/latest/reference/s3api/upload-part-copy.html)
+	// operations.
+	// The `part_number` attribute corresponds to the `--part-number` parameter
+	// of the
+	// [upload-part operation within the S3
+	// API](https://docs.aws.amazon.com/cli/latest/reference/s3api/upload-part.html).
+	AWSS3PartNumberKey = attribute.Key("aws.s3.part_number")
+)
+
+// AWSS3Bucket returns an attribute KeyValue conforming to the
+// "aws.s3.bucket" semantic conventions. It represents the S3 bucket name the
+// request refers to. Corresponds to the `--bucket` parameter of the [S3
+// API](https://docs.aws.amazon.com/cli/latest/reference/s3api/index.html)
+// operations.
+func AWSS3Bucket(val string) attribute.KeyValue {
+	return AWSS3BucketKey.String(val)
+}
+
+// AWSS3Key returns an attribute KeyValue conforming to the "aws.s3.key"
+// semantic conventions. It represents the S3 object key the request refers to.
+// Corresponds to the `--key` parameter of the [S3
+// API](https://docs.aws.amazon.com/cli/latest/reference/s3api/index.html)
+// operations.
+func AWSS3Key(val string) attribute.KeyValue {
+	return AWSS3KeyKey.String(val)
+}
+
+// AWSS3CopySource returns an attribute KeyValue conforming to the
+// "aws.s3.copy_source" semantic conventions. It represents the source object
+// (in the form `bucket`/`key`) for the copy operation.
+func AWSS3CopySource(val string) attribute.KeyValue {
+	return AWSS3CopySourceKey.String(val)
+}
+
+// AWSS3UploadID returns an attribute KeyValue conforming to the
+// "aws.s3.upload_id" semantic conventions. It represents the upload ID that
+// identifies the multipart upload.
+func AWSS3UploadID(val string) attribute.KeyValue {
+	return AWSS3UploadIDKey.String(val)
+}
+
+// AWSS3Delete returns an attribute KeyValue conforming to the
+// "aws.s3.delete" semantic conventions. It represents the delete request
+// container that specifies the objects to be deleted.
+func AWSS3Delete(val string) attribute.KeyValue {
+	return AWSS3DeleteKey.String(val)
+}
+
+// AWSS3PartNumber returns an attribute KeyValue conforming to the
+// "aws.s3.part_number" semantic conventions. It represents the part number of
+// the part being uploaded in a multipart-upload operation. This is a positive
+// integer between 1 and 10,000.
+func AWSS3PartNumber(val int) attribute.KeyValue {
+	return AWSS3PartNumberKey.Int(val)
+}
+
+// Semantic conventions to apply when instrumenting the GraphQL implementation.
+// They map GraphQL operations to attributes on a Span.
+const (
+	// GraphqlOperationNameKey is the attribute Key conforming to the
+	// "graphql.operation.name" semantic conventions. It represents the name of
+	// the operation being executed.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'findBookByID'
+	GraphqlOperationNameKey = attribute.Key("graphql.operation.name")
+
+	// GraphqlOperationTypeKey is the attribute Key conforming to the
+	// "graphql.operation.type" semantic conventions. It represents the type of
+	// the operation being executed.
+	//
+	// Type: Enum
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'query', 'mutation', 'subscription'
+	GraphqlOperationTypeKey = attribute.Key("graphql.operation.type")
+
+	// GraphqlDocumentKey is the attribute Key conforming to the
+	// "graphql.document" semantic conventions. It represents the GraphQL
+	// document being executed.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'query findBookByID { bookByID(id: ?) { name } }'
+	// Note: The value may be sanitized to exclude sensitive information.
+	GraphqlDocumentKey = attribute.Key("graphql.document")
+)
+
+var (
+	// GraphQL query
+	GraphqlOperationTypeQuery = GraphqlOperationTypeKey.String("query")
+	// GraphQL mutation
+	GraphqlOperationTypeMutation = GraphqlOperationTypeKey.String("mutation")
+	// GraphQL subscription
+	GraphqlOperationTypeSubscription = GraphqlOperationTypeKey.String("subscription")
+)
+
+// GraphqlOperationName returns an attribute KeyValue conforming to the
+// "graphql.operation.name" semantic conventions. It represents the name of the
+// operation being executed.
+func GraphqlOperationName(val string) attribute.KeyValue {
+	return GraphqlOperationNameKey.String(val)
+}
+
+// GraphqlDocument returns an attribute KeyValue conforming to the
+// "graphql.document" semantic conventions. It represents the GraphQL document
+// being executed.
+func GraphqlDocument(val string) attribute.KeyValue {
+	return GraphqlDocumentKey.String(val)
+}
+
+// General attributes used in messaging systems.
+const (
+	// MessagingSystemKey is the attribute Key conforming to the
+	// "messaging.system" semantic conventions. It represents a string
+	// identifying the messaging system.
+	//
+	// Type: string
+	// RequirementLevel: Required
+	// Stability: stable
+	// Examples: 'kafka', 'rabbitmq', 'rocketmq', 'activemq', 'AmazonSQS'
+	MessagingSystemKey = attribute.Key("messaging.system")
+
+	// MessagingOperationKey is the attribute Key conforming to the
+	// "messaging.operation" semantic conventions. It represents a string
+	// identifying the kind of messaging operation as defined in the [Operation
+	// names](#operation-names) section above.
+	//
+	// Type: Enum
+	// RequirementLevel: Required
+	// Stability: stable
+	// Note: If a custom value is used, it MUST be of low cardinality.
+	MessagingOperationKey = attribute.Key("messaging.operation")
+
+	// MessagingBatchMessageCountKey is the attribute Key conforming to the
+	// "messaging.batch.message_count" semantic conventions. It represents the
+	// number of messages sent, received, or processed in the scope of the
+	// batching operation.
+	//
+	// Type: int
+	// RequirementLevel: ConditionallyRequired (If the span describes an
+	// operation on a batch of messages.)
+	// Stability: stable
+	// Examples: 0, 1, 2
+	// Note: Instrumentations SHOULD NOT set `messaging.batch.message_count` on
+	// spans that operate with a single message. When a messaging client
+	// library supports both batch and single-message API for the same
+	// operation, instrumentations SHOULD use `messaging.batch.message_count`
+	// for batching APIs and SHOULD NOT use it for single-message APIs.
+	MessagingBatchMessageCountKey = attribute.Key("messaging.batch.message_count")
+
+	// MessagingClientIDKey is the attribute Key conforming to the
+	// "messaging.client_id" semantic conventions. It represents a unique
+	// identifier for the client that consumes or produces a message.
+	//
+	// Type: string
+	// RequirementLevel: Recommended (If a client id is available)
+	// Stability: stable
+	// Examples: 'client-5', 'myhost@8742@s8083jm'
+	MessagingClientIDKey = attribute.Key("messaging.client_id")
+)
+
+var (
+	// publish
+	MessagingOperationPublish = MessagingOperationKey.String("publish")
+	// receive
+	MessagingOperationReceive = MessagingOperationKey.String("receive")
+	// process
+	MessagingOperationProcess = MessagingOperationKey.String("process")
+)
+
+// MessagingSystem returns an attribute KeyValue conforming to the
+// "messaging.system" semantic conventions. It represents a string identifying
+// the messaging system.
+func MessagingSystem(val string) attribute.KeyValue {
+	return MessagingSystemKey.String(val)
+}
+
+// MessagingBatchMessageCount returns an attribute KeyValue conforming to
+// the "messaging.batch.message_count" semantic conventions. It represents the
+// number of messages sent, received, or processed in the scope of the batching
+// operation.
+func MessagingBatchMessageCount(val int) attribute.KeyValue {
+	return MessagingBatchMessageCountKey.Int(val)
+}
+
+// MessagingClientID returns an attribute KeyValue conforming to the
+// "messaging.client_id" semantic conventions. It represents a unique
+// identifier for the client that consumes or produces a message.
+func MessagingClientID(val string) attribute.KeyValue {
+	return MessagingClientIDKey.String(val)
+}
+
+// Semantic conventions for remote procedure calls.
+const (
+	// RPCSystemKey is the attribute Key conforming to the "rpc.system"
+	// semantic conventions. It represents a string identifying the remoting
+	// system. See below for a list of well-known identifiers.
+	//
+	// Type: Enum
+	// RequirementLevel: Required
+	// Stability: stable
+	RPCSystemKey = attribute.Key("rpc.system")
+
+	// RPCServiceKey is the attribute Key conforming to the "rpc.service"
+	// semantic conventions. It represents the full (logical) name of the
+	// service being called, including its package name, if applicable.
+	//
+	// Type: string
+	// RequirementLevel: Recommended
+	// Stability: stable
+	// Examples: 'myservice.EchoService'
+	// Note: This is the logical name of the service from the RPC interface
+	// perspective, which can be different from the name of any implementing
+	// class. The `code.namespace` attribute may be used to store the latter
+	// (despite the attribute name, it may include a class name; e.g., class
+	// with method actually executing the call on the server side, RPC client
+	// stub class on the client side).
+	RPCServiceKey = attribute.Key("rpc.service")
+
+	// RPCMethodKey is the attribute Key conforming to the "rpc.method"
+	// semantic conventions. It represents the name of the (logical) method
+	// being called, must be equal to the $method part in the span name.
+	//
+	// Type: string
+	// RequirementLevel: Recommended
+	// Stability: stable
+	// Examples: 'exampleMethod'
+	// Note: This is the logical name of the method from the RPC interface
+	// perspective, which can be different from the name of any implementing
+	// method/function. The `code.function` attribute may be used to store the
+	// latter (e.g., method actually executing the call on the server side, RPC
+	// client stub method on the client side).
+	RPCMethodKey = attribute.Key("rpc.method")
+)
+
+var (
+	// gRPC
+	RPCSystemGRPC = RPCSystemKey.String("grpc")
+	// Java RMI
+	RPCSystemJavaRmi = RPCSystemKey.String("java_rmi")
+	// .NET WCF
+	RPCSystemDotnetWcf = RPCSystemKey.String("dotnet_wcf")
+	// Apache Dubbo
+	RPCSystemApacheDubbo = RPCSystemKey.String("apache_dubbo")
+	// Connect RPC
+	RPCSystemConnectRPC = RPCSystemKey.String("connect_rpc")
+)
+
+// RPCService returns an attribute KeyValue conforming to the "rpc.service"
+// semantic conventions. It represents the full (logical) name of the service
+// being called, including its package name, if applicable.
+func RPCService(val string) attribute.KeyValue {
+	return RPCServiceKey.String(val)
+}
+
+// RPCMethod returns an attribute KeyValue conforming to the "rpc.method"
+// semantic conventions. It represents the name of the (logical) method being
+// called, must be equal to the $method part in the span name.
+func RPCMethod(val string) attribute.KeyValue {
+	return RPCMethodKey.String(val)
+}
+
+// Tech-specific attributes for gRPC.
+const (
+	// RPCGRPCStatusCodeKey is the attribute Key conforming to the
+	// "rpc.grpc.status_code" semantic conventions. It represents the [numeric
+	// status
+	// code](https://github.com/grpc/grpc/blob/v1.33.2/doc/statuscodes.md) of
+	// the gRPC request.
+	//
+	// Type: Enum
+	// RequirementLevel: Required
+	// Stability: stable
+	RPCGRPCStatusCodeKey = attribute.Key("rpc.grpc.status_code")
+)
+
+var (
+	// OK
+	RPCGRPCStatusCodeOk = RPCGRPCStatusCodeKey.Int(0)
+	// CANCELLED
+	RPCGRPCStatusCodeCancelled = RPCGRPCStatusCodeKey.Int(1)
+	// UNKNOWN
+	RPCGRPCStatusCodeUnknown = RPCGRPCStatusCodeKey.Int(2)
+	// INVALID_ARGUMENT
+	RPCGRPCStatusCodeInvalidArgument = RPCGRPCStatusCodeKey.Int(3)
+	// DEADLINE_EXCEEDED
+	RPCGRPCStatusCodeDeadlineExceeded = RPCGRPCStatusCodeKey.Int(4)
+	// NOT_FOUND
+	RPCGRPCStatusCodeNotFound = RPCGRPCStatusCodeKey.Int(5)
+	// ALREADY_EXISTS
+	RPCGRPCStatusCodeAlreadyExists = RPCGRPCStatusCodeKey.Int(6)
+	// PERMISSION_DENIED
+	RPCGRPCStatusCodePermissionDenied = RPCGRPCStatusCodeKey.Int(7)
+	// RESOURCE_EXHAUSTED
+	RPCGRPCStatusCodeResourceExhausted = RPCGRPCStatusCodeKey.Int(8)
+	// FAILED_PRECONDITION
+	RPCGRPCStatusCodeFailedPrecondition = RPCGRPCStatusCodeKey.Int(9)
+	// ABORTED
+	RPCGRPCStatusCodeAborted = RPCGRPCStatusCodeKey.Int(10)
+	// OUT_OF_RANGE
+	RPCGRPCStatusCodeOutOfRange = RPCGRPCStatusCodeKey.Int(11)
+	// UNIMPLEMENTED
+	RPCGRPCStatusCodeUnimplemented = RPCGRPCStatusCodeKey.Int(12)
+	// INTERNAL
+	RPCGRPCStatusCodeInternal = RPCGRPCStatusCodeKey.Int(13)
+	// UNAVAILABLE
+	RPCGRPCStatusCodeUnavailable = RPCGRPCStatusCodeKey.Int(14)
+	// DATA_LOSS
+	RPCGRPCStatusCodeDataLoss = RPCGRPCStatusCodeKey.Int(15)
+	// UNAUTHENTICATED
+	RPCGRPCStatusCodeUnauthenticated = RPCGRPCStatusCodeKey.Int(16)
+)
+
+// Tech-specific attributes for [JSON RPC](https://www.jsonrpc.org/).
+const (
+	// RPCJsonrpcVersionKey is the attribute Key conforming to the
+	// "rpc.jsonrpc.version" semantic conventions. It represents the protocol
+	// version as in `jsonrpc` property of request/response. Since JSON-RPC 1.0
+	// does not specify this, the value can be omitted.
+	//
+	// Type: string
+	// RequirementLevel: ConditionallyRequired (If other than the default
+	// version (`1.0`))
+	// Stability: stable
+	// Examples: '2.0', '1.0'
+	RPCJsonrpcVersionKey = attribute.Key("rpc.jsonrpc.version")
+
+	// RPCJsonrpcRequestIDKey is the attribute Key conforming to the
+	// "rpc.jsonrpc.request_id" semantic conventions. It represents the `id`
+	// property of request or response. Since protocol allows id to be int,
+	// string, `null` or missing (for notifications), value is expected to be
+	// cast to string for simplicity. Use empty string in case of `null` value.
+	// Omit entirely if this is a notification.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: '10', 'request-7', ''
+	RPCJsonrpcRequestIDKey = attribute.Key("rpc.jsonrpc.request_id")
+
+	// RPCJsonrpcErrorCodeKey is the attribute Key conforming to the
+	// "rpc.jsonrpc.error_code" semantic conventions. It represents the
+	// `error.code` property of response if it is an error response.
+	//
+	// Type: int
+	// RequirementLevel: ConditionallyRequired (If response is not successful.)
+	// Stability: stable
+	// Examples: -32700, 100
+	RPCJsonrpcErrorCodeKey = attribute.Key("rpc.jsonrpc.error_code")
+
+	// RPCJsonrpcErrorMessageKey is the attribute Key conforming to the
+	// "rpc.jsonrpc.error_message" semantic conventions. It represents the
+	// `error.message` property of response if it is an error response.
+	//
+	// Type: string
+	// RequirementLevel: Optional
+	// Stability: stable
+	// Examples: 'Parse error', 'User already exists'
+	RPCJsonrpcErrorMessageKey = attribute.Key("rpc.jsonrpc.error_message")
+)
+
+// RPCJsonrpcVersion returns an attribute KeyValue conforming to the
+// "rpc.jsonrpc.version" semantic conventions. It represents the protocol
+// version as in `jsonrpc` property of request/response. Since JSON-RPC 1.0
+// does not specify this, the value can be omitted.
+func RPCJsonrpcVersion(val string) attribute.KeyValue {
+	return RPCJsonrpcVersionKey.String(val)
+}
+
+// RPCJsonrpcRequestID returns an attribute KeyValue conforming to the
+// "rpc.jsonrpc.request_id" semantic conventions. It represents the `id`
+// property of request or response. Since protocol allows id to be int, string,
+// `null` or missing (for notifications), value is expected to be cast to
+// string for simplicity. Use empty string in case of `null` value. Omit
+// entirely if this is a notification.
+func RPCJsonrpcRequestID(val string) attribute.KeyValue {
+	return RPCJsonrpcRequestIDKey.String(val)
+}
+
+// RPCJsonrpcErrorCode returns an attribute KeyValue conforming to the
+// "rpc.jsonrpc.error_code" semantic conventions. It represents the
+// `error.code` property of response if it is an error response.
+func RPCJsonrpcErrorCode(val int) attribute.KeyValue {
+	return RPCJsonrpcErrorCodeKey.Int(val)
+}
+
+// RPCJsonrpcErrorMessage returns an attribute KeyValue conforming to the
+// "rpc.jsonrpc.error_message" semantic conventions. It represents the
+// `error.message` property of response if it is an error response.
+func RPCJsonrpcErrorMessage(val string) attribute.KeyValue {
+	return RPCJsonrpcErrorMessageKey.String(val)
+}
+
+// Tech-specific attributes for Connect RPC.
+const (
+	// RPCConnectRPCErrorCodeKey is the attribute Key conforming to the
+	// "rpc.connect_rpc.error_code" semantic conventions. It represents the
+	// [error codes](https://connect.build/docs/protocol/#error-codes) of the
+	// Connect request. Error codes are always string values.
+	//
+	// Type: Enum
+	// RequirementLevel: ConditionallyRequired (If response is not successful
+	// and if error code available.)
+	// Stability: stable
+	RPCConnectRPCErrorCodeKey = attribute.Key("rpc.connect_rpc.error_code")
+)
+
+var (
+	// cancelled
+	RPCConnectRPCErrorCodeCancelled = RPCConnectRPCErrorCodeKey.String("cancelled")
+	// unknown
+	RPCConnectRPCErrorCodeUnknown = RPCConnectRPCErrorCodeKey.String("unknown")
+	// invalid_argument
+	RPCConnectRPCErrorCodeInvalidArgument = RPCConnectRPCErrorCodeKey.String("invalid_argument")
+	// deadline_exceeded
+	RPCConnectRPCErrorCodeDeadlineExceeded = RPCConnectRPCErrorCodeKey.String("deadline_exceeded")
+	// not_found
+	RPCConnectRPCErrorCodeNotFound = RPCConnectRPCErrorCodeKey.String("not_found")
+	// already_exists
+	RPCConnectRPCErrorCodeAlreadyExists = RPCConnectRPCErrorCodeKey.String("already_exists")
+	// permission_denied
+	RPCConnectRPCErrorCodePermissionDenied = RPCConnectRPCErrorCodeKey.String("permission_denied")
+	// resource_exhausted
+	RPCConnectRPCErrorCodeResourceExhausted = RPCConnectRPCErrorCodeKey.String("resource_exhausted")
+	// failed_precondition
+	RPCConnectRPCErrorCodeFailedPrecondition = RPCConnectRPCErrorCodeKey.String("failed_precondition")
+	// aborted
+	RPCConnectRPCErrorCodeAborted = RPCConnectRPCErrorCodeKey.String("aborted")
+	// out_of_range
+	RPCConnectRPCErrorCodeOutOfRange = RPCConnectRPCErrorCodeKey.String("out_of_range")
+	// unimplemented
+	RPCConnectRPCErrorCodeUnimplemented = RPCConnectRPCErrorCodeKey.String("unimplemented")
+	// internal
+	RPCConnectRPCErrorCodeInternal = RPCConnectRPCErrorCodeKey.String("internal")
+	// unavailable
+	RPCConnectRPCErrorCodeUnavailable = RPCConnectRPCErrorCodeKey.String("unavailable")
+	// data_loss
+	RPCConnectRPCErrorCodeDataLoss = RPCConnectRPCErrorCodeKey.String("data_loss")
+	// unauthenticated
+	RPCConnectRPCErrorCodeUnauthenticated = RPCConnectRPCErrorCodeKey.String("unauthenticated")
+)
diff --git a/apis/vendor/go.opentelemetry.io/otel/trace/config.go b/apis/vendor/go.opentelemetry.io/otel/trace/config.go
index f058cc781..3aadc66cf 100644
--- a/apis/vendor/go.opentelemetry.io/otel/trace/config.go
+++ b/apis/vendor/go.opentelemetry.io/otel/trace/config.go
@@ -25,6 +25,7 @@ type TracerConfig struct {
 	instrumentationVersion string
 	// Schema URL of the telemetry emitted by the Tracer.
 	schemaURL string
+	attrs     attribute.Set
 }
 
 // InstrumentationVersion returns the version of the library providing instrumentation.
@@ -32,6 +33,12 @@ func (t *TracerConfig) InstrumentationVersion() string {
 	return t.instrumentationVersion
 }
 
+// InstrumentationAttributes returns the attributes associated with the library
+// providing instrumentation.
+func (t *TracerConfig) InstrumentationAttributes() attribute.Set {
+	return t.attrs
+}
+
 // SchemaURL returns the Schema URL of the telemetry emitted by the Tracer.
 func (t *TracerConfig) SchemaURL() string {
 	return t.schemaURL
@@ -261,6 +268,7 @@ func (o stackTraceOption) applyEvent(c EventConfig) EventConfig {
 	c.stackTrace = bool(o)
 	return c
 }
+
 func (o stackTraceOption) applySpan(c SpanConfig) SpanConfig {
 	c.stackTrace = bool(o)
 	return c
@@ -307,6 +315,16 @@ func WithInstrumentationVersion(version string) TracerOption {
 	})
 }
 
+// WithInstrumentationAttributes sets the instrumentation attributes.
+//
+// The passed attributes will be de-duplicated.
+func WithInstrumentationAttributes(attr ...attribute.KeyValue) TracerOption {
+	return tracerOptionFunc(func(config TracerConfig) TracerConfig {
+		config.attrs = attribute.NewSet(attr...)
+		return config
+	})
+}
+
 // WithSchemaURL sets the schema URL for the Tracer.
 func WithSchemaURL(schemaURL string) TracerOption {
 	return tracerOptionFunc(func(cfg TracerConfig) TracerConfig {
diff --git a/apis/vendor/go.opentelemetry.io/otel/trace/doc.go b/apis/vendor/go.opentelemetry.io/otel/trace/doc.go
index 391417718..440f3d756 100644
--- a/apis/vendor/go.opentelemetry.io/otel/trace/doc.go
+++ b/apis/vendor/go.opentelemetry.io/otel/trace/doc.go
@@ -17,7 +17,7 @@ Package trace provides an implementation of the tracing part of the
 OpenTelemetry API.
 
 To participate in distributed traces a Span needs to be created for the
-operation being performed as part of a traced workflow. It its simplest form:
+operation being performed as part of a traced workflow. In its simplest form:
 
 	var tracer trace.Tracer
 
@@ -62,5 +62,69 @@ a default.
 		defer span.End()
 		// ...
 	}
+
+# API Implementations
+
+This package does not conform to the standard Go versioning policy; all of its
+interfaces may have methods added to them without a package major version bump.
+This non-standard API evolution could surprise an uninformed implementation
+author. They could unknowingly build their implementation in a way that would
+result in a runtime panic for their users that update to the new API.
+
+The API is designed to help inform an instrumentation author about this
+non-standard API evolution. It requires them to choose a default behavior for
+unimplemented interface methods. There are three behavior choices they can
+make:
+
+  - Compilation failure
+  - Panic
+  - Default to another implementation
+
+All interfaces in this API embed a corresponding interface from
+[go.opentelemetry.io/otel/trace/embedded]. If an author wants the default
+behavior of their implementations to be a compilation failure, signaling to
+their users they need to update to the latest version of that implementation,
+they need to embed the corresponding interface from
+[go.opentelemetry.io/otel/trace/embedded] in their implementation. For
+example,
+
+	import "go.opentelemetry.io/otel/trace/embedded"
+
+	type TracerProvider struct {
+		embedded.TracerProvider
+		// ...
+	}
+
+If an author wants the default behavior of their implementations to panic, they
+can embed the API interface directly.
+
+	import "go.opentelemetry.io/otel/trace"
+
+	type TracerProvider struct {
+		trace.TracerProvider
+		// ...
+	}
+
+This option is not recommended. It will lead to publishing packages that
+contain runtime panics when users update to newer versions of
+[go.opentelemetry.io/otel/trace], which may be done with a trasitive
+dependency.
+
+Finally, an author can embed another implementation in theirs. The embedded
+implementation will be used for methods not defined by the author. For example,
+an author who wants to default to silently dropping the call can use
+[go.opentelemetry.io/otel/trace/noop]:
+
+	import "go.opentelemetry.io/otel/trace/noop"
+
+	type TracerProvider struct {
+		noop.TracerProvider
+		// ...
+	}
+
+It is strongly recommended that authors only embed
+[go.opentelemetry.io/otel/trace/noop] if they choose this default behavior.
+That implementation is the only one OpenTelemetry authors can guarantee will
+fully implement all the API interfaces when a user updates their API.
 */
 package trace // import "go.opentelemetry.io/otel/trace"
diff --git a/apis/vendor/go.opentelemetry.io/otel/trace/embedded/embedded.go b/apis/vendor/go.opentelemetry.io/otel/trace/embedded/embedded.go
new file mode 100644
index 000000000..898db5a75
--- /dev/null
+++ b/apis/vendor/go.opentelemetry.io/otel/trace/embedded/embedded.go
@@ -0,0 +1,56 @@
+// Copyright The OpenTelemetry Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Package embedded provides interfaces embedded within the [OpenTelemetry
+// trace API].
+//
+// Implementers of the [OpenTelemetry trace API] can embed the relevant type
+// from this package into their implementation directly. Doing so will result
+// in a compilation error for users when the [OpenTelemetry trace API] is
+// extended (which is something that can happen without a major version bump of
+// the API package).
+//
+// [OpenTelemetry trace API]: https://pkg.go.dev/go.opentelemetry.io/otel/trace
+package embedded // import "go.opentelemetry.io/otel/trace/embedded"
+
+// TracerProvider is embedded in
+// [go.opentelemetry.io/otel/trace.TracerProvider].
+//
+// Embed this interface in your implementation of the
+// [go.opentelemetry.io/otel/trace.TracerProvider] if you want users to
+// experience a compilation error, signaling they need to update to your latest
+// implementation, when the [go.opentelemetry.io/otel/trace.TracerProvider]
+// interface is extended (which is something that can happen without a major
+// version bump of the API package).
+type TracerProvider interface{ tracerProvider() }
+
+// Tracer is embedded in [go.opentelemetry.io/otel/trace.Tracer].
+//
+// Embed this interface in your implementation of the
+// [go.opentelemetry.io/otel/trace.Tracer] if you want users to experience a
+// compilation error, signaling they need to update to your latest
+// implementation, when the [go.opentelemetry.io/otel/trace.Tracer] interface
+// is extended (which is something that can happen without a major version bump
+// of the API package).
+type Tracer interface{ tracer() }
+
+// Span is embedded in [go.opentelemetry.io/otel/trace.Span].
+//
+// Embed this interface in your implementation of the
+// [go.opentelemetry.io/otel/trace.Span] if you want users to experience a
+// compilation error, signaling they need to update to your latest
+// implementation, when the [go.opentelemetry.io/otel/trace.Span] interface is
+// extended (which is something that can happen without a major version bump of
+// the API package).
+type Span interface{ span() }
diff --git a/apis/vendor/go.opentelemetry.io/otel/trace/noop.go b/apis/vendor/go.opentelemetry.io/otel/trace/noop.go
index 73950f207..c125491ca 100644
--- a/apis/vendor/go.opentelemetry.io/otel/trace/noop.go
+++ b/apis/vendor/go.opentelemetry.io/otel/trace/noop.go
@@ -19,16 +19,20 @@ import (
 
 	"go.opentelemetry.io/otel/attribute"
 	"go.opentelemetry.io/otel/codes"
+	"go.opentelemetry.io/otel/trace/embedded"
 )
 
 // NewNoopTracerProvider returns an implementation of TracerProvider that
 // performs no operations. The Tracer and Spans created from the returned
 // TracerProvider also perform no operations.
+//
+// Deprecated: Use [go.opentelemetry.io/otel/trace/noop.NewTracerProvider]
+// instead.
 func NewNoopTracerProvider() TracerProvider {
 	return noopTracerProvider{}
 }
 
-type noopTracerProvider struct{}
+type noopTracerProvider struct{ embedded.TracerProvider }
 
 var _ TracerProvider = noopTracerProvider{}
 
@@ -37,8 +41,8 @@ func (p noopTracerProvider) Tracer(string, ...TracerOption) Tracer {
 	return noopTracer{}
 }
 
-// noopTracer is an implementation of Tracer that preforms no operations.
-type noopTracer struct{}
+// noopTracer is an implementation of Tracer that performs no operations.
+type noopTracer struct{ embedded.Tracer }
 
 var _ Tracer = noopTracer{}
 
@@ -53,8 +57,8 @@ func (t noopTracer) Start(ctx context.Context, name string, _ ...SpanStartOption
 	return ContextWithSpan(ctx, span), span
 }
 
-// noopSpan is an implementation of Span that preforms no operations.
-type noopSpan struct{}
+// noopSpan is an implementation of Span that performs no operations.
+type noopSpan struct{ embedded.Span }
 
 var _ Span = noopSpan{}
 
diff --git a/apis/vendor/go.opentelemetry.io/otel/trace/noop/noop.go b/apis/vendor/go.opentelemetry.io/otel/trace/noop/noop.go
new file mode 100644
index 000000000..7f485543c
--- /dev/null
+++ b/apis/vendor/go.opentelemetry.io/otel/trace/noop/noop.go
@@ -0,0 +1,118 @@
+// Copyright The OpenTelemetry Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Package noop provides an implementation of the OpenTelemetry trace API that
+// produces no telemetry and minimizes used computation resources.
+//
+// Using this package to implement the OpenTelemetry trace API will effectively
+// disable OpenTelemetry.
+//
+// This implementation can be embedded in other implementations of the
+// OpenTelemetry trace API. Doing so will mean the implementation defaults to
+// no operation for methods it does not implement.
+package noop // import "go.opentelemetry.io/otel/trace/noop"
+
+import (
+	"context"
+
+	"go.opentelemetry.io/otel/attribute"
+	"go.opentelemetry.io/otel/codes"
+	"go.opentelemetry.io/otel/trace"
+	"go.opentelemetry.io/otel/trace/embedded"
+)
+
+var (
+	// Compile-time check this implements the OpenTelemetry API.
+
+	_ trace.TracerProvider = TracerProvider{}
+	_ trace.Tracer         = Tracer{}
+	_ trace.Span           = Span{}
+)
+
+// TracerProvider is an OpenTelemetry No-Op TracerProvider.
+type TracerProvider struct{ embedded.TracerProvider }
+
+// NewTracerProvider returns a TracerProvider that does not record any telemetry.
+func NewTracerProvider() TracerProvider {
+	return TracerProvider{}
+}
+
+// Tracer returns an OpenTelemetry Tracer that does not record any telemetry.
+func (TracerProvider) Tracer(string, ...trace.TracerOption) trace.Tracer {
+	return Tracer{}
+}
+
+// Tracer is an OpenTelemetry No-Op Tracer.
+type Tracer struct{ embedded.Tracer }
+
+// Start creates a span. The created span will be set in a child context of ctx
+// and returned with the span.
+//
+// If ctx contains a span context, the returned span will also contain that
+// span context. If the span context in ctx is for a non-recording span, that
+// span instance will be returned directly.
+func (t Tracer) Start(ctx context.Context, _ string, _ ...trace.SpanStartOption) (context.Context, trace.Span) {
+	span := trace.SpanFromContext(ctx)
+
+	// If the parent context contains a non-zero span context, that span
+	// context needs to be returned as a non-recording span
+	// (https://github.com/open-telemetry/opentelemetry-specification/blob/3a1dde966a4ce87cce5adf464359fe369741bbea/specification/trace/api.md#behavior-of-the-api-in-the-absence-of-an-installed-sdk).
+	var zeroSC trace.SpanContext
+	if sc := span.SpanContext(); !sc.Equal(zeroSC) {
+		if !span.IsRecording() {
+			// If the span is not recording return it directly.
+			return ctx, span
+		}
+		// Otherwise, return the span context needs in a non-recording span.
+		span = Span{sc: sc}
+	} else {
+		// No parent, return a No-Op span with an empty span context.
+		span = Span{}
+	}
+	return trace.ContextWithSpan(ctx, span), span
+}
+
+// Span is an OpenTelemetry No-Op Span.
+type Span struct {
+	embedded.Span
+
+	sc trace.SpanContext
+}
+
+// SpanContext returns an empty span context.
+func (s Span) SpanContext() trace.SpanContext { return s.sc }
+
+// IsRecording always returns false.
+func (Span) IsRecording() bool { return false }
+
+// SetStatus does nothing.
+func (Span) SetStatus(codes.Code, string) {}
+
+// SetAttributes does nothing.
+func (Span) SetAttributes(...attribute.KeyValue) {}
+
+// End does nothing.
+func (Span) End(...trace.SpanEndOption) {}
+
+// RecordError does nothing.
+func (Span) RecordError(error, ...trace.EventOption) {}
+
+// AddEvent does nothing.
+func (Span) AddEvent(string, ...trace.EventOption) {}
+
+// SetName does nothing.
+func (Span) SetName(string) {}
+
+// TracerProvider returns a No-Op TracerProvider.
+func (Span) TracerProvider() trace.TracerProvider { return TracerProvider{} }
diff --git a/apis/vendor/go.opentelemetry.io/otel/trace/trace.go b/apis/vendor/go.opentelemetry.io/otel/trace/trace.go
index 97f3d8385..26a4b2260 100644
--- a/apis/vendor/go.opentelemetry.io/otel/trace/trace.go
+++ b/apis/vendor/go.opentelemetry.io/otel/trace/trace.go
@@ -22,6 +22,7 @@ import (
 
 	"go.opentelemetry.io/otel/attribute"
 	"go.opentelemetry.io/otel/codes"
+	"go.opentelemetry.io/otel/trace/embedded"
 )
 
 const (
@@ -48,8 +49,10 @@ func (e errorConst) Error() string {
 // nolint:revive // revive complains about stutter of `trace.TraceID`.
 type TraceID [16]byte
 
-var nilTraceID TraceID
-var _ json.Marshaler = nilTraceID
+var (
+	nilTraceID TraceID
+	_          json.Marshaler = nilTraceID
+)
 
 // IsValid checks whether the trace TraceID is valid. A valid trace ID does
 // not consist of zeros only.
@@ -71,8 +74,10 @@ func (t TraceID) String() string {
 // SpanID is a unique identity of a span in a trace.
 type SpanID [8]byte
 
-var nilSpanID SpanID
-var _ json.Marshaler = nilSpanID
+var (
+	nilSpanID SpanID
+	_         json.Marshaler = nilSpanID
+)
 
 // IsValid checks whether the SpanID is valid. A valid SpanID does not consist
 // of zeros only.
@@ -338,8 +343,15 @@ func (sc SpanContext) MarshalJSON() ([]byte, error) {
 // create a Span and it is then up to the operation the Span represents to
 // properly end the Span when the operation itself ends.
 //
-// Warning: methods may be added to this interface in minor releases.
+// Warning: Methods may be added to this interface in minor releases. See
+// package documentation on API implementation for information on how to set
+// default behavior for unimplemented methods.
 type Span interface {
+	// Users of the interface can ignore this. This embedded type is only used
+	// by implementations of this interface. See the "API Implementations"
+	// section of the package documentation for more information.
+	embedded.Span
+
 	// End completes the Span. The Span is considered complete and ready to be
 	// delivered through the rest of the telemetry pipeline after this method
 	// is called. Therefore, updates to the Span are not allowed after this
@@ -364,8 +376,9 @@ type Span interface {
 	SpanContext() SpanContext
 
 	// SetStatus sets the status of the Span in the form of a code and a
-	// description, overriding previous values set. The description is only
-	// included in a status when the code is for an error.
+	// description, provided the status hasn't already been set to a higher
+	// value before (OK > Error > Unset). The description is only included in a
+	// status when the code is for an error.
 	SetStatus(code codes.Code, description string)
 
 	// SetName sets the Span name.
@@ -485,8 +498,15 @@ func (sk SpanKind) String() string {
 
 // Tracer is the creator of Spans.
 //
-// Warning: methods may be added to this interface in minor releases.
+// Warning: Methods may be added to this interface in minor releases. See
+// package documentation on API implementation for information on how to set
+// default behavior for unimplemented methods.
 type Tracer interface {
+	// Users of the interface can ignore this. This embedded type is only used
+	// by implementations of this interface. See the "API Implementations"
+	// section of the package documentation for more information.
+	embedded.Tracer
+
 	// Start creates a span and a context.Context containing the newly-created span.
 	//
 	// If the context.Context provided in `ctx` contains a Span then the newly-created
@@ -517,8 +537,15 @@ type Tracer interface {
 // at runtime from its users or it can simply use the globally registered one
 // (see https://pkg.go.dev/go.opentelemetry.io/otel#GetTracerProvider).
 //
-// Warning: methods may be added to this interface in minor releases.
+// Warning: Methods may be added to this interface in minor releases. See
+// package documentation on API implementation for information on how to set
+// default behavior for unimplemented methods.
 type TracerProvider interface {
+	// Users of the interface can ignore this. This embedded type is only used
+	// by implementations of this interface. See the "API Implementations"
+	// section of the package documentation for more information.
+	embedded.TracerProvider
+
 	// Tracer returns a unique Tracer scoped to be used by instrumentation code
 	// to trace computational workflows. The scope and identity of that
 	// instrumentation code is uniquely defined by the name and options passed.
diff --git a/apis/vendor/go.opentelemetry.io/otel/trace/tracestate.go b/apis/vendor/go.opentelemetry.io/otel/trace/tracestate.go
index ca68a82e5..d1e47ca2f 100644
--- a/apis/vendor/go.opentelemetry.io/otel/trace/tracestate.go
+++ b/apis/vendor/go.opentelemetry.io/otel/trace/tracestate.go
@@ -28,9 +28,9 @@ const (
 
 	// based on the W3C Trace Context specification, see
 	// https://www.w3.org/TR/trace-context-1/#tracestate-header
-	noTenantKeyFormat   = `[a-z][_0-9a-z\-\*\/]{0,255}`
-	withTenantKeyFormat = `[a-z0-9][_0-9a-z\-\*\/]{0,240}@[a-z][_0-9a-z\-\*\/]{0,13}`
-	valueFormat         = `[\x20-\x2b\x2d-\x3c\x3e-\x7e]{0,255}[\x21-\x2b\x2d-\x3c\x3e-\x7e]`
+	noTenantKeyFormat   = `[a-z][_0-9a-z\-\*\/]*`
+	withTenantKeyFormat = `[a-z0-9][_0-9a-z\-\*\/]*@[a-z][_0-9a-z\-\*\/]*`
+	valueFormat         = `[\x20-\x2b\x2d-\x3c\x3e-\x7e]*[\x21-\x2b\x2d-\x3c\x3e-\x7e]`
 
 	errInvalidKey    errorConst = "invalid tracestate key"
 	errInvalidValue  errorConst = "invalid tracestate value"
@@ -40,9 +40,10 @@ const (
 )
 
 var (
-	keyRe    = regexp.MustCompile(`^((` + noTenantKeyFormat + `)|(` + withTenantKeyFormat + `))$`)
-	valueRe  = regexp.MustCompile(`^(` + valueFormat + `)$`)
-	memberRe = regexp.MustCompile(`^\s*((` + noTenantKeyFormat + `)|(` + withTenantKeyFormat + `))=(` + valueFormat + `)\s*$`)
+	noTenantKeyRe   = regexp.MustCompile(`^` + noTenantKeyFormat + `$`)
+	withTenantKeyRe = regexp.MustCompile(`^` + withTenantKeyFormat + `$`)
+	valueRe         = regexp.MustCompile(`^` + valueFormat + `$`)
+	memberRe        = regexp.MustCompile(`^\s*((?:` + noTenantKeyFormat + `)|(?:` + withTenantKeyFormat + `))=(` + valueFormat + `)\s*$`)
 )
 
 type member struct {
@@ -51,10 +52,19 @@ type member struct {
 }
 
 func newMember(key, value string) (member, error) {
-	if !keyRe.MatchString(key) {
+	if len(key) > 256 {
 		return member{}, fmt.Errorf("%w: %s", errInvalidKey, key)
 	}
-	if !valueRe.MatchString(value) {
+	if !noTenantKeyRe.MatchString(key) {
+		if !withTenantKeyRe.MatchString(key) {
+			return member{}, fmt.Errorf("%w: %s", errInvalidKey, key)
+		}
+		atIndex := strings.LastIndex(key, "@")
+		if atIndex > 241 || len(key)-1-atIndex > 14 {
+			return member{}, fmt.Errorf("%w: %s", errInvalidKey, key)
+		}
+	}
+	if len(value) > 256 || !valueRe.MatchString(value) {
 		return member{}, fmt.Errorf("%w: %s", errInvalidValue, value)
 	}
 	return member{Key: key, Value: value}, nil
@@ -62,14 +72,14 @@ func newMember(key, value string) (member, error) {
 
 func parseMember(m string) (member, error) {
 	matches := memberRe.FindStringSubmatch(m)
-	if len(matches) != 5 {
+	if len(matches) != 3 {
 		return member{}, fmt.Errorf("%w: %s", errInvalidMember, m)
 	}
-
-	return member{
-		Key:   matches[1],
-		Value: matches[4],
-	}, nil
+	result, e := newMember(matches[1], matches[2])
+	if e != nil {
+		return member{}, fmt.Errorf("%w: %s", errInvalidMember, m)
+	}
+	return result, nil
 }
 
 // String encodes member into a string compliant with the W3C Trace Context
diff --git a/apis/vendor/go.opentelemetry.io/otel/version.go b/apis/vendor/go.opentelemetry.io/otel/version.go
index 806db41c5..e2f743585 100644
--- a/apis/vendor/go.opentelemetry.io/otel/version.go
+++ b/apis/vendor/go.opentelemetry.io/otel/version.go
@@ -16,5 +16,5 @@ package otel // import "go.opentelemetry.io/otel"
 
 // Version is the current release version of OpenTelemetry in use.
 func Version() string {
-	return "1.10.0"
+	return "1.21.0"
 }
diff --git a/apis/vendor/go.opentelemetry.io/otel/versions.yaml b/apis/vendor/go.opentelemetry.io/otel/versions.yaml
index ec2ca16d2..3c153c9d6 100644
--- a/apis/vendor/go.opentelemetry.io/otel/versions.yaml
+++ b/apis/vendor/go.opentelemetry.io/otel/versions.yaml
@@ -14,45 +14,39 @@
 
 module-sets:
   stable-v1:
-    version: v1.10.0
+    version: v1.21.0
     modules:
       - go.opentelemetry.io/otel
       - go.opentelemetry.io/otel/bridge/opentracing
-      - go.opentelemetry.io/otel/example/fib
-      - go.opentelemetry.io/otel/example/jaeger
+      - go.opentelemetry.io/otel/bridge/opentracing/test
+      - go.opentelemetry.io/otel/example/dice
       - go.opentelemetry.io/otel/example/namedtracer
       - go.opentelemetry.io/otel/example/otel-collector
       - go.opentelemetry.io/otel/example/passthrough
       - go.opentelemetry.io/otel/example/zipkin
-      - go.opentelemetry.io/otel/exporters/jaeger
-      - go.opentelemetry.io/otel/exporters/zipkin
       - go.opentelemetry.io/otel/exporters/otlp/otlptrace
       - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc
       - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp
-      - go.opentelemetry.io/otel/exporters/otlp/internal/retry
       - go.opentelemetry.io/otel/exporters/stdout/stdouttrace
-      - go.opentelemetry.io/otel/trace
+      - go.opentelemetry.io/otel/exporters/zipkin
+      - go.opentelemetry.io/otel/metric
       - go.opentelemetry.io/otel/sdk
+      - go.opentelemetry.io/otel/sdk/metric
+      - go.opentelemetry.io/otel/trace
   experimental-metrics:
-    version: v0.31.0
+    version: v0.44.0
     modules:
+      - go.opentelemetry.io/otel/bridge/opencensus
+      - go.opentelemetry.io/otel/bridge/opencensus/test
+      - go.opentelemetry.io/otel/example/opencensus
       - go.opentelemetry.io/otel/example/prometheus
-      - go.opentelemetry.io/otel/exporters/otlp/otlpmetric
       - go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc
       - go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp
       - go.opentelemetry.io/otel/exporters/prometheus
       - go.opentelemetry.io/otel/exporters/stdout/stdoutmetric
-      - go.opentelemetry.io/otel/metric
-      - go.opentelemetry.io/otel/sdk/metric
   experimental-schema:
-    version: v0.0.3
+    version: v0.0.7
     modules:
       - go.opentelemetry.io/otel/schema
-  bridge:
-    version: v0.31.0
-    modules:
-      - go.opentelemetry.io/otel/bridge/opencensus
-      - go.opentelemetry.io/otel/bridge/opencensus/test
-      - go.opentelemetry.io/otel/example/opencensus
 excluded-modules:
   - go.opentelemetry.io/otel/internal/tools
diff --git a/apis/vendor/go.opentelemetry.io/proto/otlp/collector/trace/v1/trace_service.pb.go b/apis/vendor/go.opentelemetry.io/proto/otlp/collector/trace/v1/trace_service.pb.go
index fc285c089..c1af04e84 100644
--- a/apis/vendor/go.opentelemetry.io/proto/otlp/collector/trace/v1/trace_service.pb.go
+++ b/apis/vendor/go.opentelemetry.io/proto/otlp/collector/trace/v1/trace_service.pb.go
@@ -15,7 +15,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.26.0
-// 	protoc        v3.17.3
+// 	protoc        v3.21.6
 // source: opentelemetry/proto/collector/trace/v1/trace_service.proto
 
 package v1
diff --git a/apis/vendor/go.opentelemetry.io/proto/otlp/collector/trace/v1/trace_service.pb.gw.go b/apis/vendor/go.opentelemetry.io/proto/otlp/collector/trace/v1/trace_service.pb.gw.go
index d142c2a44..bb1bd261e 100644
--- a/apis/vendor/go.opentelemetry.io/proto/otlp/collector/trace/v1/trace_service.pb.gw.go
+++ b/apis/vendor/go.opentelemetry.io/proto/otlp/collector/trace/v1/trace_service.pb.gw.go
@@ -77,20 +77,22 @@ func RegisterTraceServiceHandlerServer(ctx context.Context, mux *runtime.ServeMu
 		var stream runtime.ServerTransportStream
 		ctx = grpc.NewContextWithServerTransportStream(ctx, &stream)
 		inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req)
-		rctx, err := runtime.AnnotateIncomingContext(ctx, mux, req, "/opentelemetry.proto.collector.trace.v1.TraceService/Export", runtime.WithHTTPPathPattern("/v1/trace"))
+		var err error
+		var annotatedContext context.Context
+		annotatedContext, err = runtime.AnnotateIncomingContext(ctx, mux, req, "/opentelemetry.proto.collector.trace.v1.TraceService/Export", runtime.WithHTTPPathPattern("/v1/traces"))
 		if err != nil {
 			runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err)
 			return
 		}
-		resp, md, err := local_request_TraceService_Export_0(rctx, inboundMarshaler, server, req, pathParams)
+		resp, md, err := local_request_TraceService_Export_0(annotatedContext, inboundMarshaler, server, req, pathParams)
 		md.HeaderMD, md.TrailerMD = metadata.Join(md.HeaderMD, stream.Header()), metadata.Join(md.TrailerMD, stream.Trailer())
-		ctx = runtime.NewServerMetadataContext(ctx, md)
+		annotatedContext = runtime.NewServerMetadataContext(annotatedContext, md)
 		if err != nil {
-			runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err)
+			runtime.HTTPError(annotatedContext, mux, outboundMarshaler, w, req, err)
 			return
 		}
 
-		forward_TraceService_Export_0(ctx, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...)
+		forward_TraceService_Export_0(annotatedContext, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...)
 
 	})
 
@@ -139,19 +141,21 @@ func RegisterTraceServiceHandlerClient(ctx context.Context, mux *runtime.ServeMu
 		ctx, cancel := context.WithCancel(req.Context())
 		defer cancel()
 		inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req)
-		rctx, err := runtime.AnnotateContext(ctx, mux, req, "/opentelemetry.proto.collector.trace.v1.TraceService/Export", runtime.WithHTTPPathPattern("/v1/trace"))
+		var err error
+		var annotatedContext context.Context
+		annotatedContext, err = runtime.AnnotateContext(ctx, mux, req, "/opentelemetry.proto.collector.trace.v1.TraceService/Export", runtime.WithHTTPPathPattern("/v1/traces"))
 		if err != nil {
 			runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err)
 			return
 		}
-		resp, md, err := request_TraceService_Export_0(rctx, inboundMarshaler, client, req, pathParams)
-		ctx = runtime.NewServerMetadataContext(ctx, md)
+		resp, md, err := request_TraceService_Export_0(annotatedContext, inboundMarshaler, client, req, pathParams)
+		annotatedContext = runtime.NewServerMetadataContext(annotatedContext, md)
 		if err != nil {
-			runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err)
+			runtime.HTTPError(annotatedContext, mux, outboundMarshaler, w, req, err)
 			return
 		}
 
-		forward_TraceService_Export_0(ctx, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...)
+		forward_TraceService_Export_0(annotatedContext, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...)
 
 	})
 
@@ -159,7 +163,7 @@ func RegisterTraceServiceHandlerClient(ctx context.Context, mux *runtime.ServeMu
 }
 
 var (
-	pattern_TraceService_Export_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1}, []string{"v1", "trace"}, ""))
+	pattern_TraceService_Export_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1}, []string{"v1", "traces"}, ""))
 )
 
 var (
diff --git a/apis/vendor/go.opentelemetry.io/proto/otlp/collector/trace/v1/trace_service_grpc.pb.go b/apis/vendor/go.opentelemetry.io/proto/otlp/collector/trace/v1/trace_service_grpc.pb.go
index c21f2cb47..dd1b73f1e 100644
--- a/apis/vendor/go.opentelemetry.io/proto/otlp/collector/trace/v1/trace_service_grpc.pb.go
+++ b/apis/vendor/go.opentelemetry.io/proto/otlp/collector/trace/v1/trace_service_grpc.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go-grpc. DO NOT EDIT.
 // versions:
 // - protoc-gen-go-grpc v1.1.0
-// - protoc             v3.17.3
+// - protoc             v3.21.6
 // source: opentelemetry/proto/collector/trace/v1/trace_service.proto
 
 package v1
diff --git a/apis/vendor/go.opentelemetry.io/proto/otlp/common/v1/common.pb.go b/apis/vendor/go.opentelemetry.io/proto/otlp/common/v1/common.pb.go
index 8502e607b..852209b09 100644
--- a/apis/vendor/go.opentelemetry.io/proto/otlp/common/v1/common.pb.go
+++ b/apis/vendor/go.opentelemetry.io/proto/otlp/common/v1/common.pb.go
@@ -15,7 +15,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.26.0
-// 	protoc        v3.17.3
+// 	protoc        v3.21.6
 // source: opentelemetry/proto/common/v1/common.proto
 
 package v1
@@ -361,8 +361,11 @@ type InstrumentationScope struct {
 	unknownFields protoimpl.UnknownFields
 
 	// An empty instrumentation scope name means the name is unknown.
-	Name                   string      `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
-	Version                string      `protobuf:"bytes,2,opt,name=version,proto3" json:"version,omitempty"`
+	Name    string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
+	Version string `protobuf:"bytes,2,opt,name=version,proto3" json:"version,omitempty"`
+	// Additional attributes that describe the scope. [Optional].
+	// Attribute keys MUST be unique (it is not allowed to have more than one
+	// attribute with the same key).
 	Attributes             []*KeyValue `protobuf:"bytes,3,rep,name=attributes,proto3" json:"attributes,omitempty"`
 	DroppedAttributesCount uint32      `protobuf:"varint,4,opt,name=dropped_attributes_count,json=droppedAttributesCount,proto3" json:"dropped_attributes_count,omitempty"`
 }
diff --git a/apis/vendor/go.opentelemetry.io/proto/otlp/resource/v1/resource.pb.go b/apis/vendor/go.opentelemetry.io/proto/otlp/resource/v1/resource.pb.go
index bcc1060e3..b7545b03b 100644
--- a/apis/vendor/go.opentelemetry.io/proto/otlp/resource/v1/resource.pb.go
+++ b/apis/vendor/go.opentelemetry.io/proto/otlp/resource/v1/resource.pb.go
@@ -15,7 +15,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.26.0
-// 	protoc        v3.17.3
+// 	protoc        v3.21.6
 // source: opentelemetry/proto/resource/v1/resource.proto
 
 package v1
diff --git a/apis/vendor/go.opentelemetry.io/proto/otlp/trace/v1/trace.pb.go b/apis/vendor/go.opentelemetry.io/proto/otlp/trace/v1/trace.pb.go
index 499a43d77..51a499816 100644
--- a/apis/vendor/go.opentelemetry.io/proto/otlp/trace/v1/trace.pb.go
+++ b/apis/vendor/go.opentelemetry.io/proto/otlp/trace/v1/trace.pb.go
@@ -15,7 +15,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.26.0
-// 	protoc        v3.17.3
+// 	protoc        v3.21.6
 // source: opentelemetry/proto/trace/v1/trace.proto
 
 package v1
@@ -117,8 +117,8 @@ type Status_StatusCode int32
 const (
 	// The default status.
 	Status_STATUS_CODE_UNSET Status_StatusCode = 0
-	// The Span has been validated by an Application developers or Operator to have
-	// completed successfully.
+	// The Span has been validated by an Application developer or Operator to
+	// have completed successfully.
 	Status_STATUS_CODE_OK Status_StatusCode = 1
 	// The Span contains an error.
 	Status_STATUS_CODE_ERROR Status_StatusCode = 2
@@ -374,20 +374,16 @@ type Span struct {
 	unknownFields protoimpl.UnknownFields
 
 	// A unique identifier for a trace. All spans from the same trace share
-	// the same `trace_id`. The ID is a 16-byte array. An ID with all zeroes
-	// is considered invalid.
-	//
-	// This field is semantically required. Receiver should generate new
-	// random trace_id if empty or invalid trace_id was received.
+	// the same `trace_id`. The ID is a 16-byte array. An ID with all zeroes OR
+	// of length other than 16 bytes is considered invalid (empty string in OTLP/JSON
+	// is zero-length and thus is also invalid).
 	//
 	// This field is required.
 	TraceId []byte `protobuf:"bytes,1,opt,name=trace_id,json=traceId,proto3" json:"trace_id,omitempty"`
 	// A unique identifier for a span within a trace, assigned when the span
-	// is created. The ID is an 8-byte array. An ID with all zeroes is considered
-	// invalid.
-	//
-	// This field is semantically required. Receiver should generate new
-	// random span_id if empty or invalid span_id was received.
+	// is created. The ID is an 8-byte array. An ID with all zeroes OR of length
+	// other than 8 bytes is considered invalid (empty string in OTLP/JSON
+	// is zero-length and thus is also invalid).
 	//
 	// This field is required.
 	SpanId []byte `protobuf:"bytes,2,opt,name=span_id,json=spanId,proto3" json:"span_id,omitempty"`
@@ -433,8 +429,8 @@ type Span struct {
 	//
 	//     "/http/user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36"
 	//     "/http/server_latency": 300
-	//     "abc.com/myattribute": true
-	//     "abc.com/score": 10.239
+	//     "example.com/myattribute": true
+	//     "example.com/score": 10.239
 	//
 	// The OpenTelemetry API specification further restricts the allowed value types:
 	// https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/common/README.md#attribute
diff --git a/apis/vendor/golang.org/x/oauth2/internal/client_appengine.go b/apis/vendor/golang.org/x/oauth2/internal/client_appengine.go
index e1755d1d9..d28140f78 100644
--- a/apis/vendor/golang.org/x/oauth2/internal/client_appengine.go
+++ b/apis/vendor/golang.org/x/oauth2/internal/client_appengine.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build appengine
-// +build appengine
 
 package internal
 
diff --git a/apis/vendor/golang.org/x/oauth2/internal/oauth2.go b/apis/vendor/golang.org/x/oauth2/internal/oauth2.go
index c0ab196cf..14989beaf 100644
--- a/apis/vendor/golang.org/x/oauth2/internal/oauth2.go
+++ b/apis/vendor/golang.org/x/oauth2/internal/oauth2.go
@@ -14,7 +14,7 @@ import (
 
 // ParseKey converts the binary contents of a private key file
 // to an *rsa.PrivateKey. It detects whether the private key is in a
-// PEM container or not. If so, it extracts the the private key
+// PEM container or not. If so, it extracts the private key
 // from PEM container before conversion. It only supports PEM
 // containers with no passphrase.
 func ParseKey(key []byte) (*rsa.PrivateKey, error) {
diff --git a/apis/vendor/golang.org/x/oauth2/internal/token.go b/apis/vendor/golang.org/x/oauth2/internal/token.go
index b4723fcac..58901bda5 100644
--- a/apis/vendor/golang.org/x/oauth2/internal/token.go
+++ b/apis/vendor/golang.org/x/oauth2/internal/token.go
@@ -55,12 +55,18 @@ type Token struct {
 }
 
 // tokenJSON is the struct representing the HTTP response from OAuth2
-// providers returning a token in JSON form.
+// providers returning a token or error in JSON form.
+// https://datatracker.ietf.org/doc/html/rfc6749#section-5.1
 type tokenJSON struct {
 	AccessToken  string         `json:"access_token"`
 	TokenType    string         `json:"token_type"`
 	RefreshToken string         `json:"refresh_token"`
 	ExpiresIn    expirationTime `json:"expires_in"` // at least PayPal returns string, while most return number
+	// error fields
+	// https://datatracker.ietf.org/doc/html/rfc6749#section-5.2
+	ErrorCode        string `json:"error"`
+	ErrorDescription string `json:"error_description"`
+	ErrorURI         string `json:"error_uri"`
 }
 
 func (e *tokenJSON) expiry() (t time.Time) {
@@ -236,21 +242,29 @@ func doTokenRoundTrip(ctx context.Context, req *http.Request) (*Token, error) {
 	if err != nil {
 		return nil, fmt.Errorf("oauth2: cannot fetch token: %v", err)
 	}
-	if code := r.StatusCode; code < 200 || code > 299 {
-		return nil, &RetrieveError{
-			Response: r,
-			Body:     body,
-		}
+
+	failureStatus := r.StatusCode < 200 || r.StatusCode > 299
+	retrieveError := &RetrieveError{
+		Response: r,
+		Body:     body,
+		// attempt to populate error detail below
 	}
 
 	var token *Token
 	content, _, _ := mime.ParseMediaType(r.Header.Get("Content-Type"))
 	switch content {
 	case "application/x-www-form-urlencoded", "text/plain":
+		// some endpoints return a query string
 		vals, err := url.ParseQuery(string(body))
 		if err != nil {
-			return nil, err
+			if failureStatus {
+				return nil, retrieveError
+			}
+			return nil, fmt.Errorf("oauth2: cannot parse response: %v", err)
 		}
+		retrieveError.ErrorCode = vals.Get("error")
+		retrieveError.ErrorDescription = vals.Get("error_description")
+		retrieveError.ErrorURI = vals.Get("error_uri")
 		token = &Token{
 			AccessToken:  vals.Get("access_token"),
 			TokenType:    vals.Get("token_type"),
@@ -265,8 +279,14 @@ func doTokenRoundTrip(ctx context.Context, req *http.Request) (*Token, error) {
 	default:
 		var tj tokenJSON
 		if err = json.Unmarshal(body, &tj); err != nil {
-			return nil, err
+			if failureStatus {
+				return nil, retrieveError
+			}
+			return nil, fmt.Errorf("oauth2: cannot parse json: %v", err)
 		}
+		retrieveError.ErrorCode = tj.ErrorCode
+		retrieveError.ErrorDescription = tj.ErrorDescription
+		retrieveError.ErrorURI = tj.ErrorURI
 		token = &Token{
 			AccessToken:  tj.AccessToken,
 			TokenType:    tj.TokenType,
@@ -276,17 +296,37 @@ func doTokenRoundTrip(ctx context.Context, req *http.Request) (*Token, error) {
 		}
 		json.Unmarshal(body, &token.Raw) // no error checks for optional fields
 	}
+	// according to spec, servers should respond status 400 in error case
+	// https://www.rfc-editor.org/rfc/rfc6749#section-5.2
+	// but some unorthodox servers respond 200 in error case
+	if failureStatus || retrieveError.ErrorCode != "" {
+		return nil, retrieveError
+	}
 	if token.AccessToken == "" {
 		return nil, errors.New("oauth2: server response missing access_token")
 	}
 	return token, nil
 }
 
+// mirrors oauth2.RetrieveError
 type RetrieveError struct {
-	Response *http.Response
-	Body     []byte
+	Response         *http.Response
+	Body             []byte
+	ErrorCode        string
+	ErrorDescription string
+	ErrorURI         string
 }
 
 func (r *RetrieveError) Error() string {
+	if r.ErrorCode != "" {
+		s := fmt.Sprintf("oauth2: %q", r.ErrorCode)
+		if r.ErrorDescription != "" {
+			s += fmt.Sprintf(" %q", r.ErrorDescription)
+		}
+		if r.ErrorURI != "" {
+			s += fmt.Sprintf(" %q", r.ErrorURI)
+		}
+		return s
+	}
 	return fmt.Sprintf("oauth2: cannot fetch token: %v\nResponse: %s", r.Response.Status, r.Body)
 }
diff --git a/apis/vendor/golang.org/x/oauth2/token.go b/apis/vendor/golang.org/x/oauth2/token.go
index 7c64006de..5ffce9764 100644
--- a/apis/vendor/golang.org/x/oauth2/token.go
+++ b/apis/vendor/golang.org/x/oauth2/token.go
@@ -175,14 +175,31 @@ func retrieveToken(ctx context.Context, c *Config, v url.Values) (*Token, error)
 }
 
 // RetrieveError is the error returned when the token endpoint returns a
-// non-2XX HTTP status code.
+// non-2XX HTTP status code or populates RFC 6749's 'error' parameter.
+// https://datatracker.ietf.org/doc/html/rfc6749#section-5.2
 type RetrieveError struct {
 	Response *http.Response
 	// Body is the body that was consumed by reading Response.Body.
 	// It may be truncated.
 	Body []byte
+	// ErrorCode is RFC 6749's 'error' parameter.
+	ErrorCode string
+	// ErrorDescription is RFC 6749's 'error_description' parameter.
+	ErrorDescription string
+	// ErrorURI is RFC 6749's 'error_uri' parameter.
+	ErrorURI string
 }
 
 func (r *RetrieveError) Error() string {
+	if r.ErrorCode != "" {
+		s := fmt.Sprintf("oauth2: %q", r.ErrorCode)
+		if r.ErrorDescription != "" {
+			s += fmt.Sprintf(" %q", r.ErrorDescription)
+		}
+		if r.ErrorURI != "" {
+			s += fmt.Sprintf(" %q", r.ErrorURI)
+		}
+		return s
+	}
 	return fmt.Sprintf("oauth2: cannot fetch token: %v\nResponse: %s", r.Response.Status, r.Body)
 }
diff --git a/apis/vendor/golang.org/x/sys/execabs/execabs_go118.go b/apis/vendor/golang.org/x/sys/execabs/execabs_go118.go
index 2000064a8..5627d70e3 100644
--- a/apis/vendor/golang.org/x/sys/execabs/execabs_go118.go
+++ b/apis/vendor/golang.org/x/sys/execabs/execabs_go118.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build !go1.19
-// +build !go1.19
 
 package execabs
 
diff --git a/apis/vendor/golang.org/x/sys/execabs/execabs_go119.go b/apis/vendor/golang.org/x/sys/execabs/execabs_go119.go
index f364b3418..d60ab1b41 100644
--- a/apis/vendor/golang.org/x/sys/execabs/execabs_go119.go
+++ b/apis/vendor/golang.org/x/sys/execabs/execabs_go119.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build go1.19
-// +build go1.19
 
 package execabs
 
diff --git a/apis/vendor/golang.org/x/sys/plan9/pwd_go15_plan9.go b/apis/vendor/golang.org/x/sys/plan9/pwd_go15_plan9.go
index c9b69937a..73687de74 100644
--- a/apis/vendor/golang.org/x/sys/plan9/pwd_go15_plan9.go
+++ b/apis/vendor/golang.org/x/sys/plan9/pwd_go15_plan9.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build go1.5
-// +build go1.5
 
 package plan9
 
diff --git a/apis/vendor/golang.org/x/sys/plan9/pwd_plan9.go b/apis/vendor/golang.org/x/sys/plan9/pwd_plan9.go
index 98bf56b73..fb9458218 100644
--- a/apis/vendor/golang.org/x/sys/plan9/pwd_plan9.go
+++ b/apis/vendor/golang.org/x/sys/plan9/pwd_plan9.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build !go1.5
-// +build !go1.5
 
 package plan9
 
diff --git a/apis/vendor/golang.org/x/sys/plan9/race.go b/apis/vendor/golang.org/x/sys/plan9/race.go
index 62377d2ff..c02d9ed33 100644
--- a/apis/vendor/golang.org/x/sys/plan9/race.go
+++ b/apis/vendor/golang.org/x/sys/plan9/race.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build plan9 && race
-// +build plan9,race
 
 package plan9
 
diff --git a/apis/vendor/golang.org/x/sys/plan9/race0.go b/apis/vendor/golang.org/x/sys/plan9/race0.go
index f8da30876..7b15e15f6 100644
--- a/apis/vendor/golang.org/x/sys/plan9/race0.go
+++ b/apis/vendor/golang.org/x/sys/plan9/race0.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build plan9 && !race
-// +build plan9,!race
 
 package plan9
 
diff --git a/apis/vendor/golang.org/x/sys/plan9/str.go b/apis/vendor/golang.org/x/sys/plan9/str.go
index 55fa8d025..ba3e8ff8a 100644
--- a/apis/vendor/golang.org/x/sys/plan9/str.go
+++ b/apis/vendor/golang.org/x/sys/plan9/str.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build plan9
-// +build plan9
 
 package plan9
 
diff --git a/apis/vendor/golang.org/x/sys/plan9/syscall.go b/apis/vendor/golang.org/x/sys/plan9/syscall.go
index 67e5b0115..d631fd664 100644
--- a/apis/vendor/golang.org/x/sys/plan9/syscall.go
+++ b/apis/vendor/golang.org/x/sys/plan9/syscall.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build plan9
-// +build plan9
 
 // Package plan9 contains an interface to the low-level operating system
 // primitives. OS details vary depending on the underlying system, and
diff --git a/apis/vendor/golang.org/x/sys/plan9/zsyscall_plan9_386.go b/apis/vendor/golang.org/x/sys/plan9/zsyscall_plan9_386.go
index 3f40b9bd7..f780d5c80 100644
--- a/apis/vendor/golang.org/x/sys/plan9/zsyscall_plan9_386.go
+++ b/apis/vendor/golang.org/x/sys/plan9/zsyscall_plan9_386.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build plan9 && 386
-// +build plan9,386
 
 package plan9
 
diff --git a/apis/vendor/golang.org/x/sys/plan9/zsyscall_plan9_amd64.go b/apis/vendor/golang.org/x/sys/plan9/zsyscall_plan9_amd64.go
index 0e6a96aa4..7de61065f 100644
--- a/apis/vendor/golang.org/x/sys/plan9/zsyscall_plan9_amd64.go
+++ b/apis/vendor/golang.org/x/sys/plan9/zsyscall_plan9_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build plan9 && amd64
-// +build plan9,amd64
 
 package plan9
 
diff --git a/apis/vendor/golang.org/x/sys/plan9/zsyscall_plan9_arm.go b/apis/vendor/golang.org/x/sys/plan9/zsyscall_plan9_arm.go
index 244c501b7..ea85780f0 100644
--- a/apis/vendor/golang.org/x/sys/plan9/zsyscall_plan9_arm.go
+++ b/apis/vendor/golang.org/x/sys/plan9/zsyscall_plan9_arm.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build plan9 && arm
-// +build plan9,arm
 
 package plan9
 
diff --git a/apis/vendor/golang.org/x/sys/unix/aliases.go b/apis/vendor/golang.org/x/sys/unix/aliases.go
index abc89c104..e7d3df4bd 100644
--- a/apis/vendor/golang.org/x/sys/unix/aliases.go
+++ b/apis/vendor/golang.org/x/sys/unix/aliases.go
@@ -3,8 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build (aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos) && go1.9
-// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris zos
-// +build go1.9
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/asm_aix_ppc64.s b/apis/vendor/golang.org/x/sys/unix/asm_aix_ppc64.s
index db9171c2e..269e173ca 100644
--- a/apis/vendor/golang.org/x/sys/unix/asm_aix_ppc64.s
+++ b/apis/vendor/golang.org/x/sys/unix/asm_aix_ppc64.s
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build gc
-// +build gc
 
 #include "textflag.h"
 
diff --git a/apis/vendor/golang.org/x/sys/unix/asm_bsd_386.s b/apis/vendor/golang.org/x/sys/unix/asm_bsd_386.s
index e0fcd9b3d..a4fcef0e0 100644
--- a/apis/vendor/golang.org/x/sys/unix/asm_bsd_386.s
+++ b/apis/vendor/golang.org/x/sys/unix/asm_bsd_386.s
@@ -3,8 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build (freebsd || netbsd || openbsd) && gc
-// +build freebsd netbsd openbsd
-// +build gc
 
 #include "textflag.h"
 
diff --git a/apis/vendor/golang.org/x/sys/unix/asm_bsd_amd64.s b/apis/vendor/golang.org/x/sys/unix/asm_bsd_amd64.s
index 2b99c349a..1e63615c5 100644
--- a/apis/vendor/golang.org/x/sys/unix/asm_bsd_amd64.s
+++ b/apis/vendor/golang.org/x/sys/unix/asm_bsd_amd64.s
@@ -3,8 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build (darwin || dragonfly || freebsd || netbsd || openbsd) && gc
-// +build darwin dragonfly freebsd netbsd openbsd
-// +build gc
 
 #include "textflag.h"
 
diff --git a/apis/vendor/golang.org/x/sys/unix/asm_bsd_arm.s b/apis/vendor/golang.org/x/sys/unix/asm_bsd_arm.s
index d702d4adc..6496c3100 100644
--- a/apis/vendor/golang.org/x/sys/unix/asm_bsd_arm.s
+++ b/apis/vendor/golang.org/x/sys/unix/asm_bsd_arm.s
@@ -3,8 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build (freebsd || netbsd || openbsd) && gc
-// +build freebsd netbsd openbsd
-// +build gc
 
 #include "textflag.h"
 
diff --git a/apis/vendor/golang.org/x/sys/unix/asm_bsd_arm64.s b/apis/vendor/golang.org/x/sys/unix/asm_bsd_arm64.s
index fe36a7391..4fd1f54da 100644
--- a/apis/vendor/golang.org/x/sys/unix/asm_bsd_arm64.s
+++ b/apis/vendor/golang.org/x/sys/unix/asm_bsd_arm64.s
@@ -3,8 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build (darwin || freebsd || netbsd || openbsd) && gc
-// +build darwin freebsd netbsd openbsd
-// +build gc
 
 #include "textflag.h"
 
diff --git a/apis/vendor/golang.org/x/sys/unix/asm_bsd_ppc64.s b/apis/vendor/golang.org/x/sys/unix/asm_bsd_ppc64.s
index e5b9a8489..42f7eb9e4 100644
--- a/apis/vendor/golang.org/x/sys/unix/asm_bsd_ppc64.s
+++ b/apis/vendor/golang.org/x/sys/unix/asm_bsd_ppc64.s
@@ -3,8 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build (darwin || freebsd || netbsd || openbsd) && gc
-// +build darwin freebsd netbsd openbsd
-// +build gc
 
 #include "textflag.h"
 
diff --git a/apis/vendor/golang.org/x/sys/unix/asm_bsd_riscv64.s b/apis/vendor/golang.org/x/sys/unix/asm_bsd_riscv64.s
index d560019ea..f8902667e 100644
--- a/apis/vendor/golang.org/x/sys/unix/asm_bsd_riscv64.s
+++ b/apis/vendor/golang.org/x/sys/unix/asm_bsd_riscv64.s
@@ -3,8 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build (darwin || freebsd || netbsd || openbsd) && gc
-// +build darwin freebsd netbsd openbsd
-// +build gc
 
 #include "textflag.h"
 
diff --git a/apis/vendor/golang.org/x/sys/unix/asm_linux_386.s b/apis/vendor/golang.org/x/sys/unix/asm_linux_386.s
index 8fd101d07..3b4734870 100644
--- a/apis/vendor/golang.org/x/sys/unix/asm_linux_386.s
+++ b/apis/vendor/golang.org/x/sys/unix/asm_linux_386.s
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build gc
-// +build gc
 
 #include "textflag.h"
 
diff --git a/apis/vendor/golang.org/x/sys/unix/asm_linux_amd64.s b/apis/vendor/golang.org/x/sys/unix/asm_linux_amd64.s
index 7ed38e43c..67e29f317 100644
--- a/apis/vendor/golang.org/x/sys/unix/asm_linux_amd64.s
+++ b/apis/vendor/golang.org/x/sys/unix/asm_linux_amd64.s
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build gc
-// +build gc
 
 #include "textflag.h"
 
diff --git a/apis/vendor/golang.org/x/sys/unix/asm_linux_arm.s b/apis/vendor/golang.org/x/sys/unix/asm_linux_arm.s
index 8ef1d5140..d6ae269ce 100644
--- a/apis/vendor/golang.org/x/sys/unix/asm_linux_arm.s
+++ b/apis/vendor/golang.org/x/sys/unix/asm_linux_arm.s
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build gc
-// +build gc
 
 #include "textflag.h"
 
diff --git a/apis/vendor/golang.org/x/sys/unix/asm_linux_arm64.s b/apis/vendor/golang.org/x/sys/unix/asm_linux_arm64.s
index 98ae02760..01e5e253c 100644
--- a/apis/vendor/golang.org/x/sys/unix/asm_linux_arm64.s
+++ b/apis/vendor/golang.org/x/sys/unix/asm_linux_arm64.s
@@ -3,9 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build linux && arm64 && gc
-// +build linux
-// +build arm64
-// +build gc
 
 #include "textflag.h"
 
diff --git a/apis/vendor/golang.org/x/sys/unix/asm_linux_loong64.s b/apis/vendor/golang.org/x/sys/unix/asm_linux_loong64.s
index 565357288..2abf12f6e 100644
--- a/apis/vendor/golang.org/x/sys/unix/asm_linux_loong64.s
+++ b/apis/vendor/golang.org/x/sys/unix/asm_linux_loong64.s
@@ -3,9 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build linux && loong64 && gc
-// +build linux
-// +build loong64
-// +build gc
 
 #include "textflag.h"
 
diff --git a/apis/vendor/golang.org/x/sys/unix/asm_linux_mips64x.s b/apis/vendor/golang.org/x/sys/unix/asm_linux_mips64x.s
index 21231d2ce..f84bae712 100644
--- a/apis/vendor/golang.org/x/sys/unix/asm_linux_mips64x.s
+++ b/apis/vendor/golang.org/x/sys/unix/asm_linux_mips64x.s
@@ -3,9 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build linux && (mips64 || mips64le) && gc
-// +build linux
-// +build mips64 mips64le
-// +build gc
 
 #include "textflag.h"
 
diff --git a/apis/vendor/golang.org/x/sys/unix/asm_linux_mipsx.s b/apis/vendor/golang.org/x/sys/unix/asm_linux_mipsx.s
index 6783b26c6..f08f62807 100644
--- a/apis/vendor/golang.org/x/sys/unix/asm_linux_mipsx.s
+++ b/apis/vendor/golang.org/x/sys/unix/asm_linux_mipsx.s
@@ -3,9 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build linux && (mips || mipsle) && gc
-// +build linux
-// +build mips mipsle
-// +build gc
 
 #include "textflag.h"
 
diff --git a/apis/vendor/golang.org/x/sys/unix/asm_linux_ppc64x.s b/apis/vendor/golang.org/x/sys/unix/asm_linux_ppc64x.s
index 19d498934..bdfc024d2 100644
--- a/apis/vendor/golang.org/x/sys/unix/asm_linux_ppc64x.s
+++ b/apis/vendor/golang.org/x/sys/unix/asm_linux_ppc64x.s
@@ -3,9 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build linux && (ppc64 || ppc64le) && gc
-// +build linux
-// +build ppc64 ppc64le
-// +build gc
 
 #include "textflag.h"
 
diff --git a/apis/vendor/golang.org/x/sys/unix/asm_linux_riscv64.s b/apis/vendor/golang.org/x/sys/unix/asm_linux_riscv64.s
index e42eb81d5..2e8c99612 100644
--- a/apis/vendor/golang.org/x/sys/unix/asm_linux_riscv64.s
+++ b/apis/vendor/golang.org/x/sys/unix/asm_linux_riscv64.s
@@ -3,8 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build riscv64 && gc
-// +build riscv64
-// +build gc
 
 #include "textflag.h"
 
diff --git a/apis/vendor/golang.org/x/sys/unix/asm_linux_s390x.s b/apis/vendor/golang.org/x/sys/unix/asm_linux_s390x.s
index c46aab339..2c394b11e 100644
--- a/apis/vendor/golang.org/x/sys/unix/asm_linux_s390x.s
+++ b/apis/vendor/golang.org/x/sys/unix/asm_linux_s390x.s
@@ -3,9 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build linux && s390x && gc
-// +build linux
-// +build s390x
-// +build gc
 
 #include "textflag.h"
 
diff --git a/apis/vendor/golang.org/x/sys/unix/asm_openbsd_mips64.s b/apis/vendor/golang.org/x/sys/unix/asm_openbsd_mips64.s
index 5e7a1169c..fab586a2c 100644
--- a/apis/vendor/golang.org/x/sys/unix/asm_openbsd_mips64.s
+++ b/apis/vendor/golang.org/x/sys/unix/asm_openbsd_mips64.s
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build gc
-// +build gc
 
 #include "textflag.h"
 
diff --git a/apis/vendor/golang.org/x/sys/unix/asm_solaris_amd64.s b/apis/vendor/golang.org/x/sys/unix/asm_solaris_amd64.s
index f8c5394c1..f949ec547 100644
--- a/apis/vendor/golang.org/x/sys/unix/asm_solaris_amd64.s
+++ b/apis/vendor/golang.org/x/sys/unix/asm_solaris_amd64.s
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build gc
-// +build gc
 
 #include "textflag.h"
 
diff --git a/apis/vendor/golang.org/x/sys/unix/asm_zos_s390x.s b/apis/vendor/golang.org/x/sys/unix/asm_zos_s390x.s
index 3b54e1858..2f67ba86d 100644
--- a/apis/vendor/golang.org/x/sys/unix/asm_zos_s390x.s
+++ b/apis/vendor/golang.org/x/sys/unix/asm_zos_s390x.s
@@ -3,9 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build zos && s390x && gc
-// +build zos
-// +build s390x
-// +build gc
 
 #include "textflag.h"
 
diff --git a/apis/vendor/golang.org/x/sys/unix/cap_freebsd.go b/apis/vendor/golang.org/x/sys/unix/cap_freebsd.go
index 0b7c6adb8..a08657890 100644
--- a/apis/vendor/golang.org/x/sys/unix/cap_freebsd.go
+++ b/apis/vendor/golang.org/x/sys/unix/cap_freebsd.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build freebsd
-// +build freebsd
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/constants.go b/apis/vendor/golang.org/x/sys/unix/constants.go
index 394a3965b..6fb7cb77d 100644
--- a/apis/vendor/golang.org/x/sys/unix/constants.go
+++ b/apis/vendor/golang.org/x/sys/unix/constants.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos
-// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris zos
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/dev_aix_ppc.go b/apis/vendor/golang.org/x/sys/unix/dev_aix_ppc.go
index 65a998508..d78513461 100644
--- a/apis/vendor/golang.org/x/sys/unix/dev_aix_ppc.go
+++ b/apis/vendor/golang.org/x/sys/unix/dev_aix_ppc.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build aix && ppc
-// +build aix,ppc
 
 // Functions to access/create device major and minor numbers matching the
 // encoding used by AIX.
diff --git a/apis/vendor/golang.org/x/sys/unix/dev_aix_ppc64.go b/apis/vendor/golang.org/x/sys/unix/dev_aix_ppc64.go
index 8fc08ad0a..623a5e697 100644
--- a/apis/vendor/golang.org/x/sys/unix/dev_aix_ppc64.go
+++ b/apis/vendor/golang.org/x/sys/unix/dev_aix_ppc64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build aix && ppc64
-// +build aix,ppc64
 
 // Functions to access/create device major and minor numbers matching the
 // encoding used AIX.
diff --git a/apis/vendor/golang.org/x/sys/unix/dev_zos.go b/apis/vendor/golang.org/x/sys/unix/dev_zos.go
index a388e59a0..bb6a64fe9 100644
--- a/apis/vendor/golang.org/x/sys/unix/dev_zos.go
+++ b/apis/vendor/golang.org/x/sys/unix/dev_zos.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build zos && s390x
-// +build zos,s390x
 
 // Functions to access/create device major and minor numbers matching the
 // encoding used by z/OS.
diff --git a/apis/vendor/golang.org/x/sys/unix/dirent.go b/apis/vendor/golang.org/x/sys/unix/dirent.go
index 2499f977b..1ebf11782 100644
--- a/apis/vendor/golang.org/x/sys/unix/dirent.go
+++ b/apis/vendor/golang.org/x/sys/unix/dirent.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos
-// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris zos
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/endian_big.go b/apis/vendor/golang.org/x/sys/unix/endian_big.go
index a52026557..1095fd31d 100644
--- a/apis/vendor/golang.org/x/sys/unix/endian_big.go
+++ b/apis/vendor/golang.org/x/sys/unix/endian_big.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 //
 //go:build armbe || arm64be || m68k || mips || mips64 || mips64p32 || ppc || ppc64 || s390 || s390x || shbe || sparc || sparc64
-// +build armbe arm64be m68k mips mips64 mips64p32 ppc ppc64 s390 s390x shbe sparc sparc64
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/endian_little.go b/apis/vendor/golang.org/x/sys/unix/endian_little.go
index b0f2bc4ae..b9f0e277b 100644
--- a/apis/vendor/golang.org/x/sys/unix/endian_little.go
+++ b/apis/vendor/golang.org/x/sys/unix/endian_little.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 //
 //go:build 386 || amd64 || amd64p32 || alpha || arm || arm64 || loong64 || mipsle || mips64le || mips64p32le || nios2 || ppc64le || riscv || riscv64 || sh
-// +build 386 amd64 amd64p32 alpha arm arm64 loong64 mipsle mips64le mips64p32le nios2 ppc64le riscv riscv64 sh
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/env_unix.go b/apis/vendor/golang.org/x/sys/unix/env_unix.go
index 29ccc4d13..a96da71f4 100644
--- a/apis/vendor/golang.org/x/sys/unix/env_unix.go
+++ b/apis/vendor/golang.org/x/sys/unix/env_unix.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos
-// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris zos
 
 // Unix environment variables.
 
diff --git a/apis/vendor/golang.org/x/sys/unix/epoll_zos.go b/apis/vendor/golang.org/x/sys/unix/epoll_zos.go
index cedaf7e02..7753fddea 100644
--- a/apis/vendor/golang.org/x/sys/unix/epoll_zos.go
+++ b/apis/vendor/golang.org/x/sys/unix/epoll_zos.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build zos && s390x
-// +build zos,s390x
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/fcntl.go b/apis/vendor/golang.org/x/sys/unix/fcntl.go
index e9b991258..58c6bfc70 100644
--- a/apis/vendor/golang.org/x/sys/unix/fcntl.go
+++ b/apis/vendor/golang.org/x/sys/unix/fcntl.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build dragonfly || freebsd || linux || netbsd || openbsd
-// +build dragonfly freebsd linux netbsd openbsd
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/fcntl_linux_32bit.go b/apis/vendor/golang.org/x/sys/unix/fcntl_linux_32bit.go
index 29d44808b..13b4acd5c 100644
--- a/apis/vendor/golang.org/x/sys/unix/fcntl_linux_32bit.go
+++ b/apis/vendor/golang.org/x/sys/unix/fcntl_linux_32bit.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build (linux && 386) || (linux && arm) || (linux && mips) || (linux && mipsle) || (linux && ppc)
-// +build linux,386 linux,arm linux,mips linux,mipsle linux,ppc
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/fdset.go b/apis/vendor/golang.org/x/sys/unix/fdset.go
index a8068f94f..9e83d18cd 100644
--- a/apis/vendor/golang.org/x/sys/unix/fdset.go
+++ b/apis/vendor/golang.org/x/sys/unix/fdset.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos
-// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris zos
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/fstatfs_zos.go b/apis/vendor/golang.org/x/sys/unix/fstatfs_zos.go
index e377cc9f4..c8bde601e 100644
--- a/apis/vendor/golang.org/x/sys/unix/fstatfs_zos.go
+++ b/apis/vendor/golang.org/x/sys/unix/fstatfs_zos.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build zos && s390x
-// +build zos,s390x
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/gccgo.go b/apis/vendor/golang.org/x/sys/unix/gccgo.go
index b06f52d74..aca5721dd 100644
--- a/apis/vendor/golang.org/x/sys/unix/gccgo.go
+++ b/apis/vendor/golang.org/x/sys/unix/gccgo.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build gccgo && !aix && !hurd
-// +build gccgo,!aix,!hurd
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/gccgo_c.c b/apis/vendor/golang.org/x/sys/unix/gccgo_c.c
index f98a1c542..d468b7b47 100644
--- a/apis/vendor/golang.org/x/sys/unix/gccgo_c.c
+++ b/apis/vendor/golang.org/x/sys/unix/gccgo_c.c
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build gccgo && !aix && !hurd
-// +build gccgo,!aix,!hurd
 
 #include <errno.h>
 #include <stdint.h>
diff --git a/apis/vendor/golang.org/x/sys/unix/gccgo_linux_amd64.go b/apis/vendor/golang.org/x/sys/unix/gccgo_linux_amd64.go
index e60e49a3d..972d61bd7 100644
--- a/apis/vendor/golang.org/x/sys/unix/gccgo_linux_amd64.go
+++ b/apis/vendor/golang.org/x/sys/unix/gccgo_linux_amd64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build gccgo && linux && amd64
-// +build gccgo,linux,amd64
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/ifreq_linux.go b/apis/vendor/golang.org/x/sys/unix/ifreq_linux.go
index 15721a510..848840ae4 100644
--- a/apis/vendor/golang.org/x/sys/unix/ifreq_linux.go
+++ b/apis/vendor/golang.org/x/sys/unix/ifreq_linux.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build linux
-// +build linux
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/ioctl_signed.go b/apis/vendor/golang.org/x/sys/unix/ioctl_signed.go
index 7def9580e..5b0759bd8 100644
--- a/apis/vendor/golang.org/x/sys/unix/ioctl_signed.go
+++ b/apis/vendor/golang.org/x/sys/unix/ioctl_signed.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build aix || solaris
-// +build aix solaris
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/ioctl_unsigned.go b/apis/vendor/golang.org/x/sys/unix/ioctl_unsigned.go
index 649913d1e..20f470b9d 100644
--- a/apis/vendor/golang.org/x/sys/unix/ioctl_unsigned.go
+++ b/apis/vendor/golang.org/x/sys/unix/ioctl_unsigned.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build darwin || dragonfly || freebsd || hurd || linux || netbsd || openbsd
-// +build darwin dragonfly freebsd hurd linux netbsd openbsd
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/ioctl_zos.go b/apis/vendor/golang.org/x/sys/unix/ioctl_zos.go
index cdc21bf76..c8b2a750f 100644
--- a/apis/vendor/golang.org/x/sys/unix/ioctl_zos.go
+++ b/apis/vendor/golang.org/x/sys/unix/ioctl_zos.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build zos && s390x
-// +build zos,s390x
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/mkerrors.sh b/apis/vendor/golang.org/x/sys/unix/mkerrors.sh
index 47fa6a7eb..cbe24150a 100644
--- a/apis/vendor/golang.org/x/sys/unix/mkerrors.sh
+++ b/apis/vendor/golang.org/x/sys/unix/mkerrors.sh
@@ -663,7 +663,6 @@ echo '// mkerrors.sh' "$@"
 echo '// Code generated by the command above; see README.md. DO NOT EDIT.'
 echo
 echo "//go:build ${GOARCH} && ${GOOS}"
-echo "// +build ${GOARCH},${GOOS}"
 echo
 go tool cgo -godefs -- "$@" _const.go >_error.out
 cat _error.out | grep -vf _error.grep | grep -vf _signal.grep
diff --git a/apis/vendor/golang.org/x/sys/unix/mmap_nomremap.go b/apis/vendor/golang.org/x/sys/unix/mmap_nomremap.go
index ca0513632..4b68e5978 100644
--- a/apis/vendor/golang.org/x/sys/unix/mmap_nomremap.go
+++ b/apis/vendor/golang.org/x/sys/unix/mmap_nomremap.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build aix || darwin || dragonfly || freebsd || openbsd || solaris
-// +build aix darwin dragonfly freebsd openbsd solaris
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/mremap.go b/apis/vendor/golang.org/x/sys/unix/mremap.go
index fa93d0aa9..fd45fe529 100644
--- a/apis/vendor/golang.org/x/sys/unix/mremap.go
+++ b/apis/vendor/golang.org/x/sys/unix/mremap.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build linux || netbsd
-// +build linux netbsd
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/pagesize_unix.go b/apis/vendor/golang.org/x/sys/unix/pagesize_unix.go
index 53f1b4c5b..4d0a3430e 100644
--- a/apis/vendor/golang.org/x/sys/unix/pagesize_unix.go
+++ b/apis/vendor/golang.org/x/sys/unix/pagesize_unix.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris
-// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris
 
 // For Unix, get the pagesize from the runtime.
 
diff --git a/apis/vendor/golang.org/x/sys/unix/pledge_openbsd.go b/apis/vendor/golang.org/x/sys/unix/pledge_openbsd.go
index eb48294b2..6a09af53e 100644
--- a/apis/vendor/golang.org/x/sys/unix/pledge_openbsd.go
+++ b/apis/vendor/golang.org/x/sys/unix/pledge_openbsd.go
@@ -8,54 +8,31 @@ import (
 	"errors"
 	"fmt"
 	"strconv"
-	"syscall"
-	"unsafe"
 )
 
 // Pledge implements the pledge syscall.
 //
-// The pledge syscall does not accept execpromises on OpenBSD releases
-// before 6.3.
-//
-// execpromises must be empty when Pledge is called on OpenBSD
-// releases predating 6.3, otherwise an error will be returned.
+// This changes both the promises and execpromises; use PledgePromises or
+// PledgeExecpromises to only change the promises or execpromises
+// respectively.
 //
 // For more information see pledge(2).
 func Pledge(promises, execpromises string) error {
-	maj, min, err := majmin()
-	if err != nil {
+	if err := pledgeAvailable(); err != nil {
 		return err
 	}
 
-	err = pledgeAvailable(maj, min, execpromises)
+	pptr, err := BytePtrFromString(promises)
 	if err != nil {
 		return err
 	}
 
-	pptr, err := syscall.BytePtrFromString(promises)
+	exptr, err := BytePtrFromString(execpromises)
 	if err != nil {
 		return err
 	}
 
-	// This variable will hold either a nil unsafe.Pointer or
-	// an unsafe.Pointer to a string (execpromises).
-	var expr unsafe.Pointer
-
-	// If we're running on OpenBSD > 6.2, pass execpromises to the syscall.
-	if maj > 6 || (maj == 6 && min > 2) {
-		exptr, err := syscall.BytePtrFromString(execpromises)
-		if err != nil {
-			return err
-		}
-		expr = unsafe.Pointer(exptr)
-	}
-
-	_, _, e := syscall.Syscall(SYS_PLEDGE, uintptr(unsafe.Pointer(pptr)), uintptr(expr), 0)
-	if e != 0 {
-		return e
-	}
-
-	return nil
+	return pledge(pptr, exptr)
 }
 
 // PledgePromises implements the pledge syscall.
@@ -64,30 +41,16 @@ func Pledge(promises, execpromises string) error {
 //
 // For more information see pledge(2).
 func PledgePromises(promises string) error {
-	maj, min, err := majmin()
-	if err != nil {
-		return err
-	}
-
-	err = pledgeAvailable(maj, min, "")
-	if err != nil {
+	if err := pledgeAvailable(); err != nil {
 		return err
 	}
 
-	// This variable holds the execpromises and is always nil.
-	var expr unsafe.Pointer
-
-	pptr, err := syscall.BytePtrFromString(promises)
+	pptr, err := BytePtrFromString(promises)
 	if err != nil {
 		return err
 	}
 
-	_, _, e := syscall.Syscall(SYS_PLEDGE, uintptr(unsafe.Pointer(pptr)), uintptr(expr), 0)
-	if e != 0 {
-		return e
-	}
-
-	return nil
+	return pledge(pptr, nil)
 }
 
 // PledgeExecpromises implements the pledge syscall.
@@ -96,30 +59,16 @@ func PledgePromises(promises string) error {
 //
 // For more information see pledge(2).
 func PledgeExecpromises(execpromises string) error {
-	maj, min, err := majmin()
-	if err != nil {
+	if err := pledgeAvailable(); err != nil {
 		return err
 	}
 
-	err = pledgeAvailable(maj, min, execpromises)
+	exptr, err := BytePtrFromString(execpromises)
 	if err != nil {
 		return err
 	}
 
-	// This variable holds the promises and is always nil.
-	var pptr unsafe.Pointer
-
-	exptr, err := syscall.BytePtrFromString(execpromises)
-	if err != nil {
-		return err
-	}
-
-	_, _, e := syscall.Syscall(SYS_PLEDGE, uintptr(pptr), uintptr(unsafe.Pointer(exptr)), 0)
-	if e != 0 {
-		return e
-	}
-
-	return nil
+	return pledge(nil, exptr)
 }
 
 // majmin returns major and minor version number for an OpenBSD system.
@@ -147,16 +96,15 @@ func majmin() (major int, minor int, err error) {
 
 // pledgeAvailable checks for availability of the pledge(2) syscall
 // based on the running OpenBSD version.
-func pledgeAvailable(maj, min int, execpromises string) error {
-	// If OpenBSD <= 5.9, pledge is not available.
-	if (maj == 5 && min != 9) || maj < 5 {
-		return fmt.Errorf("pledge syscall is not available on OpenBSD %d.%d", maj, min)
+func pledgeAvailable() error {
+	maj, min, err := majmin()
+	if err != nil {
+		return err
 	}
 
-	// If OpenBSD <= 6.2 and execpromises is not empty,
-	// return an error - execpromises is not available before 6.3
-	if (maj < 6 || (maj == 6 && min <= 2)) && execpromises != "" {
-		return fmt.Errorf("cannot use execpromises on OpenBSD %d.%d", maj, min)
+	// Require OpenBSD 6.4 as a minimum.
+	if maj < 6 || (maj == 6 && min <= 3) {
+		return fmt.Errorf("cannot call Pledge on OpenBSD %d.%d", maj, min)
 	}
 
 	return nil
diff --git a/apis/vendor/golang.org/x/sys/unix/ptrace_darwin.go b/apis/vendor/golang.org/x/sys/unix/ptrace_darwin.go
index 463c3eff7..3f0975f3d 100644
--- a/apis/vendor/golang.org/x/sys/unix/ptrace_darwin.go
+++ b/apis/vendor/golang.org/x/sys/unix/ptrace_darwin.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build darwin && !ios
-// +build darwin,!ios
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/ptrace_ios.go b/apis/vendor/golang.org/x/sys/unix/ptrace_ios.go
index ed0509a01..a4d35db5d 100644
--- a/apis/vendor/golang.org/x/sys/unix/ptrace_ios.go
+++ b/apis/vendor/golang.org/x/sys/unix/ptrace_ios.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build ios
-// +build ios
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/race.go b/apis/vendor/golang.org/x/sys/unix/race.go
index 6f6c5fec5..714d2aae7 100644
--- a/apis/vendor/golang.org/x/sys/unix/race.go
+++ b/apis/vendor/golang.org/x/sys/unix/race.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build (darwin && race) || (linux && race) || (freebsd && race)
-// +build darwin,race linux,race freebsd,race
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/race0.go b/apis/vendor/golang.org/x/sys/unix/race0.go
index 706e1322a..4a9f6634c 100644
--- a/apis/vendor/golang.org/x/sys/unix/race0.go
+++ b/apis/vendor/golang.org/x/sys/unix/race0.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build aix || (darwin && !race) || (linux && !race) || (freebsd && !race) || netbsd || openbsd || solaris || dragonfly || zos
-// +build aix darwin,!race linux,!race freebsd,!race netbsd openbsd solaris dragonfly zos
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/readdirent_getdents.go b/apis/vendor/golang.org/x/sys/unix/readdirent_getdents.go
index 4d6257569..dbd2b6ccb 100644
--- a/apis/vendor/golang.org/x/sys/unix/readdirent_getdents.go
+++ b/apis/vendor/golang.org/x/sys/unix/readdirent_getdents.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build aix || dragonfly || freebsd || linux || netbsd || openbsd
-// +build aix dragonfly freebsd linux netbsd openbsd
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/readdirent_getdirentries.go b/apis/vendor/golang.org/x/sys/unix/readdirent_getdirentries.go
index 2a4ba47c4..130398b6b 100644
--- a/apis/vendor/golang.org/x/sys/unix/readdirent_getdirentries.go
+++ b/apis/vendor/golang.org/x/sys/unix/readdirent_getdirentries.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build darwin
-// +build darwin
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/sockcmsg_unix.go b/apis/vendor/golang.org/x/sys/unix/sockcmsg_unix.go
index 3865943f6..c3a62dbb1 100644
--- a/apis/vendor/golang.org/x/sys/unix/sockcmsg_unix.go
+++ b/apis/vendor/golang.org/x/sys/unix/sockcmsg_unix.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos
-// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris zos
 
 // Socket control messages
 
diff --git a/apis/vendor/golang.org/x/sys/unix/sockcmsg_unix_other.go b/apis/vendor/golang.org/x/sys/unix/sockcmsg_unix_other.go
index 0840fe4a5..4a1eab37e 100644
--- a/apis/vendor/golang.org/x/sys/unix/sockcmsg_unix_other.go
+++ b/apis/vendor/golang.org/x/sys/unix/sockcmsg_unix_other.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build aix || darwin || freebsd || linux || netbsd || openbsd || solaris || zos
-// +build aix darwin freebsd linux netbsd openbsd solaris zos
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/syscall.go b/apis/vendor/golang.org/x/sys/unix/syscall.go
index 63e8c8383..5ea74da98 100644
--- a/apis/vendor/golang.org/x/sys/unix/syscall.go
+++ b/apis/vendor/golang.org/x/sys/unix/syscall.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos
-// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris zos
 
 // Package unix contains an interface to the low-level operating system
 // primitives. OS details vary depending on the underlying system, and
diff --git a/apis/vendor/golang.org/x/sys/unix/syscall_aix.go b/apis/vendor/golang.org/x/sys/unix/syscall_aix.go
index e94e6cdac..67ce6cef2 100644
--- a/apis/vendor/golang.org/x/sys/unix/syscall_aix.go
+++ b/apis/vendor/golang.org/x/sys/unix/syscall_aix.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build aix
-// +build aix
 
 // Aix system calls.
 // This file is compiled as ordinary Go code,
@@ -107,7 +106,8 @@ func (sa *SockaddrUnix) sockaddr() (unsafe.Pointer, _Socklen, error) {
 	if n > 0 {
 		sl += _Socklen(n) + 1
 	}
-	if sa.raw.Path[0] == '@' {
+	if sa.raw.Path[0] == '@' || (sa.raw.Path[0] == 0 && sl > 3) {
+		// Check sl > 3 so we don't change unnamed socket behavior.
 		sa.raw.Path[0] = 0
 		// Don't count trailing NUL for abstract address.
 		sl--
diff --git a/apis/vendor/golang.org/x/sys/unix/syscall_aix_ppc.go b/apis/vendor/golang.org/x/sys/unix/syscall_aix_ppc.go
index f2871fa95..1fdaa4760 100644
--- a/apis/vendor/golang.org/x/sys/unix/syscall_aix_ppc.go
+++ b/apis/vendor/golang.org/x/sys/unix/syscall_aix_ppc.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build aix && ppc
-// +build aix,ppc
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/syscall_aix_ppc64.go b/apis/vendor/golang.org/x/sys/unix/syscall_aix_ppc64.go
index 75718ec0f..c87f9a9f4 100644
--- a/apis/vendor/golang.org/x/sys/unix/syscall_aix_ppc64.go
+++ b/apis/vendor/golang.org/x/sys/unix/syscall_aix_ppc64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build aix && ppc64
-// +build aix,ppc64
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/syscall_bsd.go b/apis/vendor/golang.org/x/sys/unix/syscall_bsd.go
index 4217de518..6f328e3a5 100644
--- a/apis/vendor/golang.org/x/sys/unix/syscall_bsd.go
+++ b/apis/vendor/golang.org/x/sys/unix/syscall_bsd.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build darwin || dragonfly || freebsd || netbsd || openbsd
-// +build darwin dragonfly freebsd netbsd openbsd
 
 // BSD system call wrappers shared by *BSD based systems
 // including OS X (Darwin) and FreeBSD.  Like the other
diff --git a/apis/vendor/golang.org/x/sys/unix/syscall_darwin_amd64.go b/apis/vendor/golang.org/x/sys/unix/syscall_darwin_amd64.go
index b37310ce9..0eaecf5fc 100644
--- a/apis/vendor/golang.org/x/sys/unix/syscall_darwin_amd64.go
+++ b/apis/vendor/golang.org/x/sys/unix/syscall_darwin_amd64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build amd64 && darwin
-// +build amd64,darwin
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/syscall_darwin_arm64.go b/apis/vendor/golang.org/x/sys/unix/syscall_darwin_arm64.go
index d51ec9963..f36c6707c 100644
--- a/apis/vendor/golang.org/x/sys/unix/syscall_darwin_arm64.go
+++ b/apis/vendor/golang.org/x/sys/unix/syscall_darwin_arm64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build arm64 && darwin
-// +build arm64,darwin
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/syscall_darwin_libSystem.go b/apis/vendor/golang.org/x/sys/unix/syscall_darwin_libSystem.go
index 53c96641f..16dc69937 100644
--- a/apis/vendor/golang.org/x/sys/unix/syscall_darwin_libSystem.go
+++ b/apis/vendor/golang.org/x/sys/unix/syscall_darwin_libSystem.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build darwin && go1.12
-// +build darwin,go1.12
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/syscall_dragonfly_amd64.go b/apis/vendor/golang.org/x/sys/unix/syscall_dragonfly_amd64.go
index 4e2d32120..14bab6b2d 100644
--- a/apis/vendor/golang.org/x/sys/unix/syscall_dragonfly_amd64.go
+++ b/apis/vendor/golang.org/x/sys/unix/syscall_dragonfly_amd64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build amd64 && dragonfly
-// +build amd64,dragonfly
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/syscall_freebsd_386.go b/apis/vendor/golang.org/x/sys/unix/syscall_freebsd_386.go
index b8da51004..3967bca77 100644
--- a/apis/vendor/golang.org/x/sys/unix/syscall_freebsd_386.go
+++ b/apis/vendor/golang.org/x/sys/unix/syscall_freebsd_386.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build 386 && freebsd
-// +build 386,freebsd
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/syscall_freebsd_amd64.go b/apis/vendor/golang.org/x/sys/unix/syscall_freebsd_amd64.go
index 47155c483..eff19ada2 100644
--- a/apis/vendor/golang.org/x/sys/unix/syscall_freebsd_amd64.go
+++ b/apis/vendor/golang.org/x/sys/unix/syscall_freebsd_amd64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build amd64 && freebsd
-// +build amd64,freebsd
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/syscall_freebsd_arm.go b/apis/vendor/golang.org/x/sys/unix/syscall_freebsd_arm.go
index 08932093f..4f24b517a 100644
--- a/apis/vendor/golang.org/x/sys/unix/syscall_freebsd_arm.go
+++ b/apis/vendor/golang.org/x/sys/unix/syscall_freebsd_arm.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build arm && freebsd
-// +build arm,freebsd
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/syscall_freebsd_arm64.go b/apis/vendor/golang.org/x/sys/unix/syscall_freebsd_arm64.go
index d151a0d0e..ac30759ec 100644
--- a/apis/vendor/golang.org/x/sys/unix/syscall_freebsd_arm64.go
+++ b/apis/vendor/golang.org/x/sys/unix/syscall_freebsd_arm64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build arm64 && freebsd
-// +build arm64,freebsd
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/syscall_freebsd_riscv64.go b/apis/vendor/golang.org/x/sys/unix/syscall_freebsd_riscv64.go
index d5cd64b37..aab725ca7 100644
--- a/apis/vendor/golang.org/x/sys/unix/syscall_freebsd_riscv64.go
+++ b/apis/vendor/golang.org/x/sys/unix/syscall_freebsd_riscv64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build riscv64 && freebsd
-// +build riscv64,freebsd
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/syscall_hurd.go b/apis/vendor/golang.org/x/sys/unix/syscall_hurd.go
index 381fd4673..ba46651f8 100644
--- a/apis/vendor/golang.org/x/sys/unix/syscall_hurd.go
+++ b/apis/vendor/golang.org/x/sys/unix/syscall_hurd.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build hurd
-// +build hurd
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/syscall_hurd_386.go b/apis/vendor/golang.org/x/sys/unix/syscall_hurd_386.go
index 7cf54a3e4..df89f9e6b 100644
--- a/apis/vendor/golang.org/x/sys/unix/syscall_hurd_386.go
+++ b/apis/vendor/golang.org/x/sys/unix/syscall_hurd_386.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build 386 && hurd
-// +build 386,hurd
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/syscall_illumos.go b/apis/vendor/golang.org/x/sys/unix/syscall_illumos.go
index 87db5a6a8..a863f7052 100644
--- a/apis/vendor/golang.org/x/sys/unix/syscall_illumos.go
+++ b/apis/vendor/golang.org/x/sys/unix/syscall_illumos.go
@@ -5,7 +5,6 @@
 // illumos system calls not present on Solaris.
 
 //go:build amd64 && illumos
-// +build amd64,illumos
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/syscall_linux.go b/apis/vendor/golang.org/x/sys/unix/syscall_linux.go
index fb4e50224..a5e1c10e3 100644
--- a/apis/vendor/golang.org/x/sys/unix/syscall_linux.go
+++ b/apis/vendor/golang.org/x/sys/unix/syscall_linux.go
@@ -417,7 +417,8 @@ func (sa *SockaddrUnix) sockaddr() (unsafe.Pointer, _Socklen, error) {
 	if n > 0 {
 		sl += _Socklen(n) + 1
 	}
-	if sa.raw.Path[0] == '@' {
+	if sa.raw.Path[0] == '@' || (sa.raw.Path[0] == 0 && sl > 3) {
+		// Check sl > 3 so we don't change unnamed socket behavior.
 		sa.raw.Path[0] = 0
 		// Don't count trailing NUL for abstract address.
 		sl--
@@ -2482,3 +2483,5 @@ func SchedGetAttr(pid int, flags uint) (*SchedAttr, error) {
 	}
 	return attr, nil
 }
+
+//sys	Cachestat(fd uint, crange *CachestatRange, cstat *Cachestat_t, flags uint) (err error)
diff --git a/apis/vendor/golang.org/x/sys/unix/syscall_linux_386.go b/apis/vendor/golang.org/x/sys/unix/syscall_linux_386.go
index c7d9945ea..506dafa7b 100644
--- a/apis/vendor/golang.org/x/sys/unix/syscall_linux_386.go
+++ b/apis/vendor/golang.org/x/sys/unix/syscall_linux_386.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build 386 && linux
-// +build 386,linux
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/syscall_linux_alarm.go b/apis/vendor/golang.org/x/sys/unix/syscall_linux_alarm.go
index 08086ac6a..38d55641b 100644
--- a/apis/vendor/golang.org/x/sys/unix/syscall_linux_alarm.go
+++ b/apis/vendor/golang.org/x/sys/unix/syscall_linux_alarm.go
@@ -3,8 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build linux && (386 || amd64 || mips || mipsle || mips64 || mipsle || ppc64 || ppc64le || ppc || s390x || sparc64)
-// +build linux
-// +build 386 amd64 mips mipsle mips64 mipsle ppc64 ppc64le ppc s390x sparc64
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/syscall_linux_amd64.go b/apis/vendor/golang.org/x/sys/unix/syscall_linux_amd64.go
index 70601ce36..d557cf8de 100644
--- a/apis/vendor/golang.org/x/sys/unix/syscall_linux_amd64.go
+++ b/apis/vendor/golang.org/x/sys/unix/syscall_linux_amd64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build amd64 && linux
-// +build amd64,linux
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/syscall_linux_amd64_gc.go b/apis/vendor/golang.org/x/sys/unix/syscall_linux_amd64_gc.go
index 8b0f0f3aa..facdb83b2 100644
--- a/apis/vendor/golang.org/x/sys/unix/syscall_linux_amd64_gc.go
+++ b/apis/vendor/golang.org/x/sys/unix/syscall_linux_amd64_gc.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build amd64 && linux && gc
-// +build amd64,linux,gc
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/syscall_linux_arm.go b/apis/vendor/golang.org/x/sys/unix/syscall_linux_arm.go
index da2986415..cd2dd797f 100644
--- a/apis/vendor/golang.org/x/sys/unix/syscall_linux_arm.go
+++ b/apis/vendor/golang.org/x/sys/unix/syscall_linux_arm.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build arm && linux
-// +build arm,linux
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/syscall_linux_arm64.go b/apis/vendor/golang.org/x/sys/unix/syscall_linux_arm64.go
index f5266689a..cf2ee6c75 100644
--- a/apis/vendor/golang.org/x/sys/unix/syscall_linux_arm64.go
+++ b/apis/vendor/golang.org/x/sys/unix/syscall_linux_arm64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build arm64 && linux
-// +build arm64,linux
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/syscall_linux_gc.go b/apis/vendor/golang.org/x/sys/unix/syscall_linux_gc.go
index 2b1168d7d..ffc4c2b63 100644
--- a/apis/vendor/golang.org/x/sys/unix/syscall_linux_gc.go
+++ b/apis/vendor/golang.org/x/sys/unix/syscall_linux_gc.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build linux && gc
-// +build linux,gc
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/syscall_linux_gc_386.go b/apis/vendor/golang.org/x/sys/unix/syscall_linux_gc_386.go
index 9843fb489..9ebfdcf44 100644
--- a/apis/vendor/golang.org/x/sys/unix/syscall_linux_gc_386.go
+++ b/apis/vendor/golang.org/x/sys/unix/syscall_linux_gc_386.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build linux && gc && 386
-// +build linux,gc,386
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/syscall_linux_gc_arm.go b/apis/vendor/golang.org/x/sys/unix/syscall_linux_gc_arm.go
index a6008fccd..5f2b57c4c 100644
--- a/apis/vendor/golang.org/x/sys/unix/syscall_linux_gc_arm.go
+++ b/apis/vendor/golang.org/x/sys/unix/syscall_linux_gc_arm.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build arm && gc && linux
-// +build arm,gc,linux
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/syscall_linux_gccgo_386.go b/apis/vendor/golang.org/x/sys/unix/syscall_linux_gccgo_386.go
index 7740af242..d1a3ad826 100644
--- a/apis/vendor/golang.org/x/sys/unix/syscall_linux_gccgo_386.go
+++ b/apis/vendor/golang.org/x/sys/unix/syscall_linux_gccgo_386.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build linux && gccgo && 386
-// +build linux,gccgo,386
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/syscall_linux_gccgo_arm.go b/apis/vendor/golang.org/x/sys/unix/syscall_linux_gccgo_arm.go
index e16a12299..f2f67423e 100644
--- a/apis/vendor/golang.org/x/sys/unix/syscall_linux_gccgo_arm.go
+++ b/apis/vendor/golang.org/x/sys/unix/syscall_linux_gccgo_arm.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build linux && gccgo && arm
-// +build linux,gccgo,arm
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/syscall_linux_loong64.go b/apis/vendor/golang.org/x/sys/unix/syscall_linux_loong64.go
index f6ab02ec1..3d0e98451 100644
--- a/apis/vendor/golang.org/x/sys/unix/syscall_linux_loong64.go
+++ b/apis/vendor/golang.org/x/sys/unix/syscall_linux_loong64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build loong64 && linux
-// +build loong64,linux
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/syscall_linux_mips64x.go b/apis/vendor/golang.org/x/sys/unix/syscall_linux_mips64x.go
index 93fe59d25..70963a95a 100644
--- a/apis/vendor/golang.org/x/sys/unix/syscall_linux_mips64x.go
+++ b/apis/vendor/golang.org/x/sys/unix/syscall_linux_mips64x.go
@@ -3,8 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build linux && (mips64 || mips64le)
-// +build linux
-// +build mips64 mips64le
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/syscall_linux_mipsx.go b/apis/vendor/golang.org/x/sys/unix/syscall_linux_mipsx.go
index aae7f0ffd..c218ebd28 100644
--- a/apis/vendor/golang.org/x/sys/unix/syscall_linux_mipsx.go
+++ b/apis/vendor/golang.org/x/sys/unix/syscall_linux_mipsx.go
@@ -3,8 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build linux && (mips || mipsle)
-// +build linux
-// +build mips mipsle
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/syscall_linux_ppc.go b/apis/vendor/golang.org/x/sys/unix/syscall_linux_ppc.go
index 66eff19a3..e6c48500c 100644
--- a/apis/vendor/golang.org/x/sys/unix/syscall_linux_ppc.go
+++ b/apis/vendor/golang.org/x/sys/unix/syscall_linux_ppc.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build linux && ppc
-// +build linux,ppc
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/syscall_linux_ppc64x.go b/apis/vendor/golang.org/x/sys/unix/syscall_linux_ppc64x.go
index 806aa2574..7286a9aa8 100644
--- a/apis/vendor/golang.org/x/sys/unix/syscall_linux_ppc64x.go
+++ b/apis/vendor/golang.org/x/sys/unix/syscall_linux_ppc64x.go
@@ -3,8 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build linux && (ppc64 || ppc64le)
-// +build linux
-// +build ppc64 ppc64le
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/syscall_linux_riscv64.go b/apis/vendor/golang.org/x/sys/unix/syscall_linux_riscv64.go
index 5e6ceee12..6f5a28894 100644
--- a/apis/vendor/golang.org/x/sys/unix/syscall_linux_riscv64.go
+++ b/apis/vendor/golang.org/x/sys/unix/syscall_linux_riscv64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build riscv64 && linux
-// +build riscv64,linux
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/syscall_linux_s390x.go b/apis/vendor/golang.org/x/sys/unix/syscall_linux_s390x.go
index 2f89e8f5d..66f31210d 100644
--- a/apis/vendor/golang.org/x/sys/unix/syscall_linux_s390x.go
+++ b/apis/vendor/golang.org/x/sys/unix/syscall_linux_s390x.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build s390x && linux
-// +build s390x,linux
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/syscall_linux_sparc64.go b/apis/vendor/golang.org/x/sys/unix/syscall_linux_sparc64.go
index 7ca064ae7..11d1f1698 100644
--- a/apis/vendor/golang.org/x/sys/unix/syscall_linux_sparc64.go
+++ b/apis/vendor/golang.org/x/sys/unix/syscall_linux_sparc64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build sparc64 && linux
-// +build sparc64,linux
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/syscall_netbsd_386.go b/apis/vendor/golang.org/x/sys/unix/syscall_netbsd_386.go
index 5199d282f..7a5eb5743 100644
--- a/apis/vendor/golang.org/x/sys/unix/syscall_netbsd_386.go
+++ b/apis/vendor/golang.org/x/sys/unix/syscall_netbsd_386.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build 386 && netbsd
-// +build 386,netbsd
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/syscall_netbsd_amd64.go b/apis/vendor/golang.org/x/sys/unix/syscall_netbsd_amd64.go
index 70a9c52e9..62d8957ae 100644
--- a/apis/vendor/golang.org/x/sys/unix/syscall_netbsd_amd64.go
+++ b/apis/vendor/golang.org/x/sys/unix/syscall_netbsd_amd64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build amd64 && netbsd
-// +build amd64,netbsd
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/syscall_netbsd_arm.go b/apis/vendor/golang.org/x/sys/unix/syscall_netbsd_arm.go
index 3eb5942f9..ce6a06885 100644
--- a/apis/vendor/golang.org/x/sys/unix/syscall_netbsd_arm.go
+++ b/apis/vendor/golang.org/x/sys/unix/syscall_netbsd_arm.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build arm && netbsd
-// +build arm,netbsd
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/syscall_netbsd_arm64.go b/apis/vendor/golang.org/x/sys/unix/syscall_netbsd_arm64.go
index fc6ccfd81..d46d689d1 100644
--- a/apis/vendor/golang.org/x/sys/unix/syscall_netbsd_arm64.go
+++ b/apis/vendor/golang.org/x/sys/unix/syscall_netbsd_arm64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build arm64 && netbsd
-// +build arm64,netbsd
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/syscall_openbsd.go b/apis/vendor/golang.org/x/sys/unix/syscall_openbsd.go
index 6f34479b5..d2882ee04 100644
--- a/apis/vendor/golang.org/x/sys/unix/syscall_openbsd.go
+++ b/apis/vendor/golang.org/x/sys/unix/syscall_openbsd.go
@@ -137,18 +137,13 @@ func sendfile(outfd int, infd int, offset *int64, count int) (written int, err e
 }
 
 func Getfsstat(buf []Statfs_t, flags int) (n int, err error) {
-	var _p0 unsafe.Pointer
+	var bufptr *Statfs_t
 	var bufsize uintptr
 	if len(buf) > 0 {
-		_p0 = unsafe.Pointer(&buf[0])
+		bufptr = &buf[0]
 		bufsize = unsafe.Sizeof(Statfs_t{}) * uintptr(len(buf))
 	}
-	r0, _, e1 := Syscall(SYS_GETFSSTAT, uintptr(_p0), bufsize, uintptr(flags))
-	n = int(r0)
-	if e1 != 0 {
-		err = e1
-	}
-	return
+	return getfsstat(bufptr, bufsize, flags)
 }
 
 //sysnb	getresuid(ruid *_C_int, euid *_C_int, suid *_C_int)
@@ -326,4 +321,7 @@ func Uname(uname *Utsname) error {
 //sys	write(fd int, p []byte) (n int, err error)
 //sys	mmap(addr uintptr, length uintptr, prot int, flag int, fd int, pos int64) (ret uintptr, err error)
 //sys	munmap(addr uintptr, length uintptr) (err error)
+//sys	getfsstat(stat *Statfs_t, bufsize uintptr, flags int) (n int, err error)
 //sys	utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error)
+//sys	pledge(promises *byte, execpromises *byte) (err error)
+//sys	unveil(path *byte, flags *byte) (err error)
diff --git a/apis/vendor/golang.org/x/sys/unix/syscall_openbsd_386.go b/apis/vendor/golang.org/x/sys/unix/syscall_openbsd_386.go
index 6baabcdcb..9ddc89f4f 100644
--- a/apis/vendor/golang.org/x/sys/unix/syscall_openbsd_386.go
+++ b/apis/vendor/golang.org/x/sys/unix/syscall_openbsd_386.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build 386 && openbsd
-// +build 386,openbsd
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/syscall_openbsd_amd64.go b/apis/vendor/golang.org/x/sys/unix/syscall_openbsd_amd64.go
index bab25360e..70a3c96ee 100644
--- a/apis/vendor/golang.org/x/sys/unix/syscall_openbsd_amd64.go
+++ b/apis/vendor/golang.org/x/sys/unix/syscall_openbsd_amd64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build amd64 && openbsd
-// +build amd64,openbsd
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/syscall_openbsd_arm.go b/apis/vendor/golang.org/x/sys/unix/syscall_openbsd_arm.go
index 8eed3c4d4..265caa87f 100644
--- a/apis/vendor/golang.org/x/sys/unix/syscall_openbsd_arm.go
+++ b/apis/vendor/golang.org/x/sys/unix/syscall_openbsd_arm.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build arm && openbsd
-// +build arm,openbsd
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/syscall_openbsd_arm64.go b/apis/vendor/golang.org/x/sys/unix/syscall_openbsd_arm64.go
index 483dde99d..ac4fda171 100644
--- a/apis/vendor/golang.org/x/sys/unix/syscall_openbsd_arm64.go
+++ b/apis/vendor/golang.org/x/sys/unix/syscall_openbsd_arm64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build arm64 && openbsd
-// +build arm64,openbsd
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/syscall_openbsd_libc.go b/apis/vendor/golang.org/x/sys/unix/syscall_openbsd_libc.go
index 04aa43f41..0a451e6dd 100644
--- a/apis/vendor/golang.org/x/sys/unix/syscall_openbsd_libc.go
+++ b/apis/vendor/golang.org/x/sys/unix/syscall_openbsd_libc.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build openbsd
-// +build openbsd
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/syscall_openbsd_ppc64.go b/apis/vendor/golang.org/x/sys/unix/syscall_openbsd_ppc64.go
index c2796139c..30a308cbb 100644
--- a/apis/vendor/golang.org/x/sys/unix/syscall_openbsd_ppc64.go
+++ b/apis/vendor/golang.org/x/sys/unix/syscall_openbsd_ppc64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build ppc64 && openbsd
-// +build ppc64,openbsd
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/syscall_openbsd_riscv64.go b/apis/vendor/golang.org/x/sys/unix/syscall_openbsd_riscv64.go
index 23199a7ff..ea954330f 100644
--- a/apis/vendor/golang.org/x/sys/unix/syscall_openbsd_riscv64.go
+++ b/apis/vendor/golang.org/x/sys/unix/syscall_openbsd_riscv64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build riscv64 && openbsd
-// +build riscv64,openbsd
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/syscall_solaris.go b/apis/vendor/golang.org/x/sys/unix/syscall_solaris.go
index b99cfa134..60c8142d4 100644
--- a/apis/vendor/golang.org/x/sys/unix/syscall_solaris.go
+++ b/apis/vendor/golang.org/x/sys/unix/syscall_solaris.go
@@ -128,7 +128,8 @@ func (sa *SockaddrUnix) sockaddr() (unsafe.Pointer, _Socklen, error) {
 	if n > 0 {
 		sl += _Socklen(n) + 1
 	}
-	if sa.raw.Path[0] == '@' {
+	if sa.raw.Path[0] == '@' || (sa.raw.Path[0] == 0 && sl > 3) {
+		// Check sl > 3 so we don't change unnamed socket behavior.
 		sa.raw.Path[0] = 0
 		// Don't count trailing NUL for abstract address.
 		sl--
diff --git a/apis/vendor/golang.org/x/sys/unix/syscall_solaris_amd64.go b/apis/vendor/golang.org/x/sys/unix/syscall_solaris_amd64.go
index 0bd25ef81..e02d8ceae 100644
--- a/apis/vendor/golang.org/x/sys/unix/syscall_solaris_amd64.go
+++ b/apis/vendor/golang.org/x/sys/unix/syscall_solaris_amd64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build amd64 && solaris
-// +build amd64,solaris
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/syscall_unix.go b/apis/vendor/golang.org/x/sys/unix/syscall_unix.go
index f6eda2705..77081de8c 100644
--- a/apis/vendor/golang.org/x/sys/unix/syscall_unix.go
+++ b/apis/vendor/golang.org/x/sys/unix/syscall_unix.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris
-// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/syscall_unix_gc.go b/apis/vendor/golang.org/x/sys/unix/syscall_unix_gc.go
index b6919ca58..05c95bccf 100644
--- a/apis/vendor/golang.org/x/sys/unix/syscall_unix_gc.go
+++ b/apis/vendor/golang.org/x/sys/unix/syscall_unix_gc.go
@@ -3,8 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build (darwin || dragonfly || freebsd || (linux && !ppc64 && !ppc64le) || netbsd || openbsd || solaris) && gc
-// +build darwin dragonfly freebsd linux,!ppc64,!ppc64le netbsd openbsd solaris
-// +build gc
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/syscall_unix_gc_ppc64x.go b/apis/vendor/golang.org/x/sys/unix/syscall_unix_gc_ppc64x.go
index f6f707acf..23f39b7af 100644
--- a/apis/vendor/golang.org/x/sys/unix/syscall_unix_gc_ppc64x.go
+++ b/apis/vendor/golang.org/x/sys/unix/syscall_unix_gc_ppc64x.go
@@ -3,9 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build linux && (ppc64le || ppc64) && gc
-// +build linux
-// +build ppc64le ppc64
-// +build gc
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/syscall_zos_s390x.go b/apis/vendor/golang.org/x/sys/unix/syscall_zos_s390x.go
index 4596d041c..d99d05f1b 100644
--- a/apis/vendor/golang.org/x/sys/unix/syscall_zos_s390x.go
+++ b/apis/vendor/golang.org/x/sys/unix/syscall_zos_s390x.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build zos && s390x
-// +build zos,s390x
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/sysvshm_linux.go b/apis/vendor/golang.org/x/sys/unix/sysvshm_linux.go
index 2c3a4437f..4fcd38de2 100644
--- a/apis/vendor/golang.org/x/sys/unix/sysvshm_linux.go
+++ b/apis/vendor/golang.org/x/sys/unix/sysvshm_linux.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build linux
-// +build linux
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/sysvshm_unix.go b/apis/vendor/golang.org/x/sys/unix/sysvshm_unix.go
index 5bb41d17b..79a84f18b 100644
--- a/apis/vendor/golang.org/x/sys/unix/sysvshm_unix.go
+++ b/apis/vendor/golang.org/x/sys/unix/sysvshm_unix.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build (darwin && !ios) || linux
-// +build darwin,!ios linux
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/sysvshm_unix_other.go b/apis/vendor/golang.org/x/sys/unix/sysvshm_unix_other.go
index 71bddefdb..9eb0db664 100644
--- a/apis/vendor/golang.org/x/sys/unix/sysvshm_unix_other.go
+++ b/apis/vendor/golang.org/x/sys/unix/sysvshm_unix_other.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build darwin && !ios
-// +build darwin,!ios
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/timestruct.go b/apis/vendor/golang.org/x/sys/unix/timestruct.go
index 616b1b284..7997b1902 100644
--- a/apis/vendor/golang.org/x/sys/unix/timestruct.go
+++ b/apis/vendor/golang.org/x/sys/unix/timestruct.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos
-// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris zos
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/unveil_openbsd.go b/apis/vendor/golang.org/x/sys/unix/unveil_openbsd.go
index 168d5ae77..cb7e598ce 100644
--- a/apis/vendor/golang.org/x/sys/unix/unveil_openbsd.go
+++ b/apis/vendor/golang.org/x/sys/unix/unveil_openbsd.go
@@ -4,39 +4,48 @@
 
 package unix
 
-import (
-	"syscall"
-	"unsafe"
-)
+import "fmt"
 
 // Unveil implements the unveil syscall.
 // For more information see unveil(2).
 // Note that the special case of blocking further
 // unveil calls is handled by UnveilBlock.
 func Unveil(path string, flags string) error {
-	pathPtr, err := syscall.BytePtrFromString(path)
-	if err != nil {
+	if err := supportsUnveil(); err != nil {
 		return err
 	}
-	flagsPtr, err := syscall.BytePtrFromString(flags)
+	pathPtr, err := BytePtrFromString(path)
 	if err != nil {
 		return err
 	}
-	_, _, e := syscall.Syscall(SYS_UNVEIL, uintptr(unsafe.Pointer(pathPtr)), uintptr(unsafe.Pointer(flagsPtr)), 0)
-	if e != 0 {
-		return e
+	flagsPtr, err := BytePtrFromString(flags)
+	if err != nil {
+		return err
 	}
-	return nil
+	return unveil(pathPtr, flagsPtr)
 }
 
 // UnveilBlock blocks future unveil calls.
 // For more information see unveil(2).
 func UnveilBlock() error {
-	// Both pointers must be nil.
-	var pathUnsafe, flagsUnsafe unsafe.Pointer
-	_, _, e := syscall.Syscall(SYS_UNVEIL, uintptr(pathUnsafe), uintptr(flagsUnsafe), 0)
-	if e != 0 {
-		return e
+	if err := supportsUnveil(); err != nil {
+		return err
 	}
+	return unveil(nil, nil)
+}
+
+// supportsUnveil checks for availability of the unveil(2) system call based
+// on the running OpenBSD version.
+func supportsUnveil() error {
+	maj, min, err := majmin()
+	if err != nil {
+		return err
+	}
+
+	// unveil is not available before 6.4
+	if maj < 6 || (maj == 6 && min <= 3) {
+		return fmt.Errorf("cannot call Unveil on OpenBSD %d.%d", maj, min)
+	}
+
 	return nil
 }
diff --git a/apis/vendor/golang.org/x/sys/unix/xattr_bsd.go b/apis/vendor/golang.org/x/sys/unix/xattr_bsd.go
index f5f8e9f36..e16879396 100644
--- a/apis/vendor/golang.org/x/sys/unix/xattr_bsd.go
+++ b/apis/vendor/golang.org/x/sys/unix/xattr_bsd.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build freebsd || netbsd
-// +build freebsd netbsd
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/zerrors_aix_ppc.go b/apis/vendor/golang.org/x/sys/unix/zerrors_aix_ppc.go
index ca9799b79..2fb219d78 100644
--- a/apis/vendor/golang.org/x/sys/unix/zerrors_aix_ppc.go
+++ b/apis/vendor/golang.org/x/sys/unix/zerrors_aix_ppc.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build ppc && aix
-// +build ppc,aix
 
 // Created by cgo -godefs - DO NOT EDIT
 // cgo -godefs -- -maix32 _const.go
diff --git a/apis/vendor/golang.org/x/sys/unix/zerrors_aix_ppc64.go b/apis/vendor/golang.org/x/sys/unix/zerrors_aix_ppc64.go
index 200c8c26f..b0e6f5c85 100644
--- a/apis/vendor/golang.org/x/sys/unix/zerrors_aix_ppc64.go
+++ b/apis/vendor/golang.org/x/sys/unix/zerrors_aix_ppc64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build ppc64 && aix
-// +build ppc64,aix
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -maix64 _const.go
diff --git a/apis/vendor/golang.org/x/sys/unix/zerrors_darwin_amd64.go b/apis/vendor/golang.org/x/sys/unix/zerrors_darwin_amd64.go
index 143007627..e40fa8524 100644
--- a/apis/vendor/golang.org/x/sys/unix/zerrors_darwin_amd64.go
+++ b/apis/vendor/golang.org/x/sys/unix/zerrors_darwin_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build amd64 && darwin
-// +build amd64,darwin
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -m64 _const.go
diff --git a/apis/vendor/golang.org/x/sys/unix/zerrors_darwin_arm64.go b/apis/vendor/golang.org/x/sys/unix/zerrors_darwin_arm64.go
index ab044a742..bb02aa6c0 100644
--- a/apis/vendor/golang.org/x/sys/unix/zerrors_darwin_arm64.go
+++ b/apis/vendor/golang.org/x/sys/unix/zerrors_darwin_arm64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm64 && darwin
-// +build arm64,darwin
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -m64 _const.go
diff --git a/apis/vendor/golang.org/x/sys/unix/zerrors_dragonfly_amd64.go b/apis/vendor/golang.org/x/sys/unix/zerrors_dragonfly_amd64.go
index 17bba0e44..c0e0f8694 100644
--- a/apis/vendor/golang.org/x/sys/unix/zerrors_dragonfly_amd64.go
+++ b/apis/vendor/golang.org/x/sys/unix/zerrors_dragonfly_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build amd64 && dragonfly
-// +build amd64,dragonfly
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -m64 _const.go
diff --git a/apis/vendor/golang.org/x/sys/unix/zerrors_freebsd_386.go b/apis/vendor/golang.org/x/sys/unix/zerrors_freebsd_386.go
index f8c2c5138..6c6923906 100644
--- a/apis/vendor/golang.org/x/sys/unix/zerrors_freebsd_386.go
+++ b/apis/vendor/golang.org/x/sys/unix/zerrors_freebsd_386.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build 386 && freebsd
-// +build 386,freebsd
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -m32 _const.go
diff --git a/apis/vendor/golang.org/x/sys/unix/zerrors_freebsd_amd64.go b/apis/vendor/golang.org/x/sys/unix/zerrors_freebsd_amd64.go
index 96310c3be..dd9163f8e 100644
--- a/apis/vendor/golang.org/x/sys/unix/zerrors_freebsd_amd64.go
+++ b/apis/vendor/golang.org/x/sys/unix/zerrors_freebsd_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build amd64 && freebsd
-// +build amd64,freebsd
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -m64 _const.go
diff --git a/apis/vendor/golang.org/x/sys/unix/zerrors_freebsd_arm.go b/apis/vendor/golang.org/x/sys/unix/zerrors_freebsd_arm.go
index 777b69def..493a2a793 100644
--- a/apis/vendor/golang.org/x/sys/unix/zerrors_freebsd_arm.go
+++ b/apis/vendor/golang.org/x/sys/unix/zerrors_freebsd_arm.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm && freebsd
-// +build arm,freebsd
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- _const.go
diff --git a/apis/vendor/golang.org/x/sys/unix/zerrors_freebsd_arm64.go b/apis/vendor/golang.org/x/sys/unix/zerrors_freebsd_arm64.go
index c557ac2db..8b437b307 100644
--- a/apis/vendor/golang.org/x/sys/unix/zerrors_freebsd_arm64.go
+++ b/apis/vendor/golang.org/x/sys/unix/zerrors_freebsd_arm64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm64 && freebsd
-// +build arm64,freebsd
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -m64 _const.go
diff --git a/apis/vendor/golang.org/x/sys/unix/zerrors_freebsd_riscv64.go b/apis/vendor/golang.org/x/sys/unix/zerrors_freebsd_riscv64.go
index 341b4d962..67c02dd57 100644
--- a/apis/vendor/golang.org/x/sys/unix/zerrors_freebsd_riscv64.go
+++ b/apis/vendor/golang.org/x/sys/unix/zerrors_freebsd_riscv64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build riscv64 && freebsd
-// +build riscv64,freebsd
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -m64 _const.go
diff --git a/apis/vendor/golang.org/x/sys/unix/zerrors_linux.go b/apis/vendor/golang.org/x/sys/unix/zerrors_linux.go
index f9c7f479b..9c00cbf51 100644
--- a/apis/vendor/golang.org/x/sys/unix/zerrors_linux.go
+++ b/apis/vendor/golang.org/x/sys/unix/zerrors_linux.go
@@ -1,7 +1,6 @@
 // Code generated by mkmerge; DO NOT EDIT.
 
 //go:build linux
-// +build linux
 
 package unix
 
@@ -481,10 +480,14 @@ const (
 	BPF_FROM_BE                                 = 0x8
 	BPF_FROM_LE                                 = 0x0
 	BPF_FS_MAGIC                                = 0xcafe4a11
+	BPF_F_AFTER                                 = 0x10
 	BPF_F_ALLOW_MULTI                           = 0x2
 	BPF_F_ALLOW_OVERRIDE                        = 0x1
 	BPF_F_ANY_ALIGNMENT                         = 0x2
-	BPF_F_KPROBE_MULTI_RETURN                   = 0x1
+	BPF_F_BEFORE                                = 0x8
+	BPF_F_ID                                    = 0x20
+	BPF_F_LINK                                  = 0x2000
+	BPF_F_NETFILTER_IP_DEFRAG                   = 0x1
 	BPF_F_QUERY_EFFECTIVE                       = 0x1
 	BPF_F_REPLACE                               = 0x4
 	BPF_F_SLEEPABLE                             = 0x10
@@ -521,6 +524,7 @@ const (
 	BPF_MAJOR_VERSION                           = 0x1
 	BPF_MAXINSNS                                = 0x1000
 	BPF_MEM                                     = 0x60
+	BPF_MEMSX                                   = 0x80
 	BPF_MEMWORDS                                = 0x10
 	BPF_MINOR_VERSION                           = 0x1
 	BPF_MISC                                    = 0x7
@@ -776,6 +780,8 @@ const (
 	DEVLINK_GENL_MCGRP_CONFIG_NAME              = "config"
 	DEVLINK_GENL_NAME                           = "devlink"
 	DEVLINK_GENL_VERSION                        = 0x1
+	DEVLINK_PORT_FN_CAP_IPSEC_CRYPTO            = 0x4
+	DEVLINK_PORT_FN_CAP_IPSEC_PACKET            = 0x8
 	DEVLINK_PORT_FN_CAP_MIGRATABLE              = 0x2
 	DEVLINK_PORT_FN_CAP_ROCE                    = 0x1
 	DEVLINK_SB_THRESHOLD_TO_ALPHA_MAX           = 0x14
@@ -1698,6 +1704,7 @@ const (
 	KEXEC_ON_CRASH                              = 0x1
 	KEXEC_PRESERVE_CONTEXT                      = 0x2
 	KEXEC_SEGMENT_MAX                           = 0x10
+	KEXEC_UPDATE_ELFCOREHDR                     = 0x4
 	KEYCTL_ASSUME_AUTHORITY                     = 0x10
 	KEYCTL_CAPABILITIES                         = 0x1f
 	KEYCTL_CAPS0_BIG_KEY                        = 0x10
@@ -2275,6 +2282,7 @@ const (
 	PERF_MEM_LVLNUM_PMEM                        = 0xe
 	PERF_MEM_LVLNUM_RAM                         = 0xd
 	PERF_MEM_LVLNUM_SHIFT                       = 0x21
+	PERF_MEM_LVLNUM_UNC                         = 0x8
 	PERF_MEM_LVL_HIT                            = 0x2
 	PERF_MEM_LVL_IO                             = 0x1000
 	PERF_MEM_LVL_L1                             = 0x8
@@ -3461,6 +3469,7 @@ const (
 	XDP_PACKET_HEADROOM                         = 0x100
 	XDP_PGOFF_RX_RING                           = 0x0
 	XDP_PGOFF_TX_RING                           = 0x80000000
+	XDP_PKT_CONTD                               = 0x1
 	XDP_RING_NEED_WAKEUP                        = 0x1
 	XDP_RX_RING                                 = 0x2
 	XDP_SHARED_UMEM                             = 0x1
@@ -3473,6 +3482,7 @@ const (
 	XDP_UMEM_REG                                = 0x4
 	XDP_UMEM_UNALIGNED_CHUNK_FLAG               = 0x1
 	XDP_USE_NEED_WAKEUP                         = 0x8
+	XDP_USE_SG                                  = 0x10
 	XDP_ZEROCOPY                                = 0x4
 	XENFS_SUPER_MAGIC                           = 0xabba1974
 	XFS_SUPER_MAGIC                             = 0x58465342
diff --git a/apis/vendor/golang.org/x/sys/unix/zerrors_linux_386.go b/apis/vendor/golang.org/x/sys/unix/zerrors_linux_386.go
index 30aee00a5..4920821cf 100644
--- a/apis/vendor/golang.org/x/sys/unix/zerrors_linux_386.go
+++ b/apis/vendor/golang.org/x/sys/unix/zerrors_linux_386.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build 386 && linux
-// +build 386,linux
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -Wall -Werror -static -I/tmp/386/include -m32 _const.go
diff --git a/apis/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go b/apis/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go
index 8ebfa5127..a0c1e4112 100644
--- a/apis/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go
+++ b/apis/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build amd64 && linux
-// +build amd64,linux
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -Wall -Werror -static -I/tmp/amd64/include -m64 _const.go
diff --git a/apis/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go b/apis/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go
index 271a21cdc..c63985560 100644
--- a/apis/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go
+++ b/apis/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm && linux
-// +build arm,linux
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -Wall -Werror -static -I/tmp/arm/include _const.go
diff --git a/apis/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go b/apis/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go
index 910c330a3..47cc62e25 100644
--- a/apis/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go
+++ b/apis/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm64 && linux
-// +build arm64,linux
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -Wall -Werror -static -I/tmp/arm64/include -fsigned-char _const.go
diff --git a/apis/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go b/apis/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go
index a640798c9..27ac4a09e 100644
--- a/apis/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go
+++ b/apis/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build loong64 && linux
-// +build loong64,linux
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -Wall -Werror -static -I/tmp/loong64/include _const.go
@@ -119,6 +118,7 @@ const (
 	IXOFF                            = 0x1000
 	IXON                             = 0x400
 	LASX_CTX_MAGIC                   = 0x41535801
+	LBT_CTX_MAGIC                    = 0x42540001
 	LSX_CTX_MAGIC                    = 0x53580001
 	MAP_ANON                         = 0x20
 	MAP_ANONYMOUS                    = 0x20
diff --git a/apis/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go b/apis/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go
index 0d5925d34..54694642a 100644
--- a/apis/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go
+++ b/apis/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build mips && linux
-// +build mips,linux
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -Wall -Werror -static -I/tmp/mips/include _const.go
diff --git a/apis/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go b/apis/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go
index d72a00e0b..3adb81d75 100644
--- a/apis/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go
+++ b/apis/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build mips64 && linux
-// +build mips64,linux
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -Wall -Werror -static -I/tmp/mips64/include _const.go
diff --git a/apis/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go b/apis/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go
index 02ba129f8..2dfe98f0d 100644
--- a/apis/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go
+++ b/apis/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build mips64le && linux
-// +build mips64le,linux
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -Wall -Werror -static -I/tmp/mips64le/include _const.go
diff --git a/apis/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go b/apis/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go
index 8daa6dd96..f5398f84f 100644
--- a/apis/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go
+++ b/apis/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build mipsle && linux
-// +build mipsle,linux
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -Wall -Werror -static -I/tmp/mipsle/include _const.go
diff --git a/apis/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go b/apis/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go
index 63c8fa2f7..c54f152d6 100644
--- a/apis/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go
+++ b/apis/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build ppc && linux
-// +build ppc,linux
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -Wall -Werror -static -I/tmp/ppc/include _const.go
diff --git a/apis/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go b/apis/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go
index 930799ec1..76057dc72 100644
--- a/apis/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go
+++ b/apis/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build ppc64 && linux
-// +build ppc64,linux
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -Wall -Werror -static -I/tmp/ppc64/include _const.go
diff --git a/apis/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go b/apis/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go
index 8605a7dd7..e0c3725e2 100644
--- a/apis/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go
+++ b/apis/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build ppc64le && linux
-// +build ppc64le,linux
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -Wall -Werror -static -I/tmp/ppc64le/include _const.go
diff --git a/apis/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go b/apis/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go
index 95a016f1c..18f2813ed 100644
--- a/apis/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go
+++ b/apis/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build riscv64 && linux
-// +build riscv64,linux
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -Wall -Werror -static -I/tmp/riscv64/include _const.go
@@ -228,6 +227,9 @@ const (
 	PPPIOCUNBRIDGECHAN               = 0x7434
 	PPPIOCXFERUNIT                   = 0x744e
 	PR_SET_PTRACER_ANY               = 0xffffffffffffffff
+	PTRACE_GETFDPIC                  = 0x21
+	PTRACE_GETFDPIC_EXEC             = 0x0
+	PTRACE_GETFDPIC_INTERP           = 0x1
 	RLIMIT_AS                        = 0x9
 	RLIMIT_MEMLOCK                   = 0x8
 	RLIMIT_NOFILE                    = 0x7
diff --git a/apis/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go b/apis/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go
index 1ae0108f5..11619d4ec 100644
--- a/apis/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go
+++ b/apis/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build s390x && linux
-// +build s390x,linux
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -Wall -Werror -static -I/tmp/s390x/include -fsigned-char _const.go
diff --git a/apis/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go b/apis/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go
index 1bb7c6333..396d994da 100644
--- a/apis/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go
+++ b/apis/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build sparc64 && linux
-// +build sparc64,linux
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -Wall -Werror -static -I/tmp/sparc64/include _const.go
diff --git a/apis/vendor/golang.org/x/sys/unix/zerrors_netbsd_386.go b/apis/vendor/golang.org/x/sys/unix/zerrors_netbsd_386.go
index 72f7420d2..130085df4 100644
--- a/apis/vendor/golang.org/x/sys/unix/zerrors_netbsd_386.go
+++ b/apis/vendor/golang.org/x/sys/unix/zerrors_netbsd_386.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build 386 && netbsd
-// +build 386,netbsd
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -m32 _const.go
diff --git a/apis/vendor/golang.org/x/sys/unix/zerrors_netbsd_amd64.go b/apis/vendor/golang.org/x/sys/unix/zerrors_netbsd_amd64.go
index 8d4eb0c08..84769a1a3 100644
--- a/apis/vendor/golang.org/x/sys/unix/zerrors_netbsd_amd64.go
+++ b/apis/vendor/golang.org/x/sys/unix/zerrors_netbsd_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build amd64 && netbsd
-// +build amd64,netbsd
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -m64 _const.go
diff --git a/apis/vendor/golang.org/x/sys/unix/zerrors_netbsd_arm.go b/apis/vendor/golang.org/x/sys/unix/zerrors_netbsd_arm.go
index 9eef9749f..602ded003 100644
--- a/apis/vendor/golang.org/x/sys/unix/zerrors_netbsd_arm.go
+++ b/apis/vendor/golang.org/x/sys/unix/zerrors_netbsd_arm.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm && netbsd
-// +build arm,netbsd
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -marm _const.go
diff --git a/apis/vendor/golang.org/x/sys/unix/zerrors_netbsd_arm64.go b/apis/vendor/golang.org/x/sys/unix/zerrors_netbsd_arm64.go
index 3b62ba192..efc0406ee 100644
--- a/apis/vendor/golang.org/x/sys/unix/zerrors_netbsd_arm64.go
+++ b/apis/vendor/golang.org/x/sys/unix/zerrors_netbsd_arm64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm64 && netbsd
-// +build arm64,netbsd
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -m64 _const.go
diff --git a/apis/vendor/golang.org/x/sys/unix/zerrors_openbsd_386.go b/apis/vendor/golang.org/x/sys/unix/zerrors_openbsd_386.go
index af20e474b..5a6500f83 100644
--- a/apis/vendor/golang.org/x/sys/unix/zerrors_openbsd_386.go
+++ b/apis/vendor/golang.org/x/sys/unix/zerrors_openbsd_386.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build 386 && openbsd
-// +build 386,openbsd
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -m32 _const.go
diff --git a/apis/vendor/golang.org/x/sys/unix/zerrors_openbsd_amd64.go b/apis/vendor/golang.org/x/sys/unix/zerrors_openbsd_amd64.go
index 6015fcb2b..a5aeeb979 100644
--- a/apis/vendor/golang.org/x/sys/unix/zerrors_openbsd_amd64.go
+++ b/apis/vendor/golang.org/x/sys/unix/zerrors_openbsd_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build amd64 && openbsd
-// +build amd64,openbsd
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -m64 _const.go
diff --git a/apis/vendor/golang.org/x/sys/unix/zerrors_openbsd_arm.go b/apis/vendor/golang.org/x/sys/unix/zerrors_openbsd_arm.go
index 8d44955e4..0e9748a72 100644
--- a/apis/vendor/golang.org/x/sys/unix/zerrors_openbsd_arm.go
+++ b/apis/vendor/golang.org/x/sys/unix/zerrors_openbsd_arm.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm && openbsd
-// +build arm,openbsd
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- _const.go
diff --git a/apis/vendor/golang.org/x/sys/unix/zerrors_openbsd_arm64.go b/apis/vendor/golang.org/x/sys/unix/zerrors_openbsd_arm64.go
index ae16fe754..4f4449abc 100644
--- a/apis/vendor/golang.org/x/sys/unix/zerrors_openbsd_arm64.go
+++ b/apis/vendor/golang.org/x/sys/unix/zerrors_openbsd_arm64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm64 && openbsd
-// +build arm64,openbsd
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -m64 _const.go
diff --git a/apis/vendor/golang.org/x/sys/unix/zerrors_openbsd_mips64.go b/apis/vendor/golang.org/x/sys/unix/zerrors_openbsd_mips64.go
index 03d90fe35..76a363f0f 100644
--- a/apis/vendor/golang.org/x/sys/unix/zerrors_openbsd_mips64.go
+++ b/apis/vendor/golang.org/x/sys/unix/zerrors_openbsd_mips64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build mips64 && openbsd
-// +build mips64,openbsd
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -m64 _const.go
diff --git a/apis/vendor/golang.org/x/sys/unix/zerrors_openbsd_ppc64.go b/apis/vendor/golang.org/x/sys/unix/zerrors_openbsd_ppc64.go
index 8e2c51b1e..43ca0cdfd 100644
--- a/apis/vendor/golang.org/x/sys/unix/zerrors_openbsd_ppc64.go
+++ b/apis/vendor/golang.org/x/sys/unix/zerrors_openbsd_ppc64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build ppc64 && openbsd
-// +build ppc64,openbsd
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -m64 _const.go
diff --git a/apis/vendor/golang.org/x/sys/unix/zerrors_openbsd_riscv64.go b/apis/vendor/golang.org/x/sys/unix/zerrors_openbsd_riscv64.go
index 13d403031..b1b8bb200 100644
--- a/apis/vendor/golang.org/x/sys/unix/zerrors_openbsd_riscv64.go
+++ b/apis/vendor/golang.org/x/sys/unix/zerrors_openbsd_riscv64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build riscv64 && openbsd
-// +build riscv64,openbsd
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -m64 _const.go
diff --git a/apis/vendor/golang.org/x/sys/unix/zerrors_solaris_amd64.go b/apis/vendor/golang.org/x/sys/unix/zerrors_solaris_amd64.go
index 1afee6a08..d2ddd3176 100644
--- a/apis/vendor/golang.org/x/sys/unix/zerrors_solaris_amd64.go
+++ b/apis/vendor/golang.org/x/sys/unix/zerrors_solaris_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build amd64 && solaris
-// +build amd64,solaris
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -m64 _const.go
diff --git a/apis/vendor/golang.org/x/sys/unix/zerrors_zos_s390x.go b/apis/vendor/golang.org/x/sys/unix/zerrors_zos_s390x.go
index fc7d0506f..4dfd2e051 100644
--- a/apis/vendor/golang.org/x/sys/unix/zerrors_zos_s390x.go
+++ b/apis/vendor/golang.org/x/sys/unix/zerrors_zos_s390x.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build zos && s390x
-// +build zos,s390x
 
 // Hand edited based on zerrors_linux_s390x.go
 // TODO: auto-generate.
diff --git a/apis/vendor/golang.org/x/sys/unix/zptrace_armnn_linux.go b/apis/vendor/golang.org/x/sys/unix/zptrace_armnn_linux.go
index 97f20ca28..586317c78 100644
--- a/apis/vendor/golang.org/x/sys/unix/zptrace_armnn_linux.go
+++ b/apis/vendor/golang.org/x/sys/unix/zptrace_armnn_linux.go
@@ -1,8 +1,6 @@
 // Code generated by linux/mkall.go generatePtracePair("arm", "arm64"). DO NOT EDIT.
 
 //go:build linux && (arm || arm64)
-// +build linux
-// +build arm arm64
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/zptrace_mipsnn_linux.go b/apis/vendor/golang.org/x/sys/unix/zptrace_mipsnn_linux.go
index 0b5f79430..d7c881be7 100644
--- a/apis/vendor/golang.org/x/sys/unix/zptrace_mipsnn_linux.go
+++ b/apis/vendor/golang.org/x/sys/unix/zptrace_mipsnn_linux.go
@@ -1,8 +1,6 @@
 // Code generated by linux/mkall.go generatePtracePair("mips", "mips64"). DO NOT EDIT.
 
 //go:build linux && (mips || mips64)
-// +build linux
-// +build mips mips64
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/zptrace_mipsnnle_linux.go b/apis/vendor/golang.org/x/sys/unix/zptrace_mipsnnle_linux.go
index 2807f7e64..2d2de5d29 100644
--- a/apis/vendor/golang.org/x/sys/unix/zptrace_mipsnnle_linux.go
+++ b/apis/vendor/golang.org/x/sys/unix/zptrace_mipsnnle_linux.go
@@ -1,8 +1,6 @@
 // Code generated by linux/mkall.go generatePtracePair("mipsle", "mips64le"). DO NOT EDIT.
 
 //go:build linux && (mipsle || mips64le)
-// +build linux
-// +build mipsle mips64le
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/zptrace_x86_linux.go b/apis/vendor/golang.org/x/sys/unix/zptrace_x86_linux.go
index 281ea64e3..5adc79fb5 100644
--- a/apis/vendor/golang.org/x/sys/unix/zptrace_x86_linux.go
+++ b/apis/vendor/golang.org/x/sys/unix/zptrace_x86_linux.go
@@ -1,8 +1,6 @@
 // Code generated by linux/mkall.go generatePtracePair("386", "amd64"). DO NOT EDIT.
 
 //go:build linux && (386 || amd64)
-// +build linux
-// +build 386 amd64
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc.go b/apis/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc.go
index d1d1d2331..6ea64a3c0 100644
--- a/apis/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc.go
+++ b/apis/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build aix && ppc
-// +build aix,ppc
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64.go b/apis/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64.go
index f99a18adc..99ee4399a 100644
--- a/apis/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64.go
+++ b/apis/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build aix && ppc64
-// +build aix,ppc64
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gc.go b/apis/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gc.go
index c4d50ae50..b68a78362 100644
--- a/apis/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gc.go
+++ b/apis/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gc.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build aix && ppc64 && gc
-// +build aix,ppc64,gc
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gccgo.go b/apis/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gccgo.go
index 6903d3b09..0a87450bf 100644
--- a/apis/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gccgo.go
+++ b/apis/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gccgo.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build aix && ppc64 && gccgo
-// +build aix,ppc64,gccgo
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.go b/apis/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.go
index 1cad561e9..ccb02f240 100644
--- a/apis/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.go
+++ b/apis/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build darwin && amd64
-// +build darwin,amd64
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go b/apis/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go
index b18edbd0e..1b40b997b 100644
--- a/apis/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go
+++ b/apis/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build darwin && arm64
-// +build darwin,arm64
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/zsyscall_dragonfly_amd64.go b/apis/vendor/golang.org/x/sys/unix/zsyscall_dragonfly_amd64.go
index 0c67df64a..aad65fc79 100644
--- a/apis/vendor/golang.org/x/sys/unix/zsyscall_dragonfly_amd64.go
+++ b/apis/vendor/golang.org/x/sys/unix/zsyscall_dragonfly_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build dragonfly && amd64
-// +build dragonfly,amd64
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/zsyscall_freebsd_386.go b/apis/vendor/golang.org/x/sys/unix/zsyscall_freebsd_386.go
index e6e05d145..c0096391a 100644
--- a/apis/vendor/golang.org/x/sys/unix/zsyscall_freebsd_386.go
+++ b/apis/vendor/golang.org/x/sys/unix/zsyscall_freebsd_386.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build freebsd && 386
-// +build freebsd,386
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/zsyscall_freebsd_amd64.go b/apis/vendor/golang.org/x/sys/unix/zsyscall_freebsd_amd64.go
index 7508accac..7664df749 100644
--- a/apis/vendor/golang.org/x/sys/unix/zsyscall_freebsd_amd64.go
+++ b/apis/vendor/golang.org/x/sys/unix/zsyscall_freebsd_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build freebsd && amd64
-// +build freebsd,amd64
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm.go b/apis/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm.go
index 7b56aead4..ae099182c 100644
--- a/apis/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm.go
+++ b/apis/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build freebsd && arm
-// +build freebsd,arm
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm64.go b/apis/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm64.go
index cc623dcaa..11fd5d45b 100644
--- a/apis/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm64.go
+++ b/apis/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build freebsd && arm64
-// +build freebsd,arm64
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/zsyscall_freebsd_riscv64.go b/apis/vendor/golang.org/x/sys/unix/zsyscall_freebsd_riscv64.go
index 581849197..c3d2d6530 100644
--- a/apis/vendor/golang.org/x/sys/unix/zsyscall_freebsd_riscv64.go
+++ b/apis/vendor/golang.org/x/sys/unix/zsyscall_freebsd_riscv64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build freebsd && riscv64
-// +build freebsd,riscv64
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/zsyscall_illumos_amd64.go b/apis/vendor/golang.org/x/sys/unix/zsyscall_illumos_amd64.go
index 6be25cd19..c698cbc01 100644
--- a/apis/vendor/golang.org/x/sys/unix/zsyscall_illumos_amd64.go
+++ b/apis/vendor/golang.org/x/sys/unix/zsyscall_illumos_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build illumos && amd64
-// +build illumos,amd64
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/zsyscall_linux.go b/apis/vendor/golang.org/x/sys/unix/zsyscall_linux.go
index 1ff3aec74..faca7a557 100644
--- a/apis/vendor/golang.org/x/sys/unix/zsyscall_linux.go
+++ b/apis/vendor/golang.org/x/sys/unix/zsyscall_linux.go
@@ -1,7 +1,6 @@
 // Code generated by mkmerge; DO NOT EDIT.
 
 //go:build linux
-// +build linux
 
 package unix
 
@@ -2195,3 +2194,13 @@ func schedGetattr(pid int, attr *SchedAttr, size uint, flags uint) (err error) {
 	}
 	return
 }
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Cachestat(fd uint, crange *CachestatRange, cstat *Cachestat_t, flags uint) (err error) {
+	_, _, e1 := Syscall6(SYS_CACHESTAT, uintptr(fd), uintptr(unsafe.Pointer(crange)), uintptr(unsafe.Pointer(cstat)), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
diff --git a/apis/vendor/golang.org/x/sys/unix/zsyscall_linux_386.go b/apis/vendor/golang.org/x/sys/unix/zsyscall_linux_386.go
index 07b549cc2..4def3e9fc 100644
--- a/apis/vendor/golang.org/x/sys/unix/zsyscall_linux_386.go
+++ b/apis/vendor/golang.org/x/sys/unix/zsyscall_linux_386.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build linux && 386
-// +build linux,386
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/zsyscall_linux_amd64.go b/apis/vendor/golang.org/x/sys/unix/zsyscall_linux_amd64.go
index 5f481bf83..fef2bc8ba 100644
--- a/apis/vendor/golang.org/x/sys/unix/zsyscall_linux_amd64.go
+++ b/apis/vendor/golang.org/x/sys/unix/zsyscall_linux_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build linux && amd64
-// +build linux,amd64
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/zsyscall_linux_arm.go b/apis/vendor/golang.org/x/sys/unix/zsyscall_linux_arm.go
index 824cd52c7..a9fd76a88 100644
--- a/apis/vendor/golang.org/x/sys/unix/zsyscall_linux_arm.go
+++ b/apis/vendor/golang.org/x/sys/unix/zsyscall_linux_arm.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build linux && arm
-// +build linux,arm
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/zsyscall_linux_arm64.go b/apis/vendor/golang.org/x/sys/unix/zsyscall_linux_arm64.go
index e77aecfe9..460065028 100644
--- a/apis/vendor/golang.org/x/sys/unix/zsyscall_linux_arm64.go
+++ b/apis/vendor/golang.org/x/sys/unix/zsyscall_linux_arm64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build linux && arm64
-// +build linux,arm64
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/zsyscall_linux_loong64.go b/apis/vendor/golang.org/x/sys/unix/zsyscall_linux_loong64.go
index 806ffd1e1..c8987d264 100644
--- a/apis/vendor/golang.org/x/sys/unix/zsyscall_linux_loong64.go
+++ b/apis/vendor/golang.org/x/sys/unix/zsyscall_linux_loong64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build linux && loong64
-// +build linux,loong64
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/zsyscall_linux_mips.go b/apis/vendor/golang.org/x/sys/unix/zsyscall_linux_mips.go
index 961a3afb7..921f43061 100644
--- a/apis/vendor/golang.org/x/sys/unix/zsyscall_linux_mips.go
+++ b/apis/vendor/golang.org/x/sys/unix/zsyscall_linux_mips.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build linux && mips
-// +build linux,mips
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64.go b/apis/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64.go
index ed05005e9..44f067829 100644
--- a/apis/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64.go
+++ b/apis/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build linux && mips64
-// +build linux,mips64
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64le.go b/apis/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64le.go
index d365b718f..e7fa0abf0 100644
--- a/apis/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64le.go
+++ b/apis/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64le.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build linux && mips64le
-// +build linux,mips64le
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/zsyscall_linux_mipsle.go b/apis/vendor/golang.org/x/sys/unix/zsyscall_linux_mipsle.go
index c3f1b8bbd..8c5125675 100644
--- a/apis/vendor/golang.org/x/sys/unix/zsyscall_linux_mipsle.go
+++ b/apis/vendor/golang.org/x/sys/unix/zsyscall_linux_mipsle.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build linux && mipsle
-// +build linux,mipsle
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc.go b/apis/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc.go
index a6574cf98..7392fd45e 100644
--- a/apis/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc.go
+++ b/apis/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build linux && ppc
-// +build linux,ppc
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64.go b/apis/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64.go
index f40990264..41180434e 100644
--- a/apis/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64.go
+++ b/apis/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build linux && ppc64
-// +build linux,ppc64
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64le.go b/apis/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64le.go
index 9dfcc2997..40c6ce7ae 100644
--- a/apis/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64le.go
+++ b/apis/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64le.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build linux && ppc64le
-// +build linux,ppc64le
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/zsyscall_linux_riscv64.go b/apis/vendor/golang.org/x/sys/unix/zsyscall_linux_riscv64.go
index 0ab4f2ed7..2cfe34adb 100644
--- a/apis/vendor/golang.org/x/sys/unix/zsyscall_linux_riscv64.go
+++ b/apis/vendor/golang.org/x/sys/unix/zsyscall_linux_riscv64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build linux && riscv64
-// +build linux,riscv64
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/zsyscall_linux_s390x.go b/apis/vendor/golang.org/x/sys/unix/zsyscall_linux_s390x.go
index 6cde32237..61e6f0709 100644
--- a/apis/vendor/golang.org/x/sys/unix/zsyscall_linux_s390x.go
+++ b/apis/vendor/golang.org/x/sys/unix/zsyscall_linux_s390x.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build linux && s390x
-// +build linux,s390x
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/zsyscall_linux_sparc64.go b/apis/vendor/golang.org/x/sys/unix/zsyscall_linux_sparc64.go
index 5253d65bf..834b84204 100644
--- a/apis/vendor/golang.org/x/sys/unix/zsyscall_linux_sparc64.go
+++ b/apis/vendor/golang.org/x/sys/unix/zsyscall_linux_sparc64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build linux && sparc64
-// +build linux,sparc64
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/zsyscall_netbsd_386.go b/apis/vendor/golang.org/x/sys/unix/zsyscall_netbsd_386.go
index 2df3c5bac..e91ebc14a 100644
--- a/apis/vendor/golang.org/x/sys/unix/zsyscall_netbsd_386.go
+++ b/apis/vendor/golang.org/x/sys/unix/zsyscall_netbsd_386.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build netbsd && 386
-// +build netbsd,386
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/zsyscall_netbsd_amd64.go b/apis/vendor/golang.org/x/sys/unix/zsyscall_netbsd_amd64.go
index a60556bab..be28babbc 100644
--- a/apis/vendor/golang.org/x/sys/unix/zsyscall_netbsd_amd64.go
+++ b/apis/vendor/golang.org/x/sys/unix/zsyscall_netbsd_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build netbsd && amd64
-// +build netbsd,amd64
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm.go b/apis/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm.go
index 9f788917a..fb587e826 100644
--- a/apis/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm.go
+++ b/apis/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build netbsd && arm
-// +build netbsd,arm
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm64.go b/apis/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm64.go
index 82a4cb2dc..d576438bb 100644
--- a/apis/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm64.go
+++ b/apis/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build netbsd && arm64
-// +build netbsd,arm64
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go b/apis/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go
index 66b3b6456..88bfc2885 100644
--- a/apis/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go
+++ b/apis/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build openbsd && 386
-// +build openbsd,386
 
 package unix
 
@@ -2213,6 +2212,21 @@ var libc_munmap_trampoline_addr uintptr
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func getfsstat(stat *Statfs_t, bufsize uintptr, flags int) (n int, err error) {
+	r0, _, e1 := syscall_syscall(libc_getfsstat_trampoline_addr, uintptr(unsafe.Pointer(stat)), uintptr(bufsize), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_getfsstat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getfsstat getfsstat "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -2229,3 +2243,33 @@ func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error
 var libc_utimensat_trampoline_addr uintptr
 
 //go:cgo_import_dynamic libc_utimensat utimensat "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func pledge(promises *byte, execpromises *byte) (err error) {
+	_, _, e1 := syscall_syscall(libc_pledge_trampoline_addr, uintptr(unsafe.Pointer(promises)), uintptr(unsafe.Pointer(execpromises)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_pledge_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_pledge pledge "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func unveil(path *byte, flags *byte) (err error) {
+	_, _, e1 := syscall_syscall(libc_unveil_trampoline_addr, uintptr(unsafe.Pointer(path)), uintptr(unsafe.Pointer(flags)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_unveil_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_unveil unveil "libc.so"
+
+
diff --git a/apis/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.s b/apis/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.s
index 3dcacd30d..4cbeff171 100644
--- a/apis/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.s
+++ b/apis/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.s
@@ -668,7 +668,22 @@ TEXT libc_munmap_trampoline<>(SB),NOSPLIT,$0-0
 GLOBL	·libc_munmap_trampoline_addr(SB), RODATA, $4
 DATA	·libc_munmap_trampoline_addr(SB)/4, $libc_munmap_trampoline<>(SB)
 
+TEXT libc_getfsstat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getfsstat(SB)
+GLOBL	·libc_getfsstat_trampoline_addr(SB), RODATA, $4
+DATA	·libc_getfsstat_trampoline_addr(SB)/4, $libc_getfsstat_trampoline<>(SB)
+
 TEXT libc_utimensat_trampoline<>(SB),NOSPLIT,$0-0
 	JMP	libc_utimensat(SB)
 GLOBL	·libc_utimensat_trampoline_addr(SB), RODATA, $4
 DATA	·libc_utimensat_trampoline_addr(SB)/4, $libc_utimensat_trampoline<>(SB)
+
+TEXT libc_pledge_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_pledge(SB)
+GLOBL	·libc_pledge_trampoline_addr(SB), RODATA, $4
+DATA	·libc_pledge_trampoline_addr(SB)/4, $libc_pledge_trampoline<>(SB)
+
+TEXT libc_unveil_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_unveil(SB)
+GLOBL	·libc_unveil_trampoline_addr(SB), RODATA, $4
+DATA	·libc_unveil_trampoline_addr(SB)/4, $libc_unveil_trampoline<>(SB)
diff --git a/apis/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go b/apis/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go
index c5c4cc112..b8a67b99a 100644
--- a/apis/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go
+++ b/apis/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build openbsd && amd64
-// +build openbsd,amd64
 
 package unix
 
@@ -2213,6 +2212,21 @@ var libc_munmap_trampoline_addr uintptr
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func getfsstat(stat *Statfs_t, bufsize uintptr, flags int) (n int, err error) {
+	r0, _, e1 := syscall_syscall(libc_getfsstat_trampoline_addr, uintptr(unsafe.Pointer(stat)), uintptr(bufsize), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_getfsstat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getfsstat getfsstat "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -2229,3 +2243,33 @@ func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error
 var libc_utimensat_trampoline_addr uintptr
 
 //go:cgo_import_dynamic libc_utimensat utimensat "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func pledge(promises *byte, execpromises *byte) (err error) {
+	_, _, e1 := syscall_syscall(libc_pledge_trampoline_addr, uintptr(unsafe.Pointer(promises)), uintptr(unsafe.Pointer(execpromises)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_pledge_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_pledge pledge "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func unveil(path *byte, flags *byte) (err error) {
+	_, _, e1 := syscall_syscall(libc_unveil_trampoline_addr, uintptr(unsafe.Pointer(path)), uintptr(unsafe.Pointer(flags)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_unveil_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_unveil unveil "libc.so"
+
+
diff --git a/apis/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.s b/apis/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.s
index 2763620b0..1123f2757 100644
--- a/apis/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.s
+++ b/apis/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.s
@@ -668,7 +668,22 @@ TEXT libc_munmap_trampoline<>(SB),NOSPLIT,$0-0
 GLOBL	·libc_munmap_trampoline_addr(SB), RODATA, $8
 DATA	·libc_munmap_trampoline_addr(SB)/8, $libc_munmap_trampoline<>(SB)
 
+TEXT libc_getfsstat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getfsstat(SB)
+GLOBL	·libc_getfsstat_trampoline_addr(SB), RODATA, $8
+DATA	·libc_getfsstat_trampoline_addr(SB)/8, $libc_getfsstat_trampoline<>(SB)
+
 TEXT libc_utimensat_trampoline<>(SB),NOSPLIT,$0-0
 	JMP	libc_utimensat(SB)
 GLOBL	·libc_utimensat_trampoline_addr(SB), RODATA, $8
 DATA	·libc_utimensat_trampoline_addr(SB)/8, $libc_utimensat_trampoline<>(SB)
+
+TEXT libc_pledge_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_pledge(SB)
+GLOBL	·libc_pledge_trampoline_addr(SB), RODATA, $8
+DATA	·libc_pledge_trampoline_addr(SB)/8, $libc_pledge_trampoline<>(SB)
+
+TEXT libc_unveil_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_unveil(SB)
+GLOBL	·libc_unveil_trampoline_addr(SB), RODATA, $8
+DATA	·libc_unveil_trampoline_addr(SB)/8, $libc_unveil_trampoline<>(SB)
diff --git a/apis/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go b/apis/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go
index 93bfbb328..af50a65c0 100644
--- a/apis/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go
+++ b/apis/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build openbsd && arm
-// +build openbsd,arm
 
 package unix
 
@@ -2213,6 +2212,21 @@ var libc_munmap_trampoline_addr uintptr
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func getfsstat(stat *Statfs_t, bufsize uintptr, flags int) (n int, err error) {
+	r0, _, e1 := syscall_syscall(libc_getfsstat_trampoline_addr, uintptr(unsafe.Pointer(stat)), uintptr(bufsize), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_getfsstat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getfsstat getfsstat "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -2229,3 +2243,33 @@ func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error
 var libc_utimensat_trampoline_addr uintptr
 
 //go:cgo_import_dynamic libc_utimensat utimensat "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func pledge(promises *byte, execpromises *byte) (err error) {
+	_, _, e1 := syscall_syscall(libc_pledge_trampoline_addr, uintptr(unsafe.Pointer(promises)), uintptr(unsafe.Pointer(execpromises)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_pledge_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_pledge pledge "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func unveil(path *byte, flags *byte) (err error) {
+	_, _, e1 := syscall_syscall(libc_unveil_trampoline_addr, uintptr(unsafe.Pointer(path)), uintptr(unsafe.Pointer(flags)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_unveil_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_unveil unveil "libc.so"
+
+
diff --git a/apis/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.s b/apis/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.s
index c92231404..82badae39 100644
--- a/apis/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.s
+++ b/apis/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.s
@@ -668,7 +668,22 @@ TEXT libc_munmap_trampoline<>(SB),NOSPLIT,$0-0
 GLOBL	·libc_munmap_trampoline_addr(SB), RODATA, $4
 DATA	·libc_munmap_trampoline_addr(SB)/4, $libc_munmap_trampoline<>(SB)
 
+TEXT libc_getfsstat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getfsstat(SB)
+GLOBL	·libc_getfsstat_trampoline_addr(SB), RODATA, $4
+DATA	·libc_getfsstat_trampoline_addr(SB)/4, $libc_getfsstat_trampoline<>(SB)
+
 TEXT libc_utimensat_trampoline<>(SB),NOSPLIT,$0-0
 	JMP	libc_utimensat(SB)
 GLOBL	·libc_utimensat_trampoline_addr(SB), RODATA, $4
 DATA	·libc_utimensat_trampoline_addr(SB)/4, $libc_utimensat_trampoline<>(SB)
+
+TEXT libc_pledge_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_pledge(SB)
+GLOBL	·libc_pledge_trampoline_addr(SB), RODATA, $4
+DATA	·libc_pledge_trampoline_addr(SB)/4, $libc_pledge_trampoline<>(SB)
+
+TEXT libc_unveil_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_unveil(SB)
+GLOBL	·libc_unveil_trampoline_addr(SB), RODATA, $4
+DATA	·libc_unveil_trampoline_addr(SB)/4, $libc_unveil_trampoline<>(SB)
diff --git a/apis/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go b/apis/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go
index a107b8fda..8fb4ff36a 100644
--- a/apis/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go
+++ b/apis/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build openbsd && arm64
-// +build openbsd,arm64
 
 package unix
 
@@ -2213,6 +2212,21 @@ var libc_munmap_trampoline_addr uintptr
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func getfsstat(stat *Statfs_t, bufsize uintptr, flags int) (n int, err error) {
+	r0, _, e1 := syscall_syscall(libc_getfsstat_trampoline_addr, uintptr(unsafe.Pointer(stat)), uintptr(bufsize), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_getfsstat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getfsstat getfsstat "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -2229,3 +2243,33 @@ func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error
 var libc_utimensat_trampoline_addr uintptr
 
 //go:cgo_import_dynamic libc_utimensat utimensat "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func pledge(promises *byte, execpromises *byte) (err error) {
+	_, _, e1 := syscall_syscall(libc_pledge_trampoline_addr, uintptr(unsafe.Pointer(promises)), uintptr(unsafe.Pointer(execpromises)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_pledge_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_pledge pledge "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func unveil(path *byte, flags *byte) (err error) {
+	_, _, e1 := syscall_syscall(libc_unveil_trampoline_addr, uintptr(unsafe.Pointer(path)), uintptr(unsafe.Pointer(flags)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_unveil_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_unveil unveil "libc.so"
+
+
diff --git a/apis/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.s b/apis/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.s
index a6bc32c92..24d7eecb9 100644
--- a/apis/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.s
+++ b/apis/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.s
@@ -668,7 +668,22 @@ TEXT libc_munmap_trampoline<>(SB),NOSPLIT,$0-0
 GLOBL	·libc_munmap_trampoline_addr(SB), RODATA, $8
 DATA	·libc_munmap_trampoline_addr(SB)/8, $libc_munmap_trampoline<>(SB)
 
+TEXT libc_getfsstat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getfsstat(SB)
+GLOBL	·libc_getfsstat_trampoline_addr(SB), RODATA, $8
+DATA	·libc_getfsstat_trampoline_addr(SB)/8, $libc_getfsstat_trampoline<>(SB)
+
 TEXT libc_utimensat_trampoline<>(SB),NOSPLIT,$0-0
 	JMP	libc_utimensat(SB)
 GLOBL	·libc_utimensat_trampoline_addr(SB), RODATA, $8
 DATA	·libc_utimensat_trampoline_addr(SB)/8, $libc_utimensat_trampoline<>(SB)
+
+TEXT libc_pledge_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_pledge(SB)
+GLOBL	·libc_pledge_trampoline_addr(SB), RODATA, $8
+DATA	·libc_pledge_trampoline_addr(SB)/8, $libc_pledge_trampoline<>(SB)
+
+TEXT libc_unveil_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_unveil(SB)
+GLOBL	·libc_unveil_trampoline_addr(SB), RODATA, $8
+DATA	·libc_unveil_trampoline_addr(SB)/8, $libc_unveil_trampoline<>(SB)
diff --git a/apis/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go b/apis/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go
index c427de509..f469a83ee 100644
--- a/apis/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go
+++ b/apis/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build openbsd && mips64
-// +build openbsd,mips64
 
 package unix
 
@@ -2213,6 +2212,21 @@ var libc_munmap_trampoline_addr uintptr
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func getfsstat(stat *Statfs_t, bufsize uintptr, flags int) (n int, err error) {
+	r0, _, e1 := syscall_syscall(libc_getfsstat_trampoline_addr, uintptr(unsafe.Pointer(stat)), uintptr(bufsize), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_getfsstat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getfsstat getfsstat "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -2229,3 +2243,33 @@ func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error
 var libc_utimensat_trampoline_addr uintptr
 
 //go:cgo_import_dynamic libc_utimensat utimensat "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func pledge(promises *byte, execpromises *byte) (err error) {
+	_, _, e1 := syscall_syscall(libc_pledge_trampoline_addr, uintptr(unsafe.Pointer(promises)), uintptr(unsafe.Pointer(execpromises)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_pledge_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_pledge pledge "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func unveil(path *byte, flags *byte) (err error) {
+	_, _, e1 := syscall_syscall(libc_unveil_trampoline_addr, uintptr(unsafe.Pointer(path)), uintptr(unsafe.Pointer(flags)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_unveil_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_unveil unveil "libc.so"
+
+
diff --git a/apis/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.s b/apis/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.s
index b4e7bceab..9a498a067 100644
--- a/apis/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.s
+++ b/apis/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.s
@@ -668,7 +668,22 @@ TEXT libc_munmap_trampoline<>(SB),NOSPLIT,$0-0
 GLOBL	·libc_munmap_trampoline_addr(SB), RODATA, $8
 DATA	·libc_munmap_trampoline_addr(SB)/8, $libc_munmap_trampoline<>(SB)
 
+TEXT libc_getfsstat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getfsstat(SB)
+GLOBL	·libc_getfsstat_trampoline_addr(SB), RODATA, $8
+DATA	·libc_getfsstat_trampoline_addr(SB)/8, $libc_getfsstat_trampoline<>(SB)
+
 TEXT libc_utimensat_trampoline<>(SB),NOSPLIT,$0-0
 	JMP	libc_utimensat(SB)
 GLOBL	·libc_utimensat_trampoline_addr(SB), RODATA, $8
 DATA	·libc_utimensat_trampoline_addr(SB)/8, $libc_utimensat_trampoline<>(SB)
+
+TEXT libc_pledge_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_pledge(SB)
+GLOBL	·libc_pledge_trampoline_addr(SB), RODATA, $8
+DATA	·libc_pledge_trampoline_addr(SB)/8, $libc_pledge_trampoline<>(SB)
+
+TEXT libc_unveil_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_unveil(SB)
+GLOBL	·libc_unveil_trampoline_addr(SB), RODATA, $8
+DATA	·libc_unveil_trampoline_addr(SB)/8, $libc_unveil_trampoline<>(SB)
diff --git a/apis/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.go b/apis/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.go
index 60c1a99ae..c26ca2e1a 100644
--- a/apis/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.go
+++ b/apis/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build openbsd && ppc64
-// +build openbsd,ppc64
 
 package unix
 
@@ -2213,6 +2212,21 @@ var libc_munmap_trampoline_addr uintptr
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func getfsstat(stat *Statfs_t, bufsize uintptr, flags int) (n int, err error) {
+	r0, _, e1 := syscall_syscall(libc_getfsstat_trampoline_addr, uintptr(unsafe.Pointer(stat)), uintptr(bufsize), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_getfsstat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getfsstat getfsstat "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -2229,3 +2243,33 @@ func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error
 var libc_utimensat_trampoline_addr uintptr
 
 //go:cgo_import_dynamic libc_utimensat utimensat "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func pledge(promises *byte, execpromises *byte) (err error) {
+	_, _, e1 := syscall_syscall(libc_pledge_trampoline_addr, uintptr(unsafe.Pointer(promises)), uintptr(unsafe.Pointer(execpromises)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_pledge_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_pledge pledge "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func unveil(path *byte, flags *byte) (err error) {
+	_, _, e1 := syscall_syscall(libc_unveil_trampoline_addr, uintptr(unsafe.Pointer(path)), uintptr(unsafe.Pointer(flags)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_unveil_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_unveil unveil "libc.so"
+
+
diff --git a/apis/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.s b/apis/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.s
index ca3f76600..1f224aa41 100644
--- a/apis/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.s
+++ b/apis/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.s
@@ -801,8 +801,26 @@ TEXT libc_munmap_trampoline<>(SB),NOSPLIT,$0-0
 GLOBL	·libc_munmap_trampoline_addr(SB), RODATA, $8
 DATA	·libc_munmap_trampoline_addr(SB)/8, $libc_munmap_trampoline<>(SB)
 
+TEXT libc_getfsstat_trampoline<>(SB),NOSPLIT,$0-0
+	CALL	libc_getfsstat(SB)
+	RET
+GLOBL	·libc_getfsstat_trampoline_addr(SB), RODATA, $8
+DATA	·libc_getfsstat_trampoline_addr(SB)/8, $libc_getfsstat_trampoline<>(SB)
+
 TEXT libc_utimensat_trampoline<>(SB),NOSPLIT,$0-0
 	CALL	libc_utimensat(SB)
 	RET
 GLOBL	·libc_utimensat_trampoline_addr(SB), RODATA, $8
 DATA	·libc_utimensat_trampoline_addr(SB)/8, $libc_utimensat_trampoline<>(SB)
+
+TEXT libc_pledge_trampoline<>(SB),NOSPLIT,$0-0
+	CALL	libc_pledge(SB)
+	RET
+GLOBL	·libc_pledge_trampoline_addr(SB), RODATA, $8
+DATA	·libc_pledge_trampoline_addr(SB)/8, $libc_pledge_trampoline<>(SB)
+
+TEXT libc_unveil_trampoline<>(SB),NOSPLIT,$0-0
+	CALL	libc_unveil(SB)
+	RET
+GLOBL	·libc_unveil_trampoline_addr(SB), RODATA, $8
+DATA	·libc_unveil_trampoline_addr(SB)/8, $libc_unveil_trampoline<>(SB)
diff --git a/apis/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.go b/apis/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.go
index 52eba360f..bcc920dd2 100644
--- a/apis/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.go
+++ b/apis/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build openbsd && riscv64
-// +build openbsd,riscv64
 
 package unix
 
@@ -2213,6 +2212,21 @@ var libc_munmap_trampoline_addr uintptr
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func getfsstat(stat *Statfs_t, bufsize uintptr, flags int) (n int, err error) {
+	r0, _, e1 := syscall_syscall(libc_getfsstat_trampoline_addr, uintptr(unsafe.Pointer(stat)), uintptr(bufsize), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_getfsstat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getfsstat getfsstat "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -2229,3 +2243,33 @@ func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error
 var libc_utimensat_trampoline_addr uintptr
 
 //go:cgo_import_dynamic libc_utimensat utimensat "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func pledge(promises *byte, execpromises *byte) (err error) {
+	_, _, e1 := syscall_syscall(libc_pledge_trampoline_addr, uintptr(unsafe.Pointer(promises)), uintptr(unsafe.Pointer(execpromises)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_pledge_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_pledge pledge "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func unveil(path *byte, flags *byte) (err error) {
+	_, _, e1 := syscall_syscall(libc_unveil_trampoline_addr, uintptr(unsafe.Pointer(path)), uintptr(unsafe.Pointer(flags)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_unveil_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_unveil unveil "libc.so"
+
+
diff --git a/apis/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.s b/apis/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.s
index 477a7d5b2..87a79c709 100644
--- a/apis/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.s
+++ b/apis/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.s
@@ -668,7 +668,22 @@ TEXT libc_munmap_trampoline<>(SB),NOSPLIT,$0-0
 GLOBL	·libc_munmap_trampoline_addr(SB), RODATA, $8
 DATA	·libc_munmap_trampoline_addr(SB)/8, $libc_munmap_trampoline<>(SB)
 
+TEXT libc_getfsstat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getfsstat(SB)
+GLOBL	·libc_getfsstat_trampoline_addr(SB), RODATA, $8
+DATA	·libc_getfsstat_trampoline_addr(SB)/8, $libc_getfsstat_trampoline<>(SB)
+
 TEXT libc_utimensat_trampoline<>(SB),NOSPLIT,$0-0
 	JMP	libc_utimensat(SB)
 GLOBL	·libc_utimensat_trampoline_addr(SB), RODATA, $8
 DATA	·libc_utimensat_trampoline_addr(SB)/8, $libc_utimensat_trampoline<>(SB)
+
+TEXT libc_pledge_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_pledge(SB)
+GLOBL	·libc_pledge_trampoline_addr(SB), RODATA, $8
+DATA	·libc_pledge_trampoline_addr(SB)/8, $libc_pledge_trampoline<>(SB)
+
+TEXT libc_unveil_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_unveil(SB)
+GLOBL	·libc_unveil_trampoline_addr(SB), RODATA, $8
+DATA	·libc_unveil_trampoline_addr(SB)/8, $libc_unveil_trampoline<>(SB)
diff --git a/apis/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go b/apis/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go
index b40189464..829b87feb 100644
--- a/apis/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go
+++ b/apis/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build solaris && amd64
-// +build solaris,amd64
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/zsyscall_zos_s390x.go b/apis/vendor/golang.org/x/sys/unix/zsyscall_zos_s390x.go
index 1d8fe1d4b..94f011238 100644
--- a/apis/vendor/golang.org/x/sys/unix/zsyscall_zos_s390x.go
+++ b/apis/vendor/golang.org/x/sys/unix/zsyscall_zos_s390x.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build zos && s390x
-// +build zos,s390x
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/zsysctl_openbsd_386.go b/apis/vendor/golang.org/x/sys/unix/zsysctl_openbsd_386.go
index 55e048471..3a58ae819 100644
--- a/apis/vendor/golang.org/x/sys/unix/zsysctl_openbsd_386.go
+++ b/apis/vendor/golang.org/x/sys/unix/zsysctl_openbsd_386.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; DO NOT EDIT.
 
 //go:build 386 && openbsd
-// +build 386,openbsd
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/zsysctl_openbsd_amd64.go b/apis/vendor/golang.org/x/sys/unix/zsysctl_openbsd_amd64.go
index d2243cf83..dcb7a0eb7 100644
--- a/apis/vendor/golang.org/x/sys/unix/zsysctl_openbsd_amd64.go
+++ b/apis/vendor/golang.org/x/sys/unix/zsysctl_openbsd_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; DO NOT EDIT.
 
 //go:build amd64 && openbsd
-// +build amd64,openbsd
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/zsysctl_openbsd_arm.go b/apis/vendor/golang.org/x/sys/unix/zsysctl_openbsd_arm.go
index 82dc51bd8..db5a7bf13 100644
--- a/apis/vendor/golang.org/x/sys/unix/zsysctl_openbsd_arm.go
+++ b/apis/vendor/golang.org/x/sys/unix/zsysctl_openbsd_arm.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; DO NOT EDIT.
 
 //go:build arm && openbsd
-// +build arm,openbsd
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/zsysctl_openbsd_arm64.go b/apis/vendor/golang.org/x/sys/unix/zsysctl_openbsd_arm64.go
index cbdda1a4a..7be575a77 100644
--- a/apis/vendor/golang.org/x/sys/unix/zsysctl_openbsd_arm64.go
+++ b/apis/vendor/golang.org/x/sys/unix/zsysctl_openbsd_arm64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; DO NOT EDIT.
 
 //go:build arm64 && openbsd
-// +build arm64,openbsd
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/zsysctl_openbsd_mips64.go b/apis/vendor/golang.org/x/sys/unix/zsysctl_openbsd_mips64.go
index f55eae1a8..d6e3174c6 100644
--- a/apis/vendor/golang.org/x/sys/unix/zsysctl_openbsd_mips64.go
+++ b/apis/vendor/golang.org/x/sys/unix/zsysctl_openbsd_mips64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; DO NOT EDIT.
 
 //go:build mips64 && openbsd
-// +build mips64,openbsd
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/zsysctl_openbsd_ppc64.go b/apis/vendor/golang.org/x/sys/unix/zsysctl_openbsd_ppc64.go
index e44054470..ee97157d0 100644
--- a/apis/vendor/golang.org/x/sys/unix/zsysctl_openbsd_ppc64.go
+++ b/apis/vendor/golang.org/x/sys/unix/zsysctl_openbsd_ppc64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; DO NOT EDIT.
 
 //go:build ppc64 && openbsd
-// +build ppc64,openbsd
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/zsysctl_openbsd_riscv64.go b/apis/vendor/golang.org/x/sys/unix/zsysctl_openbsd_riscv64.go
index a0db82fce..35c3b91d0 100644
--- a/apis/vendor/golang.org/x/sys/unix/zsysctl_openbsd_riscv64.go
+++ b/apis/vendor/golang.org/x/sys/unix/zsysctl_openbsd_riscv64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; DO NOT EDIT.
 
 //go:build riscv64 && openbsd
-// +build riscv64,openbsd
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/zsysnum_darwin_amd64.go b/apis/vendor/golang.org/x/sys/unix/zsysnum_darwin_amd64.go
index f8298ff9b..5edda7687 100644
--- a/apis/vendor/golang.org/x/sys/unix/zsysnum_darwin_amd64.go
+++ b/apis/vendor/golang.org/x/sys/unix/zsysnum_darwin_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build amd64 && darwin
-// +build amd64,darwin
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/zsysnum_darwin_arm64.go b/apis/vendor/golang.org/x/sys/unix/zsysnum_darwin_arm64.go
index 5eb433bbf..0dc9e8b4d 100644
--- a/apis/vendor/golang.org/x/sys/unix/zsysnum_darwin_arm64.go
+++ b/apis/vendor/golang.org/x/sys/unix/zsysnum_darwin_arm64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm64 && darwin
-// +build arm64,darwin
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/zsysnum_dragonfly_amd64.go b/apis/vendor/golang.org/x/sys/unix/zsysnum_dragonfly_amd64.go
index 703675c0c..308ddf3a1 100644
--- a/apis/vendor/golang.org/x/sys/unix/zsysnum_dragonfly_amd64.go
+++ b/apis/vendor/golang.org/x/sys/unix/zsysnum_dragonfly_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build amd64 && dragonfly
-// +build amd64,dragonfly
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/zsysnum_freebsd_386.go b/apis/vendor/golang.org/x/sys/unix/zsysnum_freebsd_386.go
index 4e0d96107..418664e3d 100644
--- a/apis/vendor/golang.org/x/sys/unix/zsysnum_freebsd_386.go
+++ b/apis/vendor/golang.org/x/sys/unix/zsysnum_freebsd_386.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build 386 && freebsd
-// +build 386,freebsd
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/zsysnum_freebsd_amd64.go b/apis/vendor/golang.org/x/sys/unix/zsysnum_freebsd_amd64.go
index 01636b838..34d0b86d7 100644
--- a/apis/vendor/golang.org/x/sys/unix/zsysnum_freebsd_amd64.go
+++ b/apis/vendor/golang.org/x/sys/unix/zsysnum_freebsd_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build amd64 && freebsd
-// +build amd64,freebsd
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/zsysnum_freebsd_arm.go b/apis/vendor/golang.org/x/sys/unix/zsysnum_freebsd_arm.go
index ad99bc106..b71cf45e2 100644
--- a/apis/vendor/golang.org/x/sys/unix/zsysnum_freebsd_arm.go
+++ b/apis/vendor/golang.org/x/sys/unix/zsysnum_freebsd_arm.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm && freebsd
-// +build arm,freebsd
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/zsysnum_freebsd_arm64.go b/apis/vendor/golang.org/x/sys/unix/zsysnum_freebsd_arm64.go
index 89dcc4274..e32df1c1e 100644
--- a/apis/vendor/golang.org/x/sys/unix/zsysnum_freebsd_arm64.go
+++ b/apis/vendor/golang.org/x/sys/unix/zsysnum_freebsd_arm64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm64 && freebsd
-// +build arm64,freebsd
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/zsysnum_freebsd_riscv64.go b/apis/vendor/golang.org/x/sys/unix/zsysnum_freebsd_riscv64.go
index ee37aaa0c..15ad6111f 100644
--- a/apis/vendor/golang.org/x/sys/unix/zsysnum_freebsd_riscv64.go
+++ b/apis/vendor/golang.org/x/sys/unix/zsysnum_freebsd_riscv64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build riscv64 && freebsd
-// +build riscv64,freebsd
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go b/apis/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go
index 9862853d3..fcf3ecbdd 100644
--- a/apis/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go
+++ b/apis/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build 386 && linux
-// +build 386,linux
 
 package unix
 
@@ -448,4 +447,5 @@ const (
 	SYS_FUTEX_WAITV                  = 449
 	SYS_SET_MEMPOLICY_HOME_NODE      = 450
 	SYS_CACHESTAT                    = 451
+	SYS_FCHMODAT2                    = 452
 )
diff --git a/apis/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go b/apis/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go
index 8901f0f4e..f56dc2504 100644
--- a/apis/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go
+++ b/apis/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build amd64 && linux
-// +build amd64,linux
 
 package unix
 
@@ -370,4 +369,6 @@ const (
 	SYS_FUTEX_WAITV             = 449
 	SYS_SET_MEMPOLICY_HOME_NODE = 450
 	SYS_CACHESTAT               = 451
+	SYS_FCHMODAT2               = 452
+	SYS_MAP_SHADOW_STACK        = 453
 )
diff --git a/apis/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go b/apis/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go
index 6902c37ee..974bf2467 100644
--- a/apis/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go
+++ b/apis/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm && linux
-// +build arm,linux
 
 package unix
 
@@ -412,4 +411,5 @@ const (
 	SYS_FUTEX_WAITV                  = 449
 	SYS_SET_MEMPOLICY_HOME_NODE      = 450
 	SYS_CACHESTAT                    = 451
+	SYS_FCHMODAT2                    = 452
 )
diff --git a/apis/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go b/apis/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go
index a6d3dff81..39a2739e2 100644
--- a/apis/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go
+++ b/apis/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm64 && linux
-// +build arm64,linux
 
 package unix
 
@@ -315,4 +314,5 @@ const (
 	SYS_FUTEX_WAITV             = 449
 	SYS_SET_MEMPOLICY_HOME_NODE = 450
 	SYS_CACHESTAT               = 451
+	SYS_FCHMODAT2               = 452
 )
diff --git a/apis/vendor/golang.org/x/sys/unix/zsysnum_linux_loong64.go b/apis/vendor/golang.org/x/sys/unix/zsysnum_linux_loong64.go
index b18f3f710..cf9c9d77e 100644
--- a/apis/vendor/golang.org/x/sys/unix/zsysnum_linux_loong64.go
+++ b/apis/vendor/golang.org/x/sys/unix/zsysnum_linux_loong64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build loong64 && linux
-// +build loong64,linux
 
 package unix
 
@@ -309,4 +308,5 @@ const (
 	SYS_FUTEX_WAITV             = 449
 	SYS_SET_MEMPOLICY_HOME_NODE = 450
 	SYS_CACHESTAT               = 451
+	SYS_FCHMODAT2               = 452
 )
diff --git a/apis/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go b/apis/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go
index 0302e5e3d..10b7362ef 100644
--- a/apis/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go
+++ b/apis/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build mips && linux
-// +build mips,linux
 
 package unix
 
@@ -432,4 +431,5 @@ const (
 	SYS_FUTEX_WAITV                  = 4449
 	SYS_SET_MEMPOLICY_HOME_NODE      = 4450
 	SYS_CACHESTAT                    = 4451
+	SYS_FCHMODAT2                    = 4452
 )
diff --git a/apis/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go b/apis/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go
index 6693ba4a0..cd4d8b4fd 100644
--- a/apis/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go
+++ b/apis/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build mips64 && linux
-// +build mips64,linux
 
 package unix
 
@@ -362,4 +361,5 @@ const (
 	SYS_FUTEX_WAITV             = 5449
 	SYS_SET_MEMPOLICY_HOME_NODE = 5450
 	SYS_CACHESTAT               = 5451
+	SYS_FCHMODAT2               = 5452
 )
diff --git a/apis/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go b/apis/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go
index fd93f4987..2c0efca81 100644
--- a/apis/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go
+++ b/apis/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build mips64le && linux
-// +build mips64le,linux
 
 package unix
 
@@ -362,4 +361,5 @@ const (
 	SYS_FUTEX_WAITV             = 5449
 	SYS_SET_MEMPOLICY_HOME_NODE = 5450
 	SYS_CACHESTAT               = 5451
+	SYS_FCHMODAT2               = 5452
 )
diff --git a/apis/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go b/apis/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go
index 760ddcadc..a72e31d39 100644
--- a/apis/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go
+++ b/apis/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build mipsle && linux
-// +build mipsle,linux
 
 package unix
 
@@ -432,4 +431,5 @@ const (
 	SYS_FUTEX_WAITV                  = 4449
 	SYS_SET_MEMPOLICY_HOME_NODE      = 4450
 	SYS_CACHESTAT                    = 4451
+	SYS_FCHMODAT2                    = 4452
 )
diff --git a/apis/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go b/apis/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go
index cff2b2555..c7d1e3747 100644
--- a/apis/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go
+++ b/apis/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build ppc && linux
-// +build ppc,linux
 
 package unix
 
@@ -439,4 +438,5 @@ const (
 	SYS_FUTEX_WAITV                  = 449
 	SYS_SET_MEMPOLICY_HOME_NODE      = 450
 	SYS_CACHESTAT                    = 451
+	SYS_FCHMODAT2                    = 452
 )
diff --git a/apis/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go b/apis/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go
index a4b2405d0..f4d4838c8 100644
--- a/apis/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go
+++ b/apis/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build ppc64 && linux
-// +build ppc64,linux
 
 package unix
 
@@ -411,4 +410,5 @@ const (
 	SYS_FUTEX_WAITV             = 449
 	SYS_SET_MEMPOLICY_HOME_NODE = 450
 	SYS_CACHESTAT               = 451
+	SYS_FCHMODAT2               = 452
 )
diff --git a/apis/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go b/apis/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go
index aca54b4e3..b64f0e591 100644
--- a/apis/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go
+++ b/apis/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build ppc64le && linux
-// +build ppc64le,linux
 
 package unix
 
@@ -411,4 +410,5 @@ const (
 	SYS_FUTEX_WAITV             = 449
 	SYS_SET_MEMPOLICY_HOME_NODE = 450
 	SYS_CACHESTAT               = 451
+	SYS_FCHMODAT2               = 452
 )
diff --git a/apis/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go b/apis/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go
index 9d1738d64..95711195a 100644
--- a/apis/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go
+++ b/apis/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build riscv64 && linux
-// +build riscv64,linux
 
 package unix
 
@@ -316,4 +315,5 @@ const (
 	SYS_FUTEX_WAITV             = 449
 	SYS_SET_MEMPOLICY_HOME_NODE = 450
 	SYS_CACHESTAT               = 451
+	SYS_FCHMODAT2               = 452
 )
diff --git a/apis/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go b/apis/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go
index 022878dc8..f94e943bc 100644
--- a/apis/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go
+++ b/apis/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build s390x && linux
-// +build s390x,linux
 
 package unix
 
@@ -377,4 +376,5 @@ const (
 	SYS_FUTEX_WAITV             = 449
 	SYS_SET_MEMPOLICY_HOME_NODE = 450
 	SYS_CACHESTAT               = 451
+	SYS_FCHMODAT2               = 452
 )
diff --git a/apis/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go b/apis/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go
index 4100a761c..ba0c2bc51 100644
--- a/apis/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go
+++ b/apis/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build sparc64 && linux
-// +build sparc64,linux
 
 package unix
 
@@ -390,4 +389,5 @@ const (
 	SYS_FUTEX_WAITV             = 449
 	SYS_SET_MEMPOLICY_HOME_NODE = 450
 	SYS_CACHESTAT               = 451
+	SYS_FCHMODAT2               = 452
 )
diff --git a/apis/vendor/golang.org/x/sys/unix/zsysnum_netbsd_386.go b/apis/vendor/golang.org/x/sys/unix/zsysnum_netbsd_386.go
index 3a6699eba..b2aa8cd49 100644
--- a/apis/vendor/golang.org/x/sys/unix/zsysnum_netbsd_386.go
+++ b/apis/vendor/golang.org/x/sys/unix/zsysnum_netbsd_386.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build 386 && netbsd
-// +build 386,netbsd
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/zsysnum_netbsd_amd64.go b/apis/vendor/golang.org/x/sys/unix/zsysnum_netbsd_amd64.go
index 5677cd4f1..524a1b1c9 100644
--- a/apis/vendor/golang.org/x/sys/unix/zsysnum_netbsd_amd64.go
+++ b/apis/vendor/golang.org/x/sys/unix/zsysnum_netbsd_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build amd64 && netbsd
-// +build amd64,netbsd
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/zsysnum_netbsd_arm.go b/apis/vendor/golang.org/x/sys/unix/zsysnum_netbsd_arm.go
index e784cb6db..d59b943ac 100644
--- a/apis/vendor/golang.org/x/sys/unix/zsysnum_netbsd_arm.go
+++ b/apis/vendor/golang.org/x/sys/unix/zsysnum_netbsd_arm.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm && netbsd
-// +build arm,netbsd
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/zsysnum_netbsd_arm64.go b/apis/vendor/golang.org/x/sys/unix/zsysnum_netbsd_arm64.go
index bd4952efa..31e771d53 100644
--- a/apis/vendor/golang.org/x/sys/unix/zsysnum_netbsd_arm64.go
+++ b/apis/vendor/golang.org/x/sys/unix/zsysnum_netbsd_arm64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; DO NOT EDIT.
 
 //go:build arm64 && netbsd
-// +build arm64,netbsd
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/zsysnum_openbsd_386.go b/apis/vendor/golang.org/x/sys/unix/zsysnum_openbsd_386.go
index 597733813..9fd77c6cb 100644
--- a/apis/vendor/golang.org/x/sys/unix/zsysnum_openbsd_386.go
+++ b/apis/vendor/golang.org/x/sys/unix/zsysnum_openbsd_386.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build 386 && openbsd
-// +build 386,openbsd
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/zsysnum_openbsd_amd64.go b/apis/vendor/golang.org/x/sys/unix/zsysnum_openbsd_amd64.go
index 16af29189..af10af28c 100644
--- a/apis/vendor/golang.org/x/sys/unix/zsysnum_openbsd_amd64.go
+++ b/apis/vendor/golang.org/x/sys/unix/zsysnum_openbsd_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build amd64 && openbsd
-// +build amd64,openbsd
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/zsysnum_openbsd_arm.go b/apis/vendor/golang.org/x/sys/unix/zsysnum_openbsd_arm.go
index f59b18a97..cc2028af4 100644
--- a/apis/vendor/golang.org/x/sys/unix/zsysnum_openbsd_arm.go
+++ b/apis/vendor/golang.org/x/sys/unix/zsysnum_openbsd_arm.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm && openbsd
-// +build arm,openbsd
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/zsysnum_openbsd_arm64.go b/apis/vendor/golang.org/x/sys/unix/zsysnum_openbsd_arm64.go
index 721ef5910..c06dd4415 100644
--- a/apis/vendor/golang.org/x/sys/unix/zsysnum_openbsd_arm64.go
+++ b/apis/vendor/golang.org/x/sys/unix/zsysnum_openbsd_arm64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm64 && openbsd
-// +build arm64,openbsd
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/zsysnum_openbsd_mips64.go b/apis/vendor/golang.org/x/sys/unix/zsysnum_openbsd_mips64.go
index 01c43a01f..9ddbf3e08 100644
--- a/apis/vendor/golang.org/x/sys/unix/zsysnum_openbsd_mips64.go
+++ b/apis/vendor/golang.org/x/sys/unix/zsysnum_openbsd_mips64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build mips64 && openbsd
-// +build mips64,openbsd
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/zsysnum_openbsd_ppc64.go b/apis/vendor/golang.org/x/sys/unix/zsysnum_openbsd_ppc64.go
index f258cfa24..19a6ee413 100644
--- a/apis/vendor/golang.org/x/sys/unix/zsysnum_openbsd_ppc64.go
+++ b/apis/vendor/golang.org/x/sys/unix/zsysnum_openbsd_ppc64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build ppc64 && openbsd
-// +build ppc64,openbsd
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/zsysnum_openbsd_riscv64.go b/apis/vendor/golang.org/x/sys/unix/zsysnum_openbsd_riscv64.go
index 07919e0ec..05192a782 100644
--- a/apis/vendor/golang.org/x/sys/unix/zsysnum_openbsd_riscv64.go
+++ b/apis/vendor/golang.org/x/sys/unix/zsysnum_openbsd_riscv64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build riscv64 && openbsd
-// +build riscv64,openbsd
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/zsysnum_zos_s390x.go b/apis/vendor/golang.org/x/sys/unix/zsysnum_zos_s390x.go
index 073daad43..b2e308581 100644
--- a/apis/vendor/golang.org/x/sys/unix/zsysnum_zos_s390x.go
+++ b/apis/vendor/golang.org/x/sys/unix/zsysnum_zos_s390x.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build zos && s390x
-// +build zos,s390x
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/ztypes_aix_ppc.go b/apis/vendor/golang.org/x/sys/unix/ztypes_aix_ppc.go
index 7a8161c1d..3e6d57cae 100644
--- a/apis/vendor/golang.org/x/sys/unix/ztypes_aix_ppc.go
+++ b/apis/vendor/golang.org/x/sys/unix/ztypes_aix_ppc.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build ppc && aix
-// +build ppc,aix
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/ztypes_aix_ppc64.go b/apis/vendor/golang.org/x/sys/unix/ztypes_aix_ppc64.go
index 07ed733c5..3a219bdce 100644
--- a/apis/vendor/golang.org/x/sys/unix/ztypes_aix_ppc64.go
+++ b/apis/vendor/golang.org/x/sys/unix/ztypes_aix_ppc64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build ppc64 && aix
-// +build ppc64,aix
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/ztypes_darwin_amd64.go b/apis/vendor/golang.org/x/sys/unix/ztypes_darwin_amd64.go
index 690cefc3d..091d107f3 100644
--- a/apis/vendor/golang.org/x/sys/unix/ztypes_darwin_amd64.go
+++ b/apis/vendor/golang.org/x/sys/unix/ztypes_darwin_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build amd64 && darwin
-// +build amd64,darwin
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/ztypes_darwin_arm64.go b/apis/vendor/golang.org/x/sys/unix/ztypes_darwin_arm64.go
index 5bffc10ea..28ff4ef74 100644
--- a/apis/vendor/golang.org/x/sys/unix/ztypes_darwin_arm64.go
+++ b/apis/vendor/golang.org/x/sys/unix/ztypes_darwin_arm64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm64 && darwin
-// +build arm64,darwin
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/ztypes_dragonfly_amd64.go b/apis/vendor/golang.org/x/sys/unix/ztypes_dragonfly_amd64.go
index d0ba8e9b8..30e405bb4 100644
--- a/apis/vendor/golang.org/x/sys/unix/ztypes_dragonfly_amd64.go
+++ b/apis/vendor/golang.org/x/sys/unix/ztypes_dragonfly_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build amd64 && dragonfly
-// +build amd64,dragonfly
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/ztypes_freebsd_386.go b/apis/vendor/golang.org/x/sys/unix/ztypes_freebsd_386.go
index 29dc48337..6cbd094a3 100644
--- a/apis/vendor/golang.org/x/sys/unix/ztypes_freebsd_386.go
+++ b/apis/vendor/golang.org/x/sys/unix/ztypes_freebsd_386.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build 386 && freebsd
-// +build 386,freebsd
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/ztypes_freebsd_amd64.go b/apis/vendor/golang.org/x/sys/unix/ztypes_freebsd_amd64.go
index 0a89b2890..7c03b6ee7 100644
--- a/apis/vendor/golang.org/x/sys/unix/ztypes_freebsd_amd64.go
+++ b/apis/vendor/golang.org/x/sys/unix/ztypes_freebsd_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build amd64 && freebsd
-// +build amd64,freebsd
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm.go b/apis/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm.go
index c8666bb15..422107ee8 100644
--- a/apis/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm.go
+++ b/apis/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm && freebsd
-// +build arm,freebsd
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm64.go b/apis/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm64.go
index 88fb48a88..505a12acf 100644
--- a/apis/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm64.go
+++ b/apis/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm64 && freebsd
-// +build arm64,freebsd
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/ztypes_freebsd_riscv64.go b/apis/vendor/golang.org/x/sys/unix/ztypes_freebsd_riscv64.go
index 698dc975e..cc986c790 100644
--- a/apis/vendor/golang.org/x/sys/unix/ztypes_freebsd_riscv64.go
+++ b/apis/vendor/golang.org/x/sys/unix/ztypes_freebsd_riscv64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build riscv64 && freebsd
-// +build riscv64,freebsd
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/ztypes_linux.go b/apis/vendor/golang.org/x/sys/unix/ztypes_linux.go
index 18aa70b42..997bcd55a 100644
--- a/apis/vendor/golang.org/x/sys/unix/ztypes_linux.go
+++ b/apis/vendor/golang.org/x/sys/unix/ztypes_linux.go
@@ -1,7 +1,6 @@
 // Code generated by mkmerge; DO NOT EDIT.
 
 //go:build linux
-// +build linux
 
 package unix
 
@@ -5883,3 +5882,15 @@ type SchedAttr struct {
 }
 
 const SizeofSchedAttr = 0x38
+
+type Cachestat_t struct {
+	Cache            uint64
+	Dirty            uint64
+	Writeback        uint64
+	Evicted          uint64
+	Recently_evicted uint64
+}
+type CachestatRange struct {
+	Off uint64
+	Len uint64
+}
diff --git a/apis/vendor/golang.org/x/sys/unix/ztypes_linux_386.go b/apis/vendor/golang.org/x/sys/unix/ztypes_linux_386.go
index 6d8acbcc5..438a30aff 100644
--- a/apis/vendor/golang.org/x/sys/unix/ztypes_linux_386.go
+++ b/apis/vendor/golang.org/x/sys/unix/ztypes_linux_386.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build 386 && linux
-// +build 386,linux
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go b/apis/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go
index 59293c688..adceca355 100644
--- a/apis/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go
+++ b/apis/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build amd64 && linux
-// +build amd64,linux
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go b/apis/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go
index 40cfa38c2..eeaa00a37 100644
--- a/apis/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go
+++ b/apis/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm && linux
-// +build arm,linux
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go b/apis/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go
index 055bc4216..6739aa91d 100644
--- a/apis/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go
+++ b/apis/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm64 && linux
-// +build arm64,linux
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go b/apis/vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go
index f28affbc6..9920ef631 100644
--- a/apis/vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go
+++ b/apis/vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build loong64 && linux
-// +build loong64,linux
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go b/apis/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go
index 9d71e7ccd..2923b799a 100644
--- a/apis/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go
+++ b/apis/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build mips && linux
-// +build mips,linux
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go b/apis/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go
index fd5ccd332..ce2750ee4 100644
--- a/apis/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go
+++ b/apis/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build mips64 && linux
-// +build mips64,linux
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go b/apis/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go
index 7704de77a..3038811d7 100644
--- a/apis/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go
+++ b/apis/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build mips64le && linux
-// +build mips64le,linux
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go b/apis/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go
index df00b8757..efc6fed18 100644
--- a/apis/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go
+++ b/apis/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build mipsle && linux
-// +build mipsle,linux
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go b/apis/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go
index 0942840db..9a654b75a 100644
--- a/apis/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go
+++ b/apis/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build ppc && linux
-// +build ppc,linux
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go b/apis/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go
index 034874395..40d358e33 100644
--- a/apis/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go
+++ b/apis/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build ppc64 && linux
-// +build ppc64,linux
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go b/apis/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go
index bad067047..148c6ceb8 100644
--- a/apis/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go
+++ b/apis/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build ppc64le && linux
-// +build ppc64le,linux
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go b/apis/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go
index 1b4c97c32..72ba81543 100644
--- a/apis/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go
+++ b/apis/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build riscv64 && linux
-// +build riscv64,linux
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go b/apis/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go
index aa268d025..71e765508 100644
--- a/apis/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go
+++ b/apis/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build s390x && linux
-// +build s390x,linux
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go b/apis/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go
index 444045b6c..4abbdb9de 100644
--- a/apis/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go
+++ b/apis/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build sparc64 && linux
-// +build sparc64,linux
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/ztypes_netbsd_386.go b/apis/vendor/golang.org/x/sys/unix/ztypes_netbsd_386.go
index 9bc4c8f9d..f22e7947d 100644
--- a/apis/vendor/golang.org/x/sys/unix/ztypes_netbsd_386.go
+++ b/apis/vendor/golang.org/x/sys/unix/ztypes_netbsd_386.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build 386 && netbsd
-// +build 386,netbsd
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/ztypes_netbsd_amd64.go b/apis/vendor/golang.org/x/sys/unix/ztypes_netbsd_amd64.go
index bb05f655d..066a7d83d 100644
--- a/apis/vendor/golang.org/x/sys/unix/ztypes_netbsd_amd64.go
+++ b/apis/vendor/golang.org/x/sys/unix/ztypes_netbsd_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build amd64 && netbsd
-// +build amd64,netbsd
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/ztypes_netbsd_arm.go b/apis/vendor/golang.org/x/sys/unix/ztypes_netbsd_arm.go
index db40e3a19..439548ec9 100644
--- a/apis/vendor/golang.org/x/sys/unix/ztypes_netbsd_arm.go
+++ b/apis/vendor/golang.org/x/sys/unix/ztypes_netbsd_arm.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm && netbsd
-// +build arm,netbsd
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/ztypes_netbsd_arm64.go b/apis/vendor/golang.org/x/sys/unix/ztypes_netbsd_arm64.go
index 11121151c..16085d3bb 100644
--- a/apis/vendor/golang.org/x/sys/unix/ztypes_netbsd_arm64.go
+++ b/apis/vendor/golang.org/x/sys/unix/ztypes_netbsd_arm64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm64 && netbsd
-// +build arm64,netbsd
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/ztypes_openbsd_386.go b/apis/vendor/golang.org/x/sys/unix/ztypes_openbsd_386.go
index 26eba23b7..afd13a3af 100644
--- a/apis/vendor/golang.org/x/sys/unix/ztypes_openbsd_386.go
+++ b/apis/vendor/golang.org/x/sys/unix/ztypes_openbsd_386.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build 386 && openbsd
-// +build 386,openbsd
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/ztypes_openbsd_amd64.go b/apis/vendor/golang.org/x/sys/unix/ztypes_openbsd_amd64.go
index 5a5479886..5d97f1f9b 100644
--- a/apis/vendor/golang.org/x/sys/unix/ztypes_openbsd_amd64.go
+++ b/apis/vendor/golang.org/x/sys/unix/ztypes_openbsd_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build amd64 && openbsd
-// +build amd64,openbsd
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/ztypes_openbsd_arm.go b/apis/vendor/golang.org/x/sys/unix/ztypes_openbsd_arm.go
index be58c4e1f..34871cdc1 100644
--- a/apis/vendor/golang.org/x/sys/unix/ztypes_openbsd_arm.go
+++ b/apis/vendor/golang.org/x/sys/unix/ztypes_openbsd_arm.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm && openbsd
-// +build arm,openbsd
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/ztypes_openbsd_arm64.go b/apis/vendor/golang.org/x/sys/unix/ztypes_openbsd_arm64.go
index 52338266c..5911bceb3 100644
--- a/apis/vendor/golang.org/x/sys/unix/ztypes_openbsd_arm64.go
+++ b/apis/vendor/golang.org/x/sys/unix/ztypes_openbsd_arm64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm64 && openbsd
-// +build arm64,openbsd
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/ztypes_openbsd_mips64.go b/apis/vendor/golang.org/x/sys/unix/ztypes_openbsd_mips64.go
index 605cfdb12..e4f24f3bc 100644
--- a/apis/vendor/golang.org/x/sys/unix/ztypes_openbsd_mips64.go
+++ b/apis/vendor/golang.org/x/sys/unix/ztypes_openbsd_mips64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build mips64 && openbsd
-// +build mips64,openbsd
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/ztypes_openbsd_ppc64.go b/apis/vendor/golang.org/x/sys/unix/ztypes_openbsd_ppc64.go
index d6724c010..ca50a7930 100644
--- a/apis/vendor/golang.org/x/sys/unix/ztypes_openbsd_ppc64.go
+++ b/apis/vendor/golang.org/x/sys/unix/ztypes_openbsd_ppc64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build ppc64 && openbsd
-// +build ppc64,openbsd
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/ztypes_openbsd_riscv64.go b/apis/vendor/golang.org/x/sys/unix/ztypes_openbsd_riscv64.go
index ddfd27a43..d7d7f7902 100644
--- a/apis/vendor/golang.org/x/sys/unix/ztypes_openbsd_riscv64.go
+++ b/apis/vendor/golang.org/x/sys/unix/ztypes_openbsd_riscv64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build riscv64 && openbsd
-// +build riscv64,openbsd
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/ztypes_solaris_amd64.go b/apis/vendor/golang.org/x/sys/unix/ztypes_solaris_amd64.go
index 0400747c6..14160576d 100644
--- a/apis/vendor/golang.org/x/sys/unix/ztypes_solaris_amd64.go
+++ b/apis/vendor/golang.org/x/sys/unix/ztypes_solaris_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build amd64 && solaris
-// +build amd64,solaris
 
 package unix
 
diff --git a/apis/vendor/golang.org/x/sys/unix/ztypes_zos_s390x.go b/apis/vendor/golang.org/x/sys/unix/ztypes_zos_s390x.go
index aec1efcb3..54f31be63 100644
--- a/apis/vendor/golang.org/x/sys/unix/ztypes_zos_s390x.go
+++ b/apis/vendor/golang.org/x/sys/unix/ztypes_zos_s390x.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build zos && s390x
-// +build zos,s390x
 
 // Hand edited based on ztypes_linux_s390x.go
 // TODO: auto-generate.
diff --git a/apis/vendor/golang.org/x/sys/windows/aliases.go b/apis/vendor/golang.org/x/sys/windows/aliases.go
index a20ebea63..ce2d713d6 100644
--- a/apis/vendor/golang.org/x/sys/windows/aliases.go
+++ b/apis/vendor/golang.org/x/sys/windows/aliases.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build windows && go1.9
-// +build windows,go1.9
 
 package windows
 
diff --git a/apis/vendor/golang.org/x/sys/windows/empty.s b/apis/vendor/golang.org/x/sys/windows/empty.s
index fdbbbcd31..ba64caca5 100644
--- a/apis/vendor/golang.org/x/sys/windows/empty.s
+++ b/apis/vendor/golang.org/x/sys/windows/empty.s
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build !go1.12
-// +build !go1.12
 
 // This file is here to allow bodyless functions with go:linkname for Go 1.11
 // and earlier (see https://golang.org/issue/23311).
diff --git a/apis/vendor/golang.org/x/sys/windows/eventlog.go b/apis/vendor/golang.org/x/sys/windows/eventlog.go
index 2cd60645e..6c366955d 100644
--- a/apis/vendor/golang.org/x/sys/windows/eventlog.go
+++ b/apis/vendor/golang.org/x/sys/windows/eventlog.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build windows
-// +build windows
 
 package windows
 
diff --git a/apis/vendor/golang.org/x/sys/windows/mksyscall.go b/apis/vendor/golang.org/x/sys/windows/mksyscall.go
index 8563f79c5..dbcdb090c 100644
--- a/apis/vendor/golang.org/x/sys/windows/mksyscall.go
+++ b/apis/vendor/golang.org/x/sys/windows/mksyscall.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build generate
-// +build generate
 
 package windows
 
diff --git a/apis/vendor/golang.org/x/sys/windows/race.go b/apis/vendor/golang.org/x/sys/windows/race.go
index 9196b089c..0f1bdc386 100644
--- a/apis/vendor/golang.org/x/sys/windows/race.go
+++ b/apis/vendor/golang.org/x/sys/windows/race.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build windows && race
-// +build windows,race
 
 package windows
 
diff --git a/apis/vendor/golang.org/x/sys/windows/race0.go b/apis/vendor/golang.org/x/sys/windows/race0.go
index 7bae4817a..0c78da78b 100644
--- a/apis/vendor/golang.org/x/sys/windows/race0.go
+++ b/apis/vendor/golang.org/x/sys/windows/race0.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build windows && !race
-// +build windows,!race
 
 package windows
 
diff --git a/apis/vendor/golang.org/x/sys/windows/registry/key.go b/apis/vendor/golang.org/x/sys/windows/registry/key.go
index 6c8d97b6a..fd8632444 100644
--- a/apis/vendor/golang.org/x/sys/windows/registry/key.go
+++ b/apis/vendor/golang.org/x/sys/windows/registry/key.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build windows
-// +build windows
 
 // Package registry provides access to the Windows registry.
 //
diff --git a/apis/vendor/golang.org/x/sys/windows/registry/mksyscall.go b/apis/vendor/golang.org/x/sys/windows/registry/mksyscall.go
index ee74927d3..bbf86ccf0 100644
--- a/apis/vendor/golang.org/x/sys/windows/registry/mksyscall.go
+++ b/apis/vendor/golang.org/x/sys/windows/registry/mksyscall.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build generate
-// +build generate
 
 package registry
 
diff --git a/apis/vendor/golang.org/x/sys/windows/registry/syscall.go b/apis/vendor/golang.org/x/sys/windows/registry/syscall.go
index 417335123..f533091c1 100644
--- a/apis/vendor/golang.org/x/sys/windows/registry/syscall.go
+++ b/apis/vendor/golang.org/x/sys/windows/registry/syscall.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build windows
-// +build windows
 
 package registry
 
diff --git a/apis/vendor/golang.org/x/sys/windows/registry/value.go b/apis/vendor/golang.org/x/sys/windows/registry/value.go
index 2789f6f18..74db26b94 100644
--- a/apis/vendor/golang.org/x/sys/windows/registry/value.go
+++ b/apis/vendor/golang.org/x/sys/windows/registry/value.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build windows
-// +build windows
 
 package registry
 
diff --git a/apis/vendor/golang.org/x/sys/windows/service.go b/apis/vendor/golang.org/x/sys/windows/service.go
index c44a1b963..a9dc6308d 100644
--- a/apis/vendor/golang.org/x/sys/windows/service.go
+++ b/apis/vendor/golang.org/x/sys/windows/service.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build windows
-// +build windows
 
 package windows
 
diff --git a/apis/vendor/golang.org/x/sys/windows/str.go b/apis/vendor/golang.org/x/sys/windows/str.go
index 4fc01434e..6a4f9ce6a 100644
--- a/apis/vendor/golang.org/x/sys/windows/str.go
+++ b/apis/vendor/golang.org/x/sys/windows/str.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build windows
-// +build windows
 
 package windows
 
diff --git a/apis/vendor/golang.org/x/sys/windows/syscall.go b/apis/vendor/golang.org/x/sys/windows/syscall.go
index 8732cdb95..e85ed6b9c 100644
--- a/apis/vendor/golang.org/x/sys/windows/syscall.go
+++ b/apis/vendor/golang.org/x/sys/windows/syscall.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build windows
-// +build windows
 
 // Package windows contains an interface to the low-level operating system
 // primitives. OS details vary depending on the underlying system, and
diff --git a/apis/vendor/golang.org/x/sys/windows/syscall_windows.go b/apis/vendor/golang.org/x/sys/windows/syscall_windows.go
index 35cfc57ca..fb6cfd046 100644
--- a/apis/vendor/golang.org/x/sys/windows/syscall_windows.go
+++ b/apis/vendor/golang.org/x/sys/windows/syscall_windows.go
@@ -233,6 +233,7 @@ func NewCallbackCDecl(fn interface{}) uintptr {
 //sys	CreateEnvironmentBlock(block **uint16, token Token, inheritExisting bool) (err error) = userenv.CreateEnvironmentBlock
 //sys	DestroyEnvironmentBlock(block *uint16) (err error) = userenv.DestroyEnvironmentBlock
 //sys	getTickCount64() (ms uint64) = kernel32.GetTickCount64
+//sys   GetFileTime(handle Handle, ctime *Filetime, atime *Filetime, wtime *Filetime) (err error)
 //sys	SetFileTime(handle Handle, ctime *Filetime, atime *Filetime, wtime *Filetime) (err error)
 //sys	GetFileAttributes(name *uint16) (attrs uint32, err error) [failretval==INVALID_FILE_ATTRIBUTES] = kernel32.GetFileAttributesW
 //sys	SetFileAttributes(name *uint16, attrs uint32) (err error) = kernel32.SetFileAttributesW
@@ -969,7 +970,8 @@ func (sa *SockaddrUnix) sockaddr() (unsafe.Pointer, int32, error) {
 	if n > 0 {
 		sl += int32(n) + 1
 	}
-	if sa.raw.Path[0] == '@' {
+	if sa.raw.Path[0] == '@' || (sa.raw.Path[0] == 0 && sl > 3) {
+		// Check sl > 3 so we don't change unnamed socket behavior.
 		sa.raw.Path[0] = 0
 		// Don't count trailing NUL for abstract address.
 		sl--
diff --git a/apis/vendor/golang.org/x/sys/windows/types_windows.go b/apis/vendor/golang.org/x/sys/windows/types_windows.go
index b88dc7c85..359780f6a 100644
--- a/apis/vendor/golang.org/x/sys/windows/types_windows.go
+++ b/apis/vendor/golang.org/x/sys/windows/types_windows.go
@@ -1094,7 +1094,33 @@ const (
 
 	SOMAXCONN = 0x7fffffff
 
-	TCP_NODELAY = 1
+	TCP_NODELAY                    = 1
+	TCP_EXPEDITED_1122             = 2
+	TCP_KEEPALIVE                  = 3
+	TCP_MAXSEG                     = 4
+	TCP_MAXRT                      = 5
+	TCP_STDURG                     = 6
+	TCP_NOURG                      = 7
+	TCP_ATMARK                     = 8
+	TCP_NOSYNRETRIES               = 9
+	TCP_TIMESTAMPS                 = 10
+	TCP_OFFLOAD_PREFERENCE         = 11
+	TCP_CONGESTION_ALGORITHM       = 12
+	TCP_DELAY_FIN_ACK              = 13
+	TCP_MAXRTMS                    = 14
+	TCP_FASTOPEN                   = 15
+	TCP_KEEPCNT                    = 16
+	TCP_KEEPIDLE                   = TCP_KEEPALIVE
+	TCP_KEEPINTVL                  = 17
+	TCP_FAIL_CONNECT_ON_ICMP_ERROR = 18
+	TCP_ICMP_ERROR_INFO            = 19
+
+	UDP_NOCHECKSUM              = 1
+	UDP_SEND_MSG_SIZE           = 2
+	UDP_RECV_MAX_COALESCED_SIZE = 3
+	UDP_CHECKSUM_COVERAGE       = 20
+
+	UDP_COALESCED_INFO = 3
 
 	SHUT_RD   = 0
 	SHUT_WR   = 1
diff --git a/apis/vendor/golang.org/x/sys/windows/zsyscall_windows.go b/apis/vendor/golang.org/x/sys/windows/zsyscall_windows.go
index 8b1688de4..db6282e00 100644
--- a/apis/vendor/golang.org/x/sys/windows/zsyscall_windows.go
+++ b/apis/vendor/golang.org/x/sys/windows/zsyscall_windows.go
@@ -253,6 +253,7 @@ var (
 	procGetFileAttributesW                                   = modkernel32.NewProc("GetFileAttributesW")
 	procGetFileInformationByHandle                           = modkernel32.NewProc("GetFileInformationByHandle")
 	procGetFileInformationByHandleEx                         = modkernel32.NewProc("GetFileInformationByHandleEx")
+	procGetFileTime                                          = modkernel32.NewProc("GetFileTime")
 	procGetFileType                                          = modkernel32.NewProc("GetFileType")
 	procGetFinalPathNameByHandleW                            = modkernel32.NewProc("GetFinalPathNameByHandleW")
 	procGetFullPathNameW                                     = modkernel32.NewProc("GetFullPathNameW")
@@ -2185,6 +2186,14 @@ func GetFileInformationByHandleEx(handle Handle, class uint32, outBuffer *byte,
 	return
 }
 
+func GetFileTime(handle Handle, ctime *Filetime, atime *Filetime, wtime *Filetime) (err error) {
+	r1, _, e1 := syscall.Syscall6(procGetFileTime.Addr(), 4, uintptr(handle), uintptr(unsafe.Pointer(ctime)), uintptr(unsafe.Pointer(atime)), uintptr(unsafe.Pointer(wtime)), 0, 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
 func GetFileType(filehandle Handle) (n uint32, err error) {
 	r0, _, e1 := syscall.Syscall(procGetFileType.Addr(), 1, uintptr(filehandle), 0, 0)
 	n = uint32(r0)
diff --git a/apis/vendor/google.golang.org/genproto/LICENSE b/apis/vendor/google.golang.org/genproto/googleapis/api/LICENSE
similarity index 100%
rename from apis/vendor/google.golang.org/genproto/LICENSE
rename to apis/vendor/google.golang.org/genproto/googleapis/api/LICENSE
diff --git a/vendor/github.com/aws/aws-sdk-go/LICENSE.txt b/apis/vendor/google.golang.org/genproto/googleapis/rpc/LICENSE
similarity index 100%
rename from vendor/github.com/aws/aws-sdk-go/LICENSE.txt
rename to apis/vendor/google.golang.org/genproto/googleapis/rpc/LICENSE
diff --git a/apis/vendor/google.golang.org/genproto/protobuf/field_mask/field_mask.go b/apis/vendor/google.golang.org/genproto/protobuf/field_mask/field_mask.go
deleted file mode 100644
index d10ad6653..000000000
--- a/apis/vendor/google.golang.org/genproto/protobuf/field_mask/field_mask.go
+++ /dev/null
@@ -1,23 +0,0 @@
-// Copyright 2020 Google LLC
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-// Package field_mask aliases all exported identifiers in
-// package "google.golang.org/protobuf/types/known/fieldmaskpb".
-package field_mask
-
-import "google.golang.org/protobuf/types/known/fieldmaskpb"
-
-type FieldMask = fieldmaskpb.FieldMask
-
-var File_google_protobuf_field_mask_proto = fieldmaskpb.File_google_protobuf_field_mask_proto
diff --git a/apis/vendor/google.golang.org/grpc/README.md b/apis/vendor/google.golang.org/grpc/README.md
index 0e6ae69a5..ab0fbb79b 100644
--- a/apis/vendor/google.golang.org/grpc/README.md
+++ b/apis/vendor/google.golang.org/grpc/README.md
@@ -1,8 +1,8 @@
 # gRPC-Go
 
-[![Build Status](https://travis-ci.org/grpc/grpc-go.svg)](https://travis-ci.org/grpc/grpc-go)
 [![GoDoc](https://pkg.go.dev/badge/google.golang.org/grpc)][API]
 [![GoReportCard](https://goreportcard.com/badge/grpc/grpc-go)](https://goreportcard.com/report/github.com/grpc/grpc-go)
+[![codecov](https://codecov.io/gh/grpc/grpc-go/graph/badge.svg)](https://codecov.io/gh/grpc/grpc-go)
 
 The [Go][] implementation of [gRPC][]: A high performance, open source, general
 RPC framework that puts mobile and HTTP/2 first. For more information see the
@@ -14,21 +14,14 @@ RPC framework that puts mobile and HTTP/2 first. For more information see the
 
 ## Installation
 
-With [Go module][] support (Go 1.11+), simply add the following import
+Simply add the following import to your code, and then `go [build|run|test]`
+will automatically fetch the necessary dependencies:
+
 
 ```go
 import "google.golang.org/grpc"
 ```
 
-to your code, and then `go [build|run|test]` will automatically fetch the
-necessary dependencies.
-
-Otherwise, to install the `grpc-go` package, run the following command:
-
-```console
-$ go get -u google.golang.org/grpc
-```
-
 > **Note:** If you are trying to access `grpc-go` from **China**, see the
 > [FAQ](#FAQ) below.
 
@@ -56,15 +49,6 @@ To build Go code, there are several options:
 
 - Set up a VPN and access google.golang.org through that.
 
-- Without Go module support: `git clone` the repo manually:
-
-  ```sh
-  git clone https://github.com/grpc/grpc-go.git $GOPATH/src/google.golang.org/grpc
-  ```
-
-  You will need to do the same for all of grpc's dependencies in `golang.org`,
-  e.g. `golang.org/x/net`.
-
 - With Go module support: it is possible to use the `replace` feature of `go
   mod` to create aliases for golang.org packages.  In your project's directory:
 
@@ -76,33 +60,13 @@ To build Go code, there are several options:
   ```
 
   Again, this will need to be done for all transitive dependencies hosted on
-  golang.org as well. For details, refer to [golang/go issue #28652](https://github.com/golang/go/issues/28652).
+  golang.org as well. For details, refer to [golang/go issue
+  #28652](https://github.com/golang/go/issues/28652).
 
 ### Compiling error, undefined: grpc.SupportPackageIsVersion
 
-#### If you are using Go modules:
-
-Ensure your gRPC-Go version is `require`d at the appropriate version in
-the same module containing the generated `.pb.go` files.  For example,
-`SupportPackageIsVersion6` needs `v1.27.0`, so in your `go.mod` file:
-
-```go
-module <your module name>
-
-require (
-    google.golang.org/grpc v1.27.0
-)
-```
-
-#### If you are *not* using Go modules:
-
-Update the `proto` package, gRPC package, and rebuild the `.proto` files:
-
-```sh
-go get -u github.com/golang/protobuf/{proto,protoc-gen-go}
-go get -u google.golang.org/grpc
-protoc --go_out=plugins=grpc:. *.proto
-```
+Please update to the latest version of gRPC-Go using
+`go get google.golang.org/grpc`.
 
 ### How to turn on logging
 
@@ -121,9 +85,11 @@ possible reasons, including:
  1. mis-configured transport credentials, connection failed on handshaking
  1. bytes disrupted, possibly by a proxy in between
  1. server shutdown
- 1. Keepalive parameters caused connection shutdown, for example if you have configured
-    your server to terminate connections regularly to [trigger DNS lookups](https://github.com/grpc/grpc-go/issues/3170#issuecomment-552517779).
-    If this is the case, you may want to increase your [MaxConnectionAgeGrace](https://pkg.go.dev/google.golang.org/grpc/keepalive?tab=doc#ServerParameters),
+ 1. Keepalive parameters caused connection shutdown, for example if you have
+    configured your server to terminate connections regularly to [trigger DNS
+    lookups](https://github.com/grpc/grpc-go/issues/3170#issuecomment-552517779).
+    If this is the case, you may want to increase your
+    [MaxConnectionAgeGrace](https://pkg.go.dev/google.golang.org/grpc/keepalive?tab=doc#ServerParameters),
     to allow longer RPC calls to finish.
 
 It can be tricky to debug this because the error happens on the client side but
diff --git a/apis/vendor/google.golang.org/grpc/attributes/attributes.go b/apis/vendor/google.golang.org/grpc/attributes/attributes.go
index 3efca4591..52d530d7a 100644
--- a/apis/vendor/google.golang.org/grpc/attributes/attributes.go
+++ b/apis/vendor/google.golang.org/grpc/attributes/attributes.go
@@ -34,26 +34,26 @@ import (
 // key/value pairs.  Keys must be hashable, and users should define their own
 // types for keys.  Values should not be modified after they are added to an
 // Attributes or if they were received from one.  If values implement 'Equal(o
-// interface{}) bool', it will be called by (*Attributes).Equal to determine
-// whether two values with the same key should be considered equal.
+// any) bool', it will be called by (*Attributes).Equal to determine whether
+// two values with the same key should be considered equal.
 type Attributes struct {
-	m map[interface{}]interface{}
+	m map[any]any
 }
 
 // New returns a new Attributes containing the key/value pair.
-func New(key, value interface{}) *Attributes {
-	return &Attributes{m: map[interface{}]interface{}{key: value}}
+func New(key, value any) *Attributes {
+	return &Attributes{m: map[any]any{key: value}}
 }
 
 // WithValue returns a new Attributes containing the previous keys and values
 // and the new key/value pair.  If the same key appears multiple times, the
 // last value overwrites all previous values for that key.  To remove an
 // existing key, use a nil value.  value should not be modified later.
-func (a *Attributes) WithValue(key, value interface{}) *Attributes {
+func (a *Attributes) WithValue(key, value any) *Attributes {
 	if a == nil {
 		return New(key, value)
 	}
-	n := &Attributes{m: make(map[interface{}]interface{}, len(a.m)+1)}
+	n := &Attributes{m: make(map[any]any, len(a.m)+1)}
 	for k, v := range a.m {
 		n.m[k] = v
 	}
@@ -63,20 +63,19 @@ func (a *Attributes) WithValue(key, value interface{}) *Attributes {
 
 // Value returns the value associated with these attributes for key, or nil if
 // no value is associated with key.  The returned value should not be modified.
-func (a *Attributes) Value(key interface{}) interface{} {
+func (a *Attributes) Value(key any) any {
 	if a == nil {
 		return nil
 	}
 	return a.m[key]
 }
 
-// Equal returns whether a and o are equivalent.  If 'Equal(o interface{})
-// bool' is implemented for a value in the attributes, it is called to
-// determine if the value matches the one stored in the other attributes.  If
-// Equal is not implemented, standard equality is used to determine if the two
-// values are equal. Note that some types (e.g. maps) aren't comparable by
-// default, so they must be wrapped in a struct, or in an alias type, with Equal
-// defined.
+// Equal returns whether a and o are equivalent.  If 'Equal(o any) bool' is
+// implemented for a value in the attributes, it is called to determine if the
+// value matches the one stored in the other attributes.  If Equal is not
+// implemented, standard equality is used to determine if the two values are
+// equal. Note that some types (e.g. maps) aren't comparable by default, so
+// they must be wrapped in a struct, or in an alias type, with Equal defined.
 func (a *Attributes) Equal(o *Attributes) bool {
 	if a == nil && o == nil {
 		return true
@@ -93,7 +92,7 @@ func (a *Attributes) Equal(o *Attributes) bool {
 			// o missing element of a
 			return false
 		}
-		if eq, ok := v.(interface{ Equal(o interface{}) bool }); ok {
+		if eq, ok := v.(interface{ Equal(o any) bool }); ok {
 			if !eq.Equal(ov) {
 				return false
 			}
@@ -112,19 +111,31 @@ func (a *Attributes) String() string {
 	sb.WriteString("{")
 	first := true
 	for k, v := range a.m {
-		var key, val string
-		if str, ok := k.(interface{ String() string }); ok {
-			key = str.String()
-		}
-		if str, ok := v.(interface{ String() string }); ok {
-			val = str.String()
-		}
 		if !first {
 			sb.WriteString(", ")
 		}
-		sb.WriteString(fmt.Sprintf("%q: %q, ", key, val))
+		sb.WriteString(fmt.Sprintf("%q: %q ", str(k), str(v)))
 		first = false
 	}
 	sb.WriteString("}")
 	return sb.String()
 }
+
+func str(x any) (s string) {
+	if v, ok := x.(fmt.Stringer); ok {
+		return fmt.Sprint(v)
+	} else if v, ok := x.(string); ok {
+		return v
+	}
+	return fmt.Sprintf("<%p>", x)
+}
+
+// MarshalJSON helps implement the json.Marshaler interface, thereby rendering
+// the Attributes correctly when printing (via pretty.JSON) structs containing
+// Attributes as fields.
+//
+// Is it impossible to unmarshal attributes from a JSON representation and this
+// method is meant only for debugging purposes.
+func (a *Attributes) MarshalJSON() ([]byte, error) {
+	return []byte(a.String()), nil
+}
diff --git a/apis/vendor/google.golang.org/grpc/balancer/balancer.go b/apis/vendor/google.golang.org/grpc/balancer/balancer.go
index 8f00523c0..d79560a2e 100644
--- a/apis/vendor/google.golang.org/grpc/balancer/balancer.go
+++ b/apis/vendor/google.golang.org/grpc/balancer/balancer.go
@@ -30,6 +30,7 @@ import (
 	"google.golang.org/grpc/channelz"
 	"google.golang.org/grpc/connectivity"
 	"google.golang.org/grpc/credentials"
+	"google.golang.org/grpc/grpclog"
 	"google.golang.org/grpc/internal"
 	"google.golang.org/grpc/metadata"
 	"google.golang.org/grpc/resolver"
@@ -39,6 +40,8 @@ import (
 var (
 	// m is a map from name to balancer builder.
 	m = make(map[string]Builder)
+
+	logger = grpclog.Component("balancer")
 )
 
 // Register registers the balancer builder to the balancer map. b.Name
@@ -51,6 +54,12 @@ var (
 // an init() function), and is not thread-safe. If multiple Balancers are
 // registered with the same name, the one registered last will take effect.
 func Register(b Builder) {
+	if strings.ToLower(b.Name()) != b.Name() {
+		// TODO: Skip the use of strings.ToLower() to index the map after v1.59
+		// is released to switch to case sensitive balancer registry. Also,
+		// remove this warning and update the docstrings for Register and Get.
+		logger.Warningf("Balancer registered with name %q. grpc-go will be switching to case sensitive balancer registries soon", b.Name())
+	}
 	m[strings.ToLower(b.Name())] = b
 }
 
@@ -70,6 +79,12 @@ func init() {
 // Note that the compare is done in a case-insensitive fashion.
 // If no builder is register with the name, nil will be returned.
 func Get(name string) Builder {
+	if strings.ToLower(name) != name {
+		// TODO: Skip the use of strings.ToLower() to index the map after v1.59
+		// is released to switch to case sensitive balancer registry. Also,
+		// remove this warning and update the docstrings for Register and Get.
+		logger.Warningf("Balancer retrieved for name %q. grpc-go will be switching to case sensitive balancer registries soon", name)
+	}
 	if b, ok := m[strings.ToLower(name)]; ok {
 		return b
 	}
@@ -105,8 +120,8 @@ type SubConn interface {
 	//
 	// This will trigger a state transition for the SubConn.
 	//
-	// Deprecated: This method is now part of the ClientConn interface and will
-	// eventually be removed from here.
+	// Deprecated: this method will be removed.  Create new SubConns for new
+	// addresses instead.
 	UpdateAddresses([]resolver.Address)
 	// Connect starts the connecting for this SubConn.
 	Connect()
@@ -115,6 +130,13 @@ type SubConn interface {
 	// creates a new one and returns it.  Returns a close function which must
 	// be called when the Producer is no longer needed.
 	GetOrBuildProducer(ProducerBuilder) (p Producer, close func())
+	// Shutdown shuts down the SubConn gracefully.  Any started RPCs will be
+	// allowed to complete.  No future calls should be made on the SubConn.
+	// One final state update will be delivered to the StateListener (or
+	// UpdateSubConnState; deprecated) with ConnectivityState of Shutdown to
+	// indicate the shutdown operation.  This may be delivered before
+	// in-progress RPCs are complete and the actual connection is closed.
+	Shutdown()
 }
 
 // NewSubConnOptions contains options to create new SubConn.
@@ -129,6 +151,11 @@ type NewSubConnOptions struct {
 	// HealthCheckEnabled indicates whether health check service should be
 	// enabled on this SubConn
 	HealthCheckEnabled bool
+	// StateListener is called when the state of the subconn changes.  If nil,
+	// Balancer.UpdateSubConnState will be called instead.  Will never be
+	// invoked until after Connect() is called on the SubConn created with
+	// these options.
+	StateListener func(SubConnState)
 }
 
 // State contains the balancer's state relevant to the gRPC ClientConn.
@@ -150,16 +177,24 @@ type ClientConn interface {
 	// NewSubConn is called by balancer to create a new SubConn.
 	// It doesn't block and wait for the connections to be established.
 	// Behaviors of the SubConn can be controlled by options.
+	//
+	// Deprecated: please be aware that in a future version, SubConns will only
+	// support one address per SubConn.
 	NewSubConn([]resolver.Address, NewSubConnOptions) (SubConn, error)
 	// RemoveSubConn removes the SubConn from ClientConn.
 	// The SubConn will be shutdown.
+	//
+	// Deprecated: use SubConn.Shutdown instead.
 	RemoveSubConn(SubConn)
 	// UpdateAddresses updates the addresses used in the passed in SubConn.
 	// gRPC checks if the currently connected address is still in the new list.
 	// If so, the connection will be kept. Else, the connection will be
 	// gracefully closed, and a new connection will be created.
 	//
-	// This will trigger a state transition for the SubConn.
+	// This may trigger a state transition for the SubConn.
+	//
+	// Deprecated: this method will be removed.  Create new SubConns for new
+	// addresses instead.
 	UpdateAddresses(SubConn, []resolver.Address)
 
 	// UpdateState notifies gRPC that the balancer's internal state has
@@ -250,7 +285,7 @@ type DoneInfo struct {
 	// trailing metadata.
 	//
 	// The only supported type now is *orca_v3.LoadReport.
-	ServerLoad interface{}
+	ServerLoad any
 }
 
 var (
@@ -343,9 +378,13 @@ type Balancer interface {
 	ResolverError(error)
 	// UpdateSubConnState is called by gRPC when the state of a SubConn
 	// changes.
+	//
+	// Deprecated: Use NewSubConnOptions.StateListener when creating the
+	// SubConn instead.
 	UpdateSubConnState(SubConn, SubConnState)
-	// Close closes the balancer. The balancer is not required to call
-	// ClientConn.RemoveSubConn for its existing SubConns.
+	// Close closes the balancer. The balancer is not currently required to
+	// call SubConn.Shutdown for its existing SubConns; however, this will be
+	// required in a future release, so it is recommended.
 	Close()
 }
 
@@ -390,15 +429,14 @@ var ErrBadResolverState = errors.New("bad resolver state")
 type ProducerBuilder interface {
 	// Build creates a Producer.  The first parameter is always a
 	// grpc.ClientConnInterface (a type to allow creating RPCs/streams on the
-	// associated SubConn), but is declared as interface{} to avoid a
-	// dependency cycle.  Should also return a close function that will be
-	// called when all references to the Producer have been given up.
-	Build(grpcClientConnInterface interface{}) (p Producer, close func())
+	// associated SubConn), but is declared as `any` to avoid a dependency
+	// cycle.  Should also return a close function that will be called when all
+	// references to the Producer have been given up.
+	Build(grpcClientConnInterface any) (p Producer, close func())
 }
 
 // A Producer is a type shared among potentially many consumers.  It is
 // associated with a SubConn, and an implementation will typically contain
 // other methods to provide additional functionality, e.g. configuration or
 // subscription registration.
-type Producer interface {
-}
+type Producer any
diff --git a/apis/vendor/google.golang.org/grpc/balancer/base/balancer.go b/apis/vendor/google.golang.org/grpc/balancer/base/balancer.go
index 3929c26d3..a7f1eeec8 100644
--- a/apis/vendor/google.golang.org/grpc/balancer/base/balancer.go
+++ b/apis/vendor/google.golang.org/grpc/balancer/base/balancer.go
@@ -105,7 +105,12 @@ func (b *baseBalancer) UpdateClientConnState(s balancer.ClientConnState) error {
 		addrsSet.Set(a, nil)
 		if _, ok := b.subConns.Get(a); !ok {
 			// a is a new address (not existing in b.subConns).
-			sc, err := b.cc.NewSubConn([]resolver.Address{a}, balancer.NewSubConnOptions{HealthCheckEnabled: b.config.HealthCheck})
+			var sc balancer.SubConn
+			opts := balancer.NewSubConnOptions{
+				HealthCheckEnabled: b.config.HealthCheck,
+				StateListener:      func(scs balancer.SubConnState) { b.updateSubConnState(sc, scs) },
+			}
+			sc, err := b.cc.NewSubConn([]resolver.Address{a}, opts)
 			if err != nil {
 				logger.Warningf("base.baseBalancer: failed to create new SubConn: %v", err)
 				continue
@@ -121,10 +126,10 @@ func (b *baseBalancer) UpdateClientConnState(s balancer.ClientConnState) error {
 		sc := sci.(balancer.SubConn)
 		// a was removed by resolver.
 		if _, ok := addrsSet.Get(a); !ok {
-			b.cc.RemoveSubConn(sc)
+			sc.Shutdown()
 			b.subConns.Delete(a)
 			// Keep the state of this sc in b.scStates until sc's state becomes Shutdown.
-			// The entry will be deleted in UpdateSubConnState.
+			// The entry will be deleted in updateSubConnState.
 		}
 	}
 	// If resolver state contains no addresses, return an error so ClientConn
@@ -177,7 +182,12 @@ func (b *baseBalancer) regeneratePicker() {
 	b.picker = b.pickerBuilder.Build(PickerBuildInfo{ReadySCs: readySCs})
 }
 
+// UpdateSubConnState is a nop because a StateListener is always set in NewSubConn.
 func (b *baseBalancer) UpdateSubConnState(sc balancer.SubConn, state balancer.SubConnState) {
+	logger.Errorf("base.baseBalancer: UpdateSubConnState(%v, %+v) called unexpectedly", sc, state)
+}
+
+func (b *baseBalancer) updateSubConnState(sc balancer.SubConn, state balancer.SubConnState) {
 	s := state.ConnectivityState
 	if logger.V(2) {
 		logger.Infof("base.baseBalancer: handle SubConn state change: %p, %v", sc, s)
@@ -204,8 +214,8 @@ func (b *baseBalancer) UpdateSubConnState(sc balancer.SubConn, state balancer.Su
 	case connectivity.Idle:
 		sc.Connect()
 	case connectivity.Shutdown:
-		// When an address was removed by resolver, b called RemoveSubConn but
-		// kept the sc's state in scStates. Remove state for this sc here.
+		// When an address was removed by resolver, b called Shutdown but kept
+		// the sc's state in scStates. Remove state for this sc here.
 		delete(b.scStates, sc)
 	case connectivity.TransientFailure:
 		// Save error to be reported via picker.
@@ -226,7 +236,7 @@ func (b *baseBalancer) UpdateSubConnState(sc balancer.SubConn, state balancer.Su
 }
 
 // Close is a nop because base balancer doesn't have internal state to clean up,
-// and it doesn't need to call RemoveSubConn for the SubConns.
+// and it doesn't need to call Shutdown for the SubConns.
 func (b *baseBalancer) Close() {
 }
 
diff --git a/apis/vendor/google.golang.org/grpc/balancer_conn_wrappers.go b/apis/vendor/google.golang.org/grpc/balancer_conn_wrappers.go
index 04b9ad411..a4411c22b 100644
--- a/apis/vendor/google.golang.org/grpc/balancer_conn_wrappers.go
+++ b/apis/vendor/google.golang.org/grpc/balancer_conn_wrappers.go
@@ -99,20 +99,6 @@ func (ccb *ccBalancerWrapper) updateClientConnState(ccs *balancer.ClientConnStat
 	// lock held. But the lock guards only the scheduling part. The actual
 	// callback is called asynchronously without the lock being held.
 	ok := ccb.serializer.Schedule(func(_ context.Context) {
-		// If the addresses specified in the update contain addresses of type
-		// "grpclb" and the selected LB policy is not "grpclb", these addresses
-		// will be filtered out and ccs will be modified with the updated
-		// address list.
-		if ccb.curBalancerName != grpclbName {
-			var addrs []resolver.Address
-			for _, addr := range ccs.ResolverState.Addresses {
-				if addr.Type == resolver.GRPCLB {
-					continue
-				}
-				addrs = append(addrs, addr)
-			}
-			ccs.ResolverState.Addresses = addrs
-		}
 		errCh <- ccb.balancer.UpdateClientConnState(*ccs)
 	})
 	if !ok {
@@ -139,7 +125,9 @@ func (ccb *ccBalancerWrapper) updateClientConnState(ccs *balancer.ClientConnStat
 func (ccb *ccBalancerWrapper) updateSubConnState(sc balancer.SubConn, s connectivity.State, err error) {
 	ccb.mu.Lock()
 	ccb.serializer.Schedule(func(_ context.Context) {
-		ccb.balancer.UpdateSubConnState(sc, balancer.SubConnState{ConnectivityState: s, ConnectionError: err})
+		// Even though it is optional for balancers, gracefulswitch ensures
+		// opts.StateListener is set, so this cannot ever be nil.
+		sc.(*acBalancerWrapper).stateListener(balancer.SubConnState{ConnectivityState: s, ConnectionError: err})
 	})
 	ccb.mu.Unlock()
 }
@@ -221,7 +209,7 @@ func (ccb *ccBalancerWrapper) closeBalancer(m ccbMode) {
 	}
 
 	ccb.mode = m
-	done := ccb.serializer.Done
+	done := ccb.serializer.Done()
 	b := ccb.balancer
 	ok := ccb.serializer.Schedule(func(_ context.Context) {
 		// Close the serializer to ensure that no more calls from gRPC are sent
@@ -238,11 +226,9 @@ func (ccb *ccBalancerWrapper) closeBalancer(m ccbMode) {
 	}
 	ccb.mu.Unlock()
 
-	// Give enqueued callbacks a chance to finish.
+	// Give enqueued callbacks a chance to finish before closing the balancer.
 	<-done
-	// Spawn a goroutine to close the balancer (since it may block trying to
-	// cleanup all allocated resources) and return early.
-	go b.Close()
+	b.Close()
 }
 
 // exitIdleMode is invoked by grpc when the channel exits idle mode either
@@ -314,29 +300,19 @@ func (ccb *ccBalancerWrapper) NewSubConn(addrs []resolver.Address, opts balancer
 		channelz.Warningf(logger, ccb.cc.channelzID, "acBalancerWrapper: NewSubConn: failed to newAddrConn: %v", err)
 		return nil, err
 	}
-	acbw := &acBalancerWrapper{ac: ac, producers: make(map[balancer.ProducerBuilder]*refCountedProducer)}
+	acbw := &acBalancerWrapper{
+		ccb:           ccb,
+		ac:            ac,
+		producers:     make(map[balancer.ProducerBuilder]*refCountedProducer),
+		stateListener: opts.StateListener,
+	}
 	ac.acbw = acbw
 	return acbw, nil
 }
 
 func (ccb *ccBalancerWrapper) RemoveSubConn(sc balancer.SubConn) {
-	if ccb.isIdleOrClosed() {
-		// It it safe to ignore this call when the balancer is closed or in idle
-		// because the ClientConn takes care of closing the connections.
-		//
-		// Not returning early from here when the balancer is closed or in idle
-		// leads to a deadlock though, because of the following sequence of
-		// calls when holding cc.mu:
-		// cc.exitIdleMode --> ccb.enterIdleMode --> gsw.Close -->
-		// ccb.RemoveAddrConn --> cc.removeAddrConn
-		return
-	}
-
-	acbw, ok := sc.(*acBalancerWrapper)
-	if !ok {
-		return
-	}
-	ccb.cc.removeAddrConn(acbw.ac, errConnDrain)
+	// The graceful switch balancer will never call this.
+	logger.Errorf("ccb RemoveSubConn(%v) called unexpectedly, sc")
 }
 
 func (ccb *ccBalancerWrapper) UpdateAddresses(sc balancer.SubConn, addrs []resolver.Address) {
@@ -380,7 +356,9 @@ func (ccb *ccBalancerWrapper) Target() string {
 // acBalancerWrapper is a wrapper on top of ac for balancers.
 // It implements balancer.SubConn interface.
 type acBalancerWrapper struct {
-	ac *addrConn // read-only
+	ac            *addrConn          // read-only
+	ccb           *ccBalancerWrapper // read-only
+	stateListener func(balancer.SubConnState)
 
 	mu        sync.Mutex
 	producers map[balancer.ProducerBuilder]*refCountedProducer
@@ -398,6 +376,23 @@ func (acbw *acBalancerWrapper) Connect() {
 	go acbw.ac.connect()
 }
 
+func (acbw *acBalancerWrapper) Shutdown() {
+	ccb := acbw.ccb
+	if ccb.isIdleOrClosed() {
+		// It it safe to ignore this call when the balancer is closed or in idle
+		// because the ClientConn takes care of closing the connections.
+		//
+		// Not returning early from here when the balancer is closed or in idle
+		// leads to a deadlock though, because of the following sequence of
+		// calls when holding cc.mu:
+		// cc.exitIdleMode --> ccb.enterIdleMode --> gsw.Close -->
+		// ccb.RemoveAddrConn --> cc.removeAddrConn
+		return
+	}
+
+	ccb.cc.removeAddrConn(acbw.ac, errConnDrain)
+}
+
 // NewStream begins a streaming RPC on the addrConn.  If the addrConn is not
 // ready, blocks until it is or ctx expires.  Returns an error when the context
 // expires or the addrConn is shut down.
@@ -411,7 +406,7 @@ func (acbw *acBalancerWrapper) NewStream(ctx context.Context, desc *StreamDesc,
 
 // Invoke performs a unary RPC.  If the addrConn is not ready, returns
 // errSubConnNotReady.
-func (acbw *acBalancerWrapper) Invoke(ctx context.Context, method string, args interface{}, reply interface{}, opts ...CallOption) error {
+func (acbw *acBalancerWrapper) Invoke(ctx context.Context, method string, args any, reply any, opts ...CallOption) error {
 	cs, err := acbw.NewStream(ctx, unaryStreamDesc, method, opts...)
 	if err != nil {
 		return err
diff --git a/apis/vendor/google.golang.org/grpc/binarylog/grpc_binarylog_v1/binarylog.pb.go b/apis/vendor/google.golang.org/grpc/binarylog/grpc_binarylog_v1/binarylog.pb.go
index ec2c2fa14..595480112 100644
--- a/apis/vendor/google.golang.org/grpc/binarylog/grpc_binarylog_v1/binarylog.pb.go
+++ b/apis/vendor/google.golang.org/grpc/binarylog/grpc_binarylog_v1/binarylog.pb.go
@@ -18,7 +18,7 @@
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.30.0
+// 	protoc-gen-go v1.31.0
 // 	protoc        v4.22.0
 // source: grpc/binlog/v1/binarylog.proto
 
diff --git a/apis/vendor/google.golang.org/grpc/call.go b/apis/vendor/google.golang.org/grpc/call.go
index e6a1dc5d7..788c89c16 100644
--- a/apis/vendor/google.golang.org/grpc/call.go
+++ b/apis/vendor/google.golang.org/grpc/call.go
@@ -26,12 +26,7 @@ import (
 // received.  This is typically called by generated code.
 //
 // All errors returned by Invoke are compatible with the status package.
-func (cc *ClientConn) Invoke(ctx context.Context, method string, args, reply interface{}, opts ...CallOption) error {
-	if err := cc.idlenessMgr.onCallBegin(); err != nil {
-		return err
-	}
-	defer cc.idlenessMgr.onCallEnd()
-
+func (cc *ClientConn) Invoke(ctx context.Context, method string, args, reply any, opts ...CallOption) error {
 	// allow interceptor to see all applicable call options, which means those
 	// configured as defaults from dial option as well as per-call options
 	opts = combine(cc.dopts.callOptions, opts)
@@ -61,13 +56,13 @@ func combine(o1 []CallOption, o2 []CallOption) []CallOption {
 // received.  This is typically called by generated code.
 //
 // DEPRECATED: Use ClientConn.Invoke instead.
-func Invoke(ctx context.Context, method string, args, reply interface{}, cc *ClientConn, opts ...CallOption) error {
+func Invoke(ctx context.Context, method string, args, reply any, cc *ClientConn, opts ...CallOption) error {
 	return cc.Invoke(ctx, method, args, reply, opts...)
 }
 
 var unaryStreamDesc = &StreamDesc{ServerStreams: false, ClientStreams: false}
 
-func invoke(ctx context.Context, method string, req, reply interface{}, cc *ClientConn, opts ...CallOption) error {
+func invoke(ctx context.Context, method string, req, reply any, cc *ClientConn, opts ...CallOption) error {
 	cs, err := newClientStream(ctx, unaryStreamDesc, cc, method, opts...)
 	if err != nil {
 		return err
diff --git a/apis/vendor/google.golang.org/grpc/clientconn.go b/apis/vendor/google.golang.org/grpc/clientconn.go
index 95a7459b0..429c389e4 100644
--- a/apis/vendor/google.golang.org/grpc/clientconn.go
+++ b/apis/vendor/google.golang.org/grpc/clientconn.go
@@ -34,9 +34,12 @@ import (
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/connectivity"
 	"google.golang.org/grpc/credentials"
+	"google.golang.org/grpc/internal"
 	"google.golang.org/grpc/internal/backoff"
 	"google.golang.org/grpc/internal/channelz"
 	"google.golang.org/grpc/internal/grpcsync"
+	"google.golang.org/grpc/internal/idle"
+	"google.golang.org/grpc/internal/pretty"
 	iresolver "google.golang.org/grpc/internal/resolver"
 	"google.golang.org/grpc/internal/transport"
 	"google.golang.org/grpc/keepalive"
@@ -53,8 +56,6 @@ import (
 const (
 	// minimum time to give a connection to complete
 	minConnectTimeout = 20 * time.Second
-	// must match grpclbName in grpclb/grpclb.go
-	grpclbName = "grpclb"
 )
 
 var (
@@ -137,7 +138,6 @@ func (dcs *defaultConfigSelector) SelectConfig(rpcInfo iresolver.RPCInfo) (*ires
 func DialContext(ctx context.Context, target string, opts ...DialOption) (conn *ClientConn, err error) {
 	cc := &ClientConn{
 		target: target,
-		csMgr:  &connectivityStateManager{},
 		conns:  make(map[*addrConn]struct{}),
 		dopts:  defaultDialOptions(),
 		czData: new(channelzData),
@@ -190,6 +190,8 @@ func DialContext(ctx context.Context, target string, opts ...DialOption) (conn *
 	// Register ClientConn with channelz.
 	cc.channelzRegistration(target)
 
+	cc.csMgr = newConnectivityStateManager(cc.ctx, cc.channelzID)
+
 	if err := cc.validateTransportCredentials(); err != nil {
 		return nil, err
 	}
@@ -265,7 +267,7 @@ func DialContext(ctx context.Context, target string, opts ...DialOption) (conn *
 	// Configure idleness support with configured idle timeout or default idle
 	// timeout duration. Idleness can be explicitly disabled by the user, by
 	// setting the dial option to 0.
-	cc.idlenessMgr = newIdlenessManager(cc, cc.dopts.idleTimeout)
+	cc.idlenessMgr = idle.NewManager(idle.ManagerOptions{Enforcer: (*idler)(cc), Timeout: cc.dopts.idleTimeout, Logger: logger})
 
 	// Return early for non-blocking dials.
 	if !cc.dopts.block {
@@ -316,6 +318,16 @@ func (cc *ClientConn) addTraceEvent(msg string) {
 	channelz.AddTraceEvent(logger, cc.channelzID, 0, ted)
 }
 
+type idler ClientConn
+
+func (i *idler) EnterIdleMode() error {
+	return (*ClientConn)(i).enterIdleMode()
+}
+
+func (i *idler) ExitIdleMode() error {
+	return (*ClientConn)(i).exitIdleMode()
+}
+
 // exitIdleMode moves the channel out of idle mode by recreating the name
 // resolver and load balancer.
 func (cc *ClientConn) exitIdleMode() error {
@@ -325,8 +337,8 @@ func (cc *ClientConn) exitIdleMode() error {
 		return errConnClosing
 	}
 	if cc.idlenessState != ccIdlenessStateIdle {
+		channelz.Infof(logger, cc.channelzID, "ClientConn asked to exit idle mode, current mode is %v", cc.idlenessState)
 		cc.mu.Unlock()
-		logger.Info("ClientConn asked to exit idle mode when not in idle mode")
 		return nil
 	}
 
@@ -349,7 +361,7 @@ func (cc *ClientConn) exitIdleMode() error {
 	cc.idlenessState = ccIdlenessStateExitingIdle
 	exitedIdle := false
 	if cc.blockingpicker == nil {
-		cc.blockingpicker = newPickerWrapper()
+		cc.blockingpicker = newPickerWrapper(cc.dopts.copts.StatsHandlers)
 	} else {
 		cc.blockingpicker.exitIdleMode()
 		exitedIdle = true
@@ -392,12 +404,13 @@ func (cc *ClientConn) exitIdleMode() error {
 // name resolver, load balancer and any subchannels.
 func (cc *ClientConn) enterIdleMode() error {
 	cc.mu.Lock()
+	defer cc.mu.Unlock()
+
 	if cc.conns == nil {
-		cc.mu.Unlock()
 		return ErrClientConnClosing
 	}
 	if cc.idlenessState != ccIdlenessStateActive {
-		logger.Error("ClientConn asked to enter idle mode when not active")
+		channelz.Warningf(logger, cc.channelzID, "ClientConn asked to enter idle mode, current mode is %v", cc.idlenessState)
 		return nil
 	}
 
@@ -418,14 +431,14 @@ func (cc *ClientConn) enterIdleMode() error {
 	cc.balancerWrapper.enterIdleMode()
 	cc.csMgr.updateState(connectivity.Idle)
 	cc.idlenessState = ccIdlenessStateIdle
-	cc.mu.Unlock()
+	cc.addTraceEvent("entering idle mode")
 
 	go func() {
-		cc.addTraceEvent("entering idle mode")
 		for ac := range conns {
 			ac.tearDown(errConnIdling)
 		}
 	}()
+
 	return nil
 }
 
@@ -474,7 +487,6 @@ func (cc *ClientConn) validateTransportCredentials() error {
 func (cc *ClientConn) channelzRegistration(target string) {
 	cc.channelzID = channelz.RegisterChannel(&channelzChannel{cc}, cc.dopts.channelzParentID, target)
 	cc.addTraceEvent("created")
-	cc.csMgr.channelzID = cc.channelzID
 }
 
 // chainUnaryClientInterceptors chains all unary client interceptors into one.
@@ -491,7 +503,7 @@ func chainUnaryClientInterceptors(cc *ClientConn) {
 	} else if len(interceptors) == 1 {
 		chainedInt = interceptors[0]
 	} else {
-		chainedInt = func(ctx context.Context, method string, req, reply interface{}, cc *ClientConn, invoker UnaryInvoker, opts ...CallOption) error {
+		chainedInt = func(ctx context.Context, method string, req, reply any, cc *ClientConn, invoker UnaryInvoker, opts ...CallOption) error {
 			return interceptors[0](ctx, method, req, reply, cc, getChainUnaryInvoker(interceptors, 0, invoker), opts...)
 		}
 	}
@@ -503,7 +515,7 @@ func getChainUnaryInvoker(interceptors []UnaryClientInterceptor, curr int, final
 	if curr == len(interceptors)-1 {
 		return finalInvoker
 	}
-	return func(ctx context.Context, method string, req, reply interface{}, cc *ClientConn, opts ...CallOption) error {
+	return func(ctx context.Context, method string, req, reply any, cc *ClientConn, opts ...CallOption) error {
 		return interceptors[curr+1](ctx, method, req, reply, cc, getChainUnaryInvoker(interceptors, curr+1, finalInvoker), opts...)
 	}
 }
@@ -539,13 +551,27 @@ func getChainStreamer(interceptors []StreamClientInterceptor, curr int, finalStr
 	}
 }
 
+// newConnectivityStateManager creates an connectivityStateManager with
+// the specified id.
+func newConnectivityStateManager(ctx context.Context, id *channelz.Identifier) *connectivityStateManager {
+	return &connectivityStateManager{
+		channelzID: id,
+		pubSub:     grpcsync.NewPubSub(ctx),
+	}
+}
+
 // connectivityStateManager keeps the connectivity.State of ClientConn.
 // This struct will eventually be exported so the balancers can access it.
+//
+// TODO: If possible, get rid of the `connectivityStateManager` type, and
+// provide this functionality using the `PubSub`, to avoid keeping track of
+// the connectivity state at two places.
 type connectivityStateManager struct {
 	mu         sync.Mutex
 	state      connectivity.State
 	notifyChan chan struct{}
 	channelzID *channelz.Identifier
+	pubSub     *grpcsync.PubSub
 }
 
 // updateState updates the connectivity.State of ClientConn.
@@ -561,6 +587,8 @@ func (csm *connectivityStateManager) updateState(state connectivity.State) {
 		return
 	}
 	csm.state = state
+	csm.pubSub.Publish(state)
+
 	channelz.Infof(logger, csm.channelzID, "Channel Connectivity change to %v", state)
 	if csm.notifyChan != nil {
 		// There are other goroutines waiting on this channel.
@@ -590,7 +618,7 @@ func (csm *connectivityStateManager) getNotifyChan() <-chan struct{} {
 type ClientConnInterface interface {
 	// Invoke performs a unary RPC and returns after the response is received
 	// into reply.
-	Invoke(ctx context.Context, method string, args interface{}, reply interface{}, opts ...CallOption) error
+	Invoke(ctx context.Context, method string, args any, reply any, opts ...CallOption) error
 	// NewStream begins a streaming RPC.
 	NewStream(ctx context.Context, desc *StreamDesc, method string, opts ...CallOption) (ClientStream, error)
 }
@@ -622,7 +650,7 @@ type ClientConn struct {
 	channelzID      *channelz.Identifier // Channelz identifier for the channel.
 	resolverBuilder resolver.Builder     // See parseTargetAndFindResolver().
 	balancerWrapper *ccBalancerWrapper   // Uses gracefulswitch.balancer underneath.
-	idlenessMgr     idlenessManager
+	idlenessMgr     idle.Manager
 
 	// The following provide their own synchronization, and therefore don't
 	// require cc.mu to be held to access them.
@@ -668,6 +696,19 @@ const (
 	ccIdlenessStateExitingIdle
 )
 
+func (s ccIdlenessState) String() string {
+	switch s {
+	case ccIdlenessStateActive:
+		return "active"
+	case ccIdlenessStateIdle:
+		return "idle"
+	case ccIdlenessStateExitingIdle:
+		return "exitingIdle"
+	default:
+		return "unknown"
+	}
+}
+
 // WaitForStateChange waits until the connectivity.State of ClientConn changes from sourceState or
 // ctx expires. A true value is returned in former case and false in latter.
 //
@@ -759,6 +800,16 @@ func init() {
 		panic(fmt.Sprintf("impossible error parsing empty service config: %v", cfg.Err))
 	}
 	emptyServiceConfig = cfg.Config.(*ServiceConfig)
+
+	internal.SubscribeToConnectivityStateChanges = func(cc *ClientConn, s grpcsync.Subscriber) func() {
+		return cc.csMgr.pubSub.Subscribe(s)
+	}
+	internal.EnterIdleModeForTesting = func(cc *ClientConn) error {
+		return cc.enterIdleMode()
+	}
+	internal.ExitIdleModeForTesting = func(cc *ClientConn) error {
+		return cc.exitIdleMode()
+	}
 }
 
 func (cc *ClientConn) maybeApplyDefaultServiceConfig(addrs []resolver.Address) {
@@ -867,6 +918,20 @@ func (cc *ClientConn) handleSubConnStateChange(sc balancer.SubConn, s connectivi
 	cc.balancerWrapper.updateSubConnState(sc, s, err)
 }
 
+// Makes a copy of the input addresses slice and clears out the balancer
+// attributes field. Addresses are passed during subconn creation and address
+// update operations. In both cases, we will clear the balancer attributes by
+// calling this function, and therefore we will be able to use the Equal method
+// provided by the resolver.Address type for comparison.
+func copyAddressesWithoutBalancerAttributes(in []resolver.Address) []resolver.Address {
+	out := make([]resolver.Address, len(in))
+	for i := range in {
+		out[i] = in[i]
+		out[i].BalancerAttributes = nil
+	}
+	return out
+}
+
 // newAddrConn creates an addrConn for addrs and adds it to cc.conns.
 //
 // Caller needs to make sure len(addrs) > 0.
@@ -874,7 +939,7 @@ func (cc *ClientConn) newAddrConn(addrs []resolver.Address, opts balancer.NewSub
 	ac := &addrConn{
 		state:        connectivity.Idle,
 		cc:           cc,
-		addrs:        addrs,
+		addrs:        copyAddressesWithoutBalancerAttributes(addrs),
 		scopts:       opts,
 		dopts:        cc.dopts,
 		czData:       new(channelzData),
@@ -995,8 +1060,9 @@ func equalAddresses(a, b []resolver.Address) bool {
 // connections or connection attempts.
 func (ac *addrConn) updateAddrs(addrs []resolver.Address) {
 	ac.mu.Lock()
-	channelz.Infof(logger, ac.channelzID, "addrConn: updateAddrs curAddr: %v, addrs: %v", ac.curAddr, addrs)
+	channelz.Infof(logger, ac.channelzID, "addrConn: updateAddrs curAddr: %v, addrs: %v", pretty.ToJSON(ac.curAddr), pretty.ToJSON(addrs))
 
+	addrs = copyAddressesWithoutBalancerAttributes(addrs)
 	if equalAddresses(ac.addrs, addrs) {
 		ac.mu.Unlock()
 		return
@@ -1031,8 +1097,8 @@ func (ac *addrConn) updateAddrs(addrs []resolver.Address) {
 	ac.cancel()
 	ac.ctx, ac.cancel = context.WithCancel(ac.cc.ctx)
 
-	// We have to defer here because GracefulClose => Close => onClose, which
-	// requires locking ac.mu.
+	// We have to defer here because GracefulClose => onClose, which requires
+	// locking ac.mu.
 	if ac.transport != nil {
 		defer ac.transport.GracefulClose()
 		ac.transport = nil
@@ -1137,23 +1203,13 @@ func (cc *ClientConn) applyServiceConfigAndBalancer(sc *ServiceConfig, configSel
 	}
 
 	var newBalancerName string
-	if cc.sc != nil && cc.sc.lbConfig != nil {
+	if cc.sc == nil || (cc.sc.lbConfig == nil && cc.sc.LB == nil) {
+		// No service config or no LB policy specified in config.
+		newBalancerName = PickFirstBalancerName
+	} else if cc.sc.lbConfig != nil {
 		newBalancerName = cc.sc.lbConfig.name
-	} else {
-		var isGRPCLB bool
-		for _, a := range addrs {
-			if a.Type == resolver.GRPCLB {
-				isGRPCLB = true
-				break
-			}
-		}
-		if isGRPCLB {
-			newBalancerName = grpclbName
-		} else if cc.sc != nil && cc.sc.LB != nil {
-			newBalancerName = *cc.sc.LB
-		} else {
-			newBalancerName = PickFirstBalancerName
-		}
+	} else { // cc.sc.LB != nil
+		newBalancerName = *cc.sc.LB
 	}
 	cc.balancerWrapper.switchTo(newBalancerName)
 }
@@ -1192,7 +1248,10 @@ func (cc *ClientConn) ResetConnectBackoff() {
 
 // Close tears down the ClientConn and all underlying connections.
 func (cc *ClientConn) Close() error {
-	defer cc.cancel()
+	defer func() {
+		cc.cancel()
+		<-cc.csMgr.pubSub.Done()
+	}()
 
 	cc.mu.Lock()
 	if cc.conns == nil {
@@ -1226,7 +1285,7 @@ func (cc *ClientConn) Close() error {
 		rWrapper.close()
 	}
 	if idlenessMgr != nil {
-		idlenessMgr.close()
+		idlenessMgr.Close()
 	}
 
 	for ac := range conns {
@@ -1336,12 +1395,14 @@ func (ac *addrConn) resetTransport() {
 
 	if err := ac.tryAllAddrs(acCtx, addrs, connectDeadline); err != nil {
 		ac.cc.resolveNow(resolver.ResolveNowOptions{})
-		// After exhausting all addresses, the addrConn enters
-		// TRANSIENT_FAILURE.
+		ac.mu.Lock()
 		if acCtx.Err() != nil {
+			// addrConn was torn down.
+			ac.mu.Unlock()
 			return
 		}
-		ac.mu.Lock()
+		// After exhausting all addresses, the addrConn enters
+		// TRANSIENT_FAILURE.
 		ac.updateConnectivityState(connectivity.TransientFailure, err)
 
 		// Backoff.
@@ -1537,7 +1598,7 @@ func (ac *addrConn) startHealthCheck(ctx context.Context) {
 
 	// Set up the health check helper functions.
 	currentTr := ac.transport
-	newStream := func(method string) (interface{}, error) {
+	newStream := func(method string) (any, error) {
 		ac.mu.Lock()
 		if ac.transport != currentTr {
 			ac.mu.Unlock()
@@ -1625,16 +1686,7 @@ func (ac *addrConn) tearDown(err error) {
 	ac.updateConnectivityState(connectivity.Shutdown, nil)
 	ac.cancel()
 	ac.curAddr = resolver.Address{}
-	if err == errConnDrain && curTr != nil {
-		// GracefulClose(...) may be executed multiple times when
-		// i) receiving multiple GoAway frames from the server; or
-		// ii) there are concurrent name resolver/Balancer triggered
-		// address removal and GoAway.
-		// We have to unlock and re-lock here because GracefulClose => Close => onClose, which requires locking ac.mu.
-		ac.mu.Unlock()
-		curTr.GracefulClose()
-		ac.mu.Lock()
-	}
+
 	channelz.AddTraceEvent(logger, ac.channelzID, 0, &channelz.TraceEventDesc{
 		Desc:     "Subchannel deleted",
 		Severity: channelz.CtInfo,
@@ -1648,6 +1700,29 @@ func (ac *addrConn) tearDown(err error) {
 	// being deleted right away.
 	channelz.RemoveEntry(ac.channelzID)
 	ac.mu.Unlock()
+
+	// We have to release the lock before the call to GracefulClose/Close here
+	// because both of them call onClose(), which requires locking ac.mu.
+	if curTr != nil {
+		if err == errConnDrain {
+			// Close the transport gracefully when the subConn is being shutdown.
+			//
+			// GracefulClose() may be executed multiple times if:
+			// - multiple GoAway frames are received from the server
+			// - there are concurrent name resolver or balancer triggered
+			//   address removal and GoAway
+			curTr.GracefulClose()
+		} else {
+			// Hard close the transport when the channel is entering idle or is
+			// being shutdown. In the case where the channel is being shutdown,
+			// closing of transports is also taken care of by cancelation of cc.ctx.
+			// But in the case where the channel is entering idle, we need to
+			// explicitly close the transports here. Instead of distinguishing
+			// between these two cases, it is simpler to close the transport
+			// unconditionally here.
+			curTr.Close(err)
+		}
+	}
 }
 
 func (ac *addrConn) getState() connectivity.State {
@@ -1807,19 +1882,70 @@ func (cc *ClientConn) parseTargetAndFindResolver() error {
 }
 
 // parseTarget uses RFC 3986 semantics to parse the given target into a
-// resolver.Target struct containing scheme, authority and url. Query
-// params are stripped from the endpoint.
+// resolver.Target struct containing url. Query params are stripped from the
+// endpoint.
 func parseTarget(target string) (resolver.Target, error) {
 	u, err := url.Parse(target)
 	if err != nil {
 		return resolver.Target{}, err
 	}
 
-	return resolver.Target{
-		Scheme:    u.Scheme,
-		Authority: u.Host,
-		URL:       *u,
-	}, nil
+	return resolver.Target{URL: *u}, nil
+}
+
+func encodeAuthority(authority string) string {
+	const upperhex = "0123456789ABCDEF"
+
+	// Return for characters that must be escaped as per
+	// Valid chars are mentioned here:
+	// https://datatracker.ietf.org/doc/html/rfc3986#section-3.2
+	shouldEscape := func(c byte) bool {
+		// Alphanum are always allowed.
+		if 'a' <= c && c <= 'z' || 'A' <= c && c <= 'Z' || '0' <= c && c <= '9' {
+			return false
+		}
+		switch c {
+		case '-', '_', '.', '~': // Unreserved characters
+			return false
+		case '!', '$', '&', '\'', '(', ')', '*', '+', ',', ';', '=': // Subdelim characters
+			return false
+		case ':', '[', ']', '@': // Authority related delimeters
+			return false
+		}
+		// Everything else must be escaped.
+		return true
+	}
+
+	hexCount := 0
+	for i := 0; i < len(authority); i++ {
+		c := authority[i]
+		if shouldEscape(c) {
+			hexCount++
+		}
+	}
+
+	if hexCount == 0 {
+		return authority
+	}
+
+	required := len(authority) + 2*hexCount
+	t := make([]byte, required)
+
+	j := 0
+	// This logic is a barebones version of escape in the go net/url library.
+	for i := 0; i < len(authority); i++ {
+		switch c := authority[i]; {
+		case shouldEscape(c):
+			t[j] = '%'
+			t[j+1] = upperhex[c>>4]
+			t[j+2] = upperhex[c&15]
+			j += 3
+		default:
+			t[j] = authority[i]
+			j++
+		}
+	}
+	return string(t)
 }
 
 // Determine channel authority. The order of precedence is as follows:
@@ -1872,7 +1998,11 @@ func (cc *ClientConn) determineAuthority() error {
 		// the channel authority given the user's dial target. For resolvers
 		// which don't implement this interface, we will use the endpoint from
 		// "scheme://authority/endpoint" as the default authority.
-		cc.authority = endpoint
+		// Escape the endpoint to handle use cases where the endpoint
+		// might not be a valid authority by default.
+		// For example an endpoint which has multiple paths like
+		// 'a/b/c', which is not a valid authority by default.
+		cc.authority = encodeAuthority(endpoint)
 	}
 	channelz.Infof(logger, cc.channelzID, "Channel authority set to %q", cc.authority)
 	return nil
diff --git a/apis/vendor/google.golang.org/grpc/codec.go b/apis/vendor/google.golang.org/grpc/codec.go
index 129776547..411e3dfd4 100644
--- a/apis/vendor/google.golang.org/grpc/codec.go
+++ b/apis/vendor/google.golang.org/grpc/codec.go
@@ -27,8 +27,8 @@ import (
 // omits the name/string, which vary between the two and are not needed for
 // anything besides the registry in the encoding package.
 type baseCodec interface {
-	Marshal(v interface{}) ([]byte, error)
-	Unmarshal(data []byte, v interface{}) error
+	Marshal(v any) ([]byte, error)
+	Unmarshal(data []byte, v any) error
 }
 
 var _ baseCodec = Codec(nil)
@@ -41,9 +41,9 @@ var _ baseCodec = encoding.Codec(nil)
 // Deprecated: use encoding.Codec instead.
 type Codec interface {
 	// Marshal returns the wire format of v.
-	Marshal(v interface{}) ([]byte, error)
+	Marshal(v any) ([]byte, error)
 	// Unmarshal parses the wire format into v.
-	Unmarshal(data []byte, v interface{}) error
+	Unmarshal(data []byte, v any) error
 	// String returns the name of the Codec implementation.  This is unused by
 	// gRPC.
 	String() string
diff --git a/apis/vendor/google.golang.org/grpc/dialoptions.go b/apis/vendor/google.golang.org/grpc/dialoptions.go
index 15a3d5102..cfc9fd85e 100644
--- a/apis/vendor/google.golang.org/grpc/dialoptions.go
+++ b/apis/vendor/google.golang.org/grpc/dialoptions.go
@@ -78,6 +78,7 @@ type dialOptions struct {
 	defaultServiceConfigRawJSON *string
 	resolvers                   []resolver.Builder
 	idleTimeout                 time.Duration
+	recvBufferPool              SharedBufferPool
 }
 
 // DialOption configures how we set up the connection.
@@ -138,6 +139,20 @@ func newJoinDialOption(opts ...DialOption) DialOption {
 	return &joinDialOption{opts: opts}
 }
 
+// WithSharedWriteBuffer allows reusing per-connection transport write buffer.
+// If this option is set to true every connection will release the buffer after
+// flushing the data on the wire.
+//
+// # Experimental
+//
+// Notice: This API is EXPERIMENTAL and may be changed or removed in a
+// later release.
+func WithSharedWriteBuffer(val bool) DialOption {
+	return newFuncDialOption(func(o *dialOptions) {
+		o.copts.SharedWriteBuffer = val
+	})
+}
+
 // WithWriteBufferSize determines how much data can be batched before doing a
 // write on the wire. The corresponding memory allocation for this buffer will
 // be twice the size to keep syscalls low. The default value for this buffer is
@@ -628,6 +643,8 @@ func defaultDialOptions() dialOptions {
 			ReadBufferSize:  defaultReadBufSize,
 			UseProxy:        true,
 		},
+		recvBufferPool: nopBufferPool{},
+		idleTimeout:    30 * time.Minute,
 	}
 }
 
@@ -664,8 +681,8 @@ func WithResolvers(rs ...resolver.Builder) DialOption {
 // channel will exit idle mode when the Connect() method is called or when an
 // RPC is initiated.
 //
-// By default this feature is disabled, which can also be explicitly configured
-// by passing zero to this function.
+// A default timeout of 30 minutes will be used if this dial option is not set
+// at dial time and idleness can be disabled by passing a timeout of zero.
 //
 // # Experimental
 //
@@ -676,3 +693,24 @@ func WithIdleTimeout(d time.Duration) DialOption {
 		o.idleTimeout = d
 	})
 }
+
+// WithRecvBufferPool returns a DialOption that configures the ClientConn
+// to use the provided shared buffer pool for parsing incoming messages. Depending
+// on the application's workload, this could result in reduced memory allocation.
+//
+// If you are unsure about how to implement a memory pool but want to utilize one,
+// begin with grpc.NewSharedBufferPool.
+//
+// Note: The shared buffer pool feature will not be active if any of the following
+// options are used: WithStatsHandler, EnableTracing, or binary logging. In such
+// cases, the shared buffer pool will be ignored.
+//
+// # Experimental
+//
+// Notice: This API is EXPERIMENTAL and may be changed or removed in a
+// later release.
+func WithRecvBufferPool(bufferPool SharedBufferPool) DialOption {
+	return newFuncDialOption(func(o *dialOptions) {
+		o.recvBufferPool = bufferPool
+	})
+}
diff --git a/apis/vendor/google.golang.org/grpc/encoding/encoding.go b/apis/vendor/google.golang.org/grpc/encoding/encoding.go
index 07a586135..5ebf88d71 100644
--- a/apis/vendor/google.golang.org/grpc/encoding/encoding.go
+++ b/apis/vendor/google.golang.org/grpc/encoding/encoding.go
@@ -38,6 +38,10 @@ const Identity = "identity"
 
 // Compressor is used for compressing and decompressing when sending or
 // receiving messages.
+//
+// If a Compressor implements `DecompressedSize(compressedBytes []byte) int`,
+// gRPC will invoke it to determine the size of the buffer allocated for the
+// result of decompression.  A return value of -1 indicates unknown size.
 type Compressor interface {
 	// Compress writes the data written to wc to w after compressing it.  If an
 	// error occurs while initializing the compressor, that error is returned
@@ -51,15 +55,6 @@ type Compressor interface {
 	// coding header.  The result must be static; the result cannot change
 	// between calls.
 	Name() string
-	// If a Compressor implements
-	// DecompressedSize(compressedBytes []byte) int, gRPC will call it
-	// to determine the size of the buffer allocated for the result of decompression.
-	// Return -1 to indicate unknown size.
-	//
-	// Experimental
-	//
-	// Notice: This API is EXPERIMENTAL and may be changed or removed in a
-	// later release.
 }
 
 var registeredCompressor = make(map[string]Compressor)
@@ -90,9 +85,9 @@ func GetCompressor(name string) Compressor {
 // methods can be called from concurrent goroutines.
 type Codec interface {
 	// Marshal returns the wire format of v.
-	Marshal(v interface{}) ([]byte, error)
+	Marshal(v any) ([]byte, error)
 	// Unmarshal parses the wire format into v.
-	Unmarshal(data []byte, v interface{}) error
+	Unmarshal(data []byte, v any) error
 	// Name returns the name of the Codec implementation. The returned string
 	// will be used as part of content type in transmission.  The result must be
 	// static; the result cannot change between calls.
diff --git a/apis/vendor/google.golang.org/grpc/encoding/gzip/gzip.go b/apis/vendor/google.golang.org/grpc/encoding/gzip/gzip.go
index a3bb173c2..6306e8bb0 100644
--- a/apis/vendor/google.golang.org/grpc/encoding/gzip/gzip.go
+++ b/apis/vendor/google.golang.org/grpc/encoding/gzip/gzip.go
@@ -40,7 +40,7 @@ const Name = "gzip"
 
 func init() {
 	c := &compressor{}
-	c.poolCompressor.New = func() interface{} {
+	c.poolCompressor.New = func() any {
 		return &writer{Writer: gzip.NewWriter(io.Discard), pool: &c.poolCompressor}
 	}
 	encoding.RegisterCompressor(c)
@@ -61,7 +61,7 @@ func SetLevel(level int) error {
 		return fmt.Errorf("grpc: invalid gzip compression level: %d", level)
 	}
 	c := encoding.GetCompressor(Name).(*compressor)
-	c.poolCompressor.New = func() interface{} {
+	c.poolCompressor.New = func() any {
 		w, err := gzip.NewWriterLevel(io.Discard, level)
 		if err != nil {
 			panic(err)
diff --git a/apis/vendor/google.golang.org/grpc/encoding/proto/proto.go b/apis/vendor/google.golang.org/grpc/encoding/proto/proto.go
index 3009b35af..0ee3d3bae 100644
--- a/apis/vendor/google.golang.org/grpc/encoding/proto/proto.go
+++ b/apis/vendor/google.golang.org/grpc/encoding/proto/proto.go
@@ -37,7 +37,7 @@ func init() {
 // codec is a Codec implementation with protobuf. It is the default codec for gRPC.
 type codec struct{}
 
-func (codec) Marshal(v interface{}) ([]byte, error) {
+func (codec) Marshal(v any) ([]byte, error) {
 	vv, ok := v.(proto.Message)
 	if !ok {
 		return nil, fmt.Errorf("failed to marshal, message is %T, want proto.Message", v)
@@ -45,7 +45,7 @@ func (codec) Marshal(v interface{}) ([]byte, error) {
 	return proto.Marshal(vv)
 }
 
-func (codec) Unmarshal(data []byte, v interface{}) error {
+func (codec) Unmarshal(data []byte, v any) error {
 	vv, ok := v.(proto.Message)
 	if !ok {
 		return fmt.Errorf("failed to unmarshal, message is %T, want proto.Message", v)
diff --git a/apis/vendor/google.golang.org/grpc/grpclog/component.go b/apis/vendor/google.golang.org/grpc/grpclog/component.go
index 8358dd6e2..ac73c9ced 100644
--- a/apis/vendor/google.golang.org/grpc/grpclog/component.go
+++ b/apis/vendor/google.golang.org/grpc/grpclog/component.go
@@ -31,71 +31,71 @@ type componentData struct {
 
 var cache = map[string]*componentData{}
 
-func (c *componentData) InfoDepth(depth int, args ...interface{}) {
-	args = append([]interface{}{"[" + string(c.name) + "]"}, args...)
+func (c *componentData) InfoDepth(depth int, args ...any) {
+	args = append([]any{"[" + string(c.name) + "]"}, args...)
 	grpclog.InfoDepth(depth+1, args...)
 }
 
-func (c *componentData) WarningDepth(depth int, args ...interface{}) {
-	args = append([]interface{}{"[" + string(c.name) + "]"}, args...)
+func (c *componentData) WarningDepth(depth int, args ...any) {
+	args = append([]any{"[" + string(c.name) + "]"}, args...)
 	grpclog.WarningDepth(depth+1, args...)
 }
 
-func (c *componentData) ErrorDepth(depth int, args ...interface{}) {
-	args = append([]interface{}{"[" + string(c.name) + "]"}, args...)
+func (c *componentData) ErrorDepth(depth int, args ...any) {
+	args = append([]any{"[" + string(c.name) + "]"}, args...)
 	grpclog.ErrorDepth(depth+1, args...)
 }
 
-func (c *componentData) FatalDepth(depth int, args ...interface{}) {
-	args = append([]interface{}{"[" + string(c.name) + "]"}, args...)
+func (c *componentData) FatalDepth(depth int, args ...any) {
+	args = append([]any{"[" + string(c.name) + "]"}, args...)
 	grpclog.FatalDepth(depth+1, args...)
 }
 
-func (c *componentData) Info(args ...interface{}) {
+func (c *componentData) Info(args ...any) {
 	c.InfoDepth(1, args...)
 }
 
-func (c *componentData) Warning(args ...interface{}) {
+func (c *componentData) Warning(args ...any) {
 	c.WarningDepth(1, args...)
 }
 
-func (c *componentData) Error(args ...interface{}) {
+func (c *componentData) Error(args ...any) {
 	c.ErrorDepth(1, args...)
 }
 
-func (c *componentData) Fatal(args ...interface{}) {
+func (c *componentData) Fatal(args ...any) {
 	c.FatalDepth(1, args...)
 }
 
-func (c *componentData) Infof(format string, args ...interface{}) {
+func (c *componentData) Infof(format string, args ...any) {
 	c.InfoDepth(1, fmt.Sprintf(format, args...))
 }
 
-func (c *componentData) Warningf(format string, args ...interface{}) {
+func (c *componentData) Warningf(format string, args ...any) {
 	c.WarningDepth(1, fmt.Sprintf(format, args...))
 }
 
-func (c *componentData) Errorf(format string, args ...interface{}) {
+func (c *componentData) Errorf(format string, args ...any) {
 	c.ErrorDepth(1, fmt.Sprintf(format, args...))
 }
 
-func (c *componentData) Fatalf(format string, args ...interface{}) {
+func (c *componentData) Fatalf(format string, args ...any) {
 	c.FatalDepth(1, fmt.Sprintf(format, args...))
 }
 
-func (c *componentData) Infoln(args ...interface{}) {
+func (c *componentData) Infoln(args ...any) {
 	c.InfoDepth(1, args...)
 }
 
-func (c *componentData) Warningln(args ...interface{}) {
+func (c *componentData) Warningln(args ...any) {
 	c.WarningDepth(1, args...)
 }
 
-func (c *componentData) Errorln(args ...interface{}) {
+func (c *componentData) Errorln(args ...any) {
 	c.ErrorDepth(1, args...)
 }
 
-func (c *componentData) Fatalln(args ...interface{}) {
+func (c *componentData) Fatalln(args ...any) {
 	c.FatalDepth(1, args...)
 }
 
diff --git a/apis/vendor/google.golang.org/grpc/grpclog/grpclog.go b/apis/vendor/google.golang.org/grpc/grpclog/grpclog.go
index c8bb2be34..16928c9cb 100644
--- a/apis/vendor/google.golang.org/grpc/grpclog/grpclog.go
+++ b/apis/vendor/google.golang.org/grpc/grpclog/grpclog.go
@@ -42,53 +42,53 @@ func V(l int) bool {
 }
 
 // Info logs to the INFO log.
-func Info(args ...interface{}) {
+func Info(args ...any) {
 	grpclog.Logger.Info(args...)
 }
 
 // Infof logs to the INFO log. Arguments are handled in the manner of fmt.Printf.
-func Infof(format string, args ...interface{}) {
+func Infof(format string, args ...any) {
 	grpclog.Logger.Infof(format, args...)
 }
 
 // Infoln logs to the INFO log. Arguments are handled in the manner of fmt.Println.
-func Infoln(args ...interface{}) {
+func Infoln(args ...any) {
 	grpclog.Logger.Infoln(args...)
 }
 
 // Warning logs to the WARNING log.
-func Warning(args ...interface{}) {
+func Warning(args ...any) {
 	grpclog.Logger.Warning(args...)
 }
 
 // Warningf logs to the WARNING log. Arguments are handled in the manner of fmt.Printf.
-func Warningf(format string, args ...interface{}) {
+func Warningf(format string, args ...any) {
 	grpclog.Logger.Warningf(format, args...)
 }
 
 // Warningln logs to the WARNING log. Arguments are handled in the manner of fmt.Println.
-func Warningln(args ...interface{}) {
+func Warningln(args ...any) {
 	grpclog.Logger.Warningln(args...)
 }
 
 // Error logs to the ERROR log.
-func Error(args ...interface{}) {
+func Error(args ...any) {
 	grpclog.Logger.Error(args...)
 }
 
 // Errorf logs to the ERROR log. Arguments are handled in the manner of fmt.Printf.
-func Errorf(format string, args ...interface{}) {
+func Errorf(format string, args ...any) {
 	grpclog.Logger.Errorf(format, args...)
 }
 
 // Errorln logs to the ERROR log. Arguments are handled in the manner of fmt.Println.
-func Errorln(args ...interface{}) {
+func Errorln(args ...any) {
 	grpclog.Logger.Errorln(args...)
 }
 
 // Fatal logs to the FATAL log. Arguments are handled in the manner of fmt.Print.
 // It calls os.Exit() with exit code 1.
-func Fatal(args ...interface{}) {
+func Fatal(args ...any) {
 	grpclog.Logger.Fatal(args...)
 	// Make sure fatal logs will exit.
 	os.Exit(1)
@@ -96,7 +96,7 @@ func Fatal(args ...interface{}) {
 
 // Fatalf logs to the FATAL log. Arguments are handled in the manner of fmt.Printf.
 // It calls os.Exit() with exit code 1.
-func Fatalf(format string, args ...interface{}) {
+func Fatalf(format string, args ...any) {
 	grpclog.Logger.Fatalf(format, args...)
 	// Make sure fatal logs will exit.
 	os.Exit(1)
@@ -104,7 +104,7 @@ func Fatalf(format string, args ...interface{}) {
 
 // Fatalln logs to the FATAL log. Arguments are handled in the manner of fmt.Println.
 // It calle os.Exit()) with exit code 1.
-func Fatalln(args ...interface{}) {
+func Fatalln(args ...any) {
 	grpclog.Logger.Fatalln(args...)
 	// Make sure fatal logs will exit.
 	os.Exit(1)
@@ -113,20 +113,20 @@ func Fatalln(args ...interface{}) {
 // Print prints to the logger. Arguments are handled in the manner of fmt.Print.
 //
 // Deprecated: use Info.
-func Print(args ...interface{}) {
+func Print(args ...any) {
 	grpclog.Logger.Info(args...)
 }
 
 // Printf prints to the logger. Arguments are handled in the manner of fmt.Printf.
 //
 // Deprecated: use Infof.
-func Printf(format string, args ...interface{}) {
+func Printf(format string, args ...any) {
 	grpclog.Logger.Infof(format, args...)
 }
 
 // Println prints to the logger. Arguments are handled in the manner of fmt.Println.
 //
 // Deprecated: use Infoln.
-func Println(args ...interface{}) {
+func Println(args ...any) {
 	grpclog.Logger.Infoln(args...)
 }
diff --git a/apis/vendor/google.golang.org/grpc/grpclog/logger.go b/apis/vendor/google.golang.org/grpc/grpclog/logger.go
index ef06a4822..b1674d826 100644
--- a/apis/vendor/google.golang.org/grpc/grpclog/logger.go
+++ b/apis/vendor/google.golang.org/grpc/grpclog/logger.go
@@ -24,12 +24,12 @@ import "google.golang.org/grpc/internal/grpclog"
 //
 // Deprecated: use LoggerV2.
 type Logger interface {
-	Fatal(args ...interface{})
-	Fatalf(format string, args ...interface{})
-	Fatalln(args ...interface{})
-	Print(args ...interface{})
-	Printf(format string, args ...interface{})
-	Println(args ...interface{})
+	Fatal(args ...any)
+	Fatalf(format string, args ...any)
+	Fatalln(args ...any)
+	Print(args ...any)
+	Printf(format string, args ...any)
+	Println(args ...any)
 }
 
 // SetLogger sets the logger that is used in grpc. Call only from
@@ -45,39 +45,39 @@ type loggerWrapper struct {
 	Logger
 }
 
-func (g *loggerWrapper) Info(args ...interface{}) {
+func (g *loggerWrapper) Info(args ...any) {
 	g.Logger.Print(args...)
 }
 
-func (g *loggerWrapper) Infoln(args ...interface{}) {
+func (g *loggerWrapper) Infoln(args ...any) {
 	g.Logger.Println(args...)
 }
 
-func (g *loggerWrapper) Infof(format string, args ...interface{}) {
+func (g *loggerWrapper) Infof(format string, args ...any) {
 	g.Logger.Printf(format, args...)
 }
 
-func (g *loggerWrapper) Warning(args ...interface{}) {
+func (g *loggerWrapper) Warning(args ...any) {
 	g.Logger.Print(args...)
 }
 
-func (g *loggerWrapper) Warningln(args ...interface{}) {
+func (g *loggerWrapper) Warningln(args ...any) {
 	g.Logger.Println(args...)
 }
 
-func (g *loggerWrapper) Warningf(format string, args ...interface{}) {
+func (g *loggerWrapper) Warningf(format string, args ...any) {
 	g.Logger.Printf(format, args...)
 }
 
-func (g *loggerWrapper) Error(args ...interface{}) {
+func (g *loggerWrapper) Error(args ...any) {
 	g.Logger.Print(args...)
 }
 
-func (g *loggerWrapper) Errorln(args ...interface{}) {
+func (g *loggerWrapper) Errorln(args ...any) {
 	g.Logger.Println(args...)
 }
 
-func (g *loggerWrapper) Errorf(format string, args ...interface{}) {
+func (g *loggerWrapper) Errorf(format string, args ...any) {
 	g.Logger.Printf(format, args...)
 }
 
diff --git a/apis/vendor/google.golang.org/grpc/grpclog/loggerv2.go b/apis/vendor/google.golang.org/grpc/grpclog/loggerv2.go
index 5de66e40d..ecfd36d71 100644
--- a/apis/vendor/google.golang.org/grpc/grpclog/loggerv2.go
+++ b/apis/vendor/google.golang.org/grpc/grpclog/loggerv2.go
@@ -33,35 +33,35 @@ import (
 // LoggerV2 does underlying logging work for grpclog.
 type LoggerV2 interface {
 	// Info logs to INFO log. Arguments are handled in the manner of fmt.Print.
-	Info(args ...interface{})
+	Info(args ...any)
 	// Infoln logs to INFO log. Arguments are handled in the manner of fmt.Println.
-	Infoln(args ...interface{})
+	Infoln(args ...any)
 	// Infof logs to INFO log. Arguments are handled in the manner of fmt.Printf.
-	Infof(format string, args ...interface{})
+	Infof(format string, args ...any)
 	// Warning logs to WARNING log. Arguments are handled in the manner of fmt.Print.
-	Warning(args ...interface{})
+	Warning(args ...any)
 	// Warningln logs to WARNING log. Arguments are handled in the manner of fmt.Println.
-	Warningln(args ...interface{})
+	Warningln(args ...any)
 	// Warningf logs to WARNING log. Arguments are handled in the manner of fmt.Printf.
-	Warningf(format string, args ...interface{})
+	Warningf(format string, args ...any)
 	// Error logs to ERROR log. Arguments are handled in the manner of fmt.Print.
-	Error(args ...interface{})
+	Error(args ...any)
 	// Errorln logs to ERROR log. Arguments are handled in the manner of fmt.Println.
-	Errorln(args ...interface{})
+	Errorln(args ...any)
 	// Errorf logs to ERROR log. Arguments are handled in the manner of fmt.Printf.
-	Errorf(format string, args ...interface{})
+	Errorf(format string, args ...any)
 	// Fatal logs to ERROR log. Arguments are handled in the manner of fmt.Print.
 	// gRPC ensures that all Fatal logs will exit with os.Exit(1).
 	// Implementations may also call os.Exit() with a non-zero exit code.
-	Fatal(args ...interface{})
+	Fatal(args ...any)
 	// Fatalln logs to ERROR log. Arguments are handled in the manner of fmt.Println.
 	// gRPC ensures that all Fatal logs will exit with os.Exit(1).
 	// Implementations may also call os.Exit() with a non-zero exit code.
-	Fatalln(args ...interface{})
+	Fatalln(args ...any)
 	// Fatalf logs to ERROR log. Arguments are handled in the manner of fmt.Printf.
 	// gRPC ensures that all Fatal logs will exit with os.Exit(1).
 	// Implementations may also call os.Exit() with a non-zero exit code.
-	Fatalf(format string, args ...interface{})
+	Fatalf(format string, args ...any)
 	// V reports whether verbosity level l is at least the requested verbose level.
 	V(l int) bool
 }
@@ -182,53 +182,53 @@ func (g *loggerT) output(severity int, s string) {
 	g.m[severity].Output(2, string(b))
 }
 
-func (g *loggerT) Info(args ...interface{}) {
+func (g *loggerT) Info(args ...any) {
 	g.output(infoLog, fmt.Sprint(args...))
 }
 
-func (g *loggerT) Infoln(args ...interface{}) {
+func (g *loggerT) Infoln(args ...any) {
 	g.output(infoLog, fmt.Sprintln(args...))
 }
 
-func (g *loggerT) Infof(format string, args ...interface{}) {
+func (g *loggerT) Infof(format string, args ...any) {
 	g.output(infoLog, fmt.Sprintf(format, args...))
 }
 
-func (g *loggerT) Warning(args ...interface{}) {
+func (g *loggerT) Warning(args ...any) {
 	g.output(warningLog, fmt.Sprint(args...))
 }
 
-func (g *loggerT) Warningln(args ...interface{}) {
+func (g *loggerT) Warningln(args ...any) {
 	g.output(warningLog, fmt.Sprintln(args...))
 }
 
-func (g *loggerT) Warningf(format string, args ...interface{}) {
+func (g *loggerT) Warningf(format string, args ...any) {
 	g.output(warningLog, fmt.Sprintf(format, args...))
 }
 
-func (g *loggerT) Error(args ...interface{}) {
+func (g *loggerT) Error(args ...any) {
 	g.output(errorLog, fmt.Sprint(args...))
 }
 
-func (g *loggerT) Errorln(args ...interface{}) {
+func (g *loggerT) Errorln(args ...any) {
 	g.output(errorLog, fmt.Sprintln(args...))
 }
 
-func (g *loggerT) Errorf(format string, args ...interface{}) {
+func (g *loggerT) Errorf(format string, args ...any) {
 	g.output(errorLog, fmt.Sprintf(format, args...))
 }
 
-func (g *loggerT) Fatal(args ...interface{}) {
+func (g *loggerT) Fatal(args ...any) {
 	g.output(fatalLog, fmt.Sprint(args...))
 	os.Exit(1)
 }
 
-func (g *loggerT) Fatalln(args ...interface{}) {
+func (g *loggerT) Fatalln(args ...any) {
 	g.output(fatalLog, fmt.Sprintln(args...))
 	os.Exit(1)
 }
 
-func (g *loggerT) Fatalf(format string, args ...interface{}) {
+func (g *loggerT) Fatalf(format string, args ...any) {
 	g.output(fatalLog, fmt.Sprintf(format, args...))
 	os.Exit(1)
 }
@@ -248,11 +248,11 @@ func (g *loggerT) V(l int) bool {
 type DepthLoggerV2 interface {
 	LoggerV2
 	// InfoDepth logs to INFO log at the specified depth. Arguments are handled in the manner of fmt.Println.
-	InfoDepth(depth int, args ...interface{})
+	InfoDepth(depth int, args ...any)
 	// WarningDepth logs to WARNING log at the specified depth. Arguments are handled in the manner of fmt.Println.
-	WarningDepth(depth int, args ...interface{})
+	WarningDepth(depth int, args ...any)
 	// ErrorDepth logs to ERROR log at the specified depth. Arguments are handled in the manner of fmt.Println.
-	ErrorDepth(depth int, args ...interface{})
+	ErrorDepth(depth int, args ...any)
 	// FatalDepth logs to FATAL log at the specified depth. Arguments are handled in the manner of fmt.Println.
-	FatalDepth(depth int, args ...interface{})
+	FatalDepth(depth int, args ...any)
 }
diff --git a/apis/vendor/google.golang.org/grpc/health/grpc_health_v1/health.pb.go b/apis/vendor/google.golang.org/grpc/health/grpc_health_v1/health.pb.go
new file mode 100644
index 000000000..24299efd6
--- /dev/null
+++ b/apis/vendor/google.golang.org/grpc/health/grpc_health_v1/health.pb.go
@@ -0,0 +1,308 @@
+// Copyright 2015 The gRPC Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// The canonical version of this proto can be found at
+// https://github.com/grpc/grpc-proto/blob/master/grpc/health/v1/health.proto
+
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// 	protoc-gen-go v1.31.0
+// 	protoc        v4.22.0
+// source: grpc/health/v1/health.proto
+
+package grpc_health_v1
+
+import (
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+	reflect "reflect"
+	sync "sync"
+)
+
+const (
+	// Verify that this generated code is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+	// Verify that runtime/protoimpl is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+type HealthCheckResponse_ServingStatus int32
+
+const (
+	HealthCheckResponse_UNKNOWN         HealthCheckResponse_ServingStatus = 0
+	HealthCheckResponse_SERVING         HealthCheckResponse_ServingStatus = 1
+	HealthCheckResponse_NOT_SERVING     HealthCheckResponse_ServingStatus = 2
+	HealthCheckResponse_SERVICE_UNKNOWN HealthCheckResponse_ServingStatus = 3 // Used only by the Watch method.
+)
+
+// Enum value maps for HealthCheckResponse_ServingStatus.
+var (
+	HealthCheckResponse_ServingStatus_name = map[int32]string{
+		0: "UNKNOWN",
+		1: "SERVING",
+		2: "NOT_SERVING",
+		3: "SERVICE_UNKNOWN",
+	}
+	HealthCheckResponse_ServingStatus_value = map[string]int32{
+		"UNKNOWN":         0,
+		"SERVING":         1,
+		"NOT_SERVING":     2,
+		"SERVICE_UNKNOWN": 3,
+	}
+)
+
+func (x HealthCheckResponse_ServingStatus) Enum() *HealthCheckResponse_ServingStatus {
+	p := new(HealthCheckResponse_ServingStatus)
+	*p = x
+	return p
+}
+
+func (x HealthCheckResponse_ServingStatus) String() string {
+	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
+}
+
+func (HealthCheckResponse_ServingStatus) Descriptor() protoreflect.EnumDescriptor {
+	return file_grpc_health_v1_health_proto_enumTypes[0].Descriptor()
+}
+
+func (HealthCheckResponse_ServingStatus) Type() protoreflect.EnumType {
+	return &file_grpc_health_v1_health_proto_enumTypes[0]
+}
+
+func (x HealthCheckResponse_ServingStatus) Number() protoreflect.EnumNumber {
+	return protoreflect.EnumNumber(x)
+}
+
+// Deprecated: Use HealthCheckResponse_ServingStatus.Descriptor instead.
+func (HealthCheckResponse_ServingStatus) EnumDescriptor() ([]byte, []int) {
+	return file_grpc_health_v1_health_proto_rawDescGZIP(), []int{1, 0}
+}
+
+type HealthCheckRequest struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	Service string `protobuf:"bytes,1,opt,name=service,proto3" json:"service,omitempty"`
+}
+
+func (x *HealthCheckRequest) Reset() {
+	*x = HealthCheckRequest{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_grpc_health_v1_health_proto_msgTypes[0]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *HealthCheckRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*HealthCheckRequest) ProtoMessage() {}
+
+func (x *HealthCheckRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_grpc_health_v1_health_proto_msgTypes[0]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use HealthCheckRequest.ProtoReflect.Descriptor instead.
+func (*HealthCheckRequest) Descriptor() ([]byte, []int) {
+	return file_grpc_health_v1_health_proto_rawDescGZIP(), []int{0}
+}
+
+func (x *HealthCheckRequest) GetService() string {
+	if x != nil {
+		return x.Service
+	}
+	return ""
+}
+
+type HealthCheckResponse struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	Status HealthCheckResponse_ServingStatus `protobuf:"varint,1,opt,name=status,proto3,enum=grpc.health.v1.HealthCheckResponse_ServingStatus" json:"status,omitempty"`
+}
+
+func (x *HealthCheckResponse) Reset() {
+	*x = HealthCheckResponse{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_grpc_health_v1_health_proto_msgTypes[1]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *HealthCheckResponse) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*HealthCheckResponse) ProtoMessage() {}
+
+func (x *HealthCheckResponse) ProtoReflect() protoreflect.Message {
+	mi := &file_grpc_health_v1_health_proto_msgTypes[1]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use HealthCheckResponse.ProtoReflect.Descriptor instead.
+func (*HealthCheckResponse) Descriptor() ([]byte, []int) {
+	return file_grpc_health_v1_health_proto_rawDescGZIP(), []int{1}
+}
+
+func (x *HealthCheckResponse) GetStatus() HealthCheckResponse_ServingStatus {
+	if x != nil {
+		return x.Status
+	}
+	return HealthCheckResponse_UNKNOWN
+}
+
+var File_grpc_health_v1_health_proto protoreflect.FileDescriptor
+
+var file_grpc_health_v1_health_proto_rawDesc = []byte{
+	0x0a, 0x1b, 0x67, 0x72, 0x70, 0x63, 0x2f, 0x68, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x2f, 0x76, 0x31,
+	0x2f, 0x68, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x0e, 0x67,
+	0x72, 0x70, 0x63, 0x2e, 0x68, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x2e, 0x76, 0x31, 0x22, 0x2e, 0x0a,
+	0x12, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x52, 0x65, 0x71, 0x75,
+	0x65, 0x73, 0x74, 0x12, 0x18, 0x0a, 0x07, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x18, 0x01,
+	0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x22, 0xb1, 0x01,
+	0x0a, 0x13, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x52, 0x65, 0x73,
+	0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x49, 0x0a, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18,
+	0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x31, 0x2e, 0x67, 0x72, 0x70, 0x63, 0x2e, 0x68, 0x65, 0x61,
+	0x6c, 0x74, 0x68, 0x2e, 0x76, 0x31, 0x2e, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x43, 0x68, 0x65,
+	0x63, 0x6b, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69,
+	0x6e, 0x67, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73,
+	0x22, 0x4f, 0x0a, 0x0d, 0x53, 0x65, 0x72, 0x76, 0x69, 0x6e, 0x67, 0x53, 0x74, 0x61, 0x74, 0x75,
+	0x73, 0x12, 0x0b, 0x0a, 0x07, 0x55, 0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x10, 0x00, 0x12, 0x0b,
+	0x0a, 0x07, 0x53, 0x45, 0x52, 0x56, 0x49, 0x4e, 0x47, 0x10, 0x01, 0x12, 0x0f, 0x0a, 0x0b, 0x4e,
+	0x4f, 0x54, 0x5f, 0x53, 0x45, 0x52, 0x56, 0x49, 0x4e, 0x47, 0x10, 0x02, 0x12, 0x13, 0x0a, 0x0f,
+	0x53, 0x45, 0x52, 0x56, 0x49, 0x43, 0x45, 0x5f, 0x55, 0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x10,
+	0x03, 0x32, 0xae, 0x01, 0x0a, 0x06, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x12, 0x50, 0x0a, 0x05,
+	0x43, 0x68, 0x65, 0x63, 0x6b, 0x12, 0x22, 0x2e, 0x67, 0x72, 0x70, 0x63, 0x2e, 0x68, 0x65, 0x61,
+	0x6c, 0x74, 0x68, 0x2e, 0x76, 0x31, 0x2e, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x43, 0x68, 0x65,
+	0x63, 0x6b, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x23, 0x2e, 0x67, 0x72, 0x70, 0x63,
+	0x2e, 0x68, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x2e, 0x76, 0x31, 0x2e, 0x48, 0x65, 0x61, 0x6c, 0x74,
+	0x68, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x52,
+	0x0a, 0x05, 0x57, 0x61, 0x74, 0x63, 0x68, 0x12, 0x22, 0x2e, 0x67, 0x72, 0x70, 0x63, 0x2e, 0x68,
+	0x65, 0x61, 0x6c, 0x74, 0x68, 0x2e, 0x76, 0x31, 0x2e, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x43,
+	0x68, 0x65, 0x63, 0x6b, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x23, 0x2e, 0x67, 0x72,
+	0x70, 0x63, 0x2e, 0x68, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x2e, 0x76, 0x31, 0x2e, 0x48, 0x65, 0x61,
+	0x6c, 0x74, 0x68, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65,
+	0x30, 0x01, 0x42, 0x61, 0x0a, 0x11, 0x69, 0x6f, 0x2e, 0x67, 0x72, 0x70, 0x63, 0x2e, 0x68, 0x65,
+	0x61, 0x6c, 0x74, 0x68, 0x2e, 0x76, 0x31, 0x42, 0x0b, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x50,
+	0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x2c, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x67,
+	0x6f, 0x6c, 0x61, 0x6e, 0x67, 0x2e, 0x6f, 0x72, 0x67, 0x2f, 0x67, 0x72, 0x70, 0x63, 0x2f, 0x68,
+	0x65, 0x61, 0x6c, 0x74, 0x68, 0x2f, 0x67, 0x72, 0x70, 0x63, 0x5f, 0x68, 0x65, 0x61, 0x6c, 0x74,
+	0x68, 0x5f, 0x76, 0x31, 0xaa, 0x02, 0x0e, 0x47, 0x72, 0x70, 0x63, 0x2e, 0x48, 0x65, 0x61, 0x6c,
+	0x74, 0x68, 0x2e, 0x56, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+}
+
+var (
+	file_grpc_health_v1_health_proto_rawDescOnce sync.Once
+	file_grpc_health_v1_health_proto_rawDescData = file_grpc_health_v1_health_proto_rawDesc
+)
+
+func file_grpc_health_v1_health_proto_rawDescGZIP() []byte {
+	file_grpc_health_v1_health_proto_rawDescOnce.Do(func() {
+		file_grpc_health_v1_health_proto_rawDescData = protoimpl.X.CompressGZIP(file_grpc_health_v1_health_proto_rawDescData)
+	})
+	return file_grpc_health_v1_health_proto_rawDescData
+}
+
+var file_grpc_health_v1_health_proto_enumTypes = make([]protoimpl.EnumInfo, 1)
+var file_grpc_health_v1_health_proto_msgTypes = make([]protoimpl.MessageInfo, 2)
+var file_grpc_health_v1_health_proto_goTypes = []interface{}{
+	(HealthCheckResponse_ServingStatus)(0), // 0: grpc.health.v1.HealthCheckResponse.ServingStatus
+	(*HealthCheckRequest)(nil),             // 1: grpc.health.v1.HealthCheckRequest
+	(*HealthCheckResponse)(nil),            // 2: grpc.health.v1.HealthCheckResponse
+}
+var file_grpc_health_v1_health_proto_depIdxs = []int32{
+	0, // 0: grpc.health.v1.HealthCheckResponse.status:type_name -> grpc.health.v1.HealthCheckResponse.ServingStatus
+	1, // 1: grpc.health.v1.Health.Check:input_type -> grpc.health.v1.HealthCheckRequest
+	1, // 2: grpc.health.v1.Health.Watch:input_type -> grpc.health.v1.HealthCheckRequest
+	2, // 3: grpc.health.v1.Health.Check:output_type -> grpc.health.v1.HealthCheckResponse
+	2, // 4: grpc.health.v1.Health.Watch:output_type -> grpc.health.v1.HealthCheckResponse
+	3, // [3:5] is the sub-list for method output_type
+	1, // [1:3] is the sub-list for method input_type
+	1, // [1:1] is the sub-list for extension type_name
+	1, // [1:1] is the sub-list for extension extendee
+	0, // [0:1] is the sub-list for field type_name
+}
+
+func init() { file_grpc_health_v1_health_proto_init() }
+func file_grpc_health_v1_health_proto_init() {
+	if File_grpc_health_v1_health_proto != nil {
+		return
+	}
+	if !protoimpl.UnsafeEnabled {
+		file_grpc_health_v1_health_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*HealthCheckRequest); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_grpc_health_v1_health_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*HealthCheckResponse); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+	}
+	type x struct{}
+	out := protoimpl.TypeBuilder{
+		File: protoimpl.DescBuilder{
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+			RawDescriptor: file_grpc_health_v1_health_proto_rawDesc,
+			NumEnums:      1,
+			NumMessages:   2,
+			NumExtensions: 0,
+			NumServices:   1,
+		},
+		GoTypes:           file_grpc_health_v1_health_proto_goTypes,
+		DependencyIndexes: file_grpc_health_v1_health_proto_depIdxs,
+		EnumInfos:         file_grpc_health_v1_health_proto_enumTypes,
+		MessageInfos:      file_grpc_health_v1_health_proto_msgTypes,
+	}.Build()
+	File_grpc_health_v1_health_proto = out.File
+	file_grpc_health_v1_health_proto_rawDesc = nil
+	file_grpc_health_v1_health_proto_goTypes = nil
+	file_grpc_health_v1_health_proto_depIdxs = nil
+}
diff --git a/apis/vendor/google.golang.org/grpc/health/grpc_health_v1/health_grpc.pb.go b/apis/vendor/google.golang.org/grpc/health/grpc_health_v1/health_grpc.pb.go
new file mode 100644
index 000000000..4439cda0f
--- /dev/null
+++ b/apis/vendor/google.golang.org/grpc/health/grpc_health_v1/health_grpc.pb.go
@@ -0,0 +1,237 @@
+// Copyright 2015 The gRPC Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// The canonical version of this proto can be found at
+// https://github.com/grpc/grpc-proto/blob/master/grpc/health/v1/health.proto
+
+// Code generated by protoc-gen-go-grpc. DO NOT EDIT.
+// versions:
+// - protoc-gen-go-grpc v1.3.0
+// - protoc             v4.22.0
+// source: grpc/health/v1/health.proto
+
+package grpc_health_v1
+
+import (
+	context "context"
+	grpc "google.golang.org/grpc"
+	codes "google.golang.org/grpc/codes"
+	status "google.golang.org/grpc/status"
+)
+
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the grpc package it is being compiled against.
+// Requires gRPC-Go v1.32.0 or later.
+const _ = grpc.SupportPackageIsVersion7
+
+const (
+	Health_Check_FullMethodName = "/grpc.health.v1.Health/Check"
+	Health_Watch_FullMethodName = "/grpc.health.v1.Health/Watch"
+)
+
+// HealthClient is the client API for Health service.
+//
+// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.
+type HealthClient interface {
+	// Check gets the health of the specified service. If the requested service
+	// is unknown, the call will fail with status NOT_FOUND. If the caller does
+	// not specify a service name, the server should respond with its overall
+	// health status.
+	//
+	// Clients should set a deadline when calling Check, and can declare the
+	// server unhealthy if they do not receive a timely response.
+	//
+	// Check implementations should be idempotent and side effect free.
+	Check(ctx context.Context, in *HealthCheckRequest, opts ...grpc.CallOption) (*HealthCheckResponse, error)
+	// Performs a watch for the serving status of the requested service.
+	// The server will immediately send back a message indicating the current
+	// serving status.  It will then subsequently send a new message whenever
+	// the service's serving status changes.
+	//
+	// If the requested service is unknown when the call is received, the
+	// server will send a message setting the serving status to
+	// SERVICE_UNKNOWN but will *not* terminate the call.  If at some
+	// future point, the serving status of the service becomes known, the
+	// server will send a new message with the service's serving status.
+	//
+	// If the call terminates with status UNIMPLEMENTED, then clients
+	// should assume this method is not supported and should not retry the
+	// call.  If the call terminates with any other status (including OK),
+	// clients should retry the call with appropriate exponential backoff.
+	Watch(ctx context.Context, in *HealthCheckRequest, opts ...grpc.CallOption) (Health_WatchClient, error)
+}
+
+type healthClient struct {
+	cc grpc.ClientConnInterface
+}
+
+func NewHealthClient(cc grpc.ClientConnInterface) HealthClient {
+	return &healthClient{cc}
+}
+
+func (c *healthClient) Check(ctx context.Context, in *HealthCheckRequest, opts ...grpc.CallOption) (*HealthCheckResponse, error) {
+	out := new(HealthCheckResponse)
+	err := c.cc.Invoke(ctx, Health_Check_FullMethodName, in, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *healthClient) Watch(ctx context.Context, in *HealthCheckRequest, opts ...grpc.CallOption) (Health_WatchClient, error) {
+	stream, err := c.cc.NewStream(ctx, &Health_ServiceDesc.Streams[0], Health_Watch_FullMethodName, opts...)
+	if err != nil {
+		return nil, err
+	}
+	x := &healthWatchClient{stream}
+	if err := x.ClientStream.SendMsg(in); err != nil {
+		return nil, err
+	}
+	if err := x.ClientStream.CloseSend(); err != nil {
+		return nil, err
+	}
+	return x, nil
+}
+
+type Health_WatchClient interface {
+	Recv() (*HealthCheckResponse, error)
+	grpc.ClientStream
+}
+
+type healthWatchClient struct {
+	grpc.ClientStream
+}
+
+func (x *healthWatchClient) Recv() (*HealthCheckResponse, error) {
+	m := new(HealthCheckResponse)
+	if err := x.ClientStream.RecvMsg(m); err != nil {
+		return nil, err
+	}
+	return m, nil
+}
+
+// HealthServer is the server API for Health service.
+// All implementations should embed UnimplementedHealthServer
+// for forward compatibility
+type HealthServer interface {
+	// Check gets the health of the specified service. If the requested service
+	// is unknown, the call will fail with status NOT_FOUND. If the caller does
+	// not specify a service name, the server should respond with its overall
+	// health status.
+	//
+	// Clients should set a deadline when calling Check, and can declare the
+	// server unhealthy if they do not receive a timely response.
+	//
+	// Check implementations should be idempotent and side effect free.
+	Check(context.Context, *HealthCheckRequest) (*HealthCheckResponse, error)
+	// Performs a watch for the serving status of the requested service.
+	// The server will immediately send back a message indicating the current
+	// serving status.  It will then subsequently send a new message whenever
+	// the service's serving status changes.
+	//
+	// If the requested service is unknown when the call is received, the
+	// server will send a message setting the serving status to
+	// SERVICE_UNKNOWN but will *not* terminate the call.  If at some
+	// future point, the serving status of the service becomes known, the
+	// server will send a new message with the service's serving status.
+	//
+	// If the call terminates with status UNIMPLEMENTED, then clients
+	// should assume this method is not supported and should not retry the
+	// call.  If the call terminates with any other status (including OK),
+	// clients should retry the call with appropriate exponential backoff.
+	Watch(*HealthCheckRequest, Health_WatchServer) error
+}
+
+// UnimplementedHealthServer should be embedded to have forward compatible implementations.
+type UnimplementedHealthServer struct {
+}
+
+func (UnimplementedHealthServer) Check(context.Context, *HealthCheckRequest) (*HealthCheckResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method Check not implemented")
+}
+func (UnimplementedHealthServer) Watch(*HealthCheckRequest, Health_WatchServer) error {
+	return status.Errorf(codes.Unimplemented, "method Watch not implemented")
+}
+
+// UnsafeHealthServer may be embedded to opt out of forward compatibility for this service.
+// Use of this interface is not recommended, as added methods to HealthServer will
+// result in compilation errors.
+type UnsafeHealthServer interface {
+	mustEmbedUnimplementedHealthServer()
+}
+
+func RegisterHealthServer(s grpc.ServiceRegistrar, srv HealthServer) {
+	s.RegisterService(&Health_ServiceDesc, srv)
+}
+
+func _Health_Check_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(HealthCheckRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(HealthServer).Check(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: Health_Check_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(HealthServer).Check(ctx, req.(*HealthCheckRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _Health_Watch_Handler(srv interface{}, stream grpc.ServerStream) error {
+	m := new(HealthCheckRequest)
+	if err := stream.RecvMsg(m); err != nil {
+		return err
+	}
+	return srv.(HealthServer).Watch(m, &healthWatchServer{stream})
+}
+
+type Health_WatchServer interface {
+	Send(*HealthCheckResponse) error
+	grpc.ServerStream
+}
+
+type healthWatchServer struct {
+	grpc.ServerStream
+}
+
+func (x *healthWatchServer) Send(m *HealthCheckResponse) error {
+	return x.ServerStream.SendMsg(m)
+}
+
+// Health_ServiceDesc is the grpc.ServiceDesc for Health service.
+// It's only intended for direct use with grpc.RegisterService,
+// and not to be introspected or modified (even as a copy)
+var Health_ServiceDesc = grpc.ServiceDesc{
+	ServiceName: "grpc.health.v1.Health",
+	HandlerType: (*HealthServer)(nil),
+	Methods: []grpc.MethodDesc{
+		{
+			MethodName: "Check",
+			Handler:    _Health_Check_Handler,
+		},
+	},
+	Streams: []grpc.StreamDesc{
+		{
+			StreamName:    "Watch",
+			Handler:       _Health_Watch_Handler,
+			ServerStreams: true,
+		},
+	},
+	Metadata: "grpc/health/v1/health.proto",
+}
diff --git a/apis/vendor/google.golang.org/grpc/interceptor.go b/apis/vendor/google.golang.org/grpc/interceptor.go
index bb96ef57b..877d78fc3 100644
--- a/apis/vendor/google.golang.org/grpc/interceptor.go
+++ b/apis/vendor/google.golang.org/grpc/interceptor.go
@@ -23,7 +23,7 @@ import (
 )
 
 // UnaryInvoker is called by UnaryClientInterceptor to complete RPCs.
-type UnaryInvoker func(ctx context.Context, method string, req, reply interface{}, cc *ClientConn, opts ...CallOption) error
+type UnaryInvoker func(ctx context.Context, method string, req, reply any, cc *ClientConn, opts ...CallOption) error
 
 // UnaryClientInterceptor intercepts the execution of a unary RPC on the client.
 // Unary interceptors can be specified as a DialOption, using
@@ -40,7 +40,7 @@ type UnaryInvoker func(ctx context.Context, method string, req, reply interface{
 // defaults from the ClientConn as well as per-call options.
 //
 // The returned error must be compatible with the status package.
-type UnaryClientInterceptor func(ctx context.Context, method string, req, reply interface{}, cc *ClientConn, invoker UnaryInvoker, opts ...CallOption) error
+type UnaryClientInterceptor func(ctx context.Context, method string, req, reply any, cc *ClientConn, invoker UnaryInvoker, opts ...CallOption) error
 
 // Streamer is called by StreamClientInterceptor to create a ClientStream.
 type Streamer func(ctx context.Context, desc *StreamDesc, cc *ClientConn, method string, opts ...CallOption) (ClientStream, error)
@@ -66,7 +66,7 @@ type StreamClientInterceptor func(ctx context.Context, desc *StreamDesc, cc *Cli
 // server side. All per-rpc information may be mutated by the interceptor.
 type UnaryServerInfo struct {
 	// Server is the service implementation the user provides. This is read-only.
-	Server interface{}
+	Server any
 	// FullMethod is the full RPC method string, i.e., /package.service/method.
 	FullMethod string
 }
@@ -78,13 +78,13 @@ type UnaryServerInfo struct {
 // status package, or be one of the context errors. Otherwise, gRPC will use
 // codes.Unknown as the status code and err.Error() as the status message of the
 // RPC.
-type UnaryHandler func(ctx context.Context, req interface{}) (interface{}, error)
+type UnaryHandler func(ctx context.Context, req any) (any, error)
 
 // UnaryServerInterceptor provides a hook to intercept the execution of a unary RPC on the server. info
 // contains all the information of this RPC the interceptor can operate on. And handler is the wrapper
 // of the service method implementation. It is the responsibility of the interceptor to invoke handler
 // to complete the RPC.
-type UnaryServerInterceptor func(ctx context.Context, req interface{}, info *UnaryServerInfo, handler UnaryHandler) (resp interface{}, err error)
+type UnaryServerInterceptor func(ctx context.Context, req any, info *UnaryServerInfo, handler UnaryHandler) (resp any, err error)
 
 // StreamServerInfo consists of various information about a streaming RPC on
 // server side. All per-rpc information may be mutated by the interceptor.
@@ -101,4 +101,4 @@ type StreamServerInfo struct {
 // info contains all the information of this RPC the interceptor can operate on. And handler is the
 // service method implementation. It is the responsibility of the interceptor to invoke handler to
 // complete the RPC.
-type StreamServerInterceptor func(srv interface{}, ss ServerStream, info *StreamServerInfo, handler StreamHandler) error
+type StreamServerInterceptor func(srv any, ss ServerStream, info *StreamServerInfo, handler StreamHandler) error
diff --git a/apis/vendor/google.golang.org/grpc/internal/backoff/backoff.go b/apis/vendor/google.golang.org/grpc/internal/backoff/backoff.go
index 5fc0ee3da..fed1c011a 100644
--- a/apis/vendor/google.golang.org/grpc/internal/backoff/backoff.go
+++ b/apis/vendor/google.golang.org/grpc/internal/backoff/backoff.go
@@ -23,6 +23,8 @@
 package backoff
 
 import (
+	"context"
+	"errors"
 	"time"
 
 	grpcbackoff "google.golang.org/grpc/backoff"
@@ -71,3 +73,37 @@ func (bc Exponential) Backoff(retries int) time.Duration {
 	}
 	return time.Duration(backoff)
 }
+
+// ErrResetBackoff is the error to be returned by the function executed by RunF,
+// to instruct the latter to reset its backoff state.
+var ErrResetBackoff = errors.New("reset backoff state")
+
+// RunF provides a convenient way to run a function f repeatedly until the
+// context expires or f returns a non-nil error that is not ErrResetBackoff.
+// When f returns ErrResetBackoff, RunF continues to run f, but resets its
+// backoff state before doing so. backoff accepts an integer representing the
+// number of retries, and returns the amount of time to backoff.
+func RunF(ctx context.Context, f func() error, backoff func(int) time.Duration) {
+	attempt := 0
+	timer := time.NewTimer(0)
+	for ctx.Err() == nil {
+		select {
+		case <-timer.C:
+		case <-ctx.Done():
+			timer.Stop()
+			return
+		}
+
+		err := f()
+		if errors.Is(err, ErrResetBackoff) {
+			timer.Reset(0)
+			attempt = 0
+			continue
+		}
+		if err != nil {
+			return
+		}
+		timer.Reset(backoff(attempt))
+		attempt++
+	}
+}
diff --git a/apis/vendor/google.golang.org/grpc/internal/balancer/gracefulswitch/gracefulswitch.go b/apis/vendor/google.golang.org/grpc/internal/balancer/gracefulswitch/gracefulswitch.go
index 08666f62a..3c594e6e4 100644
--- a/apis/vendor/google.golang.org/grpc/internal/balancer/gracefulswitch/gracefulswitch.go
+++ b/apis/vendor/google.golang.org/grpc/internal/balancer/gracefulswitch/gracefulswitch.go
@@ -200,8 +200,8 @@ func (gsb *Balancer) ExitIdle() {
 	}
 }
 
-// UpdateSubConnState forwards the update to the appropriate child.
-func (gsb *Balancer) UpdateSubConnState(sc balancer.SubConn, state balancer.SubConnState) {
+// updateSubConnState forwards the update to the appropriate child.
+func (gsb *Balancer) updateSubConnState(sc balancer.SubConn, state balancer.SubConnState, cb func(balancer.SubConnState)) {
 	gsb.currentMu.Lock()
 	defer gsb.currentMu.Unlock()
 	gsb.mu.Lock()
@@ -214,13 +214,26 @@ func (gsb *Balancer) UpdateSubConnState(sc balancer.SubConn, state balancer.SubC
 	} else if gsb.balancerPending != nil && gsb.balancerPending.subconns[sc] {
 		balToUpdate = gsb.balancerPending
 	}
-	gsb.mu.Unlock()
 	if balToUpdate == nil {
 		// SubConn belonged to a stale lb policy that has not yet fully closed,
 		// or the balancer was already closed.
+		gsb.mu.Unlock()
 		return
 	}
-	balToUpdate.UpdateSubConnState(sc, state)
+	if state.ConnectivityState == connectivity.Shutdown {
+		delete(balToUpdate.subconns, sc)
+	}
+	gsb.mu.Unlock()
+	if cb != nil {
+		cb(state)
+	} else {
+		balToUpdate.UpdateSubConnState(sc, state)
+	}
+}
+
+// UpdateSubConnState forwards the update to the appropriate child.
+func (gsb *Balancer) UpdateSubConnState(sc balancer.SubConn, state balancer.SubConnState) {
+	gsb.updateSubConnState(sc, state, nil)
 }
 
 // Close closes any active child balancers.
@@ -242,7 +255,7 @@ func (gsb *Balancer) Close() {
 //
 // It implements the balancer.ClientConn interface and is passed down in that
 // capacity to the wrapped balancer. It maintains a set of subConns created by
-// the wrapped balancer and calls from the latter to create/update/remove
+// the wrapped balancer and calls from the latter to create/update/shutdown
 // SubConns update this set before being forwarded to the parent ClientConn.
 // State updates from the wrapped balancer can result in invocation of the
 // graceful switch logic.
@@ -254,21 +267,10 @@ type balancerWrapper struct {
 	subconns  map[balancer.SubConn]bool // subconns created by this balancer
 }
 
-func (bw *balancerWrapper) UpdateSubConnState(sc balancer.SubConn, state balancer.SubConnState) {
-	if state.ConnectivityState == connectivity.Shutdown {
-		bw.gsb.mu.Lock()
-		delete(bw.subconns, sc)
-		bw.gsb.mu.Unlock()
-	}
-	// There is no need to protect this read with a mutex, as the write to the
-	// Balancer field happens in SwitchTo, which completes before this can be
-	// called.
-	bw.Balancer.UpdateSubConnState(sc, state)
-}
-
-// Close closes the underlying LB policy and removes the subconns it created. bw
-// must not be referenced via balancerCurrent or balancerPending in gsb when
-// called. gsb.mu must not be held.  Does not panic with a nil receiver.
+// Close closes the underlying LB policy and shuts down the subconns it
+// created. bw must not be referenced via balancerCurrent or balancerPending in
+// gsb when called. gsb.mu must not be held.  Does not panic with a nil
+// receiver.
 func (bw *balancerWrapper) Close() {
 	// before Close is called.
 	if bw == nil {
@@ -281,7 +283,7 @@ func (bw *balancerWrapper) Close() {
 	bw.Balancer.Close()
 	bw.gsb.mu.Lock()
 	for sc := range bw.subconns {
-		bw.gsb.cc.RemoveSubConn(sc)
+		sc.Shutdown()
 	}
 	bw.gsb.mu.Unlock()
 }
@@ -335,13 +337,16 @@ func (bw *balancerWrapper) NewSubConn(addrs []resolver.Address, opts balancer.Ne
 	}
 	bw.gsb.mu.Unlock()
 
+	var sc balancer.SubConn
+	oldListener := opts.StateListener
+	opts.StateListener = func(state balancer.SubConnState) { bw.gsb.updateSubConnState(sc, state, oldListener) }
 	sc, err := bw.gsb.cc.NewSubConn(addrs, opts)
 	if err != nil {
 		return nil, err
 	}
 	bw.gsb.mu.Lock()
 	if !bw.gsb.balancerCurrentOrPending(bw) { // balancer was closed during this call
-		bw.gsb.cc.RemoveSubConn(sc)
+		sc.Shutdown()
 		bw.gsb.mu.Unlock()
 		return nil, fmt.Errorf("%T at address %p that called NewSubConn is deleted", bw, bw)
 	}
@@ -360,13 +365,9 @@ func (bw *balancerWrapper) ResolveNow(opts resolver.ResolveNowOptions) {
 }
 
 func (bw *balancerWrapper) RemoveSubConn(sc balancer.SubConn) {
-	bw.gsb.mu.Lock()
-	if !bw.gsb.balancerCurrentOrPending(bw) {
-		bw.gsb.mu.Unlock()
-		return
-	}
-	bw.gsb.mu.Unlock()
-	bw.gsb.cc.RemoveSubConn(sc)
+	// Note: existing third party balancers may call this, so it must remain
+	// until RemoveSubConn is fully removed.
+	sc.Shutdown()
 }
 
 func (bw *balancerWrapper) UpdateAddresses(sc balancer.SubConn, addrs []resolver.Address) {
diff --git a/apis/vendor/google.golang.org/grpc/internal/balancerload/load.go b/apis/vendor/google.golang.org/grpc/internal/balancerload/load.go
index 3a905d966..94a08d687 100644
--- a/apis/vendor/google.golang.org/grpc/internal/balancerload/load.go
+++ b/apis/vendor/google.golang.org/grpc/internal/balancerload/load.go
@@ -25,7 +25,7 @@ import (
 // Parser converts loads from metadata into a concrete type.
 type Parser interface {
 	// Parse parses loads from metadata.
-	Parse(md metadata.MD) interface{}
+	Parse(md metadata.MD) any
 }
 
 var parser Parser
@@ -38,7 +38,7 @@ func SetParser(lr Parser) {
 }
 
 // Parse calls parser.Read().
-func Parse(md metadata.MD) interface{} {
+func Parse(md metadata.MD) any {
 	if parser == nil {
 		return nil
 	}
diff --git a/apis/vendor/google.golang.org/grpc/internal/binarylog/method_logger.go b/apis/vendor/google.golang.org/grpc/internal/binarylog/method_logger.go
index 6c3f63221..0f31274a3 100644
--- a/apis/vendor/google.golang.org/grpc/internal/binarylog/method_logger.go
+++ b/apis/vendor/google.golang.org/grpc/internal/binarylog/method_logger.go
@@ -230,7 +230,7 @@ type ClientMessage struct {
 	OnClientSide bool
 	// Message can be a proto.Message or []byte. Other messages formats are not
 	// supported.
-	Message interface{}
+	Message any
 }
 
 func (c *ClientMessage) toProto() *binlogpb.GrpcLogEntry {
@@ -270,7 +270,7 @@ type ServerMessage struct {
 	OnClientSide bool
 	// Message can be a proto.Message or []byte. Other messages formats are not
 	// supported.
-	Message interface{}
+	Message any
 }
 
 func (c *ServerMessage) toProto() *binlogpb.GrpcLogEntry {
diff --git a/apis/vendor/google.golang.org/grpc/internal/buffer/unbounded.go b/apis/vendor/google.golang.org/grpc/internal/buffer/unbounded.go
index 81c2f5fd7..4399c3df4 100644
--- a/apis/vendor/google.golang.org/grpc/internal/buffer/unbounded.go
+++ b/apis/vendor/google.golang.org/grpc/internal/buffer/unbounded.go
@@ -28,25 +28,25 @@ import "sync"
 // the underlying mutex used for synchronization.
 //
 // Unbounded supports values of any type to be stored in it by using a channel
-// of `interface{}`. This means that a call to Put() incurs an extra memory
-// allocation, and also that users need a type assertion while reading. For
-// performance critical code paths, using Unbounded is strongly discouraged and
-// defining a new type specific implementation of this buffer is preferred. See
+// of `any`. This means that a call to Put() incurs an extra memory allocation,
+// and also that users need a type assertion while reading. For performance
+// critical code paths, using Unbounded is strongly discouraged and defining a
+// new type specific implementation of this buffer is preferred. See
 // internal/transport/transport.go for an example of this.
 type Unbounded struct {
-	c       chan interface{}
+	c       chan any
 	closed  bool
 	mu      sync.Mutex
-	backlog []interface{}
+	backlog []any
 }
 
 // NewUnbounded returns a new instance of Unbounded.
 func NewUnbounded() *Unbounded {
-	return &Unbounded{c: make(chan interface{}, 1)}
+	return &Unbounded{c: make(chan any, 1)}
 }
 
 // Put adds t to the unbounded buffer.
-func (b *Unbounded) Put(t interface{}) {
+func (b *Unbounded) Put(t any) {
 	b.mu.Lock()
 	defer b.mu.Unlock()
 	if b.closed {
@@ -89,7 +89,7 @@ func (b *Unbounded) Load() {
 //
 // If the unbounded buffer is closed, the read channel returned by this method
 // is closed.
-func (b *Unbounded) Get() <-chan interface{} {
+func (b *Unbounded) Get() <-chan any {
 	return b.c
 }
 
diff --git a/apis/vendor/google.golang.org/grpc/internal/channelz/funcs.go b/apis/vendor/google.golang.org/grpc/internal/channelz/funcs.go
index 777cbcd79..5395e7752 100644
--- a/apis/vendor/google.golang.org/grpc/internal/channelz/funcs.go
+++ b/apis/vendor/google.golang.org/grpc/internal/channelz/funcs.go
@@ -24,9 +24,7 @@
 package channelz
 
 import (
-	"context"
 	"errors"
-	"fmt"
 	"sort"
 	"sync"
 	"sync/atomic"
@@ -40,8 +38,11 @@ const (
 )
 
 var (
-	db    dbWrapper
-	idGen idGenerator
+	// IDGen is the global channelz entity ID generator.  It should not be used
+	// outside this package except by tests.
+	IDGen IDGenerator
+
+	db dbWrapper
 	// EntryPerPage defines the number of channelz entries to be shown on a web page.
 	EntryPerPage  = int64(50)
 	curState      int32
@@ -52,14 +53,14 @@ var (
 func TurnOn() {
 	if !IsOn() {
 		db.set(newChannelMap())
-		idGen.reset()
+		IDGen.Reset()
 		atomic.StoreInt32(&curState, 1)
 	}
 }
 
 // IsOn returns whether channelz data collection is on.
 func IsOn() bool {
-	return atomic.CompareAndSwapInt32(&curState, 1, 1)
+	return atomic.LoadInt32(&curState) == 1
 }
 
 // SetMaxTraceEntry sets maximum number of trace entry per entity (i.e. channel/subchannel).
@@ -97,43 +98,6 @@ func (d *dbWrapper) get() *channelMap {
 	return d.DB
 }
 
-// NewChannelzStorageForTesting initializes channelz data storage and id
-// generator for testing purposes.
-//
-// Returns a cleanup function to be invoked by the test, which waits for up to
-// 10s for all channelz state to be reset by the grpc goroutines when those
-// entities get closed. This cleanup function helps with ensuring that tests
-// don't mess up each other.
-func NewChannelzStorageForTesting() (cleanup func() error) {
-	db.set(newChannelMap())
-	idGen.reset()
-
-	return func() error {
-		cm := db.get()
-		if cm == nil {
-			return nil
-		}
-
-		ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
-		defer cancel()
-		ticker := time.NewTicker(10 * time.Millisecond)
-		defer ticker.Stop()
-		for {
-			cm.mu.RLock()
-			topLevelChannels, servers, channels, subChannels, listenSockets, normalSockets := len(cm.topLevelChannels), len(cm.servers), len(cm.channels), len(cm.subChannels), len(cm.listenSockets), len(cm.normalSockets)
-			cm.mu.RUnlock()
-
-			if err := ctx.Err(); err != nil {
-				return fmt.Errorf("after 10s the channelz map has not been cleaned up yet, topchannels: %d, servers: %d, channels: %d, subchannels: %d, listen sockets: %d, normal sockets: %d", topLevelChannels, servers, channels, subChannels, listenSockets, normalSockets)
-			}
-			if topLevelChannels == 0 && servers == 0 && channels == 0 && subChannels == 0 && listenSockets == 0 && normalSockets == 0 {
-				return nil
-			}
-			<-ticker.C
-		}
-	}
-}
-
 // GetTopChannels returns a slice of top channel's ChannelMetric, along with a
 // boolean indicating whether there's more top channels to be queried for.
 //
@@ -193,7 +157,7 @@ func GetServer(id int64) *ServerMetric {
 //
 // If channelz is not turned ON, the channelz database is not mutated.
 func RegisterChannel(c Channel, pid *Identifier, ref string) *Identifier {
-	id := idGen.genID()
+	id := IDGen.genID()
 	var parent int64
 	isTopChannel := true
 	if pid != nil {
@@ -229,7 +193,7 @@ func RegisterSubChannel(c Channel, pid *Identifier, ref string) (*Identifier, er
 	if pid == nil {
 		return nil, errors.New("a SubChannel's parent id cannot be nil")
 	}
-	id := idGen.genID()
+	id := IDGen.genID()
 	if !IsOn() {
 		return newIdentifer(RefSubChannel, id, pid), nil
 	}
@@ -251,7 +215,7 @@ func RegisterSubChannel(c Channel, pid *Identifier, ref string) (*Identifier, er
 //
 // If channelz is not turned ON, the channelz database is not mutated.
 func RegisterServer(s Server, ref string) *Identifier {
-	id := idGen.genID()
+	id := IDGen.genID()
 	if !IsOn() {
 		return newIdentifer(RefServer, id, nil)
 	}
@@ -277,7 +241,7 @@ func RegisterListenSocket(s Socket, pid *Identifier, ref string) (*Identifier, e
 	if pid == nil {
 		return nil, errors.New("a ListenSocket's parent id cannot be 0")
 	}
-	id := idGen.genID()
+	id := IDGen.genID()
 	if !IsOn() {
 		return newIdentifer(RefListenSocket, id, pid), nil
 	}
@@ -297,7 +261,7 @@ func RegisterNormalSocket(s Socket, pid *Identifier, ref string) (*Identifier, e
 	if pid == nil {
 		return nil, errors.New("a NormalSocket's parent id cannot be 0")
 	}
-	id := idGen.genID()
+	id := IDGen.genID()
 	if !IsOn() {
 		return newIdentifer(RefNormalSocket, id, pid), nil
 	}
@@ -776,14 +740,17 @@ func (c *channelMap) GetServer(id int64) *ServerMetric {
 	return sm
 }
 
-type idGenerator struct {
+// IDGenerator is an incrementing atomic that tracks IDs for channelz entities.
+type IDGenerator struct {
 	id int64
 }
 
-func (i *idGenerator) reset() {
+// Reset resets the generated ID back to zero.  Should only be used at
+// initialization or by tests sensitive to the ID number.
+func (i *IDGenerator) Reset() {
 	atomic.StoreInt64(&i.id, 0)
 }
 
-func (i *idGenerator) genID() int64 {
+func (i *IDGenerator) genID() int64 {
 	return atomic.AddInt64(&i.id, 1)
 }
diff --git a/apis/vendor/google.golang.org/grpc/internal/channelz/logging.go b/apis/vendor/google.golang.org/grpc/internal/channelz/logging.go
index 8e13a3d2c..f89e6f77b 100644
--- a/apis/vendor/google.golang.org/grpc/internal/channelz/logging.go
+++ b/apis/vendor/google.golang.org/grpc/internal/channelz/logging.go
@@ -31,7 +31,7 @@ func withParens(id *Identifier) string {
 }
 
 // Info logs and adds a trace event if channelz is on.
-func Info(l grpclog.DepthLoggerV2, id *Identifier, args ...interface{}) {
+func Info(l grpclog.DepthLoggerV2, id *Identifier, args ...any) {
 	AddTraceEvent(l, id, 1, &TraceEventDesc{
 		Desc:     fmt.Sprint(args...),
 		Severity: CtInfo,
@@ -39,7 +39,7 @@ func Info(l grpclog.DepthLoggerV2, id *Identifier, args ...interface{}) {
 }
 
 // Infof logs and adds a trace event if channelz is on.
-func Infof(l grpclog.DepthLoggerV2, id *Identifier, format string, args ...interface{}) {
+func Infof(l grpclog.DepthLoggerV2, id *Identifier, format string, args ...any) {
 	AddTraceEvent(l, id, 1, &TraceEventDesc{
 		Desc:     fmt.Sprintf(format, args...),
 		Severity: CtInfo,
@@ -47,7 +47,7 @@ func Infof(l grpclog.DepthLoggerV2, id *Identifier, format string, args ...inter
 }
 
 // Warning logs and adds a trace event if channelz is on.
-func Warning(l grpclog.DepthLoggerV2, id *Identifier, args ...interface{}) {
+func Warning(l grpclog.DepthLoggerV2, id *Identifier, args ...any) {
 	AddTraceEvent(l, id, 1, &TraceEventDesc{
 		Desc:     fmt.Sprint(args...),
 		Severity: CtWarning,
@@ -55,7 +55,7 @@ func Warning(l grpclog.DepthLoggerV2, id *Identifier, args ...interface{}) {
 }
 
 // Warningf logs and adds a trace event if channelz is on.
-func Warningf(l grpclog.DepthLoggerV2, id *Identifier, format string, args ...interface{}) {
+func Warningf(l grpclog.DepthLoggerV2, id *Identifier, format string, args ...any) {
 	AddTraceEvent(l, id, 1, &TraceEventDesc{
 		Desc:     fmt.Sprintf(format, args...),
 		Severity: CtWarning,
@@ -63,7 +63,7 @@ func Warningf(l grpclog.DepthLoggerV2, id *Identifier, format string, args ...in
 }
 
 // Error logs and adds a trace event if channelz is on.
-func Error(l grpclog.DepthLoggerV2, id *Identifier, args ...interface{}) {
+func Error(l grpclog.DepthLoggerV2, id *Identifier, args ...any) {
 	AddTraceEvent(l, id, 1, &TraceEventDesc{
 		Desc:     fmt.Sprint(args...),
 		Severity: CtError,
@@ -71,7 +71,7 @@ func Error(l grpclog.DepthLoggerV2, id *Identifier, args ...interface{}) {
 }
 
 // Errorf logs and adds a trace event if channelz is on.
-func Errorf(l grpclog.DepthLoggerV2, id *Identifier, format string, args ...interface{}) {
+func Errorf(l grpclog.DepthLoggerV2, id *Identifier, format string, args ...any) {
 	AddTraceEvent(l, id, 1, &TraceEventDesc{
 		Desc:     fmt.Sprintf(format, args...),
 		Severity: CtError,
diff --git a/apis/vendor/google.golang.org/grpc/internal/channelz/types.go b/apis/vendor/google.golang.org/grpc/internal/channelz/types.go
index 7b2f350e2..1d4020f53 100644
--- a/apis/vendor/google.golang.org/grpc/internal/channelz/types.go
+++ b/apis/vendor/google.golang.org/grpc/internal/channelz/types.go
@@ -628,6 +628,7 @@ type tracedChannel interface {
 
 type channelTrace struct {
 	cm          *channelMap
+	clearCalled bool
 	createdTime time.Time
 	eventCount  int64
 	mu          sync.Mutex
@@ -656,6 +657,10 @@ func (c *channelTrace) append(e *TraceEvent) {
 }
 
 func (c *channelTrace) clear() {
+	if c.clearCalled {
+		return
+	}
+	c.clearCalled = true
 	c.mu.Lock()
 	for _, e := range c.events {
 		if e.RefID != 0 {
diff --git a/apis/vendor/google.golang.org/grpc/internal/channelz/util_linux.go b/apis/vendor/google.golang.org/grpc/internal/channelz/util_linux.go
index 8d194e44e..98288c3f8 100644
--- a/apis/vendor/google.golang.org/grpc/internal/channelz/util_linux.go
+++ b/apis/vendor/google.golang.org/grpc/internal/channelz/util_linux.go
@@ -23,7 +23,7 @@ import (
 )
 
 // GetSocketOption gets the socket option info of the conn.
-func GetSocketOption(socket interface{}) *SocketOptionData {
+func GetSocketOption(socket any) *SocketOptionData {
 	c, ok := socket.(syscall.Conn)
 	if !ok {
 		return nil
diff --git a/apis/vendor/google.golang.org/grpc/internal/channelz/util_nonlinux.go b/apis/vendor/google.golang.org/grpc/internal/channelz/util_nonlinux.go
index 837ddc402..b5568b22e 100644
--- a/apis/vendor/google.golang.org/grpc/internal/channelz/util_nonlinux.go
+++ b/apis/vendor/google.golang.org/grpc/internal/channelz/util_nonlinux.go
@@ -22,6 +22,6 @@
 package channelz
 
 // GetSocketOption gets the socket option info of the conn.
-func GetSocketOption(c interface{}) *SocketOptionData {
+func GetSocketOption(c any) *SocketOptionData {
 	return nil
 }
diff --git a/apis/vendor/google.golang.org/grpc/internal/credentials/credentials.go b/apis/vendor/google.golang.org/grpc/internal/credentials/credentials.go
index 32c9b5903..9deee7f65 100644
--- a/apis/vendor/google.golang.org/grpc/internal/credentials/credentials.go
+++ b/apis/vendor/google.golang.org/grpc/internal/credentials/credentials.go
@@ -25,12 +25,12 @@ import (
 type requestInfoKey struct{}
 
 // NewRequestInfoContext creates a context with ri.
-func NewRequestInfoContext(ctx context.Context, ri interface{}) context.Context {
+func NewRequestInfoContext(ctx context.Context, ri any) context.Context {
 	return context.WithValue(ctx, requestInfoKey{}, ri)
 }
 
 // RequestInfoFromContext extracts the RequestInfo from ctx.
-func RequestInfoFromContext(ctx context.Context) interface{} {
+func RequestInfoFromContext(ctx context.Context) any {
 	return ctx.Value(requestInfoKey{})
 }
 
@@ -39,11 +39,11 @@ func RequestInfoFromContext(ctx context.Context) interface{} {
 type clientHandshakeInfoKey struct{}
 
 // ClientHandshakeInfoFromContext extracts the ClientHandshakeInfo from ctx.
-func ClientHandshakeInfoFromContext(ctx context.Context) interface{} {
+func ClientHandshakeInfoFromContext(ctx context.Context) any {
 	return ctx.Value(clientHandshakeInfoKey{})
 }
 
 // NewClientHandshakeInfoContext creates a context with chi.
-func NewClientHandshakeInfoContext(ctx context.Context, chi interface{}) context.Context {
+func NewClientHandshakeInfoContext(ctx context.Context, chi any) context.Context {
 	return context.WithValue(ctx, clientHandshakeInfoKey{}, chi)
 }
diff --git a/apis/vendor/google.golang.org/grpc/internal/envconfig/envconfig.go b/apis/vendor/google.golang.org/grpc/internal/envconfig/envconfig.go
index 80fd5c7d2..3cf10ddfb 100644
--- a/apis/vendor/google.golang.org/grpc/internal/envconfig/envconfig.go
+++ b/apis/vendor/google.golang.org/grpc/internal/envconfig/envconfig.go
@@ -37,9 +37,15 @@ var (
 	// checking which NACKs configs specifying ring sizes > 8*1024*1024 (~8M).
 	RingHashCap = uint64FromEnv("GRPC_RING_HASH_CAP", 4096, 1, 8*1024*1024)
 	// PickFirstLBConfig is set if we should support configuration of the
-	// pick_first LB policy, which can be enabled by setting the environment
-	// variable "GRPC_EXPERIMENTAL_PICKFIRST_LB_CONFIG" to "true".
-	PickFirstLBConfig = boolFromEnv("GRPC_EXPERIMENTAL_PICKFIRST_LB_CONFIG", false)
+	// pick_first LB policy.
+	PickFirstLBConfig = boolFromEnv("GRPC_EXPERIMENTAL_PICKFIRST_LB_CONFIG", true)
+	// LeastRequestLB is set if we should support the least_request_experimental
+	// LB policy, which can be enabled by setting the environment variable
+	// "GRPC_EXPERIMENTAL_ENABLE_LEAST_REQUEST" to "true".
+	LeastRequestLB = boolFromEnv("GRPC_EXPERIMENTAL_ENABLE_LEAST_REQUEST", false)
+	// ALTSMaxConcurrentHandshakes is the maximum number of concurrent ALTS
+	// handshakes that can be performed.
+	ALTSMaxConcurrentHandshakes = uint64FromEnv("GRPC_ALTS_MAX_CONCURRENT_HANDSHAKES", 100, 1, 100)
 )
 
 func boolFromEnv(envVar string, def bool) bool {
diff --git a/apis/vendor/google.golang.org/grpc/internal/grpclog/grpclog.go b/apis/vendor/google.golang.org/grpc/internal/grpclog/grpclog.go
index b68e26a36..bfc45102a 100644
--- a/apis/vendor/google.golang.org/grpc/internal/grpclog/grpclog.go
+++ b/apis/vendor/google.golang.org/grpc/internal/grpclog/grpclog.go
@@ -30,7 +30,7 @@ var Logger LoggerV2
 var DepthLogger DepthLoggerV2
 
 // InfoDepth logs to the INFO log at the specified depth.
-func InfoDepth(depth int, args ...interface{}) {
+func InfoDepth(depth int, args ...any) {
 	if DepthLogger != nil {
 		DepthLogger.InfoDepth(depth, args...)
 	} else {
@@ -39,7 +39,7 @@ func InfoDepth(depth int, args ...interface{}) {
 }
 
 // WarningDepth logs to the WARNING log at the specified depth.
-func WarningDepth(depth int, args ...interface{}) {
+func WarningDepth(depth int, args ...any) {
 	if DepthLogger != nil {
 		DepthLogger.WarningDepth(depth, args...)
 	} else {
@@ -48,7 +48,7 @@ func WarningDepth(depth int, args ...interface{}) {
 }
 
 // ErrorDepth logs to the ERROR log at the specified depth.
-func ErrorDepth(depth int, args ...interface{}) {
+func ErrorDepth(depth int, args ...any) {
 	if DepthLogger != nil {
 		DepthLogger.ErrorDepth(depth, args...)
 	} else {
@@ -57,7 +57,7 @@ func ErrorDepth(depth int, args ...interface{}) {
 }
 
 // FatalDepth logs to the FATAL log at the specified depth.
-func FatalDepth(depth int, args ...interface{}) {
+func FatalDepth(depth int, args ...any) {
 	if DepthLogger != nil {
 		DepthLogger.FatalDepth(depth, args...)
 	} else {
@@ -71,35 +71,35 @@ func FatalDepth(depth int, args ...interface{}) {
 // is defined here to avoid a circular dependency.
 type LoggerV2 interface {
 	// Info logs to INFO log. Arguments are handled in the manner of fmt.Print.
-	Info(args ...interface{})
+	Info(args ...any)
 	// Infoln logs to INFO log. Arguments are handled in the manner of fmt.Println.
-	Infoln(args ...interface{})
+	Infoln(args ...any)
 	// Infof logs to INFO log. Arguments are handled in the manner of fmt.Printf.
-	Infof(format string, args ...interface{})
+	Infof(format string, args ...any)
 	// Warning logs to WARNING log. Arguments are handled in the manner of fmt.Print.
-	Warning(args ...interface{})
+	Warning(args ...any)
 	// Warningln logs to WARNING log. Arguments are handled in the manner of fmt.Println.
-	Warningln(args ...interface{})
+	Warningln(args ...any)
 	// Warningf logs to WARNING log. Arguments are handled in the manner of fmt.Printf.
-	Warningf(format string, args ...interface{})
+	Warningf(format string, args ...any)
 	// Error logs to ERROR log. Arguments are handled in the manner of fmt.Print.
-	Error(args ...interface{})
+	Error(args ...any)
 	// Errorln logs to ERROR log. Arguments are handled in the manner of fmt.Println.
-	Errorln(args ...interface{})
+	Errorln(args ...any)
 	// Errorf logs to ERROR log. Arguments are handled in the manner of fmt.Printf.
-	Errorf(format string, args ...interface{})
+	Errorf(format string, args ...any)
 	// Fatal logs to ERROR log. Arguments are handled in the manner of fmt.Print.
 	// gRPC ensures that all Fatal logs will exit with os.Exit(1).
 	// Implementations may also call os.Exit() with a non-zero exit code.
-	Fatal(args ...interface{})
+	Fatal(args ...any)
 	// Fatalln logs to ERROR log. Arguments are handled in the manner of fmt.Println.
 	// gRPC ensures that all Fatal logs will exit with os.Exit(1).
 	// Implementations may also call os.Exit() with a non-zero exit code.
-	Fatalln(args ...interface{})
+	Fatalln(args ...any)
 	// Fatalf logs to ERROR log. Arguments are handled in the manner of fmt.Printf.
 	// gRPC ensures that all Fatal logs will exit with os.Exit(1).
 	// Implementations may also call os.Exit() with a non-zero exit code.
-	Fatalf(format string, args ...interface{})
+	Fatalf(format string, args ...any)
 	// V reports whether verbosity level l is at least the requested verbose level.
 	V(l int) bool
 }
@@ -116,11 +116,11 @@ type LoggerV2 interface {
 // later release.
 type DepthLoggerV2 interface {
 	// InfoDepth logs to INFO log at the specified depth. Arguments are handled in the manner of fmt.Println.
-	InfoDepth(depth int, args ...interface{})
+	InfoDepth(depth int, args ...any)
 	// WarningDepth logs to WARNING log at the specified depth. Arguments are handled in the manner of fmt.Println.
-	WarningDepth(depth int, args ...interface{})
+	WarningDepth(depth int, args ...any)
 	// ErrorDepth logs to ERROR log at the specified depth. Arguments are handled in the manner of fmt.Println.
-	ErrorDepth(depth int, args ...interface{})
+	ErrorDepth(depth int, args ...any)
 	// FatalDepth logs to FATAL log at the specified depth. Arguments are handled in the manner of fmt.Println.
-	FatalDepth(depth int, args ...interface{})
+	FatalDepth(depth int, args ...any)
 }
diff --git a/apis/vendor/google.golang.org/grpc/internal/grpclog/prefixLogger.go b/apis/vendor/google.golang.org/grpc/internal/grpclog/prefixLogger.go
index 02224b42c..faa998de7 100644
--- a/apis/vendor/google.golang.org/grpc/internal/grpclog/prefixLogger.go
+++ b/apis/vendor/google.golang.org/grpc/internal/grpclog/prefixLogger.go
@@ -31,7 +31,7 @@ type PrefixLogger struct {
 }
 
 // Infof does info logging.
-func (pl *PrefixLogger) Infof(format string, args ...interface{}) {
+func (pl *PrefixLogger) Infof(format string, args ...any) {
 	if pl != nil {
 		// Handle nil, so the tests can pass in a nil logger.
 		format = pl.prefix + format
@@ -42,7 +42,7 @@ func (pl *PrefixLogger) Infof(format string, args ...interface{}) {
 }
 
 // Warningf does warning logging.
-func (pl *PrefixLogger) Warningf(format string, args ...interface{}) {
+func (pl *PrefixLogger) Warningf(format string, args ...any) {
 	if pl != nil {
 		format = pl.prefix + format
 		pl.logger.WarningDepth(1, fmt.Sprintf(format, args...))
@@ -52,7 +52,7 @@ func (pl *PrefixLogger) Warningf(format string, args ...interface{}) {
 }
 
 // Errorf does error logging.
-func (pl *PrefixLogger) Errorf(format string, args ...interface{}) {
+func (pl *PrefixLogger) Errorf(format string, args ...any) {
 	if pl != nil {
 		format = pl.prefix + format
 		pl.logger.ErrorDepth(1, fmt.Sprintf(format, args...))
@@ -62,7 +62,7 @@ func (pl *PrefixLogger) Errorf(format string, args ...interface{}) {
 }
 
 // Debugf does info logging at verbose level 2.
-func (pl *PrefixLogger) Debugf(format string, args ...interface{}) {
+func (pl *PrefixLogger) Debugf(format string, args ...any) {
 	// TODO(6044): Refactor interfaces LoggerV2 and DepthLogger, and maybe
 	// rewrite PrefixLogger a little to ensure that we don't use the global
 	// `Logger` here, and instead use the `logger` field.
diff --git a/apis/vendor/google.golang.org/grpc/internal/grpcrand/grpcrand.go b/apis/vendor/google.golang.org/grpc/internal/grpcrand/grpcrand.go
index d08e3e907..aa97273e7 100644
--- a/apis/vendor/google.golang.org/grpc/internal/grpcrand/grpcrand.go
+++ b/apis/vendor/google.golang.org/grpc/internal/grpcrand/grpcrand.go
@@ -80,6 +80,13 @@ func Uint32() uint32 {
 	return r.Uint32()
 }
 
+// ExpFloat64 implements rand.ExpFloat64 on the grpcrand global source.
+func ExpFloat64() float64 {
+	mu.Lock()
+	defer mu.Unlock()
+	return r.ExpFloat64()
+}
+
 // Shuffle implements rand.Shuffle on the grpcrand global source.
 var Shuffle = func(n int, f func(int, int)) {
 	mu.Lock()
diff --git a/apis/vendor/google.golang.org/grpc/internal/grpcsync/callback_serializer.go b/apis/vendor/google.golang.org/grpc/internal/grpcsync/callback_serializer.go
index 37b8d4117..900917dbe 100644
--- a/apis/vendor/google.golang.org/grpc/internal/grpcsync/callback_serializer.go
+++ b/apis/vendor/google.golang.org/grpc/internal/grpcsync/callback_serializer.go
@@ -32,10 +32,10 @@ import (
 //
 // This type is safe for concurrent access.
 type CallbackSerializer struct {
-	// Done is closed once the serializer is shut down completely, i.e all
+	// done is closed once the serializer is shut down completely, i.e all
 	// scheduled callbacks are executed and the serializer has deallocated all
 	// its resources.
-	Done chan struct{}
+	done chan struct{}
 
 	callbacks *buffer.Unbounded
 	closedMu  sync.Mutex
@@ -48,12 +48,12 @@ type CallbackSerializer struct {
 // callbacks will be added once this context is canceled, and any pending un-run
 // callbacks will be executed before the serializer is shut down.
 func NewCallbackSerializer(ctx context.Context) *CallbackSerializer {
-	t := &CallbackSerializer{
-		Done:      make(chan struct{}),
+	cs := &CallbackSerializer{
+		done:      make(chan struct{}),
 		callbacks: buffer.NewUnbounded(),
 	}
-	go t.run(ctx)
-	return t
+	go cs.run(ctx)
+	return cs
 }
 
 // Schedule adds a callback to be scheduled after existing callbacks are run.
@@ -64,56 +64,62 @@ func NewCallbackSerializer(ctx context.Context) *CallbackSerializer {
 // Return value indicates if the callback was successfully added to the list of
 // callbacks to be executed by the serializer. It is not possible to add
 // callbacks once the context passed to NewCallbackSerializer is cancelled.
-func (t *CallbackSerializer) Schedule(f func(ctx context.Context)) bool {
-	t.closedMu.Lock()
-	defer t.closedMu.Unlock()
+func (cs *CallbackSerializer) Schedule(f func(ctx context.Context)) bool {
+	cs.closedMu.Lock()
+	defer cs.closedMu.Unlock()
 
-	if t.closed {
+	if cs.closed {
 		return false
 	}
-	t.callbacks.Put(f)
+	cs.callbacks.Put(f)
 	return true
 }
 
-func (t *CallbackSerializer) run(ctx context.Context) {
+func (cs *CallbackSerializer) run(ctx context.Context) {
 	var backlog []func(context.Context)
 
-	defer close(t.Done)
+	defer close(cs.done)
 	for ctx.Err() == nil {
 		select {
 		case <-ctx.Done():
 			// Do nothing here. Next iteration of the for loop will not happen,
 			// since ctx.Err() would be non-nil.
-		case callback, ok := <-t.callbacks.Get():
+		case callback, ok := <-cs.callbacks.Get():
 			if !ok {
 				return
 			}
-			t.callbacks.Load()
+			cs.callbacks.Load()
 			callback.(func(ctx context.Context))(ctx)
 		}
 	}
 
 	// Fetch pending callbacks if any, and execute them before returning from
-	// this method and closing t.Done.
-	t.closedMu.Lock()
-	t.closed = true
-	backlog = t.fetchPendingCallbacks()
-	t.callbacks.Close()
-	t.closedMu.Unlock()
+	// this method and closing cs.done.
+	cs.closedMu.Lock()
+	cs.closed = true
+	backlog = cs.fetchPendingCallbacks()
+	cs.callbacks.Close()
+	cs.closedMu.Unlock()
 	for _, b := range backlog {
 		b(ctx)
 	}
 }
 
-func (t *CallbackSerializer) fetchPendingCallbacks() []func(context.Context) {
+func (cs *CallbackSerializer) fetchPendingCallbacks() []func(context.Context) {
 	var backlog []func(context.Context)
 	for {
 		select {
-		case b := <-t.callbacks.Get():
+		case b := <-cs.callbacks.Get():
 			backlog = append(backlog, b.(func(context.Context)))
-			t.callbacks.Load()
+			cs.callbacks.Load()
 		default:
 			return backlog
 		}
 	}
 }
+
+// Done returns a channel that is closed after the context passed to
+// NewCallbackSerializer is canceled and all callbacks have been executed.
+func (cs *CallbackSerializer) Done() <-chan struct{} {
+	return cs.done
+}
diff --git a/apis/vendor/google.golang.org/grpc/internal/grpcsync/pubsub.go b/apis/vendor/google.golang.org/grpc/internal/grpcsync/pubsub.go
new file mode 100644
index 000000000..aef8cec1a
--- /dev/null
+++ b/apis/vendor/google.golang.org/grpc/internal/grpcsync/pubsub.go
@@ -0,0 +1,121 @@
+/*
+ *
+ * Copyright 2023 gRPC authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package grpcsync
+
+import (
+	"context"
+	"sync"
+)
+
+// Subscriber represents an entity that is subscribed to messages published on
+// a PubSub. It wraps the callback to be invoked by the PubSub when a new
+// message is published.
+type Subscriber interface {
+	// OnMessage is invoked when a new message is published. Implementations
+	// must not block in this method.
+	OnMessage(msg any)
+}
+
+// PubSub is a simple one-to-many publish-subscribe system that supports
+// messages of arbitrary type. It guarantees that messages are delivered in
+// the same order in which they were published.
+//
+// Publisher invokes the Publish() method to publish new messages, while
+// subscribers interested in receiving these messages register a callback
+// via the Subscribe() method.
+//
+// Once a PubSub is stopped, no more messages can be published, but any pending
+// published messages will be delivered to the subscribers.  Done may be used
+// to determine when all published messages have been delivered.
+type PubSub struct {
+	cs *CallbackSerializer
+
+	// Access to the below fields are guarded by this mutex.
+	mu          sync.Mutex
+	msg         any
+	subscribers map[Subscriber]bool
+}
+
+// NewPubSub returns a new PubSub instance.  Users should cancel the
+// provided context to shutdown the PubSub.
+func NewPubSub(ctx context.Context) *PubSub {
+	return &PubSub{
+		cs:          NewCallbackSerializer(ctx),
+		subscribers: map[Subscriber]bool{},
+	}
+}
+
+// Subscribe registers the provided Subscriber to the PubSub.
+//
+// If the PubSub contains a previously published message, the Subscriber's
+// OnMessage() callback will be invoked asynchronously with the existing
+// message to begin with, and subsequently for every newly published message.
+//
+// The caller is responsible for invoking the returned cancel function to
+// unsubscribe itself from the PubSub.
+func (ps *PubSub) Subscribe(sub Subscriber) (cancel func()) {
+	ps.mu.Lock()
+	defer ps.mu.Unlock()
+
+	ps.subscribers[sub] = true
+
+	if ps.msg != nil {
+		msg := ps.msg
+		ps.cs.Schedule(func(context.Context) {
+			ps.mu.Lock()
+			defer ps.mu.Unlock()
+			if !ps.subscribers[sub] {
+				return
+			}
+			sub.OnMessage(msg)
+		})
+	}
+
+	return func() {
+		ps.mu.Lock()
+		defer ps.mu.Unlock()
+		delete(ps.subscribers, sub)
+	}
+}
+
+// Publish publishes the provided message to the PubSub, and invokes
+// callbacks registered by subscribers asynchronously.
+func (ps *PubSub) Publish(msg any) {
+	ps.mu.Lock()
+	defer ps.mu.Unlock()
+
+	ps.msg = msg
+	for sub := range ps.subscribers {
+		s := sub
+		ps.cs.Schedule(func(context.Context) {
+			ps.mu.Lock()
+			defer ps.mu.Unlock()
+			if !ps.subscribers[s] {
+				return
+			}
+			s.OnMessage(msg)
+		})
+	}
+}
+
+// Done returns a channel that is closed after the context passed to NewPubSub
+// is canceled and all updates have been sent to subscribers.
+func (ps *PubSub) Done() <-chan struct{} {
+	return ps.cs.Done()
+}
diff --git a/apis/vendor/google.golang.org/grpc/idle.go b/apis/vendor/google.golang.org/grpc/internal/idle/idle.go
similarity index 61%
rename from apis/vendor/google.golang.org/grpc/idle.go
rename to apis/vendor/google.golang.org/grpc/internal/idle/idle.go
index dc3dc72f6..6c272476e 100644
--- a/apis/vendor/google.golang.org/grpc/idle.go
+++ b/apis/vendor/google.golang.org/grpc/internal/idle/idle.go
@@ -16,7 +16,9 @@
  *
  */
 
-package grpc
+// Package idle contains a component for managing idleness (entering and exiting)
+// based on RPC activity.
+package idle
 
 import (
 	"fmt"
@@ -24,6 +26,8 @@ import (
 	"sync"
 	"sync/atomic"
 	"time"
+
+	"google.golang.org/grpc/grpclog"
 )
 
 // For overriding in unit tests.
@@ -31,31 +35,31 @@ var timeAfterFunc = func(d time.Duration, f func()) *time.Timer {
 	return time.AfterFunc(d, f)
 }
 
-// idlenessEnforcer is the functionality provided by grpc.ClientConn to enter
+// Enforcer is the functionality provided by grpc.ClientConn to enter
 // and exit from idle mode.
-type idlenessEnforcer interface {
-	exitIdleMode() error
-	enterIdleMode() error
+type Enforcer interface {
+	ExitIdleMode() error
+	EnterIdleMode() error
 }
 
-// idlenessManager defines the functionality required to track RPC activity on a
+// Manager defines the functionality required to track RPC activity on a
 // channel.
-type idlenessManager interface {
-	onCallBegin() error
-	onCallEnd()
-	close()
+type Manager interface {
+	OnCallBegin() error
+	OnCallEnd()
+	Close()
 }
 
-type noopIdlenessManager struct{}
+type noopManager struct{}
 
-func (noopIdlenessManager) onCallBegin() error { return nil }
-func (noopIdlenessManager) onCallEnd()         {}
-func (noopIdlenessManager) close()             {}
+func (noopManager) OnCallBegin() error { return nil }
+func (noopManager) OnCallEnd()         {}
+func (noopManager) Close()             {}
 
-// idlenessManagerImpl implements the idlenessManager interface. It uses atomic
-// operations to synchronize access to shared state and a mutex to guarantee
-// mutual exclusion in a critical section.
-type idlenessManagerImpl struct {
+// manager implements the Manager interface. It uses atomic operations to
+// synchronize access to shared state and a mutex to guarantee mutual exclusion
+// in a critical section.
+type manager struct {
 	// State accessed atomically.
 	lastCallEndTime           int64 // Unix timestamp in nanos; time when the most recent RPC completed.
 	activeCallsCount          int32 // Count of active RPCs; -math.MaxInt32 means channel is idle or is trying to get there.
@@ -64,14 +68,15 @@ type idlenessManagerImpl struct {
 
 	// Can be accessed without atomics or mutex since these are set at creation
 	// time and read-only after that.
-	enforcer idlenessEnforcer // Functionality provided by grpc.ClientConn.
-	timeout  int64            // Idle timeout duration nanos stored as an int64.
+	enforcer Enforcer // Functionality provided by grpc.ClientConn.
+	timeout  int64    // Idle timeout duration nanos stored as an int64.
+	logger   grpclog.LoggerV2
 
 	// idleMu is used to guarantee mutual exclusion in two scenarios:
 	// - Opposing intentions:
 	//   - a: Idle timeout has fired and handleIdleTimeout() is trying to put
 	//     the channel in idle mode because the channel has been inactive.
-	//   - b: At the same time an RPC is made on the channel, and onCallBegin()
+	//   - b: At the same time an RPC is made on the channel, and OnCallBegin()
 	//     is trying to prevent the channel from going idle.
 	// - Competing intentions:
 	//   - The channel is in idle mode and there are multiple RPCs starting at
@@ -83,28 +88,37 @@ type idlenessManagerImpl struct {
 	timer        *time.Timer
 }
 
-// newIdlenessManager creates a new idleness manager implementation for the
+// ManagerOptions is a collection of options used by
+// NewManager.
+type ManagerOptions struct {
+	Enforcer Enforcer
+	Timeout  time.Duration
+	Logger   grpclog.LoggerV2
+}
+
+// NewManager creates a new idleness manager implementation for the
 // given idle timeout.
-func newIdlenessManager(enforcer idlenessEnforcer, idleTimeout time.Duration) idlenessManager {
-	if idleTimeout == 0 {
-		return noopIdlenessManager{}
+func NewManager(opts ManagerOptions) Manager {
+	if opts.Timeout == 0 {
+		return noopManager{}
 	}
 
-	i := &idlenessManagerImpl{
-		enforcer: enforcer,
-		timeout:  int64(idleTimeout),
+	m := &manager{
+		enforcer: opts.Enforcer,
+		timeout:  int64(opts.Timeout),
+		logger:   opts.Logger,
 	}
-	i.timer = timeAfterFunc(idleTimeout, i.handleIdleTimeout)
-	return i
+	m.timer = timeAfterFunc(opts.Timeout, m.handleIdleTimeout)
+	return m
 }
 
 // resetIdleTimer resets the idle timer to the given duration. This method
 // should only be called from the timer callback.
-func (i *idlenessManagerImpl) resetIdleTimer(d time.Duration) {
-	i.idleMu.Lock()
-	defer i.idleMu.Unlock()
+func (m *manager) resetIdleTimer(d time.Duration) {
+	m.idleMu.Lock()
+	defer m.idleMu.Unlock()
 
-	if i.timer == nil {
+	if m.timer == nil {
 		// Only close sets timer to nil. We are done.
 		return
 	}
@@ -112,47 +126,47 @@ func (i *idlenessManagerImpl) resetIdleTimer(d time.Duration) {
 	// It is safe to ignore the return value from Reset() because this method is
 	// only ever called from the timer callback, which means the timer has
 	// already fired.
-	i.timer.Reset(d)
+	m.timer.Reset(d)
 }
 
 // handleIdleTimeout is the timer callback that is invoked upon expiry of the
 // configured idle timeout. The channel is considered inactive if there are no
 // ongoing calls and no RPC activity since the last time the timer fired.
-func (i *idlenessManagerImpl) handleIdleTimeout() {
-	if i.isClosed() {
+func (m *manager) handleIdleTimeout() {
+	if m.isClosed() {
 		return
 	}
 
-	if atomic.LoadInt32(&i.activeCallsCount) > 0 {
-		i.resetIdleTimer(time.Duration(i.timeout))
+	if atomic.LoadInt32(&m.activeCallsCount) > 0 {
+		m.resetIdleTimer(time.Duration(m.timeout))
 		return
 	}
 
 	// There has been activity on the channel since we last got here. Reset the
 	// timer and return.
-	if atomic.LoadInt32(&i.activeSinceLastTimerCheck) == 1 {
+	if atomic.LoadInt32(&m.activeSinceLastTimerCheck) == 1 {
 		// Set the timer to fire after a duration of idle timeout, calculated
 		// from the time the most recent RPC completed.
-		atomic.StoreInt32(&i.activeSinceLastTimerCheck, 0)
-		i.resetIdleTimer(time.Duration(atomic.LoadInt64(&i.lastCallEndTime) + i.timeout - time.Now().UnixNano()))
+		atomic.StoreInt32(&m.activeSinceLastTimerCheck, 0)
+		m.resetIdleTimer(time.Duration(atomic.LoadInt64(&m.lastCallEndTime) + m.timeout - time.Now().UnixNano()))
 		return
 	}
 
 	// This CAS operation is extremely likely to succeed given that there has
 	// been no activity since the last time we were here.  Setting the
-	// activeCallsCount to -math.MaxInt32 indicates to onCallBegin() that the
+	// activeCallsCount to -math.MaxInt32 indicates to OnCallBegin() that the
 	// channel is either in idle mode or is trying to get there.
-	if !atomic.CompareAndSwapInt32(&i.activeCallsCount, 0, -math.MaxInt32) {
+	if !atomic.CompareAndSwapInt32(&m.activeCallsCount, 0, -math.MaxInt32) {
 		// This CAS operation can fail if an RPC started after we checked for
 		// activity at the top of this method, or one was ongoing from before
 		// the last time we were here. In both case, reset the timer and return.
-		i.resetIdleTimer(time.Duration(i.timeout))
+		m.resetIdleTimer(time.Duration(m.timeout))
 		return
 	}
 
 	// Now that we've set the active calls count to -math.MaxInt32, it's time to
 	// actually move to idle mode.
-	if i.tryEnterIdleMode() {
+	if m.tryEnterIdleMode() {
 		// Successfully entered idle mode. No timer needed until we exit idle.
 		return
 	}
@@ -160,8 +174,8 @@ func (i *idlenessManagerImpl) handleIdleTimeout() {
 	// Failed to enter idle mode due to a concurrent RPC that kept the channel
 	// active, or because of an error from the channel. Undo the attempt to
 	// enter idle, and reset the timer to try again later.
-	atomic.AddInt32(&i.activeCallsCount, math.MaxInt32)
-	i.resetIdleTimer(time.Duration(i.timeout))
+	atomic.AddInt32(&m.activeCallsCount, math.MaxInt32)
+	m.resetIdleTimer(time.Duration(m.timeout))
 }
 
 // tryEnterIdleMode instructs the channel to enter idle mode. But before
@@ -171,15 +185,15 @@ func (i *idlenessManagerImpl) handleIdleTimeout() {
 // Return value indicates whether or not the channel moved to idle mode.
 //
 // Holds idleMu which ensures mutual exclusion with exitIdleMode.
-func (i *idlenessManagerImpl) tryEnterIdleMode() bool {
-	i.idleMu.Lock()
-	defer i.idleMu.Unlock()
+func (m *manager) tryEnterIdleMode() bool {
+	m.idleMu.Lock()
+	defer m.idleMu.Unlock()
 
-	if atomic.LoadInt32(&i.activeCallsCount) != -math.MaxInt32 {
+	if atomic.LoadInt32(&m.activeCallsCount) != -math.MaxInt32 {
 		// We raced and lost to a new RPC. Very rare, but stop entering idle.
 		return false
 	}
-	if atomic.LoadInt32(&i.activeSinceLastTimerCheck) == 1 {
+	if atomic.LoadInt32(&m.activeSinceLastTimerCheck) == 1 {
 		// An very short RPC could have come in (and also finished) after we
 		// checked for calls count and activity in handleIdleTimeout(), but
 		// before the CAS operation. So, we need to check for activity again.
@@ -189,99 +203,99 @@ func (i *idlenessManagerImpl) tryEnterIdleMode() bool {
 	// No new RPCs have come in since we last set the active calls count value
 	// -math.MaxInt32 in the timer callback. And since we have the lock, it is
 	// safe to enter idle mode now.
-	if err := i.enforcer.enterIdleMode(); err != nil {
-		logger.Errorf("Failed to enter idle mode: %v", err)
+	if err := m.enforcer.EnterIdleMode(); err != nil {
+		m.logger.Errorf("Failed to enter idle mode: %v", err)
 		return false
 	}
 
 	// Successfully entered idle mode.
-	i.actuallyIdle = true
+	m.actuallyIdle = true
 	return true
 }
 
-// onCallBegin is invoked at the start of every RPC.
-func (i *idlenessManagerImpl) onCallBegin() error {
-	if i.isClosed() {
+// OnCallBegin is invoked at the start of every RPC.
+func (m *manager) OnCallBegin() error {
+	if m.isClosed() {
 		return nil
 	}
 
-	if atomic.AddInt32(&i.activeCallsCount, 1) > 0 {
+	if atomic.AddInt32(&m.activeCallsCount, 1) > 0 {
 		// Channel is not idle now. Set the activity bit and allow the call.
-		atomic.StoreInt32(&i.activeSinceLastTimerCheck, 1)
+		atomic.StoreInt32(&m.activeSinceLastTimerCheck, 1)
 		return nil
 	}
 
 	// Channel is either in idle mode or is in the process of moving to idle
 	// mode. Attempt to exit idle mode to allow this RPC.
-	if err := i.exitIdleMode(); err != nil {
+	if err := m.exitIdleMode(); err != nil {
 		// Undo the increment to calls count, and return an error causing the
 		// RPC to fail.
-		atomic.AddInt32(&i.activeCallsCount, -1)
+		atomic.AddInt32(&m.activeCallsCount, -1)
 		return err
 	}
 
-	atomic.StoreInt32(&i.activeSinceLastTimerCheck, 1)
+	atomic.StoreInt32(&m.activeSinceLastTimerCheck, 1)
 	return nil
 }
 
 // exitIdleMode instructs the channel to exit idle mode.
 //
 // Holds idleMu which ensures mutual exclusion with tryEnterIdleMode.
-func (i *idlenessManagerImpl) exitIdleMode() error {
-	i.idleMu.Lock()
-	defer i.idleMu.Unlock()
+func (m *manager) exitIdleMode() error {
+	m.idleMu.Lock()
+	defer m.idleMu.Unlock()
 
-	if !i.actuallyIdle {
+	if !m.actuallyIdle {
 		// This can happen in two scenarios:
 		// - handleIdleTimeout() set the calls count to -math.MaxInt32 and called
 		//   tryEnterIdleMode(). But before the latter could grab the lock, an RPC
-		//   came in and onCallBegin() noticed that the calls count is negative.
+		//   came in and OnCallBegin() noticed that the calls count is negative.
 		// - Channel is in idle mode, and multiple new RPCs come in at the same
-		//   time, all of them notice a negative calls count in onCallBegin and get
+		//   time, all of them notice a negative calls count in OnCallBegin and get
 		//   here. The first one to get the lock would got the channel to exit idle.
 		//
 		// Either way, nothing to do here.
 		return nil
 	}
 
-	if err := i.enforcer.exitIdleMode(); err != nil {
+	if err := m.enforcer.ExitIdleMode(); err != nil {
 		return fmt.Errorf("channel failed to exit idle mode: %v", err)
 	}
 
 	// Undo the idle entry process. This also respects any new RPC attempts.
-	atomic.AddInt32(&i.activeCallsCount, math.MaxInt32)
-	i.actuallyIdle = false
+	atomic.AddInt32(&m.activeCallsCount, math.MaxInt32)
+	m.actuallyIdle = false
 
 	// Start a new timer to fire after the configured idle timeout.
-	i.timer = timeAfterFunc(time.Duration(i.timeout), i.handleIdleTimeout)
+	m.timer = timeAfterFunc(time.Duration(m.timeout), m.handleIdleTimeout)
 	return nil
 }
 
-// onCallEnd is invoked at the end of every RPC.
-func (i *idlenessManagerImpl) onCallEnd() {
-	if i.isClosed() {
+// OnCallEnd is invoked at the end of every RPC.
+func (m *manager) OnCallEnd() {
+	if m.isClosed() {
 		return
 	}
 
 	// Record the time at which the most recent call finished.
-	atomic.StoreInt64(&i.lastCallEndTime, time.Now().UnixNano())
+	atomic.StoreInt64(&m.lastCallEndTime, time.Now().UnixNano())
 
 	// Decrement the active calls count. This count can temporarily go negative
 	// when the timer callback is in the process of moving the channel to idle
 	// mode, but one or more RPCs come in and complete before the timer callback
 	// can get done with the process of moving to idle mode.
-	atomic.AddInt32(&i.activeCallsCount, -1)
+	atomic.AddInt32(&m.activeCallsCount, -1)
 }
 
-func (i *idlenessManagerImpl) isClosed() bool {
-	return atomic.LoadInt32(&i.closed) == 1
+func (m *manager) isClosed() bool {
+	return atomic.LoadInt32(&m.closed) == 1
 }
 
-func (i *idlenessManagerImpl) close() {
-	atomic.StoreInt32(&i.closed, 1)
+func (m *manager) Close() {
+	atomic.StoreInt32(&m.closed, 1)
 
-	i.idleMu.Lock()
-	i.timer.Stop()
-	i.timer = nil
-	i.idleMu.Unlock()
+	m.idleMu.Lock()
+	m.timer.Stop()
+	m.timer = nil
+	m.idleMu.Unlock()
 }
diff --git a/apis/vendor/google.golang.org/grpc/internal/internal.go b/apis/vendor/google.golang.org/grpc/internal/internal.go
index 42ff39c84..0d94c63e0 100644
--- a/apis/vendor/google.golang.org/grpc/internal/internal.go
+++ b/apis/vendor/google.golang.org/grpc/internal/internal.go
@@ -30,7 +30,7 @@ import (
 
 var (
 	// WithHealthCheckFunc is set by dialoptions.go
-	WithHealthCheckFunc interface{} // func (HealthChecker) DialOption
+	WithHealthCheckFunc any // func (HealthChecker) DialOption
 	// HealthCheckFunc is used to provide client-side LB channel health checking
 	HealthCheckFunc HealthChecker
 	// BalancerUnregister is exported by package balancer to unregister a balancer.
@@ -38,8 +38,12 @@ var (
 	// KeepaliveMinPingTime is the minimum ping interval.  This must be 10s by
 	// default, but tests may wish to set it lower for convenience.
 	KeepaliveMinPingTime = 10 * time.Second
+	// KeepaliveMinServerPingTime is the minimum ping interval for servers.
+	// This must be 1s by default, but tests may wish to set it lower for
+	// convenience.
+	KeepaliveMinServerPingTime = time.Second
 	// ParseServiceConfig parses a JSON representation of the service config.
-	ParseServiceConfig interface{} // func(string) *serviceconfig.ParseResult
+	ParseServiceConfig any // func(string) *serviceconfig.ParseResult
 	// EqualServiceConfigForTesting is for testing service config generation and
 	// parsing. Both a and b should be returned by ParseServiceConfig.
 	// This function compares the config without rawJSON stripped, in case the
@@ -49,33 +53,33 @@ var (
 	// given name. This is set by package certprovider for use from xDS
 	// bootstrap code while parsing certificate provider configs in the
 	// bootstrap file.
-	GetCertificateProviderBuilder interface{} // func(string) certprovider.Builder
+	GetCertificateProviderBuilder any // func(string) certprovider.Builder
 	// GetXDSHandshakeInfoForTesting returns a pointer to the xds.HandshakeInfo
 	// stored in the passed in attributes. This is set by
 	// credentials/xds/xds.go.
-	GetXDSHandshakeInfoForTesting interface{} // func (*attributes.Attributes) *xds.HandshakeInfo
+	GetXDSHandshakeInfoForTesting any // func (*attributes.Attributes) *xds.HandshakeInfo
 	// GetServerCredentials returns the transport credentials configured on a
 	// gRPC server. An xDS-enabled server needs to know what type of credentials
 	// is configured on the underlying gRPC server. This is set by server.go.
-	GetServerCredentials interface{} // func (*grpc.Server) credentials.TransportCredentials
+	GetServerCredentials any // func (*grpc.Server) credentials.TransportCredentials
 	// CanonicalString returns the canonical string of the code defined here:
 	// https://github.com/grpc/grpc/blob/master/doc/statuscodes.md.
 	//
 	// This is used in the 1.0 release of gcp/observability, and thus must not be
 	// deleted or changed.
-	CanonicalString interface{} // func (codes.Code) string
+	CanonicalString any // func (codes.Code) string
 	// DrainServerTransports initiates a graceful close of existing connections
 	// on a gRPC server accepted on the provided listener address. An
 	// xDS-enabled server invokes this method on a grpc.Server when a particular
 	// listener moves to "not-serving" mode.
-	DrainServerTransports interface{} // func(*grpc.Server, string)
+	DrainServerTransports any // func(*grpc.Server, string)
 	// AddGlobalServerOptions adds an array of ServerOption that will be
 	// effective globally for newly created servers. The priority will be: 1.
 	// user-provided; 2. this method; 3. default values.
 	//
 	// This is used in the 1.0 release of gcp/observability, and thus must not be
 	// deleted or changed.
-	AddGlobalServerOptions interface{} // func(opt ...ServerOption)
+	AddGlobalServerOptions any // func(opt ...ServerOption)
 	// ClearGlobalServerOptions clears the array of extra ServerOption. This
 	// method is useful in testing and benchmarking.
 	//
@@ -88,14 +92,14 @@ var (
 	//
 	// This is used in the 1.0 release of gcp/observability, and thus must not be
 	// deleted or changed.
-	AddGlobalDialOptions interface{} // func(opt ...DialOption)
+	AddGlobalDialOptions any // func(opt ...DialOption)
 	// DisableGlobalDialOptions returns a DialOption that prevents the
 	// ClientConn from applying the global DialOptions (set via
 	// AddGlobalDialOptions).
 	//
 	// This is used in the 1.0 release of gcp/observability, and thus must not be
 	// deleted or changed.
-	DisableGlobalDialOptions interface{} // func() grpc.DialOption
+	DisableGlobalDialOptions any // func() grpc.DialOption
 	// ClearGlobalDialOptions clears the array of extra DialOption. This
 	// method is useful in testing and benchmarking.
 	//
@@ -104,23 +108,26 @@ var (
 	ClearGlobalDialOptions func()
 	// JoinDialOptions combines the dial options passed as arguments into a
 	// single dial option.
-	JoinDialOptions interface{} // func(...grpc.DialOption) grpc.DialOption
+	JoinDialOptions any // func(...grpc.DialOption) grpc.DialOption
 	// JoinServerOptions combines the server options passed as arguments into a
 	// single server option.
-	JoinServerOptions interface{} // func(...grpc.ServerOption) grpc.ServerOption
+	JoinServerOptions any // func(...grpc.ServerOption) grpc.ServerOption
 
 	// WithBinaryLogger returns a DialOption that specifies the binary logger
 	// for a ClientConn.
 	//
 	// This is used in the 1.0 release of gcp/observability, and thus must not be
 	// deleted or changed.
-	WithBinaryLogger interface{} // func(binarylog.Logger) grpc.DialOption
+	WithBinaryLogger any // func(binarylog.Logger) grpc.DialOption
 	// BinaryLogger returns a ServerOption that can set the binary logger for a
 	// server.
 	//
 	// This is used in the 1.0 release of gcp/observability, and thus must not be
 	// deleted or changed.
-	BinaryLogger interface{} // func(binarylog.Logger) grpc.ServerOption
+	BinaryLogger any // func(binarylog.Logger) grpc.ServerOption
+
+	// SubscribeToConnectivityStateChanges adds a grpcsync.Subscriber to a provided grpc.ClientConn
+	SubscribeToConnectivityStateChanges any // func(*grpc.ClientConn, grpcsync.Subscriber)
 
 	// NewXDSResolverWithConfigForTesting creates a new xds resolver builder using
 	// the provided xds bootstrap config instead of the global configuration from
@@ -131,7 +138,7 @@ var (
 	//
 	// This function should ONLY be used for testing and may not work with some
 	// other features, including the CSDS service.
-	NewXDSResolverWithConfigForTesting interface{} // func([]byte) (resolver.Builder, error)
+	NewXDSResolverWithConfigForTesting any // func([]byte) (resolver.Builder, error)
 
 	// RegisterRLSClusterSpecifierPluginForTesting registers the RLS Cluster
 	// Specifier Plugin for testing purposes, regardless of the XDSRLS environment
@@ -163,7 +170,17 @@ var (
 	UnregisterRBACHTTPFilterForTesting func()
 
 	// ORCAAllowAnyMinReportingInterval is for examples/orca use ONLY.
-	ORCAAllowAnyMinReportingInterval interface{} // func(so *orca.ServiceOptions)
+	ORCAAllowAnyMinReportingInterval any // func(so *orca.ServiceOptions)
+
+	// GRPCResolverSchemeExtraMetadata determines when gRPC will add extra
+	// metadata to RPCs.
+	GRPCResolverSchemeExtraMetadata string = "xds"
+
+	// EnterIdleModeForTesting gets the ClientConn to enter IDLE mode.
+	EnterIdleModeForTesting any // func(*grpc.ClientConn) error
+
+	// ExitIdleModeForTesting gets the ClientConn to exit IDLE mode.
+	ExitIdleModeForTesting any // func(*grpc.ClientConn) error
 )
 
 // HealthChecker defines the signature of the client-side LB channel health checking function.
@@ -174,7 +191,7 @@ var (
 //
 // The health checking protocol is defined at:
 // https://github.com/grpc/grpc/blob/master/doc/health-checking.md
-type HealthChecker func(ctx context.Context, newStream func(string) (interface{}, error), setConnectivityState func(connectivity.State, error), serviceName string) error
+type HealthChecker func(ctx context.Context, newStream func(string) (any, error), setConnectivityState func(connectivity.State, error), serviceName string) error
 
 const (
 	// CredsBundleModeFallback switches GoogleDefaultCreds to fallback mode.
diff --git a/apis/vendor/google.golang.org/grpc/internal/metadata/metadata.go b/apis/vendor/google.golang.org/grpc/internal/metadata/metadata.go
index c82e608e0..900bfb716 100644
--- a/apis/vendor/google.golang.org/grpc/internal/metadata/metadata.go
+++ b/apis/vendor/google.golang.org/grpc/internal/metadata/metadata.go
@@ -35,7 +35,7 @@ const mdKey = mdKeyType("grpc.internal.address.metadata")
 
 type mdValue metadata.MD
 
-func (m mdValue) Equal(o interface{}) bool {
+func (m mdValue) Equal(o any) bool {
 	om, ok := o.(mdValue)
 	if !ok {
 		return false
diff --git a/apis/vendor/google.golang.org/grpc/internal/pretty/pretty.go b/apis/vendor/google.golang.org/grpc/internal/pretty/pretty.go
index 0177af4b5..703319137 100644
--- a/apis/vendor/google.golang.org/grpc/internal/pretty/pretty.go
+++ b/apis/vendor/google.golang.org/grpc/internal/pretty/pretty.go
@@ -35,7 +35,7 @@ const jsonIndent = "  "
 // ToJSON marshals the input into a json string.
 //
 // If marshal fails, it falls back to fmt.Sprintf("%+v").
-func ToJSON(e interface{}) string {
+func ToJSON(e any) string {
 	switch ee := e.(type) {
 	case protov1.Message:
 		mm := jsonpb.Marshaler{Indent: jsonIndent}
diff --git a/apis/vendor/google.golang.org/grpc/internal/resolver/config_selector.go b/apis/vendor/google.golang.org/grpc/internal/resolver/config_selector.go
index c7a18a948..f0603871c 100644
--- a/apis/vendor/google.golang.org/grpc/internal/resolver/config_selector.go
+++ b/apis/vendor/google.golang.org/grpc/internal/resolver/config_selector.go
@@ -92,7 +92,7 @@ type ClientStream interface {
 	// calling RecvMsg on the same stream at the same time, but it is not safe
 	// to call SendMsg on the same stream in different goroutines. It is also
 	// not safe to call CloseSend concurrently with SendMsg.
-	SendMsg(m interface{}) error
+	SendMsg(m any) error
 	// RecvMsg blocks until it receives a message into m or the stream is
 	// done. It returns io.EOF when the stream completes successfully. On
 	// any other error, the stream is aborted and the error contains the RPC
@@ -101,7 +101,7 @@ type ClientStream interface {
 	// It is safe to have a goroutine calling SendMsg and another goroutine
 	// calling RecvMsg on the same stream at the same time, but it is not
 	// safe to call RecvMsg on the same stream in different goroutines.
-	RecvMsg(m interface{}) error
+	RecvMsg(m any) error
 }
 
 // ClientInterceptor is an interceptor for gRPC client streams.
diff --git a/apis/vendor/google.golang.org/grpc/internal/resolver/dns/dns_resolver.go b/apis/vendor/google.golang.org/grpc/internal/resolver/dns/dns_resolver.go
index 09a667f33..99e1e5b36 100644
--- a/apis/vendor/google.golang.org/grpc/internal/resolver/dns/dns_resolver.go
+++ b/apis/vendor/google.golang.org/grpc/internal/resolver/dns/dns_resolver.go
@@ -62,7 +62,8 @@ const (
 	defaultPort       = "443"
 	defaultDNSSvrPort = "53"
 	golang            = "GO"
-	// txtPrefix is the prefix string to be prepended to the host name for txt record lookup.
+	// txtPrefix is the prefix string to be prepended to the host name for txt
+	// record lookup.
 	txtPrefix = "_grpc_config."
 	// In DNS, service config is encoded in a TXT record via the mechanism
 	// described in RFC-1464 using the attribute name grpc_config.
@@ -86,14 +87,14 @@ var (
 	minDNSResRate = 30 * time.Second
 )
 
-var customAuthorityDialler = func(authority string) func(ctx context.Context, network, address string) (net.Conn, error) {
-	return func(ctx context.Context, network, address string) (net.Conn, error) {
+var addressDialer = func(address string) func(context.Context, string, string) (net.Conn, error) {
+	return func(ctx context.Context, network, _ string) (net.Conn, error) {
 		var dialer net.Dialer
-		return dialer.DialContext(ctx, network, authority)
+		return dialer.DialContext(ctx, network, address)
 	}
 }
 
-var customAuthorityResolver = func(authority string) (netResolver, error) {
+var newNetResolver = func(authority string) (netResolver, error) {
 	host, port, err := parseTarget(authority, defaultDNSSvrPort)
 	if err != nil {
 		return nil, err
@@ -103,7 +104,7 @@ var customAuthorityResolver = func(authority string) (netResolver, error) {
 
 	return &net.Resolver{
 		PreferGo: true,
-		Dial:     customAuthorityDialler(authorityWithPort),
+		Dial:     addressDialer(authorityWithPort),
 	}, nil
 }
 
@@ -114,7 +115,8 @@ func NewBuilder() resolver.Builder {
 
 type dnsBuilder struct{}
 
-// Build creates and starts a DNS resolver that watches the name resolution of the target.
+// Build creates and starts a DNS resolver that watches the name resolution of
+// the target.
 func (b *dnsBuilder) Build(target resolver.Target, cc resolver.ClientConn, opts resolver.BuildOptions) (resolver.Resolver, error) {
 	host, port, err := parseTarget(target.Endpoint(), defaultPort)
 	if err != nil {
@@ -143,7 +145,7 @@ func (b *dnsBuilder) Build(target resolver.Target, cc resolver.ClientConn, opts
 	if target.URL.Host == "" {
 		d.resolver = defaultResolver
 	} else {
-		d.resolver, err = customAuthorityResolver(target.URL.Host)
+		d.resolver, err = newNetResolver(target.URL.Host)
 		if err != nil {
 			return nil, err
 		}
@@ -180,19 +182,22 @@ type dnsResolver struct {
 	ctx      context.Context
 	cancel   context.CancelFunc
 	cc       resolver.ClientConn
-	// rn channel is used by ResolveNow() to force an immediate resolution of the target.
+	// rn channel is used by ResolveNow() to force an immediate resolution of the
+	// target.
 	rn chan struct{}
-	// wg is used to enforce Close() to return after the watcher() goroutine has finished.
-	// Otherwise, data race will be possible. [Race Example] in dns_resolver_test we
-	// replace the real lookup functions with mocked ones to facilitate testing.
-	// If Close() doesn't wait for watcher() goroutine finishes, race detector sometimes
-	// will warns lookup (READ the lookup function pointers) inside watcher() goroutine
-	// has data race with replaceNetFunc (WRITE the lookup function pointers).
+	// wg is used to enforce Close() to return after the watcher() goroutine has
+	// finished. Otherwise, data race will be possible. [Race Example] in
+	// dns_resolver_test we replace the real lookup functions with mocked ones to
+	// facilitate testing. If Close() doesn't wait for watcher() goroutine
+	// finishes, race detector sometimes will warns lookup (READ the lookup
+	// function pointers) inside watcher() goroutine has data race with
+	// replaceNetFunc (WRITE the lookup function pointers).
 	wg                   sync.WaitGroup
 	disableServiceConfig bool
 }
 
-// ResolveNow invoke an immediate resolution of the target that this dnsResolver watches.
+// ResolveNow invoke an immediate resolution of the target that this
+// dnsResolver watches.
 func (d *dnsResolver) ResolveNow(resolver.ResolveNowOptions) {
 	select {
 	case d.rn <- struct{}{}:
@@ -220,8 +225,8 @@ func (d *dnsResolver) watcher() {
 
 		var timer *time.Timer
 		if err == nil {
-			// Success resolving, wait for the next ResolveNow. However, also wait 30 seconds at the very least
-			// to prevent constantly re-resolving.
+			// Success resolving, wait for the next ResolveNow. However, also wait 30
+			// seconds at the very least to prevent constantly re-resolving.
 			backoffIndex = 1
 			timer = newTimerDNSResRate(minDNSResRate)
 			select {
@@ -231,7 +236,8 @@ func (d *dnsResolver) watcher() {
 			case <-d.rn:
 			}
 		} else {
-			// Poll on an error found in DNS Resolver or an error received from ClientConn.
+			// Poll on an error found in DNS Resolver or an error received from
+			// ClientConn.
 			timer = newTimer(backoff.DefaultExponential.Backoff(backoffIndex))
 			backoffIndex++
 		}
@@ -278,7 +284,8 @@ func (d *dnsResolver) lookupSRV() ([]resolver.Address, error) {
 }
 
 func handleDNSError(err error, lookupType string) error {
-	if dnsErr, ok := err.(*net.DNSError); ok && !dnsErr.IsTimeout && !dnsErr.IsTemporary {
+	dnsErr, ok := err.(*net.DNSError)
+	if ok && !dnsErr.IsTimeout && !dnsErr.IsTemporary {
 		// Timeouts and temporary errors should be communicated to gRPC to
 		// attempt another DNS query (with backoff).  Other errors should be
 		// suppressed (they may represent the absence of a TXT record).
@@ -307,10 +314,12 @@ func (d *dnsResolver) lookupTXT() *serviceconfig.ParseResult {
 		res += s
 	}
 
-	// TXT record must have "grpc_config=" attribute in order to be used as service config.
+	// TXT record must have "grpc_config=" attribute in order to be used as
+	// service config.
 	if !strings.HasPrefix(res, txtAttribute) {
 		logger.Warningf("dns: TXT record %v missing %v attribute", res, txtAttribute)
-		// This is not an error; it is the equivalent of not having a service config.
+		// This is not an error; it is the equivalent of not having a service
+		// config.
 		return nil
 	}
 	sc := canaryingSC(strings.TrimPrefix(res, txtAttribute))
@@ -352,9 +361,10 @@ func (d *dnsResolver) lookup() (*resolver.State, error) {
 	return &state, nil
 }
 
-// formatIP returns ok = false if addr is not a valid textual representation of an IP address.
-// If addr is an IPv4 address, return the addr and ok = true.
-// If addr is an IPv6 address, return the addr enclosed in square brackets and ok = true.
+// formatIP returns ok = false if addr is not a valid textual representation of
+// an IP address. If addr is an IPv4 address, return the addr and ok = true.
+// If addr is an IPv6 address, return the addr enclosed in square brackets and
+// ok = true.
 func formatIP(addr string) (addrIP string, ok bool) {
 	ip := net.ParseIP(addr)
 	if ip == nil {
@@ -366,10 +376,10 @@ func formatIP(addr string) (addrIP string, ok bool) {
 	return "[" + addr + "]", true
 }
 
-// parseTarget takes the user input target string and default port, returns formatted host and port info.
-// If target doesn't specify a port, set the port to be the defaultPort.
-// If target is in IPv6 format and host-name is enclosed in square brackets, brackets
-// are stripped when setting the host.
+// parseTarget takes the user input target string and default port, returns
+// formatted host and port info. If target doesn't specify a port, set the port
+// to be the defaultPort. If target is in IPv6 format and host-name is enclosed
+// in square brackets, brackets are stripped when setting the host.
 // examples:
 // target: "www.google.com" defaultPort: "443" returns host: "www.google.com", port: "443"
 // target: "ipv4-host:80" defaultPort: "443" returns host: "ipv4-host", port: "80"
@@ -385,12 +395,14 @@ func parseTarget(target, defaultPort string) (host, port string, err error) {
 	}
 	if host, port, err = net.SplitHostPort(target); err == nil {
 		if port == "" {
-			// If the port field is empty (target ends with colon), e.g. "[::1]:", this is an error.
+			// If the port field is empty (target ends with colon), e.g. "[::1]:",
+			// this is an error.
 			return "", "", errEndsWithColon
 		}
 		// target has port, i.e ipv4-host:port, [ipv6-host]:port, host-name:port
 		if host == "" {
-			// Keep consistent with net.Dial(): If the host is empty, as in ":80", the local system is assumed.
+			// Keep consistent with net.Dial(): If the host is empty, as in ":80",
+			// the local system is assumed.
 			host = "localhost"
 		}
 		return host, port, nil
diff --git a/apis/vendor/google.golang.org/grpc/internal/status/status.go b/apis/vendor/google.golang.org/grpc/internal/status/status.go
index b0ead4f54..03ef2fedd 100644
--- a/apis/vendor/google.golang.org/grpc/internal/status/status.go
+++ b/apis/vendor/google.golang.org/grpc/internal/status/status.go
@@ -43,13 +43,41 @@ type Status struct {
 	s *spb.Status
 }
 
+// NewWithProto returns a new status including details from statusProto.  This
+// is meant to be used by the gRPC library only.
+func NewWithProto(code codes.Code, message string, statusProto []string) *Status {
+	if len(statusProto) != 1 {
+		// No grpc-status-details bin header, or multiple; just ignore.
+		return &Status{s: &spb.Status{Code: int32(code), Message: message}}
+	}
+	st := &spb.Status{}
+	if err := proto.Unmarshal([]byte(statusProto[0]), st); err != nil {
+		// Probably not a google.rpc.Status proto; do not provide details.
+		return &Status{s: &spb.Status{Code: int32(code), Message: message}}
+	}
+	if st.Code == int32(code) {
+		// The codes match between the grpc-status header and the
+		// grpc-status-details-bin header; use the full details proto.
+		return &Status{s: st}
+	}
+	return &Status{
+		s: &spb.Status{
+			Code: int32(codes.Internal),
+			Message: fmt.Sprintf(
+				"grpc-status-details-bin mismatch: grpc-status=%v, grpc-message=%q, grpc-status-details-bin=%+v",
+				code, message, st,
+			),
+		},
+	}
+}
+
 // New returns a Status representing c and msg.
 func New(c codes.Code, msg string) *Status {
 	return &Status{s: &spb.Status{Code: int32(c), Message: msg}}
 }
 
 // Newf returns New(c, fmt.Sprintf(format, a...)).
-func Newf(c codes.Code, format string, a ...interface{}) *Status {
+func Newf(c codes.Code, format string, a ...any) *Status {
 	return New(c, fmt.Sprintf(format, a...))
 }
 
@@ -64,7 +92,7 @@ func Err(c codes.Code, msg string) error {
 }
 
 // Errorf returns Error(c, fmt.Sprintf(format, a...)).
-func Errorf(c codes.Code, format string, a ...interface{}) error {
+func Errorf(c codes.Code, format string, a ...any) error {
 	return Err(c, fmt.Sprintf(format, a...))
 }
 
@@ -120,11 +148,11 @@ func (s *Status) WithDetails(details ...proto.Message) (*Status, error) {
 
 // Details returns a slice of details messages attached to the status.
 // If a detail cannot be decoded, the error is returned in place of the detail.
-func (s *Status) Details() []interface{} {
+func (s *Status) Details() []any {
 	if s == nil || s.s == nil {
 		return nil
 	}
-	details := make([]interface{}, 0, len(s.s.Details))
+	details := make([]any, 0, len(s.s.Details))
 	for _, any := range s.s.Details {
 		detail := &ptypes.DynamicAny{}
 		if err := ptypes.UnmarshalAny(any, detail); err != nil {
diff --git a/apis/vendor/google.golang.org/grpc/internal/transport/controlbuf.go b/apis/vendor/google.golang.org/grpc/internal/transport/controlbuf.go
index be5a9c81e..b330ccedc 100644
--- a/apis/vendor/google.golang.org/grpc/internal/transport/controlbuf.go
+++ b/apis/vendor/google.golang.org/grpc/internal/transport/controlbuf.go
@@ -40,7 +40,7 @@ var updateHeaderTblSize = func(e *hpack.Encoder, v uint32) {
 }
 
 type itemNode struct {
-	it   interface{}
+	it   any
 	next *itemNode
 }
 
@@ -49,7 +49,7 @@ type itemList struct {
 	tail *itemNode
 }
 
-func (il *itemList) enqueue(i interface{}) {
+func (il *itemList) enqueue(i any) {
 	n := &itemNode{it: i}
 	if il.tail == nil {
 		il.head, il.tail = n, n
@@ -61,11 +61,11 @@ func (il *itemList) enqueue(i interface{}) {
 
 // peek returns the first item in the list without removing it from the
 // list.
-func (il *itemList) peek() interface{} {
+func (il *itemList) peek() any {
 	return il.head.it
 }
 
-func (il *itemList) dequeue() interface{} {
+func (il *itemList) dequeue() any {
 	if il.head == nil {
 		return nil
 	}
@@ -336,7 +336,7 @@ func (c *controlBuffer) put(it cbItem) error {
 	return err
 }
 
-func (c *controlBuffer) executeAndPut(f func(it interface{}) bool, it cbItem) (bool, error) {
+func (c *controlBuffer) executeAndPut(f func(it any) bool, it cbItem) (bool, error) {
 	var wakeUp bool
 	c.mu.Lock()
 	if c.err != nil {
@@ -373,7 +373,7 @@ func (c *controlBuffer) executeAndPut(f func(it interface{}) bool, it cbItem) (b
 }
 
 // Note argument f should never be nil.
-func (c *controlBuffer) execute(f func(it interface{}) bool, it interface{}) (bool, error) {
+func (c *controlBuffer) execute(f func(it any) bool, it any) (bool, error) {
 	c.mu.Lock()
 	if c.err != nil {
 		c.mu.Unlock()
@@ -387,7 +387,7 @@ func (c *controlBuffer) execute(f func(it interface{}) bool, it interface{}) (bo
 	return true, nil
 }
 
-func (c *controlBuffer) get(block bool) (interface{}, error) {
+func (c *controlBuffer) get(block bool) (any, error) {
 	for {
 		c.mu.Lock()
 		if c.err != nil {
@@ -830,7 +830,7 @@ func (l *loopyWriter) goAwayHandler(g *goAway) error {
 	return nil
 }
 
-func (l *loopyWriter) handle(i interface{}) error {
+func (l *loopyWriter) handle(i any) error {
 	switch i := i.(type) {
 	case *incomingWindowUpdate:
 		l.incomingWindowUpdateHandler(i)
diff --git a/apis/vendor/google.golang.org/grpc/internal/transport/handler_server.go b/apis/vendor/google.golang.org/grpc/internal/transport/handler_server.go
index 98f80e3fa..17f7a21b5 100644
--- a/apis/vendor/google.golang.org/grpc/internal/transport/handler_server.go
+++ b/apis/vendor/google.golang.org/grpc/internal/transport/handler_server.go
@@ -220,18 +220,20 @@ func (ht *serverHandlerTransport) WriteStatus(s *Stream, st *status.Status) erro
 			h.Set("Grpc-Message", encodeGrpcMessage(m))
 		}
 
+		s.hdrMu.Lock()
 		if p := st.Proto(); p != nil && len(p.Details) > 0 {
+			delete(s.trailer, grpcStatusDetailsBinHeader)
 			stBytes, err := proto.Marshal(p)
 			if err != nil {
 				// TODO: return error instead, when callers are able to handle it.
 				panic(err)
 			}
 
-			h.Set("Grpc-Status-Details-Bin", encodeBinHeader(stBytes))
+			h.Set(grpcStatusDetailsBinHeader, encodeBinHeader(stBytes))
 		}
 
-		if md := s.Trailer(); len(md) > 0 {
-			for k, vv := range md {
+		if len(s.trailer) > 0 {
+			for k, vv := range s.trailer {
 				// Clients don't tolerate reading restricted headers after some non restricted ones were sent.
 				if isReservedHeader(k) {
 					continue
@@ -243,6 +245,7 @@ func (ht *serverHandlerTransport) WriteStatus(s *Stream, st *status.Status) erro
 				}
 			}
 		}
+		s.hdrMu.Unlock()
 	})
 
 	if err == nil { // transport has not been closed
@@ -287,7 +290,7 @@ func (ht *serverHandlerTransport) writeCommonHeaders(s *Stream) {
 }
 
 // writeCustomHeaders sets custom headers set on the stream via SetHeader
-// on the first write call (Write, WriteHeader, or WriteStatus).
+// on the first write call (Write, WriteHeader, or WriteStatus)
 func (ht *serverHandlerTransport) writeCustomHeaders(s *Stream) {
 	h := ht.rw.Header()
 
@@ -344,7 +347,7 @@ func (ht *serverHandlerTransport) WriteHeader(s *Stream, md metadata.MD) error {
 	return err
 }
 
-func (ht *serverHandlerTransport) HandleStreams(startStream func(*Stream), traceCtx func(context.Context, string) context.Context) {
+func (ht *serverHandlerTransport) HandleStreams(startStream func(*Stream)) {
 	// With this transport type there will be exactly 1 stream: this HTTP request.
 
 	ctx := ht.req.Context()
diff --git a/apis/vendor/google.golang.org/grpc/internal/transport/http2_client.go b/apis/vendor/google.golang.org/grpc/internal/transport/http2_client.go
index 326bf0848..d6f5c4935 100644
--- a/apis/vendor/google.golang.org/grpc/internal/transport/http2_client.go
+++ b/apis/vendor/google.golang.org/grpc/internal/transport/http2_client.go
@@ -330,7 +330,7 @@ func newHTTP2Client(connectCtx, ctx context.Context, addr resolver.Address, opts
 		readerDone:            make(chan struct{}),
 		writerDone:            make(chan struct{}),
 		goAway:                make(chan struct{}),
-		framer:                newFramer(conn, writeBufSize, readBufSize, maxHeaderListSize),
+		framer:                newFramer(conn, writeBufSize, readBufSize, opts.SharedWriteBuffer, maxHeaderListSize),
 		fc:                    &trInFlow{limit: uint32(icwz)},
 		scheme:                scheme,
 		activeStreams:         make(map[uint32]*Stream),
@@ -762,7 +762,7 @@ func (t *http2Client) NewStream(ctx context.Context, callHdr *CallHdr) (*Stream,
 	firstTry := true
 	var ch chan struct{}
 	transportDrainRequired := false
-	checkForStreamQuota := func(it interface{}) bool {
+	checkForStreamQuota := func(it any) bool {
 		if t.streamQuota <= 0 { // Can go negative if server decreases it.
 			if firstTry {
 				t.waitingStreams++
@@ -800,7 +800,7 @@ func (t *http2Client) NewStream(ctx context.Context, callHdr *CallHdr) (*Stream,
 		return true
 	}
 	var hdrListSizeErr error
-	checkForHeaderListSize := func(it interface{}) bool {
+	checkForHeaderListSize := func(it any) bool {
 		if t.maxSendHeaderListSize == nil {
 			return true
 		}
@@ -815,7 +815,7 @@ func (t *http2Client) NewStream(ctx context.Context, callHdr *CallHdr) (*Stream,
 		return true
 	}
 	for {
-		success, err := t.controlBuf.executeAndPut(func(it interface{}) bool {
+		success, err := t.controlBuf.executeAndPut(func(it any) bool {
 			return checkForHeaderListSize(it) && checkForStreamQuota(it)
 		}, hdr)
 		if err != nil {
@@ -927,7 +927,7 @@ func (t *http2Client) closeStream(s *Stream, err error, rst bool, rstCode http2.
 		rst:     rst,
 		rstCode: rstCode,
 	}
-	addBackStreamQuota := func(interface{}) bool {
+	addBackStreamQuota := func(any) bool {
 		t.streamQuota++
 		if t.streamQuota > 0 && t.waitingStreams > 0 {
 			select {
@@ -1080,7 +1080,7 @@ func (t *http2Client) updateWindow(s *Stream, n uint32) {
 // for the transport and the stream based on the current bdp
 // estimation.
 func (t *http2Client) updateFlowControl(n uint32) {
-	updateIWS := func(interface{}) bool {
+	updateIWS := func(any) bool {
 		t.initialWindowSize = int32(n)
 		t.mu.Lock()
 		for _, s := range t.activeStreams {
@@ -1233,7 +1233,7 @@ func (t *http2Client) handleSettings(f *http2.SettingsFrame, isFirst bool) {
 		}
 		updateFuncs = append(updateFuncs, updateStreamQuota)
 	}
-	t.controlBuf.executeAndPut(func(interface{}) bool {
+	t.controlBuf.executeAndPut(func(any) bool {
 		for _, f := range updateFuncs {
 			f()
 		}
@@ -1399,7 +1399,6 @@ func (t *http2Client) operateHeaders(frame *http2.MetaHeadersFrame) {
 		mdata          = make(map[string][]string)
 		contentTypeErr = "malformed header: missing HTTP content-type"
 		grpcMessage    string
-		statusGen      *status.Status
 		recvCompress   string
 		httpStatusCode *int
 		httpStatusErr  string
@@ -1434,12 +1433,6 @@ func (t *http2Client) operateHeaders(frame *http2.MetaHeadersFrame) {
 			rawStatusCode = codes.Code(uint32(code))
 		case "grpc-message":
 			grpcMessage = decodeGrpcMessage(hf.Value)
-		case "grpc-status-details-bin":
-			var err error
-			statusGen, err = decodeGRPCStatusDetails(hf.Value)
-			if err != nil {
-				headerError = fmt.Sprintf("transport: malformed grpc-status-details-bin: %v", err)
-			}
 		case ":status":
 			if hf.Value == "200" {
 				httpStatusErr = ""
@@ -1505,14 +1498,15 @@ func (t *http2Client) operateHeaders(frame *http2.MetaHeadersFrame) {
 		return
 	}
 
-	isHeader := false
-
-	// If headerChan hasn't been closed yet
-	if atomic.CompareAndSwapUint32(&s.headerChanClosed, 0, 1) {
-		s.headerValid = true
-		if !endStream {
-			// HEADERS frame block carries a Response-Headers.
-			isHeader = true
+	// For headers, set them in s.header and close headerChan.  For trailers or
+	// trailers-only, closeStream will set the trailers and close headerChan as
+	// needed.
+	if !endStream {
+		// If headerChan hasn't been closed yet (expected, given we checked it
+		// above, but something else could have potentially closed the whole
+		// stream).
+		if atomic.CompareAndSwapUint32(&s.headerChanClosed, 0, 1) {
+			s.headerValid = true
 			// These values can be set without any synchronization because
 			// stream goroutine will read it only after seeing a closed
 			// headerChan which we'll close after setting this.
@@ -1520,15 +1514,12 @@ func (t *http2Client) operateHeaders(frame *http2.MetaHeadersFrame) {
 			if len(mdata) > 0 {
 				s.header = mdata
 			}
-		} else {
-			// HEADERS frame block carries a Trailers-Only.
-			s.noHeaders = true
+			close(s.headerChan)
 		}
-		close(s.headerChan)
 	}
 
 	for _, sh := range t.statsHandlers {
-		if isHeader {
+		if !endStream {
 			inHeader := &stats.InHeader{
 				Client:      true,
 				WireLength:  int(frame.Header().Length),
@@ -1550,13 +1541,12 @@ func (t *http2Client) operateHeaders(frame *http2.MetaHeadersFrame) {
 		return
 	}
 
-	if statusGen == nil {
-		statusGen = status.New(rawStatusCode, grpcMessage)
-	}
+	status := istatus.NewWithProto(rawStatusCode, grpcMessage, mdata[grpcStatusDetailsBinHeader])
 
-	// if client received END_STREAM from server while stream was still active, send RST_STREAM
-	rst := s.getState() == streamActive
-	t.closeStream(s, io.EOF, rst, http2.ErrCodeNo, statusGen, mdata, true)
+	// If client received END_STREAM from server while stream was still active,
+	// send RST_STREAM.
+	rstStream := s.getState() == streamActive
+	t.closeStream(s, io.EOF, rstStream, http2.ErrCodeNo, status, mdata, true)
 }
 
 // readServerPreface reads and handles the initial settings frame from the
diff --git a/apis/vendor/google.golang.org/grpc/internal/transport/http2_server.go b/apis/vendor/google.golang.org/grpc/internal/transport/http2_server.go
index ec4eef213..6fa1eb419 100644
--- a/apis/vendor/google.golang.org/grpc/internal/transport/http2_server.go
+++ b/apis/vendor/google.golang.org/grpc/internal/transport/http2_server.go
@@ -165,7 +165,7 @@ func NewServerTransport(conn net.Conn, config *ServerConfig) (_ ServerTransport,
 	if config.MaxHeaderListSize != nil {
 		maxHeaderListSize = *config.MaxHeaderListSize
 	}
-	framer := newFramer(conn, writeBufSize, readBufSize, maxHeaderListSize)
+	framer := newFramer(conn, writeBufSize, readBufSize, config.SharedWriteBuffer, maxHeaderListSize)
 	// Send initial settings as connection preface to client.
 	isettings := []http2.Setting{{
 		ID:  http2.SettingMaxFrameSize,
@@ -233,7 +233,7 @@ func NewServerTransport(conn net.Conn, config *ServerConfig) (_ ServerTransport,
 		kp.Timeout = defaultServerKeepaliveTimeout
 	}
 	if kp.Time != infinity {
-		if err = syscall.SetTCPUserTimeout(conn, kp.Timeout); err != nil {
+		if err = syscall.SetTCPUserTimeout(rawConn, kp.Timeout); err != nil {
 			return nil, connectionErrorf(false, err, "transport: failed to set TCP_USER_TIMEOUT: %v", err)
 		}
 	}
@@ -342,7 +342,7 @@ func NewServerTransport(conn net.Conn, config *ServerConfig) (_ ServerTransport,
 
 // operateHeaders takes action on the decoded headers. Returns an error if fatal
 // error encountered and transport needs to close, otherwise returns nil.
-func (t *http2Server) operateHeaders(frame *http2.MetaHeadersFrame, handle func(*Stream), traceCtx func(context.Context, string) context.Context) error {
+func (t *http2Server) operateHeaders(frame *http2.MetaHeadersFrame, handle func(*Stream)) error {
 	// Acquire max stream ID lock for entire duration
 	t.maxStreamMu.Lock()
 	defer t.maxStreamMu.Unlock()
@@ -561,7 +561,7 @@ func (t *http2Server) operateHeaders(frame *http2.MetaHeadersFrame, handle func(
 	}
 	if t.inTapHandle != nil {
 		var err error
-		if s.ctx, err = t.inTapHandle(s.ctx, &tap.Info{FullMethodName: s.method}); err != nil {
+		if s.ctx, err = t.inTapHandle(s.ctx, &tap.Info{FullMethodName: s.method, Header: mdata}); err != nil {
 			t.mu.Unlock()
 			if t.logger.V(logLevel) {
 				t.logger.Infof("Aborting the stream early due to InTapHandle failure: %v", err)
@@ -592,7 +592,6 @@ func (t *http2Server) operateHeaders(frame *http2.MetaHeadersFrame, handle func(
 	s.requestRead = func(n int) {
 		t.adjustWindow(s, uint32(n))
 	}
-	s.ctx = traceCtx(s.ctx, s.method)
 	for _, sh := range t.stats {
 		s.ctx = sh.TagRPC(s.ctx, &stats.RPCTagInfo{FullMethodName: s.method})
 		inHeader := &stats.InHeader{
@@ -630,7 +629,7 @@ func (t *http2Server) operateHeaders(frame *http2.MetaHeadersFrame, handle func(
 // HandleStreams receives incoming streams using the given handler. This is
 // typically run in a separate goroutine.
 // traceCtx attaches trace to ctx and returns the new context.
-func (t *http2Server) HandleStreams(handle func(*Stream), traceCtx func(context.Context, string) context.Context) {
+func (t *http2Server) HandleStreams(handle func(*Stream)) {
 	defer close(t.readerDone)
 	for {
 		t.controlBuf.throttle()
@@ -665,7 +664,7 @@ func (t *http2Server) HandleStreams(handle func(*Stream), traceCtx func(context.
 		}
 		switch frame := frame.(type) {
 		case *http2.MetaHeadersFrame:
-			if err := t.operateHeaders(frame, handle, traceCtx); err != nil {
+			if err := t.operateHeaders(frame, handle); err != nil {
 				t.Close(err)
 				break
 			}
@@ -850,7 +849,7 @@ func (t *http2Server) handleSettings(f *http2.SettingsFrame) {
 		}
 		return nil
 	})
-	t.controlBuf.executeAndPut(func(interface{}) bool {
+	t.controlBuf.executeAndPut(func(any) bool {
 		for _, f := range updateFuncs {
 			f()
 		}
@@ -934,7 +933,7 @@ func appendHeaderFieldsFromMD(headerFields []hpack.HeaderField, md metadata.MD)
 	return headerFields
 }
 
-func (t *http2Server) checkForHeaderListSize(it interface{}) bool {
+func (t *http2Server) checkForHeaderListSize(it any) bool {
 	if t.maxSendHeaderListSize == nil {
 		return true
 	}
@@ -1053,12 +1052,15 @@ func (t *http2Server) WriteStatus(s *Stream, st *status.Status) error {
 	headerFields = append(headerFields, hpack.HeaderField{Name: "grpc-message", Value: encodeGrpcMessage(st.Message())})
 
 	if p := st.Proto(); p != nil && len(p.Details) > 0 {
+		// Do not use the user's grpc-status-details-bin (if present) if we are
+		// even attempting to set our own.
+		delete(s.trailer, grpcStatusDetailsBinHeader)
 		stBytes, err := proto.Marshal(p)
 		if err != nil {
 			// TODO: return error instead, when callers are able to handle it.
 			t.logger.Errorf("Failed to marshal rpc status: %s, error: %v", pretty.ToJSON(p), err)
 		} else {
-			headerFields = append(headerFields, hpack.HeaderField{Name: "grpc-status-details-bin", Value: encodeBinHeader(stBytes)})
+			headerFields = append(headerFields, hpack.HeaderField{Name: grpcStatusDetailsBinHeader, Value: encodeBinHeader(stBytes)})
 		}
 	}
 
diff --git a/apis/vendor/google.golang.org/grpc/internal/transport/http_util.go b/apis/vendor/google.golang.org/grpc/internal/transport/http_util.go
index 19cbb18f5..dc29d590e 100644
--- a/apis/vendor/google.golang.org/grpc/internal/transport/http_util.go
+++ b/apis/vendor/google.golang.org/grpc/internal/transport/http_util.go
@@ -30,15 +30,13 @@ import (
 	"net/url"
 	"strconv"
 	"strings"
+	"sync"
 	"time"
 	"unicode/utf8"
 
-	"github.com/golang/protobuf/proto"
 	"golang.org/x/net/http2"
 	"golang.org/x/net/http2/hpack"
-	spb "google.golang.org/genproto/googleapis/rpc/status"
 	"google.golang.org/grpc/codes"
-	"google.golang.org/grpc/status"
 )
 
 const (
@@ -87,6 +85,8 @@ var (
 	}
 )
 
+var grpcStatusDetailsBinHeader = "grpc-status-details-bin"
+
 // isReservedHeader checks whether hdr belongs to HTTP2 headers
 // reserved by gRPC protocol. Any other headers are classified as the
 // user-specified metadata.
@@ -102,7 +102,6 @@ func isReservedHeader(hdr string) bool {
 		"grpc-message",
 		"grpc-status",
 		"grpc-timeout",
-		"grpc-status-details-bin",
 		// Intentionally exclude grpc-previous-rpc-attempts and
 		// grpc-retry-pushback-ms, which are "reserved", but their API
 		// intentionally works via metadata.
@@ -153,18 +152,6 @@ func decodeMetadataHeader(k, v string) (string, error) {
 	return v, nil
 }
 
-func decodeGRPCStatusDetails(rawDetails string) (*status.Status, error) {
-	v, err := decodeBinHeader(rawDetails)
-	if err != nil {
-		return nil, err
-	}
-	st := &spb.Status{}
-	if err = proto.Unmarshal(v, st); err != nil {
-		return nil, err
-	}
-	return status.FromProto(st), nil
-}
-
 type timeoutUnit uint8
 
 const (
@@ -309,6 +296,7 @@ func decodeGrpcMessageUnchecked(msg string) string {
 }
 
 type bufWriter struct {
+	pool      *sync.Pool
 	buf       []byte
 	offset    int
 	batchSize int
@@ -316,12 +304,17 @@ type bufWriter struct {
 	err       error
 }
 
-func newBufWriter(conn net.Conn, batchSize int) *bufWriter {
-	return &bufWriter{
-		buf:       make([]byte, batchSize*2),
+func newBufWriter(conn net.Conn, batchSize int, pool *sync.Pool) *bufWriter {
+	w := &bufWriter{
 		batchSize: batchSize,
 		conn:      conn,
+		pool:      pool,
+	}
+	// this indicates that we should use non shared buf
+	if pool == nil {
+		w.buf = make([]byte, batchSize)
 	}
+	return w
 }
 
 func (w *bufWriter) Write(b []byte) (n int, err error) {
@@ -332,19 +325,34 @@ func (w *bufWriter) Write(b []byte) (n int, err error) {
 		n, err = w.conn.Write(b)
 		return n, toIOError(err)
 	}
+	if w.buf == nil {
+		b := w.pool.Get().(*[]byte)
+		w.buf = *b
+	}
 	for len(b) > 0 {
 		nn := copy(w.buf[w.offset:], b)
 		b = b[nn:]
 		w.offset += nn
 		n += nn
 		if w.offset >= w.batchSize {
-			err = w.Flush()
+			err = w.flushKeepBuffer()
 		}
 	}
 	return n, err
 }
 
 func (w *bufWriter) Flush() error {
+	err := w.flushKeepBuffer()
+	// Only release the buffer if we are in a "shared" mode
+	if w.buf != nil && w.pool != nil {
+		b := w.buf
+		w.pool.Put(&b)
+		w.buf = nil
+	}
+	return err
+}
+
+func (w *bufWriter) flushKeepBuffer() error {
 	if w.err != nil {
 		return w.err
 	}
@@ -381,7 +389,10 @@ type framer struct {
 	fr     *http2.Framer
 }
 
-func newFramer(conn net.Conn, writeBufferSize, readBufferSize int, maxHeaderListSize uint32) *framer {
+var writeBufferPoolMap map[int]*sync.Pool = make(map[int]*sync.Pool)
+var writeBufferMutex sync.Mutex
+
+func newFramer(conn net.Conn, writeBufferSize, readBufferSize int, sharedWriteBuffer bool, maxHeaderListSize uint32) *framer {
 	if writeBufferSize < 0 {
 		writeBufferSize = 0
 	}
@@ -389,7 +400,11 @@ func newFramer(conn net.Conn, writeBufferSize, readBufferSize int, maxHeaderList
 	if readBufferSize > 0 {
 		r = bufio.NewReaderSize(r, readBufferSize)
 	}
-	w := newBufWriter(conn, writeBufferSize)
+	var pool *sync.Pool
+	if sharedWriteBuffer {
+		pool = getWriteBufferPool(writeBufferSize)
+	}
+	w := newBufWriter(conn, writeBufferSize, pool)
 	f := &framer{
 		writer: w,
 		fr:     http2.NewFramer(w, r),
@@ -403,6 +418,24 @@ func newFramer(conn net.Conn, writeBufferSize, readBufferSize int, maxHeaderList
 	return f
 }
 
+func getWriteBufferPool(writeBufferSize int) *sync.Pool {
+	writeBufferMutex.Lock()
+	defer writeBufferMutex.Unlock()
+	size := writeBufferSize * 2
+	pool, ok := writeBufferPoolMap[size]
+	if ok {
+		return pool
+	}
+	pool = &sync.Pool{
+		New: func() any {
+			b := make([]byte, size)
+			return &b
+		},
+	}
+	writeBufferPoolMap[size] = pool
+	return pool
+}
+
 // parseDialTarget returns the network and address to pass to dialer.
 func parseDialTarget(target string) (string, string) {
 	net := "tcp"
diff --git a/apis/vendor/google.golang.org/grpc/internal/transport/transport.go b/apis/vendor/google.golang.org/grpc/internal/transport/transport.go
index aa1c89659..aac056e72 100644
--- a/apis/vendor/google.golang.org/grpc/internal/transport/transport.go
+++ b/apis/vendor/google.golang.org/grpc/internal/transport/transport.go
@@ -43,10 +43,6 @@ import (
 	"google.golang.org/grpc/tap"
 )
 
-// ErrNoHeaders is used as a signal that a trailers only response was received,
-// and is not a real error.
-var ErrNoHeaders = errors.New("stream has no headers")
-
 const logLevel = 2
 
 type bufferPool struct {
@@ -56,7 +52,7 @@ type bufferPool struct {
 func newBufferPool() *bufferPool {
 	return &bufferPool{
 		pool: sync.Pool{
-			New: func() interface{} {
+			New: func() any {
 				return new(bytes.Buffer)
 			},
 		},
@@ -390,14 +386,10 @@ func (s *Stream) Header() (metadata.MD, error) {
 	}
 	s.waitOnHeader()
 
-	if !s.headerValid {
+	if !s.headerValid || s.noHeaders {
 		return nil, s.status.Err()
 	}
 
-	if s.noHeaders {
-		return nil, ErrNoHeaders
-	}
-
 	return s.header.Copy(), nil
 }
 
@@ -559,6 +551,7 @@ type ServerConfig struct {
 	InitialConnWindowSize int32
 	WriteBufferSize       int
 	ReadBufferSize        int
+	SharedWriteBuffer     bool
 	ChannelzParentID      *channelz.Identifier
 	MaxHeaderListSize     *uint32
 	HeaderTableSize       *uint32
@@ -592,6 +585,8 @@ type ConnectOptions struct {
 	WriteBufferSize int
 	// ReadBufferSize sets the size of read buffer, which in turn determines how much data can be read at most for one read syscall.
 	ReadBufferSize int
+	// SharedWriteBuffer indicates whether connections should reuse write buffer
+	SharedWriteBuffer bool
 	// ChannelzParentID sets the addrConn id which initiate the creation of this client transport.
 	ChannelzParentID *channelz.Identifier
 	// MaxHeaderListSize sets the max (uncompressed) size of header list that is prepared to be received.
@@ -703,7 +698,7 @@ type ClientTransport interface {
 // Write methods for a given Stream will be called serially.
 type ServerTransport interface {
 	// HandleStreams receives incoming streams using the given handler.
-	HandleStreams(func(*Stream), func(context.Context, string) context.Context)
+	HandleStreams(func(*Stream))
 
 	// WriteHeader sends the header metadata for the given stream.
 	// WriteHeader may not be called on all streams.
@@ -736,7 +731,7 @@ type ServerTransport interface {
 }
 
 // connectionErrorf creates an ConnectionError with the specified error description.
-func connectionErrorf(temp bool, e error, format string, a ...interface{}) ConnectionError {
+func connectionErrorf(temp bool, e error, format string, a ...any) ConnectionError {
 	return ConnectionError{
 		Desc: fmt.Sprintf(format, a...),
 		temp: temp,
diff --git a/apis/vendor/google.golang.org/grpc/picker_wrapper.go b/apis/vendor/google.golang.org/grpc/picker_wrapper.go
index 02f975951..236837f41 100644
--- a/apis/vendor/google.golang.org/grpc/picker_wrapper.go
+++ b/apis/vendor/google.golang.org/grpc/picker_wrapper.go
@@ -28,21 +28,26 @@ import (
 	"google.golang.org/grpc/internal/channelz"
 	istatus "google.golang.org/grpc/internal/status"
 	"google.golang.org/grpc/internal/transport"
+	"google.golang.org/grpc/stats"
 	"google.golang.org/grpc/status"
 )
 
 // pickerWrapper is a wrapper of balancer.Picker. It blocks on certain pick
 // actions and unblock when there's a picker update.
 type pickerWrapper struct {
-	mu         sync.Mutex
-	done       bool
-	idle       bool
-	blockingCh chan struct{}
-	picker     balancer.Picker
+	mu            sync.Mutex
+	done          bool
+	idle          bool
+	blockingCh    chan struct{}
+	picker        balancer.Picker
+	statsHandlers []stats.Handler // to record blocking picker calls
 }
 
-func newPickerWrapper() *pickerWrapper {
-	return &pickerWrapper{blockingCh: make(chan struct{})}
+func newPickerWrapper(statsHandlers []stats.Handler) *pickerWrapper {
+	return &pickerWrapper{
+		blockingCh:    make(chan struct{}),
+		statsHandlers: statsHandlers,
+	}
 }
 
 // updatePicker is called by UpdateBalancerState. It unblocks all blocked pick.
@@ -95,6 +100,7 @@ func (pw *pickerWrapper) pick(ctx context.Context, failfast bool, info balancer.
 	var ch chan struct{}
 
 	var lastPickErr error
+
 	for {
 		pw.mu.Lock()
 		if pw.done {
@@ -129,6 +135,20 @@ func (pw *pickerWrapper) pick(ctx context.Context, failfast bool, info balancer.
 			continue
 		}
 
+		// If the channel is set, it means that the pick call had to wait for a
+		// new picker at some point. Either it's the first iteration and this
+		// function received the first picker, or a picker errored with
+		// ErrNoSubConnAvailable or errored with failfast set to false, which
+		// will trigger a continue to the next iteration. In the first case this
+		// conditional will hit if this call had to block (the channel is set).
+		// In the second case, the only way it will get to this conditional is
+		// if there is a new picker.
+		if ch != nil {
+			for _, sh := range pw.statsHandlers {
+				sh.HandleRPC(ctx, &stats.PickerUpdated{})
+			}
+		}
+
 		ch = pw.blockingCh
 		p := pw.picker
 		pw.mu.Unlock()
diff --git a/apis/vendor/google.golang.org/grpc/pickfirst.go b/apis/vendor/google.golang.org/grpc/pickfirst.go
index abe266b02..2e9cf66b4 100644
--- a/apis/vendor/google.golang.org/grpc/pickfirst.go
+++ b/apis/vendor/google.golang.org/grpc/pickfirst.go
@@ -26,12 +26,18 @@ import (
 	"google.golang.org/grpc/balancer"
 	"google.golang.org/grpc/connectivity"
 	"google.golang.org/grpc/internal/envconfig"
+	internalgrpclog "google.golang.org/grpc/internal/grpclog"
 	"google.golang.org/grpc/internal/grpcrand"
+	"google.golang.org/grpc/internal/pretty"
+	"google.golang.org/grpc/resolver"
 	"google.golang.org/grpc/serviceconfig"
 )
 
-// PickFirstBalancerName is the name of the pick_first balancer.
-const PickFirstBalancerName = "pick_first"
+const (
+	// PickFirstBalancerName is the name of the pick_first balancer.
+	PickFirstBalancerName = "pick_first"
+	logPrefix             = "[pick-first-lb %p] "
+)
 
 func newPickfirstBuilder() balancer.Builder {
 	return &pickfirstBuilder{}
@@ -40,7 +46,9 @@ func newPickfirstBuilder() balancer.Builder {
 type pickfirstBuilder struct{}
 
 func (*pickfirstBuilder) Build(cc balancer.ClientConn, opt balancer.BuildOptions) balancer.Balancer {
-	return &pickfirstBalancer{cc: cc}
+	b := &pickfirstBalancer{cc: cc}
+	b.logger = internalgrpclog.NewPrefixLogger(logger, fmt.Sprintf(logPrefix, b))
+	return b
 }
 
 func (*pickfirstBuilder) Name() string {
@@ -57,23 +65,36 @@ type pfConfig struct {
 }
 
 func (*pickfirstBuilder) ParseConfig(js json.RawMessage) (serviceconfig.LoadBalancingConfig, error) {
-	cfg := &pfConfig{}
-	if err := json.Unmarshal(js, cfg); err != nil {
+	if !envconfig.PickFirstLBConfig {
+		// Prior to supporting loadbalancing configuration, the pick_first LB
+		// policy did not implement the balancer.ConfigParser interface. This
+		// meant that if a non-empty configuration was passed to it, the service
+		// config unmarshaling code would throw a warning log, but would
+		// continue using the pick_first LB policy. The code below ensures the
+		// same behavior is retained if the env var is not set.
+		if string(js) != "{}" {
+			logger.Warningf("Ignoring non-empty balancer configuration %q for the pick_first LB policy", string(js))
+		}
+		return nil, nil
+	}
+
+	var cfg pfConfig
+	if err := json.Unmarshal(js, &cfg); err != nil {
 		return nil, fmt.Errorf("pickfirst: unable to unmarshal LB policy config: %s, error: %v", string(js), err)
 	}
 	return cfg, nil
 }
 
 type pickfirstBalancer struct {
+	logger  *internalgrpclog.PrefixLogger
 	state   connectivity.State
 	cc      balancer.ClientConn
 	subConn balancer.SubConn
-	cfg     *pfConfig
 }
 
 func (b *pickfirstBalancer) ResolverError(err error) {
-	if logger.V(2) {
-		logger.Infof("pickfirstBalancer: ResolverError called with error: %v", err)
+	if b.logger.V(2) {
+		b.logger.Infof("Received error from the name resolver: %v", err)
 	}
 	if b.subConn == nil {
 		b.state = connectivity.TransientFailure
@@ -96,35 +117,44 @@ func (b *pickfirstBalancer) UpdateClientConnState(state balancer.ClientConnState
 		// The resolver reported an empty address list. Treat it like an error by
 		// calling b.ResolverError.
 		if b.subConn != nil {
-			// Remove the old subConn. All addresses were removed, so it is no longer
-			// valid.
-			b.cc.RemoveSubConn(b.subConn)
+			// Shut down the old subConn. All addresses were removed, so it is
+			// no longer valid.
+			b.subConn.Shutdown()
 			b.subConn = nil
 		}
 		b.ResolverError(errors.New("produced zero addresses"))
 		return balancer.ErrBadResolverState
 	}
 
-	if state.BalancerConfig != nil {
-		cfg, ok := state.BalancerConfig.(*pfConfig)
-		if !ok {
-			return fmt.Errorf("pickfirstBalancer: received nil or illegal BalancerConfig (type %T): %v", state.BalancerConfig, state.BalancerConfig)
-		}
-		b.cfg = cfg
+	// We don't have to guard this block with the env var because ParseConfig
+	// already does so.
+	cfg, ok := state.BalancerConfig.(pfConfig)
+	if state.BalancerConfig != nil && !ok {
+		return fmt.Errorf("pickfirst: received illegal BalancerConfig (type %T): %v", state.BalancerConfig, state.BalancerConfig)
 	}
-
-	if envconfig.PickFirstLBConfig && b.cfg != nil && b.cfg.ShuffleAddressList {
+	if cfg.ShuffleAddressList {
+		addrs = append([]resolver.Address{}, addrs...)
 		grpcrand.Shuffle(len(addrs), func(i, j int) { addrs[i], addrs[j] = addrs[j], addrs[i] })
 	}
+
+	if b.logger.V(2) {
+		b.logger.Infof("Received new config %s, resolver state %s", pretty.ToJSON(cfg), pretty.ToJSON(state.ResolverState))
+	}
+
 	if b.subConn != nil {
 		b.cc.UpdateAddresses(b.subConn, addrs)
 		return nil
 	}
 
-	subConn, err := b.cc.NewSubConn(addrs, balancer.NewSubConnOptions{})
+	var subConn balancer.SubConn
+	subConn, err := b.cc.NewSubConn(addrs, balancer.NewSubConnOptions{
+		StateListener: func(state balancer.SubConnState) {
+			b.updateSubConnState(subConn, state)
+		},
+	})
 	if err != nil {
-		if logger.V(2) {
-			logger.Errorf("pickfirstBalancer: failed to NewSubConn: %v", err)
+		if b.logger.V(2) {
+			b.logger.Infof("Failed to create new SubConn: %v", err)
 		}
 		b.state = connectivity.TransientFailure
 		b.cc.UpdateState(balancer.State{
@@ -143,13 +173,19 @@ func (b *pickfirstBalancer) UpdateClientConnState(state balancer.ClientConnState
 	return nil
 }
 
+// UpdateSubConnState is unused as a StateListener is always registered when
+// creating SubConns.
 func (b *pickfirstBalancer) UpdateSubConnState(subConn balancer.SubConn, state balancer.SubConnState) {
-	if logger.V(2) {
-		logger.Infof("pickfirstBalancer: UpdateSubConnState: %p, %v", subConn, state)
+	b.logger.Errorf("UpdateSubConnState(%v, %+v) called unexpectedly", subConn, state)
+}
+
+func (b *pickfirstBalancer) updateSubConnState(subConn balancer.SubConn, state balancer.SubConnState) {
+	if b.logger.V(2) {
+		b.logger.Infof("Received SubConn state update: %p, %+v", subConn, state)
 	}
 	if b.subConn != subConn {
-		if logger.V(2) {
-			logger.Infof("pickfirstBalancer: ignored state change because subConn is not recognized")
+		if b.logger.V(2) {
+			b.logger.Infof("Ignored state change because subConn is not recognized")
 		}
 		return
 	}
diff --git a/apis/vendor/google.golang.org/grpc/preloader.go b/apis/vendor/google.golang.org/grpc/preloader.go
index cd4554785..73bd63364 100644
--- a/apis/vendor/google.golang.org/grpc/preloader.go
+++ b/apis/vendor/google.golang.org/grpc/preloader.go
@@ -37,7 +37,7 @@ type PreparedMsg struct {
 }
 
 // Encode marshalls and compresses the message using the codec and compressor for the stream.
-func (p *PreparedMsg) Encode(s Stream, msg interface{}) error {
+func (p *PreparedMsg) Encode(s Stream, msg any) error {
 	ctx := s.Context()
 	rpcInfo, ok := rpcInfoFromContext(ctx)
 	if !ok {
diff --git a/apis/vendor/google.golang.org/grpc/resolver/map.go b/apis/vendor/google.golang.org/grpc/resolver/map.go
index efcb7f3ef..804be887d 100644
--- a/apis/vendor/google.golang.org/grpc/resolver/map.go
+++ b/apis/vendor/google.golang.org/grpc/resolver/map.go
@@ -20,7 +20,7 @@ package resolver
 
 type addressMapEntry struct {
 	addr  Address
-	value interface{}
+	value any
 }
 
 // AddressMap is a map of addresses to arbitrary values taking into account
@@ -69,7 +69,7 @@ func (l addressMapEntryList) find(addr Address) int {
 }
 
 // Get returns the value for the address in the map, if present.
-func (a *AddressMap) Get(addr Address) (value interface{}, ok bool) {
+func (a *AddressMap) Get(addr Address) (value any, ok bool) {
 	addrKey := toMapKey(&addr)
 	entryList := a.m[addrKey]
 	if entry := entryList.find(addr); entry != -1 {
@@ -79,7 +79,7 @@ func (a *AddressMap) Get(addr Address) (value interface{}, ok bool) {
 }
 
 // Set updates or adds the value to the address in the map.
-func (a *AddressMap) Set(addr Address, value interface{}) {
+func (a *AddressMap) Set(addr Address, value any) {
 	addrKey := toMapKey(&addr)
 	entryList := a.m[addrKey]
 	if entry := entryList.find(addr); entry != -1 {
@@ -127,8 +127,8 @@ func (a *AddressMap) Keys() []Address {
 }
 
 // Values returns a slice of all current map values.
-func (a *AddressMap) Values() []interface{} {
-	ret := make([]interface{}, 0, a.Len())
+func (a *AddressMap) Values() []any {
+	ret := make([]any, 0, a.Len())
 	for _, entryList := range a.m {
 		for _, entry := range entryList {
 			ret = append(ret, entry.value)
diff --git a/apis/vendor/google.golang.org/grpc/resolver/resolver.go b/apis/vendor/google.golang.org/grpc/resolver/resolver.go
index 353c10b69..11384e228 100644
--- a/apis/vendor/google.golang.org/grpc/resolver/resolver.go
+++ b/apis/vendor/google.golang.org/grpc/resolver/resolver.go
@@ -77,25 +77,6 @@ func GetDefaultScheme() string {
 	return defaultScheme
 }
 
-// AddressType indicates the address type returned by name resolution.
-//
-// Deprecated: use Attributes in Address instead.
-type AddressType uint8
-
-const (
-	// Backend indicates the address is for a backend server.
-	//
-	// Deprecated: use Attributes in Address instead.
-	Backend AddressType = iota
-	// GRPCLB indicates the address is for a grpclb load balancer.
-	//
-	// Deprecated: to select the GRPCLB load balancing policy, use a service
-	// config with a corresponding loadBalancingConfig.  To supply balancer
-	// addresses to the GRPCLB load balancing policy, set State.Attributes
-	// using balancer/grpclb/state.Set.
-	GRPCLB
-)
-
 // Address represents a server the client connects to.
 //
 // # Experimental
@@ -111,9 +92,6 @@ type Address struct {
 	// the address, instead of the hostname from the Dial target string. In most cases,
 	// this should not be set.
 	//
-	// If Type is GRPCLB, ServerName should be the name of the remote load
-	// balancer, not the name of the backend.
-	//
 	// WARNING: ServerName must only be populated with trusted values. It
 	// is insecure to populate it with data from untrusted inputs since untrusted
 	// values could be used to bypass the authority checks performed by TLS.
@@ -126,27 +104,29 @@ type Address struct {
 	// BalancerAttributes contains arbitrary data about this address intended
 	// for consumption by the LB policy.  These attributes do not affect SubConn
 	// creation, connection establishment, handshaking, etc.
-	BalancerAttributes *attributes.Attributes
-
-	// Type is the type of this address.
 	//
-	// Deprecated: use Attributes instead.
-	Type AddressType
+	// Deprecated: when an Address is inside an Endpoint, this field should not
+	// be used, and it will eventually be removed entirely.
+	BalancerAttributes *attributes.Attributes
 
 	// Metadata is the information associated with Addr, which may be used
 	// to make load balancing decision.
 	//
 	// Deprecated: use Attributes instead.
-	Metadata interface{}
+	Metadata any
 }
 
 // Equal returns whether a and o are identical.  Metadata is compared directly,
 // not with any recursive introspection.
+//
+// This method compares all fields of the address. When used to tell apart
+// addresses during subchannel creation or connection establishment, it might be
+// more appropriate for the caller to implement custom equality logic.
 func (a Address) Equal(o Address) bool {
 	return a.Addr == o.Addr && a.ServerName == o.ServerName &&
 		a.Attributes.Equal(o.Attributes) &&
 		a.BalancerAttributes.Equal(o.BalancerAttributes) &&
-		a.Type == o.Type && a.Metadata == o.Metadata
+		a.Metadata == o.Metadata
 }
 
 // String returns JSON formatted string representation of the address.
@@ -190,11 +170,37 @@ type BuildOptions struct {
 	Dialer func(context.Context, string) (net.Conn, error)
 }
 
+// An Endpoint is one network endpoint, or server, which may have multiple
+// addresses with which it can be accessed.
+type Endpoint struct {
+	// Addresses contains a list of addresses used to access this endpoint.
+	Addresses []Address
+
+	// Attributes contains arbitrary data about this endpoint intended for
+	// consumption by the LB policy.
+	Attributes *attributes.Attributes
+}
+
 // State contains the current Resolver state relevant to the ClientConn.
 type State struct {
 	// Addresses is the latest set of resolved addresses for the target.
+	//
+	// If a resolver sets Addresses but does not set Endpoints, one Endpoint
+	// will be created for each Address before the State is passed to the LB
+	// policy.  The BalancerAttributes of each entry in Addresses will be set
+	// in Endpoints.Attributes, and be cleared in the Endpoint's Address's
+	// BalancerAttributes.
+	//
+	// Soon, Addresses will be deprecated and replaced fully by Endpoints.
 	Addresses []Address
 
+	// Endpoints is the latest set of resolved endpoints for the target.
+	//
+	// If a resolver produces a State containing Endpoints but not Addresses,
+	// it must take care to ensure the LB policies it selects will support
+	// Endpoints.
+	Endpoints []Endpoint
+
 	// ServiceConfig contains the result from parsing the latest service
 	// config.  If it is nil, it indicates no service config is present or the
 	// resolver does not provide service configs.
@@ -254,20 +260,7 @@ type ClientConn interface {
 // target does not contain a scheme or if the parsed scheme is not registered
 // (i.e. no corresponding resolver available to resolve the endpoint), we will
 // apply the default scheme, and will attempt to reparse it.
-//
-// Examples:
-//
-//   - "dns://some_authority/foo.bar"
-//     Target{Scheme: "dns", Authority: "some_authority", Endpoint: "foo.bar"}
-//   - "foo.bar"
-//     Target{Scheme: resolver.GetDefaultScheme(), Endpoint: "foo.bar"}
-//   - "unknown_scheme://authority/endpoint"
-//     Target{Scheme: resolver.GetDefaultScheme(), Endpoint: "unknown_scheme://authority/endpoint"}
 type Target struct {
-	// Deprecated: use URL.Scheme instead.
-	Scheme string
-	// Deprecated: use URL.Host instead.
-	Authority string
 	// URL contains the parsed dial target with an optional default scheme added
 	// to it if the original dial target contained no scheme or contained an
 	// unregistered scheme. Any query params specified in the original dial
@@ -321,10 +314,3 @@ type Resolver interface {
 	// Close closes the resolver.
 	Close()
 }
-
-// UnregisterForTesting removes the resolver builder with the given scheme from the
-// resolver map.
-// This function is for testing only.
-func UnregisterForTesting(scheme string) {
-	delete(m, scheme)
-}
diff --git a/apis/vendor/google.golang.org/grpc/resolver_conn_wrapper.go b/apis/vendor/google.golang.org/grpc/resolver_conn_wrapper.go
index b408b3688..d68330560 100644
--- a/apis/vendor/google.golang.org/grpc/resolver_conn_wrapper.go
+++ b/apis/vendor/google.golang.org/grpc/resolver_conn_wrapper.go
@@ -133,7 +133,7 @@ func (ccr *ccResolverWrapper) close() {
 	ccr.mu.Unlock()
 
 	// Give enqueued callbacks a chance to finish.
-	<-ccr.serializer.Done
+	<-ccr.serializer.Done()
 
 	// Spawn a goroutine to close the resolver (since it may block trying to
 	// cleanup all allocated resources) and return early.
@@ -152,6 +152,14 @@ func (ccr *ccResolverWrapper) serializerScheduleLocked(f func(context.Context))
 // which includes addresses and service config.
 func (ccr *ccResolverWrapper) UpdateState(s resolver.State) error {
 	errCh := make(chan error, 1)
+	if s.Endpoints == nil {
+		s.Endpoints = make([]resolver.Endpoint, 0, len(s.Addresses))
+		for _, a := range s.Addresses {
+			ep := resolver.Endpoint{Addresses: []resolver.Address{a}, Attributes: a.BalancerAttributes}
+			ep.Addresses[0].BalancerAttributes = nil
+			s.Endpoints = append(s.Endpoints, ep)
+		}
+	}
 	ok := ccr.serializer.Schedule(func(context.Context) {
 		ccr.addChannelzTraceEvent(s)
 		ccr.curState = s
diff --git a/apis/vendor/google.golang.org/grpc/rpc_util.go b/apis/vendor/google.golang.org/grpc/rpc_util.go
index 2030736a3..b7723aa09 100644
--- a/apis/vendor/google.golang.org/grpc/rpc_util.go
+++ b/apis/vendor/google.golang.org/grpc/rpc_util.go
@@ -75,7 +75,7 @@ func NewGZIPCompressorWithLevel(level int) (Compressor, error) {
 	}
 	return &gzipCompressor{
 		pool: sync.Pool{
-			New: func() interface{} {
+			New: func() any {
 				w, err := gzip.NewWriterLevel(io.Discard, level)
 				if err != nil {
 					panic(err)
@@ -577,6 +577,9 @@ type parser struct {
 	// The header of a gRPC message. Find more detail at
 	// https://github.com/grpc/grpc/blob/master/doc/PROTOCOL-HTTP2.md
 	header [5]byte
+
+	// recvBufferPool is the pool of shared receive buffers.
+	recvBufferPool SharedBufferPool
 }
 
 // recvMsg reads a complete gRPC message from the stream.
@@ -610,9 +613,7 @@ func (p *parser) recvMsg(maxReceiveMessageSize int) (pf payloadFormat, msg []byt
 	if int(length) > maxReceiveMessageSize {
 		return 0, nil, status.Errorf(codes.ResourceExhausted, "grpc: received message larger than max (%d vs. %d)", length, maxReceiveMessageSize)
 	}
-	// TODO(bradfitz,zhaoq): garbage. reuse buffer after proto decoding instead
-	// of making it for each message:
-	msg = make([]byte, int(length))
+	msg = p.recvBufferPool.Get(int(length))
 	if _, err := p.r.Read(msg); err != nil {
 		if err == io.EOF {
 			err = io.ErrUnexpectedEOF
@@ -625,7 +626,7 @@ func (p *parser) recvMsg(maxReceiveMessageSize int) (pf payloadFormat, msg []byt
 // encode serializes msg and returns a buffer containing the message, or an
 // error if it is too large to be transmitted by grpc.  If msg is nil, it
 // generates an empty message.
-func encode(c baseCodec, msg interface{}) ([]byte, error) {
+func encode(c baseCodec, msg any) ([]byte, error) {
 	if msg == nil { // NOTE: typed nils will not be caught by this check
 		return nil, nil
 	}
@@ -692,7 +693,7 @@ func msgHeader(data, compData []byte) (hdr []byte, payload []byte) {
 	return hdr, data
 }
 
-func outPayload(client bool, msg interface{}, data, payload []byte, t time.Time) *stats.OutPayload {
+func outPayload(client bool, msg any, data, payload []byte, t time.Time) *stats.OutPayload {
 	return &stats.OutPayload{
 		Client:           client,
 		Payload:          msg,
@@ -726,12 +727,12 @@ type payloadInfo struct {
 }
 
 func recvAndDecompress(p *parser, s *transport.Stream, dc Decompressor, maxReceiveMessageSize int, payInfo *payloadInfo, compressor encoding.Compressor) ([]byte, error) {
-	pf, d, err := p.recvMsg(maxReceiveMessageSize)
+	pf, buf, err := p.recvMsg(maxReceiveMessageSize)
 	if err != nil {
 		return nil, err
 	}
 	if payInfo != nil {
-		payInfo.compressedLength = len(d)
+		payInfo.compressedLength = len(buf)
 	}
 
 	if st := checkRecvPayload(pf, s.RecvCompress(), compressor != nil || dc != nil); st != nil {
@@ -743,10 +744,10 @@ func recvAndDecompress(p *parser, s *transport.Stream, dc Decompressor, maxRecei
 		// To match legacy behavior, if the decompressor is set by WithDecompressor or RPCDecompressor,
 		// use this decompressor as the default.
 		if dc != nil {
-			d, err = dc.Do(bytes.NewReader(d))
-			size = len(d)
+			buf, err = dc.Do(bytes.NewReader(buf))
+			size = len(buf)
 		} else {
-			d, size, err = decompress(compressor, d, maxReceiveMessageSize)
+			buf, size, err = decompress(compressor, buf, maxReceiveMessageSize)
 		}
 		if err != nil {
 			return nil, status.Errorf(codes.Internal, "grpc: failed to decompress the received message: %v", err)
@@ -757,7 +758,7 @@ func recvAndDecompress(p *parser, s *transport.Stream, dc Decompressor, maxRecei
 			return nil, status.Errorf(codes.ResourceExhausted, "grpc: received message after decompression larger than max (%d vs. %d)", size, maxReceiveMessageSize)
 		}
 	}
-	return d, nil
+	return buf, nil
 }
 
 // Using compressor, decompress d, returning data and size.
@@ -791,16 +792,18 @@ func decompress(compressor encoding.Compressor, d []byte, maxReceiveMessageSize
 // For the two compressor parameters, both should not be set, but if they are,
 // dc takes precedence over compressor.
 // TODO(dfawley): wrap the old compressor/decompressor using the new API?
-func recv(p *parser, c baseCodec, s *transport.Stream, dc Decompressor, m interface{}, maxReceiveMessageSize int, payInfo *payloadInfo, compressor encoding.Compressor) error {
-	d, err := recvAndDecompress(p, s, dc, maxReceiveMessageSize, payInfo, compressor)
+func recv(p *parser, c baseCodec, s *transport.Stream, dc Decompressor, m any, maxReceiveMessageSize int, payInfo *payloadInfo, compressor encoding.Compressor) error {
+	buf, err := recvAndDecompress(p, s, dc, maxReceiveMessageSize, payInfo, compressor)
 	if err != nil {
 		return err
 	}
-	if err := c.Unmarshal(d, m); err != nil {
+	if err := c.Unmarshal(buf, m); err != nil {
 		return status.Errorf(codes.Internal, "grpc: failed to unmarshal the received message: %v", err)
 	}
 	if payInfo != nil {
-		payInfo.uncompressedBytes = d
+		payInfo.uncompressedBytes = buf
+	} else {
+		p.recvBufferPool.Put(&buf)
 	}
 	return nil
 }
@@ -860,19 +863,22 @@ func ErrorDesc(err error) string {
 // Errorf returns nil if c is OK.
 //
 // Deprecated: use status.Errorf instead.
-func Errorf(c codes.Code, format string, a ...interface{}) error {
+func Errorf(c codes.Code, format string, a ...any) error {
 	return status.Errorf(c, format, a...)
 }
 
+var errContextCanceled = status.Error(codes.Canceled, context.Canceled.Error())
+var errContextDeadline = status.Error(codes.DeadlineExceeded, context.DeadlineExceeded.Error())
+
 // toRPCErr converts an error into an error from the status package.
 func toRPCErr(err error) error {
 	switch err {
 	case nil, io.EOF:
 		return err
 	case context.DeadlineExceeded:
-		return status.Error(codes.DeadlineExceeded, err.Error())
+		return errContextDeadline
 	case context.Canceled:
-		return status.Error(codes.Canceled, err.Error())
+		return errContextCanceled
 	case io.ErrUnexpectedEOF:
 		return status.Error(codes.Internal, err.Error())
 	}
diff --git a/apis/vendor/google.golang.org/grpc/server.go b/apis/vendor/google.golang.org/grpc/server.go
index 8869cc906..8f60d4214 100644
--- a/apis/vendor/google.golang.org/grpc/server.go
+++ b/apis/vendor/google.golang.org/grpc/server.go
@@ -86,7 +86,7 @@ func init() {
 var statusOK = status.New(codes.OK, "")
 var logger = grpclog.Component("core")
 
-type methodHandler func(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor UnaryServerInterceptor) (interface{}, error)
+type methodHandler func(srv any, ctx context.Context, dec func(any) error, interceptor UnaryServerInterceptor) (any, error)
 
 // MethodDesc represents an RPC service's method specification.
 type MethodDesc struct {
@@ -99,20 +99,20 @@ type ServiceDesc struct {
 	ServiceName string
 	// The pointer to the service interface. Used to check whether the user
 	// provided implementation satisfies the interface requirements.
-	HandlerType interface{}
+	HandlerType any
 	Methods     []MethodDesc
 	Streams     []StreamDesc
-	Metadata    interface{}
+	Metadata    any
 }
 
 // serviceInfo wraps information about a service. It is very similar to
 // ServiceDesc and is constructed from it for internal purposes.
 type serviceInfo struct {
 	// Contains the implementation for the methods in this service.
-	serviceImpl interface{}
+	serviceImpl any
 	methods     map[string]*MethodDesc
 	streams     map[string]*StreamDesc
-	mdata       interface{}
+	mdata       any
 }
 
 // Server is a gRPC server to serve RPC requests.
@@ -164,10 +164,12 @@ type serverOptions struct {
 	initialConnWindowSize int32
 	writeBufferSize       int
 	readBufferSize        int
+	sharedWriteBuffer     bool
 	connectionTimeout     time.Duration
 	maxHeaderListSize     *uint32
 	headerTableSize       *uint32
 	numServerWorkers      uint32
+	recvBufferPool        SharedBufferPool
 }
 
 var defaultServerOptions = serverOptions{
@@ -177,6 +179,7 @@ var defaultServerOptions = serverOptions{
 	connectionTimeout:     120 * time.Second,
 	writeBufferSize:       defaultWriteBufSize,
 	readBufferSize:        defaultReadBufSize,
+	recvBufferPool:        nopBufferPool{},
 }
 var globalServerOptions []ServerOption
 
@@ -228,6 +231,20 @@ func newJoinServerOption(opts ...ServerOption) ServerOption {
 	return &joinServerOption{opts: opts}
 }
 
+// SharedWriteBuffer allows reusing per-connection transport write buffer.
+// If this option is set to true every connection will release the buffer after
+// flushing the data on the wire.
+//
+// # Experimental
+//
+// Notice: This API is EXPERIMENTAL and may be changed or removed in a
+// later release.
+func SharedWriteBuffer(val bool) ServerOption {
+	return newFuncServerOption(func(o *serverOptions) {
+		o.sharedWriteBuffer = val
+	})
+}
+
 // WriteBufferSize determines how much data can be batched before doing a write
 // on the wire. The corresponding memory allocation for this buffer will be
 // twice the size to keep syscalls low. The default value for this buffer is
@@ -268,9 +285,9 @@ func InitialConnWindowSize(s int32) ServerOption {
 
 // KeepaliveParams returns a ServerOption that sets keepalive and max-age parameters for the server.
 func KeepaliveParams(kp keepalive.ServerParameters) ServerOption {
-	if kp.Time > 0 && kp.Time < time.Second {
+	if kp.Time > 0 && kp.Time < internal.KeepaliveMinServerPingTime {
 		logger.Warning("Adjusting keepalive ping interval to minimum period of 1s")
-		kp.Time = time.Second
+		kp.Time = internal.KeepaliveMinServerPingTime
 	}
 
 	return newFuncServerOption(func(o *serverOptions) {
@@ -550,6 +567,27 @@ func NumStreamWorkers(numServerWorkers uint32) ServerOption {
 	})
 }
 
+// RecvBufferPool returns a ServerOption that configures the server
+// to use the provided shared buffer pool for parsing incoming messages. Depending
+// on the application's workload, this could result in reduced memory allocation.
+//
+// If you are unsure about how to implement a memory pool but want to utilize one,
+// begin with grpc.NewSharedBufferPool.
+//
+// Note: The shared buffer pool feature will not be active if any of the following
+// options are used: StatsHandler, EnableTracing, or binary logging. In such
+// cases, the shared buffer pool will be ignored.
+//
+// # Experimental
+//
+// Notice: This API is EXPERIMENTAL and may be changed or removed in a
+// later release.
+func RecvBufferPool(bufferPool SharedBufferPool) ServerOption {
+	return newFuncServerOption(func(o *serverOptions) {
+		o.recvBufferPool = bufferPool
+	})
+}
+
 // serverWorkerResetThreshold defines how often the stack must be reset. Every
 // N requests, by spawning a new goroutine in its place, a worker can reset its
 // stack so that large stacks don't live in memory forever. 2^16 should allow
@@ -625,7 +663,7 @@ func NewServer(opt ...ServerOption) *Server {
 
 // printf records an event in s's event log, unless s has been stopped.
 // REQUIRES s.mu is held.
-func (s *Server) printf(format string, a ...interface{}) {
+func (s *Server) printf(format string, a ...any) {
 	if s.events != nil {
 		s.events.Printf(format, a...)
 	}
@@ -633,7 +671,7 @@ func (s *Server) printf(format string, a ...interface{}) {
 
 // errorf records an error in s's event log, unless s has been stopped.
 // REQUIRES s.mu is held.
-func (s *Server) errorf(format string, a ...interface{}) {
+func (s *Server) errorf(format string, a ...any) {
 	if s.events != nil {
 		s.events.Errorf(format, a...)
 	}
@@ -648,14 +686,14 @@ type ServiceRegistrar interface {
 	// once the server has started serving.
 	// desc describes the service and its methods and handlers. impl is the
 	// service implementation which is passed to the method handlers.
-	RegisterService(desc *ServiceDesc, impl interface{})
+	RegisterService(desc *ServiceDesc, impl any)
 }
 
 // RegisterService registers a service and its implementation to the gRPC
 // server. It is called from the IDL generated code. This must be called before
 // invoking Serve. If ss is non-nil (for legacy code), its type is checked to
 // ensure it implements sd.HandlerType.
-func (s *Server) RegisterService(sd *ServiceDesc, ss interface{}) {
+func (s *Server) RegisterService(sd *ServiceDesc, ss any) {
 	if ss != nil {
 		ht := reflect.TypeOf(sd.HandlerType).Elem()
 		st := reflect.TypeOf(ss)
@@ -666,7 +704,7 @@ func (s *Server) RegisterService(sd *ServiceDesc, ss interface{}) {
 	s.register(sd, ss)
 }
 
-func (s *Server) register(sd *ServiceDesc, ss interface{}) {
+func (s *Server) register(sd *ServiceDesc, ss any) {
 	s.mu.Lock()
 	defer s.mu.Unlock()
 	s.printf("RegisterService(%q)", sd.ServiceName)
@@ -707,7 +745,7 @@ type MethodInfo struct {
 type ServiceInfo struct {
 	Methods []MethodInfo
 	// Metadata is the metadata specified in ServiceDesc when registering service.
-	Metadata interface{}
+	Metadata any
 }
 
 // GetServiceInfo returns a map from service names to ServiceInfo.
@@ -908,6 +946,7 @@ func (s *Server) newHTTP2Transport(c net.Conn) transport.ServerTransport {
 		InitialConnWindowSize: s.opts.initialConnWindowSize,
 		WriteBufferSize:       s.opts.writeBufferSize,
 		ReadBufferSize:        s.opts.readBufferSize,
+		SharedWriteBuffer:     s.opts.sharedWriteBuffer,
 		ChannelzParentID:      s.channelzID,
 		MaxHeaderListSize:     s.opts.maxHeaderListSize,
 		HeaderTableSize:       s.opts.headerTableSize,
@@ -944,7 +983,7 @@ func (s *Server) serveStreams(st transport.ServerTransport) {
 		f := func() {
 			defer streamQuota.release()
 			defer wg.Done()
-			s.handleStream(st, stream, s.traceInfo(st, stream))
+			s.handleStream(st, stream)
 		}
 
 		if s.opts.numServerWorkers > 0 {
@@ -956,12 +995,6 @@ func (s *Server) serveStreams(st transport.ServerTransport) {
 			}
 		}
 		go f()
-	}, func(ctx context.Context, method string) context.Context {
-		if !EnableTracing {
-			return ctx
-		}
-		tr := trace.New("grpc.Recv."+methodFamily(method), method)
-		return trace.NewContext(ctx, tr)
 	})
 	wg.Wait()
 }
@@ -1010,30 +1043,6 @@ func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	s.serveStreams(st)
 }
 
-// traceInfo returns a traceInfo and associates it with stream, if tracing is enabled.
-// If tracing is not enabled, it returns nil.
-func (s *Server) traceInfo(st transport.ServerTransport, stream *transport.Stream) (trInfo *traceInfo) {
-	if !EnableTracing {
-		return nil
-	}
-	tr, ok := trace.FromContext(stream.Context())
-	if !ok {
-		return nil
-	}
-
-	trInfo = &traceInfo{
-		tr: tr,
-		firstLine: firstLine{
-			client:     false,
-			remoteAddr: st.RemoteAddr(),
-		},
-	}
-	if dl, ok := stream.Context().Deadline(); ok {
-		trInfo.firstLine.deadline = time.Until(dl)
-	}
-	return trInfo
-}
-
 func (s *Server) addConn(addr string, st transport.ServerTransport) bool {
 	s.mu.Lock()
 	defer s.mu.Unlock()
@@ -1094,7 +1103,7 @@ func (s *Server) incrCallsFailed() {
 	atomic.AddInt64(&s.czData.callsFailed, 1)
 }
 
-func (s *Server) sendResponse(t transport.ServerTransport, stream *transport.Stream, msg interface{}, cp Compressor, opts *transport.Options, comp encoding.Compressor) error {
+func (s *Server) sendResponse(ctx context.Context, t transport.ServerTransport, stream *transport.Stream, msg any, cp Compressor, opts *transport.Options, comp encoding.Compressor) error {
 	data, err := encode(s.getCodec(stream.ContentSubtype()), msg)
 	if err != nil {
 		channelz.Error(logger, s.channelzID, "grpc: server failed to encode response: ", err)
@@ -1113,7 +1122,7 @@ func (s *Server) sendResponse(t transport.ServerTransport, stream *transport.Str
 	err = t.Write(stream, hdr, payload, opts)
 	if err == nil {
 		for _, sh := range s.opts.statsHandlers {
-			sh.HandleRPC(stream.Context(), outPayload(false, msg, data, payload, time.Now()))
+			sh.HandleRPC(ctx, outPayload(false, msg, data, payload, time.Now()))
 		}
 	}
 	return err
@@ -1141,7 +1150,7 @@ func chainUnaryServerInterceptors(s *Server) {
 }
 
 func chainUnaryInterceptors(interceptors []UnaryServerInterceptor) UnaryServerInterceptor {
-	return func(ctx context.Context, req interface{}, info *UnaryServerInfo, handler UnaryHandler) (interface{}, error) {
+	return func(ctx context.Context, req any, info *UnaryServerInfo, handler UnaryHandler) (any, error) {
 		return interceptors[0](ctx, req, info, getChainUnaryHandler(interceptors, 0, info, handler))
 	}
 }
@@ -1150,12 +1159,12 @@ func getChainUnaryHandler(interceptors []UnaryServerInterceptor, curr int, info
 	if curr == len(interceptors)-1 {
 		return finalHandler
 	}
-	return func(ctx context.Context, req interface{}) (interface{}, error) {
+	return func(ctx context.Context, req any) (any, error) {
 		return interceptors[curr+1](ctx, req, info, getChainUnaryHandler(interceptors, curr+1, info, finalHandler))
 	}
 }
 
-func (s *Server) processUnaryRPC(t transport.ServerTransport, stream *transport.Stream, info *serviceInfo, md *MethodDesc, trInfo *traceInfo) (err error) {
+func (s *Server) processUnaryRPC(ctx context.Context, t transport.ServerTransport, stream *transport.Stream, info *serviceInfo, md *MethodDesc, trInfo *traceInfo) (err error) {
 	shs := s.opts.statsHandlers
 	if len(shs) != 0 || trInfo != nil || channelz.IsOn() {
 		if channelz.IsOn() {
@@ -1169,7 +1178,7 @@ func (s *Server) processUnaryRPC(t transport.ServerTransport, stream *transport.
 				IsClientStream: false,
 				IsServerStream: false,
 			}
-			sh.HandleRPC(stream.Context(), statsBegin)
+			sh.HandleRPC(ctx, statsBegin)
 		}
 		if trInfo != nil {
 			trInfo.tr.LazyLog(&trInfo.firstLine, false)
@@ -1187,7 +1196,7 @@ func (s *Server) processUnaryRPC(t transport.ServerTransport, stream *transport.
 		defer func() {
 			if trInfo != nil {
 				if err != nil && err != io.EOF {
-					trInfo.tr.LazyLog(&fmtStringer{"%v", []interface{}{err}}, true)
+					trInfo.tr.LazyLog(&fmtStringer{"%v", []any{err}}, true)
 					trInfo.tr.SetError()
 				}
 				trInfo.tr.Finish()
@@ -1201,7 +1210,7 @@ func (s *Server) processUnaryRPC(t transport.ServerTransport, stream *transport.
 				if err != nil && err != io.EOF {
 					end.Error = toRPCErr(err)
 				}
-				sh.HandleRPC(stream.Context(), end)
+				sh.HandleRPC(ctx, end)
 			}
 
 			if channelz.IsOn() {
@@ -1223,7 +1232,6 @@ func (s *Server) processUnaryRPC(t transport.ServerTransport, stream *transport.
 		}
 	}
 	if len(binlogs) != 0 {
-		ctx := stream.Context()
 		md, _ := metadata.FromIncomingContext(ctx)
 		logEntry := &binarylog.ClientHeader{
 			Header:     md,
@@ -1294,7 +1302,7 @@ func (s *Server) processUnaryRPC(t transport.ServerTransport, stream *transport.
 	if len(shs) != 0 || len(binlogs) != 0 {
 		payInfo = &payloadInfo{}
 	}
-	d, err := recvAndDecompress(&parser{r: stream}, stream, dc, s.opts.maxReceiveMessageSize, payInfo, decomp)
+	d, err := recvAndDecompress(&parser{r: stream, recvBufferPool: s.opts.recvBufferPool}, stream, dc, s.opts.maxReceiveMessageSize, payInfo, decomp)
 	if err != nil {
 		if e := t.WriteStatus(stream, status.Convert(err)); e != nil {
 			channelz.Warningf(logger, s.channelzID, "grpc: Server.processUnaryRPC failed to write status: %v", e)
@@ -1304,12 +1312,12 @@ func (s *Server) processUnaryRPC(t transport.ServerTransport, stream *transport.
 	if channelz.IsOn() {
 		t.IncrMsgRecv()
 	}
-	df := func(v interface{}) error {
+	df := func(v any) error {
 		if err := s.getCodec(stream.ContentSubtype()).Unmarshal(d, v); err != nil {
 			return status.Errorf(codes.Internal, "grpc: error unmarshalling request: %v", err)
 		}
 		for _, sh := range shs {
-			sh.HandleRPC(stream.Context(), &stats.InPayload{
+			sh.HandleRPC(ctx, &stats.InPayload{
 				RecvTime:         time.Now(),
 				Payload:          v,
 				Length:           len(d),
@@ -1323,7 +1331,7 @@ func (s *Server) processUnaryRPC(t transport.ServerTransport, stream *transport.
 				Message: d,
 			}
 			for _, binlog := range binlogs {
-				binlog.Log(stream.Context(), cm)
+				binlog.Log(ctx, cm)
 			}
 		}
 		if trInfo != nil {
@@ -1331,7 +1339,7 @@ func (s *Server) processUnaryRPC(t transport.ServerTransport, stream *transport.
 		}
 		return nil
 	}
-	ctx := NewContextWithServerTransportStream(stream.Context(), stream)
+	ctx = NewContextWithServerTransportStream(ctx, stream)
 	reply, appErr := md.Handler(info.serviceImpl, ctx, df, s.opts.unaryInt)
 	if appErr != nil {
 		appStatus, ok := status.FromError(appErr)
@@ -1356,7 +1364,7 @@ func (s *Server) processUnaryRPC(t transport.ServerTransport, stream *transport.
 					Header: h,
 				}
 				for _, binlog := range binlogs {
-					binlog.Log(stream.Context(), sh)
+					binlog.Log(ctx, sh)
 				}
 			}
 			st := &binarylog.ServerTrailer{
@@ -1364,7 +1372,7 @@ func (s *Server) processUnaryRPC(t transport.ServerTransport, stream *transport.
 				Err:     appErr,
 			}
 			for _, binlog := range binlogs {
-				binlog.Log(stream.Context(), st)
+				binlog.Log(ctx, st)
 			}
 		}
 		return appErr
@@ -1379,7 +1387,7 @@ func (s *Server) processUnaryRPC(t transport.ServerTransport, stream *transport.
 	if stream.SendCompress() != sendCompressorName {
 		comp = encoding.GetCompressor(stream.SendCompress())
 	}
-	if err := s.sendResponse(t, stream, reply, cp, opts, comp); err != nil {
+	if err := s.sendResponse(ctx, t, stream, reply, cp, opts, comp); err != nil {
 		if err == io.EOF {
 			// The entire stream is done (for unary RPC only).
 			return err
@@ -1406,8 +1414,8 @@ func (s *Server) processUnaryRPC(t transport.ServerTransport, stream *transport.
 				Err:     appErr,
 			}
 			for _, binlog := range binlogs {
-				binlog.Log(stream.Context(), sh)
-				binlog.Log(stream.Context(), st)
+				binlog.Log(ctx, sh)
+				binlog.Log(ctx, st)
 			}
 		}
 		return err
@@ -1421,8 +1429,8 @@ func (s *Server) processUnaryRPC(t transport.ServerTransport, stream *transport.
 			Message: reply,
 		}
 		for _, binlog := range binlogs {
-			binlog.Log(stream.Context(), sh)
-			binlog.Log(stream.Context(), sm)
+			binlog.Log(ctx, sh)
+			binlog.Log(ctx, sm)
 		}
 	}
 	if channelz.IsOn() {
@@ -1440,7 +1448,7 @@ func (s *Server) processUnaryRPC(t transport.ServerTransport, stream *transport.
 			Err:     appErr,
 		}
 		for _, binlog := range binlogs {
-			binlog.Log(stream.Context(), st)
+			binlog.Log(ctx, st)
 		}
 	}
 	return t.WriteStatus(stream, statusOK)
@@ -1468,7 +1476,7 @@ func chainStreamServerInterceptors(s *Server) {
 }
 
 func chainStreamInterceptors(interceptors []StreamServerInterceptor) StreamServerInterceptor {
-	return func(srv interface{}, ss ServerStream, info *StreamServerInfo, handler StreamHandler) error {
+	return func(srv any, ss ServerStream, info *StreamServerInfo, handler StreamHandler) error {
 		return interceptors[0](srv, ss, info, getChainStreamHandler(interceptors, 0, info, handler))
 	}
 }
@@ -1477,12 +1485,12 @@ func getChainStreamHandler(interceptors []StreamServerInterceptor, curr int, inf
 	if curr == len(interceptors)-1 {
 		return finalHandler
 	}
-	return func(srv interface{}, stream ServerStream) error {
+	return func(srv any, stream ServerStream) error {
 		return interceptors[curr+1](srv, stream, info, getChainStreamHandler(interceptors, curr+1, info, finalHandler))
 	}
 }
 
-func (s *Server) processStreamingRPC(t transport.ServerTransport, stream *transport.Stream, info *serviceInfo, sd *StreamDesc, trInfo *traceInfo) (err error) {
+func (s *Server) processStreamingRPC(ctx context.Context, t transport.ServerTransport, stream *transport.Stream, info *serviceInfo, sd *StreamDesc, trInfo *traceInfo) (err error) {
 	if channelz.IsOn() {
 		s.incrCallsStarted()
 	}
@@ -1496,15 +1504,15 @@ func (s *Server) processStreamingRPC(t transport.ServerTransport, stream *transp
 			IsServerStream: sd.ServerStreams,
 		}
 		for _, sh := range shs {
-			sh.HandleRPC(stream.Context(), statsBegin)
+			sh.HandleRPC(ctx, statsBegin)
 		}
 	}
-	ctx := NewContextWithServerTransportStream(stream.Context(), stream)
+	ctx = NewContextWithServerTransportStream(ctx, stream)
 	ss := &serverStream{
 		ctx:                   ctx,
 		t:                     t,
 		s:                     stream,
-		p:                     &parser{r: stream},
+		p:                     &parser{r: stream, recvBufferPool: s.opts.recvBufferPool},
 		codec:                 s.getCodec(stream.ContentSubtype()),
 		maxReceiveMessageSize: s.opts.maxReceiveMessageSize,
 		maxSendMessageSize:    s.opts.maxSendMessageSize,
@@ -1518,7 +1526,7 @@ func (s *Server) processStreamingRPC(t transport.ServerTransport, stream *transp
 			if trInfo != nil {
 				ss.mu.Lock()
 				if err != nil && err != io.EOF {
-					ss.trInfo.tr.LazyLog(&fmtStringer{"%v", []interface{}{err}}, true)
+					ss.trInfo.tr.LazyLog(&fmtStringer{"%v", []any{err}}, true)
 					ss.trInfo.tr.SetError()
 				}
 				ss.trInfo.tr.Finish()
@@ -1535,7 +1543,7 @@ func (s *Server) processStreamingRPC(t transport.ServerTransport, stream *transp
 					end.Error = toRPCErr(err)
 				}
 				for _, sh := range shs {
-					sh.HandleRPC(stream.Context(), end)
+					sh.HandleRPC(ctx, end)
 				}
 			}
 
@@ -1577,7 +1585,7 @@ func (s *Server) processStreamingRPC(t transport.ServerTransport, stream *transp
 			logEntry.PeerAddr = peer.Addr
 		}
 		for _, binlog := range ss.binlogs {
-			binlog.Log(stream.Context(), logEntry)
+			binlog.Log(ctx, logEntry)
 		}
 	}
 
@@ -1621,7 +1629,7 @@ func (s *Server) processStreamingRPC(t transport.ServerTransport, stream *transp
 		trInfo.tr.LazyLog(&trInfo.firstLine, false)
 	}
 	var appErr error
-	var server interface{}
+	var server any
 	if info != nil {
 		server = info.serviceImpl
 	}
@@ -1655,7 +1663,7 @@ func (s *Server) processStreamingRPC(t transport.ServerTransport, stream *transp
 				Err:     appErr,
 			}
 			for _, binlog := range ss.binlogs {
-				binlog.Log(stream.Context(), st)
+				binlog.Log(ctx, st)
 			}
 		}
 		t.WriteStatus(ss.s, appStatus)
@@ -1673,33 +1681,50 @@ func (s *Server) processStreamingRPC(t transport.ServerTransport, stream *transp
 			Err:     appErr,
 		}
 		for _, binlog := range ss.binlogs {
-			binlog.Log(stream.Context(), st)
+			binlog.Log(ctx, st)
 		}
 	}
 	return t.WriteStatus(ss.s, statusOK)
 }
 
-func (s *Server) handleStream(t transport.ServerTransport, stream *transport.Stream, trInfo *traceInfo) {
+func (s *Server) handleStream(t transport.ServerTransport, stream *transport.Stream) {
+	ctx := stream.Context()
+	var ti *traceInfo
+	if EnableTracing {
+		tr := trace.New("grpc.Recv."+methodFamily(stream.Method()), stream.Method())
+		ctx = trace.NewContext(ctx, tr)
+		ti = &traceInfo{
+			tr: tr,
+			firstLine: firstLine{
+				client:     false,
+				remoteAddr: t.RemoteAddr(),
+			},
+		}
+		if dl, ok := ctx.Deadline(); ok {
+			ti.firstLine.deadline = time.Until(dl)
+		}
+	}
+
 	sm := stream.Method()
 	if sm != "" && sm[0] == '/' {
 		sm = sm[1:]
 	}
 	pos := strings.LastIndex(sm, "/")
 	if pos == -1 {
-		if trInfo != nil {
-			trInfo.tr.LazyLog(&fmtStringer{"Malformed method name %q", []interface{}{sm}}, true)
-			trInfo.tr.SetError()
+		if ti != nil {
+			ti.tr.LazyLog(&fmtStringer{"Malformed method name %q", []any{sm}}, true)
+			ti.tr.SetError()
 		}
 		errDesc := fmt.Sprintf("malformed method name: %q", stream.Method())
 		if err := t.WriteStatus(stream, status.New(codes.Unimplemented, errDesc)); err != nil {
-			if trInfo != nil {
-				trInfo.tr.LazyLog(&fmtStringer{"%v", []interface{}{err}}, true)
-				trInfo.tr.SetError()
+			if ti != nil {
+				ti.tr.LazyLog(&fmtStringer{"%v", []any{err}}, true)
+				ti.tr.SetError()
 			}
 			channelz.Warningf(logger, s.channelzID, "grpc: Server.handleStream failed to write status: %v", err)
 		}
-		if trInfo != nil {
-			trInfo.tr.Finish()
+		if ti != nil {
+			ti.tr.Finish()
 		}
 		return
 	}
@@ -1709,17 +1734,17 @@ func (s *Server) handleStream(t transport.ServerTransport, stream *transport.Str
 	srv, knownService := s.services[service]
 	if knownService {
 		if md, ok := srv.methods[method]; ok {
-			s.processUnaryRPC(t, stream, srv, md, trInfo)
+			s.processUnaryRPC(ctx, t, stream, srv, md, ti)
 			return
 		}
 		if sd, ok := srv.streams[method]; ok {
-			s.processStreamingRPC(t, stream, srv, sd, trInfo)
+			s.processStreamingRPC(ctx, t, stream, srv, sd, ti)
 			return
 		}
 	}
 	// Unknown service, or known server unknown method.
 	if unknownDesc := s.opts.unknownStreamDesc; unknownDesc != nil {
-		s.processStreamingRPC(t, stream, nil, unknownDesc, trInfo)
+		s.processStreamingRPC(ctx, t, stream, nil, unknownDesc, ti)
 		return
 	}
 	var errDesc string
@@ -1728,19 +1753,19 @@ func (s *Server) handleStream(t transport.ServerTransport, stream *transport.Str
 	} else {
 		errDesc = fmt.Sprintf("unknown method %v for service %v", method, service)
 	}
-	if trInfo != nil {
-		trInfo.tr.LazyPrintf("%s", errDesc)
-		trInfo.tr.SetError()
+	if ti != nil {
+		ti.tr.LazyPrintf("%s", errDesc)
+		ti.tr.SetError()
 	}
 	if err := t.WriteStatus(stream, status.New(codes.Unimplemented, errDesc)); err != nil {
-		if trInfo != nil {
-			trInfo.tr.LazyLog(&fmtStringer{"%v", []interface{}{err}}, true)
-			trInfo.tr.SetError()
+		if ti != nil {
+			ti.tr.LazyLog(&fmtStringer{"%v", []any{err}}, true)
+			ti.tr.SetError()
 		}
 		channelz.Warningf(logger, s.channelzID, "grpc: Server.handleStream failed to write status: %v", err)
 	}
-	if trInfo != nil {
-		trInfo.tr.Finish()
+	if ti != nil {
+		ti.tr.Finish()
 	}
 }
 
@@ -2054,12 +2079,12 @@ func validateSendCompressor(name, clientCompressors string) error {
 // atomicSemaphore implements a blocking, counting semaphore. acquire should be
 // called synchronously; release may be called asynchronously.
 type atomicSemaphore struct {
-	n    int64
+	n    atomic.Int64
 	wait chan struct{}
 }
 
 func (q *atomicSemaphore) acquire() {
-	if atomic.AddInt64(&q.n, -1) < 0 {
+	if q.n.Add(-1) < 0 {
 		// We ran out of quota.  Block until a release happens.
 		<-q.wait
 	}
@@ -2070,12 +2095,14 @@ func (q *atomicSemaphore) release() {
 	// concurrent calls to acquire, but also note that with synchronous calls to
 	// acquire, as our system does, n will never be less than -1.  There are
 	// fairness issues (queuing) to consider if this was to be generalized.
-	if atomic.AddInt64(&q.n, 1) <= 0 {
+	if q.n.Add(1) <= 0 {
 		// An acquire was waiting on us.  Unblock it.
 		q.wait <- struct{}{}
 	}
 }
 
 func newHandlerQuota(n uint32) *atomicSemaphore {
-	return &atomicSemaphore{n: int64(n), wait: make(chan struct{}, 1)}
+	a := &atomicSemaphore{wait: make(chan struct{}, 1)}
+	a.n.Store(int64(n))
+	return a
 }
diff --git a/apis/vendor/google.golang.org/grpc/shared_buffer_pool.go b/apis/vendor/google.golang.org/grpc/shared_buffer_pool.go
new file mode 100644
index 000000000..48a64cfe8
--- /dev/null
+++ b/apis/vendor/google.golang.org/grpc/shared_buffer_pool.go
@@ -0,0 +1,154 @@
+/*
+ *
+ * Copyright 2023 gRPC authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package grpc
+
+import "sync"
+
+// SharedBufferPool is a pool of buffers that can be shared, resulting in
+// decreased memory allocation. Currently, in gRPC-go, it is only utilized
+// for parsing incoming messages.
+//
+// # Experimental
+//
+// Notice: This API is EXPERIMENTAL and may be changed or removed in a
+// later release.
+type SharedBufferPool interface {
+	// Get returns a buffer with specified length from the pool.
+	//
+	// The returned byte slice may be not zero initialized.
+	Get(length int) []byte
+
+	// Put returns a buffer to the pool.
+	Put(*[]byte)
+}
+
+// NewSharedBufferPool creates a simple SharedBufferPool with buckets
+// of different sizes to optimize memory usage. This prevents the pool from
+// wasting large amounts of memory, even when handling messages of varying sizes.
+//
+// # Experimental
+//
+// Notice: This API is EXPERIMENTAL and may be changed or removed in a
+// later release.
+func NewSharedBufferPool() SharedBufferPool {
+	return &simpleSharedBufferPool{
+		pools: [poolArraySize]simpleSharedBufferChildPool{
+			newBytesPool(level0PoolMaxSize),
+			newBytesPool(level1PoolMaxSize),
+			newBytesPool(level2PoolMaxSize),
+			newBytesPool(level3PoolMaxSize),
+			newBytesPool(level4PoolMaxSize),
+			newBytesPool(0),
+		},
+	}
+}
+
+// simpleSharedBufferPool is a simple implementation of SharedBufferPool.
+type simpleSharedBufferPool struct {
+	pools [poolArraySize]simpleSharedBufferChildPool
+}
+
+func (p *simpleSharedBufferPool) Get(size int) []byte {
+	return p.pools[p.poolIdx(size)].Get(size)
+}
+
+func (p *simpleSharedBufferPool) Put(bs *[]byte) {
+	p.pools[p.poolIdx(cap(*bs))].Put(bs)
+}
+
+func (p *simpleSharedBufferPool) poolIdx(size int) int {
+	switch {
+	case size <= level0PoolMaxSize:
+		return level0PoolIdx
+	case size <= level1PoolMaxSize:
+		return level1PoolIdx
+	case size <= level2PoolMaxSize:
+		return level2PoolIdx
+	case size <= level3PoolMaxSize:
+		return level3PoolIdx
+	case size <= level4PoolMaxSize:
+		return level4PoolIdx
+	default:
+		return levelMaxPoolIdx
+	}
+}
+
+const (
+	level0PoolMaxSize = 16                     //  16  B
+	level1PoolMaxSize = level0PoolMaxSize * 16 // 256  B
+	level2PoolMaxSize = level1PoolMaxSize * 16 //   4 KB
+	level3PoolMaxSize = level2PoolMaxSize * 16 //  64 KB
+	level4PoolMaxSize = level3PoolMaxSize * 16 //   1 MB
+)
+
+const (
+	level0PoolIdx = iota
+	level1PoolIdx
+	level2PoolIdx
+	level3PoolIdx
+	level4PoolIdx
+	levelMaxPoolIdx
+	poolArraySize
+)
+
+type simpleSharedBufferChildPool interface {
+	Get(size int) []byte
+	Put(any)
+}
+
+type bufferPool struct {
+	sync.Pool
+
+	defaultSize int
+}
+
+func (p *bufferPool) Get(size int) []byte {
+	bs := p.Pool.Get().(*[]byte)
+
+	if cap(*bs) < size {
+		p.Pool.Put(bs)
+
+		return make([]byte, size)
+	}
+
+	return (*bs)[:size]
+}
+
+func newBytesPool(size int) simpleSharedBufferChildPool {
+	return &bufferPool{
+		Pool: sync.Pool{
+			New: func() any {
+				bs := make([]byte, size)
+				return &bs
+			},
+		},
+		defaultSize: size,
+	}
+}
+
+// nopBufferPool is a buffer pool just makes new buffer without pooling.
+type nopBufferPool struct {
+}
+
+func (nopBufferPool) Get(length int) []byte {
+	return make([]byte, length)
+}
+
+func (nopBufferPool) Put(*[]byte) {
+}
diff --git a/apis/vendor/google.golang.org/grpc/stats/stats.go b/apis/vendor/google.golang.org/grpc/stats/stats.go
index 7a552a9b7..4ab70e2d4 100644
--- a/apis/vendor/google.golang.org/grpc/stats/stats.go
+++ b/apis/vendor/google.golang.org/grpc/stats/stats.go
@@ -59,12 +59,22 @@ func (s *Begin) IsClient() bool { return s.Client }
 
 func (s *Begin) isRPCStats() {}
 
+// PickerUpdated indicates that the LB policy provided a new picker while the
+// RPC was waiting for one.
+type PickerUpdated struct{}
+
+// IsClient indicates if the stats information is from client side. Only Client
+// Side interfaces with a Picker, thus always returns true.
+func (*PickerUpdated) IsClient() bool { return true }
+
+func (*PickerUpdated) isRPCStats() {}
+
 // InPayload contains the information for an incoming payload.
 type InPayload struct {
 	// Client is true if this InPayload is from client side.
 	Client bool
 	// Payload is the payload with original type.
-	Payload interface{}
+	Payload any
 	// Data is the serialized message payload.
 	Data []byte
 
@@ -134,7 +144,7 @@ type OutPayload struct {
 	// Client is true if this OutPayload is from client side.
 	Client bool
 	// Payload is the payload with original type.
-	Payload interface{}
+	Payload any
 	// Data is the serialized message payload.
 	Data []byte
 	// Length is the size of the uncompressed payload data. Does not include any
diff --git a/apis/vendor/google.golang.org/grpc/status/status.go b/apis/vendor/google.golang.org/grpc/status/status.go
index bcf2e4d81..a93360efb 100644
--- a/apis/vendor/google.golang.org/grpc/status/status.go
+++ b/apis/vendor/google.golang.org/grpc/status/status.go
@@ -50,7 +50,7 @@ func New(c codes.Code, msg string) *Status {
 }
 
 // Newf returns New(c, fmt.Sprintf(format, a...)).
-func Newf(c codes.Code, format string, a ...interface{}) *Status {
+func Newf(c codes.Code, format string, a ...any) *Status {
 	return New(c, fmt.Sprintf(format, a...))
 }
 
@@ -60,7 +60,7 @@ func Error(c codes.Code, msg string) error {
 }
 
 // Errorf returns Error(c, fmt.Sprintf(format, a...)).
-func Errorf(c codes.Code, format string, a ...interface{}) error {
+func Errorf(c codes.Code, format string, a ...any) error {
 	return Error(c, fmt.Sprintf(format, a...))
 }
 
@@ -99,25 +99,27 @@ func FromError(err error) (s *Status, ok bool) {
 	}
 	type grpcstatus interface{ GRPCStatus() *Status }
 	if gs, ok := err.(grpcstatus); ok {
-		if gs.GRPCStatus() == nil {
+		grpcStatus := gs.GRPCStatus()
+		if grpcStatus == nil {
 			// Error has status nil, which maps to codes.OK. There
 			// is no sensible behavior for this, so we turn it into
 			// an error with codes.Unknown and discard the existing
 			// status.
 			return New(codes.Unknown, err.Error()), false
 		}
-		return gs.GRPCStatus(), true
+		return grpcStatus, true
 	}
 	var gs grpcstatus
 	if errors.As(err, &gs) {
-		if gs.GRPCStatus() == nil {
+		grpcStatus := gs.GRPCStatus()
+		if grpcStatus == nil {
 			// Error wraps an error that has status nil, which maps
 			// to codes.OK.  There is no sensible behavior for this,
 			// so we turn it into an error with codes.Unknown and
 			// discard the existing status.
 			return New(codes.Unknown, err.Error()), false
 		}
-		p := gs.GRPCStatus().Proto()
+		p := grpcStatus.Proto()
 		p.Message = err.Error()
 		return status.FromProto(p), true
 	}
diff --git a/apis/vendor/google.golang.org/grpc/stream.go b/apis/vendor/google.golang.org/grpc/stream.go
index 10092685b..b14b2fbea 100644
--- a/apis/vendor/google.golang.org/grpc/stream.go
+++ b/apis/vendor/google.golang.org/grpc/stream.go
@@ -31,6 +31,7 @@ import (
 	"google.golang.org/grpc/balancer"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/encoding"
+	"google.golang.org/grpc/internal"
 	"google.golang.org/grpc/internal/balancerload"
 	"google.golang.org/grpc/internal/binarylog"
 	"google.golang.org/grpc/internal/channelz"
@@ -54,7 +55,7 @@ import (
 // status package, or be one of the context errors. Otherwise, gRPC will use
 // codes.Unknown as the status code and err.Error() as the status message of the
 // RPC.
-type StreamHandler func(srv interface{}, stream ServerStream) error
+type StreamHandler func(srv any, stream ServerStream) error
 
 // StreamDesc represents a streaming RPC service's method specification.  Used
 // on the server when registering services and on the client when initiating
@@ -79,9 +80,9 @@ type Stream interface {
 	// Deprecated: See ClientStream and ServerStream documentation instead.
 	Context() context.Context
 	// Deprecated: See ClientStream and ServerStream documentation instead.
-	SendMsg(m interface{}) error
+	SendMsg(m any) error
 	// Deprecated: See ClientStream and ServerStream documentation instead.
-	RecvMsg(m interface{}) error
+	RecvMsg(m any) error
 }
 
 // ClientStream defines the client-side behavior of a streaming RPC.
@@ -90,7 +91,9 @@ type Stream interface {
 // status package.
 type ClientStream interface {
 	// Header returns the header metadata received from the server if there
-	// is any. It blocks if the metadata is not ready to read.
+	// is any. It blocks if the metadata is not ready to read.  If the metadata
+	// is nil and the error is also nil, then the stream was terminated without
+	// headers, and the status can be discovered by calling RecvMsg.
 	Header() (metadata.MD, error)
 	// Trailer returns the trailer metadata from the server, if there is any.
 	// It must only be called after stream.CloseAndRecv has returned, or
@@ -126,7 +129,7 @@ type ClientStream interface {
 	//
 	// It is not safe to modify the message after calling SendMsg. Tracing
 	// libraries and stats handlers may use the message lazily.
-	SendMsg(m interface{}) error
+	SendMsg(m any) error
 	// RecvMsg blocks until it receives a message into m or the stream is
 	// done. It returns io.EOF when the stream completes successfully. On
 	// any other error, the stream is aborted and the error contains the RPC
@@ -135,7 +138,7 @@ type ClientStream interface {
 	// It is safe to have a goroutine calling SendMsg and another goroutine
 	// calling RecvMsg on the same stream at the same time, but it is not
 	// safe to call RecvMsg on the same stream in different goroutines.
-	RecvMsg(m interface{}) error
+	RecvMsg(m any) error
 }
 
 // NewStream creates a new Stream for the client side. This is typically
@@ -155,11 +158,6 @@ type ClientStream interface {
 // If none of the above happen, a goroutine and a context will be leaked, and grpc
 // will not call the optionally-configured stats handler with a stats.End message.
 func (cc *ClientConn) NewStream(ctx context.Context, desc *StreamDesc, method string, opts ...CallOption) (ClientStream, error) {
-	if err := cc.idlenessMgr.onCallBegin(); err != nil {
-		return nil, err
-	}
-	defer cc.idlenessMgr.onCallEnd()
-
 	// allow interceptor to see all applicable call options, which means those
 	// configured as defaults from dial option as well as per-call options
 	opts = combine(cc.dopts.callOptions, opts)
@@ -176,6 +174,16 @@ func NewClientStream(ctx context.Context, desc *StreamDesc, cc *ClientConn, meth
 }
 
 func newClientStream(ctx context.Context, desc *StreamDesc, cc *ClientConn, method string, opts ...CallOption) (_ ClientStream, err error) {
+	// Start tracking the RPC for idleness purposes. This is where a stream is
+	// created for both streaming and unary RPCs, and hence is a good place to
+	// track active RPC count.
+	if err := cc.idlenessMgr.OnCallBegin(); err != nil {
+		return nil, err
+	}
+	// Add a calloption, to decrement the active call count, that gets executed
+	// when the RPC completes.
+	opts = append([]CallOption{OnFinish(func(error) { cc.idlenessMgr.OnCallEnd() })}, opts...)
+
 	if md, added, ok := metadata.FromOutgoingContextRaw(ctx); ok {
 		// validate md
 		if err := imetadata.Validate(md); err != nil {
@@ -433,7 +441,7 @@ func (cs *clientStream) newAttemptLocked(isTransparent bool) (*csAttempt, error)
 		ctx = trace.NewContext(ctx, trInfo.tr)
 	}
 
-	if cs.cc.parsedTarget.URL.Scheme == "xds" {
+	if cs.cc.parsedTarget.URL.Scheme == internal.GRPCResolverSchemeExtraMetadata {
 		// Add extra metadata (metadata that will be added by transport) to context
 		// so the balancer can see them.
 		ctx = grpcutil.WithExtraMetadata(ctx, metadata.Pairs(
@@ -507,7 +515,7 @@ func (a *csAttempt) newStream() error {
 		return toRPCErr(nse.Err)
 	}
 	a.s = s
-	a.p = &parser{r: s}
+	a.p = &parser{r: s, recvBufferPool: a.cs.cc.dopts.recvBufferPool}
 	return nil
 }
 
@@ -788,23 +796,24 @@ func (cs *clientStream) withRetry(op func(a *csAttempt) error, onSuccess func())
 
 func (cs *clientStream) Header() (metadata.MD, error) {
 	var m metadata.MD
-	noHeader := false
 	err := cs.withRetry(func(a *csAttempt) error {
 		var err error
 		m, err = a.s.Header()
-		if err == transport.ErrNoHeaders {
-			noHeader = true
-			return nil
-		}
 		return toRPCErr(err)
 	}, cs.commitAttemptLocked)
 
+	if m == nil && err == nil {
+		// The stream ended with success.  Finish the clientStream.
+		err = io.EOF
+	}
+
 	if err != nil {
 		cs.finish(err)
-		return nil, err
+		// Do not return the error.  The user should get it by calling Recv().
+		return nil, nil
 	}
 
-	if len(cs.binlogs) != 0 && !cs.serverHeaderBinlogged && !noHeader {
+	if len(cs.binlogs) != 0 && !cs.serverHeaderBinlogged && m != nil {
 		// Only log if binary log is on and header has not been logged, and
 		// there is actually headers to log.
 		logEntry := &binarylog.ServerHeader{
@@ -820,6 +829,7 @@ func (cs *clientStream) Header() (metadata.MD, error) {
 			binlog.Log(cs.ctx, logEntry)
 		}
 	}
+
 	return m, nil
 }
 
@@ -860,7 +870,7 @@ func (cs *clientStream) bufferForRetryLocked(sz int, op func(a *csAttempt) error
 	cs.buffer = append(cs.buffer, op)
 }
 
-func (cs *clientStream) SendMsg(m interface{}) (err error) {
+func (cs *clientStream) SendMsg(m any) (err error) {
 	defer func() {
 		if err != nil && err != io.EOF {
 			// Call finish on the client stream for errors generated by this SendMsg
@@ -904,7 +914,7 @@ func (cs *clientStream) SendMsg(m interface{}) (err error) {
 	return err
 }
 
-func (cs *clientStream) RecvMsg(m interface{}) error {
+func (cs *clientStream) RecvMsg(m any) error {
 	if len(cs.binlogs) != 0 && !cs.serverHeaderBinlogged {
 		// Call Header() to binary log header if it's not already logged.
 		cs.Header()
@@ -928,24 +938,6 @@ func (cs *clientStream) RecvMsg(m interface{}) error {
 	if err != nil || !cs.desc.ServerStreams {
 		// err != nil or non-server-streaming indicates end of stream.
 		cs.finish(err)
-
-		if len(cs.binlogs) != 0 {
-			// finish will not log Trailer. Log Trailer here.
-			logEntry := &binarylog.ServerTrailer{
-				OnClientSide: true,
-				Trailer:      cs.Trailer(),
-				Err:          err,
-			}
-			if logEntry.Err == io.EOF {
-				logEntry.Err = nil
-			}
-			if peer, ok := peer.FromContext(cs.Context()); ok {
-				logEntry.PeerAddr = peer.Addr
-			}
-			for _, binlog := range cs.binlogs {
-				binlog.Log(cs.ctx, logEntry)
-			}
-		}
 	}
 	return err
 }
@@ -1001,18 +993,30 @@ func (cs *clientStream) finish(err error) {
 			}
 		}
 	}
+
 	cs.mu.Unlock()
-	// For binary logging. only log cancel in finish (could be caused by RPC ctx
-	// canceled or ClientConn closed). Trailer will be logged in RecvMsg.
-	//
-	// Only one of cancel or trailer needs to be logged. In the cases where
-	// users don't call RecvMsg, users must have already canceled the RPC.
-	if len(cs.binlogs) != 0 && status.Code(err) == codes.Canceled {
-		c := &binarylog.Cancel{
-			OnClientSide: true,
-		}
-		for _, binlog := range cs.binlogs {
-			binlog.Log(cs.ctx, c)
+	// Only one of cancel or trailer needs to be logged.
+	if len(cs.binlogs) != 0 {
+		switch err {
+		case errContextCanceled, errContextDeadline, ErrClientConnClosing:
+			c := &binarylog.Cancel{
+				OnClientSide: true,
+			}
+			for _, binlog := range cs.binlogs {
+				binlog.Log(cs.ctx, c)
+			}
+		default:
+			logEntry := &binarylog.ServerTrailer{
+				OnClientSide: true,
+				Trailer:      cs.Trailer(),
+				Err:          err,
+			}
+			if peer, ok := peer.FromContext(cs.Context()); ok {
+				logEntry.PeerAddr = peer.Addr
+			}
+			for _, binlog := range cs.binlogs {
+				binlog.Log(cs.ctx, logEntry)
+			}
 		}
 	}
 	if err == nil {
@@ -1028,7 +1032,7 @@ func (cs *clientStream) finish(err error) {
 	cs.cancel()
 }
 
-func (a *csAttempt) sendMsg(m interface{}, hdr, payld, data []byte) error {
+func (a *csAttempt) sendMsg(m any, hdr, payld, data []byte) error {
 	cs := a.cs
 	if a.trInfo != nil {
 		a.mu.Lock()
@@ -1055,7 +1059,7 @@ func (a *csAttempt) sendMsg(m interface{}, hdr, payld, data []byte) error {
 	return nil
 }
 
-func (a *csAttempt) recvMsg(m interface{}, payInfo *payloadInfo) (err error) {
+func (a *csAttempt) recvMsg(m any, payInfo *payloadInfo) (err error) {
 	cs := a.cs
 	if len(a.statsHandlers) != 0 && payInfo == nil {
 		payInfo = &payloadInfo{}
@@ -1270,7 +1274,7 @@ func newNonRetryClientStream(ctx context.Context, desc *StreamDesc, method strin
 		return nil, err
 	}
 	as.s = s
-	as.p = &parser{r: s}
+	as.p = &parser{r: s, recvBufferPool: ac.dopts.recvBufferPool}
 	ac.incrCallsStarted()
 	if desc != unaryStreamDesc {
 		// Listen on stream context to cleanup when the stream context is
@@ -1348,7 +1352,7 @@ func (as *addrConnStream) Context() context.Context {
 	return as.s.Context()
 }
 
-func (as *addrConnStream) SendMsg(m interface{}) (err error) {
+func (as *addrConnStream) SendMsg(m any) (err error) {
 	defer func() {
 		if err != nil && err != io.EOF {
 			// Call finish on the client stream for errors generated by this SendMsg
@@ -1393,7 +1397,7 @@ func (as *addrConnStream) SendMsg(m interface{}) (err error) {
 	return nil
 }
 
-func (as *addrConnStream) RecvMsg(m interface{}) (err error) {
+func (as *addrConnStream) RecvMsg(m any) (err error) {
 	defer func() {
 		if err != nil || !as.desc.ServerStreams {
 			// err != nil or non-server-streaming indicates end of stream.
@@ -1512,7 +1516,7 @@ type ServerStream interface {
 	//
 	// It is not safe to modify the message after calling SendMsg. Tracing
 	// libraries and stats handlers may use the message lazily.
-	SendMsg(m interface{}) error
+	SendMsg(m any) error
 	// RecvMsg blocks until it receives a message into m or the stream is
 	// done. It returns io.EOF when the client has performed a CloseSend. On
 	// any non-EOF error, the stream is aborted and the error contains the
@@ -1521,7 +1525,7 @@ type ServerStream interface {
 	// It is safe to have a goroutine calling SendMsg and another goroutine
 	// calling RecvMsg on the same stream at the same time, but it is not
 	// safe to call RecvMsg on the same stream in different goroutines.
-	RecvMsg(m interface{}) error
+	RecvMsg(m any) error
 }
 
 // serverStream implements a server side Stream.
@@ -1602,7 +1606,7 @@ func (ss *serverStream) SetTrailer(md metadata.MD) {
 	ss.s.SetTrailer(md)
 }
 
-func (ss *serverStream) SendMsg(m interface{}) (err error) {
+func (ss *serverStream) SendMsg(m any) (err error) {
 	defer func() {
 		if ss.trInfo != nil {
 			ss.mu.Lock()
@@ -1610,7 +1614,7 @@ func (ss *serverStream) SendMsg(m interface{}) (err error) {
 				if err == nil {
 					ss.trInfo.tr.LazyLog(&payload{sent: true, msg: m}, true)
 				} else {
-					ss.trInfo.tr.LazyLog(&fmtStringer{"%v", []interface{}{err}}, true)
+					ss.trInfo.tr.LazyLog(&fmtStringer{"%v", []any{err}}, true)
 					ss.trInfo.tr.SetError()
 				}
 			}
@@ -1677,7 +1681,7 @@ func (ss *serverStream) SendMsg(m interface{}) (err error) {
 	return nil
 }
 
-func (ss *serverStream) RecvMsg(m interface{}) (err error) {
+func (ss *serverStream) RecvMsg(m any) (err error) {
 	defer func() {
 		if ss.trInfo != nil {
 			ss.mu.Lock()
@@ -1685,7 +1689,7 @@ func (ss *serverStream) RecvMsg(m interface{}) (err error) {
 				if err == nil {
 					ss.trInfo.tr.LazyLog(&payload{sent: false, msg: m}, true)
 				} else if err != io.EOF {
-					ss.trInfo.tr.LazyLog(&fmtStringer{"%v", []interface{}{err}}, true)
+					ss.trInfo.tr.LazyLog(&fmtStringer{"%v", []any{err}}, true)
 					ss.trInfo.tr.SetError()
 				}
 			}
@@ -1757,7 +1761,7 @@ func MethodFromServerStream(stream ServerStream) (string, bool) {
 // prepareMsg returns the hdr, payload and data
 // using the compressors passed or using the
 // passed preparedmsg
-func prepareMsg(m interface{}, codec baseCodec, cp Compressor, comp encoding.Compressor) (hdr, payload, data []byte, err error) {
+func prepareMsg(m any, codec baseCodec, cp Compressor, comp encoding.Compressor) (hdr, payload, data []byte, err error) {
 	if preparedMsg, ok := m.(*PreparedMsg); ok {
 		return preparedMsg.hdr, preparedMsg.payload, preparedMsg.encodedData, nil
 	}
diff --git a/apis/vendor/google.golang.org/grpc/tap/tap.go b/apis/vendor/google.golang.org/grpc/tap/tap.go
index bfa5dfa40..07f012576 100644
--- a/apis/vendor/google.golang.org/grpc/tap/tap.go
+++ b/apis/vendor/google.golang.org/grpc/tap/tap.go
@@ -27,6 +27,8 @@ package tap
 
 import (
 	"context"
+
+	"google.golang.org/grpc/metadata"
 )
 
 // Info defines the relevant information needed by the handles.
@@ -34,6 +36,10 @@ type Info struct {
 	// FullMethodName is the string of grpc method (in the format of
 	// /package.service/method).
 	FullMethodName string
+
+	// Header contains the header metadata received.
+	Header metadata.MD
+
 	// TODO: More to be added.
 }
 
diff --git a/apis/vendor/google.golang.org/grpc/trace.go b/apis/vendor/google.golang.org/grpc/trace.go
index 07a2d26b3..9ded79321 100644
--- a/apis/vendor/google.golang.org/grpc/trace.go
+++ b/apis/vendor/google.golang.org/grpc/trace.go
@@ -97,8 +97,8 @@ func truncate(x string, l int) string {
 
 // payload represents an RPC request or response payload.
 type payload struct {
-	sent bool        // whether this is an outgoing payload
-	msg  interface{} // e.g. a proto.Message
+	sent bool // whether this is an outgoing payload
+	msg  any  // e.g. a proto.Message
 	// TODO(dsymonds): add stringifying info to codec, and limit how much we hold here?
 }
 
@@ -111,7 +111,7 @@ func (p payload) String() string {
 
 type fmtStringer struct {
 	format string
-	a      []interface{}
+	a      []any
 }
 
 func (f *fmtStringer) String() string {
diff --git a/apis/vendor/google.golang.org/grpc/version.go b/apis/vendor/google.golang.org/grpc/version.go
index 3cc754062..6d2cadd79 100644
--- a/apis/vendor/google.golang.org/grpc/version.go
+++ b/apis/vendor/google.golang.org/grpc/version.go
@@ -19,4 +19,4 @@
 package grpc
 
 // Version is the current grpc version.
-const Version = "1.56.3"
+const Version = "1.59.0"
diff --git a/apis/vendor/google.golang.org/grpc/vet.sh b/apis/vendor/google.golang.org/grpc/vet.sh
index a8e4732b3..bb480f1f9 100644
--- a/apis/vendor/google.golang.org/grpc/vet.sh
+++ b/apis/vendor/google.golang.org/grpc/vet.sh
@@ -84,12 +84,18 @@ not git grep -l 'x/net/context' -- "*.go"
 #   thread safety.
 git grep -l '"math/rand"' -- "*.go" 2>&1 | not grep -v '^examples\|^stress\|grpcrand\|^benchmark\|wrr_test'
 
+# - Do not use "interface{}"; use "any" instead.
+git grep -l 'interface{}' -- "*.go" 2>&1 | not grep -v '\.pb\.go\|protoc-gen-go-grpc'
+
 # - Do not call grpclog directly. Use grpclog.Component instead.
 git grep -l -e 'grpclog.I' --or -e 'grpclog.W' --or -e 'grpclog.E' --or -e 'grpclog.F' --or -e 'grpclog.V' -- "*.go" | not grep -v '^grpclog/component.go\|^internal/grpctest/tlogger_test.go'
 
 # - Ensure all ptypes proto packages are renamed when importing.
 not git grep "\(import \|^\s*\)\"github.com/golang/protobuf/ptypes/" -- "*.go"
 
+# - Ensure all usages of grpc_testing package are renamed when importing.
+not git grep "\(import \|^\s*\)\"google.golang.org/grpc/interop/grpc_testing" -- "*.go" 
+
 # - Ensure all xds proto imports are renamed to *pb or *grpc.
 git grep '"github.com/envoyproxy/go-control-plane/envoy' -- '*.go' ':(exclude)*.pb.go' | not grep -v 'pb "\|grpc "'
 
@@ -106,7 +112,7 @@ for MOD_FILE in $(find . -name 'go.mod'); do
   goimports -l . 2>&1 | not grep -vE "\.pb\.go"
   golint ./... 2>&1 | not grep -vE "/grpc_testing_not_regenerate/.*\.pb\.go:"
 
-  go mod tidy -compat=1.17
+  go mod tidy -compat=1.19
   git status --porcelain 2>&1 | fail_on_output || \
     (git status; git --no-pager diff; exit 1)
   popd
@@ -168,8 +174,6 @@ proto.RegisteredExtension is deprecated
 proto.RegisteredExtensions is deprecated
 proto.RegisterMapType is deprecated
 proto.Unmarshaler is deprecated
-resolver.Backend
-resolver.GRPCLB
 Target is deprecated: Use the Target field in the BuildOptions instead.
 xxx_messageInfo_
 ' "${SC_OUT}"
diff --git a/apis/vendor/google.golang.org/protobuf/encoding/protojson/encode.go b/apis/vendor/google.golang.org/protobuf/encoding/protojson/encode.go
index d09d22e13..66b95870e 100644
--- a/apis/vendor/google.golang.org/protobuf/encoding/protojson/encode.go
+++ b/apis/vendor/google.golang.org/protobuf/encoding/protojson/encode.go
@@ -106,13 +106,19 @@ func (o MarshalOptions) Format(m proto.Message) string {
 // MarshalOptions. Do not depend on the output being stable. It may change over
 // time across different versions of the program.
 func (o MarshalOptions) Marshal(m proto.Message) ([]byte, error) {
-	return o.marshal(m)
+	return o.marshal(nil, m)
+}
+
+// MarshalAppend appends the JSON format encoding of m to b,
+// returning the result.
+func (o MarshalOptions) MarshalAppend(b []byte, m proto.Message) ([]byte, error) {
+	return o.marshal(b, m)
 }
 
 // marshal is a centralized function that all marshal operations go through.
 // For profiling purposes, avoid changing the name of this function or
 // introducing other code paths for marshal that do not go through this.
-func (o MarshalOptions) marshal(m proto.Message) ([]byte, error) {
+func (o MarshalOptions) marshal(b []byte, m proto.Message) ([]byte, error) {
 	if o.Multiline && o.Indent == "" {
 		o.Indent = defaultIndent
 	}
@@ -120,7 +126,7 @@ func (o MarshalOptions) marshal(m proto.Message) ([]byte, error) {
 		o.Resolver = protoregistry.GlobalTypes
 	}
 
-	internalEnc, err := json.NewEncoder(o.Indent)
+	internalEnc, err := json.NewEncoder(b, o.Indent)
 	if err != nil {
 		return nil, err
 	}
@@ -128,7 +134,7 @@ func (o MarshalOptions) marshal(m proto.Message) ([]byte, error) {
 	// Treat nil message interface as an empty message,
 	// in which case the output in an empty JSON object.
 	if m == nil {
-		return []byte("{}"), nil
+		return append(b, '{', '}'), nil
 	}
 
 	enc := encoder{internalEnc, o}
diff --git a/apis/vendor/google.golang.org/protobuf/encoding/prototext/encode.go b/apis/vendor/google.golang.org/protobuf/encoding/prototext/encode.go
index ebf6c6528..722a7b41d 100644
--- a/apis/vendor/google.golang.org/protobuf/encoding/prototext/encode.go
+++ b/apis/vendor/google.golang.org/protobuf/encoding/prototext/encode.go
@@ -101,13 +101,19 @@ func (o MarshalOptions) Format(m proto.Message) string {
 // MarshalOptions object. Do not depend on the output being stable. It may
 // change over time across different versions of the program.
 func (o MarshalOptions) Marshal(m proto.Message) ([]byte, error) {
-	return o.marshal(m)
+	return o.marshal(nil, m)
+}
+
+// MarshalAppend appends the textproto format encoding of m to b,
+// returning the result.
+func (o MarshalOptions) MarshalAppend(b []byte, m proto.Message) ([]byte, error) {
+	return o.marshal(b, m)
 }
 
 // marshal is a centralized function that all marshal operations go through.
 // For profiling purposes, avoid changing the name of this function or
 // introducing other code paths for marshal that do not go through this.
-func (o MarshalOptions) marshal(m proto.Message) ([]byte, error) {
+func (o MarshalOptions) marshal(b []byte, m proto.Message) ([]byte, error) {
 	var delims = [2]byte{'{', '}'}
 
 	if o.Multiline && o.Indent == "" {
@@ -117,7 +123,7 @@ func (o MarshalOptions) marshal(m proto.Message) ([]byte, error) {
 		o.Resolver = protoregistry.GlobalTypes
 	}
 
-	internalEnc, err := text.NewEncoder(o.Indent, delims, o.EmitASCII)
+	internalEnc, err := text.NewEncoder(b, o.Indent, delims, o.EmitASCII)
 	if err != nil {
 		return nil, err
 	}
@@ -125,7 +131,7 @@ func (o MarshalOptions) marshal(m proto.Message) ([]byte, error) {
 	// Treat nil message interface as an empty message,
 	// in which case there is nothing to output.
 	if m == nil {
-		return []byte{}, nil
+		return b, nil
 	}
 
 	enc := encoder{internalEnc, o}
diff --git a/apis/vendor/google.golang.org/protobuf/internal/encoding/json/encode.go b/apis/vendor/google.golang.org/protobuf/internal/encoding/json/encode.go
index fbdf34873..934f2dcb3 100644
--- a/apis/vendor/google.golang.org/protobuf/internal/encoding/json/encode.go
+++ b/apis/vendor/google.golang.org/protobuf/internal/encoding/json/encode.go
@@ -41,8 +41,10 @@ type Encoder struct {
 //
 // If indent is a non-empty string, it causes every entry for an Array or Object
 // to be preceded by the indent and trailed by a newline.
-func NewEncoder(indent string) (*Encoder, error) {
-	e := &Encoder{}
+func NewEncoder(buf []byte, indent string) (*Encoder, error) {
+	e := &Encoder{
+		out: buf,
+	}
 	if len(indent) > 0 {
 		if strings.Trim(indent, " \t") != "" {
 			return nil, errors.New("indent may only be composed of space or tab characters")
@@ -176,13 +178,13 @@ func appendFloat(out []byte, n float64, bitSize int) []byte {
 // WriteInt writes out the given signed integer in JSON number value.
 func (e *Encoder) WriteInt(n int64) {
 	e.prepareNext(scalar)
-	e.out = append(e.out, strconv.FormatInt(n, 10)...)
+	e.out = strconv.AppendInt(e.out, n, 10)
 }
 
 // WriteUint writes out the given unsigned integer in JSON number value.
 func (e *Encoder) WriteUint(n uint64) {
 	e.prepareNext(scalar)
-	e.out = append(e.out, strconv.FormatUint(n, 10)...)
+	e.out = strconv.AppendUint(e.out, n, 10)
 }
 
 // StartObject writes out the '{' symbol.
diff --git a/apis/vendor/google.golang.org/protobuf/internal/encoding/text/encode.go b/apis/vendor/google.golang.org/protobuf/internal/encoding/text/encode.go
index da289ccce..cf7aed77b 100644
--- a/apis/vendor/google.golang.org/protobuf/internal/encoding/text/encode.go
+++ b/apis/vendor/google.golang.org/protobuf/internal/encoding/text/encode.go
@@ -53,8 +53,10 @@ type encoderState struct {
 // If outputASCII is true, strings will be serialized in such a way that
 // multi-byte UTF-8 sequences are escaped. This property ensures that the
 // overall output is ASCII (as opposed to UTF-8).
-func NewEncoder(indent string, delims [2]byte, outputASCII bool) (*Encoder, error) {
-	e := &Encoder{}
+func NewEncoder(buf []byte, indent string, delims [2]byte, outputASCII bool) (*Encoder, error) {
+	e := &Encoder{
+		encoderState: encoderState{out: buf},
+	}
 	if len(indent) > 0 {
 		if strings.Trim(indent, " \t") != "" {
 			return nil, errors.New("indent may only be composed of space and tab characters")
@@ -195,13 +197,13 @@ func appendFloat(out []byte, n float64, bitSize int) []byte {
 // WriteInt writes out the given signed integer value.
 func (e *Encoder) WriteInt(n int64) {
 	e.prepareNext(scalar)
-	e.out = append(e.out, strconv.FormatInt(n, 10)...)
+	e.out = strconv.AppendInt(e.out, n, 10)
 }
 
 // WriteUint writes out the given unsigned integer value.
 func (e *Encoder) WriteUint(n uint64) {
 	e.prepareNext(scalar)
-	e.out = append(e.out, strconv.FormatUint(n, 10)...)
+	e.out = strconv.AppendUint(e.out, n, 10)
 }
 
 // WriteLiteral writes out the given string as a literal value without quotes.
diff --git a/apis/vendor/google.golang.org/protobuf/internal/genid/descriptor_gen.go b/apis/vendor/google.golang.org/protobuf/internal/genid/descriptor_gen.go
index 5c0e8f73f..136f1b215 100644
--- a/apis/vendor/google.golang.org/protobuf/internal/genid/descriptor_gen.go
+++ b/apis/vendor/google.golang.org/protobuf/internal/genid/descriptor_gen.go
@@ -183,13 +183,58 @@ const (
 // Field names for google.protobuf.ExtensionRangeOptions.
 const (
 	ExtensionRangeOptions_UninterpretedOption_field_name protoreflect.Name = "uninterpreted_option"
+	ExtensionRangeOptions_Declaration_field_name         protoreflect.Name = "declaration"
+	ExtensionRangeOptions_Verification_field_name        protoreflect.Name = "verification"
 
 	ExtensionRangeOptions_UninterpretedOption_field_fullname protoreflect.FullName = "google.protobuf.ExtensionRangeOptions.uninterpreted_option"
+	ExtensionRangeOptions_Declaration_field_fullname         protoreflect.FullName = "google.protobuf.ExtensionRangeOptions.declaration"
+	ExtensionRangeOptions_Verification_field_fullname        protoreflect.FullName = "google.protobuf.ExtensionRangeOptions.verification"
 )
 
 // Field numbers for google.protobuf.ExtensionRangeOptions.
 const (
 	ExtensionRangeOptions_UninterpretedOption_field_number protoreflect.FieldNumber = 999
+	ExtensionRangeOptions_Declaration_field_number         protoreflect.FieldNumber = 2
+	ExtensionRangeOptions_Verification_field_number        protoreflect.FieldNumber = 3
+)
+
+// Full and short names for google.protobuf.ExtensionRangeOptions.VerificationState.
+const (
+	ExtensionRangeOptions_VerificationState_enum_fullname = "google.protobuf.ExtensionRangeOptions.VerificationState"
+	ExtensionRangeOptions_VerificationState_enum_name     = "VerificationState"
+)
+
+// Names for google.protobuf.ExtensionRangeOptions.Declaration.
+const (
+	ExtensionRangeOptions_Declaration_message_name     protoreflect.Name     = "Declaration"
+	ExtensionRangeOptions_Declaration_message_fullname protoreflect.FullName = "google.protobuf.ExtensionRangeOptions.Declaration"
+)
+
+// Field names for google.protobuf.ExtensionRangeOptions.Declaration.
+const (
+	ExtensionRangeOptions_Declaration_Number_field_name     protoreflect.Name = "number"
+	ExtensionRangeOptions_Declaration_FullName_field_name   protoreflect.Name = "full_name"
+	ExtensionRangeOptions_Declaration_Type_field_name       protoreflect.Name = "type"
+	ExtensionRangeOptions_Declaration_IsRepeated_field_name protoreflect.Name = "is_repeated"
+	ExtensionRangeOptions_Declaration_Reserved_field_name   protoreflect.Name = "reserved"
+	ExtensionRangeOptions_Declaration_Repeated_field_name   protoreflect.Name = "repeated"
+
+	ExtensionRangeOptions_Declaration_Number_field_fullname     protoreflect.FullName = "google.protobuf.ExtensionRangeOptions.Declaration.number"
+	ExtensionRangeOptions_Declaration_FullName_field_fullname   protoreflect.FullName = "google.protobuf.ExtensionRangeOptions.Declaration.full_name"
+	ExtensionRangeOptions_Declaration_Type_field_fullname       protoreflect.FullName = "google.protobuf.ExtensionRangeOptions.Declaration.type"
+	ExtensionRangeOptions_Declaration_IsRepeated_field_fullname protoreflect.FullName = "google.protobuf.ExtensionRangeOptions.Declaration.is_repeated"
+	ExtensionRangeOptions_Declaration_Reserved_field_fullname   protoreflect.FullName = "google.protobuf.ExtensionRangeOptions.Declaration.reserved"
+	ExtensionRangeOptions_Declaration_Repeated_field_fullname   protoreflect.FullName = "google.protobuf.ExtensionRangeOptions.Declaration.repeated"
+)
+
+// Field numbers for google.protobuf.ExtensionRangeOptions.Declaration.
+const (
+	ExtensionRangeOptions_Declaration_Number_field_number     protoreflect.FieldNumber = 1
+	ExtensionRangeOptions_Declaration_FullName_field_number   protoreflect.FieldNumber = 2
+	ExtensionRangeOptions_Declaration_Type_field_number       protoreflect.FieldNumber = 3
+	ExtensionRangeOptions_Declaration_IsRepeated_field_number protoreflect.FieldNumber = 4
+	ExtensionRangeOptions_Declaration_Reserved_field_number   protoreflect.FieldNumber = 5
+	ExtensionRangeOptions_Declaration_Repeated_field_number   protoreflect.FieldNumber = 6
 )
 
 // Names for google.protobuf.FieldDescriptorProto.
@@ -540,6 +585,7 @@ const (
 	FieldOptions_DebugRedact_field_name         protoreflect.Name = "debug_redact"
 	FieldOptions_Retention_field_name           protoreflect.Name = "retention"
 	FieldOptions_Target_field_name              protoreflect.Name = "target"
+	FieldOptions_Targets_field_name             protoreflect.Name = "targets"
 	FieldOptions_UninterpretedOption_field_name protoreflect.Name = "uninterpreted_option"
 
 	FieldOptions_Ctype_field_fullname               protoreflect.FullName = "google.protobuf.FieldOptions.ctype"
@@ -552,6 +598,7 @@ const (
 	FieldOptions_DebugRedact_field_fullname         protoreflect.FullName = "google.protobuf.FieldOptions.debug_redact"
 	FieldOptions_Retention_field_fullname           protoreflect.FullName = "google.protobuf.FieldOptions.retention"
 	FieldOptions_Target_field_fullname              protoreflect.FullName = "google.protobuf.FieldOptions.target"
+	FieldOptions_Targets_field_fullname             protoreflect.FullName = "google.protobuf.FieldOptions.targets"
 	FieldOptions_UninterpretedOption_field_fullname protoreflect.FullName = "google.protobuf.FieldOptions.uninterpreted_option"
 )
 
@@ -567,6 +614,7 @@ const (
 	FieldOptions_DebugRedact_field_number         protoreflect.FieldNumber = 16
 	FieldOptions_Retention_field_number           protoreflect.FieldNumber = 17
 	FieldOptions_Target_field_number              protoreflect.FieldNumber = 18
+	FieldOptions_Targets_field_number             protoreflect.FieldNumber = 19
 	FieldOptions_UninterpretedOption_field_number protoreflect.FieldNumber = 999
 )
 
diff --git a/apis/vendor/google.golang.org/protobuf/internal/genid/type_gen.go b/apis/vendor/google.golang.org/protobuf/internal/genid/type_gen.go
index 3bc710138..e0f75fea0 100644
--- a/apis/vendor/google.golang.org/protobuf/internal/genid/type_gen.go
+++ b/apis/vendor/google.golang.org/protobuf/internal/genid/type_gen.go
@@ -32,6 +32,7 @@ const (
 	Type_Options_field_name       protoreflect.Name = "options"
 	Type_SourceContext_field_name protoreflect.Name = "source_context"
 	Type_Syntax_field_name        protoreflect.Name = "syntax"
+	Type_Edition_field_name       protoreflect.Name = "edition"
 
 	Type_Name_field_fullname          protoreflect.FullName = "google.protobuf.Type.name"
 	Type_Fields_field_fullname        protoreflect.FullName = "google.protobuf.Type.fields"
@@ -39,6 +40,7 @@ const (
 	Type_Options_field_fullname       protoreflect.FullName = "google.protobuf.Type.options"
 	Type_SourceContext_field_fullname protoreflect.FullName = "google.protobuf.Type.source_context"
 	Type_Syntax_field_fullname        protoreflect.FullName = "google.protobuf.Type.syntax"
+	Type_Edition_field_fullname       protoreflect.FullName = "google.protobuf.Type.edition"
 )
 
 // Field numbers for google.protobuf.Type.
@@ -49,6 +51,7 @@ const (
 	Type_Options_field_number       protoreflect.FieldNumber = 4
 	Type_SourceContext_field_number protoreflect.FieldNumber = 5
 	Type_Syntax_field_number        protoreflect.FieldNumber = 6
+	Type_Edition_field_number       protoreflect.FieldNumber = 7
 )
 
 // Names for google.protobuf.Field.
@@ -121,12 +124,14 @@ const (
 	Enum_Options_field_name       protoreflect.Name = "options"
 	Enum_SourceContext_field_name protoreflect.Name = "source_context"
 	Enum_Syntax_field_name        protoreflect.Name = "syntax"
+	Enum_Edition_field_name       protoreflect.Name = "edition"
 
 	Enum_Name_field_fullname          protoreflect.FullName = "google.protobuf.Enum.name"
 	Enum_Enumvalue_field_fullname     protoreflect.FullName = "google.protobuf.Enum.enumvalue"
 	Enum_Options_field_fullname       protoreflect.FullName = "google.protobuf.Enum.options"
 	Enum_SourceContext_field_fullname protoreflect.FullName = "google.protobuf.Enum.source_context"
 	Enum_Syntax_field_fullname        protoreflect.FullName = "google.protobuf.Enum.syntax"
+	Enum_Edition_field_fullname       protoreflect.FullName = "google.protobuf.Enum.edition"
 )
 
 // Field numbers for google.protobuf.Enum.
@@ -136,6 +141,7 @@ const (
 	Enum_Options_field_number       protoreflect.FieldNumber = 3
 	Enum_SourceContext_field_number protoreflect.FieldNumber = 4
 	Enum_Syntax_field_number        protoreflect.FieldNumber = 5
+	Enum_Edition_field_number       protoreflect.FieldNumber = 6
 )
 
 // Names for google.protobuf.EnumValue.
diff --git a/apis/vendor/google.golang.org/protobuf/internal/order/order.go b/apis/vendor/google.golang.org/protobuf/internal/order/order.go
index 33745ed06..dea522e12 100644
--- a/apis/vendor/google.golang.org/protobuf/internal/order/order.go
+++ b/apis/vendor/google.golang.org/protobuf/internal/order/order.go
@@ -33,7 +33,7 @@ var (
 			return !inOneof(ox) && inOneof(oy)
 		}
 		// Fields in disjoint oneof sets are sorted by declaration index.
-		if ox != nil && oy != nil && ox != oy {
+		if inOneof(ox) && inOneof(oy) && ox != oy {
 			return ox.Index() < oy.Index()
 		}
 		// Fields sorted by field number.
diff --git a/apis/vendor/google.golang.org/protobuf/internal/version/version.go b/apis/vendor/google.golang.org/protobuf/internal/version/version.go
index f7014cd51..0999f29d5 100644
--- a/apis/vendor/google.golang.org/protobuf/internal/version/version.go
+++ b/apis/vendor/google.golang.org/protobuf/internal/version/version.go
@@ -51,7 +51,7 @@ import (
 //  10. Send out the CL for review and submit it.
 const (
 	Major      = 1
-	Minor      = 30
+	Minor      = 31
 	Patch      = 0
 	PreRelease = ""
 )
diff --git a/apis/vendor/google.golang.org/protobuf/proto/size.go b/apis/vendor/google.golang.org/protobuf/proto/size.go
index 554b9c6c0..f1692b49b 100644
--- a/apis/vendor/google.golang.org/protobuf/proto/size.go
+++ b/apis/vendor/google.golang.org/protobuf/proto/size.go
@@ -73,23 +73,27 @@ func (o MarshalOptions) sizeField(fd protoreflect.FieldDescriptor, value protore
 }
 
 func (o MarshalOptions) sizeList(num protowire.Number, fd protoreflect.FieldDescriptor, list protoreflect.List) (size int) {
+	sizeTag := protowire.SizeTag(num)
+
 	if fd.IsPacked() && list.Len() > 0 {
 		content := 0
 		for i, llen := 0, list.Len(); i < llen; i++ {
 			content += o.sizeSingular(num, fd.Kind(), list.Get(i))
 		}
-		return protowire.SizeTag(num) + protowire.SizeBytes(content)
+		return sizeTag + protowire.SizeBytes(content)
 	}
 
 	for i, llen := 0, list.Len(); i < llen; i++ {
-		size += protowire.SizeTag(num) + o.sizeSingular(num, fd.Kind(), list.Get(i))
+		size += sizeTag + o.sizeSingular(num, fd.Kind(), list.Get(i))
 	}
 	return size
 }
 
 func (o MarshalOptions) sizeMap(num protowire.Number, fd protoreflect.FieldDescriptor, mapv protoreflect.Map) (size int) {
+	sizeTag := protowire.SizeTag(num)
+
 	mapv.Range(func(key protoreflect.MapKey, value protoreflect.Value) bool {
-		size += protowire.SizeTag(num)
+		size += sizeTag
 		size += protowire.SizeBytes(o.sizeField(fd.MapKey(), key.Value()) + o.sizeField(fd.MapValue(), value))
 		return true
 	})
diff --git a/apis/vendor/google.golang.org/protobuf/reflect/protoreflect/source_gen.go b/apis/vendor/google.golang.org/protobuf/reflect/protoreflect/source_gen.go
index 54ce326df..717b106f3 100644
--- a/apis/vendor/google.golang.org/protobuf/reflect/protoreflect/source_gen.go
+++ b/apis/vendor/google.golang.org/protobuf/reflect/protoreflect/source_gen.go
@@ -363,6 +363,8 @@ func (p *SourcePath) appendFieldOptions(b []byte) []byte {
 		b = p.appendSingularField(b, "retention", nil)
 	case 18:
 		b = p.appendSingularField(b, "target", nil)
+	case 19:
+		b = p.appendRepeatedField(b, "targets", nil)
 	case 999:
 		b = p.appendRepeatedField(b, "uninterpreted_option", (*SourcePath).appendUninterpretedOption)
 	}
@@ -418,6 +420,10 @@ func (p *SourcePath) appendExtensionRangeOptions(b []byte) []byte {
 	switch (*p)[0] {
 	case 999:
 		b = p.appendRepeatedField(b, "uninterpreted_option", (*SourcePath).appendUninterpretedOption)
+	case 2:
+		b = p.appendRepeatedField(b, "declaration", (*SourcePath).appendExtensionRangeOptions_Declaration)
+	case 3:
+		b = p.appendSingularField(b, "verification", nil)
 	}
 	return b
 }
@@ -473,3 +479,24 @@ func (p *SourcePath) appendUninterpretedOption_NamePart(b []byte) []byte {
 	}
 	return b
 }
+
+func (p *SourcePath) appendExtensionRangeOptions_Declaration(b []byte) []byte {
+	if len(*p) == 0 {
+		return b
+	}
+	switch (*p)[0] {
+	case 1:
+		b = p.appendSingularField(b, "number", nil)
+	case 2:
+		b = p.appendSingularField(b, "full_name", nil)
+	case 3:
+		b = p.appendSingularField(b, "type", nil)
+	case 4:
+		b = p.appendSingularField(b, "is_repeated", nil)
+	case 5:
+		b = p.appendSingularField(b, "reserved", nil)
+	case 6:
+		b = p.appendSingularField(b, "repeated", nil)
+	}
+	return b
+}
diff --git a/apis/vendor/google.golang.org/protobuf/types/descriptorpb/descriptor.pb.go b/apis/vendor/google.golang.org/protobuf/types/descriptorpb/descriptor.pb.go
index dac5671db..04c00f737 100644
--- a/apis/vendor/google.golang.org/protobuf/types/descriptorpb/descriptor.pb.go
+++ b/apis/vendor/google.golang.org/protobuf/types/descriptorpb/descriptor.pb.go
@@ -48,6 +48,64 @@ import (
 	sync "sync"
 )
 
+// The verification state of the extension range.
+type ExtensionRangeOptions_VerificationState int32
+
+const (
+	// All the extensions of the range must be declared.
+	ExtensionRangeOptions_DECLARATION ExtensionRangeOptions_VerificationState = 0
+	ExtensionRangeOptions_UNVERIFIED  ExtensionRangeOptions_VerificationState = 1
+)
+
+// Enum value maps for ExtensionRangeOptions_VerificationState.
+var (
+	ExtensionRangeOptions_VerificationState_name = map[int32]string{
+		0: "DECLARATION",
+		1: "UNVERIFIED",
+	}
+	ExtensionRangeOptions_VerificationState_value = map[string]int32{
+		"DECLARATION": 0,
+		"UNVERIFIED":  1,
+	}
+)
+
+func (x ExtensionRangeOptions_VerificationState) Enum() *ExtensionRangeOptions_VerificationState {
+	p := new(ExtensionRangeOptions_VerificationState)
+	*p = x
+	return p
+}
+
+func (x ExtensionRangeOptions_VerificationState) String() string {
+	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
+}
+
+func (ExtensionRangeOptions_VerificationState) Descriptor() protoreflect.EnumDescriptor {
+	return file_google_protobuf_descriptor_proto_enumTypes[0].Descriptor()
+}
+
+func (ExtensionRangeOptions_VerificationState) Type() protoreflect.EnumType {
+	return &file_google_protobuf_descriptor_proto_enumTypes[0]
+}
+
+func (x ExtensionRangeOptions_VerificationState) Number() protoreflect.EnumNumber {
+	return protoreflect.EnumNumber(x)
+}
+
+// Deprecated: Do not use.
+func (x *ExtensionRangeOptions_VerificationState) UnmarshalJSON(b []byte) error {
+	num, err := protoimpl.X.UnmarshalJSONEnum(x.Descriptor(), b)
+	if err != nil {
+		return err
+	}
+	*x = ExtensionRangeOptions_VerificationState(num)
+	return nil
+}
+
+// Deprecated: Use ExtensionRangeOptions_VerificationState.Descriptor instead.
+func (ExtensionRangeOptions_VerificationState) EnumDescriptor() ([]byte, []int) {
+	return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{3, 0}
+}
+
 type FieldDescriptorProto_Type int32
 
 const (
@@ -137,11 +195,11 @@ func (x FieldDescriptorProto_Type) String() string {
 }
 
 func (FieldDescriptorProto_Type) Descriptor() protoreflect.EnumDescriptor {
-	return file_google_protobuf_descriptor_proto_enumTypes[0].Descriptor()
+	return file_google_protobuf_descriptor_proto_enumTypes[1].Descriptor()
 }
 
 func (FieldDescriptorProto_Type) Type() protoreflect.EnumType {
-	return &file_google_protobuf_descriptor_proto_enumTypes[0]
+	return &file_google_protobuf_descriptor_proto_enumTypes[1]
 }
 
 func (x FieldDescriptorProto_Type) Number() protoreflect.EnumNumber {
@@ -197,11 +255,11 @@ func (x FieldDescriptorProto_Label) String() string {
 }
 
 func (FieldDescriptorProto_Label) Descriptor() protoreflect.EnumDescriptor {
-	return file_google_protobuf_descriptor_proto_enumTypes[1].Descriptor()
+	return file_google_protobuf_descriptor_proto_enumTypes[2].Descriptor()
 }
 
 func (FieldDescriptorProto_Label) Type() protoreflect.EnumType {
-	return &file_google_protobuf_descriptor_proto_enumTypes[1]
+	return &file_google_protobuf_descriptor_proto_enumTypes[2]
 }
 
 func (x FieldDescriptorProto_Label) Number() protoreflect.EnumNumber {
@@ -258,11 +316,11 @@ func (x FileOptions_OptimizeMode) String() string {
 }
 
 func (FileOptions_OptimizeMode) Descriptor() protoreflect.EnumDescriptor {
-	return file_google_protobuf_descriptor_proto_enumTypes[2].Descriptor()
+	return file_google_protobuf_descriptor_proto_enumTypes[3].Descriptor()
 }
 
 func (FileOptions_OptimizeMode) Type() protoreflect.EnumType {
-	return &file_google_protobuf_descriptor_proto_enumTypes[2]
+	return &file_google_protobuf_descriptor_proto_enumTypes[3]
 }
 
 func (x FileOptions_OptimizeMode) Number() protoreflect.EnumNumber {
@@ -288,7 +346,13 @@ type FieldOptions_CType int32
 
 const (
 	// Default mode.
-	FieldOptions_STRING       FieldOptions_CType = 0
+	FieldOptions_STRING FieldOptions_CType = 0
+	// The option [ctype=CORD] may be applied to a non-repeated field of type
+	// "bytes". It indicates that in C++, the data should be stored in a Cord
+	// instead of a string.  For very large strings, this may reduce memory
+	// fragmentation. It may also allow better performance when parsing from a
+	// Cord, or when parsing with aliasing enabled, as the parsed Cord may then
+	// alias the original buffer.
 	FieldOptions_CORD         FieldOptions_CType = 1
 	FieldOptions_STRING_PIECE FieldOptions_CType = 2
 )
@@ -318,11 +382,11 @@ func (x FieldOptions_CType) String() string {
 }
 
 func (FieldOptions_CType) Descriptor() protoreflect.EnumDescriptor {
-	return file_google_protobuf_descriptor_proto_enumTypes[3].Descriptor()
+	return file_google_protobuf_descriptor_proto_enumTypes[4].Descriptor()
 }
 
 func (FieldOptions_CType) Type() protoreflect.EnumType {
-	return &file_google_protobuf_descriptor_proto_enumTypes[3]
+	return &file_google_protobuf_descriptor_proto_enumTypes[4]
 }
 
 func (x FieldOptions_CType) Number() protoreflect.EnumNumber {
@@ -380,11 +444,11 @@ func (x FieldOptions_JSType) String() string {
 }
 
 func (FieldOptions_JSType) Descriptor() protoreflect.EnumDescriptor {
-	return file_google_protobuf_descriptor_proto_enumTypes[4].Descriptor()
+	return file_google_protobuf_descriptor_proto_enumTypes[5].Descriptor()
 }
 
 func (FieldOptions_JSType) Type() protoreflect.EnumType {
-	return &file_google_protobuf_descriptor_proto_enumTypes[4]
+	return &file_google_protobuf_descriptor_proto_enumTypes[5]
 }
 
 func (x FieldOptions_JSType) Number() protoreflect.EnumNumber {
@@ -442,11 +506,11 @@ func (x FieldOptions_OptionRetention) String() string {
 }
 
 func (FieldOptions_OptionRetention) Descriptor() protoreflect.EnumDescriptor {
-	return file_google_protobuf_descriptor_proto_enumTypes[5].Descriptor()
+	return file_google_protobuf_descriptor_proto_enumTypes[6].Descriptor()
 }
 
 func (FieldOptions_OptionRetention) Type() protoreflect.EnumType {
-	return &file_google_protobuf_descriptor_proto_enumTypes[5]
+	return &file_google_protobuf_descriptor_proto_enumTypes[6]
 }
 
 func (x FieldOptions_OptionRetention) Number() protoreflect.EnumNumber {
@@ -526,11 +590,11 @@ func (x FieldOptions_OptionTargetType) String() string {
 }
 
 func (FieldOptions_OptionTargetType) Descriptor() protoreflect.EnumDescriptor {
-	return file_google_protobuf_descriptor_proto_enumTypes[6].Descriptor()
+	return file_google_protobuf_descriptor_proto_enumTypes[7].Descriptor()
 }
 
 func (FieldOptions_OptionTargetType) Type() protoreflect.EnumType {
-	return &file_google_protobuf_descriptor_proto_enumTypes[6]
+	return &file_google_protobuf_descriptor_proto_enumTypes[7]
 }
 
 func (x FieldOptions_OptionTargetType) Number() protoreflect.EnumNumber {
@@ -588,11 +652,11 @@ func (x MethodOptions_IdempotencyLevel) String() string {
 }
 
 func (MethodOptions_IdempotencyLevel) Descriptor() protoreflect.EnumDescriptor {
-	return file_google_protobuf_descriptor_proto_enumTypes[7].Descriptor()
+	return file_google_protobuf_descriptor_proto_enumTypes[8].Descriptor()
 }
 
 func (MethodOptions_IdempotencyLevel) Type() protoreflect.EnumType {
-	return &file_google_protobuf_descriptor_proto_enumTypes[7]
+	return &file_google_protobuf_descriptor_proto_enumTypes[8]
 }
 
 func (x MethodOptions_IdempotencyLevel) Number() protoreflect.EnumNumber {
@@ -652,11 +716,11 @@ func (x GeneratedCodeInfo_Annotation_Semantic) String() string {
 }
 
 func (GeneratedCodeInfo_Annotation_Semantic) Descriptor() protoreflect.EnumDescriptor {
-	return file_google_protobuf_descriptor_proto_enumTypes[8].Descriptor()
+	return file_google_protobuf_descriptor_proto_enumTypes[9].Descriptor()
 }
 
 func (GeneratedCodeInfo_Annotation_Semantic) Type() protoreflect.EnumType {
-	return &file_google_protobuf_descriptor_proto_enumTypes[8]
+	return &file_google_protobuf_descriptor_proto_enumTypes[9]
 }
 
 func (x GeneratedCodeInfo_Annotation_Semantic) Number() protoreflect.EnumNumber {
@@ -1015,7 +1079,21 @@ type ExtensionRangeOptions struct {
 
 	// The parser stores options it doesn't recognize here. See above.
 	UninterpretedOption []*UninterpretedOption `protobuf:"bytes,999,rep,name=uninterpreted_option,json=uninterpretedOption" json:"uninterpreted_option,omitempty"`
-}
+	// go/protobuf-stripping-extension-declarations
+	// Like Metadata, but we use a repeated field to hold all extension
+	// declarations. This should avoid the size increases of transforming a large
+	// extension range into small ranges in generated binaries.
+	Declaration []*ExtensionRangeOptions_Declaration `protobuf:"bytes,2,rep,name=declaration" json:"declaration,omitempty"`
+	// The verification state of the range.
+	// TODO(b/278783756): flip the default to DECLARATION once all empty ranges
+	// are marked as UNVERIFIED.
+	Verification *ExtensionRangeOptions_VerificationState `protobuf:"varint,3,opt,name=verification,enum=google.protobuf.ExtensionRangeOptions_VerificationState,def=1" json:"verification,omitempty"`
+}
+
+// Default values for ExtensionRangeOptions fields.
+const (
+	Default_ExtensionRangeOptions_Verification = ExtensionRangeOptions_UNVERIFIED
+)
 
 func (x *ExtensionRangeOptions) Reset() {
 	*x = ExtensionRangeOptions{}
@@ -1056,6 +1134,20 @@ func (x *ExtensionRangeOptions) GetUninterpretedOption() []*UninterpretedOption
 	return nil
 }
 
+func (x *ExtensionRangeOptions) GetDeclaration() []*ExtensionRangeOptions_Declaration {
+	if x != nil {
+		return x.Declaration
+	}
+	return nil
+}
+
+func (x *ExtensionRangeOptions) GetVerification() ExtensionRangeOptions_VerificationState {
+	if x != nil && x.Verification != nil {
+		return *x.Verification
+	}
+	return Default_ExtensionRangeOptions_Verification
+}
+
 // Describes a field within a message.
 type FieldDescriptorProto struct {
 	state         protoimpl.MessageState
@@ -2046,8 +2138,10 @@ type FieldOptions struct {
 
 	// The ctype option instructs the C++ code generator to use a different
 	// representation of the field than it normally would.  See the specific
-	// options below.  This option is not yet implemented in the open source
-	// release -- sorry, we'll try to include it in a future version!
+	// options below.  This option is only implemented to support use of
+	// [ctype=CORD] and [ctype=STRING] (the default) on non-repeated fields of
+	// type "bytes" in the open source release -- sorry, we'll try to include
+	// other types in a future version!
 	Ctype *FieldOptions_CType `protobuf:"varint,1,opt,name=ctype,enum=google.protobuf.FieldOptions_CType,def=0" json:"ctype,omitempty"`
 	// The packed option can be enabled for repeated primitive fields to enable
 	// a more efficient representation on the wire. Rather than repeatedly
@@ -2111,9 +2205,11 @@ type FieldOptions struct {
 	Weak *bool `protobuf:"varint,10,opt,name=weak,def=0" json:"weak,omitempty"`
 	// Indicate that the field value should not be printed out when using debug
 	// formats, e.g. when the field contains sensitive credentials.
-	DebugRedact *bool                          `protobuf:"varint,16,opt,name=debug_redact,json=debugRedact,def=0" json:"debug_redact,omitempty"`
-	Retention   *FieldOptions_OptionRetention  `protobuf:"varint,17,opt,name=retention,enum=google.protobuf.FieldOptions_OptionRetention" json:"retention,omitempty"`
-	Target      *FieldOptions_OptionTargetType `protobuf:"varint,18,opt,name=target,enum=google.protobuf.FieldOptions_OptionTargetType" json:"target,omitempty"`
+	DebugRedact *bool                         `protobuf:"varint,16,opt,name=debug_redact,json=debugRedact,def=0" json:"debug_redact,omitempty"`
+	Retention   *FieldOptions_OptionRetention `protobuf:"varint,17,opt,name=retention,enum=google.protobuf.FieldOptions_OptionRetention" json:"retention,omitempty"`
+	// Deprecated: Marked as deprecated in google/protobuf/descriptor.proto.
+	Target  *FieldOptions_OptionTargetType  `protobuf:"varint,18,opt,name=target,enum=google.protobuf.FieldOptions_OptionTargetType" json:"target,omitempty"`
+	Targets []FieldOptions_OptionTargetType `protobuf:"varint,19,rep,name=targets,enum=google.protobuf.FieldOptions_OptionTargetType" json:"targets,omitempty"`
 	// The parser stores options it doesn't recognize here. See above.
 	UninterpretedOption []*UninterpretedOption `protobuf:"bytes,999,rep,name=uninterpreted_option,json=uninterpretedOption" json:"uninterpreted_option,omitempty"`
 }
@@ -2224,6 +2320,7 @@ func (x *FieldOptions) GetRetention() FieldOptions_OptionRetention {
 	return FieldOptions_RETENTION_UNKNOWN
 }
 
+// Deprecated: Marked as deprecated in google/protobuf/descriptor.proto.
 func (x *FieldOptions) GetTarget() FieldOptions_OptionTargetType {
 	if x != nil && x.Target != nil {
 		return *x.Target
@@ -2231,6 +2328,13 @@ func (x *FieldOptions) GetTarget() FieldOptions_OptionTargetType {
 	return FieldOptions_TARGET_TYPE_UNKNOWN
 }
 
+func (x *FieldOptions) GetTargets() []FieldOptions_OptionTargetType {
+	if x != nil {
+		return x.Targets
+	}
+	return nil
+}
+
 func (x *FieldOptions) GetUninterpretedOption() []*UninterpretedOption {
 	if x != nil {
 		return x.UninterpretedOption
@@ -2960,6 +3064,108 @@ func (x *DescriptorProto_ReservedRange) GetEnd() int32 {
 	return 0
 }
 
+type ExtensionRangeOptions_Declaration struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// The extension number declared within the extension range.
+	Number *int32 `protobuf:"varint,1,opt,name=number" json:"number,omitempty"`
+	// The fully-qualified name of the extension field. There must be a leading
+	// dot in front of the full name.
+	FullName *string `protobuf:"bytes,2,opt,name=full_name,json=fullName" json:"full_name,omitempty"`
+	// The fully-qualified type name of the extension field. Unlike
+	// Metadata.type, Declaration.type must have a leading dot for messages
+	// and enums.
+	Type *string `protobuf:"bytes,3,opt,name=type" json:"type,omitempty"`
+	// Deprecated. Please use "repeated".
+	//
+	// Deprecated: Marked as deprecated in google/protobuf/descriptor.proto.
+	IsRepeated *bool `protobuf:"varint,4,opt,name=is_repeated,json=isRepeated" json:"is_repeated,omitempty"`
+	// If true, indicates that the number is reserved in the extension range,
+	// and any extension field with the number will fail to compile. Set this
+	// when a declared extension field is deleted.
+	Reserved *bool `protobuf:"varint,5,opt,name=reserved" json:"reserved,omitempty"`
+	// If true, indicates that the extension must be defined as repeated.
+	// Otherwise the extension must be defined as optional.
+	Repeated *bool `protobuf:"varint,6,opt,name=repeated" json:"repeated,omitempty"`
+}
+
+func (x *ExtensionRangeOptions_Declaration) Reset() {
+	*x = ExtensionRangeOptions_Declaration{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_google_protobuf_descriptor_proto_msgTypes[23]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *ExtensionRangeOptions_Declaration) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ExtensionRangeOptions_Declaration) ProtoMessage() {}
+
+func (x *ExtensionRangeOptions_Declaration) ProtoReflect() protoreflect.Message {
+	mi := &file_google_protobuf_descriptor_proto_msgTypes[23]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ExtensionRangeOptions_Declaration.ProtoReflect.Descriptor instead.
+func (*ExtensionRangeOptions_Declaration) Descriptor() ([]byte, []int) {
+	return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{3, 0}
+}
+
+func (x *ExtensionRangeOptions_Declaration) GetNumber() int32 {
+	if x != nil && x.Number != nil {
+		return *x.Number
+	}
+	return 0
+}
+
+func (x *ExtensionRangeOptions_Declaration) GetFullName() string {
+	if x != nil && x.FullName != nil {
+		return *x.FullName
+	}
+	return ""
+}
+
+func (x *ExtensionRangeOptions_Declaration) GetType() string {
+	if x != nil && x.Type != nil {
+		return *x.Type
+	}
+	return ""
+}
+
+// Deprecated: Marked as deprecated in google/protobuf/descriptor.proto.
+func (x *ExtensionRangeOptions_Declaration) GetIsRepeated() bool {
+	if x != nil && x.IsRepeated != nil {
+		return *x.IsRepeated
+	}
+	return false
+}
+
+func (x *ExtensionRangeOptions_Declaration) GetReserved() bool {
+	if x != nil && x.Reserved != nil {
+		return *x.Reserved
+	}
+	return false
+}
+
+func (x *ExtensionRangeOptions_Declaration) GetRepeated() bool {
+	if x != nil && x.Repeated != nil {
+		return *x.Repeated
+	}
+	return false
+}
+
 // Range of reserved numeric values. Reserved values may not be used by
 // entries in the same enum. Reserved ranges may not overlap.
 //
@@ -2978,7 +3184,7 @@ type EnumDescriptorProto_EnumReservedRange struct {
 func (x *EnumDescriptorProto_EnumReservedRange) Reset() {
 	*x = EnumDescriptorProto_EnumReservedRange{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_google_protobuf_descriptor_proto_msgTypes[23]
+		mi := &file_google_protobuf_descriptor_proto_msgTypes[24]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -2991,7 +3197,7 @@ func (x *EnumDescriptorProto_EnumReservedRange) String() string {
 func (*EnumDescriptorProto_EnumReservedRange) ProtoMessage() {}
 
 func (x *EnumDescriptorProto_EnumReservedRange) ProtoReflect() protoreflect.Message {
-	mi := &file_google_protobuf_descriptor_proto_msgTypes[23]
+	mi := &file_google_protobuf_descriptor_proto_msgTypes[24]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -3038,7 +3244,7 @@ type UninterpretedOption_NamePart struct {
 func (x *UninterpretedOption_NamePart) Reset() {
 	*x = UninterpretedOption_NamePart{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_google_protobuf_descriptor_proto_msgTypes[24]
+		mi := &file_google_protobuf_descriptor_proto_msgTypes[25]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -3051,7 +3257,7 @@ func (x *UninterpretedOption_NamePart) String() string {
 func (*UninterpretedOption_NamePart) ProtoMessage() {}
 
 func (x *UninterpretedOption_NamePart) ProtoReflect() protoreflect.Message {
-	mi := &file_google_protobuf_descriptor_proto_msgTypes[24]
+	mi := &file_google_protobuf_descriptor_proto_msgTypes[25]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -3182,7 +3388,7 @@ type SourceCodeInfo_Location struct {
 func (x *SourceCodeInfo_Location) Reset() {
 	*x = SourceCodeInfo_Location{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_google_protobuf_descriptor_proto_msgTypes[25]
+		mi := &file_google_protobuf_descriptor_proto_msgTypes[26]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -3195,7 +3401,7 @@ func (x *SourceCodeInfo_Location) String() string {
 func (*SourceCodeInfo_Location) ProtoMessage() {}
 
 func (x *SourceCodeInfo_Location) ProtoReflect() protoreflect.Message {
-	mi := &file_google_protobuf_descriptor_proto_msgTypes[25]
+	mi := &file_google_protobuf_descriptor_proto_msgTypes[26]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -3269,7 +3475,7 @@ type GeneratedCodeInfo_Annotation struct {
 func (x *GeneratedCodeInfo_Annotation) Reset() {
 	*x = GeneratedCodeInfo_Annotation{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_google_protobuf_descriptor_proto_msgTypes[26]
+		mi := &file_google_protobuf_descriptor_proto_msgTypes[27]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -3282,7 +3488,7 @@ func (x *GeneratedCodeInfo_Annotation) String() string {
 func (*GeneratedCodeInfo_Annotation) ProtoMessage() {}
 
 func (x *GeneratedCodeInfo_Annotation) ProtoReflect() protoreflect.Message {
-	mi := &file_google_protobuf_descriptor_proto_msgTypes[26]
+	mi := &file_google_protobuf_descriptor_proto_msgTypes[27]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -3436,264 +3642,296 @@ var file_google_protobuf_descriptor_proto_rawDesc = []byte{
 	0x65, 0x64, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x73, 0x74, 0x61, 0x72, 0x74,
 	0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x05, 0x73, 0x74, 0x61, 0x72, 0x74, 0x12, 0x10, 0x0a,
 	0x03, 0x65, 0x6e, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x03, 0x65, 0x6e, 0x64, 0x22,
-	0x7c, 0x0a, 0x15, 0x45, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x61, 0x6e, 0x67,
-	0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x58, 0x0a, 0x14, 0x75, 0x6e, 0x69, 0x6e,
-	0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e,
-	0x18, 0xe7, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
-	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x6e, 0x69, 0x6e, 0x74, 0x65,
-	0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x13, 0x75,
-	0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69,
-	0x6f, 0x6e, 0x2a, 0x09, 0x08, 0xe8, 0x07, 0x10, 0x80, 0x80, 0x80, 0x80, 0x02, 0x22, 0xc1, 0x06,
-	0x0a, 0x14, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f,
-	0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01,
-	0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x6e, 0x75,
-	0x6d, 0x62, 0x65, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x05, 0x52, 0x06, 0x6e, 0x75, 0x6d, 0x62,
-	0x65, 0x72, 0x12, 0x41, 0x0a, 0x05, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x18, 0x04, 0x20, 0x01, 0x28,
-	0x0e, 0x32, 0x2b, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
-	0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70,
-	0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x52, 0x05,
-	0x6c, 0x61, 0x62, 0x65, 0x6c, 0x12, 0x3e, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x05, 0x20,
-	0x01, 0x28, 0x0e, 0x32, 0x2a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f,
+	0xad, 0x04, 0x0a, 0x15, 0x45, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x61, 0x6e,
+	0x67, 0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x58, 0x0a, 0x14, 0x75, 0x6e, 0x69,
+	0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f,
+	0x6e, 0x18, 0xe7, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
+	0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x6e, 0x69, 0x6e, 0x74,
+	0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x13,
+	0x75, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74,
+	0x69, 0x6f, 0x6e, 0x12, 0x59, 0x0a, 0x0b, 0x64, 0x65, 0x63, 0x6c, 0x61, 0x72, 0x61, 0x74, 0x69,
+	0x6f, 0x6e, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x32, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
+	0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x78, 0x74, 0x65, 0x6e,
+	0x73, 0x69, 0x6f, 0x6e, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73,
+	0x2e, 0x44, 0x65, 0x63, 0x6c, 0x61, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x42, 0x03, 0x88, 0x01,
+	0x02, 0x52, 0x0b, 0x64, 0x65, 0x63, 0x6c, 0x61, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x68,
+	0x0a, 0x0c, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x03,
+	0x20, 0x01, 0x28, 0x0e, 0x32, 0x38, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72,
+	0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e,
+	0x52, 0x61, 0x6e, 0x67, 0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x56, 0x65, 0x72,
+	0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x74, 0x61, 0x74, 0x65, 0x3a, 0x0a,
+	0x55, 0x4e, 0x56, 0x45, 0x52, 0x49, 0x46, 0x49, 0x45, 0x44, 0x52, 0x0c, 0x76, 0x65, 0x72, 0x69,
+	0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x1a, 0xb3, 0x01, 0x0a, 0x0b, 0x44, 0x65, 0x63,
+	0x6c, 0x61, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x16, 0x0a, 0x06, 0x6e, 0x75, 0x6d, 0x62,
+	0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x06, 0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72,
+	0x12, 0x1b, 0x0a, 0x09, 0x66, 0x75, 0x6c, 0x6c, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20,
+	0x01, 0x28, 0x09, 0x52, 0x08, 0x66, 0x75, 0x6c, 0x6c, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x12, 0x0a,
+	0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x74, 0x79, 0x70,
+	0x65, 0x12, 0x23, 0x0a, 0x0b, 0x69, 0x73, 0x5f, 0x72, 0x65, 0x70, 0x65, 0x61, 0x74, 0x65, 0x64,
+	0x18, 0x04, 0x20, 0x01, 0x28, 0x08, 0x42, 0x02, 0x18, 0x01, 0x52, 0x0a, 0x69, 0x73, 0x52, 0x65,
+	0x70, 0x65, 0x61, 0x74, 0x65, 0x64, 0x12, 0x1a, 0x0a, 0x08, 0x72, 0x65, 0x73, 0x65, 0x72, 0x76,
+	0x65, 0x64, 0x18, 0x05, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x72, 0x65, 0x73, 0x65, 0x72, 0x76,
+	0x65, 0x64, 0x12, 0x1a, 0x0a, 0x08, 0x72, 0x65, 0x70, 0x65, 0x61, 0x74, 0x65, 0x64, 0x18, 0x06,
+	0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x72, 0x65, 0x70, 0x65, 0x61, 0x74, 0x65, 0x64, 0x22, 0x34,
+	0x0a, 0x11, 0x56, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x74,
+	0x61, 0x74, 0x65, 0x12, 0x0f, 0x0a, 0x0b, 0x44, 0x45, 0x43, 0x4c, 0x41, 0x52, 0x41, 0x54, 0x49,
+	0x4f, 0x4e, 0x10, 0x00, 0x12, 0x0e, 0x0a, 0x0a, 0x55, 0x4e, 0x56, 0x45, 0x52, 0x49, 0x46, 0x49,
+	0x45, 0x44, 0x10, 0x01, 0x2a, 0x09, 0x08, 0xe8, 0x07, 0x10, 0x80, 0x80, 0x80, 0x80, 0x02, 0x22,
+	0xc1, 0x06, 0x0a, 0x14, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70,
+	0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65,
+	0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x16, 0x0a, 0x06,
+	0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x05, 0x52, 0x06, 0x6e, 0x75,
+	0x6d, 0x62, 0x65, 0x72, 0x12, 0x41, 0x0a, 0x05, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x18, 0x04, 0x20,
+	0x01, 0x28, 0x0e, 0x32, 0x2b, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f,
 	0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x44, 0x65, 0x73, 0x63, 0x72,
-	0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x54, 0x79, 0x70, 0x65, 0x52,
-	0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x1b, 0x0a, 0x09, 0x74, 0x79, 0x70, 0x65, 0x5f, 0x6e, 0x61,
-	0x6d, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x74, 0x79, 0x70, 0x65, 0x4e, 0x61,
-	0x6d, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x64, 0x65, 0x65, 0x18, 0x02,
-	0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x64, 0x65, 0x65, 0x12, 0x23,
-	0x0a, 0x0d, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x5f, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18,
-	0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x56, 0x61,
-	0x6c, 0x75, 0x65, 0x12, 0x1f, 0x0a, 0x0b, 0x6f, 0x6e, 0x65, 0x6f, 0x66, 0x5f, 0x69, 0x6e, 0x64,
-	0x65, 0x78, 0x18, 0x09, 0x20, 0x01, 0x28, 0x05, 0x52, 0x0a, 0x6f, 0x6e, 0x65, 0x6f, 0x66, 0x49,
-	0x6e, 0x64, 0x65, 0x78, 0x12, 0x1b, 0x0a, 0x09, 0x6a, 0x73, 0x6f, 0x6e, 0x5f, 0x6e, 0x61, 0x6d,
-	0x65, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x6a, 0x73, 0x6f, 0x6e, 0x4e, 0x61, 0x6d,
-	0x65, 0x12, 0x37, 0x0a, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x08, 0x20, 0x01,
-	0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74,
-	0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e,
-	0x73, 0x52, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x27, 0x0a, 0x0f, 0x70, 0x72,
-	0x6f, 0x74, 0x6f, 0x33, 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x18, 0x11, 0x20,
-	0x01, 0x28, 0x08, 0x52, 0x0e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, 0x4f, 0x70, 0x74, 0x69, 0x6f,
-	0x6e, 0x61, 0x6c, 0x22, 0xb6, 0x02, 0x0a, 0x04, 0x54, 0x79, 0x70, 0x65, 0x12, 0x0f, 0x0a, 0x0b,
-	0x54, 0x59, 0x50, 0x45, 0x5f, 0x44, 0x4f, 0x55, 0x42, 0x4c, 0x45, 0x10, 0x01, 0x12, 0x0e, 0x0a,
-	0x0a, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x46, 0x4c, 0x4f, 0x41, 0x54, 0x10, 0x02, 0x12, 0x0e, 0x0a,
-	0x0a, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x49, 0x4e, 0x54, 0x36, 0x34, 0x10, 0x03, 0x12, 0x0f, 0x0a,
-	0x0b, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x55, 0x49, 0x4e, 0x54, 0x36, 0x34, 0x10, 0x04, 0x12, 0x0e,
-	0x0a, 0x0a, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x49, 0x4e, 0x54, 0x33, 0x32, 0x10, 0x05, 0x12, 0x10,
-	0x0a, 0x0c, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x46, 0x49, 0x58, 0x45, 0x44, 0x36, 0x34, 0x10, 0x06,
-	0x12, 0x10, 0x0a, 0x0c, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x46, 0x49, 0x58, 0x45, 0x44, 0x33, 0x32,
-	0x10, 0x07, 0x12, 0x0d, 0x0a, 0x09, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x42, 0x4f, 0x4f, 0x4c, 0x10,
-	0x08, 0x12, 0x0f, 0x0a, 0x0b, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x53, 0x54, 0x52, 0x49, 0x4e, 0x47,
-	0x10, 0x09, 0x12, 0x0e, 0x0a, 0x0a, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x47, 0x52, 0x4f, 0x55, 0x50,
-	0x10, 0x0a, 0x12, 0x10, 0x0a, 0x0c, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x4d, 0x45, 0x53, 0x53, 0x41,
-	0x47, 0x45, 0x10, 0x0b, 0x12, 0x0e, 0x0a, 0x0a, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x42, 0x59, 0x54,
-	0x45, 0x53, 0x10, 0x0c, 0x12, 0x0f, 0x0a, 0x0b, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x55, 0x49, 0x4e,
-	0x54, 0x33, 0x32, 0x10, 0x0d, 0x12, 0x0d, 0x0a, 0x09, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x45, 0x4e,
-	0x55, 0x4d, 0x10, 0x0e, 0x12, 0x11, 0x0a, 0x0d, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x53, 0x46, 0x49,
-	0x58, 0x45, 0x44, 0x33, 0x32, 0x10, 0x0f, 0x12, 0x11, 0x0a, 0x0d, 0x54, 0x59, 0x50, 0x45, 0x5f,
-	0x53, 0x46, 0x49, 0x58, 0x45, 0x44, 0x36, 0x34, 0x10, 0x10, 0x12, 0x0f, 0x0a, 0x0b, 0x54, 0x59,
-	0x50, 0x45, 0x5f, 0x53, 0x49, 0x4e, 0x54, 0x33, 0x32, 0x10, 0x11, 0x12, 0x0f, 0x0a, 0x0b, 0x54,
-	0x59, 0x50, 0x45, 0x5f, 0x53, 0x49, 0x4e, 0x54, 0x36, 0x34, 0x10, 0x12, 0x22, 0x43, 0x0a, 0x05,
-	0x4c, 0x61, 0x62, 0x65, 0x6c, 0x12, 0x12, 0x0a, 0x0e, 0x4c, 0x41, 0x42, 0x45, 0x4c, 0x5f, 0x4f,
-	0x50, 0x54, 0x49, 0x4f, 0x4e, 0x41, 0x4c, 0x10, 0x01, 0x12, 0x12, 0x0a, 0x0e, 0x4c, 0x41, 0x42,
-	0x45, 0x4c, 0x5f, 0x52, 0x45, 0x51, 0x55, 0x49, 0x52, 0x45, 0x44, 0x10, 0x02, 0x12, 0x12, 0x0a,
-	0x0e, 0x4c, 0x41, 0x42, 0x45, 0x4c, 0x5f, 0x52, 0x45, 0x50, 0x45, 0x41, 0x54, 0x45, 0x44, 0x10,
-	0x03, 0x22, 0x63, 0x0a, 0x14, 0x4f, 0x6e, 0x65, 0x6f, 0x66, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69,
-	0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d,
-	0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x37, 0x0a,
-	0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1d,
+	0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x4c, 0x61, 0x62, 0x65, 0x6c,
+	0x52, 0x05, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x12, 0x3e, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18,
+	0x05, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70,
+	0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x44, 0x65, 0x73,
+	0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x54, 0x79, 0x70,
+	0x65, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x1b, 0x0a, 0x09, 0x74, 0x79, 0x70, 0x65, 0x5f,
+	0x6e, 0x61, 0x6d, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x74, 0x79, 0x70, 0x65,
+	0x4e, 0x61, 0x6d, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x64, 0x65, 0x65,
+	0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x64, 0x65, 0x65,
+	0x12, 0x23, 0x0a, 0x0d, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x5f, 0x76, 0x61, 0x6c, 0x75,
+	0x65, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74,
+	0x56, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x1f, 0x0a, 0x0b, 0x6f, 0x6e, 0x65, 0x6f, 0x66, 0x5f, 0x69,
+	0x6e, 0x64, 0x65, 0x78, 0x18, 0x09, 0x20, 0x01, 0x28, 0x05, 0x52, 0x0a, 0x6f, 0x6e, 0x65, 0x6f,
+	0x66, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x12, 0x1b, 0x0a, 0x09, 0x6a, 0x73, 0x6f, 0x6e, 0x5f, 0x6e,
+	0x61, 0x6d, 0x65, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x6a, 0x73, 0x6f, 0x6e, 0x4e,
+	0x61, 0x6d, 0x65, 0x12, 0x37, 0x0a, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x08,
+	0x20, 0x01, 0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72,
+	0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x4f, 0x70, 0x74, 0x69,
+	0x6f, 0x6e, 0x73, 0x52, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x27, 0x0a, 0x0f,
+	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x18,
+	0x11, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, 0x4f, 0x70, 0x74,
+	0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x22, 0xb6, 0x02, 0x0a, 0x04, 0x54, 0x79, 0x70, 0x65, 0x12, 0x0f,
+	0x0a, 0x0b, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x44, 0x4f, 0x55, 0x42, 0x4c, 0x45, 0x10, 0x01, 0x12,
+	0x0e, 0x0a, 0x0a, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x46, 0x4c, 0x4f, 0x41, 0x54, 0x10, 0x02, 0x12,
+	0x0e, 0x0a, 0x0a, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x49, 0x4e, 0x54, 0x36, 0x34, 0x10, 0x03, 0x12,
+	0x0f, 0x0a, 0x0b, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x55, 0x49, 0x4e, 0x54, 0x36, 0x34, 0x10, 0x04,
+	0x12, 0x0e, 0x0a, 0x0a, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x49, 0x4e, 0x54, 0x33, 0x32, 0x10, 0x05,
+	0x12, 0x10, 0x0a, 0x0c, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x46, 0x49, 0x58, 0x45, 0x44, 0x36, 0x34,
+	0x10, 0x06, 0x12, 0x10, 0x0a, 0x0c, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x46, 0x49, 0x58, 0x45, 0x44,
+	0x33, 0x32, 0x10, 0x07, 0x12, 0x0d, 0x0a, 0x09, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x42, 0x4f, 0x4f,
+	0x4c, 0x10, 0x08, 0x12, 0x0f, 0x0a, 0x0b, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x53, 0x54, 0x52, 0x49,
+	0x4e, 0x47, 0x10, 0x09, 0x12, 0x0e, 0x0a, 0x0a, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x47, 0x52, 0x4f,
+	0x55, 0x50, 0x10, 0x0a, 0x12, 0x10, 0x0a, 0x0c, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x4d, 0x45, 0x53,
+	0x53, 0x41, 0x47, 0x45, 0x10, 0x0b, 0x12, 0x0e, 0x0a, 0x0a, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x42,
+	0x59, 0x54, 0x45, 0x53, 0x10, 0x0c, 0x12, 0x0f, 0x0a, 0x0b, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x55,
+	0x49, 0x4e, 0x54, 0x33, 0x32, 0x10, 0x0d, 0x12, 0x0d, 0x0a, 0x09, 0x54, 0x59, 0x50, 0x45, 0x5f,
+	0x45, 0x4e, 0x55, 0x4d, 0x10, 0x0e, 0x12, 0x11, 0x0a, 0x0d, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x53,
+	0x46, 0x49, 0x58, 0x45, 0x44, 0x33, 0x32, 0x10, 0x0f, 0x12, 0x11, 0x0a, 0x0d, 0x54, 0x59, 0x50,
+	0x45, 0x5f, 0x53, 0x46, 0x49, 0x58, 0x45, 0x44, 0x36, 0x34, 0x10, 0x10, 0x12, 0x0f, 0x0a, 0x0b,
+	0x54, 0x59, 0x50, 0x45, 0x5f, 0x53, 0x49, 0x4e, 0x54, 0x33, 0x32, 0x10, 0x11, 0x12, 0x0f, 0x0a,
+	0x0b, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x53, 0x49, 0x4e, 0x54, 0x36, 0x34, 0x10, 0x12, 0x22, 0x43,
+	0x0a, 0x05, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x12, 0x12, 0x0a, 0x0e, 0x4c, 0x41, 0x42, 0x45, 0x4c,
+	0x5f, 0x4f, 0x50, 0x54, 0x49, 0x4f, 0x4e, 0x41, 0x4c, 0x10, 0x01, 0x12, 0x12, 0x0a, 0x0e, 0x4c,
+	0x41, 0x42, 0x45, 0x4c, 0x5f, 0x52, 0x45, 0x51, 0x55, 0x49, 0x52, 0x45, 0x44, 0x10, 0x02, 0x12,
+	0x12, 0x0a, 0x0e, 0x4c, 0x41, 0x42, 0x45, 0x4c, 0x5f, 0x52, 0x45, 0x50, 0x45, 0x41, 0x54, 0x45,
+	0x44, 0x10, 0x03, 0x22, 0x63, 0x0a, 0x14, 0x4f, 0x6e, 0x65, 0x6f, 0x66, 0x44, 0x65, 0x73, 0x63,
+	0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x12, 0x0a, 0x04, 0x6e,
+	0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12,
+	0x37, 0x0a, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b,
+	0x32, 0x1d, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62,
+	0x75, 0x66, 0x2e, 0x4f, 0x6e, 0x65, 0x6f, 0x66, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52,
+	0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x22, 0xe3, 0x02, 0x0a, 0x13, 0x45, 0x6e, 0x75,
+	0x6d, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f,
+	0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04,
+	0x6e, 0x61, 0x6d, 0x65, 0x12, 0x3f, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20,
+	0x03, 0x28, 0x0b, 0x32, 0x29, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f,
+	0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6e, 0x75, 0x6d, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x44,
+	0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x52, 0x05,
+	0x76, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x36, 0x0a, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73,
+	0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e,
+	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6e, 0x75, 0x6d, 0x4f, 0x70, 0x74,
+	0x69, 0x6f, 0x6e, 0x73, 0x52, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x5d, 0x0a,
+	0x0e, 0x72, 0x65, 0x73, 0x65, 0x72, 0x76, 0x65, 0x64, 0x5f, 0x72, 0x61, 0x6e, 0x67, 0x65, 0x18,
+	0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x36, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70,
+	0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6e, 0x75, 0x6d, 0x44, 0x65, 0x73, 0x63,
+	0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x45, 0x6e, 0x75, 0x6d,
+	0x52, 0x65, 0x73, 0x65, 0x72, 0x76, 0x65, 0x64, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x52, 0x0d, 0x72,
+	0x65, 0x73, 0x65, 0x72, 0x76, 0x65, 0x64, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x12, 0x23, 0x0a, 0x0d,
+	0x72, 0x65, 0x73, 0x65, 0x72, 0x76, 0x65, 0x64, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x05, 0x20,
+	0x03, 0x28, 0x09, 0x52, 0x0c, 0x72, 0x65, 0x73, 0x65, 0x72, 0x76, 0x65, 0x64, 0x4e, 0x61, 0x6d,
+	0x65, 0x1a, 0x3b, 0x0a, 0x11, 0x45, 0x6e, 0x75, 0x6d, 0x52, 0x65, 0x73, 0x65, 0x72, 0x76, 0x65,
+	0x64, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x73, 0x74, 0x61, 0x72, 0x74, 0x18,
+	0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x05, 0x73, 0x74, 0x61, 0x72, 0x74, 0x12, 0x10, 0x0a, 0x03,
+	0x65, 0x6e, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x03, 0x65, 0x6e, 0x64, 0x22, 0x83,
+	0x01, 0x0a, 0x18, 0x45, 0x6e, 0x75, 0x6d, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x44, 0x65, 0x73, 0x63,
+	0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x12, 0x0a, 0x04, 0x6e,
+	0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12,
+	0x16, 0x0a, 0x06, 0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52,
+	0x06, 0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x12, 0x3b, 0x0a, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f,
+	0x6e, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x21, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
+	0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6e, 0x75, 0x6d, 0x56,
+	0x61, 0x6c, 0x75, 0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x07, 0x6f, 0x70, 0x74,
+	0x69, 0x6f, 0x6e, 0x73, 0x22, 0xa7, 0x01, 0x0a, 0x16, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65,
+	0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x12,
+	0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e,
+	0x61, 0x6d, 0x65, 0x12, 0x3e, 0x0a, 0x06, 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x18, 0x02, 0x20,
+	0x03, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f,
+	0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x44, 0x65, 0x73, 0x63,
+	0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x52, 0x06, 0x6d, 0x65, 0x74,
+	0x68, 0x6f, 0x64, 0x12, 0x39, 0x0a, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x03,
+	0x20, 0x01, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72,
+	0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x4f, 0x70,
+	0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x22, 0x89,
+	0x02, 0x0a, 0x15, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70,
+	0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65,
+	0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x1d, 0x0a, 0x0a,
+	0x69, 0x6e, 0x70, 0x75, 0x74, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09,
+	0x52, 0x09, 0x69, 0x6e, 0x70, 0x75, 0x74, 0x54, 0x79, 0x70, 0x65, 0x12, 0x1f, 0x0a, 0x0b, 0x6f,
+	0x75, 0x74, 0x70, 0x75, 0x74, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09,
+	0x52, 0x0a, 0x6f, 0x75, 0x74, 0x70, 0x75, 0x74, 0x54, 0x79, 0x70, 0x65, 0x12, 0x38, 0x0a, 0x07,
+	0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1e, 0x2e,
+	0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e,
+	0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x07, 0x6f,
+	0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x30, 0x0a, 0x10, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74,
+	0x5f, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x69, 0x6e, 0x67, 0x18, 0x05, 0x20, 0x01, 0x28, 0x08,
+	0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x0f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x53,
+	0x74, 0x72, 0x65, 0x61, 0x6d, 0x69, 0x6e, 0x67, 0x12, 0x30, 0x0a, 0x10, 0x73, 0x65, 0x72, 0x76,
+	0x65, 0x72, 0x5f, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x69, 0x6e, 0x67, 0x18, 0x06, 0x20, 0x01,
+	0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x0f, 0x73, 0x65, 0x72, 0x76, 0x65,
+	0x72, 0x53, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x69, 0x6e, 0x67, 0x22, 0x91, 0x09, 0x0a, 0x0b, 0x46,
+	0x69, 0x6c, 0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x21, 0x0a, 0x0c, 0x6a, 0x61,
+	0x76, 0x61, 0x5f, 0x70, 0x61, 0x63, 0x6b, 0x61, 0x67, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09,
+	0x52, 0x0b, 0x6a, 0x61, 0x76, 0x61, 0x50, 0x61, 0x63, 0x6b, 0x61, 0x67, 0x65, 0x12, 0x30, 0x0a,
+	0x14, 0x6a, 0x61, 0x76, 0x61, 0x5f, 0x6f, 0x75, 0x74, 0x65, 0x72, 0x5f, 0x63, 0x6c, 0x61, 0x73,
+	0x73, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x08, 0x20, 0x01, 0x28, 0x09, 0x52, 0x12, 0x6a, 0x61, 0x76,
+	0x61, 0x4f, 0x75, 0x74, 0x65, 0x72, 0x43, 0x6c, 0x61, 0x73, 0x73, 0x6e, 0x61, 0x6d, 0x65, 0x12,
+	0x35, 0x0a, 0x13, 0x6a, 0x61, 0x76, 0x61, 0x5f, 0x6d, 0x75, 0x6c, 0x74, 0x69, 0x70, 0x6c, 0x65,
+	0x5f, 0x66, 0x69, 0x6c, 0x65, 0x73, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61,
+	0x6c, 0x73, 0x65, 0x52, 0x11, 0x6a, 0x61, 0x76, 0x61, 0x4d, 0x75, 0x6c, 0x74, 0x69, 0x70, 0x6c,
+	0x65, 0x46, 0x69, 0x6c, 0x65, 0x73, 0x12, 0x44, 0x0a, 0x1d, 0x6a, 0x61, 0x76, 0x61, 0x5f, 0x67,
+	0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x5f, 0x65, 0x71, 0x75, 0x61, 0x6c, 0x73, 0x5f, 0x61,
+	0x6e, 0x64, 0x5f, 0x68, 0x61, 0x73, 0x68, 0x18, 0x14, 0x20, 0x01, 0x28, 0x08, 0x42, 0x02, 0x18,
+	0x01, 0x52, 0x19, 0x6a, 0x61, 0x76, 0x61, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x45,
+	0x71, 0x75, 0x61, 0x6c, 0x73, 0x41, 0x6e, 0x64, 0x48, 0x61, 0x73, 0x68, 0x12, 0x3a, 0x0a, 0x16,
+	0x6a, 0x61, 0x76, 0x61, 0x5f, 0x73, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x5f, 0x63, 0x68, 0x65, 0x63,
+	0x6b, 0x5f, 0x75, 0x74, 0x66, 0x38, 0x18, 0x1b, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61,
+	0x6c, 0x73, 0x65, 0x52, 0x13, 0x6a, 0x61, 0x76, 0x61, 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x43,
+	0x68, 0x65, 0x63, 0x6b, 0x55, 0x74, 0x66, 0x38, 0x12, 0x53, 0x0a, 0x0c, 0x6f, 0x70, 0x74, 0x69,
+	0x6d, 0x69, 0x7a, 0x65, 0x5f, 0x66, 0x6f, 0x72, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x29,
 	0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66,
-	0x2e, 0x4f, 0x6e, 0x65, 0x6f, 0x66, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x07, 0x6f,
-	0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x22, 0xe3, 0x02, 0x0a, 0x13, 0x45, 0x6e, 0x75, 0x6d, 0x44,
-	0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x12,
-	0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61,
-	0x6d, 0x65, 0x12, 0x3f, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x03, 0x28,
-	0x0b, 0x32, 0x29, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
-	0x62, 0x75, 0x66, 0x2e, 0x45, 0x6e, 0x75, 0x6d, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x44, 0x65, 0x73,
-	0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x52, 0x05, 0x76, 0x61,
-	0x6c, 0x75, 0x65, 0x12, 0x36, 0x0a, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x03,
-	0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72,
-	0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6e, 0x75, 0x6d, 0x4f, 0x70, 0x74, 0x69, 0x6f,
-	0x6e, 0x73, 0x52, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x5d, 0x0a, 0x0e, 0x72,
-	0x65, 0x73, 0x65, 0x72, 0x76, 0x65, 0x64, 0x5f, 0x72, 0x61, 0x6e, 0x67, 0x65, 0x18, 0x04, 0x20,
-	0x03, 0x28, 0x0b, 0x32, 0x36, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f,
-	0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6e, 0x75, 0x6d, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69,
-	0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x45, 0x6e, 0x75, 0x6d, 0x52, 0x65,
-	0x73, 0x65, 0x72, 0x76, 0x65, 0x64, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x52, 0x0d, 0x72, 0x65, 0x73,
-	0x65, 0x72, 0x76, 0x65, 0x64, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x12, 0x23, 0x0a, 0x0d, 0x72, 0x65,
-	0x73, 0x65, 0x72, 0x76, 0x65, 0x64, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x05, 0x20, 0x03, 0x28,
-	0x09, 0x52, 0x0c, 0x72, 0x65, 0x73, 0x65, 0x72, 0x76, 0x65, 0x64, 0x4e, 0x61, 0x6d, 0x65, 0x1a,
-	0x3b, 0x0a, 0x11, 0x45, 0x6e, 0x75, 0x6d, 0x52, 0x65, 0x73, 0x65, 0x72, 0x76, 0x65, 0x64, 0x52,
-	0x61, 0x6e, 0x67, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x73, 0x74, 0x61, 0x72, 0x74, 0x18, 0x01, 0x20,
-	0x01, 0x28, 0x05, 0x52, 0x05, 0x73, 0x74, 0x61, 0x72, 0x74, 0x12, 0x10, 0x0a, 0x03, 0x65, 0x6e,
-	0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x03, 0x65, 0x6e, 0x64, 0x22, 0x83, 0x01, 0x0a,
-	0x18, 0x45, 0x6e, 0x75, 0x6d, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69,
-	0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d,
-	0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x16, 0x0a,
-	0x06, 0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x06, 0x6e,
-	0x75, 0x6d, 0x62, 0x65, 0x72, 0x12, 0x3b, 0x0a, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73,
-	0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x21, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e,
-	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6e, 0x75, 0x6d, 0x56, 0x61, 0x6c,
-	0x75, 0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f,
-	0x6e, 0x73, 0x22, 0xa7, 0x01, 0x0a, 0x16, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x44, 0x65,
-	0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x12, 0x0a,
-	0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d,
-	0x65, 0x12, 0x3e, 0x0a, 0x06, 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x18, 0x02, 0x20, 0x03, 0x28,
-	0x0b, 0x32, 0x26, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
-	0x62, 0x75, 0x66, 0x2e, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69,
-	0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x52, 0x06, 0x6d, 0x65, 0x74, 0x68, 0x6f,
-	0x64, 0x12, 0x39, 0x0a, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x03, 0x20, 0x01,
-	0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74,
-	0x6f, 0x62, 0x75, 0x66, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x4f, 0x70, 0x74, 0x69,
-	0x6f, 0x6e, 0x73, 0x52, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x22, 0x89, 0x02, 0x0a,
-	0x15, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f,
-	0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01,
-	0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x1d, 0x0a, 0x0a, 0x69, 0x6e,
-	0x70, 0x75, 0x74, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09,
-	0x69, 0x6e, 0x70, 0x75, 0x74, 0x54, 0x79, 0x70, 0x65, 0x12, 0x1f, 0x0a, 0x0b, 0x6f, 0x75, 0x74,
-	0x70, 0x75, 0x74, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a,
-	0x6f, 0x75, 0x74, 0x70, 0x75, 0x74, 0x54, 0x79, 0x70, 0x65, 0x12, 0x38, 0x0a, 0x07, 0x6f, 0x70,
-	0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1e, 0x2e, 0x67, 0x6f,
-	0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x4d, 0x65,
-	0x74, 0x68, 0x6f, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x07, 0x6f, 0x70, 0x74,
-	0x69, 0x6f, 0x6e, 0x73, 0x12, 0x30, 0x0a, 0x10, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x73,
-	0x74, 0x72, 0x65, 0x61, 0x6d, 0x69, 0x6e, 0x67, 0x18, 0x05, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05,
-	0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x0f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x53, 0x74, 0x72,
-	0x65, 0x61, 0x6d, 0x69, 0x6e, 0x67, 0x12, 0x30, 0x0a, 0x10, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72,
-	0x5f, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x69, 0x6e, 0x67, 0x18, 0x06, 0x20, 0x01, 0x28, 0x08,
-	0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x0f, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x53,
-	0x74, 0x72, 0x65, 0x61, 0x6d, 0x69, 0x6e, 0x67, 0x22, 0x91, 0x09, 0x0a, 0x0b, 0x46, 0x69, 0x6c,
-	0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x21, 0x0a, 0x0c, 0x6a, 0x61, 0x76, 0x61,
-	0x5f, 0x70, 0x61, 0x63, 0x6b, 0x61, 0x67, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b,
-	0x6a, 0x61, 0x76, 0x61, 0x50, 0x61, 0x63, 0x6b, 0x61, 0x67, 0x65, 0x12, 0x30, 0x0a, 0x14, 0x6a,
-	0x61, 0x76, 0x61, 0x5f, 0x6f, 0x75, 0x74, 0x65, 0x72, 0x5f, 0x63, 0x6c, 0x61, 0x73, 0x73, 0x6e,
-	0x61, 0x6d, 0x65, 0x18, 0x08, 0x20, 0x01, 0x28, 0x09, 0x52, 0x12, 0x6a, 0x61, 0x76, 0x61, 0x4f,
-	0x75, 0x74, 0x65, 0x72, 0x43, 0x6c, 0x61, 0x73, 0x73, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x35, 0x0a,
-	0x13, 0x6a, 0x61, 0x76, 0x61, 0x5f, 0x6d, 0x75, 0x6c, 0x74, 0x69, 0x70, 0x6c, 0x65, 0x5f, 0x66,
-	0x69, 0x6c, 0x65, 0x73, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73,
-	0x65, 0x52, 0x11, 0x6a, 0x61, 0x76, 0x61, 0x4d, 0x75, 0x6c, 0x74, 0x69, 0x70, 0x6c, 0x65, 0x46,
-	0x69, 0x6c, 0x65, 0x73, 0x12, 0x44, 0x0a, 0x1d, 0x6a, 0x61, 0x76, 0x61, 0x5f, 0x67, 0x65, 0x6e,
-	0x65, 0x72, 0x61, 0x74, 0x65, 0x5f, 0x65, 0x71, 0x75, 0x61, 0x6c, 0x73, 0x5f, 0x61, 0x6e, 0x64,
-	0x5f, 0x68, 0x61, 0x73, 0x68, 0x18, 0x14, 0x20, 0x01, 0x28, 0x08, 0x42, 0x02, 0x18, 0x01, 0x52,
-	0x19, 0x6a, 0x61, 0x76, 0x61, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x45, 0x71, 0x75,
-	0x61, 0x6c, 0x73, 0x41, 0x6e, 0x64, 0x48, 0x61, 0x73, 0x68, 0x12, 0x3a, 0x0a, 0x16, 0x6a, 0x61,
-	0x76, 0x61, 0x5f, 0x73, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x5f, 0x63, 0x68, 0x65, 0x63, 0x6b, 0x5f,
-	0x75, 0x74, 0x66, 0x38, 0x18, 0x1b, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73,
-	0x65, 0x52, 0x13, 0x6a, 0x61, 0x76, 0x61, 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x43, 0x68, 0x65,
-	0x63, 0x6b, 0x55, 0x74, 0x66, 0x38, 0x12, 0x53, 0x0a, 0x0c, 0x6f, 0x70, 0x74, 0x69, 0x6d, 0x69,
-	0x7a, 0x65, 0x5f, 0x66, 0x6f, 0x72, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x29, 0x2e, 0x67,
-	0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46,
-	0x69, 0x6c, 0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x4f, 0x70, 0x74, 0x69, 0x6d,
-	0x69, 0x7a, 0x65, 0x4d, 0x6f, 0x64, 0x65, 0x3a, 0x05, 0x53, 0x50, 0x45, 0x45, 0x44, 0x52, 0x0b,
-	0x6f, 0x70, 0x74, 0x69, 0x6d, 0x69, 0x7a, 0x65, 0x46, 0x6f, 0x72, 0x12, 0x1d, 0x0a, 0x0a, 0x67,
-	0x6f, 0x5f, 0x70, 0x61, 0x63, 0x6b, 0x61, 0x67, 0x65, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x09, 0x52,
-	0x09, 0x67, 0x6f, 0x50, 0x61, 0x63, 0x6b, 0x61, 0x67, 0x65, 0x12, 0x35, 0x0a, 0x13, 0x63, 0x63,
-	0x5f, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x69, 0x63, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65,
-	0x73, 0x18, 0x10, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x11,
-	0x63, 0x63, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x69, 0x63, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65,
-	0x73, 0x12, 0x39, 0x0a, 0x15, 0x6a, 0x61, 0x76, 0x61, 0x5f, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x69,
-	0x63, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x18, 0x11, 0x20, 0x01, 0x28, 0x08,
-	0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x13, 0x6a, 0x61, 0x76, 0x61, 0x47, 0x65, 0x6e,
-	0x65, 0x72, 0x69, 0x63, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x12, 0x35, 0x0a, 0x13,
-	0x70, 0x79, 0x5f, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x69, 0x63, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69,
-	0x63, 0x65, 0x73, 0x18, 0x12, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65,
-	0x52, 0x11, 0x70, 0x79, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x69, 0x63, 0x53, 0x65, 0x72, 0x76, 0x69,
-	0x63, 0x65, 0x73, 0x12, 0x37, 0x0a, 0x14, 0x70, 0x68, 0x70, 0x5f, 0x67, 0x65, 0x6e, 0x65, 0x72,
-	0x69, 0x63, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x18, 0x2a, 0x20, 0x01, 0x28,
-	0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x12, 0x70, 0x68, 0x70, 0x47, 0x65, 0x6e,
-	0x65, 0x72, 0x69, 0x63, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x12, 0x25, 0x0a, 0x0a,
-	0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x18, 0x17, 0x20, 0x01, 0x28, 0x08,
-	0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x0a, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61,
-	0x74, 0x65, 0x64, 0x12, 0x2e, 0x0a, 0x10, 0x63, 0x63, 0x5f, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65,
-	0x5f, 0x61, 0x72, 0x65, 0x6e, 0x61, 0x73, 0x18, 0x1f, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x04, 0x74,
-	0x72, 0x75, 0x65, 0x52, 0x0e, 0x63, 0x63, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x41, 0x72, 0x65,
-	0x6e, 0x61, 0x73, 0x12, 0x2a, 0x0a, 0x11, 0x6f, 0x62, 0x6a, 0x63, 0x5f, 0x63, 0x6c, 0x61, 0x73,
-	0x73, 0x5f, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, 0x18, 0x24, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f,
-	0x6f, 0x62, 0x6a, 0x63, 0x43, 0x6c, 0x61, 0x73, 0x73, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x12,
-	0x29, 0x0a, 0x10, 0x63, 0x73, 0x68, 0x61, 0x72, 0x70, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70,
-	0x61, 0x63, 0x65, 0x18, 0x25, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x63, 0x73, 0x68, 0x61, 0x72,
-	0x70, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x12, 0x21, 0x0a, 0x0c, 0x73, 0x77,
-	0x69, 0x66, 0x74, 0x5f, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, 0x18, 0x27, 0x20, 0x01, 0x28, 0x09,
-	0x52, 0x0b, 0x73, 0x77, 0x69, 0x66, 0x74, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x12, 0x28, 0x0a,
-	0x10, 0x70, 0x68, 0x70, 0x5f, 0x63, 0x6c, 0x61, 0x73, 0x73, 0x5f, 0x70, 0x72, 0x65, 0x66, 0x69,
-	0x78, 0x18, 0x28, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x70, 0x68, 0x70, 0x43, 0x6c, 0x61, 0x73,
-	0x73, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x12, 0x23, 0x0a, 0x0d, 0x70, 0x68, 0x70, 0x5f, 0x6e,
-	0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x18, 0x29, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c,
-	0x70, 0x68, 0x70, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x12, 0x34, 0x0a, 0x16,
-	0x70, 0x68, 0x70, 0x5f, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x5f, 0x6e, 0x61, 0x6d,
-	0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x18, 0x2c, 0x20, 0x01, 0x28, 0x09, 0x52, 0x14, 0x70, 0x68,
-	0x70, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61,
-	0x63, 0x65, 0x12, 0x21, 0x0a, 0x0c, 0x72, 0x75, 0x62, 0x79, 0x5f, 0x70, 0x61, 0x63, 0x6b, 0x61,
-	0x67, 0x65, 0x18, 0x2d, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x72, 0x75, 0x62, 0x79, 0x50, 0x61,
-	0x63, 0x6b, 0x61, 0x67, 0x65, 0x12, 0x58, 0x0a, 0x14, 0x75, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72,
-	0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0xe7, 0x07,
-	0x20, 0x03, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72,
-	0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72,
-	0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x13, 0x75, 0x6e, 0x69, 0x6e,
-	0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x22,
-	0x3a, 0x0a, 0x0c, 0x4f, 0x70, 0x74, 0x69, 0x6d, 0x69, 0x7a, 0x65, 0x4d, 0x6f, 0x64, 0x65, 0x12,
-	0x09, 0x0a, 0x05, 0x53, 0x50, 0x45, 0x45, 0x44, 0x10, 0x01, 0x12, 0x0d, 0x0a, 0x09, 0x43, 0x4f,
-	0x44, 0x45, 0x5f, 0x53, 0x49, 0x5a, 0x45, 0x10, 0x02, 0x12, 0x10, 0x0a, 0x0c, 0x4c, 0x49, 0x54,
-	0x45, 0x5f, 0x52, 0x55, 0x4e, 0x54, 0x49, 0x4d, 0x45, 0x10, 0x03, 0x2a, 0x09, 0x08, 0xe8, 0x07,
-	0x10, 0x80, 0x80, 0x80, 0x80, 0x02, 0x4a, 0x04, 0x08, 0x26, 0x10, 0x27, 0x22, 0xbb, 0x03, 0x0a,
-	0x0e, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12,
-	0x3c, 0x0a, 0x17, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x5f, 0x73, 0x65, 0x74, 0x5f, 0x77,
-	0x69, 0x72, 0x65, 0x5f, 0x66, 0x6f, 0x72, 0x6d, 0x61, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08,
-	0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x14, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65,
-	0x53, 0x65, 0x74, 0x57, 0x69, 0x72, 0x65, 0x46, 0x6f, 0x72, 0x6d, 0x61, 0x74, 0x12, 0x4c, 0x0a,
-	0x1f, 0x6e, 0x6f, 0x5f, 0x73, 0x74, 0x61, 0x6e, 0x64, 0x61, 0x72, 0x64, 0x5f, 0x64, 0x65, 0x73,
-	0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x5f, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x6f, 0x72,
-	0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x1c, 0x6e,
-	0x6f, 0x53, 0x74, 0x61, 0x6e, 0x64, 0x61, 0x72, 0x64, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70,
-	0x74, 0x6f, 0x72, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x6f, 0x72, 0x12, 0x25, 0x0a, 0x0a, 0x64,
-	0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x3a,
-	0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x0a, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74,
-	0x65, 0x64, 0x12, 0x1b, 0x0a, 0x09, 0x6d, 0x61, 0x70, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x18,
-	0x07, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x6d, 0x61, 0x70, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12,
-	0x56, 0x0a, 0x26, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x5f, 0x6c, 0x65,
-	0x67, 0x61, 0x63, 0x79, 0x5f, 0x6a, 0x73, 0x6f, 0x6e, 0x5f, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x5f,
-	0x63, 0x6f, 0x6e, 0x66, 0x6c, 0x69, 0x63, 0x74, 0x73, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x08, 0x42,
-	0x02, 0x18, 0x01, 0x52, 0x22, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x4c,
-	0x65, 0x67, 0x61, 0x63, 0x79, 0x4a, 0x73, 0x6f, 0x6e, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x43, 0x6f,
-	0x6e, 0x66, 0x6c, 0x69, 0x63, 0x74, 0x73, 0x12, 0x58, 0x0a, 0x14, 0x75, 0x6e, 0x69, 0x6e, 0x74,
+	0x2e, 0x46, 0x69, 0x6c, 0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x4f, 0x70, 0x74,
+	0x69, 0x6d, 0x69, 0x7a, 0x65, 0x4d, 0x6f, 0x64, 0x65, 0x3a, 0x05, 0x53, 0x50, 0x45, 0x45, 0x44,
+	0x52, 0x0b, 0x6f, 0x70, 0x74, 0x69, 0x6d, 0x69, 0x7a, 0x65, 0x46, 0x6f, 0x72, 0x12, 0x1d, 0x0a,
+	0x0a, 0x67, 0x6f, 0x5f, 0x70, 0x61, 0x63, 0x6b, 0x61, 0x67, 0x65, 0x18, 0x0b, 0x20, 0x01, 0x28,
+	0x09, 0x52, 0x09, 0x67, 0x6f, 0x50, 0x61, 0x63, 0x6b, 0x61, 0x67, 0x65, 0x12, 0x35, 0x0a, 0x13,
+	0x63, 0x63, 0x5f, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x69, 0x63, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69,
+	0x63, 0x65, 0x73, 0x18, 0x10, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65,
+	0x52, 0x11, 0x63, 0x63, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x69, 0x63, 0x53, 0x65, 0x72, 0x76, 0x69,
+	0x63, 0x65, 0x73, 0x12, 0x39, 0x0a, 0x15, 0x6a, 0x61, 0x76, 0x61, 0x5f, 0x67, 0x65, 0x6e, 0x65,
+	0x72, 0x69, 0x63, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x18, 0x11, 0x20, 0x01,
+	0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x13, 0x6a, 0x61, 0x76, 0x61, 0x47,
+	0x65, 0x6e, 0x65, 0x72, 0x69, 0x63, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x12, 0x35,
+	0x0a, 0x13, 0x70, 0x79, 0x5f, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x69, 0x63, 0x5f, 0x73, 0x65, 0x72,
+	0x76, 0x69, 0x63, 0x65, 0x73, 0x18, 0x12, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c,
+	0x73, 0x65, 0x52, 0x11, 0x70, 0x79, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x69, 0x63, 0x53, 0x65, 0x72,
+	0x76, 0x69, 0x63, 0x65, 0x73, 0x12, 0x37, 0x0a, 0x14, 0x70, 0x68, 0x70, 0x5f, 0x67, 0x65, 0x6e,
+	0x65, 0x72, 0x69, 0x63, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x18, 0x2a, 0x20,
+	0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x12, 0x70, 0x68, 0x70, 0x47,
+	0x65, 0x6e, 0x65, 0x72, 0x69, 0x63, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x12, 0x25,
+	0x0a, 0x0a, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x18, 0x17, 0x20, 0x01,
+	0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x0a, 0x64, 0x65, 0x70, 0x72, 0x65,
+	0x63, 0x61, 0x74, 0x65, 0x64, 0x12, 0x2e, 0x0a, 0x10, 0x63, 0x63, 0x5f, 0x65, 0x6e, 0x61, 0x62,
+	0x6c, 0x65, 0x5f, 0x61, 0x72, 0x65, 0x6e, 0x61, 0x73, 0x18, 0x1f, 0x20, 0x01, 0x28, 0x08, 0x3a,
+	0x04, 0x74, 0x72, 0x75, 0x65, 0x52, 0x0e, 0x63, 0x63, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x41,
+	0x72, 0x65, 0x6e, 0x61, 0x73, 0x12, 0x2a, 0x0a, 0x11, 0x6f, 0x62, 0x6a, 0x63, 0x5f, 0x63, 0x6c,
+	0x61, 0x73, 0x73, 0x5f, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, 0x18, 0x24, 0x20, 0x01, 0x28, 0x09,
+	0x52, 0x0f, 0x6f, 0x62, 0x6a, 0x63, 0x43, 0x6c, 0x61, 0x73, 0x73, 0x50, 0x72, 0x65, 0x66, 0x69,
+	0x78, 0x12, 0x29, 0x0a, 0x10, 0x63, 0x73, 0x68, 0x61, 0x72, 0x70, 0x5f, 0x6e, 0x61, 0x6d, 0x65,
+	0x73, 0x70, 0x61, 0x63, 0x65, 0x18, 0x25, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x63, 0x73, 0x68,
+	0x61, 0x72, 0x70, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x12, 0x21, 0x0a, 0x0c,
+	0x73, 0x77, 0x69, 0x66, 0x74, 0x5f, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, 0x18, 0x27, 0x20, 0x01,
+	0x28, 0x09, 0x52, 0x0b, 0x73, 0x77, 0x69, 0x66, 0x74, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x12,
+	0x28, 0x0a, 0x10, 0x70, 0x68, 0x70, 0x5f, 0x63, 0x6c, 0x61, 0x73, 0x73, 0x5f, 0x70, 0x72, 0x65,
+	0x66, 0x69, 0x78, 0x18, 0x28, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x70, 0x68, 0x70, 0x43, 0x6c,
+	0x61, 0x73, 0x73, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x12, 0x23, 0x0a, 0x0d, 0x70, 0x68, 0x70,
+	0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x18, 0x29, 0x20, 0x01, 0x28, 0x09,
+	0x52, 0x0c, 0x70, 0x68, 0x70, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x12, 0x34,
+	0x0a, 0x16, 0x70, 0x68, 0x70, 0x5f, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x5f, 0x6e,
+	0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x18, 0x2c, 0x20, 0x01, 0x28, 0x09, 0x52, 0x14,
+	0x70, 0x68, 0x70, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x4e, 0x61, 0x6d, 0x65, 0x73,
+	0x70, 0x61, 0x63, 0x65, 0x12, 0x21, 0x0a, 0x0c, 0x72, 0x75, 0x62, 0x79, 0x5f, 0x70, 0x61, 0x63,
+	0x6b, 0x61, 0x67, 0x65, 0x18, 0x2d, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x72, 0x75, 0x62, 0x79,
+	0x50, 0x61, 0x63, 0x6b, 0x61, 0x67, 0x65, 0x12, 0x58, 0x0a, 0x14, 0x75, 0x6e, 0x69, 0x6e, 0x74,
 	0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x18,
 	0xe7, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e,
 	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72,
 	0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x13, 0x75, 0x6e,
 	0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f,
-	0x6e, 0x2a, 0x09, 0x08, 0xe8, 0x07, 0x10, 0x80, 0x80, 0x80, 0x80, 0x02, 0x4a, 0x04, 0x08, 0x04,
-	0x10, 0x05, 0x4a, 0x04, 0x08, 0x05, 0x10, 0x06, 0x4a, 0x04, 0x08, 0x06, 0x10, 0x07, 0x4a, 0x04,
-	0x08, 0x08, 0x10, 0x09, 0x4a, 0x04, 0x08, 0x09, 0x10, 0x0a, 0x22, 0xb7, 0x08, 0x0a, 0x0c, 0x46,
-	0x69, 0x65, 0x6c, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x41, 0x0a, 0x05, 0x63,
-	0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x23, 0x2e, 0x67, 0x6f, 0x6f,
-	0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x65,
-	0x6c, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x43, 0x54, 0x79, 0x70, 0x65, 0x3a,
-	0x06, 0x53, 0x54, 0x52, 0x49, 0x4e, 0x47, 0x52, 0x05, 0x63, 0x74, 0x79, 0x70, 0x65, 0x12, 0x16,
-	0x0a, 0x06, 0x70, 0x61, 0x63, 0x6b, 0x65, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x06,
-	0x70, 0x61, 0x63, 0x6b, 0x65, 0x64, 0x12, 0x47, 0x0a, 0x06, 0x6a, 0x73, 0x74, 0x79, 0x70, 0x65,
-	0x18, 0x06, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x24, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e,
-	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x4f, 0x70,
-	0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x4a, 0x53, 0x54, 0x79, 0x70, 0x65, 0x3a, 0x09, 0x4a, 0x53,
-	0x5f, 0x4e, 0x4f, 0x52, 0x4d, 0x41, 0x4c, 0x52, 0x06, 0x6a, 0x73, 0x74, 0x79, 0x70, 0x65, 0x12,
-	0x19, 0x0a, 0x04, 0x6c, 0x61, 0x7a, 0x79, 0x18, 0x05, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66,
-	0x61, 0x6c, 0x73, 0x65, 0x52, 0x04, 0x6c, 0x61, 0x7a, 0x79, 0x12, 0x2e, 0x0a, 0x0f, 0x75, 0x6e,
-	0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x65, 0x64, 0x5f, 0x6c, 0x61, 0x7a, 0x79, 0x18, 0x0f, 0x20,
-	0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x0e, 0x75, 0x6e, 0x76, 0x65,
-	0x72, 0x69, 0x66, 0x69, 0x65, 0x64, 0x4c, 0x61, 0x7a, 0x79, 0x12, 0x25, 0x0a, 0x0a, 0x64, 0x65,
-	0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05,
-	0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x0a, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65,
-	0x64, 0x12, 0x19, 0x0a, 0x04, 0x77, 0x65, 0x61, 0x6b, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x08, 0x3a,
-	0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x04, 0x77, 0x65, 0x61, 0x6b, 0x12, 0x28, 0x0a, 0x0c,
-	0x64, 0x65, 0x62, 0x75, 0x67, 0x5f, 0x72, 0x65, 0x64, 0x61, 0x63, 0x74, 0x18, 0x10, 0x20, 0x01,
-	0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x0b, 0x64, 0x65, 0x62, 0x75, 0x67,
-	0x52, 0x65, 0x64, 0x61, 0x63, 0x74, 0x12, 0x4b, 0x0a, 0x09, 0x72, 0x65, 0x74, 0x65, 0x6e, 0x74,
-	0x69, 0x6f, 0x6e, 0x18, 0x11, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2d, 0x2e, 0x67, 0x6f, 0x6f, 0x67,
-	0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x65, 0x6c,
-	0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x52,
-	0x65, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x09, 0x72, 0x65, 0x74, 0x65, 0x6e, 0x74,
-	0x69, 0x6f, 0x6e, 0x12, 0x46, 0x0a, 0x06, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x18, 0x12, 0x20,
-	0x01, 0x28, 0x0e, 0x32, 0x2e, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f,
-	0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f,
-	0x6e, 0x73, 0x2e, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x54,
-	0x79, 0x70, 0x65, 0x52, 0x06, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x12, 0x58, 0x0a, 0x14, 0x75,
+	0x6e, 0x22, 0x3a, 0x0a, 0x0c, 0x4f, 0x70, 0x74, 0x69, 0x6d, 0x69, 0x7a, 0x65, 0x4d, 0x6f, 0x64,
+	0x65, 0x12, 0x09, 0x0a, 0x05, 0x53, 0x50, 0x45, 0x45, 0x44, 0x10, 0x01, 0x12, 0x0d, 0x0a, 0x09,
+	0x43, 0x4f, 0x44, 0x45, 0x5f, 0x53, 0x49, 0x5a, 0x45, 0x10, 0x02, 0x12, 0x10, 0x0a, 0x0c, 0x4c,
+	0x49, 0x54, 0x45, 0x5f, 0x52, 0x55, 0x4e, 0x54, 0x49, 0x4d, 0x45, 0x10, 0x03, 0x2a, 0x09, 0x08,
+	0xe8, 0x07, 0x10, 0x80, 0x80, 0x80, 0x80, 0x02, 0x4a, 0x04, 0x08, 0x26, 0x10, 0x27, 0x22, 0xbb,
+	0x03, 0x0a, 0x0e, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e,
+	0x73, 0x12, 0x3c, 0x0a, 0x17, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x5f, 0x73, 0x65, 0x74,
+	0x5f, 0x77, 0x69, 0x72, 0x65, 0x5f, 0x66, 0x6f, 0x72, 0x6d, 0x61, 0x74, 0x18, 0x01, 0x20, 0x01,
+	0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x14, 0x6d, 0x65, 0x73, 0x73, 0x61,
+	0x67, 0x65, 0x53, 0x65, 0x74, 0x57, 0x69, 0x72, 0x65, 0x46, 0x6f, 0x72, 0x6d, 0x61, 0x74, 0x12,
+	0x4c, 0x0a, 0x1f, 0x6e, 0x6f, 0x5f, 0x73, 0x74, 0x61, 0x6e, 0x64, 0x61, 0x72, 0x64, 0x5f, 0x64,
+	0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x5f, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73,
+	0x6f, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52,
+	0x1c, 0x6e, 0x6f, 0x53, 0x74, 0x61, 0x6e, 0x64, 0x61, 0x72, 0x64, 0x44, 0x65, 0x73, 0x63, 0x72,
+	0x69, 0x70, 0x74, 0x6f, 0x72, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x6f, 0x72, 0x12, 0x25, 0x0a,
+	0x0a, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28,
+	0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x0a, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63,
+	0x61, 0x74, 0x65, 0x64, 0x12, 0x1b, 0x0a, 0x09, 0x6d, 0x61, 0x70, 0x5f, 0x65, 0x6e, 0x74, 0x72,
+	0x79, 0x18, 0x07, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x6d, 0x61, 0x70, 0x45, 0x6e, 0x74, 0x72,
+	0x79, 0x12, 0x56, 0x0a, 0x26, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x5f,
+	0x6c, 0x65, 0x67, 0x61, 0x63, 0x79, 0x5f, 0x6a, 0x73, 0x6f, 0x6e, 0x5f, 0x66, 0x69, 0x65, 0x6c,
+	0x64, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x6c, 0x69, 0x63, 0x74, 0x73, 0x18, 0x0b, 0x20, 0x01, 0x28,
+	0x08, 0x42, 0x02, 0x18, 0x01, 0x52, 0x22, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65,
+	0x64, 0x4c, 0x65, 0x67, 0x61, 0x63, 0x79, 0x4a, 0x73, 0x6f, 0x6e, 0x46, 0x69, 0x65, 0x6c, 0x64,
+	0x43, 0x6f, 0x6e, 0x66, 0x6c, 0x69, 0x63, 0x74, 0x73, 0x12, 0x58, 0x0a, 0x14, 0x75, 0x6e, 0x69,
+	0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f,
+	0x6e, 0x18, 0xe7, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
+	0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x6e, 0x69, 0x6e, 0x74,
+	0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x13,
+	0x75, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74,
+	0x69, 0x6f, 0x6e, 0x2a, 0x09, 0x08, 0xe8, 0x07, 0x10, 0x80, 0x80, 0x80, 0x80, 0x02, 0x4a, 0x04,
+	0x08, 0x04, 0x10, 0x05, 0x4a, 0x04, 0x08, 0x05, 0x10, 0x06, 0x4a, 0x04, 0x08, 0x06, 0x10, 0x07,
+	0x4a, 0x04, 0x08, 0x08, 0x10, 0x09, 0x4a, 0x04, 0x08, 0x09, 0x10, 0x0a, 0x22, 0x85, 0x09, 0x0a,
+	0x0c, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x41, 0x0a,
+	0x05, 0x63, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x23, 0x2e, 0x67,
+	0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46,
+	0x69, 0x65, 0x6c, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x43, 0x54, 0x79, 0x70,
+	0x65, 0x3a, 0x06, 0x53, 0x54, 0x52, 0x49, 0x4e, 0x47, 0x52, 0x05, 0x63, 0x74, 0x79, 0x70, 0x65,
+	0x12, 0x16, 0x0a, 0x06, 0x70, 0x61, 0x63, 0x6b, 0x65, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08,
+	0x52, 0x06, 0x70, 0x61, 0x63, 0x6b, 0x65, 0x64, 0x12, 0x47, 0x0a, 0x06, 0x6a, 0x73, 0x74, 0x79,
+	0x70, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x24, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
+	0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x65, 0x6c, 0x64,
+	0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x4a, 0x53, 0x54, 0x79, 0x70, 0x65, 0x3a, 0x09,
+	0x4a, 0x53, 0x5f, 0x4e, 0x4f, 0x52, 0x4d, 0x41, 0x4c, 0x52, 0x06, 0x6a, 0x73, 0x74, 0x79, 0x70,
+	0x65, 0x12, 0x19, 0x0a, 0x04, 0x6c, 0x61, 0x7a, 0x79, 0x18, 0x05, 0x20, 0x01, 0x28, 0x08, 0x3a,
+	0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x04, 0x6c, 0x61, 0x7a, 0x79, 0x12, 0x2e, 0x0a, 0x0f,
+	0x75, 0x6e, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x65, 0x64, 0x5f, 0x6c, 0x61, 0x7a, 0x79, 0x18,
+	0x0f, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x0e, 0x75, 0x6e,
+	0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x65, 0x64, 0x4c, 0x61, 0x7a, 0x79, 0x12, 0x25, 0x0a, 0x0a,
+	0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08,
+	0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x0a, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61,
+	0x74, 0x65, 0x64, 0x12, 0x19, 0x0a, 0x04, 0x77, 0x65, 0x61, 0x6b, 0x18, 0x0a, 0x20, 0x01, 0x28,
+	0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x04, 0x77, 0x65, 0x61, 0x6b, 0x12, 0x28,
+	0x0a, 0x0c, 0x64, 0x65, 0x62, 0x75, 0x67, 0x5f, 0x72, 0x65, 0x64, 0x61, 0x63, 0x74, 0x18, 0x10,
+	0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x0b, 0x64, 0x65, 0x62,
+	0x75, 0x67, 0x52, 0x65, 0x64, 0x61, 0x63, 0x74, 0x12, 0x4b, 0x0a, 0x09, 0x72, 0x65, 0x74, 0x65,
+	0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x11, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2d, 0x2e, 0x67, 0x6f,
+	0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69,
+	0x65, 0x6c, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x4f, 0x70, 0x74, 0x69, 0x6f,
+	0x6e, 0x52, 0x65, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x09, 0x72, 0x65, 0x74, 0x65,
+	0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x4a, 0x0a, 0x06, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x18,
+	0x12, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2e, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70,
+	0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x4f, 0x70, 0x74,
+	0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x61, 0x72, 0x67, 0x65,
+	0x74, 0x54, 0x79, 0x70, 0x65, 0x42, 0x02, 0x18, 0x01, 0x52, 0x06, 0x74, 0x61, 0x72, 0x67, 0x65,
+	0x74, 0x12, 0x48, 0x0a, 0x07, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x73, 0x18, 0x13, 0x20, 0x03,
+	0x28, 0x0e, 0x32, 0x2e, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74,
+	0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e,
+	0x73, 0x2e, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x54, 0x79,
+	0x70, 0x65, 0x52, 0x07, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x73, 0x12, 0x58, 0x0a, 0x14, 0x75,
 	0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x5f, 0x6f, 0x70, 0x74,
 	0x69, 0x6f, 0x6e, 0x18, 0xe7, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x67, 0x6f, 0x6f,
 	0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x6e, 0x69,
@@ -3885,98 +4123,103 @@ func file_google_protobuf_descriptor_proto_rawDescGZIP() []byte {
 	return file_google_protobuf_descriptor_proto_rawDescData
 }
 
-var file_google_protobuf_descriptor_proto_enumTypes = make([]protoimpl.EnumInfo, 9)
-var file_google_protobuf_descriptor_proto_msgTypes = make([]protoimpl.MessageInfo, 27)
+var file_google_protobuf_descriptor_proto_enumTypes = make([]protoimpl.EnumInfo, 10)
+var file_google_protobuf_descriptor_proto_msgTypes = make([]protoimpl.MessageInfo, 28)
 var file_google_protobuf_descriptor_proto_goTypes = []interface{}{
-	(FieldDescriptorProto_Type)(0),                // 0: google.protobuf.FieldDescriptorProto.Type
-	(FieldDescriptorProto_Label)(0),               // 1: google.protobuf.FieldDescriptorProto.Label
-	(FileOptions_OptimizeMode)(0),                 // 2: google.protobuf.FileOptions.OptimizeMode
-	(FieldOptions_CType)(0),                       // 3: google.protobuf.FieldOptions.CType
-	(FieldOptions_JSType)(0),                      // 4: google.protobuf.FieldOptions.JSType
-	(FieldOptions_OptionRetention)(0),             // 5: google.protobuf.FieldOptions.OptionRetention
-	(FieldOptions_OptionTargetType)(0),            // 6: google.protobuf.FieldOptions.OptionTargetType
-	(MethodOptions_IdempotencyLevel)(0),           // 7: google.protobuf.MethodOptions.IdempotencyLevel
-	(GeneratedCodeInfo_Annotation_Semantic)(0),    // 8: google.protobuf.GeneratedCodeInfo.Annotation.Semantic
-	(*FileDescriptorSet)(nil),                     // 9: google.protobuf.FileDescriptorSet
-	(*FileDescriptorProto)(nil),                   // 10: google.protobuf.FileDescriptorProto
-	(*DescriptorProto)(nil),                       // 11: google.protobuf.DescriptorProto
-	(*ExtensionRangeOptions)(nil),                 // 12: google.protobuf.ExtensionRangeOptions
-	(*FieldDescriptorProto)(nil),                  // 13: google.protobuf.FieldDescriptorProto
-	(*OneofDescriptorProto)(nil),                  // 14: google.protobuf.OneofDescriptorProto
-	(*EnumDescriptorProto)(nil),                   // 15: google.protobuf.EnumDescriptorProto
-	(*EnumValueDescriptorProto)(nil),              // 16: google.protobuf.EnumValueDescriptorProto
-	(*ServiceDescriptorProto)(nil),                // 17: google.protobuf.ServiceDescriptorProto
-	(*MethodDescriptorProto)(nil),                 // 18: google.protobuf.MethodDescriptorProto
-	(*FileOptions)(nil),                           // 19: google.protobuf.FileOptions
-	(*MessageOptions)(nil),                        // 20: google.protobuf.MessageOptions
-	(*FieldOptions)(nil),                          // 21: google.protobuf.FieldOptions
-	(*OneofOptions)(nil),                          // 22: google.protobuf.OneofOptions
-	(*EnumOptions)(nil),                           // 23: google.protobuf.EnumOptions
-	(*EnumValueOptions)(nil),                      // 24: google.protobuf.EnumValueOptions
-	(*ServiceOptions)(nil),                        // 25: google.protobuf.ServiceOptions
-	(*MethodOptions)(nil),                         // 26: google.protobuf.MethodOptions
-	(*UninterpretedOption)(nil),                   // 27: google.protobuf.UninterpretedOption
-	(*SourceCodeInfo)(nil),                        // 28: google.protobuf.SourceCodeInfo
-	(*GeneratedCodeInfo)(nil),                     // 29: google.protobuf.GeneratedCodeInfo
-	(*DescriptorProto_ExtensionRange)(nil),        // 30: google.protobuf.DescriptorProto.ExtensionRange
-	(*DescriptorProto_ReservedRange)(nil),         // 31: google.protobuf.DescriptorProto.ReservedRange
-	(*EnumDescriptorProto_EnumReservedRange)(nil), // 32: google.protobuf.EnumDescriptorProto.EnumReservedRange
-	(*UninterpretedOption_NamePart)(nil),          // 33: google.protobuf.UninterpretedOption.NamePart
-	(*SourceCodeInfo_Location)(nil),               // 34: google.protobuf.SourceCodeInfo.Location
-	(*GeneratedCodeInfo_Annotation)(nil),          // 35: google.protobuf.GeneratedCodeInfo.Annotation
+	(ExtensionRangeOptions_VerificationState)(0),  // 0: google.protobuf.ExtensionRangeOptions.VerificationState
+	(FieldDescriptorProto_Type)(0),                // 1: google.protobuf.FieldDescriptorProto.Type
+	(FieldDescriptorProto_Label)(0),               // 2: google.protobuf.FieldDescriptorProto.Label
+	(FileOptions_OptimizeMode)(0),                 // 3: google.protobuf.FileOptions.OptimizeMode
+	(FieldOptions_CType)(0),                       // 4: google.protobuf.FieldOptions.CType
+	(FieldOptions_JSType)(0),                      // 5: google.protobuf.FieldOptions.JSType
+	(FieldOptions_OptionRetention)(0),             // 6: google.protobuf.FieldOptions.OptionRetention
+	(FieldOptions_OptionTargetType)(0),            // 7: google.protobuf.FieldOptions.OptionTargetType
+	(MethodOptions_IdempotencyLevel)(0),           // 8: google.protobuf.MethodOptions.IdempotencyLevel
+	(GeneratedCodeInfo_Annotation_Semantic)(0),    // 9: google.protobuf.GeneratedCodeInfo.Annotation.Semantic
+	(*FileDescriptorSet)(nil),                     // 10: google.protobuf.FileDescriptorSet
+	(*FileDescriptorProto)(nil),                   // 11: google.protobuf.FileDescriptorProto
+	(*DescriptorProto)(nil),                       // 12: google.protobuf.DescriptorProto
+	(*ExtensionRangeOptions)(nil),                 // 13: google.protobuf.ExtensionRangeOptions
+	(*FieldDescriptorProto)(nil),                  // 14: google.protobuf.FieldDescriptorProto
+	(*OneofDescriptorProto)(nil),                  // 15: google.protobuf.OneofDescriptorProto
+	(*EnumDescriptorProto)(nil),                   // 16: google.protobuf.EnumDescriptorProto
+	(*EnumValueDescriptorProto)(nil),              // 17: google.protobuf.EnumValueDescriptorProto
+	(*ServiceDescriptorProto)(nil),                // 18: google.protobuf.ServiceDescriptorProto
+	(*MethodDescriptorProto)(nil),                 // 19: google.protobuf.MethodDescriptorProto
+	(*FileOptions)(nil),                           // 20: google.protobuf.FileOptions
+	(*MessageOptions)(nil),                        // 21: google.protobuf.MessageOptions
+	(*FieldOptions)(nil),                          // 22: google.protobuf.FieldOptions
+	(*OneofOptions)(nil),                          // 23: google.protobuf.OneofOptions
+	(*EnumOptions)(nil),                           // 24: google.protobuf.EnumOptions
+	(*EnumValueOptions)(nil),                      // 25: google.protobuf.EnumValueOptions
+	(*ServiceOptions)(nil),                        // 26: google.protobuf.ServiceOptions
+	(*MethodOptions)(nil),                         // 27: google.protobuf.MethodOptions
+	(*UninterpretedOption)(nil),                   // 28: google.protobuf.UninterpretedOption
+	(*SourceCodeInfo)(nil),                        // 29: google.protobuf.SourceCodeInfo
+	(*GeneratedCodeInfo)(nil),                     // 30: google.protobuf.GeneratedCodeInfo
+	(*DescriptorProto_ExtensionRange)(nil),        // 31: google.protobuf.DescriptorProto.ExtensionRange
+	(*DescriptorProto_ReservedRange)(nil),         // 32: google.protobuf.DescriptorProto.ReservedRange
+	(*ExtensionRangeOptions_Declaration)(nil),     // 33: google.protobuf.ExtensionRangeOptions.Declaration
+	(*EnumDescriptorProto_EnumReservedRange)(nil), // 34: google.protobuf.EnumDescriptorProto.EnumReservedRange
+	(*UninterpretedOption_NamePart)(nil),          // 35: google.protobuf.UninterpretedOption.NamePart
+	(*SourceCodeInfo_Location)(nil),               // 36: google.protobuf.SourceCodeInfo.Location
+	(*GeneratedCodeInfo_Annotation)(nil),          // 37: google.protobuf.GeneratedCodeInfo.Annotation
 }
 var file_google_protobuf_descriptor_proto_depIdxs = []int32{
-	10, // 0: google.protobuf.FileDescriptorSet.file:type_name -> google.protobuf.FileDescriptorProto
-	11, // 1: google.protobuf.FileDescriptorProto.message_type:type_name -> google.protobuf.DescriptorProto
-	15, // 2: google.protobuf.FileDescriptorProto.enum_type:type_name -> google.protobuf.EnumDescriptorProto
-	17, // 3: google.protobuf.FileDescriptorProto.service:type_name -> google.protobuf.ServiceDescriptorProto
-	13, // 4: google.protobuf.FileDescriptorProto.extension:type_name -> google.protobuf.FieldDescriptorProto
-	19, // 5: google.protobuf.FileDescriptorProto.options:type_name -> google.protobuf.FileOptions
-	28, // 6: google.protobuf.FileDescriptorProto.source_code_info:type_name -> google.protobuf.SourceCodeInfo
-	13, // 7: google.protobuf.DescriptorProto.field:type_name -> google.protobuf.FieldDescriptorProto
-	13, // 8: google.protobuf.DescriptorProto.extension:type_name -> google.protobuf.FieldDescriptorProto
-	11, // 9: google.protobuf.DescriptorProto.nested_type:type_name -> google.protobuf.DescriptorProto
-	15, // 10: google.protobuf.DescriptorProto.enum_type:type_name -> google.protobuf.EnumDescriptorProto
-	30, // 11: google.protobuf.DescriptorProto.extension_range:type_name -> google.protobuf.DescriptorProto.ExtensionRange
-	14, // 12: google.protobuf.DescriptorProto.oneof_decl:type_name -> google.protobuf.OneofDescriptorProto
-	20, // 13: google.protobuf.DescriptorProto.options:type_name -> google.protobuf.MessageOptions
-	31, // 14: google.protobuf.DescriptorProto.reserved_range:type_name -> google.protobuf.DescriptorProto.ReservedRange
-	27, // 15: google.protobuf.ExtensionRangeOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption
-	1,  // 16: google.protobuf.FieldDescriptorProto.label:type_name -> google.protobuf.FieldDescriptorProto.Label
-	0,  // 17: google.protobuf.FieldDescriptorProto.type:type_name -> google.protobuf.FieldDescriptorProto.Type
-	21, // 18: google.protobuf.FieldDescriptorProto.options:type_name -> google.protobuf.FieldOptions
-	22, // 19: google.protobuf.OneofDescriptorProto.options:type_name -> google.protobuf.OneofOptions
-	16, // 20: google.protobuf.EnumDescriptorProto.value:type_name -> google.protobuf.EnumValueDescriptorProto
-	23, // 21: google.protobuf.EnumDescriptorProto.options:type_name -> google.protobuf.EnumOptions
-	32, // 22: google.protobuf.EnumDescriptorProto.reserved_range:type_name -> google.protobuf.EnumDescriptorProto.EnumReservedRange
-	24, // 23: google.protobuf.EnumValueDescriptorProto.options:type_name -> google.protobuf.EnumValueOptions
-	18, // 24: google.protobuf.ServiceDescriptorProto.method:type_name -> google.protobuf.MethodDescriptorProto
-	25, // 25: google.protobuf.ServiceDescriptorProto.options:type_name -> google.protobuf.ServiceOptions
-	26, // 26: google.protobuf.MethodDescriptorProto.options:type_name -> google.protobuf.MethodOptions
-	2,  // 27: google.protobuf.FileOptions.optimize_for:type_name -> google.protobuf.FileOptions.OptimizeMode
-	27, // 28: google.protobuf.FileOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption
-	27, // 29: google.protobuf.MessageOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption
-	3,  // 30: google.protobuf.FieldOptions.ctype:type_name -> google.protobuf.FieldOptions.CType
-	4,  // 31: google.protobuf.FieldOptions.jstype:type_name -> google.protobuf.FieldOptions.JSType
-	5,  // 32: google.protobuf.FieldOptions.retention:type_name -> google.protobuf.FieldOptions.OptionRetention
-	6,  // 33: google.protobuf.FieldOptions.target:type_name -> google.protobuf.FieldOptions.OptionTargetType
-	27, // 34: google.protobuf.FieldOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption
-	27, // 35: google.protobuf.OneofOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption
-	27, // 36: google.protobuf.EnumOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption
-	27, // 37: google.protobuf.EnumValueOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption
-	27, // 38: google.protobuf.ServiceOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption
-	7,  // 39: google.protobuf.MethodOptions.idempotency_level:type_name -> google.protobuf.MethodOptions.IdempotencyLevel
-	27, // 40: google.protobuf.MethodOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption
-	33, // 41: google.protobuf.UninterpretedOption.name:type_name -> google.protobuf.UninterpretedOption.NamePart
-	34, // 42: google.protobuf.SourceCodeInfo.location:type_name -> google.protobuf.SourceCodeInfo.Location
-	35, // 43: google.protobuf.GeneratedCodeInfo.annotation:type_name -> google.protobuf.GeneratedCodeInfo.Annotation
-	12, // 44: google.protobuf.DescriptorProto.ExtensionRange.options:type_name -> google.protobuf.ExtensionRangeOptions
-	8,  // 45: google.protobuf.GeneratedCodeInfo.Annotation.semantic:type_name -> google.protobuf.GeneratedCodeInfo.Annotation.Semantic
-	46, // [46:46] is the sub-list for method output_type
-	46, // [46:46] is the sub-list for method input_type
-	46, // [46:46] is the sub-list for extension type_name
-	46, // [46:46] is the sub-list for extension extendee
-	0,  // [0:46] is the sub-list for field type_name
+	11, // 0: google.protobuf.FileDescriptorSet.file:type_name -> google.protobuf.FileDescriptorProto
+	12, // 1: google.protobuf.FileDescriptorProto.message_type:type_name -> google.protobuf.DescriptorProto
+	16, // 2: google.protobuf.FileDescriptorProto.enum_type:type_name -> google.protobuf.EnumDescriptorProto
+	18, // 3: google.protobuf.FileDescriptorProto.service:type_name -> google.protobuf.ServiceDescriptorProto
+	14, // 4: google.protobuf.FileDescriptorProto.extension:type_name -> google.protobuf.FieldDescriptorProto
+	20, // 5: google.protobuf.FileDescriptorProto.options:type_name -> google.protobuf.FileOptions
+	29, // 6: google.protobuf.FileDescriptorProto.source_code_info:type_name -> google.protobuf.SourceCodeInfo
+	14, // 7: google.protobuf.DescriptorProto.field:type_name -> google.protobuf.FieldDescriptorProto
+	14, // 8: google.protobuf.DescriptorProto.extension:type_name -> google.protobuf.FieldDescriptorProto
+	12, // 9: google.protobuf.DescriptorProto.nested_type:type_name -> google.protobuf.DescriptorProto
+	16, // 10: google.protobuf.DescriptorProto.enum_type:type_name -> google.protobuf.EnumDescriptorProto
+	31, // 11: google.protobuf.DescriptorProto.extension_range:type_name -> google.protobuf.DescriptorProto.ExtensionRange
+	15, // 12: google.protobuf.DescriptorProto.oneof_decl:type_name -> google.protobuf.OneofDescriptorProto
+	21, // 13: google.protobuf.DescriptorProto.options:type_name -> google.protobuf.MessageOptions
+	32, // 14: google.protobuf.DescriptorProto.reserved_range:type_name -> google.protobuf.DescriptorProto.ReservedRange
+	28, // 15: google.protobuf.ExtensionRangeOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption
+	33, // 16: google.protobuf.ExtensionRangeOptions.declaration:type_name -> google.protobuf.ExtensionRangeOptions.Declaration
+	0,  // 17: google.protobuf.ExtensionRangeOptions.verification:type_name -> google.protobuf.ExtensionRangeOptions.VerificationState
+	2,  // 18: google.protobuf.FieldDescriptorProto.label:type_name -> google.protobuf.FieldDescriptorProto.Label
+	1,  // 19: google.protobuf.FieldDescriptorProto.type:type_name -> google.protobuf.FieldDescriptorProto.Type
+	22, // 20: google.protobuf.FieldDescriptorProto.options:type_name -> google.protobuf.FieldOptions
+	23, // 21: google.protobuf.OneofDescriptorProto.options:type_name -> google.protobuf.OneofOptions
+	17, // 22: google.protobuf.EnumDescriptorProto.value:type_name -> google.protobuf.EnumValueDescriptorProto
+	24, // 23: google.protobuf.EnumDescriptorProto.options:type_name -> google.protobuf.EnumOptions
+	34, // 24: google.protobuf.EnumDescriptorProto.reserved_range:type_name -> google.protobuf.EnumDescriptorProto.EnumReservedRange
+	25, // 25: google.protobuf.EnumValueDescriptorProto.options:type_name -> google.protobuf.EnumValueOptions
+	19, // 26: google.protobuf.ServiceDescriptorProto.method:type_name -> google.protobuf.MethodDescriptorProto
+	26, // 27: google.protobuf.ServiceDescriptorProto.options:type_name -> google.protobuf.ServiceOptions
+	27, // 28: google.protobuf.MethodDescriptorProto.options:type_name -> google.protobuf.MethodOptions
+	3,  // 29: google.protobuf.FileOptions.optimize_for:type_name -> google.protobuf.FileOptions.OptimizeMode
+	28, // 30: google.protobuf.FileOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption
+	28, // 31: google.protobuf.MessageOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption
+	4,  // 32: google.protobuf.FieldOptions.ctype:type_name -> google.protobuf.FieldOptions.CType
+	5,  // 33: google.protobuf.FieldOptions.jstype:type_name -> google.protobuf.FieldOptions.JSType
+	6,  // 34: google.protobuf.FieldOptions.retention:type_name -> google.protobuf.FieldOptions.OptionRetention
+	7,  // 35: google.protobuf.FieldOptions.target:type_name -> google.protobuf.FieldOptions.OptionTargetType
+	7,  // 36: google.protobuf.FieldOptions.targets:type_name -> google.protobuf.FieldOptions.OptionTargetType
+	28, // 37: google.protobuf.FieldOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption
+	28, // 38: google.protobuf.OneofOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption
+	28, // 39: google.protobuf.EnumOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption
+	28, // 40: google.protobuf.EnumValueOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption
+	28, // 41: google.protobuf.ServiceOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption
+	8,  // 42: google.protobuf.MethodOptions.idempotency_level:type_name -> google.protobuf.MethodOptions.IdempotencyLevel
+	28, // 43: google.protobuf.MethodOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption
+	35, // 44: google.protobuf.UninterpretedOption.name:type_name -> google.protobuf.UninterpretedOption.NamePart
+	36, // 45: google.protobuf.SourceCodeInfo.location:type_name -> google.protobuf.SourceCodeInfo.Location
+	37, // 46: google.protobuf.GeneratedCodeInfo.annotation:type_name -> google.protobuf.GeneratedCodeInfo.Annotation
+	13, // 47: google.protobuf.DescriptorProto.ExtensionRange.options:type_name -> google.protobuf.ExtensionRangeOptions
+	9,  // 48: google.protobuf.GeneratedCodeInfo.Annotation.semantic:type_name -> google.protobuf.GeneratedCodeInfo.Annotation.Semantic
+	49, // [49:49] is the sub-list for method output_type
+	49, // [49:49] is the sub-list for method input_type
+	49, // [49:49] is the sub-list for extension type_name
+	49, // [49:49] is the sub-list for extension extendee
+	0,  // [0:49] is the sub-list for field type_name
 }
 
 func init() { file_google_protobuf_descriptor_proto_init() }
@@ -4280,7 +4523,7 @@ func file_google_protobuf_descriptor_proto_init() {
 			}
 		}
 		file_google_protobuf_descriptor_proto_msgTypes[23].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*EnumDescriptorProto_EnumReservedRange); i {
+			switch v := v.(*ExtensionRangeOptions_Declaration); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -4292,7 +4535,7 @@ func file_google_protobuf_descriptor_proto_init() {
 			}
 		}
 		file_google_protobuf_descriptor_proto_msgTypes[24].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*UninterpretedOption_NamePart); i {
+			switch v := v.(*EnumDescriptorProto_EnumReservedRange); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -4304,7 +4547,7 @@ func file_google_protobuf_descriptor_proto_init() {
 			}
 		}
 		file_google_protobuf_descriptor_proto_msgTypes[25].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*SourceCodeInfo_Location); i {
+			switch v := v.(*UninterpretedOption_NamePart); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -4316,6 +4559,18 @@ func file_google_protobuf_descriptor_proto_init() {
 			}
 		}
 		file_google_protobuf_descriptor_proto_msgTypes[26].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*SourceCodeInfo_Location); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_google_protobuf_descriptor_proto_msgTypes[27].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*GeneratedCodeInfo_Annotation); i {
 			case 0:
 				return &v.state
@@ -4333,8 +4588,8 @@ func file_google_protobuf_descriptor_proto_init() {
 		File: protoimpl.DescBuilder{
 			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
 			RawDescriptor: file_google_protobuf_descriptor_proto_rawDesc,
-			NumEnums:      9,
-			NumMessages:   27,
+			NumEnums:      10,
+			NumMessages:   28,
 			NumExtensions: 0,
 			NumServices:   0,
 		},
diff --git a/apis/vendor/google.golang.org/protobuf/types/dynamicpb/types.go b/apis/vendor/google.golang.org/protobuf/types/dynamicpb/types.go
new file mode 100644
index 000000000..5a8010f18
--- /dev/null
+++ b/apis/vendor/google.golang.org/protobuf/types/dynamicpb/types.go
@@ -0,0 +1,177 @@
+// Copyright 2023 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package dynamicpb
+
+import (
+	"fmt"
+	"strings"
+	"sync"
+	"sync/atomic"
+
+	"google.golang.org/protobuf/internal/errors"
+	"google.golang.org/protobuf/reflect/protoreflect"
+	"google.golang.org/protobuf/reflect/protoregistry"
+)
+
+type extField struct {
+	name   protoreflect.FullName
+	number protoreflect.FieldNumber
+}
+
+// A Types is a collection of dynamically constructed descriptors.
+// Its methods are safe for concurrent use.
+//
+// Types implements protoregistry.MessageTypeResolver and protoregistry.ExtensionTypeResolver.
+// A Types may be used as a proto.UnmarshalOptions.Resolver.
+type Types struct {
+	files *protoregistry.Files
+
+	extMu               sync.Mutex
+	atomicExtFiles      uint64
+	extensionsByMessage map[extField]protoreflect.ExtensionDescriptor
+}
+
+// NewTypes creates a new Types registry with the provided files.
+// The Files registry is retained, and changes to Files will be reflected in Types.
+// It is not safe to concurrently change the Files while calling Types methods.
+func NewTypes(f *protoregistry.Files) *Types {
+	return &Types{
+		files: f,
+	}
+}
+
+// FindEnumByName looks up an enum by its full name;
+// e.g., "google.protobuf.Field.Kind".
+//
+// This returns (nil, protoregistry.NotFound) if not found.
+func (t *Types) FindEnumByName(name protoreflect.FullName) (protoreflect.EnumType, error) {
+	d, err := t.files.FindDescriptorByName(name)
+	if err != nil {
+		return nil, err
+	}
+	ed, ok := d.(protoreflect.EnumDescriptor)
+	if !ok {
+		return nil, errors.New("found wrong type: got %v, want enum", descName(d))
+	}
+	return NewEnumType(ed), nil
+}
+
+// FindExtensionByName looks up an extension field by the field's full name.
+// Note that this is the full name of the field as determined by
+// where the extension is declared and is unrelated to the full name of the
+// message being extended.
+//
+// This returns (nil, protoregistry.NotFound) if not found.
+func (t *Types) FindExtensionByName(name protoreflect.FullName) (protoreflect.ExtensionType, error) {
+	d, err := t.files.FindDescriptorByName(name)
+	if err != nil {
+		return nil, err
+	}
+	xd, ok := d.(protoreflect.ExtensionDescriptor)
+	if !ok {
+		return nil, errors.New("found wrong type: got %v, want extension", descName(d))
+	}
+	return NewExtensionType(xd), nil
+}
+
+// FindExtensionByNumber looks up an extension field by the field number
+// within some parent message, identified by full name.
+//
+// This returns (nil, protoregistry.NotFound) if not found.
+func (t *Types) FindExtensionByNumber(message protoreflect.FullName, field protoreflect.FieldNumber) (protoreflect.ExtensionType, error) {
+	// Construct the extension number map lazily, since not every user will need it.
+	// Update the map if new files are added to the registry.
+	if atomic.LoadUint64(&t.atomicExtFiles) != uint64(t.files.NumFiles()) {
+		t.updateExtensions()
+	}
+	xd := t.extensionsByMessage[extField{message, field}]
+	if xd == nil {
+		return nil, protoregistry.NotFound
+	}
+	return NewExtensionType(xd), nil
+}
+
+// FindMessageByName looks up a message by its full name;
+// e.g. "google.protobuf.Any".
+//
+// This returns (nil, protoregistry.NotFound) if not found.
+func (t *Types) FindMessageByName(name protoreflect.FullName) (protoreflect.MessageType, error) {
+	d, err := t.files.FindDescriptorByName(name)
+	if err != nil {
+		return nil, err
+	}
+	md, ok := d.(protoreflect.MessageDescriptor)
+	if !ok {
+		return nil, errors.New("found wrong type: got %v, want message", descName(d))
+	}
+	return NewMessageType(md), nil
+}
+
+// FindMessageByURL looks up a message by a URL identifier.
+// See documentation on google.protobuf.Any.type_url for the URL format.
+//
+// This returns (nil, protoregistry.NotFound) if not found.
+func (t *Types) FindMessageByURL(url string) (protoreflect.MessageType, error) {
+	// This function is similar to FindMessageByName but
+	// truncates anything before and including '/' in the URL.
+	message := protoreflect.FullName(url)
+	if i := strings.LastIndexByte(url, '/'); i >= 0 {
+		message = message[i+len("/"):]
+	}
+	return t.FindMessageByName(message)
+}
+
+func (t *Types) updateExtensions() {
+	t.extMu.Lock()
+	defer t.extMu.Unlock()
+	if atomic.LoadUint64(&t.atomicExtFiles) == uint64(t.files.NumFiles()) {
+		return
+	}
+	defer atomic.StoreUint64(&t.atomicExtFiles, uint64(t.files.NumFiles()))
+	t.files.RangeFiles(func(fd protoreflect.FileDescriptor) bool {
+		t.registerExtensions(fd.Extensions())
+		t.registerExtensionsInMessages(fd.Messages())
+		return true
+	})
+}
+
+func (t *Types) registerExtensionsInMessages(mds protoreflect.MessageDescriptors) {
+	count := mds.Len()
+	for i := 0; i < count; i++ {
+		md := mds.Get(i)
+		t.registerExtensions(md.Extensions())
+		t.registerExtensionsInMessages(md.Messages())
+	}
+}
+
+func (t *Types) registerExtensions(xds protoreflect.ExtensionDescriptors) {
+	count := xds.Len()
+	for i := 0; i < count; i++ {
+		xd := xds.Get(i)
+		field := xd.Number()
+		message := xd.ContainingMessage().FullName()
+		if t.extensionsByMessage == nil {
+			t.extensionsByMessage = make(map[extField]protoreflect.ExtensionDescriptor)
+		}
+		t.extensionsByMessage[extField{message, field}] = xd
+	}
+}
+
+func descName(d protoreflect.Descriptor) string {
+	switch d.(type) {
+	case protoreflect.EnumDescriptor:
+		return "enum"
+	case protoreflect.EnumValueDescriptor:
+		return "enum value"
+	case protoreflect.MessageDescriptor:
+		return "message"
+	case protoreflect.ExtensionDescriptor:
+		return "extension"
+	case protoreflect.ServiceDescriptor:
+		return "service"
+	default:
+		return fmt.Sprintf("%T", d)
+	}
+}
diff --git a/apis/vendor/google.golang.org/protobuf/types/known/anypb/any.pb.go b/apis/vendor/google.golang.org/protobuf/types/known/anypb/any.pb.go
index a6c7a33f3..580b232f4 100644
--- a/apis/vendor/google.golang.org/protobuf/types/known/anypb/any.pb.go
+++ b/apis/vendor/google.golang.org/protobuf/types/known/anypb/any.pb.go
@@ -142,39 +142,39 @@ import (
 //
 // Example 2: Pack and unpack a message in Java.
 //
-//	Foo foo = ...;
-//	Any any = Any.pack(foo);
-//	...
-//	if (any.is(Foo.class)) {
-//	  foo = any.unpack(Foo.class);
-//	}
-//	// or ...
-//	if (any.isSameTypeAs(Foo.getDefaultInstance())) {
-//	  foo = any.unpack(Foo.getDefaultInstance());
-//	}
-//
-// Example 3: Pack and unpack a message in Python.
-//
-//	foo = Foo(...)
-//	any = Any()
-//	any.Pack(foo)
-//	...
-//	if any.Is(Foo.DESCRIPTOR):
-//	  any.Unpack(foo)
-//	  ...
-//
-// Example 4: Pack and unpack a message in Go
-//
-//	foo := &pb.Foo{...}
-//	any, err := anypb.New(foo)
-//	if err != nil {
-//	  ...
-//	}
-//	...
-//	foo := &pb.Foo{}
-//	if err := any.UnmarshalTo(foo); err != nil {
-//	  ...
-//	}
+//	   Foo foo = ...;
+//	   Any any = Any.pack(foo);
+//	   ...
+//	   if (any.is(Foo.class)) {
+//	     foo = any.unpack(Foo.class);
+//	   }
+//	   // or ...
+//	   if (any.isSameTypeAs(Foo.getDefaultInstance())) {
+//	     foo = any.unpack(Foo.getDefaultInstance());
+//	   }
+//
+//	Example 3: Pack and unpack a message in Python.
+//
+//	   foo = Foo(...)
+//	   any = Any()
+//	   any.Pack(foo)
+//	   ...
+//	   if any.Is(Foo.DESCRIPTOR):
+//	     any.Unpack(foo)
+//	     ...
+//
+//	Example 4: Pack and unpack a message in Go
+//
+//	    foo := &pb.Foo{...}
+//	    any, err := anypb.New(foo)
+//	    if err != nil {
+//	      ...
+//	    }
+//	    ...
+//	    foo := &pb.Foo{}
+//	    if err := any.UnmarshalTo(foo); err != nil {
+//	      ...
+//	    }
 //
 // The pack methods provided by protobuf library will by default use
 // 'type.googleapis.com/full.type.name' as the type URL and the unpack
@@ -182,8 +182,8 @@ import (
 // in the type URL, for example "foo.bar.com/x/y.z" will yield type
 // name "y.z".
 //
-// # JSON
-//
+// JSON
+// ====
 // The JSON representation of an `Any` value uses the regular
 // representation of the deserialized, embedded message, with an
 // additional field `@type` which contains the type URL. Example:
diff --git a/apis/vendor/google.golang.org/protobuf/types/known/structpb/struct.pb.go b/apis/vendor/google.golang.org/protobuf/types/known/structpb/struct.pb.go
index 9577ed593..d2bac8b88 100644
--- a/apis/vendor/google.golang.org/protobuf/types/known/structpb/struct.pb.go
+++ b/apis/vendor/google.golang.org/protobuf/types/known/structpb/struct.pb.go
@@ -132,7 +132,7 @@ import (
 // `NullValue` is a singleton enumeration to represent the null value for the
 // `Value` type union.
 //
-//	The JSON representation for `NullValue` is JSON `null`.
+// The JSON representation for `NullValue` is JSON `null`.
 type NullValue int32
 
 const (
diff --git a/apis/vendor/google.golang.org/protobuf/types/known/timestamppb/timestamp.pb.go b/apis/vendor/google.golang.org/protobuf/types/known/timestamppb/timestamp.pb.go
index 61f69fc11..81511a336 100644
--- a/apis/vendor/google.golang.org/protobuf/types/known/timestamppb/timestamp.pb.go
+++ b/apis/vendor/google.golang.org/protobuf/types/known/timestamppb/timestamp.pb.go
@@ -167,7 +167,7 @@ import (
 // [`strftime`](https://docs.python.org/2/library/time.html#time.strftime) with
 // the time format spec '%Y-%m-%dT%H:%M:%S.%fZ'. Likewise, in Java, one can use
 // the Joda Time's [`ISODateTimeFormat.dateTime()`](
-// http://www.joda.org/joda-time/apidocs/org/joda/time/format/ISODateTimeFormat.html#dateTime%2D%2D
+// http://joda-time.sourceforge.net/apidocs/org/joda/time/format/ISODateTimeFormat.html#dateTime()
 // ) to obtain a formatter capable of generating timestamps in this format.
 type Timestamp struct {
 	state         protoimpl.MessageState
diff --git a/apis/vendor/modules.txt b/apis/vendor/modules.txt
index da55fabb0..f383a1352 100644
--- a/apis/vendor/modules.txt
+++ b/apis/vendor/modules.txt
@@ -10,8 +10,8 @@ github.com/beorn7/perks/quantile
 # github.com/blang/semver/v4 v4.0.0
 ## explicit; go 1.14
 github.com/blang/semver/v4
-# github.com/cenkalti/backoff/v4 v4.1.3
-## explicit; go 1.13
+# github.com/cenkalti/backoff/v4 v4.2.1
+## explicit; go 1.18
 github.com/cenkalti/backoff/v4
 # github.com/cespare/xxhash/v2 v2.2.0
 ## explicit; go 1.11
@@ -23,7 +23,7 @@ github.com/davecgh/go-spew/spew
 ## explicit; go 1.13
 github.com/emicklei/go-restful/v3
 github.com/emicklei/go-restful/v3/log
-# github.com/felixge/httpsnoop v1.0.3
+# github.com/felixge/httpsnoop v1.0.4
 ## explicit; go 1.13
 github.com/felixge/httpsnoop
 # github.com/fsnotify/fsnotify v1.6.0
@@ -36,8 +36,8 @@ github.com/gardener/component-spec/bindings-go/utils/selector
 # github.com/ghodss/yaml v1.0.0
 ## explicit
 github.com/ghodss/yaml
-# github.com/go-logr/logr v1.2.4
-## explicit; go 1.16
+# github.com/go-logr/logr v1.3.0
+## explicit; go 1.18
 github.com/go-logr/logr
 github.com/go-logr/logr/funcr
 # github.com/go-logr/stdr v1.2.2
@@ -92,7 +92,7 @@ github.com/google/gnostic/extensions
 github.com/google/gnostic/jsonschema
 github.com/google/gnostic/openapiv2
 github.com/google/gnostic/openapiv3
-# github.com/google/go-cmp v0.5.9
+# github.com/google/go-cmp v0.6.0
 ## explicit; go 1.13
 github.com/google/go-cmp/cmp
 github.com/google/go-cmp/cmp/internal/diff
@@ -102,11 +102,11 @@ github.com/google/go-cmp/cmp/internal/value
 # github.com/google/gofuzz v1.1.0
 ## explicit; go 1.12
 github.com/google/gofuzz
-# github.com/google/uuid v1.3.0
+# github.com/google/uuid v1.3.1
 ## explicit
 github.com/google/uuid
-# github.com/grpc-ecosystem/grpc-gateway/v2 v2.7.0
-## explicit; go 1.14
+# github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.0
+## explicit; go 1.17
 github.com/grpc-ecosystem/grpc-gateway/v2/internal/httprule
 github.com/grpc-ecosystem/grpc-gateway/v2/runtime
 github.com/grpc-ecosystem/grpc-gateway/v2/utilities
@@ -220,57 +220,53 @@ github.com/xeipuuv/gojsonreference
 # github.com/xeipuuv/gojsonschema v1.2.0
 ## explicit
 github.com/xeipuuv/gojsonschema
-# go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.35.1
-## explicit; go 1.17
+# go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.46.1
+## explicit; go 1.20
 go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp
-# go.opentelemetry.io/otel v1.10.0
-## explicit; go 1.17
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/internal/semconvutil
+# go.opentelemetry.io/otel v1.21.0
+## explicit; go 1.20
 go.opentelemetry.io/otel
 go.opentelemetry.io/otel/attribute
 go.opentelemetry.io/otel/baggage
 go.opentelemetry.io/otel/codes
-go.opentelemetry.io/otel/exporters/otlp/internal
-go.opentelemetry.io/otel/exporters/otlp/internal/envconfig
 go.opentelemetry.io/otel/internal
+go.opentelemetry.io/otel/internal/attribute
 go.opentelemetry.io/otel/internal/baggage
 go.opentelemetry.io/otel/internal/global
 go.opentelemetry.io/otel/propagation
-go.opentelemetry.io/otel/semconv/internal
-go.opentelemetry.io/otel/semconv/v1.12.0
-# go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.10.0
-## explicit; go 1.17
-go.opentelemetry.io/otel/exporters/otlp/internal/retry
-# go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.10.0
-## explicit; go 1.17
+go.opentelemetry.io/otel/semconv/v1.17.0
+go.opentelemetry.io/otel/semconv/v1.21.0
+# go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.21.0
+## explicit; go 1.20
 go.opentelemetry.io/otel/exporters/otlp/otlptrace
-go.opentelemetry.io/otel/exporters/otlp/otlptrace/internal/otlpconfig
 go.opentelemetry.io/otel/exporters/otlp/otlptrace/internal/tracetransform
-# go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.10.0
-## explicit; go 1.17
+# go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.21.0
+## explicit; go 1.20
 go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc
-# go.opentelemetry.io/otel/metric v0.31.0
-## explicit; go 1.17
+go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/internal
+go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/internal/envconfig
+go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/internal/otlpconfig
+go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/internal/retry
+# go.opentelemetry.io/otel/metric v1.21.0
+## explicit; go 1.20
 go.opentelemetry.io/otel/metric
-go.opentelemetry.io/otel/metric/global
-go.opentelemetry.io/otel/metric/instrument
-go.opentelemetry.io/otel/metric/instrument/asyncfloat64
-go.opentelemetry.io/otel/metric/instrument/asyncint64
-go.opentelemetry.io/otel/metric/instrument/syncfloat64
-go.opentelemetry.io/otel/metric/instrument/syncint64
-go.opentelemetry.io/otel/metric/internal/global
-go.opentelemetry.io/otel/metric/unit
-# go.opentelemetry.io/otel/sdk v1.10.0
-## explicit; go 1.17
+go.opentelemetry.io/otel/metric/embedded
+# go.opentelemetry.io/otel/sdk v1.21.0
+## explicit; go 1.20
+go.opentelemetry.io/otel/sdk
 go.opentelemetry.io/otel/sdk/instrumentation
 go.opentelemetry.io/otel/sdk/internal
 go.opentelemetry.io/otel/sdk/internal/env
 go.opentelemetry.io/otel/sdk/resource
 go.opentelemetry.io/otel/sdk/trace
-# go.opentelemetry.io/otel/trace v1.10.0
-## explicit; go 1.17
+# go.opentelemetry.io/otel/trace v1.21.0
+## explicit; go 1.20
 go.opentelemetry.io/otel/trace
-# go.opentelemetry.io/proto/otlp v0.19.0
-## explicit; go 1.14
+go.opentelemetry.io/otel/trace/embedded
+go.opentelemetry.io/otel/trace/noop
+# go.opentelemetry.io/proto/otlp v1.0.0
+## explicit; go 1.17
 go.opentelemetry.io/proto/otlp/collector/trace/v1
 go.opentelemetry.io/proto/otlp/common/v1
 go.opentelemetry.io/proto/otlp/resource/v1
@@ -292,12 +288,12 @@ golang.org/x/net/http2/hpack
 golang.org/x/net/idna
 golang.org/x/net/internal/timeseries
 golang.org/x/net/trace
-# golang.org/x/oauth2 v0.7.0
-## explicit; go 1.17
+# golang.org/x/oauth2 v0.11.0
+## explicit; go 1.18
 golang.org/x/oauth2
 golang.org/x/oauth2/internal
-# golang.org/x/sys v0.13.0
-## explicit; go 1.17
+# golang.org/x/sys v0.14.0
+## explicit; go 1.18
 golang.org/x/sys/execabs
 golang.org/x/sys/plan9
 golang.org/x/sys/unix
@@ -354,15 +350,16 @@ google.golang.org/appengine/internal/log
 google.golang.org/appengine/internal/remote_api
 google.golang.org/appengine/internal/urlfetch
 google.golang.org/appengine/urlfetch
-# google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1
+# google.golang.org/genproto/googleapis/api v0.0.0-20230822172742-b8732ec3820d
 ## explicit; go 1.19
 google.golang.org/genproto/googleapis/api/expr/v1alpha1
 google.golang.org/genproto/googleapis/api/httpbody
+# google.golang.org/genproto/googleapis/rpc v0.0.0-20230822172742-b8732ec3820d
+## explicit; go 1.19
 google.golang.org/genproto/googleapis/rpc/errdetails
 google.golang.org/genproto/googleapis/rpc/status
-google.golang.org/genproto/protobuf/field_mask
-# google.golang.org/grpc v1.56.3
-## explicit; go 1.17
+# google.golang.org/grpc v1.59.0
+## explicit; go 1.19
 google.golang.org/grpc
 google.golang.org/grpc/attributes
 google.golang.org/grpc/backoff
@@ -380,6 +377,7 @@ google.golang.org/grpc/encoding
 google.golang.org/grpc/encoding/gzip
 google.golang.org/grpc/encoding/proto
 google.golang.org/grpc/grpclog
+google.golang.org/grpc/health/grpc_health_v1
 google.golang.org/grpc/internal
 google.golang.org/grpc/internal/backoff
 google.golang.org/grpc/internal/balancer/gracefulswitch
@@ -393,6 +391,7 @@ google.golang.org/grpc/internal/grpclog
 google.golang.org/grpc/internal/grpcrand
 google.golang.org/grpc/internal/grpcsync
 google.golang.org/grpc/internal/grpcutil
+google.golang.org/grpc/internal/idle
 google.golang.org/grpc/internal/metadata
 google.golang.org/grpc/internal/pretty
 google.golang.org/grpc/internal/resolver
@@ -412,7 +411,7 @@ google.golang.org/grpc/serviceconfig
 google.golang.org/grpc/stats
 google.golang.org/grpc/status
 google.golang.org/grpc/tap
-# google.golang.org/protobuf v1.30.0
+# google.golang.org/protobuf v1.31.0
 ## explicit; go 1.11
 google.golang.org/protobuf/encoding/protojson
 google.golang.org/protobuf/encoding/prototext
diff --git a/controller-utils/go.mod b/controller-utils/go.mod
index 4c8036069..57a5232d3 100644
--- a/controller-utils/go.mod
+++ b/controller-utils/go.mod
@@ -4,7 +4,7 @@ go 1.20
 
 require (
 	github.com/gardener/landscaper/apis v0.0.0-00010101000000-000000000000
-	github.com/go-logr/logr v1.2.4
+	github.com/go-logr/logr v1.3.0
 	github.com/go-logr/zapr v1.2.4
 	github.com/golang/mock v1.6.0
 	github.com/onsi/ginkgo v1.16.5
@@ -37,9 +37,9 @@ require (
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/protobuf v1.5.3 // indirect
 	github.com/google/gnostic v0.5.7-v3refs // indirect
-	github.com/google/go-cmp v0.5.9 // indirect
+	github.com/google/go-cmp v0.6.0 // indirect
 	github.com/google/gofuzz v1.1.0 // indirect
-	github.com/google/uuid v1.3.0 // indirect
+	github.com/google/uuid v1.3.1 // indirect
 	github.com/imdario/mergo v0.3.12 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
@@ -59,14 +59,14 @@ require (
 	go.uber.org/atomic v1.7.0 // indirect
 	go.uber.org/multierr v1.6.0 // indirect
 	golang.org/x/net v0.17.0 // indirect
-	golang.org/x/oauth2 v0.7.0 // indirect
-	golang.org/x/sys v0.13.0 // indirect
+	golang.org/x/oauth2 v0.11.0 // indirect
+	golang.org/x/sys v0.14.0 // indirect
 	golang.org/x/term v0.13.0 // indirect
 	golang.org/x/text v0.13.0 // indirect
 	golang.org/x/time v0.3.0 // indirect
 	gomodules.xyz/jsonpatch/v2 v2.3.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
-	google.golang.org/protobuf v1.30.0 // indirect
+	google.golang.org/protobuf v1.31.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
diff --git a/controller-utils/go.sum b/controller-utils/go.sum
index 1f9ed8355..9f05ca9b1 100644
--- a/controller-utils/go.sum
+++ b/controller-utils/go.sum
@@ -29,8 +29,9 @@ github.com/gardener/component-spec/bindings-go v0.0.66/go.mod h1:qr7kADDXbXB0huu
 github.com/ghodss/yaml v1.0.0 h1:wQHKEahhL6wmXdzwWG11gIVCkOv05bNOh+Rxn0yngAk=
 github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
 github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
-github.com/go-logr/logr v1.2.4 h1:g01GSCwiDw2xSZfjJ2/T9M+S6pFdcNtFYsp+Y43HYDQ=
 github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
+github.com/go-logr/logr v1.3.0 h1:2y3SDp0ZXuc6/cjLSZ+Q3ir+QB9T/iG5yYRXqsagWSY=
+github.com/go-logr/logr v1.3.0/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
 github.com/go-logr/zapr v1.2.4 h1:QHVo+6stLbfJmYGkQ7uGHUCu5hnAFAj6mDe6Ea0SeOo=
 github.com/go-logr/zapr v1.2.4/go.mod h1:FyHWQIzQORZ0QVE1BtVHv3cKtNLuXsbNLtpuhNapBOA=
 github.com/go-openapi/jsonpointer v0.19.6 h1:eCs3fxoIi3Wh6vtgmLTOjdhSpiqphQ+DaPn38N2ZdrE=
@@ -70,14 +71,14 @@ github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMyw
 github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
 github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
-github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
+github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/gofuzz v1.1.0 h1:Hsa8mG0dQ46ij8Sl2AYJDUv1oA9/d6Vk+3LG99Oe02g=
 github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 h1:K6RDEckDVWvDI9JAJYCmNdQXq6neHJOYx3V6jnqNEec=
-github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
-github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/google/uuid v1.3.1 h1:KjJaJ9iWZ3jOFZIf1Lqf4laDRCasjl0BCmnEGxkdLb4=
+github.com/google/uuid v1.3.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
 github.com/imdario/mergo v0.3.12 h1:b6R2BslTbIEToALKP7LxUvijTsNI9TAe80pLWN2g/HU=
 github.com/imdario/mergo v0.3.12/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
@@ -192,8 +193,8 @@ golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96b
 golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM=
 golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
-golang.org/x/oauth2 v0.7.0 h1:qe6s0zUXlPX80/dITx3440hWZ7GwMwgDDyrSGTPJG/g=
-golang.org/x/oauth2 v0.7.0/go.mod h1:hPLQkd9LyjfXTiRohC/41GhcFqxisoUQ99sCUOHO9x4=
+golang.org/x/oauth2 v0.11.0 h1:vPL4xzxBM4niKCW6g9whtaWVXTJf1U5e4aZxxFx/gbU=
+golang.org/x/oauth2 v0.11.0/go.mod h1:LdF7O/8bLR/qWK9DrpXmbHLTouvRHK0SgJl0GmDBchk=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -215,8 +216,8 @@ golang.org/x/sys v0.0.0-20210112080510-489259a85091/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE=
-golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.14.0 h1:Vz7Qs629MkJkGyHxUlRHizWJRG2j8fbQKjELVSNhy7Q=
+golang.org/x/sys v0.14.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.13.0 h1:bb+I9cTfFazGW51MZqBVmZy7+JEJMouUHTUSKVQLBek=
 golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U=
@@ -267,8 +268,8 @@ google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpAD
 google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4=
 google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-google.golang.org/protobuf v1.30.0 h1:kPPoIgf3TsEvrm0PFe15JQ+570QVxYzEvvHqChK+cng=
-google.golang.org/protobuf v1.30.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
+google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs8=
+google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
diff --git a/controller-utils/vendor/github.com/go-logr/logr/README.md b/controller-utils/vendor/github.com/go-logr/logr/README.md
index ab5931181..a8c29bfbd 100644
--- a/controller-utils/vendor/github.com/go-logr/logr/README.md
+++ b/controller-utils/vendor/github.com/go-logr/logr/README.md
@@ -1,6 +1,7 @@
 # A minimal logging API for Go
 
 [![Go Reference](https://pkg.go.dev/badge/github.com/go-logr/logr.svg)](https://pkg.go.dev/github.com/go-logr/logr)
+[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/go-logr/logr/badge)](https://securityscorecards.dev/viewer/?platform=github.com&org=go-logr&repo=logr)
 
 logr offers an(other) opinion on how Go programs and libraries can do logging
 without becoming coupled to a particular logging implementation.  This is not
@@ -73,6 +74,29 @@ received:
 If the Go standard library had defined an interface for logging, this project
 probably would not be needed.  Alas, here we are.
 
+When the Go developers started developing such an interface with
+[slog](https://github.com/golang/go/issues/56345), they adopted some of the
+logr design but also left out some parts and changed others:
+
+| Feature | logr | slog |
+|---------|------|------|
+| High-level API | `Logger` (passed by value) | `Logger` (passed by [pointer](https://github.com/golang/go/issues/59126)) |
+| Low-level API | `LogSink` | `Handler` |
+| Stack unwinding | done by `LogSink` | done by `Logger` |
+| Skipping helper functions | `WithCallDepth`, `WithCallStackHelper` | [not supported by Logger](https://github.com/golang/go/issues/59145) |
+| Generating a value for logging on demand | `Marshaler` | `LogValuer` |
+| Log levels | >= 0, higher meaning "less important" | positive and negative, with 0 for "info" and higher meaning "more important" |
+| Error log entries | always logged, don't have a verbosity level | normal log entries with level >= `LevelError` |
+| Passing logger via context | `NewContext`, `FromContext` | no API |
+| Adding a name to a logger | `WithName` | no API |
+| Modify verbosity of log entries in a call chain | `V` | no API |
+| Grouping of key/value pairs | not supported | `WithGroup`, `GroupValue` |
+
+The high-level slog API is explicitly meant to be one of many different APIs
+that can be layered on top of a shared `slog.Handler`. logr is one such
+alternative API, with [interoperability](#slog-interoperability) provided by the [`slogr`](slogr)
+package.
+
 ### Inspiration
 
 Before you consider this package, please read [this blog post by the
@@ -118,6 +142,91 @@ There are implementations for the following logging libraries:
 - **github.com/go-kit/log**: [gokitlogr](https://github.com/tonglil/gokitlogr) (also compatible with github.com/go-kit/kit/log since v0.12.0)
 - **bytes.Buffer** (writing to a buffer): [bufrlogr](https://github.com/tonglil/buflogr) (useful for ensuring values were logged, like during testing)
 
+## slog interoperability
+
+Interoperability goes both ways, using the `logr.Logger` API with a `slog.Handler`
+and using the `slog.Logger` API with a `logr.LogSink`. [slogr](./slogr) provides `NewLogr` and
+`NewSlogHandler` API calls to convert between a `logr.Logger` and a `slog.Handler`.
+As usual, `slog.New` can be used to wrap such a `slog.Handler` in the high-level
+slog API. `slogr` itself leaves that to the caller.
+
+## Using a `logr.Sink` as backend for slog
+
+Ideally, a logr sink implementation should support both logr and slog by
+implementing both the normal logr interface(s) and `slogr.SlogSink`.  Because
+of a conflict in the parameters of the common `Enabled` method, it is [not
+possible to implement both slog.Handler and logr.Sink in the same
+type](https://github.com/golang/go/issues/59110).
+
+If both are supported, log calls can go from the high-level APIs to the backend
+without the need to convert parameters. `NewLogr` and `NewSlogHandler` can
+convert back and forth without adding additional wrappers, with one exception:
+when `Logger.V` was used to adjust the verbosity for a `slog.Handler`, then
+`NewSlogHandler` has to use a wrapper which adjusts the verbosity for future
+log calls.
+
+Such an implementation should also support values that implement specific
+interfaces from both packages for logging (`logr.Marshaler`, `slog.LogValuer`,
+`slog.GroupValue`). logr does not convert those.
+
+Not supporting slog has several drawbacks:
+- Recording source code locations works correctly if the handler gets called
+  through `slog.Logger`, but may be wrong in other cases. That's because a
+  `logr.Sink` does its own stack unwinding instead of using the program counter
+  provided by the high-level API.
+- slog levels <= 0 can be mapped to logr levels by negating the level without a
+  loss of information. But all slog levels > 0 (e.g. `slog.LevelWarning` as
+  used by `slog.Logger.Warn`) must be mapped to 0 before calling the sink
+  because logr does not support "more important than info" levels.
+- The slog group concept is supported by prefixing each key in a key/value
+  pair with the group names, separated by a dot. For structured output like
+  JSON it would be better to group the key/value pairs inside an object.
+- Special slog values and interfaces don't work as expected.
+- The overhead is likely to be higher.
+
+These drawbacks are severe enough that applications using a mixture of slog and
+logr should switch to a different backend.
+
+## Using a `slog.Handler` as backend for logr
+
+Using a plain `slog.Handler` without support for logr works better than the
+other direction:
+- All logr verbosity levels can be mapped 1:1 to their corresponding slog level
+  by negating them.
+- Stack unwinding is done by the `slogr.SlogSink` and the resulting program
+  counter is passed to the `slog.Handler`.
+- Names added via `Logger.WithName` are gathered and recorded in an additional
+  attribute with `logger` as key and the names separated by slash as value.
+- `Logger.Error` is turned into a log record with `slog.LevelError` as level
+  and an additional attribute with `err` as key, if an error was provided.
+
+The main drawback is that `logr.Marshaler` will not be supported. Types should
+ideally support both `logr.Marshaler` and `slog.Valuer`. If compatibility
+with logr implementations without slog support is not important, then
+`slog.Valuer` is sufficient.
+
+## Context support for slog
+
+Storing a logger in a `context.Context` is not supported by
+slog. `logr.NewContext` and `logr.FromContext` can be used with slog like this
+to fill this gap:
+
+    func HandlerFromContext(ctx context.Context) slog.Handler {
+        logger, err := logr.FromContext(ctx)
+        if err == nil {
+            return slogr.NewSlogHandler(logger)
+        }
+        return slog.Default().Handler()
+    }
+
+    func ContextWithHandler(ctx context.Context, handler slog.Handler) context.Context {
+        return logr.NewContext(ctx, slogr.NewLogr(handler))
+    }
+
+The downside is that storing and retrieving a `slog.Handler` needs more
+allocations compared to using a `logr.Logger`. Therefore the recommendation is
+to use the `logr.Logger` API in code which uses contextual logging.
+
 ## FAQ
 
 ### Conceptual
@@ -241,7 +350,9 @@ Otherwise, you can start out with `0` as "you always want to see this",
 
 Then gradually choose levels in between as you need them, working your way
 down from 10 (for debug and trace style logs) and up from 1 (for chattier
-info-type logs.)
+info-type logs). For reference, slog pre-defines -4 for debug logs
+(corresponds to 4 in logr), which matches what is
+[recommended for Kubernetes](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-instrumentation/logging.md#what-method-to-use).
 
 #### How do I choose my keys?
 
diff --git a/controller-utils/vendor/github.com/go-logr/logr/SECURITY.md b/controller-utils/vendor/github.com/go-logr/logr/SECURITY.md
new file mode 100644
index 000000000..1ca756fc7
--- /dev/null
+++ b/controller-utils/vendor/github.com/go-logr/logr/SECURITY.md
@@ -0,0 +1,18 @@
+# Security Policy
+
+If you have discovered a security vulnerability in this project, please report it
+privately. **Do not disclose it as a public issue.** This gives us time to work with you
+to fix the issue before public exposure, reducing the chance that the exploit will be
+used before a patch is released.
+
+You may submit the report in the following ways:
+
+- send an email to go-logr-security@googlegroups.com
+- send us a [private vulnerability report](https://github.com/go-logr/logr/security/advisories/new)
+
+Please provide the following information in your report:
+
+- A description of the vulnerability and its impact
+- How to reproduce the issue
+
+We ask that you give us 90 days to work on a fix before public exposure.
diff --git a/controller-utils/vendor/github.com/go-logr/logr/logr.go b/controller-utils/vendor/github.com/go-logr/logr/logr.go
index e027aea3f..2a5075a18 100644
--- a/controller-utils/vendor/github.com/go-logr/logr/logr.go
+++ b/controller-utils/vendor/github.com/go-logr/logr/logr.go
@@ -127,9 +127,9 @@ limitations under the License.
 // such a value can call its methods without having to check whether the
 // instance is ready for use.
 //
-// Calling methods with the null logger (Logger{}) as instance will crash
-// because it has no LogSink. Therefore this null logger should never be passed
-// around. For cases where passing a logger is optional, a pointer to Logger
+// The zero logger (= Logger{}) is identical to Discard() and discards all log
+// entries. Code that receives a Logger by value can simply call it, the methods
+// will never crash. For cases where passing a logger is optional, a pointer to Logger
 // should be used.
 //
 // # Key Naming Conventions
@@ -258,6 +258,12 @@ type Logger struct {
 // Enabled tests whether this Logger is enabled.  For example, commandline
 // flags might be used to set the logging verbosity and disable some info logs.
 func (l Logger) Enabled() bool {
+	// Some implementations of LogSink look at the caller in Enabled (e.g.
+	// different verbosity levels per package or file), but we only pass one
+	// CallDepth in (via Init).  This means that all calls from Logger to the
+	// LogSink's Enabled, Info, and Error methods must have the same number of
+	// frames.  In other words, Logger methods can't call other Logger methods
+	// which call these LogSink methods unless we do it the same in all paths.
 	return l.sink != nil && l.sink.Enabled(l.level)
 }
 
@@ -267,11 +273,11 @@ func (l Logger) Enabled() bool {
 // line.  The key/value pairs can then be used to add additional variable
 // information.  The key/value pairs must alternate string keys and arbitrary
 // values.
-func (l Logger) Info(msg string, keysAndValues ...interface{}) {
+func (l Logger) Info(msg string, keysAndValues ...any) {
 	if l.sink == nil {
 		return
 	}
-	if l.Enabled() {
+	if l.sink.Enabled(l.level) { // see comment in Enabled
 		if withHelper, ok := l.sink.(CallStackHelperLogSink); ok {
 			withHelper.GetCallStackHelper()()
 		}
@@ -289,7 +295,7 @@ func (l Logger) Info(msg string, keysAndValues ...interface{}) {
 // while the err argument should be used to attach the actual error that
 // triggered this log line, if present. The err parameter is optional
 // and nil may be passed instead of an error instance.
-func (l Logger) Error(err error, msg string, keysAndValues ...interface{}) {
+func (l Logger) Error(err error, msg string, keysAndValues ...any) {
 	if l.sink == nil {
 		return
 	}
@@ -314,9 +320,16 @@ func (l Logger) V(level int) Logger {
 	return l
 }
 
+// GetV returns the verbosity level of the logger. If the logger's LogSink is
+// nil as in the Discard logger, this will always return 0.
+func (l Logger) GetV() int {
+	// 0 if l.sink nil because of the if check in V above.
+	return l.level
+}
+
 // WithValues returns a new Logger instance with additional key/value pairs.
 // See Info for documentation on how key/value pairs work.
-func (l Logger) WithValues(keysAndValues ...interface{}) Logger {
+func (l Logger) WithValues(keysAndValues ...any) Logger {
 	if l.sink == nil {
 		return l
 	}
@@ -467,15 +480,15 @@ type LogSink interface {
 	// The level argument is provided for optional logging.  This method will
 	// only be called when Enabled(level) is true. See Logger.Info for more
 	// details.
-	Info(level int, msg string, keysAndValues ...interface{})
+	Info(level int, msg string, keysAndValues ...any)
 
 	// Error logs an error, with the given message and key/value pairs as
 	// context.  See Logger.Error for more details.
-	Error(err error, msg string, keysAndValues ...interface{})
+	Error(err error, msg string, keysAndValues ...any)
 
 	// WithValues returns a new LogSink with additional key/value pairs.  See
 	// Logger.WithValues for more details.
-	WithValues(keysAndValues ...interface{}) LogSink
+	WithValues(keysAndValues ...any) LogSink
 
 	// WithName returns a new LogSink with the specified name appended.  See
 	// Logger.WithName for more details.
@@ -546,5 +559,5 @@ type Marshaler interface {
 	//     with exported fields
 	//
 	// It may return any value of any type.
-	MarshalLog() interface{}
+	MarshalLog() any
 }
diff --git a/controller-utils/vendor/github.com/google/go-cmp/cmp/compare.go b/controller-utils/vendor/github.com/google/go-cmp/cmp/compare.go
index 087320da7..0f5b8a48c 100644
--- a/controller-utils/vendor/github.com/google/go-cmp/cmp/compare.go
+++ b/controller-utils/vendor/github.com/google/go-cmp/cmp/compare.go
@@ -5,7 +5,7 @@
 // Package cmp determines equality of values.
 //
 // This package is intended to be a more powerful and safer alternative to
-// reflect.DeepEqual for comparing whether two values are semantically equal.
+// [reflect.DeepEqual] for comparing whether two values are semantically equal.
 // It is intended to only be used in tests, as performance is not a goal and
 // it may panic if it cannot compare the values. Its propensity towards
 // panicking means that its unsuitable for production environments where a
@@ -18,16 +18,17 @@
 //     For example, an equality function may report floats as equal so long as
 //     they are within some tolerance of each other.
 //
-//   - Types with an Equal method may use that method to determine equality.
-//     This allows package authors to determine the equality operation
-//     for the types that they define.
+//   - Types with an Equal method (e.g., [time.Time.Equal]) may use that method
+//     to determine equality. This allows package authors to determine
+//     the equality operation for the types that they define.
 //
 //   - If no custom equality functions are used and no Equal method is defined,
 //     equality is determined by recursively comparing the primitive kinds on
-//     both values, much like reflect.DeepEqual. Unlike reflect.DeepEqual,
+//     both values, much like [reflect.DeepEqual]. Unlike [reflect.DeepEqual],
 //     unexported fields are not compared by default; they result in panics
-//     unless suppressed by using an Ignore option (see cmpopts.IgnoreUnexported)
-//     or explicitly compared using the Exporter option.
+//     unless suppressed by using an [Ignore] option
+//     (see [github.com/google/go-cmp/cmp/cmpopts.IgnoreUnexported])
+//     or explicitly compared using the [Exporter] option.
 package cmp
 
 import (
@@ -45,14 +46,14 @@ import (
 // Equal reports whether x and y are equal by recursively applying the
 // following rules in the given order to x and y and all of their sub-values:
 //
-//   - Let S be the set of all Ignore, Transformer, and Comparer options that
+//   - Let S be the set of all [Ignore], [Transformer], and [Comparer] options that
 //     remain after applying all path filters, value filters, and type filters.
-//     If at least one Ignore exists in S, then the comparison is ignored.
-//     If the number of Transformer and Comparer options in S is non-zero,
+//     If at least one [Ignore] exists in S, then the comparison is ignored.
+//     If the number of [Transformer] and [Comparer] options in S is non-zero,
 //     then Equal panics because it is ambiguous which option to use.
-//     If S contains a single Transformer, then use that to transform
+//     If S contains a single [Transformer], then use that to transform
 //     the current values and recursively call Equal on the output values.
-//     If S contains a single Comparer, then use that to compare the current values.
+//     If S contains a single [Comparer], then use that to compare the current values.
 //     Otherwise, evaluation proceeds to the next rule.
 //
 //   - If the values have an Equal method of the form "(T) Equal(T) bool" or
@@ -66,21 +67,22 @@ import (
 //     Functions are only equal if they are both nil, otherwise they are unequal.
 //
 // Structs are equal if recursively calling Equal on all fields report equal.
-// If a struct contains unexported fields, Equal panics unless an Ignore option
-// (e.g., cmpopts.IgnoreUnexported) ignores that field or the Exporter option
-// explicitly permits comparing the unexported field.
+// If a struct contains unexported fields, Equal panics unless an [Ignore] option
+// (e.g., [github.com/google/go-cmp/cmp/cmpopts.IgnoreUnexported]) ignores that field
+// or the [Exporter] option explicitly permits comparing the unexported field.
 //
 // Slices are equal if they are both nil or both non-nil, where recursively
 // calling Equal on all non-ignored slice or array elements report equal.
 // Empty non-nil slices and nil slices are not equal; to equate empty slices,
-// consider using cmpopts.EquateEmpty.
+// consider using [github.com/google/go-cmp/cmp/cmpopts.EquateEmpty].
 //
 // Maps are equal if they are both nil or both non-nil, where recursively
 // calling Equal on all non-ignored map entries report equal.
 // Map keys are equal according to the == operator.
-// To use custom comparisons for map keys, consider using cmpopts.SortMaps.
+// To use custom comparisons for map keys, consider using
+// [github.com/google/go-cmp/cmp/cmpopts.SortMaps].
 // Empty non-nil maps and nil maps are not equal; to equate empty maps,
-// consider using cmpopts.EquateEmpty.
+// consider using [github.com/google/go-cmp/cmp/cmpopts.EquateEmpty].
 //
 // Pointers and interfaces are equal if they are both nil or both non-nil,
 // where they have the same underlying concrete type and recursively
diff --git a/apis/vendor/github.com/google/go-cmp/cmp/export_unsafe.go b/controller-utils/vendor/github.com/google/go-cmp/cmp/export.go
similarity index 94%
rename from apis/vendor/github.com/google/go-cmp/cmp/export_unsafe.go
rename to controller-utils/vendor/github.com/google/go-cmp/cmp/export.go
index e2c0f74e8..29f82fe6b 100644
--- a/apis/vendor/github.com/google/go-cmp/cmp/export_unsafe.go
+++ b/controller-utils/vendor/github.com/google/go-cmp/cmp/export.go
@@ -2,9 +2,6 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-//go:build !purego
-// +build !purego
-
 package cmp
 
 import (
@@ -12,8 +9,6 @@ import (
 	"unsafe"
 )
 
-const supportExporters = true
-
 // retrieveUnexportedField uses unsafe to forcibly retrieve any field from
 // a struct such that the value has read-write permissions.
 //
diff --git a/controller-utils/vendor/github.com/google/go-cmp/cmp/export_panic.go b/controller-utils/vendor/github.com/google/go-cmp/cmp/export_panic.go
deleted file mode 100644
index ae851fe53..000000000
--- a/controller-utils/vendor/github.com/google/go-cmp/cmp/export_panic.go
+++ /dev/null
@@ -1,16 +0,0 @@
-// Copyright 2017, The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build purego
-// +build purego
-
-package cmp
-
-import "reflect"
-
-const supportExporters = false
-
-func retrieveUnexportedField(reflect.Value, reflect.StructField, bool) reflect.Value {
-	panic("no support for forcibly accessing unexported fields")
-}
diff --git a/controller-utils/vendor/github.com/google/go-cmp/cmp/internal/value/pointer_unsafe.go b/controller-utils/vendor/github.com/google/go-cmp/cmp/internal/value/pointer.go
similarity index 95%
rename from controller-utils/vendor/github.com/google/go-cmp/cmp/internal/value/pointer_unsafe.go
rename to controller-utils/vendor/github.com/google/go-cmp/cmp/internal/value/pointer.go
index 16e6860af..e5dfff69a 100644
--- a/controller-utils/vendor/github.com/google/go-cmp/cmp/internal/value/pointer_unsafe.go
+++ b/controller-utils/vendor/github.com/google/go-cmp/cmp/internal/value/pointer.go
@@ -2,9 +2,6 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-//go:build !purego
-// +build !purego
-
 package value
 
 import (
diff --git a/controller-utils/vendor/github.com/google/go-cmp/cmp/internal/value/pointer_purego.go b/controller-utils/vendor/github.com/google/go-cmp/cmp/internal/value/pointer_purego.go
deleted file mode 100644
index 1a71bfcbd..000000000
--- a/controller-utils/vendor/github.com/google/go-cmp/cmp/internal/value/pointer_purego.go
+++ /dev/null
@@ -1,34 +0,0 @@
-// Copyright 2018, The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build purego
-// +build purego
-
-package value
-
-import "reflect"
-
-// Pointer is an opaque typed pointer and is guaranteed to be comparable.
-type Pointer struct {
-	p uintptr
-	t reflect.Type
-}
-
-// PointerOf returns a Pointer from v, which must be a
-// reflect.Ptr, reflect.Slice, or reflect.Map.
-func PointerOf(v reflect.Value) Pointer {
-	// NOTE: Storing a pointer as an uintptr is technically incorrect as it
-	// assumes that the GC implementation does not use a moving collector.
-	return Pointer{v.Pointer(), v.Type()}
-}
-
-// IsNil reports whether the pointer is nil.
-func (p Pointer) IsNil() bool {
-	return p.p == 0
-}
-
-// Uintptr returns the pointer as a uintptr.
-func (p Pointer) Uintptr() uintptr {
-	return p.p
-}
diff --git a/controller-utils/vendor/github.com/google/go-cmp/cmp/options.go b/controller-utils/vendor/github.com/google/go-cmp/cmp/options.go
index 1f9ca9c48..754496f3b 100644
--- a/controller-utils/vendor/github.com/google/go-cmp/cmp/options.go
+++ b/controller-utils/vendor/github.com/google/go-cmp/cmp/options.go
@@ -13,15 +13,15 @@ import (
 	"github.com/google/go-cmp/cmp/internal/function"
 )
 
-// Option configures for specific behavior of Equal and Diff. In particular,
-// the fundamental Option functions (Ignore, Transformer, and Comparer),
+// Option configures for specific behavior of [Equal] and [Diff]. In particular,
+// the fundamental Option functions ([Ignore], [Transformer], and [Comparer]),
 // configure how equality is determined.
 //
-// The fundamental options may be composed with filters (FilterPath and
-// FilterValues) to control the scope over which they are applied.
+// The fundamental options may be composed with filters ([FilterPath] and
+// [FilterValues]) to control the scope over which they are applied.
 //
-// The cmp/cmpopts package provides helper functions for creating options that
-// may be used with Equal and Diff.
+// The [github.com/google/go-cmp/cmp/cmpopts] package provides helper functions
+// for creating options that may be used with [Equal] and [Diff].
 type Option interface {
 	// filter applies all filters and returns the option that remains.
 	// Each option may only read s.curPath and call s.callTTBFunc.
@@ -56,9 +56,9 @@ type core struct{}
 
 func (core) isCore() {}
 
-// Options is a list of Option values that also satisfies the Option interface.
+// Options is a list of [Option] values that also satisfies the [Option] interface.
 // Helper comparison packages may return an Options value when packing multiple
-// Option values into a single Option. When this package processes an Options,
+// [Option] values into a single [Option]. When this package processes an Options,
 // it will be implicitly expanded into a flat list.
 //
 // Applying a filter on an Options is equivalent to applying that same filter
@@ -105,16 +105,16 @@ func (opts Options) String() string {
 	return fmt.Sprintf("Options{%s}", strings.Join(ss, ", "))
 }
 
-// FilterPath returns a new Option where opt is only evaluated if filter f
-// returns true for the current Path in the value tree.
+// FilterPath returns a new [Option] where opt is only evaluated if filter f
+// returns true for the current [Path] in the value tree.
 //
 // This filter is called even if a slice element or map entry is missing and
 // provides an opportunity to ignore such cases. The filter function must be
 // symmetric such that the filter result is identical regardless of whether the
 // missing value is from x or y.
 //
-// The option passed in may be an Ignore, Transformer, Comparer, Options, or
-// a previously filtered Option.
+// The option passed in may be an [Ignore], [Transformer], [Comparer], [Options], or
+// a previously filtered [Option].
 func FilterPath(f func(Path) bool, opt Option) Option {
 	if f == nil {
 		panic("invalid path filter function")
@@ -142,7 +142,7 @@ func (f pathFilter) String() string {
 	return fmt.Sprintf("FilterPath(%s, %v)", function.NameOf(reflect.ValueOf(f.fnc)), f.opt)
 }
 
-// FilterValues returns a new Option where opt is only evaluated if filter f,
+// FilterValues returns a new [Option] where opt is only evaluated if filter f,
 // which is a function of the form "func(T, T) bool", returns true for the
 // current pair of values being compared. If either value is invalid or
 // the type of the values is not assignable to T, then this filter implicitly
@@ -154,8 +154,8 @@ func (f pathFilter) String() string {
 // If T is an interface, it is possible that f is called with two values with
 // different concrete types that both implement T.
 //
-// The option passed in may be an Ignore, Transformer, Comparer, Options, or
-// a previously filtered Option.
+// The option passed in may be an [Ignore], [Transformer], [Comparer], [Options], or
+// a previously filtered [Option].
 func FilterValues(f interface{}, opt Option) Option {
 	v := reflect.ValueOf(f)
 	if !function.IsType(v.Type(), function.ValueFilter) || v.IsNil() {
@@ -192,9 +192,9 @@ func (f valuesFilter) String() string {
 	return fmt.Sprintf("FilterValues(%s, %v)", function.NameOf(f.fnc), f.opt)
 }
 
-// Ignore is an Option that causes all comparisons to be ignored.
-// This value is intended to be combined with FilterPath or FilterValues.
-// It is an error to pass an unfiltered Ignore option to Equal.
+// Ignore is an [Option] that causes all comparisons to be ignored.
+// This value is intended to be combined with [FilterPath] or [FilterValues].
+// It is an error to pass an unfiltered Ignore option to [Equal].
 func Ignore() Option { return ignore{} }
 
 type ignore struct{ core }
@@ -234,6 +234,8 @@ func (validator) apply(s *state, vx, vy reflect.Value) {
 			name = fmt.Sprintf("%q.%v", t.PkgPath(), t.Name()) // e.g., "path/to/package".MyType
 			if _, ok := reflect.New(t).Interface().(error); ok {
 				help = "consider using cmpopts.EquateErrors to compare error values"
+			} else if t.Comparable() {
+				help = "consider using cmpopts.EquateComparable to compare comparable Go types"
 			}
 		} else {
 			// Unnamed type with unexported fields. Derive PkgPath from field.
@@ -254,7 +256,7 @@ const identRx = `[_\p{L}][_\p{L}\p{N}]*`
 
 var identsRx = regexp.MustCompile(`^` + identRx + `(\.` + identRx + `)*$`)
 
-// Transformer returns an Option that applies a transformation function that
+// Transformer returns an [Option] that applies a transformation function that
 // converts values of a certain type into that of another.
 //
 // The transformer f must be a function "func(T) R" that converts values of
@@ -265,13 +267,14 @@ var identsRx = regexp.MustCompile(`^` + identRx + `(\.` + identRx + `)*$`)
 // same transform to the output of itself (e.g., in the case where the
 // input and output types are the same), an implicit filter is added such that
 // a transformer is applicable only if that exact transformer is not already
-// in the tail of the Path since the last non-Transform step.
+// in the tail of the [Path] since the last non-[Transform] step.
 // For situations where the implicit filter is still insufficient,
-// consider using cmpopts.AcyclicTransformer, which adds a filter
-// to prevent the transformer from being recursively applied upon itself.
+// consider using [github.com/google/go-cmp/cmp/cmpopts.AcyclicTransformer],
+// which adds a filter to prevent the transformer from
+// being recursively applied upon itself.
 //
-// The name is a user provided label that is used as the Transform.Name in the
-// transformation PathStep (and eventually shown in the Diff output).
+// The name is a user provided label that is used as the [Transform.Name] in the
+// transformation [PathStep] (and eventually shown in the [Diff] output).
 // The name must be a valid identifier or qualified identifier in Go syntax.
 // If empty, an arbitrary name is used.
 func Transformer(name string, f interface{}) Option {
@@ -329,7 +332,7 @@ func (tr transformer) String() string {
 	return fmt.Sprintf("Transformer(%s, %s)", tr.name, function.NameOf(tr.fnc))
 }
 
-// Comparer returns an Option that determines whether two values are equal
+// Comparer returns an [Option] that determines whether two values are equal
 // to each other.
 //
 // The comparer f must be a function "func(T, T) bool" and is implicitly
@@ -377,35 +380,32 @@ func (cm comparer) String() string {
 	return fmt.Sprintf("Comparer(%s)", function.NameOf(cm.fnc))
 }
 
-// Exporter returns an Option that specifies whether Equal is allowed to
+// Exporter returns an [Option] that specifies whether [Equal] is allowed to
 // introspect into the unexported fields of certain struct types.
 //
 // Users of this option must understand that comparing on unexported fields
 // from external packages is not safe since changes in the internal
-// implementation of some external package may cause the result of Equal
+// implementation of some external package may cause the result of [Equal]
 // to unexpectedly change. However, it may be valid to use this option on types
 // defined in an internal package where the semantic meaning of an unexported
 // field is in the control of the user.
 //
-// In many cases, a custom Comparer should be used instead that defines
+// In many cases, a custom [Comparer] should be used instead that defines
 // equality as a function of the public API of a type rather than the underlying
 // unexported implementation.
 //
-// For example, the reflect.Type documentation defines equality to be determined
+// For example, the [reflect.Type] documentation defines equality to be determined
 // by the == operator on the interface (essentially performing a shallow pointer
-// comparison) and most attempts to compare *regexp.Regexp types are interested
+// comparison) and most attempts to compare *[regexp.Regexp] types are interested
 // in only checking that the regular expression strings are equal.
-// Both of these are accomplished using Comparers:
+// Both of these are accomplished using [Comparer] options:
 //
 //	Comparer(func(x, y reflect.Type) bool { return x == y })
 //	Comparer(func(x, y *regexp.Regexp) bool { return x.String() == y.String() })
 //
-// In other cases, the cmpopts.IgnoreUnexported option can be used to ignore
-// all unexported fields on specified struct types.
+// In other cases, the [github.com/google/go-cmp/cmp/cmpopts.IgnoreUnexported]
+// option can be used to ignore all unexported fields on specified struct types.
 func Exporter(f func(reflect.Type) bool) Option {
-	if !supportExporters {
-		panic("Exporter is not supported on purego builds")
-	}
 	return exporter(f)
 }
 
@@ -415,10 +415,10 @@ func (exporter) filter(_ *state, _ reflect.Type, _, _ reflect.Value) applicableO
 	panic("not implemented")
 }
 
-// AllowUnexported returns an Options that allows Equal to forcibly introspect
+// AllowUnexported returns an [Option] that allows [Equal] to forcibly introspect
 // unexported fields of the specified struct types.
 //
-// See Exporter for the proper use of this option.
+// See [Exporter] for the proper use of this option.
 func AllowUnexported(types ...interface{}) Option {
 	m := make(map[reflect.Type]bool)
 	for _, typ := range types {
@@ -432,7 +432,7 @@ func AllowUnexported(types ...interface{}) Option {
 }
 
 // Result represents the comparison result for a single node and
-// is provided by cmp when calling Report (see Reporter).
+// is provided by cmp when calling Report (see [Reporter]).
 type Result struct {
 	_     [0]func() // Make Result incomparable
 	flags resultFlags
@@ -445,7 +445,7 @@ func (r Result) Equal() bool {
 }
 
 // ByIgnore reports whether the node is equal because it was ignored.
-// This never reports true if Equal reports false.
+// This never reports true if [Result.Equal] reports false.
 func (r Result) ByIgnore() bool {
 	return r.flags&reportByIgnore != 0
 }
@@ -455,7 +455,7 @@ func (r Result) ByMethod() bool {
 	return r.flags&reportByMethod != 0
 }
 
-// ByFunc reports whether a Comparer function determined equality.
+// ByFunc reports whether a [Comparer] function determined equality.
 func (r Result) ByFunc() bool {
 	return r.flags&reportByFunc != 0
 }
@@ -478,7 +478,7 @@ const (
 	reportByCycle
 )
 
-// Reporter is an Option that can be passed to Equal. When Equal traverses
+// Reporter is an [Option] that can be passed to [Equal]. When [Equal] traverses
 // the value trees, it calls PushStep as it descends into each node in the
 // tree and PopStep as it ascend out of the node. The leaves of the tree are
 // either compared (determined to be equal or not equal) or ignored and reported
diff --git a/controller-utils/vendor/github.com/google/go-cmp/cmp/path.go b/controller-utils/vendor/github.com/google/go-cmp/cmp/path.go
index a0a588502..c3c145642 100644
--- a/controller-utils/vendor/github.com/google/go-cmp/cmp/path.go
+++ b/controller-utils/vendor/github.com/google/go-cmp/cmp/path.go
@@ -14,9 +14,9 @@ import (
 	"github.com/google/go-cmp/cmp/internal/value"
 )
 
-// Path is a list of PathSteps describing the sequence of operations to get
+// Path is a list of [PathStep] describing the sequence of operations to get
 // from some root type to the current position in the value tree.
-// The first Path element is always an operation-less PathStep that exists
+// The first Path element is always an operation-less [PathStep] that exists
 // simply to identify the initial type.
 //
 // When traversing structs with embedded structs, the embedded struct will
@@ -29,8 +29,13 @@ type Path []PathStep
 // a value's tree structure. Users of this package never need to implement
 // these types as values of this type will be returned by this package.
 //
-// Implementations of this interface are
-// StructField, SliceIndex, MapIndex, Indirect, TypeAssertion, and Transform.
+// Implementations of this interface:
+//   - [StructField]
+//   - [SliceIndex]
+//   - [MapIndex]
+//   - [Indirect]
+//   - [TypeAssertion]
+//   - [Transform]
 type PathStep interface {
 	String() string
 
@@ -70,8 +75,9 @@ func (pa *Path) pop() {
 	*pa = (*pa)[:len(*pa)-1]
 }
 
-// Last returns the last PathStep in the Path.
-// If the path is empty, this returns a non-nil PathStep that reports a nil Type.
+// Last returns the last [PathStep] in the Path.
+// If the path is empty, this returns a non-nil [PathStep]
+// that reports a nil [PathStep.Type].
 func (pa Path) Last() PathStep {
 	return pa.Index(-1)
 }
@@ -79,7 +85,8 @@ func (pa Path) Last() PathStep {
 // Index returns the ith step in the Path and supports negative indexing.
 // A negative index starts counting from the tail of the Path such that -1
 // refers to the last step, -2 refers to the second-to-last step, and so on.
-// If index is invalid, this returns a non-nil PathStep that reports a nil Type.
+// If index is invalid, this returns a non-nil [PathStep]
+// that reports a nil [PathStep.Type].
 func (pa Path) Index(i int) PathStep {
 	if i < 0 {
 		i = len(pa) + i
@@ -168,7 +175,8 @@ func (ps pathStep) String() string {
 	return fmt.Sprintf("{%s}", s)
 }
 
-// StructField represents a struct field access on a field called Name.
+// StructField is a [PathStep] that represents a struct field access
+// on a field called [StructField.Name].
 type StructField struct{ *structField }
 type structField struct {
 	pathStep
@@ -204,10 +212,11 @@ func (sf StructField) String() string { return fmt.Sprintf(".%s", sf.name) }
 func (sf StructField) Name() string { return sf.name }
 
 // Index is the index of the field in the parent struct type.
-// See reflect.Type.Field.
+// See [reflect.Type.Field].
 func (sf StructField) Index() int { return sf.idx }
 
-// SliceIndex is an index operation on a slice or array at some index Key.
+// SliceIndex is a [PathStep] that represents an index operation on
+// a slice or array at some index [SliceIndex.Key].
 type SliceIndex struct{ *sliceIndex }
 type sliceIndex struct {
 	pathStep
@@ -247,12 +256,12 @@ func (si SliceIndex) Key() int {
 // all of the indexes to be shifted. If an index is -1, then that
 // indicates that the element does not exist in the associated slice.
 //
-// Key is guaranteed to return -1 if and only if the indexes returned
-// by SplitKeys are not the same. SplitKeys will never return -1 for
+// [SliceIndex.Key] is guaranteed to return -1 if and only if the indexes
+// returned by SplitKeys are not the same. SplitKeys will never return -1 for
 // both indexes.
 func (si SliceIndex) SplitKeys() (ix, iy int) { return si.xkey, si.ykey }
 
-// MapIndex is an index operation on a map at some index Key.
+// MapIndex is a [PathStep] that represents an index operation on a map at some index Key.
 type MapIndex struct{ *mapIndex }
 type mapIndex struct {
 	pathStep
@@ -266,7 +275,7 @@ func (mi MapIndex) String() string                 { return fmt.Sprintf("[%#v]",
 // Key is the value of the map key.
 func (mi MapIndex) Key() reflect.Value { return mi.key }
 
-// Indirect represents pointer indirection on the parent type.
+// Indirect is a [PathStep] that represents pointer indirection on the parent type.
 type Indirect struct{ *indirect }
 type indirect struct {
 	pathStep
@@ -276,7 +285,7 @@ func (in Indirect) Type() reflect.Type             { return in.typ }
 func (in Indirect) Values() (vx, vy reflect.Value) { return in.vx, in.vy }
 func (in Indirect) String() string                 { return "*" }
 
-// TypeAssertion represents a type assertion on an interface.
+// TypeAssertion is a [PathStep] that represents a type assertion on an interface.
 type TypeAssertion struct{ *typeAssertion }
 type typeAssertion struct {
 	pathStep
@@ -286,7 +295,8 @@ func (ta TypeAssertion) Type() reflect.Type             { return ta.typ }
 func (ta TypeAssertion) Values() (vx, vy reflect.Value) { return ta.vx, ta.vy }
 func (ta TypeAssertion) String() string                 { return fmt.Sprintf(".(%v)", value.TypeString(ta.typ, false)) }
 
-// Transform is a transformation from the parent type to the current type.
+// Transform is a [PathStep] that represents a transformation
+// from the parent type to the current type.
 type Transform struct{ *transform }
 type transform struct {
 	pathStep
@@ -297,13 +307,13 @@ func (tf Transform) Type() reflect.Type             { return tf.typ }
 func (tf Transform) Values() (vx, vy reflect.Value) { return tf.vx, tf.vy }
 func (tf Transform) String() string                 { return fmt.Sprintf("%s()", tf.trans.name) }
 
-// Name is the name of the Transformer.
+// Name is the name of the [Transformer].
 func (tf Transform) Name() string { return tf.trans.name }
 
 // Func is the function pointer to the transformer function.
 func (tf Transform) Func() reflect.Value { return tf.trans.fnc }
 
-// Option returns the originally constructed Transformer option.
+// Option returns the originally constructed [Transformer] option.
 // The == operator can be used to detect the exact option used.
 func (tf Transform) Option() Option { return tf.trans }
 
diff --git a/controller-utils/vendor/github.com/google/go-cmp/cmp/report_reflect.go b/controller-utils/vendor/github.com/google/go-cmp/cmp/report_reflect.go
index 2ab41fad3..e39f42284 100644
--- a/controller-utils/vendor/github.com/google/go-cmp/cmp/report_reflect.go
+++ b/controller-utils/vendor/github.com/google/go-cmp/cmp/report_reflect.go
@@ -199,7 +199,7 @@ func (opts formatOptions) FormatValue(v reflect.Value, parentKind reflect.Kind,
 				break
 			}
 			sf := t.Field(i)
-			if supportExporters && !isExported(sf.Name) {
+			if !isExported(sf.Name) {
 				vv = retrieveUnexportedField(v, sf, true)
 			}
 			s := opts.WithTypeMode(autoType).FormatValue(vv, t.Kind(), ptrs)
diff --git a/controller-utils/vendor/github.com/google/uuid/.travis.yml b/controller-utils/vendor/github.com/google/uuid/.travis.yml
deleted file mode 100644
index d8156a60b..000000000
--- a/controller-utils/vendor/github.com/google/uuid/.travis.yml
+++ /dev/null
@@ -1,9 +0,0 @@
-language: go
-
-go:
-  - 1.4.3
-  - 1.5.3
-  - tip
-
-script:
-  - go test -v ./...
diff --git a/controller-utils/vendor/github.com/google/uuid/CHANGELOG.md b/controller-utils/vendor/github.com/google/uuid/CHANGELOG.md
new file mode 100644
index 000000000..2bd78667a
--- /dev/null
+++ b/controller-utils/vendor/github.com/google/uuid/CHANGELOG.md
@@ -0,0 +1,10 @@
+# Changelog
+
+## [1.3.1](https://github.com/google/uuid/compare/v1.3.0...v1.3.1) (2023-08-18)
+
+
+### Bug Fixes
+
+* Use .EqualFold() to parse urn prefixed UUIDs ([#118](https://github.com/google/uuid/issues/118)) ([574e687](https://github.com/google/uuid/commit/574e6874943741fb99d41764c705173ada5293f0))
+
+## Changelog
diff --git a/controller-utils/vendor/github.com/google/uuid/CONTRIBUTING.md b/controller-utils/vendor/github.com/google/uuid/CONTRIBUTING.md
index 04fdf09f1..556688872 100644
--- a/controller-utils/vendor/github.com/google/uuid/CONTRIBUTING.md
+++ b/controller-utils/vendor/github.com/google/uuid/CONTRIBUTING.md
@@ -2,6 +2,22 @@
 
 We definitely welcome patches and contribution to this project!
 
+### Tips
+
+Commits must be formatted according to the [Conventional Commits Specification](https://www.conventionalcommits.org).
+
+Always try to include a test case! If it is not possible or not necessary,
+please explain why in the pull request description.
+
+### Releasing
+
+Commits that would precipitate a SemVer change, as desrcibed in the Conventional
+Commits Specification, will trigger [`release-please`](https://github.com/google-github-actions/release-please-action)
+to create a release candidate pull request. Once submitted, `release-please`
+will create a release.
+
+For tips on how to work with `release-please`, see its documentation.
+
 ### Legal requirements
 
 In order to protect both you and ourselves, you will need to sign the
diff --git a/controller-utils/vendor/github.com/google/uuid/README.md b/controller-utils/vendor/github.com/google/uuid/README.md
index f765a46f9..3e9a61889 100644
--- a/controller-utils/vendor/github.com/google/uuid/README.md
+++ b/controller-utils/vendor/github.com/google/uuid/README.md
@@ -1,6 +1,6 @@
-# uuid ![build status](https://travis-ci.org/google/uuid.svg?branch=master)
+# uuid
 The uuid package generates and inspects UUIDs based on
-[RFC 4122](http://tools.ietf.org/html/rfc4122)
+[RFC 4122](https://datatracker.ietf.org/doc/html/rfc4122)
 and DCE 1.1: Authentication and Security Services. 
 
 This package is based on the github.com/pborman/uuid package (previously named
@@ -9,10 +9,12 @@ a UUID is a 16 byte array rather than a byte slice.  One loss due to this
 change is the ability to represent an invalid UUID (vs a NIL UUID).
 
 ###### Install
-`go get github.com/google/uuid`
+```sh
+go get github.com/google/uuid
+```
 
 ###### Documentation 
-[![GoDoc](https://godoc.org/github.com/google/uuid?status.svg)](http://godoc.org/github.com/google/uuid)
+[![Go Reference](https://pkg.go.dev/badge/github.com/google/uuid.svg)](https://pkg.go.dev/github.com/google/uuid)
 
 Full `go doc` style documentation for the package can be viewed online without
 installing this package by using the GoDoc site here: 
diff --git a/controller-utils/vendor/github.com/google/uuid/node_js.go b/controller-utils/vendor/github.com/google/uuid/node_js.go
index 24b78edc9..b2a0bc871 100644
--- a/controller-utils/vendor/github.com/google/uuid/node_js.go
+++ b/controller-utils/vendor/github.com/google/uuid/node_js.go
@@ -7,6 +7,6 @@
 package uuid
 
 // getHardwareInterface returns nil values for the JS version of the code.
-// This remvoves the "net" dependency, because it is not used in the browser.
+// This removes the "net" dependency, because it is not used in the browser.
 // Using the "net" library inflates the size of the transpiled JS code by 673k bytes.
 func getHardwareInterface(name string) (string, []byte) { return "", nil }
diff --git a/controller-utils/vendor/github.com/google/uuid/uuid.go b/controller-utils/vendor/github.com/google/uuid/uuid.go
index a57207aeb..a56138cc4 100644
--- a/controller-utils/vendor/github.com/google/uuid/uuid.go
+++ b/controller-utils/vendor/github.com/google/uuid/uuid.go
@@ -69,7 +69,7 @@ func Parse(s string) (UUID, error) {
 
 	// urn:uuid:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
 	case 36 + 9:
-		if strings.ToLower(s[:9]) != "urn:uuid:" {
+		if !strings.EqualFold(s[:9], "urn:uuid:") {
 			return uuid, fmt.Errorf("invalid urn prefix: %q", s[:9])
 		}
 		s = s[9:]
@@ -101,7 +101,8 @@ func Parse(s string) (UUID, error) {
 		9, 11,
 		14, 16,
 		19, 21,
-		24, 26, 28, 30, 32, 34} {
+		24, 26, 28, 30, 32, 34,
+	} {
 		v, ok := xtob(s[x], s[x+1])
 		if !ok {
 			return uuid, errors.New("invalid UUID format")
@@ -117,7 +118,7 @@ func ParseBytes(b []byte) (UUID, error) {
 	switch len(b) {
 	case 36: // xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
 	case 36 + 9: // urn:uuid:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
-		if !bytes.Equal(bytes.ToLower(b[:9]), []byte("urn:uuid:")) {
+		if !bytes.EqualFold(b[:9], []byte("urn:uuid:")) {
 			return uuid, fmt.Errorf("invalid urn prefix: %q", b[:9])
 		}
 		b = b[9:]
@@ -145,7 +146,8 @@ func ParseBytes(b []byte) (UUID, error) {
 		9, 11,
 		14, 16,
 		19, 21,
-		24, 26, 28, 30, 32, 34} {
+		24, 26, 28, 30, 32, 34,
+	} {
 		v, ok := xtob(b[x], b[x+1])
 		if !ok {
 			return uuid, errors.New("invalid UUID format")
diff --git a/controller-utils/vendor/golang.org/x/oauth2/internal/client_appengine.go b/controller-utils/vendor/golang.org/x/oauth2/internal/client_appengine.go
index e1755d1d9..d28140f78 100644
--- a/controller-utils/vendor/golang.org/x/oauth2/internal/client_appengine.go
+++ b/controller-utils/vendor/golang.org/x/oauth2/internal/client_appengine.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build appengine
-// +build appengine
 
 package internal
 
diff --git a/controller-utils/vendor/golang.org/x/oauth2/internal/oauth2.go b/controller-utils/vendor/golang.org/x/oauth2/internal/oauth2.go
index c0ab196cf..14989beaf 100644
--- a/controller-utils/vendor/golang.org/x/oauth2/internal/oauth2.go
+++ b/controller-utils/vendor/golang.org/x/oauth2/internal/oauth2.go
@@ -14,7 +14,7 @@ import (
 
 // ParseKey converts the binary contents of a private key file
 // to an *rsa.PrivateKey. It detects whether the private key is in a
-// PEM container or not. If so, it extracts the the private key
+// PEM container or not. If so, it extracts the private key
 // from PEM container before conversion. It only supports PEM
 // containers with no passphrase.
 func ParseKey(key []byte) (*rsa.PrivateKey, error) {
diff --git a/controller-utils/vendor/golang.org/x/oauth2/internal/token.go b/controller-utils/vendor/golang.org/x/oauth2/internal/token.go
index b4723fcac..58901bda5 100644
--- a/controller-utils/vendor/golang.org/x/oauth2/internal/token.go
+++ b/controller-utils/vendor/golang.org/x/oauth2/internal/token.go
@@ -55,12 +55,18 @@ type Token struct {
 }
 
 // tokenJSON is the struct representing the HTTP response from OAuth2
-// providers returning a token in JSON form.
+// providers returning a token or error in JSON form.
+// https://datatracker.ietf.org/doc/html/rfc6749#section-5.1
 type tokenJSON struct {
 	AccessToken  string         `json:"access_token"`
 	TokenType    string         `json:"token_type"`
 	RefreshToken string         `json:"refresh_token"`
 	ExpiresIn    expirationTime `json:"expires_in"` // at least PayPal returns string, while most return number
+	// error fields
+	// https://datatracker.ietf.org/doc/html/rfc6749#section-5.2
+	ErrorCode        string `json:"error"`
+	ErrorDescription string `json:"error_description"`
+	ErrorURI         string `json:"error_uri"`
 }
 
 func (e *tokenJSON) expiry() (t time.Time) {
@@ -236,21 +242,29 @@ func doTokenRoundTrip(ctx context.Context, req *http.Request) (*Token, error) {
 	if err != nil {
 		return nil, fmt.Errorf("oauth2: cannot fetch token: %v", err)
 	}
-	if code := r.StatusCode; code < 200 || code > 299 {
-		return nil, &RetrieveError{
-			Response: r,
-			Body:     body,
-		}
+
+	failureStatus := r.StatusCode < 200 || r.StatusCode > 299
+	retrieveError := &RetrieveError{
+		Response: r,
+		Body:     body,
+		// attempt to populate error detail below
 	}
 
 	var token *Token
 	content, _, _ := mime.ParseMediaType(r.Header.Get("Content-Type"))
 	switch content {
 	case "application/x-www-form-urlencoded", "text/plain":
+		// some endpoints return a query string
 		vals, err := url.ParseQuery(string(body))
 		if err != nil {
-			return nil, err
+			if failureStatus {
+				return nil, retrieveError
+			}
+			return nil, fmt.Errorf("oauth2: cannot parse response: %v", err)
 		}
+		retrieveError.ErrorCode = vals.Get("error")
+		retrieveError.ErrorDescription = vals.Get("error_description")
+		retrieveError.ErrorURI = vals.Get("error_uri")
 		token = &Token{
 			AccessToken:  vals.Get("access_token"),
 			TokenType:    vals.Get("token_type"),
@@ -265,8 +279,14 @@ func doTokenRoundTrip(ctx context.Context, req *http.Request) (*Token, error) {
 	default:
 		var tj tokenJSON
 		if err = json.Unmarshal(body, &tj); err != nil {
-			return nil, err
+			if failureStatus {
+				return nil, retrieveError
+			}
+			return nil, fmt.Errorf("oauth2: cannot parse json: %v", err)
 		}
+		retrieveError.ErrorCode = tj.ErrorCode
+		retrieveError.ErrorDescription = tj.ErrorDescription
+		retrieveError.ErrorURI = tj.ErrorURI
 		token = &Token{
 			AccessToken:  tj.AccessToken,
 			TokenType:    tj.TokenType,
@@ -276,17 +296,37 @@ func doTokenRoundTrip(ctx context.Context, req *http.Request) (*Token, error) {
 		}
 		json.Unmarshal(body, &token.Raw) // no error checks for optional fields
 	}
+	// according to spec, servers should respond status 400 in error case
+	// https://www.rfc-editor.org/rfc/rfc6749#section-5.2
+	// but some unorthodox servers respond 200 in error case
+	if failureStatus || retrieveError.ErrorCode != "" {
+		return nil, retrieveError
+	}
 	if token.AccessToken == "" {
 		return nil, errors.New("oauth2: server response missing access_token")
 	}
 	return token, nil
 }
 
+// mirrors oauth2.RetrieveError
 type RetrieveError struct {
-	Response *http.Response
-	Body     []byte
+	Response         *http.Response
+	Body             []byte
+	ErrorCode        string
+	ErrorDescription string
+	ErrorURI         string
 }
 
 func (r *RetrieveError) Error() string {
+	if r.ErrorCode != "" {
+		s := fmt.Sprintf("oauth2: %q", r.ErrorCode)
+		if r.ErrorDescription != "" {
+			s += fmt.Sprintf(" %q", r.ErrorDescription)
+		}
+		if r.ErrorURI != "" {
+			s += fmt.Sprintf(" %q", r.ErrorURI)
+		}
+		return s
+	}
 	return fmt.Sprintf("oauth2: cannot fetch token: %v\nResponse: %s", r.Response.Status, r.Body)
 }
diff --git a/controller-utils/vendor/golang.org/x/oauth2/token.go b/controller-utils/vendor/golang.org/x/oauth2/token.go
index 7c64006de..5ffce9764 100644
--- a/controller-utils/vendor/golang.org/x/oauth2/token.go
+++ b/controller-utils/vendor/golang.org/x/oauth2/token.go
@@ -175,14 +175,31 @@ func retrieveToken(ctx context.Context, c *Config, v url.Values) (*Token, error)
 }
 
 // RetrieveError is the error returned when the token endpoint returns a
-// non-2XX HTTP status code.
+// non-2XX HTTP status code or populates RFC 6749's 'error' parameter.
+// https://datatracker.ietf.org/doc/html/rfc6749#section-5.2
 type RetrieveError struct {
 	Response *http.Response
 	// Body is the body that was consumed by reading Response.Body.
 	// It may be truncated.
 	Body []byte
+	// ErrorCode is RFC 6749's 'error' parameter.
+	ErrorCode string
+	// ErrorDescription is RFC 6749's 'error_description' parameter.
+	ErrorDescription string
+	// ErrorURI is RFC 6749's 'error_uri' parameter.
+	ErrorURI string
 }
 
 func (r *RetrieveError) Error() string {
+	if r.ErrorCode != "" {
+		s := fmt.Sprintf("oauth2: %q", r.ErrorCode)
+		if r.ErrorDescription != "" {
+			s += fmt.Sprintf(" %q", r.ErrorDescription)
+		}
+		if r.ErrorURI != "" {
+			s += fmt.Sprintf(" %q", r.ErrorURI)
+		}
+		return s
+	}
 	return fmt.Sprintf("oauth2: cannot fetch token: %v\nResponse: %s", r.Response.Status, r.Body)
 }
diff --git a/controller-utils/vendor/golang.org/x/sys/cpu/asm_aix_ppc64.s b/controller-utils/vendor/golang.org/x/sys/cpu/asm_aix_ppc64.s
index db9171c2e..269e173ca 100644
--- a/controller-utils/vendor/golang.org/x/sys/cpu/asm_aix_ppc64.s
+++ b/controller-utils/vendor/golang.org/x/sys/cpu/asm_aix_ppc64.s
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build gc
-// +build gc
 
 #include "textflag.h"
 
diff --git a/controller-utils/vendor/golang.org/x/sys/cpu/cpu_aix.go b/controller-utils/vendor/golang.org/x/sys/cpu/cpu_aix.go
index 8aaeef545..9bf0c32eb 100644
--- a/controller-utils/vendor/golang.org/x/sys/cpu/cpu_aix.go
+++ b/controller-utils/vendor/golang.org/x/sys/cpu/cpu_aix.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build aix
-// +build aix
 
 package cpu
 
diff --git a/controller-utils/vendor/golang.org/x/sys/cpu/cpu_arm64.s b/controller-utils/vendor/golang.org/x/sys/cpu/cpu_arm64.s
index c61f95a05..fcb9a3888 100644
--- a/controller-utils/vendor/golang.org/x/sys/cpu/cpu_arm64.s
+++ b/controller-utils/vendor/golang.org/x/sys/cpu/cpu_arm64.s
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build gc
-// +build gc
 
 #include "textflag.h"
 
diff --git a/controller-utils/vendor/golang.org/x/sys/cpu/cpu_gc_arm64.go b/controller-utils/vendor/golang.org/x/sys/cpu/cpu_gc_arm64.go
index ccf542a73..a8acd3e32 100644
--- a/controller-utils/vendor/golang.org/x/sys/cpu/cpu_gc_arm64.go
+++ b/controller-utils/vendor/golang.org/x/sys/cpu/cpu_gc_arm64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build gc
-// +build gc
 
 package cpu
 
diff --git a/controller-utils/vendor/golang.org/x/sys/cpu/cpu_gc_s390x.go b/controller-utils/vendor/golang.org/x/sys/cpu/cpu_gc_s390x.go
index 0af2f2484..c8ae6ddc1 100644
--- a/controller-utils/vendor/golang.org/x/sys/cpu/cpu_gc_s390x.go
+++ b/controller-utils/vendor/golang.org/x/sys/cpu/cpu_gc_s390x.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build gc
-// +build gc
 
 package cpu
 
diff --git a/controller-utils/vendor/golang.org/x/sys/cpu/cpu_gc_x86.go b/controller-utils/vendor/golang.org/x/sys/cpu/cpu_gc_x86.go
index fa7cdb9bc..910728fb1 100644
--- a/controller-utils/vendor/golang.org/x/sys/cpu/cpu_gc_x86.go
+++ b/controller-utils/vendor/golang.org/x/sys/cpu/cpu_gc_x86.go
@@ -3,8 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build (386 || amd64 || amd64p32) && gc
-// +build 386 amd64 amd64p32
-// +build gc
 
 package cpu
 
diff --git a/controller-utils/vendor/golang.org/x/sys/cpu/cpu_gccgo_arm64.go b/controller-utils/vendor/golang.org/x/sys/cpu/cpu_gccgo_arm64.go
index 2aff31891..7f1946780 100644
--- a/controller-utils/vendor/golang.org/x/sys/cpu/cpu_gccgo_arm64.go
+++ b/controller-utils/vendor/golang.org/x/sys/cpu/cpu_gccgo_arm64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build gccgo
-// +build gccgo
 
 package cpu
 
diff --git a/controller-utils/vendor/golang.org/x/sys/cpu/cpu_gccgo_s390x.go b/controller-utils/vendor/golang.org/x/sys/cpu/cpu_gccgo_s390x.go
index 4bfbda619..9526d2ce3 100644
--- a/controller-utils/vendor/golang.org/x/sys/cpu/cpu_gccgo_s390x.go
+++ b/controller-utils/vendor/golang.org/x/sys/cpu/cpu_gccgo_s390x.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build gccgo
-// +build gccgo
 
 package cpu
 
diff --git a/controller-utils/vendor/golang.org/x/sys/cpu/cpu_gccgo_x86.c b/controller-utils/vendor/golang.org/x/sys/cpu/cpu_gccgo_x86.c
index 6cc73109f..3f73a05dc 100644
--- a/controller-utils/vendor/golang.org/x/sys/cpu/cpu_gccgo_x86.c
+++ b/controller-utils/vendor/golang.org/x/sys/cpu/cpu_gccgo_x86.c
@@ -3,8 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build (386 || amd64 || amd64p32) && gccgo
-// +build 386 amd64 amd64p32
-// +build gccgo
 
 #include <cpuid.h>
 #include <stdint.h>
diff --git a/controller-utils/vendor/golang.org/x/sys/cpu/cpu_gccgo_x86.go b/controller-utils/vendor/golang.org/x/sys/cpu/cpu_gccgo_x86.go
index 863d415ab..99c60fe9f 100644
--- a/controller-utils/vendor/golang.org/x/sys/cpu/cpu_gccgo_x86.go
+++ b/controller-utils/vendor/golang.org/x/sys/cpu/cpu_gccgo_x86.go
@@ -3,8 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build (386 || amd64 || amd64p32) && gccgo
-// +build 386 amd64 amd64p32
-// +build gccgo
 
 package cpu
 
diff --git a/controller-utils/vendor/golang.org/x/sys/cpu/cpu_linux.go b/controller-utils/vendor/golang.org/x/sys/cpu/cpu_linux.go
index 159a686f6..743eb5435 100644
--- a/controller-utils/vendor/golang.org/x/sys/cpu/cpu_linux.go
+++ b/controller-utils/vendor/golang.org/x/sys/cpu/cpu_linux.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build !386 && !amd64 && !amd64p32 && !arm64
-// +build !386,!amd64,!amd64p32,!arm64
 
 package cpu
 
diff --git a/controller-utils/vendor/golang.org/x/sys/cpu/cpu_linux_mips64x.go b/controller-utils/vendor/golang.org/x/sys/cpu/cpu_linux_mips64x.go
index 6000db4cd..4686c1d54 100644
--- a/controller-utils/vendor/golang.org/x/sys/cpu/cpu_linux_mips64x.go
+++ b/controller-utils/vendor/golang.org/x/sys/cpu/cpu_linux_mips64x.go
@@ -3,8 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build linux && (mips64 || mips64le)
-// +build linux
-// +build mips64 mips64le
 
 package cpu
 
diff --git a/controller-utils/vendor/golang.org/x/sys/cpu/cpu_linux_noinit.go b/controller-utils/vendor/golang.org/x/sys/cpu/cpu_linux_noinit.go
index f4992b1a5..cd63e7335 100644
--- a/controller-utils/vendor/golang.org/x/sys/cpu/cpu_linux_noinit.go
+++ b/controller-utils/vendor/golang.org/x/sys/cpu/cpu_linux_noinit.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build linux && !arm && !arm64 && !mips64 && !mips64le && !ppc64 && !ppc64le && !s390x
-// +build linux,!arm,!arm64,!mips64,!mips64le,!ppc64,!ppc64le,!s390x
 
 package cpu
 
diff --git a/controller-utils/vendor/golang.org/x/sys/cpu/cpu_linux_ppc64x.go b/controller-utils/vendor/golang.org/x/sys/cpu/cpu_linux_ppc64x.go
index 021356d6d..197188e67 100644
--- a/controller-utils/vendor/golang.org/x/sys/cpu/cpu_linux_ppc64x.go
+++ b/controller-utils/vendor/golang.org/x/sys/cpu/cpu_linux_ppc64x.go
@@ -3,8 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build linux && (ppc64 || ppc64le)
-// +build linux
-// +build ppc64 ppc64le
 
 package cpu
 
diff --git a/controller-utils/vendor/golang.org/x/sys/cpu/cpu_loong64.go b/controller-utils/vendor/golang.org/x/sys/cpu/cpu_loong64.go
index 0f57b05bd..558635850 100644
--- a/controller-utils/vendor/golang.org/x/sys/cpu/cpu_loong64.go
+++ b/controller-utils/vendor/golang.org/x/sys/cpu/cpu_loong64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build loong64
-// +build loong64
 
 package cpu
 
diff --git a/controller-utils/vendor/golang.org/x/sys/cpu/cpu_mips64x.go b/controller-utils/vendor/golang.org/x/sys/cpu/cpu_mips64x.go
index f4063c664..fedb00cc4 100644
--- a/controller-utils/vendor/golang.org/x/sys/cpu/cpu_mips64x.go
+++ b/controller-utils/vendor/golang.org/x/sys/cpu/cpu_mips64x.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build mips64 || mips64le
-// +build mips64 mips64le
 
 package cpu
 
diff --git a/controller-utils/vendor/golang.org/x/sys/cpu/cpu_mipsx.go b/controller-utils/vendor/golang.org/x/sys/cpu/cpu_mipsx.go
index 07c4e36d8..ffb4ec7eb 100644
--- a/controller-utils/vendor/golang.org/x/sys/cpu/cpu_mipsx.go
+++ b/controller-utils/vendor/golang.org/x/sys/cpu/cpu_mipsx.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build mips || mipsle
-// +build mips mipsle
 
 package cpu
 
diff --git a/controller-utils/vendor/golang.org/x/sys/cpu/cpu_other_arm.go b/controller-utils/vendor/golang.org/x/sys/cpu/cpu_other_arm.go
index d7b4fb4cc..e9ecf2a45 100644
--- a/controller-utils/vendor/golang.org/x/sys/cpu/cpu_other_arm.go
+++ b/controller-utils/vendor/golang.org/x/sys/cpu/cpu_other_arm.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build !linux && arm
-// +build !linux,arm
 
 package cpu
 
diff --git a/controller-utils/vendor/golang.org/x/sys/cpu/cpu_other_arm64.go b/controller-utils/vendor/golang.org/x/sys/cpu/cpu_other_arm64.go
index f3cde129b..5341e7f88 100644
--- a/controller-utils/vendor/golang.org/x/sys/cpu/cpu_other_arm64.go
+++ b/controller-utils/vendor/golang.org/x/sys/cpu/cpu_other_arm64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build !linux && !netbsd && !openbsd && arm64
-// +build !linux,!netbsd,!openbsd,arm64
 
 package cpu
 
diff --git a/controller-utils/vendor/golang.org/x/sys/cpu/cpu_other_mips64x.go b/controller-utils/vendor/golang.org/x/sys/cpu/cpu_other_mips64x.go
index 0dafe9644..5f8f2419a 100644
--- a/controller-utils/vendor/golang.org/x/sys/cpu/cpu_other_mips64x.go
+++ b/controller-utils/vendor/golang.org/x/sys/cpu/cpu_other_mips64x.go
@@ -3,8 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build !linux && (mips64 || mips64le)
-// +build !linux
-// +build mips64 mips64le
 
 package cpu
 
diff --git a/controller-utils/vendor/golang.org/x/sys/cpu/cpu_other_ppc64x.go b/controller-utils/vendor/golang.org/x/sys/cpu/cpu_other_ppc64x.go
index 060d46b6e..89608fba2 100644
--- a/controller-utils/vendor/golang.org/x/sys/cpu/cpu_other_ppc64x.go
+++ b/controller-utils/vendor/golang.org/x/sys/cpu/cpu_other_ppc64x.go
@@ -3,9 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build !aix && !linux && (ppc64 || ppc64le)
-// +build !aix
-// +build !linux
-// +build ppc64 ppc64le
 
 package cpu
 
diff --git a/controller-utils/vendor/golang.org/x/sys/cpu/cpu_other_riscv64.go b/controller-utils/vendor/golang.org/x/sys/cpu/cpu_other_riscv64.go
index dd10eb79f..5ab87808f 100644
--- a/controller-utils/vendor/golang.org/x/sys/cpu/cpu_other_riscv64.go
+++ b/controller-utils/vendor/golang.org/x/sys/cpu/cpu_other_riscv64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build !linux && riscv64
-// +build !linux,riscv64
 
 package cpu
 
diff --git a/controller-utils/vendor/golang.org/x/sys/cpu/cpu_ppc64x.go b/controller-utils/vendor/golang.org/x/sys/cpu/cpu_ppc64x.go
index 4e8acd165..c14f12b14 100644
--- a/controller-utils/vendor/golang.org/x/sys/cpu/cpu_ppc64x.go
+++ b/controller-utils/vendor/golang.org/x/sys/cpu/cpu_ppc64x.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build ppc64 || ppc64le
-// +build ppc64 ppc64le
 
 package cpu
 
diff --git a/controller-utils/vendor/golang.org/x/sys/cpu/cpu_riscv64.go b/controller-utils/vendor/golang.org/x/sys/cpu/cpu_riscv64.go
index ff7da60eb..7f0c79c00 100644
--- a/controller-utils/vendor/golang.org/x/sys/cpu/cpu_riscv64.go
+++ b/controller-utils/vendor/golang.org/x/sys/cpu/cpu_riscv64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build riscv64
-// +build riscv64
 
 package cpu
 
diff --git a/controller-utils/vendor/golang.org/x/sys/cpu/cpu_s390x.s b/controller-utils/vendor/golang.org/x/sys/cpu/cpu_s390x.s
index 96f81e209..1fb4b7013 100644
--- a/controller-utils/vendor/golang.org/x/sys/cpu/cpu_s390x.s
+++ b/controller-utils/vendor/golang.org/x/sys/cpu/cpu_s390x.s
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build gc
-// +build gc
 
 #include "textflag.h"
 
diff --git a/controller-utils/vendor/golang.org/x/sys/cpu/cpu_wasm.go b/controller-utils/vendor/golang.org/x/sys/cpu/cpu_wasm.go
index 7747d888a..384787ea3 100644
--- a/controller-utils/vendor/golang.org/x/sys/cpu/cpu_wasm.go
+++ b/controller-utils/vendor/golang.org/x/sys/cpu/cpu_wasm.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build wasm
-// +build wasm
 
 package cpu
 
diff --git a/controller-utils/vendor/golang.org/x/sys/cpu/cpu_x86.go b/controller-utils/vendor/golang.org/x/sys/cpu/cpu_x86.go
index 2dcde8285..c29f5e4c5 100644
--- a/controller-utils/vendor/golang.org/x/sys/cpu/cpu_x86.go
+++ b/controller-utils/vendor/golang.org/x/sys/cpu/cpu_x86.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build 386 || amd64 || amd64p32
-// +build 386 amd64 amd64p32
 
 package cpu
 
diff --git a/controller-utils/vendor/golang.org/x/sys/cpu/cpu_x86.s b/controller-utils/vendor/golang.org/x/sys/cpu/cpu_x86.s
index 39acab2ff..7d7ba33ef 100644
--- a/controller-utils/vendor/golang.org/x/sys/cpu/cpu_x86.s
+++ b/controller-utils/vendor/golang.org/x/sys/cpu/cpu_x86.s
@@ -3,8 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build (386 || amd64 || amd64p32) && gc
-// +build 386 amd64 amd64p32
-// +build gc
 
 #include "textflag.h"
 
diff --git a/controller-utils/vendor/golang.org/x/sys/cpu/endian_big.go b/controller-utils/vendor/golang.org/x/sys/cpu/endian_big.go
index 93ce03a34..7fe04b0a1 100644
--- a/controller-utils/vendor/golang.org/x/sys/cpu/endian_big.go
+++ b/controller-utils/vendor/golang.org/x/sys/cpu/endian_big.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build armbe || arm64be || m68k || mips || mips64 || mips64p32 || ppc || ppc64 || s390 || s390x || shbe || sparc || sparc64
-// +build armbe arm64be m68k mips mips64 mips64p32 ppc ppc64 s390 s390x shbe sparc sparc64
 
 package cpu
 
diff --git a/controller-utils/vendor/golang.org/x/sys/cpu/endian_little.go b/controller-utils/vendor/golang.org/x/sys/cpu/endian_little.go
index 55db853ef..48eccc4c7 100644
--- a/controller-utils/vendor/golang.org/x/sys/cpu/endian_little.go
+++ b/controller-utils/vendor/golang.org/x/sys/cpu/endian_little.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build 386 || amd64 || amd64p32 || alpha || arm || arm64 || loong64 || mipsle || mips64le || mips64p32le || nios2 || ppc64le || riscv || riscv64 || sh || wasm
-// +build 386 amd64 amd64p32 alpha arm arm64 loong64 mipsle mips64le mips64p32le nios2 ppc64le riscv riscv64 sh wasm
 
 package cpu
 
diff --git a/controller-utils/vendor/golang.org/x/sys/cpu/proc_cpuinfo_linux.go b/controller-utils/vendor/golang.org/x/sys/cpu/proc_cpuinfo_linux.go
index d87bd6b3e..4cd64c704 100644
--- a/controller-utils/vendor/golang.org/x/sys/cpu/proc_cpuinfo_linux.go
+++ b/controller-utils/vendor/golang.org/x/sys/cpu/proc_cpuinfo_linux.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build linux && arm64
-// +build linux,arm64
 
 package cpu
 
diff --git a/controller-utils/vendor/golang.org/x/sys/cpu/runtime_auxv_go121.go b/controller-utils/vendor/golang.org/x/sys/cpu/runtime_auxv_go121.go
index b975ea2a0..4c9788ea8 100644
--- a/controller-utils/vendor/golang.org/x/sys/cpu/runtime_auxv_go121.go
+++ b/controller-utils/vendor/golang.org/x/sys/cpu/runtime_auxv_go121.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build go1.21
-// +build go1.21
 
 package cpu
 
diff --git a/controller-utils/vendor/golang.org/x/sys/cpu/syscall_aix_gccgo.go b/controller-utils/vendor/golang.org/x/sys/cpu/syscall_aix_gccgo.go
index 96134157a..1b9ccb091 100644
--- a/controller-utils/vendor/golang.org/x/sys/cpu/syscall_aix_gccgo.go
+++ b/controller-utils/vendor/golang.org/x/sys/cpu/syscall_aix_gccgo.go
@@ -9,7 +9,6 @@
 // gccgo's libgo and thus must not used a CGo method.
 
 //go:build aix && gccgo
-// +build aix,gccgo
 
 package cpu
 
diff --git a/controller-utils/vendor/golang.org/x/sys/cpu/syscall_aix_ppc64_gc.go b/controller-utils/vendor/golang.org/x/sys/cpu/syscall_aix_ppc64_gc.go
index 904be42ff..e8b6cdbe9 100644
--- a/controller-utils/vendor/golang.org/x/sys/cpu/syscall_aix_ppc64_gc.go
+++ b/controller-utils/vendor/golang.org/x/sys/cpu/syscall_aix_ppc64_gc.go
@@ -7,7 +7,6 @@
 // (See golang.org/issue/32102)
 
 //go:build aix && ppc64 && gc
-// +build aix,ppc64,gc
 
 package cpu
 
diff --git a/controller-utils/vendor/golang.org/x/sys/plan9/pwd_go15_plan9.go b/controller-utils/vendor/golang.org/x/sys/plan9/pwd_go15_plan9.go
index c9b69937a..73687de74 100644
--- a/controller-utils/vendor/golang.org/x/sys/plan9/pwd_go15_plan9.go
+++ b/controller-utils/vendor/golang.org/x/sys/plan9/pwd_go15_plan9.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build go1.5
-// +build go1.5
 
 package plan9
 
diff --git a/controller-utils/vendor/golang.org/x/sys/plan9/pwd_plan9.go b/controller-utils/vendor/golang.org/x/sys/plan9/pwd_plan9.go
index 98bf56b73..fb9458218 100644
--- a/controller-utils/vendor/golang.org/x/sys/plan9/pwd_plan9.go
+++ b/controller-utils/vendor/golang.org/x/sys/plan9/pwd_plan9.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build !go1.5
-// +build !go1.5
 
 package plan9
 
diff --git a/controller-utils/vendor/golang.org/x/sys/plan9/race.go b/controller-utils/vendor/golang.org/x/sys/plan9/race.go
index 62377d2ff..c02d9ed33 100644
--- a/controller-utils/vendor/golang.org/x/sys/plan9/race.go
+++ b/controller-utils/vendor/golang.org/x/sys/plan9/race.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build plan9 && race
-// +build plan9,race
 
 package plan9
 
diff --git a/controller-utils/vendor/golang.org/x/sys/plan9/race0.go b/controller-utils/vendor/golang.org/x/sys/plan9/race0.go
index f8da30876..7b15e15f6 100644
--- a/controller-utils/vendor/golang.org/x/sys/plan9/race0.go
+++ b/controller-utils/vendor/golang.org/x/sys/plan9/race0.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build plan9 && !race
-// +build plan9,!race
 
 package plan9
 
diff --git a/controller-utils/vendor/golang.org/x/sys/plan9/str.go b/controller-utils/vendor/golang.org/x/sys/plan9/str.go
index 55fa8d025..ba3e8ff8a 100644
--- a/controller-utils/vendor/golang.org/x/sys/plan9/str.go
+++ b/controller-utils/vendor/golang.org/x/sys/plan9/str.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build plan9
-// +build plan9
 
 package plan9
 
diff --git a/controller-utils/vendor/golang.org/x/sys/plan9/syscall.go b/controller-utils/vendor/golang.org/x/sys/plan9/syscall.go
index 67e5b0115..d631fd664 100644
--- a/controller-utils/vendor/golang.org/x/sys/plan9/syscall.go
+++ b/controller-utils/vendor/golang.org/x/sys/plan9/syscall.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build plan9
-// +build plan9
 
 // Package plan9 contains an interface to the low-level operating system
 // primitives. OS details vary depending on the underlying system, and
diff --git a/controller-utils/vendor/golang.org/x/sys/plan9/zsyscall_plan9_386.go b/controller-utils/vendor/golang.org/x/sys/plan9/zsyscall_plan9_386.go
index 3f40b9bd7..f780d5c80 100644
--- a/controller-utils/vendor/golang.org/x/sys/plan9/zsyscall_plan9_386.go
+++ b/controller-utils/vendor/golang.org/x/sys/plan9/zsyscall_plan9_386.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build plan9 && 386
-// +build plan9,386
 
 package plan9
 
diff --git a/controller-utils/vendor/golang.org/x/sys/plan9/zsyscall_plan9_amd64.go b/controller-utils/vendor/golang.org/x/sys/plan9/zsyscall_plan9_amd64.go
index 0e6a96aa4..7de61065f 100644
--- a/controller-utils/vendor/golang.org/x/sys/plan9/zsyscall_plan9_amd64.go
+++ b/controller-utils/vendor/golang.org/x/sys/plan9/zsyscall_plan9_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build plan9 && amd64
-// +build plan9,amd64
 
 package plan9
 
diff --git a/controller-utils/vendor/golang.org/x/sys/plan9/zsyscall_plan9_arm.go b/controller-utils/vendor/golang.org/x/sys/plan9/zsyscall_plan9_arm.go
index 244c501b7..ea85780f0 100644
--- a/controller-utils/vendor/golang.org/x/sys/plan9/zsyscall_plan9_arm.go
+++ b/controller-utils/vendor/golang.org/x/sys/plan9/zsyscall_plan9_arm.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build plan9 && arm
-// +build plan9,arm
 
 package plan9
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/aliases.go b/controller-utils/vendor/golang.org/x/sys/unix/aliases.go
index abc89c104..e7d3df4bd 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/aliases.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/aliases.go
@@ -3,8 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build (aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos) && go1.9
-// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris zos
-// +build go1.9
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/asm_aix_ppc64.s b/controller-utils/vendor/golang.org/x/sys/unix/asm_aix_ppc64.s
index db9171c2e..269e173ca 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/asm_aix_ppc64.s
+++ b/controller-utils/vendor/golang.org/x/sys/unix/asm_aix_ppc64.s
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build gc
-// +build gc
 
 #include "textflag.h"
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/asm_bsd_386.s b/controller-utils/vendor/golang.org/x/sys/unix/asm_bsd_386.s
index e0fcd9b3d..a4fcef0e0 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/asm_bsd_386.s
+++ b/controller-utils/vendor/golang.org/x/sys/unix/asm_bsd_386.s
@@ -3,8 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build (freebsd || netbsd || openbsd) && gc
-// +build freebsd netbsd openbsd
-// +build gc
 
 #include "textflag.h"
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/asm_bsd_amd64.s b/controller-utils/vendor/golang.org/x/sys/unix/asm_bsd_amd64.s
index 2b99c349a..1e63615c5 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/asm_bsd_amd64.s
+++ b/controller-utils/vendor/golang.org/x/sys/unix/asm_bsd_amd64.s
@@ -3,8 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build (darwin || dragonfly || freebsd || netbsd || openbsd) && gc
-// +build darwin dragonfly freebsd netbsd openbsd
-// +build gc
 
 #include "textflag.h"
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/asm_bsd_arm.s b/controller-utils/vendor/golang.org/x/sys/unix/asm_bsd_arm.s
index d702d4adc..6496c3100 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/asm_bsd_arm.s
+++ b/controller-utils/vendor/golang.org/x/sys/unix/asm_bsd_arm.s
@@ -3,8 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build (freebsd || netbsd || openbsd) && gc
-// +build freebsd netbsd openbsd
-// +build gc
 
 #include "textflag.h"
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/asm_bsd_arm64.s b/controller-utils/vendor/golang.org/x/sys/unix/asm_bsd_arm64.s
index fe36a7391..4fd1f54da 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/asm_bsd_arm64.s
+++ b/controller-utils/vendor/golang.org/x/sys/unix/asm_bsd_arm64.s
@@ -3,8 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build (darwin || freebsd || netbsd || openbsd) && gc
-// +build darwin freebsd netbsd openbsd
-// +build gc
 
 #include "textflag.h"
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/asm_bsd_ppc64.s b/controller-utils/vendor/golang.org/x/sys/unix/asm_bsd_ppc64.s
index e5b9a8489..42f7eb9e4 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/asm_bsd_ppc64.s
+++ b/controller-utils/vendor/golang.org/x/sys/unix/asm_bsd_ppc64.s
@@ -3,8 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build (darwin || freebsd || netbsd || openbsd) && gc
-// +build darwin freebsd netbsd openbsd
-// +build gc
 
 #include "textflag.h"
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/asm_bsd_riscv64.s b/controller-utils/vendor/golang.org/x/sys/unix/asm_bsd_riscv64.s
index d560019ea..f8902667e 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/asm_bsd_riscv64.s
+++ b/controller-utils/vendor/golang.org/x/sys/unix/asm_bsd_riscv64.s
@@ -3,8 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build (darwin || freebsd || netbsd || openbsd) && gc
-// +build darwin freebsd netbsd openbsd
-// +build gc
 
 #include "textflag.h"
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/asm_linux_386.s b/controller-utils/vendor/golang.org/x/sys/unix/asm_linux_386.s
index 8fd101d07..3b4734870 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/asm_linux_386.s
+++ b/controller-utils/vendor/golang.org/x/sys/unix/asm_linux_386.s
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build gc
-// +build gc
 
 #include "textflag.h"
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/asm_linux_amd64.s b/controller-utils/vendor/golang.org/x/sys/unix/asm_linux_amd64.s
index 7ed38e43c..67e29f317 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/asm_linux_amd64.s
+++ b/controller-utils/vendor/golang.org/x/sys/unix/asm_linux_amd64.s
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build gc
-// +build gc
 
 #include "textflag.h"
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/asm_linux_arm.s b/controller-utils/vendor/golang.org/x/sys/unix/asm_linux_arm.s
index 8ef1d5140..d6ae269ce 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/asm_linux_arm.s
+++ b/controller-utils/vendor/golang.org/x/sys/unix/asm_linux_arm.s
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build gc
-// +build gc
 
 #include "textflag.h"
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/asm_linux_arm64.s b/controller-utils/vendor/golang.org/x/sys/unix/asm_linux_arm64.s
index 98ae02760..01e5e253c 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/asm_linux_arm64.s
+++ b/controller-utils/vendor/golang.org/x/sys/unix/asm_linux_arm64.s
@@ -3,9 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build linux && arm64 && gc
-// +build linux
-// +build arm64
-// +build gc
 
 #include "textflag.h"
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/asm_linux_loong64.s b/controller-utils/vendor/golang.org/x/sys/unix/asm_linux_loong64.s
index 565357288..2abf12f6e 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/asm_linux_loong64.s
+++ b/controller-utils/vendor/golang.org/x/sys/unix/asm_linux_loong64.s
@@ -3,9 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build linux && loong64 && gc
-// +build linux
-// +build loong64
-// +build gc
 
 #include "textflag.h"
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/asm_linux_mips64x.s b/controller-utils/vendor/golang.org/x/sys/unix/asm_linux_mips64x.s
index 21231d2ce..f84bae712 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/asm_linux_mips64x.s
+++ b/controller-utils/vendor/golang.org/x/sys/unix/asm_linux_mips64x.s
@@ -3,9 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build linux && (mips64 || mips64le) && gc
-// +build linux
-// +build mips64 mips64le
-// +build gc
 
 #include "textflag.h"
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/asm_linux_mipsx.s b/controller-utils/vendor/golang.org/x/sys/unix/asm_linux_mipsx.s
index 6783b26c6..f08f62807 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/asm_linux_mipsx.s
+++ b/controller-utils/vendor/golang.org/x/sys/unix/asm_linux_mipsx.s
@@ -3,9 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build linux && (mips || mipsle) && gc
-// +build linux
-// +build mips mipsle
-// +build gc
 
 #include "textflag.h"
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/asm_linux_ppc64x.s b/controller-utils/vendor/golang.org/x/sys/unix/asm_linux_ppc64x.s
index 19d498934..bdfc024d2 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/asm_linux_ppc64x.s
+++ b/controller-utils/vendor/golang.org/x/sys/unix/asm_linux_ppc64x.s
@@ -3,9 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build linux && (ppc64 || ppc64le) && gc
-// +build linux
-// +build ppc64 ppc64le
-// +build gc
 
 #include "textflag.h"
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/asm_linux_riscv64.s b/controller-utils/vendor/golang.org/x/sys/unix/asm_linux_riscv64.s
index e42eb81d5..2e8c99612 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/asm_linux_riscv64.s
+++ b/controller-utils/vendor/golang.org/x/sys/unix/asm_linux_riscv64.s
@@ -3,8 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build riscv64 && gc
-// +build riscv64
-// +build gc
 
 #include "textflag.h"
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/asm_linux_s390x.s b/controller-utils/vendor/golang.org/x/sys/unix/asm_linux_s390x.s
index c46aab339..2c394b11e 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/asm_linux_s390x.s
+++ b/controller-utils/vendor/golang.org/x/sys/unix/asm_linux_s390x.s
@@ -3,9 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build linux && s390x && gc
-// +build linux
-// +build s390x
-// +build gc
 
 #include "textflag.h"
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/asm_openbsd_mips64.s b/controller-utils/vendor/golang.org/x/sys/unix/asm_openbsd_mips64.s
index 5e7a1169c..fab586a2c 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/asm_openbsd_mips64.s
+++ b/controller-utils/vendor/golang.org/x/sys/unix/asm_openbsd_mips64.s
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build gc
-// +build gc
 
 #include "textflag.h"
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/asm_solaris_amd64.s b/controller-utils/vendor/golang.org/x/sys/unix/asm_solaris_amd64.s
index f8c5394c1..f949ec547 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/asm_solaris_amd64.s
+++ b/controller-utils/vendor/golang.org/x/sys/unix/asm_solaris_amd64.s
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build gc
-// +build gc
 
 #include "textflag.h"
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/asm_zos_s390x.s b/controller-utils/vendor/golang.org/x/sys/unix/asm_zos_s390x.s
index 3b54e1858..2f67ba86d 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/asm_zos_s390x.s
+++ b/controller-utils/vendor/golang.org/x/sys/unix/asm_zos_s390x.s
@@ -3,9 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build zos && s390x && gc
-// +build zos
-// +build s390x
-// +build gc
 
 #include "textflag.h"
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/cap_freebsd.go b/controller-utils/vendor/golang.org/x/sys/unix/cap_freebsd.go
index 0b7c6adb8..a08657890 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/cap_freebsd.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/cap_freebsd.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build freebsd
-// +build freebsd
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/constants.go b/controller-utils/vendor/golang.org/x/sys/unix/constants.go
index 394a3965b..6fb7cb77d 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/constants.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/constants.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos
-// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris zos
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/dev_aix_ppc.go b/controller-utils/vendor/golang.org/x/sys/unix/dev_aix_ppc.go
index 65a998508..d78513461 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/dev_aix_ppc.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/dev_aix_ppc.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build aix && ppc
-// +build aix,ppc
 
 // Functions to access/create device major and minor numbers matching the
 // encoding used by AIX.
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/dev_aix_ppc64.go b/controller-utils/vendor/golang.org/x/sys/unix/dev_aix_ppc64.go
index 8fc08ad0a..623a5e697 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/dev_aix_ppc64.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/dev_aix_ppc64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build aix && ppc64
-// +build aix,ppc64
 
 // Functions to access/create device major and minor numbers matching the
 // encoding used AIX.
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/dev_zos.go b/controller-utils/vendor/golang.org/x/sys/unix/dev_zos.go
index a388e59a0..bb6a64fe9 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/dev_zos.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/dev_zos.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build zos && s390x
-// +build zos,s390x
 
 // Functions to access/create device major and minor numbers matching the
 // encoding used by z/OS.
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/dirent.go b/controller-utils/vendor/golang.org/x/sys/unix/dirent.go
index 2499f977b..1ebf11782 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/dirent.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/dirent.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos
-// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris zos
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/endian_big.go b/controller-utils/vendor/golang.org/x/sys/unix/endian_big.go
index a52026557..1095fd31d 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/endian_big.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/endian_big.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 //
 //go:build armbe || arm64be || m68k || mips || mips64 || mips64p32 || ppc || ppc64 || s390 || s390x || shbe || sparc || sparc64
-// +build armbe arm64be m68k mips mips64 mips64p32 ppc ppc64 s390 s390x shbe sparc sparc64
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/endian_little.go b/controller-utils/vendor/golang.org/x/sys/unix/endian_little.go
index b0f2bc4ae..b9f0e277b 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/endian_little.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/endian_little.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 //
 //go:build 386 || amd64 || amd64p32 || alpha || arm || arm64 || loong64 || mipsle || mips64le || mips64p32le || nios2 || ppc64le || riscv || riscv64 || sh
-// +build 386 amd64 amd64p32 alpha arm arm64 loong64 mipsle mips64le mips64p32le nios2 ppc64le riscv riscv64 sh
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/env_unix.go b/controller-utils/vendor/golang.org/x/sys/unix/env_unix.go
index 29ccc4d13..a96da71f4 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/env_unix.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/env_unix.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos
-// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris zos
 
 // Unix environment variables.
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/epoll_zos.go b/controller-utils/vendor/golang.org/x/sys/unix/epoll_zos.go
index cedaf7e02..7753fddea 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/epoll_zos.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/epoll_zos.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build zos && s390x
-// +build zos,s390x
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/fcntl.go b/controller-utils/vendor/golang.org/x/sys/unix/fcntl.go
index e9b991258..58c6bfc70 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/fcntl.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/fcntl.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build dragonfly || freebsd || linux || netbsd || openbsd
-// +build dragonfly freebsd linux netbsd openbsd
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/fcntl_linux_32bit.go b/controller-utils/vendor/golang.org/x/sys/unix/fcntl_linux_32bit.go
index 29d44808b..13b4acd5c 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/fcntl_linux_32bit.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/fcntl_linux_32bit.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build (linux && 386) || (linux && arm) || (linux && mips) || (linux && mipsle) || (linux && ppc)
-// +build linux,386 linux,arm linux,mips linux,mipsle linux,ppc
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/fdset.go b/controller-utils/vendor/golang.org/x/sys/unix/fdset.go
index a8068f94f..9e83d18cd 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/fdset.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/fdset.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos
-// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris zos
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/fstatfs_zos.go b/controller-utils/vendor/golang.org/x/sys/unix/fstatfs_zos.go
index e377cc9f4..c8bde601e 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/fstatfs_zos.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/fstatfs_zos.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build zos && s390x
-// +build zos,s390x
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/gccgo.go b/controller-utils/vendor/golang.org/x/sys/unix/gccgo.go
index b06f52d74..aca5721dd 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/gccgo.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/gccgo.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build gccgo && !aix && !hurd
-// +build gccgo,!aix,!hurd
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/gccgo_c.c b/controller-utils/vendor/golang.org/x/sys/unix/gccgo_c.c
index f98a1c542..d468b7b47 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/gccgo_c.c
+++ b/controller-utils/vendor/golang.org/x/sys/unix/gccgo_c.c
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build gccgo && !aix && !hurd
-// +build gccgo,!aix,!hurd
 
 #include <errno.h>
 #include <stdint.h>
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/gccgo_linux_amd64.go b/controller-utils/vendor/golang.org/x/sys/unix/gccgo_linux_amd64.go
index e60e49a3d..972d61bd7 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/gccgo_linux_amd64.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/gccgo_linux_amd64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build gccgo && linux && amd64
-// +build gccgo,linux,amd64
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/ifreq_linux.go b/controller-utils/vendor/golang.org/x/sys/unix/ifreq_linux.go
index 15721a510..848840ae4 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/ifreq_linux.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/ifreq_linux.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build linux
-// +build linux
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/ioctl_signed.go b/controller-utils/vendor/golang.org/x/sys/unix/ioctl_signed.go
index 7def9580e..5b0759bd8 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/ioctl_signed.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/ioctl_signed.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build aix || solaris
-// +build aix solaris
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/ioctl_unsigned.go b/controller-utils/vendor/golang.org/x/sys/unix/ioctl_unsigned.go
index 649913d1e..20f470b9d 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/ioctl_unsigned.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/ioctl_unsigned.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build darwin || dragonfly || freebsd || hurd || linux || netbsd || openbsd
-// +build darwin dragonfly freebsd hurd linux netbsd openbsd
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/ioctl_zos.go b/controller-utils/vendor/golang.org/x/sys/unix/ioctl_zos.go
index cdc21bf76..c8b2a750f 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/ioctl_zos.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/ioctl_zos.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build zos && s390x
-// +build zos,s390x
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/mkerrors.sh b/controller-utils/vendor/golang.org/x/sys/unix/mkerrors.sh
index 47fa6a7eb..cbe24150a 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/mkerrors.sh
+++ b/controller-utils/vendor/golang.org/x/sys/unix/mkerrors.sh
@@ -663,7 +663,6 @@ echo '// mkerrors.sh' "$@"
 echo '// Code generated by the command above; see README.md. DO NOT EDIT.'
 echo
 echo "//go:build ${GOARCH} && ${GOOS}"
-echo "// +build ${GOARCH},${GOOS}"
 echo
 go tool cgo -godefs -- "$@" _const.go >_error.out
 cat _error.out | grep -vf _error.grep | grep -vf _signal.grep
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/mmap_nomremap.go b/controller-utils/vendor/golang.org/x/sys/unix/mmap_nomremap.go
index ca0513632..4b68e5978 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/mmap_nomremap.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/mmap_nomremap.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build aix || darwin || dragonfly || freebsd || openbsd || solaris
-// +build aix darwin dragonfly freebsd openbsd solaris
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/mremap.go b/controller-utils/vendor/golang.org/x/sys/unix/mremap.go
index fa93d0aa9..fd45fe529 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/mremap.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/mremap.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build linux || netbsd
-// +build linux netbsd
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/pagesize_unix.go b/controller-utils/vendor/golang.org/x/sys/unix/pagesize_unix.go
index 53f1b4c5b..4d0a3430e 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/pagesize_unix.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/pagesize_unix.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris
-// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris
 
 // For Unix, get the pagesize from the runtime.
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/pledge_openbsd.go b/controller-utils/vendor/golang.org/x/sys/unix/pledge_openbsd.go
index eb48294b2..6a09af53e 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/pledge_openbsd.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/pledge_openbsd.go
@@ -8,54 +8,31 @@ import (
 	"errors"
 	"fmt"
 	"strconv"
-	"syscall"
-	"unsafe"
 )
 
 // Pledge implements the pledge syscall.
 //
-// The pledge syscall does not accept execpromises on OpenBSD releases
-// before 6.3.
-//
-// execpromises must be empty when Pledge is called on OpenBSD
-// releases predating 6.3, otherwise an error will be returned.
+// This changes both the promises and execpromises; use PledgePromises or
+// PledgeExecpromises to only change the promises or execpromises
+// respectively.
 //
 // For more information see pledge(2).
 func Pledge(promises, execpromises string) error {
-	maj, min, err := majmin()
-	if err != nil {
+	if err := pledgeAvailable(); err != nil {
 		return err
 	}
 
-	err = pledgeAvailable(maj, min, execpromises)
+	pptr, err := BytePtrFromString(promises)
 	if err != nil {
 		return err
 	}
 
-	pptr, err := syscall.BytePtrFromString(promises)
+	exptr, err := BytePtrFromString(execpromises)
 	if err != nil {
 		return err
 	}
 
-	// This variable will hold either a nil unsafe.Pointer or
-	// an unsafe.Pointer to a string (execpromises).
-	var expr unsafe.Pointer
-
-	// If we're running on OpenBSD > 6.2, pass execpromises to the syscall.
-	if maj > 6 || (maj == 6 && min > 2) {
-		exptr, err := syscall.BytePtrFromString(execpromises)
-		if err != nil {
-			return err
-		}
-		expr = unsafe.Pointer(exptr)
-	}
-
-	_, _, e := syscall.Syscall(SYS_PLEDGE, uintptr(unsafe.Pointer(pptr)), uintptr(expr), 0)
-	if e != 0 {
-		return e
-	}
-
-	return nil
+	return pledge(pptr, exptr)
 }
 
 // PledgePromises implements the pledge syscall.
@@ -64,30 +41,16 @@ func Pledge(promises, execpromises string) error {
 //
 // For more information see pledge(2).
 func PledgePromises(promises string) error {
-	maj, min, err := majmin()
-	if err != nil {
-		return err
-	}
-
-	err = pledgeAvailable(maj, min, "")
-	if err != nil {
+	if err := pledgeAvailable(); err != nil {
 		return err
 	}
 
-	// This variable holds the execpromises and is always nil.
-	var expr unsafe.Pointer
-
-	pptr, err := syscall.BytePtrFromString(promises)
+	pptr, err := BytePtrFromString(promises)
 	if err != nil {
 		return err
 	}
 
-	_, _, e := syscall.Syscall(SYS_PLEDGE, uintptr(unsafe.Pointer(pptr)), uintptr(expr), 0)
-	if e != 0 {
-		return e
-	}
-
-	return nil
+	return pledge(pptr, nil)
 }
 
 // PledgeExecpromises implements the pledge syscall.
@@ -96,30 +59,16 @@ func PledgePromises(promises string) error {
 //
 // For more information see pledge(2).
 func PledgeExecpromises(execpromises string) error {
-	maj, min, err := majmin()
-	if err != nil {
+	if err := pledgeAvailable(); err != nil {
 		return err
 	}
 
-	err = pledgeAvailable(maj, min, execpromises)
+	exptr, err := BytePtrFromString(execpromises)
 	if err != nil {
 		return err
 	}
 
-	// This variable holds the promises and is always nil.
-	var pptr unsafe.Pointer
-
-	exptr, err := syscall.BytePtrFromString(execpromises)
-	if err != nil {
-		return err
-	}
-
-	_, _, e := syscall.Syscall(SYS_PLEDGE, uintptr(pptr), uintptr(unsafe.Pointer(exptr)), 0)
-	if e != 0 {
-		return e
-	}
-
-	return nil
+	return pledge(nil, exptr)
 }
 
 // majmin returns major and minor version number for an OpenBSD system.
@@ -147,16 +96,15 @@ func majmin() (major int, minor int, err error) {
 
 // pledgeAvailable checks for availability of the pledge(2) syscall
 // based on the running OpenBSD version.
-func pledgeAvailable(maj, min int, execpromises string) error {
-	// If OpenBSD <= 5.9, pledge is not available.
-	if (maj == 5 && min != 9) || maj < 5 {
-		return fmt.Errorf("pledge syscall is not available on OpenBSD %d.%d", maj, min)
+func pledgeAvailable() error {
+	maj, min, err := majmin()
+	if err != nil {
+		return err
 	}
 
-	// If OpenBSD <= 6.2 and execpromises is not empty,
-	// return an error - execpromises is not available before 6.3
-	if (maj < 6 || (maj == 6 && min <= 2)) && execpromises != "" {
-		return fmt.Errorf("cannot use execpromises on OpenBSD %d.%d", maj, min)
+	// Require OpenBSD 6.4 as a minimum.
+	if maj < 6 || (maj == 6 && min <= 3) {
+		return fmt.Errorf("cannot call Pledge on OpenBSD %d.%d", maj, min)
 	}
 
 	return nil
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/ptrace_darwin.go b/controller-utils/vendor/golang.org/x/sys/unix/ptrace_darwin.go
index 463c3eff7..3f0975f3d 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/ptrace_darwin.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/ptrace_darwin.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build darwin && !ios
-// +build darwin,!ios
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/ptrace_ios.go b/controller-utils/vendor/golang.org/x/sys/unix/ptrace_ios.go
index ed0509a01..a4d35db5d 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/ptrace_ios.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/ptrace_ios.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build ios
-// +build ios
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/race.go b/controller-utils/vendor/golang.org/x/sys/unix/race.go
index 6f6c5fec5..714d2aae7 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/race.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/race.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build (darwin && race) || (linux && race) || (freebsd && race)
-// +build darwin,race linux,race freebsd,race
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/race0.go b/controller-utils/vendor/golang.org/x/sys/unix/race0.go
index 706e1322a..4a9f6634c 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/race0.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/race0.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build aix || (darwin && !race) || (linux && !race) || (freebsd && !race) || netbsd || openbsd || solaris || dragonfly || zos
-// +build aix darwin,!race linux,!race freebsd,!race netbsd openbsd solaris dragonfly zos
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/readdirent_getdents.go b/controller-utils/vendor/golang.org/x/sys/unix/readdirent_getdents.go
index 4d6257569..dbd2b6ccb 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/readdirent_getdents.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/readdirent_getdents.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build aix || dragonfly || freebsd || linux || netbsd || openbsd
-// +build aix dragonfly freebsd linux netbsd openbsd
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/readdirent_getdirentries.go b/controller-utils/vendor/golang.org/x/sys/unix/readdirent_getdirentries.go
index 2a4ba47c4..130398b6b 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/readdirent_getdirentries.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/readdirent_getdirentries.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build darwin
-// +build darwin
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/sockcmsg_unix.go b/controller-utils/vendor/golang.org/x/sys/unix/sockcmsg_unix.go
index 3865943f6..c3a62dbb1 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/sockcmsg_unix.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/sockcmsg_unix.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos
-// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris zos
 
 // Socket control messages
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/sockcmsg_unix_other.go b/controller-utils/vendor/golang.org/x/sys/unix/sockcmsg_unix_other.go
index 0840fe4a5..4a1eab37e 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/sockcmsg_unix_other.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/sockcmsg_unix_other.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build aix || darwin || freebsd || linux || netbsd || openbsd || solaris || zos
-// +build aix darwin freebsd linux netbsd openbsd solaris zos
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/syscall.go b/controller-utils/vendor/golang.org/x/sys/unix/syscall.go
index 63e8c8383..5ea74da98 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/syscall.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/syscall.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos
-// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris zos
 
 // Package unix contains an interface to the low-level operating system
 // primitives. OS details vary depending on the underlying system, and
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/syscall_aix.go b/controller-utils/vendor/golang.org/x/sys/unix/syscall_aix.go
index e94e6cdac..67ce6cef2 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/syscall_aix.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/syscall_aix.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build aix
-// +build aix
 
 // Aix system calls.
 // This file is compiled as ordinary Go code,
@@ -107,7 +106,8 @@ func (sa *SockaddrUnix) sockaddr() (unsafe.Pointer, _Socklen, error) {
 	if n > 0 {
 		sl += _Socklen(n) + 1
 	}
-	if sa.raw.Path[0] == '@' {
+	if sa.raw.Path[0] == '@' || (sa.raw.Path[0] == 0 && sl > 3) {
+		// Check sl > 3 so we don't change unnamed socket behavior.
 		sa.raw.Path[0] = 0
 		// Don't count trailing NUL for abstract address.
 		sl--
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/syscall_aix_ppc.go b/controller-utils/vendor/golang.org/x/sys/unix/syscall_aix_ppc.go
index f2871fa95..1fdaa4760 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/syscall_aix_ppc.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/syscall_aix_ppc.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build aix && ppc
-// +build aix,ppc
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/syscall_aix_ppc64.go b/controller-utils/vendor/golang.org/x/sys/unix/syscall_aix_ppc64.go
index 75718ec0f..c87f9a9f4 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/syscall_aix_ppc64.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/syscall_aix_ppc64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build aix && ppc64
-// +build aix,ppc64
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/syscall_bsd.go b/controller-utils/vendor/golang.org/x/sys/unix/syscall_bsd.go
index 4217de518..6f328e3a5 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/syscall_bsd.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/syscall_bsd.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build darwin || dragonfly || freebsd || netbsd || openbsd
-// +build darwin dragonfly freebsd netbsd openbsd
 
 // BSD system call wrappers shared by *BSD based systems
 // including OS X (Darwin) and FreeBSD.  Like the other
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/syscall_darwin_amd64.go b/controller-utils/vendor/golang.org/x/sys/unix/syscall_darwin_amd64.go
index b37310ce9..0eaecf5fc 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/syscall_darwin_amd64.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/syscall_darwin_amd64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build amd64 && darwin
-// +build amd64,darwin
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/syscall_darwin_arm64.go b/controller-utils/vendor/golang.org/x/sys/unix/syscall_darwin_arm64.go
index d51ec9963..f36c6707c 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/syscall_darwin_arm64.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/syscall_darwin_arm64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build arm64 && darwin
-// +build arm64,darwin
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/syscall_darwin_libSystem.go b/controller-utils/vendor/golang.org/x/sys/unix/syscall_darwin_libSystem.go
index 53c96641f..16dc69937 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/syscall_darwin_libSystem.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/syscall_darwin_libSystem.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build darwin && go1.12
-// +build darwin,go1.12
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/syscall_dragonfly_amd64.go b/controller-utils/vendor/golang.org/x/sys/unix/syscall_dragonfly_amd64.go
index 4e2d32120..14bab6b2d 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/syscall_dragonfly_amd64.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/syscall_dragonfly_amd64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build amd64 && dragonfly
-// +build amd64,dragonfly
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/syscall_freebsd_386.go b/controller-utils/vendor/golang.org/x/sys/unix/syscall_freebsd_386.go
index b8da51004..3967bca77 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/syscall_freebsd_386.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/syscall_freebsd_386.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build 386 && freebsd
-// +build 386,freebsd
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/syscall_freebsd_amd64.go b/controller-utils/vendor/golang.org/x/sys/unix/syscall_freebsd_amd64.go
index 47155c483..eff19ada2 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/syscall_freebsd_amd64.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/syscall_freebsd_amd64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build amd64 && freebsd
-// +build amd64,freebsd
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/syscall_freebsd_arm.go b/controller-utils/vendor/golang.org/x/sys/unix/syscall_freebsd_arm.go
index 08932093f..4f24b517a 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/syscall_freebsd_arm.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/syscall_freebsd_arm.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build arm && freebsd
-// +build arm,freebsd
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/syscall_freebsd_arm64.go b/controller-utils/vendor/golang.org/x/sys/unix/syscall_freebsd_arm64.go
index d151a0d0e..ac30759ec 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/syscall_freebsd_arm64.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/syscall_freebsd_arm64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build arm64 && freebsd
-// +build arm64,freebsd
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/syscall_freebsd_riscv64.go b/controller-utils/vendor/golang.org/x/sys/unix/syscall_freebsd_riscv64.go
index d5cd64b37..aab725ca7 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/syscall_freebsd_riscv64.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/syscall_freebsd_riscv64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build riscv64 && freebsd
-// +build riscv64,freebsd
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/syscall_hurd.go b/controller-utils/vendor/golang.org/x/sys/unix/syscall_hurd.go
index 381fd4673..ba46651f8 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/syscall_hurd.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/syscall_hurd.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build hurd
-// +build hurd
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/syscall_hurd_386.go b/controller-utils/vendor/golang.org/x/sys/unix/syscall_hurd_386.go
index 7cf54a3e4..df89f9e6b 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/syscall_hurd_386.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/syscall_hurd_386.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build 386 && hurd
-// +build 386,hurd
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/syscall_illumos.go b/controller-utils/vendor/golang.org/x/sys/unix/syscall_illumos.go
index 87db5a6a8..a863f7052 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/syscall_illumos.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/syscall_illumos.go
@@ -5,7 +5,6 @@
 // illumos system calls not present on Solaris.
 
 //go:build amd64 && illumos
-// +build amd64,illumos
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/syscall_linux.go b/controller-utils/vendor/golang.org/x/sys/unix/syscall_linux.go
index fb4e50224..a5e1c10e3 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/syscall_linux.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/syscall_linux.go
@@ -417,7 +417,8 @@ func (sa *SockaddrUnix) sockaddr() (unsafe.Pointer, _Socklen, error) {
 	if n > 0 {
 		sl += _Socklen(n) + 1
 	}
-	if sa.raw.Path[0] == '@' {
+	if sa.raw.Path[0] == '@' || (sa.raw.Path[0] == 0 && sl > 3) {
+		// Check sl > 3 so we don't change unnamed socket behavior.
 		sa.raw.Path[0] = 0
 		// Don't count trailing NUL for abstract address.
 		sl--
@@ -2482,3 +2483,5 @@ func SchedGetAttr(pid int, flags uint) (*SchedAttr, error) {
 	}
 	return attr, nil
 }
+
+//sys	Cachestat(fd uint, crange *CachestatRange, cstat *Cachestat_t, flags uint) (err error)
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/syscall_linux_386.go b/controller-utils/vendor/golang.org/x/sys/unix/syscall_linux_386.go
index c7d9945ea..506dafa7b 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/syscall_linux_386.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/syscall_linux_386.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build 386 && linux
-// +build 386,linux
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/syscall_linux_alarm.go b/controller-utils/vendor/golang.org/x/sys/unix/syscall_linux_alarm.go
index 08086ac6a..38d55641b 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/syscall_linux_alarm.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/syscall_linux_alarm.go
@@ -3,8 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build linux && (386 || amd64 || mips || mipsle || mips64 || mipsle || ppc64 || ppc64le || ppc || s390x || sparc64)
-// +build linux
-// +build 386 amd64 mips mipsle mips64 mipsle ppc64 ppc64le ppc s390x sparc64
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/syscall_linux_amd64.go b/controller-utils/vendor/golang.org/x/sys/unix/syscall_linux_amd64.go
index 70601ce36..d557cf8de 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/syscall_linux_amd64.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/syscall_linux_amd64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build amd64 && linux
-// +build amd64,linux
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/syscall_linux_amd64_gc.go b/controller-utils/vendor/golang.org/x/sys/unix/syscall_linux_amd64_gc.go
index 8b0f0f3aa..facdb83b2 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/syscall_linux_amd64_gc.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/syscall_linux_amd64_gc.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build amd64 && linux && gc
-// +build amd64,linux,gc
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/syscall_linux_arm.go b/controller-utils/vendor/golang.org/x/sys/unix/syscall_linux_arm.go
index da2986415..cd2dd797f 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/syscall_linux_arm.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/syscall_linux_arm.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build arm && linux
-// +build arm,linux
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/syscall_linux_arm64.go b/controller-utils/vendor/golang.org/x/sys/unix/syscall_linux_arm64.go
index f5266689a..cf2ee6c75 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/syscall_linux_arm64.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/syscall_linux_arm64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build arm64 && linux
-// +build arm64,linux
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/syscall_linux_gc.go b/controller-utils/vendor/golang.org/x/sys/unix/syscall_linux_gc.go
index 2b1168d7d..ffc4c2b63 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/syscall_linux_gc.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/syscall_linux_gc.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build linux && gc
-// +build linux,gc
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/syscall_linux_gc_386.go b/controller-utils/vendor/golang.org/x/sys/unix/syscall_linux_gc_386.go
index 9843fb489..9ebfdcf44 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/syscall_linux_gc_386.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/syscall_linux_gc_386.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build linux && gc && 386
-// +build linux,gc,386
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/syscall_linux_gc_arm.go b/controller-utils/vendor/golang.org/x/sys/unix/syscall_linux_gc_arm.go
index a6008fccd..5f2b57c4c 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/syscall_linux_gc_arm.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/syscall_linux_gc_arm.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build arm && gc && linux
-// +build arm,gc,linux
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/syscall_linux_gccgo_386.go b/controller-utils/vendor/golang.org/x/sys/unix/syscall_linux_gccgo_386.go
index 7740af242..d1a3ad826 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/syscall_linux_gccgo_386.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/syscall_linux_gccgo_386.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build linux && gccgo && 386
-// +build linux,gccgo,386
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/syscall_linux_gccgo_arm.go b/controller-utils/vendor/golang.org/x/sys/unix/syscall_linux_gccgo_arm.go
index e16a12299..f2f67423e 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/syscall_linux_gccgo_arm.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/syscall_linux_gccgo_arm.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build linux && gccgo && arm
-// +build linux,gccgo,arm
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/syscall_linux_loong64.go b/controller-utils/vendor/golang.org/x/sys/unix/syscall_linux_loong64.go
index f6ab02ec1..3d0e98451 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/syscall_linux_loong64.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/syscall_linux_loong64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build loong64 && linux
-// +build loong64,linux
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/syscall_linux_mips64x.go b/controller-utils/vendor/golang.org/x/sys/unix/syscall_linux_mips64x.go
index 93fe59d25..70963a95a 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/syscall_linux_mips64x.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/syscall_linux_mips64x.go
@@ -3,8 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build linux && (mips64 || mips64le)
-// +build linux
-// +build mips64 mips64le
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/syscall_linux_mipsx.go b/controller-utils/vendor/golang.org/x/sys/unix/syscall_linux_mipsx.go
index aae7f0ffd..c218ebd28 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/syscall_linux_mipsx.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/syscall_linux_mipsx.go
@@ -3,8 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build linux && (mips || mipsle)
-// +build linux
-// +build mips mipsle
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/syscall_linux_ppc.go b/controller-utils/vendor/golang.org/x/sys/unix/syscall_linux_ppc.go
index 66eff19a3..e6c48500c 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/syscall_linux_ppc.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/syscall_linux_ppc.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build linux && ppc
-// +build linux,ppc
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/syscall_linux_ppc64x.go b/controller-utils/vendor/golang.org/x/sys/unix/syscall_linux_ppc64x.go
index 806aa2574..7286a9aa8 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/syscall_linux_ppc64x.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/syscall_linux_ppc64x.go
@@ -3,8 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build linux && (ppc64 || ppc64le)
-// +build linux
-// +build ppc64 ppc64le
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/syscall_linux_riscv64.go b/controller-utils/vendor/golang.org/x/sys/unix/syscall_linux_riscv64.go
index 5e6ceee12..6f5a28894 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/syscall_linux_riscv64.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/syscall_linux_riscv64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build riscv64 && linux
-// +build riscv64,linux
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/syscall_linux_s390x.go b/controller-utils/vendor/golang.org/x/sys/unix/syscall_linux_s390x.go
index 2f89e8f5d..66f31210d 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/syscall_linux_s390x.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/syscall_linux_s390x.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build s390x && linux
-// +build s390x,linux
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/syscall_linux_sparc64.go b/controller-utils/vendor/golang.org/x/sys/unix/syscall_linux_sparc64.go
index 7ca064ae7..11d1f1698 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/syscall_linux_sparc64.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/syscall_linux_sparc64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build sparc64 && linux
-// +build sparc64,linux
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/syscall_netbsd_386.go b/controller-utils/vendor/golang.org/x/sys/unix/syscall_netbsd_386.go
index 5199d282f..7a5eb5743 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/syscall_netbsd_386.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/syscall_netbsd_386.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build 386 && netbsd
-// +build 386,netbsd
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/syscall_netbsd_amd64.go b/controller-utils/vendor/golang.org/x/sys/unix/syscall_netbsd_amd64.go
index 70a9c52e9..62d8957ae 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/syscall_netbsd_amd64.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/syscall_netbsd_amd64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build amd64 && netbsd
-// +build amd64,netbsd
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/syscall_netbsd_arm.go b/controller-utils/vendor/golang.org/x/sys/unix/syscall_netbsd_arm.go
index 3eb5942f9..ce6a06885 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/syscall_netbsd_arm.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/syscall_netbsd_arm.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build arm && netbsd
-// +build arm,netbsd
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/syscall_netbsd_arm64.go b/controller-utils/vendor/golang.org/x/sys/unix/syscall_netbsd_arm64.go
index fc6ccfd81..d46d689d1 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/syscall_netbsd_arm64.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/syscall_netbsd_arm64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build arm64 && netbsd
-// +build arm64,netbsd
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/syscall_openbsd.go b/controller-utils/vendor/golang.org/x/sys/unix/syscall_openbsd.go
index 6f34479b5..d2882ee04 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/syscall_openbsd.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/syscall_openbsd.go
@@ -137,18 +137,13 @@ func sendfile(outfd int, infd int, offset *int64, count int) (written int, err e
 }
 
 func Getfsstat(buf []Statfs_t, flags int) (n int, err error) {
-	var _p0 unsafe.Pointer
+	var bufptr *Statfs_t
 	var bufsize uintptr
 	if len(buf) > 0 {
-		_p0 = unsafe.Pointer(&buf[0])
+		bufptr = &buf[0]
 		bufsize = unsafe.Sizeof(Statfs_t{}) * uintptr(len(buf))
 	}
-	r0, _, e1 := Syscall(SYS_GETFSSTAT, uintptr(_p0), bufsize, uintptr(flags))
-	n = int(r0)
-	if e1 != 0 {
-		err = e1
-	}
-	return
+	return getfsstat(bufptr, bufsize, flags)
 }
 
 //sysnb	getresuid(ruid *_C_int, euid *_C_int, suid *_C_int)
@@ -326,4 +321,7 @@ func Uname(uname *Utsname) error {
 //sys	write(fd int, p []byte) (n int, err error)
 //sys	mmap(addr uintptr, length uintptr, prot int, flag int, fd int, pos int64) (ret uintptr, err error)
 //sys	munmap(addr uintptr, length uintptr) (err error)
+//sys	getfsstat(stat *Statfs_t, bufsize uintptr, flags int) (n int, err error)
 //sys	utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error)
+//sys	pledge(promises *byte, execpromises *byte) (err error)
+//sys	unveil(path *byte, flags *byte) (err error)
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/syscall_openbsd_386.go b/controller-utils/vendor/golang.org/x/sys/unix/syscall_openbsd_386.go
index 6baabcdcb..9ddc89f4f 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/syscall_openbsd_386.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/syscall_openbsd_386.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build 386 && openbsd
-// +build 386,openbsd
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/syscall_openbsd_amd64.go b/controller-utils/vendor/golang.org/x/sys/unix/syscall_openbsd_amd64.go
index bab25360e..70a3c96ee 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/syscall_openbsd_amd64.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/syscall_openbsd_amd64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build amd64 && openbsd
-// +build amd64,openbsd
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/syscall_openbsd_arm.go b/controller-utils/vendor/golang.org/x/sys/unix/syscall_openbsd_arm.go
index 8eed3c4d4..265caa87f 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/syscall_openbsd_arm.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/syscall_openbsd_arm.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build arm && openbsd
-// +build arm,openbsd
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/syscall_openbsd_arm64.go b/controller-utils/vendor/golang.org/x/sys/unix/syscall_openbsd_arm64.go
index 483dde99d..ac4fda171 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/syscall_openbsd_arm64.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/syscall_openbsd_arm64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build arm64 && openbsd
-// +build arm64,openbsd
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/syscall_openbsd_libc.go b/controller-utils/vendor/golang.org/x/sys/unix/syscall_openbsd_libc.go
index 04aa43f41..0a451e6dd 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/syscall_openbsd_libc.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/syscall_openbsd_libc.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build openbsd
-// +build openbsd
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/syscall_openbsd_ppc64.go b/controller-utils/vendor/golang.org/x/sys/unix/syscall_openbsd_ppc64.go
index c2796139c..30a308cbb 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/syscall_openbsd_ppc64.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/syscall_openbsd_ppc64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build ppc64 && openbsd
-// +build ppc64,openbsd
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/syscall_openbsd_riscv64.go b/controller-utils/vendor/golang.org/x/sys/unix/syscall_openbsd_riscv64.go
index 23199a7ff..ea954330f 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/syscall_openbsd_riscv64.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/syscall_openbsd_riscv64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build riscv64 && openbsd
-// +build riscv64,openbsd
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/syscall_solaris.go b/controller-utils/vendor/golang.org/x/sys/unix/syscall_solaris.go
index b99cfa134..60c8142d4 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/syscall_solaris.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/syscall_solaris.go
@@ -128,7 +128,8 @@ func (sa *SockaddrUnix) sockaddr() (unsafe.Pointer, _Socklen, error) {
 	if n > 0 {
 		sl += _Socklen(n) + 1
 	}
-	if sa.raw.Path[0] == '@' {
+	if sa.raw.Path[0] == '@' || (sa.raw.Path[0] == 0 && sl > 3) {
+		// Check sl > 3 so we don't change unnamed socket behavior.
 		sa.raw.Path[0] = 0
 		// Don't count trailing NUL for abstract address.
 		sl--
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/syscall_solaris_amd64.go b/controller-utils/vendor/golang.org/x/sys/unix/syscall_solaris_amd64.go
index 0bd25ef81..e02d8ceae 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/syscall_solaris_amd64.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/syscall_solaris_amd64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build amd64 && solaris
-// +build amd64,solaris
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/syscall_unix.go b/controller-utils/vendor/golang.org/x/sys/unix/syscall_unix.go
index f6eda2705..77081de8c 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/syscall_unix.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/syscall_unix.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris
-// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/syscall_unix_gc.go b/controller-utils/vendor/golang.org/x/sys/unix/syscall_unix_gc.go
index b6919ca58..05c95bccf 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/syscall_unix_gc.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/syscall_unix_gc.go
@@ -3,8 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build (darwin || dragonfly || freebsd || (linux && !ppc64 && !ppc64le) || netbsd || openbsd || solaris) && gc
-// +build darwin dragonfly freebsd linux,!ppc64,!ppc64le netbsd openbsd solaris
-// +build gc
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/syscall_unix_gc_ppc64x.go b/controller-utils/vendor/golang.org/x/sys/unix/syscall_unix_gc_ppc64x.go
index f6f707acf..23f39b7af 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/syscall_unix_gc_ppc64x.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/syscall_unix_gc_ppc64x.go
@@ -3,9 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build linux && (ppc64le || ppc64) && gc
-// +build linux
-// +build ppc64le ppc64
-// +build gc
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/syscall_zos_s390x.go b/controller-utils/vendor/golang.org/x/sys/unix/syscall_zos_s390x.go
index 4596d041c..d99d05f1b 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/syscall_zos_s390x.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/syscall_zos_s390x.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build zos && s390x
-// +build zos,s390x
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/sysvshm_linux.go b/controller-utils/vendor/golang.org/x/sys/unix/sysvshm_linux.go
index 2c3a4437f..4fcd38de2 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/sysvshm_linux.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/sysvshm_linux.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build linux
-// +build linux
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/sysvshm_unix.go b/controller-utils/vendor/golang.org/x/sys/unix/sysvshm_unix.go
index 5bb41d17b..79a84f18b 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/sysvshm_unix.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/sysvshm_unix.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build (darwin && !ios) || linux
-// +build darwin,!ios linux
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/sysvshm_unix_other.go b/controller-utils/vendor/golang.org/x/sys/unix/sysvshm_unix_other.go
index 71bddefdb..9eb0db664 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/sysvshm_unix_other.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/sysvshm_unix_other.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build darwin && !ios
-// +build darwin,!ios
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/timestruct.go b/controller-utils/vendor/golang.org/x/sys/unix/timestruct.go
index 616b1b284..7997b1902 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/timestruct.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/timestruct.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos
-// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris zos
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/unveil_openbsd.go b/controller-utils/vendor/golang.org/x/sys/unix/unveil_openbsd.go
index 168d5ae77..cb7e598ce 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/unveil_openbsd.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/unveil_openbsd.go
@@ -4,39 +4,48 @@
 
 package unix
 
-import (
-	"syscall"
-	"unsafe"
-)
+import "fmt"
 
 // Unveil implements the unveil syscall.
 // For more information see unveil(2).
 // Note that the special case of blocking further
 // unveil calls is handled by UnveilBlock.
 func Unveil(path string, flags string) error {
-	pathPtr, err := syscall.BytePtrFromString(path)
-	if err != nil {
+	if err := supportsUnveil(); err != nil {
 		return err
 	}
-	flagsPtr, err := syscall.BytePtrFromString(flags)
+	pathPtr, err := BytePtrFromString(path)
 	if err != nil {
 		return err
 	}
-	_, _, e := syscall.Syscall(SYS_UNVEIL, uintptr(unsafe.Pointer(pathPtr)), uintptr(unsafe.Pointer(flagsPtr)), 0)
-	if e != 0 {
-		return e
+	flagsPtr, err := BytePtrFromString(flags)
+	if err != nil {
+		return err
 	}
-	return nil
+	return unveil(pathPtr, flagsPtr)
 }
 
 // UnveilBlock blocks future unveil calls.
 // For more information see unveil(2).
 func UnveilBlock() error {
-	// Both pointers must be nil.
-	var pathUnsafe, flagsUnsafe unsafe.Pointer
-	_, _, e := syscall.Syscall(SYS_UNVEIL, uintptr(pathUnsafe), uintptr(flagsUnsafe), 0)
-	if e != 0 {
-		return e
+	if err := supportsUnveil(); err != nil {
+		return err
 	}
+	return unveil(nil, nil)
+}
+
+// supportsUnveil checks for availability of the unveil(2) system call based
+// on the running OpenBSD version.
+func supportsUnveil() error {
+	maj, min, err := majmin()
+	if err != nil {
+		return err
+	}
+
+	// unveil is not available before 6.4
+	if maj < 6 || (maj == 6 && min <= 3) {
+		return fmt.Errorf("cannot call Unveil on OpenBSD %d.%d", maj, min)
+	}
+
 	return nil
 }
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/xattr_bsd.go b/controller-utils/vendor/golang.org/x/sys/unix/xattr_bsd.go
index f5f8e9f36..e16879396 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/xattr_bsd.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/xattr_bsd.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build freebsd || netbsd
-// +build freebsd netbsd
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zerrors_aix_ppc.go b/controller-utils/vendor/golang.org/x/sys/unix/zerrors_aix_ppc.go
index ca9799b79..2fb219d78 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zerrors_aix_ppc.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zerrors_aix_ppc.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build ppc && aix
-// +build ppc,aix
 
 // Created by cgo -godefs - DO NOT EDIT
 // cgo -godefs -- -maix32 _const.go
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zerrors_aix_ppc64.go b/controller-utils/vendor/golang.org/x/sys/unix/zerrors_aix_ppc64.go
index 200c8c26f..b0e6f5c85 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zerrors_aix_ppc64.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zerrors_aix_ppc64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build ppc64 && aix
-// +build ppc64,aix
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -maix64 _const.go
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zerrors_darwin_amd64.go b/controller-utils/vendor/golang.org/x/sys/unix/zerrors_darwin_amd64.go
index 143007627..e40fa8524 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zerrors_darwin_amd64.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zerrors_darwin_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build amd64 && darwin
-// +build amd64,darwin
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -m64 _const.go
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zerrors_darwin_arm64.go b/controller-utils/vendor/golang.org/x/sys/unix/zerrors_darwin_arm64.go
index ab044a742..bb02aa6c0 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zerrors_darwin_arm64.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zerrors_darwin_arm64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm64 && darwin
-// +build arm64,darwin
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -m64 _const.go
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zerrors_dragonfly_amd64.go b/controller-utils/vendor/golang.org/x/sys/unix/zerrors_dragonfly_amd64.go
index 17bba0e44..c0e0f8694 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zerrors_dragonfly_amd64.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zerrors_dragonfly_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build amd64 && dragonfly
-// +build amd64,dragonfly
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -m64 _const.go
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zerrors_freebsd_386.go b/controller-utils/vendor/golang.org/x/sys/unix/zerrors_freebsd_386.go
index f8c2c5138..6c6923906 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zerrors_freebsd_386.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zerrors_freebsd_386.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build 386 && freebsd
-// +build 386,freebsd
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -m32 _const.go
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zerrors_freebsd_amd64.go b/controller-utils/vendor/golang.org/x/sys/unix/zerrors_freebsd_amd64.go
index 96310c3be..dd9163f8e 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zerrors_freebsd_amd64.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zerrors_freebsd_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build amd64 && freebsd
-// +build amd64,freebsd
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -m64 _const.go
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zerrors_freebsd_arm.go b/controller-utils/vendor/golang.org/x/sys/unix/zerrors_freebsd_arm.go
index 777b69def..493a2a793 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zerrors_freebsd_arm.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zerrors_freebsd_arm.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm && freebsd
-// +build arm,freebsd
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- _const.go
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zerrors_freebsd_arm64.go b/controller-utils/vendor/golang.org/x/sys/unix/zerrors_freebsd_arm64.go
index c557ac2db..8b437b307 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zerrors_freebsd_arm64.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zerrors_freebsd_arm64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm64 && freebsd
-// +build arm64,freebsd
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -m64 _const.go
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zerrors_freebsd_riscv64.go b/controller-utils/vendor/golang.org/x/sys/unix/zerrors_freebsd_riscv64.go
index 341b4d962..67c02dd57 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zerrors_freebsd_riscv64.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zerrors_freebsd_riscv64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build riscv64 && freebsd
-// +build riscv64,freebsd
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -m64 _const.go
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zerrors_linux.go b/controller-utils/vendor/golang.org/x/sys/unix/zerrors_linux.go
index f9c7f479b..9c00cbf51 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zerrors_linux.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zerrors_linux.go
@@ -1,7 +1,6 @@
 // Code generated by mkmerge; DO NOT EDIT.
 
 //go:build linux
-// +build linux
 
 package unix
 
@@ -481,10 +480,14 @@ const (
 	BPF_FROM_BE                                 = 0x8
 	BPF_FROM_LE                                 = 0x0
 	BPF_FS_MAGIC                                = 0xcafe4a11
+	BPF_F_AFTER                                 = 0x10
 	BPF_F_ALLOW_MULTI                           = 0x2
 	BPF_F_ALLOW_OVERRIDE                        = 0x1
 	BPF_F_ANY_ALIGNMENT                         = 0x2
-	BPF_F_KPROBE_MULTI_RETURN                   = 0x1
+	BPF_F_BEFORE                                = 0x8
+	BPF_F_ID                                    = 0x20
+	BPF_F_LINK                                  = 0x2000
+	BPF_F_NETFILTER_IP_DEFRAG                   = 0x1
 	BPF_F_QUERY_EFFECTIVE                       = 0x1
 	BPF_F_REPLACE                               = 0x4
 	BPF_F_SLEEPABLE                             = 0x10
@@ -521,6 +524,7 @@ const (
 	BPF_MAJOR_VERSION                           = 0x1
 	BPF_MAXINSNS                                = 0x1000
 	BPF_MEM                                     = 0x60
+	BPF_MEMSX                                   = 0x80
 	BPF_MEMWORDS                                = 0x10
 	BPF_MINOR_VERSION                           = 0x1
 	BPF_MISC                                    = 0x7
@@ -776,6 +780,8 @@ const (
 	DEVLINK_GENL_MCGRP_CONFIG_NAME              = "config"
 	DEVLINK_GENL_NAME                           = "devlink"
 	DEVLINK_GENL_VERSION                        = 0x1
+	DEVLINK_PORT_FN_CAP_IPSEC_CRYPTO            = 0x4
+	DEVLINK_PORT_FN_CAP_IPSEC_PACKET            = 0x8
 	DEVLINK_PORT_FN_CAP_MIGRATABLE              = 0x2
 	DEVLINK_PORT_FN_CAP_ROCE                    = 0x1
 	DEVLINK_SB_THRESHOLD_TO_ALPHA_MAX           = 0x14
@@ -1698,6 +1704,7 @@ const (
 	KEXEC_ON_CRASH                              = 0x1
 	KEXEC_PRESERVE_CONTEXT                      = 0x2
 	KEXEC_SEGMENT_MAX                           = 0x10
+	KEXEC_UPDATE_ELFCOREHDR                     = 0x4
 	KEYCTL_ASSUME_AUTHORITY                     = 0x10
 	KEYCTL_CAPABILITIES                         = 0x1f
 	KEYCTL_CAPS0_BIG_KEY                        = 0x10
@@ -2275,6 +2282,7 @@ const (
 	PERF_MEM_LVLNUM_PMEM                        = 0xe
 	PERF_MEM_LVLNUM_RAM                         = 0xd
 	PERF_MEM_LVLNUM_SHIFT                       = 0x21
+	PERF_MEM_LVLNUM_UNC                         = 0x8
 	PERF_MEM_LVL_HIT                            = 0x2
 	PERF_MEM_LVL_IO                             = 0x1000
 	PERF_MEM_LVL_L1                             = 0x8
@@ -3461,6 +3469,7 @@ const (
 	XDP_PACKET_HEADROOM                         = 0x100
 	XDP_PGOFF_RX_RING                           = 0x0
 	XDP_PGOFF_TX_RING                           = 0x80000000
+	XDP_PKT_CONTD                               = 0x1
 	XDP_RING_NEED_WAKEUP                        = 0x1
 	XDP_RX_RING                                 = 0x2
 	XDP_SHARED_UMEM                             = 0x1
@@ -3473,6 +3482,7 @@ const (
 	XDP_UMEM_REG                                = 0x4
 	XDP_UMEM_UNALIGNED_CHUNK_FLAG               = 0x1
 	XDP_USE_NEED_WAKEUP                         = 0x8
+	XDP_USE_SG                                  = 0x10
 	XDP_ZEROCOPY                                = 0x4
 	XENFS_SUPER_MAGIC                           = 0xabba1974
 	XFS_SUPER_MAGIC                             = 0x58465342
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zerrors_linux_386.go b/controller-utils/vendor/golang.org/x/sys/unix/zerrors_linux_386.go
index 30aee00a5..4920821cf 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zerrors_linux_386.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zerrors_linux_386.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build 386 && linux
-// +build 386,linux
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -Wall -Werror -static -I/tmp/386/include -m32 _const.go
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go b/controller-utils/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go
index 8ebfa5127..a0c1e4112 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build amd64 && linux
-// +build amd64,linux
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -Wall -Werror -static -I/tmp/amd64/include -m64 _const.go
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go b/controller-utils/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go
index 271a21cdc..c63985560 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm && linux
-// +build arm,linux
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -Wall -Werror -static -I/tmp/arm/include _const.go
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go b/controller-utils/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go
index 910c330a3..47cc62e25 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm64 && linux
-// +build arm64,linux
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -Wall -Werror -static -I/tmp/arm64/include -fsigned-char _const.go
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go b/controller-utils/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go
index a640798c9..27ac4a09e 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build loong64 && linux
-// +build loong64,linux
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -Wall -Werror -static -I/tmp/loong64/include _const.go
@@ -119,6 +118,7 @@ const (
 	IXOFF                            = 0x1000
 	IXON                             = 0x400
 	LASX_CTX_MAGIC                   = 0x41535801
+	LBT_CTX_MAGIC                    = 0x42540001
 	LSX_CTX_MAGIC                    = 0x53580001
 	MAP_ANON                         = 0x20
 	MAP_ANONYMOUS                    = 0x20
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go b/controller-utils/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go
index 0d5925d34..54694642a 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build mips && linux
-// +build mips,linux
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -Wall -Werror -static -I/tmp/mips/include _const.go
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go b/controller-utils/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go
index d72a00e0b..3adb81d75 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build mips64 && linux
-// +build mips64,linux
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -Wall -Werror -static -I/tmp/mips64/include _const.go
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go b/controller-utils/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go
index 02ba129f8..2dfe98f0d 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build mips64le && linux
-// +build mips64le,linux
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -Wall -Werror -static -I/tmp/mips64le/include _const.go
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go b/controller-utils/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go
index 8daa6dd96..f5398f84f 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build mipsle && linux
-// +build mipsle,linux
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -Wall -Werror -static -I/tmp/mipsle/include _const.go
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go b/controller-utils/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go
index 63c8fa2f7..c54f152d6 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build ppc && linux
-// +build ppc,linux
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -Wall -Werror -static -I/tmp/ppc/include _const.go
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go b/controller-utils/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go
index 930799ec1..76057dc72 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build ppc64 && linux
-// +build ppc64,linux
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -Wall -Werror -static -I/tmp/ppc64/include _const.go
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go b/controller-utils/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go
index 8605a7dd7..e0c3725e2 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build ppc64le && linux
-// +build ppc64le,linux
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -Wall -Werror -static -I/tmp/ppc64le/include _const.go
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go b/controller-utils/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go
index 95a016f1c..18f2813ed 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build riscv64 && linux
-// +build riscv64,linux
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -Wall -Werror -static -I/tmp/riscv64/include _const.go
@@ -228,6 +227,9 @@ const (
 	PPPIOCUNBRIDGECHAN               = 0x7434
 	PPPIOCXFERUNIT                   = 0x744e
 	PR_SET_PTRACER_ANY               = 0xffffffffffffffff
+	PTRACE_GETFDPIC                  = 0x21
+	PTRACE_GETFDPIC_EXEC             = 0x0
+	PTRACE_GETFDPIC_INTERP           = 0x1
 	RLIMIT_AS                        = 0x9
 	RLIMIT_MEMLOCK                   = 0x8
 	RLIMIT_NOFILE                    = 0x7
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go b/controller-utils/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go
index 1ae0108f5..11619d4ec 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build s390x && linux
-// +build s390x,linux
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -Wall -Werror -static -I/tmp/s390x/include -fsigned-char _const.go
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go b/controller-utils/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go
index 1bb7c6333..396d994da 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build sparc64 && linux
-// +build sparc64,linux
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -Wall -Werror -static -I/tmp/sparc64/include _const.go
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zerrors_netbsd_386.go b/controller-utils/vendor/golang.org/x/sys/unix/zerrors_netbsd_386.go
index 72f7420d2..130085df4 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zerrors_netbsd_386.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zerrors_netbsd_386.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build 386 && netbsd
-// +build 386,netbsd
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -m32 _const.go
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zerrors_netbsd_amd64.go b/controller-utils/vendor/golang.org/x/sys/unix/zerrors_netbsd_amd64.go
index 8d4eb0c08..84769a1a3 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zerrors_netbsd_amd64.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zerrors_netbsd_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build amd64 && netbsd
-// +build amd64,netbsd
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -m64 _const.go
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zerrors_netbsd_arm.go b/controller-utils/vendor/golang.org/x/sys/unix/zerrors_netbsd_arm.go
index 9eef9749f..602ded003 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zerrors_netbsd_arm.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zerrors_netbsd_arm.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm && netbsd
-// +build arm,netbsd
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -marm _const.go
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zerrors_netbsd_arm64.go b/controller-utils/vendor/golang.org/x/sys/unix/zerrors_netbsd_arm64.go
index 3b62ba192..efc0406ee 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zerrors_netbsd_arm64.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zerrors_netbsd_arm64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm64 && netbsd
-// +build arm64,netbsd
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -m64 _const.go
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zerrors_openbsd_386.go b/controller-utils/vendor/golang.org/x/sys/unix/zerrors_openbsd_386.go
index af20e474b..5a6500f83 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zerrors_openbsd_386.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zerrors_openbsd_386.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build 386 && openbsd
-// +build 386,openbsd
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -m32 _const.go
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zerrors_openbsd_amd64.go b/controller-utils/vendor/golang.org/x/sys/unix/zerrors_openbsd_amd64.go
index 6015fcb2b..a5aeeb979 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zerrors_openbsd_amd64.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zerrors_openbsd_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build amd64 && openbsd
-// +build amd64,openbsd
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -m64 _const.go
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zerrors_openbsd_arm.go b/controller-utils/vendor/golang.org/x/sys/unix/zerrors_openbsd_arm.go
index 8d44955e4..0e9748a72 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zerrors_openbsd_arm.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zerrors_openbsd_arm.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm && openbsd
-// +build arm,openbsd
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- _const.go
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zerrors_openbsd_arm64.go b/controller-utils/vendor/golang.org/x/sys/unix/zerrors_openbsd_arm64.go
index ae16fe754..4f4449abc 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zerrors_openbsd_arm64.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zerrors_openbsd_arm64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm64 && openbsd
-// +build arm64,openbsd
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -m64 _const.go
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zerrors_openbsd_mips64.go b/controller-utils/vendor/golang.org/x/sys/unix/zerrors_openbsd_mips64.go
index 03d90fe35..76a363f0f 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zerrors_openbsd_mips64.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zerrors_openbsd_mips64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build mips64 && openbsd
-// +build mips64,openbsd
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -m64 _const.go
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zerrors_openbsd_ppc64.go b/controller-utils/vendor/golang.org/x/sys/unix/zerrors_openbsd_ppc64.go
index 8e2c51b1e..43ca0cdfd 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zerrors_openbsd_ppc64.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zerrors_openbsd_ppc64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build ppc64 && openbsd
-// +build ppc64,openbsd
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -m64 _const.go
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zerrors_openbsd_riscv64.go b/controller-utils/vendor/golang.org/x/sys/unix/zerrors_openbsd_riscv64.go
index 13d403031..b1b8bb200 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zerrors_openbsd_riscv64.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zerrors_openbsd_riscv64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build riscv64 && openbsd
-// +build riscv64,openbsd
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -m64 _const.go
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zerrors_solaris_amd64.go b/controller-utils/vendor/golang.org/x/sys/unix/zerrors_solaris_amd64.go
index 1afee6a08..d2ddd3176 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zerrors_solaris_amd64.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zerrors_solaris_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build amd64 && solaris
-// +build amd64,solaris
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -m64 _const.go
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zerrors_zos_s390x.go b/controller-utils/vendor/golang.org/x/sys/unix/zerrors_zos_s390x.go
index fc7d0506f..4dfd2e051 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zerrors_zos_s390x.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zerrors_zos_s390x.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build zos && s390x
-// +build zos,s390x
 
 // Hand edited based on zerrors_linux_s390x.go
 // TODO: auto-generate.
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zptrace_armnn_linux.go b/controller-utils/vendor/golang.org/x/sys/unix/zptrace_armnn_linux.go
index 97f20ca28..586317c78 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zptrace_armnn_linux.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zptrace_armnn_linux.go
@@ -1,8 +1,6 @@
 // Code generated by linux/mkall.go generatePtracePair("arm", "arm64"). DO NOT EDIT.
 
 //go:build linux && (arm || arm64)
-// +build linux
-// +build arm arm64
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zptrace_mipsnn_linux.go b/controller-utils/vendor/golang.org/x/sys/unix/zptrace_mipsnn_linux.go
index 0b5f79430..d7c881be7 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zptrace_mipsnn_linux.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zptrace_mipsnn_linux.go
@@ -1,8 +1,6 @@
 // Code generated by linux/mkall.go generatePtracePair("mips", "mips64"). DO NOT EDIT.
 
 //go:build linux && (mips || mips64)
-// +build linux
-// +build mips mips64
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zptrace_mipsnnle_linux.go b/controller-utils/vendor/golang.org/x/sys/unix/zptrace_mipsnnle_linux.go
index 2807f7e64..2d2de5d29 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zptrace_mipsnnle_linux.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zptrace_mipsnnle_linux.go
@@ -1,8 +1,6 @@
 // Code generated by linux/mkall.go generatePtracePair("mipsle", "mips64le"). DO NOT EDIT.
 
 //go:build linux && (mipsle || mips64le)
-// +build linux
-// +build mipsle mips64le
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zptrace_x86_linux.go b/controller-utils/vendor/golang.org/x/sys/unix/zptrace_x86_linux.go
index 281ea64e3..5adc79fb5 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zptrace_x86_linux.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zptrace_x86_linux.go
@@ -1,8 +1,6 @@
 // Code generated by linux/mkall.go generatePtracePair("386", "amd64"). DO NOT EDIT.
 
 //go:build linux && (386 || amd64)
-// +build linux
-// +build 386 amd64
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc.go b/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc.go
index d1d1d2331..6ea64a3c0 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build aix && ppc
-// +build aix,ppc
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64.go b/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64.go
index f99a18adc..99ee4399a 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build aix && ppc64
-// +build aix,ppc64
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gc.go b/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gc.go
index c4d50ae50..b68a78362 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gc.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gc.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build aix && ppc64 && gc
-// +build aix,ppc64,gc
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gccgo.go b/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gccgo.go
index 6903d3b09..0a87450bf 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gccgo.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gccgo.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build aix && ppc64 && gccgo
-// +build aix,ppc64,gccgo
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.go b/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.go
index 1cad561e9..ccb02f240 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build darwin && amd64
-// +build darwin,amd64
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go b/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go
index b18edbd0e..1b40b997b 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build darwin && arm64
-// +build darwin,arm64
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_dragonfly_amd64.go b/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_dragonfly_amd64.go
index 0c67df64a..aad65fc79 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_dragonfly_amd64.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_dragonfly_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build dragonfly && amd64
-// +build dragonfly,amd64
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_freebsd_386.go b/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_freebsd_386.go
index e6e05d145..c0096391a 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_freebsd_386.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_freebsd_386.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build freebsd && 386
-// +build freebsd,386
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_freebsd_amd64.go b/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_freebsd_amd64.go
index 7508accac..7664df749 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_freebsd_amd64.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_freebsd_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build freebsd && amd64
-// +build freebsd,amd64
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm.go b/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm.go
index 7b56aead4..ae099182c 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build freebsd && arm
-// +build freebsd,arm
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm64.go b/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm64.go
index cc623dcaa..11fd5d45b 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm64.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build freebsd && arm64
-// +build freebsd,arm64
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_freebsd_riscv64.go b/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_freebsd_riscv64.go
index 581849197..c3d2d6530 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_freebsd_riscv64.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_freebsd_riscv64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build freebsd && riscv64
-// +build freebsd,riscv64
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_illumos_amd64.go b/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_illumos_amd64.go
index 6be25cd19..c698cbc01 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_illumos_amd64.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_illumos_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build illumos && amd64
-// +build illumos,amd64
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_linux.go b/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_linux.go
index 1ff3aec74..faca7a557 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_linux.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_linux.go
@@ -1,7 +1,6 @@
 // Code generated by mkmerge; DO NOT EDIT.
 
 //go:build linux
-// +build linux
 
 package unix
 
@@ -2195,3 +2194,13 @@ func schedGetattr(pid int, attr *SchedAttr, size uint, flags uint) (err error) {
 	}
 	return
 }
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Cachestat(fd uint, crange *CachestatRange, cstat *Cachestat_t, flags uint) (err error) {
+	_, _, e1 := Syscall6(SYS_CACHESTAT, uintptr(fd), uintptr(unsafe.Pointer(crange)), uintptr(unsafe.Pointer(cstat)), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_linux_386.go b/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_linux_386.go
index 07b549cc2..4def3e9fc 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_linux_386.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_linux_386.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build linux && 386
-// +build linux,386
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_linux_amd64.go b/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_linux_amd64.go
index 5f481bf83..fef2bc8ba 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_linux_amd64.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_linux_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build linux && amd64
-// +build linux,amd64
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_linux_arm.go b/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_linux_arm.go
index 824cd52c7..a9fd76a88 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_linux_arm.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_linux_arm.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build linux && arm
-// +build linux,arm
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_linux_arm64.go b/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_linux_arm64.go
index e77aecfe9..460065028 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_linux_arm64.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_linux_arm64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build linux && arm64
-// +build linux,arm64
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_linux_loong64.go b/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_linux_loong64.go
index 806ffd1e1..c8987d264 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_linux_loong64.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_linux_loong64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build linux && loong64
-// +build linux,loong64
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_linux_mips.go b/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_linux_mips.go
index 961a3afb7..921f43061 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_linux_mips.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_linux_mips.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build linux && mips
-// +build linux,mips
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64.go b/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64.go
index ed05005e9..44f067829 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build linux && mips64
-// +build linux,mips64
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64le.go b/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64le.go
index d365b718f..e7fa0abf0 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64le.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64le.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build linux && mips64le
-// +build linux,mips64le
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_linux_mipsle.go b/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_linux_mipsle.go
index c3f1b8bbd..8c5125675 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_linux_mipsle.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_linux_mipsle.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build linux && mipsle
-// +build linux,mipsle
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc.go b/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc.go
index a6574cf98..7392fd45e 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build linux && ppc
-// +build linux,ppc
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64.go b/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64.go
index f40990264..41180434e 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build linux && ppc64
-// +build linux,ppc64
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64le.go b/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64le.go
index 9dfcc2997..40c6ce7ae 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64le.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64le.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build linux && ppc64le
-// +build linux,ppc64le
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_linux_riscv64.go b/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_linux_riscv64.go
index 0ab4f2ed7..2cfe34adb 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_linux_riscv64.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_linux_riscv64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build linux && riscv64
-// +build linux,riscv64
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_linux_s390x.go b/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_linux_s390x.go
index 6cde32237..61e6f0709 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_linux_s390x.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_linux_s390x.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build linux && s390x
-// +build linux,s390x
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_linux_sparc64.go b/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_linux_sparc64.go
index 5253d65bf..834b84204 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_linux_sparc64.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_linux_sparc64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build linux && sparc64
-// +build linux,sparc64
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_netbsd_386.go b/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_netbsd_386.go
index 2df3c5bac..e91ebc14a 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_netbsd_386.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_netbsd_386.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build netbsd && 386
-// +build netbsd,386
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_netbsd_amd64.go b/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_netbsd_amd64.go
index a60556bab..be28babbc 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_netbsd_amd64.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_netbsd_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build netbsd && amd64
-// +build netbsd,amd64
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm.go b/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm.go
index 9f788917a..fb587e826 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build netbsd && arm
-// +build netbsd,arm
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm64.go b/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm64.go
index 82a4cb2dc..d576438bb 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm64.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build netbsd && arm64
-// +build netbsd,arm64
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go b/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go
index 66b3b6456..88bfc2885 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build openbsd && 386
-// +build openbsd,386
 
 package unix
 
@@ -2213,6 +2212,21 @@ var libc_munmap_trampoline_addr uintptr
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func getfsstat(stat *Statfs_t, bufsize uintptr, flags int) (n int, err error) {
+	r0, _, e1 := syscall_syscall(libc_getfsstat_trampoline_addr, uintptr(unsafe.Pointer(stat)), uintptr(bufsize), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_getfsstat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getfsstat getfsstat "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -2229,3 +2243,33 @@ func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error
 var libc_utimensat_trampoline_addr uintptr
 
 //go:cgo_import_dynamic libc_utimensat utimensat "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func pledge(promises *byte, execpromises *byte) (err error) {
+	_, _, e1 := syscall_syscall(libc_pledge_trampoline_addr, uintptr(unsafe.Pointer(promises)), uintptr(unsafe.Pointer(execpromises)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_pledge_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_pledge pledge "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func unveil(path *byte, flags *byte) (err error) {
+	_, _, e1 := syscall_syscall(libc_unveil_trampoline_addr, uintptr(unsafe.Pointer(path)), uintptr(unsafe.Pointer(flags)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_unveil_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_unveil unveil "libc.so"
+
+
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.s b/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.s
index 3dcacd30d..4cbeff171 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.s
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.s
@@ -668,7 +668,22 @@ TEXT libc_munmap_trampoline<>(SB),NOSPLIT,$0-0
 GLOBL	·libc_munmap_trampoline_addr(SB), RODATA, $4
 DATA	·libc_munmap_trampoline_addr(SB)/4, $libc_munmap_trampoline<>(SB)
 
+TEXT libc_getfsstat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getfsstat(SB)
+GLOBL	·libc_getfsstat_trampoline_addr(SB), RODATA, $4
+DATA	·libc_getfsstat_trampoline_addr(SB)/4, $libc_getfsstat_trampoline<>(SB)
+
 TEXT libc_utimensat_trampoline<>(SB),NOSPLIT,$0-0
 	JMP	libc_utimensat(SB)
 GLOBL	·libc_utimensat_trampoline_addr(SB), RODATA, $4
 DATA	·libc_utimensat_trampoline_addr(SB)/4, $libc_utimensat_trampoline<>(SB)
+
+TEXT libc_pledge_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_pledge(SB)
+GLOBL	·libc_pledge_trampoline_addr(SB), RODATA, $4
+DATA	·libc_pledge_trampoline_addr(SB)/4, $libc_pledge_trampoline<>(SB)
+
+TEXT libc_unveil_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_unveil(SB)
+GLOBL	·libc_unveil_trampoline_addr(SB), RODATA, $4
+DATA	·libc_unveil_trampoline_addr(SB)/4, $libc_unveil_trampoline<>(SB)
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go b/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go
index c5c4cc112..b8a67b99a 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build openbsd && amd64
-// +build openbsd,amd64
 
 package unix
 
@@ -2213,6 +2212,21 @@ var libc_munmap_trampoline_addr uintptr
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func getfsstat(stat *Statfs_t, bufsize uintptr, flags int) (n int, err error) {
+	r0, _, e1 := syscall_syscall(libc_getfsstat_trampoline_addr, uintptr(unsafe.Pointer(stat)), uintptr(bufsize), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_getfsstat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getfsstat getfsstat "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -2229,3 +2243,33 @@ func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error
 var libc_utimensat_trampoline_addr uintptr
 
 //go:cgo_import_dynamic libc_utimensat utimensat "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func pledge(promises *byte, execpromises *byte) (err error) {
+	_, _, e1 := syscall_syscall(libc_pledge_trampoline_addr, uintptr(unsafe.Pointer(promises)), uintptr(unsafe.Pointer(execpromises)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_pledge_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_pledge pledge "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func unveil(path *byte, flags *byte) (err error) {
+	_, _, e1 := syscall_syscall(libc_unveil_trampoline_addr, uintptr(unsafe.Pointer(path)), uintptr(unsafe.Pointer(flags)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_unveil_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_unveil unveil "libc.so"
+
+
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.s b/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.s
index 2763620b0..1123f2757 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.s
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.s
@@ -668,7 +668,22 @@ TEXT libc_munmap_trampoline<>(SB),NOSPLIT,$0-0
 GLOBL	·libc_munmap_trampoline_addr(SB), RODATA, $8
 DATA	·libc_munmap_trampoline_addr(SB)/8, $libc_munmap_trampoline<>(SB)
 
+TEXT libc_getfsstat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getfsstat(SB)
+GLOBL	·libc_getfsstat_trampoline_addr(SB), RODATA, $8
+DATA	·libc_getfsstat_trampoline_addr(SB)/8, $libc_getfsstat_trampoline<>(SB)
+
 TEXT libc_utimensat_trampoline<>(SB),NOSPLIT,$0-0
 	JMP	libc_utimensat(SB)
 GLOBL	·libc_utimensat_trampoline_addr(SB), RODATA, $8
 DATA	·libc_utimensat_trampoline_addr(SB)/8, $libc_utimensat_trampoline<>(SB)
+
+TEXT libc_pledge_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_pledge(SB)
+GLOBL	·libc_pledge_trampoline_addr(SB), RODATA, $8
+DATA	·libc_pledge_trampoline_addr(SB)/8, $libc_pledge_trampoline<>(SB)
+
+TEXT libc_unveil_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_unveil(SB)
+GLOBL	·libc_unveil_trampoline_addr(SB), RODATA, $8
+DATA	·libc_unveil_trampoline_addr(SB)/8, $libc_unveil_trampoline<>(SB)
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go b/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go
index 93bfbb328..af50a65c0 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build openbsd && arm
-// +build openbsd,arm
 
 package unix
 
@@ -2213,6 +2212,21 @@ var libc_munmap_trampoline_addr uintptr
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func getfsstat(stat *Statfs_t, bufsize uintptr, flags int) (n int, err error) {
+	r0, _, e1 := syscall_syscall(libc_getfsstat_trampoline_addr, uintptr(unsafe.Pointer(stat)), uintptr(bufsize), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_getfsstat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getfsstat getfsstat "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -2229,3 +2243,33 @@ func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error
 var libc_utimensat_trampoline_addr uintptr
 
 //go:cgo_import_dynamic libc_utimensat utimensat "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func pledge(promises *byte, execpromises *byte) (err error) {
+	_, _, e1 := syscall_syscall(libc_pledge_trampoline_addr, uintptr(unsafe.Pointer(promises)), uintptr(unsafe.Pointer(execpromises)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_pledge_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_pledge pledge "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func unveil(path *byte, flags *byte) (err error) {
+	_, _, e1 := syscall_syscall(libc_unveil_trampoline_addr, uintptr(unsafe.Pointer(path)), uintptr(unsafe.Pointer(flags)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_unveil_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_unveil unveil "libc.so"
+
+
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.s b/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.s
index c92231404..82badae39 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.s
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.s
@@ -668,7 +668,22 @@ TEXT libc_munmap_trampoline<>(SB),NOSPLIT,$0-0
 GLOBL	·libc_munmap_trampoline_addr(SB), RODATA, $4
 DATA	·libc_munmap_trampoline_addr(SB)/4, $libc_munmap_trampoline<>(SB)
 
+TEXT libc_getfsstat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getfsstat(SB)
+GLOBL	·libc_getfsstat_trampoline_addr(SB), RODATA, $4
+DATA	·libc_getfsstat_trampoline_addr(SB)/4, $libc_getfsstat_trampoline<>(SB)
+
 TEXT libc_utimensat_trampoline<>(SB),NOSPLIT,$0-0
 	JMP	libc_utimensat(SB)
 GLOBL	·libc_utimensat_trampoline_addr(SB), RODATA, $4
 DATA	·libc_utimensat_trampoline_addr(SB)/4, $libc_utimensat_trampoline<>(SB)
+
+TEXT libc_pledge_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_pledge(SB)
+GLOBL	·libc_pledge_trampoline_addr(SB), RODATA, $4
+DATA	·libc_pledge_trampoline_addr(SB)/4, $libc_pledge_trampoline<>(SB)
+
+TEXT libc_unveil_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_unveil(SB)
+GLOBL	·libc_unveil_trampoline_addr(SB), RODATA, $4
+DATA	·libc_unveil_trampoline_addr(SB)/4, $libc_unveil_trampoline<>(SB)
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go b/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go
index a107b8fda..8fb4ff36a 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build openbsd && arm64
-// +build openbsd,arm64
 
 package unix
 
@@ -2213,6 +2212,21 @@ var libc_munmap_trampoline_addr uintptr
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func getfsstat(stat *Statfs_t, bufsize uintptr, flags int) (n int, err error) {
+	r0, _, e1 := syscall_syscall(libc_getfsstat_trampoline_addr, uintptr(unsafe.Pointer(stat)), uintptr(bufsize), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_getfsstat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getfsstat getfsstat "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -2229,3 +2243,33 @@ func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error
 var libc_utimensat_trampoline_addr uintptr
 
 //go:cgo_import_dynamic libc_utimensat utimensat "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func pledge(promises *byte, execpromises *byte) (err error) {
+	_, _, e1 := syscall_syscall(libc_pledge_trampoline_addr, uintptr(unsafe.Pointer(promises)), uintptr(unsafe.Pointer(execpromises)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_pledge_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_pledge pledge "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func unveil(path *byte, flags *byte) (err error) {
+	_, _, e1 := syscall_syscall(libc_unveil_trampoline_addr, uintptr(unsafe.Pointer(path)), uintptr(unsafe.Pointer(flags)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_unveil_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_unveil unveil "libc.so"
+
+
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.s b/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.s
index a6bc32c92..24d7eecb9 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.s
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.s
@@ -668,7 +668,22 @@ TEXT libc_munmap_trampoline<>(SB),NOSPLIT,$0-0
 GLOBL	·libc_munmap_trampoline_addr(SB), RODATA, $8
 DATA	·libc_munmap_trampoline_addr(SB)/8, $libc_munmap_trampoline<>(SB)
 
+TEXT libc_getfsstat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getfsstat(SB)
+GLOBL	·libc_getfsstat_trampoline_addr(SB), RODATA, $8
+DATA	·libc_getfsstat_trampoline_addr(SB)/8, $libc_getfsstat_trampoline<>(SB)
+
 TEXT libc_utimensat_trampoline<>(SB),NOSPLIT,$0-0
 	JMP	libc_utimensat(SB)
 GLOBL	·libc_utimensat_trampoline_addr(SB), RODATA, $8
 DATA	·libc_utimensat_trampoline_addr(SB)/8, $libc_utimensat_trampoline<>(SB)
+
+TEXT libc_pledge_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_pledge(SB)
+GLOBL	·libc_pledge_trampoline_addr(SB), RODATA, $8
+DATA	·libc_pledge_trampoline_addr(SB)/8, $libc_pledge_trampoline<>(SB)
+
+TEXT libc_unveil_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_unveil(SB)
+GLOBL	·libc_unveil_trampoline_addr(SB), RODATA, $8
+DATA	·libc_unveil_trampoline_addr(SB)/8, $libc_unveil_trampoline<>(SB)
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go b/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go
index c427de509..f469a83ee 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build openbsd && mips64
-// +build openbsd,mips64
 
 package unix
 
@@ -2213,6 +2212,21 @@ var libc_munmap_trampoline_addr uintptr
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func getfsstat(stat *Statfs_t, bufsize uintptr, flags int) (n int, err error) {
+	r0, _, e1 := syscall_syscall(libc_getfsstat_trampoline_addr, uintptr(unsafe.Pointer(stat)), uintptr(bufsize), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_getfsstat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getfsstat getfsstat "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -2229,3 +2243,33 @@ func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error
 var libc_utimensat_trampoline_addr uintptr
 
 //go:cgo_import_dynamic libc_utimensat utimensat "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func pledge(promises *byte, execpromises *byte) (err error) {
+	_, _, e1 := syscall_syscall(libc_pledge_trampoline_addr, uintptr(unsafe.Pointer(promises)), uintptr(unsafe.Pointer(execpromises)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_pledge_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_pledge pledge "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func unveil(path *byte, flags *byte) (err error) {
+	_, _, e1 := syscall_syscall(libc_unveil_trampoline_addr, uintptr(unsafe.Pointer(path)), uintptr(unsafe.Pointer(flags)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_unveil_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_unveil unveil "libc.so"
+
+
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.s b/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.s
index b4e7bceab..9a498a067 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.s
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.s
@@ -668,7 +668,22 @@ TEXT libc_munmap_trampoline<>(SB),NOSPLIT,$0-0
 GLOBL	·libc_munmap_trampoline_addr(SB), RODATA, $8
 DATA	·libc_munmap_trampoline_addr(SB)/8, $libc_munmap_trampoline<>(SB)
 
+TEXT libc_getfsstat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getfsstat(SB)
+GLOBL	·libc_getfsstat_trampoline_addr(SB), RODATA, $8
+DATA	·libc_getfsstat_trampoline_addr(SB)/8, $libc_getfsstat_trampoline<>(SB)
+
 TEXT libc_utimensat_trampoline<>(SB),NOSPLIT,$0-0
 	JMP	libc_utimensat(SB)
 GLOBL	·libc_utimensat_trampoline_addr(SB), RODATA, $8
 DATA	·libc_utimensat_trampoline_addr(SB)/8, $libc_utimensat_trampoline<>(SB)
+
+TEXT libc_pledge_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_pledge(SB)
+GLOBL	·libc_pledge_trampoline_addr(SB), RODATA, $8
+DATA	·libc_pledge_trampoline_addr(SB)/8, $libc_pledge_trampoline<>(SB)
+
+TEXT libc_unveil_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_unveil(SB)
+GLOBL	·libc_unveil_trampoline_addr(SB), RODATA, $8
+DATA	·libc_unveil_trampoline_addr(SB)/8, $libc_unveil_trampoline<>(SB)
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.go b/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.go
index 60c1a99ae..c26ca2e1a 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build openbsd && ppc64
-// +build openbsd,ppc64
 
 package unix
 
@@ -2213,6 +2212,21 @@ var libc_munmap_trampoline_addr uintptr
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func getfsstat(stat *Statfs_t, bufsize uintptr, flags int) (n int, err error) {
+	r0, _, e1 := syscall_syscall(libc_getfsstat_trampoline_addr, uintptr(unsafe.Pointer(stat)), uintptr(bufsize), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_getfsstat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getfsstat getfsstat "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -2229,3 +2243,33 @@ func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error
 var libc_utimensat_trampoline_addr uintptr
 
 //go:cgo_import_dynamic libc_utimensat utimensat "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func pledge(promises *byte, execpromises *byte) (err error) {
+	_, _, e1 := syscall_syscall(libc_pledge_trampoline_addr, uintptr(unsafe.Pointer(promises)), uintptr(unsafe.Pointer(execpromises)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_pledge_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_pledge pledge "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func unveil(path *byte, flags *byte) (err error) {
+	_, _, e1 := syscall_syscall(libc_unveil_trampoline_addr, uintptr(unsafe.Pointer(path)), uintptr(unsafe.Pointer(flags)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_unveil_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_unveil unveil "libc.so"
+
+
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.s b/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.s
index ca3f76600..1f224aa41 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.s
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.s
@@ -801,8 +801,26 @@ TEXT libc_munmap_trampoline<>(SB),NOSPLIT,$0-0
 GLOBL	·libc_munmap_trampoline_addr(SB), RODATA, $8
 DATA	·libc_munmap_trampoline_addr(SB)/8, $libc_munmap_trampoline<>(SB)
 
+TEXT libc_getfsstat_trampoline<>(SB),NOSPLIT,$0-0
+	CALL	libc_getfsstat(SB)
+	RET
+GLOBL	·libc_getfsstat_trampoline_addr(SB), RODATA, $8
+DATA	·libc_getfsstat_trampoline_addr(SB)/8, $libc_getfsstat_trampoline<>(SB)
+
 TEXT libc_utimensat_trampoline<>(SB),NOSPLIT,$0-0
 	CALL	libc_utimensat(SB)
 	RET
 GLOBL	·libc_utimensat_trampoline_addr(SB), RODATA, $8
 DATA	·libc_utimensat_trampoline_addr(SB)/8, $libc_utimensat_trampoline<>(SB)
+
+TEXT libc_pledge_trampoline<>(SB),NOSPLIT,$0-0
+	CALL	libc_pledge(SB)
+	RET
+GLOBL	·libc_pledge_trampoline_addr(SB), RODATA, $8
+DATA	·libc_pledge_trampoline_addr(SB)/8, $libc_pledge_trampoline<>(SB)
+
+TEXT libc_unveil_trampoline<>(SB),NOSPLIT,$0-0
+	CALL	libc_unveil(SB)
+	RET
+GLOBL	·libc_unveil_trampoline_addr(SB), RODATA, $8
+DATA	·libc_unveil_trampoline_addr(SB)/8, $libc_unveil_trampoline<>(SB)
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.go b/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.go
index 52eba360f..bcc920dd2 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build openbsd && riscv64
-// +build openbsd,riscv64
 
 package unix
 
@@ -2213,6 +2212,21 @@ var libc_munmap_trampoline_addr uintptr
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func getfsstat(stat *Statfs_t, bufsize uintptr, flags int) (n int, err error) {
+	r0, _, e1 := syscall_syscall(libc_getfsstat_trampoline_addr, uintptr(unsafe.Pointer(stat)), uintptr(bufsize), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_getfsstat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getfsstat getfsstat "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -2229,3 +2243,33 @@ func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error
 var libc_utimensat_trampoline_addr uintptr
 
 //go:cgo_import_dynamic libc_utimensat utimensat "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func pledge(promises *byte, execpromises *byte) (err error) {
+	_, _, e1 := syscall_syscall(libc_pledge_trampoline_addr, uintptr(unsafe.Pointer(promises)), uintptr(unsafe.Pointer(execpromises)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_pledge_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_pledge pledge "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func unveil(path *byte, flags *byte) (err error) {
+	_, _, e1 := syscall_syscall(libc_unveil_trampoline_addr, uintptr(unsafe.Pointer(path)), uintptr(unsafe.Pointer(flags)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_unveil_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_unveil unveil "libc.so"
+
+
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.s b/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.s
index 477a7d5b2..87a79c709 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.s
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.s
@@ -668,7 +668,22 @@ TEXT libc_munmap_trampoline<>(SB),NOSPLIT,$0-0
 GLOBL	·libc_munmap_trampoline_addr(SB), RODATA, $8
 DATA	·libc_munmap_trampoline_addr(SB)/8, $libc_munmap_trampoline<>(SB)
 
+TEXT libc_getfsstat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getfsstat(SB)
+GLOBL	·libc_getfsstat_trampoline_addr(SB), RODATA, $8
+DATA	·libc_getfsstat_trampoline_addr(SB)/8, $libc_getfsstat_trampoline<>(SB)
+
 TEXT libc_utimensat_trampoline<>(SB),NOSPLIT,$0-0
 	JMP	libc_utimensat(SB)
 GLOBL	·libc_utimensat_trampoline_addr(SB), RODATA, $8
 DATA	·libc_utimensat_trampoline_addr(SB)/8, $libc_utimensat_trampoline<>(SB)
+
+TEXT libc_pledge_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_pledge(SB)
+GLOBL	·libc_pledge_trampoline_addr(SB), RODATA, $8
+DATA	·libc_pledge_trampoline_addr(SB)/8, $libc_pledge_trampoline<>(SB)
+
+TEXT libc_unveil_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_unveil(SB)
+GLOBL	·libc_unveil_trampoline_addr(SB), RODATA, $8
+DATA	·libc_unveil_trampoline_addr(SB)/8, $libc_unveil_trampoline<>(SB)
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go b/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go
index b40189464..829b87feb 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build solaris && amd64
-// +build solaris,amd64
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_zos_s390x.go b/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_zos_s390x.go
index 1d8fe1d4b..94f011238 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_zos_s390x.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zsyscall_zos_s390x.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build zos && s390x
-// +build zos,s390x
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zsysctl_openbsd_386.go b/controller-utils/vendor/golang.org/x/sys/unix/zsysctl_openbsd_386.go
index 55e048471..3a58ae819 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zsysctl_openbsd_386.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zsysctl_openbsd_386.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; DO NOT EDIT.
 
 //go:build 386 && openbsd
-// +build 386,openbsd
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zsysctl_openbsd_amd64.go b/controller-utils/vendor/golang.org/x/sys/unix/zsysctl_openbsd_amd64.go
index d2243cf83..dcb7a0eb7 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zsysctl_openbsd_amd64.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zsysctl_openbsd_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; DO NOT EDIT.
 
 //go:build amd64 && openbsd
-// +build amd64,openbsd
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zsysctl_openbsd_arm.go b/controller-utils/vendor/golang.org/x/sys/unix/zsysctl_openbsd_arm.go
index 82dc51bd8..db5a7bf13 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zsysctl_openbsd_arm.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zsysctl_openbsd_arm.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; DO NOT EDIT.
 
 //go:build arm && openbsd
-// +build arm,openbsd
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zsysctl_openbsd_arm64.go b/controller-utils/vendor/golang.org/x/sys/unix/zsysctl_openbsd_arm64.go
index cbdda1a4a..7be575a77 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zsysctl_openbsd_arm64.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zsysctl_openbsd_arm64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; DO NOT EDIT.
 
 //go:build arm64 && openbsd
-// +build arm64,openbsd
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zsysctl_openbsd_mips64.go b/controller-utils/vendor/golang.org/x/sys/unix/zsysctl_openbsd_mips64.go
index f55eae1a8..d6e3174c6 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zsysctl_openbsd_mips64.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zsysctl_openbsd_mips64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; DO NOT EDIT.
 
 //go:build mips64 && openbsd
-// +build mips64,openbsd
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zsysctl_openbsd_ppc64.go b/controller-utils/vendor/golang.org/x/sys/unix/zsysctl_openbsd_ppc64.go
index e44054470..ee97157d0 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zsysctl_openbsd_ppc64.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zsysctl_openbsd_ppc64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; DO NOT EDIT.
 
 //go:build ppc64 && openbsd
-// +build ppc64,openbsd
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zsysctl_openbsd_riscv64.go b/controller-utils/vendor/golang.org/x/sys/unix/zsysctl_openbsd_riscv64.go
index a0db82fce..35c3b91d0 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zsysctl_openbsd_riscv64.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zsysctl_openbsd_riscv64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; DO NOT EDIT.
 
 //go:build riscv64 && openbsd
-// +build riscv64,openbsd
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_darwin_amd64.go b/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_darwin_amd64.go
index f8298ff9b..5edda7687 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_darwin_amd64.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_darwin_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build amd64 && darwin
-// +build amd64,darwin
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_darwin_arm64.go b/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_darwin_arm64.go
index 5eb433bbf..0dc9e8b4d 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_darwin_arm64.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_darwin_arm64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm64 && darwin
-// +build arm64,darwin
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_dragonfly_amd64.go b/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_dragonfly_amd64.go
index 703675c0c..308ddf3a1 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_dragonfly_amd64.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_dragonfly_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build amd64 && dragonfly
-// +build amd64,dragonfly
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_freebsd_386.go b/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_freebsd_386.go
index 4e0d96107..418664e3d 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_freebsd_386.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_freebsd_386.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build 386 && freebsd
-// +build 386,freebsd
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_freebsd_amd64.go b/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_freebsd_amd64.go
index 01636b838..34d0b86d7 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_freebsd_amd64.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_freebsd_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build amd64 && freebsd
-// +build amd64,freebsd
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_freebsd_arm.go b/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_freebsd_arm.go
index ad99bc106..b71cf45e2 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_freebsd_arm.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_freebsd_arm.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm && freebsd
-// +build arm,freebsd
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_freebsd_arm64.go b/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_freebsd_arm64.go
index 89dcc4274..e32df1c1e 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_freebsd_arm64.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_freebsd_arm64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm64 && freebsd
-// +build arm64,freebsd
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_freebsd_riscv64.go b/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_freebsd_riscv64.go
index ee37aaa0c..15ad6111f 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_freebsd_riscv64.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_freebsd_riscv64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build riscv64 && freebsd
-// +build riscv64,freebsd
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go b/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go
index 9862853d3..fcf3ecbdd 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build 386 && linux
-// +build 386,linux
 
 package unix
 
@@ -448,4 +447,5 @@ const (
 	SYS_FUTEX_WAITV                  = 449
 	SYS_SET_MEMPOLICY_HOME_NODE      = 450
 	SYS_CACHESTAT                    = 451
+	SYS_FCHMODAT2                    = 452
 )
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go b/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go
index 8901f0f4e..f56dc2504 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build amd64 && linux
-// +build amd64,linux
 
 package unix
 
@@ -370,4 +369,6 @@ const (
 	SYS_FUTEX_WAITV             = 449
 	SYS_SET_MEMPOLICY_HOME_NODE = 450
 	SYS_CACHESTAT               = 451
+	SYS_FCHMODAT2               = 452
+	SYS_MAP_SHADOW_STACK        = 453
 )
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go b/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go
index 6902c37ee..974bf2467 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm && linux
-// +build arm,linux
 
 package unix
 
@@ -412,4 +411,5 @@ const (
 	SYS_FUTEX_WAITV                  = 449
 	SYS_SET_MEMPOLICY_HOME_NODE      = 450
 	SYS_CACHESTAT                    = 451
+	SYS_FCHMODAT2                    = 452
 )
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go b/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go
index a6d3dff81..39a2739e2 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm64 && linux
-// +build arm64,linux
 
 package unix
 
@@ -315,4 +314,5 @@ const (
 	SYS_FUTEX_WAITV             = 449
 	SYS_SET_MEMPOLICY_HOME_NODE = 450
 	SYS_CACHESTAT               = 451
+	SYS_FCHMODAT2               = 452
 )
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_linux_loong64.go b/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_linux_loong64.go
index b18f3f710..cf9c9d77e 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_linux_loong64.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_linux_loong64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build loong64 && linux
-// +build loong64,linux
 
 package unix
 
@@ -309,4 +308,5 @@ const (
 	SYS_FUTEX_WAITV             = 449
 	SYS_SET_MEMPOLICY_HOME_NODE = 450
 	SYS_CACHESTAT               = 451
+	SYS_FCHMODAT2               = 452
 )
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go b/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go
index 0302e5e3d..10b7362ef 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build mips && linux
-// +build mips,linux
 
 package unix
 
@@ -432,4 +431,5 @@ const (
 	SYS_FUTEX_WAITV                  = 4449
 	SYS_SET_MEMPOLICY_HOME_NODE      = 4450
 	SYS_CACHESTAT                    = 4451
+	SYS_FCHMODAT2                    = 4452
 )
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go b/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go
index 6693ba4a0..cd4d8b4fd 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build mips64 && linux
-// +build mips64,linux
 
 package unix
 
@@ -362,4 +361,5 @@ const (
 	SYS_FUTEX_WAITV             = 5449
 	SYS_SET_MEMPOLICY_HOME_NODE = 5450
 	SYS_CACHESTAT               = 5451
+	SYS_FCHMODAT2               = 5452
 )
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go b/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go
index fd93f4987..2c0efca81 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build mips64le && linux
-// +build mips64le,linux
 
 package unix
 
@@ -362,4 +361,5 @@ const (
 	SYS_FUTEX_WAITV             = 5449
 	SYS_SET_MEMPOLICY_HOME_NODE = 5450
 	SYS_CACHESTAT               = 5451
+	SYS_FCHMODAT2               = 5452
 )
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go b/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go
index 760ddcadc..a72e31d39 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build mipsle && linux
-// +build mipsle,linux
 
 package unix
 
@@ -432,4 +431,5 @@ const (
 	SYS_FUTEX_WAITV                  = 4449
 	SYS_SET_MEMPOLICY_HOME_NODE      = 4450
 	SYS_CACHESTAT                    = 4451
+	SYS_FCHMODAT2                    = 4452
 )
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go b/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go
index cff2b2555..c7d1e3747 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build ppc && linux
-// +build ppc,linux
 
 package unix
 
@@ -439,4 +438,5 @@ const (
 	SYS_FUTEX_WAITV                  = 449
 	SYS_SET_MEMPOLICY_HOME_NODE      = 450
 	SYS_CACHESTAT                    = 451
+	SYS_FCHMODAT2                    = 452
 )
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go b/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go
index a4b2405d0..f4d4838c8 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build ppc64 && linux
-// +build ppc64,linux
 
 package unix
 
@@ -411,4 +410,5 @@ const (
 	SYS_FUTEX_WAITV             = 449
 	SYS_SET_MEMPOLICY_HOME_NODE = 450
 	SYS_CACHESTAT               = 451
+	SYS_FCHMODAT2               = 452
 )
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go b/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go
index aca54b4e3..b64f0e591 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build ppc64le && linux
-// +build ppc64le,linux
 
 package unix
 
@@ -411,4 +410,5 @@ const (
 	SYS_FUTEX_WAITV             = 449
 	SYS_SET_MEMPOLICY_HOME_NODE = 450
 	SYS_CACHESTAT               = 451
+	SYS_FCHMODAT2               = 452
 )
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go b/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go
index 9d1738d64..95711195a 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build riscv64 && linux
-// +build riscv64,linux
 
 package unix
 
@@ -316,4 +315,5 @@ const (
 	SYS_FUTEX_WAITV             = 449
 	SYS_SET_MEMPOLICY_HOME_NODE = 450
 	SYS_CACHESTAT               = 451
+	SYS_FCHMODAT2               = 452
 )
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go b/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go
index 022878dc8..f94e943bc 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build s390x && linux
-// +build s390x,linux
 
 package unix
 
@@ -377,4 +376,5 @@ const (
 	SYS_FUTEX_WAITV             = 449
 	SYS_SET_MEMPOLICY_HOME_NODE = 450
 	SYS_CACHESTAT               = 451
+	SYS_FCHMODAT2               = 452
 )
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go b/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go
index 4100a761c..ba0c2bc51 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build sparc64 && linux
-// +build sparc64,linux
 
 package unix
 
@@ -390,4 +389,5 @@ const (
 	SYS_FUTEX_WAITV             = 449
 	SYS_SET_MEMPOLICY_HOME_NODE = 450
 	SYS_CACHESTAT               = 451
+	SYS_FCHMODAT2               = 452
 )
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_netbsd_386.go b/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_netbsd_386.go
index 3a6699eba..b2aa8cd49 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_netbsd_386.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_netbsd_386.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build 386 && netbsd
-// +build 386,netbsd
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_netbsd_amd64.go b/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_netbsd_amd64.go
index 5677cd4f1..524a1b1c9 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_netbsd_amd64.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_netbsd_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build amd64 && netbsd
-// +build amd64,netbsd
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_netbsd_arm.go b/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_netbsd_arm.go
index e784cb6db..d59b943ac 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_netbsd_arm.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_netbsd_arm.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm && netbsd
-// +build arm,netbsd
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_netbsd_arm64.go b/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_netbsd_arm64.go
index bd4952efa..31e771d53 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_netbsd_arm64.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_netbsd_arm64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; DO NOT EDIT.
 
 //go:build arm64 && netbsd
-// +build arm64,netbsd
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_openbsd_386.go b/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_openbsd_386.go
index 597733813..9fd77c6cb 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_openbsd_386.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_openbsd_386.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build 386 && openbsd
-// +build 386,openbsd
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_openbsd_amd64.go b/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_openbsd_amd64.go
index 16af29189..af10af28c 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_openbsd_amd64.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_openbsd_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build amd64 && openbsd
-// +build amd64,openbsd
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_openbsd_arm.go b/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_openbsd_arm.go
index f59b18a97..cc2028af4 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_openbsd_arm.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_openbsd_arm.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm && openbsd
-// +build arm,openbsd
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_openbsd_arm64.go b/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_openbsd_arm64.go
index 721ef5910..c06dd4415 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_openbsd_arm64.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_openbsd_arm64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm64 && openbsd
-// +build arm64,openbsd
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_openbsd_mips64.go b/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_openbsd_mips64.go
index 01c43a01f..9ddbf3e08 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_openbsd_mips64.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_openbsd_mips64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build mips64 && openbsd
-// +build mips64,openbsd
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_openbsd_ppc64.go b/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_openbsd_ppc64.go
index f258cfa24..19a6ee413 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_openbsd_ppc64.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_openbsd_ppc64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build ppc64 && openbsd
-// +build ppc64,openbsd
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_openbsd_riscv64.go b/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_openbsd_riscv64.go
index 07919e0ec..05192a782 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_openbsd_riscv64.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_openbsd_riscv64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build riscv64 && openbsd
-// +build riscv64,openbsd
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_zos_s390x.go b/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_zos_s390x.go
index 073daad43..b2e308581 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_zos_s390x.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/zsysnum_zos_s390x.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build zos && s390x
-// +build zos,s390x
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/ztypes_aix_ppc.go b/controller-utils/vendor/golang.org/x/sys/unix/ztypes_aix_ppc.go
index 7a8161c1d..3e6d57cae 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/ztypes_aix_ppc.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/ztypes_aix_ppc.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build ppc && aix
-// +build ppc,aix
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/ztypes_aix_ppc64.go b/controller-utils/vendor/golang.org/x/sys/unix/ztypes_aix_ppc64.go
index 07ed733c5..3a219bdce 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/ztypes_aix_ppc64.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/ztypes_aix_ppc64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build ppc64 && aix
-// +build ppc64,aix
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/ztypes_darwin_amd64.go b/controller-utils/vendor/golang.org/x/sys/unix/ztypes_darwin_amd64.go
index 690cefc3d..091d107f3 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/ztypes_darwin_amd64.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/ztypes_darwin_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build amd64 && darwin
-// +build amd64,darwin
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/ztypes_darwin_arm64.go b/controller-utils/vendor/golang.org/x/sys/unix/ztypes_darwin_arm64.go
index 5bffc10ea..28ff4ef74 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/ztypes_darwin_arm64.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/ztypes_darwin_arm64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm64 && darwin
-// +build arm64,darwin
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/ztypes_dragonfly_amd64.go b/controller-utils/vendor/golang.org/x/sys/unix/ztypes_dragonfly_amd64.go
index d0ba8e9b8..30e405bb4 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/ztypes_dragonfly_amd64.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/ztypes_dragonfly_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build amd64 && dragonfly
-// +build amd64,dragonfly
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/ztypes_freebsd_386.go b/controller-utils/vendor/golang.org/x/sys/unix/ztypes_freebsd_386.go
index 29dc48337..6cbd094a3 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/ztypes_freebsd_386.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/ztypes_freebsd_386.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build 386 && freebsd
-// +build 386,freebsd
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/ztypes_freebsd_amd64.go b/controller-utils/vendor/golang.org/x/sys/unix/ztypes_freebsd_amd64.go
index 0a89b2890..7c03b6ee7 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/ztypes_freebsd_amd64.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/ztypes_freebsd_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build amd64 && freebsd
-// +build amd64,freebsd
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm.go b/controller-utils/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm.go
index c8666bb15..422107ee8 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm && freebsd
-// +build arm,freebsd
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm64.go b/controller-utils/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm64.go
index 88fb48a88..505a12acf 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm64.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm64 && freebsd
-// +build arm64,freebsd
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/ztypes_freebsd_riscv64.go b/controller-utils/vendor/golang.org/x/sys/unix/ztypes_freebsd_riscv64.go
index 698dc975e..cc986c790 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/ztypes_freebsd_riscv64.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/ztypes_freebsd_riscv64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build riscv64 && freebsd
-// +build riscv64,freebsd
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/ztypes_linux.go b/controller-utils/vendor/golang.org/x/sys/unix/ztypes_linux.go
index 18aa70b42..997bcd55a 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/ztypes_linux.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/ztypes_linux.go
@@ -1,7 +1,6 @@
 // Code generated by mkmerge; DO NOT EDIT.
 
 //go:build linux
-// +build linux
 
 package unix
 
@@ -5883,3 +5882,15 @@ type SchedAttr struct {
 }
 
 const SizeofSchedAttr = 0x38
+
+type Cachestat_t struct {
+	Cache            uint64
+	Dirty            uint64
+	Writeback        uint64
+	Evicted          uint64
+	Recently_evicted uint64
+}
+type CachestatRange struct {
+	Off uint64
+	Len uint64
+}
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/ztypes_linux_386.go b/controller-utils/vendor/golang.org/x/sys/unix/ztypes_linux_386.go
index 6d8acbcc5..438a30aff 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/ztypes_linux_386.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/ztypes_linux_386.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build 386 && linux
-// +build 386,linux
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go b/controller-utils/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go
index 59293c688..adceca355 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build amd64 && linux
-// +build amd64,linux
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go b/controller-utils/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go
index 40cfa38c2..eeaa00a37 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm && linux
-// +build arm,linux
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go b/controller-utils/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go
index 055bc4216..6739aa91d 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm64 && linux
-// +build arm64,linux
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go b/controller-utils/vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go
index f28affbc6..9920ef631 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build loong64 && linux
-// +build loong64,linux
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go b/controller-utils/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go
index 9d71e7ccd..2923b799a 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build mips && linux
-// +build mips,linux
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go b/controller-utils/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go
index fd5ccd332..ce2750ee4 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build mips64 && linux
-// +build mips64,linux
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go b/controller-utils/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go
index 7704de77a..3038811d7 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build mips64le && linux
-// +build mips64le,linux
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go b/controller-utils/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go
index df00b8757..efc6fed18 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build mipsle && linux
-// +build mipsle,linux
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go b/controller-utils/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go
index 0942840db..9a654b75a 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build ppc && linux
-// +build ppc,linux
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go b/controller-utils/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go
index 034874395..40d358e33 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build ppc64 && linux
-// +build ppc64,linux
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go b/controller-utils/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go
index bad067047..148c6ceb8 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build ppc64le && linux
-// +build ppc64le,linux
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go b/controller-utils/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go
index 1b4c97c32..72ba81543 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build riscv64 && linux
-// +build riscv64,linux
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go b/controller-utils/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go
index aa268d025..71e765508 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build s390x && linux
-// +build s390x,linux
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go b/controller-utils/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go
index 444045b6c..4abbdb9de 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build sparc64 && linux
-// +build sparc64,linux
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/ztypes_netbsd_386.go b/controller-utils/vendor/golang.org/x/sys/unix/ztypes_netbsd_386.go
index 9bc4c8f9d..f22e7947d 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/ztypes_netbsd_386.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/ztypes_netbsd_386.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build 386 && netbsd
-// +build 386,netbsd
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/ztypes_netbsd_amd64.go b/controller-utils/vendor/golang.org/x/sys/unix/ztypes_netbsd_amd64.go
index bb05f655d..066a7d83d 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/ztypes_netbsd_amd64.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/ztypes_netbsd_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build amd64 && netbsd
-// +build amd64,netbsd
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/ztypes_netbsd_arm.go b/controller-utils/vendor/golang.org/x/sys/unix/ztypes_netbsd_arm.go
index db40e3a19..439548ec9 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/ztypes_netbsd_arm.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/ztypes_netbsd_arm.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm && netbsd
-// +build arm,netbsd
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/ztypes_netbsd_arm64.go b/controller-utils/vendor/golang.org/x/sys/unix/ztypes_netbsd_arm64.go
index 11121151c..16085d3bb 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/ztypes_netbsd_arm64.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/ztypes_netbsd_arm64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm64 && netbsd
-// +build arm64,netbsd
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/ztypes_openbsd_386.go b/controller-utils/vendor/golang.org/x/sys/unix/ztypes_openbsd_386.go
index 26eba23b7..afd13a3af 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/ztypes_openbsd_386.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/ztypes_openbsd_386.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build 386 && openbsd
-// +build 386,openbsd
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/ztypes_openbsd_amd64.go b/controller-utils/vendor/golang.org/x/sys/unix/ztypes_openbsd_amd64.go
index 5a5479886..5d97f1f9b 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/ztypes_openbsd_amd64.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/ztypes_openbsd_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build amd64 && openbsd
-// +build amd64,openbsd
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/ztypes_openbsd_arm.go b/controller-utils/vendor/golang.org/x/sys/unix/ztypes_openbsd_arm.go
index be58c4e1f..34871cdc1 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/ztypes_openbsd_arm.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/ztypes_openbsd_arm.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm && openbsd
-// +build arm,openbsd
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/ztypes_openbsd_arm64.go b/controller-utils/vendor/golang.org/x/sys/unix/ztypes_openbsd_arm64.go
index 52338266c..5911bceb3 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/ztypes_openbsd_arm64.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/ztypes_openbsd_arm64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm64 && openbsd
-// +build arm64,openbsd
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/ztypes_openbsd_mips64.go b/controller-utils/vendor/golang.org/x/sys/unix/ztypes_openbsd_mips64.go
index 605cfdb12..e4f24f3bc 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/ztypes_openbsd_mips64.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/ztypes_openbsd_mips64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build mips64 && openbsd
-// +build mips64,openbsd
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/ztypes_openbsd_ppc64.go b/controller-utils/vendor/golang.org/x/sys/unix/ztypes_openbsd_ppc64.go
index d6724c010..ca50a7930 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/ztypes_openbsd_ppc64.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/ztypes_openbsd_ppc64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build ppc64 && openbsd
-// +build ppc64,openbsd
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/ztypes_openbsd_riscv64.go b/controller-utils/vendor/golang.org/x/sys/unix/ztypes_openbsd_riscv64.go
index ddfd27a43..d7d7f7902 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/ztypes_openbsd_riscv64.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/ztypes_openbsd_riscv64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build riscv64 && openbsd
-// +build riscv64,openbsd
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/ztypes_solaris_amd64.go b/controller-utils/vendor/golang.org/x/sys/unix/ztypes_solaris_amd64.go
index 0400747c6..14160576d 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/ztypes_solaris_amd64.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/ztypes_solaris_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build amd64 && solaris
-// +build amd64,solaris
 
 package unix
 
diff --git a/controller-utils/vendor/golang.org/x/sys/unix/ztypes_zos_s390x.go b/controller-utils/vendor/golang.org/x/sys/unix/ztypes_zos_s390x.go
index aec1efcb3..54f31be63 100644
--- a/controller-utils/vendor/golang.org/x/sys/unix/ztypes_zos_s390x.go
+++ b/controller-utils/vendor/golang.org/x/sys/unix/ztypes_zos_s390x.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build zos && s390x
-// +build zos,s390x
 
 // Hand edited based on ztypes_linux_s390x.go
 // TODO: auto-generate.
diff --git a/controller-utils/vendor/golang.org/x/sys/windows/aliases.go b/controller-utils/vendor/golang.org/x/sys/windows/aliases.go
index a20ebea63..ce2d713d6 100644
--- a/controller-utils/vendor/golang.org/x/sys/windows/aliases.go
+++ b/controller-utils/vendor/golang.org/x/sys/windows/aliases.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build windows && go1.9
-// +build windows,go1.9
 
 package windows
 
diff --git a/controller-utils/vendor/golang.org/x/sys/windows/empty.s b/controller-utils/vendor/golang.org/x/sys/windows/empty.s
index fdbbbcd31..ba64caca5 100644
--- a/controller-utils/vendor/golang.org/x/sys/windows/empty.s
+++ b/controller-utils/vendor/golang.org/x/sys/windows/empty.s
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build !go1.12
-// +build !go1.12
 
 // This file is here to allow bodyless functions with go:linkname for Go 1.11
 // and earlier (see https://golang.org/issue/23311).
diff --git a/controller-utils/vendor/golang.org/x/sys/windows/eventlog.go b/controller-utils/vendor/golang.org/x/sys/windows/eventlog.go
index 2cd60645e..6c366955d 100644
--- a/controller-utils/vendor/golang.org/x/sys/windows/eventlog.go
+++ b/controller-utils/vendor/golang.org/x/sys/windows/eventlog.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build windows
-// +build windows
 
 package windows
 
diff --git a/controller-utils/vendor/golang.org/x/sys/windows/mksyscall.go b/controller-utils/vendor/golang.org/x/sys/windows/mksyscall.go
index 8563f79c5..dbcdb090c 100644
--- a/controller-utils/vendor/golang.org/x/sys/windows/mksyscall.go
+++ b/controller-utils/vendor/golang.org/x/sys/windows/mksyscall.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build generate
-// +build generate
 
 package windows
 
diff --git a/controller-utils/vendor/golang.org/x/sys/windows/race.go b/controller-utils/vendor/golang.org/x/sys/windows/race.go
index 9196b089c..0f1bdc386 100644
--- a/controller-utils/vendor/golang.org/x/sys/windows/race.go
+++ b/controller-utils/vendor/golang.org/x/sys/windows/race.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build windows && race
-// +build windows,race
 
 package windows
 
diff --git a/controller-utils/vendor/golang.org/x/sys/windows/race0.go b/controller-utils/vendor/golang.org/x/sys/windows/race0.go
index 7bae4817a..0c78da78b 100644
--- a/controller-utils/vendor/golang.org/x/sys/windows/race0.go
+++ b/controller-utils/vendor/golang.org/x/sys/windows/race0.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build windows && !race
-// +build windows,!race
 
 package windows
 
diff --git a/controller-utils/vendor/golang.org/x/sys/windows/service.go b/controller-utils/vendor/golang.org/x/sys/windows/service.go
index c44a1b963..a9dc6308d 100644
--- a/controller-utils/vendor/golang.org/x/sys/windows/service.go
+++ b/controller-utils/vendor/golang.org/x/sys/windows/service.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build windows
-// +build windows
 
 package windows
 
diff --git a/controller-utils/vendor/golang.org/x/sys/windows/str.go b/controller-utils/vendor/golang.org/x/sys/windows/str.go
index 4fc01434e..6a4f9ce6a 100644
--- a/controller-utils/vendor/golang.org/x/sys/windows/str.go
+++ b/controller-utils/vendor/golang.org/x/sys/windows/str.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build windows
-// +build windows
 
 package windows
 
diff --git a/controller-utils/vendor/golang.org/x/sys/windows/syscall.go b/controller-utils/vendor/golang.org/x/sys/windows/syscall.go
index 8732cdb95..e85ed6b9c 100644
--- a/controller-utils/vendor/golang.org/x/sys/windows/syscall.go
+++ b/controller-utils/vendor/golang.org/x/sys/windows/syscall.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build windows
-// +build windows
 
 // Package windows contains an interface to the low-level operating system
 // primitives. OS details vary depending on the underlying system, and
diff --git a/controller-utils/vendor/golang.org/x/sys/windows/syscall_windows.go b/controller-utils/vendor/golang.org/x/sys/windows/syscall_windows.go
index 35cfc57ca..fb6cfd046 100644
--- a/controller-utils/vendor/golang.org/x/sys/windows/syscall_windows.go
+++ b/controller-utils/vendor/golang.org/x/sys/windows/syscall_windows.go
@@ -233,6 +233,7 @@ func NewCallbackCDecl(fn interface{}) uintptr {
 //sys	CreateEnvironmentBlock(block **uint16, token Token, inheritExisting bool) (err error) = userenv.CreateEnvironmentBlock
 //sys	DestroyEnvironmentBlock(block *uint16) (err error) = userenv.DestroyEnvironmentBlock
 //sys	getTickCount64() (ms uint64) = kernel32.GetTickCount64
+//sys   GetFileTime(handle Handle, ctime *Filetime, atime *Filetime, wtime *Filetime) (err error)
 //sys	SetFileTime(handle Handle, ctime *Filetime, atime *Filetime, wtime *Filetime) (err error)
 //sys	GetFileAttributes(name *uint16) (attrs uint32, err error) [failretval==INVALID_FILE_ATTRIBUTES] = kernel32.GetFileAttributesW
 //sys	SetFileAttributes(name *uint16, attrs uint32) (err error) = kernel32.SetFileAttributesW
@@ -969,7 +970,8 @@ func (sa *SockaddrUnix) sockaddr() (unsafe.Pointer, int32, error) {
 	if n > 0 {
 		sl += int32(n) + 1
 	}
-	if sa.raw.Path[0] == '@' {
+	if sa.raw.Path[0] == '@' || (sa.raw.Path[0] == 0 && sl > 3) {
+		// Check sl > 3 so we don't change unnamed socket behavior.
 		sa.raw.Path[0] = 0
 		// Don't count trailing NUL for abstract address.
 		sl--
diff --git a/controller-utils/vendor/golang.org/x/sys/windows/types_windows.go b/controller-utils/vendor/golang.org/x/sys/windows/types_windows.go
index b88dc7c85..359780f6a 100644
--- a/controller-utils/vendor/golang.org/x/sys/windows/types_windows.go
+++ b/controller-utils/vendor/golang.org/x/sys/windows/types_windows.go
@@ -1094,7 +1094,33 @@ const (
 
 	SOMAXCONN = 0x7fffffff
 
-	TCP_NODELAY = 1
+	TCP_NODELAY                    = 1
+	TCP_EXPEDITED_1122             = 2
+	TCP_KEEPALIVE                  = 3
+	TCP_MAXSEG                     = 4
+	TCP_MAXRT                      = 5
+	TCP_STDURG                     = 6
+	TCP_NOURG                      = 7
+	TCP_ATMARK                     = 8
+	TCP_NOSYNRETRIES               = 9
+	TCP_TIMESTAMPS                 = 10
+	TCP_OFFLOAD_PREFERENCE         = 11
+	TCP_CONGESTION_ALGORITHM       = 12
+	TCP_DELAY_FIN_ACK              = 13
+	TCP_MAXRTMS                    = 14
+	TCP_FASTOPEN                   = 15
+	TCP_KEEPCNT                    = 16
+	TCP_KEEPIDLE                   = TCP_KEEPALIVE
+	TCP_KEEPINTVL                  = 17
+	TCP_FAIL_CONNECT_ON_ICMP_ERROR = 18
+	TCP_ICMP_ERROR_INFO            = 19
+
+	UDP_NOCHECKSUM              = 1
+	UDP_SEND_MSG_SIZE           = 2
+	UDP_RECV_MAX_COALESCED_SIZE = 3
+	UDP_CHECKSUM_COVERAGE       = 20
+
+	UDP_COALESCED_INFO = 3
 
 	SHUT_RD   = 0
 	SHUT_WR   = 1
diff --git a/controller-utils/vendor/golang.org/x/sys/windows/zsyscall_windows.go b/controller-utils/vendor/golang.org/x/sys/windows/zsyscall_windows.go
index 8b1688de4..db6282e00 100644
--- a/controller-utils/vendor/golang.org/x/sys/windows/zsyscall_windows.go
+++ b/controller-utils/vendor/golang.org/x/sys/windows/zsyscall_windows.go
@@ -253,6 +253,7 @@ var (
 	procGetFileAttributesW                                   = modkernel32.NewProc("GetFileAttributesW")
 	procGetFileInformationByHandle                           = modkernel32.NewProc("GetFileInformationByHandle")
 	procGetFileInformationByHandleEx                         = modkernel32.NewProc("GetFileInformationByHandleEx")
+	procGetFileTime                                          = modkernel32.NewProc("GetFileTime")
 	procGetFileType                                          = modkernel32.NewProc("GetFileType")
 	procGetFinalPathNameByHandleW                            = modkernel32.NewProc("GetFinalPathNameByHandleW")
 	procGetFullPathNameW                                     = modkernel32.NewProc("GetFullPathNameW")
@@ -2185,6 +2186,14 @@ func GetFileInformationByHandleEx(handle Handle, class uint32, outBuffer *byte,
 	return
 }
 
+func GetFileTime(handle Handle, ctime *Filetime, atime *Filetime, wtime *Filetime) (err error) {
+	r1, _, e1 := syscall.Syscall6(procGetFileTime.Addr(), 4, uintptr(handle), uintptr(unsafe.Pointer(ctime)), uintptr(unsafe.Pointer(atime)), uintptr(unsafe.Pointer(wtime)), 0, 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
 func GetFileType(filehandle Handle) (n uint32, err error) {
 	r0, _, e1 := syscall.Syscall(procGetFileType.Addr(), 1, uintptr(filehandle), 0, 0)
 	n = uint32(r0)
diff --git a/controller-utils/vendor/google.golang.org/protobuf/encoding/prototext/encode.go b/controller-utils/vendor/google.golang.org/protobuf/encoding/prototext/encode.go
index ebf6c6528..722a7b41d 100644
--- a/controller-utils/vendor/google.golang.org/protobuf/encoding/prototext/encode.go
+++ b/controller-utils/vendor/google.golang.org/protobuf/encoding/prototext/encode.go
@@ -101,13 +101,19 @@ func (o MarshalOptions) Format(m proto.Message) string {
 // MarshalOptions object. Do not depend on the output being stable. It may
 // change over time across different versions of the program.
 func (o MarshalOptions) Marshal(m proto.Message) ([]byte, error) {
-	return o.marshal(m)
+	return o.marshal(nil, m)
+}
+
+// MarshalAppend appends the textproto format encoding of m to b,
+// returning the result.
+func (o MarshalOptions) MarshalAppend(b []byte, m proto.Message) ([]byte, error) {
+	return o.marshal(b, m)
 }
 
 // marshal is a centralized function that all marshal operations go through.
 // For profiling purposes, avoid changing the name of this function or
 // introducing other code paths for marshal that do not go through this.
-func (o MarshalOptions) marshal(m proto.Message) ([]byte, error) {
+func (o MarshalOptions) marshal(b []byte, m proto.Message) ([]byte, error) {
 	var delims = [2]byte{'{', '}'}
 
 	if o.Multiline && o.Indent == "" {
@@ -117,7 +123,7 @@ func (o MarshalOptions) marshal(m proto.Message) ([]byte, error) {
 		o.Resolver = protoregistry.GlobalTypes
 	}
 
-	internalEnc, err := text.NewEncoder(o.Indent, delims, o.EmitASCII)
+	internalEnc, err := text.NewEncoder(b, o.Indent, delims, o.EmitASCII)
 	if err != nil {
 		return nil, err
 	}
@@ -125,7 +131,7 @@ func (o MarshalOptions) marshal(m proto.Message) ([]byte, error) {
 	// Treat nil message interface as an empty message,
 	// in which case there is nothing to output.
 	if m == nil {
-		return []byte{}, nil
+		return b, nil
 	}
 
 	enc := encoder{internalEnc, o}
diff --git a/controller-utils/vendor/google.golang.org/protobuf/internal/encoding/text/encode.go b/controller-utils/vendor/google.golang.org/protobuf/internal/encoding/text/encode.go
index da289ccce..cf7aed77b 100644
--- a/controller-utils/vendor/google.golang.org/protobuf/internal/encoding/text/encode.go
+++ b/controller-utils/vendor/google.golang.org/protobuf/internal/encoding/text/encode.go
@@ -53,8 +53,10 @@ type encoderState struct {
 // If outputASCII is true, strings will be serialized in such a way that
 // multi-byte UTF-8 sequences are escaped. This property ensures that the
 // overall output is ASCII (as opposed to UTF-8).
-func NewEncoder(indent string, delims [2]byte, outputASCII bool) (*Encoder, error) {
-	e := &Encoder{}
+func NewEncoder(buf []byte, indent string, delims [2]byte, outputASCII bool) (*Encoder, error) {
+	e := &Encoder{
+		encoderState: encoderState{out: buf},
+	}
 	if len(indent) > 0 {
 		if strings.Trim(indent, " \t") != "" {
 			return nil, errors.New("indent may only be composed of space and tab characters")
@@ -195,13 +197,13 @@ func appendFloat(out []byte, n float64, bitSize int) []byte {
 // WriteInt writes out the given signed integer value.
 func (e *Encoder) WriteInt(n int64) {
 	e.prepareNext(scalar)
-	e.out = append(e.out, strconv.FormatInt(n, 10)...)
+	e.out = strconv.AppendInt(e.out, n, 10)
 }
 
 // WriteUint writes out the given unsigned integer value.
 func (e *Encoder) WriteUint(n uint64) {
 	e.prepareNext(scalar)
-	e.out = append(e.out, strconv.FormatUint(n, 10)...)
+	e.out = strconv.AppendUint(e.out, n, 10)
 }
 
 // WriteLiteral writes out the given string as a literal value without quotes.
diff --git a/controller-utils/vendor/google.golang.org/protobuf/internal/genid/descriptor_gen.go b/controller-utils/vendor/google.golang.org/protobuf/internal/genid/descriptor_gen.go
index 5c0e8f73f..136f1b215 100644
--- a/controller-utils/vendor/google.golang.org/protobuf/internal/genid/descriptor_gen.go
+++ b/controller-utils/vendor/google.golang.org/protobuf/internal/genid/descriptor_gen.go
@@ -183,13 +183,58 @@ const (
 // Field names for google.protobuf.ExtensionRangeOptions.
 const (
 	ExtensionRangeOptions_UninterpretedOption_field_name protoreflect.Name = "uninterpreted_option"
+	ExtensionRangeOptions_Declaration_field_name         protoreflect.Name = "declaration"
+	ExtensionRangeOptions_Verification_field_name        protoreflect.Name = "verification"
 
 	ExtensionRangeOptions_UninterpretedOption_field_fullname protoreflect.FullName = "google.protobuf.ExtensionRangeOptions.uninterpreted_option"
+	ExtensionRangeOptions_Declaration_field_fullname         protoreflect.FullName = "google.protobuf.ExtensionRangeOptions.declaration"
+	ExtensionRangeOptions_Verification_field_fullname        protoreflect.FullName = "google.protobuf.ExtensionRangeOptions.verification"
 )
 
 // Field numbers for google.protobuf.ExtensionRangeOptions.
 const (
 	ExtensionRangeOptions_UninterpretedOption_field_number protoreflect.FieldNumber = 999
+	ExtensionRangeOptions_Declaration_field_number         protoreflect.FieldNumber = 2
+	ExtensionRangeOptions_Verification_field_number        protoreflect.FieldNumber = 3
+)
+
+// Full and short names for google.protobuf.ExtensionRangeOptions.VerificationState.
+const (
+	ExtensionRangeOptions_VerificationState_enum_fullname = "google.protobuf.ExtensionRangeOptions.VerificationState"
+	ExtensionRangeOptions_VerificationState_enum_name     = "VerificationState"
+)
+
+// Names for google.protobuf.ExtensionRangeOptions.Declaration.
+const (
+	ExtensionRangeOptions_Declaration_message_name     protoreflect.Name     = "Declaration"
+	ExtensionRangeOptions_Declaration_message_fullname protoreflect.FullName = "google.protobuf.ExtensionRangeOptions.Declaration"
+)
+
+// Field names for google.protobuf.ExtensionRangeOptions.Declaration.
+const (
+	ExtensionRangeOptions_Declaration_Number_field_name     protoreflect.Name = "number"
+	ExtensionRangeOptions_Declaration_FullName_field_name   protoreflect.Name = "full_name"
+	ExtensionRangeOptions_Declaration_Type_field_name       protoreflect.Name = "type"
+	ExtensionRangeOptions_Declaration_IsRepeated_field_name protoreflect.Name = "is_repeated"
+	ExtensionRangeOptions_Declaration_Reserved_field_name   protoreflect.Name = "reserved"
+	ExtensionRangeOptions_Declaration_Repeated_field_name   protoreflect.Name = "repeated"
+
+	ExtensionRangeOptions_Declaration_Number_field_fullname     protoreflect.FullName = "google.protobuf.ExtensionRangeOptions.Declaration.number"
+	ExtensionRangeOptions_Declaration_FullName_field_fullname   protoreflect.FullName = "google.protobuf.ExtensionRangeOptions.Declaration.full_name"
+	ExtensionRangeOptions_Declaration_Type_field_fullname       protoreflect.FullName = "google.protobuf.ExtensionRangeOptions.Declaration.type"
+	ExtensionRangeOptions_Declaration_IsRepeated_field_fullname protoreflect.FullName = "google.protobuf.ExtensionRangeOptions.Declaration.is_repeated"
+	ExtensionRangeOptions_Declaration_Reserved_field_fullname   protoreflect.FullName = "google.protobuf.ExtensionRangeOptions.Declaration.reserved"
+	ExtensionRangeOptions_Declaration_Repeated_field_fullname   protoreflect.FullName = "google.protobuf.ExtensionRangeOptions.Declaration.repeated"
+)
+
+// Field numbers for google.protobuf.ExtensionRangeOptions.Declaration.
+const (
+	ExtensionRangeOptions_Declaration_Number_field_number     protoreflect.FieldNumber = 1
+	ExtensionRangeOptions_Declaration_FullName_field_number   protoreflect.FieldNumber = 2
+	ExtensionRangeOptions_Declaration_Type_field_number       protoreflect.FieldNumber = 3
+	ExtensionRangeOptions_Declaration_IsRepeated_field_number protoreflect.FieldNumber = 4
+	ExtensionRangeOptions_Declaration_Reserved_field_number   protoreflect.FieldNumber = 5
+	ExtensionRangeOptions_Declaration_Repeated_field_number   protoreflect.FieldNumber = 6
 )
 
 // Names for google.protobuf.FieldDescriptorProto.
@@ -540,6 +585,7 @@ const (
 	FieldOptions_DebugRedact_field_name         protoreflect.Name = "debug_redact"
 	FieldOptions_Retention_field_name           protoreflect.Name = "retention"
 	FieldOptions_Target_field_name              protoreflect.Name = "target"
+	FieldOptions_Targets_field_name             protoreflect.Name = "targets"
 	FieldOptions_UninterpretedOption_field_name protoreflect.Name = "uninterpreted_option"
 
 	FieldOptions_Ctype_field_fullname               protoreflect.FullName = "google.protobuf.FieldOptions.ctype"
@@ -552,6 +598,7 @@ const (
 	FieldOptions_DebugRedact_field_fullname         protoreflect.FullName = "google.protobuf.FieldOptions.debug_redact"
 	FieldOptions_Retention_field_fullname           protoreflect.FullName = "google.protobuf.FieldOptions.retention"
 	FieldOptions_Target_field_fullname              protoreflect.FullName = "google.protobuf.FieldOptions.target"
+	FieldOptions_Targets_field_fullname             protoreflect.FullName = "google.protobuf.FieldOptions.targets"
 	FieldOptions_UninterpretedOption_field_fullname protoreflect.FullName = "google.protobuf.FieldOptions.uninterpreted_option"
 )
 
@@ -567,6 +614,7 @@ const (
 	FieldOptions_DebugRedact_field_number         protoreflect.FieldNumber = 16
 	FieldOptions_Retention_field_number           protoreflect.FieldNumber = 17
 	FieldOptions_Target_field_number              protoreflect.FieldNumber = 18
+	FieldOptions_Targets_field_number             protoreflect.FieldNumber = 19
 	FieldOptions_UninterpretedOption_field_number protoreflect.FieldNumber = 999
 )
 
diff --git a/controller-utils/vendor/google.golang.org/protobuf/internal/genid/type_gen.go b/controller-utils/vendor/google.golang.org/protobuf/internal/genid/type_gen.go
index 3bc710138..e0f75fea0 100644
--- a/controller-utils/vendor/google.golang.org/protobuf/internal/genid/type_gen.go
+++ b/controller-utils/vendor/google.golang.org/protobuf/internal/genid/type_gen.go
@@ -32,6 +32,7 @@ const (
 	Type_Options_field_name       protoreflect.Name = "options"
 	Type_SourceContext_field_name protoreflect.Name = "source_context"
 	Type_Syntax_field_name        protoreflect.Name = "syntax"
+	Type_Edition_field_name       protoreflect.Name = "edition"
 
 	Type_Name_field_fullname          protoreflect.FullName = "google.protobuf.Type.name"
 	Type_Fields_field_fullname        protoreflect.FullName = "google.protobuf.Type.fields"
@@ -39,6 +40,7 @@ const (
 	Type_Options_field_fullname       protoreflect.FullName = "google.protobuf.Type.options"
 	Type_SourceContext_field_fullname protoreflect.FullName = "google.protobuf.Type.source_context"
 	Type_Syntax_field_fullname        protoreflect.FullName = "google.protobuf.Type.syntax"
+	Type_Edition_field_fullname       protoreflect.FullName = "google.protobuf.Type.edition"
 )
 
 // Field numbers for google.protobuf.Type.
@@ -49,6 +51,7 @@ const (
 	Type_Options_field_number       protoreflect.FieldNumber = 4
 	Type_SourceContext_field_number protoreflect.FieldNumber = 5
 	Type_Syntax_field_number        protoreflect.FieldNumber = 6
+	Type_Edition_field_number       protoreflect.FieldNumber = 7
 )
 
 // Names for google.protobuf.Field.
@@ -121,12 +124,14 @@ const (
 	Enum_Options_field_name       protoreflect.Name = "options"
 	Enum_SourceContext_field_name protoreflect.Name = "source_context"
 	Enum_Syntax_field_name        protoreflect.Name = "syntax"
+	Enum_Edition_field_name       protoreflect.Name = "edition"
 
 	Enum_Name_field_fullname          protoreflect.FullName = "google.protobuf.Enum.name"
 	Enum_Enumvalue_field_fullname     protoreflect.FullName = "google.protobuf.Enum.enumvalue"
 	Enum_Options_field_fullname       protoreflect.FullName = "google.protobuf.Enum.options"
 	Enum_SourceContext_field_fullname protoreflect.FullName = "google.protobuf.Enum.source_context"
 	Enum_Syntax_field_fullname        protoreflect.FullName = "google.protobuf.Enum.syntax"
+	Enum_Edition_field_fullname       protoreflect.FullName = "google.protobuf.Enum.edition"
 )
 
 // Field numbers for google.protobuf.Enum.
@@ -136,6 +141,7 @@ const (
 	Enum_Options_field_number       protoreflect.FieldNumber = 3
 	Enum_SourceContext_field_number protoreflect.FieldNumber = 4
 	Enum_Syntax_field_number        protoreflect.FieldNumber = 5
+	Enum_Edition_field_number       protoreflect.FieldNumber = 6
 )
 
 // Names for google.protobuf.EnumValue.
diff --git a/controller-utils/vendor/google.golang.org/protobuf/internal/order/order.go b/controller-utils/vendor/google.golang.org/protobuf/internal/order/order.go
index 33745ed06..dea522e12 100644
--- a/controller-utils/vendor/google.golang.org/protobuf/internal/order/order.go
+++ b/controller-utils/vendor/google.golang.org/protobuf/internal/order/order.go
@@ -33,7 +33,7 @@ var (
 			return !inOneof(ox) && inOneof(oy)
 		}
 		// Fields in disjoint oneof sets are sorted by declaration index.
-		if ox != nil && oy != nil && ox != oy {
+		if inOneof(ox) && inOneof(oy) && ox != oy {
 			return ox.Index() < oy.Index()
 		}
 		// Fields sorted by field number.
diff --git a/controller-utils/vendor/google.golang.org/protobuf/internal/version/version.go b/controller-utils/vendor/google.golang.org/protobuf/internal/version/version.go
index f7014cd51..0999f29d5 100644
--- a/controller-utils/vendor/google.golang.org/protobuf/internal/version/version.go
+++ b/controller-utils/vendor/google.golang.org/protobuf/internal/version/version.go
@@ -51,7 +51,7 @@ import (
 //  10. Send out the CL for review and submit it.
 const (
 	Major      = 1
-	Minor      = 30
+	Minor      = 31
 	Patch      = 0
 	PreRelease = ""
 )
diff --git a/controller-utils/vendor/google.golang.org/protobuf/proto/size.go b/controller-utils/vendor/google.golang.org/protobuf/proto/size.go
index 554b9c6c0..f1692b49b 100644
--- a/controller-utils/vendor/google.golang.org/protobuf/proto/size.go
+++ b/controller-utils/vendor/google.golang.org/protobuf/proto/size.go
@@ -73,23 +73,27 @@ func (o MarshalOptions) sizeField(fd protoreflect.FieldDescriptor, value protore
 }
 
 func (o MarshalOptions) sizeList(num protowire.Number, fd protoreflect.FieldDescriptor, list protoreflect.List) (size int) {
+	sizeTag := protowire.SizeTag(num)
+
 	if fd.IsPacked() && list.Len() > 0 {
 		content := 0
 		for i, llen := 0, list.Len(); i < llen; i++ {
 			content += o.sizeSingular(num, fd.Kind(), list.Get(i))
 		}
-		return protowire.SizeTag(num) + protowire.SizeBytes(content)
+		return sizeTag + protowire.SizeBytes(content)
 	}
 
 	for i, llen := 0, list.Len(); i < llen; i++ {
-		size += protowire.SizeTag(num) + o.sizeSingular(num, fd.Kind(), list.Get(i))
+		size += sizeTag + o.sizeSingular(num, fd.Kind(), list.Get(i))
 	}
 	return size
 }
 
 func (o MarshalOptions) sizeMap(num protowire.Number, fd protoreflect.FieldDescriptor, mapv protoreflect.Map) (size int) {
+	sizeTag := protowire.SizeTag(num)
+
 	mapv.Range(func(key protoreflect.MapKey, value protoreflect.Value) bool {
-		size += protowire.SizeTag(num)
+		size += sizeTag
 		size += protowire.SizeBytes(o.sizeField(fd.MapKey(), key.Value()) + o.sizeField(fd.MapValue(), value))
 		return true
 	})
diff --git a/controller-utils/vendor/google.golang.org/protobuf/reflect/protoreflect/source_gen.go b/controller-utils/vendor/google.golang.org/protobuf/reflect/protoreflect/source_gen.go
index 54ce326df..717b106f3 100644
--- a/controller-utils/vendor/google.golang.org/protobuf/reflect/protoreflect/source_gen.go
+++ b/controller-utils/vendor/google.golang.org/protobuf/reflect/protoreflect/source_gen.go
@@ -363,6 +363,8 @@ func (p *SourcePath) appendFieldOptions(b []byte) []byte {
 		b = p.appendSingularField(b, "retention", nil)
 	case 18:
 		b = p.appendSingularField(b, "target", nil)
+	case 19:
+		b = p.appendRepeatedField(b, "targets", nil)
 	case 999:
 		b = p.appendRepeatedField(b, "uninterpreted_option", (*SourcePath).appendUninterpretedOption)
 	}
@@ -418,6 +420,10 @@ func (p *SourcePath) appendExtensionRangeOptions(b []byte) []byte {
 	switch (*p)[0] {
 	case 999:
 		b = p.appendRepeatedField(b, "uninterpreted_option", (*SourcePath).appendUninterpretedOption)
+	case 2:
+		b = p.appendRepeatedField(b, "declaration", (*SourcePath).appendExtensionRangeOptions_Declaration)
+	case 3:
+		b = p.appendSingularField(b, "verification", nil)
 	}
 	return b
 }
@@ -473,3 +479,24 @@ func (p *SourcePath) appendUninterpretedOption_NamePart(b []byte) []byte {
 	}
 	return b
 }
+
+func (p *SourcePath) appendExtensionRangeOptions_Declaration(b []byte) []byte {
+	if len(*p) == 0 {
+		return b
+	}
+	switch (*p)[0] {
+	case 1:
+		b = p.appendSingularField(b, "number", nil)
+	case 2:
+		b = p.appendSingularField(b, "full_name", nil)
+	case 3:
+		b = p.appendSingularField(b, "type", nil)
+	case 4:
+		b = p.appendSingularField(b, "is_repeated", nil)
+	case 5:
+		b = p.appendSingularField(b, "reserved", nil)
+	case 6:
+		b = p.appendSingularField(b, "repeated", nil)
+	}
+	return b
+}
diff --git a/controller-utils/vendor/google.golang.org/protobuf/types/descriptorpb/descriptor.pb.go b/controller-utils/vendor/google.golang.org/protobuf/types/descriptorpb/descriptor.pb.go
index dac5671db..04c00f737 100644
--- a/controller-utils/vendor/google.golang.org/protobuf/types/descriptorpb/descriptor.pb.go
+++ b/controller-utils/vendor/google.golang.org/protobuf/types/descriptorpb/descriptor.pb.go
@@ -48,6 +48,64 @@ import (
 	sync "sync"
 )
 
+// The verification state of the extension range.
+type ExtensionRangeOptions_VerificationState int32
+
+const (
+	// All the extensions of the range must be declared.
+	ExtensionRangeOptions_DECLARATION ExtensionRangeOptions_VerificationState = 0
+	ExtensionRangeOptions_UNVERIFIED  ExtensionRangeOptions_VerificationState = 1
+)
+
+// Enum value maps for ExtensionRangeOptions_VerificationState.
+var (
+	ExtensionRangeOptions_VerificationState_name = map[int32]string{
+		0: "DECLARATION",
+		1: "UNVERIFIED",
+	}
+	ExtensionRangeOptions_VerificationState_value = map[string]int32{
+		"DECLARATION": 0,
+		"UNVERIFIED":  1,
+	}
+)
+
+func (x ExtensionRangeOptions_VerificationState) Enum() *ExtensionRangeOptions_VerificationState {
+	p := new(ExtensionRangeOptions_VerificationState)
+	*p = x
+	return p
+}
+
+func (x ExtensionRangeOptions_VerificationState) String() string {
+	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
+}
+
+func (ExtensionRangeOptions_VerificationState) Descriptor() protoreflect.EnumDescriptor {
+	return file_google_protobuf_descriptor_proto_enumTypes[0].Descriptor()
+}
+
+func (ExtensionRangeOptions_VerificationState) Type() protoreflect.EnumType {
+	return &file_google_protobuf_descriptor_proto_enumTypes[0]
+}
+
+func (x ExtensionRangeOptions_VerificationState) Number() protoreflect.EnumNumber {
+	return protoreflect.EnumNumber(x)
+}
+
+// Deprecated: Do not use.
+func (x *ExtensionRangeOptions_VerificationState) UnmarshalJSON(b []byte) error {
+	num, err := protoimpl.X.UnmarshalJSONEnum(x.Descriptor(), b)
+	if err != nil {
+		return err
+	}
+	*x = ExtensionRangeOptions_VerificationState(num)
+	return nil
+}
+
+// Deprecated: Use ExtensionRangeOptions_VerificationState.Descriptor instead.
+func (ExtensionRangeOptions_VerificationState) EnumDescriptor() ([]byte, []int) {
+	return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{3, 0}
+}
+
 type FieldDescriptorProto_Type int32
 
 const (
@@ -137,11 +195,11 @@ func (x FieldDescriptorProto_Type) String() string {
 }
 
 func (FieldDescriptorProto_Type) Descriptor() protoreflect.EnumDescriptor {
-	return file_google_protobuf_descriptor_proto_enumTypes[0].Descriptor()
+	return file_google_protobuf_descriptor_proto_enumTypes[1].Descriptor()
 }
 
 func (FieldDescriptorProto_Type) Type() protoreflect.EnumType {
-	return &file_google_protobuf_descriptor_proto_enumTypes[0]
+	return &file_google_protobuf_descriptor_proto_enumTypes[1]
 }
 
 func (x FieldDescriptorProto_Type) Number() protoreflect.EnumNumber {
@@ -197,11 +255,11 @@ func (x FieldDescriptorProto_Label) String() string {
 }
 
 func (FieldDescriptorProto_Label) Descriptor() protoreflect.EnumDescriptor {
-	return file_google_protobuf_descriptor_proto_enumTypes[1].Descriptor()
+	return file_google_protobuf_descriptor_proto_enumTypes[2].Descriptor()
 }
 
 func (FieldDescriptorProto_Label) Type() protoreflect.EnumType {
-	return &file_google_protobuf_descriptor_proto_enumTypes[1]
+	return &file_google_protobuf_descriptor_proto_enumTypes[2]
 }
 
 func (x FieldDescriptorProto_Label) Number() protoreflect.EnumNumber {
@@ -258,11 +316,11 @@ func (x FileOptions_OptimizeMode) String() string {
 }
 
 func (FileOptions_OptimizeMode) Descriptor() protoreflect.EnumDescriptor {
-	return file_google_protobuf_descriptor_proto_enumTypes[2].Descriptor()
+	return file_google_protobuf_descriptor_proto_enumTypes[3].Descriptor()
 }
 
 func (FileOptions_OptimizeMode) Type() protoreflect.EnumType {
-	return &file_google_protobuf_descriptor_proto_enumTypes[2]
+	return &file_google_protobuf_descriptor_proto_enumTypes[3]
 }
 
 func (x FileOptions_OptimizeMode) Number() protoreflect.EnumNumber {
@@ -288,7 +346,13 @@ type FieldOptions_CType int32
 
 const (
 	// Default mode.
-	FieldOptions_STRING       FieldOptions_CType = 0
+	FieldOptions_STRING FieldOptions_CType = 0
+	// The option [ctype=CORD] may be applied to a non-repeated field of type
+	// "bytes". It indicates that in C++, the data should be stored in a Cord
+	// instead of a string.  For very large strings, this may reduce memory
+	// fragmentation. It may also allow better performance when parsing from a
+	// Cord, or when parsing with aliasing enabled, as the parsed Cord may then
+	// alias the original buffer.
 	FieldOptions_CORD         FieldOptions_CType = 1
 	FieldOptions_STRING_PIECE FieldOptions_CType = 2
 )
@@ -318,11 +382,11 @@ func (x FieldOptions_CType) String() string {
 }
 
 func (FieldOptions_CType) Descriptor() protoreflect.EnumDescriptor {
-	return file_google_protobuf_descriptor_proto_enumTypes[3].Descriptor()
+	return file_google_protobuf_descriptor_proto_enumTypes[4].Descriptor()
 }
 
 func (FieldOptions_CType) Type() protoreflect.EnumType {
-	return &file_google_protobuf_descriptor_proto_enumTypes[3]
+	return &file_google_protobuf_descriptor_proto_enumTypes[4]
 }
 
 func (x FieldOptions_CType) Number() protoreflect.EnumNumber {
@@ -380,11 +444,11 @@ func (x FieldOptions_JSType) String() string {
 }
 
 func (FieldOptions_JSType) Descriptor() protoreflect.EnumDescriptor {
-	return file_google_protobuf_descriptor_proto_enumTypes[4].Descriptor()
+	return file_google_protobuf_descriptor_proto_enumTypes[5].Descriptor()
 }
 
 func (FieldOptions_JSType) Type() protoreflect.EnumType {
-	return &file_google_protobuf_descriptor_proto_enumTypes[4]
+	return &file_google_protobuf_descriptor_proto_enumTypes[5]
 }
 
 func (x FieldOptions_JSType) Number() protoreflect.EnumNumber {
@@ -442,11 +506,11 @@ func (x FieldOptions_OptionRetention) String() string {
 }
 
 func (FieldOptions_OptionRetention) Descriptor() protoreflect.EnumDescriptor {
-	return file_google_protobuf_descriptor_proto_enumTypes[5].Descriptor()
+	return file_google_protobuf_descriptor_proto_enumTypes[6].Descriptor()
 }
 
 func (FieldOptions_OptionRetention) Type() protoreflect.EnumType {
-	return &file_google_protobuf_descriptor_proto_enumTypes[5]
+	return &file_google_protobuf_descriptor_proto_enumTypes[6]
 }
 
 func (x FieldOptions_OptionRetention) Number() protoreflect.EnumNumber {
@@ -526,11 +590,11 @@ func (x FieldOptions_OptionTargetType) String() string {
 }
 
 func (FieldOptions_OptionTargetType) Descriptor() protoreflect.EnumDescriptor {
-	return file_google_protobuf_descriptor_proto_enumTypes[6].Descriptor()
+	return file_google_protobuf_descriptor_proto_enumTypes[7].Descriptor()
 }
 
 func (FieldOptions_OptionTargetType) Type() protoreflect.EnumType {
-	return &file_google_protobuf_descriptor_proto_enumTypes[6]
+	return &file_google_protobuf_descriptor_proto_enumTypes[7]
 }
 
 func (x FieldOptions_OptionTargetType) Number() protoreflect.EnumNumber {
@@ -588,11 +652,11 @@ func (x MethodOptions_IdempotencyLevel) String() string {
 }
 
 func (MethodOptions_IdempotencyLevel) Descriptor() protoreflect.EnumDescriptor {
-	return file_google_protobuf_descriptor_proto_enumTypes[7].Descriptor()
+	return file_google_protobuf_descriptor_proto_enumTypes[8].Descriptor()
 }
 
 func (MethodOptions_IdempotencyLevel) Type() protoreflect.EnumType {
-	return &file_google_protobuf_descriptor_proto_enumTypes[7]
+	return &file_google_protobuf_descriptor_proto_enumTypes[8]
 }
 
 func (x MethodOptions_IdempotencyLevel) Number() protoreflect.EnumNumber {
@@ -652,11 +716,11 @@ func (x GeneratedCodeInfo_Annotation_Semantic) String() string {
 }
 
 func (GeneratedCodeInfo_Annotation_Semantic) Descriptor() protoreflect.EnumDescriptor {
-	return file_google_protobuf_descriptor_proto_enumTypes[8].Descriptor()
+	return file_google_protobuf_descriptor_proto_enumTypes[9].Descriptor()
 }
 
 func (GeneratedCodeInfo_Annotation_Semantic) Type() protoreflect.EnumType {
-	return &file_google_protobuf_descriptor_proto_enumTypes[8]
+	return &file_google_protobuf_descriptor_proto_enumTypes[9]
 }
 
 func (x GeneratedCodeInfo_Annotation_Semantic) Number() protoreflect.EnumNumber {
@@ -1015,7 +1079,21 @@ type ExtensionRangeOptions struct {
 
 	// The parser stores options it doesn't recognize here. See above.
 	UninterpretedOption []*UninterpretedOption `protobuf:"bytes,999,rep,name=uninterpreted_option,json=uninterpretedOption" json:"uninterpreted_option,omitempty"`
-}
+	// go/protobuf-stripping-extension-declarations
+	// Like Metadata, but we use a repeated field to hold all extension
+	// declarations. This should avoid the size increases of transforming a large
+	// extension range into small ranges in generated binaries.
+	Declaration []*ExtensionRangeOptions_Declaration `protobuf:"bytes,2,rep,name=declaration" json:"declaration,omitempty"`
+	// The verification state of the range.
+	// TODO(b/278783756): flip the default to DECLARATION once all empty ranges
+	// are marked as UNVERIFIED.
+	Verification *ExtensionRangeOptions_VerificationState `protobuf:"varint,3,opt,name=verification,enum=google.protobuf.ExtensionRangeOptions_VerificationState,def=1" json:"verification,omitempty"`
+}
+
+// Default values for ExtensionRangeOptions fields.
+const (
+	Default_ExtensionRangeOptions_Verification = ExtensionRangeOptions_UNVERIFIED
+)
 
 func (x *ExtensionRangeOptions) Reset() {
 	*x = ExtensionRangeOptions{}
@@ -1056,6 +1134,20 @@ func (x *ExtensionRangeOptions) GetUninterpretedOption() []*UninterpretedOption
 	return nil
 }
 
+func (x *ExtensionRangeOptions) GetDeclaration() []*ExtensionRangeOptions_Declaration {
+	if x != nil {
+		return x.Declaration
+	}
+	return nil
+}
+
+func (x *ExtensionRangeOptions) GetVerification() ExtensionRangeOptions_VerificationState {
+	if x != nil && x.Verification != nil {
+		return *x.Verification
+	}
+	return Default_ExtensionRangeOptions_Verification
+}
+
 // Describes a field within a message.
 type FieldDescriptorProto struct {
 	state         protoimpl.MessageState
@@ -2046,8 +2138,10 @@ type FieldOptions struct {
 
 	// The ctype option instructs the C++ code generator to use a different
 	// representation of the field than it normally would.  See the specific
-	// options below.  This option is not yet implemented in the open source
-	// release -- sorry, we'll try to include it in a future version!
+	// options below.  This option is only implemented to support use of
+	// [ctype=CORD] and [ctype=STRING] (the default) on non-repeated fields of
+	// type "bytes" in the open source release -- sorry, we'll try to include
+	// other types in a future version!
 	Ctype *FieldOptions_CType `protobuf:"varint,1,opt,name=ctype,enum=google.protobuf.FieldOptions_CType,def=0" json:"ctype,omitempty"`
 	// The packed option can be enabled for repeated primitive fields to enable
 	// a more efficient representation on the wire. Rather than repeatedly
@@ -2111,9 +2205,11 @@ type FieldOptions struct {
 	Weak *bool `protobuf:"varint,10,opt,name=weak,def=0" json:"weak,omitempty"`
 	// Indicate that the field value should not be printed out when using debug
 	// formats, e.g. when the field contains sensitive credentials.
-	DebugRedact *bool                          `protobuf:"varint,16,opt,name=debug_redact,json=debugRedact,def=0" json:"debug_redact,omitempty"`
-	Retention   *FieldOptions_OptionRetention  `protobuf:"varint,17,opt,name=retention,enum=google.protobuf.FieldOptions_OptionRetention" json:"retention,omitempty"`
-	Target      *FieldOptions_OptionTargetType `protobuf:"varint,18,opt,name=target,enum=google.protobuf.FieldOptions_OptionTargetType" json:"target,omitempty"`
+	DebugRedact *bool                         `protobuf:"varint,16,opt,name=debug_redact,json=debugRedact,def=0" json:"debug_redact,omitempty"`
+	Retention   *FieldOptions_OptionRetention `protobuf:"varint,17,opt,name=retention,enum=google.protobuf.FieldOptions_OptionRetention" json:"retention,omitempty"`
+	// Deprecated: Marked as deprecated in google/protobuf/descriptor.proto.
+	Target  *FieldOptions_OptionTargetType  `protobuf:"varint,18,opt,name=target,enum=google.protobuf.FieldOptions_OptionTargetType" json:"target,omitempty"`
+	Targets []FieldOptions_OptionTargetType `protobuf:"varint,19,rep,name=targets,enum=google.protobuf.FieldOptions_OptionTargetType" json:"targets,omitempty"`
 	// The parser stores options it doesn't recognize here. See above.
 	UninterpretedOption []*UninterpretedOption `protobuf:"bytes,999,rep,name=uninterpreted_option,json=uninterpretedOption" json:"uninterpreted_option,omitempty"`
 }
@@ -2224,6 +2320,7 @@ func (x *FieldOptions) GetRetention() FieldOptions_OptionRetention {
 	return FieldOptions_RETENTION_UNKNOWN
 }
 
+// Deprecated: Marked as deprecated in google/protobuf/descriptor.proto.
 func (x *FieldOptions) GetTarget() FieldOptions_OptionTargetType {
 	if x != nil && x.Target != nil {
 		return *x.Target
@@ -2231,6 +2328,13 @@ func (x *FieldOptions) GetTarget() FieldOptions_OptionTargetType {
 	return FieldOptions_TARGET_TYPE_UNKNOWN
 }
 
+func (x *FieldOptions) GetTargets() []FieldOptions_OptionTargetType {
+	if x != nil {
+		return x.Targets
+	}
+	return nil
+}
+
 func (x *FieldOptions) GetUninterpretedOption() []*UninterpretedOption {
 	if x != nil {
 		return x.UninterpretedOption
@@ -2960,6 +3064,108 @@ func (x *DescriptorProto_ReservedRange) GetEnd() int32 {
 	return 0
 }
 
+type ExtensionRangeOptions_Declaration struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// The extension number declared within the extension range.
+	Number *int32 `protobuf:"varint,1,opt,name=number" json:"number,omitempty"`
+	// The fully-qualified name of the extension field. There must be a leading
+	// dot in front of the full name.
+	FullName *string `protobuf:"bytes,2,opt,name=full_name,json=fullName" json:"full_name,omitempty"`
+	// The fully-qualified type name of the extension field. Unlike
+	// Metadata.type, Declaration.type must have a leading dot for messages
+	// and enums.
+	Type *string `protobuf:"bytes,3,opt,name=type" json:"type,omitempty"`
+	// Deprecated. Please use "repeated".
+	//
+	// Deprecated: Marked as deprecated in google/protobuf/descriptor.proto.
+	IsRepeated *bool `protobuf:"varint,4,opt,name=is_repeated,json=isRepeated" json:"is_repeated,omitempty"`
+	// If true, indicates that the number is reserved in the extension range,
+	// and any extension field with the number will fail to compile. Set this
+	// when a declared extension field is deleted.
+	Reserved *bool `protobuf:"varint,5,opt,name=reserved" json:"reserved,omitempty"`
+	// If true, indicates that the extension must be defined as repeated.
+	// Otherwise the extension must be defined as optional.
+	Repeated *bool `protobuf:"varint,6,opt,name=repeated" json:"repeated,omitempty"`
+}
+
+func (x *ExtensionRangeOptions_Declaration) Reset() {
+	*x = ExtensionRangeOptions_Declaration{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_google_protobuf_descriptor_proto_msgTypes[23]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *ExtensionRangeOptions_Declaration) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ExtensionRangeOptions_Declaration) ProtoMessage() {}
+
+func (x *ExtensionRangeOptions_Declaration) ProtoReflect() protoreflect.Message {
+	mi := &file_google_protobuf_descriptor_proto_msgTypes[23]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ExtensionRangeOptions_Declaration.ProtoReflect.Descriptor instead.
+func (*ExtensionRangeOptions_Declaration) Descriptor() ([]byte, []int) {
+	return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{3, 0}
+}
+
+func (x *ExtensionRangeOptions_Declaration) GetNumber() int32 {
+	if x != nil && x.Number != nil {
+		return *x.Number
+	}
+	return 0
+}
+
+func (x *ExtensionRangeOptions_Declaration) GetFullName() string {
+	if x != nil && x.FullName != nil {
+		return *x.FullName
+	}
+	return ""
+}
+
+func (x *ExtensionRangeOptions_Declaration) GetType() string {
+	if x != nil && x.Type != nil {
+		return *x.Type
+	}
+	return ""
+}
+
+// Deprecated: Marked as deprecated in google/protobuf/descriptor.proto.
+func (x *ExtensionRangeOptions_Declaration) GetIsRepeated() bool {
+	if x != nil && x.IsRepeated != nil {
+		return *x.IsRepeated
+	}
+	return false
+}
+
+func (x *ExtensionRangeOptions_Declaration) GetReserved() bool {
+	if x != nil && x.Reserved != nil {
+		return *x.Reserved
+	}
+	return false
+}
+
+func (x *ExtensionRangeOptions_Declaration) GetRepeated() bool {
+	if x != nil && x.Repeated != nil {
+		return *x.Repeated
+	}
+	return false
+}
+
 // Range of reserved numeric values. Reserved values may not be used by
 // entries in the same enum. Reserved ranges may not overlap.
 //
@@ -2978,7 +3184,7 @@ type EnumDescriptorProto_EnumReservedRange struct {
 func (x *EnumDescriptorProto_EnumReservedRange) Reset() {
 	*x = EnumDescriptorProto_EnumReservedRange{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_google_protobuf_descriptor_proto_msgTypes[23]
+		mi := &file_google_protobuf_descriptor_proto_msgTypes[24]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -2991,7 +3197,7 @@ func (x *EnumDescriptorProto_EnumReservedRange) String() string {
 func (*EnumDescriptorProto_EnumReservedRange) ProtoMessage() {}
 
 func (x *EnumDescriptorProto_EnumReservedRange) ProtoReflect() protoreflect.Message {
-	mi := &file_google_protobuf_descriptor_proto_msgTypes[23]
+	mi := &file_google_protobuf_descriptor_proto_msgTypes[24]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -3038,7 +3244,7 @@ type UninterpretedOption_NamePart struct {
 func (x *UninterpretedOption_NamePart) Reset() {
 	*x = UninterpretedOption_NamePart{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_google_protobuf_descriptor_proto_msgTypes[24]
+		mi := &file_google_protobuf_descriptor_proto_msgTypes[25]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -3051,7 +3257,7 @@ func (x *UninterpretedOption_NamePart) String() string {
 func (*UninterpretedOption_NamePart) ProtoMessage() {}
 
 func (x *UninterpretedOption_NamePart) ProtoReflect() protoreflect.Message {
-	mi := &file_google_protobuf_descriptor_proto_msgTypes[24]
+	mi := &file_google_protobuf_descriptor_proto_msgTypes[25]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -3182,7 +3388,7 @@ type SourceCodeInfo_Location struct {
 func (x *SourceCodeInfo_Location) Reset() {
 	*x = SourceCodeInfo_Location{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_google_protobuf_descriptor_proto_msgTypes[25]
+		mi := &file_google_protobuf_descriptor_proto_msgTypes[26]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -3195,7 +3401,7 @@ func (x *SourceCodeInfo_Location) String() string {
 func (*SourceCodeInfo_Location) ProtoMessage() {}
 
 func (x *SourceCodeInfo_Location) ProtoReflect() protoreflect.Message {
-	mi := &file_google_protobuf_descriptor_proto_msgTypes[25]
+	mi := &file_google_protobuf_descriptor_proto_msgTypes[26]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -3269,7 +3475,7 @@ type GeneratedCodeInfo_Annotation struct {
 func (x *GeneratedCodeInfo_Annotation) Reset() {
 	*x = GeneratedCodeInfo_Annotation{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_google_protobuf_descriptor_proto_msgTypes[26]
+		mi := &file_google_protobuf_descriptor_proto_msgTypes[27]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -3282,7 +3488,7 @@ func (x *GeneratedCodeInfo_Annotation) String() string {
 func (*GeneratedCodeInfo_Annotation) ProtoMessage() {}
 
 func (x *GeneratedCodeInfo_Annotation) ProtoReflect() protoreflect.Message {
-	mi := &file_google_protobuf_descriptor_proto_msgTypes[26]
+	mi := &file_google_protobuf_descriptor_proto_msgTypes[27]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -3436,264 +3642,296 @@ var file_google_protobuf_descriptor_proto_rawDesc = []byte{
 	0x65, 0x64, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x73, 0x74, 0x61, 0x72, 0x74,
 	0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x05, 0x73, 0x74, 0x61, 0x72, 0x74, 0x12, 0x10, 0x0a,
 	0x03, 0x65, 0x6e, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x03, 0x65, 0x6e, 0x64, 0x22,
-	0x7c, 0x0a, 0x15, 0x45, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x61, 0x6e, 0x67,
-	0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x58, 0x0a, 0x14, 0x75, 0x6e, 0x69, 0x6e,
-	0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e,
-	0x18, 0xe7, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
-	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x6e, 0x69, 0x6e, 0x74, 0x65,
-	0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x13, 0x75,
-	0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69,
-	0x6f, 0x6e, 0x2a, 0x09, 0x08, 0xe8, 0x07, 0x10, 0x80, 0x80, 0x80, 0x80, 0x02, 0x22, 0xc1, 0x06,
-	0x0a, 0x14, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f,
-	0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01,
-	0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x6e, 0x75,
-	0x6d, 0x62, 0x65, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x05, 0x52, 0x06, 0x6e, 0x75, 0x6d, 0x62,
-	0x65, 0x72, 0x12, 0x41, 0x0a, 0x05, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x18, 0x04, 0x20, 0x01, 0x28,
-	0x0e, 0x32, 0x2b, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
-	0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70,
-	0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x52, 0x05,
-	0x6c, 0x61, 0x62, 0x65, 0x6c, 0x12, 0x3e, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x05, 0x20,
-	0x01, 0x28, 0x0e, 0x32, 0x2a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f,
+	0xad, 0x04, 0x0a, 0x15, 0x45, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x61, 0x6e,
+	0x67, 0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x58, 0x0a, 0x14, 0x75, 0x6e, 0x69,
+	0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f,
+	0x6e, 0x18, 0xe7, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
+	0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x6e, 0x69, 0x6e, 0x74,
+	0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x13,
+	0x75, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74,
+	0x69, 0x6f, 0x6e, 0x12, 0x59, 0x0a, 0x0b, 0x64, 0x65, 0x63, 0x6c, 0x61, 0x72, 0x61, 0x74, 0x69,
+	0x6f, 0x6e, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x32, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
+	0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x78, 0x74, 0x65, 0x6e,
+	0x73, 0x69, 0x6f, 0x6e, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73,
+	0x2e, 0x44, 0x65, 0x63, 0x6c, 0x61, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x42, 0x03, 0x88, 0x01,
+	0x02, 0x52, 0x0b, 0x64, 0x65, 0x63, 0x6c, 0x61, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x68,
+	0x0a, 0x0c, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x03,
+	0x20, 0x01, 0x28, 0x0e, 0x32, 0x38, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72,
+	0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e,
+	0x52, 0x61, 0x6e, 0x67, 0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x56, 0x65, 0x72,
+	0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x74, 0x61, 0x74, 0x65, 0x3a, 0x0a,
+	0x55, 0x4e, 0x56, 0x45, 0x52, 0x49, 0x46, 0x49, 0x45, 0x44, 0x52, 0x0c, 0x76, 0x65, 0x72, 0x69,
+	0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x1a, 0xb3, 0x01, 0x0a, 0x0b, 0x44, 0x65, 0x63,
+	0x6c, 0x61, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x16, 0x0a, 0x06, 0x6e, 0x75, 0x6d, 0x62,
+	0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x06, 0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72,
+	0x12, 0x1b, 0x0a, 0x09, 0x66, 0x75, 0x6c, 0x6c, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20,
+	0x01, 0x28, 0x09, 0x52, 0x08, 0x66, 0x75, 0x6c, 0x6c, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x12, 0x0a,
+	0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x74, 0x79, 0x70,
+	0x65, 0x12, 0x23, 0x0a, 0x0b, 0x69, 0x73, 0x5f, 0x72, 0x65, 0x70, 0x65, 0x61, 0x74, 0x65, 0x64,
+	0x18, 0x04, 0x20, 0x01, 0x28, 0x08, 0x42, 0x02, 0x18, 0x01, 0x52, 0x0a, 0x69, 0x73, 0x52, 0x65,
+	0x70, 0x65, 0x61, 0x74, 0x65, 0x64, 0x12, 0x1a, 0x0a, 0x08, 0x72, 0x65, 0x73, 0x65, 0x72, 0x76,
+	0x65, 0x64, 0x18, 0x05, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x72, 0x65, 0x73, 0x65, 0x72, 0x76,
+	0x65, 0x64, 0x12, 0x1a, 0x0a, 0x08, 0x72, 0x65, 0x70, 0x65, 0x61, 0x74, 0x65, 0x64, 0x18, 0x06,
+	0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x72, 0x65, 0x70, 0x65, 0x61, 0x74, 0x65, 0x64, 0x22, 0x34,
+	0x0a, 0x11, 0x56, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x74,
+	0x61, 0x74, 0x65, 0x12, 0x0f, 0x0a, 0x0b, 0x44, 0x45, 0x43, 0x4c, 0x41, 0x52, 0x41, 0x54, 0x49,
+	0x4f, 0x4e, 0x10, 0x00, 0x12, 0x0e, 0x0a, 0x0a, 0x55, 0x4e, 0x56, 0x45, 0x52, 0x49, 0x46, 0x49,
+	0x45, 0x44, 0x10, 0x01, 0x2a, 0x09, 0x08, 0xe8, 0x07, 0x10, 0x80, 0x80, 0x80, 0x80, 0x02, 0x22,
+	0xc1, 0x06, 0x0a, 0x14, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70,
+	0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65,
+	0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x16, 0x0a, 0x06,
+	0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x05, 0x52, 0x06, 0x6e, 0x75,
+	0x6d, 0x62, 0x65, 0x72, 0x12, 0x41, 0x0a, 0x05, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x18, 0x04, 0x20,
+	0x01, 0x28, 0x0e, 0x32, 0x2b, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f,
 	0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x44, 0x65, 0x73, 0x63, 0x72,
-	0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x54, 0x79, 0x70, 0x65, 0x52,
-	0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x1b, 0x0a, 0x09, 0x74, 0x79, 0x70, 0x65, 0x5f, 0x6e, 0x61,
-	0x6d, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x74, 0x79, 0x70, 0x65, 0x4e, 0x61,
-	0x6d, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x64, 0x65, 0x65, 0x18, 0x02,
-	0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x64, 0x65, 0x65, 0x12, 0x23,
-	0x0a, 0x0d, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x5f, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18,
-	0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x56, 0x61,
-	0x6c, 0x75, 0x65, 0x12, 0x1f, 0x0a, 0x0b, 0x6f, 0x6e, 0x65, 0x6f, 0x66, 0x5f, 0x69, 0x6e, 0x64,
-	0x65, 0x78, 0x18, 0x09, 0x20, 0x01, 0x28, 0x05, 0x52, 0x0a, 0x6f, 0x6e, 0x65, 0x6f, 0x66, 0x49,
-	0x6e, 0x64, 0x65, 0x78, 0x12, 0x1b, 0x0a, 0x09, 0x6a, 0x73, 0x6f, 0x6e, 0x5f, 0x6e, 0x61, 0x6d,
-	0x65, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x6a, 0x73, 0x6f, 0x6e, 0x4e, 0x61, 0x6d,
-	0x65, 0x12, 0x37, 0x0a, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x08, 0x20, 0x01,
-	0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74,
-	0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e,
-	0x73, 0x52, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x27, 0x0a, 0x0f, 0x70, 0x72,
-	0x6f, 0x74, 0x6f, 0x33, 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x18, 0x11, 0x20,
-	0x01, 0x28, 0x08, 0x52, 0x0e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, 0x4f, 0x70, 0x74, 0x69, 0x6f,
-	0x6e, 0x61, 0x6c, 0x22, 0xb6, 0x02, 0x0a, 0x04, 0x54, 0x79, 0x70, 0x65, 0x12, 0x0f, 0x0a, 0x0b,
-	0x54, 0x59, 0x50, 0x45, 0x5f, 0x44, 0x4f, 0x55, 0x42, 0x4c, 0x45, 0x10, 0x01, 0x12, 0x0e, 0x0a,
-	0x0a, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x46, 0x4c, 0x4f, 0x41, 0x54, 0x10, 0x02, 0x12, 0x0e, 0x0a,
-	0x0a, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x49, 0x4e, 0x54, 0x36, 0x34, 0x10, 0x03, 0x12, 0x0f, 0x0a,
-	0x0b, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x55, 0x49, 0x4e, 0x54, 0x36, 0x34, 0x10, 0x04, 0x12, 0x0e,
-	0x0a, 0x0a, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x49, 0x4e, 0x54, 0x33, 0x32, 0x10, 0x05, 0x12, 0x10,
-	0x0a, 0x0c, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x46, 0x49, 0x58, 0x45, 0x44, 0x36, 0x34, 0x10, 0x06,
-	0x12, 0x10, 0x0a, 0x0c, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x46, 0x49, 0x58, 0x45, 0x44, 0x33, 0x32,
-	0x10, 0x07, 0x12, 0x0d, 0x0a, 0x09, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x42, 0x4f, 0x4f, 0x4c, 0x10,
-	0x08, 0x12, 0x0f, 0x0a, 0x0b, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x53, 0x54, 0x52, 0x49, 0x4e, 0x47,
-	0x10, 0x09, 0x12, 0x0e, 0x0a, 0x0a, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x47, 0x52, 0x4f, 0x55, 0x50,
-	0x10, 0x0a, 0x12, 0x10, 0x0a, 0x0c, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x4d, 0x45, 0x53, 0x53, 0x41,
-	0x47, 0x45, 0x10, 0x0b, 0x12, 0x0e, 0x0a, 0x0a, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x42, 0x59, 0x54,
-	0x45, 0x53, 0x10, 0x0c, 0x12, 0x0f, 0x0a, 0x0b, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x55, 0x49, 0x4e,
-	0x54, 0x33, 0x32, 0x10, 0x0d, 0x12, 0x0d, 0x0a, 0x09, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x45, 0x4e,
-	0x55, 0x4d, 0x10, 0x0e, 0x12, 0x11, 0x0a, 0x0d, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x53, 0x46, 0x49,
-	0x58, 0x45, 0x44, 0x33, 0x32, 0x10, 0x0f, 0x12, 0x11, 0x0a, 0x0d, 0x54, 0x59, 0x50, 0x45, 0x5f,
-	0x53, 0x46, 0x49, 0x58, 0x45, 0x44, 0x36, 0x34, 0x10, 0x10, 0x12, 0x0f, 0x0a, 0x0b, 0x54, 0x59,
-	0x50, 0x45, 0x5f, 0x53, 0x49, 0x4e, 0x54, 0x33, 0x32, 0x10, 0x11, 0x12, 0x0f, 0x0a, 0x0b, 0x54,
-	0x59, 0x50, 0x45, 0x5f, 0x53, 0x49, 0x4e, 0x54, 0x36, 0x34, 0x10, 0x12, 0x22, 0x43, 0x0a, 0x05,
-	0x4c, 0x61, 0x62, 0x65, 0x6c, 0x12, 0x12, 0x0a, 0x0e, 0x4c, 0x41, 0x42, 0x45, 0x4c, 0x5f, 0x4f,
-	0x50, 0x54, 0x49, 0x4f, 0x4e, 0x41, 0x4c, 0x10, 0x01, 0x12, 0x12, 0x0a, 0x0e, 0x4c, 0x41, 0x42,
-	0x45, 0x4c, 0x5f, 0x52, 0x45, 0x51, 0x55, 0x49, 0x52, 0x45, 0x44, 0x10, 0x02, 0x12, 0x12, 0x0a,
-	0x0e, 0x4c, 0x41, 0x42, 0x45, 0x4c, 0x5f, 0x52, 0x45, 0x50, 0x45, 0x41, 0x54, 0x45, 0x44, 0x10,
-	0x03, 0x22, 0x63, 0x0a, 0x14, 0x4f, 0x6e, 0x65, 0x6f, 0x66, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69,
-	0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d,
-	0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x37, 0x0a,
-	0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1d,
+	0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x4c, 0x61, 0x62, 0x65, 0x6c,
+	0x52, 0x05, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x12, 0x3e, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18,
+	0x05, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70,
+	0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x44, 0x65, 0x73,
+	0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x54, 0x79, 0x70,
+	0x65, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x1b, 0x0a, 0x09, 0x74, 0x79, 0x70, 0x65, 0x5f,
+	0x6e, 0x61, 0x6d, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x74, 0x79, 0x70, 0x65,
+	0x4e, 0x61, 0x6d, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x64, 0x65, 0x65,
+	0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x64, 0x65, 0x65,
+	0x12, 0x23, 0x0a, 0x0d, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x5f, 0x76, 0x61, 0x6c, 0x75,
+	0x65, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74,
+	0x56, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x1f, 0x0a, 0x0b, 0x6f, 0x6e, 0x65, 0x6f, 0x66, 0x5f, 0x69,
+	0x6e, 0x64, 0x65, 0x78, 0x18, 0x09, 0x20, 0x01, 0x28, 0x05, 0x52, 0x0a, 0x6f, 0x6e, 0x65, 0x6f,
+	0x66, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x12, 0x1b, 0x0a, 0x09, 0x6a, 0x73, 0x6f, 0x6e, 0x5f, 0x6e,
+	0x61, 0x6d, 0x65, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x6a, 0x73, 0x6f, 0x6e, 0x4e,
+	0x61, 0x6d, 0x65, 0x12, 0x37, 0x0a, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x08,
+	0x20, 0x01, 0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72,
+	0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x4f, 0x70, 0x74, 0x69,
+	0x6f, 0x6e, 0x73, 0x52, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x27, 0x0a, 0x0f,
+	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x18,
+	0x11, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, 0x4f, 0x70, 0x74,
+	0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x22, 0xb6, 0x02, 0x0a, 0x04, 0x54, 0x79, 0x70, 0x65, 0x12, 0x0f,
+	0x0a, 0x0b, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x44, 0x4f, 0x55, 0x42, 0x4c, 0x45, 0x10, 0x01, 0x12,
+	0x0e, 0x0a, 0x0a, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x46, 0x4c, 0x4f, 0x41, 0x54, 0x10, 0x02, 0x12,
+	0x0e, 0x0a, 0x0a, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x49, 0x4e, 0x54, 0x36, 0x34, 0x10, 0x03, 0x12,
+	0x0f, 0x0a, 0x0b, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x55, 0x49, 0x4e, 0x54, 0x36, 0x34, 0x10, 0x04,
+	0x12, 0x0e, 0x0a, 0x0a, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x49, 0x4e, 0x54, 0x33, 0x32, 0x10, 0x05,
+	0x12, 0x10, 0x0a, 0x0c, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x46, 0x49, 0x58, 0x45, 0x44, 0x36, 0x34,
+	0x10, 0x06, 0x12, 0x10, 0x0a, 0x0c, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x46, 0x49, 0x58, 0x45, 0x44,
+	0x33, 0x32, 0x10, 0x07, 0x12, 0x0d, 0x0a, 0x09, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x42, 0x4f, 0x4f,
+	0x4c, 0x10, 0x08, 0x12, 0x0f, 0x0a, 0x0b, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x53, 0x54, 0x52, 0x49,
+	0x4e, 0x47, 0x10, 0x09, 0x12, 0x0e, 0x0a, 0x0a, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x47, 0x52, 0x4f,
+	0x55, 0x50, 0x10, 0x0a, 0x12, 0x10, 0x0a, 0x0c, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x4d, 0x45, 0x53,
+	0x53, 0x41, 0x47, 0x45, 0x10, 0x0b, 0x12, 0x0e, 0x0a, 0x0a, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x42,
+	0x59, 0x54, 0x45, 0x53, 0x10, 0x0c, 0x12, 0x0f, 0x0a, 0x0b, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x55,
+	0x49, 0x4e, 0x54, 0x33, 0x32, 0x10, 0x0d, 0x12, 0x0d, 0x0a, 0x09, 0x54, 0x59, 0x50, 0x45, 0x5f,
+	0x45, 0x4e, 0x55, 0x4d, 0x10, 0x0e, 0x12, 0x11, 0x0a, 0x0d, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x53,
+	0x46, 0x49, 0x58, 0x45, 0x44, 0x33, 0x32, 0x10, 0x0f, 0x12, 0x11, 0x0a, 0x0d, 0x54, 0x59, 0x50,
+	0x45, 0x5f, 0x53, 0x46, 0x49, 0x58, 0x45, 0x44, 0x36, 0x34, 0x10, 0x10, 0x12, 0x0f, 0x0a, 0x0b,
+	0x54, 0x59, 0x50, 0x45, 0x5f, 0x53, 0x49, 0x4e, 0x54, 0x33, 0x32, 0x10, 0x11, 0x12, 0x0f, 0x0a,
+	0x0b, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x53, 0x49, 0x4e, 0x54, 0x36, 0x34, 0x10, 0x12, 0x22, 0x43,
+	0x0a, 0x05, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x12, 0x12, 0x0a, 0x0e, 0x4c, 0x41, 0x42, 0x45, 0x4c,
+	0x5f, 0x4f, 0x50, 0x54, 0x49, 0x4f, 0x4e, 0x41, 0x4c, 0x10, 0x01, 0x12, 0x12, 0x0a, 0x0e, 0x4c,
+	0x41, 0x42, 0x45, 0x4c, 0x5f, 0x52, 0x45, 0x51, 0x55, 0x49, 0x52, 0x45, 0x44, 0x10, 0x02, 0x12,
+	0x12, 0x0a, 0x0e, 0x4c, 0x41, 0x42, 0x45, 0x4c, 0x5f, 0x52, 0x45, 0x50, 0x45, 0x41, 0x54, 0x45,
+	0x44, 0x10, 0x03, 0x22, 0x63, 0x0a, 0x14, 0x4f, 0x6e, 0x65, 0x6f, 0x66, 0x44, 0x65, 0x73, 0x63,
+	0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x12, 0x0a, 0x04, 0x6e,
+	0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12,
+	0x37, 0x0a, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b,
+	0x32, 0x1d, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62,
+	0x75, 0x66, 0x2e, 0x4f, 0x6e, 0x65, 0x6f, 0x66, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52,
+	0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x22, 0xe3, 0x02, 0x0a, 0x13, 0x45, 0x6e, 0x75,
+	0x6d, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f,
+	0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04,
+	0x6e, 0x61, 0x6d, 0x65, 0x12, 0x3f, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20,
+	0x03, 0x28, 0x0b, 0x32, 0x29, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f,
+	0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6e, 0x75, 0x6d, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x44,
+	0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x52, 0x05,
+	0x76, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x36, 0x0a, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73,
+	0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e,
+	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6e, 0x75, 0x6d, 0x4f, 0x70, 0x74,
+	0x69, 0x6f, 0x6e, 0x73, 0x52, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x5d, 0x0a,
+	0x0e, 0x72, 0x65, 0x73, 0x65, 0x72, 0x76, 0x65, 0x64, 0x5f, 0x72, 0x61, 0x6e, 0x67, 0x65, 0x18,
+	0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x36, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70,
+	0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6e, 0x75, 0x6d, 0x44, 0x65, 0x73, 0x63,
+	0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x45, 0x6e, 0x75, 0x6d,
+	0x52, 0x65, 0x73, 0x65, 0x72, 0x76, 0x65, 0x64, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x52, 0x0d, 0x72,
+	0x65, 0x73, 0x65, 0x72, 0x76, 0x65, 0x64, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x12, 0x23, 0x0a, 0x0d,
+	0x72, 0x65, 0x73, 0x65, 0x72, 0x76, 0x65, 0x64, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x05, 0x20,
+	0x03, 0x28, 0x09, 0x52, 0x0c, 0x72, 0x65, 0x73, 0x65, 0x72, 0x76, 0x65, 0x64, 0x4e, 0x61, 0x6d,
+	0x65, 0x1a, 0x3b, 0x0a, 0x11, 0x45, 0x6e, 0x75, 0x6d, 0x52, 0x65, 0x73, 0x65, 0x72, 0x76, 0x65,
+	0x64, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x73, 0x74, 0x61, 0x72, 0x74, 0x18,
+	0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x05, 0x73, 0x74, 0x61, 0x72, 0x74, 0x12, 0x10, 0x0a, 0x03,
+	0x65, 0x6e, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x03, 0x65, 0x6e, 0x64, 0x22, 0x83,
+	0x01, 0x0a, 0x18, 0x45, 0x6e, 0x75, 0x6d, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x44, 0x65, 0x73, 0x63,
+	0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x12, 0x0a, 0x04, 0x6e,
+	0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12,
+	0x16, 0x0a, 0x06, 0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52,
+	0x06, 0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x12, 0x3b, 0x0a, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f,
+	0x6e, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x21, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
+	0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6e, 0x75, 0x6d, 0x56,
+	0x61, 0x6c, 0x75, 0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x07, 0x6f, 0x70, 0x74,
+	0x69, 0x6f, 0x6e, 0x73, 0x22, 0xa7, 0x01, 0x0a, 0x16, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65,
+	0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x12,
+	0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e,
+	0x61, 0x6d, 0x65, 0x12, 0x3e, 0x0a, 0x06, 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x18, 0x02, 0x20,
+	0x03, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f,
+	0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x44, 0x65, 0x73, 0x63,
+	0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x52, 0x06, 0x6d, 0x65, 0x74,
+	0x68, 0x6f, 0x64, 0x12, 0x39, 0x0a, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x03,
+	0x20, 0x01, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72,
+	0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x4f, 0x70,
+	0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x22, 0x89,
+	0x02, 0x0a, 0x15, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70,
+	0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65,
+	0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x1d, 0x0a, 0x0a,
+	0x69, 0x6e, 0x70, 0x75, 0x74, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09,
+	0x52, 0x09, 0x69, 0x6e, 0x70, 0x75, 0x74, 0x54, 0x79, 0x70, 0x65, 0x12, 0x1f, 0x0a, 0x0b, 0x6f,
+	0x75, 0x74, 0x70, 0x75, 0x74, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09,
+	0x52, 0x0a, 0x6f, 0x75, 0x74, 0x70, 0x75, 0x74, 0x54, 0x79, 0x70, 0x65, 0x12, 0x38, 0x0a, 0x07,
+	0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1e, 0x2e,
+	0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e,
+	0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x07, 0x6f,
+	0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x30, 0x0a, 0x10, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74,
+	0x5f, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x69, 0x6e, 0x67, 0x18, 0x05, 0x20, 0x01, 0x28, 0x08,
+	0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x0f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x53,
+	0x74, 0x72, 0x65, 0x61, 0x6d, 0x69, 0x6e, 0x67, 0x12, 0x30, 0x0a, 0x10, 0x73, 0x65, 0x72, 0x76,
+	0x65, 0x72, 0x5f, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x69, 0x6e, 0x67, 0x18, 0x06, 0x20, 0x01,
+	0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x0f, 0x73, 0x65, 0x72, 0x76, 0x65,
+	0x72, 0x53, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x69, 0x6e, 0x67, 0x22, 0x91, 0x09, 0x0a, 0x0b, 0x46,
+	0x69, 0x6c, 0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x21, 0x0a, 0x0c, 0x6a, 0x61,
+	0x76, 0x61, 0x5f, 0x70, 0x61, 0x63, 0x6b, 0x61, 0x67, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09,
+	0x52, 0x0b, 0x6a, 0x61, 0x76, 0x61, 0x50, 0x61, 0x63, 0x6b, 0x61, 0x67, 0x65, 0x12, 0x30, 0x0a,
+	0x14, 0x6a, 0x61, 0x76, 0x61, 0x5f, 0x6f, 0x75, 0x74, 0x65, 0x72, 0x5f, 0x63, 0x6c, 0x61, 0x73,
+	0x73, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x08, 0x20, 0x01, 0x28, 0x09, 0x52, 0x12, 0x6a, 0x61, 0x76,
+	0x61, 0x4f, 0x75, 0x74, 0x65, 0x72, 0x43, 0x6c, 0x61, 0x73, 0x73, 0x6e, 0x61, 0x6d, 0x65, 0x12,
+	0x35, 0x0a, 0x13, 0x6a, 0x61, 0x76, 0x61, 0x5f, 0x6d, 0x75, 0x6c, 0x74, 0x69, 0x70, 0x6c, 0x65,
+	0x5f, 0x66, 0x69, 0x6c, 0x65, 0x73, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61,
+	0x6c, 0x73, 0x65, 0x52, 0x11, 0x6a, 0x61, 0x76, 0x61, 0x4d, 0x75, 0x6c, 0x74, 0x69, 0x70, 0x6c,
+	0x65, 0x46, 0x69, 0x6c, 0x65, 0x73, 0x12, 0x44, 0x0a, 0x1d, 0x6a, 0x61, 0x76, 0x61, 0x5f, 0x67,
+	0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x5f, 0x65, 0x71, 0x75, 0x61, 0x6c, 0x73, 0x5f, 0x61,
+	0x6e, 0x64, 0x5f, 0x68, 0x61, 0x73, 0x68, 0x18, 0x14, 0x20, 0x01, 0x28, 0x08, 0x42, 0x02, 0x18,
+	0x01, 0x52, 0x19, 0x6a, 0x61, 0x76, 0x61, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x45,
+	0x71, 0x75, 0x61, 0x6c, 0x73, 0x41, 0x6e, 0x64, 0x48, 0x61, 0x73, 0x68, 0x12, 0x3a, 0x0a, 0x16,
+	0x6a, 0x61, 0x76, 0x61, 0x5f, 0x73, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x5f, 0x63, 0x68, 0x65, 0x63,
+	0x6b, 0x5f, 0x75, 0x74, 0x66, 0x38, 0x18, 0x1b, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61,
+	0x6c, 0x73, 0x65, 0x52, 0x13, 0x6a, 0x61, 0x76, 0x61, 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x43,
+	0x68, 0x65, 0x63, 0x6b, 0x55, 0x74, 0x66, 0x38, 0x12, 0x53, 0x0a, 0x0c, 0x6f, 0x70, 0x74, 0x69,
+	0x6d, 0x69, 0x7a, 0x65, 0x5f, 0x66, 0x6f, 0x72, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x29,
 	0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66,
-	0x2e, 0x4f, 0x6e, 0x65, 0x6f, 0x66, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x07, 0x6f,
-	0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x22, 0xe3, 0x02, 0x0a, 0x13, 0x45, 0x6e, 0x75, 0x6d, 0x44,
-	0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x12,
-	0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61,
-	0x6d, 0x65, 0x12, 0x3f, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x03, 0x28,
-	0x0b, 0x32, 0x29, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
-	0x62, 0x75, 0x66, 0x2e, 0x45, 0x6e, 0x75, 0x6d, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x44, 0x65, 0x73,
-	0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x52, 0x05, 0x76, 0x61,
-	0x6c, 0x75, 0x65, 0x12, 0x36, 0x0a, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x03,
-	0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72,
-	0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6e, 0x75, 0x6d, 0x4f, 0x70, 0x74, 0x69, 0x6f,
-	0x6e, 0x73, 0x52, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x5d, 0x0a, 0x0e, 0x72,
-	0x65, 0x73, 0x65, 0x72, 0x76, 0x65, 0x64, 0x5f, 0x72, 0x61, 0x6e, 0x67, 0x65, 0x18, 0x04, 0x20,
-	0x03, 0x28, 0x0b, 0x32, 0x36, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f,
-	0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6e, 0x75, 0x6d, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69,
-	0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x45, 0x6e, 0x75, 0x6d, 0x52, 0x65,
-	0x73, 0x65, 0x72, 0x76, 0x65, 0x64, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x52, 0x0d, 0x72, 0x65, 0x73,
-	0x65, 0x72, 0x76, 0x65, 0x64, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x12, 0x23, 0x0a, 0x0d, 0x72, 0x65,
-	0x73, 0x65, 0x72, 0x76, 0x65, 0x64, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x05, 0x20, 0x03, 0x28,
-	0x09, 0x52, 0x0c, 0x72, 0x65, 0x73, 0x65, 0x72, 0x76, 0x65, 0x64, 0x4e, 0x61, 0x6d, 0x65, 0x1a,
-	0x3b, 0x0a, 0x11, 0x45, 0x6e, 0x75, 0x6d, 0x52, 0x65, 0x73, 0x65, 0x72, 0x76, 0x65, 0x64, 0x52,
-	0x61, 0x6e, 0x67, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x73, 0x74, 0x61, 0x72, 0x74, 0x18, 0x01, 0x20,
-	0x01, 0x28, 0x05, 0x52, 0x05, 0x73, 0x74, 0x61, 0x72, 0x74, 0x12, 0x10, 0x0a, 0x03, 0x65, 0x6e,
-	0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x03, 0x65, 0x6e, 0x64, 0x22, 0x83, 0x01, 0x0a,
-	0x18, 0x45, 0x6e, 0x75, 0x6d, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69,
-	0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d,
-	0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x16, 0x0a,
-	0x06, 0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x06, 0x6e,
-	0x75, 0x6d, 0x62, 0x65, 0x72, 0x12, 0x3b, 0x0a, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73,
-	0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x21, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e,
-	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6e, 0x75, 0x6d, 0x56, 0x61, 0x6c,
-	0x75, 0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f,
-	0x6e, 0x73, 0x22, 0xa7, 0x01, 0x0a, 0x16, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x44, 0x65,
-	0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x12, 0x0a,
-	0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d,
-	0x65, 0x12, 0x3e, 0x0a, 0x06, 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x18, 0x02, 0x20, 0x03, 0x28,
-	0x0b, 0x32, 0x26, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
-	0x62, 0x75, 0x66, 0x2e, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69,
-	0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x52, 0x06, 0x6d, 0x65, 0x74, 0x68, 0x6f,
-	0x64, 0x12, 0x39, 0x0a, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x03, 0x20, 0x01,
-	0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74,
-	0x6f, 0x62, 0x75, 0x66, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x4f, 0x70, 0x74, 0x69,
-	0x6f, 0x6e, 0x73, 0x52, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x22, 0x89, 0x02, 0x0a,
-	0x15, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f,
-	0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01,
-	0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x1d, 0x0a, 0x0a, 0x69, 0x6e,
-	0x70, 0x75, 0x74, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09,
-	0x69, 0x6e, 0x70, 0x75, 0x74, 0x54, 0x79, 0x70, 0x65, 0x12, 0x1f, 0x0a, 0x0b, 0x6f, 0x75, 0x74,
-	0x70, 0x75, 0x74, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a,
-	0x6f, 0x75, 0x74, 0x70, 0x75, 0x74, 0x54, 0x79, 0x70, 0x65, 0x12, 0x38, 0x0a, 0x07, 0x6f, 0x70,
-	0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1e, 0x2e, 0x67, 0x6f,
-	0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x4d, 0x65,
-	0x74, 0x68, 0x6f, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x07, 0x6f, 0x70, 0x74,
-	0x69, 0x6f, 0x6e, 0x73, 0x12, 0x30, 0x0a, 0x10, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x73,
-	0x74, 0x72, 0x65, 0x61, 0x6d, 0x69, 0x6e, 0x67, 0x18, 0x05, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05,
-	0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x0f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x53, 0x74, 0x72,
-	0x65, 0x61, 0x6d, 0x69, 0x6e, 0x67, 0x12, 0x30, 0x0a, 0x10, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72,
-	0x5f, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x69, 0x6e, 0x67, 0x18, 0x06, 0x20, 0x01, 0x28, 0x08,
-	0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x0f, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x53,
-	0x74, 0x72, 0x65, 0x61, 0x6d, 0x69, 0x6e, 0x67, 0x22, 0x91, 0x09, 0x0a, 0x0b, 0x46, 0x69, 0x6c,
-	0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x21, 0x0a, 0x0c, 0x6a, 0x61, 0x76, 0x61,
-	0x5f, 0x70, 0x61, 0x63, 0x6b, 0x61, 0x67, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b,
-	0x6a, 0x61, 0x76, 0x61, 0x50, 0x61, 0x63, 0x6b, 0x61, 0x67, 0x65, 0x12, 0x30, 0x0a, 0x14, 0x6a,
-	0x61, 0x76, 0x61, 0x5f, 0x6f, 0x75, 0x74, 0x65, 0x72, 0x5f, 0x63, 0x6c, 0x61, 0x73, 0x73, 0x6e,
-	0x61, 0x6d, 0x65, 0x18, 0x08, 0x20, 0x01, 0x28, 0x09, 0x52, 0x12, 0x6a, 0x61, 0x76, 0x61, 0x4f,
-	0x75, 0x74, 0x65, 0x72, 0x43, 0x6c, 0x61, 0x73, 0x73, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x35, 0x0a,
-	0x13, 0x6a, 0x61, 0x76, 0x61, 0x5f, 0x6d, 0x75, 0x6c, 0x74, 0x69, 0x70, 0x6c, 0x65, 0x5f, 0x66,
-	0x69, 0x6c, 0x65, 0x73, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73,
-	0x65, 0x52, 0x11, 0x6a, 0x61, 0x76, 0x61, 0x4d, 0x75, 0x6c, 0x74, 0x69, 0x70, 0x6c, 0x65, 0x46,
-	0x69, 0x6c, 0x65, 0x73, 0x12, 0x44, 0x0a, 0x1d, 0x6a, 0x61, 0x76, 0x61, 0x5f, 0x67, 0x65, 0x6e,
-	0x65, 0x72, 0x61, 0x74, 0x65, 0x5f, 0x65, 0x71, 0x75, 0x61, 0x6c, 0x73, 0x5f, 0x61, 0x6e, 0x64,
-	0x5f, 0x68, 0x61, 0x73, 0x68, 0x18, 0x14, 0x20, 0x01, 0x28, 0x08, 0x42, 0x02, 0x18, 0x01, 0x52,
-	0x19, 0x6a, 0x61, 0x76, 0x61, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x45, 0x71, 0x75,
-	0x61, 0x6c, 0x73, 0x41, 0x6e, 0x64, 0x48, 0x61, 0x73, 0x68, 0x12, 0x3a, 0x0a, 0x16, 0x6a, 0x61,
-	0x76, 0x61, 0x5f, 0x73, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x5f, 0x63, 0x68, 0x65, 0x63, 0x6b, 0x5f,
-	0x75, 0x74, 0x66, 0x38, 0x18, 0x1b, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73,
-	0x65, 0x52, 0x13, 0x6a, 0x61, 0x76, 0x61, 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x43, 0x68, 0x65,
-	0x63, 0x6b, 0x55, 0x74, 0x66, 0x38, 0x12, 0x53, 0x0a, 0x0c, 0x6f, 0x70, 0x74, 0x69, 0x6d, 0x69,
-	0x7a, 0x65, 0x5f, 0x66, 0x6f, 0x72, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x29, 0x2e, 0x67,
-	0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46,
-	0x69, 0x6c, 0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x4f, 0x70, 0x74, 0x69, 0x6d,
-	0x69, 0x7a, 0x65, 0x4d, 0x6f, 0x64, 0x65, 0x3a, 0x05, 0x53, 0x50, 0x45, 0x45, 0x44, 0x52, 0x0b,
-	0x6f, 0x70, 0x74, 0x69, 0x6d, 0x69, 0x7a, 0x65, 0x46, 0x6f, 0x72, 0x12, 0x1d, 0x0a, 0x0a, 0x67,
-	0x6f, 0x5f, 0x70, 0x61, 0x63, 0x6b, 0x61, 0x67, 0x65, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x09, 0x52,
-	0x09, 0x67, 0x6f, 0x50, 0x61, 0x63, 0x6b, 0x61, 0x67, 0x65, 0x12, 0x35, 0x0a, 0x13, 0x63, 0x63,
-	0x5f, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x69, 0x63, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65,
-	0x73, 0x18, 0x10, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x11,
-	0x63, 0x63, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x69, 0x63, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65,
-	0x73, 0x12, 0x39, 0x0a, 0x15, 0x6a, 0x61, 0x76, 0x61, 0x5f, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x69,
-	0x63, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x18, 0x11, 0x20, 0x01, 0x28, 0x08,
-	0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x13, 0x6a, 0x61, 0x76, 0x61, 0x47, 0x65, 0x6e,
-	0x65, 0x72, 0x69, 0x63, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x12, 0x35, 0x0a, 0x13,
-	0x70, 0x79, 0x5f, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x69, 0x63, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69,
-	0x63, 0x65, 0x73, 0x18, 0x12, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65,
-	0x52, 0x11, 0x70, 0x79, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x69, 0x63, 0x53, 0x65, 0x72, 0x76, 0x69,
-	0x63, 0x65, 0x73, 0x12, 0x37, 0x0a, 0x14, 0x70, 0x68, 0x70, 0x5f, 0x67, 0x65, 0x6e, 0x65, 0x72,
-	0x69, 0x63, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x18, 0x2a, 0x20, 0x01, 0x28,
-	0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x12, 0x70, 0x68, 0x70, 0x47, 0x65, 0x6e,
-	0x65, 0x72, 0x69, 0x63, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x12, 0x25, 0x0a, 0x0a,
-	0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x18, 0x17, 0x20, 0x01, 0x28, 0x08,
-	0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x0a, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61,
-	0x74, 0x65, 0x64, 0x12, 0x2e, 0x0a, 0x10, 0x63, 0x63, 0x5f, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65,
-	0x5f, 0x61, 0x72, 0x65, 0x6e, 0x61, 0x73, 0x18, 0x1f, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x04, 0x74,
-	0x72, 0x75, 0x65, 0x52, 0x0e, 0x63, 0x63, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x41, 0x72, 0x65,
-	0x6e, 0x61, 0x73, 0x12, 0x2a, 0x0a, 0x11, 0x6f, 0x62, 0x6a, 0x63, 0x5f, 0x63, 0x6c, 0x61, 0x73,
-	0x73, 0x5f, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, 0x18, 0x24, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f,
-	0x6f, 0x62, 0x6a, 0x63, 0x43, 0x6c, 0x61, 0x73, 0x73, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x12,
-	0x29, 0x0a, 0x10, 0x63, 0x73, 0x68, 0x61, 0x72, 0x70, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70,
-	0x61, 0x63, 0x65, 0x18, 0x25, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x63, 0x73, 0x68, 0x61, 0x72,
-	0x70, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x12, 0x21, 0x0a, 0x0c, 0x73, 0x77,
-	0x69, 0x66, 0x74, 0x5f, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, 0x18, 0x27, 0x20, 0x01, 0x28, 0x09,
-	0x52, 0x0b, 0x73, 0x77, 0x69, 0x66, 0x74, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x12, 0x28, 0x0a,
-	0x10, 0x70, 0x68, 0x70, 0x5f, 0x63, 0x6c, 0x61, 0x73, 0x73, 0x5f, 0x70, 0x72, 0x65, 0x66, 0x69,
-	0x78, 0x18, 0x28, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x70, 0x68, 0x70, 0x43, 0x6c, 0x61, 0x73,
-	0x73, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x12, 0x23, 0x0a, 0x0d, 0x70, 0x68, 0x70, 0x5f, 0x6e,
-	0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x18, 0x29, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c,
-	0x70, 0x68, 0x70, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x12, 0x34, 0x0a, 0x16,
-	0x70, 0x68, 0x70, 0x5f, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x5f, 0x6e, 0x61, 0x6d,
-	0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x18, 0x2c, 0x20, 0x01, 0x28, 0x09, 0x52, 0x14, 0x70, 0x68,
-	0x70, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61,
-	0x63, 0x65, 0x12, 0x21, 0x0a, 0x0c, 0x72, 0x75, 0x62, 0x79, 0x5f, 0x70, 0x61, 0x63, 0x6b, 0x61,
-	0x67, 0x65, 0x18, 0x2d, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x72, 0x75, 0x62, 0x79, 0x50, 0x61,
-	0x63, 0x6b, 0x61, 0x67, 0x65, 0x12, 0x58, 0x0a, 0x14, 0x75, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72,
-	0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0xe7, 0x07,
-	0x20, 0x03, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72,
-	0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72,
-	0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x13, 0x75, 0x6e, 0x69, 0x6e,
-	0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x22,
-	0x3a, 0x0a, 0x0c, 0x4f, 0x70, 0x74, 0x69, 0x6d, 0x69, 0x7a, 0x65, 0x4d, 0x6f, 0x64, 0x65, 0x12,
-	0x09, 0x0a, 0x05, 0x53, 0x50, 0x45, 0x45, 0x44, 0x10, 0x01, 0x12, 0x0d, 0x0a, 0x09, 0x43, 0x4f,
-	0x44, 0x45, 0x5f, 0x53, 0x49, 0x5a, 0x45, 0x10, 0x02, 0x12, 0x10, 0x0a, 0x0c, 0x4c, 0x49, 0x54,
-	0x45, 0x5f, 0x52, 0x55, 0x4e, 0x54, 0x49, 0x4d, 0x45, 0x10, 0x03, 0x2a, 0x09, 0x08, 0xe8, 0x07,
-	0x10, 0x80, 0x80, 0x80, 0x80, 0x02, 0x4a, 0x04, 0x08, 0x26, 0x10, 0x27, 0x22, 0xbb, 0x03, 0x0a,
-	0x0e, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12,
-	0x3c, 0x0a, 0x17, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x5f, 0x73, 0x65, 0x74, 0x5f, 0x77,
-	0x69, 0x72, 0x65, 0x5f, 0x66, 0x6f, 0x72, 0x6d, 0x61, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08,
-	0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x14, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65,
-	0x53, 0x65, 0x74, 0x57, 0x69, 0x72, 0x65, 0x46, 0x6f, 0x72, 0x6d, 0x61, 0x74, 0x12, 0x4c, 0x0a,
-	0x1f, 0x6e, 0x6f, 0x5f, 0x73, 0x74, 0x61, 0x6e, 0x64, 0x61, 0x72, 0x64, 0x5f, 0x64, 0x65, 0x73,
-	0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x5f, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x6f, 0x72,
-	0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x1c, 0x6e,
-	0x6f, 0x53, 0x74, 0x61, 0x6e, 0x64, 0x61, 0x72, 0x64, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70,
-	0x74, 0x6f, 0x72, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x6f, 0x72, 0x12, 0x25, 0x0a, 0x0a, 0x64,
-	0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x3a,
-	0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x0a, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74,
-	0x65, 0x64, 0x12, 0x1b, 0x0a, 0x09, 0x6d, 0x61, 0x70, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x18,
-	0x07, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x6d, 0x61, 0x70, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12,
-	0x56, 0x0a, 0x26, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x5f, 0x6c, 0x65,
-	0x67, 0x61, 0x63, 0x79, 0x5f, 0x6a, 0x73, 0x6f, 0x6e, 0x5f, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x5f,
-	0x63, 0x6f, 0x6e, 0x66, 0x6c, 0x69, 0x63, 0x74, 0x73, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x08, 0x42,
-	0x02, 0x18, 0x01, 0x52, 0x22, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x4c,
-	0x65, 0x67, 0x61, 0x63, 0x79, 0x4a, 0x73, 0x6f, 0x6e, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x43, 0x6f,
-	0x6e, 0x66, 0x6c, 0x69, 0x63, 0x74, 0x73, 0x12, 0x58, 0x0a, 0x14, 0x75, 0x6e, 0x69, 0x6e, 0x74,
+	0x2e, 0x46, 0x69, 0x6c, 0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x4f, 0x70, 0x74,
+	0x69, 0x6d, 0x69, 0x7a, 0x65, 0x4d, 0x6f, 0x64, 0x65, 0x3a, 0x05, 0x53, 0x50, 0x45, 0x45, 0x44,
+	0x52, 0x0b, 0x6f, 0x70, 0x74, 0x69, 0x6d, 0x69, 0x7a, 0x65, 0x46, 0x6f, 0x72, 0x12, 0x1d, 0x0a,
+	0x0a, 0x67, 0x6f, 0x5f, 0x70, 0x61, 0x63, 0x6b, 0x61, 0x67, 0x65, 0x18, 0x0b, 0x20, 0x01, 0x28,
+	0x09, 0x52, 0x09, 0x67, 0x6f, 0x50, 0x61, 0x63, 0x6b, 0x61, 0x67, 0x65, 0x12, 0x35, 0x0a, 0x13,
+	0x63, 0x63, 0x5f, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x69, 0x63, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69,
+	0x63, 0x65, 0x73, 0x18, 0x10, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65,
+	0x52, 0x11, 0x63, 0x63, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x69, 0x63, 0x53, 0x65, 0x72, 0x76, 0x69,
+	0x63, 0x65, 0x73, 0x12, 0x39, 0x0a, 0x15, 0x6a, 0x61, 0x76, 0x61, 0x5f, 0x67, 0x65, 0x6e, 0x65,
+	0x72, 0x69, 0x63, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x18, 0x11, 0x20, 0x01,
+	0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x13, 0x6a, 0x61, 0x76, 0x61, 0x47,
+	0x65, 0x6e, 0x65, 0x72, 0x69, 0x63, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x12, 0x35,
+	0x0a, 0x13, 0x70, 0x79, 0x5f, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x69, 0x63, 0x5f, 0x73, 0x65, 0x72,
+	0x76, 0x69, 0x63, 0x65, 0x73, 0x18, 0x12, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c,
+	0x73, 0x65, 0x52, 0x11, 0x70, 0x79, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x69, 0x63, 0x53, 0x65, 0x72,
+	0x76, 0x69, 0x63, 0x65, 0x73, 0x12, 0x37, 0x0a, 0x14, 0x70, 0x68, 0x70, 0x5f, 0x67, 0x65, 0x6e,
+	0x65, 0x72, 0x69, 0x63, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x18, 0x2a, 0x20,
+	0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x12, 0x70, 0x68, 0x70, 0x47,
+	0x65, 0x6e, 0x65, 0x72, 0x69, 0x63, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x12, 0x25,
+	0x0a, 0x0a, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x18, 0x17, 0x20, 0x01,
+	0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x0a, 0x64, 0x65, 0x70, 0x72, 0x65,
+	0x63, 0x61, 0x74, 0x65, 0x64, 0x12, 0x2e, 0x0a, 0x10, 0x63, 0x63, 0x5f, 0x65, 0x6e, 0x61, 0x62,
+	0x6c, 0x65, 0x5f, 0x61, 0x72, 0x65, 0x6e, 0x61, 0x73, 0x18, 0x1f, 0x20, 0x01, 0x28, 0x08, 0x3a,
+	0x04, 0x74, 0x72, 0x75, 0x65, 0x52, 0x0e, 0x63, 0x63, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x41,
+	0x72, 0x65, 0x6e, 0x61, 0x73, 0x12, 0x2a, 0x0a, 0x11, 0x6f, 0x62, 0x6a, 0x63, 0x5f, 0x63, 0x6c,
+	0x61, 0x73, 0x73, 0x5f, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, 0x18, 0x24, 0x20, 0x01, 0x28, 0x09,
+	0x52, 0x0f, 0x6f, 0x62, 0x6a, 0x63, 0x43, 0x6c, 0x61, 0x73, 0x73, 0x50, 0x72, 0x65, 0x66, 0x69,
+	0x78, 0x12, 0x29, 0x0a, 0x10, 0x63, 0x73, 0x68, 0x61, 0x72, 0x70, 0x5f, 0x6e, 0x61, 0x6d, 0x65,
+	0x73, 0x70, 0x61, 0x63, 0x65, 0x18, 0x25, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x63, 0x73, 0x68,
+	0x61, 0x72, 0x70, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x12, 0x21, 0x0a, 0x0c,
+	0x73, 0x77, 0x69, 0x66, 0x74, 0x5f, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, 0x18, 0x27, 0x20, 0x01,
+	0x28, 0x09, 0x52, 0x0b, 0x73, 0x77, 0x69, 0x66, 0x74, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x12,
+	0x28, 0x0a, 0x10, 0x70, 0x68, 0x70, 0x5f, 0x63, 0x6c, 0x61, 0x73, 0x73, 0x5f, 0x70, 0x72, 0x65,
+	0x66, 0x69, 0x78, 0x18, 0x28, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x70, 0x68, 0x70, 0x43, 0x6c,
+	0x61, 0x73, 0x73, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x12, 0x23, 0x0a, 0x0d, 0x70, 0x68, 0x70,
+	0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x18, 0x29, 0x20, 0x01, 0x28, 0x09,
+	0x52, 0x0c, 0x70, 0x68, 0x70, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x12, 0x34,
+	0x0a, 0x16, 0x70, 0x68, 0x70, 0x5f, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x5f, 0x6e,
+	0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x18, 0x2c, 0x20, 0x01, 0x28, 0x09, 0x52, 0x14,
+	0x70, 0x68, 0x70, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x4e, 0x61, 0x6d, 0x65, 0x73,
+	0x70, 0x61, 0x63, 0x65, 0x12, 0x21, 0x0a, 0x0c, 0x72, 0x75, 0x62, 0x79, 0x5f, 0x70, 0x61, 0x63,
+	0x6b, 0x61, 0x67, 0x65, 0x18, 0x2d, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x72, 0x75, 0x62, 0x79,
+	0x50, 0x61, 0x63, 0x6b, 0x61, 0x67, 0x65, 0x12, 0x58, 0x0a, 0x14, 0x75, 0x6e, 0x69, 0x6e, 0x74,
 	0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x18,
 	0xe7, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e,
 	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72,
 	0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x13, 0x75, 0x6e,
 	0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f,
-	0x6e, 0x2a, 0x09, 0x08, 0xe8, 0x07, 0x10, 0x80, 0x80, 0x80, 0x80, 0x02, 0x4a, 0x04, 0x08, 0x04,
-	0x10, 0x05, 0x4a, 0x04, 0x08, 0x05, 0x10, 0x06, 0x4a, 0x04, 0x08, 0x06, 0x10, 0x07, 0x4a, 0x04,
-	0x08, 0x08, 0x10, 0x09, 0x4a, 0x04, 0x08, 0x09, 0x10, 0x0a, 0x22, 0xb7, 0x08, 0x0a, 0x0c, 0x46,
-	0x69, 0x65, 0x6c, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x41, 0x0a, 0x05, 0x63,
-	0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x23, 0x2e, 0x67, 0x6f, 0x6f,
-	0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x65,
-	0x6c, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x43, 0x54, 0x79, 0x70, 0x65, 0x3a,
-	0x06, 0x53, 0x54, 0x52, 0x49, 0x4e, 0x47, 0x52, 0x05, 0x63, 0x74, 0x79, 0x70, 0x65, 0x12, 0x16,
-	0x0a, 0x06, 0x70, 0x61, 0x63, 0x6b, 0x65, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x06,
-	0x70, 0x61, 0x63, 0x6b, 0x65, 0x64, 0x12, 0x47, 0x0a, 0x06, 0x6a, 0x73, 0x74, 0x79, 0x70, 0x65,
-	0x18, 0x06, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x24, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e,
-	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x4f, 0x70,
-	0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x4a, 0x53, 0x54, 0x79, 0x70, 0x65, 0x3a, 0x09, 0x4a, 0x53,
-	0x5f, 0x4e, 0x4f, 0x52, 0x4d, 0x41, 0x4c, 0x52, 0x06, 0x6a, 0x73, 0x74, 0x79, 0x70, 0x65, 0x12,
-	0x19, 0x0a, 0x04, 0x6c, 0x61, 0x7a, 0x79, 0x18, 0x05, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66,
-	0x61, 0x6c, 0x73, 0x65, 0x52, 0x04, 0x6c, 0x61, 0x7a, 0x79, 0x12, 0x2e, 0x0a, 0x0f, 0x75, 0x6e,
-	0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x65, 0x64, 0x5f, 0x6c, 0x61, 0x7a, 0x79, 0x18, 0x0f, 0x20,
-	0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x0e, 0x75, 0x6e, 0x76, 0x65,
-	0x72, 0x69, 0x66, 0x69, 0x65, 0x64, 0x4c, 0x61, 0x7a, 0x79, 0x12, 0x25, 0x0a, 0x0a, 0x64, 0x65,
-	0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05,
-	0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x0a, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65,
-	0x64, 0x12, 0x19, 0x0a, 0x04, 0x77, 0x65, 0x61, 0x6b, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x08, 0x3a,
-	0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x04, 0x77, 0x65, 0x61, 0x6b, 0x12, 0x28, 0x0a, 0x0c,
-	0x64, 0x65, 0x62, 0x75, 0x67, 0x5f, 0x72, 0x65, 0x64, 0x61, 0x63, 0x74, 0x18, 0x10, 0x20, 0x01,
-	0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x0b, 0x64, 0x65, 0x62, 0x75, 0x67,
-	0x52, 0x65, 0x64, 0x61, 0x63, 0x74, 0x12, 0x4b, 0x0a, 0x09, 0x72, 0x65, 0x74, 0x65, 0x6e, 0x74,
-	0x69, 0x6f, 0x6e, 0x18, 0x11, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2d, 0x2e, 0x67, 0x6f, 0x6f, 0x67,
-	0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x65, 0x6c,
-	0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x52,
-	0x65, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x09, 0x72, 0x65, 0x74, 0x65, 0x6e, 0x74,
-	0x69, 0x6f, 0x6e, 0x12, 0x46, 0x0a, 0x06, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x18, 0x12, 0x20,
-	0x01, 0x28, 0x0e, 0x32, 0x2e, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f,
-	0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f,
-	0x6e, 0x73, 0x2e, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x54,
-	0x79, 0x70, 0x65, 0x52, 0x06, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x12, 0x58, 0x0a, 0x14, 0x75,
+	0x6e, 0x22, 0x3a, 0x0a, 0x0c, 0x4f, 0x70, 0x74, 0x69, 0x6d, 0x69, 0x7a, 0x65, 0x4d, 0x6f, 0x64,
+	0x65, 0x12, 0x09, 0x0a, 0x05, 0x53, 0x50, 0x45, 0x45, 0x44, 0x10, 0x01, 0x12, 0x0d, 0x0a, 0x09,
+	0x43, 0x4f, 0x44, 0x45, 0x5f, 0x53, 0x49, 0x5a, 0x45, 0x10, 0x02, 0x12, 0x10, 0x0a, 0x0c, 0x4c,
+	0x49, 0x54, 0x45, 0x5f, 0x52, 0x55, 0x4e, 0x54, 0x49, 0x4d, 0x45, 0x10, 0x03, 0x2a, 0x09, 0x08,
+	0xe8, 0x07, 0x10, 0x80, 0x80, 0x80, 0x80, 0x02, 0x4a, 0x04, 0x08, 0x26, 0x10, 0x27, 0x22, 0xbb,
+	0x03, 0x0a, 0x0e, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e,
+	0x73, 0x12, 0x3c, 0x0a, 0x17, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x5f, 0x73, 0x65, 0x74,
+	0x5f, 0x77, 0x69, 0x72, 0x65, 0x5f, 0x66, 0x6f, 0x72, 0x6d, 0x61, 0x74, 0x18, 0x01, 0x20, 0x01,
+	0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x14, 0x6d, 0x65, 0x73, 0x73, 0x61,
+	0x67, 0x65, 0x53, 0x65, 0x74, 0x57, 0x69, 0x72, 0x65, 0x46, 0x6f, 0x72, 0x6d, 0x61, 0x74, 0x12,
+	0x4c, 0x0a, 0x1f, 0x6e, 0x6f, 0x5f, 0x73, 0x74, 0x61, 0x6e, 0x64, 0x61, 0x72, 0x64, 0x5f, 0x64,
+	0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x5f, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73,
+	0x6f, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52,
+	0x1c, 0x6e, 0x6f, 0x53, 0x74, 0x61, 0x6e, 0x64, 0x61, 0x72, 0x64, 0x44, 0x65, 0x73, 0x63, 0x72,
+	0x69, 0x70, 0x74, 0x6f, 0x72, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x6f, 0x72, 0x12, 0x25, 0x0a,
+	0x0a, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28,
+	0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x0a, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63,
+	0x61, 0x74, 0x65, 0x64, 0x12, 0x1b, 0x0a, 0x09, 0x6d, 0x61, 0x70, 0x5f, 0x65, 0x6e, 0x74, 0x72,
+	0x79, 0x18, 0x07, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x6d, 0x61, 0x70, 0x45, 0x6e, 0x74, 0x72,
+	0x79, 0x12, 0x56, 0x0a, 0x26, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x5f,
+	0x6c, 0x65, 0x67, 0x61, 0x63, 0x79, 0x5f, 0x6a, 0x73, 0x6f, 0x6e, 0x5f, 0x66, 0x69, 0x65, 0x6c,
+	0x64, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x6c, 0x69, 0x63, 0x74, 0x73, 0x18, 0x0b, 0x20, 0x01, 0x28,
+	0x08, 0x42, 0x02, 0x18, 0x01, 0x52, 0x22, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65,
+	0x64, 0x4c, 0x65, 0x67, 0x61, 0x63, 0x79, 0x4a, 0x73, 0x6f, 0x6e, 0x46, 0x69, 0x65, 0x6c, 0x64,
+	0x43, 0x6f, 0x6e, 0x66, 0x6c, 0x69, 0x63, 0x74, 0x73, 0x12, 0x58, 0x0a, 0x14, 0x75, 0x6e, 0x69,
+	0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f,
+	0x6e, 0x18, 0xe7, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
+	0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x6e, 0x69, 0x6e, 0x74,
+	0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x13,
+	0x75, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74,
+	0x69, 0x6f, 0x6e, 0x2a, 0x09, 0x08, 0xe8, 0x07, 0x10, 0x80, 0x80, 0x80, 0x80, 0x02, 0x4a, 0x04,
+	0x08, 0x04, 0x10, 0x05, 0x4a, 0x04, 0x08, 0x05, 0x10, 0x06, 0x4a, 0x04, 0x08, 0x06, 0x10, 0x07,
+	0x4a, 0x04, 0x08, 0x08, 0x10, 0x09, 0x4a, 0x04, 0x08, 0x09, 0x10, 0x0a, 0x22, 0x85, 0x09, 0x0a,
+	0x0c, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x41, 0x0a,
+	0x05, 0x63, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x23, 0x2e, 0x67,
+	0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46,
+	0x69, 0x65, 0x6c, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x43, 0x54, 0x79, 0x70,
+	0x65, 0x3a, 0x06, 0x53, 0x54, 0x52, 0x49, 0x4e, 0x47, 0x52, 0x05, 0x63, 0x74, 0x79, 0x70, 0x65,
+	0x12, 0x16, 0x0a, 0x06, 0x70, 0x61, 0x63, 0x6b, 0x65, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08,
+	0x52, 0x06, 0x70, 0x61, 0x63, 0x6b, 0x65, 0x64, 0x12, 0x47, 0x0a, 0x06, 0x6a, 0x73, 0x74, 0x79,
+	0x70, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x24, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
+	0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x65, 0x6c, 0x64,
+	0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x4a, 0x53, 0x54, 0x79, 0x70, 0x65, 0x3a, 0x09,
+	0x4a, 0x53, 0x5f, 0x4e, 0x4f, 0x52, 0x4d, 0x41, 0x4c, 0x52, 0x06, 0x6a, 0x73, 0x74, 0x79, 0x70,
+	0x65, 0x12, 0x19, 0x0a, 0x04, 0x6c, 0x61, 0x7a, 0x79, 0x18, 0x05, 0x20, 0x01, 0x28, 0x08, 0x3a,
+	0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x04, 0x6c, 0x61, 0x7a, 0x79, 0x12, 0x2e, 0x0a, 0x0f,
+	0x75, 0x6e, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x65, 0x64, 0x5f, 0x6c, 0x61, 0x7a, 0x79, 0x18,
+	0x0f, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x0e, 0x75, 0x6e,
+	0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x65, 0x64, 0x4c, 0x61, 0x7a, 0x79, 0x12, 0x25, 0x0a, 0x0a,
+	0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08,
+	0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x0a, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61,
+	0x74, 0x65, 0x64, 0x12, 0x19, 0x0a, 0x04, 0x77, 0x65, 0x61, 0x6b, 0x18, 0x0a, 0x20, 0x01, 0x28,
+	0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x04, 0x77, 0x65, 0x61, 0x6b, 0x12, 0x28,
+	0x0a, 0x0c, 0x64, 0x65, 0x62, 0x75, 0x67, 0x5f, 0x72, 0x65, 0x64, 0x61, 0x63, 0x74, 0x18, 0x10,
+	0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x0b, 0x64, 0x65, 0x62,
+	0x75, 0x67, 0x52, 0x65, 0x64, 0x61, 0x63, 0x74, 0x12, 0x4b, 0x0a, 0x09, 0x72, 0x65, 0x74, 0x65,
+	0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x11, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2d, 0x2e, 0x67, 0x6f,
+	0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69,
+	0x65, 0x6c, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x4f, 0x70, 0x74, 0x69, 0x6f,
+	0x6e, 0x52, 0x65, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x09, 0x72, 0x65, 0x74, 0x65,
+	0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x4a, 0x0a, 0x06, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x18,
+	0x12, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2e, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70,
+	0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x4f, 0x70, 0x74,
+	0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x61, 0x72, 0x67, 0x65,
+	0x74, 0x54, 0x79, 0x70, 0x65, 0x42, 0x02, 0x18, 0x01, 0x52, 0x06, 0x74, 0x61, 0x72, 0x67, 0x65,
+	0x74, 0x12, 0x48, 0x0a, 0x07, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x73, 0x18, 0x13, 0x20, 0x03,
+	0x28, 0x0e, 0x32, 0x2e, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74,
+	0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e,
+	0x73, 0x2e, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x54, 0x79,
+	0x70, 0x65, 0x52, 0x07, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x73, 0x12, 0x58, 0x0a, 0x14, 0x75,
 	0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x5f, 0x6f, 0x70, 0x74,
 	0x69, 0x6f, 0x6e, 0x18, 0xe7, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x67, 0x6f, 0x6f,
 	0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x6e, 0x69,
@@ -3885,98 +4123,103 @@ func file_google_protobuf_descriptor_proto_rawDescGZIP() []byte {
 	return file_google_protobuf_descriptor_proto_rawDescData
 }
 
-var file_google_protobuf_descriptor_proto_enumTypes = make([]protoimpl.EnumInfo, 9)
-var file_google_protobuf_descriptor_proto_msgTypes = make([]protoimpl.MessageInfo, 27)
+var file_google_protobuf_descriptor_proto_enumTypes = make([]protoimpl.EnumInfo, 10)
+var file_google_protobuf_descriptor_proto_msgTypes = make([]protoimpl.MessageInfo, 28)
 var file_google_protobuf_descriptor_proto_goTypes = []interface{}{
-	(FieldDescriptorProto_Type)(0),                // 0: google.protobuf.FieldDescriptorProto.Type
-	(FieldDescriptorProto_Label)(0),               // 1: google.protobuf.FieldDescriptorProto.Label
-	(FileOptions_OptimizeMode)(0),                 // 2: google.protobuf.FileOptions.OptimizeMode
-	(FieldOptions_CType)(0),                       // 3: google.protobuf.FieldOptions.CType
-	(FieldOptions_JSType)(0),                      // 4: google.protobuf.FieldOptions.JSType
-	(FieldOptions_OptionRetention)(0),             // 5: google.protobuf.FieldOptions.OptionRetention
-	(FieldOptions_OptionTargetType)(0),            // 6: google.protobuf.FieldOptions.OptionTargetType
-	(MethodOptions_IdempotencyLevel)(0),           // 7: google.protobuf.MethodOptions.IdempotencyLevel
-	(GeneratedCodeInfo_Annotation_Semantic)(0),    // 8: google.protobuf.GeneratedCodeInfo.Annotation.Semantic
-	(*FileDescriptorSet)(nil),                     // 9: google.protobuf.FileDescriptorSet
-	(*FileDescriptorProto)(nil),                   // 10: google.protobuf.FileDescriptorProto
-	(*DescriptorProto)(nil),                       // 11: google.protobuf.DescriptorProto
-	(*ExtensionRangeOptions)(nil),                 // 12: google.protobuf.ExtensionRangeOptions
-	(*FieldDescriptorProto)(nil),                  // 13: google.protobuf.FieldDescriptorProto
-	(*OneofDescriptorProto)(nil),                  // 14: google.protobuf.OneofDescriptorProto
-	(*EnumDescriptorProto)(nil),                   // 15: google.protobuf.EnumDescriptorProto
-	(*EnumValueDescriptorProto)(nil),              // 16: google.protobuf.EnumValueDescriptorProto
-	(*ServiceDescriptorProto)(nil),                // 17: google.protobuf.ServiceDescriptorProto
-	(*MethodDescriptorProto)(nil),                 // 18: google.protobuf.MethodDescriptorProto
-	(*FileOptions)(nil),                           // 19: google.protobuf.FileOptions
-	(*MessageOptions)(nil),                        // 20: google.protobuf.MessageOptions
-	(*FieldOptions)(nil),                          // 21: google.protobuf.FieldOptions
-	(*OneofOptions)(nil),                          // 22: google.protobuf.OneofOptions
-	(*EnumOptions)(nil),                           // 23: google.protobuf.EnumOptions
-	(*EnumValueOptions)(nil),                      // 24: google.protobuf.EnumValueOptions
-	(*ServiceOptions)(nil),                        // 25: google.protobuf.ServiceOptions
-	(*MethodOptions)(nil),                         // 26: google.protobuf.MethodOptions
-	(*UninterpretedOption)(nil),                   // 27: google.protobuf.UninterpretedOption
-	(*SourceCodeInfo)(nil),                        // 28: google.protobuf.SourceCodeInfo
-	(*GeneratedCodeInfo)(nil),                     // 29: google.protobuf.GeneratedCodeInfo
-	(*DescriptorProto_ExtensionRange)(nil),        // 30: google.protobuf.DescriptorProto.ExtensionRange
-	(*DescriptorProto_ReservedRange)(nil),         // 31: google.protobuf.DescriptorProto.ReservedRange
-	(*EnumDescriptorProto_EnumReservedRange)(nil), // 32: google.protobuf.EnumDescriptorProto.EnumReservedRange
-	(*UninterpretedOption_NamePart)(nil),          // 33: google.protobuf.UninterpretedOption.NamePart
-	(*SourceCodeInfo_Location)(nil),               // 34: google.protobuf.SourceCodeInfo.Location
-	(*GeneratedCodeInfo_Annotation)(nil),          // 35: google.protobuf.GeneratedCodeInfo.Annotation
+	(ExtensionRangeOptions_VerificationState)(0),  // 0: google.protobuf.ExtensionRangeOptions.VerificationState
+	(FieldDescriptorProto_Type)(0),                // 1: google.protobuf.FieldDescriptorProto.Type
+	(FieldDescriptorProto_Label)(0),               // 2: google.protobuf.FieldDescriptorProto.Label
+	(FileOptions_OptimizeMode)(0),                 // 3: google.protobuf.FileOptions.OptimizeMode
+	(FieldOptions_CType)(0),                       // 4: google.protobuf.FieldOptions.CType
+	(FieldOptions_JSType)(0),                      // 5: google.protobuf.FieldOptions.JSType
+	(FieldOptions_OptionRetention)(0),             // 6: google.protobuf.FieldOptions.OptionRetention
+	(FieldOptions_OptionTargetType)(0),            // 7: google.protobuf.FieldOptions.OptionTargetType
+	(MethodOptions_IdempotencyLevel)(0),           // 8: google.protobuf.MethodOptions.IdempotencyLevel
+	(GeneratedCodeInfo_Annotation_Semantic)(0),    // 9: google.protobuf.GeneratedCodeInfo.Annotation.Semantic
+	(*FileDescriptorSet)(nil),                     // 10: google.protobuf.FileDescriptorSet
+	(*FileDescriptorProto)(nil),                   // 11: google.protobuf.FileDescriptorProto
+	(*DescriptorProto)(nil),                       // 12: google.protobuf.DescriptorProto
+	(*ExtensionRangeOptions)(nil),                 // 13: google.protobuf.ExtensionRangeOptions
+	(*FieldDescriptorProto)(nil),                  // 14: google.protobuf.FieldDescriptorProto
+	(*OneofDescriptorProto)(nil),                  // 15: google.protobuf.OneofDescriptorProto
+	(*EnumDescriptorProto)(nil),                   // 16: google.protobuf.EnumDescriptorProto
+	(*EnumValueDescriptorProto)(nil),              // 17: google.protobuf.EnumValueDescriptorProto
+	(*ServiceDescriptorProto)(nil),                // 18: google.protobuf.ServiceDescriptorProto
+	(*MethodDescriptorProto)(nil),                 // 19: google.protobuf.MethodDescriptorProto
+	(*FileOptions)(nil),                           // 20: google.protobuf.FileOptions
+	(*MessageOptions)(nil),                        // 21: google.protobuf.MessageOptions
+	(*FieldOptions)(nil),                          // 22: google.protobuf.FieldOptions
+	(*OneofOptions)(nil),                          // 23: google.protobuf.OneofOptions
+	(*EnumOptions)(nil),                           // 24: google.protobuf.EnumOptions
+	(*EnumValueOptions)(nil),                      // 25: google.protobuf.EnumValueOptions
+	(*ServiceOptions)(nil),                        // 26: google.protobuf.ServiceOptions
+	(*MethodOptions)(nil),                         // 27: google.protobuf.MethodOptions
+	(*UninterpretedOption)(nil),                   // 28: google.protobuf.UninterpretedOption
+	(*SourceCodeInfo)(nil),                        // 29: google.protobuf.SourceCodeInfo
+	(*GeneratedCodeInfo)(nil),                     // 30: google.protobuf.GeneratedCodeInfo
+	(*DescriptorProto_ExtensionRange)(nil),        // 31: google.protobuf.DescriptorProto.ExtensionRange
+	(*DescriptorProto_ReservedRange)(nil),         // 32: google.protobuf.DescriptorProto.ReservedRange
+	(*ExtensionRangeOptions_Declaration)(nil),     // 33: google.protobuf.ExtensionRangeOptions.Declaration
+	(*EnumDescriptorProto_EnumReservedRange)(nil), // 34: google.protobuf.EnumDescriptorProto.EnumReservedRange
+	(*UninterpretedOption_NamePart)(nil),          // 35: google.protobuf.UninterpretedOption.NamePart
+	(*SourceCodeInfo_Location)(nil),               // 36: google.protobuf.SourceCodeInfo.Location
+	(*GeneratedCodeInfo_Annotation)(nil),          // 37: google.protobuf.GeneratedCodeInfo.Annotation
 }
 var file_google_protobuf_descriptor_proto_depIdxs = []int32{
-	10, // 0: google.protobuf.FileDescriptorSet.file:type_name -> google.protobuf.FileDescriptorProto
-	11, // 1: google.protobuf.FileDescriptorProto.message_type:type_name -> google.protobuf.DescriptorProto
-	15, // 2: google.protobuf.FileDescriptorProto.enum_type:type_name -> google.protobuf.EnumDescriptorProto
-	17, // 3: google.protobuf.FileDescriptorProto.service:type_name -> google.protobuf.ServiceDescriptorProto
-	13, // 4: google.protobuf.FileDescriptorProto.extension:type_name -> google.protobuf.FieldDescriptorProto
-	19, // 5: google.protobuf.FileDescriptorProto.options:type_name -> google.protobuf.FileOptions
-	28, // 6: google.protobuf.FileDescriptorProto.source_code_info:type_name -> google.protobuf.SourceCodeInfo
-	13, // 7: google.protobuf.DescriptorProto.field:type_name -> google.protobuf.FieldDescriptorProto
-	13, // 8: google.protobuf.DescriptorProto.extension:type_name -> google.protobuf.FieldDescriptorProto
-	11, // 9: google.protobuf.DescriptorProto.nested_type:type_name -> google.protobuf.DescriptorProto
-	15, // 10: google.protobuf.DescriptorProto.enum_type:type_name -> google.protobuf.EnumDescriptorProto
-	30, // 11: google.protobuf.DescriptorProto.extension_range:type_name -> google.protobuf.DescriptorProto.ExtensionRange
-	14, // 12: google.protobuf.DescriptorProto.oneof_decl:type_name -> google.protobuf.OneofDescriptorProto
-	20, // 13: google.protobuf.DescriptorProto.options:type_name -> google.protobuf.MessageOptions
-	31, // 14: google.protobuf.DescriptorProto.reserved_range:type_name -> google.protobuf.DescriptorProto.ReservedRange
-	27, // 15: google.protobuf.ExtensionRangeOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption
-	1,  // 16: google.protobuf.FieldDescriptorProto.label:type_name -> google.protobuf.FieldDescriptorProto.Label
-	0,  // 17: google.protobuf.FieldDescriptorProto.type:type_name -> google.protobuf.FieldDescriptorProto.Type
-	21, // 18: google.protobuf.FieldDescriptorProto.options:type_name -> google.protobuf.FieldOptions
-	22, // 19: google.protobuf.OneofDescriptorProto.options:type_name -> google.protobuf.OneofOptions
-	16, // 20: google.protobuf.EnumDescriptorProto.value:type_name -> google.protobuf.EnumValueDescriptorProto
-	23, // 21: google.protobuf.EnumDescriptorProto.options:type_name -> google.protobuf.EnumOptions
-	32, // 22: google.protobuf.EnumDescriptorProto.reserved_range:type_name -> google.protobuf.EnumDescriptorProto.EnumReservedRange
-	24, // 23: google.protobuf.EnumValueDescriptorProto.options:type_name -> google.protobuf.EnumValueOptions
-	18, // 24: google.protobuf.ServiceDescriptorProto.method:type_name -> google.protobuf.MethodDescriptorProto
-	25, // 25: google.protobuf.ServiceDescriptorProto.options:type_name -> google.protobuf.ServiceOptions
-	26, // 26: google.protobuf.MethodDescriptorProto.options:type_name -> google.protobuf.MethodOptions
-	2,  // 27: google.protobuf.FileOptions.optimize_for:type_name -> google.protobuf.FileOptions.OptimizeMode
-	27, // 28: google.protobuf.FileOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption
-	27, // 29: google.protobuf.MessageOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption
-	3,  // 30: google.protobuf.FieldOptions.ctype:type_name -> google.protobuf.FieldOptions.CType
-	4,  // 31: google.protobuf.FieldOptions.jstype:type_name -> google.protobuf.FieldOptions.JSType
-	5,  // 32: google.protobuf.FieldOptions.retention:type_name -> google.protobuf.FieldOptions.OptionRetention
-	6,  // 33: google.protobuf.FieldOptions.target:type_name -> google.protobuf.FieldOptions.OptionTargetType
-	27, // 34: google.protobuf.FieldOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption
-	27, // 35: google.protobuf.OneofOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption
-	27, // 36: google.protobuf.EnumOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption
-	27, // 37: google.protobuf.EnumValueOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption
-	27, // 38: google.protobuf.ServiceOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption
-	7,  // 39: google.protobuf.MethodOptions.idempotency_level:type_name -> google.protobuf.MethodOptions.IdempotencyLevel
-	27, // 40: google.protobuf.MethodOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption
-	33, // 41: google.protobuf.UninterpretedOption.name:type_name -> google.protobuf.UninterpretedOption.NamePart
-	34, // 42: google.protobuf.SourceCodeInfo.location:type_name -> google.protobuf.SourceCodeInfo.Location
-	35, // 43: google.protobuf.GeneratedCodeInfo.annotation:type_name -> google.protobuf.GeneratedCodeInfo.Annotation
-	12, // 44: google.protobuf.DescriptorProto.ExtensionRange.options:type_name -> google.protobuf.ExtensionRangeOptions
-	8,  // 45: google.protobuf.GeneratedCodeInfo.Annotation.semantic:type_name -> google.protobuf.GeneratedCodeInfo.Annotation.Semantic
-	46, // [46:46] is the sub-list for method output_type
-	46, // [46:46] is the sub-list for method input_type
-	46, // [46:46] is the sub-list for extension type_name
-	46, // [46:46] is the sub-list for extension extendee
-	0,  // [0:46] is the sub-list for field type_name
+	11, // 0: google.protobuf.FileDescriptorSet.file:type_name -> google.protobuf.FileDescriptorProto
+	12, // 1: google.protobuf.FileDescriptorProto.message_type:type_name -> google.protobuf.DescriptorProto
+	16, // 2: google.protobuf.FileDescriptorProto.enum_type:type_name -> google.protobuf.EnumDescriptorProto
+	18, // 3: google.protobuf.FileDescriptorProto.service:type_name -> google.protobuf.ServiceDescriptorProto
+	14, // 4: google.protobuf.FileDescriptorProto.extension:type_name -> google.protobuf.FieldDescriptorProto
+	20, // 5: google.protobuf.FileDescriptorProto.options:type_name -> google.protobuf.FileOptions
+	29, // 6: google.protobuf.FileDescriptorProto.source_code_info:type_name -> google.protobuf.SourceCodeInfo
+	14, // 7: google.protobuf.DescriptorProto.field:type_name -> google.protobuf.FieldDescriptorProto
+	14, // 8: google.protobuf.DescriptorProto.extension:type_name -> google.protobuf.FieldDescriptorProto
+	12, // 9: google.protobuf.DescriptorProto.nested_type:type_name -> google.protobuf.DescriptorProto
+	16, // 10: google.protobuf.DescriptorProto.enum_type:type_name -> google.protobuf.EnumDescriptorProto
+	31, // 11: google.protobuf.DescriptorProto.extension_range:type_name -> google.protobuf.DescriptorProto.ExtensionRange
+	15, // 12: google.protobuf.DescriptorProto.oneof_decl:type_name -> google.protobuf.OneofDescriptorProto
+	21, // 13: google.protobuf.DescriptorProto.options:type_name -> google.protobuf.MessageOptions
+	32, // 14: google.protobuf.DescriptorProto.reserved_range:type_name -> google.protobuf.DescriptorProto.ReservedRange
+	28, // 15: google.protobuf.ExtensionRangeOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption
+	33, // 16: google.protobuf.ExtensionRangeOptions.declaration:type_name -> google.protobuf.ExtensionRangeOptions.Declaration
+	0,  // 17: google.protobuf.ExtensionRangeOptions.verification:type_name -> google.protobuf.ExtensionRangeOptions.VerificationState
+	2,  // 18: google.protobuf.FieldDescriptorProto.label:type_name -> google.protobuf.FieldDescriptorProto.Label
+	1,  // 19: google.protobuf.FieldDescriptorProto.type:type_name -> google.protobuf.FieldDescriptorProto.Type
+	22, // 20: google.protobuf.FieldDescriptorProto.options:type_name -> google.protobuf.FieldOptions
+	23, // 21: google.protobuf.OneofDescriptorProto.options:type_name -> google.protobuf.OneofOptions
+	17, // 22: google.protobuf.EnumDescriptorProto.value:type_name -> google.protobuf.EnumValueDescriptorProto
+	24, // 23: google.protobuf.EnumDescriptorProto.options:type_name -> google.protobuf.EnumOptions
+	34, // 24: google.protobuf.EnumDescriptorProto.reserved_range:type_name -> google.protobuf.EnumDescriptorProto.EnumReservedRange
+	25, // 25: google.protobuf.EnumValueDescriptorProto.options:type_name -> google.protobuf.EnumValueOptions
+	19, // 26: google.protobuf.ServiceDescriptorProto.method:type_name -> google.protobuf.MethodDescriptorProto
+	26, // 27: google.protobuf.ServiceDescriptorProto.options:type_name -> google.protobuf.ServiceOptions
+	27, // 28: google.protobuf.MethodDescriptorProto.options:type_name -> google.protobuf.MethodOptions
+	3,  // 29: google.protobuf.FileOptions.optimize_for:type_name -> google.protobuf.FileOptions.OptimizeMode
+	28, // 30: google.protobuf.FileOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption
+	28, // 31: google.protobuf.MessageOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption
+	4,  // 32: google.protobuf.FieldOptions.ctype:type_name -> google.protobuf.FieldOptions.CType
+	5,  // 33: google.protobuf.FieldOptions.jstype:type_name -> google.protobuf.FieldOptions.JSType
+	6,  // 34: google.protobuf.FieldOptions.retention:type_name -> google.protobuf.FieldOptions.OptionRetention
+	7,  // 35: google.protobuf.FieldOptions.target:type_name -> google.protobuf.FieldOptions.OptionTargetType
+	7,  // 36: google.protobuf.FieldOptions.targets:type_name -> google.protobuf.FieldOptions.OptionTargetType
+	28, // 37: google.protobuf.FieldOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption
+	28, // 38: google.protobuf.OneofOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption
+	28, // 39: google.protobuf.EnumOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption
+	28, // 40: google.protobuf.EnumValueOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption
+	28, // 41: google.protobuf.ServiceOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption
+	8,  // 42: google.protobuf.MethodOptions.idempotency_level:type_name -> google.protobuf.MethodOptions.IdempotencyLevel
+	28, // 43: google.protobuf.MethodOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption
+	35, // 44: google.protobuf.UninterpretedOption.name:type_name -> google.protobuf.UninterpretedOption.NamePart
+	36, // 45: google.protobuf.SourceCodeInfo.location:type_name -> google.protobuf.SourceCodeInfo.Location
+	37, // 46: google.protobuf.GeneratedCodeInfo.annotation:type_name -> google.protobuf.GeneratedCodeInfo.Annotation
+	13, // 47: google.protobuf.DescriptorProto.ExtensionRange.options:type_name -> google.protobuf.ExtensionRangeOptions
+	9,  // 48: google.protobuf.GeneratedCodeInfo.Annotation.semantic:type_name -> google.protobuf.GeneratedCodeInfo.Annotation.Semantic
+	49, // [49:49] is the sub-list for method output_type
+	49, // [49:49] is the sub-list for method input_type
+	49, // [49:49] is the sub-list for extension type_name
+	49, // [49:49] is the sub-list for extension extendee
+	0,  // [0:49] is the sub-list for field type_name
 }
 
 func init() { file_google_protobuf_descriptor_proto_init() }
@@ -4280,7 +4523,7 @@ func file_google_protobuf_descriptor_proto_init() {
 			}
 		}
 		file_google_protobuf_descriptor_proto_msgTypes[23].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*EnumDescriptorProto_EnumReservedRange); i {
+			switch v := v.(*ExtensionRangeOptions_Declaration); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -4292,7 +4535,7 @@ func file_google_protobuf_descriptor_proto_init() {
 			}
 		}
 		file_google_protobuf_descriptor_proto_msgTypes[24].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*UninterpretedOption_NamePart); i {
+			switch v := v.(*EnumDescriptorProto_EnumReservedRange); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -4304,7 +4547,7 @@ func file_google_protobuf_descriptor_proto_init() {
 			}
 		}
 		file_google_protobuf_descriptor_proto_msgTypes[25].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*SourceCodeInfo_Location); i {
+			switch v := v.(*UninterpretedOption_NamePart); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -4316,6 +4559,18 @@ func file_google_protobuf_descriptor_proto_init() {
 			}
 		}
 		file_google_protobuf_descriptor_proto_msgTypes[26].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*SourceCodeInfo_Location); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_google_protobuf_descriptor_proto_msgTypes[27].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*GeneratedCodeInfo_Annotation); i {
 			case 0:
 				return &v.state
@@ -4333,8 +4588,8 @@ func file_google_protobuf_descriptor_proto_init() {
 		File: protoimpl.DescBuilder{
 			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
 			RawDescriptor: file_google_protobuf_descriptor_proto_rawDesc,
-			NumEnums:      9,
-			NumMessages:   27,
+			NumEnums:      10,
+			NumMessages:   28,
 			NumExtensions: 0,
 			NumServices:   0,
 		},
diff --git a/controller-utils/vendor/google.golang.org/protobuf/types/known/anypb/any.pb.go b/controller-utils/vendor/google.golang.org/protobuf/types/known/anypb/any.pb.go
index a6c7a33f3..580b232f4 100644
--- a/controller-utils/vendor/google.golang.org/protobuf/types/known/anypb/any.pb.go
+++ b/controller-utils/vendor/google.golang.org/protobuf/types/known/anypb/any.pb.go
@@ -142,39 +142,39 @@ import (
 //
 // Example 2: Pack and unpack a message in Java.
 //
-//	Foo foo = ...;
-//	Any any = Any.pack(foo);
-//	...
-//	if (any.is(Foo.class)) {
-//	  foo = any.unpack(Foo.class);
-//	}
-//	// or ...
-//	if (any.isSameTypeAs(Foo.getDefaultInstance())) {
-//	  foo = any.unpack(Foo.getDefaultInstance());
-//	}
-//
-// Example 3: Pack and unpack a message in Python.
-//
-//	foo = Foo(...)
-//	any = Any()
-//	any.Pack(foo)
-//	...
-//	if any.Is(Foo.DESCRIPTOR):
-//	  any.Unpack(foo)
-//	  ...
-//
-// Example 4: Pack and unpack a message in Go
-//
-//	foo := &pb.Foo{...}
-//	any, err := anypb.New(foo)
-//	if err != nil {
-//	  ...
-//	}
-//	...
-//	foo := &pb.Foo{}
-//	if err := any.UnmarshalTo(foo); err != nil {
-//	  ...
-//	}
+//	   Foo foo = ...;
+//	   Any any = Any.pack(foo);
+//	   ...
+//	   if (any.is(Foo.class)) {
+//	     foo = any.unpack(Foo.class);
+//	   }
+//	   // or ...
+//	   if (any.isSameTypeAs(Foo.getDefaultInstance())) {
+//	     foo = any.unpack(Foo.getDefaultInstance());
+//	   }
+//
+//	Example 3: Pack and unpack a message in Python.
+//
+//	   foo = Foo(...)
+//	   any = Any()
+//	   any.Pack(foo)
+//	   ...
+//	   if any.Is(Foo.DESCRIPTOR):
+//	     any.Unpack(foo)
+//	     ...
+//
+//	Example 4: Pack and unpack a message in Go
+//
+//	    foo := &pb.Foo{...}
+//	    any, err := anypb.New(foo)
+//	    if err != nil {
+//	      ...
+//	    }
+//	    ...
+//	    foo := &pb.Foo{}
+//	    if err := any.UnmarshalTo(foo); err != nil {
+//	      ...
+//	    }
 //
 // The pack methods provided by protobuf library will by default use
 // 'type.googleapis.com/full.type.name' as the type URL and the unpack
@@ -182,8 +182,8 @@ import (
 // in the type URL, for example "foo.bar.com/x/y.z" will yield type
 // name "y.z".
 //
-// # JSON
-//
+// JSON
+// ====
 // The JSON representation of an `Any` value uses the regular
 // representation of the deserialized, embedded message, with an
 // additional field `@type` which contains the type URL. Example:
diff --git a/controller-utils/vendor/google.golang.org/protobuf/types/known/timestamppb/timestamp.pb.go b/controller-utils/vendor/google.golang.org/protobuf/types/known/timestamppb/timestamp.pb.go
index 61f69fc11..81511a336 100644
--- a/controller-utils/vendor/google.golang.org/protobuf/types/known/timestamppb/timestamp.pb.go
+++ b/controller-utils/vendor/google.golang.org/protobuf/types/known/timestamppb/timestamp.pb.go
@@ -167,7 +167,7 @@ import (
 // [`strftime`](https://docs.python.org/2/library/time.html#time.strftime) with
 // the time format spec '%Y-%m-%dT%H:%M:%S.%fZ'. Likewise, in Java, one can use
 // the Joda Time's [`ISODateTimeFormat.dateTime()`](
-// http://www.joda.org/joda-time/apidocs/org/joda/time/format/ISODateTimeFormat.html#dateTime%2D%2D
+// http://joda-time.sourceforge.net/apidocs/org/joda/time/format/ISODateTimeFormat.html#dateTime()
 // ) to obtain a formatter capable of generating timestamps in this format.
 type Timestamp struct {
 	state         protoimpl.MessageState
diff --git a/controller-utils/vendor/modules.txt b/controller-utils/vendor/modules.txt
index 12fa5eacc..3de799b8b 100644
--- a/controller-utils/vendor/modules.txt
+++ b/controller-utils/vendor/modules.txt
@@ -32,8 +32,8 @@ github.com/gardener/landscaper/apis/utils
 # github.com/ghodss/yaml v1.0.0
 ## explicit
 github.com/ghodss/yaml
-# github.com/go-logr/logr v1.2.4
-## explicit; go 1.16
+# github.com/go-logr/logr v1.3.0
+## explicit; go 1.18
 github.com/go-logr/logr
 # github.com/go-logr/zapr v1.2.4
 ## explicit; go 1.16
@@ -72,7 +72,7 @@ github.com/google/gnostic/extensions
 github.com/google/gnostic/jsonschema
 github.com/google/gnostic/openapiv2
 github.com/google/gnostic/openapiv3
-# github.com/google/go-cmp v0.5.9
+# github.com/google/go-cmp v0.6.0
 ## explicit; go 1.13
 github.com/google/go-cmp/cmp
 github.com/google/go-cmp/cmp/internal/diff
@@ -82,7 +82,7 @@ github.com/google/go-cmp/cmp/internal/value
 # github.com/google/gofuzz v1.1.0
 ## explicit; go 1.12
 github.com/google/gofuzz
-# github.com/google/uuid v1.3.0
+# github.com/google/uuid v1.3.1
 ## explicit
 github.com/google/uuid
 # github.com/imdario/mergo v0.3.12
@@ -221,12 +221,12 @@ golang.org/x/net/http/httpguts
 golang.org/x/net/http2
 golang.org/x/net/http2/hpack
 golang.org/x/net/idna
-# golang.org/x/oauth2 v0.7.0
-## explicit; go 1.17
+# golang.org/x/oauth2 v0.11.0
+## explicit; go 1.18
 golang.org/x/oauth2
 golang.org/x/oauth2/internal
-# golang.org/x/sys v0.13.0
-## explicit; go 1.17
+# golang.org/x/sys v0.14.0
+## explicit; go 1.18
 golang.org/x/sys/cpu
 golang.org/x/sys/plan9
 golang.org/x/sys/unix
@@ -271,7 +271,7 @@ google.golang.org/appengine/internal/log
 google.golang.org/appengine/internal/remote_api
 google.golang.org/appengine/internal/urlfetch
 google.golang.org/appengine/urlfetch
-# google.golang.org/protobuf v1.30.0
+# google.golang.org/protobuf v1.31.0
 ## explicit; go 1.11
 google.golang.org/protobuf/encoding/prototext
 google.golang.org/protobuf/encoding/protowire
diff --git a/go.mod b/go.mod
index 54e1fd9f1..254a92904 100644
--- a/go.mod
+++ b/go.mod
@@ -5,13 +5,8 @@ go 1.21
 toolchain go1.21.4
 
 require (
-	github.com/Azure/azure-sdk-for-go v68.0.0+incompatible
 	github.com/Masterminds/sprig/v3 v3.2.3
-	github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d
 	github.com/ahmetb/gen-crd-api-reference-docs v0.3.0
-	github.com/aws/aws-sdk-go v1.44.288
-	github.com/bshuster-repo/logrus-logstash-hook v1.0.0
-	github.com/bugsnag/bugsnag-go v1.0.5-0.20150529004307-13fd6b8acda0
 	github.com/containerd/containerd v1.7.6
 	github.com/denverdino/aliyungo v0.0.0-20190125010748-a747050bb1ba
 	github.com/distribution/reference v0.5.0
@@ -32,8 +27,6 @@ require (
 	github.com/mandelsoft/filepath v0.0.0-20230412200429-36b1eb66bd27
 	github.com/mandelsoft/spiff v1.7.0-beta-5
 	github.com/mandelsoft/vfs v0.0.0-20230713123140-269aa4fb1338
-	github.com/mitchellh/mapstructure v1.5.0
-	github.com/ncw/swift v1.0.47
 	github.com/onsi/ginkgo v1.16.5
 	github.com/onsi/ginkgo/v2 v2.9.5
 	github.com/onsi/gomega v1.27.7
@@ -46,16 +39,11 @@ require (
 	github.com/spf13/cobra v1.8.0
 	github.com/spf13/pflag v1.0.5
 	github.com/xeipuuv/gojsonschema v1.2.0
-	github.com/yvasiyarov/gorelic v0.0.0-20141212073537-a9bba5b9ab50
 	golang.org/x/crypto v0.14.0
 	golang.org/x/lint v0.0.0-20210508222113-6edffad5e616
 	golang.org/x/oauth2 v0.13.0
 	golang.org/x/sync v0.5.0
 	golang.org/x/sys v0.13.0
-	google.golang.org/api v0.128.0
-	google.golang.org/cloud v0.0.0-20151119220103-975617b05ea8
-	gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c
-	gopkg.in/yaml.v2 v2.4.0
 	gopkg.in/yaml.v3 v3.0.1
 	helm.sh/helm/v3 v3.12.2
 	k8s.io/api v0.28.3
@@ -169,6 +157,7 @@ require (
 	github.com/docker/docker-credential-helpers v0.8.0 // indirect
 	github.com/docker/go v1.5.1-1.0.20160303222718-d30aec9fd63c // indirect
 	github.com/docker/go-connections v0.4.0 // indirect
+	github.com/docker/go-metrics v0.0.1 // indirect
 	github.com/docker/go-units v0.5.0 // indirect
 	github.com/drone/envsubst v1.0.3 // indirect
 	github.com/dustin/go-humanize v1.0.1 // indirect
@@ -266,6 +255,7 @@ require (
 	github.com/mitchellh/copystructure v1.2.0 // indirect
 	github.com/mitchellh/go-homedir v1.1.0 // indirect
 	github.com/mitchellh/go-wordwrap v1.0.1 // indirect
+	github.com/mitchellh/mapstructure v1.5.0 // indirect
 	github.com/mitchellh/reflectwalk v1.0.2 // indirect
 	github.com/moby/locker v1.0.1 // indirect
 	github.com/moby/spdystream v0.2.0 // indirect
@@ -334,8 +324,6 @@ require (
 	github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
 	github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
 	github.com/xlab/treeprint v1.1.0 // indirect
-	github.com/yvasiyarov/go-metrics v0.0.0-20140926110328-57bccd1ccd43 // indirect
-	github.com/yvasiyarov/newrelic_platform_go v0.0.0-20140908184405-b21fdbd4370f // indirect
 	github.com/zeebo/errs v1.3.0 // indirect
 	go.mongodb.org/mongo-driver v1.12.1 // indirect
 	go.opencensus.io v0.24.0 // indirect
diff --git a/go.sum b/go.sum
index 0674dc3ec..4ba57b684 100644
--- a/go.sum
+++ b/go.sum
@@ -105,7 +105,6 @@ github.com/Azure/go-autorest/autorest/mocks v0.4.0/go.mod h1:LTp+uSrOhSkaKrUy935
 github.com/Azure/go-autorest/autorest/mocks v0.4.1/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k=
 github.com/Azure/go-autorest/autorest/mocks v0.4.2 h1:PGN4EDXnuQbojHbU0UWoNvmu9AGVwYHG9/fkDYhtAfw=
 github.com/Azure/go-autorest/autorest/mocks v0.4.2/go.mod h1:Vy7OitM9Kei0i1Oj+LvyAWMXJHeKH1MVlzFugfVrmyU=
-github.com/Azure/go-autorest/autorest/to v0.4.0 h1:oXVqrxakqqV1UZdSazDOPOLvOIz+XA683u8EctwboHk=
 github.com/Azure/go-autorest/logger v0.2.0/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8=
 github.com/Azure/go-autorest/logger v0.2.1 h1:IG7i4p/mDa2Ce4TRyAO8IHnVhAVF3RFU+ZtXWSmf4Tg=
 github.com/Azure/go-autorest/logger v0.2.1/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8=
@@ -345,7 +344,6 @@ github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
 github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
 github.com/bitly/go-hostpool v0.1.0/go.mod h1:4gOCgp6+NZnVqlKyZ/iBZFTAJKembaVENUpMkpg42fw=
-github.com/bitly/go-simplejson v0.5.0 h1:6IH+V8/tVMab511d5bn4M7EwGXZf9Hj6i2xSwkNEM+Y=
 github.com/bitly/go-simplejson v0.5.0/go.mod h1:cXHtHw4XUPsvGaxgjIAn8PhEWG9NfngEKAMDJEczWVA=
 github.com/bits-and-blooms/bitset v1.2.0/go.mod h1:gIdJ4wp64HaoK2YrL1Q5/N7Y16edYb8uY+O0FJTyyDA=
 github.com/bketelsen/crypt v0.0.3-0.20200106085610-5cbc8cc4026c/go.mod h1:MKsuJmJgSg28kpZDP6UIiPt0e0Oz0kqKNGyRaWEPv84=
@@ -356,7 +354,6 @@ github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnweb
 github.com/bmizerany/assert v0.0.0-20160611221934-b7ed37b82869/go.mod h1:Ekp36dRnpXw/yCqJaO+ZrUyxD+3VXMFFr56k5XYrpB4=
 github.com/bshuster-repo/logrus-logstash-hook v0.4.1/go.mod h1:zsTqEiSzDgAa/8GZR7E1qaXrhYNDKBYy5/dWPTIflbk=
 github.com/bshuster-repo/logrus-logstash-hook v1.0.0 h1:e+C0SB5R1pu//O4MQ3f9cFuPGoOVeF2fE4Og9otCc70=
-github.com/bshuster-repo/logrus-logstash-hook v1.0.0/go.mod h1:zsTqEiSzDgAa/8GZR7E1qaXrhYNDKBYy5/dWPTIflbk=
 github.com/buger/jsonparser v0.0.0-20180808090653-f4dd9f5a6b44/go.mod h1:bbYlZJ7hK1yFx9hf58LP0zeX7UjIGs20ufpu3evjr+s=
 github.com/buger/jsonparser v1.1.1/go.mod h1:6RYKKt7H4d4+iWqouImQ9R2FZql3VbhNgx27UK13J/0=
 github.com/bugsnag/bugsnag-go v0.0.0-20141110184014-b1d153021fcd/go.mod h1:2oa8nejYd4cQ/b0hMIopN0lCRxU0bueqREvZLWFrtK8=
@@ -592,7 +589,6 @@ github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0 h1:8UrgZ3GkP4i/CLijOJx79Yu+etly
 github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0/go.mod h1:v57UDF4pDQJcEfFUCRop3lJL149eHGSe9Jvczhzjo/0=
 github.com/denisenkom/go-mssqldb v0.0.0-20191128021309-1d7a30a10f73/go.mod h1:xbL0rPBG9cCiLr28tMa8zpbdarY27NDyej4t/EjAShU=
 github.com/denisenkom/go-mssqldb v0.9.0/go.mod h1:xbL0rPBG9cCiLr28tMa8zpbdarY27NDyej4t/EjAShU=
-github.com/denverdino/aliyungo v0.0.0-20190125010748-a747050bb1ba h1:p6poVbjHDkKa+wtC8frBMwQtT3BmqGYBjzMwJ63tuR4=
 github.com/denverdino/aliyungo v0.0.0-20190125010748-a747050bb1ba/go.mod h1:dV8lFg6daOBZbT6/BDGIz6Y3WFGn8juu6G+CQ6LHtl0=
 github.com/depcheck-test/depcheck-test v0.0.0-20220607135614-199033aaa936 h1:foGzavPWwtoyBvjWyKJYDYsyzy+23iBV7NKTwdk+LRY=
 github.com/depcheck-test/depcheck-test v0.0.0-20220607135614-199033aaa936/go.mod h1:ttKPnOepYt4LLzD+loXQ1rT6EmpyIYHro7TAJuIIlHo=
@@ -689,7 +685,6 @@ github.com/fatih/color v1.15.0 h1:kOqh6YHBtK8aywxGerMG2Eq3H6Qgoqeo13Bk2Mv/nBs=
 github.com/fatih/color v1.15.0/go.mod h1:0h5ZqXfHYED7Bhv2ZJamyIOUej9KtShiJESRwBDUSsw=
 github.com/felixge/httpsnoop v1.0.1/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
 github.com/felixge/httpsnoop v1.0.3 h1:s/nj+GCswXYzN5v2DpNMuMQYe+0DDwt5WVCU6CWBdXk=
-github.com/felixge/httpsnoop v1.0.3/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
 github.com/flowstack/go-jsonschema v0.1.1/go.mod h1:yL7fNggx1o8rm9RlgXv7hTBWxdBM0rVwpMwimd3F3N0=
 github.com/fluxcd/pkg/ssa v0.24.1 h1:0dn5FqyYdGa+VuDp5EJrkLbPq5xhhSAAkMgGUeMpOM0=
 github.com/fluxcd/pkg/ssa v0.24.1/go.mod h1:nEOUOwGotBlNZkTkO6GHPlI0U0BmHTavFd1Jk+TzsGw=
@@ -718,7 +713,6 @@ github.com/gardener/component-spec/bindings-go v0.0.95 h1:0h9ZRfWo0d84PkC/reVRXA
 github.com/gardener/component-spec/bindings-go v0.0.95/go.mod h1:qr7kADDXbXB0huul+ih/B43YkwyiMFYQepp/tqJ331c=
 github.com/gardener/image-vector v0.10.0 h1:Ysg3hxfiGUG/doajiZ0nQuUaJYwfO5BZCOcijL3tRuo=
 github.com/gardener/image-vector v0.10.0/go.mod h1:32SHGcbmmueeK9VkawsFcEbsoENXQPIuuYiFBUP+vMQ=
-github.com/garyburd/redigo v0.0.0-20150301180006-535138d7bcd7 h1:LofdAjjjqCSXMwLGgOgnE+rdPuvX9DxCqaHwKy7i/ko=
 github.com/garyburd/redigo v0.0.0-20150301180006-535138d7bcd7/go.mod h1:NR3MbYisc3/PwhQ00EMzDiPmrwpPxAn5GI05/YaO1SY=
 github.com/gertd/go-pluralize v0.2.1 h1:M3uASbVjMnTsPb0PNqg+E/24Vwigyo/tvyMTtAlLgiA=
 github.com/gertd/go-pluralize v0.2.1/go.mod h1:rbYaKDbsXxmRfr8uygAEKhOWsjyrrqrkHVpZvoOp8zk=
@@ -873,8 +867,6 @@ github.com/godbus/dbus/v5 v5.0.6/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5x
 github.com/godbus/dbus/v5 v5.1.0 h1:4KLkAxT3aOY8Li4FRJe/KvhoNFFxo0m6fNuFUO8QJUk=
 github.com/godbus/dbus/v5 v5.1.0/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
 github.com/godror/godror v0.24.2/go.mod h1:wZv/9vPiUib6tkoDl+AZ/QLf5YZgMravZ7jxH2eQWAE=
-github.com/gofrs/uuid v4.4.0+incompatible h1:3qXRTX8/NbyulANqlc0lchS1gqAVxRgsuW1YrTJupqA=
-github.com/gofrs/uuid v4.4.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM=
 github.com/gogo/googleapis v1.2.0/go.mod h1:Njal3psf3qN6dwBtQfUmBZh2ybovJ0tlu3o/AC7HYjU=
 github.com/gogo/googleapis v1.4.0/go.mod h1:5YRNX2z1oM5gXdAkurHa942MDgEJyk02w4OecKY87+c=
 github.com/gogo/protobuf v1.0.0/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
@@ -1024,7 +1016,6 @@ github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORR
 github.com/gopherjs/gopherjs v0.0.0-20200217142428-fce0ec30dd00/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
 github.com/gorilla/handlers v0.0.0-20150720190736-60c7bfde3e33/go.mod h1:Qkdc/uu4tH4g6mTK6auzZ766c4CA0Ng8+o/OAirnOIQ=
 github.com/gorilla/handlers v1.5.1 h1:9lRY6j8DEeeBT10CvO9hGW0gmky0BprnvDI5vfhUHH4=
-github.com/gorilla/handlers v1.5.1/go.mod h1:t8XrUpc4KVXb7HGyJ4/cEnwQiaxrX/hz1Zv/4g96P1Q=
 github.com/gorilla/mux v1.7.0/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs=
 github.com/gorilla/mux v1.7.2/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs=
 github.com/gorilla/mux v1.7.3/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs=
@@ -1163,7 +1154,6 @@ github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHm
 github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=
 github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk=
 github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
-github.com/juju/loggo v0.0.0-20190526231331-6e530bcce5d8 h1:UUHMLvzt/31azWTN/ifGWef4WUqvXk0iRqdhdy/2uzI=
 github.com/juju/loggo v0.0.0-20190526231331-6e530bcce5d8/go.mod h1:vgyd7OREkbtVEN/8IXZe5Ooef3LQePvuBm9UWj6ZL8U=
 github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
 github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM=
@@ -1375,7 +1365,6 @@ github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8m
 github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
 github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
 github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw=
-github.com/ncw/swift v1.0.47 h1:4DQRPj35Y41WogBxyhOXlrI37nzGlyEcsforeudyYPQ=
 github.com/ncw/swift v1.0.47/go.mod h1:23YIA4yWVnGwv2dQlN4bB7egfYX6YLn0Yo/S6zZO/ZM=
 github.com/nelsam/hel/v2 v2.3.2/go.mod h1:1ZTGfU2PFTOd5mx22i5O0Lc2GY933lQ2wb/ggy+rL3w=
 github.com/nelsam/hel/v2 v2.3.3/go.mod h1:1ZTGfU2PFTOd5mx22i5O0Lc2GY933lQ2wb/ggy+rL3w=
@@ -1564,7 +1553,6 @@ github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTE
 github.com/rogpeppe/go-internal v1.8.0/go.mod h1:WmiCO8CzOY8rg0OYDC4/i/2WRWAB6poM+XZ2dLUbcbE=
 github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs=
 github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ=
-github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog=
 github.com/rubenv/sql-migrate v1.3.1 h1:Vx+n4Du8X8VTYuXbhNxdEUoh6wiJERA0GlWocR5FrbA=
 github.com/rubenv/sql-migrate v1.3.1/go.mod h1:YzG/Vh82CwyhTFXy+Mf5ahAiiEOpAlHurg+23VEzcsk=
 github.com/russross/blackfriday v1.6.0/go.mod h1:ti0ldHuxg49ri4ksnFxlkCfN+hvslNlmVHqNRXXJNAY=
@@ -2059,7 +2047,6 @@ golang.org/x/net v0.0.0-20211216030914-fe4d6282115f/go.mod h1:9nx3DQGgdP8bBQD5qx
 golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
 golang.org/x/net v0.0.0-20220607020251-c690dde0001d/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
-golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco=
 golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
 golang.org/x/net v0.3.0/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE=
 golang.org/x/net v0.5.0/go.mod h1:DivGGAXEgPSlEBzxGzZI+ZLohi+xUj054jfeKui00ws=
@@ -2219,7 +2206,6 @@ golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20221013171732-95e765b1cc43/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.4.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
@@ -2235,7 +2221,6 @@ golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d/go.mod h1:bj7SfCRtBDWHUb9sn
 golang.org/x/term v0.0.0-20210615171337-6886f2dfbf5b/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.0.0-20220526004731-065cf7ba2467/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
-golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
 golang.org/x/term v0.3.0/go.mod h1:q750SLmJuPmVoN1blW3UFBPREJfb1KmY3vwxfr+nFDA=
 golang.org/x/term v0.4.0/go.mod h1:9P2UbLfCdcvo3p/nzKvsmas4TnlujnuoV9hGgYzW1lQ=
@@ -2657,8 +2642,6 @@ k8s.io/utils v0.0.0-20230726121419-3b25d923346b/go.mod h1:OLgZIPagt7ERELqWJFomSt
 oras.land/oras-go v1.2.4 h1:djpBY2/2Cs1PV87GSJlxv4voajVOMZxqqtq9AB8YNvY=
 oras.land/oras-go v1.2.4/go.mod h1:DYcGfb3YF1nKjcezfX2SNlDAeQFKSXmf+qrFmrh4324=
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
-rsc.io/letsencrypt v0.0.3 h1:H7xDfhkaFFSYEJlKeq38RwX2jYcnTeHuDQyT+mMNMwM=
-rsc.io/letsencrypt v0.0.3/go.mod h1:buyQKZ6IXrRnB7TdkHP0RyEybLx18HHyOSoTyoOLqNY=
 rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
 rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
 sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.14/go.mod h1:LEScyzhFmoF5pso/YSeBstl57mOzx9xlU9n85RGrDQg=
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/storage/README.md b/vendor/github.com/Azure/azure-sdk-for-go/storage/README.md
deleted file mode 100644
index 7e83a5c08..000000000
--- a/vendor/github.com/Azure/azure-sdk-for-go/storage/README.md
+++ /dev/null
@@ -1,23 +0,0 @@
-# Azure Storage SDK for Go (Preview)
-
-:exclamation: IMPORTANT: This package is in maintenance only and will be deprecated in the
-future. Please use one of the following packages instead.
-
-| Service | Import Path/Repo |
-|---------|------------------|
-| Storage - Blobs | [github.com/Azure/azure-sdk-for-go/sdk/storage/azblob](https://github.com/Azure/azure-sdk-for-go/tree/main/sdk/storage/azblob) |
-| Storage - Files | [github.com/Azure/azure-storage-file-go](https://github.com/Azure/azure-storage-file-go) |
-| Storage - Queues | [github.com/Azure/azure-storage-queue-go](https://github.com/Azure/azure-storage-queue-go) |
-| Storage - Tables | [github.com/Azure/azure-sdk-for-go/sdk/data/aztables](https://github.com/Azure/azure-sdk-for-go/tree/main/sdk/data/aztables)
-
-The `github.com/Azure/azure-sdk-for-go/storage` package is used to manage
-[Azure Storage](https://docs.microsoft.com/azure/storage/) data plane
-resources: containers, blobs, tables, and queues.
-
-To manage storage *accounts* use Azure Resource Manager (ARM) via the packages
-at [github.com/Azure/azure-sdk-for-go/services/storage](https://github.com/Azure/azure-sdk-for-go/tree/main/services/storage).
-
-This package also supports the [Azure Storage
-Emulator](https://azure.microsoft.com/documentation/articles/storage-use-emulator/)
-(Windows only).
-
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/storage/appendblob.go b/vendor/github.com/Azure/azure-sdk-for-go/storage/appendblob.go
deleted file mode 100644
index 306dd1b71..000000000
--- a/vendor/github.com/Azure/azure-sdk-for-go/storage/appendblob.go
+++ /dev/null
@@ -1,79 +0,0 @@
-package storage
-
-// Copyright (c) Microsoft Corporation. All rights reserved.
-// Licensed under the MIT License. See License.txt in the project root for license information.
-
-import (
-	"bytes"
-	"crypto/md5"
-	"encoding/base64"
-	"fmt"
-	"net/http"
-	"net/url"
-	"time"
-)
-
-// PutAppendBlob initializes an empty append blob with specified name. An
-// append blob must be created using this method before appending blocks.
-//
-// See CreateBlockBlobFromReader for more info on creating blobs.
-//
-// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/Put-Blob
-func (b *Blob) PutAppendBlob(options *PutBlobOptions) error {
-	params := url.Values{}
-	headers := b.Container.bsc.client.getStandardHeaders()
-	headers["x-ms-blob-type"] = string(BlobTypeAppend)
-	headers = mergeHeaders(headers, headersFromStruct(b.Properties))
-	headers = b.Container.bsc.client.addMetadataToHeaders(headers, b.Metadata)
-
-	if options != nil {
-		params = addTimeout(params, options.Timeout)
-		headers = mergeHeaders(headers, headersFromStruct(*options))
-	}
-	uri := b.Container.bsc.client.getEndpoint(blobServiceName, b.buildPath(), params)
-
-	resp, err := b.Container.bsc.client.exec(http.MethodPut, uri, headers, nil, b.Container.bsc.auth)
-	if err != nil {
-		return err
-	}
-	return b.respondCreation(resp, BlobTypeAppend)
-}
-
-// AppendBlockOptions includes the options for an append block operation
-type AppendBlockOptions struct {
-	Timeout           uint
-	LeaseID           string     `header:"x-ms-lease-id"`
-	MaxSize           *uint      `header:"x-ms-blob-condition-maxsize"`
-	AppendPosition    *uint      `header:"x-ms-blob-condition-appendpos"`
-	IfModifiedSince   *time.Time `header:"If-Modified-Since"`
-	IfUnmodifiedSince *time.Time `header:"If-Unmodified-Since"`
-	IfMatch           string     `header:"If-Match"`
-	IfNoneMatch       string     `header:"If-None-Match"`
-	RequestID         string     `header:"x-ms-client-request-id"`
-	ContentMD5        bool
-}
-
-// AppendBlock appends a block to an append blob.
-//
-// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/Append-Block
-func (b *Blob) AppendBlock(chunk []byte, options *AppendBlockOptions) error {
-	params := url.Values{"comp": {"appendblock"}}
-	headers := b.Container.bsc.client.getStandardHeaders()
-	headers["Content-Length"] = fmt.Sprintf("%v", len(chunk))
-
-	if options != nil {
-		params = addTimeout(params, options.Timeout)
-		headers = mergeHeaders(headers, headersFromStruct(*options))
-		if options.ContentMD5 {
-			md5sum := md5.Sum(chunk)
-			headers[headerContentMD5] = base64.StdEncoding.EncodeToString(md5sum[:])
-		}
-	}
-	uri := b.Container.bsc.client.getEndpoint(blobServiceName, b.buildPath(), params)
-
-	resp, err := b.Container.bsc.client.exec(http.MethodPut, uri, headers, bytes.NewReader(chunk), b.Container.bsc.auth)
-	if err != nil {
-		return err
-	}
-	return b.respondCreation(resp, BlobTypeAppend)
-}
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/storage/authorization.go b/vendor/github.com/Azure/azure-sdk-for-go/storage/authorization.go
deleted file mode 100644
index 01741524a..000000000
--- a/vendor/github.com/Azure/azure-sdk-for-go/storage/authorization.go
+++ /dev/null
@@ -1,235 +0,0 @@
-// Package storage provides clients for Microsoft Azure Storage Services.
-package storage
-
-// Copyright (c) Microsoft Corporation. All rights reserved.
-// Licensed under the MIT License. See License.txt in the project root for license information.
-
-import (
-	"bytes"
-	"fmt"
-	"net/url"
-	"sort"
-	"strings"
-)
-
-// See: https://docs.microsoft.com/rest/api/storageservices/fileservices/authentication-for-the-azure-storage-services
-
-type authentication string
-
-const (
-	sharedKey             authentication = "sharedKey"
-	sharedKeyForTable     authentication = "sharedKeyTable"
-	sharedKeyLite         authentication = "sharedKeyLite"
-	sharedKeyLiteForTable authentication = "sharedKeyLiteTable"
-
-	// headers
-	headerAcceptCharset           = "Accept-Charset"
-	headerAuthorization           = "Authorization"
-	headerContentLength           = "Content-Length"
-	headerDate                    = "Date"
-	headerXmsDate                 = "x-ms-date"
-	headerXmsVersion              = "x-ms-version"
-	headerContentEncoding         = "Content-Encoding"
-	headerContentLanguage         = "Content-Language"
-	headerContentType             = "Content-Type"
-	headerContentMD5              = "Content-MD5"
-	headerIfModifiedSince         = "If-Modified-Since"
-	headerIfMatch                 = "If-Match"
-	headerIfNoneMatch             = "If-None-Match"
-	headerIfUnmodifiedSince       = "If-Unmodified-Since"
-	headerRange                   = "Range"
-	headerDataServiceVersion      = "DataServiceVersion"
-	headerMaxDataServiceVersion   = "MaxDataServiceVersion"
-	headerContentTransferEncoding = "Content-Transfer-Encoding"
-)
-
-func (c *Client) addAuthorizationHeader(verb, url string, headers map[string]string, auth authentication) (map[string]string, error) {
-	if !c.sasClient {
-		authHeader, err := c.getSharedKey(verb, url, headers, auth)
-		if err != nil {
-			return nil, err
-		}
-		headers[headerAuthorization] = authHeader
-	}
-	return headers, nil
-}
-
-func (c *Client) getSharedKey(verb, url string, headers map[string]string, auth authentication) (string, error) {
-	canRes, err := c.buildCanonicalizedResource(url, auth, false)
-	if err != nil {
-		return "", err
-	}
-
-	canString, err := buildCanonicalizedString(verb, headers, canRes, auth)
-	if err != nil {
-		return "", err
-	}
-	return c.createAuthorizationHeader(canString, auth), nil
-}
-
-func (c *Client) buildCanonicalizedResource(uri string, auth authentication, sas bool) (string, error) {
-	errMsg := "buildCanonicalizedResource error: %s"
-	u, err := url.Parse(uri)
-	if err != nil {
-		return "", fmt.Errorf(errMsg, err.Error())
-	}
-
-	cr := bytes.NewBufferString("")
-	if c.accountName != StorageEmulatorAccountName || !sas {
-		cr.WriteString("/")
-		cr.WriteString(c.getCanonicalizedAccountName())
-	}
-
-	if len(u.Path) > 0 {
-		// Any portion of the CanonicalizedResource string that is derived from
-		// the resource's URI should be encoded exactly as it is in the URI.
-		// -- https://msdn.microsoft.com/en-gb/library/azure/dd179428.aspx
-		cr.WriteString(u.EscapedPath())
-	}
-
-	params, err := url.ParseQuery(u.RawQuery)
-	if err != nil {
-		return "", fmt.Errorf(errMsg, err.Error())
-	}
-
-	// See https://github.com/Azure/azure-storage-net/blob/master/Lib/Common/Core/Util/AuthenticationUtility.cs#L277
-	if auth == sharedKey {
-		if len(params) > 0 {
-			cr.WriteString("\n")
-
-			keys := []string{}
-			for key := range params {
-				keys = append(keys, key)
-			}
-			sort.Strings(keys)
-
-			completeParams := []string{}
-			for _, key := range keys {
-				if len(params[key]) > 1 {
-					sort.Strings(params[key])
-				}
-
-				completeParams = append(completeParams, fmt.Sprintf("%s:%s", key, strings.Join(params[key], ",")))
-			}
-			cr.WriteString(strings.Join(completeParams, "\n"))
-		}
-	} else {
-		// search for "comp" parameter, if exists then add it to canonicalizedresource
-		if v, ok := params["comp"]; ok {
-			cr.WriteString("?comp=" + v[0])
-		}
-	}
-
-	return string(cr.Bytes()), nil
-}
-
-func (c *Client) getCanonicalizedAccountName() string {
-	// since we may be trying to access a secondary storage account, we need to
-	// remove the -secondary part of the storage name
-	return strings.TrimSuffix(c.accountName, "-secondary")
-}
-
-func buildCanonicalizedString(verb string, headers map[string]string, canonicalizedResource string, auth authentication) (string, error) {
-	contentLength := headers[headerContentLength]
-	if contentLength == "0" {
-		contentLength = ""
-	}
-	date := headers[headerDate]
-	if v, ok := headers[headerXmsDate]; ok {
-		if auth == sharedKey || auth == sharedKeyLite {
-			date = ""
-		} else {
-			date = v
-		}
-	}
-	var canString string
-	switch auth {
-	case sharedKey:
-		canString = strings.Join([]string{
-			verb,
-			headers[headerContentEncoding],
-			headers[headerContentLanguage],
-			contentLength,
-			headers[headerContentMD5],
-			headers[headerContentType],
-			date,
-			headers[headerIfModifiedSince],
-			headers[headerIfMatch],
-			headers[headerIfNoneMatch],
-			headers[headerIfUnmodifiedSince],
-			headers[headerRange],
-			buildCanonicalizedHeader(headers),
-			canonicalizedResource,
-		}, "\n")
-	case sharedKeyForTable:
-		canString = strings.Join([]string{
-			verb,
-			headers[headerContentMD5],
-			headers[headerContentType],
-			date,
-			canonicalizedResource,
-		}, "\n")
-	case sharedKeyLite:
-		canString = strings.Join([]string{
-			verb,
-			headers[headerContentMD5],
-			headers[headerContentType],
-			date,
-			buildCanonicalizedHeader(headers),
-			canonicalizedResource,
-		}, "\n")
-	case sharedKeyLiteForTable:
-		canString = strings.Join([]string{
-			date,
-			canonicalizedResource,
-		}, "\n")
-	default:
-		return "", fmt.Errorf("%s authentication is not supported yet", auth)
-	}
-	return canString, nil
-}
-
-func buildCanonicalizedHeader(headers map[string]string) string {
-	cm := make(map[string]string)
-
-	for k, v := range headers {
-		headerName := strings.TrimSpace(strings.ToLower(k))
-		if strings.HasPrefix(headerName, "x-ms-") {
-			cm[headerName] = v
-		}
-	}
-
-	if len(cm) == 0 {
-		return ""
-	}
-
-	keys := []string{}
-	for key := range cm {
-		keys = append(keys, key)
-	}
-
-	sort.Strings(keys)
-
-	ch := bytes.NewBufferString("")
-
-	for _, key := range keys {
-		ch.WriteString(key)
-		ch.WriteRune(':')
-		ch.WriteString(cm[key])
-		ch.WriteRune('\n')
-	}
-
-	return strings.TrimSuffix(string(ch.Bytes()), "\n")
-}
-
-func (c *Client) createAuthorizationHeader(canonicalizedString string, auth authentication) string {
-	signature := c.computeHmac256(canonicalizedString)
-	var key string
-	switch auth {
-	case sharedKey, sharedKeyForTable:
-		key = "SharedKey"
-	case sharedKeyLite, sharedKeyLiteForTable:
-		key = "SharedKeyLite"
-	}
-	return fmt.Sprintf("%s %s:%s", key, c.getCanonicalizedAccountName(), signature)
-}
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/storage/blob.go b/vendor/github.com/Azure/azure-sdk-for-go/storage/blob.go
deleted file mode 100644
index 462e3dcf2..000000000
--- a/vendor/github.com/Azure/azure-sdk-for-go/storage/blob.go
+++ /dev/null
@@ -1,621 +0,0 @@
-package storage
-
-// Copyright (c) Microsoft Corporation. All rights reserved.
-// Licensed under the MIT License. See License.txt in the project root for license information.
-
-import (
-	"encoding/xml"
-	"errors"
-	"fmt"
-	"io"
-	"net/http"
-	"net/url"
-	"strconv"
-	"strings"
-	"time"
-)
-
-// A Blob is an entry in BlobListResponse.
-type Blob struct {
-	Container  *Container
-	Name       string         `xml:"Name"`
-	Snapshot   time.Time      `xml:"Snapshot"`
-	Properties BlobProperties `xml:"Properties"`
-	Metadata   BlobMetadata   `xml:"Metadata"`
-}
-
-// PutBlobOptions includes the options any put blob operation
-// (page, block, append)
-type PutBlobOptions struct {
-	Timeout           uint
-	LeaseID           string     `header:"x-ms-lease-id"`
-	Origin            string     `header:"Origin"`
-	IfModifiedSince   *time.Time `header:"If-Modified-Since"`
-	IfUnmodifiedSince *time.Time `header:"If-Unmodified-Since"`
-	IfMatch           string     `header:"If-Match"`
-	IfNoneMatch       string     `header:"If-None-Match"`
-	RequestID         string     `header:"x-ms-client-request-id"`
-}
-
-// BlobMetadata is a set of custom name/value pairs.
-//
-// See https://msdn.microsoft.com/en-us/library/azure/dd179404.aspx
-type BlobMetadata map[string]string
-
-type blobMetadataEntries struct {
-	Entries []blobMetadataEntry `xml:",any"`
-}
-type blobMetadataEntry struct {
-	XMLName xml.Name
-	Value   string `xml:",chardata"`
-}
-
-// UnmarshalXML converts the xml:Metadata into Metadata map
-func (bm *BlobMetadata) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error {
-	var entries blobMetadataEntries
-	if err := d.DecodeElement(&entries, &start); err != nil {
-		return err
-	}
-	for _, entry := range entries.Entries {
-		if *bm == nil {
-			*bm = make(BlobMetadata)
-		}
-		(*bm)[strings.ToLower(entry.XMLName.Local)] = entry.Value
-	}
-	return nil
-}
-
-// MarshalXML implements the xml.Marshaler interface. It encodes
-// metadata name/value pairs as they would appear in an Azure
-// ListBlobs response.
-func (bm BlobMetadata) MarshalXML(enc *xml.Encoder, start xml.StartElement) error {
-	entries := make([]blobMetadataEntry, 0, len(bm))
-	for k, v := range bm {
-		entries = append(entries, blobMetadataEntry{
-			XMLName: xml.Name{Local: http.CanonicalHeaderKey(k)},
-			Value:   v,
-		})
-	}
-	return enc.EncodeElement(blobMetadataEntries{
-		Entries: entries,
-	}, start)
-}
-
-// BlobProperties contains various properties of a blob
-// returned in various endpoints like ListBlobs or GetBlobProperties.
-type BlobProperties struct {
-	LastModified          TimeRFC1123 `xml:"Last-Modified"`
-	Etag                  string      `xml:"Etag"`
-	ContentMD5            string      `xml:"Content-MD5" header:"x-ms-blob-content-md5"`
-	ContentLength         int64       `xml:"Content-Length"`
-	ContentType           string      `xml:"Content-Type" header:"x-ms-blob-content-type"`
-	ContentEncoding       string      `xml:"Content-Encoding" header:"x-ms-blob-content-encoding"`
-	CacheControl          string      `xml:"Cache-Control" header:"x-ms-blob-cache-control"`
-	ContentLanguage       string      `xml:"Cache-Language" header:"x-ms-blob-content-language"`
-	ContentDisposition    string      `xml:"Content-Disposition" header:"x-ms-blob-content-disposition"`
-	BlobType              BlobType    `xml:"BlobType"`
-	SequenceNumber        int64       `xml:"x-ms-blob-sequence-number"`
-	CopyID                string      `xml:"CopyId"`
-	CopyStatus            string      `xml:"CopyStatus"`
-	CopySource            string      `xml:"CopySource"`
-	CopyProgress          string      `xml:"CopyProgress"`
-	CopyCompletionTime    TimeRFC1123 `xml:"CopyCompletionTime"`
-	CopyStatusDescription string      `xml:"CopyStatusDescription"`
-	LeaseStatus           string      `xml:"LeaseStatus"`
-	LeaseState            string      `xml:"LeaseState"`
-	LeaseDuration         string      `xml:"LeaseDuration"`
-	ServerEncrypted       bool        `xml:"ServerEncrypted"`
-	IncrementalCopy       bool        `xml:"IncrementalCopy"`
-}
-
-// BlobType defines the type of the Azure Blob.
-type BlobType string
-
-// Types of page blobs
-const (
-	BlobTypeBlock  BlobType = "BlockBlob"
-	BlobTypePage   BlobType = "PageBlob"
-	BlobTypeAppend BlobType = "AppendBlob"
-)
-
-func (b *Blob) buildPath() string {
-	return b.Container.buildPath() + "/" + b.Name
-}
-
-// Exists returns true if a blob with given name exists on the specified
-// container of the storage account.
-func (b *Blob) Exists() (bool, error) {
-	uri := b.Container.bsc.client.getEndpoint(blobServiceName, b.buildPath(), nil)
-	headers := b.Container.bsc.client.getStandardHeaders()
-	resp, err := b.Container.bsc.client.exec(http.MethodHead, uri, headers, nil, b.Container.bsc.auth)
-	if resp != nil {
-		defer drainRespBody(resp)
-		if resp.StatusCode == http.StatusOK || resp.StatusCode == http.StatusNotFound {
-			return resp.StatusCode == http.StatusOK, nil
-		}
-	}
-	return false, err
-}
-
-// GetURL gets the canonical URL to the blob with the specified name in the
-// specified container.
-// This method does not create a publicly accessible URL if the blob or container
-// is private and this method does not check if the blob exists.
-func (b *Blob) GetURL() string {
-	container := b.Container.Name
-	if container == "" {
-		container = "$root"
-	}
-	return b.Container.bsc.client.getEndpoint(blobServiceName, pathForResource(container, b.Name), nil)
-}
-
-// GetBlobRangeOptions includes the options for a get blob range operation
-type GetBlobRangeOptions struct {
-	Range              *BlobRange
-	GetRangeContentMD5 bool
-	*GetBlobOptions
-}
-
-// GetBlobOptions includes the options for a get blob operation
-type GetBlobOptions struct {
-	Timeout           uint
-	Snapshot          *time.Time
-	LeaseID           string     `header:"x-ms-lease-id"`
-	Origin            string     `header:"Origin"`
-	IfModifiedSince   *time.Time `header:"If-Modified-Since"`
-	IfUnmodifiedSince *time.Time `header:"If-Unmodified-Since"`
-	IfMatch           string     `header:"If-Match"`
-	IfNoneMatch       string     `header:"If-None-Match"`
-	RequestID         string     `header:"x-ms-client-request-id"`
-}
-
-// BlobRange represents the bytes range to be get
-type BlobRange struct {
-	Start uint64
-	End   uint64
-}
-
-func (br BlobRange) String() string {
-	if br.End == 0 {
-		return fmt.Sprintf("bytes=%d-", br.Start)
-	}
-	return fmt.Sprintf("bytes=%d-%d", br.Start, br.End)
-}
-
-// Get returns a stream to read the blob. Caller must call both Read and Close()
-// to correctly close the underlying connection.
-//
-// See the GetRange method for use with a Range header.
-//
-// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/Get-Blob
-func (b *Blob) Get(options *GetBlobOptions) (io.ReadCloser, error) {
-	rangeOptions := GetBlobRangeOptions{
-		GetBlobOptions: options,
-	}
-	resp, err := b.getRange(&rangeOptions)
-	if err != nil {
-		return nil, err
-	}
-
-	if err := checkRespCode(resp, []int{http.StatusOK}); err != nil {
-		return nil, err
-	}
-	if err := b.writeProperties(resp.Header, true); err != nil {
-		return resp.Body, err
-	}
-	return resp.Body, nil
-}
-
-// GetRange reads the specified range of a blob to a stream. The bytesRange
-// string must be in a format like "0-", "10-100" as defined in HTTP 1.1 spec.
-// Caller must call both Read and Close()// to correctly close the underlying
-// connection.
-// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/Get-Blob
-func (b *Blob) GetRange(options *GetBlobRangeOptions) (io.ReadCloser, error) {
-	resp, err := b.getRange(options)
-	if err != nil {
-		return nil, err
-	}
-
-	if err := checkRespCode(resp, []int{http.StatusPartialContent}); err != nil {
-		return nil, err
-	}
-	// Content-Length header should not be updated, as the service returns the range length
-	// (which is not alwys the full blob length)
-	if err := b.writeProperties(resp.Header, false); err != nil {
-		return resp.Body, err
-	}
-	return resp.Body, nil
-}
-
-func (b *Blob) getRange(options *GetBlobRangeOptions) (*http.Response, error) {
-	params := url.Values{}
-	headers := b.Container.bsc.client.getStandardHeaders()
-
-	if options != nil {
-		if options.Range != nil {
-			headers["Range"] = options.Range.String()
-			if options.GetRangeContentMD5 {
-				headers["x-ms-range-get-content-md5"] = "true"
-			}
-		}
-		if options.GetBlobOptions != nil {
-			headers = mergeHeaders(headers, headersFromStruct(*options.GetBlobOptions))
-			params = addTimeout(params, options.Timeout)
-			params = addSnapshot(params, options.Snapshot)
-		}
-	}
-	uri := b.Container.bsc.client.getEndpoint(blobServiceName, b.buildPath(), params)
-
-	resp, err := b.Container.bsc.client.exec(http.MethodGet, uri, headers, nil, b.Container.bsc.auth)
-	if err != nil {
-		return nil, err
-	}
-	return resp, err
-}
-
-// SnapshotOptions includes the options for a snapshot blob operation
-type SnapshotOptions struct {
-	Timeout           uint
-	LeaseID           string     `header:"x-ms-lease-id"`
-	IfModifiedSince   *time.Time `header:"If-Modified-Since"`
-	IfUnmodifiedSince *time.Time `header:"If-Unmodified-Since"`
-	IfMatch           string     `header:"If-Match"`
-	IfNoneMatch       string     `header:"If-None-Match"`
-	RequestID         string     `header:"x-ms-client-request-id"`
-}
-
-// CreateSnapshot creates a snapshot for a blob
-// See https://msdn.microsoft.com/en-us/library/azure/ee691971.aspx
-func (b *Blob) CreateSnapshot(options *SnapshotOptions) (snapshotTimestamp *time.Time, err error) {
-	params := url.Values{"comp": {"snapshot"}}
-	headers := b.Container.bsc.client.getStandardHeaders()
-	headers = b.Container.bsc.client.addMetadataToHeaders(headers, b.Metadata)
-
-	if options != nil {
-		params = addTimeout(params, options.Timeout)
-		headers = mergeHeaders(headers, headersFromStruct(*options))
-	}
-	uri := b.Container.bsc.client.getEndpoint(blobServiceName, b.buildPath(), params)
-
-	resp, err := b.Container.bsc.client.exec(http.MethodPut, uri, headers, nil, b.Container.bsc.auth)
-	if err != nil || resp == nil {
-		return nil, err
-	}
-	defer drainRespBody(resp)
-
-	if err := checkRespCode(resp, []int{http.StatusCreated}); err != nil {
-		return nil, err
-	}
-
-	snapshotResponse := resp.Header.Get(http.CanonicalHeaderKey("x-ms-snapshot"))
-	if snapshotResponse != "" {
-		snapshotTimestamp, err := time.Parse(time.RFC3339, snapshotResponse)
-		if err != nil {
-			return nil, err
-		}
-		return &snapshotTimestamp, nil
-	}
-
-	return nil, errors.New("Snapshot not created")
-}
-
-// GetBlobPropertiesOptions includes the options for a get blob properties operation
-type GetBlobPropertiesOptions struct {
-	Timeout           uint
-	Snapshot          *time.Time
-	LeaseID           string     `header:"x-ms-lease-id"`
-	IfModifiedSince   *time.Time `header:"If-Modified-Since"`
-	IfUnmodifiedSince *time.Time `header:"If-Unmodified-Since"`
-	IfMatch           string     `header:"If-Match"`
-	IfNoneMatch       string     `header:"If-None-Match"`
-	RequestID         string     `header:"x-ms-client-request-id"`
-}
-
-// GetProperties provides various information about the specified blob.
-// See https://msdn.microsoft.com/en-us/library/azure/dd179394.aspx
-func (b *Blob) GetProperties(options *GetBlobPropertiesOptions) error {
-	params := url.Values{}
-	headers := b.Container.bsc.client.getStandardHeaders()
-
-	if options != nil {
-		params = addTimeout(params, options.Timeout)
-		params = addSnapshot(params, options.Snapshot)
-		headers = mergeHeaders(headers, headersFromStruct(*options))
-	}
-	uri := b.Container.bsc.client.getEndpoint(blobServiceName, b.buildPath(), params)
-
-	resp, err := b.Container.bsc.client.exec(http.MethodHead, uri, headers, nil, b.Container.bsc.auth)
-	if err != nil {
-		return err
-	}
-	defer drainRespBody(resp)
-
-	if err = checkRespCode(resp, []int{http.StatusOK}); err != nil {
-		return err
-	}
-	return b.writeProperties(resp.Header, true)
-}
-
-func (b *Blob) writeProperties(h http.Header, includeContentLen bool) error {
-	var err error
-
-	contentLength := b.Properties.ContentLength
-	if includeContentLen {
-		contentLengthStr := h.Get("Content-Length")
-		if contentLengthStr != "" {
-			contentLength, err = strconv.ParseInt(contentLengthStr, 0, 64)
-			if err != nil {
-				return err
-			}
-		}
-	}
-
-	var sequenceNum int64
-	sequenceNumStr := h.Get("x-ms-blob-sequence-number")
-	if sequenceNumStr != "" {
-		sequenceNum, err = strconv.ParseInt(sequenceNumStr, 0, 64)
-		if err != nil {
-			return err
-		}
-	}
-
-	lastModified, err := getTimeFromHeaders(h, "Last-Modified")
-	if err != nil {
-		return err
-	}
-
-	copyCompletionTime, err := getTimeFromHeaders(h, "x-ms-copy-completion-time")
-	if err != nil {
-		return err
-	}
-
-	b.Properties = BlobProperties{
-		LastModified:          TimeRFC1123(*lastModified),
-		Etag:                  h.Get("Etag"),
-		ContentMD5:            h.Get("Content-MD5"),
-		ContentLength:         contentLength,
-		ContentEncoding:       h.Get("Content-Encoding"),
-		ContentType:           h.Get("Content-Type"),
-		ContentDisposition:    h.Get("Content-Disposition"),
-		CacheControl:          h.Get("Cache-Control"),
-		ContentLanguage:       h.Get("Content-Language"),
-		SequenceNumber:        sequenceNum,
-		CopyCompletionTime:    TimeRFC1123(*copyCompletionTime),
-		CopyStatusDescription: h.Get("x-ms-copy-status-description"),
-		CopyID:                h.Get("x-ms-copy-id"),
-		CopyProgress:          h.Get("x-ms-copy-progress"),
-		CopySource:            h.Get("x-ms-copy-source"),
-		CopyStatus:            h.Get("x-ms-copy-status"),
-		BlobType:              BlobType(h.Get("x-ms-blob-type")),
-		LeaseStatus:           h.Get("x-ms-lease-status"),
-		LeaseState:            h.Get("x-ms-lease-state"),
-	}
-	b.writeMetadata(h)
-	return nil
-}
-
-// SetBlobPropertiesOptions contains various properties of a blob and is an entry
-// in SetProperties
-type SetBlobPropertiesOptions struct {
-	Timeout              uint
-	LeaseID              string     `header:"x-ms-lease-id"`
-	Origin               string     `header:"Origin"`
-	IfModifiedSince      *time.Time `header:"If-Modified-Since"`
-	IfUnmodifiedSince    *time.Time `header:"If-Unmodified-Since"`
-	IfMatch              string     `header:"If-Match"`
-	IfNoneMatch          string     `header:"If-None-Match"`
-	SequenceNumberAction *SequenceNumberAction
-	RequestID            string `header:"x-ms-client-request-id"`
-}
-
-// SequenceNumberAction defines how the blob's sequence number should be modified
-type SequenceNumberAction string
-
-// Options for sequence number action
-const (
-	SequenceNumberActionMax       SequenceNumberAction = "max"
-	SequenceNumberActionUpdate    SequenceNumberAction = "update"
-	SequenceNumberActionIncrement SequenceNumberAction = "increment"
-)
-
-// SetProperties replaces the BlobHeaders for the specified blob.
-//
-// Some keys may be converted to Camel-Case before sending. All keys
-// are returned in lower case by GetBlobProperties. HTTP header names
-// are case-insensitive so case munging should not matter to other
-// applications either.
-//
-// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/Set-Blob-Properties
-func (b *Blob) SetProperties(options *SetBlobPropertiesOptions) error {
-	params := url.Values{"comp": {"properties"}}
-	headers := b.Container.bsc.client.getStandardHeaders()
-	headers = mergeHeaders(headers, headersFromStruct(b.Properties))
-
-	if options != nil {
-		params = addTimeout(params, options.Timeout)
-		headers = mergeHeaders(headers, headersFromStruct(*options))
-	}
-	uri := b.Container.bsc.client.getEndpoint(blobServiceName, b.buildPath(), params)
-
-	if b.Properties.BlobType == BlobTypePage {
-		headers = addToHeaders(headers, "x-ms-blob-content-length", fmt.Sprintf("%v", b.Properties.ContentLength))
-		if options != nil && options.SequenceNumberAction != nil {
-			headers = addToHeaders(headers, "x-ms-sequence-number-action", string(*options.SequenceNumberAction))
-			if *options.SequenceNumberAction != SequenceNumberActionIncrement {
-				headers = addToHeaders(headers, "x-ms-blob-sequence-number", fmt.Sprintf("%v", b.Properties.SequenceNumber))
-			}
-		}
-	}
-
-	resp, err := b.Container.bsc.client.exec(http.MethodPut, uri, headers, nil, b.Container.bsc.auth)
-	if err != nil {
-		return err
-	}
-	defer drainRespBody(resp)
-	return checkRespCode(resp, []int{http.StatusOK})
-}
-
-// SetBlobMetadataOptions includes the options for a set blob metadata operation
-type SetBlobMetadataOptions struct {
-	Timeout           uint
-	LeaseID           string     `header:"x-ms-lease-id"`
-	IfModifiedSince   *time.Time `header:"If-Modified-Since"`
-	IfUnmodifiedSince *time.Time `header:"If-Unmodified-Since"`
-	IfMatch           string     `header:"If-Match"`
-	IfNoneMatch       string     `header:"If-None-Match"`
-	RequestID         string     `header:"x-ms-client-request-id"`
-}
-
-// SetMetadata replaces the metadata for the specified blob.
-//
-// Some keys may be converted to Camel-Case before sending. All keys
-// are returned in lower case by GetBlobMetadata. HTTP header names
-// are case-insensitive so case munging should not matter to other
-// applications either.
-//
-// See https://msdn.microsoft.com/en-us/library/azure/dd179414.aspx
-func (b *Blob) SetMetadata(options *SetBlobMetadataOptions) error {
-	params := url.Values{"comp": {"metadata"}}
-	headers := b.Container.bsc.client.getStandardHeaders()
-	headers = b.Container.bsc.client.addMetadataToHeaders(headers, b.Metadata)
-
-	if options != nil {
-		params = addTimeout(params, options.Timeout)
-		headers = mergeHeaders(headers, headersFromStruct(*options))
-	}
-	uri := b.Container.bsc.client.getEndpoint(blobServiceName, b.buildPath(), params)
-
-	resp, err := b.Container.bsc.client.exec(http.MethodPut, uri, headers, nil, b.Container.bsc.auth)
-	if err != nil {
-		return err
-	}
-	defer drainRespBody(resp)
-	return checkRespCode(resp, []int{http.StatusOK})
-}
-
-// GetBlobMetadataOptions includes the options for a get blob metadata operation
-type GetBlobMetadataOptions struct {
-	Timeout           uint
-	Snapshot          *time.Time
-	LeaseID           string     `header:"x-ms-lease-id"`
-	IfModifiedSince   *time.Time `header:"If-Modified-Since"`
-	IfUnmodifiedSince *time.Time `header:"If-Unmodified-Since"`
-	IfMatch           string     `header:"If-Match"`
-	IfNoneMatch       string     `header:"If-None-Match"`
-	RequestID         string     `header:"x-ms-client-request-id"`
-}
-
-// GetMetadata returns all user-defined metadata for the specified blob.
-//
-// All metadata keys will be returned in lower case. (HTTP header
-// names are case-insensitive.)
-//
-// See https://msdn.microsoft.com/en-us/library/azure/dd179414.aspx
-func (b *Blob) GetMetadata(options *GetBlobMetadataOptions) error {
-	params := url.Values{"comp": {"metadata"}}
-	headers := b.Container.bsc.client.getStandardHeaders()
-
-	if options != nil {
-		params = addTimeout(params, options.Timeout)
-		params = addSnapshot(params, options.Snapshot)
-		headers = mergeHeaders(headers, headersFromStruct(*options))
-	}
-	uri := b.Container.bsc.client.getEndpoint(blobServiceName, b.buildPath(), params)
-
-	resp, err := b.Container.bsc.client.exec(http.MethodGet, uri, headers, nil, b.Container.bsc.auth)
-	if err != nil {
-		return err
-	}
-	defer drainRespBody(resp)
-
-	if err := checkRespCode(resp, []int{http.StatusOK}); err != nil {
-		return err
-	}
-
-	b.writeMetadata(resp.Header)
-	return nil
-}
-
-func (b *Blob) writeMetadata(h http.Header) {
-	b.Metadata = BlobMetadata(writeMetadata(h))
-}
-
-// DeleteBlobOptions includes the options for a delete blob operation
-type DeleteBlobOptions struct {
-	Timeout           uint
-	Snapshot          *time.Time
-	LeaseID           string `header:"x-ms-lease-id"`
-	DeleteSnapshots   *bool
-	IfModifiedSince   *time.Time `header:"If-Modified-Since"`
-	IfUnmodifiedSince *time.Time `header:"If-Unmodified-Since"`
-	IfMatch           string     `header:"If-Match"`
-	IfNoneMatch       string     `header:"If-None-Match"`
-	RequestID         string     `header:"x-ms-client-request-id"`
-}
-
-// Delete deletes the given blob from the specified container.
-// If the blob does not exist at the time of the Delete Blob operation, it
-// returns error.
-// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/Delete-Blob
-func (b *Blob) Delete(options *DeleteBlobOptions) error {
-	resp, err := b.delete(options)
-	if err != nil {
-		return err
-	}
-	defer drainRespBody(resp)
-	return checkRespCode(resp, []int{http.StatusAccepted})
-}
-
-// DeleteIfExists deletes the given blob from the specified container If the
-// blob is deleted with this call, returns true. Otherwise returns false.
-//
-// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/Delete-Blob
-func (b *Blob) DeleteIfExists(options *DeleteBlobOptions) (bool, error) {
-	resp, err := b.delete(options)
-	if resp != nil {
-		defer drainRespBody(resp)
-		if resp.StatusCode == http.StatusAccepted || resp.StatusCode == http.StatusNotFound {
-			return resp.StatusCode == http.StatusAccepted, nil
-		}
-	}
-	return false, err
-}
-
-func (b *Blob) delete(options *DeleteBlobOptions) (*http.Response, error) {
-	params := url.Values{}
-	headers := b.Container.bsc.client.getStandardHeaders()
-
-	if options != nil {
-		params = addTimeout(params, options.Timeout)
-		params = addSnapshot(params, options.Snapshot)
-		headers = mergeHeaders(headers, headersFromStruct(*options))
-		if options.DeleteSnapshots != nil {
-			if *options.DeleteSnapshots {
-				headers["x-ms-delete-snapshots"] = "include"
-			} else {
-				headers["x-ms-delete-snapshots"] = "only"
-			}
-		}
-	}
-	uri := b.Container.bsc.client.getEndpoint(blobServiceName, b.buildPath(), params)
-	return b.Container.bsc.client.exec(http.MethodDelete, uri, headers, nil, b.Container.bsc.auth)
-}
-
-// helper method to construct the path to either a blob or container
-func pathForResource(container, name string) string {
-	if name != "" {
-		return fmt.Sprintf("/%s/%s", container, name)
-	}
-	return fmt.Sprintf("/%s", container)
-}
-
-func (b *Blob) respondCreation(resp *http.Response, bt BlobType) error {
-	defer drainRespBody(resp)
-	err := checkRespCode(resp, []int{http.StatusCreated})
-	if err != nil {
-		return err
-	}
-	b.Properties.BlobType = bt
-	return nil
-}
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/storage/blobsasuri.go b/vendor/github.com/Azure/azure-sdk-for-go/storage/blobsasuri.go
deleted file mode 100644
index 89ab054ec..000000000
--- a/vendor/github.com/Azure/azure-sdk-for-go/storage/blobsasuri.go
+++ /dev/null
@@ -1,168 +0,0 @@
-package storage
-
-// Copyright (c) Microsoft Corporation. All rights reserved.
-// Licensed under the MIT License. See License.txt in the project root for license information.
-
-import (
-	"errors"
-	"fmt"
-	"net/url"
-	"strings"
-	"time"
-)
-
-// OverrideHeaders defines overridable response heaedrs in
-// a request using a SAS URI.
-// See https://docs.microsoft.com/en-us/rest/api/storageservices/constructing-a-service-sas
-type OverrideHeaders struct {
-	CacheControl       string
-	ContentDisposition string
-	ContentEncoding    string
-	ContentLanguage    string
-	ContentType        string
-}
-
-// BlobSASOptions are options to construct a blob SAS
-// URI.
-// See https://docs.microsoft.com/en-us/rest/api/storageservices/constructing-a-service-sas
-type BlobSASOptions struct {
-	BlobServiceSASPermissions
-	OverrideHeaders
-	SASOptions
-}
-
-// BlobServiceSASPermissions includes the available permissions for
-// blob service SAS URI.
-type BlobServiceSASPermissions struct {
-	Read   bool
-	Add    bool
-	Create bool
-	Write  bool
-	Delete bool
-}
-
-func (p BlobServiceSASPermissions) buildString() string {
-	permissions := ""
-	if p.Read {
-		permissions += "r"
-	}
-	if p.Add {
-		permissions += "a"
-	}
-	if p.Create {
-		permissions += "c"
-	}
-	if p.Write {
-		permissions += "w"
-	}
-	if p.Delete {
-		permissions += "d"
-	}
-	return permissions
-}
-
-// GetSASURI creates an URL to the blob which contains the Shared
-// Access Signature with the specified options.
-//
-// See https://docs.microsoft.com/en-us/rest/api/storageservices/constructing-a-service-sas
-func (b *Blob) GetSASURI(options BlobSASOptions) (string, error) {
-	uri := b.GetURL()
-	signedResource := "b"
-	canonicalizedResource, err := b.Container.bsc.client.buildCanonicalizedResource(uri, b.Container.bsc.auth, true)
-	if err != nil {
-		return "", err
-	}
-
-	permissions := options.BlobServiceSASPermissions.buildString()
-	return b.Container.bsc.client.blobAndFileSASURI(options.SASOptions, uri, permissions, canonicalizedResource, signedResource, options.OverrideHeaders)
-}
-
-func (c *Client) blobAndFileSASURI(options SASOptions, uri, permissions, canonicalizedResource, signedResource string, headers OverrideHeaders) (string, error) {
-	start := ""
-	if options.Start != (time.Time{}) {
-		start = options.Start.UTC().Format(time.RFC3339)
-	}
-
-	expiry := options.Expiry.UTC().Format(time.RFC3339)
-
-	// We need to replace + with %2b first to avoid being treated as a space (which is correct for query strings, but not the path component).
-	canonicalizedResource = strings.Replace(canonicalizedResource, "+", "%2b", -1)
-	canonicalizedResource, err := url.QueryUnescape(canonicalizedResource)
-	if err != nil {
-		return "", err
-	}
-
-	protocols := ""
-	if options.UseHTTPS {
-		protocols = "https"
-	}
-	stringToSign, err := blobSASStringToSign(permissions, start, expiry, canonicalizedResource, options.Identifier, options.IP, protocols, c.apiVersion, signedResource, "", headers)
-	if err != nil {
-		return "", err
-	}
-
-	sig := c.computeHmac256(stringToSign)
-	sasParams := url.Values{
-		"sv":  {c.apiVersion},
-		"se":  {expiry},
-		"sr":  {signedResource},
-		"sp":  {permissions},
-		"sig": {sig},
-	}
-
-	if start != "" {
-		sasParams.Add("st", start)
-	}
-
-	if c.apiVersion >= "2015-04-05" {
-		if protocols != "" {
-			sasParams.Add("spr", protocols)
-		}
-		if options.IP != "" {
-			sasParams.Add("sip", options.IP)
-		}
-	}
-
-	// Add override response hedaers
-	addQueryParameter(sasParams, "rscc", headers.CacheControl)
-	addQueryParameter(sasParams, "rscd", headers.ContentDisposition)
-	addQueryParameter(sasParams, "rsce", headers.ContentEncoding)
-	addQueryParameter(sasParams, "rscl", headers.ContentLanguage)
-	addQueryParameter(sasParams, "rsct", headers.ContentType)
-
-	sasURL, err := url.Parse(uri)
-	if err != nil {
-		return "", err
-	}
-	sasURL.RawQuery = sasParams.Encode()
-	return sasURL.String(), nil
-}
-
-func blobSASStringToSign(signedPermissions, signedStart, signedExpiry, canonicalizedResource, signedIdentifier, signedIP, protocols, signedVersion, signedResource, signedSnapshotTime string, headers OverrideHeaders) (string, error) {
-	rscc := headers.CacheControl
-	rscd := headers.ContentDisposition
-	rsce := headers.ContentEncoding
-	rscl := headers.ContentLanguage
-	rsct := headers.ContentType
-
-	if signedVersion >= "2015-02-21" {
-		canonicalizedResource = "/blob" + canonicalizedResource
-	}
-
-	// https://docs.microsoft.com/en-us/rest/api/storageservices/constructing-a-service-sas
-	if signedVersion >= "2018-11-09" {
-		return fmt.Sprintf("%s\n%s\n%s\n%s\n%s\n%s\n%s\n%s\n%s\n%s\n%s\n%s\n%s\n%s\n%s", signedPermissions, signedStart, signedExpiry, canonicalizedResource, signedIdentifier, signedIP, protocols, signedVersion, signedResource, signedSnapshotTime, rscc, rscd, rsce, rscl, rsct), nil
-	}
-
-	// https://msdn.microsoft.com/en-us/library/azure/dn140255.aspx#Anchor_12
-	if signedVersion >= "2015-04-05" {
-		return fmt.Sprintf("%s\n%s\n%s\n%s\n%s\n%s\n%s\n%s\n%s\n%s\n%s\n%s\n%s", signedPermissions, signedStart, signedExpiry, canonicalizedResource, signedIdentifier, signedIP, protocols, signedVersion, rscc, rscd, rsce, rscl, rsct), nil
-	}
-
-	// reference: http://msdn.microsoft.com/en-us/library/azure/dn140255.aspx
-	if signedVersion >= "2013-08-15" {
-		return fmt.Sprintf("%s\n%s\n%s\n%s\n%s\n%s\n%s\n%s\n%s\n%s\n%s", signedPermissions, signedStart, signedExpiry, canonicalizedResource, signedIdentifier, signedVersion, rscc, rscd, rsce, rscl, rsct), nil
-	}
-
-	return "", errors.New("storage: not implemented SAS for versions earlier than 2013-08-15")
-}
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/storage/blobserviceclient.go b/vendor/github.com/Azure/azure-sdk-for-go/storage/blobserviceclient.go
deleted file mode 100644
index 0a985b22b..000000000
--- a/vendor/github.com/Azure/azure-sdk-for-go/storage/blobserviceclient.go
+++ /dev/null
@@ -1,175 +0,0 @@
-package storage
-
-// Copyright (c) Microsoft Corporation. All rights reserved.
-// Licensed under the MIT License. See License.txt in the project root for license information.
-
-import (
-	"encoding/xml"
-	"fmt"
-	"net/http"
-	"net/url"
-	"strconv"
-	"strings"
-)
-
-// BlobStorageClient contains operations for Microsoft Azure Blob Storage
-// Service.
-type BlobStorageClient struct {
-	client Client
-	auth   authentication
-}
-
-// GetServiceProperties gets the properties of your storage account's blob service.
-// See: https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/get-blob-service-properties
-func (b *BlobStorageClient) GetServiceProperties() (*ServiceProperties, error) {
-	return b.client.getServiceProperties(blobServiceName, b.auth)
-}
-
-// SetServiceProperties sets the properties of your storage account's blob service.
-// See: https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/set-blob-service-properties
-func (b *BlobStorageClient) SetServiceProperties(props ServiceProperties) error {
-	return b.client.setServiceProperties(props, blobServiceName, b.auth)
-}
-
-// ListContainersParameters defines the set of customizable parameters to make a
-// List Containers call.
-//
-// See https://msdn.microsoft.com/en-us/library/azure/dd179352.aspx
-type ListContainersParameters struct {
-	Prefix     string
-	Marker     string
-	Include    string
-	MaxResults uint
-	Timeout    uint
-}
-
-// GetContainerReference returns a Container object for the specified container name.
-func (b *BlobStorageClient) GetContainerReference(name string) *Container {
-	return &Container{
-		bsc:  b,
-		Name: name,
-	}
-}
-
-// GetContainerReferenceFromSASURI returns a Container object for the specified
-// container SASURI
-func GetContainerReferenceFromSASURI(sasuri url.URL) (*Container, error) {
-	path := strings.Split(sasuri.Path, "/")
-	if len(path) <= 1 {
-		return nil, fmt.Errorf("could not find a container in URI: %s", sasuri.String())
-	}
-	c, err := newSASClientFromURL(&sasuri)
-	if err != nil {
-		return nil, err
-	}
-	cli := c.GetBlobService()
-	return &Container{
-		bsc:    &cli,
-		Name:   path[1],
-		sasuri: sasuri,
-	}, nil
-}
-
-// ListContainers returns the list of containers in a storage account along with
-// pagination token and other response details.
-//
-// See https://msdn.microsoft.com/en-us/library/azure/dd179352.aspx
-func (b BlobStorageClient) ListContainers(params ListContainersParameters) (*ContainerListResponse, error) {
-	q := mergeParams(params.getParameters(), url.Values{"comp": {"list"}})
-	uri := b.client.getEndpoint(blobServiceName, "", q)
-	headers := b.client.getStandardHeaders()
-
-	type ContainerAlias struct {
-		bsc        *BlobStorageClient
-		Name       string              `xml:"Name"`
-		Properties ContainerProperties `xml:"Properties"`
-		Metadata   BlobMetadata
-		sasuri     url.URL
-	}
-	type ContainerListResponseAlias struct {
-		XMLName    xml.Name         `xml:"EnumerationResults"`
-		Xmlns      string           `xml:"xmlns,attr"`
-		Prefix     string           `xml:"Prefix"`
-		Marker     string           `xml:"Marker"`
-		NextMarker string           `xml:"NextMarker"`
-		MaxResults int64            `xml:"MaxResults"`
-		Containers []ContainerAlias `xml:"Containers>Container"`
-	}
-
-	var outAlias ContainerListResponseAlias
-	resp, err := b.client.exec(http.MethodGet, uri, headers, nil, b.auth)
-	if err != nil {
-		return nil, err
-	}
-	defer resp.Body.Close()
-	err = xmlUnmarshal(resp.Body, &outAlias)
-	if err != nil {
-		return nil, err
-	}
-
-	out := ContainerListResponse{
-		XMLName:    outAlias.XMLName,
-		Xmlns:      outAlias.Xmlns,
-		Prefix:     outAlias.Prefix,
-		Marker:     outAlias.Marker,
-		NextMarker: outAlias.NextMarker,
-		MaxResults: outAlias.MaxResults,
-		Containers: make([]Container, len(outAlias.Containers)),
-	}
-	for i, cnt := range outAlias.Containers {
-		out.Containers[i] = Container{
-			bsc:        &b,
-			Name:       cnt.Name,
-			Properties: cnt.Properties,
-			Metadata:   map[string]string(cnt.Metadata),
-			sasuri:     cnt.sasuri,
-		}
-	}
-
-	return &out, err
-}
-
-func (p ListContainersParameters) getParameters() url.Values {
-	out := url.Values{}
-
-	if p.Prefix != "" {
-		out.Set("prefix", p.Prefix)
-	}
-	if p.Marker != "" {
-		out.Set("marker", p.Marker)
-	}
-	if p.Include != "" {
-		out.Set("include", p.Include)
-	}
-	if p.MaxResults != 0 {
-		out.Set("maxresults", strconv.FormatUint(uint64(p.MaxResults), 10))
-	}
-	if p.Timeout != 0 {
-		out.Set("timeout", strconv.FormatUint(uint64(p.Timeout), 10))
-	}
-
-	return out
-}
-
-func writeMetadata(h http.Header) map[string]string {
-	metadata := make(map[string]string)
-	for k, v := range h {
-		// Can't trust CanonicalHeaderKey() to munge case
-		// reliably. "_" is allowed in identifiers:
-		// https://msdn.microsoft.com/en-us/library/azure/dd179414.aspx
-		// https://msdn.microsoft.com/library/aa664670(VS.71).aspx
-		// http://tools.ietf.org/html/rfc7230#section-3.2
-		// ...but "_" is considered invalid by
-		// CanonicalMIMEHeaderKey in
-		// https://golang.org/src/net/textproto/reader.go?s=14615:14659#L542
-		// so k can be "X-Ms-Meta-Lol" or "x-ms-meta-lol_rofl".
-		k = strings.ToLower(k)
-		if len(v) == 0 || !strings.HasPrefix(k, strings.ToLower(userDefinedMetadataHeaderPrefix)) {
-			continue
-		}
-		// metadata["lol"] = content of the last X-Ms-Meta-Lol header
-		k = k[len(userDefinedMetadataHeaderPrefix):]
-		metadata[k] = v[len(v)-1]
-	}
-	return metadata
-}
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/storage/blockblob.go b/vendor/github.com/Azure/azure-sdk-for-go/storage/blockblob.go
deleted file mode 100644
index 9d445decf..000000000
--- a/vendor/github.com/Azure/azure-sdk-for-go/storage/blockblob.go
+++ /dev/null
@@ -1,300 +0,0 @@
-package storage
-
-// Copyright (c) Microsoft Corporation. All rights reserved.
-// Licensed under the MIT License. See License.txt in the project root for license information.
-
-import (
-	"bytes"
-	"encoding/xml"
-	"fmt"
-	"io"
-	"net/http"
-	"net/url"
-	"strconv"
-	"strings"
-	"time"
-)
-
-// BlockListType is used to filter out types of blocks in a Get Blocks List call
-// for a block blob.
-//
-// See https://msdn.microsoft.com/en-us/library/azure/dd179400.aspx for all
-// block types.
-type BlockListType string
-
-// Filters for listing blocks in block blobs
-const (
-	BlockListTypeAll         BlockListType = "all"
-	BlockListTypeCommitted   BlockListType = "committed"
-	BlockListTypeUncommitted BlockListType = "uncommitted"
-)
-
-// Maximum sizes (per REST API) for various concepts
-const (
-	MaxBlobBlockSize = 100 * 1024 * 1024
-	MaxBlobPageSize  = 4 * 1024 * 1024
-)
-
-// BlockStatus defines states a block for a block blob can
-// be in.
-type BlockStatus string
-
-// List of statuses that can be used to refer to a block in a block list
-const (
-	BlockStatusUncommitted BlockStatus = "Uncommitted"
-	BlockStatusCommitted   BlockStatus = "Committed"
-	BlockStatusLatest      BlockStatus = "Latest"
-)
-
-// Block is used to create Block entities for Put Block List
-// call.
-type Block struct {
-	ID     string
-	Status BlockStatus
-}
-
-// BlockListResponse contains the response fields from Get Block List call.
-//
-// See https://msdn.microsoft.com/en-us/library/azure/dd179400.aspx
-type BlockListResponse struct {
-	XMLName           xml.Name        `xml:"BlockList"`
-	CommittedBlocks   []BlockResponse `xml:"CommittedBlocks>Block"`
-	UncommittedBlocks []BlockResponse `xml:"UncommittedBlocks>Block"`
-}
-
-// BlockResponse contains the block information returned
-// in the GetBlockListCall.
-type BlockResponse struct {
-	Name string `xml:"Name"`
-	Size int64  `xml:"Size"`
-}
-
-// CreateBlockBlob initializes an empty block blob with no blocks.
-//
-// See CreateBlockBlobFromReader for more info on creating blobs.
-//
-// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/Put-Blob
-func (b *Blob) CreateBlockBlob(options *PutBlobOptions) error {
-	return b.CreateBlockBlobFromReader(nil, options)
-}
-
-// CreateBlockBlobFromReader initializes a block blob using data from
-// reader. Size must be the number of bytes read from reader. To
-// create an empty blob, use size==0 and reader==nil.
-//
-// Any headers set in blob.Properties or metadata in blob.Metadata
-// will be set on the blob.
-//
-// The API rejects requests with size > 256 MiB (but this limit is not
-// checked by the SDK). To write a larger blob, use CreateBlockBlob,
-// PutBlock, and PutBlockList.
-//
-// To create a blob from scratch, call container.GetBlobReference() to
-// get an empty blob, fill in blob.Properties and blob.Metadata as
-// appropriate then call this method.
-//
-// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/Put-Blob
-func (b *Blob) CreateBlockBlobFromReader(blob io.Reader, options *PutBlobOptions) error {
-	params := url.Values{}
-	headers := b.Container.bsc.client.getStandardHeaders()
-	headers["x-ms-blob-type"] = string(BlobTypeBlock)
-
-	headers["Content-Length"] = "0"
-	var n int64
-	var err error
-	if blob != nil {
-		type lener interface {
-			Len() int
-		}
-		// TODO(rjeczalik): handle io.ReadSeeker, in case blob is *os.File etc.
-		if l, ok := blob.(lener); ok {
-			n = int64(l.Len())
-		} else {
-			var buf bytes.Buffer
-			n, err = io.Copy(&buf, blob)
-			if err != nil {
-				return err
-			}
-			blob = &buf
-		}
-
-		headers["Content-Length"] = strconv.FormatInt(n, 10)
-	}
-	b.Properties.ContentLength = n
-
-	headers = mergeHeaders(headers, headersFromStruct(b.Properties))
-	headers = b.Container.bsc.client.addMetadataToHeaders(headers, b.Metadata)
-
-	if options != nil {
-		params = addTimeout(params, options.Timeout)
-		headers = mergeHeaders(headers, headersFromStruct(*options))
-	}
-	uri := b.Container.bsc.client.getEndpoint(blobServiceName, b.buildPath(), params)
-
-	resp, err := b.Container.bsc.client.exec(http.MethodPut, uri, headers, blob, b.Container.bsc.auth)
-	if err != nil {
-		return err
-	}
-	return b.respondCreation(resp, BlobTypeBlock)
-}
-
-// PutBlockOptions includes the options for a put block operation
-type PutBlockOptions struct {
-	Timeout    uint
-	LeaseID    string `header:"x-ms-lease-id"`
-	ContentMD5 string `header:"Content-MD5"`
-	RequestID  string `header:"x-ms-client-request-id"`
-}
-
-// PutBlock saves the given data chunk to the specified block blob with
-// given ID.
-//
-// The API rejects chunks larger than 100 MiB (but this limit is not
-// checked by the SDK).
-//
-// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/Put-Block
-func (b *Blob) PutBlock(blockID string, chunk []byte, options *PutBlockOptions) error {
-	return b.PutBlockWithLength(blockID, uint64(len(chunk)), bytes.NewReader(chunk), options)
-}
-
-// PutBlockWithLength saves the given data stream of exactly specified size to
-// the block blob with given ID. It is an alternative to PutBlocks where data
-// comes as stream but the length is known in advance.
-//
-// The API rejects requests with size > 100 MiB (but this limit is not
-// checked by the SDK).
-//
-// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/Put-Block
-func (b *Blob) PutBlockWithLength(blockID string, size uint64, blob io.Reader, options *PutBlockOptions) error {
-	query := url.Values{
-		"comp":    {"block"},
-		"blockid": {blockID},
-	}
-	headers := b.Container.bsc.client.getStandardHeaders()
-	headers["Content-Length"] = fmt.Sprintf("%v", size)
-
-	if options != nil {
-		query = addTimeout(query, options.Timeout)
-		headers = mergeHeaders(headers, headersFromStruct(*options))
-	}
-	uri := b.Container.bsc.client.getEndpoint(blobServiceName, b.buildPath(), query)
-
-	resp, err := b.Container.bsc.client.exec(http.MethodPut, uri, headers, blob, b.Container.bsc.auth)
-	if err != nil {
-		return err
-	}
-	return b.respondCreation(resp, BlobTypeBlock)
-}
-
-// PutBlockFromURLOptions includes the options for a put block from URL operation
-type PutBlockFromURLOptions struct {
-	PutBlockOptions
-
-	SourceContentMD5   string `header:"x-ms-source-content-md5"`
-	SourceContentCRC64 string `header:"x-ms-source-content-crc64"`
-}
-
-// PutBlockFromURL copy data of exactly specified size from specified URL to
-// the block blob with given ID. It is an alternative to PutBlocks where data
-// comes from a remote URL and the offset and length is known in advance.
-//
-// The API rejects requests with size > 100 MiB (but this limit is not
-// checked by the SDK).
-//
-// See https://docs.microsoft.com/en-us/rest/api/storageservices/put-block-from-url
-func (b *Blob) PutBlockFromURL(blockID string, blobURL string, offset int64, size uint64, options *PutBlockFromURLOptions) error {
-	query := url.Values{
-		"comp":    {"block"},
-		"blockid": {blockID},
-	}
-	headers := b.Container.bsc.client.getStandardHeaders()
-	// The value of this header must be set to zero.
-	// When the length is not zero, the operation will fail with the status code 400 (Bad Request).
-	headers["Content-Length"] = "0"
-	headers["x-ms-copy-source"] = blobURL
-	headers["x-ms-source-range"] = fmt.Sprintf("bytes=%d-%d", offset, uint64(offset)+size-1)
-
-	if options != nil {
-		query = addTimeout(query, options.Timeout)
-		headers = mergeHeaders(headers, headersFromStruct(*options))
-	}
-	uri := b.Container.bsc.client.getEndpoint(blobServiceName, b.buildPath(), query)
-
-	resp, err := b.Container.bsc.client.exec(http.MethodPut, uri, headers, nil, b.Container.bsc.auth)
-	if err != nil {
-		return err
-	}
-	return b.respondCreation(resp, BlobTypeBlock)
-}
-
-// PutBlockListOptions includes the options for a put block list operation
-type PutBlockListOptions struct {
-	Timeout           uint
-	LeaseID           string     `header:"x-ms-lease-id"`
-	IfModifiedSince   *time.Time `header:"If-Modified-Since"`
-	IfUnmodifiedSince *time.Time `header:"If-Unmodified-Since"`
-	IfMatch           string     `header:"If-Match"`
-	IfNoneMatch       string     `header:"If-None-Match"`
-	RequestID         string     `header:"x-ms-client-request-id"`
-}
-
-// PutBlockList saves list of blocks to the specified block blob.
-//
-// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/Put-Block-List
-func (b *Blob) PutBlockList(blocks []Block, options *PutBlockListOptions) error {
-	params := url.Values{"comp": {"blocklist"}}
-	blockListXML := prepareBlockListRequest(blocks)
-	headers := b.Container.bsc.client.getStandardHeaders()
-	headers["Content-Length"] = fmt.Sprintf("%v", len(blockListXML))
-	headers = mergeHeaders(headers, headersFromStruct(b.Properties))
-	headers = b.Container.bsc.client.addMetadataToHeaders(headers, b.Metadata)
-
-	if options != nil {
-		params = addTimeout(params, options.Timeout)
-		headers = mergeHeaders(headers, headersFromStruct(*options))
-	}
-	uri := b.Container.bsc.client.getEndpoint(blobServiceName, b.buildPath(), params)
-
-	resp, err := b.Container.bsc.client.exec(http.MethodPut, uri, headers, strings.NewReader(blockListXML), b.Container.bsc.auth)
-	if err != nil {
-		return err
-	}
-	defer drainRespBody(resp)
-	return checkRespCode(resp, []int{http.StatusCreated})
-}
-
-// GetBlockListOptions includes the options for a get block list operation
-type GetBlockListOptions struct {
-	Timeout   uint
-	Snapshot  *time.Time
-	LeaseID   string `header:"x-ms-lease-id"`
-	RequestID string `header:"x-ms-client-request-id"`
-}
-
-// GetBlockList retrieves list of blocks in the specified block blob.
-//
-// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/Get-Block-List
-func (b *Blob) GetBlockList(blockType BlockListType, options *GetBlockListOptions) (BlockListResponse, error) {
-	params := url.Values{
-		"comp":          {"blocklist"},
-		"blocklisttype": {string(blockType)},
-	}
-	headers := b.Container.bsc.client.getStandardHeaders()
-
-	if options != nil {
-		params = addTimeout(params, options.Timeout)
-		params = addSnapshot(params, options.Snapshot)
-		headers = mergeHeaders(headers, headersFromStruct(*options))
-	}
-	uri := b.Container.bsc.client.getEndpoint(blobServiceName, b.buildPath(), params)
-
-	var out BlockListResponse
-	resp, err := b.Container.bsc.client.exec(http.MethodGet, uri, headers, nil, b.Container.bsc.auth)
-	if err != nil {
-		return out, err
-	}
-	defer resp.Body.Close()
-
-	err = xmlUnmarshal(resp.Body, &out)
-	return out, err
-}
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/storage/client.go b/vendor/github.com/Azure/azure-sdk-for-go/storage/client.go
deleted file mode 100644
index ce6e5a80d..000000000
--- a/vendor/github.com/Azure/azure-sdk-for-go/storage/client.go
+++ /dev/null
@@ -1,1061 +0,0 @@
-// Package storage provides clients for Microsoft Azure Storage Services.
-package storage
-
-// Copyright (c) Microsoft Corporation. All rights reserved.
-// Licensed under the MIT License. See License.txt in the project root for license information.
-
-import (
-	"bufio"
-	"encoding/base64"
-	"encoding/json"
-	"encoding/xml"
-	"errors"
-	"fmt"
-	"io"
-	"io/ioutil"
-	"mime"
-	"mime/multipart"
-	"net/http"
-	"net/url"
-	"regexp"
-	"runtime"
-	"strconv"
-	"strings"
-	"time"
-
-	"github.com/Azure/azure-sdk-for-go/version"
-	"github.com/Azure/go-autorest/autorest"
-	"github.com/Azure/go-autorest/autorest/azure"
-)
-
-const (
-	// DefaultBaseURL is the domain name used for storage requests in the
-	// public cloud when a default client is created.
-	DefaultBaseURL = "core.windows.net"
-
-	// DefaultAPIVersion is the Azure Storage API version string used when a
-	// basic client is created.
-	DefaultAPIVersion = "2018-03-28"
-
-	defaultUseHTTPS      = true
-	defaultRetryAttempts = 5
-	defaultRetryDuration = time.Second * 5
-
-	// StorageEmulatorAccountName is the fixed storage account used by Azure Storage Emulator
-	StorageEmulatorAccountName = "devstoreaccount1"
-
-	// StorageEmulatorAccountKey is the the fixed storage account used by Azure Storage Emulator
-	StorageEmulatorAccountKey = "Eby8vdM02xNOcqFlqUwJPLlmEtlCDXJ1OUzFT50uSRZ6IFsuFq2UVErCz4I6tq/K1SZFPTOtr/KBHBeksoGMGw=="
-
-	blobServiceName  = "blob"
-	tableServiceName = "table"
-	queueServiceName = "queue"
-	fileServiceName  = "file"
-
-	storageEmulatorBlob  = "127.0.0.1:10000"
-	storageEmulatorTable = "127.0.0.1:10002"
-	storageEmulatorQueue = "127.0.0.1:10001"
-
-	userAgentHeader = "User-Agent"
-
-	userDefinedMetadataHeaderPrefix = "x-ms-meta-"
-
-	connectionStringAccountName      = "accountname"
-	connectionStringAccountKey       = "accountkey"
-	connectionStringEndpointSuffix   = "endpointsuffix"
-	connectionStringEndpointProtocol = "defaultendpointsprotocol"
-
-	connectionStringBlobEndpoint  = "blobendpoint"
-	connectionStringFileEndpoint  = "fileendpoint"
-	connectionStringQueueEndpoint = "queueendpoint"
-	connectionStringTableEndpoint = "tableendpoint"
-	connectionStringSAS           = "sharedaccesssignature"
-)
-
-var (
-	validStorageAccount     = regexp.MustCompile("^[0-9a-z]{3,24}$")
-	validCosmosAccount      = regexp.MustCompile("^[0-9a-z-]{3,44}$")
-	defaultValidStatusCodes = []int{
-		http.StatusRequestTimeout,      // 408
-		http.StatusInternalServerError, // 500
-		http.StatusBadGateway,          // 502
-		http.StatusServiceUnavailable,  // 503
-		http.StatusGatewayTimeout,      // 504
-	}
-)
-
-// Sender sends a request
-type Sender interface {
-	Send(*Client, *http.Request) (*http.Response, error)
-}
-
-// DefaultSender is the default sender for the client. It implements
-// an automatic retry strategy.
-type DefaultSender struct {
-	RetryAttempts    int
-	RetryDuration    time.Duration
-	ValidStatusCodes []int
-	attempts         int // used for testing
-}
-
-// Send is the default retry strategy in the client
-func (ds *DefaultSender) Send(c *Client, req *http.Request) (resp *http.Response, err error) {
-	rr := autorest.NewRetriableRequest(req)
-	for attempts := 0; attempts < ds.RetryAttempts; attempts++ {
-		err = rr.Prepare()
-		if err != nil {
-			return resp, err
-		}
-		resp, err = c.HTTPClient.Do(rr.Request())
-		if err == nil && !autorest.ResponseHasStatusCode(resp, ds.ValidStatusCodes...) {
-			return resp, err
-		}
-		drainRespBody(resp)
-		autorest.DelayForBackoff(ds.RetryDuration, attempts, req.Cancel)
-		ds.attempts = attempts
-	}
-	ds.attempts++
-	return resp, err
-}
-
-// Client is the object that needs to be constructed to perform
-// operations on the storage account.
-type Client struct {
-	// HTTPClient is the http.Client used to initiate API
-	// requests. http.DefaultClient is used when creating a
-	// client.
-	HTTPClient *http.Client
-
-	// Sender is an interface that sends the request. Clients are
-	// created with a DefaultSender. The DefaultSender has an
-	// automatic retry strategy built in. The Sender can be customized.
-	Sender Sender
-
-	accountName       string
-	accountKey        []byte
-	useHTTPS          bool
-	UseSharedKeyLite  bool
-	baseURL           string
-	apiVersion        string
-	userAgent         string
-	sasClient         bool
-	accountSASToken   url.Values
-	additionalHeaders map[string]string
-}
-
-type odataResponse struct {
-	resp  *http.Response
-	odata odataErrorWrapper
-}
-
-// AzureStorageServiceError contains fields of the error response from
-// Azure Storage Service REST API. See https://msdn.microsoft.com/en-us/library/azure/dd179382.aspx
-// Some fields might be specific to certain calls.
-type AzureStorageServiceError struct {
-	Code                      string `xml:"Code"`
-	Message                   string `xml:"Message"`
-	AuthenticationErrorDetail string `xml:"AuthenticationErrorDetail"`
-	QueryParameterName        string `xml:"QueryParameterName"`
-	QueryParameterValue       string `xml:"QueryParameterValue"`
-	Reason                    string `xml:"Reason"`
-	Lang                      string
-	StatusCode                int
-	RequestID                 string
-	Date                      string
-	APIVersion                string
-}
-
-// AzureTablesServiceError contains fields of the error response from
-// Azure Table Storage Service REST API in Atom format.
-// See https://msdn.microsoft.com/en-us/library/azure/dd179382.aspx
-type AzureTablesServiceError struct {
-	Code       string `xml:"code"`
-	Message    string `xml:"message"`
-	StatusCode int
-	RequestID  string
-	Date       string
-	APIVersion string
-}
-
-func (e AzureTablesServiceError) Error() string {
-	return fmt.Sprintf("storage: service returned error: StatusCode=%d, ErrorCode=%s, ErrorMessage=%s, RequestInitiated=%s, RequestId=%s, API Version=%s",
-		e.StatusCode, e.Code, e.Message, e.Date, e.RequestID, e.APIVersion)
-}
-
-type odataErrorMessage struct {
-	Lang  string `json:"lang"`
-	Value string `json:"value"`
-}
-
-type odataError struct {
-	Code    string            `json:"code"`
-	Message odataErrorMessage `json:"message"`
-}
-
-type odataErrorWrapper struct {
-	Err odataError `json:"odata.error"`
-}
-
-// UnexpectedStatusCodeError is returned when a storage service responds with neither an error
-// nor with an HTTP status code indicating success.
-type UnexpectedStatusCodeError struct {
-	allowed []int
-	got     int
-	inner   error
-}
-
-func (e UnexpectedStatusCodeError) Error() string {
-	s := func(i int) string { return fmt.Sprintf("%d %s", i, http.StatusText(i)) }
-
-	got := s(e.got)
-	expected := []string{}
-	for _, v := range e.allowed {
-		expected = append(expected, s(v))
-	}
-	return fmt.Sprintf("storage: status code from service response is %s; was expecting %s.  Inner error: %+v", got, strings.Join(expected, " or "), e.inner)
-}
-
-// Got is the actual status code returned by Azure.
-func (e UnexpectedStatusCodeError) Got() int {
-	return e.got
-}
-
-// Inner returns any inner error info.
-func (e UnexpectedStatusCodeError) Inner() error {
-	return e.inner
-}
-
-// NewClientFromConnectionString creates a Client from the connection string.
-func NewClientFromConnectionString(input string) (Client, error) {
-	// build a map of connection string key/value pairs
-	parts := map[string]string{}
-	for _, pair := range strings.Split(input, ";") {
-		if pair == "" {
-			continue
-		}
-
-		equalDex := strings.IndexByte(pair, '=')
-		if equalDex <= 0 {
-			return Client{}, fmt.Errorf("Invalid connection segment %q", pair)
-		}
-
-		value := strings.TrimSpace(pair[equalDex+1:])
-		key := strings.TrimSpace(strings.ToLower(pair[:equalDex]))
-		parts[key] = value
-	}
-
-	// TODO: validate parameter sets?
-
-	if parts[connectionStringAccountName] == StorageEmulatorAccountName {
-		return NewEmulatorClient()
-	}
-
-	if parts[connectionStringSAS] != "" {
-		endpoint := ""
-		if parts[connectionStringBlobEndpoint] != "" {
-			endpoint = parts[connectionStringBlobEndpoint]
-		} else if parts[connectionStringFileEndpoint] != "" {
-			endpoint = parts[connectionStringFileEndpoint]
-		} else if parts[connectionStringQueueEndpoint] != "" {
-			endpoint = parts[connectionStringQueueEndpoint]
-		} else {
-			endpoint = parts[connectionStringTableEndpoint]
-		}
-
-		return NewAccountSASClientFromEndpointToken(endpoint, parts[connectionStringSAS])
-	}
-
-	useHTTPS := defaultUseHTTPS
-	if parts[connectionStringEndpointProtocol] != "" {
-		useHTTPS = parts[connectionStringEndpointProtocol] == "https"
-	}
-
-	return NewClient(parts[connectionStringAccountName], parts[connectionStringAccountKey],
-		parts[connectionStringEndpointSuffix], DefaultAPIVersion, useHTTPS)
-}
-
-// NewBasicClient constructs a Client with given storage service name and
-// key.
-func NewBasicClient(accountName, accountKey string) (Client, error) {
-	if accountName == StorageEmulatorAccountName {
-		return NewEmulatorClient()
-	}
-	return NewClient(accountName, accountKey, DefaultBaseURL, DefaultAPIVersion, defaultUseHTTPS)
-}
-
-// NewBasicClientOnSovereignCloud constructs a Client with given storage service name and
-// key in the referenced cloud.
-func NewBasicClientOnSovereignCloud(accountName, accountKey string, env azure.Environment) (Client, error) {
-	if accountName == StorageEmulatorAccountName {
-		return NewEmulatorClient()
-	}
-	return NewClient(accountName, accountKey, env.StorageEndpointSuffix, DefaultAPIVersion, defaultUseHTTPS)
-}
-
-//NewEmulatorClient contructs a Client intended to only work with Azure
-//Storage Emulator
-func NewEmulatorClient() (Client, error) {
-	return NewClient(StorageEmulatorAccountName, StorageEmulatorAccountKey, DefaultBaseURL, DefaultAPIVersion, false)
-}
-
-// NewClient constructs a Client. This should be used if the caller wants
-// to specify whether to use HTTPS, a specific REST API version or a custom
-// storage endpoint than Azure Public Cloud.
-func NewClient(accountName, accountKey, serviceBaseURL, apiVersion string, useHTTPS bool) (Client, error) {
-	var c Client
-	if !IsValidStorageAccount(accountName) {
-		return c, fmt.Errorf("azure: account name is not valid: it must be between 3 and 24 characters, and only may contain numbers and lowercase letters: %v", accountName)
-	} else if accountKey == "" {
-		return c, fmt.Errorf("azure: account key required")
-	} else if serviceBaseURL == "" {
-		return c, fmt.Errorf("azure: base storage service url required")
-	}
-
-	key, err := base64.StdEncoding.DecodeString(accountKey)
-	if err != nil {
-		return c, fmt.Errorf("azure: malformed storage account key: %v", err)
-	}
-
-	return newClient(accountName, key, serviceBaseURL, apiVersion, useHTTPS)
-}
-
-// NewCosmosClient constructs a Client for Azure CosmosDB. This should be used if the caller wants
-// to specify whether to use HTTPS, a specific REST API version or a custom
-// cosmos endpoint than Azure Public Cloud.
-func NewCosmosClient(accountName, accountKey, serviceBaseURL, apiVersion string, useHTTPS bool) (Client, error) {
-	var c Client
-	if !IsValidCosmosAccount(accountName) {
-		return c, fmt.Errorf("azure: account name is not valid: The name can contain only lowercase letters, numbers and the '-' character, and must be between 3 and 44 characters: %v", accountName)
-	} else if accountKey == "" {
-		return c, fmt.Errorf("azure: account key required")
-	} else if serviceBaseURL == "" {
-		return c, fmt.Errorf("azure: base storage service url required")
-	}
-
-	key, err := base64.StdEncoding.DecodeString(accountKey)
-	if err != nil {
-		return c, fmt.Errorf("azure: malformed cosmos account key: %v", err)
-	}
-
-	return newClient(accountName, key, serviceBaseURL, apiVersion, useHTTPS)
-}
-
-// newClient constructs a Client with given parameters.
-func newClient(accountName string, accountKey []byte, serviceBaseURL, apiVersion string, useHTTPS bool) (Client, error) {
-	c := Client{
-		HTTPClient:       http.DefaultClient,
-		accountName:      accountName,
-		accountKey:       accountKey,
-		useHTTPS:         useHTTPS,
-		baseURL:          serviceBaseURL,
-		apiVersion:       apiVersion,
-		sasClient:        false,
-		UseSharedKeyLite: false,
-		Sender: &DefaultSender{
-			RetryAttempts:    defaultRetryAttempts,
-			ValidStatusCodes: defaultValidStatusCodes,
-			RetryDuration:    defaultRetryDuration,
-		},
-	}
-	c.userAgent = c.getDefaultUserAgent()
-	return c, nil
-}
-
-// IsValidStorageAccount checks if the storage account name is valid.
-// See https://docs.microsoft.com/en-us/azure/storage/storage-create-storage-account
-func IsValidStorageAccount(account string) bool {
-	return validStorageAccount.MatchString(account)
-}
-
-// IsValidCosmosAccount checks if the Cosmos account name is valid.
-// See https://docs.microsoft.com/en-us/azure/cosmos-db/how-to-manage-database-account
-func IsValidCosmosAccount(account string) bool {
-	return validCosmosAccount.MatchString(account)
-}
-
-// NewAccountSASClient contructs a client that uses accountSAS authorization
-// for its operations.
-func NewAccountSASClient(account string, token url.Values, env azure.Environment) Client {
-	return newSASClient(account, env.StorageEndpointSuffix, token)
-}
-
-// NewAccountSASClientFromEndpointToken constructs a client that uses accountSAS authorization
-// for its operations using the specified endpoint and SAS token.
-func NewAccountSASClientFromEndpointToken(endpoint string, sasToken string) (Client, error) {
-	u, err := url.Parse(endpoint)
-	if err != nil {
-		return Client{}, err
-	}
-	_, err = url.ParseQuery(sasToken)
-	if err != nil {
-		return Client{}, err
-	}
-	u.RawQuery = sasToken
-	return newSASClientFromURL(u)
-}
-
-func newSASClient(accountName, baseURL string, sasToken url.Values) Client {
-	c := Client{
-		HTTPClient: http.DefaultClient,
-		apiVersion: DefaultAPIVersion,
-		sasClient:  true,
-		Sender: &DefaultSender{
-			RetryAttempts:    defaultRetryAttempts,
-			ValidStatusCodes: defaultValidStatusCodes,
-			RetryDuration:    defaultRetryDuration,
-		},
-		accountName:     accountName,
-		baseURL:         baseURL,
-		accountSASToken: sasToken,
-		useHTTPS:        defaultUseHTTPS,
-	}
-	c.userAgent = c.getDefaultUserAgent()
-	// Get API version and protocol from token
-	c.apiVersion = sasToken.Get("sv")
-	if spr := sasToken.Get("spr"); spr != "" {
-		c.useHTTPS = spr == "https"
-	}
-	return c
-}
-
-func newSASClientFromURL(u *url.URL) (Client, error) {
-	// the host name will look something like this
-	// - foo.blob.core.windows.net
-	// "foo" is the account name
-	// "core.windows.net" is the baseURL
-
-	// find the first dot to get account name
-	i1 := strings.IndexByte(u.Host, '.')
-	if i1 < 0 {
-		return Client{}, fmt.Errorf("failed to find '.' in %s", u.Host)
-	}
-
-	// now find the second dot to get the base URL
-	i2 := strings.IndexByte(u.Host[i1+1:], '.')
-	if i2 < 0 {
-		return Client{}, fmt.Errorf("failed to find '.' in %s", u.Host[i1+1:])
-	}
-
-	sasToken := u.Query()
-	c := newSASClient(u.Host[:i1], u.Host[i1+i2+2:], sasToken)
-	if spr := sasToken.Get("spr"); spr == "" {
-		// infer from URL if not in the query params set
-		c.useHTTPS = u.Scheme == "https"
-	}
-	return c, nil
-}
-
-func (c Client) isServiceSASClient() bool {
-	return c.sasClient && c.accountSASToken == nil
-}
-
-func (c Client) isAccountSASClient() bool {
-	return c.sasClient && c.accountSASToken != nil
-}
-
-func (c Client) getDefaultUserAgent() string {
-	return fmt.Sprintf("Go/%s (%s-%s) azure-storage-go/%s api-version/%s",
-		runtime.Version(),
-		runtime.GOARCH,
-		runtime.GOOS,
-		version.Number,
-		c.apiVersion,
-	)
-}
-
-// AddToUserAgent adds an extension to the current user agent
-func (c *Client) AddToUserAgent(extension string) error {
-	if extension != "" {
-		c.userAgent = fmt.Sprintf("%s %s", c.userAgent, extension)
-		return nil
-	}
-	return fmt.Errorf("Extension was empty, User Agent stayed as %s", c.userAgent)
-}
-
-// AddAdditionalHeaders adds additional standard headers
-func (c *Client) AddAdditionalHeaders(headers map[string]string) {
-	if headers != nil {
-		c.additionalHeaders = map[string]string{}
-		for k, v := range headers {
-			c.additionalHeaders[k] = v
-		}
-	}
-}
-
-// protectUserAgent is used in funcs that include extraheaders as a parameter.
-// It prevents the User-Agent header to be overwritten, instead if it happens to
-// be present, it gets added to the current User-Agent. Use it before getStandardHeaders
-func (c *Client) protectUserAgent(extraheaders map[string]string) map[string]string {
-	if v, ok := extraheaders[userAgentHeader]; ok {
-		c.AddToUserAgent(v)
-		delete(extraheaders, userAgentHeader)
-	}
-	return extraheaders
-}
-
-func (c Client) getBaseURL(service string) *url.URL {
-	scheme := "http"
-	if c.useHTTPS {
-		scheme = "https"
-	}
-	host := ""
-	if c.accountName == StorageEmulatorAccountName {
-		switch service {
-		case blobServiceName:
-			host = storageEmulatorBlob
-		case tableServiceName:
-			host = storageEmulatorTable
-		case queueServiceName:
-			host = storageEmulatorQueue
-		}
-	} else {
-		host = fmt.Sprintf("%s.%s.%s", c.accountName, service, c.baseURL)
-	}
-
-	return &url.URL{
-		Scheme: scheme,
-		Host:   host,
-	}
-}
-
-func (c Client) getEndpoint(service, path string, params url.Values) string {
-	u := c.getBaseURL(service)
-
-	// API doesn't accept path segments not starting with '/'
-	if !strings.HasPrefix(path, "/") {
-		path = fmt.Sprintf("/%v", path)
-	}
-
-	if c.accountName == StorageEmulatorAccountName {
-		path = fmt.Sprintf("/%v%v", StorageEmulatorAccountName, path)
-	}
-
-	u.Path = path
-	u.RawQuery = params.Encode()
-	return u.String()
-}
-
-// AccountSASTokenOptions includes options for constructing
-// an account SAS token.
-// https://docs.microsoft.com/en-us/rest/api/storageservices/constructing-an-account-sas
-type AccountSASTokenOptions struct {
-	APIVersion    string
-	Services      Services
-	ResourceTypes ResourceTypes
-	Permissions   Permissions
-	Start         time.Time
-	Expiry        time.Time
-	IP            string
-	UseHTTPS      bool
-}
-
-// Services specify services accessible with an account SAS.
-type Services struct {
-	Blob  bool
-	Queue bool
-	Table bool
-	File  bool
-}
-
-// ResourceTypes specify the resources accesible with an
-// account SAS.
-type ResourceTypes struct {
-	Service   bool
-	Container bool
-	Object    bool
-}
-
-// Permissions specifies permissions for an accountSAS.
-type Permissions struct {
-	Read    bool
-	Write   bool
-	Delete  bool
-	List    bool
-	Add     bool
-	Create  bool
-	Update  bool
-	Process bool
-}
-
-// GetAccountSASToken creates an account SAS token
-// See https://docs.microsoft.com/en-us/rest/api/storageservices/constructing-an-account-sas
-func (c Client) GetAccountSASToken(options AccountSASTokenOptions) (url.Values, error) {
-	if options.APIVersion == "" {
-		options.APIVersion = c.apiVersion
-	}
-
-	if options.APIVersion < "2015-04-05" {
-		return url.Values{}, fmt.Errorf("account SAS does not support API versions prior to 2015-04-05. API version : %s", options.APIVersion)
-	}
-
-	// build services string
-	services := ""
-	if options.Services.Blob {
-		services += "b"
-	}
-	if options.Services.Queue {
-		services += "q"
-	}
-	if options.Services.Table {
-		services += "t"
-	}
-	if options.Services.File {
-		services += "f"
-	}
-
-	// build resources string
-	resources := ""
-	if options.ResourceTypes.Service {
-		resources += "s"
-	}
-	if options.ResourceTypes.Container {
-		resources += "c"
-	}
-	if options.ResourceTypes.Object {
-		resources += "o"
-	}
-
-	// build permissions string
-	permissions := ""
-	if options.Permissions.Read {
-		permissions += "r"
-	}
-	if options.Permissions.Write {
-		permissions += "w"
-	}
-	if options.Permissions.Delete {
-		permissions += "d"
-	}
-	if options.Permissions.List {
-		permissions += "l"
-	}
-	if options.Permissions.Add {
-		permissions += "a"
-	}
-	if options.Permissions.Create {
-		permissions += "c"
-	}
-	if options.Permissions.Update {
-		permissions += "u"
-	}
-	if options.Permissions.Process {
-		permissions += "p"
-	}
-
-	// build start time, if exists
-	start := ""
-	if options.Start != (time.Time{}) {
-		start = options.Start.UTC().Format(time.RFC3339)
-	}
-
-	// build expiry time
-	expiry := options.Expiry.UTC().Format(time.RFC3339)
-
-	protocol := "https,http"
-	if options.UseHTTPS {
-		protocol = "https"
-	}
-
-	stringToSign := strings.Join([]string{
-		c.accountName,
-		permissions,
-		services,
-		resources,
-		start,
-		expiry,
-		options.IP,
-		protocol,
-		options.APIVersion,
-		"",
-	}, "\n")
-	signature := c.computeHmac256(stringToSign)
-
-	sasParams := url.Values{
-		"sv":  {options.APIVersion},
-		"ss":  {services},
-		"srt": {resources},
-		"sp":  {permissions},
-		"se":  {expiry},
-		"spr": {protocol},
-		"sig": {signature},
-	}
-	if start != "" {
-		sasParams.Add("st", start)
-	}
-	if options.IP != "" {
-		sasParams.Add("sip", options.IP)
-	}
-
-	return sasParams, nil
-}
-
-// GetBlobService returns a BlobStorageClient which can operate on the blob
-// service of the storage account.
-func (c Client) GetBlobService() BlobStorageClient {
-	b := BlobStorageClient{
-		client: c,
-	}
-	b.client.AddToUserAgent(blobServiceName)
-	b.auth = sharedKey
-	if c.UseSharedKeyLite {
-		b.auth = sharedKeyLite
-	}
-	return b
-}
-
-// GetQueueService returns a QueueServiceClient which can operate on the queue
-// service of the storage account.
-func (c Client) GetQueueService() QueueServiceClient {
-	q := QueueServiceClient{
-		client: c,
-	}
-	q.client.AddToUserAgent(queueServiceName)
-	q.auth = sharedKey
-	if c.UseSharedKeyLite {
-		q.auth = sharedKeyLite
-	}
-	return q
-}
-
-// GetTableService returns a TableServiceClient which can operate on the table
-// service of the storage account.
-func (c Client) GetTableService() TableServiceClient {
-	t := TableServiceClient{
-		client: c,
-	}
-	t.client.AddToUserAgent(tableServiceName)
-	t.auth = sharedKeyForTable
-	if c.UseSharedKeyLite {
-		t.auth = sharedKeyLiteForTable
-	}
-	return t
-}
-
-// GetFileService returns a FileServiceClient which can operate on the file
-// service of the storage account.
-func (c Client) GetFileService() FileServiceClient {
-	f := FileServiceClient{
-		client: c,
-	}
-	f.client.AddToUserAgent(fileServiceName)
-	f.auth = sharedKey
-	if c.UseSharedKeyLite {
-		f.auth = sharedKeyLite
-	}
-	return f
-}
-
-func (c Client) getStandardHeaders() map[string]string {
-	headers := map[string]string{}
-	for k, v := range c.additionalHeaders {
-		headers[k] = v
-	}
-
-	headers[userAgentHeader] = c.userAgent
-	headers["x-ms-version"] = c.apiVersion
-	headers["x-ms-date"] = currentTimeRfc1123Formatted()
-
-	return headers
-}
-
-func (c Client) exec(verb, url string, headers map[string]string, body io.Reader, auth authentication) (*http.Response, error) {
-	headers, err := c.addAuthorizationHeader(verb, url, headers, auth)
-	if err != nil {
-		return nil, err
-	}
-
-	req, err := http.NewRequest(verb, url, body)
-	if err != nil {
-		return nil, errors.New("azure/storage: error creating request: " + err.Error())
-	}
-
-	// http.NewRequest() will automatically set req.ContentLength for a handful of types
-	// otherwise we will handle here.
-	if req.ContentLength < 1 {
-		if clstr, ok := headers["Content-Length"]; ok {
-			if cl, err := strconv.ParseInt(clstr, 10, 64); err == nil {
-				req.ContentLength = cl
-			}
-		}
-	}
-
-	for k, v := range headers {
-		req.Header[k] = append(req.Header[k], v) // Must bypass case munging present in `Add` by using map functions directly. See https://github.com/Azure/azure-sdk-for-go/issues/645
-	}
-
-	if c.isAccountSASClient() {
-		// append the SAS token to the query params
-		v := req.URL.Query()
-		v = mergeParams(v, c.accountSASToken)
-		req.URL.RawQuery = v.Encode()
-	}
-
-	resp, err := c.Sender.Send(&c, req)
-	if err != nil {
-		return nil, err
-	}
-
-	if resp.StatusCode >= 400 && resp.StatusCode <= 505 {
-		return resp, getErrorFromResponse(resp)
-	}
-
-	return resp, nil
-}
-
-func (c Client) execInternalJSONCommon(verb, url string, headers map[string]string, body io.Reader, auth authentication) (*odataResponse, *http.Request, *http.Response, error) {
-	headers, err := c.addAuthorizationHeader(verb, url, headers, auth)
-	if err != nil {
-		return nil, nil, nil, err
-	}
-
-	req, err := http.NewRequest(verb, url, body)
-	for k, v := range headers {
-		req.Header.Add(k, v)
-	}
-
-	resp, err := c.Sender.Send(&c, req)
-	if err != nil {
-		return nil, nil, nil, err
-	}
-
-	respToRet := &odataResponse{resp: resp}
-
-	statusCode := resp.StatusCode
-	if statusCode >= 400 && statusCode <= 505 {
-		var respBody []byte
-		respBody, err = readAndCloseBody(resp.Body)
-		if err != nil {
-			return nil, nil, nil, err
-		}
-
-		requestID, date, version := getDebugHeaders(resp.Header)
-		if len(respBody) == 0 {
-			// no error in response body, might happen in HEAD requests
-			err = serviceErrFromStatusCode(resp.StatusCode, resp.Status, requestID, date, version)
-			return respToRet, req, resp, err
-		}
-		// response contains storage service error object, unmarshal
-		if resp.Header.Get("Content-Type") == "application/xml" {
-			storageErr := AzureTablesServiceError{
-				StatusCode: resp.StatusCode,
-				RequestID:  requestID,
-				Date:       date,
-				APIVersion: version,
-			}
-			if err := xml.Unmarshal(respBody, &storageErr); err != nil {
-				storageErr.Message = fmt.Sprintf("Response body could no be unmarshaled: %v. Body: %v.", err, string(respBody))
-			}
-			err = storageErr
-		} else {
-			err = json.Unmarshal(respBody, &respToRet.odata)
-		}
-	}
-
-	return respToRet, req, resp, err
-}
-
-func (c Client) execInternalJSON(verb, url string, headers map[string]string, body io.Reader, auth authentication) (*odataResponse, error) {
-	respToRet, _, _, err := c.execInternalJSONCommon(verb, url, headers, body, auth)
-	return respToRet, err
-}
-
-func (c Client) execBatchOperationJSON(verb, url string, headers map[string]string, body io.Reader, auth authentication) (*odataResponse, error) {
-	// execute common query, get back generated request, response etc... for more processing.
-	respToRet, req, resp, err := c.execInternalJSONCommon(verb, url, headers, body, auth)
-	if err != nil {
-		return nil, err
-	}
-
-	// return the OData in the case of executing batch commands.
-	// In this case we need to read the outer batch boundary and contents.
-	// Then we read the changeset information within the batch
-	var respBody []byte
-	respBody, err = readAndCloseBody(resp.Body)
-	if err != nil {
-		return nil, err
-	}
-
-	// outer multipart body
-	_, batchHeader, err := mime.ParseMediaType(resp.Header["Content-Type"][0])
-	if err != nil {
-		return nil, err
-	}
-
-	// batch details.
-	batchBoundary := batchHeader["boundary"]
-	batchPartBuf, changesetBoundary, err := genBatchReader(batchBoundary, respBody)
-	if err != nil {
-		return nil, err
-	}
-
-	// changeset details.
-	err = genChangesetReader(req, respToRet, batchPartBuf, changesetBoundary)
-	if err != nil {
-		return nil, err
-	}
-
-	return respToRet, nil
-}
-
-func genChangesetReader(req *http.Request, respToRet *odataResponse, batchPartBuf io.Reader, changesetBoundary string) error {
-	changesetMultiReader := multipart.NewReader(batchPartBuf, changesetBoundary)
-	changesetPart, err := changesetMultiReader.NextPart()
-	if err != nil {
-		return err
-	}
-
-	changesetPartBufioReader := bufio.NewReader(changesetPart)
-	changesetResp, err := http.ReadResponse(changesetPartBufioReader, req)
-	if err != nil {
-		return err
-	}
-
-	if changesetResp.StatusCode != http.StatusNoContent {
-		changesetBody, err := readAndCloseBody(changesetResp.Body)
-		err = json.Unmarshal(changesetBody, &respToRet.odata)
-		if err != nil {
-			return err
-		}
-		respToRet.resp = changesetResp
-	}
-
-	return nil
-}
-
-func genBatchReader(batchBoundary string, respBody []byte) (io.Reader, string, error) {
-	respBodyString := string(respBody)
-	respBodyReader := strings.NewReader(respBodyString)
-
-	// reading batchresponse
-	batchMultiReader := multipart.NewReader(respBodyReader, batchBoundary)
-	batchPart, err := batchMultiReader.NextPart()
-	if err != nil {
-		return nil, "", err
-	}
-	batchPartBufioReader := bufio.NewReader(batchPart)
-
-	_, changesetHeader, err := mime.ParseMediaType(batchPart.Header.Get("Content-Type"))
-	if err != nil {
-		return nil, "", err
-	}
-	changesetBoundary := changesetHeader["boundary"]
-	return batchPartBufioReader, changesetBoundary, nil
-}
-
-func readAndCloseBody(body io.ReadCloser) ([]byte, error) {
-	defer body.Close()
-	out, err := ioutil.ReadAll(body)
-	if err == io.EOF {
-		err = nil
-	}
-	return out, err
-}
-
-// reads the response body then closes it
-func drainRespBody(resp *http.Response) {
-	if resp != nil {
-		io.Copy(ioutil.Discard, resp.Body)
-		resp.Body.Close()
-	}
-}
-
-func serviceErrFromXML(body []byte, storageErr *AzureStorageServiceError) error {
-	if err := xml.Unmarshal(body, storageErr); err != nil {
-		storageErr.Message = fmt.Sprintf("Response body could no be unmarshaled: %v. Body: %v.", err, string(body))
-		return err
-	}
-	return nil
-}
-
-func serviceErrFromJSON(body []byte, storageErr *AzureStorageServiceError) error {
-	odataError := odataErrorWrapper{}
-	if err := json.Unmarshal(body, &odataError); err != nil {
-		storageErr.Message = fmt.Sprintf("Response body could no be unmarshaled: %v. Body: %v.", err, string(body))
-		return err
-	}
-	storageErr.Code = odataError.Err.Code
-	storageErr.Message = odataError.Err.Message.Value
-	storageErr.Lang = odataError.Err.Message.Lang
-	return nil
-}
-
-func serviceErrFromStatusCode(code int, status string, requestID, date, version string) AzureStorageServiceError {
-	return AzureStorageServiceError{
-		StatusCode: code,
-		Code:       status,
-		RequestID:  requestID,
-		Date:       date,
-		APIVersion: version,
-		Message:    "no response body was available for error status code",
-	}
-}
-
-func (e AzureStorageServiceError) Error() string {
-	return fmt.Sprintf("storage: service returned error: StatusCode=%d, ErrorCode=%s, ErrorMessage=%s, RequestInitiated=%s, RequestId=%s, API Version=%s, QueryParameterName=%s, QueryParameterValue=%s",
-		e.StatusCode, e.Code, e.Message, e.Date, e.RequestID, e.APIVersion, e.QueryParameterName, e.QueryParameterValue)
-}
-
-// checkRespCode returns UnexpectedStatusError if the given response code is not
-// one of the allowed status codes; otherwise nil.
-func checkRespCode(resp *http.Response, allowed []int) error {
-	for _, v := range allowed {
-		if resp.StatusCode == v {
-			return nil
-		}
-	}
-	err := getErrorFromResponse(resp)
-	return UnexpectedStatusCodeError{
-		allowed: allowed,
-		got:     resp.StatusCode,
-		inner:   err,
-	}
-}
-
-func (c Client) addMetadataToHeaders(h map[string]string, metadata map[string]string) map[string]string {
-	metadata = c.protectUserAgent(metadata)
-	for k, v := range metadata {
-		h[userDefinedMetadataHeaderPrefix+k] = v
-	}
-	return h
-}
-
-func getDebugHeaders(h http.Header) (requestID, date, version string) {
-	requestID = h.Get("x-ms-request-id")
-	version = h.Get("x-ms-version")
-	date = h.Get("Date")
-	return
-}
-
-func getErrorFromResponse(resp *http.Response) error {
-	respBody, err := readAndCloseBody(resp.Body)
-	if err != nil {
-		return err
-	}
-
-	requestID, date, version := getDebugHeaders(resp.Header)
-	if len(respBody) == 0 {
-		// no error in response body, might happen in HEAD requests
-		err = serviceErrFromStatusCode(resp.StatusCode, resp.Status, requestID, date, version)
-	} else {
-		storageErr := AzureStorageServiceError{
-			StatusCode: resp.StatusCode,
-			RequestID:  requestID,
-			Date:       date,
-			APIVersion: version,
-		}
-		// response contains storage service error object, unmarshal
-		if resp.Header.Get("Content-Type") == "application/xml" {
-			errIn := serviceErrFromXML(respBody, &storageErr)
-			if err != nil { // error unmarshaling the error response
-				err = errIn
-			}
-		} else {
-			errIn := serviceErrFromJSON(respBody, &storageErr)
-			if err != nil { // error unmarshaling the error response
-				err = errIn
-			}
-		}
-		err = storageErr
-	}
-	return err
-}
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/storage/commonsasuri.go b/vendor/github.com/Azure/azure-sdk-for-go/storage/commonsasuri.go
deleted file mode 100644
index a203fce8d..000000000
--- a/vendor/github.com/Azure/azure-sdk-for-go/storage/commonsasuri.go
+++ /dev/null
@@ -1,27 +0,0 @@
-package storage
-
-// Copyright (c) Microsoft Corporation. All rights reserved.
-// Licensed under the MIT License. See License.txt in the project root for license information.
-
-import (
-	"net/url"
-	"time"
-)
-
-// SASOptions includes options used by SAS URIs for different
-// services and resources.
-type SASOptions struct {
-	APIVersion string
-	Start      time.Time
-	Expiry     time.Time
-	IP         string
-	UseHTTPS   bool
-	Identifier string
-}
-
-func addQueryParameter(query url.Values, key, value string) url.Values {
-	if value != "" {
-		query.Add(key, value)
-	}
-	return query
-}
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/storage/container.go b/vendor/github.com/Azure/azure-sdk-for-go/storage/container.go
deleted file mode 100644
index ae2862c86..000000000
--- a/vendor/github.com/Azure/azure-sdk-for-go/storage/container.go
+++ /dev/null
@@ -1,629 +0,0 @@
-package storage
-
-// Copyright (c) Microsoft Corporation. All rights reserved.
-// Licensed under the MIT License. See License.txt in the project root for license information.
-
-import (
-	"encoding/xml"
-	"fmt"
-	"io"
-	"net/http"
-	"net/url"
-	"strconv"
-	"strings"
-	"time"
-)
-
-// Container represents an Azure container.
-type Container struct {
-	bsc        *BlobStorageClient
-	Name       string              `xml:"Name"`
-	Properties ContainerProperties `xml:"Properties"`
-	Metadata   map[string]string
-	sasuri     url.URL
-}
-
-// Client returns the HTTP client used by the Container reference.
-func (c *Container) Client() *Client {
-	return &c.bsc.client
-}
-
-func (c *Container) buildPath() string {
-	return fmt.Sprintf("/%s", c.Name)
-}
-
-// GetURL gets the canonical URL to the container.
-// This method does not create a publicly accessible URL if the container
-// is private and this method does not check if the blob exists.
-func (c *Container) GetURL() string {
-	container := c.Name
-	if container == "" {
-		container = "$root"
-	}
-	return c.bsc.client.getEndpoint(blobServiceName, pathForResource(container, ""), nil)
-}
-
-// ContainerSASOptions are options to construct a container SAS
-// URI.
-// See https://docs.microsoft.com/en-us/rest/api/storageservices/constructing-a-service-sas
-type ContainerSASOptions struct {
-	ContainerSASPermissions
-	OverrideHeaders
-	SASOptions
-}
-
-// ContainerSASPermissions includes the available permissions for
-// a container SAS URI.
-type ContainerSASPermissions struct {
-	BlobServiceSASPermissions
-	List bool
-}
-
-// GetSASURI creates an URL to the container which contains the Shared
-// Access Signature with the specified options.
-//
-// See https://docs.microsoft.com/en-us/rest/api/storageservices/constructing-a-service-sas
-func (c *Container) GetSASURI(options ContainerSASOptions) (string, error) {
-	uri := c.GetURL()
-	signedResource := "c"
-	canonicalizedResource, err := c.bsc.client.buildCanonicalizedResource(uri, c.bsc.auth, true)
-	if err != nil {
-		return "", err
-	}
-
-	// build permissions string
-	permissions := options.BlobServiceSASPermissions.buildString()
-	if options.List {
-		permissions += "l"
-	}
-
-	return c.bsc.client.blobAndFileSASURI(options.SASOptions, uri, permissions, canonicalizedResource, signedResource, options.OverrideHeaders)
-}
-
-// ContainerProperties contains various properties of a container returned from
-// various endpoints like ListContainers.
-type ContainerProperties struct {
-	LastModified  string              `xml:"Last-Modified"`
-	Etag          string              `xml:"Etag"`
-	LeaseStatus   string              `xml:"LeaseStatus"`
-	LeaseState    string              `xml:"LeaseState"`
-	LeaseDuration string              `xml:"LeaseDuration"`
-	PublicAccess  ContainerAccessType `xml:"PublicAccess"`
-}
-
-// ContainerListResponse contains the response fields from
-// ListContainers call.
-//
-// See https://msdn.microsoft.com/en-us/library/azure/dd179352.aspx
-type ContainerListResponse struct {
-	XMLName    xml.Name    `xml:"EnumerationResults"`
-	Xmlns      string      `xml:"xmlns,attr"`
-	Prefix     string      `xml:"Prefix"`
-	Marker     string      `xml:"Marker"`
-	NextMarker string      `xml:"NextMarker"`
-	MaxResults int64       `xml:"MaxResults"`
-	Containers []Container `xml:"Containers>Container"`
-}
-
-// BlobListResponse contains the response fields from ListBlobs call.
-//
-// See https://msdn.microsoft.com/en-us/library/azure/dd135734.aspx
-type BlobListResponse struct {
-	XMLName    xml.Name `xml:"EnumerationResults"`
-	Xmlns      string   `xml:"xmlns,attr"`
-	Prefix     string   `xml:"Prefix"`
-	Marker     string   `xml:"Marker"`
-	NextMarker string   `xml:"NextMarker"`
-	MaxResults int64    `xml:"MaxResults"`
-	Blobs      []Blob   `xml:"Blobs>Blob"`
-
-	// BlobPrefix is used to traverse blobs as if it were a file system.
-	// It is returned if ListBlobsParameters.Delimiter is specified.
-	// The list here can be thought of as "folders" that may contain
-	// other folders or blobs.
-	BlobPrefixes []string `xml:"Blobs>BlobPrefix>Name"`
-
-	// Delimiter is used to traverse blobs as if it were a file system.
-	// It is returned if ListBlobsParameters.Delimiter is specified.
-	Delimiter string `xml:"Delimiter"`
-}
-
-// IncludeBlobDataset has options to include in a list blobs operation
-type IncludeBlobDataset struct {
-	Snapshots        bool
-	Metadata         bool
-	UncommittedBlobs bool
-	Copy             bool
-}
-
-// ListBlobsParameters defines the set of customizable
-// parameters to make a List Blobs call.
-//
-// See https://msdn.microsoft.com/en-us/library/azure/dd135734.aspx
-type ListBlobsParameters struct {
-	Prefix     string
-	Delimiter  string
-	Marker     string
-	Include    *IncludeBlobDataset
-	MaxResults uint
-	Timeout    uint
-	RequestID  string
-}
-
-func (p ListBlobsParameters) getParameters() url.Values {
-	out := url.Values{}
-
-	if p.Prefix != "" {
-		out.Set("prefix", p.Prefix)
-	}
-	if p.Delimiter != "" {
-		out.Set("delimiter", p.Delimiter)
-	}
-	if p.Marker != "" {
-		out.Set("marker", p.Marker)
-	}
-	if p.Include != nil {
-		include := []string{}
-		include = addString(include, p.Include.Snapshots, "snapshots")
-		include = addString(include, p.Include.Metadata, "metadata")
-		include = addString(include, p.Include.UncommittedBlobs, "uncommittedblobs")
-		include = addString(include, p.Include.Copy, "copy")
-		fullInclude := strings.Join(include, ",")
-		out.Set("include", fullInclude)
-	}
-	if p.MaxResults != 0 {
-		out.Set("maxresults", strconv.FormatUint(uint64(p.MaxResults), 10))
-	}
-	if p.Timeout != 0 {
-		out.Set("timeout", strconv.FormatUint(uint64(p.Timeout), 10))
-	}
-
-	return out
-}
-
-func addString(datasets []string, include bool, text string) []string {
-	if include {
-		datasets = append(datasets, text)
-	}
-	return datasets
-}
-
-// ContainerAccessType defines the access level to the container from a public
-// request.
-//
-// See https://msdn.microsoft.com/en-us/library/azure/dd179468.aspx and "x-ms-
-// blob-public-access" header.
-type ContainerAccessType string
-
-// Access options for containers
-const (
-	ContainerAccessTypePrivate   ContainerAccessType = ""
-	ContainerAccessTypeBlob      ContainerAccessType = "blob"
-	ContainerAccessTypeContainer ContainerAccessType = "container"
-)
-
-// ContainerAccessPolicy represents each access policy in the container ACL.
-type ContainerAccessPolicy struct {
-	ID         string
-	StartTime  time.Time
-	ExpiryTime time.Time
-	CanRead    bool
-	CanWrite   bool
-	CanDelete  bool
-}
-
-// ContainerPermissions represents the container ACLs.
-type ContainerPermissions struct {
-	AccessType     ContainerAccessType
-	AccessPolicies []ContainerAccessPolicy
-}
-
-// ContainerAccessHeader references header used when setting/getting container ACL
-const (
-	ContainerAccessHeader string = "x-ms-blob-public-access"
-)
-
-// GetBlobReference returns a Blob object for the specified blob name.
-func (c *Container) GetBlobReference(name string) *Blob {
-	return &Blob{
-		Container: c,
-		Name:      name,
-	}
-}
-
-// CreateContainerOptions includes the options for a create container operation
-type CreateContainerOptions struct {
-	Timeout   uint
-	Access    ContainerAccessType `header:"x-ms-blob-public-access"`
-	RequestID string              `header:"x-ms-client-request-id"`
-}
-
-// Create creates a blob container within the storage account
-// with given name and access level. Returns error if container already exists.
-//
-// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/Create-Container
-func (c *Container) Create(options *CreateContainerOptions) error {
-	resp, err := c.create(options)
-	if err != nil {
-		return err
-	}
-	defer drainRespBody(resp)
-	return checkRespCode(resp, []int{http.StatusCreated})
-}
-
-// CreateIfNotExists creates a blob container if it does not exist. Returns
-// true if container is newly created or false if container already exists.
-func (c *Container) CreateIfNotExists(options *CreateContainerOptions) (bool, error) {
-	resp, err := c.create(options)
-	if resp != nil {
-		defer drainRespBody(resp)
-		if resp.StatusCode == http.StatusCreated || resp.StatusCode == http.StatusConflict {
-			return resp.StatusCode == http.StatusCreated, nil
-		}
-	}
-	return false, err
-}
-
-func (c *Container) create(options *CreateContainerOptions) (*http.Response, error) {
-	query := url.Values{"restype": {"container"}}
-	headers := c.bsc.client.getStandardHeaders()
-	headers = c.bsc.client.addMetadataToHeaders(headers, c.Metadata)
-
-	if options != nil {
-		query = addTimeout(query, options.Timeout)
-		headers = mergeHeaders(headers, headersFromStruct(*options))
-	}
-	uri := c.bsc.client.getEndpoint(blobServiceName, c.buildPath(), query)
-
-	return c.bsc.client.exec(http.MethodPut, uri, headers, nil, c.bsc.auth)
-}
-
-// Exists returns true if a container with given name exists
-// on the storage account, otherwise returns false.
-func (c *Container) Exists() (bool, error) {
-	q := url.Values{"restype": {"container"}}
-	var uri string
-	if c.bsc.client.isServiceSASClient() {
-		q = mergeParams(q, c.sasuri.Query())
-		newURI := c.sasuri
-		newURI.RawQuery = q.Encode()
-		uri = newURI.String()
-
-	} else {
-		uri = c.bsc.client.getEndpoint(blobServiceName, c.buildPath(), q)
-	}
-	headers := c.bsc.client.getStandardHeaders()
-
-	resp, err := c.bsc.client.exec(http.MethodHead, uri, headers, nil, c.bsc.auth)
-	if resp != nil {
-		defer drainRespBody(resp)
-		if resp.StatusCode == http.StatusOK || resp.StatusCode == http.StatusNotFound {
-			return resp.StatusCode == http.StatusOK, nil
-		}
-	}
-	return false, err
-}
-
-// SetContainerPermissionOptions includes options for a set container permissions operation
-type SetContainerPermissionOptions struct {
-	Timeout           uint
-	LeaseID           string     `header:"x-ms-lease-id"`
-	IfModifiedSince   *time.Time `header:"If-Modified-Since"`
-	IfUnmodifiedSince *time.Time `header:"If-Unmodified-Since"`
-	RequestID         string     `header:"x-ms-client-request-id"`
-}
-
-// SetPermissions sets up container permissions
-// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/Set-Container-ACL
-func (c *Container) SetPermissions(permissions ContainerPermissions, options *SetContainerPermissionOptions) error {
-	body, length, err := generateContainerACLpayload(permissions.AccessPolicies)
-	if err != nil {
-		return err
-	}
-	params := url.Values{
-		"restype": {"container"},
-		"comp":    {"acl"},
-	}
-	headers := c.bsc.client.getStandardHeaders()
-	headers = addToHeaders(headers, ContainerAccessHeader, string(permissions.AccessType))
-	headers["Content-Length"] = strconv.Itoa(length)
-
-	if options != nil {
-		params = addTimeout(params, options.Timeout)
-		headers = mergeHeaders(headers, headersFromStruct(*options))
-	}
-	uri := c.bsc.client.getEndpoint(blobServiceName, c.buildPath(), params)
-
-	resp, err := c.bsc.client.exec(http.MethodPut, uri, headers, body, c.bsc.auth)
-	if err != nil {
-		return err
-	}
-	defer drainRespBody(resp)
-	return checkRespCode(resp, []int{http.StatusOK})
-}
-
-// GetContainerPermissionOptions includes options for a get container permissions operation
-type GetContainerPermissionOptions struct {
-	Timeout   uint
-	LeaseID   string `header:"x-ms-lease-id"`
-	RequestID string `header:"x-ms-client-request-id"`
-}
-
-// GetPermissions gets the container permissions as per https://msdn.microsoft.com/en-us/library/azure/dd179469.aspx
-// If timeout is 0 then it will not be passed to Azure
-// leaseID will only be passed to Azure if populated
-func (c *Container) GetPermissions(options *GetContainerPermissionOptions) (*ContainerPermissions, error) {
-	params := url.Values{
-		"restype": {"container"},
-		"comp":    {"acl"},
-	}
-	headers := c.bsc.client.getStandardHeaders()
-
-	if options != nil {
-		params = addTimeout(params, options.Timeout)
-		headers = mergeHeaders(headers, headersFromStruct(*options))
-	}
-	uri := c.bsc.client.getEndpoint(blobServiceName, c.buildPath(), params)
-
-	resp, err := c.bsc.client.exec(http.MethodGet, uri, headers, nil, c.bsc.auth)
-	if err != nil {
-		return nil, err
-	}
-	defer resp.Body.Close()
-
-	var ap AccessPolicy
-	err = xmlUnmarshal(resp.Body, &ap.SignedIdentifiersList)
-	if err != nil {
-		return nil, err
-	}
-	return buildAccessPolicy(ap, &resp.Header), nil
-}
-
-func buildAccessPolicy(ap AccessPolicy, headers *http.Header) *ContainerPermissions {
-	// containerAccess. Blob, Container, empty
-	containerAccess := headers.Get(http.CanonicalHeaderKey(ContainerAccessHeader))
-	permissions := ContainerPermissions{
-		AccessType:     ContainerAccessType(containerAccess),
-		AccessPolicies: []ContainerAccessPolicy{},
-	}
-
-	for _, policy := range ap.SignedIdentifiersList.SignedIdentifiers {
-		capd := ContainerAccessPolicy{
-			ID:         policy.ID,
-			StartTime:  policy.AccessPolicy.StartTime,
-			ExpiryTime: policy.AccessPolicy.ExpiryTime,
-		}
-		capd.CanRead = updatePermissions(policy.AccessPolicy.Permission, "r")
-		capd.CanWrite = updatePermissions(policy.AccessPolicy.Permission, "w")
-		capd.CanDelete = updatePermissions(policy.AccessPolicy.Permission, "d")
-
-		permissions.AccessPolicies = append(permissions.AccessPolicies, capd)
-	}
-	return &permissions
-}
-
-// DeleteContainerOptions includes options for a delete container operation
-type DeleteContainerOptions struct {
-	Timeout           uint
-	LeaseID           string     `header:"x-ms-lease-id"`
-	IfModifiedSince   *time.Time `header:"If-Modified-Since"`
-	IfUnmodifiedSince *time.Time `header:"If-Unmodified-Since"`
-	RequestID         string     `header:"x-ms-client-request-id"`
-}
-
-// Delete deletes the container with given name on the storage
-// account. If the container does not exist returns error.
-//
-// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/delete-container
-func (c *Container) Delete(options *DeleteContainerOptions) error {
-	resp, err := c.delete(options)
-	if err != nil {
-		return err
-	}
-	defer drainRespBody(resp)
-	return checkRespCode(resp, []int{http.StatusAccepted})
-}
-
-// DeleteIfExists deletes the container with given name on the storage
-// account if it exists. Returns true if container is deleted with this call, or
-// false if the container did not exist at the time of the Delete Container
-// operation.
-//
-// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/delete-container
-func (c *Container) DeleteIfExists(options *DeleteContainerOptions) (bool, error) {
-	resp, err := c.delete(options)
-	if resp != nil {
-		defer drainRespBody(resp)
-		if resp.StatusCode == http.StatusAccepted || resp.StatusCode == http.StatusNotFound {
-			return resp.StatusCode == http.StatusAccepted, nil
-		}
-	}
-	return false, err
-}
-
-func (c *Container) delete(options *DeleteContainerOptions) (*http.Response, error) {
-	query := url.Values{"restype": {"container"}}
-	headers := c.bsc.client.getStandardHeaders()
-
-	if options != nil {
-		query = addTimeout(query, options.Timeout)
-		headers = mergeHeaders(headers, headersFromStruct(*options))
-	}
-	uri := c.bsc.client.getEndpoint(blobServiceName, c.buildPath(), query)
-
-	return c.bsc.client.exec(http.MethodDelete, uri, headers, nil, c.bsc.auth)
-}
-
-// ListBlobs returns an object that contains list of blobs in the container,
-// pagination token and other information in the response of List Blobs call.
-//
-// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/List-Blobs
-func (c *Container) ListBlobs(params ListBlobsParameters) (BlobListResponse, error) {
-	q := mergeParams(params.getParameters(), url.Values{
-		"restype": {"container"},
-		"comp":    {"list"},
-	})
-	var uri string
-	if c.bsc.client.isServiceSASClient() {
-		q = mergeParams(q, c.sasuri.Query())
-		newURI := c.sasuri
-		newURI.RawQuery = q.Encode()
-		uri = newURI.String()
-	} else {
-		uri = c.bsc.client.getEndpoint(blobServiceName, c.buildPath(), q)
-	}
-
-	headers := c.bsc.client.getStandardHeaders()
-	headers = addToHeaders(headers, "x-ms-client-request-id", params.RequestID)
-
-	var out BlobListResponse
-	resp, err := c.bsc.client.exec(http.MethodGet, uri, headers, nil, c.bsc.auth)
-	if err != nil {
-		return out, err
-	}
-	defer resp.Body.Close()
-
-	err = xmlUnmarshal(resp.Body, &out)
-	for i := range out.Blobs {
-		out.Blobs[i].Container = c
-	}
-	return out, err
-}
-
-// ContainerMetadataOptions includes options for container metadata operations
-type ContainerMetadataOptions struct {
-	Timeout   uint
-	LeaseID   string `header:"x-ms-lease-id"`
-	RequestID string `header:"x-ms-client-request-id"`
-}
-
-// SetMetadata replaces the metadata for the specified container.
-//
-// Some keys may be converted to Camel-Case before sending. All keys
-// are returned in lower case by GetBlobMetadata. HTTP header names
-// are case-insensitive so case munging should not matter to other
-// applications either.
-//
-// See https://docs.microsoft.com/en-us/rest/api/storageservices/set-container-metadata
-func (c *Container) SetMetadata(options *ContainerMetadataOptions) error {
-	params := url.Values{
-		"comp":    {"metadata"},
-		"restype": {"container"},
-	}
-	headers := c.bsc.client.getStandardHeaders()
-	headers = c.bsc.client.addMetadataToHeaders(headers, c.Metadata)
-
-	if options != nil {
-		params = addTimeout(params, options.Timeout)
-		headers = mergeHeaders(headers, headersFromStruct(*options))
-	}
-
-	uri := c.bsc.client.getEndpoint(blobServiceName, c.buildPath(), params)
-
-	resp, err := c.bsc.client.exec(http.MethodPut, uri, headers, nil, c.bsc.auth)
-	if err != nil {
-		return err
-	}
-	defer drainRespBody(resp)
-	return checkRespCode(resp, []int{http.StatusOK})
-}
-
-// GetMetadata returns all user-defined metadata for the specified container.
-//
-// All metadata keys will be returned in lower case. (HTTP header
-// names are case-insensitive.)
-//
-// See https://docs.microsoft.com/en-us/rest/api/storageservices/get-container-metadata
-func (c *Container) GetMetadata(options *ContainerMetadataOptions) error {
-	params := url.Values{
-		"comp":    {"metadata"},
-		"restype": {"container"},
-	}
-	headers := c.bsc.client.getStandardHeaders()
-
-	if options != nil {
-		params = addTimeout(params, options.Timeout)
-		headers = mergeHeaders(headers, headersFromStruct(*options))
-	}
-
-	uri := c.bsc.client.getEndpoint(blobServiceName, c.buildPath(), params)
-
-	resp, err := c.bsc.client.exec(http.MethodGet, uri, headers, nil, c.bsc.auth)
-	if err != nil {
-		return err
-	}
-	defer drainRespBody(resp)
-	if err := checkRespCode(resp, []int{http.StatusOK}); err != nil {
-		return err
-	}
-
-	c.writeMetadata(resp.Header)
-	return nil
-}
-
-func (c *Container) writeMetadata(h http.Header) {
-	c.Metadata = writeMetadata(h)
-}
-
-func generateContainerACLpayload(policies []ContainerAccessPolicy) (io.Reader, int, error) {
-	sil := SignedIdentifiers{
-		SignedIdentifiers: []SignedIdentifier{},
-	}
-	for _, capd := range policies {
-		permission := capd.generateContainerPermissions()
-		signedIdentifier := convertAccessPolicyToXMLStructs(capd.ID, capd.StartTime, capd.ExpiryTime, permission)
-		sil.SignedIdentifiers = append(sil.SignedIdentifiers, signedIdentifier)
-	}
-	return xmlMarshal(sil)
-}
-
-func (capd *ContainerAccessPolicy) generateContainerPermissions() (permissions string) {
-	// generate the permissions string (rwd).
-	// still want the end user API to have bool flags.
-	permissions = ""
-
-	if capd.CanRead {
-		permissions += "r"
-	}
-
-	if capd.CanWrite {
-		permissions += "w"
-	}
-
-	if capd.CanDelete {
-		permissions += "d"
-	}
-
-	return permissions
-}
-
-// GetProperties updated the properties of the container.
-//
-// See https://docs.microsoft.com/en-us/rest/api/storageservices/get-container-properties
-func (c *Container) GetProperties() error {
-	params := url.Values{
-		"restype": {"container"},
-	}
-	headers := c.bsc.client.getStandardHeaders()
-
-	uri := c.bsc.client.getEndpoint(blobServiceName, c.buildPath(), params)
-
-	resp, err := c.bsc.client.exec(http.MethodGet, uri, headers, nil, c.bsc.auth)
-	if err != nil {
-		return err
-	}
-	defer resp.Body.Close()
-	if err := checkRespCode(resp, []int{http.StatusOK}); err != nil {
-		return err
-	}
-
-	// update properties
-	c.Properties.Etag = resp.Header.Get(headerEtag)
-	c.Properties.LeaseStatus = resp.Header.Get("x-ms-lease-status")
-	c.Properties.LeaseState = resp.Header.Get("x-ms-lease-state")
-	c.Properties.LeaseDuration = resp.Header.Get("x-ms-lease-duration")
-	c.Properties.LastModified = resp.Header.Get("Last-Modified")
-	c.Properties.PublicAccess = ContainerAccessType(resp.Header.Get(ContainerAccessHeader))
-
-	return nil
-}
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/storage/copyblob.go b/vendor/github.com/Azure/azure-sdk-for-go/storage/copyblob.go
deleted file mode 100644
index 3696e804f..000000000
--- a/vendor/github.com/Azure/azure-sdk-for-go/storage/copyblob.go
+++ /dev/null
@@ -1,226 +0,0 @@
-package storage
-
-// Copyright (c) Microsoft Corporation. All rights reserved.
-// Licensed under the MIT License. See License.txt in the project root for license information.
-
-import (
-	"errors"
-	"fmt"
-	"net/http"
-	"net/url"
-	"strings"
-	"time"
-)
-
-const (
-	blobCopyStatusPending = "pending"
-	blobCopyStatusSuccess = "success"
-	blobCopyStatusAborted = "aborted"
-	blobCopyStatusFailed  = "failed"
-)
-
-// CopyOptions includes the options for a copy blob operation
-type CopyOptions struct {
-	Timeout   uint
-	Source    CopyOptionsConditions
-	Destiny   CopyOptionsConditions
-	RequestID string
-}
-
-// IncrementalCopyOptions includes the options for an incremental copy blob operation
-type IncrementalCopyOptions struct {
-	Timeout     uint
-	Destination IncrementalCopyOptionsConditions
-	RequestID   string
-}
-
-// CopyOptionsConditions includes some conditional options in a copy blob operation
-type CopyOptionsConditions struct {
-	LeaseID           string
-	IfModifiedSince   *time.Time
-	IfUnmodifiedSince *time.Time
-	IfMatch           string
-	IfNoneMatch       string
-}
-
-// IncrementalCopyOptionsConditions includes some conditional options in a copy blob operation
-type IncrementalCopyOptionsConditions struct {
-	IfModifiedSince   *time.Time
-	IfUnmodifiedSince *time.Time
-	IfMatch           string
-	IfNoneMatch       string
-}
-
-// Copy starts a blob copy operation and waits for the operation to
-// complete. sourceBlob parameter must be a canonical URL to the blob (can be
-// obtained using the GetURL method.) There is no SLA on blob copy and therefore
-// this helper method works faster on smaller files.
-//
-// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/Copy-Blob
-func (b *Blob) Copy(sourceBlob string, options *CopyOptions) error {
-	copyID, err := b.StartCopy(sourceBlob, options)
-	if err != nil {
-		return err
-	}
-
-	return b.WaitForCopy(copyID)
-}
-
-// StartCopy starts a blob copy operation.
-// sourceBlob parameter must be a canonical URL to the blob (can be
-// obtained using the GetURL method.)
-//
-// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/Copy-Blob
-func (b *Blob) StartCopy(sourceBlob string, options *CopyOptions) (string, error) {
-	params := url.Values{}
-	headers := b.Container.bsc.client.getStandardHeaders()
-	headers["x-ms-copy-source"] = sourceBlob
-	headers = b.Container.bsc.client.addMetadataToHeaders(headers, b.Metadata)
-
-	if options != nil {
-		params = addTimeout(params, options.Timeout)
-		headers = addToHeaders(headers, "x-ms-client-request-id", options.RequestID)
-		// source
-		headers = addToHeaders(headers, "x-ms-source-lease-id", options.Source.LeaseID)
-		headers = addTimeToHeaders(headers, "x-ms-source-if-modified-since", options.Source.IfModifiedSince)
-		headers = addTimeToHeaders(headers, "x-ms-source-if-unmodified-since", options.Source.IfUnmodifiedSince)
-		headers = addToHeaders(headers, "x-ms-source-if-match", options.Source.IfMatch)
-		headers = addToHeaders(headers, "x-ms-source-if-none-match", options.Source.IfNoneMatch)
-		//destiny
-		headers = addToHeaders(headers, "x-ms-lease-id", options.Destiny.LeaseID)
-		headers = addTimeToHeaders(headers, "x-ms-if-modified-since", options.Destiny.IfModifiedSince)
-		headers = addTimeToHeaders(headers, "x-ms-if-unmodified-since", options.Destiny.IfUnmodifiedSince)
-		headers = addToHeaders(headers, "x-ms-if-match", options.Destiny.IfMatch)
-		headers = addToHeaders(headers, "x-ms-if-none-match", options.Destiny.IfNoneMatch)
-	}
-	uri := b.Container.bsc.client.getEndpoint(blobServiceName, b.buildPath(), params)
-
-	resp, err := b.Container.bsc.client.exec(http.MethodPut, uri, headers, nil, b.Container.bsc.auth)
-	if err != nil {
-		return "", err
-	}
-	defer drainRespBody(resp)
-
-	if err := checkRespCode(resp, []int{http.StatusAccepted, http.StatusCreated}); err != nil {
-		return "", err
-	}
-
-	copyID := resp.Header.Get("x-ms-copy-id")
-	if copyID == "" {
-		return "", errors.New("Got empty copy id header")
-	}
-	return copyID, nil
-}
-
-// AbortCopyOptions includes the options for an abort blob operation
-type AbortCopyOptions struct {
-	Timeout   uint
-	LeaseID   string `header:"x-ms-lease-id"`
-	RequestID string `header:"x-ms-client-request-id"`
-}
-
-// AbortCopy aborts a BlobCopy which has already been triggered by the StartBlobCopy function.
-// copyID is generated from StartBlobCopy function.
-// currentLeaseID is required IF the destination blob has an active lease on it.
-// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/Abort-Copy-Blob
-func (b *Blob) AbortCopy(copyID string, options *AbortCopyOptions) error {
-	params := url.Values{
-		"comp":   {"copy"},
-		"copyid": {copyID},
-	}
-	headers := b.Container.bsc.client.getStandardHeaders()
-	headers["x-ms-copy-action"] = "abort"
-
-	if options != nil {
-		params = addTimeout(params, options.Timeout)
-		headers = mergeHeaders(headers, headersFromStruct(*options))
-	}
-	uri := b.Container.bsc.client.getEndpoint(blobServiceName, b.buildPath(), params)
-
-	resp, err := b.Container.bsc.client.exec(http.MethodPut, uri, headers, nil, b.Container.bsc.auth)
-	if err != nil {
-		return err
-	}
-	defer drainRespBody(resp)
-	return checkRespCode(resp, []int{http.StatusNoContent})
-}
-
-// WaitForCopy loops until a BlobCopy operation is completed (or fails with error)
-func (b *Blob) WaitForCopy(copyID string) error {
-	for {
-		err := b.GetProperties(nil)
-		if err != nil {
-			return err
-		}
-
-		if b.Properties.CopyID != copyID {
-			return errBlobCopyIDMismatch
-		}
-
-		switch b.Properties.CopyStatus {
-		case blobCopyStatusSuccess:
-			return nil
-		case blobCopyStatusPending:
-			continue
-		case blobCopyStatusAborted:
-			return errBlobCopyAborted
-		case blobCopyStatusFailed:
-			return fmt.Errorf("storage: blob copy failed. Id=%s Description=%s", b.Properties.CopyID, b.Properties.CopyStatusDescription)
-		default:
-			return fmt.Errorf("storage: unhandled blob copy status: '%s'", b.Properties.CopyStatus)
-		}
-	}
-}
-
-// IncrementalCopyBlob copies a snapshot of a source blob and copies to referring blob
-// sourceBlob parameter must be a valid snapshot URL of the original blob.
-// THe original blob mut be public, or use a Shared Access Signature.
-//
-// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/incremental-copy-blob .
-func (b *Blob) IncrementalCopyBlob(sourceBlobURL string, snapshotTime time.Time, options *IncrementalCopyOptions) (string, error) {
-	params := url.Values{"comp": {"incrementalcopy"}}
-
-	// need formatting to 7 decimal places so it's friendly to Windows and *nix
-	snapshotTimeFormatted := snapshotTime.Format("2006-01-02T15:04:05.0000000Z")
-	u, err := url.Parse(sourceBlobURL)
-	if err != nil {
-		return "", err
-	}
-	query := u.Query()
-	query.Add("snapshot", snapshotTimeFormatted)
-	encodedQuery := query.Encode()
-	encodedQuery = strings.Replace(encodedQuery, "%3A", ":", -1)
-	u.RawQuery = encodedQuery
-	snapshotURL := u.String()
-
-	headers := b.Container.bsc.client.getStandardHeaders()
-	headers["x-ms-copy-source"] = snapshotURL
-
-	if options != nil {
-		addTimeout(params, options.Timeout)
-		headers = addToHeaders(headers, "x-ms-client-request-id", options.RequestID)
-		headers = addTimeToHeaders(headers, "x-ms-if-modified-since", options.Destination.IfModifiedSince)
-		headers = addTimeToHeaders(headers, "x-ms-if-unmodified-since", options.Destination.IfUnmodifiedSince)
-		headers = addToHeaders(headers, "x-ms-if-match", options.Destination.IfMatch)
-		headers = addToHeaders(headers, "x-ms-if-none-match", options.Destination.IfNoneMatch)
-	}
-
-	// get URI of destination blob
-	uri := b.Container.bsc.client.getEndpoint(blobServiceName, b.buildPath(), params)
-
-	resp, err := b.Container.bsc.client.exec(http.MethodPut, uri, headers, nil, b.Container.bsc.auth)
-	if err != nil {
-		return "", err
-	}
-	defer drainRespBody(resp)
-
-	if err := checkRespCode(resp, []int{http.StatusAccepted}); err != nil {
-		return "", err
-	}
-
-	copyID := resp.Header.Get("x-ms-copy-id")
-	if copyID == "" {
-		return "", errors.New("Got empty copy id header")
-	}
-	return copyID, nil
-}
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/storage/directory.go b/vendor/github.com/Azure/azure-sdk-for-go/storage/directory.go
deleted file mode 100644
index 498e9837c..000000000
--- a/vendor/github.com/Azure/azure-sdk-for-go/storage/directory.go
+++ /dev/null
@@ -1,227 +0,0 @@
-package storage
-
-// Copyright (c) Microsoft Corporation. All rights reserved.
-// Licensed under the MIT License. See License.txt in the project root for license information.
-
-import (
-	"encoding/xml"
-	"net/http"
-	"net/url"
-	"sync"
-)
-
-// Directory represents a directory on a share.
-type Directory struct {
-	fsc        *FileServiceClient
-	Metadata   map[string]string
-	Name       string `xml:"Name"`
-	parent     *Directory
-	Properties DirectoryProperties
-	share      *Share
-}
-
-// DirectoryProperties contains various properties of a directory.
-type DirectoryProperties struct {
-	LastModified string `xml:"Last-Modified"`
-	Etag         string `xml:"Etag"`
-}
-
-// ListDirsAndFilesParameters defines the set of customizable parameters to
-// make a List Files and Directories call.
-//
-// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/List-Directories-and-Files
-type ListDirsAndFilesParameters struct {
-	Prefix     string
-	Marker     string
-	MaxResults uint
-	Timeout    uint
-}
-
-// DirsAndFilesListResponse contains the response fields from
-// a List Files and Directories call.
-//
-// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/List-Directories-and-Files
-type DirsAndFilesListResponse struct {
-	XMLName     xml.Name    `xml:"EnumerationResults"`
-	Xmlns       string      `xml:"xmlns,attr"`
-	Marker      string      `xml:"Marker"`
-	MaxResults  int64       `xml:"MaxResults"`
-	Directories []Directory `xml:"Entries>Directory"`
-	Files       []File      `xml:"Entries>File"`
-	NextMarker  string      `xml:"NextMarker"`
-}
-
-// builds the complete directory path for this directory object.
-func (d *Directory) buildPath() string {
-	path := ""
-	current := d
-	for current.Name != "" {
-		path = "/" + current.Name + path
-		current = current.parent
-	}
-	return d.share.buildPath() + path
-}
-
-// Create this directory in the associated share.
-// If a directory with the same name already exists, the operation fails.
-//
-// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/Create-Directory
-func (d *Directory) Create(options *FileRequestOptions) error {
-	// if this is the root directory exit early
-	if d.parent == nil {
-		return nil
-	}
-
-	params := prepareOptions(options)
-	headers, err := d.fsc.createResource(d.buildPath(), resourceDirectory, params, mergeMDIntoExtraHeaders(d.Metadata, nil), []int{http.StatusCreated})
-	if err != nil {
-		return err
-	}
-
-	d.updateEtagAndLastModified(headers)
-	return nil
-}
-
-// CreateIfNotExists creates this directory under the associated share if the
-// directory does not exist. Returns true if the directory is newly created or
-// false if the directory already exists.
-//
-// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/Create-Directory
-func (d *Directory) CreateIfNotExists(options *FileRequestOptions) (bool, error) {
-	// if this is the root directory exit early
-	if d.parent == nil {
-		return false, nil
-	}
-
-	params := prepareOptions(options)
-	resp, err := d.fsc.createResourceNoClose(d.buildPath(), resourceDirectory, params, nil)
-	if resp != nil {
-		defer drainRespBody(resp)
-		if resp.StatusCode == http.StatusCreated || resp.StatusCode == http.StatusConflict {
-			if resp.StatusCode == http.StatusCreated {
-				d.updateEtagAndLastModified(resp.Header)
-				return true, nil
-			}
-
-			return false, d.FetchAttributes(nil)
-		}
-	}
-
-	return false, err
-}
-
-// Delete removes this directory.  It must be empty in order to be deleted.
-// If the directory does not exist the operation fails.
-//
-// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/Delete-Directory
-func (d *Directory) Delete(options *FileRequestOptions) error {
-	return d.fsc.deleteResource(d.buildPath(), resourceDirectory, options)
-}
-
-// DeleteIfExists removes this directory if it exists.
-//
-// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/Delete-Directory
-func (d *Directory) DeleteIfExists(options *FileRequestOptions) (bool, error) {
-	resp, err := d.fsc.deleteResourceNoClose(d.buildPath(), resourceDirectory, options)
-	if resp != nil {
-		defer drainRespBody(resp)
-		if resp.StatusCode == http.StatusAccepted || resp.StatusCode == http.StatusNotFound {
-			return resp.StatusCode == http.StatusAccepted, nil
-		}
-	}
-	return false, err
-}
-
-// Exists returns true if this directory exists.
-func (d *Directory) Exists() (bool, error) {
-	exists, headers, err := d.fsc.resourceExists(d.buildPath(), resourceDirectory)
-	if exists {
-		d.updateEtagAndLastModified(headers)
-	}
-	return exists, err
-}
-
-// FetchAttributes retrieves metadata for this directory.
-//  See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/get-directory-properties
-func (d *Directory) FetchAttributes(options *FileRequestOptions) error {
-	params := prepareOptions(options)
-	headers, err := d.fsc.getResourceHeaders(d.buildPath(), compNone, resourceDirectory, params, http.MethodHead)
-	if err != nil {
-		return err
-	}
-
-	d.updateEtagAndLastModified(headers)
-	d.Metadata = getMetadataFromHeaders(headers)
-
-	return nil
-}
-
-// GetDirectoryReference returns a child Directory object for this directory.
-func (d *Directory) GetDirectoryReference(name string) *Directory {
-	return &Directory{
-		fsc:    d.fsc,
-		Name:   name,
-		parent: d,
-		share:  d.share,
-	}
-}
-
-// GetFileReference returns a child File object for this directory.
-func (d *Directory) GetFileReference(name string) *File {
-	return &File{
-		fsc:    d.fsc,
-		Name:   name,
-		parent: d,
-		share:  d.share,
-		mutex:  &sync.Mutex{},
-	}
-}
-
-// ListDirsAndFiles returns a list of files and directories under this directory.
-// It also contains a pagination token and other response details.
-//
-// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/List-Directories-and-Files
-func (d *Directory) ListDirsAndFiles(params ListDirsAndFilesParameters) (*DirsAndFilesListResponse, error) {
-	q := mergeParams(params.getParameters(), getURLInitValues(compList, resourceDirectory))
-
-	resp, err := d.fsc.listContent(d.buildPath(), q, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	defer resp.Body.Close()
-	var out DirsAndFilesListResponse
-	err = xmlUnmarshal(resp.Body, &out)
-	return &out, err
-}
-
-// SetMetadata replaces the metadata for this directory.
-//
-// Some keys may be converted to Camel-Case before sending. All keys
-// are returned in lower case by GetDirectoryMetadata. HTTP header names
-// are case-insensitive so case munging should not matter to other
-// applications either.
-//
-// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/Set-Directory-Metadata
-func (d *Directory) SetMetadata(options *FileRequestOptions) error {
-	headers, err := d.fsc.setResourceHeaders(d.buildPath(), compMetadata, resourceDirectory, mergeMDIntoExtraHeaders(d.Metadata, nil), options)
-	if err != nil {
-		return err
-	}
-
-	d.updateEtagAndLastModified(headers)
-	return nil
-}
-
-// updates Etag and last modified date
-func (d *Directory) updateEtagAndLastModified(headers http.Header) {
-	d.Properties.Etag = headers.Get("Etag")
-	d.Properties.LastModified = headers.Get("Last-Modified")
-}
-
-// URL gets the canonical URL to this directory.
-// This method does not create a publicly accessible URL if the directory
-// is private and this method does not check if the directory exists.
-func (d *Directory) URL() string {
-	return d.fsc.client.getEndpoint(fileServiceName, d.buildPath(), url.Values{})
-}
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/storage/entity.go b/vendor/github.com/Azure/azure-sdk-for-go/storage/entity.go
deleted file mode 100644
index 9ef63c8dd..000000000
--- a/vendor/github.com/Azure/azure-sdk-for-go/storage/entity.go
+++ /dev/null
@@ -1,455 +0,0 @@
-package storage
-
-// Copyright (c) Microsoft Corporation. All rights reserved.
-// Licensed under the MIT License. See License.txt in the project root for license information.
-
-import (
-	"bytes"
-	"encoding/base64"
-	"encoding/json"
-	"errors"
-	"fmt"
-	"io/ioutil"
-	"net/http"
-	"net/url"
-	"strconv"
-	"strings"
-	"time"
-
-	"github.com/gofrs/uuid"
-)
-
-// Annotating as secure for gas scanning
-/* #nosec */
-const (
-	partitionKeyNode  = "PartitionKey"
-	rowKeyNode        = "RowKey"
-	etagErrorTemplate = "Etag didn't match: %v"
-)
-
-var (
-	errEmptyPayload      = errors.New("Empty payload is not a valid metadata level for this operation")
-	errNilPreviousResult = errors.New("The previous results page is nil")
-	errNilNextLink       = errors.New("There are no more pages in this query results")
-)
-
-// Entity represents an entity inside an Azure table.
-type Entity struct {
-	Table         *Table
-	PartitionKey  string
-	RowKey        string
-	TimeStamp     time.Time
-	OdataMetadata string
-	OdataType     string
-	OdataID       string
-	OdataEtag     string
-	OdataEditLink string
-	Properties    map[string]interface{}
-}
-
-// GetEntityReference returns an Entity object with the specified
-// partition key and row key.
-func (t *Table) GetEntityReference(partitionKey, rowKey string) *Entity {
-	return &Entity{
-		PartitionKey: partitionKey,
-		RowKey:       rowKey,
-		Table:        t,
-	}
-}
-
-// EntityOptions includes options for entity operations.
-type EntityOptions struct {
-	Timeout   uint
-	RequestID string `header:"x-ms-client-request-id"`
-}
-
-// GetEntityOptions includes options for a get entity operation
-type GetEntityOptions struct {
-	Select    []string
-	RequestID string `header:"x-ms-client-request-id"`
-}
-
-// Get gets the referenced entity. Which properties to get can be
-// specified using the select option.
-// See:
-// https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/query-entities
-// https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/querying-tables-and-entities
-func (e *Entity) Get(timeout uint, ml MetadataLevel, options *GetEntityOptions) error {
-	if ml == EmptyPayload {
-		return errEmptyPayload
-	}
-	// RowKey and PartitionKey could be lost if not included in the query
-	// As those are the entity identifiers, it is best if they are not lost
-	rk := e.RowKey
-	pk := e.PartitionKey
-
-	query := url.Values{
-		"timeout": {strconv.FormatUint(uint64(timeout), 10)},
-	}
-	headers := e.Table.tsc.client.getStandardHeaders()
-	headers[headerAccept] = string(ml)
-
-	if options != nil {
-		if len(options.Select) > 0 {
-			query.Add("$select", strings.Join(options.Select, ","))
-		}
-		headers = mergeHeaders(headers, headersFromStruct(*options))
-	}
-
-	uri := e.Table.tsc.client.getEndpoint(tableServiceName, e.buildPath(), query)
-	resp, err := e.Table.tsc.client.exec(http.MethodGet, uri, headers, nil, e.Table.tsc.auth)
-	if err != nil {
-		return err
-	}
-	defer drainRespBody(resp)
-
-	if err = checkRespCode(resp, []int{http.StatusOK}); err != nil {
-		return err
-	}
-
-	respBody, err := ioutil.ReadAll(resp.Body)
-	if err != nil {
-		return err
-	}
-	err = json.Unmarshal(respBody, e)
-	if err != nil {
-		return err
-	}
-	e.PartitionKey = pk
-	e.RowKey = rk
-
-	return nil
-}
-
-// Insert inserts the referenced entity in its table.
-// The function fails if there is an entity with the same
-// PartitionKey and RowKey in the table.
-// ml determines the level of detail of metadata in the operation response,
-// or no data at all.
-// See: https://docs.microsoft.com/rest/api/storageservices/fileservices/insert-entity
-func (e *Entity) Insert(ml MetadataLevel, options *EntityOptions) error {
-	query, headers := options.getParameters()
-	headers = mergeHeaders(headers, e.Table.tsc.client.getStandardHeaders())
-
-	body, err := json.Marshal(e)
-	if err != nil {
-		return err
-	}
-	headers = addBodyRelatedHeaders(headers, len(body))
-	headers = addReturnContentHeaders(headers, ml)
-
-	uri := e.Table.tsc.client.getEndpoint(tableServiceName, e.Table.buildPath(), query)
-	resp, err := e.Table.tsc.client.exec(http.MethodPost, uri, headers, bytes.NewReader(body), e.Table.tsc.auth)
-	if err != nil {
-		return err
-	}
-	defer drainRespBody(resp)
-
-	if ml != EmptyPayload {
-		if err = checkRespCode(resp, []int{http.StatusCreated}); err != nil {
-			return err
-		}
-		data, err := ioutil.ReadAll(resp.Body)
-		if err != nil {
-			return err
-		}
-		if err = e.UnmarshalJSON(data); err != nil {
-			return err
-		}
-	} else {
-		if err = checkRespCode(resp, []int{http.StatusNoContent}); err != nil {
-			return err
-		}
-	}
-
-	return nil
-}
-
-// Update updates the contents of an entity. The function fails if there is no entity
-// with the same PartitionKey and RowKey in the table or if the ETag is different
-// than the one in Azure.
-// See: https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/update-entity2
-func (e *Entity) Update(force bool, options *EntityOptions) error {
-	return e.updateMerge(force, http.MethodPut, options)
-}
-
-// Merge merges the contents of entity specified with PartitionKey and RowKey
-// with the content specified in Properties.
-// The function fails if there is no entity with the same PartitionKey and
-// RowKey in the table or if the ETag is different than the one in Azure.
-// Read more: https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/merge-entity
-func (e *Entity) Merge(force bool, options *EntityOptions) error {
-	return e.updateMerge(force, "MERGE", options)
-}
-
-// Delete deletes the entity.
-// The function fails if there is no entity with the same PartitionKey and
-// RowKey in the table or if the ETag is different than the one in Azure.
-// See: https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/delete-entity1
-func (e *Entity) Delete(force bool, options *EntityOptions) error {
-	query, headers := options.getParameters()
-	headers = mergeHeaders(headers, e.Table.tsc.client.getStandardHeaders())
-
-	headers = addIfMatchHeader(headers, force, e.OdataEtag)
-	headers = addReturnContentHeaders(headers, EmptyPayload)
-
-	uri := e.Table.tsc.client.getEndpoint(tableServiceName, e.buildPath(), query)
-	resp, err := e.Table.tsc.client.exec(http.MethodDelete, uri, headers, nil, e.Table.tsc.auth)
-	if err != nil {
-		if resp != nil && resp.StatusCode == http.StatusPreconditionFailed {
-			return fmt.Errorf(etagErrorTemplate, err)
-		}
-		return err
-	}
-	defer drainRespBody(resp)
-
-	if err = checkRespCode(resp, []int{http.StatusNoContent}); err != nil {
-		return err
-	}
-
-	return e.updateTimestamp(resp.Header)
-}
-
-// InsertOrReplace inserts an entity or replaces the existing one.
-// Read more: https://docs.microsoft.com/rest/api/storageservices/fileservices/insert-or-replace-entity
-func (e *Entity) InsertOrReplace(options *EntityOptions) error {
-	return e.insertOr(http.MethodPut, options)
-}
-
-// InsertOrMerge inserts an entity or merges the existing one.
-// Read more: https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/insert-or-merge-entity
-func (e *Entity) InsertOrMerge(options *EntityOptions) error {
-	return e.insertOr("MERGE", options)
-}
-
-func (e *Entity) buildPath() string {
-	return fmt.Sprintf("%s(PartitionKey='%s',RowKey='%s')", e.Table.buildPath(), e.PartitionKey, e.RowKey)
-}
-
-// MarshalJSON is a custom marshaller for entity
-func (e *Entity) MarshalJSON() ([]byte, error) {
-	completeMap := map[string]interface{}{}
-	completeMap[partitionKeyNode] = e.PartitionKey
-	completeMap[rowKeyNode] = e.RowKey
-	for k, v := range e.Properties {
-		typeKey := strings.Join([]string{k, OdataTypeSuffix}, "")
-		switch t := v.(type) {
-		case []byte:
-			completeMap[typeKey] = OdataBinary
-			completeMap[k] = t
-		case time.Time:
-			completeMap[typeKey] = OdataDateTime
-			completeMap[k] = t.Format(time.RFC3339Nano)
-		case uuid.UUID:
-			completeMap[typeKey] = OdataGUID
-			completeMap[k] = t.String()
-		case int64:
-			completeMap[typeKey] = OdataInt64
-			completeMap[k] = fmt.Sprintf("%v", v)
-		case float32, float64:
-			completeMap[typeKey] = OdataDouble
-			completeMap[k] = fmt.Sprintf("%v", v)
-		default:
-			completeMap[k] = v
-		}
-		if strings.HasSuffix(k, OdataTypeSuffix) {
-			if !(completeMap[k] == OdataBinary ||
-				completeMap[k] == OdataDateTime ||
-				completeMap[k] == OdataGUID ||
-				completeMap[k] == OdataInt64 ||
-				completeMap[k] == OdataDouble) {
-				return nil, fmt.Errorf("Odata.type annotation %v value is not valid", k)
-			}
-			valueKey := strings.TrimSuffix(k, OdataTypeSuffix)
-			if _, ok := completeMap[valueKey]; !ok {
-				return nil, fmt.Errorf("Odata.type annotation %v defined without value defined", k)
-			}
-		}
-	}
-	return json.Marshal(completeMap)
-}
-
-// UnmarshalJSON is a custom unmarshaller for entities
-func (e *Entity) UnmarshalJSON(data []byte) error {
-	errorTemplate := "Deserializing error: %v"
-
-	props := map[string]interface{}{}
-	err := json.Unmarshal(data, &props)
-	if err != nil {
-		return err
-	}
-
-	// deselialize metadata
-	e.OdataMetadata = stringFromMap(props, "odata.metadata")
-	e.OdataType = stringFromMap(props, "odata.type")
-	e.OdataID = stringFromMap(props, "odata.id")
-	e.OdataEtag = stringFromMap(props, "odata.etag")
-	e.OdataEditLink = stringFromMap(props, "odata.editLink")
-	e.PartitionKey = stringFromMap(props, partitionKeyNode)
-	e.RowKey = stringFromMap(props, rowKeyNode)
-
-	// deserialize timestamp
-	timeStamp, ok := props["Timestamp"]
-	if ok {
-		str, ok := timeStamp.(string)
-		if !ok {
-			return fmt.Errorf(errorTemplate, "Timestamp casting error")
-		}
-		t, err := time.Parse(time.RFC3339Nano, str)
-		if err != nil {
-			return fmt.Errorf(errorTemplate, err)
-		}
-		e.TimeStamp = t
-	}
-	delete(props, "Timestamp")
-	delete(props, "Timestamp@odata.type")
-
-	// deserialize entity (user defined fields)
-	for k, v := range props {
-		if strings.HasSuffix(k, OdataTypeSuffix) {
-			valueKey := strings.TrimSuffix(k, OdataTypeSuffix)
-			str, ok := props[valueKey].(string)
-			if !ok {
-				return fmt.Errorf(errorTemplate, fmt.Sprintf("%v casting error", v))
-			}
-			switch v {
-			case OdataBinary:
-				props[valueKey], err = base64.StdEncoding.DecodeString(str)
-				if err != nil {
-					return fmt.Errorf(errorTemplate, err)
-				}
-			case OdataDateTime:
-				t, err := time.Parse("2006-01-02T15:04:05Z", str)
-				if err != nil {
-					return fmt.Errorf(errorTemplate, err)
-				}
-				props[valueKey] = t
-			case OdataGUID:
-				props[valueKey] = uuid.FromStringOrNil(str)
-			case OdataInt64:
-				i, err := strconv.ParseInt(str, 10, 64)
-				if err != nil {
-					return fmt.Errorf(errorTemplate, err)
-				}
-				props[valueKey] = i
-			case OdataDouble:
-				f, err := strconv.ParseFloat(str, 64)
-				if err != nil {
-					return fmt.Errorf(errorTemplate, err)
-				}
-				props[valueKey] = f
-			default:
-				return fmt.Errorf(errorTemplate, fmt.Sprintf("%v is not supported", v))
-			}
-			delete(props, k)
-		}
-	}
-
-	e.Properties = props
-	return nil
-}
-
-func getAndDelete(props map[string]interface{}, key string) interface{} {
-	if value, ok := props[key]; ok {
-		delete(props, key)
-		return value
-	}
-	return nil
-}
-
-func addIfMatchHeader(h map[string]string, force bool, etag string) map[string]string {
-	if force {
-		h[headerIfMatch] = "*"
-	} else {
-		h[headerIfMatch] = etag
-	}
-	return h
-}
-
-// updates Etag and timestamp
-func (e *Entity) updateEtagAndTimestamp(headers http.Header) error {
-	e.OdataEtag = headers.Get(headerEtag)
-	return e.updateTimestamp(headers)
-}
-
-func (e *Entity) updateTimestamp(headers http.Header) error {
-	str := headers.Get(headerDate)
-	t, err := time.Parse(time.RFC1123, str)
-	if err != nil {
-		return fmt.Errorf("Update timestamp error: %v", err)
-	}
-	e.TimeStamp = t
-	return nil
-}
-
-func (e *Entity) insertOr(verb string, options *EntityOptions) error {
-	query, headers := options.getParameters()
-	headers = mergeHeaders(headers, e.Table.tsc.client.getStandardHeaders())
-
-	body, err := json.Marshal(e)
-	if err != nil {
-		return err
-	}
-	headers = addBodyRelatedHeaders(headers, len(body))
-	headers = addReturnContentHeaders(headers, EmptyPayload)
-
-	uri := e.Table.tsc.client.getEndpoint(tableServiceName, e.buildPath(), query)
-	resp, err := e.Table.tsc.client.exec(verb, uri, headers, bytes.NewReader(body), e.Table.tsc.auth)
-	if err != nil {
-		return err
-	}
-	defer drainRespBody(resp)
-
-	if err = checkRespCode(resp, []int{http.StatusNoContent}); err != nil {
-		return err
-	}
-
-	return e.updateEtagAndTimestamp(resp.Header)
-}
-
-func (e *Entity) updateMerge(force bool, verb string, options *EntityOptions) error {
-	query, headers := options.getParameters()
-	headers = mergeHeaders(headers, e.Table.tsc.client.getStandardHeaders())
-
-	body, err := json.Marshal(e)
-	if err != nil {
-		return err
-	}
-	headers = addBodyRelatedHeaders(headers, len(body))
-	headers = addIfMatchHeader(headers, force, e.OdataEtag)
-	headers = addReturnContentHeaders(headers, EmptyPayload)
-
-	uri := e.Table.tsc.client.getEndpoint(tableServiceName, e.buildPath(), query)
-	resp, err := e.Table.tsc.client.exec(verb, uri, headers, bytes.NewReader(body), e.Table.tsc.auth)
-	if err != nil {
-		if resp != nil && resp.StatusCode == http.StatusPreconditionFailed {
-			return fmt.Errorf(etagErrorTemplate, err)
-		}
-		return err
-	}
-	defer drainRespBody(resp)
-
-	if err = checkRespCode(resp, []int{http.StatusNoContent}); err != nil {
-		return err
-	}
-
-	return e.updateEtagAndTimestamp(resp.Header)
-}
-
-func stringFromMap(props map[string]interface{}, key string) string {
-	value := getAndDelete(props, key)
-	if value != nil {
-		return value.(string)
-	}
-	return ""
-}
-
-func (options *EntityOptions) getParameters() (url.Values, map[string]string) {
-	query := url.Values{}
-	headers := map[string]string{}
-	if options != nil {
-		query = addTimeout(query, options.Timeout)
-		headers = headersFromStruct(*options)
-	}
-	return query, headers
-}
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/storage/file.go b/vendor/github.com/Azure/azure-sdk-for-go/storage/file.go
deleted file mode 100644
index 9848025cc..000000000
--- a/vendor/github.com/Azure/azure-sdk-for-go/storage/file.go
+++ /dev/null
@@ -1,473 +0,0 @@
-package storage
-
-// Copyright (c) Microsoft Corporation. All rights reserved.
-// Licensed under the MIT License. See License.txt in the project root for license information.
-
-import (
-	"errors"
-	"fmt"
-	"io"
-	"io/ioutil"
-	"net/http"
-	"net/url"
-	"strconv"
-	"sync"
-)
-
-const fourMB = uint64(4194304)
-const oneTB = uint64(1099511627776)
-
-// Export maximum range and file sizes
-
-// MaxRangeSize defines the maximum size in bytes for a file range.
-const MaxRangeSize = fourMB
-
-// MaxFileSize defines the maximum size in bytes for a file.
-const MaxFileSize = oneTB
-
-// File represents a file on a share.
-type File struct {
-	fsc                *FileServiceClient
-	Metadata           map[string]string
-	Name               string `xml:"Name"`
-	parent             *Directory
-	Properties         FileProperties `xml:"Properties"`
-	share              *Share
-	FileCopyProperties FileCopyState
-	mutex              *sync.Mutex
-}
-
-// FileProperties contains various properties of a file.
-type FileProperties struct {
-	CacheControl string `header:"x-ms-cache-control"`
-	Disposition  string `header:"x-ms-content-disposition"`
-	Encoding     string `header:"x-ms-content-encoding"`
-	Etag         string
-	Language     string `header:"x-ms-content-language"`
-	LastModified string
-	Length       uint64 `xml:"Content-Length" header:"x-ms-content-length"`
-	MD5          string `header:"x-ms-content-md5"`
-	Type         string `header:"x-ms-content-type"`
-}
-
-// FileCopyState contains various properties of a file copy operation.
-type FileCopyState struct {
-	CompletionTime string
-	ID             string `header:"x-ms-copy-id"`
-	Progress       string
-	Source         string
-	Status         string `header:"x-ms-copy-status"`
-	StatusDesc     string
-}
-
-// FileStream contains file data returned from a call to GetFile.
-type FileStream struct {
-	Body       io.ReadCloser
-	ContentMD5 string
-}
-
-// FileRequestOptions will be passed to misc file operations.
-// Currently just Timeout (in seconds) but could expand.
-type FileRequestOptions struct {
-	Timeout uint // timeout duration in seconds.
-}
-
-func prepareOptions(options *FileRequestOptions) url.Values {
-	params := url.Values{}
-	if options != nil {
-		params = addTimeout(params, options.Timeout)
-	}
-	return params
-}
-
-// FileRanges contains a list of file range information for a file.
-//
-// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/List-Ranges
-type FileRanges struct {
-	ContentLength uint64
-	LastModified  string
-	ETag          string
-	FileRanges    []FileRange `xml:"Range"`
-}
-
-// FileRange contains range information for a file.
-//
-// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/List-Ranges
-type FileRange struct {
-	Start uint64 `xml:"Start"`
-	End   uint64 `xml:"End"`
-}
-
-func (fr FileRange) String() string {
-	return fmt.Sprintf("bytes=%d-%d", fr.Start, fr.End)
-}
-
-// builds the complete file path for this file object
-func (f *File) buildPath() string {
-	return f.parent.buildPath() + "/" + f.Name
-}
-
-// ClearRange releases the specified range of space in a file.
-//
-// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/Put-Range
-func (f *File) ClearRange(fileRange FileRange, options *FileRequestOptions) error {
-	var timeout *uint
-	if options != nil {
-		timeout = &options.Timeout
-	}
-	headers, err := f.modifyRange(nil, fileRange, timeout, nil)
-	if err != nil {
-		return err
-	}
-
-	f.updateEtagAndLastModified(headers)
-	return nil
-}
-
-// Create creates a new file or replaces an existing one.
-//
-// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/Create-File
-func (f *File) Create(maxSize uint64, options *FileRequestOptions) error {
-	if maxSize > oneTB {
-		return fmt.Errorf("max file size is 1TB")
-	}
-	params := prepareOptions(options)
-	headers := headersFromStruct(f.Properties)
-	headers["x-ms-content-length"] = strconv.FormatUint(maxSize, 10)
-	headers["x-ms-type"] = "file"
-
-	outputHeaders, err := f.fsc.createResource(f.buildPath(), resourceFile, params, mergeMDIntoExtraHeaders(f.Metadata, headers), []int{http.StatusCreated})
-	if err != nil {
-		return err
-	}
-
-	f.Properties.Length = maxSize
-	f.updateEtagAndLastModified(outputHeaders)
-	return nil
-}
-
-// CopyFile operation copied a file/blob from the sourceURL to the path provided.
-//
-// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/copy-file
-func (f *File) CopyFile(sourceURL string, options *FileRequestOptions) error {
-	extraHeaders := map[string]string{
-		"x-ms-type":        "file",
-		"x-ms-copy-source": sourceURL,
-	}
-	params := prepareOptions(options)
-
-	headers, err := f.fsc.createResource(f.buildPath(), resourceFile, params, mergeMDIntoExtraHeaders(f.Metadata, extraHeaders), []int{http.StatusAccepted})
-	if err != nil {
-		return err
-	}
-
-	f.updateEtagAndLastModified(headers)
-	f.FileCopyProperties.ID = headers.Get("X-Ms-Copy-Id")
-	f.FileCopyProperties.Status = headers.Get("X-Ms-Copy-Status")
-	return nil
-}
-
-// Delete immediately removes this file from the storage account.
-//
-// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/Delete-File2
-func (f *File) Delete(options *FileRequestOptions) error {
-	return f.fsc.deleteResource(f.buildPath(), resourceFile, options)
-}
-
-// DeleteIfExists removes this file if it exists.
-//
-// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/Delete-File2
-func (f *File) DeleteIfExists(options *FileRequestOptions) (bool, error) {
-	resp, err := f.fsc.deleteResourceNoClose(f.buildPath(), resourceFile, options)
-	if resp != nil {
-		defer drainRespBody(resp)
-		if resp.StatusCode == http.StatusAccepted || resp.StatusCode == http.StatusNotFound {
-			return resp.StatusCode == http.StatusAccepted, nil
-		}
-	}
-	return false, err
-}
-
-// GetFileOptions includes options for a get file operation
-type GetFileOptions struct {
-	Timeout       uint
-	GetContentMD5 bool
-}
-
-// DownloadToStream operation downloads the file.
-//
-// See: https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/get-file
-func (f *File) DownloadToStream(options *FileRequestOptions) (io.ReadCloser, error) {
-	params := prepareOptions(options)
-	resp, err := f.fsc.getResourceNoClose(f.buildPath(), compNone, resourceFile, params, http.MethodGet, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	if err = checkRespCode(resp, []int{http.StatusOK}); err != nil {
-		drainRespBody(resp)
-		return nil, err
-	}
-	return resp.Body, nil
-}
-
-// DownloadRangeToStream operation downloads the specified range of this file with optional MD5 hash.
-//
-// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/get-file
-func (f *File) DownloadRangeToStream(fileRange FileRange, options *GetFileOptions) (fs FileStream, err error) {
-	extraHeaders := map[string]string{
-		"Range": fileRange.String(),
-	}
-	params := url.Values{}
-	if options != nil {
-		if options.GetContentMD5 {
-			if isRangeTooBig(fileRange) {
-				return fs, fmt.Errorf("must specify a range less than or equal to 4MB when getContentMD5 is true")
-			}
-			extraHeaders["x-ms-range-get-content-md5"] = "true"
-		}
-		params = addTimeout(params, options.Timeout)
-	}
-
-	resp, err := f.fsc.getResourceNoClose(f.buildPath(), compNone, resourceFile, params, http.MethodGet, extraHeaders)
-	if err != nil {
-		return fs, err
-	}
-
-	if err = checkRespCode(resp, []int{http.StatusOK, http.StatusPartialContent}); err != nil {
-		drainRespBody(resp)
-		return fs, err
-	}
-
-	fs.Body = resp.Body
-	if options != nil && options.GetContentMD5 {
-		fs.ContentMD5 = resp.Header.Get("Content-MD5")
-	}
-	return fs, nil
-}
-
-// Exists returns true if this file exists.
-func (f *File) Exists() (bool, error) {
-	exists, headers, err := f.fsc.resourceExists(f.buildPath(), resourceFile)
-	if exists {
-		f.updateEtagAndLastModified(headers)
-		f.updateProperties(headers)
-	}
-	return exists, err
-}
-
-// FetchAttributes updates metadata and properties for this file.
-// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/get-file-properties
-func (f *File) FetchAttributes(options *FileRequestOptions) error {
-	params := prepareOptions(options)
-	headers, err := f.fsc.getResourceHeaders(f.buildPath(), compNone, resourceFile, params, http.MethodHead)
-	if err != nil {
-		return err
-	}
-
-	f.updateEtagAndLastModified(headers)
-	f.updateProperties(headers)
-	f.Metadata = getMetadataFromHeaders(headers)
-	return nil
-}
-
-// returns true if the range is larger than 4MB
-func isRangeTooBig(fileRange FileRange) bool {
-	if fileRange.End-fileRange.Start > fourMB {
-		return true
-	}
-
-	return false
-}
-
-// ListRangesOptions includes options for a list file ranges operation
-type ListRangesOptions struct {
-	Timeout   uint
-	ListRange *FileRange
-}
-
-// ListRanges returns the list of valid ranges for this file.
-//
-// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/List-Ranges
-func (f *File) ListRanges(options *ListRangesOptions) (*FileRanges, error) {
-	params := url.Values{"comp": {"rangelist"}}
-
-	// add optional range to list
-	var headers map[string]string
-	if options != nil {
-		params = addTimeout(params, options.Timeout)
-		if options.ListRange != nil {
-			headers = make(map[string]string)
-			headers["Range"] = options.ListRange.String()
-		}
-	}
-
-	resp, err := f.fsc.listContent(f.buildPath(), params, headers)
-	if err != nil {
-		return nil, err
-	}
-
-	defer resp.Body.Close()
-	var cl uint64
-	cl, err = strconv.ParseUint(resp.Header.Get("x-ms-content-length"), 10, 64)
-	if err != nil {
-		ioutil.ReadAll(resp.Body)
-		return nil, err
-	}
-
-	var out FileRanges
-	out.ContentLength = cl
-	out.ETag = resp.Header.Get("ETag")
-	out.LastModified = resp.Header.Get("Last-Modified")
-
-	err = xmlUnmarshal(resp.Body, &out)
-	return &out, err
-}
-
-// modifies a range of bytes in this file
-func (f *File) modifyRange(bytes io.Reader, fileRange FileRange, timeout *uint, contentMD5 *string) (http.Header, error) {
-	if err := f.fsc.checkForStorageEmulator(); err != nil {
-		return nil, err
-	}
-	if fileRange.End < fileRange.Start {
-		return nil, errors.New("the value for rangeEnd must be greater than or equal to rangeStart")
-	}
-	if bytes != nil && isRangeTooBig(fileRange) {
-		return nil, errors.New("range cannot exceed 4MB in size")
-	}
-
-	params := url.Values{"comp": {"range"}}
-	if timeout != nil {
-		params = addTimeout(params, *timeout)
-	}
-
-	uri := f.fsc.client.getEndpoint(fileServiceName, f.buildPath(), params)
-
-	// default to clear
-	write := "clear"
-	cl := uint64(0)
-
-	// if bytes is not nil then this is an update operation
-	if bytes != nil {
-		write = "update"
-		cl = (fileRange.End - fileRange.Start) + 1
-	}
-
-	extraHeaders := map[string]string{
-		"Content-Length": strconv.FormatUint(cl, 10),
-		"Range":          fileRange.String(),
-		"x-ms-write":     write,
-	}
-
-	if contentMD5 != nil {
-		extraHeaders["Content-MD5"] = *contentMD5
-	}
-
-	headers := mergeHeaders(f.fsc.client.getStandardHeaders(), extraHeaders)
-	resp, err := f.fsc.client.exec(http.MethodPut, uri, headers, bytes, f.fsc.auth)
-	if err != nil {
-		return nil, err
-	}
-	defer drainRespBody(resp)
-	return resp.Header, checkRespCode(resp, []int{http.StatusCreated})
-}
-
-// SetMetadata replaces the metadata for this file.
-//
-// Some keys may be converted to Camel-Case before sending. All keys
-// are returned in lower case by GetFileMetadata. HTTP header names
-// are case-insensitive so case munging should not matter to other
-// applications either.
-//
-// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/Set-File-Metadata
-func (f *File) SetMetadata(options *FileRequestOptions) error {
-	headers, err := f.fsc.setResourceHeaders(f.buildPath(), compMetadata, resourceFile, mergeMDIntoExtraHeaders(f.Metadata, nil), options)
-	if err != nil {
-		return err
-	}
-
-	f.updateEtagAndLastModified(headers)
-	return nil
-}
-
-// SetProperties sets system properties on this file.
-//
-// Some keys may be converted to Camel-Case before sending. All keys
-// are returned in lower case by SetFileProperties. HTTP header names
-// are case-insensitive so case munging should not matter to other
-// applications either.
-//
-// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/Set-File-Properties
-func (f *File) SetProperties(options *FileRequestOptions) error {
-	headers, err := f.fsc.setResourceHeaders(f.buildPath(), compProperties, resourceFile, headersFromStruct(f.Properties), options)
-	if err != nil {
-		return err
-	}
-
-	f.updateEtagAndLastModified(headers)
-	return nil
-}
-
-// updates Etag and last modified date
-func (f *File) updateEtagAndLastModified(headers http.Header) {
-	f.Properties.Etag = headers.Get("Etag")
-	f.Properties.LastModified = headers.Get("Last-Modified")
-}
-
-// updates file properties from the specified HTTP header
-func (f *File) updateProperties(header http.Header) {
-	size, err := strconv.ParseUint(header.Get("Content-Length"), 10, 64)
-	if err == nil {
-		f.Properties.Length = size
-	}
-
-	f.updateEtagAndLastModified(header)
-	f.Properties.CacheControl = header.Get("Cache-Control")
-	f.Properties.Disposition = header.Get("Content-Disposition")
-	f.Properties.Encoding = header.Get("Content-Encoding")
-	f.Properties.Language = header.Get("Content-Language")
-	f.Properties.MD5 = header.Get("Content-MD5")
-	f.Properties.Type = header.Get("Content-Type")
-}
-
-// URL gets the canonical URL to this file.
-// This method does not create a publicly accessible URL if the file
-// is private and this method does not check if the file exists.
-func (f *File) URL() string {
-	return f.fsc.client.getEndpoint(fileServiceName, f.buildPath(), nil)
-}
-
-// WriteRangeOptions includes options for a write file range operation
-type WriteRangeOptions struct {
-	Timeout    uint
-	ContentMD5 string
-}
-
-// WriteRange writes a range of bytes to this file with an optional MD5 hash of the content (inside
-// options parameter). Note that the length of bytes must match (rangeEnd - rangeStart) + 1 with
-// a maximum size of 4MB.
-//
-// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/Put-Range
-func (f *File) WriteRange(bytes io.Reader, fileRange FileRange, options *WriteRangeOptions) error {
-	if bytes == nil {
-		return errors.New("bytes cannot be nil")
-	}
-	var timeout *uint
-	var md5 *string
-	if options != nil {
-		timeout = &options.Timeout
-		md5 = &options.ContentMD5
-	}
-
-	headers, err := f.modifyRange(bytes, fileRange, timeout, md5)
-	if err != nil {
-		return err
-	}
-	// it's perfectly legal for multiple go routines to call WriteRange
-	// on the same *File (e.g. concurrently writing non-overlapping ranges)
-	// so we must take the file mutex before updating our properties.
-	f.mutex.Lock()
-	f.updateEtagAndLastModified(headers)
-	f.mutex.Unlock()
-	return nil
-}
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/storage/fileserviceclient.go b/vendor/github.com/Azure/azure-sdk-for-go/storage/fileserviceclient.go
deleted file mode 100644
index 6a12d6dcb..000000000
--- a/vendor/github.com/Azure/azure-sdk-for-go/storage/fileserviceclient.go
+++ /dev/null
@@ -1,327 +0,0 @@
-package storage
-
-// Copyright (c) Microsoft Corporation. All rights reserved.
-// Licensed under the MIT License. See License.txt in the project root for license information.
-
-import (
-	"encoding/xml"
-	"fmt"
-	"net/http"
-	"net/url"
-	"strconv"
-)
-
-// FileServiceClient contains operations for Microsoft Azure File Service.
-type FileServiceClient struct {
-	client Client
-	auth   authentication
-}
-
-// ListSharesParameters defines the set of customizable parameters to make a
-// List Shares call.
-//
-// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/List-Shares
-type ListSharesParameters struct {
-	Prefix     string
-	Marker     string
-	Include    string
-	MaxResults uint
-	Timeout    uint
-}
-
-// ShareListResponse contains the response fields from
-// ListShares call.
-//
-// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/List-Shares
-type ShareListResponse struct {
-	XMLName    xml.Name `xml:"EnumerationResults"`
-	Xmlns      string   `xml:"xmlns,attr"`
-	Prefix     string   `xml:"Prefix"`
-	Marker     string   `xml:"Marker"`
-	NextMarker string   `xml:"NextMarker"`
-	MaxResults int64    `xml:"MaxResults"`
-	Shares     []Share  `xml:"Shares>Share"`
-}
-
-type compType string
-
-const (
-	compNone       compType = ""
-	compList       compType = "list"
-	compMetadata   compType = "metadata"
-	compProperties compType = "properties"
-	compRangeList  compType = "rangelist"
-)
-
-func (ct compType) String() string {
-	return string(ct)
-}
-
-type resourceType string
-
-const (
-	resourceDirectory resourceType = "directory"
-	resourceFile      resourceType = ""
-	resourceShare     resourceType = "share"
-)
-
-func (rt resourceType) String() string {
-	return string(rt)
-}
-
-func (p ListSharesParameters) getParameters() url.Values {
-	out := url.Values{}
-
-	if p.Prefix != "" {
-		out.Set("prefix", p.Prefix)
-	}
-	if p.Marker != "" {
-		out.Set("marker", p.Marker)
-	}
-	if p.Include != "" {
-		out.Set("include", p.Include)
-	}
-	if p.MaxResults != 0 {
-		out.Set("maxresults", strconv.FormatUint(uint64(p.MaxResults), 10))
-	}
-	if p.Timeout != 0 {
-		out.Set("timeout", strconv.FormatUint(uint64(p.Timeout), 10))
-	}
-
-	return out
-}
-
-func (p ListDirsAndFilesParameters) getParameters() url.Values {
-	out := url.Values{}
-
-	if p.Prefix != "" {
-		out.Set("prefix", p.Prefix)
-	}
-	if p.Marker != "" {
-		out.Set("marker", p.Marker)
-	}
-	if p.MaxResults != 0 {
-		out.Set("maxresults", strconv.FormatUint(uint64(p.MaxResults), 10))
-	}
-	out = addTimeout(out, p.Timeout)
-
-	return out
-}
-
-// returns url.Values for the specified types
-func getURLInitValues(comp compType, res resourceType) url.Values {
-	values := url.Values{}
-	if comp != compNone {
-		values.Set("comp", comp.String())
-	}
-	if res != resourceFile {
-		values.Set("restype", res.String())
-	}
-	return values
-}
-
-// GetShareReference returns a Share object for the specified share name.
-func (f *FileServiceClient) GetShareReference(name string) *Share {
-	return &Share{
-		fsc:  f,
-		Name: name,
-		Properties: ShareProperties{
-			Quota: -1,
-		},
-	}
-}
-
-// ListShares returns the list of shares in a storage account along with
-// pagination token and other response details.
-//
-// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/list-shares
-func (f FileServiceClient) ListShares(params ListSharesParameters) (*ShareListResponse, error) {
-	q := mergeParams(params.getParameters(), url.Values{"comp": {"list"}})
-
-	var out ShareListResponse
-	resp, err := f.listContent("", q, nil)
-	if err != nil {
-		return nil, err
-	}
-	defer resp.Body.Close()
-	err = xmlUnmarshal(resp.Body, &out)
-
-	// assign our client to the newly created Share objects
-	for i := range out.Shares {
-		out.Shares[i].fsc = &f
-	}
-	return &out, err
-}
-
-// GetServiceProperties gets the properties of your storage account's file service.
-// File service does not support logging
-// See: https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/get-file-service-properties
-func (f *FileServiceClient) GetServiceProperties() (*ServiceProperties, error) {
-	return f.client.getServiceProperties(fileServiceName, f.auth)
-}
-
-// SetServiceProperties sets the properties of your storage account's file service.
-// File service does not support logging
-// See: https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/set-file-service-properties
-func (f *FileServiceClient) SetServiceProperties(props ServiceProperties) error {
-	return f.client.setServiceProperties(props, fileServiceName, f.auth)
-}
-
-// retrieves directory or share content
-func (f FileServiceClient) listContent(path string, params url.Values, extraHeaders map[string]string) (*http.Response, error) {
-	if err := f.checkForStorageEmulator(); err != nil {
-		return nil, err
-	}
-
-	uri := f.client.getEndpoint(fileServiceName, path, params)
-	extraHeaders = f.client.protectUserAgent(extraHeaders)
-	headers := mergeHeaders(f.client.getStandardHeaders(), extraHeaders)
-
-	resp, err := f.client.exec(http.MethodGet, uri, headers, nil, f.auth)
-	if err != nil {
-		return nil, err
-	}
-
-	if err = checkRespCode(resp, []int{http.StatusOK}); err != nil {
-		drainRespBody(resp)
-		return nil, err
-	}
-
-	return resp, nil
-}
-
-// returns true if the specified resource exists
-func (f FileServiceClient) resourceExists(path string, res resourceType) (bool, http.Header, error) {
-	if err := f.checkForStorageEmulator(); err != nil {
-		return false, nil, err
-	}
-
-	uri := f.client.getEndpoint(fileServiceName, path, getURLInitValues(compNone, res))
-	headers := f.client.getStandardHeaders()
-
-	resp, err := f.client.exec(http.MethodHead, uri, headers, nil, f.auth)
-	if resp != nil {
-		defer drainRespBody(resp)
-		if resp.StatusCode == http.StatusOK || resp.StatusCode == http.StatusNotFound {
-			return resp.StatusCode == http.StatusOK, resp.Header, nil
-		}
-	}
-	return false, nil, err
-}
-
-// creates a resource depending on the specified resource type
-func (f FileServiceClient) createResource(path string, res resourceType, urlParams url.Values, extraHeaders map[string]string, expectedResponseCodes []int) (http.Header, error) {
-	resp, err := f.createResourceNoClose(path, res, urlParams, extraHeaders)
-	if err != nil {
-		return nil, err
-	}
-	defer drainRespBody(resp)
-	return resp.Header, checkRespCode(resp, expectedResponseCodes)
-}
-
-// creates a resource depending on the specified resource type, doesn't close the response body
-func (f FileServiceClient) createResourceNoClose(path string, res resourceType, urlParams url.Values, extraHeaders map[string]string) (*http.Response, error) {
-	if err := f.checkForStorageEmulator(); err != nil {
-		return nil, err
-	}
-
-	values := getURLInitValues(compNone, res)
-	combinedParams := mergeParams(values, urlParams)
-	uri := f.client.getEndpoint(fileServiceName, path, combinedParams)
-	extraHeaders = f.client.protectUserAgent(extraHeaders)
-	headers := mergeHeaders(f.client.getStandardHeaders(), extraHeaders)
-
-	return f.client.exec(http.MethodPut, uri, headers, nil, f.auth)
-}
-
-// returns HTTP header data for the specified directory or share
-func (f FileServiceClient) getResourceHeaders(path string, comp compType, res resourceType, params url.Values, verb string) (http.Header, error) {
-	resp, err := f.getResourceNoClose(path, comp, res, params, verb, nil)
-	if err != nil {
-		return nil, err
-	}
-	defer drainRespBody(resp)
-
-	if err = checkRespCode(resp, []int{http.StatusOK}); err != nil {
-		return nil, err
-	}
-
-	return resp.Header, nil
-}
-
-// gets the specified resource, doesn't close the response body
-func (f FileServiceClient) getResourceNoClose(path string, comp compType, res resourceType, params url.Values, verb string, extraHeaders map[string]string) (*http.Response, error) {
-	if err := f.checkForStorageEmulator(); err != nil {
-		return nil, err
-	}
-
-	params = mergeParams(params, getURLInitValues(comp, res))
-	uri := f.client.getEndpoint(fileServiceName, path, params)
-	headers := mergeHeaders(f.client.getStandardHeaders(), extraHeaders)
-
-	return f.client.exec(verb, uri, headers, nil, f.auth)
-}
-
-// deletes the resource and returns the response
-func (f FileServiceClient) deleteResource(path string, res resourceType, options *FileRequestOptions) error {
-	resp, err := f.deleteResourceNoClose(path, res, options)
-	if err != nil {
-		return err
-	}
-	defer drainRespBody(resp)
-	return checkRespCode(resp, []int{http.StatusAccepted})
-}
-
-// deletes the resource and returns the response, doesn't close the response body
-func (f FileServiceClient) deleteResourceNoClose(path string, res resourceType, options *FileRequestOptions) (*http.Response, error) {
-	if err := f.checkForStorageEmulator(); err != nil {
-		return nil, err
-	}
-
-	values := mergeParams(getURLInitValues(compNone, res), prepareOptions(options))
-	uri := f.client.getEndpoint(fileServiceName, path, values)
-	return f.client.exec(http.MethodDelete, uri, f.client.getStandardHeaders(), nil, f.auth)
-}
-
-// merges metadata into extraHeaders and returns extraHeaders
-func mergeMDIntoExtraHeaders(metadata, extraHeaders map[string]string) map[string]string {
-	if metadata == nil && extraHeaders == nil {
-		return nil
-	}
-	if extraHeaders == nil {
-		extraHeaders = make(map[string]string)
-	}
-	for k, v := range metadata {
-		extraHeaders[userDefinedMetadataHeaderPrefix+k] = v
-	}
-	return extraHeaders
-}
-
-// sets extra header data for the specified resource
-func (f FileServiceClient) setResourceHeaders(path string, comp compType, res resourceType, extraHeaders map[string]string, options *FileRequestOptions) (http.Header, error) {
-	if err := f.checkForStorageEmulator(); err != nil {
-		return nil, err
-	}
-
-	params := mergeParams(getURLInitValues(comp, res), prepareOptions(options))
-	uri := f.client.getEndpoint(fileServiceName, path, params)
-	extraHeaders = f.client.protectUserAgent(extraHeaders)
-	headers := mergeHeaders(f.client.getStandardHeaders(), extraHeaders)
-
-	resp, err := f.client.exec(http.MethodPut, uri, headers, nil, f.auth)
-	if err != nil {
-		return nil, err
-	}
-	defer drainRespBody(resp)
-
-	return resp.Header, checkRespCode(resp, []int{http.StatusOK})
-}
-
-//checkForStorageEmulator determines if the client is setup for use with
-//Azure Storage Emulator, and returns a relevant error
-func (f FileServiceClient) checkForStorageEmulator() error {
-	if f.client.accountName == StorageEmulatorAccountName {
-		return fmt.Errorf("Error: File service is not currently supported by Azure Storage Emulator")
-	}
-	return nil
-}
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/storage/leaseblob.go b/vendor/github.com/Azure/azure-sdk-for-go/storage/leaseblob.go
deleted file mode 100644
index 6453477ba..000000000
--- a/vendor/github.com/Azure/azure-sdk-for-go/storage/leaseblob.go
+++ /dev/null
@@ -1,190 +0,0 @@
-package storage
-
-// Copyright (c) Microsoft Corporation. All rights reserved.
-// Licensed under the MIT License. See License.txt in the project root for license information.
-
-import (
-	"errors"
-	"net/http"
-	"net/url"
-	"strconv"
-	"time"
-)
-
-// lease constants.
-const (
-	leaseHeaderPrefix = "x-ms-lease-"
-	headerLeaseID     = "x-ms-lease-id"
-	leaseAction       = "x-ms-lease-action"
-	leaseBreakPeriod  = "x-ms-lease-break-period"
-	leaseDuration     = "x-ms-lease-duration"
-	leaseProposedID   = "x-ms-proposed-lease-id"
-	leaseTime         = "x-ms-lease-time"
-
-	acquireLease = "acquire"
-	renewLease   = "renew"
-	changeLease  = "change"
-	releaseLease = "release"
-	breakLease   = "break"
-)
-
-// leasePut is common PUT code for the various acquire/release/break etc functions.
-func (b *Blob) leaseCommonPut(headers map[string]string, expectedStatus int, options *LeaseOptions) (http.Header, error) {
-	params := url.Values{"comp": {"lease"}}
-
-	if options != nil {
-		params = addTimeout(params, options.Timeout)
-		headers = mergeHeaders(headers, headersFromStruct(*options))
-	}
-	uri := b.Container.bsc.client.getEndpoint(blobServiceName, b.buildPath(), params)
-
-	resp, err := b.Container.bsc.client.exec(http.MethodPut, uri, headers, nil, b.Container.bsc.auth)
-	if err != nil {
-		return nil, err
-	}
-	defer drainRespBody(resp)
-
-	if err := checkRespCode(resp, []int{expectedStatus}); err != nil {
-		return nil, err
-	}
-
-	return resp.Header, nil
-}
-
-// LeaseOptions includes options for all operations regarding leasing blobs
-type LeaseOptions struct {
-	Timeout           uint
-	Origin            string     `header:"Origin"`
-	IfMatch           string     `header:"If-Match"`
-	IfNoneMatch       string     `header:"If-None-Match"`
-	IfModifiedSince   *time.Time `header:"If-Modified-Since"`
-	IfUnmodifiedSince *time.Time `header:"If-Unmodified-Since"`
-	RequestID         string     `header:"x-ms-client-request-id"`
-}
-
-// AcquireLease creates a lease for a blob
-// returns leaseID acquired
-// In API Versions starting on 2012-02-12, the minimum leaseTimeInSeconds is 15, the maximum
-// non-infinite leaseTimeInSeconds is 60. To specify an infinite lease, provide the value -1.
-// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/Lease-Blob
-func (b *Blob) AcquireLease(leaseTimeInSeconds int, proposedLeaseID string, options *LeaseOptions) (returnedLeaseID string, err error) {
-	headers := b.Container.bsc.client.getStandardHeaders()
-	headers[leaseAction] = acquireLease
-
-	if leaseTimeInSeconds == -1 {
-		// Do nothing, but don't trigger the following clauses.
-	} else if leaseTimeInSeconds > 60 || b.Container.bsc.client.apiVersion < "2012-02-12" {
-		leaseTimeInSeconds = 60
-	} else if leaseTimeInSeconds < 15 {
-		leaseTimeInSeconds = 15
-	}
-
-	headers[leaseDuration] = strconv.Itoa(leaseTimeInSeconds)
-
-	if proposedLeaseID != "" {
-		headers[leaseProposedID] = proposedLeaseID
-	}
-
-	respHeaders, err := b.leaseCommonPut(headers, http.StatusCreated, options)
-	if err != nil {
-		return "", err
-	}
-
-	returnedLeaseID = respHeaders.Get(http.CanonicalHeaderKey(headerLeaseID))
-
-	if returnedLeaseID != "" {
-		return returnedLeaseID, nil
-	}
-
-	return "", errors.New("LeaseID not returned")
-}
-
-// BreakLease breaks the lease for a blob
-// Returns the timeout remaining in the lease in seconds
-// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/Lease-Blob
-func (b *Blob) BreakLease(options *LeaseOptions) (breakTimeout int, err error) {
-	headers := b.Container.bsc.client.getStandardHeaders()
-	headers[leaseAction] = breakLease
-	return b.breakLeaseCommon(headers, options)
-}
-
-// BreakLeaseWithBreakPeriod breaks the lease for a blob
-// breakPeriodInSeconds is used to determine how long until new lease can be created.
-// Returns the timeout remaining in the lease in seconds
-// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/Lease-Blob
-func (b *Blob) BreakLeaseWithBreakPeriod(breakPeriodInSeconds int, options *LeaseOptions) (breakTimeout int, err error) {
-	headers := b.Container.bsc.client.getStandardHeaders()
-	headers[leaseAction] = breakLease
-	headers[leaseBreakPeriod] = strconv.Itoa(breakPeriodInSeconds)
-	return b.breakLeaseCommon(headers, options)
-}
-
-// breakLeaseCommon is common code for both version of BreakLease (with and without break period)
-func (b *Blob) breakLeaseCommon(headers map[string]string, options *LeaseOptions) (breakTimeout int, err error) {
-
-	respHeaders, err := b.leaseCommonPut(headers, http.StatusAccepted, options)
-	if err != nil {
-		return 0, err
-	}
-
-	breakTimeoutStr := respHeaders.Get(http.CanonicalHeaderKey(leaseTime))
-	if breakTimeoutStr != "" {
-		breakTimeout, err = strconv.Atoi(breakTimeoutStr)
-		if err != nil {
-			return 0, err
-		}
-	}
-
-	return breakTimeout, nil
-}
-
-// ChangeLease changes a lease ID for a blob
-// Returns the new LeaseID acquired
-// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/Lease-Blob
-func (b *Blob) ChangeLease(currentLeaseID string, proposedLeaseID string, options *LeaseOptions) (newLeaseID string, err error) {
-	headers := b.Container.bsc.client.getStandardHeaders()
-	headers[leaseAction] = changeLease
-	headers[headerLeaseID] = currentLeaseID
-	headers[leaseProposedID] = proposedLeaseID
-
-	respHeaders, err := b.leaseCommonPut(headers, http.StatusOK, options)
-	if err != nil {
-		return "", err
-	}
-
-	newLeaseID = respHeaders.Get(http.CanonicalHeaderKey(headerLeaseID))
-	if newLeaseID != "" {
-		return newLeaseID, nil
-	}
-
-	return "", errors.New("LeaseID not returned")
-}
-
-// ReleaseLease releases the lease for a blob
-// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/Lease-Blob
-func (b *Blob) ReleaseLease(currentLeaseID string, options *LeaseOptions) error {
-	headers := b.Container.bsc.client.getStandardHeaders()
-	headers[leaseAction] = releaseLease
-	headers[headerLeaseID] = currentLeaseID
-
-	_, err := b.leaseCommonPut(headers, http.StatusOK, options)
-	if err != nil {
-		return err
-	}
-
-	return nil
-}
-
-// RenewLease renews the lease for a blob as per https://msdn.microsoft.com/en-us/library/azure/ee691972.aspx
-func (b *Blob) RenewLease(currentLeaseID string, options *LeaseOptions) error {
-	headers := b.Container.bsc.client.getStandardHeaders()
-	headers[leaseAction] = renewLease
-	headers[headerLeaseID] = currentLeaseID
-
-	_, err := b.leaseCommonPut(headers, http.StatusOK, options)
-	if err != nil {
-		return err
-	}
-
-	return nil
-}
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/storage/message.go b/vendor/github.com/Azure/azure-sdk-for-go/storage/message.go
deleted file mode 100644
index e5447e4a1..000000000
--- a/vendor/github.com/Azure/azure-sdk-for-go/storage/message.go
+++ /dev/null
@@ -1,160 +0,0 @@
-package storage
-
-// Copyright (c) Microsoft Corporation. All rights reserved.
-// Licensed under the MIT License. See License.txt in the project root for license information.
-
-import (
-	"encoding/xml"
-	"fmt"
-	"net/http"
-	"net/url"
-	"strconv"
-	"time"
-)
-
-// Message represents an Azure message.
-type Message struct {
-	Queue        *Queue
-	Text         string      `xml:"MessageText"`
-	ID           string      `xml:"MessageId"`
-	Insertion    TimeRFC1123 `xml:"InsertionTime"`
-	Expiration   TimeRFC1123 `xml:"ExpirationTime"`
-	PopReceipt   string      `xml:"PopReceipt"`
-	NextVisible  TimeRFC1123 `xml:"TimeNextVisible"`
-	DequeueCount int         `xml:"DequeueCount"`
-}
-
-func (m *Message) buildPath() string {
-	return fmt.Sprintf("%s/%s", m.Queue.buildPathMessages(), m.ID)
-}
-
-// PutMessageOptions is the set of options can be specified for Put Messsage
-// operation. A zero struct does not use any preferences for the request.
-type PutMessageOptions struct {
-	Timeout           uint
-	VisibilityTimeout int
-	MessageTTL        int
-	RequestID         string `header:"x-ms-client-request-id"`
-}
-
-// Put operation adds a new message to the back of the message queue.
-//
-// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/Put-Message
-func (m *Message) Put(options *PutMessageOptions) error {
-	query := url.Values{}
-	headers := m.Queue.qsc.client.getStandardHeaders()
-
-	req := putMessageRequest{MessageText: m.Text}
-	body, nn, err := xmlMarshal(req)
-	if err != nil {
-		return err
-	}
-	headers["Content-Length"] = strconv.Itoa(nn)
-
-	if options != nil {
-		if options.VisibilityTimeout != 0 {
-			query.Set("visibilitytimeout", strconv.Itoa(options.VisibilityTimeout))
-		}
-		if options.MessageTTL != 0 {
-			query.Set("messagettl", strconv.Itoa(options.MessageTTL))
-		}
-		query = addTimeout(query, options.Timeout)
-		headers = mergeHeaders(headers, headersFromStruct(*options))
-	}
-
-	uri := m.Queue.qsc.client.getEndpoint(queueServiceName, m.Queue.buildPathMessages(), query)
-	resp, err := m.Queue.qsc.client.exec(http.MethodPost, uri, headers, body, m.Queue.qsc.auth)
-	if err != nil {
-		return err
-	}
-	defer drainRespBody(resp)
-	err = checkRespCode(resp, []int{http.StatusCreated})
-	if err != nil {
-		return err
-	}
-	err = xmlUnmarshal(resp.Body, m)
-	if err != nil {
-		return err
-	}
-	return nil
-}
-
-// UpdateMessageOptions is the set of options can be specified for Update Messsage
-// operation. A zero struct does not use any preferences for the request.
-type UpdateMessageOptions struct {
-	Timeout           uint
-	VisibilityTimeout int
-	RequestID         string `header:"x-ms-client-request-id"`
-}
-
-// Update operation updates the specified message.
-//
-// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/Update-Message
-func (m *Message) Update(options *UpdateMessageOptions) error {
-	query := url.Values{}
-	if m.PopReceipt != "" {
-		query.Set("popreceipt", m.PopReceipt)
-	}
-
-	headers := m.Queue.qsc.client.getStandardHeaders()
-	req := putMessageRequest{MessageText: m.Text}
-	body, nn, err := xmlMarshal(req)
-	if err != nil {
-		return err
-	}
-	headers["Content-Length"] = strconv.Itoa(nn)
-	// visibilitytimeout is required for Update (zero or greater) so set the default here
-	query.Set("visibilitytimeout", "0")
-	if options != nil {
-		if options.VisibilityTimeout != 0 {
-			query.Set("visibilitytimeout", strconv.Itoa(options.VisibilityTimeout))
-		}
-		query = addTimeout(query, options.Timeout)
-		headers = mergeHeaders(headers, headersFromStruct(*options))
-	}
-	uri := m.Queue.qsc.client.getEndpoint(queueServiceName, m.buildPath(), query)
-
-	resp, err := m.Queue.qsc.client.exec(http.MethodPut, uri, headers, body, m.Queue.qsc.auth)
-	if err != nil {
-		return err
-	}
-	defer drainRespBody(resp)
-
-	m.PopReceipt = resp.Header.Get("x-ms-popreceipt")
-	nextTimeStr := resp.Header.Get("x-ms-time-next-visible")
-	if nextTimeStr != "" {
-		nextTime, err := time.Parse(time.RFC1123, nextTimeStr)
-		if err != nil {
-			return err
-		}
-		m.NextVisible = TimeRFC1123(nextTime)
-	}
-
-	return checkRespCode(resp, []int{http.StatusNoContent})
-}
-
-// Delete operation deletes the specified message.
-//
-// See https://msdn.microsoft.com/en-us/library/azure/dd179347.aspx
-func (m *Message) Delete(options *QueueServiceOptions) error {
-	params := url.Values{"popreceipt": {m.PopReceipt}}
-	headers := m.Queue.qsc.client.getStandardHeaders()
-
-	if options != nil {
-		params = addTimeout(params, options.Timeout)
-		headers = mergeHeaders(headers, headersFromStruct(*options))
-	}
-	uri := m.Queue.qsc.client.getEndpoint(queueServiceName, m.buildPath(), params)
-
-	resp, err := m.Queue.qsc.client.exec(http.MethodDelete, uri, headers, nil, m.Queue.qsc.auth)
-	if err != nil {
-		return err
-	}
-	defer drainRespBody(resp)
-	return checkRespCode(resp, []int{http.StatusNoContent})
-}
-
-type putMessageRequest struct {
-	XMLName     xml.Name `xml:"QueueMessage"`
-	MessageText string   `xml:"MessageText"`
-}
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/storage/odata.go b/vendor/github.com/Azure/azure-sdk-for-go/storage/odata.go
deleted file mode 100644
index 3b0572238..000000000
--- a/vendor/github.com/Azure/azure-sdk-for-go/storage/odata.go
+++ /dev/null
@@ -1,37 +0,0 @@
-package storage
-
-// Copyright (c) Microsoft Corporation. All rights reserved.
-// Licensed under the MIT License. See License.txt in the project root for license information.
-
-// MetadataLevel determines if operations should return a paylod,
-// and it level of detail.
-type MetadataLevel string
-
-// This consts are meant to help with Odata supported operations
-const (
-	OdataTypeSuffix = "@odata.type"
-
-	// Types
-
-	OdataBinary   = "Edm.Binary"
-	OdataDateTime = "Edm.DateTime"
-	OdataDouble   = "Edm.Double"
-	OdataGUID     = "Edm.Guid"
-	OdataInt64    = "Edm.Int64"
-
-	// Query options
-
-	OdataFilter  = "$filter"
-	OdataOrderBy = "$orderby"
-	OdataTop     = "$top"
-	OdataSkip    = "$skip"
-	OdataCount   = "$count"
-	OdataExpand  = "$expand"
-	OdataSelect  = "$select"
-	OdataSearch  = "$search"
-
-	EmptyPayload    MetadataLevel = ""
-	NoMetadata      MetadataLevel = "application/json;odata=nometadata"
-	MinimalMetadata MetadataLevel = "application/json;odata=minimalmetadata"
-	FullMetadata    MetadataLevel = "application/json;odata=fullmetadata"
-)
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/storage/pageblob.go b/vendor/github.com/Azure/azure-sdk-for-go/storage/pageblob.go
deleted file mode 100644
index ff93ec2ac..000000000
--- a/vendor/github.com/Azure/azure-sdk-for-go/storage/pageblob.go
+++ /dev/null
@@ -1,192 +0,0 @@
-package storage
-
-// Copyright (c) Microsoft Corporation. All rights reserved.
-// Licensed under the MIT License. See License.txt in the project root for license information.
-
-import (
-	"encoding/xml"
-	"errors"
-	"fmt"
-	"io"
-	"net/http"
-	"net/url"
-	"time"
-)
-
-// GetPageRangesResponse contains the response fields from
-// Get Page Ranges call.
-//
-// See https://msdn.microsoft.com/en-us/library/azure/ee691973.aspx
-type GetPageRangesResponse struct {
-	XMLName  xml.Name    `xml:"PageList"`
-	PageList []PageRange `xml:"PageRange"`
-}
-
-// PageRange contains information about a page of a page blob from
-// Get Pages Range call.
-//
-// See https://msdn.microsoft.com/en-us/library/azure/ee691973.aspx
-type PageRange struct {
-	Start int64 `xml:"Start"`
-	End   int64 `xml:"End"`
-}
-
-var (
-	errBlobCopyAborted    = errors.New("storage: blob copy is aborted")
-	errBlobCopyIDMismatch = errors.New("storage: blob copy id is a mismatch")
-)
-
-// PutPageOptions includes the options for a put page operation
-type PutPageOptions struct {
-	Timeout                           uint
-	LeaseID                           string     `header:"x-ms-lease-id"`
-	IfSequenceNumberLessThanOrEqualTo *int       `header:"x-ms-if-sequence-number-le"`
-	IfSequenceNumberLessThan          *int       `header:"x-ms-if-sequence-number-lt"`
-	IfSequenceNumberEqualTo           *int       `header:"x-ms-if-sequence-number-eq"`
-	IfModifiedSince                   *time.Time `header:"If-Modified-Since"`
-	IfUnmodifiedSince                 *time.Time `header:"If-Unmodified-Since"`
-	IfMatch                           string     `header:"If-Match"`
-	IfNoneMatch                       string     `header:"If-None-Match"`
-	RequestID                         string     `header:"x-ms-client-request-id"`
-}
-
-// WriteRange writes a range of pages to a page blob.
-// Ranges must be aligned with 512-byte boundaries and chunk must be of size
-// multiplies by 512.
-//
-// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/Put-Page
-func (b *Blob) WriteRange(blobRange BlobRange, bytes io.Reader, options *PutPageOptions) error {
-	if bytes == nil {
-		return errors.New("bytes cannot be nil")
-	}
-	return b.modifyRange(blobRange, bytes, options)
-}
-
-// ClearRange clears the given range in a page blob.
-// Ranges must be aligned with 512-byte boundaries and chunk must be of size
-// multiplies by 512.
-//
-// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/Put-Page
-func (b *Blob) ClearRange(blobRange BlobRange, options *PutPageOptions) error {
-	return b.modifyRange(blobRange, nil, options)
-}
-
-func (b *Blob) modifyRange(blobRange BlobRange, bytes io.Reader, options *PutPageOptions) error {
-	if blobRange.End < blobRange.Start {
-		return errors.New("the value for rangeEnd must be greater than or equal to rangeStart")
-	}
-	if blobRange.Start%512 != 0 {
-		return errors.New("the value for rangeStart must be a multiple of 512")
-	}
-	if blobRange.End%512 != 511 {
-		return errors.New("the value for rangeEnd must be a multiple of 512 - 1")
-	}
-
-	params := url.Values{"comp": {"page"}}
-
-	// default to clear
-	write := "clear"
-	var cl uint64
-
-	// if bytes is not nil then this is an update operation
-	if bytes != nil {
-		write = "update"
-		cl = (blobRange.End - blobRange.Start) + 1
-	}
-
-	headers := b.Container.bsc.client.getStandardHeaders()
-	headers["x-ms-blob-type"] = string(BlobTypePage)
-	headers["x-ms-page-write"] = write
-	headers["x-ms-range"] = blobRange.String()
-	headers["Content-Length"] = fmt.Sprintf("%v", cl)
-
-	if options != nil {
-		params = addTimeout(params, options.Timeout)
-		headers = mergeHeaders(headers, headersFromStruct(*options))
-	}
-	uri := b.Container.bsc.client.getEndpoint(blobServiceName, b.buildPath(), params)
-
-	resp, err := b.Container.bsc.client.exec(http.MethodPut, uri, headers, bytes, b.Container.bsc.auth)
-	if err != nil {
-		return err
-	}
-	defer drainRespBody(resp)
-	return checkRespCode(resp, []int{http.StatusCreated})
-}
-
-// GetPageRangesOptions includes the options for a get page ranges operation
-type GetPageRangesOptions struct {
-	Timeout          uint
-	Snapshot         *time.Time
-	PreviousSnapshot *time.Time
-	Range            *BlobRange
-	LeaseID          string `header:"x-ms-lease-id"`
-	RequestID        string `header:"x-ms-client-request-id"`
-}
-
-// GetPageRanges returns the list of valid page ranges for a page blob.
-//
-// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/Get-Page-Ranges
-func (b *Blob) GetPageRanges(options *GetPageRangesOptions) (GetPageRangesResponse, error) {
-	params := url.Values{"comp": {"pagelist"}}
-	headers := b.Container.bsc.client.getStandardHeaders()
-
-	if options != nil {
-		params = addTimeout(params, options.Timeout)
-		params = addSnapshot(params, options.Snapshot)
-		if options.PreviousSnapshot != nil {
-			params.Add("prevsnapshot", timeRFC3339Formatted(*options.PreviousSnapshot))
-		}
-		if options.Range != nil {
-			headers["Range"] = options.Range.String()
-		}
-		headers = mergeHeaders(headers, headersFromStruct(*options))
-	}
-	uri := b.Container.bsc.client.getEndpoint(blobServiceName, b.buildPath(), params)
-
-	var out GetPageRangesResponse
-	resp, err := b.Container.bsc.client.exec(http.MethodGet, uri, headers, nil, b.Container.bsc.auth)
-	if err != nil {
-		return out, err
-	}
-	defer drainRespBody(resp)
-
-	if err = checkRespCode(resp, []int{http.StatusOK}); err != nil {
-		return out, err
-	}
-	err = xmlUnmarshal(resp.Body, &out)
-	return out, err
-}
-
-// PutPageBlob initializes an empty page blob with specified name and maximum
-// size in bytes (size must be aligned to a 512-byte boundary). A page blob must
-// be created using this method before writing pages.
-//
-// See CreateBlockBlobFromReader for more info on creating blobs.
-//
-// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/Put-Blob
-func (b *Blob) PutPageBlob(options *PutBlobOptions) error {
-	if b.Properties.ContentLength%512 != 0 {
-		return errors.New("Content length must be aligned to a 512-byte boundary")
-	}
-
-	params := url.Values{}
-	headers := b.Container.bsc.client.getStandardHeaders()
-	headers["x-ms-blob-type"] = string(BlobTypePage)
-	headers["x-ms-blob-content-length"] = fmt.Sprintf("%v", b.Properties.ContentLength)
-	headers["x-ms-blob-sequence-number"] = fmt.Sprintf("%v", b.Properties.SequenceNumber)
-	headers = mergeHeaders(headers, headersFromStruct(b.Properties))
-	headers = b.Container.bsc.client.addMetadataToHeaders(headers, b.Metadata)
-
-	if options != nil {
-		params = addTimeout(params, options.Timeout)
-		headers = mergeHeaders(headers, headersFromStruct(*options))
-	}
-	uri := b.Container.bsc.client.getEndpoint(blobServiceName, b.buildPath(), params)
-
-	resp, err := b.Container.bsc.client.exec(http.MethodPut, uri, headers, nil, b.Container.bsc.auth)
-	if err != nil {
-		return err
-	}
-	return b.respondCreation(resp, BlobTypePage)
-}
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/storage/queue.go b/vendor/github.com/Azure/azure-sdk-for-go/storage/queue.go
deleted file mode 100644
index 7731e4ebc..000000000
--- a/vendor/github.com/Azure/azure-sdk-for-go/storage/queue.go
+++ /dev/null
@@ -1,425 +0,0 @@
-package storage
-
-// Copyright (c) Microsoft Corporation. All rights reserved.
-// Licensed under the MIT License. See License.txt in the project root for license information.
-
-import (
-	"encoding/xml"
-	"fmt"
-	"io"
-	"net/http"
-	"net/url"
-	"strconv"
-	"time"
-)
-
-const (
-	// casing is per Golang's http.Header canonicalizing the header names.
-	approximateMessagesCountHeader = "X-Ms-Approximate-Messages-Count"
-)
-
-// QueueAccessPolicy represents each access policy in the queue ACL.
-type QueueAccessPolicy struct {
-	ID         string
-	StartTime  time.Time
-	ExpiryTime time.Time
-	CanRead    bool
-	CanAdd     bool
-	CanUpdate  bool
-	CanProcess bool
-}
-
-// QueuePermissions represents the queue ACLs.
-type QueuePermissions struct {
-	AccessPolicies []QueueAccessPolicy
-}
-
-// SetQueuePermissionOptions includes options for a set queue permissions operation
-type SetQueuePermissionOptions struct {
-	Timeout   uint
-	RequestID string `header:"x-ms-client-request-id"`
-}
-
-// Queue represents an Azure queue.
-type Queue struct {
-	qsc               *QueueServiceClient
-	Name              string
-	Metadata          map[string]string
-	AproxMessageCount uint64
-}
-
-func (q *Queue) buildPath() string {
-	return fmt.Sprintf("/%s", q.Name)
-}
-
-func (q *Queue) buildPathMessages() string {
-	return fmt.Sprintf("%s/messages", q.buildPath())
-}
-
-// QueueServiceOptions includes options for some queue service operations
-type QueueServiceOptions struct {
-	Timeout   uint
-	RequestID string `header:"x-ms-client-request-id"`
-}
-
-// Create operation creates a queue under the given account.
-//
-// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/Create-Queue4
-func (q *Queue) Create(options *QueueServiceOptions) error {
-	params := url.Values{}
-	headers := q.qsc.client.getStandardHeaders()
-	headers = q.qsc.client.addMetadataToHeaders(headers, q.Metadata)
-
-	if options != nil {
-		params = addTimeout(params, options.Timeout)
-		headers = mergeHeaders(headers, headersFromStruct(*options))
-	}
-	uri := q.qsc.client.getEndpoint(queueServiceName, q.buildPath(), params)
-
-	resp, err := q.qsc.client.exec(http.MethodPut, uri, headers, nil, q.qsc.auth)
-	if err != nil {
-		return err
-	}
-	defer drainRespBody(resp)
-	return checkRespCode(resp, []int{http.StatusCreated})
-}
-
-// Delete operation permanently deletes the specified queue.
-//
-// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/Delete-Queue3
-func (q *Queue) Delete(options *QueueServiceOptions) error {
-	params := url.Values{}
-	headers := q.qsc.client.getStandardHeaders()
-
-	if options != nil {
-		params = addTimeout(params, options.Timeout)
-		headers = mergeHeaders(headers, headersFromStruct(*options))
-	}
-	uri := q.qsc.client.getEndpoint(queueServiceName, q.buildPath(), params)
-	resp, err := q.qsc.client.exec(http.MethodDelete, uri, headers, nil, q.qsc.auth)
-	if err != nil {
-		return err
-	}
-	defer drainRespBody(resp)
-	return checkRespCode(resp, []int{http.StatusNoContent})
-}
-
-// Exists returns true if a queue with given name exists.
-func (q *Queue) Exists() (bool, error) {
-	uri := q.qsc.client.getEndpoint(queueServiceName, q.buildPath(), url.Values{"comp": {"metadata"}})
-	resp, err := q.qsc.client.exec(http.MethodGet, uri, q.qsc.client.getStandardHeaders(), nil, q.qsc.auth)
-	if resp != nil {
-		defer drainRespBody(resp)
-		if resp.StatusCode == http.StatusOK || resp.StatusCode == http.StatusNotFound {
-			return resp.StatusCode == http.StatusOK, nil
-		}
-		err = getErrorFromResponse(resp)
-	}
-	return false, err
-}
-
-// SetMetadata operation sets user-defined metadata on the specified queue.
-// Metadata is associated with the queue as name-value pairs.
-//
-// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/Set-Queue-Metadata
-func (q *Queue) SetMetadata(options *QueueServiceOptions) error {
-	params := url.Values{"comp": {"metadata"}}
-	headers := q.qsc.client.getStandardHeaders()
-	headers = q.qsc.client.addMetadataToHeaders(headers, q.Metadata)
-
-	if options != nil {
-		params = addTimeout(params, options.Timeout)
-		headers = mergeHeaders(headers, headersFromStruct(*options))
-	}
-	uri := q.qsc.client.getEndpoint(queueServiceName, q.buildPath(), params)
-
-	resp, err := q.qsc.client.exec(http.MethodPut, uri, headers, nil, q.qsc.auth)
-	if err != nil {
-		return err
-	}
-	defer drainRespBody(resp)
-	return checkRespCode(resp, []int{http.StatusNoContent})
-}
-
-// GetMetadata operation retrieves user-defined metadata and queue
-// properties on the specified queue. Metadata is associated with
-// the queue as name-values pairs.
-//
-// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/Set-Queue-Metadata
-//
-// Because the way Golang's http client (and http.Header in particular)
-// canonicalize header names, the returned metadata names would always
-// be all lower case.
-func (q *Queue) GetMetadata(options *QueueServiceOptions) error {
-	params := url.Values{"comp": {"metadata"}}
-	headers := q.qsc.client.getStandardHeaders()
-
-	if options != nil {
-		params = addTimeout(params, options.Timeout)
-		headers = mergeHeaders(headers, headersFromStruct(*options))
-	}
-	uri := q.qsc.client.getEndpoint(queueServiceName, q.buildPath(), params)
-
-	resp, err := q.qsc.client.exec(http.MethodGet, uri, headers, nil, q.qsc.auth)
-	if err != nil {
-		return err
-	}
-	defer drainRespBody(resp)
-
-	if err := checkRespCode(resp, []int{http.StatusOK}); err != nil {
-		return err
-	}
-
-	aproxMessagesStr := resp.Header.Get(http.CanonicalHeaderKey(approximateMessagesCountHeader))
-	if aproxMessagesStr != "" {
-		aproxMessages, err := strconv.ParseUint(aproxMessagesStr, 10, 64)
-		if err != nil {
-			return err
-		}
-		q.AproxMessageCount = aproxMessages
-	}
-
-	q.Metadata = getMetadataFromHeaders(resp.Header)
-	return nil
-}
-
-// GetMessageReference returns a message object with the specified text.
-func (q *Queue) GetMessageReference(text string) *Message {
-	return &Message{
-		Queue: q,
-		Text:  text,
-	}
-}
-
-// GetMessagesOptions is the set of options can be specified for Get
-// Messsages operation. A zero struct does not use any preferences for the
-// request.
-type GetMessagesOptions struct {
-	Timeout           uint
-	NumOfMessages     int
-	VisibilityTimeout int
-	RequestID         string `header:"x-ms-client-request-id"`
-}
-
-type messages struct {
-	XMLName  xml.Name  `xml:"QueueMessagesList"`
-	Messages []Message `xml:"QueueMessage"`
-}
-
-// GetMessages operation retrieves one or more messages from the front of the
-// queue.
-//
-// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/Get-Messages
-func (q *Queue) GetMessages(options *GetMessagesOptions) ([]Message, error) {
-	query := url.Values{}
-	headers := q.qsc.client.getStandardHeaders()
-
-	if options != nil {
-		if options.NumOfMessages != 0 {
-			query.Set("numofmessages", strconv.Itoa(options.NumOfMessages))
-		}
-		if options.VisibilityTimeout != 0 {
-			query.Set("visibilitytimeout", strconv.Itoa(options.VisibilityTimeout))
-		}
-		query = addTimeout(query, options.Timeout)
-		headers = mergeHeaders(headers, headersFromStruct(*options))
-	}
-	uri := q.qsc.client.getEndpoint(queueServiceName, q.buildPathMessages(), query)
-
-	resp, err := q.qsc.client.exec(http.MethodGet, uri, headers, nil, q.qsc.auth)
-	if err != nil {
-		return []Message{}, err
-	}
-	defer resp.Body.Close()
-
-	var out messages
-	err = xmlUnmarshal(resp.Body, &out)
-	if err != nil {
-		return []Message{}, err
-	}
-	for i := range out.Messages {
-		out.Messages[i].Queue = q
-	}
-	return out.Messages, err
-}
-
-// PeekMessagesOptions is the set of options can be specified for Peek
-// Messsage operation. A zero struct does not use any preferences for the
-// request.
-type PeekMessagesOptions struct {
-	Timeout       uint
-	NumOfMessages int
-	RequestID     string `header:"x-ms-client-request-id"`
-}
-
-// PeekMessages retrieves one or more messages from the front of the queue, but
-// does not alter the visibility of the message.
-//
-// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/Peek-Messages
-func (q *Queue) PeekMessages(options *PeekMessagesOptions) ([]Message, error) {
-	query := url.Values{"peekonly": {"true"}} // Required for peek operation
-	headers := q.qsc.client.getStandardHeaders()
-
-	if options != nil {
-		if options.NumOfMessages != 0 {
-			query.Set("numofmessages", strconv.Itoa(options.NumOfMessages))
-		}
-		query = addTimeout(query, options.Timeout)
-		headers = mergeHeaders(headers, headersFromStruct(*options))
-	}
-	uri := q.qsc.client.getEndpoint(queueServiceName, q.buildPathMessages(), query)
-
-	resp, err := q.qsc.client.exec(http.MethodGet, uri, headers, nil, q.qsc.auth)
-	if err != nil {
-		return []Message{}, err
-	}
-	defer resp.Body.Close()
-
-	var out messages
-	err = xmlUnmarshal(resp.Body, &out)
-	if err != nil {
-		return []Message{}, err
-	}
-	for i := range out.Messages {
-		out.Messages[i].Queue = q
-	}
-	return out.Messages, err
-}
-
-// ClearMessages operation deletes all messages from the specified queue.
-//
-// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/Clear-Messages
-func (q *Queue) ClearMessages(options *QueueServiceOptions) error {
-	params := url.Values{}
-	headers := q.qsc.client.getStandardHeaders()
-
-	if options != nil {
-		params = addTimeout(params, options.Timeout)
-		headers = mergeHeaders(headers, headersFromStruct(*options))
-	}
-	uri := q.qsc.client.getEndpoint(queueServiceName, q.buildPathMessages(), params)
-
-	resp, err := q.qsc.client.exec(http.MethodDelete, uri, headers, nil, q.qsc.auth)
-	if err != nil {
-		return err
-	}
-	defer drainRespBody(resp)
-	return checkRespCode(resp, []int{http.StatusNoContent})
-}
-
-// SetPermissions sets up queue permissions
-// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/set-queue-acl
-func (q *Queue) SetPermissions(permissions QueuePermissions, options *SetQueuePermissionOptions) error {
-	body, length, err := generateQueueACLpayload(permissions.AccessPolicies)
-	if err != nil {
-		return err
-	}
-
-	params := url.Values{
-		"comp": {"acl"},
-	}
-	headers := q.qsc.client.getStandardHeaders()
-	headers["Content-Length"] = strconv.Itoa(length)
-
-	if options != nil {
-		params = addTimeout(params, options.Timeout)
-		headers = mergeHeaders(headers, headersFromStruct(*options))
-	}
-	uri := q.qsc.client.getEndpoint(queueServiceName, q.buildPath(), params)
-	resp, err := q.qsc.client.exec(http.MethodPut, uri, headers, body, q.qsc.auth)
-	if err != nil {
-		return err
-	}
-	defer drainRespBody(resp)
-	return checkRespCode(resp, []int{http.StatusNoContent})
-}
-
-func generateQueueACLpayload(policies []QueueAccessPolicy) (io.Reader, int, error) {
-	sil := SignedIdentifiers{
-		SignedIdentifiers: []SignedIdentifier{},
-	}
-	for _, qapd := range policies {
-		permission := qapd.generateQueuePermissions()
-		signedIdentifier := convertAccessPolicyToXMLStructs(qapd.ID, qapd.StartTime, qapd.ExpiryTime, permission)
-		sil.SignedIdentifiers = append(sil.SignedIdentifiers, signedIdentifier)
-	}
-	return xmlMarshal(sil)
-}
-
-func (qapd *QueueAccessPolicy) generateQueuePermissions() (permissions string) {
-	// generate the permissions string (raup).
-	// still want the end user API to have bool flags.
-	permissions = ""
-
-	if qapd.CanRead {
-		permissions += "r"
-	}
-
-	if qapd.CanAdd {
-		permissions += "a"
-	}
-
-	if qapd.CanUpdate {
-		permissions += "u"
-	}
-
-	if qapd.CanProcess {
-		permissions += "p"
-	}
-
-	return permissions
-}
-
-// GetQueuePermissionOptions includes options for a get queue permissions operation
-type GetQueuePermissionOptions struct {
-	Timeout   uint
-	RequestID string `header:"x-ms-client-request-id"`
-}
-
-// GetPermissions gets the queue permissions as per https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/get-queue-acl
-// If timeout is 0 then it will not be passed to Azure
-func (q *Queue) GetPermissions(options *GetQueuePermissionOptions) (*QueuePermissions, error) {
-	params := url.Values{
-		"comp": {"acl"},
-	}
-	headers := q.qsc.client.getStandardHeaders()
-
-	if options != nil {
-		params = addTimeout(params, options.Timeout)
-		headers = mergeHeaders(headers, headersFromStruct(*options))
-	}
-	uri := q.qsc.client.getEndpoint(queueServiceName, q.buildPath(), params)
-	resp, err := q.qsc.client.exec(http.MethodGet, uri, headers, nil, q.qsc.auth)
-	if err != nil {
-		return nil, err
-	}
-	defer resp.Body.Close()
-
-	var ap AccessPolicy
-	err = xmlUnmarshal(resp.Body, &ap.SignedIdentifiersList)
-	if err != nil {
-		return nil, err
-	}
-	return buildQueueAccessPolicy(ap, &resp.Header), nil
-}
-
-func buildQueueAccessPolicy(ap AccessPolicy, headers *http.Header) *QueuePermissions {
-	permissions := QueuePermissions{
-		AccessPolicies: []QueueAccessPolicy{},
-	}
-
-	for _, policy := range ap.SignedIdentifiersList.SignedIdentifiers {
-		qapd := QueueAccessPolicy{
-			ID:         policy.ID,
-			StartTime:  policy.AccessPolicy.StartTime,
-			ExpiryTime: policy.AccessPolicy.ExpiryTime,
-		}
-		qapd.CanRead = updatePermissions(policy.AccessPolicy.Permission, "r")
-		qapd.CanAdd = updatePermissions(policy.AccessPolicy.Permission, "a")
-		qapd.CanUpdate = updatePermissions(policy.AccessPolicy.Permission, "u")
-		qapd.CanProcess = updatePermissions(policy.AccessPolicy.Permission, "p")
-
-		permissions.AccessPolicies = append(permissions.AccessPolicies, qapd)
-	}
-	return &permissions
-}
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/storage/queuesasuri.go b/vendor/github.com/Azure/azure-sdk-for-go/storage/queuesasuri.go
deleted file mode 100644
index ab39f956f..000000000
--- a/vendor/github.com/Azure/azure-sdk-for-go/storage/queuesasuri.go
+++ /dev/null
@@ -1,135 +0,0 @@
-package storage
-
-// Copyright (c) Microsoft Corporation. All rights reserved.
-// Licensed under the MIT License. See License.txt in the project root for license information.
-
-import (
-	"errors"
-	"fmt"
-	"net/url"
-	"strings"
-	"time"
-)
-
-// QueueSASOptions are options to construct a blob SAS
-// URI.
-// See https://docs.microsoft.com/en-us/rest/api/storageservices/constructing-a-service-sas
-type QueueSASOptions struct {
-	QueueSASPermissions
-	SASOptions
-}
-
-// QueueSASPermissions includes the available permissions for
-// a queue SAS URI.
-type QueueSASPermissions struct {
-	Read    bool
-	Add     bool
-	Update  bool
-	Process bool
-}
-
-func (q QueueSASPermissions) buildString() string {
-	permissions := ""
-
-	if q.Read {
-		permissions += "r"
-	}
-	if q.Add {
-		permissions += "a"
-	}
-	if q.Update {
-		permissions += "u"
-	}
-	if q.Process {
-		permissions += "p"
-	}
-	return permissions
-}
-
-// GetSASURI creates an URL to the specified queue which contains the Shared
-// Access Signature with specified permissions and expiration time.
-//
-// See https://docs.microsoft.com/en-us/rest/api/storageservices/constructing-a-service-sas
-func (q *Queue) GetSASURI(options QueueSASOptions) (string, error) {
-	canonicalizedResource, err := q.qsc.client.buildCanonicalizedResource(q.buildPath(), q.qsc.auth, true)
-	if err != nil {
-		return "", err
-	}
-
-	// "The canonicalizedresouce portion of the string is a canonical path to the signed resource.
-	// It must include the service name (blob, table, queue or file) for version 2015-02-21 or
-	// later, the storage account name, and the resource name, and must be URL-decoded.
-	// -- https://msdn.microsoft.com/en-us/library/azure/dn140255.aspx
-	// We need to replace + with %2b first to avoid being treated as a space (which is correct for query strings, but not the path component).
-	canonicalizedResource = strings.Replace(canonicalizedResource, "+", "%2b", -1)
-	canonicalizedResource, err = url.QueryUnescape(canonicalizedResource)
-	if err != nil {
-		return "", err
-	}
-
-	signedStart := ""
-	if options.Start != (time.Time{}) {
-		signedStart = options.Start.UTC().Format(time.RFC3339)
-	}
-	signedExpiry := options.Expiry.UTC().Format(time.RFC3339)
-
-	protocols := "https,http"
-	if options.UseHTTPS {
-		protocols = "https"
-	}
-
-	permissions := options.QueueSASPermissions.buildString()
-	stringToSign, err := queueSASStringToSign(q.qsc.client.apiVersion, canonicalizedResource, signedStart, signedExpiry, options.IP, permissions, protocols, options.Identifier)
-	if err != nil {
-		return "", err
-	}
-
-	sig := q.qsc.client.computeHmac256(stringToSign)
-	sasParams := url.Values{
-		"sv":  {q.qsc.client.apiVersion},
-		"se":  {signedExpiry},
-		"sp":  {permissions},
-		"sig": {sig},
-	}
-
-	if q.qsc.client.apiVersion >= "2015-04-05" {
-		sasParams.Add("spr", protocols)
-		addQueryParameter(sasParams, "sip", options.IP)
-	}
-
-	uri := q.qsc.client.getEndpoint(queueServiceName, q.buildPath(), nil)
-	sasURL, err := url.Parse(uri)
-	if err != nil {
-		return "", err
-	}
-	sasURL.RawQuery = sasParams.Encode()
-	return sasURL.String(), nil
-}
-
-func queueSASStringToSign(signedVersion, canonicalizedResource, signedStart, signedExpiry, signedIP, signedPermissions, protocols, signedIdentifier string) (string, error) {
-
-	if signedVersion >= "2015-02-21" {
-		canonicalizedResource = "/queue" + canonicalizedResource
-	}
-
-	// https://msdn.microsoft.com/en-us/library/azure/dn140255.aspx#Anchor_12
-	if signedVersion >= "2015-04-05" {
-		return fmt.Sprintf("%s\n%s\n%s\n%s\n%s\n%s\n%s\n%s",
-			signedPermissions,
-			signedStart,
-			signedExpiry,
-			canonicalizedResource,
-			signedIdentifier,
-			signedIP,
-			protocols,
-			signedVersion), nil
-
-	}
-
-	// reference: http://msdn.microsoft.com/en-us/library/azure/dn140255.aspx
-	if signedVersion >= "2013-08-15" {
-		return fmt.Sprintf("%s\n%s\n%s\n%s\n%s\n%s", signedPermissions, signedStart, signedExpiry, canonicalizedResource, signedIdentifier, signedVersion), nil
-	}
-
-	return "", errors.New("storage: not implemented SAS for versions earlier than 2013-08-15")
-}
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/storage/queueserviceclient.go b/vendor/github.com/Azure/azure-sdk-for-go/storage/queueserviceclient.go
deleted file mode 100644
index 752701c3b..000000000
--- a/vendor/github.com/Azure/azure-sdk-for-go/storage/queueserviceclient.go
+++ /dev/null
@@ -1,31 +0,0 @@
-package storage
-
-// Copyright (c) Microsoft Corporation. All rights reserved.
-// Licensed under the MIT License. See License.txt in the project root for license information.
-
-// QueueServiceClient contains operations for Microsoft Azure Queue Storage
-// Service.
-type QueueServiceClient struct {
-	client Client
-	auth   authentication
-}
-
-// GetServiceProperties gets the properties of your storage account's queue service.
-// See: https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/get-queue-service-properties
-func (q *QueueServiceClient) GetServiceProperties() (*ServiceProperties, error) {
-	return q.client.getServiceProperties(queueServiceName, q.auth)
-}
-
-// SetServiceProperties sets the properties of your storage account's queue service.
-// See: https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/set-queue-service-properties
-func (q *QueueServiceClient) SetServiceProperties(props ServiceProperties) error {
-	return q.client.setServiceProperties(props, queueServiceName, q.auth)
-}
-
-// GetQueueReference returns a Container object for the specified queue name.
-func (q *QueueServiceClient) GetQueueReference(name string) *Queue {
-	return &Queue{
-		qsc:  q,
-		Name: name,
-	}
-}
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/storage/share.go b/vendor/github.com/Azure/azure-sdk-for-go/storage/share.go
deleted file mode 100644
index 30f7c1435..000000000
--- a/vendor/github.com/Azure/azure-sdk-for-go/storage/share.go
+++ /dev/null
@@ -1,205 +0,0 @@
-package storage
-
-// Copyright (c) Microsoft Corporation. All rights reserved.
-// Licensed under the MIT License. See License.txt in the project root for license information.
-
-import (
-	"fmt"
-	"net/http"
-	"net/url"
-	"strconv"
-)
-
-// Share represents an Azure file share.
-type Share struct {
-	fsc        *FileServiceClient
-	Name       string          `xml:"Name"`
-	Properties ShareProperties `xml:"Properties"`
-	Metadata   map[string]string
-}
-
-// ShareProperties contains various properties of a share.
-type ShareProperties struct {
-	LastModified string `xml:"Last-Modified"`
-	Etag         string `xml:"Etag"`
-	Quota        int    `xml:"Quota"`
-}
-
-// builds the complete path for this share object.
-func (s *Share) buildPath() string {
-	return fmt.Sprintf("/%s", s.Name)
-}
-
-// Create this share under the associated account.
-// If a share with the same name already exists, the operation fails.
-//
-// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/Create-Share
-func (s *Share) Create(options *FileRequestOptions) error {
-	extraheaders := map[string]string{}
-	if s.Properties.Quota > 0 {
-		extraheaders["x-ms-share-quota"] = strconv.Itoa(s.Properties.Quota)
-	}
-
-	params := prepareOptions(options)
-	headers, err := s.fsc.createResource(s.buildPath(), resourceShare, params, mergeMDIntoExtraHeaders(s.Metadata, extraheaders), []int{http.StatusCreated})
-	if err != nil {
-		return err
-	}
-
-	s.updateEtagAndLastModified(headers)
-	return nil
-}
-
-// CreateIfNotExists creates this share under the associated account if
-// it does not exist. Returns true if the share is newly created or false if
-// the share already exists.
-//
-// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/Create-Share
-func (s *Share) CreateIfNotExists(options *FileRequestOptions) (bool, error) {
-	extraheaders := map[string]string{}
-	if s.Properties.Quota > 0 {
-		extraheaders["x-ms-share-quota"] = strconv.Itoa(s.Properties.Quota)
-	}
-
-	params := prepareOptions(options)
-	resp, err := s.fsc.createResourceNoClose(s.buildPath(), resourceShare, params, extraheaders)
-	if resp != nil {
-		defer drainRespBody(resp)
-		if resp.StatusCode == http.StatusCreated || resp.StatusCode == http.StatusConflict {
-			if resp.StatusCode == http.StatusCreated {
-				s.updateEtagAndLastModified(resp.Header)
-				return true, nil
-			}
-			return false, s.FetchAttributes(nil)
-		}
-	}
-
-	return false, err
-}
-
-// Delete marks this share for deletion. The share along with any files
-// and directories contained within it are later deleted during garbage
-// collection.  If the share does not exist the operation fails
-//
-// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/Delete-Share
-func (s *Share) Delete(options *FileRequestOptions) error {
-	return s.fsc.deleteResource(s.buildPath(), resourceShare, options)
-}
-
-// DeleteIfExists operation marks this share for deletion if it exists.
-//
-// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/Delete-Share
-func (s *Share) DeleteIfExists(options *FileRequestOptions) (bool, error) {
-	resp, err := s.fsc.deleteResourceNoClose(s.buildPath(), resourceShare, options)
-	if resp != nil {
-		defer drainRespBody(resp)
-		if resp.StatusCode == http.StatusAccepted || resp.StatusCode == http.StatusNotFound {
-			return resp.StatusCode == http.StatusAccepted, nil
-		}
-	}
-	return false, err
-}
-
-// Exists returns true if this share already exists
-// on the storage account, otherwise returns false.
-func (s *Share) Exists() (bool, error) {
-	exists, headers, err := s.fsc.resourceExists(s.buildPath(), resourceShare)
-	if exists {
-		s.updateEtagAndLastModified(headers)
-		s.updateQuota(headers)
-	}
-	return exists, err
-}
-
-// FetchAttributes retrieves metadata and properties for this share.
-// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/get-share-properties
-func (s *Share) FetchAttributes(options *FileRequestOptions) error {
-	params := prepareOptions(options)
-	headers, err := s.fsc.getResourceHeaders(s.buildPath(), compNone, resourceShare, params, http.MethodHead)
-	if err != nil {
-		return err
-	}
-
-	s.updateEtagAndLastModified(headers)
-	s.updateQuota(headers)
-	s.Metadata = getMetadataFromHeaders(headers)
-
-	return nil
-}
-
-// GetRootDirectoryReference returns a Directory object at the root of this share.
-func (s *Share) GetRootDirectoryReference() *Directory {
-	return &Directory{
-		fsc:   s.fsc,
-		share: s,
-	}
-}
-
-// ServiceClient returns the FileServiceClient associated with this share.
-func (s *Share) ServiceClient() *FileServiceClient {
-	return s.fsc
-}
-
-// SetMetadata replaces the metadata for this share.
-//
-// Some keys may be converted to Camel-Case before sending. All keys
-// are returned in lower case by GetShareMetadata. HTTP header names
-// are case-insensitive so case munging should not matter to other
-// applications either.
-//
-// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/set-share-metadata
-func (s *Share) SetMetadata(options *FileRequestOptions) error {
-	headers, err := s.fsc.setResourceHeaders(s.buildPath(), compMetadata, resourceShare, mergeMDIntoExtraHeaders(s.Metadata, nil), options)
-	if err != nil {
-		return err
-	}
-
-	s.updateEtagAndLastModified(headers)
-	return nil
-}
-
-// SetProperties sets system properties for this share.
-//
-// Some keys may be converted to Camel-Case before sending. All keys
-// are returned in lower case by SetShareProperties. HTTP header names
-// are case-insensitive so case munging should not matter to other
-// applications either.
-//
-// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/Set-Share-Properties
-func (s *Share) SetProperties(options *FileRequestOptions) error {
-	extraheaders := map[string]string{}
-	if s.Properties.Quota > 0 {
-		if s.Properties.Quota > 5120 {
-			return fmt.Errorf("invalid value %v for quota, valid values are [1, 5120]", s.Properties.Quota)
-		}
-		extraheaders["x-ms-share-quota"] = strconv.Itoa(s.Properties.Quota)
-	}
-
-	headers, err := s.fsc.setResourceHeaders(s.buildPath(), compProperties, resourceShare, extraheaders, options)
-	if err != nil {
-		return err
-	}
-
-	s.updateEtagAndLastModified(headers)
-	return nil
-}
-
-// updates Etag and last modified date
-func (s *Share) updateEtagAndLastModified(headers http.Header) {
-	s.Properties.Etag = headers.Get("Etag")
-	s.Properties.LastModified = headers.Get("Last-Modified")
-}
-
-// updates quota value
-func (s *Share) updateQuota(headers http.Header) {
-	quota, err := strconv.Atoi(headers.Get("x-ms-share-quota"))
-	if err == nil {
-		s.Properties.Quota = quota
-	}
-}
-
-// URL gets the canonical URL to this share. This method does not create a publicly accessible
-// URL if the share is private and this method does not check if the share exists.
-func (s *Share) URL() string {
-	return s.fsc.client.getEndpoint(fileServiceName, s.buildPath(), url.Values{})
-}
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/storage/storagepolicy.go b/vendor/github.com/Azure/azure-sdk-for-go/storage/storagepolicy.go
deleted file mode 100644
index 35d13670c..000000000
--- a/vendor/github.com/Azure/azure-sdk-for-go/storage/storagepolicy.go
+++ /dev/null
@@ -1,50 +0,0 @@
-package storage
-
-// Copyright (c) Microsoft Corporation. All rights reserved.
-// Licensed under the MIT License. See License.txt in the project root for license information.
-
-import (
-	"strings"
-	"time"
-)
-
-// AccessPolicyDetailsXML has specifics about an access policy
-// annotated with XML details.
-type AccessPolicyDetailsXML struct {
-	StartTime  time.Time `xml:"Start"`
-	ExpiryTime time.Time `xml:"Expiry"`
-	Permission string    `xml:"Permission"`
-}
-
-// SignedIdentifier is a wrapper for a specific policy
-type SignedIdentifier struct {
-	ID           string                 `xml:"Id"`
-	AccessPolicy AccessPolicyDetailsXML `xml:"AccessPolicy"`
-}
-
-// SignedIdentifiers part of the response from GetPermissions call.
-type SignedIdentifiers struct {
-	SignedIdentifiers []SignedIdentifier `xml:"SignedIdentifier"`
-}
-
-// AccessPolicy is the response type from the GetPermissions call.
-type AccessPolicy struct {
-	SignedIdentifiersList SignedIdentifiers `xml:"SignedIdentifiers"`
-}
-
-// convertAccessPolicyToXMLStructs converts between AccessPolicyDetails which is a struct better for API usage to the
-// AccessPolicy struct which will get converted to XML.
-func convertAccessPolicyToXMLStructs(id string, startTime time.Time, expiryTime time.Time, permissions string) SignedIdentifier {
-	return SignedIdentifier{
-		ID: id,
-		AccessPolicy: AccessPolicyDetailsXML{
-			StartTime:  startTime.UTC().Round(time.Second),
-			ExpiryTime: expiryTime.UTC().Round(time.Second),
-			Permission: permissions,
-		},
-	}
-}
-
-func updatePermissions(permissions, permission string) bool {
-	return strings.Contains(permissions, permission)
-}
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/storage/storageservice.go b/vendor/github.com/Azure/azure-sdk-for-go/storage/storageservice.go
deleted file mode 100644
index d139db776..000000000
--- a/vendor/github.com/Azure/azure-sdk-for-go/storage/storageservice.go
+++ /dev/null
@@ -1,139 +0,0 @@
-package storage
-
-// Copyright (c) Microsoft Corporation. All rights reserved.
-// Licensed under the MIT License. See License.txt in the project root for license information.
-
-import (
-	"net/http"
-	"net/url"
-	"strconv"
-)
-
-// ServiceProperties represents the storage account service properties
-type ServiceProperties struct {
-	Logging               *Logging
-	HourMetrics           *Metrics
-	MinuteMetrics         *Metrics
-	Cors                  *Cors
-	DeleteRetentionPolicy *RetentionPolicy // blob storage only
-	StaticWebsite         *StaticWebsite   // blob storage only
-}
-
-// Logging represents the Azure Analytics Logging settings
-type Logging struct {
-	Version         string
-	Delete          bool
-	Read            bool
-	Write           bool
-	RetentionPolicy *RetentionPolicy
-}
-
-// RetentionPolicy indicates if retention is enabled and for how many days
-type RetentionPolicy struct {
-	Enabled bool
-	Days    *int
-}
-
-// Metrics provide request statistics.
-type Metrics struct {
-	Version         string
-	Enabled         bool
-	IncludeAPIs     *bool
-	RetentionPolicy *RetentionPolicy
-}
-
-// Cors includes all the CORS rules
-type Cors struct {
-	CorsRule []CorsRule
-}
-
-// CorsRule includes all settings for a Cors rule
-type CorsRule struct {
-	AllowedOrigins  string
-	AllowedMethods  string
-	MaxAgeInSeconds int
-	ExposedHeaders  string
-	AllowedHeaders  string
-}
-
-// StaticWebsite - The properties that enable an account to host a static website
-type StaticWebsite struct {
-	// Enabled - Indicates whether this account is hosting a static website
-	Enabled bool
-	// IndexDocument - The default name of the index page under each directory
-	IndexDocument *string
-	// ErrorDocument404Path - The absolute path of the custom 404 page
-	ErrorDocument404Path *string
-}
-
-func (c Client) getServiceProperties(service string, auth authentication) (*ServiceProperties, error) {
-	query := url.Values{
-		"restype": {"service"},
-		"comp":    {"properties"},
-	}
-	uri := c.getEndpoint(service, "", query)
-	headers := c.getStandardHeaders()
-
-	resp, err := c.exec(http.MethodGet, uri, headers, nil, auth)
-	if err != nil {
-		return nil, err
-	}
-	defer resp.Body.Close()
-
-	if err := checkRespCode(resp, []int{http.StatusOK}); err != nil {
-		return nil, err
-	}
-
-	var out ServiceProperties
-	err = xmlUnmarshal(resp.Body, &out)
-	if err != nil {
-		return nil, err
-	}
-
-	return &out, nil
-}
-
-func (c Client) setServiceProperties(props ServiceProperties, service string, auth authentication) error {
-	query := url.Values{
-		"restype": {"service"},
-		"comp":    {"properties"},
-	}
-	uri := c.getEndpoint(service, "", query)
-
-	// Ideally, StorageServiceProperties would be the output struct
-	// This is to avoid golint stuttering, while generating the correct XML
-	type StorageServiceProperties struct {
-		Logging               *Logging
-		HourMetrics           *Metrics
-		MinuteMetrics         *Metrics
-		Cors                  *Cors
-		DeleteRetentionPolicy *RetentionPolicy
-		StaticWebsite         *StaticWebsite
-	}
-	input := StorageServiceProperties{
-		Logging:       props.Logging,
-		HourMetrics:   props.HourMetrics,
-		MinuteMetrics: props.MinuteMetrics,
-		Cors:          props.Cors,
-	}
-	// only set these fields for blob storage else it's invalid XML
-	if service == blobServiceName {
-		input.DeleteRetentionPolicy = props.DeleteRetentionPolicy
-		input.StaticWebsite = props.StaticWebsite
-	}
-
-	body, length, err := xmlMarshal(input)
-	if err != nil {
-		return err
-	}
-
-	headers := c.getStandardHeaders()
-	headers["Content-Length"] = strconv.Itoa(length)
-
-	resp, err := c.exec(http.MethodPut, uri, headers, body, auth)
-	if err != nil {
-		return err
-	}
-	defer drainRespBody(resp)
-	return checkRespCode(resp, []int{http.StatusAccepted})
-}
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/storage/table.go b/vendor/github.com/Azure/azure-sdk-for-go/storage/table.go
deleted file mode 100644
index fc8631ee2..000000000
--- a/vendor/github.com/Azure/azure-sdk-for-go/storage/table.go
+++ /dev/null
@@ -1,412 +0,0 @@
-package storage
-
-// Copyright (c) Microsoft Corporation. All rights reserved.
-// Licensed under the MIT License. See License.txt in the project root for license information.
-
-import (
-	"bytes"
-	"encoding/json"
-	"fmt"
-	"io"
-	"io/ioutil"
-	"net/http"
-	"net/url"
-	"strconv"
-	"strings"
-	"time"
-)
-
-const (
-	tablesURIPath                  = "/Tables"
-	nextTableQueryParameter        = "NextTableName"
-	headerNextPartitionKey         = "x-ms-continuation-NextPartitionKey"
-	headerNextRowKey               = "x-ms-continuation-NextRowKey"
-	nextPartitionKeyQueryParameter = "NextPartitionKey"
-	nextRowKeyQueryParameter       = "NextRowKey"
-)
-
-// TableAccessPolicy are used for SETTING table policies
-type TableAccessPolicy struct {
-	ID         string
-	StartTime  time.Time
-	ExpiryTime time.Time
-	CanRead    bool
-	CanAppend  bool
-	CanUpdate  bool
-	CanDelete  bool
-}
-
-// Table represents an Azure table.
-type Table struct {
-	tsc           *TableServiceClient
-	Name          string `json:"TableName"`
-	OdataEditLink string `json:"odata.editLink"`
-	OdataID       string `json:"odata.id"`
-	OdataMetadata string `json:"odata.metadata"`
-	OdataType     string `json:"odata.type"`
-}
-
-// EntityQueryResult contains the response from
-// ExecuteQuery and ExecuteQueryNextResults functions.
-type EntityQueryResult struct {
-	OdataMetadata string    `json:"odata.metadata"`
-	Entities      []*Entity `json:"value"`
-	QueryNextLink
-	table *Table
-}
-
-type continuationToken struct {
-	NextPartitionKey string
-	NextRowKey       string
-}
-
-func (t *Table) buildPath() string {
-	return fmt.Sprintf("/%s", t.Name)
-}
-
-func (t *Table) buildSpecificPath() string {
-	return fmt.Sprintf("%s('%s')", tablesURIPath, t.Name)
-}
-
-// Get gets the referenced table.
-// See: https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/querying-tables-and-entities
-func (t *Table) Get(timeout uint, ml MetadataLevel) error {
-	if ml == EmptyPayload {
-		return errEmptyPayload
-	}
-
-	query := url.Values{
-		"timeout": {strconv.FormatUint(uint64(timeout), 10)},
-	}
-	headers := t.tsc.client.getStandardHeaders()
-	headers[headerAccept] = string(ml)
-
-	uri := t.tsc.client.getEndpoint(tableServiceName, t.buildSpecificPath(), query)
-	resp, err := t.tsc.client.exec(http.MethodGet, uri, headers, nil, t.tsc.auth)
-	if err != nil {
-		return err
-	}
-	defer resp.Body.Close()
-
-	if err = checkRespCode(resp, []int{http.StatusOK}); err != nil {
-		return err
-	}
-
-	respBody, err := ioutil.ReadAll(resp.Body)
-	if err != nil {
-		return err
-	}
-	err = json.Unmarshal(respBody, t)
-	if err != nil {
-		return err
-	}
-	return nil
-}
-
-// Create creates the referenced table.
-// This function fails if the name is not compliant
-// with the specification or the tables already exists.
-// ml determines the level of detail of metadata in the operation response,
-// or no data at all.
-// See https://docs.microsoft.com/rest/api/storageservices/fileservices/create-table
-func (t *Table) Create(timeout uint, ml MetadataLevel, options *TableOptions) error {
-	uri := t.tsc.client.getEndpoint(tableServiceName, tablesURIPath, url.Values{
-		"timeout": {strconv.FormatUint(uint64(timeout), 10)},
-	})
-
-	type createTableRequest struct {
-		TableName string `json:"TableName"`
-	}
-	req := createTableRequest{TableName: t.Name}
-	buf := new(bytes.Buffer)
-	if err := json.NewEncoder(buf).Encode(req); err != nil {
-		return err
-	}
-
-	headers := t.tsc.client.getStandardHeaders()
-	headers = addReturnContentHeaders(headers, ml)
-	headers = addBodyRelatedHeaders(headers, buf.Len())
-	headers = options.addToHeaders(headers)
-
-	resp, err := t.tsc.client.exec(http.MethodPost, uri, headers, buf, t.tsc.auth)
-	if err != nil {
-		return err
-	}
-	defer resp.Body.Close()
-
-	if ml == EmptyPayload {
-		if err := checkRespCode(resp, []int{http.StatusNoContent}); err != nil {
-			return err
-		}
-	} else {
-		if err := checkRespCode(resp, []int{http.StatusCreated}); err != nil {
-			return err
-		}
-	}
-
-	if ml != EmptyPayload {
-		data, err := ioutil.ReadAll(resp.Body)
-		if err != nil {
-			return err
-		}
-		err = json.Unmarshal(data, t)
-		if err != nil {
-			return err
-		}
-	}
-
-	return nil
-}
-
-// Delete deletes the referenced table.
-// This function fails if the table is not present.
-// Be advised: Delete deletes all the entries that may be present.
-// See https://docs.microsoft.com/rest/api/storageservices/fileservices/delete-table
-func (t *Table) Delete(timeout uint, options *TableOptions) error {
-	uri := t.tsc.client.getEndpoint(tableServiceName, t.buildSpecificPath(), url.Values{
-		"timeout": {strconv.Itoa(int(timeout))},
-	})
-
-	headers := t.tsc.client.getStandardHeaders()
-	headers = addReturnContentHeaders(headers, EmptyPayload)
-	headers = options.addToHeaders(headers)
-
-	resp, err := t.tsc.client.exec(http.MethodDelete, uri, headers, nil, t.tsc.auth)
-	if err != nil {
-		return err
-	}
-	defer drainRespBody(resp)
-
-	return checkRespCode(resp, []int{http.StatusNoContent})
-}
-
-// QueryOptions includes options for a query entities operation.
-// Top, filter and select are OData query options.
-type QueryOptions struct {
-	Top       uint
-	Filter    string
-	Select    []string
-	RequestID string
-}
-
-func (options *QueryOptions) getParameters() (url.Values, map[string]string) {
-	query := url.Values{}
-	headers := map[string]string{}
-	if options != nil {
-		if options.Top > 0 {
-			query.Add(OdataTop, strconv.FormatUint(uint64(options.Top), 10))
-		}
-		if options.Filter != "" {
-			query.Add(OdataFilter, options.Filter)
-		}
-		if len(options.Select) > 0 {
-			query.Add(OdataSelect, strings.Join(options.Select, ","))
-		}
-		headers = addToHeaders(headers, "x-ms-client-request-id", options.RequestID)
-	}
-	return query, headers
-}
-
-// QueryEntities returns the entities in the table.
-// You can use query options defined by the OData Protocol specification.
-//
-// See: https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/query-entities
-func (t *Table) QueryEntities(timeout uint, ml MetadataLevel, options *QueryOptions) (*EntityQueryResult, error) {
-	if ml == EmptyPayload {
-		return nil, errEmptyPayload
-	}
-	query, headers := options.getParameters()
-	query = addTimeout(query, timeout)
-	uri := t.tsc.client.getEndpoint(tableServiceName, t.buildPath(), query)
-	return t.queryEntities(uri, headers, ml)
-}
-
-// NextResults returns the next page of results
-// from a QueryEntities or NextResults operation.
-//
-// See: https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/query-entities
-// See https://docs.microsoft.com/rest/api/storageservices/fileservices/query-timeout-and-pagination
-func (eqr *EntityQueryResult) NextResults(options *TableOptions) (*EntityQueryResult, error) {
-	if eqr == nil {
-		return nil, errNilPreviousResult
-	}
-	if eqr.NextLink == nil {
-		return nil, errNilNextLink
-	}
-	headers := options.addToHeaders(map[string]string{})
-	return eqr.table.queryEntities(*eqr.NextLink, headers, eqr.ml)
-}
-
-// SetPermissions sets up table ACL permissions
-// See https://docs.microsoft.com/rest/api/storageservices/fileservices/Set-Table-ACL
-func (t *Table) SetPermissions(tap []TableAccessPolicy, timeout uint, options *TableOptions) error {
-	params := url.Values{"comp": {"acl"},
-		"timeout": {strconv.Itoa(int(timeout))},
-	}
-
-	uri := t.tsc.client.getEndpoint(tableServiceName, t.Name, params)
-	headers := t.tsc.client.getStandardHeaders()
-	headers = options.addToHeaders(headers)
-
-	body, length, err := generateTableACLPayload(tap)
-	if err != nil {
-		return err
-	}
-	headers["Content-Length"] = strconv.Itoa(length)
-
-	resp, err := t.tsc.client.exec(http.MethodPut, uri, headers, body, t.tsc.auth)
-	if err != nil {
-		return err
-	}
-	defer drainRespBody(resp)
-
-	return checkRespCode(resp, []int{http.StatusNoContent})
-}
-
-func generateTableACLPayload(policies []TableAccessPolicy) (io.Reader, int, error) {
-	sil := SignedIdentifiers{
-		SignedIdentifiers: []SignedIdentifier{},
-	}
-	for _, tap := range policies {
-		permission := generateTablePermissions(&tap)
-		signedIdentifier := convertAccessPolicyToXMLStructs(tap.ID, tap.StartTime, tap.ExpiryTime, permission)
-		sil.SignedIdentifiers = append(sil.SignedIdentifiers, signedIdentifier)
-	}
-	return xmlMarshal(sil)
-}
-
-// GetPermissions gets the table ACL permissions
-// See https://docs.microsoft.com/rest/api/storageservices/fileservices/get-table-acl
-func (t *Table) GetPermissions(timeout int, options *TableOptions) ([]TableAccessPolicy, error) {
-	params := url.Values{"comp": {"acl"},
-		"timeout": {strconv.Itoa(int(timeout))},
-	}
-
-	uri := t.tsc.client.getEndpoint(tableServiceName, t.Name, params)
-	headers := t.tsc.client.getStandardHeaders()
-	headers = options.addToHeaders(headers)
-
-	resp, err := t.tsc.client.exec(http.MethodGet, uri, headers, nil, t.tsc.auth)
-	if err != nil {
-		return nil, err
-	}
-	defer resp.Body.Close()
-
-	if err = checkRespCode(resp, []int{http.StatusOK}); err != nil {
-		return nil, err
-	}
-
-	var ap AccessPolicy
-	err = xmlUnmarshal(resp.Body, &ap.SignedIdentifiersList)
-	if err != nil {
-		return nil, err
-	}
-	return updateTableAccessPolicy(ap), nil
-}
-
-func (t *Table) queryEntities(uri string, headers map[string]string, ml MetadataLevel) (*EntityQueryResult, error) {
-	headers = mergeHeaders(headers, t.tsc.client.getStandardHeaders())
-	if ml != EmptyPayload {
-		headers[headerAccept] = string(ml)
-	}
-
-	resp, err := t.tsc.client.exec(http.MethodGet, uri, headers, nil, t.tsc.auth)
-	if err != nil {
-		return nil, err
-	}
-	defer resp.Body.Close()
-
-	if err = checkRespCode(resp, []int{http.StatusOK}); err != nil {
-		return nil, err
-	}
-
-	data, err := ioutil.ReadAll(resp.Body)
-	if err != nil {
-		return nil, err
-	}
-	var entities EntityQueryResult
-	err = json.Unmarshal(data, &entities)
-	if err != nil {
-		return nil, err
-	}
-
-	for i := range entities.Entities {
-		entities.Entities[i].Table = t
-	}
-	entities.table = t
-
-	contToken := extractContinuationTokenFromHeaders(resp.Header)
-	if contToken == nil {
-		entities.NextLink = nil
-	} else {
-		originalURI, err := url.Parse(uri)
-		if err != nil {
-			return nil, err
-		}
-		v := originalURI.Query()
-		if contToken.NextPartitionKey != "" {
-			v.Set(nextPartitionKeyQueryParameter, contToken.NextPartitionKey)
-		}
-		if contToken.NextRowKey != "" {
-			v.Set(nextRowKeyQueryParameter, contToken.NextRowKey)
-		}
-		newURI := t.tsc.client.getEndpoint(tableServiceName, t.buildPath(), v)
-		entities.NextLink = &newURI
-		entities.ml = ml
-	}
-
-	return &entities, nil
-}
-
-func extractContinuationTokenFromHeaders(h http.Header) *continuationToken {
-	ct := continuationToken{
-		NextPartitionKey: h.Get(headerNextPartitionKey),
-		NextRowKey:       h.Get(headerNextRowKey),
-	}
-
-	if ct.NextPartitionKey != "" || ct.NextRowKey != "" {
-		return &ct
-	}
-	return nil
-}
-
-func updateTableAccessPolicy(ap AccessPolicy) []TableAccessPolicy {
-	taps := []TableAccessPolicy{}
-	for _, policy := range ap.SignedIdentifiersList.SignedIdentifiers {
-		tap := TableAccessPolicy{
-			ID:         policy.ID,
-			StartTime:  policy.AccessPolicy.StartTime,
-			ExpiryTime: policy.AccessPolicy.ExpiryTime,
-		}
-		tap.CanRead = updatePermissions(policy.AccessPolicy.Permission, "r")
-		tap.CanAppend = updatePermissions(policy.AccessPolicy.Permission, "a")
-		tap.CanUpdate = updatePermissions(policy.AccessPolicy.Permission, "u")
-		tap.CanDelete = updatePermissions(policy.AccessPolicy.Permission, "d")
-
-		taps = append(taps, tap)
-	}
-	return taps
-}
-
-func generateTablePermissions(tap *TableAccessPolicy) (permissions string) {
-	// generate the permissions string (raud).
-	// still want the end user API to have bool flags.
-	permissions = ""
-
-	if tap.CanRead {
-		permissions += "r"
-	}
-
-	if tap.CanAppend {
-		permissions += "a"
-	}
-
-	if tap.CanUpdate {
-		permissions += "u"
-	}
-
-	if tap.CanDelete {
-		permissions += "d"
-	}
-	return permissions
-}
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/storage/table_batch.go b/vendor/github.com/Azure/azure-sdk-for-go/storage/table_batch.go
deleted file mode 100644
index b5aaefe47..000000000
--- a/vendor/github.com/Azure/azure-sdk-for-go/storage/table_batch.go
+++ /dev/null
@@ -1,314 +0,0 @@
-package storage
-
-// Copyright (c) Microsoft Corporation. All rights reserved.
-// Licensed under the MIT License. See License.txt in the project root for license information.
-
-import (
-	"bytes"
-	"encoding/json"
-	"errors"
-	"fmt"
-	"io"
-	"mime/multipart"
-	"net/http"
-	"net/textproto"
-	"sort"
-	"strings"
-)
-
-// Operation type. Insert, Delete, Replace etc.
-type Operation int
-
-// consts for batch operations.
-const (
-	InsertOp          = Operation(1)
-	DeleteOp          = Operation(2)
-	ReplaceOp         = Operation(3)
-	MergeOp           = Operation(4)
-	InsertOrReplaceOp = Operation(5)
-	InsertOrMergeOp   = Operation(6)
-)
-
-// BatchEntity used for tracking Entities to operate on and
-// whether operations (replace/merge etc) should be forced.
-// Wrapper for regular Entity with additional data specific for the entity.
-type BatchEntity struct {
-	*Entity
-	Force bool
-	Op    Operation
-}
-
-// TableBatch stores all the entities that will be operated on during a batch process.
-// Entities can be inserted, replaced or deleted.
-type TableBatch struct {
-	BatchEntitySlice []BatchEntity
-
-	// reference to table we're operating on.
-	Table *Table
-}
-
-// defaultChangesetHeaders for changeSets
-var defaultChangesetHeaders = map[string]string{
-	"Accept":       "application/json;odata=minimalmetadata",
-	"Content-Type": "application/json",
-	"Prefer":       "return-no-content",
-}
-
-// NewBatch return new TableBatch for populating.
-func (t *Table) NewBatch() *TableBatch {
-	return &TableBatch{
-		Table: t,
-	}
-}
-
-// InsertEntity adds an entity in preparation for a batch insert.
-func (t *TableBatch) InsertEntity(entity *Entity) {
-	be := BatchEntity{Entity: entity, Force: false, Op: InsertOp}
-	t.BatchEntitySlice = append(t.BatchEntitySlice, be)
-}
-
-// InsertOrReplaceEntity adds an entity in preparation for a batch insert or replace.
-func (t *TableBatch) InsertOrReplaceEntity(entity *Entity, force bool) {
-	be := BatchEntity{Entity: entity, Force: false, Op: InsertOrReplaceOp}
-	t.BatchEntitySlice = append(t.BatchEntitySlice, be)
-}
-
-// InsertOrReplaceEntityByForce adds an entity in preparation for a batch insert or replace. Forces regardless of ETag
-func (t *TableBatch) InsertOrReplaceEntityByForce(entity *Entity) {
-	t.InsertOrReplaceEntity(entity, true)
-}
-
-// InsertOrMergeEntity adds an entity in preparation for a batch insert or merge.
-func (t *TableBatch) InsertOrMergeEntity(entity *Entity, force bool) {
-	be := BatchEntity{Entity: entity, Force: false, Op: InsertOrMergeOp}
-	t.BatchEntitySlice = append(t.BatchEntitySlice, be)
-}
-
-// InsertOrMergeEntityByForce adds an entity in preparation for a batch insert or merge. Forces regardless of ETag
-func (t *TableBatch) InsertOrMergeEntityByForce(entity *Entity) {
-	t.InsertOrMergeEntity(entity, true)
-}
-
-// ReplaceEntity adds an entity in preparation for a batch replace.
-func (t *TableBatch) ReplaceEntity(entity *Entity) {
-	be := BatchEntity{Entity: entity, Force: false, Op: ReplaceOp}
-	t.BatchEntitySlice = append(t.BatchEntitySlice, be)
-}
-
-// DeleteEntity adds an entity in preparation for a batch delete
-func (t *TableBatch) DeleteEntity(entity *Entity, force bool) {
-	be := BatchEntity{Entity: entity, Force: false, Op: DeleteOp}
-	t.BatchEntitySlice = append(t.BatchEntitySlice, be)
-}
-
-// DeleteEntityByForce adds an entity in preparation for a batch delete. Forces regardless of ETag
-func (t *TableBatch) DeleteEntityByForce(entity *Entity, force bool) {
-	t.DeleteEntity(entity, true)
-}
-
-// MergeEntity adds an entity in preparation for a batch merge
-func (t *TableBatch) MergeEntity(entity *Entity) {
-	be := BatchEntity{Entity: entity, Force: false, Op: MergeOp}
-	t.BatchEntitySlice = append(t.BatchEntitySlice, be)
-}
-
-// ExecuteBatch executes many table operations in one request to Azure.
-// The operations can be combinations of Insert, Delete, Replace and Merge
-// Creates the inner changeset body (various operations, Insert, Delete etc) then creates the outer request packet that encompasses
-// the changesets.
-// As per document https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/performing-entity-group-transactions
-func (t *TableBatch) ExecuteBatch() error {
-
-	id, err := newUUID()
-	if err != nil {
-		return err
-	}
-
-	changesetBoundary := fmt.Sprintf("changeset_%s", id.String())
-	uri := t.Table.tsc.client.getEndpoint(tableServiceName, "$batch", nil)
-	changesetBody, err := t.generateChangesetBody(changesetBoundary)
-	if err != nil {
-		return err
-	}
-
-	id, err = newUUID()
-	if err != nil {
-		return err
-	}
-
-	boundary := fmt.Sprintf("batch_%s", id.String())
-	body, err := generateBody(changesetBody, changesetBoundary, boundary)
-	if err != nil {
-		return err
-	}
-
-	headers := t.Table.tsc.client.getStandardHeaders()
-	headers[headerContentType] = fmt.Sprintf("multipart/mixed; boundary=%s", boundary)
-
-	resp, err := t.Table.tsc.client.execBatchOperationJSON(http.MethodPost, uri, headers, bytes.NewReader(body.Bytes()), t.Table.tsc.auth)
-	if err != nil {
-		return err
-	}
-	defer drainRespBody(resp.resp)
-
-	if err = checkRespCode(resp.resp, []int{http.StatusAccepted}); err != nil {
-
-		// check which batch failed.
-		operationFailedMessage := t.getFailedOperation(resp.odata.Err.Message.Value)
-		requestID, date, version := getDebugHeaders(resp.resp.Header)
-		return AzureStorageServiceError{
-			StatusCode: resp.resp.StatusCode,
-			Code:       resp.odata.Err.Code,
-			RequestID:  requestID,
-			Date:       date,
-			APIVersion: version,
-			Message:    operationFailedMessage,
-		}
-	}
-
-	return nil
-}
-
-// getFailedOperation parses the original Azure error string and determines which operation failed
-// and generates appropriate message.
-func (t *TableBatch) getFailedOperation(errorMessage string) string {
-	// errorMessage consists of "number:string" we just need the number.
-	sp := strings.Split(errorMessage, ":")
-	if len(sp) > 1 {
-		msg := fmt.Sprintf("Element %s in the batch returned an unexpected response code.\n%s", sp[0], errorMessage)
-		return msg
-	}
-
-	// cant parse the message, just return the original message to client
-	return errorMessage
-}
-
-// generateBody generates the complete body for the batch request.
-func generateBody(changeSetBody *bytes.Buffer, changesetBoundary string, boundary string) (*bytes.Buffer, error) {
-
-	body := new(bytes.Buffer)
-	writer := multipart.NewWriter(body)
-	writer.SetBoundary(boundary)
-	h := make(textproto.MIMEHeader)
-	h.Set(headerContentType, fmt.Sprintf("multipart/mixed; boundary=%s\r\n", changesetBoundary))
-	batchWriter, err := writer.CreatePart(h)
-	if err != nil {
-		return nil, err
-	}
-	batchWriter.Write(changeSetBody.Bytes())
-	writer.Close()
-	return body, nil
-}
-
-// generateChangesetBody generates the individual changesets for the various operations within the batch request.
-// There is a changeset for Insert, Delete, Merge etc.
-func (t *TableBatch) generateChangesetBody(changesetBoundary string) (*bytes.Buffer, error) {
-
-	body := new(bytes.Buffer)
-	writer := multipart.NewWriter(body)
-	writer.SetBoundary(changesetBoundary)
-
-	for _, be := range t.BatchEntitySlice {
-		t.generateEntitySubset(&be, writer)
-	}
-
-	writer.Close()
-	return body, nil
-}
-
-// generateVerb generates the HTTP request VERB required for each changeset.
-func generateVerb(op Operation) (string, error) {
-	switch op {
-	case InsertOp:
-		return http.MethodPost, nil
-	case DeleteOp:
-		return http.MethodDelete, nil
-	case ReplaceOp, InsertOrReplaceOp:
-		return http.MethodPut, nil
-	case MergeOp, InsertOrMergeOp:
-		return "MERGE", nil
-	default:
-		return "", errors.New("Unable to detect operation")
-	}
-}
-
-// generateQueryPath generates the query path for within the changesets
-// For inserts it will just be a table query path (table name)
-// but for other operations (modifying an existing entity) then
-// the partition/row keys need to be generated.
-func (t *TableBatch) generateQueryPath(op Operation, entity *Entity) string {
-	if op == InsertOp {
-		return entity.Table.buildPath()
-	}
-	return entity.buildPath()
-}
-
-// generateGenericOperationHeaders generates common headers for a given operation.
-func generateGenericOperationHeaders(be *BatchEntity) map[string]string {
-	retval := map[string]string{}
-
-	for k, v := range defaultChangesetHeaders {
-		retval[k] = v
-	}
-
-	if be.Op == DeleteOp || be.Op == ReplaceOp || be.Op == MergeOp {
-		if be.Force || be.Entity.OdataEtag == "" {
-			retval["If-Match"] = "*"
-		} else {
-			retval["If-Match"] = be.Entity.OdataEtag
-		}
-	}
-
-	return retval
-}
-
-// generateEntitySubset generates body payload for particular batch entity
-func (t *TableBatch) generateEntitySubset(batchEntity *BatchEntity, writer *multipart.Writer) error {
-
-	h := make(textproto.MIMEHeader)
-	h.Set(headerContentType, "application/http")
-	h.Set(headerContentTransferEncoding, "binary")
-
-	verb, err := generateVerb(batchEntity.Op)
-	if err != nil {
-		return err
-	}
-
-	genericOpHeadersMap := generateGenericOperationHeaders(batchEntity)
-	queryPath := t.generateQueryPath(batchEntity.Op, batchEntity.Entity)
-	uri := t.Table.tsc.client.getEndpoint(tableServiceName, queryPath, nil)
-
-	operationWriter, err := writer.CreatePart(h)
-	if err != nil {
-		return err
-	}
-
-	urlAndVerb := fmt.Sprintf("%s %s HTTP/1.1\r\n", verb, uri)
-	operationWriter.Write([]byte(urlAndVerb))
-	writeHeaders(genericOpHeadersMap, &operationWriter)
-	operationWriter.Write([]byte("\r\n")) // additional \r\n is needed per changeset separating the "headers" and the body.
-
-	// delete operation doesn't need a body.
-	if batchEntity.Op != DeleteOp {
-		//var e Entity = batchEntity.Entity
-		body, err := json.Marshal(batchEntity.Entity)
-		if err != nil {
-			return err
-		}
-		operationWriter.Write(body)
-	}
-
-	return nil
-}
-
-func writeHeaders(h map[string]string, writer *io.Writer) {
-	// This way it is guaranteed the headers will be written in a sorted order
-	var keys []string
-	for k := range h {
-		keys = append(keys, k)
-	}
-	sort.Strings(keys)
-	for _, k := range keys {
-		(*writer).Write([]byte(fmt.Sprintf("%s: %s\r\n", k, h[k])))
-	}
-}
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/storage/tableserviceclient.go b/vendor/github.com/Azure/azure-sdk-for-go/storage/tableserviceclient.go
deleted file mode 100644
index 8eccd5927..000000000
--- a/vendor/github.com/Azure/azure-sdk-for-go/storage/tableserviceclient.go
+++ /dev/null
@@ -1,193 +0,0 @@
-package storage
-
-// Copyright (c) Microsoft Corporation. All rights reserved.
-// Licensed under the MIT License. See License.txt in the project root for license information.
-
-import (
-	"encoding/json"
-	"fmt"
-	"io/ioutil"
-	"net/http"
-	"net/url"
-	"strconv"
-)
-
-const (
-	headerAccept          = "Accept"
-	headerEtag            = "Etag"
-	headerPrefer          = "Prefer"
-	headerXmsContinuation = "x-ms-Continuation-NextTableName"
-)
-
-// TableServiceClient contains operations for Microsoft Azure Table Storage
-// Service.
-type TableServiceClient struct {
-	client Client
-	auth   authentication
-}
-
-// TableOptions includes options for some table operations
-type TableOptions struct {
-	RequestID string
-}
-
-func (options *TableOptions) addToHeaders(h map[string]string) map[string]string {
-	if options != nil {
-		h = addToHeaders(h, "x-ms-client-request-id", options.RequestID)
-	}
-	return h
-}
-
-// QueryNextLink includes information for getting the next page of
-// results in query operations
-type QueryNextLink struct {
-	NextLink *string
-	ml       MetadataLevel
-}
-
-// GetServiceProperties gets the properties of your storage account's table service.
-// See: https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/get-table-service-properties
-func (t *TableServiceClient) GetServiceProperties() (*ServiceProperties, error) {
-	return t.client.getServiceProperties(tableServiceName, t.auth)
-}
-
-// SetServiceProperties sets the properties of your storage account's table service.
-// See: https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/set-table-service-properties
-func (t *TableServiceClient) SetServiceProperties(props ServiceProperties) error {
-	return t.client.setServiceProperties(props, tableServiceName, t.auth)
-}
-
-// GetTableReference returns a Table object for the specified table name.
-func (t *TableServiceClient) GetTableReference(name string) *Table {
-	return &Table{
-		tsc:  t,
-		Name: name,
-	}
-}
-
-// QueryTablesOptions includes options for some table operations
-type QueryTablesOptions struct {
-	Top       uint
-	Filter    string
-	RequestID string
-}
-
-func (options *QueryTablesOptions) getParameters() (url.Values, map[string]string) {
-	query := url.Values{}
-	headers := map[string]string{}
-	if options != nil {
-		if options.Top > 0 {
-			query.Add(OdataTop, strconv.FormatUint(uint64(options.Top), 10))
-		}
-		if options.Filter != "" {
-			query.Add(OdataFilter, options.Filter)
-		}
-		headers = addToHeaders(headers, "x-ms-client-request-id", options.RequestID)
-	}
-	return query, headers
-}
-
-// QueryTables returns the tables in the storage account.
-// You can use query options defined by the OData Protocol specification.
-//
-// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/query-tables
-func (t *TableServiceClient) QueryTables(ml MetadataLevel, options *QueryTablesOptions) (*TableQueryResult, error) {
-	query, headers := options.getParameters()
-	uri := t.client.getEndpoint(tableServiceName, tablesURIPath, query)
-	return t.queryTables(uri, headers, ml)
-}
-
-// NextResults returns the next page of results
-// from a QueryTables or a NextResults operation.
-//
-// See https://docs.microsoft.com/rest/api/storageservices/fileservices/query-tables
-// See https://docs.microsoft.com/rest/api/storageservices/fileservices/query-timeout-and-pagination
-func (tqr *TableQueryResult) NextResults(options *TableOptions) (*TableQueryResult, error) {
-	if tqr == nil {
-		return nil, errNilPreviousResult
-	}
-	if tqr.NextLink == nil {
-		return nil, errNilNextLink
-	}
-	headers := options.addToHeaders(map[string]string{})
-
-	return tqr.tsc.queryTables(*tqr.NextLink, headers, tqr.ml)
-}
-
-// TableQueryResult contains the response from
-// QueryTables and QueryTablesNextResults functions.
-type TableQueryResult struct {
-	OdataMetadata string  `json:"odata.metadata"`
-	Tables        []Table `json:"value"`
-	QueryNextLink
-	tsc *TableServiceClient
-}
-
-func (t *TableServiceClient) queryTables(uri string, headers map[string]string, ml MetadataLevel) (*TableQueryResult, error) {
-	if ml == EmptyPayload {
-		return nil, errEmptyPayload
-	}
-	headers = mergeHeaders(headers, t.client.getStandardHeaders())
-	headers[headerAccept] = string(ml)
-
-	resp, err := t.client.exec(http.MethodGet, uri, headers, nil, t.auth)
-	if err != nil {
-		return nil, err
-	}
-	defer resp.Body.Close()
-
-	if err := checkRespCode(resp, []int{http.StatusOK}); err != nil {
-		return nil, err
-	}
-
-	respBody, err := ioutil.ReadAll(resp.Body)
-	if err != nil {
-		return nil, err
-	}
-	var out TableQueryResult
-	err = json.Unmarshal(respBody, &out)
-	if err != nil {
-		return nil, err
-	}
-
-	for i := range out.Tables {
-		out.Tables[i].tsc = t
-	}
-	out.tsc = t
-
-	nextLink := resp.Header.Get(http.CanonicalHeaderKey(headerXmsContinuation))
-	if nextLink == "" {
-		out.NextLink = nil
-	} else {
-		originalURI, err := url.Parse(uri)
-		if err != nil {
-			return nil, err
-		}
-		v := originalURI.Query()
-		v.Set(nextTableQueryParameter, nextLink)
-		newURI := t.client.getEndpoint(tableServiceName, tablesURIPath, v)
-		out.NextLink = &newURI
-		out.ml = ml
-	}
-
-	return &out, nil
-}
-
-func addBodyRelatedHeaders(h map[string]string, length int) map[string]string {
-	h[headerContentType] = "application/json"
-	h[headerContentLength] = fmt.Sprintf("%v", length)
-	h[headerAcceptCharset] = "UTF-8"
-	return h
-}
-
-func addReturnContentHeaders(h map[string]string, ml MetadataLevel) map[string]string {
-	if ml != EmptyPayload {
-		h[headerPrefer] = "return-content"
-		h[headerAccept] = string(ml)
-	} else {
-		h[headerPrefer] = "return-no-content"
-		// From API version 2015-12-11 onwards, Accept header is required
-		h[headerAccept] = string(NoMetadata)
-	}
-	return h
-}
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/storage/util.go b/vendor/github.com/Azure/azure-sdk-for-go/storage/util.go
deleted file mode 100644
index 47a871991..000000000
--- a/vendor/github.com/Azure/azure-sdk-for-go/storage/util.go
+++ /dev/null
@@ -1,249 +0,0 @@
-package storage
-
-// Copyright (c) Microsoft Corporation. All rights reserved.
-// Licensed under the MIT License. See License.txt in the project root for license information.
-
-import (
-	"bytes"
-	"crypto/hmac"
-	"crypto/rand"
-	"crypto/sha256"
-	"encoding/base64"
-	"encoding/xml"
-	"fmt"
-	"io"
-	"io/ioutil"
-	"net/http"
-	"net/url"
-	"reflect"
-	"strconv"
-	"strings"
-	"time"
-
-	"github.com/gofrs/uuid"
-)
-
-var (
-	fixedTime         = time.Date(2050, time.December, 20, 21, 55, 0, 0, time.FixedZone("GMT", -6))
-	accountSASOptions = AccountSASTokenOptions{
-		Services: Services{
-			Blob: true,
-		},
-		ResourceTypes: ResourceTypes{
-			Service:   true,
-			Container: true,
-			Object:    true,
-		},
-		Permissions: Permissions{
-			Read:    true,
-			Write:   true,
-			Delete:  true,
-			List:    true,
-			Add:     true,
-			Create:  true,
-			Update:  true,
-			Process: true,
-		},
-		Expiry:   fixedTime,
-		UseHTTPS: true,
-	}
-)
-
-func (c Client) computeHmac256(message string) string {
-	h := hmac.New(sha256.New, c.accountKey)
-	h.Write([]byte(message))
-	return base64.StdEncoding.EncodeToString(h.Sum(nil))
-}
-
-func currentTimeRfc1123Formatted() string {
-	return timeRfc1123Formatted(time.Now().UTC())
-}
-
-func timeRfc1123Formatted(t time.Time) string {
-	return t.Format(http.TimeFormat)
-}
-
-func timeRFC3339Formatted(t time.Time) string {
-	return t.Format("2006-01-02T15:04:05.0000000Z")
-}
-
-func mergeParams(v1, v2 url.Values) url.Values {
-	out := url.Values{}
-	for k, v := range v1 {
-		out[k] = v
-	}
-	for k, v := range v2 {
-		vals, ok := out[k]
-		if ok {
-			vals = append(vals, v...)
-			out[k] = vals
-		} else {
-			out[k] = v
-		}
-	}
-	return out
-}
-
-func prepareBlockListRequest(blocks []Block) string {
-	s := `<?xml version="1.0" encoding="utf-8"?><BlockList>`
-	for _, v := range blocks {
-		s += fmt.Sprintf("<%s>%s</%s>", v.Status, v.ID, v.Status)
-	}
-	s += `</BlockList>`
-	return s
-}
-
-func xmlUnmarshal(body io.Reader, v interface{}) error {
-	data, err := ioutil.ReadAll(body)
-	if err != nil {
-		return err
-	}
-	return xml.Unmarshal(data, v)
-}
-
-func xmlMarshal(v interface{}) (io.Reader, int, error) {
-	b, err := xml.Marshal(v)
-	if err != nil {
-		return nil, 0, err
-	}
-	return bytes.NewReader(b), len(b), nil
-}
-
-func headersFromStruct(v interface{}) map[string]string {
-	headers := make(map[string]string)
-	value := reflect.ValueOf(v)
-	for i := 0; i < value.NumField(); i++ {
-		key := value.Type().Field(i).Tag.Get("header")
-		if key != "" {
-			reflectedValue := reflect.Indirect(value.Field(i))
-			var val string
-			if reflectedValue.IsValid() {
-				switch reflectedValue.Type() {
-				case reflect.TypeOf(fixedTime):
-					val = timeRfc1123Formatted(reflectedValue.Interface().(time.Time))
-				case reflect.TypeOf(uint64(0)), reflect.TypeOf(uint(0)):
-					val = strconv.FormatUint(reflectedValue.Uint(), 10)
-				case reflect.TypeOf(int(0)):
-					val = strconv.FormatInt(reflectedValue.Int(), 10)
-				default:
-					val = reflectedValue.String()
-				}
-			}
-			if val != "" {
-				headers[key] = val
-			}
-		}
-	}
-	return headers
-}
-
-// merges extraHeaders into headers and returns headers
-func mergeHeaders(headers, extraHeaders map[string]string) map[string]string {
-	for k, v := range extraHeaders {
-		headers[k] = v
-	}
-	return headers
-}
-
-func addToHeaders(h map[string]string, key, value string) map[string]string {
-	if value != "" {
-		h[key] = value
-	}
-	return h
-}
-
-func addTimeToHeaders(h map[string]string, key string, value *time.Time) map[string]string {
-	if value != nil {
-		h = addToHeaders(h, key, timeRfc1123Formatted(*value))
-	}
-	return h
-}
-
-func addTimeout(params url.Values, timeout uint) url.Values {
-	if timeout > 0 {
-		params.Add("timeout", fmt.Sprintf("%v", timeout))
-	}
-	return params
-}
-
-func addSnapshot(params url.Values, snapshot *time.Time) url.Values {
-	if snapshot != nil {
-		params.Add("snapshot", timeRFC3339Formatted(*snapshot))
-	}
-	return params
-}
-
-func getTimeFromHeaders(h http.Header, key string) (*time.Time, error) {
-	var out time.Time
-	var err error
-	outStr := h.Get(key)
-	if outStr != "" {
-		out, err = time.Parse(time.RFC1123, outStr)
-		if err != nil {
-			return nil, err
-		}
-	}
-	return &out, nil
-}
-
-// TimeRFC1123 is an alias for time.Time needed for custom Unmarshalling
-type TimeRFC1123 time.Time
-
-// UnmarshalXML is a custom unmarshaller that overrides the default time unmarshal which uses a different time layout.
-func (t *TimeRFC1123) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error {
-	var value string
-	d.DecodeElement(&value, &start)
-	parse, err := time.Parse(time.RFC1123, value)
-	if err != nil {
-		return err
-	}
-	*t = TimeRFC1123(parse)
-	return nil
-}
-
-// MarshalXML marshals using time.RFC1123.
-func (t *TimeRFC1123) MarshalXML(e *xml.Encoder, start xml.StartElement) error {
-	return e.EncodeElement(time.Time(*t).Format(time.RFC1123), start)
-}
-
-// returns a map of custom metadata values from the specified HTTP header
-func getMetadataFromHeaders(header http.Header) map[string]string {
-	metadata := make(map[string]string)
-	for k, v := range header {
-		// Can't trust CanonicalHeaderKey() to munge case
-		// reliably. "_" is allowed in identifiers:
-		// https://msdn.microsoft.com/en-us/library/azure/dd179414.aspx
-		// https://msdn.microsoft.com/library/aa664670(VS.71).aspx
-		// http://tools.ietf.org/html/rfc7230#section-3.2
-		// ...but "_" is considered invalid by
-		// CanonicalMIMEHeaderKey in
-		// https://golang.org/src/net/textproto/reader.go?s=14615:14659#L542
-		// so k can be "X-Ms-Meta-Lol" or "x-ms-meta-lol_rofl".
-		k = strings.ToLower(k)
-		if len(v) == 0 || !strings.HasPrefix(k, strings.ToLower(userDefinedMetadataHeaderPrefix)) {
-			continue
-		}
-		// metadata["lol"] = content of the last X-Ms-Meta-Lol header
-		k = k[len(userDefinedMetadataHeaderPrefix):]
-		metadata[k] = v[len(v)-1]
-	}
-
-	if len(metadata) == 0 {
-		return nil
-	}
-
-	return metadata
-}
-
-// newUUID returns a new uuid using RFC 4122 algorithm.
-func newUUID() (uuid.UUID, error) {
-	u := [16]byte{}
-	// Set all bits to randomly (or pseudo-randomly) chosen values.
-	_, err := rand.Read(u[:])
-	if err != nil {
-		return uuid.UUID{}, err
-	}
-	u[8] = (u[8]&(0xff>>2) | (0x02 << 6)) // u.setVariant(ReservedRFC4122)
-	u[6] = (u[6] & 0xF) | (uuid.V4 << 4)  // u.setVersion(V4)
-	return uuid.FromBytes(u[:])
-}
diff --git a/vendor/github.com/Shopify/logrus-bugsnag/.travis.yml b/vendor/github.com/Shopify/logrus-bugsnag/.travis.yml
deleted file mode 100644
index 8b662276e..000000000
--- a/vendor/github.com/Shopify/logrus-bugsnag/.travis.yml
+++ /dev/null
@@ -1,4 +0,0 @@
-language: go
-
-go:
-  - 1.7
diff --git a/vendor/github.com/Shopify/logrus-bugsnag/LICENSE b/vendor/github.com/Shopify/logrus-bugsnag/LICENSE
deleted file mode 100644
index a3f09f7fc..000000000
--- a/vendor/github.com/Shopify/logrus-bugsnag/LICENSE
+++ /dev/null
@@ -1,21 +0,0 @@
-The MIT License (MIT)
-
-Copyright (c) 2016 Shopify
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in
-all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-THE SOFTWARE.
diff --git a/vendor/github.com/Shopify/logrus-bugsnag/README.md b/vendor/github.com/Shopify/logrus-bugsnag/README.md
deleted file mode 100644
index 6cbc79d44..000000000
--- a/vendor/github.com/Shopify/logrus-bugsnag/README.md
+++ /dev/null
@@ -1,24 +0,0 @@
-## logrus-bugsnag
-
-[![Build Status](https://travis-ci.org/Shopify/logrus-bugsnag.svg)](https://travis-ci.org/Shopify/logrus-bugsnag)
-
-logrus-bugsnag is a hook that allows [Logrus](https://github.com/sirupsen/logrus) to interface with [Bugsnag](https://bugsnag.com).
-
-#### Usage
-
-```go
-import (
-  log "github.com/sirupsen/logrus"
-  "github.com/Shopify/logrus-bugsnag"
-  bugsnag "github.com/bugsnag/bugsnag-go"
-)
-
-func init() {
-  bugsnag.Configure(bugsnag.Configuration{
-    APIKey: apiKey,
-  })
-  hook, err := logrus_bugsnag.NewBugsnagHook()
-  logrus.StandardLogger().Hooks.Add(hook)
-}
-```
-
diff --git a/vendor/github.com/Shopify/logrus-bugsnag/bugsnag.go b/vendor/github.com/Shopify/logrus-bugsnag/bugsnag.go
deleted file mode 100644
index 31ee5a085..000000000
--- a/vendor/github.com/Shopify/logrus-bugsnag/bugsnag.go
+++ /dev/null
@@ -1,81 +0,0 @@
-package logrus_bugsnag
-
-import (
-	"errors"
-
-	"github.com/sirupsen/logrus"
-	"github.com/bugsnag/bugsnag-go"
-	bugsnag_errors "github.com/bugsnag/bugsnag-go/errors"
-)
-
-type bugsnagHook struct{}
-
-// ErrBugsnagUnconfigured is returned if NewBugsnagHook is called before
-// bugsnag.Configure. Bugsnag must be configured before the hook.
-var ErrBugsnagUnconfigured = errors.New("bugsnag must be configured before installing this logrus hook")
-
-// ErrBugsnagSendFailed indicates that the hook failed to submit an error to
-// bugsnag. The error was successfully generated, but `bugsnag.Notify()`
-// failed.
-type ErrBugsnagSendFailed struct {
-	err error
-}
-
-func (e ErrBugsnagSendFailed) Error() string {
-	return "failed to send error to Bugsnag: " + e.err.Error()
-}
-
-// NewBugsnagHook initializes a logrus hook which sends exceptions to an
-// exception-tracking service compatible with the Bugsnag API. Before using
-// this hook, you must call bugsnag.Configure(). The returned object should be
-// registered with a log via `AddHook()`
-//
-// Entries that trigger an Error, Fatal or Panic should now include an "error"
-// field to send to Bugsnag.
-func NewBugsnagHook() (*bugsnagHook, error) {
-	if bugsnag.Config.APIKey == "" {
-		return nil, ErrBugsnagUnconfigured
-	}
-	return &bugsnagHook{}, nil
-}
-
-// skipStackFrames skips logrus stack frames before logging to Bugsnag.
-const skipStackFrames = 4
-
-// Fire forwards an error to Bugsnag. Given a logrus.Entry, it extracts the
-// "error" field (or the Message if the error isn't present) and sends it off.
-func (hook *bugsnagHook) Fire(entry *logrus.Entry) error {
-	var notifyErr error
-	err, ok := entry.Data["error"].(error)
-	if ok {
-		notifyErr = err
-	} else {
-		notifyErr = errors.New(entry.Message)
-	}
-
-	metadata := bugsnag.MetaData{}
-	metadata["metadata"] = make(map[string]interface{})
-	for key, val := range entry.Data {
-		if key != "error" {
-			metadata["metadata"][key] = val
-		}
-	}
-
-	errWithStack := bugsnag_errors.New(notifyErr, skipStackFrames)
-	bugsnagErr := bugsnag.Notify(errWithStack, metadata)
-	if bugsnagErr != nil {
-		return ErrBugsnagSendFailed{bugsnagErr}
-	}
-
-	return nil
-}
-
-// Levels enumerates the log levels on which the error should be forwarded to
-// bugsnag: everything at or above the "Error" level.
-func (hook *bugsnagHook) Levels() []logrus.Level {
-	return []logrus.Level{
-		logrus.ErrorLevel,
-		logrus.FatalLevel,
-		logrus.PanicLevel,
-	}
-}
diff --git a/vendor/github.com/Shopify/logrus-bugsnag/dev.yml b/vendor/github.com/Shopify/logrus-bugsnag/dev.yml
deleted file mode 100644
index eb02973cd..000000000
--- a/vendor/github.com/Shopify/logrus-bugsnag/dev.yml
+++ /dev/null
@@ -1,8 +0,0 @@
-name: logrus-bugsnag
-
-up:
-  - go: 1.6.2
-
-commands:
-  test:
-    run: go get -t ./... && go test ./...
diff --git a/vendor/github.com/aws/aws-sdk-go/NOTICE.txt b/vendor/github.com/aws/aws-sdk-go/NOTICE.txt
deleted file mode 100644
index 899129ecc..000000000
--- a/vendor/github.com/aws/aws-sdk-go/NOTICE.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-AWS SDK for Go
-Copyright 2015 Amazon.com, Inc. or its affiliates. All Rights Reserved.
-Copyright 2014-2015 Stripe, Inc.
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/arn/arn.go b/vendor/github.com/aws/aws-sdk-go/aws/arn/arn.go
deleted file mode 100644
index 1c4967429..000000000
--- a/vendor/github.com/aws/aws-sdk-go/aws/arn/arn.go
+++ /dev/null
@@ -1,93 +0,0 @@
-// Package arn provides a parser for interacting with Amazon Resource Names.
-package arn
-
-import (
-	"errors"
-	"strings"
-)
-
-const (
-	arnDelimiter = ":"
-	arnSections  = 6
-	arnPrefix    = "arn:"
-
-	// zero-indexed
-	sectionPartition = 1
-	sectionService   = 2
-	sectionRegion    = 3
-	sectionAccountID = 4
-	sectionResource  = 5
-
-	// errors
-	invalidPrefix   = "arn: invalid prefix"
-	invalidSections = "arn: not enough sections"
-)
-
-// ARN captures the individual fields of an Amazon Resource Name.
-// See http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html for more information.
-type ARN struct {
-	// The partition that the resource is in. For standard AWS regions, the partition is "aws". If you have resources in
-	// other partitions, the partition is "aws-partitionname". For example, the partition for resources in the China
-	// (Beijing) region is "aws-cn".
-	Partition string
-
-	// The service namespace that identifies the AWS product (for example, Amazon S3, IAM, or Amazon RDS). For a list of
-	// namespaces, see
-	// http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#genref-aws-service-namespaces.
-	Service string
-
-	// The region the resource resides in. Note that the ARNs for some resources do not require a region, so this
-	// component might be omitted.
-	Region string
-
-	// The ID of the AWS account that owns the resource, without the hyphens. For example, 123456789012. Note that the
-	// ARNs for some resources don't require an account number, so this component might be omitted.
-	AccountID string
-
-	// The content of this part of the ARN varies by service. It often includes an indicator of the type of resource —
-	// for example, an IAM user or Amazon RDS database - followed by a slash (/) or a colon (:), followed by the
-	// resource name itself. Some services allows paths for resource names, as described in
-	// http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arns-paths.
-	Resource string
-}
-
-// Parse parses an ARN into its constituent parts.
-//
-// Some example ARNs:
-// arn:aws:elasticbeanstalk:us-east-1:123456789012:environment/My App/MyEnvironment
-// arn:aws:iam::123456789012:user/David
-// arn:aws:rds:eu-west-1:123456789012:db:mysql-db
-// arn:aws:s3:::my_corporate_bucket/exampleobject.png
-func Parse(arn string) (ARN, error) {
-	if !strings.HasPrefix(arn, arnPrefix) {
-		return ARN{}, errors.New(invalidPrefix)
-	}
-	sections := strings.SplitN(arn, arnDelimiter, arnSections)
-	if len(sections) != arnSections {
-		return ARN{}, errors.New(invalidSections)
-	}
-	return ARN{
-		Partition: sections[sectionPartition],
-		Service:   sections[sectionService],
-		Region:    sections[sectionRegion],
-		AccountID: sections[sectionAccountID],
-		Resource:  sections[sectionResource],
-	}, nil
-}
-
-// IsARN returns whether the given string is an ARN by looking for
-// whether the string starts with "arn:" and contains the correct number
-// of sections delimited by colons(:).
-func IsARN(arn string) bool {
-	return strings.HasPrefix(arn, arnPrefix) && strings.Count(arn, ":") >= arnSections-1
-}
-
-// String returns the canonical representation of the ARN
-func (arn ARN) String() string {
-	return arnPrefix +
-		arn.Partition + arnDelimiter +
-		arn.Service + arnDelimiter +
-		arn.Region + arnDelimiter +
-		arn.AccountID + arnDelimiter +
-		arn.Resource
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/awserr/error.go b/vendor/github.com/aws/aws-sdk-go/aws/awserr/error.go
deleted file mode 100644
index 99849c0e1..000000000
--- a/vendor/github.com/aws/aws-sdk-go/aws/awserr/error.go
+++ /dev/null
@@ -1,164 +0,0 @@
-// Package awserr represents API error interface accessors for the SDK.
-package awserr
-
-// An Error wraps lower level errors with code, message and an original error.
-// The underlying concrete error type may also satisfy other interfaces which
-// can be to used to obtain more specific information about the error.
-//
-// Calling Error() or String() will always include the full information about
-// an error based on its underlying type.
-//
-// Example:
-//
-//     output, err := s3manage.Upload(svc, input, opts)
-//     if err != nil {
-//         if awsErr, ok := err.(awserr.Error); ok {
-//             // Get error details
-//             log.Println("Error:", awsErr.Code(), awsErr.Message())
-//
-//             // Prints out full error message, including original error if there was one.
-//             log.Println("Error:", awsErr.Error())
-//
-//             // Get original error
-//             if origErr := awsErr.OrigErr(); origErr != nil {
-//                 // operate on original error.
-//             }
-//         } else {
-//             fmt.Println(err.Error())
-//         }
-//     }
-//
-type Error interface {
-	// Satisfy the generic error interface.
-	error
-
-	// Returns the short phrase depicting the classification of the error.
-	Code() string
-
-	// Returns the error details message.
-	Message() string
-
-	// Returns the original error if one was set.  Nil is returned if not set.
-	OrigErr() error
-}
-
-// BatchError is a batch of errors which also wraps lower level errors with
-// code, message, and original errors. Calling Error() will include all errors
-// that occurred in the batch.
-//
-// Deprecated: Replaced with BatchedErrors. Only defined for backwards
-// compatibility.
-type BatchError interface {
-	// Satisfy the generic error interface.
-	error
-
-	// Returns the short phrase depicting the classification of the error.
-	Code() string
-
-	// Returns the error details message.
-	Message() string
-
-	// Returns the original error if one was set.  Nil is returned if not set.
-	OrigErrs() []error
-}
-
-// BatchedErrors is a batch of errors which also wraps lower level errors with
-// code, message, and original errors. Calling Error() will include all errors
-// that occurred in the batch.
-//
-// Replaces BatchError
-type BatchedErrors interface {
-	// Satisfy the base Error interface.
-	Error
-
-	// Returns the original error if one was set.  Nil is returned if not set.
-	OrigErrs() []error
-}
-
-// New returns an Error object described by the code, message, and origErr.
-//
-// If origErr satisfies the Error interface it will not be wrapped within a new
-// Error object and will instead be returned.
-func New(code, message string, origErr error) Error {
-	var errs []error
-	if origErr != nil {
-		errs = append(errs, origErr)
-	}
-	return newBaseError(code, message, errs)
-}
-
-// NewBatchError returns an BatchedErrors with a collection of errors as an
-// array of errors.
-func NewBatchError(code, message string, errs []error) BatchedErrors {
-	return newBaseError(code, message, errs)
-}
-
-// A RequestFailure is an interface to extract request failure information from
-// an Error such as the request ID of the failed request returned by a service.
-// RequestFailures may not always have a requestID value if the request failed
-// prior to reaching the service such as a connection error.
-//
-// Example:
-//
-//     output, err := s3manage.Upload(svc, input, opts)
-//     if err != nil {
-//         if reqerr, ok := err.(RequestFailure); ok {
-//             log.Println("Request failed", reqerr.Code(), reqerr.Message(), reqerr.RequestID())
-//         } else {
-//             log.Println("Error:", err.Error())
-//         }
-//     }
-//
-// Combined with awserr.Error:
-//
-//    output, err := s3manage.Upload(svc, input, opts)
-//    if err != nil {
-//        if awsErr, ok := err.(awserr.Error); ok {
-//            // Generic AWS Error with Code, Message, and original error (if any)
-//            fmt.Println(awsErr.Code(), awsErr.Message(), awsErr.OrigErr())
-//
-//            if reqErr, ok := err.(awserr.RequestFailure); ok {
-//                // A service error occurred
-//                fmt.Println(reqErr.StatusCode(), reqErr.RequestID())
-//            }
-//        } else {
-//            fmt.Println(err.Error())
-//        }
-//    }
-//
-type RequestFailure interface {
-	Error
-
-	// The status code of the HTTP response.
-	StatusCode() int
-
-	// The request ID returned by the service for a request failure. This will
-	// be empty if no request ID is available such as the request failed due
-	// to a connection error.
-	RequestID() string
-}
-
-// NewRequestFailure returns a wrapped error with additional information for
-// request status code, and service requestID.
-//
-// Should be used to wrap all request which involve service requests. Even if
-// the request failed without a service response, but had an HTTP status code
-// that may be meaningful.
-func NewRequestFailure(err Error, statusCode int, reqID string) RequestFailure {
-	return newRequestError(err, statusCode, reqID)
-}
-
-// UnmarshalError provides the interface for the SDK failing to unmarshal data.
-type UnmarshalError interface {
-	awsError
-	Bytes() []byte
-}
-
-// NewUnmarshalError returns an initialized UnmarshalError error wrapper adding
-// the bytes that fail to unmarshal to the error.
-func NewUnmarshalError(err error, msg string, bytes []byte) UnmarshalError {
-	return &unmarshalError{
-		awsError: New("UnmarshalError", msg, err),
-		bytes:    bytes,
-	}
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/awserr/types.go b/vendor/github.com/aws/aws-sdk-go/aws/awserr/types.go
deleted file mode 100644
index 9cf7eaf40..000000000
--- a/vendor/github.com/aws/aws-sdk-go/aws/awserr/types.go
+++ /dev/null
@@ -1,221 +0,0 @@
-package awserr
-
-import (
-	"encoding/hex"
-	"fmt"
-)
-
-// SprintError returns a string of the formatted error code.
-//
-// Both extra and origErr are optional.  If they are included their lines
-// will be added, but if they are not included their lines will be ignored.
-func SprintError(code, message, extra string, origErr error) string {
-	msg := fmt.Sprintf("%s: %s", code, message)
-	if extra != "" {
-		msg = fmt.Sprintf("%s\n\t%s", msg, extra)
-	}
-	if origErr != nil {
-		msg = fmt.Sprintf("%s\ncaused by: %s", msg, origErr.Error())
-	}
-	return msg
-}
-
-// A baseError wraps the code and message which defines an error. It also
-// can be used to wrap an original error object.
-//
-// Should be used as the root for errors satisfying the awserr.Error. Also
-// for any error which does not fit into a specific error wrapper type.
-type baseError struct {
-	// Classification of error
-	code string
-
-	// Detailed information about error
-	message string
-
-	// Optional original error this error is based off of. Allows building
-	// chained errors.
-	errs []error
-}
-
-// newBaseError returns an error object for the code, message, and errors.
-//
-// code is a short no whitespace phrase depicting the classification of
-// the error that is being created.
-//
-// message is the free flow string containing detailed information about the
-// error.
-//
-// origErrs is the error objects which will be nested under the new errors to
-// be returned.
-func newBaseError(code, message string, origErrs []error) *baseError {
-	b := &baseError{
-		code:    code,
-		message: message,
-		errs:    origErrs,
-	}
-
-	return b
-}
-
-// Error returns the string representation of the error.
-//
-// See ErrorWithExtra for formatting.
-//
-// Satisfies the error interface.
-func (b baseError) Error() string {
-	size := len(b.errs)
-	if size > 0 {
-		return SprintError(b.code, b.message, "", errorList(b.errs))
-	}
-
-	return SprintError(b.code, b.message, "", nil)
-}
-
-// String returns the string representation of the error.
-// Alias for Error to satisfy the stringer interface.
-func (b baseError) String() string {
-	return b.Error()
-}
-
-// Code returns the short phrase depicting the classification of the error.
-func (b baseError) Code() string {
-	return b.code
-}
-
-// Message returns the error details message.
-func (b baseError) Message() string {
-	return b.message
-}
-
-// OrigErr returns the original error if one was set. Nil is returned if no
-// error was set. This only returns the first element in the list. If the full
-// list is needed, use BatchedErrors.
-func (b baseError) OrigErr() error {
-	switch len(b.errs) {
-	case 0:
-		return nil
-	case 1:
-		return b.errs[0]
-	default:
-		if err, ok := b.errs[0].(Error); ok {
-			return NewBatchError(err.Code(), err.Message(), b.errs[1:])
-		}
-		return NewBatchError("BatchedErrors",
-			"multiple errors occurred", b.errs)
-	}
-}
-
-// OrigErrs returns the original errors if one was set. An empty slice is
-// returned if no error was set.
-func (b baseError) OrigErrs() []error {
-	return b.errs
-}
-
-// So that the Error interface type can be included as an anonymous field
-// in the requestError struct and not conflict with the error.Error() method.
-type awsError Error
-
-// A requestError wraps a request or service error.
-//
-// Composed of baseError for code, message, and original error.
-type requestError struct {
-	awsError
-	statusCode int
-	requestID  string
-	bytes      []byte
-}
-
-// newRequestError returns a wrapped error with additional information for
-// request status code, and service requestID.
-//
-// Should be used to wrap all request which involve service requests. Even if
-// the request failed without a service response, but had an HTTP status code
-// that may be meaningful.
-//
-// Also wraps original errors via the baseError.
-func newRequestError(err Error, statusCode int, requestID string) *requestError {
-	return &requestError{
-		awsError:   err,
-		statusCode: statusCode,
-		requestID:  requestID,
-	}
-}
-
-// Error returns the string representation of the error.
-// Satisfies the error interface.
-func (r requestError) Error() string {
-	extra := fmt.Sprintf("status code: %d, request id: %s",
-		r.statusCode, r.requestID)
-	return SprintError(r.Code(), r.Message(), extra, r.OrigErr())
-}
-
-// String returns the string representation of the error.
-// Alias for Error to satisfy the stringer interface.
-func (r requestError) String() string {
-	return r.Error()
-}
-
-// StatusCode returns the wrapped status code for the error
-func (r requestError) StatusCode() int {
-	return r.statusCode
-}
-
-// RequestID returns the wrapped requestID
-func (r requestError) RequestID() string {
-	return r.requestID
-}
-
-// OrigErrs returns the original errors if one was set. An empty slice is
-// returned if no error was set.
-func (r requestError) OrigErrs() []error {
-	if b, ok := r.awsError.(BatchedErrors); ok {
-		return b.OrigErrs()
-	}
-	return []error{r.OrigErr()}
-}
-
-type unmarshalError struct {
-	awsError
-	bytes []byte
-}
-
-// Error returns the string representation of the error.
-// Satisfies the error interface.
-func (e unmarshalError) Error() string {
-	extra := hex.Dump(e.bytes)
-	return SprintError(e.Code(), e.Message(), extra, e.OrigErr())
-}
-
-// String returns the string representation of the error.
-// Alias for Error to satisfy the stringer interface.
-func (e unmarshalError) String() string {
-	return e.Error()
-}
-
-// Bytes returns the bytes that failed to unmarshal.
-func (e unmarshalError) Bytes() []byte {
-	return e.bytes
-}
-
-// An error list that satisfies the golang interface
-type errorList []error
-
-// Error returns the string representation of the error.
-//
-// Satisfies the error interface.
-func (e errorList) Error() string {
-	msg := ""
-	// How do we want to handle the array size being zero
-	if size := len(e); size > 0 {
-		for i := 0; i < size; i++ {
-			msg += e[i].Error()
-			// We check the next index to see if it is within the slice.
-			// If it is, then we append a newline. We do this, because unit tests
-			// could be broken with the additional '\n'
-			if i+1 < size {
-				msg += "\n"
-			}
-		}
-	}
-	return msg
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/awsutil/copy.go b/vendor/github.com/aws/aws-sdk-go/aws/awsutil/copy.go
deleted file mode 100644
index 1a3d106d5..000000000
--- a/vendor/github.com/aws/aws-sdk-go/aws/awsutil/copy.go
+++ /dev/null
@@ -1,108 +0,0 @@
-package awsutil
-
-import (
-	"io"
-	"reflect"
-	"time"
-)
-
-// Copy deeply copies a src structure to dst. Useful for copying request and
-// response structures.
-//
-// Can copy between structs of different type, but will only copy fields which
-// are assignable, and exist in both structs. Fields which are not assignable,
-// or do not exist in both structs are ignored.
-func Copy(dst, src interface{}) {
-	dstval := reflect.ValueOf(dst)
-	if !dstval.IsValid() {
-		panic("Copy dst cannot be nil")
-	}
-
-	rcopy(dstval, reflect.ValueOf(src), true)
-}
-
-// CopyOf returns a copy of src while also allocating the memory for dst.
-// src must be a pointer type or this operation will fail.
-func CopyOf(src interface{}) (dst interface{}) {
-	dsti := reflect.New(reflect.TypeOf(src).Elem())
-	dst = dsti.Interface()
-	rcopy(dsti, reflect.ValueOf(src), true)
-	return
-}
-
-// rcopy performs a recursive copy of values from the source to destination.
-//
-// root is used to skip certain aspects of the copy which are not valid
-// for the root node of a object.
-func rcopy(dst, src reflect.Value, root bool) {
-	if !src.IsValid() {
-		return
-	}
-
-	switch src.Kind() {
-	case reflect.Ptr:
-		if _, ok := src.Interface().(io.Reader); ok {
-			if dst.Kind() == reflect.Ptr && dst.Elem().CanSet() {
-				dst.Elem().Set(src)
-			} else if dst.CanSet() {
-				dst.Set(src)
-			}
-		} else {
-			e := src.Type().Elem()
-			if dst.CanSet() && !src.IsNil() {
-				if _, ok := src.Interface().(*time.Time); !ok {
-					dst.Set(reflect.New(e))
-				} else {
-					tempValue := reflect.New(e)
-					tempValue.Elem().Set(src.Elem())
-					// Sets time.Time's unexported values
-					dst.Set(tempValue)
-				}
-			}
-			if src.Elem().IsValid() {
-				// Keep the current root state since the depth hasn't changed
-				rcopy(dst.Elem(), src.Elem(), root)
-			}
-		}
-	case reflect.Struct:
-		t := dst.Type()
-		for i := 0; i < t.NumField(); i++ {
-			name := t.Field(i).Name
-			srcVal := src.FieldByName(name)
-			dstVal := dst.FieldByName(name)
-			if srcVal.IsValid() && dstVal.CanSet() {
-				rcopy(dstVal, srcVal, false)
-			}
-		}
-	case reflect.Slice:
-		if src.IsNil() {
-			break
-		}
-
-		s := reflect.MakeSlice(src.Type(), src.Len(), src.Cap())
-		dst.Set(s)
-		for i := 0; i < src.Len(); i++ {
-			rcopy(dst.Index(i), src.Index(i), false)
-		}
-	case reflect.Map:
-		if src.IsNil() {
-			break
-		}
-
-		s := reflect.MakeMap(src.Type())
-		dst.Set(s)
-		for _, k := range src.MapKeys() {
-			v := src.MapIndex(k)
-			v2 := reflect.New(v.Type()).Elem()
-			rcopy(v2, v, false)
-			dst.SetMapIndex(k, v2)
-		}
-	default:
-		// Assign the value if possible. If its not assignable, the value would
-		// need to be converted and the impact of that may be unexpected, or is
-		// not compatible with the dst type.
-		if src.Type().AssignableTo(dst.Type()) {
-			dst.Set(src)
-		}
-	}
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/awsutil/equal.go b/vendor/github.com/aws/aws-sdk-go/aws/awsutil/equal.go
deleted file mode 100644
index 142a7a01c..000000000
--- a/vendor/github.com/aws/aws-sdk-go/aws/awsutil/equal.go
+++ /dev/null
@@ -1,27 +0,0 @@
-package awsutil
-
-import (
-	"reflect"
-)
-
-// DeepEqual returns if the two values are deeply equal like reflect.DeepEqual.
-// In addition to this, this method will also dereference the input values if
-// possible so the DeepEqual performed will not fail if one parameter is a
-// pointer and the other is not.
-//
-// DeepEqual will not perform indirection of nested values of the input parameters.
-func DeepEqual(a, b interface{}) bool {
-	ra := reflect.Indirect(reflect.ValueOf(a))
-	rb := reflect.Indirect(reflect.ValueOf(b))
-
-	if raValid, rbValid := ra.IsValid(), rb.IsValid(); !raValid && !rbValid {
-		// If the elements are both nil, and of the same type they are equal
-		// If they are of different types they are not equal
-		return reflect.TypeOf(a) == reflect.TypeOf(b)
-	} else if raValid != rbValid {
-		// Both values must be valid to be equal
-		return false
-	}
-
-	return reflect.DeepEqual(ra.Interface(), rb.Interface())
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/awsutil/path_value.go b/vendor/github.com/aws/aws-sdk-go/aws/awsutil/path_value.go
deleted file mode 100644
index a4eb6a7f4..000000000
--- a/vendor/github.com/aws/aws-sdk-go/aws/awsutil/path_value.go
+++ /dev/null
@@ -1,221 +0,0 @@
-package awsutil
-
-import (
-	"reflect"
-	"regexp"
-	"strconv"
-	"strings"
-
-	"github.com/jmespath/go-jmespath"
-)
-
-var indexRe = regexp.MustCompile(`(.+)\[(-?\d+)?\]$`)
-
-// rValuesAtPath returns a slice of values found in value v. The values
-// in v are explored recursively so all nested values are collected.
-func rValuesAtPath(v interface{}, path string, createPath, caseSensitive, nilTerm bool) []reflect.Value {
-	pathparts := strings.Split(path, "||")
-	if len(pathparts) > 1 {
-		for _, pathpart := range pathparts {
-			vals := rValuesAtPath(v, pathpart, createPath, caseSensitive, nilTerm)
-			if len(vals) > 0 {
-				return vals
-			}
-		}
-		return nil
-	}
-
-	values := []reflect.Value{reflect.Indirect(reflect.ValueOf(v))}
-	components := strings.Split(path, ".")
-	for len(values) > 0 && len(components) > 0 {
-		var index *int64
-		var indexStar bool
-		c := strings.TrimSpace(components[0])
-		if c == "" { // no actual component, illegal syntax
-			return nil
-		} else if caseSensitive && c != "*" && strings.ToLower(c[0:1]) == c[0:1] {
-			// TODO normalize case for user
-			return nil // don't support unexported fields
-		}
-
-		// parse this component
-		if m := indexRe.FindStringSubmatch(c); m != nil {
-			c = m[1]
-			if m[2] == "" {
-				index = nil
-				indexStar = true
-			} else {
-				i, _ := strconv.ParseInt(m[2], 10, 32)
-				index = &i
-				indexStar = false
-			}
-		}
-
-		nextvals := []reflect.Value{}
-		for _, value := range values {
-			// pull component name out of struct member
-			if value.Kind() != reflect.Struct {
-				continue
-			}
-
-			if c == "*" { // pull all members
-				for i := 0; i < value.NumField(); i++ {
-					if f := reflect.Indirect(value.Field(i)); f.IsValid() {
-						nextvals = append(nextvals, f)
-					}
-				}
-				continue
-			}
-
-			value = value.FieldByNameFunc(func(name string) bool {
-				if c == name {
-					return true
-				} else if !caseSensitive && strings.EqualFold(name, c) {
-					return true
-				}
-				return false
-			})
-
-			if nilTerm && value.Kind() == reflect.Ptr && len(components[1:]) == 0 {
-				if !value.IsNil() {
-					value.Set(reflect.Zero(value.Type()))
-				}
-				return []reflect.Value{value}
-			}
-
-			if createPath && value.Kind() == reflect.Ptr && value.IsNil() {
-				// TODO if the value is the terminus it should not be created
-				// if the value to be set to its position is nil.
-				value.Set(reflect.New(value.Type().Elem()))
-				value = value.Elem()
-			} else {
-				value = reflect.Indirect(value)
-			}
-
-			if value.Kind() == reflect.Slice || value.Kind() == reflect.Map {
-				if !createPath && value.IsNil() {
-					value = reflect.ValueOf(nil)
-				}
-			}
-
-			if value.IsValid() {
-				nextvals = append(nextvals, value)
-			}
-		}
-		values = nextvals
-
-		if indexStar || index != nil {
-			nextvals = []reflect.Value{}
-			for _, valItem := range values {
-				value := reflect.Indirect(valItem)
-				if value.Kind() != reflect.Slice {
-					continue
-				}
-
-				if indexStar { // grab all indices
-					for i := 0; i < value.Len(); i++ {
-						idx := reflect.Indirect(value.Index(i))
-						if idx.IsValid() {
-							nextvals = append(nextvals, idx)
-						}
-					}
-					continue
-				}
-
-				// pull out index
-				i := int(*index)
-				if i >= value.Len() { // check out of bounds
-					if createPath {
-						// TODO resize slice
-					} else {
-						continue
-					}
-				} else if i < 0 { // support negative indexing
-					i = value.Len() + i
-				}
-				value = reflect.Indirect(value.Index(i))
-
-				if value.Kind() == reflect.Slice || value.Kind() == reflect.Map {
-					if !createPath && value.IsNil() {
-						value = reflect.ValueOf(nil)
-					}
-				}
-
-				if value.IsValid() {
-					nextvals = append(nextvals, value)
-				}
-			}
-			values = nextvals
-		}
-
-		components = components[1:]
-	}
-	return values
-}
-
-// ValuesAtPath returns a list of values at the case insensitive lexical
-// path inside of a structure.
-func ValuesAtPath(i interface{}, path string) ([]interface{}, error) {
-	result, err := jmespath.Search(path, i)
-	if err != nil {
-		return nil, err
-	}
-
-	v := reflect.ValueOf(result)
-	if !v.IsValid() || (v.Kind() == reflect.Ptr && v.IsNil()) {
-		return nil, nil
-	}
-	if s, ok := result.([]interface{}); ok {
-		return s, err
-	}
-	if v.Kind() == reflect.Map && v.Len() == 0 {
-		return nil, nil
-	}
-	if v.Kind() == reflect.Slice {
-		out := make([]interface{}, v.Len())
-		for i := 0; i < v.Len(); i++ {
-			out[i] = v.Index(i).Interface()
-		}
-		return out, nil
-	}
-
-	return []interface{}{result}, nil
-}
-
-// SetValueAtPath sets a value at the case insensitive lexical path inside
-// of a structure.
-func SetValueAtPath(i interface{}, path string, v interface{}) {
-	rvals := rValuesAtPath(i, path, true, false, v == nil)
-	for _, rval := range rvals {
-		if rval.Kind() == reflect.Ptr && rval.IsNil() {
-			continue
-		}
-		setValue(rval, v)
-	}
-}
-
-func setValue(dstVal reflect.Value, src interface{}) {
-	if dstVal.Kind() == reflect.Ptr {
-		dstVal = reflect.Indirect(dstVal)
-	}
-	srcVal := reflect.ValueOf(src)
-
-	if !srcVal.IsValid() { // src is literal nil
-		if dstVal.CanAddr() {
-			// Convert to pointer so that pointer's value can be nil'ed
-			//                     dstVal = dstVal.Addr()
-		}
-		dstVal.Set(reflect.Zero(dstVal.Type()))
-
-	} else if srcVal.Kind() == reflect.Ptr {
-		if srcVal.IsNil() {
-			srcVal = reflect.Zero(dstVal.Type())
-		} else {
-			srcVal = reflect.ValueOf(src).Elem()
-		}
-		dstVal.Set(srcVal)
-	} else {
-		dstVal.Set(srcVal)
-	}
-
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/awsutil/prettify.go b/vendor/github.com/aws/aws-sdk-go/aws/awsutil/prettify.go
deleted file mode 100644
index 11d4240d6..000000000
--- a/vendor/github.com/aws/aws-sdk-go/aws/awsutil/prettify.go
+++ /dev/null
@@ -1,123 +0,0 @@
-package awsutil
-
-import (
-	"bytes"
-	"fmt"
-	"io"
-	"reflect"
-	"strings"
-)
-
-// Prettify returns the string representation of a value.
-func Prettify(i interface{}) string {
-	var buf bytes.Buffer
-	prettify(reflect.ValueOf(i), 0, &buf)
-	return buf.String()
-}
-
-// prettify will recursively walk value v to build a textual
-// representation of the value.
-func prettify(v reflect.Value, indent int, buf *bytes.Buffer) {
-	for v.Kind() == reflect.Ptr {
-		v = v.Elem()
-	}
-
-	switch v.Kind() {
-	case reflect.Struct:
-		strtype := v.Type().String()
-		if strtype == "time.Time" {
-			fmt.Fprintf(buf, "%s", v.Interface())
-			break
-		} else if strings.HasPrefix(strtype, "io.") {
-			buf.WriteString("<buffer>")
-			break
-		}
-
-		buf.WriteString("{\n")
-
-		names := []string{}
-		for i := 0; i < v.Type().NumField(); i++ {
-			name := v.Type().Field(i).Name
-			f := v.Field(i)
-			if name[0:1] == strings.ToLower(name[0:1]) {
-				continue // ignore unexported fields
-			}
-			if (f.Kind() == reflect.Ptr || f.Kind() == reflect.Slice || f.Kind() == reflect.Map) && f.IsNil() {
-				continue // ignore unset fields
-			}
-			names = append(names, name)
-		}
-
-		for i, n := range names {
-			val := v.FieldByName(n)
-			ft, ok := v.Type().FieldByName(n)
-			if !ok {
-				panic(fmt.Sprintf("expected to find field %v on type %v, but was not found", n, v.Type()))
-			}
-
-			buf.WriteString(strings.Repeat(" ", indent+2))
-			buf.WriteString(n + ": ")
-
-			if tag := ft.Tag.Get("sensitive"); tag == "true" {
-				buf.WriteString("<sensitive>")
-			} else {
-				prettify(val, indent+2, buf)
-			}
-
-			if i < len(names)-1 {
-				buf.WriteString(",\n")
-			}
-		}
-
-		buf.WriteString("\n" + strings.Repeat(" ", indent) + "}")
-	case reflect.Slice:
-		strtype := v.Type().String()
-		if strtype == "[]uint8" {
-			fmt.Fprintf(buf, "<binary> len %d", v.Len())
-			break
-		}
-
-		nl, id, id2 := "", "", ""
-		if v.Len() > 3 {
-			nl, id, id2 = "\n", strings.Repeat(" ", indent), strings.Repeat(" ", indent+2)
-		}
-		buf.WriteString("[" + nl)
-		for i := 0; i < v.Len(); i++ {
-			buf.WriteString(id2)
-			prettify(v.Index(i), indent+2, buf)
-
-			if i < v.Len()-1 {
-				buf.WriteString("," + nl)
-			}
-		}
-
-		buf.WriteString(nl + id + "]")
-	case reflect.Map:
-		buf.WriteString("{\n")
-
-		for i, k := range v.MapKeys() {
-			buf.WriteString(strings.Repeat(" ", indent+2))
-			buf.WriteString(k.String() + ": ")
-			prettify(v.MapIndex(k), indent+2, buf)
-
-			if i < v.Len()-1 {
-				buf.WriteString(",\n")
-			}
-		}
-
-		buf.WriteString("\n" + strings.Repeat(" ", indent) + "}")
-	default:
-		if !v.IsValid() {
-			fmt.Fprint(buf, "<invalid value>")
-			return
-		}
-		format := "%v"
-		switch v.Interface().(type) {
-		case string:
-			format = "%q"
-		case io.ReadSeeker, io.Reader:
-			format = "buffer(%p)"
-		}
-		fmt.Fprintf(buf, format, v.Interface())
-	}
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/awsutil/string_value.go b/vendor/github.com/aws/aws-sdk-go/aws/awsutil/string_value.go
deleted file mode 100644
index 3f7cffd95..000000000
--- a/vendor/github.com/aws/aws-sdk-go/aws/awsutil/string_value.go
+++ /dev/null
@@ -1,90 +0,0 @@
-package awsutil
-
-import (
-	"bytes"
-	"fmt"
-	"reflect"
-	"strings"
-)
-
-// StringValue returns the string representation of a value.
-//
-// Deprecated: Use Prettify instead.
-func StringValue(i interface{}) string {
-	var buf bytes.Buffer
-	stringValue(reflect.ValueOf(i), 0, &buf)
-	return buf.String()
-}
-
-func stringValue(v reflect.Value, indent int, buf *bytes.Buffer) {
-	for v.Kind() == reflect.Ptr {
-		v = v.Elem()
-	}
-
-	switch v.Kind() {
-	case reflect.Struct:
-		buf.WriteString("{\n")
-
-		for i := 0; i < v.Type().NumField(); i++ {
-			ft := v.Type().Field(i)
-			fv := v.Field(i)
-
-			if ft.Name[0:1] == strings.ToLower(ft.Name[0:1]) {
-				continue // ignore unexported fields
-			}
-			if (fv.Kind() == reflect.Ptr || fv.Kind() == reflect.Slice) && fv.IsNil() {
-				continue // ignore unset fields
-			}
-
-			buf.WriteString(strings.Repeat(" ", indent+2))
-			buf.WriteString(ft.Name + ": ")
-
-			if tag := ft.Tag.Get("sensitive"); tag == "true" {
-				buf.WriteString("<sensitive>")
-			} else {
-				stringValue(fv, indent+2, buf)
-			}
-
-			buf.WriteString(",\n")
-		}
-
-		buf.WriteString("\n" + strings.Repeat(" ", indent) + "}")
-	case reflect.Slice:
-		nl, id, id2 := "", "", ""
-		if v.Len() > 3 {
-			nl, id, id2 = "\n", strings.Repeat(" ", indent), strings.Repeat(" ", indent+2)
-		}
-		buf.WriteString("[" + nl)
-		for i := 0; i < v.Len(); i++ {
-			buf.WriteString(id2)
-			stringValue(v.Index(i), indent+2, buf)
-
-			if i < v.Len()-1 {
-				buf.WriteString("," + nl)
-			}
-		}
-
-		buf.WriteString(nl + id + "]")
-	case reflect.Map:
-		buf.WriteString("{\n")
-
-		for i, k := range v.MapKeys() {
-			buf.WriteString(strings.Repeat(" ", indent+2))
-			buf.WriteString(k.String() + ": ")
-			stringValue(v.MapIndex(k), indent+2, buf)
-
-			if i < v.Len()-1 {
-				buf.WriteString(",\n")
-			}
-		}
-
-		buf.WriteString("\n" + strings.Repeat(" ", indent) + "}")
-	default:
-		format := "%v"
-		switch v.Interface().(type) {
-		case string:
-			format = "%q"
-		}
-		fmt.Fprintf(buf, format, v.Interface())
-	}
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/client/client.go b/vendor/github.com/aws/aws-sdk-go/aws/client/client.go
deleted file mode 100644
index b147f103c..000000000
--- a/vendor/github.com/aws/aws-sdk-go/aws/client/client.go
+++ /dev/null
@@ -1,94 +0,0 @@
-package client
-
-import (
-	"fmt"
-
-	"github.com/aws/aws-sdk-go/aws"
-	"github.com/aws/aws-sdk-go/aws/client/metadata"
-	"github.com/aws/aws-sdk-go/aws/request"
-)
-
-// A Config provides configuration to a service client instance.
-type Config struct {
-	Config         *aws.Config
-	Handlers       request.Handlers
-	PartitionID    string
-	Endpoint       string
-	SigningRegion  string
-	SigningName    string
-	ResolvedRegion string
-
-	// States that the signing name did not come from a modeled source but
-	// was derived based on other data. Used by service client constructors
-	// to determine if the signin name can be overridden based on metadata the
-	// service has.
-	SigningNameDerived bool
-}
-
-// ConfigProvider provides a generic way for a service client to receive
-// the ClientConfig without circular dependencies.
-type ConfigProvider interface {
-	ClientConfig(serviceName string, cfgs ...*aws.Config) Config
-}
-
-// ConfigNoResolveEndpointProvider same as ConfigProvider except it will not
-// resolve the endpoint automatically. The service client's endpoint must be
-// provided via the aws.Config.Endpoint field.
-type ConfigNoResolveEndpointProvider interface {
-	ClientConfigNoResolveEndpoint(cfgs ...*aws.Config) Config
-}
-
-// A Client implements the base client request and response handling
-// used by all service clients.
-type Client struct {
-	request.Retryer
-	metadata.ClientInfo
-
-	Config   aws.Config
-	Handlers request.Handlers
-}
-
-// New will return a pointer to a new initialized service client.
-func New(cfg aws.Config, info metadata.ClientInfo, handlers request.Handlers, options ...func(*Client)) *Client {
-	svc := &Client{
-		Config:     cfg,
-		ClientInfo: info,
-		Handlers:   handlers.Copy(),
-	}
-
-	switch retryer, ok := cfg.Retryer.(request.Retryer); {
-	case ok:
-		svc.Retryer = retryer
-	case cfg.Retryer != nil && cfg.Logger != nil:
-		s := fmt.Sprintf("WARNING: %T does not implement request.Retryer; using DefaultRetryer instead", cfg.Retryer)
-		cfg.Logger.Log(s)
-		fallthrough
-	default:
-		maxRetries := aws.IntValue(cfg.MaxRetries)
-		if cfg.MaxRetries == nil || maxRetries == aws.UseServiceDefaultRetries {
-			maxRetries = DefaultRetryerMaxNumRetries
-		}
-		svc.Retryer = DefaultRetryer{NumMaxRetries: maxRetries}
-	}
-
-	svc.AddDebugHandlers()
-
-	for _, option := range options {
-		option(svc)
-	}
-
-	return svc
-}
-
-// NewRequest returns a new Request pointer for the service API
-// operation and parameters.
-func (c *Client) NewRequest(operation *request.Operation, params interface{}, data interface{}) *request.Request {
-	return request.New(c.Config, c.ClientInfo, c.Handlers, c.Retryer, operation, params, data)
-}
-
-// AddDebugHandlers injects debug logging handlers into the service to log request
-// debug information.
-func (c *Client) AddDebugHandlers() {
-	c.Handlers.Send.PushFrontNamed(LogHTTPRequestHandler)
-	c.Handlers.Send.PushBackNamed(LogHTTPResponseHandler)
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/client/default_retryer.go b/vendor/github.com/aws/aws-sdk-go/aws/client/default_retryer.go
deleted file mode 100644
index 9f6af19dd..000000000
--- a/vendor/github.com/aws/aws-sdk-go/aws/client/default_retryer.go
+++ /dev/null
@@ -1,177 +0,0 @@
-package client
-
-import (
-	"math"
-	"strconv"
-	"time"
-
-	"github.com/aws/aws-sdk-go/aws/request"
-	"github.com/aws/aws-sdk-go/internal/sdkrand"
-)
-
-// DefaultRetryer implements basic retry logic using exponential backoff for
-// most services. If you want to implement custom retry logic, you can implement the
-// request.Retryer interface.
-//
-type DefaultRetryer struct {
-	// Num max Retries is the number of max retries that will be performed.
-	// By default, this is zero.
-	NumMaxRetries int
-
-	// MinRetryDelay is the minimum retry delay after which retry will be performed.
-	// If not set, the value is 0ns.
-	MinRetryDelay time.Duration
-
-	// MinThrottleRetryDelay is the minimum retry delay when throttled.
-	// If not set, the value is 0ns.
-	MinThrottleDelay time.Duration
-
-	// MaxRetryDelay is the maximum retry delay before which retry must be performed.
-	// If not set, the value is 0ns.
-	MaxRetryDelay time.Duration
-
-	// MaxThrottleDelay is the maximum retry delay when throttled.
-	// If not set, the value is 0ns.
-	MaxThrottleDelay time.Duration
-}
-
-const (
-	// DefaultRetryerMaxNumRetries sets maximum number of retries
-	DefaultRetryerMaxNumRetries = 3
-
-	// DefaultRetryerMinRetryDelay sets minimum retry delay
-	DefaultRetryerMinRetryDelay = 30 * time.Millisecond
-
-	// DefaultRetryerMinThrottleDelay sets minimum delay when throttled
-	DefaultRetryerMinThrottleDelay = 500 * time.Millisecond
-
-	// DefaultRetryerMaxRetryDelay sets maximum retry delay
-	DefaultRetryerMaxRetryDelay = 300 * time.Second
-
-	// DefaultRetryerMaxThrottleDelay sets maximum delay when throttled
-	DefaultRetryerMaxThrottleDelay = 300 * time.Second
-)
-
-// MaxRetries returns the number of maximum returns the service will use to make
-// an individual API request.
-func (d DefaultRetryer) MaxRetries() int {
-	return d.NumMaxRetries
-}
-
-// setRetryerDefaults sets the default values of the retryer if not set
-func (d *DefaultRetryer) setRetryerDefaults() {
-	if d.MinRetryDelay == 0 {
-		d.MinRetryDelay = DefaultRetryerMinRetryDelay
-	}
-	if d.MaxRetryDelay == 0 {
-		d.MaxRetryDelay = DefaultRetryerMaxRetryDelay
-	}
-	if d.MinThrottleDelay == 0 {
-		d.MinThrottleDelay = DefaultRetryerMinThrottleDelay
-	}
-	if d.MaxThrottleDelay == 0 {
-		d.MaxThrottleDelay = DefaultRetryerMaxThrottleDelay
-	}
-}
-
-// RetryRules returns the delay duration before retrying this request again
-func (d DefaultRetryer) RetryRules(r *request.Request) time.Duration {
-
-	// if number of max retries is zero, no retries will be performed.
-	if d.NumMaxRetries == 0 {
-		return 0
-	}
-
-	// Sets default value for retryer members
-	d.setRetryerDefaults()
-
-	// minDelay is the minimum retryer delay
-	minDelay := d.MinRetryDelay
-
-	var initialDelay time.Duration
-
-	isThrottle := r.IsErrorThrottle()
-	if isThrottle {
-		if delay, ok := getRetryAfterDelay(r); ok {
-			initialDelay = delay
-		}
-		minDelay = d.MinThrottleDelay
-	}
-
-	retryCount := r.RetryCount
-
-	// maxDelay the maximum retryer delay
-	maxDelay := d.MaxRetryDelay
-
-	if isThrottle {
-		maxDelay = d.MaxThrottleDelay
-	}
-
-	var delay time.Duration
-
-	// Logic to cap the retry count based on the minDelay provided
-	actualRetryCount := int(math.Log2(float64(minDelay))) + 1
-	if actualRetryCount < 63-retryCount {
-		delay = time.Duration(1<<uint64(retryCount)) * getJitterDelay(minDelay)
-		if delay > maxDelay {
-			delay = getJitterDelay(maxDelay / 2)
-		}
-	} else {
-		delay = getJitterDelay(maxDelay / 2)
-	}
-	return delay + initialDelay
-}
-
-// getJitterDelay returns a jittered delay for retry
-func getJitterDelay(duration time.Duration) time.Duration {
-	return time.Duration(sdkrand.SeededRand.Int63n(int64(duration)) + int64(duration))
-}
-
-// ShouldRetry returns true if the request should be retried.
-func (d DefaultRetryer) ShouldRetry(r *request.Request) bool {
-
-	// ShouldRetry returns false if number of max retries is 0.
-	if d.NumMaxRetries == 0 {
-		return false
-	}
-
-	// If one of the other handlers already set the retry state
-	// we don't want to override it based on the service's state
-	if r.Retryable != nil {
-		return *r.Retryable
-	}
-	return r.IsErrorRetryable() || r.IsErrorThrottle()
-}
-
-// This will look in the Retry-After header, RFC 7231, for how long
-// it will wait before attempting another request
-func getRetryAfterDelay(r *request.Request) (time.Duration, bool) {
-	if !canUseRetryAfterHeader(r) {
-		return 0, false
-	}
-
-	delayStr := r.HTTPResponse.Header.Get("Retry-After")
-	if len(delayStr) == 0 {
-		return 0, false
-	}
-
-	delay, err := strconv.Atoi(delayStr)
-	if err != nil {
-		return 0, false
-	}
-
-	return time.Duration(delay) * time.Second, true
-}
-
-// Will look at the status code to see if the retry header pertains to
-// the status code.
-func canUseRetryAfterHeader(r *request.Request) bool {
-	switch r.HTTPResponse.StatusCode {
-	case 429:
-	case 503:
-	default:
-		return false
-	}
-
-	return true
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/client/logger.go b/vendor/github.com/aws/aws-sdk-go/aws/client/logger.go
deleted file mode 100644
index 5ac5c24a1..000000000
--- a/vendor/github.com/aws/aws-sdk-go/aws/client/logger.go
+++ /dev/null
@@ -1,206 +0,0 @@
-package client
-
-import (
-	"bytes"
-	"fmt"
-	"io"
-	"io/ioutil"
-	"net/http/httputil"
-
-	"github.com/aws/aws-sdk-go/aws"
-	"github.com/aws/aws-sdk-go/aws/request"
-)
-
-const logReqMsg = `DEBUG: Request %s/%s Details:
----[ REQUEST POST-SIGN ]-----------------------------
-%s
------------------------------------------------------`
-
-const logReqErrMsg = `DEBUG ERROR: Request %s/%s:
----[ REQUEST DUMP ERROR ]-----------------------------
-%s
-------------------------------------------------------`
-
-type logWriter struct {
-	// Logger is what we will use to log the payload of a response.
-	Logger aws.Logger
-	// buf stores the contents of what has been read
-	buf *bytes.Buffer
-}
-
-func (logger *logWriter) Write(b []byte) (int, error) {
-	return logger.buf.Write(b)
-}
-
-type teeReaderCloser struct {
-	// io.Reader will be a tee reader that is used during logging.
-	// This structure will read from a body and write the contents to a logger.
-	io.Reader
-	// Source is used just to close when we are done reading.
-	Source io.ReadCloser
-}
-
-func (reader *teeReaderCloser) Close() error {
-	return reader.Source.Close()
-}
-
-// LogHTTPRequestHandler is a SDK request handler to log the HTTP request sent
-// to a service. Will include the HTTP request body if the LogLevel of the
-// request matches LogDebugWithHTTPBody.
-var LogHTTPRequestHandler = request.NamedHandler{
-	Name: "awssdk.client.LogRequest",
-	Fn:   logRequest,
-}
-
-func logRequest(r *request.Request) {
-	if !r.Config.LogLevel.AtLeast(aws.LogDebug) || r.Config.Logger == nil {
-		return
-	}
-
-	logBody := r.Config.LogLevel.Matches(aws.LogDebugWithHTTPBody)
-	bodySeekable := aws.IsReaderSeekable(r.Body)
-
-	b, err := httputil.DumpRequestOut(r.HTTPRequest, logBody)
-	if err != nil {
-		r.Config.Logger.Log(fmt.Sprintf(logReqErrMsg,
-			r.ClientInfo.ServiceName, r.Operation.Name, err))
-		return
-	}
-
-	if logBody {
-		if !bodySeekable {
-			r.SetReaderBody(aws.ReadSeekCloser(r.HTTPRequest.Body))
-		}
-		// Reset the request body because dumpRequest will re-wrap the
-		// r.HTTPRequest's Body as a NoOpCloser and will not be reset after
-		// read by the HTTP client reader.
-		if err := r.Error; err != nil {
-			r.Config.Logger.Log(fmt.Sprintf(logReqErrMsg,
-				r.ClientInfo.ServiceName, r.Operation.Name, err))
-			return
-		}
-	}
-
-	r.Config.Logger.Log(fmt.Sprintf(logReqMsg,
-		r.ClientInfo.ServiceName, r.Operation.Name, string(b)))
-}
-
-// LogHTTPRequestHeaderHandler is a SDK request handler to log the HTTP request sent
-// to a service. Will only log the HTTP request's headers. The request payload
-// will not be read.
-var LogHTTPRequestHeaderHandler = request.NamedHandler{
-	Name: "awssdk.client.LogRequestHeader",
-	Fn:   logRequestHeader,
-}
-
-func logRequestHeader(r *request.Request) {
-	if !r.Config.LogLevel.AtLeast(aws.LogDebug) || r.Config.Logger == nil {
-		return
-	}
-
-	b, err := httputil.DumpRequestOut(r.HTTPRequest, false)
-	if err != nil {
-		r.Config.Logger.Log(fmt.Sprintf(logReqErrMsg,
-			r.ClientInfo.ServiceName, r.Operation.Name, err))
-		return
-	}
-
-	r.Config.Logger.Log(fmt.Sprintf(logReqMsg,
-		r.ClientInfo.ServiceName, r.Operation.Name, string(b)))
-}
-
-const logRespMsg = `DEBUG: Response %s/%s Details:
----[ RESPONSE ]--------------------------------------
-%s
------------------------------------------------------`
-
-const logRespErrMsg = `DEBUG ERROR: Response %s/%s:
----[ RESPONSE DUMP ERROR ]-----------------------------
-%s
------------------------------------------------------`
-
-// LogHTTPResponseHandler is a SDK request handler to log the HTTP response
-// received from a service. Will include the HTTP response body if the LogLevel
-// of the request matches LogDebugWithHTTPBody.
-var LogHTTPResponseHandler = request.NamedHandler{
-	Name: "awssdk.client.LogResponse",
-	Fn:   logResponse,
-}
-
-func logResponse(r *request.Request) {
-	if !r.Config.LogLevel.AtLeast(aws.LogDebug) || r.Config.Logger == nil {
-		return
-	}
-
-	lw := &logWriter{r.Config.Logger, bytes.NewBuffer(nil)}
-
-	if r.HTTPResponse == nil {
-		lw.Logger.Log(fmt.Sprintf(logRespErrMsg,
-			r.ClientInfo.ServiceName, r.Operation.Name, "request's HTTPResponse is nil"))
-		return
-	}
-
-	logBody := r.Config.LogLevel.Matches(aws.LogDebugWithHTTPBody)
-	if logBody {
-		r.HTTPResponse.Body = &teeReaderCloser{
-			Reader: io.TeeReader(r.HTTPResponse.Body, lw),
-			Source: r.HTTPResponse.Body,
-		}
-	}
-
-	handlerFn := func(req *request.Request) {
-		b, err := httputil.DumpResponse(req.HTTPResponse, false)
-		if err != nil {
-			lw.Logger.Log(fmt.Sprintf(logRespErrMsg,
-				req.ClientInfo.ServiceName, req.Operation.Name, err))
-			return
-		}
-
-		lw.Logger.Log(fmt.Sprintf(logRespMsg,
-			req.ClientInfo.ServiceName, req.Operation.Name, string(b)))
-
-		if logBody {
-			b, err := ioutil.ReadAll(lw.buf)
-			if err != nil {
-				lw.Logger.Log(fmt.Sprintf(logRespErrMsg,
-					req.ClientInfo.ServiceName, req.Operation.Name, err))
-				return
-			}
-
-			lw.Logger.Log(string(b))
-		}
-	}
-
-	const handlerName = "awsdk.client.LogResponse.ResponseBody"
-
-	r.Handlers.Unmarshal.SetBackNamed(request.NamedHandler{
-		Name: handlerName, Fn: handlerFn,
-	})
-	r.Handlers.UnmarshalError.SetBackNamed(request.NamedHandler{
-		Name: handlerName, Fn: handlerFn,
-	})
-}
-
-// LogHTTPResponseHeaderHandler is a SDK request handler to log the HTTP
-// response received from a service. Will only log the HTTP response's headers.
-// The response payload will not be read.
-var LogHTTPResponseHeaderHandler = request.NamedHandler{
-	Name: "awssdk.client.LogResponseHeader",
-	Fn:   logResponseHeader,
-}
-
-func logResponseHeader(r *request.Request) {
-	if !r.Config.LogLevel.AtLeast(aws.LogDebug) || r.Config.Logger == nil {
-		return
-	}
-
-	b, err := httputil.DumpResponse(r.HTTPResponse, false)
-	if err != nil {
-		r.Config.Logger.Log(fmt.Sprintf(logRespErrMsg,
-			r.ClientInfo.ServiceName, r.Operation.Name, err))
-		return
-	}
-
-	r.Config.Logger.Log(fmt.Sprintf(logRespMsg,
-		r.ClientInfo.ServiceName, r.Operation.Name, string(b)))
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/client/metadata/client_info.go b/vendor/github.com/aws/aws-sdk-go/aws/client/metadata/client_info.go
deleted file mode 100644
index a7530ebb3..000000000
--- a/vendor/github.com/aws/aws-sdk-go/aws/client/metadata/client_info.go
+++ /dev/null
@@ -1,15 +0,0 @@
-package metadata
-
-// ClientInfo wraps immutable data from the client.Client structure.
-type ClientInfo struct {
-	ServiceName    string
-	ServiceID      string
-	APIVersion     string
-	PartitionID    string
-	Endpoint       string
-	SigningName    string
-	SigningRegion  string
-	JSONVersion    string
-	TargetPrefix   string
-	ResolvedRegion string
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/client/no_op_retryer.go b/vendor/github.com/aws/aws-sdk-go/aws/client/no_op_retryer.go
deleted file mode 100644
index 881d575f0..000000000
--- a/vendor/github.com/aws/aws-sdk-go/aws/client/no_op_retryer.go
+++ /dev/null
@@ -1,28 +0,0 @@
-package client
-
-import (
-	"time"
-
-	"github.com/aws/aws-sdk-go/aws/request"
-)
-
-// NoOpRetryer provides a retryer that performs no retries.
-// It should be used when we do not want retries to be performed.
-type NoOpRetryer struct{}
-
-// MaxRetries returns the number of maximum returns the service will use to make
-// an individual API; For NoOpRetryer the MaxRetries will always be zero.
-func (d NoOpRetryer) MaxRetries() int {
-	return 0
-}
-
-// ShouldRetry will always return false for NoOpRetryer, as it should never retry.
-func (d NoOpRetryer) ShouldRetry(_ *request.Request) bool {
-	return false
-}
-
-// RetryRules returns the delay duration before retrying this request again;
-// since NoOpRetryer does not retry, RetryRules always returns 0.
-func (d NoOpRetryer) RetryRules(_ *request.Request) time.Duration {
-	return 0
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/config.go b/vendor/github.com/aws/aws-sdk-go/aws/config.go
deleted file mode 100644
index 776e31b21..000000000
--- a/vendor/github.com/aws/aws-sdk-go/aws/config.go
+++ /dev/null
@@ -1,659 +0,0 @@
-package aws
-
-import (
-	"net/http"
-	"time"
-
-	"github.com/aws/aws-sdk-go/aws/credentials"
-	"github.com/aws/aws-sdk-go/aws/endpoints"
-)
-
-// UseServiceDefaultRetries instructs the config to use the service's own
-// default number of retries. This will be the default action if
-// Config.MaxRetries is nil also.
-const UseServiceDefaultRetries = -1
-
-// RequestRetryer is an alias for a type that implements the request.Retryer
-// interface.
-type RequestRetryer interface{}
-
-// A Config provides service configuration for service clients. By default,
-// all clients will use the defaults.DefaultConfig structure.
-//
-//	// Create Session with MaxRetries configuration to be shared by multiple
-//	// service clients.
-//	sess := session.Must(session.NewSession(&aws.Config{
-//	    MaxRetries: aws.Int(3),
-//	}))
-//
-//	// Create S3 service client with a specific Region.
-//	svc := s3.New(sess, &aws.Config{
-//	    Region: aws.String("us-west-2"),
-//	})
-type Config struct {
-	// Enables verbose error printing of all credential chain errors.
-	// Should be used when wanting to see all errors while attempting to
-	// retrieve credentials.
-	CredentialsChainVerboseErrors *bool
-
-	// The credentials object to use when signing requests. Defaults to a
-	// chain of credential providers to search for credentials in environment
-	// variables, shared credential file, and EC2 Instance Roles.
-	Credentials *credentials.Credentials
-
-	// An optional endpoint URL (hostname only or fully qualified URI)
-	// that overrides the default generated endpoint for a client. Set this
-	// to `nil` or the value to `""` to use the default generated endpoint.
-	//
-	// Note: You must still provide a `Region` value when specifying an
-	// endpoint for a client.
-	Endpoint *string
-
-	// The resolver to use for looking up endpoints for AWS service clients
-	// to use based on region.
-	EndpointResolver endpoints.Resolver
-
-	// EnforceShouldRetryCheck is used in the AfterRetryHandler to always call
-	// ShouldRetry regardless of whether or not if request.Retryable is set.
-	// This will utilize ShouldRetry method of custom retryers. If EnforceShouldRetryCheck
-	// is not set, then ShouldRetry will only be called if request.Retryable is nil.
-	// Proper handling of the request.Retryable field is important when setting this field.
-	EnforceShouldRetryCheck *bool
-
-	// The region to send requests to. This parameter is required and must
-	// be configured globally or on a per-client basis unless otherwise
-	// noted. A full list of regions is found in the "Regions and Endpoints"
-	// document.
-	//
-	// See http://docs.aws.amazon.com/general/latest/gr/rande.html for AWS
-	// Regions and Endpoints.
-	Region *string
-
-	// Set this to `true` to disable SSL when sending requests. Defaults
-	// to `false`.
-	DisableSSL *bool
-
-	// The HTTP client to use when sending requests. Defaults to
-	// `http.DefaultClient`.
-	HTTPClient *http.Client
-
-	// An integer value representing the logging level. The default log level
-	// is zero (LogOff), which represents no logging. To enable logging set
-	// to a LogLevel Value.
-	LogLevel *LogLevelType
-
-	// The logger writer interface to write logging messages to. Defaults to
-	// standard out.
-	Logger Logger
-
-	// The maximum number of times that a request will be retried for failures.
-	// Defaults to -1, which defers the max retry setting to the service
-	// specific configuration.
-	MaxRetries *int
-
-	// Retryer guides how HTTP requests should be retried in case of
-	// recoverable failures.
-	//
-	// When nil or the value does not implement the request.Retryer interface,
-	// the client.DefaultRetryer will be used.
-	//
-	// When both Retryer and MaxRetries are non-nil, the former is used and
-	// the latter ignored.
-	//
-	// To set the Retryer field in a type-safe manner and with chaining, use
-	// the request.WithRetryer helper function:
-	//
-	//   cfg := request.WithRetryer(aws.NewConfig(), myRetryer)
-	//
-	Retryer RequestRetryer
-
-	// Disables semantic parameter validation, which validates input for
-	// missing required fields and/or other semantic request input errors.
-	DisableParamValidation *bool
-
-	// Disables the computation of request and response checksums, e.g.,
-	// CRC32 checksums in Amazon DynamoDB.
-	DisableComputeChecksums *bool
-
-	// Set this to `true` to force the request to use path-style addressing,
-	// i.e., `http://s3.amazonaws.com/BUCKET/KEY`. By default, the S3 client
-	// will use virtual hosted bucket addressing when possible
-	// (`http://BUCKET.s3.amazonaws.com/KEY`).
-	//
-	// Note: This configuration option is specific to the Amazon S3 service.
-	//
-	// See http://docs.aws.amazon.com/AmazonS3/latest/dev/VirtualHosting.html
-	// for Amazon S3: Virtual Hosting of Buckets
-	S3ForcePathStyle *bool
-
-	// Set this to `true` to disable the SDK adding the `Expect: 100-Continue`
-	// header to PUT requests over 2MB of content. 100-Continue instructs the
-	// HTTP client not to send the body until the service responds with a
-	// `continue` status. This is useful to prevent sending the request body
-	// until after the request is authenticated, and validated.
-	//
-	// http://docs.aws.amazon.com/AmazonS3/latest/API/RESTObjectPUT.html
-	//
-	// 100-Continue is only enabled for Go 1.6 and above. See `http.Transport`'s
-	// `ExpectContinueTimeout` for information on adjusting the continue wait
-	// timeout. https://golang.org/pkg/net/http/#Transport
-	//
-	// You should use this flag to disable 100-Continue if you experience issues
-	// with proxies or third party S3 compatible services.
-	S3Disable100Continue *bool
-
-	// Set this to `true` to enable S3 Accelerate feature. For all operations
-	// compatible with S3 Accelerate will use the accelerate endpoint for
-	// requests. Requests not compatible will fall back to normal S3 requests.
-	//
-	// The bucket must be enable for accelerate to be used with S3 client with
-	// accelerate enabled. If the bucket is not enabled for accelerate an error
-	// will be returned. The bucket name must be DNS compatible to also work
-	// with accelerate.
-	S3UseAccelerate *bool
-
-	// S3DisableContentMD5Validation config option is temporarily disabled,
-	// For S3 GetObject API calls, #1837.
-	//
-	// Set this to `true` to disable the S3 service client from automatically
-	// adding the ContentMD5 to S3 Object Put and Upload API calls. This option
-	// will also disable the SDK from performing object ContentMD5 validation
-	// on GetObject API calls.
-	S3DisableContentMD5Validation *bool
-
-	// Set this to `true` to have the S3 service client to use the region specified
-	// in the ARN, when an ARN is provided as an argument to a bucket parameter.
-	S3UseARNRegion *bool
-
-	// Set this to `true` to enable the SDK to unmarshal API response header maps to
-	// normalized lower case map keys.
-	//
-	// For example S3's X-Amz-Meta prefixed header will be unmarshaled to lower case
-	// Metadata member's map keys. The value of the header in the map is unaffected.
-	//
-	// The AWS SDK for Go v2, uses lower case header maps by default. The v1
-	// SDK provides this opt-in for this option, for backwards compatibility.
-	LowerCaseHeaderMaps *bool
-
-	// Set this to `true` to disable the EC2Metadata client from overriding the
-	// default http.Client's Timeout. This is helpful if you do not want the
-	// EC2Metadata client to create a new http.Client. This options is only
-	// meaningful if you're not already using a custom HTTP client with the
-	// SDK. Enabled by default.
-	//
-	// Must be set and provided to the session.NewSession() in order to disable
-	// the EC2Metadata overriding the timeout for default credentials chain.
-	//
-	// Example:
-	//    sess := session.Must(session.NewSession(aws.NewConfig()
-	//       .WithEC2MetadataDisableTimeoutOverride(true)))
-	//
-	//    svc := s3.New(sess)
-	//
-	EC2MetadataDisableTimeoutOverride *bool
-
-	// Set this to `false` to disable EC2Metadata client from falling back to IMDSv1.
-	// By default, EC2 role credentials will fall back to IMDSv1 as needed for backwards compatibility.
-	// You can disable this behavior by explicitly setting this flag to `false`. When false, the EC2Metadata
-	// client will return any errors encountered from attempting to fetch a token instead of silently
-	// using the insecure data flow of IMDSv1.
-	//
-	// Example:
-	//    sess := session.Must(session.NewSession(aws.NewConfig()
-	//       .WithEC2MetadataEnableFallback(false)))
-	//
-	//    svc := s3.New(sess)
-	//
-	// See [configuring IMDS] for more information.
-	//
-	// [configuring IMDS]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html
-	EC2MetadataEnableFallback *bool
-
-	// Instructs the endpoint to be generated for a service client to
-	// be the dual stack endpoint. The dual stack endpoint will support
-	// both IPv4 and IPv6 addressing.
-	//
-	// Setting this for a service which does not support dual stack will fail
-	// to make requests. It is not recommended to set this value on the session
-	// as it will apply to all service clients created with the session. Even
-	// services which don't support dual stack endpoints.
-	//
-	// If the Endpoint config value is also provided the UseDualStack flag
-	// will be ignored.
-	//
-	// Only supported with.
-	//
-	//     sess := session.Must(session.NewSession())
-	//
-	//     svc := s3.New(sess, &aws.Config{
-	//         UseDualStack: aws.Bool(true),
-	//     })
-	//
-	// Deprecated: This option will continue to function for S3 and S3 Control for backwards compatibility.
-	// UseDualStackEndpoint should be used to enable usage of a service's dual-stack endpoint for all service clients
-	// moving forward. For S3 and S3 Control, when UseDualStackEndpoint is set to a non-zero value it takes higher
-	// precedence then this option.
-	UseDualStack *bool
-
-	// Sets the resolver to resolve a dual-stack endpoint for the service.
-	UseDualStackEndpoint endpoints.DualStackEndpointState
-
-	// UseFIPSEndpoint specifies the resolver must resolve a FIPS endpoint.
-	UseFIPSEndpoint endpoints.FIPSEndpointState
-
-	// SleepDelay is an override for the func the SDK will call when sleeping
-	// during the lifecycle of a request. Specifically this will be used for
-	// request delays. This value should only be used for testing. To adjust
-	// the delay of a request see the aws/client.DefaultRetryer and
-	// aws/request.Retryer.
-	//
-	// SleepDelay will prevent any Context from being used for canceling retry
-	// delay of an API operation. It is recommended to not use SleepDelay at all
-	// and specify a Retryer instead.
-	SleepDelay func(time.Duration)
-
-	// DisableRestProtocolURICleaning will not clean the URL path when making rest protocol requests.
-	// Will default to false. This would only be used for empty directory names in s3 requests.
-	//
-	// Example:
-	//    sess := session.Must(session.NewSession(&aws.Config{
-	//         DisableRestProtocolURICleaning: aws.Bool(true),
-	//    }))
-	//
-	//    svc := s3.New(sess)
-	//    out, err := svc.GetObject(&s3.GetObjectInput {
-	//    	Bucket: aws.String("bucketname"),
-	//    	Key: aws.String("//foo//bar//moo"),
-	//    })
-	DisableRestProtocolURICleaning *bool
-
-	// EnableEndpointDiscovery will allow for endpoint discovery on operations that
-	// have the definition in its model. By default, endpoint discovery is off.
-	// To use EndpointDiscovery, Endpoint should be unset or set to an empty string.
-	//
-	// Example:
-	//    sess := session.Must(session.NewSession(&aws.Config{
-	//         EnableEndpointDiscovery: aws.Bool(true),
-	//    }))
-	//
-	//    svc := s3.New(sess)
-	//    out, err := svc.GetObject(&s3.GetObjectInput {
-	//    	Bucket: aws.String("bucketname"),
-	//    	Key: aws.String("/foo/bar/moo"),
-	//    })
-	EnableEndpointDiscovery *bool
-
-	// DisableEndpointHostPrefix will disable the SDK's behavior of prefixing
-	// request endpoint hosts with modeled information.
-	//
-	// Disabling this feature is useful when you want to use local endpoints
-	// for testing that do not support the modeled host prefix pattern.
-	DisableEndpointHostPrefix *bool
-
-	// STSRegionalEndpoint will enable regional or legacy endpoint resolving
-	STSRegionalEndpoint endpoints.STSRegionalEndpoint
-
-	// S3UsEast1RegionalEndpoint will enable regional or legacy endpoint resolving
-	S3UsEast1RegionalEndpoint endpoints.S3UsEast1RegionalEndpoint
-}
-
-// NewConfig returns a new Config pointer that can be chained with builder
-// methods to set multiple configuration values inline without using pointers.
-//
-//	// Create Session with MaxRetries configuration to be shared by multiple
-//	// service clients.
-//	sess := session.Must(session.NewSession(aws.NewConfig().
-//	    WithMaxRetries(3),
-//	))
-//
-//	// Create S3 service client with a specific Region.
-//	svc := s3.New(sess, aws.NewConfig().
-//	    WithRegion("us-west-2"),
-//	)
-func NewConfig() *Config {
-	return &Config{}
-}
-
-// WithCredentialsChainVerboseErrors sets a config verbose errors boolean and returning
-// a Config pointer.
-func (c *Config) WithCredentialsChainVerboseErrors(verboseErrs bool) *Config {
-	c.CredentialsChainVerboseErrors = &verboseErrs
-	return c
-}
-
-// WithCredentials sets a config Credentials value returning a Config pointer
-// for chaining.
-func (c *Config) WithCredentials(creds *credentials.Credentials) *Config {
-	c.Credentials = creds
-	return c
-}
-
-// WithEndpoint sets a config Endpoint value returning a Config pointer for
-// chaining.
-func (c *Config) WithEndpoint(endpoint string) *Config {
-	c.Endpoint = &endpoint
-	return c
-}
-
-// WithEndpointResolver sets a config EndpointResolver value returning a
-// Config pointer for chaining.
-func (c *Config) WithEndpointResolver(resolver endpoints.Resolver) *Config {
-	c.EndpointResolver = resolver
-	return c
-}
-
-// WithRegion sets a config Region value returning a Config pointer for
-// chaining.
-func (c *Config) WithRegion(region string) *Config {
-	c.Region = &region
-	return c
-}
-
-// WithDisableSSL sets a config DisableSSL value returning a Config pointer
-// for chaining.
-func (c *Config) WithDisableSSL(disable bool) *Config {
-	c.DisableSSL = &disable
-	return c
-}
-
-// WithHTTPClient sets a config HTTPClient value returning a Config pointer
-// for chaining.
-func (c *Config) WithHTTPClient(client *http.Client) *Config {
-	c.HTTPClient = client
-	return c
-}
-
-// WithMaxRetries sets a config MaxRetries value returning a Config pointer
-// for chaining.
-func (c *Config) WithMaxRetries(max int) *Config {
-	c.MaxRetries = &max
-	return c
-}
-
-// WithDisableParamValidation sets a config DisableParamValidation value
-// returning a Config pointer for chaining.
-func (c *Config) WithDisableParamValidation(disable bool) *Config {
-	c.DisableParamValidation = &disable
-	return c
-}
-
-// WithDisableComputeChecksums sets a config DisableComputeChecksums value
-// returning a Config pointer for chaining.
-func (c *Config) WithDisableComputeChecksums(disable bool) *Config {
-	c.DisableComputeChecksums = &disable
-	return c
-}
-
-// WithLogLevel sets a config LogLevel value returning a Config pointer for
-// chaining.
-func (c *Config) WithLogLevel(level LogLevelType) *Config {
-	c.LogLevel = &level
-	return c
-}
-
-// WithLogger sets a config Logger value returning a Config pointer for
-// chaining.
-func (c *Config) WithLogger(logger Logger) *Config {
-	c.Logger = logger
-	return c
-}
-
-// WithS3ForcePathStyle sets a config S3ForcePathStyle value returning a Config
-// pointer for chaining.
-func (c *Config) WithS3ForcePathStyle(force bool) *Config {
-	c.S3ForcePathStyle = &force
-	return c
-}
-
-// WithS3Disable100Continue sets a config S3Disable100Continue value returning
-// a Config pointer for chaining.
-func (c *Config) WithS3Disable100Continue(disable bool) *Config {
-	c.S3Disable100Continue = &disable
-	return c
-}
-
-// WithS3UseAccelerate sets a config S3UseAccelerate value returning a Config
-// pointer for chaining.
-func (c *Config) WithS3UseAccelerate(enable bool) *Config {
-	c.S3UseAccelerate = &enable
-	return c
-
-}
-
-// WithS3DisableContentMD5Validation sets a config
-// S3DisableContentMD5Validation value returning a Config pointer for chaining.
-func (c *Config) WithS3DisableContentMD5Validation(enable bool) *Config {
-	c.S3DisableContentMD5Validation = &enable
-	return c
-
-}
-
-// WithS3UseARNRegion sets a config S3UseARNRegion value and
-// returning a Config pointer for chaining
-func (c *Config) WithS3UseARNRegion(enable bool) *Config {
-	c.S3UseARNRegion = &enable
-	return c
-}
-
-// WithUseDualStack sets a config UseDualStack value returning a Config
-// pointer for chaining.
-func (c *Config) WithUseDualStack(enable bool) *Config {
-	c.UseDualStack = &enable
-	return c
-}
-
-// WithEC2MetadataDisableTimeoutOverride sets a config EC2MetadataDisableTimeoutOverride value
-// returning a Config pointer for chaining.
-func (c *Config) WithEC2MetadataDisableTimeoutOverride(enable bool) *Config {
-	c.EC2MetadataDisableTimeoutOverride = &enable
-	return c
-}
-
-// WithEC2MetadataEnableFallback sets a config EC2MetadataEnableFallback value
-// returning a Config pointer for chaining.
-func (c *Config) WithEC2MetadataEnableFallback(v bool) *Config {
-	c.EC2MetadataEnableFallback = &v
-	return c
-}
-
-// WithSleepDelay overrides the function used to sleep while waiting for the
-// next retry. Defaults to time.Sleep.
-func (c *Config) WithSleepDelay(fn func(time.Duration)) *Config {
-	c.SleepDelay = fn
-	return c
-}
-
-// WithEndpointDiscovery will set whether or not to use endpoint discovery.
-func (c *Config) WithEndpointDiscovery(t bool) *Config {
-	c.EnableEndpointDiscovery = &t
-	return c
-}
-
-// WithDisableEndpointHostPrefix will set whether or not to use modeled host prefix
-// when making requests.
-func (c *Config) WithDisableEndpointHostPrefix(t bool) *Config {
-	c.DisableEndpointHostPrefix = &t
-	return c
-}
-
-// WithSTSRegionalEndpoint will set whether or not to use regional endpoint flag
-// when resolving the endpoint for a service
-func (c *Config) WithSTSRegionalEndpoint(sre endpoints.STSRegionalEndpoint) *Config {
-	c.STSRegionalEndpoint = sre
-	return c
-}
-
-// WithS3UsEast1RegionalEndpoint will set whether or not to use regional endpoint flag
-// when resolving the endpoint for a service
-func (c *Config) WithS3UsEast1RegionalEndpoint(sre endpoints.S3UsEast1RegionalEndpoint) *Config {
-	c.S3UsEast1RegionalEndpoint = sre
-	return c
-}
-
-// WithLowerCaseHeaderMaps sets a config LowerCaseHeaderMaps value
-// returning a Config pointer for chaining.
-func (c *Config) WithLowerCaseHeaderMaps(t bool) *Config {
-	c.LowerCaseHeaderMaps = &t
-	return c
-}
-
-// WithDisableRestProtocolURICleaning sets a config DisableRestProtocolURICleaning value
-// returning a Config pointer for chaining.
-func (c *Config) WithDisableRestProtocolURICleaning(t bool) *Config {
-	c.DisableRestProtocolURICleaning = &t
-	return c
-}
-
-// MergeIn merges the passed in configs into the existing config object.
-func (c *Config) MergeIn(cfgs ...*Config) {
-	for _, other := range cfgs {
-		mergeInConfig(c, other)
-	}
-}
-
-func mergeInConfig(dst *Config, other *Config) {
-	if other == nil {
-		return
-	}
-
-	if other.CredentialsChainVerboseErrors != nil {
-		dst.CredentialsChainVerboseErrors = other.CredentialsChainVerboseErrors
-	}
-
-	if other.Credentials != nil {
-		dst.Credentials = other.Credentials
-	}
-
-	if other.Endpoint != nil {
-		dst.Endpoint = other.Endpoint
-	}
-
-	if other.EndpointResolver != nil {
-		dst.EndpointResolver = other.EndpointResolver
-	}
-
-	if other.Region != nil {
-		dst.Region = other.Region
-	}
-
-	if other.DisableSSL != nil {
-		dst.DisableSSL = other.DisableSSL
-	}
-
-	if other.HTTPClient != nil {
-		dst.HTTPClient = other.HTTPClient
-	}
-
-	if other.LogLevel != nil {
-		dst.LogLevel = other.LogLevel
-	}
-
-	if other.Logger != nil {
-		dst.Logger = other.Logger
-	}
-
-	if other.MaxRetries != nil {
-		dst.MaxRetries = other.MaxRetries
-	}
-
-	if other.Retryer != nil {
-		dst.Retryer = other.Retryer
-	}
-
-	if other.DisableParamValidation != nil {
-		dst.DisableParamValidation = other.DisableParamValidation
-	}
-
-	if other.DisableComputeChecksums != nil {
-		dst.DisableComputeChecksums = other.DisableComputeChecksums
-	}
-
-	if other.S3ForcePathStyle != nil {
-		dst.S3ForcePathStyle = other.S3ForcePathStyle
-	}
-
-	if other.S3Disable100Continue != nil {
-		dst.S3Disable100Continue = other.S3Disable100Continue
-	}
-
-	if other.S3UseAccelerate != nil {
-		dst.S3UseAccelerate = other.S3UseAccelerate
-	}
-
-	if other.S3DisableContentMD5Validation != nil {
-		dst.S3DisableContentMD5Validation = other.S3DisableContentMD5Validation
-	}
-
-	if other.S3UseARNRegion != nil {
-		dst.S3UseARNRegion = other.S3UseARNRegion
-	}
-
-	if other.UseDualStack != nil {
-		dst.UseDualStack = other.UseDualStack
-	}
-
-	if other.UseDualStackEndpoint != endpoints.DualStackEndpointStateUnset {
-		dst.UseDualStackEndpoint = other.UseDualStackEndpoint
-	}
-
-	if other.EC2MetadataDisableTimeoutOverride != nil {
-		dst.EC2MetadataDisableTimeoutOverride = other.EC2MetadataDisableTimeoutOverride
-	}
-
-	if other.EC2MetadataEnableFallback != nil {
-		dst.EC2MetadataEnableFallback = other.EC2MetadataEnableFallback
-	}
-
-	if other.SleepDelay != nil {
-		dst.SleepDelay = other.SleepDelay
-	}
-
-	if other.DisableRestProtocolURICleaning != nil {
-		dst.DisableRestProtocolURICleaning = other.DisableRestProtocolURICleaning
-	}
-
-	if other.EnforceShouldRetryCheck != nil {
-		dst.EnforceShouldRetryCheck = other.EnforceShouldRetryCheck
-	}
-
-	if other.EnableEndpointDiscovery != nil {
-		dst.EnableEndpointDiscovery = other.EnableEndpointDiscovery
-	}
-
-	if other.DisableEndpointHostPrefix != nil {
-		dst.DisableEndpointHostPrefix = other.DisableEndpointHostPrefix
-	}
-
-	if other.STSRegionalEndpoint != endpoints.UnsetSTSEndpoint {
-		dst.STSRegionalEndpoint = other.STSRegionalEndpoint
-	}
-
-	if other.S3UsEast1RegionalEndpoint != endpoints.UnsetS3UsEast1Endpoint {
-		dst.S3UsEast1RegionalEndpoint = other.S3UsEast1RegionalEndpoint
-	}
-
-	if other.LowerCaseHeaderMaps != nil {
-		dst.LowerCaseHeaderMaps = other.LowerCaseHeaderMaps
-	}
-
-	if other.UseDualStackEndpoint != endpoints.DualStackEndpointStateUnset {
-		dst.UseDualStackEndpoint = other.UseDualStackEndpoint
-	}
-
-	if other.UseFIPSEndpoint != endpoints.FIPSEndpointStateUnset {
-		dst.UseFIPSEndpoint = other.UseFIPSEndpoint
-	}
-}
-
-// Copy will return a shallow copy of the Config object. If any additional
-// configurations are provided they will be merged into the new config returned.
-func (c *Config) Copy(cfgs ...*Config) *Config {
-	dst := &Config{}
-	dst.MergeIn(c)
-
-	for _, cfg := range cfgs {
-		dst.MergeIn(cfg)
-	}
-
-	return dst
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/context_1_5.go b/vendor/github.com/aws/aws-sdk-go/aws/context_1_5.go
deleted file mode 100644
index 89aad2c67..000000000
--- a/vendor/github.com/aws/aws-sdk-go/aws/context_1_5.go
+++ /dev/null
@@ -1,38 +0,0 @@
-//go:build !go1.9
-// +build !go1.9
-
-package aws
-
-import "time"
-
-// Context is an copy of the Go v1.7 stdlib's context.Context interface.
-// It is represented as a SDK interface to enable you to use the "WithContext"
-// API methods with Go v1.6 and a Context type such as golang.org/x/net/context.
-//
-// See https://golang.org/pkg/context on how to use contexts.
-type Context interface {
-	// Deadline returns the time when work done on behalf of this context
-	// should be canceled. Deadline returns ok==false when no deadline is
-	// set. Successive calls to Deadline return the same results.
-	Deadline() (deadline time.Time, ok bool)
-
-	// Done returns a channel that's closed when work done on behalf of this
-	// context should be canceled. Done may return nil if this context can
-	// never be canceled. Successive calls to Done return the same value.
-	Done() <-chan struct{}
-
-	// Err returns a non-nil error value after Done is closed. Err returns
-	// Canceled if the context was canceled or DeadlineExceeded if the
-	// context's deadline passed. No other values for Err are defined.
-	// After Done is closed, successive calls to Err return the same value.
-	Err() error
-
-	// Value returns the value associated with this context for key, or nil
-	// if no value is associated with key. Successive calls to Value with
-	// the same key returns the same result.
-	//
-	// Use context values only for request-scoped data that transits
-	// processes and API boundaries, not for passing optional parameters to
-	// functions.
-	Value(key interface{}) interface{}
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/context_1_9.go b/vendor/github.com/aws/aws-sdk-go/aws/context_1_9.go
deleted file mode 100644
index 6ee9ddd18..000000000
--- a/vendor/github.com/aws/aws-sdk-go/aws/context_1_9.go
+++ /dev/null
@@ -1,12 +0,0 @@
-//go:build go1.9
-// +build go1.9
-
-package aws
-
-import "context"
-
-// Context is an alias of the Go stdlib's context.Context interface.
-// It can be used within the SDK's API operation "WithContext" methods.
-//
-// See https://golang.org/pkg/context on how to use contexts.
-type Context = context.Context
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/context_background_1_5.go b/vendor/github.com/aws/aws-sdk-go/aws/context_background_1_5.go
deleted file mode 100644
index 313218190..000000000
--- a/vendor/github.com/aws/aws-sdk-go/aws/context_background_1_5.go
+++ /dev/null
@@ -1,23 +0,0 @@
-//go:build !go1.7
-// +build !go1.7
-
-package aws
-
-import (
-	"github.com/aws/aws-sdk-go/internal/context"
-)
-
-// BackgroundContext returns a context that will never be canceled, has no
-// values, and no deadline. This context is used by the SDK to provide
-// backwards compatibility with non-context API operations and functionality.
-//
-// Go 1.6 and before:
-// This context function is equivalent to context.Background in the Go stdlib.
-//
-// Go 1.7 and later:
-// The context returned will be the value returned by context.Background()
-//
-// See https://golang.org/pkg/context for more information on Contexts.
-func BackgroundContext() Context {
-	return context.BackgroundCtx
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/context_background_1_7.go b/vendor/github.com/aws/aws-sdk-go/aws/context_background_1_7.go
deleted file mode 100644
index 9975d561b..000000000
--- a/vendor/github.com/aws/aws-sdk-go/aws/context_background_1_7.go
+++ /dev/null
@@ -1,21 +0,0 @@
-//go:build go1.7
-// +build go1.7
-
-package aws
-
-import "context"
-
-// BackgroundContext returns a context that will never be canceled, has no
-// values, and no deadline. This context is used by the SDK to provide
-// backwards compatibility with non-context API operations and functionality.
-//
-// Go 1.6 and before:
-// This context function is equivalent to context.Background in the Go stdlib.
-//
-// Go 1.7 and later:
-// The context returned will be the value returned by context.Background()
-//
-// See https://golang.org/pkg/context for more information on Contexts.
-func BackgroundContext() Context {
-	return context.Background()
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/context_sleep.go b/vendor/github.com/aws/aws-sdk-go/aws/context_sleep.go
deleted file mode 100644
index 304fd1561..000000000
--- a/vendor/github.com/aws/aws-sdk-go/aws/context_sleep.go
+++ /dev/null
@@ -1,24 +0,0 @@
-package aws
-
-import (
-	"time"
-)
-
-// SleepWithContext will wait for the timer duration to expire, or the context
-// is canceled. Which ever happens first. If the context is canceled the Context's
-// error will be returned.
-//
-// Expects Context to always return a non-nil error if the Done channel is closed.
-func SleepWithContext(ctx Context, dur time.Duration) error {
-	t := time.NewTimer(dur)
-	defer t.Stop()
-
-	select {
-	case <-t.C:
-		break
-	case <-ctx.Done():
-		return ctx.Err()
-	}
-
-	return nil
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/convert_types.go b/vendor/github.com/aws/aws-sdk-go/aws/convert_types.go
deleted file mode 100644
index 4e076c183..000000000
--- a/vendor/github.com/aws/aws-sdk-go/aws/convert_types.go
+++ /dev/null
@@ -1,918 +0,0 @@
-package aws
-
-import "time"
-
-// String returns a pointer to the string value passed in.
-func String(v string) *string {
-	return &v
-}
-
-// StringValue returns the value of the string pointer passed in or
-// "" if the pointer is nil.
-func StringValue(v *string) string {
-	if v != nil {
-		return *v
-	}
-	return ""
-}
-
-// StringSlice converts a slice of string values into a slice of
-// string pointers
-func StringSlice(src []string) []*string {
-	dst := make([]*string, len(src))
-	for i := 0; i < len(src); i++ {
-		dst[i] = &(src[i])
-	}
-	return dst
-}
-
-// StringValueSlice converts a slice of string pointers into a slice of
-// string values
-func StringValueSlice(src []*string) []string {
-	dst := make([]string, len(src))
-	for i := 0; i < len(src); i++ {
-		if src[i] != nil {
-			dst[i] = *(src[i])
-		}
-	}
-	return dst
-}
-
-// StringMap converts a string map of string values into a string
-// map of string pointers
-func StringMap(src map[string]string) map[string]*string {
-	dst := make(map[string]*string)
-	for k, val := range src {
-		v := val
-		dst[k] = &v
-	}
-	return dst
-}
-
-// StringValueMap converts a string map of string pointers into a string
-// map of string values
-func StringValueMap(src map[string]*string) map[string]string {
-	dst := make(map[string]string)
-	for k, val := range src {
-		if val != nil {
-			dst[k] = *val
-		}
-	}
-	return dst
-}
-
-// Bool returns a pointer to the bool value passed in.
-func Bool(v bool) *bool {
-	return &v
-}
-
-// BoolValue returns the value of the bool pointer passed in or
-// false if the pointer is nil.
-func BoolValue(v *bool) bool {
-	if v != nil {
-		return *v
-	}
-	return false
-}
-
-// BoolSlice converts a slice of bool values into a slice of
-// bool pointers
-func BoolSlice(src []bool) []*bool {
-	dst := make([]*bool, len(src))
-	for i := 0; i < len(src); i++ {
-		dst[i] = &(src[i])
-	}
-	return dst
-}
-
-// BoolValueSlice converts a slice of bool pointers into a slice of
-// bool values
-func BoolValueSlice(src []*bool) []bool {
-	dst := make([]bool, len(src))
-	for i := 0; i < len(src); i++ {
-		if src[i] != nil {
-			dst[i] = *(src[i])
-		}
-	}
-	return dst
-}
-
-// BoolMap converts a string map of bool values into a string
-// map of bool pointers
-func BoolMap(src map[string]bool) map[string]*bool {
-	dst := make(map[string]*bool)
-	for k, val := range src {
-		v := val
-		dst[k] = &v
-	}
-	return dst
-}
-
-// BoolValueMap converts a string map of bool pointers into a string
-// map of bool values
-func BoolValueMap(src map[string]*bool) map[string]bool {
-	dst := make(map[string]bool)
-	for k, val := range src {
-		if val != nil {
-			dst[k] = *val
-		}
-	}
-	return dst
-}
-
-// Int returns a pointer to the int value passed in.
-func Int(v int) *int {
-	return &v
-}
-
-// IntValue returns the value of the int pointer passed in or
-// 0 if the pointer is nil.
-func IntValue(v *int) int {
-	if v != nil {
-		return *v
-	}
-	return 0
-}
-
-// IntSlice converts a slice of int values into a slice of
-// int pointers
-func IntSlice(src []int) []*int {
-	dst := make([]*int, len(src))
-	for i := 0; i < len(src); i++ {
-		dst[i] = &(src[i])
-	}
-	return dst
-}
-
-// IntValueSlice converts a slice of int pointers into a slice of
-// int values
-func IntValueSlice(src []*int) []int {
-	dst := make([]int, len(src))
-	for i := 0; i < len(src); i++ {
-		if src[i] != nil {
-			dst[i] = *(src[i])
-		}
-	}
-	return dst
-}
-
-// IntMap converts a string map of int values into a string
-// map of int pointers
-func IntMap(src map[string]int) map[string]*int {
-	dst := make(map[string]*int)
-	for k, val := range src {
-		v := val
-		dst[k] = &v
-	}
-	return dst
-}
-
-// IntValueMap converts a string map of int pointers into a string
-// map of int values
-func IntValueMap(src map[string]*int) map[string]int {
-	dst := make(map[string]int)
-	for k, val := range src {
-		if val != nil {
-			dst[k] = *val
-		}
-	}
-	return dst
-}
-
-// Uint returns a pointer to the uint value passed in.
-func Uint(v uint) *uint {
-	return &v
-}
-
-// UintValue returns the value of the uint pointer passed in or
-// 0 if the pointer is nil.
-func UintValue(v *uint) uint {
-	if v != nil {
-		return *v
-	}
-	return 0
-}
-
-// UintSlice converts a slice of uint values uinto a slice of
-// uint pointers
-func UintSlice(src []uint) []*uint {
-	dst := make([]*uint, len(src))
-	for i := 0; i < len(src); i++ {
-		dst[i] = &(src[i])
-	}
-	return dst
-}
-
-// UintValueSlice converts a slice of uint pointers uinto a slice of
-// uint values
-func UintValueSlice(src []*uint) []uint {
-	dst := make([]uint, len(src))
-	for i := 0; i < len(src); i++ {
-		if src[i] != nil {
-			dst[i] = *(src[i])
-		}
-	}
-	return dst
-}
-
-// UintMap converts a string map of uint values uinto a string
-// map of uint pointers
-func UintMap(src map[string]uint) map[string]*uint {
-	dst := make(map[string]*uint)
-	for k, val := range src {
-		v := val
-		dst[k] = &v
-	}
-	return dst
-}
-
-// UintValueMap converts a string map of uint pointers uinto a string
-// map of uint values
-func UintValueMap(src map[string]*uint) map[string]uint {
-	dst := make(map[string]uint)
-	for k, val := range src {
-		if val != nil {
-			dst[k] = *val
-		}
-	}
-	return dst
-}
-
-// Int8 returns a pointer to the int8 value passed in.
-func Int8(v int8) *int8 {
-	return &v
-}
-
-// Int8Value returns the value of the int8 pointer passed in or
-// 0 if the pointer is nil.
-func Int8Value(v *int8) int8 {
-	if v != nil {
-		return *v
-	}
-	return 0
-}
-
-// Int8Slice converts a slice of int8 values into a slice of
-// int8 pointers
-func Int8Slice(src []int8) []*int8 {
-	dst := make([]*int8, len(src))
-	for i := 0; i < len(src); i++ {
-		dst[i] = &(src[i])
-	}
-	return dst
-}
-
-// Int8ValueSlice converts a slice of int8 pointers into a slice of
-// int8 values
-func Int8ValueSlice(src []*int8) []int8 {
-	dst := make([]int8, len(src))
-	for i := 0; i < len(src); i++ {
-		if src[i] != nil {
-			dst[i] = *(src[i])
-		}
-	}
-	return dst
-}
-
-// Int8Map converts a string map of int8 values into a string
-// map of int8 pointers
-func Int8Map(src map[string]int8) map[string]*int8 {
-	dst := make(map[string]*int8)
-	for k, val := range src {
-		v := val
-		dst[k] = &v
-	}
-	return dst
-}
-
-// Int8ValueMap converts a string map of int8 pointers into a string
-// map of int8 values
-func Int8ValueMap(src map[string]*int8) map[string]int8 {
-	dst := make(map[string]int8)
-	for k, val := range src {
-		if val != nil {
-			dst[k] = *val
-		}
-	}
-	return dst
-}
-
-// Int16 returns a pointer to the int16 value passed in.
-func Int16(v int16) *int16 {
-	return &v
-}
-
-// Int16Value returns the value of the int16 pointer passed in or
-// 0 if the pointer is nil.
-func Int16Value(v *int16) int16 {
-	if v != nil {
-		return *v
-	}
-	return 0
-}
-
-// Int16Slice converts a slice of int16 values into a slice of
-// int16 pointers
-func Int16Slice(src []int16) []*int16 {
-	dst := make([]*int16, len(src))
-	for i := 0; i < len(src); i++ {
-		dst[i] = &(src[i])
-	}
-	return dst
-}
-
-// Int16ValueSlice converts a slice of int16 pointers into a slice of
-// int16 values
-func Int16ValueSlice(src []*int16) []int16 {
-	dst := make([]int16, len(src))
-	for i := 0; i < len(src); i++ {
-		if src[i] != nil {
-			dst[i] = *(src[i])
-		}
-	}
-	return dst
-}
-
-// Int16Map converts a string map of int16 values into a string
-// map of int16 pointers
-func Int16Map(src map[string]int16) map[string]*int16 {
-	dst := make(map[string]*int16)
-	for k, val := range src {
-		v := val
-		dst[k] = &v
-	}
-	return dst
-}
-
-// Int16ValueMap converts a string map of int16 pointers into a string
-// map of int16 values
-func Int16ValueMap(src map[string]*int16) map[string]int16 {
-	dst := make(map[string]int16)
-	for k, val := range src {
-		if val != nil {
-			dst[k] = *val
-		}
-	}
-	return dst
-}
-
-// Int32 returns a pointer to the int32 value passed in.
-func Int32(v int32) *int32 {
-	return &v
-}
-
-// Int32Value returns the value of the int32 pointer passed in or
-// 0 if the pointer is nil.
-func Int32Value(v *int32) int32 {
-	if v != nil {
-		return *v
-	}
-	return 0
-}
-
-// Int32Slice converts a slice of int32 values into a slice of
-// int32 pointers
-func Int32Slice(src []int32) []*int32 {
-	dst := make([]*int32, len(src))
-	for i := 0; i < len(src); i++ {
-		dst[i] = &(src[i])
-	}
-	return dst
-}
-
-// Int32ValueSlice converts a slice of int32 pointers into a slice of
-// int32 values
-func Int32ValueSlice(src []*int32) []int32 {
-	dst := make([]int32, len(src))
-	for i := 0; i < len(src); i++ {
-		if src[i] != nil {
-			dst[i] = *(src[i])
-		}
-	}
-	return dst
-}
-
-// Int32Map converts a string map of int32 values into a string
-// map of int32 pointers
-func Int32Map(src map[string]int32) map[string]*int32 {
-	dst := make(map[string]*int32)
-	for k, val := range src {
-		v := val
-		dst[k] = &v
-	}
-	return dst
-}
-
-// Int32ValueMap converts a string map of int32 pointers into a string
-// map of int32 values
-func Int32ValueMap(src map[string]*int32) map[string]int32 {
-	dst := make(map[string]int32)
-	for k, val := range src {
-		if val != nil {
-			dst[k] = *val
-		}
-	}
-	return dst
-}
-
-// Int64 returns a pointer to the int64 value passed in.
-func Int64(v int64) *int64 {
-	return &v
-}
-
-// Int64Value returns the value of the int64 pointer passed in or
-// 0 if the pointer is nil.
-func Int64Value(v *int64) int64 {
-	if v != nil {
-		return *v
-	}
-	return 0
-}
-
-// Int64Slice converts a slice of int64 values into a slice of
-// int64 pointers
-func Int64Slice(src []int64) []*int64 {
-	dst := make([]*int64, len(src))
-	for i := 0; i < len(src); i++ {
-		dst[i] = &(src[i])
-	}
-	return dst
-}
-
-// Int64ValueSlice converts a slice of int64 pointers into a slice of
-// int64 values
-func Int64ValueSlice(src []*int64) []int64 {
-	dst := make([]int64, len(src))
-	for i := 0; i < len(src); i++ {
-		if src[i] != nil {
-			dst[i] = *(src[i])
-		}
-	}
-	return dst
-}
-
-// Int64Map converts a string map of int64 values into a string
-// map of int64 pointers
-func Int64Map(src map[string]int64) map[string]*int64 {
-	dst := make(map[string]*int64)
-	for k, val := range src {
-		v := val
-		dst[k] = &v
-	}
-	return dst
-}
-
-// Int64ValueMap converts a string map of int64 pointers into a string
-// map of int64 values
-func Int64ValueMap(src map[string]*int64) map[string]int64 {
-	dst := make(map[string]int64)
-	for k, val := range src {
-		if val != nil {
-			dst[k] = *val
-		}
-	}
-	return dst
-}
-
-// Uint8 returns a pointer to the uint8 value passed in.
-func Uint8(v uint8) *uint8 {
-	return &v
-}
-
-// Uint8Value returns the value of the uint8 pointer passed in or
-// 0 if the pointer is nil.
-func Uint8Value(v *uint8) uint8 {
-	if v != nil {
-		return *v
-	}
-	return 0
-}
-
-// Uint8Slice converts a slice of uint8 values into a slice of
-// uint8 pointers
-func Uint8Slice(src []uint8) []*uint8 {
-	dst := make([]*uint8, len(src))
-	for i := 0; i < len(src); i++ {
-		dst[i] = &(src[i])
-	}
-	return dst
-}
-
-// Uint8ValueSlice converts a slice of uint8 pointers into a slice of
-// uint8 values
-func Uint8ValueSlice(src []*uint8) []uint8 {
-	dst := make([]uint8, len(src))
-	for i := 0; i < len(src); i++ {
-		if src[i] != nil {
-			dst[i] = *(src[i])
-		}
-	}
-	return dst
-}
-
-// Uint8Map converts a string map of uint8 values into a string
-// map of uint8 pointers
-func Uint8Map(src map[string]uint8) map[string]*uint8 {
-	dst := make(map[string]*uint8)
-	for k, val := range src {
-		v := val
-		dst[k] = &v
-	}
-	return dst
-}
-
-// Uint8ValueMap converts a string map of uint8 pointers into a string
-// map of uint8 values
-func Uint8ValueMap(src map[string]*uint8) map[string]uint8 {
-	dst := make(map[string]uint8)
-	for k, val := range src {
-		if val != nil {
-			dst[k] = *val
-		}
-	}
-	return dst
-}
-
-// Uint16 returns a pointer to the uint16 value passed in.
-func Uint16(v uint16) *uint16 {
-	return &v
-}
-
-// Uint16Value returns the value of the uint16 pointer passed in or
-// 0 if the pointer is nil.
-func Uint16Value(v *uint16) uint16 {
-	if v != nil {
-		return *v
-	}
-	return 0
-}
-
-// Uint16Slice converts a slice of uint16 values into a slice of
-// uint16 pointers
-func Uint16Slice(src []uint16) []*uint16 {
-	dst := make([]*uint16, len(src))
-	for i := 0; i < len(src); i++ {
-		dst[i] = &(src[i])
-	}
-	return dst
-}
-
-// Uint16ValueSlice converts a slice of uint16 pointers into a slice of
-// uint16 values
-func Uint16ValueSlice(src []*uint16) []uint16 {
-	dst := make([]uint16, len(src))
-	for i := 0; i < len(src); i++ {
-		if src[i] != nil {
-			dst[i] = *(src[i])
-		}
-	}
-	return dst
-}
-
-// Uint16Map converts a string map of uint16 values into a string
-// map of uint16 pointers
-func Uint16Map(src map[string]uint16) map[string]*uint16 {
-	dst := make(map[string]*uint16)
-	for k, val := range src {
-		v := val
-		dst[k] = &v
-	}
-	return dst
-}
-
-// Uint16ValueMap converts a string map of uint16 pointers into a string
-// map of uint16 values
-func Uint16ValueMap(src map[string]*uint16) map[string]uint16 {
-	dst := make(map[string]uint16)
-	for k, val := range src {
-		if val != nil {
-			dst[k] = *val
-		}
-	}
-	return dst
-}
-
-// Uint32 returns a pointer to the uint32 value passed in.
-func Uint32(v uint32) *uint32 {
-	return &v
-}
-
-// Uint32Value returns the value of the uint32 pointer passed in or
-// 0 if the pointer is nil.
-func Uint32Value(v *uint32) uint32 {
-	if v != nil {
-		return *v
-	}
-	return 0
-}
-
-// Uint32Slice converts a slice of uint32 values into a slice of
-// uint32 pointers
-func Uint32Slice(src []uint32) []*uint32 {
-	dst := make([]*uint32, len(src))
-	for i := 0; i < len(src); i++ {
-		dst[i] = &(src[i])
-	}
-	return dst
-}
-
-// Uint32ValueSlice converts a slice of uint32 pointers into a slice of
-// uint32 values
-func Uint32ValueSlice(src []*uint32) []uint32 {
-	dst := make([]uint32, len(src))
-	for i := 0; i < len(src); i++ {
-		if src[i] != nil {
-			dst[i] = *(src[i])
-		}
-	}
-	return dst
-}
-
-// Uint32Map converts a string map of uint32 values into a string
-// map of uint32 pointers
-func Uint32Map(src map[string]uint32) map[string]*uint32 {
-	dst := make(map[string]*uint32)
-	for k, val := range src {
-		v := val
-		dst[k] = &v
-	}
-	return dst
-}
-
-// Uint32ValueMap converts a string map of uint32 pointers into a string
-// map of uint32 values
-func Uint32ValueMap(src map[string]*uint32) map[string]uint32 {
-	dst := make(map[string]uint32)
-	for k, val := range src {
-		if val != nil {
-			dst[k] = *val
-		}
-	}
-	return dst
-}
-
-// Uint64 returns a pointer to the uint64 value passed in.
-func Uint64(v uint64) *uint64 {
-	return &v
-}
-
-// Uint64Value returns the value of the uint64 pointer passed in or
-// 0 if the pointer is nil.
-func Uint64Value(v *uint64) uint64 {
-	if v != nil {
-		return *v
-	}
-	return 0
-}
-
-// Uint64Slice converts a slice of uint64 values into a slice of
-// uint64 pointers
-func Uint64Slice(src []uint64) []*uint64 {
-	dst := make([]*uint64, len(src))
-	for i := 0; i < len(src); i++ {
-		dst[i] = &(src[i])
-	}
-	return dst
-}
-
-// Uint64ValueSlice converts a slice of uint64 pointers into a slice of
-// uint64 values
-func Uint64ValueSlice(src []*uint64) []uint64 {
-	dst := make([]uint64, len(src))
-	for i := 0; i < len(src); i++ {
-		if src[i] != nil {
-			dst[i] = *(src[i])
-		}
-	}
-	return dst
-}
-
-// Uint64Map converts a string map of uint64 values into a string
-// map of uint64 pointers
-func Uint64Map(src map[string]uint64) map[string]*uint64 {
-	dst := make(map[string]*uint64)
-	for k, val := range src {
-		v := val
-		dst[k] = &v
-	}
-	return dst
-}
-
-// Uint64ValueMap converts a string map of uint64 pointers into a string
-// map of uint64 values
-func Uint64ValueMap(src map[string]*uint64) map[string]uint64 {
-	dst := make(map[string]uint64)
-	for k, val := range src {
-		if val != nil {
-			dst[k] = *val
-		}
-	}
-	return dst
-}
-
-// Float32 returns a pointer to the float32 value passed in.
-func Float32(v float32) *float32 {
-	return &v
-}
-
-// Float32Value returns the value of the float32 pointer passed in or
-// 0 if the pointer is nil.
-func Float32Value(v *float32) float32 {
-	if v != nil {
-		return *v
-	}
-	return 0
-}
-
-// Float32Slice converts a slice of float32 values into a slice of
-// float32 pointers
-func Float32Slice(src []float32) []*float32 {
-	dst := make([]*float32, len(src))
-	for i := 0; i < len(src); i++ {
-		dst[i] = &(src[i])
-	}
-	return dst
-}
-
-// Float32ValueSlice converts a slice of float32 pointers into a slice of
-// float32 values
-func Float32ValueSlice(src []*float32) []float32 {
-	dst := make([]float32, len(src))
-	for i := 0; i < len(src); i++ {
-		if src[i] != nil {
-			dst[i] = *(src[i])
-		}
-	}
-	return dst
-}
-
-// Float32Map converts a string map of float32 values into a string
-// map of float32 pointers
-func Float32Map(src map[string]float32) map[string]*float32 {
-	dst := make(map[string]*float32)
-	for k, val := range src {
-		v := val
-		dst[k] = &v
-	}
-	return dst
-}
-
-// Float32ValueMap converts a string map of float32 pointers into a string
-// map of float32 values
-func Float32ValueMap(src map[string]*float32) map[string]float32 {
-	dst := make(map[string]float32)
-	for k, val := range src {
-		if val != nil {
-			dst[k] = *val
-		}
-	}
-	return dst
-}
-
-// Float64 returns a pointer to the float64 value passed in.
-func Float64(v float64) *float64 {
-	return &v
-}
-
-// Float64Value returns the value of the float64 pointer passed in or
-// 0 if the pointer is nil.
-func Float64Value(v *float64) float64 {
-	if v != nil {
-		return *v
-	}
-	return 0
-}
-
-// Float64Slice converts a slice of float64 values into a slice of
-// float64 pointers
-func Float64Slice(src []float64) []*float64 {
-	dst := make([]*float64, len(src))
-	for i := 0; i < len(src); i++ {
-		dst[i] = &(src[i])
-	}
-	return dst
-}
-
-// Float64ValueSlice converts a slice of float64 pointers into a slice of
-// float64 values
-func Float64ValueSlice(src []*float64) []float64 {
-	dst := make([]float64, len(src))
-	for i := 0; i < len(src); i++ {
-		if src[i] != nil {
-			dst[i] = *(src[i])
-		}
-	}
-	return dst
-}
-
-// Float64Map converts a string map of float64 values into a string
-// map of float64 pointers
-func Float64Map(src map[string]float64) map[string]*float64 {
-	dst := make(map[string]*float64)
-	for k, val := range src {
-		v := val
-		dst[k] = &v
-	}
-	return dst
-}
-
-// Float64ValueMap converts a string map of float64 pointers into a string
-// map of float64 values
-func Float64ValueMap(src map[string]*float64) map[string]float64 {
-	dst := make(map[string]float64)
-	for k, val := range src {
-		if val != nil {
-			dst[k] = *val
-		}
-	}
-	return dst
-}
-
-// Time returns a pointer to the time.Time value passed in.
-func Time(v time.Time) *time.Time {
-	return &v
-}
-
-// TimeValue returns the value of the time.Time pointer passed in or
-// time.Time{} if the pointer is nil.
-func TimeValue(v *time.Time) time.Time {
-	if v != nil {
-		return *v
-	}
-	return time.Time{}
-}
-
-// SecondsTimeValue converts an int64 pointer to a time.Time value
-// representing seconds since Epoch or time.Time{} if the pointer is nil.
-func SecondsTimeValue(v *int64) time.Time {
-	if v != nil {
-		return time.Unix((*v / 1000), 0)
-	}
-	return time.Time{}
-}
-
-// MillisecondsTimeValue converts an int64 pointer to a time.Time value
-// representing milliseconds sinch Epoch or time.Time{} if the pointer is nil.
-func MillisecondsTimeValue(v *int64) time.Time {
-	if v != nil {
-		return time.Unix(0, (*v * 1000000))
-	}
-	return time.Time{}
-}
-
-// TimeUnixMilli returns a Unix timestamp in milliseconds from "January 1, 1970 UTC".
-// The result is undefined if the Unix time cannot be represented by an int64.
-// Which includes calling TimeUnixMilli on a zero Time is undefined.
-//
-// This utility is useful for service API's such as CloudWatch Logs which require
-// their unix time values to be in milliseconds.
-//
-// See Go stdlib https://golang.org/pkg/time/#Time.UnixNano for more information.
-func TimeUnixMilli(t time.Time) int64 {
-	return t.UnixNano() / int64(time.Millisecond/time.Nanosecond)
-}
-
-// TimeSlice converts a slice of time.Time values into a slice of
-// time.Time pointers
-func TimeSlice(src []time.Time) []*time.Time {
-	dst := make([]*time.Time, len(src))
-	for i := 0; i < len(src); i++ {
-		dst[i] = &(src[i])
-	}
-	return dst
-}
-
-// TimeValueSlice converts a slice of time.Time pointers into a slice of
-// time.Time values
-func TimeValueSlice(src []*time.Time) []time.Time {
-	dst := make([]time.Time, len(src))
-	for i := 0; i < len(src); i++ {
-		if src[i] != nil {
-			dst[i] = *(src[i])
-		}
-	}
-	return dst
-}
-
-// TimeMap converts a string map of time.Time values into a string
-// map of time.Time pointers
-func TimeMap(src map[string]time.Time) map[string]*time.Time {
-	dst := make(map[string]*time.Time)
-	for k, val := range src {
-		v := val
-		dst[k] = &v
-	}
-	return dst
-}
-
-// TimeValueMap converts a string map of time.Time pointers into a string
-// map of time.Time values
-func TimeValueMap(src map[string]*time.Time) map[string]time.Time {
-	dst := make(map[string]time.Time)
-	for k, val := range src {
-		if val != nil {
-			dst[k] = *val
-		}
-	}
-	return dst
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/corehandlers/handlers.go b/vendor/github.com/aws/aws-sdk-go/aws/corehandlers/handlers.go
deleted file mode 100644
index 36a915efe..000000000
--- a/vendor/github.com/aws/aws-sdk-go/aws/corehandlers/handlers.go
+++ /dev/null
@@ -1,232 +0,0 @@
-package corehandlers
-
-import (
-	"bytes"
-	"fmt"
-	"io/ioutil"
-	"net/http"
-	"net/url"
-	"regexp"
-	"strconv"
-	"time"
-
-	"github.com/aws/aws-sdk-go/aws"
-	"github.com/aws/aws-sdk-go/aws/awserr"
-	"github.com/aws/aws-sdk-go/aws/credentials"
-	"github.com/aws/aws-sdk-go/aws/request"
-)
-
-// Interface for matching types which also have a Len method.
-type lener interface {
-	Len() int
-}
-
-// BuildContentLengthHandler builds the content length of a request based on the body,
-// or will use the HTTPRequest.Header's "Content-Length" if defined. If unable
-// to determine request body length and no "Content-Length" was specified it will panic.
-//
-// The Content-Length will only be added to the request if the length of the body
-// is greater than 0. If the body is empty or the current `Content-Length`
-// header is <= 0, the header will also be stripped.
-var BuildContentLengthHandler = request.NamedHandler{Name: "core.BuildContentLengthHandler", Fn: func(r *request.Request) {
-	var length int64
-
-	if slength := r.HTTPRequest.Header.Get("Content-Length"); slength != "" {
-		length, _ = strconv.ParseInt(slength, 10, 64)
-	} else {
-		if r.Body != nil {
-			var err error
-			length, err = aws.SeekerLen(r.Body)
-			if err != nil {
-				r.Error = awserr.New(request.ErrCodeSerialization, "failed to get request body's length", err)
-				return
-			}
-		}
-	}
-
-	if length > 0 {
-		r.HTTPRequest.ContentLength = length
-		r.HTTPRequest.Header.Set("Content-Length", fmt.Sprintf("%d", length))
-	} else {
-		r.HTTPRequest.ContentLength = 0
-		r.HTTPRequest.Header.Del("Content-Length")
-	}
-}}
-
-var reStatusCode = regexp.MustCompile(`^(\d{3})`)
-
-// ValidateReqSigHandler is a request handler to ensure that the request's
-// signature doesn't expire before it is sent. This can happen when a request
-// is built and signed significantly before it is sent. Or significant delays
-// occur when retrying requests that would cause the signature to expire.
-var ValidateReqSigHandler = request.NamedHandler{
-	Name: "core.ValidateReqSigHandler",
-	Fn: func(r *request.Request) {
-		// Unsigned requests are not signed
-		if r.Config.Credentials == credentials.AnonymousCredentials {
-			return
-		}
-
-		signedTime := r.Time
-		if !r.LastSignedAt.IsZero() {
-			signedTime = r.LastSignedAt
-		}
-
-		// 5 minutes to allow for some clock skew/delays in transmission.
-		// Would be improved with aws/aws-sdk-go#423
-		if signedTime.Add(5 * time.Minute).After(time.Now()) {
-			return
-		}
-
-		fmt.Println("request expired, resigning")
-		r.Sign()
-	},
-}
-
-// SendHandler is a request handler to send service request using HTTP client.
-var SendHandler = request.NamedHandler{
-	Name: "core.SendHandler",
-	Fn: func(r *request.Request) {
-		sender := sendFollowRedirects
-		if r.DisableFollowRedirects {
-			sender = sendWithoutFollowRedirects
-		}
-
-		if request.NoBody == r.HTTPRequest.Body {
-			// Strip off the request body if the NoBody reader was used as a
-			// place holder for a request body. This prevents the SDK from
-			// making requests with a request body when it would be invalid
-			// to do so.
-			//
-			// Use a shallow copy of the http.Request to ensure the race condition
-			// of transport on Body will not trigger
-			reqOrig, reqCopy := r.HTTPRequest, *r.HTTPRequest
-			reqCopy.Body = nil
-			r.HTTPRequest = &reqCopy
-			defer func() {
-				r.HTTPRequest = reqOrig
-			}()
-		}
-
-		var err error
-		r.HTTPResponse, err = sender(r)
-		if err != nil {
-			handleSendError(r, err)
-		}
-	},
-}
-
-func sendFollowRedirects(r *request.Request) (*http.Response, error) {
-	return r.Config.HTTPClient.Do(r.HTTPRequest)
-}
-
-func sendWithoutFollowRedirects(r *request.Request) (*http.Response, error) {
-	transport := r.Config.HTTPClient.Transport
-	if transport == nil {
-		transport = http.DefaultTransport
-	}
-
-	return transport.RoundTrip(r.HTTPRequest)
-}
-
-func handleSendError(r *request.Request, err error) {
-	// Prevent leaking if an HTTPResponse was returned. Clean up
-	// the body.
-	if r.HTTPResponse != nil {
-		r.HTTPResponse.Body.Close()
-	}
-	// Capture the case where url.Error is returned for error processing
-	// response. e.g. 301 without location header comes back as string
-	// error and r.HTTPResponse is nil. Other URL redirect errors will
-	// comeback in a similar method.
-	if e, ok := err.(*url.Error); ok && e.Err != nil {
-		if s := reStatusCode.FindStringSubmatch(e.Err.Error()); s != nil {
-			code, _ := strconv.ParseInt(s[1], 10, 64)
-			r.HTTPResponse = &http.Response{
-				StatusCode: int(code),
-				Status:     http.StatusText(int(code)),
-				Body:       ioutil.NopCloser(bytes.NewReader([]byte{})),
-			}
-			return
-		}
-	}
-	if r.HTTPResponse == nil {
-		// Add a dummy request response object to ensure the HTTPResponse
-		// value is consistent.
-		r.HTTPResponse = &http.Response{
-			StatusCode: int(0),
-			Status:     http.StatusText(int(0)),
-			Body:       ioutil.NopCloser(bytes.NewReader([]byte{})),
-		}
-	}
-	// Catch all request errors, and let the default retrier determine
-	// if the error is retryable.
-	r.Error = awserr.New(request.ErrCodeRequestError, "send request failed", err)
-
-	// Override the error with a context canceled error, if that was canceled.
-	ctx := r.Context()
-	select {
-	case <-ctx.Done():
-		r.Error = awserr.New(request.CanceledErrorCode,
-			"request context canceled", ctx.Err())
-		r.Retryable = aws.Bool(false)
-	default:
-	}
-}
-
-// ValidateResponseHandler is a request handler to validate service response.
-var ValidateResponseHandler = request.NamedHandler{Name: "core.ValidateResponseHandler", Fn: func(r *request.Request) {
-	if r.HTTPResponse.StatusCode == 0 || r.HTTPResponse.StatusCode >= 300 {
-		// this may be replaced by an UnmarshalError handler
-		r.Error = awserr.New("UnknownError", "unknown error", r.Error)
-	}
-}}
-
-// AfterRetryHandler performs final checks to determine if the request should
-// be retried and how long to delay.
-var AfterRetryHandler = request.NamedHandler{
-	Name: "core.AfterRetryHandler",
-	Fn: func(r *request.Request) {
-		// If one of the other handlers already set the retry state
-		// we don't want to override it based on the service's state
-		if r.Retryable == nil || aws.BoolValue(r.Config.EnforceShouldRetryCheck) {
-			r.Retryable = aws.Bool(r.ShouldRetry(r))
-		}
-
-		if r.WillRetry() {
-			r.RetryDelay = r.RetryRules(r)
-
-			if sleepFn := r.Config.SleepDelay; sleepFn != nil {
-				// Support SleepDelay for backwards compatibility and testing
-				sleepFn(r.RetryDelay)
-			} else if err := aws.SleepWithContext(r.Context(), r.RetryDelay); err != nil {
-				r.Error = awserr.New(request.CanceledErrorCode,
-					"request context canceled", err)
-				r.Retryable = aws.Bool(false)
-				return
-			}
-
-			// when the expired token exception occurs the credentials
-			// need to be expired locally so that the next request to
-			// get credentials will trigger a credentials refresh.
-			if r.IsErrorExpired() {
-				r.Config.Credentials.Expire()
-			}
-
-			r.RetryCount++
-			r.Error = nil
-		}
-	}}
-
-// ValidateEndpointHandler is a request handler to validate a request had the
-// appropriate Region and Endpoint set. Will set r.Error if the endpoint or
-// region is not valid.
-var ValidateEndpointHandler = request.NamedHandler{Name: "core.ValidateEndpointHandler", Fn: func(r *request.Request) {
-	if r.ClientInfo.SigningRegion == "" && aws.StringValue(r.Config.Region) == "" {
-		r.Error = aws.ErrMissingRegion
-	} else if r.ClientInfo.Endpoint == "" {
-		// Was any endpoint provided by the user, or one was derived by the
-		// SDK's endpoint resolver?
-		r.Error = aws.ErrMissingEndpoint
-	}
-}}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/corehandlers/param_validator.go b/vendor/github.com/aws/aws-sdk-go/aws/corehandlers/param_validator.go
deleted file mode 100644
index 7d50b1557..000000000
--- a/vendor/github.com/aws/aws-sdk-go/aws/corehandlers/param_validator.go
+++ /dev/null
@@ -1,17 +0,0 @@
-package corehandlers
-
-import "github.com/aws/aws-sdk-go/aws/request"
-
-// ValidateParametersHandler is a request handler to validate the input parameters.
-// Validating parameters only has meaning if done prior to the request being sent.
-var ValidateParametersHandler = request.NamedHandler{Name: "core.ValidateParametersHandler", Fn: func(r *request.Request) {
-	if !r.ParamsFilled() {
-		return
-	}
-
-	if v, ok := r.Params.(request.Validator); ok {
-		if err := v.Validate(); err != nil {
-			r.Error = err
-		}
-	}
-}}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/corehandlers/user_agent.go b/vendor/github.com/aws/aws-sdk-go/aws/corehandlers/user_agent.go
deleted file mode 100644
index ab69c7a6f..000000000
--- a/vendor/github.com/aws/aws-sdk-go/aws/corehandlers/user_agent.go
+++ /dev/null
@@ -1,37 +0,0 @@
-package corehandlers
-
-import (
-	"os"
-	"runtime"
-
-	"github.com/aws/aws-sdk-go/aws"
-	"github.com/aws/aws-sdk-go/aws/request"
-)
-
-// SDKVersionUserAgentHandler is a request handler for adding the SDK Version
-// to the user agent.
-var SDKVersionUserAgentHandler = request.NamedHandler{
-	Name: "core.SDKVersionUserAgentHandler",
-	Fn: request.MakeAddToUserAgentHandler(aws.SDKName, aws.SDKVersion,
-		runtime.Version(), runtime.GOOS, runtime.GOARCH),
-}
-
-const execEnvVar = `AWS_EXECUTION_ENV`
-const execEnvUAKey = `exec-env`
-
-// AddHostExecEnvUserAgentHander is a request handler appending the SDK's
-// execution environment to the user agent.
-//
-// If the environment variable AWS_EXECUTION_ENV is set, its value will be
-// appended to the user agent string.
-var AddHostExecEnvUserAgentHander = request.NamedHandler{
-	Name: "core.AddHostExecEnvUserAgentHander",
-	Fn: func(r *request.Request) {
-		v := os.Getenv(execEnvVar)
-		if len(v) == 0 {
-			return
-		}
-
-		request.AddToUserAgent(r, execEnvUAKey+"/"+v)
-	},
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/chain_provider.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/chain_provider.go
deleted file mode 100644
index 3ad1e798d..000000000
--- a/vendor/github.com/aws/aws-sdk-go/aws/credentials/chain_provider.go
+++ /dev/null
@@ -1,100 +0,0 @@
-package credentials
-
-import (
-	"github.com/aws/aws-sdk-go/aws/awserr"
-)
-
-var (
-	// ErrNoValidProvidersFoundInChain Is returned when there are no valid
-	// providers in the ChainProvider.
-	//
-	// This has been deprecated. For verbose error messaging set
-	// aws.Config.CredentialsChainVerboseErrors to true.
-	ErrNoValidProvidersFoundInChain = awserr.New("NoCredentialProviders",
-		`no valid providers in chain. Deprecated.
-	For verbose messaging see aws.Config.CredentialsChainVerboseErrors`,
-		nil)
-)
-
-// A ChainProvider will search for a provider which returns credentials
-// and cache that provider until Retrieve is called again.
-//
-// The ChainProvider provides a way of chaining multiple providers together
-// which will pick the first available using priority order of the Providers
-// in the list.
-//
-// If none of the Providers retrieve valid credentials Value, ChainProvider's
-// Retrieve() will return the error ErrNoValidProvidersFoundInChain.
-//
-// If a Provider is found which returns valid credentials Value ChainProvider
-// will cache that Provider for all calls to IsExpired(), until Retrieve is
-// called again.
-//
-// Example of ChainProvider to be used with an EnvProvider and EC2RoleProvider.
-// In this example EnvProvider will first check if any credentials are available
-// via the environment variables. If there are none ChainProvider will check
-// the next Provider in the list, EC2RoleProvider in this case. If EC2RoleProvider
-// does not return any credentials ChainProvider will return the error
-// ErrNoValidProvidersFoundInChain
-//
-//     creds := credentials.NewChainCredentials(
-//         []credentials.Provider{
-//             &credentials.EnvProvider{},
-//             &ec2rolecreds.EC2RoleProvider{
-//                 Client: ec2metadata.New(sess),
-//             },
-//         })
-//
-//     // Usage of ChainCredentials with aws.Config
-//     svc := ec2.New(session.Must(session.NewSession(&aws.Config{
-//       Credentials: creds,
-//     })))
-//
-type ChainProvider struct {
-	Providers     []Provider
-	curr          Provider
-	VerboseErrors bool
-}
-
-// NewChainCredentials returns a pointer to a new Credentials object
-// wrapping a chain of providers.
-func NewChainCredentials(providers []Provider) *Credentials {
-	return NewCredentials(&ChainProvider{
-		Providers: append([]Provider{}, providers...),
-	})
-}
-
-// Retrieve returns the credentials value or error if no provider returned
-// without error.
-//
-// If a provider is found it will be cached and any calls to IsExpired()
-// will return the expired state of the cached provider.
-func (c *ChainProvider) Retrieve() (Value, error) {
-	var errs []error
-	for _, p := range c.Providers {
-		creds, err := p.Retrieve()
-		if err == nil {
-			c.curr = p
-			return creds, nil
-		}
-		errs = append(errs, err)
-	}
-	c.curr = nil
-
-	var err error
-	err = ErrNoValidProvidersFoundInChain
-	if c.VerboseErrors {
-		err = awserr.NewBatchError("NoCredentialProviders", "no valid providers in chain", errs)
-	}
-	return Value{}, err
-}
-
-// IsExpired will returned the expired state of the currently cached provider
-// if there is one.  If there is no current provider, true will be returned.
-func (c *ChainProvider) IsExpired() bool {
-	if c.curr != nil {
-		return c.curr.IsExpired()
-	}
-
-	return true
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/context_background_go1.5.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/context_background_go1.5.go
deleted file mode 100644
index 6e3406b1f..000000000
--- a/vendor/github.com/aws/aws-sdk-go/aws/credentials/context_background_go1.5.go
+++ /dev/null
@@ -1,23 +0,0 @@
-//go:build !go1.7
-// +build !go1.7
-
-package credentials
-
-import (
-	"github.com/aws/aws-sdk-go/internal/context"
-)
-
-// backgroundContext returns a context that will never be canceled, has no
-// values, and no deadline. This context is used by the SDK to provide
-// backwards compatibility with non-context API operations and functionality.
-//
-// Go 1.6 and before:
-// This context function is equivalent to context.Background in the Go stdlib.
-//
-// Go 1.7 and later:
-// The context returned will be the value returned by context.Background()
-//
-// See https://golang.org/pkg/context for more information on Contexts.
-func backgroundContext() Context {
-	return context.BackgroundCtx
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/context_background_go1.7.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/context_background_go1.7.go
deleted file mode 100644
index a68df0ee7..000000000
--- a/vendor/github.com/aws/aws-sdk-go/aws/credentials/context_background_go1.7.go
+++ /dev/null
@@ -1,21 +0,0 @@
-//go:build go1.7
-// +build go1.7
-
-package credentials
-
-import "context"
-
-// backgroundContext returns a context that will never be canceled, has no
-// values, and no deadline. This context is used by the SDK to provide
-// backwards compatibility with non-context API operations and functionality.
-//
-// Go 1.6 and before:
-// This context function is equivalent to context.Background in the Go stdlib.
-//
-// Go 1.7 and later:
-// The context returned will be the value returned by context.Background()
-//
-// See https://golang.org/pkg/context for more information on Contexts.
-func backgroundContext() Context {
-	return context.Background()
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/context_go1.5.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/context_go1.5.go
deleted file mode 100644
index 0345fab2d..000000000
--- a/vendor/github.com/aws/aws-sdk-go/aws/credentials/context_go1.5.go
+++ /dev/null
@@ -1,40 +0,0 @@
-//go:build !go1.9
-// +build !go1.9
-
-package credentials
-
-import "time"
-
-// Context is an copy of the Go v1.7 stdlib's context.Context interface.
-// It is represented as a SDK interface to enable you to use the "WithContext"
-// API methods with Go v1.6 and a Context type such as golang.org/x/net/context.
-//
-// This type, aws.Context, and context.Context are equivalent.
-//
-// See https://golang.org/pkg/context on how to use contexts.
-type Context interface {
-	// Deadline returns the time when work done on behalf of this context
-	// should be canceled. Deadline returns ok==false when no deadline is
-	// set. Successive calls to Deadline return the same results.
-	Deadline() (deadline time.Time, ok bool)
-
-	// Done returns a channel that's closed when work done on behalf of this
-	// context should be canceled. Done may return nil if this context can
-	// never be canceled. Successive calls to Done return the same value.
-	Done() <-chan struct{}
-
-	// Err returns a non-nil error value after Done is closed. Err returns
-	// Canceled if the context was canceled or DeadlineExceeded if the
-	// context's deadline passed. No other values for Err are defined.
-	// After Done is closed, successive calls to Err return the same value.
-	Err() error
-
-	// Value returns the value associated with this context for key, or nil
-	// if no value is associated with key. Successive calls to Value with
-	// the same key returns the same result.
-	//
-	// Use context values only for request-scoped data that transits
-	// processes and API boundaries, not for passing optional parameters to
-	// functions.
-	Value(key interface{}) interface{}
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/context_go1.9.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/context_go1.9.go
deleted file mode 100644
index 79018aba7..000000000
--- a/vendor/github.com/aws/aws-sdk-go/aws/credentials/context_go1.9.go
+++ /dev/null
@@ -1,14 +0,0 @@
-//go:build go1.9
-// +build go1.9
-
-package credentials
-
-import "context"
-
-// Context is an alias of the Go stdlib's context.Context interface.
-// It can be used within the SDK's API operation "WithContext" methods.
-//
-// This type, aws.Context, and context.Context are equivalent.
-//
-// See https://golang.org/pkg/context on how to use contexts.
-type Context = context.Context
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/credentials.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/credentials.go
deleted file mode 100644
index a880a3de8..000000000
--- a/vendor/github.com/aws/aws-sdk-go/aws/credentials/credentials.go
+++ /dev/null
@@ -1,383 +0,0 @@
-// Package credentials provides credential retrieval and management
-//
-// The Credentials is the primary method of getting access to and managing
-// credentials Values. Using dependency injection retrieval of the credential
-// values is handled by a object which satisfies the Provider interface.
-//
-// By default the Credentials.Get() will cache the successful result of a
-// Provider's Retrieve() until Provider.IsExpired() returns true. At which
-// point Credentials will call Provider's Retrieve() to get new credential Value.
-//
-// The Provider is responsible for determining when credentials Value have expired.
-// It is also important to note that Credentials will always call Retrieve the
-// first time Credentials.Get() is called.
-//
-// Example of using the environment variable credentials.
-//
-//     creds := credentials.NewEnvCredentials()
-//
-//     // Retrieve the credentials value
-//     credValue, err := creds.Get()
-//     if err != nil {
-//         // handle error
-//     }
-//
-// Example of forcing credentials to expire and be refreshed on the next Get().
-// This may be helpful to proactively expire credentials and refresh them sooner
-// than they would naturally expire on their own.
-//
-//     creds := credentials.NewCredentials(&ec2rolecreds.EC2RoleProvider{})
-//     creds.Expire()
-//     credsValue, err := creds.Get()
-//     // New credentials will be retrieved instead of from cache.
-//
-//
-// Custom Provider
-//
-// Each Provider built into this package also provides a helper method to generate
-// a Credentials pointer setup with the provider. To use a custom Provider just
-// create a type which satisfies the Provider interface and pass it to the
-// NewCredentials method.
-//
-//     type MyProvider struct{}
-//     func (m *MyProvider) Retrieve() (Value, error) {...}
-//     func (m *MyProvider) IsExpired() bool {...}
-//
-//     creds := credentials.NewCredentials(&MyProvider{})
-//     credValue, err := creds.Get()
-//
-package credentials
-
-import (
-	"fmt"
-	"sync"
-	"time"
-
-	"github.com/aws/aws-sdk-go/aws/awserr"
-	"github.com/aws/aws-sdk-go/internal/sync/singleflight"
-)
-
-// AnonymousCredentials is an empty Credential object that can be used as
-// dummy placeholder credentials for requests that do not need signed.
-//
-// This Credentials can be used to configure a service to not sign requests
-// when making service API calls. For example, when accessing public
-// s3 buckets.
-//
-//     svc := s3.New(session.Must(session.NewSession(&aws.Config{
-//       Credentials: credentials.AnonymousCredentials,
-//     })))
-//     // Access public S3 buckets.
-var AnonymousCredentials = NewStaticCredentials("", "", "")
-
-// A Value is the AWS credentials value for individual credential fields.
-type Value struct {
-	// AWS Access key ID
-	AccessKeyID string
-
-	// AWS Secret Access Key
-	SecretAccessKey string
-
-	// AWS Session Token
-	SessionToken string
-
-	// Provider used to get credentials
-	ProviderName string
-}
-
-// HasKeys returns if the credentials Value has both AccessKeyID and
-// SecretAccessKey value set.
-func (v Value) HasKeys() bool {
-	return len(v.AccessKeyID) != 0 && len(v.SecretAccessKey) != 0
-}
-
-// A Provider is the interface for any component which will provide credentials
-// Value. A provider is required to manage its own Expired state, and what to
-// be expired means.
-//
-// The Provider should not need to implement its own mutexes, because
-// that will be managed by Credentials.
-type Provider interface {
-	// Retrieve returns nil if it successfully retrieved the value.
-	// Error is returned if the value were not obtainable, or empty.
-	Retrieve() (Value, error)
-
-	// IsExpired returns if the credentials are no longer valid, and need
-	// to be retrieved.
-	IsExpired() bool
-}
-
-// ProviderWithContext is a Provider that can retrieve credentials with a Context
-type ProviderWithContext interface {
-	Provider
-
-	RetrieveWithContext(Context) (Value, error)
-}
-
-// An Expirer is an interface that Providers can implement to expose the expiration
-// time, if known.  If the Provider cannot accurately provide this info,
-// it should not implement this interface.
-type Expirer interface {
-	// The time at which the credentials are no longer valid
-	ExpiresAt() time.Time
-}
-
-// An ErrorProvider is a stub credentials provider that always returns an error
-// this is used by the SDK when construction a known provider is not possible
-// due to an error.
-type ErrorProvider struct {
-	// The error to be returned from Retrieve
-	Err error
-
-	// The provider name to set on the Retrieved returned Value
-	ProviderName string
-}
-
-// Retrieve will always return the error that the ErrorProvider was created with.
-func (p ErrorProvider) Retrieve() (Value, error) {
-	return Value{ProviderName: p.ProviderName}, p.Err
-}
-
-// IsExpired will always return not expired.
-func (p ErrorProvider) IsExpired() bool {
-	return false
-}
-
-// A Expiry provides shared expiration logic to be used by credentials
-// providers to implement expiry functionality.
-//
-// The best method to use this struct is as an anonymous field within the
-// provider's struct.
-//
-// Example:
-//     type EC2RoleProvider struct {
-//         Expiry
-//         ...
-//     }
-type Expiry struct {
-	// The date/time when to expire on
-	expiration time.Time
-
-	// If set will be used by IsExpired to determine the current time.
-	// Defaults to time.Now if CurrentTime is not set.  Available for testing
-	// to be able to mock out the current time.
-	CurrentTime func() time.Time
-}
-
-// SetExpiration sets the expiration IsExpired will check when called.
-//
-// If window is greater than 0 the expiration time will be reduced by the
-// window value.
-//
-// Using a window is helpful to trigger credentials to expire sooner than
-// the expiration time given to ensure no requests are made with expired
-// tokens.
-func (e *Expiry) SetExpiration(expiration time.Time, window time.Duration) {
-	// Passed in expirations should have the monotonic clock values stripped.
-	// This ensures time comparisons will be based on wall-time.
-	e.expiration = expiration.Round(0)
-	if window > 0 {
-		e.expiration = e.expiration.Add(-window)
-	}
-}
-
-// IsExpired returns if the credentials are expired.
-func (e *Expiry) IsExpired() bool {
-	curTime := e.CurrentTime
-	if curTime == nil {
-		curTime = time.Now
-	}
-	return e.expiration.Before(curTime())
-}
-
-// ExpiresAt returns the expiration time of the credential
-func (e *Expiry) ExpiresAt() time.Time {
-	return e.expiration
-}
-
-// A Credentials provides concurrency safe retrieval of AWS credentials Value.
-// Credentials will cache the credentials value until they expire. Once the value
-// expires the next Get will attempt to retrieve valid credentials.
-//
-// Credentials is safe to use across multiple goroutines and will manage the
-// synchronous state so the Providers do not need to implement their own
-// synchronization.
-//
-// The first Credentials.Get() will always call Provider.Retrieve() to get the
-// first instance of the credentials Value. All calls to Get() after that
-// will return the cached credentials Value until IsExpired() returns true.
-type Credentials struct {
-	sf singleflight.Group
-
-	m        sync.RWMutex
-	creds    Value
-	provider Provider
-}
-
-// NewCredentials returns a pointer to a new Credentials with the provider set.
-func NewCredentials(provider Provider) *Credentials {
-	c := &Credentials{
-		provider: provider,
-	}
-	return c
-}
-
-// GetWithContext returns the credentials value, or error if the credentials
-// Value failed to be retrieved. Will return early if the passed in context is
-// canceled.
-//
-// Will return the cached credentials Value if it has not expired. If the
-// credentials Value has expired the Provider's Retrieve() will be called
-// to refresh the credentials.
-//
-// If Credentials.Expire() was called the credentials Value will be force
-// expired, and the next call to Get() will cause them to be refreshed.
-//
-// Passed in Context is equivalent to aws.Context, and context.Context.
-func (c *Credentials) GetWithContext(ctx Context) (Value, error) {
-	// Check if credentials are cached, and not expired.
-	select {
-	case curCreds, ok := <-c.asyncIsExpired():
-		// ok will only be true, of the credentials were not expired. ok will
-		// be false and have no value if the credentials are expired.
-		if ok {
-			return curCreds, nil
-		}
-	case <-ctx.Done():
-		return Value{}, awserr.New("RequestCanceled",
-			"request context canceled", ctx.Err())
-	}
-
-	// Cannot pass context down to the actual retrieve, because the first
-	// context would cancel the whole group when there is not direct
-	// association of items in the group.
-	resCh := c.sf.DoChan("", func() (interface{}, error) {
-		return c.singleRetrieve(&suppressedContext{ctx})
-	})
-	select {
-	case res := <-resCh:
-		return res.Val.(Value), res.Err
-	case <-ctx.Done():
-		return Value{}, awserr.New("RequestCanceled",
-			"request context canceled", ctx.Err())
-	}
-}
-
-func (c *Credentials) singleRetrieve(ctx Context) (interface{}, error) {
-	c.m.Lock()
-	defer c.m.Unlock()
-
-	if curCreds := c.creds; !c.isExpiredLocked(curCreds) {
-		return curCreds, nil
-	}
-
-	var creds Value
-	var err error
-	if p, ok := c.provider.(ProviderWithContext); ok {
-		creds, err = p.RetrieveWithContext(ctx)
-	} else {
-		creds, err = c.provider.Retrieve()
-	}
-	if err == nil {
-		c.creds = creds
-	}
-
-	return creds, err
-}
-
-// Get returns the credentials value, or error if the credentials Value failed
-// to be retrieved.
-//
-// Will return the cached credentials Value if it has not expired. If the
-// credentials Value has expired the Provider's Retrieve() will be called
-// to refresh the credentials.
-//
-// If Credentials.Expire() was called the credentials Value will be force
-// expired, and the next call to Get() will cause them to be refreshed.
-func (c *Credentials) Get() (Value, error) {
-	return c.GetWithContext(backgroundContext())
-}
-
-// Expire expires the credentials and forces them to be retrieved on the
-// next call to Get().
-//
-// This will override the Provider's expired state, and force Credentials
-// to call the Provider's Retrieve().
-func (c *Credentials) Expire() {
-	c.m.Lock()
-	defer c.m.Unlock()
-
-	c.creds = Value{}
-}
-
-// IsExpired returns if the credentials are no longer valid, and need
-// to be retrieved.
-//
-// If the Credentials were forced to be expired with Expire() this will
-// reflect that override.
-func (c *Credentials) IsExpired() bool {
-	c.m.RLock()
-	defer c.m.RUnlock()
-
-	return c.isExpiredLocked(c.creds)
-}
-
-// asyncIsExpired returns a channel of credentials Value. If the channel is
-// closed the credentials are expired and credentials value are not empty.
-func (c *Credentials) asyncIsExpired() <-chan Value {
-	ch := make(chan Value, 1)
-	go func() {
-		c.m.RLock()
-		defer c.m.RUnlock()
-
-		if curCreds := c.creds; !c.isExpiredLocked(curCreds) {
-			ch <- curCreds
-		}
-
-		close(ch)
-	}()
-
-	return ch
-}
-
-// isExpiredLocked helper method wrapping the definition of expired credentials.
-func (c *Credentials) isExpiredLocked(creds interface{}) bool {
-	return creds == nil || creds.(Value) == Value{} || c.provider.IsExpired()
-}
-
-// ExpiresAt provides access to the functionality of the Expirer interface of
-// the underlying Provider, if it supports that interface.  Otherwise, it returns
-// an error.
-func (c *Credentials) ExpiresAt() (time.Time, error) {
-	c.m.RLock()
-	defer c.m.RUnlock()
-
-	expirer, ok := c.provider.(Expirer)
-	if !ok {
-		return time.Time{}, awserr.New("ProviderNotExpirer",
-			fmt.Sprintf("provider %s does not support ExpiresAt()",
-				c.creds.ProviderName),
-			nil)
-	}
-	if c.creds == (Value{}) {
-		// set expiration time to the distant past
-		return time.Time{}, nil
-	}
-	return expirer.ExpiresAt(), nil
-}
-
-type suppressedContext struct {
-	Context
-}
-
-func (s *suppressedContext) Deadline() (deadline time.Time, ok bool) {
-	return time.Time{}, false
-}
-
-func (s *suppressedContext) Done() <-chan struct{} {
-	return nil
-}
-
-func (s *suppressedContext) Err() error {
-	return nil
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/ec2rolecreds/ec2_role_provider.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/ec2rolecreds/ec2_role_provider.go
deleted file mode 100644
index 92af5b725..000000000
--- a/vendor/github.com/aws/aws-sdk-go/aws/credentials/ec2rolecreds/ec2_role_provider.go
+++ /dev/null
@@ -1,188 +0,0 @@
-package ec2rolecreds
-
-import (
-	"bufio"
-	"encoding/json"
-	"fmt"
-	"strings"
-	"time"
-
-	"github.com/aws/aws-sdk-go/aws"
-	"github.com/aws/aws-sdk-go/aws/awserr"
-	"github.com/aws/aws-sdk-go/aws/client"
-	"github.com/aws/aws-sdk-go/aws/credentials"
-	"github.com/aws/aws-sdk-go/aws/ec2metadata"
-	"github.com/aws/aws-sdk-go/aws/request"
-	"github.com/aws/aws-sdk-go/internal/sdkuri"
-)
-
-// ProviderName provides a name of EC2Role provider
-const ProviderName = "EC2RoleProvider"
-
-// A EC2RoleProvider retrieves credentials from the EC2 service, and keeps track if
-// those credentials are expired.
-//
-// Example how to configure the EC2RoleProvider with custom http Client, Endpoint
-// or ExpiryWindow
-//
-//     p := &ec2rolecreds.EC2RoleProvider{
-//         // Pass in a custom timeout to be used when requesting
-//         // IAM EC2 Role credentials.
-//         Client: ec2metadata.New(sess, aws.Config{
-//             HTTPClient: &http.Client{Timeout: 10 * time.Second},
-//         }),
-//
-//         // Do not use early expiry of credentials. If a non zero value is
-//         // specified the credentials will be expired early
-//         ExpiryWindow: 0,
-//     }
-type EC2RoleProvider struct {
-	credentials.Expiry
-
-	// Required EC2Metadata client to use when connecting to EC2 metadata service.
-	Client *ec2metadata.EC2Metadata
-
-	// ExpiryWindow will allow the credentials to trigger refreshing prior to
-	// the credentials actually expiring. This is beneficial so race conditions
-	// with expiring credentials do not cause request to fail unexpectedly
-	// due to ExpiredTokenException exceptions.
-	//
-	// So a ExpiryWindow of 10s would cause calls to IsExpired() to return true
-	// 10 seconds before the credentials are actually expired.
-	//
-	// If ExpiryWindow is 0 or less it will be ignored.
-	ExpiryWindow time.Duration
-}
-
-// NewCredentials returns a pointer to a new Credentials object wrapping
-// the EC2RoleProvider. Takes a ConfigProvider to create a EC2Metadata client.
-// The ConfigProvider is satisfied by the session.Session type.
-func NewCredentials(c client.ConfigProvider, options ...func(*EC2RoleProvider)) *credentials.Credentials {
-	p := &EC2RoleProvider{
-		Client: ec2metadata.New(c),
-	}
-
-	for _, option := range options {
-		option(p)
-	}
-
-	return credentials.NewCredentials(p)
-}
-
-// NewCredentialsWithClient returns a pointer to a new Credentials object wrapping
-// the EC2RoleProvider. Takes a EC2Metadata client to use when connecting to EC2
-// metadata service.
-func NewCredentialsWithClient(client *ec2metadata.EC2Metadata, options ...func(*EC2RoleProvider)) *credentials.Credentials {
-	p := &EC2RoleProvider{
-		Client: client,
-	}
-
-	for _, option := range options {
-		option(p)
-	}
-
-	return credentials.NewCredentials(p)
-}
-
-// Retrieve retrieves credentials from the EC2 service.
-// Error will be returned if the request fails, or unable to extract
-// the desired credentials.
-func (m *EC2RoleProvider) Retrieve() (credentials.Value, error) {
-	return m.RetrieveWithContext(aws.BackgroundContext())
-}
-
-// RetrieveWithContext retrieves credentials from the EC2 service.
-// Error will be returned if the request fails, or unable to extract
-// the desired credentials.
-func (m *EC2RoleProvider) RetrieveWithContext(ctx credentials.Context) (credentials.Value, error) {
-	credsList, err := requestCredList(ctx, m.Client)
-	if err != nil {
-		return credentials.Value{ProviderName: ProviderName}, err
-	}
-
-	if len(credsList) == 0 {
-		return credentials.Value{ProviderName: ProviderName}, awserr.New("EmptyEC2RoleList", "empty EC2 Role list", nil)
-	}
-	credsName := credsList[0]
-
-	roleCreds, err := requestCred(ctx, m.Client, credsName)
-	if err != nil {
-		return credentials.Value{ProviderName: ProviderName}, err
-	}
-
-	m.SetExpiration(roleCreds.Expiration, m.ExpiryWindow)
-
-	return credentials.Value{
-		AccessKeyID:     roleCreds.AccessKeyID,
-		SecretAccessKey: roleCreds.SecretAccessKey,
-		SessionToken:    roleCreds.Token,
-		ProviderName:    ProviderName,
-	}, nil
-}
-
-// A ec2RoleCredRespBody provides the shape for unmarshaling credential
-// request responses.
-type ec2RoleCredRespBody struct {
-	// Success State
-	Expiration      time.Time
-	AccessKeyID     string
-	SecretAccessKey string
-	Token           string
-
-	// Error state
-	Code    string
-	Message string
-}
-
-const iamSecurityCredsPath = "iam/security-credentials/"
-
-// requestCredList requests a list of credentials from the EC2 service.
-// If there are no credentials, or there is an error making or receiving the request
-func requestCredList(ctx aws.Context, client *ec2metadata.EC2Metadata) ([]string, error) {
-	resp, err := client.GetMetadataWithContext(ctx, iamSecurityCredsPath)
-	if err != nil {
-		return nil, awserr.New("EC2RoleRequestError", "no EC2 instance role found", err)
-	}
-
-	credsList := []string{}
-	s := bufio.NewScanner(strings.NewReader(resp))
-	for s.Scan() {
-		credsList = append(credsList, s.Text())
-	}
-
-	if err := s.Err(); err != nil {
-		return nil, awserr.New(request.ErrCodeSerialization,
-			"failed to read EC2 instance role from metadata service", err)
-	}
-
-	return credsList, nil
-}
-
-// requestCred requests the credentials for a specific credentials from the EC2 service.
-//
-// If the credentials cannot be found, or there is an error reading the response
-// and error will be returned.
-func requestCred(ctx aws.Context, client *ec2metadata.EC2Metadata, credsName string) (ec2RoleCredRespBody, error) {
-	resp, err := client.GetMetadataWithContext(ctx, sdkuri.PathJoin(iamSecurityCredsPath, credsName))
-	if err != nil {
-		return ec2RoleCredRespBody{},
-			awserr.New("EC2RoleRequestError",
-				fmt.Sprintf("failed to get %s EC2 instance role credentials", credsName),
-				err)
-	}
-
-	respCreds := ec2RoleCredRespBody{}
-	if err := json.NewDecoder(strings.NewReader(resp)).Decode(&respCreds); err != nil {
-		return ec2RoleCredRespBody{},
-			awserr.New(request.ErrCodeSerialization,
-				fmt.Sprintf("failed to decode %s EC2 instance role credentials", credsName),
-				err)
-	}
-
-	if respCreds.Code != "Success" {
-		// If an error code was returned something failed requesting the role.
-		return ec2RoleCredRespBody{}, awserr.New(respCreds.Code, respCreds.Message, nil)
-	}
-
-	return respCreds, nil
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/endpointcreds/provider.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/endpointcreds/provider.go
deleted file mode 100644
index 785f30d8e..000000000
--- a/vendor/github.com/aws/aws-sdk-go/aws/credentials/endpointcreds/provider.go
+++ /dev/null
@@ -1,210 +0,0 @@
-// Package endpointcreds provides support for retrieving credentials from an
-// arbitrary HTTP endpoint.
-//
-// The credentials endpoint Provider can receive both static and refreshable
-// credentials that will expire. Credentials are static when an "Expiration"
-// value is not provided in the endpoint's response.
-//
-// Static credentials will never expire once they have been retrieved. The format
-// of the static credentials response:
-//    {
-//        "AccessKeyId" : "MUA...",
-//        "SecretAccessKey" : "/7PC5om....",
-//    }
-//
-// Refreshable credentials will expire within the "ExpiryWindow" of the Expiration
-// value in the response. The format of the refreshable credentials response:
-//    {
-//        "AccessKeyId" : "MUA...",
-//        "SecretAccessKey" : "/7PC5om....",
-//        "Token" : "AQoDY....=",
-//        "Expiration" : "2016-02-25T06:03:31Z"
-//    }
-//
-// Errors should be returned in the following format and only returned with 400
-// or 500 HTTP status codes.
-//    {
-//        "code": "ErrorCode",
-//        "message": "Helpful error message."
-//    }
-package endpointcreds
-
-import (
-	"encoding/json"
-	"time"
-
-	"github.com/aws/aws-sdk-go/aws"
-	"github.com/aws/aws-sdk-go/aws/awserr"
-	"github.com/aws/aws-sdk-go/aws/client"
-	"github.com/aws/aws-sdk-go/aws/client/metadata"
-	"github.com/aws/aws-sdk-go/aws/credentials"
-	"github.com/aws/aws-sdk-go/aws/request"
-	"github.com/aws/aws-sdk-go/private/protocol/json/jsonutil"
-)
-
-// ProviderName is the name of the credentials provider.
-const ProviderName = `CredentialsEndpointProvider`
-
-// Provider satisfies the credentials.Provider interface, and is a client to
-// retrieve credentials from an arbitrary endpoint.
-type Provider struct {
-	staticCreds bool
-	credentials.Expiry
-
-	// Requires a AWS Client to make HTTP requests to the endpoint with.
-	// the Endpoint the request will be made to is provided by the aws.Config's
-	// Endpoint value.
-	Client *client.Client
-
-	// ExpiryWindow will allow the credentials to trigger refreshing prior to
-	// the credentials actually expiring. This is beneficial so race conditions
-	// with expiring credentials do not cause request to fail unexpectedly
-	// due to ExpiredTokenException exceptions.
-	//
-	// So a ExpiryWindow of 10s would cause calls to IsExpired() to return true
-	// 10 seconds before the credentials are actually expired.
-	//
-	// If ExpiryWindow is 0 or less it will be ignored.
-	ExpiryWindow time.Duration
-
-	// Optional authorization token value if set will be used as the value of
-	// the Authorization header of the endpoint credential request.
-	AuthorizationToken string
-}
-
-// NewProviderClient returns a credentials Provider for retrieving AWS credentials
-// from arbitrary endpoint.
-func NewProviderClient(cfg aws.Config, handlers request.Handlers, endpoint string, options ...func(*Provider)) credentials.Provider {
-	p := &Provider{
-		Client: client.New(
-			cfg,
-			metadata.ClientInfo{
-				ServiceName: "CredentialsEndpoint",
-				Endpoint:    endpoint,
-			},
-			handlers,
-		),
-	}
-
-	p.Client.Handlers.Unmarshal.PushBack(unmarshalHandler)
-	p.Client.Handlers.UnmarshalError.PushBack(unmarshalError)
-	p.Client.Handlers.Validate.Clear()
-	p.Client.Handlers.Validate.PushBack(validateEndpointHandler)
-
-	for _, option := range options {
-		option(p)
-	}
-
-	return p
-}
-
-// NewCredentialsClient returns a pointer to a new Credentials object
-// wrapping the endpoint credentials Provider.
-func NewCredentialsClient(cfg aws.Config, handlers request.Handlers, endpoint string, options ...func(*Provider)) *credentials.Credentials {
-	return credentials.NewCredentials(NewProviderClient(cfg, handlers, endpoint, options...))
-}
-
-// IsExpired returns true if the credentials retrieved are expired, or not yet
-// retrieved.
-func (p *Provider) IsExpired() bool {
-	if p.staticCreds {
-		return false
-	}
-	return p.Expiry.IsExpired()
-}
-
-// Retrieve will attempt to request the credentials from the endpoint the Provider
-// was configured for. And error will be returned if the retrieval fails.
-func (p *Provider) Retrieve() (credentials.Value, error) {
-	return p.RetrieveWithContext(aws.BackgroundContext())
-}
-
-// RetrieveWithContext will attempt to request the credentials from the endpoint the Provider
-// was configured for. And error will be returned if the retrieval fails.
-func (p *Provider) RetrieveWithContext(ctx credentials.Context) (credentials.Value, error) {
-	resp, err := p.getCredentials(ctx)
-	if err != nil {
-		return credentials.Value{ProviderName: ProviderName},
-			awserr.New("CredentialsEndpointError", "failed to load credentials", err)
-	}
-
-	if resp.Expiration != nil {
-		p.SetExpiration(*resp.Expiration, p.ExpiryWindow)
-	} else {
-		p.staticCreds = true
-	}
-
-	return credentials.Value{
-		AccessKeyID:     resp.AccessKeyID,
-		SecretAccessKey: resp.SecretAccessKey,
-		SessionToken:    resp.Token,
-		ProviderName:    ProviderName,
-	}, nil
-}
-
-type getCredentialsOutput struct {
-	Expiration      *time.Time
-	AccessKeyID     string
-	SecretAccessKey string
-	Token           string
-}
-
-type errorOutput struct {
-	Code    string `json:"code"`
-	Message string `json:"message"`
-}
-
-func (p *Provider) getCredentials(ctx aws.Context) (*getCredentialsOutput, error) {
-	op := &request.Operation{
-		Name:       "GetCredentials",
-		HTTPMethod: "GET",
-	}
-
-	out := &getCredentialsOutput{}
-	req := p.Client.NewRequest(op, nil, out)
-	req.SetContext(ctx)
-	req.HTTPRequest.Header.Set("Accept", "application/json")
-	if authToken := p.AuthorizationToken; len(authToken) != 0 {
-		req.HTTPRequest.Header.Set("Authorization", authToken)
-	}
-
-	return out, req.Send()
-}
-
-func validateEndpointHandler(r *request.Request) {
-	if len(r.ClientInfo.Endpoint) == 0 {
-		r.Error = aws.ErrMissingEndpoint
-	}
-}
-
-func unmarshalHandler(r *request.Request) {
-	defer r.HTTPResponse.Body.Close()
-
-	out := r.Data.(*getCredentialsOutput)
-	if err := json.NewDecoder(r.HTTPResponse.Body).Decode(&out); err != nil {
-		r.Error = awserr.New(request.ErrCodeSerialization,
-			"failed to decode endpoint credentials",
-			err,
-		)
-	}
-}
-
-func unmarshalError(r *request.Request) {
-	defer r.HTTPResponse.Body.Close()
-
-	var errOut errorOutput
-	err := jsonutil.UnmarshalJSONError(&errOut, r.HTTPResponse.Body)
-	if err != nil {
-		r.Error = awserr.NewRequestFailure(
-			awserr.New(request.ErrCodeSerialization,
-				"failed to decode error message", err),
-			r.HTTPResponse.StatusCode,
-			r.RequestID,
-		)
-		return
-	}
-
-	// Response body format is not consistent between metadata endpoints.
-	// Grab the error message as a string and include that as the source error
-	r.Error = awserr.New(errOut.Code, errOut.Message, nil)
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/env_provider.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/env_provider.go
deleted file mode 100644
index 54c5cf733..000000000
--- a/vendor/github.com/aws/aws-sdk-go/aws/credentials/env_provider.go
+++ /dev/null
@@ -1,74 +0,0 @@
-package credentials
-
-import (
-	"os"
-
-	"github.com/aws/aws-sdk-go/aws/awserr"
-)
-
-// EnvProviderName provides a name of Env provider
-const EnvProviderName = "EnvProvider"
-
-var (
-	// ErrAccessKeyIDNotFound is returned when the AWS Access Key ID can't be
-	// found in the process's environment.
-	ErrAccessKeyIDNotFound = awserr.New("EnvAccessKeyNotFound", "AWS_ACCESS_KEY_ID or AWS_ACCESS_KEY not found in environment", nil)
-
-	// ErrSecretAccessKeyNotFound is returned when the AWS Secret Access Key
-	// can't be found in the process's environment.
-	ErrSecretAccessKeyNotFound = awserr.New("EnvSecretNotFound", "AWS_SECRET_ACCESS_KEY or AWS_SECRET_KEY not found in environment", nil)
-)
-
-// A EnvProvider retrieves credentials from the environment variables of the
-// running process. Environment credentials never expire.
-//
-// Environment variables used:
-//
-// * Access Key ID:     AWS_ACCESS_KEY_ID or AWS_ACCESS_KEY
-//
-// * Secret Access Key: AWS_SECRET_ACCESS_KEY or AWS_SECRET_KEY
-type EnvProvider struct {
-	retrieved bool
-}
-
-// NewEnvCredentials returns a pointer to a new Credentials object
-// wrapping the environment variable provider.
-func NewEnvCredentials() *Credentials {
-	return NewCredentials(&EnvProvider{})
-}
-
-// Retrieve retrieves the keys from the environment.
-func (e *EnvProvider) Retrieve() (Value, error) {
-	e.retrieved = false
-
-	id := os.Getenv("AWS_ACCESS_KEY_ID")
-	if id == "" {
-		id = os.Getenv("AWS_ACCESS_KEY")
-	}
-
-	secret := os.Getenv("AWS_SECRET_ACCESS_KEY")
-	if secret == "" {
-		secret = os.Getenv("AWS_SECRET_KEY")
-	}
-
-	if id == "" {
-		return Value{ProviderName: EnvProviderName}, ErrAccessKeyIDNotFound
-	}
-
-	if secret == "" {
-		return Value{ProviderName: EnvProviderName}, ErrSecretAccessKeyNotFound
-	}
-
-	e.retrieved = true
-	return Value{
-		AccessKeyID:     id,
-		SecretAccessKey: secret,
-		SessionToken:    os.Getenv("AWS_SESSION_TOKEN"),
-		ProviderName:    EnvProviderName,
-	}, nil
-}
-
-// IsExpired returns if the credentials have been retrieved.
-func (e *EnvProvider) IsExpired() bool {
-	return !e.retrieved
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/example.ini b/vendor/github.com/aws/aws-sdk-go/aws/credentials/example.ini
deleted file mode 100644
index 7fc91d9d2..000000000
--- a/vendor/github.com/aws/aws-sdk-go/aws/credentials/example.ini
+++ /dev/null
@@ -1,12 +0,0 @@
-[default]
-aws_access_key_id = accessKey
-aws_secret_access_key = secret
-aws_session_token = token
-
-[no_token]
-aws_access_key_id = accessKey
-aws_secret_access_key = secret
-
-[with_colon]
-aws_access_key_id: accessKey
-aws_secret_access_key: secret
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/processcreds/provider.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/processcreds/provider.go
deleted file mode 100644
index 18694f07f..000000000
--- a/vendor/github.com/aws/aws-sdk-go/aws/credentials/processcreds/provider.go
+++ /dev/null
@@ -1,438 +0,0 @@
-/*
-Package processcreds is a credential Provider to retrieve `credential_process`
-credentials.
-
-WARNING: The following describes a method of sourcing credentials from an external
-process. This can potentially be dangerous, so proceed with caution. Other
-credential providers should be preferred if at all possible. If using this
-option, you should make sure that the config file is as locked down as possible
-using security best practices for your operating system.
-
-You can use credentials from a `credential_process` in a variety of ways.
-
-One way is to setup your shared config file, located in the default
-location, with the `credential_process` key and the command you want to be
-called. You also need to set the AWS_SDK_LOAD_CONFIG environment variable
-(e.g., `export AWS_SDK_LOAD_CONFIG=1`) to use the shared config file.
-
-    [default]
-    credential_process = /command/to/call
-
-Creating a new session will use the credential process to retrieve credentials.
-NOTE: If there are credentials in the profile you are using, the credential
-process will not be used.
-
-    // Initialize a session to load credentials.
-    sess, _ := session.NewSession(&aws.Config{
-        Region: aws.String("us-east-1")},
-    )
-
-    // Create S3 service client to use the credentials.
-    svc := s3.New(sess)
-
-Another way to use the `credential_process` method is by using
-`credentials.NewCredentials()` and providing a command to be executed to
-retrieve credentials:
-
-    // Create credentials using the ProcessProvider.
-    creds := processcreds.NewCredentials("/path/to/command")
-
-    // Create service client value configured for credentials.
-    svc := s3.New(sess, &aws.Config{Credentials: creds})
-
-You can set a non-default timeout for the `credential_process` with another
-constructor, `credentials.NewCredentialsTimeout()`, providing the timeout. To
-set a one minute timeout:
-
-    // Create credentials using the ProcessProvider.
-    creds := processcreds.NewCredentialsTimeout(
-        "/path/to/command",
-        time.Duration(500) * time.Millisecond)
-
-If you need more control, you can set any configurable options in the
-credentials using one or more option functions. For example, you can set a two
-minute timeout, a credential duration of 60 minutes, and a maximum stdout
-buffer size of 2k.
-
-    creds := processcreds.NewCredentials(
-        "/path/to/command",
-        func(opt *ProcessProvider) {
-            opt.Timeout = time.Duration(2) * time.Minute
-            opt.Duration = time.Duration(60) * time.Minute
-            opt.MaxBufSize = 2048
-        })
-
-You can also use your own `exec.Cmd`:
-
-	// Create an exec.Cmd
-	myCommand := exec.Command("/path/to/command")
-
-	// Create credentials using your exec.Cmd and custom timeout
-	creds := processcreds.NewCredentialsCommand(
-		myCommand,
-		func(opt *processcreds.ProcessProvider) {
-			opt.Timeout = time.Duration(1) * time.Second
-		})
-*/
-package processcreds
-
-import (
-	"bytes"
-	"encoding/json"
-	"fmt"
-	"io"
-	"io/ioutil"
-	"os"
-	"os/exec"
-	"runtime"
-	"strings"
-	"time"
-
-	"github.com/aws/aws-sdk-go/aws/awserr"
-	"github.com/aws/aws-sdk-go/aws/credentials"
-	"github.com/aws/aws-sdk-go/internal/sdkio"
-)
-
-const (
-	// ProviderName is the name this credentials provider will label any
-	// returned credentials Value with.
-	ProviderName = `ProcessProvider`
-
-	// ErrCodeProcessProviderParse error parsing process output
-	ErrCodeProcessProviderParse = "ProcessProviderParseError"
-
-	// ErrCodeProcessProviderVersion version error in output
-	ErrCodeProcessProviderVersion = "ProcessProviderVersionError"
-
-	// ErrCodeProcessProviderRequired required attribute missing in output
-	ErrCodeProcessProviderRequired = "ProcessProviderRequiredError"
-
-	// ErrCodeProcessProviderExecution execution of command failed
-	ErrCodeProcessProviderExecution = "ProcessProviderExecutionError"
-
-	// errMsgProcessProviderTimeout process took longer than allowed
-	errMsgProcessProviderTimeout = "credential process timed out"
-
-	// errMsgProcessProviderProcess process error
-	errMsgProcessProviderProcess = "error in credential_process"
-
-	// errMsgProcessProviderParse problem parsing output
-	errMsgProcessProviderParse = "parse failed of credential_process output"
-
-	// errMsgProcessProviderVersion version error in output
-	errMsgProcessProviderVersion = "wrong version in process output (not 1)"
-
-	// errMsgProcessProviderMissKey missing access key id in output
-	errMsgProcessProviderMissKey = "missing AccessKeyId in process output"
-
-	// errMsgProcessProviderMissSecret missing secret acess key in output
-	errMsgProcessProviderMissSecret = "missing SecretAccessKey in process output"
-
-	// errMsgProcessProviderPrepareCmd prepare of command failed
-	errMsgProcessProviderPrepareCmd = "failed to prepare command"
-
-	// errMsgProcessProviderEmptyCmd command must not be empty
-	errMsgProcessProviderEmptyCmd = "command must not be empty"
-
-	// errMsgProcessProviderPipe failed to initialize pipe
-	errMsgProcessProviderPipe = "failed to initialize pipe"
-
-	// DefaultDuration is the default amount of time in minutes that the
-	// credentials will be valid for.
-	DefaultDuration = time.Duration(15) * time.Minute
-
-	// DefaultBufSize limits buffer size from growing to an enormous
-	// amount due to a faulty process.
-	DefaultBufSize = int(8 * sdkio.KibiByte)
-
-	// DefaultTimeout default limit on time a process can run.
-	DefaultTimeout = time.Duration(1) * time.Minute
-)
-
-// ProcessProvider satisfies the credentials.Provider interface, and is a
-// client to retrieve credentials from a process.
-type ProcessProvider struct {
-	staticCreds bool
-	credentials.Expiry
-	originalCommand []string
-
-	// Expiry duration of the credentials. Defaults to 15 minutes if not set.
-	Duration time.Duration
-
-	// ExpiryWindow will allow the credentials to trigger refreshing prior to
-	// the credentials actually expiring. This is beneficial so race conditions
-	// with expiring credentials do not cause request to fail unexpectedly
-	// due to ExpiredTokenException exceptions.
-	//
-	// So a ExpiryWindow of 10s would cause calls to IsExpired() to return true
-	// 10 seconds before the credentials are actually expired.
-	//
-	// If ExpiryWindow is 0 or less it will be ignored.
-	ExpiryWindow time.Duration
-
-	// A string representing an os command that should return a JSON with
-	// credential information.
-	command *exec.Cmd
-
-	// MaxBufSize limits memory usage from growing to an enormous
-	// amount due to a faulty process.
-	MaxBufSize int
-
-	// Timeout limits the time a process can run.
-	Timeout time.Duration
-}
-
-// NewCredentials returns a pointer to a new Credentials object wrapping the
-// ProcessProvider. The credentials will expire every 15 minutes by default.
-func NewCredentials(command string, options ...func(*ProcessProvider)) *credentials.Credentials {
-	p := &ProcessProvider{
-		command:    exec.Command(command),
-		Duration:   DefaultDuration,
-		Timeout:    DefaultTimeout,
-		MaxBufSize: DefaultBufSize,
-	}
-
-	for _, option := range options {
-		option(p)
-	}
-
-	return credentials.NewCredentials(p)
-}
-
-// NewCredentialsTimeout returns a pointer to a new Credentials object with
-// the specified command and timeout, and default duration and max buffer size.
-func NewCredentialsTimeout(command string, timeout time.Duration) *credentials.Credentials {
-	p := NewCredentials(command, func(opt *ProcessProvider) {
-		opt.Timeout = timeout
-	})
-
-	return p
-}
-
-// NewCredentialsCommand returns a pointer to a new Credentials object with
-// the specified command, and default timeout, duration and max buffer size.
-func NewCredentialsCommand(command *exec.Cmd, options ...func(*ProcessProvider)) *credentials.Credentials {
-	p := &ProcessProvider{
-		command:    command,
-		Duration:   DefaultDuration,
-		Timeout:    DefaultTimeout,
-		MaxBufSize: DefaultBufSize,
-	}
-
-	for _, option := range options {
-		option(p)
-	}
-
-	return credentials.NewCredentials(p)
-}
-
-// A CredentialProcessResponse is the AWS credentials format that must be
-// returned when executing an external credential_process.
-type CredentialProcessResponse struct {
-	// As of this writing, the Version key must be set to 1. This might
-	// increment over time as the structure evolves.
-	Version int
-
-	// The access key ID that identifies the temporary security credentials.
-	AccessKeyID string `json:"AccessKeyId"`
-
-	// The secret access key that can be used to sign requests.
-	SecretAccessKey string
-
-	// The token that users must pass to the service API to use the temporary credentials.
-	SessionToken string
-
-	// The date on which the current credentials expire.
-	Expiration *time.Time
-}
-
-// Retrieve executes the 'credential_process' and returns the credentials.
-func (p *ProcessProvider) Retrieve() (credentials.Value, error) {
-	out, err := p.executeCredentialProcess()
-	if err != nil {
-		return credentials.Value{ProviderName: ProviderName}, err
-	}
-
-	// Serialize and validate response
-	resp := &CredentialProcessResponse{}
-	if err = json.Unmarshal(out, resp); err != nil {
-		return credentials.Value{ProviderName: ProviderName}, awserr.New(
-			ErrCodeProcessProviderParse,
-			fmt.Sprintf("%s: %s", errMsgProcessProviderParse, string(out)),
-			err)
-	}
-
-	if resp.Version != 1 {
-		return credentials.Value{ProviderName: ProviderName}, awserr.New(
-			ErrCodeProcessProviderVersion,
-			errMsgProcessProviderVersion,
-			nil)
-	}
-
-	if len(resp.AccessKeyID) == 0 {
-		return credentials.Value{ProviderName: ProviderName}, awserr.New(
-			ErrCodeProcessProviderRequired,
-			errMsgProcessProviderMissKey,
-			nil)
-	}
-
-	if len(resp.SecretAccessKey) == 0 {
-		return credentials.Value{ProviderName: ProviderName}, awserr.New(
-			ErrCodeProcessProviderRequired,
-			errMsgProcessProviderMissSecret,
-			nil)
-	}
-
-	// Handle expiration
-	p.staticCreds = resp.Expiration == nil
-	if resp.Expiration != nil {
-		p.SetExpiration(*resp.Expiration, p.ExpiryWindow)
-	}
-
-	return credentials.Value{
-		ProviderName:    ProviderName,
-		AccessKeyID:     resp.AccessKeyID,
-		SecretAccessKey: resp.SecretAccessKey,
-		SessionToken:    resp.SessionToken,
-	}, nil
-}
-
-// IsExpired returns true if the credentials retrieved are expired, or not yet
-// retrieved.
-func (p *ProcessProvider) IsExpired() bool {
-	if p.staticCreds {
-		return false
-	}
-	return p.Expiry.IsExpired()
-}
-
-// prepareCommand prepares the command to be executed.
-func (p *ProcessProvider) prepareCommand() error {
-
-	var cmdArgs []string
-	if runtime.GOOS == "windows" {
-		cmdArgs = []string{"cmd.exe", "/C"}
-	} else {
-		cmdArgs = []string{"sh", "-c"}
-	}
-
-	if len(p.originalCommand) == 0 {
-		p.originalCommand = make([]string, len(p.command.Args))
-		copy(p.originalCommand, p.command.Args)
-
-		// check for empty command because it succeeds
-		if len(strings.TrimSpace(p.originalCommand[0])) < 1 {
-			return awserr.New(
-				ErrCodeProcessProviderExecution,
-				fmt.Sprintf(
-					"%s: %s",
-					errMsgProcessProviderPrepareCmd,
-					errMsgProcessProviderEmptyCmd),
-				nil)
-		}
-	}
-
-	cmdArgs = append(cmdArgs, p.originalCommand...)
-	p.command = exec.Command(cmdArgs[0], cmdArgs[1:]...)
-	p.command.Env = os.Environ()
-
-	return nil
-}
-
-// executeCredentialProcess starts the credential process on the OS and
-// returns the results or an error.
-func (p *ProcessProvider) executeCredentialProcess() ([]byte, error) {
-
-	if err := p.prepareCommand(); err != nil {
-		return nil, err
-	}
-
-	// Setup the pipes
-	outReadPipe, outWritePipe, err := os.Pipe()
-	if err != nil {
-		return nil, awserr.New(
-			ErrCodeProcessProviderExecution,
-			errMsgProcessProviderPipe,
-			err)
-	}
-
-	p.command.Stderr = os.Stderr    // display stderr on console for MFA
-	p.command.Stdout = outWritePipe // get creds json on process's stdout
-	p.command.Stdin = os.Stdin      // enable stdin for MFA
-
-	output := bytes.NewBuffer(make([]byte, 0, p.MaxBufSize))
-
-	stdoutCh := make(chan error, 1)
-	go readInput(
-		io.LimitReader(outReadPipe, int64(p.MaxBufSize)),
-		output,
-		stdoutCh)
-
-	execCh := make(chan error, 1)
-	go executeCommand(*p.command, execCh)
-
-	finished := false
-	var errors []error
-	for !finished {
-		select {
-		case readError := <-stdoutCh:
-			errors = appendError(errors, readError)
-			finished = true
-		case execError := <-execCh:
-			err := outWritePipe.Close()
-			errors = appendError(errors, err)
-			errors = appendError(errors, execError)
-			if errors != nil {
-				return output.Bytes(), awserr.NewBatchError(
-					ErrCodeProcessProviderExecution,
-					errMsgProcessProviderProcess,
-					errors)
-			}
-		case <-time.After(p.Timeout):
-			finished = true
-			return output.Bytes(), awserr.NewBatchError(
-				ErrCodeProcessProviderExecution,
-				errMsgProcessProviderTimeout,
-				errors) // errors can be nil
-		}
-	}
-
-	out := output.Bytes()
-
-	if runtime.GOOS == "windows" {
-		// windows adds slashes to quotes
-		out = []byte(strings.Replace(string(out), `\"`, `"`, -1))
-	}
-
-	return out, nil
-}
-
-// appendError conveniently checks for nil before appending slice
-func appendError(errors []error, err error) []error {
-	if err != nil {
-		return append(errors, err)
-	}
-	return errors
-}
-
-func executeCommand(cmd exec.Cmd, exec chan error) {
-	// Start the command
-	err := cmd.Start()
-	if err == nil {
-		err = cmd.Wait()
-	}
-
-	exec <- err
-}
-
-func readInput(r io.Reader, w io.Writer, read chan error) {
-	tee := io.TeeReader(r, w)
-
-	_, err := ioutil.ReadAll(tee)
-
-	if err == io.EOF {
-		err = nil
-	}
-
-	read <- err // will only arrive here when write end of pipe is closed
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/shared_credentials_provider.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/shared_credentials_provider.go
deleted file mode 100644
index 22b5c5d9f..000000000
--- a/vendor/github.com/aws/aws-sdk-go/aws/credentials/shared_credentials_provider.go
+++ /dev/null
@@ -1,151 +0,0 @@
-package credentials
-
-import (
-	"fmt"
-	"os"
-
-	"github.com/aws/aws-sdk-go/aws/awserr"
-	"github.com/aws/aws-sdk-go/internal/ini"
-	"github.com/aws/aws-sdk-go/internal/shareddefaults"
-)
-
-// SharedCredsProviderName provides a name of SharedCreds provider
-const SharedCredsProviderName = "SharedCredentialsProvider"
-
-var (
-	// ErrSharedCredentialsHomeNotFound is emitted when the user directory cannot be found.
-	ErrSharedCredentialsHomeNotFound = awserr.New("UserHomeNotFound", "user home directory not found.", nil)
-)
-
-// A SharedCredentialsProvider retrieves access key pair (access key ID,
-// secret access key, and session token if present) credentials from the current
-// user's home directory, and keeps track if those credentials are expired.
-//
-// Profile ini file example: $HOME/.aws/credentials
-type SharedCredentialsProvider struct {
-	// Path to the shared credentials file.
-	//
-	// If empty will look for "AWS_SHARED_CREDENTIALS_FILE" env variable. If the
-	// env value is empty will default to current user's home directory.
-	// Linux/OSX: "$HOME/.aws/credentials"
-	// Windows:   "%USERPROFILE%\.aws\credentials"
-	Filename string
-
-	// AWS Profile to extract credentials from the shared credentials file. If empty
-	// will default to environment variable "AWS_PROFILE" or "default" if
-	// environment variable is also not set.
-	Profile string
-
-	// retrieved states if the credentials have been successfully retrieved.
-	retrieved bool
-}
-
-// NewSharedCredentials returns a pointer to a new Credentials object
-// wrapping the Profile file provider.
-func NewSharedCredentials(filename, profile string) *Credentials {
-	return NewCredentials(&SharedCredentialsProvider{
-		Filename: filename,
-		Profile:  profile,
-	})
-}
-
-// Retrieve reads and extracts the shared credentials from the current
-// users home directory.
-func (p *SharedCredentialsProvider) Retrieve() (Value, error) {
-	p.retrieved = false
-
-	filename, err := p.filename()
-	if err != nil {
-		return Value{ProviderName: SharedCredsProviderName}, err
-	}
-
-	creds, err := loadProfile(filename, p.profile())
-	if err != nil {
-		return Value{ProviderName: SharedCredsProviderName}, err
-	}
-
-	p.retrieved = true
-	return creds, nil
-}
-
-// IsExpired returns if the shared credentials have expired.
-func (p *SharedCredentialsProvider) IsExpired() bool {
-	return !p.retrieved
-}
-
-// loadProfiles loads from the file pointed to by shared credentials filename for profile.
-// The credentials retrieved from the profile will be returned or error. Error will be
-// returned if it fails to read from the file, or the data is invalid.
-func loadProfile(filename, profile string) (Value, error) {
-	config, err := ini.OpenFile(filename)
-	if err != nil {
-		return Value{ProviderName: SharedCredsProviderName}, awserr.New("SharedCredsLoad", "failed to load shared credentials file", err)
-	}
-
-	iniProfile, ok := config.GetSection(profile)
-	if !ok {
-		return Value{ProviderName: SharedCredsProviderName}, awserr.New("SharedCredsLoad", "failed to get profile", nil)
-	}
-
-	id := iniProfile.String("aws_access_key_id")
-	if len(id) == 0 {
-		return Value{ProviderName: SharedCredsProviderName}, awserr.New("SharedCredsAccessKey",
-			fmt.Sprintf("shared credentials %s in %s did not contain aws_access_key_id", profile, filename),
-			nil)
-	}
-
-	secret := iniProfile.String("aws_secret_access_key")
-	if len(secret) == 0 {
-		return Value{ProviderName: SharedCredsProviderName}, awserr.New("SharedCredsSecret",
-			fmt.Sprintf("shared credentials %s in %s did not contain aws_secret_access_key", profile, filename),
-			nil)
-	}
-
-	// Default to empty string if not found
-	token := iniProfile.String("aws_session_token")
-
-	return Value{
-		AccessKeyID:     id,
-		SecretAccessKey: secret,
-		SessionToken:    token,
-		ProviderName:    SharedCredsProviderName,
-	}, nil
-}
-
-// filename returns the filename to use to read AWS shared credentials.
-//
-// Will return an error if the user's home directory path cannot be found.
-func (p *SharedCredentialsProvider) filename() (string, error) {
-	if len(p.Filename) != 0 {
-		return p.Filename, nil
-	}
-
-	if p.Filename = os.Getenv("AWS_SHARED_CREDENTIALS_FILE"); len(p.Filename) != 0 {
-		return p.Filename, nil
-	}
-
-	if home := shareddefaults.UserHomeDir(); len(home) == 0 {
-		// Backwards compatibility of home directly not found error being returned.
-		// This error is too verbose, failure when opening the file would of been
-		// a better error to return.
-		return "", ErrSharedCredentialsHomeNotFound
-	}
-
-	p.Filename = shareddefaults.SharedCredentialsFilename()
-
-	return p.Filename, nil
-}
-
-// profile returns the AWS shared credentials profile.  If empty will read
-// environment variable "AWS_PROFILE". If that is not set profile will
-// return "default".
-func (p *SharedCredentialsProvider) profile() string {
-	if p.Profile == "" {
-		p.Profile = os.Getenv("AWS_PROFILE")
-	}
-	if p.Profile == "" {
-		p.Profile = "default"
-	}
-
-	return p.Profile
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/ssocreds/doc.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/ssocreds/doc.go
deleted file mode 100644
index 18c940ab3..000000000
--- a/vendor/github.com/aws/aws-sdk-go/aws/credentials/ssocreds/doc.go
+++ /dev/null
@@ -1,60 +0,0 @@
-// Package ssocreds provides a credential provider for retrieving temporary AWS credentials using an SSO access token.
-//
-// IMPORTANT: The provider in this package does not initiate or perform the AWS SSO login flow. The SDK provider
-// expects that you have already performed the SSO login flow using AWS CLI using the "aws sso login" command, or by
-// some other mechanism. The provider must find a valid non-expired access token for the AWS SSO user portal URL in
-// ~/.aws/sso/cache. If a cached token is not found, it is expired, or the file is malformed an error will be returned.
-//
-// Loading AWS SSO credentials with the AWS shared configuration file
-//
-// You can use configure AWS SSO credentials from the AWS shared configuration file by
-// providing the specifying the required keys in the profile:
-//
-//  sso_account_id
-//  sso_region
-//  sso_role_name
-//  sso_start_url
-//
-// For example, the following defines a profile "devsso" and specifies the AWS SSO parameters that defines the target
-// account, role, sign-on portal, and the region where the user portal is located. Note: all SSO arguments must be
-// provided, or an error will be returned.
-//
-//  [profile devsso]
-//  sso_start_url = https://my-sso-portal.awsapps.com/start
-//  sso_role_name = SSOReadOnlyRole
-//  sso_region = us-east-1
-//  sso_account_id = 123456789012
-//
-// Using the config module, you can load the AWS SDK shared configuration, and specify that this profile be used to
-// retrieve credentials. For example:
-//
-//  sess, err := session.NewSessionWithOptions(session.Options{
-//      SharedConfigState: session.SharedConfigEnable,
-//      Profile:           "devsso",
-//  })
-//  if err != nil {
-//      return err
-//  }
-//
-// Programmatically loading AWS SSO credentials directly
-//
-// You can programmatically construct the AWS SSO Provider in your application, and provide the necessary information
-// to load and retrieve temporary credentials using an access token from ~/.aws/sso/cache.
-//
-//  svc := sso.New(sess, &aws.Config{
-//      Region: aws.String("us-west-2"), // Client Region must correspond to the AWS SSO user portal region
-//  })
-//
-//  provider := ssocreds.NewCredentialsWithClient(svc, "123456789012", "SSOReadOnlyRole", "https://my-sso-portal.awsapps.com/start")
-//
-//  credentials, err := provider.Get()
-//  if err != nil {
-//      return err
-//  }
-//
-// Additional Resources
-//
-// Configuring the AWS CLI to use AWS Single Sign-On: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sso.html
-//
-// AWS Single Sign-On User Guide: https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html
-package ssocreds
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/ssocreds/os.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/ssocreds/os.go
deleted file mode 100644
index d4df39a7a..000000000
--- a/vendor/github.com/aws/aws-sdk-go/aws/credentials/ssocreds/os.go
+++ /dev/null
@@ -1,10 +0,0 @@
-//go:build !windows
-// +build !windows
-
-package ssocreds
-
-import "os"
-
-func getHomeDirectory() string {
-	return os.Getenv("HOME")
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/ssocreds/os_windows.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/ssocreds/os_windows.go
deleted file mode 100644
index eb48f61e5..000000000
--- a/vendor/github.com/aws/aws-sdk-go/aws/credentials/ssocreds/os_windows.go
+++ /dev/null
@@ -1,7 +0,0 @@
-package ssocreds
-
-import "os"
-
-func getHomeDirectory() string {
-	return os.Getenv("USERPROFILE")
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/ssocreds/provider.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/ssocreds/provider.go
deleted file mode 100644
index 6eda2a555..000000000
--- a/vendor/github.com/aws/aws-sdk-go/aws/credentials/ssocreds/provider.go
+++ /dev/null
@@ -1,180 +0,0 @@
-package ssocreds
-
-import (
-	"crypto/sha1"
-	"encoding/hex"
-	"encoding/json"
-	"fmt"
-	"io/ioutil"
-	"path/filepath"
-	"strings"
-	"time"
-
-	"github.com/aws/aws-sdk-go/aws"
-	"github.com/aws/aws-sdk-go/aws/awserr"
-	"github.com/aws/aws-sdk-go/aws/client"
-	"github.com/aws/aws-sdk-go/aws/credentials"
-	"github.com/aws/aws-sdk-go/service/sso"
-	"github.com/aws/aws-sdk-go/service/sso/ssoiface"
-)
-
-// ErrCodeSSOProviderInvalidToken is the code type that is returned if loaded token has expired or is otherwise invalid.
-// To refresh the SSO session run aws sso login with the corresponding profile.
-const ErrCodeSSOProviderInvalidToken = "SSOProviderInvalidToken"
-
-const invalidTokenMessage = "the SSO session has expired or is invalid"
-
-func init() {
-	nowTime = time.Now
-	defaultCacheLocation = defaultCacheLocationImpl
-}
-
-var nowTime func() time.Time
-
-// ProviderName is the name of the provider used to specify the source of credentials.
-const ProviderName = "SSOProvider"
-
-var defaultCacheLocation func() string
-
-func defaultCacheLocationImpl() string {
-	return filepath.Join(getHomeDirectory(), ".aws", "sso", "cache")
-}
-
-// Provider is an AWS credential provider that retrieves temporary AWS credentials by exchanging an SSO login token.
-type Provider struct {
-	credentials.Expiry
-
-	// The Client which is configured for the AWS Region where the AWS SSO user portal is located.
-	Client ssoiface.SSOAPI
-
-	// The AWS account that is assigned to the user.
-	AccountID string
-
-	// The role name that is assigned to the user.
-	RoleName string
-
-	// The URL that points to the organization's AWS Single Sign-On (AWS SSO) user portal.
-	StartURL string
-}
-
-// NewCredentials returns a new AWS Single Sign-On (AWS SSO) credential provider. The ConfigProvider is expected to be configured
-// for the AWS Region where the AWS SSO user portal is located.
-func NewCredentials(configProvider client.ConfigProvider, accountID, roleName, startURL string, optFns ...func(provider *Provider)) *credentials.Credentials {
-	return NewCredentialsWithClient(sso.New(configProvider), accountID, roleName, startURL, optFns...)
-}
-
-// NewCredentialsWithClient returns a new AWS Single Sign-On (AWS SSO) credential provider. The provided client is expected to be configured
-// for the AWS Region where the AWS SSO user portal is located.
-func NewCredentialsWithClient(client ssoiface.SSOAPI, accountID, roleName, startURL string, optFns ...func(provider *Provider)) *credentials.Credentials {
-	p := &Provider{
-		Client:    client,
-		AccountID: accountID,
-		RoleName:  roleName,
-		StartURL:  startURL,
-	}
-
-	for _, fn := range optFns {
-		fn(p)
-	}
-
-	return credentials.NewCredentials(p)
-}
-
-// Retrieve retrieves temporary AWS credentials from the configured Amazon Single Sign-On (AWS SSO) user portal
-// by exchanging the accessToken present in ~/.aws/sso/cache.
-func (p *Provider) Retrieve() (credentials.Value, error) {
-	return p.RetrieveWithContext(aws.BackgroundContext())
-}
-
-// RetrieveWithContext retrieves temporary AWS credentials from the configured Amazon Single Sign-On (AWS SSO) user portal
-// by exchanging the accessToken present in ~/.aws/sso/cache.
-func (p *Provider) RetrieveWithContext(ctx credentials.Context) (credentials.Value, error) {
-	tokenFile, err := loadTokenFile(p.StartURL)
-	if err != nil {
-		return credentials.Value{}, err
-	}
-
-	output, err := p.Client.GetRoleCredentialsWithContext(ctx, &sso.GetRoleCredentialsInput{
-		AccessToken: &tokenFile.AccessToken,
-		AccountId:   &p.AccountID,
-		RoleName:    &p.RoleName,
-	})
-	if err != nil {
-		return credentials.Value{}, err
-	}
-
-	expireTime := time.Unix(0, aws.Int64Value(output.RoleCredentials.Expiration)*int64(time.Millisecond)).UTC()
-	p.SetExpiration(expireTime, 0)
-
-	return credentials.Value{
-		AccessKeyID:     aws.StringValue(output.RoleCredentials.AccessKeyId),
-		SecretAccessKey: aws.StringValue(output.RoleCredentials.SecretAccessKey),
-		SessionToken:    aws.StringValue(output.RoleCredentials.SessionToken),
-		ProviderName:    ProviderName,
-	}, nil
-}
-
-func getCacheFileName(url string) (string, error) {
-	hash := sha1.New()
-	_, err := hash.Write([]byte(url))
-	if err != nil {
-		return "", err
-	}
-	return strings.ToLower(hex.EncodeToString(hash.Sum(nil))) + ".json", nil
-}
-
-type rfc3339 time.Time
-
-func (r *rfc3339) UnmarshalJSON(bytes []byte) error {
-	var value string
-
-	if err := json.Unmarshal(bytes, &value); err != nil {
-		return err
-	}
-
-	parse, err := time.Parse(time.RFC3339, value)
-	if err != nil {
-		return fmt.Errorf("expected RFC3339 timestamp: %v", err)
-	}
-
-	*r = rfc3339(parse)
-
-	return nil
-}
-
-type token struct {
-	AccessToken string  `json:"accessToken"`
-	ExpiresAt   rfc3339 `json:"expiresAt"`
-	Region      string  `json:"region,omitempty"`
-	StartURL    string  `json:"startUrl,omitempty"`
-}
-
-func (t token) Expired() bool {
-	return nowTime().Round(0).After(time.Time(t.ExpiresAt))
-}
-
-func loadTokenFile(startURL string) (t token, err error) {
-	key, err := getCacheFileName(startURL)
-	if err != nil {
-		return token{}, awserr.New(ErrCodeSSOProviderInvalidToken, invalidTokenMessage, err)
-	}
-
-	fileBytes, err := ioutil.ReadFile(filepath.Join(defaultCacheLocation(), key))
-	if err != nil {
-		return token{}, awserr.New(ErrCodeSSOProviderInvalidToken, invalidTokenMessage, err)
-	}
-
-	if err := json.Unmarshal(fileBytes, &t); err != nil {
-		return token{}, awserr.New(ErrCodeSSOProviderInvalidToken, invalidTokenMessage, err)
-	}
-
-	if len(t.AccessToken) == 0 {
-		return token{}, awserr.New(ErrCodeSSOProviderInvalidToken, invalidTokenMessage, nil)
-	}
-
-	if t.Expired() {
-		return token{}, awserr.New(ErrCodeSSOProviderInvalidToken, invalidTokenMessage, nil)
-	}
-
-	return t, nil
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/static_provider.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/static_provider.go
deleted file mode 100644
index cbba1e3d5..000000000
--- a/vendor/github.com/aws/aws-sdk-go/aws/credentials/static_provider.go
+++ /dev/null
@@ -1,57 +0,0 @@
-package credentials
-
-import (
-	"github.com/aws/aws-sdk-go/aws/awserr"
-)
-
-// StaticProviderName provides a name of Static provider
-const StaticProviderName = "StaticProvider"
-
-var (
-	// ErrStaticCredentialsEmpty is emitted when static credentials are empty.
-	ErrStaticCredentialsEmpty = awserr.New("EmptyStaticCreds", "static credentials are empty", nil)
-)
-
-// A StaticProvider is a set of credentials which are set programmatically,
-// and will never expire.
-type StaticProvider struct {
-	Value
-}
-
-// NewStaticCredentials returns a pointer to a new Credentials object
-// wrapping a static credentials value provider. Token is only required
-// for temporary security credentials retrieved via STS, otherwise an empty
-// string can be passed for this parameter.
-func NewStaticCredentials(id, secret, token string) *Credentials {
-	return NewCredentials(&StaticProvider{Value: Value{
-		AccessKeyID:     id,
-		SecretAccessKey: secret,
-		SessionToken:    token,
-	}})
-}
-
-// NewStaticCredentialsFromCreds returns a pointer to a new Credentials object
-// wrapping the static credentials value provide. Same as NewStaticCredentials
-// but takes the creds Value instead of individual fields
-func NewStaticCredentialsFromCreds(creds Value) *Credentials {
-	return NewCredentials(&StaticProvider{Value: creds})
-}
-
-// Retrieve returns the credentials or error if the credentials are invalid.
-func (s *StaticProvider) Retrieve() (Value, error) {
-	if s.AccessKeyID == "" || s.SecretAccessKey == "" {
-		return Value{ProviderName: StaticProviderName}, ErrStaticCredentialsEmpty
-	}
-
-	if len(s.Value.ProviderName) == 0 {
-		s.Value.ProviderName = StaticProviderName
-	}
-	return s.Value, nil
-}
-
-// IsExpired returns if the credentials are expired.
-//
-// For StaticProvider, the credentials never expired.
-func (s *StaticProvider) IsExpired() bool {
-	return false
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/assume_role_provider.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/assume_role_provider.go
deleted file mode 100644
index 86db488de..000000000
--- a/vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/assume_role_provider.go
+++ /dev/null
@@ -1,371 +0,0 @@
-/*
-Package stscreds are credential Providers to retrieve STS AWS credentials.
-
-STS provides multiple ways to retrieve credentials which can be used when making
-future AWS service API operation calls.
-
-The SDK will ensure that per instance of credentials.Credentials all requests
-to refresh the credentials will be synchronized. But, the SDK is unable to
-ensure synchronous usage of the AssumeRoleProvider if the value is shared
-between multiple Credentials, Sessions or service clients.
-
-# Assume Role
-
-To assume an IAM role using STS with the SDK you can create a new Credentials
-with the SDKs's stscreds package.
-
-	// Initial credentials loaded from SDK's default credential chain. Such as
-	// the environment, shared credentials (~/.aws/credentials), or EC2 Instance
-	// Role. These credentials will be used to to make the STS Assume Role API.
-	sess := session.Must(session.NewSession())
-
-	// Create the credentials from AssumeRoleProvider to assume the role
-	// referenced by the "myRoleARN" ARN.
-	creds := stscreds.NewCredentials(sess, "myRoleArn")
-
-	// Create service client value configured for credentials
-	// from assumed role.
-	svc := s3.New(sess, &aws.Config{Credentials: creds})
-
-# Assume Role with static MFA Token
-
-To assume an IAM role with a MFA token you can either specify a MFA token code
-directly or provide a function to prompt the user each time the credentials
-need to refresh the role's credentials. Specifying the TokenCode should be used
-for short lived operations that will not need to be refreshed, and when you do
-not want to have direct control over the user provides their MFA token.
-
-With TokenCode the AssumeRoleProvider will be not be able to refresh the role's
-credentials.
-
-	// Create the credentials from AssumeRoleProvider to assume the role
-	// referenced by the "myRoleARN" ARN using the MFA token code provided.
-	creds := stscreds.NewCredentials(sess, "myRoleArn", func(p *stscreds.AssumeRoleProvider) {
-		p.SerialNumber = aws.String("myTokenSerialNumber")
-		p.TokenCode = aws.String("00000000")
-	})
-
-	// Create service client value configured for credentials
-	// from assumed role.
-	svc := s3.New(sess, &aws.Config{Credentials: creds})
-
-# Assume Role with MFA Token Provider
-
-To assume an IAM role with MFA for longer running tasks where the credentials
-may need to be refreshed setting the TokenProvider field of AssumeRoleProvider
-will allow the credential provider to prompt for new MFA token code when the
-role's credentials need to be refreshed.
-
-The StdinTokenProvider function is available to prompt on stdin to retrieve
-the MFA token code from the user. You can also implement custom prompts by
-satisfing the TokenProvider function signature.
-
-Using StdinTokenProvider with multiple AssumeRoleProviders, or Credentials will
-have undesirable results as the StdinTokenProvider will not be synchronized. A
-single Credentials with an AssumeRoleProvider can be shared safely.
-
-	// Create the credentials from AssumeRoleProvider to assume the role
-	// referenced by the "myRoleARN" ARN. Prompting for MFA token from stdin.
-	creds := stscreds.NewCredentials(sess, "myRoleArn", func(p *stscreds.AssumeRoleProvider) {
-		p.SerialNumber = aws.String("myTokenSerialNumber")
-		p.TokenProvider = stscreds.StdinTokenProvider
-	})
-
-	// Create service client value configured for credentials
-	// from assumed role.
-	svc := s3.New(sess, &aws.Config{Credentials: creds})
-*/
-package stscreds
-
-import (
-	"fmt"
-	"os"
-	"time"
-
-	"github.com/aws/aws-sdk-go/aws"
-	"github.com/aws/aws-sdk-go/aws/awserr"
-	"github.com/aws/aws-sdk-go/aws/client"
-	"github.com/aws/aws-sdk-go/aws/credentials"
-	"github.com/aws/aws-sdk-go/aws/request"
-	"github.com/aws/aws-sdk-go/internal/sdkrand"
-	"github.com/aws/aws-sdk-go/service/sts"
-)
-
-// StdinTokenProvider will prompt on stderr and read from stdin for a string value.
-// An error is returned if reading from stdin fails.
-//
-// Use this function to read MFA tokens from stdin. The function makes no attempt
-// to make atomic prompts from stdin across multiple gorouties.
-//
-// Using StdinTokenProvider with multiple AssumeRoleProviders, or Credentials will
-// have undesirable results as the StdinTokenProvider will not be synchronized. A
-// single Credentials with an AssumeRoleProvider can be shared safely
-//
-// Will wait forever until something is provided on the stdin.
-func StdinTokenProvider() (string, error) {
-	var v string
-	fmt.Fprintf(os.Stderr, "Assume Role MFA token code: ")
-	_, err := fmt.Scanln(&v)
-
-	return v, err
-}
-
-// ProviderName provides a name of AssumeRole provider
-const ProviderName = "AssumeRoleProvider"
-
-// AssumeRoler represents the minimal subset of the STS client API used by this provider.
-type AssumeRoler interface {
-	AssumeRole(input *sts.AssumeRoleInput) (*sts.AssumeRoleOutput, error)
-}
-
-type assumeRolerWithContext interface {
-	AssumeRoleWithContext(aws.Context, *sts.AssumeRoleInput, ...request.Option) (*sts.AssumeRoleOutput, error)
-}
-
-// DefaultDuration is the default amount of time in minutes that the credentials
-// will be valid for.
-var DefaultDuration = time.Duration(15) * time.Minute
-
-// AssumeRoleProvider retrieves temporary credentials from the STS service, and
-// keeps track of their expiration time.
-//
-// This credential provider will be used by the SDKs default credential change
-// when shared configuration is enabled, and the shared config or shared credentials
-// file configure assume role. See Session docs for how to do this.
-//
-// AssumeRoleProvider does not provide any synchronization and it is not safe
-// to share this value across multiple Credentials, Sessions, or service clients
-// without also sharing the same Credentials instance.
-type AssumeRoleProvider struct {
-	credentials.Expiry
-
-	// STS client to make assume role request with.
-	Client AssumeRoler
-
-	// Role to be assumed.
-	RoleARN string
-
-	// Session name, if you wish to reuse the credentials elsewhere.
-	RoleSessionName string
-
-	// Optional, you can pass tag key-value pairs to your session. These tags are called session tags.
-	Tags []*sts.Tag
-
-	// A list of keys for session tags that you want to set as transitive.
-	// If you set a tag key as transitive, the corresponding key and value passes to subsequent sessions in a role chain.
-	TransitiveTagKeys []*string
-
-	// Expiry duration of the STS credentials. Defaults to 15 minutes if not set.
-	Duration time.Duration
-
-	// Optional ExternalID to pass along, defaults to nil if not set.
-	ExternalID *string
-
-	// The policy plain text must be 2048 bytes or shorter. However, an internal
-	// conversion compresses it into a packed binary format with a separate limit.
-	// The PackedPolicySize response element indicates by percentage how close to
-	// the upper size limit the policy is, with 100% equaling the maximum allowed
-	// size.
-	Policy *string
-
-	// The ARNs of IAM managed policies you want to use as managed session policies.
-	// The policies must exist in the same account as the role.
-	//
-	// This parameter is optional. You can provide up to 10 managed policy ARNs.
-	// However, the plain text that you use for both inline and managed session
-	// policies can't exceed 2,048 characters.
-	//
-	// An AWS conversion compresses the passed session policies and session tags
-	// into a packed binary format that has a separate limit. Your request can fail
-	// for this limit even if your plain text meets the other requirements. The
-	// PackedPolicySize response element indicates by percentage how close the policies
-	// and tags for your request are to the upper size limit.
-	//
-	// Passing policies to this operation returns new temporary credentials. The
-	// resulting session's permissions are the intersection of the role's identity-based
-	// policy and the session policies. You can use the role's temporary credentials
-	// in subsequent AWS API calls to access resources in the account that owns
-	// the role. You cannot use session policies to grant more permissions than
-	// those allowed by the identity-based policy of the role that is being assumed.
-	// For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
-	// in the IAM User Guide.
-	PolicyArns []*sts.PolicyDescriptorType
-
-	// The identification number of the MFA device that is associated with the user
-	// who is making the AssumeRole call. Specify this value if the trust policy
-	// of the role being assumed includes a condition that requires MFA authentication.
-	// The value is either the serial number for a hardware device (such as GAHT12345678)
-	// or an Amazon Resource Name (ARN) for a virtual device (such as arn:aws:iam::123456789012:mfa/user).
-	SerialNumber *string
-
-	// The SourceIdentity which is used to identity a persistent identity through the whole session.
-	// For more details see https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html
-	SourceIdentity *string
-
-	// The value provided by the MFA device, if the trust policy of the role being
-	// assumed requires MFA (that is, if the policy includes a condition that tests
-	// for MFA). If the role being assumed requires MFA and if the TokenCode value
-	// is missing or expired, the AssumeRole call returns an "access denied" error.
-	//
-	// If SerialNumber is set and neither TokenCode nor TokenProvider are also
-	// set an error will be returned.
-	TokenCode *string
-
-	// Async method of providing MFA token code for assuming an IAM role with MFA.
-	// The value returned by the function will be used as the TokenCode in the Retrieve
-	// call. See StdinTokenProvider for a provider that prompts and reads from stdin.
-	//
-	// This token provider will be called when ever the assumed role's
-	// credentials need to be refreshed when SerialNumber is also set and
-	// TokenCode is not set.
-	//
-	// If both TokenCode and TokenProvider is set, TokenProvider will be used and
-	// TokenCode is ignored.
-	TokenProvider func() (string, error)
-
-	// ExpiryWindow will allow the credentials to trigger refreshing prior to
-	// the credentials actually expiring. This is beneficial so race conditions
-	// with expiring credentials do not cause request to fail unexpectedly
-	// due to ExpiredTokenException exceptions.
-	//
-	// So a ExpiryWindow of 10s would cause calls to IsExpired() to return true
-	// 10 seconds before the credentials are actually expired.
-	//
-	// If ExpiryWindow is 0 or less it will be ignored.
-	ExpiryWindow time.Duration
-
-	// MaxJitterFrac reduces the effective Duration of each credential requested
-	// by a random percentage between 0 and MaxJitterFraction. MaxJitterFrac must
-	// have a value between 0 and 1. Any other value may lead to expected behavior.
-	// With a MaxJitterFrac value of 0, default) will no jitter will be used.
-	//
-	// For example, with a Duration of 30m and a MaxJitterFrac of 0.1, the
-	// AssumeRole call will be made with an arbitrary Duration between 27m and
-	// 30m.
-	//
-	// MaxJitterFrac should not be negative.
-	MaxJitterFrac float64
-}
-
-// NewCredentials returns a pointer to a new Credentials value wrapping the
-// AssumeRoleProvider. The credentials will expire every 15 minutes and the
-// role will be named after a nanosecond timestamp of this operation. The
-// Credentials value will attempt to refresh the credentials using the provider
-// when Credentials.Get is called, if the cached credentials are expiring.
-//
-// Takes a Config provider to create the STS client. The ConfigProvider is
-// satisfied by the session.Session type.
-//
-// It is safe to share the returned Credentials with multiple Sessions and
-// service clients. All access to the credentials and refreshing them
-// will be synchronized.
-func NewCredentials(c client.ConfigProvider, roleARN string, options ...func(*AssumeRoleProvider)) *credentials.Credentials {
-	p := &AssumeRoleProvider{
-		Client:   sts.New(c),
-		RoleARN:  roleARN,
-		Duration: DefaultDuration,
-	}
-
-	for _, option := range options {
-		option(p)
-	}
-
-	return credentials.NewCredentials(p)
-}
-
-// NewCredentialsWithClient returns a pointer to a new Credentials value wrapping the
-// AssumeRoleProvider. The credentials will expire every 15 minutes and the
-// role will be named after a nanosecond timestamp of this operation. The
-// Credentials value will attempt to refresh the credentials using the provider
-// when Credentials.Get is called, if the cached credentials are expiring.
-//
-// Takes an AssumeRoler which can be satisfied by the STS client.
-//
-// It is safe to share the returned Credentials with multiple Sessions and
-// service clients. All access to the credentials and refreshing them
-// will be synchronized.
-func NewCredentialsWithClient(svc AssumeRoler, roleARN string, options ...func(*AssumeRoleProvider)) *credentials.Credentials {
-	p := &AssumeRoleProvider{
-		Client:   svc,
-		RoleARN:  roleARN,
-		Duration: DefaultDuration,
-	}
-
-	for _, option := range options {
-		option(p)
-	}
-
-	return credentials.NewCredentials(p)
-}
-
-// Retrieve generates a new set of temporary credentials using STS.
-func (p *AssumeRoleProvider) Retrieve() (credentials.Value, error) {
-	return p.RetrieveWithContext(aws.BackgroundContext())
-}
-
-// RetrieveWithContext generates a new set of temporary credentials using STS.
-func (p *AssumeRoleProvider) RetrieveWithContext(ctx credentials.Context) (credentials.Value, error) {
-	// Apply defaults where parameters are not set.
-	if p.RoleSessionName == "" {
-		// Try to work out a role name that will hopefully end up unique.
-		p.RoleSessionName = fmt.Sprintf("%d", time.Now().UTC().UnixNano())
-	}
-	if p.Duration == 0 {
-		// Expire as often as AWS permits.
-		p.Duration = DefaultDuration
-	}
-	jitter := time.Duration(sdkrand.SeededRand.Float64() * p.MaxJitterFrac * float64(p.Duration))
-	input := &sts.AssumeRoleInput{
-		DurationSeconds:   aws.Int64(int64((p.Duration - jitter) / time.Second)),
-		RoleArn:           aws.String(p.RoleARN),
-		RoleSessionName:   aws.String(p.RoleSessionName),
-		ExternalId:        p.ExternalID,
-		Tags:              p.Tags,
-		PolicyArns:        p.PolicyArns,
-		TransitiveTagKeys: p.TransitiveTagKeys,
-		SourceIdentity:    p.SourceIdentity,
-	}
-	if p.Policy != nil {
-		input.Policy = p.Policy
-	}
-	if p.SerialNumber != nil {
-		if p.TokenCode != nil {
-			input.SerialNumber = p.SerialNumber
-			input.TokenCode = p.TokenCode
-		} else if p.TokenProvider != nil {
-			input.SerialNumber = p.SerialNumber
-			code, err := p.TokenProvider()
-			if err != nil {
-				return credentials.Value{ProviderName: ProviderName}, err
-			}
-			input.TokenCode = aws.String(code)
-		} else {
-			return credentials.Value{ProviderName: ProviderName},
-				awserr.New("AssumeRoleTokenNotAvailable",
-					"assume role with MFA enabled, but neither TokenCode nor TokenProvider are set", nil)
-		}
-	}
-
-	var roleOutput *sts.AssumeRoleOutput
-	var err error
-
-	if c, ok := p.Client.(assumeRolerWithContext); ok {
-		roleOutput, err = c.AssumeRoleWithContext(ctx, input)
-	} else {
-		roleOutput, err = p.Client.AssumeRole(input)
-	}
-
-	if err != nil {
-		return credentials.Value{ProviderName: ProviderName}, err
-	}
-
-	// We will proactively generate new credentials before they expire.
-	p.SetExpiration(*roleOutput.Credentials.Expiration, p.ExpiryWindow)
-
-	return credentials.Value{
-		AccessKeyID:     *roleOutput.Credentials.AccessKeyId,
-		SecretAccessKey: *roleOutput.Credentials.SecretAccessKey,
-		SessionToken:    *roleOutput.Credentials.SessionToken,
-		ProviderName:    ProviderName,
-	}, nil
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/web_identity_provider.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/web_identity_provider.go
deleted file mode 100644
index 19ad619aa..000000000
--- a/vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/web_identity_provider.go
+++ /dev/null
@@ -1,182 +0,0 @@
-package stscreds
-
-import (
-	"fmt"
-	"io/ioutil"
-	"strconv"
-	"time"
-
-	"github.com/aws/aws-sdk-go/aws"
-	"github.com/aws/aws-sdk-go/aws/awserr"
-	"github.com/aws/aws-sdk-go/aws/client"
-	"github.com/aws/aws-sdk-go/aws/credentials"
-	"github.com/aws/aws-sdk-go/service/sts"
-	"github.com/aws/aws-sdk-go/service/sts/stsiface"
-)
-
-const (
-	// ErrCodeWebIdentity will be used as an error code when constructing
-	// a new error to be returned during session creation or retrieval.
-	ErrCodeWebIdentity = "WebIdentityErr"
-
-	// WebIdentityProviderName is the web identity provider name
-	WebIdentityProviderName = "WebIdentityCredentials"
-)
-
-// now is used to return a time.Time object representing
-// the current time. This can be used to easily test and
-// compare test values.
-var now = time.Now
-
-// TokenFetcher should return WebIdentity token bytes or an error
-type TokenFetcher interface {
-	FetchToken(credentials.Context) ([]byte, error)
-}
-
-// FetchTokenPath is a path to a WebIdentity token file
-type FetchTokenPath string
-
-// FetchToken returns a token by reading from the filesystem
-func (f FetchTokenPath) FetchToken(ctx credentials.Context) ([]byte, error) {
-	data, err := ioutil.ReadFile(string(f))
-	if err != nil {
-		errMsg := fmt.Sprintf("unable to read file at %s", f)
-		return nil, awserr.New(ErrCodeWebIdentity, errMsg, err)
-	}
-	return data, nil
-}
-
-// WebIdentityRoleProvider is used to retrieve credentials using
-// an OIDC token.
-type WebIdentityRoleProvider struct {
-	credentials.Expiry
-
-	// The policy ARNs to use with the web identity assumed role.
-	PolicyArns []*sts.PolicyDescriptorType
-
-	// Duration the STS credentials will be valid for. Truncated to seconds.
-	// If unset, the assumed role will use AssumeRoleWithWebIdentity's default
-	// expiry duration. See
-	// https://docs.aws.amazon.com/sdk-for-go/api/service/sts/#STS.AssumeRoleWithWebIdentity
-	// for more information.
-	Duration time.Duration
-
-	// The amount of time the credentials will be refreshed before they expire.
-	// This is useful refresh credentials before they expire to reduce risk of
-	// using credentials as they expire. If unset, will default to no expiry
-	// window.
-	ExpiryWindow time.Duration
-
-	client stsiface.STSAPI
-
-	tokenFetcher    TokenFetcher
-	roleARN         string
-	roleSessionName string
-}
-
-// NewWebIdentityCredentials will return a new set of credentials with a given
-// configuration, role arn, and token file path.
-//
-// Deprecated: Use NewWebIdentityRoleProviderWithOptions for flexible
-// functional options, and wrap with credentials.NewCredentials helper.
-func NewWebIdentityCredentials(c client.ConfigProvider, roleARN, roleSessionName, path string) *credentials.Credentials {
-	svc := sts.New(c)
-	p := NewWebIdentityRoleProvider(svc, roleARN, roleSessionName, path)
-	return credentials.NewCredentials(p)
-}
-
-// NewWebIdentityRoleProvider will return a new WebIdentityRoleProvider with the
-// provided stsiface.STSAPI
-//
-// Deprecated: Use NewWebIdentityRoleProviderWithOptions for flexible
-// functional options.
-func NewWebIdentityRoleProvider(svc stsiface.STSAPI, roleARN, roleSessionName, path string) *WebIdentityRoleProvider {
-	return NewWebIdentityRoleProviderWithOptions(svc, roleARN, roleSessionName, FetchTokenPath(path))
-}
-
-// NewWebIdentityRoleProviderWithToken will return a new WebIdentityRoleProvider with the
-// provided stsiface.STSAPI and a TokenFetcher
-//
-// Deprecated: Use NewWebIdentityRoleProviderWithOptions for flexible
-// functional options.
-func NewWebIdentityRoleProviderWithToken(svc stsiface.STSAPI, roleARN, roleSessionName string, tokenFetcher TokenFetcher) *WebIdentityRoleProvider {
-	return NewWebIdentityRoleProviderWithOptions(svc, roleARN, roleSessionName, tokenFetcher)
-}
-
-// NewWebIdentityRoleProviderWithOptions will return an initialize
-// WebIdentityRoleProvider with the provided stsiface.STSAPI, role ARN, and a
-// TokenFetcher. Additional options can be provided as functional options.
-//
-// TokenFetcher is the implementation that will retrieve the JWT token from to
-// assume the role with. Use the provided FetchTokenPath implementation to
-// retrieve the JWT token using a file system path.
-func NewWebIdentityRoleProviderWithOptions(svc stsiface.STSAPI, roleARN, roleSessionName string, tokenFetcher TokenFetcher, optFns ...func(*WebIdentityRoleProvider)) *WebIdentityRoleProvider {
-	p := WebIdentityRoleProvider{
-		client:          svc,
-		tokenFetcher:    tokenFetcher,
-		roleARN:         roleARN,
-		roleSessionName: roleSessionName,
-	}
-
-	for _, fn := range optFns {
-		fn(&p)
-	}
-
-	return &p
-}
-
-// Retrieve will attempt to assume a role from a token which is located at
-// 'WebIdentityTokenFilePath' specified destination and if that is empty an
-// error will be returned.
-func (p *WebIdentityRoleProvider) Retrieve() (credentials.Value, error) {
-	return p.RetrieveWithContext(aws.BackgroundContext())
-}
-
-// RetrieveWithContext will attempt to assume a role from a token which is
-// located at 'WebIdentityTokenFilePath' specified destination and if that is
-// empty an error will be returned.
-func (p *WebIdentityRoleProvider) RetrieveWithContext(ctx credentials.Context) (credentials.Value, error) {
-	b, err := p.tokenFetcher.FetchToken(ctx)
-	if err != nil {
-		return credentials.Value{}, awserr.New(ErrCodeWebIdentity, "failed fetching WebIdentity token: ", err)
-	}
-
-	sessionName := p.roleSessionName
-	if len(sessionName) == 0 {
-		// session name is used to uniquely identify a session. This simply
-		// uses unix time in nanoseconds to uniquely identify sessions.
-		sessionName = strconv.FormatInt(now().UnixNano(), 10)
-	}
-
-	var duration *int64
-	if p.Duration != 0 {
-		duration = aws.Int64(int64(p.Duration / time.Second))
-	}
-
-	req, resp := p.client.AssumeRoleWithWebIdentityRequest(&sts.AssumeRoleWithWebIdentityInput{
-		PolicyArns:       p.PolicyArns,
-		RoleArn:          &p.roleARN,
-		RoleSessionName:  &sessionName,
-		WebIdentityToken: aws.String(string(b)),
-		DurationSeconds:  duration,
-	})
-
-	req.SetContext(ctx)
-
-	// InvalidIdentityToken error is a temporary error that can occur
-	// when assuming an Role with a JWT web identity token.
-	req.RetryErrorCodes = append(req.RetryErrorCodes, sts.ErrCodeInvalidIdentityTokenException)
-	if err := req.Send(); err != nil {
-		return credentials.Value{}, awserr.New(ErrCodeWebIdentity, "failed to retrieve credentials", err)
-	}
-
-	p.SetExpiration(aws.TimeValue(resp.Credentials.Expiration), p.ExpiryWindow)
-
-	value := credentials.Value{
-		AccessKeyID:     aws.StringValue(resp.Credentials.AccessKeyId),
-		SecretAccessKey: aws.StringValue(resp.Credentials.SecretAccessKey),
-		SessionToken:    aws.StringValue(resp.Credentials.SessionToken),
-		ProviderName:    WebIdentityProviderName,
-	}
-	return value, nil
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/csm/doc.go b/vendor/github.com/aws/aws-sdk-go/aws/csm/doc.go
deleted file mode 100644
index 25a66d1dd..000000000
--- a/vendor/github.com/aws/aws-sdk-go/aws/csm/doc.go
+++ /dev/null
@@ -1,69 +0,0 @@
-// Package csm provides the Client Side Monitoring (CSM) client which enables
-// sending metrics via UDP connection to the CSM agent. This package provides
-// control options, and configuration for the CSM client. The client can be
-// controlled manually, or automatically via the SDK's Session configuration.
-//
-// Enabling CSM client via SDK's Session configuration
-//
-// The CSM client can be enabled automatically via SDK's Session configuration.
-// The SDK's session configuration enables the CSM client if the AWS_CSM_PORT
-// environment variable is set to a non-empty value.
-//
-// The configuration options for the CSM client via the SDK's session
-// configuration are:
-//
-//	* AWS_CSM_PORT=<port number>
-//	  The port number the CSM agent will receive metrics on.
-//
-//	* AWS_CSM_HOST=<hostname or ip>
-//	  The hostname, or IP address the CSM agent will receive metrics on.
-//	  Without port number.
-//
-// Manually enabling the CSM client
-//
-// The CSM client can be started, paused, and resumed manually. The Start
-// function will enable the CSM client to publish metrics to the CSM agent. It
-// is safe to call Start concurrently, but if Start is called additional times
-// with different ClientID or address it will panic.
-//
-//		r, err := csm.Start("clientID", ":31000")
-//		if err != nil {
-//			panic(fmt.Errorf("failed starting CSM:  %v", err))
-//		}
-//
-// When controlling the CSM client manually, you must also inject its request
-// handlers into the SDK's Session configuration for the SDK's API clients to
-// publish metrics.
-//
-//		sess, err := session.NewSession(&aws.Config{})
-//		if err != nil {
-//			panic(fmt.Errorf("failed loading session: %v", err))
-//		}
-//
-//		// Add CSM client's metric publishing request handlers to the SDK's
-//		// Session Configuration.
-//		r.InjectHandlers(&sess.Handlers)
-//
-// Controlling CSM client
-//
-// Once the CSM client has been enabled the Get function will return a Reporter
-// value that you can use to pause and resume the metrics published to the CSM
-// agent. If Get function is called before the reporter is enabled with the
-// Start function or via SDK's Session configuration nil will be returned.
-//
-// The Pause method can be called to stop the CSM client publishing metrics to
-// the CSM agent. The Continue method will resume metric publishing.
-//
-//		// Get the CSM client Reporter.
-//		r := csm.Get()
-//
-//		// Will pause monitoring
-//		r.Pause()
-//		resp, err = client.GetObject(&s3.GetObjectInput{
-//			Bucket: aws.String("bucket"),
-//			Key: aws.String("key"),
-//		})
-//
-//		// Resume monitoring
-//		r.Continue()
-package csm
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/csm/enable.go b/vendor/github.com/aws/aws-sdk-go/aws/csm/enable.go
deleted file mode 100644
index 4b19e2800..000000000
--- a/vendor/github.com/aws/aws-sdk-go/aws/csm/enable.go
+++ /dev/null
@@ -1,89 +0,0 @@
-package csm
-
-import (
-	"fmt"
-	"strings"
-	"sync"
-)
-
-var (
-	lock sync.Mutex
-)
-
-const (
-	// DefaultPort is used when no port is specified.
-	DefaultPort = "31000"
-
-	// DefaultHost is the host that will be used when none is specified.
-	DefaultHost = "127.0.0.1"
-)
-
-// AddressWithDefaults returns a CSM address built from the host and port
-// values. If the host or port is not set, default values will be used
-// instead. If host is "localhost" it will be replaced with "127.0.0.1".
-func AddressWithDefaults(host, port string) string {
-	if len(host) == 0 || strings.EqualFold(host, "localhost") {
-		host = DefaultHost
-	}
-
-	if len(port) == 0 {
-		port = DefaultPort
-	}
-
-	// Only IP6 host can contain a colon
-	if strings.Contains(host, ":") {
-		return "[" + host + "]:" + port
-	}
-
-	return host + ":" + port
-}
-
-// Start will start a long running go routine to capture
-// client side metrics. Calling start multiple time will only
-// start the metric listener once and will panic if a different
-// client ID or port is passed in.
-//
-//		r, err := csm.Start("clientID", "127.0.0.1:31000")
-//		if err != nil {
-//			panic(fmt.Errorf("expected no error, but received %v", err))
-//		}
-//		sess := session.NewSession()
-//		r.InjectHandlers(sess.Handlers)
-//
-//		svc := s3.New(sess)
-//		out, err := svc.GetObject(&s3.GetObjectInput{
-//			Bucket: aws.String("bucket"),
-//			Key: aws.String("key"),
-//		})
-func Start(clientID string, url string) (*Reporter, error) {
-	lock.Lock()
-	defer lock.Unlock()
-
-	if sender == nil {
-		sender = newReporter(clientID, url)
-	} else {
-		if sender.clientID != clientID {
-			panic(fmt.Errorf("inconsistent client IDs. %q was expected, but received %q", sender.clientID, clientID))
-		}
-
-		if sender.url != url {
-			panic(fmt.Errorf("inconsistent URLs. %q was expected, but received %q", sender.url, url))
-		}
-	}
-
-	if err := connect(url); err != nil {
-		sender = nil
-		return nil, err
-	}
-
-	return sender, nil
-}
-
-// Get will return a reporter if one exists, if one does not exist, nil will
-// be returned.
-func Get() *Reporter {
-	lock.Lock()
-	defer lock.Unlock()
-
-	return sender
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/csm/metric.go b/vendor/github.com/aws/aws-sdk-go/aws/csm/metric.go
deleted file mode 100644
index 5bacc791a..000000000
--- a/vendor/github.com/aws/aws-sdk-go/aws/csm/metric.go
+++ /dev/null
@@ -1,109 +0,0 @@
-package csm
-
-import (
-	"strconv"
-	"time"
-
-	"github.com/aws/aws-sdk-go/aws"
-)
-
-type metricTime time.Time
-
-func (t metricTime) MarshalJSON() ([]byte, error) {
-	ns := time.Duration(time.Time(t).UnixNano())
-	return []byte(strconv.FormatInt(int64(ns/time.Millisecond), 10)), nil
-}
-
-type metric struct {
-	ClientID  *string     `json:"ClientId,omitempty"`
-	API       *string     `json:"Api,omitempty"`
-	Service   *string     `json:"Service,omitempty"`
-	Timestamp *metricTime `json:"Timestamp,omitempty"`
-	Type      *string     `json:"Type,omitempty"`
-	Version   *int        `json:"Version,omitempty"`
-
-	AttemptCount *int `json:"AttemptCount,omitempty"`
-	Latency      *int `json:"Latency,omitempty"`
-
-	Fqdn           *string `json:"Fqdn,omitempty"`
-	UserAgent      *string `json:"UserAgent,omitempty"`
-	AttemptLatency *int    `json:"AttemptLatency,omitempty"`
-
-	SessionToken   *string `json:"SessionToken,omitempty"`
-	Region         *string `json:"Region,omitempty"`
-	AccessKey      *string `json:"AccessKey,omitempty"`
-	HTTPStatusCode *int    `json:"HttpStatusCode,omitempty"`
-	XAmzID2        *string `json:"XAmzId2,omitempty"`
-	XAmzRequestID  *string `json:"XAmznRequestId,omitempty"`
-
-	AWSException        *string `json:"AwsException,omitempty"`
-	AWSExceptionMessage *string `json:"AwsExceptionMessage,omitempty"`
-	SDKException        *string `json:"SdkException,omitempty"`
-	SDKExceptionMessage *string `json:"SdkExceptionMessage,omitempty"`
-
-	FinalHTTPStatusCode      *int    `json:"FinalHttpStatusCode,omitempty"`
-	FinalAWSException        *string `json:"FinalAwsException,omitempty"`
-	FinalAWSExceptionMessage *string `json:"FinalAwsExceptionMessage,omitempty"`
-	FinalSDKException        *string `json:"FinalSdkException,omitempty"`
-	FinalSDKExceptionMessage *string `json:"FinalSdkExceptionMessage,omitempty"`
-
-	DestinationIP    *string `json:"DestinationIp,omitempty"`
-	ConnectionReused *int    `json:"ConnectionReused,omitempty"`
-
-	AcquireConnectionLatency *int `json:"AcquireConnectionLatency,omitempty"`
-	ConnectLatency           *int `json:"ConnectLatency,omitempty"`
-	RequestLatency           *int `json:"RequestLatency,omitempty"`
-	DNSLatency               *int `json:"DnsLatency,omitempty"`
-	TCPLatency               *int `json:"TcpLatency,omitempty"`
-	SSLLatency               *int `json:"SslLatency,omitempty"`
-
-	MaxRetriesExceeded *int `json:"MaxRetriesExceeded,omitempty"`
-}
-
-func (m *metric) TruncateFields() {
-	m.ClientID = truncateString(m.ClientID, 255)
-	m.UserAgent = truncateString(m.UserAgent, 256)
-
-	m.AWSException = truncateString(m.AWSException, 128)
-	m.AWSExceptionMessage = truncateString(m.AWSExceptionMessage, 512)
-
-	m.SDKException = truncateString(m.SDKException, 128)
-	m.SDKExceptionMessage = truncateString(m.SDKExceptionMessage, 512)
-
-	m.FinalAWSException = truncateString(m.FinalAWSException, 128)
-	m.FinalAWSExceptionMessage = truncateString(m.FinalAWSExceptionMessage, 512)
-
-	m.FinalSDKException = truncateString(m.FinalSDKException, 128)
-	m.FinalSDKExceptionMessage = truncateString(m.FinalSDKExceptionMessage, 512)
-}
-
-func truncateString(v *string, l int) *string {
-	if v != nil && len(*v) > l {
-		nv := (*v)[:l]
-		return &nv
-	}
-
-	return v
-}
-
-func (m *metric) SetException(e metricException) {
-	switch te := e.(type) {
-	case awsException:
-		m.AWSException = aws.String(te.exception)
-		m.AWSExceptionMessage = aws.String(te.message)
-	case sdkException:
-		m.SDKException = aws.String(te.exception)
-		m.SDKExceptionMessage = aws.String(te.message)
-	}
-}
-
-func (m *metric) SetFinalException(e metricException) {
-	switch te := e.(type) {
-	case awsException:
-		m.FinalAWSException = aws.String(te.exception)
-		m.FinalAWSExceptionMessage = aws.String(te.message)
-	case sdkException:
-		m.FinalSDKException = aws.String(te.exception)
-		m.FinalSDKExceptionMessage = aws.String(te.message)
-	}
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/csm/metric_chan.go b/vendor/github.com/aws/aws-sdk-go/aws/csm/metric_chan.go
deleted file mode 100644
index 82a3e345e..000000000
--- a/vendor/github.com/aws/aws-sdk-go/aws/csm/metric_chan.go
+++ /dev/null
@@ -1,55 +0,0 @@
-package csm
-
-import (
-	"sync/atomic"
-)
-
-const (
-	runningEnum = iota
-	pausedEnum
-)
-
-var (
-	// MetricsChannelSize of metrics to hold in the channel
-	MetricsChannelSize = 100
-)
-
-type metricChan struct {
-	ch     chan metric
-	paused *int64
-}
-
-func newMetricChan(size int) metricChan {
-	return metricChan{
-		ch:     make(chan metric, size),
-		paused: new(int64),
-	}
-}
-
-func (ch *metricChan) Pause() {
-	atomic.StoreInt64(ch.paused, pausedEnum)
-}
-
-func (ch *metricChan) Continue() {
-	atomic.StoreInt64(ch.paused, runningEnum)
-}
-
-func (ch *metricChan) IsPaused() bool {
-	v := atomic.LoadInt64(ch.paused)
-	return v == pausedEnum
-}
-
-// Push will push metrics to the metric channel if the channel
-// is not paused
-func (ch *metricChan) Push(m metric) bool {
-	if ch.IsPaused() {
-		return false
-	}
-
-	select {
-	case ch.ch <- m:
-		return true
-	default:
-		return false
-	}
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/csm/metric_exception.go b/vendor/github.com/aws/aws-sdk-go/aws/csm/metric_exception.go
deleted file mode 100644
index 54a99280c..000000000
--- a/vendor/github.com/aws/aws-sdk-go/aws/csm/metric_exception.go
+++ /dev/null
@@ -1,26 +0,0 @@
-package csm
-
-type metricException interface {
-	Exception() string
-	Message() string
-}
-
-type requestException struct {
-	exception string
-	message   string
-}
-
-func (e requestException) Exception() string {
-	return e.exception
-}
-func (e requestException) Message() string {
-	return e.message
-}
-
-type awsException struct {
-	requestException
-}
-
-type sdkException struct {
-	requestException
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/csm/reporter.go b/vendor/github.com/aws/aws-sdk-go/aws/csm/reporter.go
deleted file mode 100644
index 835bcd49c..000000000
--- a/vendor/github.com/aws/aws-sdk-go/aws/csm/reporter.go
+++ /dev/null
@@ -1,264 +0,0 @@
-package csm
-
-import (
-	"encoding/json"
-	"net"
-	"time"
-
-	"github.com/aws/aws-sdk-go/aws"
-	"github.com/aws/aws-sdk-go/aws/awserr"
-	"github.com/aws/aws-sdk-go/aws/request"
-)
-
-// Reporter will gather metrics of API requests made and
-// send those metrics to the CSM endpoint.
-type Reporter struct {
-	clientID  string
-	url       string
-	conn      net.Conn
-	metricsCh metricChan
-	done      chan struct{}
-}
-
-var (
-	sender *Reporter
-)
-
-func connect(url string) error {
-	const network = "udp"
-	if err := sender.connect(network, url); err != nil {
-		return err
-	}
-
-	if sender.done == nil {
-		sender.done = make(chan struct{})
-		go sender.start()
-	}
-
-	return nil
-}
-
-func newReporter(clientID, url string) *Reporter {
-	return &Reporter{
-		clientID:  clientID,
-		url:       url,
-		metricsCh: newMetricChan(MetricsChannelSize),
-	}
-}
-
-func (rep *Reporter) sendAPICallAttemptMetric(r *request.Request) {
-	if rep == nil {
-		return
-	}
-
-	now := time.Now()
-	creds, _ := r.Config.Credentials.Get()
-
-	m := metric{
-		ClientID:  aws.String(rep.clientID),
-		API:       aws.String(r.Operation.Name),
-		Service:   aws.String(r.ClientInfo.ServiceID),
-		Timestamp: (*metricTime)(&now),
-		UserAgent: aws.String(r.HTTPRequest.Header.Get("User-Agent")),
-		Region:    r.Config.Region,
-		Type:      aws.String("ApiCallAttempt"),
-		Version:   aws.Int(1),
-
-		XAmzRequestID: aws.String(r.RequestID),
-
-		AttemptLatency: aws.Int(int(now.Sub(r.AttemptTime).Nanoseconds() / int64(time.Millisecond))),
-		AccessKey:      aws.String(creds.AccessKeyID),
-	}
-
-	if r.HTTPResponse != nil {
-		m.HTTPStatusCode = aws.Int(r.HTTPResponse.StatusCode)
-	}
-
-	if r.Error != nil {
-		if awserr, ok := r.Error.(awserr.Error); ok {
-			m.SetException(getMetricException(awserr))
-		}
-	}
-
-	m.TruncateFields()
-	rep.metricsCh.Push(m)
-}
-
-func getMetricException(err awserr.Error) metricException {
-	msg := err.Error()
-	code := err.Code()
-
-	switch code {
-	case request.ErrCodeRequestError,
-		request.ErrCodeSerialization,
-		request.CanceledErrorCode:
-		return sdkException{
-			requestException{exception: code, message: msg},
-		}
-	default:
-		return awsException{
-			requestException{exception: code, message: msg},
-		}
-	}
-}
-
-func (rep *Reporter) sendAPICallMetric(r *request.Request) {
-	if rep == nil {
-		return
-	}
-
-	now := time.Now()
-	m := metric{
-		ClientID:           aws.String(rep.clientID),
-		API:                aws.String(r.Operation.Name),
-		Service:            aws.String(r.ClientInfo.ServiceID),
-		Timestamp:          (*metricTime)(&now),
-		UserAgent:          aws.String(r.HTTPRequest.Header.Get("User-Agent")),
-		Type:               aws.String("ApiCall"),
-		AttemptCount:       aws.Int(r.RetryCount + 1),
-		Region:             r.Config.Region,
-		Latency:            aws.Int(int(time.Since(r.Time) / time.Millisecond)),
-		XAmzRequestID:      aws.String(r.RequestID),
-		MaxRetriesExceeded: aws.Int(boolIntValue(r.RetryCount >= r.MaxRetries())),
-	}
-
-	if r.HTTPResponse != nil {
-		m.FinalHTTPStatusCode = aws.Int(r.HTTPResponse.StatusCode)
-	}
-
-	if r.Error != nil {
-		if awserr, ok := r.Error.(awserr.Error); ok {
-			m.SetFinalException(getMetricException(awserr))
-		}
-	}
-
-	m.TruncateFields()
-
-	// TODO: Probably want to figure something out for logging dropped
-	// metrics
-	rep.metricsCh.Push(m)
-}
-
-func (rep *Reporter) connect(network, url string) error {
-	if rep.conn != nil {
-		rep.conn.Close()
-	}
-
-	conn, err := net.Dial(network, url)
-	if err != nil {
-		return awserr.New("UDPError", "Could not connect", err)
-	}
-
-	rep.conn = conn
-
-	return nil
-}
-
-func (rep *Reporter) close() {
-	if rep.done != nil {
-		close(rep.done)
-	}
-
-	rep.metricsCh.Pause()
-}
-
-func (rep *Reporter) start() {
-	defer func() {
-		rep.metricsCh.Pause()
-	}()
-
-	for {
-		select {
-		case <-rep.done:
-			rep.done = nil
-			return
-		case m := <-rep.metricsCh.ch:
-			// TODO: What to do with this error? Probably should just log
-			b, err := json.Marshal(m)
-			if err != nil {
-				continue
-			}
-
-			rep.conn.Write(b)
-		}
-	}
-}
-
-// Pause will pause the metric channel preventing any new metrics from being
-// added. It is safe to call concurrently with other calls to Pause, but if
-// called concurently with Continue can lead to unexpected state.
-func (rep *Reporter) Pause() {
-	lock.Lock()
-	defer lock.Unlock()
-
-	if rep == nil {
-		return
-	}
-
-	rep.close()
-}
-
-// Continue will reopen the metric channel and allow for monitoring to be
-// resumed. It is safe to call concurrently with other calls to Continue, but
-// if called concurently with Pause can lead to unexpected state.
-func (rep *Reporter) Continue() {
-	lock.Lock()
-	defer lock.Unlock()
-	if rep == nil {
-		return
-	}
-
-	if !rep.metricsCh.IsPaused() {
-		return
-	}
-
-	rep.metricsCh.Continue()
-}
-
-// Client side metric handler names
-const (
-	APICallMetricHandlerName        = "awscsm.SendAPICallMetric"
-	APICallAttemptMetricHandlerName = "awscsm.SendAPICallAttemptMetric"
-)
-
-// InjectHandlers will will enable client side metrics and inject the proper
-// handlers to handle how metrics are sent.
-//
-// InjectHandlers is NOT safe to call concurrently. Calling InjectHandlers
-// multiple times may lead to unexpected behavior, (e.g. duplicate metrics).
-//
-//		// Start must be called in order to inject the correct handlers
-//		r, err := csm.Start("clientID", "127.0.0.1:8094")
-//		if err != nil {
-//			panic(fmt.Errorf("expected no error, but received %v", err))
-//		}
-//
-//		sess := session.NewSession()
-//		r.InjectHandlers(&sess.Handlers)
-//
-//		// create a new service client with our client side metric session
-//		svc := s3.New(sess)
-func (rep *Reporter) InjectHandlers(handlers *request.Handlers) {
-	if rep == nil {
-		return
-	}
-
-	handlers.Complete.PushFrontNamed(request.NamedHandler{
-		Name: APICallMetricHandlerName,
-		Fn:   rep.sendAPICallMetric,
-	})
-
-	handlers.CompleteAttempt.PushFrontNamed(request.NamedHandler{
-		Name: APICallAttemptMetricHandlerName,
-		Fn:   rep.sendAPICallAttemptMetric,
-	})
-}
-
-// boolIntValue return 1 for true and 0 for false.
-func boolIntValue(b bool) int {
-	if b {
-		return 1
-	}
-
-	return 0
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/defaults/defaults.go b/vendor/github.com/aws/aws-sdk-go/aws/defaults/defaults.go
deleted file mode 100644
index 23bb639e0..000000000
--- a/vendor/github.com/aws/aws-sdk-go/aws/defaults/defaults.go
+++ /dev/null
@@ -1,207 +0,0 @@
-// Package defaults is a collection of helpers to retrieve the SDK's default
-// configuration and handlers.
-//
-// Generally this package shouldn't be used directly, but session.Session
-// instead. This package is useful when you need to reset the defaults
-// of a session or service client to the SDK defaults before setting
-// additional parameters.
-package defaults
-
-import (
-	"fmt"
-	"net"
-	"net/http"
-	"net/url"
-	"os"
-	"time"
-
-	"github.com/aws/aws-sdk-go/aws"
-	"github.com/aws/aws-sdk-go/aws/awserr"
-	"github.com/aws/aws-sdk-go/aws/corehandlers"
-	"github.com/aws/aws-sdk-go/aws/credentials"
-	"github.com/aws/aws-sdk-go/aws/credentials/ec2rolecreds"
-	"github.com/aws/aws-sdk-go/aws/credentials/endpointcreds"
-	"github.com/aws/aws-sdk-go/aws/ec2metadata"
-	"github.com/aws/aws-sdk-go/aws/endpoints"
-	"github.com/aws/aws-sdk-go/aws/request"
-	"github.com/aws/aws-sdk-go/internal/shareddefaults"
-)
-
-// A Defaults provides a collection of default values for SDK clients.
-type Defaults struct {
-	Config   *aws.Config
-	Handlers request.Handlers
-}
-
-// Get returns the SDK's default values with Config and handlers pre-configured.
-func Get() Defaults {
-	cfg := Config()
-	handlers := Handlers()
-	cfg.Credentials = CredChain(cfg, handlers)
-
-	return Defaults{
-		Config:   cfg,
-		Handlers: handlers,
-	}
-}
-
-// Config returns the default configuration without credentials.
-// To retrieve a config with credentials also included use
-// `defaults.Get().Config` instead.
-//
-// Generally you shouldn't need to use this method directly, but
-// is available if you need to reset the configuration of an
-// existing service client or session.
-func Config() *aws.Config {
-	return aws.NewConfig().
-		WithCredentials(credentials.AnonymousCredentials).
-		WithRegion(os.Getenv("AWS_REGION")).
-		WithHTTPClient(http.DefaultClient).
-		WithMaxRetries(aws.UseServiceDefaultRetries).
-		WithLogger(aws.NewDefaultLogger()).
-		WithLogLevel(aws.LogOff).
-		WithEndpointResolver(endpoints.DefaultResolver())
-}
-
-// Handlers returns the default request handlers.
-//
-// Generally you shouldn't need to use this method directly, but
-// is available if you need to reset the request handlers of an
-// existing service client or session.
-func Handlers() request.Handlers {
-	var handlers request.Handlers
-
-	handlers.Validate.PushBackNamed(corehandlers.ValidateEndpointHandler)
-	handlers.Validate.AfterEachFn = request.HandlerListStopOnError
-	handlers.Build.PushBackNamed(corehandlers.SDKVersionUserAgentHandler)
-	handlers.Build.PushBackNamed(corehandlers.AddHostExecEnvUserAgentHander)
-	handlers.Build.AfterEachFn = request.HandlerListStopOnError
-	handlers.Sign.PushBackNamed(corehandlers.BuildContentLengthHandler)
-	handlers.Send.PushBackNamed(corehandlers.ValidateReqSigHandler)
-	handlers.Send.PushBackNamed(corehandlers.SendHandler)
-	handlers.AfterRetry.PushBackNamed(corehandlers.AfterRetryHandler)
-	handlers.ValidateResponse.PushBackNamed(corehandlers.ValidateResponseHandler)
-
-	return handlers
-}
-
-// CredChain returns the default credential chain.
-//
-// Generally you shouldn't need to use this method directly, but
-// is available if you need to reset the credentials of an
-// existing service client or session's Config.
-func CredChain(cfg *aws.Config, handlers request.Handlers) *credentials.Credentials {
-	return credentials.NewCredentials(&credentials.ChainProvider{
-		VerboseErrors: aws.BoolValue(cfg.CredentialsChainVerboseErrors),
-		Providers:     CredProviders(cfg, handlers),
-	})
-}
-
-// CredProviders returns the slice of providers used in
-// the default credential chain.
-//
-// For applications that need to use some other provider (for example use
-// different  environment variables for legacy reasons) but still fall back
-// on the default chain of providers. This allows that default chaint to be
-// automatically updated
-func CredProviders(cfg *aws.Config, handlers request.Handlers) []credentials.Provider {
-	return []credentials.Provider{
-		&credentials.EnvProvider{},
-		&credentials.SharedCredentialsProvider{Filename: "", Profile: ""},
-		RemoteCredProvider(*cfg, handlers),
-	}
-}
-
-const (
-	httpProviderAuthorizationEnvVar = "AWS_CONTAINER_AUTHORIZATION_TOKEN"
-	httpProviderEnvVar              = "AWS_CONTAINER_CREDENTIALS_FULL_URI"
-)
-
-// RemoteCredProvider returns a credentials provider for the default remote
-// endpoints such as EC2 or ECS Roles.
-func RemoteCredProvider(cfg aws.Config, handlers request.Handlers) credentials.Provider {
-	if u := os.Getenv(httpProviderEnvVar); len(u) > 0 {
-		return localHTTPCredProvider(cfg, handlers, u)
-	}
-
-	if uri := os.Getenv(shareddefaults.ECSCredsProviderEnvVar); len(uri) > 0 {
-		u := fmt.Sprintf("%s%s", shareddefaults.ECSContainerCredentialsURI, uri)
-		return httpCredProvider(cfg, handlers, u)
-	}
-
-	return ec2RoleProvider(cfg, handlers)
-}
-
-var lookupHostFn = net.LookupHost
-
-func isLoopbackHost(host string) (bool, error) {
-	ip := net.ParseIP(host)
-	if ip != nil {
-		return ip.IsLoopback(), nil
-	}
-
-	// Host is not an ip, perform lookup
-	addrs, err := lookupHostFn(host)
-	if err != nil {
-		return false, err
-	}
-	for _, addr := range addrs {
-		if !net.ParseIP(addr).IsLoopback() {
-			return false, nil
-		}
-	}
-
-	return true, nil
-}
-
-func localHTTPCredProvider(cfg aws.Config, handlers request.Handlers, u string) credentials.Provider {
-	var errMsg string
-
-	parsed, err := url.Parse(u)
-	if err != nil {
-		errMsg = fmt.Sprintf("invalid URL, %v", err)
-	} else {
-		host := aws.URLHostname(parsed)
-		if len(host) == 0 {
-			errMsg = "unable to parse host from local HTTP cred provider URL"
-		} else if isLoopback, loopbackErr := isLoopbackHost(host); loopbackErr != nil {
-			errMsg = fmt.Sprintf("failed to resolve host %q, %v", host, loopbackErr)
-		} else if !isLoopback {
-			errMsg = fmt.Sprintf("invalid endpoint host, %q, only loopback hosts are allowed.", host)
-		}
-	}
-
-	if len(errMsg) > 0 {
-		if cfg.Logger != nil {
-			cfg.Logger.Log("Ignoring, HTTP credential provider", errMsg, err)
-		}
-		return credentials.ErrorProvider{
-			Err:          awserr.New("CredentialsEndpointError", errMsg, err),
-			ProviderName: endpointcreds.ProviderName,
-		}
-	}
-
-	return httpCredProvider(cfg, handlers, u)
-}
-
-func httpCredProvider(cfg aws.Config, handlers request.Handlers, u string) credentials.Provider {
-	return endpointcreds.NewProviderClient(cfg, handlers, u,
-		func(p *endpointcreds.Provider) {
-			p.ExpiryWindow = 5 * time.Minute
-			p.AuthorizationToken = os.Getenv(httpProviderAuthorizationEnvVar)
-		},
-	)
-}
-
-func ec2RoleProvider(cfg aws.Config, handlers request.Handlers) credentials.Provider {
-	resolver := cfg.EndpointResolver
-	if resolver == nil {
-		resolver = endpoints.DefaultResolver()
-	}
-
-	e, _ := resolver.EndpointFor(endpoints.Ec2metadataServiceID, "")
-	return &ec2rolecreds.EC2RoleProvider{
-		Client:       ec2metadata.NewClient(cfg, handlers, e.URL, e.SigningRegion),
-		ExpiryWindow: 5 * time.Minute,
-	}
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/defaults/shared_config.go b/vendor/github.com/aws/aws-sdk-go/aws/defaults/shared_config.go
deleted file mode 100644
index ca0ee1dcc..000000000
--- a/vendor/github.com/aws/aws-sdk-go/aws/defaults/shared_config.go
+++ /dev/null
@@ -1,27 +0,0 @@
-package defaults
-
-import (
-	"github.com/aws/aws-sdk-go/internal/shareddefaults"
-)
-
-// SharedCredentialsFilename returns the SDK's default file path
-// for the shared credentials file.
-//
-// Builds the shared config file path based on the OS's platform.
-//
-//   - Linux/Unix: $HOME/.aws/credentials
-//   - Windows: %USERPROFILE%\.aws\credentials
-func SharedCredentialsFilename() string {
-	return shareddefaults.SharedCredentialsFilename()
-}
-
-// SharedConfigFilename returns the SDK's default file path for
-// the shared config file.
-//
-// Builds the shared config file path based on the OS's platform.
-//
-//   - Linux/Unix: $HOME/.aws/config
-//   - Windows: %USERPROFILE%\.aws\config
-func SharedConfigFilename() string {
-	return shareddefaults.SharedConfigFilename()
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/doc.go b/vendor/github.com/aws/aws-sdk-go/aws/doc.go
deleted file mode 100644
index 4fcb61618..000000000
--- a/vendor/github.com/aws/aws-sdk-go/aws/doc.go
+++ /dev/null
@@ -1,56 +0,0 @@
-// Package aws provides the core SDK's utilities and shared types. Use this package's
-// utilities to simplify setting and reading API operations parameters.
-//
-// Value and Pointer Conversion Utilities
-//
-// This package includes a helper conversion utility for each scalar type the SDK's
-// API use. These utilities make getting a pointer of the scalar, and dereferencing
-// a pointer easier.
-//
-// Each conversion utility comes in two forms. Value to Pointer and Pointer to Value.
-// The Pointer to value will safely dereference the pointer and return its value.
-// If the pointer was nil, the scalar's zero value will be returned.
-//
-// The value to pointer functions will be named after the scalar type. So get a
-// *string from a string value use the "String" function. This makes it easy to
-// to get pointer of a literal string value, because getting the address of a
-// literal requires assigning the value to a variable first.
-//
-//    var strPtr *string
-//
-//    // Without the SDK's conversion functions
-//    str := "my string"
-//    strPtr = &str
-//
-//    // With the SDK's conversion functions
-//    strPtr = aws.String("my string")
-//
-//    // Convert *string to string value
-//    str = aws.StringValue(strPtr)
-//
-// In addition to scalars the aws package also includes conversion utilities for
-// map and slice for commonly types used in API parameters. The map and slice
-// conversion functions use similar naming pattern as the scalar conversion
-// functions.
-//
-//    var strPtrs []*string
-//    var strs []string = []string{"Go", "Gophers", "Go"}
-//
-//    // Convert []string to []*string
-//    strPtrs = aws.StringSlice(strs)
-//
-//    // Convert []*string to []string
-//    strs = aws.StringValueSlice(strPtrs)
-//
-// SDK Default HTTP Client
-//
-// The SDK will use the http.DefaultClient if a HTTP client is not provided to
-// the SDK's Session, or service client constructor. This means that if the
-// http.DefaultClient is modified by other components of your application the
-// modifications will be picked up by the SDK as well.
-//
-// In some cases this might be intended, but it is a better practice to create
-// a custom HTTP Client to share explicitly through your application. You can
-// configure the SDK to use the custom HTTP Client by setting the HTTPClient
-// value of the SDK's Config type when creating a Session or service client.
-package aws
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/api.go b/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/api.go
deleted file mode 100644
index 69fa63dc0..000000000
--- a/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/api.go
+++ /dev/null
@@ -1,250 +0,0 @@
-package ec2metadata
-
-import (
-	"encoding/json"
-	"fmt"
-	"net/http"
-	"strconv"
-	"strings"
-	"time"
-
-	"github.com/aws/aws-sdk-go/aws"
-	"github.com/aws/aws-sdk-go/aws/awserr"
-	"github.com/aws/aws-sdk-go/aws/request"
-	"github.com/aws/aws-sdk-go/internal/sdkuri"
-)
-
-// getToken uses the duration to return a token for EC2 metadata service,
-// or an error if the request failed.
-func (c *EC2Metadata) getToken(ctx aws.Context, duration time.Duration) (tokenOutput, error) {
-	op := &request.Operation{
-		Name:       "GetToken",
-		HTTPMethod: "PUT",
-		HTTPPath:   "/latest/api/token",
-	}
-
-	var output tokenOutput
-	req := c.NewRequest(op, nil, &output)
-	req.SetContext(ctx)
-
-	// remove the fetch token handler from the request handlers to avoid infinite recursion
-	req.Handlers.Sign.RemoveByName(fetchTokenHandlerName)
-
-	// Swap the unmarshalMetadataHandler with unmarshalTokenHandler on this request.
-	req.Handlers.Unmarshal.Swap(unmarshalMetadataHandlerName, unmarshalTokenHandler)
-
-	ttl := strconv.FormatInt(int64(duration/time.Second), 10)
-	req.HTTPRequest.Header.Set(ttlHeader, ttl)
-
-	err := req.Send()
-
-	// Errors with bad request status should be returned.
-	if err != nil {
-		err = awserr.NewRequestFailure(
-			awserr.New(req.HTTPResponse.Status, http.StatusText(req.HTTPResponse.StatusCode), err),
-			req.HTTPResponse.StatusCode, req.RequestID)
-	}
-
-	return output, err
-}
-
-// GetMetadata uses the path provided to request information from the EC2
-// instance metadata service. The content will be returned as a string, or
-// error if the request failed.
-func (c *EC2Metadata) GetMetadata(p string) (string, error) {
-	return c.GetMetadataWithContext(aws.BackgroundContext(), p)
-}
-
-// GetMetadataWithContext uses the path provided to request information from the EC2
-// instance metadata service. The content will be returned as a string, or
-// error if the request failed.
-func (c *EC2Metadata) GetMetadataWithContext(ctx aws.Context, p string) (string, error) {
-	op := &request.Operation{
-		Name:       "GetMetadata",
-		HTTPMethod: "GET",
-		HTTPPath:   sdkuri.PathJoin("/latest/meta-data", p),
-	}
-	output := &metadataOutput{}
-
-	req := c.NewRequest(op, nil, output)
-
-	req.SetContext(ctx)
-
-	err := req.Send()
-	return output.Content, err
-}
-
-// GetUserData returns the userdata that was configured for the service. If
-// there is no user-data setup for the EC2 instance a "NotFoundError" error
-// code will be returned.
-func (c *EC2Metadata) GetUserData() (string, error) {
-	return c.GetUserDataWithContext(aws.BackgroundContext())
-}
-
-// GetUserDataWithContext returns the userdata that was configured for the service. If
-// there is no user-data setup for the EC2 instance a "NotFoundError" error
-// code will be returned.
-func (c *EC2Metadata) GetUserDataWithContext(ctx aws.Context) (string, error) {
-	op := &request.Operation{
-		Name:       "GetUserData",
-		HTTPMethod: "GET",
-		HTTPPath:   "/latest/user-data",
-	}
-
-	output := &metadataOutput{}
-	req := c.NewRequest(op, nil, output)
-	req.SetContext(ctx)
-
-	err := req.Send()
-	return output.Content, err
-}
-
-// GetDynamicData uses the path provided to request information from the EC2
-// instance metadata service for dynamic data. The content will be returned
-// as a string, or error if the request failed.
-func (c *EC2Metadata) GetDynamicData(p string) (string, error) {
-	return c.GetDynamicDataWithContext(aws.BackgroundContext(), p)
-}
-
-// GetDynamicDataWithContext uses the path provided to request information from the EC2
-// instance metadata service for dynamic data. The content will be returned
-// as a string, or error if the request failed.
-func (c *EC2Metadata) GetDynamicDataWithContext(ctx aws.Context, p string) (string, error) {
-	op := &request.Operation{
-		Name:       "GetDynamicData",
-		HTTPMethod: "GET",
-		HTTPPath:   sdkuri.PathJoin("/latest/dynamic", p),
-	}
-
-	output := &metadataOutput{}
-	req := c.NewRequest(op, nil, output)
-	req.SetContext(ctx)
-
-	err := req.Send()
-	return output.Content, err
-}
-
-// GetInstanceIdentityDocument retrieves an identity document describing an
-// instance. Error is returned if the request fails or is unable to parse
-// the response.
-func (c *EC2Metadata) GetInstanceIdentityDocument() (EC2InstanceIdentityDocument, error) {
-	return c.GetInstanceIdentityDocumentWithContext(aws.BackgroundContext())
-}
-
-// GetInstanceIdentityDocumentWithContext retrieves an identity document describing an
-// instance. Error is returned if the request fails or is unable to parse
-// the response.
-func (c *EC2Metadata) GetInstanceIdentityDocumentWithContext(ctx aws.Context) (EC2InstanceIdentityDocument, error) {
-	resp, err := c.GetDynamicDataWithContext(ctx, "instance-identity/document")
-	if err != nil {
-		return EC2InstanceIdentityDocument{},
-			awserr.New("EC2MetadataRequestError",
-				"failed to get EC2 instance identity document", err)
-	}
-
-	doc := EC2InstanceIdentityDocument{}
-	if err := json.NewDecoder(strings.NewReader(resp)).Decode(&doc); err != nil {
-		return EC2InstanceIdentityDocument{},
-			awserr.New(request.ErrCodeSerialization,
-				"failed to decode EC2 instance identity document", err)
-	}
-
-	return doc, nil
-}
-
-// IAMInfo retrieves IAM info from the metadata API
-func (c *EC2Metadata) IAMInfo() (EC2IAMInfo, error) {
-	return c.IAMInfoWithContext(aws.BackgroundContext())
-}
-
-// IAMInfoWithContext retrieves IAM info from the metadata API
-func (c *EC2Metadata) IAMInfoWithContext(ctx aws.Context) (EC2IAMInfo, error) {
-	resp, err := c.GetMetadataWithContext(ctx, "iam/info")
-	if err != nil {
-		return EC2IAMInfo{},
-			awserr.New("EC2MetadataRequestError",
-				"failed to get EC2 IAM info", err)
-	}
-
-	info := EC2IAMInfo{}
-	if err := json.NewDecoder(strings.NewReader(resp)).Decode(&info); err != nil {
-		return EC2IAMInfo{},
-			awserr.New(request.ErrCodeSerialization,
-				"failed to decode EC2 IAM info", err)
-	}
-
-	if info.Code != "Success" {
-		errMsg := fmt.Sprintf("failed to get EC2 IAM Info (%s)", info.Code)
-		return EC2IAMInfo{},
-			awserr.New("EC2MetadataError", errMsg, nil)
-	}
-
-	return info, nil
-}
-
-// Region returns the region the instance is running in.
-func (c *EC2Metadata) Region() (string, error) {
-	return c.RegionWithContext(aws.BackgroundContext())
-}
-
-// RegionWithContext returns the region the instance is running in.
-func (c *EC2Metadata) RegionWithContext(ctx aws.Context) (string, error) {
-	ec2InstanceIdentityDocument, err := c.GetInstanceIdentityDocumentWithContext(ctx)
-	if err != nil {
-		return "", err
-	}
-	// extract region from the ec2InstanceIdentityDocument
-	region := ec2InstanceIdentityDocument.Region
-	if len(region) == 0 {
-		return "", awserr.New("EC2MetadataError", "invalid region received for ec2metadata instance", nil)
-	}
-	// returns region
-	return region, nil
-}
-
-// Available returns if the application has access to the EC2 Metadata service.
-// Can be used to determine if application is running within an EC2 Instance and
-// the metadata service is available.
-func (c *EC2Metadata) Available() bool {
-	return c.AvailableWithContext(aws.BackgroundContext())
-}
-
-// AvailableWithContext returns if the application has access to the EC2 Metadata service.
-// Can be used to determine if application is running within an EC2 Instance and
-// the metadata service is available.
-func (c *EC2Metadata) AvailableWithContext(ctx aws.Context) bool {
-	if _, err := c.GetMetadataWithContext(ctx, "instance-id"); err != nil {
-		return false
-	}
-
-	return true
-}
-
-// An EC2IAMInfo provides the shape for unmarshaling
-// an IAM info from the metadata API
-type EC2IAMInfo struct {
-	Code               string
-	LastUpdated        time.Time
-	InstanceProfileArn string
-	InstanceProfileID  string
-}
-
-// An EC2InstanceIdentityDocument provides the shape for unmarshaling
-// an instance identity document
-type EC2InstanceIdentityDocument struct {
-	DevpayProductCodes      []string  `json:"devpayProductCodes"`
-	MarketplaceProductCodes []string  `json:"marketplaceProductCodes"`
-	AvailabilityZone        string    `json:"availabilityZone"`
-	PrivateIP               string    `json:"privateIp"`
-	Version                 string    `json:"version"`
-	Region                  string    `json:"region"`
-	InstanceID              string    `json:"instanceId"`
-	BillingProducts         []string  `json:"billingProducts"`
-	InstanceType            string    `json:"instanceType"`
-	AccountID               string    `json:"accountId"`
-	PendingTime             time.Time `json:"pendingTime"`
-	ImageID                 string    `json:"imageId"`
-	KernelID                string    `json:"kernelId"`
-	RamdiskID               string    `json:"ramdiskId"`
-	Architecture            string    `json:"architecture"`
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/service.go b/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/service.go
deleted file mode 100644
index f4cc8751d..000000000
--- a/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/service.go
+++ /dev/null
@@ -1,245 +0,0 @@
-// Package ec2metadata provides the client for making API calls to the
-// EC2 Metadata service.
-//
-// This package's client can be disabled completely by setting the environment
-// variable "AWS_EC2_METADATA_DISABLED=true". This environment variable set to
-// true instructs the SDK to disable the EC2 Metadata client. The client cannot
-// be used while the environment variable is set to true, (case insensitive).
-//
-// The endpoint of the EC2 IMDS client can be configured via the environment
-// variable, AWS_EC2_METADATA_SERVICE_ENDPOINT when creating the client with a
-// Session. See aws/session#Options.EC2IMDSEndpoint for more details.
-package ec2metadata
-
-import (
-	"bytes"
-	"io"
-	"net/http"
-	"net/url"
-	"os"
-	"strconv"
-	"strings"
-	"time"
-
-	"github.com/aws/aws-sdk-go/aws"
-	"github.com/aws/aws-sdk-go/aws/awserr"
-	"github.com/aws/aws-sdk-go/aws/client"
-	"github.com/aws/aws-sdk-go/aws/client/metadata"
-	"github.com/aws/aws-sdk-go/aws/corehandlers"
-	"github.com/aws/aws-sdk-go/aws/request"
-)
-
-const (
-	// ServiceName is the name of the service.
-	ServiceName          = "ec2metadata"
-	disableServiceEnvVar = "AWS_EC2_METADATA_DISABLED"
-
-	// Headers for Token and TTL
-	ttlHeader   = "x-aws-ec2-metadata-token-ttl-seconds"
-	tokenHeader = "x-aws-ec2-metadata-token"
-
-	// Named Handler constants
-	fetchTokenHandlerName          = "FetchTokenHandler"
-	unmarshalMetadataHandlerName   = "unmarshalMetadataHandler"
-	unmarshalTokenHandlerName      = "unmarshalTokenHandler"
-	enableTokenProviderHandlerName = "enableTokenProviderHandler"
-
-	// TTL constants
-	defaultTTL          = 21600 * time.Second
-	ttlExpirationWindow = 30 * time.Second
-)
-
-// A EC2Metadata is an EC2 Metadata service Client.
-type EC2Metadata struct {
-	*client.Client
-}
-
-// New creates a new instance of the EC2Metadata client with a session.
-// This client is safe to use across multiple goroutines.
-//
-// Example:
-//
-//	// Create a EC2Metadata client from just a session.
-//	svc := ec2metadata.New(mySession)
-//
-//	// Create a EC2Metadata client with additional configuration
-//	svc := ec2metadata.New(mySession, aws.NewConfig().WithLogLevel(aws.LogDebugHTTPBody))
-func New(p client.ConfigProvider, cfgs ...*aws.Config) *EC2Metadata {
-	c := p.ClientConfig(ServiceName, cfgs...)
-	return NewClient(*c.Config, c.Handlers, c.Endpoint, c.SigningRegion)
-}
-
-// NewClient returns a new EC2Metadata client. Should be used to create
-// a client when not using a session. Generally using just New with a session
-// is preferred.
-//
-// Will remove the URL path from the endpoint provided to ensure the EC2 IMDS
-// client is able to communicate with the EC2 IMDS API.
-//
-// If an unmodified HTTP client is provided from the stdlib default, or no client
-// the EC2RoleProvider's EC2Metadata HTTP client's timeout will be shortened.
-// To disable this set Config.EC2MetadataDisableTimeoutOverride to false. Enabled by default.
-func NewClient(cfg aws.Config, handlers request.Handlers, endpoint, signingRegion string, opts ...func(*client.Client)) *EC2Metadata {
-	if !aws.BoolValue(cfg.EC2MetadataDisableTimeoutOverride) && httpClientZero(cfg.HTTPClient) {
-		// If the http client is unmodified and this feature is not disabled
-		// set custom timeouts for EC2Metadata requests.
-		cfg.HTTPClient = &http.Client{
-			// use a shorter timeout than default because the metadata
-			// service is local if it is running, and to fail faster
-			// if not running on an ec2 instance.
-			Timeout: 1 * time.Second,
-		}
-		// max number of retries on the client operation
-		cfg.MaxRetries = aws.Int(2)
-	}
-
-	if u, err := url.Parse(endpoint); err == nil {
-		// Remove path from the endpoint since it will be added by requests.
-		// This is an artifact of the SDK adding `/latest` to the endpoint for
-		// EC2 IMDS, but this is now moved to the operation definition.
-		u.Path = ""
-		u.RawPath = ""
-		endpoint = u.String()
-	}
-
-	svc := &EC2Metadata{
-		Client: client.New(
-			cfg,
-			metadata.ClientInfo{
-				ServiceName: ServiceName,
-				ServiceID:   ServiceName,
-				Endpoint:    endpoint,
-				APIVersion:  "latest",
-			},
-			handlers,
-		),
-	}
-
-	// token provider instance
-	tp := newTokenProvider(svc, defaultTTL)
-
-	// NamedHandler for fetching token
-	svc.Handlers.Sign.PushBackNamed(request.NamedHandler{
-		Name: fetchTokenHandlerName,
-		Fn:   tp.fetchTokenHandler,
-	})
-	// NamedHandler for enabling token provider
-	svc.Handlers.Complete.PushBackNamed(request.NamedHandler{
-		Name: enableTokenProviderHandlerName,
-		Fn:   tp.enableTokenProviderHandler,
-	})
-
-	svc.Handlers.Unmarshal.PushBackNamed(unmarshalHandler)
-	svc.Handlers.UnmarshalError.PushBack(unmarshalError)
-	svc.Handlers.Validate.Clear()
-	svc.Handlers.Validate.PushBack(validateEndpointHandler)
-
-	// Disable the EC2 Metadata service if the environment variable is set.
-	// This short-circuits the service's functionality to always fail to send
-	// requests.
-	if strings.ToLower(os.Getenv(disableServiceEnvVar)) == "true" {
-		svc.Handlers.Send.SwapNamed(request.NamedHandler{
-			Name: corehandlers.SendHandler.Name,
-			Fn: func(r *request.Request) {
-				r.HTTPResponse = &http.Response{
-					Header: http.Header{},
-				}
-				r.Error = awserr.New(
-					request.CanceledErrorCode,
-					"EC2 IMDS access disabled via "+disableServiceEnvVar+" env var",
-					nil)
-			},
-		})
-	}
-
-	// Add additional options to the service config
-	for _, option := range opts {
-		option(svc.Client)
-	}
-	return svc
-}
-
-func httpClientZero(c *http.Client) bool {
-	return c == nil || (c.Transport == nil && c.CheckRedirect == nil && c.Jar == nil && c.Timeout == 0)
-}
-
-type metadataOutput struct {
-	Content string
-}
-
-type tokenOutput struct {
-	Token string
-	TTL   time.Duration
-}
-
-// unmarshal token handler is used to parse the response of a getToken operation
-var unmarshalTokenHandler = request.NamedHandler{
-	Name: unmarshalTokenHandlerName,
-	Fn: func(r *request.Request) {
-		defer r.HTTPResponse.Body.Close()
-		var b bytes.Buffer
-		if _, err := io.Copy(&b, r.HTTPResponse.Body); err != nil {
-			r.Error = awserr.NewRequestFailure(awserr.New(request.ErrCodeSerialization,
-				"unable to unmarshal EC2 metadata response", err), r.HTTPResponse.StatusCode, r.RequestID)
-			return
-		}
-
-		v := r.HTTPResponse.Header.Get(ttlHeader)
-		data, ok := r.Data.(*tokenOutput)
-		if !ok {
-			return
-		}
-
-		data.Token = b.String()
-		// TTL is in seconds
-		i, err := strconv.ParseInt(v, 10, 64)
-		if err != nil {
-			r.Error = awserr.NewRequestFailure(awserr.New(request.ParamFormatErrCode,
-				"unable to parse EC2 token TTL response", err), r.HTTPResponse.StatusCode, r.RequestID)
-			return
-		}
-		t := time.Duration(i) * time.Second
-		data.TTL = t
-	},
-}
-
-var unmarshalHandler = request.NamedHandler{
-	Name: unmarshalMetadataHandlerName,
-	Fn: func(r *request.Request) {
-		defer r.HTTPResponse.Body.Close()
-		var b bytes.Buffer
-		if _, err := io.Copy(&b, r.HTTPResponse.Body); err != nil {
-			r.Error = awserr.NewRequestFailure(awserr.New(request.ErrCodeSerialization,
-				"unable to unmarshal EC2 metadata response", err), r.HTTPResponse.StatusCode, r.RequestID)
-			return
-		}
-
-		if data, ok := r.Data.(*metadataOutput); ok {
-			data.Content = b.String()
-		}
-	},
-}
-
-func unmarshalError(r *request.Request) {
-	defer r.HTTPResponse.Body.Close()
-	var b bytes.Buffer
-
-	if _, err := io.Copy(&b, r.HTTPResponse.Body); err != nil {
-		r.Error = awserr.NewRequestFailure(
-			awserr.New(request.ErrCodeSerialization, "unable to unmarshal EC2 metadata error response", err),
-			r.HTTPResponse.StatusCode, r.RequestID)
-		return
-	}
-
-	// Response body format is not consistent between metadata endpoints.
-	// Grab the error message as a string and include that as the source error
-	r.Error = awserr.NewRequestFailure(
-		awserr.New("EC2MetadataError", "failed to make EC2Metadata request\n"+b.String(), nil),
-		r.HTTPResponse.StatusCode, r.RequestID)
-}
-
-func validateEndpointHandler(r *request.Request) {
-	if r.ClientInfo.Endpoint == "" {
-		r.Error = aws.ErrMissingEndpoint
-	}
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/token_provider.go b/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/token_provider.go
deleted file mode 100644
index 604aeffde..000000000
--- a/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/token_provider.go
+++ /dev/null
@@ -1,96 +0,0 @@
-package ec2metadata
-
-import (
-	"fmt"
-	"net/http"
-	"sync/atomic"
-	"time"
-
-	"github.com/aws/aws-sdk-go/aws/awserr"
-	"github.com/aws/aws-sdk-go/aws/credentials"
-	"github.com/aws/aws-sdk-go/aws/request"
-)
-
-// A tokenProvider struct provides access to EC2Metadata client
-// and atomic instance of a token, along with configuredTTL for it.
-// tokenProvider also provides an atomic flag to disable the
-// fetch token operation.
-// The disabled member will use 0 as false, and 1 as true.
-type tokenProvider struct {
-	client        *EC2Metadata
-	token         atomic.Value
-	configuredTTL time.Duration
-	disabled      uint32
-}
-
-// A ec2Token struct helps use of token in EC2 Metadata service ops
-type ec2Token struct {
-	token string
-	credentials.Expiry
-}
-
-// newTokenProvider provides a pointer to a tokenProvider instance
-func newTokenProvider(c *EC2Metadata, duration time.Duration) *tokenProvider {
-	return &tokenProvider{client: c, configuredTTL: duration}
-}
-
-// check if fallback is enabled
-func (t *tokenProvider) fallbackEnabled() bool {
-	return t.client.Config.EC2MetadataEnableFallback == nil || *t.client.Config.EC2MetadataEnableFallback
-}
-
-// fetchTokenHandler fetches token for EC2Metadata service client by default.
-func (t *tokenProvider) fetchTokenHandler(r *request.Request) {
-	// short-circuits to insecure data flow if tokenProvider is disabled.
-	if v := atomic.LoadUint32(&t.disabled); v == 1 && t.fallbackEnabled() {
-		return
-	}
-
-	if ec2Token, ok := t.token.Load().(ec2Token); ok && !ec2Token.IsExpired() {
-		r.HTTPRequest.Header.Set(tokenHeader, ec2Token.token)
-		return
-	}
-
-	output, err := t.client.getToken(r.Context(), t.configuredTTL)
-
-	if err != nil {
-		// only attempt fallback to insecure data flow if IMDSv1 is enabled
-		if !t.fallbackEnabled() {
-			r.Error = awserr.New("EC2MetadataError", "failed to get IMDSv2 token and fallback to IMDSv1 is disabled", err)
-			return
-		}
-
-		// change the disabled flag on token provider to true and fallback
-		if requestFailureError, ok := err.(awserr.RequestFailure); ok {
-			switch requestFailureError.StatusCode() {
-			case http.StatusForbidden, http.StatusNotFound, http.StatusMethodNotAllowed:
-				atomic.StoreUint32(&t.disabled, 1)
-				t.client.Config.Logger.Log(fmt.Sprintf("WARN: failed to get session token, falling back to IMDSv1: %v", requestFailureError))
-			case http.StatusBadRequest:
-				r.Error = requestFailureError
-			}
-		}
-		return
-	}
-
-	newToken := ec2Token{
-		token: output.Token,
-	}
-	newToken.SetExpiration(time.Now().Add(output.TTL), ttlExpirationWindow)
-	t.token.Store(newToken)
-
-	// Inject token header to the request.
-	if ec2Token, ok := t.token.Load().(ec2Token); ok {
-		r.HTTPRequest.Header.Set(tokenHeader, ec2Token.token)
-	}
-}
-
-// enableTokenProviderHandler enables the token provider
-func (t *tokenProvider) enableTokenProviderHandler(r *request.Request) {
-	// If the error code status is 401, we enable the token provider
-	if e, ok := r.Error.(awserr.RequestFailure); ok && e != nil &&
-		e.StatusCode() == http.StatusUnauthorized {
-		t.token.Store(ec2Token{})
-		atomic.StoreUint32(&t.disabled, 0)
-	}
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/decode.go b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/decode.go
deleted file mode 100644
index cad3b9a48..000000000
--- a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/decode.go
+++ /dev/null
@@ -1,193 +0,0 @@
-package endpoints
-
-import (
-	"encoding/json"
-	"fmt"
-	"io"
-
-	"github.com/aws/aws-sdk-go/aws/awserr"
-)
-
-type modelDefinition map[string]json.RawMessage
-
-// A DecodeModelOptions are the options for how the endpoints model definition
-// are decoded.
-type DecodeModelOptions struct {
-	SkipCustomizations bool
-}
-
-// Set combines all of the option functions together.
-func (d *DecodeModelOptions) Set(optFns ...func(*DecodeModelOptions)) {
-	for _, fn := range optFns {
-		fn(d)
-	}
-}
-
-// DecodeModel unmarshals a Regions and Endpoint model definition file into
-// a endpoint Resolver. If the file format is not supported, or an error occurs
-// when unmarshaling the model an error will be returned.
-//
-// Casting the return value of this func to a EnumPartitions will
-// allow you to get a list of the partitions in the order the endpoints
-// will be resolved in.
-//
-//	resolver, err := endpoints.DecodeModel(reader)
-//
-//	partitions := resolver.(endpoints.EnumPartitions).Partitions()
-//	for _, p := range partitions {
-//	    // ... inspect partitions
-//	}
-func DecodeModel(r io.Reader, optFns ...func(*DecodeModelOptions)) (Resolver, error) {
-	var opts DecodeModelOptions
-	opts.Set(optFns...)
-
-	// Get the version of the partition file to determine what
-	// unmarshaling model to use.
-	modelDef := modelDefinition{}
-	if err := json.NewDecoder(r).Decode(&modelDef); err != nil {
-		return nil, newDecodeModelError("failed to decode endpoints model", err)
-	}
-
-	var version string
-	if b, ok := modelDef["version"]; ok {
-		version = string(b)
-	} else {
-		return nil, newDecodeModelError("endpoints version not found in model", nil)
-	}
-
-	if version == "3" {
-		return decodeV3Endpoints(modelDef, opts)
-	}
-
-	return nil, newDecodeModelError(
-		fmt.Sprintf("endpoints version %s, not supported", version), nil)
-}
-
-func decodeV3Endpoints(modelDef modelDefinition, opts DecodeModelOptions) (Resolver, error) {
-	b, ok := modelDef["partitions"]
-	if !ok {
-		return nil, newDecodeModelError("endpoints model missing partitions", nil)
-	}
-
-	ps := partitions{}
-	if err := json.Unmarshal(b, &ps); err != nil {
-		return nil, newDecodeModelError("failed to decode endpoints model", err)
-	}
-
-	if opts.SkipCustomizations {
-		return ps, nil
-	}
-
-	// Customization
-	for i := 0; i < len(ps); i++ {
-		p := &ps[i]
-		custRegionalS3(p)
-		custRmIotDataService(p)
-		custFixAppAutoscalingChina(p)
-		custFixAppAutoscalingUsGov(p)
-	}
-
-	return ps, nil
-}
-
-func custRegionalS3(p *partition) {
-	if p.ID != "aws" {
-		return
-	}
-
-	service, ok := p.Services["s3"]
-	if !ok {
-		return
-	}
-
-	const awsGlobal = "aws-global"
-	const usEast1 = "us-east-1"
-
-	// If global endpoint already exists no customization needed.
-	if _, ok := service.Endpoints[endpointKey{Region: awsGlobal}]; ok {
-		return
-	}
-
-	service.PartitionEndpoint = awsGlobal
-	if _, ok := service.Endpoints[endpointKey{Region: usEast1}]; !ok {
-		service.Endpoints[endpointKey{Region: usEast1}] = endpoint{}
-	}
-	service.Endpoints[endpointKey{Region: awsGlobal}] = endpoint{
-		Hostname: "s3.amazonaws.com",
-		CredentialScope: credentialScope{
-			Region: usEast1,
-		},
-	}
-
-	p.Services["s3"] = service
-}
-
-func custRmIotDataService(p *partition) {
-	delete(p.Services, "data.iot")
-}
-
-func custFixAppAutoscalingChina(p *partition) {
-	if p.ID != "aws-cn" {
-		return
-	}
-
-	const serviceName = "application-autoscaling"
-	s, ok := p.Services[serviceName]
-	if !ok {
-		return
-	}
-
-	const expectHostname = `autoscaling.{region}.amazonaws.com`
-	serviceDefault := s.Defaults[defaultKey{}]
-	if e, a := expectHostname, serviceDefault.Hostname; e != a {
-		fmt.Printf("custFixAppAutoscalingChina: ignoring customization, expected %s, got %s\n", e, a)
-		return
-	}
-	serviceDefault.Hostname = expectHostname + ".cn"
-	s.Defaults[defaultKey{}] = serviceDefault
-	p.Services[serviceName] = s
-}
-
-func custFixAppAutoscalingUsGov(p *partition) {
-	if p.ID != "aws-us-gov" {
-		return
-	}
-
-	const serviceName = "application-autoscaling"
-	s, ok := p.Services[serviceName]
-	if !ok {
-		return
-	}
-
-	serviceDefault := s.Defaults[defaultKey{}]
-	if a := serviceDefault.CredentialScope.Service; a != "" {
-		fmt.Printf("custFixAppAutoscalingUsGov: ignoring customization, expected empty credential scope service, got %s\n", a)
-		return
-	}
-
-	if a := serviceDefault.Hostname; a != "" {
-		fmt.Printf("custFixAppAutoscalingUsGov: ignoring customization, expected empty hostname, got %s\n", a)
-		return
-	}
-
-	serviceDefault.CredentialScope.Service = "application-autoscaling"
-	serviceDefault.Hostname = "autoscaling.{region}.amazonaws.com"
-
-	if s.Defaults == nil {
-		s.Defaults = make(endpointDefaults)
-	}
-
-	s.Defaults[defaultKey{}] = serviceDefault
-
-	p.Services[serviceName] = s
-}
-
-type decodeModelError struct {
-	awsError
-}
-
-func newDecodeModelError(msg string, err error) decodeModelError {
-	return decodeModelError{
-		awsError: awserr.New("DecodeEndpointsModelError", msg, err),
-	}
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go
deleted file mode 100644
index 9943af744..000000000
--- a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go
+++ /dev/null
@@ -1,40212 +0,0 @@
-// Code generated by aws/endpoints/v3model_codegen.go. DO NOT EDIT.
-
-package endpoints
-
-import (
-	"regexp"
-)
-
-// Partition identifiers
-const (
-	AwsPartitionID      = "aws"        // AWS Standard partition.
-	AwsCnPartitionID    = "aws-cn"     // AWS China partition.
-	AwsUsGovPartitionID = "aws-us-gov" // AWS GovCloud (US) partition.
-	AwsIsoPartitionID   = "aws-iso"    // AWS ISO (US) partition.
-	AwsIsoBPartitionID  = "aws-iso-b"  // AWS ISOB (US) partition.
-	AwsIsoEPartitionID  = "aws-iso-e"  // AWS ISOE (Europe) partition.
-	AwsIsoFPartitionID  = "aws-iso-f"  // AWS ISOF partition.
-)
-
-// AWS Standard partition's regions.
-const (
-	AfSouth1RegionID     = "af-south-1"     // Africa (Cape Town).
-	ApEast1RegionID      = "ap-east-1"      // Asia Pacific (Hong Kong).
-	ApNortheast1RegionID = "ap-northeast-1" // Asia Pacific (Tokyo).
-	ApNortheast2RegionID = "ap-northeast-2" // Asia Pacific (Seoul).
-	ApNortheast3RegionID = "ap-northeast-3" // Asia Pacific (Osaka).
-	ApSouth1RegionID     = "ap-south-1"     // Asia Pacific (Mumbai).
-	ApSouth2RegionID     = "ap-south-2"     // Asia Pacific (Hyderabad).
-	ApSoutheast1RegionID = "ap-southeast-1" // Asia Pacific (Singapore).
-	ApSoutheast2RegionID = "ap-southeast-2" // Asia Pacific (Sydney).
-	ApSoutheast3RegionID = "ap-southeast-3" // Asia Pacific (Jakarta).
-	ApSoutheast4RegionID = "ap-southeast-4" // Asia Pacific (Melbourne).
-	CaCentral1RegionID   = "ca-central-1"   // Canada (Central).
-	EuCentral1RegionID   = "eu-central-1"   // Europe (Frankfurt).
-	EuCentral2RegionID   = "eu-central-2"   // Europe (Zurich).
-	EuNorth1RegionID     = "eu-north-1"     // Europe (Stockholm).
-	EuSouth1RegionID     = "eu-south-1"     // Europe (Milan).
-	EuSouth2RegionID     = "eu-south-2"     // Europe (Spain).
-	EuWest1RegionID      = "eu-west-1"      // Europe (Ireland).
-	EuWest2RegionID      = "eu-west-2"      // Europe (London).
-	EuWest3RegionID      = "eu-west-3"      // Europe (Paris).
-	MeCentral1RegionID   = "me-central-1"   // Middle East (UAE).
-	MeSouth1RegionID     = "me-south-1"     // Middle East (Bahrain).
-	SaEast1RegionID      = "sa-east-1"      // South America (Sao Paulo).
-	UsEast1RegionID      = "us-east-1"      // US East (N. Virginia).
-	UsEast2RegionID      = "us-east-2"      // US East (Ohio).
-	UsWest1RegionID      = "us-west-1"      // US West (N. California).
-	UsWest2RegionID      = "us-west-2"      // US West (Oregon).
-)
-
-// AWS China partition's regions.
-const (
-	CnNorth1RegionID     = "cn-north-1"     // China (Beijing).
-	CnNorthwest1RegionID = "cn-northwest-1" // China (Ningxia).
-)
-
-// AWS GovCloud (US) partition's regions.
-const (
-	UsGovEast1RegionID = "us-gov-east-1" // AWS GovCloud (US-East).
-	UsGovWest1RegionID = "us-gov-west-1" // AWS GovCloud (US-West).
-)
-
-// AWS ISO (US) partition's regions.
-const (
-	UsIsoEast1RegionID = "us-iso-east-1" // US ISO East.
-	UsIsoWest1RegionID = "us-iso-west-1" // US ISO WEST.
-)
-
-// AWS ISOB (US) partition's regions.
-const (
-	UsIsobEast1RegionID = "us-isob-east-1" // US ISOB East (Ohio).
-)
-
-// AWS ISOE (Europe) partition's regions.
-const ()
-
-// AWS ISOF partition's regions.
-const ()
-
-// DefaultResolver returns an Endpoint resolver that will be able
-// to resolve endpoints for: AWS Standard, AWS China, AWS GovCloud (US), AWS ISO (US), AWS ISOB (US), AWS ISOE (Europe), and AWS ISOF.
-//
-// Use DefaultPartitions() to get the list of the default partitions.
-func DefaultResolver() Resolver {
-	return defaultPartitions
-}
-
-// DefaultPartitions returns a list of the partitions the SDK is bundled
-// with. The available partitions are: AWS Standard, AWS China, AWS GovCloud (US), AWS ISO (US), AWS ISOB (US), AWS ISOE (Europe), and AWS ISOF.
-//
-//    partitions := endpoints.DefaultPartitions
-//    for _, p := range partitions {
-//        // ... inspect partitions
-//    }
-func DefaultPartitions() []Partition {
-	return defaultPartitions.Partitions()
-}
-
-var defaultPartitions = partitions{
-	awsPartition,
-	awscnPartition,
-	awsusgovPartition,
-	awsisoPartition,
-	awsisobPartition,
-	awsisoePartition,
-	awsisofPartition,
-}
-
-// AwsPartition returns the Resolver for AWS Standard.
-func AwsPartition() Partition {
-	return awsPartition.Partition()
-}
-
-var awsPartition = partition{
-	ID:        "aws",
-	Name:      "AWS Standard",
-	DNSSuffix: "amazonaws.com",
-	RegionRegex: regionRegex{
-		Regexp: func() *regexp.Regexp {
-			reg, _ := regexp.Compile("^(us|eu|ap|sa|ca|me|af)\\-\\w+\\-\\d+$")
-			return reg
-		}(),
-	},
-	Defaults: endpointDefaults{
-		defaultKey{}: endpoint{
-			Hostname:          "{service}.{region}.{dnsSuffix}",
-			Protocols:         []string{"https"},
-			SignatureVersions: []string{"v4"},
-		},
-		defaultKey{
-			Variant: dualStackVariant,
-		}: endpoint{
-			Hostname:          "{service}.{region}.{dnsSuffix}",
-			DNSSuffix:         "api.aws",
-			Protocols:         []string{"https"},
-			SignatureVersions: []string{"v4"},
-		},
-		defaultKey{
-			Variant: fipsVariant,
-		}: endpoint{
-			Hostname:          "{service}-fips.{region}.{dnsSuffix}",
-			DNSSuffix:         "amazonaws.com",
-			Protocols:         []string{"https"},
-			SignatureVersions: []string{"v4"},
-		},
-		defaultKey{
-			Variant: fipsVariant | dualStackVariant,
-		}: endpoint{
-			Hostname:          "{service}-fips.{region}.{dnsSuffix}",
-			DNSSuffix:         "api.aws",
-			Protocols:         []string{"https"},
-			SignatureVersions: []string{"v4"},
-		},
-	},
-	Regions: regions{
-		"af-south-1": region{
-			Description: "Africa (Cape Town)",
-		},
-		"ap-east-1": region{
-			Description: "Asia Pacific (Hong Kong)",
-		},
-		"ap-northeast-1": region{
-			Description: "Asia Pacific (Tokyo)",
-		},
-		"ap-northeast-2": region{
-			Description: "Asia Pacific (Seoul)",
-		},
-		"ap-northeast-3": region{
-			Description: "Asia Pacific (Osaka)",
-		},
-		"ap-south-1": region{
-			Description: "Asia Pacific (Mumbai)",
-		},
-		"ap-south-2": region{
-			Description: "Asia Pacific (Hyderabad)",
-		},
-		"ap-southeast-1": region{
-			Description: "Asia Pacific (Singapore)",
-		},
-		"ap-southeast-2": region{
-			Description: "Asia Pacific (Sydney)",
-		},
-		"ap-southeast-3": region{
-			Description: "Asia Pacific (Jakarta)",
-		},
-		"ap-southeast-4": region{
-			Description: "Asia Pacific (Melbourne)",
-		},
-		"ca-central-1": region{
-			Description: "Canada (Central)",
-		},
-		"eu-central-1": region{
-			Description: "Europe (Frankfurt)",
-		},
-		"eu-central-2": region{
-			Description: "Europe (Zurich)",
-		},
-		"eu-north-1": region{
-			Description: "Europe (Stockholm)",
-		},
-		"eu-south-1": region{
-			Description: "Europe (Milan)",
-		},
-		"eu-south-2": region{
-			Description: "Europe (Spain)",
-		},
-		"eu-west-1": region{
-			Description: "Europe (Ireland)",
-		},
-		"eu-west-2": region{
-			Description: "Europe (London)",
-		},
-		"eu-west-3": region{
-			Description: "Europe (Paris)",
-		},
-		"me-central-1": region{
-			Description: "Middle East (UAE)",
-		},
-		"me-south-1": region{
-			Description: "Middle East (Bahrain)",
-		},
-		"sa-east-1": region{
-			Description: "South America (Sao Paulo)",
-		},
-		"us-east-1": region{
-			Description: "US East (N. Virginia)",
-		},
-		"us-east-2": region{
-			Description: "US East (Ohio)",
-		},
-		"us-west-1": region{
-			Description: "US West (N. California)",
-		},
-		"us-west-2": region{
-			Description: "US West (Oregon)",
-		},
-	},
-	Services: services{
-		"a4b": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-			},
-		},
-		"access-analyzer": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-4",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ca-central-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "access-analyzer-fips.ca-central-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "fips-ca-central-1",
-				}: endpoint{
-					Hostname: "access-analyzer-fips.ca-central-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ca-central-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-1",
-				}: endpoint{
-					Hostname: "access-analyzer-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-2",
-				}: endpoint{
-					Hostname: "access-analyzer-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-1",
-				}: endpoint{
-					Hostname: "access-analyzer-fips.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-2",
-				}: endpoint{
-					Hostname: "access-analyzer-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "me-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "access-analyzer-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "access-analyzer-fips.us-east-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "access-analyzer-fips.us-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "access-analyzer-fips.us-west-2.amazonaws.com",
-				},
-			},
-		},
-		"account": service{
-			PartitionEndpoint: "aws-global",
-			IsRegionalized:    boxedFalse,
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "aws-global",
-				}: endpoint{
-					Hostname: "account.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-				},
-			},
-		},
-		"acm": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-4",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ca-central-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "acm-fips.ca-central-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "ca-central-1-fips",
-				}: endpoint{
-					Hostname: "acm-fips.ca-central-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ca-central-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "acm-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-1-fips",
-				}: endpoint{
-					Hostname: "acm-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "acm-fips.us-east-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-2-fips",
-				}: endpoint{
-					Hostname: "acm-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "acm-fips.us-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-1-fips",
-				}: endpoint{
-					Hostname: "acm-fips.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "acm-fips.us-west-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2-fips",
-				}: endpoint{
-					Hostname: "acm-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-			},
-		},
-		"acm-pca": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{
-					Protocols: []string{"https"},
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-4",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ca-central-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "acm-pca-fips.ca-central-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "fips-ca-central-1",
-				}: endpoint{
-					Hostname: "acm-pca-fips.ca-central-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ca-central-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-1",
-				}: endpoint{
-					Hostname: "acm-pca-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-2",
-				}: endpoint{
-					Hostname: "acm-pca-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-1",
-				}: endpoint{
-					Hostname: "acm-pca-fips.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-2",
-				}: endpoint{
-					Hostname: "acm-pca-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "me-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "acm-pca-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "acm-pca-fips.us-east-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "acm-pca-fips.us-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "acm-pca-fips.us-west-2.amazonaws.com",
-				},
-			},
-		},
-		"airflow": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-			},
-		},
-		"amplify": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-			},
-		},
-		"amplifybackend": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-			},
-		},
-		"amplifyuibuilder": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-			},
-		},
-		"aoss": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-			},
-		},
-		"api.detective": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{
-					Protocols: []string{"https"},
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "api.detective-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-1-fips",
-				}: endpoint{
-					Hostname: "api.detective-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "api.detective-fips.us-east-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-2-fips",
-				}: endpoint{
-					Hostname: "api.detective-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "api.detective-fips.us-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-1-fips",
-				}: endpoint{
-					Hostname: "api.detective-fips.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "api.detective-fips.us-west-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2-fips",
-				}: endpoint{
-					Hostname: "api.detective-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-			},
-		},
-		"api.ecr": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{},
-				defaultKey{
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "ecr-fips.{region}.{dnsSuffix}",
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{
-					Hostname: "api.ecr.af-south-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "af-south-1",
-					},
-				},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{
-					Hostname: "api.ecr.ap-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-east-1",
-					},
-				},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{
-					Hostname: "api.ecr.ap-northeast-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-northeast-1",
-					},
-				},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{
-					Hostname: "api.ecr.ap-northeast-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-northeast-2",
-					},
-				},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{
-					Hostname: "api.ecr.ap-northeast-3.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-northeast-3",
-					},
-				},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{
-					Hostname: "api.ecr.ap-south-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-south-1",
-					},
-				},
-				endpointKey{
-					Region: "ap-south-2",
-				}: endpoint{
-					Hostname: "api.ecr.ap-south-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-south-2",
-					},
-				},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{
-					Hostname: "api.ecr.ap-southeast-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-southeast-1",
-					},
-				},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{
-					Hostname: "api.ecr.ap-southeast-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-southeast-2",
-					},
-				},
-				endpointKey{
-					Region: "ap-southeast-3",
-				}: endpoint{
-					Hostname: "api.ecr.ap-southeast-3.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-southeast-3",
-					},
-				},
-				endpointKey{
-					Region: "ap-southeast-4",
-				}: endpoint{
-					Hostname: "api.ecr.ap-southeast-4.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-southeast-4",
-					},
-				},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{
-					Hostname: "api.ecr.ca-central-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ca-central-1",
-					},
-				},
-				endpointKey{
-					Region: "dkr-us-east-1",
-				}: endpoint{
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region:  "dkr-us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "ecr-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "dkr-us-east-2",
-				}: endpoint{
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region:  "dkr-us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "ecr-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "dkr-us-west-1",
-				}: endpoint{
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region:  "dkr-us-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "ecr-fips.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "dkr-us-west-2",
-				}: endpoint{
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region:  "dkr-us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "ecr-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{
-					Hostname: "api.ecr.eu-central-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-central-1",
-					},
-				},
-				endpointKey{
-					Region: "eu-central-2",
-				}: endpoint{
-					Hostname: "api.ecr.eu-central-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-central-2",
-					},
-				},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{
-					Hostname: "api.ecr.eu-north-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-north-1",
-					},
-				},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{
-					Hostname: "api.ecr.eu-south-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-south-1",
-					},
-				},
-				endpointKey{
-					Region: "eu-south-2",
-				}: endpoint{
-					Hostname: "api.ecr.eu-south-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-south-2",
-					},
-				},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{
-					Hostname: "api.ecr.eu-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-west-1",
-					},
-				},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{
-					Hostname: "api.ecr.eu-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-west-2",
-					},
-				},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{
-					Hostname: "api.ecr.eu-west-3.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-west-3",
-					},
-				},
-				endpointKey{
-					Region: "fips-dkr-us-east-1",
-				}: endpoint{
-					Hostname: "ecr-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-dkr-us-east-2",
-				}: endpoint{
-					Hostname: "ecr-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-dkr-us-west-1",
-				}: endpoint{
-					Hostname: "ecr-fips.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-dkr-us-west-2",
-				}: endpoint{
-					Hostname: "ecr-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-1",
-				}: endpoint{
-					Hostname: "ecr-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-2",
-				}: endpoint{
-					Hostname: "ecr-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-1",
-				}: endpoint{
-					Hostname: "ecr-fips.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-2",
-				}: endpoint{
-					Hostname: "ecr-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "me-central-1",
-				}: endpoint{
-					Hostname: "api.ecr.me-central-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "me-central-1",
-					},
-				},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{
-					Hostname: "api.ecr.me-south-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "me-south-1",
-					},
-				},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{
-					Hostname: "api.ecr.sa-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "sa-east-1",
-					},
-				},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{
-					Hostname: "api.ecr.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-				},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "ecr-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{
-					Hostname: "api.ecr.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-				},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "ecr-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-				},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{
-					Hostname: "api.ecr.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-				},
-				endpointKey{
-					Region:  "us-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "ecr-fips.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{
-					Hostname: "api.ecr.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-				},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "ecr-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-				},
-			},
-		},
-		"api.ecr-public": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{
-					Hostname: "api.ecr-public.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{
-					Hostname: "api.ecr-public.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-				},
-			},
-		},
-		"api.elastic-inference": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{
-					Hostname: "api.elastic-inference.ap-northeast-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{
-					Hostname: "api.elastic-inference.ap-northeast-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{
-					Hostname: "api.elastic-inference.eu-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{
-					Hostname: "api.elastic-inference.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{
-					Hostname: "api.elastic-inference.us-east-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{
-					Hostname: "api.elastic-inference.us-west-2.amazonaws.com",
-				},
-			},
-		},
-		"api.fleethub.iot": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ca-central-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "api.fleethub.iot-fips.ca-central-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "fips-ca-central-1",
-				}: endpoint{
-					Hostname: "api.fleethub.iot-fips.ca-central-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ca-central-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-1",
-				}: endpoint{
-					Hostname: "api.fleethub.iot-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-2",
-				}: endpoint{
-					Hostname: "api.fleethub.iot-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-2",
-				}: endpoint{
-					Hostname: "api.fleethub.iot-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "api.fleethub.iot-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "api.fleethub.iot-fips.us-east-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "api.fleethub.iot-fips.us-west-2.amazonaws.com",
-				},
-			},
-		},
-		"api.iotdeviceadvisor": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{
-					Hostname: "api.iotdeviceadvisor.ap-northeast-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-northeast-1",
-					},
-				},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{
-					Hostname: "api.iotdeviceadvisor.eu-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-west-1",
-					},
-				},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{
-					Hostname: "api.iotdeviceadvisor.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{
-					Hostname: "api.iotdeviceadvisor.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-				},
-			},
-		},
-		"api.iotwireless": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{
-					Hostname: "api.iotwireless.ap-northeast-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-northeast-1",
-					},
-				},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{
-					Hostname: "api.iotwireless.ap-southeast-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-southeast-2",
-					},
-				},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{
-					Hostname: "api.iotwireless.eu-central-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-central-1",
-					},
-				},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{
-					Hostname: "api.iotwireless.eu-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-west-1",
-					},
-				},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{
-					Hostname: "api.iotwireless.sa-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "sa-east-1",
-					},
-				},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{
-					Hostname: "api.iotwireless.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{
-					Hostname: "api.iotwireless.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-				},
-			},
-		},
-		"api.mediatailor": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-			},
-		},
-		"api.pricing": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{
-					CredentialScope: credentialScope{
-						Service: "pricing",
-					},
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-			},
-		},
-		"api.sagemaker": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{},
-				defaultKey{
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "api-fips.sagemaker.{region}.{dnsSuffix}",
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-4",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "api-fips.sagemaker.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-1-fips",
-				}: endpoint{
-					Hostname: "api-fips.sagemaker.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "api-fips.sagemaker.us-east-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-2-fips",
-				}: endpoint{
-					Hostname: "api-fips.sagemaker.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "api-fips.sagemaker.us-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-1-fips",
-				}: endpoint{
-					Hostname: "api-fips.sagemaker.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "api-fips.sagemaker.us-west-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2-fips",
-				}: endpoint{
-					Hostname: "api-fips.sagemaker.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-			},
-		},
-		"api.tunneling.iot": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{},
-				defaultKey{
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "api.tunneling.iot-fips.{region}.{dnsSuffix}",
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ca-central-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "api.tunneling.iot-fips.ca-central-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "fips-ca-central-1",
-				}: endpoint{
-					Hostname: "api.tunneling.iot-fips.ca-central-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ca-central-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-1",
-				}: endpoint{
-					Hostname: "api.tunneling.iot-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-2",
-				}: endpoint{
-					Hostname: "api.tunneling.iot-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-1",
-				}: endpoint{
-					Hostname: "api.tunneling.iot-fips.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-2",
-				}: endpoint{
-					Hostname: "api.tunneling.iot-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "me-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "api.tunneling.iot-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "api.tunneling.iot-fips.us-east-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "api.tunneling.iot-fips.us-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "api.tunneling.iot-fips.us-west-2.amazonaws.com",
-				},
-			},
-		},
-		"apigateway": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-4",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ca-central-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "apigateway-fips.ca-central-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "fips-ca-central-1",
-				}: endpoint{
-					Hostname: "apigateway-fips.ca-central-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ca-central-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-1",
-				}: endpoint{
-					Hostname: "apigateway-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-2",
-				}: endpoint{
-					Hostname: "apigateway-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-1",
-				}: endpoint{
-					Hostname: "apigateway-fips.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-2",
-				}: endpoint{
-					Hostname: "apigateway-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "me-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "apigateway-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "apigateway-fips.us-east-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "apigateway-fips.us-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "apigateway-fips.us-west-2.amazonaws.com",
-				},
-			},
-		},
-		"app-integrations": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-			},
-		},
-		"appconfig": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-4",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-			},
-		},
-		"appconfigdata": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-4",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-			},
-		},
-		"appflow": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-			},
-		},
-		"application-autoscaling": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{
-					Protocols: []string{"http", "https"},
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-4",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-			},
-		},
-		"applicationinsights": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-			},
-		},
-		"appmesh": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "af-south-1",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "appmesh.af-south-1.api.aws",
-				},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ap-east-1",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "appmesh.ap-east-1.api.aws",
-				},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ap-northeast-1",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "appmesh.ap-northeast-1.api.aws",
-				},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ap-northeast-2",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "appmesh.ap-northeast-2.api.aws",
-				},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ap-northeast-3",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "appmesh.ap-northeast-3.api.aws",
-				},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ap-south-1",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "appmesh.ap-south-1.api.aws",
-				},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ap-southeast-1",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "appmesh.ap-southeast-1.api.aws",
-				},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ap-southeast-2",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "appmesh.ap-southeast-2.api.aws",
-				},
-				endpointKey{
-					Region: "ap-southeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ap-southeast-3",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "appmesh.ap-southeast-3.api.aws",
-				},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ca-central-1",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "appmesh.ca-central-1.api.aws",
-				},
-				endpointKey{
-					Region:  "ca-central-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "appmesh-fips.ca-central-1.amazonaws.com",
-				},
-				endpointKey{
-					Region:  "ca-central-1",
-					Variant: fipsVariant | dualStackVariant,
-				}: endpoint{
-					Hostname: "appmesh-fips.ca-central-1.api.aws",
-				},
-				endpointKey{
-					Region: "ca-central-1-fips",
-				}: endpoint{
-					Hostname: "appmesh-fips.ca-central-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ca-central-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "eu-central-1",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "appmesh.eu-central-1.api.aws",
-				},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "eu-north-1",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "appmesh.eu-north-1.api.aws",
-				},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "eu-south-1",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "appmesh.eu-south-1.api.aws",
-				},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "eu-west-1",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "appmesh.eu-west-1.api.aws",
-				},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "eu-west-2",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "appmesh.eu-west-2.api.aws",
-				},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region:  "eu-west-3",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "appmesh.eu-west-3.api.aws",
-				},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "me-south-1",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "appmesh.me-south-1.api.aws",
-				},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "sa-east-1",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "appmesh.sa-east-1.api.aws",
-				},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "appmesh.us-east-1.api.aws",
-				},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "appmesh-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant | dualStackVariant,
-				}: endpoint{
-					Hostname: "appmesh-fips.us-east-1.api.aws",
-				},
-				endpointKey{
-					Region: "us-east-1-fips",
-				}: endpoint{
-					Hostname: "appmesh-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "appmesh.us-east-2.api.aws",
-				},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "appmesh-fips.us-east-2.amazonaws.com",
-				},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant | dualStackVariant,
-				}: endpoint{
-					Hostname: "appmesh-fips.us-east-2.api.aws",
-				},
-				endpointKey{
-					Region: "us-east-2-fips",
-				}: endpoint{
-					Hostname: "appmesh-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-1",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "appmesh.us-west-1.api.aws",
-				},
-				endpointKey{
-					Region:  "us-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "appmesh-fips.us-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region:  "us-west-1",
-					Variant: fipsVariant | dualStackVariant,
-				}: endpoint{
-					Hostname: "appmesh-fips.us-west-1.api.aws",
-				},
-				endpointKey{
-					Region: "us-west-1-fips",
-				}: endpoint{
-					Hostname: "appmesh-fips.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "appmesh.us-west-2.api.aws",
-				},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "appmesh-fips.us-west-2.amazonaws.com",
-				},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant | dualStackVariant,
-				}: endpoint{
-					Hostname: "appmesh-fips.us-west-2.api.aws",
-				},
-				endpointKey{
-					Region: "us-west-2-fips",
-				}: endpoint{
-					Hostname: "appmesh-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-			},
-		},
-		"apprunner": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "fips-us-east-1",
-				}: endpoint{
-					Hostname: "apprunner-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-2",
-				}: endpoint{
-					Hostname: "apprunner-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-2",
-				}: endpoint{
-					Hostname: "apprunner-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "apprunner-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "apprunner-fips.us-east-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "apprunner-fips.us-west-2.amazonaws.com",
-				},
-			},
-		},
-		"appstream2": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{
-					Protocols: []string{"https"},
-					CredentialScope: credentialScope{
-						Service: "appstream",
-					},
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "fips",
-				}: endpoint{
-					Hostname: "appstream2-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "appstream2-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-1-fips",
-				}: endpoint{
-					Hostname: "appstream2-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "appstream2-fips.us-west-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2-fips",
-				}: endpoint{
-					Hostname: "appstream2-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-			},
-		},
-		"appsync": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-			},
-		},
-		"aps": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{
-					Protocols: []string{"https"},
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-			},
-		},
-		"arc-zonal-shift": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-4",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-			},
-		},
-		"athena": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "af-south-1",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "athena.af-south-1.api.aws",
-				},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ap-east-1",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "athena.ap-east-1.api.aws",
-				},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ap-northeast-1",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "athena.ap-northeast-1.api.aws",
-				},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ap-northeast-2",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "athena.ap-northeast-2.api.aws",
-				},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ap-northeast-3",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "athena.ap-northeast-3.api.aws",
-				},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ap-south-1",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "athena.ap-south-1.api.aws",
-				},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ap-southeast-1",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "athena.ap-southeast-1.api.aws",
-				},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ap-southeast-2",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "athena.ap-southeast-2.api.aws",
-				},
-				endpointKey{
-					Region: "ap-southeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ap-southeast-3",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "athena.ap-southeast-3.api.aws",
-				},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ca-central-1",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "athena.ca-central-1.api.aws",
-				},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "eu-central-1",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "athena.eu-central-1.api.aws",
-				},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "eu-north-1",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "athena.eu-north-1.api.aws",
-				},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "eu-south-1",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "athena.eu-south-1.api.aws",
-				},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "eu-west-1",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "athena.eu-west-1.api.aws",
-				},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "eu-west-2",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "athena.eu-west-2.api.aws",
-				},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region:  "eu-west-3",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "athena.eu-west-3.api.aws",
-				},
-				endpointKey{
-					Region: "fips-us-east-1",
-				}: endpoint{
-					Hostname: "athena-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-2",
-				}: endpoint{
-					Hostname: "athena-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-1",
-				}: endpoint{
-					Hostname: "athena-fips.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-2",
-				}: endpoint{
-					Hostname: "athena-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "me-south-1",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "athena.me-south-1.api.aws",
-				},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "sa-east-1",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "athena.sa-east-1.api.aws",
-				},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "athena.us-east-1.api.aws",
-				},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "athena-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant | dualStackVariant,
-				}: endpoint{
-					Hostname: "athena-fips.us-east-1.api.aws",
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "athena.us-east-2.api.aws",
-				},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "athena-fips.us-east-2.amazonaws.com",
-				},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant | dualStackVariant,
-				}: endpoint{
-					Hostname: "athena-fips.us-east-2.api.aws",
-				},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-1",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "athena.us-west-1.api.aws",
-				},
-				endpointKey{
-					Region:  "us-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "athena-fips.us-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region:  "us-west-1",
-					Variant: fipsVariant | dualStackVariant,
-				}: endpoint{
-					Hostname: "athena-fips.us-west-1.api.aws",
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "athena.us-west-2.api.aws",
-				},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "athena-fips.us-west-2.amazonaws.com",
-				},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant | dualStackVariant,
-				}: endpoint{
-					Hostname: "athena-fips.us-west-2.api.aws",
-				},
-			},
-		},
-		"auditmanager": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-			},
-		},
-		"autoscaling": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{
-					Protocols: []string{"http", "https"},
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-4",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-			},
-		},
-		"autoscaling-plans": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{
-					Protocols: []string{"http", "https"},
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-			},
-		},
-		"backup": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-4",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-			},
-		},
-		"backup-gateway": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-			},
-		},
-		"backupstorage": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-			},
-		},
-		"batch": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{},
-				defaultKey{
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "fips.batch.{region}.{dnsSuffix}",
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-4",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "fips-us-east-1",
-				}: endpoint{
-					Hostname: "fips.batch.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-2",
-				}: endpoint{
-					Hostname: "fips.batch.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-1",
-				}: endpoint{
-					Hostname: "fips.batch.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-2",
-				}: endpoint{
-					Hostname: "fips.batch.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "me-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "fips.batch.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "fips.batch.us-east-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "fips.batch.us-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "fips.batch.us-west-2.amazonaws.com",
-				},
-			},
-		},
-		"billingconductor": service{
-			PartitionEndpoint: "aws-global",
-			IsRegionalized:    boxedFalse,
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "aws-global",
-				}: endpoint{
-					Hostname: "billingconductor.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-				},
-			},
-		},
-		"braket": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-			},
-		},
-		"budgets": service{
-			PartitionEndpoint: "aws-global",
-			IsRegionalized:    boxedFalse,
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "aws-global",
-				}: endpoint{
-					Hostname: "budgets.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-				},
-			},
-		},
-		"cases": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "fips-us-east-1",
-				}: endpoint{
-
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-2",
-				}: endpoint{
-
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{},
-			},
-		},
-		"cassandra": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "fips-us-east-1",
-				}: endpoint{
-					Hostname: "cassandra-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-2",
-				}: endpoint{
-					Hostname: "cassandra-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "cassandra-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "cassandra-fips.us-west-2.amazonaws.com",
-				},
-			},
-		},
-		"catalog.marketplace": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-			},
-		},
-		"ce": service{
-			PartitionEndpoint: "aws-global",
-			IsRegionalized:    boxedFalse,
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "aws-global",
-				}: endpoint{
-					Hostname: "ce.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-				},
-			},
-		},
-		"chime": service{
-			PartitionEndpoint: "aws-global",
-			IsRegionalized:    boxedFalse,
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{
-					Protocols: []string{"https"},
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "aws-global",
-				}: endpoint{
-					Hostname:  "chime.us-east-1.amazonaws.com",
-					Protocols: []string{"https"},
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-				},
-			},
-		},
-		"cleanrooms": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-			},
-		},
-		"cloud9": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-			},
-		},
-		"cloudcontrolapi": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-4",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ca-central-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "cloudcontrolapi-fips.ca-central-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "fips-ca-central-1",
-				}: endpoint{
-					Hostname: "cloudcontrolapi-fips.ca-central-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ca-central-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-1",
-				}: endpoint{
-					Hostname: "cloudcontrolapi-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-2",
-				}: endpoint{
-					Hostname: "cloudcontrolapi-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-1",
-				}: endpoint{
-					Hostname: "cloudcontrolapi-fips.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-2",
-				}: endpoint{
-					Hostname: "cloudcontrolapi-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "me-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "cloudcontrolapi-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "cloudcontrolapi-fips.us-east-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "cloudcontrolapi-fips.us-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "cloudcontrolapi-fips.us-west-2.amazonaws.com",
-				},
-			},
-		},
-		"clouddirectory": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-			},
-		},
-		"cloudformation": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-4",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "cloudformation-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-1-fips",
-				}: endpoint{
-					Hostname: "cloudformation-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "cloudformation-fips.us-east-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-2-fips",
-				}: endpoint{
-					Hostname: "cloudformation-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "cloudformation-fips.us-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-1-fips",
-				}: endpoint{
-					Hostname: "cloudformation-fips.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "cloudformation-fips.us-west-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2-fips",
-				}: endpoint{
-					Hostname: "cloudformation-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-			},
-		},
-		"cloudfront": service{
-			PartitionEndpoint: "aws-global",
-			IsRegionalized:    boxedFalse,
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "aws-global",
-				}: endpoint{
-					Hostname:  "cloudfront.amazonaws.com",
-					Protocols: []string{"http", "https"},
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-				},
-			},
-		},
-		"cloudhsm": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-			},
-		},
-		"cloudhsmv2": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{
-					CredentialScope: credentialScope{
-						Service: "cloudhsm",
-					},
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-			},
-		},
-		"cloudsearch": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-			},
-		},
-		"cloudtrail": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-4",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "fips-us-east-1",
-				}: endpoint{
-					Hostname: "cloudtrail-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-2",
-				}: endpoint{
-					Hostname: "cloudtrail-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-1",
-				}: endpoint{
-					Hostname: "cloudtrail-fips.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-2",
-				}: endpoint{
-					Hostname: "cloudtrail-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "me-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "cloudtrail-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "cloudtrail-fips.us-east-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "cloudtrail-fips.us-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "cloudtrail-fips.us-west-2.amazonaws.com",
-				},
-			},
-		},
-		"cloudtrail-data": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-			},
-		},
-		"codeartifact": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-			},
-		},
-		"codebuild": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-4",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "codebuild-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-1-fips",
-				}: endpoint{
-					Hostname: "codebuild-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "codebuild-fips.us-east-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-2-fips",
-				}: endpoint{
-					Hostname: "codebuild-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "codebuild-fips.us-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-1-fips",
-				}: endpoint{
-					Hostname: "codebuild-fips.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "codebuild-fips.us-west-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2-fips",
-				}: endpoint{
-					Hostname: "codebuild-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-			},
-		},
-		"codecatalyst": service{
-			PartitionEndpoint: "aws-global",
-			IsRegionalized:    boxedFalse,
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "aws-global",
-				}: endpoint{
-					Hostname: "codecatalyst.global.api.aws",
-				},
-			},
-		},
-		"codecommit": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ca-central-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "codecommit-fips.ca-central-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "ca-central-1-fips",
-				}: endpoint{
-					Hostname: "codecommit-fips.ca-central-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ca-central-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "fips",
-				}: endpoint{
-					Hostname: "codecommit-fips.ca-central-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ca-central-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "me-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "codecommit-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-1-fips",
-				}: endpoint{
-					Hostname: "codecommit-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "codecommit-fips.us-east-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-2-fips",
-				}: endpoint{
-					Hostname: "codecommit-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "codecommit-fips.us-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-1-fips",
-				}: endpoint{
-					Hostname: "codecommit-fips.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "codecommit-fips.us-west-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2-fips",
-				}: endpoint{
-					Hostname: "codecommit-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-			},
-		},
-		"codedeploy": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-4",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "codedeploy-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-1-fips",
-				}: endpoint{
-					Hostname: "codedeploy-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "codedeploy-fips.us-east-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-2-fips",
-				}: endpoint{
-					Hostname: "codedeploy-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "codedeploy-fips.us-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-1-fips",
-				}: endpoint{
-					Hostname: "codedeploy-fips.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "codedeploy-fips.us-west-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2-fips",
-				}: endpoint{
-					Hostname: "codedeploy-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-			},
-		},
-		"codeguru-reviewer": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-			},
-		},
-		"codepipeline": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ca-central-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "codepipeline-fips.ca-central-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "fips-ca-central-1",
-				}: endpoint{
-					Hostname: "codepipeline-fips.ca-central-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ca-central-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-1",
-				}: endpoint{
-					Hostname: "codepipeline-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-2",
-				}: endpoint{
-					Hostname: "codepipeline-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-1",
-				}: endpoint{
-					Hostname: "codepipeline-fips.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-2",
-				}: endpoint{
-					Hostname: "codepipeline-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "codepipeline-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "codepipeline-fips.us-east-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "codepipeline-fips.us-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "codepipeline-fips.us-west-2.amazonaws.com",
-				},
-			},
-		},
-		"codestar": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-			},
-		},
-		"codestar-connections": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-			},
-		},
-		"codestar-notifications": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-			},
-		},
-		"cognito-identity": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "fips-us-east-1",
-				}: endpoint{
-					Hostname: "cognito-identity-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-2",
-				}: endpoint{
-					Hostname: "cognito-identity-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-1",
-				}: endpoint{
-					Hostname: "cognito-identity-fips.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-2",
-				}: endpoint{
-					Hostname: "cognito-identity-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "cognito-identity-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "cognito-identity-fips.us-east-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "cognito-identity-fips.us-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "cognito-identity-fips.us-west-2.amazonaws.com",
-				},
-			},
-		},
-		"cognito-idp": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "fips-us-east-1",
-				}: endpoint{
-					Hostname: "cognito-idp-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-2",
-				}: endpoint{
-					Hostname: "cognito-idp-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-1",
-				}: endpoint{
-					Hostname: "cognito-idp-fips.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-2",
-				}: endpoint{
-					Hostname: "cognito-idp-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "cognito-idp-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "cognito-idp-fips.us-east-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "cognito-idp-fips.us-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "cognito-idp-fips.us-west-2.amazonaws.com",
-				},
-			},
-		},
-		"cognito-sync": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-			},
-		},
-		"comprehend": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{
-					Protocols: []string{"https"},
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "fips-us-east-1",
-				}: endpoint{
-					Hostname: "comprehend-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-2",
-				}: endpoint{
-					Hostname: "comprehend-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-2",
-				}: endpoint{
-					Hostname: "comprehend-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "comprehend-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "comprehend-fips.us-east-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "comprehend-fips.us-west-2.amazonaws.com",
-				},
-			},
-		},
-		"comprehendmedical": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "fips-us-east-1",
-				}: endpoint{
-					Hostname: "comprehendmedical-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-2",
-				}: endpoint{
-					Hostname: "comprehendmedical-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-2",
-				}: endpoint{
-					Hostname: "comprehendmedical-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "comprehendmedical-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "comprehendmedical-fips.us-east-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "comprehendmedical-fips.us-west-2.amazonaws.com",
-				},
-			},
-		},
-		"compute-optimizer": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{
-					Hostname: "compute-optimizer.af-south-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "af-south-1",
-					},
-				},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{
-					Hostname: "compute-optimizer.ap-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-east-1",
-					},
-				},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{
-					Hostname: "compute-optimizer.ap-northeast-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-northeast-1",
-					},
-				},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{
-					Hostname: "compute-optimizer.ap-northeast-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-northeast-2",
-					},
-				},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{
-					Hostname: "compute-optimizer.ap-northeast-3.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-northeast-3",
-					},
-				},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{
-					Hostname: "compute-optimizer.ap-south-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-south-1",
-					},
-				},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{
-					Hostname: "compute-optimizer.ap-southeast-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-southeast-1",
-					},
-				},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{
-					Hostname: "compute-optimizer.ap-southeast-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-southeast-2",
-					},
-				},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{
-					Hostname: "compute-optimizer.ca-central-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ca-central-1",
-					},
-				},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{
-					Hostname: "compute-optimizer.eu-central-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-central-1",
-					},
-				},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{
-					Hostname: "compute-optimizer.eu-north-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-north-1",
-					},
-				},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{
-					Hostname: "compute-optimizer.eu-south-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-south-1",
-					},
-				},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{
-					Hostname: "compute-optimizer.eu-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-west-1",
-					},
-				},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{
-					Hostname: "compute-optimizer.eu-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-west-2",
-					},
-				},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{
-					Hostname: "compute-optimizer.eu-west-3.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-west-3",
-					},
-				},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{
-					Hostname: "compute-optimizer.me-south-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "me-south-1",
-					},
-				},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{
-					Hostname: "compute-optimizer.sa-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "sa-east-1",
-					},
-				},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{
-					Hostname: "compute-optimizer.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{
-					Hostname: "compute-optimizer.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-				},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{
-					Hostname: "compute-optimizer.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{
-					Hostname: "compute-optimizer.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-				},
-			},
-		},
-		"config": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-4",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "fips-us-east-1",
-				}: endpoint{
-					Hostname: "config-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-2",
-				}: endpoint{
-					Hostname: "config-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-1",
-				}: endpoint{
-					Hostname: "config-fips.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-2",
-				}: endpoint{
-					Hostname: "config-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "me-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "config-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "config-fips.us-east-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "config-fips.us-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "config-fips.us-west-2.amazonaws.com",
-				},
-			},
-		},
-		"connect": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "fips-us-east-1",
-				}: endpoint{
-					Hostname: "connect-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-2",
-				}: endpoint{
-					Hostname: "connect-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "connect-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "connect-fips.us-west-2.amazonaws.com",
-				},
-			},
-		},
-		"connect-campaigns": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "fips-us-east-1",
-				}: endpoint{
-					Hostname: "connect-campaigns-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-2",
-				}: endpoint{
-					Hostname: "connect-campaigns-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "connect-campaigns-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "connect-campaigns-fips.us-west-2.amazonaws.com",
-				},
-			},
-		},
-		"contact-lens": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-			},
-		},
-		"controltower": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ca-central-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "controltower-fips.ca-central-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "ca-central-1-fips",
-				}: endpoint{
-					Hostname: "controltower-fips.ca-central-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ca-central-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "controltower-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-1-fips",
-				}: endpoint{
-					Hostname: "controltower-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "controltower-fips.us-east-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-2-fips",
-				}: endpoint{
-					Hostname: "controltower-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "controltower-fips.us-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-1-fips",
-				}: endpoint{
-					Hostname: "controltower-fips.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "controltower-fips.us-west-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2-fips",
-				}: endpoint{
-					Hostname: "controltower-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-			},
-		},
-		"cur": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-			},
-		},
-		"data-ats.iot": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{
-					Protocols: []string{"https"},
-					CredentialScope: credentialScope{
-						Service: "iotdata",
-					},
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ca-central-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "data.iot-fips.ca-central-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "fips-ca-central-1",
-				}: endpoint{
-					Hostname: "data.iot-fips.ca-central-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Service: "iotdata",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-1",
-				}: endpoint{
-					Hostname: "data.iot-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Service: "iotdata",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-2",
-				}: endpoint{
-					Hostname: "data.iot-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Service: "iotdata",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-1",
-				}: endpoint{
-					Hostname: "data.iot-fips.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Service: "iotdata",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-2",
-				}: endpoint{
-					Hostname: "data.iot-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Service: "iotdata",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "me-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "data.iot-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "data.iot-fips.us-east-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "data.iot-fips.us-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "data.iot-fips.us-west-2.amazonaws.com",
-				},
-			},
-		},
-		"data.jobs.iot": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ca-central-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "data.jobs.iot-fips.ca-central-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "fips-ca-central-1",
-				}: endpoint{
-					Hostname: "data.jobs.iot-fips.ca-central-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ca-central-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-1",
-				}: endpoint{
-					Hostname: "data.jobs.iot-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-2",
-				}: endpoint{
-					Hostname: "data.jobs.iot-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-1",
-				}: endpoint{
-					Hostname: "data.jobs.iot-fips.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-2",
-				}: endpoint{
-					Hostname: "data.jobs.iot-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "data.jobs.iot-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "data.jobs.iot-fips.us-east-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "data.jobs.iot-fips.us-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "data.jobs.iot-fips.us-west-2.amazonaws.com",
-				},
-			},
-		},
-		"data.mediastore": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-			},
-		},
-		"databrew": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "fips-us-east-1",
-				}: endpoint{
-					Hostname: "databrew-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-2",
-				}: endpoint{
-					Hostname: "databrew-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-1",
-				}: endpoint{
-					Hostname: "databrew-fips.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-2",
-				}: endpoint{
-					Hostname: "databrew-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "databrew-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "databrew-fips.us-east-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "databrew-fips.us-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "databrew-fips.us-west-2.amazonaws.com",
-				},
-			},
-		},
-		"dataexchange": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-			},
-		},
-		"datapipeline": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-			},
-		},
-		"datasync": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-4",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ca-central-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "datasync-fips.ca-central-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "fips-ca-central-1",
-				}: endpoint{
-					Hostname: "datasync-fips.ca-central-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ca-central-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-1",
-				}: endpoint{
-					Hostname: "datasync-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-2",
-				}: endpoint{
-					Hostname: "datasync-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-1",
-				}: endpoint{
-					Hostname: "datasync-fips.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-2",
-				}: endpoint{
-					Hostname: "datasync-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "me-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "datasync-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "datasync-fips.us-east-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "datasync-fips.us-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "datasync-fips.us-west-2.amazonaws.com",
-				},
-			},
-		},
-		"dax": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-			},
-		},
-		"devicefarm": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-			},
-		},
-		"devops-guru": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{
-					Protocols: []string{"https"},
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ca-central-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "devops-guru-fips.ca-central-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "fips-ca-central-1",
-				}: endpoint{
-					Hostname: "devops-guru-fips.ca-central-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ca-central-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-1",
-				}: endpoint{
-					Hostname: "devops-guru-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-2",
-				}: endpoint{
-					Hostname: "devops-guru-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-1",
-				}: endpoint{
-					Hostname: "devops-guru-fips.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-2",
-				}: endpoint{
-					Hostname: "devops-guru-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "devops-guru-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "devops-guru-fips.us-east-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "devops-guru-fips.us-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "devops-guru-fips.us-west-2.amazonaws.com",
-				},
-			},
-		},
-		"directconnect": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-4",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "fips-us-east-1",
-				}: endpoint{
-					Hostname: "directconnect-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-2",
-				}: endpoint{
-					Hostname: "directconnect-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-1",
-				}: endpoint{
-					Hostname: "directconnect-fips.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-2",
-				}: endpoint{
-					Hostname: "directconnect-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "me-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "directconnect-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "directconnect-fips.us-east-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "directconnect-fips.us-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "directconnect-fips.us-west-2.amazonaws.com",
-				},
-			},
-		},
-		"discovery": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-			},
-		},
-		"dlm": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-4",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-			},
-		},
-		"dms": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-4",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "dms",
-				}: endpoint{
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region:  "dms",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "dms-fips.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "dms-fips",
-				}: endpoint{
-					Hostname: "dms-fips.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "dms-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-1-fips",
-				}: endpoint{
-					Hostname: "dms-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "dms-fips.us-east-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-2-fips",
-				}: endpoint{
-					Hostname: "dms-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "dms-fips.us-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-1-fips",
-				}: endpoint{
-					Hostname: "dms-fips.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "dms-fips.us-west-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2-fips",
-				}: endpoint{
-					Hostname: "dms-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-			},
-		},
-		"docdb": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{
-					Hostname: "rds.ap-northeast-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-northeast-1",
-					},
-				},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{
-					Hostname: "rds.ap-northeast-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-northeast-2",
-					},
-				},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{
-					Hostname: "rds.ap-south-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-south-1",
-					},
-				},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{
-					Hostname: "rds.ap-southeast-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-southeast-1",
-					},
-				},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{
-					Hostname: "rds.ap-southeast-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-southeast-2",
-					},
-				},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{
-					Hostname: "rds.ca-central-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ca-central-1",
-					},
-				},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{
-					Hostname: "rds.eu-central-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-central-1",
-					},
-				},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{
-					Hostname: "rds.eu-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-west-1",
-					},
-				},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{
-					Hostname: "rds.eu-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-west-2",
-					},
-				},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{
-					Hostname: "rds.eu-west-3.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-west-3",
-					},
-				},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{
-					Hostname: "rds.sa-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "sa-east-1",
-					},
-				},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{
-					Hostname: "rds.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{
-					Hostname: "rds.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{
-					Hostname: "rds.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-				},
-			},
-		},
-		"drs": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-			},
-		},
-		"ds": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-4",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ca-central-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "ds-fips.ca-central-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "fips-ca-central-1",
-				}: endpoint{
-					Hostname: "ds-fips.ca-central-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ca-central-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-1",
-				}: endpoint{
-					Hostname: "ds-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-2",
-				}: endpoint{
-					Hostname: "ds-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-1",
-				}: endpoint{
-					Hostname: "ds-fips.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-2",
-				}: endpoint{
-					Hostname: "ds-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "me-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "ds-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "ds-fips.us-east-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "ds-fips.us-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "ds-fips.us-west-2.amazonaws.com",
-				},
-			},
-		},
-		"dynamodb": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{
-					Protocols: []string{"http", "https"},
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-4",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ca-central-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "dynamodb-fips.ca-central-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "ca-central-1-fips",
-				}: endpoint{
-					Hostname: "dynamodb-fips.ca-central-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ca-central-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "local",
-				}: endpoint{
-					Hostname:  "localhost:8000",
-					Protocols: []string{"http"},
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-				},
-				endpointKey{
-					Region: "me-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "dynamodb-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-1-fips",
-				}: endpoint{
-					Hostname: "dynamodb-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "dynamodb-fips.us-east-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-2-fips",
-				}: endpoint{
-					Hostname: "dynamodb-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "dynamodb-fips.us-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-1-fips",
-				}: endpoint{
-					Hostname: "dynamodb-fips.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "dynamodb-fips.us-west-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2-fips",
-				}: endpoint{
-					Hostname: "dynamodb-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-			},
-		},
-		"ebs": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-4",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ca-central-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "ebs-fips.ca-central-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "fips-ca-central-1",
-				}: endpoint{
-					Hostname: "ebs-fips.ca-central-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ca-central-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-1",
-				}: endpoint{
-					Hostname: "ebs-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-2",
-				}: endpoint{
-					Hostname: "ebs-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-1",
-				}: endpoint{
-					Hostname: "ebs-fips.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-2",
-				}: endpoint{
-					Hostname: "ebs-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "me-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "ebs-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "ebs-fips.us-east-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "ebs-fips.us-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "ebs-fips.us-west-2.amazonaws.com",
-				},
-			},
-		},
-		"ec2": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{
-					Protocols: []string{"http", "https"},
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ap-south-1",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "ec2.ap-south-1.api.aws",
-				},
-				endpointKey{
-					Region: "ap-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-4",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ca-central-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "ec2-fips.ca-central-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "eu-west-1",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "ec2.eu-west-1.api.aws",
-				},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "fips-ca-central-1",
-				}: endpoint{
-					Hostname: "ec2-fips.ca-central-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ca-central-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-1",
-				}: endpoint{
-					Hostname: "ec2-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-2",
-				}: endpoint{
-					Hostname: "ec2-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-1",
-				}: endpoint{
-					Hostname: "ec2-fips.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-2",
-				}: endpoint{
-					Hostname: "ec2-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "me-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "sa-east-1",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "ec2.sa-east-1.api.aws",
-				},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "ec2.us-east-1.api.aws",
-				},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "ec2-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "ec2.us-east-2.api.aws",
-				},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "ec2-fips.us-east-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "ec2-fips.us-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "ec2.us-west-2.api.aws",
-				},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "ec2-fips.us-west-2.amazonaws.com",
-				},
-			},
-		},
-		"ecs": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-4",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "fips-us-east-1",
-				}: endpoint{
-					Hostname: "ecs-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-2",
-				}: endpoint{
-					Hostname: "ecs-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-1",
-				}: endpoint{
-					Hostname: "ecs-fips.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-2",
-				}: endpoint{
-					Hostname: "ecs-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "me-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "ecs-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "ecs-fips.us-east-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "ecs-fips.us-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "ecs-fips.us-west-2.amazonaws.com",
-				},
-			},
-		},
-		"edge.sagemaker": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-			},
-		},
-		"eks": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{
-					Protocols: []string{"http", "https"},
-				},
-				defaultKey{
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname:  "fips.eks.{region}.{dnsSuffix}",
-					Protocols: []string{"http", "https"},
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-4",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "fips-us-east-1",
-				}: endpoint{
-					Hostname: "fips.eks.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-2",
-				}: endpoint{
-					Hostname: "fips.eks.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-1",
-				}: endpoint{
-					Hostname: "fips.eks.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-2",
-				}: endpoint{
-					Hostname: "fips.eks.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "me-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "fips.eks.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "fips.eks.us-east-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "fips.eks.us-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "fips.eks.us-west-2.amazonaws.com",
-				},
-			},
-		},
-		"elasticache": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-4",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "fips",
-				}: endpoint{
-					Hostname: "elasticache-fips.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "me-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "elasticache-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-1-fips",
-				}: endpoint{
-					Hostname: "elasticache-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "elasticache-fips.us-east-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-2-fips",
-				}: endpoint{
-					Hostname: "elasticache-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "elasticache-fips.us-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-1-fips",
-				}: endpoint{
-					Hostname: "elasticache-fips.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "elasticache-fips.us-west-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2-fips",
-				}: endpoint{
-					Hostname: "elasticache-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-			},
-		},
-		"elasticbeanstalk": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "fips-us-east-1",
-				}: endpoint{
-					Hostname: "elasticbeanstalk-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-2",
-				}: endpoint{
-					Hostname: "elasticbeanstalk-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-1",
-				}: endpoint{
-					Hostname: "elasticbeanstalk-fips.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-2",
-				}: endpoint{
-					Hostname: "elasticbeanstalk-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "elasticbeanstalk-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "elasticbeanstalk-fips.us-east-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "elasticbeanstalk-fips.us-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "elasticbeanstalk-fips.us-west-2.amazonaws.com",
-				},
-			},
-		},
-		"elasticfilesystem": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "af-south-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "elasticfilesystem-fips.af-south-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ap-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "elasticfilesystem-fips.ap-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ap-northeast-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "elasticfilesystem-fips.ap-northeast-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ap-northeast-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "elasticfilesystem-fips.ap-northeast-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ap-northeast-3",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "elasticfilesystem-fips.ap-northeast-3.amazonaws.com",
-				},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ap-south-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "elasticfilesystem-fips.ap-south-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "ap-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ap-south-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "elasticfilesystem-fips.ap-south-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ap-southeast-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "elasticfilesystem-fips.ap-southeast-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ap-southeast-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "elasticfilesystem-fips.ap-southeast-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "ap-southeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ap-southeast-3",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "elasticfilesystem-fips.ap-southeast-3.amazonaws.com",
-				},
-				endpointKey{
-					Region: "ap-southeast-4",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ap-southeast-4",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "elasticfilesystem-fips.ap-southeast-4.amazonaws.com",
-				},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ca-central-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "elasticfilesystem-fips.ca-central-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "eu-central-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "elasticfilesystem-fips.eu-central-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "eu-central-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "eu-central-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "elasticfilesystem-fips.eu-central-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "eu-north-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "elasticfilesystem-fips.eu-north-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "eu-south-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "elasticfilesystem-fips.eu-south-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "eu-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "eu-south-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "elasticfilesystem-fips.eu-south-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "eu-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "elasticfilesystem-fips.eu-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "eu-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "elasticfilesystem-fips.eu-west-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region:  "eu-west-3",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "elasticfilesystem-fips.eu-west-3.amazonaws.com",
-				},
-				endpointKey{
-					Region: "fips-af-south-1",
-				}: endpoint{
-					Hostname: "elasticfilesystem-fips.af-south-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "af-south-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-ap-east-1",
-				}: endpoint{
-					Hostname: "elasticfilesystem-fips.ap-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-ap-northeast-1",
-				}: endpoint{
-					Hostname: "elasticfilesystem-fips.ap-northeast-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-northeast-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-ap-northeast-2",
-				}: endpoint{
-					Hostname: "elasticfilesystem-fips.ap-northeast-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-northeast-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-ap-northeast-3",
-				}: endpoint{
-					Hostname: "elasticfilesystem-fips.ap-northeast-3.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-northeast-3",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-ap-south-1",
-				}: endpoint{
-					Hostname: "elasticfilesystem-fips.ap-south-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-south-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-ap-south-2",
-				}: endpoint{
-					Hostname: "elasticfilesystem-fips.ap-south-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-south-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-ap-southeast-1",
-				}: endpoint{
-					Hostname: "elasticfilesystem-fips.ap-southeast-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-southeast-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-ap-southeast-2",
-				}: endpoint{
-					Hostname: "elasticfilesystem-fips.ap-southeast-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-southeast-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-ap-southeast-3",
-				}: endpoint{
-					Hostname: "elasticfilesystem-fips.ap-southeast-3.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-southeast-3",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-ap-southeast-4",
-				}: endpoint{
-					Hostname: "elasticfilesystem-fips.ap-southeast-4.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-southeast-4",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-ca-central-1",
-				}: endpoint{
-					Hostname: "elasticfilesystem-fips.ca-central-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ca-central-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-eu-central-1",
-				}: endpoint{
-					Hostname: "elasticfilesystem-fips.eu-central-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-central-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-eu-central-2",
-				}: endpoint{
-					Hostname: "elasticfilesystem-fips.eu-central-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-central-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-eu-north-1",
-				}: endpoint{
-					Hostname: "elasticfilesystem-fips.eu-north-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-north-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-eu-south-1",
-				}: endpoint{
-					Hostname: "elasticfilesystem-fips.eu-south-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-south-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-eu-south-2",
-				}: endpoint{
-					Hostname: "elasticfilesystem-fips.eu-south-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-south-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-eu-west-1",
-				}: endpoint{
-					Hostname: "elasticfilesystem-fips.eu-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-eu-west-2",
-				}: endpoint{
-					Hostname: "elasticfilesystem-fips.eu-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-eu-west-3",
-				}: endpoint{
-					Hostname: "elasticfilesystem-fips.eu-west-3.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-west-3",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-me-central-1",
-				}: endpoint{
-					Hostname: "elasticfilesystem-fips.me-central-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "me-central-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-me-south-1",
-				}: endpoint{
-					Hostname: "elasticfilesystem-fips.me-south-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "me-south-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-sa-east-1",
-				}: endpoint{
-					Hostname: "elasticfilesystem-fips.sa-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "sa-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-1",
-				}: endpoint{
-					Hostname: "elasticfilesystem-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-2",
-				}: endpoint{
-					Hostname: "elasticfilesystem-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-1",
-				}: endpoint{
-					Hostname: "elasticfilesystem-fips.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-2",
-				}: endpoint{
-					Hostname: "elasticfilesystem-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "me-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "me-central-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "elasticfilesystem-fips.me-central-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "me-south-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "elasticfilesystem-fips.me-south-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "sa-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "elasticfilesystem-fips.sa-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "elasticfilesystem-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "elasticfilesystem-fips.us-east-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "elasticfilesystem-fips.us-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "elasticfilesystem-fips.us-west-2.amazonaws.com",
-				},
-			},
-		},
-		"elasticloadbalancing": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{
-					Protocols: []string{"https"},
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-4",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "fips-us-east-1",
-				}: endpoint{
-					Hostname: "elasticloadbalancing-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-2",
-				}: endpoint{
-					Hostname: "elasticloadbalancing-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-1",
-				}: endpoint{
-					Hostname: "elasticloadbalancing-fips.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-2",
-				}: endpoint{
-					Hostname: "elasticloadbalancing-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "me-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "elasticloadbalancing-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "elasticloadbalancing-fips.us-east-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "elasticloadbalancing-fips.us-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "elasticloadbalancing-fips.us-west-2.amazonaws.com",
-				},
-			},
-		},
-		"elasticmapreduce": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{
-					SSLCommonName: "{region}.{service}.{dnsSuffix}",
-					Protocols:     []string{"https"},
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-4",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ca-central-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "elasticmapreduce-fips.ca-central-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{
-					SSLCommonName: "{service}.{region}.{dnsSuffix}",
-				},
-				endpointKey{
-					Region: "eu-central-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "fips-ca-central-1",
-				}: endpoint{
-					Hostname: "elasticmapreduce-fips.ca-central-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ca-central-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-1",
-				}: endpoint{
-					Hostname: "elasticmapreduce-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-2",
-				}: endpoint{
-					Hostname: "elasticmapreduce-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-1",
-				}: endpoint{
-					Hostname: "elasticmapreduce-fips.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-2",
-				}: endpoint{
-					Hostname: "elasticmapreduce-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "me-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{
-					SSLCommonName: "{service}.{region}.{dnsSuffix}",
-				},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname:      "elasticmapreduce-fips.us-east-1.amazonaws.com",
-					SSLCommonName: "{service}.{region}.{dnsSuffix}",
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "elasticmapreduce-fips.us-east-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "elasticmapreduce-fips.us-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "elasticmapreduce-fips.us-west-2.amazonaws.com",
-				},
-			},
-		},
-		"elastictranscoder": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-			},
-		},
-		"email": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "fips-us-east-1",
-				}: endpoint{
-					Hostname: "email-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-2",
-				}: endpoint{
-					Hostname: "email-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "email-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "email-fips.us-west-2.amazonaws.com",
-				},
-			},
-		},
-		"emr-containers": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ca-central-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "emr-containers-fips.ca-central-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "fips-ca-central-1",
-				}: endpoint{
-					Hostname: "emr-containers-fips.ca-central-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ca-central-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-1",
-				}: endpoint{
-					Hostname: "emr-containers-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-2",
-				}: endpoint{
-					Hostname: "emr-containers-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-1",
-				}: endpoint{
-					Hostname: "emr-containers-fips.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-2",
-				}: endpoint{
-					Hostname: "emr-containers-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "emr-containers-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "emr-containers-fips.us-east-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "emr-containers-fips.us-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "emr-containers-fips.us-west-2.amazonaws.com",
-				},
-			},
-		},
-		"emr-serverless": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ca-central-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "emr-serverless-fips.ca-central-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "fips-ca-central-1",
-				}: endpoint{
-					Hostname: "emr-serverless-fips.ca-central-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ca-central-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-1",
-				}: endpoint{
-					Hostname: "emr-serverless-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-2",
-				}: endpoint{
-					Hostname: "emr-serverless-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-1",
-				}: endpoint{
-					Hostname: "emr-serverless-fips.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-2",
-				}: endpoint{
-					Hostname: "emr-serverless-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "emr-serverless-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "emr-serverless-fips.us-east-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "emr-serverless-fips.us-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "emr-serverless-fips.us-west-2.amazonaws.com",
-				},
-			},
-		},
-		"entitlement.marketplace": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{
-					CredentialScope: credentialScope{
-						Service: "aws-marketplace",
-					},
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-			},
-		},
-		"es": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-4",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "fips",
-				}: endpoint{
-					Hostname: "es-fips.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "me-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "es-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-1-fips",
-				}: endpoint{
-					Hostname: "es-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "es-fips.us-east-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-2-fips",
-				}: endpoint{
-					Hostname: "es-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "es-fips.us-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-1-fips",
-				}: endpoint{
-					Hostname: "es-fips.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "es-fips.us-west-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2-fips",
-				}: endpoint{
-					Hostname: "es-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-			},
-		},
-		"events": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-4",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "fips-us-east-1",
-				}: endpoint{
-					Hostname: "events-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-2",
-				}: endpoint{
-					Hostname: "events-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-1",
-				}: endpoint{
-					Hostname: "events-fips.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-2",
-				}: endpoint{
-					Hostname: "events-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "me-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "events-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "events-fips.us-east-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "events-fips.us-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "events-fips.us-west-2.amazonaws.com",
-				},
-			},
-		},
-		"evidently": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{
-					Hostname: "evidently.ap-northeast-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{
-					Hostname: "evidently.ap-southeast-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{
-					Hostname: "evidently.ap-southeast-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{
-					Hostname: "evidently.eu-central-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{
-					Hostname: "evidently.eu-north-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{
-					Hostname: "evidently.eu-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{
-					Hostname: "evidently.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{
-					Hostname: "evidently.us-east-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{
-					Hostname: "evidently.us-west-2.amazonaws.com",
-				},
-			},
-		},
-		"finspace": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-			},
-		},
-		"finspace-api": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-			},
-		},
-		"firehose": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-4",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "fips-us-east-1",
-				}: endpoint{
-					Hostname: "firehose-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-2",
-				}: endpoint{
-					Hostname: "firehose-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-1",
-				}: endpoint{
-					Hostname: "firehose-fips.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-2",
-				}: endpoint{
-					Hostname: "firehose-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "me-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "firehose-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "firehose-fips.us-east-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "firehose-fips.us-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "firehose-fips.us-west-2.amazonaws.com",
-				},
-			},
-		},
-		"fms": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{
-					Protocols: []string{"https"},
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "af-south-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "fms-fips.af-south-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ap-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "fms-fips.ap-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ap-northeast-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "fms-fips.ap-northeast-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ap-northeast-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "fms-fips.ap-northeast-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ap-south-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "fms-fips.ap-south-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "ap-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ap-southeast-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "fms-fips.ap-southeast-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ap-southeast-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "fms-fips.ap-southeast-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "ap-southeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-4",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ca-central-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "fms-fips.ca-central-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "eu-central-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "fms-fips.eu-central-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "eu-central-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "eu-south-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "fms-fips.eu-south-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "eu-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "eu-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "fms-fips.eu-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "eu-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "fms-fips.eu-west-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region:  "eu-west-3",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "fms-fips.eu-west-3.amazonaws.com",
-				},
-				endpointKey{
-					Region: "fips-af-south-1",
-				}: endpoint{
-					Hostname: "fms-fips.af-south-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "af-south-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-ap-east-1",
-				}: endpoint{
-					Hostname: "fms-fips.ap-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-ap-northeast-1",
-				}: endpoint{
-					Hostname: "fms-fips.ap-northeast-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-northeast-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-ap-northeast-2",
-				}: endpoint{
-					Hostname: "fms-fips.ap-northeast-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-northeast-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-ap-south-1",
-				}: endpoint{
-					Hostname: "fms-fips.ap-south-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-south-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-ap-southeast-1",
-				}: endpoint{
-					Hostname: "fms-fips.ap-southeast-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-southeast-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-ap-southeast-2",
-				}: endpoint{
-					Hostname: "fms-fips.ap-southeast-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-southeast-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-ca-central-1",
-				}: endpoint{
-					Hostname: "fms-fips.ca-central-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ca-central-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-eu-central-1",
-				}: endpoint{
-					Hostname: "fms-fips.eu-central-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-central-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-eu-south-1",
-				}: endpoint{
-					Hostname: "fms-fips.eu-south-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-south-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-eu-west-1",
-				}: endpoint{
-					Hostname: "fms-fips.eu-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-eu-west-2",
-				}: endpoint{
-					Hostname: "fms-fips.eu-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-eu-west-3",
-				}: endpoint{
-					Hostname: "fms-fips.eu-west-3.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-west-3",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-me-south-1",
-				}: endpoint{
-					Hostname: "fms-fips.me-south-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "me-south-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-sa-east-1",
-				}: endpoint{
-					Hostname: "fms-fips.sa-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "sa-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-1",
-				}: endpoint{
-					Hostname: "fms-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-2",
-				}: endpoint{
-					Hostname: "fms-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-1",
-				}: endpoint{
-					Hostname: "fms-fips.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-2",
-				}: endpoint{
-					Hostname: "fms-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "me-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "me-south-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "fms-fips.me-south-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "sa-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "fms-fips.sa-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "fms-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "fms-fips.us-east-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "fms-fips.us-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "fms-fips.us-west-2.amazonaws.com",
-				},
-			},
-		},
-		"forecast": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "fips-us-east-1",
-				}: endpoint{
-					Hostname: "forecast-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-2",
-				}: endpoint{
-					Hostname: "forecast-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-2",
-				}: endpoint{
-					Hostname: "forecast-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "forecast-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "forecast-fips.us-east-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "forecast-fips.us-west-2.amazonaws.com",
-				},
-			},
-		},
-		"forecastquery": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "fips-us-east-1",
-				}: endpoint{
-					Hostname: "forecastquery-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-2",
-				}: endpoint{
-					Hostname: "forecastquery-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-2",
-				}: endpoint{
-					Hostname: "forecastquery-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "forecastquery-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "forecastquery-fips.us-east-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "forecastquery-fips.us-west-2.amazonaws.com",
-				},
-			},
-		},
-		"frauddetector": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-			},
-		},
-		"fsx": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-4",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ca-central-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "fsx-fips.ca-central-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "fips-ca-central-1",
-				}: endpoint{
-					Hostname: "fsx-fips.ca-central-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ca-central-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-prod-ca-central-1",
-				}: endpoint{
-					Hostname: "fsx-fips.ca-central-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ca-central-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-prod-us-east-1",
-				}: endpoint{
-					Hostname: "fsx-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-prod-us-east-2",
-				}: endpoint{
-					Hostname: "fsx-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-prod-us-west-1",
-				}: endpoint{
-					Hostname: "fsx-fips.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-prod-us-west-2",
-				}: endpoint{
-					Hostname: "fsx-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-1",
-				}: endpoint{
-					Hostname: "fsx-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-2",
-				}: endpoint{
-					Hostname: "fsx-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-1",
-				}: endpoint{
-					Hostname: "fsx-fips.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-2",
-				}: endpoint{
-					Hostname: "fsx-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "me-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "prod-ca-central-1",
-				}: endpoint{
-					CredentialScope: credentialScope{
-						Region: "ca-central-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region:  "prod-ca-central-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "fsx-fips.ca-central-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ca-central-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "prod-us-east-1",
-				}: endpoint{
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region:  "prod-us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "fsx-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "prod-us-east-2",
-				}: endpoint{
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region:  "prod-us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "fsx-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "prod-us-west-1",
-				}: endpoint{
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region:  "prod-us-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "fsx-fips.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "prod-us-west-2",
-				}: endpoint{
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region:  "prod-us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "fsx-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "fsx-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "fsx-fips.us-east-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "fsx-fips.us-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "fsx-fips.us-west-2.amazonaws.com",
-				},
-			},
-		},
-		"gamelift": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-			},
-		},
-		"gamesparks": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-			},
-		},
-		"geo": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-			},
-		},
-		"glacier": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{
-					Protocols: []string{"http", "https"},
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ca-central-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "glacier-fips.ca-central-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "fips-ca-central-1",
-				}: endpoint{
-					Hostname: "glacier-fips.ca-central-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ca-central-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-1",
-				}: endpoint{
-					Hostname: "glacier-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-2",
-				}: endpoint{
-					Hostname: "glacier-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-1",
-				}: endpoint{
-					Hostname: "glacier-fips.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-2",
-				}: endpoint{
-					Hostname: "glacier-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "glacier-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "glacier-fips.us-east-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "glacier-fips.us-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "glacier-fips.us-west-2.amazonaws.com",
-				},
-			},
-		},
-		"glue": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "fips-us-east-1",
-				}: endpoint{
-					Hostname: "glue-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-2",
-				}: endpoint{
-					Hostname: "glue-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-1",
-				}: endpoint{
-					Hostname: "glue-fips.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-2",
-				}: endpoint{
-					Hostname: "glue-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "me-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "glue-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "glue-fips.us-east-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "glue-fips.us-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "glue-fips.us-west-2.amazonaws.com",
-				},
-			},
-		},
-		"grafana": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{
-					Hostname: "grafana.ap-northeast-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-northeast-1",
-					},
-				},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{
-					Hostname: "grafana.ap-northeast-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-northeast-2",
-					},
-				},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{
-					Hostname: "grafana.ap-southeast-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-southeast-1",
-					},
-				},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{
-					Hostname: "grafana.ap-southeast-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-southeast-2",
-					},
-				},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{
-					Hostname: "grafana.eu-central-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-central-1",
-					},
-				},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{
-					Hostname: "grafana.eu-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-west-1",
-					},
-				},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{
-					Hostname: "grafana.eu-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-west-2",
-					},
-				},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{
-					Hostname: "grafana.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{
-					Hostname: "grafana.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{
-					Hostname: "grafana.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-				},
-			},
-		},
-		"greengrass": service{
-			IsRegionalized: boxedTrue,
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{
-					Protocols: []string{"https"},
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ca-central-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "greengrass-fips.ca-central-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "fips-ca-central-1",
-				}: endpoint{
-					Hostname: "greengrass-fips.ca-central-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ca-central-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-1",
-				}: endpoint{
-					Hostname: "greengrass-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-2",
-				}: endpoint{
-					Hostname: "greengrass-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-2",
-				}: endpoint{
-					Hostname: "greengrass-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "greengrass-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "greengrass-fips.us-east-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "greengrass-fips.us-west-2.amazonaws.com",
-				},
-			},
-		},
-		"groundstation": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "fips-us-east-1",
-				}: endpoint{
-					Hostname: "groundstation-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-2",
-				}: endpoint{
-					Hostname: "groundstation-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-2",
-				}: endpoint{
-					Hostname: "groundstation-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "groundstation-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "groundstation-fips.us-east-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "groundstation-fips.us-west-2.amazonaws.com",
-				},
-			},
-		},
-		"guardduty": service{
-			IsRegionalized: boxedTrue,
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{
-					Protocols: []string{"https"},
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-4",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "guardduty-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-1-fips",
-				}: endpoint{
-					Hostname: "guardduty-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "guardduty-fips.us-east-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-2-fips",
-				}: endpoint{
-					Hostname: "guardduty-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "guardduty-fips.us-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-1-fips",
-				}: endpoint{
-					Hostname: "guardduty-fips.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "guardduty-fips.us-west-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2-fips",
-				}: endpoint{
-					Hostname: "guardduty-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-			},
-		},
-		"health": service{
-			PartitionEndpoint: "aws-global",
-			IsRegionalized:    boxedFalse,
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{
-					SSLCommonName: "health.us-east-1.amazonaws.com",
-					Protocols:     []string{"https"},
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "aws-global",
-				}: endpoint{
-					Hostname: "global.health.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-				},
-				endpointKey{
-					Region: "fips-us-east-2",
-				}: endpoint{
-					Hostname: "health-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "health-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-			},
-		},
-		"healthlake": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{
-					Protocols: []string{"https"},
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-			},
-		},
-		"honeycode": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-			},
-		},
-		"iam": service{
-			PartitionEndpoint: "aws-global",
-			IsRegionalized:    boxedFalse,
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "aws-global",
-				}: endpoint{
-					Hostname: "iam.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-				},
-				endpointKey{
-					Region:  "aws-global",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "iam-fips.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-				},
-				endpointKey{
-					Region: "aws-global-fips",
-				}: endpoint{
-					Hostname: "iam-fips.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "iam",
-				}: endpoint{
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region:  "iam",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "iam-fips.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "iam-fips",
-				}: endpoint{
-					Hostname: "iam-fips.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-			},
-		},
-		"identity-chime": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "identity-chime-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-1-fips",
-				}: endpoint{
-					Hostname: "identity-chime-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-			},
-		},
-		"identitystore": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-			},
-		},
-		"importexport": service{
-			PartitionEndpoint: "aws-global",
-			IsRegionalized:    boxedFalse,
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "aws-global",
-				}: endpoint{
-					Hostname:          "importexport.amazonaws.com",
-					SignatureVersions: []string{"v2", "v4"},
-					CredentialScope: credentialScope{
-						Region:  "us-east-1",
-						Service: "IngestionService",
-					},
-				},
-			},
-		},
-		"ingest.timestream": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ingest-fips-us-east-1",
-				}: endpoint{
-					Hostname: "ingest.timestream-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "ingest-fips-us-east-2",
-				}: endpoint{
-					Hostname: "ingest.timestream-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "ingest-fips-us-west-2",
-				}: endpoint{
-					Hostname: "ingest.timestream-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "ingest-us-east-1",
-				}: endpoint{
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region:  "ingest-us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "ingest.timestream-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "ingest-us-east-2",
-				}: endpoint{
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region:  "ingest-us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "ingest.timestream-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "ingest-us-west-2",
-				}: endpoint{
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region:  "ingest-us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "ingest.timestream-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-			},
-		},
-		"inspector": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "fips-us-east-1",
-				}: endpoint{
-					Hostname: "inspector-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-2",
-				}: endpoint{
-					Hostname: "inspector-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-1",
-				}: endpoint{
-					Hostname: "inspector-fips.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-2",
-				}: endpoint{
-					Hostname: "inspector-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "inspector-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "inspector-fips.us-east-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "inspector-fips.us-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "inspector-fips.us-west-2.amazonaws.com",
-				},
-			},
-		},
-		"inspector2": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-			},
-		},
-		"internetmonitor": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{
-					DNSSuffix: "api.aws",
-				},
-				defaultKey{
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname:  "{service}-fips.{region}.{dnsSuffix}",
-					DNSSuffix: "api.aws",
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{
-					Hostname: "internetmonitor.af-south-1.api.aws",
-				},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{
-					Hostname: "internetmonitor.ap-east-1.api.aws",
-				},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{
-					Hostname: "internetmonitor.ap-northeast-1.api.aws",
-				},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{
-					Hostname: "internetmonitor.ap-northeast-2.api.aws",
-				},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{
-					Hostname: "internetmonitor.ap-south-1.api.aws",
-				},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{
-					Hostname: "internetmonitor.ap-southeast-1.api.aws",
-				},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{
-					Hostname: "internetmonitor.ap-southeast-2.api.aws",
-				},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{
-					Hostname: "internetmonitor.ca-central-1.api.aws",
-				},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{
-					Hostname: "internetmonitor.eu-central-1.api.aws",
-				},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{
-					Hostname: "internetmonitor.eu-north-1.api.aws",
-				},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{
-					Hostname: "internetmonitor.eu-south-1.api.aws",
-				},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{
-					Hostname: "internetmonitor.eu-west-1.api.aws",
-				},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{
-					Hostname: "internetmonitor.eu-west-2.api.aws",
-				},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{
-					Hostname: "internetmonitor.eu-west-3.api.aws",
-				},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{
-					Hostname: "internetmonitor.me-south-1.api.aws",
-				},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{
-					Hostname: "internetmonitor.sa-east-1.api.aws",
-				},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{
-					Hostname: "internetmonitor.us-east-1.api.aws",
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{
-					Hostname: "internetmonitor.us-east-2.api.aws",
-				},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{
-					Hostname: "internetmonitor.us-west-1.api.aws",
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{
-					Hostname: "internetmonitor.us-west-2.api.aws",
-				},
-			},
-		},
-		"iot": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ca-central-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "iot-fips.ca-central-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "fips-ca-central-1",
-				}: endpoint{
-					Hostname: "iot-fips.ca-central-1.amazonaws.com",
-
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-1",
-				}: endpoint{
-					Hostname: "iot-fips.us-east-1.amazonaws.com",
-
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-2",
-				}: endpoint{
-					Hostname: "iot-fips.us-east-2.amazonaws.com",
-
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-1",
-				}: endpoint{
-					Hostname: "iot-fips.us-west-1.amazonaws.com",
-
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-2",
-				}: endpoint{
-					Hostname: "iot-fips.us-west-2.amazonaws.com",
-
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "me-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "iot-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "iot-fips.us-east-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "iot-fips.us-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "iot-fips.us-west-2.amazonaws.com",
-				},
-			},
-		},
-		"iotanalytics": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-			},
-		},
-		"iotevents": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ca-central-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "iotevents-fips.ca-central-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "fips-ca-central-1",
-				}: endpoint{
-					Hostname: "iotevents-fips.ca-central-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ca-central-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-1",
-				}: endpoint{
-					Hostname: "iotevents-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-2",
-				}: endpoint{
-					Hostname: "iotevents-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-2",
-				}: endpoint{
-					Hostname: "iotevents-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "iotevents-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "iotevents-fips.us-east-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "iotevents-fips.us-west-2.amazonaws.com",
-				},
-			},
-		},
-		"ioteventsdata": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{
-					Hostname: "data.iotevents.ap-northeast-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-northeast-1",
-					},
-				},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{
-					Hostname: "data.iotevents.ap-northeast-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-northeast-2",
-					},
-				},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{
-					Hostname: "data.iotevents.ap-south-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-south-1",
-					},
-				},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{
-					Hostname: "data.iotevents.ap-southeast-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-southeast-1",
-					},
-				},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{
-					Hostname: "data.iotevents.ap-southeast-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-southeast-2",
-					},
-				},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{
-					Hostname: "data.iotevents.ca-central-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ca-central-1",
-					},
-				},
-				endpointKey{
-					Region:  "ca-central-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "data.iotevents-fips.ca-central-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ca-central-1",
-					},
-				},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{
-					Hostname: "data.iotevents.eu-central-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-central-1",
-					},
-				},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{
-					Hostname: "data.iotevents.eu-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-west-1",
-					},
-				},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{
-					Hostname: "data.iotevents.eu-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-west-2",
-					},
-				},
-				endpointKey{
-					Region: "fips-ca-central-1",
-				}: endpoint{
-					Hostname: "data.iotevents-fips.ca-central-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ca-central-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-1",
-				}: endpoint{
-					Hostname: "data.iotevents-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-2",
-				}: endpoint{
-					Hostname: "data.iotevents-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-2",
-				}: endpoint{
-					Hostname: "data.iotevents-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{
-					Hostname: "data.iotevents.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-				},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "data.iotevents-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{
-					Hostname: "data.iotevents.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-				},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "data.iotevents-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{
-					Hostname: "data.iotevents.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-				},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "data.iotevents-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-				},
-			},
-		},
-		"iotfleetwise": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-			},
-		},
-		"iotroborunner": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-			},
-		},
-		"iotsecuredtunneling": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{},
-				defaultKey{
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "api.tunneling.iot-fips.{region}.{dnsSuffix}",
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ca-central-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "api.tunneling.iot-fips.ca-central-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "fips-ca-central-1",
-				}: endpoint{
-					Hostname: "api.tunneling.iot-fips.ca-central-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ca-central-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-1",
-				}: endpoint{
-					Hostname: "api.tunneling.iot-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-2",
-				}: endpoint{
-					Hostname: "api.tunneling.iot-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-1",
-				}: endpoint{
-					Hostname: "api.tunneling.iot-fips.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-2",
-				}: endpoint{
-					Hostname: "api.tunneling.iot-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "api.tunneling.iot-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "api.tunneling.iot-fips.us-east-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "api.tunneling.iot-fips.us-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "api.tunneling.iot-fips.us-west-2.amazonaws.com",
-				},
-			},
-		},
-		"iotsitewise": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ca-central-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "iotsitewise-fips.ca-central-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "fips-ca-central-1",
-				}: endpoint{
-					Hostname: "iotsitewise-fips.ca-central-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ca-central-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-1",
-				}: endpoint{
-					Hostname: "iotsitewise-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-2",
-				}: endpoint{
-					Hostname: "iotsitewise-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-2",
-				}: endpoint{
-					Hostname: "iotsitewise-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "iotsitewise-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "iotsitewise-fips.us-east-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "iotsitewise-fips.us-west-2.amazonaws.com",
-				},
-			},
-		},
-		"iotthingsgraph": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{
-					CredentialScope: credentialScope{
-						Service: "iotthingsgraph",
-					},
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-			},
-		},
-		"iottwinmaker": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "fips-us-east-1",
-				}: endpoint{
-					Hostname: "iottwinmaker-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-2",
-				}: endpoint{
-					Hostname: "iottwinmaker-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "iottwinmaker-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "iottwinmaker-fips.us-west-2.amazonaws.com",
-				},
-			},
-		},
-		"iotwireless": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{
-					Hostname: "api.iotwireless.ap-northeast-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-northeast-1",
-					},
-				},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{
-					Hostname: "api.iotwireless.ap-southeast-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-southeast-2",
-					},
-				},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{
-					Hostname: "api.iotwireless.eu-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-west-1",
-					},
-				},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{
-					Hostname: "api.iotwireless.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{
-					Hostname: "api.iotwireless.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-				},
-			},
-		},
-		"ivs": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-			},
-		},
-		"ivschat": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-			},
-		},
-		"ivsrealtime": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-			},
-		},
-		"kafka": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-4",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ca-central-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "kafka-fips.ca-central-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "fips-ca-central-1",
-				}: endpoint{
-					Hostname: "kafka-fips.ca-central-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ca-central-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-1",
-				}: endpoint{
-					Hostname: "kafka-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-2",
-				}: endpoint{
-					Hostname: "kafka-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-1",
-				}: endpoint{
-					Hostname: "kafka-fips.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-2",
-				}: endpoint{
-					Hostname: "kafka-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "me-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "kafka-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "kafka-fips.us-east-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "kafka-fips.us-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "kafka-fips.us-west-2.amazonaws.com",
-				},
-			},
-		},
-		"kafkaconnect": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-			},
-		},
-		"kendra": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "fips-us-east-1",
-				}: endpoint{
-					Hostname: "kendra-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-2",
-				}: endpoint{
-					Hostname: "kendra-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-2",
-				}: endpoint{
-					Hostname: "kendra-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "kendra-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "kendra-fips.us-east-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "kendra-fips.us-west-2.amazonaws.com",
-				},
-			},
-		},
-		"kendra-ranking": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{
-					DNSSuffix: "api.aws",
-				},
-				defaultKey{
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname:  "{service}-fips.{region}.{dnsSuffix}",
-					DNSSuffix: "api.aws",
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{
-					Hostname: "kendra-ranking.af-south-1.api.aws",
-				},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{
-					Hostname: "kendra-ranking.ap-east-1.api.aws",
-				},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{
-					Hostname: "kendra-ranking.ap-northeast-1.api.aws",
-				},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{
-					Hostname: "kendra-ranking.ap-northeast-2.api.aws",
-				},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{
-					Hostname: "kendra-ranking.ap-northeast-3.api.aws",
-				},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{
-					Hostname: "kendra-ranking.ap-south-1.api.aws",
-				},
-				endpointKey{
-					Region: "ap-south-2",
-				}: endpoint{
-					Hostname: "kendra-ranking.ap-south-2.api.aws",
-				},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{
-					Hostname: "kendra-ranking.ap-southeast-1.api.aws",
-				},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{
-					Hostname: "kendra-ranking.ap-southeast-2.api.aws",
-				},
-				endpointKey{
-					Region: "ap-southeast-3",
-				}: endpoint{
-					Hostname: "kendra-ranking.ap-southeast-3.api.aws",
-				},
-				endpointKey{
-					Region: "ap-southeast-4",
-				}: endpoint{
-					Hostname: "kendra-ranking.ap-southeast-4.api.aws",
-				},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{
-					Hostname: "kendra-ranking.ca-central-1.api.aws",
-				},
-				endpointKey{
-					Region:  "ca-central-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "kendra-ranking-fips.ca-central-1.api.aws",
-				},
-				endpointKey{
-					Region: "eu-central-2",
-				}: endpoint{
-					Hostname: "kendra-ranking.eu-central-2.api.aws",
-				},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{
-					Hostname: "kendra-ranking.eu-north-1.api.aws",
-				},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{
-					Hostname: "kendra-ranking.eu-south-1.api.aws",
-				},
-				endpointKey{
-					Region: "eu-south-2",
-				}: endpoint{
-					Hostname: "kendra-ranking.eu-south-2.api.aws",
-				},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{
-					Hostname: "kendra-ranking.eu-west-1.api.aws",
-				},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{
-					Hostname: "kendra-ranking.eu-west-3.api.aws",
-				},
-				endpointKey{
-					Region: "me-central-1",
-				}: endpoint{
-					Hostname: "kendra-ranking.me-central-1.api.aws",
-				},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{
-					Hostname: "kendra-ranking.me-south-1.api.aws",
-				},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{
-					Hostname: "kendra-ranking.sa-east-1.api.aws",
-				},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{
-					Hostname: "kendra-ranking.us-east-1.api.aws",
-				},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "kendra-ranking-fips.us-east-1.api.aws",
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{
-					Hostname: "kendra-ranking.us-east-2.api.aws",
-				},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "kendra-ranking-fips.us-east-2.api.aws",
-				},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{
-					Hostname: "kendra-ranking.us-west-1.api.aws",
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{
-					Hostname: "kendra-ranking.us-west-2.api.aws",
-				},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "kendra-ranking-fips.us-west-2.api.aws",
-				},
-			},
-		},
-		"kinesis": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-4",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "fips-us-east-1",
-				}: endpoint{
-					Hostname: "kinesis-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-2",
-				}: endpoint{
-					Hostname: "kinesis-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-1",
-				}: endpoint{
-					Hostname: "kinesis-fips.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-2",
-				}: endpoint{
-					Hostname: "kinesis-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "me-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "kinesis-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "kinesis-fips.us-east-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "kinesis-fips.us-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "kinesis-fips.us-west-2.amazonaws.com",
-				},
-			},
-		},
-		"kinesisanalytics": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-4",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-			},
-		},
-		"kinesisvideo": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-			},
-		},
-		"kms": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ProdFips",
-				}: endpoint{
-					Hostname: "kms-fips.eu-central-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-central-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "af-south-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "kms-fips.af-south-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "af-south-1-fips",
-				}: endpoint{
-					Hostname: "kms-fips.af-south-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "af-south-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ap-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "kms-fips.ap-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "ap-east-1-fips",
-				}: endpoint{
-					Hostname: "kms-fips.ap-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ap-northeast-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "kms-fips.ap-northeast-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "ap-northeast-1-fips",
-				}: endpoint{
-					Hostname: "kms-fips.ap-northeast-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-northeast-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ap-northeast-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "kms-fips.ap-northeast-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "ap-northeast-2-fips",
-				}: endpoint{
-					Hostname: "kms-fips.ap-northeast-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-northeast-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ap-northeast-3",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "kms-fips.ap-northeast-3.amazonaws.com",
-				},
-				endpointKey{
-					Region: "ap-northeast-3-fips",
-				}: endpoint{
-					Hostname: "kms-fips.ap-northeast-3.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-northeast-3",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ap-south-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "kms-fips.ap-south-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "ap-south-1-fips",
-				}: endpoint{
-					Hostname: "kms-fips.ap-south-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-south-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "ap-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ap-south-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "kms-fips.ap-south-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "ap-south-2-fips",
-				}: endpoint{
-					Hostname: "kms-fips.ap-south-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-south-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ap-southeast-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "kms-fips.ap-southeast-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "ap-southeast-1-fips",
-				}: endpoint{
-					Hostname: "kms-fips.ap-southeast-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-southeast-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ap-southeast-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "kms-fips.ap-southeast-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "ap-southeast-2-fips",
-				}: endpoint{
-					Hostname: "kms-fips.ap-southeast-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-southeast-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "ap-southeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ap-southeast-3",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "kms-fips.ap-southeast-3.amazonaws.com",
-				},
-				endpointKey{
-					Region: "ap-southeast-3-fips",
-				}: endpoint{
-					Hostname: "kms-fips.ap-southeast-3.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-southeast-3",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "ap-southeast-4",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ap-southeast-4",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "kms-fips.ap-southeast-4.amazonaws.com",
-				},
-				endpointKey{
-					Region: "ap-southeast-4-fips",
-				}: endpoint{
-					Hostname: "kms-fips.ap-southeast-4.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-southeast-4",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ca-central-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "kms-fips.ca-central-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "ca-central-1-fips",
-				}: endpoint{
-					Hostname: "kms-fips.ca-central-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ca-central-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "eu-central-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "kms-fips.eu-central-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "eu-central-1-fips",
-				}: endpoint{
-					Hostname: "kms-fips.eu-central-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-central-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "eu-central-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "eu-central-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "kms-fips.eu-central-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "eu-central-2-fips",
-				}: endpoint{
-					Hostname: "kms-fips.eu-central-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-central-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "eu-north-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "kms-fips.eu-north-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "eu-north-1-fips",
-				}: endpoint{
-					Hostname: "kms-fips.eu-north-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-north-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "eu-south-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "kms-fips.eu-south-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "eu-south-1-fips",
-				}: endpoint{
-					Hostname: "kms-fips.eu-south-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-south-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "eu-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "eu-south-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "kms-fips.eu-south-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "eu-south-2-fips",
-				}: endpoint{
-					Hostname: "kms-fips.eu-south-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-south-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "eu-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "kms-fips.eu-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "eu-west-1-fips",
-				}: endpoint{
-					Hostname: "kms-fips.eu-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "eu-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "kms-fips.eu-west-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "eu-west-2-fips",
-				}: endpoint{
-					Hostname: "kms-fips.eu-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region:  "eu-west-3",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "kms-fips.eu-west-3.amazonaws.com",
-				},
-				endpointKey{
-					Region: "eu-west-3-fips",
-				}: endpoint{
-					Hostname: "kms-fips.eu-west-3.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-west-3",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "il-central-1-fips",
-				}: endpoint{
-					Hostname: "kms-fips.il-central-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "il-central-1",
-					},
-				},
-				endpointKey{
-					Region: "me-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "me-central-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "kms-fips.me-central-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "me-central-1-fips",
-				}: endpoint{
-					Hostname: "kms-fips.me-central-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "me-central-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "me-south-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "kms-fips.me-south-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "me-south-1-fips",
-				}: endpoint{
-					Hostname: "kms-fips.me-south-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "me-south-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "sa-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "kms-fips.sa-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "sa-east-1-fips",
-				}: endpoint{
-					Hostname: "kms-fips.sa-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "sa-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "kms-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-1-fips",
-				}: endpoint{
-					Hostname: "kms-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "kms-fips.us-east-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-2-fips",
-				}: endpoint{
-					Hostname: "kms-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "kms-fips.us-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-1-fips",
-				}: endpoint{
-					Hostname: "kms-fips.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "kms-fips.us-west-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2-fips",
-				}: endpoint{
-					Hostname: "kms-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-			},
-		},
-		"lakeformation": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "fips-us-east-1",
-				}: endpoint{
-					Hostname: "lakeformation-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-2",
-				}: endpoint{
-					Hostname: "lakeformation-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-1",
-				}: endpoint{
-					Hostname: "lakeformation-fips.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-2",
-				}: endpoint{
-					Hostname: "lakeformation-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "me-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "lakeformation-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "lakeformation-fips.us-east-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "lakeformation-fips.us-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "lakeformation-fips.us-west-2.amazonaws.com",
-				},
-			},
-		},
-		"lambda": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "af-south-1",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "lambda.af-south-1.api.aws",
-				},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ap-east-1",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "lambda.ap-east-1.api.aws",
-				},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ap-northeast-1",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "lambda.ap-northeast-1.api.aws",
-				},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ap-northeast-2",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "lambda.ap-northeast-2.api.aws",
-				},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ap-northeast-3",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "lambda.ap-northeast-3.api.aws",
-				},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ap-south-1",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "lambda.ap-south-1.api.aws",
-				},
-				endpointKey{
-					Region: "ap-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ap-south-2",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "lambda.ap-south-2.api.aws",
-				},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ap-southeast-1",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "lambda.ap-southeast-1.api.aws",
-				},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ap-southeast-2",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "lambda.ap-southeast-2.api.aws",
-				},
-				endpointKey{
-					Region: "ap-southeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ap-southeast-3",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "lambda.ap-southeast-3.api.aws",
-				},
-				endpointKey{
-					Region: "ap-southeast-4",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ap-southeast-4",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "lambda.ap-southeast-4.api.aws",
-				},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ca-central-1",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "lambda.ca-central-1.api.aws",
-				},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "eu-central-1",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "lambda.eu-central-1.api.aws",
-				},
-				endpointKey{
-					Region: "eu-central-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "eu-central-2",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "lambda.eu-central-2.api.aws",
-				},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "eu-north-1",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "lambda.eu-north-1.api.aws",
-				},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "eu-south-1",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "lambda.eu-south-1.api.aws",
-				},
-				endpointKey{
-					Region: "eu-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "eu-south-2",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "lambda.eu-south-2.api.aws",
-				},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "eu-west-1",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "lambda.eu-west-1.api.aws",
-				},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "eu-west-2",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "lambda.eu-west-2.api.aws",
-				},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region:  "eu-west-3",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "lambda.eu-west-3.api.aws",
-				},
-				endpointKey{
-					Region: "fips-us-east-1",
-				}: endpoint{
-					Hostname: "lambda-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-2",
-				}: endpoint{
-					Hostname: "lambda-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-1",
-				}: endpoint{
-					Hostname: "lambda-fips.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-2",
-				}: endpoint{
-					Hostname: "lambda-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "me-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "me-central-1",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "lambda.me-central-1.api.aws",
-				},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "me-south-1",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "lambda.me-south-1.api.aws",
-				},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "sa-east-1",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "lambda.sa-east-1.api.aws",
-				},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "lambda.us-east-1.api.aws",
-				},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "lambda-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "lambda.us-east-2.api.aws",
-				},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "lambda-fips.us-east-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-1",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "lambda.us-west-1.api.aws",
-				},
-				endpointKey{
-					Region:  "us-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "lambda-fips.us-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "lambda.us-west-2.api.aws",
-				},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "lambda-fips.us-west-2.amazonaws.com",
-				},
-			},
-		},
-		"license-manager": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "fips-us-east-1",
-				}: endpoint{
-					Hostname: "license-manager-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-2",
-				}: endpoint{
-					Hostname: "license-manager-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-1",
-				}: endpoint{
-					Hostname: "license-manager-fips.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-2",
-				}: endpoint{
-					Hostname: "license-manager-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "license-manager-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "license-manager-fips.us-east-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "license-manager-fips.us-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "license-manager-fips.us-west-2.amazonaws.com",
-				},
-			},
-		},
-		"license-manager-linux-subscriptions": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-4",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "fips-us-east-1",
-				}: endpoint{
-					Hostname: "license-manager-linux-subscriptions-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-2",
-				}: endpoint{
-					Hostname: "license-manager-linux-subscriptions-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-1",
-				}: endpoint{
-					Hostname: "license-manager-linux-subscriptions-fips.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-2",
-				}: endpoint{
-					Hostname: "license-manager-linux-subscriptions-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "me-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "license-manager-linux-subscriptions-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "license-manager-linux-subscriptions-fips.us-east-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "license-manager-linux-subscriptions-fips.us-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "license-manager-linux-subscriptions-fips.us-west-2.amazonaws.com",
-				},
-			},
-		},
-		"license-manager-user-subscriptions": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "fips-us-east-1",
-				}: endpoint{
-					Hostname: "license-manager-user-subscriptions-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-2",
-				}: endpoint{
-					Hostname: "license-manager-user-subscriptions-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-1",
-				}: endpoint{
-					Hostname: "license-manager-user-subscriptions-fips.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-2",
-				}: endpoint{
-					Hostname: "license-manager-user-subscriptions-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "license-manager-user-subscriptions-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "license-manager-user-subscriptions-fips.us-east-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "license-manager-user-subscriptions-fips.us-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "license-manager-user-subscriptions-fips.us-west-2.amazonaws.com",
-				},
-			},
-		},
-		"lightsail": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-			},
-		},
-		"logs": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-4",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "fips-us-east-1",
-				}: endpoint{
-					Hostname: "logs-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-2",
-				}: endpoint{
-					Hostname: "logs-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-1",
-				}: endpoint{
-					Hostname: "logs-fips.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-2",
-				}: endpoint{
-					Hostname: "logs-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "me-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "logs-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "logs-fips.us-east-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "logs-fips.us-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "logs-fips.us-west-2.amazonaws.com",
-				},
-			},
-		},
-		"lookoutequipment": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-			},
-		},
-		"lookoutmetrics": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-			},
-		},
-		"lookoutvision": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-			},
-		},
-		"m2": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ca-central-1",
-					Variant: fipsVariant,
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "fips-ca-central-1",
-				}: endpoint{
-
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-1",
-				}: endpoint{
-
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-2",
-				}: endpoint{
-
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-1",
-				}: endpoint{
-
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-2",
-				}: endpoint{
-
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-1",
-					Variant: fipsVariant,
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{},
-			},
-		},
-		"machinelearning": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-			},
-		},
-		"macie": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "fips-us-east-1",
-				}: endpoint{
-					Hostname: "macie-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-2",
-				}: endpoint{
-					Hostname: "macie-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "macie-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "macie-fips.us-west-2.amazonaws.com",
-				},
-			},
-		},
-		"macie2": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "fips-us-east-1",
-				}: endpoint{
-					Hostname: "macie2-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-2",
-				}: endpoint{
-					Hostname: "macie2-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-1",
-				}: endpoint{
-					Hostname: "macie2-fips.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-2",
-				}: endpoint{
-					Hostname: "macie2-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "macie2-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "macie2-fips.us-east-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "macie2-fips.us-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "macie2-fips.us-west-2.amazonaws.com",
-				},
-			},
-		},
-		"managedblockchain": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-			},
-		},
-		"marketplacecommerceanalytics": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-			},
-		},
-		"media-pipelines-chime": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "media-pipelines-chime-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-1-fips",
-				}: endpoint{
-					Hostname: "media-pipelines-chime-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "media-pipelines-chime-fips.us-west-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2-fips",
-				}: endpoint{
-					Hostname: "media-pipelines-chime-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-			},
-		},
-		"mediaconnect": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-			},
-		},
-		"mediaconvert": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ca-central-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "mediaconvert-fips.ca-central-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "fips-ca-central-1",
-				}: endpoint{
-					Hostname: "mediaconvert-fips.ca-central-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ca-central-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-1",
-				}: endpoint{
-					Hostname: "mediaconvert-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-2",
-				}: endpoint{
-					Hostname: "mediaconvert-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-1",
-				}: endpoint{
-					Hostname: "mediaconvert-fips.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-2",
-				}: endpoint{
-					Hostname: "mediaconvert-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "mediaconvert-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "mediaconvert-fips.us-east-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "mediaconvert-fips.us-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "mediaconvert-fips.us-west-2.amazonaws.com",
-				},
-			},
-		},
-		"medialive": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "fips-us-east-1",
-				}: endpoint{
-					Hostname: "medialive-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-2",
-				}: endpoint{
-					Hostname: "medialive-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-2",
-				}: endpoint{
-					Hostname: "medialive-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "medialive-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "medialive-fips.us-east-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "medialive-fips.us-west-2.amazonaws.com",
-				},
-			},
-		},
-		"mediapackage": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-			},
-		},
-		"mediapackage-vod": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-			},
-		},
-		"mediapackagev2": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-			},
-		},
-		"mediastore": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-			},
-		},
-		"meetings-chime": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "meetings-chime-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-1-fips",
-				}: endpoint{
-					Hostname: "meetings-chime-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "meetings-chime-fips.us-west-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2-fips",
-				}: endpoint{
-					Hostname: "meetings-chime-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-			},
-		},
-		"memory-db": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "fips",
-				}: endpoint{
-					Hostname: "memory-db-fips.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-				},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-			},
-		},
-		"messaging-chime": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "messaging-chime-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-1-fips",
-				}: endpoint{
-					Hostname: "messaging-chime-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-			},
-		},
-		"metering.marketplace": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{
-					CredentialScope: credentialScope{
-						Service: "aws-marketplace",
-					},
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-4",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-			},
-		},
-		"metrics.sagemaker": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-4",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-			},
-		},
-		"mgh": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-			},
-		},
-		"mgn": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-4",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "fips-us-east-1",
-				}: endpoint{
-					Hostname: "mgn-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-2",
-				}: endpoint{
-					Hostname: "mgn-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-1",
-				}: endpoint{
-					Hostname: "mgn-fips.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-2",
-				}: endpoint{
-					Hostname: "mgn-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "me-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "mgn-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "mgn-fips.us-east-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "mgn-fips.us-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "mgn-fips.us-west-2.amazonaws.com",
-				},
-			},
-		},
-		"migrationhub-orchestrator": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-			},
-		},
-		"migrationhub-strategy": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-			},
-		},
-		"mobileanalytics": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-			},
-		},
-		"models-v2-lex": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-			},
-		},
-		"models.lex": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{
-					CredentialScope: credentialScope{
-						Service: "lex",
-					},
-				},
-				defaultKey{
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "models-fips.lex.{region}.{dnsSuffix}",
-					CredentialScope: credentialScope{
-						Service: "lex",
-					},
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "models-fips.lex.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-1-fips",
-				}: endpoint{
-					Hostname: "models-fips.lex.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "models-fips.lex.us-west-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2-fips",
-				}: endpoint{
-					Hostname: "models-fips.lex.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-			},
-		},
-		"monitoring": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{
-					Protocols: []string{"http", "https"},
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-4",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "fips-us-east-1",
-				}: endpoint{
-					Hostname: "monitoring-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-2",
-				}: endpoint{
-					Hostname: "monitoring-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-1",
-				}: endpoint{
-					Hostname: "monitoring-fips.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-2",
-				}: endpoint{
-					Hostname: "monitoring-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "me-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "monitoring-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "monitoring-fips.us-east-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "monitoring-fips.us-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "monitoring-fips.us-west-2.amazonaws.com",
-				},
-			},
-		},
-		"mq": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-4",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "fips-us-east-1",
-				}: endpoint{
-					Hostname: "mq-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-2",
-				}: endpoint{
-					Hostname: "mq-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-1",
-				}: endpoint{
-					Hostname: "mq-fips.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-2",
-				}: endpoint{
-					Hostname: "mq-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "me-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "mq-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "mq-fips.us-east-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "mq-fips.us-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "mq-fips.us-west-2.amazonaws.com",
-				},
-			},
-		},
-		"mturk-requester": service{
-			IsRegionalized: boxedFalse,
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "sandbox",
-				}: endpoint{
-					Hostname: "mturk-requester-sandbox.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-			},
-		},
-		"neptune": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{
-					Hostname: "rds.ap-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-east-1",
-					},
-				},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{
-					Hostname: "rds.ap-northeast-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-northeast-1",
-					},
-				},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{
-					Hostname: "rds.ap-northeast-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-northeast-2",
-					},
-				},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{
-					Hostname: "rds.ap-south-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-south-1",
-					},
-				},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{
-					Hostname: "rds.ap-southeast-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-southeast-1",
-					},
-				},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{
-					Hostname: "rds.ap-southeast-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-southeast-2",
-					},
-				},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{
-					Hostname: "rds.ca-central-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ca-central-1",
-					},
-				},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{
-					Hostname: "rds.eu-central-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-central-1",
-					},
-				},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{
-					Hostname: "rds.eu-north-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-north-1",
-					},
-				},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{
-					Hostname: "rds.eu-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-west-1",
-					},
-				},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{
-					Hostname: "rds.eu-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-west-2",
-					},
-				},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{
-					Hostname: "rds.eu-west-3.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-west-3",
-					},
-				},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{
-					Hostname: "rds.me-south-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "me-south-1",
-					},
-				},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{
-					Hostname: "rds.sa-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "sa-east-1",
-					},
-				},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{
-					Hostname: "rds.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{
-					Hostname: "rds.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-				},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{
-					Hostname: "rds.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{
-					Hostname: "rds.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-				},
-			},
-		},
-		"network-firewall": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ca-central-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "network-firewall-fips.ca-central-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "fips-ca-central-1",
-				}: endpoint{
-					Hostname: "network-firewall-fips.ca-central-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ca-central-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-1",
-				}: endpoint{
-					Hostname: "network-firewall-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-2",
-				}: endpoint{
-					Hostname: "network-firewall-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-1",
-				}: endpoint{
-					Hostname: "network-firewall-fips.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-2",
-				}: endpoint{
-					Hostname: "network-firewall-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "me-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "network-firewall-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "network-firewall-fips.us-east-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "network-firewall-fips.us-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "network-firewall-fips.us-west-2.amazonaws.com",
-				},
-			},
-		},
-		"networkmanager": service{
-			PartitionEndpoint: "aws-global",
-			IsRegionalized:    boxedFalse,
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "aws-global",
-				}: endpoint{
-					Hostname: "networkmanager.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-				},
-			},
-		},
-		"nimble": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-			},
-		},
-		"oam": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-4",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-			},
-		},
-		"oidc": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{
-					Hostname: "oidc.af-south-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "af-south-1",
-					},
-				},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{
-					Hostname: "oidc.ap-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-east-1",
-					},
-				},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{
-					Hostname: "oidc.ap-northeast-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-northeast-1",
-					},
-				},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{
-					Hostname: "oidc.ap-northeast-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-northeast-2",
-					},
-				},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{
-					Hostname: "oidc.ap-northeast-3.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-northeast-3",
-					},
-				},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{
-					Hostname: "oidc.ap-south-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-south-1",
-					},
-				},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{
-					Hostname: "oidc.ap-southeast-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-southeast-1",
-					},
-				},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{
-					Hostname: "oidc.ap-southeast-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-southeast-2",
-					},
-				},
-				endpointKey{
-					Region: "ap-southeast-3",
-				}: endpoint{
-					Hostname: "oidc.ap-southeast-3.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-southeast-3",
-					},
-				},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{
-					Hostname: "oidc.ca-central-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ca-central-1",
-					},
-				},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{
-					Hostname: "oidc.eu-central-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-central-1",
-					},
-				},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{
-					Hostname: "oidc.eu-north-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-north-1",
-					},
-				},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{
-					Hostname: "oidc.eu-south-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-south-1",
-					},
-				},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{
-					Hostname: "oidc.eu-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-west-1",
-					},
-				},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{
-					Hostname: "oidc.eu-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-west-2",
-					},
-				},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{
-					Hostname: "oidc.eu-west-3.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-west-3",
-					},
-				},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{
-					Hostname: "oidc.me-south-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "me-south-1",
-					},
-				},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{
-					Hostname: "oidc.sa-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "sa-east-1",
-					},
-				},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{
-					Hostname: "oidc.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{
-					Hostname: "oidc.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-				},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{
-					Hostname: "oidc.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{
-					Hostname: "oidc.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-				},
-			},
-		},
-		"omics": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{
-					Hostname: "omics.ap-southeast-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-southeast-1",
-					},
-				},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{
-					Hostname: "omics.eu-central-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-central-1",
-					},
-				},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{
-					Hostname: "omics.eu-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-west-1",
-					},
-				},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{
-					Hostname: "omics.eu-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-west-2",
-					},
-				},
-				endpointKey{
-					Region: "fips-us-east-1",
-				}: endpoint{
-					Hostname: "omics-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-2",
-				}: endpoint{
-					Hostname: "omics-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{
-					Hostname: "omics.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-				},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "omics-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{
-					Hostname: "omics.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-				},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "omics-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-				},
-			},
-		},
-		"opsworks": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-			},
-		},
-		"opsworks-cm": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-			},
-		},
-		"organizations": service{
-			PartitionEndpoint: "aws-global",
-			IsRegionalized:    boxedFalse,
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "aws-global",
-				}: endpoint{
-					Hostname: "organizations.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-				},
-				endpointKey{
-					Region:  "aws-global",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "organizations-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-				},
-				endpointKey{
-					Region: "fips-aws-global",
-				}: endpoint{
-					Hostname: "organizations-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-			},
-		},
-		"osis": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-			},
-		},
-		"outposts": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ca-central-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "outposts-fips.ca-central-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "fips-ca-central-1",
-				}: endpoint{
-					Hostname: "outposts-fips.ca-central-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ca-central-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-1",
-				}: endpoint{
-					Hostname: "outposts-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-2",
-				}: endpoint{
-					Hostname: "outposts-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-1",
-				}: endpoint{
-					Hostname: "outposts-fips.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-2",
-				}: endpoint{
-					Hostname: "outposts-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "outposts-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "outposts-fips.us-east-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "outposts-fips.us-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "outposts-fips.us-west-2.amazonaws.com",
-				},
-			},
-		},
-		"participant.connect": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "fips-us-east-1",
-				}: endpoint{
-					Hostname: "participant.connect-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-2",
-				}: endpoint{
-					Hostname: "participant.connect-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "participant.connect-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "participant.connect-fips.us-west-2.amazonaws.com",
-				},
-			},
-		},
-		"personalize": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-			},
-		},
-		"pi": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-4",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-			},
-		},
-		"pinpoint": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{
-					CredentialScope: credentialScope{
-						Service: "mobiletargeting",
-					},
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{
-					Hostname: "pinpoint.ca-central-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ca-central-1",
-					},
-				},
-				endpointKey{
-					Region:  "ca-central-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "pinpoint-fips.ca-central-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ca-central-1",
-					},
-				},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "fips-ca-central-1",
-				}: endpoint{
-					Hostname: "pinpoint-fips.ca-central-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ca-central-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-1",
-				}: endpoint{
-					Hostname: "pinpoint-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-2",
-				}: endpoint{
-					Hostname: "pinpoint-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-2",
-				}: endpoint{
-					Hostname: "pinpoint-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{
-					Hostname: "pinpoint.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-				},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "pinpoint-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{
-					Hostname: "pinpoint.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-				},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "pinpoint-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{
-					Hostname: "pinpoint.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-				},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "pinpoint-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-				},
-			},
-		},
-		"pipes": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-			},
-		},
-		"polly": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "fips-us-east-1",
-				}: endpoint{
-					Hostname: "polly-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-2",
-				}: endpoint{
-					Hostname: "polly-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-1",
-				}: endpoint{
-					Hostname: "polly-fips.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-2",
-				}: endpoint{
-					Hostname: "polly-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "polly-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "polly-fips.us-east-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "polly-fips.us-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "polly-fips.us-west-2.amazonaws.com",
-				},
-			},
-		},
-		"portal.sso": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{
-					Hostname: "portal.sso.af-south-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "af-south-1",
-					},
-				},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{
-					Hostname: "portal.sso.ap-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-east-1",
-					},
-				},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{
-					Hostname: "portal.sso.ap-northeast-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-northeast-1",
-					},
-				},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{
-					Hostname: "portal.sso.ap-northeast-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-northeast-2",
-					},
-				},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{
-					Hostname: "portal.sso.ap-northeast-3.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-northeast-3",
-					},
-				},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{
-					Hostname: "portal.sso.ap-south-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-south-1",
-					},
-				},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{
-					Hostname: "portal.sso.ap-southeast-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-southeast-1",
-					},
-				},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{
-					Hostname: "portal.sso.ap-southeast-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-southeast-2",
-					},
-				},
-				endpointKey{
-					Region: "ap-southeast-3",
-				}: endpoint{
-					Hostname: "portal.sso.ap-southeast-3.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-southeast-3",
-					},
-				},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{
-					Hostname: "portal.sso.ca-central-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ca-central-1",
-					},
-				},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{
-					Hostname: "portal.sso.eu-central-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-central-1",
-					},
-				},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{
-					Hostname: "portal.sso.eu-north-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-north-1",
-					},
-				},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{
-					Hostname: "portal.sso.eu-south-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-south-1",
-					},
-				},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{
-					Hostname: "portal.sso.eu-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-west-1",
-					},
-				},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{
-					Hostname: "portal.sso.eu-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-west-2",
-					},
-				},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{
-					Hostname: "portal.sso.eu-west-3.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-west-3",
-					},
-				},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{
-					Hostname: "portal.sso.me-south-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "me-south-1",
-					},
-				},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{
-					Hostname: "portal.sso.sa-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "sa-east-1",
-					},
-				},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{
-					Hostname: "portal.sso.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{
-					Hostname: "portal.sso.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-				},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{
-					Hostname: "portal.sso.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{
-					Hostname: "portal.sso.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-				},
-			},
-		},
-		"profile": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ca-central-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "profile-fips.ca-central-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "fips-ca-central-1",
-				}: endpoint{
-					Hostname: "profile-fips.ca-central-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ca-central-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-1",
-				}: endpoint{
-					Hostname: "profile-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-2",
-				}: endpoint{
-					Hostname: "profile-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "profile-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "profile-fips.us-west-2.amazonaws.com",
-				},
-			},
-		},
-		"projects.iot1click": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-			},
-		},
-		"proton": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-			},
-		},
-		"qldb": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ca-central-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "qldb-fips.ca-central-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "fips-ca-central-1",
-				}: endpoint{
-					Hostname: "qldb-fips.ca-central-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ca-central-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-1",
-				}: endpoint{
-					Hostname: "qldb-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-2",
-				}: endpoint{
-					Hostname: "qldb-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-2",
-				}: endpoint{
-					Hostname: "qldb-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "qldb-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "qldb-fips.us-east-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "qldb-fips.us-west-2.amazonaws.com",
-				},
-			},
-		},
-		"quicksight": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-			},
-		},
-		"ram": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-4",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ca-central-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "ram-fips.ca-central-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "fips-ca-central-1",
-				}: endpoint{
-					Hostname: "ram-fips.ca-central-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ca-central-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-1",
-				}: endpoint{
-					Hostname: "ram-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-2",
-				}: endpoint{
-					Hostname: "ram-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-1",
-				}: endpoint{
-					Hostname: "ram-fips.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-2",
-				}: endpoint{
-					Hostname: "ram-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "me-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "ram-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "ram-fips.us-east-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "ram-fips.us-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "ram-fips.us-west-2.amazonaws.com",
-				},
-			},
-		},
-		"rbin": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-4",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ca-central-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "rbin-fips.ca-central-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "fips-ca-central-1",
-				}: endpoint{
-					Hostname: "rbin-fips.ca-central-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ca-central-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-1",
-				}: endpoint{
-					Hostname: "rbin-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-2",
-				}: endpoint{
-					Hostname: "rbin-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-1",
-				}: endpoint{
-					Hostname: "rbin-fips.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-2",
-				}: endpoint{
-					Hostname: "rbin-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "me-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "rbin-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "rbin-fips.us-east-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "rbin-fips.us-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "rbin-fips.us-west-2.amazonaws.com",
-				},
-			},
-		},
-		"rds": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-4",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ca-central-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "rds-fips.ca-central-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "ca-central-1-fips",
-				}: endpoint{
-					Hostname: "rds-fips.ca-central-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ca-central-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "rds-fips.ca-central-1",
-				}: endpoint{
-					Hostname: "rds-fips.ca-central-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ca-central-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "rds-fips.us-east-1",
-				}: endpoint{
-					Hostname: "rds-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "rds-fips.us-east-2",
-				}: endpoint{
-					Hostname: "rds-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "rds-fips.us-west-1",
-				}: endpoint{
-					Hostname: "rds-fips.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "rds-fips.us-west-2",
-				}: endpoint{
-					Hostname: "rds-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "rds.ca-central-1",
-				}: endpoint{
-					CredentialScope: credentialScope{
-						Region: "ca-central-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region:  "rds.ca-central-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "rds-fips.ca-central-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ca-central-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "rds.us-east-1",
-				}: endpoint{
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region:  "rds.us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "rds-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "rds.us-east-2",
-				}: endpoint{
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region:  "rds.us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "rds-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "rds.us-west-1",
-				}: endpoint{
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region:  "rds.us-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "rds-fips.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "rds.us-west-2",
-				}: endpoint{
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region:  "rds.us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "rds-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{
-					SSLCommonName: "{service}.{dnsSuffix}",
-				},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname:      "rds-fips.us-east-1.amazonaws.com",
-					SSLCommonName: "{service}.{dnsSuffix}",
-				},
-				endpointKey{
-					Region: "us-east-1-fips",
-				}: endpoint{
-					Hostname: "rds-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "rds-fips.us-east-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-2-fips",
-				}: endpoint{
-					Hostname: "rds-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "rds-fips.us-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-1-fips",
-				}: endpoint{
-					Hostname: "rds-fips.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "rds-fips.us-west-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2-fips",
-				}: endpoint{
-					Hostname: "rds-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-			},
-		},
-		"rds-data": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "fips-us-east-1",
-				}: endpoint{
-					Hostname: "rds-data-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-2",
-				}: endpoint{
-					Hostname: "rds-data-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-1",
-				}: endpoint{
-					Hostname: "rds-data-fips.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-2",
-				}: endpoint{
-					Hostname: "rds-data-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "rds-data-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "rds-data-fips.us-east-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "rds-data-fips.us-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "rds-data-fips.us-west-2.amazonaws.com",
-				},
-			},
-		},
-		"redshift": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-4",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ca-central-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "redshift-fips.ca-central-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "fips-ca-central-1",
-				}: endpoint{
-					Hostname: "redshift-fips.ca-central-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ca-central-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-1",
-				}: endpoint{
-					Hostname: "redshift-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-2",
-				}: endpoint{
-					Hostname: "redshift-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-1",
-				}: endpoint{
-					Hostname: "redshift-fips.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-2",
-				}: endpoint{
-					Hostname: "redshift-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "me-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "redshift-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "redshift-fips.us-east-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "redshift-fips.us-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "redshift-fips.us-west-2.amazonaws.com",
-				},
-			},
-		},
-		"redshift-serverless": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-			},
-		},
-		"rekognition": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ca-central-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "rekognition-fips.ca-central-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "ca-central-1-fips",
-				}: endpoint{
-					Hostname: "rekognition-fips.ca-central-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ca-central-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "rekognition-fips.ca-central-1",
-				}: endpoint{
-					Hostname: "rekognition-fips.ca-central-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ca-central-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "rekognition-fips.us-east-1",
-				}: endpoint{
-					Hostname: "rekognition-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "rekognition-fips.us-east-2",
-				}: endpoint{
-					Hostname: "rekognition-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "rekognition-fips.us-west-1",
-				}: endpoint{
-					Hostname: "rekognition-fips.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "rekognition-fips.us-west-2",
-				}: endpoint{
-					Hostname: "rekognition-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "rekognition.ca-central-1",
-				}: endpoint{
-					CredentialScope: credentialScope{
-						Region: "ca-central-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region:  "rekognition.ca-central-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "rekognition-fips.ca-central-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ca-central-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "rekognition.us-east-1",
-				}: endpoint{
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region:  "rekognition.us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "rekognition-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "rekognition.us-east-2",
-				}: endpoint{
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region:  "rekognition.us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "rekognition-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "rekognition.us-west-1",
-				}: endpoint{
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region:  "rekognition.us-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "rekognition-fips.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "rekognition.us-west-2",
-				}: endpoint{
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region:  "rekognition.us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "rekognition-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "rekognition-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-1-fips",
-				}: endpoint{
-					Hostname: "rekognition-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "rekognition-fips.us-east-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-2-fips",
-				}: endpoint{
-					Hostname: "rekognition-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "rekognition-fips.us-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-1-fips",
-				}: endpoint{
-					Hostname: "rekognition-fips.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "rekognition-fips.us-west-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2-fips",
-				}: endpoint{
-					Hostname: "rekognition-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-			},
-		},
-		"resiliencehub": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-			},
-		},
-		"resource-explorer-2": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{
-					DNSSuffix: "api.aws",
-				},
-				defaultKey{
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname:  "{service}-fips.{region}.{dnsSuffix}",
-					DNSSuffix: "api.aws",
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{
-					Hostname: "resource-explorer-2.ap-northeast-1.api.aws",
-				},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{
-					Hostname: "resource-explorer-2.ap-northeast-2.api.aws",
-				},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{
-					Hostname: "resource-explorer-2.ap-northeast-3.api.aws",
-				},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{
-					Hostname: "resource-explorer-2.ap-south-1.api.aws",
-				},
-				endpointKey{
-					Region: "ap-south-2",
-				}: endpoint{
-					Hostname: "resource-explorer-2.ap-south-2.api.aws",
-				},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{
-					Hostname: "resource-explorer-2.ap-southeast-1.api.aws",
-				},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{
-					Hostname: "resource-explorer-2.ap-southeast-2.api.aws",
-				},
-				endpointKey{
-					Region: "ap-southeast-4",
-				}: endpoint{
-					Hostname: "resource-explorer-2.ap-southeast-4.api.aws",
-				},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{
-					Hostname: "resource-explorer-2.ca-central-1.api.aws",
-				},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{
-					Hostname: "resource-explorer-2.eu-central-1.api.aws",
-				},
-				endpointKey{
-					Region: "eu-central-2",
-				}: endpoint{
-					Hostname: "resource-explorer-2.eu-central-2.api.aws",
-				},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{
-					Hostname: "resource-explorer-2.eu-north-1.api.aws",
-				},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{
-					Hostname: "resource-explorer-2.eu-west-1.api.aws",
-				},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{
-					Hostname: "resource-explorer-2.eu-west-2.api.aws",
-				},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{
-					Hostname: "resource-explorer-2.eu-west-3.api.aws",
-				},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{
-					Hostname: "resource-explorer-2.sa-east-1.api.aws",
-				},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{
-					Hostname: "resource-explorer-2.us-east-1.api.aws",
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{
-					Hostname: "resource-explorer-2.us-east-2.api.aws",
-				},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{
-					Hostname: "resource-explorer-2.us-west-1.api.aws",
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{
-					Hostname: "resource-explorer-2.us-west-2.api.aws",
-				},
-			},
-		},
-		"resource-groups": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-4",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "fips-us-east-1",
-				}: endpoint{
-					Hostname: "resource-groups-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-2",
-				}: endpoint{
-					Hostname: "resource-groups-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-1",
-				}: endpoint{
-					Hostname: "resource-groups-fips.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-2",
-				}: endpoint{
-					Hostname: "resource-groups-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "me-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "resource-groups-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "resource-groups-fips.us-east-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "resource-groups-fips.us-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "resource-groups-fips.us-west-2.amazonaws.com",
-				},
-			},
-		},
-		"robomaker": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-			},
-		},
-		"rolesanywhere": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-			},
-		},
-		"route53": service{
-			PartitionEndpoint: "aws-global",
-			IsRegionalized:    boxedFalse,
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "aws-global",
-				}: endpoint{
-					Hostname: "route53.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-				},
-				endpointKey{
-					Region:  "aws-global",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "route53-fips.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-				},
-				endpointKey{
-					Region: "fips-aws-global",
-				}: endpoint{
-					Hostname: "route53-fips.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-			},
-		},
-		"route53-recovery-control-config": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "aws-global",
-				}: endpoint{
-					Hostname: "route53-recovery-control-config.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-				},
-			},
-		},
-		"route53domains": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-			},
-		},
-		"route53resolver": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{
-					Protocols: []string{"https"},
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-4",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-			},
-		},
-		"rum": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-			},
-		},
-		"runtime-v2-lex": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-			},
-		},
-		"runtime.lex": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{
-					CredentialScope: credentialScope{
-						Service: "lex",
-					},
-				},
-				defaultKey{
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "runtime-fips.lex.{region}.{dnsSuffix}",
-					CredentialScope: credentialScope{
-						Service: "lex",
-					},
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "runtime-fips.lex.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-1-fips",
-				}: endpoint{
-					Hostname: "runtime-fips.lex.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "runtime-fips.lex.us-west-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2-fips",
-				}: endpoint{
-					Hostname: "runtime-fips.lex.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-			},
-		},
-		"runtime.sagemaker": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{},
-				defaultKey{
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "runtime-fips.sagemaker.{region}.{dnsSuffix}",
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-4",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "runtime-fips.sagemaker.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-1-fips",
-				}: endpoint{
-					Hostname: "runtime-fips.sagemaker.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "runtime-fips.sagemaker.us-east-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-2-fips",
-				}: endpoint{
-					Hostname: "runtime-fips.sagemaker.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "runtime-fips.sagemaker.us-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-1-fips",
-				}: endpoint{
-					Hostname: "runtime-fips.sagemaker.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "runtime-fips.sagemaker.us-west-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2-fips",
-				}: endpoint{
-					Hostname: "runtime-fips.sagemaker.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-			},
-		},
-		"s3": service{
-			PartitionEndpoint: "aws-global",
-			IsRegionalized:    boxedTrue,
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{
-					Protocols:         []string{"http", "https"},
-					SignatureVersions: []string{"s3v4"},
-				},
-				defaultKey{
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname:          "{service}.dualstack.{region}.{dnsSuffix}",
-					DNSSuffix:         "amazonaws.com",
-					Protocols:         []string{"http", "https"},
-					SignatureVersions: []string{"s3v4"},
-				},
-				defaultKey{
-					Variant: fipsVariant | dualStackVariant,
-				}: endpoint{
-					Hostname:          "{service}-fips.dualstack.{region}.{dnsSuffix}",
-					DNSSuffix:         "amazonaws.com",
-					Protocols:         []string{"http", "https"},
-					SignatureVersions: []string{"s3v4"},
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "af-south-1",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "s3.dualstack.af-south-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ap-east-1",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "s3.dualstack.ap-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{
-					Hostname:          "s3.ap-northeast-1.amazonaws.com",
-					SignatureVersions: []string{"s3", "s3v4"},
-				},
-				endpointKey{
-					Region:  "ap-northeast-1",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname:          "s3.dualstack.ap-northeast-1.amazonaws.com",
-					SignatureVersions: []string{"s3", "s3v4"},
-				},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ap-northeast-2",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "s3.dualstack.ap-northeast-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ap-northeast-3",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "s3.dualstack.ap-northeast-3.amazonaws.com",
-				},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ap-south-1",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "s3.dualstack.ap-south-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "ap-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ap-south-2",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "s3.dualstack.ap-south-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{
-					Hostname:          "s3.ap-southeast-1.amazonaws.com",
-					SignatureVersions: []string{"s3", "s3v4"},
-				},
-				endpointKey{
-					Region:  "ap-southeast-1",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname:          "s3.dualstack.ap-southeast-1.amazonaws.com",
-					SignatureVersions: []string{"s3", "s3v4"},
-				},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{
-					Hostname:          "s3.ap-southeast-2.amazonaws.com",
-					SignatureVersions: []string{"s3", "s3v4"},
-				},
-				endpointKey{
-					Region:  "ap-southeast-2",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname:          "s3.dualstack.ap-southeast-2.amazonaws.com",
-					SignatureVersions: []string{"s3", "s3v4"},
-				},
-				endpointKey{
-					Region: "ap-southeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ap-southeast-3",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "s3.dualstack.ap-southeast-3.amazonaws.com",
-				},
-				endpointKey{
-					Region: "ap-southeast-4",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ap-southeast-4",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "s3.dualstack.ap-southeast-4.amazonaws.com",
-				},
-				endpointKey{
-					Region: "aws-global",
-				}: endpoint{
-					Hostname:          "s3.amazonaws.com",
-					SignatureVersions: []string{"s3", "s3v4"},
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-				},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ca-central-1",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "s3.dualstack.ca-central-1.amazonaws.com",
-				},
-				endpointKey{
-					Region:  "ca-central-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "s3-fips.ca-central-1.amazonaws.com",
-				},
-				endpointKey{
-					Region:  "ca-central-1",
-					Variant: fipsVariant | dualStackVariant,
-				}: endpoint{
-					Hostname: "s3-fips.dualstack.ca-central-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "eu-central-1",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "s3.dualstack.eu-central-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "eu-central-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "eu-central-2",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "s3.dualstack.eu-central-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "eu-north-1",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "s3.dualstack.eu-north-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "eu-south-1",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "s3.dualstack.eu-south-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "eu-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "eu-south-2",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "s3.dualstack.eu-south-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{
-					Hostname:          "s3.eu-west-1.amazonaws.com",
-					SignatureVersions: []string{"s3", "s3v4"},
-				},
-				endpointKey{
-					Region:  "eu-west-1",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname:          "s3.dualstack.eu-west-1.amazonaws.com",
-					SignatureVersions: []string{"s3", "s3v4"},
-				},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "eu-west-2",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "s3.dualstack.eu-west-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region:  "eu-west-3",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "s3.dualstack.eu-west-3.amazonaws.com",
-				},
-				endpointKey{
-					Region: "fips-ca-central-1",
-				}: endpoint{
-					Hostname: "s3-fips.ca-central-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ca-central-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-1",
-				}: endpoint{
-					Hostname: "s3-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-2",
-				}: endpoint{
-					Hostname: "s3-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-1",
-				}: endpoint{
-					Hostname: "s3-fips.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-2",
-				}: endpoint{
-					Hostname: "s3-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "me-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "me-central-1",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "s3.dualstack.me-central-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "me-south-1",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "s3.dualstack.me-south-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "s3-external-1",
-				}: endpoint{
-					Hostname:          "s3-external-1.amazonaws.com",
-					SignatureVersions: []string{"s3", "s3v4"},
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-				},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{
-					Hostname:          "s3.sa-east-1.amazonaws.com",
-					SignatureVersions: []string{"s3", "s3v4"},
-				},
-				endpointKey{
-					Region:  "sa-east-1",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname:          "s3.dualstack.sa-east-1.amazonaws.com",
-					SignatureVersions: []string{"s3", "s3v4"},
-				},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{
-					Hostname:          "s3.us-east-1.amazonaws.com",
-					SignatureVersions: []string{"s3", "s3v4"},
-				},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname:          "s3.dualstack.us-east-1.amazonaws.com",
-					SignatureVersions: []string{"s3", "s3v4"},
-				},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname:          "s3-fips.us-east-1.amazonaws.com",
-					SignatureVersions: []string{"s3", "s3v4"},
-				},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant | dualStackVariant,
-				}: endpoint{
-					Hostname:          "s3-fips.dualstack.us-east-1.amazonaws.com",
-					SignatureVersions: []string{"s3", "s3v4"},
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "s3.dualstack.us-east-2.amazonaws.com",
-				},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "s3-fips.us-east-2.amazonaws.com",
-				},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant | dualStackVariant,
-				}: endpoint{
-					Hostname: "s3-fips.dualstack.us-east-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{
-					Hostname:          "s3.us-west-1.amazonaws.com",
-					SignatureVersions: []string{"s3", "s3v4"},
-				},
-				endpointKey{
-					Region:  "us-west-1",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname:          "s3.dualstack.us-west-1.amazonaws.com",
-					SignatureVersions: []string{"s3", "s3v4"},
-				},
-				endpointKey{
-					Region:  "us-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname:          "s3-fips.us-west-1.amazonaws.com",
-					SignatureVersions: []string{"s3", "s3v4"},
-				},
-				endpointKey{
-					Region:  "us-west-1",
-					Variant: fipsVariant | dualStackVariant,
-				}: endpoint{
-					Hostname:          "s3-fips.dualstack.us-west-1.amazonaws.com",
-					SignatureVersions: []string{"s3", "s3v4"},
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{
-					Hostname:          "s3.us-west-2.amazonaws.com",
-					SignatureVersions: []string{"s3", "s3v4"},
-				},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname:          "s3.dualstack.us-west-2.amazonaws.com",
-					SignatureVersions: []string{"s3", "s3v4"},
-				},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname:          "s3-fips.us-west-2.amazonaws.com",
-					SignatureVersions: []string{"s3", "s3v4"},
-				},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant | dualStackVariant,
-				}: endpoint{
-					Hostname:          "s3-fips.dualstack.us-west-2.amazonaws.com",
-					SignatureVersions: []string{"s3", "s3v4"},
-				},
-			},
-		},
-		"s3-control": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{
-					Protocols:         []string{"https"},
-					SignatureVersions: []string{"s3v4"},
-				},
-				defaultKey{
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname:          "{service}.dualstack.{region}.{dnsSuffix}",
-					DNSSuffix:         "amazonaws.com",
-					Protocols:         []string{"https"},
-					SignatureVersions: []string{"s3v4"},
-				},
-				defaultKey{
-					Variant: fipsVariant | dualStackVariant,
-				}: endpoint{
-					Hostname:          "{service}-fips.dualstack.{region}.{dnsSuffix}",
-					DNSSuffix:         "amazonaws.com",
-					Protocols:         []string{"https"},
-					SignatureVersions: []string{"s3v4"},
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{
-					Hostname:          "s3-control.ap-northeast-1.amazonaws.com",
-					SignatureVersions: []string{"s3v4"},
-					CredentialScope: credentialScope{
-						Region: "ap-northeast-1",
-					},
-				},
-				endpointKey{
-					Region:  "ap-northeast-1",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname:          "s3-control.dualstack.ap-northeast-1.amazonaws.com",
-					SignatureVersions: []string{"s3v4"},
-					CredentialScope: credentialScope{
-						Region: "ap-northeast-1",
-					},
-				},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{
-					Hostname:          "s3-control.ap-northeast-2.amazonaws.com",
-					SignatureVersions: []string{"s3v4"},
-					CredentialScope: credentialScope{
-						Region: "ap-northeast-2",
-					},
-				},
-				endpointKey{
-					Region:  "ap-northeast-2",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname:          "s3-control.dualstack.ap-northeast-2.amazonaws.com",
-					SignatureVersions: []string{"s3v4"},
-					CredentialScope: credentialScope{
-						Region: "ap-northeast-2",
-					},
-				},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{
-					Hostname:          "s3-control.ap-northeast-3.amazonaws.com",
-					SignatureVersions: []string{"s3v4"},
-					CredentialScope: credentialScope{
-						Region: "ap-northeast-3",
-					},
-				},
-				endpointKey{
-					Region:  "ap-northeast-3",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname:          "s3-control.dualstack.ap-northeast-3.amazonaws.com",
-					SignatureVersions: []string{"s3v4"},
-					CredentialScope: credentialScope{
-						Region: "ap-northeast-3",
-					},
-				},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{
-					Hostname:          "s3-control.ap-south-1.amazonaws.com",
-					SignatureVersions: []string{"s3v4"},
-					CredentialScope: credentialScope{
-						Region: "ap-south-1",
-					},
-				},
-				endpointKey{
-					Region:  "ap-south-1",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname:          "s3-control.dualstack.ap-south-1.amazonaws.com",
-					SignatureVersions: []string{"s3v4"},
-					CredentialScope: credentialScope{
-						Region: "ap-south-1",
-					},
-				},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{
-					Hostname:          "s3-control.ap-southeast-1.amazonaws.com",
-					SignatureVersions: []string{"s3v4"},
-					CredentialScope: credentialScope{
-						Region: "ap-southeast-1",
-					},
-				},
-				endpointKey{
-					Region:  "ap-southeast-1",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname:          "s3-control.dualstack.ap-southeast-1.amazonaws.com",
-					SignatureVersions: []string{"s3v4"},
-					CredentialScope: credentialScope{
-						Region: "ap-southeast-1",
-					},
-				},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{
-					Hostname:          "s3-control.ap-southeast-2.amazonaws.com",
-					SignatureVersions: []string{"s3v4"},
-					CredentialScope: credentialScope{
-						Region: "ap-southeast-2",
-					},
-				},
-				endpointKey{
-					Region:  "ap-southeast-2",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname:          "s3-control.dualstack.ap-southeast-2.amazonaws.com",
-					SignatureVersions: []string{"s3v4"},
-					CredentialScope: credentialScope{
-						Region: "ap-southeast-2",
-					},
-				},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{
-					Hostname:          "s3-control.ca-central-1.amazonaws.com",
-					SignatureVersions: []string{"s3v4"},
-					CredentialScope: credentialScope{
-						Region: "ca-central-1",
-					},
-				},
-				endpointKey{
-					Region:  "ca-central-1",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname:          "s3-control.dualstack.ca-central-1.amazonaws.com",
-					SignatureVersions: []string{"s3v4"},
-					CredentialScope: credentialScope{
-						Region: "ca-central-1",
-					},
-				},
-				endpointKey{
-					Region:  "ca-central-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname:          "s3-control-fips.ca-central-1.amazonaws.com",
-					SignatureVersions: []string{"s3v4"},
-					CredentialScope: credentialScope{
-						Region: "ca-central-1",
-					},
-				},
-				endpointKey{
-					Region:  "ca-central-1",
-					Variant: fipsVariant | dualStackVariant,
-				}: endpoint{
-					Hostname:          "s3-control-fips.dualstack.ca-central-1.amazonaws.com",
-					SignatureVersions: []string{"s3v4"},
-					CredentialScope: credentialScope{
-						Region: "ca-central-1",
-					},
-				},
-				endpointKey{
-					Region: "ca-central-1-fips",
-				}: endpoint{
-					Hostname:          "s3-control-fips.ca-central-1.amazonaws.com",
-					SignatureVersions: []string{"s3v4"},
-					CredentialScope: credentialScope{
-						Region: "ca-central-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{
-					Hostname:          "s3-control.eu-central-1.amazonaws.com",
-					SignatureVersions: []string{"s3v4"},
-					CredentialScope: credentialScope{
-						Region: "eu-central-1",
-					},
-				},
-				endpointKey{
-					Region:  "eu-central-1",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname:          "s3-control.dualstack.eu-central-1.amazonaws.com",
-					SignatureVersions: []string{"s3v4"},
-					CredentialScope: credentialScope{
-						Region: "eu-central-1",
-					},
-				},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{
-					Hostname:          "s3-control.eu-north-1.amazonaws.com",
-					SignatureVersions: []string{"s3v4"},
-					CredentialScope: credentialScope{
-						Region: "eu-north-1",
-					},
-				},
-				endpointKey{
-					Region:  "eu-north-1",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname:          "s3-control.dualstack.eu-north-1.amazonaws.com",
-					SignatureVersions: []string{"s3v4"},
-					CredentialScope: credentialScope{
-						Region: "eu-north-1",
-					},
-				},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{
-					Hostname:          "s3-control.eu-west-1.amazonaws.com",
-					SignatureVersions: []string{"s3v4"},
-					CredentialScope: credentialScope{
-						Region: "eu-west-1",
-					},
-				},
-				endpointKey{
-					Region:  "eu-west-1",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname:          "s3-control.dualstack.eu-west-1.amazonaws.com",
-					SignatureVersions: []string{"s3v4"},
-					CredentialScope: credentialScope{
-						Region: "eu-west-1",
-					},
-				},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{
-					Hostname:          "s3-control.eu-west-2.amazonaws.com",
-					SignatureVersions: []string{"s3v4"},
-					CredentialScope: credentialScope{
-						Region: "eu-west-2",
-					},
-				},
-				endpointKey{
-					Region:  "eu-west-2",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname:          "s3-control.dualstack.eu-west-2.amazonaws.com",
-					SignatureVersions: []string{"s3v4"},
-					CredentialScope: credentialScope{
-						Region: "eu-west-2",
-					},
-				},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{
-					Hostname:          "s3-control.eu-west-3.amazonaws.com",
-					SignatureVersions: []string{"s3v4"},
-					CredentialScope: credentialScope{
-						Region: "eu-west-3",
-					},
-				},
-				endpointKey{
-					Region:  "eu-west-3",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname:          "s3-control.dualstack.eu-west-3.amazonaws.com",
-					SignatureVersions: []string{"s3v4"},
-					CredentialScope: credentialScope{
-						Region: "eu-west-3",
-					},
-				},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{
-					Hostname:          "s3-control.sa-east-1.amazonaws.com",
-					SignatureVersions: []string{"s3v4"},
-					CredentialScope: credentialScope{
-						Region: "sa-east-1",
-					},
-				},
-				endpointKey{
-					Region:  "sa-east-1",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname:          "s3-control.dualstack.sa-east-1.amazonaws.com",
-					SignatureVersions: []string{"s3v4"},
-					CredentialScope: credentialScope{
-						Region: "sa-east-1",
-					},
-				},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{
-					Hostname:          "s3-control.us-east-1.amazonaws.com",
-					SignatureVersions: []string{"s3v4"},
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-				},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname:          "s3-control.dualstack.us-east-1.amazonaws.com",
-					SignatureVersions: []string{"s3v4"},
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-				},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname:          "s3-control-fips.us-east-1.amazonaws.com",
-					SignatureVersions: []string{"s3v4"},
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-				},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant | dualStackVariant,
-				}: endpoint{
-					Hostname:          "s3-control-fips.dualstack.us-east-1.amazonaws.com",
-					SignatureVersions: []string{"s3v4"},
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-				},
-				endpointKey{
-					Region: "us-east-1-fips",
-				}: endpoint{
-					Hostname:          "s3-control-fips.us-east-1.amazonaws.com",
-					SignatureVersions: []string{"s3v4"},
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{
-					Hostname:          "s3-control.us-east-2.amazonaws.com",
-					SignatureVersions: []string{"s3v4"},
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-				},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname:          "s3-control.dualstack.us-east-2.amazonaws.com",
-					SignatureVersions: []string{"s3v4"},
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-				},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname:          "s3-control-fips.us-east-2.amazonaws.com",
-					SignatureVersions: []string{"s3v4"},
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-				},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant | dualStackVariant,
-				}: endpoint{
-					Hostname:          "s3-control-fips.dualstack.us-east-2.amazonaws.com",
-					SignatureVersions: []string{"s3v4"},
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-				},
-				endpointKey{
-					Region: "us-east-2-fips",
-				}: endpoint{
-					Hostname:          "s3-control-fips.us-east-2.amazonaws.com",
-					SignatureVersions: []string{"s3v4"},
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{
-					Hostname:          "s3-control.us-west-1.amazonaws.com",
-					SignatureVersions: []string{"s3v4"},
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-				},
-				endpointKey{
-					Region:  "us-west-1",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname:          "s3-control.dualstack.us-west-1.amazonaws.com",
-					SignatureVersions: []string{"s3v4"},
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-				},
-				endpointKey{
-					Region:  "us-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname:          "s3-control-fips.us-west-1.amazonaws.com",
-					SignatureVersions: []string{"s3v4"},
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-				},
-				endpointKey{
-					Region:  "us-west-1",
-					Variant: fipsVariant | dualStackVariant,
-				}: endpoint{
-					Hostname:          "s3-control-fips.dualstack.us-west-1.amazonaws.com",
-					SignatureVersions: []string{"s3v4"},
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-				},
-				endpointKey{
-					Region: "us-west-1-fips",
-				}: endpoint{
-					Hostname:          "s3-control-fips.us-west-1.amazonaws.com",
-					SignatureVersions: []string{"s3v4"},
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{
-					Hostname:          "s3-control.us-west-2.amazonaws.com",
-					SignatureVersions: []string{"s3v4"},
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-				},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname:          "s3-control.dualstack.us-west-2.amazonaws.com",
-					SignatureVersions: []string{"s3v4"},
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-				},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname:          "s3-control-fips.us-west-2.amazonaws.com",
-					SignatureVersions: []string{"s3v4"},
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-				},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant | dualStackVariant,
-				}: endpoint{
-					Hostname:          "s3-control-fips.dualstack.us-west-2.amazonaws.com",
-					SignatureVersions: []string{"s3v4"},
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-				},
-				endpointKey{
-					Region: "us-west-2-fips",
-				}: endpoint{
-					Hostname:          "s3-control-fips.us-west-2.amazonaws.com",
-					SignatureVersions: []string{"s3v4"},
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-			},
-		},
-		"s3-outposts": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ca-central-1",
-					Variant: fipsVariant,
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "fips-ca-central-1",
-				}: endpoint{
-
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-1",
-				}: endpoint{
-
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-2",
-				}: endpoint{
-
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-1",
-				}: endpoint{
-
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-2",
-				}: endpoint{
-
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-1",
-					Variant: fipsVariant,
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{},
-			},
-		},
-		"sagemaker-geospatial": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-			},
-		},
-		"savingsplans": service{
-			PartitionEndpoint: "aws-global",
-			IsRegionalized:    boxedFalse,
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "aws-global",
-				}: endpoint{
-					Hostname: "savingsplans.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-				},
-			},
-		},
-		"scheduler": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-4",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-			},
-		},
-		"schemas": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-			},
-		},
-		"sdb": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{
-					Protocols:         []string{"http", "https"},
-					SignatureVersions: []string{"v2"},
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{
-					Hostname: "sdb.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-			},
-		},
-		"secretsmanager": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-4",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ca-central-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "secretsmanager-fips.ca-central-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "ca-central-1-fips",
-				}: endpoint{
-					Hostname: "secretsmanager-fips.ca-central-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ca-central-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "secretsmanager-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-1-fips",
-				}: endpoint{
-					Hostname: "secretsmanager-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "secretsmanager-fips.us-east-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-2-fips",
-				}: endpoint{
-					Hostname: "secretsmanager-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "secretsmanager-fips.us-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-1-fips",
-				}: endpoint{
-					Hostname: "secretsmanager-fips.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "secretsmanager-fips.us-west-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2-fips",
-				}: endpoint{
-					Hostname: "secretsmanager-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-			},
-		},
-		"securityhub": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-4",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "fips-us-east-1",
-				}: endpoint{
-					Hostname: "securityhub-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-2",
-				}: endpoint{
-					Hostname: "securityhub-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-1",
-				}: endpoint{
-					Hostname: "securityhub-fips.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-2",
-				}: endpoint{
-					Hostname: "securityhub-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "me-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "securityhub-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "securityhub-fips.us-east-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "securityhub-fips.us-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "securityhub-fips.us-west-2.amazonaws.com",
-				},
-			},
-		},
-		"securitylake": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-			},
-		},
-		"serverlessrepo": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{
-					Protocols: []string{"https"},
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{
-					Protocols: []string{"https"},
-				},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{
-					Protocols: []string{"https"},
-				},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{
-					Protocols: []string{"https"},
-				},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{
-					Protocols: []string{"https"},
-				},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{
-					Protocols: []string{"https"},
-				},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{
-					Protocols: []string{"https"},
-				},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{
-					Protocols: []string{"https"},
-				},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{
-					Protocols: []string{"https"},
-				},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{
-					Protocols: []string{"https"},
-				},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{
-					Protocols: []string{"https"},
-				},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{
-					Protocols: []string{"https"},
-				},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{
-					Protocols: []string{"https"},
-				},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{
-					Protocols: []string{"https"},
-				},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{
-					Protocols: []string{"https"},
-				},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{
-					Protocols: []string{"https"},
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{
-					Protocols: []string{"https"},
-				},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{
-					Protocols: []string{"https"},
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{
-					Protocols: []string{"https"},
-				},
-			},
-		},
-		"servicecatalog": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-4",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "servicecatalog-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-1-fips",
-				}: endpoint{
-					Hostname: "servicecatalog-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "servicecatalog-fips.us-east-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-2-fips",
-				}: endpoint{
-					Hostname: "servicecatalog-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "servicecatalog-fips.us-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-1-fips",
-				}: endpoint{
-					Hostname: "servicecatalog-fips.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "servicecatalog-fips.us-west-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2-fips",
-				}: endpoint{
-					Hostname: "servicecatalog-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-			},
-		},
-		"servicecatalog-appregistry": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ca-central-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "servicecatalog-appregistry-fips.ca-central-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "fips-ca-central-1",
-				}: endpoint{
-					Hostname: "servicecatalog-appregistry-fips.ca-central-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ca-central-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-1",
-				}: endpoint{
-					Hostname: "servicecatalog-appregistry-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-2",
-				}: endpoint{
-					Hostname: "servicecatalog-appregistry-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-1",
-				}: endpoint{
-					Hostname: "servicecatalog-appregistry-fips.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-2",
-				}: endpoint{
-					Hostname: "servicecatalog-appregistry-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "me-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "servicecatalog-appregistry-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "servicecatalog-appregistry-fips.us-east-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "servicecatalog-appregistry-fips.us-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "servicecatalog-appregistry-fips.us-west-2.amazonaws.com",
-				},
-			},
-		},
-		"servicediscovery": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "af-south-1",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "servicediscovery.af-south-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ap-east-1",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "servicediscovery.ap-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ap-northeast-1",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "servicediscovery.ap-northeast-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ap-northeast-2",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "servicediscovery.ap-northeast-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ap-northeast-3",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "servicediscovery.ap-northeast-3.amazonaws.com",
-				},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ap-south-1",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "servicediscovery.ap-south-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "ap-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ap-south-2",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "servicediscovery.ap-south-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ap-southeast-1",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "servicediscovery.ap-southeast-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ap-southeast-2",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "servicediscovery.ap-southeast-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "ap-southeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ap-southeast-3",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "servicediscovery.ap-southeast-3.amazonaws.com",
-				},
-				endpointKey{
-					Region: "ap-southeast-4",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ap-southeast-4",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "servicediscovery.ap-southeast-4.amazonaws.com",
-				},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ca-central-1",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "servicediscovery.ca-central-1.amazonaws.com",
-				},
-				endpointKey{
-					Region:  "ca-central-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "servicediscovery-fips.ca-central-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "ca-central-1-fips",
-				}: endpoint{
-					Hostname: "servicediscovery-fips.ca-central-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ca-central-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "eu-central-1",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "servicediscovery.eu-central-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "eu-central-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "eu-central-2",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "servicediscovery.eu-central-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "eu-north-1",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "servicediscovery.eu-north-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "eu-south-1",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "servicediscovery.eu-south-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "eu-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "eu-south-2",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "servicediscovery.eu-south-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "eu-west-1",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "servicediscovery.eu-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "eu-west-2",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "servicediscovery.eu-west-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region:  "eu-west-3",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "servicediscovery.eu-west-3.amazonaws.com",
-				},
-				endpointKey{
-					Region: "me-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "me-central-1",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "servicediscovery.me-central-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "me-south-1",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "servicediscovery.me-south-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "sa-east-1",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "servicediscovery.sa-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "servicediscovery",
-				}: endpoint{
-					CredentialScope: credentialScope{
-						Region: "ca-central-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region:  "servicediscovery",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "servicediscovery-fips.ca-central-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ca-central-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "servicediscovery-fips",
-				}: endpoint{
-					Hostname: "servicediscovery-fips.ca-central-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ca-central-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "servicediscovery.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "servicediscovery-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-1-fips",
-				}: endpoint{
-					Hostname: "servicediscovery-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "servicediscovery.us-east-2.amazonaws.com",
-				},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "servicediscovery-fips.us-east-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-2-fips",
-				}: endpoint{
-					Hostname: "servicediscovery-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-1",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "servicediscovery.us-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region:  "us-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "servicediscovery-fips.us-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-1-fips",
-				}: endpoint{
-					Hostname: "servicediscovery-fips.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "servicediscovery.us-west-2.amazonaws.com",
-				},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "servicediscovery-fips.us-west-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2-fips",
-				}: endpoint{
-					Hostname: "servicediscovery-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-			},
-		},
-		"servicequotas": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{
-					Protocols: []string{"https"},
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-4",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-			},
-		},
-		"session.qldb": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "fips-us-east-1",
-				}: endpoint{
-					Hostname: "session.qldb-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-2",
-				}: endpoint{
-					Hostname: "session.qldb-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-2",
-				}: endpoint{
-					Hostname: "session.qldb-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "session.qldb-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "session.qldb-fips.us-east-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "session.qldb-fips.us-west-2.amazonaws.com",
-				},
-			},
-		},
-		"shield": service{
-			PartitionEndpoint: "aws-global",
-			IsRegionalized:    boxedFalse,
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{
-					SSLCommonName: "shield.us-east-1.amazonaws.com",
-					Protocols:     []string{"https"},
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "aws-global",
-				}: endpoint{
-					Hostname: "shield.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-				},
-				endpointKey{
-					Region:  "aws-global",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "shield-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-				},
-				endpointKey{
-					Region: "fips-aws-global",
-				}: endpoint{
-					Hostname: "shield-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-			},
-		},
-		"signer": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "fips-us-east-1",
-				}: endpoint{
-					Hostname: "signer-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-2",
-				}: endpoint{
-					Hostname: "signer-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-1",
-				}: endpoint{
-					Hostname: "signer-fips.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-2",
-				}: endpoint{
-					Hostname: "signer-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "signer-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "signer-fips.us-east-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "signer-fips.us-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "signer-fips.us-west-2.amazonaws.com",
-				},
-			},
-		},
-		"simspaceweaver": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-			},
-		},
-		"sms": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "fips-us-east-1",
-				}: endpoint{
-					Hostname: "sms-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-2",
-				}: endpoint{
-					Hostname: "sms-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-1",
-				}: endpoint{
-					Hostname: "sms-fips.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-2",
-				}: endpoint{
-					Hostname: "sms-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "sms-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "sms-fips.us-east-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "sms-fips.us-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "sms-fips.us-west-2.amazonaws.com",
-				},
-			},
-		},
-		"sms-voice": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ca-central-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "sms-voice-fips.ca-central-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "fips-ca-central-1",
-				}: endpoint{
-					Hostname: "sms-voice-fips.ca-central-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ca-central-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-1",
-				}: endpoint{
-					Hostname: "sms-voice-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-2",
-				}: endpoint{
-					Hostname: "sms-voice-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "sms-voice-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "sms-voice-fips.us-west-2.amazonaws.com",
-				},
-			},
-		},
-		"snowball": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ap-northeast-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "snowball-fips.ap-northeast-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ap-northeast-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "snowball-fips.ap-northeast-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ap-northeast-3",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "snowball-fips.ap-northeast-3.amazonaws.com",
-				},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ap-south-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "snowball-fips.ap-south-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ap-southeast-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "snowball-fips.ap-southeast-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ap-southeast-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "snowball-fips.ap-southeast-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "ap-southeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ca-central-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "snowball-fips.ca-central-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "eu-central-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "snowball-fips.eu-central-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "eu-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "snowball-fips.eu-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "eu-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "snowball-fips.eu-west-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region:  "eu-west-3",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "snowball-fips.eu-west-3.amazonaws.com",
-				},
-				endpointKey{
-					Region: "fips-ap-northeast-1",
-				}: endpoint{
-					Hostname: "snowball-fips.ap-northeast-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-northeast-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-ap-northeast-2",
-				}: endpoint{
-					Hostname: "snowball-fips.ap-northeast-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-northeast-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-ap-northeast-3",
-				}: endpoint{
-					Hostname: "snowball-fips.ap-northeast-3.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-northeast-3",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-ap-south-1",
-				}: endpoint{
-					Hostname: "snowball-fips.ap-south-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-south-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-ap-southeast-1",
-				}: endpoint{
-					Hostname: "snowball-fips.ap-southeast-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-southeast-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-ap-southeast-2",
-				}: endpoint{
-					Hostname: "snowball-fips.ap-southeast-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-southeast-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-ca-central-1",
-				}: endpoint{
-					Hostname: "snowball-fips.ca-central-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ca-central-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-eu-central-1",
-				}: endpoint{
-					Hostname: "snowball-fips.eu-central-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-central-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-eu-west-1",
-				}: endpoint{
-					Hostname: "snowball-fips.eu-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-eu-west-2",
-				}: endpoint{
-					Hostname: "snowball-fips.eu-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-eu-west-3",
-				}: endpoint{
-					Hostname: "snowball-fips.eu-west-3.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-west-3",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-sa-east-1",
-				}: endpoint{
-					Hostname: "snowball-fips.sa-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "sa-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-1",
-				}: endpoint{
-					Hostname: "snowball-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-2",
-				}: endpoint{
-					Hostname: "snowball-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-1",
-				}: endpoint{
-					Hostname: "snowball-fips.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-2",
-				}: endpoint{
-					Hostname: "snowball-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "me-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "sa-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "snowball-fips.sa-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "snowball-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "snowball-fips.us-east-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "snowball-fips.us-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "snowball-fips.us-west-2.amazonaws.com",
-				},
-			},
-		},
-		"sns": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{
-					Protocols: []string{"http", "https"},
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-4",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "fips-us-east-1",
-				}: endpoint{
-					Hostname: "sns-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-2",
-				}: endpoint{
-					Hostname: "sns-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-1",
-				}: endpoint{
-					Hostname: "sns-fips.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-2",
-				}: endpoint{
-					Hostname: "sns-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "me-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "sns-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "sns-fips.us-east-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "sns-fips.us-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "sns-fips.us-west-2.amazonaws.com",
-				},
-			},
-		},
-		"sqs": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{
-					SSLCommonName: "{region}.queue.{dnsSuffix}",
-					Protocols:     []string{"http", "https"},
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-4",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "fips-us-east-1",
-				}: endpoint{
-					Hostname: "sqs-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-2",
-				}: endpoint{
-					Hostname: "sqs-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-1",
-				}: endpoint{
-					Hostname: "sqs-fips.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-2",
-				}: endpoint{
-					Hostname: "sqs-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "me-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{
-					SSLCommonName: "queue.{dnsSuffix}",
-				},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname:      "sqs-fips.us-east-1.amazonaws.com",
-					SSLCommonName: "queue.{dnsSuffix}",
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "sqs-fips.us-east-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "sqs-fips.us-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "sqs-fips.us-west-2.amazonaws.com",
-				},
-			},
-		},
-		"ssm": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-4",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ca-central-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "ssm-fips.ca-central-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "fips-ca-central-1",
-				}: endpoint{
-					Hostname: "ssm-fips.ca-central-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ca-central-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-1",
-				}: endpoint{
-					Hostname: "ssm-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-2",
-				}: endpoint{
-					Hostname: "ssm-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-1",
-				}: endpoint{
-					Hostname: "ssm-fips.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-2",
-				}: endpoint{
-					Hostname: "ssm-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "me-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "ssm-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "ssm-fips.us-east-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "ssm-fips.us-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "ssm-fips.us-west-2.amazonaws.com",
-				},
-			},
-		},
-		"ssm-incidents": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-			},
-		},
-		"ssm-sap": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ca-central-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "ssm-sap-fips.ca-central-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "fips-ca-central-1",
-				}: endpoint{
-					Hostname: "ssm-sap-fips.ca-central-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ca-central-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-1",
-				}: endpoint{
-					Hostname: "ssm-sap-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-2",
-				}: endpoint{
-					Hostname: "ssm-sap-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-1",
-				}: endpoint{
-					Hostname: "ssm-sap-fips.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-2",
-				}: endpoint{
-					Hostname: "ssm-sap-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "ssm-sap-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "ssm-sap-fips.us-east-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "ssm-sap-fips.us-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "ssm-sap-fips.us-west-2.amazonaws.com",
-				},
-			},
-		},
-		"sso": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-			},
-		},
-		"states": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-4",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "fips-us-east-1",
-				}: endpoint{
-					Hostname: "states-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-2",
-				}: endpoint{
-					Hostname: "states-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-1",
-				}: endpoint{
-					Hostname: "states-fips.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-2",
-				}: endpoint{
-					Hostname: "states-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "me-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "states-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "states-fips.us-east-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "states-fips.us-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "states-fips.us-west-2.amazonaws.com",
-				},
-			},
-		},
-		"storagegateway": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-4",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ca-central-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "storagegateway-fips.ca-central-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "ca-central-1-fips",
-				}: endpoint{
-					Hostname: "storagegateway-fips.ca-central-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ca-central-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "fips",
-				}: endpoint{
-					Hostname: "storagegateway-fips.ca-central-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ca-central-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "me-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "storagegateway-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-1-fips",
-				}: endpoint{
-					Hostname: "storagegateway-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "storagegateway-fips.us-east-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-2-fips",
-				}: endpoint{
-					Hostname: "storagegateway-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "storagegateway-fips.us-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-1-fips",
-				}: endpoint{
-					Hostname: "storagegateway-fips.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "storagegateway-fips.us-west-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2-fips",
-				}: endpoint{
-					Hostname: "storagegateway-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-			},
-		},
-		"streams.dynamodb": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{
-					Protocols: []string{"http", "https"},
-					CredentialScope: credentialScope{
-						Service: "dynamodb",
-					},
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-4",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "local",
-				}: endpoint{
-					Hostname:  "localhost:8000",
-					Protocols: []string{"http"},
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-				},
-				endpointKey{
-					Region: "me-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-			},
-		},
-		"sts": service{
-			PartitionEndpoint: "aws-global",
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-4",
-				}: endpoint{},
-				endpointKey{
-					Region: "aws-global",
-				}: endpoint{
-					Hostname: "sts.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-				},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "sts-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-1-fips",
-				}: endpoint{
-					Hostname: "sts-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "sts-fips.us-east-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-2-fips",
-				}: endpoint{
-					Hostname: "sts-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "sts-fips.us-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-1-fips",
-				}: endpoint{
-					Hostname: "sts-fips.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "sts-fips.us-west-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2-fips",
-				}: endpoint{
-					Hostname: "sts-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-			},
-		},
-		"support": service{
-			PartitionEndpoint: "aws-global",
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "aws-global",
-				}: endpoint{
-					Hostname: "support.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-				},
-			},
-		},
-		"supportapp": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-			},
-		},
-		"swf": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-4",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "fips-us-east-1",
-				}: endpoint{
-					Hostname: "swf-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-2",
-				}: endpoint{
-					Hostname: "swf-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-1",
-				}: endpoint{
-					Hostname: "swf-fips.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-2",
-				}: endpoint{
-					Hostname: "swf-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "me-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "swf-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "swf-fips.us-east-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "swf-fips.us-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "swf-fips.us-west-2.amazonaws.com",
-				},
-			},
-		},
-		"synthetics": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-4",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "fips-us-east-1",
-				}: endpoint{
-					Hostname: "synthetics-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-2",
-				}: endpoint{
-					Hostname: "synthetics-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-1",
-				}: endpoint{
-					Hostname: "synthetics-fips.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-2",
-				}: endpoint{
-					Hostname: "synthetics-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "me-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "synthetics-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "synthetics-fips.us-east-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "synthetics-fips.us-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "synthetics-fips.us-west-2.amazonaws.com",
-				},
-			},
-		},
-		"tagging": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-4",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-			},
-		},
-		"textract": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ca-central-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "textract-fips.ca-central-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "fips-ca-central-1",
-				}: endpoint{
-					Hostname: "textract-fips.ca-central-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ca-central-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-1",
-				}: endpoint{
-					Hostname: "textract-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-2",
-				}: endpoint{
-					Hostname: "textract-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-1",
-				}: endpoint{
-					Hostname: "textract-fips.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-2",
-				}: endpoint{
-					Hostname: "textract-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "textract-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "textract-fips.us-east-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "textract-fips.us-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "textract-fips.us-west-2.amazonaws.com",
-				},
-			},
-		},
-		"transcribe": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{
-					Protocols: []string{"https"},
-				},
-				defaultKey{
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname:  "fips.transcribe.{region}.{dnsSuffix}",
-					Protocols: []string{"https"},
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ca-central-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "fips.transcribe.ca-central-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "fips-ca-central-1",
-				}: endpoint{
-					Hostname: "fips.transcribe.ca-central-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ca-central-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-1",
-				}: endpoint{
-					Hostname: "fips.transcribe.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-2",
-				}: endpoint{
-					Hostname: "fips.transcribe.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-1",
-				}: endpoint{
-					Hostname: "fips.transcribe.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-2",
-				}: endpoint{
-					Hostname: "fips.transcribe.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "fips.transcribe.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "fips.transcribe.us-east-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "fips.transcribe.us-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "fips.transcribe.us-west-2.amazonaws.com",
-				},
-			},
-		},
-		"transcribestreaming": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "transcribestreaming-ca-central-1",
-				}: endpoint{
-					CredentialScope: credentialScope{
-						Region: "ca-central-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region:  "transcribestreaming-ca-central-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "transcribestreaming-fips.ca-central-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ca-central-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "transcribestreaming-fips-ca-central-1",
-				}: endpoint{
-					Hostname: "transcribestreaming-fips.ca-central-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ca-central-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "transcribestreaming-fips-us-east-1",
-				}: endpoint{
-					Hostname: "transcribestreaming-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "transcribestreaming-fips-us-east-2",
-				}: endpoint{
-					Hostname: "transcribestreaming-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "transcribestreaming-fips-us-west-2",
-				}: endpoint{
-					Hostname: "transcribestreaming-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "transcribestreaming-us-east-1",
-				}: endpoint{
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region:  "transcribestreaming-us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "transcribestreaming-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "transcribestreaming-us-east-2",
-				}: endpoint{
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region:  "transcribestreaming-us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "transcribestreaming-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "transcribestreaming-us-west-2",
-				}: endpoint{
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region:  "transcribestreaming-us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "transcribestreaming-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-			},
-		},
-		"transfer": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ca-central-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "transfer-fips.ca-central-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "fips-ca-central-1",
-				}: endpoint{
-					Hostname: "transfer-fips.ca-central-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ca-central-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-1",
-				}: endpoint{
-					Hostname: "transfer-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-2",
-				}: endpoint{
-					Hostname: "transfer-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-1",
-				}: endpoint{
-					Hostname: "transfer-fips.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-2",
-				}: endpoint{
-					Hostname: "transfer-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "me-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "transfer-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "transfer-fips.us-east-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "transfer-fips.us-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "transfer-fips.us-west-2.amazonaws.com",
-				},
-			},
-		},
-		"translate": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{
-					Protocols: []string{"https"},
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "translate-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-1-fips",
-				}: endpoint{
-					Hostname: "translate-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "translate-fips.us-east-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-2-fips",
-				}: endpoint{
-					Hostname: "translate-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "translate-fips.us-west-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2-fips",
-				}: endpoint{
-					Hostname: "translate-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-			},
-		},
-		"verifiedpermissions": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-4",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-			},
-		},
-		"voice-chime": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ca-central-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "voice-chime-fips.ca-central-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "ca-central-1-fips",
-				}: endpoint{
-					Hostname: "voice-chime-fips.ca-central-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ca-central-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "voice-chime-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-1-fips",
-				}: endpoint{
-					Hostname: "voice-chime-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "voice-chime-fips.us-west-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2-fips",
-				}: endpoint{
-					Hostname: "voice-chime-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-			},
-		},
-		"voiceid": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "ca-central-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "voiceid-fips.ca-central-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "fips-ca-central-1",
-				}: endpoint{
-					Hostname: "voiceid-fips.ca-central-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ca-central-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-1",
-				}: endpoint{
-					Hostname: "voiceid-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-2",
-				}: endpoint{
-					Hostname: "voiceid-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "voiceid-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "voiceid-fips.us-west-2.amazonaws.com",
-				},
-			},
-		},
-		"vpc-lattice": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-			},
-		},
-		"waf": service{
-			PartitionEndpoint: "aws-global",
-			IsRegionalized:    boxedFalse,
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "aws",
-				}: endpoint{
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region:  "aws",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "waf-fips.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "aws-fips",
-				}: endpoint{
-					Hostname: "waf-fips.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "aws-global",
-				}: endpoint{
-					Hostname: "waf.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-				},
-				endpointKey{
-					Region:  "aws-global",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "waf-fips.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-				},
-				endpointKey{
-					Region: "aws-global-fips",
-				}: endpoint{
-					Hostname: "waf-fips.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-			},
-		},
-		"waf-regional": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{
-					Hostname: "waf-regional.af-south-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "af-south-1",
-					},
-				},
-				endpointKey{
-					Region:  "af-south-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "waf-regional-fips.af-south-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "af-south-1",
-					},
-				},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{
-					Hostname: "waf-regional.ap-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-east-1",
-					},
-				},
-				endpointKey{
-					Region:  "ap-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "waf-regional-fips.ap-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-east-1",
-					},
-				},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{
-					Hostname: "waf-regional.ap-northeast-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-northeast-1",
-					},
-				},
-				endpointKey{
-					Region:  "ap-northeast-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "waf-regional-fips.ap-northeast-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-northeast-1",
-					},
-				},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{
-					Hostname: "waf-regional.ap-northeast-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-northeast-2",
-					},
-				},
-				endpointKey{
-					Region:  "ap-northeast-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "waf-regional-fips.ap-northeast-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-northeast-2",
-					},
-				},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{
-					Hostname: "waf-regional.ap-northeast-3.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-northeast-3",
-					},
-				},
-				endpointKey{
-					Region:  "ap-northeast-3",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "waf-regional-fips.ap-northeast-3.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-northeast-3",
-					},
-				},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{
-					Hostname: "waf-regional.ap-south-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-south-1",
-					},
-				},
-				endpointKey{
-					Region:  "ap-south-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "waf-regional-fips.ap-south-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-south-1",
-					},
-				},
-				endpointKey{
-					Region: "ap-south-2",
-				}: endpoint{
-					Hostname: "waf-regional.ap-south-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-south-2",
-					},
-				},
-				endpointKey{
-					Region:  "ap-south-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "waf-regional-fips.ap-south-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-south-2",
-					},
-				},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{
-					Hostname: "waf-regional.ap-southeast-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-southeast-1",
-					},
-				},
-				endpointKey{
-					Region:  "ap-southeast-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "waf-regional-fips.ap-southeast-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-southeast-1",
-					},
-				},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{
-					Hostname: "waf-regional.ap-southeast-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-southeast-2",
-					},
-				},
-				endpointKey{
-					Region:  "ap-southeast-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "waf-regional-fips.ap-southeast-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-southeast-2",
-					},
-				},
-				endpointKey{
-					Region: "ap-southeast-3",
-				}: endpoint{
-					Hostname: "waf-regional.ap-southeast-3.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-southeast-3",
-					},
-				},
-				endpointKey{
-					Region:  "ap-southeast-3",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "waf-regional-fips.ap-southeast-3.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-southeast-3",
-					},
-				},
-				endpointKey{
-					Region: "ap-southeast-4",
-				}: endpoint{
-					Hostname: "waf-regional.ap-southeast-4.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-southeast-4",
-					},
-				},
-				endpointKey{
-					Region:  "ap-southeast-4",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "waf-regional-fips.ap-southeast-4.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-southeast-4",
-					},
-				},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{
-					Hostname: "waf-regional.ca-central-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ca-central-1",
-					},
-				},
-				endpointKey{
-					Region:  "ca-central-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "waf-regional-fips.ca-central-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ca-central-1",
-					},
-				},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{
-					Hostname: "waf-regional.eu-central-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-central-1",
-					},
-				},
-				endpointKey{
-					Region:  "eu-central-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "waf-regional-fips.eu-central-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-central-1",
-					},
-				},
-				endpointKey{
-					Region: "eu-central-2",
-				}: endpoint{
-					Hostname: "waf-regional.eu-central-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-central-2",
-					},
-				},
-				endpointKey{
-					Region:  "eu-central-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "waf-regional-fips.eu-central-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-central-2",
-					},
-				},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{
-					Hostname: "waf-regional.eu-north-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-north-1",
-					},
-				},
-				endpointKey{
-					Region:  "eu-north-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "waf-regional-fips.eu-north-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-north-1",
-					},
-				},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{
-					Hostname: "waf-regional.eu-south-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-south-1",
-					},
-				},
-				endpointKey{
-					Region:  "eu-south-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "waf-regional-fips.eu-south-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-south-1",
-					},
-				},
-				endpointKey{
-					Region: "eu-south-2",
-				}: endpoint{
-					Hostname: "waf-regional.eu-south-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-south-2",
-					},
-				},
-				endpointKey{
-					Region:  "eu-south-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "waf-regional-fips.eu-south-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-south-2",
-					},
-				},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{
-					Hostname: "waf-regional.eu-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-west-1",
-					},
-				},
-				endpointKey{
-					Region:  "eu-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "waf-regional-fips.eu-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-west-1",
-					},
-				},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{
-					Hostname: "waf-regional.eu-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-west-2",
-					},
-				},
-				endpointKey{
-					Region:  "eu-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "waf-regional-fips.eu-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-west-2",
-					},
-				},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{
-					Hostname: "waf-regional.eu-west-3.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-west-3",
-					},
-				},
-				endpointKey{
-					Region:  "eu-west-3",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "waf-regional-fips.eu-west-3.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-west-3",
-					},
-				},
-				endpointKey{
-					Region: "fips-af-south-1",
-				}: endpoint{
-					Hostname: "waf-regional-fips.af-south-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "af-south-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-ap-east-1",
-				}: endpoint{
-					Hostname: "waf-regional-fips.ap-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-ap-northeast-1",
-				}: endpoint{
-					Hostname: "waf-regional-fips.ap-northeast-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-northeast-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-ap-northeast-2",
-				}: endpoint{
-					Hostname: "waf-regional-fips.ap-northeast-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-northeast-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-ap-northeast-3",
-				}: endpoint{
-					Hostname: "waf-regional-fips.ap-northeast-3.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-northeast-3",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-ap-south-1",
-				}: endpoint{
-					Hostname: "waf-regional-fips.ap-south-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-south-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-ap-south-2",
-				}: endpoint{
-					Hostname: "waf-regional-fips.ap-south-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-south-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-ap-southeast-1",
-				}: endpoint{
-					Hostname: "waf-regional-fips.ap-southeast-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-southeast-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-ap-southeast-2",
-				}: endpoint{
-					Hostname: "waf-regional-fips.ap-southeast-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-southeast-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-ap-southeast-3",
-				}: endpoint{
-					Hostname: "waf-regional-fips.ap-southeast-3.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-southeast-3",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-ap-southeast-4",
-				}: endpoint{
-					Hostname: "waf-regional-fips.ap-southeast-4.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-southeast-4",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-ca-central-1",
-				}: endpoint{
-					Hostname: "waf-regional-fips.ca-central-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ca-central-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-eu-central-1",
-				}: endpoint{
-					Hostname: "waf-regional-fips.eu-central-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-central-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-eu-central-2",
-				}: endpoint{
-					Hostname: "waf-regional-fips.eu-central-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-central-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-eu-north-1",
-				}: endpoint{
-					Hostname: "waf-regional-fips.eu-north-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-north-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-eu-south-1",
-				}: endpoint{
-					Hostname: "waf-regional-fips.eu-south-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-south-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-eu-south-2",
-				}: endpoint{
-					Hostname: "waf-regional-fips.eu-south-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-south-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-eu-west-1",
-				}: endpoint{
-					Hostname: "waf-regional-fips.eu-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-eu-west-2",
-				}: endpoint{
-					Hostname: "waf-regional-fips.eu-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-eu-west-3",
-				}: endpoint{
-					Hostname: "waf-regional-fips.eu-west-3.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-west-3",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-il-central-1",
-				}: endpoint{
-					Hostname: "waf-regional-fips.il-central-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "il-central-1",
-					},
-				},
-				endpointKey{
-					Region: "fips-me-central-1",
-				}: endpoint{
-					Hostname: "waf-regional-fips.me-central-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "me-central-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-me-south-1",
-				}: endpoint{
-					Hostname: "waf-regional-fips.me-south-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "me-south-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-sa-east-1",
-				}: endpoint{
-					Hostname: "waf-regional-fips.sa-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "sa-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-1",
-				}: endpoint{
-					Hostname: "waf-regional-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-2",
-				}: endpoint{
-					Hostname: "waf-regional-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-1",
-				}: endpoint{
-					Hostname: "waf-regional-fips.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-2",
-				}: endpoint{
-					Hostname: "waf-regional-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "me-central-1",
-				}: endpoint{
-					Hostname: "waf-regional.me-central-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "me-central-1",
-					},
-				},
-				endpointKey{
-					Region:  "me-central-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "waf-regional-fips.me-central-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "me-central-1",
-					},
-				},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{
-					Hostname: "waf-regional.me-south-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "me-south-1",
-					},
-				},
-				endpointKey{
-					Region:  "me-south-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "waf-regional-fips.me-south-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "me-south-1",
-					},
-				},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{
-					Hostname: "waf-regional.sa-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "sa-east-1",
-					},
-				},
-				endpointKey{
-					Region:  "sa-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "waf-regional-fips.sa-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "sa-east-1",
-					},
-				},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{
-					Hostname: "waf-regional.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-				},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "waf-regional-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{
-					Hostname: "waf-regional.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-				},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "waf-regional-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-				},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{
-					Hostname: "waf-regional.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-				},
-				endpointKey{
-					Region:  "us-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "waf-regional-fips.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{
-					Hostname: "waf-regional.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-				},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "waf-regional-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-				},
-			},
-		},
-		"wafv2": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{
-					Hostname: "wafv2.af-south-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "af-south-1",
-					},
-				},
-				endpointKey{
-					Region:  "af-south-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "wafv2-fips.af-south-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "af-south-1",
-					},
-				},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{
-					Hostname: "wafv2.ap-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-east-1",
-					},
-				},
-				endpointKey{
-					Region:  "ap-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "wafv2-fips.ap-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-east-1",
-					},
-				},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{
-					Hostname: "wafv2.ap-northeast-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-northeast-1",
-					},
-				},
-				endpointKey{
-					Region:  "ap-northeast-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "wafv2-fips.ap-northeast-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-northeast-1",
-					},
-				},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{
-					Hostname: "wafv2.ap-northeast-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-northeast-2",
-					},
-				},
-				endpointKey{
-					Region:  "ap-northeast-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "wafv2-fips.ap-northeast-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-northeast-2",
-					},
-				},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{
-					Hostname: "wafv2.ap-northeast-3.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-northeast-3",
-					},
-				},
-				endpointKey{
-					Region:  "ap-northeast-3",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "wafv2-fips.ap-northeast-3.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-northeast-3",
-					},
-				},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{
-					Hostname: "wafv2.ap-south-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-south-1",
-					},
-				},
-				endpointKey{
-					Region:  "ap-south-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "wafv2-fips.ap-south-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-south-1",
-					},
-				},
-				endpointKey{
-					Region: "ap-south-2",
-				}: endpoint{
-					Hostname: "wafv2.ap-south-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-south-2",
-					},
-				},
-				endpointKey{
-					Region:  "ap-south-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "wafv2-fips.ap-south-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-south-2",
-					},
-				},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{
-					Hostname: "wafv2.ap-southeast-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-southeast-1",
-					},
-				},
-				endpointKey{
-					Region:  "ap-southeast-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "wafv2-fips.ap-southeast-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-southeast-1",
-					},
-				},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{
-					Hostname: "wafv2.ap-southeast-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-southeast-2",
-					},
-				},
-				endpointKey{
-					Region:  "ap-southeast-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "wafv2-fips.ap-southeast-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-southeast-2",
-					},
-				},
-				endpointKey{
-					Region: "ap-southeast-3",
-				}: endpoint{
-					Hostname: "wafv2.ap-southeast-3.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-southeast-3",
-					},
-				},
-				endpointKey{
-					Region:  "ap-southeast-3",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "wafv2-fips.ap-southeast-3.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-southeast-3",
-					},
-				},
-				endpointKey{
-					Region: "ap-southeast-4",
-				}: endpoint{
-					Hostname: "wafv2.ap-southeast-4.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-southeast-4",
-					},
-				},
-				endpointKey{
-					Region:  "ap-southeast-4",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "wafv2-fips.ap-southeast-4.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-southeast-4",
-					},
-				},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{
-					Hostname: "wafv2.ca-central-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ca-central-1",
-					},
-				},
-				endpointKey{
-					Region:  "ca-central-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "wafv2-fips.ca-central-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ca-central-1",
-					},
-				},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{
-					Hostname: "wafv2.eu-central-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-central-1",
-					},
-				},
-				endpointKey{
-					Region:  "eu-central-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "wafv2-fips.eu-central-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-central-1",
-					},
-				},
-				endpointKey{
-					Region: "eu-central-2",
-				}: endpoint{
-					Hostname: "wafv2.eu-central-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-central-2",
-					},
-				},
-				endpointKey{
-					Region:  "eu-central-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "wafv2-fips.eu-central-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-central-2",
-					},
-				},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{
-					Hostname: "wafv2.eu-north-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-north-1",
-					},
-				},
-				endpointKey{
-					Region:  "eu-north-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "wafv2-fips.eu-north-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-north-1",
-					},
-				},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{
-					Hostname: "wafv2.eu-south-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-south-1",
-					},
-				},
-				endpointKey{
-					Region:  "eu-south-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "wafv2-fips.eu-south-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-south-1",
-					},
-				},
-				endpointKey{
-					Region: "eu-south-2",
-				}: endpoint{
-					Hostname: "wafv2.eu-south-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-south-2",
-					},
-				},
-				endpointKey{
-					Region:  "eu-south-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "wafv2-fips.eu-south-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-south-2",
-					},
-				},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{
-					Hostname: "wafv2.eu-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-west-1",
-					},
-				},
-				endpointKey{
-					Region:  "eu-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "wafv2-fips.eu-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-west-1",
-					},
-				},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{
-					Hostname: "wafv2.eu-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-west-2",
-					},
-				},
-				endpointKey{
-					Region:  "eu-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "wafv2-fips.eu-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-west-2",
-					},
-				},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{
-					Hostname: "wafv2.eu-west-3.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-west-3",
-					},
-				},
-				endpointKey{
-					Region:  "eu-west-3",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "wafv2-fips.eu-west-3.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-west-3",
-					},
-				},
-				endpointKey{
-					Region: "fips-af-south-1",
-				}: endpoint{
-					Hostname: "wafv2-fips.af-south-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "af-south-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-ap-east-1",
-				}: endpoint{
-					Hostname: "wafv2-fips.ap-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-ap-northeast-1",
-				}: endpoint{
-					Hostname: "wafv2-fips.ap-northeast-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-northeast-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-ap-northeast-2",
-				}: endpoint{
-					Hostname: "wafv2-fips.ap-northeast-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-northeast-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-ap-northeast-3",
-				}: endpoint{
-					Hostname: "wafv2-fips.ap-northeast-3.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-northeast-3",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-ap-south-1",
-				}: endpoint{
-					Hostname: "wafv2-fips.ap-south-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-south-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-ap-south-2",
-				}: endpoint{
-					Hostname: "wafv2-fips.ap-south-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-south-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-ap-southeast-1",
-				}: endpoint{
-					Hostname: "wafv2-fips.ap-southeast-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-southeast-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-ap-southeast-2",
-				}: endpoint{
-					Hostname: "wafv2-fips.ap-southeast-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-southeast-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-ap-southeast-3",
-				}: endpoint{
-					Hostname: "wafv2-fips.ap-southeast-3.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-southeast-3",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-ap-southeast-4",
-				}: endpoint{
-					Hostname: "wafv2-fips.ap-southeast-4.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ap-southeast-4",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-ca-central-1",
-				}: endpoint{
-					Hostname: "wafv2-fips.ca-central-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "ca-central-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-eu-central-1",
-				}: endpoint{
-					Hostname: "wafv2-fips.eu-central-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-central-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-eu-central-2",
-				}: endpoint{
-					Hostname: "wafv2-fips.eu-central-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-central-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-eu-north-1",
-				}: endpoint{
-					Hostname: "wafv2-fips.eu-north-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-north-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-eu-south-1",
-				}: endpoint{
-					Hostname: "wafv2-fips.eu-south-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-south-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-eu-south-2",
-				}: endpoint{
-					Hostname: "wafv2-fips.eu-south-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-south-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-eu-west-1",
-				}: endpoint{
-					Hostname: "wafv2-fips.eu-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-eu-west-2",
-				}: endpoint{
-					Hostname: "wafv2-fips.eu-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-eu-west-3",
-				}: endpoint{
-					Hostname: "wafv2-fips.eu-west-3.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "eu-west-3",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-il-central-1",
-				}: endpoint{
-					Hostname: "wafv2-fips.il-central-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "il-central-1",
-					},
-				},
-				endpointKey{
-					Region: "fips-me-central-1",
-				}: endpoint{
-					Hostname: "wafv2-fips.me-central-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "me-central-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-me-south-1",
-				}: endpoint{
-					Hostname: "wafv2-fips.me-south-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "me-south-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-sa-east-1",
-				}: endpoint{
-					Hostname: "wafv2-fips.sa-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "sa-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-1",
-				}: endpoint{
-					Hostname: "wafv2-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-2",
-				}: endpoint{
-					Hostname: "wafv2-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-1",
-				}: endpoint{
-					Hostname: "wafv2-fips.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-2",
-				}: endpoint{
-					Hostname: "wafv2-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "me-central-1",
-				}: endpoint{
-					Hostname: "wafv2.me-central-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "me-central-1",
-					},
-				},
-				endpointKey{
-					Region:  "me-central-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "wafv2-fips.me-central-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "me-central-1",
-					},
-				},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{
-					Hostname: "wafv2.me-south-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "me-south-1",
-					},
-				},
-				endpointKey{
-					Region:  "me-south-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "wafv2-fips.me-south-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "me-south-1",
-					},
-				},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{
-					Hostname: "wafv2.sa-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "sa-east-1",
-					},
-				},
-				endpointKey{
-					Region:  "sa-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "wafv2-fips.sa-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "sa-east-1",
-					},
-				},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{
-					Hostname: "wafv2.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-				},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "wafv2-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{
-					Hostname: "wafv2.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-				},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "wafv2-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-				},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{
-					Hostname: "wafv2.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-				},
-				endpointKey{
-					Region:  "us-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "wafv2-fips.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{
-					Hostname: "wafv2.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-				},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "wafv2-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-				},
-			},
-		},
-		"wellarchitected": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-			},
-		},
-		"wisdom": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "fips-us-east-1",
-				}: endpoint{
-
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-2",
-				}: endpoint{
-
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "ui-ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ui-ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ui-eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ui-eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ui-us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ui-us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{},
-			},
-		},
-		"workdocs": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "fips-us-east-1",
-				}: endpoint{
-					Hostname: "workdocs-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-2",
-				}: endpoint{
-					Hostname: "workdocs-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "workdocs-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "workdocs-fips.us-west-2.amazonaws.com",
-				},
-			},
-		},
-		"workmail": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{
-					Protocols: []string{"https"},
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-			},
-		},
-		"workspaces": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "fips-us-east-1",
-				}: endpoint{
-					Hostname: "workspaces-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-2",
-				}: endpoint{
-					Hostname: "workspaces-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "workspaces-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "workspaces-fips.us-west-2.amazonaws.com",
-				},
-			},
-		},
-		"workspaces-web": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-			},
-		},
-		"xray": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-4",
-				}: endpoint{},
-				endpointKey{
-					Region: "ca-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-south-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-3",
-				}: endpoint{},
-				endpointKey{
-					Region: "fips-us-east-1",
-				}: endpoint{
-					Hostname: "xray-fips.us-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-east-2",
-				}: endpoint{
-					Hostname: "xray-fips.us-east-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-east-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-1",
-				}: endpoint{
-					Hostname: "xray-fips.us-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-west-2",
-				}: endpoint{
-					Hostname: "xray-fips.us-west-2.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-west-2",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "me-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "me-south-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "sa-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "xray-fips.us-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-east-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "xray-fips.us-east-2.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "xray-fips.us-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-west-2",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "xray-fips.us-west-2.amazonaws.com",
-				},
-			},
-		},
-	},
-}
-
-// AwsCnPartition returns the Resolver for AWS China.
-func AwsCnPartition() Partition {
-	return awscnPartition.Partition()
-}
-
-var awscnPartition = partition{
-	ID:        "aws-cn",
-	Name:      "AWS China",
-	DNSSuffix: "amazonaws.com.cn",
-	RegionRegex: regionRegex{
-		Regexp: func() *regexp.Regexp {
-			reg, _ := regexp.Compile("^cn\\-\\w+\\-\\d+$")
-			return reg
-		}(),
-	},
-	Defaults: endpointDefaults{
-		defaultKey{}: endpoint{
-			Hostname:          "{service}.{region}.{dnsSuffix}",
-			Protocols:         []string{"https"},
-			SignatureVersions: []string{"v4"},
-		},
-		defaultKey{
-			Variant: dualStackVariant,
-		}: endpoint{
-			Hostname:          "{service}.{region}.{dnsSuffix}",
-			DNSSuffix:         "api.amazonwebservices.com.cn",
-			Protocols:         []string{"https"},
-			SignatureVersions: []string{"v4"},
-		},
-		defaultKey{
-			Variant: fipsVariant,
-		}: endpoint{
-			Hostname:          "{service}-fips.{region}.{dnsSuffix}",
-			DNSSuffix:         "amazonaws.com.cn",
-			Protocols:         []string{"https"},
-			SignatureVersions: []string{"v4"},
-		},
-		defaultKey{
-			Variant: fipsVariant | dualStackVariant,
-		}: endpoint{
-			Hostname:          "{service}-fips.{region}.{dnsSuffix}",
-			DNSSuffix:         "api.amazonwebservices.com.cn",
-			Protocols:         []string{"https"},
-			SignatureVersions: []string{"v4"},
-		},
-	},
-	Regions: regions{
-		"cn-north-1": region{
-			Description: "China (Beijing)",
-		},
-		"cn-northwest-1": region{
-			Description: "China (Ningxia)",
-		},
-	},
-	Services: services{
-		"access-analyzer": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "cn-northwest-1",
-				}: endpoint{},
-			},
-		},
-		"account": service{
-			PartitionEndpoint: "aws-cn-global",
-			IsRegionalized:    boxedFalse,
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "aws-cn-global",
-				}: endpoint{
-					Hostname: "account.cn-northwest-1.amazonaws.com.cn",
-					CredentialScope: credentialScope{
-						Region: "cn-northwest-1",
-					},
-				},
-			},
-		},
-		"acm": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "cn-northwest-1",
-				}: endpoint{},
-			},
-		},
-		"airflow": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "cn-northwest-1",
-				}: endpoint{},
-			},
-		},
-		"api.ecr": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{
-					Hostname: "api.ecr.cn-north-1.amazonaws.com.cn",
-					CredentialScope: credentialScope{
-						Region: "cn-north-1",
-					},
-				},
-				endpointKey{
-					Region: "cn-northwest-1",
-				}: endpoint{
-					Hostname: "api.ecr.cn-northwest-1.amazonaws.com.cn",
-					CredentialScope: credentialScope{
-						Region: "cn-northwest-1",
-					},
-				},
-			},
-		},
-		"api.sagemaker": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "cn-northwest-1",
-				}: endpoint{},
-			},
-		},
-		"api.tunneling.iot": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "cn-northwest-1",
-				}: endpoint{},
-			},
-		},
-		"apigateway": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "cn-northwest-1",
-				}: endpoint{},
-			},
-		},
-		"appconfig": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "cn-northwest-1",
-				}: endpoint{},
-			},
-		},
-		"appconfigdata": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "cn-northwest-1",
-				}: endpoint{},
-			},
-		},
-		"application-autoscaling": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{
-					Protocols: []string{"http", "https"},
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "cn-northwest-1",
-				}: endpoint{},
-			},
-		},
-		"applicationinsights": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "cn-northwest-1",
-				}: endpoint{},
-			},
-		},
-		"appmesh": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "cn-north-1",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "appmesh.cn-north-1.api.amazonwebservices.com.cn",
-				},
-				endpointKey{
-					Region: "cn-northwest-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "cn-northwest-1",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "appmesh.cn-northwest-1.api.amazonwebservices.com.cn",
-				},
-			},
-		},
-		"appsync": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "cn-northwest-1",
-				}: endpoint{},
-			},
-		},
-		"athena": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "cn-north-1",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "athena.cn-north-1.api.amazonwebservices.com.cn",
-				},
-				endpointKey{
-					Region: "cn-northwest-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "cn-northwest-1",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "athena.cn-northwest-1.api.amazonwebservices.com.cn",
-				},
-			},
-		},
-		"autoscaling": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{
-					Protocols: []string{"http", "https"},
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "cn-northwest-1",
-				}: endpoint{},
-			},
-		},
-		"autoscaling-plans": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{
-					Protocols: []string{"http", "https"},
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "cn-northwest-1",
-				}: endpoint{},
-			},
-		},
-		"backup": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "cn-northwest-1",
-				}: endpoint{},
-			},
-		},
-		"batch": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "cn-northwest-1",
-				}: endpoint{},
-			},
-		},
-		"budgets": service{
-			PartitionEndpoint: "aws-cn-global",
-			IsRegionalized:    boxedFalse,
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "aws-cn-global",
-				}: endpoint{
-					Hostname: "budgets.amazonaws.com.cn",
-					CredentialScope: credentialScope{
-						Region: "cn-northwest-1",
-					},
-				},
-			},
-		},
-		"cassandra": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "cn-northwest-1",
-				}: endpoint{},
-			},
-		},
-		"ce": service{
-			PartitionEndpoint: "aws-cn-global",
-			IsRegionalized:    boxedFalse,
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "aws-cn-global",
-				}: endpoint{
-					Hostname: "ce.cn-northwest-1.amazonaws.com.cn",
-					CredentialScope: credentialScope{
-						Region: "cn-northwest-1",
-					},
-				},
-			},
-		},
-		"cloudcontrolapi": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "cn-northwest-1",
-				}: endpoint{},
-			},
-		},
-		"cloudformation": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "cn-northwest-1",
-				}: endpoint{},
-			},
-		},
-		"cloudfront": service{
-			PartitionEndpoint: "aws-cn-global",
-			IsRegionalized:    boxedFalse,
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "aws-cn-global",
-				}: endpoint{
-					Hostname:  "cloudfront.cn-northwest-1.amazonaws.com.cn",
-					Protocols: []string{"http", "https"},
-					CredentialScope: credentialScope{
-						Region: "cn-northwest-1",
-					},
-				},
-			},
-		},
-		"cloudtrail": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "cn-northwest-1",
-				}: endpoint{},
-			},
-		},
-		"codebuild": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "cn-northwest-1",
-				}: endpoint{},
-			},
-		},
-		"codecommit": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "cn-northwest-1",
-				}: endpoint{},
-			},
-		},
-		"codedeploy": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "cn-northwest-1",
-				}: endpoint{},
-			},
-		},
-		"codepipeline": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "cn-northwest-1",
-				}: endpoint{},
-			},
-		},
-		"cognito-identity": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{},
-			},
-		},
-		"compute-optimizer": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{
-					Hostname: "compute-optimizer.cn-north-1.amazonaws.com.cn",
-					CredentialScope: credentialScope{
-						Region: "cn-north-1",
-					},
-				},
-				endpointKey{
-					Region: "cn-northwest-1",
-				}: endpoint{
-					Hostname: "compute-optimizer.cn-northwest-1.amazonaws.com.cn",
-					CredentialScope: credentialScope{
-						Region: "cn-northwest-1",
-					},
-				},
-			},
-		},
-		"config": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "cn-northwest-1",
-				}: endpoint{},
-			},
-		},
-		"cur": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-northwest-1",
-				}: endpoint{},
-			},
-		},
-		"data-ats.iot": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{
-					Protocols: []string{"https"},
-					CredentialScope: credentialScope{
-						Service: "iotdata",
-					},
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{
-					Hostname:  "data.ats.iot.cn-north-1.amazonaws.com.cn",
-					Protocols: []string{"https"},
-				},
-				endpointKey{
-					Region: "cn-northwest-1",
-				}: endpoint{},
-			},
-		},
-		"data.jobs.iot": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "cn-northwest-1",
-				}: endpoint{},
-			},
-		},
-		"databrew": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "cn-northwest-1",
-				}: endpoint{},
-			},
-		},
-		"datasync": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "cn-northwest-1",
-				}: endpoint{},
-			},
-		},
-		"dax": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "cn-northwest-1",
-				}: endpoint{},
-			},
-		},
-		"directconnect": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "cn-northwest-1",
-				}: endpoint{},
-			},
-		},
-		"dlm": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "cn-northwest-1",
-				}: endpoint{},
-			},
-		},
-		"dms": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "cn-northwest-1",
-				}: endpoint{},
-			},
-		},
-		"docdb": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-northwest-1",
-				}: endpoint{
-					Hostname: "rds.cn-northwest-1.amazonaws.com.cn",
-					CredentialScope: credentialScope{
-						Region: "cn-northwest-1",
-					},
-				},
-			},
-		},
-		"ds": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "cn-northwest-1",
-				}: endpoint{},
-			},
-		},
-		"dynamodb": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{
-					Protocols: []string{"http", "https"},
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "cn-northwest-1",
-				}: endpoint{},
-			},
-		},
-		"ebs": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "cn-northwest-1",
-				}: endpoint{},
-			},
-		},
-		"ec2": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{
-					Protocols: []string{"http", "https"},
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "cn-northwest-1",
-				}: endpoint{},
-			},
-		},
-		"ecs": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "cn-northwest-1",
-				}: endpoint{},
-			},
-		},
-		"eks": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{
-					Protocols: []string{"http", "https"},
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "cn-northwest-1",
-				}: endpoint{},
-			},
-		},
-		"elasticache": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "cn-northwest-1",
-				}: endpoint{},
-			},
-		},
-		"elasticbeanstalk": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "cn-northwest-1",
-				}: endpoint{},
-			},
-		},
-		"elasticfilesystem": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "cn-north-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "elasticfilesystem-fips.cn-north-1.amazonaws.com.cn",
-				},
-				endpointKey{
-					Region: "cn-northwest-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "cn-northwest-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "elasticfilesystem-fips.cn-northwest-1.amazonaws.com.cn",
-				},
-				endpointKey{
-					Region: "fips-cn-north-1",
-				}: endpoint{
-					Hostname: "elasticfilesystem-fips.cn-north-1.amazonaws.com.cn",
-					CredentialScope: credentialScope{
-						Region: "cn-north-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-cn-northwest-1",
-				}: endpoint{
-					Hostname: "elasticfilesystem-fips.cn-northwest-1.amazonaws.com.cn",
-					CredentialScope: credentialScope{
-						Region: "cn-northwest-1",
-					},
-					Deprecated: boxedTrue,
-				},
-			},
-		},
-		"elasticloadbalancing": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{
-					Protocols: []string{"https"},
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "cn-northwest-1",
-				}: endpoint{},
-			},
-		},
-		"elasticmapreduce": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{
-					Protocols: []string{"https"},
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "cn-northwest-1",
-				}: endpoint{},
-			},
-		},
-		"emr-containers": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "cn-northwest-1",
-				}: endpoint{},
-			},
-		},
-		"emr-serverless": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "cn-northwest-1",
-				}: endpoint{},
-			},
-		},
-		"es": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "cn-northwest-1",
-				}: endpoint{},
-			},
-		},
-		"events": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "cn-northwest-1",
-				}: endpoint{},
-			},
-		},
-		"firehose": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "cn-north-1",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "firehose.cn-north-1.api.amazonwebservices.com.cn",
-				},
-				endpointKey{
-					Region: "cn-northwest-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "cn-northwest-1",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "firehose.cn-northwest-1.api.amazonwebservices.com.cn",
-				},
-			},
-		},
-		"fms": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{
-					Protocols: []string{"https"},
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "cn-northwest-1",
-				}: endpoint{},
-			},
-		},
-		"fsx": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "cn-northwest-1",
-				}: endpoint{},
-			},
-		},
-		"gamelift": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "cn-northwest-1",
-				}: endpoint{},
-			},
-		},
-		"glacier": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{
-					Protocols: []string{"http", "https"},
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "cn-northwest-1",
-				}: endpoint{},
-			},
-		},
-		"glue": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "cn-northwest-1",
-				}: endpoint{},
-			},
-		},
-		"greengrass": service{
-			IsRegionalized: boxedTrue,
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{
-					Protocols: []string{"https"},
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{},
-			},
-		},
-		"guardduty": service{
-			IsRegionalized: boxedTrue,
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{
-					Protocols: []string{"https"},
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "cn-northwest-1",
-				}: endpoint{},
-			},
-		},
-		"health": service{
-			PartitionEndpoint: "aws-cn-global",
-			IsRegionalized:    boxedFalse,
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{
-					SSLCommonName: "health.cn-northwest-1.amazonaws.com.cn",
-					Protocols:     []string{"https"},
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "aws-cn-global",
-				}: endpoint{
-					Hostname: "global.health.amazonaws.com.cn",
-					CredentialScope: credentialScope{
-						Region: "cn-northwest-1",
-					},
-				},
-			},
-		},
-		"iam": service{
-			PartitionEndpoint: "aws-cn-global",
-			IsRegionalized:    boxedFalse,
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "aws-cn-global",
-				}: endpoint{
-					Hostname: "iam.cn-north-1.amazonaws.com.cn",
-					CredentialScope: credentialScope{
-						Region: "cn-north-1",
-					},
-				},
-			},
-		},
-		"internetmonitor": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{
-					DNSSuffix: "api.amazonwebservices.com.cn",
-				},
-				defaultKey{
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname:  "{service}-fips.{region}.{dnsSuffix}",
-					DNSSuffix: "api.amazonwebservices.com.cn",
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{
-					Hostname: "internetmonitor.cn-north-1.api.amazonwebservices.com.cn",
-				},
-				endpointKey{
-					Region: "cn-northwest-1",
-				}: endpoint{
-					Hostname: "internetmonitor.cn-northwest-1.api.amazonwebservices.com.cn",
-				},
-			},
-		},
-		"iot": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "cn-northwest-1",
-				}: endpoint{},
-			},
-		},
-		"iotanalytics": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{},
-			},
-		},
-		"iotevents": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{},
-			},
-		},
-		"ioteventsdata": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{
-					Hostname: "data.iotevents.cn-north-1.amazonaws.com.cn",
-					CredentialScope: credentialScope{
-						Region: "cn-north-1",
-					},
-				},
-			},
-		},
-		"iotsecuredtunneling": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "cn-northwest-1",
-				}: endpoint{},
-			},
-		},
-		"iotsitewise": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{},
-			},
-		},
-		"kafka": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "cn-northwest-1",
-				}: endpoint{},
-			},
-		},
-		"kendra-ranking": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{
-					DNSSuffix: "api.amazonwebservices.com.cn",
-				},
-				defaultKey{
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname:  "{service}-fips.{region}.{dnsSuffix}",
-					DNSSuffix: "api.amazonwebservices.com.cn",
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{
-					Hostname: "kendra-ranking.cn-north-1.api.amazonwebservices.com.cn",
-				},
-				endpointKey{
-					Region: "cn-northwest-1",
-				}: endpoint{
-					Hostname: "kendra-ranking.cn-northwest-1.api.amazonwebservices.com.cn",
-				},
-			},
-		},
-		"kinesis": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "cn-northwest-1",
-				}: endpoint{},
-			},
-		},
-		"kinesisanalytics": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "cn-northwest-1",
-				}: endpoint{},
-			},
-		},
-		"kinesisvideo": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{},
-			},
-		},
-		"kms": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "cn-northwest-1",
-				}: endpoint{},
-			},
-		},
-		"lakeformation": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "cn-northwest-1",
-				}: endpoint{},
-			},
-		},
-		"lambda": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "cn-north-1",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "lambda.cn-north-1.api.amazonwebservices.com.cn",
-				},
-				endpointKey{
-					Region: "cn-northwest-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "cn-northwest-1",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "lambda.cn-northwest-1.api.amazonwebservices.com.cn",
-				},
-			},
-		},
-		"license-manager": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "cn-northwest-1",
-				}: endpoint{},
-			},
-		},
-		"license-manager-linux-subscriptions": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "cn-northwest-1",
-				}: endpoint{},
-			},
-		},
-		"logs": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "cn-northwest-1",
-				}: endpoint{},
-			},
-		},
-		"mediaconvert": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-northwest-1",
-				}: endpoint{
-					Hostname: "subscribe.mediaconvert.cn-northwest-1.amazonaws.com.cn",
-					CredentialScope: credentialScope{
-						Region: "cn-northwest-1",
-					},
-				},
-			},
-		},
-		"memory-db": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "cn-northwest-1",
-				}: endpoint{},
-			},
-		},
-		"metrics.sagemaker": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "cn-northwest-1",
-				}: endpoint{},
-			},
-		},
-		"monitoring": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{
-					Protocols: []string{"http", "https"},
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "cn-northwest-1",
-				}: endpoint{},
-			},
-		},
-		"mq": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "cn-northwest-1",
-				}: endpoint{},
-			},
-		},
-		"neptune": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{
-					Hostname: "rds.cn-north-1.amazonaws.com.cn",
-					CredentialScope: credentialScope{
-						Region: "cn-north-1",
-					},
-				},
-				endpointKey{
-					Region: "cn-northwest-1",
-				}: endpoint{
-					Hostname: "rds.cn-northwest-1.amazonaws.com.cn",
-					CredentialScope: credentialScope{
-						Region: "cn-northwest-1",
-					},
-				},
-			},
-		},
-		"oam": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "cn-northwest-1",
-				}: endpoint{},
-			},
-		},
-		"organizations": service{
-			PartitionEndpoint: "aws-cn-global",
-			IsRegionalized:    boxedFalse,
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "aws-cn-global",
-				}: endpoint{
-					Hostname: "organizations.cn-northwest-1.amazonaws.com.cn",
-					CredentialScope: credentialScope{
-						Region: "cn-northwest-1",
-					},
-				},
-			},
-		},
-		"personalize": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{},
-			},
-		},
-		"pi": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "cn-northwest-1",
-				}: endpoint{},
-			},
-		},
-		"polly": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-northwest-1",
-				}: endpoint{},
-			},
-		},
-		"ram": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "cn-northwest-1",
-				}: endpoint{},
-			},
-		},
-		"rbin": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "cn-northwest-1",
-				}: endpoint{},
-			},
-		},
-		"rds": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "cn-northwest-1",
-				}: endpoint{},
-			},
-		},
-		"redshift": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "cn-northwest-1",
-				}: endpoint{},
-			},
-		},
-		"resource-explorer-2": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{
-					DNSSuffix: "api.amazonwebservices.com.cn",
-				},
-				defaultKey{
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname:  "{service}-fips.{region}.{dnsSuffix}",
-					DNSSuffix: "api.amazonwebservices.com.cn",
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{
-					Hostname: "resource-explorer-2.cn-north-1.api.amazonwebservices.com.cn",
-				},
-				endpointKey{
-					Region: "cn-northwest-1",
-				}: endpoint{
-					Hostname: "resource-explorer-2.cn-northwest-1.api.amazonwebservices.com.cn",
-				},
-			},
-		},
-		"resource-groups": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "cn-northwest-1",
-				}: endpoint{},
-			},
-		},
-		"rolesanywhere": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "cn-northwest-1",
-				}: endpoint{},
-			},
-		},
-		"route53": service{
-			PartitionEndpoint: "aws-cn-global",
-			IsRegionalized:    boxedFalse,
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "aws-cn-global",
-				}: endpoint{
-					Hostname: "route53.amazonaws.com.cn",
-					CredentialScope: credentialScope{
-						Region: "cn-northwest-1",
-					},
-				},
-			},
-		},
-		"route53resolver": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{
-					Protocols: []string{"https"},
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "cn-northwest-1",
-				}: endpoint{},
-			},
-		},
-		"runtime.sagemaker": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "cn-northwest-1",
-				}: endpoint{},
-			},
-		},
-		"s3": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{
-					Protocols:         []string{"http", "https"},
-					SignatureVersions: []string{"s3v4"},
-				},
-				defaultKey{
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname:          "{service}.dualstack.{region}.{dnsSuffix}",
-					DNSSuffix:         "amazonaws.com.cn",
-					Protocols:         []string{"http", "https"},
-					SignatureVersions: []string{"s3v4"},
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "cn-north-1",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "s3.dualstack.cn-north-1.amazonaws.com.cn",
-				},
-				endpointKey{
-					Region: "cn-northwest-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "cn-northwest-1",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "s3.dualstack.cn-northwest-1.amazonaws.com.cn",
-				},
-			},
-		},
-		"s3-control": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{
-					Protocols:         []string{"https"},
-					SignatureVersions: []string{"s3v4"},
-				},
-				defaultKey{
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname:          "{service}.dualstack.{region}.{dnsSuffix}",
-					DNSSuffix:         "amazonaws.com.cn",
-					Protocols:         []string{"https"},
-					SignatureVersions: []string{"s3v4"},
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{
-					Hostname:          "s3-control.cn-north-1.amazonaws.com.cn",
-					SignatureVersions: []string{"s3v4"},
-					CredentialScope: credentialScope{
-						Region: "cn-north-1",
-					},
-				},
-				endpointKey{
-					Region:  "cn-north-1",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname:          "s3-control.dualstack.cn-north-1.amazonaws.com.cn",
-					SignatureVersions: []string{"s3v4"},
-					CredentialScope: credentialScope{
-						Region: "cn-north-1",
-					},
-				},
-				endpointKey{
-					Region: "cn-northwest-1",
-				}: endpoint{
-					Hostname:          "s3-control.cn-northwest-1.amazonaws.com.cn",
-					SignatureVersions: []string{"s3v4"},
-					CredentialScope: credentialScope{
-						Region: "cn-northwest-1",
-					},
-				},
-				endpointKey{
-					Region:  "cn-northwest-1",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname:          "s3-control.dualstack.cn-northwest-1.amazonaws.com.cn",
-					SignatureVersions: []string{"s3v4"},
-					CredentialScope: credentialScope{
-						Region: "cn-northwest-1",
-					},
-				},
-			},
-		},
-		"secretsmanager": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "cn-northwest-1",
-				}: endpoint{},
-			},
-		},
-		"securityhub": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "cn-northwest-1",
-				}: endpoint{},
-			},
-		},
-		"serverlessrepo": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{
-					Protocols: []string{"https"},
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{
-					Protocols: []string{"https"},
-				},
-				endpointKey{
-					Region: "cn-northwest-1",
-				}: endpoint{
-					Protocols: []string{"https"},
-				},
-			},
-		},
-		"servicecatalog": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "cn-northwest-1",
-				}: endpoint{},
-			},
-		},
-		"servicediscovery": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "cn-north-1",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "servicediscovery.cn-north-1.amazonaws.com.cn",
-				},
-				endpointKey{
-					Region: "cn-northwest-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "cn-northwest-1",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "servicediscovery.cn-northwest-1.amazonaws.com.cn",
-				},
-			},
-		},
-		"servicequotas": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{
-					Protocols: []string{"https"},
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "cn-northwest-1",
-				}: endpoint{},
-			},
-		},
-		"signer": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "cn-northwest-1",
-				}: endpoint{},
-			},
-		},
-		"sms": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "cn-northwest-1",
-				}: endpoint{},
-			},
-		},
-		"snowball": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "cn-north-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "snowball-fips.cn-north-1.amazonaws.com.cn",
-				},
-				endpointKey{
-					Region: "cn-northwest-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "cn-northwest-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "snowball-fips.cn-northwest-1.amazonaws.com.cn",
-				},
-				endpointKey{
-					Region: "fips-cn-north-1",
-				}: endpoint{
-					Hostname: "snowball-fips.cn-north-1.amazonaws.com.cn",
-					CredentialScope: credentialScope{
-						Region: "cn-north-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-cn-northwest-1",
-				}: endpoint{
-					Hostname: "snowball-fips.cn-northwest-1.amazonaws.com.cn",
-					CredentialScope: credentialScope{
-						Region: "cn-northwest-1",
-					},
-					Deprecated: boxedTrue,
-				},
-			},
-		},
-		"sns": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{
-					Protocols: []string{"http", "https"},
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "cn-northwest-1",
-				}: endpoint{},
-			},
-		},
-		"sqs": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{
-					SSLCommonName: "{region}.queue.{dnsSuffix}",
-					Protocols:     []string{"http", "https"},
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "cn-northwest-1",
-				}: endpoint{},
-			},
-		},
-		"ssm": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "cn-northwest-1",
-				}: endpoint{},
-			},
-		},
-		"states": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "cn-northwest-1",
-				}: endpoint{},
-			},
-		},
-		"storagegateway": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "cn-northwest-1",
-				}: endpoint{},
-			},
-		},
-		"streams.dynamodb": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{
-					Protocols: []string{"http", "https"},
-					CredentialScope: credentialScope{
-						Service: "dynamodb",
-					},
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "cn-northwest-1",
-				}: endpoint{},
-			},
-		},
-		"sts": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "cn-northwest-1",
-				}: endpoint{},
-			},
-		},
-		"support": service{
-			PartitionEndpoint: "aws-cn-global",
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "aws-cn-global",
-				}: endpoint{
-					Hostname: "support.cn-north-1.amazonaws.com.cn",
-					CredentialScope: credentialScope{
-						Region: "cn-north-1",
-					},
-				},
-			},
-		},
-		"swf": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "cn-northwest-1",
-				}: endpoint{},
-			},
-		},
-		"synthetics": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "cn-northwest-1",
-				}: endpoint{},
-			},
-		},
-		"tagging": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "cn-northwest-1",
-				}: endpoint{},
-			},
-		},
-		"transcribe": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{
-					Protocols: []string{"https"},
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{
-					Hostname: "cn.transcribe.cn-north-1.amazonaws.com.cn",
-					CredentialScope: credentialScope{
-						Region: "cn-north-1",
-					},
-				},
-				endpointKey{
-					Region: "cn-northwest-1",
-				}: endpoint{
-					Hostname: "cn.transcribe.cn-northwest-1.amazonaws.com.cn",
-					CredentialScope: credentialScope{
-						Region: "cn-northwest-1",
-					},
-				},
-			},
-		},
-		"transcribestreaming": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "cn-northwest-1",
-				}: endpoint{},
-			},
-		},
-		"transfer": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "cn-northwest-1",
-				}: endpoint{},
-			},
-		},
-		"waf-regional": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{
-					Hostname: "waf-regional.cn-north-1.amazonaws.com.cn",
-					CredentialScope: credentialScope{
-						Region: "cn-north-1",
-					},
-				},
-				endpointKey{
-					Region:  "cn-north-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "waf-regional-fips.cn-north-1.amazonaws.com.cn",
-					CredentialScope: credentialScope{
-						Region: "cn-north-1",
-					},
-				},
-				endpointKey{
-					Region: "cn-northwest-1",
-				}: endpoint{
-					Hostname: "waf-regional.cn-northwest-1.amazonaws.com.cn",
-					CredentialScope: credentialScope{
-						Region: "cn-northwest-1",
-					},
-				},
-				endpointKey{
-					Region:  "cn-northwest-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "waf-regional-fips.cn-northwest-1.amazonaws.com.cn",
-					CredentialScope: credentialScope{
-						Region: "cn-northwest-1",
-					},
-				},
-				endpointKey{
-					Region: "fips-cn-north-1",
-				}: endpoint{
-					Hostname: "waf-regional-fips.cn-north-1.amazonaws.com.cn",
-					CredentialScope: credentialScope{
-						Region: "cn-north-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-cn-northwest-1",
-				}: endpoint{
-					Hostname: "waf-regional-fips.cn-northwest-1.amazonaws.com.cn",
-					CredentialScope: credentialScope{
-						Region: "cn-northwest-1",
-					},
-					Deprecated: boxedTrue,
-				},
-			},
-		},
-		"wafv2": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{
-					Hostname: "wafv2.cn-north-1.amazonaws.com.cn",
-					CredentialScope: credentialScope{
-						Region: "cn-north-1",
-					},
-				},
-				endpointKey{
-					Region:  "cn-north-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "wafv2-fips.cn-north-1.amazonaws.com.cn",
-					CredentialScope: credentialScope{
-						Region: "cn-north-1",
-					},
-				},
-				endpointKey{
-					Region: "cn-northwest-1",
-				}: endpoint{
-					Hostname: "wafv2.cn-northwest-1.amazonaws.com.cn",
-					CredentialScope: credentialScope{
-						Region: "cn-northwest-1",
-					},
-				},
-				endpointKey{
-					Region:  "cn-northwest-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "wafv2-fips.cn-northwest-1.amazonaws.com.cn",
-					CredentialScope: credentialScope{
-						Region: "cn-northwest-1",
-					},
-				},
-				endpointKey{
-					Region: "fips-cn-north-1",
-				}: endpoint{
-					Hostname: "wafv2-fips.cn-north-1.amazonaws.com.cn",
-					CredentialScope: credentialScope{
-						Region: "cn-north-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-cn-northwest-1",
-				}: endpoint{
-					Hostname: "wafv2-fips.cn-northwest-1.amazonaws.com.cn",
-					CredentialScope: credentialScope{
-						Region: "cn-northwest-1",
-					},
-					Deprecated: boxedTrue,
-				},
-			},
-		},
-		"workspaces": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-northwest-1",
-				}: endpoint{},
-			},
-		},
-		"xray": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "cn-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "cn-northwest-1",
-				}: endpoint{},
-			},
-		},
-	},
-}
-
-// AwsUsGovPartition returns the Resolver for AWS GovCloud (US).
-func AwsUsGovPartition() Partition {
-	return awsusgovPartition.Partition()
-}
-
-var awsusgovPartition = partition{
-	ID:        "aws-us-gov",
-	Name:      "AWS GovCloud (US)",
-	DNSSuffix: "amazonaws.com",
-	RegionRegex: regionRegex{
-		Regexp: func() *regexp.Regexp {
-			reg, _ := regexp.Compile("^us\\-gov\\-\\w+\\-\\d+$")
-			return reg
-		}(),
-	},
-	Defaults: endpointDefaults{
-		defaultKey{}: endpoint{
-			Hostname:          "{service}.{region}.{dnsSuffix}",
-			Protocols:         []string{"https"},
-			SignatureVersions: []string{"v4"},
-		},
-		defaultKey{
-			Variant: dualStackVariant,
-		}: endpoint{
-			Hostname:          "{service}.{region}.{dnsSuffix}",
-			DNSSuffix:         "api.aws",
-			Protocols:         []string{"https"},
-			SignatureVersions: []string{"v4"},
-		},
-		defaultKey{
-			Variant: fipsVariant,
-		}: endpoint{
-			Hostname:          "{service}-fips.{region}.{dnsSuffix}",
-			DNSSuffix:         "amazonaws.com",
-			Protocols:         []string{"https"},
-			SignatureVersions: []string{"v4"},
-		},
-		defaultKey{
-			Variant: fipsVariant | dualStackVariant,
-		}: endpoint{
-			Hostname:          "{service}-fips.{region}.{dnsSuffix}",
-			DNSSuffix:         "api.aws",
-			Protocols:         []string{"https"},
-			SignatureVersions: []string{"v4"},
-		},
-	},
-	Regions: regions{
-		"us-gov-east-1": region{
-			Description: "AWS GovCloud (US-East)",
-		},
-		"us-gov-west-1": region{
-			Description: "AWS GovCloud (US-West)",
-		},
-	},
-	Services: services{
-		"access-analyzer": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{
-					Hostname: "access-analyzer.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-				},
-				endpointKey{
-					Region:  "us-gov-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "access-analyzer.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-				},
-				endpointKey{
-					Region: "us-gov-east-1-fips",
-				}: endpoint{
-					Hostname: "access-analyzer.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{
-					Hostname: "access-analyzer.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-				},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "access-analyzer.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-				},
-				endpointKey{
-					Region: "us-gov-west-1-fips",
-				}: endpoint{
-					Hostname: "access-analyzer.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-			},
-		},
-		"acm": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{},
-				defaultKey{
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "acm.{region}.{dnsSuffix}",
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{
-					Hostname: "acm.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{
-					Hostname: "acm.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-				},
-			},
-		},
-		"acm-pca": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{
-					Protocols: []string{"https"},
-				},
-				defaultKey{
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname:  "acm-pca.{region}.{dnsSuffix}",
-					Protocols: []string{"https"},
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "fips-us-gov-east-1",
-				}: endpoint{
-					Hostname: "acm-pca.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-gov-west-1",
-				}: endpoint{
-					Hostname: "acm-pca.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "acm-pca.us-gov-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "acm-pca.us-gov-west-1.amazonaws.com",
-				},
-			},
-		},
-		"api.detective": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{
-					Protocols: []string{"https"},
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "api.detective-fips.us-gov-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-gov-east-1-fips",
-				}: endpoint{
-					Hostname: "api.detective-fips.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "api.detective-fips.us-gov-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-gov-west-1-fips",
-				}: endpoint{
-					Hostname: "api.detective-fips.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-			},
-		},
-		"api.ecr": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{},
-				defaultKey{
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "ecr-fips.{region}.{dnsSuffix}",
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "dkr-us-gov-east-1",
-				}: endpoint{
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region:  "dkr-us-gov-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "ecr-fips.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "dkr-us-gov-west-1",
-				}: endpoint{
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region:  "dkr-us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "ecr-fips.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-dkr-us-gov-east-1",
-				}: endpoint{
-					Hostname: "ecr-fips.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-dkr-us-gov-west-1",
-				}: endpoint{
-					Hostname: "ecr-fips.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-gov-east-1",
-				}: endpoint{
-					Hostname: "ecr-fips.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-gov-west-1",
-				}: endpoint{
-					Hostname: "ecr-fips.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{
-					Hostname: "api.ecr.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-				},
-				endpointKey{
-					Region:  "us-gov-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "ecr-fips.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{
-					Hostname: "api.ecr.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-				},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "ecr-fips.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-				},
-			},
-		},
-		"api.sagemaker": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{},
-				defaultKey{
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "api-fips.sagemaker.{region}.{dnsSuffix}",
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "api-fips.sagemaker.us-gov-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-gov-west-1-fips",
-				}: endpoint{
-					Hostname: "api-fips.sagemaker.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-west-1-fips-secondary",
-				}: endpoint{
-					Hostname: "api.sagemaker.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-west-1-secondary",
-				}: endpoint{
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region:  "us-gov-west-1-secondary",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "api.sagemaker.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-			},
-		},
-		"api.tunneling.iot": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{},
-				defaultKey{
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "api.tunneling.iot-fips.{region}.{dnsSuffix}",
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "fips-us-gov-east-1",
-				}: endpoint{
-					Hostname: "api.tunneling.iot-fips.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-gov-west-1",
-				}: endpoint{
-					Hostname: "api.tunneling.iot-fips.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "api.tunneling.iot-fips.us-gov-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "api.tunneling.iot-fips.us-gov-west-1.amazonaws.com",
-				},
-			},
-		},
-		"apigateway": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{},
-			},
-		},
-		"appconfig": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "fips-us-gov-east-1",
-				}: endpoint{
-					Hostname: "appconfig.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-gov-west-1",
-				}: endpoint{
-					Hostname: "appconfig.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "appconfig.us-gov-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "appconfig.us-gov-west-1.amazonaws.com",
-				},
-			},
-		},
-		"appconfigdata": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{},
-			},
-		},
-		"application-autoscaling": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{
-					Hostname:  "autoscaling.{region}.amazonaws.com",
-					Protocols: []string{"http", "https"},
-					CredentialScope: credentialScope{
-						Service: "application-autoscaling",
-					},
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{
-					Hostname:  "application-autoscaling.us-gov-east-1.amazonaws.com",
-					Protocols: []string{"http", "https"},
-				},
-				endpointKey{
-					Region:  "us-gov-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname:  "application-autoscaling.us-gov-east-1.amazonaws.com",
-					Protocols: []string{"http", "https"},
-				},
-				endpointKey{
-					Region: "us-gov-east-1-fips",
-				}: endpoint{
-					Hostname:  "application-autoscaling.us-gov-east-1.amazonaws.com",
-					Protocols: []string{"http", "https"},
-
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{
-					Hostname:  "application-autoscaling.us-gov-west-1.amazonaws.com",
-					Protocols: []string{"http", "https"},
-				},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname:  "application-autoscaling.us-gov-west-1.amazonaws.com",
-					Protocols: []string{"http", "https"},
-				},
-				endpointKey{
-					Region: "us-gov-west-1-fips",
-				}: endpoint{
-					Hostname:  "application-autoscaling.us-gov-west-1.amazonaws.com",
-					Protocols: []string{"http", "https"},
-
-					Deprecated: boxedTrue,
-				},
-			},
-		},
-		"applicationinsights": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{
-					Hostname: "applicationinsights.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{
-					Hostname: "applicationinsights.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-				},
-			},
-		},
-		"appstream2": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{
-					Protocols: []string{"https"},
-					CredentialScope: credentialScope{
-						Service: "appstream",
-					},
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "fips",
-				}: endpoint{
-					Hostname: "appstream2-fips.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "appstream2-fips.us-gov-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-gov-east-1-fips",
-				}: endpoint{
-					Hostname: "appstream2-fips.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "appstream2-fips.us-gov-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-gov-west-1-fips",
-				}: endpoint{
-					Hostname: "appstream2-fips.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-			},
-		},
-		"athena": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "fips-us-gov-east-1",
-				}: endpoint{
-					Hostname: "athena-fips.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-gov-west-1",
-				}: endpoint{
-					Hostname: "athena-fips.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-east-1",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "athena.us-gov-east-1.api.aws",
-				},
-				endpointKey{
-					Region:  "us-gov-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "athena-fips.us-gov-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region:  "us-gov-east-1",
-					Variant: fipsVariant | dualStackVariant,
-				}: endpoint{
-					Hostname: "athena-fips.us-gov-east-1.api.aws",
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "athena.us-gov-west-1.api.aws",
-				},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "athena-fips.us-gov-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: fipsVariant | dualStackVariant,
-				}: endpoint{
-					Hostname: "athena-fips.us-gov-west-1.api.aws",
-				},
-			},
-		},
-		"autoscaling": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{},
-				defaultKey{
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "autoscaling.{region}.{dnsSuffix}",
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{
-					Protocols: []string{"http", "https"},
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{
-					Protocols: []string{"http", "https"},
-				},
-			},
-		},
-		"autoscaling-plans": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{
-					Protocols: []string{"http", "https"},
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{
-					Protocols: []string{"http", "https"},
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{
-					Protocols: []string{"http", "https"},
-				},
-			},
-		},
-		"backup": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{},
-			},
-		},
-		"backup-gateway": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{},
-			},
-		},
-		"batch": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{},
-				defaultKey{
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "batch.{region}.{dnsSuffix}",
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "fips-us-gov-east-1",
-				}: endpoint{
-					Hostname: "batch.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-gov-west-1",
-				}: endpoint{
-					Hostname: "batch.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "batch.us-gov-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "batch.us-gov-west-1.amazonaws.com",
-				},
-			},
-		},
-		"cassandra": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{
-					Hostname: "cassandra.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-				},
-				endpointKey{
-					Region:  "us-gov-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "cassandra.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-				},
-				endpointKey{
-					Region: "us-gov-east-1-fips",
-				}: endpoint{
-					Hostname: "cassandra.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{
-					Hostname: "cassandra.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-				},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "cassandra.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-				},
-				endpointKey{
-					Region: "us-gov-west-1-fips",
-				}: endpoint{
-					Hostname: "cassandra.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-			},
-		},
-		"cloudcontrolapi": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "fips-us-gov-east-1",
-				}: endpoint{
-					Hostname: "cloudcontrolapi-fips.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-gov-west-1",
-				}: endpoint{
-					Hostname: "cloudcontrolapi-fips.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "cloudcontrolapi-fips.us-gov-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "cloudcontrolapi-fips.us-gov-west-1.amazonaws.com",
-				},
-			},
-		},
-		"clouddirectory": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "clouddirectory.us-gov-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-gov-west-1-fips",
-				}: endpoint{
-					Hostname: "clouddirectory.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-			},
-		},
-		"cloudformation": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{
-					Hostname: "cloudformation.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-				},
-				endpointKey{
-					Region:  "us-gov-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "cloudformation.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-				},
-				endpointKey{
-					Region: "us-gov-east-1-fips",
-				}: endpoint{
-					Hostname: "cloudformation.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{
-					Hostname: "cloudformation.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-				},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "cloudformation.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-				},
-				endpointKey{
-					Region: "us-gov-west-1-fips",
-				}: endpoint{
-					Hostname: "cloudformation.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-			},
-		},
-		"cloudhsm": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{},
-			},
-		},
-		"cloudhsmv2": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{
-					CredentialScope: credentialScope{
-						Service: "cloudhsm",
-					},
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{},
-			},
-		},
-		"cloudtrail": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{},
-				defaultKey{
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "cloudtrail.us-gov-west-1.amazonaws.com",
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "fips-us-gov-east-1",
-				}: endpoint{
-					Hostname: "cloudtrail.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-gov-west-1",
-				}: endpoint{
-					Hostname: "cloudtrail.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "cloudtrail.us-gov-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "cloudtrail.us-gov-west-1.amazonaws.com",
-				},
-			},
-		},
-		"codebuild": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "codebuild-fips.us-gov-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-gov-east-1-fips",
-				}: endpoint{
-					Hostname: "codebuild-fips.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "codebuild-fips.us-gov-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-gov-west-1-fips",
-				}: endpoint{
-					Hostname: "codebuild-fips.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-			},
-		},
-		"codecommit": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "fips",
-				}: endpoint{
-					Hostname: "codecommit-fips.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "codecommit-fips.us-gov-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-gov-east-1-fips",
-				}: endpoint{
-					Hostname: "codecommit-fips.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "codecommit-fips.us-gov-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-gov-west-1-fips",
-				}: endpoint{
-					Hostname: "codecommit-fips.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-			},
-		},
-		"codedeploy": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "codedeploy-fips.us-gov-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-gov-east-1-fips",
-				}: endpoint{
-					Hostname: "codedeploy-fips.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "codedeploy-fips.us-gov-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-gov-west-1-fips",
-				}: endpoint{
-					Hostname: "codedeploy-fips.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-			},
-		},
-		"codepipeline": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "fips-us-gov-west-1",
-				}: endpoint{
-					Hostname: "codepipeline-fips.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "codepipeline-fips.us-gov-west-1.amazonaws.com",
-				},
-			},
-		},
-		"cognito-identity": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "fips-us-gov-west-1",
-				}: endpoint{
-					Hostname: "cognito-identity-fips.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "cognito-identity-fips.us-gov-west-1.amazonaws.com",
-				},
-			},
-		},
-		"cognito-idp": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "fips-us-gov-west-1",
-				}: endpoint{
-					Hostname: "cognito-idp-fips.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "cognito-idp-fips.us-gov-west-1.amazonaws.com",
-				},
-			},
-		},
-		"comprehend": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{
-					Protocols: []string{"https"},
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "fips-us-gov-west-1",
-				}: endpoint{
-					Hostname: "comprehend-fips.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "comprehend-fips.us-gov-west-1.amazonaws.com",
-				},
-			},
-		},
-		"comprehendmedical": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "fips-us-gov-west-1",
-				}: endpoint{
-					Hostname: "comprehendmedical-fips.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "comprehendmedical-fips.us-gov-west-1.amazonaws.com",
-				},
-			},
-		},
-		"compute-optimizer": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{
-					Hostname: "compute-optimizer-fips.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{
-					Hostname: "compute-optimizer-fips.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-				},
-			},
-		},
-		"config": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{},
-				defaultKey{
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "config.{region}.{dnsSuffix}",
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "fips-us-gov-east-1",
-				}: endpoint{
-					Hostname: "config.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-gov-west-1",
-				}: endpoint{
-					Hostname: "config.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "config.us-gov-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "config.us-gov-west-1.amazonaws.com",
-				},
-			},
-		},
-		"connect": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "fips-us-gov-west-1",
-				}: endpoint{
-					Hostname: "connect.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "connect.us-gov-west-1.amazonaws.com",
-				},
-			},
-		},
-		"controltower": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{},
-			},
-		},
-		"data-ats.iot": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{
-					Protocols: []string{"https"},
-					CredentialScope: credentialScope{
-						Service: "iotdata",
-					},
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "fips-us-gov-east-1",
-				}: endpoint{
-					Hostname: "data.iot-fips.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Service: "iotdata",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-gov-west-1",
-				}: endpoint{
-					Hostname: "data.iot-fips.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Service: "iotdata",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "data.iot-fips.us-gov-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "data.iot-fips.us-gov-west-1.amazonaws.com",
-				},
-			},
-		},
-		"data.jobs.iot": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "fips-us-gov-east-1",
-				}: endpoint{
-					Hostname: "data.jobs.iot-fips.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-gov-west-1",
-				}: endpoint{
-					Hostname: "data.jobs.iot-fips.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "data.jobs.iot-fips.us-gov-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "data.jobs.iot-fips.us-gov-west-1.amazonaws.com",
-				},
-			},
-		},
-		"databrew": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "fips-us-gov-west-1",
-				}: endpoint{
-					Hostname: "databrew.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "databrew.us-gov-west-1.amazonaws.com",
-				},
-			},
-		},
-		"datasync": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "fips-us-gov-east-1",
-				}: endpoint{
-					Hostname: "datasync-fips.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-gov-west-1",
-				}: endpoint{
-					Hostname: "datasync-fips.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "datasync-fips.us-gov-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "datasync-fips.us-gov-west-1.amazonaws.com",
-				},
-			},
-		},
-		"directconnect": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{
-					Hostname: "directconnect.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{
-					Hostname: "directconnect.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-				},
-			},
-		},
-		"dlm": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "dlm.us-gov-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-gov-east-1-fips",
-				}: endpoint{
-					Hostname: "dlm.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "dlm.us-gov-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-gov-west-1-fips",
-				}: endpoint{
-					Hostname: "dlm.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-			},
-		},
-		"dms": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{},
-				defaultKey{
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "dms.{region}.{dnsSuffix}",
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "dms",
-				}: endpoint{
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region:  "dms",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "dms.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "dms-fips",
-				}: endpoint{
-					Hostname: "dms.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "dms.us-gov-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-gov-east-1-fips",
-				}: endpoint{
-					Hostname: "dms.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "dms.us-gov-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-gov-west-1-fips",
-				}: endpoint{
-					Hostname: "dms.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-			},
-		},
-		"docdb": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{
-					Hostname: "rds.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-				},
-			},
-		},
-		"ds": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "fips-us-gov-east-1",
-				}: endpoint{
-					Hostname: "ds-fips.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-gov-west-1",
-				}: endpoint{
-					Hostname: "ds-fips.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "ds-fips.us-gov-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "ds-fips.us-gov-west-1.amazonaws.com",
-				},
-			},
-		},
-		"dynamodb": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{},
-				defaultKey{
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "dynamodb.{region}.{dnsSuffix}",
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "dynamodb.us-gov-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-gov-east-1-fips",
-				}: endpoint{
-					Hostname: "dynamodb.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "dynamodb.us-gov-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-gov-west-1-fips",
-				}: endpoint{
-					Hostname: "dynamodb.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-			},
-		},
-		"ebs": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{},
-			},
-		},
-		"ec2": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{},
-				defaultKey{
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "ec2.{region}.{dnsSuffix}",
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{
-					Hostname: "ec2.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-				},
-				endpointKey{
-					Region:  "us-gov-east-1",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "ec2.us-gov-east-1.api.aws",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{
-					Hostname: "ec2.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-				},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "ec2.us-gov-west-1.api.aws",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-				},
-			},
-		},
-		"ecs": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "fips-us-gov-east-1",
-				}: endpoint{
-					Hostname: "ecs-fips.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-gov-west-1",
-				}: endpoint{
-					Hostname: "ecs-fips.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "ecs-fips.us-gov-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "ecs-fips.us-gov-west-1.amazonaws.com",
-				},
-			},
-		},
-		"eks": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{
-					Protocols: []string{"http", "https"},
-				},
-				defaultKey{
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname:  "eks.{region}.{dnsSuffix}",
-					Protocols: []string{"http", "https"},
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "fips-us-gov-east-1",
-				}: endpoint{
-					Hostname: "eks.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-gov-west-1",
-				}: endpoint{
-					Hostname: "eks.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "eks.us-gov-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "eks.us-gov-west-1.amazonaws.com",
-				},
-			},
-		},
-		"elasticache": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{},
-				defaultKey{
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "elasticache.{region}.{dnsSuffix}",
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "fips",
-				}: endpoint{
-					Hostname: "elasticache.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "elasticache.us-gov-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-gov-west-1-fips",
-				}: endpoint{
-					Hostname: "elasticache.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-			},
-		},
-		"elasticbeanstalk": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{
-					Hostname: "elasticbeanstalk.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-				},
-				endpointKey{
-					Region:  "us-gov-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "elasticbeanstalk.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-				},
-				endpointKey{
-					Region: "us-gov-east-1-fips",
-				}: endpoint{
-					Hostname: "elasticbeanstalk.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{
-					Hostname: "elasticbeanstalk.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-				},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "elasticbeanstalk.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-				},
-				endpointKey{
-					Region: "us-gov-west-1-fips",
-				}: endpoint{
-					Hostname: "elasticbeanstalk.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-			},
-		},
-		"elasticfilesystem": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "fips-us-gov-east-1",
-				}: endpoint{
-					Hostname: "elasticfilesystem-fips.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-gov-west-1",
-				}: endpoint{
-					Hostname: "elasticfilesystem-fips.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "elasticfilesystem-fips.us-gov-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "elasticfilesystem-fips.us-gov-west-1.amazonaws.com",
-				},
-			},
-		},
-		"elasticloadbalancing": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{},
-				defaultKey{
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "elasticloadbalancing.{region}.{dnsSuffix}",
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "fips-us-gov-east-1",
-				}: endpoint{
-					Hostname: "elasticloadbalancing.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-gov-west-1",
-				}: endpoint{
-					Hostname: "elasticloadbalancing.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "elasticloadbalancing.us-gov-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{
-					Protocols: []string{"http", "https"},
-				},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname:  "elasticloadbalancing.us-gov-west-1.amazonaws.com",
-					Protocols: []string{"http", "https"},
-				},
-			},
-		},
-		"elasticmapreduce": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{},
-				defaultKey{
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "elasticmapreduce.{region}.{dnsSuffix}",
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "fips-us-gov-east-1",
-				}: endpoint{
-					Hostname: "elasticmapreduce.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-gov-west-1",
-				}: endpoint{
-					Hostname: "elasticmapreduce.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "elasticmapreduce.us-gov-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{
-					Protocols: []string{"https"},
-				},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname:  "elasticmapreduce.us-gov-west-1.amazonaws.com",
-					Protocols: []string{"https"},
-				},
-			},
-		},
-		"email": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "fips-us-gov-west-1",
-				}: endpoint{
-					Hostname: "email-fips.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "email-fips.us-gov-west-1.amazonaws.com",
-				},
-			},
-		},
-		"emr-containers": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{},
-			},
-		},
-		"es": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "fips",
-				}: endpoint{
-					Hostname: "es-fips.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "es-fips.us-gov-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-gov-east-1-fips",
-				}: endpoint{
-					Hostname: "es-fips.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "es-fips.us-gov-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-gov-west-1-fips",
-				}: endpoint{
-					Hostname: "es-fips.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-			},
-		},
-		"events": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "fips-us-gov-east-1",
-				}: endpoint{
-					Hostname: "events.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-gov-west-1",
-				}: endpoint{
-					Hostname: "events.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "events.us-gov-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "events.us-gov-west-1.amazonaws.com",
-				},
-			},
-		},
-		"firehose": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "fips-us-gov-east-1",
-				}: endpoint{
-					Hostname: "firehose-fips.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-gov-west-1",
-				}: endpoint{
-					Hostname: "firehose-fips.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "firehose-fips.us-gov-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "firehose-fips.us-gov-west-1.amazonaws.com",
-				},
-			},
-		},
-		"fms": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{
-					Protocols: []string{"https"},
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "fips-us-gov-east-1",
-				}: endpoint{
-					Hostname: "fms-fips.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-gov-west-1",
-				}: endpoint{
-					Hostname: "fms-fips.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "fms-fips.us-gov-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "fms-fips.us-gov-west-1.amazonaws.com",
-				},
-			},
-		},
-		"fsx": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "fips-prod-us-gov-east-1",
-				}: endpoint{
-					Hostname: "fsx-fips.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-prod-us-gov-west-1",
-				}: endpoint{
-					Hostname: "fsx-fips.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-gov-east-1",
-				}: endpoint{
-					Hostname: "fsx-fips.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-gov-west-1",
-				}: endpoint{
-					Hostname: "fsx-fips.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "prod-us-gov-east-1",
-				}: endpoint{
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region:  "prod-us-gov-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "fsx-fips.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "prod-us-gov-west-1",
-				}: endpoint{
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region:  "prod-us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "fsx-fips.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "fsx-fips.us-gov-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "fsx-fips.us-gov-west-1.amazonaws.com",
-				},
-			},
-		},
-		"glacier": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "fips-us-gov-east-1",
-				}: endpoint{
-					Hostname: "glacier.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-gov-west-1",
-				}: endpoint{
-					Hostname: "glacier.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "glacier.us-gov-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{
-					Protocols: []string{"http", "https"},
-				},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname:  "glacier.us-gov-west-1.amazonaws.com",
-					Protocols: []string{"http", "https"},
-				},
-			},
-		},
-		"glue": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "fips-us-gov-east-1",
-				}: endpoint{
-					Hostname: "glue-fips.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-gov-west-1",
-				}: endpoint{
-					Hostname: "glue-fips.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "glue-fips.us-gov-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "glue-fips.us-gov-west-1.amazonaws.com",
-				},
-			},
-		},
-		"greengrass": service{
-			IsRegionalized: boxedTrue,
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{
-					Protocols: []string{"https"},
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "dataplane-us-gov-east-1",
-				}: endpoint{
-					Hostname: "greengrass-ats.iot.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-				},
-				endpointKey{
-					Region: "dataplane-us-gov-west-1",
-				}: endpoint{
-					Hostname: "greengrass-ats.iot.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-				},
-				endpointKey{
-					Region: "fips-us-gov-east-1",
-				}: endpoint{
-					Hostname: "greengrass.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-gov-west-1",
-				}: endpoint{
-					Hostname: "greengrass.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "greengrass.us-gov-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "greengrass.us-gov-west-1.amazonaws.com",
-				},
-			},
-		},
-		"guardduty": service{
-			IsRegionalized: boxedTrue,
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{
-					Protocols: []string{"https"},
-				},
-				defaultKey{
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname:  "guardduty.{region}.{dnsSuffix}",
-					Protocols: []string{"https"},
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "guardduty.us-gov-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-gov-east-1-fips",
-				}: endpoint{
-					Hostname: "guardduty.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "guardduty.us-gov-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-gov-west-1-fips",
-				}: endpoint{
-					Hostname: "guardduty.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-			},
-		},
-		"health": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "fips-us-gov-west-1",
-				}: endpoint{
-					Hostname: "health-fips.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "health-fips.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-			},
-		},
-		"iam": service{
-			PartitionEndpoint: "aws-us-gov-global",
-			IsRegionalized:    boxedFalse,
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "aws-us-gov-global",
-				}: endpoint{
-					Hostname: "iam.us-gov.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-				},
-				endpointKey{
-					Region:  "aws-us-gov-global",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "iam.us-gov.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-				},
-				endpointKey{
-					Region: "aws-us-gov-global-fips",
-				}: endpoint{
-					Hostname: "iam.us-gov.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "iam-govcloud",
-				}: endpoint{
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region:  "iam-govcloud",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "iam.us-gov.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "iam-govcloud-fips",
-				}: endpoint{
-					Hostname: "iam.us-gov.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-			},
-		},
-		"identitystore": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{},
-				defaultKey{
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "identitystore.{region}.{dnsSuffix}",
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "fips-us-gov-east-1",
-				}: endpoint{
-					Hostname: "identitystore.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-gov-west-1",
-				}: endpoint{
-					Hostname: "identitystore.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "identitystore.us-gov-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "identitystore.us-gov-west-1.amazonaws.com",
-				},
-			},
-		},
-		"ingest.timestream": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "ingest.timestream.us-gov-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-gov-west-1-fips",
-				}: endpoint{
-					Hostname: "ingest.timestream.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-			},
-		},
-		"inspector": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "fips-us-gov-east-1",
-				}: endpoint{
-					Hostname: "inspector-fips.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-gov-west-1",
-				}: endpoint{
-					Hostname: "inspector-fips.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "inspector-fips.us-gov-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "inspector-fips.us-gov-west-1.amazonaws.com",
-				},
-			},
-		},
-		"inspector2": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{},
-			},
-		},
-		"internetmonitor": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{
-					DNSSuffix: "api.aws",
-				},
-				defaultKey{
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname:  "{service}-fips.{region}.{dnsSuffix}",
-					DNSSuffix: "api.aws",
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{
-					Hostname: "internetmonitor.us-gov-east-1.api.aws",
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{
-					Hostname: "internetmonitor.us-gov-west-1.api.aws",
-				},
-			},
-		},
-		"iot": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "fips-us-gov-east-1",
-				}: endpoint{
-					Hostname: "iot-fips.us-gov-east-1.amazonaws.com",
-
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-gov-west-1",
-				}: endpoint{
-					Hostname: "iot-fips.us-gov-west-1.amazonaws.com",
-
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "iot-fips.us-gov-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "iot-fips.us-gov-west-1.amazonaws.com",
-				},
-			},
-		},
-		"iotevents": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "fips-us-gov-west-1",
-				}: endpoint{
-					Hostname: "iotevents-fips.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "iotevents-fips.us-gov-west-1.amazonaws.com",
-				},
-			},
-		},
-		"ioteventsdata": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "fips-us-gov-west-1",
-				}: endpoint{
-					Hostname: "data.iotevents-fips.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{
-					Hostname: "data.iotevents.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-				},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "data.iotevents-fips.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-				},
-			},
-		},
-		"iotsecuredtunneling": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{},
-				defaultKey{
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "api.tunneling.iot-fips.{region}.{dnsSuffix}",
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "fips-us-gov-east-1",
-				}: endpoint{
-					Hostname: "api.tunneling.iot-fips.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-gov-west-1",
-				}: endpoint{
-					Hostname: "api.tunneling.iot-fips.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "api.tunneling.iot-fips.us-gov-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "api.tunneling.iot-fips.us-gov-west-1.amazonaws.com",
-				},
-			},
-		},
-		"iotsitewise": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "fips-us-gov-west-1",
-				}: endpoint{
-					Hostname: "iotsitewise-fips.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "iotsitewise-fips.us-gov-west-1.amazonaws.com",
-				},
-			},
-		},
-		"iottwinmaker": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "fips-us-gov-west-1",
-				}: endpoint{
-					Hostname: "iottwinmaker-fips.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "iottwinmaker-fips.us-gov-west-1.amazonaws.com",
-				},
-			},
-		},
-		"kafka": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{
-					Hostname: "kafka.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-				},
-				endpointKey{
-					Region:  "us-gov-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "kafka.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-				},
-				endpointKey{
-					Region: "us-gov-east-1-fips",
-				}: endpoint{
-					Hostname: "kafka.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{
-					Hostname: "kafka.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-				},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "kafka.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-				},
-				endpointKey{
-					Region: "us-gov-west-1-fips",
-				}: endpoint{
-					Hostname: "kafka.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-			},
-		},
-		"kendra": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "fips-us-gov-west-1",
-				}: endpoint{
-					Hostname: "kendra-fips.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "kendra-fips.us-gov-west-1.amazonaws.com",
-				},
-			},
-		},
-		"kendra-ranking": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{
-					DNSSuffix: "api.aws",
-				},
-				defaultKey{
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname:  "{service}-fips.{region}.{dnsSuffix}",
-					DNSSuffix: "api.aws",
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{
-					Hostname: "kendra-ranking.us-gov-east-1.api.aws",
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{
-					Hostname: "kendra-ranking.us-gov-west-1.api.aws",
-				},
-			},
-		},
-		"kinesis": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "fips-us-gov-east-1",
-				}: endpoint{
-					Hostname: "kinesis.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-gov-west-1",
-				}: endpoint{
-					Hostname: "kinesis.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{
-					Hostname: "kinesis.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-				},
-				endpointKey{
-					Region:  "us-gov-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "kinesis.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{
-					Hostname: "kinesis.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-				},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "kinesis.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-				},
-			},
-		},
-		"kinesisanalytics": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{},
-			},
-		},
-		"kms": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ProdFips",
-				}: endpoint{
-					Hostname: "kms-fips.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "kms-fips.us-gov-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-gov-east-1-fips",
-				}: endpoint{
-					Hostname: "kms-fips.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "kms-fips.us-gov-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-gov-west-1-fips",
-				}: endpoint{
-					Hostname: "kms-fips.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-			},
-		},
-		"lakeformation": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "fips-us-gov-east-1",
-				}: endpoint{
-					Hostname: "lakeformation-fips.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-gov-west-1",
-				}: endpoint{
-					Hostname: "lakeformation-fips.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "lakeformation-fips.us-gov-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "lakeformation-fips.us-gov-west-1.amazonaws.com",
-				},
-			},
-		},
-		"lambda": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "fips-us-gov-east-1",
-				}: endpoint{
-					Hostname: "lambda-fips.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-gov-west-1",
-				}: endpoint{
-					Hostname: "lambda-fips.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-east-1",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "lambda.us-gov-east-1.api.aws",
-				},
-				endpointKey{
-					Region:  "us-gov-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "lambda-fips.us-gov-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "lambda.us-gov-west-1.api.aws",
-				},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "lambda-fips.us-gov-west-1.amazonaws.com",
-				},
-			},
-		},
-		"license-manager": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "fips-us-gov-east-1",
-				}: endpoint{
-					Hostname: "license-manager-fips.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-gov-west-1",
-				}: endpoint{
-					Hostname: "license-manager-fips.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "license-manager-fips.us-gov-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "license-manager-fips.us-gov-west-1.amazonaws.com",
-				},
-			},
-		},
-		"logs": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "fips-us-gov-east-1",
-				}: endpoint{
-					Hostname: "logs.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-gov-west-1",
-				}: endpoint{
-					Hostname: "logs.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "logs.us-gov-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "logs.us-gov-west-1.amazonaws.com",
-				},
-			},
-		},
-		"managedblockchain": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{},
-			},
-		},
-		"mediaconvert": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "fips-us-gov-west-1",
-				}: endpoint{
-					Hostname: "mediaconvert.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "mediaconvert.us-gov-west-1.amazonaws.com",
-				},
-			},
-		},
-		"meetings-chime": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "meetings-chime-fips.us-gov-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-gov-east-1-fips",
-				}: endpoint{
-					Hostname: "meetings-chime-fips.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "meetings-chime-fips.us-gov-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-gov-west-1-fips",
-				}: endpoint{
-					Hostname: "meetings-chime-fips.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-			},
-		},
-		"metering.marketplace": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{
-					CredentialScope: credentialScope{
-						Service: "aws-marketplace",
-					},
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{},
-			},
-		},
-		"metrics.sagemaker": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{},
-			},
-		},
-		"mgn": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "fips-us-gov-east-1",
-				}: endpoint{
-					Hostname: "mgn-fips.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-gov-west-1",
-				}: endpoint{
-					Hostname: "mgn-fips.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "mgn-fips.us-gov-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "mgn-fips.us-gov-west-1.amazonaws.com",
-				},
-			},
-		},
-		"models.lex": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{
-					CredentialScope: credentialScope{
-						Service: "lex",
-					},
-				},
-				defaultKey{
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "models-fips.lex.{region}.{dnsSuffix}",
-					CredentialScope: credentialScope{
-						Service: "lex",
-					},
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "models-fips.lex.us-gov-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-gov-west-1-fips",
-				}: endpoint{
-					Hostname: "models-fips.lex.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-			},
-		},
-		"monitoring": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{},
-				defaultKey{
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "monitoring.{region}.{dnsSuffix}",
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "fips-us-gov-east-1",
-				}: endpoint{
-					Hostname: "monitoring.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-gov-west-1",
-				}: endpoint{
-					Hostname: "monitoring.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "monitoring.us-gov-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "monitoring.us-gov-west-1.amazonaws.com",
-				},
-			},
-		},
-		"mq": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "fips-us-gov-east-1",
-				}: endpoint{
-					Hostname: "mq-fips.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-gov-west-1",
-				}: endpoint{
-					Hostname: "mq-fips.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "mq-fips.us-gov-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "mq-fips.us-gov-west-1.amazonaws.com",
-				},
-			},
-		},
-		"neptune": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{
-					Hostname: "rds.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{
-					Hostname: "rds.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-				},
-			},
-		},
-		"network-firewall": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "fips-us-gov-east-1",
-				}: endpoint{
-					Hostname: "network-firewall-fips.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-gov-west-1",
-				}: endpoint{
-					Hostname: "network-firewall-fips.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "network-firewall-fips.us-gov-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "network-firewall-fips.us-gov-west-1.amazonaws.com",
-				},
-			},
-		},
-		"networkmanager": service{
-			PartitionEndpoint: "aws-us-gov-global",
-			IsRegionalized:    boxedFalse,
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "aws-us-gov-global",
-				}: endpoint{
-					Hostname: "networkmanager.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-				},
-			},
-		},
-		"oidc": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{
-					Hostname: "oidc.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{
-					Hostname: "oidc.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-				},
-			},
-		},
-		"organizations": service{
-			PartitionEndpoint: "aws-us-gov-global",
-			IsRegionalized:    boxedFalse,
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "aws-us-gov-global",
-				}: endpoint{
-					Hostname: "organizations.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-				},
-				endpointKey{
-					Region:  "aws-us-gov-global",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "organizations.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-				},
-				endpointKey{
-					Region: "fips-aws-us-gov-global",
-				}: endpoint{
-					Hostname: "organizations.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-			},
-		},
-		"outposts": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "fips-us-gov-east-1",
-				}: endpoint{
-					Hostname: "outposts.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-gov-west-1",
-				}: endpoint{
-					Hostname: "outposts.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "outposts.us-gov-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "outposts.us-gov-west-1.amazonaws.com",
-				},
-			},
-		},
-		"participant.connect": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "fips-us-gov-west-1",
-				}: endpoint{
-					Hostname: "participant.connect.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "participant.connect.us-gov-west-1.amazonaws.com",
-				},
-			},
-		},
-		"pi": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{},
-			},
-		},
-		"pinpoint": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{
-					CredentialScope: credentialScope{
-						Service: "mobiletargeting",
-					},
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "fips-us-gov-west-1",
-				}: endpoint{
-					Hostname: "pinpoint-fips.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{
-					Hostname: "pinpoint.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-				},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "pinpoint-fips.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-				},
-			},
-		},
-		"polly": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "fips-us-gov-west-1",
-				}: endpoint{
-					Hostname: "polly-fips.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "polly-fips.us-gov-west-1.amazonaws.com",
-				},
-			},
-		},
-		"portal.sso": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{
-					Hostname: "portal.sso.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{
-					Hostname: "portal.sso.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-				},
-			},
-		},
-		"quicksight": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "api",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{},
-			},
-		},
-		"ram": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{
-					Hostname: "ram.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-				},
-				endpointKey{
-					Region:  "us-gov-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "ram.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-				},
-				endpointKey{
-					Region: "us-gov-east-1-fips",
-				}: endpoint{
-					Hostname: "ram.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{
-					Hostname: "ram.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-				},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "ram.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-				},
-				endpointKey{
-					Region: "us-gov-west-1-fips",
-				}: endpoint{
-					Hostname: "ram.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-			},
-		},
-		"rbin": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "fips-us-gov-east-1",
-				}: endpoint{
-					Hostname: "rbin-fips.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-gov-west-1",
-				}: endpoint{
-					Hostname: "rbin-fips.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "rbin-fips.us-gov-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "rbin-fips.us-gov-west-1.amazonaws.com",
-				},
-			},
-		},
-		"rds": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{},
-				defaultKey{
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "rds.{region}.{dnsSuffix}",
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "rds.us-gov-east-1",
-				}: endpoint{
-					Hostname: "rds.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "rds.us-gov-west-1",
-				}: endpoint{
-					Hostname: "rds.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "rds.us-gov-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-gov-east-1-fips",
-				}: endpoint{
-					Hostname: "rds.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "rds.us-gov-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-gov-west-1-fips",
-				}: endpoint{
-					Hostname: "rds.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-			},
-		},
-		"redshift": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{
-					Hostname: "redshift.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{
-					Hostname: "redshift.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-				},
-			},
-		},
-		"rekognition": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "rekognition-fips.us-gov-west-1",
-				}: endpoint{
-					Hostname: "rekognition-fips.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "rekognition.us-gov-west-1",
-				}: endpoint{
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region:  "rekognition.us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "rekognition-fips.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "rekognition-fips.us-gov-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-gov-west-1-fips",
-				}: endpoint{
-					Hostname: "rekognition-fips.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-			},
-		},
-		"resource-explorer-2": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{
-					DNSSuffix: "api.aws",
-				},
-				defaultKey{
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname:  "{service}-fips.{region}.{dnsSuffix}",
-					DNSSuffix: "api.aws",
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{
-					Hostname: "resource-explorer-2.us-gov-east-1.api.aws",
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{
-					Hostname: "resource-explorer-2.us-gov-west-1.api.aws",
-				},
-			},
-		},
-		"resource-groups": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{},
-				defaultKey{
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "resource-groups.{region}.{dnsSuffix}",
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "fips-us-gov-east-1",
-				}: endpoint{
-					Hostname: "resource-groups.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-gov-west-1",
-				}: endpoint{
-					Hostname: "resource-groups.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "resource-groups.us-gov-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "resource-groups.us-gov-west-1.amazonaws.com",
-				},
-			},
-		},
-		"robomaker": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{},
-			},
-		},
-		"route53": service{
-			PartitionEndpoint: "aws-us-gov-global",
-			IsRegionalized:    boxedFalse,
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "aws-us-gov-global",
-				}: endpoint{
-					Hostname: "route53.us-gov.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-				},
-				endpointKey{
-					Region:  "aws-us-gov-global",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "route53.us-gov.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-				},
-				endpointKey{
-					Region: "fips-aws-us-gov-global",
-				}: endpoint{
-					Hostname: "route53.us-gov.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-			},
-		},
-		"route53resolver": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "route53resolver.us-gov-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-gov-east-1-fips",
-				}: endpoint{
-					Hostname: "route53resolver.us-gov-east-1.amazonaws.com",
-
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "route53resolver.us-gov-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-gov-west-1-fips",
-				}: endpoint{
-					Hostname: "route53resolver.us-gov-west-1.amazonaws.com",
-
-					Deprecated: boxedTrue,
-				},
-			},
-		},
-		"runtime.lex": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{
-					CredentialScope: credentialScope{
-						Service: "lex",
-					},
-				},
-				defaultKey{
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "runtime-fips.lex.{region}.{dnsSuffix}",
-					CredentialScope: credentialScope{
-						Service: "lex",
-					},
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "runtime-fips.lex.us-gov-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-gov-west-1-fips",
-				}: endpoint{
-					Hostname: "runtime-fips.lex.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-			},
-		},
-		"runtime.sagemaker": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{},
-				defaultKey{
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "runtime.sagemaker.{region}.{dnsSuffix}",
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "runtime.sagemaker.us-gov-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-gov-west-1-fips",
-				}: endpoint{
-					Hostname: "runtime.sagemaker.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-			},
-		},
-		"s3": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{
-					SignatureVersions: []string{"s3", "s3v4"},
-				},
-				defaultKey{
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname:          "{service}.dualstack.{region}.{dnsSuffix}",
-					DNSSuffix:         "amazonaws.com",
-					SignatureVersions: []string{"s3", "s3v4"},
-				},
-				defaultKey{
-					Variant: fipsVariant | dualStackVariant,
-				}: endpoint{
-					Hostname:          "{service}-fips.dualstack.{region}.{dnsSuffix}",
-					DNSSuffix:         "amazonaws.com",
-					SignatureVersions: []string{"s3", "s3v4"},
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "fips-us-gov-east-1",
-				}: endpoint{
-					Hostname: "s3-fips.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-gov-west-1",
-				}: endpoint{
-					Hostname: "s3-fips.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{
-					Hostname:  "s3.us-gov-east-1.amazonaws.com",
-					Protocols: []string{"http", "https"},
-				},
-				endpointKey{
-					Region:  "us-gov-east-1",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname:  "s3.dualstack.us-gov-east-1.amazonaws.com",
-					Protocols: []string{"http", "https"},
-				},
-				endpointKey{
-					Region:  "us-gov-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname:  "s3-fips.us-gov-east-1.amazonaws.com",
-					Protocols: []string{"http", "https"},
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{
-					Hostname:  "s3.us-gov-west-1.amazonaws.com",
-					Protocols: []string{"http", "https"},
-				},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname:  "s3.dualstack.us-gov-west-1.amazonaws.com",
-					Protocols: []string{"http", "https"},
-				},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname:  "s3-fips.us-gov-west-1.amazonaws.com",
-					Protocols: []string{"http", "https"},
-				},
-			},
-		},
-		"s3-control": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{
-					Protocols:         []string{"https"},
-					SignatureVersions: []string{"s3v4"},
-				},
-				defaultKey{
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname:          "{service}.dualstack.{region}.{dnsSuffix}",
-					DNSSuffix:         "amazonaws.com",
-					Protocols:         []string{"https"},
-					SignatureVersions: []string{"s3v4"},
-				},
-				defaultKey{
-					Variant: fipsVariant | dualStackVariant,
-				}: endpoint{
-					Hostname:          "{service}-fips.dualstack.{region}.{dnsSuffix}",
-					DNSSuffix:         "amazonaws.com",
-					Protocols:         []string{"https"},
-					SignatureVersions: []string{"s3v4"},
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{
-					Hostname:          "s3-control.us-gov-east-1.amazonaws.com",
-					SignatureVersions: []string{"s3v4"},
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-				},
-				endpointKey{
-					Region:  "us-gov-east-1",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname:          "s3-control.dualstack.us-gov-east-1.amazonaws.com",
-					SignatureVersions: []string{"s3v4"},
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-				},
-				endpointKey{
-					Region:  "us-gov-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname:          "s3-control-fips.us-gov-east-1.amazonaws.com",
-					SignatureVersions: []string{"s3v4"},
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-				},
-				endpointKey{
-					Region:  "us-gov-east-1",
-					Variant: fipsVariant | dualStackVariant,
-				}: endpoint{
-					Hostname:          "s3-control-fips.dualstack.us-gov-east-1.amazonaws.com",
-					SignatureVersions: []string{"s3v4"},
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-				},
-				endpointKey{
-					Region: "us-gov-east-1-fips",
-				}: endpoint{
-					Hostname:          "s3-control-fips.us-gov-east-1.amazonaws.com",
-					SignatureVersions: []string{"s3v4"},
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{
-					Hostname:          "s3-control.us-gov-west-1.amazonaws.com",
-					SignatureVersions: []string{"s3v4"},
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-				},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname:          "s3-control.dualstack.us-gov-west-1.amazonaws.com",
-					SignatureVersions: []string{"s3v4"},
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-				},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname:          "s3-control-fips.us-gov-west-1.amazonaws.com",
-					SignatureVersions: []string{"s3v4"},
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-				},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: fipsVariant | dualStackVariant,
-				}: endpoint{
-					Hostname:          "s3-control-fips.dualstack.us-gov-west-1.amazonaws.com",
-					SignatureVersions: []string{"s3v4"},
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-				},
-				endpointKey{
-					Region: "us-gov-west-1-fips",
-				}: endpoint{
-					Hostname:          "s3-control-fips.us-gov-west-1.amazonaws.com",
-					SignatureVersions: []string{"s3v4"},
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-			},
-		},
-		"s3-outposts": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "fips-us-gov-east-1",
-				}: endpoint{
-
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-gov-west-1",
-				}: endpoint{
-
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-east-1",
-					Variant: fipsVariant,
-				}: endpoint{},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{},
-			},
-		},
-		"secretsmanager": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "secretsmanager-fips.us-gov-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-gov-east-1-fips",
-				}: endpoint{
-					Hostname: "secretsmanager-fips.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "secretsmanager-fips.us-gov-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-gov-west-1-fips",
-				}: endpoint{
-					Hostname: "secretsmanager-fips.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-			},
-		},
-		"securityhub": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "fips-us-gov-east-1",
-				}: endpoint{
-					Hostname: "securityhub-fips.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-gov-west-1",
-				}: endpoint{
-					Hostname: "securityhub-fips.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "securityhub-fips.us-gov-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "securityhub-fips.us-gov-west-1.amazonaws.com",
-				},
-			},
-		},
-		"serverlessrepo": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{
-					Protocols: []string{"https"},
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{
-					Protocols: []string{"https"},
-				},
-				endpointKey{
-					Region:  "us-gov-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname:  "serverlessrepo.us-gov-east-1.amazonaws.com",
-					Protocols: []string{"https"},
-				},
-				endpointKey{
-					Region: "us-gov-east-1-fips",
-				}: endpoint{
-					Hostname: "serverlessrepo.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{
-					Protocols: []string{"https"},
-				},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname:  "serverlessrepo.us-gov-west-1.amazonaws.com",
-					Protocols: []string{"https"},
-				},
-				endpointKey{
-					Region: "us-gov-west-1-fips",
-				}: endpoint{
-					Hostname: "serverlessrepo.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-			},
-		},
-		"servicecatalog": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "servicecatalog-fips.us-gov-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-gov-east-1-fips",
-				}: endpoint{
-					Hostname: "servicecatalog-fips.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "servicecatalog-fips.us-gov-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-gov-west-1-fips",
-				}: endpoint{
-					Hostname: "servicecatalog-fips.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-			},
-		},
-		"servicecatalog-appregistry": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{},
-				defaultKey{
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "servicecatalog-appregistry.{region}.{dnsSuffix}",
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{},
-			},
-		},
-		"servicediscovery": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "servicediscovery",
-				}: endpoint{
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region:  "servicediscovery",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "servicediscovery-fips.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "servicediscovery-fips",
-				}: endpoint{
-					Hostname: "servicediscovery-fips.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-east-1",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "servicediscovery.us-gov-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region:  "us-gov-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "servicediscovery-fips.us-gov-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-gov-east-1-fips",
-				}: endpoint{
-					Hostname: "servicediscovery-fips.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: dualStackVariant,
-				}: endpoint{
-					Hostname: "servicediscovery.us-gov-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "servicediscovery-fips.us-gov-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-gov-west-1-fips",
-				}: endpoint{
-					Hostname: "servicediscovery-fips.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-			},
-		},
-		"servicequotas": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{
-					Protocols: []string{"https"},
-				},
-				defaultKey{
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname:  "servicequotas.{region}.{dnsSuffix}",
-					Protocols: []string{"https"},
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "fips-us-gov-east-1",
-				}: endpoint{
-					Hostname: "servicequotas.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-gov-west-1",
-				}: endpoint{
-					Hostname: "servicequotas.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "servicequotas.us-gov-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "servicequotas.us-gov-west-1.amazonaws.com",
-				},
-			},
-		},
-		"simspaceweaver": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{},
-			},
-		},
-		"sms": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "fips-us-gov-east-1",
-				}: endpoint{
-					Hostname: "sms-fips.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-gov-west-1",
-				}: endpoint{
-					Hostname: "sms-fips.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "sms-fips.us-gov-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "sms-fips.us-gov-west-1.amazonaws.com",
-				},
-			},
-		},
-		"sms-voice": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "fips-us-gov-west-1",
-				}: endpoint{
-					Hostname: "sms-voice-fips.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "sms-voice-fips.us-gov-west-1.amazonaws.com",
-				},
-			},
-		},
-		"snowball": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "fips-us-gov-east-1",
-				}: endpoint{
-					Hostname: "snowball-fips.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-gov-west-1",
-				}: endpoint{
-					Hostname: "snowball-fips.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "snowball-fips.us-gov-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "snowball-fips.us-gov-west-1.amazonaws.com",
-				},
-			},
-		},
-		"sns": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "fips-us-gov-east-1",
-				}: endpoint{
-					Hostname: "sns.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-gov-west-1",
-				}: endpoint{
-					Hostname: "sns.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "sns.us-gov-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{
-					Protocols: []string{"https"},
-				},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname:  "sns.us-gov-west-1.amazonaws.com",
-					Protocols: []string{"https"},
-				},
-			},
-		},
-		"sqs": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{},
-				defaultKey{
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "sqs.{region}.{dnsSuffix}",
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{
-					Hostname: "sqs.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{
-					Hostname:      "sqs.us-gov-west-1.amazonaws.com",
-					SSLCommonName: "{region}.queue.{dnsSuffix}",
-					Protocols:     []string{"http", "https"},
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-				},
-			},
-		},
-		"ssm": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{},
-				defaultKey{
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "ssm.{region}.{dnsSuffix}",
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "fips-us-gov-east-1",
-				}: endpoint{
-					Hostname: "ssm.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-gov-west-1",
-				}: endpoint{
-					Hostname: "ssm.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "ssm.us-gov-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "ssm.us-gov-west-1.amazonaws.com",
-				},
-			},
-		},
-		"sso": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{
-					Hostname: "sso.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{
-					Hostname: "sso.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-				},
-			},
-		},
-		"states": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "fips-us-gov-east-1",
-				}: endpoint{
-					Hostname: "states-fips.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-gov-west-1",
-				}: endpoint{
-					Hostname: "states.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "states-fips.us-gov-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "states.us-gov-west-1.amazonaws.com",
-				},
-			},
-		},
-		"storagegateway": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "fips",
-				}: endpoint{
-					Hostname: "storagegateway-fips.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "storagegateway-fips.us-gov-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-gov-east-1-fips",
-				}: endpoint{
-					Hostname: "storagegateway-fips.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "storagegateway-fips.us-gov-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-gov-west-1-fips",
-				}: endpoint{
-					Hostname: "storagegateway-fips.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-			},
-		},
-		"streams.dynamodb": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{
-					CredentialScope: credentialScope{
-						Service: "dynamodb",
-					},
-				},
-				defaultKey{
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "streams.dynamodb.{region}.{dnsSuffix}",
-					CredentialScope: credentialScope{
-						Service: "dynamodb",
-					},
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "streams.dynamodb.us-gov-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-gov-east-1-fips",
-				}: endpoint{
-					Hostname: "streams.dynamodb.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "streams.dynamodb.us-gov-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-gov-west-1-fips",
-				}: endpoint{
-					Hostname: "streams.dynamodb.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-			},
-		},
-		"sts": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{},
-				defaultKey{
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "sts.{region}.{dnsSuffix}",
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "sts.us-gov-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-gov-east-1-fips",
-				}: endpoint{
-					Hostname: "sts.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "sts.us-gov-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-gov-west-1-fips",
-				}: endpoint{
-					Hostname: "sts.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-			},
-		},
-		"support": service{
-			PartitionEndpoint: "aws-us-gov-global",
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "aws-us-gov-global",
-				}: endpoint{
-					Hostname: "support.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-				},
-				endpointKey{
-					Region: "fips-us-gov-west-1",
-				}: endpoint{
-					Hostname: "support.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "support.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-			},
-		},
-		"swf": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{
-					Hostname: "swf.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-				},
-				endpointKey{
-					Region:  "us-gov-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "swf.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-				},
-				endpointKey{
-					Region: "us-gov-east-1-fips",
-				}: endpoint{
-					Hostname: "swf.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{
-					Hostname: "swf.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-				},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "swf.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-				},
-				endpointKey{
-					Region: "us-gov-west-1-fips",
-				}: endpoint{
-					Hostname: "swf.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-			},
-		},
-		"synthetics": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "fips-us-gov-east-1",
-				}: endpoint{
-					Hostname: "synthetics-fips.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-gov-west-1",
-				}: endpoint{
-					Hostname: "synthetics-fips.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "synthetics-fips.us-gov-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "synthetics-fips.us-gov-west-1.amazonaws.com",
-				},
-			},
-		},
-		"tagging": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{},
-			},
-		},
-		"textract": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "fips-us-gov-east-1",
-				}: endpoint{
-					Hostname: "textract-fips.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-gov-west-1",
-				}: endpoint{
-					Hostname: "textract-fips.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "textract-fips.us-gov-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "textract-fips.us-gov-west-1.amazonaws.com",
-				},
-			},
-		},
-		"transcribe": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{
-					Protocols: []string{"https"},
-				},
-				defaultKey{
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname:  "fips.transcribe.{region}.{dnsSuffix}",
-					Protocols: []string{"https"},
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "fips-us-gov-east-1",
-				}: endpoint{
-					Hostname: "fips.transcribe.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-gov-west-1",
-				}: endpoint{
-					Hostname: "fips.transcribe.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "fips.transcribe.us-gov-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "fips.transcribe.us-gov-west-1.amazonaws.com",
-				},
-			},
-		},
-		"transcribestreaming": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{},
-			},
-		},
-		"transfer": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "fips-us-gov-east-1",
-				}: endpoint{
-					Hostname: "transfer-fips.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-gov-west-1",
-				}: endpoint{
-					Hostname: "transfer-fips.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "transfer-fips.us-gov-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "transfer-fips.us-gov-west-1.amazonaws.com",
-				},
-			},
-		},
-		"translate": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{
-					Protocols: []string{"https"},
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "translate-fips.us-gov-west-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-gov-west-1-fips",
-				}: endpoint{
-					Hostname: "translate-fips.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-			},
-		},
-		"waf-regional": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "fips-us-gov-east-1",
-				}: endpoint{
-					Hostname: "waf-regional-fips.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-gov-west-1",
-				}: endpoint{
-					Hostname: "waf-regional-fips.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{
-					Hostname: "waf-regional.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-				},
-				endpointKey{
-					Region:  "us-gov-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "waf-regional-fips.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{
-					Hostname: "waf-regional.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-				},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "waf-regional-fips.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-				},
-			},
-		},
-		"wafv2": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "fips-us-gov-east-1",
-				}: endpoint{
-					Hostname: "wafv2-fips.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-gov-west-1",
-				}: endpoint{
-					Hostname: "wafv2-fips.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{
-					Hostname: "wafv2.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-				},
-				endpointKey{
-					Region:  "us-gov-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "wafv2-fips.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{
-					Hostname: "wafv2.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-				},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "wafv2-fips.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-				},
-			},
-		},
-		"wellarchitected": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{},
-			},
-		},
-		"workspaces": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "fips-us-gov-east-1",
-				}: endpoint{
-					Hostname: "workspaces-fips.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-gov-west-1",
-				}: endpoint{
-					Hostname: "workspaces-fips.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "workspaces-fips.us-gov-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "workspaces-fips.us-gov-west-1.amazonaws.com",
-				},
-			},
-		},
-		"xray": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "fips-us-gov-east-1",
-				}: endpoint{
-					Hostname: "xray-fips.us-gov-east-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-gov-west-1",
-				}: endpoint{
-					Hostname: "xray-fips.us-gov-west-1.amazonaws.com",
-					CredentialScope: credentialScope{
-						Region: "us-gov-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-gov-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "xray-fips.us-gov-east-1.amazonaws.com",
-				},
-				endpointKey{
-					Region: "us-gov-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-gov-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "xray-fips.us-gov-west-1.amazonaws.com",
-				},
-			},
-		},
-	},
-}
-
-// AwsIsoPartition returns the Resolver for AWS ISO (US).
-func AwsIsoPartition() Partition {
-	return awsisoPartition.Partition()
-}
-
-var awsisoPartition = partition{
-	ID:        "aws-iso",
-	Name:      "AWS ISO (US)",
-	DNSSuffix: "c2s.ic.gov",
-	RegionRegex: regionRegex{
-		Regexp: func() *regexp.Regexp {
-			reg, _ := regexp.Compile("^us\\-iso\\-\\w+\\-\\d+$")
-			return reg
-		}(),
-	},
-	Defaults: endpointDefaults{
-		defaultKey{}: endpoint{
-			Hostname:          "{service}.{region}.{dnsSuffix}",
-			Protocols:         []string{"https"},
-			SignatureVersions: []string{"v4"},
-		},
-		defaultKey{
-			Variant: fipsVariant,
-		}: endpoint{
-			Hostname:          "{service}-fips.{region}.{dnsSuffix}",
-			DNSSuffix:         "c2s.ic.gov",
-			Protocols:         []string{"https"},
-			SignatureVersions: []string{"v4"},
-		},
-	},
-	Regions: regions{
-		"us-iso-east-1": region{
-			Description: "US ISO East",
-		},
-		"us-iso-west-1": region{
-			Description: "US ISO WEST",
-		},
-	},
-	Services: services{
-		"api.ecr": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-iso-east-1",
-				}: endpoint{
-					Hostname: "api.ecr.us-iso-east-1.c2s.ic.gov",
-					CredentialScope: credentialScope{
-						Region: "us-iso-east-1",
-					},
-				},
-				endpointKey{
-					Region: "us-iso-west-1",
-				}: endpoint{
-					Hostname: "api.ecr.us-iso-west-1.c2s.ic.gov",
-					CredentialScope: credentialScope{
-						Region: "us-iso-west-1",
-					},
-				},
-			},
-		},
-		"api.sagemaker": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-iso-east-1",
-				}: endpoint{},
-			},
-		},
-		"apigateway": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-iso-east-1",
-				}: endpoint{},
-			},
-		},
-		"appconfig": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-iso-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-iso-west-1",
-				}: endpoint{},
-			},
-		},
-		"appconfigdata": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-iso-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-iso-west-1",
-				}: endpoint{},
-			},
-		},
-		"application-autoscaling": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{
-					Protocols: []string{"http", "https"},
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-iso-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-iso-west-1",
-				}: endpoint{},
-			},
-		},
-		"athena": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-iso-east-1",
-				}: endpoint{},
-			},
-		},
-		"autoscaling": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-iso-east-1",
-				}: endpoint{
-					Protocols: []string{"http", "https"},
-				},
-				endpointKey{
-					Region: "us-iso-west-1",
-				}: endpoint{},
-			},
-		},
-		"cloudcontrolapi": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-iso-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-iso-west-1",
-				}: endpoint{},
-			},
-		},
-		"cloudformation": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-iso-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-iso-west-1",
-				}: endpoint{},
-			},
-		},
-		"cloudtrail": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-iso-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-iso-west-1",
-				}: endpoint{},
-			},
-		},
-		"codedeploy": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-iso-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-iso-west-1",
-				}: endpoint{},
-			},
-		},
-		"comprehend": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{
-					Protocols: []string{"https"},
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-iso-east-1",
-				}: endpoint{},
-			},
-		},
-		"config": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-iso-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-iso-west-1",
-				}: endpoint{},
-			},
-		},
-		"datapipeline": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-iso-east-1",
-				}: endpoint{},
-			},
-		},
-		"directconnect": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-iso-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-iso-west-1",
-				}: endpoint{},
-			},
-		},
-		"dlm": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-iso-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-iso-west-1",
-				}: endpoint{},
-			},
-		},
-		"dms": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{},
-				defaultKey{
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "dms.{region}.{dnsSuffix}",
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "dms",
-				}: endpoint{
-					CredentialScope: credentialScope{
-						Region: "us-iso-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region:  "dms",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "dms.us-iso-east-1.c2s.ic.gov",
-					CredentialScope: credentialScope{
-						Region: "us-iso-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "dms-fips",
-				}: endpoint{
-					Hostname: "dms.us-iso-east-1.c2s.ic.gov",
-					CredentialScope: credentialScope{
-						Region: "us-iso-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-iso-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-iso-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "dms.us-iso-east-1.c2s.ic.gov",
-				},
-				endpointKey{
-					Region: "us-iso-east-1-fips",
-				}: endpoint{
-					Hostname: "dms.us-iso-east-1.c2s.ic.gov",
-					CredentialScope: credentialScope{
-						Region: "us-iso-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-iso-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-iso-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "dms.us-iso-west-1.c2s.ic.gov",
-				},
-				endpointKey{
-					Region: "us-iso-west-1-fips",
-				}: endpoint{
-					Hostname: "dms.us-iso-west-1.c2s.ic.gov",
-					CredentialScope: credentialScope{
-						Region: "us-iso-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-			},
-		},
-		"ds": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-iso-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-iso-west-1",
-				}: endpoint{},
-			},
-		},
-		"dynamodb": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-iso-east-1",
-				}: endpoint{
-					Protocols: []string{"http", "https"},
-				},
-				endpointKey{
-					Region: "us-iso-west-1",
-				}: endpoint{},
-			},
-		},
-		"ebs": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-iso-east-1",
-				}: endpoint{},
-			},
-		},
-		"ec2": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-iso-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-iso-west-1",
-				}: endpoint{},
-			},
-		},
-		"ecs": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-iso-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-iso-west-1",
-				}: endpoint{},
-			},
-		},
-		"eks": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{
-					Protocols: []string{"http", "https"},
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-iso-east-1",
-				}: endpoint{},
-			},
-		},
-		"elasticache": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-iso-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-iso-west-1",
-				}: endpoint{},
-			},
-		},
-		"elasticfilesystem": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "fips-us-iso-east-1",
-				}: endpoint{
-					Hostname: "elasticfilesystem-fips.us-iso-east-1.c2s.ic.gov",
-					CredentialScope: credentialScope{
-						Region: "us-iso-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "fips-us-iso-west-1",
-				}: endpoint{
-					Hostname: "elasticfilesystem-fips.us-iso-west-1.c2s.ic.gov",
-					CredentialScope: credentialScope{
-						Region: "us-iso-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-iso-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-iso-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "elasticfilesystem-fips.us-iso-east-1.c2s.ic.gov",
-				},
-				endpointKey{
-					Region: "us-iso-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-iso-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "elasticfilesystem-fips.us-iso-west-1.c2s.ic.gov",
-				},
-			},
-		},
-		"elasticloadbalancing": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-iso-east-1",
-				}: endpoint{
-					Protocols: []string{"http", "https"},
-				},
-				endpointKey{
-					Region: "us-iso-west-1",
-				}: endpoint{},
-			},
-		},
-		"elasticmapreduce": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-iso-east-1",
-				}: endpoint{
-					Protocols: []string{"https"},
-				},
-				endpointKey{
-					Region: "us-iso-west-1",
-				}: endpoint{},
-			},
-		},
-		"es": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-iso-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-iso-west-1",
-				}: endpoint{},
-			},
-		},
-		"events": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-iso-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-iso-west-1",
-				}: endpoint{},
-			},
-		},
-		"firehose": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-iso-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-iso-west-1",
-				}: endpoint{},
-			},
-		},
-		"glacier": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-iso-east-1",
-				}: endpoint{
-					Protocols: []string{"http", "https"},
-				},
-				endpointKey{
-					Region: "us-iso-west-1",
-				}: endpoint{},
-			},
-		},
-		"glue": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-iso-east-1",
-				}: endpoint{},
-			},
-		},
-		"health": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-iso-east-1",
-				}: endpoint{},
-			},
-		},
-		"iam": service{
-			PartitionEndpoint: "aws-iso-global",
-			IsRegionalized:    boxedFalse,
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "aws-iso-global",
-				}: endpoint{
-					Hostname: "iam.us-iso-east-1.c2s.ic.gov",
-					CredentialScope: credentialScope{
-						Region: "us-iso-east-1",
-					},
-				},
-			},
-		},
-		"kinesis": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-iso-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-iso-west-1",
-				}: endpoint{},
-			},
-		},
-		"kms": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ProdFips",
-				}: endpoint{
-					Hostname: "kms-fips.us-iso-east-1.c2s.ic.gov",
-					CredentialScope: credentialScope{
-						Region: "us-iso-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-iso-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-iso-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "kms-fips.us-iso-east-1.c2s.ic.gov",
-				},
-				endpointKey{
-					Region: "us-iso-east-1-fips",
-				}: endpoint{
-					Hostname: "kms-fips.us-iso-east-1.c2s.ic.gov",
-					CredentialScope: credentialScope{
-						Region: "us-iso-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-iso-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-iso-west-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "kms-fips.us-iso-west-1.c2s.ic.gov",
-				},
-				endpointKey{
-					Region: "us-iso-west-1-fips",
-				}: endpoint{
-					Hostname: "kms-fips.us-iso-west-1.c2s.ic.gov",
-					CredentialScope: credentialScope{
-						Region: "us-iso-west-1",
-					},
-					Deprecated: boxedTrue,
-				},
-			},
-		},
-		"lambda": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-iso-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-iso-west-1",
-				}: endpoint{},
-			},
-		},
-		"license-manager": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-iso-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-iso-west-1",
-				}: endpoint{},
-			},
-		},
-		"logs": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-iso-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-iso-west-1",
-				}: endpoint{},
-			},
-		},
-		"medialive": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-iso-east-1",
-				}: endpoint{},
-			},
-		},
-		"mediapackage": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-iso-east-1",
-				}: endpoint{},
-			},
-		},
-		"metrics.sagemaker": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-iso-east-1",
-				}: endpoint{},
-			},
-		},
-		"monitoring": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-iso-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-iso-west-1",
-				}: endpoint{},
-			},
-		},
-		"outposts": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-iso-east-1",
-				}: endpoint{},
-			},
-		},
-		"ram": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-iso-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-iso-west-1",
-				}: endpoint{},
-			},
-		},
-		"rbin": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "fips-us-iso-east-1",
-				}: endpoint{
-					Hostname: "rbin-fips.us-iso-east-1.c2s.ic.gov",
-					CredentialScope: credentialScope{
-						Region: "us-iso-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-iso-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-iso-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "rbin-fips.us-iso-east-1.c2s.ic.gov",
-				},
-			},
-		},
-		"rds": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-iso-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-iso-west-1",
-				}: endpoint{},
-			},
-		},
-		"redshift": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-iso-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-iso-west-1",
-				}: endpoint{},
-			},
-		},
-		"route53": service{
-			PartitionEndpoint: "aws-iso-global",
-			IsRegionalized:    boxedFalse,
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "aws-iso-global",
-				}: endpoint{
-					Hostname: "route53.c2s.ic.gov",
-					CredentialScope: credentialScope{
-						Region: "us-iso-east-1",
-					},
-				},
-			},
-		},
-		"route53resolver": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-iso-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-iso-west-1",
-				}: endpoint{},
-			},
-		},
-		"runtime.sagemaker": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-iso-east-1",
-				}: endpoint{},
-			},
-		},
-		"s3": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{
-					SignatureVersions: []string{"s3v4"},
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-iso-east-1",
-				}: endpoint{
-					Protocols:         []string{"http", "https"},
-					SignatureVersions: []string{"s3v4"},
-				},
-				endpointKey{
-					Region: "us-iso-west-1",
-				}: endpoint{},
-			},
-		},
-		"secretsmanager": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-iso-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-iso-west-1",
-				}: endpoint{},
-			},
-		},
-		"snowball": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-iso-east-1",
-				}: endpoint{},
-			},
-		},
-		"sns": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-iso-east-1",
-				}: endpoint{
-					Protocols: []string{"http", "https"},
-				},
-				endpointKey{
-					Region: "us-iso-west-1",
-				}: endpoint{},
-			},
-		},
-		"sqs": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-iso-east-1",
-				}: endpoint{
-					Protocols: []string{"http", "https"},
-				},
-				endpointKey{
-					Region: "us-iso-west-1",
-				}: endpoint{},
-			},
-		},
-		"ssm": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-iso-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-iso-west-1",
-				}: endpoint{},
-			},
-		},
-		"states": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-iso-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-iso-west-1",
-				}: endpoint{},
-			},
-		},
-		"streams.dynamodb": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{
-					CredentialScope: credentialScope{
-						Service: "dynamodb",
-					},
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-iso-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-iso-west-1",
-				}: endpoint{},
-			},
-		},
-		"sts": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-iso-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-iso-west-1",
-				}: endpoint{},
-			},
-		},
-		"support": service{
-			PartitionEndpoint: "aws-iso-global",
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "aws-iso-global",
-				}: endpoint{
-					Hostname: "support.us-iso-east-1.c2s.ic.gov",
-					CredentialScope: credentialScope{
-						Region: "us-iso-east-1",
-					},
-				},
-			},
-		},
-		"swf": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-iso-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-iso-west-1",
-				}: endpoint{},
-			},
-		},
-		"synthetics": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-iso-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-iso-west-1",
-				}: endpoint{},
-			},
-		},
-		"tagging": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-iso-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-iso-west-1",
-				}: endpoint{},
-			},
-		},
-		"transcribe": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{
-					Protocols: []string{"https"},
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-iso-east-1",
-				}: endpoint{},
-			},
-		},
-		"transcribestreaming": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-iso-east-1",
-				}: endpoint{},
-			},
-		},
-		"translate": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{
-					Protocols: []string{"https"},
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-iso-east-1",
-				}: endpoint{},
-			},
-		},
-		"workspaces": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-iso-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-iso-west-1",
-				}: endpoint{},
-			},
-		},
-	},
-}
-
-// AwsIsoBPartition returns the Resolver for AWS ISOB (US).
-func AwsIsoBPartition() Partition {
-	return awsisobPartition.Partition()
-}
-
-var awsisobPartition = partition{
-	ID:        "aws-iso-b",
-	Name:      "AWS ISOB (US)",
-	DNSSuffix: "sc2s.sgov.gov",
-	RegionRegex: regionRegex{
-		Regexp: func() *regexp.Regexp {
-			reg, _ := regexp.Compile("^us\\-isob\\-\\w+\\-\\d+$")
-			return reg
-		}(),
-	},
-	Defaults: endpointDefaults{
-		defaultKey{}: endpoint{
-			Hostname:          "{service}.{region}.{dnsSuffix}",
-			Protocols:         []string{"https"},
-			SignatureVersions: []string{"v4"},
-		},
-		defaultKey{
-			Variant: fipsVariant,
-		}: endpoint{
-			Hostname:          "{service}-fips.{region}.{dnsSuffix}",
-			DNSSuffix:         "sc2s.sgov.gov",
-			Protocols:         []string{"https"},
-			SignatureVersions: []string{"v4"},
-		},
-	},
-	Regions: regions{
-		"us-isob-east-1": region{
-			Description: "US ISOB East (Ohio)",
-		},
-	},
-	Services: services{
-		"api.ecr": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-isob-east-1",
-				}: endpoint{
-					Hostname: "api.ecr.us-isob-east-1.sc2s.sgov.gov",
-					CredentialScope: credentialScope{
-						Region: "us-isob-east-1",
-					},
-				},
-			},
-		},
-		"appconfig": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-isob-east-1",
-				}: endpoint{},
-			},
-		},
-		"appconfigdata": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-isob-east-1",
-				}: endpoint{},
-			},
-		},
-		"application-autoscaling": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{
-					Protocols: []string{"http", "https"},
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-isob-east-1",
-				}: endpoint{},
-			},
-		},
-		"autoscaling": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{
-					Protocols: []string{"http", "https"},
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-isob-east-1",
-				}: endpoint{},
-			},
-		},
-		"cloudformation": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-isob-east-1",
-				}: endpoint{},
-			},
-		},
-		"cloudtrail": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-isob-east-1",
-				}: endpoint{},
-			},
-		},
-		"codedeploy": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-isob-east-1",
-				}: endpoint{},
-			},
-		},
-		"config": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-isob-east-1",
-				}: endpoint{},
-			},
-		},
-		"directconnect": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-isob-east-1",
-				}: endpoint{},
-			},
-		},
-		"dlm": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-isob-east-1",
-				}: endpoint{},
-			},
-		},
-		"dms": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{},
-				defaultKey{
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "dms.{region}.{dnsSuffix}",
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "dms",
-				}: endpoint{
-					CredentialScope: credentialScope{
-						Region: "us-isob-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region:  "dms",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "dms.us-isob-east-1.sc2s.sgov.gov",
-					CredentialScope: credentialScope{
-						Region: "us-isob-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "dms-fips",
-				}: endpoint{
-					Hostname: "dms.us-isob-east-1.sc2s.sgov.gov",
-					CredentialScope: credentialScope{
-						Region: "us-isob-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-isob-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-isob-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "dms.us-isob-east-1.sc2s.sgov.gov",
-				},
-				endpointKey{
-					Region: "us-isob-east-1-fips",
-				}: endpoint{
-					Hostname: "dms.us-isob-east-1.sc2s.sgov.gov",
-					CredentialScope: credentialScope{
-						Region: "us-isob-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-			},
-		},
-		"ds": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-isob-east-1",
-				}: endpoint{},
-			},
-		},
-		"dynamodb": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{
-					Protocols: []string{"http", "https"},
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-isob-east-1",
-				}: endpoint{},
-			},
-		},
-		"ebs": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-isob-east-1",
-				}: endpoint{},
-			},
-		},
-		"ec2": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{
-					Protocols: []string{"http", "https"},
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-isob-east-1",
-				}: endpoint{},
-			},
-		},
-		"ecs": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-isob-east-1",
-				}: endpoint{},
-			},
-		},
-		"eks": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{
-					Protocols: []string{"http", "https"},
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-isob-east-1",
-				}: endpoint{},
-			},
-		},
-		"elasticache": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-isob-east-1",
-				}: endpoint{},
-			},
-		},
-		"elasticfilesystem": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "fips-us-isob-east-1",
-				}: endpoint{
-					Hostname: "elasticfilesystem-fips.us-isob-east-1.sc2s.sgov.gov",
-					CredentialScope: credentialScope{
-						Region: "us-isob-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-isob-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-isob-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "elasticfilesystem-fips.us-isob-east-1.sc2s.sgov.gov",
-				},
-			},
-		},
-		"elasticloadbalancing": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-isob-east-1",
-				}: endpoint{
-					Protocols: []string{"https"},
-				},
-			},
-		},
-		"elasticmapreduce": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-isob-east-1",
-				}: endpoint{},
-			},
-		},
-		"es": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-isob-east-1",
-				}: endpoint{},
-			},
-		},
-		"events": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-isob-east-1",
-				}: endpoint{},
-			},
-		},
-		"glacier": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-isob-east-1",
-				}: endpoint{},
-			},
-		},
-		"health": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-isob-east-1",
-				}: endpoint{},
-			},
-		},
-		"iam": service{
-			PartitionEndpoint: "aws-iso-b-global",
-			IsRegionalized:    boxedFalse,
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "aws-iso-b-global",
-				}: endpoint{
-					Hostname: "iam.us-isob-east-1.sc2s.sgov.gov",
-					CredentialScope: credentialScope{
-						Region: "us-isob-east-1",
-					},
-				},
-			},
-		},
-		"kinesis": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-isob-east-1",
-				}: endpoint{},
-			},
-		},
-		"kms": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ProdFips",
-				}: endpoint{
-					Hostname: "kms-fips.us-isob-east-1.sc2s.sgov.gov",
-					CredentialScope: credentialScope{
-						Region: "us-isob-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-isob-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-isob-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "kms-fips.us-isob-east-1.sc2s.sgov.gov",
-				},
-				endpointKey{
-					Region: "us-isob-east-1-fips",
-				}: endpoint{
-					Hostname: "kms-fips.us-isob-east-1.sc2s.sgov.gov",
-					CredentialScope: credentialScope{
-						Region: "us-isob-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-			},
-		},
-		"lambda": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-isob-east-1",
-				}: endpoint{},
-			},
-		},
-		"license-manager": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-isob-east-1",
-				}: endpoint{},
-			},
-		},
-		"logs": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-isob-east-1",
-				}: endpoint{},
-			},
-		},
-		"metering.marketplace": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{
-					CredentialScope: credentialScope{
-						Service: "aws-marketplace",
-					},
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-isob-east-1",
-				}: endpoint{},
-			},
-		},
-		"metrics.sagemaker": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-isob-east-1",
-				}: endpoint{},
-			},
-		},
-		"monitoring": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-isob-east-1",
-				}: endpoint{},
-			},
-		},
-		"ram": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-isob-east-1",
-				}: endpoint{},
-			},
-		},
-		"rbin": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "fips-us-isob-east-1",
-				}: endpoint{
-					Hostname: "rbin-fips.us-isob-east-1.sc2s.sgov.gov",
-					CredentialScope: credentialScope{
-						Region: "us-isob-east-1",
-					},
-					Deprecated: boxedTrue,
-				},
-				endpointKey{
-					Region: "us-isob-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region:  "us-isob-east-1",
-					Variant: fipsVariant,
-				}: endpoint{
-					Hostname: "rbin-fips.us-isob-east-1.sc2s.sgov.gov",
-				},
-			},
-		},
-		"rds": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-isob-east-1",
-				}: endpoint{},
-			},
-		},
-		"redshift": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-isob-east-1",
-				}: endpoint{},
-			},
-		},
-		"resource-groups": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-isob-east-1",
-				}: endpoint{},
-			},
-		},
-		"route53": service{
-			PartitionEndpoint: "aws-iso-b-global",
-			IsRegionalized:    boxedFalse,
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "aws-iso-b-global",
-				}: endpoint{
-					Hostname: "route53.sc2s.sgov.gov",
-					CredentialScope: credentialScope{
-						Region: "us-isob-east-1",
-					},
-				},
-			},
-		},
-		"route53resolver": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-isob-east-1",
-				}: endpoint{},
-			},
-		},
-		"s3": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{
-					Protocols:         []string{"http", "https"},
-					SignatureVersions: []string{"s3v4"},
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-isob-east-1",
-				}: endpoint{},
-			},
-		},
-		"secretsmanager": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-isob-east-1",
-				}: endpoint{},
-			},
-		},
-		"snowball": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-isob-east-1",
-				}: endpoint{},
-			},
-		},
-		"sns": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{
-					Protocols: []string{"http", "https"},
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-isob-east-1",
-				}: endpoint{},
-			},
-		},
-		"sqs": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{
-					SSLCommonName: "{region}.queue.{dnsSuffix}",
-					Protocols:     []string{"http", "https"},
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-isob-east-1",
-				}: endpoint{},
-			},
-		},
-		"ssm": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-isob-east-1",
-				}: endpoint{},
-			},
-		},
-		"states": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-isob-east-1",
-				}: endpoint{},
-			},
-		},
-		"streams.dynamodb": service{
-			Defaults: endpointDefaults{
-				defaultKey{}: endpoint{
-					Protocols: []string{"http", "https"},
-					CredentialScope: credentialScope{
-						Service: "dynamodb",
-					},
-				},
-			},
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-isob-east-1",
-				}: endpoint{},
-			},
-		},
-		"sts": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-isob-east-1",
-				}: endpoint{},
-			},
-		},
-		"support": service{
-			PartitionEndpoint: "aws-iso-b-global",
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "aws-iso-b-global",
-				}: endpoint{
-					Hostname: "support.us-isob-east-1.sc2s.sgov.gov",
-					CredentialScope: credentialScope{
-						Region: "us-isob-east-1",
-					},
-				},
-			},
-		},
-		"swf": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-isob-east-1",
-				}: endpoint{},
-			},
-		},
-		"synthetics": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-isob-east-1",
-				}: endpoint{},
-			},
-		},
-		"tagging": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-isob-east-1",
-				}: endpoint{},
-			},
-		},
-		"workspaces": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "us-isob-east-1",
-				}: endpoint{},
-			},
-		},
-	},
-}
-
-// AwsIsoEPartition returns the Resolver for AWS ISOE (Europe).
-func AwsIsoEPartition() Partition {
-	return awsisoePartition.Partition()
-}
-
-var awsisoePartition = partition{
-	ID:        "aws-iso-e",
-	Name:      "AWS ISOE (Europe)",
-	DNSSuffix: "cloud.adc-e.uk",
-	RegionRegex: regionRegex{
-		Regexp: func() *regexp.Regexp {
-			reg, _ := regexp.Compile("^eu\\-isoe\\-\\w+\\-\\d+$")
-			return reg
-		}(),
-	},
-	Defaults: endpointDefaults{
-		defaultKey{}: endpoint{
-			Hostname:          "{service}.{region}.{dnsSuffix}",
-			Protocols:         []string{"https"},
-			SignatureVersions: []string{"v4"},
-		},
-		defaultKey{
-			Variant: fipsVariant,
-		}: endpoint{
-			Hostname:          "{service}-fips.{region}.{dnsSuffix}",
-			DNSSuffix:         "cloud.adc-e.uk",
-			Protocols:         []string{"https"},
-			SignatureVersions: []string{"v4"},
-		},
-	},
-	Regions:  regions{},
-	Services: services{},
-}
-
-// AwsIsoFPartition returns the Resolver for AWS ISOF.
-func AwsIsoFPartition() Partition {
-	return awsisofPartition.Partition()
-}
-
-var awsisofPartition = partition{
-	ID:        "aws-iso-f",
-	Name:      "AWS ISOF",
-	DNSSuffix: "csp.hci.ic.gov",
-	RegionRegex: regionRegex{
-		Regexp: func() *regexp.Regexp {
-			reg, _ := regexp.Compile("^us\\-isof\\-\\w+\\-\\d+$")
-			return reg
-		}(),
-	},
-	Defaults: endpointDefaults{
-		defaultKey{}: endpoint{
-			Hostname:          "{service}.{region}.{dnsSuffix}",
-			Protocols:         []string{"https"},
-			SignatureVersions: []string{"v4"},
-		},
-		defaultKey{
-			Variant: fipsVariant,
-		}: endpoint{
-			Hostname:          "{service}-fips.{region}.{dnsSuffix}",
-			DNSSuffix:         "csp.hci.ic.gov",
-			Protocols:         []string{"https"},
-			SignatureVersions: []string{"v4"},
-		},
-	},
-	Regions:  regions{},
-	Services: services{},
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/dep_service_ids.go b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/dep_service_ids.go
deleted file mode 100644
index ca8fc828e..000000000
--- a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/dep_service_ids.go
+++ /dev/null
@@ -1,141 +0,0 @@
-package endpoints
-
-// Service identifiers
-//
-// Deprecated: Use client package's EndpointsID value instead of these
-// ServiceIDs. These IDs are not maintained, and are out of date.
-const (
-	A4bServiceID                          = "a4b"                          // A4b.
-	AcmServiceID                          = "acm"                          // Acm.
-	AcmPcaServiceID                       = "acm-pca"                      // AcmPca.
-	ApiMediatailorServiceID               = "api.mediatailor"              // ApiMediatailor.
-	ApiPricingServiceID                   = "api.pricing"                  // ApiPricing.
-	ApiSagemakerServiceID                 = "api.sagemaker"                // ApiSagemaker.
-	ApigatewayServiceID                   = "apigateway"                   // Apigateway.
-	ApplicationAutoscalingServiceID       = "application-autoscaling"      // ApplicationAutoscaling.
-	Appstream2ServiceID                   = "appstream2"                   // Appstream2.
-	AppsyncServiceID                      = "appsync"                      // Appsync.
-	AthenaServiceID                       = "athena"                       // Athena.
-	AutoscalingServiceID                  = "autoscaling"                  // Autoscaling.
-	AutoscalingPlansServiceID             = "autoscaling-plans"            // AutoscalingPlans.
-	BatchServiceID                        = "batch"                        // Batch.
-	BudgetsServiceID                      = "budgets"                      // Budgets.
-	CeServiceID                           = "ce"                           // Ce.
-	ChimeServiceID                        = "chime"                        // Chime.
-	Cloud9ServiceID                       = "cloud9"                       // Cloud9.
-	ClouddirectoryServiceID               = "clouddirectory"               // Clouddirectory.
-	CloudformationServiceID               = "cloudformation"               // Cloudformation.
-	CloudfrontServiceID                   = "cloudfront"                   // Cloudfront.
-	CloudhsmServiceID                     = "cloudhsm"                     // Cloudhsm.
-	Cloudhsmv2ServiceID                   = "cloudhsmv2"                   // Cloudhsmv2.
-	CloudsearchServiceID                  = "cloudsearch"                  // Cloudsearch.
-	CloudtrailServiceID                   = "cloudtrail"                   // Cloudtrail.
-	CodebuildServiceID                    = "codebuild"                    // Codebuild.
-	CodecommitServiceID                   = "codecommit"                   // Codecommit.
-	CodedeployServiceID                   = "codedeploy"                   // Codedeploy.
-	CodepipelineServiceID                 = "codepipeline"                 // Codepipeline.
-	CodestarServiceID                     = "codestar"                     // Codestar.
-	CognitoIdentityServiceID              = "cognito-identity"             // CognitoIdentity.
-	CognitoIdpServiceID                   = "cognito-idp"                  // CognitoIdp.
-	CognitoSyncServiceID                  = "cognito-sync"                 // CognitoSync.
-	ComprehendServiceID                   = "comprehend"                   // Comprehend.
-	ConfigServiceID                       = "config"                       // Config.
-	CurServiceID                          = "cur"                          // Cur.
-	DatapipelineServiceID                 = "datapipeline"                 // Datapipeline.
-	DaxServiceID                          = "dax"                          // Dax.
-	DevicefarmServiceID                   = "devicefarm"                   // Devicefarm.
-	DirectconnectServiceID                = "directconnect"                // Directconnect.
-	DiscoveryServiceID                    = "discovery"                    // Discovery.
-	DmsServiceID                          = "dms"                          // Dms.
-	DsServiceID                           = "ds"                           // Ds.
-	DynamodbServiceID                     = "dynamodb"                     // Dynamodb.
-	Ec2ServiceID                          = "ec2"                          // Ec2.
-	Ec2metadataServiceID                  = "ec2metadata"                  // Ec2metadata.
-	EcrServiceID                          = "ecr"                          // Ecr.
-	EcsServiceID                          = "ecs"                          // Ecs.
-	ElasticacheServiceID                  = "elasticache"                  // Elasticache.
-	ElasticbeanstalkServiceID             = "elasticbeanstalk"             // Elasticbeanstalk.
-	ElasticfilesystemServiceID            = "elasticfilesystem"            // Elasticfilesystem.
-	ElasticloadbalancingServiceID         = "elasticloadbalancing"         // Elasticloadbalancing.
-	ElasticmapreduceServiceID             = "elasticmapreduce"             // Elasticmapreduce.
-	ElastictranscoderServiceID            = "elastictranscoder"            // Elastictranscoder.
-	EmailServiceID                        = "email"                        // Email.
-	EntitlementMarketplaceServiceID       = "entitlement.marketplace"      // EntitlementMarketplace.
-	EsServiceID                           = "es"                           // Es.
-	EventsServiceID                       = "events"                       // Events.
-	FirehoseServiceID                     = "firehose"                     // Firehose.
-	FmsServiceID                          = "fms"                          // Fms.
-	GameliftServiceID                     = "gamelift"                     // Gamelift.
-	GlacierServiceID                      = "glacier"                      // Glacier.
-	GlueServiceID                         = "glue"                         // Glue.
-	GreengrassServiceID                   = "greengrass"                   // Greengrass.
-	GuarddutyServiceID                    = "guardduty"                    // Guardduty.
-	HealthServiceID                       = "health"                       // Health.
-	IamServiceID                          = "iam"                          // Iam.
-	ImportexportServiceID                 = "importexport"                 // Importexport.
-	InspectorServiceID                    = "inspector"                    // Inspector.
-	IotServiceID                          = "iot"                          // Iot.
-	IotanalyticsServiceID                 = "iotanalytics"                 // Iotanalytics.
-	KinesisServiceID                      = "kinesis"                      // Kinesis.
-	KinesisanalyticsServiceID             = "kinesisanalytics"             // Kinesisanalytics.
-	KinesisvideoServiceID                 = "kinesisvideo"                 // Kinesisvideo.
-	KmsServiceID                          = "kms"                          // Kms.
-	LambdaServiceID                       = "lambda"                       // Lambda.
-	LightsailServiceID                    = "lightsail"                    // Lightsail.
-	LogsServiceID                         = "logs"                         // Logs.
-	MachinelearningServiceID              = "machinelearning"              // Machinelearning.
-	MarketplacecommerceanalyticsServiceID = "marketplacecommerceanalytics" // Marketplacecommerceanalytics.
-	MediaconvertServiceID                 = "mediaconvert"                 // Mediaconvert.
-	MedialiveServiceID                    = "medialive"                    // Medialive.
-	MediapackageServiceID                 = "mediapackage"                 // Mediapackage.
-	MediastoreServiceID                   = "mediastore"                   // Mediastore.
-	MeteringMarketplaceServiceID          = "metering.marketplace"         // MeteringMarketplace.
-	MghServiceID                          = "mgh"                          // Mgh.
-	MobileanalyticsServiceID              = "mobileanalytics"              // Mobileanalytics.
-	ModelsLexServiceID                    = "models.lex"                   // ModelsLex.
-	MonitoringServiceID                   = "monitoring"                   // Monitoring.
-	MturkRequesterServiceID               = "mturk-requester"              // MturkRequester.
-	NeptuneServiceID                      = "neptune"                      // Neptune.
-	OpsworksServiceID                     = "opsworks"                     // Opsworks.
-	OpsworksCmServiceID                   = "opsworks-cm"                  // OpsworksCm.
-	OrganizationsServiceID                = "organizations"                // Organizations.
-	PinpointServiceID                     = "pinpoint"                     // Pinpoint.
-	PollyServiceID                        = "polly"                        // Polly.
-	RdsServiceID                          = "rds"                          // Rds.
-	RedshiftServiceID                     = "redshift"                     // Redshift.
-	RekognitionServiceID                  = "rekognition"                  // Rekognition.
-	ResourceGroupsServiceID               = "resource-groups"              // ResourceGroups.
-	Route53ServiceID                      = "route53"                      // Route53.
-	Route53domainsServiceID               = "route53domains"               // Route53domains.
-	RuntimeLexServiceID                   = "runtime.lex"                  // RuntimeLex.
-	RuntimeSagemakerServiceID             = "runtime.sagemaker"            // RuntimeSagemaker.
-	S3ServiceID                           = "s3"                           // S3.
-	S3ControlServiceID                    = "s3-control"                   // S3Control.
-	SagemakerServiceID                    = "api.sagemaker"                // Sagemaker.
-	SdbServiceID                          = "sdb"                          // Sdb.
-	SecretsmanagerServiceID               = "secretsmanager"               // Secretsmanager.
-	ServerlessrepoServiceID               = "serverlessrepo"               // Serverlessrepo.
-	ServicecatalogServiceID               = "servicecatalog"               // Servicecatalog.
-	ServicediscoveryServiceID             = "servicediscovery"             // Servicediscovery.
-	ShieldServiceID                       = "shield"                       // Shield.
-	SmsServiceID                          = "sms"                          // Sms.
-	SnowballServiceID                     = "snowball"                     // Snowball.
-	SnsServiceID                          = "sns"                          // Sns.
-	SqsServiceID                          = "sqs"                          // Sqs.
-	SsmServiceID                          = "ssm"                          // Ssm.
-	StatesServiceID                       = "states"                       // States.
-	StoragegatewayServiceID               = "storagegateway"               // Storagegateway.
-	StreamsDynamodbServiceID              = "streams.dynamodb"             // StreamsDynamodb.
-	StsServiceID                          = "sts"                          // Sts.
-	SupportServiceID                      = "support"                      // Support.
-	SwfServiceID                          = "swf"                          // Swf.
-	TaggingServiceID                      = "tagging"                      // Tagging.
-	TransferServiceID                     = "transfer"                     // Transfer.
-	TranslateServiceID                    = "translate"                    // Translate.
-	WafServiceID                          = "waf"                          // Waf.
-	WafRegionalServiceID                  = "waf-regional"                 // WafRegional.
-	WorkdocsServiceID                     = "workdocs"                     // Workdocs.
-	WorkmailServiceID                     = "workmail"                     // Workmail.
-	WorkspacesServiceID                   = "workspaces"                   // Workspaces.
-	XrayServiceID                         = "xray"                         // Xray.
-)
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/doc.go b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/doc.go
deleted file mode 100644
index 66dec6beb..000000000
--- a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/doc.go
+++ /dev/null
@@ -1,65 +0,0 @@
-// Package endpoints provides the types and functionality for defining regions
-// and endpoints, as well as querying those definitions.
-//
-// The SDK's Regions and Endpoints metadata is code generated into the endpoints
-// package, and is accessible via the DefaultResolver function. This function
-// returns a endpoint Resolver will search the metadata and build an associated
-// endpoint if one is found. The default resolver will search all partitions
-// known by the SDK. e.g AWS Standard (aws), AWS China (aws-cn), and
-// AWS GovCloud (US) (aws-us-gov).
-// .
-//
-// # Enumerating Regions and Endpoint Metadata
-//
-// Casting the Resolver returned by DefaultResolver to a EnumPartitions interface
-// will allow you to get access to the list of underlying Partitions with the
-// Partitions method. This is helpful if you want to limit the SDK's endpoint
-// resolving to a single partition, or enumerate regions, services, and endpoints
-// in the partition.
-//
-//	resolver := endpoints.DefaultResolver()
-//	partitions := resolver.(endpoints.EnumPartitions).Partitions()
-//
-//	for _, p := range partitions {
-//	    fmt.Println("Regions for", p.ID())
-//	    for id, _ := range p.Regions() {
-//	        fmt.Println("*", id)
-//	    }
-//
-//	    fmt.Println("Services for", p.ID())
-//	    for id, _ := range p.Services() {
-//	        fmt.Println("*", id)
-//	    }
-//	}
-//
-// # Using Custom Endpoints
-//
-// The endpoints package also gives you the ability to use your own logic how
-// endpoints are resolved. This is a great way to define a custom endpoint
-// for select services, without passing that logic down through your code.
-//
-// If a type implements the Resolver interface it can be used to resolve
-// endpoints. To use this with the SDK's Session and Config set the value
-// of the type to the EndpointsResolver field of aws.Config when initializing
-// the session, or service client.
-//
-// In addition the ResolverFunc is a wrapper for a func matching the signature
-// of Resolver.EndpointFor, converting it to a type that satisfies the
-// Resolver interface.
-//
-//	myCustomResolver := func(service, region string, optFns ...func(*endpoints.Options)) (endpoints.ResolvedEndpoint, error) {
-//	    if service == endpoints.S3ServiceID {
-//	        return endpoints.ResolvedEndpoint{
-//	            URL:           "s3.custom.endpoint.com",
-//	            SigningRegion: "custom-signing-region",
-//	        }, nil
-//	    }
-//
-//	    return endpoints.DefaultResolver().EndpointFor(service, region, optFns...)
-//	}
-//
-//	sess := session.Must(session.NewSession(&aws.Config{
-//	    Region:           aws.String("us-west-2"),
-//	    EndpointResolver: endpoints.ResolverFunc(myCustomResolver),
-//	}))
-package endpoints
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/endpoints.go b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/endpoints.go
deleted file mode 100644
index a686a48fa..000000000
--- a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/endpoints.go
+++ /dev/null
@@ -1,708 +0,0 @@
-package endpoints
-
-import (
-	"fmt"
-	"regexp"
-	"strings"
-
-	"github.com/aws/aws-sdk-go/aws/awserr"
-)
-
-// A Logger is a minimalistic interface for the SDK to log messages to.
-type Logger interface {
-	Log(...interface{})
-}
-
-// DualStackEndpointState is a constant to describe the dual-stack endpoint resolution
-// behavior.
-type DualStackEndpointState uint
-
-const (
-	// DualStackEndpointStateUnset is the default value behavior for dual-stack endpoint
-	// resolution.
-	DualStackEndpointStateUnset DualStackEndpointState = iota
-
-	// DualStackEndpointStateEnabled enable dual-stack endpoint resolution for endpoints.
-	DualStackEndpointStateEnabled
-
-	// DualStackEndpointStateDisabled disables dual-stack endpoint resolution for endpoints.
-	DualStackEndpointStateDisabled
-)
-
-// FIPSEndpointState is a constant to describe the FIPS endpoint resolution behavior.
-type FIPSEndpointState uint
-
-const (
-	// FIPSEndpointStateUnset is the default value behavior for FIPS endpoint resolution.
-	FIPSEndpointStateUnset FIPSEndpointState = iota
-
-	// FIPSEndpointStateEnabled enables FIPS endpoint resolution for service endpoints.
-	FIPSEndpointStateEnabled
-
-	// FIPSEndpointStateDisabled disables FIPS endpoint resolution for endpoints.
-	FIPSEndpointStateDisabled
-)
-
-// Options provide the configuration needed to direct how the
-// endpoints will be resolved.
-type Options struct {
-	// DisableSSL forces the endpoint to be resolved as HTTP.
-	// instead of HTTPS if the service supports it.
-	DisableSSL bool
-
-	// Sets the resolver to resolve the endpoint as a dualstack endpoint
-	// for the service. If dualstack support for a service is not known and
-	// StrictMatching is not enabled a dualstack endpoint for the service will
-	// be returned. This endpoint may not be valid. If StrictMatching is
-	// enabled only services that are known to support dualstack will return
-	// dualstack endpoints.
-	//
-	// Deprecated: This option will continue to function for S3 and S3 Control for backwards compatibility.
-	// UseDualStackEndpoint should be used to enable usage of a service's dual-stack endpoint for all service clients
-	// moving forward. For S3 and S3 Control, when UseDualStackEndpoint is set to a non-zero value it takes higher
-	// precedence then this option.
-	UseDualStack bool
-
-	// Sets the resolver to resolve a dual-stack endpoint for the service.
-	UseDualStackEndpoint DualStackEndpointState
-
-	// UseFIPSEndpoint specifies the resolver must resolve a FIPS endpoint.
-	UseFIPSEndpoint FIPSEndpointState
-
-	// Enables strict matching of services and regions resolved endpoints.
-	// If the partition doesn't enumerate the exact service and region an
-	// error will be returned. This option will prevent returning endpoints
-	// that look valid, but may not resolve to any real endpoint.
-	StrictMatching bool
-
-	// Enables resolving a service endpoint based on the region provided if the
-	// service does not exist. The service endpoint ID will be used as the service
-	// domain name prefix. By default the endpoint resolver requires the service
-	// to be known when resolving endpoints.
-	//
-	// If resolving an endpoint on the partition list the provided region will
-	// be used to determine which partition's domain name pattern to the service
-	// endpoint ID with. If both the service and region are unknown and resolving
-	// the endpoint on partition list an UnknownEndpointError error will be returned.
-	//
-	// If resolving and endpoint on a partition specific resolver that partition's
-	// domain name pattern will be used with the service endpoint ID. If both
-	// region and service do not exist when resolving an endpoint on a specific
-	// partition the partition's domain pattern will be used to combine the
-	// endpoint and region together.
-	//
-	// This option is ignored if StrictMatching is enabled.
-	ResolveUnknownService bool
-
-	// Specifies the EC2 Instance Metadata Service default endpoint selection mode (IPv4 or IPv6)
-	EC2MetadataEndpointMode EC2IMDSEndpointModeState
-
-	// STS Regional Endpoint flag helps with resolving the STS endpoint
-	STSRegionalEndpoint STSRegionalEndpoint
-
-	// S3 Regional Endpoint flag helps with resolving the S3 endpoint
-	S3UsEast1RegionalEndpoint S3UsEast1RegionalEndpoint
-
-	// ResolvedRegion is the resolved region string. If provided (non-zero length) it takes priority
-	// over the region name passed to the ResolveEndpoint call.
-	ResolvedRegion string
-
-	// Logger is the logger that will be used to log messages.
-	Logger Logger
-
-	// Determines whether logging of deprecated endpoints usage is enabled.
-	LogDeprecated bool
-}
-
-func (o Options) getEndpointVariant(service string) (v endpointVariant) {
-	const s3 = "s3"
-	const s3Control = "s3-control"
-
-	if (o.UseDualStackEndpoint == DualStackEndpointStateEnabled) ||
-		((service == s3 || service == s3Control) && (o.UseDualStackEndpoint == DualStackEndpointStateUnset && o.UseDualStack)) {
-		v |= dualStackVariant
-	}
-	if o.UseFIPSEndpoint == FIPSEndpointStateEnabled {
-		v |= fipsVariant
-	}
-	return v
-}
-
-// EC2IMDSEndpointModeState is an enum configuration variable describing the client endpoint mode.
-type EC2IMDSEndpointModeState uint
-
-// Enumeration values for EC2IMDSEndpointModeState
-const (
-	EC2IMDSEndpointModeStateUnset EC2IMDSEndpointModeState = iota
-	EC2IMDSEndpointModeStateIPv4
-	EC2IMDSEndpointModeStateIPv6
-)
-
-// SetFromString sets the EC2IMDSEndpointModeState based on the provided string value. Unknown values will default to EC2IMDSEndpointModeStateUnset
-func (e *EC2IMDSEndpointModeState) SetFromString(v string) error {
-	v = strings.TrimSpace(v)
-
-	switch {
-	case len(v) == 0:
-		*e = EC2IMDSEndpointModeStateUnset
-	case strings.EqualFold(v, "IPv6"):
-		*e = EC2IMDSEndpointModeStateIPv6
-	case strings.EqualFold(v, "IPv4"):
-		*e = EC2IMDSEndpointModeStateIPv4
-	default:
-		return fmt.Errorf("unknown EC2 IMDS endpoint mode, must be either IPv6 or IPv4")
-	}
-	return nil
-}
-
-// STSRegionalEndpoint is an enum for the states of the STS Regional Endpoint
-// options.
-type STSRegionalEndpoint int
-
-func (e STSRegionalEndpoint) String() string {
-	switch e {
-	case LegacySTSEndpoint:
-		return "legacy"
-	case RegionalSTSEndpoint:
-		return "regional"
-	case UnsetSTSEndpoint:
-		return ""
-	default:
-		return "unknown"
-	}
-}
-
-const (
-
-	// UnsetSTSEndpoint represents that STS Regional Endpoint flag is not specified.
-	UnsetSTSEndpoint STSRegionalEndpoint = iota
-
-	// LegacySTSEndpoint represents when STS Regional Endpoint flag is specified
-	// to use legacy endpoints.
-	LegacySTSEndpoint
-
-	// RegionalSTSEndpoint represents when STS Regional Endpoint flag is specified
-	// to use regional endpoints.
-	RegionalSTSEndpoint
-)
-
-// GetSTSRegionalEndpoint function returns the STSRegionalEndpointFlag based
-// on the input string provided in env config or shared config by the user.
-//
-// `legacy`, `regional` are the only case-insensitive valid strings for
-// resolving the STS regional Endpoint flag.
-func GetSTSRegionalEndpoint(s string) (STSRegionalEndpoint, error) {
-	switch {
-	case strings.EqualFold(s, "legacy"):
-		return LegacySTSEndpoint, nil
-	case strings.EqualFold(s, "regional"):
-		return RegionalSTSEndpoint, nil
-	default:
-		return UnsetSTSEndpoint, fmt.Errorf("unable to resolve the value of STSRegionalEndpoint for %v", s)
-	}
-}
-
-// S3UsEast1RegionalEndpoint is an enum for the states of the S3 us-east-1
-// Regional Endpoint options.
-type S3UsEast1RegionalEndpoint int
-
-func (e S3UsEast1RegionalEndpoint) String() string {
-	switch e {
-	case LegacyS3UsEast1Endpoint:
-		return "legacy"
-	case RegionalS3UsEast1Endpoint:
-		return "regional"
-	case UnsetS3UsEast1Endpoint:
-		return ""
-	default:
-		return "unknown"
-	}
-}
-
-const (
-
-	// UnsetS3UsEast1Endpoint represents that S3 Regional Endpoint flag is not
-	// specified.
-	UnsetS3UsEast1Endpoint S3UsEast1RegionalEndpoint = iota
-
-	// LegacyS3UsEast1Endpoint represents when S3 Regional Endpoint flag is
-	// specified to use legacy endpoints.
-	LegacyS3UsEast1Endpoint
-
-	// RegionalS3UsEast1Endpoint represents when S3 Regional Endpoint flag is
-	// specified to use regional endpoints.
-	RegionalS3UsEast1Endpoint
-)
-
-// GetS3UsEast1RegionalEndpoint function returns the S3UsEast1RegionalEndpointFlag based
-// on the input string provided in env config or shared config by the user.
-//
-// `legacy`, `regional` are the only case-insensitive valid strings for
-// resolving the S3 regional Endpoint flag.
-func GetS3UsEast1RegionalEndpoint(s string) (S3UsEast1RegionalEndpoint, error) {
-	switch {
-	case strings.EqualFold(s, "legacy"):
-		return LegacyS3UsEast1Endpoint, nil
-	case strings.EqualFold(s, "regional"):
-		return RegionalS3UsEast1Endpoint, nil
-	default:
-		return UnsetS3UsEast1Endpoint,
-			fmt.Errorf("unable to resolve the value of S3UsEast1RegionalEndpoint for %v", s)
-	}
-}
-
-// Set combines all of the option functions together.
-func (o *Options) Set(optFns ...func(*Options)) {
-	for _, fn := range optFns {
-		fn(o)
-	}
-}
-
-// DisableSSLOption sets the DisableSSL options. Can be used as a functional
-// option when resolving endpoints.
-func DisableSSLOption(o *Options) {
-	o.DisableSSL = true
-}
-
-// UseDualStackOption sets the UseDualStack option. Can be used as a functional
-// option when resolving endpoints.
-//
-// Deprecated: UseDualStackEndpointOption should be used to enable usage of a service's dual-stack endpoint.
-// When DualStackEndpointState is set to a non-zero value it takes higher precedence then this option.
-func UseDualStackOption(o *Options) {
-	o.UseDualStack = true
-}
-
-// UseDualStackEndpointOption sets the UseDualStackEndpoint option to enabled. Can be used as a functional
-// option when resolving endpoints.
-func UseDualStackEndpointOption(o *Options) {
-	o.UseDualStackEndpoint = DualStackEndpointStateEnabled
-}
-
-// UseFIPSEndpointOption sets the UseFIPSEndpoint option to enabled. Can be used as a functional
-// option when resolving endpoints.
-func UseFIPSEndpointOption(o *Options) {
-	o.UseFIPSEndpoint = FIPSEndpointStateEnabled
-}
-
-// StrictMatchingOption sets the StrictMatching option. Can be used as a functional
-// option when resolving endpoints.
-func StrictMatchingOption(o *Options) {
-	o.StrictMatching = true
-}
-
-// ResolveUnknownServiceOption sets the ResolveUnknownService option. Can be used
-// as a functional option when resolving endpoints.
-func ResolveUnknownServiceOption(o *Options) {
-	o.ResolveUnknownService = true
-}
-
-// STSRegionalEndpointOption enables the STS endpoint resolver behavior to resolve
-// STS endpoint to their regional endpoint, instead of the global endpoint.
-func STSRegionalEndpointOption(o *Options) {
-	o.STSRegionalEndpoint = RegionalSTSEndpoint
-}
-
-// A Resolver provides the interface for functionality to resolve endpoints.
-// The build in Partition and DefaultResolver return value satisfy this interface.
-type Resolver interface {
-	EndpointFor(service, region string, opts ...func(*Options)) (ResolvedEndpoint, error)
-}
-
-// ResolverFunc is a helper utility that wraps a function so it satisfies the
-// Resolver interface. This is useful when you want to add additional endpoint
-// resolving logic, or stub out specific endpoints with custom values.
-type ResolverFunc func(service, region string, opts ...func(*Options)) (ResolvedEndpoint, error)
-
-// EndpointFor wraps the ResolverFunc function to satisfy the Resolver interface.
-func (fn ResolverFunc) EndpointFor(service, region string, opts ...func(*Options)) (ResolvedEndpoint, error) {
-	return fn(service, region, opts...)
-}
-
-var schemeRE = regexp.MustCompile("^([^:]+)://")
-
-// AddScheme adds the HTTP or HTTPS schemes to a endpoint URL if there is no
-// scheme. If disableSSL is true HTTP will set HTTP instead of the default HTTPS.
-//
-// If disableSSL is set, it will only set the URL's scheme if the URL does not
-// contain a scheme.
-func AddScheme(endpoint string, disableSSL bool) string {
-	if !schemeRE.MatchString(endpoint) {
-		scheme := "https"
-		if disableSSL {
-			scheme = "http"
-		}
-		endpoint = fmt.Sprintf("%s://%s", scheme, endpoint)
-	}
-
-	return endpoint
-}
-
-// EnumPartitions a provides a way to retrieve the underlying partitions that
-// make up the SDK's default Resolver, or any resolver decoded from a model
-// file.
-//
-// Use this interface with DefaultResolver and DecodeModels to get the list of
-// Partitions.
-type EnumPartitions interface {
-	Partitions() []Partition
-}
-
-// RegionsForService returns a map of regions for the partition and service.
-// If either the partition or service does not exist false will be returned
-// as the second parameter.
-//
-// This example shows how  to get the regions for DynamoDB in the AWS partition.
-//
-//	rs, exists := endpoints.RegionsForService(endpoints.DefaultPartitions(), endpoints.AwsPartitionID, endpoints.DynamodbServiceID)
-//
-// This is equivalent to using the partition directly.
-//
-//	rs := endpoints.AwsPartition().Services()[endpoints.DynamodbServiceID].Regions()
-func RegionsForService(ps []Partition, partitionID, serviceID string) (map[string]Region, bool) {
-	for _, p := range ps {
-		if p.ID() != partitionID {
-			continue
-		}
-		if _, ok := p.p.Services[serviceID]; !(ok || serviceID == Ec2metadataServiceID) {
-			break
-		}
-
-		s := Service{
-			id: serviceID,
-			p:  p.p,
-		}
-		return s.Regions(), true
-	}
-
-	return map[string]Region{}, false
-}
-
-// PartitionForRegion returns the first partition which includes the region
-// passed in. This includes both known regions and regions which match
-// a pattern supported by the partition which may include regions that are
-// not explicitly known by the partition. Use the Regions method of the
-// returned Partition if explicit support is needed.
-func PartitionForRegion(ps []Partition, regionID string) (Partition, bool) {
-	for _, p := range ps {
-		if _, ok := p.p.Regions[regionID]; ok || p.p.RegionRegex.MatchString(regionID) {
-			return p, true
-		}
-	}
-
-	return Partition{}, false
-}
-
-// A Partition provides the ability to enumerate the partition's regions
-// and services.
-type Partition struct {
-	id, dnsSuffix string
-	p             *partition
-}
-
-// DNSSuffix returns the base domain name of the partition.
-func (p Partition) DNSSuffix() string { return p.dnsSuffix }
-
-// ID returns the identifier of the partition.
-func (p Partition) ID() string { return p.id }
-
-// EndpointFor attempts to resolve the endpoint based on service and region.
-// See Options for information on configuring how the endpoint is resolved.
-//
-// If the service cannot be found in the metadata the UnknownServiceError
-// error will be returned. This validation will occur regardless if
-// StrictMatching is enabled. To enable resolving unknown services set the
-// "ResolveUnknownService" option to true. When StrictMatching is disabled
-// this option allows the partition resolver to resolve a endpoint based on
-// the service endpoint ID provided.
-//
-// When resolving endpoints you can choose to enable StrictMatching. This will
-// require the provided service and region to be known by the partition.
-// If the endpoint cannot be strictly resolved an error will be returned. This
-// mode is useful to ensure the endpoint resolved is valid. Without
-// StrictMatching enabled the endpoint returned may look valid but may not work.
-// StrictMatching requires the SDK to be updated if you want to take advantage
-// of new regions and services expansions.
-//
-// Errors that can be returned.
-//   - UnknownServiceError
-//   - UnknownEndpointError
-func (p Partition) EndpointFor(service, region string, opts ...func(*Options)) (ResolvedEndpoint, error) {
-	return p.p.EndpointFor(service, region, opts...)
-}
-
-// Regions returns a map of Regions indexed by their ID. This is useful for
-// enumerating over the regions in a partition.
-func (p Partition) Regions() map[string]Region {
-	rs := make(map[string]Region, len(p.p.Regions))
-	for id, r := range p.p.Regions {
-		rs[id] = Region{
-			id:   id,
-			desc: r.Description,
-			p:    p.p,
-		}
-	}
-
-	return rs
-}
-
-// Services returns a map of Service indexed by their ID. This is useful for
-// enumerating over the services in a partition.
-func (p Partition) Services() map[string]Service {
-	ss := make(map[string]Service, len(p.p.Services))
-
-	for id := range p.p.Services {
-		ss[id] = Service{
-			id: id,
-			p:  p.p,
-		}
-	}
-
-	// Since we have removed the customization that injected this into the model
-	// we still need to pretend that this is a modeled service.
-	if _, ok := ss[Ec2metadataServiceID]; !ok {
-		ss[Ec2metadataServiceID] = Service{
-			id: Ec2metadataServiceID,
-			p:  p.p,
-		}
-	}
-
-	return ss
-}
-
-// A Region provides information about a region, and ability to resolve an
-// endpoint from the context of a region, given a service.
-type Region struct {
-	id, desc string
-	p        *partition
-}
-
-// ID returns the region's identifier.
-func (r Region) ID() string { return r.id }
-
-// Description returns the region's description. The region description
-// is free text, it can be empty, and it may change between SDK releases.
-func (r Region) Description() string { return r.desc }
-
-// ResolveEndpoint resolves an endpoint from the context of the region given
-// a service. See Partition.EndpointFor for usage and errors that can be returned.
-func (r Region) ResolveEndpoint(service string, opts ...func(*Options)) (ResolvedEndpoint, error) {
-	return r.p.EndpointFor(service, r.id, opts...)
-}
-
-// Services returns a list of all services that are known to be in this region.
-func (r Region) Services() map[string]Service {
-	ss := map[string]Service{}
-	for id, s := range r.p.Services {
-		if _, ok := s.Endpoints[endpointKey{Region: r.id}]; ok {
-			ss[id] = Service{
-				id: id,
-				p:  r.p,
-			}
-		}
-	}
-
-	return ss
-}
-
-// A Service provides information about a service, and ability to resolve an
-// endpoint from the context of a service, given a region.
-type Service struct {
-	id string
-	p  *partition
-}
-
-// ID returns the identifier for the service.
-func (s Service) ID() string { return s.id }
-
-// ResolveEndpoint resolves an endpoint from the context of a service given
-// a region. See Partition.EndpointFor for usage and errors that can be returned.
-func (s Service) ResolveEndpoint(region string, opts ...func(*Options)) (ResolvedEndpoint, error) {
-	return s.p.EndpointFor(s.id, region, opts...)
-}
-
-// Regions returns a map of Regions that the service is present in.
-//
-// A region is the AWS region the service exists in. Whereas a Endpoint is
-// an URL that can be resolved to a instance of a service.
-func (s Service) Regions() map[string]Region {
-	rs := map[string]Region{}
-
-	service, ok := s.p.Services[s.id]
-
-	// Since ec2metadata customization has been removed we need to check
-	// if it was defined in non-standard endpoints.json file. If it's not
-	// then we can return the empty map as there is no regional-endpoints for IMDS.
-	// Otherwise, we iterate need to iterate the non-standard model.
-	if s.id == Ec2metadataServiceID && !ok {
-		return rs
-	}
-
-	for id := range service.Endpoints {
-		if id.Variant != 0 {
-			continue
-		}
-		if r, ok := s.p.Regions[id.Region]; ok {
-			rs[id.Region] = Region{
-				id:   id.Region,
-				desc: r.Description,
-				p:    s.p,
-			}
-		}
-	}
-
-	return rs
-}
-
-// Endpoints returns a map of Endpoints indexed by their ID for all known
-// endpoints for a service.
-//
-// A region is the AWS region the service exists in. Whereas a Endpoint is
-// an URL that can be resolved to a instance of a service.
-func (s Service) Endpoints() map[string]Endpoint {
-	es := make(map[string]Endpoint, len(s.p.Services[s.id].Endpoints))
-	for id := range s.p.Services[s.id].Endpoints {
-		if id.Variant != 0 {
-			continue
-		}
-		es[id.Region] = Endpoint{
-			id:        id.Region,
-			serviceID: s.id,
-			p:         s.p,
-		}
-	}
-
-	return es
-}
-
-// A Endpoint provides information about endpoints, and provides the ability
-// to resolve that endpoint for the service, and the region the endpoint
-// represents.
-type Endpoint struct {
-	id        string
-	serviceID string
-	p         *partition
-}
-
-// ID returns the identifier for an endpoint.
-func (e Endpoint) ID() string { return e.id }
-
-// ServiceID returns the identifier the endpoint belongs to.
-func (e Endpoint) ServiceID() string { return e.serviceID }
-
-// ResolveEndpoint resolves an endpoint from the context of a service and
-// region the endpoint represents. See Partition.EndpointFor for usage and
-// errors that can be returned.
-func (e Endpoint) ResolveEndpoint(opts ...func(*Options)) (ResolvedEndpoint, error) {
-	return e.p.EndpointFor(e.serviceID, e.id, opts...)
-}
-
-// A ResolvedEndpoint is an endpoint that has been resolved based on a partition
-// service, and region.
-type ResolvedEndpoint struct {
-	// The endpoint URL
-	URL string
-
-	// The endpoint partition
-	PartitionID string
-
-	// The region that should be used for signing requests.
-	SigningRegion string
-
-	// The service name that should be used for signing requests.
-	SigningName string
-
-	// States that the signing name for this endpoint was derived from metadata
-	// passed in, but was not explicitly modeled.
-	SigningNameDerived bool
-
-	// The signing method that should be used for signing requests.
-	SigningMethod string
-}
-
-// So that the Error interface type can be included as an anonymous field
-// in the requestError struct and not conflict with the error.Error() method.
-type awsError awserr.Error
-
-// A EndpointNotFoundError is returned when in StrictMatching mode, and the
-// endpoint for the service and region cannot be found in any of the partitions.
-type EndpointNotFoundError struct {
-	awsError
-	Partition string
-	Service   string
-	Region    string
-}
-
-// A UnknownServiceError is returned when the service does not resolve to an
-// endpoint. Includes a list of all known services for the partition. Returned
-// when a partition does not support the service.
-type UnknownServiceError struct {
-	awsError
-	Partition string
-	Service   string
-	Known     []string
-}
-
-// NewUnknownServiceError builds and returns UnknownServiceError.
-func NewUnknownServiceError(p, s string, known []string) UnknownServiceError {
-	return UnknownServiceError{
-		awsError: awserr.New("UnknownServiceError",
-			"could not resolve endpoint for unknown service", nil),
-		Partition: p,
-		Service:   s,
-		Known:     known,
-	}
-}
-
-// String returns the string representation of the error.
-func (e UnknownServiceError) Error() string {
-	extra := fmt.Sprintf("partition: %q, service: %q",
-		e.Partition, e.Service)
-	if len(e.Known) > 0 {
-		extra += fmt.Sprintf(", known: %v", e.Known)
-	}
-	return awserr.SprintError(e.Code(), e.Message(), extra, e.OrigErr())
-}
-
-// String returns the string representation of the error.
-func (e UnknownServiceError) String() string {
-	return e.Error()
-}
-
-// A UnknownEndpointError is returned when in StrictMatching mode and the
-// service is valid, but the region does not resolve to an endpoint. Includes
-// a list of all known endpoints for the service.
-type UnknownEndpointError struct {
-	awsError
-	Partition string
-	Service   string
-	Region    string
-	Known     []string
-}
-
-// NewUnknownEndpointError builds and returns UnknownEndpointError.
-func NewUnknownEndpointError(p, s, r string, known []string) UnknownEndpointError {
-	return UnknownEndpointError{
-		awsError: awserr.New("UnknownEndpointError",
-			"could not resolve endpoint", nil),
-		Partition: p,
-		Service:   s,
-		Region:    r,
-		Known:     known,
-	}
-}
-
-// String returns the string representation of the error.
-func (e UnknownEndpointError) Error() string {
-	extra := fmt.Sprintf("partition: %q, service: %q, region: %q",
-		e.Partition, e.Service, e.Region)
-	if len(e.Known) > 0 {
-		extra += fmt.Sprintf(", known: %v", e.Known)
-	}
-	return awserr.SprintError(e.Code(), e.Message(), extra, e.OrigErr())
-}
-
-// String returns the string representation of the error.
-func (e UnknownEndpointError) String() string {
-	return e.Error()
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/legacy_regions.go b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/legacy_regions.go
deleted file mode 100644
index df75e899a..000000000
--- a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/legacy_regions.go
+++ /dev/null
@@ -1,24 +0,0 @@
-package endpoints
-
-var legacyGlobalRegions = map[string]map[string]struct{}{
-	"sts": {
-		"ap-northeast-1": {},
-		"ap-south-1":     {},
-		"ap-southeast-1": {},
-		"ap-southeast-2": {},
-		"ca-central-1":   {},
-		"eu-central-1":   {},
-		"eu-north-1":     {},
-		"eu-west-1":      {},
-		"eu-west-2":      {},
-		"eu-west-3":      {},
-		"sa-east-1":      {},
-		"us-east-1":      {},
-		"us-east-2":      {},
-		"us-west-1":      {},
-		"us-west-2":      {},
-	},
-	"s3": {
-		"us-east-1": {},
-	},
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/v3model.go b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/v3model.go
deleted file mode 100644
index 89f6627dc..000000000
--- a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/v3model.go
+++ /dev/null
@@ -1,594 +0,0 @@
-package endpoints
-
-import (
-	"encoding/json"
-	"fmt"
-	"regexp"
-	"strconv"
-	"strings"
-)
-
-const (
-	ec2MetadataEndpointIPv6 = "http://[fd00:ec2::254]/latest"
-	ec2MetadataEndpointIPv4 = "http://169.254.169.254/latest"
-)
-
-const dnsSuffixTemplateKey = "{dnsSuffix}"
-
-// defaultKey is a compound map key of a variant and other values.
-type defaultKey struct {
-	Variant        endpointVariant
-	ServiceVariant serviceVariant
-}
-
-// endpointKey is a compound map key of a region and associated variant value.
-type endpointKey struct {
-	Region  string
-	Variant endpointVariant
-}
-
-// endpointVariant is a bit field to describe the endpoints attributes.
-type endpointVariant uint64
-
-// serviceVariant is a bit field to describe the service endpoint attributes.
-type serviceVariant uint64
-
-const (
-	// fipsVariant indicates that the endpoint is FIPS capable.
-	fipsVariant endpointVariant = 1 << (64 - 1 - iota)
-
-	// dualStackVariant indicates that the endpoint is DualStack capable.
-	dualStackVariant
-)
-
-var regionValidationRegex = regexp.MustCompile(`^[[:alnum:]]([[:alnum:]\-]*[[:alnum:]])?$`)
-
-type partitions []partition
-
-func (ps partitions) EndpointFor(service, region string, opts ...func(*Options)) (ResolvedEndpoint, error) {
-	var opt Options
-	opt.Set(opts...)
-
-	if len(opt.ResolvedRegion) > 0 {
-		region = opt.ResolvedRegion
-	}
-
-	for i := 0; i < len(ps); i++ {
-		if !ps[i].canResolveEndpoint(service, region, opt) {
-			continue
-		}
-
-		return ps[i].EndpointFor(service, region, opts...)
-	}
-
-	// If loose matching fallback to first partition format to use
-	// when resolving the endpoint.
-	if !opt.StrictMatching && len(ps) > 0 {
-		return ps[0].EndpointFor(service, region, opts...)
-	}
-
-	return ResolvedEndpoint{}, NewUnknownEndpointError("all partitions", service, region, []string{})
-}
-
-// Partitions satisfies the EnumPartitions interface and returns a list
-// of Partitions representing each partition represented in the SDK's
-// endpoints model.
-func (ps partitions) Partitions() []Partition {
-	parts := make([]Partition, 0, len(ps))
-	for i := 0; i < len(ps); i++ {
-		parts = append(parts, ps[i].Partition())
-	}
-
-	return parts
-}
-
-type endpointWithVariants struct {
-	endpoint
-	Variants []endpointWithTags `json:"variants"`
-}
-
-type endpointWithTags struct {
-	endpoint
-	Tags []string `json:"tags"`
-}
-
-type endpointDefaults map[defaultKey]endpoint
-
-func (p *endpointDefaults) UnmarshalJSON(data []byte) error {
-	if *p == nil {
-		*p = make(endpointDefaults)
-	}
-
-	var e endpointWithVariants
-	if err := json.Unmarshal(data, &e); err != nil {
-		return err
-	}
-
-	(*p)[defaultKey{Variant: 0}] = e.endpoint
-
-	e.Hostname = ""
-	e.DNSSuffix = ""
-
-	for _, variant := range e.Variants {
-		endpointVariant, unknown := parseVariantTags(variant.Tags)
-		if unknown {
-			continue
-		}
-
-		var ve endpoint
-		ve.mergeIn(e.endpoint)
-		ve.mergeIn(variant.endpoint)
-
-		(*p)[defaultKey{Variant: endpointVariant}] = ve
-	}
-
-	return nil
-}
-
-func parseVariantTags(tags []string) (ev endpointVariant, unknown bool) {
-	if len(tags) == 0 {
-		unknown = true
-		return
-	}
-
-	for _, tag := range tags {
-		switch {
-		case strings.EqualFold("fips", tag):
-			ev |= fipsVariant
-		case strings.EqualFold("dualstack", tag):
-			ev |= dualStackVariant
-		default:
-			unknown = true
-		}
-	}
-	return ev, unknown
-}
-
-type partition struct {
-	ID          string           `json:"partition"`
-	Name        string           `json:"partitionName"`
-	DNSSuffix   string           `json:"dnsSuffix"`
-	RegionRegex regionRegex      `json:"regionRegex"`
-	Defaults    endpointDefaults `json:"defaults"`
-	Regions     regions          `json:"regions"`
-	Services    services         `json:"services"`
-}
-
-func (p partition) Partition() Partition {
-	return Partition{
-		dnsSuffix: p.DNSSuffix,
-		id:        p.ID,
-		p:         &p,
-	}
-}
-
-func (p partition) canResolveEndpoint(service, region string, options Options) bool {
-	s, hasService := p.Services[service]
-	_, hasEndpoint := s.Endpoints[endpointKey{
-		Region:  region,
-		Variant: options.getEndpointVariant(service),
-	}]
-
-	if hasEndpoint && hasService {
-		return true
-	}
-
-	if options.StrictMatching {
-		return false
-	}
-
-	return p.RegionRegex.MatchString(region)
-}
-
-func allowLegacyEmptyRegion(service string) bool {
-	legacy := map[string]struct{}{
-		"budgets":       {},
-		"ce":            {},
-		"chime":         {},
-		"cloudfront":    {},
-		"ec2metadata":   {},
-		"iam":           {},
-		"importexport":  {},
-		"organizations": {},
-		"route53":       {},
-		"sts":           {},
-		"support":       {},
-		"waf":           {},
-	}
-
-	_, allowed := legacy[service]
-	return allowed
-}
-
-func (p partition) EndpointFor(service, region string, opts ...func(*Options)) (resolved ResolvedEndpoint, err error) {
-	var opt Options
-	opt.Set(opts...)
-
-	if len(opt.ResolvedRegion) > 0 {
-		region = opt.ResolvedRegion
-	}
-
-	s, hasService := p.Services[service]
-
-	if service == Ec2metadataServiceID && !hasService {
-		endpoint := getEC2MetadataEndpoint(p.ID, service, opt.EC2MetadataEndpointMode)
-		return endpoint, nil
-	}
-
-	if len(service) == 0 || !(hasService || opt.ResolveUnknownService) {
-		// Only return error if the resolver will not fallback to creating
-		// endpoint based on service endpoint ID passed in.
-		return resolved, NewUnknownServiceError(p.ID, service, serviceList(p.Services))
-	}
-
-	if len(region) == 0 && allowLegacyEmptyRegion(service) && len(s.PartitionEndpoint) != 0 {
-		region = s.PartitionEndpoint
-	}
-
-	if r, ok := isLegacyGlobalRegion(service, region, opt); ok {
-		region = r
-	}
-
-	variant := opt.getEndpointVariant(service)
-
-	endpoints := s.Endpoints
-
-	serviceDefaults, hasServiceDefault := s.Defaults[defaultKey{Variant: variant}]
-	// If we searched for a variant which may have no explicit service defaults,
-	// then we need to inherit the standard service defaults except the hostname and dnsSuffix
-	if variant != 0 && !hasServiceDefault {
-		serviceDefaults = s.Defaults[defaultKey{}]
-		serviceDefaults.Hostname = ""
-		serviceDefaults.DNSSuffix = ""
-	}
-
-	partitionDefaults, hasPartitionDefault := p.Defaults[defaultKey{Variant: variant}]
-
-	var dnsSuffix string
-	if len(serviceDefaults.DNSSuffix) > 0 {
-		dnsSuffix = serviceDefaults.DNSSuffix
-	} else if variant == 0 {
-		// For legacy reasons the partition dnsSuffix is not in the defaults, so if we looked for
-		// a non-variant endpoint then we need to set the dnsSuffix.
-		dnsSuffix = p.DNSSuffix
-	}
-
-	noDefaults := !hasServiceDefault && !hasPartitionDefault
-
-	e, hasEndpoint := s.endpointForRegion(region, endpoints, variant)
-	if len(region) == 0 || (!hasEndpoint && (opt.StrictMatching || noDefaults)) {
-		return resolved, NewUnknownEndpointError(p.ID, service, region, endpointList(endpoints, variant))
-	}
-
-	defs := []endpoint{partitionDefaults, serviceDefaults}
-
-	return e.resolve(service, p.ID, region, dnsSuffixTemplateKey, dnsSuffix, defs, opt)
-}
-
-func getEC2MetadataEndpoint(partitionID, service string, mode EC2IMDSEndpointModeState) ResolvedEndpoint {
-	switch mode {
-	case EC2IMDSEndpointModeStateIPv6:
-		return ResolvedEndpoint{
-			URL:                ec2MetadataEndpointIPv6,
-			PartitionID:        partitionID,
-			SigningRegion:      "aws-global",
-			SigningName:        service,
-			SigningNameDerived: true,
-			SigningMethod:      "v4",
-		}
-	case EC2IMDSEndpointModeStateIPv4:
-		fallthrough
-	default:
-		return ResolvedEndpoint{
-			URL:                ec2MetadataEndpointIPv4,
-			PartitionID:        partitionID,
-			SigningRegion:      "aws-global",
-			SigningName:        service,
-			SigningNameDerived: true,
-			SigningMethod:      "v4",
-		}
-	}
-}
-
-func isLegacyGlobalRegion(service string, region string, opt Options) (string, bool) {
-	if opt.getEndpointVariant(service) != 0 {
-		return "", false
-	}
-
-	const (
-		sts       = "sts"
-		s3        = "s3"
-		awsGlobal = "aws-global"
-	)
-
-	switch {
-	case service == sts && opt.STSRegionalEndpoint == RegionalSTSEndpoint:
-		return region, false
-	case service == s3 && opt.S3UsEast1RegionalEndpoint == RegionalS3UsEast1Endpoint:
-		return region, false
-	default:
-		if _, ok := legacyGlobalRegions[service][region]; ok {
-			return awsGlobal, true
-		}
-	}
-
-	return region, false
-}
-
-func serviceList(ss services) []string {
-	list := make([]string, 0, len(ss))
-	for k := range ss {
-		list = append(list, k)
-	}
-	return list
-}
-func endpointList(es serviceEndpoints, variant endpointVariant) []string {
-	list := make([]string, 0, len(es))
-	for k := range es {
-		if k.Variant != variant {
-			continue
-		}
-		list = append(list, k.Region)
-	}
-	return list
-}
-
-type regionRegex struct {
-	*regexp.Regexp
-}
-
-func (rr *regionRegex) UnmarshalJSON(b []byte) (err error) {
-	// Strip leading and trailing quotes
-	regex, err := strconv.Unquote(string(b))
-	if err != nil {
-		return fmt.Errorf("unable to strip quotes from regex, %v", err)
-	}
-
-	rr.Regexp, err = regexp.Compile(regex)
-	if err != nil {
-		return fmt.Errorf("unable to unmarshal region regex, %v", err)
-	}
-	return nil
-}
-
-type regions map[string]region
-
-type region struct {
-	Description string `json:"description"`
-}
-
-type services map[string]service
-
-type service struct {
-	PartitionEndpoint string           `json:"partitionEndpoint"`
-	IsRegionalized    boxedBool        `json:"isRegionalized,omitempty"`
-	Defaults          endpointDefaults `json:"defaults"`
-	Endpoints         serviceEndpoints `json:"endpoints"`
-}
-
-func (s *service) endpointForRegion(region string, endpoints serviceEndpoints, variant endpointVariant) (endpoint, bool) {
-	if e, ok := endpoints[endpointKey{Region: region, Variant: variant}]; ok {
-		return e, true
-	}
-
-	if s.IsRegionalized == boxedFalse {
-		return endpoints[endpointKey{Region: s.PartitionEndpoint, Variant: variant}], region == s.PartitionEndpoint
-	}
-
-	// Unable to find any matching endpoint, return
-	// blank that will be used for generic endpoint creation.
-	return endpoint{}, false
-}
-
-type serviceEndpoints map[endpointKey]endpoint
-
-func (s *serviceEndpoints) UnmarshalJSON(data []byte) error {
-	if *s == nil {
-		*s = make(serviceEndpoints)
-	}
-
-	var regionToEndpoint map[string]endpointWithVariants
-
-	if err := json.Unmarshal(data, &regionToEndpoint); err != nil {
-		return err
-	}
-
-	for region, e := range regionToEndpoint {
-		(*s)[endpointKey{Region: region}] = e.endpoint
-
-		e.Hostname = ""
-		e.DNSSuffix = ""
-
-		for _, variant := range e.Variants {
-			endpointVariant, unknown := parseVariantTags(variant.Tags)
-			if unknown {
-				continue
-			}
-
-			var ve endpoint
-			ve.mergeIn(e.endpoint)
-			ve.mergeIn(variant.endpoint)
-
-			(*s)[endpointKey{Region: region, Variant: endpointVariant}] = ve
-		}
-	}
-
-	return nil
-}
-
-type endpoint struct {
-	Hostname        string          `json:"hostname"`
-	Protocols       []string        `json:"protocols"`
-	CredentialScope credentialScope `json:"credentialScope"`
-
-	DNSSuffix string `json:"dnsSuffix"`
-
-	// Signature Version not used
-	SignatureVersions []string `json:"signatureVersions"`
-
-	// SSLCommonName not used.
-	SSLCommonName string `json:"sslCommonName"`
-
-	Deprecated boxedBool `json:"deprecated"`
-}
-
-// isZero returns whether the endpoint structure is an empty (zero) value.
-func (e endpoint) isZero() bool {
-	switch {
-	case len(e.Hostname) != 0:
-		return false
-	case len(e.Protocols) != 0:
-		return false
-	case e.CredentialScope != (credentialScope{}):
-		return false
-	case len(e.SignatureVersions) != 0:
-		return false
-	case len(e.SSLCommonName) != 0:
-		return false
-	}
-	return true
-}
-
-const (
-	defaultProtocol = "https"
-	defaultSigner   = "v4"
-)
-
-var (
-	protocolPriority = []string{"https", "http"}
-	signerPriority   = []string{"v4", "v2"}
-)
-
-func getByPriority(s []string, p []string, def string) string {
-	if len(s) == 0 {
-		return def
-	}
-
-	for i := 0; i < len(p); i++ {
-		for j := 0; j < len(s); j++ {
-			if s[j] == p[i] {
-				return s[j]
-			}
-		}
-	}
-
-	return s[0]
-}
-
-func (e endpoint) resolve(service, partitionID, region, dnsSuffixTemplateVariable, dnsSuffix string, defs []endpoint, opts Options) (ResolvedEndpoint, error) {
-	var merged endpoint
-	for _, def := range defs {
-		merged.mergeIn(def)
-	}
-	merged.mergeIn(e)
-	e = merged
-
-	signingRegion := e.CredentialScope.Region
-	if len(signingRegion) == 0 {
-		signingRegion = region
-	}
-
-	signingName := e.CredentialScope.Service
-	var signingNameDerived bool
-	if len(signingName) == 0 {
-		signingName = service
-		signingNameDerived = true
-	}
-
-	hostname := e.Hostname
-
-	if !validateInputRegion(region) {
-		return ResolvedEndpoint{}, fmt.Errorf("invalid region identifier format provided")
-	}
-
-	if len(merged.DNSSuffix) > 0 {
-		dnsSuffix = merged.DNSSuffix
-	}
-
-	u := strings.Replace(hostname, "{service}", service, 1)
-	u = strings.Replace(u, "{region}", region, 1)
-	u = strings.Replace(u, dnsSuffixTemplateVariable, dnsSuffix, 1)
-
-	scheme := getEndpointScheme(e.Protocols, opts.DisableSSL)
-	u = fmt.Sprintf("%s://%s", scheme, u)
-
-	if e.Deprecated == boxedTrue && opts.LogDeprecated && opts.Logger != nil {
-		opts.Logger.Log(fmt.Sprintf("endpoint identifier %q, url %q marked as deprecated", region, u))
-	}
-
-	return ResolvedEndpoint{
-		URL:                u,
-		PartitionID:        partitionID,
-		SigningRegion:      signingRegion,
-		SigningName:        signingName,
-		SigningNameDerived: signingNameDerived,
-		SigningMethod:      getByPriority(e.SignatureVersions, signerPriority, defaultSigner),
-	}, nil
-}
-
-func getEndpointScheme(protocols []string, disableSSL bool) string {
-	if disableSSL {
-		return "http"
-	}
-
-	return getByPriority(protocols, protocolPriority, defaultProtocol)
-}
-
-func (e *endpoint) mergeIn(other endpoint) {
-	if len(other.Hostname) > 0 {
-		e.Hostname = other.Hostname
-	}
-	if len(other.Protocols) > 0 {
-		e.Protocols = other.Protocols
-	}
-	if len(other.SignatureVersions) > 0 {
-		e.SignatureVersions = other.SignatureVersions
-	}
-	if len(other.CredentialScope.Region) > 0 {
-		e.CredentialScope.Region = other.CredentialScope.Region
-	}
-	if len(other.CredentialScope.Service) > 0 {
-		e.CredentialScope.Service = other.CredentialScope.Service
-	}
-	if len(other.SSLCommonName) > 0 {
-		e.SSLCommonName = other.SSLCommonName
-	}
-	if len(other.DNSSuffix) > 0 {
-		e.DNSSuffix = other.DNSSuffix
-	}
-	if other.Deprecated != boxedBoolUnset {
-		e.Deprecated = other.Deprecated
-	}
-}
-
-type credentialScope struct {
-	Region  string `json:"region"`
-	Service string `json:"service"`
-}
-
-type boxedBool int
-
-func (b *boxedBool) UnmarshalJSON(buf []byte) error {
-	v, err := strconv.ParseBool(string(buf))
-	if err != nil {
-		return err
-	}
-
-	if v {
-		*b = boxedTrue
-	} else {
-		*b = boxedFalse
-	}
-
-	return nil
-}
-
-const (
-	boxedBoolUnset boxedBool = iota
-	boxedFalse
-	boxedTrue
-)
-
-func validateInputRegion(region string) bool {
-	return regionValidationRegex.MatchString(region)
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/v3model_codegen.go b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/v3model_codegen.go
deleted file mode 100644
index 84922bca8..000000000
--- a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/v3model_codegen.go
+++ /dev/null
@@ -1,412 +0,0 @@
-//go:build codegen
-// +build codegen
-
-package endpoints
-
-import (
-	"fmt"
-	"io"
-	"reflect"
-	"strings"
-	"text/template"
-	"unicode"
-)
-
-// A CodeGenOptions are the options for code generating the endpoints into
-// Go code from the endpoints model definition.
-type CodeGenOptions struct {
-	// Options for how the model will be decoded.
-	DecodeModelOptions DecodeModelOptions
-
-	// Disables code generation of the service endpoint prefix IDs defined in
-	// the model.
-	DisableGenerateServiceIDs bool
-}
-
-// Set combines all of the option functions together
-func (d *CodeGenOptions) Set(optFns ...func(*CodeGenOptions)) {
-	for _, fn := range optFns {
-		fn(d)
-	}
-}
-
-// CodeGenModel given a endpoints model file will decode it and attempt to
-// generate Go code from the model definition. Error will be returned if
-// the code is unable to be generated, or decoded.
-func CodeGenModel(modelFile io.Reader, outFile io.Writer, optFns ...func(*CodeGenOptions)) error {
-	var opts CodeGenOptions
-	opts.Set(optFns...)
-
-	resolver, err := DecodeModel(modelFile, func(d *DecodeModelOptions) {
-		*d = opts.DecodeModelOptions
-	})
-	if err != nil {
-		return err
-	}
-
-	v := struct {
-		Resolver
-		CodeGenOptions
-	}{
-		Resolver:       resolver,
-		CodeGenOptions: opts,
-	}
-
-	tmpl := template.Must(template.New("tmpl").Funcs(funcMap).Parse(v3Tmpl))
-	if err := tmpl.ExecuteTemplate(outFile, "defaults", v); err != nil {
-		return fmt.Errorf("failed to execute template, %v", err)
-	}
-
-	return nil
-}
-
-func toSymbol(v string) string {
-	out := []rune{}
-	for _, c := range strings.Title(v) {
-		if !(unicode.IsNumber(c) || unicode.IsLetter(c)) {
-			continue
-		}
-
-		out = append(out, c)
-	}
-
-	return string(out)
-}
-
-func quoteString(v string) string {
-	return fmt.Sprintf("%q", v)
-}
-
-func regionConstName(p, r string) string {
-	return toSymbol(p) + toSymbol(r)
-}
-
-func partitionGetter(id string) string {
-	return fmt.Sprintf("%sPartition", toSymbol(id))
-}
-
-func partitionVarName(id string) string {
-	return fmt.Sprintf("%sPartition", strings.ToLower(toSymbol(id)))
-}
-
-func listPartitionNames(ps partitions) string {
-	names := []string{}
-	switch len(ps) {
-	case 1:
-		return ps[0].Name
-	case 2:
-		return fmt.Sprintf("%s and %s", ps[0].Name, ps[1].Name)
-	default:
-		for i, p := range ps {
-			if i == len(ps)-1 {
-				names = append(names, "and "+p.Name)
-			} else {
-				names = append(names, p.Name)
-			}
-		}
-		return strings.Join(names, ", ")
-	}
-}
-
-func boxedBoolIfSet(msg string, v boxedBool) string {
-	switch v {
-	case boxedTrue:
-		return fmt.Sprintf(msg, "boxedTrue")
-	case boxedFalse:
-		return fmt.Sprintf(msg, "boxedFalse")
-	default:
-		return ""
-	}
-}
-
-func stringIfSet(msg, v string) string {
-	if len(v) == 0 {
-		return ""
-	}
-
-	return fmt.Sprintf(msg, v)
-}
-
-func stringSliceIfSet(msg string, vs []string) string {
-	if len(vs) == 0 {
-		return ""
-	}
-
-	names := []string{}
-	for _, v := range vs {
-		names = append(names, `"`+v+`"`)
-	}
-
-	return fmt.Sprintf(msg, strings.Join(names, ","))
-}
-
-func endpointIsSet(v endpoint) bool {
-	return !reflect.DeepEqual(v, endpoint{})
-}
-
-func serviceSet(ps partitions) map[string]struct{} {
-	set := map[string]struct{}{}
-	for _, p := range ps {
-		for id := range p.Services {
-			set[id] = struct{}{}
-		}
-	}
-
-	return set
-}
-
-func endpointVariantSetter(variant endpointVariant) (string, error) {
-	if variant == 0 {
-		return "0", nil
-	}
-
-	if variant > (fipsVariant | dualStackVariant) {
-		return "", fmt.Errorf("unknown endpoint variant")
-	}
-
-	var symbols []string
-	if variant&fipsVariant != 0 {
-		symbols = append(symbols, "fipsVariant")
-	}
-	if variant&dualStackVariant != 0 {
-		symbols = append(symbols, "dualStackVariant")
-	}
-	v := strings.Join(symbols, "|")
-
-	return v, nil
-}
-
-func endpointKeySetter(e endpointKey) (string, error) {
-	var sb strings.Builder
-	sb.WriteString("endpointKey{\n")
-	sb.WriteString(fmt.Sprintf("Region: %q,\n", e.Region))
-	if e.Variant != 0 {
-		variantSetter, err := endpointVariantSetter(e.Variant)
-		if err != nil {
-			return "", err
-		}
-		sb.WriteString(fmt.Sprintf("Variant: %s,\n", variantSetter))
-	}
-	sb.WriteString("}")
-	return sb.String(), nil
-}
-
-func defaultKeySetter(e defaultKey) (string, error) {
-	var sb strings.Builder
-	sb.WriteString("defaultKey{\n")
-	if e.Variant != 0 {
-		variantSetter, err := endpointVariantSetter(e.Variant)
-		if err != nil {
-			return "", err
-		}
-		sb.WriteString(fmt.Sprintf("Variant: %s,\n", variantSetter))
-	}
-	sb.WriteString("}")
-	return sb.String(), nil
-}
-
-var funcMap = template.FuncMap{
-	"ToSymbol":              toSymbol,
-	"QuoteString":           quoteString,
-	"RegionConst":           regionConstName,
-	"PartitionGetter":       partitionGetter,
-	"PartitionVarName":      partitionVarName,
-	"ListPartitionNames":    listPartitionNames,
-	"BoxedBoolIfSet":        boxedBoolIfSet,
-	"StringIfSet":           stringIfSet,
-	"StringSliceIfSet":      stringSliceIfSet,
-	"EndpointIsSet":         endpointIsSet,
-	"ServicesSet":           serviceSet,
-	"EndpointVariantSetter": endpointVariantSetter,
-	"EndpointKeySetter":     endpointKeySetter,
-	"DefaultKeySetter":      defaultKeySetter,
-}
-
-const v3Tmpl = `
-{{ define "defaults" -}}
-// Code generated by aws/endpoints/v3model_codegen.go. DO NOT EDIT.
-
-package endpoints
-
-import (
-	"regexp"
-)
-
-	{{ template "partition consts" $.Resolver }}
-
-	{{ range $_, $partition := $.Resolver }}
-		{{ template "partition region consts" $partition }}
-	{{ end }}
-
-	{{ if not $.DisableGenerateServiceIDs -}}
-	{{ template "service consts" $.Resolver }}
-	{{- end }}
-	
-	{{ template "endpoint resolvers" $.Resolver }}
-{{- end }}
-
-{{ define "partition consts" }}
-	// Partition identifiers
-	const (
-		{{ range $_, $p := . -}}
-			{{ ToSymbol $p.ID }}PartitionID = {{ QuoteString $p.ID }} // {{ $p.Name }} partition.
-		{{ end -}}
-	)
-{{- end }}
-
-{{ define "partition region consts" }}
-	// {{ .Name }} partition's regions.
-	const (
-		{{ range $id, $region := .Regions -}}
-			{{ ToSymbol $id }}RegionID = {{ QuoteString $id }} // {{ $region.Description }}.
-		{{ end -}}
-	)
-{{- end }}
-
-{{ define "service consts" }}
-	// Service identifiers
-	const (
-		{{ $serviceSet := ServicesSet . -}}
-		{{ range $id, $_ := $serviceSet -}}
-			{{ ToSymbol $id }}ServiceID = {{ QuoteString $id }} // {{ ToSymbol $id }}.
-		{{ end -}}
-	)
-{{- end }}
-
-{{ define "endpoint resolvers" }}
-	// DefaultResolver returns an Endpoint resolver that will be able
-	// to resolve endpoints for: {{ ListPartitionNames . }}.
-	//
-	// Use DefaultPartitions() to get the list of the default partitions.
-	func DefaultResolver() Resolver {
-		return defaultPartitions
-	}
-
-	// DefaultPartitions returns a list of the partitions the SDK is bundled
-	// with. The available partitions are: {{ ListPartitionNames . }}.
-	//
-	//    partitions := endpoints.DefaultPartitions
-	//    for _, p := range partitions {
-	//        // ... inspect partitions
-	//    }
-	func DefaultPartitions() []Partition {
-		return defaultPartitions.Partitions()
-	}
-
-	var defaultPartitions = partitions{
-		{{ range $_, $partition := . -}}
-			{{ PartitionVarName $partition.ID }},
-		{{ end }}
-	}
-	
-	{{ range $_, $partition := . -}}
-		{{ $name := PartitionGetter $partition.ID -}}
-		// {{ $name }} returns the Resolver for {{ $partition.Name }}.
-		func {{ $name }}() Partition {
-			return  {{ PartitionVarName $partition.ID }}.Partition()
-		}
-		var {{ PartitionVarName $partition.ID }} = {{ template "gocode Partition" $partition }}
-	{{ end }}
-{{ end }}
-
-{{ define "default partitions" }}
-	func DefaultPartitions() []Partition {
-		return []partition{
-			{{ range $_, $partition := . -}}
-			// {{ ToSymbol $partition.ID}}Partition(),
-			{{ end }}
-		}
-	}
-{{ end }}
-
-{{ define "gocode Partition" -}}
-partition{
-	{{ StringIfSet "ID: %q,\n" .ID -}}
-	{{ StringIfSet "Name: %q,\n" .Name -}}
-	{{ StringIfSet "DNSSuffix: %q,\n" .DNSSuffix -}}
-	RegionRegex: {{ template "gocode RegionRegex" .RegionRegex }},
-	{{ if (gt (len .Defaults) 0) -}}
-		Defaults: {{ template "gocode Defaults" .Defaults -}},
-	{{ end -}}
-	Regions:  {{ template "gocode Regions" .Regions }},
-	Services: {{ template "gocode Services" .Services }},
-}
-{{- end }}
-
-{{ define "gocode RegionRegex" -}}
-regionRegex{
-	Regexp: func() *regexp.Regexp{
-		reg, _ := regexp.Compile({{ QuoteString .Regexp.String }})
-		return reg
-	}(),
-}
-{{- end }}
-
-{{ define "gocode Regions" -}}
-regions{
-	{{ range $id, $region := . -}}
-		"{{ $id }}": {{ template "gocode Region" $region }},
-	{{ end -}}
-}
-{{- end }}
-
-{{ define "gocode Region" -}}
-region{
-	{{ StringIfSet "Description: %q,\n" .Description -}}
-}
-{{- end }}
-
-{{ define "gocode Services" -}}
-services{
-	{{ range $id, $service := . -}}
-	"{{ $id }}": {{ template "gocode Service" $service }},
-	{{ end }}
-}
-{{- end }}
-
-{{ define "gocode Service" -}}
-service{
-	{{ StringIfSet "PartitionEndpoint: %q,\n" .PartitionEndpoint -}}
-	{{ BoxedBoolIfSet "IsRegionalized: %s,\n" .IsRegionalized -}}
-	{{ if (gt (len .Defaults) 0) -}}
-		Defaults: {{ template "gocode Defaults" .Defaults -}},
-	{{ end -}}
-	{{ if .Endpoints -}}
-		Endpoints: {{ template "gocode Endpoints" .Endpoints }},
-	{{- end }}
-}
-{{- end }}
-
-{{ define "gocode Defaults" -}}
-endpointDefaults{
-	{{ range $id, $endpoint := . -}}
-	{{ DefaultKeySetter $id }}: {{ template "gocode Endpoint" $endpoint }},
-	{{ end }}
-}
-{{- end }}
-
-{{ define "gocode Endpoints" -}}
-serviceEndpoints{
-	{{ range $id, $endpoint := . -}}
-	{{ EndpointKeySetter $id }}: {{ template "gocode Endpoint" $endpoint }},
-	{{ end }}
-}
-{{- end }}
-
-{{ define "gocode Endpoint" -}}
-endpoint{
-	{{ StringIfSet "Hostname: %q,\n" .Hostname -}}
-	{{ StringIfSet "DNSSuffix: %q,\n" .DNSSuffix -}}
-	{{ StringIfSet "SSLCommonName: %q,\n" .SSLCommonName -}}
-	{{ StringSliceIfSet "Protocols: []string{%s},\n" .Protocols -}}
-	{{ StringSliceIfSet "SignatureVersions: []string{%s},\n" .SignatureVersions -}}
-	{{ if or .CredentialScope.Region .CredentialScope.Service -}}
-	CredentialScope: credentialScope{
-		{{ StringIfSet "Region: %q,\n" .CredentialScope.Region -}}
-		{{ StringIfSet "Service: %q,\n" .CredentialScope.Service -}}
-	},
-	{{- end }}
-	{{ BoxedBoolIfSet "Deprecated: %s,\n" .Deprecated -}}
-}
-{{- end }}
-`
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/errors.go b/vendor/github.com/aws/aws-sdk-go/aws/errors.go
deleted file mode 100644
index fa06f7a8f..000000000
--- a/vendor/github.com/aws/aws-sdk-go/aws/errors.go
+++ /dev/null
@@ -1,13 +0,0 @@
-package aws
-
-import "github.com/aws/aws-sdk-go/aws/awserr"
-
-var (
-	// ErrMissingRegion is an error that is returned if region configuration is
-	// not found.
-	ErrMissingRegion = awserr.New("MissingRegion", "could not find region configuration", nil)
-
-	// ErrMissingEndpoint is an error that is returned if an endpoint cannot be
-	// resolved for a service.
-	ErrMissingEndpoint = awserr.New("MissingEndpoint", "'Endpoint' configuration is required for this service", nil)
-)
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/jsonvalue.go b/vendor/github.com/aws/aws-sdk-go/aws/jsonvalue.go
deleted file mode 100644
index 91a6f277a..000000000
--- a/vendor/github.com/aws/aws-sdk-go/aws/jsonvalue.go
+++ /dev/null
@@ -1,12 +0,0 @@
-package aws
-
-// JSONValue is a representation of a grab bag type that will be marshaled
-// into a json string. This type can be used just like any other map.
-//
-//	Example:
-//
-//	values := aws.JSONValue{
-//		"Foo": "Bar",
-//	}
-//	values["Baz"] = "Qux"
-type JSONValue map[string]interface{}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/logger.go b/vendor/github.com/aws/aws-sdk-go/aws/logger.go
deleted file mode 100644
index 49674cc79..000000000
--- a/vendor/github.com/aws/aws-sdk-go/aws/logger.go
+++ /dev/null
@@ -1,121 +0,0 @@
-package aws
-
-import (
-	"log"
-	"os"
-)
-
-// A LogLevelType defines the level logging should be performed at. Used to instruct
-// the SDK which statements should be logged.
-type LogLevelType uint
-
-// LogLevel returns the pointer to a LogLevel. Should be used to workaround
-// not being able to take the address of a non-composite literal.
-func LogLevel(l LogLevelType) *LogLevelType {
-	return &l
-}
-
-// Value returns the LogLevel value or the default value LogOff if the LogLevel
-// is nil. Safe to use on nil value LogLevelTypes.
-func (l *LogLevelType) Value() LogLevelType {
-	if l != nil {
-		return *l
-	}
-	return LogOff
-}
-
-// Matches returns true if the v LogLevel is enabled by this LogLevel. Should be
-// used with logging sub levels. Is safe to use on nil value LogLevelTypes. If
-// LogLevel is nil, will default to LogOff comparison.
-func (l *LogLevelType) Matches(v LogLevelType) bool {
-	c := l.Value()
-	return c&v == v
-}
-
-// AtLeast returns true if this LogLevel is at least high enough to satisfies v.
-// Is safe to use on nil value LogLevelTypes. If LogLevel is nil, will default
-// to LogOff comparison.
-func (l *LogLevelType) AtLeast(v LogLevelType) bool {
-	c := l.Value()
-	return c >= v
-}
-
-const (
-	// LogOff states that no logging should be performed by the SDK. This is the
-	// default state of the SDK, and should be use to disable all logging.
-	LogOff LogLevelType = iota * 0x1000
-
-	// LogDebug state that debug output should be logged by the SDK. This should
-	// be used to inspect request made and responses received.
-	LogDebug
-)
-
-// Debug Logging Sub Levels
-const (
-	// LogDebugWithSigning states that the SDK should log request signing and
-	// presigning events. This should be used to log the signing details of
-	// requests for debugging. Will also enable LogDebug.
-	LogDebugWithSigning LogLevelType = LogDebug | (1 << iota)
-
-	// LogDebugWithHTTPBody states the SDK should log HTTP request and response
-	// HTTP bodys in addition to the headers and path. This should be used to
-	// see the body content of requests and responses made while using the SDK
-	// Will also enable LogDebug.
-	LogDebugWithHTTPBody
-
-	// LogDebugWithRequestRetries states the SDK should log when service requests will
-	// be retried. This should be used to log when you want to log when service
-	// requests are being retried. Will also enable LogDebug.
-	LogDebugWithRequestRetries
-
-	// LogDebugWithRequestErrors states the SDK should log when service requests fail
-	// to build, send, validate, or unmarshal.
-	LogDebugWithRequestErrors
-
-	// LogDebugWithEventStreamBody states the SDK should log EventStream
-	// request and response bodys. This should be used to log the EventStream
-	// wire unmarshaled message content of requests and responses made while
-	// using the SDK Will also enable LogDebug.
-	LogDebugWithEventStreamBody
-
-	// LogDebugWithDeprecated states the SDK should log details about deprecated functionality.
-	LogDebugWithDeprecated
-)
-
-// A Logger is a minimalistic interface for the SDK to log messages to. Should
-// be used to provide custom logging writers for the SDK to use.
-type Logger interface {
-	Log(...interface{})
-}
-
-// A LoggerFunc is a convenience type to convert a function taking a variadic
-// list of arguments and wrap it so the Logger interface can be used.
-//
-// Example:
-//     s3.New(sess, &aws.Config{Logger: aws.LoggerFunc(func(args ...interface{}) {
-//         fmt.Fprintln(os.Stdout, args...)
-//     })})
-type LoggerFunc func(...interface{})
-
-// Log calls the wrapped function with the arguments provided
-func (f LoggerFunc) Log(args ...interface{}) {
-	f(args...)
-}
-
-// NewDefaultLogger returns a Logger which will write log messages to stdout, and
-// use same formatting runes as the stdlib log.Logger
-func NewDefaultLogger() Logger {
-	return &defaultLogger{
-		logger: log.New(os.Stdout, "", log.LstdFlags),
-	}
-}
-
-// A defaultLogger provides a minimalistic logger satisfying the Logger interface.
-type defaultLogger struct {
-	logger *log.Logger
-}
-
-// Log logs the parameters to the stdlib logger. See log.Println.
-func (l defaultLogger) Log(args ...interface{}) {
-	l.logger.Println(args...)
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/request/connection_reset_error.go b/vendor/github.com/aws/aws-sdk-go/aws/request/connection_reset_error.go
deleted file mode 100644
index 2ba3c56c1..000000000
--- a/vendor/github.com/aws/aws-sdk-go/aws/request/connection_reset_error.go
+++ /dev/null
@@ -1,19 +0,0 @@
-package request
-
-import (
-	"strings"
-)
-
-func isErrConnectionReset(err error) bool {
-	if strings.Contains(err.Error(), "read: connection reset") {
-		return false
-	}
-
-	if strings.Contains(err.Error(), "use of closed network connection") ||
-		strings.Contains(err.Error(), "connection reset") ||
-		strings.Contains(err.Error(), "broken pipe") {
-		return true
-	}
-
-	return false
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/request/handlers.go b/vendor/github.com/aws/aws-sdk-go/aws/request/handlers.go
deleted file mode 100644
index 9556332b6..000000000
--- a/vendor/github.com/aws/aws-sdk-go/aws/request/handlers.go
+++ /dev/null
@@ -1,346 +0,0 @@
-package request
-
-import (
-	"fmt"
-	"strings"
-)
-
-// A Handlers provides a collection of request handlers for various
-// stages of handling requests.
-type Handlers struct {
-	Validate         HandlerList
-	Build            HandlerList
-	BuildStream      HandlerList
-	Sign             HandlerList
-	Send             HandlerList
-	ValidateResponse HandlerList
-	Unmarshal        HandlerList
-	UnmarshalStream  HandlerList
-	UnmarshalMeta    HandlerList
-	UnmarshalError   HandlerList
-	Retry            HandlerList
-	AfterRetry       HandlerList
-	CompleteAttempt  HandlerList
-	Complete         HandlerList
-}
-
-// Copy returns a copy of this handler's lists.
-func (h *Handlers) Copy() Handlers {
-	return Handlers{
-		Validate:         h.Validate.copy(),
-		Build:            h.Build.copy(),
-		BuildStream:      h.BuildStream.copy(),
-		Sign:             h.Sign.copy(),
-		Send:             h.Send.copy(),
-		ValidateResponse: h.ValidateResponse.copy(),
-		Unmarshal:        h.Unmarshal.copy(),
-		UnmarshalStream:  h.UnmarshalStream.copy(),
-		UnmarshalError:   h.UnmarshalError.copy(),
-		UnmarshalMeta:    h.UnmarshalMeta.copy(),
-		Retry:            h.Retry.copy(),
-		AfterRetry:       h.AfterRetry.copy(),
-		CompleteAttempt:  h.CompleteAttempt.copy(),
-		Complete:         h.Complete.copy(),
-	}
-}
-
-// Clear removes callback functions for all handlers.
-func (h *Handlers) Clear() {
-	h.Validate.Clear()
-	h.Build.Clear()
-	h.BuildStream.Clear()
-	h.Send.Clear()
-	h.Sign.Clear()
-	h.Unmarshal.Clear()
-	h.UnmarshalStream.Clear()
-	h.UnmarshalMeta.Clear()
-	h.UnmarshalError.Clear()
-	h.ValidateResponse.Clear()
-	h.Retry.Clear()
-	h.AfterRetry.Clear()
-	h.CompleteAttempt.Clear()
-	h.Complete.Clear()
-}
-
-// IsEmpty returns if there are no handlers in any of the handlerlists.
-func (h *Handlers) IsEmpty() bool {
-	if h.Validate.Len() != 0 {
-		return false
-	}
-	if h.Build.Len() != 0 {
-		return false
-	}
-	if h.BuildStream.Len() != 0 {
-		return false
-	}
-	if h.Send.Len() != 0 {
-		return false
-	}
-	if h.Sign.Len() != 0 {
-		return false
-	}
-	if h.Unmarshal.Len() != 0 {
-		return false
-	}
-	if h.UnmarshalStream.Len() != 0 {
-		return false
-	}
-	if h.UnmarshalMeta.Len() != 0 {
-		return false
-	}
-	if h.UnmarshalError.Len() != 0 {
-		return false
-	}
-	if h.ValidateResponse.Len() != 0 {
-		return false
-	}
-	if h.Retry.Len() != 0 {
-		return false
-	}
-	if h.AfterRetry.Len() != 0 {
-		return false
-	}
-	if h.CompleteAttempt.Len() != 0 {
-		return false
-	}
-	if h.Complete.Len() != 0 {
-		return false
-	}
-
-	return true
-}
-
-// A HandlerListRunItem represents an entry in the HandlerList which
-// is being run.
-type HandlerListRunItem struct {
-	Index   int
-	Handler NamedHandler
-	Request *Request
-}
-
-// A HandlerList manages zero or more handlers in a list.
-type HandlerList struct {
-	list []NamedHandler
-
-	// Called after each request handler in the list is called. If set
-	// and the func returns true the HandlerList will continue to iterate
-	// over the request handlers. If false is returned the HandlerList
-	// will stop iterating.
-	//
-	// Should be used if extra logic to be performed between each handler
-	// in the list. This can be used to terminate a list's iteration
-	// based on a condition such as error like, HandlerListStopOnError.
-	// Or for logging like HandlerListLogItem.
-	AfterEachFn func(item HandlerListRunItem) bool
-}
-
-// A NamedHandler is a struct that contains a name and function callback.
-type NamedHandler struct {
-	Name string
-	Fn   func(*Request)
-}
-
-// copy creates a copy of the handler list.
-func (l *HandlerList) copy() HandlerList {
-	n := HandlerList{
-		AfterEachFn: l.AfterEachFn,
-	}
-	if len(l.list) == 0 {
-		return n
-	}
-
-	n.list = append(make([]NamedHandler, 0, len(l.list)), l.list...)
-	return n
-}
-
-// Clear clears the handler list.
-func (l *HandlerList) Clear() {
-	l.list = l.list[0:0]
-}
-
-// Len returns the number of handlers in the list.
-func (l *HandlerList) Len() int {
-	return len(l.list)
-}
-
-// PushBack pushes handler f to the back of the handler list.
-func (l *HandlerList) PushBack(f func(*Request)) {
-	l.PushBackNamed(NamedHandler{"__anonymous", f})
-}
-
-// PushBackNamed pushes named handler f to the back of the handler list.
-func (l *HandlerList) PushBackNamed(n NamedHandler) {
-	if cap(l.list) == 0 {
-		l.list = make([]NamedHandler, 0, 5)
-	}
-	l.list = append(l.list, n)
-}
-
-// PushFront pushes handler f to the front of the handler list.
-func (l *HandlerList) PushFront(f func(*Request)) {
-	l.PushFrontNamed(NamedHandler{"__anonymous", f})
-}
-
-// PushFrontNamed pushes named handler f to the front of the handler list.
-func (l *HandlerList) PushFrontNamed(n NamedHandler) {
-	if cap(l.list) == len(l.list) {
-		// Allocating new list required
-		l.list = append([]NamedHandler{n}, l.list...)
-	} else {
-		// Enough room to prepend into list.
-		l.list = append(l.list, NamedHandler{})
-		copy(l.list[1:], l.list)
-		l.list[0] = n
-	}
-}
-
-// Remove removes a NamedHandler n
-func (l *HandlerList) Remove(n NamedHandler) {
-	l.RemoveByName(n.Name)
-}
-
-// RemoveByName removes a NamedHandler by name.
-func (l *HandlerList) RemoveByName(name string) {
-	for i := 0; i < len(l.list); i++ {
-		m := l.list[i]
-		if m.Name == name {
-			// Shift array preventing creating new arrays
-			copy(l.list[i:], l.list[i+1:])
-			l.list[len(l.list)-1] = NamedHandler{}
-			l.list = l.list[:len(l.list)-1]
-
-			// decrement list so next check to length is correct
-			i--
-		}
-	}
-}
-
-// SwapNamed will swap out any existing handlers with the same name as the
-// passed in NamedHandler returning true if handlers were swapped. False is
-// returned otherwise.
-func (l *HandlerList) SwapNamed(n NamedHandler) (swapped bool) {
-	for i := 0; i < len(l.list); i++ {
-		if l.list[i].Name == n.Name {
-			l.list[i].Fn = n.Fn
-			swapped = true
-		}
-	}
-
-	return swapped
-}
-
-// Swap will swap out all handlers matching the name passed in. The matched
-// handlers will be swapped in. True is returned if the handlers were swapped.
-func (l *HandlerList) Swap(name string, replace NamedHandler) bool {
-	var swapped bool
-
-	for i := 0; i < len(l.list); i++ {
-		if l.list[i].Name == name {
-			l.list[i] = replace
-			swapped = true
-		}
-	}
-
-	return swapped
-}
-
-// SetBackNamed will replace the named handler if it exists in the handler list.
-// If the handler does not exist the handler will be added to the end of the list.
-func (l *HandlerList) SetBackNamed(n NamedHandler) {
-	if !l.SwapNamed(n) {
-		l.PushBackNamed(n)
-	}
-}
-
-// SetFrontNamed will replace the named handler if it exists in the handler list.
-// If the handler does not exist the handler will be added to the beginning of
-// the list.
-func (l *HandlerList) SetFrontNamed(n NamedHandler) {
-	if !l.SwapNamed(n) {
-		l.PushFrontNamed(n)
-	}
-}
-
-// Run executes all handlers in the list with a given request object.
-func (l *HandlerList) Run(r *Request) {
-	for i, h := range l.list {
-		h.Fn(r)
-		item := HandlerListRunItem{
-			Index: i, Handler: h, Request: r,
-		}
-		if l.AfterEachFn != nil && !l.AfterEachFn(item) {
-			return
-		}
-	}
-}
-
-// HandlerListLogItem logs the request handler and the state of the
-// request's Error value. Always returns true to continue iterating
-// request handlers in a HandlerList.
-func HandlerListLogItem(item HandlerListRunItem) bool {
-	if item.Request.Config.Logger == nil {
-		return true
-	}
-	item.Request.Config.Logger.Log("DEBUG: RequestHandler",
-		item.Index, item.Handler.Name, item.Request.Error)
-
-	return true
-}
-
-// HandlerListStopOnError returns false to stop the HandlerList iterating
-// over request handlers if Request.Error is not nil. True otherwise
-// to continue iterating.
-func HandlerListStopOnError(item HandlerListRunItem) bool {
-	return item.Request.Error == nil
-}
-
-// WithAppendUserAgent will add a string to the user agent prefixed with a
-// single white space.
-func WithAppendUserAgent(s string) Option {
-	return func(r *Request) {
-		r.Handlers.Build.PushBack(func(r2 *Request) {
-			AddToUserAgent(r, s)
-		})
-	}
-}
-
-// MakeAddToUserAgentHandler will add the name/version pair to the User-Agent request
-// header. If the extra parameters are provided they will be added as metadata to the
-// name/version pair resulting in the following format.
-// "name/version (extra0; extra1; ...)"
-// The user agent part will be concatenated with this current request's user agent string.
-func MakeAddToUserAgentHandler(name, version string, extra ...string) func(*Request) {
-	ua := fmt.Sprintf("%s/%s", name, version)
-	if len(extra) > 0 {
-		ua += fmt.Sprintf(" (%s)", strings.Join(extra, "; "))
-	}
-	return func(r *Request) {
-		AddToUserAgent(r, ua)
-	}
-}
-
-// MakeAddToUserAgentFreeFormHandler adds the input to the User-Agent request header.
-// The input string will be concatenated with the current request's user agent string.
-func MakeAddToUserAgentFreeFormHandler(s string) func(*Request) {
-	return func(r *Request) {
-		AddToUserAgent(r, s)
-	}
-}
-
-// WithSetRequestHeaders updates the operation request's HTTP header to contain
-// the header key value pairs provided. If the header key already exists in the
-// request's HTTP header set, the existing value(s) will be replaced.
-//
-// Header keys added will be added as canonical format with title casing
-// applied via http.Header.Set method.
-func WithSetRequestHeaders(h map[string]string) Option {
-	return withRequestHeader(h).SetRequestHeaders
-}
-
-type withRequestHeader map[string]string
-
-func (h withRequestHeader) SetRequestHeaders(r *Request) {
-	for k, v := range h {
-		r.HTTPRequest.Header.Set(k, v)
-	}
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/request/http_request.go b/vendor/github.com/aws/aws-sdk-go/aws/request/http_request.go
deleted file mode 100644
index 79f79602b..000000000
--- a/vendor/github.com/aws/aws-sdk-go/aws/request/http_request.go
+++ /dev/null
@@ -1,24 +0,0 @@
-package request
-
-import (
-	"io"
-	"net/http"
-	"net/url"
-)
-
-func copyHTTPRequest(r *http.Request, body io.ReadCloser) *http.Request {
-	req := new(http.Request)
-	*req = *r
-	req.URL = &url.URL{}
-	*req.URL = *r.URL
-	req.Body = body
-
-	req.Header = http.Header{}
-	for k, v := range r.Header {
-		for _, vv := range v {
-			req.Header.Add(k, vv)
-		}
-	}
-
-	return req
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/request/offset_reader.go b/vendor/github.com/aws/aws-sdk-go/aws/request/offset_reader.go
deleted file mode 100644
index 9370fa50c..000000000
--- a/vendor/github.com/aws/aws-sdk-go/aws/request/offset_reader.go
+++ /dev/null
@@ -1,65 +0,0 @@
-package request
-
-import (
-	"io"
-	"sync"
-
-	"github.com/aws/aws-sdk-go/internal/sdkio"
-)
-
-// offsetReader is a thread-safe io.ReadCloser to prevent racing
-// with retrying requests
-type offsetReader struct {
-	buf    io.ReadSeeker
-	lock   sync.Mutex
-	closed bool
-}
-
-func newOffsetReader(buf io.ReadSeeker, offset int64) (*offsetReader, error) {
-	reader := &offsetReader{}
-	_, err := buf.Seek(offset, sdkio.SeekStart)
-	if err != nil {
-		return nil, err
-	}
-
-	reader.buf = buf
-	return reader, nil
-}
-
-// Close will close the instance of the offset reader's access to
-// the underlying io.ReadSeeker.
-func (o *offsetReader) Close() error {
-	o.lock.Lock()
-	defer o.lock.Unlock()
-	o.closed = true
-	return nil
-}
-
-// Read is a thread-safe read of the underlying io.ReadSeeker
-func (o *offsetReader) Read(p []byte) (int, error) {
-	o.lock.Lock()
-	defer o.lock.Unlock()
-
-	if o.closed {
-		return 0, io.EOF
-	}
-
-	return o.buf.Read(p)
-}
-
-// Seek is a thread-safe seeking operation.
-func (o *offsetReader) Seek(offset int64, whence int) (int64, error) {
-	o.lock.Lock()
-	defer o.lock.Unlock()
-
-	return o.buf.Seek(offset, whence)
-}
-
-// CloseAndCopy will return a new offsetReader with a copy of the old buffer
-// and close the old buffer.
-func (o *offsetReader) CloseAndCopy(offset int64) (*offsetReader, error) {
-	if err := o.Close(); err != nil {
-		return nil, err
-	}
-	return newOffsetReader(o.buf, offset)
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/request/request.go b/vendor/github.com/aws/aws-sdk-go/aws/request/request.go
deleted file mode 100644
index 636d9ec94..000000000
--- a/vendor/github.com/aws/aws-sdk-go/aws/request/request.go
+++ /dev/null
@@ -1,722 +0,0 @@
-package request
-
-import (
-	"bytes"
-	"fmt"
-	"io"
-	"io/ioutil"
-	"net/http"
-	"net/url"
-	"reflect"
-	"strings"
-	"time"
-
-	"github.com/aws/aws-sdk-go/aws"
-	"github.com/aws/aws-sdk-go/aws/awserr"
-	"github.com/aws/aws-sdk-go/aws/client/metadata"
-	"github.com/aws/aws-sdk-go/internal/sdkio"
-)
-
-const (
-	// ErrCodeSerialization is the serialization error code that is received
-	// during protocol unmarshaling.
-	ErrCodeSerialization = "SerializationError"
-
-	// ErrCodeRead is an error that is returned during HTTP reads.
-	ErrCodeRead = "ReadError"
-
-	// ErrCodeResponseTimeout is the connection timeout error that is received
-	// during body reads.
-	ErrCodeResponseTimeout = "ResponseTimeout"
-
-	// ErrCodeInvalidPresignExpire is returned when the expire time provided to
-	// presign is invalid
-	ErrCodeInvalidPresignExpire = "InvalidPresignExpireError"
-
-	// CanceledErrorCode is the error code that will be returned by an
-	// API request that was canceled. Requests given a aws.Context may
-	// return this error when canceled.
-	CanceledErrorCode = "RequestCanceled"
-
-	// ErrCodeRequestError is an error preventing the SDK from continuing to
-	// process the request.
-	ErrCodeRequestError = "RequestError"
-)
-
-// A Request is the service request to be made.
-type Request struct {
-	Config     aws.Config
-	ClientInfo metadata.ClientInfo
-	Handlers   Handlers
-
-	Retryer
-	AttemptTime            time.Time
-	Time                   time.Time
-	Operation              *Operation
-	HTTPRequest            *http.Request
-	HTTPResponse           *http.Response
-	Body                   io.ReadSeeker
-	streamingBody          io.ReadCloser
-	BodyStart              int64 // offset from beginning of Body that the request body starts
-	Params                 interface{}
-	Error                  error
-	Data                   interface{}
-	RequestID              string
-	RetryCount             int
-	Retryable              *bool
-	RetryDelay             time.Duration
-	NotHoist               bool
-	SignedHeaderVals       http.Header
-	LastSignedAt           time.Time
-	DisableFollowRedirects bool
-
-	// Additional API error codes that should be retried. IsErrorRetryable
-	// will consider these codes in addition to its built in cases.
-	RetryErrorCodes []string
-
-	// Additional API error codes that should be retried with throttle backoff
-	// delay. IsErrorThrottle will consider these codes in addition to its
-	// built in cases.
-	ThrottleErrorCodes []string
-
-	// A value greater than 0 instructs the request to be signed as Presigned URL
-	// You should not set this field directly. Instead use Request's
-	// Presign or PresignRequest methods.
-	ExpireTime time.Duration
-
-	context aws.Context
-
-	built bool
-
-	// Need to persist an intermediate body between the input Body and HTTP
-	// request body because the HTTP Client's transport can maintain a reference
-	// to the HTTP request's body after the client has returned. This value is
-	// safe to use concurrently and wrap the input Body for each HTTP request.
-	safeBody *offsetReader
-}
-
-// An Operation is the service API operation to be made.
-type Operation struct {
-	Name       string
-	HTTPMethod string
-	HTTPPath   string
-	*Paginator
-
-	BeforePresignFn func(r *Request) error
-}
-
-// New returns a new Request pointer for the service API operation and
-// parameters.
-//
-// A Retryer should be provided to direct how the request is retried. If
-// Retryer is nil, a default no retry value will be used. You can use
-// NoOpRetryer in the Client package to disable retry behavior directly.
-//
-// Params is any value of input parameters to be the request payload.
-// Data is pointer value to an object which the request's response
-// payload will be deserialized to.
-func New(cfg aws.Config, clientInfo metadata.ClientInfo, handlers Handlers,
-	retryer Retryer, operation *Operation, params interface{}, data interface{}) *Request {
-
-	if retryer == nil {
-		retryer = noOpRetryer{}
-	}
-
-	method := operation.HTTPMethod
-	if method == "" {
-		method = "POST"
-	}
-
-	httpReq, _ := http.NewRequest(method, "", nil)
-
-	var err error
-	httpReq.URL, err = url.Parse(clientInfo.Endpoint)
-	if err != nil {
-		httpReq.URL = &url.URL{}
-		err = awserr.New("InvalidEndpointURL", "invalid endpoint uri", err)
-	}
-
-	if len(operation.HTTPPath) != 0 {
-		opHTTPPath := operation.HTTPPath
-		var opQueryString string
-		if idx := strings.Index(opHTTPPath, "?"); idx >= 0 {
-			opQueryString = opHTTPPath[idx+1:]
-			opHTTPPath = opHTTPPath[:idx]
-		}
-
-		if strings.HasSuffix(httpReq.URL.Path, "/") && strings.HasPrefix(opHTTPPath, "/") {
-			opHTTPPath = opHTTPPath[1:]
-		}
-		httpReq.URL.Path += opHTTPPath
-		httpReq.URL.RawQuery = opQueryString
-	}
-
-	r := &Request{
-		Config:     cfg,
-		ClientInfo: clientInfo,
-		Handlers:   handlers.Copy(),
-
-		Retryer:     retryer,
-		Time:        time.Now(),
-		ExpireTime:  0,
-		Operation:   operation,
-		HTTPRequest: httpReq,
-		Body:        nil,
-		Params:      params,
-		Error:       err,
-		Data:        data,
-	}
-	r.SetBufferBody([]byte{})
-
-	return r
-}
-
-// A Option is a functional option that can augment or modify a request when
-// using a WithContext API operation method.
-type Option func(*Request)
-
-// WithGetResponseHeader builds a request Option which will retrieve a single
-// header value from the HTTP Response. If there are multiple values for the
-// header key use WithGetResponseHeaders instead to access the http.Header
-// map directly. The passed in val pointer must be non-nil.
-//
-// This Option can be used multiple times with a single API operation.
-//
-//    var id2, versionID string
-//    svc.PutObjectWithContext(ctx, params,
-//        request.WithGetResponseHeader("x-amz-id-2", &id2),
-//        request.WithGetResponseHeader("x-amz-version-id", &versionID),
-//    )
-func WithGetResponseHeader(key string, val *string) Option {
-	return func(r *Request) {
-		r.Handlers.Complete.PushBack(func(req *Request) {
-			*val = req.HTTPResponse.Header.Get(key)
-		})
-	}
-}
-
-// WithGetResponseHeaders builds a request Option which will retrieve the
-// headers from the HTTP response and assign them to the passed in headers
-// variable. The passed in headers pointer must be non-nil.
-//
-//    var headers http.Header
-//    svc.PutObjectWithContext(ctx, params, request.WithGetResponseHeaders(&headers))
-func WithGetResponseHeaders(headers *http.Header) Option {
-	return func(r *Request) {
-		r.Handlers.Complete.PushBack(func(req *Request) {
-			*headers = req.HTTPResponse.Header
-		})
-	}
-}
-
-// WithLogLevel is a request option that will set the request to use a specific
-// log level when the request is made.
-//
-//     svc.PutObjectWithContext(ctx, params, request.WithLogLevel(aws.LogDebugWithHTTPBody)
-func WithLogLevel(l aws.LogLevelType) Option {
-	return func(r *Request) {
-		r.Config.LogLevel = aws.LogLevel(l)
-	}
-}
-
-// ApplyOptions will apply each option to the request calling them in the order
-// the were provided.
-func (r *Request) ApplyOptions(opts ...Option) {
-	for _, opt := range opts {
-		opt(r)
-	}
-}
-
-// Context will always returns a non-nil context. If Request does not have a
-// context aws.BackgroundContext will be returned.
-func (r *Request) Context() aws.Context {
-	if r.context != nil {
-		return r.context
-	}
-	return aws.BackgroundContext()
-}
-
-// SetContext adds a Context to the current request that can be used to cancel
-// a in-flight request. The Context value must not be nil, or this method will
-// panic.
-//
-// Unlike http.Request.WithContext, SetContext does not return a copy of the
-// Request. It is not safe to use use a single Request value for multiple
-// requests. A new Request should be created for each API operation request.
-//
-// Go 1.6 and below:
-// The http.Request's Cancel field will be set to the Done() value of
-// the context. This will overwrite the Cancel field's value.
-//
-// Go 1.7 and above:
-// The http.Request.WithContext will be used to set the context on the underlying
-// http.Request. This will create a shallow copy of the http.Request. The SDK
-// may create sub contexts in the future for nested requests such as retries.
-func (r *Request) SetContext(ctx aws.Context) {
-	if ctx == nil {
-		panic("context cannot be nil")
-	}
-	setRequestContext(r, ctx)
-}
-
-// WillRetry returns if the request's can be retried.
-func (r *Request) WillRetry() bool {
-	if !aws.IsReaderSeekable(r.Body) && r.HTTPRequest.Body != NoBody {
-		return false
-	}
-	return r.Error != nil && aws.BoolValue(r.Retryable) && r.RetryCount < r.MaxRetries()
-}
-
-func fmtAttemptCount(retryCount, maxRetries int) string {
-	return fmt.Sprintf("attempt %v/%v", retryCount, maxRetries)
-}
-
-// ParamsFilled returns if the request's parameters have been populated
-// and the parameters are valid. False is returned if no parameters are
-// provided or invalid.
-func (r *Request) ParamsFilled() bool {
-	return r.Params != nil && reflect.ValueOf(r.Params).Elem().IsValid()
-}
-
-// DataFilled returns true if the request's data for response deserialization
-// target has been set and is a valid. False is returned if data is not
-// set, or is invalid.
-func (r *Request) DataFilled() bool {
-	return r.Data != nil && reflect.ValueOf(r.Data).Elem().IsValid()
-}
-
-// SetBufferBody will set the request's body bytes that will be sent to
-// the service API.
-func (r *Request) SetBufferBody(buf []byte) {
-	r.SetReaderBody(bytes.NewReader(buf))
-}
-
-// SetStringBody sets the body of the request to be backed by a string.
-func (r *Request) SetStringBody(s string) {
-	r.SetReaderBody(strings.NewReader(s))
-}
-
-// SetReaderBody will set the request's body reader.
-func (r *Request) SetReaderBody(reader io.ReadSeeker) {
-	r.Body = reader
-
-	if aws.IsReaderSeekable(reader) {
-		var err error
-		// Get the Bodies current offset so retries will start from the same
-		// initial position.
-		r.BodyStart, err = reader.Seek(0, sdkio.SeekCurrent)
-		if err != nil {
-			r.Error = awserr.New(ErrCodeSerialization,
-				"failed to determine start of request body", err)
-			return
-		}
-	}
-	r.ResetBody()
-}
-
-// SetStreamingBody set the reader to be used for the request that will stream
-// bytes to the server. Request's Body must not be set to any reader.
-func (r *Request) SetStreamingBody(reader io.ReadCloser) {
-	r.streamingBody = reader
-	r.SetReaderBody(aws.ReadSeekCloser(reader))
-}
-
-// Presign returns the request's signed URL. Error will be returned
-// if the signing fails. The expire parameter is only used for presigned Amazon
-// S3 API requests. All other AWS services will use a fixed expiration
-// time of 15 minutes.
-//
-// It is invalid to create a presigned URL with a expire duration 0 or less. An
-// error is returned if expire duration is 0 or less.
-func (r *Request) Presign(expire time.Duration) (string, error) {
-	r = r.copy()
-
-	// Presign requires all headers be hoisted. There is no way to retrieve
-	// the signed headers not hoisted without this. Making the presigned URL
-	// useless.
-	r.NotHoist = false
-
-	u, _, err := getPresignedURL(r, expire)
-	return u, err
-}
-
-// PresignRequest behaves just like presign, with the addition of returning a
-// set of headers that were signed. The expire parameter is only used for
-// presigned Amazon S3 API requests. All other AWS services will use a fixed
-// expiration time of 15 minutes.
-//
-// It is invalid to create a presigned URL with a expire duration 0 or less. An
-// error is returned if expire duration is 0 or less.
-//
-// Returns the URL string for the API operation with signature in the query string,
-// and the HTTP headers that were included in the signature. These headers must
-// be included in any HTTP request made with the presigned URL.
-//
-// To prevent hoisting any headers to the query string set NotHoist to true on
-// this Request value prior to calling PresignRequest.
-func (r *Request) PresignRequest(expire time.Duration) (string, http.Header, error) {
-	r = r.copy()
-	return getPresignedURL(r, expire)
-}
-
-// IsPresigned returns true if the request represents a presigned API url.
-func (r *Request) IsPresigned() bool {
-	return r.ExpireTime != 0
-}
-
-func getPresignedURL(r *Request, expire time.Duration) (string, http.Header, error) {
-	if expire <= 0 {
-		return "", nil, awserr.New(
-			ErrCodeInvalidPresignExpire,
-			"presigned URL requires an expire duration greater than 0",
-			nil,
-		)
-	}
-
-	r.ExpireTime = expire
-
-	if r.Operation.BeforePresignFn != nil {
-		if err := r.Operation.BeforePresignFn(r); err != nil {
-			return "", nil, err
-		}
-	}
-
-	if err := r.Sign(); err != nil {
-		return "", nil, err
-	}
-
-	return r.HTTPRequest.URL.String(), r.SignedHeaderVals, nil
-}
-
-const (
-	notRetrying = "not retrying"
-)
-
-func debugLogReqError(r *Request, stage, retryStr string, err error) {
-	if !r.Config.LogLevel.Matches(aws.LogDebugWithRequestErrors) {
-		return
-	}
-
-	r.Config.Logger.Log(fmt.Sprintf("DEBUG: %s %s/%s failed, %s, error %v",
-		stage, r.ClientInfo.ServiceName, r.Operation.Name, retryStr, err))
-}
-
-// Build will build the request's object so it can be signed and sent
-// to the service. Build will also validate all the request's parameters.
-// Any additional build Handlers set on this request will be run
-// in the order they were set.
-//
-// The request will only be built once. Multiple calls to build will have
-// no effect.
-//
-// If any Validate or Build errors occur the build will stop and the error
-// which occurred will be returned.
-func (r *Request) Build() error {
-	if !r.built {
-		r.Handlers.Validate.Run(r)
-		if r.Error != nil {
-			debugLogReqError(r, "Validate Request", notRetrying, r.Error)
-			return r.Error
-		}
-		r.Handlers.Build.Run(r)
-		if r.Error != nil {
-			debugLogReqError(r, "Build Request", notRetrying, r.Error)
-			return r.Error
-		}
-		r.built = true
-	}
-
-	return r.Error
-}
-
-// Sign will sign the request, returning error if errors are encountered.
-//
-// Sign will build the request prior to signing. All Sign Handlers will
-// be executed in the order they were set.
-func (r *Request) Sign() error {
-	r.Build()
-	if r.Error != nil {
-		debugLogReqError(r, "Build Request", notRetrying, r.Error)
-		return r.Error
-	}
-
-	SanitizeHostForHeader(r.HTTPRequest)
-
-	r.Handlers.Sign.Run(r)
-	return r.Error
-}
-
-func (r *Request) getNextRequestBody() (body io.ReadCloser, err error) {
-	if r.streamingBody != nil {
-		return r.streamingBody, nil
-	}
-
-	if r.safeBody != nil {
-		r.safeBody.Close()
-	}
-
-	r.safeBody, err = newOffsetReader(r.Body, r.BodyStart)
-	if err != nil {
-		return nil, awserr.New(ErrCodeSerialization,
-			"failed to get next request body reader", err)
-	}
-
-	// Go 1.8 tightened and clarified the rules code needs to use when building
-	// requests with the http package. Go 1.8 removed the automatic detection
-	// of if the Request.Body was empty, or actually had bytes in it. The SDK
-	// always sets the Request.Body even if it is empty and should not actually
-	// be sent. This is incorrect.
-	//
-	// Go 1.8 did add a http.NoBody value that the SDK can use to tell the http
-	// client that the request really should be sent without a body. The
-	// Request.Body cannot be set to nil, which is preferable, because the
-	// field is exported and could introduce nil pointer dereferences for users
-	// of the SDK if they used that field.
-	//
-	// Related golang/go#18257
-	l, err := aws.SeekerLen(r.Body)
-	if err != nil {
-		return nil, awserr.New(ErrCodeSerialization,
-			"failed to compute request body size", err)
-	}
-
-	if l == 0 {
-		body = NoBody
-	} else if l > 0 {
-		body = r.safeBody
-	} else {
-		// Hack to prevent sending bodies for methods where the body
-		// should be ignored by the server. Sending bodies on these
-		// methods without an associated ContentLength will cause the
-		// request to socket timeout because the server does not handle
-		// Transfer-Encoding: chunked bodies for these methods.
-		//
-		// This would only happen if a aws.ReaderSeekerCloser was used with
-		// a io.Reader that was not also an io.Seeker, or did not implement
-		// Len() method.
-		switch r.Operation.HTTPMethod {
-		case "GET", "HEAD", "DELETE":
-			body = NoBody
-		default:
-			body = r.safeBody
-		}
-	}
-
-	return body, nil
-}
-
-// GetBody will return an io.ReadSeeker of the Request's underlying
-// input body with a concurrency safe wrapper.
-func (r *Request) GetBody() io.ReadSeeker {
-	return r.safeBody
-}
-
-// Send will send the request, returning error if errors are encountered.
-//
-// Send will sign the request prior to sending. All Send Handlers will
-// be executed in the order they were set.
-//
-// Canceling a request is non-deterministic. If a request has been canceled,
-// then the transport will choose, randomly, one of the state channels during
-// reads or getting the connection.
-//
-// readLoop() and getConn(req *Request, cm connectMethod)
-// https://github.com/golang/go/blob/master/src/net/http/transport.go
-//
-// Send will not close the request.Request's body.
-func (r *Request) Send() error {
-	defer func() {
-		// Ensure a non-nil HTTPResponse parameter is set to ensure handlers
-		// checking for HTTPResponse values, don't fail.
-		if r.HTTPResponse == nil {
-			r.HTTPResponse = &http.Response{
-				Header: http.Header{},
-				Body:   ioutil.NopCloser(&bytes.Buffer{}),
-			}
-		}
-		// Regardless of success or failure of the request trigger the Complete
-		// request handlers.
-		r.Handlers.Complete.Run(r)
-	}()
-
-	if err := r.Error; err != nil {
-		return err
-	}
-
-	for {
-		r.Error = nil
-		r.AttemptTime = time.Now()
-
-		if err := r.Sign(); err != nil {
-			debugLogReqError(r, "Sign Request", notRetrying, err)
-			return err
-		}
-
-		if err := r.sendRequest(); err == nil {
-			return nil
-		}
-		r.Handlers.Retry.Run(r)
-		r.Handlers.AfterRetry.Run(r)
-
-		if r.Error != nil || !aws.BoolValue(r.Retryable) {
-			return r.Error
-		}
-
-		if err := r.prepareRetry(); err != nil {
-			r.Error = err
-			return err
-		}
-	}
-}
-
-func (r *Request) prepareRetry() error {
-	if r.Config.LogLevel.Matches(aws.LogDebugWithRequestRetries) {
-		r.Config.Logger.Log(fmt.Sprintf("DEBUG: Retrying Request %s/%s, attempt %d",
-			r.ClientInfo.ServiceName, r.Operation.Name, r.RetryCount))
-	}
-
-	// The previous http.Request will have a reference to the r.Body
-	// and the HTTP Client's Transport may still be reading from
-	// the request's body even though the Client's Do returned.
-	r.HTTPRequest = copyHTTPRequest(r.HTTPRequest, nil)
-	r.ResetBody()
-	if err := r.Error; err != nil {
-		return awserr.New(ErrCodeSerialization,
-			"failed to prepare body for retry", err)
-
-	}
-
-	// Closing response body to ensure that no response body is leaked
-	// between retry attempts.
-	if r.HTTPResponse != nil && r.HTTPResponse.Body != nil {
-		r.HTTPResponse.Body.Close()
-	}
-
-	return nil
-}
-
-func (r *Request) sendRequest() (sendErr error) {
-	defer r.Handlers.CompleteAttempt.Run(r)
-
-	r.Retryable = nil
-	r.Handlers.Send.Run(r)
-	if r.Error != nil {
-		debugLogReqError(r, "Send Request",
-			fmtAttemptCount(r.RetryCount, r.MaxRetries()),
-			r.Error)
-		return r.Error
-	}
-
-	r.Handlers.UnmarshalMeta.Run(r)
-	r.Handlers.ValidateResponse.Run(r)
-	if r.Error != nil {
-		r.Handlers.UnmarshalError.Run(r)
-		debugLogReqError(r, "Validate Response",
-			fmtAttemptCount(r.RetryCount, r.MaxRetries()),
-			r.Error)
-		return r.Error
-	}
-
-	r.Handlers.Unmarshal.Run(r)
-	if r.Error != nil {
-		debugLogReqError(r, "Unmarshal Response",
-			fmtAttemptCount(r.RetryCount, r.MaxRetries()),
-			r.Error)
-		return r.Error
-	}
-
-	return nil
-}
-
-// copy will copy a request which will allow for local manipulation of the
-// request.
-func (r *Request) copy() *Request {
-	req := &Request{}
-	*req = *r
-	req.Handlers = r.Handlers.Copy()
-	op := *r.Operation
-	req.Operation = &op
-	return req
-}
-
-// AddToUserAgent adds the string to the end of the request's current user agent.
-func AddToUserAgent(r *Request, s string) {
-	curUA := r.HTTPRequest.Header.Get("User-Agent")
-	if len(curUA) > 0 {
-		s = curUA + " " + s
-	}
-	r.HTTPRequest.Header.Set("User-Agent", s)
-}
-
-// SanitizeHostForHeader removes default port from host and updates request.Host
-func SanitizeHostForHeader(r *http.Request) {
-	host := getHost(r)
-	port := portOnly(host)
-	if port != "" && isDefaultPort(r.URL.Scheme, port) {
-		r.Host = stripPort(host)
-	}
-}
-
-// Returns host from request
-func getHost(r *http.Request) string {
-	if r.Host != "" {
-		return r.Host
-	}
-
-	if r.URL == nil {
-		return ""
-	}
-
-	return r.URL.Host
-}
-
-// Hostname returns u.Host, without any port number.
-//
-// If Host is an IPv6 literal with a port number, Hostname returns the
-// IPv6 literal without the square brackets. IPv6 literals may include
-// a zone identifier.
-//
-// Copied from the Go 1.8 standard library (net/url)
-func stripPort(hostport string) string {
-	colon := strings.IndexByte(hostport, ':')
-	if colon == -1 {
-		return hostport
-	}
-	if i := strings.IndexByte(hostport, ']'); i != -1 {
-		return strings.TrimPrefix(hostport[:i], "[")
-	}
-	return hostport[:colon]
-}
-
-// Port returns the port part of u.Host, without the leading colon.
-// If u.Host doesn't contain a port, Port returns an empty string.
-//
-// Copied from the Go 1.8 standard library (net/url)
-func portOnly(hostport string) string {
-	colon := strings.IndexByte(hostport, ':')
-	if colon == -1 {
-		return ""
-	}
-	if i := strings.Index(hostport, "]:"); i != -1 {
-		return hostport[i+len("]:"):]
-	}
-	if strings.Contains(hostport, "]") {
-		return ""
-	}
-	return hostport[colon+len(":"):]
-}
-
-// Returns true if the specified URI is using the standard port
-// (i.e. port 80 for HTTP URIs or 443 for HTTPS URIs)
-func isDefaultPort(scheme, port string) bool {
-	if port == "" {
-		return true
-	}
-
-	lowerCaseScheme := strings.ToLower(scheme)
-	if (lowerCaseScheme == "http" && port == "80") || (lowerCaseScheme == "https" && port == "443") {
-		return true
-	}
-
-	return false
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/request/request_1_7.go b/vendor/github.com/aws/aws-sdk-go/aws/request/request_1_7.go
deleted file mode 100644
index 5921b8ff2..000000000
--- a/vendor/github.com/aws/aws-sdk-go/aws/request/request_1_7.go
+++ /dev/null
@@ -1,40 +0,0 @@
-//go:build !go1.8
-// +build !go1.8
-
-package request
-
-import "io"
-
-// NoBody is an io.ReadCloser with no bytes. Read always returns EOF
-// and Close always returns nil. It can be used in an outgoing client
-// request to explicitly signal that a request has zero bytes.
-// An alternative, however, is to simply set Request.Body to nil.
-//
-// Copy of Go 1.8 NoBody type from net/http/http.go
-type noBody struct{}
-
-func (noBody) Read([]byte) (int, error)         { return 0, io.EOF }
-func (noBody) Close() error                     { return nil }
-func (noBody) WriteTo(io.Writer) (int64, error) { return 0, nil }
-
-// NoBody is an empty reader that will trigger the Go HTTP client to not include
-// and body in the HTTP request.
-var NoBody = noBody{}
-
-// ResetBody rewinds the request body back to its starting position, and
-// sets the HTTP Request body reference. When the body is read prior
-// to being sent in the HTTP request it will need to be rewound.
-//
-// ResetBody will automatically be called by the SDK's build handler, but if
-// the request is being used directly ResetBody must be called before the request
-// is Sent.  SetStringBody, SetBufferBody, and SetReaderBody will automatically
-// call ResetBody.
-func (r *Request) ResetBody() {
-	body, err := r.getNextRequestBody()
-	if err != nil {
-		r.Error = err
-		return
-	}
-
-	r.HTTPRequest.Body = body
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/request/request_1_8.go b/vendor/github.com/aws/aws-sdk-go/aws/request/request_1_8.go
deleted file mode 100644
index ea643c9c4..000000000
--- a/vendor/github.com/aws/aws-sdk-go/aws/request/request_1_8.go
+++ /dev/null
@@ -1,37 +0,0 @@
-//go:build go1.8
-// +build go1.8
-
-package request
-
-import (
-	"net/http"
-
-	"github.com/aws/aws-sdk-go/aws/awserr"
-)
-
-// NoBody is a http.NoBody reader instructing Go HTTP client to not include
-// and body in the HTTP request.
-var NoBody = http.NoBody
-
-// ResetBody rewinds the request body back to its starting position, and
-// sets the HTTP Request body reference. When the body is read prior
-// to being sent in the HTTP request it will need to be rewound.
-//
-// ResetBody will automatically be called by the SDK's build handler, but if
-// the request is being used directly ResetBody must be called before the request
-// is Sent.  SetStringBody, SetBufferBody, and SetReaderBody will automatically
-// call ResetBody.
-//
-// Will also set the Go 1.8's http.Request.GetBody member to allow retrying
-// PUT/POST redirects.
-func (r *Request) ResetBody() {
-	body, err := r.getNextRequestBody()
-	if err != nil {
-		r.Error = awserr.New(ErrCodeSerialization,
-			"failed to reset request body", err)
-		return
-	}
-
-	r.HTTPRequest.Body = body
-	r.HTTPRequest.GetBody = r.getNextRequestBody
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/request/request_context.go b/vendor/github.com/aws/aws-sdk-go/aws/request/request_context.go
deleted file mode 100644
index d8c505302..000000000
--- a/vendor/github.com/aws/aws-sdk-go/aws/request/request_context.go
+++ /dev/null
@@ -1,15 +0,0 @@
-//go:build go1.7
-// +build go1.7
-
-package request
-
-import "github.com/aws/aws-sdk-go/aws"
-
-// setContext updates the Request to use the passed in context for cancellation.
-// Context will also be used for request retry delay.
-//
-// Creates shallow copy of the http.Request with the WithContext method.
-func setRequestContext(r *Request, ctx aws.Context) {
-	r.context = ctx
-	r.HTTPRequest = r.HTTPRequest.WithContext(ctx)
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/request/request_context_1_6.go b/vendor/github.com/aws/aws-sdk-go/aws/request/request_context_1_6.go
deleted file mode 100644
index 49a243ef2..000000000
--- a/vendor/github.com/aws/aws-sdk-go/aws/request/request_context_1_6.go
+++ /dev/null
@@ -1,15 +0,0 @@
-//go:build !go1.7
-// +build !go1.7
-
-package request
-
-import "github.com/aws/aws-sdk-go/aws"
-
-// setContext updates the Request to use the passed in context for cancellation.
-// Context will also be used for request retry delay.
-//
-// Creates shallow copy of the http.Request with the WithContext method.
-func setRequestContext(r *Request, ctx aws.Context) {
-	r.context = ctx
-	r.HTTPRequest.Cancel = ctx.Done()
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/request/request_pagination.go b/vendor/github.com/aws/aws-sdk-go/aws/request/request_pagination.go
deleted file mode 100644
index 64784e16f..000000000
--- a/vendor/github.com/aws/aws-sdk-go/aws/request/request_pagination.go
+++ /dev/null
@@ -1,266 +0,0 @@
-package request
-
-import (
-	"reflect"
-	"sync/atomic"
-
-	"github.com/aws/aws-sdk-go/aws"
-	"github.com/aws/aws-sdk-go/aws/awsutil"
-)
-
-// A Pagination provides paginating of SDK API operations which are paginatable.
-// Generally you should not use this type directly, but use the "Pages" API
-// operations method to automatically perform pagination for you. Such as,
-// "S3.ListObjectsPages", and "S3.ListObjectsPagesWithContext" methods.
-//
-// Pagination differs from a Paginator type in that pagination is the type that
-// does the pagination between API operations, and Paginator defines the
-// configuration that will be used per page request.
-//
-//     for p.Next() {
-//         data := p.Page().(*s3.ListObjectsOutput)
-//         // process the page's data
-//         // ...
-//         // break out of loop to stop fetching additional pages
-//     }
-//
-//     return p.Err()
-//
-// See service client API operation Pages methods for examples how the SDK will
-// use the Pagination type.
-type Pagination struct {
-	// Function to return a Request value for each pagination request.
-	// Any configuration or handlers that need to be applied to the request
-	// prior to getting the next page should be done here before the request
-	// returned.
-	//
-	// NewRequest should always be built from the same API operations. It is
-	// undefined if different API operations are returned on subsequent calls.
-	NewRequest func() (*Request, error)
-	// EndPageOnSameToken, when enabled, will allow the paginator to stop on
-	// token that are the same as its previous tokens.
-	EndPageOnSameToken bool
-
-	started    bool
-	prevTokens []interface{}
-	nextTokens []interface{}
-
-	err     error
-	curPage interface{}
-}
-
-// HasNextPage will return true if Pagination is able to determine that the API
-// operation has additional pages. False will be returned if there are no more
-// pages remaining.
-//
-// Will always return true if Next has not been called yet.
-func (p *Pagination) HasNextPage() bool {
-	if !p.started {
-		return true
-	}
-
-	hasNextPage := len(p.nextTokens) != 0
-	if p.EndPageOnSameToken {
-		return hasNextPage && !awsutil.DeepEqual(p.nextTokens, p.prevTokens)
-	}
-	return hasNextPage
-}
-
-// Err returns the error Pagination encountered when retrieving the next page.
-func (p *Pagination) Err() error {
-	return p.err
-}
-
-// Page returns the current page. Page should only be called after a successful
-// call to Next. It is undefined what Page will return if Page is called after
-// Next returns false.
-func (p *Pagination) Page() interface{} {
-	return p.curPage
-}
-
-// Next will attempt to retrieve the next page for the API operation. When a page
-// is retrieved true will be returned. If the page cannot be retrieved, or there
-// are no more pages false will be returned.
-//
-// Use the Page method to retrieve the current page data. The data will need
-// to be cast to the API operation's output type.
-//
-// Use the Err method to determine if an error occurred if Page returns false.
-func (p *Pagination) Next() bool {
-	if !p.HasNextPage() {
-		return false
-	}
-
-	req, err := p.NewRequest()
-	if err != nil {
-		p.err = err
-		return false
-	}
-
-	if p.started {
-		for i, intok := range req.Operation.InputTokens {
-			awsutil.SetValueAtPath(req.Params, intok, p.nextTokens[i])
-		}
-	}
-	p.started = true
-
-	err = req.Send()
-	if err != nil {
-		p.err = err
-		return false
-	}
-
-	p.prevTokens = p.nextTokens
-	p.nextTokens = req.nextPageTokens()
-	p.curPage = req.Data
-
-	return true
-}
-
-// A Paginator is the configuration data that defines how an API operation
-// should be paginated. This type is used by the API service models to define
-// the generated pagination config for service APIs.
-//
-// The Pagination type is what provides iterating between pages of an API. It
-// is only used to store the token metadata the SDK should use for performing
-// pagination.
-type Paginator struct {
-	InputTokens     []string
-	OutputTokens    []string
-	LimitToken      string
-	TruncationToken string
-}
-
-// nextPageTokens returns the tokens to use when asking for the next page of data.
-func (r *Request) nextPageTokens() []interface{} {
-	if r.Operation.Paginator == nil {
-		return nil
-	}
-	if r.Operation.TruncationToken != "" {
-		tr, _ := awsutil.ValuesAtPath(r.Data, r.Operation.TruncationToken)
-		if len(tr) == 0 {
-			return nil
-		}
-
-		switch v := tr[0].(type) {
-		case *bool:
-			if !aws.BoolValue(v) {
-				return nil
-			}
-		case bool:
-			if !v {
-				return nil
-			}
-		}
-	}
-
-	tokens := []interface{}{}
-	tokenAdded := false
-	for _, outToken := range r.Operation.OutputTokens {
-		vs, _ := awsutil.ValuesAtPath(r.Data, outToken)
-		if len(vs) == 0 {
-			tokens = append(tokens, nil)
-			continue
-		}
-		v := vs[0]
-
-		switch tv := v.(type) {
-		case *string:
-			if len(aws.StringValue(tv)) == 0 {
-				tokens = append(tokens, nil)
-				continue
-			}
-		case string:
-			if len(tv) == 0 {
-				tokens = append(tokens, nil)
-				continue
-			}
-		}
-
-		tokenAdded = true
-		tokens = append(tokens, v)
-	}
-	if !tokenAdded {
-		return nil
-	}
-
-	return tokens
-}
-
-// Ensure a deprecated item is only logged once instead of each time its used.
-func logDeprecatedf(logger aws.Logger, flag *int32, msg string) {
-	if logger == nil {
-		return
-	}
-	if atomic.CompareAndSwapInt32(flag, 0, 1) {
-		logger.Log(msg)
-	}
-}
-
-var (
-	logDeprecatedHasNextPage int32
-	logDeprecatedNextPage    int32
-	logDeprecatedEachPage    int32
-)
-
-// HasNextPage returns true if this request has more pages of data available.
-//
-// Deprecated Use Pagination type for configurable pagination of API operations
-func (r *Request) HasNextPage() bool {
-	logDeprecatedf(r.Config.Logger, &logDeprecatedHasNextPage,
-		"Request.HasNextPage deprecated. Use Pagination type for configurable pagination of API operations")
-
-	return len(r.nextPageTokens()) > 0
-}
-
-// NextPage returns a new Request that can be executed to return the next
-// page of result data. Call .Send() on this request to execute it.
-//
-// Deprecated Use Pagination type for configurable pagination of API operations
-func (r *Request) NextPage() *Request {
-	logDeprecatedf(r.Config.Logger, &logDeprecatedNextPage,
-		"Request.NextPage deprecated. Use Pagination type for configurable pagination of API operations")
-
-	tokens := r.nextPageTokens()
-	if len(tokens) == 0 {
-		return nil
-	}
-
-	data := reflect.New(reflect.TypeOf(r.Data).Elem()).Interface()
-	nr := New(r.Config, r.ClientInfo, r.Handlers, r.Retryer, r.Operation, awsutil.CopyOf(r.Params), data)
-	for i, intok := range nr.Operation.InputTokens {
-		awsutil.SetValueAtPath(nr.Params, intok, tokens[i])
-	}
-	return nr
-}
-
-// EachPage iterates over each page of a paginated request object. The fn
-// parameter should be a function with the following sample signature:
-//
-//   func(page *T, lastPage bool) bool {
-//       return true // return false to stop iterating
-//   }
-//
-// Where "T" is the structure type matching the output structure of the given
-// operation. For example, a request object generated by
-// DynamoDB.ListTablesRequest() would expect to see dynamodb.ListTablesOutput
-// as the structure "T". The lastPage value represents whether the page is
-// the last page of data or not. The return value of this function should
-// return true to keep iterating or false to stop.
-//
-// Deprecated Use Pagination type for configurable pagination of API operations
-func (r *Request) EachPage(fn func(data interface{}, isLastPage bool) (shouldContinue bool)) error {
-	logDeprecatedf(r.Config.Logger, &logDeprecatedEachPage,
-		"Request.EachPage deprecated. Use Pagination type for configurable pagination of API operations")
-
-	for page := r; page != nil; page = page.NextPage() {
-		if err := page.Send(); err != nil {
-			return err
-		}
-		if getNextPage := fn(page.Data, !page.HasNextPage()); !getNextPage {
-			return page.Error
-		}
-	}
-
-	return nil
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/request/retryer.go b/vendor/github.com/aws/aws-sdk-go/aws/request/retryer.go
deleted file mode 100644
index 3f0001f91..000000000
--- a/vendor/github.com/aws/aws-sdk-go/aws/request/retryer.go
+++ /dev/null
@@ -1,309 +0,0 @@
-package request
-
-import (
-	"net"
-	"net/url"
-	"strings"
-	"time"
-
-	"github.com/aws/aws-sdk-go/aws"
-	"github.com/aws/aws-sdk-go/aws/awserr"
-)
-
-// Retryer provides the interface drive the SDK's request retry behavior. The
-// Retryer implementation is responsible for implementing exponential backoff,
-// and determine if a request API error should be retried.
-//
-// client.DefaultRetryer is the SDK's default implementation of the Retryer. It
-// uses the Request.IsErrorRetryable and Request.IsErrorThrottle methods to
-// determine if the request is retried.
-type Retryer interface {
-	// RetryRules return the retry delay that should be used by the SDK before
-	// making another request attempt for the failed request.
-	RetryRules(*Request) time.Duration
-
-	// ShouldRetry returns if the failed request is retryable.
-	//
-	// Implementations may consider request attempt count when determining if a
-	// request is retryable, but the SDK will use MaxRetries to limit the
-	// number of attempts a request are made.
-	ShouldRetry(*Request) bool
-
-	// MaxRetries is the number of times a request may be retried before
-	// failing.
-	MaxRetries() int
-}
-
-// WithRetryer sets a Retryer value to the given Config returning the Config
-// value for chaining. The value must not be nil.
-func WithRetryer(cfg *aws.Config, retryer Retryer) *aws.Config {
-	if retryer == nil {
-		if cfg.Logger != nil {
-			cfg.Logger.Log("ERROR: Request.WithRetryer called with nil retryer. Replacing with retry disabled Retryer.")
-		}
-		retryer = noOpRetryer{}
-	}
-	cfg.Retryer = retryer
-	return cfg
-
-}
-
-// noOpRetryer is a internal no op retryer used when a request is created
-// without a retryer.
-//
-// Provides a retryer that performs no retries.
-// It should be used when we do not want retries to be performed.
-type noOpRetryer struct{}
-
-// MaxRetries returns the number of maximum returns the service will use to make
-// an individual API; For NoOpRetryer the MaxRetries will always be zero.
-func (d noOpRetryer) MaxRetries() int {
-	return 0
-}
-
-// ShouldRetry will always return false for NoOpRetryer, as it should never retry.
-func (d noOpRetryer) ShouldRetry(_ *Request) bool {
-	return false
-}
-
-// RetryRules returns the delay duration before retrying this request again;
-// since NoOpRetryer does not retry, RetryRules always returns 0.
-func (d noOpRetryer) RetryRules(_ *Request) time.Duration {
-	return 0
-}
-
-// retryableCodes is a collection of service response codes which are retry-able
-// without any further action.
-var retryableCodes = map[string]struct{}{
-	ErrCodeRequestError:       {},
-	"RequestTimeout":          {},
-	ErrCodeResponseTimeout:    {},
-	"RequestTimeoutException": {}, // Glacier's flavor of RequestTimeout
-}
-
-var throttleCodes = map[string]struct{}{
-	"ProvisionedThroughputExceededException": {},
-	"ThrottledException":                     {}, // SNS, XRay, ResourceGroupsTagging API
-	"Throttling":                             {},
-	"ThrottlingException":                    {},
-	"RequestLimitExceeded":                   {},
-	"RequestThrottled":                       {},
-	"RequestThrottledException":              {},
-	"TooManyRequestsException":               {}, // Lambda functions
-	"PriorRequestNotComplete":                {}, // Route53
-	"TransactionInProgressException":         {},
-	"EC2ThrottledException":                  {}, // EC2
-}
-
-// credsExpiredCodes is a collection of error codes which signify the credentials
-// need to be refreshed. Expired tokens require refreshing of credentials, and
-// resigning before the request can be retried.
-var credsExpiredCodes = map[string]struct{}{
-	"ExpiredToken":          {},
-	"ExpiredTokenException": {},
-	"RequestExpired":        {}, // EC2 Only
-}
-
-func isCodeThrottle(code string) bool {
-	_, ok := throttleCodes[code]
-	return ok
-}
-
-func isCodeRetryable(code string) bool {
-	if _, ok := retryableCodes[code]; ok {
-		return true
-	}
-
-	return isCodeExpiredCreds(code)
-}
-
-func isCodeExpiredCreds(code string) bool {
-	_, ok := credsExpiredCodes[code]
-	return ok
-}
-
-var validParentCodes = map[string]struct{}{
-	ErrCodeSerialization: {},
-	ErrCodeRead:          {},
-}
-
-func isNestedErrorRetryable(parentErr awserr.Error) bool {
-	if parentErr == nil {
-		return false
-	}
-
-	if _, ok := validParentCodes[parentErr.Code()]; !ok {
-		return false
-	}
-
-	err := parentErr.OrigErr()
-	if err == nil {
-		return false
-	}
-
-	if aerr, ok := err.(awserr.Error); ok {
-		return isCodeRetryable(aerr.Code())
-	}
-
-	if t, ok := err.(temporary); ok {
-		return t.Temporary() || isErrConnectionReset(err)
-	}
-
-	return isErrConnectionReset(err)
-}
-
-// IsErrorRetryable returns whether the error is retryable, based on its Code.
-// Returns false if error is nil.
-func IsErrorRetryable(err error) bool {
-	if err == nil {
-		return false
-	}
-	return shouldRetryError(err)
-}
-
-type temporary interface {
-	Temporary() bool
-}
-
-func shouldRetryError(origErr error) bool {
-	switch err := origErr.(type) {
-	case awserr.Error:
-		if err.Code() == CanceledErrorCode {
-			return false
-		}
-		if isNestedErrorRetryable(err) {
-			return true
-		}
-
-		origErr := err.OrigErr()
-		var shouldRetry bool
-		if origErr != nil {
-			shouldRetry = shouldRetryError(origErr)
-			if err.Code() == ErrCodeRequestError && !shouldRetry {
-				return false
-			}
-		}
-		if isCodeRetryable(err.Code()) {
-			return true
-		}
-		return shouldRetry
-
-	case *url.Error:
-		if strings.Contains(err.Error(), "connection refused") {
-			// Refused connections should be retried as the service may not yet
-			// be running on the port. Go TCP dial considers refused
-			// connections as not temporary.
-			return true
-		}
-		// *url.Error only implements Temporary after golang 1.6 but since
-		// url.Error only wraps the error:
-		return shouldRetryError(err.Err)
-
-	case temporary:
-		if netErr, ok := err.(*net.OpError); ok && netErr.Op == "dial" {
-			return true
-		}
-		// If the error is temporary, we want to allow continuation of the
-		// retry process
-		return err.Temporary() || isErrConnectionReset(origErr)
-
-	case nil:
-		// `awserr.Error.OrigErr()` can be nil, meaning there was an error but
-		// because we don't know the cause, it is marked as retryable. See
-		// TestRequest4xxUnretryable for an example.
-		return true
-
-	default:
-		switch err.Error() {
-		case "net/http: request canceled",
-			"net/http: request canceled while waiting for connection":
-			// known 1.5 error case when an http request is cancelled
-			return false
-		}
-		// here we don't know the error; so we allow a retry.
-		return true
-	}
-}
-
-// IsErrorThrottle returns whether the error is to be throttled based on its code.
-// Returns false if error is nil.
-func IsErrorThrottle(err error) bool {
-	if aerr, ok := err.(awserr.Error); ok && aerr != nil {
-		return isCodeThrottle(aerr.Code())
-	}
-	return false
-}
-
-// IsErrorExpiredCreds returns whether the error code is a credential expiry
-// error. Returns false if error is nil.
-func IsErrorExpiredCreds(err error) bool {
-	if aerr, ok := err.(awserr.Error); ok && aerr != nil {
-		return isCodeExpiredCreds(aerr.Code())
-	}
-	return false
-}
-
-// IsErrorRetryable returns whether the error is retryable, based on its Code.
-// Returns false if the request has no Error set.
-//
-// Alias for the utility function IsErrorRetryable
-func (r *Request) IsErrorRetryable() bool {
-	if isErrCode(r.Error, r.RetryErrorCodes) {
-		return true
-	}
-
-	// HTTP response status code 501 should not be retried.
-	// 501 represents Not Implemented which means the request method is not
-	// supported by the server and cannot be handled.
-	if r.HTTPResponse != nil {
-		// HTTP response status code 500 represents internal server error and
-		// should be retried without any throttle.
-		if r.HTTPResponse.StatusCode == 500 {
-			return true
-		}
-	}
-	return IsErrorRetryable(r.Error)
-}
-
-// IsErrorThrottle returns whether the error is to be throttled based on its
-// code. Returns false if the request has no Error set.
-//
-// Alias for the utility function IsErrorThrottle
-func (r *Request) IsErrorThrottle() bool {
-	if isErrCode(r.Error, r.ThrottleErrorCodes) {
-		return true
-	}
-
-	if r.HTTPResponse != nil {
-		switch r.HTTPResponse.StatusCode {
-		case
-			429, // error caused due to too many requests
-			502, // Bad Gateway error should be throttled
-			503, // caused when service is unavailable
-			504: // error occurred due to gateway timeout
-			return true
-		}
-	}
-
-	return IsErrorThrottle(r.Error)
-}
-
-func isErrCode(err error, codes []string) bool {
-	if aerr, ok := err.(awserr.Error); ok && aerr != nil {
-		for _, code := range codes {
-			if code == aerr.Code() {
-				return true
-			}
-		}
-	}
-
-	return false
-}
-
-// IsErrorExpired returns whether the error code is a credential expiry error.
-// Returns false if the request has no Error set.
-//
-// Alias for the utility function IsErrorExpiredCreds
-func (r *Request) IsErrorExpired() bool {
-	return IsErrorExpiredCreds(r.Error)
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/request/timeout_read_closer.go b/vendor/github.com/aws/aws-sdk-go/aws/request/timeout_read_closer.go
deleted file mode 100644
index 09a44eb98..000000000
--- a/vendor/github.com/aws/aws-sdk-go/aws/request/timeout_read_closer.go
+++ /dev/null
@@ -1,94 +0,0 @@
-package request
-
-import (
-	"io"
-	"time"
-
-	"github.com/aws/aws-sdk-go/aws/awserr"
-)
-
-var timeoutErr = awserr.New(
-	ErrCodeResponseTimeout,
-	"read on body has reached the timeout limit",
-	nil,
-)
-
-type readResult struct {
-	n   int
-	err error
-}
-
-// timeoutReadCloser will handle body reads that take too long.
-// We will return a ErrReadTimeout error if a timeout occurs.
-type timeoutReadCloser struct {
-	reader   io.ReadCloser
-	duration time.Duration
-}
-
-// Read will spin off a goroutine to call the reader's Read method. We will
-// select on the timer's channel or the read's channel. Whoever completes first
-// will be returned.
-func (r *timeoutReadCloser) Read(b []byte) (int, error) {
-	timer := time.NewTimer(r.duration)
-	c := make(chan readResult, 1)
-
-	go func() {
-		n, err := r.reader.Read(b)
-		timer.Stop()
-		c <- readResult{n: n, err: err}
-	}()
-
-	select {
-	case data := <-c:
-		return data.n, data.err
-	case <-timer.C:
-		return 0, timeoutErr
-	}
-}
-
-func (r *timeoutReadCloser) Close() error {
-	return r.reader.Close()
-}
-
-const (
-	// HandlerResponseTimeout is what we use to signify the name of the
-	// response timeout handler.
-	HandlerResponseTimeout = "ResponseTimeoutHandler"
-)
-
-// adaptToResponseTimeoutError is a handler that will replace any top level error
-// to a ErrCodeResponseTimeout, if its child is that.
-func adaptToResponseTimeoutError(req *Request) {
-	if err, ok := req.Error.(awserr.Error); ok {
-		aerr, ok := err.OrigErr().(awserr.Error)
-		if ok && aerr.Code() == ErrCodeResponseTimeout {
-			req.Error = aerr
-		}
-	}
-}
-
-// WithResponseReadTimeout is a request option that will wrap the body in a timeout read closer.
-// This will allow for per read timeouts. If a timeout occurred, we will return the
-// ErrCodeResponseTimeout.
-//
-//     svc.PutObjectWithContext(ctx, params, request.WithTimeoutReadCloser(30 * time.Second)
-func WithResponseReadTimeout(duration time.Duration) Option {
-	return func(r *Request) {
-
-		var timeoutHandler = NamedHandler{
-			HandlerResponseTimeout,
-			func(req *Request) {
-				req.HTTPResponse.Body = &timeoutReadCloser{
-					reader:   req.HTTPResponse.Body,
-					duration: duration,
-				}
-			}}
-
-		// remove the handler so we are not stomping over any new durations.
-		r.Handlers.Send.RemoveByName(HandlerResponseTimeout)
-		r.Handlers.Send.PushBackNamed(timeoutHandler)
-
-		r.Handlers.Unmarshal.PushBack(adaptToResponseTimeoutError)
-		r.Handlers.UnmarshalError.PushBack(adaptToResponseTimeoutError)
-	}
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/request/validation.go b/vendor/github.com/aws/aws-sdk-go/aws/request/validation.go
deleted file mode 100644
index 8630683f3..000000000
--- a/vendor/github.com/aws/aws-sdk-go/aws/request/validation.go
+++ /dev/null
@@ -1,286 +0,0 @@
-package request
-
-import (
-	"bytes"
-	"fmt"
-
-	"github.com/aws/aws-sdk-go/aws/awserr"
-)
-
-const (
-	// InvalidParameterErrCode is the error code for invalid parameters errors
-	InvalidParameterErrCode = "InvalidParameter"
-	// ParamRequiredErrCode is the error code for required parameter errors
-	ParamRequiredErrCode = "ParamRequiredError"
-	// ParamMinValueErrCode is the error code for fields with too low of a
-	// number value.
-	ParamMinValueErrCode = "ParamMinValueError"
-	// ParamMinLenErrCode is the error code for fields without enough elements.
-	ParamMinLenErrCode = "ParamMinLenError"
-	// ParamMaxLenErrCode is the error code for value being too long.
-	ParamMaxLenErrCode = "ParamMaxLenError"
-
-	// ParamFormatErrCode is the error code for a field with invalid
-	// format or characters.
-	ParamFormatErrCode = "ParamFormatInvalidError"
-)
-
-// Validator provides a way for types to perform validation logic on their
-// input values that external code can use to determine if a type's values
-// are valid.
-type Validator interface {
-	Validate() error
-}
-
-// An ErrInvalidParams provides wrapping of invalid parameter errors found when
-// validating API operation input parameters.
-type ErrInvalidParams struct {
-	// Context is the base context of the invalid parameter group.
-	Context string
-	errs    []ErrInvalidParam
-}
-
-// Add adds a new invalid parameter error to the collection of invalid
-// parameters. The context of the invalid parameter will be updated to reflect
-// this collection.
-func (e *ErrInvalidParams) Add(err ErrInvalidParam) {
-	err.SetContext(e.Context)
-	e.errs = append(e.errs, err)
-}
-
-// AddNested adds the invalid parameter errors from another ErrInvalidParams
-// value into this collection. The nested errors will have their nested context
-// updated and base context to reflect the merging.
-//
-// Use for nested validations errors.
-func (e *ErrInvalidParams) AddNested(nestedCtx string, nested ErrInvalidParams) {
-	for _, err := range nested.errs {
-		err.SetContext(e.Context)
-		err.AddNestedContext(nestedCtx)
-		e.errs = append(e.errs, err)
-	}
-}
-
-// Len returns the number of invalid parameter errors
-func (e ErrInvalidParams) Len() int {
-	return len(e.errs)
-}
-
-// Code returns the code of the error
-func (e ErrInvalidParams) Code() string {
-	return InvalidParameterErrCode
-}
-
-// Message returns the message of the error
-func (e ErrInvalidParams) Message() string {
-	return fmt.Sprintf("%d validation error(s) found.", len(e.errs))
-}
-
-// Error returns the string formatted form of the invalid parameters.
-func (e ErrInvalidParams) Error() string {
-	w := &bytes.Buffer{}
-	fmt.Fprintf(w, "%s: %s\n", e.Code(), e.Message())
-
-	for _, err := range e.errs {
-		fmt.Fprintf(w, "- %s\n", err.Message())
-	}
-
-	return w.String()
-}
-
-// OrigErr returns the invalid parameters as a awserr.BatchedErrors value
-func (e ErrInvalidParams) OrigErr() error {
-	return awserr.NewBatchError(
-		InvalidParameterErrCode, e.Message(), e.OrigErrs())
-}
-
-// OrigErrs returns a slice of the invalid parameters
-func (e ErrInvalidParams) OrigErrs() []error {
-	errs := make([]error, len(e.errs))
-	for i := 0; i < len(errs); i++ {
-		errs[i] = e.errs[i]
-	}
-
-	return errs
-}
-
-// An ErrInvalidParam represents an invalid parameter error type.
-type ErrInvalidParam interface {
-	awserr.Error
-
-	// Field name the error occurred on.
-	Field() string
-
-	// SetContext updates the context of the error.
-	SetContext(string)
-
-	// AddNestedContext updates the error's context to include a nested level.
-	AddNestedContext(string)
-}
-
-type errInvalidParam struct {
-	context       string
-	nestedContext string
-	field         string
-	code          string
-	msg           string
-}
-
-// Code returns the error code for the type of invalid parameter.
-func (e *errInvalidParam) Code() string {
-	return e.code
-}
-
-// Message returns the reason the parameter was invalid, and its context.
-func (e *errInvalidParam) Message() string {
-	return fmt.Sprintf("%s, %s.", e.msg, e.Field())
-}
-
-// Error returns the string version of the invalid parameter error.
-func (e *errInvalidParam) Error() string {
-	return fmt.Sprintf("%s: %s", e.code, e.Message())
-}
-
-// OrigErr returns nil, Implemented for awserr.Error interface.
-func (e *errInvalidParam) OrigErr() error {
-	return nil
-}
-
-// Field Returns the field and context the error occurred.
-func (e *errInvalidParam) Field() string {
-	field := e.context
-	if len(field) > 0 {
-		field += "."
-	}
-	if len(e.nestedContext) > 0 {
-		field += fmt.Sprintf("%s.", e.nestedContext)
-	}
-	field += e.field
-
-	return field
-}
-
-// SetContext updates the base context of the error.
-func (e *errInvalidParam) SetContext(ctx string) {
-	e.context = ctx
-}
-
-// AddNestedContext prepends a context to the field's path.
-func (e *errInvalidParam) AddNestedContext(ctx string) {
-	if len(e.nestedContext) == 0 {
-		e.nestedContext = ctx
-	} else {
-		e.nestedContext = fmt.Sprintf("%s.%s", ctx, e.nestedContext)
-	}
-
-}
-
-// An ErrParamRequired represents an required parameter error.
-type ErrParamRequired struct {
-	errInvalidParam
-}
-
-// NewErrParamRequired creates a new required parameter error.
-func NewErrParamRequired(field string) *ErrParamRequired {
-	return &ErrParamRequired{
-		errInvalidParam{
-			code:  ParamRequiredErrCode,
-			field: field,
-			msg:   fmt.Sprintf("missing required field"),
-		},
-	}
-}
-
-// An ErrParamMinValue represents a minimum value parameter error.
-type ErrParamMinValue struct {
-	errInvalidParam
-	min float64
-}
-
-// NewErrParamMinValue creates a new minimum value parameter error.
-func NewErrParamMinValue(field string, min float64) *ErrParamMinValue {
-	return &ErrParamMinValue{
-		errInvalidParam: errInvalidParam{
-			code:  ParamMinValueErrCode,
-			field: field,
-			msg:   fmt.Sprintf("minimum field value of %v", min),
-		},
-		min: min,
-	}
-}
-
-// MinValue returns the field's require minimum value.
-//
-// float64 is returned for both int and float min values.
-func (e *ErrParamMinValue) MinValue() float64 {
-	return e.min
-}
-
-// An ErrParamMinLen represents a minimum length parameter error.
-type ErrParamMinLen struct {
-	errInvalidParam
-	min int
-}
-
-// NewErrParamMinLen creates a new minimum length parameter error.
-func NewErrParamMinLen(field string, min int) *ErrParamMinLen {
-	return &ErrParamMinLen{
-		errInvalidParam: errInvalidParam{
-			code:  ParamMinLenErrCode,
-			field: field,
-			msg:   fmt.Sprintf("minimum field size of %v", min),
-		},
-		min: min,
-	}
-}
-
-// MinLen returns the field's required minimum length.
-func (e *ErrParamMinLen) MinLen() int {
-	return e.min
-}
-
-// An ErrParamMaxLen represents a maximum length parameter error.
-type ErrParamMaxLen struct {
-	errInvalidParam
-	max int
-}
-
-// NewErrParamMaxLen creates a new maximum length parameter error.
-func NewErrParamMaxLen(field string, max int, value string) *ErrParamMaxLen {
-	return &ErrParamMaxLen{
-		errInvalidParam: errInvalidParam{
-			code:  ParamMaxLenErrCode,
-			field: field,
-			msg:   fmt.Sprintf("maximum size of %v, %v", max, value),
-		},
-		max: max,
-	}
-}
-
-// MaxLen returns the field's required minimum length.
-func (e *ErrParamMaxLen) MaxLen() int {
-	return e.max
-}
-
-// An ErrParamFormat represents a invalid format parameter error.
-type ErrParamFormat struct {
-	errInvalidParam
-	format string
-}
-
-// NewErrParamFormat creates a new invalid format parameter error.
-func NewErrParamFormat(field string, format, value string) *ErrParamFormat {
-	return &ErrParamFormat{
-		errInvalidParam: errInvalidParam{
-			code:  ParamFormatErrCode,
-			field: field,
-			msg:   fmt.Sprintf("format %v, %v", format, value),
-		},
-		format: format,
-	}
-}
-
-// Format returns the field's required format.
-func (e *ErrParamFormat) Format() string {
-	return e.format
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/request/waiter.go b/vendor/github.com/aws/aws-sdk-go/aws/request/waiter.go
deleted file mode 100644
index 4601f883c..000000000
--- a/vendor/github.com/aws/aws-sdk-go/aws/request/waiter.go
+++ /dev/null
@@ -1,295 +0,0 @@
-package request
-
-import (
-	"fmt"
-	"time"
-
-	"github.com/aws/aws-sdk-go/aws"
-	"github.com/aws/aws-sdk-go/aws/awserr"
-	"github.com/aws/aws-sdk-go/aws/awsutil"
-)
-
-// WaiterResourceNotReadyErrorCode is the error code returned by a waiter when
-// the waiter's max attempts have been exhausted.
-const WaiterResourceNotReadyErrorCode = "ResourceNotReady"
-
-// A WaiterOption is a function that will update the Waiter value's fields to
-// configure the waiter.
-type WaiterOption func(*Waiter)
-
-// WithWaiterMaxAttempts returns the maximum number of times the waiter should
-// attempt to check the resource for the target state.
-func WithWaiterMaxAttempts(max int) WaiterOption {
-	return func(w *Waiter) {
-		w.MaxAttempts = max
-	}
-}
-
-// WaiterDelay will return a delay the waiter should pause between attempts to
-// check the resource state. The passed in attempt is the number of times the
-// Waiter has checked the resource state.
-//
-// Attempt is the number of attempts the Waiter has made checking the resource
-// state.
-type WaiterDelay func(attempt int) time.Duration
-
-// ConstantWaiterDelay returns a WaiterDelay that will always return a constant
-// delay the waiter should use between attempts. It ignores the number of
-// attempts made.
-func ConstantWaiterDelay(delay time.Duration) WaiterDelay {
-	return func(attempt int) time.Duration {
-		return delay
-	}
-}
-
-// WithWaiterDelay will set the Waiter to use the WaiterDelay passed in.
-func WithWaiterDelay(delayer WaiterDelay) WaiterOption {
-	return func(w *Waiter) {
-		w.Delay = delayer
-	}
-}
-
-// WithWaiterLogger returns a waiter option to set the logger a waiter
-// should use to log warnings and errors to.
-func WithWaiterLogger(logger aws.Logger) WaiterOption {
-	return func(w *Waiter) {
-		w.Logger = logger
-	}
-}
-
-// WithWaiterRequestOptions returns a waiter option setting the request
-// options for each request the waiter makes. Appends to waiter's request
-// options already set.
-func WithWaiterRequestOptions(opts ...Option) WaiterOption {
-	return func(w *Waiter) {
-		w.RequestOptions = append(w.RequestOptions, opts...)
-	}
-}
-
-// A Waiter provides the functionality to perform a blocking call which will
-// wait for a resource state to be satisfied by a service.
-//
-// This type should not be used directly. The API operations provided in the
-// service packages prefixed with "WaitUntil" should be used instead.
-type Waiter struct {
-	Name      string
-	Acceptors []WaiterAcceptor
-	Logger    aws.Logger
-
-	MaxAttempts int
-	Delay       WaiterDelay
-
-	RequestOptions   []Option
-	NewRequest       func([]Option) (*Request, error)
-	SleepWithContext func(aws.Context, time.Duration) error
-}
-
-// ApplyOptions updates the waiter with the list of waiter options provided.
-func (w *Waiter) ApplyOptions(opts ...WaiterOption) {
-	for _, fn := range opts {
-		fn(w)
-	}
-}
-
-// WaiterState are states the waiter uses based on WaiterAcceptor definitions
-// to identify if the resource state the waiter is waiting on has occurred.
-type WaiterState int
-
-// String returns the string representation of the waiter state.
-func (s WaiterState) String() string {
-	switch s {
-	case SuccessWaiterState:
-		return "success"
-	case FailureWaiterState:
-		return "failure"
-	case RetryWaiterState:
-		return "retry"
-	default:
-		return "unknown waiter state"
-	}
-}
-
-// States the waiter acceptors will use to identify target resource states.
-const (
-	SuccessWaiterState WaiterState = iota // waiter successful
-	FailureWaiterState                    // waiter failed
-	RetryWaiterState                      // waiter needs to be retried
-)
-
-// WaiterMatchMode is the mode that the waiter will use to match the WaiterAcceptor
-// definition's Expected attribute.
-type WaiterMatchMode int
-
-// Modes the waiter will use when inspecting API response to identify target
-// resource states.
-const (
-	PathAllWaiterMatch  WaiterMatchMode = iota // match on all paths
-	PathWaiterMatch                            // match on specific path
-	PathAnyWaiterMatch                         // match on any path
-	PathListWaiterMatch                        // match on list of paths
-	StatusWaiterMatch                          // match on status code
-	ErrorWaiterMatch                           // match on error
-)
-
-// String returns the string representation of the waiter match mode.
-func (m WaiterMatchMode) String() string {
-	switch m {
-	case PathAllWaiterMatch:
-		return "pathAll"
-	case PathWaiterMatch:
-		return "path"
-	case PathAnyWaiterMatch:
-		return "pathAny"
-	case PathListWaiterMatch:
-		return "pathList"
-	case StatusWaiterMatch:
-		return "status"
-	case ErrorWaiterMatch:
-		return "error"
-	default:
-		return "unknown waiter match mode"
-	}
-}
-
-// WaitWithContext will make requests for the API operation using NewRequest to
-// build API requests. The request's response will be compared against the
-// Waiter's Acceptors to determine the successful state of the resource the
-// waiter is inspecting.
-//
-// The passed in context must not be nil. If it is nil a panic will occur. The
-// Context will be used to cancel the waiter's pending requests and retry delays.
-// Use aws.BackgroundContext if no context is available.
-//
-// The waiter will continue until the target state defined by the Acceptors,
-// or the max attempts expires.
-//
-// Will return the WaiterResourceNotReadyErrorCode error code if the waiter's
-// retryer ShouldRetry returns false. This normally will happen when the max
-// wait attempts expires.
-func (w Waiter) WaitWithContext(ctx aws.Context) error {
-
-	for attempt := 1; ; attempt++ {
-		req, err := w.NewRequest(w.RequestOptions)
-		if err != nil {
-			waiterLogf(w.Logger, "unable to create request %v", err)
-			return err
-		}
-		req.Handlers.Build.PushBack(MakeAddToUserAgentFreeFormHandler("Waiter"))
-		err = req.Send()
-
-		// See if any of the acceptors match the request's response, or error
-		for _, a := range w.Acceptors {
-			if matched, matchErr := a.match(w.Name, w.Logger, req, err); matched {
-				return matchErr
-			}
-		}
-
-		// The Waiter should only check the resource state MaxAttempts times
-		// This is here instead of in the for loop above to prevent delaying
-		// unnecessary when the waiter will not retry.
-		if attempt == w.MaxAttempts {
-			break
-		}
-
-		// Delay to wait before inspecting the resource again
-		delay := w.Delay(attempt)
-		if sleepFn := req.Config.SleepDelay; sleepFn != nil {
-			// Support SleepDelay for backwards compatibility and testing
-			sleepFn(delay)
-		} else {
-			sleepCtxFn := w.SleepWithContext
-			if sleepCtxFn == nil {
-				sleepCtxFn = aws.SleepWithContext
-			}
-
-			if err := sleepCtxFn(ctx, delay); err != nil {
-				return awserr.New(CanceledErrorCode, "waiter context canceled", err)
-			}
-		}
-	}
-
-	return awserr.New(WaiterResourceNotReadyErrorCode, "exceeded wait attempts", nil)
-}
-
-// A WaiterAcceptor provides the information needed to wait for an API operation
-// to complete.
-type WaiterAcceptor struct {
-	State    WaiterState
-	Matcher  WaiterMatchMode
-	Argument string
-	Expected interface{}
-}
-
-// match returns if the acceptor found a match with the passed in request
-// or error. True is returned if the acceptor made a match, error is returned
-// if there was an error attempting to perform the match.
-func (a *WaiterAcceptor) match(name string, l aws.Logger, req *Request, err error) (bool, error) {
-	result := false
-	var vals []interface{}
-
-	switch a.Matcher {
-	case PathAllWaiterMatch, PathWaiterMatch:
-		// Require all matches to be equal for result to match
-		vals, _ = awsutil.ValuesAtPath(req.Data, a.Argument)
-		if len(vals) == 0 {
-			break
-		}
-		result = true
-		for _, val := range vals {
-			if !awsutil.DeepEqual(val, a.Expected) {
-				result = false
-				break
-			}
-		}
-	case PathAnyWaiterMatch:
-		// Only a single match needs to equal for the result to match
-		vals, _ = awsutil.ValuesAtPath(req.Data, a.Argument)
-		for _, val := range vals {
-			if awsutil.DeepEqual(val, a.Expected) {
-				result = true
-				break
-			}
-		}
-	case PathListWaiterMatch:
-		// ignored matcher
-	case StatusWaiterMatch:
-		s := a.Expected.(int)
-		result = s == req.HTTPResponse.StatusCode
-	case ErrorWaiterMatch:
-		if aerr, ok := err.(awserr.Error); ok {
-			result = aerr.Code() == a.Expected.(string)
-		}
-	default:
-		waiterLogf(l, "WARNING: Waiter %s encountered unexpected matcher: %s",
-			name, a.Matcher)
-	}
-
-	if !result {
-		// If there was no matching result found there is nothing more to do
-		// for this response, retry the request.
-		return false, nil
-	}
-
-	switch a.State {
-	case SuccessWaiterState:
-		// waiter completed
-		return true, nil
-	case FailureWaiterState:
-		// Waiter failure state triggered
-		return true, awserr.New(WaiterResourceNotReadyErrorCode,
-			"failed waiting for successful resource state", err)
-	case RetryWaiterState:
-		// clear the error and retry the operation
-		return false, nil
-	default:
-		waiterLogf(l, "WARNING: Waiter %s encountered unexpected state: %s",
-			name, a.State)
-		return false, nil
-	}
-}
-
-func waiterLogf(logger aws.Logger, msg string, args ...interface{}) {
-	if logger != nil {
-		logger.Log(fmt.Sprintf(msg, args...))
-	}
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/session/credentials.go b/vendor/github.com/aws/aws-sdk-go/aws/session/credentials.go
deleted file mode 100644
index 1d3f4c3ad..000000000
--- a/vendor/github.com/aws/aws-sdk-go/aws/session/credentials.go
+++ /dev/null
@@ -1,303 +0,0 @@
-package session
-
-import (
-	"fmt"
-	"os"
-	"time"
-
-	"github.com/aws/aws-sdk-go/aws"
-	"github.com/aws/aws-sdk-go/aws/awserr"
-	"github.com/aws/aws-sdk-go/aws/credentials"
-	"github.com/aws/aws-sdk-go/aws/credentials/processcreds"
-	"github.com/aws/aws-sdk-go/aws/credentials/ssocreds"
-	"github.com/aws/aws-sdk-go/aws/credentials/stscreds"
-	"github.com/aws/aws-sdk-go/aws/defaults"
-	"github.com/aws/aws-sdk-go/aws/request"
-	"github.com/aws/aws-sdk-go/internal/shareddefaults"
-	"github.com/aws/aws-sdk-go/service/sts"
-)
-
-// CredentialsProviderOptions specifies additional options for configuring
-// credentials providers.
-type CredentialsProviderOptions struct {
-	// WebIdentityRoleProviderOptions configures a WebIdentityRoleProvider,
-	// such as setting its ExpiryWindow.
-	WebIdentityRoleProviderOptions func(*stscreds.WebIdentityRoleProvider)
-}
-
-func resolveCredentials(cfg *aws.Config,
-	envCfg envConfig, sharedCfg sharedConfig,
-	handlers request.Handlers,
-	sessOpts Options,
-) (*credentials.Credentials, error) {
-
-	switch {
-	case len(sessOpts.Profile) != 0:
-		// User explicitly provided an Profile in the session's configuration
-		// so load that profile from shared config first.
-		// Github(aws/aws-sdk-go#2727)
-		return resolveCredsFromProfile(cfg, envCfg, sharedCfg, handlers, sessOpts)
-
-	case envCfg.Creds.HasKeys():
-		// Environment credentials
-		return credentials.NewStaticCredentialsFromCreds(envCfg.Creds), nil
-
-	case len(envCfg.WebIdentityTokenFilePath) != 0:
-		// Web identity token from environment, RoleARN required to also be
-		// set.
-		return assumeWebIdentity(cfg, handlers,
-			envCfg.WebIdentityTokenFilePath,
-			envCfg.RoleARN,
-			envCfg.RoleSessionName,
-			sessOpts.CredentialsProviderOptions,
-		)
-
-	default:
-		// Fallback to the "default" credential resolution chain.
-		return resolveCredsFromProfile(cfg, envCfg, sharedCfg, handlers, sessOpts)
-	}
-}
-
-// WebIdentityEmptyRoleARNErr will occur if 'AWS_WEB_IDENTITY_TOKEN_FILE' was set but
-// 'AWS_ROLE_ARN' was not set.
-var WebIdentityEmptyRoleARNErr = awserr.New(stscreds.ErrCodeWebIdentity, "role ARN is not set", nil)
-
-// WebIdentityEmptyTokenFilePathErr will occur if 'AWS_ROLE_ARN' was set but
-// 'AWS_WEB_IDENTITY_TOKEN_FILE' was not set.
-var WebIdentityEmptyTokenFilePathErr = awserr.New(stscreds.ErrCodeWebIdentity, "token file path is not set", nil)
-
-func assumeWebIdentity(cfg *aws.Config, handlers request.Handlers,
-	filepath string,
-	roleARN, sessionName string,
-	credOptions *CredentialsProviderOptions,
-) (*credentials.Credentials, error) {
-
-	if len(filepath) == 0 {
-		return nil, WebIdentityEmptyTokenFilePathErr
-	}
-
-	if len(roleARN) == 0 {
-		return nil, WebIdentityEmptyRoleARNErr
-	}
-
-	svc := sts.New(&Session{
-		Config:   cfg,
-		Handlers: handlers.Copy(),
-	})
-
-	var optFns []func(*stscreds.WebIdentityRoleProvider)
-	if credOptions != nil && credOptions.WebIdentityRoleProviderOptions != nil {
-		optFns = append(optFns, credOptions.WebIdentityRoleProviderOptions)
-	}
-
-	p := stscreds.NewWebIdentityRoleProviderWithOptions(svc, roleARN, sessionName, stscreds.FetchTokenPath(filepath), optFns...)
-	return credentials.NewCredentials(p), nil
-}
-
-func resolveCredsFromProfile(cfg *aws.Config,
-	envCfg envConfig, sharedCfg sharedConfig,
-	handlers request.Handlers,
-	sessOpts Options,
-) (creds *credentials.Credentials, err error) {
-
-	switch {
-	case sharedCfg.SourceProfile != nil:
-		// Assume IAM role with credentials source from a different profile.
-		creds, err = resolveCredsFromProfile(cfg, envCfg,
-			*sharedCfg.SourceProfile, handlers, sessOpts,
-		)
-
-	case sharedCfg.Creds.HasKeys():
-		// Static Credentials from Shared Config/Credentials file.
-		creds = credentials.NewStaticCredentialsFromCreds(
-			sharedCfg.Creds,
-		)
-
-	case len(sharedCfg.CredentialSource) != 0:
-		creds, err = resolveCredsFromSource(cfg, envCfg,
-			sharedCfg, handlers, sessOpts,
-		)
-
-	case len(sharedCfg.WebIdentityTokenFile) != 0:
-		// Credentials from Assume Web Identity token require an IAM Role, and
-		// that roll will be assumed. May be wrapped with another assume role
-		// via SourceProfile.
-		return assumeWebIdentity(cfg, handlers,
-			sharedCfg.WebIdentityTokenFile,
-			sharedCfg.RoleARN,
-			sharedCfg.RoleSessionName,
-			sessOpts.CredentialsProviderOptions,
-		)
-
-	case sharedCfg.hasSSOConfiguration():
-		creds, err = resolveSSOCredentials(cfg, sharedCfg, handlers)
-
-	case len(sharedCfg.CredentialProcess) != 0:
-		// Get credentials from CredentialProcess
-		creds = processcreds.NewCredentials(sharedCfg.CredentialProcess)
-
-	default:
-		// Fallback to default credentials provider, include mock errors for
-		// the credential chain so user can identify why credentials failed to
-		// be retrieved.
-		creds = credentials.NewCredentials(&credentials.ChainProvider{
-			VerboseErrors: aws.BoolValue(cfg.CredentialsChainVerboseErrors),
-			Providers: []credentials.Provider{
-				&credProviderError{
-					Err: awserr.New("EnvAccessKeyNotFound",
-						"failed to find credentials in the environment.", nil),
-				},
-				&credProviderError{
-					Err: awserr.New("SharedCredsLoad",
-						fmt.Sprintf("failed to load profile, %s.", envCfg.Profile), nil),
-				},
-				defaults.RemoteCredProvider(*cfg, handlers),
-			},
-		})
-	}
-	if err != nil {
-		return nil, err
-	}
-
-	if len(sharedCfg.RoleARN) > 0 {
-		cfgCp := *cfg
-		cfgCp.Credentials = creds
-		return credsFromAssumeRole(cfgCp, handlers, sharedCfg, sessOpts)
-	}
-
-	return creds, nil
-}
-
-func resolveSSOCredentials(cfg *aws.Config, sharedCfg sharedConfig, handlers request.Handlers) (*credentials.Credentials, error) {
-	if err := sharedCfg.validateSSOConfiguration(); err != nil {
-		return nil, err
-	}
-
-	cfgCopy := cfg.Copy()
-	cfgCopy.Region = &sharedCfg.SSORegion
-
-	return ssocreds.NewCredentials(
-		&Session{
-			Config:   cfgCopy,
-			Handlers: handlers.Copy(),
-		},
-		sharedCfg.SSOAccountID,
-		sharedCfg.SSORoleName,
-		sharedCfg.SSOStartURL,
-	), nil
-}
-
-// valid credential source values
-const (
-	credSourceEc2Metadata  = "Ec2InstanceMetadata"
-	credSourceEnvironment  = "Environment"
-	credSourceECSContainer = "EcsContainer"
-)
-
-func resolveCredsFromSource(cfg *aws.Config,
-	envCfg envConfig, sharedCfg sharedConfig,
-	handlers request.Handlers,
-	sessOpts Options,
-) (creds *credentials.Credentials, err error) {
-
-	switch sharedCfg.CredentialSource {
-	case credSourceEc2Metadata:
-		p := defaults.RemoteCredProvider(*cfg, handlers)
-		creds = credentials.NewCredentials(p)
-
-	case credSourceEnvironment:
-		creds = credentials.NewStaticCredentialsFromCreds(envCfg.Creds)
-
-	case credSourceECSContainer:
-		if len(os.Getenv(shareddefaults.ECSCredsProviderEnvVar)) == 0 {
-			return nil, ErrSharedConfigECSContainerEnvVarEmpty
-		}
-
-		p := defaults.RemoteCredProvider(*cfg, handlers)
-		creds = credentials.NewCredentials(p)
-
-	default:
-		return nil, ErrSharedConfigInvalidCredSource
-	}
-
-	return creds, nil
-}
-
-func credsFromAssumeRole(cfg aws.Config,
-	handlers request.Handlers,
-	sharedCfg sharedConfig,
-	sessOpts Options,
-) (*credentials.Credentials, error) {
-
-	if len(sharedCfg.MFASerial) != 0 && sessOpts.AssumeRoleTokenProvider == nil {
-		// AssumeRole Token provider is required if doing Assume Role
-		// with MFA.
-		return nil, AssumeRoleTokenProviderNotSetError{}
-	}
-
-	return stscreds.NewCredentials(
-		&Session{
-			Config:   &cfg,
-			Handlers: handlers.Copy(),
-		},
-		sharedCfg.RoleARN,
-		func(opt *stscreds.AssumeRoleProvider) {
-			opt.RoleSessionName = sharedCfg.RoleSessionName
-
-			if sessOpts.AssumeRoleDuration == 0 &&
-				sharedCfg.AssumeRoleDuration != nil &&
-				*sharedCfg.AssumeRoleDuration/time.Minute > 15 {
-				opt.Duration = *sharedCfg.AssumeRoleDuration
-			} else if sessOpts.AssumeRoleDuration != 0 {
-				opt.Duration = sessOpts.AssumeRoleDuration
-			}
-
-			// Assume role with external ID
-			if len(sharedCfg.ExternalID) > 0 {
-				opt.ExternalID = aws.String(sharedCfg.ExternalID)
-			}
-
-			// Assume role with MFA
-			if len(sharedCfg.MFASerial) > 0 {
-				opt.SerialNumber = aws.String(sharedCfg.MFASerial)
-				opt.TokenProvider = sessOpts.AssumeRoleTokenProvider
-			}
-		},
-	), nil
-}
-
-// AssumeRoleTokenProviderNotSetError is an error returned when creating a
-// session when the MFAToken option is not set when shared config is configured
-// load assume a role with an MFA token.
-type AssumeRoleTokenProviderNotSetError struct{}
-
-// Code is the short id of the error.
-func (e AssumeRoleTokenProviderNotSetError) Code() string {
-	return "AssumeRoleTokenProviderNotSetError"
-}
-
-// Message is the description of the error
-func (e AssumeRoleTokenProviderNotSetError) Message() string {
-	return fmt.Sprintf("assume role with MFA enabled, but AssumeRoleTokenProvider session option not set.")
-}
-
-// OrigErr is the underlying error that caused the failure.
-func (e AssumeRoleTokenProviderNotSetError) OrigErr() error {
-	return nil
-}
-
-// Error satisfies the error interface.
-func (e AssumeRoleTokenProviderNotSetError) Error() string {
-	return awserr.SprintError(e.Code(), e.Message(), "", nil)
-}
-
-type credProviderError struct {
-	Err error
-}
-
-func (c credProviderError) Retrieve() (credentials.Value, error) {
-	return credentials.Value{}, c.Err
-}
-func (c credProviderError) IsExpired() bool {
-	return true
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/session/custom_transport.go b/vendor/github.com/aws/aws-sdk-go/aws/session/custom_transport.go
deleted file mode 100644
index 4390ad52f..000000000
--- a/vendor/github.com/aws/aws-sdk-go/aws/session/custom_transport.go
+++ /dev/null
@@ -1,28 +0,0 @@
-//go:build go1.13
-// +build go1.13
-
-package session
-
-import (
-	"net"
-	"net/http"
-	"time"
-)
-
-// Transport that should be used when a custom CA bundle is specified with the
-// SDK.
-func getCustomTransport() *http.Transport {
-	return &http.Transport{
-		Proxy: http.ProxyFromEnvironment,
-		DialContext: (&net.Dialer{
-			Timeout:   30 * time.Second,
-			KeepAlive: 30 * time.Second,
-			DualStack: true,
-		}).DialContext,
-		ForceAttemptHTTP2:     true,
-		MaxIdleConns:          100,
-		IdleConnTimeout:       90 * time.Second,
-		TLSHandshakeTimeout:   10 * time.Second,
-		ExpectContinueTimeout: 1 * time.Second,
-	}
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/session/custom_transport_go1.12.go b/vendor/github.com/aws/aws-sdk-go/aws/session/custom_transport_go1.12.go
deleted file mode 100644
index 668565bea..000000000
--- a/vendor/github.com/aws/aws-sdk-go/aws/session/custom_transport_go1.12.go
+++ /dev/null
@@ -1,27 +0,0 @@
-//go:build !go1.13 && go1.7
-// +build !go1.13,go1.7
-
-package session
-
-import (
-	"net"
-	"net/http"
-	"time"
-)
-
-// Transport that should be used when a custom CA bundle is specified with the
-// SDK.
-func getCustomTransport() *http.Transport {
-	return &http.Transport{
-		Proxy: http.ProxyFromEnvironment,
-		DialContext: (&net.Dialer{
-			Timeout:   30 * time.Second,
-			KeepAlive: 30 * time.Second,
-			DualStack: true,
-		}).DialContext,
-		MaxIdleConns:          100,
-		IdleConnTimeout:       90 * time.Second,
-		TLSHandshakeTimeout:   10 * time.Second,
-		ExpectContinueTimeout: 1 * time.Second,
-	}
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/session/custom_transport_go1.5.go b/vendor/github.com/aws/aws-sdk-go/aws/session/custom_transport_go1.5.go
deleted file mode 100644
index e101aa6b6..000000000
--- a/vendor/github.com/aws/aws-sdk-go/aws/session/custom_transport_go1.5.go
+++ /dev/null
@@ -1,23 +0,0 @@
-//go:build !go1.6 && go1.5
-// +build !go1.6,go1.5
-
-package session
-
-import (
-	"net"
-	"net/http"
-	"time"
-)
-
-// Transport that should be used when a custom CA bundle is specified with the
-// SDK.
-func getCustomTransport() *http.Transport {
-	return &http.Transport{
-		Proxy: http.ProxyFromEnvironment,
-		Dial: (&net.Dialer{
-			Timeout:   30 * time.Second,
-			KeepAlive: 30 * time.Second,
-		}).Dial,
-		TLSHandshakeTimeout: 10 * time.Second,
-	}
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/session/custom_transport_go1.6.go b/vendor/github.com/aws/aws-sdk-go/aws/session/custom_transport_go1.6.go
deleted file mode 100644
index b5fcbe0d1..000000000
--- a/vendor/github.com/aws/aws-sdk-go/aws/session/custom_transport_go1.6.go
+++ /dev/null
@@ -1,24 +0,0 @@
-//go:build !go1.7 && go1.6
-// +build !go1.7,go1.6
-
-package session
-
-import (
-	"net"
-	"net/http"
-	"time"
-)
-
-// Transport that should be used when a custom CA bundle is specified with the
-// SDK.
-func getCustomTransport() *http.Transport {
-	return &http.Transport{
-		Proxy: http.ProxyFromEnvironment,
-		Dial: (&net.Dialer{
-			Timeout:   30 * time.Second,
-			KeepAlive: 30 * time.Second,
-		}).Dial,
-		TLSHandshakeTimeout:   10 * time.Second,
-		ExpectContinueTimeout: 1 * time.Second,
-	}
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/session/doc.go b/vendor/github.com/aws/aws-sdk-go/aws/session/doc.go
deleted file mode 100644
index ff3cc012a..000000000
--- a/vendor/github.com/aws/aws-sdk-go/aws/session/doc.go
+++ /dev/null
@@ -1,367 +0,0 @@
-/*
-Package session provides configuration for the SDK's service clients. Sessions
-can be shared across service clients that share the same base configuration.
-
-Sessions are safe to use concurrently as long as the Session is not being
-modified. Sessions should be cached when possible, because creating a new
-Session will load all configuration values from the environment, and config
-files each time the Session is created. Sharing the Session value across all of
-your service clients will ensure the configuration is loaded the fewest number
-of times possible.
-
-Sessions options from Shared Config
-
-By default NewSession will only load credentials from the shared credentials
-file (~/.aws/credentials). If the AWS_SDK_LOAD_CONFIG environment variable is
-set to a truthy value the Session will be created from the configuration
-values from the shared config (~/.aws/config) and shared credentials
-(~/.aws/credentials) files. Using the NewSessionWithOptions with
-SharedConfigState set to SharedConfigEnable will create the session as if the
-AWS_SDK_LOAD_CONFIG environment variable was set.
-
-Credential and config loading order
-
-The Session will attempt to load configuration and credentials from the
-environment, configuration files, and other credential sources. The order
-configuration is loaded in is:
-
-  * Environment Variables
-  * Shared Credentials file
-  * Shared Configuration file (if SharedConfig is enabled)
-  * EC2 Instance Metadata (credentials only)
-
-The Environment variables for credentials will have precedence over shared
-config even if SharedConfig is enabled. To override this behavior, and use
-shared config credentials instead specify the session.Options.Profile, (e.g.
-when using credential_source=Environment to assume a role).
-
-  sess, err := session.NewSessionWithOptions(session.Options{
-	  Profile: "myProfile",
-  })
-
-Creating Sessions
-
-Creating a Session without additional options will load credentials region, and
-profile loaded from the environment and shared config automatically. See,
-"Environment Variables" section for information on environment variables used
-by Session.
-
-	// Create Session
-	sess, err := session.NewSession()
-
-
-When creating Sessions optional aws.Config values can be passed in that will
-override the default, or loaded, config values the Session is being created
-with. This allows you to provide additional, or case based, configuration
-as needed.
-
-	// Create a Session with a custom region
-	sess, err := session.NewSession(&aws.Config{
-		Region: aws.String("us-west-2"),
-	})
-
-Use NewSessionWithOptions to provide additional configuration driving how the
-Session's configuration will be loaded. Such as, specifying shared config
-profile, or override the shared config state,  (AWS_SDK_LOAD_CONFIG).
-
-	// Equivalent to session.NewSession()
-	sess, err := session.NewSessionWithOptions(session.Options{
-		// Options
-	})
-
-	sess, err := session.NewSessionWithOptions(session.Options{
-		// Specify profile to load for the session's config
-		Profile: "profile_name",
-
-		// Provide SDK Config options, such as Region.
-		Config: aws.Config{
-			Region: aws.String("us-west-2"),
-		},
-
-		// Force enable Shared Config support
-		SharedConfigState: session.SharedConfigEnable,
-	})
-
-Adding Handlers
-
-You can add handlers to a session to decorate API operation, (e.g. adding HTTP
-headers). All clients that use the Session receive a copy of the Session's
-handlers. For example, the following request handler added to the Session logs
-every requests made.
-
-	// Create a session, and add additional handlers for all service
-	// clients created with the Session to inherit. Adds logging handler.
-	sess := session.Must(session.NewSession())
-
-	sess.Handlers.Send.PushFront(func(r *request.Request) {
-		// Log every request made and its payload
-		logger.Printf("Request: %s/%s, Params: %s",
-			r.ClientInfo.ServiceName, r.Operation, r.Params)
-	})
-
-Shared Config Fields
-
-By default the SDK will only load the shared credentials file's
-(~/.aws/credentials) credentials values, and all other config is provided by
-the environment variables, SDK defaults, and user provided aws.Config values.
-
-If the AWS_SDK_LOAD_CONFIG environment variable is set, or SharedConfigEnable
-option is used to create the Session the full shared config values will be
-loaded. This includes credentials, region, and support for assume role. In
-addition the Session will load its configuration from both the shared config
-file (~/.aws/config) and shared credentials file (~/.aws/credentials). Both
-files have the same format.
-
-If both config files are present the configuration from both files will be
-read. The Session will be created from configuration values from the shared
-credentials file (~/.aws/credentials) over those in the shared config file
-(~/.aws/config).
-
-Credentials are the values the SDK uses to authenticating requests with AWS
-Services. When specified in a file, both aws_access_key_id and
-aws_secret_access_key must be provided together in the same file to be
-considered valid. They will be ignored if both are not present.
-aws_session_token is an optional field that can be provided in addition to the
-other two fields.
-
-	aws_access_key_id = AKID
-	aws_secret_access_key = SECRET
-	aws_session_token = TOKEN
-
-	; region only supported if SharedConfigEnabled.
-	region = us-east-1
-
-Assume Role configuration
-
-The role_arn field allows you to configure the SDK to assume an IAM role using
-a set of credentials from another source. Such as when paired with static
-credentials, "profile_source", "credential_process", or "credential_source"
-fields. If "role_arn" is provided, a source of credentials must also be
-specified, such as "source_profile", "credential_source", or
-"credential_process".
-
-	role_arn = arn:aws:iam::<account_number>:role/<role_name>
-	source_profile = profile_with_creds
-	external_id = 1234
-	mfa_serial = <serial or mfa arn>
-	role_session_name = session_name
-
-
-The SDK supports assuming a role with MFA token. If "mfa_serial" is set, you
-must also set the Session Option.AssumeRoleTokenProvider. The Session will fail
-to load if the AssumeRoleTokenProvider is not specified.
-
-    sess := session.Must(session.NewSessionWithOptions(session.Options{
-        AssumeRoleTokenProvider: stscreds.StdinTokenProvider,
-    }))
-
-To setup Assume Role outside of a session see the stscreds.AssumeRoleProvider
-documentation.
-
-Environment Variables
-
-When a Session is created several environment variables can be set to adjust
-how the SDK functions, and what configuration data it loads when creating
-Sessions. All environment values are optional, but some values like credentials
-require multiple of the values to set or the partial values will be ignored.
-All environment variable values are strings unless otherwise noted.
-
-Environment configuration values. If set both Access Key ID and Secret Access
-Key must be provided. Session Token and optionally also be provided, but is
-not required.
-
-	# Access Key ID
-	AWS_ACCESS_KEY_ID=AKID
-	AWS_ACCESS_KEY=AKID # only read if AWS_ACCESS_KEY_ID is not set.
-
-	# Secret Access Key
-	AWS_SECRET_ACCESS_KEY=SECRET
-	AWS_SECRET_KEY=SECRET=SECRET # only read if AWS_SECRET_ACCESS_KEY is not set.
-
-	# Session Token
-	AWS_SESSION_TOKEN=TOKEN
-
-Region value will instruct the SDK where to make service API requests to. If is
-not provided in the environment the region must be provided before a service
-client request is made.
-
-	AWS_REGION=us-east-1
-
-	# AWS_DEFAULT_REGION is only read if AWS_SDK_LOAD_CONFIG is also set,
-	# and AWS_REGION is not also set.
-	AWS_DEFAULT_REGION=us-east-1
-
-Profile name the SDK should load use when loading shared config from the
-configuration files. If not provided "default" will be used as the profile name.
-
-	AWS_PROFILE=my_profile
-
-	# AWS_DEFAULT_PROFILE is only read if AWS_SDK_LOAD_CONFIG is also set,
-	# and AWS_PROFILE is not also set.
-	AWS_DEFAULT_PROFILE=my_profile
-
-SDK load config instructs the SDK to load the shared config in addition to
-shared credentials. This also expands the configuration loaded so the shared
-credentials will have parity with the shared config file. This also enables
-Region and Profile support for the AWS_DEFAULT_REGION and AWS_DEFAULT_PROFILE
-env values as well.
-
-	AWS_SDK_LOAD_CONFIG=1
-
-Custom Shared Config and Credential Files
-
-Shared credentials file path can be set to instruct the SDK to use an alternative
-file for the shared credentials. If not set the file will be loaded from
-$HOME/.aws/credentials on Linux/Unix based systems, and
-%USERPROFILE%\.aws\credentials on Windows.
-
-	AWS_SHARED_CREDENTIALS_FILE=$HOME/my_shared_credentials
-
-Shared config file path can be set to instruct the SDK to use an alternative
-file for the shared config. If not set the file will be loaded from
-$HOME/.aws/config on Linux/Unix based systems, and
-%USERPROFILE%\.aws\config on Windows.
-
-	AWS_CONFIG_FILE=$HOME/my_shared_config
-
-Custom CA Bundle
-
-Path to a custom Credentials Authority (CA) bundle PEM file that the SDK
-will use instead of the default system's root CA bundle. Use this only
-if you want to replace the CA bundle the SDK uses for TLS requests.
-
-	AWS_CA_BUNDLE=$HOME/my_custom_ca_bundle
-
-Enabling this option will attempt to merge the Transport into the SDK's HTTP
-client. If the client's Transport is not a http.Transport an error will be
-returned. If the Transport's TLS config is set this option will cause the SDK
-to overwrite the Transport's TLS config's  RootCAs value. If the CA bundle file
-contains multiple certificates all of them will be loaded.
-
-The Session option CustomCABundle is also available when creating sessions
-to also enable this feature. CustomCABundle session option field has priority
-over the AWS_CA_BUNDLE environment variable, and will be used if both are set.
-
-Setting a custom HTTPClient in the aws.Config options will override this setting.
-To use this option and custom HTTP client, the HTTP client needs to be provided
-when creating the session. Not the service client.
-
-Custom Client TLS Certificate
-
-The SDK supports the environment and session option being configured with
-Client TLS certificates that are sent as a part of the client's TLS handshake
-for client authentication. If used, both Cert and Key values are required. If
-one is missing, or either fail to load the contents of the file an error will
-be returned.
-
-HTTP Client's Transport concrete implementation must be a http.Transport
-or creating the session will fail.
-
-	AWS_SDK_GO_CLIENT_TLS_KEY=$HOME/my_client_key
-	AWS_SDK_GO_CLIENT_TLS_CERT=$HOME/my_client_cert
-
-This can also be configured via the session.Options ClientTLSCert and ClientTLSKey.
-
-	sess, err := session.NewSessionWithOptions(session.Options{
-		ClientTLSCert: myCertFile,
-		ClientTLSKey: myKeyFile,
-	})
-
-Custom EC2 IMDS Endpoint
-
-The endpoint of the EC2 IMDS client can be configured via the environment
-variable, AWS_EC2_METADATA_SERVICE_ENDPOINT when creating the client with a
-Session. See Options.EC2IMDSEndpoint for more details.
-
-  AWS_EC2_METADATA_SERVICE_ENDPOINT=http://169.254.169.254
-
-If using an URL with an IPv6 address literal, the IPv6 address
-component must be enclosed in square brackets.
-
-  AWS_EC2_METADATA_SERVICE_ENDPOINT=http://[::1]
-
-The custom EC2 IMDS endpoint can also be specified via the Session options.
-
-  sess, err := session.NewSessionWithOptions(session.Options{
-      EC2MetadataEndpoint: "http://[::1]",
-  })
-
-FIPS and DualStack Endpoints
-
-The SDK can be configured to resolve an endpoint with certain capabilities such as FIPS and DualStack.
-
-You can configure a FIPS endpoint using an environment variable, shared config ($HOME/.aws/config),
-or programmatically.
-
-To configure a FIPS endpoint set the environment variable set the AWS_USE_FIPS_ENDPOINT to true or false to enable
-or disable FIPS endpoint resolution.
-
-  AWS_USE_FIPS_ENDPOINT=true
-
-To configure a FIPS endpoint using shared config, set use_fips_endpoint to true or false to enable
-or disable FIPS endpoint resolution.
-
-  [profile myprofile]
-  region=us-west-2
-  use_fips_endpoint=true
-
-To configure a FIPS endpoint programmatically
-
-  // Option 1: Configure it on a session for all clients
-  sess, err := session.NewSessionWithOptions(session.Options{
-      UseFIPSEndpoint: endpoints.FIPSEndpointStateEnabled,
-  })
-  if err != nil {
-      // handle error
-  }
-
-  client := s3.New(sess)
-
-  // Option 2: Configure it per client
-  sess, err := session.NewSession()
-  if err != nil {
-      // handle error
-  }
-
-  client := s3.New(sess, &aws.Config{
-      UseFIPSEndpoint: endpoints.FIPSEndpointStateEnabled,
-  })
-
-You can configure a DualStack endpoint using an environment variable, shared config ($HOME/.aws/config),
-or programmatically.
-
-To configure a DualStack endpoint set the environment variable set the AWS_USE_DUALSTACK_ENDPOINT to true or false to
-enable or disable DualStack endpoint resolution.
-
-  AWS_USE_DUALSTACK_ENDPOINT=true
-
-To configure a DualStack endpoint using shared config, set use_dualstack_endpoint to true or false to enable
-or disable DualStack endpoint resolution.
-
-  [profile myprofile]
-  region=us-west-2
-  use_dualstack_endpoint=true
-
-To configure a DualStack endpoint programmatically
-
-  // Option 1: Configure it on a session for all clients
-  sess, err := session.NewSessionWithOptions(session.Options{
-      UseDualStackEndpoint: endpoints.DualStackEndpointStateEnabled,
-  })
-  if err != nil {
-      // handle error
-  }
-
-  client := s3.New(sess)
-
-  // Option 2: Configure it per client
-  sess, err := session.NewSession()
-  if err != nil {
-      // handle error
-  }
-
-  client := s3.New(sess, &aws.Config{
-      UseDualStackEndpoint: endpoints.DualStackEndpointStateEnabled,
-  })
-*/
-package session
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/session/env_config.go b/vendor/github.com/aws/aws-sdk-go/aws/session/env_config.go
deleted file mode 100644
index d6fa24776..000000000
--- a/vendor/github.com/aws/aws-sdk-go/aws/session/env_config.go
+++ /dev/null
@@ -1,471 +0,0 @@
-package session
-
-import (
-	"fmt"
-	"os"
-	"strconv"
-	"strings"
-
-	"github.com/aws/aws-sdk-go/aws"
-	"github.com/aws/aws-sdk-go/aws/credentials"
-	"github.com/aws/aws-sdk-go/aws/defaults"
-	"github.com/aws/aws-sdk-go/aws/endpoints"
-)
-
-// EnvProviderName provides a name of the provider when config is loaded from environment.
-const EnvProviderName = "EnvConfigCredentials"
-
-// envConfig is a collection of environment values the SDK will read
-// setup config from. All environment values are optional. But some values
-// such as credentials require multiple values to be complete or the values
-// will be ignored.
-type envConfig struct {
-	// Environment configuration values. If set both Access Key ID and Secret Access
-	// Key must be provided. Session Token and optionally also be provided, but is
-	// not required.
-	//
-	//	# Access Key ID
-	//	AWS_ACCESS_KEY_ID=AKID
-	//	AWS_ACCESS_KEY=AKID # only read if AWS_ACCESS_KEY_ID is not set.
-	//
-	//	# Secret Access Key
-	//	AWS_SECRET_ACCESS_KEY=SECRET
-	//	AWS_SECRET_KEY=SECRET=SECRET # only read if AWS_SECRET_ACCESS_KEY is not set.
-	//
-	//	# Session Token
-	//	AWS_SESSION_TOKEN=TOKEN
-	Creds credentials.Value
-
-	// Region value will instruct the SDK where to make service API requests to. If is
-	// not provided in the environment the region must be provided before a service
-	// client request is made.
-	//
-	//	AWS_REGION=us-east-1
-	//
-	//	# AWS_DEFAULT_REGION is only read if AWS_SDK_LOAD_CONFIG is also set,
-	//	# and AWS_REGION is not also set.
-	//	AWS_DEFAULT_REGION=us-east-1
-	Region string
-
-	// Profile name the SDK should load use when loading shared configuration from the
-	// shared configuration files. If not provided "default" will be used as the
-	// profile name.
-	//
-	//	AWS_PROFILE=my_profile
-	//
-	//	# AWS_DEFAULT_PROFILE is only read if AWS_SDK_LOAD_CONFIG is also set,
-	//	# and AWS_PROFILE is not also set.
-	//	AWS_DEFAULT_PROFILE=my_profile
-	Profile string
-
-	// SDK load config instructs the SDK to load the shared config in addition to
-	// shared credentials. This also expands the configuration loaded from the shared
-	// credentials to have parity with the shared config file. This also enables
-	// Region and Profile support for the AWS_DEFAULT_REGION and AWS_DEFAULT_PROFILE
-	// env values as well.
-	//
-	//	AWS_SDK_LOAD_CONFIG=1
-	EnableSharedConfig bool
-
-	// Shared credentials file path can be set to instruct the SDK to use an alternate
-	// file for the shared credentials. If not set the file will be loaded from
-	// $HOME/.aws/credentials on Linux/Unix based systems, and
-	// %USERPROFILE%\.aws\credentials on Windows.
-	//
-	//	AWS_SHARED_CREDENTIALS_FILE=$HOME/my_shared_credentials
-	SharedCredentialsFile string
-
-	// Shared config file path can be set to instruct the SDK to use an alternate
-	// file for the shared config. If not set the file will be loaded from
-	// $HOME/.aws/config on Linux/Unix based systems, and
-	// %USERPROFILE%\.aws\config on Windows.
-	//
-	//	AWS_CONFIG_FILE=$HOME/my_shared_config
-	SharedConfigFile string
-
-	// Sets the path to a custom Credentials Authority (CA) Bundle PEM file
-	// that the SDK will use instead of the system's root CA bundle.
-	// Only use this if you want to configure the SDK to use a custom set
-	// of CAs.
-	//
-	// Enabling this option will attempt to merge the Transport
-	// into the SDK's HTTP client. If the client's Transport is
-	// not a http.Transport an error will be returned. If the
-	// Transport's TLS config is set this option will cause the
-	// SDK to overwrite the Transport's TLS config's  RootCAs value.
-	//
-	// Setting a custom HTTPClient in the aws.Config options will override this setting.
-	// To use this option and custom HTTP client, the HTTP client needs to be provided
-	// when creating the session. Not the service client.
-	//
-	//  AWS_CA_BUNDLE=$HOME/my_custom_ca_bundle
-	CustomCABundle string
-
-	// Sets the TLC client certificate that should be used by the SDK's HTTP transport
-	// when making requests. The certificate must be paired with a TLS client key file.
-	//
-	//  AWS_SDK_GO_CLIENT_TLS_CERT=$HOME/my_client_cert
-	ClientTLSCert string
-
-	// Sets the TLC client key that should be used by the SDK's HTTP transport
-	// when making requests. The key must be paired with a TLS client certificate file.
-	//
-	//  AWS_SDK_GO_CLIENT_TLS_KEY=$HOME/my_client_key
-	ClientTLSKey string
-
-	csmEnabled  string
-	CSMEnabled  *bool
-	CSMPort     string
-	CSMHost     string
-	CSMClientID string
-
-	// Enables endpoint discovery via environment variables.
-	//
-	//	AWS_ENABLE_ENDPOINT_DISCOVERY=true
-	EnableEndpointDiscovery *bool
-	enableEndpointDiscovery string
-
-	// Specifies the WebIdentity token the SDK should use to assume a role
-	// with.
-	//
-	//  AWS_WEB_IDENTITY_TOKEN_FILE=file_path
-	WebIdentityTokenFilePath string
-
-	// Specifies the IAM role arn to use when assuming an role.
-	//
-	//  AWS_ROLE_ARN=role_arn
-	RoleARN string
-
-	// Specifies the IAM role session name to use when assuming a role.
-	//
-	//  AWS_ROLE_SESSION_NAME=session_name
-	RoleSessionName string
-
-	// Specifies the STS Regional Endpoint flag for the SDK to resolve the endpoint
-	// for a service.
-	//
-	// AWS_STS_REGIONAL_ENDPOINTS=regional
-	// This can take value as `regional` or `legacy`
-	STSRegionalEndpoint endpoints.STSRegionalEndpoint
-
-	// Specifies the S3 Regional Endpoint flag for the SDK to resolve the
-	// endpoint for a service.
-	//
-	// AWS_S3_US_EAST_1_REGIONAL_ENDPOINT=regional
-	// This can take value as `regional` or `legacy`
-	S3UsEast1RegionalEndpoint endpoints.S3UsEast1RegionalEndpoint
-
-	// Specifies if the S3 service should allow ARNs to direct the region
-	// the client's requests are sent to.
-	//
-	// AWS_S3_USE_ARN_REGION=true
-	S3UseARNRegion bool
-
-	// Specifies the EC2 Instance Metadata Service endpoint to use. If specified it overrides EC2IMDSEndpointMode.
-	//
-	// AWS_EC2_METADATA_SERVICE_ENDPOINT=http://[::1]
-	EC2IMDSEndpoint string
-
-	// Specifies the EC2 Instance Metadata Service default endpoint selection mode (IPv4 or IPv6)
-	//
-	// AWS_EC2_METADATA_SERVICE_ENDPOINT_MODE=IPv6
-	EC2IMDSEndpointMode endpoints.EC2IMDSEndpointModeState
-
-	// Specifies that SDK clients must resolve a dual-stack endpoint for
-	// services.
-	//
-	// AWS_USE_DUALSTACK_ENDPOINT=true
-	UseDualStackEndpoint endpoints.DualStackEndpointState
-
-	// Specifies that SDK clients must resolve a FIPS endpoint for
-	// services.
-	//
-	// AWS_USE_FIPS_ENDPOINT=true
-	UseFIPSEndpoint endpoints.FIPSEndpointState
-}
-
-var (
-	csmEnabledEnvKey = []string{
-		"AWS_CSM_ENABLED",
-	}
-	csmHostEnvKey = []string{
-		"AWS_CSM_HOST",
-	}
-	csmPortEnvKey = []string{
-		"AWS_CSM_PORT",
-	}
-	csmClientIDEnvKey = []string{
-		"AWS_CSM_CLIENT_ID",
-	}
-	credAccessEnvKey = []string{
-		"AWS_ACCESS_KEY_ID",
-		"AWS_ACCESS_KEY",
-	}
-	credSecretEnvKey = []string{
-		"AWS_SECRET_ACCESS_KEY",
-		"AWS_SECRET_KEY",
-	}
-	credSessionEnvKey = []string{
-		"AWS_SESSION_TOKEN",
-	}
-
-	enableEndpointDiscoveryEnvKey = []string{
-		"AWS_ENABLE_ENDPOINT_DISCOVERY",
-	}
-
-	regionEnvKeys = []string{
-		"AWS_REGION",
-		"AWS_DEFAULT_REGION", // Only read if AWS_SDK_LOAD_CONFIG is also set
-	}
-	profileEnvKeys = []string{
-		"AWS_PROFILE",
-		"AWS_DEFAULT_PROFILE", // Only read if AWS_SDK_LOAD_CONFIG is also set
-	}
-	sharedCredsFileEnvKey = []string{
-		"AWS_SHARED_CREDENTIALS_FILE",
-	}
-	sharedConfigFileEnvKey = []string{
-		"AWS_CONFIG_FILE",
-	}
-	webIdentityTokenFilePathEnvKey = []string{
-		"AWS_WEB_IDENTITY_TOKEN_FILE",
-	}
-	roleARNEnvKey = []string{
-		"AWS_ROLE_ARN",
-	}
-	roleSessionNameEnvKey = []string{
-		"AWS_ROLE_SESSION_NAME",
-	}
-	stsRegionalEndpointKey = []string{
-		"AWS_STS_REGIONAL_ENDPOINTS",
-	}
-	s3UsEast1RegionalEndpoint = []string{
-		"AWS_S3_US_EAST_1_REGIONAL_ENDPOINT",
-	}
-	s3UseARNRegionEnvKey = []string{
-		"AWS_S3_USE_ARN_REGION",
-	}
-	ec2IMDSEndpointEnvKey = []string{
-		"AWS_EC2_METADATA_SERVICE_ENDPOINT",
-	}
-	ec2IMDSEndpointModeEnvKey = []string{
-		"AWS_EC2_METADATA_SERVICE_ENDPOINT_MODE",
-	}
-	useCABundleKey = []string{
-		"AWS_CA_BUNDLE",
-	}
-	useClientTLSCert = []string{
-		"AWS_SDK_GO_CLIENT_TLS_CERT",
-	}
-	useClientTLSKey = []string{
-		"AWS_SDK_GO_CLIENT_TLS_KEY",
-	}
-	awsUseDualStackEndpoint = []string{
-		"AWS_USE_DUALSTACK_ENDPOINT",
-	}
-	awsUseFIPSEndpoint = []string{
-		"AWS_USE_FIPS_ENDPOINT",
-	}
-)
-
-// loadEnvConfig retrieves the SDK's environment configuration.
-// See `envConfig` for the values that will be retrieved.
-//
-// If the environment variable `AWS_SDK_LOAD_CONFIG` is set to a truthy value
-// the shared SDK config will be loaded in addition to the SDK's specific
-// configuration values.
-func loadEnvConfig() (envConfig, error) {
-	enableSharedConfig, _ := strconv.ParseBool(os.Getenv("AWS_SDK_LOAD_CONFIG"))
-	return envConfigLoad(enableSharedConfig)
-}
-
-// loadEnvSharedConfig retrieves the SDK's environment configuration, and the
-// SDK shared config. See `envConfig` for the values that will be retrieved.
-//
-// Loads the shared configuration in addition to the SDK's specific configuration.
-// This will load the same values as `loadEnvConfig` if the `AWS_SDK_LOAD_CONFIG`
-// environment variable is set.
-func loadSharedEnvConfig() (envConfig, error) {
-	return envConfigLoad(true)
-}
-
-func envConfigLoad(enableSharedConfig bool) (envConfig, error) {
-	cfg := envConfig{}
-
-	cfg.EnableSharedConfig = enableSharedConfig
-
-	// Static environment credentials
-	var creds credentials.Value
-	setFromEnvVal(&creds.AccessKeyID, credAccessEnvKey)
-	setFromEnvVal(&creds.SecretAccessKey, credSecretEnvKey)
-	setFromEnvVal(&creds.SessionToken, credSessionEnvKey)
-	if creds.HasKeys() {
-		// Require logical grouping of credentials
-		creds.ProviderName = EnvProviderName
-		cfg.Creds = creds
-	}
-
-	// Role Metadata
-	setFromEnvVal(&cfg.RoleARN, roleARNEnvKey)
-	setFromEnvVal(&cfg.RoleSessionName, roleSessionNameEnvKey)
-
-	// Web identity environment variables
-	setFromEnvVal(&cfg.WebIdentityTokenFilePath, webIdentityTokenFilePathEnvKey)
-
-	// CSM environment variables
-	setFromEnvVal(&cfg.csmEnabled, csmEnabledEnvKey)
-	setFromEnvVal(&cfg.CSMHost, csmHostEnvKey)
-	setFromEnvVal(&cfg.CSMPort, csmPortEnvKey)
-	setFromEnvVal(&cfg.CSMClientID, csmClientIDEnvKey)
-
-	if len(cfg.csmEnabled) != 0 {
-		v, _ := strconv.ParseBool(cfg.csmEnabled)
-		cfg.CSMEnabled = &v
-	}
-
-	regionKeys := regionEnvKeys
-	profileKeys := profileEnvKeys
-	if !cfg.EnableSharedConfig {
-		regionKeys = regionKeys[:1]
-		profileKeys = profileKeys[:1]
-	}
-
-	setFromEnvVal(&cfg.Region, regionKeys)
-	setFromEnvVal(&cfg.Profile, profileKeys)
-
-	// endpoint discovery is in reference to it being enabled.
-	setFromEnvVal(&cfg.enableEndpointDiscovery, enableEndpointDiscoveryEnvKey)
-	if len(cfg.enableEndpointDiscovery) > 0 {
-		cfg.EnableEndpointDiscovery = aws.Bool(cfg.enableEndpointDiscovery != "false")
-	}
-
-	setFromEnvVal(&cfg.SharedCredentialsFile, sharedCredsFileEnvKey)
-	setFromEnvVal(&cfg.SharedConfigFile, sharedConfigFileEnvKey)
-
-	if len(cfg.SharedCredentialsFile) == 0 {
-		cfg.SharedCredentialsFile = defaults.SharedCredentialsFilename()
-	}
-	if len(cfg.SharedConfigFile) == 0 {
-		cfg.SharedConfigFile = defaults.SharedConfigFilename()
-	}
-
-	setFromEnvVal(&cfg.CustomCABundle, useCABundleKey)
-	setFromEnvVal(&cfg.ClientTLSCert, useClientTLSCert)
-	setFromEnvVal(&cfg.ClientTLSKey, useClientTLSKey)
-
-	var err error
-	// STS Regional Endpoint variable
-	for _, k := range stsRegionalEndpointKey {
-		if v := os.Getenv(k); len(v) != 0 {
-			cfg.STSRegionalEndpoint, err = endpoints.GetSTSRegionalEndpoint(v)
-			if err != nil {
-				return cfg, fmt.Errorf("failed to load, %v from env config, %v", k, err)
-			}
-		}
-	}
-
-	// S3 Regional Endpoint variable
-	for _, k := range s3UsEast1RegionalEndpoint {
-		if v := os.Getenv(k); len(v) != 0 {
-			cfg.S3UsEast1RegionalEndpoint, err = endpoints.GetS3UsEast1RegionalEndpoint(v)
-			if err != nil {
-				return cfg, fmt.Errorf("failed to load, %v from env config, %v", k, err)
-			}
-		}
-	}
-
-	var s3UseARNRegion string
-	setFromEnvVal(&s3UseARNRegion, s3UseARNRegionEnvKey)
-	if len(s3UseARNRegion) != 0 {
-		switch {
-		case strings.EqualFold(s3UseARNRegion, "false"):
-			cfg.S3UseARNRegion = false
-		case strings.EqualFold(s3UseARNRegion, "true"):
-			cfg.S3UseARNRegion = true
-		default:
-			return envConfig{}, fmt.Errorf(
-				"invalid value for environment variable, %s=%s, need true or false",
-				s3UseARNRegionEnvKey[0], s3UseARNRegion)
-		}
-	}
-
-	setFromEnvVal(&cfg.EC2IMDSEndpoint, ec2IMDSEndpointEnvKey)
-	if err := setEC2IMDSEndpointMode(&cfg.EC2IMDSEndpointMode, ec2IMDSEndpointModeEnvKey); err != nil {
-		return envConfig{}, err
-	}
-
-	if err := setUseDualStackEndpointFromEnvVal(&cfg.UseDualStackEndpoint, awsUseDualStackEndpoint); err != nil {
-		return cfg, err
-	}
-
-	if err := setUseFIPSEndpointFromEnvVal(&cfg.UseFIPSEndpoint, awsUseFIPSEndpoint); err != nil {
-		return cfg, err
-	}
-
-	return cfg, nil
-}
-
-func setFromEnvVal(dst *string, keys []string) {
-	for _, k := range keys {
-		if v := os.Getenv(k); len(v) != 0 {
-			*dst = v
-			break
-		}
-	}
-}
-
-func setEC2IMDSEndpointMode(mode *endpoints.EC2IMDSEndpointModeState, keys []string) error {
-	for _, k := range keys {
-		value := os.Getenv(k)
-		if len(value) == 0 {
-			continue
-		}
-		if err := mode.SetFromString(value); err != nil {
-			return fmt.Errorf("invalid value for environment variable, %s=%s, %v", k, value, err)
-		}
-		return nil
-	}
-	return nil
-}
-
-func setUseDualStackEndpointFromEnvVal(dst *endpoints.DualStackEndpointState, keys []string) error {
-	for _, k := range keys {
-		value := os.Getenv(k)
-		if len(value) == 0 {
-			continue // skip if empty
-		}
-
-		switch {
-		case strings.EqualFold(value, "true"):
-			*dst = endpoints.DualStackEndpointStateEnabled
-		case strings.EqualFold(value, "false"):
-			*dst = endpoints.DualStackEndpointStateDisabled
-		default:
-			return fmt.Errorf(
-				"invalid value for environment variable, %s=%s, need true, false",
-				k, value)
-		}
-	}
-	return nil
-}
-
-func setUseFIPSEndpointFromEnvVal(dst *endpoints.FIPSEndpointState, keys []string) error {
-	for _, k := range keys {
-		value := os.Getenv(k)
-		if len(value) == 0 {
-			continue // skip if empty
-		}
-
-		switch {
-		case strings.EqualFold(value, "true"):
-			*dst = endpoints.FIPSEndpointStateEnabled
-		case strings.EqualFold(value, "false"):
-			*dst = endpoints.FIPSEndpointStateDisabled
-		default:
-			return fmt.Errorf(
-				"invalid value for environment variable, %s=%s, need true, false",
-				k, value)
-		}
-	}
-	return nil
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/session/session.go b/vendor/github.com/aws/aws-sdk-go/aws/session/session.go
deleted file mode 100644
index cbccb60bb..000000000
--- a/vendor/github.com/aws/aws-sdk-go/aws/session/session.go
+++ /dev/null
@@ -1,997 +0,0 @@
-package session
-
-import (
-	"crypto/tls"
-	"crypto/x509"
-	"fmt"
-	"io"
-	"io/ioutil"
-	"net/http"
-	"os"
-	"strings"
-	"time"
-
-	"github.com/aws/aws-sdk-go/aws"
-	"github.com/aws/aws-sdk-go/aws/awserr"
-	"github.com/aws/aws-sdk-go/aws/client"
-	"github.com/aws/aws-sdk-go/aws/corehandlers"
-	"github.com/aws/aws-sdk-go/aws/credentials"
-	"github.com/aws/aws-sdk-go/aws/csm"
-	"github.com/aws/aws-sdk-go/aws/defaults"
-	"github.com/aws/aws-sdk-go/aws/endpoints"
-	"github.com/aws/aws-sdk-go/aws/request"
-)
-
-const (
-	// ErrCodeSharedConfig represents an error that occurs in the shared
-	// configuration logic
-	ErrCodeSharedConfig = "SharedConfigErr"
-
-	// ErrCodeLoadCustomCABundle error code for unable to load custom CA bundle.
-	ErrCodeLoadCustomCABundle = "LoadCustomCABundleError"
-
-	// ErrCodeLoadClientTLSCert error code for unable to load client TLS
-	// certificate or key
-	ErrCodeLoadClientTLSCert = "LoadClientTLSCertError"
-)
-
-// ErrSharedConfigSourceCollision will be returned if a section contains both
-// source_profile and credential_source
-var ErrSharedConfigSourceCollision = awserr.New(ErrCodeSharedConfig, "only one credential type may be specified per profile: source profile, credential source, credential process, web identity token, or sso", nil)
-
-// ErrSharedConfigECSContainerEnvVarEmpty will be returned if the environment
-// variables are empty and Environment was set as the credential source
-var ErrSharedConfigECSContainerEnvVarEmpty = awserr.New(ErrCodeSharedConfig, "EcsContainer was specified as the credential_source, but 'AWS_CONTAINER_CREDENTIALS_RELATIVE_URI' was not set", nil)
-
-// ErrSharedConfigInvalidCredSource will be returned if an invalid credential source was provided
-var ErrSharedConfigInvalidCredSource = awserr.New(ErrCodeSharedConfig, "credential source values must be EcsContainer, Ec2InstanceMetadata, or Environment", nil)
-
-// A Session provides a central location to create service clients from and
-// store configurations and request handlers for those services.
-//
-// Sessions are safe to create service clients concurrently, but it is not safe
-// to mutate the Session concurrently.
-//
-// The Session satisfies the service client's client.ConfigProvider.
-type Session struct {
-	Config   *aws.Config
-	Handlers request.Handlers
-
-	options Options
-}
-
-// New creates a new instance of the handlers merging in the provided configs
-// on top of the SDK's default configurations. Once the Session is created it
-// can be mutated to modify the Config or Handlers. The Session is safe to be
-// read concurrently, but it should not be written to concurrently.
-//
-// If the AWS_SDK_LOAD_CONFIG environment is set to a truthy value, the New
-// method could now encounter an error when loading the configuration. When
-// The environment variable is set, and an error occurs, New will return a
-// session that will fail all requests reporting the error that occurred while
-// loading the session. Use NewSession to get the error when creating the
-// session.
-//
-// If the AWS_SDK_LOAD_CONFIG environment variable is set to a truthy value
-// the shared config file (~/.aws/config) will also be loaded, in addition to
-// the shared credentials file (~/.aws/credentials). Values set in both the
-// shared config, and shared credentials will be taken from the shared
-// credentials file.
-//
-// Deprecated: Use NewSession functions to create sessions instead. NewSession
-// has the same functionality as New except an error can be returned when the
-// func is called instead of waiting to receive an error until a request is made.
-func New(cfgs ...*aws.Config) *Session {
-	// load initial config from environment
-	envCfg, envErr := loadEnvConfig()
-
-	if envCfg.EnableSharedConfig {
-		var cfg aws.Config
-		cfg.MergeIn(cfgs...)
-		s, err := NewSessionWithOptions(Options{
-			Config:            cfg,
-			SharedConfigState: SharedConfigEnable,
-		})
-		if err != nil {
-			// Old session.New expected all errors to be discovered when
-			// a request is made, and would report the errors then. This
-			// needs to be replicated if an error occurs while creating
-			// the session.
-			msg := "failed to create session with AWS_SDK_LOAD_CONFIG enabled. " +
-				"Use session.NewSession to handle errors occurring during session creation."
-
-			// Session creation failed, need to report the error and prevent
-			// any requests from succeeding.
-			s = &Session{Config: defaults.Config()}
-			s.logDeprecatedNewSessionError(msg, err, cfgs)
-		}
-
-		return s
-	}
-
-	s := deprecatedNewSession(envCfg, cfgs...)
-	if envErr != nil {
-		msg := "failed to load env config"
-		s.logDeprecatedNewSessionError(msg, envErr, cfgs)
-	}
-
-	if csmCfg, err := loadCSMConfig(envCfg, []string{}); err != nil {
-		if l := s.Config.Logger; l != nil {
-			l.Log(fmt.Sprintf("ERROR: failed to load CSM configuration, %v", err))
-		}
-	} else if csmCfg.Enabled {
-		err := enableCSM(&s.Handlers, csmCfg, s.Config.Logger)
-		if err != nil {
-			msg := "failed to enable CSM"
-			s.logDeprecatedNewSessionError(msg, err, cfgs)
-		}
-	}
-
-	return s
-}
-
-// NewSession returns a new Session created from SDK defaults, config files,
-// environment, and user provided config files. Once the Session is created
-// it can be mutated to modify the Config or Handlers. The Session is safe to
-// be read concurrently, but it should not be written to concurrently.
-//
-// If the AWS_SDK_LOAD_CONFIG environment variable is set to a truthy value
-// the shared config file (~/.aws/config) will also be loaded in addition to
-// the shared credentials file (~/.aws/credentials). Values set in both the
-// shared config, and shared credentials will be taken from the shared
-// credentials file. Enabling the Shared Config will also allow the Session
-// to be built with retrieving credentials with AssumeRole set in the config.
-//
-// See the NewSessionWithOptions func for information on how to override or
-// control through code how the Session will be created, such as specifying the
-// config profile, and controlling if shared config is enabled or not.
-func NewSession(cfgs ...*aws.Config) (*Session, error) {
-	opts := Options{}
-	opts.Config.MergeIn(cfgs...)
-
-	return NewSessionWithOptions(opts)
-}
-
-// SharedConfigState provides the ability to optionally override the state
-// of the session's creation based on the shared config being enabled or
-// disabled.
-type SharedConfigState int
-
-const (
-	// SharedConfigStateFromEnv does not override any state of the
-	// AWS_SDK_LOAD_CONFIG env var. It is the default value of the
-	// SharedConfigState type.
-	SharedConfigStateFromEnv SharedConfigState = iota
-
-	// SharedConfigDisable overrides the AWS_SDK_LOAD_CONFIG env var value
-	// and disables the shared config functionality.
-	SharedConfigDisable
-
-	// SharedConfigEnable overrides the AWS_SDK_LOAD_CONFIG env var value
-	// and enables the shared config functionality.
-	SharedConfigEnable
-)
-
-// Options provides the means to control how a Session is created and what
-// configuration values will be loaded.
-type Options struct {
-	// Provides config values for the SDK to use when creating service clients
-	// and making API requests to services. Any value set in with this field
-	// will override the associated value provided by the SDK defaults,
-	// environment or config files where relevant.
-	//
-	// If not set, configuration values from from SDK defaults, environment,
-	// config will be used.
-	Config aws.Config
-
-	// Overrides the config profile the Session should be created from. If not
-	// set the value of the environment variable will be loaded (AWS_PROFILE,
-	// or AWS_DEFAULT_PROFILE if the Shared Config is enabled).
-	//
-	// If not set and environment variables are not set the "default"
-	// (DefaultSharedConfigProfile) will be used as the profile to load the
-	// session config from.
-	Profile string
-
-	// Instructs how the Session will be created based on the AWS_SDK_LOAD_CONFIG
-	// environment variable. By default a Session will be created using the
-	// value provided by the AWS_SDK_LOAD_CONFIG environment variable.
-	//
-	// Setting this value to SharedConfigEnable or SharedConfigDisable
-	// will allow you to override the AWS_SDK_LOAD_CONFIG environment variable
-	// and enable or disable the shared config functionality.
-	SharedConfigState SharedConfigState
-
-	// Ordered list of files the session will load configuration from.
-	// It will override environment variable AWS_SHARED_CREDENTIALS_FILE, AWS_CONFIG_FILE.
-	SharedConfigFiles []string
-
-	// When the SDK's shared config is configured to assume a role with MFA
-	// this option is required in order to provide the mechanism that will
-	// retrieve the MFA token. There is no default value for this field. If
-	// it is not set an error will be returned when creating the session.
-	//
-	// This token provider will be called when ever the assumed role's
-	// credentials need to be refreshed. Within the context of service clients
-	// all sharing the same session the SDK will ensure calls to the token
-	// provider are atomic. When sharing a token provider across multiple
-	// sessions additional synchronization logic is needed to ensure the
-	// token providers do not introduce race conditions. It is recommend to
-	// share the session where possible.
-	//
-	// stscreds.StdinTokenProvider is a basic implementation that will prompt
-	// from stdin for the MFA token code.
-	//
-	// This field is only used if the shared configuration is enabled, and
-	// the config enables assume role with MFA via the mfa_serial field.
-	AssumeRoleTokenProvider func() (string, error)
-
-	// When the SDK's shared config is configured to assume a role this option
-	// may be provided to set the expiry duration of the STS credentials.
-	// Defaults to 15 minutes if not set as documented in the
-	// stscreds.AssumeRoleProvider.
-	AssumeRoleDuration time.Duration
-
-	// Reader for a custom Credentials Authority (CA) bundle in PEM format that
-	// the SDK will use instead of the default system's root CA bundle. Use this
-	// only if you want to replace the CA bundle the SDK uses for TLS requests.
-	//
-	// HTTP Client's Transport concrete implementation must be a http.Transport
-	// or creating the session will fail.
-	//
-	// If the Transport's TLS config is set this option will cause the SDK
-	// to overwrite the Transport's TLS config's  RootCAs value. If the CA
-	// bundle reader contains multiple certificates all of them will be loaded.
-	//
-	// Can also be specified via the environment variable:
-	//
-	//  AWS_CA_BUNDLE=$HOME/ca_bundle
-	//
-	// Can also be specified via the shared config field:
-	//
-	//  ca_bundle = $HOME/ca_bundle
-	CustomCABundle io.Reader
-
-	// Reader for the TLC client certificate that should be used by the SDK's
-	// HTTP transport when making requests. The certificate must be paired with
-	// a TLS client key file. Will be ignored if both are not provided.
-	//
-	// HTTP Client's Transport concrete implementation must be a http.Transport
-	// or creating the session will fail.
-	//
-	// Can also be specified via the environment variable:
-	//
-	//  AWS_SDK_GO_CLIENT_TLS_CERT=$HOME/my_client_cert
-	ClientTLSCert io.Reader
-
-	// Reader for the TLC client key that should be used by the SDK's HTTP
-	// transport when making requests. The key must be paired with a TLS client
-	// certificate file. Will be ignored if both are not provided.
-	//
-	// HTTP Client's Transport concrete implementation must be a http.Transport
-	// or creating the session will fail.
-	//
-	// Can also be specified via the environment variable:
-	//
-	//  AWS_SDK_GO_CLIENT_TLS_KEY=$HOME/my_client_key
-	ClientTLSKey io.Reader
-
-	// The handlers that the session and all API clients will be created with.
-	// This must be a complete set of handlers. Use the defaults.Handlers()
-	// function to initialize this value before changing the handlers to be
-	// used by the SDK.
-	Handlers request.Handlers
-
-	// Allows specifying a custom endpoint to be used by the EC2 IMDS client
-	// when making requests to the EC2 IMDS API. The endpoint value should
-	// include the URI scheme. If the scheme is not present it will be defaulted to http.
-	//
-	// If unset, will the EC2 IMDS client will use its default endpoint.
-	//
-	// Can also be specified via the environment variable,
-	// AWS_EC2_METADATA_SERVICE_ENDPOINT.
-	//
-	//   AWS_EC2_METADATA_SERVICE_ENDPOINT=http://169.254.169.254
-	//
-	// If using an URL with an IPv6 address literal, the IPv6 address
-	// component must be enclosed in square brackets.
-	//
-	//   AWS_EC2_METADATA_SERVICE_ENDPOINT=http://[::1]
-	EC2IMDSEndpoint string
-
-	// Specifies the EC2 Instance Metadata Service default endpoint selection mode (IPv4 or IPv6)
-	//
-	// AWS_EC2_METADATA_SERVICE_ENDPOINT_MODE=IPv6
-	EC2IMDSEndpointMode endpoints.EC2IMDSEndpointModeState
-
-	// Specifies options for creating credential providers.
-	// These are only used if the aws.Config does not already
-	// include credentials.
-	CredentialsProviderOptions *CredentialsProviderOptions
-}
-
-// NewSessionWithOptions returns a new Session created from SDK defaults, config files,
-// environment, and user provided config files. This func uses the Options
-// values to configure how the Session is created.
-//
-// If the AWS_SDK_LOAD_CONFIG environment variable is set to a truthy value
-// the shared config file (~/.aws/config) will also be loaded in addition to
-// the shared credentials file (~/.aws/credentials). Values set in both the
-// shared config, and shared credentials will be taken from the shared
-// credentials file. Enabling the Shared Config will also allow the Session
-// to be built with retrieving credentials with AssumeRole set in the config.
-//
-//	// Equivalent to session.New
-//	sess := session.Must(session.NewSessionWithOptions(session.Options{}))
-//
-//	// Specify profile to load for the session's config
-//	sess := session.Must(session.NewSessionWithOptions(session.Options{
-//	     Profile: "profile_name",
-//	}))
-//
-//	// Specify profile for config and region for requests
-//	sess := session.Must(session.NewSessionWithOptions(session.Options{
-//	     Config: aws.Config{Region: aws.String("us-east-1")},
-//	     Profile: "profile_name",
-//	}))
-//
-//	// Force enable Shared Config support
-//	sess := session.Must(session.NewSessionWithOptions(session.Options{
-//	    SharedConfigState: session.SharedConfigEnable,
-//	}))
-func NewSessionWithOptions(opts Options) (*Session, error) {
-	var envCfg envConfig
-	var err error
-	if opts.SharedConfigState == SharedConfigEnable {
-		envCfg, err = loadSharedEnvConfig()
-		if err != nil {
-			return nil, fmt.Errorf("failed to load shared config, %v", err)
-		}
-	} else {
-		envCfg, err = loadEnvConfig()
-		if err != nil {
-			return nil, fmt.Errorf("failed to load environment config, %v", err)
-		}
-	}
-
-	if len(opts.Profile) != 0 {
-		envCfg.Profile = opts.Profile
-	}
-
-	switch opts.SharedConfigState {
-	case SharedConfigDisable:
-		envCfg.EnableSharedConfig = false
-	case SharedConfigEnable:
-		envCfg.EnableSharedConfig = true
-	}
-
-	return newSession(opts, envCfg, &opts.Config)
-}
-
-// Must is a helper function to ensure the Session is valid and there was no
-// error when calling a NewSession function.
-//
-// This helper is intended to be used in variable initialization to load the
-// Session and configuration at startup. Such as:
-//
-//	var sess = session.Must(session.NewSession())
-func Must(sess *Session, err error) *Session {
-	if err != nil {
-		panic(err)
-	}
-
-	return sess
-}
-
-// Wraps the endpoint resolver with a resolver that will return a custom
-// endpoint for EC2 IMDS.
-func wrapEC2IMDSEndpoint(resolver endpoints.Resolver, endpoint string, mode endpoints.EC2IMDSEndpointModeState) endpoints.Resolver {
-	return endpoints.ResolverFunc(
-		func(service, region string, opts ...func(*endpoints.Options)) (
-			endpoints.ResolvedEndpoint, error,
-		) {
-			if service == ec2MetadataServiceID && len(endpoint) > 0 {
-				return endpoints.ResolvedEndpoint{
-					URL:           endpoint,
-					SigningName:   ec2MetadataServiceID,
-					SigningRegion: region,
-				}, nil
-			} else if service == ec2MetadataServiceID {
-				opts = append(opts, func(o *endpoints.Options) {
-					o.EC2MetadataEndpointMode = mode
-				})
-			}
-			return resolver.EndpointFor(service, region, opts...)
-		})
-}
-
-func deprecatedNewSession(envCfg envConfig, cfgs ...*aws.Config) *Session {
-	cfg := defaults.Config()
-	handlers := defaults.Handlers()
-
-	// Apply the passed in configs so the configuration can be applied to the
-	// default credential chain
-	cfg.MergeIn(cfgs...)
-	if cfg.EndpointResolver == nil {
-		// An endpoint resolver is required for a session to be able to provide
-		// endpoints for service client configurations.
-		cfg.EndpointResolver = endpoints.DefaultResolver()
-	}
-
-	if !(len(envCfg.EC2IMDSEndpoint) == 0 && envCfg.EC2IMDSEndpointMode == endpoints.EC2IMDSEndpointModeStateUnset) {
-		cfg.EndpointResolver = wrapEC2IMDSEndpoint(cfg.EndpointResolver, envCfg.EC2IMDSEndpoint, envCfg.EC2IMDSEndpointMode)
-	}
-
-	cfg.Credentials = defaults.CredChain(cfg, handlers)
-
-	// Reapply any passed in configs to override credentials if set
-	cfg.MergeIn(cfgs...)
-
-	s := &Session{
-		Config:   cfg,
-		Handlers: handlers,
-		options: Options{
-			EC2IMDSEndpoint: envCfg.EC2IMDSEndpoint,
-		},
-	}
-
-	initHandlers(s)
-	return s
-}
-
-func enableCSM(handlers *request.Handlers, cfg csmConfig, logger aws.Logger) error {
-	if logger != nil {
-		logger.Log("Enabling CSM")
-	}
-
-	r, err := csm.Start(cfg.ClientID, csm.AddressWithDefaults(cfg.Host, cfg.Port))
-	if err != nil {
-		return err
-	}
-	r.InjectHandlers(handlers)
-
-	return nil
-}
-
-func newSession(opts Options, envCfg envConfig, cfgs ...*aws.Config) (*Session, error) {
-	cfg := defaults.Config()
-
-	handlers := opts.Handlers
-	if handlers.IsEmpty() {
-		handlers = defaults.Handlers()
-	}
-
-	// Get a merged version of the user provided config to determine if
-	// credentials were.
-	userCfg := &aws.Config{}
-	userCfg.MergeIn(cfgs...)
-	cfg.MergeIn(userCfg)
-
-	// Ordered config files will be loaded in with later files overwriting
-	// previous config file values.
-	var cfgFiles []string
-	if opts.SharedConfigFiles != nil {
-		cfgFiles = opts.SharedConfigFiles
-	} else {
-		cfgFiles = []string{envCfg.SharedConfigFile, envCfg.SharedCredentialsFile}
-		if !envCfg.EnableSharedConfig {
-			// The shared config file (~/.aws/config) is only loaded if instructed
-			// to load via the envConfig.EnableSharedConfig (AWS_SDK_LOAD_CONFIG).
-			cfgFiles = cfgFiles[1:]
-		}
-	}
-
-	// Load additional config from file(s)
-	sharedCfg, err := loadSharedConfig(envCfg.Profile, cfgFiles, envCfg.EnableSharedConfig)
-	if err != nil {
-		if len(envCfg.Profile) == 0 && !envCfg.EnableSharedConfig && (envCfg.Creds.HasKeys() || userCfg.Credentials != nil) {
-			// Special case where the user has not explicitly specified an AWS_PROFILE,
-			// or session.Options.profile, shared config is not enabled, and the
-			// environment has credentials, allow the shared config file to fail to
-			// load since the user has already provided credentials, and nothing else
-			// is required to be read file. Github(aws/aws-sdk-go#2455)
-		} else if _, ok := err.(SharedConfigProfileNotExistsError); !ok {
-			return nil, err
-		}
-	}
-
-	if err := mergeConfigSrcs(cfg, userCfg, envCfg, sharedCfg, handlers, opts); err != nil {
-		return nil, err
-	}
-
-	if err := setTLSOptions(&opts, cfg, envCfg, sharedCfg); err != nil {
-		return nil, err
-	}
-
-	s := &Session{
-		Config:   cfg,
-		Handlers: handlers,
-		options:  opts,
-	}
-
-	initHandlers(s)
-
-	if csmCfg, err := loadCSMConfig(envCfg, cfgFiles); err != nil {
-		if l := s.Config.Logger; l != nil {
-			l.Log(fmt.Sprintf("ERROR: failed to load CSM configuration, %v", err))
-		}
-	} else if csmCfg.Enabled {
-		err = enableCSM(&s.Handlers, csmCfg, s.Config.Logger)
-		if err != nil {
-			return nil, err
-		}
-	}
-
-	return s, nil
-}
-
-type csmConfig struct {
-	Enabled  bool
-	Host     string
-	Port     string
-	ClientID string
-}
-
-var csmProfileName = "aws_csm"
-
-func loadCSMConfig(envCfg envConfig, cfgFiles []string) (csmConfig, error) {
-	if envCfg.CSMEnabled != nil {
-		if *envCfg.CSMEnabled {
-			return csmConfig{
-				Enabled:  true,
-				ClientID: envCfg.CSMClientID,
-				Host:     envCfg.CSMHost,
-				Port:     envCfg.CSMPort,
-			}, nil
-		}
-		return csmConfig{}, nil
-	}
-
-	sharedCfg, err := loadSharedConfig(csmProfileName, cfgFiles, false)
-	if err != nil {
-		if _, ok := err.(SharedConfigProfileNotExistsError); !ok {
-			return csmConfig{}, err
-		}
-	}
-	if sharedCfg.CSMEnabled != nil && *sharedCfg.CSMEnabled == true {
-		return csmConfig{
-			Enabled:  true,
-			ClientID: sharedCfg.CSMClientID,
-			Host:     sharedCfg.CSMHost,
-			Port:     sharedCfg.CSMPort,
-		}, nil
-	}
-
-	return csmConfig{}, nil
-}
-
-func setTLSOptions(opts *Options, cfg *aws.Config, envCfg envConfig, sharedCfg sharedConfig) error {
-	// CA Bundle can be specified in both environment variable shared config file.
-	var caBundleFilename = envCfg.CustomCABundle
-	if len(caBundleFilename) == 0 {
-		caBundleFilename = sharedCfg.CustomCABundle
-	}
-
-	// Only use environment value if session option is not provided.
-	customTLSOptions := map[string]struct {
-		filename string
-		field    *io.Reader
-		errCode  string
-	}{
-		"custom CA bundle PEM":   {filename: caBundleFilename, field: &opts.CustomCABundle, errCode: ErrCodeLoadCustomCABundle},
-		"custom client TLS cert": {filename: envCfg.ClientTLSCert, field: &opts.ClientTLSCert, errCode: ErrCodeLoadClientTLSCert},
-		"custom client TLS key":  {filename: envCfg.ClientTLSKey, field: &opts.ClientTLSKey, errCode: ErrCodeLoadClientTLSCert},
-	}
-	for name, v := range customTLSOptions {
-		if len(v.filename) != 0 && *v.field == nil {
-			f, err := os.Open(v.filename)
-			if err != nil {
-				return awserr.New(v.errCode, fmt.Sprintf("failed to open %s file", name), err)
-			}
-			defer f.Close()
-			*v.field = f
-		}
-	}
-
-	// Setup HTTP client with custom cert bundle if enabled
-	if opts.CustomCABundle != nil {
-		if err := loadCustomCABundle(cfg.HTTPClient, opts.CustomCABundle); err != nil {
-			return err
-		}
-	}
-
-	// Setup HTTP client TLS certificate and key for client TLS authentication.
-	if opts.ClientTLSCert != nil && opts.ClientTLSKey != nil {
-		if err := loadClientTLSCert(cfg.HTTPClient, opts.ClientTLSCert, opts.ClientTLSKey); err != nil {
-			return err
-		}
-	} else if opts.ClientTLSCert == nil && opts.ClientTLSKey == nil {
-		// Do nothing if neither values are available.
-
-	} else {
-		return awserr.New(ErrCodeLoadClientTLSCert,
-			fmt.Sprintf("client TLS cert(%t) and key(%t) must both be provided",
-				opts.ClientTLSCert != nil, opts.ClientTLSKey != nil), nil)
-	}
-
-	return nil
-}
-
-func getHTTPTransport(client *http.Client) (*http.Transport, error) {
-	var t *http.Transport
-	switch v := client.Transport.(type) {
-	case *http.Transport:
-		t = v
-	default:
-		if client.Transport != nil {
-			return nil, fmt.Errorf("unsupported transport, %T", client.Transport)
-		}
-	}
-	if t == nil {
-		// Nil transport implies `http.DefaultTransport` should be used. Since
-		// the SDK cannot modify, nor copy the `DefaultTransport` specifying
-		// the values the next closest behavior.
-		t = getCustomTransport()
-	}
-
-	return t, nil
-}
-
-func loadCustomCABundle(client *http.Client, bundle io.Reader) error {
-	t, err := getHTTPTransport(client)
-	if err != nil {
-		return awserr.New(ErrCodeLoadCustomCABundle,
-			"unable to load custom CA bundle, HTTPClient's transport unsupported type", err)
-	}
-
-	p, err := loadCertPool(bundle)
-	if err != nil {
-		return err
-	}
-	if t.TLSClientConfig == nil {
-		t.TLSClientConfig = &tls.Config{}
-	}
-	t.TLSClientConfig.RootCAs = p
-
-	client.Transport = t
-
-	return nil
-}
-
-func loadCertPool(r io.Reader) (*x509.CertPool, error) {
-	b, err := ioutil.ReadAll(r)
-	if err != nil {
-		return nil, awserr.New(ErrCodeLoadCustomCABundle,
-			"failed to read custom CA bundle PEM file", err)
-	}
-
-	p := x509.NewCertPool()
-	if !p.AppendCertsFromPEM(b) {
-		return nil, awserr.New(ErrCodeLoadCustomCABundle,
-			"failed to load custom CA bundle PEM file", err)
-	}
-
-	return p, nil
-}
-
-func loadClientTLSCert(client *http.Client, certFile, keyFile io.Reader) error {
-	t, err := getHTTPTransport(client)
-	if err != nil {
-		return awserr.New(ErrCodeLoadClientTLSCert,
-			"unable to get usable HTTP transport from client", err)
-	}
-
-	cert, err := ioutil.ReadAll(certFile)
-	if err != nil {
-		return awserr.New(ErrCodeLoadClientTLSCert,
-			"unable to get read client TLS cert file", err)
-	}
-
-	key, err := ioutil.ReadAll(keyFile)
-	if err != nil {
-		return awserr.New(ErrCodeLoadClientTLSCert,
-			"unable to get read client TLS key file", err)
-	}
-
-	clientCert, err := tls.X509KeyPair(cert, key)
-	if err != nil {
-		return awserr.New(ErrCodeLoadClientTLSCert,
-			"unable to load x509 key pair from client cert", err)
-	}
-
-	tlsCfg := t.TLSClientConfig
-	if tlsCfg == nil {
-		tlsCfg = &tls.Config{}
-	}
-
-	tlsCfg.Certificates = append(tlsCfg.Certificates, clientCert)
-
-	t.TLSClientConfig = tlsCfg
-	client.Transport = t
-
-	return nil
-}
-
-func mergeConfigSrcs(cfg, userCfg *aws.Config,
-	envCfg envConfig, sharedCfg sharedConfig,
-	handlers request.Handlers,
-	sessOpts Options,
-) error {
-
-	// Region if not already set by user
-	if len(aws.StringValue(cfg.Region)) == 0 {
-		if len(envCfg.Region) > 0 {
-			cfg.WithRegion(envCfg.Region)
-		} else if envCfg.EnableSharedConfig && len(sharedCfg.Region) > 0 {
-			cfg.WithRegion(sharedCfg.Region)
-		}
-	}
-
-	if cfg.EnableEndpointDiscovery == nil {
-		if envCfg.EnableEndpointDiscovery != nil {
-			cfg.WithEndpointDiscovery(*envCfg.EnableEndpointDiscovery)
-		} else if envCfg.EnableSharedConfig && sharedCfg.EnableEndpointDiscovery != nil {
-			cfg.WithEndpointDiscovery(*sharedCfg.EnableEndpointDiscovery)
-		}
-	}
-
-	// Regional Endpoint flag for STS endpoint resolving
-	mergeSTSRegionalEndpointConfig(cfg, []endpoints.STSRegionalEndpoint{
-		userCfg.STSRegionalEndpoint,
-		envCfg.STSRegionalEndpoint,
-		sharedCfg.STSRegionalEndpoint,
-		endpoints.LegacySTSEndpoint,
-	})
-
-	// Regional Endpoint flag for S3 endpoint resolving
-	mergeS3UsEast1RegionalEndpointConfig(cfg, []endpoints.S3UsEast1RegionalEndpoint{
-		userCfg.S3UsEast1RegionalEndpoint,
-		envCfg.S3UsEast1RegionalEndpoint,
-		sharedCfg.S3UsEast1RegionalEndpoint,
-		endpoints.LegacyS3UsEast1Endpoint,
-	})
-
-	var ec2IMDSEndpoint string
-	for _, v := range []string{
-		sessOpts.EC2IMDSEndpoint,
-		envCfg.EC2IMDSEndpoint,
-		sharedCfg.EC2IMDSEndpoint,
-	} {
-		if len(v) != 0 {
-			ec2IMDSEndpoint = v
-			break
-		}
-	}
-
-	var endpointMode endpoints.EC2IMDSEndpointModeState
-	for _, v := range []endpoints.EC2IMDSEndpointModeState{
-		sessOpts.EC2IMDSEndpointMode,
-		envCfg.EC2IMDSEndpointMode,
-		sharedCfg.EC2IMDSEndpointMode,
-	} {
-		if v != endpoints.EC2IMDSEndpointModeStateUnset {
-			endpointMode = v
-			break
-		}
-	}
-
-	if len(ec2IMDSEndpoint) != 0 || endpointMode != endpoints.EC2IMDSEndpointModeStateUnset {
-		cfg.EndpointResolver = wrapEC2IMDSEndpoint(cfg.EndpointResolver, ec2IMDSEndpoint, endpointMode)
-	}
-
-	cfg.S3UseARNRegion = userCfg.S3UseARNRegion
-	if cfg.S3UseARNRegion == nil {
-		cfg.S3UseARNRegion = &envCfg.S3UseARNRegion
-	}
-	if cfg.S3UseARNRegion == nil {
-		cfg.S3UseARNRegion = &sharedCfg.S3UseARNRegion
-	}
-
-	for _, v := range []endpoints.DualStackEndpointState{userCfg.UseDualStackEndpoint, envCfg.UseDualStackEndpoint, sharedCfg.UseDualStackEndpoint} {
-		if v != endpoints.DualStackEndpointStateUnset {
-			cfg.UseDualStackEndpoint = v
-			break
-		}
-	}
-
-	for _, v := range []endpoints.FIPSEndpointState{userCfg.UseFIPSEndpoint, envCfg.UseFIPSEndpoint, sharedCfg.UseFIPSEndpoint} {
-		if v != endpoints.FIPSEndpointStateUnset {
-			cfg.UseFIPSEndpoint = v
-			break
-		}
-	}
-
-	// Configure credentials if not already set by the user when creating the Session.
-	// Credentials are resolved last such that all _resolved_ config values are propagated to credential providers.
-	// ticket: P83606045
-	if cfg.Credentials == credentials.AnonymousCredentials && userCfg.Credentials == nil {
-		creds, err := resolveCredentials(cfg, envCfg, sharedCfg, handlers, sessOpts)
-		if err != nil {
-			return err
-		}
-		cfg.Credentials = creds
-	}
-
-	return nil
-}
-
-func mergeSTSRegionalEndpointConfig(cfg *aws.Config, values []endpoints.STSRegionalEndpoint) {
-	for _, v := range values {
-		if v != endpoints.UnsetSTSEndpoint {
-			cfg.STSRegionalEndpoint = v
-			break
-		}
-	}
-}
-
-func mergeS3UsEast1RegionalEndpointConfig(cfg *aws.Config, values []endpoints.S3UsEast1RegionalEndpoint) {
-	for _, v := range values {
-		if v != endpoints.UnsetS3UsEast1Endpoint {
-			cfg.S3UsEast1RegionalEndpoint = v
-			break
-		}
-	}
-}
-
-func initHandlers(s *Session) {
-	// Add the Validate parameter handler if it is not disabled.
-	s.Handlers.Validate.Remove(corehandlers.ValidateParametersHandler)
-	if !aws.BoolValue(s.Config.DisableParamValidation) {
-		s.Handlers.Validate.PushBackNamed(corehandlers.ValidateParametersHandler)
-	}
-}
-
-// Copy creates and returns a copy of the current Session, copying the config
-// and handlers. If any additional configs are provided they will be merged
-// on top of the Session's copied config.
-//
-//	// Create a copy of the current Session, configured for the us-west-2 region.
-//	sess.Copy(&aws.Config{Region: aws.String("us-west-2")})
-func (s *Session) Copy(cfgs ...*aws.Config) *Session {
-	newSession := &Session{
-		Config:   s.Config.Copy(cfgs...),
-		Handlers: s.Handlers.Copy(),
-		options:  s.options,
-	}
-
-	initHandlers(newSession)
-
-	return newSession
-}
-
-// ClientConfig satisfies the client.ConfigProvider interface and is used to
-// configure the service client instances. Passing the Session to the service
-// client's constructor (New) will use this method to configure the client.
-func (s *Session) ClientConfig(service string, cfgs ...*aws.Config) client.Config {
-	s = s.Copy(cfgs...)
-
-	resolvedRegion := normalizeRegion(s.Config)
-
-	region := aws.StringValue(s.Config.Region)
-	resolved, err := s.resolveEndpoint(service, region, resolvedRegion, s.Config)
-	if err != nil {
-		s.Handlers.Validate.PushBack(func(r *request.Request) {
-			if len(r.ClientInfo.Endpoint) != 0 {
-				// Error occurred while resolving endpoint, but the request
-				// being invoked has had an endpoint specified after the client
-				// was created.
-				return
-			}
-			r.Error = err
-		})
-	}
-
-	return client.Config{
-		Config:             s.Config,
-		Handlers:           s.Handlers,
-		PartitionID:        resolved.PartitionID,
-		Endpoint:           resolved.URL,
-		SigningRegion:      resolved.SigningRegion,
-		SigningNameDerived: resolved.SigningNameDerived,
-		SigningName:        resolved.SigningName,
-		ResolvedRegion:     resolvedRegion,
-	}
-}
-
-const ec2MetadataServiceID = "ec2metadata"
-
-func (s *Session) resolveEndpoint(service, region, resolvedRegion string, cfg *aws.Config) (endpoints.ResolvedEndpoint, error) {
-
-	if ep := aws.StringValue(cfg.Endpoint); len(ep) != 0 {
-		return endpoints.ResolvedEndpoint{
-			URL:           endpoints.AddScheme(ep, aws.BoolValue(cfg.DisableSSL)),
-			SigningRegion: region,
-		}, nil
-	}
-
-	resolved, err := cfg.EndpointResolver.EndpointFor(service, region,
-		func(opt *endpoints.Options) {
-			opt.DisableSSL = aws.BoolValue(cfg.DisableSSL)
-
-			opt.UseDualStack = aws.BoolValue(cfg.UseDualStack)
-			opt.UseDualStackEndpoint = cfg.UseDualStackEndpoint
-
-			opt.UseFIPSEndpoint = cfg.UseFIPSEndpoint
-
-			// Support for STSRegionalEndpoint where the STSRegionalEndpoint is
-			// provided in envConfig or sharedConfig with envConfig getting
-			// precedence.
-			opt.STSRegionalEndpoint = cfg.STSRegionalEndpoint
-
-			// Support for S3UsEast1RegionalEndpoint where the S3UsEast1RegionalEndpoint is
-			// provided in envConfig or sharedConfig with envConfig getting
-			// precedence.
-			opt.S3UsEast1RegionalEndpoint = cfg.S3UsEast1RegionalEndpoint
-
-			// Support the condition where the service is modeled but its
-			// endpoint metadata is not available.
-			opt.ResolveUnknownService = true
-
-			opt.ResolvedRegion = resolvedRegion
-
-			opt.Logger = cfg.Logger
-			opt.LogDeprecated = cfg.LogLevel.Matches(aws.LogDebugWithDeprecated)
-		},
-	)
-	if err != nil {
-		return endpoints.ResolvedEndpoint{}, err
-	}
-
-	return resolved, nil
-}
-
-// ClientConfigNoResolveEndpoint is the same as ClientConfig with the exception
-// that the EndpointResolver will not be used to resolve the endpoint. The only
-// endpoint set must come from the aws.Config.Endpoint field.
-func (s *Session) ClientConfigNoResolveEndpoint(cfgs ...*aws.Config) client.Config {
-	s = s.Copy(cfgs...)
-
-	resolvedRegion := normalizeRegion(s.Config)
-
-	var resolved endpoints.ResolvedEndpoint
-	if ep := aws.StringValue(s.Config.Endpoint); len(ep) > 0 {
-		resolved.URL = endpoints.AddScheme(ep, aws.BoolValue(s.Config.DisableSSL))
-		resolved.SigningRegion = aws.StringValue(s.Config.Region)
-	}
-
-	return client.Config{
-		Config:             s.Config,
-		Handlers:           s.Handlers,
-		Endpoint:           resolved.URL,
-		SigningRegion:      resolved.SigningRegion,
-		SigningNameDerived: resolved.SigningNameDerived,
-		SigningName:        resolved.SigningName,
-		ResolvedRegion:     resolvedRegion,
-	}
-}
-
-// logDeprecatedNewSessionError function enables error handling for session
-func (s *Session) logDeprecatedNewSessionError(msg string, err error, cfgs []*aws.Config) {
-	// Session creation failed, need to report the error and prevent
-	// any requests from succeeding.
-	s.Config.MergeIn(cfgs...)
-	s.Config.Logger.Log("ERROR:", msg, "Error:", err)
-	s.Handlers.Validate.PushBack(func(r *request.Request) {
-		r.Error = err
-	})
-}
-
-// normalizeRegion resolves / normalizes the configured region (converts pseudo fips regions), and modifies the provided
-// config to have the equivalent options for resolution and returns the resolved region name.
-func normalizeRegion(cfg *aws.Config) (resolved string) {
-	const fipsInfix = "-fips-"
-	const fipsPrefix = "-fips"
-	const fipsSuffix = "fips-"
-
-	region := aws.StringValue(cfg.Region)
-
-	if strings.Contains(region, fipsInfix) ||
-		strings.Contains(region, fipsPrefix) ||
-		strings.Contains(region, fipsSuffix) {
-		resolved = strings.Replace(strings.Replace(strings.Replace(
-			region, fipsInfix, "-", -1), fipsPrefix, "", -1), fipsSuffix, "", -1)
-		cfg.UseFIPSEndpoint = endpoints.FIPSEndpointStateEnabled
-	}
-
-	return resolved
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go b/vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go
deleted file mode 100644
index 424c82b4d..000000000
--- a/vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go
+++ /dev/null
@@ -1,729 +0,0 @@
-package session
-
-import (
-	"fmt"
-	"strings"
-	"time"
-
-	"github.com/aws/aws-sdk-go/aws/awserr"
-	"github.com/aws/aws-sdk-go/aws/credentials"
-	"github.com/aws/aws-sdk-go/aws/endpoints"
-	"github.com/aws/aws-sdk-go/internal/ini"
-)
-
-const (
-	// Static Credentials group
-	accessKeyIDKey  = `aws_access_key_id`     // group required
-	secretAccessKey = `aws_secret_access_key` // group required
-	sessionTokenKey = `aws_session_token`     // optional
-
-	// Assume Role Credentials group
-	roleArnKey             = `role_arn`          // group required
-	sourceProfileKey       = `source_profile`    // group required (or credential_source)
-	credentialSourceKey    = `credential_source` // group required (or source_profile)
-	externalIDKey          = `external_id`       // optional
-	mfaSerialKey           = `mfa_serial`        // optional
-	roleSessionNameKey     = `role_session_name` // optional
-	roleDurationSecondsKey = "duration_seconds"  // optional
-
-	// AWS Single Sign-On (AWS SSO) group
-	ssoAccountIDKey = "sso_account_id"
-	ssoRegionKey    = "sso_region"
-	ssoRoleNameKey  = "sso_role_name"
-	ssoStartURL     = "sso_start_url"
-
-	// CSM options
-	csmEnabledKey  = `csm_enabled`
-	csmHostKey     = `csm_host`
-	csmPortKey     = `csm_port`
-	csmClientIDKey = `csm_client_id`
-
-	// Additional Config fields
-	regionKey = `region`
-
-	// custom CA Bundle filename
-	customCABundleKey = `ca_bundle`
-
-	// endpoint discovery group
-	enableEndpointDiscoveryKey = `endpoint_discovery_enabled` // optional
-
-	// External Credential Process
-	credentialProcessKey = `credential_process` // optional
-
-	// Web Identity Token File
-	webIdentityTokenFileKey = `web_identity_token_file` // optional
-
-	// Additional config fields for regional or legacy endpoints
-	stsRegionalEndpointSharedKey = `sts_regional_endpoints`
-
-	// Additional config fields for regional or legacy endpoints
-	s3UsEast1RegionalSharedKey = `s3_us_east_1_regional_endpoint`
-
-	// DefaultSharedConfigProfile is the default profile to be used when
-	// loading configuration from the config files if another profile name
-	// is not provided.
-	DefaultSharedConfigProfile = `default`
-
-	// S3 ARN Region Usage
-	s3UseARNRegionKey = "s3_use_arn_region"
-
-	// EC2 IMDS Endpoint Mode
-	ec2MetadataServiceEndpointModeKey = "ec2_metadata_service_endpoint_mode"
-
-	// EC2 IMDS Endpoint
-	ec2MetadataServiceEndpointKey = "ec2_metadata_service_endpoint"
-
-	// Use DualStack Endpoint Resolution
-	useDualStackEndpoint = "use_dualstack_endpoint"
-
-	// Use FIPS Endpoint Resolution
-	useFIPSEndpointKey = "use_fips_endpoint"
-)
-
-// sharedConfig represents the configuration fields of the SDK config files.
-type sharedConfig struct {
-	Profile string
-
-	// Credentials values from the config file. Both aws_access_key_id and
-	// aws_secret_access_key must be provided together in the same file to be
-	// considered valid. The values will be ignored if not a complete group.
-	// aws_session_token is an optional field that can be provided if both of
-	// the other two fields are also provided.
-	//
-	//	aws_access_key_id
-	//	aws_secret_access_key
-	//	aws_session_token
-	Creds credentials.Value
-
-	CredentialSource     string
-	CredentialProcess    string
-	WebIdentityTokenFile string
-
-	SSOAccountID string
-	SSORegion    string
-	SSORoleName  string
-	SSOStartURL  string
-
-	RoleARN            string
-	RoleSessionName    string
-	ExternalID         string
-	MFASerial          string
-	AssumeRoleDuration *time.Duration
-
-	SourceProfileName string
-	SourceProfile     *sharedConfig
-
-	// Region is the region the SDK should use for looking up AWS service
-	// endpoints and signing requests.
-	//
-	//	region
-	Region string
-
-	// CustomCABundle is the file path to a PEM file the SDK will read and
-	// use to configure the HTTP transport with additional CA certs that are
-	// not present in the platforms default CA store.
-	//
-	// This value will be ignored if the file does not exist.
-	//
-	//  ca_bundle
-	CustomCABundle string
-
-	// EnableEndpointDiscovery can be enabled in the shared config by setting
-	// endpoint_discovery_enabled to true
-	//
-	//	endpoint_discovery_enabled = true
-	EnableEndpointDiscovery *bool
-
-	// CSM Options
-	CSMEnabled  *bool
-	CSMHost     string
-	CSMPort     string
-	CSMClientID string
-
-	// Specifies the Regional Endpoint flag for the SDK to resolve the endpoint for a service
-	//
-	// sts_regional_endpoints = regional
-	// This can take value as `LegacySTSEndpoint` or `RegionalSTSEndpoint`
-	STSRegionalEndpoint endpoints.STSRegionalEndpoint
-
-	// Specifies the Regional Endpoint flag for the SDK to resolve the endpoint for a service
-	//
-	// s3_us_east_1_regional_endpoint = regional
-	// This can take value as `LegacyS3UsEast1Endpoint` or `RegionalS3UsEast1Endpoint`
-	S3UsEast1RegionalEndpoint endpoints.S3UsEast1RegionalEndpoint
-
-	// Specifies if the S3 service should allow ARNs to direct the region
-	// the client's requests are sent to.
-	//
-	// s3_use_arn_region=true
-	S3UseARNRegion bool
-
-	// Specifies the EC2 Instance Metadata Service default endpoint selection mode (IPv4 or IPv6)
-	//
-	// ec2_metadata_service_endpoint_mode=IPv6
-	EC2IMDSEndpointMode endpoints.EC2IMDSEndpointModeState
-
-	// Specifies the EC2 Instance Metadata Service endpoint to use. If specified it overrides EC2IMDSEndpointMode.
-	//
-	// ec2_metadata_service_endpoint=http://fd00:ec2::254
-	EC2IMDSEndpoint string
-
-	// Specifies that SDK clients must resolve a dual-stack endpoint for
-	// services.
-	//
-	// use_dualstack_endpoint=true
-	UseDualStackEndpoint endpoints.DualStackEndpointState
-
-	// Specifies that SDK clients must resolve a FIPS endpoint for
-	// services.
-	//
-	// use_fips_endpoint=true
-	UseFIPSEndpoint endpoints.FIPSEndpointState
-}
-
-type sharedConfigFile struct {
-	Filename string
-	IniData  ini.Sections
-}
-
-// loadSharedConfig retrieves the configuration from the list of files using
-// the profile provided. The order the files are listed will determine
-// precedence. Values in subsequent files will overwrite values defined in
-// earlier files.
-//
-// For example, given two files A and B. Both define credentials. If the order
-// of the files are A then B, B's credential values will be used instead of
-// A's.
-//
-// See sharedConfig.setFromFile for information how the config files
-// will be loaded.
-func loadSharedConfig(profile string, filenames []string, exOpts bool) (sharedConfig, error) {
-	if len(profile) == 0 {
-		profile = DefaultSharedConfigProfile
-	}
-
-	files, err := loadSharedConfigIniFiles(filenames)
-	if err != nil {
-		return sharedConfig{}, err
-	}
-
-	cfg := sharedConfig{}
-	profiles := map[string]struct{}{}
-	if err = cfg.setFromIniFiles(profiles, profile, files, exOpts); err != nil {
-		return sharedConfig{}, err
-	}
-
-	return cfg, nil
-}
-
-func loadSharedConfigIniFiles(filenames []string) ([]sharedConfigFile, error) {
-	files := make([]sharedConfigFile, 0, len(filenames))
-
-	for _, filename := range filenames {
-		sections, err := ini.OpenFile(filename)
-		if aerr, ok := err.(awserr.Error); ok && aerr.Code() == ini.ErrCodeUnableToReadFile {
-			// Skip files which can't be opened and read for whatever reason
-			continue
-		} else if err != nil {
-			return nil, SharedConfigLoadError{Filename: filename, Err: err}
-		}
-
-		files = append(files, sharedConfigFile{
-			Filename: filename, IniData: sections,
-		})
-	}
-
-	return files, nil
-}
-
-func (cfg *sharedConfig) setFromIniFiles(profiles map[string]struct{}, profile string, files []sharedConfigFile, exOpts bool) error {
-	cfg.Profile = profile
-
-	// Trim files from the list that don't exist.
-	var skippedFiles int
-	var profileNotFoundErr error
-	for _, f := range files {
-		if err := cfg.setFromIniFile(profile, f, exOpts); err != nil {
-			if _, ok := err.(SharedConfigProfileNotExistsError); ok {
-				// Ignore profiles not defined in individual files.
-				profileNotFoundErr = err
-				skippedFiles++
-				continue
-			}
-			return err
-		}
-	}
-	if skippedFiles == len(files) {
-		// If all files were skipped because the profile is not found, return
-		// the original profile not found error.
-		return profileNotFoundErr
-	}
-
-	if _, ok := profiles[profile]; ok {
-		// if this is the second instance of the profile the Assume Role
-		// options must be cleared because they are only valid for the
-		// first reference of a profile. The self linked instance of the
-		// profile only have credential provider options.
-		cfg.clearAssumeRoleOptions()
-	} else {
-		// First time a profile has been seen, It must either be a assume role
-		// credentials, or SSO. Assert if the credential type requires a role ARN,
-		// the ARN is also set, or validate that the SSO configuration is complete.
-		if err := cfg.validateCredentialsConfig(profile); err != nil {
-			return err
-		}
-	}
-	profiles[profile] = struct{}{}
-
-	if err := cfg.validateCredentialType(); err != nil {
-		return err
-	}
-
-	// Link source profiles for assume roles
-	if len(cfg.SourceProfileName) != 0 {
-		// Linked profile via source_profile ignore credential provider
-		// options, the source profile must provide the credentials.
-		cfg.clearCredentialOptions()
-
-		srcCfg := &sharedConfig{}
-		err := srcCfg.setFromIniFiles(profiles, cfg.SourceProfileName, files, exOpts)
-		if err != nil {
-			// SourceProfile that doesn't exist is an error in configuration.
-			if _, ok := err.(SharedConfigProfileNotExistsError); ok {
-				err = SharedConfigAssumeRoleError{
-					RoleARN:       cfg.RoleARN,
-					SourceProfile: cfg.SourceProfileName,
-				}
-			}
-			return err
-		}
-
-		if !srcCfg.hasCredentials() {
-			return SharedConfigAssumeRoleError{
-				RoleARN:       cfg.RoleARN,
-				SourceProfile: cfg.SourceProfileName,
-			}
-		}
-
-		cfg.SourceProfile = srcCfg
-	}
-
-	return nil
-}
-
-// setFromFile loads the configuration from the file using the profile
-// provided. A sharedConfig pointer type value is used so that multiple config
-// file loadings can be chained.
-//
-// Only loads complete logically grouped values, and will not set fields in cfg
-// for incomplete grouped values in the config. Such as credentials. For
-// example if a config file only includes aws_access_key_id but no
-// aws_secret_access_key the aws_access_key_id will be ignored.
-func (cfg *sharedConfig) setFromIniFile(profile string, file sharedConfigFile, exOpts bool) error {
-	section, ok := file.IniData.GetSection(profile)
-	if !ok {
-		// Fallback to to alternate profile name: profile <name>
-		section, ok = file.IniData.GetSection(fmt.Sprintf("profile %s", profile))
-		if !ok {
-			return SharedConfigProfileNotExistsError{Profile: profile, Err: nil}
-		}
-	}
-
-	if exOpts {
-		// Assume Role Parameters
-		updateString(&cfg.RoleARN, section, roleArnKey)
-		updateString(&cfg.ExternalID, section, externalIDKey)
-		updateString(&cfg.MFASerial, section, mfaSerialKey)
-		updateString(&cfg.RoleSessionName, section, roleSessionNameKey)
-		updateString(&cfg.SourceProfileName, section, sourceProfileKey)
-		updateString(&cfg.CredentialSource, section, credentialSourceKey)
-		updateString(&cfg.Region, section, regionKey)
-		updateString(&cfg.CustomCABundle, section, customCABundleKey)
-
-		if section.Has(roleDurationSecondsKey) {
-			d := time.Duration(section.Int(roleDurationSecondsKey)) * time.Second
-			cfg.AssumeRoleDuration = &d
-		}
-
-		if v := section.String(stsRegionalEndpointSharedKey); len(v) != 0 {
-			sre, err := endpoints.GetSTSRegionalEndpoint(v)
-			if err != nil {
-				return fmt.Errorf("failed to load %s from shared config, %s, %v",
-					stsRegionalEndpointSharedKey, file.Filename, err)
-			}
-			cfg.STSRegionalEndpoint = sre
-		}
-
-		if v := section.String(s3UsEast1RegionalSharedKey); len(v) != 0 {
-			sre, err := endpoints.GetS3UsEast1RegionalEndpoint(v)
-			if err != nil {
-				return fmt.Errorf("failed to load %s from shared config, %s, %v",
-					s3UsEast1RegionalSharedKey, file.Filename, err)
-			}
-			cfg.S3UsEast1RegionalEndpoint = sre
-		}
-
-		// AWS Single Sign-On (AWS SSO)
-		updateString(&cfg.SSOAccountID, section, ssoAccountIDKey)
-		updateString(&cfg.SSORegion, section, ssoRegionKey)
-		updateString(&cfg.SSORoleName, section, ssoRoleNameKey)
-		updateString(&cfg.SSOStartURL, section, ssoStartURL)
-
-		if err := updateEC2MetadataServiceEndpointMode(&cfg.EC2IMDSEndpointMode, section, ec2MetadataServiceEndpointModeKey); err != nil {
-			return fmt.Errorf("failed to load %s from shared config, %s, %v",
-				ec2MetadataServiceEndpointModeKey, file.Filename, err)
-		}
-		updateString(&cfg.EC2IMDSEndpoint, section, ec2MetadataServiceEndpointKey)
-
-		updateUseDualStackEndpoint(&cfg.UseDualStackEndpoint, section, useDualStackEndpoint)
-
-		updateUseFIPSEndpoint(&cfg.UseFIPSEndpoint, section, useFIPSEndpointKey)
-	}
-
-	updateString(&cfg.CredentialProcess, section, credentialProcessKey)
-	updateString(&cfg.WebIdentityTokenFile, section, webIdentityTokenFileKey)
-
-	// Shared Credentials
-	creds := credentials.Value{
-		AccessKeyID:     section.String(accessKeyIDKey),
-		SecretAccessKey: section.String(secretAccessKey),
-		SessionToken:    section.String(sessionTokenKey),
-		ProviderName:    fmt.Sprintf("SharedConfigCredentials: %s", file.Filename),
-	}
-	if creds.HasKeys() {
-		cfg.Creds = creds
-	}
-
-	// Endpoint discovery
-	updateBoolPtr(&cfg.EnableEndpointDiscovery, section, enableEndpointDiscoveryKey)
-
-	// CSM options
-	updateBoolPtr(&cfg.CSMEnabled, section, csmEnabledKey)
-	updateString(&cfg.CSMHost, section, csmHostKey)
-	updateString(&cfg.CSMPort, section, csmPortKey)
-	updateString(&cfg.CSMClientID, section, csmClientIDKey)
-
-	updateBool(&cfg.S3UseARNRegion, section, s3UseARNRegionKey)
-
-	return nil
-}
-
-func updateEC2MetadataServiceEndpointMode(endpointMode *endpoints.EC2IMDSEndpointModeState, section ini.Section, key string) error {
-	if !section.Has(key) {
-		return nil
-	}
-	value := section.String(key)
-	return endpointMode.SetFromString(value)
-}
-
-func (cfg *sharedConfig) validateCredentialsConfig(profile string) error {
-	if err := cfg.validateCredentialsRequireARN(profile); err != nil {
-		return err
-	}
-
-	return nil
-}
-
-func (cfg *sharedConfig) validateCredentialsRequireARN(profile string) error {
-	var credSource string
-
-	switch {
-	case len(cfg.SourceProfileName) != 0:
-		credSource = sourceProfileKey
-	case len(cfg.CredentialSource) != 0:
-		credSource = credentialSourceKey
-	case len(cfg.WebIdentityTokenFile) != 0:
-		credSource = webIdentityTokenFileKey
-	}
-
-	if len(credSource) != 0 && len(cfg.RoleARN) == 0 {
-		return CredentialRequiresARNError{
-			Type:    credSource,
-			Profile: profile,
-		}
-	}
-
-	return nil
-}
-
-func (cfg *sharedConfig) validateCredentialType() error {
-	// Only one or no credential type can be defined.
-	if !oneOrNone(
-		len(cfg.SourceProfileName) != 0,
-		len(cfg.CredentialSource) != 0,
-		len(cfg.CredentialProcess) != 0,
-		len(cfg.WebIdentityTokenFile) != 0,
-	) {
-		return ErrSharedConfigSourceCollision
-	}
-
-	return nil
-}
-
-func (cfg *sharedConfig) validateSSOConfiguration() error {
-	if !cfg.hasSSOConfiguration() {
-		return nil
-	}
-
-	var missing []string
-	if len(cfg.SSOAccountID) == 0 {
-		missing = append(missing, ssoAccountIDKey)
-	}
-
-	if len(cfg.SSORegion) == 0 {
-		missing = append(missing, ssoRegionKey)
-	}
-
-	if len(cfg.SSORoleName) == 0 {
-		missing = append(missing, ssoRoleNameKey)
-	}
-
-	if len(cfg.SSOStartURL) == 0 {
-		missing = append(missing, ssoStartURL)
-	}
-
-	if len(missing) > 0 {
-		return fmt.Errorf("profile %q is configured to use SSO but is missing required configuration: %s",
-			cfg.Profile, strings.Join(missing, ", "))
-	}
-
-	return nil
-}
-
-func (cfg *sharedConfig) hasCredentials() bool {
-	switch {
-	case len(cfg.SourceProfileName) != 0:
-	case len(cfg.CredentialSource) != 0:
-	case len(cfg.CredentialProcess) != 0:
-	case len(cfg.WebIdentityTokenFile) != 0:
-	case cfg.hasSSOConfiguration():
-	case cfg.Creds.HasKeys():
-	default:
-		return false
-	}
-
-	return true
-}
-
-func (cfg *sharedConfig) clearCredentialOptions() {
-	cfg.CredentialSource = ""
-	cfg.CredentialProcess = ""
-	cfg.WebIdentityTokenFile = ""
-	cfg.Creds = credentials.Value{}
-	cfg.SSOAccountID = ""
-	cfg.SSORegion = ""
-	cfg.SSORoleName = ""
-	cfg.SSOStartURL = ""
-}
-
-func (cfg *sharedConfig) clearAssumeRoleOptions() {
-	cfg.RoleARN = ""
-	cfg.ExternalID = ""
-	cfg.MFASerial = ""
-	cfg.RoleSessionName = ""
-	cfg.SourceProfileName = ""
-}
-
-func (cfg *sharedConfig) hasSSOConfiguration() bool {
-	switch {
-	case len(cfg.SSOAccountID) != 0:
-	case len(cfg.SSORegion) != 0:
-	case len(cfg.SSORoleName) != 0:
-	case len(cfg.SSOStartURL) != 0:
-	default:
-		return false
-	}
-	return true
-}
-
-func oneOrNone(bs ...bool) bool {
-	var count int
-
-	for _, b := range bs {
-		if b {
-			count++
-			if count > 1 {
-				return false
-			}
-		}
-	}
-
-	return true
-}
-
-// updateString will only update the dst with the value in the section key, key
-// is present in the section.
-func updateString(dst *string, section ini.Section, key string) {
-	if !section.Has(key) {
-		return
-	}
-	*dst = section.String(key)
-}
-
-// updateBool will only update the dst with the value in the section key, key
-// is present in the section.
-func updateBool(dst *bool, section ini.Section, key string) {
-	if !section.Has(key) {
-		return
-	}
-	*dst = section.Bool(key)
-}
-
-// updateBoolPtr will only update the dst with the value in the section key,
-// key is present in the section.
-func updateBoolPtr(dst **bool, section ini.Section, key string) {
-	if !section.Has(key) {
-		return
-	}
-	*dst = new(bool)
-	**dst = section.Bool(key)
-}
-
-// SharedConfigLoadError is an error for the shared config file failed to load.
-type SharedConfigLoadError struct {
-	Filename string
-	Err      error
-}
-
-// Code is the short id of the error.
-func (e SharedConfigLoadError) Code() string {
-	return "SharedConfigLoadError"
-}
-
-// Message is the description of the error
-func (e SharedConfigLoadError) Message() string {
-	return fmt.Sprintf("failed to load config file, %s", e.Filename)
-}
-
-// OrigErr is the underlying error that caused the failure.
-func (e SharedConfigLoadError) OrigErr() error {
-	return e.Err
-}
-
-// Error satisfies the error interface.
-func (e SharedConfigLoadError) Error() string {
-	return awserr.SprintError(e.Code(), e.Message(), "", e.Err)
-}
-
-// SharedConfigProfileNotExistsError is an error for the shared config when
-// the profile was not find in the config file.
-type SharedConfigProfileNotExistsError struct {
-	Profile string
-	Err     error
-}
-
-// Code is the short id of the error.
-func (e SharedConfigProfileNotExistsError) Code() string {
-	return "SharedConfigProfileNotExistsError"
-}
-
-// Message is the description of the error
-func (e SharedConfigProfileNotExistsError) Message() string {
-	return fmt.Sprintf("failed to get profile, %s", e.Profile)
-}
-
-// OrigErr is the underlying error that caused the failure.
-func (e SharedConfigProfileNotExistsError) OrigErr() error {
-	return e.Err
-}
-
-// Error satisfies the error interface.
-func (e SharedConfigProfileNotExistsError) Error() string {
-	return awserr.SprintError(e.Code(), e.Message(), "", e.Err)
-}
-
-// SharedConfigAssumeRoleError is an error for the shared config when the
-// profile contains assume role information, but that information is invalid
-// or not complete.
-type SharedConfigAssumeRoleError struct {
-	RoleARN       string
-	SourceProfile string
-}
-
-// Code is the short id of the error.
-func (e SharedConfigAssumeRoleError) Code() string {
-	return "SharedConfigAssumeRoleError"
-}
-
-// Message is the description of the error
-func (e SharedConfigAssumeRoleError) Message() string {
-	return fmt.Sprintf(
-		"failed to load assume role for %s, source profile %s has no shared credentials",
-		e.RoleARN, e.SourceProfile,
-	)
-}
-
-// OrigErr is the underlying error that caused the failure.
-func (e SharedConfigAssumeRoleError) OrigErr() error {
-	return nil
-}
-
-// Error satisfies the error interface.
-func (e SharedConfigAssumeRoleError) Error() string {
-	return awserr.SprintError(e.Code(), e.Message(), "", nil)
-}
-
-// CredentialRequiresARNError provides the error for shared config credentials
-// that are incorrectly configured in the shared config or credentials file.
-type CredentialRequiresARNError struct {
-	// type of credentials that were configured.
-	Type string
-
-	// Profile name the credentials were in.
-	Profile string
-}
-
-// Code is the short id of the error.
-func (e CredentialRequiresARNError) Code() string {
-	return "CredentialRequiresARNError"
-}
-
-// Message is the description of the error
-func (e CredentialRequiresARNError) Message() string {
-	return fmt.Sprintf(
-		"credential type %s requires role_arn, profile %s",
-		e.Type, e.Profile,
-	)
-}
-
-// OrigErr is the underlying error that caused the failure.
-func (e CredentialRequiresARNError) OrigErr() error {
-	return nil
-}
-
-// Error satisfies the error interface.
-func (e CredentialRequiresARNError) Error() string {
-	return awserr.SprintError(e.Code(), e.Message(), "", nil)
-}
-
-// updateEndpointDiscoveryType will only update the dst with the value in the section, if
-// a valid key and corresponding EndpointDiscoveryType is found.
-func updateUseDualStackEndpoint(dst *endpoints.DualStackEndpointState, section ini.Section, key string) {
-	if !section.Has(key) {
-		return
-	}
-
-	if section.Bool(key) {
-		*dst = endpoints.DualStackEndpointStateEnabled
-	} else {
-		*dst = endpoints.DualStackEndpointStateDisabled
-	}
-
-	return
-}
-
-// updateEndpointDiscoveryType will only update the dst with the value in the section, if
-// a valid key and corresponding EndpointDiscoveryType is found.
-func updateUseFIPSEndpoint(dst *endpoints.FIPSEndpointState, section ini.Section, key string) {
-	if !section.Has(key) {
-		return
-	}
-
-	if section.Bool(key) {
-		*dst = endpoints.FIPSEndpointStateEnabled
-	} else {
-		*dst = endpoints.FIPSEndpointStateDisabled
-	}
-
-	return
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/header_rules.go b/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/header_rules.go
deleted file mode 100644
index 993753831..000000000
--- a/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/header_rules.go
+++ /dev/null
@@ -1,81 +0,0 @@
-package v4
-
-import (
-	"github.com/aws/aws-sdk-go/internal/strings"
-)
-
-// validator houses a set of rule needed for validation of a
-// string value
-type rules []rule
-
-// rule interface allows for more flexible rules and just simply
-// checks whether or not a value adheres to that rule
-type rule interface {
-	IsValid(value string) bool
-}
-
-// IsValid will iterate through all rules and see if any rules
-// apply to the value and supports nested rules
-func (r rules) IsValid(value string) bool {
-	for _, rule := range r {
-		if rule.IsValid(value) {
-			return true
-		}
-	}
-	return false
-}
-
-// mapRule generic rule for maps
-type mapRule map[string]struct{}
-
-// IsValid for the map rule satisfies whether it exists in the map
-func (m mapRule) IsValid(value string) bool {
-	_, ok := m[value]
-	return ok
-}
-
-// allowList is a generic rule for allow listing
-type allowList struct {
-	rule
-}
-
-// IsValid for allow list checks if the value is within the allow list
-func (w allowList) IsValid(value string) bool {
-	return w.rule.IsValid(value)
-}
-
-// excludeList is a generic rule for exclude listing
-type excludeList struct {
-	rule
-}
-
-// IsValid for exclude list checks if the value is within the exclude list
-func (b excludeList) IsValid(value string) bool {
-	return !b.rule.IsValid(value)
-}
-
-type patterns []string
-
-// IsValid for patterns checks each pattern and returns if a match has
-// been found
-func (p patterns) IsValid(value string) bool {
-	for _, pattern := range p {
-		if strings.HasPrefixFold(value, pattern) {
-			return true
-		}
-	}
-	return false
-}
-
-// inclusiveRules rules allow for rules to depend on one another
-type inclusiveRules []rule
-
-// IsValid will return true if all rules are true
-func (r inclusiveRules) IsValid(value string) bool {
-	for _, rule := range r {
-		if !rule.IsValid(value) {
-			return false
-		}
-	}
-	return true
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/options.go b/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/options.go
deleted file mode 100644
index 6aa2ed241..000000000
--- a/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/options.go
+++ /dev/null
@@ -1,7 +0,0 @@
-package v4
-
-// WithUnsignedPayload will enable and set the UnsignedPayload field to
-// true of the signer.
-func WithUnsignedPayload(v4 *Signer) {
-	v4.UnsignedPayload = true
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/request_context_go1.5.go b/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/request_context_go1.5.go
deleted file mode 100644
index cf672b6ac..000000000
--- a/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/request_context_go1.5.go
+++ /dev/null
@@ -1,14 +0,0 @@
-//go:build !go1.7
-// +build !go1.7
-
-package v4
-
-import (
-	"net/http"
-
-	"github.com/aws/aws-sdk-go/aws"
-)
-
-func requestContext(r *http.Request) aws.Context {
-	return aws.BackgroundContext()
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/request_context_go1.7.go b/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/request_context_go1.7.go
deleted file mode 100644
index 21fe74e6f..000000000
--- a/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/request_context_go1.7.go
+++ /dev/null
@@ -1,14 +0,0 @@
-//go:build go1.7
-// +build go1.7
-
-package v4
-
-import (
-	"net/http"
-
-	"github.com/aws/aws-sdk-go/aws"
-)
-
-func requestContext(r *http.Request) aws.Context {
-	return r.Context()
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/stream.go b/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/stream.go
deleted file mode 100644
index 02cbd97e2..000000000
--- a/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/stream.go
+++ /dev/null
@@ -1,63 +0,0 @@
-package v4
-
-import (
-	"encoding/hex"
-	"strings"
-	"time"
-
-	"github.com/aws/aws-sdk-go/aws/credentials"
-)
-
-type credentialValueProvider interface {
-	Get() (credentials.Value, error)
-}
-
-// StreamSigner implements signing of event stream encoded payloads
-type StreamSigner struct {
-	region  string
-	service string
-
-	credentials credentialValueProvider
-
-	prevSig []byte
-}
-
-// NewStreamSigner creates a SigV4 signer used to sign Event Stream encoded messages
-func NewStreamSigner(region, service string, seedSignature []byte, credentials *credentials.Credentials) *StreamSigner {
-	return &StreamSigner{
-		region:      region,
-		service:     service,
-		credentials: credentials,
-		prevSig:     seedSignature,
-	}
-}
-
-// GetSignature takes an event stream encoded headers and payload and returns a signature
-func (s *StreamSigner) GetSignature(headers, payload []byte, date time.Time) ([]byte, error) {
-	credValue, err := s.credentials.Get()
-	if err != nil {
-		return nil, err
-	}
-
-	sigKey := deriveSigningKey(s.region, s.service, credValue.SecretAccessKey, date)
-
-	keyPath := buildSigningScope(s.region, s.service, date)
-
-	stringToSign := buildEventStreamStringToSign(headers, payload, s.prevSig, keyPath, date)
-
-	signature := hmacSHA256(sigKey, []byte(stringToSign))
-	s.prevSig = signature
-
-	return signature, nil
-}
-
-func buildEventStreamStringToSign(headers, payload, prevSig []byte, scope string, date time.Time) string {
-	return strings.Join([]string{
-		"AWS4-HMAC-SHA256-PAYLOAD",
-		formatTime(date),
-		scope,
-		hex.EncodeToString(prevSig),
-		hex.EncodeToString(hashSHA256(headers)),
-		hex.EncodeToString(hashSHA256(payload)),
-	}, "\n")
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/uri_path.go b/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/uri_path.go
deleted file mode 100644
index 7711ec737..000000000
--- a/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/uri_path.go
+++ /dev/null
@@ -1,25 +0,0 @@
-//go:build go1.5
-// +build go1.5
-
-package v4
-
-import (
-	"net/url"
-	"strings"
-)
-
-func getURIPath(u *url.URL) string {
-	var uri string
-
-	if len(u.Opaque) > 0 {
-		uri = "/" + strings.Join(strings.Split(u.Opaque, "/")[3:], "/")
-	} else {
-		uri = u.EscapedPath()
-	}
-
-	if len(uri) == 0 {
-		uri = "/"
-	}
-
-	return uri
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/v4.go b/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/v4.go
deleted file mode 100644
index 0240bd0be..000000000
--- a/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/v4.go
+++ /dev/null
@@ -1,855 +0,0 @@
-// Package v4 implements signing for AWS V4 signer
-//
-// Provides request signing for request that need to be signed with
-// AWS V4 Signatures.
-//
-// # Standalone Signer
-//
-// Generally using the signer outside of the SDK should not require any additional
-// logic when using Go v1.5 or higher. The signer does this by taking advantage
-// of the URL.EscapedPath method. If your request URI requires additional escaping
-// you many need to use the URL.Opaque to define what the raw URI should be sent
-// to the service as.
-//
-// The signer will first check the URL.Opaque field, and use its value if set.
-// The signer does require the URL.Opaque field to be set in the form of:
-//
-//	"//<hostname>/<path>"
-//
-//	// e.g.
-//	"//example.com/some/path"
-//
-// The leading "//" and hostname are required or the URL.Opaque escaping will
-// not work correctly.
-//
-// If URL.Opaque is not set the signer will fallback to the URL.EscapedPath()
-// method and using the returned value. If you're using Go v1.4 you must set
-// URL.Opaque if the URI path needs escaping. If URL.Opaque is not set with
-// Go v1.5 the signer will fallback to URL.Path.
-//
-// AWS v4 signature validation requires that the canonical string's URI path
-// element must be the URI escaped form of the HTTP request's path.
-// http://docs.aws.amazon.com/general/latest/gr/sigv4-create-canonical-request.html
-//
-// The Go HTTP client will perform escaping automatically on the request. Some
-// of these escaping may cause signature validation errors because the HTTP
-// request differs from the URI path or query that the signature was generated.
-// https://golang.org/pkg/net/url/#URL.EscapedPath
-//
-// Because of this, it is recommended that when using the signer outside of the
-// SDK that explicitly escaping the request prior to being signed is preferable,
-// and will help prevent signature validation errors. This can be done by setting
-// the URL.Opaque or URL.RawPath. The SDK will use URL.Opaque first and then
-// call URL.EscapedPath() if Opaque is not set.
-//
-// If signing a request intended for HTTP2 server, and you're using Go 1.6.2
-// through 1.7.4 you should use the URL.RawPath as the pre-escaped form of the
-// request URL. https://github.com/golang/go/issues/16847 points to a bug in
-// Go pre 1.8 that fails to make HTTP2 requests using absolute URL in the HTTP
-// message. URL.Opaque generally will force Go to make requests with absolute URL.
-// URL.RawPath does not do this, but RawPath must be a valid escaping of Path
-// or url.EscapedPath will ignore the RawPath escaping.
-//
-// Test `TestStandaloneSign` provides a complete example of using the signer
-// outside of the SDK and pre-escaping the URI path.
-package v4
-
-import (
-	"crypto/hmac"
-	"crypto/sha256"
-	"encoding/hex"
-	"fmt"
-	"io"
-	"io/ioutil"
-	"net/http"
-	"net/url"
-	"sort"
-	"strconv"
-	"strings"
-	"time"
-
-	"github.com/aws/aws-sdk-go/aws"
-	"github.com/aws/aws-sdk-go/aws/credentials"
-	"github.com/aws/aws-sdk-go/aws/request"
-	"github.com/aws/aws-sdk-go/internal/sdkio"
-	"github.com/aws/aws-sdk-go/private/protocol/rest"
-)
-
-const (
-	authorizationHeader     = "Authorization"
-	authHeaderSignatureElem = "Signature="
-	signatureQueryKey       = "X-Amz-Signature"
-
-	authHeaderPrefix = "AWS4-HMAC-SHA256"
-	timeFormat       = "20060102T150405Z"
-	shortTimeFormat  = "20060102"
-	awsV4Request     = "aws4_request"
-
-	// emptyStringSHA256 is a SHA256 of an empty string
-	emptyStringSHA256 = `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
-)
-
-var ignoredHeaders = rules{
-	excludeList{
-		mapRule{
-			authorizationHeader: struct{}{},
-			"User-Agent":        struct{}{},
-			"X-Amzn-Trace-Id":   struct{}{},
-		},
-	},
-}
-
-// requiredSignedHeaders is a allow list for build canonical headers.
-var requiredSignedHeaders = rules{
-	allowList{
-		mapRule{
-			"Cache-Control":                         struct{}{},
-			"Content-Disposition":                   struct{}{},
-			"Content-Encoding":                      struct{}{},
-			"Content-Language":                      struct{}{},
-			"Content-Md5":                           struct{}{},
-			"Content-Type":                          struct{}{},
-			"Expires":                               struct{}{},
-			"If-Match":                              struct{}{},
-			"If-Modified-Since":                     struct{}{},
-			"If-None-Match":                         struct{}{},
-			"If-Unmodified-Since":                   struct{}{},
-			"Range":                                 struct{}{},
-			"X-Amz-Acl":                             struct{}{},
-			"X-Amz-Copy-Source":                     struct{}{},
-			"X-Amz-Copy-Source-If-Match":            struct{}{},
-			"X-Amz-Copy-Source-If-Modified-Since":   struct{}{},
-			"X-Amz-Copy-Source-If-None-Match":       struct{}{},
-			"X-Amz-Copy-Source-If-Unmodified-Since": struct{}{},
-			"X-Amz-Copy-Source-Range":               struct{}{},
-			"X-Amz-Copy-Source-Server-Side-Encryption-Customer-Algorithm": struct{}{},
-			"X-Amz-Copy-Source-Server-Side-Encryption-Customer-Key":       struct{}{},
-			"X-Amz-Copy-Source-Server-Side-Encryption-Customer-Key-Md5":   struct{}{},
-			"X-Amz-Grant-Full-control":                                    struct{}{},
-			"X-Amz-Grant-Read":                                            struct{}{},
-			"X-Amz-Grant-Read-Acp":                                        struct{}{},
-			"X-Amz-Grant-Write":                                           struct{}{},
-			"X-Amz-Grant-Write-Acp":                                       struct{}{},
-			"X-Amz-Metadata-Directive":                                    struct{}{},
-			"X-Amz-Mfa":                                                   struct{}{},
-			"X-Amz-Request-Payer":                                         struct{}{},
-			"X-Amz-Server-Side-Encryption":                                struct{}{},
-			"X-Amz-Server-Side-Encryption-Aws-Kms-Key-Id":                 struct{}{},
-			"X-Amz-Server-Side-Encryption-Customer-Algorithm":             struct{}{},
-			"X-Amz-Server-Side-Encryption-Customer-Key":                   struct{}{},
-			"X-Amz-Server-Side-Encryption-Customer-Key-Md5":               struct{}{},
-			"X-Amz-Storage-Class":                                         struct{}{},
-			"X-Amz-Tagging":                                               struct{}{},
-			"X-Amz-Website-Redirect-Location":                             struct{}{},
-			"X-Amz-Content-Sha256":                                        struct{}{},
-		},
-	},
-	patterns{"X-Amz-Meta-"},
-	patterns{"X-Amz-Object-Lock-"},
-}
-
-// allowedHoisting is a allow list for build query headers. The boolean value
-// represents whether or not it is a pattern.
-var allowedQueryHoisting = inclusiveRules{
-	excludeList{requiredSignedHeaders},
-	patterns{"X-Amz-"},
-}
-
-// Signer applies AWS v4 signing to given request. Use this to sign requests
-// that need to be signed with AWS V4 Signatures.
-type Signer struct {
-	// The authentication credentials the request will be signed against.
-	// This value must be set to sign requests.
-	Credentials *credentials.Credentials
-
-	// Sets the log level the signer should use when reporting information to
-	// the logger. If the logger is nil nothing will be logged. See
-	// aws.LogLevelType for more information on available logging levels
-	//
-	// By default nothing will be logged.
-	Debug aws.LogLevelType
-
-	// The logger loging information will be written to. If there the logger
-	// is nil, nothing will be logged.
-	Logger aws.Logger
-
-	// Disables the Signer's moving HTTP header key/value pairs from the HTTP
-	// request header to the request's query string. This is most commonly used
-	// with pre-signed requests preventing headers from being added to the
-	// request's query string.
-	DisableHeaderHoisting bool
-
-	// Disables the automatic escaping of the URI path of the request for the
-	// siganture's canonical string's path. For services that do not need additional
-	// escaping then use this to disable the signer escaping the path.
-	//
-	// S3 is an example of a service that does not need additional escaping.
-	//
-	// http://docs.aws.amazon.com/general/latest/gr/sigv4-create-canonical-request.html
-	DisableURIPathEscaping bool
-
-	// Disables the automatical setting of the HTTP request's Body field with the
-	// io.ReadSeeker passed in to the signer. This is useful if you're using a
-	// custom wrapper around the body for the io.ReadSeeker and want to preserve
-	// the Body value on the Request.Body.
-	//
-	// This does run the risk of signing a request with a body that will not be
-	// sent in the request. Need to ensure that the underlying data of the Body
-	// values are the same.
-	DisableRequestBodyOverwrite bool
-
-	// currentTimeFn returns the time value which represents the current time.
-	// This value should only be used for testing. If it is nil the default
-	// time.Now will be used.
-	currentTimeFn func() time.Time
-
-	// UnsignedPayload will prevent signing of the payload. This will only
-	// work for services that have support for this.
-	UnsignedPayload bool
-}
-
-// NewSigner returns a Signer pointer configured with the credentials and optional
-// option values provided. If not options are provided the Signer will use its
-// default configuration.
-func NewSigner(credentials *credentials.Credentials, options ...func(*Signer)) *Signer {
-	v4 := &Signer{
-		Credentials: credentials,
-	}
-
-	for _, option := range options {
-		option(v4)
-	}
-
-	return v4
-}
-
-type signingCtx struct {
-	ServiceName      string
-	Region           string
-	Request          *http.Request
-	Body             io.ReadSeeker
-	Query            url.Values
-	Time             time.Time
-	ExpireTime       time.Duration
-	SignedHeaderVals http.Header
-
-	DisableURIPathEscaping bool
-
-	credValues      credentials.Value
-	isPresign       bool
-	unsignedPayload bool
-
-	bodyDigest       string
-	signedHeaders    string
-	canonicalHeaders string
-	canonicalString  string
-	credentialString string
-	stringToSign     string
-	signature        string
-	authorization    string
-}
-
-// Sign signs AWS v4 requests with the provided body, service name, region the
-// request is made to, and time the request is signed at. The signTime allows
-// you to specify that a request is signed for the future, and cannot be
-// used until then.
-//
-// Returns a list of HTTP headers that were included in the signature or an
-// error if signing the request failed. Generally for signed requests this value
-// is not needed as the full request context will be captured by the http.Request
-// value. It is included for reference though.
-//
-// Sign will set the request's Body to be the `body` parameter passed in. If
-// the body is not already an io.ReadCloser, it will be wrapped within one. If
-// a `nil` body parameter passed to Sign, the request's Body field will be
-// also set to nil. Its important to note that this functionality will not
-// change the request's ContentLength of the request.
-//
-// Sign differs from Presign in that it will sign the request using HTTP
-// header values. This type of signing is intended for http.Request values that
-// will not be shared, or are shared in a way the header values on the request
-// will not be lost.
-//
-// The requests body is an io.ReadSeeker so the SHA256 of the body can be
-// generated. To bypass the signer computing the hash you can set the
-// "X-Amz-Content-Sha256" header with a precomputed value. The signer will
-// only compute the hash if the request header value is empty.
-func (v4 Signer) Sign(r *http.Request, body io.ReadSeeker, service, region string, signTime time.Time) (http.Header, error) {
-	return v4.signWithBody(r, body, service, region, 0, false, signTime)
-}
-
-// Presign signs AWS v4 requests with the provided body, service name, region
-// the request is made to, and time the request is signed at. The signTime
-// allows you to specify that a request is signed for the future, and cannot
-// be used until then.
-//
-// Returns a list of HTTP headers that were included in the signature or an
-// error if signing the request failed. For presigned requests these headers
-// and their values must be included on the HTTP request when it is made. This
-// is helpful to know what header values need to be shared with the party the
-// presigned request will be distributed to.
-//
-// Presign differs from Sign in that it will sign the request using query string
-// instead of header values. This allows you to share the Presigned Request's
-// URL with third parties, or distribute it throughout your system with minimal
-// dependencies.
-//
-// Presign also takes an exp value which is the duration the
-// signed request will be valid after the signing time. This is allows you to
-// set when the request will expire.
-//
-// The requests body is an io.ReadSeeker so the SHA256 of the body can be
-// generated. To bypass the signer computing the hash you can set the
-// "X-Amz-Content-Sha256" header with a precomputed value. The signer will
-// only compute the hash if the request header value is empty.
-//
-// Presigning a S3 request will not compute the body's SHA256 hash by default.
-// This is done due to the general use case for S3 presigned URLs is to share
-// PUT/GET capabilities. If you would like to include the body's SHA256 in the
-// presigned request's signature you can set the "X-Amz-Content-Sha256"
-// HTTP header and that will be included in the request's signature.
-func (v4 Signer) Presign(r *http.Request, body io.ReadSeeker, service, region string, exp time.Duration, signTime time.Time) (http.Header, error) {
-	return v4.signWithBody(r, body, service, region, exp, true, signTime)
-}
-
-func (v4 Signer) signWithBody(r *http.Request, body io.ReadSeeker, service, region string, exp time.Duration, isPresign bool, signTime time.Time) (http.Header, error) {
-	currentTimeFn := v4.currentTimeFn
-	if currentTimeFn == nil {
-		currentTimeFn = time.Now
-	}
-
-	ctx := &signingCtx{
-		Request:                r,
-		Body:                   body,
-		Query:                  r.URL.Query(),
-		Time:                   signTime,
-		ExpireTime:             exp,
-		isPresign:              isPresign,
-		ServiceName:            service,
-		Region:                 region,
-		DisableURIPathEscaping: v4.DisableURIPathEscaping,
-		unsignedPayload:        v4.UnsignedPayload,
-	}
-
-	for key := range ctx.Query {
-		sort.Strings(ctx.Query[key])
-	}
-
-	if ctx.isRequestSigned() {
-		ctx.Time = currentTimeFn()
-		ctx.handlePresignRemoval()
-	}
-
-	var err error
-	ctx.credValues, err = v4.Credentials.GetWithContext(requestContext(r))
-	if err != nil {
-		return http.Header{}, err
-	}
-
-	ctx.sanitizeHostForHeader()
-	ctx.assignAmzQueryValues()
-	if err := ctx.build(v4.DisableHeaderHoisting); err != nil {
-		return nil, err
-	}
-
-	// If the request is not presigned the body should be attached to it. This
-	// prevents the confusion of wanting to send a signed request without
-	// the body the request was signed for attached.
-	if !(v4.DisableRequestBodyOverwrite || ctx.isPresign) {
-		var reader io.ReadCloser
-		if body != nil {
-			var ok bool
-			if reader, ok = body.(io.ReadCloser); !ok {
-				reader = ioutil.NopCloser(body)
-			}
-		}
-		r.Body = reader
-	}
-
-	if v4.Debug.Matches(aws.LogDebugWithSigning) {
-		v4.logSigningInfo(ctx)
-	}
-
-	return ctx.SignedHeaderVals, nil
-}
-
-func (ctx *signingCtx) sanitizeHostForHeader() {
-	request.SanitizeHostForHeader(ctx.Request)
-}
-
-func (ctx *signingCtx) handlePresignRemoval() {
-	if !ctx.isPresign {
-		return
-	}
-
-	// The credentials have expired for this request. The current signing
-	// is invalid, and needs to be request because the request will fail.
-	ctx.removePresign()
-
-	// Update the request's query string to ensure the values stays in
-	// sync in the case retrieving the new credentials fails.
-	ctx.Request.URL.RawQuery = ctx.Query.Encode()
-}
-
-func (ctx *signingCtx) assignAmzQueryValues() {
-	if ctx.isPresign {
-		ctx.Query.Set("X-Amz-Algorithm", authHeaderPrefix)
-		if ctx.credValues.SessionToken != "" {
-			ctx.Query.Set("X-Amz-Security-Token", ctx.credValues.SessionToken)
-		} else {
-			ctx.Query.Del("X-Amz-Security-Token")
-		}
-
-		return
-	}
-
-	if ctx.credValues.SessionToken != "" {
-		ctx.Request.Header.Set("X-Amz-Security-Token", ctx.credValues.SessionToken)
-	}
-}
-
-// SignRequestHandler is a named request handler the SDK will use to sign
-// service client request with using the V4 signature.
-var SignRequestHandler = request.NamedHandler{
-	Name: "v4.SignRequestHandler", Fn: SignSDKRequest,
-}
-
-// SignSDKRequest signs an AWS request with the V4 signature. This
-// request handler should only be used with the SDK's built in service client's
-// API operation requests.
-//
-// This function should not be used on its own, but in conjunction with
-// an AWS service client's API operation call. To sign a standalone request
-// not created by a service client's API operation method use the "Sign" or
-// "Presign" functions of the "Signer" type.
-//
-// If the credentials of the request's config are set to
-// credentials.AnonymousCredentials the request will not be signed.
-func SignSDKRequest(req *request.Request) {
-	SignSDKRequestWithCurrentTime(req, time.Now)
-}
-
-// BuildNamedHandler will build a generic handler for signing.
-func BuildNamedHandler(name string, opts ...func(*Signer)) request.NamedHandler {
-	return request.NamedHandler{
-		Name: name,
-		Fn: func(req *request.Request) {
-			SignSDKRequestWithCurrentTime(req, time.Now, opts...)
-		},
-	}
-}
-
-// SignSDKRequestWithCurrentTime will sign the SDK's request using the time
-// function passed in. Behaves the same as SignSDKRequest with the exception
-// the request is signed with the value returned by the current time function.
-func SignSDKRequestWithCurrentTime(req *request.Request, curTimeFn func() time.Time, opts ...func(*Signer)) {
-	// If the request does not need to be signed ignore the signing of the
-	// request if the AnonymousCredentials object is used.
-	if req.Config.Credentials == credentials.AnonymousCredentials {
-		return
-	}
-
-	region := req.ClientInfo.SigningRegion
-	if region == "" {
-		region = aws.StringValue(req.Config.Region)
-	}
-
-	name := req.ClientInfo.SigningName
-	if name == "" {
-		name = req.ClientInfo.ServiceName
-	}
-
-	v4 := NewSigner(req.Config.Credentials, func(v4 *Signer) {
-		v4.Debug = req.Config.LogLevel.Value()
-		v4.Logger = req.Config.Logger
-		v4.DisableHeaderHoisting = req.NotHoist
-		v4.currentTimeFn = curTimeFn
-		if name == "s3" {
-			// S3 service should not have any escaping applied
-			v4.DisableURIPathEscaping = true
-		}
-		// Prevents setting the HTTPRequest's Body. Since the Body could be
-		// wrapped in a custom io.Closer that we do not want to be stompped
-		// on top of by the signer.
-		v4.DisableRequestBodyOverwrite = true
-	})
-
-	for _, opt := range opts {
-		opt(v4)
-	}
-
-	curTime := curTimeFn()
-	signedHeaders, err := v4.signWithBody(req.HTTPRequest, req.GetBody(),
-		name, region, req.ExpireTime, req.ExpireTime > 0, curTime,
-	)
-	if err != nil {
-		req.Error = err
-		req.SignedHeaderVals = nil
-		return
-	}
-
-	req.SignedHeaderVals = signedHeaders
-	req.LastSignedAt = curTime
-}
-
-const logSignInfoMsg = `DEBUG: Request Signature:
----[ CANONICAL STRING  ]-----------------------------
-%s
----[ STRING TO SIGN ]--------------------------------
-%s%s
------------------------------------------------------`
-const logSignedURLMsg = `
----[ SIGNED URL ]------------------------------------
-%s`
-
-func (v4 *Signer) logSigningInfo(ctx *signingCtx) {
-	signedURLMsg := ""
-	if ctx.isPresign {
-		signedURLMsg = fmt.Sprintf(logSignedURLMsg, ctx.Request.URL.String())
-	}
-	msg := fmt.Sprintf(logSignInfoMsg, ctx.canonicalString, ctx.stringToSign, signedURLMsg)
-	v4.Logger.Log(msg)
-}
-
-func (ctx *signingCtx) build(disableHeaderHoisting bool) error {
-	ctx.buildTime()             // no depends
-	ctx.buildCredentialString() // no depends
-
-	if err := ctx.buildBodyDigest(); err != nil {
-		return err
-	}
-
-	unsignedHeaders := ctx.Request.Header
-	if ctx.isPresign {
-		if !disableHeaderHoisting {
-			urlValues := url.Values{}
-			urlValues, unsignedHeaders = buildQuery(allowedQueryHoisting, unsignedHeaders) // no depends
-			for k := range urlValues {
-				ctx.Query[k] = urlValues[k]
-			}
-		}
-	}
-
-	ctx.buildCanonicalHeaders(ignoredHeaders, unsignedHeaders)
-	ctx.buildCanonicalString() // depends on canon headers / signed headers
-	ctx.buildStringToSign()    // depends on canon string
-	ctx.buildSignature()       // depends on string to sign
-
-	if ctx.isPresign {
-		ctx.Request.URL.RawQuery += "&" + signatureQueryKey + "=" + ctx.signature
-	} else {
-		parts := []string{
-			authHeaderPrefix + " Credential=" + ctx.credValues.AccessKeyID + "/" + ctx.credentialString,
-			"SignedHeaders=" + ctx.signedHeaders,
-			authHeaderSignatureElem + ctx.signature,
-		}
-		ctx.Request.Header.Set(authorizationHeader, strings.Join(parts, ", "))
-	}
-
-	return nil
-}
-
-// GetSignedRequestSignature attempts to extract the signature of the request.
-// Returning an error if the request is unsigned, or unable to extract the
-// signature.
-func GetSignedRequestSignature(r *http.Request) ([]byte, error) {
-
-	if auth := r.Header.Get(authorizationHeader); len(auth) != 0 {
-		ps := strings.Split(auth, ", ")
-		for _, p := range ps {
-			if idx := strings.Index(p, authHeaderSignatureElem); idx >= 0 {
-				sig := p[len(authHeaderSignatureElem):]
-				if len(sig) == 0 {
-					return nil, fmt.Errorf("invalid request signature authorization header")
-				}
-				return hex.DecodeString(sig)
-			}
-		}
-	}
-
-	if sig := r.URL.Query().Get("X-Amz-Signature"); len(sig) != 0 {
-		return hex.DecodeString(sig)
-	}
-
-	return nil, fmt.Errorf("request not signed")
-}
-
-func (ctx *signingCtx) buildTime() {
-	if ctx.isPresign {
-		duration := int64(ctx.ExpireTime / time.Second)
-		ctx.Query.Set("X-Amz-Date", formatTime(ctx.Time))
-		ctx.Query.Set("X-Amz-Expires", strconv.FormatInt(duration, 10))
-	} else {
-		ctx.Request.Header.Set("X-Amz-Date", formatTime(ctx.Time))
-	}
-}
-
-func (ctx *signingCtx) buildCredentialString() {
-	ctx.credentialString = buildSigningScope(ctx.Region, ctx.ServiceName, ctx.Time)
-
-	if ctx.isPresign {
-		ctx.Query.Set("X-Amz-Credential", ctx.credValues.AccessKeyID+"/"+ctx.credentialString)
-	}
-}
-
-func buildQuery(r rule, header http.Header) (url.Values, http.Header) {
-	query := url.Values{}
-	unsignedHeaders := http.Header{}
-	for k, h := range header {
-		if r.IsValid(k) {
-			query[k] = h
-		} else {
-			unsignedHeaders[k] = h
-		}
-	}
-
-	return query, unsignedHeaders
-}
-func (ctx *signingCtx) buildCanonicalHeaders(r rule, header http.Header) {
-	var headers []string
-	headers = append(headers, "host")
-	for k, v := range header {
-		if !r.IsValid(k) {
-			continue // ignored header
-		}
-		if ctx.SignedHeaderVals == nil {
-			ctx.SignedHeaderVals = make(http.Header)
-		}
-
-		lowerCaseKey := strings.ToLower(k)
-		if _, ok := ctx.SignedHeaderVals[lowerCaseKey]; ok {
-			// include additional values
-			ctx.SignedHeaderVals[lowerCaseKey] = append(ctx.SignedHeaderVals[lowerCaseKey], v...)
-			continue
-		}
-
-		headers = append(headers, lowerCaseKey)
-		ctx.SignedHeaderVals[lowerCaseKey] = v
-	}
-	sort.Strings(headers)
-
-	ctx.signedHeaders = strings.Join(headers, ";")
-
-	if ctx.isPresign {
-		ctx.Query.Set("X-Amz-SignedHeaders", ctx.signedHeaders)
-	}
-
-	headerItems := make([]string, len(headers))
-	for i, k := range headers {
-		if k == "host" {
-			if ctx.Request.Host != "" {
-				headerItems[i] = "host:" + ctx.Request.Host
-			} else {
-				headerItems[i] = "host:" + ctx.Request.URL.Host
-			}
-		} else {
-			headerValues := make([]string, len(ctx.SignedHeaderVals[k]))
-			for i, v := range ctx.SignedHeaderVals[k] {
-				headerValues[i] = strings.TrimSpace(v)
-			}
-			headerItems[i] = k + ":" +
-				strings.Join(headerValues, ",")
-		}
-	}
-	stripExcessSpaces(headerItems)
-	ctx.canonicalHeaders = strings.Join(headerItems, "\n")
-}
-
-func (ctx *signingCtx) buildCanonicalString() {
-	ctx.Request.URL.RawQuery = strings.Replace(ctx.Query.Encode(), "+", "%20", -1)
-
-	uri := getURIPath(ctx.Request.URL)
-
-	if !ctx.DisableURIPathEscaping {
-		uri = rest.EscapePath(uri, false)
-	}
-
-	ctx.canonicalString = strings.Join([]string{
-		ctx.Request.Method,
-		uri,
-		ctx.Request.URL.RawQuery,
-		ctx.canonicalHeaders + "\n",
-		ctx.signedHeaders,
-		ctx.bodyDigest,
-	}, "\n")
-}
-
-func (ctx *signingCtx) buildStringToSign() {
-	ctx.stringToSign = strings.Join([]string{
-		authHeaderPrefix,
-		formatTime(ctx.Time),
-		ctx.credentialString,
-		hex.EncodeToString(hashSHA256([]byte(ctx.canonicalString))),
-	}, "\n")
-}
-
-func (ctx *signingCtx) buildSignature() {
-	creds := deriveSigningKey(ctx.Region, ctx.ServiceName, ctx.credValues.SecretAccessKey, ctx.Time)
-	signature := hmacSHA256(creds, []byte(ctx.stringToSign))
-	ctx.signature = hex.EncodeToString(signature)
-}
-
-func (ctx *signingCtx) buildBodyDigest() error {
-	hash := ctx.Request.Header.Get("X-Amz-Content-Sha256")
-	if hash == "" {
-		includeSHA256Header := ctx.unsignedPayload ||
-			ctx.ServiceName == "s3" ||
-			ctx.ServiceName == "s3-object-lambda" ||
-			ctx.ServiceName == "glacier" ||
-			ctx.ServiceName == "s3-outposts"
-
-		s3Presign := ctx.isPresign &&
-			(ctx.ServiceName == "s3" ||
-				ctx.ServiceName == "s3-object-lambda")
-
-		if ctx.unsignedPayload || s3Presign {
-			hash = "UNSIGNED-PAYLOAD"
-			includeSHA256Header = !s3Presign
-		} else if ctx.Body == nil {
-			hash = emptyStringSHA256
-		} else {
-			if !aws.IsReaderSeekable(ctx.Body) {
-				return fmt.Errorf("cannot use unseekable request body %T, for signed request with body", ctx.Body)
-			}
-			hashBytes, err := makeSha256Reader(ctx.Body)
-			if err != nil {
-				return err
-			}
-			hash = hex.EncodeToString(hashBytes)
-		}
-
-		if includeSHA256Header {
-			ctx.Request.Header.Set("X-Amz-Content-Sha256", hash)
-		}
-	}
-	ctx.bodyDigest = hash
-
-	return nil
-}
-
-// isRequestSigned returns if the request is currently signed or presigned
-func (ctx *signingCtx) isRequestSigned() bool {
-	if ctx.isPresign && ctx.Query.Get("X-Amz-Signature") != "" {
-		return true
-	}
-	if ctx.Request.Header.Get("Authorization") != "" {
-		return true
-	}
-
-	return false
-}
-
-// unsign removes signing flags for both signed and presigned requests.
-func (ctx *signingCtx) removePresign() {
-	ctx.Query.Del("X-Amz-Algorithm")
-	ctx.Query.Del("X-Amz-Signature")
-	ctx.Query.Del("X-Amz-Security-Token")
-	ctx.Query.Del("X-Amz-Date")
-	ctx.Query.Del("X-Amz-Expires")
-	ctx.Query.Del("X-Amz-Credential")
-	ctx.Query.Del("X-Amz-SignedHeaders")
-}
-
-func hmacSHA256(key []byte, data []byte) []byte {
-	hash := hmac.New(sha256.New, key)
-	hash.Write(data)
-	return hash.Sum(nil)
-}
-
-func hashSHA256(data []byte) []byte {
-	hash := sha256.New()
-	hash.Write(data)
-	return hash.Sum(nil)
-}
-
-func makeSha256Reader(reader io.ReadSeeker) (hashBytes []byte, err error) {
-	hash := sha256.New()
-	start, err := reader.Seek(0, sdkio.SeekCurrent)
-	if err != nil {
-		return nil, err
-	}
-	defer func() {
-		// ensure error is return if unable to seek back to start of payload.
-		_, err = reader.Seek(start, sdkio.SeekStart)
-	}()
-
-	// Use CopyN to avoid allocating the 32KB buffer in io.Copy for bodies
-	// smaller than 32KB. Fall back to io.Copy if we fail to determine the size.
-	size, err := aws.SeekerLen(reader)
-	if err != nil {
-		io.Copy(hash, reader)
-	} else {
-		io.CopyN(hash, reader, size)
-	}
-
-	return hash.Sum(nil), nil
-}
-
-const doubleSpace = "  "
-
-// stripExcessSpaces will rewrite the passed in slice's string values to not
-// contain multiple side-by-side spaces.
-func stripExcessSpaces(vals []string) {
-	var j, k, l, m, spaces int
-	for i, str := range vals {
-		// Trim trailing spaces
-		for j = len(str) - 1; j >= 0 && str[j] == ' '; j-- {
-		}
-
-		// Trim leading spaces
-		for k = 0; k < j && str[k] == ' '; k++ {
-		}
-		str = str[k : j+1]
-
-		// Strip multiple spaces.
-		j = strings.Index(str, doubleSpace)
-		if j < 0 {
-			vals[i] = str
-			continue
-		}
-
-		buf := []byte(str)
-		for k, m, l = j, j, len(buf); k < l; k++ {
-			if buf[k] == ' ' {
-				if spaces == 0 {
-					// First space.
-					buf[m] = buf[k]
-					m++
-				}
-				spaces++
-			} else {
-				// End of multiple spaces.
-				spaces = 0
-				buf[m] = buf[k]
-				m++
-			}
-		}
-
-		vals[i] = string(buf[:m])
-	}
-}
-
-func buildSigningScope(region, service string, dt time.Time) string {
-	return strings.Join([]string{
-		formatShortTime(dt),
-		region,
-		service,
-		awsV4Request,
-	}, "/")
-}
-
-func deriveSigningKey(region, service, secretKey string, dt time.Time) []byte {
-	kDate := hmacSHA256([]byte("AWS4"+secretKey), []byte(formatShortTime(dt)))
-	kRegion := hmacSHA256(kDate, []byte(region))
-	kService := hmacSHA256(kRegion, []byte(service))
-	signingKey := hmacSHA256(kService, []byte(awsV4Request))
-	return signingKey
-}
-
-func formatShortTime(dt time.Time) string {
-	return dt.UTC().Format(shortTimeFormat)
-}
-
-func formatTime(dt time.Time) string {
-	return dt.UTC().Format(timeFormat)
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/types.go b/vendor/github.com/aws/aws-sdk-go/aws/types.go
deleted file mode 100644
index 98751ee84..000000000
--- a/vendor/github.com/aws/aws-sdk-go/aws/types.go
+++ /dev/null
@@ -1,264 +0,0 @@
-package aws
-
-import (
-	"io"
-	"strings"
-	"sync"
-
-	"github.com/aws/aws-sdk-go/internal/sdkio"
-)
-
-// ReadSeekCloser wraps a io.Reader returning a ReaderSeekerCloser. Allows the
-// SDK to accept an io.Reader that is not also an io.Seeker for unsigned
-// streaming payload API operations.
-//
-// A ReadSeekCloser wrapping an nonseekable io.Reader used in an API
-// operation's input will prevent that operation being retried in the case of
-// network errors, and cause operation requests to fail if the operation
-// requires payload signing.
-//
-// Note: If using With S3 PutObject to stream an object upload The SDK's S3
-// Upload manager (s3manager.Uploader) provides support for streaming with the
-// ability to retry network errors.
-func ReadSeekCloser(r io.Reader) ReaderSeekerCloser {
-	return ReaderSeekerCloser{r}
-}
-
-// ReaderSeekerCloser represents a reader that can also delegate io.Seeker and
-// io.Closer interfaces to the underlying object if they are available.
-type ReaderSeekerCloser struct {
-	r io.Reader
-}
-
-// IsReaderSeekable returns if the underlying reader type can be seeked. A
-// io.Reader might not actually be seekable if it is the ReaderSeekerCloser
-// type.
-func IsReaderSeekable(r io.Reader) bool {
-	switch v := r.(type) {
-	case ReaderSeekerCloser:
-		return v.IsSeeker()
-	case *ReaderSeekerCloser:
-		return v.IsSeeker()
-	case io.ReadSeeker:
-		return true
-	default:
-		return false
-	}
-}
-
-// Read reads from the reader up to size of p. The number of bytes read, and
-// error if it occurred will be returned.
-//
-// If the reader is not an io.Reader zero bytes read, and nil error will be
-// returned.
-//
-// Performs the same functionality as io.Reader Read
-func (r ReaderSeekerCloser) Read(p []byte) (int, error) {
-	switch t := r.r.(type) {
-	case io.Reader:
-		return t.Read(p)
-	}
-	return 0, nil
-}
-
-// Seek sets the offset for the next Read to offset, interpreted according to
-// whence: 0 means relative to the origin of the file, 1 means relative to the
-// current offset, and 2 means relative to the end. Seek returns the new offset
-// and an error, if any.
-//
-// If the ReaderSeekerCloser is not an io.Seeker nothing will be done.
-func (r ReaderSeekerCloser) Seek(offset int64, whence int) (int64, error) {
-	switch t := r.r.(type) {
-	case io.Seeker:
-		return t.Seek(offset, whence)
-	}
-	return int64(0), nil
-}
-
-// IsSeeker returns if the underlying reader is also a seeker.
-func (r ReaderSeekerCloser) IsSeeker() bool {
-	_, ok := r.r.(io.Seeker)
-	return ok
-}
-
-// HasLen returns the length of the underlying reader if the value implements
-// the Len() int method.
-func (r ReaderSeekerCloser) HasLen() (int, bool) {
-	type lenner interface {
-		Len() int
-	}
-
-	if lr, ok := r.r.(lenner); ok {
-		return lr.Len(), true
-	}
-
-	return 0, false
-}
-
-// GetLen returns the length of the bytes remaining in the underlying reader.
-// Checks first for Len(), then io.Seeker to determine the size of the
-// underlying reader.
-//
-// Will return -1 if the length cannot be determined.
-func (r ReaderSeekerCloser) GetLen() (int64, error) {
-	if l, ok := r.HasLen(); ok {
-		return int64(l), nil
-	}
-
-	if s, ok := r.r.(io.Seeker); ok {
-		return seekerLen(s)
-	}
-
-	return -1, nil
-}
-
-// SeekerLen attempts to get the number of bytes remaining at the seeker's
-// current position.  Returns the number of bytes remaining or error.
-func SeekerLen(s io.Seeker) (int64, error) {
-	// Determine if the seeker is actually seekable. ReaderSeekerCloser
-	// hides the fact that a io.Readers might not actually be seekable.
-	switch v := s.(type) {
-	case ReaderSeekerCloser:
-		return v.GetLen()
-	case *ReaderSeekerCloser:
-		return v.GetLen()
-	}
-
-	return seekerLen(s)
-}
-
-func seekerLen(s io.Seeker) (int64, error) {
-	curOffset, err := s.Seek(0, sdkio.SeekCurrent)
-	if err != nil {
-		return 0, err
-	}
-
-	endOffset, err := s.Seek(0, sdkio.SeekEnd)
-	if err != nil {
-		return 0, err
-	}
-
-	_, err = s.Seek(curOffset, sdkio.SeekStart)
-	if err != nil {
-		return 0, err
-	}
-
-	return endOffset - curOffset, nil
-}
-
-// Close closes the ReaderSeekerCloser.
-//
-// If the ReaderSeekerCloser is not an io.Closer nothing will be done.
-func (r ReaderSeekerCloser) Close() error {
-	switch t := r.r.(type) {
-	case io.Closer:
-		return t.Close()
-	}
-	return nil
-}
-
-// A WriteAtBuffer provides a in memory buffer supporting the io.WriterAt interface
-// Can be used with the s3manager.Downloader to download content to a buffer
-// in memory. Safe to use concurrently.
-type WriteAtBuffer struct {
-	buf []byte
-	m   sync.Mutex
-
-	// GrowthCoeff defines the growth rate of the internal buffer. By
-	// default, the growth rate is 1, where expanding the internal
-	// buffer will allocate only enough capacity to fit the new expected
-	// length.
-	GrowthCoeff float64
-}
-
-// NewWriteAtBuffer creates a WriteAtBuffer with an internal buffer
-// provided by buf.
-func NewWriteAtBuffer(buf []byte) *WriteAtBuffer {
-	return &WriteAtBuffer{buf: buf}
-}
-
-// WriteAt writes a slice of bytes to a buffer starting at the position provided
-// The number of bytes written will be returned, or error. Can overwrite previous
-// written slices if the write ats overlap.
-func (b *WriteAtBuffer) WriteAt(p []byte, pos int64) (n int, err error) {
-	pLen := len(p)
-	expLen := pos + int64(pLen)
-	b.m.Lock()
-	defer b.m.Unlock()
-	if int64(len(b.buf)) < expLen {
-		if int64(cap(b.buf)) < expLen {
-			if b.GrowthCoeff < 1 {
-				b.GrowthCoeff = 1
-			}
-			newBuf := make([]byte, expLen, int64(b.GrowthCoeff*float64(expLen)))
-			copy(newBuf, b.buf)
-			b.buf = newBuf
-		}
-		b.buf = b.buf[:expLen]
-	}
-	copy(b.buf[pos:], p)
-	return pLen, nil
-}
-
-// Bytes returns a slice of bytes written to the buffer.
-func (b *WriteAtBuffer) Bytes() []byte {
-	b.m.Lock()
-	defer b.m.Unlock()
-	return b.buf
-}
-
-// MultiCloser is a utility to close multiple io.Closers within a single
-// statement.
-type MultiCloser []io.Closer
-
-// Close closes all of the io.Closers making up the MultiClosers. Any
-// errors that occur while closing will be returned in the order they
-// occur.
-func (m MultiCloser) Close() error {
-	var errs errors
-	for _, c := range m {
-		err := c.Close()
-		if err != nil {
-			errs = append(errs, err)
-		}
-	}
-	if len(errs) != 0 {
-		return errs
-	}
-
-	return nil
-}
-
-type errors []error
-
-func (es errors) Error() string {
-	var parts []string
-	for _, e := range es {
-		parts = append(parts, e.Error())
-	}
-
-	return strings.Join(parts, "\n")
-}
-
-// CopySeekableBody copies the seekable body to an io.Writer
-func CopySeekableBody(dst io.Writer, src io.ReadSeeker) (int64, error) {
-	curPos, err := src.Seek(0, sdkio.SeekCurrent)
-	if err != nil {
-		return 0, err
-	}
-
-	// copy errors may be assumed to be from the body.
-	n, err := io.Copy(dst, src)
-	if err != nil {
-		return n, err
-	}
-
-	// seek back to the first position after reading to reset
-	// the body for transmission.
-	_, err = src.Seek(curPos, sdkio.SeekStart)
-	if err != nil {
-		return n, err
-	}
-
-	return n, nil
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/url.go b/vendor/github.com/aws/aws-sdk-go/aws/url.go
deleted file mode 100644
index fed561bd5..000000000
--- a/vendor/github.com/aws/aws-sdk-go/aws/url.go
+++ /dev/null
@@ -1,13 +0,0 @@
-//go:build go1.8
-// +build go1.8
-
-package aws
-
-import "net/url"
-
-// URLHostname will extract the Hostname without port from the URL value.
-//
-// Wrapper of net/url#URL.Hostname for backwards Go version compatibility.
-func URLHostname(url *url.URL) string {
-	return url.Hostname()
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/url_1_7.go b/vendor/github.com/aws/aws-sdk-go/aws/url_1_7.go
deleted file mode 100644
index 95282db03..000000000
--- a/vendor/github.com/aws/aws-sdk-go/aws/url_1_7.go
+++ /dev/null
@@ -1,30 +0,0 @@
-//go:build !go1.8
-// +build !go1.8
-
-package aws
-
-import (
-	"net/url"
-	"strings"
-)
-
-// URLHostname will extract the Hostname without port from the URL value.
-//
-// Copy of Go 1.8's net/url#URL.Hostname functionality.
-func URLHostname(url *url.URL) string {
-	return stripPort(url.Host)
-
-}
-
-// stripPort is copy of Go 1.8 url#URL.Hostname functionality.
-// https://golang.org/src/net/url/url.go
-func stripPort(hostport string) string {
-	colon := strings.IndexByte(hostport, ':')
-	if colon == -1 {
-		return hostport
-	}
-	if i := strings.IndexByte(hostport, ']'); i != -1 {
-		return strings.TrimPrefix(hostport[:i], "[")
-	}
-	return hostport[:colon]
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/version.go b/vendor/github.com/aws/aws-sdk-go/aws/version.go
deleted file mode 100644
index 9a0c29aa5..000000000
--- a/vendor/github.com/aws/aws-sdk-go/aws/version.go
+++ /dev/null
@@ -1,8 +0,0 @@
-// Package aws provides core functionality for making requests to AWS services.
-package aws
-
-// SDKName is the name of this AWS SDK
-const SDKName = "aws-sdk-go"
-
-// SDKVersion is the version of this SDK
-const SDKVersion = "1.44.288"
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/context/background_go1.5.go b/vendor/github.com/aws/aws-sdk-go/internal/context/background_go1.5.go
deleted file mode 100644
index 365345353..000000000
--- a/vendor/github.com/aws/aws-sdk-go/internal/context/background_go1.5.go
+++ /dev/null
@@ -1,41 +0,0 @@
-//go:build !go1.7
-// +build !go1.7
-
-package context
-
-import "time"
-
-// An emptyCtx is a copy of the Go 1.7 context.emptyCtx type. This is copied to
-// provide a 1.6 and 1.5 safe version of context that is compatible with Go
-// 1.7's Context.
-//
-// An emptyCtx is never canceled, has no values, and has no deadline. It is not
-// struct{}, since vars of this type must have distinct addresses.
-type emptyCtx int
-
-func (*emptyCtx) Deadline() (deadline time.Time, ok bool) {
-	return
-}
-
-func (*emptyCtx) Done() <-chan struct{} {
-	return nil
-}
-
-func (*emptyCtx) Err() error {
-	return nil
-}
-
-func (*emptyCtx) Value(key interface{}) interface{} {
-	return nil
-}
-
-func (e *emptyCtx) String() string {
-	switch e {
-	case BackgroundCtx:
-		return "aws.BackgroundContext"
-	}
-	return "unknown empty Context"
-}
-
-// BackgroundCtx is the common base context.
-var BackgroundCtx = new(emptyCtx)
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/ini/ast.go b/vendor/github.com/aws/aws-sdk-go/internal/ini/ast.go
deleted file mode 100644
index e83a99886..000000000
--- a/vendor/github.com/aws/aws-sdk-go/internal/ini/ast.go
+++ /dev/null
@@ -1,120 +0,0 @@
-package ini
-
-// ASTKind represents different states in the parse table
-// and the type of AST that is being constructed
-type ASTKind int
-
-// ASTKind* is used in the parse table to transition between
-// the different states
-const (
-	ASTKindNone = ASTKind(iota)
-	ASTKindStart
-	ASTKindExpr
-	ASTKindEqualExpr
-	ASTKindStatement
-	ASTKindSkipStatement
-	ASTKindExprStatement
-	ASTKindSectionStatement
-	ASTKindNestedSectionStatement
-	ASTKindCompletedNestedSectionStatement
-	ASTKindCommentStatement
-	ASTKindCompletedSectionStatement
-)
-
-func (k ASTKind) String() string {
-	switch k {
-	case ASTKindNone:
-		return "none"
-	case ASTKindStart:
-		return "start"
-	case ASTKindExpr:
-		return "expr"
-	case ASTKindStatement:
-		return "stmt"
-	case ASTKindSectionStatement:
-		return "section_stmt"
-	case ASTKindExprStatement:
-		return "expr_stmt"
-	case ASTKindCommentStatement:
-		return "comment"
-	case ASTKindNestedSectionStatement:
-		return "nested_section_stmt"
-	case ASTKindCompletedSectionStatement:
-		return "completed_stmt"
-	case ASTKindSkipStatement:
-		return "skip"
-	default:
-		return ""
-	}
-}
-
-// AST interface allows us to determine what kind of node we
-// are on and casting may not need to be necessary.
-//
-// The root is always the first node in Children
-type AST struct {
-	Kind      ASTKind
-	Root      Token
-	RootToken bool
-	Children  []AST
-}
-
-func newAST(kind ASTKind, root AST, children ...AST) AST {
-	return AST{
-		Kind:     kind,
-		Children: append([]AST{root}, children...),
-	}
-}
-
-func newASTWithRootToken(kind ASTKind, root Token, children ...AST) AST {
-	return AST{
-		Kind:      kind,
-		Root:      root,
-		RootToken: true,
-		Children:  children,
-	}
-}
-
-// AppendChild will append to the list of children an AST has.
-func (a *AST) AppendChild(child AST) {
-	a.Children = append(a.Children, child)
-}
-
-// GetRoot will return the root AST which can be the first entry
-// in the children list or a token.
-func (a *AST) GetRoot() AST {
-	if a.RootToken {
-		return *a
-	}
-
-	if len(a.Children) == 0 {
-		return AST{}
-	}
-
-	return a.Children[0]
-}
-
-// GetChildren will return the current AST's list of children
-func (a *AST) GetChildren() []AST {
-	if len(a.Children) == 0 {
-		return []AST{}
-	}
-
-	if a.RootToken {
-		return a.Children
-	}
-
-	return a.Children[1:]
-}
-
-// SetChildren will set and override all children of the AST.
-func (a *AST) SetChildren(children []AST) {
-	if a.RootToken {
-		a.Children = children
-	} else {
-		a.Children = append(a.Children[:1], children...)
-	}
-}
-
-// Start is used to indicate the starting state of the parse table.
-var Start = newAST(ASTKindStart, AST{})
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/ini/comma_token.go b/vendor/github.com/aws/aws-sdk-go/internal/ini/comma_token.go
deleted file mode 100644
index 0895d53cb..000000000
--- a/vendor/github.com/aws/aws-sdk-go/internal/ini/comma_token.go
+++ /dev/null
@@ -1,11 +0,0 @@
-package ini
-
-var commaRunes = []rune(",")
-
-func isComma(b rune) bool {
-	return b == ','
-}
-
-func newCommaToken() Token {
-	return newToken(TokenComma, commaRunes, NoneType)
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/ini/comment_token.go b/vendor/github.com/aws/aws-sdk-go/internal/ini/comment_token.go
deleted file mode 100644
index 0b76999ba..000000000
--- a/vendor/github.com/aws/aws-sdk-go/internal/ini/comment_token.go
+++ /dev/null
@@ -1,35 +0,0 @@
-package ini
-
-// isComment will return whether or not the next byte(s) is a
-// comment.
-func isComment(b []rune) bool {
-	if len(b) == 0 {
-		return false
-	}
-
-	switch b[0] {
-	case ';':
-		return true
-	case '#':
-		return true
-	}
-
-	return false
-}
-
-// newCommentToken will create a comment token and
-// return how many bytes were read.
-func newCommentToken(b []rune) (Token, int, error) {
-	i := 0
-	for ; i < len(b); i++ {
-		if b[i] == '\n' {
-			break
-		}
-
-		if len(b)-i > 2 && b[i] == '\r' && b[i+1] == '\n' {
-			break
-		}
-	}
-
-	return newToken(TokenComment, b[:i], NoneType), i, nil
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/ini/doc.go b/vendor/github.com/aws/aws-sdk-go/internal/ini/doc.go
deleted file mode 100644
index 1e55bbd07..000000000
--- a/vendor/github.com/aws/aws-sdk-go/internal/ini/doc.go
+++ /dev/null
@@ -1,42 +0,0 @@
-// Package ini is an LL(1) parser for configuration files.
-//
-//	Example:
-//	sections, err := ini.OpenFile("/path/to/file")
-//	if err != nil {
-//		panic(err)
-//	}
-//
-//	profile := "foo"
-//	section, ok := sections.GetSection(profile)
-//	if !ok {
-//		fmt.Printf("section %q could not be found", profile)
-//	}
-//
-// Below is the BNF that describes this parser
-//  Grammar:
-//  stmt -> section | stmt'
-//  stmt' -> epsilon | expr
-//  expr -> value (stmt)* | equal_expr (stmt)*
-//  equal_expr -> value ( ':' | '=' ) equal_expr'
-//  equal_expr' -> number | string | quoted_string
-//  quoted_string -> " quoted_string'
-//  quoted_string' -> string quoted_string_end
-//  quoted_string_end -> "
-//
-//  section -> [ section'
-//  section' -> section_value section_close
-//  section_value -> number | string_subset | boolean | quoted_string_subset
-//  quoted_string_subset -> " quoted_string_subset'
-//  quoted_string_subset' -> string_subset quoted_string_end
-//  quoted_string_subset -> "
-//  section_close -> ]
-//
-//  value -> number | string_subset | boolean
-//  string -> ? UTF-8 Code-Points except '\n' (U+000A) and '\r\n' (U+000D U+000A) ?
-//  string_subset -> ? Code-points excepted by <string> grammar except ':' (U+003A), '=' (U+003D), '[' (U+005B), and ']' (U+005D) ?
-//
-//  SkipState will skip (NL WS)+
-//
-//  comment -> # comment' | ; comment'
-//  comment' -> epsilon | value
-package ini
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/ini/empty_token.go b/vendor/github.com/aws/aws-sdk-go/internal/ini/empty_token.go
deleted file mode 100644
index 04345a54c..000000000
--- a/vendor/github.com/aws/aws-sdk-go/internal/ini/empty_token.go
+++ /dev/null
@@ -1,4 +0,0 @@
-package ini
-
-// emptyToken is used to satisfy the Token interface
-var emptyToken = newToken(TokenNone, []rune{}, NoneType)
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/ini/expression.go b/vendor/github.com/aws/aws-sdk-go/internal/ini/expression.go
deleted file mode 100644
index 91ba2a59d..000000000
--- a/vendor/github.com/aws/aws-sdk-go/internal/ini/expression.go
+++ /dev/null
@@ -1,24 +0,0 @@
-package ini
-
-// newExpression will return an expression AST.
-// Expr represents an expression
-//
-//	grammar:
-//	expr -> string | number
-func newExpression(tok Token) AST {
-	return newASTWithRootToken(ASTKindExpr, tok)
-}
-
-func newEqualExpr(left AST, tok Token) AST {
-	return newASTWithRootToken(ASTKindEqualExpr, tok, left)
-}
-
-// EqualExprKey will return a LHS value in the equal expr
-func EqualExprKey(ast AST) string {
-	children := ast.GetChildren()
-	if len(children) == 0 || ast.Kind != ASTKindEqualExpr {
-		return ""
-	}
-
-	return string(children[0].Root.Raw())
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/ini/fuzz.go b/vendor/github.com/aws/aws-sdk-go/internal/ini/fuzz.go
deleted file mode 100644
index 6e545b63b..000000000
--- a/vendor/github.com/aws/aws-sdk-go/internal/ini/fuzz.go
+++ /dev/null
@@ -1,18 +0,0 @@
-//go:build gofuzz
-// +build gofuzz
-
-package ini
-
-import (
-	"bytes"
-)
-
-func Fuzz(data []byte) int {
-	b := bytes.NewReader(data)
-
-	if _, err := Parse(b); err != nil {
-		return 0
-	}
-
-	return 1
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/ini/ini.go b/vendor/github.com/aws/aws-sdk-go/internal/ini/ini.go
deleted file mode 100644
index 3b0ca7afe..000000000
--- a/vendor/github.com/aws/aws-sdk-go/internal/ini/ini.go
+++ /dev/null
@@ -1,51 +0,0 @@
-package ini
-
-import (
-	"io"
-	"os"
-
-	"github.com/aws/aws-sdk-go/aws/awserr"
-)
-
-// OpenFile takes a path to a given file, and will open  and parse
-// that file.
-func OpenFile(path string) (Sections, error) {
-	f, err := os.Open(path)
-	if err != nil {
-		return Sections{}, awserr.New(ErrCodeUnableToReadFile, "unable to open file", err)
-	}
-	defer f.Close()
-
-	return Parse(f)
-}
-
-// Parse will parse the given file using the shared config
-// visitor.
-func Parse(f io.Reader) (Sections, error) {
-	tree, err := ParseAST(f)
-	if err != nil {
-		return Sections{}, err
-	}
-
-	v := NewDefaultVisitor()
-	if err = Walk(tree, v); err != nil {
-		return Sections{}, err
-	}
-
-	return v.Sections, nil
-}
-
-// ParseBytes will parse the given bytes and return the parsed sections.
-func ParseBytes(b []byte) (Sections, error) {
-	tree, err := ParseASTBytes(b)
-	if err != nil {
-		return Sections{}, err
-	}
-
-	v := NewDefaultVisitor()
-	if err = Walk(tree, v); err != nil {
-		return Sections{}, err
-	}
-
-	return v.Sections, nil
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/ini/ini_lexer.go b/vendor/github.com/aws/aws-sdk-go/internal/ini/ini_lexer.go
deleted file mode 100644
index 582c024ad..000000000
--- a/vendor/github.com/aws/aws-sdk-go/internal/ini/ini_lexer.go
+++ /dev/null
@@ -1,165 +0,0 @@
-package ini
-
-import (
-	"bytes"
-	"io"
-	"io/ioutil"
-
-	"github.com/aws/aws-sdk-go/aws/awserr"
-)
-
-const (
-	// ErrCodeUnableToReadFile is used when a file is failed to be
-	// opened or read from.
-	ErrCodeUnableToReadFile = "FailedRead"
-)
-
-// TokenType represents the various different tokens types
-type TokenType int
-
-func (t TokenType) String() string {
-	switch t {
-	case TokenNone:
-		return "none"
-	case TokenLit:
-		return "literal"
-	case TokenSep:
-		return "sep"
-	case TokenOp:
-		return "op"
-	case TokenWS:
-		return "ws"
-	case TokenNL:
-		return "newline"
-	case TokenComment:
-		return "comment"
-	case TokenComma:
-		return "comma"
-	default:
-		return ""
-	}
-}
-
-// TokenType enums
-const (
-	TokenNone = TokenType(iota)
-	TokenLit
-	TokenSep
-	TokenComma
-	TokenOp
-	TokenWS
-	TokenNL
-	TokenComment
-)
-
-type iniLexer struct{}
-
-// Tokenize will return a list of tokens during lexical analysis of the
-// io.Reader.
-func (l *iniLexer) Tokenize(r io.Reader) ([]Token, error) {
-	b, err := ioutil.ReadAll(r)
-	if err != nil {
-		return nil, awserr.New(ErrCodeUnableToReadFile, "unable to read file", err)
-	}
-
-	return l.tokenize(b)
-}
-
-func (l *iniLexer) tokenize(b []byte) ([]Token, error) {
-	runes := bytes.Runes(b)
-	var err error
-	n := 0
-	tokenAmount := countTokens(runes)
-	tokens := make([]Token, tokenAmount)
-	count := 0
-
-	for len(runes) > 0 && count < tokenAmount {
-		switch {
-		case isWhitespace(runes[0]):
-			tokens[count], n, err = newWSToken(runes)
-		case isComma(runes[0]):
-			tokens[count], n = newCommaToken(), 1
-		case isComment(runes):
-			tokens[count], n, err = newCommentToken(runes)
-		case isNewline(runes):
-			tokens[count], n, err = newNewlineToken(runes)
-		case isSep(runes):
-			tokens[count], n, err = newSepToken(runes)
-		case isOp(runes):
-			tokens[count], n, err = newOpToken(runes)
-		default:
-			tokens[count], n, err = newLitToken(runes)
-		}
-
-		if err != nil {
-			return nil, err
-		}
-
-		count++
-
-		runes = runes[n:]
-	}
-
-	return tokens[:count], nil
-}
-
-func countTokens(runes []rune) int {
-	count, n := 0, 0
-	var err error
-
-	for len(runes) > 0 {
-		switch {
-		case isWhitespace(runes[0]):
-			_, n, err = newWSToken(runes)
-		case isComma(runes[0]):
-			_, n = newCommaToken(), 1
-		case isComment(runes):
-			_, n, err = newCommentToken(runes)
-		case isNewline(runes):
-			_, n, err = newNewlineToken(runes)
-		case isSep(runes):
-			_, n, err = newSepToken(runes)
-		case isOp(runes):
-			_, n, err = newOpToken(runes)
-		default:
-			_, n, err = newLitToken(runes)
-		}
-
-		if err != nil {
-			return 0
-		}
-
-		count++
-		runes = runes[n:]
-	}
-
-	return count + 1
-}
-
-// Token indicates a metadata about a given value.
-type Token struct {
-	t         TokenType
-	ValueType ValueType
-	base      int
-	raw       []rune
-}
-
-var emptyValue = Value{}
-
-func newToken(t TokenType, raw []rune, v ValueType) Token {
-	return Token{
-		t:         t,
-		raw:       raw,
-		ValueType: v,
-	}
-}
-
-// Raw return the raw runes that were consumed
-func (tok Token) Raw() []rune {
-	return tok.raw
-}
-
-// Type returns the token type
-func (tok Token) Type() TokenType {
-	return tok.t
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/ini/ini_parser.go b/vendor/github.com/aws/aws-sdk-go/internal/ini/ini_parser.go
deleted file mode 100644
index 0ba319491..000000000
--- a/vendor/github.com/aws/aws-sdk-go/internal/ini/ini_parser.go
+++ /dev/null
@@ -1,350 +0,0 @@
-package ini
-
-import (
-	"fmt"
-	"io"
-)
-
-// ParseState represents the current state of the parser.
-type ParseState uint
-
-// State enums for the parse table
-const (
-	InvalidState ParseState = iota
-	// stmt -> value stmt'
-	StatementState
-	// stmt' -> MarkComplete | op stmt
-	StatementPrimeState
-	// value -> number | string | boolean | quoted_string
-	ValueState
-	// section -> [ section'
-	OpenScopeState
-	// section' -> value section_close
-	SectionState
-	// section_close -> ]
-	CloseScopeState
-	// SkipState will skip (NL WS)+
-	SkipState
-	// SkipTokenState will skip any token and push the previous
-	// state onto the stack.
-	SkipTokenState
-	// comment -> # comment' | ; comment'
-	// comment' -> MarkComplete | value
-	CommentState
-	// MarkComplete state will complete statements and move that
-	// to the completed AST list
-	MarkCompleteState
-	// TerminalState signifies that the tokens have been fully parsed
-	TerminalState
-)
-
-// parseTable is a state machine to dictate the grammar above.
-var parseTable = map[ASTKind]map[TokenType]ParseState{
-	ASTKindStart: {
-		TokenLit:     StatementState,
-		TokenSep:     OpenScopeState,
-		TokenWS:      SkipTokenState,
-		TokenNL:      SkipTokenState,
-		TokenComment: CommentState,
-		TokenNone:    TerminalState,
-	},
-	ASTKindCommentStatement: {
-		TokenLit:     StatementState,
-		TokenSep:     OpenScopeState,
-		TokenWS:      SkipTokenState,
-		TokenNL:      SkipTokenState,
-		TokenComment: CommentState,
-		TokenNone:    MarkCompleteState,
-	},
-	ASTKindExpr: {
-		TokenOp:      StatementPrimeState,
-		TokenLit:     ValueState,
-		TokenSep:     OpenScopeState,
-		TokenWS:      ValueState,
-		TokenNL:      SkipState,
-		TokenComment: CommentState,
-		TokenNone:    MarkCompleteState,
-	},
-	ASTKindEqualExpr: {
-		TokenLit:  ValueState,
-		TokenSep:  ValueState,
-		TokenOp:   ValueState,
-		TokenWS:   SkipTokenState,
-		TokenNL:   SkipState,
-		TokenNone: SkipState,
-	},
-	ASTKindStatement: {
-		TokenLit:     SectionState,
-		TokenSep:     CloseScopeState,
-		TokenWS:      SkipTokenState,
-		TokenNL:      SkipTokenState,
-		TokenComment: CommentState,
-		TokenNone:    MarkCompleteState,
-	},
-	ASTKindExprStatement: {
-		TokenLit:     ValueState,
-		TokenSep:     ValueState,
-		TokenOp:      ValueState,
-		TokenWS:      ValueState,
-		TokenNL:      MarkCompleteState,
-		TokenComment: CommentState,
-		TokenNone:    TerminalState,
-		TokenComma:   SkipState,
-	},
-	ASTKindSectionStatement: {
-		TokenLit: SectionState,
-		TokenOp:  SectionState,
-		TokenSep: CloseScopeState,
-		TokenWS:  SectionState,
-		TokenNL:  SkipTokenState,
-	},
-	ASTKindCompletedSectionStatement: {
-		TokenWS:      SkipTokenState,
-		TokenNL:      SkipTokenState,
-		TokenLit:     StatementState,
-		TokenSep:     OpenScopeState,
-		TokenComment: CommentState,
-		TokenNone:    MarkCompleteState,
-	},
-	ASTKindSkipStatement: {
-		TokenLit:     StatementState,
-		TokenSep:     OpenScopeState,
-		TokenWS:      SkipTokenState,
-		TokenNL:      SkipTokenState,
-		TokenComment: CommentState,
-		TokenNone:    TerminalState,
-	},
-}
-
-// ParseAST will parse input from an io.Reader using
-// an LL(1) parser.
-func ParseAST(r io.Reader) ([]AST, error) {
-	lexer := iniLexer{}
-	tokens, err := lexer.Tokenize(r)
-	if err != nil {
-		return []AST{}, err
-	}
-
-	return parse(tokens)
-}
-
-// ParseASTBytes will parse input from a byte slice using
-// an LL(1) parser.
-func ParseASTBytes(b []byte) ([]AST, error) {
-	lexer := iniLexer{}
-	tokens, err := lexer.tokenize(b)
-	if err != nil {
-		return []AST{}, err
-	}
-
-	return parse(tokens)
-}
-
-func parse(tokens []Token) ([]AST, error) {
-	start := Start
-	stack := newParseStack(3, len(tokens))
-
-	stack.Push(start)
-	s := newSkipper()
-
-loop:
-	for stack.Len() > 0 {
-		k := stack.Pop()
-
-		var tok Token
-		if len(tokens) == 0 {
-			// this occurs when all the tokens have been processed
-			// but reduction of what's left on the stack needs to
-			// occur.
-			tok = emptyToken
-		} else {
-			tok = tokens[0]
-		}
-
-		step := parseTable[k.Kind][tok.Type()]
-		if s.ShouldSkip(tok) {
-			// being in a skip state with no tokens will break out of
-			// the parse loop since there is nothing left to process.
-			if len(tokens) == 0 {
-				break loop
-			}
-			// if should skip is true, we skip the tokens until should skip is set to false.
-			step = SkipTokenState
-		}
-
-		switch step {
-		case TerminalState:
-			// Finished parsing. Push what should be the last
-			// statement to the stack. If there is anything left
-			// on the stack, an error in parsing has occurred.
-			if k.Kind != ASTKindStart {
-				stack.MarkComplete(k)
-			}
-			break loop
-		case SkipTokenState:
-			// When skipping a token, the previous state was popped off the stack.
-			// To maintain the correct state, the previous state will be pushed
-			// onto the stack.
-			stack.Push(k)
-		case StatementState:
-			if k.Kind != ASTKindStart {
-				stack.MarkComplete(k)
-			}
-			expr := newExpression(tok)
-			stack.Push(expr)
-		case StatementPrimeState:
-			if tok.Type() != TokenOp {
-				stack.MarkComplete(k)
-				continue
-			}
-
-			if k.Kind != ASTKindExpr {
-				return nil, NewParseError(
-					fmt.Sprintf("invalid expression: expected Expr type, but found %T type", k),
-				)
-			}
-
-			k = trimSpaces(k)
-			expr := newEqualExpr(k, tok)
-			stack.Push(expr)
-		case ValueState:
-			// ValueState requires the previous state to either be an equal expression
-			// or an expression statement.
-			switch k.Kind {
-			case ASTKindEqualExpr:
-				// assigning a value to some key
-				k.AppendChild(newExpression(tok))
-				stack.Push(newExprStatement(k))
-			case ASTKindExpr:
-				k.Root.raw = append(k.Root.raw, tok.Raw()...)
-				stack.Push(k)
-			case ASTKindExprStatement:
-				root := k.GetRoot()
-				children := root.GetChildren()
-				if len(children) == 0 {
-					return nil, NewParseError(
-						fmt.Sprintf("invalid expression: AST contains no children %s", k.Kind),
-					)
-				}
-
-				rhs := children[len(children)-1]
-
-				if rhs.Root.ValueType != QuotedStringType {
-					rhs.Root.ValueType = StringType
-					rhs.Root.raw = append(rhs.Root.raw, tok.Raw()...)
-
-				}
-
-				children[len(children)-1] = rhs
-				root.SetChildren(children)
-
-				stack.Push(k)
-			}
-		case OpenScopeState:
-			if !runeCompare(tok.Raw(), openBrace) {
-				return nil, NewParseError("expected '['")
-			}
-			// If OpenScopeState is not at the start, we must mark the previous ast as complete
-			//
-			// for example: if previous ast was a skip statement;
-			// we should mark it as complete before we create a new statement
-			if k.Kind != ASTKindStart {
-				stack.MarkComplete(k)
-			}
-
-			stmt := newStatement()
-			stack.Push(stmt)
-		case CloseScopeState:
-			if !runeCompare(tok.Raw(), closeBrace) {
-				return nil, NewParseError("expected ']'")
-			}
-
-			k = trimSpaces(k)
-			stack.Push(newCompletedSectionStatement(k))
-		case SectionState:
-			var stmt AST
-
-			switch k.Kind {
-			case ASTKindStatement:
-				// If there are multiple literals inside of a scope declaration,
-				// then the current token's raw value will be appended to the Name.
-				//
-				// This handles cases like [ profile default ]
-				//
-				// k will represent a SectionStatement with the children representing
-				// the label of the section
-				stmt = newSectionStatement(tok)
-			case ASTKindSectionStatement:
-				k.Root.raw = append(k.Root.raw, tok.Raw()...)
-				stmt = k
-			default:
-				return nil, NewParseError(
-					fmt.Sprintf("invalid statement: expected statement: %v", k.Kind),
-				)
-			}
-
-			stack.Push(stmt)
-		case MarkCompleteState:
-			if k.Kind != ASTKindStart {
-				stack.MarkComplete(k)
-			}
-
-			if stack.Len() == 0 {
-				stack.Push(start)
-			}
-		case SkipState:
-			stack.Push(newSkipStatement(k))
-			s.Skip()
-		case CommentState:
-			if k.Kind == ASTKindStart {
-				stack.Push(k)
-			} else {
-				stack.MarkComplete(k)
-			}
-
-			stmt := newCommentStatement(tok)
-			stack.Push(stmt)
-		default:
-			return nil, NewParseError(
-				fmt.Sprintf("invalid state with ASTKind %v and TokenType %v",
-					k, tok.Type()))
-		}
-
-		if len(tokens) > 0 {
-			tokens = tokens[1:]
-		}
-	}
-
-	// this occurs when a statement has not been completed
-	if stack.top > 1 {
-		return nil, NewParseError(fmt.Sprintf("incomplete ini expression"))
-	}
-
-	// returns a sublist which excludes the start symbol
-	return stack.List(), nil
-}
-
-// trimSpaces will trim spaces on the left and right hand side of
-// the literal.
-func trimSpaces(k AST) AST {
-	// trim left hand side of spaces
-	for i := 0; i < len(k.Root.raw); i++ {
-		if !isWhitespace(k.Root.raw[i]) {
-			break
-		}
-
-		k.Root.raw = k.Root.raw[1:]
-		i--
-	}
-
-	// trim right hand side of spaces
-	for i := len(k.Root.raw) - 1; i >= 0; i-- {
-		if !isWhitespace(k.Root.raw[i]) {
-			break
-		}
-
-		k.Root.raw = k.Root.raw[:len(k.Root.raw)-1]
-	}
-
-	return k
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/ini/literal_tokens.go b/vendor/github.com/aws/aws-sdk-go/internal/ini/literal_tokens.go
deleted file mode 100644
index 34a481afb..000000000
--- a/vendor/github.com/aws/aws-sdk-go/internal/ini/literal_tokens.go
+++ /dev/null
@@ -1,340 +0,0 @@
-package ini
-
-import (
-	"fmt"
-	"strconv"
-	"strings"
-	"unicode"
-)
-
-var (
-	runesTrue  = []rune("true")
-	runesFalse = []rune("false")
-)
-
-var literalValues = [][]rune{
-	runesTrue,
-	runesFalse,
-}
-
-func isBoolValue(b []rune) bool {
-	for _, lv := range literalValues {
-		if isCaselessLitValue(lv, b) {
-			return true
-		}
-	}
-	return false
-}
-
-func isLitValue(want, have []rune) bool {
-	if len(have) < len(want) {
-		return false
-	}
-
-	for i := 0; i < len(want); i++ {
-		if want[i] != have[i] {
-			return false
-		}
-	}
-
-	return true
-}
-
-// isCaselessLitValue is a caseless value comparison, assumes want is already lower-cased for efficiency.
-func isCaselessLitValue(want, have []rune) bool {
-	if len(have) < len(want) {
-		return false
-	}
-
-	for i := 0; i < len(want); i++ {
-		if want[i] != unicode.ToLower(have[i]) {
-			return false
-		}
-	}
-
-	return true
-}
-
-// isNumberValue will return whether not the leading characters in
-// a byte slice is a number. A number is delimited by whitespace or
-// the newline token.
-//
-// A number is defined to be in a binary, octal, decimal (int | float), hex format,
-// or in scientific notation.
-func isNumberValue(b []rune) bool {
-	negativeIndex := 0
-	helper := numberHelper{}
-	needDigit := false
-
-	for i := 0; i < len(b); i++ {
-		negativeIndex++
-
-		switch b[i] {
-		case '-':
-			if helper.IsNegative() || negativeIndex != 1 {
-				return false
-			}
-			helper.Determine(b[i])
-			needDigit = true
-			continue
-		case 'e', 'E':
-			if err := helper.Determine(b[i]); err != nil {
-				return false
-			}
-			negativeIndex = 0
-			needDigit = true
-			continue
-		case 'b':
-			if helper.numberFormat == hex {
-				break
-			}
-			fallthrough
-		case 'o', 'x':
-			needDigit = true
-			if i == 0 {
-				return false
-			}
-
-			fallthrough
-		case '.':
-			if err := helper.Determine(b[i]); err != nil {
-				return false
-			}
-			needDigit = true
-			continue
-		}
-
-		if i > 0 && (isNewline(b[i:]) || isWhitespace(b[i])) {
-			return !needDigit
-		}
-
-		if !helper.CorrectByte(b[i]) {
-			return false
-		}
-		needDigit = false
-	}
-
-	return !needDigit
-}
-
-func isValid(b []rune) (bool, int, error) {
-	if len(b) == 0 {
-		// TODO: should probably return an error
-		return false, 0, nil
-	}
-
-	return isValidRune(b[0]), 1, nil
-}
-
-func isValidRune(r rune) bool {
-	return r != ':' && r != '=' && r != '[' && r != ']' && r != ' ' && r != '\n'
-}
-
-// ValueType is an enum that will signify what type
-// the Value is
-type ValueType int
-
-func (v ValueType) String() string {
-	switch v {
-	case NoneType:
-		return "NONE"
-	case DecimalType:
-		return "FLOAT"
-	case IntegerType:
-		return "INT"
-	case StringType:
-		return "STRING"
-	case BoolType:
-		return "BOOL"
-	}
-
-	return ""
-}
-
-// ValueType enums
-const (
-	NoneType = ValueType(iota)
-	DecimalType
-	IntegerType
-	StringType
-	QuotedStringType
-	BoolType
-)
-
-// Value is a union container
-type Value struct {
-	Type ValueType
-	raw  []rune
-
-	integer int64
-	decimal float64
-	boolean bool
-	str     string
-}
-
-func newValue(t ValueType, base int, raw []rune) (Value, error) {
-	v := Value{
-		Type: t,
-		raw:  raw,
-	}
-	var err error
-
-	switch t {
-	case DecimalType:
-		v.decimal, err = strconv.ParseFloat(string(raw), 64)
-	case IntegerType:
-		if base != 10 {
-			raw = raw[2:]
-		}
-
-		v.integer, err = strconv.ParseInt(string(raw), base, 64)
-	case StringType:
-		v.str = string(raw)
-	case QuotedStringType:
-		v.str = string(raw[1 : len(raw)-1])
-	case BoolType:
-		v.boolean = isCaselessLitValue(runesTrue, v.raw)
-	}
-
-	// issue 2253
-	//
-	// if the value trying to be parsed is too large, then we will use
-	// the 'StringType' and raw value instead.
-	if nerr, ok := err.(*strconv.NumError); ok && nerr.Err == strconv.ErrRange {
-		v.Type = StringType
-		v.str = string(raw)
-		err = nil
-	}
-
-	return v, err
-}
-
-// Append will append values and change the type to a string
-// type.
-func (v *Value) Append(tok Token) {
-	r := tok.Raw()
-	if v.Type != QuotedStringType {
-		v.Type = StringType
-		r = tok.raw[1 : len(tok.raw)-1]
-	}
-	if tok.Type() != TokenLit {
-		v.raw = append(v.raw, tok.Raw()...)
-	} else {
-		v.raw = append(v.raw, r...)
-	}
-}
-
-func (v Value) String() string {
-	switch v.Type {
-	case DecimalType:
-		return fmt.Sprintf("decimal: %f", v.decimal)
-	case IntegerType:
-		return fmt.Sprintf("integer: %d", v.integer)
-	case StringType:
-		return fmt.Sprintf("string: %s", string(v.raw))
-	case QuotedStringType:
-		return fmt.Sprintf("quoted string: %s", string(v.raw))
-	case BoolType:
-		return fmt.Sprintf("bool: %t", v.boolean)
-	default:
-		return "union not set"
-	}
-}
-
-func newLitToken(b []rune) (Token, int, error) {
-	n := 0
-	var err error
-
-	token := Token{}
-	if b[0] == '"' {
-		n, err = getStringValue(b)
-		if err != nil {
-			return token, n, err
-		}
-
-		token = newToken(TokenLit, b[:n], QuotedStringType)
-	} else if isNumberValue(b) {
-		var base int
-		base, n, err = getNumericalValue(b)
-		if err != nil {
-			return token, 0, err
-		}
-
-		value := b[:n]
-		vType := IntegerType
-		if contains(value, '.') || hasExponent(value) {
-			vType = DecimalType
-		}
-		token = newToken(TokenLit, value, vType)
-		token.base = base
-	} else if isBoolValue(b) {
-		n, err = getBoolValue(b)
-
-		token = newToken(TokenLit, b[:n], BoolType)
-	} else {
-		n, err = getValue(b)
-		token = newToken(TokenLit, b[:n], StringType)
-	}
-
-	return token, n, err
-}
-
-// IntValue returns an integer value
-func (v Value) IntValue() int64 {
-	return v.integer
-}
-
-// FloatValue returns a float value
-func (v Value) FloatValue() float64 {
-	return v.decimal
-}
-
-// BoolValue returns a bool value
-func (v Value) BoolValue() bool {
-	return v.boolean
-}
-
-func isTrimmable(r rune) bool {
-	switch r {
-	case '\n', ' ':
-		return true
-	}
-	return false
-}
-
-// StringValue returns the string value
-func (v Value) StringValue() string {
-	switch v.Type {
-	case StringType:
-		return strings.TrimFunc(string(v.raw), isTrimmable)
-	case QuotedStringType:
-		// preserve all characters in the quotes
-		return string(removeEscapedCharacters(v.raw[1 : len(v.raw)-1]))
-	default:
-		return strings.TrimFunc(string(v.raw), isTrimmable)
-	}
-}
-
-func contains(runes []rune, c rune) bool {
-	for i := 0; i < len(runes); i++ {
-		if runes[i] == c {
-			return true
-		}
-	}
-
-	return false
-}
-
-func runeCompare(v1 []rune, v2 []rune) bool {
-	if len(v1) != len(v2) {
-		return false
-	}
-
-	for i := 0; i < len(v1); i++ {
-		if v1[i] != v2[i] {
-			return false
-		}
-	}
-
-	return true
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/ini/newline_token.go b/vendor/github.com/aws/aws-sdk-go/internal/ini/newline_token.go
deleted file mode 100644
index e52ac399f..000000000
--- a/vendor/github.com/aws/aws-sdk-go/internal/ini/newline_token.go
+++ /dev/null
@@ -1,30 +0,0 @@
-package ini
-
-func isNewline(b []rune) bool {
-	if len(b) == 0 {
-		return false
-	}
-
-	if b[0] == '\n' {
-		return true
-	}
-
-	if len(b) < 2 {
-		return false
-	}
-
-	return b[0] == '\r' && b[1] == '\n'
-}
-
-func newNewlineToken(b []rune) (Token, int, error) {
-	i := 1
-	if b[0] == '\r' && isNewline(b[1:]) {
-		i++
-	}
-
-	if !isNewline([]rune(b[:i])) {
-		return emptyToken, 0, NewParseError("invalid new line token")
-	}
-
-	return newToken(TokenNL, b[:i], NoneType), i, nil
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/ini/number_helper.go b/vendor/github.com/aws/aws-sdk-go/internal/ini/number_helper.go
deleted file mode 100644
index a45c0bc56..000000000
--- a/vendor/github.com/aws/aws-sdk-go/internal/ini/number_helper.go
+++ /dev/null
@@ -1,152 +0,0 @@
-package ini
-
-import (
-	"bytes"
-	"fmt"
-	"strconv"
-)
-
-const (
-	none = numberFormat(iota)
-	binary
-	octal
-	decimal
-	hex
-	exponent
-)
-
-type numberFormat int
-
-// numberHelper is used to dictate what format a number is in
-// and what to do for negative values. Since -1e-4 is a valid
-// number, we cannot just simply check for duplicate negatives.
-type numberHelper struct {
-	numberFormat numberFormat
-
-	negative         bool
-	negativeExponent bool
-}
-
-func (b numberHelper) Exists() bool {
-	return b.numberFormat != none
-}
-
-func (b numberHelper) IsNegative() bool {
-	return b.negative || b.negativeExponent
-}
-
-func (b *numberHelper) Determine(c rune) error {
-	if b.Exists() {
-		return NewParseError(fmt.Sprintf("multiple number formats: 0%v", string(c)))
-	}
-
-	switch c {
-	case 'b':
-		b.numberFormat = binary
-	case 'o':
-		b.numberFormat = octal
-	case 'x':
-		b.numberFormat = hex
-	case 'e', 'E':
-		b.numberFormat = exponent
-	case '-':
-		if b.numberFormat != exponent {
-			b.negative = true
-		} else {
-			b.negativeExponent = true
-		}
-	case '.':
-		b.numberFormat = decimal
-	default:
-		return NewParseError(fmt.Sprintf("invalid number character: %v", string(c)))
-	}
-
-	return nil
-}
-
-func (b numberHelper) CorrectByte(c rune) bool {
-	switch {
-	case b.numberFormat == binary:
-		if !isBinaryByte(c) {
-			return false
-		}
-	case b.numberFormat == octal:
-		if !isOctalByte(c) {
-			return false
-		}
-	case b.numberFormat == hex:
-		if !isHexByte(c) {
-			return false
-		}
-	case b.numberFormat == decimal:
-		if !isDigit(c) {
-			return false
-		}
-	case b.numberFormat == exponent:
-		if !isDigit(c) {
-			return false
-		}
-	case b.negativeExponent:
-		if !isDigit(c) {
-			return false
-		}
-	case b.negative:
-		if !isDigit(c) {
-			return false
-		}
-	default:
-		if !isDigit(c) {
-			return false
-		}
-	}
-
-	return true
-}
-
-func (b numberHelper) Base() int {
-	switch b.numberFormat {
-	case binary:
-		return 2
-	case octal:
-		return 8
-	case hex:
-		return 16
-	default:
-		return 10
-	}
-}
-
-func (b numberHelper) String() string {
-	buf := bytes.Buffer{}
-	i := 0
-
-	switch b.numberFormat {
-	case binary:
-		i++
-		buf.WriteString(strconv.Itoa(i) + ": binary format\n")
-	case octal:
-		i++
-		buf.WriteString(strconv.Itoa(i) + ": octal format\n")
-	case hex:
-		i++
-		buf.WriteString(strconv.Itoa(i) + ": hex format\n")
-	case exponent:
-		i++
-		buf.WriteString(strconv.Itoa(i) + ": exponent format\n")
-	default:
-		i++
-		buf.WriteString(strconv.Itoa(i) + ": integer format\n")
-	}
-
-	if b.negative {
-		i++
-		buf.WriteString(strconv.Itoa(i) + ": negative format\n")
-	}
-
-	if b.negativeExponent {
-		i++
-		buf.WriteString(strconv.Itoa(i) + ": negative exponent format\n")
-	}
-
-	return buf.String()
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/ini/op_tokens.go b/vendor/github.com/aws/aws-sdk-go/internal/ini/op_tokens.go
deleted file mode 100644
index 8a84c7cbe..000000000
--- a/vendor/github.com/aws/aws-sdk-go/internal/ini/op_tokens.go
+++ /dev/null
@@ -1,39 +0,0 @@
-package ini
-
-import (
-	"fmt"
-)
-
-var (
-	equalOp      = []rune("=")
-	equalColonOp = []rune(":")
-)
-
-func isOp(b []rune) bool {
-	if len(b) == 0 {
-		return false
-	}
-
-	switch b[0] {
-	case '=':
-		return true
-	case ':':
-		return true
-	default:
-		return false
-	}
-}
-
-func newOpToken(b []rune) (Token, int, error) {
-	tok := Token{}
-
-	switch b[0] {
-	case '=':
-		tok = newToken(TokenOp, equalOp, NoneType)
-	case ':':
-		tok = newToken(TokenOp, equalColonOp, NoneType)
-	default:
-		return tok, 0, NewParseError(fmt.Sprintf("unexpected op type, %v", b[0]))
-	}
-	return tok, 1, nil
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/ini/parse_error.go b/vendor/github.com/aws/aws-sdk-go/internal/ini/parse_error.go
deleted file mode 100644
index 457287019..000000000
--- a/vendor/github.com/aws/aws-sdk-go/internal/ini/parse_error.go
+++ /dev/null
@@ -1,43 +0,0 @@
-package ini
-
-import "fmt"
-
-const (
-	// ErrCodeParseError is returned when a parsing error
-	// has occurred.
-	ErrCodeParseError = "INIParseError"
-)
-
-// ParseError is an error which is returned during any part of
-// the parsing process.
-type ParseError struct {
-	msg string
-}
-
-// NewParseError will return a new ParseError where message
-// is the description of the error.
-func NewParseError(message string) *ParseError {
-	return &ParseError{
-		msg: message,
-	}
-}
-
-// Code will return the ErrCodeParseError
-func (err *ParseError) Code() string {
-	return ErrCodeParseError
-}
-
-// Message returns the error's message
-func (err *ParseError) Message() string {
-	return err.msg
-}
-
-// OrigError return nothing since there will never be any
-// original error.
-func (err *ParseError) OrigError() error {
-	return nil
-}
-
-func (err *ParseError) Error() string {
-	return fmt.Sprintf("%s: %s", err.Code(), err.Message())
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/ini/parse_stack.go b/vendor/github.com/aws/aws-sdk-go/internal/ini/parse_stack.go
deleted file mode 100644
index 7f01cf7c7..000000000
--- a/vendor/github.com/aws/aws-sdk-go/internal/ini/parse_stack.go
+++ /dev/null
@@ -1,60 +0,0 @@
-package ini
-
-import (
-	"bytes"
-	"fmt"
-)
-
-// ParseStack is a stack that contains a container, the stack portion,
-// and the list which is the list of ASTs that have been successfully
-// parsed.
-type ParseStack struct {
-	top       int
-	container []AST
-	list      []AST
-	index     int
-}
-
-func newParseStack(sizeContainer, sizeList int) ParseStack {
-	return ParseStack{
-		container: make([]AST, sizeContainer),
-		list:      make([]AST, sizeList),
-	}
-}
-
-// Pop will return and truncate the last container element.
-func (s *ParseStack) Pop() AST {
-	s.top--
-	return s.container[s.top]
-}
-
-// Push will add the new AST to the container
-func (s *ParseStack) Push(ast AST) {
-	s.container[s.top] = ast
-	s.top++
-}
-
-// MarkComplete will append the AST to the list of completed statements
-func (s *ParseStack) MarkComplete(ast AST) {
-	s.list[s.index] = ast
-	s.index++
-}
-
-// List will return the completed statements
-func (s ParseStack) List() []AST {
-	return s.list[:s.index]
-}
-
-// Len will return the length of the container
-func (s *ParseStack) Len() int {
-	return s.top
-}
-
-func (s ParseStack) String() string {
-	buf := bytes.Buffer{}
-	for i, node := range s.list {
-		buf.WriteString(fmt.Sprintf("%d: %v\n", i+1, node))
-	}
-
-	return buf.String()
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/ini/sep_tokens.go b/vendor/github.com/aws/aws-sdk-go/internal/ini/sep_tokens.go
deleted file mode 100644
index f82095ba2..000000000
--- a/vendor/github.com/aws/aws-sdk-go/internal/ini/sep_tokens.go
+++ /dev/null
@@ -1,41 +0,0 @@
-package ini
-
-import (
-	"fmt"
-)
-
-var (
-	emptyRunes = []rune{}
-)
-
-func isSep(b []rune) bool {
-	if len(b) == 0 {
-		return false
-	}
-
-	switch b[0] {
-	case '[', ']':
-		return true
-	default:
-		return false
-	}
-}
-
-var (
-	openBrace  = []rune("[")
-	closeBrace = []rune("]")
-)
-
-func newSepToken(b []rune) (Token, int, error) {
-	tok := Token{}
-
-	switch b[0] {
-	case '[':
-		tok = newToken(TokenSep, openBrace, NoneType)
-	case ']':
-		tok = newToken(TokenSep, closeBrace, NoneType)
-	default:
-		return tok, 0, NewParseError(fmt.Sprintf("unexpected sep type, %v", b[0]))
-	}
-	return tok, 1, nil
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/ini/skipper.go b/vendor/github.com/aws/aws-sdk-go/internal/ini/skipper.go
deleted file mode 100644
index da7a4049c..000000000
--- a/vendor/github.com/aws/aws-sdk-go/internal/ini/skipper.go
+++ /dev/null
@@ -1,45 +0,0 @@
-package ini
-
-// skipper is used to skip certain blocks of an ini file.
-// Currently skipper is used to skip nested blocks of ini
-// files. See example below
-//
-//	[ foo ]
-//	nested = ; this section will be skipped
-//		a=b
-//		c=d
-//	bar=baz ; this will be included
-type skipper struct {
-	shouldSkip bool
-	TokenSet   bool
-	prevTok    Token
-}
-
-func newSkipper() skipper {
-	return skipper{
-		prevTok: emptyToken,
-	}
-}
-
-func (s *skipper) ShouldSkip(tok Token) bool {
-	// should skip state will be modified only if previous token was new line (NL);
-	// and the current token is not WhiteSpace (WS).
-	if s.shouldSkip &&
-		s.prevTok.Type() == TokenNL &&
-		tok.Type() != TokenWS {
-		s.Continue()
-		return false
-	}
-	s.prevTok = tok
-	return s.shouldSkip
-}
-
-func (s *skipper) Skip() {
-	s.shouldSkip = true
-}
-
-func (s *skipper) Continue() {
-	s.shouldSkip = false
-	// empty token is assigned as we return to default state, when should skip is false
-	s.prevTok = emptyToken
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/ini/statement.go b/vendor/github.com/aws/aws-sdk-go/internal/ini/statement.go
deleted file mode 100644
index 18f3fe893..000000000
--- a/vendor/github.com/aws/aws-sdk-go/internal/ini/statement.go
+++ /dev/null
@@ -1,35 +0,0 @@
-package ini
-
-// Statement is an empty AST mostly used for transitioning states.
-func newStatement() AST {
-	return newAST(ASTKindStatement, AST{})
-}
-
-// SectionStatement represents a section AST
-func newSectionStatement(tok Token) AST {
-	return newASTWithRootToken(ASTKindSectionStatement, tok)
-}
-
-// ExprStatement represents a completed expression AST
-func newExprStatement(ast AST) AST {
-	return newAST(ASTKindExprStatement, ast)
-}
-
-// CommentStatement represents a comment in the ini definition.
-//
-//	grammar:
-//	comment -> #comment' | ;comment'
-//	comment' -> epsilon | value
-func newCommentStatement(tok Token) AST {
-	return newAST(ASTKindCommentStatement, newExpression(tok))
-}
-
-// CompletedSectionStatement represents a completed section
-func newCompletedSectionStatement(ast AST) AST {
-	return newAST(ASTKindCompletedSectionStatement, ast)
-}
-
-// SkipStatement is used to skip whole statements
-func newSkipStatement(ast AST) AST {
-	return newAST(ASTKindSkipStatement, ast)
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/ini/value_util.go b/vendor/github.com/aws/aws-sdk-go/internal/ini/value_util.go
deleted file mode 100644
index b5480fdeb..000000000
--- a/vendor/github.com/aws/aws-sdk-go/internal/ini/value_util.go
+++ /dev/null
@@ -1,284 +0,0 @@
-package ini
-
-import (
-	"fmt"
-)
-
-// getStringValue will return a quoted string and the amount
-// of bytes read
-//
-// an error will be returned if the string is not properly formatted
-func getStringValue(b []rune) (int, error) {
-	if b[0] != '"' {
-		return 0, NewParseError("strings must start with '\"'")
-	}
-
-	endQuote := false
-	i := 1
-
-	for ; i < len(b) && !endQuote; i++ {
-		if escaped := isEscaped(b[:i], b[i]); b[i] == '"' && !escaped {
-			endQuote = true
-			break
-		} else if escaped {
-			/*c, err := getEscapedByte(b[i])
-			if err != nil {
-				return 0, err
-			}
-
-			b[i-1] = c
-			b = append(b[:i], b[i+1:]...)
-			i--*/
-
-			continue
-		}
-	}
-
-	if !endQuote {
-		return 0, NewParseError("missing '\"' in string value")
-	}
-
-	return i + 1, nil
-}
-
-// getBoolValue will return a boolean and the amount
-// of bytes read
-//
-// an error will be returned if the boolean is not of a correct
-// value
-func getBoolValue(b []rune) (int, error) {
-	if len(b) < 4 {
-		return 0, NewParseError("invalid boolean value")
-	}
-
-	n := 0
-	for _, lv := range literalValues {
-		if len(lv) > len(b) {
-			continue
-		}
-
-		if isCaselessLitValue(lv, b) {
-			n = len(lv)
-		}
-	}
-
-	if n == 0 {
-		return 0, NewParseError("invalid boolean value")
-	}
-
-	return n, nil
-}
-
-// getNumericalValue will return a numerical string, the amount
-// of bytes read, and the base of the number
-//
-// an error will be returned if the number is not of a correct
-// value
-func getNumericalValue(b []rune) (int, int, error) {
-	if !isDigit(b[0]) {
-		return 0, 0, NewParseError("invalid digit value")
-	}
-
-	i := 0
-	helper := numberHelper{}
-
-loop:
-	for negativeIndex := 0; i < len(b); i++ {
-		negativeIndex++
-
-		if !isDigit(b[i]) {
-			switch b[i] {
-			case '-':
-				if helper.IsNegative() || negativeIndex != 1 {
-					return 0, 0, NewParseError("parse error '-'")
-				}
-
-				n := getNegativeNumber(b[i:])
-				i += (n - 1)
-				helper.Determine(b[i])
-				continue
-			case '.':
-				if err := helper.Determine(b[i]); err != nil {
-					return 0, 0, err
-				}
-			case 'e', 'E':
-				if err := helper.Determine(b[i]); err != nil {
-					return 0, 0, err
-				}
-
-				negativeIndex = 0
-			case 'b':
-				if helper.numberFormat == hex {
-					break
-				}
-				fallthrough
-			case 'o', 'x':
-				if i == 0 && b[i] != '0' {
-					return 0, 0, NewParseError("incorrect base format, expected leading '0'")
-				}
-
-				if i != 1 {
-					return 0, 0, NewParseError(fmt.Sprintf("incorrect base format found %s at %d index", string(b[i]), i))
-				}
-
-				if err := helper.Determine(b[i]); err != nil {
-					return 0, 0, err
-				}
-			default:
-				if isWhitespace(b[i]) {
-					break loop
-				}
-
-				if isNewline(b[i:]) {
-					break loop
-				}
-
-				if !(helper.numberFormat == hex && isHexByte(b[i])) {
-					if i+2 < len(b) && !isNewline(b[i:i+2]) {
-						return 0, 0, NewParseError("invalid numerical character")
-					} else if !isNewline([]rune{b[i]}) {
-						return 0, 0, NewParseError("invalid numerical character")
-					}
-
-					break loop
-				}
-			}
-		}
-	}
-
-	return helper.Base(), i, nil
-}
-
-// isDigit will return whether or not something is an integer
-func isDigit(b rune) bool {
-	return b >= '0' && b <= '9'
-}
-
-func hasExponent(v []rune) bool {
-	return contains(v, 'e') || contains(v, 'E')
-}
-
-func isBinaryByte(b rune) bool {
-	switch b {
-	case '0', '1':
-		return true
-	default:
-		return false
-	}
-}
-
-func isOctalByte(b rune) bool {
-	switch b {
-	case '0', '1', '2', '3', '4', '5', '6', '7':
-		return true
-	default:
-		return false
-	}
-}
-
-func isHexByte(b rune) bool {
-	if isDigit(b) {
-		return true
-	}
-	return (b >= 'A' && b <= 'F') ||
-		(b >= 'a' && b <= 'f')
-}
-
-func getValue(b []rune) (int, error) {
-	i := 0
-
-	for i < len(b) {
-		if isNewline(b[i:]) {
-			break
-		}
-
-		if isOp(b[i:]) {
-			break
-		}
-
-		valid, n, err := isValid(b[i:])
-		if err != nil {
-			return 0, err
-		}
-
-		if !valid {
-			break
-		}
-
-		i += n
-	}
-
-	return i, nil
-}
-
-// getNegativeNumber will return a negative number from a
-// byte slice. This will iterate through all characters until
-// a non-digit has been found.
-func getNegativeNumber(b []rune) int {
-	if b[0] != '-' {
-		return 0
-	}
-
-	i := 1
-	for ; i < len(b); i++ {
-		if !isDigit(b[i]) {
-			return i
-		}
-	}
-
-	return i
-}
-
-// isEscaped will return whether or not the character is an escaped
-// character.
-func isEscaped(value []rune, b rune) bool {
-	if len(value) == 0 {
-		return false
-	}
-
-	switch b {
-	case '\'': // single quote
-	case '"': // quote
-	case 'n': // newline
-	case 't': // tab
-	case '\\': // backslash
-	default:
-		return false
-	}
-
-	return value[len(value)-1] == '\\'
-}
-
-func getEscapedByte(b rune) (rune, error) {
-	switch b {
-	case '\'': // single quote
-		return '\'', nil
-	case '"': // quote
-		return '"', nil
-	case 'n': // newline
-		return '\n', nil
-	case 't': // table
-		return '\t', nil
-	case '\\': // backslash
-		return '\\', nil
-	default:
-		return b, NewParseError(fmt.Sprintf("invalid escaped character %c", b))
-	}
-}
-
-func removeEscapedCharacters(b []rune) []rune {
-	for i := 0; i < len(b); i++ {
-		if isEscaped(b[:i], b[i]) {
-			c, err := getEscapedByte(b[i])
-			if err != nil {
-				return b
-			}
-
-			b[i-1] = c
-			b = append(b[:i], b[i+1:]...)
-			i--
-		}
-	}
-
-	return b
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/ini/visitor.go b/vendor/github.com/aws/aws-sdk-go/internal/ini/visitor.go
deleted file mode 100644
index 081cf4334..000000000
--- a/vendor/github.com/aws/aws-sdk-go/internal/ini/visitor.go
+++ /dev/null
@@ -1,169 +0,0 @@
-package ini
-
-import (
-	"fmt"
-	"sort"
-)
-
-// Visitor is an interface used by walkers that will
-// traverse an array of ASTs.
-type Visitor interface {
-	VisitExpr(AST) error
-	VisitStatement(AST) error
-}
-
-// DefaultVisitor is used to visit statements and expressions
-// and ensure that they are both of the correct format.
-// In addition, upon visiting this will build sections and populate
-// the Sections field which can be used to retrieve profile
-// configuration.
-type DefaultVisitor struct {
-	scope    string
-	Sections Sections
-}
-
-// NewDefaultVisitor return a DefaultVisitor
-func NewDefaultVisitor() *DefaultVisitor {
-	return &DefaultVisitor{
-		Sections: Sections{
-			container: map[string]Section{},
-		},
-	}
-}
-
-// VisitExpr visits expressions...
-func (v *DefaultVisitor) VisitExpr(expr AST) error {
-	t := v.Sections.container[v.scope]
-	if t.values == nil {
-		t.values = values{}
-	}
-
-	switch expr.Kind {
-	case ASTKindExprStatement:
-		opExpr := expr.GetRoot()
-		switch opExpr.Kind {
-		case ASTKindEqualExpr:
-			children := opExpr.GetChildren()
-			if len(children) <= 1 {
-				return NewParseError("unexpected token type")
-			}
-
-			rhs := children[1]
-
-			// The right-hand value side the equality expression is allowed to contain '[', ']', ':', '=' in the values.
-			// If the token is not either a literal or one of the token types that identifies those four additional
-			// tokens then error.
-			if !(rhs.Root.Type() == TokenLit || rhs.Root.Type() == TokenOp || rhs.Root.Type() == TokenSep) {
-				return NewParseError("unexpected token type")
-			}
-
-			key := EqualExprKey(opExpr)
-			v, err := newValue(rhs.Root.ValueType, rhs.Root.base, rhs.Root.Raw())
-			if err != nil {
-				return err
-			}
-
-			t.values[key] = v
-		default:
-			return NewParseError(fmt.Sprintf("unsupported expression %v", expr))
-		}
-	default:
-		return NewParseError(fmt.Sprintf("unsupported expression %v", expr))
-	}
-
-	v.Sections.container[v.scope] = t
-	return nil
-}
-
-// VisitStatement visits statements...
-func (v *DefaultVisitor) VisitStatement(stmt AST) error {
-	switch stmt.Kind {
-	case ASTKindCompletedSectionStatement:
-		child := stmt.GetRoot()
-		if child.Kind != ASTKindSectionStatement {
-			return NewParseError(fmt.Sprintf("unsupported child statement: %T", child))
-		}
-
-		name := string(child.Root.Raw())
-		v.Sections.container[name] = Section{}
-		v.scope = name
-	default:
-		return NewParseError(fmt.Sprintf("unsupported statement: %s", stmt.Kind))
-	}
-
-	return nil
-}
-
-// Sections is a map of Section structures that represent
-// a configuration.
-type Sections struct {
-	container map[string]Section
-}
-
-// GetSection will return section p. If section p does not exist,
-// false will be returned in the second parameter.
-func (t Sections) GetSection(p string) (Section, bool) {
-	v, ok := t.container[p]
-	return v, ok
-}
-
-// values represents a map of union values.
-type values map[string]Value
-
-// List will return a list of all sections that were successfully
-// parsed.
-func (t Sections) List() []string {
-	keys := make([]string, len(t.container))
-	i := 0
-	for k := range t.container {
-		keys[i] = k
-		i++
-	}
-
-	sort.Strings(keys)
-	return keys
-}
-
-// Section contains a name and values. This represent
-// a sectioned entry in a configuration file.
-type Section struct {
-	Name   string
-	values values
-}
-
-// Has will return whether or not an entry exists in a given section
-func (t Section) Has(k string) bool {
-	_, ok := t.values[k]
-	return ok
-}
-
-// ValueType will returned what type the union is set to. If
-// k was not found, the NoneType will be returned.
-func (t Section) ValueType(k string) (ValueType, bool) {
-	v, ok := t.values[k]
-	return v.Type, ok
-}
-
-// Bool returns a bool value at k
-func (t Section) Bool(k string) bool {
-	return t.values[k].BoolValue()
-}
-
-// Int returns an integer value at k
-func (t Section) Int(k string) int64 {
-	return t.values[k].IntValue()
-}
-
-// Float64 returns a float value at k
-func (t Section) Float64(k string) float64 {
-	return t.values[k].FloatValue()
-}
-
-// String returns the string value at k
-func (t Section) String(k string) string {
-	_, ok := t.values[k]
-	if !ok {
-		return ""
-	}
-	return t.values[k].StringValue()
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/ini/walker.go b/vendor/github.com/aws/aws-sdk-go/internal/ini/walker.go
deleted file mode 100644
index 99915f7f7..000000000
--- a/vendor/github.com/aws/aws-sdk-go/internal/ini/walker.go
+++ /dev/null
@@ -1,25 +0,0 @@
-package ini
-
-// Walk will traverse the AST using the v, the Visitor.
-func Walk(tree []AST, v Visitor) error {
-	for _, node := range tree {
-		switch node.Kind {
-		case ASTKindExpr,
-			ASTKindExprStatement:
-
-			if err := v.VisitExpr(node); err != nil {
-				return err
-			}
-		case ASTKindStatement,
-			ASTKindCompletedSectionStatement,
-			ASTKindNestedSectionStatement,
-			ASTKindCompletedNestedSectionStatement:
-
-			if err := v.VisitStatement(node); err != nil {
-				return err
-			}
-		}
-	}
-
-	return nil
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/ini/ws_token.go b/vendor/github.com/aws/aws-sdk-go/internal/ini/ws_token.go
deleted file mode 100644
index 7ffb4ae06..000000000
--- a/vendor/github.com/aws/aws-sdk-go/internal/ini/ws_token.go
+++ /dev/null
@@ -1,24 +0,0 @@
-package ini
-
-import (
-	"unicode"
-)
-
-// isWhitespace will return whether or not the character is
-// a whitespace character.
-//
-// Whitespace is defined as a space or tab.
-func isWhitespace(c rune) bool {
-	return unicode.IsSpace(c) && c != '\n' && c != '\r'
-}
-
-func newWSToken(b []rune) (Token, int, error) {
-	i := 0
-	for ; i < len(b); i++ {
-		if !isWhitespace(b[i]) {
-			break
-		}
-	}
-
-	return newToken(TokenWS, b[:i], NoneType), i, nil
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/s3shared/arn/accesspoint_arn.go b/vendor/github.com/aws/aws-sdk-go/internal/s3shared/arn/accesspoint_arn.go
deleted file mode 100644
index bf18031a3..000000000
--- a/vendor/github.com/aws/aws-sdk-go/internal/s3shared/arn/accesspoint_arn.go
+++ /dev/null
@@ -1,50 +0,0 @@
-package arn
-
-import (
-	"strings"
-
-	"github.com/aws/aws-sdk-go/aws/arn"
-)
-
-// AccessPointARN provides representation
-type AccessPointARN struct {
-	arn.ARN
-	AccessPointName string
-}
-
-// GetARN returns the base ARN for the Access Point resource
-func (a AccessPointARN) GetARN() arn.ARN {
-	return a.ARN
-}
-
-// ParseAccessPointResource attempts to parse the ARN's resource as an
-// AccessPoint resource.
-//
-// Supported Access point resource format:
-//	- Access point format: arn:{partition}:s3:{region}:{accountId}:accesspoint/{accesspointName}
-//	- example: arn.aws.s3.us-west-2.012345678901:accesspoint/myaccesspoint
-//
-func ParseAccessPointResource(a arn.ARN, resParts []string) (AccessPointARN, error) {
-	if len(a.Region) == 0 {
-		return AccessPointARN{}, InvalidARNError{ARN: a, Reason: "region not set"}
-	}
-	if len(a.AccountID) == 0 {
-		return AccessPointARN{}, InvalidARNError{ARN: a, Reason: "account-id not set"}
-	}
-	if len(resParts) == 0 {
-		return AccessPointARN{}, InvalidARNError{ARN: a, Reason: "resource-id not set"}
-	}
-	if len(resParts) > 1 {
-		return AccessPointARN{}, InvalidARNError{ARN: a, Reason: "sub resource not supported"}
-	}
-
-	resID := resParts[0]
-	if len(strings.TrimSpace(resID)) == 0 {
-		return AccessPointARN{}, InvalidARNError{ARN: a, Reason: "resource-id not set"}
-	}
-
-	return AccessPointARN{
-		ARN:             a,
-		AccessPointName: resID,
-	}, nil
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/s3shared/arn/arn.go b/vendor/github.com/aws/aws-sdk-go/internal/s3shared/arn/arn.go
deleted file mode 100644
index 216c4baab..000000000
--- a/vendor/github.com/aws/aws-sdk-go/internal/s3shared/arn/arn.go
+++ /dev/null
@@ -1,94 +0,0 @@
-package arn
-
-import (
-	"fmt"
-	"strings"
-
-	"github.com/aws/aws-sdk-go/aws/arn"
-)
-
-var supportedServiceARN = []string{
-	"s3",
-	"s3-outposts",
-	"s3-object-lambda",
-}
-
-func isSupportedServiceARN(service string) bool {
-	for _, name := range supportedServiceARN {
-		if name == service {
-			return true
-		}
-	}
-	return false
-}
-
-// Resource provides the interfaces abstracting ARNs of specific resource
-// types.
-type Resource interface {
-	GetARN() arn.ARN
-	String() string
-}
-
-// ResourceParser provides the function for parsing an ARN's resource
-// component into a typed resource.
-type ResourceParser func(arn.ARN) (Resource, error)
-
-// ParseResource parses an AWS ARN into a typed resource for the S3 API.
-func ParseResource(s string, resParser ResourceParser) (resARN Resource, err error) {
-	a, err := arn.Parse(s)
-	if err != nil {
-		return nil, err
-	}
-
-	if len(a.Partition) == 0 {
-		return nil, InvalidARNError{ARN: a, Reason: "partition not set"}
-	}
-
-	if !isSupportedServiceARN(a.Service) {
-		return nil, InvalidARNError{ARN: a, Reason: "service is not supported"}
-	}
-
-	if strings.HasPrefix(a.Region, "fips-") || strings.HasSuffix(a.Region, "-fips") {
-		return nil, InvalidARNError{ARN: a, Reason: "FIPS region not allowed in ARN"}
-	}
-
-	if len(a.Resource) == 0 {
-		return nil, InvalidARNError{ARN: a, Reason: "resource not set"}
-	}
-
-	return resParser(a)
-}
-
-// SplitResource splits the resource components by the ARN resource delimiters.
-func SplitResource(v string) []string {
-	var parts []string
-	var offset int
-
-	for offset <= len(v) {
-		idx := strings.IndexAny(v[offset:], "/:")
-		if idx < 0 {
-			parts = append(parts, v[offset:])
-			break
-		}
-		parts = append(parts, v[offset:idx+offset])
-		offset += idx + 1
-	}
-
-	return parts
-}
-
-// IsARN returns whether the given string is an ARN
-func IsARN(s string) bool {
-	return arn.IsARN(s)
-}
-
-// InvalidARNError provides the error for an invalid ARN error.
-type InvalidARNError struct {
-	ARN    arn.ARN
-	Reason string
-}
-
-// Error returns a string denoting the occurred InvalidARNError
-func (e InvalidARNError) Error() string {
-	return fmt.Sprintf("invalid Amazon %s ARN, %s, %s", e.ARN.Service, e.Reason, e.ARN.String())
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/s3shared/arn/outpost_arn.go b/vendor/github.com/aws/aws-sdk-go/internal/s3shared/arn/outpost_arn.go
deleted file mode 100644
index 1e10f8de0..000000000
--- a/vendor/github.com/aws/aws-sdk-go/internal/s3shared/arn/outpost_arn.go
+++ /dev/null
@@ -1,126 +0,0 @@
-package arn
-
-import (
-	"strings"
-
-	"github.com/aws/aws-sdk-go/aws/arn"
-)
-
-// OutpostARN interface that should be satisfied by outpost ARNs
-type OutpostARN interface {
-	Resource
-	GetOutpostID() string
-}
-
-// ParseOutpostARNResource will parse a provided ARNs resource using the appropriate ARN format
-// and return a specific OutpostARN type
-//
-// Currently supported outpost ARN formats:
-// * Outpost AccessPoint ARN format:
-//		- ARN format: arn:{partition}:s3-outposts:{region}:{accountId}:outpost/{outpostId}/accesspoint/{accesspointName}
-//		- example: arn:aws:s3-outposts:us-west-2:012345678901:outpost/op-1234567890123456/accesspoint/myaccesspoint
-//
-// * Outpost Bucket ARN format:
-// 		- ARN format: arn:{partition}:s3-outposts:{region}:{accountId}:outpost/{outpostId}/bucket/{bucketName}
-//		- example: arn:aws:s3-outposts:us-west-2:012345678901:outpost/op-1234567890123456/bucket/mybucket
-//
-// Other outpost ARN formats may be supported and added in the future.
-//
-func ParseOutpostARNResource(a arn.ARN, resParts []string) (OutpostARN, error) {
-	if len(a.Region) == 0 {
-		return nil, InvalidARNError{ARN: a, Reason: "region not set"}
-	}
-
-	if len(a.AccountID) == 0 {
-		return nil, InvalidARNError{ARN: a, Reason: "account-id not set"}
-	}
-
-	// verify if outpost id is present and valid
-	if len(resParts) == 0 || len(strings.TrimSpace(resParts[0])) == 0 {
-		return nil, InvalidARNError{ARN: a, Reason: "outpost resource-id not set"}
-	}
-
-	// verify possible resource type exists
-	if len(resParts) < 3 {
-		return nil, InvalidARNError{
-			ARN: a, Reason: "incomplete outpost resource type. Expected bucket or access-point resource to be present",
-		}
-	}
-
-	// Since we know this is a OutpostARN fetch outpostID
-	outpostID := strings.TrimSpace(resParts[0])
-
-	switch resParts[1] {
-	case "accesspoint":
-		accesspointARN, err := ParseAccessPointResource(a, resParts[2:])
-		if err != nil {
-			return OutpostAccessPointARN{}, err
-		}
-		return OutpostAccessPointARN{
-			AccessPointARN: accesspointARN,
-			OutpostID:      outpostID,
-		}, nil
-
-	case "bucket":
-		bucketName, err := parseBucketResource(a, resParts[2:])
-		if err != nil {
-			return nil, err
-		}
-		return OutpostBucketARN{
-			ARN:        a,
-			BucketName: bucketName,
-			OutpostID:  outpostID,
-		}, nil
-
-	default:
-		return nil, InvalidARNError{ARN: a, Reason: "unknown resource set for outpost ARN"}
-	}
-}
-
-// OutpostAccessPointARN represents outpost access point ARN.
-type OutpostAccessPointARN struct {
-	AccessPointARN
-	OutpostID string
-}
-
-// GetOutpostID returns the outpost id of outpost access point arn
-func (o OutpostAccessPointARN) GetOutpostID() string {
-	return o.OutpostID
-}
-
-// OutpostBucketARN represents the outpost bucket ARN.
-type OutpostBucketARN struct {
-	arn.ARN
-	BucketName string
-	OutpostID  string
-}
-
-// GetOutpostID returns the outpost id of outpost bucket arn
-func (o OutpostBucketARN) GetOutpostID() string {
-	return o.OutpostID
-}
-
-// GetARN retrives the base ARN from outpost bucket ARN resource
-func (o OutpostBucketARN) GetARN() arn.ARN {
-	return o.ARN
-}
-
-// parseBucketResource attempts to parse the ARN's bucket resource and retrieve the
-// bucket resource id.
-//
-// parseBucketResource only parses the bucket resource id.
-//
-func parseBucketResource(a arn.ARN, resParts []string) (bucketName string, err error) {
-	if len(resParts) == 0 {
-		return bucketName, InvalidARNError{ARN: a, Reason: "bucket resource-id not set"}
-	}
-	if len(resParts) > 1 {
-		return bucketName, InvalidARNError{ARN: a, Reason: "sub resource not supported"}
-	}
-
-	bucketName = strings.TrimSpace(resParts[0])
-	if len(bucketName) == 0 {
-		return bucketName, InvalidARNError{ARN: a, Reason: "bucket resource-id not set"}
-	}
-	return bucketName, err
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/s3shared/arn/s3_object_lambda_arn.go b/vendor/github.com/aws/aws-sdk-go/internal/s3shared/arn/s3_object_lambda_arn.go
deleted file mode 100644
index 513154cc0..000000000
--- a/vendor/github.com/aws/aws-sdk-go/internal/s3shared/arn/s3_object_lambda_arn.go
+++ /dev/null
@@ -1,15 +0,0 @@
-package arn
-
-// S3ObjectLambdaARN represents an ARN for the s3-object-lambda service
-type S3ObjectLambdaARN interface {
-	Resource
-
-	isS3ObjectLambdasARN()
-}
-
-// S3ObjectLambdaAccessPointARN is an S3ObjectLambdaARN for the Access Point resource type
-type S3ObjectLambdaAccessPointARN struct {
-	AccessPointARN
-}
-
-func (s S3ObjectLambdaAccessPointARN) isS3ObjectLambdasARN() {}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/s3shared/endpoint_errors.go b/vendor/github.com/aws/aws-sdk-go/internal/s3shared/endpoint_errors.go
deleted file mode 100644
index 4290ff676..000000000
--- a/vendor/github.com/aws/aws-sdk-go/internal/s3shared/endpoint_errors.go
+++ /dev/null
@@ -1,202 +0,0 @@
-package s3shared
-
-import (
-	"fmt"
-
-	"github.com/aws/aws-sdk-go/aws/awserr"
-	"github.com/aws/aws-sdk-go/internal/s3shared/arn"
-)
-
-const (
-	invalidARNErrorErrCode    = "InvalidARNError"
-	configurationErrorErrCode = "ConfigurationError"
-)
-
-// InvalidARNError denotes the error for Invalid ARN
-type InvalidARNError struct {
-	message  string
-	resource arn.Resource
-	origErr  error
-}
-
-// Error returns the InvalidARNError
-func (e InvalidARNError) Error() string {
-	var extra string
-	if e.resource != nil {
-		extra = "ARN: " + e.resource.String()
-	}
-	return awserr.SprintError(e.Code(), e.Message(), extra, e.origErr)
-}
-
-// Code returns the invalid ARN error code
-func (e InvalidARNError) Code() string {
-	return invalidARNErrorErrCode
-}
-
-// Message returns the message for Invalid ARN error
-func (e InvalidARNError) Message() string {
-	return e.message
-}
-
-// OrigErr is the original error wrapped by Invalid ARN Error
-func (e InvalidARNError) OrigErr() error {
-	return e.origErr
-}
-
-// NewInvalidARNError denotes invalid arn error
-func NewInvalidARNError(resource arn.Resource, err error) InvalidARNError {
-	return InvalidARNError{
-		message:  "invalid ARN",
-		origErr:  err,
-		resource: resource,
-	}
-}
-
-// NewInvalidARNWithCustomEndpointError ARN not supported for custom clients endpoints
-func NewInvalidARNWithCustomEndpointError(resource arn.Resource, err error) InvalidARNError {
-	return InvalidARNError{
-		message:  "resource ARN not supported with custom client endpoints",
-		origErr:  err,
-		resource: resource,
-	}
-}
-
-// NewInvalidARNWithUnsupportedPartitionError ARN not supported for the target partition
-func NewInvalidARNWithUnsupportedPartitionError(resource arn.Resource, err error) InvalidARNError {
-	return InvalidARNError{
-		message:  "resource ARN not supported for the target ARN partition",
-		origErr:  err,
-		resource: resource,
-	}
-}
-
-// NewInvalidARNWithFIPSError ARN not supported for FIPS region
-//
-// Deprecated: FIPS will not appear in the ARN region component.
-func NewInvalidARNWithFIPSError(resource arn.Resource, err error) InvalidARNError {
-	return InvalidARNError{
-		message:  "resource ARN not supported for FIPS region",
-		resource: resource,
-		origErr:  err,
-	}
-}
-
-// ConfigurationError is used to denote a client configuration error
-type ConfigurationError struct {
-	message           string
-	resource          arn.Resource
-	clientPartitionID string
-	clientRegion      string
-	origErr           error
-}
-
-// Error returns the Configuration error string
-func (e ConfigurationError) Error() string {
-	extra := fmt.Sprintf("ARN: %s, client partition: %s, client region: %s",
-		e.resource, e.clientPartitionID, e.clientRegion)
-
-	return awserr.SprintError(e.Code(), e.Message(), extra, e.origErr)
-}
-
-// Code returns configuration error's error-code
-func (e ConfigurationError) Code() string {
-	return configurationErrorErrCode
-}
-
-// Message returns the configuration error message
-func (e ConfigurationError) Message() string {
-	return e.message
-}
-
-// OrigErr is the original error wrapped by Configuration Error
-func (e ConfigurationError) OrigErr() error {
-	return e.origErr
-}
-
-// NewClientPartitionMismatchError  stub
-func NewClientPartitionMismatchError(resource arn.Resource, clientPartitionID, clientRegion string, err error) ConfigurationError {
-	return ConfigurationError{
-		message:           "client partition does not match provided ARN partition",
-		origErr:           err,
-		resource:          resource,
-		clientPartitionID: clientPartitionID,
-		clientRegion:      clientRegion,
-	}
-}
-
-// NewClientRegionMismatchError denotes cross region access error
-func NewClientRegionMismatchError(resource arn.Resource, clientPartitionID, clientRegion string, err error) ConfigurationError {
-	return ConfigurationError{
-		message:           "client region does not match provided ARN region",
-		origErr:           err,
-		resource:          resource,
-		clientPartitionID: clientPartitionID,
-		clientRegion:      clientRegion,
-	}
-}
-
-// NewFailedToResolveEndpointError denotes endpoint resolving error
-func NewFailedToResolveEndpointError(resource arn.Resource, clientPartitionID, clientRegion string, err error) ConfigurationError {
-	return ConfigurationError{
-		message:           "endpoint resolver failed to find an endpoint for the provided ARN region",
-		origErr:           err,
-		resource:          resource,
-		clientPartitionID: clientPartitionID,
-		clientRegion:      clientRegion,
-	}
-}
-
-// NewClientConfiguredForFIPSError denotes client config error for unsupported cross region FIPS access
-func NewClientConfiguredForFIPSError(resource arn.Resource, clientPartitionID, clientRegion string, err error) ConfigurationError {
-	return ConfigurationError{
-		message:           "client configured for fips but cross-region resource ARN provided",
-		origErr:           err,
-		resource:          resource,
-		clientPartitionID: clientPartitionID,
-		clientRegion:      clientRegion,
-	}
-}
-
-// NewFIPSConfigurationError denotes a configuration error when a client or request is configured for FIPS
-func NewFIPSConfigurationError(resource arn.Resource, clientPartitionID, clientRegion string, err error) ConfigurationError {
-	return ConfigurationError{
-		message:           "use of ARN is not supported when client or request is configured for FIPS",
-		origErr:           err,
-		resource:          resource,
-		clientPartitionID: clientPartitionID,
-		clientRegion:      clientRegion,
-	}
-}
-
-// NewClientConfiguredForAccelerateError denotes client config error for unsupported S3 accelerate
-func NewClientConfiguredForAccelerateError(resource arn.Resource, clientPartitionID, clientRegion string, err error) ConfigurationError {
-	return ConfigurationError{
-		message:           "client configured for S3 Accelerate but is not supported with resource ARN",
-		origErr:           err,
-		resource:          resource,
-		clientPartitionID: clientPartitionID,
-		clientRegion:      clientRegion,
-	}
-}
-
-// NewClientConfiguredForCrossRegionFIPSError denotes client config error for unsupported cross region FIPS request
-func NewClientConfiguredForCrossRegionFIPSError(resource arn.Resource, clientPartitionID, clientRegion string, err error) ConfigurationError {
-	return ConfigurationError{
-		message:           "client configured for FIPS with cross-region enabled but is supported with cross-region resource ARN",
-		origErr:           err,
-		resource:          resource,
-		clientPartitionID: clientPartitionID,
-		clientRegion:      clientRegion,
-	}
-}
-
-// NewClientConfiguredForDualStackError denotes client config error for unsupported S3 Dual-stack
-func NewClientConfiguredForDualStackError(resource arn.Resource, clientPartitionID, clientRegion string, err error) ConfigurationError {
-	return ConfigurationError{
-		message:           "client configured for S3 Dual-stack but is not supported with resource ARN",
-		origErr:           err,
-		resource:          resource,
-		clientPartitionID: clientPartitionID,
-		clientRegion:      clientRegion,
-	}
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/s3shared/resource_request.go b/vendor/github.com/aws/aws-sdk-go/internal/s3shared/resource_request.go
deleted file mode 100644
index ef43d6c58..000000000
--- a/vendor/github.com/aws/aws-sdk-go/internal/s3shared/resource_request.go
+++ /dev/null
@@ -1,45 +0,0 @@
-package s3shared
-
-import (
-	"github.com/aws/aws-sdk-go/aws"
-	awsarn "github.com/aws/aws-sdk-go/aws/arn"
-	"github.com/aws/aws-sdk-go/aws/request"
-	"github.com/aws/aws-sdk-go/internal/s3shared/arn"
-)
-
-// ResourceRequest represents the request and arn resource
-type ResourceRequest struct {
-	Resource arn.Resource
-	Request  *request.Request
-}
-
-// ARN returns the resource ARN
-func (r ResourceRequest) ARN() awsarn.ARN {
-	return r.Resource.GetARN()
-}
-
-// AllowCrossRegion returns a bool value to denote if S3UseARNRegion flag is set
-func (r ResourceRequest) AllowCrossRegion() bool {
-	return aws.BoolValue(r.Request.Config.S3UseARNRegion)
-}
-
-// IsCrossPartition returns true if client is configured for another partition, than
-// the partition that resource ARN region resolves to.
-func (r ResourceRequest) IsCrossPartition() bool {
-	return r.Request.ClientInfo.PartitionID != r.Resource.GetARN().Partition
-}
-
-// IsCrossRegion returns true if ARN region is different than client configured region
-func (r ResourceRequest) IsCrossRegion() bool {
-	return IsCrossRegion(r.Request, r.Resource.GetARN().Region)
-}
-
-// HasCustomEndpoint returns true if custom client endpoint is provided
-func (r ResourceRequest) HasCustomEndpoint() bool {
-	return len(aws.StringValue(r.Request.Config.Endpoint)) > 0
-}
-
-// IsCrossRegion returns true if request signing region is not same as configured region
-func IsCrossRegion(req *request.Request, otherRegion string) bool {
-	return req.ClientInfo.SigningRegion != otherRegion
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/s3shared/s3err/error.go b/vendor/github.com/aws/aws-sdk-go/internal/s3shared/s3err/error.go
deleted file mode 100644
index 0b9b0dfce..000000000
--- a/vendor/github.com/aws/aws-sdk-go/internal/s3shared/s3err/error.go
+++ /dev/null
@@ -1,57 +0,0 @@
-package s3err
-
-import (
-	"fmt"
-
-	"github.com/aws/aws-sdk-go/aws/awserr"
-	"github.com/aws/aws-sdk-go/aws/request"
-)
-
-// RequestFailure provides additional S3 specific metadata for the request
-// failure.
-type RequestFailure struct {
-	awserr.RequestFailure
-
-	hostID string
-}
-
-// NewRequestFailure returns a request failure error decordated with S3
-// specific metadata.
-func NewRequestFailure(err awserr.RequestFailure, hostID string) *RequestFailure {
-	return &RequestFailure{RequestFailure: err, hostID: hostID}
-}
-
-func (r RequestFailure) Error() string {
-	extra := fmt.Sprintf("status code: %d, request id: %s, host id: %s",
-		r.StatusCode(), r.RequestID(), r.hostID)
-	return awserr.SprintError(r.Code(), r.Message(), extra, r.OrigErr())
-}
-func (r RequestFailure) String() string {
-	return r.Error()
-}
-
-// HostID returns the HostID request response value.
-func (r RequestFailure) HostID() string {
-	return r.hostID
-}
-
-// RequestFailureWrapperHandler returns a handler to rap an
-// awserr.RequestFailure with the  S3 request ID 2 from the response.
-func RequestFailureWrapperHandler() request.NamedHandler {
-	return request.NamedHandler{
-		Name: "awssdk.s3.errorHandler",
-		Fn: func(req *request.Request) {
-			reqErr, ok := req.Error.(awserr.RequestFailure)
-			if !ok || reqErr == nil {
-				return
-			}
-
-			hostID := req.HTTPResponse.Header.Get("X-Amz-Id-2")
-			if req.Error == nil {
-				return
-			}
-
-			req.Error = NewRequestFailure(reqErr, hostID)
-		},
-	}
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/sdkio/byte.go b/vendor/github.com/aws/aws-sdk-go/internal/sdkio/byte.go
deleted file mode 100644
index 6c443988b..000000000
--- a/vendor/github.com/aws/aws-sdk-go/internal/sdkio/byte.go
+++ /dev/null
@@ -1,12 +0,0 @@
-package sdkio
-
-const (
-	// Byte is 8 bits
-	Byte int64 = 1
-	// KibiByte (KiB) is 1024 Bytes
-	KibiByte = Byte * 1024
-	// MebiByte (MiB) is 1024 KiB
-	MebiByte = KibiByte * 1024
-	// GibiByte (GiB) is 1024 MiB
-	GibiByte = MebiByte * 1024
-)
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/sdkio/io_go1.6.go b/vendor/github.com/aws/aws-sdk-go/internal/sdkio/io_go1.6.go
deleted file mode 100644
index 037a998c4..000000000
--- a/vendor/github.com/aws/aws-sdk-go/internal/sdkio/io_go1.6.go
+++ /dev/null
@@ -1,11 +0,0 @@
-//go:build !go1.7
-// +build !go1.7
-
-package sdkio
-
-// Copy of Go 1.7 io package's Seeker constants.
-const (
-	SeekStart   = 0 // seek relative to the origin of the file
-	SeekCurrent = 1 // seek relative to the current offset
-	SeekEnd     = 2 // seek relative to the end
-)
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/sdkio/io_go1.7.go b/vendor/github.com/aws/aws-sdk-go/internal/sdkio/io_go1.7.go
deleted file mode 100644
index 65e7c60c4..000000000
--- a/vendor/github.com/aws/aws-sdk-go/internal/sdkio/io_go1.7.go
+++ /dev/null
@@ -1,13 +0,0 @@
-//go:build go1.7
-// +build go1.7
-
-package sdkio
-
-import "io"
-
-// Alias for Go 1.7 io package Seeker constants
-const (
-	SeekStart   = io.SeekStart   // seek relative to the origin of the file
-	SeekCurrent = io.SeekCurrent // seek relative to the current offset
-	SeekEnd     = io.SeekEnd     // seek relative to the end
-)
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/sdkmath/floor.go b/vendor/github.com/aws/aws-sdk-go/internal/sdkmath/floor.go
deleted file mode 100644
index a84528783..000000000
--- a/vendor/github.com/aws/aws-sdk-go/internal/sdkmath/floor.go
+++ /dev/null
@@ -1,16 +0,0 @@
-//go:build go1.10
-// +build go1.10
-
-package sdkmath
-
-import "math"
-
-// Round returns the nearest integer, rounding half away from zero.
-//
-// Special cases are:
-//	Round(±0) = ±0
-//	Round(±Inf) = ±Inf
-//	Round(NaN) = NaN
-func Round(x float64) float64 {
-	return math.Round(x)
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/sdkmath/floor_go1.9.go b/vendor/github.com/aws/aws-sdk-go/internal/sdkmath/floor_go1.9.go
deleted file mode 100644
index a3ae3e5db..000000000
--- a/vendor/github.com/aws/aws-sdk-go/internal/sdkmath/floor_go1.9.go
+++ /dev/null
@@ -1,57 +0,0 @@
-//go:build !go1.10
-// +build !go1.10
-
-package sdkmath
-
-import "math"
-
-// Copied from the Go standard library's (Go 1.12) math/floor.go for use in
-// Go version prior to Go 1.10.
-const (
-	uvone    = 0x3FF0000000000000
-	mask     = 0x7FF
-	shift    = 64 - 11 - 1
-	bias     = 1023
-	signMask = 1 << 63
-	fracMask = 1<<shift - 1
-)
-
-// Round returns the nearest integer, rounding half away from zero.
-//
-// Special cases are:
-//	Round(±0) = ±0
-//	Round(±Inf) = ±Inf
-//	Round(NaN) = NaN
-//
-// Copied from the Go standard library's (Go 1.12) math/floor.go for use in
-// Go version prior to Go 1.10.
-func Round(x float64) float64 {
-	// Round is a faster implementation of:
-	//
-	// func Round(x float64) float64 {
-	//   t := Trunc(x)
-	//   if Abs(x-t) >= 0.5 {
-	//     return t + Copysign(1, x)
-	//   }
-	//   return t
-	// }
-	bits := math.Float64bits(x)
-	e := uint(bits>>shift) & mask
-	if e < bias {
-		// Round abs(x) < 1 including denormals.
-		bits &= signMask // +-0
-		if e == bias-1 {
-			bits |= uvone // +-1
-		}
-	} else if e < bias+shift {
-		// Round any abs(x) >= 1 containing a fractional component [0,1).
-		//
-		// Numbers with larger exponents are returned unchanged since they
-		// must be either an integer, infinity, or NaN.
-		const half = 1 << (shift - 1)
-		e -= bias
-		bits += half >> e
-		bits &^= fracMask >> e
-	}
-	return math.Float64frombits(bits)
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/sdkrand/locked_source.go b/vendor/github.com/aws/aws-sdk-go/internal/sdkrand/locked_source.go
deleted file mode 100644
index 0c9802d87..000000000
--- a/vendor/github.com/aws/aws-sdk-go/internal/sdkrand/locked_source.go
+++ /dev/null
@@ -1,29 +0,0 @@
-package sdkrand
-
-import (
-	"math/rand"
-	"sync"
-	"time"
-)
-
-// lockedSource is a thread-safe implementation of rand.Source
-type lockedSource struct {
-	lk  sync.Mutex
-	src rand.Source
-}
-
-func (r *lockedSource) Int63() (n int64) {
-	r.lk.Lock()
-	n = r.src.Int63()
-	r.lk.Unlock()
-	return
-}
-
-func (r *lockedSource) Seed(seed int64) {
-	r.lk.Lock()
-	r.src.Seed(seed)
-	r.lk.Unlock()
-}
-
-// SeededRand is a new RNG using a thread safe implementation of rand.Source
-var SeededRand = rand.New(&lockedSource{src: rand.NewSource(time.Now().UnixNano())})
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/sdkrand/read.go b/vendor/github.com/aws/aws-sdk-go/internal/sdkrand/read.go
deleted file mode 100644
index 4bae66cee..000000000
--- a/vendor/github.com/aws/aws-sdk-go/internal/sdkrand/read.go
+++ /dev/null
@@ -1,12 +0,0 @@
-//go:build go1.6
-// +build go1.6
-
-package sdkrand
-
-import "math/rand"
-
-// Read provides the stub for math.Rand.Read method support for go version's
-// 1.6 and greater.
-func Read(r *rand.Rand, p []byte) (int, error) {
-	return r.Read(p)
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/sdkrand/read_1_5.go b/vendor/github.com/aws/aws-sdk-go/internal/sdkrand/read_1_5.go
deleted file mode 100644
index 3a6ab8825..000000000
--- a/vendor/github.com/aws/aws-sdk-go/internal/sdkrand/read_1_5.go
+++ /dev/null
@@ -1,25 +0,0 @@
-//go:build !go1.6
-// +build !go1.6
-
-package sdkrand
-
-import "math/rand"
-
-// Read backfills Go 1.6's math.Rand.Reader for Go 1.5
-func Read(r *rand.Rand, p []byte) (n int, err error) {
-	// Copy of Go standard libraries math package's read function not added to
-	// standard library until Go 1.6.
-	var pos int8
-	var val int64
-	for n = 0; n < len(p); n++ {
-		if pos == 0 {
-			val = r.Int63()
-			pos = 7
-		}
-		p[n] = byte(val)
-		val >>= 8
-		pos--
-	}
-
-	return n, err
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/sdkuri/path.go b/vendor/github.com/aws/aws-sdk-go/internal/sdkuri/path.go
deleted file mode 100644
index 38ea61afe..000000000
--- a/vendor/github.com/aws/aws-sdk-go/internal/sdkuri/path.go
+++ /dev/null
@@ -1,23 +0,0 @@
-package sdkuri
-
-import (
-	"path"
-	"strings"
-)
-
-// PathJoin will join the elements of the path delimited by the "/"
-// character. Similar to path.Join with the exception the trailing "/"
-// character is preserved if present.
-func PathJoin(elems ...string) string {
-	if len(elems) == 0 {
-		return ""
-	}
-
-	hasTrailing := strings.HasSuffix(elems[len(elems)-1], "/")
-	str := path.Join(elems...)
-	if hasTrailing && str != "/" {
-		str += "/"
-	}
-
-	return str
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/shareddefaults/ecs_container.go b/vendor/github.com/aws/aws-sdk-go/internal/shareddefaults/ecs_container.go
deleted file mode 100644
index 7da8a49ce..000000000
--- a/vendor/github.com/aws/aws-sdk-go/internal/shareddefaults/ecs_container.go
+++ /dev/null
@@ -1,12 +0,0 @@
-package shareddefaults
-
-const (
-	// ECSCredsProviderEnvVar is an environmental variable key used to
-	// determine which path needs to be hit.
-	ECSCredsProviderEnvVar = "AWS_CONTAINER_CREDENTIALS_RELATIVE_URI"
-)
-
-// ECSContainerCredentialsURI is the endpoint to retrieve container
-// credentials. This can be overridden to test to ensure the credential process
-// is behaving correctly.
-var ECSContainerCredentialsURI = "http://169.254.170.2"
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/shareddefaults/shared_config.go b/vendor/github.com/aws/aws-sdk-go/internal/shareddefaults/shared_config.go
deleted file mode 100644
index 34fea49ca..000000000
--- a/vendor/github.com/aws/aws-sdk-go/internal/shareddefaults/shared_config.go
+++ /dev/null
@@ -1,46 +0,0 @@
-package shareddefaults
-
-import (
-	"os/user"
-	"path/filepath"
-)
-
-// SharedCredentialsFilename returns the SDK's default file path
-// for the shared credentials file.
-//
-// Builds the shared config file path based on the OS's platform.
-//
-//   - Linux/Unix: $HOME/.aws/credentials
-//   - Windows: %USERPROFILE%\.aws\credentials
-func SharedCredentialsFilename() string {
-	return filepath.Join(UserHomeDir(), ".aws", "credentials")
-}
-
-// SharedConfigFilename returns the SDK's default file path for
-// the shared config file.
-//
-// Builds the shared config file path based on the OS's platform.
-//
-//   - Linux/Unix: $HOME/.aws/config
-//   - Windows: %USERPROFILE%\.aws\config
-func SharedConfigFilename() string {
-	return filepath.Join(UserHomeDir(), ".aws", "config")
-}
-
-// UserHomeDir returns the home directory for the user the process is
-// running under.
-func UserHomeDir() string {
-	var home string
-
-	home = userHomeDir()
-	if len(home) > 0 {
-		return home
-	}
-
-	currUser, _ := user.Current()
-	if currUser != nil {
-		home = currUser.HomeDir
-	}
-
-	return home
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/shareddefaults/shared_config_resolve_home.go b/vendor/github.com/aws/aws-sdk-go/internal/shareddefaults/shared_config_resolve_home.go
deleted file mode 100644
index eb298ae0f..000000000
--- a/vendor/github.com/aws/aws-sdk-go/internal/shareddefaults/shared_config_resolve_home.go
+++ /dev/null
@@ -1,18 +0,0 @@
-//go:build !go1.12
-// +build !go1.12
-
-package shareddefaults
-
-import (
-	"os"
-	"runtime"
-)
-
-func userHomeDir() string {
-	if runtime.GOOS == "windows" { // Windows
-		return os.Getenv("USERPROFILE")
-	}
-
-	// *nix
-	return os.Getenv("HOME")
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/shareddefaults/shared_config_resolve_home_go1.12.go b/vendor/github.com/aws/aws-sdk-go/internal/shareddefaults/shared_config_resolve_home_go1.12.go
deleted file mode 100644
index 51541b508..000000000
--- a/vendor/github.com/aws/aws-sdk-go/internal/shareddefaults/shared_config_resolve_home_go1.12.go
+++ /dev/null
@@ -1,13 +0,0 @@
-//go:build go1.12
-// +build go1.12
-
-package shareddefaults
-
-import (
-	"os"
-)
-
-func userHomeDir() string {
-	home, _ := os.UserHomeDir()
-	return home
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/strings/strings.go b/vendor/github.com/aws/aws-sdk-go/internal/strings/strings.go
deleted file mode 100644
index d008ae27c..000000000
--- a/vendor/github.com/aws/aws-sdk-go/internal/strings/strings.go
+++ /dev/null
@@ -1,11 +0,0 @@
-package strings
-
-import (
-	"strings"
-)
-
-// HasPrefixFold tests whether the string s begins with prefix, interpreted as UTF-8 strings,
-// under Unicode case-folding.
-func HasPrefixFold(s, prefix string) bool {
-	return len(s) >= len(prefix) && strings.EqualFold(s[0:len(prefix)], prefix)
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/sync/singleflight/LICENSE b/vendor/github.com/aws/aws-sdk-go/internal/sync/singleflight/LICENSE
deleted file mode 100644
index 6a66aea5e..000000000
--- a/vendor/github.com/aws/aws-sdk-go/internal/sync/singleflight/LICENSE
+++ /dev/null
@@ -1,27 +0,0 @@
-Copyright (c) 2009 The Go Authors. All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions are
-met:
-
-   * Redistributions of source code must retain the above copyright
-notice, this list of conditions and the following disclaimer.
-   * Redistributions in binary form must reproduce the above
-copyright notice, this list of conditions and the following disclaimer
-in the documentation and/or other materials provided with the
-distribution.
-   * Neither the name of Google Inc. nor the names of its
-contributors may be used to endorse or promote products derived from
-this software without specific prior written permission.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/sync/singleflight/singleflight.go b/vendor/github.com/aws/aws-sdk-go/internal/sync/singleflight/singleflight.go
deleted file mode 100644
index 14ad0c589..000000000
--- a/vendor/github.com/aws/aws-sdk-go/internal/sync/singleflight/singleflight.go
+++ /dev/null
@@ -1,120 +0,0 @@
-// Copyright 2013 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// Package singleflight provides a duplicate function call suppression
-// mechanism.
-package singleflight
-
-import "sync"
-
-// call is an in-flight or completed singleflight.Do call
-type call struct {
-	wg sync.WaitGroup
-
-	// These fields are written once before the WaitGroup is done
-	// and are only read after the WaitGroup is done.
-	val interface{}
-	err error
-
-	// forgotten indicates whether Forget was called with this call's key
-	// while the call was still in flight.
-	forgotten bool
-
-	// These fields are read and written with the singleflight
-	// mutex held before the WaitGroup is done, and are read but
-	// not written after the WaitGroup is done.
-	dups  int
-	chans []chan<- Result
-}
-
-// Group represents a class of work and forms a namespace in
-// which units of work can be executed with duplicate suppression.
-type Group struct {
-	mu sync.Mutex       // protects m
-	m  map[string]*call // lazily initialized
-}
-
-// Result holds the results of Do, so they can be passed
-// on a channel.
-type Result struct {
-	Val    interface{}
-	Err    error
-	Shared bool
-}
-
-// Do executes and returns the results of the given function, making
-// sure that only one execution is in-flight for a given key at a
-// time. If a duplicate comes in, the duplicate caller waits for the
-// original to complete and receives the same results.
-// The return value shared indicates whether v was given to multiple callers.
-func (g *Group) Do(key string, fn func() (interface{}, error)) (v interface{}, err error, shared bool) {
-	g.mu.Lock()
-	if g.m == nil {
-		g.m = make(map[string]*call)
-	}
-	if c, ok := g.m[key]; ok {
-		c.dups++
-		g.mu.Unlock()
-		c.wg.Wait()
-		return c.val, c.err, true
-	}
-	c := new(call)
-	c.wg.Add(1)
-	g.m[key] = c
-	g.mu.Unlock()
-
-	g.doCall(c, key, fn)
-	return c.val, c.err, c.dups > 0
-}
-
-// DoChan is like Do but returns a channel that will receive the
-// results when they are ready.
-func (g *Group) DoChan(key string, fn func() (interface{}, error)) <-chan Result {
-	ch := make(chan Result, 1)
-	g.mu.Lock()
-	if g.m == nil {
-		g.m = make(map[string]*call)
-	}
-	if c, ok := g.m[key]; ok {
-		c.dups++
-		c.chans = append(c.chans, ch)
-		g.mu.Unlock()
-		return ch
-	}
-	c := &call{chans: []chan<- Result{ch}}
-	c.wg.Add(1)
-	g.m[key] = c
-	g.mu.Unlock()
-
-	go g.doCall(c, key, fn)
-
-	return ch
-}
-
-// doCall handles the single call for a key.
-func (g *Group) doCall(c *call, key string, fn func() (interface{}, error)) {
-	c.val, c.err = fn()
-	c.wg.Done()
-
-	g.mu.Lock()
-	if !c.forgotten {
-		delete(g.m, key)
-	}
-	for _, ch := range c.chans {
-		ch <- Result{c.val, c.err, c.dups > 0}
-	}
-	g.mu.Unlock()
-}
-
-// Forget tells the singleflight to forget about a key.  Future calls
-// to Do for this key will call the function rather than waiting for
-// an earlier call to complete.
-func (g *Group) Forget(key string) {
-	g.mu.Lock()
-	if c, ok := g.m[key]; ok {
-		c.forgotten = true
-	}
-	delete(g.m, key)
-	g.mu.Unlock()
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/checksum/content_md5.go b/vendor/github.com/aws/aws-sdk-go/private/checksum/content_md5.go
deleted file mode 100644
index e045f38d8..000000000
--- a/vendor/github.com/aws/aws-sdk-go/private/checksum/content_md5.go
+++ /dev/null
@@ -1,53 +0,0 @@
-package checksum
-
-import (
-	"crypto/md5"
-	"encoding/base64"
-	"fmt"
-
-	"github.com/aws/aws-sdk-go/aws"
-	"github.com/aws/aws-sdk-go/aws/awserr"
-	"github.com/aws/aws-sdk-go/aws/request"
-)
-
-const contentMD5Header = "Content-Md5"
-
-// AddBodyContentMD5Handler computes and sets the HTTP Content-MD5 header for requests that
-// require it.
-func AddBodyContentMD5Handler(r *request.Request) {
-	// if Content-MD5 header is already present, return
-	if v := r.HTTPRequest.Header.Get(contentMD5Header); len(v) != 0 {
-		return
-	}
-
-	// if S3DisableContentMD5Validation flag is set, return
-	if aws.BoolValue(r.Config.S3DisableContentMD5Validation) {
-		return
-	}
-
-	// if request is presigned, return
-	if r.IsPresigned() {
-		return
-	}
-
-	// if body is not seekable, return
-	if !aws.IsReaderSeekable(r.Body) {
-		if r.Config.Logger != nil {
-			r.Config.Logger.Log(fmt.Sprintf(
-				"Unable to compute Content-MD5 for unseekable body, S3.%s",
-				r.Operation.Name))
-		}
-		return
-	}
-
-	h := md5.New()
-
-	if _, err := aws.CopySeekableBody(h, r.Body); err != nil {
-		r.Error = awserr.New("ContentMD5", "failed to compute body MD5", err)
-		return
-	}
-
-	// encode the md5 checksum in base64 and set the request header.
-	v := base64.StdEncoding.EncodeToString(h.Sum(nil))
-	r.HTTPRequest.Header.Set(contentMD5Header, v)
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/debug.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/debug.go
deleted file mode 100644
index 151054971..000000000
--- a/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/debug.go
+++ /dev/null
@@ -1,144 +0,0 @@
-package eventstream
-
-import (
-	"bytes"
-	"encoding/base64"
-	"encoding/json"
-	"fmt"
-	"strconv"
-)
-
-type decodedMessage struct {
-	rawMessage
-	Headers decodedHeaders `json:"headers"`
-}
-type jsonMessage struct {
-	Length     json.Number    `json:"total_length"`
-	HeadersLen json.Number    `json:"headers_length"`
-	PreludeCRC json.Number    `json:"prelude_crc"`
-	Headers    decodedHeaders `json:"headers"`
-	Payload    []byte         `json:"payload"`
-	CRC        json.Number    `json:"message_crc"`
-}
-
-func (d *decodedMessage) UnmarshalJSON(b []byte) (err error) {
-	var jsonMsg jsonMessage
-	if err = json.Unmarshal(b, &jsonMsg); err != nil {
-		return err
-	}
-
-	d.Length, err = numAsUint32(jsonMsg.Length)
-	if err != nil {
-		return err
-	}
-	d.HeadersLen, err = numAsUint32(jsonMsg.HeadersLen)
-	if err != nil {
-		return err
-	}
-	d.PreludeCRC, err = numAsUint32(jsonMsg.PreludeCRC)
-	if err != nil {
-		return err
-	}
-	d.Headers = jsonMsg.Headers
-	d.Payload = jsonMsg.Payload
-	d.CRC, err = numAsUint32(jsonMsg.CRC)
-	if err != nil {
-		return err
-	}
-
-	return nil
-}
-
-func (d *decodedMessage) MarshalJSON() ([]byte, error) {
-	jsonMsg := jsonMessage{
-		Length:     json.Number(strconv.Itoa(int(d.Length))),
-		HeadersLen: json.Number(strconv.Itoa(int(d.HeadersLen))),
-		PreludeCRC: json.Number(strconv.Itoa(int(d.PreludeCRC))),
-		Headers:    d.Headers,
-		Payload:    d.Payload,
-		CRC:        json.Number(strconv.Itoa(int(d.CRC))),
-	}
-
-	return json.Marshal(jsonMsg)
-}
-
-func numAsUint32(n json.Number) (uint32, error) {
-	v, err := n.Int64()
-	if err != nil {
-		return 0, fmt.Errorf("failed to get int64 json number, %v", err)
-	}
-
-	return uint32(v), nil
-}
-
-func (d decodedMessage) Message() Message {
-	return Message{
-		Headers: Headers(d.Headers),
-		Payload: d.Payload,
-	}
-}
-
-type decodedHeaders Headers
-
-func (hs *decodedHeaders) UnmarshalJSON(b []byte) error {
-	var jsonHeaders []struct {
-		Name  string      `json:"name"`
-		Type  valueType   `json:"type"`
-		Value interface{} `json:"value"`
-	}
-
-	decoder := json.NewDecoder(bytes.NewReader(b))
-	decoder.UseNumber()
-	if err := decoder.Decode(&jsonHeaders); err != nil {
-		return err
-	}
-
-	var headers Headers
-	for _, h := range jsonHeaders {
-		value, err := valueFromType(h.Type, h.Value)
-		if err != nil {
-			return err
-		}
-		headers.Set(h.Name, value)
-	}
-	*hs = decodedHeaders(headers)
-
-	return nil
-}
-
-func valueFromType(typ valueType, val interface{}) (Value, error) {
-	switch typ {
-	case trueValueType:
-		return BoolValue(true), nil
-	case falseValueType:
-		return BoolValue(false), nil
-	case int8ValueType:
-		v, err := val.(json.Number).Int64()
-		return Int8Value(int8(v)), err
-	case int16ValueType:
-		v, err := val.(json.Number).Int64()
-		return Int16Value(int16(v)), err
-	case int32ValueType:
-		v, err := val.(json.Number).Int64()
-		return Int32Value(int32(v)), err
-	case int64ValueType:
-		v, err := val.(json.Number).Int64()
-		return Int64Value(v), err
-	case bytesValueType:
-		v, err := base64.StdEncoding.DecodeString(val.(string))
-		return BytesValue(v), err
-	case stringValueType:
-		v, err := base64.StdEncoding.DecodeString(val.(string))
-		return StringValue(string(v)), err
-	case timestampValueType:
-		v, err := val.(json.Number).Int64()
-		return TimestampValue(timeFromEpochMilli(v)), err
-	case uuidValueType:
-		v, err := base64.StdEncoding.DecodeString(val.(string))
-		var tv UUIDValue
-		copy(tv[:], v)
-		return tv, err
-	default:
-		panic(fmt.Sprintf("unknown type, %s, %T", typ.String(), val))
-	}
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/decode.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/decode.go
deleted file mode 100644
index 474339391..000000000
--- a/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/decode.go
+++ /dev/null
@@ -1,216 +0,0 @@
-package eventstream
-
-import (
-	"bytes"
-	"encoding/binary"
-	"encoding/hex"
-	"encoding/json"
-	"fmt"
-	"hash"
-	"hash/crc32"
-	"io"
-
-	"github.com/aws/aws-sdk-go/aws"
-)
-
-// Decoder provides decoding of an Event Stream messages.
-type Decoder struct {
-	r      io.Reader
-	logger aws.Logger
-}
-
-// NewDecoder initializes and returns a Decoder for decoding event
-// stream messages from the reader provided.
-func NewDecoder(r io.Reader, opts ...func(*Decoder)) *Decoder {
-	d := &Decoder{
-		r: r,
-	}
-
-	for _, opt := range opts {
-		opt(d)
-	}
-
-	return d
-}
-
-// DecodeWithLogger adds a logger to be used by the decoder when decoding
-// stream events.
-func DecodeWithLogger(logger aws.Logger) func(*Decoder) {
-	return func(d *Decoder) {
-		d.logger = logger
-	}
-}
-
-// Decode attempts to decode a single message from the event stream reader.
-// Will return the event stream message, or error if Decode fails to read
-// the message from the stream.
-func (d *Decoder) Decode(payloadBuf []byte) (m Message, err error) {
-	reader := d.r
-	if d.logger != nil {
-		debugMsgBuf := bytes.NewBuffer(nil)
-		reader = io.TeeReader(reader, debugMsgBuf)
-		defer func() {
-			logMessageDecode(d.logger, debugMsgBuf, m, err)
-		}()
-	}
-
-	m, err = Decode(reader, payloadBuf)
-
-	return m, err
-}
-
-// Decode attempts to decode a single message from the event stream reader.
-// Will return the event stream message, or error if Decode fails to read
-// the message from the reader.
-func Decode(reader io.Reader, payloadBuf []byte) (m Message, err error) {
-	crc := crc32.New(crc32IEEETable)
-	hashReader := io.TeeReader(reader, crc)
-
-	prelude, err := decodePrelude(hashReader, crc)
-	if err != nil {
-		return Message{}, err
-	}
-
-	if prelude.HeadersLen > 0 {
-		lr := io.LimitReader(hashReader, int64(prelude.HeadersLen))
-		m.Headers, err = decodeHeaders(lr)
-		if err != nil {
-			return Message{}, err
-		}
-	}
-
-	if payloadLen := prelude.PayloadLen(); payloadLen > 0 {
-		buf, err := decodePayload(payloadBuf, io.LimitReader(hashReader, int64(payloadLen)))
-		if err != nil {
-			return Message{}, err
-		}
-		m.Payload = buf
-	}
-
-	msgCRC := crc.Sum32()
-	if err := validateCRC(reader, msgCRC); err != nil {
-		return Message{}, err
-	}
-
-	return m, nil
-}
-
-func logMessageDecode(logger aws.Logger, msgBuf *bytes.Buffer, msg Message, decodeErr error) {
-	w := bytes.NewBuffer(nil)
-	defer func() { logger.Log(w.String()) }()
-
-	fmt.Fprintf(w, "Raw message:\n%s\n",
-		hex.Dump(msgBuf.Bytes()))
-
-	if decodeErr != nil {
-		fmt.Fprintf(w, "Decode error: %v\n", decodeErr)
-		return
-	}
-
-	rawMsg, err := msg.rawMessage()
-	if err != nil {
-		fmt.Fprintf(w, "failed to create raw message, %v\n", err)
-		return
-	}
-
-	decodedMsg := decodedMessage{
-		rawMessage: rawMsg,
-		Headers:    decodedHeaders(msg.Headers),
-	}
-
-	fmt.Fprintf(w, "Decoded message:\n")
-	encoder := json.NewEncoder(w)
-	if err := encoder.Encode(decodedMsg); err != nil {
-		fmt.Fprintf(w, "failed to generate decoded message, %v\n", err)
-	}
-}
-
-func decodePrelude(r io.Reader, crc hash.Hash32) (messagePrelude, error) {
-	var p messagePrelude
-
-	var err error
-	p.Length, err = decodeUint32(r)
-	if err != nil {
-		return messagePrelude{}, err
-	}
-
-	p.HeadersLen, err = decodeUint32(r)
-	if err != nil {
-		return messagePrelude{}, err
-	}
-
-	if err := p.ValidateLens(); err != nil {
-		return messagePrelude{}, err
-	}
-
-	preludeCRC := crc.Sum32()
-	if err := validateCRC(r, preludeCRC); err != nil {
-		return messagePrelude{}, err
-	}
-
-	p.PreludeCRC = preludeCRC
-
-	return p, nil
-}
-
-func decodePayload(buf []byte, r io.Reader) ([]byte, error) {
-	w := bytes.NewBuffer(buf[0:0])
-
-	_, err := io.Copy(w, r)
-	return w.Bytes(), err
-}
-
-func decodeUint8(r io.Reader) (uint8, error) {
-	type byteReader interface {
-		ReadByte() (byte, error)
-	}
-
-	if br, ok := r.(byteReader); ok {
-		v, err := br.ReadByte()
-		return uint8(v), err
-	}
-
-	var b [1]byte
-	_, err := io.ReadFull(r, b[:])
-	return uint8(b[0]), err
-}
-func decodeUint16(r io.Reader) (uint16, error) {
-	var b [2]byte
-	bs := b[:]
-	_, err := io.ReadFull(r, bs)
-	if err != nil {
-		return 0, err
-	}
-	return binary.BigEndian.Uint16(bs), nil
-}
-func decodeUint32(r io.Reader) (uint32, error) {
-	var b [4]byte
-	bs := b[:]
-	_, err := io.ReadFull(r, bs)
-	if err != nil {
-		return 0, err
-	}
-	return binary.BigEndian.Uint32(bs), nil
-}
-func decodeUint64(r io.Reader) (uint64, error) {
-	var b [8]byte
-	bs := b[:]
-	_, err := io.ReadFull(r, bs)
-	if err != nil {
-		return 0, err
-	}
-	return binary.BigEndian.Uint64(bs), nil
-}
-
-func validateCRC(r io.Reader, expect uint32) error {
-	msgCRC, err := decodeUint32(r)
-	if err != nil {
-		return err
-	}
-
-	if msgCRC != expect {
-		return ChecksumError{}
-	}
-
-	return nil
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/encode.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/encode.go
deleted file mode 100644
index ffade3bc0..000000000
--- a/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/encode.go
+++ /dev/null
@@ -1,162 +0,0 @@
-package eventstream
-
-import (
-	"bytes"
-	"encoding/binary"
-	"encoding/hex"
-	"encoding/json"
-	"fmt"
-	"hash"
-	"hash/crc32"
-	"io"
-
-	"github.com/aws/aws-sdk-go/aws"
-)
-
-// Encoder provides EventStream message encoding.
-type Encoder struct {
-	w      io.Writer
-	logger aws.Logger
-
-	headersBuf *bytes.Buffer
-}
-
-// NewEncoder initializes and returns an Encoder to encode Event Stream
-// messages to an io.Writer.
-func NewEncoder(w io.Writer, opts ...func(*Encoder)) *Encoder {
-	e := &Encoder{
-		w:          w,
-		headersBuf: bytes.NewBuffer(nil),
-	}
-
-	for _, opt := range opts {
-		opt(e)
-	}
-
-	return e
-}
-
-// EncodeWithLogger adds a logger to be used by the encode when decoding
-// stream events.
-func EncodeWithLogger(logger aws.Logger) func(*Encoder) {
-	return func(d *Encoder) {
-		d.logger = logger
-	}
-}
-
-// Encode encodes a single EventStream message to the io.Writer the Encoder
-// was created with. An error is returned if writing the message fails.
-func (e *Encoder) Encode(msg Message) (err error) {
-	e.headersBuf.Reset()
-
-	writer := e.w
-	if e.logger != nil {
-		encodeMsgBuf := bytes.NewBuffer(nil)
-		writer = io.MultiWriter(writer, encodeMsgBuf)
-		defer func() {
-			logMessageEncode(e.logger, encodeMsgBuf, msg, err)
-		}()
-	}
-
-	if err = EncodeHeaders(e.headersBuf, msg.Headers); err != nil {
-		return err
-	}
-
-	crc := crc32.New(crc32IEEETable)
-	hashWriter := io.MultiWriter(writer, crc)
-
-	headersLen := uint32(e.headersBuf.Len())
-	payloadLen := uint32(len(msg.Payload))
-
-	if err = encodePrelude(hashWriter, crc, headersLen, payloadLen); err != nil {
-		return err
-	}
-
-	if headersLen > 0 {
-		if _, err = io.Copy(hashWriter, e.headersBuf); err != nil {
-			return err
-		}
-	}
-
-	if payloadLen > 0 {
-		if _, err = hashWriter.Write(msg.Payload); err != nil {
-			return err
-		}
-	}
-
-	msgCRC := crc.Sum32()
-	return binary.Write(writer, binary.BigEndian, msgCRC)
-}
-
-func logMessageEncode(logger aws.Logger, msgBuf *bytes.Buffer, msg Message, encodeErr error) {
-	w := bytes.NewBuffer(nil)
-	defer func() { logger.Log(w.String()) }()
-
-	fmt.Fprintf(w, "Message to encode:\n")
-	encoder := json.NewEncoder(w)
-	if err := encoder.Encode(msg); err != nil {
-		fmt.Fprintf(w, "Failed to get encoded message, %v\n", err)
-	}
-
-	if encodeErr != nil {
-		fmt.Fprintf(w, "Encode error: %v\n", encodeErr)
-		return
-	}
-
-	fmt.Fprintf(w, "Raw message:\n%s\n", hex.Dump(msgBuf.Bytes()))
-}
-
-func encodePrelude(w io.Writer, crc hash.Hash32, headersLen, payloadLen uint32) error {
-	p := messagePrelude{
-		Length:     minMsgLen + headersLen + payloadLen,
-		HeadersLen: headersLen,
-	}
-	if err := p.ValidateLens(); err != nil {
-		return err
-	}
-
-	err := binaryWriteFields(w, binary.BigEndian,
-		p.Length,
-		p.HeadersLen,
-	)
-	if err != nil {
-		return err
-	}
-
-	p.PreludeCRC = crc.Sum32()
-	err = binary.Write(w, binary.BigEndian, p.PreludeCRC)
-	if err != nil {
-		return err
-	}
-
-	return nil
-}
-
-// EncodeHeaders writes the header values to the writer encoded in the event
-// stream format. Returns an error if a header fails to encode.
-func EncodeHeaders(w io.Writer, headers Headers) error {
-	for _, h := range headers {
-		hn := headerName{
-			Len: uint8(len(h.Name)),
-		}
-		copy(hn.Name[:hn.Len], h.Name)
-		if err := hn.encode(w); err != nil {
-			return err
-		}
-
-		if err := h.Value.encode(w); err != nil {
-			return err
-		}
-	}
-
-	return nil
-}
-
-func binaryWriteFields(w io.Writer, order binary.ByteOrder, vs ...interface{}) error {
-	for _, v := range vs {
-		if err := binary.Write(w, order, v); err != nil {
-			return err
-		}
-	}
-	return nil
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/error.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/error.go
deleted file mode 100644
index 5481ef307..000000000
--- a/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/error.go
+++ /dev/null
@@ -1,23 +0,0 @@
-package eventstream
-
-import "fmt"
-
-// LengthError provides the error for items being larger than a maximum length.
-type LengthError struct {
-	Part  string
-	Want  int
-	Have  int
-	Value interface{}
-}
-
-func (e LengthError) Error() string {
-	return fmt.Sprintf("%s length invalid, %d/%d, %v",
-		e.Part, e.Want, e.Have, e.Value)
-}
-
-// ChecksumError provides the error for message checksum invalidation errors.
-type ChecksumError struct{}
-
-func (e ChecksumError) Error() string {
-	return "message checksum mismatch"
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/error.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/error.go
deleted file mode 100644
index 0a63340e4..000000000
--- a/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/error.go
+++ /dev/null
@@ -1,81 +0,0 @@
-package eventstreamapi
-
-import (
-	"fmt"
-	"sync"
-)
-
-// InputWriterCloseErrorCode is used to denote an error occurred
-// while closing the event stream input writer.
-const InputWriterCloseErrorCode = "EventStreamInputWriterCloseError"
-
-type messageError struct {
-	code string
-	msg  string
-}
-
-func (e messageError) Code() string {
-	return e.code
-}
-
-func (e messageError) Message() string {
-	return e.msg
-}
-
-func (e messageError) Error() string {
-	return fmt.Sprintf("%s: %s", e.code, e.msg)
-}
-
-func (e messageError) OrigErr() error {
-	return nil
-}
-
-// OnceError wraps the behavior of recording an error
-// once and signal on a channel when this has occurred.
-// Signaling is done by closing of the channel.
-//
-// Type is safe for concurrent usage.
-type OnceError struct {
-	mu  sync.RWMutex
-	err error
-	ch  chan struct{}
-}
-
-// NewOnceError return a new OnceError
-func NewOnceError() *OnceError {
-	return &OnceError{
-		ch: make(chan struct{}, 1),
-	}
-}
-
-// Err acquires a read-lock and returns an
-// error if one has been set.
-func (e *OnceError) Err() error {
-	e.mu.RLock()
-	err := e.err
-	e.mu.RUnlock()
-
-	return err
-}
-
-// SetError acquires a write-lock and will set
-// the underlying error value if one has not been set.
-func (e *OnceError) SetError(err error) {
-	if err == nil {
-		return
-	}
-
-	e.mu.Lock()
-	if e.err == nil {
-		e.err = err
-		close(e.ch)
-	}
-	e.mu.Unlock()
-}
-
-// ErrorSet returns a channel that will be used to signal
-// that an error has been set. This channel will be closed
-// when the error value has been set for OnceError.
-func (e *OnceError) ErrorSet() <-chan struct{} {
-	return e.ch
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/reader.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/reader.go
deleted file mode 100644
index 0e4aa42f3..000000000
--- a/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/reader.go
+++ /dev/null
@@ -1,173 +0,0 @@
-package eventstreamapi
-
-import (
-	"fmt"
-
-	"github.com/aws/aws-sdk-go/private/protocol"
-	"github.com/aws/aws-sdk-go/private/protocol/eventstream"
-)
-
-// Unmarshaler provides the interface for unmarshaling a EventStream
-// message into a SDK type.
-type Unmarshaler interface {
-	UnmarshalEvent(protocol.PayloadUnmarshaler, eventstream.Message) error
-}
-
-// EventReader provides reading from the EventStream of an reader.
-type EventReader struct {
-	decoder *eventstream.Decoder
-
-	unmarshalerForEventType func(string) (Unmarshaler, error)
-	payloadUnmarshaler      protocol.PayloadUnmarshaler
-
-	payloadBuf []byte
-}
-
-// NewEventReader returns a EventReader built from the reader and unmarshaler
-// provided.  Use ReadStream method to start reading from the EventStream.
-func NewEventReader(
-	decoder *eventstream.Decoder,
-	payloadUnmarshaler protocol.PayloadUnmarshaler,
-	unmarshalerForEventType func(string) (Unmarshaler, error),
-) *EventReader {
-	return &EventReader{
-		decoder:                 decoder,
-		payloadUnmarshaler:      payloadUnmarshaler,
-		unmarshalerForEventType: unmarshalerForEventType,
-		payloadBuf:              make([]byte, 10*1024),
-	}
-}
-
-// ReadEvent attempts to read a message from the EventStream and return the
-// unmarshaled event value that the message is for.
-//
-// For EventStream API errors check if the returned error satisfies the
-// awserr.Error interface to get the error's Code and Message components.
-//
-// EventUnmarshalers called with EventStream messages must take copies of the
-// message's Payload. The payload will is reused between events read.
-func (r *EventReader) ReadEvent() (event interface{}, err error) {
-	msg, err := r.decoder.Decode(r.payloadBuf)
-	if err != nil {
-		return nil, err
-	}
-	defer func() {
-		// Reclaim payload buffer for next message read.
-		r.payloadBuf = msg.Payload[0:0]
-	}()
-
-	typ, err := GetHeaderString(msg, MessageTypeHeader)
-	if err != nil {
-		return nil, err
-	}
-
-	switch typ {
-	case EventMessageType:
-		return r.unmarshalEventMessage(msg)
-	case ExceptionMessageType:
-		return nil, r.unmarshalEventException(msg)
-	case ErrorMessageType:
-		return nil, r.unmarshalErrorMessage(msg)
-	default:
-		return nil, &UnknownMessageTypeError{
-			Type: typ, Message: msg.Clone(),
-		}
-	}
-}
-
-// UnknownMessageTypeError provides an error when a message is received from
-// the stream, but the reader is unable to determine what kind of message it is.
-type UnknownMessageTypeError struct {
-	Type    string
-	Message eventstream.Message
-}
-
-func (e *UnknownMessageTypeError) Error() string {
-	return "unknown eventstream message type, " + e.Type
-}
-
-func (r *EventReader) unmarshalEventMessage(
-	msg eventstream.Message,
-) (event interface{}, err error) {
-	eventType, err := GetHeaderString(msg, EventTypeHeader)
-	if err != nil {
-		return nil, err
-	}
-
-	ev, err := r.unmarshalerForEventType(eventType)
-	if err != nil {
-		return nil, err
-	}
-
-	err = ev.UnmarshalEvent(r.payloadUnmarshaler, msg)
-	if err != nil {
-		return nil, err
-	}
-
-	return ev, nil
-}
-
-func (r *EventReader) unmarshalEventException(
-	msg eventstream.Message,
-) (err error) {
-	eventType, err := GetHeaderString(msg, ExceptionTypeHeader)
-	if err != nil {
-		return err
-	}
-
-	ev, err := r.unmarshalerForEventType(eventType)
-	if err != nil {
-		return err
-	}
-
-	err = ev.UnmarshalEvent(r.payloadUnmarshaler, msg)
-	if err != nil {
-		return err
-	}
-
-	var ok bool
-	err, ok = ev.(error)
-	if !ok {
-		err = messageError{
-			code: "SerializationError",
-			msg: fmt.Sprintf(
-				"event stream exception %s mapped to non-error %T, %v",
-				eventType, ev, ev,
-			),
-		}
-	}
-
-	return err
-}
-
-func (r *EventReader) unmarshalErrorMessage(msg eventstream.Message) (err error) {
-	var msgErr messageError
-
-	msgErr.code, err = GetHeaderString(msg, ErrorCodeHeader)
-	if err != nil {
-		return err
-	}
-
-	msgErr.msg, err = GetHeaderString(msg, ErrorMessageHeader)
-	if err != nil {
-		return err
-	}
-
-	return msgErr
-}
-
-// GetHeaderString returns the value of the header as a string. If the header
-// is not set or the value is not a string an error will be returned.
-func GetHeaderString(msg eventstream.Message, headerName string) (string, error) {
-	headerVal := msg.Headers.Get(headerName)
-	if headerVal == nil {
-		return "", fmt.Errorf("error header %s not present", headerName)
-	}
-
-	v, ok := headerVal.Get().(string)
-	if !ok {
-		return "", fmt.Errorf("error header value is not a string, %T", headerVal)
-	}
-
-	return v, nil
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/shared.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/shared.go
deleted file mode 100644
index e46b8acc2..000000000
--- a/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/shared.go
+++ /dev/null
@@ -1,23 +0,0 @@
-package eventstreamapi
-
-// EventStream headers with specific meaning to async API functionality.
-const (
-	ChunkSignatureHeader = `:chunk-signature` // chunk signature for message
-	DateHeader           = `:date`            // Date header for signature
-
-	// Message header and values
-	MessageTypeHeader    = `:message-type` // Identifies type of message.
-	EventMessageType     = `event`
-	ErrorMessageType     = `error`
-	ExceptionMessageType = `exception`
-
-	// Message Events
-	EventTypeHeader = `:event-type` // Identifies message event type e.g. "Stats".
-
-	// Message Error
-	ErrorCodeHeader    = `:error-code`
-	ErrorMessageHeader = `:error-message`
-
-	// Message Exception
-	ExceptionTypeHeader = `:exception-type`
-)
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/signer.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/signer.go
deleted file mode 100644
index 3a7ba5cd5..000000000
--- a/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/signer.go
+++ /dev/null
@@ -1,123 +0,0 @@
-package eventstreamapi
-
-import (
-	"bytes"
-	"strings"
-	"time"
-
-	"github.com/aws/aws-sdk-go/private/protocol/eventstream"
-)
-
-var timeNow = time.Now
-
-// StreamSigner defines an interface for the implementation of signing of event stream payloads
-type StreamSigner interface {
-	GetSignature(headers, payload []byte, date time.Time) ([]byte, error)
-}
-
-// SignEncoder envelopes event stream messages
-// into an event stream message payload with included
-// signature headers using the provided signer and encoder.
-type SignEncoder struct {
-	signer     StreamSigner
-	encoder    Encoder
-	bufEncoder *BufferEncoder
-
-	closeErr error
-	closed   bool
-}
-
-// NewSignEncoder returns a new SignEncoder using the provided stream signer and
-// event stream encoder.
-func NewSignEncoder(signer StreamSigner, encoder Encoder) *SignEncoder {
-	// TODO: Need to pass down logging
-
-	return &SignEncoder{
-		signer:     signer,
-		encoder:    encoder,
-		bufEncoder: NewBufferEncoder(),
-	}
-}
-
-// Close encodes a final event stream signing envelope with an empty event stream
-// payload. This final end-frame is used to mark the conclusion of the stream.
-func (s *SignEncoder) Close() error {
-	if s.closed {
-		return s.closeErr
-	}
-
-	if err := s.encode([]byte{}); err != nil {
-		if strings.Contains(err.Error(), "on closed pipe") {
-			return nil
-		}
-
-		s.closeErr = err
-		s.closed = true
-		return s.closeErr
-	}
-
-	return nil
-}
-
-// Encode takes the provided message and add envelopes the message
-// with the required signature.
-func (s *SignEncoder) Encode(msg eventstream.Message) error {
-	payload, err := s.bufEncoder.Encode(msg)
-	if err != nil {
-		return err
-	}
-
-	return s.encode(payload)
-}
-
-func (s SignEncoder) encode(payload []byte) error {
-	date := timeNow()
-
-	var msg eventstream.Message
-	msg.Headers.Set(DateHeader, eventstream.TimestampValue(date))
-	msg.Payload = payload
-
-	var headers bytes.Buffer
-	if err := eventstream.EncodeHeaders(&headers, msg.Headers); err != nil {
-		return err
-	}
-
-	sig, err := s.signer.GetSignature(headers.Bytes(), msg.Payload, date)
-	if err != nil {
-		return err
-	}
-
-	msg.Headers.Set(ChunkSignatureHeader, eventstream.BytesValue(sig))
-
-	return s.encoder.Encode(msg)
-}
-
-// BufferEncoder is a utility that provides a buffered
-// event stream encoder
-type BufferEncoder struct {
-	encoder Encoder
-	buffer  *bytes.Buffer
-}
-
-// NewBufferEncoder returns a new BufferEncoder initialized
-// with a 1024 byte buffer.
-func NewBufferEncoder() *BufferEncoder {
-	buf := bytes.NewBuffer(make([]byte, 1024))
-	return &BufferEncoder{
-		encoder: eventstream.NewEncoder(buf),
-		buffer:  buf,
-	}
-}
-
-// Encode returns the encoded message as a byte slice.
-// The returned byte slice will be modified on the next encode call
-// and should not be held onto.
-func (e *BufferEncoder) Encode(msg eventstream.Message) ([]byte, error) {
-	e.buffer.Reset()
-
-	if err := e.encoder.Encode(msg); err != nil {
-		return nil, err
-	}
-
-	return e.buffer.Bytes(), nil
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/stream_writer.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/stream_writer.go
deleted file mode 100644
index 433bb1630..000000000
--- a/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/stream_writer.go
+++ /dev/null
@@ -1,129 +0,0 @@
-package eventstreamapi
-
-import (
-	"fmt"
-	"io"
-	"sync"
-
-	"github.com/aws/aws-sdk-go/aws"
-)
-
-// StreamWriter provides concurrent safe writing to an event stream.
-type StreamWriter struct {
-	eventWriter *EventWriter
-	stream      chan eventWriteAsyncReport
-
-	done      chan struct{}
-	closeOnce sync.Once
-	err       *OnceError
-
-	streamCloser io.Closer
-}
-
-// NewStreamWriter returns a StreamWriter for the event writer, and stream
-// closer provided.
-func NewStreamWriter(eventWriter *EventWriter, streamCloser io.Closer) *StreamWriter {
-	w := &StreamWriter{
-		eventWriter:  eventWriter,
-		streamCloser: streamCloser,
-		stream:       make(chan eventWriteAsyncReport),
-		done:         make(chan struct{}),
-		err:          NewOnceError(),
-	}
-	go w.writeStream()
-
-	return w
-}
-
-// Close terminates the writers ability to write new events to the stream. Any
-// future call to Send will fail with an error.
-func (w *StreamWriter) Close() error {
-	w.closeOnce.Do(w.safeClose)
-	return w.Err()
-}
-
-func (w *StreamWriter) safeClose() {
-	close(w.done)
-}
-
-// ErrorSet returns a channel which will be closed
-// if an error occurs.
-func (w *StreamWriter) ErrorSet() <-chan struct{} {
-	return w.err.ErrorSet()
-}
-
-// Err returns any error that occurred while attempting to write an event to the
-// stream.
-func (w *StreamWriter) Err() error {
-	return w.err.Err()
-}
-
-// Send writes a single event to the stream returning an error if the write
-// failed.
-//
-// Send may be called concurrently. Events will be written to the stream
-// safely.
-func (w *StreamWriter) Send(ctx aws.Context, event Marshaler) error {
-	if err := w.Err(); err != nil {
-		return err
-	}
-
-	resultCh := make(chan error)
-	wrapped := eventWriteAsyncReport{
-		Event:  event,
-		Result: resultCh,
-	}
-
-	select {
-	case w.stream <- wrapped:
-	case <-ctx.Done():
-		return ctx.Err()
-	case <-w.done:
-		return fmt.Errorf("stream closed, unable to send event")
-	}
-
-	select {
-	case err := <-resultCh:
-		return err
-	case <-ctx.Done():
-		return ctx.Err()
-	case <-w.done:
-		return fmt.Errorf("stream closed, unable to send event")
-	}
-}
-
-func (w *StreamWriter) writeStream() {
-	defer w.Close()
-
-	for {
-		select {
-		case wrapper := <-w.stream:
-			err := w.eventWriter.WriteEvent(wrapper.Event)
-			wrapper.ReportResult(w.done, err)
-			if err != nil {
-				w.err.SetError(err)
-				return
-			}
-
-		case <-w.done:
-			if err := w.streamCloser.Close(); err != nil {
-				w.err.SetError(err)
-			}
-			return
-		}
-	}
-}
-
-type eventWriteAsyncReport struct {
-	Event  Marshaler
-	Result chan<- error
-}
-
-func (e eventWriteAsyncReport) ReportResult(cancel <-chan struct{}, err error) bool {
-	select {
-	case e.Result <- err:
-		return true
-	case <-cancel:
-		return false
-	}
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/transport.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/transport.go
deleted file mode 100644
index 4bf2b27b2..000000000
--- a/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/transport.go
+++ /dev/null
@@ -1,10 +0,0 @@
-//go:build go1.18
-// +build go1.18
-
-package eventstreamapi
-
-import "github.com/aws/aws-sdk-go/aws/request"
-
-// ApplyHTTPTransportFixes is a no-op for Go 1.18 and above.
-func ApplyHTTPTransportFixes(r *request.Request) {
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/transport_go1.17.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/transport_go1.17.go
deleted file mode 100644
index 2ee2c36fd..000000000
--- a/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/transport_go1.17.go
+++ /dev/null
@@ -1,19 +0,0 @@
-//go:build !go1.18
-// +build !go1.18
-
-package eventstreamapi
-
-import "github.com/aws/aws-sdk-go/aws/request"
-
-// ApplyHTTPTransportFixes applies fixes to the HTTP request for proper event
-// stream functionality. Go 1.15 through 1.17 HTTP client could hang forever
-// when an HTTP/2 connection failed with an non-200 status code and err. Using
-// Expect 100-Continue, allows the HTTP client to gracefully handle the non-200
-// status code, and close the connection.
-//
-// This is a no-op for Go 1.18 and above.
-func ApplyHTTPTransportFixes(r *request.Request) {
-	r.Handlers.Sign.PushBack(func(r *request.Request) {
-		r.HTTPRequest.Header.Set("Expect", "100-Continue")
-	})
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/writer.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/writer.go
deleted file mode 100644
index 7d7a79352..000000000
--- a/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/writer.go
+++ /dev/null
@@ -1,63 +0,0 @@
-package eventstreamapi
-
-import (
-	"github.com/aws/aws-sdk-go/private/protocol"
-	"github.com/aws/aws-sdk-go/private/protocol/eventstream"
-)
-
-// Marshaler provides a marshaling interface for event types to event stream
-// messages.
-type Marshaler interface {
-	MarshalEvent(protocol.PayloadMarshaler) (eventstream.Message, error)
-}
-
-// Encoder is an stream encoder that will encode an event stream message for
-// the transport.
-type Encoder interface {
-	Encode(eventstream.Message) error
-}
-
-// EventWriter provides a wrapper around the underlying event stream encoder
-// for an io.WriteCloser.
-type EventWriter struct {
-	encoder          Encoder
-	payloadMarshaler protocol.PayloadMarshaler
-	eventTypeFor     func(Marshaler) (string, error)
-}
-
-// NewEventWriter returns a new event stream writer, that will write to the
-// writer provided. Use the WriteEvent method to write an event to the stream.
-func NewEventWriter(encoder Encoder, pm protocol.PayloadMarshaler, eventTypeFor func(Marshaler) (string, error),
-) *EventWriter {
-	return &EventWriter{
-		encoder:          encoder,
-		payloadMarshaler: pm,
-		eventTypeFor:     eventTypeFor,
-	}
-}
-
-// WriteEvent writes an event to the stream. Returns an error if the event
-// fails to marshal into a message, or writing to the underlying writer fails.
-func (w *EventWriter) WriteEvent(event Marshaler) error {
-	msg, err := w.marshal(event)
-	if err != nil {
-		return err
-	}
-
-	return w.encoder.Encode(msg)
-}
-
-func (w *EventWriter) marshal(event Marshaler) (eventstream.Message, error) {
-	eventType, err := w.eventTypeFor(event)
-	if err != nil {
-		return eventstream.Message{}, err
-	}
-
-	msg, err := event.MarshalEvent(w.payloadMarshaler)
-	if err != nil {
-		return eventstream.Message{}, err
-	}
-
-	msg.Headers.Set(EventTypeHeader, eventstream.StringValue(eventType))
-	return msg, nil
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/header.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/header.go
deleted file mode 100644
index f6f8c5674..000000000
--- a/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/header.go
+++ /dev/null
@@ -1,175 +0,0 @@
-package eventstream
-
-import (
-	"encoding/binary"
-	"fmt"
-	"io"
-)
-
-// Headers are a collection of EventStream header values.
-type Headers []Header
-
-// Header is a single EventStream Key Value header pair.
-type Header struct {
-	Name  string
-	Value Value
-}
-
-// Set associates the name with a value. If the header name already exists in
-// the Headers the value will be replaced with the new one.
-func (hs *Headers) Set(name string, value Value) {
-	var i int
-	for ; i < len(*hs); i++ {
-		if (*hs)[i].Name == name {
-			(*hs)[i].Value = value
-			return
-		}
-	}
-
-	*hs = append(*hs, Header{
-		Name: name, Value: value,
-	})
-}
-
-// Get returns the Value associated with the header. Nil is returned if the
-// value does not exist.
-func (hs Headers) Get(name string) Value {
-	for i := 0; i < len(hs); i++ {
-		if h := hs[i]; h.Name == name {
-			return h.Value
-		}
-	}
-	return nil
-}
-
-// Del deletes the value in the Headers if it exists.
-func (hs *Headers) Del(name string) {
-	for i := 0; i < len(*hs); i++ {
-		if (*hs)[i].Name == name {
-			copy((*hs)[i:], (*hs)[i+1:])
-			(*hs) = (*hs)[:len(*hs)-1]
-		}
-	}
-}
-
-// Clone returns a deep copy of the headers
-func (hs Headers) Clone() Headers {
-	o := make(Headers, 0, len(hs))
-	for _, h := range hs {
-		o.Set(h.Name, h.Value)
-	}
-	return o
-}
-
-func decodeHeaders(r io.Reader) (Headers, error) {
-	hs := Headers{}
-
-	for {
-		name, err := decodeHeaderName(r)
-		if err != nil {
-			if err == io.EOF {
-				// EOF while getting header name means no more headers
-				break
-			}
-			return nil, err
-		}
-
-		value, err := decodeHeaderValue(r)
-		if err != nil {
-			return nil, err
-		}
-
-		hs.Set(name, value)
-	}
-
-	return hs, nil
-}
-
-func decodeHeaderName(r io.Reader) (string, error) {
-	var n headerName
-
-	var err error
-	n.Len, err = decodeUint8(r)
-	if err != nil {
-		return "", err
-	}
-
-	name := n.Name[:n.Len]
-	if _, err := io.ReadFull(r, name); err != nil {
-		return "", err
-	}
-
-	return string(name), nil
-}
-
-func decodeHeaderValue(r io.Reader) (Value, error) {
-	var raw rawValue
-
-	typ, err := decodeUint8(r)
-	if err != nil {
-		return nil, err
-	}
-	raw.Type = valueType(typ)
-
-	var v Value
-
-	switch raw.Type {
-	case trueValueType:
-		v = BoolValue(true)
-	case falseValueType:
-		v = BoolValue(false)
-	case int8ValueType:
-		var tv Int8Value
-		err = tv.decode(r)
-		v = tv
-	case int16ValueType:
-		var tv Int16Value
-		err = tv.decode(r)
-		v = tv
-	case int32ValueType:
-		var tv Int32Value
-		err = tv.decode(r)
-		v = tv
-	case int64ValueType:
-		var tv Int64Value
-		err = tv.decode(r)
-		v = tv
-	case bytesValueType:
-		var tv BytesValue
-		err = tv.decode(r)
-		v = tv
-	case stringValueType:
-		var tv StringValue
-		err = tv.decode(r)
-		v = tv
-	case timestampValueType:
-		var tv TimestampValue
-		err = tv.decode(r)
-		v = tv
-	case uuidValueType:
-		var tv UUIDValue
-		err = tv.decode(r)
-		v = tv
-	default:
-		panic(fmt.Sprintf("unknown value type %d", raw.Type))
-	}
-
-	// Error could be EOF, let caller deal with it
-	return v, err
-}
-
-const maxHeaderNameLen = 255
-
-type headerName struct {
-	Len  uint8
-	Name [maxHeaderNameLen]byte
-}
-
-func (v headerName) encode(w io.Writer) error {
-	if err := binary.Write(w, binary.BigEndian, v.Len); err != nil {
-		return err
-	}
-
-	_, err := w.Write(v.Name[:v.Len])
-	return err
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/header_value.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/header_value.go
deleted file mode 100644
index 9f509d8f6..000000000
--- a/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/header_value.go
+++ /dev/null
@@ -1,506 +0,0 @@
-package eventstream
-
-import (
-	"encoding/base64"
-	"encoding/binary"
-	"fmt"
-	"io"
-	"strconv"
-	"time"
-)
-
-const maxHeaderValueLen = 1<<15 - 1 // 2^15-1 or 32KB - 1
-
-// valueType is the EventStream header value type.
-type valueType uint8
-
-// Header value types
-const (
-	trueValueType valueType = iota
-	falseValueType
-	int8ValueType  // Byte
-	int16ValueType // Short
-	int32ValueType // Integer
-	int64ValueType // Long
-	bytesValueType
-	stringValueType
-	timestampValueType
-	uuidValueType
-)
-
-func (t valueType) String() string {
-	switch t {
-	case trueValueType:
-		return "bool"
-	case falseValueType:
-		return "bool"
-	case int8ValueType:
-		return "int8"
-	case int16ValueType:
-		return "int16"
-	case int32ValueType:
-		return "int32"
-	case int64ValueType:
-		return "int64"
-	case bytesValueType:
-		return "byte_array"
-	case stringValueType:
-		return "string"
-	case timestampValueType:
-		return "timestamp"
-	case uuidValueType:
-		return "uuid"
-	default:
-		return fmt.Sprintf("unknown value type %d", uint8(t))
-	}
-}
-
-type rawValue struct {
-	Type  valueType
-	Len   uint16 // Only set for variable length slices
-	Value []byte // byte representation of value, BigEndian encoding.
-}
-
-func (r rawValue) encodeScalar(w io.Writer, v interface{}) error {
-	return binaryWriteFields(w, binary.BigEndian,
-		r.Type,
-		v,
-	)
-}
-
-func (r rawValue) encodeFixedSlice(w io.Writer, v []byte) error {
-	binary.Write(w, binary.BigEndian, r.Type)
-
-	_, err := w.Write(v)
-	return err
-}
-
-func (r rawValue) encodeBytes(w io.Writer, v []byte) error {
-	if len(v) > maxHeaderValueLen {
-		return LengthError{
-			Part: "header value",
-			Want: maxHeaderValueLen, Have: len(v),
-			Value: v,
-		}
-	}
-	r.Len = uint16(len(v))
-
-	err := binaryWriteFields(w, binary.BigEndian,
-		r.Type,
-		r.Len,
-	)
-	if err != nil {
-		return err
-	}
-
-	_, err = w.Write(v)
-	return err
-}
-
-func (r rawValue) encodeString(w io.Writer, v string) error {
-	if len(v) > maxHeaderValueLen {
-		return LengthError{
-			Part: "header value",
-			Want: maxHeaderValueLen, Have: len(v),
-			Value: v,
-		}
-	}
-	r.Len = uint16(len(v))
-
-	type stringWriter interface {
-		WriteString(string) (int, error)
-	}
-
-	err := binaryWriteFields(w, binary.BigEndian,
-		r.Type,
-		r.Len,
-	)
-	if err != nil {
-		return err
-	}
-
-	if sw, ok := w.(stringWriter); ok {
-		_, err = sw.WriteString(v)
-	} else {
-		_, err = w.Write([]byte(v))
-	}
-
-	return err
-}
-
-func decodeFixedBytesValue(r io.Reader, buf []byte) error {
-	_, err := io.ReadFull(r, buf)
-	return err
-}
-
-func decodeBytesValue(r io.Reader) ([]byte, error) {
-	var raw rawValue
-	var err error
-	raw.Len, err = decodeUint16(r)
-	if err != nil {
-		return nil, err
-	}
-
-	buf := make([]byte, raw.Len)
-	_, err = io.ReadFull(r, buf)
-	if err != nil {
-		return nil, err
-	}
-
-	return buf, nil
-}
-
-func decodeStringValue(r io.Reader) (string, error) {
-	v, err := decodeBytesValue(r)
-	return string(v), err
-}
-
-// Value represents the abstract header value.
-type Value interface {
-	Get() interface{}
-	String() string
-	valueType() valueType
-	encode(io.Writer) error
-}
-
-// An BoolValue provides eventstream encoding, and representation
-// of a Go bool value.
-type BoolValue bool
-
-// Get returns the underlying type
-func (v BoolValue) Get() interface{} {
-	return bool(v)
-}
-
-// valueType returns the EventStream header value type value.
-func (v BoolValue) valueType() valueType {
-	if v {
-		return trueValueType
-	}
-	return falseValueType
-}
-
-func (v BoolValue) String() string {
-	return strconv.FormatBool(bool(v))
-}
-
-// encode encodes the BoolValue into an eventstream binary value
-// representation.
-func (v BoolValue) encode(w io.Writer) error {
-	return binary.Write(w, binary.BigEndian, v.valueType())
-}
-
-// An Int8Value provides eventstream encoding, and representation of a Go
-// int8 value.
-type Int8Value int8
-
-// Get returns the underlying value.
-func (v Int8Value) Get() interface{} {
-	return int8(v)
-}
-
-// valueType returns the EventStream header value type value.
-func (Int8Value) valueType() valueType {
-	return int8ValueType
-}
-
-func (v Int8Value) String() string {
-	return fmt.Sprintf("0x%02x", int8(v))
-}
-
-// encode encodes the Int8Value into an eventstream binary value
-// representation.
-func (v Int8Value) encode(w io.Writer) error {
-	raw := rawValue{
-		Type: v.valueType(),
-	}
-
-	return raw.encodeScalar(w, v)
-}
-
-func (v *Int8Value) decode(r io.Reader) error {
-	n, err := decodeUint8(r)
-	if err != nil {
-		return err
-	}
-
-	*v = Int8Value(n)
-	return nil
-}
-
-// An Int16Value provides eventstream encoding, and representation of a Go
-// int16 value.
-type Int16Value int16
-
-// Get returns the underlying value.
-func (v Int16Value) Get() interface{} {
-	return int16(v)
-}
-
-// valueType returns the EventStream header value type value.
-func (Int16Value) valueType() valueType {
-	return int16ValueType
-}
-
-func (v Int16Value) String() string {
-	return fmt.Sprintf("0x%04x", int16(v))
-}
-
-// encode encodes the Int16Value into an eventstream binary value
-// representation.
-func (v Int16Value) encode(w io.Writer) error {
-	raw := rawValue{
-		Type: v.valueType(),
-	}
-	return raw.encodeScalar(w, v)
-}
-
-func (v *Int16Value) decode(r io.Reader) error {
-	n, err := decodeUint16(r)
-	if err != nil {
-		return err
-	}
-
-	*v = Int16Value(n)
-	return nil
-}
-
-// An Int32Value provides eventstream encoding, and representation of a Go
-// int32 value.
-type Int32Value int32
-
-// Get returns the underlying value.
-func (v Int32Value) Get() interface{} {
-	return int32(v)
-}
-
-// valueType returns the EventStream header value type value.
-func (Int32Value) valueType() valueType {
-	return int32ValueType
-}
-
-func (v Int32Value) String() string {
-	return fmt.Sprintf("0x%08x", int32(v))
-}
-
-// encode encodes the Int32Value into an eventstream binary value
-// representation.
-func (v Int32Value) encode(w io.Writer) error {
-	raw := rawValue{
-		Type: v.valueType(),
-	}
-	return raw.encodeScalar(w, v)
-}
-
-func (v *Int32Value) decode(r io.Reader) error {
-	n, err := decodeUint32(r)
-	if err != nil {
-		return err
-	}
-
-	*v = Int32Value(n)
-	return nil
-}
-
-// An Int64Value provides eventstream encoding, and representation of a Go
-// int64 value.
-type Int64Value int64
-
-// Get returns the underlying value.
-func (v Int64Value) Get() interface{} {
-	return int64(v)
-}
-
-// valueType returns the EventStream header value type value.
-func (Int64Value) valueType() valueType {
-	return int64ValueType
-}
-
-func (v Int64Value) String() string {
-	return fmt.Sprintf("0x%016x", int64(v))
-}
-
-// encode encodes the Int64Value into an eventstream binary value
-// representation.
-func (v Int64Value) encode(w io.Writer) error {
-	raw := rawValue{
-		Type: v.valueType(),
-	}
-	return raw.encodeScalar(w, v)
-}
-
-func (v *Int64Value) decode(r io.Reader) error {
-	n, err := decodeUint64(r)
-	if err != nil {
-		return err
-	}
-
-	*v = Int64Value(n)
-	return nil
-}
-
-// An BytesValue provides eventstream encoding, and representation of a Go
-// byte slice.
-type BytesValue []byte
-
-// Get returns the underlying value.
-func (v BytesValue) Get() interface{} {
-	return []byte(v)
-}
-
-// valueType returns the EventStream header value type value.
-func (BytesValue) valueType() valueType {
-	return bytesValueType
-}
-
-func (v BytesValue) String() string {
-	return base64.StdEncoding.EncodeToString([]byte(v))
-}
-
-// encode encodes the BytesValue into an eventstream binary value
-// representation.
-func (v BytesValue) encode(w io.Writer) error {
-	raw := rawValue{
-		Type: v.valueType(),
-	}
-
-	return raw.encodeBytes(w, []byte(v))
-}
-
-func (v *BytesValue) decode(r io.Reader) error {
-	buf, err := decodeBytesValue(r)
-	if err != nil {
-		return err
-	}
-
-	*v = BytesValue(buf)
-	return nil
-}
-
-// An StringValue provides eventstream encoding, and representation of a Go
-// string.
-type StringValue string
-
-// Get returns the underlying value.
-func (v StringValue) Get() interface{} {
-	return string(v)
-}
-
-// valueType returns the EventStream header value type value.
-func (StringValue) valueType() valueType {
-	return stringValueType
-}
-
-func (v StringValue) String() string {
-	return string(v)
-}
-
-// encode encodes the StringValue into an eventstream binary value
-// representation.
-func (v StringValue) encode(w io.Writer) error {
-	raw := rawValue{
-		Type: v.valueType(),
-	}
-
-	return raw.encodeString(w, string(v))
-}
-
-func (v *StringValue) decode(r io.Reader) error {
-	s, err := decodeStringValue(r)
-	if err != nil {
-		return err
-	}
-
-	*v = StringValue(s)
-	return nil
-}
-
-// An TimestampValue provides eventstream encoding, and representation of a Go
-// timestamp.
-type TimestampValue time.Time
-
-// Get returns the underlying value.
-func (v TimestampValue) Get() interface{} {
-	return time.Time(v)
-}
-
-// valueType returns the EventStream header value type value.
-func (TimestampValue) valueType() valueType {
-	return timestampValueType
-}
-
-func (v TimestampValue) epochMilli() int64 {
-	nano := time.Time(v).UnixNano()
-	msec := nano / int64(time.Millisecond)
-	return msec
-}
-
-func (v TimestampValue) String() string {
-	msec := v.epochMilli()
-	return strconv.FormatInt(msec, 10)
-}
-
-// encode encodes the TimestampValue into an eventstream binary value
-// representation.
-func (v TimestampValue) encode(w io.Writer) error {
-	raw := rawValue{
-		Type: v.valueType(),
-	}
-
-	msec := v.epochMilli()
-	return raw.encodeScalar(w, msec)
-}
-
-func (v *TimestampValue) decode(r io.Reader) error {
-	n, err := decodeUint64(r)
-	if err != nil {
-		return err
-	}
-
-	*v = TimestampValue(timeFromEpochMilli(int64(n)))
-	return nil
-}
-
-// MarshalJSON implements the json.Marshaler interface
-func (v TimestampValue) MarshalJSON() ([]byte, error) {
-	return []byte(v.String()), nil
-}
-
-func timeFromEpochMilli(t int64) time.Time {
-	secs := t / 1e3
-	msec := t % 1e3
-	return time.Unix(secs, msec*int64(time.Millisecond)).UTC()
-}
-
-// An UUIDValue provides eventstream encoding, and representation of a UUID
-// value.
-type UUIDValue [16]byte
-
-// Get returns the underlying value.
-func (v UUIDValue) Get() interface{} {
-	return v[:]
-}
-
-// valueType returns the EventStream header value type value.
-func (UUIDValue) valueType() valueType {
-	return uuidValueType
-}
-
-func (v UUIDValue) String() string {
-	return fmt.Sprintf(`%X-%X-%X-%X-%X`, v[0:4], v[4:6], v[6:8], v[8:10], v[10:])
-}
-
-// encode encodes the UUIDValue into an eventstream binary value
-// representation.
-func (v UUIDValue) encode(w io.Writer) error {
-	raw := rawValue{
-		Type: v.valueType(),
-	}
-
-	return raw.encodeFixedSlice(w, v[:])
-}
-
-func (v *UUIDValue) decode(r io.Reader) error {
-	tv := (*v)[:]
-	return decodeFixedBytesValue(r, tv)
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/message.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/message.go
deleted file mode 100644
index f7427da03..000000000
--- a/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/message.go
+++ /dev/null
@@ -1,117 +0,0 @@
-package eventstream
-
-import (
-	"bytes"
-	"encoding/binary"
-	"hash/crc32"
-)
-
-const preludeLen = 8
-const preludeCRCLen = 4
-const msgCRCLen = 4
-const minMsgLen = preludeLen + preludeCRCLen + msgCRCLen
-const maxPayloadLen = 1024 * 1024 * 16 // 16MB
-const maxHeadersLen = 1024 * 128       // 128KB
-const maxMsgLen = minMsgLen + maxHeadersLen + maxPayloadLen
-
-var crc32IEEETable = crc32.MakeTable(crc32.IEEE)
-
-// A Message provides the eventstream message representation.
-type Message struct {
-	Headers Headers
-	Payload []byte
-}
-
-func (m *Message) rawMessage() (rawMessage, error) {
-	var raw rawMessage
-
-	if len(m.Headers) > 0 {
-		var headers bytes.Buffer
-		if err := EncodeHeaders(&headers, m.Headers); err != nil {
-			return rawMessage{}, err
-		}
-		raw.Headers = headers.Bytes()
-		raw.HeadersLen = uint32(len(raw.Headers))
-	}
-
-	raw.Length = raw.HeadersLen + uint32(len(m.Payload)) + minMsgLen
-
-	hash := crc32.New(crc32IEEETable)
-	binaryWriteFields(hash, binary.BigEndian, raw.Length, raw.HeadersLen)
-	raw.PreludeCRC = hash.Sum32()
-
-	binaryWriteFields(hash, binary.BigEndian, raw.PreludeCRC)
-
-	if raw.HeadersLen > 0 {
-		hash.Write(raw.Headers)
-	}
-
-	// Read payload bytes and update hash for it as well.
-	if len(m.Payload) > 0 {
-		raw.Payload = m.Payload
-		hash.Write(raw.Payload)
-	}
-
-	raw.CRC = hash.Sum32()
-
-	return raw, nil
-}
-
-// Clone returns a deep copy of the message.
-func (m Message) Clone() Message {
-	var payload []byte
-	if m.Payload != nil {
-		payload = make([]byte, len(m.Payload))
-		copy(payload, m.Payload)
-	}
-
-	return Message{
-		Headers: m.Headers.Clone(),
-		Payload: payload,
-	}
-}
-
-type messagePrelude struct {
-	Length     uint32
-	HeadersLen uint32
-	PreludeCRC uint32
-}
-
-func (p messagePrelude) PayloadLen() uint32 {
-	return p.Length - p.HeadersLen - minMsgLen
-}
-
-func (p messagePrelude) ValidateLens() error {
-	if p.Length == 0 || p.Length > maxMsgLen {
-		return LengthError{
-			Part: "message prelude",
-			Want: maxMsgLen,
-			Have: int(p.Length),
-		}
-	}
-	if p.HeadersLen > maxHeadersLen {
-		return LengthError{
-			Part: "message headers",
-			Want: maxHeadersLen,
-			Have: int(p.HeadersLen),
-		}
-	}
-	if payloadLen := p.PayloadLen(); payloadLen > maxPayloadLen {
-		return LengthError{
-			Part: "message payload",
-			Want: maxPayloadLen,
-			Have: int(payloadLen),
-		}
-	}
-
-	return nil
-}
-
-type rawMessage struct {
-	messagePrelude
-
-	Headers []byte
-	Payload []byte
-
-	CRC uint32
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/host.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/host.go
deleted file mode 100644
index 1f1d27aea..000000000
--- a/vendor/github.com/aws/aws-sdk-go/private/protocol/host.go
+++ /dev/null
@@ -1,104 +0,0 @@
-package protocol
-
-import (
-	"github.com/aws/aws-sdk-go/aws/request"
-	"net"
-	"strconv"
-	"strings"
-)
-
-// ValidateEndpointHostHandler is a request handler that will validate the
-// request endpoint's hosts is a valid RFC 3986 host.
-var ValidateEndpointHostHandler = request.NamedHandler{
-	Name: "awssdk.protocol.ValidateEndpointHostHandler",
-	Fn: func(r *request.Request) {
-		err := ValidateEndpointHost(r.Operation.Name, r.HTTPRequest.URL.Host)
-		if err != nil {
-			r.Error = err
-		}
-	},
-}
-
-// ValidateEndpointHost validates that the host string passed in is a valid RFC
-// 3986 host. Returns error if the host is not valid.
-func ValidateEndpointHost(opName, host string) error {
-	paramErrs := request.ErrInvalidParams{Context: opName}
-
-	var hostname string
-	var port string
-	var err error
-
-	if strings.Contains(host, ":") {
-		hostname, port, err = net.SplitHostPort(host)
-
-		if err != nil {
-			paramErrs.Add(request.NewErrParamFormat("endpoint", err.Error(), host))
-		}
-
-		if !ValidPortNumber(port) {
-			paramErrs.Add(request.NewErrParamFormat("endpoint port number", "[0-65535]", port))
-		}
-	} else {
-		hostname = host
-	}
-
-	labels := strings.Split(hostname, ".")
-	for i, label := range labels {
-		if i == len(labels)-1 && len(label) == 0 {
-			// Allow trailing dot for FQDN hosts.
-			continue
-		}
-
-		if !ValidHostLabel(label) {
-			paramErrs.Add(request.NewErrParamFormat(
-				"endpoint host label", "[a-zA-Z0-9-]{1,63}", label))
-		}
-	}
-
-	if len(hostname) == 0 {
-		paramErrs.Add(request.NewErrParamMinLen("endpoint host", 1))
-	}
-
-	if len(hostname) > 255 {
-		paramErrs.Add(request.NewErrParamMaxLen(
-			"endpoint host", 255, host,
-		))
-	}
-
-	if paramErrs.Len() > 0 {
-		return paramErrs
-	}
-	return nil
-}
-
-// ValidHostLabel returns if the label is a valid RFC 3986 host label.
-func ValidHostLabel(label string) bool {
-	if l := len(label); l == 0 || l > 63 {
-		return false
-	}
-	for _, r := range label {
-		switch {
-		case r >= '0' && r <= '9':
-		case r >= 'A' && r <= 'Z':
-		case r >= 'a' && r <= 'z':
-		case r == '-':
-		default:
-			return false
-		}
-	}
-
-	return true
-}
-
-// ValidPortNumber return if the port is valid RFC 3986 port
-func ValidPortNumber(port string) bool {
-	i, err := strconv.Atoi(port)
-	if err != nil {
-		return false
-	}
-
-	if i < 0 || i > 65535 {
-		return false
-	}
-	return true
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/host_prefix.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/host_prefix.go
deleted file mode 100644
index 915b0fcaf..000000000
--- a/vendor/github.com/aws/aws-sdk-go/private/protocol/host_prefix.go
+++ /dev/null
@@ -1,54 +0,0 @@
-package protocol
-
-import (
-	"strings"
-
-	"github.com/aws/aws-sdk-go/aws"
-	"github.com/aws/aws-sdk-go/aws/request"
-)
-
-// HostPrefixHandlerName is the handler name for the host prefix request
-// handler.
-const HostPrefixHandlerName = "awssdk.endpoint.HostPrefixHandler"
-
-// NewHostPrefixHandler constructs a build handler
-func NewHostPrefixHandler(prefix string, labelsFn func() map[string]string) request.NamedHandler {
-	builder := HostPrefixBuilder{
-		Prefix:   prefix,
-		LabelsFn: labelsFn,
-	}
-
-	return request.NamedHandler{
-		Name: HostPrefixHandlerName,
-		Fn:   builder.Build,
-	}
-}
-
-// HostPrefixBuilder provides the request handler to expand and prepend
-// the host prefix into the operation's request endpoint host.
-type HostPrefixBuilder struct {
-	Prefix   string
-	LabelsFn func() map[string]string
-}
-
-// Build updates the passed in Request with the HostPrefix template expanded.
-func (h HostPrefixBuilder) Build(r *request.Request) {
-	if aws.BoolValue(r.Config.DisableEndpointHostPrefix) {
-		return
-	}
-
-	var labels map[string]string
-	if h.LabelsFn != nil {
-		labels = h.LabelsFn()
-	}
-
-	prefix := h.Prefix
-	for name, value := range labels {
-		prefix = strings.Replace(prefix, "{"+name+"}", value, -1)
-	}
-
-	r.HTTPRequest.URL.Host = prefix + r.HTTPRequest.URL.Host
-	if len(r.HTTPRequest.Host) > 0 {
-		r.HTTPRequest.Host = prefix + r.HTTPRequest.Host
-	}
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/idempotency.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/idempotency.go
deleted file mode 100644
index 53831dff9..000000000
--- a/vendor/github.com/aws/aws-sdk-go/private/protocol/idempotency.go
+++ /dev/null
@@ -1,75 +0,0 @@
-package protocol
-
-import (
-	"crypto/rand"
-	"fmt"
-	"reflect"
-)
-
-// RandReader is the random reader the protocol package will use to read
-// random bytes from. This is exported for testing, and should not be used.
-var RandReader = rand.Reader
-
-const idempotencyTokenFillTag = `idempotencyToken`
-
-// CanSetIdempotencyToken returns true if the struct field should be
-// automatically populated with a Idempotency token.
-//
-// Only *string and string type fields that are tagged with idempotencyToken
-// which are not already set can be auto filled.
-func CanSetIdempotencyToken(v reflect.Value, f reflect.StructField) bool {
-	switch u := v.Interface().(type) {
-	// To auto fill an Idempotency token the field must be a string,
-	// tagged for auto fill, and have a zero value.
-	case *string:
-		return u == nil && len(f.Tag.Get(idempotencyTokenFillTag)) != 0
-	case string:
-		return len(u) == 0 && len(f.Tag.Get(idempotencyTokenFillTag)) != 0
-	}
-
-	return false
-}
-
-// GetIdempotencyToken returns a randomly generated idempotency token.
-func GetIdempotencyToken() string {
-	b := make([]byte, 16)
-	RandReader.Read(b)
-
-	return UUIDVersion4(b)
-}
-
-// SetIdempotencyToken will set the value provided with a Idempotency Token.
-// Given that the value can be set. Will panic if value is not setable.
-func SetIdempotencyToken(v reflect.Value) {
-	if v.Kind() == reflect.Ptr {
-		if v.IsNil() && v.CanSet() {
-			v.Set(reflect.New(v.Type().Elem()))
-		}
-		v = v.Elem()
-	}
-	v = reflect.Indirect(v)
-
-	if !v.CanSet() {
-		panic(fmt.Sprintf("unable to set idempotnecy token %v", v))
-	}
-
-	b := make([]byte, 16)
-	_, err := rand.Read(b)
-	if err != nil {
-		// TODO handle error
-		return
-	}
-
-	v.Set(reflect.ValueOf(UUIDVersion4(b)))
-}
-
-// UUIDVersion4 returns a Version 4 random UUID from the byte slice provided
-func UUIDVersion4(u []byte) string {
-	// https://en.wikipedia.org/wiki/Universally_unique_identifier#Version_4_.28random.29
-	// 13th character is "4"
-	u[6] = (u[6] | 0x40) & 0x4F
-	// 17th character is "8", "9", "a", or "b"
-	u[8] = (u[8] | 0x80) & 0xBF
-
-	return fmt.Sprintf(`%X-%X-%X-%X-%X`, u[0:4], u[4:6], u[6:8], u[8:10], u[10:])
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/json/jsonutil/build.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/json/jsonutil/build.go
deleted file mode 100644
index 12e814ddf..000000000
--- a/vendor/github.com/aws/aws-sdk-go/private/protocol/json/jsonutil/build.go
+++ /dev/null
@@ -1,309 +0,0 @@
-// Package jsonutil provides JSON serialization of AWS requests and responses.
-package jsonutil
-
-import (
-	"bytes"
-	"encoding/base64"
-	"fmt"
-	"math"
-	"reflect"
-	"sort"
-	"strconv"
-	"time"
-
-	"github.com/aws/aws-sdk-go/aws"
-	"github.com/aws/aws-sdk-go/private/protocol"
-)
-
-const (
-	floatNaN    = "NaN"
-	floatInf    = "Infinity"
-	floatNegInf = "-Infinity"
-)
-
-var timeType = reflect.ValueOf(time.Time{}).Type()
-var byteSliceType = reflect.ValueOf([]byte{}).Type()
-
-// BuildJSON builds a JSON string for a given object v.
-func BuildJSON(v interface{}) ([]byte, error) {
-	var buf bytes.Buffer
-
-	err := buildAny(reflect.ValueOf(v), &buf, "")
-	return buf.Bytes(), err
-}
-
-func buildAny(value reflect.Value, buf *bytes.Buffer, tag reflect.StructTag) error {
-	origVal := value
-	value = reflect.Indirect(value)
-	if !value.IsValid() {
-		return nil
-	}
-
-	vtype := value.Type()
-
-	t := tag.Get("type")
-	if t == "" {
-		switch vtype.Kind() {
-		case reflect.Struct:
-			// also it can't be a time object
-			if value.Type() != timeType {
-				t = "structure"
-			}
-		case reflect.Slice:
-			// also it can't be a byte slice
-			if _, ok := value.Interface().([]byte); !ok {
-				t = "list"
-			}
-		case reflect.Map:
-			// cannot be a JSONValue map
-			if _, ok := value.Interface().(aws.JSONValue); !ok {
-				t = "map"
-			}
-		}
-	}
-
-	switch t {
-	case "structure":
-		if field, ok := vtype.FieldByName("_"); ok {
-			tag = field.Tag
-		}
-		return buildStruct(value, buf, tag)
-	case "list":
-		return buildList(value, buf, tag)
-	case "map":
-		return buildMap(value, buf, tag)
-	default:
-		return buildScalar(origVal, buf, tag)
-	}
-}
-
-func buildStruct(value reflect.Value, buf *bytes.Buffer, tag reflect.StructTag) error {
-	if !value.IsValid() {
-		return nil
-	}
-
-	// unwrap payloads
-	if payload := tag.Get("payload"); payload != "" {
-		field, _ := value.Type().FieldByName(payload)
-		tag = field.Tag
-		value = elemOf(value.FieldByName(payload))
-		if !value.IsValid() && tag.Get("type") != "structure" {
-			return nil
-		}
-	}
-
-	buf.WriteByte('{')
-	defer buf.WriteString("}")
-
-	if !value.IsValid() {
-		return nil
-	}
-
-	t := value.Type()
-	first := true
-	for i := 0; i < t.NumField(); i++ {
-		member := value.Field(i)
-
-		// This allocates the most memory.
-		// Additionally, we cannot skip nil fields due to
-		// idempotency auto filling.
-		field := t.Field(i)
-
-		if field.PkgPath != "" {
-			continue // ignore unexported fields
-		}
-		if field.Tag.Get("json") == "-" {
-			continue
-		}
-		if field.Tag.Get("location") != "" {
-			continue // ignore non-body elements
-		}
-		if field.Tag.Get("ignore") != "" {
-			continue
-		}
-
-		if protocol.CanSetIdempotencyToken(member, field) {
-			token := protocol.GetIdempotencyToken()
-			member = reflect.ValueOf(&token)
-		}
-
-		if (member.Kind() == reflect.Ptr || member.Kind() == reflect.Slice || member.Kind() == reflect.Map) && member.IsNil() {
-			continue // ignore unset fields
-		}
-
-		if first {
-			first = false
-		} else {
-			buf.WriteByte(',')
-		}
-
-		// figure out what this field is called
-		name := field.Name
-		if locName := field.Tag.Get("locationName"); locName != "" {
-			name = locName
-		}
-
-		writeString(name, buf)
-		buf.WriteString(`:`)
-
-		err := buildAny(member, buf, field.Tag)
-		if err != nil {
-			return err
-		}
-
-	}
-
-	return nil
-}
-
-func buildList(value reflect.Value, buf *bytes.Buffer, tag reflect.StructTag) error {
-	buf.WriteString("[")
-
-	for i := 0; i < value.Len(); i++ {
-		buildAny(value.Index(i), buf, "")
-
-		if i < value.Len()-1 {
-			buf.WriteString(",")
-		}
-	}
-
-	buf.WriteString("]")
-
-	return nil
-}
-
-type sortedValues []reflect.Value
-
-func (sv sortedValues) Len() int           { return len(sv) }
-func (sv sortedValues) Swap(i, j int)      { sv[i], sv[j] = sv[j], sv[i] }
-func (sv sortedValues) Less(i, j int) bool { return sv[i].String() < sv[j].String() }
-
-func buildMap(value reflect.Value, buf *bytes.Buffer, tag reflect.StructTag) error {
-	buf.WriteString("{")
-
-	sv := sortedValues(value.MapKeys())
-	sort.Sort(sv)
-
-	for i, k := range sv {
-		if i > 0 {
-			buf.WriteByte(',')
-		}
-
-		writeString(k.String(), buf)
-		buf.WriteString(`:`)
-
-		buildAny(value.MapIndex(k), buf, "")
-	}
-
-	buf.WriteString("}")
-
-	return nil
-}
-
-func buildScalar(v reflect.Value, buf *bytes.Buffer, tag reflect.StructTag) error {
-	// prevents allocation on the heap.
-	scratch := [64]byte{}
-	switch value := reflect.Indirect(v); value.Kind() {
-	case reflect.String:
-		writeString(value.String(), buf)
-	case reflect.Bool:
-		if value.Bool() {
-			buf.WriteString("true")
-		} else {
-			buf.WriteString("false")
-		}
-	case reflect.Int64:
-		buf.Write(strconv.AppendInt(scratch[:0], value.Int(), 10))
-	case reflect.Float64:
-		f := value.Float()
-		switch {
-		case math.IsNaN(f):
-			writeString(floatNaN, buf)
-		case math.IsInf(f, 1):
-			writeString(floatInf, buf)
-		case math.IsInf(f, -1):
-			writeString(floatNegInf, buf)
-		default:
-			buf.Write(strconv.AppendFloat(scratch[:0], f, 'f', -1, 64))
-		}
-	default:
-		switch converted := value.Interface().(type) {
-		case time.Time:
-			format := tag.Get("timestampFormat")
-			if len(format) == 0 {
-				format = protocol.UnixTimeFormatName
-			}
-
-			ts := protocol.FormatTime(format, converted)
-			if format != protocol.UnixTimeFormatName {
-				ts = `"` + ts + `"`
-			}
-
-			buf.WriteString(ts)
-		case []byte:
-			if !value.IsNil() {
-				buf.WriteByte('"')
-				if len(converted) < 1024 {
-					// for small buffers, using Encode directly is much faster.
-					dst := make([]byte, base64.StdEncoding.EncodedLen(len(converted)))
-					base64.StdEncoding.Encode(dst, converted)
-					buf.Write(dst)
-				} else {
-					// for large buffers, avoid unnecessary extra temporary
-					// buffer space.
-					enc := base64.NewEncoder(base64.StdEncoding, buf)
-					enc.Write(converted)
-					enc.Close()
-				}
-				buf.WriteByte('"')
-			}
-		case aws.JSONValue:
-			str, err := protocol.EncodeJSONValue(converted, protocol.QuotedEscape)
-			if err != nil {
-				return fmt.Errorf("unable to encode JSONValue, %v", err)
-			}
-			buf.WriteString(str)
-		default:
-			return fmt.Errorf("unsupported JSON value %v (%s)", value.Interface(), value.Type())
-		}
-	}
-	return nil
-}
-
-var hex = "0123456789abcdef"
-
-func writeString(s string, buf *bytes.Buffer) {
-	buf.WriteByte('"')
-	for i := 0; i < len(s); i++ {
-		if s[i] == '"' {
-			buf.WriteString(`\"`)
-		} else if s[i] == '\\' {
-			buf.WriteString(`\\`)
-		} else if s[i] == '\b' {
-			buf.WriteString(`\b`)
-		} else if s[i] == '\f' {
-			buf.WriteString(`\f`)
-		} else if s[i] == '\r' {
-			buf.WriteString(`\r`)
-		} else if s[i] == '\t' {
-			buf.WriteString(`\t`)
-		} else if s[i] == '\n' {
-			buf.WriteString(`\n`)
-		} else if s[i] < 32 {
-			buf.WriteString("\\u00")
-			buf.WriteByte(hex[s[i]>>4])
-			buf.WriteByte(hex[s[i]&0xF])
-		} else {
-			buf.WriteByte(s[i])
-		}
-	}
-	buf.WriteByte('"')
-}
-
-// Returns the reflection element of a value, if it is a pointer.
-func elemOf(value reflect.Value) reflect.Value {
-	for value.Kind() == reflect.Ptr {
-		value = value.Elem()
-	}
-	return value
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/json/jsonutil/unmarshal.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/json/jsonutil/unmarshal.go
deleted file mode 100644
index f9334879b..000000000
--- a/vendor/github.com/aws/aws-sdk-go/private/protocol/json/jsonutil/unmarshal.go
+++ /dev/null
@@ -1,317 +0,0 @@
-package jsonutil
-
-import (
-	"bytes"
-	"encoding/base64"
-	"encoding/json"
-	"fmt"
-	"io"
-	"math"
-	"math/big"
-	"reflect"
-	"strings"
-	"time"
-
-	"github.com/aws/aws-sdk-go/aws"
-	"github.com/aws/aws-sdk-go/aws/awserr"
-	"github.com/aws/aws-sdk-go/private/protocol"
-)
-
-var millisecondsFloat = new(big.Float).SetInt64(1e3)
-
-// UnmarshalJSONError unmarshal's the reader's JSON document into the passed in
-// type. The value to unmarshal the json document into must be a pointer to the
-// type.
-func UnmarshalJSONError(v interface{}, stream io.Reader) error {
-	var errBuf bytes.Buffer
-	body := io.TeeReader(stream, &errBuf)
-
-	err := json.NewDecoder(body).Decode(v)
-	if err != nil {
-		msg := "failed decoding error message"
-		if err == io.EOF {
-			msg = "error message missing"
-			err = nil
-		}
-		return awserr.NewUnmarshalError(err, msg, errBuf.Bytes())
-	}
-
-	return nil
-}
-
-// UnmarshalJSON reads a stream and unmarshals the results in object v.
-func UnmarshalJSON(v interface{}, stream io.Reader) error {
-	var out interface{}
-
-	decoder := json.NewDecoder(stream)
-	decoder.UseNumber()
-	err := decoder.Decode(&out)
-	if err == io.EOF {
-		return nil
-	} else if err != nil {
-		return err
-	}
-
-	return unmarshaler{}.unmarshalAny(reflect.ValueOf(v), out, "")
-}
-
-// UnmarshalJSONCaseInsensitive reads a stream and unmarshals the result into the
-// object v. Ignores casing for structure members.
-func UnmarshalJSONCaseInsensitive(v interface{}, stream io.Reader) error {
-	var out interface{}
-
-	decoder := json.NewDecoder(stream)
-	decoder.UseNumber()
-	err := decoder.Decode(&out)
-	if err == io.EOF {
-		return nil
-	} else if err != nil {
-		return err
-	}
-
-	return unmarshaler{
-		caseInsensitive: true,
-	}.unmarshalAny(reflect.ValueOf(v), out, "")
-}
-
-type unmarshaler struct {
-	caseInsensitive bool
-}
-
-func (u unmarshaler) unmarshalAny(value reflect.Value, data interface{}, tag reflect.StructTag) error {
-	vtype := value.Type()
-	if vtype.Kind() == reflect.Ptr {
-		vtype = vtype.Elem() // check kind of actual element type
-	}
-
-	t := tag.Get("type")
-	if t == "" {
-		switch vtype.Kind() {
-		case reflect.Struct:
-			// also it can't be a time object
-			if _, ok := value.Interface().(*time.Time); !ok {
-				t = "structure"
-			}
-		case reflect.Slice:
-			// also it can't be a byte slice
-			if _, ok := value.Interface().([]byte); !ok {
-				t = "list"
-			}
-		case reflect.Map:
-			// cannot be a JSONValue map
-			if _, ok := value.Interface().(aws.JSONValue); !ok {
-				t = "map"
-			}
-		}
-	}
-
-	switch t {
-	case "structure":
-		if field, ok := vtype.FieldByName("_"); ok {
-			tag = field.Tag
-		}
-		return u.unmarshalStruct(value, data, tag)
-	case "list":
-		return u.unmarshalList(value, data, tag)
-	case "map":
-		return u.unmarshalMap(value, data, tag)
-	default:
-		return u.unmarshalScalar(value, data, tag)
-	}
-}
-
-func (u unmarshaler) unmarshalStruct(value reflect.Value, data interface{}, tag reflect.StructTag) error {
-	if data == nil {
-		return nil
-	}
-	mapData, ok := data.(map[string]interface{})
-	if !ok {
-		return fmt.Errorf("JSON value is not a structure (%#v)", data)
-	}
-
-	t := value.Type()
-	if value.Kind() == reflect.Ptr {
-		if value.IsNil() { // create the structure if it's nil
-			s := reflect.New(value.Type().Elem())
-			value.Set(s)
-			value = s
-		}
-
-		value = value.Elem()
-		t = t.Elem()
-	}
-
-	// unwrap any payloads
-	if payload := tag.Get("payload"); payload != "" {
-		field, _ := t.FieldByName(payload)
-		return u.unmarshalAny(value.FieldByName(payload), data, field.Tag)
-	}
-
-	for i := 0; i < t.NumField(); i++ {
-		field := t.Field(i)
-		if field.PkgPath != "" {
-			continue // ignore unexported fields
-		}
-
-		// figure out what this field is called
-		name := field.Name
-		if locName := field.Tag.Get("locationName"); locName != "" {
-			name = locName
-		}
-		if u.caseInsensitive {
-			if _, ok := mapData[name]; !ok {
-				// Fallback to uncased name search if the exact name didn't match.
-				for kn, v := range mapData {
-					if strings.EqualFold(kn, name) {
-						mapData[name] = v
-					}
-				}
-			}
-		}
-
-		member := value.FieldByIndex(field.Index)
-		err := u.unmarshalAny(member, mapData[name], field.Tag)
-		if err != nil {
-			return err
-		}
-	}
-	return nil
-}
-
-func (u unmarshaler) unmarshalList(value reflect.Value, data interface{}, tag reflect.StructTag) error {
-	if data == nil {
-		return nil
-	}
-	listData, ok := data.([]interface{})
-	if !ok {
-		return fmt.Errorf("JSON value is not a list (%#v)", data)
-	}
-
-	if value.IsNil() {
-		l := len(listData)
-		value.Set(reflect.MakeSlice(value.Type(), l, l))
-	}
-
-	for i, c := range listData {
-		err := u.unmarshalAny(value.Index(i), c, "")
-		if err != nil {
-			return err
-		}
-	}
-
-	return nil
-}
-
-func (u unmarshaler) unmarshalMap(value reflect.Value, data interface{}, tag reflect.StructTag) error {
-	if data == nil {
-		return nil
-	}
-	mapData, ok := data.(map[string]interface{})
-	if !ok {
-		return fmt.Errorf("JSON value is not a map (%#v)", data)
-	}
-
-	if value.IsNil() {
-		value.Set(reflect.MakeMap(value.Type()))
-	}
-
-	for k, v := range mapData {
-		kvalue := reflect.ValueOf(k)
-		vvalue := reflect.New(value.Type().Elem()).Elem()
-
-		u.unmarshalAny(vvalue, v, "")
-		value.SetMapIndex(kvalue, vvalue)
-	}
-
-	return nil
-}
-
-func (u unmarshaler) unmarshalScalar(value reflect.Value, data interface{}, tag reflect.StructTag) error {
-
-	switch d := data.(type) {
-	case nil:
-		return nil // nothing to do here
-	case string:
-		switch value.Interface().(type) {
-		case *string:
-			value.Set(reflect.ValueOf(&d))
-		case []byte:
-			b, err := base64.StdEncoding.DecodeString(d)
-			if err != nil {
-				return err
-			}
-			value.Set(reflect.ValueOf(b))
-		case *time.Time:
-			format := tag.Get("timestampFormat")
-			if len(format) == 0 {
-				format = protocol.ISO8601TimeFormatName
-			}
-
-			t, err := protocol.ParseTime(format, d)
-			if err != nil {
-				return err
-			}
-			value.Set(reflect.ValueOf(&t))
-		case aws.JSONValue:
-			// No need to use escaping as the value is a non-quoted string.
-			v, err := protocol.DecodeJSONValue(d, protocol.NoEscape)
-			if err != nil {
-				return err
-			}
-			value.Set(reflect.ValueOf(v))
-		case *float64:
-			// These are regular strings when parsed by encoding/json's unmarshaler.
-			switch {
-			case strings.EqualFold(d, floatNaN):
-				value.Set(reflect.ValueOf(aws.Float64(math.NaN())))
-			case strings.EqualFold(d, floatInf):
-				value.Set(reflect.ValueOf(aws.Float64(math.Inf(1))))
-			case strings.EqualFold(d, floatNegInf):
-				value.Set(reflect.ValueOf(aws.Float64(math.Inf(-1))))
-			default:
-				return fmt.Errorf("unknown JSON number value: %s", d)
-			}
-		default:
-			return fmt.Errorf("unsupported value: %v (%s)", value.Interface(), value.Type())
-		}
-	case json.Number:
-		switch value.Interface().(type) {
-		case *int64:
-			// Retain the old behavior where we would just truncate the float64
-			// calling d.Int64() here could cause an invalid syntax error due to the usage of strconv.ParseInt
-			f, err := d.Float64()
-			if err != nil {
-				return err
-			}
-			di := int64(f)
-			value.Set(reflect.ValueOf(&di))
-		case *float64:
-			f, err := d.Float64()
-			if err != nil {
-				return err
-			}
-			value.Set(reflect.ValueOf(&f))
-		case *time.Time:
-			float, ok := new(big.Float).SetString(d.String())
-			if !ok {
-				return fmt.Errorf("unsupported float time representation: %v", d.String())
-			}
-			float = float.Mul(float, millisecondsFloat)
-			ms, _ := float.Int64()
-			t := time.Unix(0, ms*1e6).UTC()
-			value.Set(reflect.ValueOf(&t))
-		default:
-			return fmt.Errorf("unsupported value: %v (%s)", value.Interface(), value.Type())
-		}
-	case bool:
-		switch value.Interface().(type) {
-		case *bool:
-			value.Set(reflect.ValueOf(&d))
-		default:
-			return fmt.Errorf("unsupported value: %v (%s)", value.Interface(), value.Type())
-		}
-	default:
-		return fmt.Errorf("unsupported JSON value (%v)", data)
-	}
-	return nil
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/jsonrpc/jsonrpc.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/jsonrpc/jsonrpc.go
deleted file mode 100644
index d9aa27114..000000000
--- a/vendor/github.com/aws/aws-sdk-go/private/protocol/jsonrpc/jsonrpc.go
+++ /dev/null
@@ -1,87 +0,0 @@
-// Package jsonrpc provides JSON RPC utilities for serialization of AWS
-// requests and responses.
-package jsonrpc
-
-//go:generate go run -tags codegen ../../../private/model/cli/gen-protocol-tests ../../../models/protocol_tests/input/json.json build_test.go
-//go:generate go run -tags codegen ../../../private/model/cli/gen-protocol-tests ../../../models/protocol_tests/output/json.json unmarshal_test.go
-
-import (
-	"github.com/aws/aws-sdk-go/aws/awserr"
-	"github.com/aws/aws-sdk-go/aws/request"
-	"github.com/aws/aws-sdk-go/private/protocol/json/jsonutil"
-	"github.com/aws/aws-sdk-go/private/protocol/rest"
-)
-
-var emptyJSON = []byte("{}")
-
-// BuildHandler is a named request handler for building jsonrpc protocol
-// requests
-var BuildHandler = request.NamedHandler{
-	Name: "awssdk.jsonrpc.Build",
-	Fn:   Build,
-}
-
-// UnmarshalHandler is a named request handler for unmarshaling jsonrpc
-// protocol requests
-var UnmarshalHandler = request.NamedHandler{
-	Name: "awssdk.jsonrpc.Unmarshal",
-	Fn:   Unmarshal,
-}
-
-// UnmarshalMetaHandler is a named request handler for unmarshaling jsonrpc
-// protocol request metadata
-var UnmarshalMetaHandler = request.NamedHandler{
-	Name: "awssdk.jsonrpc.UnmarshalMeta",
-	Fn:   UnmarshalMeta,
-}
-
-// Build builds a JSON payload for a JSON RPC request.
-func Build(req *request.Request) {
-	var buf []byte
-	var err error
-	if req.ParamsFilled() {
-		buf, err = jsonutil.BuildJSON(req.Params)
-		if err != nil {
-			req.Error = awserr.New(request.ErrCodeSerialization, "failed encoding JSON RPC request", err)
-			return
-		}
-	} else {
-		buf = emptyJSON
-	}
-
-	// Always serialize the body, don't suppress it.
-	req.SetBufferBody(buf)
-
-	if req.ClientInfo.TargetPrefix != "" {
-		target := req.ClientInfo.TargetPrefix + "." + req.Operation.Name
-		req.HTTPRequest.Header.Add("X-Amz-Target", target)
-	}
-
-	// Only set the content type if one is not already specified and an
-	// JSONVersion is specified.
-	if ct, v := req.HTTPRequest.Header.Get("Content-Type"), req.ClientInfo.JSONVersion; len(ct) == 0 && len(v) != 0 {
-		jsonVersion := req.ClientInfo.JSONVersion
-		req.HTTPRequest.Header.Set("Content-Type", "application/x-amz-json-"+jsonVersion)
-	}
-}
-
-// Unmarshal unmarshals a response for a JSON RPC service.
-func Unmarshal(req *request.Request) {
-	defer req.HTTPResponse.Body.Close()
-	if req.DataFilled() {
-		err := jsonutil.UnmarshalJSON(req.Data, req.HTTPResponse.Body)
-		if err != nil {
-			req.Error = awserr.NewRequestFailure(
-				awserr.New(request.ErrCodeSerialization, "failed decoding JSON RPC response", err),
-				req.HTTPResponse.StatusCode,
-				req.RequestID,
-			)
-		}
-	}
-	return
-}
-
-// UnmarshalMeta unmarshals headers from a response for a JSON RPC service.
-func UnmarshalMeta(req *request.Request) {
-	rest.UnmarshalMeta(req)
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/jsonrpc/unmarshal_error.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/jsonrpc/unmarshal_error.go
deleted file mode 100644
index 9c1ccde54..000000000
--- a/vendor/github.com/aws/aws-sdk-go/private/protocol/jsonrpc/unmarshal_error.go
+++ /dev/null
@@ -1,160 +0,0 @@
-package jsonrpc
-
-import (
-	"bytes"
-	"io"
-	"io/ioutil"
-	"net/http"
-	"strings"
-
-	"github.com/aws/aws-sdk-go/aws/awserr"
-	"github.com/aws/aws-sdk-go/aws/request"
-	"github.com/aws/aws-sdk-go/private/protocol"
-	"github.com/aws/aws-sdk-go/private/protocol/json/jsonutil"
-)
-
-const (
-	awsQueryError = "x-amzn-query-error"
-	// A valid header example - "x-amzn-query-error": "<QueryErrorCode>;<ErrorType>"
-	awsQueryErrorPartsCount = 2
-)
-
-// UnmarshalTypedError provides unmarshaling errors API response errors
-// for both typed and untyped errors.
-type UnmarshalTypedError struct {
-	exceptions      map[string]func(protocol.ResponseMetadata) error
-	queryExceptions map[string]func(protocol.ResponseMetadata, string) error
-}
-
-// NewUnmarshalTypedError returns an UnmarshalTypedError initialized for the
-// set of exception names to the error unmarshalers
-func NewUnmarshalTypedError(exceptions map[string]func(protocol.ResponseMetadata) error) *UnmarshalTypedError {
-	return &UnmarshalTypedError{
-		exceptions:      exceptions,
-		queryExceptions: map[string]func(protocol.ResponseMetadata, string) error{},
-	}
-}
-
-// NewUnmarshalTypedErrorWithOptions works similar to NewUnmarshalTypedError applying options to the UnmarshalTypedError
-// before returning it
-func NewUnmarshalTypedErrorWithOptions(exceptions map[string]func(protocol.ResponseMetadata) error, optFns ...func(*UnmarshalTypedError)) *UnmarshalTypedError {
-	unmarshaledError := NewUnmarshalTypedError(exceptions)
-	for _, fn := range optFns {
-		fn(unmarshaledError)
-	}
-	return unmarshaledError
-}
-
-// WithQueryCompatibility is a helper function to construct a functional option for use with NewUnmarshalTypedErrorWithOptions.
-// The queryExceptions given act as an override for unmarshalling errors when query compatible error codes are found.
-// See also [awsQueryCompatible trait]
-//
-// [awsQueryCompatible trait]: https://smithy.io/2.0/aws/protocols/aws-query-protocol.html#aws-protocols-awsquerycompatible-trait
-func WithQueryCompatibility(queryExceptions map[string]func(protocol.ResponseMetadata, string) error) func(*UnmarshalTypedError) {
-	return func(typedError *UnmarshalTypedError) {
-		typedError.queryExceptions = queryExceptions
-	}
-}
-
-// UnmarshalError attempts to unmarshal the HTTP response error as a known
-// error type. If unable to unmarshal the error type, the generic SDK error
-// type will be used.
-func (u *UnmarshalTypedError) UnmarshalError(
-	resp *http.Response,
-	respMeta protocol.ResponseMetadata,
-) (error, error) {
-
-	var buf bytes.Buffer
-	var jsonErr jsonErrorResponse
-	teeReader := io.TeeReader(resp.Body, &buf)
-	err := jsonutil.UnmarshalJSONError(&jsonErr, teeReader)
-	if err != nil {
-		return nil, err
-	}
-	body := ioutil.NopCloser(&buf)
-
-	// Code may be separated by hash(#), with the last element being the code
-	// used by the SDK.
-	codeParts := strings.SplitN(jsonErr.Code, "#", 2)
-	code := codeParts[len(codeParts)-1]
-	msg := jsonErr.Message
-
-	queryCodeParts := queryCodeParts(resp, u)
-
-	if fn, ok := u.exceptions[code]; ok {
-		// If query-compatible exceptions are found and query-error-header is found,
-		// then use associated constructor to get exception with query error code.
-		//
-		// If exception code is known, use associated constructor to get a value
-		// for the exception that the JSON body can be unmarshaled into.
-		var v error
-		queryErrFn, queryExceptionsFound := u.queryExceptions[code]
-		if len(queryCodeParts) == awsQueryErrorPartsCount && queryExceptionsFound {
-			v = queryErrFn(respMeta, queryCodeParts[0])
-		} else {
-			v = fn(respMeta)
-		}
-		err := jsonutil.UnmarshalJSONCaseInsensitive(v, body)
-		if err != nil {
-			return nil, err
-		}
-		return v, nil
-	}
-
-	if len(queryCodeParts) == awsQueryErrorPartsCount && len(u.queryExceptions) > 0 {
-		code = queryCodeParts[0]
-	}
-
-	// fallback to unmodeled generic exceptions
-	return awserr.NewRequestFailure(
-		awserr.New(code, msg, nil),
-		respMeta.StatusCode,
-		respMeta.RequestID,
-	), nil
-}
-
-// A valid header example - "x-amzn-query-error": "<QueryErrorCode>;<ErrorType>"
-func queryCodeParts(resp *http.Response, u *UnmarshalTypedError) []string {
-	queryCodeHeader := resp.Header.Get(awsQueryError)
-	var queryCodeParts []string
-	if queryCodeHeader != "" && len(u.queryExceptions) > 0 {
-		queryCodeParts = strings.Split(queryCodeHeader, ";")
-	}
-	return queryCodeParts
-}
-
-// UnmarshalErrorHandler is a named request handler for unmarshaling jsonrpc
-// protocol request errors
-var UnmarshalErrorHandler = request.NamedHandler{
-	Name: "awssdk.jsonrpc.UnmarshalError",
-	Fn:   UnmarshalError,
-}
-
-// UnmarshalError unmarshals an error response for a JSON RPC service.
-func UnmarshalError(req *request.Request) {
-	defer req.HTTPResponse.Body.Close()
-
-	var jsonErr jsonErrorResponse
-	err := jsonutil.UnmarshalJSONError(&jsonErr, req.HTTPResponse.Body)
-	if err != nil {
-		req.Error = awserr.NewRequestFailure(
-			awserr.New(request.ErrCodeSerialization,
-				"failed to unmarshal error message", err),
-			req.HTTPResponse.StatusCode,
-			req.RequestID,
-		)
-		return
-	}
-
-	codes := strings.SplitN(jsonErr.Code, "#", 2)
-	req.Error = awserr.NewRequestFailure(
-		awserr.New(codes[len(codes)-1], jsonErr.Message, nil),
-		req.HTTPResponse.StatusCode,
-		req.RequestID,
-	)
-}
-
-type jsonErrorResponse struct {
-	Code    string `json:"__type"`
-	Message string `json:"message"`
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/jsonvalue.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/jsonvalue.go
deleted file mode 100644
index 776d11018..000000000
--- a/vendor/github.com/aws/aws-sdk-go/private/protocol/jsonvalue.go
+++ /dev/null
@@ -1,76 +0,0 @@
-package protocol
-
-import (
-	"encoding/base64"
-	"encoding/json"
-	"fmt"
-	"strconv"
-
-	"github.com/aws/aws-sdk-go/aws"
-)
-
-// EscapeMode is the mode that should be use for escaping a value
-type EscapeMode uint
-
-// The modes for escaping a value before it is marshaled, and unmarshaled.
-const (
-	NoEscape EscapeMode = iota
-	Base64Escape
-	QuotedEscape
-)
-
-// EncodeJSONValue marshals the value into a JSON string, and optionally base64
-// encodes the string before returning it.
-//
-// Will panic if the escape mode is unknown.
-func EncodeJSONValue(v aws.JSONValue, escape EscapeMode) (string, error) {
-	b, err := json.Marshal(v)
-	if err != nil {
-		return "", err
-	}
-
-	switch escape {
-	case NoEscape:
-		return string(b), nil
-	case Base64Escape:
-		return base64.StdEncoding.EncodeToString(b), nil
-	case QuotedEscape:
-		return strconv.Quote(string(b)), nil
-	}
-
-	panic(fmt.Sprintf("EncodeJSONValue called with unknown EscapeMode, %v", escape))
-}
-
-// DecodeJSONValue will attempt to decode the string input as a JSONValue.
-// Optionally decoding base64 the value first before JSON unmarshaling.
-//
-// Will panic if the escape mode is unknown.
-func DecodeJSONValue(v string, escape EscapeMode) (aws.JSONValue, error) {
-	var b []byte
-	var err error
-
-	switch escape {
-	case NoEscape:
-		b = []byte(v)
-	case Base64Escape:
-		b, err = base64.StdEncoding.DecodeString(v)
-	case QuotedEscape:
-		var u string
-		u, err = strconv.Unquote(v)
-		b = []byte(u)
-	default:
-		panic(fmt.Sprintf("DecodeJSONValue called with unknown EscapeMode, %v", escape))
-	}
-
-	if err != nil {
-		return nil, err
-	}
-
-	m := aws.JSONValue{}
-	err = json.Unmarshal(b, &m)
-	if err != nil {
-		return nil, err
-	}
-
-	return m, nil
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/payload.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/payload.go
deleted file mode 100644
index 0ea0647a5..000000000
--- a/vendor/github.com/aws/aws-sdk-go/private/protocol/payload.go
+++ /dev/null
@@ -1,81 +0,0 @@
-package protocol
-
-import (
-	"io"
-	"io/ioutil"
-	"net/http"
-
-	"github.com/aws/aws-sdk-go/aws"
-	"github.com/aws/aws-sdk-go/aws/client/metadata"
-	"github.com/aws/aws-sdk-go/aws/request"
-)
-
-// PayloadUnmarshaler provides the interface for unmarshaling a payload's
-// reader into a SDK shape.
-type PayloadUnmarshaler interface {
-	UnmarshalPayload(io.Reader, interface{}) error
-}
-
-// HandlerPayloadUnmarshal implements the PayloadUnmarshaler from a
-// HandlerList. This provides the support for unmarshaling a payload reader to
-// a shape without needing a SDK request first.
-type HandlerPayloadUnmarshal struct {
-	Unmarshalers request.HandlerList
-}
-
-// UnmarshalPayload unmarshals the io.Reader payload into the SDK shape using
-// the Unmarshalers HandlerList provided. Returns an error if unable
-// unmarshaling fails.
-func (h HandlerPayloadUnmarshal) UnmarshalPayload(r io.Reader, v interface{}) error {
-	req := &request.Request{
-		HTTPRequest: &http.Request{},
-		HTTPResponse: &http.Response{
-			StatusCode: 200,
-			Header:     http.Header{},
-			Body:       ioutil.NopCloser(r),
-		},
-		Data: v,
-	}
-
-	h.Unmarshalers.Run(req)
-
-	return req.Error
-}
-
-// PayloadMarshaler provides the interface for marshaling a SDK shape into and
-// io.Writer.
-type PayloadMarshaler interface {
-	MarshalPayload(io.Writer, interface{}) error
-}
-
-// HandlerPayloadMarshal implements the PayloadMarshaler from a HandlerList.
-// This provides support for marshaling a SDK shape into an io.Writer without
-// needing a SDK request first.
-type HandlerPayloadMarshal struct {
-	Marshalers request.HandlerList
-}
-
-// MarshalPayload marshals the SDK shape into the io.Writer using the
-// Marshalers HandlerList provided. Returns an error if unable if marshal
-// fails.
-func (h HandlerPayloadMarshal) MarshalPayload(w io.Writer, v interface{}) error {
-	req := request.New(
-		aws.Config{},
-		metadata.ClientInfo{},
-		request.Handlers{},
-		nil,
-		&request.Operation{HTTPMethod: "PUT"},
-		v,
-		nil,
-	)
-
-	h.Marshalers.Run(req)
-
-	if req.Error != nil {
-		return req.Error
-	}
-
-	io.Copy(w, req.GetBody())
-
-	return nil
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/protocol.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/protocol.go
deleted file mode 100644
index 9d521dcb9..000000000
--- a/vendor/github.com/aws/aws-sdk-go/private/protocol/protocol.go
+++ /dev/null
@@ -1,49 +0,0 @@
-package protocol
-
-import (
-	"fmt"
-	"strings"
-
-	"github.com/aws/aws-sdk-go/aws/awserr"
-	"github.com/aws/aws-sdk-go/aws/request"
-)
-
-// RequireHTTPMinProtocol request handler is used to enforce that
-// the target endpoint supports the given major and minor HTTP protocol version.
-type RequireHTTPMinProtocol struct {
-	Major, Minor int
-}
-
-// Handler will mark the request.Request with an error if the
-// target endpoint did not connect with the required HTTP protocol
-// major and minor version.
-func (p RequireHTTPMinProtocol) Handler(r *request.Request) {
-	if r.Error != nil || r.HTTPResponse == nil {
-		return
-	}
-
-	if !strings.HasPrefix(r.HTTPResponse.Proto, "HTTP") {
-		r.Error = newMinHTTPProtoError(p.Major, p.Minor, r)
-	}
-
-	if r.HTTPResponse.ProtoMajor < p.Major || r.HTTPResponse.ProtoMinor < p.Minor {
-		r.Error = newMinHTTPProtoError(p.Major, p.Minor, r)
-	}
-}
-
-// ErrCodeMinimumHTTPProtocolError error code is returned when the target endpoint
-// did not match the required HTTP major and minor protocol version.
-const ErrCodeMinimumHTTPProtocolError = "MinimumHTTPProtocolError"
-
-func newMinHTTPProtoError(major, minor int, r *request.Request) error {
-	return awserr.NewRequestFailure(
-		awserr.New("MinimumHTTPProtocolError",
-			fmt.Sprintf(
-				"operation requires minimum HTTP protocol of HTTP/%d.%d, but was %s",
-				major, minor, r.HTTPResponse.Proto,
-			),
-			nil,
-		),
-		r.HTTPResponse.StatusCode, r.RequestID,
-	)
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/query/build.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/query/build.go
deleted file mode 100644
index d40346a77..000000000
--- a/vendor/github.com/aws/aws-sdk-go/private/protocol/query/build.go
+++ /dev/null
@@ -1,36 +0,0 @@
-// Package query provides serialization of AWS query requests, and responses.
-package query
-
-//go:generate go run -tags codegen ../../../private/model/cli/gen-protocol-tests ../../../models/protocol_tests/input/query.json build_test.go
-
-import (
-	"net/url"
-
-	"github.com/aws/aws-sdk-go/aws/awserr"
-	"github.com/aws/aws-sdk-go/aws/request"
-	"github.com/aws/aws-sdk-go/private/protocol/query/queryutil"
-)
-
-// BuildHandler is a named request handler for building query protocol requests
-var BuildHandler = request.NamedHandler{Name: "awssdk.query.Build", Fn: Build}
-
-// Build builds a request for an AWS Query service.
-func Build(r *request.Request) {
-	body := url.Values{
-		"Action":  {r.Operation.Name},
-		"Version": {r.ClientInfo.APIVersion},
-	}
-	if err := queryutil.Parse(body, r.Params, false); err != nil {
-		r.Error = awserr.New(request.ErrCodeSerialization, "failed encoding Query request", err)
-		return
-	}
-
-	if !r.IsPresigned() {
-		r.HTTPRequest.Method = "POST"
-		r.HTTPRequest.Header.Set("Content-Type", "application/x-www-form-urlencoded; charset=utf-8")
-		r.SetBufferBody([]byte(body.Encode()))
-	} else { // This is a pre-signed request
-		r.HTTPRequest.Method = "GET"
-		r.HTTPRequest.URL.RawQuery = body.Encode()
-	}
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/query/queryutil/queryutil.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/query/queryutil/queryutil.go
deleted file mode 100644
index 058334053..000000000
--- a/vendor/github.com/aws/aws-sdk-go/private/protocol/query/queryutil/queryutil.go
+++ /dev/null
@@ -1,276 +0,0 @@
-package queryutil
-
-import (
-	"encoding/base64"
-	"fmt"
-	"math"
-	"net/url"
-	"reflect"
-	"sort"
-	"strconv"
-	"strings"
-	"time"
-
-	"github.com/aws/aws-sdk-go/private/protocol"
-)
-
-const (
-	floatNaN    = "NaN"
-	floatInf    = "Infinity"
-	floatNegInf = "-Infinity"
-)
-
-// Parse parses an object i and fills a url.Values object. The isEC2 flag
-// indicates if this is the EC2 Query sub-protocol.
-func Parse(body url.Values, i interface{}, isEC2 bool) error {
-	q := queryParser{isEC2: isEC2}
-	return q.parseValue(body, reflect.ValueOf(i), "", "")
-}
-
-func elemOf(value reflect.Value) reflect.Value {
-	for value.Kind() == reflect.Ptr {
-		value = value.Elem()
-	}
-	return value
-}
-
-type queryParser struct {
-	isEC2 bool
-}
-
-func (q *queryParser) parseValue(v url.Values, value reflect.Value, prefix string, tag reflect.StructTag) error {
-	value = elemOf(value)
-
-	// no need to handle zero values
-	if !value.IsValid() {
-		return nil
-	}
-
-	t := tag.Get("type")
-	if t == "" {
-		switch value.Kind() {
-		case reflect.Struct:
-			t = "structure"
-		case reflect.Slice:
-			t = "list"
-		case reflect.Map:
-			t = "map"
-		}
-	}
-
-	switch t {
-	case "structure":
-		return q.parseStruct(v, value, prefix)
-	case "list":
-		return q.parseList(v, value, prefix, tag)
-	case "map":
-		return q.parseMap(v, value, prefix, tag)
-	default:
-		return q.parseScalar(v, value, prefix, tag)
-	}
-}
-
-func (q *queryParser) parseStruct(v url.Values, value reflect.Value, prefix string) error {
-	if !value.IsValid() {
-		return nil
-	}
-
-	t := value.Type()
-	for i := 0; i < value.NumField(); i++ {
-		elemValue := elemOf(value.Field(i))
-		field := t.Field(i)
-
-		if field.PkgPath != "" {
-			continue // ignore unexported fields
-		}
-		if field.Tag.Get("ignore") != "" {
-			continue
-		}
-
-		if protocol.CanSetIdempotencyToken(value.Field(i), field) {
-			token := protocol.GetIdempotencyToken()
-			elemValue = reflect.ValueOf(token)
-		}
-
-		var name string
-		if q.isEC2 {
-			name = field.Tag.Get("queryName")
-		}
-		if name == "" {
-			if field.Tag.Get("flattened") != "" && field.Tag.Get("locationNameList") != "" {
-				name = field.Tag.Get("locationNameList")
-			} else if locName := field.Tag.Get("locationName"); locName != "" {
-				name = locName
-			}
-			if name != "" && q.isEC2 {
-				name = strings.ToUpper(name[0:1]) + name[1:]
-			}
-		}
-		if name == "" {
-			name = field.Name
-		}
-
-		if prefix != "" {
-			name = prefix + "." + name
-		}
-
-		if err := q.parseValue(v, elemValue, name, field.Tag); err != nil {
-			return err
-		}
-	}
-	return nil
-}
-
-func (q *queryParser) parseList(v url.Values, value reflect.Value, prefix string, tag reflect.StructTag) error {
-	// If it's empty, generate an empty value
-	if !value.IsNil() && value.Len() == 0 {
-		v.Set(prefix, "")
-		return nil
-	}
-
-	if _, ok := value.Interface().([]byte); ok {
-		return q.parseScalar(v, value, prefix, tag)
-	}
-
-	// check for unflattened list member
-	if !q.isEC2 && tag.Get("flattened") == "" {
-		if listName := tag.Get("locationNameList"); listName == "" {
-			prefix += ".member"
-		} else {
-			prefix += "." + listName
-		}
-	}
-
-	for i := 0; i < value.Len(); i++ {
-		slicePrefix := prefix
-		if slicePrefix == "" {
-			slicePrefix = strconv.Itoa(i + 1)
-		} else {
-			slicePrefix = slicePrefix + "." + strconv.Itoa(i+1)
-		}
-		if err := q.parseValue(v, value.Index(i), slicePrefix, ""); err != nil {
-			return err
-		}
-	}
-	return nil
-}
-
-func (q *queryParser) parseMap(v url.Values, value reflect.Value, prefix string, tag reflect.StructTag) error {
-	// If it's empty, generate an empty value
-	if !value.IsNil() && value.Len() == 0 {
-		v.Set(prefix, "")
-		return nil
-	}
-
-	// check for unflattened list member
-	if !q.isEC2 && tag.Get("flattened") == "" {
-		prefix += ".entry"
-	}
-
-	// sort keys for improved serialization consistency.
-	// this is not strictly necessary for protocol support.
-	mapKeyValues := value.MapKeys()
-	mapKeys := map[string]reflect.Value{}
-	mapKeyNames := make([]string, len(mapKeyValues))
-	for i, mapKey := range mapKeyValues {
-		name := mapKey.String()
-		mapKeys[name] = mapKey
-		mapKeyNames[i] = name
-	}
-	sort.Strings(mapKeyNames)
-
-	for i, mapKeyName := range mapKeyNames {
-		mapKey := mapKeys[mapKeyName]
-		mapValue := value.MapIndex(mapKey)
-
-		kname := tag.Get("locationNameKey")
-		if kname == "" {
-			kname = "key"
-		}
-		vname := tag.Get("locationNameValue")
-		if vname == "" {
-			vname = "value"
-		}
-
-		// serialize key
-		var keyName string
-		if prefix == "" {
-			keyName = strconv.Itoa(i+1) + "." + kname
-		} else {
-			keyName = prefix + "." + strconv.Itoa(i+1) + "." + kname
-		}
-
-		if err := q.parseValue(v, mapKey, keyName, ""); err != nil {
-			return err
-		}
-
-		// serialize value
-		var valueName string
-		if prefix == "" {
-			valueName = strconv.Itoa(i+1) + "." + vname
-		} else {
-			valueName = prefix + "." + strconv.Itoa(i+1) + "." + vname
-		}
-
-		if err := q.parseValue(v, mapValue, valueName, ""); err != nil {
-			return err
-		}
-	}
-
-	return nil
-}
-
-func (q *queryParser) parseScalar(v url.Values, r reflect.Value, name string, tag reflect.StructTag) error {
-	switch value := r.Interface().(type) {
-	case string:
-		v.Set(name, value)
-	case []byte:
-		if !r.IsNil() {
-			v.Set(name, base64.StdEncoding.EncodeToString(value))
-		}
-	case bool:
-		v.Set(name, strconv.FormatBool(value))
-	case int64:
-		v.Set(name, strconv.FormatInt(value, 10))
-	case int:
-		v.Set(name, strconv.Itoa(value))
-	case float64:
-		var str string
-		switch {
-		case math.IsNaN(value):
-			str = floatNaN
-		case math.IsInf(value, 1):
-			str = floatInf
-		case math.IsInf(value, -1):
-			str = floatNegInf
-		default:
-			str = strconv.FormatFloat(value, 'f', -1, 64)
-		}
-		v.Set(name, str)
-	case float32:
-		asFloat64 := float64(value)
-		var str string
-		switch {
-		case math.IsNaN(asFloat64):
-			str = floatNaN
-		case math.IsInf(asFloat64, 1):
-			str = floatInf
-		case math.IsInf(asFloat64, -1):
-			str = floatNegInf
-		default:
-			str = strconv.FormatFloat(asFloat64, 'f', -1, 32)
-		}
-		v.Set(name, str)
-	case time.Time:
-		const ISO8601UTC = "2006-01-02T15:04:05Z"
-		format := tag.Get("timestampFormat")
-		if len(format) == 0 {
-			format = protocol.ISO8601TimeFormatName
-		}
-
-		v.Set(name, protocol.FormatTime(format, value))
-	default:
-		return fmt.Errorf("unsupported value for param %s: %v (%s)", name, r.Interface(), r.Type().Name())
-	}
-	return nil
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/query/unmarshal.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/query/unmarshal.go
deleted file mode 100644
index 9231e95d1..000000000
--- a/vendor/github.com/aws/aws-sdk-go/private/protocol/query/unmarshal.go
+++ /dev/null
@@ -1,39 +0,0 @@
-package query
-
-//go:generate go run -tags codegen ../../../private/model/cli/gen-protocol-tests ../../../models/protocol_tests/output/query.json unmarshal_test.go
-
-import (
-	"encoding/xml"
-
-	"github.com/aws/aws-sdk-go/aws/awserr"
-	"github.com/aws/aws-sdk-go/aws/request"
-	"github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil"
-)
-
-// UnmarshalHandler is a named request handler for unmarshaling query protocol requests
-var UnmarshalHandler = request.NamedHandler{Name: "awssdk.query.Unmarshal", Fn: Unmarshal}
-
-// UnmarshalMetaHandler is a named request handler for unmarshaling query protocol request metadata
-var UnmarshalMetaHandler = request.NamedHandler{Name: "awssdk.query.UnmarshalMeta", Fn: UnmarshalMeta}
-
-// Unmarshal unmarshals a response for an AWS Query service.
-func Unmarshal(r *request.Request) {
-	defer r.HTTPResponse.Body.Close()
-	if r.DataFilled() {
-		decoder := xml.NewDecoder(r.HTTPResponse.Body)
-		err := xmlutil.UnmarshalXML(r.Data, decoder, r.Operation.Name+"Result")
-		if err != nil {
-			r.Error = awserr.NewRequestFailure(
-				awserr.New(request.ErrCodeSerialization, "failed decoding Query response", err),
-				r.HTTPResponse.StatusCode,
-				r.RequestID,
-			)
-			return
-		}
-	}
-}
-
-// UnmarshalMeta unmarshals header response values for an AWS Query service.
-func UnmarshalMeta(r *request.Request) {
-	r.RequestID = r.HTTPResponse.Header.Get("X-Amzn-Requestid")
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/query/unmarshal_error.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/query/unmarshal_error.go
deleted file mode 100644
index 2c0cbba90..000000000
--- a/vendor/github.com/aws/aws-sdk-go/private/protocol/query/unmarshal_error.go
+++ /dev/null
@@ -1,70 +0,0 @@
-package query
-
-import (
-	"encoding/xml"
-	"fmt"
-	"strings"
-
-	"github.com/aws/aws-sdk-go/aws/awserr"
-	"github.com/aws/aws-sdk-go/aws/request"
-	"github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil"
-)
-
-// UnmarshalErrorHandler is a name request handler to unmarshal request errors
-var UnmarshalErrorHandler = request.NamedHandler{Name: "awssdk.query.UnmarshalError", Fn: UnmarshalError}
-
-type xmlErrorResponse struct {
-	Code      string `xml:"Error>Code"`
-	Message   string `xml:"Error>Message"`
-	RequestID string `xml:"RequestId"`
-}
-
-type xmlResponseError struct {
-	xmlErrorResponse
-}
-
-func (e *xmlResponseError) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error {
-	const svcUnavailableTagName = "ServiceUnavailableException"
-	const errorResponseTagName = "ErrorResponse"
-
-	switch start.Name.Local {
-	case svcUnavailableTagName:
-		e.Code = svcUnavailableTagName
-		e.Message = "service is unavailable"
-		return d.Skip()
-
-	case errorResponseTagName:
-		return d.DecodeElement(&e.xmlErrorResponse, &start)
-
-	default:
-		return fmt.Errorf("unknown error response tag, %v", start)
-	}
-}
-
-// UnmarshalError unmarshals an error response for an AWS Query service.
-func UnmarshalError(r *request.Request) {
-	defer r.HTTPResponse.Body.Close()
-
-	var respErr xmlResponseError
-	err := xmlutil.UnmarshalXMLError(&respErr, r.HTTPResponse.Body)
-	if err != nil {
-		r.Error = awserr.NewRequestFailure(
-			awserr.New(request.ErrCodeSerialization,
-				"failed to unmarshal error message", err),
-			r.HTTPResponse.StatusCode,
-			r.RequestID,
-		)
-		return
-	}
-
-	reqID := respErr.RequestID
-	if len(reqID) == 0 {
-		reqID = r.RequestID
-	}
-
-	r.Error = awserr.NewRequestFailure(
-		awserr.New(strings.TrimSpace(respErr.Code), strings.TrimSpace(respErr.Message), nil),
-		r.HTTPResponse.StatusCode,
-		reqID,
-	)
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/rest/build.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/rest/build.go
deleted file mode 100644
index 1d273ff0e..000000000
--- a/vendor/github.com/aws/aws-sdk-go/private/protocol/rest/build.go
+++ /dev/null
@@ -1,349 +0,0 @@
-// Package rest provides RESTful serialization of AWS requests and responses.
-package rest
-
-import (
-	"bytes"
-	"encoding/base64"
-	"fmt"
-	"io"
-	"math"
-	"net/http"
-	"net/url"
-	"path"
-	"reflect"
-	"strconv"
-	"strings"
-	"time"
-
-	"github.com/aws/aws-sdk-go/aws"
-	"github.com/aws/aws-sdk-go/aws/awserr"
-	"github.com/aws/aws-sdk-go/aws/request"
-	"github.com/aws/aws-sdk-go/private/protocol"
-)
-
-const (
-	floatNaN    = "NaN"
-	floatInf    = "Infinity"
-	floatNegInf = "-Infinity"
-)
-
-// Whether the byte value can be sent without escaping in AWS URLs
-var noEscape [256]bool
-
-var errValueNotSet = fmt.Errorf("value not set")
-
-var byteSliceType = reflect.TypeOf([]byte{})
-
-func init() {
-	for i := 0; i < len(noEscape); i++ {
-		// AWS expects every character except these to be escaped
-		noEscape[i] = (i >= 'A' && i <= 'Z') ||
-			(i >= 'a' && i <= 'z') ||
-			(i >= '0' && i <= '9') ||
-			i == '-' ||
-			i == '.' ||
-			i == '_' ||
-			i == '~'
-	}
-}
-
-// BuildHandler is a named request handler for building rest protocol requests
-var BuildHandler = request.NamedHandler{Name: "awssdk.rest.Build", Fn: Build}
-
-// Build builds the REST component of a service request.
-func Build(r *request.Request) {
-	if r.ParamsFilled() {
-		v := reflect.ValueOf(r.Params).Elem()
-		buildLocationElements(r, v, false)
-		buildBody(r, v)
-	}
-}
-
-// BuildAsGET builds the REST component of a service request with the ability to hoist
-// data from the body.
-func BuildAsGET(r *request.Request) {
-	if r.ParamsFilled() {
-		v := reflect.ValueOf(r.Params).Elem()
-		buildLocationElements(r, v, true)
-		buildBody(r, v)
-	}
-}
-
-func buildLocationElements(r *request.Request, v reflect.Value, buildGETQuery bool) {
-	query := r.HTTPRequest.URL.Query()
-
-	// Setup the raw path to match the base path pattern. This is needed
-	// so that when the path is mutated a custom escaped version can be
-	// stored in RawPath that will be used by the Go client.
-	r.HTTPRequest.URL.RawPath = r.HTTPRequest.URL.Path
-
-	for i := 0; i < v.NumField(); i++ {
-		m := v.Field(i)
-		if n := v.Type().Field(i).Name; n[0:1] == strings.ToLower(n[0:1]) {
-			continue
-		}
-
-		if m.IsValid() {
-			field := v.Type().Field(i)
-			name := field.Tag.Get("locationName")
-			if name == "" {
-				name = field.Name
-			}
-			if kind := m.Kind(); kind == reflect.Ptr {
-				m = m.Elem()
-			} else if kind == reflect.Interface {
-				if !m.Elem().IsValid() {
-					continue
-				}
-			}
-			if !m.IsValid() {
-				continue
-			}
-			if field.Tag.Get("ignore") != "" {
-				continue
-			}
-
-			// Support the ability to customize values to be marshaled as a
-			// blob even though they were modeled as a string. Required for S3
-			// API operations like SSECustomerKey is modeled as string but
-			// required to be base64 encoded in request.
-			if field.Tag.Get("marshal-as") == "blob" {
-				m = m.Convert(byteSliceType)
-			}
-
-			var err error
-			switch field.Tag.Get("location") {
-			case "headers": // header maps
-				err = buildHeaderMap(&r.HTTPRequest.Header, m, field.Tag)
-			case "header":
-				err = buildHeader(&r.HTTPRequest.Header, m, name, field.Tag)
-			case "uri":
-				err = buildURI(r.HTTPRequest.URL, m, name, field.Tag)
-			case "querystring":
-				err = buildQueryString(query, m, name, field.Tag)
-			default:
-				if buildGETQuery {
-					err = buildQueryString(query, m, name, field.Tag)
-				}
-			}
-			r.Error = err
-		}
-		if r.Error != nil {
-			return
-		}
-	}
-
-	r.HTTPRequest.URL.RawQuery = query.Encode()
-	if !aws.BoolValue(r.Config.DisableRestProtocolURICleaning) {
-		cleanPath(r.HTTPRequest.URL)
-	}
-}
-
-func buildBody(r *request.Request, v reflect.Value) {
-	if field, ok := v.Type().FieldByName("_"); ok {
-		if payloadName := field.Tag.Get("payload"); payloadName != "" {
-			pfield, _ := v.Type().FieldByName(payloadName)
-			if ptag := pfield.Tag.Get("type"); ptag != "" && ptag != "structure" {
-				payload := reflect.Indirect(v.FieldByName(payloadName))
-				if payload.IsValid() && payload.Interface() != nil {
-					switch reader := payload.Interface().(type) {
-					case io.ReadSeeker:
-						r.SetReaderBody(reader)
-					case []byte:
-						r.SetBufferBody(reader)
-					case string:
-						r.SetStringBody(reader)
-					default:
-						r.Error = awserr.New(request.ErrCodeSerialization,
-							"failed to encode REST request",
-							fmt.Errorf("unknown payload type %s", payload.Type()))
-					}
-				}
-			}
-		}
-	}
-}
-
-func buildHeader(header *http.Header, v reflect.Value, name string, tag reflect.StructTag) error {
-	str, err := convertType(v, tag)
-	if err == errValueNotSet {
-		return nil
-	} else if err != nil {
-		return awserr.New(request.ErrCodeSerialization, "failed to encode REST request", err)
-	}
-
-	name = strings.TrimSpace(name)
-	str = strings.TrimSpace(str)
-
-	header.Add(name, str)
-
-	return nil
-}
-
-func buildHeaderMap(header *http.Header, v reflect.Value, tag reflect.StructTag) error {
-	prefix := tag.Get("locationName")
-	for _, key := range v.MapKeys() {
-		str, err := convertType(v.MapIndex(key), tag)
-		if err == errValueNotSet {
-			continue
-		} else if err != nil {
-			return awserr.New(request.ErrCodeSerialization, "failed to encode REST request", err)
-
-		}
-		keyStr := strings.TrimSpace(key.String())
-		str = strings.TrimSpace(str)
-
-		header.Add(prefix+keyStr, str)
-	}
-	return nil
-}
-
-func buildURI(u *url.URL, v reflect.Value, name string, tag reflect.StructTag) error {
-	value, err := convertType(v, tag)
-	if err == errValueNotSet {
-		return nil
-	} else if err != nil {
-		return awserr.New(request.ErrCodeSerialization, "failed to encode REST request", err)
-	}
-
-	u.Path = strings.Replace(u.Path, "{"+name+"}", value, -1)
-	u.Path = strings.Replace(u.Path, "{"+name+"+}", value, -1)
-
-	u.RawPath = strings.Replace(u.RawPath, "{"+name+"}", EscapePath(value, true), -1)
-	u.RawPath = strings.Replace(u.RawPath, "{"+name+"+}", EscapePath(value, false), -1)
-
-	return nil
-}
-
-func buildQueryString(query url.Values, v reflect.Value, name string, tag reflect.StructTag) error {
-	switch value := v.Interface().(type) {
-	case []*string:
-		for _, item := range value {
-			query.Add(name, *item)
-		}
-	case map[string]*string:
-		for key, item := range value {
-			query.Add(key, *item)
-		}
-	case map[string][]*string:
-		for key, items := range value {
-			for _, item := range items {
-				query.Add(key, *item)
-			}
-		}
-	default:
-		str, err := convertType(v, tag)
-		if err == errValueNotSet {
-			return nil
-		} else if err != nil {
-			return awserr.New(request.ErrCodeSerialization, "failed to encode REST request", err)
-		}
-		query.Set(name, str)
-	}
-
-	return nil
-}
-
-func cleanPath(u *url.URL) {
-	hasSlash := strings.HasSuffix(u.Path, "/")
-
-	// clean up path, removing duplicate `/`
-	u.Path = path.Clean(u.Path)
-	u.RawPath = path.Clean(u.RawPath)
-
-	if hasSlash && !strings.HasSuffix(u.Path, "/") {
-		u.Path += "/"
-		u.RawPath += "/"
-	}
-}
-
-// EscapePath escapes part of a URL path in Amazon style
-func EscapePath(path string, encodeSep bool) string {
-	var buf bytes.Buffer
-	for i := 0; i < len(path); i++ {
-		c := path[i]
-		if noEscape[c] || (c == '/' && !encodeSep) {
-			buf.WriteByte(c)
-		} else {
-			fmt.Fprintf(&buf, "%%%02X", c)
-		}
-	}
-	return buf.String()
-}
-
-func convertType(v reflect.Value, tag reflect.StructTag) (str string, err error) {
-	v = reflect.Indirect(v)
-	if !v.IsValid() {
-		return "", errValueNotSet
-	}
-
-	switch value := v.Interface().(type) {
-	case string:
-		if tag.Get("suppressedJSONValue") == "true" && tag.Get("location") == "header" {
-			value = base64.StdEncoding.EncodeToString([]byte(value))
-		}
-		str = value
-	case []*string:
-		if tag.Get("location") != "header" || tag.Get("enum") == "" {
-			return "", fmt.Errorf("%T is only supported with location header and enum shapes", value)
-		}
-		buff := &bytes.Buffer{}
-		for i, sv := range value {
-			if sv == nil || len(*sv) == 0 {
-				continue
-			}
-			if i != 0 {
-				buff.WriteRune(',')
-			}
-			item := *sv
-			if strings.Index(item, `,`) != -1 || strings.Index(item, `"`) != -1 {
-				item = strconv.Quote(item)
-			}
-			buff.WriteString(item)
-		}
-		str = string(buff.Bytes())
-	case []byte:
-		str = base64.StdEncoding.EncodeToString(value)
-	case bool:
-		str = strconv.FormatBool(value)
-	case int64:
-		str = strconv.FormatInt(value, 10)
-	case float64:
-		switch {
-		case math.IsNaN(value):
-			str = floatNaN
-		case math.IsInf(value, 1):
-			str = floatInf
-		case math.IsInf(value, -1):
-			str = floatNegInf
-		default:
-			str = strconv.FormatFloat(value, 'f', -1, 64)
-		}
-	case time.Time:
-		format := tag.Get("timestampFormat")
-		if len(format) == 0 {
-			format = protocol.RFC822TimeFormatName
-			if tag.Get("location") == "querystring" {
-				format = protocol.ISO8601TimeFormatName
-			}
-		}
-		str = protocol.FormatTime(format, value)
-	case aws.JSONValue:
-		if len(value) == 0 {
-			return "", errValueNotSet
-		}
-		escaping := protocol.NoEscape
-		if tag.Get("location") == "header" {
-			escaping = protocol.Base64Escape
-		}
-		str, err = protocol.EncodeJSONValue(value, escaping)
-		if err != nil {
-			return "", fmt.Errorf("unable to encode JSONValue, %v", err)
-		}
-	default:
-		err := fmt.Errorf("unsupported value for param %v (%s)", v.Interface(), v.Type())
-		return "", err
-	}
-
-	return str, nil
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/rest/payload.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/rest/payload.go
deleted file mode 100644
index b54c99eda..000000000
--- a/vendor/github.com/aws/aws-sdk-go/private/protocol/rest/payload.go
+++ /dev/null
@@ -1,54 +0,0 @@
-package rest
-
-import "reflect"
-
-// PayloadMember returns the payload field member of i if there is one, or nil.
-func PayloadMember(i interface{}) interface{} {
-	if i == nil {
-		return nil
-	}
-
-	v := reflect.ValueOf(i).Elem()
-	if !v.IsValid() {
-		return nil
-	}
-	if field, ok := v.Type().FieldByName("_"); ok {
-		if payloadName := field.Tag.Get("payload"); payloadName != "" {
-			field, _ := v.Type().FieldByName(payloadName)
-			if field.Tag.Get("type") != "structure" {
-				return nil
-			}
-
-			payload := v.FieldByName(payloadName)
-			if payload.IsValid() || (payload.Kind() == reflect.Ptr && !payload.IsNil()) {
-				return payload.Interface()
-			}
-		}
-	}
-	return nil
-}
-
-const nopayloadPayloadType = "nopayload"
-
-// PayloadType returns the type of a payload field member of i if there is one,
-// or "".
-func PayloadType(i interface{}) string {
-	v := reflect.Indirect(reflect.ValueOf(i))
-	if !v.IsValid() {
-		return ""
-	}
-
-	if field, ok := v.Type().FieldByName("_"); ok {
-		if noPayload := field.Tag.Get(nopayloadPayloadType); noPayload != "" {
-			return nopayloadPayloadType
-		}
-
-		if payloadName := field.Tag.Get("payload"); payloadName != "" {
-			if member, ok := v.Type().FieldByName(payloadName); ok {
-				return member.Tag.Get("type")
-			}
-		}
-	}
-
-	return ""
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/rest/unmarshal.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/rest/unmarshal.go
deleted file mode 100644
index 79fcf1699..000000000
--- a/vendor/github.com/aws/aws-sdk-go/private/protocol/rest/unmarshal.go
+++ /dev/null
@@ -1,276 +0,0 @@
-package rest
-
-import (
-	"bytes"
-	"encoding/base64"
-	"fmt"
-	"io"
-	"io/ioutil"
-	"math"
-	"net/http"
-	"reflect"
-	"strconv"
-	"strings"
-	"time"
-
-	"github.com/aws/aws-sdk-go/aws"
-	"github.com/aws/aws-sdk-go/aws/awserr"
-	"github.com/aws/aws-sdk-go/aws/request"
-	awsStrings "github.com/aws/aws-sdk-go/internal/strings"
-	"github.com/aws/aws-sdk-go/private/protocol"
-)
-
-// UnmarshalHandler is a named request handler for unmarshaling rest protocol requests
-var UnmarshalHandler = request.NamedHandler{Name: "awssdk.rest.Unmarshal", Fn: Unmarshal}
-
-// UnmarshalMetaHandler is a named request handler for unmarshaling rest protocol request metadata
-var UnmarshalMetaHandler = request.NamedHandler{Name: "awssdk.rest.UnmarshalMeta", Fn: UnmarshalMeta}
-
-// Unmarshal unmarshals the REST component of a response in a REST service.
-func Unmarshal(r *request.Request) {
-	if r.DataFilled() {
-		v := reflect.Indirect(reflect.ValueOf(r.Data))
-		if err := unmarshalBody(r, v); err != nil {
-			r.Error = err
-		}
-	}
-}
-
-// UnmarshalMeta unmarshals the REST metadata of a response in a REST service
-func UnmarshalMeta(r *request.Request) {
-	r.RequestID = r.HTTPResponse.Header.Get("X-Amzn-Requestid")
-	if r.RequestID == "" {
-		// Alternative version of request id in the header
-		r.RequestID = r.HTTPResponse.Header.Get("X-Amz-Request-Id")
-	}
-	if r.DataFilled() {
-		if err := UnmarshalResponse(r.HTTPResponse, r.Data, aws.BoolValue(r.Config.LowerCaseHeaderMaps)); err != nil {
-			r.Error = err
-		}
-	}
-}
-
-// UnmarshalResponse attempts to unmarshal the REST response headers to
-// the data type passed in. The type must be a pointer. An error is returned
-// with any error unmarshaling the response into the target datatype.
-func UnmarshalResponse(resp *http.Response, data interface{}, lowerCaseHeaderMaps bool) error {
-	v := reflect.Indirect(reflect.ValueOf(data))
-	return unmarshalLocationElements(resp, v, lowerCaseHeaderMaps)
-}
-
-func unmarshalBody(r *request.Request, v reflect.Value) error {
-	if field, ok := v.Type().FieldByName("_"); ok {
-		if payloadName := field.Tag.Get("payload"); payloadName != "" {
-			pfield, _ := v.Type().FieldByName(payloadName)
-			if ptag := pfield.Tag.Get("type"); ptag != "" && ptag != "structure" {
-				payload := v.FieldByName(payloadName)
-				if payload.IsValid() {
-					switch payload.Interface().(type) {
-					case []byte:
-						defer r.HTTPResponse.Body.Close()
-						b, err := ioutil.ReadAll(r.HTTPResponse.Body)
-						if err != nil {
-							return awserr.New(request.ErrCodeSerialization, "failed to decode REST response", err)
-						}
-
-						payload.Set(reflect.ValueOf(b))
-
-					case *string:
-						defer r.HTTPResponse.Body.Close()
-						b, err := ioutil.ReadAll(r.HTTPResponse.Body)
-						if err != nil {
-							return awserr.New(request.ErrCodeSerialization, "failed to decode REST response", err)
-						}
-
-						str := string(b)
-						payload.Set(reflect.ValueOf(&str))
-
-					default:
-						switch payload.Type().String() {
-						case "io.ReadCloser":
-							payload.Set(reflect.ValueOf(r.HTTPResponse.Body))
-
-						case "io.ReadSeeker":
-							b, err := ioutil.ReadAll(r.HTTPResponse.Body)
-							if err != nil {
-								return awserr.New(request.ErrCodeSerialization,
-									"failed to read response body", err)
-							}
-							payload.Set(reflect.ValueOf(ioutil.NopCloser(bytes.NewReader(b))))
-
-						default:
-							io.Copy(ioutil.Discard, r.HTTPResponse.Body)
-							r.HTTPResponse.Body.Close()
-							return awserr.New(request.ErrCodeSerialization,
-								"failed to decode REST response",
-								fmt.Errorf("unknown payload type %s", payload.Type()))
-						}
-					}
-				}
-			}
-		}
-	}
-
-	return nil
-}
-
-func unmarshalLocationElements(resp *http.Response, v reflect.Value, lowerCaseHeaderMaps bool) error {
-	for i := 0; i < v.NumField(); i++ {
-		m, field := v.Field(i), v.Type().Field(i)
-		if n := field.Name; n[0:1] == strings.ToLower(n[0:1]) {
-			continue
-		}
-
-		if m.IsValid() {
-			name := field.Tag.Get("locationName")
-			if name == "" {
-				name = field.Name
-			}
-
-			switch field.Tag.Get("location") {
-			case "statusCode":
-				unmarshalStatusCode(m, resp.StatusCode)
-
-			case "header":
-				err := unmarshalHeader(m, resp.Header.Get(name), field.Tag)
-				if err != nil {
-					return awserr.New(request.ErrCodeSerialization, "failed to decode REST response", err)
-				}
-
-			case "headers":
-				prefix := field.Tag.Get("locationName")
-				err := unmarshalHeaderMap(m, resp.Header, prefix, lowerCaseHeaderMaps)
-				if err != nil {
-					return awserr.New(request.ErrCodeSerialization, "failed to decode REST response", err)
-				}
-			}
-		}
-	}
-
-	return nil
-}
-
-func unmarshalStatusCode(v reflect.Value, statusCode int) {
-	if !v.IsValid() {
-		return
-	}
-
-	switch v.Interface().(type) {
-	case *int64:
-		s := int64(statusCode)
-		v.Set(reflect.ValueOf(&s))
-	}
-}
-
-func unmarshalHeaderMap(r reflect.Value, headers http.Header, prefix string, normalize bool) error {
-	if len(headers) == 0 {
-		return nil
-	}
-	switch r.Interface().(type) {
-	case map[string]*string: // we only support string map value types
-		out := map[string]*string{}
-		for k, v := range headers {
-			if awsStrings.HasPrefixFold(k, prefix) {
-				if normalize == true {
-					k = strings.ToLower(k)
-				} else {
-					k = http.CanonicalHeaderKey(k)
-				}
-				out[k[len(prefix):]] = &v[0]
-			}
-		}
-		if len(out) != 0 {
-			r.Set(reflect.ValueOf(out))
-		}
-
-	}
-	return nil
-}
-
-func unmarshalHeader(v reflect.Value, header string, tag reflect.StructTag) error {
-	switch tag.Get("type") {
-	case "jsonvalue":
-		if len(header) == 0 {
-			return nil
-		}
-	case "blob":
-		if len(header) == 0 {
-			return nil
-		}
-	default:
-		if !v.IsValid() || (header == "" && v.Elem().Kind() != reflect.String) {
-			return nil
-		}
-	}
-
-	switch v.Interface().(type) {
-	case *string:
-		if tag.Get("suppressedJSONValue") == "true" && tag.Get("location") == "header" {
-			b, err := base64.StdEncoding.DecodeString(header)
-			if err != nil {
-				return fmt.Errorf("failed to decode JSONValue, %v", err)
-			}
-			header = string(b)
-		}
-		v.Set(reflect.ValueOf(&header))
-	case []byte:
-		b, err := base64.StdEncoding.DecodeString(header)
-		if err != nil {
-			return err
-		}
-		v.Set(reflect.ValueOf(b))
-	case *bool:
-		b, err := strconv.ParseBool(header)
-		if err != nil {
-			return err
-		}
-		v.Set(reflect.ValueOf(&b))
-	case *int64:
-		i, err := strconv.ParseInt(header, 10, 64)
-		if err != nil {
-			return err
-		}
-		v.Set(reflect.ValueOf(&i))
-	case *float64:
-		var f float64
-		switch {
-		case strings.EqualFold(header, floatNaN):
-			f = math.NaN()
-		case strings.EqualFold(header, floatInf):
-			f = math.Inf(1)
-		case strings.EqualFold(header, floatNegInf):
-			f = math.Inf(-1)
-		default:
-			var err error
-			f, err = strconv.ParseFloat(header, 64)
-			if err != nil {
-				return err
-			}
-		}
-		v.Set(reflect.ValueOf(&f))
-	case *time.Time:
-		format := tag.Get("timestampFormat")
-		if len(format) == 0 {
-			format = protocol.RFC822TimeFormatName
-		}
-		t, err := protocol.ParseTime(format, header)
-		if err != nil {
-			return err
-		}
-		v.Set(reflect.ValueOf(&t))
-	case aws.JSONValue:
-		escaping := protocol.NoEscape
-		if tag.Get("location") == "header" {
-			escaping = protocol.Base64Escape
-		}
-		m, err := protocol.DecodeJSONValue(header, escaping)
-		if err != nil {
-			return err
-		}
-		v.Set(reflect.ValueOf(m))
-	default:
-		err := fmt.Errorf("Unsupported value for param %v (%s)", v.Interface(), v.Type())
-		return err
-	}
-	return nil
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/restjson/restjson.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/restjson/restjson.go
deleted file mode 100644
index 2e0e205af..000000000
--- a/vendor/github.com/aws/aws-sdk-go/private/protocol/restjson/restjson.go
+++ /dev/null
@@ -1,59 +0,0 @@
-// Package restjson provides RESTful JSON serialization of AWS
-// requests and responses.
-package restjson
-
-//go:generate go run -tags codegen ../../../private/model/cli/gen-protocol-tests ../../../models/protocol_tests/input/rest-json.json build_test.go
-//go:generate go run -tags codegen ../../../private/model/cli/gen-protocol-tests ../../../models/protocol_tests/output/rest-json.json unmarshal_test.go
-
-import (
-	"github.com/aws/aws-sdk-go/aws/request"
-	"github.com/aws/aws-sdk-go/private/protocol/jsonrpc"
-	"github.com/aws/aws-sdk-go/private/protocol/rest"
-)
-
-// BuildHandler is a named request handler for building restjson protocol
-// requests
-var BuildHandler = request.NamedHandler{
-	Name: "awssdk.restjson.Build",
-	Fn:   Build,
-}
-
-// UnmarshalHandler is a named request handler for unmarshaling restjson
-// protocol requests
-var UnmarshalHandler = request.NamedHandler{
-	Name: "awssdk.restjson.Unmarshal",
-	Fn:   Unmarshal,
-}
-
-// UnmarshalMetaHandler is a named request handler for unmarshaling restjson
-// protocol request metadata
-var UnmarshalMetaHandler = request.NamedHandler{
-	Name: "awssdk.restjson.UnmarshalMeta",
-	Fn:   UnmarshalMeta,
-}
-
-// Build builds a request for the REST JSON protocol.
-func Build(r *request.Request) {
-	rest.Build(r)
-
-	if t := rest.PayloadType(r.Params); t == "structure" || t == "" {
-		if v := r.HTTPRequest.Header.Get("Content-Type"); len(v) == 0 {
-			r.HTTPRequest.Header.Set("Content-Type", "application/json")
-		}
-		jsonrpc.Build(r)
-	}
-}
-
-// Unmarshal unmarshals a response body for the REST JSON protocol.
-func Unmarshal(r *request.Request) {
-	if t := rest.PayloadType(r.Data); t == "structure" || t == "" {
-		jsonrpc.Unmarshal(r)
-	} else {
-		rest.Unmarshal(r)
-	}
-}
-
-// UnmarshalMeta unmarshals response headers for the REST JSON protocol.
-func UnmarshalMeta(r *request.Request) {
-	rest.UnmarshalMeta(r)
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/restjson/unmarshal_error.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/restjson/unmarshal_error.go
deleted file mode 100644
index 5366a646d..000000000
--- a/vendor/github.com/aws/aws-sdk-go/private/protocol/restjson/unmarshal_error.go
+++ /dev/null
@@ -1,157 +0,0 @@
-package restjson
-
-import (
-	"bytes"
-	"encoding/json"
-	"io"
-	"io/ioutil"
-	"net/http"
-	"strings"
-
-	"github.com/aws/aws-sdk-go/aws/awserr"
-	"github.com/aws/aws-sdk-go/aws/request"
-	"github.com/aws/aws-sdk-go/private/protocol"
-	"github.com/aws/aws-sdk-go/private/protocol/json/jsonutil"
-	"github.com/aws/aws-sdk-go/private/protocol/rest"
-)
-
-const (
-	errorTypeHeader    = "X-Amzn-Errortype"
-	errorMessageHeader = "X-Amzn-Errormessage"
-)
-
-// UnmarshalTypedError provides unmarshaling errors API response errors
-// for both typed and untyped errors.
-type UnmarshalTypedError struct {
-	exceptions map[string]func(protocol.ResponseMetadata) error
-}
-
-// NewUnmarshalTypedError returns an UnmarshalTypedError initialized for the
-// set of exception names to the error unmarshalers
-func NewUnmarshalTypedError(exceptions map[string]func(protocol.ResponseMetadata) error) *UnmarshalTypedError {
-	return &UnmarshalTypedError{
-		exceptions: exceptions,
-	}
-}
-
-// UnmarshalError attempts to unmarshal the HTTP response error as a known
-// error type. If unable to unmarshal the error type, the generic SDK error
-// type will be used.
-func (u *UnmarshalTypedError) UnmarshalError(
-	resp *http.Response,
-	respMeta protocol.ResponseMetadata,
-) (error, error) {
-	code, msg, err := unmarshalErrorInfo(resp)
-	if err != nil {
-		return nil, err
-	}
-
-	fn, ok := u.exceptions[code]
-	if !ok {
-		return awserr.NewRequestFailure(
-			awserr.New(code, msg, nil),
-			respMeta.StatusCode,
-			respMeta.RequestID,
-		), nil
-	}
-
-	v := fn(respMeta)
-	if err := jsonutil.UnmarshalJSONCaseInsensitive(v, resp.Body); err != nil {
-		return nil, err
-	}
-
-	if err := rest.UnmarshalResponse(resp, v, true); err != nil {
-		return nil, err
-	}
-
-	return v, nil
-}
-
-// UnmarshalErrorHandler is a named request handler for unmarshaling restjson
-// protocol request errors
-var UnmarshalErrorHandler = request.NamedHandler{
-	Name: "awssdk.restjson.UnmarshalError",
-	Fn:   UnmarshalError,
-}
-
-// UnmarshalError unmarshals a response error for the REST JSON protocol.
-func UnmarshalError(r *request.Request) {
-	defer r.HTTPResponse.Body.Close()
-
-	code, msg, err := unmarshalErrorInfo(r.HTTPResponse)
-	if err != nil {
-		r.Error = awserr.NewRequestFailure(
-			awserr.New(request.ErrCodeSerialization, "failed to unmarshal response error", err),
-			r.HTTPResponse.StatusCode,
-			r.RequestID,
-		)
-		return
-	}
-
-	r.Error = awserr.NewRequestFailure(
-		awserr.New(code, msg, nil),
-		r.HTTPResponse.StatusCode,
-		r.RequestID,
-	)
-}
-
-type jsonErrorResponse struct {
-	Type    string `json:"__type"`
-	Code    string `json:"code"`
-	Message string `json:"message"`
-}
-
-func (j *jsonErrorResponse) SanitizedCode() string {
-	code := j.Code
-	if len(j.Type) > 0 {
-		code = j.Type
-	}
-	return sanitizeCode(code)
-}
-
-// Remove superfluous components from a restJson error code.
-//   - If a : character is present, then take only the contents before the
-//     first : character in the value.
-//   - If a # character is present, then take only the contents after the first
-//     # character in the value.
-//
-// All of the following error values resolve to FooError:
-//   - FooError
-//   - FooError:http://internal.amazon.com/coral/com.amazon.coral.validate/
-//   - aws.protocoltests.restjson#FooError
-//   - aws.protocoltests.restjson#FooError:http://internal.amazon.com/coral/com.amazon.coral.validate/
-func sanitizeCode(code string) string {
-	noColon := strings.SplitN(code, ":", 2)[0]
-	hashSplit := strings.SplitN(noColon, "#", 2)
-	return hashSplit[len(hashSplit)-1]
-}
-
-// attempt to garner error details from the response, preferring header values
-// when present
-func unmarshalErrorInfo(resp *http.Response) (code string, msg string, err error) {
-	code = sanitizeCode(resp.Header.Get(errorTypeHeader))
-	msg = resp.Header.Get(errorMessageHeader)
-	if len(code) > 0 && len(msg) > 0 {
-		return
-	}
-
-	// a modeled error will have to be re-deserialized later, so the body must
-	// be preserved
-	var buf bytes.Buffer
-	tee := io.TeeReader(resp.Body, &buf)
-	defer func() { resp.Body = ioutil.NopCloser(&buf) }()
-
-	var jsonErr jsonErrorResponse
-	if decodeErr := json.NewDecoder(tee).Decode(&jsonErr); decodeErr != nil && decodeErr != io.EOF {
-		err = awserr.NewUnmarshalError(decodeErr, "failed to decode response body", buf.Bytes())
-		return
-	}
-
-	if len(code) == 0 {
-		code = jsonErr.SanitizedCode()
-	}
-	if len(msg) == 0 {
-		msg = jsonErr.Message
-	}
-	return
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/restxml/restxml.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/restxml/restxml.go
deleted file mode 100644
index b1ae36487..000000000
--- a/vendor/github.com/aws/aws-sdk-go/private/protocol/restxml/restxml.go
+++ /dev/null
@@ -1,79 +0,0 @@
-// Package restxml provides RESTful XML serialization of AWS
-// requests and responses.
-package restxml
-
-//go:generate go run -tags codegen ../../../private/model/cli/gen-protocol-tests ../../../models/protocol_tests/input/rest-xml.json build_test.go
-//go:generate go run -tags codegen ../../../private/model/cli/gen-protocol-tests ../../../models/protocol_tests/output/rest-xml.json unmarshal_test.go
-
-import (
-	"bytes"
-	"encoding/xml"
-
-	"github.com/aws/aws-sdk-go/aws/awserr"
-	"github.com/aws/aws-sdk-go/aws/request"
-	"github.com/aws/aws-sdk-go/private/protocol/query"
-	"github.com/aws/aws-sdk-go/private/protocol/rest"
-	"github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil"
-)
-
-// BuildHandler is a named request handler for building restxml protocol requests
-var BuildHandler = request.NamedHandler{Name: "awssdk.restxml.Build", Fn: Build}
-
-// UnmarshalHandler is a named request handler for unmarshaling restxml protocol requests
-var UnmarshalHandler = request.NamedHandler{Name: "awssdk.restxml.Unmarshal", Fn: Unmarshal}
-
-// UnmarshalMetaHandler is a named request handler for unmarshaling restxml protocol request metadata
-var UnmarshalMetaHandler = request.NamedHandler{Name: "awssdk.restxml.UnmarshalMeta", Fn: UnmarshalMeta}
-
-// UnmarshalErrorHandler is a named request handler for unmarshaling restxml protocol request errors
-var UnmarshalErrorHandler = request.NamedHandler{Name: "awssdk.restxml.UnmarshalError", Fn: UnmarshalError}
-
-// Build builds a request payload for the REST XML protocol.
-func Build(r *request.Request) {
-	rest.Build(r)
-
-	if t := rest.PayloadType(r.Params); t == "structure" || t == "" {
-		var buf bytes.Buffer
-		err := xmlutil.BuildXML(r.Params, xml.NewEncoder(&buf))
-		if err != nil {
-			r.Error = awserr.NewRequestFailure(
-				awserr.New(request.ErrCodeSerialization,
-					"failed to encode rest XML request", err),
-				0,
-				r.RequestID,
-			)
-			return
-		}
-		r.SetBufferBody(buf.Bytes())
-	}
-}
-
-// Unmarshal unmarshals a payload response for the REST XML protocol.
-func Unmarshal(r *request.Request) {
-	if t := rest.PayloadType(r.Data); t == "structure" || t == "" {
-		defer r.HTTPResponse.Body.Close()
-		decoder := xml.NewDecoder(r.HTTPResponse.Body)
-		err := xmlutil.UnmarshalXML(r.Data, decoder, "")
-		if err != nil {
-			r.Error = awserr.NewRequestFailure(
-				awserr.New(request.ErrCodeSerialization,
-					"failed to decode REST XML response", err),
-				r.HTTPResponse.StatusCode,
-				r.RequestID,
-			)
-			return
-		}
-	} else {
-		rest.Unmarshal(r)
-	}
-}
-
-// UnmarshalMeta unmarshals response headers for the REST XML protocol.
-func UnmarshalMeta(r *request.Request) {
-	rest.UnmarshalMeta(r)
-}
-
-// UnmarshalError unmarshals a response error for the REST XML protocol.
-func UnmarshalError(r *request.Request) {
-	query.UnmarshalError(r)
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/timestamp.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/timestamp.go
deleted file mode 100644
index d9a4e7649..000000000
--- a/vendor/github.com/aws/aws-sdk-go/private/protocol/timestamp.go
+++ /dev/null
@@ -1,134 +0,0 @@
-package protocol
-
-import (
-	"bytes"
-	"fmt"
-	"math"
-	"strconv"
-	"time"
-
-	"github.com/aws/aws-sdk-go/internal/sdkmath"
-)
-
-// Names of time formats supported by the SDK
-const (
-	RFC822TimeFormatName  = "rfc822"
-	ISO8601TimeFormatName = "iso8601"
-	UnixTimeFormatName    = "unixTimestamp"
-)
-
-// Time formats supported by the SDK
-// Output time is intended to not contain decimals
-const (
-	// RFC 7231#section-7.1.1.1 timetamp format. e.g Tue, 29 Apr 2014 18:30:38 GMT
-	RFC822TimeFormat                           = "Mon, 2 Jan 2006 15:04:05 GMT"
-	rfc822TimeFormatSingleDigitDay             = "Mon, _2 Jan 2006 15:04:05 GMT"
-	rfc822TimeFormatSingleDigitDayTwoDigitYear = "Mon, _2 Jan 06 15:04:05 GMT"
-
-	// This format is used for output time without seconds precision
-	RFC822OutputTimeFormat = "Mon, 02 Jan 2006 15:04:05 GMT"
-
-	// RFC3339 a subset of the ISO8601 timestamp format. e.g 2014-04-29T18:30:38Z
-	ISO8601TimeFormat    = "2006-01-02T15:04:05.999999999Z"
-	iso8601TimeFormatNoZ = "2006-01-02T15:04:05.999999999"
-
-	// This format is used for output time with fractional second precision up to milliseconds
-	ISO8601OutputTimeFormat = "2006-01-02T15:04:05.999999999Z"
-)
-
-// IsKnownTimestampFormat returns if the timestamp format name
-// is know to the SDK's protocols.
-func IsKnownTimestampFormat(name string) bool {
-	switch name {
-	case RFC822TimeFormatName:
-		fallthrough
-	case ISO8601TimeFormatName:
-		fallthrough
-	case UnixTimeFormatName:
-		return true
-	default:
-		return false
-	}
-}
-
-// FormatTime returns a string value of the time.
-func FormatTime(name string, t time.Time) string {
-	t = t.UTC().Truncate(time.Millisecond)
-
-	switch name {
-	case RFC822TimeFormatName:
-		return t.Format(RFC822OutputTimeFormat)
-	case ISO8601TimeFormatName:
-		return t.Format(ISO8601OutputTimeFormat)
-	case UnixTimeFormatName:
-		ms := t.UnixNano() / int64(time.Millisecond)
-		return strconv.FormatFloat(float64(ms)/1e3, 'f', -1, 64)
-	default:
-		panic("unknown timestamp format name, " + name)
-	}
-}
-
-// ParseTime attempts to parse the time given the format. Returns
-// the time if it was able to be parsed, and fails otherwise.
-func ParseTime(formatName, value string) (time.Time, error) {
-	switch formatName {
-	case RFC822TimeFormatName: // Smithy HTTPDate format
-		return tryParse(value,
-			RFC822TimeFormat,
-			rfc822TimeFormatSingleDigitDay,
-			rfc822TimeFormatSingleDigitDayTwoDigitYear,
-			time.RFC850,
-			time.ANSIC,
-		)
-	case ISO8601TimeFormatName: // Smithy DateTime format
-		return tryParse(value,
-			ISO8601TimeFormat,
-			iso8601TimeFormatNoZ,
-			time.RFC3339Nano,
-			time.RFC3339,
-		)
-	case UnixTimeFormatName:
-		v, err := strconv.ParseFloat(value, 64)
-		_, dec := math.Modf(v)
-		dec = sdkmath.Round(dec*1e3) / 1e3 //Rounds 0.1229999 to 0.123
-		if err != nil {
-			return time.Time{}, err
-		}
-		return time.Unix(int64(v), int64(dec*(1e9))), nil
-	default:
-		panic("unknown timestamp format name, " + formatName)
-	}
-}
-
-func tryParse(v string, formats ...string) (time.Time, error) {
-	var errs parseErrors
-	for _, f := range formats {
-		t, err := time.Parse(f, v)
-		if err != nil {
-			errs = append(errs, parseError{
-				Format: f,
-				Err:    err,
-			})
-			continue
-		}
-		return t, nil
-	}
-
-	return time.Time{}, fmt.Errorf("unable to parse time string, %v", errs)
-}
-
-type parseErrors []parseError
-
-func (es parseErrors) Error() string {
-	var s bytes.Buffer
-	for _, e := range es {
-		fmt.Fprintf(&s, "\n * %q: %v", e.Format, e.Err)
-	}
-
-	return "parse errors:" + s.String()
-}
-
-type parseError struct {
-	Format string
-	Err    error
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/unmarshal.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/unmarshal.go
deleted file mode 100644
index f614ef898..000000000
--- a/vendor/github.com/aws/aws-sdk-go/private/protocol/unmarshal.go
+++ /dev/null
@@ -1,27 +0,0 @@
-package protocol
-
-import (
-	"io"
-	"io/ioutil"
-
-	"github.com/aws/aws-sdk-go/aws/request"
-)
-
-// UnmarshalDiscardBodyHandler is a named request handler to empty and close a response's body
-var UnmarshalDiscardBodyHandler = request.NamedHandler{Name: "awssdk.shared.UnmarshalDiscardBody", Fn: UnmarshalDiscardBody}
-
-// UnmarshalDiscardBody is a request handler to empty a response's body and closing it.
-func UnmarshalDiscardBody(r *request.Request) {
-	if r.HTTPResponse == nil || r.HTTPResponse.Body == nil {
-		return
-	}
-
-	io.Copy(ioutil.Discard, r.HTTPResponse.Body)
-	r.HTTPResponse.Body.Close()
-}
-
-// ResponseMetadata provides the SDK response metadata attributes.
-type ResponseMetadata struct {
-	StatusCode int
-	RequestID  string
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/unmarshal_error.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/unmarshal_error.go
deleted file mode 100644
index cc857f136..000000000
--- a/vendor/github.com/aws/aws-sdk-go/private/protocol/unmarshal_error.go
+++ /dev/null
@@ -1,65 +0,0 @@
-package protocol
-
-import (
-	"net/http"
-
-	"github.com/aws/aws-sdk-go/aws/awserr"
-	"github.com/aws/aws-sdk-go/aws/request"
-)
-
-// UnmarshalErrorHandler provides unmarshaling errors API response errors for
-// both typed and untyped errors.
-type UnmarshalErrorHandler struct {
-	unmarshaler ErrorUnmarshaler
-}
-
-// ErrorUnmarshaler is an abstract interface for concrete implementations to
-// unmarshal protocol specific response errors.
-type ErrorUnmarshaler interface {
-	UnmarshalError(*http.Response, ResponseMetadata) (error, error)
-}
-
-// NewUnmarshalErrorHandler returns an UnmarshalErrorHandler
-// initialized for the set of exception names to the error unmarshalers
-func NewUnmarshalErrorHandler(unmarshaler ErrorUnmarshaler) *UnmarshalErrorHandler {
-	return &UnmarshalErrorHandler{
-		unmarshaler: unmarshaler,
-	}
-}
-
-// UnmarshalErrorHandlerName is the name of the named handler.
-const UnmarshalErrorHandlerName = "awssdk.protocol.UnmarshalError"
-
-// NamedHandler returns a NamedHandler for the unmarshaler using the set of
-// errors the unmarshaler was initialized for.
-func (u *UnmarshalErrorHandler) NamedHandler() request.NamedHandler {
-	return request.NamedHandler{
-		Name: UnmarshalErrorHandlerName,
-		Fn:   u.UnmarshalError,
-	}
-}
-
-// UnmarshalError will attempt to unmarshal the API response's error message
-// into either a generic SDK error type, or a typed error corresponding to the
-// errors exception name.
-func (u *UnmarshalErrorHandler) UnmarshalError(r *request.Request) {
-	defer r.HTTPResponse.Body.Close()
-
-	respMeta := ResponseMetadata{
-		StatusCode: r.HTTPResponse.StatusCode,
-		RequestID:  r.RequestID,
-	}
-
-	v, err := u.unmarshaler.UnmarshalError(r.HTTPResponse, respMeta)
-	if err != nil {
-		r.Error = awserr.NewRequestFailure(
-			awserr.New(request.ErrCodeSerialization,
-				"failed to unmarshal response error", err),
-			respMeta.StatusCode,
-			respMeta.RequestID,
-		)
-		return
-	}
-
-	r.Error = v
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/build.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/build.go
deleted file mode 100644
index 58c12bd8c..000000000
--- a/vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/build.go
+++ /dev/null
@@ -1,345 +0,0 @@
-// Package xmlutil provides XML serialization of AWS requests and responses.
-package xmlutil
-
-import (
-	"encoding/base64"
-	"encoding/xml"
-	"fmt"
-	"math"
-	"reflect"
-	"sort"
-	"strconv"
-	"strings"
-	"time"
-
-	"github.com/aws/aws-sdk-go/private/protocol"
-)
-
-const (
-	floatNaN    = "NaN"
-	floatInf    = "Infinity"
-	floatNegInf = "-Infinity"
-)
-
-// BuildXML will serialize params into an xml.Encoder. Error will be returned
-// if the serialization of any of the params or nested values fails.
-func BuildXML(params interface{}, e *xml.Encoder) error {
-	return buildXML(params, e, false)
-}
-
-func buildXML(params interface{}, e *xml.Encoder, sorted bool) error {
-	b := xmlBuilder{encoder: e, namespaces: map[string]string{}}
-	root := NewXMLElement(xml.Name{})
-	if err := b.buildValue(reflect.ValueOf(params), root, ""); err != nil {
-		return err
-	}
-	for _, c := range root.Children {
-		for _, v := range c {
-			return StructToXML(e, v, sorted)
-		}
-	}
-	return nil
-}
-
-// Returns the reflection element of a value, if it is a pointer.
-func elemOf(value reflect.Value) reflect.Value {
-	for value.Kind() == reflect.Ptr {
-		value = value.Elem()
-	}
-	return value
-}
-
-// A xmlBuilder serializes values from Go code to XML
-type xmlBuilder struct {
-	encoder    *xml.Encoder
-	namespaces map[string]string
-}
-
-// buildValue generic XMLNode builder for any type. Will build value for their specific type
-// struct, list, map, scalar.
-//
-// Also takes a "type" tag value to set what type a value should be converted to XMLNode as. If
-// type is not provided reflect will be used to determine the value's type.
-func (b *xmlBuilder) buildValue(value reflect.Value, current *XMLNode, tag reflect.StructTag) error {
-	value = elemOf(value)
-	if !value.IsValid() { // no need to handle zero values
-		return nil
-	} else if tag.Get("location") != "" { // don't handle non-body location values
-		return nil
-	}
-
-	xml := tag.Get("xml")
-	if len(xml) != 0 {
-		name := strings.SplitAfterN(xml, ",", 2)[0]
-		if name == "-" {
-			return nil
-		}
-	}
-
-	t := tag.Get("type")
-	if t == "" {
-		switch value.Kind() {
-		case reflect.Struct:
-			t = "structure"
-		case reflect.Slice:
-			t = "list"
-		case reflect.Map:
-			t = "map"
-		}
-	}
-
-	switch t {
-	case "structure":
-		if field, ok := value.Type().FieldByName("_"); ok {
-			tag = tag + reflect.StructTag(" ") + field.Tag
-		}
-		return b.buildStruct(value, current, tag)
-	case "list":
-		return b.buildList(value, current, tag)
-	case "map":
-		return b.buildMap(value, current, tag)
-	default:
-		return b.buildScalar(value, current, tag)
-	}
-}
-
-// buildStruct adds a struct and its fields to the current XMLNode. All fields and any nested
-// types are converted to XMLNodes also.
-func (b *xmlBuilder) buildStruct(value reflect.Value, current *XMLNode, tag reflect.StructTag) error {
-	if !value.IsValid() {
-		return nil
-	}
-
-	// unwrap payloads
-	if payload := tag.Get("payload"); payload != "" {
-		field, _ := value.Type().FieldByName(payload)
-		tag = field.Tag
-		value = elemOf(value.FieldByName(payload))
-
-		if !value.IsValid() {
-			return nil
-		}
-	}
-
-	child := NewXMLElement(xml.Name{Local: tag.Get("locationName")})
-
-	// there is an xmlNamespace associated with this struct
-	if prefix, uri := tag.Get("xmlPrefix"), tag.Get("xmlURI"); uri != "" {
-		ns := xml.Attr{
-			Name:  xml.Name{Local: "xmlns"},
-			Value: uri,
-		}
-		if prefix != "" {
-			b.namespaces[prefix] = uri // register the namespace
-			ns.Name.Local = "xmlns:" + prefix
-		}
-
-		child.Attr = append(child.Attr, ns)
-	}
-
-	var payloadFields, nonPayloadFields int
-
-	t := value.Type()
-	for i := 0; i < value.NumField(); i++ {
-		member := elemOf(value.Field(i))
-		field := t.Field(i)
-
-		if field.PkgPath != "" {
-			continue // ignore unexported fields
-		}
-		if field.Tag.Get("ignore") != "" {
-			continue
-		}
-
-		mTag := field.Tag
-		if mTag.Get("location") != "" { // skip non-body members
-			nonPayloadFields++
-			continue
-		}
-		payloadFields++
-
-		if protocol.CanSetIdempotencyToken(value.Field(i), field) {
-			token := protocol.GetIdempotencyToken()
-			member = reflect.ValueOf(token)
-		}
-
-		memberName := mTag.Get("locationName")
-		if memberName == "" {
-			memberName = field.Name
-			mTag = reflect.StructTag(string(mTag) + ` locationName:"` + memberName + `"`)
-		}
-		if err := b.buildValue(member, child, mTag); err != nil {
-			return err
-		}
-	}
-
-	// Only case where the child shape is not added is if the shape only contains
-	// non-payload fields, e.g headers/query.
-	if !(payloadFields == 0 && nonPayloadFields > 0) {
-		current.AddChild(child)
-	}
-
-	return nil
-}
-
-// buildList adds the value's list items to the current XMLNode as children nodes. All
-// nested values in the list are converted to XMLNodes also.
-func (b *xmlBuilder) buildList(value reflect.Value, current *XMLNode, tag reflect.StructTag) error {
-	if value.IsNil() { // don't build omitted lists
-		return nil
-	}
-
-	// check for unflattened list member
-	flattened := tag.Get("flattened") != ""
-
-	xname := xml.Name{Local: tag.Get("locationName")}
-	if flattened {
-		for i := 0; i < value.Len(); i++ {
-			child := NewXMLElement(xname)
-			current.AddChild(child)
-			if err := b.buildValue(value.Index(i), child, ""); err != nil {
-				return err
-			}
-		}
-	} else {
-		list := NewXMLElement(xname)
-		current.AddChild(list)
-
-		for i := 0; i < value.Len(); i++ {
-			iname := tag.Get("locationNameList")
-			if iname == "" {
-				iname = "member"
-			}
-
-			child := NewXMLElement(xml.Name{Local: iname})
-			list.AddChild(child)
-			if err := b.buildValue(value.Index(i), child, ""); err != nil {
-				return err
-			}
-		}
-	}
-
-	return nil
-}
-
-// buildMap adds the value's key/value pairs to the current XMLNode as children nodes. All
-// nested values in the map are converted to XMLNodes also.
-//
-// Error will be returned if it is unable to build the map's values into XMLNodes
-func (b *xmlBuilder) buildMap(value reflect.Value, current *XMLNode, tag reflect.StructTag) error {
-	if value.IsNil() { // don't build omitted maps
-		return nil
-	}
-
-	maproot := NewXMLElement(xml.Name{Local: tag.Get("locationName")})
-	current.AddChild(maproot)
-	current = maproot
-
-	kname, vname := "key", "value"
-	if n := tag.Get("locationNameKey"); n != "" {
-		kname = n
-	}
-	if n := tag.Get("locationNameValue"); n != "" {
-		vname = n
-	}
-
-	// sorting is not required for compliance, but it makes testing easier
-	keys := make([]string, value.Len())
-	for i, k := range value.MapKeys() {
-		keys[i] = k.String()
-	}
-	sort.Strings(keys)
-
-	for _, k := range keys {
-		v := value.MapIndex(reflect.ValueOf(k))
-
-		mapcur := current
-		if tag.Get("flattened") == "" { // add "entry" tag to non-flat maps
-			child := NewXMLElement(xml.Name{Local: "entry"})
-			mapcur.AddChild(child)
-			mapcur = child
-		}
-
-		kchild := NewXMLElement(xml.Name{Local: kname})
-		kchild.Text = k
-		vchild := NewXMLElement(xml.Name{Local: vname})
-		mapcur.AddChild(kchild)
-		mapcur.AddChild(vchild)
-
-		if err := b.buildValue(v, vchild, ""); err != nil {
-			return err
-		}
-	}
-
-	return nil
-}
-
-// buildScalar will convert the value into a string and append it as a attribute or child
-// of the current XMLNode.
-//
-// The value will be added as an attribute if tag contains a "xmlAttribute" attribute value.
-//
-// Error will be returned if the value type is unsupported.
-func (b *xmlBuilder) buildScalar(value reflect.Value, current *XMLNode, tag reflect.StructTag) error {
-	var str string
-
-	switch converted := value.Interface().(type) {
-	case string:
-		str = converted
-	case []byte:
-		if !value.IsNil() {
-			str = base64.StdEncoding.EncodeToString(converted)
-		}
-	case bool:
-		str = strconv.FormatBool(converted)
-	case int64:
-		str = strconv.FormatInt(converted, 10)
-	case int:
-		str = strconv.Itoa(converted)
-	case float64:
-		switch {
-		case math.IsNaN(converted):
-			str = floatNaN
-		case math.IsInf(converted, 1):
-			str = floatInf
-		case math.IsInf(converted, -1):
-			str = floatNegInf
-		default:
-			str = strconv.FormatFloat(converted, 'f', -1, 64)
-		}
-	case float32:
-		// The SDK doesn't render float32 values in types, only float64. This case would never be hit currently.
-		asFloat64 := float64(converted)
-		switch {
-		case math.IsNaN(asFloat64):
-			str = floatNaN
-		case math.IsInf(asFloat64, 1):
-			str = floatInf
-		case math.IsInf(asFloat64, -1):
-			str = floatNegInf
-		default:
-			str = strconv.FormatFloat(asFloat64, 'f', -1, 32)
-		}
-	case time.Time:
-		format := tag.Get("timestampFormat")
-		if len(format) == 0 {
-			format = protocol.ISO8601TimeFormatName
-		}
-
-		str = protocol.FormatTime(format, converted)
-	default:
-		return fmt.Errorf("unsupported value for param %s: %v (%s)",
-			tag.Get("locationName"), value.Interface(), value.Type().Name())
-	}
-
-	xname := xml.Name{Local: tag.Get("locationName")}
-	if tag.Get("xmlAttribute") != "" { // put into current node's attribute list
-		attr := xml.Attr{Name: xname, Value: str}
-		current.Attr = append(current.Attr, attr)
-	} else if len(xname.Local) == 0 {
-		current.Text = str
-	} else { // regular text node
-		current.AddChild(&XMLNode{Name: xname, Text: str})
-	}
-	return nil
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/sort.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/sort.go
deleted file mode 100644
index c1a511851..000000000
--- a/vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/sort.go
+++ /dev/null
@@ -1,32 +0,0 @@
-package xmlutil
-
-import (
-	"encoding/xml"
-	"strings"
-)
-
-type xmlAttrSlice []xml.Attr
-
-func (x xmlAttrSlice) Len() int {
-	return len(x)
-}
-
-func (x xmlAttrSlice) Less(i, j int) bool {
-	spaceI, spaceJ := x[i].Name.Space, x[j].Name.Space
-	localI, localJ := x[i].Name.Local, x[j].Name.Local
-	valueI, valueJ := x[i].Value, x[j].Value
-
-	spaceCmp := strings.Compare(spaceI, spaceJ)
-	localCmp := strings.Compare(localI, localJ)
-	valueCmp := strings.Compare(valueI, valueJ)
-
-	if spaceCmp == -1 || (spaceCmp == 0 && (localCmp == -1 || (localCmp == 0 && valueCmp == -1))) {
-		return true
-	}
-
-	return false
-}
-
-func (x xmlAttrSlice) Swap(i, j int) {
-	x[i], x[j] = x[j], x[i]
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/unmarshal.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/unmarshal.go
deleted file mode 100644
index 44a580a94..000000000
--- a/vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/unmarshal.go
+++ /dev/null
@@ -1,311 +0,0 @@
-package xmlutil
-
-import (
-	"bytes"
-	"encoding/base64"
-	"encoding/xml"
-	"fmt"
-	"io"
-	"math"
-	"reflect"
-	"strconv"
-	"strings"
-	"time"
-
-	"github.com/aws/aws-sdk-go/aws/awserr"
-	"github.com/aws/aws-sdk-go/private/protocol"
-)
-
-// UnmarshalXMLError unmarshals the XML error from the stream into the value
-// type specified. The value must be a pointer. If the message fails to
-// unmarshal, the message content will be included in the returned error as a
-// awserr.UnmarshalError.
-func UnmarshalXMLError(v interface{}, stream io.Reader) error {
-	var errBuf bytes.Buffer
-	body := io.TeeReader(stream, &errBuf)
-
-	err := xml.NewDecoder(body).Decode(v)
-	if err != nil && err != io.EOF {
-		return awserr.NewUnmarshalError(err,
-			"failed to unmarshal error message", errBuf.Bytes())
-	}
-
-	return nil
-}
-
-// UnmarshalXML deserializes an xml.Decoder into the container v. V
-// needs to match the shape of the XML expected to be decoded.
-// If the shape doesn't match unmarshaling will fail.
-func UnmarshalXML(v interface{}, d *xml.Decoder, wrapper string) error {
-	n, err := XMLToStruct(d, nil)
-	if err != nil {
-		return err
-	}
-	if n.Children != nil {
-		for _, root := range n.Children {
-			for _, c := range root {
-				if wrappedChild, ok := c.Children[wrapper]; ok {
-					c = wrappedChild[0] // pull out wrapped element
-				}
-
-				err = parse(reflect.ValueOf(v), c, "")
-				if err != nil {
-					if err == io.EOF {
-						return nil
-					}
-					return err
-				}
-			}
-		}
-		return nil
-	}
-	return nil
-}
-
-// parse deserializes any value from the XMLNode. The type tag is used to infer the type, or reflect
-// will be used to determine the type from r.
-func parse(r reflect.Value, node *XMLNode, tag reflect.StructTag) error {
-	xml := tag.Get("xml")
-	if len(xml) != 0 {
-		name := strings.SplitAfterN(xml, ",", 2)[0]
-		if name == "-" {
-			return nil
-		}
-	}
-
-	rtype := r.Type()
-	if rtype.Kind() == reflect.Ptr {
-		rtype = rtype.Elem() // check kind of actual element type
-	}
-
-	t := tag.Get("type")
-	if t == "" {
-		switch rtype.Kind() {
-		case reflect.Struct:
-			// also it can't be a time object
-			if _, ok := r.Interface().(*time.Time); !ok {
-				t = "structure"
-			}
-		case reflect.Slice:
-			// also it can't be a byte slice
-			if _, ok := r.Interface().([]byte); !ok {
-				t = "list"
-			}
-		case reflect.Map:
-			t = "map"
-		}
-	}
-
-	switch t {
-	case "structure":
-		if field, ok := rtype.FieldByName("_"); ok {
-			tag = field.Tag
-		}
-		return parseStruct(r, node, tag)
-	case "list":
-		return parseList(r, node, tag)
-	case "map":
-		return parseMap(r, node, tag)
-	default:
-		return parseScalar(r, node, tag)
-	}
-}
-
-// parseStruct deserializes a structure and its fields from an XMLNode. Any nested
-// types in the structure will also be deserialized.
-func parseStruct(r reflect.Value, node *XMLNode, tag reflect.StructTag) error {
-	t := r.Type()
-	if r.Kind() == reflect.Ptr {
-		if r.IsNil() { // create the structure if it's nil
-			s := reflect.New(r.Type().Elem())
-			r.Set(s)
-			r = s
-		}
-
-		r = r.Elem()
-		t = t.Elem()
-	}
-
-	// unwrap any payloads
-	if payload := tag.Get("payload"); payload != "" {
-		field, _ := t.FieldByName(payload)
-		return parseStruct(r.FieldByName(payload), node, field.Tag)
-	}
-
-	for i := 0; i < t.NumField(); i++ {
-		field := t.Field(i)
-		if c := field.Name[0:1]; strings.ToLower(c) == c {
-			continue // ignore unexported fields
-		}
-
-		// figure out what this field is called
-		name := field.Name
-		if field.Tag.Get("flattened") != "" && field.Tag.Get("locationNameList") != "" {
-			name = field.Tag.Get("locationNameList")
-		} else if locName := field.Tag.Get("locationName"); locName != "" {
-			name = locName
-		}
-
-		// try to find the field by name in elements
-		elems := node.Children[name]
-
-		if elems == nil { // try to find the field in attributes
-			if val, ok := node.findElem(name); ok {
-				elems = []*XMLNode{{Text: val}}
-			}
-		}
-
-		member := r.FieldByName(field.Name)
-		for _, elem := range elems {
-			err := parse(member, elem, field.Tag)
-			if err != nil {
-				return err
-			}
-		}
-	}
-	return nil
-}
-
-// parseList deserializes a list of values from an XML node. Each list entry
-// will also be deserialized.
-func parseList(r reflect.Value, node *XMLNode, tag reflect.StructTag) error {
-	t := r.Type()
-
-	if tag.Get("flattened") == "" { // look at all item entries
-		mname := "member"
-		if name := tag.Get("locationNameList"); name != "" {
-			mname = name
-		}
-
-		if Children, ok := node.Children[mname]; ok {
-			if r.IsNil() {
-				r.Set(reflect.MakeSlice(t, len(Children), len(Children)))
-			}
-
-			for i, c := range Children {
-				err := parse(r.Index(i), c, "")
-				if err != nil {
-					return err
-				}
-			}
-		}
-	} else { // flattened list means this is a single element
-		if r.IsNil() {
-			r.Set(reflect.MakeSlice(t, 0, 0))
-		}
-
-		childR := reflect.Zero(t.Elem())
-		r.Set(reflect.Append(r, childR))
-		err := parse(r.Index(r.Len()-1), node, "")
-		if err != nil {
-			return err
-		}
-	}
-
-	return nil
-}
-
-// parseMap deserializes a map from an XMLNode. The direct children of the XMLNode
-// will also be deserialized as map entries.
-func parseMap(r reflect.Value, node *XMLNode, tag reflect.StructTag) error {
-	if r.IsNil() {
-		r.Set(reflect.MakeMap(r.Type()))
-	}
-
-	if tag.Get("flattened") == "" { // look at all child entries
-		for _, entry := range node.Children["entry"] {
-			parseMapEntry(r, entry, tag)
-		}
-	} else { // this element is itself an entry
-		parseMapEntry(r, node, tag)
-	}
-
-	return nil
-}
-
-// parseMapEntry deserializes a map entry from a XML node.
-func parseMapEntry(r reflect.Value, node *XMLNode, tag reflect.StructTag) error {
-	kname, vname := "key", "value"
-	if n := tag.Get("locationNameKey"); n != "" {
-		kname = n
-	}
-	if n := tag.Get("locationNameValue"); n != "" {
-		vname = n
-	}
-
-	keys, ok := node.Children[kname]
-	values := node.Children[vname]
-	if ok {
-		for i, key := range keys {
-			keyR := reflect.ValueOf(key.Text)
-			value := values[i]
-			valueR := reflect.New(r.Type().Elem()).Elem()
-
-			parse(valueR, value, "")
-			r.SetMapIndex(keyR, valueR)
-		}
-	}
-	return nil
-}
-
-// parseScaller deserializes an XMLNode value into a concrete type based on the
-// interface type of r.
-//
-// Error is returned if the deserialization fails due to invalid type conversion,
-// or unsupported interface type.
-func parseScalar(r reflect.Value, node *XMLNode, tag reflect.StructTag) error {
-	switch r.Interface().(type) {
-	case *string:
-		r.Set(reflect.ValueOf(&node.Text))
-		return nil
-	case []byte:
-		b, err := base64.StdEncoding.DecodeString(node.Text)
-		if err != nil {
-			return err
-		}
-		r.Set(reflect.ValueOf(b))
-	case *bool:
-		v, err := strconv.ParseBool(node.Text)
-		if err != nil {
-			return err
-		}
-		r.Set(reflect.ValueOf(&v))
-	case *int64:
-		v, err := strconv.ParseInt(node.Text, 10, 64)
-		if err != nil {
-			return err
-		}
-		r.Set(reflect.ValueOf(&v))
-	case *float64:
-		var v float64
-		switch {
-		case strings.EqualFold(node.Text, floatNaN):
-			v = math.NaN()
-		case strings.EqualFold(node.Text, floatInf):
-			v = math.Inf(1)
-		case strings.EqualFold(node.Text, floatNegInf):
-			v = math.Inf(-1)
-		default:
-			var err error
-			v, err = strconv.ParseFloat(node.Text, 64)
-			if err != nil {
-				return err
-			}
-		}
-		r.Set(reflect.ValueOf(&v))
-	case *time.Time:
-		format := tag.Get("timestampFormat")
-		if len(format) == 0 {
-			format = protocol.ISO8601TimeFormatName
-		}
-
-		t, err := protocol.ParseTime(format, node.Text)
-		if err != nil {
-			return err
-		}
-		r.Set(reflect.ValueOf(&t))
-	default:
-		return fmt.Errorf("unsupported value: %v (%s)", r.Interface(), r.Type())
-	}
-	return nil
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/xml_to_struct.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/xml_to_struct.go
deleted file mode 100644
index c85b79fdd..000000000
--- a/vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/xml_to_struct.go
+++ /dev/null
@@ -1,173 +0,0 @@
-package xmlutil
-
-import (
-	"encoding/xml"
-	"fmt"
-	"io"
-	"sort"
-)
-
-// A XMLNode contains the values to be encoded or decoded.
-type XMLNode struct {
-	Name     xml.Name              `json:",omitempty"`
-	Children map[string][]*XMLNode `json:",omitempty"`
-	Text     string                `json:",omitempty"`
-	Attr     []xml.Attr            `json:",omitempty"`
-
-	namespaces map[string]string
-	parent     *XMLNode
-}
-
-// textEncoder is a string type alias that implemnts the TextMarshaler interface.
-// This alias type is used to ensure that the line feed (\n) (U+000A) is escaped.
-type textEncoder string
-
-func (t textEncoder) MarshalText() ([]byte, error) {
-	return []byte(t), nil
-}
-
-// NewXMLElement returns a pointer to a new XMLNode initialized to default values.
-func NewXMLElement(name xml.Name) *XMLNode {
-	return &XMLNode{
-		Name:     name,
-		Children: map[string][]*XMLNode{},
-		Attr:     []xml.Attr{},
-	}
-}
-
-// AddChild adds child to the XMLNode.
-func (n *XMLNode) AddChild(child *XMLNode) {
-	child.parent = n
-	if _, ok := n.Children[child.Name.Local]; !ok {
-		n.Children[child.Name.Local] = []*XMLNode{}
-	}
-	n.Children[child.Name.Local] = append(n.Children[child.Name.Local], child)
-}
-
-// XMLToStruct converts a xml.Decoder stream to XMLNode with nested values.
-func XMLToStruct(d *xml.Decoder, s *xml.StartElement) (*XMLNode, error) {
-	out := &XMLNode{}
-	for {
-		tok, err := d.Token()
-		if err != nil {
-			if err == io.EOF {
-				break
-			} else {
-				return out, err
-			}
-		}
-
-		if tok == nil {
-			break
-		}
-
-		switch typed := tok.(type) {
-		case xml.CharData:
-			out.Text = string(typed.Copy())
-		case xml.StartElement:
-			el := typed.Copy()
-			out.Attr = el.Attr
-			if out.Children == nil {
-				out.Children = map[string][]*XMLNode{}
-			}
-
-			name := typed.Name.Local
-			slice := out.Children[name]
-			if slice == nil {
-				slice = []*XMLNode{}
-			}
-			node, e := XMLToStruct(d, &el)
-			out.findNamespaces()
-			if e != nil {
-				return out, e
-			}
-			node.Name = typed.Name
-			node.findNamespaces()
-			tempOut := *out
-			// Save into a temp variable, simply because out gets squashed during
-			// loop iterations
-			node.parent = &tempOut
-			slice = append(slice, node)
-			out.Children[name] = slice
-		case xml.EndElement:
-			if s != nil && s.Name.Local == typed.Name.Local { // matching end token
-				return out, nil
-			}
-			out = &XMLNode{}
-		}
-	}
-	return out, nil
-}
-
-func (n *XMLNode) findNamespaces() {
-	ns := map[string]string{}
-	for _, a := range n.Attr {
-		if a.Name.Space == "xmlns" {
-			ns[a.Value] = a.Name.Local
-		}
-	}
-
-	n.namespaces = ns
-}
-
-func (n *XMLNode) findElem(name string) (string, bool) {
-	for node := n; node != nil; node = node.parent {
-		for _, a := range node.Attr {
-			namespace := a.Name.Space
-			if v, ok := node.namespaces[namespace]; ok {
-				namespace = v
-			}
-			if name == fmt.Sprintf("%s:%s", namespace, a.Name.Local) {
-				return a.Value, true
-			}
-		}
-	}
-	return "", false
-}
-
-// StructToXML writes an XMLNode to a xml.Encoder as tokens.
-func StructToXML(e *xml.Encoder, node *XMLNode, sorted bool) error {
-	// Sort Attributes
-	attrs := node.Attr
-	if sorted {
-		sortedAttrs := make([]xml.Attr, len(attrs))
-		for _, k := range node.Attr {
-			sortedAttrs = append(sortedAttrs, k)
-		}
-		sort.Sort(xmlAttrSlice(sortedAttrs))
-		attrs = sortedAttrs
-	}
-
-	startElement := xml.StartElement{Name: node.Name, Attr: attrs}
-
-	if node.Text != "" {
-		e.EncodeElement(textEncoder(node.Text), startElement)
-		return e.Flush()
-	}
-
-	e.EncodeToken(startElement)
-
-	if sorted {
-		sortedNames := []string{}
-		for k := range node.Children {
-			sortedNames = append(sortedNames, k)
-		}
-		sort.Strings(sortedNames)
-
-		for _, k := range sortedNames {
-			for _, v := range node.Children[k] {
-				StructToXML(e, v, sorted)
-			}
-		}
-	} else {
-		for _, c := range node.Children {
-			for _, v := range c {
-				StructToXML(e, v, sorted)
-			}
-		}
-	}
-
-	e.EncodeToken(startElement.End())
-
-	return e.Flush()
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/service/cloudfront/sign/policy.go b/vendor/github.com/aws/aws-sdk-go/service/cloudfront/sign/policy.go
deleted file mode 100644
index 27c3ed318..000000000
--- a/vendor/github.com/aws/aws-sdk-go/service/cloudfront/sign/policy.go
+++ /dev/null
@@ -1,238 +0,0 @@
-package sign
-
-import (
-	"bytes"
-	"crypto"
-	"crypto/rand"
-	"crypto/rsa"
-	"crypto/sha1"
-	"encoding/base64"
-	"encoding/json"
-	"fmt"
-	"io"
-	"net/url"
-	"strings"
-	"time"
-	"unicode"
-)
-
-// An AWSEpochTime wraps a time value providing JSON serialization needed for
-// AWS Policy epoch time fields.
-type AWSEpochTime struct {
-	time.Time
-}
-
-// NewAWSEpochTime returns a new AWSEpochTime pointer wrapping the Go time provided.
-func NewAWSEpochTime(t time.Time) *AWSEpochTime {
-	return &AWSEpochTime{t}
-}
-
-// MarshalJSON serializes the epoch time as AWS Profile epoch time.
-func (t AWSEpochTime) MarshalJSON() ([]byte, error) {
-	return []byte(fmt.Sprintf(`{"AWS:EpochTime":%d}`, t.UTC().Unix())), nil
-}
-
-// UnmarshalJSON unserializes AWS Profile epoch time.
-func (t *AWSEpochTime) UnmarshalJSON(data []byte) error {
-	var epochTime struct {
-		Sec int64 `json:"AWS:EpochTime"`
-	}
-	err := json.Unmarshal(data, &epochTime)
-	if err != nil {
-		return err
-	}
-	t.Time = time.Unix(epochTime.Sec, 0).UTC()
-	return nil
-}
-
-// An IPAddress wraps an IPAddress source IP providing JSON serialization information
-type IPAddress struct {
-	SourceIP string `json:"AWS:SourceIp"`
-}
-
-// A Condition defines the restrictions for how a signed URL can be used.
-type Condition struct {
-	// Optional IP address mask the signed URL must be requested from.
-	IPAddress *IPAddress `json:"IpAddress,omitempty"`
-
-	// Optional date that the signed URL cannot be used until. It is invalid
-	// to make requests with the signed URL prior to this date.
-	DateGreaterThan *AWSEpochTime `json:",omitempty"`
-
-	// Required date that the signed URL will expire. A DateLessThan is required
-	// sign cloud front URLs
-	DateLessThan *AWSEpochTime `json:",omitempty"`
-}
-
-// A Statement is a collection of conditions for resources
-type Statement struct {
-	// The Web or RTMP resource the URL will be signed for
-	Resource string
-
-	// The set of conditions for this resource
-	Condition Condition
-}
-
-// A Policy defines the resources that a signed will be signed for.
-//
-// See the following page for more information on how policies are constructed.
-// http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-creating-signed-url-custom-policy.html#private-content-custom-policy-statement
-type Policy struct {
-	// List of resource and condition statements.
-	// Signed URLs should only provide a single statement.
-	Statements []Statement `json:"Statement"`
-}
-
-// Override for testing to mock out usage of crypto/rand.Reader
-var randReader = rand.Reader
-
-// Sign will sign a policy using an RSA private key. It will return a base 64
-// encoded signature and policy if no error is encountered.
-//
-// The signature and policy should be added to the signed URL following the
-// guidelines in:
-// http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-signed-urls.html
-func (p *Policy) Sign(privKey *rsa.PrivateKey) (b64Signature, b64Policy []byte, err error) {
-	if err = p.Validate(); err != nil {
-		return nil, nil, err
-	}
-
-	// Build and escape the policy
-	b64Policy, jsonPolicy, err := encodePolicy(p)
-	if err != nil {
-		return nil, nil, err
-	}
-	awsEscapeEncoded(b64Policy)
-
-	// Build and escape the signature
-	b64Signature, err = signEncodedPolicy(randReader, jsonPolicy, privKey)
-	if err != nil {
-		return nil, nil, err
-	}
-	awsEscapeEncoded(b64Signature)
-
-	return b64Signature, b64Policy, nil
-}
-
-// Validate verifies that the policy is valid and usable, and returns an
-// error if there is a problem.
-func (p *Policy) Validate() error {
-	if len(p.Statements) == 0 {
-		return fmt.Errorf("at least one policy statement is required")
-	}
-	for i, s := range p.Statements {
-		if s.Resource == "" {
-			return fmt.Errorf("statement at index %d does not have a resource", i)
-		}
-		if !isASCII(s.Resource) {
-			return fmt.Errorf("unable to sign resource, [%s]. "+
-				"Resources must only contain ascii characters. "+
-				"Hostnames with unicode should be encoded as Punycode, (e.g. golang.org/x/net/idna), "+
-				"and URL unicode path/query characters should be escaped.", s.Resource)
-		}
-	}
-
-	return nil
-}
-
-// CreateResource constructs, validates, and returns a resource URL string. An
-// error will be returned if unable to create the resource string.
-func CreateResource(scheme, u string) (string, error) {
-	scheme = strings.ToLower(scheme)
-
-	if scheme == "http" || scheme == "https" || scheme == "http*" || scheme == "*" {
-		return u, nil
-	}
-
-	if scheme == "rtmp" {
-		parsed, err := url.Parse(u)
-		if err != nil {
-			return "", fmt.Errorf("unable to parse rtmp URL, err: %s", err)
-		}
-
-		rtmpURL := strings.TrimLeft(parsed.Path, "/")
-		if parsed.RawQuery != "" {
-			rtmpURL = fmt.Sprintf("%s?%s", rtmpURL, parsed.RawQuery)
-		}
-
-		return rtmpURL, nil
-	}
-
-	return "", fmt.Errorf("invalid URL scheme must be http, https, or rtmp. Provided: %s", scheme)
-}
-
-// NewCannedPolicy returns a new Canned Policy constructed using the resource
-// and expires time. This can be used to generate the basic model for a Policy
-// that can be then augmented with additional conditions.
-//
-// See the following page for more information on how policies are constructed.
-// http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-creating-signed-url-custom-policy.html#private-content-custom-policy-statement
-func NewCannedPolicy(resource string, expires time.Time) *Policy {
-	return &Policy{
-		Statements: []Statement{
-			{
-				Resource: resource,
-				Condition: Condition{
-					DateLessThan: NewAWSEpochTime(expires),
-				},
-			},
-		},
-	}
-}
-
-// encodePolicy encodes the Policy as JSON and also base 64 encodes it.
-func encodePolicy(p *Policy) (b64Policy, jsonPolicy []byte, err error) {
-	jsonPolicy, err = encodePolicyJSON(p)
-	if err != nil {
-		return nil, nil, fmt.Errorf("failed to encode policy, %s", err.Error())
-	}
-	// Remove leading and trailing white space, JSON encoding will note include
-	// whitespace within the encoding.
-	jsonPolicy = bytes.TrimSpace(jsonPolicy)
-
-	b64Policy = make([]byte, base64.StdEncoding.EncodedLen(len(jsonPolicy)))
-	base64.StdEncoding.Encode(b64Policy, jsonPolicy)
-	return b64Policy, jsonPolicy, nil
-}
-
-// signEncodedPolicy will sign and base 64 encode the JSON encoded policy.
-func signEncodedPolicy(randReader io.Reader, jsonPolicy []byte, privKey *rsa.PrivateKey) ([]byte, error) {
-	hash := sha1.New()
-	if _, err := bytes.NewReader(jsonPolicy).WriteTo(hash); err != nil {
-		return nil, fmt.Errorf("failed to calculate signing hash, %s", err.Error())
-	}
-
-	sig, err := rsa.SignPKCS1v15(randReader, privKey, crypto.SHA1, hash.Sum(nil))
-	if err != nil {
-		return nil, fmt.Errorf("failed to sign policy, %s", err.Error())
-	}
-
-	b64Sig := make([]byte, base64.StdEncoding.EncodedLen(len(sig)))
-	base64.StdEncoding.Encode(b64Sig, sig)
-	return b64Sig, nil
-}
-
-// special characters to be replaced with awsEscapeEncoded
-var invalidEncodedChar = map[byte]byte{
-	'+': '-',
-	'=': '_',
-	'/': '~',
-}
-
-// awsEscapeEncoded will replace base64 encoding's special characters to be URL safe.
-func awsEscapeEncoded(b []byte) {
-	for i, v := range b {
-		if r, ok := invalidEncodedChar[v]; ok {
-			b[i] = r
-		}
-	}
-}
-
-func isASCII(u string) bool {
-	for _, c := range u {
-		if c > unicode.MaxASCII {
-			return false
-		}
-	}
-	return true
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/service/cloudfront/sign/policy_json_1_6.go b/vendor/github.com/aws/aws-sdk-go/service/cloudfront/sign/policy_json_1_6.go
deleted file mode 100644
index d19462c2b..000000000
--- a/vendor/github.com/aws/aws-sdk-go/service/cloudfront/sign/policy_json_1_6.go
+++ /dev/null
@@ -1,15 +0,0 @@
-//go:build !go1.7
-// +build !go1.7
-
-package sign
-
-import (
-	"bytes"
-	"encoding/json"
-)
-
-func encodePolicyJSON(p *Policy) ([]byte, error) {
-	src, err := json.Marshal(p)
-	// Convert \u0026 back to &
-	return bytes.Replace(src, []byte("\\u0026"), []byte("&"), -1), err
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/service/cloudfront/sign/policy_json_1_7.go b/vendor/github.com/aws/aws-sdk-go/service/cloudfront/sign/policy_json_1_7.go
deleted file mode 100644
index 6037704a0..000000000
--- a/vendor/github.com/aws/aws-sdk-go/service/cloudfront/sign/policy_json_1_7.go
+++ /dev/null
@@ -1,17 +0,0 @@
-//go:build go1.7
-// +build go1.7
-
-package sign
-
-import (
-	"bytes"
-	"encoding/json"
-)
-
-func encodePolicyJSON(p *Policy) ([]byte, error) {
-	buffer := &bytes.Buffer{}
-	encoder := json.NewEncoder(buffer)
-	encoder.SetEscapeHTML(false)
-	err := encoder.Encode(p)
-	return buffer.Bytes(), err
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/service/cloudfront/sign/privkey.go b/vendor/github.com/aws/aws-sdk-go/service/cloudfront/sign/privkey.go
deleted file mode 100644
index ffb3c3a75..000000000
--- a/vendor/github.com/aws/aws-sdk-go/service/cloudfront/sign/privkey.go
+++ /dev/null
@@ -1,68 +0,0 @@
-package sign
-
-import (
-	"crypto/rsa"
-	"crypto/x509"
-	"encoding/pem"
-	"fmt"
-	"io"
-	"io/ioutil"
-	"os"
-)
-
-// LoadPEMPrivKeyFile reads a PEM encoded RSA private key from the file name.
-// A new RSA private key will be returned if no error.
-func LoadPEMPrivKeyFile(name string) (*rsa.PrivateKey, error) {
-	file, err := os.Open(name)
-	if err != nil {
-		return nil, err
-	}
-	defer file.Close()
-
-	return LoadPEMPrivKey(file)
-}
-
-// LoadPEMPrivKey reads a PEM encoded RSA private key from the io.Reader.
-// A new RSA private key will be returned if no error.
-func LoadPEMPrivKey(reader io.Reader) (*rsa.PrivateKey, error) {
-	block, err := loadPem(reader)
-	if err != nil {
-		return nil, err
-	}
-
-	return x509.ParsePKCS1PrivateKey(block.Bytes)
-}
-
-// LoadEncryptedPEMPrivKey decrypts the PEM encoded private key using the
-// password provided returning a RSA private key. If the PEM data is invalid,
-// or unable to decrypt an error will be returned.
-func LoadEncryptedPEMPrivKey(reader io.Reader, password []byte) (*rsa.PrivateKey, error) {
-	block, err := loadPem(reader)
-	if err != nil {
-		return nil, err
-	}
-
-	decryptedBlock, err := x509.DecryptPEMBlock(block, password)
-	if err != nil {
-		return nil, err
-	}
-
-	return x509.ParsePKCS1PrivateKey(decryptedBlock)
-}
-
-func loadPem(reader io.Reader) (*pem.Block, error) {
-	b, err := ioutil.ReadAll(reader)
-	if err != nil {
-		return nil, err
-	}
-
-	block, _ := pem.Decode(b)
-	if block == nil {
-		// pem.Decode will set block to nil if there is no PEM data in the input
-		// the second parameter will contain the provided bytes that failed
-		// to be decoded.
-		return nil, fmt.Errorf("no valid PEM data provided")
-	}
-
-	return block, nil
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/service/cloudfront/sign/randomreader.go b/vendor/github.com/aws/aws-sdk-go/service/cloudfront/sign/randomreader.go
deleted file mode 100644
index 7138e22fa..000000000
--- a/vendor/github.com/aws/aws-sdk-go/service/cloudfront/sign/randomreader.go
+++ /dev/null
@@ -1,30 +0,0 @@
-package sign
-
-import (
-	"bytes"
-	"encoding/binary"
-	"math/rand"
-)
-
-// A randomReader wraps a math/rand.Rand within an reader so that it can used
-// as a predictable testing replacement for crypto/rand.Reader
-type randomReader struct {
-	b *bytes.Buffer
-	r *rand.Rand
-}
-
-// newRandomReader returns a new instance of the random reader
-func newRandomReader(r *rand.Rand) *randomReader {
-	return &randomReader{b: &bytes.Buffer{}, r: r}
-}
-
-// Read will read random bytes from up to the length of b.
-func (m *randomReader) Read(b []byte) (int, error) {
-	for i := 0; i < len(b); {
-		binary.Write(m.b, binary.LittleEndian, m.r.Int63())
-		n, _ := m.b.Read(b[i:])
-		i += n
-	}
-
-	return len(b), nil
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/service/cloudfront/sign/sign_cookie.go b/vendor/github.com/aws/aws-sdk-go/service/cloudfront/sign/sign_cookie.go
deleted file mode 100644
index 3c0cf3ac6..000000000
--- a/vendor/github.com/aws/aws-sdk-go/service/cloudfront/sign/sign_cookie.go
+++ /dev/null
@@ -1,243 +0,0 @@
-package sign
-
-import (
-	"crypto/rsa"
-	"fmt"
-	"net/http"
-	"strings"
-	"time"
-)
-
-const (
-	// CookiePolicyName name of the policy cookie
-	CookiePolicyName = "CloudFront-Policy"
-	// CookieSignatureName name of the signature cookie
-	CookieSignatureName = "CloudFront-Signature"
-	// CookieKeyIDName name of the signing Key ID cookie
-	CookieKeyIDName = "CloudFront-Key-Pair-Id"
-)
-
-// A CookieOptions optional additional options that can be applied to the signed
-// cookies.
-type CookieOptions struct {
-	Path   string
-	Domain string
-	Secure bool
-}
-
-// apply will integration the options provided into the base cookie options
-// a new copy will be returned. The base CookieOption will not be modified.
-func (o CookieOptions) apply(opts ...func(*CookieOptions)) CookieOptions {
-	if len(opts) == 0 {
-		return o
-	}
-
-	for _, opt := range opts {
-		opt(&o)
-	}
-
-	return o
-}
-
-// A CookieSigner provides signing utilities to sign Cookies for Amazon CloudFront
-// resources. Using a private key and Credential Key Pair key ID the CookieSigner
-// only needs to be created once per Credential Key Pair key ID and private key.
-//
-// More information about signed Cookies and their structure can be found at:
-// http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-setting-signed-cookie-custom-policy.html
-//
-// To sign a Cookie, create a CookieSigner with your private key and credential
-// pair key ID. Once you have a CookieSigner instance you can call Sign or
-// SignWithPolicy to sign the URLs.
-//
-// The signer is safe to use concurrently, but the optional cookies options
-// are not safe to modify concurrently.
-type CookieSigner struct {
-	keyID   string
-	privKey *rsa.PrivateKey
-
-	Opts CookieOptions
-}
-
-// NewCookieSigner constructs and returns a new CookieSigner to be used to for
-// signing Amazon CloudFront URL resources with.
-func NewCookieSigner(keyID string, privKey *rsa.PrivateKey, opts ...func(*CookieOptions)) *CookieSigner {
-	signer := &CookieSigner{
-		keyID:   keyID,
-		privKey: privKey,
-		Opts:    CookieOptions{}.apply(opts...),
-	}
-
-	return signer
-}
-
-// Sign returns the cookies needed to allow user agents to make arbetrary
-// requests to cloudfront for the resource(s) defined by the policy.
-//
-// Sign will create a CloudFront policy with only a resource and condition of
-// DateLessThan equal to the expires time provided.
-//
-// The returned slice cookies should all be added to the Client's cookies or
-// server's response.
-//
-// Example:
-//
-//	s := sign.NewCookieSigner(keyID, privKey)
-//
-//	// Get Signed cookies for a resource that will expire in 1 hour
-//	cookies, err := s.Sign("*", time.Now().Add(1 * time.Hour))
-//	if err != nil {
-//	    fmt.Println("failed to create signed cookies", err)
-//	    return
-//	}
-//
-//	// Or get Signed cookies for a resource that will expire in 1 hour
-//	// and set path and domain of cookies
-//	cookies, err := s.Sign("*", time.Now().Add(1 * time.Hour), func(o *sign.CookieOptions) {
-//	    o.Path = "/"
-//	    o.Domain = ".example.com"
-//	})
-//	if err != nil {
-//	    fmt.Println("failed to create signed cookies", err)
-//	    return
-//	}
-//
-//	// Server Response via http.ResponseWriter
-//	for _, c := range cookies {
-//	    http.SetCookie(w, c)
-//	}
-//
-//	// Client request via the cookie jar
-//	if client.CookieJar != nil {
-//	    for _, c := range cookies {
-//	       client.Cookie(w, c)
-//	    }
-//	}
-func (s CookieSigner) Sign(u string, expires time.Time, opts ...func(*CookieOptions)) ([]*http.Cookie, error) {
-	scheme, err := cookieURLScheme(u)
-	if err != nil {
-		return nil, err
-	}
-
-	resource, err := CreateResource(scheme, u)
-	if err != nil {
-		return nil, err
-	}
-
-	p := NewCannedPolicy(resource, expires)
-	return createCookies(p, s.keyID, s.privKey, s.Opts.apply(opts...))
-}
-
-// Returns and validates the URL's scheme.
-// http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-setting-signed-cookie-custom-policy.html#private-content-custom-policy-statement-cookies
-func cookieURLScheme(u string) (string, error) {
-	parts := strings.SplitN(u, "://", 2)
-	if len(parts) != 2 {
-		return "", fmt.Errorf("invalid cookie URL, missing scheme")
-	}
-
-	scheme := strings.ToLower(parts[0])
-	if scheme != "http" && scheme != "https" && scheme != "http*" {
-		return "", fmt.Errorf("invalid cookie URL scheme. Expect http, https, or http*. Go, %s", scheme)
-	}
-
-	return scheme, nil
-}
-
-// SignWithPolicy returns the cookies needed to allow user agents to make
-// arbetrairy requets to cloudfront for the resource(s) defined by the policy.
-//
-// The returned slice cookies should all be added to the Client's cookies or
-// server's response.
-//
-// Example:
-//
-//	s := sign.NewCookieSigner(keyID, privKey)
-//
-//	policy := &sign.Policy{
-//	    Statements: []sign.Statement{
-//	        {
-//	            // Read the provided documentation on how to set this
-//	            // correctly, you'll probably want to use wildcards.
-//	            Resource: rawCloudFrontURL,
-//	            Condition: sign.Condition{
-//	                // Optional IP source address range
-//	                IPAddress: &sign.IPAddress{SourceIP: "192.0.2.0/24"},
-//	                // Optional date URL is not valid until
-//	                DateGreaterThan: &sign.AWSEpochTime{time.Now().Add(30 * time.Minute)},
-//	                // Required date the URL will expire after
-//	                DateLessThan: &sign.AWSEpochTime{time.Now().Add(1 * time.Hour)},
-//	            },
-//	        },
-//	    },
-//	}
-//
-//	// Get Signed cookies for a resource that will expire in 1 hour
-//	cookies, err := s.SignWithPolicy(policy)
-//	if err != nil {
-//	    fmt.Println("failed to create signed cookies", err)
-//	    return
-//	}
-//
-//	// Or get Signed cookies for a resource that will expire in 1 hour
-//	// and set path and domain of cookies
-//	cookies, err := s.SignWithPolicy(policy, func(o *sign.CookieOptions) {
-//	    o.Path = "/"
-//	    o.Domain = ".example.com"
-//	})
-//	if err != nil {
-//	    fmt.Println("failed to create signed cookies", err)
-//	    return
-//	}
-//
-//	// Server Response via http.ResponseWriter
-//	for _, c := range cookies {
-//	    http.SetCookie(w, c)
-//	}
-//
-//	// Client request via the cookie jar
-//	if client.CookieJar != nil {
-//	    for _, c := range cookies {
-//	       client.Cookie(w, c)
-//	    }
-//	}
-func (s CookieSigner) SignWithPolicy(p *Policy, opts ...func(*CookieOptions)) ([]*http.Cookie, error) {
-	return createCookies(p, s.keyID, s.privKey, s.Opts.apply(opts...))
-}
-
-// Prepares the cookies to be attached to the header. An (optional) options
-// struct is provided in case people don't want to manually edit their cookies.
-func createCookies(p *Policy, keyID string, privKey *rsa.PrivateKey, opt CookieOptions) ([]*http.Cookie, error) {
-	b64Sig, b64Policy, err := p.Sign(privKey)
-	if err != nil {
-		return nil, err
-	}
-
-	// Creates proper cookies
-	cPolicy := &http.Cookie{
-		Name:     CookiePolicyName,
-		Value:    string(b64Policy),
-		HttpOnly: true,
-	}
-	cSignature := &http.Cookie{
-		Name:     CookieSignatureName,
-		Value:    string(b64Sig),
-		HttpOnly: true,
-	}
-	cKey := &http.Cookie{
-		Name:     CookieKeyIDName,
-		Value:    keyID,
-		HttpOnly: true,
-	}
-
-	cookies := []*http.Cookie{cPolicy, cSignature, cKey}
-
-	// Applie the cookie options
-	for _, c := range cookies {
-		c.Path = opt.Path
-		c.Domain = opt.Domain
-		c.Secure = opt.Secure
-	}
-
-	return cookies, nil
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/service/cloudfront/sign/sign_url.go b/vendor/github.com/aws/aws-sdk-go/service/cloudfront/sign/sign_url.go
deleted file mode 100644
index 80c427e76..000000000
--- a/vendor/github.com/aws/aws-sdk-go/service/cloudfront/sign/sign_url.go
+++ /dev/null
@@ -1,202 +0,0 @@
-// Package sign provides utilities to generate signed URLs for Amazon CloudFront.
-//
-// More information about signed URLs and their structure can be found at:
-// http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-creating-signed-url-canned-policy.html
-//
-// To sign a URL create a URLSigner with your private key and credential pair key ID.
-// Once you have a URLSigner instance you can call Sign or SignWithPolicy to
-// sign the URLs.
-//
-// Example:
-//
-//	// Sign URL to be valid for 1 hour from now.
-//	signer := sign.NewURLSigner(keyID, privKey)
-//	signedURL, err := signer.Sign(rawURL, time.Now().Add(1*time.Hour))
-//	if err != nil {
-//	    log.Fatalf("Failed to sign url, err: %s\n", err.Error())
-//	}
-package sign
-
-import (
-	"crypto/rsa"
-	"fmt"
-	"net/url"
-	"strings"
-	"time"
-)
-
-// An URLSigner provides URL signing utilities to sign URLs for Amazon CloudFront
-// resources. Using a private key and Credential Key Pair key ID the URLSigner
-// only needs to be created once per Credential Key Pair key ID and private key.
-//
-// The signer is safe to use concurrently.
-type URLSigner struct {
-	keyID   string
-	privKey *rsa.PrivateKey
-}
-
-// NewURLSigner constructs and returns a new URLSigner to be used to for signing
-// Amazon CloudFront URL resources with.
-func NewURLSigner(keyID string, privKey *rsa.PrivateKey) *URLSigner {
-	return &URLSigner{
-		keyID:   keyID,
-		privKey: privKey,
-	}
-}
-
-// Sign will sign a single URL to expire at the time of expires sign using the
-// Amazon CloudFront default Canned Policy. The URL will be signed with the
-// private key and Credential Key Pair Key ID previously provided to URLSigner.
-//
-// This is the default method of signing Amazon CloudFront URLs. If extra policy
-// conditions are need other than URL expiry use SignWithPolicy instead.
-//
-// Example:
-//
-//	// Sign URL to be valid for 1 hour from now.
-//	signer := sign.NewURLSigner(keyID, privKey)
-//	signedURL, err := signer.Sign(rawURL, time.Now().Add(1*time.Hour))
-//	if err != nil {
-//	    log.Fatalf("Failed to sign url, err: %s\n", err.Error())
-//	}
-func (s URLSigner) Sign(url string, expires time.Time) (string, error) {
-	scheme, cleanedURL, err := cleanURLScheme(url)
-	if err != nil {
-		return "", err
-	}
-
-	resource, err := CreateResource(scheme, url)
-	if err != nil {
-		return "", err
-	}
-
-	return signURL(scheme, cleanedURL, s.keyID, NewCannedPolicy(resource, expires), false, s.privKey)
-}
-
-// SignWithPolicy will sign a URL with the Policy provided.  The URL will be
-// signed with the private key and Credential Key Pair Key ID previously provided to URLSigner.
-//
-// Use this signing method if you are looking to sign a URL with more than just
-// the URL's expiry time, or reusing Policies between multiple URL signings.
-// If only the expiry time is needed you can use Sign and provide just the
-// URL's expiry time. A minimum of at least one policy statement is required for a signed URL.
-//
-// Note: It is not safe to use Polices between multiple signers concurrently
-//
-// Example:
-//
-//	// Sign URL to be valid for 30 minutes from now, expires one hour from now, and
-//	// restricted to the 192.0.2.0/24 IP address range.
-//	policy := &sign.Policy{
-//	    Statements: []sign.Statement{
-//	        {
-//	            Resource: rawURL,
-//	            Condition: sign.Condition{
-//	                // Optional IP source address range
-//	                IPAddress: &sign.IPAddress{SourceIP: "192.0.2.0/24"},
-//	                // Optional date URL is not valid until
-//	                DateGreaterThan: &sign.AWSEpochTime{time.Now().Add(30 * time.Minute)},
-//	                // Required date the URL will expire after
-//	                DateLessThan: &sign.AWSEpochTime{time.Now().Add(1 * time.Hour)},
-//	            },
-//	        },
-//	    },
-//	}
-//
-//	signer := sign.NewURLSigner(keyID, privKey)
-//	signedURL, err := signer.SignWithPolicy(rawURL, policy)
-//	if err != nil {
-//	    log.Fatalf("Failed to sign url, err: %s\n", err.Error())
-//	}
-func (s URLSigner) SignWithPolicy(url string, p *Policy) (string, error) {
-	scheme, cleanedURL, err := cleanURLScheme(url)
-	if err != nil {
-		return "", err
-	}
-
-	return signURL(scheme, cleanedURL, s.keyID, p, true, s.privKey)
-}
-
-func signURL(scheme, url, keyID string, p *Policy, customPolicy bool, privKey *rsa.PrivateKey) (string, error) {
-	// Validation URL elements
-	if err := validateURL(url); err != nil {
-		return "", err
-	}
-
-	b64Signature, b64Policy, err := p.Sign(privKey)
-	if err != nil {
-		return "", err
-	}
-
-	// build and return signed URL
-	builtURL := buildSignedURL(url, keyID, p, customPolicy, b64Policy, b64Signature)
-	if scheme == "rtmp" {
-		return buildRTMPURL(builtURL)
-	}
-
-	return builtURL, nil
-}
-
-func buildSignedURL(baseURL, keyID string, p *Policy, customPolicy bool, b64Policy, b64Signature []byte) string {
-	pred := "?"
-	if strings.Contains(baseURL, "?") {
-		pred = "&"
-	}
-	signedURL := baseURL + pred
-
-	if customPolicy {
-		signedURL += "Policy=" + string(b64Policy)
-	} else {
-		signedURL += fmt.Sprintf("Expires=%d", p.Statements[0].Condition.DateLessThan.UTC().Unix())
-	}
-	signedURL += fmt.Sprintf("&Signature=%s&Key-Pair-Id=%s", string(b64Signature), keyID)
-
-	return signedURL
-}
-
-func buildRTMPURL(u string) (string, error) {
-	parsed, err := url.Parse(u)
-	if err != nil {
-		return "", fmt.Errorf("unable to parse rtmp signed URL, err: %s", err)
-	}
-
-	rtmpURL := strings.TrimLeft(parsed.Path, "/")
-	if parsed.RawQuery != "" {
-		rtmpURL = fmt.Sprintf("%s?%s", rtmpURL, parsed.RawQuery)
-	}
-
-	return rtmpURL, nil
-}
-
-func cleanURLScheme(u string) (scheme, cleanedURL string, err error) {
-	parts := strings.SplitN(u, "://", 2)
-	if len(parts) != 2 {
-		return "", "", fmt.Errorf("invalid URL, missing scheme and domain/path")
-	}
-	scheme = strings.Replace(parts[0], "*", "", 1)
-	cleanedURL = fmt.Sprintf("%s://%s", scheme, parts[1])
-
-	return strings.ToLower(scheme), cleanedURL, nil
-}
-
-var illegalQueryParms = []string{"Expires", "Policy", "Signature", "Key-Pair-Id"}
-
-func validateURL(u string) error {
-	parsed, err := url.Parse(u)
-	if err != nil {
-		return fmt.Errorf("unable to parse URL, err: %s", err.Error())
-	}
-
-	if parsed.Scheme == "" {
-		return fmt.Errorf("URL missing valid scheme, %s", u)
-	}
-
-	q := parsed.Query()
-	for _, p := range illegalQueryParms {
-		if _, ok := q[p]; ok {
-			return fmt.Errorf("%s cannot be a query parameter for a signed URL", p)
-		}
-	}
-
-	return nil
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/api.go b/vendor/github.com/aws/aws-sdk-go/service/s3/api.go
deleted file mode 100644
index 5bb86ce04..000000000
--- a/vendor/github.com/aws/aws-sdk-go/service/s3/api.go
+++ /dev/null
@@ -1,42420 +0,0 @@
-// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
-
-package s3
-
-import (
-	"bytes"
-	"fmt"
-	"io"
-	"sync"
-	"time"
-
-	"github.com/aws/aws-sdk-go/aws"
-	"github.com/aws/aws-sdk-go/aws/awserr"
-	"github.com/aws/aws-sdk-go/aws/awsutil"
-	"github.com/aws/aws-sdk-go/aws/client"
-	"github.com/aws/aws-sdk-go/aws/request"
-	"github.com/aws/aws-sdk-go/aws/signer/v4"
-	"github.com/aws/aws-sdk-go/internal/s3shared/arn"
-	"github.com/aws/aws-sdk-go/private/checksum"
-	"github.com/aws/aws-sdk-go/private/protocol"
-	"github.com/aws/aws-sdk-go/private/protocol/eventstream"
-	"github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi"
-	"github.com/aws/aws-sdk-go/private/protocol/rest"
-	"github.com/aws/aws-sdk-go/private/protocol/restxml"
-)
-
-const opAbortMultipartUpload = "AbortMultipartUpload"
-
-// AbortMultipartUploadRequest generates a "aws/request.Request" representing the
-// client's request for the AbortMultipartUpload operation. The "output" return
-// value will be populated with the request's response once the request completes
-// successfully.
-//
-// Use "Send" method on the returned Request to send the API call to the service.
-// the "output" return value is not valid until after Send returns without error.
-//
-// See AbortMultipartUpload for more information on using the AbortMultipartUpload
-// API call, and error handling.
-//
-// This method is useful when you want to inject custom logic or configuration
-// into the SDK's request lifecycle. Such as custom headers, or retry logic.
-//
-//	// Example sending a request using the AbortMultipartUploadRequest method.
-//	req, resp := client.AbortMultipartUploadRequest(params)
-//
-//	err := req.Send()
-//	if err == nil { // resp is now filled
-//	    fmt.Println(resp)
-//	}
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/AbortMultipartUpload
-func (c *S3) AbortMultipartUploadRequest(input *AbortMultipartUploadInput) (req *request.Request, output *AbortMultipartUploadOutput) {
-	op := &request.Operation{
-		Name:       opAbortMultipartUpload,
-		HTTPMethod: "DELETE",
-		HTTPPath:   "/{Bucket}/{Key+}",
-	}
-
-	if input == nil {
-		input = &AbortMultipartUploadInput{}
-	}
-
-	output = &AbortMultipartUploadOutput{}
-	req = c.newRequest(op, input, output)
-	return
-}
-
-// AbortMultipartUpload API operation for Amazon Simple Storage Service.
-//
-// This action aborts a multipart upload. After a multipart upload is aborted,
-// no additional parts can be uploaded using that upload ID. The storage consumed
-// by any previously uploaded parts will be freed. However, if any part uploads
-// are currently in progress, those part uploads might or might not succeed.
-// As a result, it might be necessary to abort a given multipart upload multiple
-// times in order to completely free all storage consumed by all parts.
-//
-// To verify that all parts have been removed, so you don't get charged for
-// the part storage, you should call the ListParts (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListParts.html)
-// action and ensure that the parts list is empty.
-//
-// For information about permissions required to use the multipart upload, see
-// Multipart Upload and Permissions (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html).
-//
-// The following operations are related to AbortMultipartUpload:
-//
-//   - CreateMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html)
-//
-//   - UploadPart (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html)
-//
-//   - CompleteMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CompleteMultipartUpload.html)
-//
-//   - ListParts (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListParts.html)
-//
-//   - ListMultipartUploads (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListMultipartUploads.html)
-//
-// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
-// with awserr.Error's Code and Message methods to get detailed information about
-// the error.
-//
-// See the AWS API reference guide for Amazon Simple Storage Service's
-// API operation AbortMultipartUpload for usage and error information.
-//
-// Returned Error Codes:
-//   - ErrCodeNoSuchUpload "NoSuchUpload"
-//     The specified multipart upload does not exist.
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/AbortMultipartUpload
-func (c *S3) AbortMultipartUpload(input *AbortMultipartUploadInput) (*AbortMultipartUploadOutput, error) {
-	req, out := c.AbortMultipartUploadRequest(input)
-	return out, req.Send()
-}
-
-// AbortMultipartUploadWithContext is the same as AbortMultipartUpload with the addition of
-// the ability to pass a context and additional request options.
-//
-// See AbortMultipartUpload for details on how to use this API operation.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-func (c *S3) AbortMultipartUploadWithContext(ctx aws.Context, input *AbortMultipartUploadInput, opts ...request.Option) (*AbortMultipartUploadOutput, error) {
-	req, out := c.AbortMultipartUploadRequest(input)
-	req.SetContext(ctx)
-	req.ApplyOptions(opts...)
-	return out, req.Send()
-}
-
-const opCompleteMultipartUpload = "CompleteMultipartUpload"
-
-// CompleteMultipartUploadRequest generates a "aws/request.Request" representing the
-// client's request for the CompleteMultipartUpload operation. The "output" return
-// value will be populated with the request's response once the request completes
-// successfully.
-//
-// Use "Send" method on the returned Request to send the API call to the service.
-// the "output" return value is not valid until after Send returns without error.
-//
-// See CompleteMultipartUpload for more information on using the CompleteMultipartUpload
-// API call, and error handling.
-//
-// This method is useful when you want to inject custom logic or configuration
-// into the SDK's request lifecycle. Such as custom headers, or retry logic.
-//
-//	// Example sending a request using the CompleteMultipartUploadRequest method.
-//	req, resp := client.CompleteMultipartUploadRequest(params)
-//
-//	err := req.Send()
-//	if err == nil { // resp is now filled
-//	    fmt.Println(resp)
-//	}
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/CompleteMultipartUpload
-func (c *S3) CompleteMultipartUploadRequest(input *CompleteMultipartUploadInput) (req *request.Request, output *CompleteMultipartUploadOutput) {
-	op := &request.Operation{
-		Name:       opCompleteMultipartUpload,
-		HTTPMethod: "POST",
-		HTTPPath:   "/{Bucket}/{Key+}",
-	}
-
-	if input == nil {
-		input = &CompleteMultipartUploadInput{}
-	}
-
-	output = &CompleteMultipartUploadOutput{}
-	req = c.newRequest(op, input, output)
-	return
-}
-
-// CompleteMultipartUpload API operation for Amazon Simple Storage Service.
-//
-// Completes a multipart upload by assembling previously uploaded parts.
-//
-// You first initiate the multipart upload and then upload all parts using the
-// UploadPart (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html)
-// operation. After successfully uploading all relevant parts of an upload,
-// you call this action to complete the upload. Upon receiving this request,
-// Amazon S3 concatenates all the parts in ascending order by part number to
-// create a new object. In the Complete Multipart Upload request, you must provide
-// the parts list. You must ensure that the parts list is complete. This action
-// concatenates the parts that you provide in the list. For each part in the
-// list, you must provide the part number and the ETag value, returned after
-// that part was uploaded.
-//
-// Processing of a Complete Multipart Upload request could take several minutes
-// to complete. After Amazon S3 begins processing the request, it sends an HTTP
-// response header that specifies a 200 OK response. While processing is in
-// progress, Amazon S3 periodically sends white space characters to keep the
-// connection from timing out. A request could fail after the initial 200 OK
-// response has been sent. This means that a 200 OK response can contain either
-// a success or an error. If you call the S3 API directly, make sure to design
-// your application to parse the contents of the response and handle it appropriately.
-// If you use Amazon Web Services SDKs, SDKs handle this condition. The SDKs
-// detect the embedded error and apply error handling per your configuration
-// settings (including automatically retrying the request as appropriate). If
-// the condition persists, the SDKs throws an exception (or, for the SDKs that
-// don't use exceptions, they return the error).
-//
-// Note that if CompleteMultipartUpload fails, applications should be prepared
-// to retry the failed requests. For more information, see Amazon S3 Error Best
-// Practices (https://docs.aws.amazon.com/AmazonS3/latest/dev/ErrorBestPractices.html).
-//
-// You cannot use Content-Type: application/x-www-form-urlencoded with Complete
-// Multipart Upload requests. Also, if you do not provide a Content-Type header,
-// CompleteMultipartUpload returns a 200 OK response.
-//
-// For more information about multipart uploads, see Uploading Objects Using
-// Multipart Upload (https://docs.aws.amazon.com/AmazonS3/latest/dev/uploadobjusingmpu.html).
-//
-// For information about permissions required to use the multipart upload API,
-// see Multipart Upload and Permissions (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html).
-//
-// CompleteMultipartUpload has the following special errors:
-//
-//   - Error code: EntityTooSmall Description: Your proposed upload is smaller
-//     than the minimum allowed object size. Each part must be at least 5 MB
-//     in size, except the last part. 400 Bad Request
-//
-//   - Error code: InvalidPart Description: One or more of the specified parts
-//     could not be found. The part might not have been uploaded, or the specified
-//     entity tag might not have matched the part's entity tag. 400 Bad Request
-//
-//   - Error code: InvalidPartOrder Description: The list of parts was not
-//     in ascending order. The parts list must be specified in order by part
-//     number. 400 Bad Request
-//
-//   - Error code: NoSuchUpload Description: The specified multipart upload
-//     does not exist. The upload ID might be invalid, or the multipart upload
-//     might have been aborted or completed. 404 Not Found
-//
-// The following operations are related to CompleteMultipartUpload:
-//
-//   - CreateMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html)
-//
-//   - UploadPart (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html)
-//
-//   - AbortMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_AbortMultipartUpload.html)
-//
-//   - ListParts (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListParts.html)
-//
-//   - ListMultipartUploads (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListMultipartUploads.html)
-//
-// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
-// with awserr.Error's Code and Message methods to get detailed information about
-// the error.
-//
-// See the AWS API reference guide for Amazon Simple Storage Service's
-// API operation CompleteMultipartUpload for usage and error information.
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/CompleteMultipartUpload
-func (c *S3) CompleteMultipartUpload(input *CompleteMultipartUploadInput) (*CompleteMultipartUploadOutput, error) {
-	req, out := c.CompleteMultipartUploadRequest(input)
-	return out, req.Send()
-}
-
-// CompleteMultipartUploadWithContext is the same as CompleteMultipartUpload with the addition of
-// the ability to pass a context and additional request options.
-//
-// See CompleteMultipartUpload for details on how to use this API operation.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-func (c *S3) CompleteMultipartUploadWithContext(ctx aws.Context, input *CompleteMultipartUploadInput, opts ...request.Option) (*CompleteMultipartUploadOutput, error) {
-	req, out := c.CompleteMultipartUploadRequest(input)
-	req.SetContext(ctx)
-	req.ApplyOptions(opts...)
-	return out, req.Send()
-}
-
-const opCopyObject = "CopyObject"
-
-// CopyObjectRequest generates a "aws/request.Request" representing the
-// client's request for the CopyObject operation. The "output" return
-// value will be populated with the request's response once the request completes
-// successfully.
-//
-// Use "Send" method on the returned Request to send the API call to the service.
-// the "output" return value is not valid until after Send returns without error.
-//
-// See CopyObject for more information on using the CopyObject
-// API call, and error handling.
-//
-// This method is useful when you want to inject custom logic or configuration
-// into the SDK's request lifecycle. Such as custom headers, or retry logic.
-//
-//	// Example sending a request using the CopyObjectRequest method.
-//	req, resp := client.CopyObjectRequest(params)
-//
-//	err := req.Send()
-//	if err == nil { // resp is now filled
-//	    fmt.Println(resp)
-//	}
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/CopyObject
-func (c *S3) CopyObjectRequest(input *CopyObjectInput) (req *request.Request, output *CopyObjectOutput) {
-	op := &request.Operation{
-		Name:       opCopyObject,
-		HTTPMethod: "PUT",
-		HTTPPath:   "/{Bucket}/{Key+}",
-	}
-
-	if input == nil {
-		input = &CopyObjectInput{}
-	}
-
-	output = &CopyObjectOutput{}
-	req = c.newRequest(op, input, output)
-	return
-}
-
-// CopyObject API operation for Amazon Simple Storage Service.
-//
-// Creates a copy of an object that is already stored in Amazon S3.
-//
-// You can store individual objects of up to 5 TB in Amazon S3. You create a
-// copy of your object up to 5 GB in size in a single atomic action using this
-// API. However, to copy an object greater than 5 GB, you must use the multipart
-// upload Upload Part - Copy (UploadPartCopy) API. For more information, see
-// Copy Object Using the REST Multipart Upload API (https://docs.aws.amazon.com/AmazonS3/latest/dev/CopyingObjctsUsingRESTMPUapi.html).
-//
-// All copy requests must be authenticated. Additionally, you must have read
-// access to the source object and write access to the destination bucket. For
-// more information, see REST Authentication (https://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html).
-// Both the Region that you want to copy the object from and the Region that
-// you want to copy the object to must be enabled for your account.
-//
-// A copy request might return an error when Amazon S3 receives the copy request
-// or while Amazon S3 is copying the files. If the error occurs before the copy
-// action starts, you receive a standard Amazon S3 error. If the error occurs
-// during the copy operation, the error response is embedded in the 200 OK response.
-// This means that a 200 OK response can contain either a success or an error.
-// If you call the S3 API directly, make sure to design your application to
-// parse the contents of the response and handle it appropriately. If you use
-// Amazon Web Services SDKs, SDKs handle this condition. The SDKs detect the
-// embedded error and apply error handling per your configuration settings (including
-// automatically retrying the request as appropriate). If the condition persists,
-// the SDKs throws an exception (or, for the SDKs that don't use exceptions,
-// they return the error).
-//
-// If the copy is successful, you receive a response with information about
-// the copied object.
-//
-// If the request is an HTTP 1.1 request, the response is chunk encoded. If
-// it were not, it would not contain the content-length, and you would need
-// to read the entire body.
-//
-// The copy request charge is based on the storage class and Region that you
-// specify for the destination object. For pricing information, see Amazon S3
-// pricing (http://aws.amazon.com/s3/pricing/).
-//
-// Amazon S3 transfer acceleration does not support cross-Region copies. If
-// you request a cross-Region copy using a transfer acceleration endpoint, you
-// get a 400 Bad Request error. For more information, see Transfer Acceleration
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/transfer-acceleration.html).
-//
-// # Metadata
-//
-// When copying an object, you can preserve all metadata (the default) or specify
-// new metadata. However, the access control list (ACL) is not preserved and
-// is set to private for the user making the request. To override the default
-// ACL setting, specify a new ACL when generating a copy request. For more information,
-// see Using ACLs (https://docs.aws.amazon.com/AmazonS3/latest/dev/S3_ACLs_UsingACLs.html).
-//
-// To specify whether you want the object metadata copied from the source object
-// or replaced with metadata provided in the request, you can optionally add
-// the x-amz-metadata-directive header. When you grant permissions, you can
-// use the s3:x-amz-metadata-directive condition key to enforce certain metadata
-// behavior when objects are uploaded. For more information, see Specifying
-// Conditions in a Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/amazon-s3-policy-keys.html)
-// in the Amazon S3 User Guide. For a complete list of Amazon S3-specific condition
-// keys, see Actions, Resources, and Condition Keys for Amazon S3 (https://docs.aws.amazon.com/AmazonS3/latest/dev/list_amazons3.html).
-//
-// x-amz-website-redirect-location is unique to each object and must be specified
-// in the request headers to copy the value.
-//
-// x-amz-copy-source-if Headers
-//
-// To only copy an object under certain conditions, such as whether the Etag
-// matches or whether the object was modified before or after a specified date,
-// use the following request parameters:
-//
-//   - x-amz-copy-source-if-match
-//
-//   - x-amz-copy-source-if-none-match
-//
-//   - x-amz-copy-source-if-unmodified-since
-//
-//   - x-amz-copy-source-if-modified-since
-//
-// If both the x-amz-copy-source-if-match and x-amz-copy-source-if-unmodified-since
-// headers are present in the request and evaluate as follows, Amazon S3 returns
-// 200 OK and copies the data:
-//
-//   - x-amz-copy-source-if-match condition evaluates to true
-//
-//   - x-amz-copy-source-if-unmodified-since condition evaluates to false
-//
-// If both the x-amz-copy-source-if-none-match and x-amz-copy-source-if-modified-since
-// headers are present in the request and evaluate as follows, Amazon S3 returns
-// the 412 Precondition Failed response code:
-//
-//   - x-amz-copy-source-if-none-match condition evaluates to false
-//
-//   - x-amz-copy-source-if-modified-since condition evaluates to true
-//
-// All headers with the x-amz- prefix, including x-amz-copy-source, must be
-// signed.
-//
-// # Server-side encryption
-//
-// Amazon S3 automatically encrypts all new objects that are copied to an S3
-// bucket. When copying an object, if you don't specify encryption information
-// in your copy request, the encryption setting of the target object is set
-// to the default encryption configuration of the destination bucket. By default,
-// all buckets have a base level of encryption configuration that uses server-side
-// encryption with Amazon S3 managed keys (SSE-S3). If the destination bucket
-// has a default encryption configuration that uses server-side encryption with
-// Key Management Service (KMS) keys (SSE-KMS), dual-layer server-side encryption
-// with Amazon Web Services KMS keys (DSSE-KMS), or server-side encryption with
-// customer-provided encryption keys (SSE-C), Amazon S3 uses the corresponding
-// KMS key, or a customer-provided key to encrypt the target object copy.
-//
-// When you perform a CopyObject operation, if you want to use a different type
-// of encryption setting for the target object, you can use other appropriate
-// encryption-related headers to encrypt the target object with a KMS key, an
-// Amazon S3 managed key, or a customer-provided key. With server-side encryption,
-// Amazon S3 encrypts your data as it writes your data to disks in its data
-// centers and decrypts the data when you access it. If the encryption setting
-// in your request is different from the default encryption configuration of
-// the destination bucket, the encryption setting in your request takes precedence.
-// If the source object for the copy is stored in Amazon S3 using SSE-C, you
-// must provide the necessary encryption information in your request so that
-// Amazon S3 can decrypt the object for copying. For more information about
-// server-side encryption, see Using Server-Side Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html).
-//
-// If a target object uses SSE-KMS, you can enable an S3 Bucket Key for the
-// object. For more information, see Amazon S3 Bucket Keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-key.html)
-// in the Amazon S3 User Guide.
-//
-// # Access Control List (ACL)-Specific Request Headers
-//
-// When copying an object, you can optionally use headers to grant ACL-based
-// permissions. By default, all objects are private. Only the owner has full
-// access control. When adding a new object, you can grant permissions to individual
-// Amazon Web Services accounts or to predefined groups that are defined by
-// Amazon S3. These permissions are then added to the ACL on the object. For
-// more information, see Access Control List (ACL) Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html)
-// and Managing ACLs Using the REST API (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-using-rest-api.html).
-//
-// If the bucket that you're copying objects to uses the bucket owner enforced
-// setting for S3 Object Ownership, ACLs are disabled and no longer affect permissions.
-// Buckets that use this setting only accept PUT requests that don't specify
-// an ACL or PUT requests that specify bucket owner full control ACLs, such
-// as the bucket-owner-full-control canned ACL or an equivalent form of this
-// ACL expressed in the XML format.
-//
-// For more information, see Controlling ownership of objects and disabling
-// ACLs (https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html)
-// in the Amazon S3 User Guide.
-//
-// If your bucket uses the bucket owner enforced setting for Object Ownership,
-// all objects written to the bucket by any account will be owned by the bucket
-// owner.
-//
-// # Checksums
-//
-// When copying an object, if it has a checksum, that checksum will be copied
-// to the new object by default. When you copy the object over, you can optionally
-// specify a different checksum algorithm to use with the x-amz-checksum-algorithm
-// header.
-//
-// # Storage Class Options
-//
-// You can use the CopyObject action to change the storage class of an object
-// that is already stored in Amazon S3 by using the StorageClass parameter.
-// For more information, see Storage Classes (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html)
-// in the Amazon S3 User Guide.
-//
-// If the source object's storage class is GLACIER, you must restore a copy
-// of this object before you can use it as a source object for the copy operation.
-// For more information, see RestoreObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_RestoreObject.html).
-// For more information, see Copying Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/CopyingObjectsExamples.html).
-//
-// # Versioning
-//
-// By default, x-amz-copy-source header identifies the current version of an
-// object to copy. If the current version is a delete marker, Amazon S3 behaves
-// as if the object was deleted. To copy a different version, use the versionId
-// subresource.
-//
-// If you enable versioning on the target bucket, Amazon S3 generates a unique
-// version ID for the object being copied. This version ID is different from
-// the version ID of the source object. Amazon S3 returns the version ID of
-// the copied object in the x-amz-version-id response header in the response.
-//
-// If you do not enable versioning or suspend it on the target bucket, the version
-// ID that Amazon S3 generates is always null.
-//
-// The following operations are related to CopyObject:
-//
-//   - PutObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html)
-//
-//   - GetObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html)
-//
-// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
-// with awserr.Error's Code and Message methods to get detailed information about
-// the error.
-//
-// See the AWS API reference guide for Amazon Simple Storage Service's
-// API operation CopyObject for usage and error information.
-//
-// Returned Error Codes:
-//   - ErrCodeObjectNotInActiveTierError "ObjectNotInActiveTierError"
-//     The source object of the COPY action is not in the active tier and is only
-//     stored in Amazon S3 Glacier.
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/CopyObject
-func (c *S3) CopyObject(input *CopyObjectInput) (*CopyObjectOutput, error) {
-	req, out := c.CopyObjectRequest(input)
-	return out, req.Send()
-}
-
-// CopyObjectWithContext is the same as CopyObject with the addition of
-// the ability to pass a context and additional request options.
-//
-// See CopyObject for details on how to use this API operation.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-func (c *S3) CopyObjectWithContext(ctx aws.Context, input *CopyObjectInput, opts ...request.Option) (*CopyObjectOutput, error) {
-	req, out := c.CopyObjectRequest(input)
-	req.SetContext(ctx)
-	req.ApplyOptions(opts...)
-	return out, req.Send()
-}
-
-const opCreateBucket = "CreateBucket"
-
-// CreateBucketRequest generates a "aws/request.Request" representing the
-// client's request for the CreateBucket operation. The "output" return
-// value will be populated with the request's response once the request completes
-// successfully.
-//
-// Use "Send" method on the returned Request to send the API call to the service.
-// the "output" return value is not valid until after Send returns without error.
-//
-// See CreateBucket for more information on using the CreateBucket
-// API call, and error handling.
-//
-// This method is useful when you want to inject custom logic or configuration
-// into the SDK's request lifecycle. Such as custom headers, or retry logic.
-//
-//	// Example sending a request using the CreateBucketRequest method.
-//	req, resp := client.CreateBucketRequest(params)
-//
-//	err := req.Send()
-//	if err == nil { // resp is now filled
-//	    fmt.Println(resp)
-//	}
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/CreateBucket
-func (c *S3) CreateBucketRequest(input *CreateBucketInput) (req *request.Request, output *CreateBucketOutput) {
-	op := &request.Operation{
-		Name:       opCreateBucket,
-		HTTPMethod: "PUT",
-		HTTPPath:   "/{Bucket}",
-	}
-
-	if input == nil {
-		input = &CreateBucketInput{}
-	}
-
-	output = &CreateBucketOutput{}
-	req = c.newRequest(op, input, output)
-	return
-}
-
-// CreateBucket API operation for Amazon Simple Storage Service.
-//
-// Creates a new S3 bucket. To create a bucket, you must register with Amazon
-// S3 and have a valid Amazon Web Services Access Key ID to authenticate requests.
-// Anonymous requests are never allowed to create buckets. By creating the bucket,
-// you become the bucket owner.
-//
-// Not every string is an acceptable bucket name. For information about bucket
-// naming restrictions, see Bucket naming rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html).
-//
-// If you want to create an Amazon S3 on Outposts bucket, see Create Bucket
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_CreateBucket.html).
-//
-// By default, the bucket is created in the US East (N. Virginia) Region. You
-// can optionally specify a Region in the request body. You might choose a Region
-// to optimize latency, minimize costs, or address regulatory requirements.
-// For example, if you reside in Europe, you will probably find it advantageous
-// to create buckets in the Europe (Ireland) Region. For more information, see
-// Accessing a bucket (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingBucket.html#access-bucket-intro).
-//
-// If you send your create bucket request to the s3.amazonaws.com endpoint,
-// the request goes to the us-east-1 Region. Accordingly, the signature calculations
-// in Signature Version 4 must use us-east-1 as the Region, even if the location
-// constraint in the request specifies another Region where the bucket is to
-// be created. If you create a bucket in a Region other than US East (N. Virginia),
-// your application must be able to handle 307 redirect. For more information,
-// see Virtual hosting of buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/VirtualHosting.html).
-//
-// # Permissions
-//
-// In addition to s3:CreateBucket, the following permissions are required when
-// your CreateBucket request includes specific headers:
-//
-//   - Access control lists (ACLs) - If your CreateBucket request specifies
-//     access control list (ACL) permissions and the ACL is public-read, public-read-write,
-//     authenticated-read, or if you specify access permissions explicitly through
-//     any other ACL, both s3:CreateBucket and s3:PutBucketAcl permissions are
-//     needed. If the ACL for the CreateBucket request is private or if the request
-//     doesn't specify any ACLs, only s3:CreateBucket permission is needed.
-//
-//   - Object Lock - If ObjectLockEnabledForBucket is set to true in your CreateBucket
-//     request, s3:PutBucketObjectLockConfiguration and s3:PutBucketVersioning
-//     permissions are required.
-//
-//   - S3 Object Ownership - If your CreateBucket request includes the x-amz-object-ownership
-//     header, then the s3:PutBucketOwnershipControls permission is required.
-//     By default, ObjectOwnership is set to BucketOWnerEnforced and ACLs are
-//     disabled. We recommend keeping ACLs disabled, except in uncommon use cases
-//     where you must control access for each object individually. If you want
-//     to change the ObjectOwnership setting, you can use the x-amz-object-ownership
-//     header in your CreateBucket request to set the ObjectOwnership setting
-//     of your choice. For more information about S3 Object Ownership, see Controlling
-//     object ownership (https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html)
-//     in the Amazon S3 User Guide.
-//
-//   - S3 Block Public Access - If your specific use case requires granting
-//     public access to your S3 resources, you can disable Block Public Access.
-//     You can create a new bucket with Block Public Access enabled, then separately
-//     call the DeletePublicAccessBlock (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeletePublicAccessBlock.html)
-//     API. To use this operation, you must have the s3:PutBucketPublicAccessBlock
-//     permission. By default, all Block Public Access settings are enabled for
-//     new buckets. To avoid inadvertent exposure of your resources, we recommend
-//     keeping the S3 Block Public Access settings enabled. For more information
-//     about S3 Block Public Access, see Blocking public access to your Amazon
-//     S3 storage (https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html)
-//     in the Amazon S3 User Guide.
-//
-// If your CreateBucket request sets BucketOwnerEnforced for Amazon S3 Object
-// Ownership and specifies a bucket ACL that provides access to an external
-// Amazon Web Services account, your request fails with a 400 error and returns
-// the InvalidBucketAcLWithObjectOwnership error code. For more information,
-// see Setting Object Ownership on an existing bucket (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-ownership-existing-bucket.html)
-// in the Amazon S3 User Guide.
-//
-// The following operations are related to CreateBucket:
-//
-//   - PutObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html)
-//
-//   - DeleteBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucket.html)
-//
-// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
-// with awserr.Error's Code and Message methods to get detailed information about
-// the error.
-//
-// See the AWS API reference guide for Amazon Simple Storage Service's
-// API operation CreateBucket for usage and error information.
-//
-// Returned Error Codes:
-//
-//   - ErrCodeBucketAlreadyExists "BucketAlreadyExists"
-//     The requested bucket name is not available. The bucket namespace is shared
-//     by all users of the system. Select a different name and try again.
-//
-//   - ErrCodeBucketAlreadyOwnedByYou "BucketAlreadyOwnedByYou"
-//     The bucket you tried to create already exists, and you own it. Amazon S3
-//     returns this error in all Amazon Web Services Regions except in the North
-//     Virginia Region. For legacy compatibility, if you re-create an existing bucket
-//     that you already own in the North Virginia Region, Amazon S3 returns 200
-//     OK and resets the bucket access control lists (ACLs).
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/CreateBucket
-func (c *S3) CreateBucket(input *CreateBucketInput) (*CreateBucketOutput, error) {
-	req, out := c.CreateBucketRequest(input)
-	return out, req.Send()
-}
-
-// CreateBucketWithContext is the same as CreateBucket with the addition of
-// the ability to pass a context and additional request options.
-//
-// See CreateBucket for details on how to use this API operation.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-func (c *S3) CreateBucketWithContext(ctx aws.Context, input *CreateBucketInput, opts ...request.Option) (*CreateBucketOutput, error) {
-	req, out := c.CreateBucketRequest(input)
-	req.SetContext(ctx)
-	req.ApplyOptions(opts...)
-	return out, req.Send()
-}
-
-const opCreateMultipartUpload = "CreateMultipartUpload"
-
-// CreateMultipartUploadRequest generates a "aws/request.Request" representing the
-// client's request for the CreateMultipartUpload operation. The "output" return
-// value will be populated with the request's response once the request completes
-// successfully.
-//
-// Use "Send" method on the returned Request to send the API call to the service.
-// the "output" return value is not valid until after Send returns without error.
-//
-// See CreateMultipartUpload for more information on using the CreateMultipartUpload
-// API call, and error handling.
-//
-// This method is useful when you want to inject custom logic or configuration
-// into the SDK's request lifecycle. Such as custom headers, or retry logic.
-//
-//	// Example sending a request using the CreateMultipartUploadRequest method.
-//	req, resp := client.CreateMultipartUploadRequest(params)
-//
-//	err := req.Send()
-//	if err == nil { // resp is now filled
-//	    fmt.Println(resp)
-//	}
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/CreateMultipartUpload
-func (c *S3) CreateMultipartUploadRequest(input *CreateMultipartUploadInput) (req *request.Request, output *CreateMultipartUploadOutput) {
-	op := &request.Operation{
-		Name:       opCreateMultipartUpload,
-		HTTPMethod: "POST",
-		HTTPPath:   "/{Bucket}/{Key+}?uploads",
-	}
-
-	if input == nil {
-		input = &CreateMultipartUploadInput{}
-	}
-
-	output = &CreateMultipartUploadOutput{}
-	req = c.newRequest(op, input, output)
-	return
-}
-
-// CreateMultipartUpload API operation for Amazon Simple Storage Service.
-//
-// This action initiates a multipart upload and returns an upload ID. This upload
-// ID is used to associate all of the parts in the specific multipart upload.
-// You specify this upload ID in each of your subsequent upload part requests
-// (see UploadPart (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html)).
-// You also include this upload ID in the final request to either complete or
-// abort the multipart upload request.
-//
-// For more information about multipart uploads, see Multipart Upload Overview
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html).
-//
-// If you have configured a lifecycle rule to abort incomplete multipart uploads,
-// the upload must complete within the number of days specified in the bucket
-// lifecycle configuration. Otherwise, the incomplete multipart upload becomes
-// eligible for an abort action and Amazon S3 aborts the multipart upload. For
-// more information, see Aborting Incomplete Multipart Uploads Using a Bucket
-// Lifecycle Configuration (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html#mpu-abort-incomplete-mpu-lifecycle-config).
-//
-// For information about the permissions required to use the multipart upload
-// API, see Multipart Upload and Permissions (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html).
-//
-// For request signing, multipart upload is just a series of regular requests.
-// You initiate a multipart upload, send one or more requests to upload parts,
-// and then complete the multipart upload process. You sign each request individually.
-// There is nothing special about signing multipart upload requests. For more
-// information about signing, see Authenticating Requests (Amazon Web Services
-// Signature Version 4) (https://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-authenticating-requests.html).
-//
-// After you initiate a multipart upload and upload one or more parts, to stop
-// being charged for storing the uploaded parts, you must either complete or
-// abort the multipart upload. Amazon S3 frees up the space used to store the
-// parts and stop charging you for storing them only after you either complete
-// or abort a multipart upload.
-//
-// Server-side encryption is for data encryption at rest. Amazon S3 encrypts
-// your data as it writes it to disks in its data centers and decrypts it when
-// you access it. Amazon S3 automatically encrypts all new objects that are
-// uploaded to an S3 bucket. When doing a multipart upload, if you don't specify
-// encryption information in your request, the encryption setting of the uploaded
-// parts is set to the default encryption configuration of the destination bucket.
-// By default, all buckets have a base level of encryption configuration that
-// uses server-side encryption with Amazon S3 managed keys (SSE-S3). If the
-// destination bucket has a default encryption configuration that uses server-side
-// encryption with an Key Management Service (KMS) key (SSE-KMS), or a customer-provided
-// encryption key (SSE-C), Amazon S3 uses the corresponding KMS key, or a customer-provided
-// key to encrypt the uploaded parts. When you perform a CreateMultipartUpload
-// operation, if you want to use a different type of encryption setting for
-// the uploaded parts, you can request that Amazon S3 encrypts the object with
-// a KMS key, an Amazon S3 managed key, or a customer-provided key. If the encryption
-// setting in your request is different from the default encryption configuration
-// of the destination bucket, the encryption setting in your request takes precedence.
-// If you choose to provide your own encryption key, the request headers you
-// provide in UploadPart (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html)
-// and UploadPartCopy (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html)
-// requests must match the headers you used in the request to initiate the upload
-// by using CreateMultipartUpload. You can request that Amazon S3 save the uploaded
-// parts encrypted with server-side encryption with an Amazon S3 managed key
-// (SSE-S3), an Key Management Service (KMS) key (SSE-KMS), or a customer-provided
-// encryption key (SSE-C).
-//
-// To perform a multipart upload with encryption by using an Amazon Web Services
-// KMS key, the requester must have permission to the kms:Decrypt and kms:GenerateDataKey*
-// actions on the key. These permissions are required because Amazon S3 must
-// decrypt and read data from the encrypted file parts before it completes the
-// multipart upload. For more information, see Multipart upload API and permissions
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/mpuoverview.html#mpuAndPermissions)
-// and Protecting data using server-side encryption with Amazon Web Services
-// KMS (https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html)
-// in the Amazon S3 User Guide.
-//
-// If your Identity and Access Management (IAM) user or role is in the same
-// Amazon Web Services account as the KMS key, then you must have these permissions
-// on the key policy. If your IAM user or role belongs to a different account
-// than the key, then you must have the permissions on both the key policy and
-// your IAM user or role.
-//
-// For more information, see Protecting Data Using Server-Side Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html).
-//
-// # Access Permissions
-//
-// When copying an object, you can optionally specify the accounts or groups
-// that should be granted specific permissions on the new object. There are
-// two ways to grant the permissions using the request headers:
-//
-//   - Specify a canned ACL with the x-amz-acl request header. For more information,
-//     see Canned ACL (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL).
-//
-//   - Specify access permissions explicitly with the x-amz-grant-read, x-amz-grant-read-acp,
-//     x-amz-grant-write-acp, and x-amz-grant-full-control headers. These parameters
-//     map to the set of permissions that Amazon S3 supports in an ACL. For more
-//     information, see Access Control List (ACL) Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html).
-//
-// You can use either a canned ACL or specify access permissions explicitly.
-// You cannot do both.
-//
-// # Server-Side- Encryption-Specific Request Headers
-//
-// Amazon S3 encrypts data by using server-side encryption with an Amazon S3
-// managed key (SSE-S3) by default. Server-side encryption is for data encryption
-// at rest. Amazon S3 encrypts your data as it writes it to disks in its data
-// centers and decrypts it when you access it. You can request that Amazon S3
-// encrypts data at rest by using server-side encryption with other key options.
-// The option you use depends on whether you want to use KMS keys (SSE-KMS)
-// or provide your own encryption keys (SSE-C).
-//
-//   - Use KMS keys (SSE-KMS) that include the Amazon Web Services managed
-//     key (aws/s3) and KMS customer managed keys stored in Key Management Service
-//     (KMS) – If you want Amazon Web Services to manage the keys used to encrypt
-//     data, specify the following headers in the request. x-amz-server-side-encryption
-//     x-amz-server-side-encryption-aws-kms-key-id x-amz-server-side-encryption-context
-//     If you specify x-amz-server-side-encryption:aws:kms, but don't provide
-//     x-amz-server-side-encryption-aws-kms-key-id, Amazon S3 uses the Amazon
-//     Web Services managed key (aws/s3 key) in KMS to protect the data. All
-//     GET and PUT requests for an object protected by KMS fail if you don't
-//     make them by using Secure Sockets Layer (SSL), Transport Layer Security
-//     (TLS), or Signature Version 4. For more information about server-side
-//     encryption with KMS keys (SSE-KMS), see Protecting Data Using Server-Side
-//     Encryption with KMS keys (https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html).
-//
-//   - Use customer-provided encryption keys (SSE-C) – If you want to manage
-//     your own encryption keys, provide all the following headers in the request.
-//     x-amz-server-side-encryption-customer-algorithm x-amz-server-side-encryption-customer-key
-//     x-amz-server-side-encryption-customer-key-MD5 For more information about
-//     server-side encryption with customer-provided encryption keys (SSE-C),
-//     see Protecting data using server-side encryption with customer-provided
-//     encryption keys (SSE-C) (https://docs.aws.amazon.com/AmazonS3/latest/userguide/ServerSideEncryptionCustomerKeys.html).
-//
-// # Access-Control-List (ACL)-Specific Request Headers
-//
-// You also can use the following access control–related headers with this
-// operation. By default, all objects are private. Only the owner has full access
-// control. When adding a new object, you can grant permissions to individual
-// Amazon Web Services accounts or to predefined groups defined by Amazon S3.
-// These permissions are then added to the access control list (ACL) on the
-// object. For more information, see Using ACLs (https://docs.aws.amazon.com/AmazonS3/latest/dev/S3_ACLs_UsingACLs.html).
-// With this operation, you can grant access permissions using one of the following
-// two methods:
-//
-//   - Specify a canned ACL (x-amz-acl) — Amazon S3 supports a set of predefined
-//     ACLs, known as canned ACLs. Each canned ACL has a predefined set of grantees
-//     and permissions. For more information, see Canned ACL (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL).
-//
-//   - Specify access permissions explicitly — To explicitly grant access
-//     permissions to specific Amazon Web Services accounts or groups, use the
-//     following headers. Each header maps to specific permissions that Amazon
-//     S3 supports in an ACL. For more information, see Access Control List (ACL)
-//     Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html).
-//     In the header, you specify a list of grantees who get the specific permission.
-//     To grant permissions explicitly, use: x-amz-grant-read x-amz-grant-write
-//     x-amz-grant-read-acp x-amz-grant-write-acp x-amz-grant-full-control You
-//     specify each grantee as a type=value pair, where the type is one of the
-//     following: id – if the value specified is the canonical user ID of an
-//     Amazon Web Services account uri – if you are granting permissions to
-//     a predefined group emailAddress – if the value specified is the email
-//     address of an Amazon Web Services account Using email addresses to specify
-//     a grantee is only supported in the following Amazon Web Services Regions:
-//     US East (N. Virginia) US West (N. California) US West (Oregon) Asia Pacific
-//     (Singapore) Asia Pacific (Sydney) Asia Pacific (Tokyo) Europe (Ireland)
-//     South America (São Paulo) For a list of all the Amazon S3 supported Regions
-//     and endpoints, see Regions and Endpoints (https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region)
-//     in the Amazon Web Services General Reference. For example, the following
-//     x-amz-grant-read header grants the Amazon Web Services accounts identified
-//     by account IDs permissions to read object data and its metadata: x-amz-grant-read:
-//     id="11112222333", id="444455556666"
-//
-// The following operations are related to CreateMultipartUpload:
-//
-//   - UploadPart (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html)
-//
-//   - CompleteMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CompleteMultipartUpload.html)
-//
-//   - AbortMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_AbortMultipartUpload.html)
-//
-//   - ListParts (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListParts.html)
-//
-//   - ListMultipartUploads (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListMultipartUploads.html)
-//
-// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
-// with awserr.Error's Code and Message methods to get detailed information about
-// the error.
-//
-// See the AWS API reference guide for Amazon Simple Storage Service's
-// API operation CreateMultipartUpload for usage and error information.
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/CreateMultipartUpload
-func (c *S3) CreateMultipartUpload(input *CreateMultipartUploadInput) (*CreateMultipartUploadOutput, error) {
-	req, out := c.CreateMultipartUploadRequest(input)
-	return out, req.Send()
-}
-
-// CreateMultipartUploadWithContext is the same as CreateMultipartUpload with the addition of
-// the ability to pass a context and additional request options.
-//
-// See CreateMultipartUpload for details on how to use this API operation.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-func (c *S3) CreateMultipartUploadWithContext(ctx aws.Context, input *CreateMultipartUploadInput, opts ...request.Option) (*CreateMultipartUploadOutput, error) {
-	req, out := c.CreateMultipartUploadRequest(input)
-	req.SetContext(ctx)
-	req.ApplyOptions(opts...)
-	return out, req.Send()
-}
-
-const opDeleteBucket = "DeleteBucket"
-
-// DeleteBucketRequest generates a "aws/request.Request" representing the
-// client's request for the DeleteBucket operation. The "output" return
-// value will be populated with the request's response once the request completes
-// successfully.
-//
-// Use "Send" method on the returned Request to send the API call to the service.
-// the "output" return value is not valid until after Send returns without error.
-//
-// See DeleteBucket for more information on using the DeleteBucket
-// API call, and error handling.
-//
-// This method is useful when you want to inject custom logic or configuration
-// into the SDK's request lifecycle. Such as custom headers, or retry logic.
-//
-//	// Example sending a request using the DeleteBucketRequest method.
-//	req, resp := client.DeleteBucketRequest(params)
-//
-//	err := req.Send()
-//	if err == nil { // resp is now filled
-//	    fmt.Println(resp)
-//	}
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucket
-func (c *S3) DeleteBucketRequest(input *DeleteBucketInput) (req *request.Request, output *DeleteBucketOutput) {
-	op := &request.Operation{
-		Name:       opDeleteBucket,
-		HTTPMethod: "DELETE",
-		HTTPPath:   "/{Bucket}",
-	}
-
-	if input == nil {
-		input = &DeleteBucketInput{}
-	}
-
-	output = &DeleteBucketOutput{}
-	req = c.newRequest(op, input, output)
-	req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
-	return
-}
-
-// DeleteBucket API operation for Amazon Simple Storage Service.
-//
-// Deletes the S3 bucket. All objects (including all object versions and delete
-// markers) in the bucket must be deleted before the bucket itself can be deleted.
-//
-// The following operations are related to DeleteBucket:
-//
-//   - CreateBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html)
-//
-//   - DeleteObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObject.html)
-//
-// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
-// with awserr.Error's Code and Message methods to get detailed information about
-// the error.
-//
-// See the AWS API reference guide for Amazon Simple Storage Service's
-// API operation DeleteBucket for usage and error information.
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucket
-func (c *S3) DeleteBucket(input *DeleteBucketInput) (*DeleteBucketOutput, error) {
-	req, out := c.DeleteBucketRequest(input)
-	return out, req.Send()
-}
-
-// DeleteBucketWithContext is the same as DeleteBucket with the addition of
-// the ability to pass a context and additional request options.
-//
-// See DeleteBucket for details on how to use this API operation.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-func (c *S3) DeleteBucketWithContext(ctx aws.Context, input *DeleteBucketInput, opts ...request.Option) (*DeleteBucketOutput, error) {
-	req, out := c.DeleteBucketRequest(input)
-	req.SetContext(ctx)
-	req.ApplyOptions(opts...)
-	return out, req.Send()
-}
-
-const opDeleteBucketAnalyticsConfiguration = "DeleteBucketAnalyticsConfiguration"
-
-// DeleteBucketAnalyticsConfigurationRequest generates a "aws/request.Request" representing the
-// client's request for the DeleteBucketAnalyticsConfiguration operation. The "output" return
-// value will be populated with the request's response once the request completes
-// successfully.
-//
-// Use "Send" method on the returned Request to send the API call to the service.
-// the "output" return value is not valid until after Send returns without error.
-//
-// See DeleteBucketAnalyticsConfiguration for more information on using the DeleteBucketAnalyticsConfiguration
-// API call, and error handling.
-//
-// This method is useful when you want to inject custom logic or configuration
-// into the SDK's request lifecycle. Such as custom headers, or retry logic.
-//
-//	// Example sending a request using the DeleteBucketAnalyticsConfigurationRequest method.
-//	req, resp := client.DeleteBucketAnalyticsConfigurationRequest(params)
-//
-//	err := req.Send()
-//	if err == nil { // resp is now filled
-//	    fmt.Println(resp)
-//	}
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketAnalyticsConfiguration
-func (c *S3) DeleteBucketAnalyticsConfigurationRequest(input *DeleteBucketAnalyticsConfigurationInput) (req *request.Request, output *DeleteBucketAnalyticsConfigurationOutput) {
-	op := &request.Operation{
-		Name:       opDeleteBucketAnalyticsConfiguration,
-		HTTPMethod: "DELETE",
-		HTTPPath:   "/{Bucket}?analytics",
-	}
-
-	if input == nil {
-		input = &DeleteBucketAnalyticsConfigurationInput{}
-	}
-
-	output = &DeleteBucketAnalyticsConfigurationOutput{}
-	req = c.newRequest(op, input, output)
-	req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
-	return
-}
-
-// DeleteBucketAnalyticsConfiguration API operation for Amazon Simple Storage Service.
-//
-// Deletes an analytics configuration for the bucket (specified by the analytics
-// configuration ID).
-//
-// To use this operation, you must have permissions to perform the s3:PutAnalyticsConfiguration
-// action. The bucket owner has this permission by default. The bucket owner
-// can grant this permission to others. For more information about permissions,
-// see Permissions Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
-// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html).
-//
-// For information about the Amazon S3 analytics feature, see Amazon S3 Analytics
-// – Storage Class Analysis (https://docs.aws.amazon.com/AmazonS3/latest/dev/analytics-storage-class.html).
-//
-// The following operations are related to DeleteBucketAnalyticsConfiguration:
-//
-//   - GetBucketAnalyticsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketAnalyticsConfiguration.html)
-//
-//   - ListBucketAnalyticsConfigurations (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketAnalyticsConfigurations.html)
-//
-//   - PutBucketAnalyticsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketAnalyticsConfiguration.html)
-//
-// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
-// with awserr.Error's Code and Message methods to get detailed information about
-// the error.
-//
-// See the AWS API reference guide for Amazon Simple Storage Service's
-// API operation DeleteBucketAnalyticsConfiguration for usage and error information.
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketAnalyticsConfiguration
-func (c *S3) DeleteBucketAnalyticsConfiguration(input *DeleteBucketAnalyticsConfigurationInput) (*DeleteBucketAnalyticsConfigurationOutput, error) {
-	req, out := c.DeleteBucketAnalyticsConfigurationRequest(input)
-	return out, req.Send()
-}
-
-// DeleteBucketAnalyticsConfigurationWithContext is the same as DeleteBucketAnalyticsConfiguration with the addition of
-// the ability to pass a context and additional request options.
-//
-// See DeleteBucketAnalyticsConfiguration for details on how to use this API operation.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-func (c *S3) DeleteBucketAnalyticsConfigurationWithContext(ctx aws.Context, input *DeleteBucketAnalyticsConfigurationInput, opts ...request.Option) (*DeleteBucketAnalyticsConfigurationOutput, error) {
-	req, out := c.DeleteBucketAnalyticsConfigurationRequest(input)
-	req.SetContext(ctx)
-	req.ApplyOptions(opts...)
-	return out, req.Send()
-}
-
-const opDeleteBucketCors = "DeleteBucketCors"
-
-// DeleteBucketCorsRequest generates a "aws/request.Request" representing the
-// client's request for the DeleteBucketCors operation. The "output" return
-// value will be populated with the request's response once the request completes
-// successfully.
-//
-// Use "Send" method on the returned Request to send the API call to the service.
-// the "output" return value is not valid until after Send returns without error.
-//
-// See DeleteBucketCors for more information on using the DeleteBucketCors
-// API call, and error handling.
-//
-// This method is useful when you want to inject custom logic or configuration
-// into the SDK's request lifecycle. Such as custom headers, or retry logic.
-//
-//	// Example sending a request using the DeleteBucketCorsRequest method.
-//	req, resp := client.DeleteBucketCorsRequest(params)
-//
-//	err := req.Send()
-//	if err == nil { // resp is now filled
-//	    fmt.Println(resp)
-//	}
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketCors
-func (c *S3) DeleteBucketCorsRequest(input *DeleteBucketCorsInput) (req *request.Request, output *DeleteBucketCorsOutput) {
-	op := &request.Operation{
-		Name:       opDeleteBucketCors,
-		HTTPMethod: "DELETE",
-		HTTPPath:   "/{Bucket}?cors",
-	}
-
-	if input == nil {
-		input = &DeleteBucketCorsInput{}
-	}
-
-	output = &DeleteBucketCorsOutput{}
-	req = c.newRequest(op, input, output)
-	req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
-	return
-}
-
-// DeleteBucketCors API operation for Amazon Simple Storage Service.
-//
-// Deletes the cors configuration information set for the bucket.
-//
-// To use this operation, you must have permission to perform the s3:PutBucketCORS
-// action. The bucket owner has this permission by default and can grant this
-// permission to others.
-//
-// For information about cors, see Enabling Cross-Origin Resource Sharing (https://docs.aws.amazon.com/AmazonS3/latest/dev/cors.html)
-// in the Amazon S3 User Guide.
-//
-// Related Resources
-//
-//   - PutBucketCors (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketCors.html)
-//
-//   - RESTOPTIONSobject (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTOPTIONSobject.html)
-//
-// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
-// with awserr.Error's Code and Message methods to get detailed information about
-// the error.
-//
-// See the AWS API reference guide for Amazon Simple Storage Service's
-// API operation DeleteBucketCors for usage and error information.
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketCors
-func (c *S3) DeleteBucketCors(input *DeleteBucketCorsInput) (*DeleteBucketCorsOutput, error) {
-	req, out := c.DeleteBucketCorsRequest(input)
-	return out, req.Send()
-}
-
-// DeleteBucketCorsWithContext is the same as DeleteBucketCors with the addition of
-// the ability to pass a context and additional request options.
-//
-// See DeleteBucketCors for details on how to use this API operation.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-func (c *S3) DeleteBucketCorsWithContext(ctx aws.Context, input *DeleteBucketCorsInput, opts ...request.Option) (*DeleteBucketCorsOutput, error) {
-	req, out := c.DeleteBucketCorsRequest(input)
-	req.SetContext(ctx)
-	req.ApplyOptions(opts...)
-	return out, req.Send()
-}
-
-const opDeleteBucketEncryption = "DeleteBucketEncryption"
-
-// DeleteBucketEncryptionRequest generates a "aws/request.Request" representing the
-// client's request for the DeleteBucketEncryption operation. The "output" return
-// value will be populated with the request's response once the request completes
-// successfully.
-//
-// Use "Send" method on the returned Request to send the API call to the service.
-// the "output" return value is not valid until after Send returns without error.
-//
-// See DeleteBucketEncryption for more information on using the DeleteBucketEncryption
-// API call, and error handling.
-//
-// This method is useful when you want to inject custom logic or configuration
-// into the SDK's request lifecycle. Such as custom headers, or retry logic.
-//
-//	// Example sending a request using the DeleteBucketEncryptionRequest method.
-//	req, resp := client.DeleteBucketEncryptionRequest(params)
-//
-//	err := req.Send()
-//	if err == nil { // resp is now filled
-//	    fmt.Println(resp)
-//	}
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketEncryption
-func (c *S3) DeleteBucketEncryptionRequest(input *DeleteBucketEncryptionInput) (req *request.Request, output *DeleteBucketEncryptionOutput) {
-	op := &request.Operation{
-		Name:       opDeleteBucketEncryption,
-		HTTPMethod: "DELETE",
-		HTTPPath:   "/{Bucket}?encryption",
-	}
-
-	if input == nil {
-		input = &DeleteBucketEncryptionInput{}
-	}
-
-	output = &DeleteBucketEncryptionOutput{}
-	req = c.newRequest(op, input, output)
-	req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
-	return
-}
-
-// DeleteBucketEncryption API operation for Amazon Simple Storage Service.
-//
-// This implementation of the DELETE action resets the default encryption for
-// the bucket as server-side encryption with Amazon S3 managed keys (SSE-S3).
-// For information about the bucket default encryption feature, see Amazon S3
-// Bucket Default Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html)
-// in the Amazon S3 User Guide.
-//
-// To use this operation, you must have permissions to perform the s3:PutEncryptionConfiguration
-// action. The bucket owner has this permission by default. The bucket owner
-// can grant this permission to others. For more information about permissions,
-// see Permissions Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
-// and Managing Access Permissions to your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html)
-// in the Amazon S3 User Guide.
-//
-// The following operations are related to DeleteBucketEncryption:
-//
-//   - PutBucketEncryption (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketEncryption.html)
-//
-//   - GetBucketEncryption (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketEncryption.html)
-//
-// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
-// with awserr.Error's Code and Message methods to get detailed information about
-// the error.
-//
-// See the AWS API reference guide for Amazon Simple Storage Service's
-// API operation DeleteBucketEncryption for usage and error information.
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketEncryption
-func (c *S3) DeleteBucketEncryption(input *DeleteBucketEncryptionInput) (*DeleteBucketEncryptionOutput, error) {
-	req, out := c.DeleteBucketEncryptionRequest(input)
-	return out, req.Send()
-}
-
-// DeleteBucketEncryptionWithContext is the same as DeleteBucketEncryption with the addition of
-// the ability to pass a context and additional request options.
-//
-// See DeleteBucketEncryption for details on how to use this API operation.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-func (c *S3) DeleteBucketEncryptionWithContext(ctx aws.Context, input *DeleteBucketEncryptionInput, opts ...request.Option) (*DeleteBucketEncryptionOutput, error) {
-	req, out := c.DeleteBucketEncryptionRequest(input)
-	req.SetContext(ctx)
-	req.ApplyOptions(opts...)
-	return out, req.Send()
-}
-
-const opDeleteBucketIntelligentTieringConfiguration = "DeleteBucketIntelligentTieringConfiguration"
-
-// DeleteBucketIntelligentTieringConfigurationRequest generates a "aws/request.Request" representing the
-// client's request for the DeleteBucketIntelligentTieringConfiguration operation. The "output" return
-// value will be populated with the request's response once the request completes
-// successfully.
-//
-// Use "Send" method on the returned Request to send the API call to the service.
-// the "output" return value is not valid until after Send returns without error.
-//
-// See DeleteBucketIntelligentTieringConfiguration for more information on using the DeleteBucketIntelligentTieringConfiguration
-// API call, and error handling.
-//
-// This method is useful when you want to inject custom logic or configuration
-// into the SDK's request lifecycle. Such as custom headers, or retry logic.
-//
-//	// Example sending a request using the DeleteBucketIntelligentTieringConfigurationRequest method.
-//	req, resp := client.DeleteBucketIntelligentTieringConfigurationRequest(params)
-//
-//	err := req.Send()
-//	if err == nil { // resp is now filled
-//	    fmt.Println(resp)
-//	}
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketIntelligentTieringConfiguration
-func (c *S3) DeleteBucketIntelligentTieringConfigurationRequest(input *DeleteBucketIntelligentTieringConfigurationInput) (req *request.Request, output *DeleteBucketIntelligentTieringConfigurationOutput) {
-	op := &request.Operation{
-		Name:       opDeleteBucketIntelligentTieringConfiguration,
-		HTTPMethod: "DELETE",
-		HTTPPath:   "/{Bucket}?intelligent-tiering",
-	}
-
-	if input == nil {
-		input = &DeleteBucketIntelligentTieringConfigurationInput{}
-	}
-
-	output = &DeleteBucketIntelligentTieringConfigurationOutput{}
-	req = c.newRequest(op, input, output)
-	req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
-	return
-}
-
-// DeleteBucketIntelligentTieringConfiguration API operation for Amazon Simple Storage Service.
-//
-// Deletes the S3 Intelligent-Tiering configuration from the specified bucket.
-//
-// The S3 Intelligent-Tiering storage class is designed to optimize storage
-// costs by automatically moving data to the most cost-effective storage access
-// tier, without performance impact or operational overhead. S3 Intelligent-Tiering
-// delivers automatic cost savings in three low latency and high throughput
-// access tiers. To get the lowest storage cost on data that can be accessed
-// in minutes to hours, you can choose to activate additional archiving capabilities.
-//
-// The S3 Intelligent-Tiering storage class is the ideal storage class for data
-// with unknown, changing, or unpredictable access patterns, independent of
-// object size or retention period. If the size of an object is less than 128
-// KB, it is not monitored and not eligible for auto-tiering. Smaller objects
-// can be stored, but they are always charged at the Frequent Access tier rates
-// in the S3 Intelligent-Tiering storage class.
-//
-// For more information, see Storage class for automatically optimizing frequently
-// and infrequently accessed objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html#sc-dynamic-data-access).
-//
-// Operations related to DeleteBucketIntelligentTieringConfiguration include:
-//
-//   - GetBucketIntelligentTieringConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketIntelligentTieringConfiguration.html)
-//
-//   - PutBucketIntelligentTieringConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketIntelligentTieringConfiguration.html)
-//
-//   - ListBucketIntelligentTieringConfigurations (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketIntelligentTieringConfigurations.html)
-//
-// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
-// with awserr.Error's Code and Message methods to get detailed information about
-// the error.
-//
-// See the AWS API reference guide for Amazon Simple Storage Service's
-// API operation DeleteBucketIntelligentTieringConfiguration for usage and error information.
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketIntelligentTieringConfiguration
-func (c *S3) DeleteBucketIntelligentTieringConfiguration(input *DeleteBucketIntelligentTieringConfigurationInput) (*DeleteBucketIntelligentTieringConfigurationOutput, error) {
-	req, out := c.DeleteBucketIntelligentTieringConfigurationRequest(input)
-	return out, req.Send()
-}
-
-// DeleteBucketIntelligentTieringConfigurationWithContext is the same as DeleteBucketIntelligentTieringConfiguration with the addition of
-// the ability to pass a context and additional request options.
-//
-// See DeleteBucketIntelligentTieringConfiguration for details on how to use this API operation.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-func (c *S3) DeleteBucketIntelligentTieringConfigurationWithContext(ctx aws.Context, input *DeleteBucketIntelligentTieringConfigurationInput, opts ...request.Option) (*DeleteBucketIntelligentTieringConfigurationOutput, error) {
-	req, out := c.DeleteBucketIntelligentTieringConfigurationRequest(input)
-	req.SetContext(ctx)
-	req.ApplyOptions(opts...)
-	return out, req.Send()
-}
-
-const opDeleteBucketInventoryConfiguration = "DeleteBucketInventoryConfiguration"
-
-// DeleteBucketInventoryConfigurationRequest generates a "aws/request.Request" representing the
-// client's request for the DeleteBucketInventoryConfiguration operation. The "output" return
-// value will be populated with the request's response once the request completes
-// successfully.
-//
-// Use "Send" method on the returned Request to send the API call to the service.
-// the "output" return value is not valid until after Send returns without error.
-//
-// See DeleteBucketInventoryConfiguration for more information on using the DeleteBucketInventoryConfiguration
-// API call, and error handling.
-//
-// This method is useful when you want to inject custom logic or configuration
-// into the SDK's request lifecycle. Such as custom headers, or retry logic.
-//
-//	// Example sending a request using the DeleteBucketInventoryConfigurationRequest method.
-//	req, resp := client.DeleteBucketInventoryConfigurationRequest(params)
-//
-//	err := req.Send()
-//	if err == nil { // resp is now filled
-//	    fmt.Println(resp)
-//	}
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketInventoryConfiguration
-func (c *S3) DeleteBucketInventoryConfigurationRequest(input *DeleteBucketInventoryConfigurationInput) (req *request.Request, output *DeleteBucketInventoryConfigurationOutput) {
-	op := &request.Operation{
-		Name:       opDeleteBucketInventoryConfiguration,
-		HTTPMethod: "DELETE",
-		HTTPPath:   "/{Bucket}?inventory",
-	}
-
-	if input == nil {
-		input = &DeleteBucketInventoryConfigurationInput{}
-	}
-
-	output = &DeleteBucketInventoryConfigurationOutput{}
-	req = c.newRequest(op, input, output)
-	req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
-	return
-}
-
-// DeleteBucketInventoryConfiguration API operation for Amazon Simple Storage Service.
-//
-// Deletes an inventory configuration (identified by the inventory ID) from
-// the bucket.
-//
-// To use this operation, you must have permissions to perform the s3:PutInventoryConfiguration
-// action. The bucket owner has this permission by default. The bucket owner
-// can grant this permission to others. For more information about permissions,
-// see Permissions Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
-// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html).
-//
-// For information about the Amazon S3 inventory feature, see Amazon S3 Inventory
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-inventory.html).
-//
-// Operations related to DeleteBucketInventoryConfiguration include:
-//
-//   - GetBucketInventoryConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketInventoryConfiguration.html)
-//
-//   - PutBucketInventoryConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketInventoryConfiguration.html)
-//
-//   - ListBucketInventoryConfigurations (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketInventoryConfigurations.html)
-//
-// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
-// with awserr.Error's Code and Message methods to get detailed information about
-// the error.
-//
-// See the AWS API reference guide for Amazon Simple Storage Service's
-// API operation DeleteBucketInventoryConfiguration for usage and error information.
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketInventoryConfiguration
-func (c *S3) DeleteBucketInventoryConfiguration(input *DeleteBucketInventoryConfigurationInput) (*DeleteBucketInventoryConfigurationOutput, error) {
-	req, out := c.DeleteBucketInventoryConfigurationRequest(input)
-	return out, req.Send()
-}
-
-// DeleteBucketInventoryConfigurationWithContext is the same as DeleteBucketInventoryConfiguration with the addition of
-// the ability to pass a context and additional request options.
-//
-// See DeleteBucketInventoryConfiguration for details on how to use this API operation.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-func (c *S3) DeleteBucketInventoryConfigurationWithContext(ctx aws.Context, input *DeleteBucketInventoryConfigurationInput, opts ...request.Option) (*DeleteBucketInventoryConfigurationOutput, error) {
-	req, out := c.DeleteBucketInventoryConfigurationRequest(input)
-	req.SetContext(ctx)
-	req.ApplyOptions(opts...)
-	return out, req.Send()
-}
-
-const opDeleteBucketLifecycle = "DeleteBucketLifecycle"
-
-// DeleteBucketLifecycleRequest generates a "aws/request.Request" representing the
-// client's request for the DeleteBucketLifecycle operation. The "output" return
-// value will be populated with the request's response once the request completes
-// successfully.
-//
-// Use "Send" method on the returned Request to send the API call to the service.
-// the "output" return value is not valid until after Send returns without error.
-//
-// See DeleteBucketLifecycle for more information on using the DeleteBucketLifecycle
-// API call, and error handling.
-//
-// This method is useful when you want to inject custom logic or configuration
-// into the SDK's request lifecycle. Such as custom headers, or retry logic.
-//
-//	// Example sending a request using the DeleteBucketLifecycleRequest method.
-//	req, resp := client.DeleteBucketLifecycleRequest(params)
-//
-//	err := req.Send()
-//	if err == nil { // resp is now filled
-//	    fmt.Println(resp)
-//	}
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketLifecycle
-func (c *S3) DeleteBucketLifecycleRequest(input *DeleteBucketLifecycleInput) (req *request.Request, output *DeleteBucketLifecycleOutput) {
-	op := &request.Operation{
-		Name:       opDeleteBucketLifecycle,
-		HTTPMethod: "DELETE",
-		HTTPPath:   "/{Bucket}?lifecycle",
-	}
-
-	if input == nil {
-		input = &DeleteBucketLifecycleInput{}
-	}
-
-	output = &DeleteBucketLifecycleOutput{}
-	req = c.newRequest(op, input, output)
-	req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
-	return
-}
-
-// DeleteBucketLifecycle API operation for Amazon Simple Storage Service.
-//
-// Deletes the lifecycle configuration from the specified bucket. Amazon S3
-// removes all the lifecycle configuration rules in the lifecycle subresource
-// associated with the bucket. Your objects never expire, and Amazon S3 no longer
-// automatically deletes any objects on the basis of rules contained in the
-// deleted lifecycle configuration.
-//
-// To use this operation, you must have permission to perform the s3:PutLifecycleConfiguration
-// action. By default, the bucket owner has this permission and the bucket owner
-// can grant this permission to others.
-//
-// There is usually some time lag before lifecycle configuration deletion is
-// fully propagated to all the Amazon S3 systems.
-//
-// For more information about the object expiration, see Elements to Describe
-// Lifecycle Actions (https://docs.aws.amazon.com/AmazonS3/latest/dev/intro-lifecycle-rules.html#intro-lifecycle-rules-actions).
-//
-// Related actions include:
-//
-//   - PutBucketLifecycleConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycleConfiguration.html)
-//
-//   - GetBucketLifecycleConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketLifecycleConfiguration.html)
-//
-// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
-// with awserr.Error's Code and Message methods to get detailed information about
-// the error.
-//
-// See the AWS API reference guide for Amazon Simple Storage Service's
-// API operation DeleteBucketLifecycle for usage and error information.
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketLifecycle
-func (c *S3) DeleteBucketLifecycle(input *DeleteBucketLifecycleInput) (*DeleteBucketLifecycleOutput, error) {
-	req, out := c.DeleteBucketLifecycleRequest(input)
-	return out, req.Send()
-}
-
-// DeleteBucketLifecycleWithContext is the same as DeleteBucketLifecycle with the addition of
-// the ability to pass a context and additional request options.
-//
-// See DeleteBucketLifecycle for details on how to use this API operation.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-func (c *S3) DeleteBucketLifecycleWithContext(ctx aws.Context, input *DeleteBucketLifecycleInput, opts ...request.Option) (*DeleteBucketLifecycleOutput, error) {
-	req, out := c.DeleteBucketLifecycleRequest(input)
-	req.SetContext(ctx)
-	req.ApplyOptions(opts...)
-	return out, req.Send()
-}
-
-const opDeleteBucketMetricsConfiguration = "DeleteBucketMetricsConfiguration"
-
-// DeleteBucketMetricsConfigurationRequest generates a "aws/request.Request" representing the
-// client's request for the DeleteBucketMetricsConfiguration operation. The "output" return
-// value will be populated with the request's response once the request completes
-// successfully.
-//
-// Use "Send" method on the returned Request to send the API call to the service.
-// the "output" return value is not valid until after Send returns without error.
-//
-// See DeleteBucketMetricsConfiguration for more information on using the DeleteBucketMetricsConfiguration
-// API call, and error handling.
-//
-// This method is useful when you want to inject custom logic or configuration
-// into the SDK's request lifecycle. Such as custom headers, or retry logic.
-//
-//	// Example sending a request using the DeleteBucketMetricsConfigurationRequest method.
-//	req, resp := client.DeleteBucketMetricsConfigurationRequest(params)
-//
-//	err := req.Send()
-//	if err == nil { // resp is now filled
-//	    fmt.Println(resp)
-//	}
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketMetricsConfiguration
-func (c *S3) DeleteBucketMetricsConfigurationRequest(input *DeleteBucketMetricsConfigurationInput) (req *request.Request, output *DeleteBucketMetricsConfigurationOutput) {
-	op := &request.Operation{
-		Name:       opDeleteBucketMetricsConfiguration,
-		HTTPMethod: "DELETE",
-		HTTPPath:   "/{Bucket}?metrics",
-	}
-
-	if input == nil {
-		input = &DeleteBucketMetricsConfigurationInput{}
-	}
-
-	output = &DeleteBucketMetricsConfigurationOutput{}
-	req = c.newRequest(op, input, output)
-	req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
-	return
-}
-
-// DeleteBucketMetricsConfiguration API operation for Amazon Simple Storage Service.
-//
-// Deletes a metrics configuration for the Amazon CloudWatch request metrics
-// (specified by the metrics configuration ID) from the bucket. Note that this
-// doesn't include the daily storage metrics.
-//
-// To use this operation, you must have permissions to perform the s3:PutMetricsConfiguration
-// action. The bucket owner has this permission by default. The bucket owner
-// can grant this permission to others. For more information about permissions,
-// see Permissions Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
-// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html).
-//
-// For information about CloudWatch request metrics for Amazon S3, see Monitoring
-// Metrics with Amazon CloudWatch (https://docs.aws.amazon.com/AmazonS3/latest/dev/cloudwatch-monitoring.html).
-//
-// The following operations are related to DeleteBucketMetricsConfiguration:
-//
-//   - GetBucketMetricsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketMetricsConfiguration.html)
-//
-//   - PutBucketMetricsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketMetricsConfiguration.html)
-//
-//   - ListBucketMetricsConfigurations (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketMetricsConfigurations.html)
-//
-//   - Monitoring Metrics with Amazon CloudWatch (https://docs.aws.amazon.com/AmazonS3/latest/dev/cloudwatch-monitoring.html)
-//
-// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
-// with awserr.Error's Code and Message methods to get detailed information about
-// the error.
-//
-// See the AWS API reference guide for Amazon Simple Storage Service's
-// API operation DeleteBucketMetricsConfiguration for usage and error information.
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketMetricsConfiguration
-func (c *S3) DeleteBucketMetricsConfiguration(input *DeleteBucketMetricsConfigurationInput) (*DeleteBucketMetricsConfigurationOutput, error) {
-	req, out := c.DeleteBucketMetricsConfigurationRequest(input)
-	return out, req.Send()
-}
-
-// DeleteBucketMetricsConfigurationWithContext is the same as DeleteBucketMetricsConfiguration with the addition of
-// the ability to pass a context and additional request options.
-//
-// See DeleteBucketMetricsConfiguration for details on how to use this API operation.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-func (c *S3) DeleteBucketMetricsConfigurationWithContext(ctx aws.Context, input *DeleteBucketMetricsConfigurationInput, opts ...request.Option) (*DeleteBucketMetricsConfigurationOutput, error) {
-	req, out := c.DeleteBucketMetricsConfigurationRequest(input)
-	req.SetContext(ctx)
-	req.ApplyOptions(opts...)
-	return out, req.Send()
-}
-
-const opDeleteBucketOwnershipControls = "DeleteBucketOwnershipControls"
-
-// DeleteBucketOwnershipControlsRequest generates a "aws/request.Request" representing the
-// client's request for the DeleteBucketOwnershipControls operation. The "output" return
-// value will be populated with the request's response once the request completes
-// successfully.
-//
-// Use "Send" method on the returned Request to send the API call to the service.
-// the "output" return value is not valid until after Send returns without error.
-//
-// See DeleteBucketOwnershipControls for more information on using the DeleteBucketOwnershipControls
-// API call, and error handling.
-//
-// This method is useful when you want to inject custom logic or configuration
-// into the SDK's request lifecycle. Such as custom headers, or retry logic.
-//
-//	// Example sending a request using the DeleteBucketOwnershipControlsRequest method.
-//	req, resp := client.DeleteBucketOwnershipControlsRequest(params)
-//
-//	err := req.Send()
-//	if err == nil { // resp is now filled
-//	    fmt.Println(resp)
-//	}
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketOwnershipControls
-func (c *S3) DeleteBucketOwnershipControlsRequest(input *DeleteBucketOwnershipControlsInput) (req *request.Request, output *DeleteBucketOwnershipControlsOutput) {
-	op := &request.Operation{
-		Name:       opDeleteBucketOwnershipControls,
-		HTTPMethod: "DELETE",
-		HTTPPath:   "/{Bucket}?ownershipControls",
-	}
-
-	if input == nil {
-		input = &DeleteBucketOwnershipControlsInput{}
-	}
-
-	output = &DeleteBucketOwnershipControlsOutput{}
-	req = c.newRequest(op, input, output)
-	req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
-	return
-}
-
-// DeleteBucketOwnershipControls API operation for Amazon Simple Storage Service.
-//
-// Removes OwnershipControls for an Amazon S3 bucket. To use this operation,
-// you must have the s3:PutBucketOwnershipControls permission. For more information
-// about Amazon S3 permissions, see Specifying Permissions in a Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html).
-//
-// For information about Amazon S3 Object Ownership, see Using Object Ownership
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/about-object-ownership.html).
-//
-// The following operations are related to DeleteBucketOwnershipControls:
-//
-//   - GetBucketOwnershipControls
-//
-//   - PutBucketOwnershipControls
-//
-// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
-// with awserr.Error's Code and Message methods to get detailed information about
-// the error.
-//
-// See the AWS API reference guide for Amazon Simple Storage Service's
-// API operation DeleteBucketOwnershipControls for usage and error information.
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketOwnershipControls
-func (c *S3) DeleteBucketOwnershipControls(input *DeleteBucketOwnershipControlsInput) (*DeleteBucketOwnershipControlsOutput, error) {
-	req, out := c.DeleteBucketOwnershipControlsRequest(input)
-	return out, req.Send()
-}
-
-// DeleteBucketOwnershipControlsWithContext is the same as DeleteBucketOwnershipControls with the addition of
-// the ability to pass a context and additional request options.
-//
-// See DeleteBucketOwnershipControls for details on how to use this API operation.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-func (c *S3) DeleteBucketOwnershipControlsWithContext(ctx aws.Context, input *DeleteBucketOwnershipControlsInput, opts ...request.Option) (*DeleteBucketOwnershipControlsOutput, error) {
-	req, out := c.DeleteBucketOwnershipControlsRequest(input)
-	req.SetContext(ctx)
-	req.ApplyOptions(opts...)
-	return out, req.Send()
-}
-
-const opDeleteBucketPolicy = "DeleteBucketPolicy"
-
-// DeleteBucketPolicyRequest generates a "aws/request.Request" representing the
-// client's request for the DeleteBucketPolicy operation. The "output" return
-// value will be populated with the request's response once the request completes
-// successfully.
-//
-// Use "Send" method on the returned Request to send the API call to the service.
-// the "output" return value is not valid until after Send returns without error.
-//
-// See DeleteBucketPolicy for more information on using the DeleteBucketPolicy
-// API call, and error handling.
-//
-// This method is useful when you want to inject custom logic or configuration
-// into the SDK's request lifecycle. Such as custom headers, or retry logic.
-//
-//	// Example sending a request using the DeleteBucketPolicyRequest method.
-//	req, resp := client.DeleteBucketPolicyRequest(params)
-//
-//	err := req.Send()
-//	if err == nil { // resp is now filled
-//	    fmt.Println(resp)
-//	}
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketPolicy
-func (c *S3) DeleteBucketPolicyRequest(input *DeleteBucketPolicyInput) (req *request.Request, output *DeleteBucketPolicyOutput) {
-	op := &request.Operation{
-		Name:       opDeleteBucketPolicy,
-		HTTPMethod: "DELETE",
-		HTTPPath:   "/{Bucket}?policy",
-	}
-
-	if input == nil {
-		input = &DeleteBucketPolicyInput{}
-	}
-
-	output = &DeleteBucketPolicyOutput{}
-	req = c.newRequest(op, input, output)
-	req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
-	return
-}
-
-// DeleteBucketPolicy API operation for Amazon Simple Storage Service.
-//
-// This implementation of the DELETE action uses the policy subresource to delete
-// the policy of a specified bucket. If you are using an identity other than
-// the root user of the Amazon Web Services account that owns the bucket, the
-// calling identity must have the DeleteBucketPolicy permissions on the specified
-// bucket and belong to the bucket owner's account to use this operation.
-//
-// If you don't have DeleteBucketPolicy permissions, Amazon S3 returns a 403
-// Access Denied error. If you have the correct permissions, but you're not
-// using an identity that belongs to the bucket owner's account, Amazon S3 returns
-// a 405 Method Not Allowed error.
-//
-// To ensure that bucket owners don't inadvertently lock themselves out of their
-// own buckets, the root principal in a bucket owner's Amazon Web Services account
-// can perform the GetBucketPolicy, PutBucketPolicy, and DeleteBucketPolicy
-// API actions, even if their bucket policy explicitly denies the root principal's
-// access. Bucket owner root principals can only be blocked from performing
-// these API actions by VPC endpoint policies and Amazon Web Services Organizations
-// policies.
-//
-// For more information about bucket policies, see Using Bucket Policies and
-// UserPolicies (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-iam-policies.html).
-//
-// The following operations are related to DeleteBucketPolicy
-//
-//   - CreateBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html)
-//
-//   - DeleteObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObject.html)
-//
-// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
-// with awserr.Error's Code and Message methods to get detailed information about
-// the error.
-//
-// See the AWS API reference guide for Amazon Simple Storage Service's
-// API operation DeleteBucketPolicy for usage and error information.
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketPolicy
-func (c *S3) DeleteBucketPolicy(input *DeleteBucketPolicyInput) (*DeleteBucketPolicyOutput, error) {
-	req, out := c.DeleteBucketPolicyRequest(input)
-	return out, req.Send()
-}
-
-// DeleteBucketPolicyWithContext is the same as DeleteBucketPolicy with the addition of
-// the ability to pass a context and additional request options.
-//
-// See DeleteBucketPolicy for details on how to use this API operation.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-func (c *S3) DeleteBucketPolicyWithContext(ctx aws.Context, input *DeleteBucketPolicyInput, opts ...request.Option) (*DeleteBucketPolicyOutput, error) {
-	req, out := c.DeleteBucketPolicyRequest(input)
-	req.SetContext(ctx)
-	req.ApplyOptions(opts...)
-	return out, req.Send()
-}
-
-const opDeleteBucketReplication = "DeleteBucketReplication"
-
-// DeleteBucketReplicationRequest generates a "aws/request.Request" representing the
-// client's request for the DeleteBucketReplication operation. The "output" return
-// value will be populated with the request's response once the request completes
-// successfully.
-//
-// Use "Send" method on the returned Request to send the API call to the service.
-// the "output" return value is not valid until after Send returns without error.
-//
-// See DeleteBucketReplication for more information on using the DeleteBucketReplication
-// API call, and error handling.
-//
-// This method is useful when you want to inject custom logic or configuration
-// into the SDK's request lifecycle. Such as custom headers, or retry logic.
-//
-//	// Example sending a request using the DeleteBucketReplicationRequest method.
-//	req, resp := client.DeleteBucketReplicationRequest(params)
-//
-//	err := req.Send()
-//	if err == nil { // resp is now filled
-//	    fmt.Println(resp)
-//	}
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketReplication
-func (c *S3) DeleteBucketReplicationRequest(input *DeleteBucketReplicationInput) (req *request.Request, output *DeleteBucketReplicationOutput) {
-	op := &request.Operation{
-		Name:       opDeleteBucketReplication,
-		HTTPMethod: "DELETE",
-		HTTPPath:   "/{Bucket}?replication",
-	}
-
-	if input == nil {
-		input = &DeleteBucketReplicationInput{}
-	}
-
-	output = &DeleteBucketReplicationOutput{}
-	req = c.newRequest(op, input, output)
-	req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
-	return
-}
-
-// DeleteBucketReplication API operation for Amazon Simple Storage Service.
-//
-// Deletes the replication configuration from the bucket.
-//
-// To use this operation, you must have permissions to perform the s3:PutReplicationConfiguration
-// action. The bucket owner has these permissions by default and can grant it
-// to others. For more information about permissions, see Permissions Related
-// to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
-// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html).
-//
-// It can take a while for the deletion of a replication configuration to fully
-// propagate.
-//
-// For information about replication configuration, see Replication (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication.html)
-// in the Amazon S3 User Guide.
-//
-// The following operations are related to DeleteBucketReplication:
-//
-//   - PutBucketReplication (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketReplication.html)
-//
-//   - GetBucketReplication (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketReplication.html)
-//
-// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
-// with awserr.Error's Code and Message methods to get detailed information about
-// the error.
-//
-// See the AWS API reference guide for Amazon Simple Storage Service's
-// API operation DeleteBucketReplication for usage and error information.
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketReplication
-func (c *S3) DeleteBucketReplication(input *DeleteBucketReplicationInput) (*DeleteBucketReplicationOutput, error) {
-	req, out := c.DeleteBucketReplicationRequest(input)
-	return out, req.Send()
-}
-
-// DeleteBucketReplicationWithContext is the same as DeleteBucketReplication with the addition of
-// the ability to pass a context and additional request options.
-//
-// See DeleteBucketReplication for details on how to use this API operation.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-func (c *S3) DeleteBucketReplicationWithContext(ctx aws.Context, input *DeleteBucketReplicationInput, opts ...request.Option) (*DeleteBucketReplicationOutput, error) {
-	req, out := c.DeleteBucketReplicationRequest(input)
-	req.SetContext(ctx)
-	req.ApplyOptions(opts...)
-	return out, req.Send()
-}
-
-const opDeleteBucketTagging = "DeleteBucketTagging"
-
-// DeleteBucketTaggingRequest generates a "aws/request.Request" representing the
-// client's request for the DeleteBucketTagging operation. The "output" return
-// value will be populated with the request's response once the request completes
-// successfully.
-//
-// Use "Send" method on the returned Request to send the API call to the service.
-// the "output" return value is not valid until after Send returns without error.
-//
-// See DeleteBucketTagging for more information on using the DeleteBucketTagging
-// API call, and error handling.
-//
-// This method is useful when you want to inject custom logic or configuration
-// into the SDK's request lifecycle. Such as custom headers, or retry logic.
-//
-//	// Example sending a request using the DeleteBucketTaggingRequest method.
-//	req, resp := client.DeleteBucketTaggingRequest(params)
-//
-//	err := req.Send()
-//	if err == nil { // resp is now filled
-//	    fmt.Println(resp)
-//	}
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketTagging
-func (c *S3) DeleteBucketTaggingRequest(input *DeleteBucketTaggingInput) (req *request.Request, output *DeleteBucketTaggingOutput) {
-	op := &request.Operation{
-		Name:       opDeleteBucketTagging,
-		HTTPMethod: "DELETE",
-		HTTPPath:   "/{Bucket}?tagging",
-	}
-
-	if input == nil {
-		input = &DeleteBucketTaggingInput{}
-	}
-
-	output = &DeleteBucketTaggingOutput{}
-	req = c.newRequest(op, input, output)
-	req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
-	return
-}
-
-// DeleteBucketTagging API operation for Amazon Simple Storage Service.
-//
-// Deletes the tags from the bucket.
-//
-// To use this operation, you must have permission to perform the s3:PutBucketTagging
-// action. By default, the bucket owner has this permission and can grant this
-// permission to others.
-//
-// The following operations are related to DeleteBucketTagging:
-//
-//   - GetBucketTagging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketTagging.html)
-//
-//   - PutBucketTagging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketTagging.html)
-//
-// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
-// with awserr.Error's Code and Message methods to get detailed information about
-// the error.
-//
-// See the AWS API reference guide for Amazon Simple Storage Service's
-// API operation DeleteBucketTagging for usage and error information.
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketTagging
-func (c *S3) DeleteBucketTagging(input *DeleteBucketTaggingInput) (*DeleteBucketTaggingOutput, error) {
-	req, out := c.DeleteBucketTaggingRequest(input)
-	return out, req.Send()
-}
-
-// DeleteBucketTaggingWithContext is the same as DeleteBucketTagging with the addition of
-// the ability to pass a context and additional request options.
-//
-// See DeleteBucketTagging for details on how to use this API operation.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-func (c *S3) DeleteBucketTaggingWithContext(ctx aws.Context, input *DeleteBucketTaggingInput, opts ...request.Option) (*DeleteBucketTaggingOutput, error) {
-	req, out := c.DeleteBucketTaggingRequest(input)
-	req.SetContext(ctx)
-	req.ApplyOptions(opts...)
-	return out, req.Send()
-}
-
-const opDeleteBucketWebsite = "DeleteBucketWebsite"
-
-// DeleteBucketWebsiteRequest generates a "aws/request.Request" representing the
-// client's request for the DeleteBucketWebsite operation. The "output" return
-// value will be populated with the request's response once the request completes
-// successfully.
-//
-// Use "Send" method on the returned Request to send the API call to the service.
-// the "output" return value is not valid until after Send returns without error.
-//
-// See DeleteBucketWebsite for more information on using the DeleteBucketWebsite
-// API call, and error handling.
-//
-// This method is useful when you want to inject custom logic or configuration
-// into the SDK's request lifecycle. Such as custom headers, or retry logic.
-//
-//	// Example sending a request using the DeleteBucketWebsiteRequest method.
-//	req, resp := client.DeleteBucketWebsiteRequest(params)
-//
-//	err := req.Send()
-//	if err == nil { // resp is now filled
-//	    fmt.Println(resp)
-//	}
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketWebsite
-func (c *S3) DeleteBucketWebsiteRequest(input *DeleteBucketWebsiteInput) (req *request.Request, output *DeleteBucketWebsiteOutput) {
-	op := &request.Operation{
-		Name:       opDeleteBucketWebsite,
-		HTTPMethod: "DELETE",
-		HTTPPath:   "/{Bucket}?website",
-	}
-
-	if input == nil {
-		input = &DeleteBucketWebsiteInput{}
-	}
-
-	output = &DeleteBucketWebsiteOutput{}
-	req = c.newRequest(op, input, output)
-	req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
-	return
-}
-
-// DeleteBucketWebsite API operation for Amazon Simple Storage Service.
-//
-// This action removes the website configuration for a bucket. Amazon S3 returns
-// a 200 OK response upon successfully deleting a website configuration on the
-// specified bucket. You will get a 200 OK response if the website configuration
-// you are trying to delete does not exist on the bucket. Amazon S3 returns
-// a 404 response if the bucket specified in the request does not exist.
-//
-// This DELETE action requires the S3:DeleteBucketWebsite permission. By default,
-// only the bucket owner can delete the website configuration attached to a
-// bucket. However, bucket owners can grant other users permission to delete
-// the website configuration by writing a bucket policy granting them the S3:DeleteBucketWebsite
-// permission.
-//
-// For more information about hosting websites, see Hosting Websites on Amazon
-// S3 (https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteHosting.html).
-//
-// The following operations are related to DeleteBucketWebsite:
-//
-//   - GetBucketWebsite (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketWebsite.html)
-//
-//   - PutBucketWebsite (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketWebsite.html)
-//
-// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
-// with awserr.Error's Code and Message methods to get detailed information about
-// the error.
-//
-// See the AWS API reference guide for Amazon Simple Storage Service's
-// API operation DeleteBucketWebsite for usage and error information.
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketWebsite
-func (c *S3) DeleteBucketWebsite(input *DeleteBucketWebsiteInput) (*DeleteBucketWebsiteOutput, error) {
-	req, out := c.DeleteBucketWebsiteRequest(input)
-	return out, req.Send()
-}
-
-// DeleteBucketWebsiteWithContext is the same as DeleteBucketWebsite with the addition of
-// the ability to pass a context and additional request options.
-//
-// See DeleteBucketWebsite for details on how to use this API operation.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-func (c *S3) DeleteBucketWebsiteWithContext(ctx aws.Context, input *DeleteBucketWebsiteInput, opts ...request.Option) (*DeleteBucketWebsiteOutput, error) {
-	req, out := c.DeleteBucketWebsiteRequest(input)
-	req.SetContext(ctx)
-	req.ApplyOptions(opts...)
-	return out, req.Send()
-}
-
-const opDeleteObject = "DeleteObject"
-
-// DeleteObjectRequest generates a "aws/request.Request" representing the
-// client's request for the DeleteObject operation. The "output" return
-// value will be populated with the request's response once the request completes
-// successfully.
-//
-// Use "Send" method on the returned Request to send the API call to the service.
-// the "output" return value is not valid until after Send returns without error.
-//
-// See DeleteObject for more information on using the DeleteObject
-// API call, and error handling.
-//
-// This method is useful when you want to inject custom logic or configuration
-// into the SDK's request lifecycle. Such as custom headers, or retry logic.
-//
-//	// Example sending a request using the DeleteObjectRequest method.
-//	req, resp := client.DeleteObjectRequest(params)
-//
-//	err := req.Send()
-//	if err == nil { // resp is now filled
-//	    fmt.Println(resp)
-//	}
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteObject
-func (c *S3) DeleteObjectRequest(input *DeleteObjectInput) (req *request.Request, output *DeleteObjectOutput) {
-	op := &request.Operation{
-		Name:       opDeleteObject,
-		HTTPMethod: "DELETE",
-		HTTPPath:   "/{Bucket}/{Key+}",
-	}
-
-	if input == nil {
-		input = &DeleteObjectInput{}
-	}
-
-	output = &DeleteObjectOutput{}
-	req = c.newRequest(op, input, output)
-	return
-}
-
-// DeleteObject API operation for Amazon Simple Storage Service.
-//
-// Removes the null version (if there is one) of an object and inserts a delete
-// marker, which becomes the latest version of the object. If there isn't a
-// null version, Amazon S3 does not remove any objects but will still respond
-// that the command was successful.
-//
-// To remove a specific version, you must use the version Id subresource. Using
-// this subresource permanently deletes the version. If the object deleted is
-// a delete marker, Amazon S3 sets the response header, x-amz-delete-marker,
-// to true.
-//
-// If the object you want to delete is in a bucket where the bucket versioning
-// configuration is MFA Delete enabled, you must include the x-amz-mfa request
-// header in the DELETE versionId request. Requests that include x-amz-mfa must
-// use HTTPS.
-//
-// For more information about MFA Delete, see Using MFA Delete (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMFADelete.html).
-// To see sample requests that use versioning, see Sample Request (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTObjectDELETE.html#ExampleVersionObjectDelete).
-//
-// You can delete objects by explicitly calling DELETE Object or configure its
-// lifecycle (PutBucketLifecycle (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycle.html))
-// to enable Amazon S3 to remove them for you. If you want to block users or
-// accounts from removing or deleting objects from your bucket, you must deny
-// them the s3:DeleteObject, s3:DeleteObjectVersion, and s3:PutLifeCycleConfiguration
-// actions.
-//
-// The following action is related to DeleteObject:
-//
-//   - PutObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html)
-//
-// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
-// with awserr.Error's Code and Message methods to get detailed information about
-// the error.
-//
-// See the AWS API reference guide for Amazon Simple Storage Service's
-// API operation DeleteObject for usage and error information.
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteObject
-func (c *S3) DeleteObject(input *DeleteObjectInput) (*DeleteObjectOutput, error) {
-	req, out := c.DeleteObjectRequest(input)
-	return out, req.Send()
-}
-
-// DeleteObjectWithContext is the same as DeleteObject with the addition of
-// the ability to pass a context and additional request options.
-//
-// See DeleteObject for details on how to use this API operation.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-func (c *S3) DeleteObjectWithContext(ctx aws.Context, input *DeleteObjectInput, opts ...request.Option) (*DeleteObjectOutput, error) {
-	req, out := c.DeleteObjectRequest(input)
-	req.SetContext(ctx)
-	req.ApplyOptions(opts...)
-	return out, req.Send()
-}
-
-const opDeleteObjectTagging = "DeleteObjectTagging"
-
-// DeleteObjectTaggingRequest generates a "aws/request.Request" representing the
-// client's request for the DeleteObjectTagging operation. The "output" return
-// value will be populated with the request's response once the request completes
-// successfully.
-//
-// Use "Send" method on the returned Request to send the API call to the service.
-// the "output" return value is not valid until after Send returns without error.
-//
-// See DeleteObjectTagging for more information on using the DeleteObjectTagging
-// API call, and error handling.
-//
-// This method is useful when you want to inject custom logic or configuration
-// into the SDK's request lifecycle. Such as custom headers, or retry logic.
-//
-//	// Example sending a request using the DeleteObjectTaggingRequest method.
-//	req, resp := client.DeleteObjectTaggingRequest(params)
-//
-//	err := req.Send()
-//	if err == nil { // resp is now filled
-//	    fmt.Println(resp)
-//	}
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteObjectTagging
-func (c *S3) DeleteObjectTaggingRequest(input *DeleteObjectTaggingInput) (req *request.Request, output *DeleteObjectTaggingOutput) {
-	op := &request.Operation{
-		Name:       opDeleteObjectTagging,
-		HTTPMethod: "DELETE",
-		HTTPPath:   "/{Bucket}/{Key+}?tagging",
-	}
-
-	if input == nil {
-		input = &DeleteObjectTaggingInput{}
-	}
-
-	output = &DeleteObjectTaggingOutput{}
-	req = c.newRequest(op, input, output)
-	return
-}
-
-// DeleteObjectTagging API operation for Amazon Simple Storage Service.
-//
-// Removes the entire tag set from the specified object. For more information
-// about managing object tags, see Object Tagging (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-tagging.html).
-//
-// To use this operation, you must have permission to perform the s3:DeleteObjectTagging
-// action.
-//
-// To delete tags of a specific object version, add the versionId query parameter
-// in the request. You will need permission for the s3:DeleteObjectVersionTagging
-// action.
-//
-// The following operations are related to DeleteObjectTagging:
-//
-//   - PutObjectTagging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObjectTagging.html)
-//
-//   - GetObjectTagging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectTagging.html)
-//
-// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
-// with awserr.Error's Code and Message methods to get detailed information about
-// the error.
-//
-// See the AWS API reference guide for Amazon Simple Storage Service's
-// API operation DeleteObjectTagging for usage and error information.
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteObjectTagging
-func (c *S3) DeleteObjectTagging(input *DeleteObjectTaggingInput) (*DeleteObjectTaggingOutput, error) {
-	req, out := c.DeleteObjectTaggingRequest(input)
-	return out, req.Send()
-}
-
-// DeleteObjectTaggingWithContext is the same as DeleteObjectTagging with the addition of
-// the ability to pass a context and additional request options.
-//
-// See DeleteObjectTagging for details on how to use this API operation.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-func (c *S3) DeleteObjectTaggingWithContext(ctx aws.Context, input *DeleteObjectTaggingInput, opts ...request.Option) (*DeleteObjectTaggingOutput, error) {
-	req, out := c.DeleteObjectTaggingRequest(input)
-	req.SetContext(ctx)
-	req.ApplyOptions(opts...)
-	return out, req.Send()
-}
-
-const opDeleteObjects = "DeleteObjects"
-
-// DeleteObjectsRequest generates a "aws/request.Request" representing the
-// client's request for the DeleteObjects operation. The "output" return
-// value will be populated with the request's response once the request completes
-// successfully.
-//
-// Use "Send" method on the returned Request to send the API call to the service.
-// the "output" return value is not valid until after Send returns without error.
-//
-// See DeleteObjects for more information on using the DeleteObjects
-// API call, and error handling.
-//
-// This method is useful when you want to inject custom logic or configuration
-// into the SDK's request lifecycle. Such as custom headers, or retry logic.
-//
-//	// Example sending a request using the DeleteObjectsRequest method.
-//	req, resp := client.DeleteObjectsRequest(params)
-//
-//	err := req.Send()
-//	if err == nil { // resp is now filled
-//	    fmt.Println(resp)
-//	}
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteObjects
-func (c *S3) DeleteObjectsRequest(input *DeleteObjectsInput) (req *request.Request, output *DeleteObjectsOutput) {
-	op := &request.Operation{
-		Name:       opDeleteObjects,
-		HTTPMethod: "POST",
-		HTTPPath:   "/{Bucket}?delete",
-	}
-
-	if input == nil {
-		input = &DeleteObjectsInput{}
-	}
-
-	output = &DeleteObjectsOutput{}
-	req = c.newRequest(op, input, output)
-	req.Handlers.Build.PushBackNamed(request.NamedHandler{
-		Name: "contentMd5Handler",
-		Fn:   checksum.AddBodyContentMD5Handler,
-	})
-	return
-}
-
-// DeleteObjects API operation for Amazon Simple Storage Service.
-//
-// This action enables you to delete multiple objects from a bucket using a
-// single HTTP request. If you know the object keys that you want to delete,
-// then this action provides a suitable alternative to sending individual delete
-// requests, reducing per-request overhead.
-//
-// The request contains a list of up to 1000 keys that you want to delete. In
-// the XML, you provide the object key names, and optionally, version IDs if
-// you want to delete a specific version of the object from a versioning-enabled
-// bucket. For each key, Amazon S3 performs a delete action and returns the
-// result of that delete, success, or failure, in the response. Note that if
-// the object specified in the request is not found, Amazon S3 returns the result
-// as deleted.
-//
-// The action supports two modes for the response: verbose and quiet. By default,
-// the action uses verbose mode in which the response includes the result of
-// deletion of each key in your request. In quiet mode the response includes
-// only keys where the delete action encountered an error. For a successful
-// deletion, the action does not return any information about the delete in
-// the response body.
-//
-// When performing this action on an MFA Delete enabled bucket, that attempts
-// to delete any versioned objects, you must include an MFA token. If you do
-// not provide one, the entire request will fail, even if there are non-versioned
-// objects you are trying to delete. If you provide an invalid token, whether
-// there are versioned keys in the request or not, the entire Multi-Object Delete
-// request will fail. For information about MFA Delete, see MFA Delete (https://docs.aws.amazon.com/AmazonS3/latest/dev/Versioning.html#MultiFactorAuthenticationDelete).
-//
-// Finally, the Content-MD5 header is required for all Multi-Object Delete requests.
-// Amazon S3 uses the header value to ensure that your request body has not
-// been altered in transit.
-//
-// The following operations are related to DeleteObjects:
-//
-//   - CreateMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html)
-//
-//   - UploadPart (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html)
-//
-//   - CompleteMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CompleteMultipartUpload.html)
-//
-//   - ListParts (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListParts.html)
-//
-//   - AbortMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_AbortMultipartUpload.html)
-//
-// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
-// with awserr.Error's Code and Message methods to get detailed information about
-// the error.
-//
-// See the AWS API reference guide for Amazon Simple Storage Service's
-// API operation DeleteObjects for usage and error information.
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteObjects
-func (c *S3) DeleteObjects(input *DeleteObjectsInput) (*DeleteObjectsOutput, error) {
-	req, out := c.DeleteObjectsRequest(input)
-	return out, req.Send()
-}
-
-// DeleteObjectsWithContext is the same as DeleteObjects with the addition of
-// the ability to pass a context and additional request options.
-//
-// See DeleteObjects for details on how to use this API operation.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-func (c *S3) DeleteObjectsWithContext(ctx aws.Context, input *DeleteObjectsInput, opts ...request.Option) (*DeleteObjectsOutput, error) {
-	req, out := c.DeleteObjectsRequest(input)
-	req.SetContext(ctx)
-	req.ApplyOptions(opts...)
-	return out, req.Send()
-}
-
-const opDeletePublicAccessBlock = "DeletePublicAccessBlock"
-
-// DeletePublicAccessBlockRequest generates a "aws/request.Request" representing the
-// client's request for the DeletePublicAccessBlock operation. The "output" return
-// value will be populated with the request's response once the request completes
-// successfully.
-//
-// Use "Send" method on the returned Request to send the API call to the service.
-// the "output" return value is not valid until after Send returns without error.
-//
-// See DeletePublicAccessBlock for more information on using the DeletePublicAccessBlock
-// API call, and error handling.
-//
-// This method is useful when you want to inject custom logic or configuration
-// into the SDK's request lifecycle. Such as custom headers, or retry logic.
-//
-//	// Example sending a request using the DeletePublicAccessBlockRequest method.
-//	req, resp := client.DeletePublicAccessBlockRequest(params)
-//
-//	err := req.Send()
-//	if err == nil { // resp is now filled
-//	    fmt.Println(resp)
-//	}
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeletePublicAccessBlock
-func (c *S3) DeletePublicAccessBlockRequest(input *DeletePublicAccessBlockInput) (req *request.Request, output *DeletePublicAccessBlockOutput) {
-	op := &request.Operation{
-		Name:       opDeletePublicAccessBlock,
-		HTTPMethod: "DELETE",
-		HTTPPath:   "/{Bucket}?publicAccessBlock",
-	}
-
-	if input == nil {
-		input = &DeletePublicAccessBlockInput{}
-	}
-
-	output = &DeletePublicAccessBlockOutput{}
-	req = c.newRequest(op, input, output)
-	req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
-	return
-}
-
-// DeletePublicAccessBlock API operation for Amazon Simple Storage Service.
-//
-// Removes the PublicAccessBlock configuration for an Amazon S3 bucket. To use
-// this operation, you must have the s3:PutBucketPublicAccessBlock permission.
-// For more information about permissions, see Permissions Related to Bucket
-// Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
-// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html).
-//
-// The following operations are related to DeletePublicAccessBlock:
-//
-//   - Using Amazon S3 Block Public Access (https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html)
-//
-//   - GetPublicAccessBlock (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetPublicAccessBlock.html)
-//
-//   - PutPublicAccessBlock (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutPublicAccessBlock.html)
-//
-//   - GetBucketPolicyStatus (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketPolicyStatus.html)
-//
-// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
-// with awserr.Error's Code and Message methods to get detailed information about
-// the error.
-//
-// See the AWS API reference guide for Amazon Simple Storage Service's
-// API operation DeletePublicAccessBlock for usage and error information.
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeletePublicAccessBlock
-func (c *S3) DeletePublicAccessBlock(input *DeletePublicAccessBlockInput) (*DeletePublicAccessBlockOutput, error) {
-	req, out := c.DeletePublicAccessBlockRequest(input)
-	return out, req.Send()
-}
-
-// DeletePublicAccessBlockWithContext is the same as DeletePublicAccessBlock with the addition of
-// the ability to pass a context and additional request options.
-//
-// See DeletePublicAccessBlock for details on how to use this API operation.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-func (c *S3) DeletePublicAccessBlockWithContext(ctx aws.Context, input *DeletePublicAccessBlockInput, opts ...request.Option) (*DeletePublicAccessBlockOutput, error) {
-	req, out := c.DeletePublicAccessBlockRequest(input)
-	req.SetContext(ctx)
-	req.ApplyOptions(opts...)
-	return out, req.Send()
-}
-
-const opGetBucketAccelerateConfiguration = "GetBucketAccelerateConfiguration"
-
-// GetBucketAccelerateConfigurationRequest generates a "aws/request.Request" representing the
-// client's request for the GetBucketAccelerateConfiguration operation. The "output" return
-// value will be populated with the request's response once the request completes
-// successfully.
-//
-// Use "Send" method on the returned Request to send the API call to the service.
-// the "output" return value is not valid until after Send returns without error.
-//
-// See GetBucketAccelerateConfiguration for more information on using the GetBucketAccelerateConfiguration
-// API call, and error handling.
-//
-// This method is useful when you want to inject custom logic or configuration
-// into the SDK's request lifecycle. Such as custom headers, or retry logic.
-//
-//	// Example sending a request using the GetBucketAccelerateConfigurationRequest method.
-//	req, resp := client.GetBucketAccelerateConfigurationRequest(params)
-//
-//	err := req.Send()
-//	if err == nil { // resp is now filled
-//	    fmt.Println(resp)
-//	}
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketAccelerateConfiguration
-func (c *S3) GetBucketAccelerateConfigurationRequest(input *GetBucketAccelerateConfigurationInput) (req *request.Request, output *GetBucketAccelerateConfigurationOutput) {
-	op := &request.Operation{
-		Name:       opGetBucketAccelerateConfiguration,
-		HTTPMethod: "GET",
-		HTTPPath:   "/{Bucket}?accelerate",
-	}
-
-	if input == nil {
-		input = &GetBucketAccelerateConfigurationInput{}
-	}
-
-	output = &GetBucketAccelerateConfigurationOutput{}
-	req = c.newRequest(op, input, output)
-	return
-}
-
-// GetBucketAccelerateConfiguration API operation for Amazon Simple Storage Service.
-//
-// This implementation of the GET action uses the accelerate subresource to
-// return the Transfer Acceleration state of a bucket, which is either Enabled
-// or Suspended. Amazon S3 Transfer Acceleration is a bucket-level feature that
-// enables you to perform faster data transfers to and from Amazon S3.
-//
-// To use this operation, you must have permission to perform the s3:GetAccelerateConfiguration
-// action. The bucket owner has this permission by default. The bucket owner
-// can grant this permission to others. For more information about permissions,
-// see Permissions Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
-// and Managing Access Permissions to your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html)
-// in the Amazon S3 User Guide.
-//
-// You set the Transfer Acceleration state of an existing bucket to Enabled
-// or Suspended by using the PutBucketAccelerateConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketAccelerateConfiguration.html)
-// operation.
-//
-// A GET accelerate request does not return a state value for a bucket that
-// has no transfer acceleration state. A bucket has no Transfer Acceleration
-// state if a state has never been set on the bucket.
-//
-// For more information about transfer acceleration, see Transfer Acceleration
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/transfer-acceleration.html)
-// in the Amazon S3 User Guide.
-//
-// The following operations are related to GetBucketAccelerateConfiguration:
-//
-//   - PutBucketAccelerateConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketAccelerateConfiguration.html)
-//
-// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
-// with awserr.Error's Code and Message methods to get detailed information about
-// the error.
-//
-// See the AWS API reference guide for Amazon Simple Storage Service's
-// API operation GetBucketAccelerateConfiguration for usage and error information.
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketAccelerateConfiguration
-func (c *S3) GetBucketAccelerateConfiguration(input *GetBucketAccelerateConfigurationInput) (*GetBucketAccelerateConfigurationOutput, error) {
-	req, out := c.GetBucketAccelerateConfigurationRequest(input)
-	return out, req.Send()
-}
-
-// GetBucketAccelerateConfigurationWithContext is the same as GetBucketAccelerateConfiguration with the addition of
-// the ability to pass a context and additional request options.
-//
-// See GetBucketAccelerateConfiguration for details on how to use this API operation.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-func (c *S3) GetBucketAccelerateConfigurationWithContext(ctx aws.Context, input *GetBucketAccelerateConfigurationInput, opts ...request.Option) (*GetBucketAccelerateConfigurationOutput, error) {
-	req, out := c.GetBucketAccelerateConfigurationRequest(input)
-	req.SetContext(ctx)
-	req.ApplyOptions(opts...)
-	return out, req.Send()
-}
-
-const opGetBucketAcl = "GetBucketAcl"
-
-// GetBucketAclRequest generates a "aws/request.Request" representing the
-// client's request for the GetBucketAcl operation. The "output" return
-// value will be populated with the request's response once the request completes
-// successfully.
-//
-// Use "Send" method on the returned Request to send the API call to the service.
-// the "output" return value is not valid until after Send returns without error.
-//
-// See GetBucketAcl for more information on using the GetBucketAcl
-// API call, and error handling.
-//
-// This method is useful when you want to inject custom logic or configuration
-// into the SDK's request lifecycle. Such as custom headers, or retry logic.
-//
-//	// Example sending a request using the GetBucketAclRequest method.
-//	req, resp := client.GetBucketAclRequest(params)
-//
-//	err := req.Send()
-//	if err == nil { // resp is now filled
-//	    fmt.Println(resp)
-//	}
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketAcl
-func (c *S3) GetBucketAclRequest(input *GetBucketAclInput) (req *request.Request, output *GetBucketAclOutput) {
-	op := &request.Operation{
-		Name:       opGetBucketAcl,
-		HTTPMethod: "GET",
-		HTTPPath:   "/{Bucket}?acl",
-	}
-
-	if input == nil {
-		input = &GetBucketAclInput{}
-	}
-
-	output = &GetBucketAclOutput{}
-	req = c.newRequest(op, input, output)
-	return
-}
-
-// GetBucketAcl API operation for Amazon Simple Storage Service.
-//
-// This implementation of the GET action uses the acl subresource to return
-// the access control list (ACL) of a bucket. To use GET to return the ACL of
-// the bucket, you must have READ_ACP access to the bucket. If READ_ACP permission
-// is granted to the anonymous user, you can return the ACL of the bucket without
-// using an authorization header.
-//
-// To use this API operation against an access point, provide the alias of the
-// access point in place of the bucket name.
-//
-// To use this API operation against an Object Lambda access point, provide
-// the alias of the Object Lambda access point in place of the bucket name.
-// If the Object Lambda access point alias in a request is not valid, the error
-// code InvalidAccessPointAliasError is returned. For more information about
-// InvalidAccessPointAliasError, see List of Error Codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList).
-//
-// If your bucket uses the bucket owner enforced setting for S3 Object Ownership,
-// requests to read ACLs are still supported and return the bucket-owner-full-control
-// ACL with the owner being the account that created the bucket. For more information,
-// see Controlling object ownership and disabling ACLs (https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html)
-// in the Amazon S3 User Guide.
-//
-// The following operations are related to GetBucketAcl:
-//
-//   - ListObjects (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListObjects.html)
-//
-// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
-// with awserr.Error's Code and Message methods to get detailed information about
-// the error.
-//
-// See the AWS API reference guide for Amazon Simple Storage Service's
-// API operation GetBucketAcl for usage and error information.
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketAcl
-func (c *S3) GetBucketAcl(input *GetBucketAclInput) (*GetBucketAclOutput, error) {
-	req, out := c.GetBucketAclRequest(input)
-	return out, req.Send()
-}
-
-// GetBucketAclWithContext is the same as GetBucketAcl with the addition of
-// the ability to pass a context and additional request options.
-//
-// See GetBucketAcl for details on how to use this API operation.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-func (c *S3) GetBucketAclWithContext(ctx aws.Context, input *GetBucketAclInput, opts ...request.Option) (*GetBucketAclOutput, error) {
-	req, out := c.GetBucketAclRequest(input)
-	req.SetContext(ctx)
-	req.ApplyOptions(opts...)
-	return out, req.Send()
-}
-
-const opGetBucketAnalyticsConfiguration = "GetBucketAnalyticsConfiguration"
-
-// GetBucketAnalyticsConfigurationRequest generates a "aws/request.Request" representing the
-// client's request for the GetBucketAnalyticsConfiguration operation. The "output" return
-// value will be populated with the request's response once the request completes
-// successfully.
-//
-// Use "Send" method on the returned Request to send the API call to the service.
-// the "output" return value is not valid until after Send returns without error.
-//
-// See GetBucketAnalyticsConfiguration for more information on using the GetBucketAnalyticsConfiguration
-// API call, and error handling.
-//
-// This method is useful when you want to inject custom logic or configuration
-// into the SDK's request lifecycle. Such as custom headers, or retry logic.
-//
-//	// Example sending a request using the GetBucketAnalyticsConfigurationRequest method.
-//	req, resp := client.GetBucketAnalyticsConfigurationRequest(params)
-//
-//	err := req.Send()
-//	if err == nil { // resp is now filled
-//	    fmt.Println(resp)
-//	}
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketAnalyticsConfiguration
-func (c *S3) GetBucketAnalyticsConfigurationRequest(input *GetBucketAnalyticsConfigurationInput) (req *request.Request, output *GetBucketAnalyticsConfigurationOutput) {
-	op := &request.Operation{
-		Name:       opGetBucketAnalyticsConfiguration,
-		HTTPMethod: "GET",
-		HTTPPath:   "/{Bucket}?analytics",
-	}
-
-	if input == nil {
-		input = &GetBucketAnalyticsConfigurationInput{}
-	}
-
-	output = &GetBucketAnalyticsConfigurationOutput{}
-	req = c.newRequest(op, input, output)
-	return
-}
-
-// GetBucketAnalyticsConfiguration API operation for Amazon Simple Storage Service.
-//
-// This implementation of the GET action returns an analytics configuration
-// (identified by the analytics configuration ID) from the bucket.
-//
-// To use this operation, you must have permissions to perform the s3:GetAnalyticsConfiguration
-// action. The bucket owner has this permission by default. The bucket owner
-// can grant this permission to others. For more information about permissions,
-// see Permissions Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
-// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html)
-// in the Amazon S3 User Guide.
-//
-// For information about Amazon S3 analytics feature, see Amazon S3 Analytics
-// – Storage Class Analysis (https://docs.aws.amazon.com/AmazonS3/latest/dev/analytics-storage-class.html)
-// in the Amazon S3 User Guide.
-//
-// The following operations are related to GetBucketAnalyticsConfiguration:
-//
-//   - DeleteBucketAnalyticsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketAnalyticsConfiguration.html)
-//
-//   - ListBucketAnalyticsConfigurations (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketAnalyticsConfigurations.html)
-//
-//   - PutBucketAnalyticsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketAnalyticsConfiguration.html)
-//
-// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
-// with awserr.Error's Code and Message methods to get detailed information about
-// the error.
-//
-// See the AWS API reference guide for Amazon Simple Storage Service's
-// API operation GetBucketAnalyticsConfiguration for usage and error information.
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketAnalyticsConfiguration
-func (c *S3) GetBucketAnalyticsConfiguration(input *GetBucketAnalyticsConfigurationInput) (*GetBucketAnalyticsConfigurationOutput, error) {
-	req, out := c.GetBucketAnalyticsConfigurationRequest(input)
-	return out, req.Send()
-}
-
-// GetBucketAnalyticsConfigurationWithContext is the same as GetBucketAnalyticsConfiguration with the addition of
-// the ability to pass a context and additional request options.
-//
-// See GetBucketAnalyticsConfiguration for details on how to use this API operation.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-func (c *S3) GetBucketAnalyticsConfigurationWithContext(ctx aws.Context, input *GetBucketAnalyticsConfigurationInput, opts ...request.Option) (*GetBucketAnalyticsConfigurationOutput, error) {
-	req, out := c.GetBucketAnalyticsConfigurationRequest(input)
-	req.SetContext(ctx)
-	req.ApplyOptions(opts...)
-	return out, req.Send()
-}
-
-const opGetBucketCors = "GetBucketCors"
-
-// GetBucketCorsRequest generates a "aws/request.Request" representing the
-// client's request for the GetBucketCors operation. The "output" return
-// value will be populated with the request's response once the request completes
-// successfully.
-//
-// Use "Send" method on the returned Request to send the API call to the service.
-// the "output" return value is not valid until after Send returns without error.
-//
-// See GetBucketCors for more information on using the GetBucketCors
-// API call, and error handling.
-//
-// This method is useful when you want to inject custom logic or configuration
-// into the SDK's request lifecycle. Such as custom headers, or retry logic.
-//
-//	// Example sending a request using the GetBucketCorsRequest method.
-//	req, resp := client.GetBucketCorsRequest(params)
-//
-//	err := req.Send()
-//	if err == nil { // resp is now filled
-//	    fmt.Println(resp)
-//	}
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketCors
-func (c *S3) GetBucketCorsRequest(input *GetBucketCorsInput) (req *request.Request, output *GetBucketCorsOutput) {
-	op := &request.Operation{
-		Name:       opGetBucketCors,
-		HTTPMethod: "GET",
-		HTTPPath:   "/{Bucket}?cors",
-	}
-
-	if input == nil {
-		input = &GetBucketCorsInput{}
-	}
-
-	output = &GetBucketCorsOutput{}
-	req = c.newRequest(op, input, output)
-	return
-}
-
-// GetBucketCors API operation for Amazon Simple Storage Service.
-//
-// Returns the Cross-Origin Resource Sharing (CORS) configuration information
-// set for the bucket.
-//
-// To use this operation, you must have permission to perform the s3:GetBucketCORS
-// action. By default, the bucket owner has this permission and can grant it
-// to others.
-//
-// To use this API operation against an access point, provide the alias of the
-// access point in place of the bucket name.
-//
-// To use this API operation against an Object Lambda access point, provide
-// the alias of the Object Lambda access point in place of the bucket name.
-// If the Object Lambda access point alias in a request is not valid, the error
-// code InvalidAccessPointAliasError is returned. For more information about
-// InvalidAccessPointAliasError, see List of Error Codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList).
-//
-// For more information about CORS, see Enabling Cross-Origin Resource Sharing
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/cors.html).
-//
-// The following operations are related to GetBucketCors:
-//
-//   - PutBucketCors (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketCors.html)
-//
-//   - DeleteBucketCors (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketCors.html)
-//
-// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
-// with awserr.Error's Code and Message methods to get detailed information about
-// the error.
-//
-// See the AWS API reference guide for Amazon Simple Storage Service's
-// API operation GetBucketCors for usage and error information.
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketCors
-func (c *S3) GetBucketCors(input *GetBucketCorsInput) (*GetBucketCorsOutput, error) {
-	req, out := c.GetBucketCorsRequest(input)
-	return out, req.Send()
-}
-
-// GetBucketCorsWithContext is the same as GetBucketCors with the addition of
-// the ability to pass a context and additional request options.
-//
-// See GetBucketCors for details on how to use this API operation.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-func (c *S3) GetBucketCorsWithContext(ctx aws.Context, input *GetBucketCorsInput, opts ...request.Option) (*GetBucketCorsOutput, error) {
-	req, out := c.GetBucketCorsRequest(input)
-	req.SetContext(ctx)
-	req.ApplyOptions(opts...)
-	return out, req.Send()
-}
-
-const opGetBucketEncryption = "GetBucketEncryption"
-
-// GetBucketEncryptionRequest generates a "aws/request.Request" representing the
-// client's request for the GetBucketEncryption operation. The "output" return
-// value will be populated with the request's response once the request completes
-// successfully.
-//
-// Use "Send" method on the returned Request to send the API call to the service.
-// the "output" return value is not valid until after Send returns without error.
-//
-// See GetBucketEncryption for more information on using the GetBucketEncryption
-// API call, and error handling.
-//
-// This method is useful when you want to inject custom logic or configuration
-// into the SDK's request lifecycle. Such as custom headers, or retry logic.
-//
-//	// Example sending a request using the GetBucketEncryptionRequest method.
-//	req, resp := client.GetBucketEncryptionRequest(params)
-//
-//	err := req.Send()
-//	if err == nil { // resp is now filled
-//	    fmt.Println(resp)
-//	}
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketEncryption
-func (c *S3) GetBucketEncryptionRequest(input *GetBucketEncryptionInput) (req *request.Request, output *GetBucketEncryptionOutput) {
-	op := &request.Operation{
-		Name:       opGetBucketEncryption,
-		HTTPMethod: "GET",
-		HTTPPath:   "/{Bucket}?encryption",
-	}
-
-	if input == nil {
-		input = &GetBucketEncryptionInput{}
-	}
-
-	output = &GetBucketEncryptionOutput{}
-	req = c.newRequest(op, input, output)
-	return
-}
-
-// GetBucketEncryption API operation for Amazon Simple Storage Service.
-//
-// Returns the default encryption configuration for an Amazon S3 bucket. By
-// default, all buckets have a default encryption configuration that uses server-side
-// encryption with Amazon S3 managed keys (SSE-S3). For information about the
-// bucket default encryption feature, see Amazon S3 Bucket Default Encryption
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html)
-// in the Amazon S3 User Guide.
-//
-// To use this operation, you must have permission to perform the s3:GetEncryptionConfiguration
-// action. The bucket owner has this permission by default. The bucket owner
-// can grant this permission to others. For more information about permissions,
-// see Permissions Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
-// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html).
-//
-// The following operations are related to GetBucketEncryption:
-//
-//   - PutBucketEncryption (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketEncryption.html)
-//
-//   - DeleteBucketEncryption (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketEncryption.html)
-//
-// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
-// with awserr.Error's Code and Message methods to get detailed information about
-// the error.
-//
-// See the AWS API reference guide for Amazon Simple Storage Service's
-// API operation GetBucketEncryption for usage and error information.
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketEncryption
-func (c *S3) GetBucketEncryption(input *GetBucketEncryptionInput) (*GetBucketEncryptionOutput, error) {
-	req, out := c.GetBucketEncryptionRequest(input)
-	return out, req.Send()
-}
-
-// GetBucketEncryptionWithContext is the same as GetBucketEncryption with the addition of
-// the ability to pass a context and additional request options.
-//
-// See GetBucketEncryption for details on how to use this API operation.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-func (c *S3) GetBucketEncryptionWithContext(ctx aws.Context, input *GetBucketEncryptionInput, opts ...request.Option) (*GetBucketEncryptionOutput, error) {
-	req, out := c.GetBucketEncryptionRequest(input)
-	req.SetContext(ctx)
-	req.ApplyOptions(opts...)
-	return out, req.Send()
-}
-
-const opGetBucketIntelligentTieringConfiguration = "GetBucketIntelligentTieringConfiguration"
-
-// GetBucketIntelligentTieringConfigurationRequest generates a "aws/request.Request" representing the
-// client's request for the GetBucketIntelligentTieringConfiguration operation. The "output" return
-// value will be populated with the request's response once the request completes
-// successfully.
-//
-// Use "Send" method on the returned Request to send the API call to the service.
-// the "output" return value is not valid until after Send returns without error.
-//
-// See GetBucketIntelligentTieringConfiguration for more information on using the GetBucketIntelligentTieringConfiguration
-// API call, and error handling.
-//
-// This method is useful when you want to inject custom logic or configuration
-// into the SDK's request lifecycle. Such as custom headers, or retry logic.
-//
-//	// Example sending a request using the GetBucketIntelligentTieringConfigurationRequest method.
-//	req, resp := client.GetBucketIntelligentTieringConfigurationRequest(params)
-//
-//	err := req.Send()
-//	if err == nil { // resp is now filled
-//	    fmt.Println(resp)
-//	}
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketIntelligentTieringConfiguration
-func (c *S3) GetBucketIntelligentTieringConfigurationRequest(input *GetBucketIntelligentTieringConfigurationInput) (req *request.Request, output *GetBucketIntelligentTieringConfigurationOutput) {
-	op := &request.Operation{
-		Name:       opGetBucketIntelligentTieringConfiguration,
-		HTTPMethod: "GET",
-		HTTPPath:   "/{Bucket}?intelligent-tiering",
-	}
-
-	if input == nil {
-		input = &GetBucketIntelligentTieringConfigurationInput{}
-	}
-
-	output = &GetBucketIntelligentTieringConfigurationOutput{}
-	req = c.newRequest(op, input, output)
-	return
-}
-
-// GetBucketIntelligentTieringConfiguration API operation for Amazon Simple Storage Service.
-//
-// Gets the S3 Intelligent-Tiering configuration from the specified bucket.
-//
-// The S3 Intelligent-Tiering storage class is designed to optimize storage
-// costs by automatically moving data to the most cost-effective storage access
-// tier, without performance impact or operational overhead. S3 Intelligent-Tiering
-// delivers automatic cost savings in three low latency and high throughput
-// access tiers. To get the lowest storage cost on data that can be accessed
-// in minutes to hours, you can choose to activate additional archiving capabilities.
-//
-// The S3 Intelligent-Tiering storage class is the ideal storage class for data
-// with unknown, changing, or unpredictable access patterns, independent of
-// object size or retention period. If the size of an object is less than 128
-// KB, it is not monitored and not eligible for auto-tiering. Smaller objects
-// can be stored, but they are always charged at the Frequent Access tier rates
-// in the S3 Intelligent-Tiering storage class.
-//
-// For more information, see Storage class for automatically optimizing frequently
-// and infrequently accessed objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html#sc-dynamic-data-access).
-//
-// Operations related to GetBucketIntelligentTieringConfiguration include:
-//
-//   - DeleteBucketIntelligentTieringConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketIntelligentTieringConfiguration.html)
-//
-//   - PutBucketIntelligentTieringConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketIntelligentTieringConfiguration.html)
-//
-//   - ListBucketIntelligentTieringConfigurations (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketIntelligentTieringConfigurations.html)
-//
-// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
-// with awserr.Error's Code and Message methods to get detailed information about
-// the error.
-//
-// See the AWS API reference guide for Amazon Simple Storage Service's
-// API operation GetBucketIntelligentTieringConfiguration for usage and error information.
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketIntelligentTieringConfiguration
-func (c *S3) GetBucketIntelligentTieringConfiguration(input *GetBucketIntelligentTieringConfigurationInput) (*GetBucketIntelligentTieringConfigurationOutput, error) {
-	req, out := c.GetBucketIntelligentTieringConfigurationRequest(input)
-	return out, req.Send()
-}
-
-// GetBucketIntelligentTieringConfigurationWithContext is the same as GetBucketIntelligentTieringConfiguration with the addition of
-// the ability to pass a context and additional request options.
-//
-// See GetBucketIntelligentTieringConfiguration for details on how to use this API operation.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-func (c *S3) GetBucketIntelligentTieringConfigurationWithContext(ctx aws.Context, input *GetBucketIntelligentTieringConfigurationInput, opts ...request.Option) (*GetBucketIntelligentTieringConfigurationOutput, error) {
-	req, out := c.GetBucketIntelligentTieringConfigurationRequest(input)
-	req.SetContext(ctx)
-	req.ApplyOptions(opts...)
-	return out, req.Send()
-}
-
-const opGetBucketInventoryConfiguration = "GetBucketInventoryConfiguration"
-
-// GetBucketInventoryConfigurationRequest generates a "aws/request.Request" representing the
-// client's request for the GetBucketInventoryConfiguration operation. The "output" return
-// value will be populated with the request's response once the request completes
-// successfully.
-//
-// Use "Send" method on the returned Request to send the API call to the service.
-// the "output" return value is not valid until after Send returns without error.
-//
-// See GetBucketInventoryConfiguration for more information on using the GetBucketInventoryConfiguration
-// API call, and error handling.
-//
-// This method is useful when you want to inject custom logic or configuration
-// into the SDK's request lifecycle. Such as custom headers, or retry logic.
-//
-//	// Example sending a request using the GetBucketInventoryConfigurationRequest method.
-//	req, resp := client.GetBucketInventoryConfigurationRequest(params)
-//
-//	err := req.Send()
-//	if err == nil { // resp is now filled
-//	    fmt.Println(resp)
-//	}
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketInventoryConfiguration
-func (c *S3) GetBucketInventoryConfigurationRequest(input *GetBucketInventoryConfigurationInput) (req *request.Request, output *GetBucketInventoryConfigurationOutput) {
-	op := &request.Operation{
-		Name:       opGetBucketInventoryConfiguration,
-		HTTPMethod: "GET",
-		HTTPPath:   "/{Bucket}?inventory",
-	}
-
-	if input == nil {
-		input = &GetBucketInventoryConfigurationInput{}
-	}
-
-	output = &GetBucketInventoryConfigurationOutput{}
-	req = c.newRequest(op, input, output)
-	return
-}
-
-// GetBucketInventoryConfiguration API operation for Amazon Simple Storage Service.
-//
-// Returns an inventory configuration (identified by the inventory configuration
-// ID) from the bucket.
-//
-// To use this operation, you must have permissions to perform the s3:GetInventoryConfiguration
-// action. The bucket owner has this permission by default and can grant this
-// permission to others. For more information about permissions, see Permissions
-// Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
-// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html).
-//
-// For information about the Amazon S3 inventory feature, see Amazon S3 Inventory
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-inventory.html).
-//
-// The following operations are related to GetBucketInventoryConfiguration:
-//
-//   - DeleteBucketInventoryConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketInventoryConfiguration.html)
-//
-//   - ListBucketInventoryConfigurations (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketInventoryConfigurations.html)
-//
-//   - PutBucketInventoryConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketInventoryConfiguration.html)
-//
-// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
-// with awserr.Error's Code and Message methods to get detailed information about
-// the error.
-//
-// See the AWS API reference guide for Amazon Simple Storage Service's
-// API operation GetBucketInventoryConfiguration for usage and error information.
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketInventoryConfiguration
-func (c *S3) GetBucketInventoryConfiguration(input *GetBucketInventoryConfigurationInput) (*GetBucketInventoryConfigurationOutput, error) {
-	req, out := c.GetBucketInventoryConfigurationRequest(input)
-	return out, req.Send()
-}
-
-// GetBucketInventoryConfigurationWithContext is the same as GetBucketInventoryConfiguration with the addition of
-// the ability to pass a context and additional request options.
-//
-// See GetBucketInventoryConfiguration for details on how to use this API operation.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-func (c *S3) GetBucketInventoryConfigurationWithContext(ctx aws.Context, input *GetBucketInventoryConfigurationInput, opts ...request.Option) (*GetBucketInventoryConfigurationOutput, error) {
-	req, out := c.GetBucketInventoryConfigurationRequest(input)
-	req.SetContext(ctx)
-	req.ApplyOptions(opts...)
-	return out, req.Send()
-}
-
-const opGetBucketLifecycle = "GetBucketLifecycle"
-
-// GetBucketLifecycleRequest generates a "aws/request.Request" representing the
-// client's request for the GetBucketLifecycle operation. The "output" return
-// value will be populated with the request's response once the request completes
-// successfully.
-//
-// Use "Send" method on the returned Request to send the API call to the service.
-// the "output" return value is not valid until after Send returns without error.
-//
-// See GetBucketLifecycle for more information on using the GetBucketLifecycle
-// API call, and error handling.
-//
-// This method is useful when you want to inject custom logic or configuration
-// into the SDK's request lifecycle. Such as custom headers, or retry logic.
-//
-//	// Example sending a request using the GetBucketLifecycleRequest method.
-//	req, resp := client.GetBucketLifecycleRequest(params)
-//
-//	err := req.Send()
-//	if err == nil { // resp is now filled
-//	    fmt.Println(resp)
-//	}
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketLifecycle
-//
-// Deprecated: GetBucketLifecycle has been deprecated
-func (c *S3) GetBucketLifecycleRequest(input *GetBucketLifecycleInput) (req *request.Request, output *GetBucketLifecycleOutput) {
-	if c.Client.Config.Logger != nil {
-		c.Client.Config.Logger.Log("This operation, GetBucketLifecycle, has been deprecated")
-	}
-	op := &request.Operation{
-		Name:       opGetBucketLifecycle,
-		HTTPMethod: "GET",
-		HTTPPath:   "/{Bucket}?lifecycle",
-	}
-
-	if input == nil {
-		input = &GetBucketLifecycleInput{}
-	}
-
-	output = &GetBucketLifecycleOutput{}
-	req = c.newRequest(op, input, output)
-	return
-}
-
-// GetBucketLifecycle API operation for Amazon Simple Storage Service.
-//
-// For an updated version of this API, see GetBucketLifecycleConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketLifecycleConfiguration.html).
-// If you configured a bucket lifecycle using the filter element, you should
-// see the updated version of this topic. This topic is provided for backward
-// compatibility.
-//
-// Returns the lifecycle configuration information set on the bucket. For information
-// about lifecycle configuration, see Object Lifecycle Management (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html).
-//
-// To use this operation, you must have permission to perform the s3:GetLifecycleConfiguration
-// action. The bucket owner has this permission by default. The bucket owner
-// can grant this permission to others. For more information about permissions,
-// see Permissions Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
-// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html).
-//
-// GetBucketLifecycle has the following special error:
-//
-//   - Error code: NoSuchLifecycleConfiguration Description: The lifecycle
-//     configuration does not exist. HTTP Status Code: 404 Not Found SOAP Fault
-//     Code Prefix: Client
-//
-// The following operations are related to GetBucketLifecycle:
-//
-//   - GetBucketLifecycleConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketLifecycleConfiguration.html)
-//
-//   - PutBucketLifecycle (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycle.html)
-//
-//   - DeleteBucketLifecycle (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketLifecycle.html)
-//
-// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
-// with awserr.Error's Code and Message methods to get detailed information about
-// the error.
-//
-// See the AWS API reference guide for Amazon Simple Storage Service's
-// API operation GetBucketLifecycle for usage and error information.
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketLifecycle
-//
-// Deprecated: GetBucketLifecycle has been deprecated
-func (c *S3) GetBucketLifecycle(input *GetBucketLifecycleInput) (*GetBucketLifecycleOutput, error) {
-	req, out := c.GetBucketLifecycleRequest(input)
-	return out, req.Send()
-}
-
-// GetBucketLifecycleWithContext is the same as GetBucketLifecycle with the addition of
-// the ability to pass a context and additional request options.
-//
-// See GetBucketLifecycle for details on how to use this API operation.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-//
-// Deprecated: GetBucketLifecycleWithContext has been deprecated
-func (c *S3) GetBucketLifecycleWithContext(ctx aws.Context, input *GetBucketLifecycleInput, opts ...request.Option) (*GetBucketLifecycleOutput, error) {
-	req, out := c.GetBucketLifecycleRequest(input)
-	req.SetContext(ctx)
-	req.ApplyOptions(opts...)
-	return out, req.Send()
-}
-
-const opGetBucketLifecycleConfiguration = "GetBucketLifecycleConfiguration"
-
-// GetBucketLifecycleConfigurationRequest generates a "aws/request.Request" representing the
-// client's request for the GetBucketLifecycleConfiguration operation. The "output" return
-// value will be populated with the request's response once the request completes
-// successfully.
-//
-// Use "Send" method on the returned Request to send the API call to the service.
-// the "output" return value is not valid until after Send returns without error.
-//
-// See GetBucketLifecycleConfiguration for more information on using the GetBucketLifecycleConfiguration
-// API call, and error handling.
-//
-// This method is useful when you want to inject custom logic or configuration
-// into the SDK's request lifecycle. Such as custom headers, or retry logic.
-//
-//	// Example sending a request using the GetBucketLifecycleConfigurationRequest method.
-//	req, resp := client.GetBucketLifecycleConfigurationRequest(params)
-//
-//	err := req.Send()
-//	if err == nil { // resp is now filled
-//	    fmt.Println(resp)
-//	}
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketLifecycleConfiguration
-func (c *S3) GetBucketLifecycleConfigurationRequest(input *GetBucketLifecycleConfigurationInput) (req *request.Request, output *GetBucketLifecycleConfigurationOutput) {
-	op := &request.Operation{
-		Name:       opGetBucketLifecycleConfiguration,
-		HTTPMethod: "GET",
-		HTTPPath:   "/{Bucket}?lifecycle",
-	}
-
-	if input == nil {
-		input = &GetBucketLifecycleConfigurationInput{}
-	}
-
-	output = &GetBucketLifecycleConfigurationOutput{}
-	req = c.newRequest(op, input, output)
-	return
-}
-
-// GetBucketLifecycleConfiguration API operation for Amazon Simple Storage Service.
-//
-// Bucket lifecycle configuration now supports specifying a lifecycle rule using
-// an object key name prefix, one or more object tags, or a combination of both.
-// Accordingly, this section describes the latest API. The response describes
-// the new filter element that you can use to specify a filter to select a subset
-// of objects to which the rule applies. If you are using a previous version
-// of the lifecycle configuration, it still works. For the earlier action, see
-// GetBucketLifecycle (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketLifecycle.html).
-//
-// Returns the lifecycle configuration information set on the bucket. For information
-// about lifecycle configuration, see Object Lifecycle Management (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html).
-//
-// To use this operation, you must have permission to perform the s3:GetLifecycleConfiguration
-// action. The bucket owner has this permission, by default. The bucket owner
-// can grant this permission to others. For more information about permissions,
-// see Permissions Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
-// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html).
-//
-// GetBucketLifecycleConfiguration has the following special error:
-//
-//   - Error code: NoSuchLifecycleConfiguration Description: The lifecycle
-//     configuration does not exist. HTTP Status Code: 404 Not Found SOAP Fault
-//     Code Prefix: Client
-//
-// The following operations are related to GetBucketLifecycleConfiguration:
-//
-//   - GetBucketLifecycle (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketLifecycle.html)
-//
-//   - PutBucketLifecycle (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycle.html)
-//
-//   - DeleteBucketLifecycle (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketLifecycle.html)
-//
-// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
-// with awserr.Error's Code and Message methods to get detailed information about
-// the error.
-//
-// See the AWS API reference guide for Amazon Simple Storage Service's
-// API operation GetBucketLifecycleConfiguration for usage and error information.
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketLifecycleConfiguration
-func (c *S3) GetBucketLifecycleConfiguration(input *GetBucketLifecycleConfigurationInput) (*GetBucketLifecycleConfigurationOutput, error) {
-	req, out := c.GetBucketLifecycleConfigurationRequest(input)
-	return out, req.Send()
-}
-
-// GetBucketLifecycleConfigurationWithContext is the same as GetBucketLifecycleConfiguration with the addition of
-// the ability to pass a context and additional request options.
-//
-// See GetBucketLifecycleConfiguration for details on how to use this API operation.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-func (c *S3) GetBucketLifecycleConfigurationWithContext(ctx aws.Context, input *GetBucketLifecycleConfigurationInput, opts ...request.Option) (*GetBucketLifecycleConfigurationOutput, error) {
-	req, out := c.GetBucketLifecycleConfigurationRequest(input)
-	req.SetContext(ctx)
-	req.ApplyOptions(opts...)
-	return out, req.Send()
-}
-
-const opGetBucketLocation = "GetBucketLocation"
-
-// GetBucketLocationRequest generates a "aws/request.Request" representing the
-// client's request for the GetBucketLocation operation. The "output" return
-// value will be populated with the request's response once the request completes
-// successfully.
-//
-// Use "Send" method on the returned Request to send the API call to the service.
-// the "output" return value is not valid until after Send returns without error.
-//
-// See GetBucketLocation for more information on using the GetBucketLocation
-// API call, and error handling.
-//
-// This method is useful when you want to inject custom logic or configuration
-// into the SDK's request lifecycle. Such as custom headers, or retry logic.
-//
-//	// Example sending a request using the GetBucketLocationRequest method.
-//	req, resp := client.GetBucketLocationRequest(params)
-//
-//	err := req.Send()
-//	if err == nil { // resp is now filled
-//	    fmt.Println(resp)
-//	}
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketLocation
-func (c *S3) GetBucketLocationRequest(input *GetBucketLocationInput) (req *request.Request, output *GetBucketLocationOutput) {
-	op := &request.Operation{
-		Name:       opGetBucketLocation,
-		HTTPMethod: "GET",
-		HTTPPath:   "/{Bucket}?location",
-	}
-
-	if input == nil {
-		input = &GetBucketLocationInput{}
-	}
-
-	output = &GetBucketLocationOutput{}
-	req = c.newRequest(op, input, output)
-	return
-}
-
-// GetBucketLocation API operation for Amazon Simple Storage Service.
-//
-// Returns the Region the bucket resides in. You set the bucket's Region using
-// the LocationConstraint request parameter in a CreateBucket request. For more
-// information, see CreateBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html).
-//
-// To use this API operation against an access point, provide the alias of the
-// access point in place of the bucket name.
-//
-// To use this API operation against an Object Lambda access point, provide
-// the alias of the Object Lambda access point in place of the bucket name.
-// If the Object Lambda access point alias in a request is not valid, the error
-// code InvalidAccessPointAliasError is returned. For more information about
-// InvalidAccessPointAliasError, see List of Error Codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList).
-//
-// We recommend that you use HeadBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_HeadBucket.html)
-// to return the Region that a bucket resides in. For backward compatibility,
-// Amazon S3 continues to support GetBucketLocation.
-//
-// The following operations are related to GetBucketLocation:
-//
-//   - GetObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html)
-//
-//   - CreateBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html)
-//
-// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
-// with awserr.Error's Code and Message methods to get detailed information about
-// the error.
-//
-// See the AWS API reference guide for Amazon Simple Storage Service's
-// API operation GetBucketLocation for usage and error information.
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketLocation
-func (c *S3) GetBucketLocation(input *GetBucketLocationInput) (*GetBucketLocationOutput, error) {
-	req, out := c.GetBucketLocationRequest(input)
-	return out, req.Send()
-}
-
-// GetBucketLocationWithContext is the same as GetBucketLocation with the addition of
-// the ability to pass a context and additional request options.
-//
-// See GetBucketLocation for details on how to use this API operation.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-func (c *S3) GetBucketLocationWithContext(ctx aws.Context, input *GetBucketLocationInput, opts ...request.Option) (*GetBucketLocationOutput, error) {
-	req, out := c.GetBucketLocationRequest(input)
-	req.SetContext(ctx)
-	req.ApplyOptions(opts...)
-	return out, req.Send()
-}
-
-const opGetBucketLogging = "GetBucketLogging"
-
-// GetBucketLoggingRequest generates a "aws/request.Request" representing the
-// client's request for the GetBucketLogging operation. The "output" return
-// value will be populated with the request's response once the request completes
-// successfully.
-//
-// Use "Send" method on the returned Request to send the API call to the service.
-// the "output" return value is not valid until after Send returns without error.
-//
-// See GetBucketLogging for more information on using the GetBucketLogging
-// API call, and error handling.
-//
-// This method is useful when you want to inject custom logic or configuration
-// into the SDK's request lifecycle. Such as custom headers, or retry logic.
-//
-//	// Example sending a request using the GetBucketLoggingRequest method.
-//	req, resp := client.GetBucketLoggingRequest(params)
-//
-//	err := req.Send()
-//	if err == nil { // resp is now filled
-//	    fmt.Println(resp)
-//	}
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketLogging
-func (c *S3) GetBucketLoggingRequest(input *GetBucketLoggingInput) (req *request.Request, output *GetBucketLoggingOutput) {
-	op := &request.Operation{
-		Name:       opGetBucketLogging,
-		HTTPMethod: "GET",
-		HTTPPath:   "/{Bucket}?logging",
-	}
-
-	if input == nil {
-		input = &GetBucketLoggingInput{}
-	}
-
-	output = &GetBucketLoggingOutput{}
-	req = c.newRequest(op, input, output)
-	return
-}
-
-// GetBucketLogging API operation for Amazon Simple Storage Service.
-//
-// Returns the logging status of a bucket and the permissions users have to
-// view and modify that status.
-//
-// The following operations are related to GetBucketLogging:
-//
-//   - CreateBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html)
-//
-//   - PutBucketLogging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLogging.html)
-//
-// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
-// with awserr.Error's Code and Message methods to get detailed information about
-// the error.
-//
-// See the AWS API reference guide for Amazon Simple Storage Service's
-// API operation GetBucketLogging for usage and error information.
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketLogging
-func (c *S3) GetBucketLogging(input *GetBucketLoggingInput) (*GetBucketLoggingOutput, error) {
-	req, out := c.GetBucketLoggingRequest(input)
-	return out, req.Send()
-}
-
-// GetBucketLoggingWithContext is the same as GetBucketLogging with the addition of
-// the ability to pass a context and additional request options.
-//
-// See GetBucketLogging for details on how to use this API operation.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-func (c *S3) GetBucketLoggingWithContext(ctx aws.Context, input *GetBucketLoggingInput, opts ...request.Option) (*GetBucketLoggingOutput, error) {
-	req, out := c.GetBucketLoggingRequest(input)
-	req.SetContext(ctx)
-	req.ApplyOptions(opts...)
-	return out, req.Send()
-}
-
-const opGetBucketMetricsConfiguration = "GetBucketMetricsConfiguration"
-
-// GetBucketMetricsConfigurationRequest generates a "aws/request.Request" representing the
-// client's request for the GetBucketMetricsConfiguration operation. The "output" return
-// value will be populated with the request's response once the request completes
-// successfully.
-//
-// Use "Send" method on the returned Request to send the API call to the service.
-// the "output" return value is not valid until after Send returns without error.
-//
-// See GetBucketMetricsConfiguration for more information on using the GetBucketMetricsConfiguration
-// API call, and error handling.
-//
-// This method is useful when you want to inject custom logic or configuration
-// into the SDK's request lifecycle. Such as custom headers, or retry logic.
-//
-//	// Example sending a request using the GetBucketMetricsConfigurationRequest method.
-//	req, resp := client.GetBucketMetricsConfigurationRequest(params)
-//
-//	err := req.Send()
-//	if err == nil { // resp is now filled
-//	    fmt.Println(resp)
-//	}
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketMetricsConfiguration
-func (c *S3) GetBucketMetricsConfigurationRequest(input *GetBucketMetricsConfigurationInput) (req *request.Request, output *GetBucketMetricsConfigurationOutput) {
-	op := &request.Operation{
-		Name:       opGetBucketMetricsConfiguration,
-		HTTPMethod: "GET",
-		HTTPPath:   "/{Bucket}?metrics",
-	}
-
-	if input == nil {
-		input = &GetBucketMetricsConfigurationInput{}
-	}
-
-	output = &GetBucketMetricsConfigurationOutput{}
-	req = c.newRequest(op, input, output)
-	return
-}
-
-// GetBucketMetricsConfiguration API operation for Amazon Simple Storage Service.
-//
-// Gets a metrics configuration (specified by the metrics configuration ID)
-// from the bucket. Note that this doesn't include the daily storage metrics.
-//
-// To use this operation, you must have permissions to perform the s3:GetMetricsConfiguration
-// action. The bucket owner has this permission by default. The bucket owner
-// can grant this permission to others. For more information about permissions,
-// see Permissions Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
-// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html).
-//
-// For information about CloudWatch request metrics for Amazon S3, see Monitoring
-// Metrics with Amazon CloudWatch (https://docs.aws.amazon.com/AmazonS3/latest/dev/cloudwatch-monitoring.html).
-//
-// The following operations are related to GetBucketMetricsConfiguration:
-//
-//   - PutBucketMetricsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketMetricsConfiguration.html)
-//
-//   - DeleteBucketMetricsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketMetricsConfiguration.html)
-//
-//   - ListBucketMetricsConfigurations (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketMetricsConfigurations.html)
-//
-//   - Monitoring Metrics with Amazon CloudWatch (https://docs.aws.amazon.com/AmazonS3/latest/dev/cloudwatch-monitoring.html)
-//
-// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
-// with awserr.Error's Code and Message methods to get detailed information about
-// the error.
-//
-// See the AWS API reference guide for Amazon Simple Storage Service's
-// API operation GetBucketMetricsConfiguration for usage and error information.
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketMetricsConfiguration
-func (c *S3) GetBucketMetricsConfiguration(input *GetBucketMetricsConfigurationInput) (*GetBucketMetricsConfigurationOutput, error) {
-	req, out := c.GetBucketMetricsConfigurationRequest(input)
-	return out, req.Send()
-}
-
-// GetBucketMetricsConfigurationWithContext is the same as GetBucketMetricsConfiguration with the addition of
-// the ability to pass a context and additional request options.
-//
-// See GetBucketMetricsConfiguration for details on how to use this API operation.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-func (c *S3) GetBucketMetricsConfigurationWithContext(ctx aws.Context, input *GetBucketMetricsConfigurationInput, opts ...request.Option) (*GetBucketMetricsConfigurationOutput, error) {
-	req, out := c.GetBucketMetricsConfigurationRequest(input)
-	req.SetContext(ctx)
-	req.ApplyOptions(opts...)
-	return out, req.Send()
-}
-
-const opGetBucketNotification = "GetBucketNotification"
-
-// GetBucketNotificationRequest generates a "aws/request.Request" representing the
-// client's request for the GetBucketNotification operation. The "output" return
-// value will be populated with the request's response once the request completes
-// successfully.
-//
-// Use "Send" method on the returned Request to send the API call to the service.
-// the "output" return value is not valid until after Send returns without error.
-//
-// See GetBucketNotification for more information on using the GetBucketNotification
-// API call, and error handling.
-//
-// This method is useful when you want to inject custom logic or configuration
-// into the SDK's request lifecycle. Such as custom headers, or retry logic.
-//
-//	// Example sending a request using the GetBucketNotificationRequest method.
-//	req, resp := client.GetBucketNotificationRequest(params)
-//
-//	err := req.Send()
-//	if err == nil { // resp is now filled
-//	    fmt.Println(resp)
-//	}
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketNotification
-//
-// Deprecated: GetBucketNotification has been deprecated
-func (c *S3) GetBucketNotificationRequest(input *GetBucketNotificationConfigurationRequest) (req *request.Request, output *NotificationConfigurationDeprecated) {
-	if c.Client.Config.Logger != nil {
-		c.Client.Config.Logger.Log("This operation, GetBucketNotification, has been deprecated")
-	}
-	op := &request.Operation{
-		Name:       opGetBucketNotification,
-		HTTPMethod: "GET",
-		HTTPPath:   "/{Bucket}?notification",
-	}
-
-	if input == nil {
-		input = &GetBucketNotificationConfigurationRequest{}
-	}
-
-	output = &NotificationConfigurationDeprecated{}
-	req = c.newRequest(op, input, output)
-	return
-}
-
-// GetBucketNotification API operation for Amazon Simple Storage Service.
-//
-// No longer used, see GetBucketNotificationConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketNotificationConfiguration.html).
-//
-// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
-// with awserr.Error's Code and Message methods to get detailed information about
-// the error.
-//
-// See the AWS API reference guide for Amazon Simple Storage Service's
-// API operation GetBucketNotification for usage and error information.
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketNotification
-//
-// Deprecated: GetBucketNotification has been deprecated
-func (c *S3) GetBucketNotification(input *GetBucketNotificationConfigurationRequest) (*NotificationConfigurationDeprecated, error) {
-	req, out := c.GetBucketNotificationRequest(input)
-	return out, req.Send()
-}
-
-// GetBucketNotificationWithContext is the same as GetBucketNotification with the addition of
-// the ability to pass a context and additional request options.
-//
-// See GetBucketNotification for details on how to use this API operation.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-//
-// Deprecated: GetBucketNotificationWithContext has been deprecated
-func (c *S3) GetBucketNotificationWithContext(ctx aws.Context, input *GetBucketNotificationConfigurationRequest, opts ...request.Option) (*NotificationConfigurationDeprecated, error) {
-	req, out := c.GetBucketNotificationRequest(input)
-	req.SetContext(ctx)
-	req.ApplyOptions(opts...)
-	return out, req.Send()
-}
-
-const opGetBucketNotificationConfiguration = "GetBucketNotificationConfiguration"
-
-// GetBucketNotificationConfigurationRequest generates a "aws/request.Request" representing the
-// client's request for the GetBucketNotificationConfiguration operation. The "output" return
-// value will be populated with the request's response once the request completes
-// successfully.
-//
-// Use "Send" method on the returned Request to send the API call to the service.
-// the "output" return value is not valid until after Send returns without error.
-//
-// See GetBucketNotificationConfiguration for more information on using the GetBucketNotificationConfiguration
-// API call, and error handling.
-//
-// This method is useful when you want to inject custom logic or configuration
-// into the SDK's request lifecycle. Such as custom headers, or retry logic.
-//
-//	// Example sending a request using the GetBucketNotificationConfigurationRequest method.
-//	req, resp := client.GetBucketNotificationConfigurationRequest(params)
-//
-//	err := req.Send()
-//	if err == nil { // resp is now filled
-//	    fmt.Println(resp)
-//	}
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketNotificationConfiguration
-func (c *S3) GetBucketNotificationConfigurationRequest(input *GetBucketNotificationConfigurationRequest) (req *request.Request, output *NotificationConfiguration) {
-	op := &request.Operation{
-		Name:       opGetBucketNotificationConfiguration,
-		HTTPMethod: "GET",
-		HTTPPath:   "/{Bucket}?notification",
-	}
-
-	if input == nil {
-		input = &GetBucketNotificationConfigurationRequest{}
-	}
-
-	output = &NotificationConfiguration{}
-	req = c.newRequest(op, input, output)
-	return
-}
-
-// GetBucketNotificationConfiguration API operation for Amazon Simple Storage Service.
-//
-// Returns the notification configuration of a bucket.
-//
-// If notifications are not enabled on the bucket, the action returns an empty
-// NotificationConfiguration element.
-//
-// By default, you must be the bucket owner to read the notification configuration
-// of a bucket. However, the bucket owner can use a bucket policy to grant permission
-// to other users to read this configuration with the s3:GetBucketNotification
-// permission.
-//
-// To use this API operation against an access point, provide the alias of the
-// access point in place of the bucket name.
-//
-// To use this API operation against an Object Lambda access point, provide
-// the alias of the Object Lambda access point in place of the bucket name.
-// If the Object Lambda access point alias in a request is not valid, the error
-// code InvalidAccessPointAliasError is returned. For more information about
-// InvalidAccessPointAliasError, see List of Error Codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList).
-//
-// For more information about setting and reading the notification configuration
-// on a bucket, see Setting Up Notification of Bucket Events (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html).
-// For more information about bucket policies, see Using Bucket Policies (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-iam-policies.html).
-//
-// The following action is related to GetBucketNotification:
-//
-//   - PutBucketNotification (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketNotification.html)
-//
-// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
-// with awserr.Error's Code and Message methods to get detailed information about
-// the error.
-//
-// See the AWS API reference guide for Amazon Simple Storage Service's
-// API operation GetBucketNotificationConfiguration for usage and error information.
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketNotificationConfiguration
-func (c *S3) GetBucketNotificationConfiguration(input *GetBucketNotificationConfigurationRequest) (*NotificationConfiguration, error) {
-	req, out := c.GetBucketNotificationConfigurationRequest(input)
-	return out, req.Send()
-}
-
-// GetBucketNotificationConfigurationWithContext is the same as GetBucketNotificationConfiguration with the addition of
-// the ability to pass a context and additional request options.
-//
-// See GetBucketNotificationConfiguration for details on how to use this API operation.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-func (c *S3) GetBucketNotificationConfigurationWithContext(ctx aws.Context, input *GetBucketNotificationConfigurationRequest, opts ...request.Option) (*NotificationConfiguration, error) {
-	req, out := c.GetBucketNotificationConfigurationRequest(input)
-	req.SetContext(ctx)
-	req.ApplyOptions(opts...)
-	return out, req.Send()
-}
-
-const opGetBucketOwnershipControls = "GetBucketOwnershipControls"
-
-// GetBucketOwnershipControlsRequest generates a "aws/request.Request" representing the
-// client's request for the GetBucketOwnershipControls operation. The "output" return
-// value will be populated with the request's response once the request completes
-// successfully.
-//
-// Use "Send" method on the returned Request to send the API call to the service.
-// the "output" return value is not valid until after Send returns without error.
-//
-// See GetBucketOwnershipControls for more information on using the GetBucketOwnershipControls
-// API call, and error handling.
-//
-// This method is useful when you want to inject custom logic or configuration
-// into the SDK's request lifecycle. Such as custom headers, or retry logic.
-//
-//	// Example sending a request using the GetBucketOwnershipControlsRequest method.
-//	req, resp := client.GetBucketOwnershipControlsRequest(params)
-//
-//	err := req.Send()
-//	if err == nil { // resp is now filled
-//	    fmt.Println(resp)
-//	}
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketOwnershipControls
-func (c *S3) GetBucketOwnershipControlsRequest(input *GetBucketOwnershipControlsInput) (req *request.Request, output *GetBucketOwnershipControlsOutput) {
-	op := &request.Operation{
-		Name:       opGetBucketOwnershipControls,
-		HTTPMethod: "GET",
-		HTTPPath:   "/{Bucket}?ownershipControls",
-	}
-
-	if input == nil {
-		input = &GetBucketOwnershipControlsInput{}
-	}
-
-	output = &GetBucketOwnershipControlsOutput{}
-	req = c.newRequest(op, input, output)
-	return
-}
-
-// GetBucketOwnershipControls API operation for Amazon Simple Storage Service.
-//
-// Retrieves OwnershipControls for an Amazon S3 bucket. To use this operation,
-// you must have the s3:GetBucketOwnershipControls permission. For more information
-// about Amazon S3 permissions, see Specifying permissions in a policy (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html).
-//
-// For information about Amazon S3 Object Ownership, see Using Object Ownership
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html).
-//
-// The following operations are related to GetBucketOwnershipControls:
-//
-//   - PutBucketOwnershipControls
-//
-//   - DeleteBucketOwnershipControls
-//
-// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
-// with awserr.Error's Code and Message methods to get detailed information about
-// the error.
-//
-// See the AWS API reference guide for Amazon Simple Storage Service's
-// API operation GetBucketOwnershipControls for usage and error information.
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketOwnershipControls
-func (c *S3) GetBucketOwnershipControls(input *GetBucketOwnershipControlsInput) (*GetBucketOwnershipControlsOutput, error) {
-	req, out := c.GetBucketOwnershipControlsRequest(input)
-	return out, req.Send()
-}
-
-// GetBucketOwnershipControlsWithContext is the same as GetBucketOwnershipControls with the addition of
-// the ability to pass a context and additional request options.
-//
-// See GetBucketOwnershipControls for details on how to use this API operation.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-func (c *S3) GetBucketOwnershipControlsWithContext(ctx aws.Context, input *GetBucketOwnershipControlsInput, opts ...request.Option) (*GetBucketOwnershipControlsOutput, error) {
-	req, out := c.GetBucketOwnershipControlsRequest(input)
-	req.SetContext(ctx)
-	req.ApplyOptions(opts...)
-	return out, req.Send()
-}
-
-const opGetBucketPolicy = "GetBucketPolicy"
-
-// GetBucketPolicyRequest generates a "aws/request.Request" representing the
-// client's request for the GetBucketPolicy operation. The "output" return
-// value will be populated with the request's response once the request completes
-// successfully.
-//
-// Use "Send" method on the returned Request to send the API call to the service.
-// the "output" return value is not valid until after Send returns without error.
-//
-// See GetBucketPolicy for more information on using the GetBucketPolicy
-// API call, and error handling.
-//
-// This method is useful when you want to inject custom logic or configuration
-// into the SDK's request lifecycle. Such as custom headers, or retry logic.
-//
-//	// Example sending a request using the GetBucketPolicyRequest method.
-//	req, resp := client.GetBucketPolicyRequest(params)
-//
-//	err := req.Send()
-//	if err == nil { // resp is now filled
-//	    fmt.Println(resp)
-//	}
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketPolicy
-func (c *S3) GetBucketPolicyRequest(input *GetBucketPolicyInput) (req *request.Request, output *GetBucketPolicyOutput) {
-	op := &request.Operation{
-		Name:       opGetBucketPolicy,
-		HTTPMethod: "GET",
-		HTTPPath:   "/{Bucket}?policy",
-	}
-
-	if input == nil {
-		input = &GetBucketPolicyInput{}
-	}
-
-	output = &GetBucketPolicyOutput{}
-	req = c.newRequest(op, input, output)
-	return
-}
-
-// GetBucketPolicy API operation for Amazon Simple Storage Service.
-//
-// Returns the policy of a specified bucket. If you are using an identity other
-// than the root user of the Amazon Web Services account that owns the bucket,
-// the calling identity must have the GetBucketPolicy permissions on the specified
-// bucket and belong to the bucket owner's account in order to use this operation.
-//
-// If you don't have GetBucketPolicy permissions, Amazon S3 returns a 403 Access
-// Denied error. If you have the correct permissions, but you're not using an
-// identity that belongs to the bucket owner's account, Amazon S3 returns a
-// 405 Method Not Allowed error.
-//
-// To ensure that bucket owners don't inadvertently lock themselves out of their
-// own buckets, the root principal in a bucket owner's Amazon Web Services account
-// can perform the GetBucketPolicy, PutBucketPolicy, and DeleteBucketPolicy
-// API actions, even if their bucket policy explicitly denies the root principal's
-// access. Bucket owner root principals can only be blocked from performing
-// these API actions by VPC endpoint policies and Amazon Web Services Organizations
-// policies.
-//
-// To use this API operation against an access point, provide the alias of the
-// access point in place of the bucket name.
-//
-// To use this API operation against an Object Lambda access point, provide
-// the alias of the Object Lambda access point in place of the bucket name.
-// If the Object Lambda access point alias in a request is not valid, the error
-// code InvalidAccessPointAliasError is returned. For more information about
-// InvalidAccessPointAliasError, see List of Error Codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList).
-//
-// For more information about bucket policies, see Using Bucket Policies and
-// User Policies (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-iam-policies.html).
-//
-// The following action is related to GetBucketPolicy:
-//
-//   - GetObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html)
-//
-// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
-// with awserr.Error's Code and Message methods to get detailed information about
-// the error.
-//
-// See the AWS API reference guide for Amazon Simple Storage Service's
-// API operation GetBucketPolicy for usage and error information.
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketPolicy
-func (c *S3) GetBucketPolicy(input *GetBucketPolicyInput) (*GetBucketPolicyOutput, error) {
-	req, out := c.GetBucketPolicyRequest(input)
-	return out, req.Send()
-}
-
-// GetBucketPolicyWithContext is the same as GetBucketPolicy with the addition of
-// the ability to pass a context and additional request options.
-//
-// See GetBucketPolicy for details on how to use this API operation.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-func (c *S3) GetBucketPolicyWithContext(ctx aws.Context, input *GetBucketPolicyInput, opts ...request.Option) (*GetBucketPolicyOutput, error) {
-	req, out := c.GetBucketPolicyRequest(input)
-	req.SetContext(ctx)
-	req.ApplyOptions(opts...)
-	return out, req.Send()
-}
-
-const opGetBucketPolicyStatus = "GetBucketPolicyStatus"
-
-// GetBucketPolicyStatusRequest generates a "aws/request.Request" representing the
-// client's request for the GetBucketPolicyStatus operation. The "output" return
-// value will be populated with the request's response once the request completes
-// successfully.
-//
-// Use "Send" method on the returned Request to send the API call to the service.
-// the "output" return value is not valid until after Send returns without error.
-//
-// See GetBucketPolicyStatus for more information on using the GetBucketPolicyStatus
-// API call, and error handling.
-//
-// This method is useful when you want to inject custom logic or configuration
-// into the SDK's request lifecycle. Such as custom headers, or retry logic.
-//
-//	// Example sending a request using the GetBucketPolicyStatusRequest method.
-//	req, resp := client.GetBucketPolicyStatusRequest(params)
-//
-//	err := req.Send()
-//	if err == nil { // resp is now filled
-//	    fmt.Println(resp)
-//	}
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketPolicyStatus
-func (c *S3) GetBucketPolicyStatusRequest(input *GetBucketPolicyStatusInput) (req *request.Request, output *GetBucketPolicyStatusOutput) {
-	op := &request.Operation{
-		Name:       opGetBucketPolicyStatus,
-		HTTPMethod: "GET",
-		HTTPPath:   "/{Bucket}?policyStatus",
-	}
-
-	if input == nil {
-		input = &GetBucketPolicyStatusInput{}
-	}
-
-	output = &GetBucketPolicyStatusOutput{}
-	req = c.newRequest(op, input, output)
-	return
-}
-
-// GetBucketPolicyStatus API operation for Amazon Simple Storage Service.
-//
-// Retrieves the policy status for an Amazon S3 bucket, indicating whether the
-// bucket is public. In order to use this operation, you must have the s3:GetBucketPolicyStatus
-// permission. For more information about Amazon S3 permissions, see Specifying
-// Permissions in a Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html).
-//
-// For more information about when Amazon S3 considers a bucket public, see
-// The Meaning of "Public" (https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html#access-control-block-public-access-policy-status).
-//
-// The following operations are related to GetBucketPolicyStatus:
-//
-//   - Using Amazon S3 Block Public Access (https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html)
-//
-//   - GetPublicAccessBlock (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetPublicAccessBlock.html)
-//
-//   - PutPublicAccessBlock (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutPublicAccessBlock.html)
-//
-//   - DeletePublicAccessBlock (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeletePublicAccessBlock.html)
-//
-// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
-// with awserr.Error's Code and Message methods to get detailed information about
-// the error.
-//
-// See the AWS API reference guide for Amazon Simple Storage Service's
-// API operation GetBucketPolicyStatus for usage and error information.
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketPolicyStatus
-func (c *S3) GetBucketPolicyStatus(input *GetBucketPolicyStatusInput) (*GetBucketPolicyStatusOutput, error) {
-	req, out := c.GetBucketPolicyStatusRequest(input)
-	return out, req.Send()
-}
-
-// GetBucketPolicyStatusWithContext is the same as GetBucketPolicyStatus with the addition of
-// the ability to pass a context and additional request options.
-//
-// See GetBucketPolicyStatus for details on how to use this API operation.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-func (c *S3) GetBucketPolicyStatusWithContext(ctx aws.Context, input *GetBucketPolicyStatusInput, opts ...request.Option) (*GetBucketPolicyStatusOutput, error) {
-	req, out := c.GetBucketPolicyStatusRequest(input)
-	req.SetContext(ctx)
-	req.ApplyOptions(opts...)
-	return out, req.Send()
-}
-
-const opGetBucketReplication = "GetBucketReplication"
-
-// GetBucketReplicationRequest generates a "aws/request.Request" representing the
-// client's request for the GetBucketReplication operation. The "output" return
-// value will be populated with the request's response once the request completes
-// successfully.
-//
-// Use "Send" method on the returned Request to send the API call to the service.
-// the "output" return value is not valid until after Send returns without error.
-//
-// See GetBucketReplication for more information on using the GetBucketReplication
-// API call, and error handling.
-//
-// This method is useful when you want to inject custom logic or configuration
-// into the SDK's request lifecycle. Such as custom headers, or retry logic.
-//
-//	// Example sending a request using the GetBucketReplicationRequest method.
-//	req, resp := client.GetBucketReplicationRequest(params)
-//
-//	err := req.Send()
-//	if err == nil { // resp is now filled
-//	    fmt.Println(resp)
-//	}
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketReplication
-func (c *S3) GetBucketReplicationRequest(input *GetBucketReplicationInput) (req *request.Request, output *GetBucketReplicationOutput) {
-	op := &request.Operation{
-		Name:       opGetBucketReplication,
-		HTTPMethod: "GET",
-		HTTPPath:   "/{Bucket}?replication",
-	}
-
-	if input == nil {
-		input = &GetBucketReplicationInput{}
-	}
-
-	output = &GetBucketReplicationOutput{}
-	req = c.newRequest(op, input, output)
-	return
-}
-
-// GetBucketReplication API operation for Amazon Simple Storage Service.
-//
-// Returns the replication configuration of a bucket.
-//
-// It can take a while to propagate the put or delete a replication configuration
-// to all Amazon S3 systems. Therefore, a get request soon after put or delete
-// can return a wrong result.
-//
-// For information about replication configuration, see Replication (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication.html)
-// in the Amazon S3 User Guide.
-//
-// This action requires permissions for the s3:GetReplicationConfiguration action.
-// For more information about permissions, see Using Bucket Policies and User
-// Policies (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-iam-policies.html).
-//
-// If you include the Filter element in a replication configuration, you must
-// also include the DeleteMarkerReplication and Priority elements. The response
-// also returns those elements.
-//
-// For information about GetBucketReplication errors, see List of replication-related
-// error codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ReplicationErrorCodeList)
-//
-// The following operations are related to GetBucketReplication:
-//
-//   - PutBucketReplication (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketReplication.html)
-//
-//   - DeleteBucketReplication (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketReplication.html)
-//
-// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
-// with awserr.Error's Code and Message methods to get detailed information about
-// the error.
-//
-// See the AWS API reference guide for Amazon Simple Storage Service's
-// API operation GetBucketReplication for usage and error information.
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketReplication
-func (c *S3) GetBucketReplication(input *GetBucketReplicationInput) (*GetBucketReplicationOutput, error) {
-	req, out := c.GetBucketReplicationRequest(input)
-	return out, req.Send()
-}
-
-// GetBucketReplicationWithContext is the same as GetBucketReplication with the addition of
-// the ability to pass a context and additional request options.
-//
-// See GetBucketReplication for details on how to use this API operation.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-func (c *S3) GetBucketReplicationWithContext(ctx aws.Context, input *GetBucketReplicationInput, opts ...request.Option) (*GetBucketReplicationOutput, error) {
-	req, out := c.GetBucketReplicationRequest(input)
-	req.SetContext(ctx)
-	req.ApplyOptions(opts...)
-	return out, req.Send()
-}
-
-const opGetBucketRequestPayment = "GetBucketRequestPayment"
-
-// GetBucketRequestPaymentRequest generates a "aws/request.Request" representing the
-// client's request for the GetBucketRequestPayment operation. The "output" return
-// value will be populated with the request's response once the request completes
-// successfully.
-//
-// Use "Send" method on the returned Request to send the API call to the service.
-// the "output" return value is not valid until after Send returns without error.
-//
-// See GetBucketRequestPayment for more information on using the GetBucketRequestPayment
-// API call, and error handling.
-//
-// This method is useful when you want to inject custom logic or configuration
-// into the SDK's request lifecycle. Such as custom headers, or retry logic.
-//
-//	// Example sending a request using the GetBucketRequestPaymentRequest method.
-//	req, resp := client.GetBucketRequestPaymentRequest(params)
-//
-//	err := req.Send()
-//	if err == nil { // resp is now filled
-//	    fmt.Println(resp)
-//	}
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketRequestPayment
-func (c *S3) GetBucketRequestPaymentRequest(input *GetBucketRequestPaymentInput) (req *request.Request, output *GetBucketRequestPaymentOutput) {
-	op := &request.Operation{
-		Name:       opGetBucketRequestPayment,
-		HTTPMethod: "GET",
-		HTTPPath:   "/{Bucket}?requestPayment",
-	}
-
-	if input == nil {
-		input = &GetBucketRequestPaymentInput{}
-	}
-
-	output = &GetBucketRequestPaymentOutput{}
-	req = c.newRequest(op, input, output)
-	return
-}
-
-// GetBucketRequestPayment API operation for Amazon Simple Storage Service.
-//
-// Returns the request payment configuration of a bucket. To use this version
-// of the operation, you must be the bucket owner. For more information, see
-// Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/RequesterPaysBuckets.html).
-//
-// The following operations are related to GetBucketRequestPayment:
-//
-//   - ListObjects (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListObjects.html)
-//
-// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
-// with awserr.Error's Code and Message methods to get detailed information about
-// the error.
-//
-// See the AWS API reference guide for Amazon Simple Storage Service's
-// API operation GetBucketRequestPayment for usage and error information.
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketRequestPayment
-func (c *S3) GetBucketRequestPayment(input *GetBucketRequestPaymentInput) (*GetBucketRequestPaymentOutput, error) {
-	req, out := c.GetBucketRequestPaymentRequest(input)
-	return out, req.Send()
-}
-
-// GetBucketRequestPaymentWithContext is the same as GetBucketRequestPayment with the addition of
-// the ability to pass a context and additional request options.
-//
-// See GetBucketRequestPayment for details on how to use this API operation.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-func (c *S3) GetBucketRequestPaymentWithContext(ctx aws.Context, input *GetBucketRequestPaymentInput, opts ...request.Option) (*GetBucketRequestPaymentOutput, error) {
-	req, out := c.GetBucketRequestPaymentRequest(input)
-	req.SetContext(ctx)
-	req.ApplyOptions(opts...)
-	return out, req.Send()
-}
-
-const opGetBucketTagging = "GetBucketTagging"
-
-// GetBucketTaggingRequest generates a "aws/request.Request" representing the
-// client's request for the GetBucketTagging operation. The "output" return
-// value will be populated with the request's response once the request completes
-// successfully.
-//
-// Use "Send" method on the returned Request to send the API call to the service.
-// the "output" return value is not valid until after Send returns without error.
-//
-// See GetBucketTagging for more information on using the GetBucketTagging
-// API call, and error handling.
-//
-// This method is useful when you want to inject custom logic or configuration
-// into the SDK's request lifecycle. Such as custom headers, or retry logic.
-//
-//	// Example sending a request using the GetBucketTaggingRequest method.
-//	req, resp := client.GetBucketTaggingRequest(params)
-//
-//	err := req.Send()
-//	if err == nil { // resp is now filled
-//	    fmt.Println(resp)
-//	}
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketTagging
-func (c *S3) GetBucketTaggingRequest(input *GetBucketTaggingInput) (req *request.Request, output *GetBucketTaggingOutput) {
-	op := &request.Operation{
-		Name:       opGetBucketTagging,
-		HTTPMethod: "GET",
-		HTTPPath:   "/{Bucket}?tagging",
-	}
-
-	if input == nil {
-		input = &GetBucketTaggingInput{}
-	}
-
-	output = &GetBucketTaggingOutput{}
-	req = c.newRequest(op, input, output)
-	return
-}
-
-// GetBucketTagging API operation for Amazon Simple Storage Service.
-//
-// Returns the tag set associated with the bucket.
-//
-// To use this operation, you must have permission to perform the s3:GetBucketTagging
-// action. By default, the bucket owner has this permission and can grant this
-// permission to others.
-//
-// GetBucketTagging has the following special error:
-//
-//   - Error code: NoSuchTagSet Description: There is no tag set associated
-//     with the bucket.
-//
-// The following operations are related to GetBucketTagging:
-//
-//   - PutBucketTagging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketTagging.html)
-//
-//   - DeleteBucketTagging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketTagging.html)
-//
-// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
-// with awserr.Error's Code and Message methods to get detailed information about
-// the error.
-//
-// See the AWS API reference guide for Amazon Simple Storage Service's
-// API operation GetBucketTagging for usage and error information.
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketTagging
-func (c *S3) GetBucketTagging(input *GetBucketTaggingInput) (*GetBucketTaggingOutput, error) {
-	req, out := c.GetBucketTaggingRequest(input)
-	return out, req.Send()
-}
-
-// GetBucketTaggingWithContext is the same as GetBucketTagging with the addition of
-// the ability to pass a context and additional request options.
-//
-// See GetBucketTagging for details on how to use this API operation.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-func (c *S3) GetBucketTaggingWithContext(ctx aws.Context, input *GetBucketTaggingInput, opts ...request.Option) (*GetBucketTaggingOutput, error) {
-	req, out := c.GetBucketTaggingRequest(input)
-	req.SetContext(ctx)
-	req.ApplyOptions(opts...)
-	return out, req.Send()
-}
-
-const opGetBucketVersioning = "GetBucketVersioning"
-
-// GetBucketVersioningRequest generates a "aws/request.Request" representing the
-// client's request for the GetBucketVersioning operation. The "output" return
-// value will be populated with the request's response once the request completes
-// successfully.
-//
-// Use "Send" method on the returned Request to send the API call to the service.
-// the "output" return value is not valid until after Send returns without error.
-//
-// See GetBucketVersioning for more information on using the GetBucketVersioning
-// API call, and error handling.
-//
-// This method is useful when you want to inject custom logic or configuration
-// into the SDK's request lifecycle. Such as custom headers, or retry logic.
-//
-//	// Example sending a request using the GetBucketVersioningRequest method.
-//	req, resp := client.GetBucketVersioningRequest(params)
-//
-//	err := req.Send()
-//	if err == nil { // resp is now filled
-//	    fmt.Println(resp)
-//	}
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketVersioning
-func (c *S3) GetBucketVersioningRequest(input *GetBucketVersioningInput) (req *request.Request, output *GetBucketVersioningOutput) {
-	op := &request.Operation{
-		Name:       opGetBucketVersioning,
-		HTTPMethod: "GET",
-		HTTPPath:   "/{Bucket}?versioning",
-	}
-
-	if input == nil {
-		input = &GetBucketVersioningInput{}
-	}
-
-	output = &GetBucketVersioningOutput{}
-	req = c.newRequest(op, input, output)
-	return
-}
-
-// GetBucketVersioning API operation for Amazon Simple Storage Service.
-//
-// Returns the versioning state of a bucket.
-//
-// To retrieve the versioning state of a bucket, you must be the bucket owner.
-//
-// This implementation also returns the MFA Delete status of the versioning
-// state. If the MFA Delete status is enabled, the bucket owner must use an
-// authentication device to change the versioning state of the bucket.
-//
-// The following operations are related to GetBucketVersioning:
-//
-//   - GetObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html)
-//
-//   - PutObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html)
-//
-//   - DeleteObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObject.html)
-//
-// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
-// with awserr.Error's Code and Message methods to get detailed information about
-// the error.
-//
-// See the AWS API reference guide for Amazon Simple Storage Service's
-// API operation GetBucketVersioning for usage and error information.
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketVersioning
-func (c *S3) GetBucketVersioning(input *GetBucketVersioningInput) (*GetBucketVersioningOutput, error) {
-	req, out := c.GetBucketVersioningRequest(input)
-	return out, req.Send()
-}
-
-// GetBucketVersioningWithContext is the same as GetBucketVersioning with the addition of
-// the ability to pass a context and additional request options.
-//
-// See GetBucketVersioning for details on how to use this API operation.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-func (c *S3) GetBucketVersioningWithContext(ctx aws.Context, input *GetBucketVersioningInput, opts ...request.Option) (*GetBucketVersioningOutput, error) {
-	req, out := c.GetBucketVersioningRequest(input)
-	req.SetContext(ctx)
-	req.ApplyOptions(opts...)
-	return out, req.Send()
-}
-
-const opGetBucketWebsite = "GetBucketWebsite"
-
-// GetBucketWebsiteRequest generates a "aws/request.Request" representing the
-// client's request for the GetBucketWebsite operation. The "output" return
-// value will be populated with the request's response once the request completes
-// successfully.
-//
-// Use "Send" method on the returned Request to send the API call to the service.
-// the "output" return value is not valid until after Send returns without error.
-//
-// See GetBucketWebsite for more information on using the GetBucketWebsite
-// API call, and error handling.
-//
-// This method is useful when you want to inject custom logic or configuration
-// into the SDK's request lifecycle. Such as custom headers, or retry logic.
-//
-//	// Example sending a request using the GetBucketWebsiteRequest method.
-//	req, resp := client.GetBucketWebsiteRequest(params)
-//
-//	err := req.Send()
-//	if err == nil { // resp is now filled
-//	    fmt.Println(resp)
-//	}
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketWebsite
-func (c *S3) GetBucketWebsiteRequest(input *GetBucketWebsiteInput) (req *request.Request, output *GetBucketWebsiteOutput) {
-	op := &request.Operation{
-		Name:       opGetBucketWebsite,
-		HTTPMethod: "GET",
-		HTTPPath:   "/{Bucket}?website",
-	}
-
-	if input == nil {
-		input = &GetBucketWebsiteInput{}
-	}
-
-	output = &GetBucketWebsiteOutput{}
-	req = c.newRequest(op, input, output)
-	return
-}
-
-// GetBucketWebsite API operation for Amazon Simple Storage Service.
-//
-// Returns the website configuration for a bucket. To host website on Amazon
-// S3, you can configure a bucket as website by adding a website configuration.
-// For more information about hosting websites, see Hosting Websites on Amazon
-// S3 (https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteHosting.html).
-//
-// This GET action requires the S3:GetBucketWebsite permission. By default,
-// only the bucket owner can read the bucket website configuration. However,
-// bucket owners can allow other users to read the website configuration by
-// writing a bucket policy granting them the S3:GetBucketWebsite permission.
-//
-// The following operations are related to GetBucketWebsite:
-//
-//   - DeleteBucketWebsite (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketWebsite.html)
-//
-//   - PutBucketWebsite (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketWebsite.html)
-//
-// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
-// with awserr.Error's Code and Message methods to get detailed information about
-// the error.
-//
-// See the AWS API reference guide for Amazon Simple Storage Service's
-// API operation GetBucketWebsite for usage and error information.
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketWebsite
-func (c *S3) GetBucketWebsite(input *GetBucketWebsiteInput) (*GetBucketWebsiteOutput, error) {
-	req, out := c.GetBucketWebsiteRequest(input)
-	return out, req.Send()
-}
-
-// GetBucketWebsiteWithContext is the same as GetBucketWebsite with the addition of
-// the ability to pass a context and additional request options.
-//
-// See GetBucketWebsite for details on how to use this API operation.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-func (c *S3) GetBucketWebsiteWithContext(ctx aws.Context, input *GetBucketWebsiteInput, opts ...request.Option) (*GetBucketWebsiteOutput, error) {
-	req, out := c.GetBucketWebsiteRequest(input)
-	req.SetContext(ctx)
-	req.ApplyOptions(opts...)
-	return out, req.Send()
-}
-
-const opGetObject = "GetObject"
-
-// GetObjectRequest generates a "aws/request.Request" representing the
-// client's request for the GetObject operation. The "output" return
-// value will be populated with the request's response once the request completes
-// successfully.
-//
-// Use "Send" method on the returned Request to send the API call to the service.
-// the "output" return value is not valid until after Send returns without error.
-//
-// See GetObject for more information on using the GetObject
-// API call, and error handling.
-//
-// This method is useful when you want to inject custom logic or configuration
-// into the SDK's request lifecycle. Such as custom headers, or retry logic.
-//
-//	// Example sending a request using the GetObjectRequest method.
-//	req, resp := client.GetObjectRequest(params)
-//
-//	err := req.Send()
-//	if err == nil { // resp is now filled
-//	    fmt.Println(resp)
-//	}
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetObject
-func (c *S3) GetObjectRequest(input *GetObjectInput) (req *request.Request, output *GetObjectOutput) {
-	op := &request.Operation{
-		Name:       opGetObject,
-		HTTPMethod: "GET",
-		HTTPPath:   "/{Bucket}/{Key+}",
-	}
-
-	if input == nil {
-		input = &GetObjectInput{}
-	}
-
-	output = &GetObjectOutput{}
-	req = c.newRequest(op, input, output)
-	return
-}
-
-// GetObject API operation for Amazon Simple Storage Service.
-//
-// Retrieves objects from Amazon S3. To use GET, you must have READ access to
-// the object. If you grant READ access to the anonymous user, you can return
-// the object without using an authorization header.
-//
-// An Amazon S3 bucket has no directory hierarchy such as you would find in
-// a typical computer file system. You can, however, create a logical hierarchy
-// by using object key names that imply a folder structure. For example, instead
-// of naming an object sample.jpg, you can name it photos/2006/February/sample.jpg.
-//
-// To get an object from such a logical hierarchy, specify the full key name
-// for the object in the GET operation. For a virtual hosted-style request example,
-// if you have the object photos/2006/February/sample.jpg, specify the resource
-// as /photos/2006/February/sample.jpg. For a path-style request example, if
-// you have the object photos/2006/February/sample.jpg in the bucket named examplebucket,
-// specify the resource as /examplebucket/photos/2006/February/sample.jpg. For
-// more information about request types, see HTTP Host Header Bucket Specification
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/VirtualHosting.html#VirtualHostingSpecifyBucket).
-//
-// For more information about returning the ACL of an object, see GetObjectAcl
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectAcl.html).
-//
-// If the object you are retrieving is stored in the S3 Glacier Flexible Retrieval
-// or S3 Glacier Deep Archive storage class, or S3 Intelligent-Tiering Archive
-// or S3 Intelligent-Tiering Deep Archive tiers, before you can retrieve the
-// object you must first restore a copy using RestoreObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_RestoreObject.html).
-// Otherwise, this action returns an InvalidObjectState error. For information
-// about restoring archived objects, see Restoring Archived Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/restoring-objects.html).
-//
-// Encryption request headers, like x-amz-server-side-encryption, should not
-// be sent for GET requests if your object uses server-side encryption with
-// Key Management Service (KMS) keys (SSE-KMS), dual-layer server-side encryption
-// with Amazon Web Services KMS keys (DSSE-KMS), or server-side encryption with
-// Amazon S3 managed encryption keys (SSE-S3). If your object does use these
-// types of keys, you’ll get an HTTP 400 Bad Request error.
-//
-// If you encrypt an object by using server-side encryption with customer-provided
-// encryption keys (SSE-C) when you store the object in Amazon S3, then when
-// you GET the object, you must use the following headers:
-//
-//   - x-amz-server-side-encryption-customer-algorithm
-//
-//   - x-amz-server-side-encryption-customer-key
-//
-//   - x-amz-server-side-encryption-customer-key-MD5
-//
-// For more information about SSE-C, see Server-Side Encryption (Using Customer-Provided
-// Encryption Keys) (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html).
-//
-// Assuming you have the relevant permission to read object tags, the response
-// also returns the x-amz-tagging-count header that provides the count of number
-// of tags associated with the object. You can use GetObjectTagging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectTagging.html)
-// to retrieve the tag set associated with an object.
-//
-// # Permissions
-//
-// You need the relevant read object (or version) permission for this operation.
-// For more information, see Specifying Permissions in a Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html).
-// If the object that you request doesn’t exist, the error that Amazon S3
-// returns depends on whether you also have the s3:ListBucket permission.
-//
-// If you have the s3:ListBucket permission on the bucket, Amazon S3 returns
-// an HTTP status code 404 (Not Found) error.
-//
-// If you don’t have the s3:ListBucket permission, Amazon S3 returns an HTTP
-// status code 403 ("access denied") error.
-//
-// # Versioning
-//
-// By default, the GET action returns the current version of an object. To return
-// a different version, use the versionId subresource.
-//
-//   - If you supply a versionId, you need the s3:GetObjectVersion permission
-//     to access a specific version of an object. If you request a specific version,
-//     you do not need to have the s3:GetObject permission. If you request the
-//     current version without a specific version ID, only s3:GetObject permission
-//     is required. s3:GetObjectVersion permission won't be required.
-//
-//   - If the current version of the object is a delete marker, Amazon S3 behaves
-//     as if the object was deleted and includes x-amz-delete-marker: true in
-//     the response.
-//
-// For more information about versioning, see PutBucketVersioning (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketVersioning.html).
-//
-// # Overriding Response Header Values
-//
-// There are times when you want to override certain response header values
-// in a GET response. For example, you might override the Content-Disposition
-// response header value in your GET request.
-//
-// You can override values for a set of response headers using the following
-// query parameters. These response header values are sent only on a successful
-// request, that is, when status code 200 OK is returned. The set of headers
-// you can override using these parameters is a subset of the headers that Amazon
-// S3 accepts when you create an object. The response headers that you can override
-// for the GET response are Content-Type, Content-Language, Expires, Cache-Control,
-// Content-Disposition, and Content-Encoding. To override these header values
-// in the GET response, you use the following request parameters.
-//
-// You must sign the request, either using an Authorization header or a presigned
-// URL, when using these parameters. They cannot be used with an unsigned (anonymous)
-// request.
-//
-//   - response-content-type
-//
-//   - response-content-language
-//
-//   - response-expires
-//
-//   - response-cache-control
-//
-//   - response-content-disposition
-//
-//   - response-content-encoding
-//
-// # Overriding Response Header Values
-//
-// If both of the If-Match and If-Unmodified-Since headers are present in the
-// request as follows: If-Match condition evaluates to true, and; If-Unmodified-Since
-// condition evaluates to false; then, S3 returns 200 OK and the data requested.
-//
-// If both of the If-None-Match and If-Modified-Since headers are present in
-// the request as follows:If-None-Match condition evaluates to false, and; If-Modified-Since
-// condition evaluates to true; then, S3 returns 304 Not Modified response code.
-//
-// For more information about conditional requests, see RFC 7232 (https://tools.ietf.org/html/rfc7232).
-//
-// The following operations are related to GetObject:
-//
-//   - ListBuckets (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBuckets.html)
-//
-//   - GetObjectAcl (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectAcl.html)
-//
-// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
-// with awserr.Error's Code and Message methods to get detailed information about
-// the error.
-//
-// See the AWS API reference guide for Amazon Simple Storage Service's
-// API operation GetObject for usage and error information.
-//
-// Returned Error Codes:
-//
-//   - ErrCodeNoSuchKey "NoSuchKey"
-//     The specified key does not exist.
-//
-//   - ErrCodeInvalidObjectState "InvalidObjectState"
-//     Object is archived and inaccessible until restored.
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetObject
-func (c *S3) GetObject(input *GetObjectInput) (*GetObjectOutput, error) {
-	req, out := c.GetObjectRequest(input)
-	return out, req.Send()
-}
-
-// GetObjectWithContext is the same as GetObject with the addition of
-// the ability to pass a context and additional request options.
-//
-// See GetObject for details on how to use this API operation.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-func (c *S3) GetObjectWithContext(ctx aws.Context, input *GetObjectInput, opts ...request.Option) (*GetObjectOutput, error) {
-	req, out := c.GetObjectRequest(input)
-	req.SetContext(ctx)
-	req.ApplyOptions(opts...)
-	return out, req.Send()
-}
-
-const opGetObjectAcl = "GetObjectAcl"
-
-// GetObjectAclRequest generates a "aws/request.Request" representing the
-// client's request for the GetObjectAcl operation. The "output" return
-// value will be populated with the request's response once the request completes
-// successfully.
-//
-// Use "Send" method on the returned Request to send the API call to the service.
-// the "output" return value is not valid until after Send returns without error.
-//
-// See GetObjectAcl for more information on using the GetObjectAcl
-// API call, and error handling.
-//
-// This method is useful when you want to inject custom logic or configuration
-// into the SDK's request lifecycle. Such as custom headers, or retry logic.
-//
-//	// Example sending a request using the GetObjectAclRequest method.
-//	req, resp := client.GetObjectAclRequest(params)
-//
-//	err := req.Send()
-//	if err == nil { // resp is now filled
-//	    fmt.Println(resp)
-//	}
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetObjectAcl
-func (c *S3) GetObjectAclRequest(input *GetObjectAclInput) (req *request.Request, output *GetObjectAclOutput) {
-	op := &request.Operation{
-		Name:       opGetObjectAcl,
-		HTTPMethod: "GET",
-		HTTPPath:   "/{Bucket}/{Key+}?acl",
-	}
-
-	if input == nil {
-		input = &GetObjectAclInput{}
-	}
-
-	output = &GetObjectAclOutput{}
-	req = c.newRequest(op, input, output)
-	return
-}
-
-// GetObjectAcl API operation for Amazon Simple Storage Service.
-//
-// Returns the access control list (ACL) of an object. To use this operation,
-// you must have s3:GetObjectAcl permissions or READ_ACP access to the object.
-// For more information, see Mapping of ACL permissions and access policy permissions
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/acl-overview.html#acl-access-policy-permission-mapping)
-// in the Amazon S3 User Guide
-//
-// This action is not supported by Amazon S3 on Outposts.
-//
-// By default, GET returns ACL information about the current version of an object.
-// To return ACL information about a different version, use the versionId subresource.
-//
-// If your bucket uses the bucket owner enforced setting for S3 Object Ownership,
-// requests to read ACLs are still supported and return the bucket-owner-full-control
-// ACL with the owner being the account that created the bucket. For more information,
-// see Controlling object ownership and disabling ACLs (https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html)
-// in the Amazon S3 User Guide.
-//
-// The following operations are related to GetObjectAcl:
-//
-//   - GetObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html)
-//
-//   - GetObjectAttributes (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectAttributes.html)
-//
-//   - DeleteObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObject.html)
-//
-//   - PutObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html)
-//
-// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
-// with awserr.Error's Code and Message methods to get detailed information about
-// the error.
-//
-// See the AWS API reference guide for Amazon Simple Storage Service's
-// API operation GetObjectAcl for usage and error information.
-//
-// Returned Error Codes:
-//   - ErrCodeNoSuchKey "NoSuchKey"
-//     The specified key does not exist.
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetObjectAcl
-func (c *S3) GetObjectAcl(input *GetObjectAclInput) (*GetObjectAclOutput, error) {
-	req, out := c.GetObjectAclRequest(input)
-	return out, req.Send()
-}
-
-// GetObjectAclWithContext is the same as GetObjectAcl with the addition of
-// the ability to pass a context and additional request options.
-//
-// See GetObjectAcl for details on how to use this API operation.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-func (c *S3) GetObjectAclWithContext(ctx aws.Context, input *GetObjectAclInput, opts ...request.Option) (*GetObjectAclOutput, error) {
-	req, out := c.GetObjectAclRequest(input)
-	req.SetContext(ctx)
-	req.ApplyOptions(opts...)
-	return out, req.Send()
-}
-
-const opGetObjectAttributes = "GetObjectAttributes"
-
-// GetObjectAttributesRequest generates a "aws/request.Request" representing the
-// client's request for the GetObjectAttributes operation. The "output" return
-// value will be populated with the request's response once the request completes
-// successfully.
-//
-// Use "Send" method on the returned Request to send the API call to the service.
-// the "output" return value is not valid until after Send returns without error.
-//
-// See GetObjectAttributes for more information on using the GetObjectAttributes
-// API call, and error handling.
-//
-// This method is useful when you want to inject custom logic or configuration
-// into the SDK's request lifecycle. Such as custom headers, or retry logic.
-//
-//	// Example sending a request using the GetObjectAttributesRequest method.
-//	req, resp := client.GetObjectAttributesRequest(params)
-//
-//	err := req.Send()
-//	if err == nil { // resp is now filled
-//	    fmt.Println(resp)
-//	}
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetObjectAttributes
-func (c *S3) GetObjectAttributesRequest(input *GetObjectAttributesInput) (req *request.Request, output *GetObjectAttributesOutput) {
-	op := &request.Operation{
-		Name:       opGetObjectAttributes,
-		HTTPMethod: "GET",
-		HTTPPath:   "/{Bucket}/{Key+}?attributes",
-	}
-
-	if input == nil {
-		input = &GetObjectAttributesInput{}
-	}
-
-	output = &GetObjectAttributesOutput{}
-	req = c.newRequest(op, input, output)
-	return
-}
-
-// GetObjectAttributes API operation for Amazon Simple Storage Service.
-//
-// Retrieves all the metadata from an object without returning the object itself.
-// This action is useful if you're interested only in an object's metadata.
-// To use GetObjectAttributes, you must have READ access to the object.
-//
-// GetObjectAttributes combines the functionality of HeadObject and ListParts.
-// All of the data returned with each of those individual calls can be returned
-// with a single call to GetObjectAttributes.
-//
-// If you encrypt an object by using server-side encryption with customer-provided
-// encryption keys (SSE-C) when you store the object in Amazon S3, then when
-// you retrieve the metadata from the object, you must use the following headers:
-//
-//   - x-amz-server-side-encryption-customer-algorithm
-//
-//   - x-amz-server-side-encryption-customer-key
-//
-//   - x-amz-server-side-encryption-customer-key-MD5
-//
-// For more information about SSE-C, see Server-Side Encryption (Using Customer-Provided
-// Encryption Keys) (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html)
-// in the Amazon S3 User Guide.
-//
-//   - Encryption request headers, such as x-amz-server-side-encryption, should
-//     not be sent for GET requests if your object uses server-side encryption
-//     with Amazon Web Services KMS keys stored in Amazon Web Services Key Management
-//     Service (SSE-KMS) or server-side encryption with Amazon S3 managed keys
-//     (SSE-S3). If your object does use these types of keys, you'll get an HTTP
-//     400 Bad Request error.
-//
-//   - The last modified property in this case is the creation date of the
-//     object.
-//
-// Consider the following when using request headers:
-//
-//   - If both of the If-Match and If-Unmodified-Since headers are present
-//     in the request as follows, then Amazon S3 returns the HTTP status code
-//     200 OK and the data requested: If-Match condition evaluates to true. If-Unmodified-Since
-//     condition evaluates to false.
-//
-//   - If both of the If-None-Match and If-Modified-Since headers are present
-//     in the request as follows, then Amazon S3 returns the HTTP status code
-//     304 Not Modified: If-None-Match condition evaluates to false. If-Modified-Since
-//     condition evaluates to true.
-//
-// For more information about conditional requests, see RFC 7232 (https://tools.ietf.org/html/rfc7232).
-//
-// # Permissions
-//
-// The permissions that you need to use this operation depend on whether the
-// bucket is versioned. If the bucket is versioned, you need both the s3:GetObjectVersion
-// and s3:GetObjectVersionAttributes permissions for this operation. If the
-// bucket is not versioned, you need the s3:GetObject and s3:GetObjectAttributes
-// permissions. For more information, see Specifying Permissions in a Policy
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html)
-// in the Amazon S3 User Guide. If the object that you request does not exist,
-// the error Amazon S3 returns depends on whether you also have the s3:ListBucket
-// permission.
-//
-//   - If you have the s3:ListBucket permission on the bucket, Amazon S3 returns
-//     an HTTP status code 404 Not Found ("no such key") error.
-//
-//   - If you don't have the s3:ListBucket permission, Amazon S3 returns an
-//     HTTP status code 403 Forbidden ("access denied") error.
-//
-// The following actions are related to GetObjectAttributes:
-//
-//   - GetObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html)
-//
-//   - GetObjectAcl (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectAcl.html)
-//
-//   - GetObjectLegalHold (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectLegalHold.html)
-//
-//   - GetObjectLockConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectLockConfiguration.html)
-//
-//   - GetObjectRetention (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectRetention.html)
-//
-//   - GetObjectTagging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectTagging.html)
-//
-//   - HeadObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_HeadObject.html)
-//
-//   - ListParts (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListParts.html)
-//
-// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
-// with awserr.Error's Code and Message methods to get detailed information about
-// the error.
-//
-// See the AWS API reference guide for Amazon Simple Storage Service's
-// API operation GetObjectAttributes for usage and error information.
-//
-// Returned Error Codes:
-//   - ErrCodeNoSuchKey "NoSuchKey"
-//     The specified key does not exist.
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetObjectAttributes
-func (c *S3) GetObjectAttributes(input *GetObjectAttributesInput) (*GetObjectAttributesOutput, error) {
-	req, out := c.GetObjectAttributesRequest(input)
-	return out, req.Send()
-}
-
-// GetObjectAttributesWithContext is the same as GetObjectAttributes with the addition of
-// the ability to pass a context and additional request options.
-//
-// See GetObjectAttributes for details on how to use this API operation.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-func (c *S3) GetObjectAttributesWithContext(ctx aws.Context, input *GetObjectAttributesInput, opts ...request.Option) (*GetObjectAttributesOutput, error) {
-	req, out := c.GetObjectAttributesRequest(input)
-	req.SetContext(ctx)
-	req.ApplyOptions(opts...)
-	return out, req.Send()
-}
-
-const opGetObjectLegalHold = "GetObjectLegalHold"
-
-// GetObjectLegalHoldRequest generates a "aws/request.Request" representing the
-// client's request for the GetObjectLegalHold operation. The "output" return
-// value will be populated with the request's response once the request completes
-// successfully.
-//
-// Use "Send" method on the returned Request to send the API call to the service.
-// the "output" return value is not valid until after Send returns without error.
-//
-// See GetObjectLegalHold for more information on using the GetObjectLegalHold
-// API call, and error handling.
-//
-// This method is useful when you want to inject custom logic or configuration
-// into the SDK's request lifecycle. Such as custom headers, or retry logic.
-//
-//	// Example sending a request using the GetObjectLegalHoldRequest method.
-//	req, resp := client.GetObjectLegalHoldRequest(params)
-//
-//	err := req.Send()
-//	if err == nil { // resp is now filled
-//	    fmt.Println(resp)
-//	}
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetObjectLegalHold
-func (c *S3) GetObjectLegalHoldRequest(input *GetObjectLegalHoldInput) (req *request.Request, output *GetObjectLegalHoldOutput) {
-	op := &request.Operation{
-		Name:       opGetObjectLegalHold,
-		HTTPMethod: "GET",
-		HTTPPath:   "/{Bucket}/{Key+}?legal-hold",
-	}
-
-	if input == nil {
-		input = &GetObjectLegalHoldInput{}
-	}
-
-	output = &GetObjectLegalHoldOutput{}
-	req = c.newRequest(op, input, output)
-	return
-}
-
-// GetObjectLegalHold API operation for Amazon Simple Storage Service.
-//
-// Gets an object's current legal hold status. For more information, see Locking
-// Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html).
-//
-// This action is not supported by Amazon S3 on Outposts.
-//
-// The following action is related to GetObjectLegalHold:
-//
-//   - GetObjectAttributes (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectAttributes.html)
-//
-// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
-// with awserr.Error's Code and Message methods to get detailed information about
-// the error.
-//
-// See the AWS API reference guide for Amazon Simple Storage Service's
-// API operation GetObjectLegalHold for usage and error information.
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetObjectLegalHold
-func (c *S3) GetObjectLegalHold(input *GetObjectLegalHoldInput) (*GetObjectLegalHoldOutput, error) {
-	req, out := c.GetObjectLegalHoldRequest(input)
-	return out, req.Send()
-}
-
-// GetObjectLegalHoldWithContext is the same as GetObjectLegalHold with the addition of
-// the ability to pass a context and additional request options.
-//
-// See GetObjectLegalHold for details on how to use this API operation.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-func (c *S3) GetObjectLegalHoldWithContext(ctx aws.Context, input *GetObjectLegalHoldInput, opts ...request.Option) (*GetObjectLegalHoldOutput, error) {
-	req, out := c.GetObjectLegalHoldRequest(input)
-	req.SetContext(ctx)
-	req.ApplyOptions(opts...)
-	return out, req.Send()
-}
-
-const opGetObjectLockConfiguration = "GetObjectLockConfiguration"
-
-// GetObjectLockConfigurationRequest generates a "aws/request.Request" representing the
-// client's request for the GetObjectLockConfiguration operation. The "output" return
-// value will be populated with the request's response once the request completes
-// successfully.
-//
-// Use "Send" method on the returned Request to send the API call to the service.
-// the "output" return value is not valid until after Send returns without error.
-//
-// See GetObjectLockConfiguration for more information on using the GetObjectLockConfiguration
-// API call, and error handling.
-//
-// This method is useful when you want to inject custom logic or configuration
-// into the SDK's request lifecycle. Such as custom headers, or retry logic.
-//
-//	// Example sending a request using the GetObjectLockConfigurationRequest method.
-//	req, resp := client.GetObjectLockConfigurationRequest(params)
-//
-//	err := req.Send()
-//	if err == nil { // resp is now filled
-//	    fmt.Println(resp)
-//	}
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetObjectLockConfiguration
-func (c *S3) GetObjectLockConfigurationRequest(input *GetObjectLockConfigurationInput) (req *request.Request, output *GetObjectLockConfigurationOutput) {
-	op := &request.Operation{
-		Name:       opGetObjectLockConfiguration,
-		HTTPMethod: "GET",
-		HTTPPath:   "/{Bucket}?object-lock",
-	}
-
-	if input == nil {
-		input = &GetObjectLockConfigurationInput{}
-	}
-
-	output = &GetObjectLockConfigurationOutput{}
-	req = c.newRequest(op, input, output)
-	return
-}
-
-// GetObjectLockConfiguration API operation for Amazon Simple Storage Service.
-//
-// Gets the Object Lock configuration for a bucket. The rule specified in the
-// Object Lock configuration will be applied by default to every new object
-// placed in the specified bucket. For more information, see Locking Objects
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html).
-//
-// The following action is related to GetObjectLockConfiguration:
-//
-//   - GetObjectAttributes (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectAttributes.html)
-//
-// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
-// with awserr.Error's Code and Message methods to get detailed information about
-// the error.
-//
-// See the AWS API reference guide for Amazon Simple Storage Service's
-// API operation GetObjectLockConfiguration for usage and error information.
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetObjectLockConfiguration
-func (c *S3) GetObjectLockConfiguration(input *GetObjectLockConfigurationInput) (*GetObjectLockConfigurationOutput, error) {
-	req, out := c.GetObjectLockConfigurationRequest(input)
-	return out, req.Send()
-}
-
-// GetObjectLockConfigurationWithContext is the same as GetObjectLockConfiguration with the addition of
-// the ability to pass a context and additional request options.
-//
-// See GetObjectLockConfiguration for details on how to use this API operation.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-func (c *S3) GetObjectLockConfigurationWithContext(ctx aws.Context, input *GetObjectLockConfigurationInput, opts ...request.Option) (*GetObjectLockConfigurationOutput, error) {
-	req, out := c.GetObjectLockConfigurationRequest(input)
-	req.SetContext(ctx)
-	req.ApplyOptions(opts...)
-	return out, req.Send()
-}
-
-const opGetObjectRetention = "GetObjectRetention"
-
-// GetObjectRetentionRequest generates a "aws/request.Request" representing the
-// client's request for the GetObjectRetention operation. The "output" return
-// value will be populated with the request's response once the request completes
-// successfully.
-//
-// Use "Send" method on the returned Request to send the API call to the service.
-// the "output" return value is not valid until after Send returns without error.
-//
-// See GetObjectRetention for more information on using the GetObjectRetention
-// API call, and error handling.
-//
-// This method is useful when you want to inject custom logic or configuration
-// into the SDK's request lifecycle. Such as custom headers, or retry logic.
-//
-//	// Example sending a request using the GetObjectRetentionRequest method.
-//	req, resp := client.GetObjectRetentionRequest(params)
-//
-//	err := req.Send()
-//	if err == nil { // resp is now filled
-//	    fmt.Println(resp)
-//	}
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetObjectRetention
-func (c *S3) GetObjectRetentionRequest(input *GetObjectRetentionInput) (req *request.Request, output *GetObjectRetentionOutput) {
-	op := &request.Operation{
-		Name:       opGetObjectRetention,
-		HTTPMethod: "GET",
-		HTTPPath:   "/{Bucket}/{Key+}?retention",
-	}
-
-	if input == nil {
-		input = &GetObjectRetentionInput{}
-	}
-
-	output = &GetObjectRetentionOutput{}
-	req = c.newRequest(op, input, output)
-	return
-}
-
-// GetObjectRetention API operation for Amazon Simple Storage Service.
-//
-// Retrieves an object's retention settings. For more information, see Locking
-// Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html).
-//
-// This action is not supported by Amazon S3 on Outposts.
-//
-// The following action is related to GetObjectRetention:
-//
-//   - GetObjectAttributes (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectAttributes.html)
-//
-// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
-// with awserr.Error's Code and Message methods to get detailed information about
-// the error.
-//
-// See the AWS API reference guide for Amazon Simple Storage Service's
-// API operation GetObjectRetention for usage and error information.
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetObjectRetention
-func (c *S3) GetObjectRetention(input *GetObjectRetentionInput) (*GetObjectRetentionOutput, error) {
-	req, out := c.GetObjectRetentionRequest(input)
-	return out, req.Send()
-}
-
-// GetObjectRetentionWithContext is the same as GetObjectRetention with the addition of
-// the ability to pass a context and additional request options.
-//
-// See GetObjectRetention for details on how to use this API operation.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-func (c *S3) GetObjectRetentionWithContext(ctx aws.Context, input *GetObjectRetentionInput, opts ...request.Option) (*GetObjectRetentionOutput, error) {
-	req, out := c.GetObjectRetentionRequest(input)
-	req.SetContext(ctx)
-	req.ApplyOptions(opts...)
-	return out, req.Send()
-}
-
-const opGetObjectTagging = "GetObjectTagging"
-
-// GetObjectTaggingRequest generates a "aws/request.Request" representing the
-// client's request for the GetObjectTagging operation. The "output" return
-// value will be populated with the request's response once the request completes
-// successfully.
-//
-// Use "Send" method on the returned Request to send the API call to the service.
-// the "output" return value is not valid until after Send returns without error.
-//
-// See GetObjectTagging for more information on using the GetObjectTagging
-// API call, and error handling.
-//
-// This method is useful when you want to inject custom logic or configuration
-// into the SDK's request lifecycle. Such as custom headers, or retry logic.
-//
-//	// Example sending a request using the GetObjectTaggingRequest method.
-//	req, resp := client.GetObjectTaggingRequest(params)
-//
-//	err := req.Send()
-//	if err == nil { // resp is now filled
-//	    fmt.Println(resp)
-//	}
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetObjectTagging
-func (c *S3) GetObjectTaggingRequest(input *GetObjectTaggingInput) (req *request.Request, output *GetObjectTaggingOutput) {
-	op := &request.Operation{
-		Name:       opGetObjectTagging,
-		HTTPMethod: "GET",
-		HTTPPath:   "/{Bucket}/{Key+}?tagging",
-	}
-
-	if input == nil {
-		input = &GetObjectTaggingInput{}
-	}
-
-	output = &GetObjectTaggingOutput{}
-	req = c.newRequest(op, input, output)
-	return
-}
-
-// GetObjectTagging API operation for Amazon Simple Storage Service.
-//
-// Returns the tag-set of an object. You send the GET request against the tagging
-// subresource associated with the object.
-//
-// To use this operation, you must have permission to perform the s3:GetObjectTagging
-// action. By default, the GET action returns information about current version
-// of an object. For a versioned bucket, you can have multiple versions of an
-// object in your bucket. To retrieve tags of any other version, use the versionId
-// query parameter. You also need permission for the s3:GetObjectVersionTagging
-// action.
-//
-// By default, the bucket owner has this permission and can grant this permission
-// to others.
-//
-// For information about the Amazon S3 object tagging feature, see Object Tagging
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-tagging.html).
-//
-// The following actions are related to GetObjectTagging:
-//
-//   - DeleteObjectTagging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObjectTagging.html)
-//
-//   - GetObjectAttributes (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectAttributes.html)
-//
-//   - PutObjectTagging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObjectTagging.html)
-//
-// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
-// with awserr.Error's Code and Message methods to get detailed information about
-// the error.
-//
-// See the AWS API reference guide for Amazon Simple Storage Service's
-// API operation GetObjectTagging for usage and error information.
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetObjectTagging
-func (c *S3) GetObjectTagging(input *GetObjectTaggingInput) (*GetObjectTaggingOutput, error) {
-	req, out := c.GetObjectTaggingRequest(input)
-	return out, req.Send()
-}
-
-// GetObjectTaggingWithContext is the same as GetObjectTagging with the addition of
-// the ability to pass a context and additional request options.
-//
-// See GetObjectTagging for details on how to use this API operation.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-func (c *S3) GetObjectTaggingWithContext(ctx aws.Context, input *GetObjectTaggingInput, opts ...request.Option) (*GetObjectTaggingOutput, error) {
-	req, out := c.GetObjectTaggingRequest(input)
-	req.SetContext(ctx)
-	req.ApplyOptions(opts...)
-	return out, req.Send()
-}
-
-const opGetObjectTorrent = "GetObjectTorrent"
-
-// GetObjectTorrentRequest generates a "aws/request.Request" representing the
-// client's request for the GetObjectTorrent operation. The "output" return
-// value will be populated with the request's response once the request completes
-// successfully.
-//
-// Use "Send" method on the returned Request to send the API call to the service.
-// the "output" return value is not valid until after Send returns without error.
-//
-// See GetObjectTorrent for more information on using the GetObjectTorrent
-// API call, and error handling.
-//
-// This method is useful when you want to inject custom logic or configuration
-// into the SDK's request lifecycle. Such as custom headers, or retry logic.
-//
-//	// Example sending a request using the GetObjectTorrentRequest method.
-//	req, resp := client.GetObjectTorrentRequest(params)
-//
-//	err := req.Send()
-//	if err == nil { // resp is now filled
-//	    fmt.Println(resp)
-//	}
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetObjectTorrent
-func (c *S3) GetObjectTorrentRequest(input *GetObjectTorrentInput) (req *request.Request, output *GetObjectTorrentOutput) {
-	op := &request.Operation{
-		Name:       opGetObjectTorrent,
-		HTTPMethod: "GET",
-		HTTPPath:   "/{Bucket}/{Key+}?torrent",
-	}
-
-	if input == nil {
-		input = &GetObjectTorrentInput{}
-	}
-
-	output = &GetObjectTorrentOutput{}
-	req = c.newRequest(op, input, output)
-	return
-}
-
-// GetObjectTorrent API operation for Amazon Simple Storage Service.
-//
-// Returns torrent files from a bucket. BitTorrent can save you bandwidth when
-// you're distributing large files.
-//
-// You can get torrent only for objects that are less than 5 GB in size, and
-// that are not encrypted using server-side encryption with a customer-provided
-// encryption key.
-//
-// To use GET, you must have READ access to the object.
-//
-// This action is not supported by Amazon S3 on Outposts.
-//
-// The following action is related to GetObjectTorrent:
-//
-//   - GetObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html)
-//
-// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
-// with awserr.Error's Code and Message methods to get detailed information about
-// the error.
-//
-// See the AWS API reference guide for Amazon Simple Storage Service's
-// API operation GetObjectTorrent for usage and error information.
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetObjectTorrent
-func (c *S3) GetObjectTorrent(input *GetObjectTorrentInput) (*GetObjectTorrentOutput, error) {
-	req, out := c.GetObjectTorrentRequest(input)
-	return out, req.Send()
-}
-
-// GetObjectTorrentWithContext is the same as GetObjectTorrent with the addition of
-// the ability to pass a context and additional request options.
-//
-// See GetObjectTorrent for details on how to use this API operation.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-func (c *S3) GetObjectTorrentWithContext(ctx aws.Context, input *GetObjectTorrentInput, opts ...request.Option) (*GetObjectTorrentOutput, error) {
-	req, out := c.GetObjectTorrentRequest(input)
-	req.SetContext(ctx)
-	req.ApplyOptions(opts...)
-	return out, req.Send()
-}
-
-const opGetPublicAccessBlock = "GetPublicAccessBlock"
-
-// GetPublicAccessBlockRequest generates a "aws/request.Request" representing the
-// client's request for the GetPublicAccessBlock operation. The "output" return
-// value will be populated with the request's response once the request completes
-// successfully.
-//
-// Use "Send" method on the returned Request to send the API call to the service.
-// the "output" return value is not valid until after Send returns without error.
-//
-// See GetPublicAccessBlock for more information on using the GetPublicAccessBlock
-// API call, and error handling.
-//
-// This method is useful when you want to inject custom logic or configuration
-// into the SDK's request lifecycle. Such as custom headers, or retry logic.
-//
-//	// Example sending a request using the GetPublicAccessBlockRequest method.
-//	req, resp := client.GetPublicAccessBlockRequest(params)
-//
-//	err := req.Send()
-//	if err == nil { // resp is now filled
-//	    fmt.Println(resp)
-//	}
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetPublicAccessBlock
-func (c *S3) GetPublicAccessBlockRequest(input *GetPublicAccessBlockInput) (req *request.Request, output *GetPublicAccessBlockOutput) {
-	op := &request.Operation{
-		Name:       opGetPublicAccessBlock,
-		HTTPMethod: "GET",
-		HTTPPath:   "/{Bucket}?publicAccessBlock",
-	}
-
-	if input == nil {
-		input = &GetPublicAccessBlockInput{}
-	}
-
-	output = &GetPublicAccessBlockOutput{}
-	req = c.newRequest(op, input, output)
-	return
-}
-
-// GetPublicAccessBlock API operation for Amazon Simple Storage Service.
-//
-// Retrieves the PublicAccessBlock configuration for an Amazon S3 bucket. To
-// use this operation, you must have the s3:GetBucketPublicAccessBlock permission.
-// For more information about Amazon S3 permissions, see Specifying Permissions
-// in a Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html).
-//
-// When Amazon S3 evaluates the PublicAccessBlock configuration for a bucket
-// or an object, it checks the PublicAccessBlock configuration for both the
-// bucket (or the bucket that contains the object) and the bucket owner's account.
-// If the PublicAccessBlock settings are different between the bucket and the
-// account, Amazon S3 uses the most restrictive combination of the bucket-level
-// and account-level settings.
-//
-// For more information about when Amazon S3 considers a bucket or an object
-// public, see The Meaning of "Public" (https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html#access-control-block-public-access-policy-status).
-//
-// The following operations are related to GetPublicAccessBlock:
-//
-//   - Using Amazon S3 Block Public Access (https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html)
-//
-//   - PutPublicAccessBlock (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutPublicAccessBlock.html)
-//
-//   - GetPublicAccessBlock (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetPublicAccessBlock.html)
-//
-//   - DeletePublicAccessBlock (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeletePublicAccessBlock.html)
-//
-// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
-// with awserr.Error's Code and Message methods to get detailed information about
-// the error.
-//
-// See the AWS API reference guide for Amazon Simple Storage Service's
-// API operation GetPublicAccessBlock for usage and error information.
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetPublicAccessBlock
-func (c *S3) GetPublicAccessBlock(input *GetPublicAccessBlockInput) (*GetPublicAccessBlockOutput, error) {
-	req, out := c.GetPublicAccessBlockRequest(input)
-	return out, req.Send()
-}
-
-// GetPublicAccessBlockWithContext is the same as GetPublicAccessBlock with the addition of
-// the ability to pass a context and additional request options.
-//
-// See GetPublicAccessBlock for details on how to use this API operation.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-func (c *S3) GetPublicAccessBlockWithContext(ctx aws.Context, input *GetPublicAccessBlockInput, opts ...request.Option) (*GetPublicAccessBlockOutput, error) {
-	req, out := c.GetPublicAccessBlockRequest(input)
-	req.SetContext(ctx)
-	req.ApplyOptions(opts...)
-	return out, req.Send()
-}
-
-const opHeadBucket = "HeadBucket"
-
-// HeadBucketRequest generates a "aws/request.Request" representing the
-// client's request for the HeadBucket operation. The "output" return
-// value will be populated with the request's response once the request completes
-// successfully.
-//
-// Use "Send" method on the returned Request to send the API call to the service.
-// the "output" return value is not valid until after Send returns without error.
-//
-// See HeadBucket for more information on using the HeadBucket
-// API call, and error handling.
-//
-// This method is useful when you want to inject custom logic or configuration
-// into the SDK's request lifecycle. Such as custom headers, or retry logic.
-//
-//	// Example sending a request using the HeadBucketRequest method.
-//	req, resp := client.HeadBucketRequest(params)
-//
-//	err := req.Send()
-//	if err == nil { // resp is now filled
-//	    fmt.Println(resp)
-//	}
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/HeadBucket
-func (c *S3) HeadBucketRequest(input *HeadBucketInput) (req *request.Request, output *HeadBucketOutput) {
-	op := &request.Operation{
-		Name:       opHeadBucket,
-		HTTPMethod: "HEAD",
-		HTTPPath:   "/{Bucket}",
-	}
-
-	if input == nil {
-		input = &HeadBucketInput{}
-	}
-
-	output = &HeadBucketOutput{}
-	req = c.newRequest(op, input, output)
-	req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
-	return
-}
-
-// HeadBucket API operation for Amazon Simple Storage Service.
-//
-// This action is useful to determine if a bucket exists and you have permission
-// to access it. The action returns a 200 OK if the bucket exists and you have
-// permission to access it.
-//
-// If the bucket does not exist or you do not have permission to access it,
-// the HEAD request returns a generic 400 Bad Request, 403 Forbidden or 404
-// Not Found code. A message body is not included, so you cannot determine the
-// exception beyond these error codes.
-//
-// To use this operation, you must have permissions to perform the s3:ListBucket
-// action. The bucket owner has this permission by default and can grant this
-// permission to others. For more information about permissions, see Permissions
-// Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
-// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html).
-//
-// To use this API operation against an access point, you must provide the alias
-// of the access point in place of the bucket name or specify the access point
-// ARN. When using the access point ARN, you must direct requests to the access
-// point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com.
-// When using the Amazon Web Services SDKs, you provide the ARN in place of
-// the bucket name. For more information, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html).
-//
-// To use this API operation against an Object Lambda access point, provide
-// the alias of the Object Lambda access point in place of the bucket name.
-// If the Object Lambda access point alias in a request is not valid, the error
-// code InvalidAccessPointAliasError is returned. For more information about
-// InvalidAccessPointAliasError, see List of Error Codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList).
-//
-// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
-// with awserr.Error's Code and Message methods to get detailed information about
-// the error.
-//
-// See the AWS API reference guide for Amazon Simple Storage Service's
-// API operation HeadBucket for usage and error information.
-//
-// Returned Error Codes:
-//   - ErrCodeNoSuchBucket "NoSuchBucket"
-//     The specified bucket does not exist.
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/HeadBucket
-func (c *S3) HeadBucket(input *HeadBucketInput) (*HeadBucketOutput, error) {
-	req, out := c.HeadBucketRequest(input)
-	return out, req.Send()
-}
-
-// HeadBucketWithContext is the same as HeadBucket with the addition of
-// the ability to pass a context and additional request options.
-//
-// See HeadBucket for details on how to use this API operation.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-func (c *S3) HeadBucketWithContext(ctx aws.Context, input *HeadBucketInput, opts ...request.Option) (*HeadBucketOutput, error) {
-	req, out := c.HeadBucketRequest(input)
-	req.SetContext(ctx)
-	req.ApplyOptions(opts...)
-	return out, req.Send()
-}
-
-const opHeadObject = "HeadObject"
-
-// HeadObjectRequest generates a "aws/request.Request" representing the
-// client's request for the HeadObject operation. The "output" return
-// value will be populated with the request's response once the request completes
-// successfully.
-//
-// Use "Send" method on the returned Request to send the API call to the service.
-// the "output" return value is not valid until after Send returns without error.
-//
-// See HeadObject for more information on using the HeadObject
-// API call, and error handling.
-//
-// This method is useful when you want to inject custom logic or configuration
-// into the SDK's request lifecycle. Such as custom headers, or retry logic.
-//
-//	// Example sending a request using the HeadObjectRequest method.
-//	req, resp := client.HeadObjectRequest(params)
-//
-//	err := req.Send()
-//	if err == nil { // resp is now filled
-//	    fmt.Println(resp)
-//	}
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/HeadObject
-func (c *S3) HeadObjectRequest(input *HeadObjectInput) (req *request.Request, output *HeadObjectOutput) {
-	op := &request.Operation{
-		Name:       opHeadObject,
-		HTTPMethod: "HEAD",
-		HTTPPath:   "/{Bucket}/{Key+}",
-	}
-
-	if input == nil {
-		input = &HeadObjectInput{}
-	}
-
-	output = &HeadObjectOutput{}
-	req = c.newRequest(op, input, output)
-	return
-}
-
-// HeadObject API operation for Amazon Simple Storage Service.
-//
-// The HEAD action retrieves metadata from an object without returning the object
-// itself. This action is useful if you're only interested in an object's metadata.
-// To use HEAD, you must have READ access to the object.
-//
-// A HEAD request has the same options as a GET action on an object. The response
-// is identical to the GET response except that there is no response body. Because
-// of this, if the HEAD request generates an error, it returns a generic 400
-// Bad Request, 403 Forbidden or 404 Not Found code. It is not possible to retrieve
-// the exact exception beyond these error codes.
-//
-// If you encrypt an object by using server-side encryption with customer-provided
-// encryption keys (SSE-C) when you store the object in Amazon S3, then when
-// you retrieve the metadata from the object, you must use the following headers:
-//
-//   - x-amz-server-side-encryption-customer-algorithm
-//
-//   - x-amz-server-side-encryption-customer-key
-//
-//   - x-amz-server-side-encryption-customer-key-MD5
-//
-// For more information about SSE-C, see Server-Side Encryption (Using Customer-Provided
-// Encryption Keys) (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html).
-//
-//   - Encryption request headers, like x-amz-server-side-encryption, should
-//     not be sent for GET requests if your object uses server-side encryption
-//     with Key Management Service (KMS) keys (SSE-KMS), dual-layer server-side
-//     encryption with Amazon Web Services KMS keys (DSSE-KMS), or server-side
-//     encryption with Amazon S3 managed encryption keys (SSE-S3). If your object
-//     does use these types of keys, you’ll get an HTTP 400 Bad Request error.
-//
-//   - The last modified property in this case is the creation date of the
-//     object.
-//
-// Request headers are limited to 8 KB in size. For more information, see Common
-// Request Headers (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTCommonRequestHeaders.html).
-//
-// Consider the following when using request headers:
-//
-//   - Consideration 1 – If both of the If-Match and If-Unmodified-Since
-//     headers are present in the request as follows: If-Match condition evaluates
-//     to true, and; If-Unmodified-Since condition evaluates to false; Then Amazon
-//     S3 returns 200 OK and the data requested.
-//
-//   - Consideration 2 – If both of the If-None-Match and If-Modified-Since
-//     headers are present in the request as follows: If-None-Match condition
-//     evaluates to false, and; If-Modified-Since condition evaluates to true;
-//     Then Amazon S3 returns the 304 Not Modified response code.
-//
-// For more information about conditional requests, see RFC 7232 (https://tools.ietf.org/html/rfc7232).
-//
-// # Permissions
-//
-// You need the relevant read object (or version) permission for this operation.
-// For more information, see Actions, resources, and condition keys for Amazon
-// S3 (https://docs.aws.amazon.com/AmazonS3/latest/dev/list_amazons3.html).
-// If the object you request doesn't exist, the error that Amazon S3 returns
-// depends on whether you also have the s3:ListBucket permission.
-//
-//   - If you have the s3:ListBucket permission on the bucket, Amazon S3 returns
-//     an HTTP status code 404 error.
-//
-//   - If you don’t have the s3:ListBucket permission, Amazon S3 returns
-//     an HTTP status code 403 error.
-//
-// The following actions are related to HeadObject:
-//
-//   - GetObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html)
-//
-//   - GetObjectAttributes (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectAttributes.html)
-//
-// See http://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#RESTErrorResponses
-// for more information on returned errors.
-//
-// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
-// with awserr.Error's Code and Message methods to get detailed information about
-// the error.
-//
-// See the AWS API reference guide for Amazon Simple Storage Service's
-// API operation HeadObject for usage and error information.
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/HeadObject
-func (c *S3) HeadObject(input *HeadObjectInput) (*HeadObjectOutput, error) {
-	req, out := c.HeadObjectRequest(input)
-	return out, req.Send()
-}
-
-// HeadObjectWithContext is the same as HeadObject with the addition of
-// the ability to pass a context and additional request options.
-//
-// See HeadObject for details on how to use this API operation.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-func (c *S3) HeadObjectWithContext(ctx aws.Context, input *HeadObjectInput, opts ...request.Option) (*HeadObjectOutput, error) {
-	req, out := c.HeadObjectRequest(input)
-	req.SetContext(ctx)
-	req.ApplyOptions(opts...)
-	return out, req.Send()
-}
-
-const opListBucketAnalyticsConfigurations = "ListBucketAnalyticsConfigurations"
-
-// ListBucketAnalyticsConfigurationsRequest generates a "aws/request.Request" representing the
-// client's request for the ListBucketAnalyticsConfigurations operation. The "output" return
-// value will be populated with the request's response once the request completes
-// successfully.
-//
-// Use "Send" method on the returned Request to send the API call to the service.
-// the "output" return value is not valid until after Send returns without error.
-//
-// See ListBucketAnalyticsConfigurations for more information on using the ListBucketAnalyticsConfigurations
-// API call, and error handling.
-//
-// This method is useful when you want to inject custom logic or configuration
-// into the SDK's request lifecycle. Such as custom headers, or retry logic.
-//
-//	// Example sending a request using the ListBucketAnalyticsConfigurationsRequest method.
-//	req, resp := client.ListBucketAnalyticsConfigurationsRequest(params)
-//
-//	err := req.Send()
-//	if err == nil { // resp is now filled
-//	    fmt.Println(resp)
-//	}
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListBucketAnalyticsConfigurations
-func (c *S3) ListBucketAnalyticsConfigurationsRequest(input *ListBucketAnalyticsConfigurationsInput) (req *request.Request, output *ListBucketAnalyticsConfigurationsOutput) {
-	op := &request.Operation{
-		Name:       opListBucketAnalyticsConfigurations,
-		HTTPMethod: "GET",
-		HTTPPath:   "/{Bucket}?analytics",
-	}
-
-	if input == nil {
-		input = &ListBucketAnalyticsConfigurationsInput{}
-	}
-
-	output = &ListBucketAnalyticsConfigurationsOutput{}
-	req = c.newRequest(op, input, output)
-	return
-}
-
-// ListBucketAnalyticsConfigurations API operation for Amazon Simple Storage Service.
-//
-// Lists the analytics configurations for the bucket. You can have up to 1,000
-// analytics configurations per bucket.
-//
-// This action supports list pagination and does not return more than 100 configurations
-// at a time. You should always check the IsTruncated element in the response.
-// If there are no more configurations to list, IsTruncated is set to false.
-// If there are more configurations to list, IsTruncated is set to true, and
-// there will be a value in NextContinuationToken. You use the NextContinuationToken
-// value to continue the pagination of the list by passing the value in continuation-token
-// in the request to GET the next page.
-//
-// To use this operation, you must have permissions to perform the s3:GetAnalyticsConfiguration
-// action. The bucket owner has this permission by default. The bucket owner
-// can grant this permission to others. For more information about permissions,
-// see Permissions Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
-// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html).
-//
-// For information about Amazon S3 analytics feature, see Amazon S3 Analytics
-// – Storage Class Analysis (https://docs.aws.amazon.com/AmazonS3/latest/dev/analytics-storage-class.html).
-//
-// The following operations are related to ListBucketAnalyticsConfigurations:
-//
-//   - GetBucketAnalyticsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketAnalyticsConfiguration.html)
-//
-//   - DeleteBucketAnalyticsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketAnalyticsConfiguration.html)
-//
-//   - PutBucketAnalyticsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketAnalyticsConfiguration.html)
-//
-// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
-// with awserr.Error's Code and Message methods to get detailed information about
-// the error.
-//
-// See the AWS API reference guide for Amazon Simple Storage Service's
-// API operation ListBucketAnalyticsConfigurations for usage and error information.
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListBucketAnalyticsConfigurations
-func (c *S3) ListBucketAnalyticsConfigurations(input *ListBucketAnalyticsConfigurationsInput) (*ListBucketAnalyticsConfigurationsOutput, error) {
-	req, out := c.ListBucketAnalyticsConfigurationsRequest(input)
-	return out, req.Send()
-}
-
-// ListBucketAnalyticsConfigurationsWithContext is the same as ListBucketAnalyticsConfigurations with the addition of
-// the ability to pass a context and additional request options.
-//
-// See ListBucketAnalyticsConfigurations for details on how to use this API operation.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-func (c *S3) ListBucketAnalyticsConfigurationsWithContext(ctx aws.Context, input *ListBucketAnalyticsConfigurationsInput, opts ...request.Option) (*ListBucketAnalyticsConfigurationsOutput, error) {
-	req, out := c.ListBucketAnalyticsConfigurationsRequest(input)
-	req.SetContext(ctx)
-	req.ApplyOptions(opts...)
-	return out, req.Send()
-}
-
-const opListBucketIntelligentTieringConfigurations = "ListBucketIntelligentTieringConfigurations"
-
-// ListBucketIntelligentTieringConfigurationsRequest generates a "aws/request.Request" representing the
-// client's request for the ListBucketIntelligentTieringConfigurations operation. The "output" return
-// value will be populated with the request's response once the request completes
-// successfully.
-//
-// Use "Send" method on the returned Request to send the API call to the service.
-// the "output" return value is not valid until after Send returns without error.
-//
-// See ListBucketIntelligentTieringConfigurations for more information on using the ListBucketIntelligentTieringConfigurations
-// API call, and error handling.
-//
-// This method is useful when you want to inject custom logic or configuration
-// into the SDK's request lifecycle. Such as custom headers, or retry logic.
-//
-//	// Example sending a request using the ListBucketIntelligentTieringConfigurationsRequest method.
-//	req, resp := client.ListBucketIntelligentTieringConfigurationsRequest(params)
-//
-//	err := req.Send()
-//	if err == nil { // resp is now filled
-//	    fmt.Println(resp)
-//	}
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListBucketIntelligentTieringConfigurations
-func (c *S3) ListBucketIntelligentTieringConfigurationsRequest(input *ListBucketIntelligentTieringConfigurationsInput) (req *request.Request, output *ListBucketIntelligentTieringConfigurationsOutput) {
-	op := &request.Operation{
-		Name:       opListBucketIntelligentTieringConfigurations,
-		HTTPMethod: "GET",
-		HTTPPath:   "/{Bucket}?intelligent-tiering",
-	}
-
-	if input == nil {
-		input = &ListBucketIntelligentTieringConfigurationsInput{}
-	}
-
-	output = &ListBucketIntelligentTieringConfigurationsOutput{}
-	req = c.newRequest(op, input, output)
-	return
-}
-
-// ListBucketIntelligentTieringConfigurations API operation for Amazon Simple Storage Service.
-//
-// Lists the S3 Intelligent-Tiering configuration from the specified bucket.
-//
-// The S3 Intelligent-Tiering storage class is designed to optimize storage
-// costs by automatically moving data to the most cost-effective storage access
-// tier, without performance impact or operational overhead. S3 Intelligent-Tiering
-// delivers automatic cost savings in three low latency and high throughput
-// access tiers. To get the lowest storage cost on data that can be accessed
-// in minutes to hours, you can choose to activate additional archiving capabilities.
-//
-// The S3 Intelligent-Tiering storage class is the ideal storage class for data
-// with unknown, changing, or unpredictable access patterns, independent of
-// object size or retention period. If the size of an object is less than 128
-// KB, it is not monitored and not eligible for auto-tiering. Smaller objects
-// can be stored, but they are always charged at the Frequent Access tier rates
-// in the S3 Intelligent-Tiering storage class.
-//
-// For more information, see Storage class for automatically optimizing frequently
-// and infrequently accessed objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html#sc-dynamic-data-access).
-//
-// Operations related to ListBucketIntelligentTieringConfigurations include:
-//
-//   - DeleteBucketIntelligentTieringConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketIntelligentTieringConfiguration.html)
-//
-//   - PutBucketIntelligentTieringConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketIntelligentTieringConfiguration.html)
-//
-//   - GetBucketIntelligentTieringConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketIntelligentTieringConfiguration.html)
-//
-// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
-// with awserr.Error's Code and Message methods to get detailed information about
-// the error.
-//
-// See the AWS API reference guide for Amazon Simple Storage Service's
-// API operation ListBucketIntelligentTieringConfigurations for usage and error information.
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListBucketIntelligentTieringConfigurations
-func (c *S3) ListBucketIntelligentTieringConfigurations(input *ListBucketIntelligentTieringConfigurationsInput) (*ListBucketIntelligentTieringConfigurationsOutput, error) {
-	req, out := c.ListBucketIntelligentTieringConfigurationsRequest(input)
-	return out, req.Send()
-}
-
-// ListBucketIntelligentTieringConfigurationsWithContext is the same as ListBucketIntelligentTieringConfigurations with the addition of
-// the ability to pass a context and additional request options.
-//
-// See ListBucketIntelligentTieringConfigurations for details on how to use this API operation.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-func (c *S3) ListBucketIntelligentTieringConfigurationsWithContext(ctx aws.Context, input *ListBucketIntelligentTieringConfigurationsInput, opts ...request.Option) (*ListBucketIntelligentTieringConfigurationsOutput, error) {
-	req, out := c.ListBucketIntelligentTieringConfigurationsRequest(input)
-	req.SetContext(ctx)
-	req.ApplyOptions(opts...)
-	return out, req.Send()
-}
-
-const opListBucketInventoryConfigurations = "ListBucketInventoryConfigurations"
-
-// ListBucketInventoryConfigurationsRequest generates a "aws/request.Request" representing the
-// client's request for the ListBucketInventoryConfigurations operation. The "output" return
-// value will be populated with the request's response once the request completes
-// successfully.
-//
-// Use "Send" method on the returned Request to send the API call to the service.
-// the "output" return value is not valid until after Send returns without error.
-//
-// See ListBucketInventoryConfigurations for more information on using the ListBucketInventoryConfigurations
-// API call, and error handling.
-//
-// This method is useful when you want to inject custom logic or configuration
-// into the SDK's request lifecycle. Such as custom headers, or retry logic.
-//
-//	// Example sending a request using the ListBucketInventoryConfigurationsRequest method.
-//	req, resp := client.ListBucketInventoryConfigurationsRequest(params)
-//
-//	err := req.Send()
-//	if err == nil { // resp is now filled
-//	    fmt.Println(resp)
-//	}
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListBucketInventoryConfigurations
-func (c *S3) ListBucketInventoryConfigurationsRequest(input *ListBucketInventoryConfigurationsInput) (req *request.Request, output *ListBucketInventoryConfigurationsOutput) {
-	op := &request.Operation{
-		Name:       opListBucketInventoryConfigurations,
-		HTTPMethod: "GET",
-		HTTPPath:   "/{Bucket}?inventory",
-	}
-
-	if input == nil {
-		input = &ListBucketInventoryConfigurationsInput{}
-	}
-
-	output = &ListBucketInventoryConfigurationsOutput{}
-	req = c.newRequest(op, input, output)
-	return
-}
-
-// ListBucketInventoryConfigurations API operation for Amazon Simple Storage Service.
-//
-// Returns a list of inventory configurations for the bucket. You can have up
-// to 1,000 analytics configurations per bucket.
-//
-// This action supports list pagination and does not return more than 100 configurations
-// at a time. Always check the IsTruncated element in the response. If there
-// are no more configurations to list, IsTruncated is set to false. If there
-// are more configurations to list, IsTruncated is set to true, and there is
-// a value in NextContinuationToken. You use the NextContinuationToken value
-// to continue the pagination of the list by passing the value in continuation-token
-// in the request to GET the next page.
-//
-// To use this operation, you must have permissions to perform the s3:GetInventoryConfiguration
-// action. The bucket owner has this permission by default. The bucket owner
-// can grant this permission to others. For more information about permissions,
-// see Permissions Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
-// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html).
-//
-// For information about the Amazon S3 inventory feature, see Amazon S3 Inventory
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-inventory.html)
-//
-// The following operations are related to ListBucketInventoryConfigurations:
-//
-//   - GetBucketInventoryConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketInventoryConfiguration.html)
-//
-//   - DeleteBucketInventoryConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketInventoryConfiguration.html)
-//
-//   - PutBucketInventoryConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketInventoryConfiguration.html)
-//
-// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
-// with awserr.Error's Code and Message methods to get detailed information about
-// the error.
-//
-// See the AWS API reference guide for Amazon Simple Storage Service's
-// API operation ListBucketInventoryConfigurations for usage and error information.
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListBucketInventoryConfigurations
-func (c *S3) ListBucketInventoryConfigurations(input *ListBucketInventoryConfigurationsInput) (*ListBucketInventoryConfigurationsOutput, error) {
-	req, out := c.ListBucketInventoryConfigurationsRequest(input)
-	return out, req.Send()
-}
-
-// ListBucketInventoryConfigurationsWithContext is the same as ListBucketInventoryConfigurations with the addition of
-// the ability to pass a context and additional request options.
-//
-// See ListBucketInventoryConfigurations for details on how to use this API operation.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-func (c *S3) ListBucketInventoryConfigurationsWithContext(ctx aws.Context, input *ListBucketInventoryConfigurationsInput, opts ...request.Option) (*ListBucketInventoryConfigurationsOutput, error) {
-	req, out := c.ListBucketInventoryConfigurationsRequest(input)
-	req.SetContext(ctx)
-	req.ApplyOptions(opts...)
-	return out, req.Send()
-}
-
-const opListBucketMetricsConfigurations = "ListBucketMetricsConfigurations"
-
-// ListBucketMetricsConfigurationsRequest generates a "aws/request.Request" representing the
-// client's request for the ListBucketMetricsConfigurations operation. The "output" return
-// value will be populated with the request's response once the request completes
-// successfully.
-//
-// Use "Send" method on the returned Request to send the API call to the service.
-// the "output" return value is not valid until after Send returns without error.
-//
-// See ListBucketMetricsConfigurations for more information on using the ListBucketMetricsConfigurations
-// API call, and error handling.
-//
-// This method is useful when you want to inject custom logic or configuration
-// into the SDK's request lifecycle. Such as custom headers, or retry logic.
-//
-//	// Example sending a request using the ListBucketMetricsConfigurationsRequest method.
-//	req, resp := client.ListBucketMetricsConfigurationsRequest(params)
-//
-//	err := req.Send()
-//	if err == nil { // resp is now filled
-//	    fmt.Println(resp)
-//	}
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListBucketMetricsConfigurations
-func (c *S3) ListBucketMetricsConfigurationsRequest(input *ListBucketMetricsConfigurationsInput) (req *request.Request, output *ListBucketMetricsConfigurationsOutput) {
-	op := &request.Operation{
-		Name:       opListBucketMetricsConfigurations,
-		HTTPMethod: "GET",
-		HTTPPath:   "/{Bucket}?metrics",
-	}
-
-	if input == nil {
-		input = &ListBucketMetricsConfigurationsInput{}
-	}
-
-	output = &ListBucketMetricsConfigurationsOutput{}
-	req = c.newRequest(op, input, output)
-	return
-}
-
-// ListBucketMetricsConfigurations API operation for Amazon Simple Storage Service.
-//
-// Lists the metrics configurations for the bucket. The metrics configurations
-// are only for the request metrics of the bucket and do not provide information
-// on daily storage metrics. You can have up to 1,000 configurations per bucket.
-//
-// This action supports list pagination and does not return more than 100 configurations
-// at a time. Always check the IsTruncated element in the response. If there
-// are no more configurations to list, IsTruncated is set to false. If there
-// are more configurations to list, IsTruncated is set to true, and there is
-// a value in NextContinuationToken. You use the NextContinuationToken value
-// to continue the pagination of the list by passing the value in continuation-token
-// in the request to GET the next page.
-//
-// To use this operation, you must have permissions to perform the s3:GetMetricsConfiguration
-// action. The bucket owner has this permission by default. The bucket owner
-// can grant this permission to others. For more information about permissions,
-// see Permissions Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
-// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html).
-//
-// For more information about metrics configurations and CloudWatch request
-// metrics, see Monitoring Metrics with Amazon CloudWatch (https://docs.aws.amazon.com/AmazonS3/latest/dev/cloudwatch-monitoring.html).
-//
-// The following operations are related to ListBucketMetricsConfigurations:
-//
-//   - PutBucketMetricsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketMetricsConfiguration.html)
-//
-//   - GetBucketMetricsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketMetricsConfiguration.html)
-//
-//   - DeleteBucketMetricsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketMetricsConfiguration.html)
-//
-// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
-// with awserr.Error's Code and Message methods to get detailed information about
-// the error.
-//
-// See the AWS API reference guide for Amazon Simple Storage Service's
-// API operation ListBucketMetricsConfigurations for usage and error information.
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListBucketMetricsConfigurations
-func (c *S3) ListBucketMetricsConfigurations(input *ListBucketMetricsConfigurationsInput) (*ListBucketMetricsConfigurationsOutput, error) {
-	req, out := c.ListBucketMetricsConfigurationsRequest(input)
-	return out, req.Send()
-}
-
-// ListBucketMetricsConfigurationsWithContext is the same as ListBucketMetricsConfigurations with the addition of
-// the ability to pass a context and additional request options.
-//
-// See ListBucketMetricsConfigurations for details on how to use this API operation.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-func (c *S3) ListBucketMetricsConfigurationsWithContext(ctx aws.Context, input *ListBucketMetricsConfigurationsInput, opts ...request.Option) (*ListBucketMetricsConfigurationsOutput, error) {
-	req, out := c.ListBucketMetricsConfigurationsRequest(input)
-	req.SetContext(ctx)
-	req.ApplyOptions(opts...)
-	return out, req.Send()
-}
-
-const opListBuckets = "ListBuckets"
-
-// ListBucketsRequest generates a "aws/request.Request" representing the
-// client's request for the ListBuckets operation. The "output" return
-// value will be populated with the request's response once the request completes
-// successfully.
-//
-// Use "Send" method on the returned Request to send the API call to the service.
-// the "output" return value is not valid until after Send returns without error.
-//
-// See ListBuckets for more information on using the ListBuckets
-// API call, and error handling.
-//
-// This method is useful when you want to inject custom logic or configuration
-// into the SDK's request lifecycle. Such as custom headers, or retry logic.
-//
-//	// Example sending a request using the ListBucketsRequest method.
-//	req, resp := client.ListBucketsRequest(params)
-//
-//	err := req.Send()
-//	if err == nil { // resp is now filled
-//	    fmt.Println(resp)
-//	}
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListBuckets
-func (c *S3) ListBucketsRequest(input *ListBucketsInput) (req *request.Request, output *ListBucketsOutput) {
-	op := &request.Operation{
-		Name:       opListBuckets,
-		HTTPMethod: "GET",
-		HTTPPath:   "/",
-	}
-
-	if input == nil {
-		input = &ListBucketsInput{}
-	}
-
-	output = &ListBucketsOutput{}
-	req = c.newRequest(op, input, output)
-	return
-}
-
-// ListBuckets API operation for Amazon Simple Storage Service.
-//
-// Returns a list of all buckets owned by the authenticated sender of the request.
-// To use this operation, you must have the s3:ListAllMyBuckets permission.
-//
-// For information about Amazon S3 buckets, see Creating, configuring, and working
-// with Amazon S3 buckets (https://docs.aws.amazon.com/AmazonS3/latest/userguide/creating-buckets-s3.html).
-//
-// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
-// with awserr.Error's Code and Message methods to get detailed information about
-// the error.
-//
-// See the AWS API reference guide for Amazon Simple Storage Service's
-// API operation ListBuckets for usage and error information.
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListBuckets
-func (c *S3) ListBuckets(input *ListBucketsInput) (*ListBucketsOutput, error) {
-	req, out := c.ListBucketsRequest(input)
-	return out, req.Send()
-}
-
-// ListBucketsWithContext is the same as ListBuckets with the addition of
-// the ability to pass a context and additional request options.
-//
-// See ListBuckets for details on how to use this API operation.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-func (c *S3) ListBucketsWithContext(ctx aws.Context, input *ListBucketsInput, opts ...request.Option) (*ListBucketsOutput, error) {
-	req, out := c.ListBucketsRequest(input)
-	req.SetContext(ctx)
-	req.ApplyOptions(opts...)
-	return out, req.Send()
-}
-
-const opListMultipartUploads = "ListMultipartUploads"
-
-// ListMultipartUploadsRequest generates a "aws/request.Request" representing the
-// client's request for the ListMultipartUploads operation. The "output" return
-// value will be populated with the request's response once the request completes
-// successfully.
-//
-// Use "Send" method on the returned Request to send the API call to the service.
-// the "output" return value is not valid until after Send returns without error.
-//
-// See ListMultipartUploads for more information on using the ListMultipartUploads
-// API call, and error handling.
-//
-// This method is useful when you want to inject custom logic or configuration
-// into the SDK's request lifecycle. Such as custom headers, or retry logic.
-//
-//	// Example sending a request using the ListMultipartUploadsRequest method.
-//	req, resp := client.ListMultipartUploadsRequest(params)
-//
-//	err := req.Send()
-//	if err == nil { // resp is now filled
-//	    fmt.Println(resp)
-//	}
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListMultipartUploads
-func (c *S3) ListMultipartUploadsRequest(input *ListMultipartUploadsInput) (req *request.Request, output *ListMultipartUploadsOutput) {
-	op := &request.Operation{
-		Name:       opListMultipartUploads,
-		HTTPMethod: "GET",
-		HTTPPath:   "/{Bucket}?uploads",
-		Paginator: &request.Paginator{
-			InputTokens:     []string{"KeyMarker", "UploadIdMarker"},
-			OutputTokens:    []string{"NextKeyMarker", "NextUploadIdMarker"},
-			LimitToken:      "MaxUploads",
-			TruncationToken: "IsTruncated",
-		},
-	}
-
-	if input == nil {
-		input = &ListMultipartUploadsInput{}
-	}
-
-	output = &ListMultipartUploadsOutput{}
-	req = c.newRequest(op, input, output)
-	return
-}
-
-// ListMultipartUploads API operation for Amazon Simple Storage Service.
-//
-// This action lists in-progress multipart uploads. An in-progress multipart
-// upload is a multipart upload that has been initiated using the Initiate Multipart
-// Upload request, but has not yet been completed or aborted.
-//
-// This action returns at most 1,000 multipart uploads in the response. 1,000
-// multipart uploads is the maximum number of uploads a response can include,
-// which is also the default value. You can further limit the number of uploads
-// in a response by specifying the max-uploads parameter in the response. If
-// additional multipart uploads satisfy the list criteria, the response will
-// contain an IsTruncated element with the value true. To list the additional
-// multipart uploads, use the key-marker and upload-id-marker request parameters.
-//
-// In the response, the uploads are sorted by key. If your application has initiated
-// more than one multipart upload using the same object key, then uploads in
-// the response are first sorted by key. Additionally, uploads are sorted in
-// ascending order within each key by the upload initiation time.
-//
-// For more information on multipart uploads, see Uploading Objects Using Multipart
-// Upload (https://docs.aws.amazon.com/AmazonS3/latest/dev/uploadobjusingmpu.html).
-//
-// For information on permissions required to use the multipart upload API,
-// see Multipart Upload and Permissions (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html).
-//
-// The following operations are related to ListMultipartUploads:
-//
-//   - CreateMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html)
-//
-//   - UploadPart (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html)
-//
-//   - CompleteMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CompleteMultipartUpload.html)
-//
-//   - ListParts (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListParts.html)
-//
-//   - AbortMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_AbortMultipartUpload.html)
-//
-// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
-// with awserr.Error's Code and Message methods to get detailed information about
-// the error.
-//
-// See the AWS API reference guide for Amazon Simple Storage Service's
-// API operation ListMultipartUploads for usage and error information.
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListMultipartUploads
-func (c *S3) ListMultipartUploads(input *ListMultipartUploadsInput) (*ListMultipartUploadsOutput, error) {
-	req, out := c.ListMultipartUploadsRequest(input)
-	return out, req.Send()
-}
-
-// ListMultipartUploadsWithContext is the same as ListMultipartUploads with the addition of
-// the ability to pass a context and additional request options.
-//
-// See ListMultipartUploads for details on how to use this API operation.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-func (c *S3) ListMultipartUploadsWithContext(ctx aws.Context, input *ListMultipartUploadsInput, opts ...request.Option) (*ListMultipartUploadsOutput, error) {
-	req, out := c.ListMultipartUploadsRequest(input)
-	req.SetContext(ctx)
-	req.ApplyOptions(opts...)
-	return out, req.Send()
-}
-
-// ListMultipartUploadsPages iterates over the pages of a ListMultipartUploads operation,
-// calling the "fn" function with the response data for each page. To stop
-// iterating, return false from the fn function.
-//
-// See ListMultipartUploads method for more information on how to use this operation.
-//
-// Note: This operation can generate multiple requests to a service.
-//
-//	// Example iterating over at most 3 pages of a ListMultipartUploads operation.
-//	pageNum := 0
-//	err := client.ListMultipartUploadsPages(params,
-//	    func(page *s3.ListMultipartUploadsOutput, lastPage bool) bool {
-//	        pageNum++
-//	        fmt.Println(page)
-//	        return pageNum <= 3
-//	    })
-func (c *S3) ListMultipartUploadsPages(input *ListMultipartUploadsInput, fn func(*ListMultipartUploadsOutput, bool) bool) error {
-	return c.ListMultipartUploadsPagesWithContext(aws.BackgroundContext(), input, fn)
-}
-
-// ListMultipartUploadsPagesWithContext same as ListMultipartUploadsPages except
-// it takes a Context and allows setting request options on the pages.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-func (c *S3) ListMultipartUploadsPagesWithContext(ctx aws.Context, input *ListMultipartUploadsInput, fn func(*ListMultipartUploadsOutput, bool) bool, opts ...request.Option) error {
-	p := request.Pagination{
-		NewRequest: func() (*request.Request, error) {
-			var inCpy *ListMultipartUploadsInput
-			if input != nil {
-				tmp := *input
-				inCpy = &tmp
-			}
-			req, _ := c.ListMultipartUploadsRequest(inCpy)
-			req.SetContext(ctx)
-			req.ApplyOptions(opts...)
-			return req, nil
-		},
-	}
-
-	for p.Next() {
-		if !fn(p.Page().(*ListMultipartUploadsOutput), !p.HasNextPage()) {
-			break
-		}
-	}
-
-	return p.Err()
-}
-
-const opListObjectVersions = "ListObjectVersions"
-
-// ListObjectVersionsRequest generates a "aws/request.Request" representing the
-// client's request for the ListObjectVersions operation. The "output" return
-// value will be populated with the request's response once the request completes
-// successfully.
-//
-// Use "Send" method on the returned Request to send the API call to the service.
-// the "output" return value is not valid until after Send returns without error.
-//
-// See ListObjectVersions for more information on using the ListObjectVersions
-// API call, and error handling.
-//
-// This method is useful when you want to inject custom logic or configuration
-// into the SDK's request lifecycle. Such as custom headers, or retry logic.
-//
-//	// Example sending a request using the ListObjectVersionsRequest method.
-//	req, resp := client.ListObjectVersionsRequest(params)
-//
-//	err := req.Send()
-//	if err == nil { // resp is now filled
-//	    fmt.Println(resp)
-//	}
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListObjectVersions
-func (c *S3) ListObjectVersionsRequest(input *ListObjectVersionsInput) (req *request.Request, output *ListObjectVersionsOutput) {
-	op := &request.Operation{
-		Name:       opListObjectVersions,
-		HTTPMethod: "GET",
-		HTTPPath:   "/{Bucket}?versions",
-		Paginator: &request.Paginator{
-			InputTokens:     []string{"KeyMarker", "VersionIdMarker"},
-			OutputTokens:    []string{"NextKeyMarker", "NextVersionIdMarker"},
-			LimitToken:      "MaxKeys",
-			TruncationToken: "IsTruncated",
-		},
-	}
-
-	if input == nil {
-		input = &ListObjectVersionsInput{}
-	}
-
-	output = &ListObjectVersionsOutput{}
-	req = c.newRequest(op, input, output)
-	return
-}
-
-// ListObjectVersions API operation for Amazon Simple Storage Service.
-//
-// Returns metadata about all versions of the objects in a bucket. You can also
-// use request parameters as selection criteria to return metadata about a subset
-// of all the object versions.
-//
-// To use this operation, you must have permissions to perform the s3:ListBucketVersions
-// action. Be aware of the name difference.
-//
-// A 200 OK response can contain valid or invalid XML. Make sure to design your
-// application to parse the contents of the response and handle it appropriately.
-//
-// To use this operation, you must have READ access to the bucket.
-//
-// This action is not supported by Amazon S3 on Outposts.
-//
-// The following operations are related to ListObjectVersions:
-//
-//   - ListObjectsV2 (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListObjectsV2.html)
-//
-//   - GetObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html)
-//
-//   - PutObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html)
-//
-//   - DeleteObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObject.html)
-//
-// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
-// with awserr.Error's Code and Message methods to get detailed information about
-// the error.
-//
-// See the AWS API reference guide for Amazon Simple Storage Service's
-// API operation ListObjectVersions for usage and error information.
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListObjectVersions
-func (c *S3) ListObjectVersions(input *ListObjectVersionsInput) (*ListObjectVersionsOutput, error) {
-	req, out := c.ListObjectVersionsRequest(input)
-	return out, req.Send()
-}
-
-// ListObjectVersionsWithContext is the same as ListObjectVersions with the addition of
-// the ability to pass a context and additional request options.
-//
-// See ListObjectVersions for details on how to use this API operation.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-func (c *S3) ListObjectVersionsWithContext(ctx aws.Context, input *ListObjectVersionsInput, opts ...request.Option) (*ListObjectVersionsOutput, error) {
-	req, out := c.ListObjectVersionsRequest(input)
-	req.SetContext(ctx)
-	req.ApplyOptions(opts...)
-	return out, req.Send()
-}
-
-// ListObjectVersionsPages iterates over the pages of a ListObjectVersions operation,
-// calling the "fn" function with the response data for each page. To stop
-// iterating, return false from the fn function.
-//
-// See ListObjectVersions method for more information on how to use this operation.
-//
-// Note: This operation can generate multiple requests to a service.
-//
-//	// Example iterating over at most 3 pages of a ListObjectVersions operation.
-//	pageNum := 0
-//	err := client.ListObjectVersionsPages(params,
-//	    func(page *s3.ListObjectVersionsOutput, lastPage bool) bool {
-//	        pageNum++
-//	        fmt.Println(page)
-//	        return pageNum <= 3
-//	    })
-func (c *S3) ListObjectVersionsPages(input *ListObjectVersionsInput, fn func(*ListObjectVersionsOutput, bool) bool) error {
-	return c.ListObjectVersionsPagesWithContext(aws.BackgroundContext(), input, fn)
-}
-
-// ListObjectVersionsPagesWithContext same as ListObjectVersionsPages except
-// it takes a Context and allows setting request options on the pages.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-func (c *S3) ListObjectVersionsPagesWithContext(ctx aws.Context, input *ListObjectVersionsInput, fn func(*ListObjectVersionsOutput, bool) bool, opts ...request.Option) error {
-	p := request.Pagination{
-		NewRequest: func() (*request.Request, error) {
-			var inCpy *ListObjectVersionsInput
-			if input != nil {
-				tmp := *input
-				inCpy = &tmp
-			}
-			req, _ := c.ListObjectVersionsRequest(inCpy)
-			req.SetContext(ctx)
-			req.ApplyOptions(opts...)
-			return req, nil
-		},
-	}
-
-	for p.Next() {
-		if !fn(p.Page().(*ListObjectVersionsOutput), !p.HasNextPage()) {
-			break
-		}
-	}
-
-	return p.Err()
-}
-
-const opListObjects = "ListObjects"
-
-// ListObjectsRequest generates a "aws/request.Request" representing the
-// client's request for the ListObjects operation. The "output" return
-// value will be populated with the request's response once the request completes
-// successfully.
-//
-// Use "Send" method on the returned Request to send the API call to the service.
-// the "output" return value is not valid until after Send returns without error.
-//
-// See ListObjects for more information on using the ListObjects
-// API call, and error handling.
-//
-// This method is useful when you want to inject custom logic or configuration
-// into the SDK's request lifecycle. Such as custom headers, or retry logic.
-//
-//	// Example sending a request using the ListObjectsRequest method.
-//	req, resp := client.ListObjectsRequest(params)
-//
-//	err := req.Send()
-//	if err == nil { // resp is now filled
-//	    fmt.Println(resp)
-//	}
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListObjects
-func (c *S3) ListObjectsRequest(input *ListObjectsInput) (req *request.Request, output *ListObjectsOutput) {
-	op := &request.Operation{
-		Name:       opListObjects,
-		HTTPMethod: "GET",
-		HTTPPath:   "/{Bucket}",
-		Paginator: &request.Paginator{
-			InputTokens:     []string{"Marker"},
-			OutputTokens:    []string{"NextMarker || Contents[-1].Key"},
-			LimitToken:      "MaxKeys",
-			TruncationToken: "IsTruncated",
-		},
-	}
-
-	if input == nil {
-		input = &ListObjectsInput{}
-	}
-
-	output = &ListObjectsOutput{}
-	req = c.newRequest(op, input, output)
-	return
-}
-
-// ListObjects API operation for Amazon Simple Storage Service.
-//
-// Returns some or all (up to 1,000) of the objects in a bucket. You can use
-// the request parameters as selection criteria to return a subset of the objects
-// in a bucket. A 200 OK response can contain valid or invalid XML. Be sure
-// to design your application to parse the contents of the response and handle
-// it appropriately.
-//
-// This action has been revised. We recommend that you use the newer version,
-// ListObjectsV2 (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListObjectsV2.html),
-// when developing applications. For backward compatibility, Amazon S3 continues
-// to support ListObjects.
-//
-// The following operations are related to ListObjects:
-//
-//   - ListObjectsV2 (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListObjectsV2.html)
-//
-//   - GetObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html)
-//
-//   - PutObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html)
-//
-//   - CreateBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html)
-//
-//   - ListBuckets (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBuckets.html)
-//
-// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
-// with awserr.Error's Code and Message methods to get detailed information about
-// the error.
-//
-// See the AWS API reference guide for Amazon Simple Storage Service's
-// API operation ListObjects for usage and error information.
-//
-// Returned Error Codes:
-//   - ErrCodeNoSuchBucket "NoSuchBucket"
-//     The specified bucket does not exist.
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListObjects
-func (c *S3) ListObjects(input *ListObjectsInput) (*ListObjectsOutput, error) {
-	req, out := c.ListObjectsRequest(input)
-	return out, req.Send()
-}
-
-// ListObjectsWithContext is the same as ListObjects with the addition of
-// the ability to pass a context and additional request options.
-//
-// See ListObjects for details on how to use this API operation.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-func (c *S3) ListObjectsWithContext(ctx aws.Context, input *ListObjectsInput, opts ...request.Option) (*ListObjectsOutput, error) {
-	req, out := c.ListObjectsRequest(input)
-	req.SetContext(ctx)
-	req.ApplyOptions(opts...)
-	return out, req.Send()
-}
-
-// ListObjectsPages iterates over the pages of a ListObjects operation,
-// calling the "fn" function with the response data for each page. To stop
-// iterating, return false from the fn function.
-//
-// See ListObjects method for more information on how to use this operation.
-//
-// Note: This operation can generate multiple requests to a service.
-//
-//	// Example iterating over at most 3 pages of a ListObjects operation.
-//	pageNum := 0
-//	err := client.ListObjectsPages(params,
-//	    func(page *s3.ListObjectsOutput, lastPage bool) bool {
-//	        pageNum++
-//	        fmt.Println(page)
-//	        return pageNum <= 3
-//	    })
-func (c *S3) ListObjectsPages(input *ListObjectsInput, fn func(*ListObjectsOutput, bool) bool) error {
-	return c.ListObjectsPagesWithContext(aws.BackgroundContext(), input, fn)
-}
-
-// ListObjectsPagesWithContext same as ListObjectsPages except
-// it takes a Context and allows setting request options on the pages.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-func (c *S3) ListObjectsPagesWithContext(ctx aws.Context, input *ListObjectsInput, fn func(*ListObjectsOutput, bool) bool, opts ...request.Option) error {
-	p := request.Pagination{
-		NewRequest: func() (*request.Request, error) {
-			var inCpy *ListObjectsInput
-			if input != nil {
-				tmp := *input
-				inCpy = &tmp
-			}
-			req, _ := c.ListObjectsRequest(inCpy)
-			req.SetContext(ctx)
-			req.ApplyOptions(opts...)
-			return req, nil
-		},
-	}
-
-	for p.Next() {
-		if !fn(p.Page().(*ListObjectsOutput), !p.HasNextPage()) {
-			break
-		}
-	}
-
-	return p.Err()
-}
-
-const opListObjectsV2 = "ListObjectsV2"
-
-// ListObjectsV2Request generates a "aws/request.Request" representing the
-// client's request for the ListObjectsV2 operation. The "output" return
-// value will be populated with the request's response once the request completes
-// successfully.
-//
-// Use "Send" method on the returned Request to send the API call to the service.
-// the "output" return value is not valid until after Send returns without error.
-//
-// See ListObjectsV2 for more information on using the ListObjectsV2
-// API call, and error handling.
-//
-// This method is useful when you want to inject custom logic or configuration
-// into the SDK's request lifecycle. Such as custom headers, or retry logic.
-//
-//	// Example sending a request using the ListObjectsV2Request method.
-//	req, resp := client.ListObjectsV2Request(params)
-//
-//	err := req.Send()
-//	if err == nil { // resp is now filled
-//	    fmt.Println(resp)
-//	}
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListObjectsV2
-func (c *S3) ListObjectsV2Request(input *ListObjectsV2Input) (req *request.Request, output *ListObjectsV2Output) {
-	op := &request.Operation{
-		Name:       opListObjectsV2,
-		HTTPMethod: "GET",
-		HTTPPath:   "/{Bucket}?list-type=2",
-		Paginator: &request.Paginator{
-			InputTokens:     []string{"ContinuationToken"},
-			OutputTokens:    []string{"NextContinuationToken"},
-			LimitToken:      "MaxKeys",
-			TruncationToken: "",
-		},
-	}
-
-	if input == nil {
-		input = &ListObjectsV2Input{}
-	}
-
-	output = &ListObjectsV2Output{}
-	req = c.newRequest(op, input, output)
-	return
-}
-
-// ListObjectsV2 API operation for Amazon Simple Storage Service.
-//
-// Returns some or all (up to 1,000) of the objects in a bucket with each request.
-// You can use the request parameters as selection criteria to return a subset
-// of the objects in a bucket. A 200 OK response can contain valid or invalid
-// XML. Make sure to design your application to parse the contents of the response
-// and handle it appropriately. Objects are returned sorted in an ascending
-// order of the respective key names in the list. For more information about
-// listing objects, see Listing object keys programmatically (https://docs.aws.amazon.com/AmazonS3/latest/userguide/ListingKeysUsingAPIs.html)
-//
-// To use this operation, you must have READ access to the bucket.
-//
-// To use this action in an Identity and Access Management (IAM) policy, you
-// must have permissions to perform the s3:ListBucket action. The bucket owner
-// has this permission by default and can grant this permission to others. For
-// more information about permissions, see Permissions Related to Bucket Subresource
-// Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
-// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html).
-//
-// This section describes the latest revision of this action. We recommend that
-// you use this revised API for application development. For backward compatibility,
-// Amazon S3 continues to support the prior version of this API, ListObjects
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListObjects.html).
-//
-// To get a list of your buckets, see ListBuckets (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBuckets.html).
-//
-// The following operations are related to ListObjectsV2:
-//
-//   - GetObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html)
-//
-//   - PutObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html)
-//
-//   - CreateBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html)
-//
-// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
-// with awserr.Error's Code and Message methods to get detailed information about
-// the error.
-//
-// See the AWS API reference guide for Amazon Simple Storage Service's
-// API operation ListObjectsV2 for usage and error information.
-//
-// Returned Error Codes:
-//   - ErrCodeNoSuchBucket "NoSuchBucket"
-//     The specified bucket does not exist.
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListObjectsV2
-func (c *S3) ListObjectsV2(input *ListObjectsV2Input) (*ListObjectsV2Output, error) {
-	req, out := c.ListObjectsV2Request(input)
-	return out, req.Send()
-}
-
-// ListObjectsV2WithContext is the same as ListObjectsV2 with the addition of
-// the ability to pass a context and additional request options.
-//
-// See ListObjectsV2 for details on how to use this API operation.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-func (c *S3) ListObjectsV2WithContext(ctx aws.Context, input *ListObjectsV2Input, opts ...request.Option) (*ListObjectsV2Output, error) {
-	req, out := c.ListObjectsV2Request(input)
-	req.SetContext(ctx)
-	req.ApplyOptions(opts...)
-	return out, req.Send()
-}
-
-// ListObjectsV2Pages iterates over the pages of a ListObjectsV2 operation,
-// calling the "fn" function with the response data for each page. To stop
-// iterating, return false from the fn function.
-//
-// See ListObjectsV2 method for more information on how to use this operation.
-//
-// Note: This operation can generate multiple requests to a service.
-//
-//	// Example iterating over at most 3 pages of a ListObjectsV2 operation.
-//	pageNum := 0
-//	err := client.ListObjectsV2Pages(params,
-//	    func(page *s3.ListObjectsV2Output, lastPage bool) bool {
-//	        pageNum++
-//	        fmt.Println(page)
-//	        return pageNum <= 3
-//	    })
-func (c *S3) ListObjectsV2Pages(input *ListObjectsV2Input, fn func(*ListObjectsV2Output, bool) bool) error {
-	return c.ListObjectsV2PagesWithContext(aws.BackgroundContext(), input, fn)
-}
-
-// ListObjectsV2PagesWithContext same as ListObjectsV2Pages except
-// it takes a Context and allows setting request options on the pages.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-func (c *S3) ListObjectsV2PagesWithContext(ctx aws.Context, input *ListObjectsV2Input, fn func(*ListObjectsV2Output, bool) bool, opts ...request.Option) error {
-	p := request.Pagination{
-		NewRequest: func() (*request.Request, error) {
-			var inCpy *ListObjectsV2Input
-			if input != nil {
-				tmp := *input
-				inCpy = &tmp
-			}
-			req, _ := c.ListObjectsV2Request(inCpy)
-			req.SetContext(ctx)
-			req.ApplyOptions(opts...)
-			return req, nil
-		},
-	}
-
-	for p.Next() {
-		if !fn(p.Page().(*ListObjectsV2Output), !p.HasNextPage()) {
-			break
-		}
-	}
-
-	return p.Err()
-}
-
-const opListParts = "ListParts"
-
-// ListPartsRequest generates a "aws/request.Request" representing the
-// client's request for the ListParts operation. The "output" return
-// value will be populated with the request's response once the request completes
-// successfully.
-//
-// Use "Send" method on the returned Request to send the API call to the service.
-// the "output" return value is not valid until after Send returns without error.
-//
-// See ListParts for more information on using the ListParts
-// API call, and error handling.
-//
-// This method is useful when you want to inject custom logic or configuration
-// into the SDK's request lifecycle. Such as custom headers, or retry logic.
-//
-//	// Example sending a request using the ListPartsRequest method.
-//	req, resp := client.ListPartsRequest(params)
-//
-//	err := req.Send()
-//	if err == nil { // resp is now filled
-//	    fmt.Println(resp)
-//	}
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListParts
-func (c *S3) ListPartsRequest(input *ListPartsInput) (req *request.Request, output *ListPartsOutput) {
-	op := &request.Operation{
-		Name:       opListParts,
-		HTTPMethod: "GET",
-		HTTPPath:   "/{Bucket}/{Key+}",
-		Paginator: &request.Paginator{
-			InputTokens:     []string{"PartNumberMarker"},
-			OutputTokens:    []string{"NextPartNumberMarker"},
-			LimitToken:      "MaxParts",
-			TruncationToken: "IsTruncated",
-		},
-	}
-
-	if input == nil {
-		input = &ListPartsInput{}
-	}
-
-	output = &ListPartsOutput{}
-	req = c.newRequest(op, input, output)
-	return
-}
-
-// ListParts API operation for Amazon Simple Storage Service.
-//
-// Lists the parts that have been uploaded for a specific multipart upload.
-// This operation must include the upload ID, which you obtain by sending the
-// initiate multipart upload request (see CreateMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html)).
-// This request returns a maximum of 1,000 uploaded parts. The default number
-// of parts returned is 1,000 parts. You can restrict the number of parts returned
-// by specifying the max-parts request parameter. If your multipart upload consists
-// of more than 1,000 parts, the response returns an IsTruncated field with
-// the value of true, and a NextPartNumberMarker element. In subsequent ListParts
-// requests you can include the part-number-marker query string parameter and
-// set its value to the NextPartNumberMarker field value from the previous response.
-//
-// If the upload was created using a checksum algorithm, you will need to have
-// permission to the kms:Decrypt action for the request to succeed.
-//
-// For more information on multipart uploads, see Uploading Objects Using Multipart
-// Upload (https://docs.aws.amazon.com/AmazonS3/latest/dev/uploadobjusingmpu.html).
-//
-// For information on permissions required to use the multipart upload API,
-// see Multipart Upload and Permissions (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html).
-//
-// The following operations are related to ListParts:
-//
-//   - CreateMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html)
-//
-//   - UploadPart (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html)
-//
-//   - CompleteMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CompleteMultipartUpload.html)
-//
-//   - AbortMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_AbortMultipartUpload.html)
-//
-//   - GetObjectAttributes (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectAttributes.html)
-//
-//   - ListMultipartUploads (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListMultipartUploads.html)
-//
-// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
-// with awserr.Error's Code and Message methods to get detailed information about
-// the error.
-//
-// See the AWS API reference guide for Amazon Simple Storage Service's
-// API operation ListParts for usage and error information.
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListParts
-func (c *S3) ListParts(input *ListPartsInput) (*ListPartsOutput, error) {
-	req, out := c.ListPartsRequest(input)
-	return out, req.Send()
-}
-
-// ListPartsWithContext is the same as ListParts with the addition of
-// the ability to pass a context and additional request options.
-//
-// See ListParts for details on how to use this API operation.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-func (c *S3) ListPartsWithContext(ctx aws.Context, input *ListPartsInput, opts ...request.Option) (*ListPartsOutput, error) {
-	req, out := c.ListPartsRequest(input)
-	req.SetContext(ctx)
-	req.ApplyOptions(opts...)
-	return out, req.Send()
-}
-
-// ListPartsPages iterates over the pages of a ListParts operation,
-// calling the "fn" function with the response data for each page. To stop
-// iterating, return false from the fn function.
-//
-// See ListParts method for more information on how to use this operation.
-//
-// Note: This operation can generate multiple requests to a service.
-//
-//	// Example iterating over at most 3 pages of a ListParts operation.
-//	pageNum := 0
-//	err := client.ListPartsPages(params,
-//	    func(page *s3.ListPartsOutput, lastPage bool) bool {
-//	        pageNum++
-//	        fmt.Println(page)
-//	        return pageNum <= 3
-//	    })
-func (c *S3) ListPartsPages(input *ListPartsInput, fn func(*ListPartsOutput, bool) bool) error {
-	return c.ListPartsPagesWithContext(aws.BackgroundContext(), input, fn)
-}
-
-// ListPartsPagesWithContext same as ListPartsPages except
-// it takes a Context and allows setting request options on the pages.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-func (c *S3) ListPartsPagesWithContext(ctx aws.Context, input *ListPartsInput, fn func(*ListPartsOutput, bool) bool, opts ...request.Option) error {
-	p := request.Pagination{
-		NewRequest: func() (*request.Request, error) {
-			var inCpy *ListPartsInput
-			if input != nil {
-				tmp := *input
-				inCpy = &tmp
-			}
-			req, _ := c.ListPartsRequest(inCpy)
-			req.SetContext(ctx)
-			req.ApplyOptions(opts...)
-			return req, nil
-		},
-	}
-
-	for p.Next() {
-		if !fn(p.Page().(*ListPartsOutput), !p.HasNextPage()) {
-			break
-		}
-	}
-
-	return p.Err()
-}
-
-const opPutBucketAccelerateConfiguration = "PutBucketAccelerateConfiguration"
-
-// PutBucketAccelerateConfigurationRequest generates a "aws/request.Request" representing the
-// client's request for the PutBucketAccelerateConfiguration operation. The "output" return
-// value will be populated with the request's response once the request completes
-// successfully.
-//
-// Use "Send" method on the returned Request to send the API call to the service.
-// the "output" return value is not valid until after Send returns without error.
-//
-// See PutBucketAccelerateConfiguration for more information on using the PutBucketAccelerateConfiguration
-// API call, and error handling.
-//
-// This method is useful when you want to inject custom logic or configuration
-// into the SDK's request lifecycle. Such as custom headers, or retry logic.
-//
-//	// Example sending a request using the PutBucketAccelerateConfigurationRequest method.
-//	req, resp := client.PutBucketAccelerateConfigurationRequest(params)
-//
-//	err := req.Send()
-//	if err == nil { // resp is now filled
-//	    fmt.Println(resp)
-//	}
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketAccelerateConfiguration
-func (c *S3) PutBucketAccelerateConfigurationRequest(input *PutBucketAccelerateConfigurationInput) (req *request.Request, output *PutBucketAccelerateConfigurationOutput) {
-	op := &request.Operation{
-		Name:       opPutBucketAccelerateConfiguration,
-		HTTPMethod: "PUT",
-		HTTPPath:   "/{Bucket}?accelerate",
-	}
-
-	if input == nil {
-		input = &PutBucketAccelerateConfigurationInput{}
-	}
-
-	output = &PutBucketAccelerateConfigurationOutput{}
-	req = c.newRequest(op, input, output)
-	req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
-	return
-}
-
-// PutBucketAccelerateConfiguration API operation for Amazon Simple Storage Service.
-//
-// Sets the accelerate configuration of an existing bucket. Amazon S3 Transfer
-// Acceleration is a bucket-level feature that enables you to perform faster
-// data transfers to Amazon S3.
-//
-// To use this operation, you must have permission to perform the s3:PutAccelerateConfiguration
-// action. The bucket owner has this permission by default. The bucket owner
-// can grant this permission to others. For more information about permissions,
-// see Permissions Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
-// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html).
-//
-// The Transfer Acceleration state of a bucket can be set to one of the following
-// two values:
-//
-//   - Enabled – Enables accelerated data transfers to the bucket.
-//
-//   - Suspended – Disables accelerated data transfers to the bucket.
-//
-// The GetBucketAccelerateConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketAccelerateConfiguration.html)
-// action returns the transfer acceleration state of a bucket.
-//
-// After setting the Transfer Acceleration state of a bucket to Enabled, it
-// might take up to thirty minutes before the data transfer rates to the bucket
-// increase.
-//
-// The name of the bucket used for Transfer Acceleration must be DNS-compliant
-// and must not contain periods (".").
-//
-// For more information about transfer acceleration, see Transfer Acceleration
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/transfer-acceleration.html).
-//
-// The following operations are related to PutBucketAccelerateConfiguration:
-//
-//   - GetBucketAccelerateConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketAccelerateConfiguration.html)
-//
-//   - CreateBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html)
-//
-// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
-// with awserr.Error's Code and Message methods to get detailed information about
-// the error.
-//
-// See the AWS API reference guide for Amazon Simple Storage Service's
-// API operation PutBucketAccelerateConfiguration for usage and error information.
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketAccelerateConfiguration
-func (c *S3) PutBucketAccelerateConfiguration(input *PutBucketAccelerateConfigurationInput) (*PutBucketAccelerateConfigurationOutput, error) {
-	req, out := c.PutBucketAccelerateConfigurationRequest(input)
-	return out, req.Send()
-}
-
-// PutBucketAccelerateConfigurationWithContext is the same as PutBucketAccelerateConfiguration with the addition of
-// the ability to pass a context and additional request options.
-//
-// See PutBucketAccelerateConfiguration for details on how to use this API operation.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-func (c *S3) PutBucketAccelerateConfigurationWithContext(ctx aws.Context, input *PutBucketAccelerateConfigurationInput, opts ...request.Option) (*PutBucketAccelerateConfigurationOutput, error) {
-	req, out := c.PutBucketAccelerateConfigurationRequest(input)
-	req.SetContext(ctx)
-	req.ApplyOptions(opts...)
-	return out, req.Send()
-}
-
-const opPutBucketAcl = "PutBucketAcl"
-
-// PutBucketAclRequest generates a "aws/request.Request" representing the
-// client's request for the PutBucketAcl operation. The "output" return
-// value will be populated with the request's response once the request completes
-// successfully.
-//
-// Use "Send" method on the returned Request to send the API call to the service.
-// the "output" return value is not valid until after Send returns without error.
-//
-// See PutBucketAcl for more information on using the PutBucketAcl
-// API call, and error handling.
-//
-// This method is useful when you want to inject custom logic or configuration
-// into the SDK's request lifecycle. Such as custom headers, or retry logic.
-//
-//	// Example sending a request using the PutBucketAclRequest method.
-//	req, resp := client.PutBucketAclRequest(params)
-//
-//	err := req.Send()
-//	if err == nil { // resp is now filled
-//	    fmt.Println(resp)
-//	}
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketAcl
-func (c *S3) PutBucketAclRequest(input *PutBucketAclInput) (req *request.Request, output *PutBucketAclOutput) {
-	op := &request.Operation{
-		Name:       opPutBucketAcl,
-		HTTPMethod: "PUT",
-		HTTPPath:   "/{Bucket}?acl",
-	}
-
-	if input == nil {
-		input = &PutBucketAclInput{}
-	}
-
-	output = &PutBucketAclOutput{}
-	req = c.newRequest(op, input, output)
-	req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
-	req.Handlers.Build.PushBackNamed(request.NamedHandler{
-		Name: "contentMd5Handler",
-		Fn:   checksum.AddBodyContentMD5Handler,
-	})
-	return
-}
-
-// PutBucketAcl API operation for Amazon Simple Storage Service.
-//
-// Sets the permissions on an existing bucket using access control lists (ACL).
-// For more information, see Using ACLs (https://docs.aws.amazon.com/AmazonS3/latest/dev/S3_ACLs_UsingACLs.html).
-// To set the ACL of a bucket, you must have WRITE_ACP permission.
-//
-// You can use one of the following two ways to set a bucket's permissions:
-//
-//   - Specify the ACL in the request body
-//
-//   - Specify permissions using request headers
-//
-// You cannot specify access permission using both the body and the request
-// headers.
-//
-// Depending on your application needs, you may choose to set the ACL on a bucket
-// using either the request body or the headers. For example, if you have an
-// existing application that updates a bucket ACL using the request body, then
-// you can continue to use that approach.
-//
-// If your bucket uses the bucket owner enforced setting for S3 Object Ownership,
-// ACLs are disabled and no longer affect permissions. You must use policies
-// to grant access to your bucket and the objects in it. Requests to set ACLs
-// or update ACLs fail and return the AccessControlListNotSupported error code.
-// Requests to read ACLs are still supported. For more information, see Controlling
-// object ownership (https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html)
-// in the Amazon S3 User Guide.
-//
-// # Permissions
-//
-// You can set access permissions by using one of the following methods:
-//
-//   - Specify a canned ACL with the x-amz-acl request header. Amazon S3 supports
-//     a set of predefined ACLs, known as canned ACLs. Each canned ACL has a
-//     predefined set of grantees and permissions. Specify the canned ACL name
-//     as the value of x-amz-acl. If you use this header, you cannot use other
-//     access control-specific headers in your request. For more information,
-//     see Canned ACL (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL).
-//
-//   - Specify access permissions explicitly with the x-amz-grant-read, x-amz-grant-read-acp,
-//     x-amz-grant-write-acp, and x-amz-grant-full-control headers. When using
-//     these headers, you specify explicit access permissions and grantees (Amazon
-//     Web Services accounts or Amazon S3 groups) who will receive the permission.
-//     If you use these ACL-specific headers, you cannot use the x-amz-acl header
-//     to set a canned ACL. These parameters map to the set of permissions that
-//     Amazon S3 supports in an ACL. For more information, see Access Control
-//     List (ACL) Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html).
-//     You specify each grantee as a type=value pair, where the type is one of
-//     the following: id – if the value specified is the canonical user ID
-//     of an Amazon Web Services account uri – if you are granting permissions
-//     to a predefined group emailAddress – if the value specified is the email
-//     address of an Amazon Web Services account Using email addresses to specify
-//     a grantee is only supported in the following Amazon Web Services Regions:
-//     US East (N. Virginia) US West (N. California) US West (Oregon) Asia Pacific
-//     (Singapore) Asia Pacific (Sydney) Asia Pacific (Tokyo) Europe (Ireland)
-//     South America (São Paulo) For a list of all the Amazon S3 supported Regions
-//     and endpoints, see Regions and Endpoints (https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region)
-//     in the Amazon Web Services General Reference. For example, the following
-//     x-amz-grant-write header grants create, overwrite, and delete objects
-//     permission to LogDelivery group predefined by Amazon S3 and two Amazon
-//     Web Services accounts identified by their email addresses. x-amz-grant-write:
-//     uri="http://acs.amazonaws.com/groups/s3/LogDelivery", id="111122223333",
-//     id="555566667777"
-//
-// You can use either a canned ACL or specify access permissions explicitly.
-// You cannot do both.
-//
-// # Grantee Values
-//
-// You can specify the person (grantee) to whom you're assigning access rights
-// (using request elements) in the following ways:
-//
-//   - By the person's ID: <Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-//     xsi:type="CanonicalUser"><ID><>ID<></ID><DisplayName><>GranteesEmail<></DisplayName>
-//     </Grantee> DisplayName is optional and ignored in the request
-//
-//   - By URI: <Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-//     xsi:type="Group"><URI><>http://acs.amazonaws.com/groups/global/AuthenticatedUsers<></URI></Grantee>
-//
-//   - By Email address: <Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-//     xsi:type="AmazonCustomerByEmail"><EmailAddress><>Grantees@email.com<></EmailAddress>&</Grantee>
-//     The grantee is resolved to the CanonicalUser and, in a response to a GET
-//     Object acl request, appears as the CanonicalUser. Using email addresses
-//     to specify a grantee is only supported in the following Amazon Web Services
-//     Regions: US East (N. Virginia) US West (N. California) US West (Oregon)
-//     Asia Pacific (Singapore) Asia Pacific (Sydney) Asia Pacific (Tokyo) Europe
-//     (Ireland) South America (São Paulo) For a list of all the Amazon S3 supported
-//     Regions and endpoints, see Regions and Endpoints (https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region)
-//     in the Amazon Web Services General Reference.
-//
-// The following operations are related to PutBucketAcl:
-//
-//   - CreateBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html)
-//
-//   - DeleteBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucket.html)
-//
-//   - GetObjectAcl (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectAcl.html)
-//
-// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
-// with awserr.Error's Code and Message methods to get detailed information about
-// the error.
-//
-// See the AWS API reference guide for Amazon Simple Storage Service's
-// API operation PutBucketAcl for usage and error information.
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketAcl
-func (c *S3) PutBucketAcl(input *PutBucketAclInput) (*PutBucketAclOutput, error) {
-	req, out := c.PutBucketAclRequest(input)
-	return out, req.Send()
-}
-
-// PutBucketAclWithContext is the same as PutBucketAcl with the addition of
-// the ability to pass a context and additional request options.
-//
-// See PutBucketAcl for details on how to use this API operation.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-func (c *S3) PutBucketAclWithContext(ctx aws.Context, input *PutBucketAclInput, opts ...request.Option) (*PutBucketAclOutput, error) {
-	req, out := c.PutBucketAclRequest(input)
-	req.SetContext(ctx)
-	req.ApplyOptions(opts...)
-	return out, req.Send()
-}
-
-const opPutBucketAnalyticsConfiguration = "PutBucketAnalyticsConfiguration"
-
-// PutBucketAnalyticsConfigurationRequest generates a "aws/request.Request" representing the
-// client's request for the PutBucketAnalyticsConfiguration operation. The "output" return
-// value will be populated with the request's response once the request completes
-// successfully.
-//
-// Use "Send" method on the returned Request to send the API call to the service.
-// the "output" return value is not valid until after Send returns without error.
-//
-// See PutBucketAnalyticsConfiguration for more information on using the PutBucketAnalyticsConfiguration
-// API call, and error handling.
-//
-// This method is useful when you want to inject custom logic or configuration
-// into the SDK's request lifecycle. Such as custom headers, or retry logic.
-//
-//	// Example sending a request using the PutBucketAnalyticsConfigurationRequest method.
-//	req, resp := client.PutBucketAnalyticsConfigurationRequest(params)
-//
-//	err := req.Send()
-//	if err == nil { // resp is now filled
-//	    fmt.Println(resp)
-//	}
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketAnalyticsConfiguration
-func (c *S3) PutBucketAnalyticsConfigurationRequest(input *PutBucketAnalyticsConfigurationInput) (req *request.Request, output *PutBucketAnalyticsConfigurationOutput) {
-	op := &request.Operation{
-		Name:       opPutBucketAnalyticsConfiguration,
-		HTTPMethod: "PUT",
-		HTTPPath:   "/{Bucket}?analytics",
-	}
-
-	if input == nil {
-		input = &PutBucketAnalyticsConfigurationInput{}
-	}
-
-	output = &PutBucketAnalyticsConfigurationOutput{}
-	req = c.newRequest(op, input, output)
-	req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
-	return
-}
-
-// PutBucketAnalyticsConfiguration API operation for Amazon Simple Storage Service.
-//
-// Sets an analytics configuration for the bucket (specified by the analytics
-// configuration ID). You can have up to 1,000 analytics configurations per
-// bucket.
-//
-// You can choose to have storage class analysis export analysis reports sent
-// to a comma-separated values (CSV) flat file. See the DataExport request element.
-// Reports are updated daily and are based on the object filters that you configure.
-// When selecting data export, you specify a destination bucket and an optional
-// destination prefix where the file is written. You can export the data to
-// a destination bucket in a different account. However, the destination bucket
-// must be in the same Region as the bucket that you are making the PUT analytics
-// configuration to. For more information, see Amazon S3 Analytics – Storage
-// Class Analysis (https://docs.aws.amazon.com/AmazonS3/latest/dev/analytics-storage-class.html).
-//
-// You must create a bucket policy on the destination bucket where the exported
-// file is written to grant permissions to Amazon S3 to write objects to the
-// bucket. For an example policy, see Granting Permissions for Amazon S3 Inventory
-// and Storage Class Analysis (https://docs.aws.amazon.com/AmazonS3/latest/dev/example-bucket-policies.html#example-bucket-policies-use-case-9).
-//
-// To use this operation, you must have permissions to perform the s3:PutAnalyticsConfiguration
-// action. The bucket owner has this permission by default. The bucket owner
-// can grant this permission to others. For more information about permissions,
-// see Permissions Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
-// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html).
-//
-// PutBucketAnalyticsConfiguration has the following special errors:
-//
-//   - HTTP Error: HTTP 400 Bad Request Code: InvalidArgument Cause: Invalid
-//     argument.
-//
-//   - HTTP Error: HTTP 400 Bad Request Code: TooManyConfigurations Cause:
-//     You are attempting to create a new configuration but have already reached
-//     the 1,000-configuration limit.
-//
-//   - HTTP Error: HTTP 403 Forbidden Code: AccessDenied Cause: You are not
-//     the owner of the specified bucket, or you do not have the s3:PutAnalyticsConfiguration
-//     bucket permission to set the configuration on the bucket.
-//
-// The following operations are related to PutBucketAnalyticsConfiguration:
-//
-//   - GetBucketAnalyticsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketAnalyticsConfiguration.html)
-//
-//   - DeleteBucketAnalyticsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketAnalyticsConfiguration.html)
-//
-//   - ListBucketAnalyticsConfigurations (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketAnalyticsConfigurations.html)
-//
-// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
-// with awserr.Error's Code and Message methods to get detailed information about
-// the error.
-//
-// See the AWS API reference guide for Amazon Simple Storage Service's
-// API operation PutBucketAnalyticsConfiguration for usage and error information.
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketAnalyticsConfiguration
-func (c *S3) PutBucketAnalyticsConfiguration(input *PutBucketAnalyticsConfigurationInput) (*PutBucketAnalyticsConfigurationOutput, error) {
-	req, out := c.PutBucketAnalyticsConfigurationRequest(input)
-	return out, req.Send()
-}
-
-// PutBucketAnalyticsConfigurationWithContext is the same as PutBucketAnalyticsConfiguration with the addition of
-// the ability to pass a context and additional request options.
-//
-// See PutBucketAnalyticsConfiguration for details on how to use this API operation.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-func (c *S3) PutBucketAnalyticsConfigurationWithContext(ctx aws.Context, input *PutBucketAnalyticsConfigurationInput, opts ...request.Option) (*PutBucketAnalyticsConfigurationOutput, error) {
-	req, out := c.PutBucketAnalyticsConfigurationRequest(input)
-	req.SetContext(ctx)
-	req.ApplyOptions(opts...)
-	return out, req.Send()
-}
-
-const opPutBucketCors = "PutBucketCors"
-
-// PutBucketCorsRequest generates a "aws/request.Request" representing the
-// client's request for the PutBucketCors operation. The "output" return
-// value will be populated with the request's response once the request completes
-// successfully.
-//
-// Use "Send" method on the returned Request to send the API call to the service.
-// the "output" return value is not valid until after Send returns without error.
-//
-// See PutBucketCors for more information on using the PutBucketCors
-// API call, and error handling.
-//
-// This method is useful when you want to inject custom logic or configuration
-// into the SDK's request lifecycle. Such as custom headers, or retry logic.
-//
-//	// Example sending a request using the PutBucketCorsRequest method.
-//	req, resp := client.PutBucketCorsRequest(params)
-//
-//	err := req.Send()
-//	if err == nil { // resp is now filled
-//	    fmt.Println(resp)
-//	}
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketCors
-func (c *S3) PutBucketCorsRequest(input *PutBucketCorsInput) (req *request.Request, output *PutBucketCorsOutput) {
-	op := &request.Operation{
-		Name:       opPutBucketCors,
-		HTTPMethod: "PUT",
-		HTTPPath:   "/{Bucket}?cors",
-	}
-
-	if input == nil {
-		input = &PutBucketCorsInput{}
-	}
-
-	output = &PutBucketCorsOutput{}
-	req = c.newRequest(op, input, output)
-	req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
-	req.Handlers.Build.PushBackNamed(request.NamedHandler{
-		Name: "contentMd5Handler",
-		Fn:   checksum.AddBodyContentMD5Handler,
-	})
-	return
-}
-
-// PutBucketCors API operation for Amazon Simple Storage Service.
-//
-// Sets the cors configuration for your bucket. If the configuration exists,
-// Amazon S3 replaces it.
-//
-// To use this operation, you must be allowed to perform the s3:PutBucketCORS
-// action. By default, the bucket owner has this permission and can grant it
-// to others.
-//
-// You set this configuration on a bucket so that the bucket can service cross-origin
-// requests. For example, you might want to enable a request whose origin is
-// http://www.example.com to access your Amazon S3 bucket at my.example.bucket.com
-// by using the browser's XMLHttpRequest capability.
-//
-// To enable cross-origin resource sharing (CORS) on a bucket, you add the cors
-// subresource to the bucket. The cors subresource is an XML document in which
-// you configure rules that identify origins and the HTTP methods that can be
-// executed on your bucket. The document is limited to 64 KB in size.
-//
-// When Amazon S3 receives a cross-origin request (or a pre-flight OPTIONS request)
-// against a bucket, it evaluates the cors configuration on the bucket and uses
-// the first CORSRule rule that matches the incoming browser request to enable
-// a cross-origin request. For a rule to match, the following conditions must
-// be met:
-//
-//   - The request's Origin header must match AllowedOrigin elements.
-//
-//   - The request method (for example, GET, PUT, HEAD, and so on) or the Access-Control-Request-Method
-//     header in case of a pre-flight OPTIONS request must be one of the AllowedMethod
-//     elements.
-//
-//   - Every header specified in the Access-Control-Request-Headers request
-//     header of a pre-flight request must match an AllowedHeader element.
-//
-// For more information about CORS, go to Enabling Cross-Origin Resource Sharing
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/cors.html) in the Amazon
-// S3 User Guide.
-//
-// The following operations are related to PutBucketCors:
-//
-//   - GetBucketCors (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketCors.html)
-//
-//   - DeleteBucketCors (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketCors.html)
-//
-//   - RESTOPTIONSobject (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTOPTIONSobject.html)
-//
-// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
-// with awserr.Error's Code and Message methods to get detailed information about
-// the error.
-//
-// See the AWS API reference guide for Amazon Simple Storage Service's
-// API operation PutBucketCors for usage and error information.
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketCors
-func (c *S3) PutBucketCors(input *PutBucketCorsInput) (*PutBucketCorsOutput, error) {
-	req, out := c.PutBucketCorsRequest(input)
-	return out, req.Send()
-}
-
-// PutBucketCorsWithContext is the same as PutBucketCors with the addition of
-// the ability to pass a context and additional request options.
-//
-// See PutBucketCors for details on how to use this API operation.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-func (c *S3) PutBucketCorsWithContext(ctx aws.Context, input *PutBucketCorsInput, opts ...request.Option) (*PutBucketCorsOutput, error) {
-	req, out := c.PutBucketCorsRequest(input)
-	req.SetContext(ctx)
-	req.ApplyOptions(opts...)
-	return out, req.Send()
-}
-
-const opPutBucketEncryption = "PutBucketEncryption"
-
-// PutBucketEncryptionRequest generates a "aws/request.Request" representing the
-// client's request for the PutBucketEncryption operation. The "output" return
-// value will be populated with the request's response once the request completes
-// successfully.
-//
-// Use "Send" method on the returned Request to send the API call to the service.
-// the "output" return value is not valid until after Send returns without error.
-//
-// See PutBucketEncryption for more information on using the PutBucketEncryption
-// API call, and error handling.
-//
-// This method is useful when you want to inject custom logic or configuration
-// into the SDK's request lifecycle. Such as custom headers, or retry logic.
-//
-//	// Example sending a request using the PutBucketEncryptionRequest method.
-//	req, resp := client.PutBucketEncryptionRequest(params)
-//
-//	err := req.Send()
-//	if err == nil { // resp is now filled
-//	    fmt.Println(resp)
-//	}
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketEncryption
-func (c *S3) PutBucketEncryptionRequest(input *PutBucketEncryptionInput) (req *request.Request, output *PutBucketEncryptionOutput) {
-	op := &request.Operation{
-		Name:       opPutBucketEncryption,
-		HTTPMethod: "PUT",
-		HTTPPath:   "/{Bucket}?encryption",
-	}
-
-	if input == nil {
-		input = &PutBucketEncryptionInput{}
-	}
-
-	output = &PutBucketEncryptionOutput{}
-	req = c.newRequest(op, input, output)
-	req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
-	req.Handlers.Build.PushBackNamed(request.NamedHandler{
-		Name: "contentMd5Handler",
-		Fn:   checksum.AddBodyContentMD5Handler,
-	})
-	return
-}
-
-// PutBucketEncryption API operation for Amazon Simple Storage Service.
-//
-// This action uses the encryption subresource to configure default encryption
-// and Amazon S3 Bucket Keys for an existing bucket.
-//
-// By default, all buckets have a default encryption configuration that uses
-// server-side encryption with Amazon S3 managed keys (SSE-S3). You can optionally
-// configure default encryption for a bucket by using server-side encryption
-// with Key Management Service (KMS) keys (SSE-KMS), dual-layer server-side
-// encryption with Amazon Web Services KMS keys (DSSE-KMS), or server-side encryption
-// with customer-provided keys (SSE-C). If you specify default encryption by
-// using SSE-KMS, you can also configure Amazon S3 Bucket Keys. For information
-// about bucket default encryption, see Amazon S3 bucket default encryption
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html)
-// in the Amazon S3 User Guide. For more information about S3 Bucket Keys, see
-// Amazon S3 Bucket Keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-key.html)
-// in the Amazon S3 User Guide.
-//
-// This action requires Amazon Web Services Signature Version 4. For more information,
-// see Authenticating Requests (Amazon Web Services Signature Version 4) (https://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-authenticating-requests.html).
-//
-// To use this operation, you must have permission to perform the s3:PutEncryptionConfiguration
-// action. The bucket owner has this permission by default. The bucket owner
-// can grant this permission to others. For more information about permissions,
-// see Permissions Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
-// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html)
-// in the Amazon S3 User Guide.
-//
-// The following operations are related to PutBucketEncryption:
-//
-//   - GetBucketEncryption (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketEncryption.html)
-//
-//   - DeleteBucketEncryption (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketEncryption.html)
-//
-// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
-// with awserr.Error's Code and Message methods to get detailed information about
-// the error.
-//
-// See the AWS API reference guide for Amazon Simple Storage Service's
-// API operation PutBucketEncryption for usage and error information.
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketEncryption
-func (c *S3) PutBucketEncryption(input *PutBucketEncryptionInput) (*PutBucketEncryptionOutput, error) {
-	req, out := c.PutBucketEncryptionRequest(input)
-	return out, req.Send()
-}
-
-// PutBucketEncryptionWithContext is the same as PutBucketEncryption with the addition of
-// the ability to pass a context and additional request options.
-//
-// See PutBucketEncryption for details on how to use this API operation.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-func (c *S3) PutBucketEncryptionWithContext(ctx aws.Context, input *PutBucketEncryptionInput, opts ...request.Option) (*PutBucketEncryptionOutput, error) {
-	req, out := c.PutBucketEncryptionRequest(input)
-	req.SetContext(ctx)
-	req.ApplyOptions(opts...)
-	return out, req.Send()
-}
-
-const opPutBucketIntelligentTieringConfiguration = "PutBucketIntelligentTieringConfiguration"
-
-// PutBucketIntelligentTieringConfigurationRequest generates a "aws/request.Request" representing the
-// client's request for the PutBucketIntelligentTieringConfiguration operation. The "output" return
-// value will be populated with the request's response once the request completes
-// successfully.
-//
-// Use "Send" method on the returned Request to send the API call to the service.
-// the "output" return value is not valid until after Send returns without error.
-//
-// See PutBucketIntelligentTieringConfiguration for more information on using the PutBucketIntelligentTieringConfiguration
-// API call, and error handling.
-//
-// This method is useful when you want to inject custom logic or configuration
-// into the SDK's request lifecycle. Such as custom headers, or retry logic.
-//
-//	// Example sending a request using the PutBucketIntelligentTieringConfigurationRequest method.
-//	req, resp := client.PutBucketIntelligentTieringConfigurationRequest(params)
-//
-//	err := req.Send()
-//	if err == nil { // resp is now filled
-//	    fmt.Println(resp)
-//	}
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketIntelligentTieringConfiguration
-func (c *S3) PutBucketIntelligentTieringConfigurationRequest(input *PutBucketIntelligentTieringConfigurationInput) (req *request.Request, output *PutBucketIntelligentTieringConfigurationOutput) {
-	op := &request.Operation{
-		Name:       opPutBucketIntelligentTieringConfiguration,
-		HTTPMethod: "PUT",
-		HTTPPath:   "/{Bucket}?intelligent-tiering",
-	}
-
-	if input == nil {
-		input = &PutBucketIntelligentTieringConfigurationInput{}
-	}
-
-	output = &PutBucketIntelligentTieringConfigurationOutput{}
-	req = c.newRequest(op, input, output)
-	req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
-	return
-}
-
-// PutBucketIntelligentTieringConfiguration API operation for Amazon Simple Storage Service.
-//
-// Puts a S3 Intelligent-Tiering configuration to the specified bucket. You
-// can have up to 1,000 S3 Intelligent-Tiering configurations per bucket.
-//
-// The S3 Intelligent-Tiering storage class is designed to optimize storage
-// costs by automatically moving data to the most cost-effective storage access
-// tier, without performance impact or operational overhead. S3 Intelligent-Tiering
-// delivers automatic cost savings in three low latency and high throughput
-// access tiers. To get the lowest storage cost on data that can be accessed
-// in minutes to hours, you can choose to activate additional archiving capabilities.
-//
-// The S3 Intelligent-Tiering storage class is the ideal storage class for data
-// with unknown, changing, or unpredictable access patterns, independent of
-// object size or retention period. If the size of an object is less than 128
-// KB, it is not monitored and not eligible for auto-tiering. Smaller objects
-// can be stored, but they are always charged at the Frequent Access tier rates
-// in the S3 Intelligent-Tiering storage class.
-//
-// For more information, see Storage class for automatically optimizing frequently
-// and infrequently accessed objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html#sc-dynamic-data-access).
-//
-// Operations related to PutBucketIntelligentTieringConfiguration include:
-//
-//   - DeleteBucketIntelligentTieringConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketIntelligentTieringConfiguration.html)
-//
-//   - GetBucketIntelligentTieringConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketIntelligentTieringConfiguration.html)
-//
-//   - ListBucketIntelligentTieringConfigurations (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketIntelligentTieringConfigurations.html)
-//
-// You only need S3 Intelligent-Tiering enabled on a bucket if you want to automatically
-// move objects stored in the S3 Intelligent-Tiering storage class to the Archive
-// Access or Deep Archive Access tier.
-//
-// PutBucketIntelligentTieringConfiguration has the following special errors:
-//
-// # HTTP 400 Bad Request Error
-//
-// Code: InvalidArgument
-//
-// Cause: Invalid Argument
-//
-// # HTTP 400 Bad Request Error
-//
-// Code: TooManyConfigurations
-//
-// Cause: You are attempting to create a new configuration but have already
-// reached the 1,000-configuration limit.
-//
-// # HTTP 403 Forbidden Error
-//
-// Cause: You are not the owner of the specified bucket, or you do not have
-// the s3:PutIntelligentTieringConfiguration bucket permission to set the configuration
-// on the bucket.
-//
-// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
-// with awserr.Error's Code and Message methods to get detailed information about
-// the error.
-//
-// See the AWS API reference guide for Amazon Simple Storage Service's
-// API operation PutBucketIntelligentTieringConfiguration for usage and error information.
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketIntelligentTieringConfiguration
-func (c *S3) PutBucketIntelligentTieringConfiguration(input *PutBucketIntelligentTieringConfigurationInput) (*PutBucketIntelligentTieringConfigurationOutput, error) {
-	req, out := c.PutBucketIntelligentTieringConfigurationRequest(input)
-	return out, req.Send()
-}
-
-// PutBucketIntelligentTieringConfigurationWithContext is the same as PutBucketIntelligentTieringConfiguration with the addition of
-// the ability to pass a context and additional request options.
-//
-// See PutBucketIntelligentTieringConfiguration for details on how to use this API operation.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-func (c *S3) PutBucketIntelligentTieringConfigurationWithContext(ctx aws.Context, input *PutBucketIntelligentTieringConfigurationInput, opts ...request.Option) (*PutBucketIntelligentTieringConfigurationOutput, error) {
-	req, out := c.PutBucketIntelligentTieringConfigurationRequest(input)
-	req.SetContext(ctx)
-	req.ApplyOptions(opts...)
-	return out, req.Send()
-}
-
-const opPutBucketInventoryConfiguration = "PutBucketInventoryConfiguration"
-
-// PutBucketInventoryConfigurationRequest generates a "aws/request.Request" representing the
-// client's request for the PutBucketInventoryConfiguration operation. The "output" return
-// value will be populated with the request's response once the request completes
-// successfully.
-//
-// Use "Send" method on the returned Request to send the API call to the service.
-// the "output" return value is not valid until after Send returns without error.
-//
-// See PutBucketInventoryConfiguration for more information on using the PutBucketInventoryConfiguration
-// API call, and error handling.
-//
-// This method is useful when you want to inject custom logic or configuration
-// into the SDK's request lifecycle. Such as custom headers, or retry logic.
-//
-//	// Example sending a request using the PutBucketInventoryConfigurationRequest method.
-//	req, resp := client.PutBucketInventoryConfigurationRequest(params)
-//
-//	err := req.Send()
-//	if err == nil { // resp is now filled
-//	    fmt.Println(resp)
-//	}
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketInventoryConfiguration
-func (c *S3) PutBucketInventoryConfigurationRequest(input *PutBucketInventoryConfigurationInput) (req *request.Request, output *PutBucketInventoryConfigurationOutput) {
-	op := &request.Operation{
-		Name:       opPutBucketInventoryConfiguration,
-		HTTPMethod: "PUT",
-		HTTPPath:   "/{Bucket}?inventory",
-	}
-
-	if input == nil {
-		input = &PutBucketInventoryConfigurationInput{}
-	}
-
-	output = &PutBucketInventoryConfigurationOutput{}
-	req = c.newRequest(op, input, output)
-	req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
-	return
-}
-
-// PutBucketInventoryConfiguration API operation for Amazon Simple Storage Service.
-//
-// This implementation of the PUT action adds an inventory configuration (identified
-// by the inventory ID) to the bucket. You can have up to 1,000 inventory configurations
-// per bucket.
-//
-// Amazon S3 inventory generates inventories of the objects in the bucket on
-// a daily or weekly basis, and the results are published to a flat file. The
-// bucket that is inventoried is called the source bucket, and the bucket where
-// the inventory flat file is stored is called the destination bucket. The destination
-// bucket must be in the same Amazon Web Services Region as the source bucket.
-//
-// When you configure an inventory for a source bucket, you specify the destination
-// bucket where you want the inventory to be stored, and whether to generate
-// the inventory daily or weekly. You can also configure what object metadata
-// to include and whether to inventory all object versions or only current versions.
-// For more information, see Amazon S3 Inventory (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-inventory.html)
-// in the Amazon S3 User Guide.
-//
-// You must create a bucket policy on the destination bucket to grant permissions
-// to Amazon S3 to write objects to the bucket in the defined location. For
-// an example policy, see Granting Permissions for Amazon S3 Inventory and Storage
-// Class Analysis (https://docs.aws.amazon.com/AmazonS3/latest/dev/example-bucket-policies.html#example-bucket-policies-use-case-9).
-//
-// # Permissions
-//
-// To use this operation, you must have permission to perform the s3:PutInventoryConfiguration
-// action. The bucket owner has this permission by default and can grant this
-// permission to others.
-//
-// The s3:PutInventoryConfiguration permission allows a user to create an S3
-// Inventory (https://docs.aws.amazon.com/AmazonS3/latest/userguide/storage-inventory.html)
-// report that includes all object metadata fields available and to specify
-// the destination bucket to store the inventory. A user with read access to
-// objects in the destination bucket can also access all object metadata fields
-// that are available in the inventory report.
-//
-// To restrict access to an inventory report, see Restricting access to an Amazon
-// S3 Inventory report (https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-bucket-policies.html#example-bucket-policies-use-case-10)
-// in the Amazon S3 User Guide. For more information about the metadata fields
-// available in S3 Inventory, see Amazon S3 Inventory lists (https://docs.aws.amazon.com/AmazonS3/latest/userguide/storage-inventory.html#storage-inventory-contents)
-// in the Amazon S3 User Guide. For more information about permissions, see
-// Permissions related to bucket subresource operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
-// and Identity and access management in Amazon S3 (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html)
-// in the Amazon S3 User Guide.
-//
-// PutBucketInventoryConfiguration has the following special errors:
-//
-// # HTTP 400 Bad Request Error
-//
-// Code: InvalidArgument
-//
-// Cause: Invalid Argument
-//
-// # HTTP 400 Bad Request Error
-//
-// Code: TooManyConfigurations
-//
-// Cause: You are attempting to create a new configuration but have already
-// reached the 1,000-configuration limit.
-//
-// # HTTP 403 Forbidden Error
-//
-// Cause: You are not the owner of the specified bucket, or you do not have
-// the s3:PutInventoryConfiguration bucket permission to set the configuration
-// on the bucket.
-//
-// The following operations are related to PutBucketInventoryConfiguration:
-//
-//   - GetBucketInventoryConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketInventoryConfiguration.html)
-//
-//   - DeleteBucketInventoryConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketInventoryConfiguration.html)
-//
-//   - ListBucketInventoryConfigurations (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketInventoryConfigurations.html)
-//
-// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
-// with awserr.Error's Code and Message methods to get detailed information about
-// the error.
-//
-// See the AWS API reference guide for Amazon Simple Storage Service's
-// API operation PutBucketInventoryConfiguration for usage and error information.
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketInventoryConfiguration
-func (c *S3) PutBucketInventoryConfiguration(input *PutBucketInventoryConfigurationInput) (*PutBucketInventoryConfigurationOutput, error) {
-	req, out := c.PutBucketInventoryConfigurationRequest(input)
-	return out, req.Send()
-}
-
-// PutBucketInventoryConfigurationWithContext is the same as PutBucketInventoryConfiguration with the addition of
-// the ability to pass a context and additional request options.
-//
-// See PutBucketInventoryConfiguration for details on how to use this API operation.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-func (c *S3) PutBucketInventoryConfigurationWithContext(ctx aws.Context, input *PutBucketInventoryConfigurationInput, opts ...request.Option) (*PutBucketInventoryConfigurationOutput, error) {
-	req, out := c.PutBucketInventoryConfigurationRequest(input)
-	req.SetContext(ctx)
-	req.ApplyOptions(opts...)
-	return out, req.Send()
-}
-
-const opPutBucketLifecycle = "PutBucketLifecycle"
-
-// PutBucketLifecycleRequest generates a "aws/request.Request" representing the
-// client's request for the PutBucketLifecycle operation. The "output" return
-// value will be populated with the request's response once the request completes
-// successfully.
-//
-// Use "Send" method on the returned Request to send the API call to the service.
-// the "output" return value is not valid until after Send returns without error.
-//
-// See PutBucketLifecycle for more information on using the PutBucketLifecycle
-// API call, and error handling.
-//
-// This method is useful when you want to inject custom logic or configuration
-// into the SDK's request lifecycle. Such as custom headers, or retry logic.
-//
-//	// Example sending a request using the PutBucketLifecycleRequest method.
-//	req, resp := client.PutBucketLifecycleRequest(params)
-//
-//	err := req.Send()
-//	if err == nil { // resp is now filled
-//	    fmt.Println(resp)
-//	}
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketLifecycle
-//
-// Deprecated: PutBucketLifecycle has been deprecated
-func (c *S3) PutBucketLifecycleRequest(input *PutBucketLifecycleInput) (req *request.Request, output *PutBucketLifecycleOutput) {
-	if c.Client.Config.Logger != nil {
-		c.Client.Config.Logger.Log("This operation, PutBucketLifecycle, has been deprecated")
-	}
-	op := &request.Operation{
-		Name:       opPutBucketLifecycle,
-		HTTPMethod: "PUT",
-		HTTPPath:   "/{Bucket}?lifecycle",
-	}
-
-	if input == nil {
-		input = &PutBucketLifecycleInput{}
-	}
-
-	output = &PutBucketLifecycleOutput{}
-	req = c.newRequest(op, input, output)
-	req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
-	req.Handlers.Build.PushBackNamed(request.NamedHandler{
-		Name: "contentMd5Handler",
-		Fn:   checksum.AddBodyContentMD5Handler,
-	})
-	return
-}
-
-// PutBucketLifecycle API operation for Amazon Simple Storage Service.
-//
-// For an updated version of this API, see PutBucketLifecycleConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycleConfiguration.html).
-// This version has been deprecated. Existing lifecycle configurations will
-// work. For new lifecycle configurations, use the updated API.
-//
-// Creates a new lifecycle configuration for the bucket or replaces an existing
-// lifecycle configuration. For information about lifecycle configuration, see
-// Object Lifecycle Management (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html)
-// in the Amazon S3 User Guide.
-//
-// By default, all Amazon S3 resources, including buckets, objects, and related
-// subresources (for example, lifecycle configuration and website configuration)
-// are private. Only the resource owner, the Amazon Web Services account that
-// created the resource, can access it. The resource owner can optionally grant
-// access permissions to others by writing an access policy. For this operation,
-// users must get the s3:PutLifecycleConfiguration permission.
-//
-// You can also explicitly deny permissions. Explicit denial also supersedes
-// any other permissions. If you want to prevent users or accounts from removing
-// or deleting objects from your bucket, you must deny them permissions for
-// the following actions:
-//
-//   - s3:DeleteObject
-//
-//   - s3:DeleteObjectVersion
-//
-//   - s3:PutLifecycleConfiguration
-//
-// For more information about permissions, see Managing Access Permissions to
-// your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html)
-// in the Amazon S3 User Guide.
-//
-// For more examples of transitioning objects to storage classes such as STANDARD_IA
-// or ONEZONE_IA, see Examples of Lifecycle Configuration (https://docs.aws.amazon.com/AmazonS3/latest/dev/intro-lifecycle-rules.html#lifecycle-configuration-examples).
-//
-// The following operations are related to PutBucketLifecycle:
-//
-//   - GetBucketLifecycle (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketLifecycle.html)(Deprecated)
-//
-//   - GetBucketLifecycleConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketLifecycleConfiguration.html)
-//
-//   - RestoreObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_RestoreObject.html)
-//
-//   - By default, a resource owner—in this case, a bucket owner, which is
-//     the Amazon Web Services account that created the bucket—can perform
-//     any of the operations. A resource owner can also grant others permission
-//     to perform the operation. For more information, see the following topics
-//     in the Amazon S3 User Guide: Specifying Permissions in a Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html)
-//     Managing Access Permissions to your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html)
-//
-// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
-// with awserr.Error's Code and Message methods to get detailed information about
-// the error.
-//
-// See the AWS API reference guide for Amazon Simple Storage Service's
-// API operation PutBucketLifecycle for usage and error information.
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketLifecycle
-//
-// Deprecated: PutBucketLifecycle has been deprecated
-func (c *S3) PutBucketLifecycle(input *PutBucketLifecycleInput) (*PutBucketLifecycleOutput, error) {
-	req, out := c.PutBucketLifecycleRequest(input)
-	return out, req.Send()
-}
-
-// PutBucketLifecycleWithContext is the same as PutBucketLifecycle with the addition of
-// the ability to pass a context and additional request options.
-//
-// See PutBucketLifecycle for details on how to use this API operation.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-//
-// Deprecated: PutBucketLifecycleWithContext has been deprecated
-func (c *S3) PutBucketLifecycleWithContext(ctx aws.Context, input *PutBucketLifecycleInput, opts ...request.Option) (*PutBucketLifecycleOutput, error) {
-	req, out := c.PutBucketLifecycleRequest(input)
-	req.SetContext(ctx)
-	req.ApplyOptions(opts...)
-	return out, req.Send()
-}
-
-const opPutBucketLifecycleConfiguration = "PutBucketLifecycleConfiguration"
-
-// PutBucketLifecycleConfigurationRequest generates a "aws/request.Request" representing the
-// client's request for the PutBucketLifecycleConfiguration operation. The "output" return
-// value will be populated with the request's response once the request completes
-// successfully.
-//
-// Use "Send" method on the returned Request to send the API call to the service.
-// the "output" return value is not valid until after Send returns without error.
-//
-// See PutBucketLifecycleConfiguration for more information on using the PutBucketLifecycleConfiguration
-// API call, and error handling.
-//
-// This method is useful when you want to inject custom logic or configuration
-// into the SDK's request lifecycle. Such as custom headers, or retry logic.
-//
-//	// Example sending a request using the PutBucketLifecycleConfigurationRequest method.
-//	req, resp := client.PutBucketLifecycleConfigurationRequest(params)
-//
-//	err := req.Send()
-//	if err == nil { // resp is now filled
-//	    fmt.Println(resp)
-//	}
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketLifecycleConfiguration
-func (c *S3) PutBucketLifecycleConfigurationRequest(input *PutBucketLifecycleConfigurationInput) (req *request.Request, output *PutBucketLifecycleConfigurationOutput) {
-	op := &request.Operation{
-		Name:       opPutBucketLifecycleConfiguration,
-		HTTPMethod: "PUT",
-		HTTPPath:   "/{Bucket}?lifecycle",
-	}
-
-	if input == nil {
-		input = &PutBucketLifecycleConfigurationInput{}
-	}
-
-	output = &PutBucketLifecycleConfigurationOutput{}
-	req = c.newRequest(op, input, output)
-	req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
-	req.Handlers.Build.PushBackNamed(request.NamedHandler{
-		Name: "contentMd5Handler",
-		Fn:   checksum.AddBodyContentMD5Handler,
-	})
-	return
-}
-
-// PutBucketLifecycleConfiguration API operation for Amazon Simple Storage Service.
-//
-// Creates a new lifecycle configuration for the bucket or replaces an existing
-// lifecycle configuration. Keep in mind that this will overwrite an existing
-// lifecycle configuration, so if you want to retain any configuration details,
-// they must be included in the new lifecycle configuration. For information
-// about lifecycle configuration, see Managing your storage lifecycle (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lifecycle-mgmt.html).
-//
-// Bucket lifecycle configuration now supports specifying a lifecycle rule using
-// an object key name prefix, one or more object tags, or a combination of both.
-// Accordingly, this section describes the latest API. The previous version
-// of the API supported filtering based only on an object key name prefix, which
-// is supported for backward compatibility. For the related API description,
-// see PutBucketLifecycle (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycle.html).
-//
-// # Rules
-//
-// You specify the lifecycle configuration in your request body. The lifecycle
-// configuration is specified as XML consisting of one or more rules. An Amazon
-// S3 Lifecycle configuration can have up to 1,000 rules. This limit is not
-// adjustable. Each rule consists of the following:
-//
-//   - A filter identifying a subset of objects to which the rule applies.
-//     The filter can be based on a key name prefix, object tags, or a combination
-//     of both.
-//
-//   - A status indicating whether the rule is in effect.
-//
-//   - One or more lifecycle transition and expiration actions that you want
-//     Amazon S3 to perform on the objects identified by the filter. If the state
-//     of your bucket is versioning-enabled or versioning-suspended, you can
-//     have many versions of the same object (one current version and zero or
-//     more noncurrent versions). Amazon S3 provides predefined actions that
-//     you can specify for current and noncurrent object versions.
-//
-// For more information, see Object Lifecycle Management (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html)
-// and Lifecycle Configuration Elements (https://docs.aws.amazon.com/AmazonS3/latest/dev/intro-lifecycle-rules.html).
-//
-// # Permissions
-//
-// By default, all Amazon S3 resources are private, including buckets, objects,
-// and related subresources (for example, lifecycle configuration and website
-// configuration). Only the resource owner (that is, the Amazon Web Services
-// account that created it) can access the resource. The resource owner can
-// optionally grant access permissions to others by writing an access policy.
-// For this operation, a user must get the s3:PutLifecycleConfiguration permission.
-//
-// You can also explicitly deny permissions. An explicit deny also supersedes
-// any other permissions. If you want to block users or accounts from removing
-// or deleting objects from your bucket, you must deny them permissions for
-// the following actions:
-//
-//   - s3:DeleteObject
-//
-//   - s3:DeleteObjectVersion
-//
-//   - s3:PutLifecycleConfiguration
-//
-// For more information about permissions, see Managing Access Permissions to
-// Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html).
-//
-// The following operations are related to PutBucketLifecycleConfiguration:
-//
-//   - Examples of Lifecycle Configuration (https://docs.aws.amazon.com/AmazonS3/latest/dev/lifecycle-configuration-examples.html)
-//
-//   - GetBucketLifecycleConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketLifecycleConfiguration.html)
-//
-//   - DeleteBucketLifecycle (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketLifecycle.html)
-//
-// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
-// with awserr.Error's Code and Message methods to get detailed information about
-// the error.
-//
-// See the AWS API reference guide for Amazon Simple Storage Service's
-// API operation PutBucketLifecycleConfiguration for usage and error information.
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketLifecycleConfiguration
-func (c *S3) PutBucketLifecycleConfiguration(input *PutBucketLifecycleConfigurationInput) (*PutBucketLifecycleConfigurationOutput, error) {
-	req, out := c.PutBucketLifecycleConfigurationRequest(input)
-	return out, req.Send()
-}
-
-// PutBucketLifecycleConfigurationWithContext is the same as PutBucketLifecycleConfiguration with the addition of
-// the ability to pass a context and additional request options.
-//
-// See PutBucketLifecycleConfiguration for details on how to use this API operation.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-func (c *S3) PutBucketLifecycleConfigurationWithContext(ctx aws.Context, input *PutBucketLifecycleConfigurationInput, opts ...request.Option) (*PutBucketLifecycleConfigurationOutput, error) {
-	req, out := c.PutBucketLifecycleConfigurationRequest(input)
-	req.SetContext(ctx)
-	req.ApplyOptions(opts...)
-	return out, req.Send()
-}
-
-const opPutBucketLogging = "PutBucketLogging"
-
-// PutBucketLoggingRequest generates a "aws/request.Request" representing the
-// client's request for the PutBucketLogging operation. The "output" return
-// value will be populated with the request's response once the request completes
-// successfully.
-//
-// Use "Send" method on the returned Request to send the API call to the service.
-// the "output" return value is not valid until after Send returns without error.
-//
-// See PutBucketLogging for more information on using the PutBucketLogging
-// API call, and error handling.
-//
-// This method is useful when you want to inject custom logic or configuration
-// into the SDK's request lifecycle. Such as custom headers, or retry logic.
-//
-//	// Example sending a request using the PutBucketLoggingRequest method.
-//	req, resp := client.PutBucketLoggingRequest(params)
-//
-//	err := req.Send()
-//	if err == nil { // resp is now filled
-//	    fmt.Println(resp)
-//	}
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketLogging
-func (c *S3) PutBucketLoggingRequest(input *PutBucketLoggingInput) (req *request.Request, output *PutBucketLoggingOutput) {
-	op := &request.Operation{
-		Name:       opPutBucketLogging,
-		HTTPMethod: "PUT",
-		HTTPPath:   "/{Bucket}?logging",
-	}
-
-	if input == nil {
-		input = &PutBucketLoggingInput{}
-	}
-
-	output = &PutBucketLoggingOutput{}
-	req = c.newRequest(op, input, output)
-	req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
-	req.Handlers.Build.PushBackNamed(request.NamedHandler{
-		Name: "contentMd5Handler",
-		Fn:   checksum.AddBodyContentMD5Handler,
-	})
-	return
-}
-
-// PutBucketLogging API operation for Amazon Simple Storage Service.
-//
-// Set the logging parameters for a bucket and to specify permissions for who
-// can view and modify the logging parameters. All logs are saved to buckets
-// in the same Amazon Web Services Region as the source bucket. To set the logging
-// status of a bucket, you must be the bucket owner.
-//
-// The bucket owner is automatically granted FULL_CONTROL to all logs. You use
-// the Grantee request element to grant access to other people. The Permissions
-// request element specifies the kind of access the grantee has to the logs.
-//
-// If the target bucket for log delivery uses the bucket owner enforced setting
-// for S3 Object Ownership, you can't use the Grantee request element to grant
-// access to others. Permissions can only be granted using policies. For more
-// information, see Permissions for server access log delivery (https://docs.aws.amazon.com/AmazonS3/latest/userguide/enable-server-access-logging.html#grant-log-delivery-permissions-general)
-// in the Amazon S3 User Guide.
-//
-// # Grantee Values
-//
-// You can specify the person (grantee) to whom you're assigning access rights
-// (by using request elements) in the following ways:
-//
-//   - By the person's ID: <Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-//     xsi:type="CanonicalUser"><ID><>ID<></ID><DisplayName><>GranteesEmail<></DisplayName>
-//     </Grantee> DisplayName is optional and ignored in the request.
-//
-//   - By Email address: <Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-//     xsi:type="AmazonCustomerByEmail"><EmailAddress><>Grantees@email.com<></EmailAddress></Grantee>
-//     The grantee is resolved to the CanonicalUser and, in a response to a GETObjectAcl
-//     request, appears as the CanonicalUser.
-//
-//   - By URI: <Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-//     xsi:type="Group"><URI><>http://acs.amazonaws.com/groups/global/AuthenticatedUsers<></URI></Grantee>
-//
-// To enable logging, you use LoggingEnabled and its children request elements.
-// To disable logging, you use an empty BucketLoggingStatus request element:
-//
-// <BucketLoggingStatus xmlns="http://doc.s3.amazonaws.com/2006-03-01" />
-//
-// For more information about server access logging, see Server Access Logging
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/ServerLogs.html) in
-// the Amazon S3 User Guide.
-//
-// For more information about creating a bucket, see CreateBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html).
-// For more information about returning the logging status of a bucket, see
-// GetBucketLogging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketLogging.html).
-//
-// The following operations are related to PutBucketLogging:
-//
-//   - PutObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html)
-//
-//   - DeleteBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucket.html)
-//
-//   - CreateBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html)
-//
-//   - GetBucketLogging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketLogging.html)
-//
-// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
-// with awserr.Error's Code and Message methods to get detailed information about
-// the error.
-//
-// See the AWS API reference guide for Amazon Simple Storage Service's
-// API operation PutBucketLogging for usage and error information.
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketLogging
-func (c *S3) PutBucketLogging(input *PutBucketLoggingInput) (*PutBucketLoggingOutput, error) {
-	req, out := c.PutBucketLoggingRequest(input)
-	return out, req.Send()
-}
-
-// PutBucketLoggingWithContext is the same as PutBucketLogging with the addition of
-// the ability to pass a context and additional request options.
-//
-// See PutBucketLogging for details on how to use this API operation.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-func (c *S3) PutBucketLoggingWithContext(ctx aws.Context, input *PutBucketLoggingInput, opts ...request.Option) (*PutBucketLoggingOutput, error) {
-	req, out := c.PutBucketLoggingRequest(input)
-	req.SetContext(ctx)
-	req.ApplyOptions(opts...)
-	return out, req.Send()
-}
-
-const opPutBucketMetricsConfiguration = "PutBucketMetricsConfiguration"
-
-// PutBucketMetricsConfigurationRequest generates a "aws/request.Request" representing the
-// client's request for the PutBucketMetricsConfiguration operation. The "output" return
-// value will be populated with the request's response once the request completes
-// successfully.
-//
-// Use "Send" method on the returned Request to send the API call to the service.
-// the "output" return value is not valid until after Send returns without error.
-//
-// See PutBucketMetricsConfiguration for more information on using the PutBucketMetricsConfiguration
-// API call, and error handling.
-//
-// This method is useful when you want to inject custom logic or configuration
-// into the SDK's request lifecycle. Such as custom headers, or retry logic.
-//
-//	// Example sending a request using the PutBucketMetricsConfigurationRequest method.
-//	req, resp := client.PutBucketMetricsConfigurationRequest(params)
-//
-//	err := req.Send()
-//	if err == nil { // resp is now filled
-//	    fmt.Println(resp)
-//	}
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketMetricsConfiguration
-func (c *S3) PutBucketMetricsConfigurationRequest(input *PutBucketMetricsConfigurationInput) (req *request.Request, output *PutBucketMetricsConfigurationOutput) {
-	op := &request.Operation{
-		Name:       opPutBucketMetricsConfiguration,
-		HTTPMethod: "PUT",
-		HTTPPath:   "/{Bucket}?metrics",
-	}
-
-	if input == nil {
-		input = &PutBucketMetricsConfigurationInput{}
-	}
-
-	output = &PutBucketMetricsConfigurationOutput{}
-	req = c.newRequest(op, input, output)
-	req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
-	return
-}
-
-// PutBucketMetricsConfiguration API operation for Amazon Simple Storage Service.
-//
-// Sets a metrics configuration (specified by the metrics configuration ID)
-// for the bucket. You can have up to 1,000 metrics configurations per bucket.
-// If you're updating an existing metrics configuration, note that this is a
-// full replacement of the existing metrics configuration. If you don't include
-// the elements you want to keep, they are erased.
-//
-// To use this operation, you must have permissions to perform the s3:PutMetricsConfiguration
-// action. The bucket owner has this permission by default. The bucket owner
-// can grant this permission to others. For more information about permissions,
-// see Permissions Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
-// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html).
-//
-// For information about CloudWatch request metrics for Amazon S3, see Monitoring
-// Metrics with Amazon CloudWatch (https://docs.aws.amazon.com/AmazonS3/latest/dev/cloudwatch-monitoring.html).
-//
-// The following operations are related to PutBucketMetricsConfiguration:
-//
-//   - DeleteBucketMetricsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketMetricsConfiguration.html)
-//
-//   - GetBucketMetricsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketMetricsConfiguration.html)
-//
-//   - ListBucketMetricsConfigurations (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketMetricsConfigurations.html)
-//
-// PutBucketMetricsConfiguration has the following special error:
-//
-//   - Error code: TooManyConfigurations Description: You are attempting to
-//     create a new configuration but have already reached the 1,000-configuration
-//     limit. HTTP Status Code: HTTP 400 Bad Request
-//
-// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
-// with awserr.Error's Code and Message methods to get detailed information about
-// the error.
-//
-// See the AWS API reference guide for Amazon Simple Storage Service's
-// API operation PutBucketMetricsConfiguration for usage and error information.
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketMetricsConfiguration
-func (c *S3) PutBucketMetricsConfiguration(input *PutBucketMetricsConfigurationInput) (*PutBucketMetricsConfigurationOutput, error) {
-	req, out := c.PutBucketMetricsConfigurationRequest(input)
-	return out, req.Send()
-}
-
-// PutBucketMetricsConfigurationWithContext is the same as PutBucketMetricsConfiguration with the addition of
-// the ability to pass a context and additional request options.
-//
-// See PutBucketMetricsConfiguration for details on how to use this API operation.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-func (c *S3) PutBucketMetricsConfigurationWithContext(ctx aws.Context, input *PutBucketMetricsConfigurationInput, opts ...request.Option) (*PutBucketMetricsConfigurationOutput, error) {
-	req, out := c.PutBucketMetricsConfigurationRequest(input)
-	req.SetContext(ctx)
-	req.ApplyOptions(opts...)
-	return out, req.Send()
-}
-
-const opPutBucketNotification = "PutBucketNotification"
-
-// PutBucketNotificationRequest generates a "aws/request.Request" representing the
-// client's request for the PutBucketNotification operation. The "output" return
-// value will be populated with the request's response once the request completes
-// successfully.
-//
-// Use "Send" method on the returned Request to send the API call to the service.
-// the "output" return value is not valid until after Send returns without error.
-//
-// See PutBucketNotification for more information on using the PutBucketNotification
-// API call, and error handling.
-//
-// This method is useful when you want to inject custom logic or configuration
-// into the SDK's request lifecycle. Such as custom headers, or retry logic.
-//
-//	// Example sending a request using the PutBucketNotificationRequest method.
-//	req, resp := client.PutBucketNotificationRequest(params)
-//
-//	err := req.Send()
-//	if err == nil { // resp is now filled
-//	    fmt.Println(resp)
-//	}
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketNotification
-//
-// Deprecated: PutBucketNotification has been deprecated
-func (c *S3) PutBucketNotificationRequest(input *PutBucketNotificationInput) (req *request.Request, output *PutBucketNotificationOutput) {
-	if c.Client.Config.Logger != nil {
-		c.Client.Config.Logger.Log("This operation, PutBucketNotification, has been deprecated")
-	}
-	op := &request.Operation{
-		Name:       opPutBucketNotification,
-		HTTPMethod: "PUT",
-		HTTPPath:   "/{Bucket}?notification",
-	}
-
-	if input == nil {
-		input = &PutBucketNotificationInput{}
-	}
-
-	output = &PutBucketNotificationOutput{}
-	req = c.newRequest(op, input, output)
-	req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
-	req.Handlers.Build.PushBackNamed(request.NamedHandler{
-		Name: "contentMd5Handler",
-		Fn:   checksum.AddBodyContentMD5Handler,
-	})
-	return
-}
-
-// PutBucketNotification API operation for Amazon Simple Storage Service.
-//
-// No longer used, see the PutBucketNotificationConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketNotificationConfiguration.html)
-// operation.
-//
-// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
-// with awserr.Error's Code and Message methods to get detailed information about
-// the error.
-//
-// See the AWS API reference guide for Amazon Simple Storage Service's
-// API operation PutBucketNotification for usage and error information.
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketNotification
-//
-// Deprecated: PutBucketNotification has been deprecated
-func (c *S3) PutBucketNotification(input *PutBucketNotificationInput) (*PutBucketNotificationOutput, error) {
-	req, out := c.PutBucketNotificationRequest(input)
-	return out, req.Send()
-}
-
-// PutBucketNotificationWithContext is the same as PutBucketNotification with the addition of
-// the ability to pass a context and additional request options.
-//
-// See PutBucketNotification for details on how to use this API operation.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-//
-// Deprecated: PutBucketNotificationWithContext has been deprecated
-func (c *S3) PutBucketNotificationWithContext(ctx aws.Context, input *PutBucketNotificationInput, opts ...request.Option) (*PutBucketNotificationOutput, error) {
-	req, out := c.PutBucketNotificationRequest(input)
-	req.SetContext(ctx)
-	req.ApplyOptions(opts...)
-	return out, req.Send()
-}
-
-const opPutBucketNotificationConfiguration = "PutBucketNotificationConfiguration"
-
-// PutBucketNotificationConfigurationRequest generates a "aws/request.Request" representing the
-// client's request for the PutBucketNotificationConfiguration operation. The "output" return
-// value will be populated with the request's response once the request completes
-// successfully.
-//
-// Use "Send" method on the returned Request to send the API call to the service.
-// the "output" return value is not valid until after Send returns without error.
-//
-// See PutBucketNotificationConfiguration for more information on using the PutBucketNotificationConfiguration
-// API call, and error handling.
-//
-// This method is useful when you want to inject custom logic or configuration
-// into the SDK's request lifecycle. Such as custom headers, or retry logic.
-//
-//	// Example sending a request using the PutBucketNotificationConfigurationRequest method.
-//	req, resp := client.PutBucketNotificationConfigurationRequest(params)
-//
-//	err := req.Send()
-//	if err == nil { // resp is now filled
-//	    fmt.Println(resp)
-//	}
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketNotificationConfiguration
-func (c *S3) PutBucketNotificationConfigurationRequest(input *PutBucketNotificationConfigurationInput) (req *request.Request, output *PutBucketNotificationConfigurationOutput) {
-	op := &request.Operation{
-		Name:       opPutBucketNotificationConfiguration,
-		HTTPMethod: "PUT",
-		HTTPPath:   "/{Bucket}?notification",
-	}
-
-	if input == nil {
-		input = &PutBucketNotificationConfigurationInput{}
-	}
-
-	output = &PutBucketNotificationConfigurationOutput{}
-	req = c.newRequest(op, input, output)
-	req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
-	return
-}
-
-// PutBucketNotificationConfiguration API operation for Amazon Simple Storage Service.
-//
-// Enables notifications of specified events for a bucket. For more information
-// about event notifications, see Configuring Event Notifications (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html).
-//
-// Using this API, you can replace an existing notification configuration. The
-// configuration is an XML file that defines the event types that you want Amazon
-// S3 to publish and the destination where you want Amazon S3 to publish an
-// event notification when it detects an event of the specified type.
-//
-// By default, your bucket has no event notifications configured. That is, the
-// notification configuration will be an empty NotificationConfiguration.
-//
-// <NotificationConfiguration>
-//
-// </NotificationConfiguration>
-//
-// This action replaces the existing notification configuration with the configuration
-// you include in the request body.
-//
-// After Amazon S3 receives this request, it first verifies that any Amazon
-// Simple Notification Service (Amazon SNS) or Amazon Simple Queue Service (Amazon
-// SQS) destination exists, and that the bucket owner has permission to publish
-// to it by sending a test notification. In the case of Lambda destinations,
-// Amazon S3 verifies that the Lambda function permissions grant Amazon S3 permission
-// to invoke the function from the Amazon S3 bucket. For more information, see
-// Configuring Notifications for Amazon S3 Events (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html).
-//
-// You can disable notifications by adding the empty NotificationConfiguration
-// element.
-//
-// For more information about the number of event notification configurations
-// that you can create per bucket, see Amazon S3 service quotas (https://docs.aws.amazon.com/general/latest/gr/s3.html#limits_s3)
-// in Amazon Web Services General Reference.
-//
-// By default, only the bucket owner can configure notifications on a bucket.
-// However, bucket owners can use a bucket policy to grant permission to other
-// users to set this configuration with the required s3:PutBucketNotification
-// permission.
-//
-// The PUT notification is an atomic operation. For example, suppose your notification
-// configuration includes SNS topic, SQS queue, and Lambda function configurations.
-// When you send a PUT request with this configuration, Amazon S3 sends test
-// messages to your SNS topic. If the message fails, the entire PUT action will
-// fail, and Amazon S3 will not add the configuration to your bucket.
-//
-// If the configuration in the request body includes only one TopicConfiguration
-// specifying only the s3:ReducedRedundancyLostObject event type, the response
-// will also include the x-amz-sns-test-message-id header containing the message
-// ID of the test notification sent to the topic.
-//
-// The following action is related to PutBucketNotificationConfiguration:
-//
-//   - GetBucketNotificationConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketNotificationConfiguration.html)
-//
-// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
-// with awserr.Error's Code and Message methods to get detailed information about
-// the error.
-//
-// See the AWS API reference guide for Amazon Simple Storage Service's
-// API operation PutBucketNotificationConfiguration for usage and error information.
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketNotificationConfiguration
-func (c *S3) PutBucketNotificationConfiguration(input *PutBucketNotificationConfigurationInput) (*PutBucketNotificationConfigurationOutput, error) {
-	req, out := c.PutBucketNotificationConfigurationRequest(input)
-	return out, req.Send()
-}
-
-// PutBucketNotificationConfigurationWithContext is the same as PutBucketNotificationConfiguration with the addition of
-// the ability to pass a context and additional request options.
-//
-// See PutBucketNotificationConfiguration for details on how to use this API operation.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-func (c *S3) PutBucketNotificationConfigurationWithContext(ctx aws.Context, input *PutBucketNotificationConfigurationInput, opts ...request.Option) (*PutBucketNotificationConfigurationOutput, error) {
-	req, out := c.PutBucketNotificationConfigurationRequest(input)
-	req.SetContext(ctx)
-	req.ApplyOptions(opts...)
-	return out, req.Send()
-}
-
-const opPutBucketOwnershipControls = "PutBucketOwnershipControls"
-
-// PutBucketOwnershipControlsRequest generates a "aws/request.Request" representing the
-// client's request for the PutBucketOwnershipControls operation. The "output" return
-// value will be populated with the request's response once the request completes
-// successfully.
-//
-// Use "Send" method on the returned Request to send the API call to the service.
-// the "output" return value is not valid until after Send returns without error.
-//
-// See PutBucketOwnershipControls for more information on using the PutBucketOwnershipControls
-// API call, and error handling.
-//
-// This method is useful when you want to inject custom logic or configuration
-// into the SDK's request lifecycle. Such as custom headers, or retry logic.
-//
-//	// Example sending a request using the PutBucketOwnershipControlsRequest method.
-//	req, resp := client.PutBucketOwnershipControlsRequest(params)
-//
-//	err := req.Send()
-//	if err == nil { // resp is now filled
-//	    fmt.Println(resp)
-//	}
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketOwnershipControls
-func (c *S3) PutBucketOwnershipControlsRequest(input *PutBucketOwnershipControlsInput) (req *request.Request, output *PutBucketOwnershipControlsOutput) {
-	op := &request.Operation{
-		Name:       opPutBucketOwnershipControls,
-		HTTPMethod: "PUT",
-		HTTPPath:   "/{Bucket}?ownershipControls",
-	}
-
-	if input == nil {
-		input = &PutBucketOwnershipControlsInput{}
-	}
-
-	output = &PutBucketOwnershipControlsOutput{}
-	req = c.newRequest(op, input, output)
-	req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
-	req.Handlers.Build.PushBackNamed(request.NamedHandler{
-		Name: "contentMd5Handler",
-		Fn:   checksum.AddBodyContentMD5Handler,
-	})
-	return
-}
-
-// PutBucketOwnershipControls API operation for Amazon Simple Storage Service.
-//
-// Creates or modifies OwnershipControls for an Amazon S3 bucket. To use this
-// operation, you must have the s3:PutBucketOwnershipControls permission. For
-// more information about Amazon S3 permissions, see Specifying permissions
-// in a policy (https://docs.aws.amazon.com/AmazonS3/latest/user-guide/using-with-s3-actions.html).
-//
-// For information about Amazon S3 Object Ownership, see Using object ownership
-// (https://docs.aws.amazon.com/AmazonS3/latest/user-guide/about-object-ownership.html).
-//
-// The following operations are related to PutBucketOwnershipControls:
-//
-//   - GetBucketOwnershipControls
-//
-//   - DeleteBucketOwnershipControls
-//
-// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
-// with awserr.Error's Code and Message methods to get detailed information about
-// the error.
-//
-// See the AWS API reference guide for Amazon Simple Storage Service's
-// API operation PutBucketOwnershipControls for usage and error information.
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketOwnershipControls
-func (c *S3) PutBucketOwnershipControls(input *PutBucketOwnershipControlsInput) (*PutBucketOwnershipControlsOutput, error) {
-	req, out := c.PutBucketOwnershipControlsRequest(input)
-	return out, req.Send()
-}
-
-// PutBucketOwnershipControlsWithContext is the same as PutBucketOwnershipControls with the addition of
-// the ability to pass a context and additional request options.
-//
-// See PutBucketOwnershipControls for details on how to use this API operation.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-func (c *S3) PutBucketOwnershipControlsWithContext(ctx aws.Context, input *PutBucketOwnershipControlsInput, opts ...request.Option) (*PutBucketOwnershipControlsOutput, error) {
-	req, out := c.PutBucketOwnershipControlsRequest(input)
-	req.SetContext(ctx)
-	req.ApplyOptions(opts...)
-	return out, req.Send()
-}
-
-const opPutBucketPolicy = "PutBucketPolicy"
-
-// PutBucketPolicyRequest generates a "aws/request.Request" representing the
-// client's request for the PutBucketPolicy operation. The "output" return
-// value will be populated with the request's response once the request completes
-// successfully.
-//
-// Use "Send" method on the returned Request to send the API call to the service.
-// the "output" return value is not valid until after Send returns without error.
-//
-// See PutBucketPolicy for more information on using the PutBucketPolicy
-// API call, and error handling.
-//
-// This method is useful when you want to inject custom logic or configuration
-// into the SDK's request lifecycle. Such as custom headers, or retry logic.
-//
-//	// Example sending a request using the PutBucketPolicyRequest method.
-//	req, resp := client.PutBucketPolicyRequest(params)
-//
-//	err := req.Send()
-//	if err == nil { // resp is now filled
-//	    fmt.Println(resp)
-//	}
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketPolicy
-func (c *S3) PutBucketPolicyRequest(input *PutBucketPolicyInput) (req *request.Request, output *PutBucketPolicyOutput) {
-	op := &request.Operation{
-		Name:       opPutBucketPolicy,
-		HTTPMethod: "PUT",
-		HTTPPath:   "/{Bucket}?policy",
-	}
-
-	if input == nil {
-		input = &PutBucketPolicyInput{}
-	}
-
-	output = &PutBucketPolicyOutput{}
-	req = c.newRequest(op, input, output)
-	req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
-	req.Handlers.Build.PushBackNamed(request.NamedHandler{
-		Name: "contentMd5Handler",
-		Fn:   checksum.AddBodyContentMD5Handler,
-	})
-	return
-}
-
-// PutBucketPolicy API operation for Amazon Simple Storage Service.
-//
-// Applies an Amazon S3 bucket policy to an Amazon S3 bucket. If you are using
-// an identity other than the root user of the Amazon Web Services account that
-// owns the bucket, the calling identity must have the PutBucketPolicy permissions
-// on the specified bucket and belong to the bucket owner's account in order
-// to use this operation.
-//
-// If you don't have PutBucketPolicy permissions, Amazon S3 returns a 403 Access
-// Denied error. If you have the correct permissions, but you're not using an
-// identity that belongs to the bucket owner's account, Amazon S3 returns a
-// 405 Method Not Allowed error.
-//
-// To ensure that bucket owners don't inadvertently lock themselves out of their
-// own buckets, the root principal in a bucket owner's Amazon Web Services account
-// can perform the GetBucketPolicy, PutBucketPolicy, and DeleteBucketPolicy
-// API actions, even if their bucket policy explicitly denies the root principal's
-// access. Bucket owner root principals can only be blocked from performing
-// these API actions by VPC endpoint policies and Amazon Web Services Organizations
-// policies.
-//
-// For more information, see Bucket policy examples (https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-bucket-policies.html).
-//
-// The following operations are related to PutBucketPolicy:
-//
-//   - CreateBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html)
-//
-//   - DeleteBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucket.html)
-//
-// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
-// with awserr.Error's Code and Message methods to get detailed information about
-// the error.
-//
-// See the AWS API reference guide for Amazon Simple Storage Service's
-// API operation PutBucketPolicy for usage and error information.
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketPolicy
-func (c *S3) PutBucketPolicy(input *PutBucketPolicyInput) (*PutBucketPolicyOutput, error) {
-	req, out := c.PutBucketPolicyRequest(input)
-	return out, req.Send()
-}
-
-// PutBucketPolicyWithContext is the same as PutBucketPolicy with the addition of
-// the ability to pass a context and additional request options.
-//
-// See PutBucketPolicy for details on how to use this API operation.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-func (c *S3) PutBucketPolicyWithContext(ctx aws.Context, input *PutBucketPolicyInput, opts ...request.Option) (*PutBucketPolicyOutput, error) {
-	req, out := c.PutBucketPolicyRequest(input)
-	req.SetContext(ctx)
-	req.ApplyOptions(opts...)
-	return out, req.Send()
-}
-
-const opPutBucketReplication = "PutBucketReplication"
-
-// PutBucketReplicationRequest generates a "aws/request.Request" representing the
-// client's request for the PutBucketReplication operation. The "output" return
-// value will be populated with the request's response once the request completes
-// successfully.
-//
-// Use "Send" method on the returned Request to send the API call to the service.
-// the "output" return value is not valid until after Send returns without error.
-//
-// See PutBucketReplication for more information on using the PutBucketReplication
-// API call, and error handling.
-//
-// This method is useful when you want to inject custom logic or configuration
-// into the SDK's request lifecycle. Such as custom headers, or retry logic.
-//
-//	// Example sending a request using the PutBucketReplicationRequest method.
-//	req, resp := client.PutBucketReplicationRequest(params)
-//
-//	err := req.Send()
-//	if err == nil { // resp is now filled
-//	    fmt.Println(resp)
-//	}
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketReplication
-func (c *S3) PutBucketReplicationRequest(input *PutBucketReplicationInput) (req *request.Request, output *PutBucketReplicationOutput) {
-	op := &request.Operation{
-		Name:       opPutBucketReplication,
-		HTTPMethod: "PUT",
-		HTTPPath:   "/{Bucket}?replication",
-	}
-
-	if input == nil {
-		input = &PutBucketReplicationInput{}
-	}
-
-	output = &PutBucketReplicationOutput{}
-	req = c.newRequest(op, input, output)
-	req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
-	req.Handlers.Build.PushBackNamed(request.NamedHandler{
-		Name: "contentMd5Handler",
-		Fn:   checksum.AddBodyContentMD5Handler,
-	})
-	return
-}
-
-// PutBucketReplication API operation for Amazon Simple Storage Service.
-//
-// Creates a replication configuration or replaces an existing one. For more
-// information, see Replication (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication.html)
-// in the Amazon S3 User Guide.
-//
-// Specify the replication configuration in the request body. In the replication
-// configuration, you provide the name of the destination bucket or buckets
-// where you want Amazon S3 to replicate objects, the IAM role that Amazon S3
-// can assume to replicate objects on your behalf, and other relevant information.
-//
-// A replication configuration must include at least one rule, and can contain
-// a maximum of 1,000. Each rule identifies a subset of objects to replicate
-// by filtering the objects in the source bucket. To choose additional subsets
-// of objects to replicate, add a rule for each subset.
-//
-// To specify a subset of the objects in the source bucket to apply a replication
-// rule to, add the Filter element as a child of the Rule element. You can filter
-// objects based on an object key prefix, one or more object tags, or both.
-// When you add the Filter element in the configuration, you must also add the
-// following elements: DeleteMarkerReplication, Status, and Priority.
-//
-// If you are using an earlier version of the replication configuration, Amazon
-// S3 handles replication of delete markers differently. For more information,
-// see Backward Compatibility (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-add-config.html#replication-backward-compat-considerations).
-//
-// For information about enabling versioning on a bucket, see Using Versioning
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/Versioning.html).
-//
-// # Handling Replication of Encrypted Objects
-//
-// By default, Amazon S3 doesn't replicate objects that are stored at rest using
-// server-side encryption with KMS keys. To replicate Amazon Web Services KMS-encrypted
-// objects, add the following: SourceSelectionCriteria, SseKmsEncryptedObjects,
-// Status, EncryptionConfiguration, and ReplicaKmsKeyID. For information about
-// replication configuration, see Replicating Objects Created with SSE Using
-// KMS keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-config-for-kms-objects.html).
-//
-// For information on PutBucketReplication errors, see List of replication-related
-// error codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ReplicationErrorCodeList)
-//
-// # Permissions
-//
-// To create a PutBucketReplication request, you must have s3:PutReplicationConfiguration
-// permissions for the bucket.
-//
-// By default, a resource owner, in this case the Amazon Web Services account
-// that created the bucket, can perform this operation. The resource owner can
-// also grant others permissions to perform the operation. For more information
-// about permissions, see Specifying Permissions in a Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html)
-// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html).
-//
-// To perform this operation, the user or role performing the action must have
-// the iam:PassRole (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_passrole.html)
-// permission.
-//
-// The following operations are related to PutBucketReplication:
-//
-//   - GetBucketReplication (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketReplication.html)
-//
-//   - DeleteBucketReplication (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketReplication.html)
-//
-// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
-// with awserr.Error's Code and Message methods to get detailed information about
-// the error.
-//
-// See the AWS API reference guide for Amazon Simple Storage Service's
-// API operation PutBucketReplication for usage and error information.
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketReplication
-func (c *S3) PutBucketReplication(input *PutBucketReplicationInput) (*PutBucketReplicationOutput, error) {
-	req, out := c.PutBucketReplicationRequest(input)
-	return out, req.Send()
-}
-
-// PutBucketReplicationWithContext is the same as PutBucketReplication with the addition of
-// the ability to pass a context and additional request options.
-//
-// See PutBucketReplication for details on how to use this API operation.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-func (c *S3) PutBucketReplicationWithContext(ctx aws.Context, input *PutBucketReplicationInput, opts ...request.Option) (*PutBucketReplicationOutput, error) {
-	req, out := c.PutBucketReplicationRequest(input)
-	req.SetContext(ctx)
-	req.ApplyOptions(opts...)
-	return out, req.Send()
-}
-
-const opPutBucketRequestPayment = "PutBucketRequestPayment"
-
-// PutBucketRequestPaymentRequest generates a "aws/request.Request" representing the
-// client's request for the PutBucketRequestPayment operation. The "output" return
-// value will be populated with the request's response once the request completes
-// successfully.
-//
-// Use "Send" method on the returned Request to send the API call to the service.
-// the "output" return value is not valid until after Send returns without error.
-//
-// See PutBucketRequestPayment for more information on using the PutBucketRequestPayment
-// API call, and error handling.
-//
-// This method is useful when you want to inject custom logic or configuration
-// into the SDK's request lifecycle. Such as custom headers, or retry logic.
-//
-//	// Example sending a request using the PutBucketRequestPaymentRequest method.
-//	req, resp := client.PutBucketRequestPaymentRequest(params)
-//
-//	err := req.Send()
-//	if err == nil { // resp is now filled
-//	    fmt.Println(resp)
-//	}
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketRequestPayment
-func (c *S3) PutBucketRequestPaymentRequest(input *PutBucketRequestPaymentInput) (req *request.Request, output *PutBucketRequestPaymentOutput) {
-	op := &request.Operation{
-		Name:       opPutBucketRequestPayment,
-		HTTPMethod: "PUT",
-		HTTPPath:   "/{Bucket}?requestPayment",
-	}
-
-	if input == nil {
-		input = &PutBucketRequestPaymentInput{}
-	}
-
-	output = &PutBucketRequestPaymentOutput{}
-	req = c.newRequest(op, input, output)
-	req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
-	req.Handlers.Build.PushBackNamed(request.NamedHandler{
-		Name: "contentMd5Handler",
-		Fn:   checksum.AddBodyContentMD5Handler,
-	})
-	return
-}
-
-// PutBucketRequestPayment API operation for Amazon Simple Storage Service.
-//
-// Sets the request payment configuration for a bucket. By default, the bucket
-// owner pays for downloads from the bucket. This configuration parameter enables
-// the bucket owner (only) to specify that the person requesting the download
-// will be charged for the download. For more information, see Requester Pays
-// Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/RequesterPaysBuckets.html).
-//
-// The following operations are related to PutBucketRequestPayment:
-//
-//   - CreateBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html)
-//
-//   - GetBucketRequestPayment (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketRequestPayment.html)
-//
-// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
-// with awserr.Error's Code and Message methods to get detailed information about
-// the error.
-//
-// See the AWS API reference guide for Amazon Simple Storage Service's
-// API operation PutBucketRequestPayment for usage and error information.
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketRequestPayment
-func (c *S3) PutBucketRequestPayment(input *PutBucketRequestPaymentInput) (*PutBucketRequestPaymentOutput, error) {
-	req, out := c.PutBucketRequestPaymentRequest(input)
-	return out, req.Send()
-}
-
-// PutBucketRequestPaymentWithContext is the same as PutBucketRequestPayment with the addition of
-// the ability to pass a context and additional request options.
-//
-// See PutBucketRequestPayment for details on how to use this API operation.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-func (c *S3) PutBucketRequestPaymentWithContext(ctx aws.Context, input *PutBucketRequestPaymentInput, opts ...request.Option) (*PutBucketRequestPaymentOutput, error) {
-	req, out := c.PutBucketRequestPaymentRequest(input)
-	req.SetContext(ctx)
-	req.ApplyOptions(opts...)
-	return out, req.Send()
-}
-
-const opPutBucketTagging = "PutBucketTagging"
-
-// PutBucketTaggingRequest generates a "aws/request.Request" representing the
-// client's request for the PutBucketTagging operation. The "output" return
-// value will be populated with the request's response once the request completes
-// successfully.
-//
-// Use "Send" method on the returned Request to send the API call to the service.
-// the "output" return value is not valid until after Send returns without error.
-//
-// See PutBucketTagging for more information on using the PutBucketTagging
-// API call, and error handling.
-//
-// This method is useful when you want to inject custom logic or configuration
-// into the SDK's request lifecycle. Such as custom headers, or retry logic.
-//
-//	// Example sending a request using the PutBucketTaggingRequest method.
-//	req, resp := client.PutBucketTaggingRequest(params)
-//
-//	err := req.Send()
-//	if err == nil { // resp is now filled
-//	    fmt.Println(resp)
-//	}
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketTagging
-func (c *S3) PutBucketTaggingRequest(input *PutBucketTaggingInput) (req *request.Request, output *PutBucketTaggingOutput) {
-	op := &request.Operation{
-		Name:       opPutBucketTagging,
-		HTTPMethod: "PUT",
-		HTTPPath:   "/{Bucket}?tagging",
-	}
-
-	if input == nil {
-		input = &PutBucketTaggingInput{}
-	}
-
-	output = &PutBucketTaggingOutput{}
-	req = c.newRequest(op, input, output)
-	req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
-	req.Handlers.Build.PushBackNamed(request.NamedHandler{
-		Name: "contentMd5Handler",
-		Fn:   checksum.AddBodyContentMD5Handler,
-	})
-	return
-}
-
-// PutBucketTagging API operation for Amazon Simple Storage Service.
-//
-// Sets the tags for a bucket.
-//
-// Use tags to organize your Amazon Web Services bill to reflect your own cost
-// structure. To do this, sign up to get your Amazon Web Services account bill
-// with tag key values included. Then, to see the cost of combined resources,
-// organize your billing information according to resources with the same tag
-// key values. For example, you can tag several resources with a specific application
-// name, and then organize your billing information to see the total cost of
-// that application across several services. For more information, see Cost
-// Allocation and Tagging (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/cost-alloc-tags.html)
-// and Using Cost Allocation in Amazon S3 Bucket Tags (https://docs.aws.amazon.com/AmazonS3/latest/dev/CostAllocTagging.html).
-//
-// When this operation sets the tags for a bucket, it will overwrite any current
-// tags the bucket already has. You cannot use this operation to add tags to
-// an existing list of tags.
-//
-// To use this operation, you must have permissions to perform the s3:PutBucketTagging
-// action. The bucket owner has this permission by default and can grant this
-// permission to others. For more information about permissions, see Permissions
-// Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
-// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html).
-//
-// PutBucketTagging has the following special errors:
-//
-//   - Error code: InvalidTagError Description: The tag provided was not a
-//     valid tag. This error can occur if the tag did not pass input validation.
-//     For information about tag restrictions, see User-Defined Tag Restrictions
-//     (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/allocation-tag-restrictions.html)
-//     and Amazon Web Services-Generated Cost Allocation Tag Restrictions (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/aws-tag-restrictions.html).
-//
-//   - Error code: MalformedXMLError Description: The XML provided does not
-//     match the schema.
-//
-//   - Error code: OperationAbortedError Description: A conflicting conditional
-//     action is currently in progress against this resource. Please try again.
-//
-//   - Error code: InternalError Description: The service was unable to apply
-//     the provided tag to the bucket.
-//
-// The following operations are related to PutBucketTagging:
-//
-//   - GetBucketTagging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketTagging.html)
-//
-//   - DeleteBucketTagging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketTagging.html)
-//
-// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
-// with awserr.Error's Code and Message methods to get detailed information about
-// the error.
-//
-// See the AWS API reference guide for Amazon Simple Storage Service's
-// API operation PutBucketTagging for usage and error information.
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketTagging
-func (c *S3) PutBucketTagging(input *PutBucketTaggingInput) (*PutBucketTaggingOutput, error) {
-	req, out := c.PutBucketTaggingRequest(input)
-	return out, req.Send()
-}
-
-// PutBucketTaggingWithContext is the same as PutBucketTagging with the addition of
-// the ability to pass a context and additional request options.
-//
-// See PutBucketTagging for details on how to use this API operation.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-func (c *S3) PutBucketTaggingWithContext(ctx aws.Context, input *PutBucketTaggingInput, opts ...request.Option) (*PutBucketTaggingOutput, error) {
-	req, out := c.PutBucketTaggingRequest(input)
-	req.SetContext(ctx)
-	req.ApplyOptions(opts...)
-	return out, req.Send()
-}
-
-const opPutBucketVersioning = "PutBucketVersioning"
-
-// PutBucketVersioningRequest generates a "aws/request.Request" representing the
-// client's request for the PutBucketVersioning operation. The "output" return
-// value will be populated with the request's response once the request completes
-// successfully.
-//
-// Use "Send" method on the returned Request to send the API call to the service.
-// the "output" return value is not valid until after Send returns without error.
-//
-// See PutBucketVersioning for more information on using the PutBucketVersioning
-// API call, and error handling.
-//
-// This method is useful when you want to inject custom logic or configuration
-// into the SDK's request lifecycle. Such as custom headers, or retry logic.
-//
-//	// Example sending a request using the PutBucketVersioningRequest method.
-//	req, resp := client.PutBucketVersioningRequest(params)
-//
-//	err := req.Send()
-//	if err == nil { // resp is now filled
-//	    fmt.Println(resp)
-//	}
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketVersioning
-func (c *S3) PutBucketVersioningRequest(input *PutBucketVersioningInput) (req *request.Request, output *PutBucketVersioningOutput) {
-	op := &request.Operation{
-		Name:       opPutBucketVersioning,
-		HTTPMethod: "PUT",
-		HTTPPath:   "/{Bucket}?versioning",
-	}
-
-	if input == nil {
-		input = &PutBucketVersioningInput{}
-	}
-
-	output = &PutBucketVersioningOutput{}
-	req = c.newRequest(op, input, output)
-	req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
-	req.Handlers.Build.PushBackNamed(request.NamedHandler{
-		Name: "contentMd5Handler",
-		Fn:   checksum.AddBodyContentMD5Handler,
-	})
-	return
-}
-
-// PutBucketVersioning API operation for Amazon Simple Storage Service.
-//
-// Sets the versioning state of an existing bucket.
-//
-// You can set the versioning state with one of the following values:
-//
-// Enabled—Enables versioning for the objects in the bucket. All objects added
-// to the bucket receive a unique version ID.
-//
-// Suspended—Disables versioning for the objects in the bucket. All objects
-// added to the bucket receive the version ID null.
-//
-// If the versioning state has never been set on a bucket, it has no versioning
-// state; a GetBucketVersioning (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketVersioning.html)
-// request does not return a versioning state value.
-//
-// In order to enable MFA Delete, you must be the bucket owner. If you are the
-// bucket owner and want to enable MFA Delete in the bucket versioning configuration,
-// you must include the x-amz-mfa request header and the Status and the MfaDelete
-// request elements in a request to set the versioning state of the bucket.
-//
-// If you have an object expiration lifecycle configuration in your non-versioned
-// bucket and you want to maintain the same permanent delete behavior when you
-// enable versioning, you must add a noncurrent expiration policy. The noncurrent
-// expiration lifecycle configuration will manage the deletes of the noncurrent
-// object versions in the version-enabled bucket. (A version-enabled bucket
-// maintains one current and zero or more noncurrent object versions.) For more
-// information, see Lifecycle and Versioning (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html#lifecycle-and-other-bucket-config).
-//
-// The following operations are related to PutBucketVersioning:
-//
-//   - CreateBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html)
-//
-//   - DeleteBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucket.html)
-//
-//   - GetBucketVersioning (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketVersioning.html)
-//
-// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
-// with awserr.Error's Code and Message methods to get detailed information about
-// the error.
-//
-// See the AWS API reference guide for Amazon Simple Storage Service's
-// API operation PutBucketVersioning for usage and error information.
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketVersioning
-func (c *S3) PutBucketVersioning(input *PutBucketVersioningInput) (*PutBucketVersioningOutput, error) {
-	req, out := c.PutBucketVersioningRequest(input)
-	return out, req.Send()
-}
-
-// PutBucketVersioningWithContext is the same as PutBucketVersioning with the addition of
-// the ability to pass a context and additional request options.
-//
-// See PutBucketVersioning for details on how to use this API operation.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-func (c *S3) PutBucketVersioningWithContext(ctx aws.Context, input *PutBucketVersioningInput, opts ...request.Option) (*PutBucketVersioningOutput, error) {
-	req, out := c.PutBucketVersioningRequest(input)
-	req.SetContext(ctx)
-	req.ApplyOptions(opts...)
-	return out, req.Send()
-}
-
-const opPutBucketWebsite = "PutBucketWebsite"
-
-// PutBucketWebsiteRequest generates a "aws/request.Request" representing the
-// client's request for the PutBucketWebsite operation. The "output" return
-// value will be populated with the request's response once the request completes
-// successfully.
-//
-// Use "Send" method on the returned Request to send the API call to the service.
-// the "output" return value is not valid until after Send returns without error.
-//
-// See PutBucketWebsite for more information on using the PutBucketWebsite
-// API call, and error handling.
-//
-// This method is useful when you want to inject custom logic or configuration
-// into the SDK's request lifecycle. Such as custom headers, or retry logic.
-//
-//	// Example sending a request using the PutBucketWebsiteRequest method.
-//	req, resp := client.PutBucketWebsiteRequest(params)
-//
-//	err := req.Send()
-//	if err == nil { // resp is now filled
-//	    fmt.Println(resp)
-//	}
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketWebsite
-func (c *S3) PutBucketWebsiteRequest(input *PutBucketWebsiteInput) (req *request.Request, output *PutBucketWebsiteOutput) {
-	op := &request.Operation{
-		Name:       opPutBucketWebsite,
-		HTTPMethod: "PUT",
-		HTTPPath:   "/{Bucket}?website",
-	}
-
-	if input == nil {
-		input = &PutBucketWebsiteInput{}
-	}
-
-	output = &PutBucketWebsiteOutput{}
-	req = c.newRequest(op, input, output)
-	req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
-	req.Handlers.Build.PushBackNamed(request.NamedHandler{
-		Name: "contentMd5Handler",
-		Fn:   checksum.AddBodyContentMD5Handler,
-	})
-	return
-}
-
-// PutBucketWebsite API operation for Amazon Simple Storage Service.
-//
-// Sets the configuration of the website that is specified in the website subresource.
-// To configure a bucket as a website, you can add this subresource on the bucket
-// with website configuration information such as the file name of the index
-// document and any redirect rules. For more information, see Hosting Websites
-// on Amazon S3 (https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteHosting.html).
-//
-// This PUT action requires the S3:PutBucketWebsite permission. By default,
-// only the bucket owner can configure the website attached to a bucket; however,
-// bucket owners can allow other users to set the website configuration by writing
-// a bucket policy that grants them the S3:PutBucketWebsite permission.
-//
-// To redirect all website requests sent to the bucket's website endpoint, you
-// add a website configuration with the following elements. Because all requests
-// are sent to another website, you don't need to provide index document name
-// for the bucket.
-//
-//   - WebsiteConfiguration
-//
-//   - RedirectAllRequestsTo
-//
-//   - HostName
-//
-//   - Protocol
-//
-// If you want granular control over redirects, you can use the following elements
-// to add routing rules that describe conditions for redirecting requests and
-// information about the redirect destination. In this case, the website configuration
-// must provide an index document for the bucket, because some requests might
-// not be redirected.
-//
-//   - WebsiteConfiguration
-//
-//   - IndexDocument
-//
-//   - Suffix
-//
-//   - ErrorDocument
-//
-//   - Key
-//
-//   - RoutingRules
-//
-//   - RoutingRule
-//
-//   - Condition
-//
-//   - HttpErrorCodeReturnedEquals
-//
-//   - KeyPrefixEquals
-//
-//   - Redirect
-//
-//   - Protocol
-//
-//   - HostName
-//
-//   - ReplaceKeyPrefixWith
-//
-//   - ReplaceKeyWith
-//
-//   - HttpRedirectCode
-//
-// Amazon S3 has a limitation of 50 routing rules per website configuration.
-// If you require more than 50 routing rules, you can use object redirect. For
-// more information, see Configuring an Object Redirect (https://docs.aws.amazon.com/AmazonS3/latest/dev/how-to-page-redirect.html)
-// in the Amazon S3 User Guide.
-//
-// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
-// with awserr.Error's Code and Message methods to get detailed information about
-// the error.
-//
-// See the AWS API reference guide for Amazon Simple Storage Service's
-// API operation PutBucketWebsite for usage and error information.
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketWebsite
-func (c *S3) PutBucketWebsite(input *PutBucketWebsiteInput) (*PutBucketWebsiteOutput, error) {
-	req, out := c.PutBucketWebsiteRequest(input)
-	return out, req.Send()
-}
-
-// PutBucketWebsiteWithContext is the same as PutBucketWebsite with the addition of
-// the ability to pass a context and additional request options.
-//
-// See PutBucketWebsite for details on how to use this API operation.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-func (c *S3) PutBucketWebsiteWithContext(ctx aws.Context, input *PutBucketWebsiteInput, opts ...request.Option) (*PutBucketWebsiteOutput, error) {
-	req, out := c.PutBucketWebsiteRequest(input)
-	req.SetContext(ctx)
-	req.ApplyOptions(opts...)
-	return out, req.Send()
-}
-
-const opPutObject = "PutObject"
-
-// PutObjectRequest generates a "aws/request.Request" representing the
-// client's request for the PutObject operation. The "output" return
-// value will be populated with the request's response once the request completes
-// successfully.
-//
-// Use "Send" method on the returned Request to send the API call to the service.
-// the "output" return value is not valid until after Send returns without error.
-//
-// See PutObject for more information on using the PutObject
-// API call, and error handling.
-//
-// This method is useful when you want to inject custom logic or configuration
-// into the SDK's request lifecycle. Such as custom headers, or retry logic.
-//
-//	// Example sending a request using the PutObjectRequest method.
-//	req, resp := client.PutObjectRequest(params)
-//
-//	err := req.Send()
-//	if err == nil { // resp is now filled
-//	    fmt.Println(resp)
-//	}
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutObject
-func (c *S3) PutObjectRequest(input *PutObjectInput) (req *request.Request, output *PutObjectOutput) {
-	op := &request.Operation{
-		Name:       opPutObject,
-		HTTPMethod: "PUT",
-		HTTPPath:   "/{Bucket}/{Key+}",
-	}
-
-	if input == nil {
-		input = &PutObjectInput{}
-	}
-
-	output = &PutObjectOutput{}
-	req = c.newRequest(op, input, output)
-	return
-}
-
-// PutObject API operation for Amazon Simple Storage Service.
-//
-// Adds an object to a bucket. You must have WRITE permissions on a bucket to
-// add an object to it.
-//
-// Amazon S3 never adds partial objects; if you receive a success response,
-// Amazon S3 added the entire object to the bucket. You cannot use PutObject
-// to only update a single piece of metadata for an existing object. You must
-// put the entire object with updated metadata if you want to update some values.
-//
-// Amazon S3 is a distributed system. If it receives multiple write requests
-// for the same object simultaneously, it overwrites all but the last object
-// written. To prevent objects from being deleted or overwritten, you can use
-// Amazon S3 Object Lock (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock.html).
-//
-// To ensure that data is not corrupted traversing the network, use the Content-MD5
-// header. When you use this header, Amazon S3 checks the object against the
-// provided MD5 value and, if they do not match, returns an error. Additionally,
-// you can calculate the MD5 while putting an object to Amazon S3 and compare
-// the returned ETag to the calculated MD5 value.
-//
-//   - To successfully complete the PutObject request, you must have the s3:PutObject
-//     in your IAM permissions.
-//
-//   - To successfully change the objects acl of your PutObject request, you
-//     must have the s3:PutObjectAcl in your IAM permissions.
-//
-//   - To successfully set the tag-set with your PutObject request, you must
-//     have the s3:PutObjectTagging in your IAM permissions.
-//
-//   - The Content-MD5 header is required for any request to upload an object
-//     with a retention period configured using Amazon S3 Object Lock. For more
-//     information about Amazon S3 Object Lock, see Amazon S3 Object Lock Overview
-//     (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock-overview.html)
-//     in the Amazon S3 User Guide.
-//
-// You have four mutually exclusive options to protect data using server-side
-// encryption in Amazon S3, depending on how you choose to manage the encryption
-// keys. Specifically, the encryption key options are Amazon S3 managed keys
-// (SSE-S3), Amazon Web Services KMS keys (SSE-KMS or DSSE-KMS), and customer-provided
-// keys (SSE-C). Amazon S3 encrypts data with server-side encryption by using
-// Amazon S3 managed keys (SSE-S3) by default. You can optionally tell Amazon
-// S3 to encrypt data at rest by using server-side encryption with other key
-// options. For more information, see Using Server-Side Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html).
-//
-// When adding a new object, you can use headers to grant ACL-based permissions
-// to individual Amazon Web Services accounts or to predefined groups defined
-// by Amazon S3. These permissions are then added to the ACL on the object.
-// By default, all objects are private. Only the owner has full access control.
-// For more information, see Access Control List (ACL) Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html)
-// and Managing ACLs Using the REST API (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-using-rest-api.html).
-//
-// If the bucket that you're uploading objects to uses the bucket owner enforced
-// setting for S3 Object Ownership, ACLs are disabled and no longer affect permissions.
-// Buckets that use this setting only accept PUT requests that don't specify
-// an ACL or PUT requests that specify bucket owner full control ACLs, such
-// as the bucket-owner-full-control canned ACL or an equivalent form of this
-// ACL expressed in the XML format. PUT requests that contain other ACLs (for
-// example, custom grants to certain Amazon Web Services accounts) fail and
-// return a 400 error with the error code AccessControlListNotSupported. For
-// more information, see Controlling ownership of objects and disabling ACLs
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html)
-// in the Amazon S3 User Guide.
-//
-// If your bucket uses the bucket owner enforced setting for Object Ownership,
-// all objects written to the bucket by any account will be owned by the bucket
-// owner.
-//
-// By default, Amazon S3 uses the STANDARD Storage Class to store newly created
-// objects. The STANDARD storage class provides high durability and high availability.
-// Depending on performance needs, you can specify a different Storage Class.
-// Amazon S3 on Outposts only uses the OUTPOSTS Storage Class. For more information,
-// see Storage Classes (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html)
-// in the Amazon S3 User Guide.
-//
-// If you enable versioning for a bucket, Amazon S3 automatically generates
-// a unique version ID for the object being stored. Amazon S3 returns this ID
-// in the response. When you enable versioning for a bucket, if Amazon S3 receives
-// multiple write requests for the same object simultaneously, it stores all
-// of the objects. For more information about versioning, see Adding Objects
-// to Versioning-Enabled Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/AddingObjectstoVersioningEnabledBuckets.html).
-// For information about returning the versioning state of a bucket, see GetBucketVersioning
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketVersioning.html).
-//
-// For more information about related Amazon S3 APIs, see the following:
-//
-//   - CopyObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html)
-//
-//   - DeleteObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObject.html)
-//
-// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
-// with awserr.Error's Code and Message methods to get detailed information about
-// the error.
-//
-// See the AWS API reference guide for Amazon Simple Storage Service's
-// API operation PutObject for usage and error information.
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutObject
-func (c *S3) PutObject(input *PutObjectInput) (*PutObjectOutput, error) {
-	req, out := c.PutObjectRequest(input)
-	return out, req.Send()
-}
-
-// PutObjectWithContext is the same as PutObject with the addition of
-// the ability to pass a context and additional request options.
-//
-// See PutObject for details on how to use this API operation.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-func (c *S3) PutObjectWithContext(ctx aws.Context, input *PutObjectInput, opts ...request.Option) (*PutObjectOutput, error) {
-	req, out := c.PutObjectRequest(input)
-	req.SetContext(ctx)
-	req.ApplyOptions(opts...)
-	return out, req.Send()
-}
-
-const opPutObjectAcl = "PutObjectAcl"
-
-// PutObjectAclRequest generates a "aws/request.Request" representing the
-// client's request for the PutObjectAcl operation. The "output" return
-// value will be populated with the request's response once the request completes
-// successfully.
-//
-// Use "Send" method on the returned Request to send the API call to the service.
-// the "output" return value is not valid until after Send returns without error.
-//
-// See PutObjectAcl for more information on using the PutObjectAcl
-// API call, and error handling.
-//
-// This method is useful when you want to inject custom logic or configuration
-// into the SDK's request lifecycle. Such as custom headers, or retry logic.
-//
-//	// Example sending a request using the PutObjectAclRequest method.
-//	req, resp := client.PutObjectAclRequest(params)
-//
-//	err := req.Send()
-//	if err == nil { // resp is now filled
-//	    fmt.Println(resp)
-//	}
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutObjectAcl
-func (c *S3) PutObjectAclRequest(input *PutObjectAclInput) (req *request.Request, output *PutObjectAclOutput) {
-	op := &request.Operation{
-		Name:       opPutObjectAcl,
-		HTTPMethod: "PUT",
-		HTTPPath:   "/{Bucket}/{Key+}?acl",
-	}
-
-	if input == nil {
-		input = &PutObjectAclInput{}
-	}
-
-	output = &PutObjectAclOutput{}
-	req = c.newRequest(op, input, output)
-	req.Handlers.Build.PushBackNamed(request.NamedHandler{
-		Name: "contentMd5Handler",
-		Fn:   checksum.AddBodyContentMD5Handler,
-	})
-	return
-}
-
-// PutObjectAcl API operation for Amazon Simple Storage Service.
-//
-// Uses the acl subresource to set the access control list (ACL) permissions
-// for a new or existing object in an S3 bucket. You must have WRITE_ACP permission
-// to set the ACL of an object. For more information, see What permissions can
-// I grant? (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#permissions)
-// in the Amazon S3 User Guide.
-//
-// This action is not supported by Amazon S3 on Outposts.
-//
-// Depending on your application needs, you can choose to set the ACL on an
-// object using either the request body or the headers. For example, if you
-// have an existing application that updates a bucket ACL using the request
-// body, you can continue to use that approach. For more information, see Access
-// Control List (ACL) Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html)
-// in the Amazon S3 User Guide.
-//
-// If your bucket uses the bucket owner enforced setting for S3 Object Ownership,
-// ACLs are disabled and no longer affect permissions. You must use policies
-// to grant access to your bucket and the objects in it. Requests to set ACLs
-// or update ACLs fail and return the AccessControlListNotSupported error code.
-// Requests to read ACLs are still supported. For more information, see Controlling
-// object ownership (https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html)
-// in the Amazon S3 User Guide.
-//
-// # Permissions
-//
-// You can set access permissions using one of the following methods:
-//
-//   - Specify a canned ACL with the x-amz-acl request header. Amazon S3 supports
-//     a set of predefined ACLs, known as canned ACLs. Each canned ACL has a
-//     predefined set of grantees and permissions. Specify the canned ACL name
-//     as the value of x-amz-acl. If you use this header, you cannot use other
-//     access control-specific headers in your request. For more information,
-//     see Canned ACL (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL).
-//
-//   - Specify access permissions explicitly with the x-amz-grant-read, x-amz-grant-read-acp,
-//     x-amz-grant-write-acp, and x-amz-grant-full-control headers. When using
-//     these headers, you specify explicit access permissions and grantees (Amazon
-//     Web Services accounts or Amazon S3 groups) who will receive the permission.
-//     If you use these ACL-specific headers, you cannot use x-amz-acl header
-//     to set a canned ACL. These parameters map to the set of permissions that
-//     Amazon S3 supports in an ACL. For more information, see Access Control
-//     List (ACL) Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html).
-//     You specify each grantee as a type=value pair, where the type is one of
-//     the following: id – if the value specified is the canonical user ID
-//     of an Amazon Web Services account uri – if you are granting permissions
-//     to a predefined group emailAddress – if the value specified is the email
-//     address of an Amazon Web Services account Using email addresses to specify
-//     a grantee is only supported in the following Amazon Web Services Regions:
-//     US East (N. Virginia) US West (N. California) US West (Oregon) Asia Pacific
-//     (Singapore) Asia Pacific (Sydney) Asia Pacific (Tokyo) Europe (Ireland)
-//     South America (São Paulo) For a list of all the Amazon S3 supported Regions
-//     and endpoints, see Regions and Endpoints (https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region)
-//     in the Amazon Web Services General Reference. For example, the following
-//     x-amz-grant-read header grants list objects permission to the two Amazon
-//     Web Services accounts identified by their email addresses. x-amz-grant-read:
-//     emailAddress="xyz@amazon.com", emailAddress="abc@amazon.com"
-//
-// You can use either a canned ACL or specify access permissions explicitly.
-// You cannot do both.
-//
-// # Grantee Values
-//
-// You can specify the person (grantee) to whom you're assigning access rights
-// (using request elements) in the following ways:
-//
-//   - By the person's ID: <Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-//     xsi:type="CanonicalUser"><ID><>ID<></ID><DisplayName><>GranteesEmail<></DisplayName>
-//     </Grantee> DisplayName is optional and ignored in the request.
-//
-//   - By URI: <Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-//     xsi:type="Group"><URI><>http://acs.amazonaws.com/groups/global/AuthenticatedUsers<></URI></Grantee>
-//
-//   - By Email address: <Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-//     xsi:type="AmazonCustomerByEmail"><EmailAddress><>Grantees@email.com<></EmailAddress>lt;/Grantee>
-//     The grantee is resolved to the CanonicalUser and, in a response to a GET
-//     Object acl request, appears as the CanonicalUser. Using email addresses
-//     to specify a grantee is only supported in the following Amazon Web Services
-//     Regions: US East (N. Virginia) US West (N. California) US West (Oregon)
-//     Asia Pacific (Singapore) Asia Pacific (Sydney) Asia Pacific (Tokyo) Europe
-//     (Ireland) South America (São Paulo) For a list of all the Amazon S3 supported
-//     Regions and endpoints, see Regions and Endpoints (https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region)
-//     in the Amazon Web Services General Reference.
-//
-// # Versioning
-//
-// The ACL of an object is set at the object version level. By default, PUT
-// sets the ACL of the current version of an object. To set the ACL of a different
-// version, use the versionId subresource.
-//
-// The following operations are related to PutObjectAcl:
-//
-//   - CopyObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html)
-//
-//   - GetObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html)
-//
-// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
-// with awserr.Error's Code and Message methods to get detailed information about
-// the error.
-//
-// See the AWS API reference guide for Amazon Simple Storage Service's
-// API operation PutObjectAcl for usage and error information.
-//
-// Returned Error Codes:
-//   - ErrCodeNoSuchKey "NoSuchKey"
-//     The specified key does not exist.
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutObjectAcl
-func (c *S3) PutObjectAcl(input *PutObjectAclInput) (*PutObjectAclOutput, error) {
-	req, out := c.PutObjectAclRequest(input)
-	return out, req.Send()
-}
-
-// PutObjectAclWithContext is the same as PutObjectAcl with the addition of
-// the ability to pass a context and additional request options.
-//
-// See PutObjectAcl for details on how to use this API operation.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-func (c *S3) PutObjectAclWithContext(ctx aws.Context, input *PutObjectAclInput, opts ...request.Option) (*PutObjectAclOutput, error) {
-	req, out := c.PutObjectAclRequest(input)
-	req.SetContext(ctx)
-	req.ApplyOptions(opts...)
-	return out, req.Send()
-}
-
-const opPutObjectLegalHold = "PutObjectLegalHold"
-
-// PutObjectLegalHoldRequest generates a "aws/request.Request" representing the
-// client's request for the PutObjectLegalHold operation. The "output" return
-// value will be populated with the request's response once the request completes
-// successfully.
-//
-// Use "Send" method on the returned Request to send the API call to the service.
-// the "output" return value is not valid until after Send returns without error.
-//
-// See PutObjectLegalHold for more information on using the PutObjectLegalHold
-// API call, and error handling.
-//
-// This method is useful when you want to inject custom logic or configuration
-// into the SDK's request lifecycle. Such as custom headers, or retry logic.
-//
-//	// Example sending a request using the PutObjectLegalHoldRequest method.
-//	req, resp := client.PutObjectLegalHoldRequest(params)
-//
-//	err := req.Send()
-//	if err == nil { // resp is now filled
-//	    fmt.Println(resp)
-//	}
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutObjectLegalHold
-func (c *S3) PutObjectLegalHoldRequest(input *PutObjectLegalHoldInput) (req *request.Request, output *PutObjectLegalHoldOutput) {
-	op := &request.Operation{
-		Name:       opPutObjectLegalHold,
-		HTTPMethod: "PUT",
-		HTTPPath:   "/{Bucket}/{Key+}?legal-hold",
-	}
-
-	if input == nil {
-		input = &PutObjectLegalHoldInput{}
-	}
-
-	output = &PutObjectLegalHoldOutput{}
-	req = c.newRequest(op, input, output)
-	req.Handlers.Build.PushBackNamed(request.NamedHandler{
-		Name: "contentMd5Handler",
-		Fn:   checksum.AddBodyContentMD5Handler,
-	})
-	return
-}
-
-// PutObjectLegalHold API operation for Amazon Simple Storage Service.
-//
-// Applies a legal hold configuration to the specified object. For more information,
-// see Locking Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html).
-//
-// This action is not supported by Amazon S3 on Outposts.
-//
-// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
-// with awserr.Error's Code and Message methods to get detailed information about
-// the error.
-//
-// See the AWS API reference guide for Amazon Simple Storage Service's
-// API operation PutObjectLegalHold for usage and error information.
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutObjectLegalHold
-func (c *S3) PutObjectLegalHold(input *PutObjectLegalHoldInput) (*PutObjectLegalHoldOutput, error) {
-	req, out := c.PutObjectLegalHoldRequest(input)
-	return out, req.Send()
-}
-
-// PutObjectLegalHoldWithContext is the same as PutObjectLegalHold with the addition of
-// the ability to pass a context and additional request options.
-//
-// See PutObjectLegalHold for details on how to use this API operation.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-func (c *S3) PutObjectLegalHoldWithContext(ctx aws.Context, input *PutObjectLegalHoldInput, opts ...request.Option) (*PutObjectLegalHoldOutput, error) {
-	req, out := c.PutObjectLegalHoldRequest(input)
-	req.SetContext(ctx)
-	req.ApplyOptions(opts...)
-	return out, req.Send()
-}
-
-const opPutObjectLockConfiguration = "PutObjectLockConfiguration"
-
-// PutObjectLockConfigurationRequest generates a "aws/request.Request" representing the
-// client's request for the PutObjectLockConfiguration operation. The "output" return
-// value will be populated with the request's response once the request completes
-// successfully.
-//
-// Use "Send" method on the returned Request to send the API call to the service.
-// the "output" return value is not valid until after Send returns without error.
-//
-// See PutObjectLockConfiguration for more information on using the PutObjectLockConfiguration
-// API call, and error handling.
-//
-// This method is useful when you want to inject custom logic or configuration
-// into the SDK's request lifecycle. Such as custom headers, or retry logic.
-//
-//	// Example sending a request using the PutObjectLockConfigurationRequest method.
-//	req, resp := client.PutObjectLockConfigurationRequest(params)
-//
-//	err := req.Send()
-//	if err == nil { // resp is now filled
-//	    fmt.Println(resp)
-//	}
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutObjectLockConfiguration
-func (c *S3) PutObjectLockConfigurationRequest(input *PutObjectLockConfigurationInput) (req *request.Request, output *PutObjectLockConfigurationOutput) {
-	op := &request.Operation{
-		Name:       opPutObjectLockConfiguration,
-		HTTPMethod: "PUT",
-		HTTPPath:   "/{Bucket}?object-lock",
-	}
-
-	if input == nil {
-		input = &PutObjectLockConfigurationInput{}
-	}
-
-	output = &PutObjectLockConfigurationOutput{}
-	req = c.newRequest(op, input, output)
-	req.Handlers.Build.PushBackNamed(request.NamedHandler{
-		Name: "contentMd5Handler",
-		Fn:   checksum.AddBodyContentMD5Handler,
-	})
-	return
-}
-
-// PutObjectLockConfiguration API operation for Amazon Simple Storage Service.
-//
-// Places an Object Lock configuration on the specified bucket. The rule specified
-// in the Object Lock configuration will be applied by default to every new
-// object placed in the specified bucket. For more information, see Locking
-// Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html).
-//
-//   - The DefaultRetention settings require both a mode and a period.
-//
-//   - The DefaultRetention period can be either Days or Years but you must
-//     select one. You cannot specify Days and Years at the same time.
-//
-//   - You can only enable Object Lock for new buckets. If you want to turn
-//     on Object Lock for an existing bucket, contact Amazon Web Services Support.
-//
-// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
-// with awserr.Error's Code and Message methods to get detailed information about
-// the error.
-//
-// See the AWS API reference guide for Amazon Simple Storage Service's
-// API operation PutObjectLockConfiguration for usage and error information.
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutObjectLockConfiguration
-func (c *S3) PutObjectLockConfiguration(input *PutObjectLockConfigurationInput) (*PutObjectLockConfigurationOutput, error) {
-	req, out := c.PutObjectLockConfigurationRequest(input)
-	return out, req.Send()
-}
-
-// PutObjectLockConfigurationWithContext is the same as PutObjectLockConfiguration with the addition of
-// the ability to pass a context and additional request options.
-//
-// See PutObjectLockConfiguration for details on how to use this API operation.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-func (c *S3) PutObjectLockConfigurationWithContext(ctx aws.Context, input *PutObjectLockConfigurationInput, opts ...request.Option) (*PutObjectLockConfigurationOutput, error) {
-	req, out := c.PutObjectLockConfigurationRequest(input)
-	req.SetContext(ctx)
-	req.ApplyOptions(opts...)
-	return out, req.Send()
-}
-
-const opPutObjectRetention = "PutObjectRetention"
-
-// PutObjectRetentionRequest generates a "aws/request.Request" representing the
-// client's request for the PutObjectRetention operation. The "output" return
-// value will be populated with the request's response once the request completes
-// successfully.
-//
-// Use "Send" method on the returned Request to send the API call to the service.
-// the "output" return value is not valid until after Send returns without error.
-//
-// See PutObjectRetention for more information on using the PutObjectRetention
-// API call, and error handling.
-//
-// This method is useful when you want to inject custom logic or configuration
-// into the SDK's request lifecycle. Such as custom headers, or retry logic.
-//
-//	// Example sending a request using the PutObjectRetentionRequest method.
-//	req, resp := client.PutObjectRetentionRequest(params)
-//
-//	err := req.Send()
-//	if err == nil { // resp is now filled
-//	    fmt.Println(resp)
-//	}
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutObjectRetention
-func (c *S3) PutObjectRetentionRequest(input *PutObjectRetentionInput) (req *request.Request, output *PutObjectRetentionOutput) {
-	op := &request.Operation{
-		Name:       opPutObjectRetention,
-		HTTPMethod: "PUT",
-		HTTPPath:   "/{Bucket}/{Key+}?retention",
-	}
-
-	if input == nil {
-		input = &PutObjectRetentionInput{}
-	}
-
-	output = &PutObjectRetentionOutput{}
-	req = c.newRequest(op, input, output)
-	req.Handlers.Build.PushBackNamed(request.NamedHandler{
-		Name: "contentMd5Handler",
-		Fn:   checksum.AddBodyContentMD5Handler,
-	})
-	return
-}
-
-// PutObjectRetention API operation for Amazon Simple Storage Service.
-//
-// Places an Object Retention configuration on an object. For more information,
-// see Locking Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html).
-// Users or accounts require the s3:PutObjectRetention permission in order to
-// place an Object Retention configuration on objects. Bypassing a Governance
-// Retention configuration requires the s3:BypassGovernanceRetention permission.
-//
-// This action is not supported by Amazon S3 on Outposts.
-//
-// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
-// with awserr.Error's Code and Message methods to get detailed information about
-// the error.
-//
-// See the AWS API reference guide for Amazon Simple Storage Service's
-// API operation PutObjectRetention for usage and error information.
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutObjectRetention
-func (c *S3) PutObjectRetention(input *PutObjectRetentionInput) (*PutObjectRetentionOutput, error) {
-	req, out := c.PutObjectRetentionRequest(input)
-	return out, req.Send()
-}
-
-// PutObjectRetentionWithContext is the same as PutObjectRetention with the addition of
-// the ability to pass a context and additional request options.
-//
-// See PutObjectRetention for details on how to use this API operation.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-func (c *S3) PutObjectRetentionWithContext(ctx aws.Context, input *PutObjectRetentionInput, opts ...request.Option) (*PutObjectRetentionOutput, error) {
-	req, out := c.PutObjectRetentionRequest(input)
-	req.SetContext(ctx)
-	req.ApplyOptions(opts...)
-	return out, req.Send()
-}
-
-const opPutObjectTagging = "PutObjectTagging"
-
-// PutObjectTaggingRequest generates a "aws/request.Request" representing the
-// client's request for the PutObjectTagging operation. The "output" return
-// value will be populated with the request's response once the request completes
-// successfully.
-//
-// Use "Send" method on the returned Request to send the API call to the service.
-// the "output" return value is not valid until after Send returns without error.
-//
-// See PutObjectTagging for more information on using the PutObjectTagging
-// API call, and error handling.
-//
-// This method is useful when you want to inject custom logic or configuration
-// into the SDK's request lifecycle. Such as custom headers, or retry logic.
-//
-//	// Example sending a request using the PutObjectTaggingRequest method.
-//	req, resp := client.PutObjectTaggingRequest(params)
-//
-//	err := req.Send()
-//	if err == nil { // resp is now filled
-//	    fmt.Println(resp)
-//	}
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutObjectTagging
-func (c *S3) PutObjectTaggingRequest(input *PutObjectTaggingInput) (req *request.Request, output *PutObjectTaggingOutput) {
-	op := &request.Operation{
-		Name:       opPutObjectTagging,
-		HTTPMethod: "PUT",
-		HTTPPath:   "/{Bucket}/{Key+}?tagging",
-	}
-
-	if input == nil {
-		input = &PutObjectTaggingInput{}
-	}
-
-	output = &PutObjectTaggingOutput{}
-	req = c.newRequest(op, input, output)
-	req.Handlers.Build.PushBackNamed(request.NamedHandler{
-		Name: "contentMd5Handler",
-		Fn:   checksum.AddBodyContentMD5Handler,
-	})
-	return
-}
-
-// PutObjectTagging API operation for Amazon Simple Storage Service.
-//
-// Sets the supplied tag-set to an object that already exists in a bucket.
-//
-// A tag is a key-value pair. You can associate tags with an object by sending
-// a PUT request against the tagging subresource that is associated with the
-// object. You can retrieve tags by sending a GET request. For more information,
-// see GetObjectTagging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectTagging.html).
-//
-// For tagging-related restrictions related to characters and encodings, see
-// Tag Restrictions (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/allocation-tag-restrictions.html).
-// Note that Amazon S3 limits the maximum number of tags to 10 tags per object.
-//
-// To use this operation, you must have permission to perform the s3:PutObjectTagging
-// action. By default, the bucket owner has this permission and can grant this
-// permission to others.
-//
-// To put tags of any other version, use the versionId query parameter. You
-// also need permission for the s3:PutObjectVersionTagging action.
-//
-// For information about the Amazon S3 object tagging feature, see Object Tagging
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-tagging.html).
-//
-// PutObjectTagging has the following special errors:
-//
-//   - Code: InvalidTagError Cause: The tag provided was not a valid tag. This
-//     error can occur if the tag did not pass input validation. For more information,
-//     see Object Tagging (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-tagging.html).
-//
-//   - Code: MalformedXMLError Cause: The XML provided does not match the schema.
-//
-//   - Code: OperationAbortedError Cause: A conflicting conditional action
-//     is currently in progress against this resource. Please try again.
-//
-//   - Code: InternalError Cause: The service was unable to apply the provided
-//     tag to the object.
-//
-// The following operations are related to PutObjectTagging:
-//
-//   - GetObjectTagging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectTagging.html)
-//
-//   - DeleteObjectTagging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObjectTagging.html)
-//
-// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
-// with awserr.Error's Code and Message methods to get detailed information about
-// the error.
-//
-// See the AWS API reference guide for Amazon Simple Storage Service's
-// API operation PutObjectTagging for usage and error information.
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutObjectTagging
-func (c *S3) PutObjectTagging(input *PutObjectTaggingInput) (*PutObjectTaggingOutput, error) {
-	req, out := c.PutObjectTaggingRequest(input)
-	return out, req.Send()
-}
-
-// PutObjectTaggingWithContext is the same as PutObjectTagging with the addition of
-// the ability to pass a context and additional request options.
-//
-// See PutObjectTagging for details on how to use this API operation.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-func (c *S3) PutObjectTaggingWithContext(ctx aws.Context, input *PutObjectTaggingInput, opts ...request.Option) (*PutObjectTaggingOutput, error) {
-	req, out := c.PutObjectTaggingRequest(input)
-	req.SetContext(ctx)
-	req.ApplyOptions(opts...)
-	return out, req.Send()
-}
-
-const opPutPublicAccessBlock = "PutPublicAccessBlock"
-
-// PutPublicAccessBlockRequest generates a "aws/request.Request" representing the
-// client's request for the PutPublicAccessBlock operation. The "output" return
-// value will be populated with the request's response once the request completes
-// successfully.
-//
-// Use "Send" method on the returned Request to send the API call to the service.
-// the "output" return value is not valid until after Send returns without error.
-//
-// See PutPublicAccessBlock for more information on using the PutPublicAccessBlock
-// API call, and error handling.
-//
-// This method is useful when you want to inject custom logic or configuration
-// into the SDK's request lifecycle. Such as custom headers, or retry logic.
-//
-//	// Example sending a request using the PutPublicAccessBlockRequest method.
-//	req, resp := client.PutPublicAccessBlockRequest(params)
-//
-//	err := req.Send()
-//	if err == nil { // resp is now filled
-//	    fmt.Println(resp)
-//	}
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutPublicAccessBlock
-func (c *S3) PutPublicAccessBlockRequest(input *PutPublicAccessBlockInput) (req *request.Request, output *PutPublicAccessBlockOutput) {
-	op := &request.Operation{
-		Name:       opPutPublicAccessBlock,
-		HTTPMethod: "PUT",
-		HTTPPath:   "/{Bucket}?publicAccessBlock",
-	}
-
-	if input == nil {
-		input = &PutPublicAccessBlockInput{}
-	}
-
-	output = &PutPublicAccessBlockOutput{}
-	req = c.newRequest(op, input, output)
-	req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
-	req.Handlers.Build.PushBackNamed(request.NamedHandler{
-		Name: "contentMd5Handler",
-		Fn:   checksum.AddBodyContentMD5Handler,
-	})
-	return
-}
-
-// PutPublicAccessBlock API operation for Amazon Simple Storage Service.
-//
-// Creates or modifies the PublicAccessBlock configuration for an Amazon S3
-// bucket. To use this operation, you must have the s3:PutBucketPublicAccessBlock
-// permission. For more information about Amazon S3 permissions, see Specifying
-// Permissions in a Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html).
-//
-// When Amazon S3 evaluates the PublicAccessBlock configuration for a bucket
-// or an object, it checks the PublicAccessBlock configuration for both the
-// bucket (or the bucket that contains the object) and the bucket owner's account.
-// If the PublicAccessBlock configurations are different between the bucket
-// and the account, Amazon S3 uses the most restrictive combination of the bucket-level
-// and account-level settings.
-//
-// For more information about when Amazon S3 considers a bucket or an object
-// public, see The Meaning of "Public" (https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html#access-control-block-public-access-policy-status).
-//
-// The following operations are related to PutPublicAccessBlock:
-//
-//   - GetPublicAccessBlock (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetPublicAccessBlock.html)
-//
-//   - DeletePublicAccessBlock (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeletePublicAccessBlock.html)
-//
-//   - GetBucketPolicyStatus (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketPolicyStatus.html)
-//
-//   - Using Amazon S3 Block Public Access (https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html)
-//
-// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
-// with awserr.Error's Code and Message methods to get detailed information about
-// the error.
-//
-// See the AWS API reference guide for Amazon Simple Storage Service's
-// API operation PutPublicAccessBlock for usage and error information.
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutPublicAccessBlock
-func (c *S3) PutPublicAccessBlock(input *PutPublicAccessBlockInput) (*PutPublicAccessBlockOutput, error) {
-	req, out := c.PutPublicAccessBlockRequest(input)
-	return out, req.Send()
-}
-
-// PutPublicAccessBlockWithContext is the same as PutPublicAccessBlock with the addition of
-// the ability to pass a context and additional request options.
-//
-// See PutPublicAccessBlock for details on how to use this API operation.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-func (c *S3) PutPublicAccessBlockWithContext(ctx aws.Context, input *PutPublicAccessBlockInput, opts ...request.Option) (*PutPublicAccessBlockOutput, error) {
-	req, out := c.PutPublicAccessBlockRequest(input)
-	req.SetContext(ctx)
-	req.ApplyOptions(opts...)
-	return out, req.Send()
-}
-
-const opRestoreObject = "RestoreObject"
-
-// RestoreObjectRequest generates a "aws/request.Request" representing the
-// client's request for the RestoreObject operation. The "output" return
-// value will be populated with the request's response once the request completes
-// successfully.
-//
-// Use "Send" method on the returned Request to send the API call to the service.
-// the "output" return value is not valid until after Send returns without error.
-//
-// See RestoreObject for more information on using the RestoreObject
-// API call, and error handling.
-//
-// This method is useful when you want to inject custom logic or configuration
-// into the SDK's request lifecycle. Such as custom headers, or retry logic.
-//
-//	// Example sending a request using the RestoreObjectRequest method.
-//	req, resp := client.RestoreObjectRequest(params)
-//
-//	err := req.Send()
-//	if err == nil { // resp is now filled
-//	    fmt.Println(resp)
-//	}
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/RestoreObject
-func (c *S3) RestoreObjectRequest(input *RestoreObjectInput) (req *request.Request, output *RestoreObjectOutput) {
-	op := &request.Operation{
-		Name:       opRestoreObject,
-		HTTPMethod: "POST",
-		HTTPPath:   "/{Bucket}/{Key+}?restore",
-	}
-
-	if input == nil {
-		input = &RestoreObjectInput{}
-	}
-
-	output = &RestoreObjectOutput{}
-	req = c.newRequest(op, input, output)
-	return
-}
-
-// RestoreObject API operation for Amazon Simple Storage Service.
-//
-// # Restores an archived copy of an object back into Amazon S3
-//
-// This action is not supported by Amazon S3 on Outposts.
-//
-// This action performs the following types of requests:
-//
-//   - select - Perform a select query on an archived object
-//
-//   - restore an archive - Restore an archived object
-//
-// For more information about the S3 structure in the request body, see the
-// following:
-//
-//   - PutObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html)
-//
-//   - Managing Access with ACLs (https://docs.aws.amazon.com/AmazonS3/latest/dev/S3_ACLs_UsingACLs.html)
-//     in the Amazon S3 User Guide
-//
-//   - Protecting Data Using Server-Side Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html)
-//     in the Amazon S3 User Guide
-//
-// Define the SQL expression for the SELECT type of restoration for your query
-// in the request body's SelectParameters structure. You can use expressions
-// like the following examples.
-//
-//   - The following expression returns all records from the specified object.
-//     SELECT * FROM Object
-//
-//   - Assuming that you are not using any headers for data stored in the object,
-//     you can specify columns with positional headers. SELECT s._1, s._2 FROM
-//     Object s WHERE s._3 > 100
-//
-//   - If you have headers and you set the fileHeaderInfo in the CSV structure
-//     in the request body to USE, you can specify headers in the query. (If
-//     you set the fileHeaderInfo field to IGNORE, the first row is skipped for
-//     the query.) You cannot mix ordinal positions with header column names.
-//     SELECT s.Id, s.FirstName, s.SSN FROM S3Object s
-//
-// When making a select request, you can also do the following:
-//
-//   - To expedite your queries, specify the Expedited tier. For more information
-//     about tiers, see "Restoring Archives," later in this topic.
-//
-//   - Specify details about the data serialization format of both the input
-//     object that is being queried and the serialization of the CSV-encoded
-//     query results.
-//
-// The following are additional important facts about the select feature:
-//
-//   - The output results are new Amazon S3 objects. Unlike archive retrievals,
-//     they are stored until explicitly deleted-manually or through a lifecycle
-//     configuration.
-//
-//   - You can issue more than one select request on the same Amazon S3 object.
-//     Amazon S3 doesn't duplicate requests, so avoid issuing duplicate requests.
-//
-//   - Amazon S3 accepts a select request even if the object has already been
-//     restored. A select request doesn’t return error response 409.
-//
-// # Permissions
-//
-// To use this operation, you must have permissions to perform the s3:RestoreObject
-// action. The bucket owner has this permission by default and can grant this
-// permission to others. For more information about permissions, see Permissions
-// Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
-// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html)
-// in the Amazon S3 User Guide.
-//
-// # Restoring objects
-//
-// Objects that you archive to the S3 Glacier Flexible Retrieval Flexible Retrieval
-// or S3 Glacier Deep Archive storage class, and S3 Intelligent-Tiering Archive
-// or S3 Intelligent-Tiering Deep Archive tiers, are not accessible in real
-// time. For objects in the S3 Glacier Flexible Retrieval Flexible Retrieval
-// or S3 Glacier Deep Archive storage classes, you must first initiate a restore
-// request, and then wait until a temporary copy of the object is available.
-// If you want a permanent copy of the object, create a copy of it in the Amazon
-// S3 Standard storage class in your S3 bucket. To access an archived object,
-// you must restore the object for the duration (number of days) that you specify.
-// For objects in the Archive Access or Deep Archive Access tiers of S3 Intelligent-Tiering,
-// you must first initiate a restore request, and then wait until the object
-// is moved into the Frequent Access tier.
-//
-// To restore a specific object version, you can provide a version ID. If you
-// don't provide a version ID, Amazon S3 restores the current version.
-//
-// When restoring an archived object, you can specify one of the following data
-// access tier options in the Tier element of the request body:
-//
-//   - Expedited - Expedited retrievals allow you to quickly access your data
-//     stored in the S3 Glacier Flexible Retrieval Flexible Retrieval storage
-//     class or S3 Intelligent-Tiering Archive tier when occasional urgent requests
-//     for restoring archives are required. For all but the largest archived
-//     objects (250 MB+), data accessed using Expedited retrievals is typically
-//     made available within 1–5 minutes. Provisioned capacity ensures that
-//     retrieval capacity for Expedited retrievals is available when you need
-//     it. Expedited retrievals and provisioned capacity are not available for
-//     objects stored in the S3 Glacier Deep Archive storage class or S3 Intelligent-Tiering
-//     Deep Archive tier.
-//
-//   - Standard - Standard retrievals allow you to access any of your archived
-//     objects within several hours. This is the default option for retrieval
-//     requests that do not specify the retrieval option. Standard retrievals
-//     typically finish within 3–5 hours for objects stored in the S3 Glacier
-//     Flexible Retrieval Flexible Retrieval storage class or S3 Intelligent-Tiering
-//     Archive tier. They typically finish within 12 hours for objects stored
-//     in the S3 Glacier Deep Archive storage class or S3 Intelligent-Tiering
-//     Deep Archive tier. Standard retrievals are free for objects stored in
-//     S3 Intelligent-Tiering.
-//
-//   - Bulk - Bulk retrievals free for objects stored in the S3 Glacier Flexible
-//     Retrieval and S3 Intelligent-Tiering storage classes, enabling you to
-//     retrieve large amounts, even petabytes, of data at no cost. Bulk retrievals
-//     typically finish within 5–12 hours for objects stored in the S3 Glacier
-//     Flexible Retrieval Flexible Retrieval storage class or S3 Intelligent-Tiering
-//     Archive tier. Bulk retrievals are also the lowest-cost retrieval option
-//     when restoring objects from S3 Glacier Deep Archive. They typically finish
-//     within 48 hours for objects stored in the S3 Glacier Deep Archive storage
-//     class or S3 Intelligent-Tiering Deep Archive tier.
-//
-// For more information about archive retrieval options and provisioned capacity
-// for Expedited data access, see Restoring Archived Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/restoring-objects.html)
-// in the Amazon S3 User Guide.
-//
-// You can use Amazon S3 restore speed upgrade to change the restore speed to
-// a faster speed while it is in progress. For more information, see Upgrading
-// the speed of an in-progress restore (https://docs.aws.amazon.com/AmazonS3/latest/dev/restoring-objects.html#restoring-objects-upgrade-tier.title.html)
-// in the Amazon S3 User Guide.
-//
-// To get the status of object restoration, you can send a HEAD request. Operations
-// return the x-amz-restore header, which provides information about the restoration
-// status, in the response. You can use Amazon S3 event notifications to notify
-// you when a restore is initiated or completed. For more information, see Configuring
-// Amazon S3 Event Notifications (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html)
-// in the Amazon S3 User Guide.
-//
-// After restoring an archived object, you can update the restoration period
-// by reissuing the request with a new period. Amazon S3 updates the restoration
-// period relative to the current time and charges only for the request-there
-// are no data transfer charges. You cannot update the restoration period when
-// Amazon S3 is actively processing your current restore request for the object.
-//
-// If your bucket has a lifecycle configuration with a rule that includes an
-// expiration action, the object expiration overrides the life span that you
-// specify in a restore request. For example, if you restore an object copy
-// for 10 days, but the object is scheduled to expire in 3 days, Amazon S3 deletes
-// the object in 3 days. For more information about lifecycle configuration,
-// see PutBucketLifecycleConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycleConfiguration.html)
-// and Object Lifecycle Management (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html)
-// in Amazon S3 User Guide.
-//
-// # Responses
-//
-// A successful action returns either the 200 OK or 202 Accepted status code.
-//
-//   - If the object is not previously restored, then Amazon S3 returns 202
-//     Accepted in the response.
-//
-//   - If the object is previously restored, Amazon S3 returns 200 OK in the
-//     response.
-//
-//   - Special errors: Code: RestoreAlreadyInProgress Cause: Object restore
-//     is already in progress. (This error does not apply to SELECT type requests.)
-//     HTTP Status Code: 409 Conflict SOAP Fault Code Prefix: Client
-//
-//   - Code: GlacierExpeditedRetrievalNotAvailable Cause: expedited retrievals
-//     are currently not available. Try again later. (Returned if there is insufficient
-//     capacity to process the Expedited request. This error applies only to
-//     Expedited retrievals and not to S3 Standard or Bulk retrievals.) HTTP
-//     Status Code: 503 SOAP Fault Code Prefix: N/A
-//
-// The following operations are related to RestoreObject:
-//
-//   - PutBucketLifecycleConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycleConfiguration.html)
-//
-//   - GetBucketNotificationConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketNotificationConfiguration.html)
-//
-// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
-// with awserr.Error's Code and Message methods to get detailed information about
-// the error.
-//
-// See the AWS API reference guide for Amazon Simple Storage Service's
-// API operation RestoreObject for usage and error information.
-//
-// Returned Error Codes:
-//   - ErrCodeObjectAlreadyInActiveTierError "ObjectAlreadyInActiveTierError"
-//     This action is not allowed against this storage tier.
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/RestoreObject
-func (c *S3) RestoreObject(input *RestoreObjectInput) (*RestoreObjectOutput, error) {
-	req, out := c.RestoreObjectRequest(input)
-	return out, req.Send()
-}
-
-// RestoreObjectWithContext is the same as RestoreObject with the addition of
-// the ability to pass a context and additional request options.
-//
-// See RestoreObject for details on how to use this API operation.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-func (c *S3) RestoreObjectWithContext(ctx aws.Context, input *RestoreObjectInput, opts ...request.Option) (*RestoreObjectOutput, error) {
-	req, out := c.RestoreObjectRequest(input)
-	req.SetContext(ctx)
-	req.ApplyOptions(opts...)
-	return out, req.Send()
-}
-
-const opSelectObjectContent = "SelectObjectContent"
-
-// SelectObjectContentRequest generates a "aws/request.Request" representing the
-// client's request for the SelectObjectContent operation. The "output" return
-// value will be populated with the request's response once the request completes
-// successfully.
-//
-// Use "Send" method on the returned Request to send the API call to the service.
-// the "output" return value is not valid until after Send returns without error.
-//
-// See SelectObjectContent for more information on using the SelectObjectContent
-// API call, and error handling.
-//
-// This method is useful when you want to inject custom logic or configuration
-// into the SDK's request lifecycle. Such as custom headers, or retry logic.
-//
-//	// Example sending a request using the SelectObjectContentRequest method.
-//	req, resp := client.SelectObjectContentRequest(params)
-//
-//	err := req.Send()
-//	if err == nil { // resp is now filled
-//	    fmt.Println(resp)
-//	}
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/SelectObjectContent
-func (c *S3) SelectObjectContentRequest(input *SelectObjectContentInput) (req *request.Request, output *SelectObjectContentOutput) {
-	op := &request.Operation{
-		Name:       opSelectObjectContent,
-		HTTPMethod: "POST",
-		HTTPPath:   "/{Bucket}/{Key+}?select&select-type=2",
-	}
-
-	if input == nil {
-		input = &SelectObjectContentInput{}
-	}
-
-	output = &SelectObjectContentOutput{}
-	req = c.newRequest(op, input, output)
-
-	es := NewSelectObjectContentEventStream()
-	req.Handlers.Unmarshal.PushBack(es.setStreamCloser)
-	output.EventStream = es
-
-	req.Handlers.Send.Swap(client.LogHTTPResponseHandler.Name, client.LogHTTPResponseHeaderHandler)
-	req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, rest.UnmarshalHandler)
-	req.Handlers.Unmarshal.PushBack(es.runOutputStream)
-	req.Handlers.Unmarshal.PushBack(es.runOnStreamPartClose)
-	return
-}
-
-// SelectObjectContent API operation for Amazon Simple Storage Service.
-//
-// This action filters the contents of an Amazon S3 object based on a simple
-// structured query language (SQL) statement. In the request, along with the
-// SQL expression, you must also specify a data serialization format (JSON,
-// CSV, or Apache Parquet) of the object. Amazon S3 uses this format to parse
-// object data into records, and returns only records that match the specified
-// SQL expression. You must also specify the data serialization format for the
-// response.
-//
-// This action is not supported by Amazon S3 on Outposts.
-//
-// For more information about Amazon S3 Select, see Selecting Content from Objects
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/selecting-content-from-objects.html)
-// and SELECT Command (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-glacier-select-sql-reference-select.html)
-// in the Amazon S3 User Guide.
-//
-// # Permissions
-//
-// You must have s3:GetObject permission for this operation. Amazon S3 Select
-// does not support anonymous access. For more information about permissions,
-// see Specifying Permissions in a Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html)
-// in the Amazon S3 User Guide.
-//
-// # Object Data Formats
-//
-// You can use Amazon S3 Select to query objects that have the following format
-// properties:
-//
-//   - CSV, JSON, and Parquet - Objects must be in CSV, JSON, or Parquet format.
-//
-//   - UTF-8 - UTF-8 is the only encoding type Amazon S3 Select supports.
-//
-//   - GZIP or BZIP2 - CSV and JSON files can be compressed using GZIP or BZIP2.
-//     GZIP and BZIP2 are the only compression formats that Amazon S3 Select
-//     supports for CSV and JSON files. Amazon S3 Select supports columnar compression
-//     for Parquet using GZIP or Snappy. Amazon S3 Select does not support whole-object
-//     compression for Parquet objects.
-//
-//   - Server-side encryption - Amazon S3 Select supports querying objects
-//     that are protected with server-side encryption. For objects that are encrypted
-//     with customer-provided encryption keys (SSE-C), you must use HTTPS, and
-//     you must use the headers that are documented in the GetObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html).
-//     For more information about SSE-C, see Server-Side Encryption (Using Customer-Provided
-//     Encryption Keys) (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html)
-//     in the Amazon S3 User Guide. For objects that are encrypted with Amazon
-//     S3 managed keys (SSE-S3) and Amazon Web Services KMS keys (SSE-KMS), server-side
-//     encryption is handled transparently, so you don't need to specify anything.
-//     For more information about server-side encryption, including SSE-S3 and
-//     SSE-KMS, see Protecting Data Using Server-Side Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html)
-//     in the Amazon S3 User Guide.
-//
-// # Working with the Response Body
-//
-// Given the response size is unknown, Amazon S3 Select streams the response
-// as a series of messages and includes a Transfer-Encoding header with chunked
-// as its value in the response. For more information, see Appendix: SelectObjectContent
-// Response (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTSelectObjectAppendix.html).
-//
-// # GetObject Support
-//
-// The SelectObjectContent action does not support the following GetObject functionality.
-// For more information, see GetObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html).
-//
-//   - Range: Although you can specify a scan range for an Amazon S3 Select
-//     request (see SelectObjectContentRequest - ScanRange (https://docs.aws.amazon.com/AmazonS3/latest/API/API_SelectObjectContent.html#AmazonS3-SelectObjectContent-request-ScanRange)
-//     in the request parameters), you cannot specify the range of bytes of an
-//     object to return.
-//
-//   - The GLACIER, DEEP_ARCHIVE, and REDUCED_REDUNDANCY storage classes, or
-//     the ARCHIVE_ACCESS and DEEP_ARCHIVE_ACCESS access tiers of the INTELLIGENT_TIERING
-//     storage class: You cannot query objects in the GLACIER, DEEP_ARCHIVE,
-//     or REDUCED_REDUNDANCY storage classes, nor objects in the ARCHIVE_ACCESS
-//     or DEEP_ARCHIVE_ACCESS access tiers of the INTELLIGENT_TIERING storage
-//     class. For more information about storage classes, see Using Amazon S3
-//     storage classes (https://docs.aws.amazon.com/AmazonS3/latest/userguide/storage-class-intro.html)
-//     in the Amazon S3 User Guide.
-//
-// # Special Errors
-//
-// For a list of special errors for this operation, see List of SELECT Object
-// Content Error Codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#SelectObjectContentErrorCodeList)
-//
-// The following operations are related to SelectObjectContent:
-//
-//   - GetObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html)
-//
-//   - GetBucketLifecycleConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketLifecycleConfiguration.html)
-//
-//   - PutBucketLifecycleConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycleConfiguration.html)
-//
-// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
-// with awserr.Error's Code and Message methods to get detailed information about
-// the error.
-//
-// See the AWS API reference guide for Amazon Simple Storage Service's
-// API operation SelectObjectContent for usage and error information.
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/SelectObjectContent
-func (c *S3) SelectObjectContent(input *SelectObjectContentInput) (*SelectObjectContentOutput, error) {
-	req, out := c.SelectObjectContentRequest(input)
-	return out, req.Send()
-}
-
-// SelectObjectContentWithContext is the same as SelectObjectContent with the addition of
-// the ability to pass a context and additional request options.
-//
-// See SelectObjectContent for details on how to use this API operation.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-func (c *S3) SelectObjectContentWithContext(ctx aws.Context, input *SelectObjectContentInput, opts ...request.Option) (*SelectObjectContentOutput, error) {
-	req, out := c.SelectObjectContentRequest(input)
-	req.SetContext(ctx)
-	req.ApplyOptions(opts...)
-	return out, req.Send()
-}
-
-var _ awserr.Error
-
-// SelectObjectContentEventStream provides the event stream handling for the SelectObjectContent.
-//
-// For testing and mocking the event stream this type should be initialized via
-// the NewSelectObjectContentEventStream constructor function. Using the functional options
-// to pass in nested mock behavior.
-type SelectObjectContentEventStream struct {
-
-	// Reader is the EventStream reader for the SelectObjectContentEventStream
-	// events. This value is automatically set by the SDK when the API call is made
-	// Use this member when unit testing your code with the SDK to mock out the
-	// EventStream Reader.
-	//
-	// Must not be nil.
-	Reader SelectObjectContentEventStreamReader
-
-	outputReader io.ReadCloser
-
-	// StreamCloser is the io.Closer for the EventStream connection. For HTTP
-	// EventStream this is the response Body. The stream will be closed when
-	// the Close method of the EventStream is called.
-	StreamCloser io.Closer
-
-	done      chan struct{}
-	closeOnce sync.Once
-	err       *eventstreamapi.OnceError
-}
-
-// NewSelectObjectContentEventStream initializes an SelectObjectContentEventStream.
-// This function should only be used for testing and mocking the SelectObjectContentEventStream
-// stream within your application.
-//
-// The Reader member must be set before reading events from the stream.
-//
-// The StreamCloser member should be set to the underlying io.Closer,
-// (e.g. http.Response.Body), that will be closed when the stream Close method
-// is called.
-//
-//	es := NewSelectObjectContentEventStream(func(o *SelectObjectContentEventStream){
-//	    es.Reader = myMockStreamReader
-//	    es.StreamCloser = myMockStreamCloser
-//	})
-func NewSelectObjectContentEventStream(opts ...func(*SelectObjectContentEventStream)) *SelectObjectContentEventStream {
-	es := &SelectObjectContentEventStream{
-		done: make(chan struct{}),
-		err:  eventstreamapi.NewOnceError(),
-	}
-
-	for _, fn := range opts {
-		fn(es)
-	}
-
-	return es
-}
-
-func (es *SelectObjectContentEventStream) setStreamCloser(r *request.Request) {
-	es.StreamCloser = r.HTTPResponse.Body
-}
-
-func (es *SelectObjectContentEventStream) runOnStreamPartClose(r *request.Request) {
-	if es.done == nil {
-		return
-	}
-	go es.waitStreamPartClose()
-
-}
-
-func (es *SelectObjectContentEventStream) waitStreamPartClose() {
-	var outputErrCh <-chan struct{}
-	if v, ok := es.Reader.(interface{ ErrorSet() <-chan struct{} }); ok {
-		outputErrCh = v.ErrorSet()
-	}
-	var outputClosedCh <-chan struct{}
-	if v, ok := es.Reader.(interface{ Closed() <-chan struct{} }); ok {
-		outputClosedCh = v.Closed()
-	}
-
-	select {
-	case <-es.done:
-	case <-outputErrCh:
-		es.err.SetError(es.Reader.Err())
-		es.Close()
-	case <-outputClosedCh:
-		if err := es.Reader.Err(); err != nil {
-			es.err.SetError(es.Reader.Err())
-		}
-		es.Close()
-	}
-}
-
-// Events returns a channel to read events from.
-//
-// These events are:
-//
-//   - ContinuationEvent
-//   - EndEvent
-//   - ProgressEvent
-//   - RecordsEvent
-//   - StatsEvent
-//   - SelectObjectContentEventStreamUnknownEvent
-func (es *SelectObjectContentEventStream) Events() <-chan SelectObjectContentEventStreamEvent {
-	return es.Reader.Events()
-}
-
-func (es *SelectObjectContentEventStream) runOutputStream(r *request.Request) {
-	var opts []func(*eventstream.Decoder)
-	if r.Config.Logger != nil && r.Config.LogLevel.Matches(aws.LogDebugWithEventStreamBody) {
-		opts = append(opts, eventstream.DecodeWithLogger(r.Config.Logger))
-	}
-
-	unmarshalerForEvent := unmarshalerForSelectObjectContentEventStreamEvent{
-		metadata: protocol.ResponseMetadata{
-			StatusCode: r.HTTPResponse.StatusCode,
-			RequestID:  r.RequestID,
-		},
-	}.UnmarshalerForEventName
-
-	decoder := eventstream.NewDecoder(r.HTTPResponse.Body, opts...)
-	eventReader := eventstreamapi.NewEventReader(decoder,
-		protocol.HandlerPayloadUnmarshal{
-			Unmarshalers: r.Handlers.UnmarshalStream,
-		},
-		unmarshalerForEvent,
-	)
-
-	es.outputReader = r.HTTPResponse.Body
-	es.Reader = newReadSelectObjectContentEventStream(eventReader)
-}
-
-// Close closes the stream. This will also cause the stream to be closed.
-// Close must be called when done using the stream API. Not calling Close
-// may result in resource leaks.
-//
-// You can use the closing of the Reader's Events channel to terminate your
-// application's read from the API's stream.
-func (es *SelectObjectContentEventStream) Close() (err error) {
-	es.closeOnce.Do(es.safeClose)
-	return es.Err()
-}
-
-func (es *SelectObjectContentEventStream) safeClose() {
-	if es.done != nil {
-		close(es.done)
-	}
-
-	es.Reader.Close()
-	if es.outputReader != nil {
-		es.outputReader.Close()
-	}
-
-	es.StreamCloser.Close()
-}
-
-// Err returns any error that occurred while reading or writing EventStream
-// Events from the service API's response. Returns nil if there were no errors.
-func (es *SelectObjectContentEventStream) Err() error {
-	if err := es.err.Err(); err != nil {
-		return err
-	}
-	if err := es.Reader.Err(); err != nil {
-		return err
-	}
-
-	return nil
-}
-
-const opUploadPart = "UploadPart"
-
-// UploadPartRequest generates a "aws/request.Request" representing the
-// client's request for the UploadPart operation. The "output" return
-// value will be populated with the request's response once the request completes
-// successfully.
-//
-// Use "Send" method on the returned Request to send the API call to the service.
-// the "output" return value is not valid until after Send returns without error.
-//
-// See UploadPart for more information on using the UploadPart
-// API call, and error handling.
-//
-// This method is useful when you want to inject custom logic or configuration
-// into the SDK's request lifecycle. Such as custom headers, or retry logic.
-//
-//	// Example sending a request using the UploadPartRequest method.
-//	req, resp := client.UploadPartRequest(params)
-//
-//	err := req.Send()
-//	if err == nil { // resp is now filled
-//	    fmt.Println(resp)
-//	}
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/UploadPart
-func (c *S3) UploadPartRequest(input *UploadPartInput) (req *request.Request, output *UploadPartOutput) {
-	op := &request.Operation{
-		Name:       opUploadPart,
-		HTTPMethod: "PUT",
-		HTTPPath:   "/{Bucket}/{Key+}",
-	}
-
-	if input == nil {
-		input = &UploadPartInput{}
-	}
-
-	output = &UploadPartOutput{}
-	req = c.newRequest(op, input, output)
-	return
-}
-
-// UploadPart API operation for Amazon Simple Storage Service.
-//
-// Uploads a part in a multipart upload.
-//
-// In this operation, you provide part data in your request. However, you have
-// an option to specify your existing Amazon S3 object as a data source for
-// the part you are uploading. To upload a part from an existing object, you
-// use the UploadPartCopy (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html)
-// operation.
-//
-// You must initiate a multipart upload (see CreateMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html))
-// before you can upload any part. In response to your initiate request, Amazon
-// S3 returns an upload ID, a unique identifier, that you must include in your
-// upload part request.
-//
-// Part numbers can be any number from 1 to 10,000, inclusive. A part number
-// uniquely identifies a part and also defines its position within the object
-// being created. If you upload a new part using the same part number that was
-// used with a previous part, the previously uploaded part is overwritten.
-//
-// For information about maximum and minimum part sizes and other multipart
-// upload specifications, see Multipart upload limits (https://docs.aws.amazon.com/AmazonS3/latest/userguide/qfacts.html)
-// in the Amazon S3 User Guide.
-//
-// To ensure that data is not corrupted when traversing the network, specify
-// the Content-MD5 header in the upload part request. Amazon S3 checks the part
-// data against the provided MD5 value. If they do not match, Amazon S3 returns
-// an error.
-//
-// If the upload request is signed with Signature Version 4, then Amazon Web
-// Services S3 uses the x-amz-content-sha256 header as a checksum instead of
-// Content-MD5. For more information see Authenticating Requests: Using the
-// Authorization Header (Amazon Web Services Signature Version 4) (https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-auth-using-authorization-header.html).
-//
-// Note: After you initiate multipart upload and upload one or more parts, you
-// must either complete or abort multipart upload in order to stop getting charged
-// for storage of the uploaded parts. Only after you either complete or abort
-// multipart upload, Amazon S3 frees up the parts storage and stops charging
-// you for the parts storage.
-//
-// For more information on multipart uploads, go to Multipart Upload Overview
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html) in the
-// Amazon S3 User Guide .
-//
-// For information on the permissions required to use the multipart upload API,
-// go to Multipart Upload and Permissions (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html)
-// in the Amazon S3 User Guide.
-//
-// Server-side encryption is for data encryption at rest. Amazon S3 encrypts
-// your data as it writes it to disks in its data centers and decrypts it when
-// you access it. You have three mutually exclusive options to protect data
-// using server-side encryption in Amazon S3, depending on how you choose to
-// manage the encryption keys. Specifically, the encryption key options are
-// Amazon S3 managed keys (SSE-S3), Amazon Web Services KMS keys (SSE-KMS),
-// and Customer-Provided Keys (SSE-C). Amazon S3 encrypts data with server-side
-// encryption using Amazon S3 managed keys (SSE-S3) by default. You can optionally
-// tell Amazon S3 to encrypt data at rest using server-side encryption with
-// other key options. The option you use depends on whether you want to use
-// KMS keys (SSE-KMS) or provide your own encryption key (SSE-C). If you choose
-// to provide your own encryption key, the request headers you provide in the
-// request must match the headers you used in the request to initiate the upload
-// by using CreateMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html).
-// For more information, go to Using Server-Side Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html)
-// in the Amazon S3 User Guide.
-//
-// Server-side encryption is supported by the S3 Multipart Upload actions. Unless
-// you are using a customer-provided encryption key (SSE-C), you don't need
-// to specify the encryption parameters in each UploadPart request. Instead,
-// you only need to specify the server-side encryption parameters in the initial
-// Initiate Multipart request. For more information, see CreateMultipartUpload
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html).
-//
-// If you requested server-side encryption using a customer-provided encryption
-// key (SSE-C) in your initiate multipart upload request, you must provide identical
-// encryption information in each part upload using the following headers.
-//
-//   - x-amz-server-side-encryption-customer-algorithm
-//
-//   - x-amz-server-side-encryption-customer-key
-//
-//   - x-amz-server-side-encryption-customer-key-MD5
-//
-// UploadPart has the following special errors:
-//
-//   - Code: NoSuchUpload Cause: The specified multipart upload does not exist.
-//     The upload ID might be invalid, or the multipart upload might have been
-//     aborted or completed. HTTP Status Code: 404 Not Found SOAP Fault Code
-//     Prefix: Client
-//
-// The following operations are related to UploadPart:
-//
-//   - CreateMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html)
-//
-//   - CompleteMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CompleteMultipartUpload.html)
-//
-//   - AbortMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_AbortMultipartUpload.html)
-//
-//   - ListParts (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListParts.html)
-//
-//   - ListMultipartUploads (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListMultipartUploads.html)
-//
-// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
-// with awserr.Error's Code and Message methods to get detailed information about
-// the error.
-//
-// See the AWS API reference guide for Amazon Simple Storage Service's
-// API operation UploadPart for usage and error information.
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/UploadPart
-func (c *S3) UploadPart(input *UploadPartInput) (*UploadPartOutput, error) {
-	req, out := c.UploadPartRequest(input)
-	return out, req.Send()
-}
-
-// UploadPartWithContext is the same as UploadPart with the addition of
-// the ability to pass a context and additional request options.
-//
-// See UploadPart for details on how to use this API operation.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-func (c *S3) UploadPartWithContext(ctx aws.Context, input *UploadPartInput, opts ...request.Option) (*UploadPartOutput, error) {
-	req, out := c.UploadPartRequest(input)
-	req.SetContext(ctx)
-	req.ApplyOptions(opts...)
-	return out, req.Send()
-}
-
-const opUploadPartCopy = "UploadPartCopy"
-
-// UploadPartCopyRequest generates a "aws/request.Request" representing the
-// client's request for the UploadPartCopy operation. The "output" return
-// value will be populated with the request's response once the request completes
-// successfully.
-//
-// Use "Send" method on the returned Request to send the API call to the service.
-// the "output" return value is not valid until after Send returns without error.
-//
-// See UploadPartCopy for more information on using the UploadPartCopy
-// API call, and error handling.
-//
-// This method is useful when you want to inject custom logic or configuration
-// into the SDK's request lifecycle. Such as custom headers, or retry logic.
-//
-//	// Example sending a request using the UploadPartCopyRequest method.
-//	req, resp := client.UploadPartCopyRequest(params)
-//
-//	err := req.Send()
-//	if err == nil { // resp is now filled
-//	    fmt.Println(resp)
-//	}
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/UploadPartCopy
-func (c *S3) UploadPartCopyRequest(input *UploadPartCopyInput) (req *request.Request, output *UploadPartCopyOutput) {
-	op := &request.Operation{
-		Name:       opUploadPartCopy,
-		HTTPMethod: "PUT",
-		HTTPPath:   "/{Bucket}/{Key+}",
-	}
-
-	if input == nil {
-		input = &UploadPartCopyInput{}
-	}
-
-	output = &UploadPartCopyOutput{}
-	req = c.newRequest(op, input, output)
-	return
-}
-
-// UploadPartCopy API operation for Amazon Simple Storage Service.
-//
-// Uploads a part by copying data from an existing object as data source. You
-// specify the data source by adding the request header x-amz-copy-source in
-// your request and a byte range by adding the request header x-amz-copy-source-range
-// in your request.
-//
-// For information about maximum and minimum part sizes and other multipart
-// upload specifications, see Multipart upload limits (https://docs.aws.amazon.com/AmazonS3/latest/userguide/qfacts.html)
-// in the Amazon S3 User Guide.
-//
-// Instead of using an existing object as part data, you might use the UploadPart
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html) action
-// and provide data in your request.
-//
-// You must initiate a multipart upload before you can upload any part. In response
-// to your initiate request. Amazon S3 returns a unique identifier, the upload
-// ID, that you must include in your upload part request.
-//
-// For more information about using the UploadPartCopy operation, see the following:
-//
-//   - For conceptual information about multipart uploads, see Uploading Objects
-//     Using Multipart Upload (https://docs.aws.amazon.com/AmazonS3/latest/dev/uploadobjusingmpu.html)
-//     in the Amazon S3 User Guide.
-//
-//   - For information about permissions required to use the multipart upload
-//     API, see Multipart Upload and Permissions (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html)
-//     in the Amazon S3 User Guide.
-//
-//   - For information about copying objects using a single atomic action vs.
-//     a multipart upload, see Operations on Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectOperations.html)
-//     in the Amazon S3 User Guide.
-//
-//   - For information about using server-side encryption with customer-provided
-//     encryption keys with the UploadPartCopy operation, see CopyObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html)
-//     and UploadPart (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html).
-//
-// Note the following additional considerations about the request headers x-amz-copy-source-if-match,
-// x-amz-copy-source-if-none-match, x-amz-copy-source-if-unmodified-since, and
-// x-amz-copy-source-if-modified-since:
-//
-//   - Consideration 1 - If both of the x-amz-copy-source-if-match and x-amz-copy-source-if-unmodified-since
-//     headers are present in the request as follows: x-amz-copy-source-if-match
-//     condition evaluates to true, and; x-amz-copy-source-if-unmodified-since
-//     condition evaluates to false; Amazon S3 returns 200 OK and copies the
-//     data.
-//
-//   - Consideration 2 - If both of the x-amz-copy-source-if-none-match and
-//     x-amz-copy-source-if-modified-since headers are present in the request
-//     as follows: x-amz-copy-source-if-none-match condition evaluates to false,
-//     and; x-amz-copy-source-if-modified-since condition evaluates to true;
-//     Amazon S3 returns 412 Precondition Failed response code.
-//
-// # Versioning
-//
-// If your bucket has versioning enabled, you could have multiple versions of
-// the same object. By default, x-amz-copy-source identifies the current version
-// of the object to copy. If the current version is a delete marker and you
-// don't specify a versionId in the x-amz-copy-source, Amazon S3 returns a 404
-// error, because the object does not exist. If you specify versionId in the
-// x-amz-copy-source and the versionId is a delete marker, Amazon S3 returns
-// an HTTP 400 error, because you are not allowed to specify a delete marker
-// as a version for the x-amz-copy-source.
-//
-// You can optionally specify a specific version of the source object to copy
-// by adding the versionId subresource as shown in the following example:
-//
-// x-amz-copy-source: /bucket/object?versionId=version id
-//
-// Special errors
-//
-//   - Code: NoSuchUpload Cause: The specified multipart upload does not exist.
-//     The upload ID might be invalid, or the multipart upload might have been
-//     aborted or completed. HTTP Status Code: 404 Not Found
-//
-//   - Code: InvalidRequest Cause: The specified copy source is not supported
-//     as a byte-range copy source. HTTP Status Code: 400 Bad Request
-//
-// The following operations are related to UploadPartCopy:
-//
-//   - CreateMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html)
-//
-//   - UploadPart (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html)
-//
-//   - CompleteMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CompleteMultipartUpload.html)
-//
-//   - AbortMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_AbortMultipartUpload.html)
-//
-//   - ListParts (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListParts.html)
-//
-//   - ListMultipartUploads (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListMultipartUploads.html)
-//
-// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
-// with awserr.Error's Code and Message methods to get detailed information about
-// the error.
-//
-// See the AWS API reference guide for Amazon Simple Storage Service's
-// API operation UploadPartCopy for usage and error information.
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/UploadPartCopy
-func (c *S3) UploadPartCopy(input *UploadPartCopyInput) (*UploadPartCopyOutput, error) {
-	req, out := c.UploadPartCopyRequest(input)
-	return out, req.Send()
-}
-
-// UploadPartCopyWithContext is the same as UploadPartCopy with the addition of
-// the ability to pass a context and additional request options.
-//
-// See UploadPartCopy for details on how to use this API operation.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-func (c *S3) UploadPartCopyWithContext(ctx aws.Context, input *UploadPartCopyInput, opts ...request.Option) (*UploadPartCopyOutput, error) {
-	req, out := c.UploadPartCopyRequest(input)
-	req.SetContext(ctx)
-	req.ApplyOptions(opts...)
-	return out, req.Send()
-}
-
-const opWriteGetObjectResponse = "WriteGetObjectResponse"
-
-// WriteGetObjectResponseRequest generates a "aws/request.Request" representing the
-// client's request for the WriteGetObjectResponse operation. The "output" return
-// value will be populated with the request's response once the request completes
-// successfully.
-//
-// Use "Send" method on the returned Request to send the API call to the service.
-// the "output" return value is not valid until after Send returns without error.
-//
-// See WriteGetObjectResponse for more information on using the WriteGetObjectResponse
-// API call, and error handling.
-//
-// This method is useful when you want to inject custom logic or configuration
-// into the SDK's request lifecycle. Such as custom headers, or retry logic.
-//
-//	// Example sending a request using the WriteGetObjectResponseRequest method.
-//	req, resp := client.WriteGetObjectResponseRequest(params)
-//
-//	err := req.Send()
-//	if err == nil { // resp is now filled
-//	    fmt.Println(resp)
-//	}
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/WriteGetObjectResponse
-func (c *S3) WriteGetObjectResponseRequest(input *WriteGetObjectResponseInput) (req *request.Request, output *WriteGetObjectResponseOutput) {
-	op := &request.Operation{
-		Name:       opWriteGetObjectResponse,
-		HTTPMethod: "POST",
-		HTTPPath:   "/WriteGetObjectResponse",
-	}
-
-	if input == nil {
-		input = &WriteGetObjectResponseInput{}
-	}
-
-	output = &WriteGetObjectResponseOutput{}
-	req = c.newRequest(op, input, output)
-	req.Handlers.Sign.Remove(v4.SignRequestHandler)
-	handler := v4.BuildNamedHandler("v4.CustomSignerHandler", v4.WithUnsignedPayload)
-	req.Handlers.Sign.PushFrontNamed(handler)
-	req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
-	req.Handlers.Build.PushBackNamed(protocol.NewHostPrefixHandler("{RequestRoute}.", input.hostLabels))
-	req.Handlers.Build.PushBackNamed(protocol.ValidateEndpointHostHandler)
-	return
-}
-
-// WriteGetObjectResponse API operation for Amazon Simple Storage Service.
-//
-// Passes transformed objects to a GetObject operation when using Object Lambda
-// access points. For information about Object Lambda access points, see Transforming
-// objects with Object Lambda access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/transforming-objects.html)
-// in the Amazon S3 User Guide.
-//
-// This operation supports metadata that can be returned by GetObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html),
-// in addition to RequestRoute, RequestToken, StatusCode, ErrorCode, and ErrorMessage.
-// The GetObject response metadata is supported so that the WriteGetObjectResponse
-// caller, typically an Lambda function, can provide the same metadata when
-// it internally invokes GetObject. When WriteGetObjectResponse is called by
-// a customer-owned Lambda function, the metadata returned to the end user GetObject
-// call might differ from what Amazon S3 would normally return.
-//
-// You can include any number of metadata headers. When including a metadata
-// header, it should be prefaced with x-amz-meta. For example, x-amz-meta-my-custom-header:
-// MyCustomValue. The primary use case for this is to forward GetObject metadata.
-//
-// Amazon Web Services provides some prebuilt Lambda functions that you can
-// use with S3 Object Lambda to detect and redact personally identifiable information
-// (PII) and decompress S3 objects. These Lambda functions are available in
-// the Amazon Web Services Serverless Application Repository, and can be selected
-// through the Amazon Web Services Management Console when you create your Object
-// Lambda access point.
-//
-// Example 1: PII Access Control - This Lambda function uses Amazon Comprehend,
-// a natural language processing (NLP) service using machine learning to find
-// insights and relationships in text. It automatically detects personally identifiable
-// information (PII) such as names, addresses, dates, credit card numbers, and
-// social security numbers from documents in your Amazon S3 bucket.
-//
-// Example 2: PII Redaction - This Lambda function uses Amazon Comprehend, a
-// natural language processing (NLP) service using machine learning to find
-// insights and relationships in text. It automatically redacts personally identifiable
-// information (PII) such as names, addresses, dates, credit card numbers, and
-// social security numbers from documents in your Amazon S3 bucket.
-//
-// Example 3: Decompression - The Lambda function S3ObjectLambdaDecompression,
-// is equipped to decompress objects stored in S3 in one of six compressed file
-// formats including bzip2, gzip, snappy, zlib, zstandard and ZIP.
-//
-// For information on how to view and use these functions, see Using Amazon
-// Web Services built Lambda functions (https://docs.aws.amazon.com/AmazonS3/latest/userguide/olap-examples.html)
-// in the Amazon S3 User Guide.
-//
-// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
-// with awserr.Error's Code and Message methods to get detailed information about
-// the error.
-//
-// See the AWS API reference guide for Amazon Simple Storage Service's
-// API operation WriteGetObjectResponse for usage and error information.
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/WriteGetObjectResponse
-func (c *S3) WriteGetObjectResponse(input *WriteGetObjectResponseInput) (*WriteGetObjectResponseOutput, error) {
-	req, out := c.WriteGetObjectResponseRequest(input)
-	return out, req.Send()
-}
-
-// WriteGetObjectResponseWithContext is the same as WriteGetObjectResponse with the addition of
-// the ability to pass a context and additional request options.
-//
-// See WriteGetObjectResponse for details on how to use this API operation.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-func (c *S3) WriteGetObjectResponseWithContext(ctx aws.Context, input *WriteGetObjectResponseInput, opts ...request.Option) (*WriteGetObjectResponseOutput, error) {
-	req, out := c.WriteGetObjectResponseRequest(input)
-	req.SetContext(ctx)
-	req.ApplyOptions(opts...)
-	return out, req.Send()
-}
-
-// Specifies the days since the initiation of an incomplete multipart upload
-// that Amazon S3 will wait before permanently removing all parts of the upload.
-// For more information, see Aborting Incomplete Multipart Uploads Using a Bucket
-// Lifecycle Configuration (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html#mpu-abort-incomplete-mpu-lifecycle-config)
-// in the Amazon S3 User Guide.
-type AbortIncompleteMultipartUpload struct {
-	_ struct{} `type:"structure"`
-
-	// Specifies the number of days after which Amazon S3 aborts an incomplete multipart
-	// upload.
-	DaysAfterInitiation *int64 `type:"integer"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s AbortIncompleteMultipartUpload) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s AbortIncompleteMultipartUpload) GoString() string {
-	return s.String()
-}
-
-// SetDaysAfterInitiation sets the DaysAfterInitiation field's value.
-func (s *AbortIncompleteMultipartUpload) SetDaysAfterInitiation(v int64) *AbortIncompleteMultipartUpload {
-	s.DaysAfterInitiation = &v
-	return s
-}
-
-type AbortMultipartUploadInput struct {
-	_ struct{} `locationName:"AbortMultipartUploadRequest" type:"structure"`
-
-	// The bucket name to which the upload was taking place.
-	//
-	// When using this action with an access point, you must direct requests to
-	// the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com.
-	// When using this action with an access point through the Amazon Web Services
-	// SDKs, you provide the access point ARN in place of the bucket name. For more
-	// information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
-	// in the Amazon S3 User Guide.
-	//
-	// When you use this action with Amazon S3 on Outposts, you must direct requests
-	// to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form
-	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When
-	// you use this action with S3 on Outposts through the Amazon Web Services SDKs,
-	// you provide the Outposts access point ARN in place of the bucket name. For
-	// more information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
-	// in the Amazon S3 User Guide.
-	//
-	// Bucket is a required field
-	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
-
-	// The account ID of the expected bucket owner. If the bucket is owned by a
-	// different account, the request fails with the HTTP status code 403 Forbidden
-	// (access denied).
-	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
-
-	// Key of the object for which the multipart upload was initiated.
-	//
-	// Key is a required field
-	Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"`
-
-	// Confirms that the requester knows that they will be charged for the request.
-	// Bucket owners need not specify this parameter in their requests. For information
-	// about downloading objects from Requester Pays buckets, see Downloading Objects
-	// in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
-	// in the Amazon S3 User Guide.
-	RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"`
-
-	// Upload ID that identifies the multipart upload.
-	//
-	// UploadId is a required field
-	UploadId *string `location:"querystring" locationName:"uploadId" type:"string" required:"true"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s AbortMultipartUploadInput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s AbortMultipartUploadInput) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *AbortMultipartUploadInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "AbortMultipartUploadInput"}
-	if s.Bucket == nil {
-		invalidParams.Add(request.NewErrParamRequired("Bucket"))
-	}
-	if s.Bucket != nil && len(*s.Bucket) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
-	}
-	if s.Key == nil {
-		invalidParams.Add(request.NewErrParamRequired("Key"))
-	}
-	if s.Key != nil && len(*s.Key) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Key", 1))
-	}
-	if s.UploadId == nil {
-		invalidParams.Add(request.NewErrParamRequired("UploadId"))
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetBucket sets the Bucket field's value.
-func (s *AbortMultipartUploadInput) SetBucket(v string) *AbortMultipartUploadInput {
-	s.Bucket = &v
-	return s
-}
-
-func (s *AbortMultipartUploadInput) getBucket() (v string) {
-	if s.Bucket == nil {
-		return v
-	}
-	return *s.Bucket
-}
-
-// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
-func (s *AbortMultipartUploadInput) SetExpectedBucketOwner(v string) *AbortMultipartUploadInput {
-	s.ExpectedBucketOwner = &v
-	return s
-}
-
-// SetKey sets the Key field's value.
-func (s *AbortMultipartUploadInput) SetKey(v string) *AbortMultipartUploadInput {
-	s.Key = &v
-	return s
-}
-
-// SetRequestPayer sets the RequestPayer field's value.
-func (s *AbortMultipartUploadInput) SetRequestPayer(v string) *AbortMultipartUploadInput {
-	s.RequestPayer = &v
-	return s
-}
-
-// SetUploadId sets the UploadId field's value.
-func (s *AbortMultipartUploadInput) SetUploadId(v string) *AbortMultipartUploadInput {
-	s.UploadId = &v
-	return s
-}
-
-func (s *AbortMultipartUploadInput) getEndpointARN() (arn.Resource, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	return parseEndpointARN(*s.Bucket)
-}
-
-func (s *AbortMultipartUploadInput) hasEndpointARN() bool {
-	if s.Bucket == nil {
-		return false
-	}
-	return arn.IsARN(*s.Bucket)
-}
-
-// updateArnableField updates the value of the input field that
-// takes an ARN as an input. This method is useful to backfill
-// the parsed resource name from ARN into the input member.
-// It returns a pointer to a modified copy of input and an error.
-// Note that original input is not modified.
-func (s AbortMultipartUploadInput) updateArnableField(v string) (interface{}, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	s.Bucket = aws.String(v)
-	return &s, nil
-}
-
-type AbortMultipartUploadOutput struct {
-	_ struct{} `type:"structure"`
-
-	// If present, indicates that the requester was successfully charged for the
-	// request.
-	RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s AbortMultipartUploadOutput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s AbortMultipartUploadOutput) GoString() string {
-	return s.String()
-}
-
-// SetRequestCharged sets the RequestCharged field's value.
-func (s *AbortMultipartUploadOutput) SetRequestCharged(v string) *AbortMultipartUploadOutput {
-	s.RequestCharged = &v
-	return s
-}
-
-// Configures the transfer acceleration state for an Amazon S3 bucket. For more
-// information, see Amazon S3 Transfer Acceleration (https://docs.aws.amazon.com/AmazonS3/latest/dev/transfer-acceleration.html)
-// in the Amazon S3 User Guide.
-type AccelerateConfiguration struct {
-	_ struct{} `type:"structure"`
-
-	// Specifies the transfer acceleration status of the bucket.
-	Status *string `type:"string" enum:"BucketAccelerateStatus"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s AccelerateConfiguration) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s AccelerateConfiguration) GoString() string {
-	return s.String()
-}
-
-// SetStatus sets the Status field's value.
-func (s *AccelerateConfiguration) SetStatus(v string) *AccelerateConfiguration {
-	s.Status = &v
-	return s
-}
-
-// Contains the elements that set the ACL permissions for an object per grantee.
-type AccessControlPolicy struct {
-	_ struct{} `type:"structure"`
-
-	// A list of grants.
-	Grants []*Grant `locationName:"AccessControlList" locationNameList:"Grant" type:"list"`
-
-	// Container for the bucket owner's display name and ID.
-	Owner *Owner `type:"structure"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s AccessControlPolicy) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s AccessControlPolicy) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *AccessControlPolicy) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "AccessControlPolicy"}
-	if s.Grants != nil {
-		for i, v := range s.Grants {
-			if v == nil {
-				continue
-			}
-			if err := v.Validate(); err != nil {
-				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Grants", i), err.(request.ErrInvalidParams))
-			}
-		}
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetGrants sets the Grants field's value.
-func (s *AccessControlPolicy) SetGrants(v []*Grant) *AccessControlPolicy {
-	s.Grants = v
-	return s
-}
-
-// SetOwner sets the Owner field's value.
-func (s *AccessControlPolicy) SetOwner(v *Owner) *AccessControlPolicy {
-	s.Owner = v
-	return s
-}
-
-// A container for information about access control for replicas.
-type AccessControlTranslation struct {
-	_ struct{} `type:"structure"`
-
-	// Specifies the replica ownership. For default and valid values, see PUT bucket
-	// replication (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTreplication.html)
-	// in the Amazon S3 API Reference.
-	//
-	// Owner is a required field
-	Owner *string `type:"string" required:"true" enum:"OwnerOverride"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s AccessControlTranslation) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s AccessControlTranslation) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *AccessControlTranslation) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "AccessControlTranslation"}
-	if s.Owner == nil {
-		invalidParams.Add(request.NewErrParamRequired("Owner"))
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetOwner sets the Owner field's value.
-func (s *AccessControlTranslation) SetOwner(v string) *AccessControlTranslation {
-	s.Owner = &v
-	return s
-}
-
-// A conjunction (logical AND) of predicates, which is used in evaluating a
-// metrics filter. The operator must have at least two predicates in any combination,
-// and an object must match all of the predicates for the filter to apply.
-type AnalyticsAndOperator struct {
-	_ struct{} `type:"structure"`
-
-	// The prefix to use when evaluating an AND predicate: The prefix that an object
-	// must have to be included in the metrics results.
-	Prefix *string `type:"string"`
-
-	// The list of tags to use when evaluating an AND predicate.
-	Tags []*Tag `locationName:"Tag" locationNameList:"Tag" type:"list" flattened:"true"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s AnalyticsAndOperator) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s AnalyticsAndOperator) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *AnalyticsAndOperator) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "AnalyticsAndOperator"}
-	if s.Tags != nil {
-		for i, v := range s.Tags {
-			if v == nil {
-				continue
-			}
-			if err := v.Validate(); err != nil {
-				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams))
-			}
-		}
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetPrefix sets the Prefix field's value.
-func (s *AnalyticsAndOperator) SetPrefix(v string) *AnalyticsAndOperator {
-	s.Prefix = &v
-	return s
-}
-
-// SetTags sets the Tags field's value.
-func (s *AnalyticsAndOperator) SetTags(v []*Tag) *AnalyticsAndOperator {
-	s.Tags = v
-	return s
-}
-
-// Specifies the configuration and any analyses for the analytics filter of
-// an Amazon S3 bucket.
-type AnalyticsConfiguration struct {
-	_ struct{} `type:"structure"`
-
-	// The filter used to describe a set of objects for analyses. A filter must
-	// have exactly one prefix, one tag, or one conjunction (AnalyticsAndOperator).
-	// If no filter is provided, all objects will be considered in any analysis.
-	Filter *AnalyticsFilter `type:"structure"`
-
-	// The ID that identifies the analytics configuration.
-	//
-	// Id is a required field
-	Id *string `type:"string" required:"true"`
-
-	// Contains data related to access patterns to be collected and made available
-	// to analyze the tradeoffs between different storage classes.
-	//
-	// StorageClassAnalysis is a required field
-	StorageClassAnalysis *StorageClassAnalysis `type:"structure" required:"true"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s AnalyticsConfiguration) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s AnalyticsConfiguration) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *AnalyticsConfiguration) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "AnalyticsConfiguration"}
-	if s.Id == nil {
-		invalidParams.Add(request.NewErrParamRequired("Id"))
-	}
-	if s.StorageClassAnalysis == nil {
-		invalidParams.Add(request.NewErrParamRequired("StorageClassAnalysis"))
-	}
-	if s.Filter != nil {
-		if err := s.Filter.Validate(); err != nil {
-			invalidParams.AddNested("Filter", err.(request.ErrInvalidParams))
-		}
-	}
-	if s.StorageClassAnalysis != nil {
-		if err := s.StorageClassAnalysis.Validate(); err != nil {
-			invalidParams.AddNested("StorageClassAnalysis", err.(request.ErrInvalidParams))
-		}
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetFilter sets the Filter field's value.
-func (s *AnalyticsConfiguration) SetFilter(v *AnalyticsFilter) *AnalyticsConfiguration {
-	s.Filter = v
-	return s
-}
-
-// SetId sets the Id field's value.
-func (s *AnalyticsConfiguration) SetId(v string) *AnalyticsConfiguration {
-	s.Id = &v
-	return s
-}
-
-// SetStorageClassAnalysis sets the StorageClassAnalysis field's value.
-func (s *AnalyticsConfiguration) SetStorageClassAnalysis(v *StorageClassAnalysis) *AnalyticsConfiguration {
-	s.StorageClassAnalysis = v
-	return s
-}
-
-// Where to publish the analytics results.
-type AnalyticsExportDestination struct {
-	_ struct{} `type:"structure"`
-
-	// A destination signifying output to an S3 bucket.
-	//
-	// S3BucketDestination is a required field
-	S3BucketDestination *AnalyticsS3BucketDestination `type:"structure" required:"true"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s AnalyticsExportDestination) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s AnalyticsExportDestination) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *AnalyticsExportDestination) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "AnalyticsExportDestination"}
-	if s.S3BucketDestination == nil {
-		invalidParams.Add(request.NewErrParamRequired("S3BucketDestination"))
-	}
-	if s.S3BucketDestination != nil {
-		if err := s.S3BucketDestination.Validate(); err != nil {
-			invalidParams.AddNested("S3BucketDestination", err.(request.ErrInvalidParams))
-		}
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetS3BucketDestination sets the S3BucketDestination field's value.
-func (s *AnalyticsExportDestination) SetS3BucketDestination(v *AnalyticsS3BucketDestination) *AnalyticsExportDestination {
-	s.S3BucketDestination = v
-	return s
-}
-
-// The filter used to describe a set of objects for analyses. A filter must
-// have exactly one prefix, one tag, or one conjunction (AnalyticsAndOperator).
-// If no filter is provided, all objects will be considered in any analysis.
-type AnalyticsFilter struct {
-	_ struct{} `type:"structure"`
-
-	// A conjunction (logical AND) of predicates, which is used in evaluating an
-	// analytics filter. The operator must have at least two predicates.
-	And *AnalyticsAndOperator `type:"structure"`
-
-	// The prefix to use when evaluating an analytics filter.
-	Prefix *string `type:"string"`
-
-	// The tag to use when evaluating an analytics filter.
-	Tag *Tag `type:"structure"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s AnalyticsFilter) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s AnalyticsFilter) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *AnalyticsFilter) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "AnalyticsFilter"}
-	if s.And != nil {
-		if err := s.And.Validate(); err != nil {
-			invalidParams.AddNested("And", err.(request.ErrInvalidParams))
-		}
-	}
-	if s.Tag != nil {
-		if err := s.Tag.Validate(); err != nil {
-			invalidParams.AddNested("Tag", err.(request.ErrInvalidParams))
-		}
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetAnd sets the And field's value.
-func (s *AnalyticsFilter) SetAnd(v *AnalyticsAndOperator) *AnalyticsFilter {
-	s.And = v
-	return s
-}
-
-// SetPrefix sets the Prefix field's value.
-func (s *AnalyticsFilter) SetPrefix(v string) *AnalyticsFilter {
-	s.Prefix = &v
-	return s
-}
-
-// SetTag sets the Tag field's value.
-func (s *AnalyticsFilter) SetTag(v *Tag) *AnalyticsFilter {
-	s.Tag = v
-	return s
-}
-
-// Contains information about where to publish the analytics results.
-type AnalyticsS3BucketDestination struct {
-	_ struct{} `type:"structure"`
-
-	// The Amazon Resource Name (ARN) of the bucket to which data is exported.
-	//
-	// Bucket is a required field
-	Bucket *string `type:"string" required:"true"`
-
-	// The account ID that owns the destination S3 bucket. If no account ID is provided,
-	// the owner is not validated before exporting data.
-	//
-	// Although this value is optional, we strongly recommend that you set it to
-	// help prevent problems if the destination bucket ownership changes.
-	BucketAccountId *string `type:"string"`
-
-	// Specifies the file format used when exporting data to Amazon S3.
-	//
-	// Format is a required field
-	Format *string `type:"string" required:"true" enum:"AnalyticsS3ExportFileFormat"`
-
-	// The prefix to use when exporting data. The prefix is prepended to all results.
-	Prefix *string `type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s AnalyticsS3BucketDestination) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s AnalyticsS3BucketDestination) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *AnalyticsS3BucketDestination) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "AnalyticsS3BucketDestination"}
-	if s.Bucket == nil {
-		invalidParams.Add(request.NewErrParamRequired("Bucket"))
-	}
-	if s.Format == nil {
-		invalidParams.Add(request.NewErrParamRequired("Format"))
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetBucket sets the Bucket field's value.
-func (s *AnalyticsS3BucketDestination) SetBucket(v string) *AnalyticsS3BucketDestination {
-	s.Bucket = &v
-	return s
-}
-
-func (s *AnalyticsS3BucketDestination) getBucket() (v string) {
-	if s.Bucket == nil {
-		return v
-	}
-	return *s.Bucket
-}
-
-// SetBucketAccountId sets the BucketAccountId field's value.
-func (s *AnalyticsS3BucketDestination) SetBucketAccountId(v string) *AnalyticsS3BucketDestination {
-	s.BucketAccountId = &v
-	return s
-}
-
-// SetFormat sets the Format field's value.
-func (s *AnalyticsS3BucketDestination) SetFormat(v string) *AnalyticsS3BucketDestination {
-	s.Format = &v
-	return s
-}
-
-// SetPrefix sets the Prefix field's value.
-func (s *AnalyticsS3BucketDestination) SetPrefix(v string) *AnalyticsS3BucketDestination {
-	s.Prefix = &v
-	return s
-}
-
-// In terms of implementation, a Bucket is a resource. An Amazon S3 bucket name
-// is globally unique, and the namespace is shared by all Amazon Web Services
-// accounts.
-type Bucket struct {
-	_ struct{} `type:"structure"`
-
-	// Date the bucket was created. This date can change when making changes to
-	// your bucket, such as editing its bucket policy.
-	CreationDate *time.Time `type:"timestamp"`
-
-	// The name of the bucket.
-	Name *string `type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s Bucket) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s Bucket) GoString() string {
-	return s.String()
-}
-
-// SetCreationDate sets the CreationDate field's value.
-func (s *Bucket) SetCreationDate(v time.Time) *Bucket {
-	s.CreationDate = &v
-	return s
-}
-
-// SetName sets the Name field's value.
-func (s *Bucket) SetName(v string) *Bucket {
-	s.Name = &v
-	return s
-}
-
-// Specifies the lifecycle configuration for objects in an Amazon S3 bucket.
-// For more information, see Object Lifecycle Management (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html)
-// in the Amazon S3 User Guide.
-type BucketLifecycleConfiguration struct {
-	_ struct{} `type:"structure"`
-
-	// A lifecycle rule for individual objects in an Amazon S3 bucket.
-	//
-	// Rules is a required field
-	Rules []*LifecycleRule `locationName:"Rule" type:"list" flattened:"true" required:"true"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s BucketLifecycleConfiguration) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s BucketLifecycleConfiguration) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *BucketLifecycleConfiguration) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "BucketLifecycleConfiguration"}
-	if s.Rules == nil {
-		invalidParams.Add(request.NewErrParamRequired("Rules"))
-	}
-	if s.Rules != nil {
-		for i, v := range s.Rules {
-			if v == nil {
-				continue
-			}
-			if err := v.Validate(); err != nil {
-				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Rules", i), err.(request.ErrInvalidParams))
-			}
-		}
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetRules sets the Rules field's value.
-func (s *BucketLifecycleConfiguration) SetRules(v []*LifecycleRule) *BucketLifecycleConfiguration {
-	s.Rules = v
-	return s
-}
-
-// Container for logging status information.
-type BucketLoggingStatus struct {
-	_ struct{} `type:"structure"`
-
-	// Describes where logs are stored and the prefix that Amazon S3 assigns to
-	// all log object keys for a bucket. For more information, see PUT Bucket logging
-	// (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTlogging.html)
-	// in the Amazon S3 API Reference.
-	LoggingEnabled *LoggingEnabled `type:"structure"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s BucketLoggingStatus) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s BucketLoggingStatus) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *BucketLoggingStatus) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "BucketLoggingStatus"}
-	if s.LoggingEnabled != nil {
-		if err := s.LoggingEnabled.Validate(); err != nil {
-			invalidParams.AddNested("LoggingEnabled", err.(request.ErrInvalidParams))
-		}
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetLoggingEnabled sets the LoggingEnabled field's value.
-func (s *BucketLoggingStatus) SetLoggingEnabled(v *LoggingEnabled) *BucketLoggingStatus {
-	s.LoggingEnabled = v
-	return s
-}
-
-// Describes the cross-origin access configuration for objects in an Amazon
-// S3 bucket. For more information, see Enabling Cross-Origin Resource Sharing
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/cors.html) in the Amazon
-// S3 User Guide.
-type CORSConfiguration struct {
-	_ struct{} `type:"structure"`
-
-	// A set of origins and methods (cross-origin access that you want to allow).
-	// You can add up to 100 rules to the configuration.
-	//
-	// CORSRules is a required field
-	CORSRules []*CORSRule `locationName:"CORSRule" type:"list" flattened:"true" required:"true"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s CORSConfiguration) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s CORSConfiguration) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *CORSConfiguration) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "CORSConfiguration"}
-	if s.CORSRules == nil {
-		invalidParams.Add(request.NewErrParamRequired("CORSRules"))
-	}
-	if s.CORSRules != nil {
-		for i, v := range s.CORSRules {
-			if v == nil {
-				continue
-			}
-			if err := v.Validate(); err != nil {
-				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "CORSRules", i), err.(request.ErrInvalidParams))
-			}
-		}
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetCORSRules sets the CORSRules field's value.
-func (s *CORSConfiguration) SetCORSRules(v []*CORSRule) *CORSConfiguration {
-	s.CORSRules = v
-	return s
-}
-
-// Specifies a cross-origin access rule for an Amazon S3 bucket.
-type CORSRule struct {
-	_ struct{} `type:"structure"`
-
-	// Headers that are specified in the Access-Control-Request-Headers header.
-	// These headers are allowed in a preflight OPTIONS request. In response to
-	// any preflight OPTIONS request, Amazon S3 returns any requested headers that
-	// are allowed.
-	AllowedHeaders []*string `locationName:"AllowedHeader" type:"list" flattened:"true"`
-
-	// An HTTP method that you allow the origin to execute. Valid values are GET,
-	// PUT, HEAD, POST, and DELETE.
-	//
-	// AllowedMethods is a required field
-	AllowedMethods []*string `locationName:"AllowedMethod" type:"list" flattened:"true" required:"true"`
-
-	// One or more origins you want customers to be able to access the bucket from.
-	//
-	// AllowedOrigins is a required field
-	AllowedOrigins []*string `locationName:"AllowedOrigin" type:"list" flattened:"true" required:"true"`
-
-	// One or more headers in the response that you want customers to be able to
-	// access from their applications (for example, from a JavaScript XMLHttpRequest
-	// object).
-	ExposeHeaders []*string `locationName:"ExposeHeader" type:"list" flattened:"true"`
-
-	// Unique identifier for the rule. The value cannot be longer than 255 characters.
-	ID *string `type:"string"`
-
-	// The time in seconds that your browser is to cache the preflight response
-	// for the specified resource.
-	MaxAgeSeconds *int64 `type:"integer"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s CORSRule) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s CORSRule) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *CORSRule) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "CORSRule"}
-	if s.AllowedMethods == nil {
-		invalidParams.Add(request.NewErrParamRequired("AllowedMethods"))
-	}
-	if s.AllowedOrigins == nil {
-		invalidParams.Add(request.NewErrParamRequired("AllowedOrigins"))
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetAllowedHeaders sets the AllowedHeaders field's value.
-func (s *CORSRule) SetAllowedHeaders(v []*string) *CORSRule {
-	s.AllowedHeaders = v
-	return s
-}
-
-// SetAllowedMethods sets the AllowedMethods field's value.
-func (s *CORSRule) SetAllowedMethods(v []*string) *CORSRule {
-	s.AllowedMethods = v
-	return s
-}
-
-// SetAllowedOrigins sets the AllowedOrigins field's value.
-func (s *CORSRule) SetAllowedOrigins(v []*string) *CORSRule {
-	s.AllowedOrigins = v
-	return s
-}
-
-// SetExposeHeaders sets the ExposeHeaders field's value.
-func (s *CORSRule) SetExposeHeaders(v []*string) *CORSRule {
-	s.ExposeHeaders = v
-	return s
-}
-
-// SetID sets the ID field's value.
-func (s *CORSRule) SetID(v string) *CORSRule {
-	s.ID = &v
-	return s
-}
-
-// SetMaxAgeSeconds sets the MaxAgeSeconds field's value.
-func (s *CORSRule) SetMaxAgeSeconds(v int64) *CORSRule {
-	s.MaxAgeSeconds = &v
-	return s
-}
-
-// Describes how an uncompressed comma-separated values (CSV)-formatted input
-// object is formatted.
-type CSVInput struct {
-	_ struct{} `type:"structure"`
-
-	// Specifies that CSV field values may contain quoted record delimiters and
-	// such records should be allowed. Default value is FALSE. Setting this value
-	// to TRUE may lower performance.
-	AllowQuotedRecordDelimiter *bool `type:"boolean"`
-
-	// A single character used to indicate that a row should be ignored when the
-	// character is present at the start of that row. You can specify any character
-	// to indicate a comment line. The default character is #.
-	//
-	// Default: #
-	Comments *string `type:"string"`
-
-	// A single character used to separate individual fields in a record. You can
-	// specify an arbitrary delimiter.
-	FieldDelimiter *string `type:"string"`
-
-	// Describes the first line of input. Valid values are:
-	//
-	//    * NONE: First line is not a header.
-	//
-	//    * IGNORE: First line is a header, but you can't use the header values
-	//    to indicate the column in an expression. You can use column position (such
-	//    as _1, _2, …) to indicate the column (SELECT s._1 FROM OBJECT s).
-	//
-	//    * Use: First line is a header, and you can use the header value to identify
-	//    a column in an expression (SELECT "name" FROM OBJECT).
-	FileHeaderInfo *string `type:"string" enum:"FileHeaderInfo"`
-
-	// A single character used for escaping when the field delimiter is part of
-	// the value. For example, if the value is a, b, Amazon S3 wraps this field
-	// value in quotation marks, as follows: " a , b ".
-	//
-	// Type: String
-	//
-	// Default: "
-	//
-	// Ancestors: CSV
-	QuoteCharacter *string `type:"string"`
-
-	// A single character used for escaping the quotation mark character inside
-	// an already escaped value. For example, the value """ a , b """ is parsed
-	// as " a , b ".
-	QuoteEscapeCharacter *string `type:"string"`
-
-	// A single character used to separate individual records in the input. Instead
-	// of the default value, you can specify an arbitrary delimiter.
-	RecordDelimiter *string `type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s CSVInput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s CSVInput) GoString() string {
-	return s.String()
-}
-
-// SetAllowQuotedRecordDelimiter sets the AllowQuotedRecordDelimiter field's value.
-func (s *CSVInput) SetAllowQuotedRecordDelimiter(v bool) *CSVInput {
-	s.AllowQuotedRecordDelimiter = &v
-	return s
-}
-
-// SetComments sets the Comments field's value.
-func (s *CSVInput) SetComments(v string) *CSVInput {
-	s.Comments = &v
-	return s
-}
-
-// SetFieldDelimiter sets the FieldDelimiter field's value.
-func (s *CSVInput) SetFieldDelimiter(v string) *CSVInput {
-	s.FieldDelimiter = &v
-	return s
-}
-
-// SetFileHeaderInfo sets the FileHeaderInfo field's value.
-func (s *CSVInput) SetFileHeaderInfo(v string) *CSVInput {
-	s.FileHeaderInfo = &v
-	return s
-}
-
-// SetQuoteCharacter sets the QuoteCharacter field's value.
-func (s *CSVInput) SetQuoteCharacter(v string) *CSVInput {
-	s.QuoteCharacter = &v
-	return s
-}
-
-// SetQuoteEscapeCharacter sets the QuoteEscapeCharacter field's value.
-func (s *CSVInput) SetQuoteEscapeCharacter(v string) *CSVInput {
-	s.QuoteEscapeCharacter = &v
-	return s
-}
-
-// SetRecordDelimiter sets the RecordDelimiter field's value.
-func (s *CSVInput) SetRecordDelimiter(v string) *CSVInput {
-	s.RecordDelimiter = &v
-	return s
-}
-
-// Describes how uncompressed comma-separated values (CSV)-formatted results
-// are formatted.
-type CSVOutput struct {
-	_ struct{} `type:"structure"`
-
-	// The value used to separate individual fields in a record. You can specify
-	// an arbitrary delimiter.
-	FieldDelimiter *string `type:"string"`
-
-	// A single character used for escaping when the field delimiter is part of
-	// the value. For example, if the value is a, b, Amazon S3 wraps this field
-	// value in quotation marks, as follows: " a , b ".
-	QuoteCharacter *string `type:"string"`
-
-	// The single character used for escaping the quote character inside an already
-	// escaped value.
-	QuoteEscapeCharacter *string `type:"string"`
-
-	// Indicates whether to use quotation marks around output fields.
-	//
-	//    * ALWAYS: Always use quotation marks for output fields.
-	//
-	//    * ASNEEDED: Use quotation marks for output fields when needed.
-	QuoteFields *string `type:"string" enum:"QuoteFields"`
-
-	// A single character used to separate individual records in the output. Instead
-	// of the default value, you can specify an arbitrary delimiter.
-	RecordDelimiter *string `type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s CSVOutput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s CSVOutput) GoString() string {
-	return s.String()
-}
-
-// SetFieldDelimiter sets the FieldDelimiter field's value.
-func (s *CSVOutput) SetFieldDelimiter(v string) *CSVOutput {
-	s.FieldDelimiter = &v
-	return s
-}
-
-// SetQuoteCharacter sets the QuoteCharacter field's value.
-func (s *CSVOutput) SetQuoteCharacter(v string) *CSVOutput {
-	s.QuoteCharacter = &v
-	return s
-}
-
-// SetQuoteEscapeCharacter sets the QuoteEscapeCharacter field's value.
-func (s *CSVOutput) SetQuoteEscapeCharacter(v string) *CSVOutput {
-	s.QuoteEscapeCharacter = &v
-	return s
-}
-
-// SetQuoteFields sets the QuoteFields field's value.
-func (s *CSVOutput) SetQuoteFields(v string) *CSVOutput {
-	s.QuoteFields = &v
-	return s
-}
-
-// SetRecordDelimiter sets the RecordDelimiter field's value.
-func (s *CSVOutput) SetRecordDelimiter(v string) *CSVOutput {
-	s.RecordDelimiter = &v
-	return s
-}
-
-// Contains all the possible checksum or digest values for an object.
-type Checksum struct {
-	_ struct{} `type:"structure"`
-
-	// The base64-encoded, 32-bit CRC32 checksum of the object. This will only be
-	// present if it was uploaded with the object. With multipart uploads, this
-	// may not be a checksum value of the object. For more information about how
-	// checksums are calculated with multipart uploads, see Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
-	// in the Amazon S3 User Guide.
-	ChecksumCRC32 *string `type:"string"`
-
-	// The base64-encoded, 32-bit CRC32C checksum of the object. This will only
-	// be present if it was uploaded with the object. With multipart uploads, this
-	// may not be a checksum value of the object. For more information about how
-	// checksums are calculated with multipart uploads, see Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
-	// in the Amazon S3 User Guide.
-	ChecksumCRC32C *string `type:"string"`
-
-	// The base64-encoded, 160-bit SHA-1 digest of the object. This will only be
-	// present if it was uploaded with the object. With multipart uploads, this
-	// may not be a checksum value of the object. For more information about how
-	// checksums are calculated with multipart uploads, see Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
-	// in the Amazon S3 User Guide.
-	ChecksumSHA1 *string `type:"string"`
-
-	// The base64-encoded, 256-bit SHA-256 digest of the object. This will only
-	// be present if it was uploaded with the object. With multipart uploads, this
-	// may not be a checksum value of the object. For more information about how
-	// checksums are calculated with multipart uploads, see Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
-	// in the Amazon S3 User Guide.
-	ChecksumSHA256 *string `type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s Checksum) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s Checksum) GoString() string {
-	return s.String()
-}
-
-// SetChecksumCRC32 sets the ChecksumCRC32 field's value.
-func (s *Checksum) SetChecksumCRC32(v string) *Checksum {
-	s.ChecksumCRC32 = &v
-	return s
-}
-
-// SetChecksumCRC32C sets the ChecksumCRC32C field's value.
-func (s *Checksum) SetChecksumCRC32C(v string) *Checksum {
-	s.ChecksumCRC32C = &v
-	return s
-}
-
-// SetChecksumSHA1 sets the ChecksumSHA1 field's value.
-func (s *Checksum) SetChecksumSHA1(v string) *Checksum {
-	s.ChecksumSHA1 = &v
-	return s
-}
-
-// SetChecksumSHA256 sets the ChecksumSHA256 field's value.
-func (s *Checksum) SetChecksumSHA256(v string) *Checksum {
-	s.ChecksumSHA256 = &v
-	return s
-}
-
-// Container for specifying the Lambda notification configuration.
-type CloudFunctionConfiguration struct {
-	_ struct{} `type:"structure"`
-
-	// Lambda cloud function ARN that Amazon S3 can invoke when it detects events
-	// of the specified type.
-	CloudFunction *string `type:"string"`
-
-	// The bucket event for which to send notifications.
-	//
-	// Deprecated: Event has been deprecated
-	Event *string `deprecated:"true" type:"string" enum:"Event"`
-
-	// Bucket events for which to send notifications.
-	Events []*string `locationName:"Event" type:"list" flattened:"true" enum:"Event"`
-
-	// An optional unique identifier for configurations in a notification configuration.
-	// If you don't provide one, Amazon S3 will assign an ID.
-	Id *string `type:"string"`
-
-	// The role supporting the invocation of the Lambda function
-	InvocationRole *string `type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s CloudFunctionConfiguration) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s CloudFunctionConfiguration) GoString() string {
-	return s.String()
-}
-
-// SetCloudFunction sets the CloudFunction field's value.
-func (s *CloudFunctionConfiguration) SetCloudFunction(v string) *CloudFunctionConfiguration {
-	s.CloudFunction = &v
-	return s
-}
-
-// SetEvent sets the Event field's value.
-func (s *CloudFunctionConfiguration) SetEvent(v string) *CloudFunctionConfiguration {
-	s.Event = &v
-	return s
-}
-
-// SetEvents sets the Events field's value.
-func (s *CloudFunctionConfiguration) SetEvents(v []*string) *CloudFunctionConfiguration {
-	s.Events = v
-	return s
-}
-
-// SetId sets the Id field's value.
-func (s *CloudFunctionConfiguration) SetId(v string) *CloudFunctionConfiguration {
-	s.Id = &v
-	return s
-}
-
-// SetInvocationRole sets the InvocationRole field's value.
-func (s *CloudFunctionConfiguration) SetInvocationRole(v string) *CloudFunctionConfiguration {
-	s.InvocationRole = &v
-	return s
-}
-
-// Container for all (if there are any) keys between Prefix and the next occurrence
-// of the string specified by a delimiter. CommonPrefixes lists keys that act
-// like subdirectories in the directory specified by Prefix. For example, if
-// the prefix is notes/ and the delimiter is a slash (/) as in notes/summer/july,
-// the common prefix is notes/summer/.
-type CommonPrefix struct {
-	_ struct{} `type:"structure"`
-
-	// Container for the specified common prefix.
-	Prefix *string `type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s CommonPrefix) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s CommonPrefix) GoString() string {
-	return s.String()
-}
-
-// SetPrefix sets the Prefix field's value.
-func (s *CommonPrefix) SetPrefix(v string) *CommonPrefix {
-	s.Prefix = &v
-	return s
-}
-
-type CompleteMultipartUploadInput struct {
-	_ struct{} `locationName:"CompleteMultipartUploadRequest" type:"structure" payload:"MultipartUpload"`
-
-	// Name of the bucket to which the multipart upload was initiated.
-	//
-	// When using this action with an access point, you must direct requests to
-	// the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com.
-	// When using this action with an access point through the Amazon Web Services
-	// SDKs, you provide the access point ARN in place of the bucket name. For more
-	// information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
-	// in the Amazon S3 User Guide.
-	//
-	// When you use this action with Amazon S3 on Outposts, you must direct requests
-	// to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form
-	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When
-	// you use this action with S3 on Outposts through the Amazon Web Services SDKs,
-	// you provide the Outposts access point ARN in place of the bucket name. For
-	// more information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
-	// in the Amazon S3 User Guide.
-	//
-	// Bucket is a required field
-	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
-
-	// This header can be used as a data integrity check to verify that the data
-	// received is the same data that was originally sent. This header specifies
-	// the base64-encoded, 32-bit CRC32 checksum of the object. For more information,
-	// see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
-	// in the Amazon S3 User Guide.
-	ChecksumCRC32 *string `location:"header" locationName:"x-amz-checksum-crc32" type:"string"`
-
-	// This header can be used as a data integrity check to verify that the data
-	// received is the same data that was originally sent. This header specifies
-	// the base64-encoded, 32-bit CRC32C checksum of the object. For more information,
-	// see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
-	// in the Amazon S3 User Guide.
-	ChecksumCRC32C *string `location:"header" locationName:"x-amz-checksum-crc32c" type:"string"`
-
-	// This header can be used as a data integrity check to verify that the data
-	// received is the same data that was originally sent. This header specifies
-	// the base64-encoded, 160-bit SHA-1 digest of the object. For more information,
-	// see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
-	// in the Amazon S3 User Guide.
-	ChecksumSHA1 *string `location:"header" locationName:"x-amz-checksum-sha1" type:"string"`
-
-	// This header can be used as a data integrity check to verify that the data
-	// received is the same data that was originally sent. This header specifies
-	// the base64-encoded, 256-bit SHA-256 digest of the object. For more information,
-	// see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
-	// in the Amazon S3 User Guide.
-	ChecksumSHA256 *string `location:"header" locationName:"x-amz-checksum-sha256" type:"string"`
-
-	// The account ID of the expected bucket owner. If the bucket is owned by a
-	// different account, the request fails with the HTTP status code 403 Forbidden
-	// (access denied).
-	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
-
-	// Object key for which the multipart upload was initiated.
-	//
-	// Key is a required field
-	Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"`
-
-	// The container for the multipart upload request information.
-	MultipartUpload *CompletedMultipartUpload `locationName:"CompleteMultipartUpload" type:"structure" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"`
-
-	// Confirms that the requester knows that they will be charged for the request.
-	// Bucket owners need not specify this parameter in their requests. For information
-	// about downloading objects from Requester Pays buckets, see Downloading Objects
-	// in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
-	// in the Amazon S3 User Guide.
-	RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"`
-
-	// The server-side encryption (SSE) algorithm used to encrypt the object. This
-	// parameter is needed only when the object was created using a checksum algorithm.
-	// For more information, see Protecting data using SSE-C keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html)
-	// in the Amazon S3 User Guide.
-	SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"`
-
-	// The server-side encryption (SSE) customer managed key. This parameter is
-	// needed only when the object was created using a checksum algorithm. For more
-	// information, see Protecting data using SSE-C keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html)
-	// in the Amazon S3 User Guide.
-	//
-	// SSECustomerKey is a sensitive parameter and its value will be
-	// replaced with "sensitive" in string returned by CompleteMultipartUploadInput's
-	// String and GoString methods.
-	SSECustomerKey *string `marshal-as:"blob" location:"header" locationName:"x-amz-server-side-encryption-customer-key" type:"string" sensitive:"true"`
-
-	// The MD5 server-side encryption (SSE) customer managed key. This parameter
-	// is needed only when the object was created using a checksum algorithm. For
-	// more information, see Protecting data using SSE-C keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html)
-	// in the Amazon S3 User Guide.
-	SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"`
-
-	// ID for the initiated multipart upload.
-	//
-	// UploadId is a required field
-	UploadId *string `location:"querystring" locationName:"uploadId" type:"string" required:"true"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s CompleteMultipartUploadInput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s CompleteMultipartUploadInput) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *CompleteMultipartUploadInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "CompleteMultipartUploadInput"}
-	if s.Bucket == nil {
-		invalidParams.Add(request.NewErrParamRequired("Bucket"))
-	}
-	if s.Bucket != nil && len(*s.Bucket) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
-	}
-	if s.Key == nil {
-		invalidParams.Add(request.NewErrParamRequired("Key"))
-	}
-	if s.Key != nil && len(*s.Key) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Key", 1))
-	}
-	if s.UploadId == nil {
-		invalidParams.Add(request.NewErrParamRequired("UploadId"))
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetBucket sets the Bucket field's value.
-func (s *CompleteMultipartUploadInput) SetBucket(v string) *CompleteMultipartUploadInput {
-	s.Bucket = &v
-	return s
-}
-
-func (s *CompleteMultipartUploadInput) getBucket() (v string) {
-	if s.Bucket == nil {
-		return v
-	}
-	return *s.Bucket
-}
-
-// SetChecksumCRC32 sets the ChecksumCRC32 field's value.
-func (s *CompleteMultipartUploadInput) SetChecksumCRC32(v string) *CompleteMultipartUploadInput {
-	s.ChecksumCRC32 = &v
-	return s
-}
-
-// SetChecksumCRC32C sets the ChecksumCRC32C field's value.
-func (s *CompleteMultipartUploadInput) SetChecksumCRC32C(v string) *CompleteMultipartUploadInput {
-	s.ChecksumCRC32C = &v
-	return s
-}
-
-// SetChecksumSHA1 sets the ChecksumSHA1 field's value.
-func (s *CompleteMultipartUploadInput) SetChecksumSHA1(v string) *CompleteMultipartUploadInput {
-	s.ChecksumSHA1 = &v
-	return s
-}
-
-// SetChecksumSHA256 sets the ChecksumSHA256 field's value.
-func (s *CompleteMultipartUploadInput) SetChecksumSHA256(v string) *CompleteMultipartUploadInput {
-	s.ChecksumSHA256 = &v
-	return s
-}
-
-// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
-func (s *CompleteMultipartUploadInput) SetExpectedBucketOwner(v string) *CompleteMultipartUploadInput {
-	s.ExpectedBucketOwner = &v
-	return s
-}
-
-// SetKey sets the Key field's value.
-func (s *CompleteMultipartUploadInput) SetKey(v string) *CompleteMultipartUploadInput {
-	s.Key = &v
-	return s
-}
-
-// SetMultipartUpload sets the MultipartUpload field's value.
-func (s *CompleteMultipartUploadInput) SetMultipartUpload(v *CompletedMultipartUpload) *CompleteMultipartUploadInput {
-	s.MultipartUpload = v
-	return s
-}
-
-// SetRequestPayer sets the RequestPayer field's value.
-func (s *CompleteMultipartUploadInput) SetRequestPayer(v string) *CompleteMultipartUploadInput {
-	s.RequestPayer = &v
-	return s
-}
-
-// SetSSECustomerAlgorithm sets the SSECustomerAlgorithm field's value.
-func (s *CompleteMultipartUploadInput) SetSSECustomerAlgorithm(v string) *CompleteMultipartUploadInput {
-	s.SSECustomerAlgorithm = &v
-	return s
-}
-
-// SetSSECustomerKey sets the SSECustomerKey field's value.
-func (s *CompleteMultipartUploadInput) SetSSECustomerKey(v string) *CompleteMultipartUploadInput {
-	s.SSECustomerKey = &v
-	return s
-}
-
-func (s *CompleteMultipartUploadInput) getSSECustomerKey() (v string) {
-	if s.SSECustomerKey == nil {
-		return v
-	}
-	return *s.SSECustomerKey
-}
-
-// SetSSECustomerKeyMD5 sets the SSECustomerKeyMD5 field's value.
-func (s *CompleteMultipartUploadInput) SetSSECustomerKeyMD5(v string) *CompleteMultipartUploadInput {
-	s.SSECustomerKeyMD5 = &v
-	return s
-}
-
-// SetUploadId sets the UploadId field's value.
-func (s *CompleteMultipartUploadInput) SetUploadId(v string) *CompleteMultipartUploadInput {
-	s.UploadId = &v
-	return s
-}
-
-func (s *CompleteMultipartUploadInput) getEndpointARN() (arn.Resource, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	return parseEndpointARN(*s.Bucket)
-}
-
-func (s *CompleteMultipartUploadInput) hasEndpointARN() bool {
-	if s.Bucket == nil {
-		return false
-	}
-	return arn.IsARN(*s.Bucket)
-}
-
-// updateArnableField updates the value of the input field that
-// takes an ARN as an input. This method is useful to backfill
-// the parsed resource name from ARN into the input member.
-// It returns a pointer to a modified copy of input and an error.
-// Note that original input is not modified.
-func (s CompleteMultipartUploadInput) updateArnableField(v string) (interface{}, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	s.Bucket = aws.String(v)
-	return &s, nil
-}
-
-type CompleteMultipartUploadOutput struct {
-	_ struct{} `type:"structure"`
-
-	// The name of the bucket that contains the newly created object. Does not return
-	// the access point ARN or access point alias if used.
-	//
-	// When using this action with an access point, you must direct requests to
-	// the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com.
-	// When using this action with an access point through the Amazon Web Services
-	// SDKs, you provide the access point ARN in place of the bucket name. For more
-	// information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
-	// in the Amazon S3 User Guide.
-	//
-	// When you use this action with Amazon S3 on Outposts, you must direct requests
-	// to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form
-	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When
-	// you use this action with S3 on Outposts through the Amazon Web Services SDKs,
-	// you provide the Outposts access point ARN in place of the bucket name. For
-	// more information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
-	// in the Amazon S3 User Guide.
-	Bucket *string `type:"string"`
-
-	// Indicates whether the multipart upload uses an S3 Bucket Key for server-side
-	// encryption with Key Management Service (KMS) keys (SSE-KMS).
-	BucketKeyEnabled *bool `location:"header" locationName:"x-amz-server-side-encryption-bucket-key-enabled" type:"boolean"`
-
-	// The base64-encoded, 32-bit CRC32 checksum of the object. This will only be
-	// present if it was uploaded with the object. With multipart uploads, this
-	// may not be a checksum value of the object. For more information about how
-	// checksums are calculated with multipart uploads, see Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
-	// in the Amazon S3 User Guide.
-	ChecksumCRC32 *string `type:"string"`
-
-	// The base64-encoded, 32-bit CRC32C checksum of the object. This will only
-	// be present if it was uploaded with the object. With multipart uploads, this
-	// may not be a checksum value of the object. For more information about how
-	// checksums are calculated with multipart uploads, see Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
-	// in the Amazon S3 User Guide.
-	ChecksumCRC32C *string `type:"string"`
-
-	// The base64-encoded, 160-bit SHA-1 digest of the object. This will only be
-	// present if it was uploaded with the object. With multipart uploads, this
-	// may not be a checksum value of the object. For more information about how
-	// checksums are calculated with multipart uploads, see Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
-	// in the Amazon S3 User Guide.
-	ChecksumSHA1 *string `type:"string"`
-
-	// The base64-encoded, 256-bit SHA-256 digest of the object. This will only
-	// be present if it was uploaded with the object. With multipart uploads, this
-	// may not be a checksum value of the object. For more information about how
-	// checksums are calculated with multipart uploads, see Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
-	// in the Amazon S3 User Guide.
-	ChecksumSHA256 *string `type:"string"`
-
-	// Entity tag that identifies the newly created object's data. Objects with
-	// different object data will have different entity tags. The entity tag is
-	// an opaque string. The entity tag may or may not be an MD5 digest of the object
-	// data. If the entity tag is not an MD5 digest of the object data, it will
-	// contain one or more nonhexadecimal characters and/or will consist of less
-	// than 32 or more than 32 hexadecimal digits. For more information about how
-	// the entity tag is calculated, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
-	// in the Amazon S3 User Guide.
-	ETag *string `type:"string"`
-
-	// If the object expiration is configured, this will contain the expiration
-	// date (expiry-date) and rule ID (rule-id). The value of rule-id is URL-encoded.
-	Expiration *string `location:"header" locationName:"x-amz-expiration" type:"string"`
-
-	// The object key of the newly created object.
-	Key *string `min:"1" type:"string"`
-
-	// The URI that identifies the newly created object.
-	Location *string `type:"string"`
-
-	// If present, indicates that the requester was successfully charged for the
-	// request.
-	RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"`
-
-	// If present, specifies the ID of the Key Management Service (KMS) symmetric
-	// encryption customer managed key that was used for the object.
-	//
-	// SSEKMSKeyId is a sensitive parameter and its value will be
-	// replaced with "sensitive" in string returned by CompleteMultipartUploadOutput's
-	// String and GoString methods.
-	SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"`
-
-	// The server-side encryption algorithm used when storing this object in Amazon
-	// S3 (for example, AES256, aws:kms).
-	ServerSideEncryption *string `location:"header" locationName:"x-amz-server-side-encryption" type:"string" enum:"ServerSideEncryption"`
-
-	// Version ID of the newly created object, in case the bucket has versioning
-	// turned on.
-	VersionId *string `location:"header" locationName:"x-amz-version-id" type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s CompleteMultipartUploadOutput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s CompleteMultipartUploadOutput) GoString() string {
-	return s.String()
-}
-
-// SetBucket sets the Bucket field's value.
-func (s *CompleteMultipartUploadOutput) SetBucket(v string) *CompleteMultipartUploadOutput {
-	s.Bucket = &v
-	return s
-}
-
-func (s *CompleteMultipartUploadOutput) getBucket() (v string) {
-	if s.Bucket == nil {
-		return v
-	}
-	return *s.Bucket
-}
-
-// SetBucketKeyEnabled sets the BucketKeyEnabled field's value.
-func (s *CompleteMultipartUploadOutput) SetBucketKeyEnabled(v bool) *CompleteMultipartUploadOutput {
-	s.BucketKeyEnabled = &v
-	return s
-}
-
-// SetChecksumCRC32 sets the ChecksumCRC32 field's value.
-func (s *CompleteMultipartUploadOutput) SetChecksumCRC32(v string) *CompleteMultipartUploadOutput {
-	s.ChecksumCRC32 = &v
-	return s
-}
-
-// SetChecksumCRC32C sets the ChecksumCRC32C field's value.
-func (s *CompleteMultipartUploadOutput) SetChecksumCRC32C(v string) *CompleteMultipartUploadOutput {
-	s.ChecksumCRC32C = &v
-	return s
-}
-
-// SetChecksumSHA1 sets the ChecksumSHA1 field's value.
-func (s *CompleteMultipartUploadOutput) SetChecksumSHA1(v string) *CompleteMultipartUploadOutput {
-	s.ChecksumSHA1 = &v
-	return s
-}
-
-// SetChecksumSHA256 sets the ChecksumSHA256 field's value.
-func (s *CompleteMultipartUploadOutput) SetChecksumSHA256(v string) *CompleteMultipartUploadOutput {
-	s.ChecksumSHA256 = &v
-	return s
-}
-
-// SetETag sets the ETag field's value.
-func (s *CompleteMultipartUploadOutput) SetETag(v string) *CompleteMultipartUploadOutput {
-	s.ETag = &v
-	return s
-}
-
-// SetExpiration sets the Expiration field's value.
-func (s *CompleteMultipartUploadOutput) SetExpiration(v string) *CompleteMultipartUploadOutput {
-	s.Expiration = &v
-	return s
-}
-
-// SetKey sets the Key field's value.
-func (s *CompleteMultipartUploadOutput) SetKey(v string) *CompleteMultipartUploadOutput {
-	s.Key = &v
-	return s
-}
-
-// SetLocation sets the Location field's value.
-func (s *CompleteMultipartUploadOutput) SetLocation(v string) *CompleteMultipartUploadOutput {
-	s.Location = &v
-	return s
-}
-
-// SetRequestCharged sets the RequestCharged field's value.
-func (s *CompleteMultipartUploadOutput) SetRequestCharged(v string) *CompleteMultipartUploadOutput {
-	s.RequestCharged = &v
-	return s
-}
-
-// SetSSEKMSKeyId sets the SSEKMSKeyId field's value.
-func (s *CompleteMultipartUploadOutput) SetSSEKMSKeyId(v string) *CompleteMultipartUploadOutput {
-	s.SSEKMSKeyId = &v
-	return s
-}
-
-// SetServerSideEncryption sets the ServerSideEncryption field's value.
-func (s *CompleteMultipartUploadOutput) SetServerSideEncryption(v string) *CompleteMultipartUploadOutput {
-	s.ServerSideEncryption = &v
-	return s
-}
-
-// SetVersionId sets the VersionId field's value.
-func (s *CompleteMultipartUploadOutput) SetVersionId(v string) *CompleteMultipartUploadOutput {
-	s.VersionId = &v
-	return s
-}
-
-// The container for the completed multipart upload details.
-type CompletedMultipartUpload struct {
-	_ struct{} `type:"structure"`
-
-	// Array of CompletedPart data types.
-	//
-	// If you do not supply a valid Part with your request, the service sends back
-	// an HTTP 400 response.
-	Parts []*CompletedPart `locationName:"Part" type:"list" flattened:"true"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s CompletedMultipartUpload) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s CompletedMultipartUpload) GoString() string {
-	return s.String()
-}
-
-// SetParts sets the Parts field's value.
-func (s *CompletedMultipartUpload) SetParts(v []*CompletedPart) *CompletedMultipartUpload {
-	s.Parts = v
-	return s
-}
-
-// Details of the parts that were uploaded.
-type CompletedPart struct {
-	_ struct{} `type:"structure"`
-
-	// The base64-encoded, 32-bit CRC32 checksum of the object. This will only be
-	// present if it was uploaded with the object. With multipart uploads, this
-	// may not be a checksum value of the object. For more information about how
-	// checksums are calculated with multipart uploads, see Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
-	// in the Amazon S3 User Guide.
-	ChecksumCRC32 *string `type:"string"`
-
-	// The base64-encoded, 32-bit CRC32C checksum of the object. This will only
-	// be present if it was uploaded with the object. With multipart uploads, this
-	// may not be a checksum value of the object. For more information about how
-	// checksums are calculated with multipart uploads, see Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
-	// in the Amazon S3 User Guide.
-	ChecksumCRC32C *string `type:"string"`
-
-	// The base64-encoded, 160-bit SHA-1 digest of the object. This will only be
-	// present if it was uploaded with the object. With multipart uploads, this
-	// may not be a checksum value of the object. For more information about how
-	// checksums are calculated with multipart uploads, see Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
-	// in the Amazon S3 User Guide.
-	ChecksumSHA1 *string `type:"string"`
-
-	// The base64-encoded, 256-bit SHA-256 digest of the object. This will only
-	// be present if it was uploaded with the object. With multipart uploads, this
-	// may not be a checksum value of the object. For more information about how
-	// checksums are calculated with multipart uploads, see Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
-	// in the Amazon S3 User Guide.
-	ChecksumSHA256 *string `type:"string"`
-
-	// Entity tag returned when the part was uploaded.
-	ETag *string `type:"string"`
-
-	// Part number that identifies the part. This is a positive integer between
-	// 1 and 10,000.
-	PartNumber *int64 `type:"integer"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s CompletedPart) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s CompletedPart) GoString() string {
-	return s.String()
-}
-
-// SetChecksumCRC32 sets the ChecksumCRC32 field's value.
-func (s *CompletedPart) SetChecksumCRC32(v string) *CompletedPart {
-	s.ChecksumCRC32 = &v
-	return s
-}
-
-// SetChecksumCRC32C sets the ChecksumCRC32C field's value.
-func (s *CompletedPart) SetChecksumCRC32C(v string) *CompletedPart {
-	s.ChecksumCRC32C = &v
-	return s
-}
-
-// SetChecksumSHA1 sets the ChecksumSHA1 field's value.
-func (s *CompletedPart) SetChecksumSHA1(v string) *CompletedPart {
-	s.ChecksumSHA1 = &v
-	return s
-}
-
-// SetChecksumSHA256 sets the ChecksumSHA256 field's value.
-func (s *CompletedPart) SetChecksumSHA256(v string) *CompletedPart {
-	s.ChecksumSHA256 = &v
-	return s
-}
-
-// SetETag sets the ETag field's value.
-func (s *CompletedPart) SetETag(v string) *CompletedPart {
-	s.ETag = &v
-	return s
-}
-
-// SetPartNumber sets the PartNumber field's value.
-func (s *CompletedPart) SetPartNumber(v int64) *CompletedPart {
-	s.PartNumber = &v
-	return s
-}
-
-// A container for describing a condition that must be met for the specified
-// redirect to apply. For example, 1. If request is for pages in the /docs folder,
-// redirect to the /documents folder. 2. If request results in HTTP error 4xx,
-// redirect request to another host where you might process the error.
-type Condition struct {
-	_ struct{} `type:"structure"`
-
-	// The HTTP error code when the redirect is applied. In the event of an error,
-	// if the error code equals this value, then the specified redirect is applied.
-	// Required when parent element Condition is specified and sibling KeyPrefixEquals
-	// is not specified. If both are specified, then both must be true for the redirect
-	// to be applied.
-	HttpErrorCodeReturnedEquals *string `type:"string"`
-
-	// The object key name prefix when the redirect is applied. For example, to
-	// redirect requests for ExamplePage.html, the key prefix will be ExamplePage.html.
-	// To redirect request for all pages with the prefix docs/, the key prefix will
-	// be /docs, which identifies all objects in the docs/ folder. Required when
-	// the parent element Condition is specified and sibling HttpErrorCodeReturnedEquals
-	// is not specified. If both conditions are specified, both must be true for
-	// the redirect to be applied.
-	//
-	// Replacement must be made for object keys containing special characters (such
-	// as carriage returns) when using XML requests. For more information, see XML
-	// related object key constraints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints).
-	KeyPrefixEquals *string `type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s Condition) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s Condition) GoString() string {
-	return s.String()
-}
-
-// SetHttpErrorCodeReturnedEquals sets the HttpErrorCodeReturnedEquals field's value.
-func (s *Condition) SetHttpErrorCodeReturnedEquals(v string) *Condition {
-	s.HttpErrorCodeReturnedEquals = &v
-	return s
-}
-
-// SetKeyPrefixEquals sets the KeyPrefixEquals field's value.
-func (s *Condition) SetKeyPrefixEquals(v string) *Condition {
-	s.KeyPrefixEquals = &v
-	return s
-}
-
-type ContinuationEvent struct {
-	_ struct{} `locationName:"ContinuationEvent" type:"structure"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s ContinuationEvent) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s ContinuationEvent) GoString() string {
-	return s.String()
-}
-
-// The ContinuationEvent is and event in the SelectObjectContentEventStream group of events.
-func (s *ContinuationEvent) eventSelectObjectContentEventStream() {}
-
-// UnmarshalEvent unmarshals the EventStream Message into the ContinuationEvent value.
-// This method is only used internally within the SDK's EventStream handling.
-func (s *ContinuationEvent) UnmarshalEvent(
-	payloadUnmarshaler protocol.PayloadUnmarshaler,
-	msg eventstream.Message,
-) error {
-	return nil
-}
-
-// MarshalEvent marshals the type into an stream event value. This method
-// should only used internally within the SDK's EventStream handling.
-func (s *ContinuationEvent) MarshalEvent(pm protocol.PayloadMarshaler) (msg eventstream.Message, err error) {
-	msg.Headers.Set(eventstreamapi.MessageTypeHeader, eventstream.StringValue(eventstreamapi.EventMessageType))
-	return msg, err
-}
-
-type CopyObjectInput struct {
-	_ struct{} `locationName:"CopyObjectRequest" type:"structure"`
-
-	// The canned ACL to apply to the object.
-	//
-	// This action is not supported by Amazon S3 on Outposts.
-	ACL *string `location:"header" locationName:"x-amz-acl" type:"string" enum:"ObjectCannedACL"`
-
-	// The name of the destination bucket.
-	//
-	// When using this action with an access point, you must direct requests to
-	// the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com.
-	// When using this action with an access point through the Amazon Web Services
-	// SDKs, you provide the access point ARN in place of the bucket name. For more
-	// information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
-	// in the Amazon S3 User Guide.
-	//
-	// When you use this action with Amazon S3 on Outposts, you must direct requests
-	// to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form
-	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When
-	// you use this action with S3 on Outposts through the Amazon Web Services SDKs,
-	// you provide the Outposts access point ARN in place of the bucket name. For
-	// more information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
-	// in the Amazon S3 User Guide.
-	//
-	// Bucket is a required field
-	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
-
-	// Specifies whether Amazon S3 should use an S3 Bucket Key for object encryption
-	// with server-side encryption using Key Management Service (KMS) keys (SSE-KMS).
-	// Setting this header to true causes Amazon S3 to use an S3 Bucket Key for
-	// object encryption with SSE-KMS.
-	//
-	// Specifying this header with a COPY action doesn’t affect bucket-level settings
-	// for S3 Bucket Key.
-	BucketKeyEnabled *bool `location:"header" locationName:"x-amz-server-side-encryption-bucket-key-enabled" type:"boolean"`
-
-	// Specifies caching behavior along the request/reply chain.
-	CacheControl *string `location:"header" locationName:"Cache-Control" type:"string"`
-
-	// Indicates the algorithm you want Amazon S3 to use to create the checksum
-	// for the object. For more information, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
-	// in the Amazon S3 User Guide.
-	ChecksumAlgorithm *string `location:"header" locationName:"x-amz-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"`
-
-	// Specifies presentational information for the object.
-	ContentDisposition *string `location:"header" locationName:"Content-Disposition" type:"string"`
-
-	// Specifies what content encodings have been applied to the object and thus
-	// what decoding mechanisms must be applied to obtain the media-type referenced
-	// by the Content-Type header field.
-	ContentEncoding *string `location:"header" locationName:"Content-Encoding" type:"string"`
-
-	// The language the content is in.
-	ContentLanguage *string `location:"header" locationName:"Content-Language" type:"string"`
-
-	// A standard MIME type describing the format of the object data.
-	ContentType *string `location:"header" locationName:"Content-Type" type:"string"`
-
-	// Specifies the source object for the copy operation. You specify the value
-	// in one of two formats, depending on whether you want to access the source
-	// object through an access point (https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-points.html):
-	//
-	//    * For objects not accessed through an access point, specify the name of
-	//    the source bucket and the key of the source object, separated by a slash
-	//    (/). For example, to copy the object reports/january.pdf from the bucket
-	//    awsexamplebucket, use awsexamplebucket/reports/january.pdf. The value
-	//    must be URL-encoded.
-	//
-	//    * For objects accessed through access points, specify the Amazon Resource
-	//    Name (ARN) of the object as accessed through the access point, in the
-	//    format arn:aws:s3:<Region>:<account-id>:accesspoint/<access-point-name>/object/<key>.
-	//    For example, to copy the object reports/january.pdf through access point
-	//    my-access-point owned by account 123456789012 in Region us-west-2, use
-	//    the URL encoding of arn:aws:s3:us-west-2:123456789012:accesspoint/my-access-point/object/reports/january.pdf.
-	//    The value must be URL encoded. Amazon S3 supports copy operations using
-	//    access points only when the source and destination buckets are in the
-	//    same Amazon Web Services Region. Alternatively, for objects accessed through
-	//    Amazon S3 on Outposts, specify the ARN of the object as accessed in the
-	//    format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/object/<key>.
-	//    For example, to copy the object reports/january.pdf through outpost my-outpost
-	//    owned by account 123456789012 in Region us-west-2, use the URL encoding
-	//    of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/object/reports/january.pdf.
-	//    The value must be URL-encoded.
-	//
-	// To copy a specific version of an object, append ?versionId=<version-id> to
-	// the value (for example, awsexamplebucket/reports/january.pdf?versionId=QUpfdndhfd8438MNFDN93jdnJFkdmqnh893).
-	// If you don't specify a version ID, Amazon S3 copies the latest version of
-	// the source object.
-	//
-	// CopySource is a required field
-	CopySource *string `location:"header" locationName:"x-amz-copy-source" type:"string" required:"true"`
-
-	// Copies the object if its entity tag (ETag) matches the specified tag.
-	CopySourceIfMatch *string `location:"header" locationName:"x-amz-copy-source-if-match" type:"string"`
-
-	// Copies the object if it has been modified since the specified time.
-	CopySourceIfModifiedSince *time.Time `location:"header" locationName:"x-amz-copy-source-if-modified-since" type:"timestamp"`
-
-	// Copies the object if its entity tag (ETag) is different than the specified
-	// ETag.
-	CopySourceIfNoneMatch *string `location:"header" locationName:"x-amz-copy-source-if-none-match" type:"string"`
-
-	// Copies the object if it hasn't been modified since the specified time.
-	CopySourceIfUnmodifiedSince *time.Time `location:"header" locationName:"x-amz-copy-source-if-unmodified-since" type:"timestamp"`
-
-	// Specifies the algorithm to use when decrypting the source object (for example,
-	// AES256).
-	CopySourceSSECustomerAlgorithm *string `location:"header" locationName:"x-amz-copy-source-server-side-encryption-customer-algorithm" type:"string"`
-
-	// Specifies the customer-provided encryption key for Amazon S3 to use to decrypt
-	// the source object. The encryption key provided in this header must be one
-	// that was used when the source object was created.
-	//
-	// CopySourceSSECustomerKey is a sensitive parameter and its value will be
-	// replaced with "sensitive" in string returned by CopyObjectInput's
-	// String and GoString methods.
-	CopySourceSSECustomerKey *string `marshal-as:"blob" location:"header" locationName:"x-amz-copy-source-server-side-encryption-customer-key" type:"string" sensitive:"true"`
-
-	// Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321.
-	// Amazon S3 uses this header for a message integrity check to ensure that the
-	// encryption key was transmitted without error.
-	CopySourceSSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-copy-source-server-side-encryption-customer-key-MD5" type:"string"`
-
-	// The account ID of the expected destination bucket owner. If the destination
-	// bucket is owned by a different account, the request fails with the HTTP status
-	// code 403 Forbidden (access denied).
-	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
-
-	// The account ID of the expected source bucket owner. If the source bucket
-	// is owned by a different account, the request fails with the HTTP status code
-	// 403 Forbidden (access denied).
-	ExpectedSourceBucketOwner *string `location:"header" locationName:"x-amz-source-expected-bucket-owner" type:"string"`
-
-	// The date and time at which the object is no longer cacheable.
-	Expires *time.Time `location:"header" locationName:"Expires" type:"timestamp"`
-
-	// Gives the grantee READ, READ_ACP, and WRITE_ACP permissions on the object.
-	//
-	// This action is not supported by Amazon S3 on Outposts.
-	GrantFullControl *string `location:"header" locationName:"x-amz-grant-full-control" type:"string"`
-
-	// Allows grantee to read the object data and its metadata.
-	//
-	// This action is not supported by Amazon S3 on Outposts.
-	GrantRead *string `location:"header" locationName:"x-amz-grant-read" type:"string"`
-
-	// Allows grantee to read the object ACL.
-	//
-	// This action is not supported by Amazon S3 on Outposts.
-	GrantReadACP *string `location:"header" locationName:"x-amz-grant-read-acp" type:"string"`
-
-	// Allows grantee to write the ACL for the applicable object.
-	//
-	// This action is not supported by Amazon S3 on Outposts.
-	GrantWriteACP *string `location:"header" locationName:"x-amz-grant-write-acp" type:"string"`
-
-	// The key of the destination object.
-	//
-	// Key is a required field
-	Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"`
-
-	// A map of metadata to store with the object in S3.
-	Metadata map[string]*string `location:"headers" locationName:"x-amz-meta-" type:"map"`
-
-	// Specifies whether the metadata is copied from the source object or replaced
-	// with metadata provided in the request.
-	MetadataDirective *string `location:"header" locationName:"x-amz-metadata-directive" type:"string" enum:"MetadataDirective"`
-
-	// Specifies whether you want to apply a legal hold to the copied object.
-	ObjectLockLegalHoldStatus *string `location:"header" locationName:"x-amz-object-lock-legal-hold" type:"string" enum:"ObjectLockLegalHoldStatus"`
-
-	// The Object Lock mode that you want to apply to the copied object.
-	ObjectLockMode *string `location:"header" locationName:"x-amz-object-lock-mode" type:"string" enum:"ObjectLockMode"`
-
-	// The date and time when you want the copied object's Object Lock to expire.
-	ObjectLockRetainUntilDate *time.Time `location:"header" locationName:"x-amz-object-lock-retain-until-date" type:"timestamp" timestampFormat:"iso8601"`
-
-	// Confirms that the requester knows that they will be charged for the request.
-	// Bucket owners need not specify this parameter in their requests. For information
-	// about downloading objects from Requester Pays buckets, see Downloading Objects
-	// in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
-	// in the Amazon S3 User Guide.
-	RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"`
-
-	// Specifies the algorithm to use to when encrypting the object (for example,
-	// AES256).
-	SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"`
-
-	// Specifies the customer-provided encryption key for Amazon S3 to use in encrypting
-	// data. This value is used to store the object and then it is discarded; Amazon
-	// S3 does not store the encryption key. The key must be appropriate for use
-	// with the algorithm specified in the x-amz-server-side-encryption-customer-algorithm
-	// header.
-	//
-	// SSECustomerKey is a sensitive parameter and its value will be
-	// replaced with "sensitive" in string returned by CopyObjectInput's
-	// String and GoString methods.
-	SSECustomerKey *string `marshal-as:"blob" location:"header" locationName:"x-amz-server-side-encryption-customer-key" type:"string" sensitive:"true"`
-
-	// Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321.
-	// Amazon S3 uses this header for a message integrity check to ensure that the
-	// encryption key was transmitted without error.
-	SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"`
-
-	// Specifies the Amazon Web Services KMS Encryption Context to use for object
-	// encryption. The value of this header is a base64-encoded UTF-8 string holding
-	// JSON with the encryption context key-value pairs.
-	//
-	// SSEKMSEncryptionContext is a sensitive parameter and its value will be
-	// replaced with "sensitive" in string returned by CopyObjectInput's
-	// String and GoString methods.
-	SSEKMSEncryptionContext *string `location:"header" locationName:"x-amz-server-side-encryption-context" type:"string" sensitive:"true"`
-
-	// Specifies the KMS key ID to use for object encryption. All GET and PUT requests
-	// for an object protected by KMS will fail if they're not made via SSL or using
-	// SigV4. For information about configuring any of the officially supported
-	// Amazon Web Services SDKs and Amazon Web Services CLI, see Specifying the
-	// Signature Version in Request Authentication (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingAWSSDK.html#specify-signature-version)
-	// in the Amazon S3 User Guide.
-	//
-	// SSEKMSKeyId is a sensitive parameter and its value will be
-	// replaced with "sensitive" in string returned by CopyObjectInput's
-	// String and GoString methods.
-	SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"`
-
-	// The server-side encryption algorithm used when storing this object in Amazon
-	// S3 (for example, AES256, aws:kms, aws:kms:dsse).
-	ServerSideEncryption *string `location:"header" locationName:"x-amz-server-side-encryption" type:"string" enum:"ServerSideEncryption"`
-
-	// By default, Amazon S3 uses the STANDARD Storage Class to store newly created
-	// objects. The STANDARD storage class provides high durability and high availability.
-	// Depending on performance needs, you can specify a different Storage Class.
-	// Amazon S3 on Outposts only uses the OUTPOSTS Storage Class. For more information,
-	// see Storage Classes (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html)
-	// in the Amazon S3 User Guide.
-	StorageClass *string `location:"header" locationName:"x-amz-storage-class" type:"string" enum:"StorageClass"`
-
-	// The tag-set for the object destination object this value must be used in
-	// conjunction with the TaggingDirective. The tag-set must be encoded as URL
-	// Query parameters.
-	Tagging *string `location:"header" locationName:"x-amz-tagging" type:"string"`
-
-	// Specifies whether the object tag-set are copied from the source object or
-	// replaced with tag-set provided in the request.
-	TaggingDirective *string `location:"header" locationName:"x-amz-tagging-directive" type:"string" enum:"TaggingDirective"`
-
-	// If the bucket is configured as a website, redirects requests for this object
-	// to another object in the same bucket or to an external URL. Amazon S3 stores
-	// the value of this header in the object metadata. This value is unique to
-	// each object and is not copied when using the x-amz-metadata-directive header.
-	// Instead, you may opt to provide this header in combination with the directive.
-	WebsiteRedirectLocation *string `location:"header" locationName:"x-amz-website-redirect-location" type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s CopyObjectInput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s CopyObjectInput) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *CopyObjectInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "CopyObjectInput"}
-	if s.Bucket == nil {
-		invalidParams.Add(request.NewErrParamRequired("Bucket"))
-	}
-	if s.Bucket != nil && len(*s.Bucket) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
-	}
-	if s.CopySource == nil {
-		invalidParams.Add(request.NewErrParamRequired("CopySource"))
-	}
-	if s.Key == nil {
-		invalidParams.Add(request.NewErrParamRequired("Key"))
-	}
-	if s.Key != nil && len(*s.Key) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Key", 1))
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetACL sets the ACL field's value.
-func (s *CopyObjectInput) SetACL(v string) *CopyObjectInput {
-	s.ACL = &v
-	return s
-}
-
-// SetBucket sets the Bucket field's value.
-func (s *CopyObjectInput) SetBucket(v string) *CopyObjectInput {
-	s.Bucket = &v
-	return s
-}
-
-func (s *CopyObjectInput) getBucket() (v string) {
-	if s.Bucket == nil {
-		return v
-	}
-	return *s.Bucket
-}
-
-// SetBucketKeyEnabled sets the BucketKeyEnabled field's value.
-func (s *CopyObjectInput) SetBucketKeyEnabled(v bool) *CopyObjectInput {
-	s.BucketKeyEnabled = &v
-	return s
-}
-
-// SetCacheControl sets the CacheControl field's value.
-func (s *CopyObjectInput) SetCacheControl(v string) *CopyObjectInput {
-	s.CacheControl = &v
-	return s
-}
-
-// SetChecksumAlgorithm sets the ChecksumAlgorithm field's value.
-func (s *CopyObjectInput) SetChecksumAlgorithm(v string) *CopyObjectInput {
-	s.ChecksumAlgorithm = &v
-	return s
-}
-
-// SetContentDisposition sets the ContentDisposition field's value.
-func (s *CopyObjectInput) SetContentDisposition(v string) *CopyObjectInput {
-	s.ContentDisposition = &v
-	return s
-}
-
-// SetContentEncoding sets the ContentEncoding field's value.
-func (s *CopyObjectInput) SetContentEncoding(v string) *CopyObjectInput {
-	s.ContentEncoding = &v
-	return s
-}
-
-// SetContentLanguage sets the ContentLanguage field's value.
-func (s *CopyObjectInput) SetContentLanguage(v string) *CopyObjectInput {
-	s.ContentLanguage = &v
-	return s
-}
-
-// SetContentType sets the ContentType field's value.
-func (s *CopyObjectInput) SetContentType(v string) *CopyObjectInput {
-	s.ContentType = &v
-	return s
-}
-
-// SetCopySource sets the CopySource field's value.
-func (s *CopyObjectInput) SetCopySource(v string) *CopyObjectInput {
-	s.CopySource = &v
-	return s
-}
-
-// SetCopySourceIfMatch sets the CopySourceIfMatch field's value.
-func (s *CopyObjectInput) SetCopySourceIfMatch(v string) *CopyObjectInput {
-	s.CopySourceIfMatch = &v
-	return s
-}
-
-// SetCopySourceIfModifiedSince sets the CopySourceIfModifiedSince field's value.
-func (s *CopyObjectInput) SetCopySourceIfModifiedSince(v time.Time) *CopyObjectInput {
-	s.CopySourceIfModifiedSince = &v
-	return s
-}
-
-// SetCopySourceIfNoneMatch sets the CopySourceIfNoneMatch field's value.
-func (s *CopyObjectInput) SetCopySourceIfNoneMatch(v string) *CopyObjectInput {
-	s.CopySourceIfNoneMatch = &v
-	return s
-}
-
-// SetCopySourceIfUnmodifiedSince sets the CopySourceIfUnmodifiedSince field's value.
-func (s *CopyObjectInput) SetCopySourceIfUnmodifiedSince(v time.Time) *CopyObjectInput {
-	s.CopySourceIfUnmodifiedSince = &v
-	return s
-}
-
-// SetCopySourceSSECustomerAlgorithm sets the CopySourceSSECustomerAlgorithm field's value.
-func (s *CopyObjectInput) SetCopySourceSSECustomerAlgorithm(v string) *CopyObjectInput {
-	s.CopySourceSSECustomerAlgorithm = &v
-	return s
-}
-
-// SetCopySourceSSECustomerKey sets the CopySourceSSECustomerKey field's value.
-func (s *CopyObjectInput) SetCopySourceSSECustomerKey(v string) *CopyObjectInput {
-	s.CopySourceSSECustomerKey = &v
-	return s
-}
-
-func (s *CopyObjectInput) getCopySourceSSECustomerKey() (v string) {
-	if s.CopySourceSSECustomerKey == nil {
-		return v
-	}
-	return *s.CopySourceSSECustomerKey
-}
-
-// SetCopySourceSSECustomerKeyMD5 sets the CopySourceSSECustomerKeyMD5 field's value.
-func (s *CopyObjectInput) SetCopySourceSSECustomerKeyMD5(v string) *CopyObjectInput {
-	s.CopySourceSSECustomerKeyMD5 = &v
-	return s
-}
-
-// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
-func (s *CopyObjectInput) SetExpectedBucketOwner(v string) *CopyObjectInput {
-	s.ExpectedBucketOwner = &v
-	return s
-}
-
-// SetExpectedSourceBucketOwner sets the ExpectedSourceBucketOwner field's value.
-func (s *CopyObjectInput) SetExpectedSourceBucketOwner(v string) *CopyObjectInput {
-	s.ExpectedSourceBucketOwner = &v
-	return s
-}
-
-// SetExpires sets the Expires field's value.
-func (s *CopyObjectInput) SetExpires(v time.Time) *CopyObjectInput {
-	s.Expires = &v
-	return s
-}
-
-// SetGrantFullControl sets the GrantFullControl field's value.
-func (s *CopyObjectInput) SetGrantFullControl(v string) *CopyObjectInput {
-	s.GrantFullControl = &v
-	return s
-}
-
-// SetGrantRead sets the GrantRead field's value.
-func (s *CopyObjectInput) SetGrantRead(v string) *CopyObjectInput {
-	s.GrantRead = &v
-	return s
-}
-
-// SetGrantReadACP sets the GrantReadACP field's value.
-func (s *CopyObjectInput) SetGrantReadACP(v string) *CopyObjectInput {
-	s.GrantReadACP = &v
-	return s
-}
-
-// SetGrantWriteACP sets the GrantWriteACP field's value.
-func (s *CopyObjectInput) SetGrantWriteACP(v string) *CopyObjectInput {
-	s.GrantWriteACP = &v
-	return s
-}
-
-// SetKey sets the Key field's value.
-func (s *CopyObjectInput) SetKey(v string) *CopyObjectInput {
-	s.Key = &v
-	return s
-}
-
-// SetMetadata sets the Metadata field's value.
-func (s *CopyObjectInput) SetMetadata(v map[string]*string) *CopyObjectInput {
-	s.Metadata = v
-	return s
-}
-
-// SetMetadataDirective sets the MetadataDirective field's value.
-func (s *CopyObjectInput) SetMetadataDirective(v string) *CopyObjectInput {
-	s.MetadataDirective = &v
-	return s
-}
-
-// SetObjectLockLegalHoldStatus sets the ObjectLockLegalHoldStatus field's value.
-func (s *CopyObjectInput) SetObjectLockLegalHoldStatus(v string) *CopyObjectInput {
-	s.ObjectLockLegalHoldStatus = &v
-	return s
-}
-
-// SetObjectLockMode sets the ObjectLockMode field's value.
-func (s *CopyObjectInput) SetObjectLockMode(v string) *CopyObjectInput {
-	s.ObjectLockMode = &v
-	return s
-}
-
-// SetObjectLockRetainUntilDate sets the ObjectLockRetainUntilDate field's value.
-func (s *CopyObjectInput) SetObjectLockRetainUntilDate(v time.Time) *CopyObjectInput {
-	s.ObjectLockRetainUntilDate = &v
-	return s
-}
-
-// SetRequestPayer sets the RequestPayer field's value.
-func (s *CopyObjectInput) SetRequestPayer(v string) *CopyObjectInput {
-	s.RequestPayer = &v
-	return s
-}
-
-// SetSSECustomerAlgorithm sets the SSECustomerAlgorithm field's value.
-func (s *CopyObjectInput) SetSSECustomerAlgorithm(v string) *CopyObjectInput {
-	s.SSECustomerAlgorithm = &v
-	return s
-}
-
-// SetSSECustomerKey sets the SSECustomerKey field's value.
-func (s *CopyObjectInput) SetSSECustomerKey(v string) *CopyObjectInput {
-	s.SSECustomerKey = &v
-	return s
-}
-
-func (s *CopyObjectInput) getSSECustomerKey() (v string) {
-	if s.SSECustomerKey == nil {
-		return v
-	}
-	return *s.SSECustomerKey
-}
-
-// SetSSECustomerKeyMD5 sets the SSECustomerKeyMD5 field's value.
-func (s *CopyObjectInput) SetSSECustomerKeyMD5(v string) *CopyObjectInput {
-	s.SSECustomerKeyMD5 = &v
-	return s
-}
-
-// SetSSEKMSEncryptionContext sets the SSEKMSEncryptionContext field's value.
-func (s *CopyObjectInput) SetSSEKMSEncryptionContext(v string) *CopyObjectInput {
-	s.SSEKMSEncryptionContext = &v
-	return s
-}
-
-// SetSSEKMSKeyId sets the SSEKMSKeyId field's value.
-func (s *CopyObjectInput) SetSSEKMSKeyId(v string) *CopyObjectInput {
-	s.SSEKMSKeyId = &v
-	return s
-}
-
-// SetServerSideEncryption sets the ServerSideEncryption field's value.
-func (s *CopyObjectInput) SetServerSideEncryption(v string) *CopyObjectInput {
-	s.ServerSideEncryption = &v
-	return s
-}
-
-// SetStorageClass sets the StorageClass field's value.
-func (s *CopyObjectInput) SetStorageClass(v string) *CopyObjectInput {
-	s.StorageClass = &v
-	return s
-}
-
-// SetTagging sets the Tagging field's value.
-func (s *CopyObjectInput) SetTagging(v string) *CopyObjectInput {
-	s.Tagging = &v
-	return s
-}
-
-// SetTaggingDirective sets the TaggingDirective field's value.
-func (s *CopyObjectInput) SetTaggingDirective(v string) *CopyObjectInput {
-	s.TaggingDirective = &v
-	return s
-}
-
-// SetWebsiteRedirectLocation sets the WebsiteRedirectLocation field's value.
-func (s *CopyObjectInput) SetWebsiteRedirectLocation(v string) *CopyObjectInput {
-	s.WebsiteRedirectLocation = &v
-	return s
-}
-
-func (s *CopyObjectInput) getEndpointARN() (arn.Resource, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	return parseEndpointARN(*s.Bucket)
-}
-
-func (s *CopyObjectInput) hasEndpointARN() bool {
-	if s.Bucket == nil {
-		return false
-	}
-	return arn.IsARN(*s.Bucket)
-}
-
-// updateArnableField updates the value of the input field that
-// takes an ARN as an input. This method is useful to backfill
-// the parsed resource name from ARN into the input member.
-// It returns a pointer to a modified copy of input and an error.
-// Note that original input is not modified.
-func (s CopyObjectInput) updateArnableField(v string) (interface{}, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	s.Bucket = aws.String(v)
-	return &s, nil
-}
-
-type CopyObjectOutput struct {
-	_ struct{} `type:"structure" payload:"CopyObjectResult"`
-
-	// Indicates whether the copied object uses an S3 Bucket Key for server-side
-	// encryption with Key Management Service (KMS) keys (SSE-KMS).
-	BucketKeyEnabled *bool `location:"header" locationName:"x-amz-server-side-encryption-bucket-key-enabled" type:"boolean"`
-
-	// Container for all response elements.
-	CopyObjectResult *CopyObjectResult `type:"structure"`
-
-	// Version of the copied object in the destination bucket.
-	CopySourceVersionId *string `location:"header" locationName:"x-amz-copy-source-version-id" type:"string"`
-
-	// If the object expiration is configured, the response includes this header.
-	Expiration *string `location:"header" locationName:"x-amz-expiration" type:"string"`
-
-	// If present, indicates that the requester was successfully charged for the
-	// request.
-	RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"`
-
-	// If server-side encryption with a customer-provided encryption key was requested,
-	// the response will include this header confirming the encryption algorithm
-	// used.
-	SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"`
-
-	// If server-side encryption with a customer-provided encryption key was requested,
-	// the response will include this header to provide round-trip message integrity
-	// verification of the customer-provided encryption key.
-	SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"`
-
-	// If present, specifies the Amazon Web Services KMS Encryption Context to use
-	// for object encryption. The value of this header is a base64-encoded UTF-8
-	// string holding JSON with the encryption context key-value pairs.
-	//
-	// SSEKMSEncryptionContext is a sensitive parameter and its value will be
-	// replaced with "sensitive" in string returned by CopyObjectOutput's
-	// String and GoString methods.
-	SSEKMSEncryptionContext *string `location:"header" locationName:"x-amz-server-side-encryption-context" type:"string" sensitive:"true"`
-
-	// If present, specifies the ID of the Key Management Service (KMS) symmetric
-	// encryption customer managed key that was used for the object.
-	//
-	// SSEKMSKeyId is a sensitive parameter and its value will be
-	// replaced with "sensitive" in string returned by CopyObjectOutput's
-	// String and GoString methods.
-	SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"`
-
-	// The server-side encryption algorithm used when storing this object in Amazon
-	// S3 (for example, AES256, aws:kms, aws:kms:dsse).
-	ServerSideEncryption *string `location:"header" locationName:"x-amz-server-side-encryption" type:"string" enum:"ServerSideEncryption"`
-
-	// Version ID of the newly created copy.
-	VersionId *string `location:"header" locationName:"x-amz-version-id" type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s CopyObjectOutput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s CopyObjectOutput) GoString() string {
-	return s.String()
-}
-
-// SetBucketKeyEnabled sets the BucketKeyEnabled field's value.
-func (s *CopyObjectOutput) SetBucketKeyEnabled(v bool) *CopyObjectOutput {
-	s.BucketKeyEnabled = &v
-	return s
-}
-
-// SetCopyObjectResult sets the CopyObjectResult field's value.
-func (s *CopyObjectOutput) SetCopyObjectResult(v *CopyObjectResult) *CopyObjectOutput {
-	s.CopyObjectResult = v
-	return s
-}
-
-// SetCopySourceVersionId sets the CopySourceVersionId field's value.
-func (s *CopyObjectOutput) SetCopySourceVersionId(v string) *CopyObjectOutput {
-	s.CopySourceVersionId = &v
-	return s
-}
-
-// SetExpiration sets the Expiration field's value.
-func (s *CopyObjectOutput) SetExpiration(v string) *CopyObjectOutput {
-	s.Expiration = &v
-	return s
-}
-
-// SetRequestCharged sets the RequestCharged field's value.
-func (s *CopyObjectOutput) SetRequestCharged(v string) *CopyObjectOutput {
-	s.RequestCharged = &v
-	return s
-}
-
-// SetSSECustomerAlgorithm sets the SSECustomerAlgorithm field's value.
-func (s *CopyObjectOutput) SetSSECustomerAlgorithm(v string) *CopyObjectOutput {
-	s.SSECustomerAlgorithm = &v
-	return s
-}
-
-// SetSSECustomerKeyMD5 sets the SSECustomerKeyMD5 field's value.
-func (s *CopyObjectOutput) SetSSECustomerKeyMD5(v string) *CopyObjectOutput {
-	s.SSECustomerKeyMD5 = &v
-	return s
-}
-
-// SetSSEKMSEncryptionContext sets the SSEKMSEncryptionContext field's value.
-func (s *CopyObjectOutput) SetSSEKMSEncryptionContext(v string) *CopyObjectOutput {
-	s.SSEKMSEncryptionContext = &v
-	return s
-}
-
-// SetSSEKMSKeyId sets the SSEKMSKeyId field's value.
-func (s *CopyObjectOutput) SetSSEKMSKeyId(v string) *CopyObjectOutput {
-	s.SSEKMSKeyId = &v
-	return s
-}
-
-// SetServerSideEncryption sets the ServerSideEncryption field's value.
-func (s *CopyObjectOutput) SetServerSideEncryption(v string) *CopyObjectOutput {
-	s.ServerSideEncryption = &v
-	return s
-}
-
-// SetVersionId sets the VersionId field's value.
-func (s *CopyObjectOutput) SetVersionId(v string) *CopyObjectOutput {
-	s.VersionId = &v
-	return s
-}
-
-// Container for all response elements.
-type CopyObjectResult struct {
-	_ struct{} `type:"structure"`
-
-	// The base64-encoded, 32-bit CRC32 checksum of the object. This will only be
-	// present if it was uploaded with the object. With multipart uploads, this
-	// may not be a checksum value of the object. For more information about how
-	// checksums are calculated with multipart uploads, see Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
-	// in the Amazon S3 User Guide.
-	ChecksumCRC32 *string `type:"string"`
-
-	// The base64-encoded, 32-bit CRC32C checksum of the object. This will only
-	// be present if it was uploaded with the object. With multipart uploads, this
-	// may not be a checksum value of the object. For more information about how
-	// checksums are calculated with multipart uploads, see Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
-	// in the Amazon S3 User Guide.
-	ChecksumCRC32C *string `type:"string"`
-
-	// The base64-encoded, 160-bit SHA-1 digest of the object. This will only be
-	// present if it was uploaded with the object. With multipart uploads, this
-	// may not be a checksum value of the object. For more information about how
-	// checksums are calculated with multipart uploads, see Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
-	// in the Amazon S3 User Guide.
-	ChecksumSHA1 *string `type:"string"`
-
-	// The base64-encoded, 256-bit SHA-256 digest of the object. This will only
-	// be present if it was uploaded with the object. With multipart uploads, this
-	// may not be a checksum value of the object. For more information about how
-	// checksums are calculated with multipart uploads, see Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
-	// in the Amazon S3 User Guide.
-	ChecksumSHA256 *string `type:"string"`
-
-	// Returns the ETag of the new object. The ETag reflects only changes to the
-	// contents of an object, not its metadata.
-	ETag *string `type:"string"`
-
-	// Creation date of the object.
-	LastModified *time.Time `type:"timestamp"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s CopyObjectResult) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s CopyObjectResult) GoString() string {
-	return s.String()
-}
-
-// SetChecksumCRC32 sets the ChecksumCRC32 field's value.
-func (s *CopyObjectResult) SetChecksumCRC32(v string) *CopyObjectResult {
-	s.ChecksumCRC32 = &v
-	return s
-}
-
-// SetChecksumCRC32C sets the ChecksumCRC32C field's value.
-func (s *CopyObjectResult) SetChecksumCRC32C(v string) *CopyObjectResult {
-	s.ChecksumCRC32C = &v
-	return s
-}
-
-// SetChecksumSHA1 sets the ChecksumSHA1 field's value.
-func (s *CopyObjectResult) SetChecksumSHA1(v string) *CopyObjectResult {
-	s.ChecksumSHA1 = &v
-	return s
-}
-
-// SetChecksumSHA256 sets the ChecksumSHA256 field's value.
-func (s *CopyObjectResult) SetChecksumSHA256(v string) *CopyObjectResult {
-	s.ChecksumSHA256 = &v
-	return s
-}
-
-// SetETag sets the ETag field's value.
-func (s *CopyObjectResult) SetETag(v string) *CopyObjectResult {
-	s.ETag = &v
-	return s
-}
-
-// SetLastModified sets the LastModified field's value.
-func (s *CopyObjectResult) SetLastModified(v time.Time) *CopyObjectResult {
-	s.LastModified = &v
-	return s
-}
-
-// Container for all response elements.
-type CopyPartResult struct {
-	_ struct{} `type:"structure"`
-
-	// The base64-encoded, 32-bit CRC32 checksum of the object. This will only be
-	// present if it was uploaded with the object. With multipart uploads, this
-	// may not be a checksum value of the object. For more information about how
-	// checksums are calculated with multipart uploads, see Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
-	// in the Amazon S3 User Guide.
-	ChecksumCRC32 *string `type:"string"`
-
-	// The base64-encoded, 32-bit CRC32C checksum of the object. This will only
-	// be present if it was uploaded with the object. With multipart uploads, this
-	// may not be a checksum value of the object. For more information about how
-	// checksums are calculated with multipart uploads, see Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
-	// in the Amazon S3 User Guide.
-	ChecksumCRC32C *string `type:"string"`
-
-	// The base64-encoded, 160-bit SHA-1 digest of the object. This will only be
-	// present if it was uploaded with the object. With multipart uploads, this
-	// may not be a checksum value of the object. For more information about how
-	// checksums are calculated with multipart uploads, see Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
-	// in the Amazon S3 User Guide.
-	ChecksumSHA1 *string `type:"string"`
-
-	// The base64-encoded, 256-bit SHA-256 digest of the object. This will only
-	// be present if it was uploaded with the object. With multipart uploads, this
-	// may not be a checksum value of the object. For more information about how
-	// checksums are calculated with multipart uploads, see Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
-	// in the Amazon S3 User Guide.
-	ChecksumSHA256 *string `type:"string"`
-
-	// Entity tag of the object.
-	ETag *string `type:"string"`
-
-	// Date and time at which the object was uploaded.
-	LastModified *time.Time `type:"timestamp"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s CopyPartResult) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s CopyPartResult) GoString() string {
-	return s.String()
-}
-
-// SetChecksumCRC32 sets the ChecksumCRC32 field's value.
-func (s *CopyPartResult) SetChecksumCRC32(v string) *CopyPartResult {
-	s.ChecksumCRC32 = &v
-	return s
-}
-
-// SetChecksumCRC32C sets the ChecksumCRC32C field's value.
-func (s *CopyPartResult) SetChecksumCRC32C(v string) *CopyPartResult {
-	s.ChecksumCRC32C = &v
-	return s
-}
-
-// SetChecksumSHA1 sets the ChecksumSHA1 field's value.
-func (s *CopyPartResult) SetChecksumSHA1(v string) *CopyPartResult {
-	s.ChecksumSHA1 = &v
-	return s
-}
-
-// SetChecksumSHA256 sets the ChecksumSHA256 field's value.
-func (s *CopyPartResult) SetChecksumSHA256(v string) *CopyPartResult {
-	s.ChecksumSHA256 = &v
-	return s
-}
-
-// SetETag sets the ETag field's value.
-func (s *CopyPartResult) SetETag(v string) *CopyPartResult {
-	s.ETag = &v
-	return s
-}
-
-// SetLastModified sets the LastModified field's value.
-func (s *CopyPartResult) SetLastModified(v time.Time) *CopyPartResult {
-	s.LastModified = &v
-	return s
-}
-
-// The configuration information for the bucket.
-type CreateBucketConfiguration struct {
-	_ struct{} `type:"structure"`
-
-	// Specifies the Region where the bucket will be created. If you don't specify
-	// a Region, the bucket is created in the US East (N. Virginia) Region (us-east-1).
-	LocationConstraint *string `type:"string" enum:"BucketLocationConstraint"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s CreateBucketConfiguration) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s CreateBucketConfiguration) GoString() string {
-	return s.String()
-}
-
-// SetLocationConstraint sets the LocationConstraint field's value.
-func (s *CreateBucketConfiguration) SetLocationConstraint(v string) *CreateBucketConfiguration {
-	s.LocationConstraint = &v
-	return s
-}
-
-type CreateBucketInput struct {
-	_ struct{} `locationName:"CreateBucketRequest" type:"structure" payload:"CreateBucketConfiguration"`
-
-	// The canned ACL to apply to the bucket.
-	ACL *string `location:"header" locationName:"x-amz-acl" type:"string" enum:"BucketCannedACL"`
-
-	// The name of the bucket to create.
-	//
-	// Bucket is a required field
-	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
-
-	// The configuration information for the bucket.
-	CreateBucketConfiguration *CreateBucketConfiguration `locationName:"CreateBucketConfiguration" type:"structure" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"`
-
-	// Allows grantee the read, write, read ACP, and write ACP permissions on the
-	// bucket.
-	GrantFullControl *string `location:"header" locationName:"x-amz-grant-full-control" type:"string"`
-
-	// Allows grantee to list the objects in the bucket.
-	GrantRead *string `location:"header" locationName:"x-amz-grant-read" type:"string"`
-
-	// Allows grantee to read the bucket ACL.
-	GrantReadACP *string `location:"header" locationName:"x-amz-grant-read-acp" type:"string"`
-
-	// Allows grantee to create new objects in the bucket.
-	//
-	// For the bucket and object owners of existing objects, also allows deletions
-	// and overwrites of those objects.
-	GrantWrite *string `location:"header" locationName:"x-amz-grant-write" type:"string"`
-
-	// Allows grantee to write the ACL for the applicable bucket.
-	GrantWriteACP *string `location:"header" locationName:"x-amz-grant-write-acp" type:"string"`
-
-	// Specifies whether you want S3 Object Lock to be enabled for the new bucket.
-	ObjectLockEnabledForBucket *bool `location:"header" locationName:"x-amz-bucket-object-lock-enabled" type:"boolean"`
-
-	// The container element for object ownership for a bucket's ownership controls.
-	//
-	// BucketOwnerPreferred - Objects uploaded to the bucket change ownership to
-	// the bucket owner if the objects are uploaded with the bucket-owner-full-control
-	// canned ACL.
-	//
-	// ObjectWriter - The uploading account will own the object if the object is
-	// uploaded with the bucket-owner-full-control canned ACL.
-	//
-	// BucketOwnerEnforced - Access control lists (ACLs) are disabled and no longer
-	// affect permissions. The bucket owner automatically owns and has full control
-	// over every object in the bucket. The bucket only accepts PUT requests that
-	// don't specify an ACL or bucket owner full control ACLs, such as the bucket-owner-full-control
-	// canned ACL or an equivalent form of this ACL expressed in the XML format.
-	ObjectOwnership *string `location:"header" locationName:"x-amz-object-ownership" type:"string" enum:"ObjectOwnership"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s CreateBucketInput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s CreateBucketInput) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *CreateBucketInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "CreateBucketInput"}
-	if s.Bucket == nil {
-		invalidParams.Add(request.NewErrParamRequired("Bucket"))
-	}
-	if s.Bucket != nil && len(*s.Bucket) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetACL sets the ACL field's value.
-func (s *CreateBucketInput) SetACL(v string) *CreateBucketInput {
-	s.ACL = &v
-	return s
-}
-
-// SetBucket sets the Bucket field's value.
-func (s *CreateBucketInput) SetBucket(v string) *CreateBucketInput {
-	s.Bucket = &v
-	return s
-}
-
-func (s *CreateBucketInput) getBucket() (v string) {
-	if s.Bucket == nil {
-		return v
-	}
-	return *s.Bucket
-}
-
-// SetCreateBucketConfiguration sets the CreateBucketConfiguration field's value.
-func (s *CreateBucketInput) SetCreateBucketConfiguration(v *CreateBucketConfiguration) *CreateBucketInput {
-	s.CreateBucketConfiguration = v
-	return s
-}
-
-// SetGrantFullControl sets the GrantFullControl field's value.
-func (s *CreateBucketInput) SetGrantFullControl(v string) *CreateBucketInput {
-	s.GrantFullControl = &v
-	return s
-}
-
-// SetGrantRead sets the GrantRead field's value.
-func (s *CreateBucketInput) SetGrantRead(v string) *CreateBucketInput {
-	s.GrantRead = &v
-	return s
-}
-
-// SetGrantReadACP sets the GrantReadACP field's value.
-func (s *CreateBucketInput) SetGrantReadACP(v string) *CreateBucketInput {
-	s.GrantReadACP = &v
-	return s
-}
-
-// SetGrantWrite sets the GrantWrite field's value.
-func (s *CreateBucketInput) SetGrantWrite(v string) *CreateBucketInput {
-	s.GrantWrite = &v
-	return s
-}
-
-// SetGrantWriteACP sets the GrantWriteACP field's value.
-func (s *CreateBucketInput) SetGrantWriteACP(v string) *CreateBucketInput {
-	s.GrantWriteACP = &v
-	return s
-}
-
-// SetObjectLockEnabledForBucket sets the ObjectLockEnabledForBucket field's value.
-func (s *CreateBucketInput) SetObjectLockEnabledForBucket(v bool) *CreateBucketInput {
-	s.ObjectLockEnabledForBucket = &v
-	return s
-}
-
-// SetObjectOwnership sets the ObjectOwnership field's value.
-func (s *CreateBucketInput) SetObjectOwnership(v string) *CreateBucketInput {
-	s.ObjectOwnership = &v
-	return s
-}
-
-type CreateBucketOutput struct {
-	_ struct{} `type:"structure"`
-
-	// A forward slash followed by the name of the bucket.
-	Location *string `location:"header" locationName:"Location" type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s CreateBucketOutput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s CreateBucketOutput) GoString() string {
-	return s.String()
-}
-
-// SetLocation sets the Location field's value.
-func (s *CreateBucketOutput) SetLocation(v string) *CreateBucketOutput {
-	s.Location = &v
-	return s
-}
-
-type CreateMultipartUploadInput struct {
-	_ struct{} `locationName:"CreateMultipartUploadRequest" type:"structure"`
-
-	// The canned ACL to apply to the object.
-	//
-	// This action is not supported by Amazon S3 on Outposts.
-	ACL *string `location:"header" locationName:"x-amz-acl" type:"string" enum:"ObjectCannedACL"`
-
-	// The name of the bucket to which to initiate the upload
-	//
-	// When using this action with an access point, you must direct requests to
-	// the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com.
-	// When using this action with an access point through the Amazon Web Services
-	// SDKs, you provide the access point ARN in place of the bucket name. For more
-	// information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
-	// in the Amazon S3 User Guide.
-	//
-	// When you use this action with Amazon S3 on Outposts, you must direct requests
-	// to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form
-	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When
-	// you use this action with S3 on Outposts through the Amazon Web Services SDKs,
-	// you provide the Outposts access point ARN in place of the bucket name. For
-	// more information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
-	// in the Amazon S3 User Guide.
-	//
-	// Bucket is a required field
-	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
-
-	// Specifies whether Amazon S3 should use an S3 Bucket Key for object encryption
-	// with server-side encryption using Key Management Service (KMS) keys (SSE-KMS).
-	// Setting this header to true causes Amazon S3 to use an S3 Bucket Key for
-	// object encryption with SSE-KMS.
-	//
-	// Specifying this header with an object action doesn’t affect bucket-level
-	// settings for S3 Bucket Key.
-	BucketKeyEnabled *bool `location:"header" locationName:"x-amz-server-side-encryption-bucket-key-enabled" type:"boolean"`
-
-	// Specifies caching behavior along the request/reply chain.
-	CacheControl *string `location:"header" locationName:"Cache-Control" type:"string"`
-
-	// Indicates the algorithm you want Amazon S3 to use to create the checksum
-	// for the object. For more information, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
-	// in the Amazon S3 User Guide.
-	ChecksumAlgorithm *string `location:"header" locationName:"x-amz-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"`
-
-	// Specifies presentational information for the object.
-	ContentDisposition *string `location:"header" locationName:"Content-Disposition" type:"string"`
-
-	// Specifies what content encodings have been applied to the object and thus
-	// what decoding mechanisms must be applied to obtain the media-type referenced
-	// by the Content-Type header field.
-	ContentEncoding *string `location:"header" locationName:"Content-Encoding" type:"string"`
-
-	// The language the content is in.
-	ContentLanguage *string `location:"header" locationName:"Content-Language" type:"string"`
-
-	// A standard MIME type describing the format of the object data.
-	ContentType *string `location:"header" locationName:"Content-Type" type:"string"`
-
-	// The account ID of the expected bucket owner. If the bucket is owned by a
-	// different account, the request fails with the HTTP status code 403 Forbidden
-	// (access denied).
-	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
-
-	// The date and time at which the object is no longer cacheable.
-	Expires *time.Time `location:"header" locationName:"Expires" type:"timestamp"`
-
-	// Gives the grantee READ, READ_ACP, and WRITE_ACP permissions on the object.
-	//
-	// This action is not supported by Amazon S3 on Outposts.
-	GrantFullControl *string `location:"header" locationName:"x-amz-grant-full-control" type:"string"`
-
-	// Allows grantee to read the object data and its metadata.
-	//
-	// This action is not supported by Amazon S3 on Outposts.
-	GrantRead *string `location:"header" locationName:"x-amz-grant-read" type:"string"`
-
-	// Allows grantee to read the object ACL.
-	//
-	// This action is not supported by Amazon S3 on Outposts.
-	GrantReadACP *string `location:"header" locationName:"x-amz-grant-read-acp" type:"string"`
-
-	// Allows grantee to write the ACL for the applicable object.
-	//
-	// This action is not supported by Amazon S3 on Outposts.
-	GrantWriteACP *string `location:"header" locationName:"x-amz-grant-write-acp" type:"string"`
-
-	// Object key for which the multipart upload is to be initiated.
-	//
-	// Key is a required field
-	Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"`
-
-	// A map of metadata to store with the object in S3.
-	Metadata map[string]*string `location:"headers" locationName:"x-amz-meta-" type:"map"`
-
-	// Specifies whether you want to apply a legal hold to the uploaded object.
-	ObjectLockLegalHoldStatus *string `location:"header" locationName:"x-amz-object-lock-legal-hold" type:"string" enum:"ObjectLockLegalHoldStatus"`
-
-	// Specifies the Object Lock mode that you want to apply to the uploaded object.
-	ObjectLockMode *string `location:"header" locationName:"x-amz-object-lock-mode" type:"string" enum:"ObjectLockMode"`
-
-	// Specifies the date and time when you want the Object Lock to expire.
-	ObjectLockRetainUntilDate *time.Time `location:"header" locationName:"x-amz-object-lock-retain-until-date" type:"timestamp" timestampFormat:"iso8601"`
-
-	// Confirms that the requester knows that they will be charged for the request.
-	// Bucket owners need not specify this parameter in their requests. For information
-	// about downloading objects from Requester Pays buckets, see Downloading Objects
-	// in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
-	// in the Amazon S3 User Guide.
-	RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"`
-
-	// Specifies the algorithm to use to when encrypting the object (for example,
-	// AES256).
-	SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"`
-
-	// Specifies the customer-provided encryption key for Amazon S3 to use in encrypting
-	// data. This value is used to store the object and then it is discarded; Amazon
-	// S3 does not store the encryption key. The key must be appropriate for use
-	// with the algorithm specified in the x-amz-server-side-encryption-customer-algorithm
-	// header.
-	//
-	// SSECustomerKey is a sensitive parameter and its value will be
-	// replaced with "sensitive" in string returned by CreateMultipartUploadInput's
-	// String and GoString methods.
-	SSECustomerKey *string `marshal-as:"blob" location:"header" locationName:"x-amz-server-side-encryption-customer-key" type:"string" sensitive:"true"`
-
-	// Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321.
-	// Amazon S3 uses this header for a message integrity check to ensure that the
-	// encryption key was transmitted without error.
-	SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"`
-
-	// Specifies the Amazon Web Services KMS Encryption Context to use for object
-	// encryption. The value of this header is a base64-encoded UTF-8 string holding
-	// JSON with the encryption context key-value pairs.
-	//
-	// SSEKMSEncryptionContext is a sensitive parameter and its value will be
-	// replaced with "sensitive" in string returned by CreateMultipartUploadInput's
-	// String and GoString methods.
-	SSEKMSEncryptionContext *string `location:"header" locationName:"x-amz-server-side-encryption-context" type:"string" sensitive:"true"`
-
-	// Specifies the ID of the symmetric encryption customer managed key to use
-	// for object encryption. All GET and PUT requests for an object protected by
-	// KMS will fail if they're not made via SSL or using SigV4. For information
-	// about configuring any of the officially supported Amazon Web Services SDKs
-	// and Amazon Web Services CLI, see Specifying the Signature Version in Request
-	// Authentication (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingAWSSDK.html#specify-signature-version)
-	// in the Amazon S3 User Guide.
-	//
-	// SSEKMSKeyId is a sensitive parameter and its value will be
-	// replaced with "sensitive" in string returned by CreateMultipartUploadInput's
-	// String and GoString methods.
-	SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"`
-
-	// The server-side encryption algorithm used when storing this object in Amazon
-	// S3 (for example, AES256, aws:kms).
-	ServerSideEncryption *string `location:"header" locationName:"x-amz-server-side-encryption" type:"string" enum:"ServerSideEncryption"`
-
-	// By default, Amazon S3 uses the STANDARD Storage Class to store newly created
-	// objects. The STANDARD storage class provides high durability and high availability.
-	// Depending on performance needs, you can specify a different Storage Class.
-	// Amazon S3 on Outposts only uses the OUTPOSTS Storage Class. For more information,
-	// see Storage Classes (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html)
-	// in the Amazon S3 User Guide.
-	StorageClass *string `location:"header" locationName:"x-amz-storage-class" type:"string" enum:"StorageClass"`
-
-	// The tag-set for the object. The tag-set must be encoded as URL Query parameters.
-	Tagging *string `location:"header" locationName:"x-amz-tagging" type:"string"`
-
-	// If the bucket is configured as a website, redirects requests for this object
-	// to another object in the same bucket or to an external URL. Amazon S3 stores
-	// the value of this header in the object metadata.
-	WebsiteRedirectLocation *string `location:"header" locationName:"x-amz-website-redirect-location" type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s CreateMultipartUploadInput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s CreateMultipartUploadInput) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *CreateMultipartUploadInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "CreateMultipartUploadInput"}
-	if s.Bucket == nil {
-		invalidParams.Add(request.NewErrParamRequired("Bucket"))
-	}
-	if s.Bucket != nil && len(*s.Bucket) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
-	}
-	if s.Key == nil {
-		invalidParams.Add(request.NewErrParamRequired("Key"))
-	}
-	if s.Key != nil && len(*s.Key) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Key", 1))
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetACL sets the ACL field's value.
-func (s *CreateMultipartUploadInput) SetACL(v string) *CreateMultipartUploadInput {
-	s.ACL = &v
-	return s
-}
-
-// SetBucket sets the Bucket field's value.
-func (s *CreateMultipartUploadInput) SetBucket(v string) *CreateMultipartUploadInput {
-	s.Bucket = &v
-	return s
-}
-
-func (s *CreateMultipartUploadInput) getBucket() (v string) {
-	if s.Bucket == nil {
-		return v
-	}
-	return *s.Bucket
-}
-
-// SetBucketKeyEnabled sets the BucketKeyEnabled field's value.
-func (s *CreateMultipartUploadInput) SetBucketKeyEnabled(v bool) *CreateMultipartUploadInput {
-	s.BucketKeyEnabled = &v
-	return s
-}
-
-// SetCacheControl sets the CacheControl field's value.
-func (s *CreateMultipartUploadInput) SetCacheControl(v string) *CreateMultipartUploadInput {
-	s.CacheControl = &v
-	return s
-}
-
-// SetChecksumAlgorithm sets the ChecksumAlgorithm field's value.
-func (s *CreateMultipartUploadInput) SetChecksumAlgorithm(v string) *CreateMultipartUploadInput {
-	s.ChecksumAlgorithm = &v
-	return s
-}
-
-// SetContentDisposition sets the ContentDisposition field's value.
-func (s *CreateMultipartUploadInput) SetContentDisposition(v string) *CreateMultipartUploadInput {
-	s.ContentDisposition = &v
-	return s
-}
-
-// SetContentEncoding sets the ContentEncoding field's value.
-func (s *CreateMultipartUploadInput) SetContentEncoding(v string) *CreateMultipartUploadInput {
-	s.ContentEncoding = &v
-	return s
-}
-
-// SetContentLanguage sets the ContentLanguage field's value.
-func (s *CreateMultipartUploadInput) SetContentLanguage(v string) *CreateMultipartUploadInput {
-	s.ContentLanguage = &v
-	return s
-}
-
-// SetContentType sets the ContentType field's value.
-func (s *CreateMultipartUploadInput) SetContentType(v string) *CreateMultipartUploadInput {
-	s.ContentType = &v
-	return s
-}
-
-// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
-func (s *CreateMultipartUploadInput) SetExpectedBucketOwner(v string) *CreateMultipartUploadInput {
-	s.ExpectedBucketOwner = &v
-	return s
-}
-
-// SetExpires sets the Expires field's value.
-func (s *CreateMultipartUploadInput) SetExpires(v time.Time) *CreateMultipartUploadInput {
-	s.Expires = &v
-	return s
-}
-
-// SetGrantFullControl sets the GrantFullControl field's value.
-func (s *CreateMultipartUploadInput) SetGrantFullControl(v string) *CreateMultipartUploadInput {
-	s.GrantFullControl = &v
-	return s
-}
-
-// SetGrantRead sets the GrantRead field's value.
-func (s *CreateMultipartUploadInput) SetGrantRead(v string) *CreateMultipartUploadInput {
-	s.GrantRead = &v
-	return s
-}
-
-// SetGrantReadACP sets the GrantReadACP field's value.
-func (s *CreateMultipartUploadInput) SetGrantReadACP(v string) *CreateMultipartUploadInput {
-	s.GrantReadACP = &v
-	return s
-}
-
-// SetGrantWriteACP sets the GrantWriteACP field's value.
-func (s *CreateMultipartUploadInput) SetGrantWriteACP(v string) *CreateMultipartUploadInput {
-	s.GrantWriteACP = &v
-	return s
-}
-
-// SetKey sets the Key field's value.
-func (s *CreateMultipartUploadInput) SetKey(v string) *CreateMultipartUploadInput {
-	s.Key = &v
-	return s
-}
-
-// SetMetadata sets the Metadata field's value.
-func (s *CreateMultipartUploadInput) SetMetadata(v map[string]*string) *CreateMultipartUploadInput {
-	s.Metadata = v
-	return s
-}
-
-// SetObjectLockLegalHoldStatus sets the ObjectLockLegalHoldStatus field's value.
-func (s *CreateMultipartUploadInput) SetObjectLockLegalHoldStatus(v string) *CreateMultipartUploadInput {
-	s.ObjectLockLegalHoldStatus = &v
-	return s
-}
-
-// SetObjectLockMode sets the ObjectLockMode field's value.
-func (s *CreateMultipartUploadInput) SetObjectLockMode(v string) *CreateMultipartUploadInput {
-	s.ObjectLockMode = &v
-	return s
-}
-
-// SetObjectLockRetainUntilDate sets the ObjectLockRetainUntilDate field's value.
-func (s *CreateMultipartUploadInput) SetObjectLockRetainUntilDate(v time.Time) *CreateMultipartUploadInput {
-	s.ObjectLockRetainUntilDate = &v
-	return s
-}
-
-// SetRequestPayer sets the RequestPayer field's value.
-func (s *CreateMultipartUploadInput) SetRequestPayer(v string) *CreateMultipartUploadInput {
-	s.RequestPayer = &v
-	return s
-}
-
-// SetSSECustomerAlgorithm sets the SSECustomerAlgorithm field's value.
-func (s *CreateMultipartUploadInput) SetSSECustomerAlgorithm(v string) *CreateMultipartUploadInput {
-	s.SSECustomerAlgorithm = &v
-	return s
-}
-
-// SetSSECustomerKey sets the SSECustomerKey field's value.
-func (s *CreateMultipartUploadInput) SetSSECustomerKey(v string) *CreateMultipartUploadInput {
-	s.SSECustomerKey = &v
-	return s
-}
-
-func (s *CreateMultipartUploadInput) getSSECustomerKey() (v string) {
-	if s.SSECustomerKey == nil {
-		return v
-	}
-	return *s.SSECustomerKey
-}
-
-// SetSSECustomerKeyMD5 sets the SSECustomerKeyMD5 field's value.
-func (s *CreateMultipartUploadInput) SetSSECustomerKeyMD5(v string) *CreateMultipartUploadInput {
-	s.SSECustomerKeyMD5 = &v
-	return s
-}
-
-// SetSSEKMSEncryptionContext sets the SSEKMSEncryptionContext field's value.
-func (s *CreateMultipartUploadInput) SetSSEKMSEncryptionContext(v string) *CreateMultipartUploadInput {
-	s.SSEKMSEncryptionContext = &v
-	return s
-}
-
-// SetSSEKMSKeyId sets the SSEKMSKeyId field's value.
-func (s *CreateMultipartUploadInput) SetSSEKMSKeyId(v string) *CreateMultipartUploadInput {
-	s.SSEKMSKeyId = &v
-	return s
-}
-
-// SetServerSideEncryption sets the ServerSideEncryption field's value.
-func (s *CreateMultipartUploadInput) SetServerSideEncryption(v string) *CreateMultipartUploadInput {
-	s.ServerSideEncryption = &v
-	return s
-}
-
-// SetStorageClass sets the StorageClass field's value.
-func (s *CreateMultipartUploadInput) SetStorageClass(v string) *CreateMultipartUploadInput {
-	s.StorageClass = &v
-	return s
-}
-
-// SetTagging sets the Tagging field's value.
-func (s *CreateMultipartUploadInput) SetTagging(v string) *CreateMultipartUploadInput {
-	s.Tagging = &v
-	return s
-}
-
-// SetWebsiteRedirectLocation sets the WebsiteRedirectLocation field's value.
-func (s *CreateMultipartUploadInput) SetWebsiteRedirectLocation(v string) *CreateMultipartUploadInput {
-	s.WebsiteRedirectLocation = &v
-	return s
-}
-
-func (s *CreateMultipartUploadInput) getEndpointARN() (arn.Resource, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	return parseEndpointARN(*s.Bucket)
-}
-
-func (s *CreateMultipartUploadInput) hasEndpointARN() bool {
-	if s.Bucket == nil {
-		return false
-	}
-	return arn.IsARN(*s.Bucket)
-}
-
-// updateArnableField updates the value of the input field that
-// takes an ARN as an input. This method is useful to backfill
-// the parsed resource name from ARN into the input member.
-// It returns a pointer to a modified copy of input and an error.
-// Note that original input is not modified.
-func (s CreateMultipartUploadInput) updateArnableField(v string) (interface{}, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	s.Bucket = aws.String(v)
-	return &s, nil
-}
-
-type CreateMultipartUploadOutput struct {
-	_ struct{} `type:"structure"`
-
-	// If the bucket has a lifecycle rule configured with an action to abort incomplete
-	// multipart uploads and the prefix in the lifecycle rule matches the object
-	// name in the request, the response includes this header. The header indicates
-	// when the initiated multipart upload becomes eligible for an abort operation.
-	// For more information, see Aborting Incomplete Multipart Uploads Using a Bucket
-	// Lifecycle Configuration (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html#mpu-abort-incomplete-mpu-lifecycle-config).
-	//
-	// The response also includes the x-amz-abort-rule-id header that provides the
-	// ID of the lifecycle configuration rule that defines this action.
-	AbortDate *time.Time `location:"header" locationName:"x-amz-abort-date" type:"timestamp"`
-
-	// This header is returned along with the x-amz-abort-date header. It identifies
-	// the applicable lifecycle configuration rule that defines the action to abort
-	// incomplete multipart uploads.
-	AbortRuleId *string `location:"header" locationName:"x-amz-abort-rule-id" type:"string"`
-
-	// The name of the bucket to which the multipart upload was initiated. Does
-	// not return the access point ARN or access point alias if used.
-	//
-	// When using this action with an access point, you must direct requests to
-	// the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com.
-	// When using this action with an access point through the Amazon Web Services
-	// SDKs, you provide the access point ARN in place of the bucket name. For more
-	// information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
-	// in the Amazon S3 User Guide.
-	//
-	// When you use this action with Amazon S3 on Outposts, you must direct requests
-	// to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form
-	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When
-	// you use this action with S3 on Outposts through the Amazon Web Services SDKs,
-	// you provide the Outposts access point ARN in place of the bucket name. For
-	// more information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
-	// in the Amazon S3 User Guide.
-	Bucket *string `locationName:"Bucket" type:"string"`
-
-	// Indicates whether the multipart upload uses an S3 Bucket Key for server-side
-	// encryption with Key Management Service (KMS) keys (SSE-KMS).
-	BucketKeyEnabled *bool `location:"header" locationName:"x-amz-server-side-encryption-bucket-key-enabled" type:"boolean"`
-
-	// The algorithm that was used to create a checksum of the object.
-	ChecksumAlgorithm *string `location:"header" locationName:"x-amz-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"`
-
-	// Object key for which the multipart upload was initiated.
-	Key *string `min:"1" type:"string"`
-
-	// If present, indicates that the requester was successfully charged for the
-	// request.
-	RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"`
-
-	// If server-side encryption with a customer-provided encryption key was requested,
-	// the response will include this header confirming the encryption algorithm
-	// used.
-	SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"`
-
-	// If server-side encryption with a customer-provided encryption key was requested,
-	// the response will include this header to provide round-trip message integrity
-	// verification of the customer-provided encryption key.
-	SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"`
-
-	// If present, specifies the Amazon Web Services KMS Encryption Context to use
-	// for object encryption. The value of this header is a base64-encoded UTF-8
-	// string holding JSON with the encryption context key-value pairs.
-	//
-	// SSEKMSEncryptionContext is a sensitive parameter and its value will be
-	// replaced with "sensitive" in string returned by CreateMultipartUploadOutput's
-	// String and GoString methods.
-	SSEKMSEncryptionContext *string `location:"header" locationName:"x-amz-server-side-encryption-context" type:"string" sensitive:"true"`
-
-	// If present, specifies the ID of the Key Management Service (KMS) symmetric
-	// encryption customer managed key that was used for the object.
-	//
-	// SSEKMSKeyId is a sensitive parameter and its value will be
-	// replaced with "sensitive" in string returned by CreateMultipartUploadOutput's
-	// String and GoString methods.
-	SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"`
-
-	// The server-side encryption algorithm used when storing this object in Amazon
-	// S3 (for example, AES256, aws:kms).
-	ServerSideEncryption *string `location:"header" locationName:"x-amz-server-side-encryption" type:"string" enum:"ServerSideEncryption"`
-
-	// ID for the initiated multipart upload.
-	UploadId *string `type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s CreateMultipartUploadOutput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s CreateMultipartUploadOutput) GoString() string {
-	return s.String()
-}
-
-// SetAbortDate sets the AbortDate field's value.
-func (s *CreateMultipartUploadOutput) SetAbortDate(v time.Time) *CreateMultipartUploadOutput {
-	s.AbortDate = &v
-	return s
-}
-
-// SetAbortRuleId sets the AbortRuleId field's value.
-func (s *CreateMultipartUploadOutput) SetAbortRuleId(v string) *CreateMultipartUploadOutput {
-	s.AbortRuleId = &v
-	return s
-}
-
-// SetBucket sets the Bucket field's value.
-func (s *CreateMultipartUploadOutput) SetBucket(v string) *CreateMultipartUploadOutput {
-	s.Bucket = &v
-	return s
-}
-
-func (s *CreateMultipartUploadOutput) getBucket() (v string) {
-	if s.Bucket == nil {
-		return v
-	}
-	return *s.Bucket
-}
-
-// SetBucketKeyEnabled sets the BucketKeyEnabled field's value.
-func (s *CreateMultipartUploadOutput) SetBucketKeyEnabled(v bool) *CreateMultipartUploadOutput {
-	s.BucketKeyEnabled = &v
-	return s
-}
-
-// SetChecksumAlgorithm sets the ChecksumAlgorithm field's value.
-func (s *CreateMultipartUploadOutput) SetChecksumAlgorithm(v string) *CreateMultipartUploadOutput {
-	s.ChecksumAlgorithm = &v
-	return s
-}
-
-// SetKey sets the Key field's value.
-func (s *CreateMultipartUploadOutput) SetKey(v string) *CreateMultipartUploadOutput {
-	s.Key = &v
-	return s
-}
-
-// SetRequestCharged sets the RequestCharged field's value.
-func (s *CreateMultipartUploadOutput) SetRequestCharged(v string) *CreateMultipartUploadOutput {
-	s.RequestCharged = &v
-	return s
-}
-
-// SetSSECustomerAlgorithm sets the SSECustomerAlgorithm field's value.
-func (s *CreateMultipartUploadOutput) SetSSECustomerAlgorithm(v string) *CreateMultipartUploadOutput {
-	s.SSECustomerAlgorithm = &v
-	return s
-}
-
-// SetSSECustomerKeyMD5 sets the SSECustomerKeyMD5 field's value.
-func (s *CreateMultipartUploadOutput) SetSSECustomerKeyMD5(v string) *CreateMultipartUploadOutput {
-	s.SSECustomerKeyMD5 = &v
-	return s
-}
-
-// SetSSEKMSEncryptionContext sets the SSEKMSEncryptionContext field's value.
-func (s *CreateMultipartUploadOutput) SetSSEKMSEncryptionContext(v string) *CreateMultipartUploadOutput {
-	s.SSEKMSEncryptionContext = &v
-	return s
-}
-
-// SetSSEKMSKeyId sets the SSEKMSKeyId field's value.
-func (s *CreateMultipartUploadOutput) SetSSEKMSKeyId(v string) *CreateMultipartUploadOutput {
-	s.SSEKMSKeyId = &v
-	return s
-}
-
-// SetServerSideEncryption sets the ServerSideEncryption field's value.
-func (s *CreateMultipartUploadOutput) SetServerSideEncryption(v string) *CreateMultipartUploadOutput {
-	s.ServerSideEncryption = &v
-	return s
-}
-
-// SetUploadId sets the UploadId field's value.
-func (s *CreateMultipartUploadOutput) SetUploadId(v string) *CreateMultipartUploadOutput {
-	s.UploadId = &v
-	return s
-}
-
-// The container element for specifying the default Object Lock retention settings
-// for new objects placed in the specified bucket.
-//
-//   - The DefaultRetention settings require both a mode and a period.
-//
-//   - The DefaultRetention period can be either Days or Years but you must
-//     select one. You cannot specify Days and Years at the same time.
-type DefaultRetention struct {
-	_ struct{} `type:"structure"`
-
-	// The number of days that you want to specify for the default retention period.
-	// Must be used with Mode.
-	Days *int64 `type:"integer"`
-
-	// The default Object Lock retention mode you want to apply to new objects placed
-	// in the specified bucket. Must be used with either Days or Years.
-	Mode *string `type:"string" enum:"ObjectLockRetentionMode"`
-
-	// The number of years that you want to specify for the default retention period.
-	// Must be used with Mode.
-	Years *int64 `type:"integer"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s DefaultRetention) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s DefaultRetention) GoString() string {
-	return s.String()
-}
-
-// SetDays sets the Days field's value.
-func (s *DefaultRetention) SetDays(v int64) *DefaultRetention {
-	s.Days = &v
-	return s
-}
-
-// SetMode sets the Mode field's value.
-func (s *DefaultRetention) SetMode(v string) *DefaultRetention {
-	s.Mode = &v
-	return s
-}
-
-// SetYears sets the Years field's value.
-func (s *DefaultRetention) SetYears(v int64) *DefaultRetention {
-	s.Years = &v
-	return s
-}
-
-// Container for the objects to delete.
-type Delete struct {
-	_ struct{} `type:"structure"`
-
-	// The object to delete.
-	//
-	// Objects is a required field
-	Objects []*ObjectIdentifier `locationName:"Object" type:"list" flattened:"true" required:"true"`
-
-	// Element to enable quiet mode for the request. When you add this element,
-	// you must set its value to true.
-	Quiet *bool `type:"boolean"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s Delete) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s Delete) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *Delete) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "Delete"}
-	if s.Objects == nil {
-		invalidParams.Add(request.NewErrParamRequired("Objects"))
-	}
-	if s.Objects != nil {
-		for i, v := range s.Objects {
-			if v == nil {
-				continue
-			}
-			if err := v.Validate(); err != nil {
-				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Objects", i), err.(request.ErrInvalidParams))
-			}
-		}
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetObjects sets the Objects field's value.
-func (s *Delete) SetObjects(v []*ObjectIdentifier) *Delete {
-	s.Objects = v
-	return s
-}
-
-// SetQuiet sets the Quiet field's value.
-func (s *Delete) SetQuiet(v bool) *Delete {
-	s.Quiet = &v
-	return s
-}
-
-type DeleteBucketAnalyticsConfigurationInput struct {
-	_ struct{} `locationName:"DeleteBucketAnalyticsConfigurationRequest" type:"structure"`
-
-	// The name of the bucket from which an analytics configuration is deleted.
-	//
-	// Bucket is a required field
-	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
-
-	// The account ID of the expected bucket owner. If the bucket is owned by a
-	// different account, the request fails with the HTTP status code 403 Forbidden
-	// (access denied).
-	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
-
-	// The ID that identifies the analytics configuration.
-	//
-	// Id is a required field
-	Id *string `location:"querystring" locationName:"id" type:"string" required:"true"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s DeleteBucketAnalyticsConfigurationInput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s DeleteBucketAnalyticsConfigurationInput) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *DeleteBucketAnalyticsConfigurationInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "DeleteBucketAnalyticsConfigurationInput"}
-	if s.Bucket == nil {
-		invalidParams.Add(request.NewErrParamRequired("Bucket"))
-	}
-	if s.Bucket != nil && len(*s.Bucket) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
-	}
-	if s.Id == nil {
-		invalidParams.Add(request.NewErrParamRequired("Id"))
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetBucket sets the Bucket field's value.
-func (s *DeleteBucketAnalyticsConfigurationInput) SetBucket(v string) *DeleteBucketAnalyticsConfigurationInput {
-	s.Bucket = &v
-	return s
-}
-
-func (s *DeleteBucketAnalyticsConfigurationInput) getBucket() (v string) {
-	if s.Bucket == nil {
-		return v
-	}
-	return *s.Bucket
-}
-
-// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
-func (s *DeleteBucketAnalyticsConfigurationInput) SetExpectedBucketOwner(v string) *DeleteBucketAnalyticsConfigurationInput {
-	s.ExpectedBucketOwner = &v
-	return s
-}
-
-// SetId sets the Id field's value.
-func (s *DeleteBucketAnalyticsConfigurationInput) SetId(v string) *DeleteBucketAnalyticsConfigurationInput {
-	s.Id = &v
-	return s
-}
-
-func (s *DeleteBucketAnalyticsConfigurationInput) getEndpointARN() (arn.Resource, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	return parseEndpointARN(*s.Bucket)
-}
-
-func (s *DeleteBucketAnalyticsConfigurationInput) hasEndpointARN() bool {
-	if s.Bucket == nil {
-		return false
-	}
-	return arn.IsARN(*s.Bucket)
-}
-
-// updateArnableField updates the value of the input field that
-// takes an ARN as an input. This method is useful to backfill
-// the parsed resource name from ARN into the input member.
-// It returns a pointer to a modified copy of input and an error.
-// Note that original input is not modified.
-func (s DeleteBucketAnalyticsConfigurationInput) updateArnableField(v string) (interface{}, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	s.Bucket = aws.String(v)
-	return &s, nil
-}
-
-type DeleteBucketAnalyticsConfigurationOutput struct {
-	_ struct{} `type:"structure"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s DeleteBucketAnalyticsConfigurationOutput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s DeleteBucketAnalyticsConfigurationOutput) GoString() string {
-	return s.String()
-}
-
-type DeleteBucketCorsInput struct {
-	_ struct{} `locationName:"DeleteBucketCorsRequest" type:"structure"`
-
-	// Specifies the bucket whose cors configuration is being deleted.
-	//
-	// Bucket is a required field
-	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
-
-	// The account ID of the expected bucket owner. If the bucket is owned by a
-	// different account, the request fails with the HTTP status code 403 Forbidden
-	// (access denied).
-	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s DeleteBucketCorsInput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s DeleteBucketCorsInput) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *DeleteBucketCorsInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "DeleteBucketCorsInput"}
-	if s.Bucket == nil {
-		invalidParams.Add(request.NewErrParamRequired("Bucket"))
-	}
-	if s.Bucket != nil && len(*s.Bucket) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetBucket sets the Bucket field's value.
-func (s *DeleteBucketCorsInput) SetBucket(v string) *DeleteBucketCorsInput {
-	s.Bucket = &v
-	return s
-}
-
-func (s *DeleteBucketCorsInput) getBucket() (v string) {
-	if s.Bucket == nil {
-		return v
-	}
-	return *s.Bucket
-}
-
-// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
-func (s *DeleteBucketCorsInput) SetExpectedBucketOwner(v string) *DeleteBucketCorsInput {
-	s.ExpectedBucketOwner = &v
-	return s
-}
-
-func (s *DeleteBucketCorsInput) getEndpointARN() (arn.Resource, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	return parseEndpointARN(*s.Bucket)
-}
-
-func (s *DeleteBucketCorsInput) hasEndpointARN() bool {
-	if s.Bucket == nil {
-		return false
-	}
-	return arn.IsARN(*s.Bucket)
-}
-
-// updateArnableField updates the value of the input field that
-// takes an ARN as an input. This method is useful to backfill
-// the parsed resource name from ARN into the input member.
-// It returns a pointer to a modified copy of input and an error.
-// Note that original input is not modified.
-func (s DeleteBucketCorsInput) updateArnableField(v string) (interface{}, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	s.Bucket = aws.String(v)
-	return &s, nil
-}
-
-type DeleteBucketCorsOutput struct {
-	_ struct{} `type:"structure"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s DeleteBucketCorsOutput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s DeleteBucketCorsOutput) GoString() string {
-	return s.String()
-}
-
-type DeleteBucketEncryptionInput struct {
-	_ struct{} `locationName:"DeleteBucketEncryptionRequest" type:"structure"`
-
-	// The name of the bucket containing the server-side encryption configuration
-	// to delete.
-	//
-	// Bucket is a required field
-	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
-
-	// The account ID of the expected bucket owner. If the bucket is owned by a
-	// different account, the request fails with the HTTP status code 403 Forbidden
-	// (access denied).
-	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s DeleteBucketEncryptionInput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s DeleteBucketEncryptionInput) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *DeleteBucketEncryptionInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "DeleteBucketEncryptionInput"}
-	if s.Bucket == nil {
-		invalidParams.Add(request.NewErrParamRequired("Bucket"))
-	}
-	if s.Bucket != nil && len(*s.Bucket) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetBucket sets the Bucket field's value.
-func (s *DeleteBucketEncryptionInput) SetBucket(v string) *DeleteBucketEncryptionInput {
-	s.Bucket = &v
-	return s
-}
-
-func (s *DeleteBucketEncryptionInput) getBucket() (v string) {
-	if s.Bucket == nil {
-		return v
-	}
-	return *s.Bucket
-}
-
-// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
-func (s *DeleteBucketEncryptionInput) SetExpectedBucketOwner(v string) *DeleteBucketEncryptionInput {
-	s.ExpectedBucketOwner = &v
-	return s
-}
-
-func (s *DeleteBucketEncryptionInput) getEndpointARN() (arn.Resource, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	return parseEndpointARN(*s.Bucket)
-}
-
-func (s *DeleteBucketEncryptionInput) hasEndpointARN() bool {
-	if s.Bucket == nil {
-		return false
-	}
-	return arn.IsARN(*s.Bucket)
-}
-
-// updateArnableField updates the value of the input field that
-// takes an ARN as an input. This method is useful to backfill
-// the parsed resource name from ARN into the input member.
-// It returns a pointer to a modified copy of input and an error.
-// Note that original input is not modified.
-func (s DeleteBucketEncryptionInput) updateArnableField(v string) (interface{}, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	s.Bucket = aws.String(v)
-	return &s, nil
-}
-
-type DeleteBucketEncryptionOutput struct {
-	_ struct{} `type:"structure"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s DeleteBucketEncryptionOutput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s DeleteBucketEncryptionOutput) GoString() string {
-	return s.String()
-}
-
-type DeleteBucketInput struct {
-	_ struct{} `locationName:"DeleteBucketRequest" type:"structure"`
-
-	// Specifies the bucket being deleted.
-	//
-	// Bucket is a required field
-	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
-
-	// The account ID of the expected bucket owner. If the bucket is owned by a
-	// different account, the request fails with the HTTP status code 403 Forbidden
-	// (access denied).
-	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s DeleteBucketInput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s DeleteBucketInput) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *DeleteBucketInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "DeleteBucketInput"}
-	if s.Bucket == nil {
-		invalidParams.Add(request.NewErrParamRequired("Bucket"))
-	}
-	if s.Bucket != nil && len(*s.Bucket) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetBucket sets the Bucket field's value.
-func (s *DeleteBucketInput) SetBucket(v string) *DeleteBucketInput {
-	s.Bucket = &v
-	return s
-}
-
-func (s *DeleteBucketInput) getBucket() (v string) {
-	if s.Bucket == nil {
-		return v
-	}
-	return *s.Bucket
-}
-
-// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
-func (s *DeleteBucketInput) SetExpectedBucketOwner(v string) *DeleteBucketInput {
-	s.ExpectedBucketOwner = &v
-	return s
-}
-
-func (s *DeleteBucketInput) getEndpointARN() (arn.Resource, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	return parseEndpointARN(*s.Bucket)
-}
-
-func (s *DeleteBucketInput) hasEndpointARN() bool {
-	if s.Bucket == nil {
-		return false
-	}
-	return arn.IsARN(*s.Bucket)
-}
-
-// updateArnableField updates the value of the input field that
-// takes an ARN as an input. This method is useful to backfill
-// the parsed resource name from ARN into the input member.
-// It returns a pointer to a modified copy of input and an error.
-// Note that original input is not modified.
-func (s DeleteBucketInput) updateArnableField(v string) (interface{}, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	s.Bucket = aws.String(v)
-	return &s, nil
-}
-
-type DeleteBucketIntelligentTieringConfigurationInput struct {
-	_ struct{} `locationName:"DeleteBucketIntelligentTieringConfigurationRequest" type:"structure"`
-
-	// The name of the Amazon S3 bucket whose configuration you want to modify or
-	// retrieve.
-	//
-	// Bucket is a required field
-	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
-
-	// The ID used to identify the S3 Intelligent-Tiering configuration.
-	//
-	// Id is a required field
-	Id *string `location:"querystring" locationName:"id" type:"string" required:"true"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s DeleteBucketIntelligentTieringConfigurationInput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s DeleteBucketIntelligentTieringConfigurationInput) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *DeleteBucketIntelligentTieringConfigurationInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "DeleteBucketIntelligentTieringConfigurationInput"}
-	if s.Bucket == nil {
-		invalidParams.Add(request.NewErrParamRequired("Bucket"))
-	}
-	if s.Bucket != nil && len(*s.Bucket) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
-	}
-	if s.Id == nil {
-		invalidParams.Add(request.NewErrParamRequired("Id"))
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetBucket sets the Bucket field's value.
-func (s *DeleteBucketIntelligentTieringConfigurationInput) SetBucket(v string) *DeleteBucketIntelligentTieringConfigurationInput {
-	s.Bucket = &v
-	return s
-}
-
-func (s *DeleteBucketIntelligentTieringConfigurationInput) getBucket() (v string) {
-	if s.Bucket == nil {
-		return v
-	}
-	return *s.Bucket
-}
-
-// SetId sets the Id field's value.
-func (s *DeleteBucketIntelligentTieringConfigurationInput) SetId(v string) *DeleteBucketIntelligentTieringConfigurationInput {
-	s.Id = &v
-	return s
-}
-
-func (s *DeleteBucketIntelligentTieringConfigurationInput) getEndpointARN() (arn.Resource, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	return parseEndpointARN(*s.Bucket)
-}
-
-func (s *DeleteBucketIntelligentTieringConfigurationInput) hasEndpointARN() bool {
-	if s.Bucket == nil {
-		return false
-	}
-	return arn.IsARN(*s.Bucket)
-}
-
-// updateArnableField updates the value of the input field that
-// takes an ARN as an input. This method is useful to backfill
-// the parsed resource name from ARN into the input member.
-// It returns a pointer to a modified copy of input and an error.
-// Note that original input is not modified.
-func (s DeleteBucketIntelligentTieringConfigurationInput) updateArnableField(v string) (interface{}, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	s.Bucket = aws.String(v)
-	return &s, nil
-}
-
-type DeleteBucketIntelligentTieringConfigurationOutput struct {
-	_ struct{} `type:"structure"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s DeleteBucketIntelligentTieringConfigurationOutput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s DeleteBucketIntelligentTieringConfigurationOutput) GoString() string {
-	return s.String()
-}
-
-type DeleteBucketInventoryConfigurationInput struct {
-	_ struct{} `locationName:"DeleteBucketInventoryConfigurationRequest" type:"structure"`
-
-	// The name of the bucket containing the inventory configuration to delete.
-	//
-	// Bucket is a required field
-	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
-
-	// The account ID of the expected bucket owner. If the bucket is owned by a
-	// different account, the request fails with the HTTP status code 403 Forbidden
-	// (access denied).
-	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
-
-	// The ID used to identify the inventory configuration.
-	//
-	// Id is a required field
-	Id *string `location:"querystring" locationName:"id" type:"string" required:"true"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s DeleteBucketInventoryConfigurationInput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s DeleteBucketInventoryConfigurationInput) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *DeleteBucketInventoryConfigurationInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "DeleteBucketInventoryConfigurationInput"}
-	if s.Bucket == nil {
-		invalidParams.Add(request.NewErrParamRequired("Bucket"))
-	}
-	if s.Bucket != nil && len(*s.Bucket) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
-	}
-	if s.Id == nil {
-		invalidParams.Add(request.NewErrParamRequired("Id"))
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetBucket sets the Bucket field's value.
-func (s *DeleteBucketInventoryConfigurationInput) SetBucket(v string) *DeleteBucketInventoryConfigurationInput {
-	s.Bucket = &v
-	return s
-}
-
-func (s *DeleteBucketInventoryConfigurationInput) getBucket() (v string) {
-	if s.Bucket == nil {
-		return v
-	}
-	return *s.Bucket
-}
-
-// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
-func (s *DeleteBucketInventoryConfigurationInput) SetExpectedBucketOwner(v string) *DeleteBucketInventoryConfigurationInput {
-	s.ExpectedBucketOwner = &v
-	return s
-}
-
-// SetId sets the Id field's value.
-func (s *DeleteBucketInventoryConfigurationInput) SetId(v string) *DeleteBucketInventoryConfigurationInput {
-	s.Id = &v
-	return s
-}
-
-func (s *DeleteBucketInventoryConfigurationInput) getEndpointARN() (arn.Resource, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	return parseEndpointARN(*s.Bucket)
-}
-
-func (s *DeleteBucketInventoryConfigurationInput) hasEndpointARN() bool {
-	if s.Bucket == nil {
-		return false
-	}
-	return arn.IsARN(*s.Bucket)
-}
-
-// updateArnableField updates the value of the input field that
-// takes an ARN as an input. This method is useful to backfill
-// the parsed resource name from ARN into the input member.
-// It returns a pointer to a modified copy of input and an error.
-// Note that original input is not modified.
-func (s DeleteBucketInventoryConfigurationInput) updateArnableField(v string) (interface{}, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	s.Bucket = aws.String(v)
-	return &s, nil
-}
-
-type DeleteBucketInventoryConfigurationOutput struct {
-	_ struct{} `type:"structure"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s DeleteBucketInventoryConfigurationOutput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s DeleteBucketInventoryConfigurationOutput) GoString() string {
-	return s.String()
-}
-
-type DeleteBucketLifecycleInput struct {
-	_ struct{} `locationName:"DeleteBucketLifecycleRequest" type:"structure"`
-
-	// The bucket name of the lifecycle to delete.
-	//
-	// Bucket is a required field
-	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
-
-	// The account ID of the expected bucket owner. If the bucket is owned by a
-	// different account, the request fails with the HTTP status code 403 Forbidden
-	// (access denied).
-	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s DeleteBucketLifecycleInput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s DeleteBucketLifecycleInput) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *DeleteBucketLifecycleInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "DeleteBucketLifecycleInput"}
-	if s.Bucket == nil {
-		invalidParams.Add(request.NewErrParamRequired("Bucket"))
-	}
-	if s.Bucket != nil && len(*s.Bucket) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetBucket sets the Bucket field's value.
-func (s *DeleteBucketLifecycleInput) SetBucket(v string) *DeleteBucketLifecycleInput {
-	s.Bucket = &v
-	return s
-}
-
-func (s *DeleteBucketLifecycleInput) getBucket() (v string) {
-	if s.Bucket == nil {
-		return v
-	}
-	return *s.Bucket
-}
-
-// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
-func (s *DeleteBucketLifecycleInput) SetExpectedBucketOwner(v string) *DeleteBucketLifecycleInput {
-	s.ExpectedBucketOwner = &v
-	return s
-}
-
-func (s *DeleteBucketLifecycleInput) getEndpointARN() (arn.Resource, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	return parseEndpointARN(*s.Bucket)
-}
-
-func (s *DeleteBucketLifecycleInput) hasEndpointARN() bool {
-	if s.Bucket == nil {
-		return false
-	}
-	return arn.IsARN(*s.Bucket)
-}
-
-// updateArnableField updates the value of the input field that
-// takes an ARN as an input. This method is useful to backfill
-// the parsed resource name from ARN into the input member.
-// It returns a pointer to a modified copy of input and an error.
-// Note that original input is not modified.
-func (s DeleteBucketLifecycleInput) updateArnableField(v string) (interface{}, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	s.Bucket = aws.String(v)
-	return &s, nil
-}
-
-type DeleteBucketLifecycleOutput struct {
-	_ struct{} `type:"structure"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s DeleteBucketLifecycleOutput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s DeleteBucketLifecycleOutput) GoString() string {
-	return s.String()
-}
-
-type DeleteBucketMetricsConfigurationInput struct {
-	_ struct{} `locationName:"DeleteBucketMetricsConfigurationRequest" type:"structure"`
-
-	// The name of the bucket containing the metrics configuration to delete.
-	//
-	// Bucket is a required field
-	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
-
-	// The account ID of the expected bucket owner. If the bucket is owned by a
-	// different account, the request fails with the HTTP status code 403 Forbidden
-	// (access denied).
-	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
-
-	// The ID used to identify the metrics configuration. The ID has a 64 character
-	// limit and can only contain letters, numbers, periods, dashes, and underscores.
-	//
-	// Id is a required field
-	Id *string `location:"querystring" locationName:"id" type:"string" required:"true"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s DeleteBucketMetricsConfigurationInput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s DeleteBucketMetricsConfigurationInput) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *DeleteBucketMetricsConfigurationInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "DeleteBucketMetricsConfigurationInput"}
-	if s.Bucket == nil {
-		invalidParams.Add(request.NewErrParamRequired("Bucket"))
-	}
-	if s.Bucket != nil && len(*s.Bucket) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
-	}
-	if s.Id == nil {
-		invalidParams.Add(request.NewErrParamRequired("Id"))
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetBucket sets the Bucket field's value.
-func (s *DeleteBucketMetricsConfigurationInput) SetBucket(v string) *DeleteBucketMetricsConfigurationInput {
-	s.Bucket = &v
-	return s
-}
-
-func (s *DeleteBucketMetricsConfigurationInput) getBucket() (v string) {
-	if s.Bucket == nil {
-		return v
-	}
-	return *s.Bucket
-}
-
-// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
-func (s *DeleteBucketMetricsConfigurationInput) SetExpectedBucketOwner(v string) *DeleteBucketMetricsConfigurationInput {
-	s.ExpectedBucketOwner = &v
-	return s
-}
-
-// SetId sets the Id field's value.
-func (s *DeleteBucketMetricsConfigurationInput) SetId(v string) *DeleteBucketMetricsConfigurationInput {
-	s.Id = &v
-	return s
-}
-
-func (s *DeleteBucketMetricsConfigurationInput) getEndpointARN() (arn.Resource, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	return parseEndpointARN(*s.Bucket)
-}
-
-func (s *DeleteBucketMetricsConfigurationInput) hasEndpointARN() bool {
-	if s.Bucket == nil {
-		return false
-	}
-	return arn.IsARN(*s.Bucket)
-}
-
-// updateArnableField updates the value of the input field that
-// takes an ARN as an input. This method is useful to backfill
-// the parsed resource name from ARN into the input member.
-// It returns a pointer to a modified copy of input and an error.
-// Note that original input is not modified.
-func (s DeleteBucketMetricsConfigurationInput) updateArnableField(v string) (interface{}, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	s.Bucket = aws.String(v)
-	return &s, nil
-}
-
-type DeleteBucketMetricsConfigurationOutput struct {
-	_ struct{} `type:"structure"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s DeleteBucketMetricsConfigurationOutput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s DeleteBucketMetricsConfigurationOutput) GoString() string {
-	return s.String()
-}
-
-type DeleteBucketOutput struct {
-	_ struct{} `type:"structure"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s DeleteBucketOutput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s DeleteBucketOutput) GoString() string {
-	return s.String()
-}
-
-type DeleteBucketOwnershipControlsInput struct {
-	_ struct{} `locationName:"DeleteBucketOwnershipControlsRequest" type:"structure"`
-
-	// The Amazon S3 bucket whose OwnershipControls you want to delete.
-	//
-	// Bucket is a required field
-	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
-
-	// The account ID of the expected bucket owner. If the bucket is owned by a
-	// different account, the request fails with the HTTP status code 403 Forbidden
-	// (access denied).
-	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s DeleteBucketOwnershipControlsInput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s DeleteBucketOwnershipControlsInput) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *DeleteBucketOwnershipControlsInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "DeleteBucketOwnershipControlsInput"}
-	if s.Bucket == nil {
-		invalidParams.Add(request.NewErrParamRequired("Bucket"))
-	}
-	if s.Bucket != nil && len(*s.Bucket) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetBucket sets the Bucket field's value.
-func (s *DeleteBucketOwnershipControlsInput) SetBucket(v string) *DeleteBucketOwnershipControlsInput {
-	s.Bucket = &v
-	return s
-}
-
-func (s *DeleteBucketOwnershipControlsInput) getBucket() (v string) {
-	if s.Bucket == nil {
-		return v
-	}
-	return *s.Bucket
-}
-
-// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
-func (s *DeleteBucketOwnershipControlsInput) SetExpectedBucketOwner(v string) *DeleteBucketOwnershipControlsInput {
-	s.ExpectedBucketOwner = &v
-	return s
-}
-
-func (s *DeleteBucketOwnershipControlsInput) getEndpointARN() (arn.Resource, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	return parseEndpointARN(*s.Bucket)
-}
-
-func (s *DeleteBucketOwnershipControlsInput) hasEndpointARN() bool {
-	if s.Bucket == nil {
-		return false
-	}
-	return arn.IsARN(*s.Bucket)
-}
-
-// updateArnableField updates the value of the input field that
-// takes an ARN as an input. This method is useful to backfill
-// the parsed resource name from ARN into the input member.
-// It returns a pointer to a modified copy of input and an error.
-// Note that original input is not modified.
-func (s DeleteBucketOwnershipControlsInput) updateArnableField(v string) (interface{}, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	s.Bucket = aws.String(v)
-	return &s, nil
-}
-
-type DeleteBucketOwnershipControlsOutput struct {
-	_ struct{} `type:"structure"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s DeleteBucketOwnershipControlsOutput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s DeleteBucketOwnershipControlsOutput) GoString() string {
-	return s.String()
-}
-
-type DeleteBucketPolicyInput struct {
-	_ struct{} `locationName:"DeleteBucketPolicyRequest" type:"structure"`
-
-	// The bucket name.
-	//
-	// Bucket is a required field
-	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
-
-	// The account ID of the expected bucket owner. If the bucket is owned by a
-	// different account, the request fails with the HTTP status code 403 Forbidden
-	// (access denied).
-	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s DeleteBucketPolicyInput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s DeleteBucketPolicyInput) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *DeleteBucketPolicyInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "DeleteBucketPolicyInput"}
-	if s.Bucket == nil {
-		invalidParams.Add(request.NewErrParamRequired("Bucket"))
-	}
-	if s.Bucket != nil && len(*s.Bucket) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetBucket sets the Bucket field's value.
-func (s *DeleteBucketPolicyInput) SetBucket(v string) *DeleteBucketPolicyInput {
-	s.Bucket = &v
-	return s
-}
-
-func (s *DeleteBucketPolicyInput) getBucket() (v string) {
-	if s.Bucket == nil {
-		return v
-	}
-	return *s.Bucket
-}
-
-// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
-func (s *DeleteBucketPolicyInput) SetExpectedBucketOwner(v string) *DeleteBucketPolicyInput {
-	s.ExpectedBucketOwner = &v
-	return s
-}
-
-func (s *DeleteBucketPolicyInput) getEndpointARN() (arn.Resource, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	return parseEndpointARN(*s.Bucket)
-}
-
-func (s *DeleteBucketPolicyInput) hasEndpointARN() bool {
-	if s.Bucket == nil {
-		return false
-	}
-	return arn.IsARN(*s.Bucket)
-}
-
-// updateArnableField updates the value of the input field that
-// takes an ARN as an input. This method is useful to backfill
-// the parsed resource name from ARN into the input member.
-// It returns a pointer to a modified copy of input and an error.
-// Note that original input is not modified.
-func (s DeleteBucketPolicyInput) updateArnableField(v string) (interface{}, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	s.Bucket = aws.String(v)
-	return &s, nil
-}
-
-type DeleteBucketPolicyOutput struct {
-	_ struct{} `type:"structure"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s DeleteBucketPolicyOutput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s DeleteBucketPolicyOutput) GoString() string {
-	return s.String()
-}
-
-type DeleteBucketReplicationInput struct {
-	_ struct{} `locationName:"DeleteBucketReplicationRequest" type:"structure"`
-
-	// The bucket name.
-	//
-	// Bucket is a required field
-	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
-
-	// The account ID of the expected bucket owner. If the bucket is owned by a
-	// different account, the request fails with the HTTP status code 403 Forbidden
-	// (access denied).
-	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s DeleteBucketReplicationInput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s DeleteBucketReplicationInput) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *DeleteBucketReplicationInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "DeleteBucketReplicationInput"}
-	if s.Bucket == nil {
-		invalidParams.Add(request.NewErrParamRequired("Bucket"))
-	}
-	if s.Bucket != nil && len(*s.Bucket) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetBucket sets the Bucket field's value.
-func (s *DeleteBucketReplicationInput) SetBucket(v string) *DeleteBucketReplicationInput {
-	s.Bucket = &v
-	return s
-}
-
-func (s *DeleteBucketReplicationInput) getBucket() (v string) {
-	if s.Bucket == nil {
-		return v
-	}
-	return *s.Bucket
-}
-
-// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
-func (s *DeleteBucketReplicationInput) SetExpectedBucketOwner(v string) *DeleteBucketReplicationInput {
-	s.ExpectedBucketOwner = &v
-	return s
-}
-
-func (s *DeleteBucketReplicationInput) getEndpointARN() (arn.Resource, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	return parseEndpointARN(*s.Bucket)
-}
-
-func (s *DeleteBucketReplicationInput) hasEndpointARN() bool {
-	if s.Bucket == nil {
-		return false
-	}
-	return arn.IsARN(*s.Bucket)
-}
-
-// updateArnableField updates the value of the input field that
-// takes an ARN as an input. This method is useful to backfill
-// the parsed resource name from ARN into the input member.
-// It returns a pointer to a modified copy of input and an error.
-// Note that original input is not modified.
-func (s DeleteBucketReplicationInput) updateArnableField(v string) (interface{}, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	s.Bucket = aws.String(v)
-	return &s, nil
-}
-
-type DeleteBucketReplicationOutput struct {
-	_ struct{} `type:"structure"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s DeleteBucketReplicationOutput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s DeleteBucketReplicationOutput) GoString() string {
-	return s.String()
-}
-
-type DeleteBucketTaggingInput struct {
-	_ struct{} `locationName:"DeleteBucketTaggingRequest" type:"structure"`
-
-	// The bucket that has the tag set to be removed.
-	//
-	// Bucket is a required field
-	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
-
-	// The account ID of the expected bucket owner. If the bucket is owned by a
-	// different account, the request fails with the HTTP status code 403 Forbidden
-	// (access denied).
-	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s DeleteBucketTaggingInput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s DeleteBucketTaggingInput) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *DeleteBucketTaggingInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "DeleteBucketTaggingInput"}
-	if s.Bucket == nil {
-		invalidParams.Add(request.NewErrParamRequired("Bucket"))
-	}
-	if s.Bucket != nil && len(*s.Bucket) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetBucket sets the Bucket field's value.
-func (s *DeleteBucketTaggingInput) SetBucket(v string) *DeleteBucketTaggingInput {
-	s.Bucket = &v
-	return s
-}
-
-func (s *DeleteBucketTaggingInput) getBucket() (v string) {
-	if s.Bucket == nil {
-		return v
-	}
-	return *s.Bucket
-}
-
-// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
-func (s *DeleteBucketTaggingInput) SetExpectedBucketOwner(v string) *DeleteBucketTaggingInput {
-	s.ExpectedBucketOwner = &v
-	return s
-}
-
-func (s *DeleteBucketTaggingInput) getEndpointARN() (arn.Resource, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	return parseEndpointARN(*s.Bucket)
-}
-
-func (s *DeleteBucketTaggingInput) hasEndpointARN() bool {
-	if s.Bucket == nil {
-		return false
-	}
-	return arn.IsARN(*s.Bucket)
-}
-
-// updateArnableField updates the value of the input field that
-// takes an ARN as an input. This method is useful to backfill
-// the parsed resource name from ARN into the input member.
-// It returns a pointer to a modified copy of input and an error.
-// Note that original input is not modified.
-func (s DeleteBucketTaggingInput) updateArnableField(v string) (interface{}, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	s.Bucket = aws.String(v)
-	return &s, nil
-}
-
-type DeleteBucketTaggingOutput struct {
-	_ struct{} `type:"structure"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s DeleteBucketTaggingOutput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s DeleteBucketTaggingOutput) GoString() string {
-	return s.String()
-}
-
-type DeleteBucketWebsiteInput struct {
-	_ struct{} `locationName:"DeleteBucketWebsiteRequest" type:"structure"`
-
-	// The bucket name for which you want to remove the website configuration.
-	//
-	// Bucket is a required field
-	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
-
-	// The account ID of the expected bucket owner. If the bucket is owned by a
-	// different account, the request fails with the HTTP status code 403 Forbidden
-	// (access denied).
-	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s DeleteBucketWebsiteInput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s DeleteBucketWebsiteInput) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *DeleteBucketWebsiteInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "DeleteBucketWebsiteInput"}
-	if s.Bucket == nil {
-		invalidParams.Add(request.NewErrParamRequired("Bucket"))
-	}
-	if s.Bucket != nil && len(*s.Bucket) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetBucket sets the Bucket field's value.
-func (s *DeleteBucketWebsiteInput) SetBucket(v string) *DeleteBucketWebsiteInput {
-	s.Bucket = &v
-	return s
-}
-
-func (s *DeleteBucketWebsiteInput) getBucket() (v string) {
-	if s.Bucket == nil {
-		return v
-	}
-	return *s.Bucket
-}
-
-// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
-func (s *DeleteBucketWebsiteInput) SetExpectedBucketOwner(v string) *DeleteBucketWebsiteInput {
-	s.ExpectedBucketOwner = &v
-	return s
-}
-
-func (s *DeleteBucketWebsiteInput) getEndpointARN() (arn.Resource, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	return parseEndpointARN(*s.Bucket)
-}
-
-func (s *DeleteBucketWebsiteInput) hasEndpointARN() bool {
-	if s.Bucket == nil {
-		return false
-	}
-	return arn.IsARN(*s.Bucket)
-}
-
-// updateArnableField updates the value of the input field that
-// takes an ARN as an input. This method is useful to backfill
-// the parsed resource name from ARN into the input member.
-// It returns a pointer to a modified copy of input and an error.
-// Note that original input is not modified.
-func (s DeleteBucketWebsiteInput) updateArnableField(v string) (interface{}, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	s.Bucket = aws.String(v)
-	return &s, nil
-}
-
-type DeleteBucketWebsiteOutput struct {
-	_ struct{} `type:"structure"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s DeleteBucketWebsiteOutput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s DeleteBucketWebsiteOutput) GoString() string {
-	return s.String()
-}
-
-// Information about the delete marker.
-type DeleteMarkerEntry struct {
-	_ struct{} `type:"structure"`
-
-	// Specifies whether the object is (true) or is not (false) the latest version
-	// of an object.
-	IsLatest *bool `type:"boolean"`
-
-	// The object key.
-	Key *string `min:"1" type:"string"`
-
-	// Date and time the object was last modified.
-	LastModified *time.Time `type:"timestamp"`
-
-	// The account that created the delete marker.>
-	Owner *Owner `type:"structure"`
-
-	// Version ID of an object.
-	VersionId *string `type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s DeleteMarkerEntry) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s DeleteMarkerEntry) GoString() string {
-	return s.String()
-}
-
-// SetIsLatest sets the IsLatest field's value.
-func (s *DeleteMarkerEntry) SetIsLatest(v bool) *DeleteMarkerEntry {
-	s.IsLatest = &v
-	return s
-}
-
-// SetKey sets the Key field's value.
-func (s *DeleteMarkerEntry) SetKey(v string) *DeleteMarkerEntry {
-	s.Key = &v
-	return s
-}
-
-// SetLastModified sets the LastModified field's value.
-func (s *DeleteMarkerEntry) SetLastModified(v time.Time) *DeleteMarkerEntry {
-	s.LastModified = &v
-	return s
-}
-
-// SetOwner sets the Owner field's value.
-func (s *DeleteMarkerEntry) SetOwner(v *Owner) *DeleteMarkerEntry {
-	s.Owner = v
-	return s
-}
-
-// SetVersionId sets the VersionId field's value.
-func (s *DeleteMarkerEntry) SetVersionId(v string) *DeleteMarkerEntry {
-	s.VersionId = &v
-	return s
-}
-
-// Specifies whether Amazon S3 replicates delete markers. If you specify a Filter
-// in your replication configuration, you must also include a DeleteMarkerReplication
-// element. If your Filter includes a Tag element, the DeleteMarkerReplication
-// Status must be set to Disabled, because Amazon S3 does not support replicating
-// delete markers for tag-based rules. For an example configuration, see Basic
-// Rule Configuration (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-add-config.html#replication-config-min-rule-config).
-//
-// For more information about delete marker replication, see Basic Rule Configuration
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/delete-marker-replication.html).
-//
-// If you are using an earlier version of the replication configuration, Amazon
-// S3 handles replication of delete markers differently. For more information,
-// see Backward Compatibility (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-add-config.html#replication-backward-compat-considerations).
-type DeleteMarkerReplication struct {
-	_ struct{} `type:"structure"`
-
-	// Indicates whether to replicate delete markers.
-	//
-	// Indicates whether to replicate delete markers.
-	Status *string `type:"string" enum:"DeleteMarkerReplicationStatus"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s DeleteMarkerReplication) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s DeleteMarkerReplication) GoString() string {
-	return s.String()
-}
-
-// SetStatus sets the Status field's value.
-func (s *DeleteMarkerReplication) SetStatus(v string) *DeleteMarkerReplication {
-	s.Status = &v
-	return s
-}
-
-type DeleteObjectInput struct {
-	_ struct{} `locationName:"DeleteObjectRequest" type:"structure"`
-
-	// The bucket name of the bucket containing the object.
-	//
-	// When using this action with an access point, you must direct requests to
-	// the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com.
-	// When using this action with an access point through the Amazon Web Services
-	// SDKs, you provide the access point ARN in place of the bucket name. For more
-	// information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
-	// in the Amazon S3 User Guide.
-	//
-	// When you use this action with Amazon S3 on Outposts, you must direct requests
-	// to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form
-	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When
-	// you use this action with S3 on Outposts through the Amazon Web Services SDKs,
-	// you provide the Outposts access point ARN in place of the bucket name. For
-	// more information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
-	// in the Amazon S3 User Guide.
-	//
-	// Bucket is a required field
-	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
-
-	// Indicates whether S3 Object Lock should bypass Governance-mode restrictions
-	// to process this operation. To use this header, you must have the s3:BypassGovernanceRetention
-	// permission.
-	BypassGovernanceRetention *bool `location:"header" locationName:"x-amz-bypass-governance-retention" type:"boolean"`
-
-	// The account ID of the expected bucket owner. If the bucket is owned by a
-	// different account, the request fails with the HTTP status code 403 Forbidden
-	// (access denied).
-	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
-
-	// Key name of the object to delete.
-	//
-	// Key is a required field
-	Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"`
-
-	// The concatenation of the authentication device's serial number, a space,
-	// and the value that is displayed on your authentication device. Required to
-	// permanently delete a versioned object if versioning is configured with MFA
-	// delete enabled.
-	MFA *string `location:"header" locationName:"x-amz-mfa" type:"string"`
-
-	// Confirms that the requester knows that they will be charged for the request.
-	// Bucket owners need not specify this parameter in their requests. For information
-	// about downloading objects from Requester Pays buckets, see Downloading Objects
-	// in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
-	// in the Amazon S3 User Guide.
-	RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"`
-
-	// VersionId used to reference a specific version of the object.
-	VersionId *string `location:"querystring" locationName:"versionId" type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s DeleteObjectInput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s DeleteObjectInput) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *DeleteObjectInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "DeleteObjectInput"}
-	if s.Bucket == nil {
-		invalidParams.Add(request.NewErrParamRequired("Bucket"))
-	}
-	if s.Bucket != nil && len(*s.Bucket) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
-	}
-	if s.Key == nil {
-		invalidParams.Add(request.NewErrParamRequired("Key"))
-	}
-	if s.Key != nil && len(*s.Key) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Key", 1))
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetBucket sets the Bucket field's value.
-func (s *DeleteObjectInput) SetBucket(v string) *DeleteObjectInput {
-	s.Bucket = &v
-	return s
-}
-
-func (s *DeleteObjectInput) getBucket() (v string) {
-	if s.Bucket == nil {
-		return v
-	}
-	return *s.Bucket
-}
-
-// SetBypassGovernanceRetention sets the BypassGovernanceRetention field's value.
-func (s *DeleteObjectInput) SetBypassGovernanceRetention(v bool) *DeleteObjectInput {
-	s.BypassGovernanceRetention = &v
-	return s
-}
-
-// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
-func (s *DeleteObjectInput) SetExpectedBucketOwner(v string) *DeleteObjectInput {
-	s.ExpectedBucketOwner = &v
-	return s
-}
-
-// SetKey sets the Key field's value.
-func (s *DeleteObjectInput) SetKey(v string) *DeleteObjectInput {
-	s.Key = &v
-	return s
-}
-
-// SetMFA sets the MFA field's value.
-func (s *DeleteObjectInput) SetMFA(v string) *DeleteObjectInput {
-	s.MFA = &v
-	return s
-}
-
-// SetRequestPayer sets the RequestPayer field's value.
-func (s *DeleteObjectInput) SetRequestPayer(v string) *DeleteObjectInput {
-	s.RequestPayer = &v
-	return s
-}
-
-// SetVersionId sets the VersionId field's value.
-func (s *DeleteObjectInput) SetVersionId(v string) *DeleteObjectInput {
-	s.VersionId = &v
-	return s
-}
-
-func (s *DeleteObjectInput) getEndpointARN() (arn.Resource, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	return parseEndpointARN(*s.Bucket)
-}
-
-func (s *DeleteObjectInput) hasEndpointARN() bool {
-	if s.Bucket == nil {
-		return false
-	}
-	return arn.IsARN(*s.Bucket)
-}
-
-// updateArnableField updates the value of the input field that
-// takes an ARN as an input. This method is useful to backfill
-// the parsed resource name from ARN into the input member.
-// It returns a pointer to a modified copy of input and an error.
-// Note that original input is not modified.
-func (s DeleteObjectInput) updateArnableField(v string) (interface{}, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	s.Bucket = aws.String(v)
-	return &s, nil
-}
-
-type DeleteObjectOutput struct {
-	_ struct{} `type:"structure"`
-
-	// Specifies whether the versioned object that was permanently deleted was (true)
-	// or was not (false) a delete marker.
-	DeleteMarker *bool `location:"header" locationName:"x-amz-delete-marker" type:"boolean"`
-
-	// If present, indicates that the requester was successfully charged for the
-	// request.
-	RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"`
-
-	// Returns the version ID of the delete marker created as a result of the DELETE
-	// operation.
-	VersionId *string `location:"header" locationName:"x-amz-version-id" type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s DeleteObjectOutput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s DeleteObjectOutput) GoString() string {
-	return s.String()
-}
-
-// SetDeleteMarker sets the DeleteMarker field's value.
-func (s *DeleteObjectOutput) SetDeleteMarker(v bool) *DeleteObjectOutput {
-	s.DeleteMarker = &v
-	return s
-}
-
-// SetRequestCharged sets the RequestCharged field's value.
-func (s *DeleteObjectOutput) SetRequestCharged(v string) *DeleteObjectOutput {
-	s.RequestCharged = &v
-	return s
-}
-
-// SetVersionId sets the VersionId field's value.
-func (s *DeleteObjectOutput) SetVersionId(v string) *DeleteObjectOutput {
-	s.VersionId = &v
-	return s
-}
-
-type DeleteObjectTaggingInput struct {
-	_ struct{} `locationName:"DeleteObjectTaggingRequest" type:"structure"`
-
-	// The bucket name containing the objects from which to remove the tags.
-	//
-	// When using this action with an access point, you must direct requests to
-	// the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com.
-	// When using this action with an access point through the Amazon Web Services
-	// SDKs, you provide the access point ARN in place of the bucket name. For more
-	// information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
-	// in the Amazon S3 User Guide.
-	//
-	// When you use this action with Amazon S3 on Outposts, you must direct requests
-	// to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form
-	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When
-	// you use this action with S3 on Outposts through the Amazon Web Services SDKs,
-	// you provide the Outposts access point ARN in place of the bucket name. For
-	// more information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
-	// in the Amazon S3 User Guide.
-	//
-	// Bucket is a required field
-	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
-
-	// The account ID of the expected bucket owner. If the bucket is owned by a
-	// different account, the request fails with the HTTP status code 403 Forbidden
-	// (access denied).
-	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
-
-	// The key that identifies the object in the bucket from which to remove all
-	// tags.
-	//
-	// Key is a required field
-	Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"`
-
-	// The versionId of the object that the tag-set will be removed from.
-	VersionId *string `location:"querystring" locationName:"versionId" type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s DeleteObjectTaggingInput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s DeleteObjectTaggingInput) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *DeleteObjectTaggingInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "DeleteObjectTaggingInput"}
-	if s.Bucket == nil {
-		invalidParams.Add(request.NewErrParamRequired("Bucket"))
-	}
-	if s.Bucket != nil && len(*s.Bucket) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
-	}
-	if s.Key == nil {
-		invalidParams.Add(request.NewErrParamRequired("Key"))
-	}
-	if s.Key != nil && len(*s.Key) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Key", 1))
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetBucket sets the Bucket field's value.
-func (s *DeleteObjectTaggingInput) SetBucket(v string) *DeleteObjectTaggingInput {
-	s.Bucket = &v
-	return s
-}
-
-func (s *DeleteObjectTaggingInput) getBucket() (v string) {
-	if s.Bucket == nil {
-		return v
-	}
-	return *s.Bucket
-}
-
-// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
-func (s *DeleteObjectTaggingInput) SetExpectedBucketOwner(v string) *DeleteObjectTaggingInput {
-	s.ExpectedBucketOwner = &v
-	return s
-}
-
-// SetKey sets the Key field's value.
-func (s *DeleteObjectTaggingInput) SetKey(v string) *DeleteObjectTaggingInput {
-	s.Key = &v
-	return s
-}
-
-// SetVersionId sets the VersionId field's value.
-func (s *DeleteObjectTaggingInput) SetVersionId(v string) *DeleteObjectTaggingInput {
-	s.VersionId = &v
-	return s
-}
-
-func (s *DeleteObjectTaggingInput) getEndpointARN() (arn.Resource, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	return parseEndpointARN(*s.Bucket)
-}
-
-func (s *DeleteObjectTaggingInput) hasEndpointARN() bool {
-	if s.Bucket == nil {
-		return false
-	}
-	return arn.IsARN(*s.Bucket)
-}
-
-// updateArnableField updates the value of the input field that
-// takes an ARN as an input. This method is useful to backfill
-// the parsed resource name from ARN into the input member.
-// It returns a pointer to a modified copy of input and an error.
-// Note that original input is not modified.
-func (s DeleteObjectTaggingInput) updateArnableField(v string) (interface{}, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	s.Bucket = aws.String(v)
-	return &s, nil
-}
-
-type DeleteObjectTaggingOutput struct {
-	_ struct{} `type:"structure"`
-
-	// The versionId of the object the tag-set was removed from.
-	VersionId *string `location:"header" locationName:"x-amz-version-id" type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s DeleteObjectTaggingOutput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s DeleteObjectTaggingOutput) GoString() string {
-	return s.String()
-}
-
-// SetVersionId sets the VersionId field's value.
-func (s *DeleteObjectTaggingOutput) SetVersionId(v string) *DeleteObjectTaggingOutput {
-	s.VersionId = &v
-	return s
-}
-
-type DeleteObjectsInput struct {
-	_ struct{} `locationName:"DeleteObjectsRequest" type:"structure" payload:"Delete"`
-
-	// The bucket name containing the objects to delete.
-	//
-	// When using this action with an access point, you must direct requests to
-	// the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com.
-	// When using this action with an access point through the Amazon Web Services
-	// SDKs, you provide the access point ARN in place of the bucket name. For more
-	// information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
-	// in the Amazon S3 User Guide.
-	//
-	// When you use this action with Amazon S3 on Outposts, you must direct requests
-	// to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form
-	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When
-	// you use this action with S3 on Outposts through the Amazon Web Services SDKs,
-	// you provide the Outposts access point ARN in place of the bucket name. For
-	// more information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
-	// in the Amazon S3 User Guide.
-	//
-	// Bucket is a required field
-	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
-
-	// Specifies whether you want to delete this object even if it has a Governance-type
-	// Object Lock in place. To use this header, you must have the s3:BypassGovernanceRetention
-	// permission.
-	BypassGovernanceRetention *bool `location:"header" locationName:"x-amz-bypass-governance-retention" type:"boolean"`
-
-	// Indicates the algorithm used to create the checksum for the object when using
-	// the SDK. This header will not provide any additional functionality if not
-	// using the SDK. When sending this header, there must be a corresponding x-amz-checksum
-	// or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with
-	// the HTTP status code 400 Bad Request. For more information, see Checking
-	// object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
-	// in the Amazon S3 User Guide.
-	//
-	// If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm
-	// parameter.
-	//
-	// This checksum algorithm must be the same for all parts and it match the checksum
-	// value supplied in the CreateMultipartUpload request.
-	//
-	// The AWS SDK for Go v1 does not support automatic computing request payload
-	// checksum. This feature is available in the AWS SDK for Go v2. If a value
-	// is specified for this parameter, the matching algorithm's checksum member
-	// must be populated with the algorithm's checksum of the request payload.
-	//
-	// The SDK will automatically compute the Content-MD5 checksum for this operation.
-	// The AWS SDK for Go v2 allows you to configure alternative checksum algorithm
-	// to be used.
-	ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"`
-
-	// Container for the request.
-	//
-	// Delete is a required field
-	Delete *Delete `locationName:"Delete" type:"structure" required:"true" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"`
-
-	// The account ID of the expected bucket owner. If the bucket is owned by a
-	// different account, the request fails with the HTTP status code 403 Forbidden
-	// (access denied).
-	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
-
-	// The concatenation of the authentication device's serial number, a space,
-	// and the value that is displayed on your authentication device. Required to
-	// permanently delete a versioned object if versioning is configured with MFA
-	// delete enabled.
-	MFA *string `location:"header" locationName:"x-amz-mfa" type:"string"`
-
-	// Confirms that the requester knows that they will be charged for the request.
-	// Bucket owners need not specify this parameter in their requests. For information
-	// about downloading objects from Requester Pays buckets, see Downloading Objects
-	// in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
-	// in the Amazon S3 User Guide.
-	RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s DeleteObjectsInput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s DeleteObjectsInput) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *DeleteObjectsInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "DeleteObjectsInput"}
-	if s.Bucket == nil {
-		invalidParams.Add(request.NewErrParamRequired("Bucket"))
-	}
-	if s.Bucket != nil && len(*s.Bucket) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
-	}
-	if s.Delete == nil {
-		invalidParams.Add(request.NewErrParamRequired("Delete"))
-	}
-	if s.Delete != nil {
-		if err := s.Delete.Validate(); err != nil {
-			invalidParams.AddNested("Delete", err.(request.ErrInvalidParams))
-		}
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetBucket sets the Bucket field's value.
-func (s *DeleteObjectsInput) SetBucket(v string) *DeleteObjectsInput {
-	s.Bucket = &v
-	return s
-}
-
-func (s *DeleteObjectsInput) getBucket() (v string) {
-	if s.Bucket == nil {
-		return v
-	}
-	return *s.Bucket
-}
-
-// SetBypassGovernanceRetention sets the BypassGovernanceRetention field's value.
-func (s *DeleteObjectsInput) SetBypassGovernanceRetention(v bool) *DeleteObjectsInput {
-	s.BypassGovernanceRetention = &v
-	return s
-}
-
-// SetChecksumAlgorithm sets the ChecksumAlgorithm field's value.
-func (s *DeleteObjectsInput) SetChecksumAlgorithm(v string) *DeleteObjectsInput {
-	s.ChecksumAlgorithm = &v
-	return s
-}
-
-// SetDelete sets the Delete field's value.
-func (s *DeleteObjectsInput) SetDelete(v *Delete) *DeleteObjectsInput {
-	s.Delete = v
-	return s
-}
-
-// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
-func (s *DeleteObjectsInput) SetExpectedBucketOwner(v string) *DeleteObjectsInput {
-	s.ExpectedBucketOwner = &v
-	return s
-}
-
-// SetMFA sets the MFA field's value.
-func (s *DeleteObjectsInput) SetMFA(v string) *DeleteObjectsInput {
-	s.MFA = &v
-	return s
-}
-
-// SetRequestPayer sets the RequestPayer field's value.
-func (s *DeleteObjectsInput) SetRequestPayer(v string) *DeleteObjectsInput {
-	s.RequestPayer = &v
-	return s
-}
-
-func (s *DeleteObjectsInput) getEndpointARN() (arn.Resource, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	return parseEndpointARN(*s.Bucket)
-}
-
-func (s *DeleteObjectsInput) hasEndpointARN() bool {
-	if s.Bucket == nil {
-		return false
-	}
-	return arn.IsARN(*s.Bucket)
-}
-
-// updateArnableField updates the value of the input field that
-// takes an ARN as an input. This method is useful to backfill
-// the parsed resource name from ARN into the input member.
-// It returns a pointer to a modified copy of input and an error.
-// Note that original input is not modified.
-func (s DeleteObjectsInput) updateArnableField(v string) (interface{}, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	s.Bucket = aws.String(v)
-	return &s, nil
-}
-
-type DeleteObjectsOutput struct {
-	_ struct{} `type:"structure"`
-
-	// Container element for a successful delete. It identifies the object that
-	// was successfully deleted.
-	Deleted []*DeletedObject `type:"list" flattened:"true"`
-
-	// Container for a failed delete action that describes the object that Amazon
-	// S3 attempted to delete and the error it encountered.
-	Errors []*Error `locationName:"Error" type:"list" flattened:"true"`
-
-	// If present, indicates that the requester was successfully charged for the
-	// request.
-	RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s DeleteObjectsOutput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s DeleteObjectsOutput) GoString() string {
-	return s.String()
-}
-
-// SetDeleted sets the Deleted field's value.
-func (s *DeleteObjectsOutput) SetDeleted(v []*DeletedObject) *DeleteObjectsOutput {
-	s.Deleted = v
-	return s
-}
-
-// SetErrors sets the Errors field's value.
-func (s *DeleteObjectsOutput) SetErrors(v []*Error) *DeleteObjectsOutput {
-	s.Errors = v
-	return s
-}
-
-// SetRequestCharged sets the RequestCharged field's value.
-func (s *DeleteObjectsOutput) SetRequestCharged(v string) *DeleteObjectsOutput {
-	s.RequestCharged = &v
-	return s
-}
-
-type DeletePublicAccessBlockInput struct {
-	_ struct{} `locationName:"DeletePublicAccessBlockRequest" type:"structure"`
-
-	// The Amazon S3 bucket whose PublicAccessBlock configuration you want to delete.
-	//
-	// Bucket is a required field
-	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
-
-	// The account ID of the expected bucket owner. If the bucket is owned by a
-	// different account, the request fails with the HTTP status code 403 Forbidden
-	// (access denied).
-	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s DeletePublicAccessBlockInput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s DeletePublicAccessBlockInput) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *DeletePublicAccessBlockInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "DeletePublicAccessBlockInput"}
-	if s.Bucket == nil {
-		invalidParams.Add(request.NewErrParamRequired("Bucket"))
-	}
-	if s.Bucket != nil && len(*s.Bucket) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetBucket sets the Bucket field's value.
-func (s *DeletePublicAccessBlockInput) SetBucket(v string) *DeletePublicAccessBlockInput {
-	s.Bucket = &v
-	return s
-}
-
-func (s *DeletePublicAccessBlockInput) getBucket() (v string) {
-	if s.Bucket == nil {
-		return v
-	}
-	return *s.Bucket
-}
-
-// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
-func (s *DeletePublicAccessBlockInput) SetExpectedBucketOwner(v string) *DeletePublicAccessBlockInput {
-	s.ExpectedBucketOwner = &v
-	return s
-}
-
-func (s *DeletePublicAccessBlockInput) getEndpointARN() (arn.Resource, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	return parseEndpointARN(*s.Bucket)
-}
-
-func (s *DeletePublicAccessBlockInput) hasEndpointARN() bool {
-	if s.Bucket == nil {
-		return false
-	}
-	return arn.IsARN(*s.Bucket)
-}
-
-// updateArnableField updates the value of the input field that
-// takes an ARN as an input. This method is useful to backfill
-// the parsed resource name from ARN into the input member.
-// It returns a pointer to a modified copy of input and an error.
-// Note that original input is not modified.
-func (s DeletePublicAccessBlockInput) updateArnableField(v string) (interface{}, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	s.Bucket = aws.String(v)
-	return &s, nil
-}
-
-type DeletePublicAccessBlockOutput struct {
-	_ struct{} `type:"structure"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s DeletePublicAccessBlockOutput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s DeletePublicAccessBlockOutput) GoString() string {
-	return s.String()
-}
-
-// Information about the deleted object.
-type DeletedObject struct {
-	_ struct{} `type:"structure"`
-
-	// Specifies whether the versioned object that was permanently deleted was (true)
-	// or was not (false) a delete marker. In a simple DELETE, this header indicates
-	// whether (true) or not (false) a delete marker was created.
-	DeleteMarker *bool `type:"boolean"`
-
-	// The version ID of the delete marker created as a result of the DELETE operation.
-	// If you delete a specific object version, the value returned by this header
-	// is the version ID of the object version deleted.
-	DeleteMarkerVersionId *string `type:"string"`
-
-	// The name of the deleted object.
-	Key *string `min:"1" type:"string"`
-
-	// The version ID of the deleted object.
-	VersionId *string `type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s DeletedObject) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s DeletedObject) GoString() string {
-	return s.String()
-}
-
-// SetDeleteMarker sets the DeleteMarker field's value.
-func (s *DeletedObject) SetDeleteMarker(v bool) *DeletedObject {
-	s.DeleteMarker = &v
-	return s
-}
-
-// SetDeleteMarkerVersionId sets the DeleteMarkerVersionId field's value.
-func (s *DeletedObject) SetDeleteMarkerVersionId(v string) *DeletedObject {
-	s.DeleteMarkerVersionId = &v
-	return s
-}
-
-// SetKey sets the Key field's value.
-func (s *DeletedObject) SetKey(v string) *DeletedObject {
-	s.Key = &v
-	return s
-}
-
-// SetVersionId sets the VersionId field's value.
-func (s *DeletedObject) SetVersionId(v string) *DeletedObject {
-	s.VersionId = &v
-	return s
-}
-
-// Specifies information about where to publish analysis or configuration results
-// for an Amazon S3 bucket and S3 Replication Time Control (S3 RTC).
-type Destination struct {
-	_ struct{} `type:"structure"`
-
-	// Specify this only in a cross-account scenario (where source and destination
-	// bucket owners are not the same), and you want to change replica ownership
-	// to the Amazon Web Services account that owns the destination bucket. If this
-	// is not specified in the replication configuration, the replicas are owned
-	// by same Amazon Web Services account that owns the source object.
-	AccessControlTranslation *AccessControlTranslation `type:"structure"`
-
-	// Destination bucket owner account ID. In a cross-account scenario, if you
-	// direct Amazon S3 to change replica ownership to the Amazon Web Services account
-	// that owns the destination bucket by specifying the AccessControlTranslation
-	// property, this is the account ID of the destination bucket owner. For more
-	// information, see Replication Additional Configuration: Changing the Replica
-	// Owner (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-change-owner.html)
-	// in the Amazon S3 User Guide.
-	Account *string `type:"string"`
-
-	// The Amazon Resource Name (ARN) of the bucket where you want Amazon S3 to
-	// store the results.
-	//
-	// Bucket is a required field
-	Bucket *string `type:"string" required:"true"`
-
-	// A container that provides information about encryption. If SourceSelectionCriteria
-	// is specified, you must specify this element.
-	EncryptionConfiguration *EncryptionConfiguration `type:"structure"`
-
-	// A container specifying replication metrics-related settings enabling replication
-	// metrics and events.
-	Metrics *Metrics `type:"structure"`
-
-	// A container specifying S3 Replication Time Control (S3 RTC), including whether
-	// S3 RTC is enabled and the time when all objects and operations on objects
-	// must be replicated. Must be specified together with a Metrics block.
-	ReplicationTime *ReplicationTime `type:"structure"`
-
-	// The storage class to use when replicating objects, such as S3 Standard or
-	// reduced redundancy. By default, Amazon S3 uses the storage class of the source
-	// object to create the object replica.
-	//
-	// For valid values, see the StorageClass element of the PUT Bucket replication
-	// (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTreplication.html)
-	// action in the Amazon S3 API Reference.
-	StorageClass *string `type:"string" enum:"StorageClass"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s Destination) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s Destination) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *Destination) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "Destination"}
-	if s.Bucket == nil {
-		invalidParams.Add(request.NewErrParamRequired("Bucket"))
-	}
-	if s.AccessControlTranslation != nil {
-		if err := s.AccessControlTranslation.Validate(); err != nil {
-			invalidParams.AddNested("AccessControlTranslation", err.(request.ErrInvalidParams))
-		}
-	}
-	if s.Metrics != nil {
-		if err := s.Metrics.Validate(); err != nil {
-			invalidParams.AddNested("Metrics", err.(request.ErrInvalidParams))
-		}
-	}
-	if s.ReplicationTime != nil {
-		if err := s.ReplicationTime.Validate(); err != nil {
-			invalidParams.AddNested("ReplicationTime", err.(request.ErrInvalidParams))
-		}
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetAccessControlTranslation sets the AccessControlTranslation field's value.
-func (s *Destination) SetAccessControlTranslation(v *AccessControlTranslation) *Destination {
-	s.AccessControlTranslation = v
-	return s
-}
-
-// SetAccount sets the Account field's value.
-func (s *Destination) SetAccount(v string) *Destination {
-	s.Account = &v
-	return s
-}
-
-// SetBucket sets the Bucket field's value.
-func (s *Destination) SetBucket(v string) *Destination {
-	s.Bucket = &v
-	return s
-}
-
-func (s *Destination) getBucket() (v string) {
-	if s.Bucket == nil {
-		return v
-	}
-	return *s.Bucket
-}
-
-// SetEncryptionConfiguration sets the EncryptionConfiguration field's value.
-func (s *Destination) SetEncryptionConfiguration(v *EncryptionConfiguration) *Destination {
-	s.EncryptionConfiguration = v
-	return s
-}
-
-// SetMetrics sets the Metrics field's value.
-func (s *Destination) SetMetrics(v *Metrics) *Destination {
-	s.Metrics = v
-	return s
-}
-
-// SetReplicationTime sets the ReplicationTime field's value.
-func (s *Destination) SetReplicationTime(v *ReplicationTime) *Destination {
-	s.ReplicationTime = v
-	return s
-}
-
-// SetStorageClass sets the StorageClass field's value.
-func (s *Destination) SetStorageClass(v string) *Destination {
-	s.StorageClass = &v
-	return s
-}
-
-// Contains the type of server-side encryption used.
-type Encryption struct {
-	_ struct{} `type:"structure"`
-
-	// The server-side encryption algorithm used when storing job results in Amazon
-	// S3 (for example, AES256, aws:kms).
-	//
-	// EncryptionType is a required field
-	EncryptionType *string `type:"string" required:"true" enum:"ServerSideEncryption"`
-
-	// If the encryption type is aws:kms, this optional value can be used to specify
-	// the encryption context for the restore results.
-	KMSContext *string `type:"string"`
-
-	// If the encryption type is aws:kms, this optional value specifies the ID of
-	// the symmetric encryption customer managed key to use for encryption of job
-	// results. Amazon S3 only supports symmetric encryption KMS keys. For more
-	// information, see Asymmetric keys in KMS (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html)
-	// in the Amazon Web Services Key Management Service Developer Guide.
-	//
-	// KMSKeyId is a sensitive parameter and its value will be
-	// replaced with "sensitive" in string returned by Encryption's
-	// String and GoString methods.
-	KMSKeyId *string `type:"string" sensitive:"true"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s Encryption) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s Encryption) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *Encryption) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "Encryption"}
-	if s.EncryptionType == nil {
-		invalidParams.Add(request.NewErrParamRequired("EncryptionType"))
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetEncryptionType sets the EncryptionType field's value.
-func (s *Encryption) SetEncryptionType(v string) *Encryption {
-	s.EncryptionType = &v
-	return s
-}
-
-// SetKMSContext sets the KMSContext field's value.
-func (s *Encryption) SetKMSContext(v string) *Encryption {
-	s.KMSContext = &v
-	return s
-}
-
-// SetKMSKeyId sets the KMSKeyId field's value.
-func (s *Encryption) SetKMSKeyId(v string) *Encryption {
-	s.KMSKeyId = &v
-	return s
-}
-
-// Specifies encryption-related information for an Amazon S3 bucket that is
-// a destination for replicated objects.
-type EncryptionConfiguration struct {
-	_ struct{} `type:"structure"`
-
-	// Specifies the ID (Key ARN or Alias ARN) of the customer managed Amazon Web
-	// Services KMS key stored in Amazon Web Services Key Management Service (KMS)
-	// for the destination bucket. Amazon S3 uses this key to encrypt replica objects.
-	// Amazon S3 only supports symmetric encryption KMS keys. For more information,
-	// see Asymmetric keys in Amazon Web Services KMS (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html)
-	// in the Amazon Web Services Key Management Service Developer Guide.
-	ReplicaKmsKeyID *string `type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s EncryptionConfiguration) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s EncryptionConfiguration) GoString() string {
-	return s.String()
-}
-
-// SetReplicaKmsKeyID sets the ReplicaKmsKeyID field's value.
-func (s *EncryptionConfiguration) SetReplicaKmsKeyID(v string) *EncryptionConfiguration {
-	s.ReplicaKmsKeyID = &v
-	return s
-}
-
-// A message that indicates the request is complete and no more messages will
-// be sent. You should not assume that the request is complete until the client
-// receives an EndEvent.
-type EndEvent struct {
-	_ struct{} `locationName:"EndEvent" type:"structure"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s EndEvent) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s EndEvent) GoString() string {
-	return s.String()
-}
-
-// The EndEvent is and event in the SelectObjectContentEventStream group of events.
-func (s *EndEvent) eventSelectObjectContentEventStream() {}
-
-// UnmarshalEvent unmarshals the EventStream Message into the EndEvent value.
-// This method is only used internally within the SDK's EventStream handling.
-func (s *EndEvent) UnmarshalEvent(
-	payloadUnmarshaler protocol.PayloadUnmarshaler,
-	msg eventstream.Message,
-) error {
-	return nil
-}
-
-// MarshalEvent marshals the type into an stream event value. This method
-// should only used internally within the SDK's EventStream handling.
-func (s *EndEvent) MarshalEvent(pm protocol.PayloadMarshaler) (msg eventstream.Message, err error) {
-	msg.Headers.Set(eventstreamapi.MessageTypeHeader, eventstream.StringValue(eventstreamapi.EventMessageType))
-	return msg, err
-}
-
-// Container for all error elements.
-type Error struct {
-	_ struct{} `type:"structure"`
-
-	// The error code is a string that uniquely identifies an error condition. It
-	// is meant to be read and understood by programs that detect and handle errors
-	// by type. The following is a list of Amazon S3 error codes. For more information,
-	// see Error responses (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html).
-	//
-	//    * Code: AccessDenied Description: Access Denied HTTP Status Code: 403
-	//    Forbidden SOAP Fault Code Prefix: Client
-	//
-	//    * Code: AccountProblem Description: There is a problem with your Amazon
-	//    Web Services account that prevents the action from completing successfully.
-	//    Contact Amazon Web Services Support for further assistance. HTTP Status
-	//    Code: 403 Forbidden SOAP Fault Code Prefix: Client
-	//
-	//    * Code: AllAccessDisabled Description: All access to this Amazon S3 resource
-	//    has been disabled. Contact Amazon Web Services Support for further assistance.
-	//    HTTP Status Code: 403 Forbidden SOAP Fault Code Prefix: Client
-	//
-	//    * Code: AmbiguousGrantByEmailAddress Description: The email address you
-	//    provided is associated with more than one account. HTTP Status Code: 400
-	//    Bad Request SOAP Fault Code Prefix: Client
-	//
-	//    * Code: AuthorizationHeaderMalformed Description: The authorization header
-	//    you provided is invalid. HTTP Status Code: 400 Bad Request HTTP Status
-	//    Code: N/A
-	//
-	//    * Code: BadDigest Description: The Content-MD5 you specified did not match
-	//    what we received. HTTP Status Code: 400 Bad Request SOAP Fault Code Prefix:
-	//    Client
-	//
-	//    * Code: BucketAlreadyExists Description: The requested bucket name is
-	//    not available. The bucket namespace is shared by all users of the system.
-	//    Please select a different name and try again. HTTP Status Code: 409 Conflict
-	//    SOAP Fault Code Prefix: Client
-	//
-	//    * Code: BucketAlreadyOwnedByYou Description: The bucket you tried to create
-	//    already exists, and you own it. Amazon S3 returns this error in all Amazon
-	//    Web Services Regions except in the North Virginia Region. For legacy compatibility,
-	//    if you re-create an existing bucket that you already own in the North
-	//    Virginia Region, Amazon S3 returns 200 OK and resets the bucket access
-	//    control lists (ACLs). Code: 409 Conflict (in all Regions except the North
-	//    Virginia Region) SOAP Fault Code Prefix: Client
-	//
-	//    * Code: BucketNotEmpty Description: The bucket you tried to delete is
-	//    not empty. HTTP Status Code: 409 Conflict SOAP Fault Code Prefix: Client
-	//
-	//    * Code: CredentialsNotSupported Description: This request does not support
-	//    credentials. HTTP Status Code: 400 Bad Request SOAP Fault Code Prefix:
-	//    Client
-	//
-	//    * Code: CrossLocationLoggingProhibited Description: Cross-location logging
-	//    not allowed. Buckets in one geographic location cannot log information
-	//    to a bucket in another location. HTTP Status Code: 403 Forbidden SOAP
-	//    Fault Code Prefix: Client
-	//
-	//    * Code: EntityTooSmall Description: Your proposed upload is smaller than
-	//    the minimum allowed object size. HTTP Status Code: 400 Bad Request SOAP
-	//    Fault Code Prefix: Client
-	//
-	//    * Code: EntityTooLarge Description: Your proposed upload exceeds the maximum
-	//    allowed object size. HTTP Status Code: 400 Bad Request SOAP Fault Code
-	//    Prefix: Client
-	//
-	//    * Code: ExpiredToken Description: The provided token has expired. HTTP
-	//    Status Code: 400 Bad Request SOAP Fault Code Prefix: Client
-	//
-	//    * Code: IllegalVersioningConfigurationException Description: Indicates
-	//    that the versioning configuration specified in the request is invalid.
-	//    HTTP Status Code: 400 Bad Request SOAP Fault Code Prefix: Client
-	//
-	//    * Code: IncompleteBody Description: You did not provide the number of
-	//    bytes specified by the Content-Length HTTP header HTTP Status Code: 400
-	//    Bad Request SOAP Fault Code Prefix: Client
-	//
-	//    * Code: IncorrectNumberOfFilesInPostRequest Description: POST requires
-	//    exactly one file upload per request. HTTP Status Code: 400 Bad Request
-	//    SOAP Fault Code Prefix: Client
-	//
-	//    * Code: InlineDataTooLarge Description: Inline data exceeds the maximum
-	//    allowed size. HTTP Status Code: 400 Bad Request SOAP Fault Code Prefix:
-	//    Client
-	//
-	//    * Code: InternalError Description: We encountered an internal error. Please
-	//    try again. HTTP Status Code: 500 Internal Server Error SOAP Fault Code
-	//    Prefix: Server
-	//
-	//    * Code: InvalidAccessKeyId Description: The Amazon Web Services access
-	//    key ID you provided does not exist in our records. HTTP Status Code: 403
-	//    Forbidden SOAP Fault Code Prefix: Client
-	//
-	//    * Code: InvalidAddressingHeader Description: You must specify the Anonymous
-	//    role. HTTP Status Code: N/A SOAP Fault Code Prefix: Client
-	//
-	//    * Code: InvalidArgument Description: Invalid Argument HTTP Status Code:
-	//    400 Bad Request SOAP Fault Code Prefix: Client
-	//
-	//    * Code: InvalidBucketName Description: The specified bucket is not valid.
-	//    HTTP Status Code: 400 Bad Request SOAP Fault Code Prefix: Client
-	//
-	//    * Code: InvalidBucketState Description: The request is not valid with
-	//    the current state of the bucket. HTTP Status Code: 409 Conflict SOAP Fault
-	//    Code Prefix: Client
-	//
-	//    * Code: InvalidDigest Description: The Content-MD5 you specified is not
-	//    valid. HTTP Status Code: 400 Bad Request SOAP Fault Code Prefix: Client
-	//
-	//    * Code: InvalidEncryptionAlgorithmError Description: The encryption request
-	//    you specified is not valid. The valid value is AES256. HTTP Status Code:
-	//    400 Bad Request SOAP Fault Code Prefix: Client
-	//
-	//    * Code: InvalidLocationConstraint Description: The specified location
-	//    constraint is not valid. For more information about Regions, see How to
-	//    Select a Region for Your Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingBucket.html#access-bucket-intro).
-	//    HTTP Status Code: 400 Bad Request SOAP Fault Code Prefix: Client
-	//
-	//    * Code: InvalidObjectState Description: The action is not valid for the
-	//    current state of the object. HTTP Status Code: 403 Forbidden SOAP Fault
-	//    Code Prefix: Client
-	//
-	//    * Code: InvalidPart Description: One or more of the specified parts could
-	//    not be found. The part might not have been uploaded, or the specified
-	//    entity tag might not have matched the part's entity tag. HTTP Status Code:
-	//    400 Bad Request SOAP Fault Code Prefix: Client
-	//
-	//    * Code: InvalidPartOrder Description: The list of parts was not in ascending
-	//    order. Parts list must be specified in order by part number. HTTP Status
-	//    Code: 400 Bad Request SOAP Fault Code Prefix: Client
-	//
-	//    * Code: InvalidPayer Description: All access to this object has been disabled.
-	//    Please contact Amazon Web Services Support for further assistance. HTTP
-	//    Status Code: 403 Forbidden SOAP Fault Code Prefix: Client
-	//
-	//    * Code: InvalidPolicyDocument Description: The content of the form does
-	//    not meet the conditions specified in the policy document. HTTP Status
-	//    Code: 400 Bad Request SOAP Fault Code Prefix: Client
-	//
-	//    * Code: InvalidRange Description: The requested range cannot be satisfied.
-	//    HTTP Status Code: 416 Requested Range Not Satisfiable SOAP Fault Code
-	//    Prefix: Client
-	//
-	//    * Code: InvalidRequest Description: Please use AWS4-HMAC-SHA256. HTTP
-	//    Status Code: 400 Bad Request Code: N/A
-	//
-	//    * Code: InvalidRequest Description: SOAP requests must be made over an
-	//    HTTPS connection. HTTP Status Code: 400 Bad Request SOAP Fault Code Prefix:
-	//    Client
-	//
-	//    * Code: InvalidRequest Description: Amazon S3 Transfer Acceleration is
-	//    not supported for buckets with non-DNS compliant names. HTTP Status Code:
-	//    400 Bad Request Code: N/A
-	//
-	//    * Code: InvalidRequest Description: Amazon S3 Transfer Acceleration is
-	//    not supported for buckets with periods (.) in their names. HTTP Status
-	//    Code: 400 Bad Request Code: N/A
-	//
-	//    * Code: InvalidRequest Description: Amazon S3 Transfer Accelerate endpoint
-	//    only supports virtual style requests. HTTP Status Code: 400 Bad Request
-	//    Code: N/A
-	//
-	//    * Code: InvalidRequest Description: Amazon S3 Transfer Accelerate is not
-	//    configured on this bucket. HTTP Status Code: 400 Bad Request Code: N/A
-	//
-	//    * Code: InvalidRequest Description: Amazon S3 Transfer Accelerate is disabled
-	//    on this bucket. HTTP Status Code: 400 Bad Request Code: N/A
-	//
-	//    * Code: InvalidRequest Description: Amazon S3 Transfer Acceleration is
-	//    not supported on this bucket. Contact Amazon Web Services Support for
-	//    more information. HTTP Status Code: 400 Bad Request Code: N/A
-	//
-	//    * Code: InvalidRequest Description: Amazon S3 Transfer Acceleration cannot
-	//    be enabled on this bucket. Contact Amazon Web Services Support for more
-	//    information. HTTP Status Code: 400 Bad Request Code: N/A
-	//
-	//    * Code: InvalidSecurity Description: The provided security credentials
-	//    are not valid. HTTP Status Code: 403 Forbidden SOAP Fault Code Prefix:
-	//    Client
-	//
-	//    * Code: InvalidSOAPRequest Description: The SOAP request body is invalid.
-	//    HTTP Status Code: 400 Bad Request SOAP Fault Code Prefix: Client
-	//
-	//    * Code: InvalidStorageClass Description: The storage class you specified
-	//    is not valid. HTTP Status Code: 400 Bad Request SOAP Fault Code Prefix:
-	//    Client
-	//
-	//    * Code: InvalidTargetBucketForLogging Description: The target bucket for
-	//    logging does not exist, is not owned by you, or does not have the appropriate
-	//    grants for the log-delivery group. HTTP Status Code: 400 Bad Request SOAP
-	//    Fault Code Prefix: Client
-	//
-	//    * Code: InvalidToken Description: The provided token is malformed or otherwise
-	//    invalid. HTTP Status Code: 400 Bad Request SOAP Fault Code Prefix: Client
-	//
-	//    * Code: InvalidURI Description: Couldn't parse the specified URI. HTTP
-	//    Status Code: 400 Bad Request SOAP Fault Code Prefix: Client
-	//
-	//    * Code: KeyTooLongError Description: Your key is too long. HTTP Status
-	//    Code: 400 Bad Request SOAP Fault Code Prefix: Client
-	//
-	//    * Code: MalformedACLError Description: The XML you provided was not well-formed
-	//    or did not validate against our published schema. HTTP Status Code: 400
-	//    Bad Request SOAP Fault Code Prefix: Client
-	//
-	//    * Code: MalformedPOSTRequest Description: The body of your POST request
-	//    is not well-formed multipart/form-data. HTTP Status Code: 400 Bad Request
-	//    SOAP Fault Code Prefix: Client
-	//
-	//    * Code: MalformedXML Description: This happens when the user sends malformed
-	//    XML (XML that doesn't conform to the published XSD) for the configuration.
-	//    The error message is, "The XML you provided was not well-formed or did
-	//    not validate against our published schema." HTTP Status Code: 400 Bad
-	//    Request SOAP Fault Code Prefix: Client
-	//
-	//    * Code: MaxMessageLengthExceeded Description: Your request was too big.
-	//    HTTP Status Code: 400 Bad Request SOAP Fault Code Prefix: Client
-	//
-	//    * Code: MaxPostPreDataLengthExceededError Description: Your POST request
-	//    fields preceding the upload file were too large. HTTP Status Code: 400
-	//    Bad Request SOAP Fault Code Prefix: Client
-	//
-	//    * Code: MetadataTooLarge Description: Your metadata headers exceed the
-	//    maximum allowed metadata size. HTTP Status Code: 400 Bad Request SOAP
-	//    Fault Code Prefix: Client
-	//
-	//    * Code: MethodNotAllowed Description: The specified method is not allowed
-	//    against this resource. HTTP Status Code: 405 Method Not Allowed SOAP Fault
-	//    Code Prefix: Client
-	//
-	//    * Code: MissingAttachment Description: A SOAP attachment was expected,
-	//    but none were found. HTTP Status Code: N/A SOAP Fault Code Prefix: Client
-	//
-	//    * Code: MissingContentLength Description: You must provide the Content-Length
-	//    HTTP header. HTTP Status Code: 411 Length Required SOAP Fault Code Prefix:
-	//    Client
-	//
-	//    * Code: MissingRequestBodyError Description: This happens when the user
-	//    sends an empty XML document as a request. The error message is, "Request
-	//    body is empty." HTTP Status Code: 400 Bad Request SOAP Fault Code Prefix:
-	//    Client
-	//
-	//    * Code: MissingSecurityElement Description: The SOAP 1.1 request is missing
-	//    a security element. HTTP Status Code: 400 Bad Request SOAP Fault Code
-	//    Prefix: Client
-	//
-	//    * Code: MissingSecurityHeader Description: Your request is missing a required
-	//    header. HTTP Status Code: 400 Bad Request SOAP Fault Code Prefix: Client
-	//
-	//    * Code: NoLoggingStatusForKey Description: There is no such thing as a
-	//    logging status subresource for a key. HTTP Status Code: 400 Bad Request
-	//    SOAP Fault Code Prefix: Client
-	//
-	//    * Code: NoSuchBucket Description: The specified bucket does not exist.
-	//    HTTP Status Code: 404 Not Found SOAP Fault Code Prefix: Client
-	//
-	//    * Code: NoSuchBucketPolicy Description: The specified bucket does not
-	//    have a bucket policy. HTTP Status Code: 404 Not Found SOAP Fault Code
-	//    Prefix: Client
-	//
-	//    * Code: NoSuchKey Description: The specified key does not exist. HTTP
-	//    Status Code: 404 Not Found SOAP Fault Code Prefix: Client
-	//
-	//    * Code: NoSuchLifecycleConfiguration Description: The lifecycle configuration
-	//    does not exist. HTTP Status Code: 404 Not Found SOAP Fault Code Prefix:
-	//    Client
-	//
-	//    * Code: NoSuchUpload Description: The specified multipart upload does
-	//    not exist. The upload ID might be invalid, or the multipart upload might
-	//    have been aborted or completed. HTTP Status Code: 404 Not Found SOAP Fault
-	//    Code Prefix: Client
-	//
-	//    * Code: NoSuchVersion Description: Indicates that the version ID specified
-	//    in the request does not match an existing version. HTTP Status Code: 404
-	//    Not Found SOAP Fault Code Prefix: Client
-	//
-	//    * Code: NotImplemented Description: A header you provided implies functionality
-	//    that is not implemented. HTTP Status Code: 501 Not Implemented SOAP Fault
-	//    Code Prefix: Server
-	//
-	//    * Code: NotSignedUp Description: Your account is not signed up for the
-	//    Amazon S3 service. You must sign up before you can use Amazon S3. You
-	//    can sign up at the following URL: Amazon S3 (http://aws.amazon.com/s3)
-	//    HTTP Status Code: 403 Forbidden SOAP Fault Code Prefix: Client
-	//
-	//    * Code: OperationAborted Description: A conflicting conditional action
-	//    is currently in progress against this resource. Try again. HTTP Status
-	//    Code: 409 Conflict SOAP Fault Code Prefix: Client
-	//
-	//    * Code: PermanentRedirect Description: The bucket you are attempting to
-	//    access must be addressed using the specified endpoint. Send all future
-	//    requests to this endpoint. HTTP Status Code: 301 Moved Permanently SOAP
-	//    Fault Code Prefix: Client
-	//
-	//    * Code: PreconditionFailed Description: At least one of the preconditions
-	//    you specified did not hold. HTTP Status Code: 412 Precondition Failed
-	//    SOAP Fault Code Prefix: Client
-	//
-	//    * Code: Redirect Description: Temporary redirect. HTTP Status Code: 307
-	//    Moved Temporarily SOAP Fault Code Prefix: Client
-	//
-	//    * Code: RestoreAlreadyInProgress Description: Object restore is already
-	//    in progress. HTTP Status Code: 409 Conflict SOAP Fault Code Prefix: Client
-	//
-	//    * Code: RequestIsNotMultiPartContent Description: Bucket POST must be
-	//    of the enclosure-type multipart/form-data. HTTP Status Code: 400 Bad Request
-	//    SOAP Fault Code Prefix: Client
-	//
-	//    * Code: RequestTimeout Description: Your socket connection to the server
-	//    was not read from or written to within the timeout period. HTTP Status
-	//    Code: 400 Bad Request SOAP Fault Code Prefix: Client
-	//
-	//    * Code: RequestTimeTooSkewed Description: The difference between the request
-	//    time and the server's time is too large. HTTP Status Code: 403 Forbidden
-	//    SOAP Fault Code Prefix: Client
-	//
-	//    * Code: RequestTorrentOfBucketError Description: Requesting the torrent
-	//    file of a bucket is not permitted. HTTP Status Code: 400 Bad Request SOAP
-	//    Fault Code Prefix: Client
-	//
-	//    * Code: SignatureDoesNotMatch Description: The request signature we calculated
-	//    does not match the signature you provided. Check your Amazon Web Services
-	//    secret access key and signing method. For more information, see REST Authentication
-	//    (https://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html)
-	//    and SOAP Authentication (https://docs.aws.amazon.com/AmazonS3/latest/dev/SOAPAuthentication.html)
-	//    for details. HTTP Status Code: 403 Forbidden SOAP Fault Code Prefix: Client
-	//
-	//    * Code: ServiceUnavailable Description: Service is unable to handle request.
-	//    HTTP Status Code: 503 Service Unavailable SOAP Fault Code Prefix: Server
-	//
-	//    * Code: SlowDown Description: Reduce your request rate. HTTP Status Code:
-	//    503 Slow Down SOAP Fault Code Prefix: Server
-	//
-	//    * Code: TemporaryRedirect Description: You are being redirected to the
-	//    bucket while DNS updates. HTTP Status Code: 307 Moved Temporarily SOAP
-	//    Fault Code Prefix: Client
-	//
-	//    * Code: TokenRefreshRequired Description: The provided token must be refreshed.
-	//    HTTP Status Code: 400 Bad Request SOAP Fault Code Prefix: Client
-	//
-	//    * Code: TooManyBuckets Description: You have attempted to create more
-	//    buckets than allowed. HTTP Status Code: 400 Bad Request SOAP Fault Code
-	//    Prefix: Client
-	//
-	//    * Code: UnexpectedContent Description: This request does not support content.
-	//    HTTP Status Code: 400 Bad Request SOAP Fault Code Prefix: Client
-	//
-	//    * Code: UnresolvableGrantByEmailAddress Description: The email address
-	//    you provided does not match any account on record. HTTP Status Code: 400
-	//    Bad Request SOAP Fault Code Prefix: Client
-	//
-	//    * Code: UserKeyMustBeSpecified Description: The bucket POST must contain
-	//    the specified field name. If it is specified, check the order of the fields.
-	//    HTTP Status Code: 400 Bad Request SOAP Fault Code Prefix: Client
-	Code *string `type:"string"`
-
-	// The error key.
-	Key *string `min:"1" type:"string"`
-
-	// The error message contains a generic description of the error condition in
-	// English. It is intended for a human audience. Simple programs display the
-	// message directly to the end user if they encounter an error condition they
-	// don't know how or don't care to handle. Sophisticated programs with more
-	// exhaustive error handling and proper internationalization are more likely
-	// to ignore the error message.
-	Message *string `type:"string"`
-
-	// The version ID of the error.
-	VersionId *string `type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s Error) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s Error) GoString() string {
-	return s.String()
-}
-
-// SetCode sets the Code field's value.
-func (s *Error) SetCode(v string) *Error {
-	s.Code = &v
-	return s
-}
-
-// SetKey sets the Key field's value.
-func (s *Error) SetKey(v string) *Error {
-	s.Key = &v
-	return s
-}
-
-// SetMessage sets the Message field's value.
-func (s *Error) SetMessage(v string) *Error {
-	s.Message = &v
-	return s
-}
-
-// SetVersionId sets the VersionId field's value.
-func (s *Error) SetVersionId(v string) *Error {
-	s.VersionId = &v
-	return s
-}
-
-// The error information.
-type ErrorDocument struct {
-	_ struct{} `type:"structure"`
-
-	// The object key name to use when a 4XX class error occurs.
-	//
-	// Replacement must be made for object keys containing special characters (such
-	// as carriage returns) when using XML requests. For more information, see XML
-	// related object key constraints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints).
-	//
-	// Key is a required field
-	Key *string `min:"1" type:"string" required:"true"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s ErrorDocument) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s ErrorDocument) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *ErrorDocument) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "ErrorDocument"}
-	if s.Key == nil {
-		invalidParams.Add(request.NewErrParamRequired("Key"))
-	}
-	if s.Key != nil && len(*s.Key) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Key", 1))
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetKey sets the Key field's value.
-func (s *ErrorDocument) SetKey(v string) *ErrorDocument {
-	s.Key = &v
-	return s
-}
-
-// A container for specifying the configuration for Amazon EventBridge.
-type EventBridgeConfiguration struct {
-	_ struct{} `type:"structure"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s EventBridgeConfiguration) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s EventBridgeConfiguration) GoString() string {
-	return s.String()
-}
-
-// Optional configuration to replicate existing source bucket objects. For more
-// information, see Replicating Existing Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-what-is-isnot-replicated.html#existing-object-replication)
-// in the Amazon S3 User Guide.
-type ExistingObjectReplication struct {
-	_ struct{} `type:"structure"`
-
-	// Specifies whether Amazon S3 replicates existing source bucket objects.
-	//
-	// Status is a required field
-	Status *string `type:"string" required:"true" enum:"ExistingObjectReplicationStatus"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s ExistingObjectReplication) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s ExistingObjectReplication) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *ExistingObjectReplication) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "ExistingObjectReplication"}
-	if s.Status == nil {
-		invalidParams.Add(request.NewErrParamRequired("Status"))
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetStatus sets the Status field's value.
-func (s *ExistingObjectReplication) SetStatus(v string) *ExistingObjectReplication {
-	s.Status = &v
-	return s
-}
-
-// Specifies the Amazon S3 object key name to filter on and whether to filter
-// on the suffix or prefix of the key name.
-type FilterRule struct {
-	_ struct{} `type:"structure"`
-
-	// The object key name prefix or suffix identifying one or more objects to which
-	// the filtering rule applies. The maximum length is 1,024 characters. Overlapping
-	// prefixes and suffixes are not supported. For more information, see Configuring
-	// Event Notifications (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html)
-	// in the Amazon S3 User Guide.
-	Name *string `type:"string" enum:"FilterRuleName"`
-
-	// The value that the filter searches for in object key names.
-	Value *string `type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s FilterRule) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s FilterRule) GoString() string {
-	return s.String()
-}
-
-// SetName sets the Name field's value.
-func (s *FilterRule) SetName(v string) *FilterRule {
-	s.Name = &v
-	return s
-}
-
-// SetValue sets the Value field's value.
-func (s *FilterRule) SetValue(v string) *FilterRule {
-	s.Value = &v
-	return s
-}
-
-type GetBucketAccelerateConfigurationInput struct {
-	_ struct{} `locationName:"GetBucketAccelerateConfigurationRequest" type:"structure"`
-
-	// The name of the bucket for which the accelerate configuration is retrieved.
-	//
-	// Bucket is a required field
-	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
-
-	// The account ID of the expected bucket owner. If the bucket is owned by a
-	// different account, the request fails with the HTTP status code 403 Forbidden
-	// (access denied).
-	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
-
-	// Confirms that the requester knows that they will be charged for the request.
-	// Bucket owners need not specify this parameter in their requests. For information
-	// about downloading objects from Requester Pays buckets, see Downloading Objects
-	// in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
-	// in the Amazon S3 User Guide.
-	RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetBucketAccelerateConfigurationInput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetBucketAccelerateConfigurationInput) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *GetBucketAccelerateConfigurationInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "GetBucketAccelerateConfigurationInput"}
-	if s.Bucket == nil {
-		invalidParams.Add(request.NewErrParamRequired("Bucket"))
-	}
-	if s.Bucket != nil && len(*s.Bucket) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetBucket sets the Bucket field's value.
-func (s *GetBucketAccelerateConfigurationInput) SetBucket(v string) *GetBucketAccelerateConfigurationInput {
-	s.Bucket = &v
-	return s
-}
-
-func (s *GetBucketAccelerateConfigurationInput) getBucket() (v string) {
-	if s.Bucket == nil {
-		return v
-	}
-	return *s.Bucket
-}
-
-// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
-func (s *GetBucketAccelerateConfigurationInput) SetExpectedBucketOwner(v string) *GetBucketAccelerateConfigurationInput {
-	s.ExpectedBucketOwner = &v
-	return s
-}
-
-// SetRequestPayer sets the RequestPayer field's value.
-func (s *GetBucketAccelerateConfigurationInput) SetRequestPayer(v string) *GetBucketAccelerateConfigurationInput {
-	s.RequestPayer = &v
-	return s
-}
-
-func (s *GetBucketAccelerateConfigurationInput) getEndpointARN() (arn.Resource, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	return parseEndpointARN(*s.Bucket)
-}
-
-func (s *GetBucketAccelerateConfigurationInput) hasEndpointARN() bool {
-	if s.Bucket == nil {
-		return false
-	}
-	return arn.IsARN(*s.Bucket)
-}
-
-// updateArnableField updates the value of the input field that
-// takes an ARN as an input. This method is useful to backfill
-// the parsed resource name from ARN into the input member.
-// It returns a pointer to a modified copy of input and an error.
-// Note that original input is not modified.
-func (s GetBucketAccelerateConfigurationInput) updateArnableField(v string) (interface{}, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	s.Bucket = aws.String(v)
-	return &s, nil
-}
-
-type GetBucketAccelerateConfigurationOutput struct {
-	_ struct{} `type:"structure"`
-
-	// If present, indicates that the requester was successfully charged for the
-	// request.
-	RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"`
-
-	// The accelerate configuration of the bucket.
-	Status *string `type:"string" enum:"BucketAccelerateStatus"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetBucketAccelerateConfigurationOutput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetBucketAccelerateConfigurationOutput) GoString() string {
-	return s.String()
-}
-
-// SetRequestCharged sets the RequestCharged field's value.
-func (s *GetBucketAccelerateConfigurationOutput) SetRequestCharged(v string) *GetBucketAccelerateConfigurationOutput {
-	s.RequestCharged = &v
-	return s
-}
-
-// SetStatus sets the Status field's value.
-func (s *GetBucketAccelerateConfigurationOutput) SetStatus(v string) *GetBucketAccelerateConfigurationOutput {
-	s.Status = &v
-	return s
-}
-
-type GetBucketAclInput struct {
-	_ struct{} `locationName:"GetBucketAclRequest" type:"structure"`
-
-	// Specifies the S3 bucket whose ACL is being requested.
-	//
-	// To use this API operation against an access point, provide the alias of the
-	// access point in place of the bucket name.
-	//
-	// To use this API operation against an Object Lambda access point, provide
-	// the alias of the Object Lambda access point in place of the bucket name.
-	// If the Object Lambda access point alias in a request is not valid, the error
-	// code InvalidAccessPointAliasError is returned. For more information about
-	// InvalidAccessPointAliasError, see List of Error Codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList).
-	//
-	// Bucket is a required field
-	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
-
-	// The account ID of the expected bucket owner. If the bucket is owned by a
-	// different account, the request fails with the HTTP status code 403 Forbidden
-	// (access denied).
-	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetBucketAclInput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetBucketAclInput) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *GetBucketAclInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "GetBucketAclInput"}
-	if s.Bucket == nil {
-		invalidParams.Add(request.NewErrParamRequired("Bucket"))
-	}
-	if s.Bucket != nil && len(*s.Bucket) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetBucket sets the Bucket field's value.
-func (s *GetBucketAclInput) SetBucket(v string) *GetBucketAclInput {
-	s.Bucket = &v
-	return s
-}
-
-func (s *GetBucketAclInput) getBucket() (v string) {
-	if s.Bucket == nil {
-		return v
-	}
-	return *s.Bucket
-}
-
-// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
-func (s *GetBucketAclInput) SetExpectedBucketOwner(v string) *GetBucketAclInput {
-	s.ExpectedBucketOwner = &v
-	return s
-}
-
-func (s *GetBucketAclInput) getEndpointARN() (arn.Resource, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	return parseEndpointARN(*s.Bucket)
-}
-
-func (s *GetBucketAclInput) hasEndpointARN() bool {
-	if s.Bucket == nil {
-		return false
-	}
-	return arn.IsARN(*s.Bucket)
-}
-
-// updateArnableField updates the value of the input field that
-// takes an ARN as an input. This method is useful to backfill
-// the parsed resource name from ARN into the input member.
-// It returns a pointer to a modified copy of input and an error.
-// Note that original input is not modified.
-func (s GetBucketAclInput) updateArnableField(v string) (interface{}, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	s.Bucket = aws.String(v)
-	return &s, nil
-}
-
-type GetBucketAclOutput struct {
-	_ struct{} `type:"structure"`
-
-	// A list of grants.
-	Grants []*Grant `locationName:"AccessControlList" locationNameList:"Grant" type:"list"`
-
-	// Container for the bucket owner's display name and ID.
-	Owner *Owner `type:"structure"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetBucketAclOutput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetBucketAclOutput) GoString() string {
-	return s.String()
-}
-
-// SetGrants sets the Grants field's value.
-func (s *GetBucketAclOutput) SetGrants(v []*Grant) *GetBucketAclOutput {
-	s.Grants = v
-	return s
-}
-
-// SetOwner sets the Owner field's value.
-func (s *GetBucketAclOutput) SetOwner(v *Owner) *GetBucketAclOutput {
-	s.Owner = v
-	return s
-}
-
-type GetBucketAnalyticsConfigurationInput struct {
-	_ struct{} `locationName:"GetBucketAnalyticsConfigurationRequest" type:"structure"`
-
-	// The name of the bucket from which an analytics configuration is retrieved.
-	//
-	// Bucket is a required field
-	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
-
-	// The account ID of the expected bucket owner. If the bucket is owned by a
-	// different account, the request fails with the HTTP status code 403 Forbidden
-	// (access denied).
-	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
-
-	// The ID that identifies the analytics configuration.
-	//
-	// Id is a required field
-	Id *string `location:"querystring" locationName:"id" type:"string" required:"true"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetBucketAnalyticsConfigurationInput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetBucketAnalyticsConfigurationInput) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *GetBucketAnalyticsConfigurationInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "GetBucketAnalyticsConfigurationInput"}
-	if s.Bucket == nil {
-		invalidParams.Add(request.NewErrParamRequired("Bucket"))
-	}
-	if s.Bucket != nil && len(*s.Bucket) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
-	}
-	if s.Id == nil {
-		invalidParams.Add(request.NewErrParamRequired("Id"))
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetBucket sets the Bucket field's value.
-func (s *GetBucketAnalyticsConfigurationInput) SetBucket(v string) *GetBucketAnalyticsConfigurationInput {
-	s.Bucket = &v
-	return s
-}
-
-func (s *GetBucketAnalyticsConfigurationInput) getBucket() (v string) {
-	if s.Bucket == nil {
-		return v
-	}
-	return *s.Bucket
-}
-
-// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
-func (s *GetBucketAnalyticsConfigurationInput) SetExpectedBucketOwner(v string) *GetBucketAnalyticsConfigurationInput {
-	s.ExpectedBucketOwner = &v
-	return s
-}
-
-// SetId sets the Id field's value.
-func (s *GetBucketAnalyticsConfigurationInput) SetId(v string) *GetBucketAnalyticsConfigurationInput {
-	s.Id = &v
-	return s
-}
-
-func (s *GetBucketAnalyticsConfigurationInput) getEndpointARN() (arn.Resource, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	return parseEndpointARN(*s.Bucket)
-}
-
-func (s *GetBucketAnalyticsConfigurationInput) hasEndpointARN() bool {
-	if s.Bucket == nil {
-		return false
-	}
-	return arn.IsARN(*s.Bucket)
-}
-
-// updateArnableField updates the value of the input field that
-// takes an ARN as an input. This method is useful to backfill
-// the parsed resource name from ARN into the input member.
-// It returns a pointer to a modified copy of input and an error.
-// Note that original input is not modified.
-func (s GetBucketAnalyticsConfigurationInput) updateArnableField(v string) (interface{}, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	s.Bucket = aws.String(v)
-	return &s, nil
-}
-
-type GetBucketAnalyticsConfigurationOutput struct {
-	_ struct{} `type:"structure" payload:"AnalyticsConfiguration"`
-
-	// The configuration and any analyses for the analytics filter.
-	AnalyticsConfiguration *AnalyticsConfiguration `type:"structure"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetBucketAnalyticsConfigurationOutput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetBucketAnalyticsConfigurationOutput) GoString() string {
-	return s.String()
-}
-
-// SetAnalyticsConfiguration sets the AnalyticsConfiguration field's value.
-func (s *GetBucketAnalyticsConfigurationOutput) SetAnalyticsConfiguration(v *AnalyticsConfiguration) *GetBucketAnalyticsConfigurationOutput {
-	s.AnalyticsConfiguration = v
-	return s
-}
-
-type GetBucketCorsInput struct {
-	_ struct{} `locationName:"GetBucketCorsRequest" type:"structure"`
-
-	// The bucket name for which to get the cors configuration.
-	//
-	// To use this API operation against an access point, provide the alias of the
-	// access point in place of the bucket name.
-	//
-	// To use this API operation against an Object Lambda access point, provide
-	// the alias of the Object Lambda access point in place of the bucket name.
-	// If the Object Lambda access point alias in a request is not valid, the error
-	// code InvalidAccessPointAliasError is returned. For more information about
-	// InvalidAccessPointAliasError, see List of Error Codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList).
-	//
-	// Bucket is a required field
-	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
-
-	// The account ID of the expected bucket owner. If the bucket is owned by a
-	// different account, the request fails with the HTTP status code 403 Forbidden
-	// (access denied).
-	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetBucketCorsInput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetBucketCorsInput) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *GetBucketCorsInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "GetBucketCorsInput"}
-	if s.Bucket == nil {
-		invalidParams.Add(request.NewErrParamRequired("Bucket"))
-	}
-	if s.Bucket != nil && len(*s.Bucket) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetBucket sets the Bucket field's value.
-func (s *GetBucketCorsInput) SetBucket(v string) *GetBucketCorsInput {
-	s.Bucket = &v
-	return s
-}
-
-func (s *GetBucketCorsInput) getBucket() (v string) {
-	if s.Bucket == nil {
-		return v
-	}
-	return *s.Bucket
-}
-
-// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
-func (s *GetBucketCorsInput) SetExpectedBucketOwner(v string) *GetBucketCorsInput {
-	s.ExpectedBucketOwner = &v
-	return s
-}
-
-func (s *GetBucketCorsInput) getEndpointARN() (arn.Resource, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	return parseEndpointARN(*s.Bucket)
-}
-
-func (s *GetBucketCorsInput) hasEndpointARN() bool {
-	if s.Bucket == nil {
-		return false
-	}
-	return arn.IsARN(*s.Bucket)
-}
-
-// updateArnableField updates the value of the input field that
-// takes an ARN as an input. This method is useful to backfill
-// the parsed resource name from ARN into the input member.
-// It returns a pointer to a modified copy of input and an error.
-// Note that original input is not modified.
-func (s GetBucketCorsInput) updateArnableField(v string) (interface{}, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	s.Bucket = aws.String(v)
-	return &s, nil
-}
-
-type GetBucketCorsOutput struct {
-	_ struct{} `type:"structure"`
-
-	// A set of origins and methods (cross-origin access that you want to allow).
-	// You can add up to 100 rules to the configuration.
-	CORSRules []*CORSRule `locationName:"CORSRule" type:"list" flattened:"true"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetBucketCorsOutput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetBucketCorsOutput) GoString() string {
-	return s.String()
-}
-
-// SetCORSRules sets the CORSRules field's value.
-func (s *GetBucketCorsOutput) SetCORSRules(v []*CORSRule) *GetBucketCorsOutput {
-	s.CORSRules = v
-	return s
-}
-
-type GetBucketEncryptionInput struct {
-	_ struct{} `locationName:"GetBucketEncryptionRequest" type:"structure"`
-
-	// The name of the bucket from which the server-side encryption configuration
-	// is retrieved.
-	//
-	// Bucket is a required field
-	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
-
-	// The account ID of the expected bucket owner. If the bucket is owned by a
-	// different account, the request fails with the HTTP status code 403 Forbidden
-	// (access denied).
-	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetBucketEncryptionInput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetBucketEncryptionInput) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *GetBucketEncryptionInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "GetBucketEncryptionInput"}
-	if s.Bucket == nil {
-		invalidParams.Add(request.NewErrParamRequired("Bucket"))
-	}
-	if s.Bucket != nil && len(*s.Bucket) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetBucket sets the Bucket field's value.
-func (s *GetBucketEncryptionInput) SetBucket(v string) *GetBucketEncryptionInput {
-	s.Bucket = &v
-	return s
-}
-
-func (s *GetBucketEncryptionInput) getBucket() (v string) {
-	if s.Bucket == nil {
-		return v
-	}
-	return *s.Bucket
-}
-
-// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
-func (s *GetBucketEncryptionInput) SetExpectedBucketOwner(v string) *GetBucketEncryptionInput {
-	s.ExpectedBucketOwner = &v
-	return s
-}
-
-func (s *GetBucketEncryptionInput) getEndpointARN() (arn.Resource, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	return parseEndpointARN(*s.Bucket)
-}
-
-func (s *GetBucketEncryptionInput) hasEndpointARN() bool {
-	if s.Bucket == nil {
-		return false
-	}
-	return arn.IsARN(*s.Bucket)
-}
-
-// updateArnableField updates the value of the input field that
-// takes an ARN as an input. This method is useful to backfill
-// the parsed resource name from ARN into the input member.
-// It returns a pointer to a modified copy of input and an error.
-// Note that original input is not modified.
-func (s GetBucketEncryptionInput) updateArnableField(v string) (interface{}, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	s.Bucket = aws.String(v)
-	return &s, nil
-}
-
-type GetBucketEncryptionOutput struct {
-	_ struct{} `type:"structure" payload:"ServerSideEncryptionConfiguration"`
-
-	// Specifies the default server-side-encryption configuration.
-	ServerSideEncryptionConfiguration *ServerSideEncryptionConfiguration `type:"structure"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetBucketEncryptionOutput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetBucketEncryptionOutput) GoString() string {
-	return s.String()
-}
-
-// SetServerSideEncryptionConfiguration sets the ServerSideEncryptionConfiguration field's value.
-func (s *GetBucketEncryptionOutput) SetServerSideEncryptionConfiguration(v *ServerSideEncryptionConfiguration) *GetBucketEncryptionOutput {
-	s.ServerSideEncryptionConfiguration = v
-	return s
-}
-
-type GetBucketIntelligentTieringConfigurationInput struct {
-	_ struct{} `locationName:"GetBucketIntelligentTieringConfigurationRequest" type:"structure"`
-
-	// The name of the Amazon S3 bucket whose configuration you want to modify or
-	// retrieve.
-	//
-	// Bucket is a required field
-	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
-
-	// The ID used to identify the S3 Intelligent-Tiering configuration.
-	//
-	// Id is a required field
-	Id *string `location:"querystring" locationName:"id" type:"string" required:"true"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetBucketIntelligentTieringConfigurationInput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetBucketIntelligentTieringConfigurationInput) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *GetBucketIntelligentTieringConfigurationInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "GetBucketIntelligentTieringConfigurationInput"}
-	if s.Bucket == nil {
-		invalidParams.Add(request.NewErrParamRequired("Bucket"))
-	}
-	if s.Bucket != nil && len(*s.Bucket) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
-	}
-	if s.Id == nil {
-		invalidParams.Add(request.NewErrParamRequired("Id"))
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetBucket sets the Bucket field's value.
-func (s *GetBucketIntelligentTieringConfigurationInput) SetBucket(v string) *GetBucketIntelligentTieringConfigurationInput {
-	s.Bucket = &v
-	return s
-}
-
-func (s *GetBucketIntelligentTieringConfigurationInput) getBucket() (v string) {
-	if s.Bucket == nil {
-		return v
-	}
-	return *s.Bucket
-}
-
-// SetId sets the Id field's value.
-func (s *GetBucketIntelligentTieringConfigurationInput) SetId(v string) *GetBucketIntelligentTieringConfigurationInput {
-	s.Id = &v
-	return s
-}
-
-func (s *GetBucketIntelligentTieringConfigurationInput) getEndpointARN() (arn.Resource, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	return parseEndpointARN(*s.Bucket)
-}
-
-func (s *GetBucketIntelligentTieringConfigurationInput) hasEndpointARN() bool {
-	if s.Bucket == nil {
-		return false
-	}
-	return arn.IsARN(*s.Bucket)
-}
-
-// updateArnableField updates the value of the input field that
-// takes an ARN as an input. This method is useful to backfill
-// the parsed resource name from ARN into the input member.
-// It returns a pointer to a modified copy of input and an error.
-// Note that original input is not modified.
-func (s GetBucketIntelligentTieringConfigurationInput) updateArnableField(v string) (interface{}, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	s.Bucket = aws.String(v)
-	return &s, nil
-}
-
-type GetBucketIntelligentTieringConfigurationOutput struct {
-	_ struct{} `type:"structure" payload:"IntelligentTieringConfiguration"`
-
-	// Container for S3 Intelligent-Tiering configuration.
-	IntelligentTieringConfiguration *IntelligentTieringConfiguration `type:"structure"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetBucketIntelligentTieringConfigurationOutput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetBucketIntelligentTieringConfigurationOutput) GoString() string {
-	return s.String()
-}
-
-// SetIntelligentTieringConfiguration sets the IntelligentTieringConfiguration field's value.
-func (s *GetBucketIntelligentTieringConfigurationOutput) SetIntelligentTieringConfiguration(v *IntelligentTieringConfiguration) *GetBucketIntelligentTieringConfigurationOutput {
-	s.IntelligentTieringConfiguration = v
-	return s
-}
-
-type GetBucketInventoryConfigurationInput struct {
-	_ struct{} `locationName:"GetBucketInventoryConfigurationRequest" type:"structure"`
-
-	// The name of the bucket containing the inventory configuration to retrieve.
-	//
-	// Bucket is a required field
-	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
-
-	// The account ID of the expected bucket owner. If the bucket is owned by a
-	// different account, the request fails with the HTTP status code 403 Forbidden
-	// (access denied).
-	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
-
-	// The ID used to identify the inventory configuration.
-	//
-	// Id is a required field
-	Id *string `location:"querystring" locationName:"id" type:"string" required:"true"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetBucketInventoryConfigurationInput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetBucketInventoryConfigurationInput) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *GetBucketInventoryConfigurationInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "GetBucketInventoryConfigurationInput"}
-	if s.Bucket == nil {
-		invalidParams.Add(request.NewErrParamRequired("Bucket"))
-	}
-	if s.Bucket != nil && len(*s.Bucket) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
-	}
-	if s.Id == nil {
-		invalidParams.Add(request.NewErrParamRequired("Id"))
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetBucket sets the Bucket field's value.
-func (s *GetBucketInventoryConfigurationInput) SetBucket(v string) *GetBucketInventoryConfigurationInput {
-	s.Bucket = &v
-	return s
-}
-
-func (s *GetBucketInventoryConfigurationInput) getBucket() (v string) {
-	if s.Bucket == nil {
-		return v
-	}
-	return *s.Bucket
-}
-
-// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
-func (s *GetBucketInventoryConfigurationInput) SetExpectedBucketOwner(v string) *GetBucketInventoryConfigurationInput {
-	s.ExpectedBucketOwner = &v
-	return s
-}
-
-// SetId sets the Id field's value.
-func (s *GetBucketInventoryConfigurationInput) SetId(v string) *GetBucketInventoryConfigurationInput {
-	s.Id = &v
-	return s
-}
-
-func (s *GetBucketInventoryConfigurationInput) getEndpointARN() (arn.Resource, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	return parseEndpointARN(*s.Bucket)
-}
-
-func (s *GetBucketInventoryConfigurationInput) hasEndpointARN() bool {
-	if s.Bucket == nil {
-		return false
-	}
-	return arn.IsARN(*s.Bucket)
-}
-
-// updateArnableField updates the value of the input field that
-// takes an ARN as an input. This method is useful to backfill
-// the parsed resource name from ARN into the input member.
-// It returns a pointer to a modified copy of input and an error.
-// Note that original input is not modified.
-func (s GetBucketInventoryConfigurationInput) updateArnableField(v string) (interface{}, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	s.Bucket = aws.String(v)
-	return &s, nil
-}
-
-type GetBucketInventoryConfigurationOutput struct {
-	_ struct{} `type:"structure" payload:"InventoryConfiguration"`
-
-	// Specifies the inventory configuration.
-	InventoryConfiguration *InventoryConfiguration `type:"structure"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetBucketInventoryConfigurationOutput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetBucketInventoryConfigurationOutput) GoString() string {
-	return s.String()
-}
-
-// SetInventoryConfiguration sets the InventoryConfiguration field's value.
-func (s *GetBucketInventoryConfigurationOutput) SetInventoryConfiguration(v *InventoryConfiguration) *GetBucketInventoryConfigurationOutput {
-	s.InventoryConfiguration = v
-	return s
-}
-
-type GetBucketLifecycleConfigurationInput struct {
-	_ struct{} `locationName:"GetBucketLifecycleConfigurationRequest" type:"structure"`
-
-	// The name of the bucket for which to get the lifecycle information.
-	//
-	// Bucket is a required field
-	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
-
-	// The account ID of the expected bucket owner. If the bucket is owned by a
-	// different account, the request fails with the HTTP status code 403 Forbidden
-	// (access denied).
-	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetBucketLifecycleConfigurationInput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetBucketLifecycleConfigurationInput) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *GetBucketLifecycleConfigurationInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "GetBucketLifecycleConfigurationInput"}
-	if s.Bucket == nil {
-		invalidParams.Add(request.NewErrParamRequired("Bucket"))
-	}
-	if s.Bucket != nil && len(*s.Bucket) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetBucket sets the Bucket field's value.
-func (s *GetBucketLifecycleConfigurationInput) SetBucket(v string) *GetBucketLifecycleConfigurationInput {
-	s.Bucket = &v
-	return s
-}
-
-func (s *GetBucketLifecycleConfigurationInput) getBucket() (v string) {
-	if s.Bucket == nil {
-		return v
-	}
-	return *s.Bucket
-}
-
-// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
-func (s *GetBucketLifecycleConfigurationInput) SetExpectedBucketOwner(v string) *GetBucketLifecycleConfigurationInput {
-	s.ExpectedBucketOwner = &v
-	return s
-}
-
-func (s *GetBucketLifecycleConfigurationInput) getEndpointARN() (arn.Resource, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	return parseEndpointARN(*s.Bucket)
-}
-
-func (s *GetBucketLifecycleConfigurationInput) hasEndpointARN() bool {
-	if s.Bucket == nil {
-		return false
-	}
-	return arn.IsARN(*s.Bucket)
-}
-
-// updateArnableField updates the value of the input field that
-// takes an ARN as an input. This method is useful to backfill
-// the parsed resource name from ARN into the input member.
-// It returns a pointer to a modified copy of input and an error.
-// Note that original input is not modified.
-func (s GetBucketLifecycleConfigurationInput) updateArnableField(v string) (interface{}, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	s.Bucket = aws.String(v)
-	return &s, nil
-}
-
-type GetBucketLifecycleConfigurationOutput struct {
-	_ struct{} `type:"structure"`
-
-	// Container for a lifecycle rule.
-	Rules []*LifecycleRule `locationName:"Rule" type:"list" flattened:"true"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetBucketLifecycleConfigurationOutput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetBucketLifecycleConfigurationOutput) GoString() string {
-	return s.String()
-}
-
-// SetRules sets the Rules field's value.
-func (s *GetBucketLifecycleConfigurationOutput) SetRules(v []*LifecycleRule) *GetBucketLifecycleConfigurationOutput {
-	s.Rules = v
-	return s
-}
-
-type GetBucketLifecycleInput struct {
-	_ struct{} `locationName:"GetBucketLifecycleRequest" type:"structure"`
-
-	// The name of the bucket for which to get the lifecycle information.
-	//
-	// Bucket is a required field
-	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
-
-	// The account ID of the expected bucket owner. If the bucket is owned by a
-	// different account, the request fails with the HTTP status code 403 Forbidden
-	// (access denied).
-	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetBucketLifecycleInput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetBucketLifecycleInput) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *GetBucketLifecycleInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "GetBucketLifecycleInput"}
-	if s.Bucket == nil {
-		invalidParams.Add(request.NewErrParamRequired("Bucket"))
-	}
-	if s.Bucket != nil && len(*s.Bucket) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetBucket sets the Bucket field's value.
-func (s *GetBucketLifecycleInput) SetBucket(v string) *GetBucketLifecycleInput {
-	s.Bucket = &v
-	return s
-}
-
-func (s *GetBucketLifecycleInput) getBucket() (v string) {
-	if s.Bucket == nil {
-		return v
-	}
-	return *s.Bucket
-}
-
-// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
-func (s *GetBucketLifecycleInput) SetExpectedBucketOwner(v string) *GetBucketLifecycleInput {
-	s.ExpectedBucketOwner = &v
-	return s
-}
-
-func (s *GetBucketLifecycleInput) getEndpointARN() (arn.Resource, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	return parseEndpointARN(*s.Bucket)
-}
-
-func (s *GetBucketLifecycleInput) hasEndpointARN() bool {
-	if s.Bucket == nil {
-		return false
-	}
-	return arn.IsARN(*s.Bucket)
-}
-
-// updateArnableField updates the value of the input field that
-// takes an ARN as an input. This method is useful to backfill
-// the parsed resource name from ARN into the input member.
-// It returns a pointer to a modified copy of input and an error.
-// Note that original input is not modified.
-func (s GetBucketLifecycleInput) updateArnableField(v string) (interface{}, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	s.Bucket = aws.String(v)
-	return &s, nil
-}
-
-type GetBucketLifecycleOutput struct {
-	_ struct{} `type:"structure"`
-
-	// Container for a lifecycle rule.
-	Rules []*Rule `locationName:"Rule" type:"list" flattened:"true"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetBucketLifecycleOutput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetBucketLifecycleOutput) GoString() string {
-	return s.String()
-}
-
-// SetRules sets the Rules field's value.
-func (s *GetBucketLifecycleOutput) SetRules(v []*Rule) *GetBucketLifecycleOutput {
-	s.Rules = v
-	return s
-}
-
-type GetBucketLocationInput struct {
-	_ struct{} `locationName:"GetBucketLocationRequest" type:"structure"`
-
-	// The name of the bucket for which to get the location.
-	//
-	// To use this API operation against an access point, provide the alias of the
-	// access point in place of the bucket name.
-	//
-	// To use this API operation against an Object Lambda access point, provide
-	// the alias of the Object Lambda access point in place of the bucket name.
-	// If the Object Lambda access point alias in a request is not valid, the error
-	// code InvalidAccessPointAliasError is returned. For more information about
-	// InvalidAccessPointAliasError, see List of Error Codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList).
-	//
-	// Bucket is a required field
-	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
-
-	// The account ID of the expected bucket owner. If the bucket is owned by a
-	// different account, the request fails with the HTTP status code 403 Forbidden
-	// (access denied).
-	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetBucketLocationInput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetBucketLocationInput) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *GetBucketLocationInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "GetBucketLocationInput"}
-	if s.Bucket == nil {
-		invalidParams.Add(request.NewErrParamRequired("Bucket"))
-	}
-	if s.Bucket != nil && len(*s.Bucket) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetBucket sets the Bucket field's value.
-func (s *GetBucketLocationInput) SetBucket(v string) *GetBucketLocationInput {
-	s.Bucket = &v
-	return s
-}
-
-func (s *GetBucketLocationInput) getBucket() (v string) {
-	if s.Bucket == nil {
-		return v
-	}
-	return *s.Bucket
-}
-
-// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
-func (s *GetBucketLocationInput) SetExpectedBucketOwner(v string) *GetBucketLocationInput {
-	s.ExpectedBucketOwner = &v
-	return s
-}
-
-func (s *GetBucketLocationInput) getEndpointARN() (arn.Resource, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	return parseEndpointARN(*s.Bucket)
-}
-
-func (s *GetBucketLocationInput) hasEndpointARN() bool {
-	if s.Bucket == nil {
-		return false
-	}
-	return arn.IsARN(*s.Bucket)
-}
-
-// updateArnableField updates the value of the input field that
-// takes an ARN as an input. This method is useful to backfill
-// the parsed resource name from ARN into the input member.
-// It returns a pointer to a modified copy of input and an error.
-// Note that original input is not modified.
-func (s GetBucketLocationInput) updateArnableField(v string) (interface{}, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	s.Bucket = aws.String(v)
-	return &s, nil
-}
-
-type GetBucketLocationOutput struct {
-	_ struct{} `type:"structure"`
-
-	// Specifies the Region where the bucket resides. For a list of all the Amazon
-	// S3 supported location constraints by Region, see Regions and Endpoints (https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region).
-	// Buckets in Region us-east-1 have a LocationConstraint of null.
-	LocationConstraint *string `type:"string" enum:"BucketLocationConstraint"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetBucketLocationOutput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetBucketLocationOutput) GoString() string {
-	return s.String()
-}
-
-// SetLocationConstraint sets the LocationConstraint field's value.
-func (s *GetBucketLocationOutput) SetLocationConstraint(v string) *GetBucketLocationOutput {
-	s.LocationConstraint = &v
-	return s
-}
-
-type GetBucketLoggingInput struct {
-	_ struct{} `locationName:"GetBucketLoggingRequest" type:"structure"`
-
-	// The bucket name for which to get the logging information.
-	//
-	// Bucket is a required field
-	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
-
-	// The account ID of the expected bucket owner. If the bucket is owned by a
-	// different account, the request fails with the HTTP status code 403 Forbidden
-	// (access denied).
-	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetBucketLoggingInput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetBucketLoggingInput) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *GetBucketLoggingInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "GetBucketLoggingInput"}
-	if s.Bucket == nil {
-		invalidParams.Add(request.NewErrParamRequired("Bucket"))
-	}
-	if s.Bucket != nil && len(*s.Bucket) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetBucket sets the Bucket field's value.
-func (s *GetBucketLoggingInput) SetBucket(v string) *GetBucketLoggingInput {
-	s.Bucket = &v
-	return s
-}
-
-func (s *GetBucketLoggingInput) getBucket() (v string) {
-	if s.Bucket == nil {
-		return v
-	}
-	return *s.Bucket
-}
-
-// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
-func (s *GetBucketLoggingInput) SetExpectedBucketOwner(v string) *GetBucketLoggingInput {
-	s.ExpectedBucketOwner = &v
-	return s
-}
-
-func (s *GetBucketLoggingInput) getEndpointARN() (arn.Resource, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	return parseEndpointARN(*s.Bucket)
-}
-
-func (s *GetBucketLoggingInput) hasEndpointARN() bool {
-	if s.Bucket == nil {
-		return false
-	}
-	return arn.IsARN(*s.Bucket)
-}
-
-// updateArnableField updates the value of the input field that
-// takes an ARN as an input. This method is useful to backfill
-// the parsed resource name from ARN into the input member.
-// It returns a pointer to a modified copy of input and an error.
-// Note that original input is not modified.
-func (s GetBucketLoggingInput) updateArnableField(v string) (interface{}, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	s.Bucket = aws.String(v)
-	return &s, nil
-}
-
-type GetBucketLoggingOutput struct {
-	_ struct{} `type:"structure"`
-
-	// Describes where logs are stored and the prefix that Amazon S3 assigns to
-	// all log object keys for a bucket. For more information, see PUT Bucket logging
-	// (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTlogging.html)
-	// in the Amazon S3 API Reference.
-	LoggingEnabled *LoggingEnabled `type:"structure"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetBucketLoggingOutput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetBucketLoggingOutput) GoString() string {
-	return s.String()
-}
-
-// SetLoggingEnabled sets the LoggingEnabled field's value.
-func (s *GetBucketLoggingOutput) SetLoggingEnabled(v *LoggingEnabled) *GetBucketLoggingOutput {
-	s.LoggingEnabled = v
-	return s
-}
-
-type GetBucketMetricsConfigurationInput struct {
-	_ struct{} `locationName:"GetBucketMetricsConfigurationRequest" type:"structure"`
-
-	// The name of the bucket containing the metrics configuration to retrieve.
-	//
-	// Bucket is a required field
-	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
-
-	// The account ID of the expected bucket owner. If the bucket is owned by a
-	// different account, the request fails with the HTTP status code 403 Forbidden
-	// (access denied).
-	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
-
-	// The ID used to identify the metrics configuration. The ID has a 64 character
-	// limit and can only contain letters, numbers, periods, dashes, and underscores.
-	//
-	// Id is a required field
-	Id *string `location:"querystring" locationName:"id" type:"string" required:"true"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetBucketMetricsConfigurationInput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetBucketMetricsConfigurationInput) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *GetBucketMetricsConfigurationInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "GetBucketMetricsConfigurationInput"}
-	if s.Bucket == nil {
-		invalidParams.Add(request.NewErrParamRequired("Bucket"))
-	}
-	if s.Bucket != nil && len(*s.Bucket) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
-	}
-	if s.Id == nil {
-		invalidParams.Add(request.NewErrParamRequired("Id"))
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetBucket sets the Bucket field's value.
-func (s *GetBucketMetricsConfigurationInput) SetBucket(v string) *GetBucketMetricsConfigurationInput {
-	s.Bucket = &v
-	return s
-}
-
-func (s *GetBucketMetricsConfigurationInput) getBucket() (v string) {
-	if s.Bucket == nil {
-		return v
-	}
-	return *s.Bucket
-}
-
-// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
-func (s *GetBucketMetricsConfigurationInput) SetExpectedBucketOwner(v string) *GetBucketMetricsConfigurationInput {
-	s.ExpectedBucketOwner = &v
-	return s
-}
-
-// SetId sets the Id field's value.
-func (s *GetBucketMetricsConfigurationInput) SetId(v string) *GetBucketMetricsConfigurationInput {
-	s.Id = &v
-	return s
-}
-
-func (s *GetBucketMetricsConfigurationInput) getEndpointARN() (arn.Resource, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	return parseEndpointARN(*s.Bucket)
-}
-
-func (s *GetBucketMetricsConfigurationInput) hasEndpointARN() bool {
-	if s.Bucket == nil {
-		return false
-	}
-	return arn.IsARN(*s.Bucket)
-}
-
-// updateArnableField updates the value of the input field that
-// takes an ARN as an input. This method is useful to backfill
-// the parsed resource name from ARN into the input member.
-// It returns a pointer to a modified copy of input and an error.
-// Note that original input is not modified.
-func (s GetBucketMetricsConfigurationInput) updateArnableField(v string) (interface{}, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	s.Bucket = aws.String(v)
-	return &s, nil
-}
-
-type GetBucketMetricsConfigurationOutput struct {
-	_ struct{} `type:"structure" payload:"MetricsConfiguration"`
-
-	// Specifies the metrics configuration.
-	MetricsConfiguration *MetricsConfiguration `type:"structure"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetBucketMetricsConfigurationOutput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetBucketMetricsConfigurationOutput) GoString() string {
-	return s.String()
-}
-
-// SetMetricsConfiguration sets the MetricsConfiguration field's value.
-func (s *GetBucketMetricsConfigurationOutput) SetMetricsConfiguration(v *MetricsConfiguration) *GetBucketMetricsConfigurationOutput {
-	s.MetricsConfiguration = v
-	return s
-}
-
-type GetBucketNotificationConfigurationRequest struct {
-	_ struct{} `locationName:"GetBucketNotificationConfigurationRequest" type:"structure"`
-
-	// The name of the bucket for which to get the notification configuration.
-	//
-	// To use this API operation against an access point, provide the alias of the
-	// access point in place of the bucket name.
-	//
-	// To use this API operation against an Object Lambda access point, provide
-	// the alias of the Object Lambda access point in place of the bucket name.
-	// If the Object Lambda access point alias in a request is not valid, the error
-	// code InvalidAccessPointAliasError is returned. For more information about
-	// InvalidAccessPointAliasError, see List of Error Codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList).
-	//
-	// Bucket is a required field
-	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
-
-	// The account ID of the expected bucket owner. If the bucket is owned by a
-	// different account, the request fails with the HTTP status code 403 Forbidden
-	// (access denied).
-	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetBucketNotificationConfigurationRequest) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetBucketNotificationConfigurationRequest) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *GetBucketNotificationConfigurationRequest) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "GetBucketNotificationConfigurationRequest"}
-	if s.Bucket == nil {
-		invalidParams.Add(request.NewErrParamRequired("Bucket"))
-	}
-	if s.Bucket != nil && len(*s.Bucket) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetBucket sets the Bucket field's value.
-func (s *GetBucketNotificationConfigurationRequest) SetBucket(v string) *GetBucketNotificationConfigurationRequest {
-	s.Bucket = &v
-	return s
-}
-
-func (s *GetBucketNotificationConfigurationRequest) getBucket() (v string) {
-	if s.Bucket == nil {
-		return v
-	}
-	return *s.Bucket
-}
-
-// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
-func (s *GetBucketNotificationConfigurationRequest) SetExpectedBucketOwner(v string) *GetBucketNotificationConfigurationRequest {
-	s.ExpectedBucketOwner = &v
-	return s
-}
-
-func (s *GetBucketNotificationConfigurationRequest) getEndpointARN() (arn.Resource, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	return parseEndpointARN(*s.Bucket)
-}
-
-func (s *GetBucketNotificationConfigurationRequest) hasEndpointARN() bool {
-	if s.Bucket == nil {
-		return false
-	}
-	return arn.IsARN(*s.Bucket)
-}
-
-// updateArnableField updates the value of the input field that
-// takes an ARN as an input. This method is useful to backfill
-// the parsed resource name from ARN into the input member.
-// It returns a pointer to a modified copy of input and an error.
-// Note that original input is not modified.
-func (s GetBucketNotificationConfigurationRequest) updateArnableField(v string) (interface{}, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	s.Bucket = aws.String(v)
-	return &s, nil
-}
-
-type GetBucketOwnershipControlsInput struct {
-	_ struct{} `locationName:"GetBucketOwnershipControlsRequest" type:"structure"`
-
-	// The name of the Amazon S3 bucket whose OwnershipControls you want to retrieve.
-	//
-	// Bucket is a required field
-	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
-
-	// The account ID of the expected bucket owner. If the bucket is owned by a
-	// different account, the request fails with the HTTP status code 403 Forbidden
-	// (access denied).
-	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetBucketOwnershipControlsInput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetBucketOwnershipControlsInput) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *GetBucketOwnershipControlsInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "GetBucketOwnershipControlsInput"}
-	if s.Bucket == nil {
-		invalidParams.Add(request.NewErrParamRequired("Bucket"))
-	}
-	if s.Bucket != nil && len(*s.Bucket) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetBucket sets the Bucket field's value.
-func (s *GetBucketOwnershipControlsInput) SetBucket(v string) *GetBucketOwnershipControlsInput {
-	s.Bucket = &v
-	return s
-}
-
-func (s *GetBucketOwnershipControlsInput) getBucket() (v string) {
-	if s.Bucket == nil {
-		return v
-	}
-	return *s.Bucket
-}
-
-// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
-func (s *GetBucketOwnershipControlsInput) SetExpectedBucketOwner(v string) *GetBucketOwnershipControlsInput {
-	s.ExpectedBucketOwner = &v
-	return s
-}
-
-func (s *GetBucketOwnershipControlsInput) getEndpointARN() (arn.Resource, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	return parseEndpointARN(*s.Bucket)
-}
-
-func (s *GetBucketOwnershipControlsInput) hasEndpointARN() bool {
-	if s.Bucket == nil {
-		return false
-	}
-	return arn.IsARN(*s.Bucket)
-}
-
-// updateArnableField updates the value of the input field that
-// takes an ARN as an input. This method is useful to backfill
-// the parsed resource name from ARN into the input member.
-// It returns a pointer to a modified copy of input and an error.
-// Note that original input is not modified.
-func (s GetBucketOwnershipControlsInput) updateArnableField(v string) (interface{}, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	s.Bucket = aws.String(v)
-	return &s, nil
-}
-
-type GetBucketOwnershipControlsOutput struct {
-	_ struct{} `type:"structure" payload:"OwnershipControls"`
-
-	// The OwnershipControls (BucketOwnerEnforced, BucketOwnerPreferred, or ObjectWriter)
-	// currently in effect for this Amazon S3 bucket.
-	OwnershipControls *OwnershipControls `type:"structure"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetBucketOwnershipControlsOutput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetBucketOwnershipControlsOutput) GoString() string {
-	return s.String()
-}
-
-// SetOwnershipControls sets the OwnershipControls field's value.
-func (s *GetBucketOwnershipControlsOutput) SetOwnershipControls(v *OwnershipControls) *GetBucketOwnershipControlsOutput {
-	s.OwnershipControls = v
-	return s
-}
-
-type GetBucketPolicyInput struct {
-	_ struct{} `locationName:"GetBucketPolicyRequest" type:"structure"`
-
-	// The bucket name for which to get the bucket policy.
-	//
-	// To use this API operation against an access point, provide the alias of the
-	// access point in place of the bucket name.
-	//
-	// To use this API operation against an Object Lambda access point, provide
-	// the alias of the Object Lambda access point in place of the bucket name.
-	// If the Object Lambda access point alias in a request is not valid, the error
-	// code InvalidAccessPointAliasError is returned. For more information about
-	// InvalidAccessPointAliasError, see List of Error Codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList).
-	//
-	// Bucket is a required field
-	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
-
-	// The account ID of the expected bucket owner. If the bucket is owned by a
-	// different account, the request fails with the HTTP status code 403 Forbidden
-	// (access denied).
-	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetBucketPolicyInput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetBucketPolicyInput) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *GetBucketPolicyInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "GetBucketPolicyInput"}
-	if s.Bucket == nil {
-		invalidParams.Add(request.NewErrParamRequired("Bucket"))
-	}
-	if s.Bucket != nil && len(*s.Bucket) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetBucket sets the Bucket field's value.
-func (s *GetBucketPolicyInput) SetBucket(v string) *GetBucketPolicyInput {
-	s.Bucket = &v
-	return s
-}
-
-func (s *GetBucketPolicyInput) getBucket() (v string) {
-	if s.Bucket == nil {
-		return v
-	}
-	return *s.Bucket
-}
-
-// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
-func (s *GetBucketPolicyInput) SetExpectedBucketOwner(v string) *GetBucketPolicyInput {
-	s.ExpectedBucketOwner = &v
-	return s
-}
-
-func (s *GetBucketPolicyInput) getEndpointARN() (arn.Resource, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	return parseEndpointARN(*s.Bucket)
-}
-
-func (s *GetBucketPolicyInput) hasEndpointARN() bool {
-	if s.Bucket == nil {
-		return false
-	}
-	return arn.IsARN(*s.Bucket)
-}
-
-// updateArnableField updates the value of the input field that
-// takes an ARN as an input. This method is useful to backfill
-// the parsed resource name from ARN into the input member.
-// It returns a pointer to a modified copy of input and an error.
-// Note that original input is not modified.
-func (s GetBucketPolicyInput) updateArnableField(v string) (interface{}, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	s.Bucket = aws.String(v)
-	return &s, nil
-}
-
-type GetBucketPolicyOutput struct {
-	_ struct{} `type:"structure" payload:"Policy"`
-
-	// The bucket policy as a JSON document.
-	Policy *string `type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetBucketPolicyOutput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetBucketPolicyOutput) GoString() string {
-	return s.String()
-}
-
-// SetPolicy sets the Policy field's value.
-func (s *GetBucketPolicyOutput) SetPolicy(v string) *GetBucketPolicyOutput {
-	s.Policy = &v
-	return s
-}
-
-type GetBucketPolicyStatusInput struct {
-	_ struct{} `locationName:"GetBucketPolicyStatusRequest" type:"structure"`
-
-	// The name of the Amazon S3 bucket whose policy status you want to retrieve.
-	//
-	// Bucket is a required field
-	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
-
-	// The account ID of the expected bucket owner. If the bucket is owned by a
-	// different account, the request fails with the HTTP status code 403 Forbidden
-	// (access denied).
-	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetBucketPolicyStatusInput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetBucketPolicyStatusInput) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *GetBucketPolicyStatusInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "GetBucketPolicyStatusInput"}
-	if s.Bucket == nil {
-		invalidParams.Add(request.NewErrParamRequired("Bucket"))
-	}
-	if s.Bucket != nil && len(*s.Bucket) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetBucket sets the Bucket field's value.
-func (s *GetBucketPolicyStatusInput) SetBucket(v string) *GetBucketPolicyStatusInput {
-	s.Bucket = &v
-	return s
-}
-
-func (s *GetBucketPolicyStatusInput) getBucket() (v string) {
-	if s.Bucket == nil {
-		return v
-	}
-	return *s.Bucket
-}
-
-// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
-func (s *GetBucketPolicyStatusInput) SetExpectedBucketOwner(v string) *GetBucketPolicyStatusInput {
-	s.ExpectedBucketOwner = &v
-	return s
-}
-
-func (s *GetBucketPolicyStatusInput) getEndpointARN() (arn.Resource, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	return parseEndpointARN(*s.Bucket)
-}
-
-func (s *GetBucketPolicyStatusInput) hasEndpointARN() bool {
-	if s.Bucket == nil {
-		return false
-	}
-	return arn.IsARN(*s.Bucket)
-}
-
-// updateArnableField updates the value of the input field that
-// takes an ARN as an input. This method is useful to backfill
-// the parsed resource name from ARN into the input member.
-// It returns a pointer to a modified copy of input and an error.
-// Note that original input is not modified.
-func (s GetBucketPolicyStatusInput) updateArnableField(v string) (interface{}, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	s.Bucket = aws.String(v)
-	return &s, nil
-}
-
-type GetBucketPolicyStatusOutput struct {
-	_ struct{} `type:"structure" payload:"PolicyStatus"`
-
-	// The policy status for the specified bucket.
-	PolicyStatus *PolicyStatus `type:"structure"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetBucketPolicyStatusOutput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetBucketPolicyStatusOutput) GoString() string {
-	return s.String()
-}
-
-// SetPolicyStatus sets the PolicyStatus field's value.
-func (s *GetBucketPolicyStatusOutput) SetPolicyStatus(v *PolicyStatus) *GetBucketPolicyStatusOutput {
-	s.PolicyStatus = v
-	return s
-}
-
-type GetBucketReplicationInput struct {
-	_ struct{} `locationName:"GetBucketReplicationRequest" type:"structure"`
-
-	// The bucket name for which to get the replication information.
-	//
-	// Bucket is a required field
-	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
-
-	// The account ID of the expected bucket owner. If the bucket is owned by a
-	// different account, the request fails with the HTTP status code 403 Forbidden
-	// (access denied).
-	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetBucketReplicationInput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetBucketReplicationInput) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *GetBucketReplicationInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "GetBucketReplicationInput"}
-	if s.Bucket == nil {
-		invalidParams.Add(request.NewErrParamRequired("Bucket"))
-	}
-	if s.Bucket != nil && len(*s.Bucket) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetBucket sets the Bucket field's value.
-func (s *GetBucketReplicationInput) SetBucket(v string) *GetBucketReplicationInput {
-	s.Bucket = &v
-	return s
-}
-
-func (s *GetBucketReplicationInput) getBucket() (v string) {
-	if s.Bucket == nil {
-		return v
-	}
-	return *s.Bucket
-}
-
-// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
-func (s *GetBucketReplicationInput) SetExpectedBucketOwner(v string) *GetBucketReplicationInput {
-	s.ExpectedBucketOwner = &v
-	return s
-}
-
-func (s *GetBucketReplicationInput) getEndpointARN() (arn.Resource, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	return parseEndpointARN(*s.Bucket)
-}
-
-func (s *GetBucketReplicationInput) hasEndpointARN() bool {
-	if s.Bucket == nil {
-		return false
-	}
-	return arn.IsARN(*s.Bucket)
-}
-
-// updateArnableField updates the value of the input field that
-// takes an ARN as an input. This method is useful to backfill
-// the parsed resource name from ARN into the input member.
-// It returns a pointer to a modified copy of input and an error.
-// Note that original input is not modified.
-func (s GetBucketReplicationInput) updateArnableField(v string) (interface{}, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	s.Bucket = aws.String(v)
-	return &s, nil
-}
-
-type GetBucketReplicationOutput struct {
-	_ struct{} `type:"structure" payload:"ReplicationConfiguration"`
-
-	// A container for replication rules. You can add up to 1,000 rules. The maximum
-	// size of a replication configuration is 2 MB.
-	ReplicationConfiguration *ReplicationConfiguration `type:"structure"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetBucketReplicationOutput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetBucketReplicationOutput) GoString() string {
-	return s.String()
-}
-
-// SetReplicationConfiguration sets the ReplicationConfiguration field's value.
-func (s *GetBucketReplicationOutput) SetReplicationConfiguration(v *ReplicationConfiguration) *GetBucketReplicationOutput {
-	s.ReplicationConfiguration = v
-	return s
-}
-
-type GetBucketRequestPaymentInput struct {
-	_ struct{} `locationName:"GetBucketRequestPaymentRequest" type:"structure"`
-
-	// The name of the bucket for which to get the payment request configuration
-	//
-	// Bucket is a required field
-	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
-
-	// The account ID of the expected bucket owner. If the bucket is owned by a
-	// different account, the request fails with the HTTP status code 403 Forbidden
-	// (access denied).
-	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetBucketRequestPaymentInput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetBucketRequestPaymentInput) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *GetBucketRequestPaymentInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "GetBucketRequestPaymentInput"}
-	if s.Bucket == nil {
-		invalidParams.Add(request.NewErrParamRequired("Bucket"))
-	}
-	if s.Bucket != nil && len(*s.Bucket) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetBucket sets the Bucket field's value.
-func (s *GetBucketRequestPaymentInput) SetBucket(v string) *GetBucketRequestPaymentInput {
-	s.Bucket = &v
-	return s
-}
-
-func (s *GetBucketRequestPaymentInput) getBucket() (v string) {
-	if s.Bucket == nil {
-		return v
-	}
-	return *s.Bucket
-}
-
-// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
-func (s *GetBucketRequestPaymentInput) SetExpectedBucketOwner(v string) *GetBucketRequestPaymentInput {
-	s.ExpectedBucketOwner = &v
-	return s
-}
-
-func (s *GetBucketRequestPaymentInput) getEndpointARN() (arn.Resource, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	return parseEndpointARN(*s.Bucket)
-}
-
-func (s *GetBucketRequestPaymentInput) hasEndpointARN() bool {
-	if s.Bucket == nil {
-		return false
-	}
-	return arn.IsARN(*s.Bucket)
-}
-
-// updateArnableField updates the value of the input field that
-// takes an ARN as an input. This method is useful to backfill
-// the parsed resource name from ARN into the input member.
-// It returns a pointer to a modified copy of input and an error.
-// Note that original input is not modified.
-func (s GetBucketRequestPaymentInput) updateArnableField(v string) (interface{}, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	s.Bucket = aws.String(v)
-	return &s, nil
-}
-
-type GetBucketRequestPaymentOutput struct {
-	_ struct{} `type:"structure"`
-
-	// Specifies who pays for the download and request fees.
-	Payer *string `type:"string" enum:"Payer"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetBucketRequestPaymentOutput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetBucketRequestPaymentOutput) GoString() string {
-	return s.String()
-}
-
-// SetPayer sets the Payer field's value.
-func (s *GetBucketRequestPaymentOutput) SetPayer(v string) *GetBucketRequestPaymentOutput {
-	s.Payer = &v
-	return s
-}
-
-type GetBucketTaggingInput struct {
-	_ struct{} `locationName:"GetBucketTaggingRequest" type:"structure"`
-
-	// The name of the bucket for which to get the tagging information.
-	//
-	// Bucket is a required field
-	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
-
-	// The account ID of the expected bucket owner. If the bucket is owned by a
-	// different account, the request fails with the HTTP status code 403 Forbidden
-	// (access denied).
-	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetBucketTaggingInput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetBucketTaggingInput) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *GetBucketTaggingInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "GetBucketTaggingInput"}
-	if s.Bucket == nil {
-		invalidParams.Add(request.NewErrParamRequired("Bucket"))
-	}
-	if s.Bucket != nil && len(*s.Bucket) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetBucket sets the Bucket field's value.
-func (s *GetBucketTaggingInput) SetBucket(v string) *GetBucketTaggingInput {
-	s.Bucket = &v
-	return s
-}
-
-func (s *GetBucketTaggingInput) getBucket() (v string) {
-	if s.Bucket == nil {
-		return v
-	}
-	return *s.Bucket
-}
-
-// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
-func (s *GetBucketTaggingInput) SetExpectedBucketOwner(v string) *GetBucketTaggingInput {
-	s.ExpectedBucketOwner = &v
-	return s
-}
-
-func (s *GetBucketTaggingInput) getEndpointARN() (arn.Resource, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	return parseEndpointARN(*s.Bucket)
-}
-
-func (s *GetBucketTaggingInput) hasEndpointARN() bool {
-	if s.Bucket == nil {
-		return false
-	}
-	return arn.IsARN(*s.Bucket)
-}
-
-// updateArnableField updates the value of the input field that
-// takes an ARN as an input. This method is useful to backfill
-// the parsed resource name from ARN into the input member.
-// It returns a pointer to a modified copy of input and an error.
-// Note that original input is not modified.
-func (s GetBucketTaggingInput) updateArnableField(v string) (interface{}, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	s.Bucket = aws.String(v)
-	return &s, nil
-}
-
-type GetBucketTaggingOutput struct {
-	_ struct{} `type:"structure"`
-
-	// Contains the tag set.
-	//
-	// TagSet is a required field
-	TagSet []*Tag `locationNameList:"Tag" type:"list" required:"true"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetBucketTaggingOutput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetBucketTaggingOutput) GoString() string {
-	return s.String()
-}
-
-// SetTagSet sets the TagSet field's value.
-func (s *GetBucketTaggingOutput) SetTagSet(v []*Tag) *GetBucketTaggingOutput {
-	s.TagSet = v
-	return s
-}
-
-type GetBucketVersioningInput struct {
-	_ struct{} `locationName:"GetBucketVersioningRequest" type:"structure"`
-
-	// The name of the bucket for which to get the versioning information.
-	//
-	// Bucket is a required field
-	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
-
-	// The account ID of the expected bucket owner. If the bucket is owned by a
-	// different account, the request fails with the HTTP status code 403 Forbidden
-	// (access denied).
-	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetBucketVersioningInput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetBucketVersioningInput) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *GetBucketVersioningInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "GetBucketVersioningInput"}
-	if s.Bucket == nil {
-		invalidParams.Add(request.NewErrParamRequired("Bucket"))
-	}
-	if s.Bucket != nil && len(*s.Bucket) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetBucket sets the Bucket field's value.
-func (s *GetBucketVersioningInput) SetBucket(v string) *GetBucketVersioningInput {
-	s.Bucket = &v
-	return s
-}
-
-func (s *GetBucketVersioningInput) getBucket() (v string) {
-	if s.Bucket == nil {
-		return v
-	}
-	return *s.Bucket
-}
-
-// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
-func (s *GetBucketVersioningInput) SetExpectedBucketOwner(v string) *GetBucketVersioningInput {
-	s.ExpectedBucketOwner = &v
-	return s
-}
-
-func (s *GetBucketVersioningInput) getEndpointARN() (arn.Resource, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	return parseEndpointARN(*s.Bucket)
-}
-
-func (s *GetBucketVersioningInput) hasEndpointARN() bool {
-	if s.Bucket == nil {
-		return false
-	}
-	return arn.IsARN(*s.Bucket)
-}
-
-// updateArnableField updates the value of the input field that
-// takes an ARN as an input. This method is useful to backfill
-// the parsed resource name from ARN into the input member.
-// It returns a pointer to a modified copy of input and an error.
-// Note that original input is not modified.
-func (s GetBucketVersioningInput) updateArnableField(v string) (interface{}, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	s.Bucket = aws.String(v)
-	return &s, nil
-}
-
-type GetBucketVersioningOutput struct {
-	_ struct{} `type:"structure"`
-
-	// Specifies whether MFA delete is enabled in the bucket versioning configuration.
-	// This element is only returned if the bucket has been configured with MFA
-	// delete. If the bucket has never been so configured, this element is not returned.
-	MFADelete *string `locationName:"MfaDelete" type:"string" enum:"MFADeleteStatus"`
-
-	// The versioning state of the bucket.
-	Status *string `type:"string" enum:"BucketVersioningStatus"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetBucketVersioningOutput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetBucketVersioningOutput) GoString() string {
-	return s.String()
-}
-
-// SetMFADelete sets the MFADelete field's value.
-func (s *GetBucketVersioningOutput) SetMFADelete(v string) *GetBucketVersioningOutput {
-	s.MFADelete = &v
-	return s
-}
-
-// SetStatus sets the Status field's value.
-func (s *GetBucketVersioningOutput) SetStatus(v string) *GetBucketVersioningOutput {
-	s.Status = &v
-	return s
-}
-
-type GetBucketWebsiteInput struct {
-	_ struct{} `locationName:"GetBucketWebsiteRequest" type:"structure"`
-
-	// The bucket name for which to get the website configuration.
-	//
-	// Bucket is a required field
-	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
-
-	// The account ID of the expected bucket owner. If the bucket is owned by a
-	// different account, the request fails with the HTTP status code 403 Forbidden
-	// (access denied).
-	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetBucketWebsiteInput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetBucketWebsiteInput) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *GetBucketWebsiteInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "GetBucketWebsiteInput"}
-	if s.Bucket == nil {
-		invalidParams.Add(request.NewErrParamRequired("Bucket"))
-	}
-	if s.Bucket != nil && len(*s.Bucket) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetBucket sets the Bucket field's value.
-func (s *GetBucketWebsiteInput) SetBucket(v string) *GetBucketWebsiteInput {
-	s.Bucket = &v
-	return s
-}
-
-func (s *GetBucketWebsiteInput) getBucket() (v string) {
-	if s.Bucket == nil {
-		return v
-	}
-	return *s.Bucket
-}
-
-// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
-func (s *GetBucketWebsiteInput) SetExpectedBucketOwner(v string) *GetBucketWebsiteInput {
-	s.ExpectedBucketOwner = &v
-	return s
-}
-
-func (s *GetBucketWebsiteInput) getEndpointARN() (arn.Resource, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	return parseEndpointARN(*s.Bucket)
-}
-
-func (s *GetBucketWebsiteInput) hasEndpointARN() bool {
-	if s.Bucket == nil {
-		return false
-	}
-	return arn.IsARN(*s.Bucket)
-}
-
-// updateArnableField updates the value of the input field that
-// takes an ARN as an input. This method is useful to backfill
-// the parsed resource name from ARN into the input member.
-// It returns a pointer to a modified copy of input and an error.
-// Note that original input is not modified.
-func (s GetBucketWebsiteInput) updateArnableField(v string) (interface{}, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	s.Bucket = aws.String(v)
-	return &s, nil
-}
-
-type GetBucketWebsiteOutput struct {
-	_ struct{} `type:"structure"`
-
-	// The object key name of the website error document to use for 4XX class errors.
-	ErrorDocument *ErrorDocument `type:"structure"`
-
-	// The name of the index document for the website (for example index.html).
-	IndexDocument *IndexDocument `type:"structure"`
-
-	// Specifies the redirect behavior of all requests to a website endpoint of
-	// an Amazon S3 bucket.
-	RedirectAllRequestsTo *RedirectAllRequestsTo `type:"structure"`
-
-	// Rules that define when a redirect is applied and the redirect behavior.
-	RoutingRules []*RoutingRule `locationNameList:"RoutingRule" type:"list"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetBucketWebsiteOutput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetBucketWebsiteOutput) GoString() string {
-	return s.String()
-}
-
-// SetErrorDocument sets the ErrorDocument field's value.
-func (s *GetBucketWebsiteOutput) SetErrorDocument(v *ErrorDocument) *GetBucketWebsiteOutput {
-	s.ErrorDocument = v
-	return s
-}
-
-// SetIndexDocument sets the IndexDocument field's value.
-func (s *GetBucketWebsiteOutput) SetIndexDocument(v *IndexDocument) *GetBucketWebsiteOutput {
-	s.IndexDocument = v
-	return s
-}
-
-// SetRedirectAllRequestsTo sets the RedirectAllRequestsTo field's value.
-func (s *GetBucketWebsiteOutput) SetRedirectAllRequestsTo(v *RedirectAllRequestsTo) *GetBucketWebsiteOutput {
-	s.RedirectAllRequestsTo = v
-	return s
-}
-
-// SetRoutingRules sets the RoutingRules field's value.
-func (s *GetBucketWebsiteOutput) SetRoutingRules(v []*RoutingRule) *GetBucketWebsiteOutput {
-	s.RoutingRules = v
-	return s
-}
-
-type GetObjectAclInput struct {
-	_ struct{} `locationName:"GetObjectAclRequest" type:"structure"`
-
-	// The bucket name that contains the object for which to get the ACL information.
-	//
-	// When using this action with an access point, you must direct requests to
-	// the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com.
-	// When using this action with an access point through the Amazon Web Services
-	// SDKs, you provide the access point ARN in place of the bucket name. For more
-	// information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
-	// in the Amazon S3 User Guide.
-	//
-	// Bucket is a required field
-	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
-
-	// The account ID of the expected bucket owner. If the bucket is owned by a
-	// different account, the request fails with the HTTP status code 403 Forbidden
-	// (access denied).
-	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
-
-	// The key of the object for which to get the ACL information.
-	//
-	// Key is a required field
-	Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"`
-
-	// Confirms that the requester knows that they will be charged for the request.
-	// Bucket owners need not specify this parameter in their requests. For information
-	// about downloading objects from Requester Pays buckets, see Downloading Objects
-	// in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
-	// in the Amazon S3 User Guide.
-	RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"`
-
-	// VersionId used to reference a specific version of the object.
-	VersionId *string `location:"querystring" locationName:"versionId" type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetObjectAclInput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetObjectAclInput) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *GetObjectAclInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "GetObjectAclInput"}
-	if s.Bucket == nil {
-		invalidParams.Add(request.NewErrParamRequired("Bucket"))
-	}
-	if s.Bucket != nil && len(*s.Bucket) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
-	}
-	if s.Key == nil {
-		invalidParams.Add(request.NewErrParamRequired("Key"))
-	}
-	if s.Key != nil && len(*s.Key) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Key", 1))
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetBucket sets the Bucket field's value.
-func (s *GetObjectAclInput) SetBucket(v string) *GetObjectAclInput {
-	s.Bucket = &v
-	return s
-}
-
-func (s *GetObjectAclInput) getBucket() (v string) {
-	if s.Bucket == nil {
-		return v
-	}
-	return *s.Bucket
-}
-
-// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
-func (s *GetObjectAclInput) SetExpectedBucketOwner(v string) *GetObjectAclInput {
-	s.ExpectedBucketOwner = &v
-	return s
-}
-
-// SetKey sets the Key field's value.
-func (s *GetObjectAclInput) SetKey(v string) *GetObjectAclInput {
-	s.Key = &v
-	return s
-}
-
-// SetRequestPayer sets the RequestPayer field's value.
-func (s *GetObjectAclInput) SetRequestPayer(v string) *GetObjectAclInput {
-	s.RequestPayer = &v
-	return s
-}
-
-// SetVersionId sets the VersionId field's value.
-func (s *GetObjectAclInput) SetVersionId(v string) *GetObjectAclInput {
-	s.VersionId = &v
-	return s
-}
-
-func (s *GetObjectAclInput) getEndpointARN() (arn.Resource, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	return parseEndpointARN(*s.Bucket)
-}
-
-func (s *GetObjectAclInput) hasEndpointARN() bool {
-	if s.Bucket == nil {
-		return false
-	}
-	return arn.IsARN(*s.Bucket)
-}
-
-// updateArnableField updates the value of the input field that
-// takes an ARN as an input. This method is useful to backfill
-// the parsed resource name from ARN into the input member.
-// It returns a pointer to a modified copy of input and an error.
-// Note that original input is not modified.
-func (s GetObjectAclInput) updateArnableField(v string) (interface{}, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	s.Bucket = aws.String(v)
-	return &s, nil
-}
-
-type GetObjectAclOutput struct {
-	_ struct{} `type:"structure"`
-
-	// A list of grants.
-	Grants []*Grant `locationName:"AccessControlList" locationNameList:"Grant" type:"list"`
-
-	// Container for the bucket owner's display name and ID.
-	Owner *Owner `type:"structure"`
-
-	// If present, indicates that the requester was successfully charged for the
-	// request.
-	RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetObjectAclOutput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetObjectAclOutput) GoString() string {
-	return s.String()
-}
-
-// SetGrants sets the Grants field's value.
-func (s *GetObjectAclOutput) SetGrants(v []*Grant) *GetObjectAclOutput {
-	s.Grants = v
-	return s
-}
-
-// SetOwner sets the Owner field's value.
-func (s *GetObjectAclOutput) SetOwner(v *Owner) *GetObjectAclOutput {
-	s.Owner = v
-	return s
-}
-
-// SetRequestCharged sets the RequestCharged field's value.
-func (s *GetObjectAclOutput) SetRequestCharged(v string) *GetObjectAclOutput {
-	s.RequestCharged = &v
-	return s
-}
-
-type GetObjectAttributesInput struct {
-	_ struct{} `locationName:"GetObjectAttributesRequest" type:"structure"`
-
-	// The name of the bucket that contains the object.
-	//
-	// When using this action with an access point, you must direct requests to
-	// the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com.
-	// When using this action with an access point through the Amazon Web Services
-	// SDKs, you provide the access point ARN in place of the bucket name. For more
-	// information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
-	// in the Amazon S3 User Guide.
-	//
-	// When you use this action with Amazon S3 on Outposts, you must direct requests
-	// to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form
-	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When
-	// you use this action with S3 on Outposts through the Amazon Web Services SDKs,
-	// you provide the Outposts access point ARN in place of the bucket name. For
-	// more information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
-	// in the Amazon S3 User Guide.
-	//
-	// Bucket is a required field
-	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
-
-	// The account ID of the expected bucket owner. If the bucket is owned by a
-	// different account, the request fails with the HTTP status code 403 Forbidden
-	// (access denied).
-	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
-
-	// The object key.
-	//
-	// Key is a required field
-	Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"`
-
-	// Sets the maximum number of parts to return.
-	MaxParts *int64 `location:"header" locationName:"x-amz-max-parts" type:"integer"`
-
-	// An XML header that specifies the fields at the root level that you want returned
-	// in the response. Fields that you do not specify are not returned.
-	//
-	// ObjectAttributes is a required field
-	ObjectAttributes []*string `location:"header" locationName:"x-amz-object-attributes" type:"list" required:"true" enum:"ObjectAttributes"`
-
-	// Specifies the part after which listing should begin. Only parts with higher
-	// part numbers will be listed.
-	PartNumberMarker *int64 `location:"header" locationName:"x-amz-part-number-marker" type:"integer"`
-
-	// Confirms that the requester knows that they will be charged for the request.
-	// Bucket owners need not specify this parameter in their requests. For information
-	// about downloading objects from Requester Pays buckets, see Downloading Objects
-	// in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
-	// in the Amazon S3 User Guide.
-	RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"`
-
-	// Specifies the algorithm to use when encrypting the object (for example, AES256).
-	SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"`
-
-	// Specifies the customer-provided encryption key for Amazon S3 to use in encrypting
-	// data. This value is used to store the object and then it is discarded; Amazon
-	// S3 does not store the encryption key. The key must be appropriate for use
-	// with the algorithm specified in the x-amz-server-side-encryption-customer-algorithm
-	// header.
-	//
-	// SSECustomerKey is a sensitive parameter and its value will be
-	// replaced with "sensitive" in string returned by GetObjectAttributesInput's
-	// String and GoString methods.
-	SSECustomerKey *string `marshal-as:"blob" location:"header" locationName:"x-amz-server-side-encryption-customer-key" type:"string" sensitive:"true"`
-
-	// Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321.
-	// Amazon S3 uses this header for a message integrity check to ensure that the
-	// encryption key was transmitted without error.
-	SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"`
-
-	// The version ID used to reference a specific version of the object.
-	VersionId *string `location:"querystring" locationName:"versionId" type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetObjectAttributesInput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetObjectAttributesInput) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *GetObjectAttributesInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "GetObjectAttributesInput"}
-	if s.Bucket == nil {
-		invalidParams.Add(request.NewErrParamRequired("Bucket"))
-	}
-	if s.Bucket != nil && len(*s.Bucket) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
-	}
-	if s.Key == nil {
-		invalidParams.Add(request.NewErrParamRequired("Key"))
-	}
-	if s.Key != nil && len(*s.Key) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Key", 1))
-	}
-	if s.ObjectAttributes == nil {
-		invalidParams.Add(request.NewErrParamRequired("ObjectAttributes"))
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetBucket sets the Bucket field's value.
-func (s *GetObjectAttributesInput) SetBucket(v string) *GetObjectAttributesInput {
-	s.Bucket = &v
-	return s
-}
-
-func (s *GetObjectAttributesInput) getBucket() (v string) {
-	if s.Bucket == nil {
-		return v
-	}
-	return *s.Bucket
-}
-
-// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
-func (s *GetObjectAttributesInput) SetExpectedBucketOwner(v string) *GetObjectAttributesInput {
-	s.ExpectedBucketOwner = &v
-	return s
-}
-
-// SetKey sets the Key field's value.
-func (s *GetObjectAttributesInput) SetKey(v string) *GetObjectAttributesInput {
-	s.Key = &v
-	return s
-}
-
-// SetMaxParts sets the MaxParts field's value.
-func (s *GetObjectAttributesInput) SetMaxParts(v int64) *GetObjectAttributesInput {
-	s.MaxParts = &v
-	return s
-}
-
-// SetObjectAttributes sets the ObjectAttributes field's value.
-func (s *GetObjectAttributesInput) SetObjectAttributes(v []*string) *GetObjectAttributesInput {
-	s.ObjectAttributes = v
-	return s
-}
-
-// SetPartNumberMarker sets the PartNumberMarker field's value.
-func (s *GetObjectAttributesInput) SetPartNumberMarker(v int64) *GetObjectAttributesInput {
-	s.PartNumberMarker = &v
-	return s
-}
-
-// SetRequestPayer sets the RequestPayer field's value.
-func (s *GetObjectAttributesInput) SetRequestPayer(v string) *GetObjectAttributesInput {
-	s.RequestPayer = &v
-	return s
-}
-
-// SetSSECustomerAlgorithm sets the SSECustomerAlgorithm field's value.
-func (s *GetObjectAttributesInput) SetSSECustomerAlgorithm(v string) *GetObjectAttributesInput {
-	s.SSECustomerAlgorithm = &v
-	return s
-}
-
-// SetSSECustomerKey sets the SSECustomerKey field's value.
-func (s *GetObjectAttributesInput) SetSSECustomerKey(v string) *GetObjectAttributesInput {
-	s.SSECustomerKey = &v
-	return s
-}
-
-func (s *GetObjectAttributesInput) getSSECustomerKey() (v string) {
-	if s.SSECustomerKey == nil {
-		return v
-	}
-	return *s.SSECustomerKey
-}
-
-// SetSSECustomerKeyMD5 sets the SSECustomerKeyMD5 field's value.
-func (s *GetObjectAttributesInput) SetSSECustomerKeyMD5(v string) *GetObjectAttributesInput {
-	s.SSECustomerKeyMD5 = &v
-	return s
-}
-
-// SetVersionId sets the VersionId field's value.
-func (s *GetObjectAttributesInput) SetVersionId(v string) *GetObjectAttributesInput {
-	s.VersionId = &v
-	return s
-}
-
-func (s *GetObjectAttributesInput) getEndpointARN() (arn.Resource, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	return parseEndpointARN(*s.Bucket)
-}
-
-func (s *GetObjectAttributesInput) hasEndpointARN() bool {
-	if s.Bucket == nil {
-		return false
-	}
-	return arn.IsARN(*s.Bucket)
-}
-
-// updateArnableField updates the value of the input field that
-// takes an ARN as an input. This method is useful to backfill
-// the parsed resource name from ARN into the input member.
-// It returns a pointer to a modified copy of input and an error.
-// Note that original input is not modified.
-func (s GetObjectAttributesInput) updateArnableField(v string) (interface{}, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	s.Bucket = aws.String(v)
-	return &s, nil
-}
-
-type GetObjectAttributesOutput struct {
-	_ struct{} `type:"structure"`
-
-	// The checksum or digest of the object.
-	Checksum *Checksum `type:"structure"`
-
-	// Specifies whether the object retrieved was (true) or was not (false) a delete
-	// marker. If false, this response header does not appear in the response.
-	DeleteMarker *bool `location:"header" locationName:"x-amz-delete-marker" type:"boolean"`
-
-	// An ETag is an opaque identifier assigned by a web server to a specific version
-	// of a resource found at a URL.
-	ETag *string `type:"string"`
-
-	// The creation date of the object.
-	LastModified *time.Time `location:"header" locationName:"Last-Modified" type:"timestamp"`
-
-	// A collection of parts associated with a multipart upload.
-	ObjectParts *GetObjectAttributesParts `type:"structure"`
-
-	// The size of the object in bytes.
-	ObjectSize *int64 `type:"long"`
-
-	// If present, indicates that the requester was successfully charged for the
-	// request.
-	RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"`
-
-	// Provides the storage class information of the object. Amazon S3 returns this
-	// header for all objects except for S3 Standard storage class objects.
-	//
-	// For more information, see Storage Classes (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html).
-	StorageClass *string `type:"string" enum:"StorageClass"`
-
-	// The version ID of the object.
-	VersionId *string `location:"header" locationName:"x-amz-version-id" type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetObjectAttributesOutput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetObjectAttributesOutput) GoString() string {
-	return s.String()
-}
-
-// SetChecksum sets the Checksum field's value.
-func (s *GetObjectAttributesOutput) SetChecksum(v *Checksum) *GetObjectAttributesOutput {
-	s.Checksum = v
-	return s
-}
-
-// SetDeleteMarker sets the DeleteMarker field's value.
-func (s *GetObjectAttributesOutput) SetDeleteMarker(v bool) *GetObjectAttributesOutput {
-	s.DeleteMarker = &v
-	return s
-}
-
-// SetETag sets the ETag field's value.
-func (s *GetObjectAttributesOutput) SetETag(v string) *GetObjectAttributesOutput {
-	s.ETag = &v
-	return s
-}
-
-// SetLastModified sets the LastModified field's value.
-func (s *GetObjectAttributesOutput) SetLastModified(v time.Time) *GetObjectAttributesOutput {
-	s.LastModified = &v
-	return s
-}
-
-// SetObjectParts sets the ObjectParts field's value.
-func (s *GetObjectAttributesOutput) SetObjectParts(v *GetObjectAttributesParts) *GetObjectAttributesOutput {
-	s.ObjectParts = v
-	return s
-}
-
-// SetObjectSize sets the ObjectSize field's value.
-func (s *GetObjectAttributesOutput) SetObjectSize(v int64) *GetObjectAttributesOutput {
-	s.ObjectSize = &v
-	return s
-}
-
-// SetRequestCharged sets the RequestCharged field's value.
-func (s *GetObjectAttributesOutput) SetRequestCharged(v string) *GetObjectAttributesOutput {
-	s.RequestCharged = &v
-	return s
-}
-
-// SetStorageClass sets the StorageClass field's value.
-func (s *GetObjectAttributesOutput) SetStorageClass(v string) *GetObjectAttributesOutput {
-	s.StorageClass = &v
-	return s
-}
-
-// SetVersionId sets the VersionId field's value.
-func (s *GetObjectAttributesOutput) SetVersionId(v string) *GetObjectAttributesOutput {
-	s.VersionId = &v
-	return s
-}
-
-// A collection of parts associated with a multipart upload.
-type GetObjectAttributesParts struct {
-	_ struct{} `type:"structure"`
-
-	// Indicates whether the returned list of parts is truncated. A value of true
-	// indicates that the list was truncated. A list can be truncated if the number
-	// of parts exceeds the limit returned in the MaxParts element.
-	IsTruncated *bool `type:"boolean"`
-
-	// The maximum number of parts allowed in the response.
-	MaxParts *int64 `type:"integer"`
-
-	// When a list is truncated, this element specifies the last part in the list,
-	// as well as the value to use for the PartNumberMarker request parameter in
-	// a subsequent request.
-	NextPartNumberMarker *int64 `type:"integer"`
-
-	// The marker for the current part.
-	PartNumberMarker *int64 `type:"integer"`
-
-	// A container for elements related to a particular part. A response can contain
-	// zero or more Parts elements.
-	Parts []*ObjectPart `locationName:"Part" type:"list" flattened:"true"`
-
-	// The total number of parts.
-	TotalPartsCount *int64 `locationName:"PartsCount" type:"integer"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetObjectAttributesParts) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetObjectAttributesParts) GoString() string {
-	return s.String()
-}
-
-// SetIsTruncated sets the IsTruncated field's value.
-func (s *GetObjectAttributesParts) SetIsTruncated(v bool) *GetObjectAttributesParts {
-	s.IsTruncated = &v
-	return s
-}
-
-// SetMaxParts sets the MaxParts field's value.
-func (s *GetObjectAttributesParts) SetMaxParts(v int64) *GetObjectAttributesParts {
-	s.MaxParts = &v
-	return s
-}
-
-// SetNextPartNumberMarker sets the NextPartNumberMarker field's value.
-func (s *GetObjectAttributesParts) SetNextPartNumberMarker(v int64) *GetObjectAttributesParts {
-	s.NextPartNumberMarker = &v
-	return s
-}
-
-// SetPartNumberMarker sets the PartNumberMarker field's value.
-func (s *GetObjectAttributesParts) SetPartNumberMarker(v int64) *GetObjectAttributesParts {
-	s.PartNumberMarker = &v
-	return s
-}
-
-// SetParts sets the Parts field's value.
-func (s *GetObjectAttributesParts) SetParts(v []*ObjectPart) *GetObjectAttributesParts {
-	s.Parts = v
-	return s
-}
-
-// SetTotalPartsCount sets the TotalPartsCount field's value.
-func (s *GetObjectAttributesParts) SetTotalPartsCount(v int64) *GetObjectAttributesParts {
-	s.TotalPartsCount = &v
-	return s
-}
-
-type GetObjectInput struct {
-	_ struct{} `locationName:"GetObjectRequest" type:"structure"`
-
-	// The bucket name containing the object.
-	//
-	// When using this action with an access point, you must direct requests to
-	// the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com.
-	// When using this action with an access point through the Amazon Web Services
-	// SDKs, you provide the access point ARN in place of the bucket name. For more
-	// information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
-	// in the Amazon S3 User Guide.
-	//
-	// When using an Object Lambda access point the hostname takes the form AccessPointName-AccountId.s3-object-lambda.Region.amazonaws.com.
-	//
-	// When you use this action with Amazon S3 on Outposts, you must direct requests
-	// to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form
-	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When
-	// you use this action with S3 on Outposts through the Amazon Web Services SDKs,
-	// you provide the Outposts access point ARN in place of the bucket name. For
-	// more information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
-	// in the Amazon S3 User Guide.
-	//
-	// Bucket is a required field
-	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
-
-	// To retrieve the checksum, this mode must be enabled.
-	//
-	// The AWS SDK for Go v1 does not support automatic response payload checksum
-	// validation. This feature is available in the AWS SDK for Go v2.
-	ChecksumMode *string `location:"header" locationName:"x-amz-checksum-mode" type:"string" enum:"ChecksumMode"`
-
-	// The account ID of the expected bucket owner. If the bucket is owned by a
-	// different account, the request fails with the HTTP status code 403 Forbidden
-	// (access denied).
-	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
-
-	// Return the object only if its entity tag (ETag) is the same as the one specified;
-	// otherwise, return a 412 (precondition failed) error.
-	IfMatch *string `location:"header" locationName:"If-Match" type:"string"`
-
-	// Return the object only if it has been modified since the specified time;
-	// otherwise, return a 304 (not modified) error.
-	IfModifiedSince *time.Time `location:"header" locationName:"If-Modified-Since" type:"timestamp"`
-
-	// Return the object only if its entity tag (ETag) is different from the one
-	// specified; otherwise, return a 304 (not modified) error.
-	IfNoneMatch *string `location:"header" locationName:"If-None-Match" type:"string"`
-
-	// Return the object only if it has not been modified since the specified time;
-	// otherwise, return a 412 (precondition failed) error.
-	IfUnmodifiedSince *time.Time `location:"header" locationName:"If-Unmodified-Since" type:"timestamp"`
-
-	// Key of the object to get.
-	//
-	// Key is a required field
-	Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"`
-
-	// Part number of the object being read. This is a positive integer between
-	// 1 and 10,000. Effectively performs a 'ranged' GET request for the part specified.
-	// Useful for downloading just a part of an object.
-	PartNumber *int64 `location:"querystring" locationName:"partNumber" type:"integer"`
-
-	// Downloads the specified range bytes of an object. For more information about
-	// the HTTP Range header, see https://www.rfc-editor.org/rfc/rfc9110.html#name-range
-	// (https://www.rfc-editor.org/rfc/rfc9110.html#name-range).
-	//
-	// Amazon S3 doesn't support retrieving multiple ranges of data per GET request.
-	Range *string `location:"header" locationName:"Range" type:"string"`
-
-	// Confirms that the requester knows that they will be charged for the request.
-	// Bucket owners need not specify this parameter in their requests. For information
-	// about downloading objects from Requester Pays buckets, see Downloading Objects
-	// in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
-	// in the Amazon S3 User Guide.
-	RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"`
-
-	// Sets the Cache-Control header of the response.
-	ResponseCacheControl *string `location:"querystring" locationName:"response-cache-control" type:"string"`
-
-	// Sets the Content-Disposition header of the response
-	ResponseContentDisposition *string `location:"querystring" locationName:"response-content-disposition" type:"string"`
-
-	// Sets the Content-Encoding header of the response.
-	ResponseContentEncoding *string `location:"querystring" locationName:"response-content-encoding" type:"string"`
-
-	// Sets the Content-Language header of the response.
-	ResponseContentLanguage *string `location:"querystring" locationName:"response-content-language" type:"string"`
-
-	// Sets the Content-Type header of the response.
-	ResponseContentType *string `location:"querystring" locationName:"response-content-type" type:"string"`
-
-	// Sets the Expires header of the response.
-	ResponseExpires *time.Time `location:"querystring" locationName:"response-expires" type:"timestamp" timestampFormat:"rfc822"`
-
-	// Specifies the algorithm to use to when decrypting the object (for example,
-	// AES256).
-	SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"`
-
-	// Specifies the customer-provided encryption key for Amazon S3 used to encrypt
-	// the data. This value is used to decrypt the object when recovering it and
-	// must match the one used when storing the data. The key must be appropriate
-	// for use with the algorithm specified in the x-amz-server-side-encryption-customer-algorithm
-	// header.
-	//
-	// SSECustomerKey is a sensitive parameter and its value will be
-	// replaced with "sensitive" in string returned by GetObjectInput's
-	// String and GoString methods.
-	SSECustomerKey *string `marshal-as:"blob" location:"header" locationName:"x-amz-server-side-encryption-customer-key" type:"string" sensitive:"true"`
-
-	// Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321.
-	// Amazon S3 uses this header for a message integrity check to ensure that the
-	// encryption key was transmitted without error.
-	SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"`
-
-	// VersionId used to reference a specific version of the object.
-	VersionId *string `location:"querystring" locationName:"versionId" type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetObjectInput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetObjectInput) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *GetObjectInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "GetObjectInput"}
-	if s.Bucket == nil {
-		invalidParams.Add(request.NewErrParamRequired("Bucket"))
-	}
-	if s.Bucket != nil && len(*s.Bucket) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
-	}
-	if s.Key == nil {
-		invalidParams.Add(request.NewErrParamRequired("Key"))
-	}
-	if s.Key != nil && len(*s.Key) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Key", 1))
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetBucket sets the Bucket field's value.
-func (s *GetObjectInput) SetBucket(v string) *GetObjectInput {
-	s.Bucket = &v
-	return s
-}
-
-func (s *GetObjectInput) getBucket() (v string) {
-	if s.Bucket == nil {
-		return v
-	}
-	return *s.Bucket
-}
-
-// SetChecksumMode sets the ChecksumMode field's value.
-func (s *GetObjectInput) SetChecksumMode(v string) *GetObjectInput {
-	s.ChecksumMode = &v
-	return s
-}
-
-// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
-func (s *GetObjectInput) SetExpectedBucketOwner(v string) *GetObjectInput {
-	s.ExpectedBucketOwner = &v
-	return s
-}
-
-// SetIfMatch sets the IfMatch field's value.
-func (s *GetObjectInput) SetIfMatch(v string) *GetObjectInput {
-	s.IfMatch = &v
-	return s
-}
-
-// SetIfModifiedSince sets the IfModifiedSince field's value.
-func (s *GetObjectInput) SetIfModifiedSince(v time.Time) *GetObjectInput {
-	s.IfModifiedSince = &v
-	return s
-}
-
-// SetIfNoneMatch sets the IfNoneMatch field's value.
-func (s *GetObjectInput) SetIfNoneMatch(v string) *GetObjectInput {
-	s.IfNoneMatch = &v
-	return s
-}
-
-// SetIfUnmodifiedSince sets the IfUnmodifiedSince field's value.
-func (s *GetObjectInput) SetIfUnmodifiedSince(v time.Time) *GetObjectInput {
-	s.IfUnmodifiedSince = &v
-	return s
-}
-
-// SetKey sets the Key field's value.
-func (s *GetObjectInput) SetKey(v string) *GetObjectInput {
-	s.Key = &v
-	return s
-}
-
-// SetPartNumber sets the PartNumber field's value.
-func (s *GetObjectInput) SetPartNumber(v int64) *GetObjectInput {
-	s.PartNumber = &v
-	return s
-}
-
-// SetRange sets the Range field's value.
-func (s *GetObjectInput) SetRange(v string) *GetObjectInput {
-	s.Range = &v
-	return s
-}
-
-// SetRequestPayer sets the RequestPayer field's value.
-func (s *GetObjectInput) SetRequestPayer(v string) *GetObjectInput {
-	s.RequestPayer = &v
-	return s
-}
-
-// SetResponseCacheControl sets the ResponseCacheControl field's value.
-func (s *GetObjectInput) SetResponseCacheControl(v string) *GetObjectInput {
-	s.ResponseCacheControl = &v
-	return s
-}
-
-// SetResponseContentDisposition sets the ResponseContentDisposition field's value.
-func (s *GetObjectInput) SetResponseContentDisposition(v string) *GetObjectInput {
-	s.ResponseContentDisposition = &v
-	return s
-}
-
-// SetResponseContentEncoding sets the ResponseContentEncoding field's value.
-func (s *GetObjectInput) SetResponseContentEncoding(v string) *GetObjectInput {
-	s.ResponseContentEncoding = &v
-	return s
-}
-
-// SetResponseContentLanguage sets the ResponseContentLanguage field's value.
-func (s *GetObjectInput) SetResponseContentLanguage(v string) *GetObjectInput {
-	s.ResponseContentLanguage = &v
-	return s
-}
-
-// SetResponseContentType sets the ResponseContentType field's value.
-func (s *GetObjectInput) SetResponseContentType(v string) *GetObjectInput {
-	s.ResponseContentType = &v
-	return s
-}
-
-// SetResponseExpires sets the ResponseExpires field's value.
-func (s *GetObjectInput) SetResponseExpires(v time.Time) *GetObjectInput {
-	s.ResponseExpires = &v
-	return s
-}
-
-// SetSSECustomerAlgorithm sets the SSECustomerAlgorithm field's value.
-func (s *GetObjectInput) SetSSECustomerAlgorithm(v string) *GetObjectInput {
-	s.SSECustomerAlgorithm = &v
-	return s
-}
-
-// SetSSECustomerKey sets the SSECustomerKey field's value.
-func (s *GetObjectInput) SetSSECustomerKey(v string) *GetObjectInput {
-	s.SSECustomerKey = &v
-	return s
-}
-
-func (s *GetObjectInput) getSSECustomerKey() (v string) {
-	if s.SSECustomerKey == nil {
-		return v
-	}
-	return *s.SSECustomerKey
-}
-
-// SetSSECustomerKeyMD5 sets the SSECustomerKeyMD5 field's value.
-func (s *GetObjectInput) SetSSECustomerKeyMD5(v string) *GetObjectInput {
-	s.SSECustomerKeyMD5 = &v
-	return s
-}
-
-// SetVersionId sets the VersionId field's value.
-func (s *GetObjectInput) SetVersionId(v string) *GetObjectInput {
-	s.VersionId = &v
-	return s
-}
-
-func (s *GetObjectInput) getEndpointARN() (arn.Resource, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	return parseEndpointARN(*s.Bucket)
-}
-
-func (s *GetObjectInput) hasEndpointARN() bool {
-	if s.Bucket == nil {
-		return false
-	}
-	return arn.IsARN(*s.Bucket)
-}
-
-// updateArnableField updates the value of the input field that
-// takes an ARN as an input. This method is useful to backfill
-// the parsed resource name from ARN into the input member.
-// It returns a pointer to a modified copy of input and an error.
-// Note that original input is not modified.
-func (s GetObjectInput) updateArnableField(v string) (interface{}, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	s.Bucket = aws.String(v)
-	return &s, nil
-}
-
-type GetObjectLegalHoldInput struct {
-	_ struct{} `locationName:"GetObjectLegalHoldRequest" type:"structure"`
-
-	// The bucket name containing the object whose legal hold status you want to
-	// retrieve.
-	//
-	// When using this action with an access point, you must direct requests to
-	// the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com.
-	// When using this action with an access point through the Amazon Web Services
-	// SDKs, you provide the access point ARN in place of the bucket name. For more
-	// information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
-	// in the Amazon S3 User Guide.
-	//
-	// Bucket is a required field
-	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
-
-	// The account ID of the expected bucket owner. If the bucket is owned by a
-	// different account, the request fails with the HTTP status code 403 Forbidden
-	// (access denied).
-	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
-
-	// The key name for the object whose legal hold status you want to retrieve.
-	//
-	// Key is a required field
-	Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"`
-
-	// Confirms that the requester knows that they will be charged for the request.
-	// Bucket owners need not specify this parameter in their requests. For information
-	// about downloading objects from Requester Pays buckets, see Downloading Objects
-	// in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
-	// in the Amazon S3 User Guide.
-	RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"`
-
-	// The version ID of the object whose legal hold status you want to retrieve.
-	VersionId *string `location:"querystring" locationName:"versionId" type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetObjectLegalHoldInput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetObjectLegalHoldInput) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *GetObjectLegalHoldInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "GetObjectLegalHoldInput"}
-	if s.Bucket == nil {
-		invalidParams.Add(request.NewErrParamRequired("Bucket"))
-	}
-	if s.Bucket != nil && len(*s.Bucket) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
-	}
-	if s.Key == nil {
-		invalidParams.Add(request.NewErrParamRequired("Key"))
-	}
-	if s.Key != nil && len(*s.Key) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Key", 1))
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetBucket sets the Bucket field's value.
-func (s *GetObjectLegalHoldInput) SetBucket(v string) *GetObjectLegalHoldInput {
-	s.Bucket = &v
-	return s
-}
-
-func (s *GetObjectLegalHoldInput) getBucket() (v string) {
-	if s.Bucket == nil {
-		return v
-	}
-	return *s.Bucket
-}
-
-// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
-func (s *GetObjectLegalHoldInput) SetExpectedBucketOwner(v string) *GetObjectLegalHoldInput {
-	s.ExpectedBucketOwner = &v
-	return s
-}
-
-// SetKey sets the Key field's value.
-func (s *GetObjectLegalHoldInput) SetKey(v string) *GetObjectLegalHoldInput {
-	s.Key = &v
-	return s
-}
-
-// SetRequestPayer sets the RequestPayer field's value.
-func (s *GetObjectLegalHoldInput) SetRequestPayer(v string) *GetObjectLegalHoldInput {
-	s.RequestPayer = &v
-	return s
-}
-
-// SetVersionId sets the VersionId field's value.
-func (s *GetObjectLegalHoldInput) SetVersionId(v string) *GetObjectLegalHoldInput {
-	s.VersionId = &v
-	return s
-}
-
-func (s *GetObjectLegalHoldInput) getEndpointARN() (arn.Resource, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	return parseEndpointARN(*s.Bucket)
-}
-
-func (s *GetObjectLegalHoldInput) hasEndpointARN() bool {
-	if s.Bucket == nil {
-		return false
-	}
-	return arn.IsARN(*s.Bucket)
-}
-
-// updateArnableField updates the value of the input field that
-// takes an ARN as an input. This method is useful to backfill
-// the parsed resource name from ARN into the input member.
-// It returns a pointer to a modified copy of input and an error.
-// Note that original input is not modified.
-func (s GetObjectLegalHoldInput) updateArnableField(v string) (interface{}, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	s.Bucket = aws.String(v)
-	return &s, nil
-}
-
-type GetObjectLegalHoldOutput struct {
-	_ struct{} `type:"structure" payload:"LegalHold"`
-
-	// The current legal hold status for the specified object.
-	LegalHold *ObjectLockLegalHold `type:"structure"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetObjectLegalHoldOutput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetObjectLegalHoldOutput) GoString() string {
-	return s.String()
-}
-
-// SetLegalHold sets the LegalHold field's value.
-func (s *GetObjectLegalHoldOutput) SetLegalHold(v *ObjectLockLegalHold) *GetObjectLegalHoldOutput {
-	s.LegalHold = v
-	return s
-}
-
-type GetObjectLockConfigurationInput struct {
-	_ struct{} `locationName:"GetObjectLockConfigurationRequest" type:"structure"`
-
-	// The bucket whose Object Lock configuration you want to retrieve.
-	//
-	// When using this action with an access point, you must direct requests to
-	// the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com.
-	// When using this action with an access point through the Amazon Web Services
-	// SDKs, you provide the access point ARN in place of the bucket name. For more
-	// information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
-	// in the Amazon S3 User Guide.
-	//
-	// Bucket is a required field
-	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
-
-	// The account ID of the expected bucket owner. If the bucket is owned by a
-	// different account, the request fails with the HTTP status code 403 Forbidden
-	// (access denied).
-	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetObjectLockConfigurationInput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetObjectLockConfigurationInput) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *GetObjectLockConfigurationInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "GetObjectLockConfigurationInput"}
-	if s.Bucket == nil {
-		invalidParams.Add(request.NewErrParamRequired("Bucket"))
-	}
-	if s.Bucket != nil && len(*s.Bucket) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetBucket sets the Bucket field's value.
-func (s *GetObjectLockConfigurationInput) SetBucket(v string) *GetObjectLockConfigurationInput {
-	s.Bucket = &v
-	return s
-}
-
-func (s *GetObjectLockConfigurationInput) getBucket() (v string) {
-	if s.Bucket == nil {
-		return v
-	}
-	return *s.Bucket
-}
-
-// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
-func (s *GetObjectLockConfigurationInput) SetExpectedBucketOwner(v string) *GetObjectLockConfigurationInput {
-	s.ExpectedBucketOwner = &v
-	return s
-}
-
-func (s *GetObjectLockConfigurationInput) getEndpointARN() (arn.Resource, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	return parseEndpointARN(*s.Bucket)
-}
-
-func (s *GetObjectLockConfigurationInput) hasEndpointARN() bool {
-	if s.Bucket == nil {
-		return false
-	}
-	return arn.IsARN(*s.Bucket)
-}
-
-// updateArnableField updates the value of the input field that
-// takes an ARN as an input. This method is useful to backfill
-// the parsed resource name from ARN into the input member.
-// It returns a pointer to a modified copy of input and an error.
-// Note that original input is not modified.
-func (s GetObjectLockConfigurationInput) updateArnableField(v string) (interface{}, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	s.Bucket = aws.String(v)
-	return &s, nil
-}
-
-type GetObjectLockConfigurationOutput struct {
-	_ struct{} `type:"structure" payload:"ObjectLockConfiguration"`
-
-	// The specified bucket's Object Lock configuration.
-	ObjectLockConfiguration *ObjectLockConfiguration `type:"structure"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetObjectLockConfigurationOutput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetObjectLockConfigurationOutput) GoString() string {
-	return s.String()
-}
-
-// SetObjectLockConfiguration sets the ObjectLockConfiguration field's value.
-func (s *GetObjectLockConfigurationOutput) SetObjectLockConfiguration(v *ObjectLockConfiguration) *GetObjectLockConfigurationOutput {
-	s.ObjectLockConfiguration = v
-	return s
-}
-
-type GetObjectOutput struct {
-	_ struct{} `type:"structure" payload:"Body"`
-
-	// Indicates that a range of bytes was specified.
-	AcceptRanges *string `location:"header" locationName:"accept-ranges" type:"string"`
-
-	// Object data.
-	Body io.ReadCloser `type:"blob"`
-
-	// Indicates whether the object uses an S3 Bucket Key for server-side encryption
-	// with Key Management Service (KMS) keys (SSE-KMS).
-	BucketKeyEnabled *bool `location:"header" locationName:"x-amz-server-side-encryption-bucket-key-enabled" type:"boolean"`
-
-	// Specifies caching behavior along the request/reply chain.
-	CacheControl *string `location:"header" locationName:"Cache-Control" type:"string"`
-
-	// The base64-encoded, 32-bit CRC32 checksum of the object. This will only be
-	// present if it was uploaded with the object. With multipart uploads, this
-	// may not be a checksum value of the object. For more information about how
-	// checksums are calculated with multipart uploads, see Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
-	// in the Amazon S3 User Guide.
-	ChecksumCRC32 *string `location:"header" locationName:"x-amz-checksum-crc32" type:"string"`
-
-	// The base64-encoded, 32-bit CRC32C checksum of the object. This will only
-	// be present if it was uploaded with the object. With multipart uploads, this
-	// may not be a checksum value of the object. For more information about how
-	// checksums are calculated with multipart uploads, see Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
-	// in the Amazon S3 User Guide.
-	ChecksumCRC32C *string `location:"header" locationName:"x-amz-checksum-crc32c" type:"string"`
-
-	// The base64-encoded, 160-bit SHA-1 digest of the object. This will only be
-	// present if it was uploaded with the object. With multipart uploads, this
-	// may not be a checksum value of the object. For more information about how
-	// checksums are calculated with multipart uploads, see Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
-	// in the Amazon S3 User Guide.
-	ChecksumSHA1 *string `location:"header" locationName:"x-amz-checksum-sha1" type:"string"`
-
-	// The base64-encoded, 256-bit SHA-256 digest of the object. This will only
-	// be present if it was uploaded with the object. With multipart uploads, this
-	// may not be a checksum value of the object. For more information about how
-	// checksums are calculated with multipart uploads, see Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
-	// in the Amazon S3 User Guide.
-	ChecksumSHA256 *string `location:"header" locationName:"x-amz-checksum-sha256" type:"string"`
-
-	// Specifies presentational information for the object.
-	ContentDisposition *string `location:"header" locationName:"Content-Disposition" type:"string"`
-
-	// Specifies what content encodings have been applied to the object and thus
-	// what decoding mechanisms must be applied to obtain the media-type referenced
-	// by the Content-Type header field.
-	ContentEncoding *string `location:"header" locationName:"Content-Encoding" type:"string"`
-
-	// The language the content is in.
-	ContentLanguage *string `location:"header" locationName:"Content-Language" type:"string"`
-
-	// Size of the body in bytes.
-	ContentLength *int64 `location:"header" locationName:"Content-Length" type:"long"`
-
-	// The portion of the object returned in the response.
-	ContentRange *string `location:"header" locationName:"Content-Range" type:"string"`
-
-	// A standard MIME type describing the format of the object data.
-	ContentType *string `location:"header" locationName:"Content-Type" type:"string"`
-
-	// Specifies whether the object retrieved was (true) or was not (false) a Delete
-	// Marker. If false, this response header does not appear in the response.
-	DeleteMarker *bool `location:"header" locationName:"x-amz-delete-marker" type:"boolean"`
-
-	// An entity tag (ETag) is an opaque identifier assigned by a web server to
-	// a specific version of a resource found at a URL.
-	ETag *string `location:"header" locationName:"ETag" type:"string"`
-
-	// If the object expiration is configured (see PUT Bucket lifecycle), the response
-	// includes this header. It includes the expiry-date and rule-id key-value pairs
-	// providing object expiration information. The value of the rule-id is URL-encoded.
-	Expiration *string `location:"header" locationName:"x-amz-expiration" type:"string"`
-
-	// The date and time at which the object is no longer cacheable.
-	Expires *string `location:"header" locationName:"Expires" type:"string"`
-
-	// Creation date of the object.
-	LastModified *time.Time `location:"header" locationName:"Last-Modified" type:"timestamp"`
-
-	// A map of metadata to store with the object in S3.
-	//
-	// By default unmarshaled keys are written as a map keys in following canonicalized format:
-	// the first letter and any letter following a hyphen will be capitalized, and the rest as lowercase.
-	// Set `aws.Config.LowerCaseHeaderMaps` to `true` to write unmarshaled keys to the map as lowercase.
-	Metadata map[string]*string `location:"headers" locationName:"x-amz-meta-" type:"map"`
-
-	// This is set to the number of metadata entries not returned in x-amz-meta
-	// headers. This can happen if you create metadata using an API like SOAP that
-	// supports more flexible metadata than the REST API. For example, using SOAP,
-	// you can create metadata whose values are not legal HTTP headers.
-	MissingMeta *int64 `location:"header" locationName:"x-amz-missing-meta" type:"integer"`
-
-	// Indicates whether this object has an active legal hold. This field is only
-	// returned if you have permission to view an object's legal hold status.
-	ObjectLockLegalHoldStatus *string `location:"header" locationName:"x-amz-object-lock-legal-hold" type:"string" enum:"ObjectLockLegalHoldStatus"`
-
-	// The Object Lock mode currently in place for this object.
-	ObjectLockMode *string `location:"header" locationName:"x-amz-object-lock-mode" type:"string" enum:"ObjectLockMode"`
-
-	// The date and time when this object's Object Lock will expire.
-	ObjectLockRetainUntilDate *time.Time `location:"header" locationName:"x-amz-object-lock-retain-until-date" type:"timestamp" timestampFormat:"iso8601"`
-
-	// The count of parts this object has. This value is only returned if you specify
-	// partNumber in your request and the object was uploaded as a multipart upload.
-	PartsCount *int64 `location:"header" locationName:"x-amz-mp-parts-count" type:"integer"`
-
-	// Amazon S3 can return this if your request involves a bucket that is either
-	// a source or destination in a replication rule.
-	ReplicationStatus *string `location:"header" locationName:"x-amz-replication-status" type:"string" enum:"ReplicationStatus"`
-
-	// If present, indicates that the requester was successfully charged for the
-	// request.
-	RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"`
-
-	// Provides information about object restoration action and expiration time
-	// of the restored object copy.
-	Restore *string `location:"header" locationName:"x-amz-restore" type:"string"`
-
-	// If server-side encryption with a customer-provided encryption key was requested,
-	// the response will include this header confirming the encryption algorithm
-	// used.
-	SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"`
-
-	// If server-side encryption with a customer-provided encryption key was requested,
-	// the response will include this header to provide round-trip message integrity
-	// verification of the customer-provided encryption key.
-	SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"`
-
-	// If present, specifies the ID of the Key Management Service (KMS) symmetric
-	// encryption customer managed key that was used for the object.
-	//
-	// SSEKMSKeyId is a sensitive parameter and its value will be
-	// replaced with "sensitive" in string returned by GetObjectOutput's
-	// String and GoString methods.
-	SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"`
-
-	// The server-side encryption algorithm used when storing this object in Amazon
-	// S3 (for example, AES256, aws:kms, aws:kms:dsse).
-	ServerSideEncryption *string `location:"header" locationName:"x-amz-server-side-encryption" type:"string" enum:"ServerSideEncryption"`
-
-	// Provides storage class information of the object. Amazon S3 returns this
-	// header for all objects except for S3 Standard storage class objects.
-	StorageClass *string `location:"header" locationName:"x-amz-storage-class" type:"string" enum:"StorageClass"`
-
-	// The number of tags, if any, on the object.
-	TagCount *int64 `location:"header" locationName:"x-amz-tagging-count" type:"integer"`
-
-	// Version of the object.
-	VersionId *string `location:"header" locationName:"x-amz-version-id" type:"string"`
-
-	// If the bucket is configured as a website, redirects requests for this object
-	// to another object in the same bucket or to an external URL. Amazon S3 stores
-	// the value of this header in the object metadata.
-	WebsiteRedirectLocation *string `location:"header" locationName:"x-amz-website-redirect-location" type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetObjectOutput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetObjectOutput) GoString() string {
-	return s.String()
-}
-
-// SetAcceptRanges sets the AcceptRanges field's value.
-func (s *GetObjectOutput) SetAcceptRanges(v string) *GetObjectOutput {
-	s.AcceptRanges = &v
-	return s
-}
-
-// SetBody sets the Body field's value.
-func (s *GetObjectOutput) SetBody(v io.ReadCloser) *GetObjectOutput {
-	s.Body = v
-	return s
-}
-
-// SetBucketKeyEnabled sets the BucketKeyEnabled field's value.
-func (s *GetObjectOutput) SetBucketKeyEnabled(v bool) *GetObjectOutput {
-	s.BucketKeyEnabled = &v
-	return s
-}
-
-// SetCacheControl sets the CacheControl field's value.
-func (s *GetObjectOutput) SetCacheControl(v string) *GetObjectOutput {
-	s.CacheControl = &v
-	return s
-}
-
-// SetChecksumCRC32 sets the ChecksumCRC32 field's value.
-func (s *GetObjectOutput) SetChecksumCRC32(v string) *GetObjectOutput {
-	s.ChecksumCRC32 = &v
-	return s
-}
-
-// SetChecksumCRC32C sets the ChecksumCRC32C field's value.
-func (s *GetObjectOutput) SetChecksumCRC32C(v string) *GetObjectOutput {
-	s.ChecksumCRC32C = &v
-	return s
-}
-
-// SetChecksumSHA1 sets the ChecksumSHA1 field's value.
-func (s *GetObjectOutput) SetChecksumSHA1(v string) *GetObjectOutput {
-	s.ChecksumSHA1 = &v
-	return s
-}
-
-// SetChecksumSHA256 sets the ChecksumSHA256 field's value.
-func (s *GetObjectOutput) SetChecksumSHA256(v string) *GetObjectOutput {
-	s.ChecksumSHA256 = &v
-	return s
-}
-
-// SetContentDisposition sets the ContentDisposition field's value.
-func (s *GetObjectOutput) SetContentDisposition(v string) *GetObjectOutput {
-	s.ContentDisposition = &v
-	return s
-}
-
-// SetContentEncoding sets the ContentEncoding field's value.
-func (s *GetObjectOutput) SetContentEncoding(v string) *GetObjectOutput {
-	s.ContentEncoding = &v
-	return s
-}
-
-// SetContentLanguage sets the ContentLanguage field's value.
-func (s *GetObjectOutput) SetContentLanguage(v string) *GetObjectOutput {
-	s.ContentLanguage = &v
-	return s
-}
-
-// SetContentLength sets the ContentLength field's value.
-func (s *GetObjectOutput) SetContentLength(v int64) *GetObjectOutput {
-	s.ContentLength = &v
-	return s
-}
-
-// SetContentRange sets the ContentRange field's value.
-func (s *GetObjectOutput) SetContentRange(v string) *GetObjectOutput {
-	s.ContentRange = &v
-	return s
-}
-
-// SetContentType sets the ContentType field's value.
-func (s *GetObjectOutput) SetContentType(v string) *GetObjectOutput {
-	s.ContentType = &v
-	return s
-}
-
-// SetDeleteMarker sets the DeleteMarker field's value.
-func (s *GetObjectOutput) SetDeleteMarker(v bool) *GetObjectOutput {
-	s.DeleteMarker = &v
-	return s
-}
-
-// SetETag sets the ETag field's value.
-func (s *GetObjectOutput) SetETag(v string) *GetObjectOutput {
-	s.ETag = &v
-	return s
-}
-
-// SetExpiration sets the Expiration field's value.
-func (s *GetObjectOutput) SetExpiration(v string) *GetObjectOutput {
-	s.Expiration = &v
-	return s
-}
-
-// SetExpires sets the Expires field's value.
-func (s *GetObjectOutput) SetExpires(v string) *GetObjectOutput {
-	s.Expires = &v
-	return s
-}
-
-// SetLastModified sets the LastModified field's value.
-func (s *GetObjectOutput) SetLastModified(v time.Time) *GetObjectOutput {
-	s.LastModified = &v
-	return s
-}
-
-// SetMetadata sets the Metadata field's value.
-func (s *GetObjectOutput) SetMetadata(v map[string]*string) *GetObjectOutput {
-	s.Metadata = v
-	return s
-}
-
-// SetMissingMeta sets the MissingMeta field's value.
-func (s *GetObjectOutput) SetMissingMeta(v int64) *GetObjectOutput {
-	s.MissingMeta = &v
-	return s
-}
-
-// SetObjectLockLegalHoldStatus sets the ObjectLockLegalHoldStatus field's value.
-func (s *GetObjectOutput) SetObjectLockLegalHoldStatus(v string) *GetObjectOutput {
-	s.ObjectLockLegalHoldStatus = &v
-	return s
-}
-
-// SetObjectLockMode sets the ObjectLockMode field's value.
-func (s *GetObjectOutput) SetObjectLockMode(v string) *GetObjectOutput {
-	s.ObjectLockMode = &v
-	return s
-}
-
-// SetObjectLockRetainUntilDate sets the ObjectLockRetainUntilDate field's value.
-func (s *GetObjectOutput) SetObjectLockRetainUntilDate(v time.Time) *GetObjectOutput {
-	s.ObjectLockRetainUntilDate = &v
-	return s
-}
-
-// SetPartsCount sets the PartsCount field's value.
-func (s *GetObjectOutput) SetPartsCount(v int64) *GetObjectOutput {
-	s.PartsCount = &v
-	return s
-}
-
-// SetReplicationStatus sets the ReplicationStatus field's value.
-func (s *GetObjectOutput) SetReplicationStatus(v string) *GetObjectOutput {
-	s.ReplicationStatus = &v
-	return s
-}
-
-// SetRequestCharged sets the RequestCharged field's value.
-func (s *GetObjectOutput) SetRequestCharged(v string) *GetObjectOutput {
-	s.RequestCharged = &v
-	return s
-}
-
-// SetRestore sets the Restore field's value.
-func (s *GetObjectOutput) SetRestore(v string) *GetObjectOutput {
-	s.Restore = &v
-	return s
-}
-
-// SetSSECustomerAlgorithm sets the SSECustomerAlgorithm field's value.
-func (s *GetObjectOutput) SetSSECustomerAlgorithm(v string) *GetObjectOutput {
-	s.SSECustomerAlgorithm = &v
-	return s
-}
-
-// SetSSECustomerKeyMD5 sets the SSECustomerKeyMD5 field's value.
-func (s *GetObjectOutput) SetSSECustomerKeyMD5(v string) *GetObjectOutput {
-	s.SSECustomerKeyMD5 = &v
-	return s
-}
-
-// SetSSEKMSKeyId sets the SSEKMSKeyId field's value.
-func (s *GetObjectOutput) SetSSEKMSKeyId(v string) *GetObjectOutput {
-	s.SSEKMSKeyId = &v
-	return s
-}
-
-// SetServerSideEncryption sets the ServerSideEncryption field's value.
-func (s *GetObjectOutput) SetServerSideEncryption(v string) *GetObjectOutput {
-	s.ServerSideEncryption = &v
-	return s
-}
-
-// SetStorageClass sets the StorageClass field's value.
-func (s *GetObjectOutput) SetStorageClass(v string) *GetObjectOutput {
-	s.StorageClass = &v
-	return s
-}
-
-// SetTagCount sets the TagCount field's value.
-func (s *GetObjectOutput) SetTagCount(v int64) *GetObjectOutput {
-	s.TagCount = &v
-	return s
-}
-
-// SetVersionId sets the VersionId field's value.
-func (s *GetObjectOutput) SetVersionId(v string) *GetObjectOutput {
-	s.VersionId = &v
-	return s
-}
-
-// SetWebsiteRedirectLocation sets the WebsiteRedirectLocation field's value.
-func (s *GetObjectOutput) SetWebsiteRedirectLocation(v string) *GetObjectOutput {
-	s.WebsiteRedirectLocation = &v
-	return s
-}
-
-type GetObjectRetentionInput struct {
-	_ struct{} `locationName:"GetObjectRetentionRequest" type:"structure"`
-
-	// The bucket name containing the object whose retention settings you want to
-	// retrieve.
-	//
-	// When using this action with an access point, you must direct requests to
-	// the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com.
-	// When using this action with an access point through the Amazon Web Services
-	// SDKs, you provide the access point ARN in place of the bucket name. For more
-	// information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
-	// in the Amazon S3 User Guide.
-	//
-	// Bucket is a required field
-	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
-
-	// The account ID of the expected bucket owner. If the bucket is owned by a
-	// different account, the request fails with the HTTP status code 403 Forbidden
-	// (access denied).
-	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
-
-	// The key name for the object whose retention settings you want to retrieve.
-	//
-	// Key is a required field
-	Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"`
-
-	// Confirms that the requester knows that they will be charged for the request.
-	// Bucket owners need not specify this parameter in their requests. For information
-	// about downloading objects from Requester Pays buckets, see Downloading Objects
-	// in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
-	// in the Amazon S3 User Guide.
-	RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"`
-
-	// The version ID for the object whose retention settings you want to retrieve.
-	VersionId *string `location:"querystring" locationName:"versionId" type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetObjectRetentionInput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetObjectRetentionInput) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *GetObjectRetentionInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "GetObjectRetentionInput"}
-	if s.Bucket == nil {
-		invalidParams.Add(request.NewErrParamRequired("Bucket"))
-	}
-	if s.Bucket != nil && len(*s.Bucket) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
-	}
-	if s.Key == nil {
-		invalidParams.Add(request.NewErrParamRequired("Key"))
-	}
-	if s.Key != nil && len(*s.Key) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Key", 1))
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetBucket sets the Bucket field's value.
-func (s *GetObjectRetentionInput) SetBucket(v string) *GetObjectRetentionInput {
-	s.Bucket = &v
-	return s
-}
-
-func (s *GetObjectRetentionInput) getBucket() (v string) {
-	if s.Bucket == nil {
-		return v
-	}
-	return *s.Bucket
-}
-
-// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
-func (s *GetObjectRetentionInput) SetExpectedBucketOwner(v string) *GetObjectRetentionInput {
-	s.ExpectedBucketOwner = &v
-	return s
-}
-
-// SetKey sets the Key field's value.
-func (s *GetObjectRetentionInput) SetKey(v string) *GetObjectRetentionInput {
-	s.Key = &v
-	return s
-}
-
-// SetRequestPayer sets the RequestPayer field's value.
-func (s *GetObjectRetentionInput) SetRequestPayer(v string) *GetObjectRetentionInput {
-	s.RequestPayer = &v
-	return s
-}
-
-// SetVersionId sets the VersionId field's value.
-func (s *GetObjectRetentionInput) SetVersionId(v string) *GetObjectRetentionInput {
-	s.VersionId = &v
-	return s
-}
-
-func (s *GetObjectRetentionInput) getEndpointARN() (arn.Resource, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	return parseEndpointARN(*s.Bucket)
-}
-
-func (s *GetObjectRetentionInput) hasEndpointARN() bool {
-	if s.Bucket == nil {
-		return false
-	}
-	return arn.IsARN(*s.Bucket)
-}
-
-// updateArnableField updates the value of the input field that
-// takes an ARN as an input. This method is useful to backfill
-// the parsed resource name from ARN into the input member.
-// It returns a pointer to a modified copy of input and an error.
-// Note that original input is not modified.
-func (s GetObjectRetentionInput) updateArnableField(v string) (interface{}, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	s.Bucket = aws.String(v)
-	return &s, nil
-}
-
-type GetObjectRetentionOutput struct {
-	_ struct{} `type:"structure" payload:"Retention"`
-
-	// The container element for an object's retention settings.
-	Retention *ObjectLockRetention `type:"structure"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetObjectRetentionOutput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetObjectRetentionOutput) GoString() string {
-	return s.String()
-}
-
-// SetRetention sets the Retention field's value.
-func (s *GetObjectRetentionOutput) SetRetention(v *ObjectLockRetention) *GetObjectRetentionOutput {
-	s.Retention = v
-	return s
-}
-
-type GetObjectTaggingInput struct {
-	_ struct{} `locationName:"GetObjectTaggingRequest" type:"structure"`
-
-	// The bucket name containing the object for which to get the tagging information.
-	//
-	// When using this action with an access point, you must direct requests to
-	// the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com.
-	// When using this action with an access point through the Amazon Web Services
-	// SDKs, you provide the access point ARN in place of the bucket name. For more
-	// information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
-	// in the Amazon S3 User Guide.
-	//
-	// When you use this action with Amazon S3 on Outposts, you must direct requests
-	// to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form
-	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When
-	// you use this action with S3 on Outposts through the Amazon Web Services SDKs,
-	// you provide the Outposts access point ARN in place of the bucket name. For
-	// more information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
-	// in the Amazon S3 User Guide.
-	//
-	// Bucket is a required field
-	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
-
-	// The account ID of the expected bucket owner. If the bucket is owned by a
-	// different account, the request fails with the HTTP status code 403 Forbidden
-	// (access denied).
-	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
-
-	// Object key for which to get the tagging information.
-	//
-	// Key is a required field
-	Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"`
-
-	// Confirms that the requester knows that they will be charged for the request.
-	// Bucket owners need not specify this parameter in their requests. For information
-	// about downloading objects from Requester Pays buckets, see Downloading Objects
-	// in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
-	// in the Amazon S3 User Guide.
-	RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"`
-
-	// The versionId of the object for which to get the tagging information.
-	VersionId *string `location:"querystring" locationName:"versionId" type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetObjectTaggingInput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetObjectTaggingInput) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *GetObjectTaggingInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "GetObjectTaggingInput"}
-	if s.Bucket == nil {
-		invalidParams.Add(request.NewErrParamRequired("Bucket"))
-	}
-	if s.Bucket != nil && len(*s.Bucket) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
-	}
-	if s.Key == nil {
-		invalidParams.Add(request.NewErrParamRequired("Key"))
-	}
-	if s.Key != nil && len(*s.Key) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Key", 1))
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetBucket sets the Bucket field's value.
-func (s *GetObjectTaggingInput) SetBucket(v string) *GetObjectTaggingInput {
-	s.Bucket = &v
-	return s
-}
-
-func (s *GetObjectTaggingInput) getBucket() (v string) {
-	if s.Bucket == nil {
-		return v
-	}
-	return *s.Bucket
-}
-
-// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
-func (s *GetObjectTaggingInput) SetExpectedBucketOwner(v string) *GetObjectTaggingInput {
-	s.ExpectedBucketOwner = &v
-	return s
-}
-
-// SetKey sets the Key field's value.
-func (s *GetObjectTaggingInput) SetKey(v string) *GetObjectTaggingInput {
-	s.Key = &v
-	return s
-}
-
-// SetRequestPayer sets the RequestPayer field's value.
-func (s *GetObjectTaggingInput) SetRequestPayer(v string) *GetObjectTaggingInput {
-	s.RequestPayer = &v
-	return s
-}
-
-// SetVersionId sets the VersionId field's value.
-func (s *GetObjectTaggingInput) SetVersionId(v string) *GetObjectTaggingInput {
-	s.VersionId = &v
-	return s
-}
-
-func (s *GetObjectTaggingInput) getEndpointARN() (arn.Resource, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	return parseEndpointARN(*s.Bucket)
-}
-
-func (s *GetObjectTaggingInput) hasEndpointARN() bool {
-	if s.Bucket == nil {
-		return false
-	}
-	return arn.IsARN(*s.Bucket)
-}
-
-// updateArnableField updates the value of the input field that
-// takes an ARN as an input. This method is useful to backfill
-// the parsed resource name from ARN into the input member.
-// It returns a pointer to a modified copy of input and an error.
-// Note that original input is not modified.
-func (s GetObjectTaggingInput) updateArnableField(v string) (interface{}, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	s.Bucket = aws.String(v)
-	return &s, nil
-}
-
-type GetObjectTaggingOutput struct {
-	_ struct{} `type:"structure"`
-
-	// Contains the tag set.
-	//
-	// TagSet is a required field
-	TagSet []*Tag `locationNameList:"Tag" type:"list" required:"true"`
-
-	// The versionId of the object for which you got the tagging information.
-	VersionId *string `location:"header" locationName:"x-amz-version-id" type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetObjectTaggingOutput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetObjectTaggingOutput) GoString() string {
-	return s.String()
-}
-
-// SetTagSet sets the TagSet field's value.
-func (s *GetObjectTaggingOutput) SetTagSet(v []*Tag) *GetObjectTaggingOutput {
-	s.TagSet = v
-	return s
-}
-
-// SetVersionId sets the VersionId field's value.
-func (s *GetObjectTaggingOutput) SetVersionId(v string) *GetObjectTaggingOutput {
-	s.VersionId = &v
-	return s
-}
-
-type GetObjectTorrentInput struct {
-	_ struct{} `locationName:"GetObjectTorrentRequest" type:"structure"`
-
-	// The name of the bucket containing the object for which to get the torrent
-	// files.
-	//
-	// Bucket is a required field
-	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
-
-	// The account ID of the expected bucket owner. If the bucket is owned by a
-	// different account, the request fails with the HTTP status code 403 Forbidden
-	// (access denied).
-	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
-
-	// The object key for which to get the information.
-	//
-	// Key is a required field
-	Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"`
-
-	// Confirms that the requester knows that they will be charged for the request.
-	// Bucket owners need not specify this parameter in their requests. For information
-	// about downloading objects from Requester Pays buckets, see Downloading Objects
-	// in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
-	// in the Amazon S3 User Guide.
-	RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetObjectTorrentInput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetObjectTorrentInput) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *GetObjectTorrentInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "GetObjectTorrentInput"}
-	if s.Bucket == nil {
-		invalidParams.Add(request.NewErrParamRequired("Bucket"))
-	}
-	if s.Bucket != nil && len(*s.Bucket) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
-	}
-	if s.Key == nil {
-		invalidParams.Add(request.NewErrParamRequired("Key"))
-	}
-	if s.Key != nil && len(*s.Key) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Key", 1))
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetBucket sets the Bucket field's value.
-func (s *GetObjectTorrentInput) SetBucket(v string) *GetObjectTorrentInput {
-	s.Bucket = &v
-	return s
-}
-
-func (s *GetObjectTorrentInput) getBucket() (v string) {
-	if s.Bucket == nil {
-		return v
-	}
-	return *s.Bucket
-}
-
-// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
-func (s *GetObjectTorrentInput) SetExpectedBucketOwner(v string) *GetObjectTorrentInput {
-	s.ExpectedBucketOwner = &v
-	return s
-}
-
-// SetKey sets the Key field's value.
-func (s *GetObjectTorrentInput) SetKey(v string) *GetObjectTorrentInput {
-	s.Key = &v
-	return s
-}
-
-// SetRequestPayer sets the RequestPayer field's value.
-func (s *GetObjectTorrentInput) SetRequestPayer(v string) *GetObjectTorrentInput {
-	s.RequestPayer = &v
-	return s
-}
-
-func (s *GetObjectTorrentInput) getEndpointARN() (arn.Resource, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	return parseEndpointARN(*s.Bucket)
-}
-
-func (s *GetObjectTorrentInput) hasEndpointARN() bool {
-	if s.Bucket == nil {
-		return false
-	}
-	return arn.IsARN(*s.Bucket)
-}
-
-// updateArnableField updates the value of the input field that
-// takes an ARN as an input. This method is useful to backfill
-// the parsed resource name from ARN into the input member.
-// It returns a pointer to a modified copy of input and an error.
-// Note that original input is not modified.
-func (s GetObjectTorrentInput) updateArnableField(v string) (interface{}, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	s.Bucket = aws.String(v)
-	return &s, nil
-}
-
-type GetObjectTorrentOutput struct {
-	_ struct{} `type:"structure" payload:"Body"`
-
-	// A Bencoded dictionary as defined by the BitTorrent specification
-	Body io.ReadCloser `type:"blob"`
-
-	// If present, indicates that the requester was successfully charged for the
-	// request.
-	RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetObjectTorrentOutput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetObjectTorrentOutput) GoString() string {
-	return s.String()
-}
-
-// SetBody sets the Body field's value.
-func (s *GetObjectTorrentOutput) SetBody(v io.ReadCloser) *GetObjectTorrentOutput {
-	s.Body = v
-	return s
-}
-
-// SetRequestCharged sets the RequestCharged field's value.
-func (s *GetObjectTorrentOutput) SetRequestCharged(v string) *GetObjectTorrentOutput {
-	s.RequestCharged = &v
-	return s
-}
-
-type GetPublicAccessBlockInput struct {
-	_ struct{} `locationName:"GetPublicAccessBlockRequest" type:"structure"`
-
-	// The name of the Amazon S3 bucket whose PublicAccessBlock configuration you
-	// want to retrieve.
-	//
-	// Bucket is a required field
-	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
-
-	// The account ID of the expected bucket owner. If the bucket is owned by a
-	// different account, the request fails with the HTTP status code 403 Forbidden
-	// (access denied).
-	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetPublicAccessBlockInput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetPublicAccessBlockInput) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *GetPublicAccessBlockInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "GetPublicAccessBlockInput"}
-	if s.Bucket == nil {
-		invalidParams.Add(request.NewErrParamRequired("Bucket"))
-	}
-	if s.Bucket != nil && len(*s.Bucket) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetBucket sets the Bucket field's value.
-func (s *GetPublicAccessBlockInput) SetBucket(v string) *GetPublicAccessBlockInput {
-	s.Bucket = &v
-	return s
-}
-
-func (s *GetPublicAccessBlockInput) getBucket() (v string) {
-	if s.Bucket == nil {
-		return v
-	}
-	return *s.Bucket
-}
-
-// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
-func (s *GetPublicAccessBlockInput) SetExpectedBucketOwner(v string) *GetPublicAccessBlockInput {
-	s.ExpectedBucketOwner = &v
-	return s
-}
-
-func (s *GetPublicAccessBlockInput) getEndpointARN() (arn.Resource, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	return parseEndpointARN(*s.Bucket)
-}
-
-func (s *GetPublicAccessBlockInput) hasEndpointARN() bool {
-	if s.Bucket == nil {
-		return false
-	}
-	return arn.IsARN(*s.Bucket)
-}
-
-// updateArnableField updates the value of the input field that
-// takes an ARN as an input. This method is useful to backfill
-// the parsed resource name from ARN into the input member.
-// It returns a pointer to a modified copy of input and an error.
-// Note that original input is not modified.
-func (s GetPublicAccessBlockInput) updateArnableField(v string) (interface{}, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	s.Bucket = aws.String(v)
-	return &s, nil
-}
-
-type GetPublicAccessBlockOutput struct {
-	_ struct{} `type:"structure" payload:"PublicAccessBlockConfiguration"`
-
-	// The PublicAccessBlock configuration currently in effect for this Amazon S3
-	// bucket.
-	PublicAccessBlockConfiguration *PublicAccessBlockConfiguration `type:"structure"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetPublicAccessBlockOutput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetPublicAccessBlockOutput) GoString() string {
-	return s.String()
-}
-
-// SetPublicAccessBlockConfiguration sets the PublicAccessBlockConfiguration field's value.
-func (s *GetPublicAccessBlockOutput) SetPublicAccessBlockConfiguration(v *PublicAccessBlockConfiguration) *GetPublicAccessBlockOutput {
-	s.PublicAccessBlockConfiguration = v
-	return s
-}
-
-// Container for S3 Glacier job parameters.
-type GlacierJobParameters struct {
-	_ struct{} `type:"structure"`
-
-	// Retrieval tier at which the restore will be processed.
-	//
-	// Tier is a required field
-	Tier *string `type:"string" required:"true" enum:"Tier"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GlacierJobParameters) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GlacierJobParameters) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *GlacierJobParameters) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "GlacierJobParameters"}
-	if s.Tier == nil {
-		invalidParams.Add(request.NewErrParamRequired("Tier"))
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetTier sets the Tier field's value.
-func (s *GlacierJobParameters) SetTier(v string) *GlacierJobParameters {
-	s.Tier = &v
-	return s
-}
-
-// Container for grant information.
-type Grant struct {
-	_ struct{} `type:"structure"`
-
-	// The person being granted permissions.
-	Grantee *Grantee `type:"structure" xmlPrefix:"xsi" xmlURI:"http://www.w3.org/2001/XMLSchema-instance"`
-
-	// Specifies the permission given to the grantee.
-	Permission *string `type:"string" enum:"Permission"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s Grant) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s Grant) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *Grant) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "Grant"}
-	if s.Grantee != nil {
-		if err := s.Grantee.Validate(); err != nil {
-			invalidParams.AddNested("Grantee", err.(request.ErrInvalidParams))
-		}
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetGrantee sets the Grantee field's value.
-func (s *Grant) SetGrantee(v *Grantee) *Grant {
-	s.Grantee = v
-	return s
-}
-
-// SetPermission sets the Permission field's value.
-func (s *Grant) SetPermission(v string) *Grant {
-	s.Permission = &v
-	return s
-}
-
-// Container for the person being granted permissions.
-type Grantee struct {
-	_ struct{} `type:"structure" xmlPrefix:"xsi" xmlURI:"http://www.w3.org/2001/XMLSchema-instance"`
-
-	// Screen name of the grantee.
-	DisplayName *string `type:"string"`
-
-	// Email address of the grantee.
-	//
-	// Using email addresses to specify a grantee is only supported in the following
-	// Amazon Web Services Regions:
-	//
-	//    * US East (N. Virginia)
-	//
-	//    * US West (N. California)
-	//
-	//    * US West (Oregon)
-	//
-	//    * Asia Pacific (Singapore)
-	//
-	//    * Asia Pacific (Sydney)
-	//
-	//    * Asia Pacific (Tokyo)
-	//
-	//    * Europe (Ireland)
-	//
-	//    * South America (São Paulo)
-	//
-	// For a list of all the Amazon S3 supported Regions and endpoints, see Regions
-	// and Endpoints (https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region)
-	// in the Amazon Web Services General Reference.
-	EmailAddress *string `type:"string"`
-
-	// The canonical user ID of the grantee.
-	ID *string `type:"string"`
-
-	// Type of grantee
-	//
-	// Type is a required field
-	Type *string `locationName:"xsi:type" type:"string" xmlAttribute:"true" required:"true" enum:"Type"`
-
-	// URI of the grantee group.
-	URI *string `type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s Grantee) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s Grantee) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *Grantee) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "Grantee"}
-	if s.Type == nil {
-		invalidParams.Add(request.NewErrParamRequired("Type"))
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetDisplayName sets the DisplayName field's value.
-func (s *Grantee) SetDisplayName(v string) *Grantee {
-	s.DisplayName = &v
-	return s
-}
-
-// SetEmailAddress sets the EmailAddress field's value.
-func (s *Grantee) SetEmailAddress(v string) *Grantee {
-	s.EmailAddress = &v
-	return s
-}
-
-// SetID sets the ID field's value.
-func (s *Grantee) SetID(v string) *Grantee {
-	s.ID = &v
-	return s
-}
-
-// SetType sets the Type field's value.
-func (s *Grantee) SetType(v string) *Grantee {
-	s.Type = &v
-	return s
-}
-
-// SetURI sets the URI field's value.
-func (s *Grantee) SetURI(v string) *Grantee {
-	s.URI = &v
-	return s
-}
-
-type HeadBucketInput struct {
-	_ struct{} `locationName:"HeadBucketRequest" type:"structure"`
-
-	// The bucket name.
-	//
-	// When using this action with an access point, you must direct requests to
-	// the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com.
-	// When using this action with an access point through the Amazon Web Services
-	// SDKs, you provide the access point ARN in place of the bucket name. For more
-	// information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
-	// in the Amazon S3 User Guide.
-	//
-	// When you use this action with an Object Lambda access point, provide the
-	// alias of the Object Lambda access point in place of the bucket name. If the
-	// Object Lambda access point alias in a request is not valid, the error code
-	// InvalidAccessPointAliasError is returned. For more information about InvalidAccessPointAliasError,
-	// see List of Error Codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList).
-	//
-	// When you use this action with Amazon S3 on Outposts, you must direct requests
-	// to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form
-	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When
-	// you use this action with S3 on Outposts through the Amazon Web Services SDKs,
-	// you provide the Outposts access point ARN in place of the bucket name. For
-	// more information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
-	// in the Amazon S3 User Guide.
-	//
-	// Bucket is a required field
-	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
-
-	// The account ID of the expected bucket owner. If the bucket is owned by a
-	// different account, the request fails with the HTTP status code 403 Forbidden
-	// (access denied).
-	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s HeadBucketInput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s HeadBucketInput) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *HeadBucketInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "HeadBucketInput"}
-	if s.Bucket == nil {
-		invalidParams.Add(request.NewErrParamRequired("Bucket"))
-	}
-	if s.Bucket != nil && len(*s.Bucket) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetBucket sets the Bucket field's value.
-func (s *HeadBucketInput) SetBucket(v string) *HeadBucketInput {
-	s.Bucket = &v
-	return s
-}
-
-func (s *HeadBucketInput) getBucket() (v string) {
-	if s.Bucket == nil {
-		return v
-	}
-	return *s.Bucket
-}
-
-// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
-func (s *HeadBucketInput) SetExpectedBucketOwner(v string) *HeadBucketInput {
-	s.ExpectedBucketOwner = &v
-	return s
-}
-
-func (s *HeadBucketInput) getEndpointARN() (arn.Resource, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	return parseEndpointARN(*s.Bucket)
-}
-
-func (s *HeadBucketInput) hasEndpointARN() bool {
-	if s.Bucket == nil {
-		return false
-	}
-	return arn.IsARN(*s.Bucket)
-}
-
-// updateArnableField updates the value of the input field that
-// takes an ARN as an input. This method is useful to backfill
-// the parsed resource name from ARN into the input member.
-// It returns a pointer to a modified copy of input and an error.
-// Note that original input is not modified.
-func (s HeadBucketInput) updateArnableField(v string) (interface{}, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	s.Bucket = aws.String(v)
-	return &s, nil
-}
-
-type HeadBucketOutput struct {
-	_ struct{} `type:"structure"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s HeadBucketOutput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s HeadBucketOutput) GoString() string {
-	return s.String()
-}
-
-type HeadObjectInput struct {
-	_ struct{} `locationName:"HeadObjectRequest" type:"structure"`
-
-	// The name of the bucket containing the object.
-	//
-	// When using this action with an access point, you must direct requests to
-	// the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com.
-	// When using this action with an access point through the Amazon Web Services
-	// SDKs, you provide the access point ARN in place of the bucket name. For more
-	// information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
-	// in the Amazon S3 User Guide.
-	//
-	// When you use this action with Amazon S3 on Outposts, you must direct requests
-	// to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form
-	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When
-	// you use this action with S3 on Outposts through the Amazon Web Services SDKs,
-	// you provide the Outposts access point ARN in place of the bucket name. For
-	// more information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
-	// in the Amazon S3 User Guide.
-	//
-	// Bucket is a required field
-	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
-
-	// To retrieve the checksum, this parameter must be enabled.
-	//
-	// In addition, if you enable ChecksumMode and the object is encrypted with
-	// Amazon Web Services Key Management Service (Amazon Web Services KMS), you
-	// must have permission to use the kms:Decrypt action for the request to succeed.
-	ChecksumMode *string `location:"header" locationName:"x-amz-checksum-mode" type:"string" enum:"ChecksumMode"`
-
-	// The account ID of the expected bucket owner. If the bucket is owned by a
-	// different account, the request fails with the HTTP status code 403 Forbidden
-	// (access denied).
-	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
-
-	// Return the object only if its entity tag (ETag) is the same as the one specified;
-	// otherwise, return a 412 (precondition failed) error.
-	IfMatch *string `location:"header" locationName:"If-Match" type:"string"`
-
-	// Return the object only if it has been modified since the specified time;
-	// otherwise, return a 304 (not modified) error.
-	IfModifiedSince *time.Time `location:"header" locationName:"If-Modified-Since" type:"timestamp"`
-
-	// Return the object only if its entity tag (ETag) is different from the one
-	// specified; otherwise, return a 304 (not modified) error.
-	IfNoneMatch *string `location:"header" locationName:"If-None-Match" type:"string"`
-
-	// Return the object only if it has not been modified since the specified time;
-	// otherwise, return a 412 (precondition failed) error.
-	IfUnmodifiedSince *time.Time `location:"header" locationName:"If-Unmodified-Since" type:"timestamp"`
-
-	// The object key.
-	//
-	// Key is a required field
-	Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"`
-
-	// Part number of the object being read. This is a positive integer between
-	// 1 and 10,000. Effectively performs a 'ranged' HEAD request for the part specified.
-	// Useful querying about the size of the part and the number of parts in this
-	// object.
-	PartNumber *int64 `location:"querystring" locationName:"partNumber" type:"integer"`
-
-	// HeadObject returns only the metadata for an object. If the Range is satisfiable,
-	// only the ContentLength is affected in the response. If the Range is not satisfiable,
-	// S3 returns a 416 - Requested Range Not Satisfiable error.
-	Range *string `location:"header" locationName:"Range" type:"string"`
-
-	// Confirms that the requester knows that they will be charged for the request.
-	// Bucket owners need not specify this parameter in their requests. For information
-	// about downloading objects from Requester Pays buckets, see Downloading Objects
-	// in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
-	// in the Amazon S3 User Guide.
-	RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"`
-
-	// Specifies the algorithm to use to when encrypting the object (for example,
-	// AES256).
-	SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"`
-
-	// Specifies the customer-provided encryption key for Amazon S3 to use in encrypting
-	// data. This value is used to store the object and then it is discarded; Amazon
-	// S3 does not store the encryption key. The key must be appropriate for use
-	// with the algorithm specified in the x-amz-server-side-encryption-customer-algorithm
-	// header.
-	//
-	// SSECustomerKey is a sensitive parameter and its value will be
-	// replaced with "sensitive" in string returned by HeadObjectInput's
-	// String and GoString methods.
-	SSECustomerKey *string `marshal-as:"blob" location:"header" locationName:"x-amz-server-side-encryption-customer-key" type:"string" sensitive:"true"`
-
-	// Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321.
-	// Amazon S3 uses this header for a message integrity check to ensure that the
-	// encryption key was transmitted without error.
-	SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"`
-
-	// VersionId used to reference a specific version of the object.
-	VersionId *string `location:"querystring" locationName:"versionId" type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s HeadObjectInput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s HeadObjectInput) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *HeadObjectInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "HeadObjectInput"}
-	if s.Bucket == nil {
-		invalidParams.Add(request.NewErrParamRequired("Bucket"))
-	}
-	if s.Bucket != nil && len(*s.Bucket) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
-	}
-	if s.Key == nil {
-		invalidParams.Add(request.NewErrParamRequired("Key"))
-	}
-	if s.Key != nil && len(*s.Key) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Key", 1))
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetBucket sets the Bucket field's value.
-func (s *HeadObjectInput) SetBucket(v string) *HeadObjectInput {
-	s.Bucket = &v
-	return s
-}
-
-func (s *HeadObjectInput) getBucket() (v string) {
-	if s.Bucket == nil {
-		return v
-	}
-	return *s.Bucket
-}
-
-// SetChecksumMode sets the ChecksumMode field's value.
-func (s *HeadObjectInput) SetChecksumMode(v string) *HeadObjectInput {
-	s.ChecksumMode = &v
-	return s
-}
-
-// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
-func (s *HeadObjectInput) SetExpectedBucketOwner(v string) *HeadObjectInput {
-	s.ExpectedBucketOwner = &v
-	return s
-}
-
-// SetIfMatch sets the IfMatch field's value.
-func (s *HeadObjectInput) SetIfMatch(v string) *HeadObjectInput {
-	s.IfMatch = &v
-	return s
-}
-
-// SetIfModifiedSince sets the IfModifiedSince field's value.
-func (s *HeadObjectInput) SetIfModifiedSince(v time.Time) *HeadObjectInput {
-	s.IfModifiedSince = &v
-	return s
-}
-
-// SetIfNoneMatch sets the IfNoneMatch field's value.
-func (s *HeadObjectInput) SetIfNoneMatch(v string) *HeadObjectInput {
-	s.IfNoneMatch = &v
-	return s
-}
-
-// SetIfUnmodifiedSince sets the IfUnmodifiedSince field's value.
-func (s *HeadObjectInput) SetIfUnmodifiedSince(v time.Time) *HeadObjectInput {
-	s.IfUnmodifiedSince = &v
-	return s
-}
-
-// SetKey sets the Key field's value.
-func (s *HeadObjectInput) SetKey(v string) *HeadObjectInput {
-	s.Key = &v
-	return s
-}
-
-// SetPartNumber sets the PartNumber field's value.
-func (s *HeadObjectInput) SetPartNumber(v int64) *HeadObjectInput {
-	s.PartNumber = &v
-	return s
-}
-
-// SetRange sets the Range field's value.
-func (s *HeadObjectInput) SetRange(v string) *HeadObjectInput {
-	s.Range = &v
-	return s
-}
-
-// SetRequestPayer sets the RequestPayer field's value.
-func (s *HeadObjectInput) SetRequestPayer(v string) *HeadObjectInput {
-	s.RequestPayer = &v
-	return s
-}
-
-// SetSSECustomerAlgorithm sets the SSECustomerAlgorithm field's value.
-func (s *HeadObjectInput) SetSSECustomerAlgorithm(v string) *HeadObjectInput {
-	s.SSECustomerAlgorithm = &v
-	return s
-}
-
-// SetSSECustomerKey sets the SSECustomerKey field's value.
-func (s *HeadObjectInput) SetSSECustomerKey(v string) *HeadObjectInput {
-	s.SSECustomerKey = &v
-	return s
-}
-
-func (s *HeadObjectInput) getSSECustomerKey() (v string) {
-	if s.SSECustomerKey == nil {
-		return v
-	}
-	return *s.SSECustomerKey
-}
-
-// SetSSECustomerKeyMD5 sets the SSECustomerKeyMD5 field's value.
-func (s *HeadObjectInput) SetSSECustomerKeyMD5(v string) *HeadObjectInput {
-	s.SSECustomerKeyMD5 = &v
-	return s
-}
-
-// SetVersionId sets the VersionId field's value.
-func (s *HeadObjectInput) SetVersionId(v string) *HeadObjectInput {
-	s.VersionId = &v
-	return s
-}
-
-func (s *HeadObjectInput) getEndpointARN() (arn.Resource, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	return parseEndpointARN(*s.Bucket)
-}
-
-func (s *HeadObjectInput) hasEndpointARN() bool {
-	if s.Bucket == nil {
-		return false
-	}
-	return arn.IsARN(*s.Bucket)
-}
-
-// updateArnableField updates the value of the input field that
-// takes an ARN as an input. This method is useful to backfill
-// the parsed resource name from ARN into the input member.
-// It returns a pointer to a modified copy of input and an error.
-// Note that original input is not modified.
-func (s HeadObjectInput) updateArnableField(v string) (interface{}, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	s.Bucket = aws.String(v)
-	return &s, nil
-}
-
-type HeadObjectOutput struct {
-	_ struct{} `type:"structure"`
-
-	// Indicates that a range of bytes was specified.
-	AcceptRanges *string `location:"header" locationName:"accept-ranges" type:"string"`
-
-	// The archive state of the head object.
-	ArchiveStatus *string `location:"header" locationName:"x-amz-archive-status" type:"string" enum:"ArchiveStatus"`
-
-	// Indicates whether the object uses an S3 Bucket Key for server-side encryption
-	// with Key Management Service (KMS) keys (SSE-KMS).
-	BucketKeyEnabled *bool `location:"header" locationName:"x-amz-server-side-encryption-bucket-key-enabled" type:"boolean"`
-
-	// Specifies caching behavior along the request/reply chain.
-	CacheControl *string `location:"header" locationName:"Cache-Control" type:"string"`
-
-	// The base64-encoded, 32-bit CRC32 checksum of the object. This will only be
-	// present if it was uploaded with the object. With multipart uploads, this
-	// may not be a checksum value of the object. For more information about how
-	// checksums are calculated with multipart uploads, see Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
-	// in the Amazon S3 User Guide.
-	ChecksumCRC32 *string `location:"header" locationName:"x-amz-checksum-crc32" type:"string"`
-
-	// The base64-encoded, 32-bit CRC32C checksum of the object. This will only
-	// be present if it was uploaded with the object. With multipart uploads, this
-	// may not be a checksum value of the object. For more information about how
-	// checksums are calculated with multipart uploads, see Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
-	// in the Amazon S3 User Guide.
-	ChecksumCRC32C *string `location:"header" locationName:"x-amz-checksum-crc32c" type:"string"`
-
-	// The base64-encoded, 160-bit SHA-1 digest of the object. This will only be
-	// present if it was uploaded with the object. With multipart uploads, this
-	// may not be a checksum value of the object. For more information about how
-	// checksums are calculated with multipart uploads, see Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
-	// in the Amazon S3 User Guide.
-	ChecksumSHA1 *string `location:"header" locationName:"x-amz-checksum-sha1" type:"string"`
-
-	// The base64-encoded, 256-bit SHA-256 digest of the object. This will only
-	// be present if it was uploaded with the object. With multipart uploads, this
-	// may not be a checksum value of the object. For more information about how
-	// checksums are calculated with multipart uploads, see Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
-	// in the Amazon S3 User Guide.
-	ChecksumSHA256 *string `location:"header" locationName:"x-amz-checksum-sha256" type:"string"`
-
-	// Specifies presentational information for the object.
-	ContentDisposition *string `location:"header" locationName:"Content-Disposition" type:"string"`
-
-	// Specifies what content encodings have been applied to the object and thus
-	// what decoding mechanisms must be applied to obtain the media-type referenced
-	// by the Content-Type header field.
-	ContentEncoding *string `location:"header" locationName:"Content-Encoding" type:"string"`
-
-	// The language the content is in.
-	ContentLanguage *string `location:"header" locationName:"Content-Language" type:"string"`
-
-	// Size of the body in bytes.
-	ContentLength *int64 `location:"header" locationName:"Content-Length" type:"long"`
-
-	// A standard MIME type describing the format of the object data.
-	ContentType *string `location:"header" locationName:"Content-Type" type:"string"`
-
-	// Specifies whether the object retrieved was (true) or was not (false) a Delete
-	// Marker. If false, this response header does not appear in the response.
-	DeleteMarker *bool `location:"header" locationName:"x-amz-delete-marker" type:"boolean"`
-
-	// An entity tag (ETag) is an opaque identifier assigned by a web server to
-	// a specific version of a resource found at a URL.
-	ETag *string `location:"header" locationName:"ETag" type:"string"`
-
-	// If the object expiration is configured (see PUT Bucket lifecycle), the response
-	// includes this header. It includes the expiry-date and rule-id key-value pairs
-	// providing object expiration information. The value of the rule-id is URL-encoded.
-	Expiration *string `location:"header" locationName:"x-amz-expiration" type:"string"`
-
-	// The date and time at which the object is no longer cacheable.
-	Expires *string `location:"header" locationName:"Expires" type:"string"`
-
-	// Creation date of the object.
-	LastModified *time.Time `location:"header" locationName:"Last-Modified" type:"timestamp"`
-
-	// A map of metadata to store with the object in S3.
-	//
-	// By default unmarshaled keys are written as a map keys in following canonicalized format:
-	// the first letter and any letter following a hyphen will be capitalized, and the rest as lowercase.
-	// Set `aws.Config.LowerCaseHeaderMaps` to `true` to write unmarshaled keys to the map as lowercase.
-	Metadata map[string]*string `location:"headers" locationName:"x-amz-meta-" type:"map"`
-
-	// This is set to the number of metadata entries not returned in x-amz-meta
-	// headers. This can happen if you create metadata using an API like SOAP that
-	// supports more flexible metadata than the REST API. For example, using SOAP,
-	// you can create metadata whose values are not legal HTTP headers.
-	MissingMeta *int64 `location:"header" locationName:"x-amz-missing-meta" type:"integer"`
-
-	// Specifies whether a legal hold is in effect for this object. This header
-	// is only returned if the requester has the s3:GetObjectLegalHold permission.
-	// This header is not returned if the specified version of this object has never
-	// had a legal hold applied. For more information about S3 Object Lock, see
-	// Object Lock (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html).
-	ObjectLockLegalHoldStatus *string `location:"header" locationName:"x-amz-object-lock-legal-hold" type:"string" enum:"ObjectLockLegalHoldStatus"`
-
-	// The Object Lock mode, if any, that's in effect for this object. This header
-	// is only returned if the requester has the s3:GetObjectRetention permission.
-	// For more information about S3 Object Lock, see Object Lock (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html).
-	ObjectLockMode *string `location:"header" locationName:"x-amz-object-lock-mode" type:"string" enum:"ObjectLockMode"`
-
-	// The date and time when the Object Lock retention period expires. This header
-	// is only returned if the requester has the s3:GetObjectRetention permission.
-	ObjectLockRetainUntilDate *time.Time `location:"header" locationName:"x-amz-object-lock-retain-until-date" type:"timestamp" timestampFormat:"iso8601"`
-
-	// The count of parts this object has. This value is only returned if you specify
-	// partNumber in your request and the object was uploaded as a multipart upload.
-	PartsCount *int64 `location:"header" locationName:"x-amz-mp-parts-count" type:"integer"`
-
-	// Amazon S3 can return this header if your request involves a bucket that is
-	// either a source or a destination in a replication rule.
-	//
-	// In replication, you have a source bucket on which you configure replication
-	// and destination bucket or buckets where Amazon S3 stores object replicas.
-	// When you request an object (GetObject) or object metadata (HeadObject) from
-	// these buckets, Amazon S3 will return the x-amz-replication-status header
-	// in the response as follows:
-	//
-	//    * If requesting an object from the source bucket, Amazon S3 will return
-	//    the x-amz-replication-status header if the object in your request is eligible
-	//    for replication. For example, suppose that in your replication configuration,
-	//    you specify object prefix TaxDocs requesting Amazon S3 to replicate objects
-	//    with key prefix TaxDocs. Any objects you upload with this key name prefix,
-	//    for example TaxDocs/document1.pdf, are eligible for replication. For any
-	//    object request with this key name prefix, Amazon S3 will return the x-amz-replication-status
-	//    header with value PENDING, COMPLETED or FAILED indicating object replication
-	//    status.
-	//
-	//    * If requesting an object from a destination bucket, Amazon S3 will return
-	//    the x-amz-replication-status header with value REPLICA if the object in
-	//    your request is a replica that Amazon S3 created and there is no replica
-	//    modification replication in progress.
-	//
-	//    * When replicating objects to multiple destination buckets, the x-amz-replication-status
-	//    header acts differently. The header of the source object will only return
-	//    a value of COMPLETED when replication is successful to all destinations.
-	//    The header will remain at value PENDING until replication has completed
-	//    for all destinations. If one or more destinations fails replication the
-	//    header will return FAILED.
-	//
-	// For more information, see Replication (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html).
-	ReplicationStatus *string `location:"header" locationName:"x-amz-replication-status" type:"string" enum:"ReplicationStatus"`
-
-	// If present, indicates that the requester was successfully charged for the
-	// request.
-	RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"`
-
-	// If the object is an archived object (an object whose storage class is GLACIER),
-	// the response includes this header if either the archive restoration is in
-	// progress (see RestoreObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_RestoreObject.html)
-	// or an archive copy is already restored.
-	//
-	// If an archive copy is already restored, the header value indicates when Amazon
-	// S3 is scheduled to delete the object copy. For example:
-	//
-	// x-amz-restore: ongoing-request="false", expiry-date="Fri, 21 Dec 2012 00:00:00
-	// GMT"
-	//
-	// If the object restoration is in progress, the header returns the value ongoing-request="true".
-	//
-	// For more information about archiving objects, see Transitioning Objects:
-	// General Considerations (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html#lifecycle-transition-general-considerations).
-	Restore *string `location:"header" locationName:"x-amz-restore" type:"string"`
-
-	// If server-side encryption with a customer-provided encryption key was requested,
-	// the response will include this header confirming the encryption algorithm
-	// used.
-	SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"`
-
-	// If server-side encryption with a customer-provided encryption key was requested,
-	// the response will include this header to provide round-trip message integrity
-	// verification of the customer-provided encryption key.
-	SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"`
-
-	// If present, specifies the ID of the Key Management Service (KMS) symmetric
-	// encryption customer managed key that was used for the object.
-	//
-	// SSEKMSKeyId is a sensitive parameter and its value will be
-	// replaced with "sensitive" in string returned by HeadObjectOutput's
-	// String and GoString methods.
-	SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"`
-
-	// The server-side encryption algorithm used when storing this object in Amazon
-	// S3 (for example, AES256, aws:kms, aws:kms:dsse).
-	ServerSideEncryption *string `location:"header" locationName:"x-amz-server-side-encryption" type:"string" enum:"ServerSideEncryption"`
-
-	// Provides storage class information of the object. Amazon S3 returns this
-	// header for all objects except for S3 Standard storage class objects.
-	//
-	// For more information, see Storage Classes (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html).
-	StorageClass *string `location:"header" locationName:"x-amz-storage-class" type:"string" enum:"StorageClass"`
-
-	// Version of the object.
-	VersionId *string `location:"header" locationName:"x-amz-version-id" type:"string"`
-
-	// If the bucket is configured as a website, redirects requests for this object
-	// to another object in the same bucket or to an external URL. Amazon S3 stores
-	// the value of this header in the object metadata.
-	WebsiteRedirectLocation *string `location:"header" locationName:"x-amz-website-redirect-location" type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s HeadObjectOutput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s HeadObjectOutput) GoString() string {
-	return s.String()
-}
-
-// SetAcceptRanges sets the AcceptRanges field's value.
-func (s *HeadObjectOutput) SetAcceptRanges(v string) *HeadObjectOutput {
-	s.AcceptRanges = &v
-	return s
-}
-
-// SetArchiveStatus sets the ArchiveStatus field's value.
-func (s *HeadObjectOutput) SetArchiveStatus(v string) *HeadObjectOutput {
-	s.ArchiveStatus = &v
-	return s
-}
-
-// SetBucketKeyEnabled sets the BucketKeyEnabled field's value.
-func (s *HeadObjectOutput) SetBucketKeyEnabled(v bool) *HeadObjectOutput {
-	s.BucketKeyEnabled = &v
-	return s
-}
-
-// SetCacheControl sets the CacheControl field's value.
-func (s *HeadObjectOutput) SetCacheControl(v string) *HeadObjectOutput {
-	s.CacheControl = &v
-	return s
-}
-
-// SetChecksumCRC32 sets the ChecksumCRC32 field's value.
-func (s *HeadObjectOutput) SetChecksumCRC32(v string) *HeadObjectOutput {
-	s.ChecksumCRC32 = &v
-	return s
-}
-
-// SetChecksumCRC32C sets the ChecksumCRC32C field's value.
-func (s *HeadObjectOutput) SetChecksumCRC32C(v string) *HeadObjectOutput {
-	s.ChecksumCRC32C = &v
-	return s
-}
-
-// SetChecksumSHA1 sets the ChecksumSHA1 field's value.
-func (s *HeadObjectOutput) SetChecksumSHA1(v string) *HeadObjectOutput {
-	s.ChecksumSHA1 = &v
-	return s
-}
-
-// SetChecksumSHA256 sets the ChecksumSHA256 field's value.
-func (s *HeadObjectOutput) SetChecksumSHA256(v string) *HeadObjectOutput {
-	s.ChecksumSHA256 = &v
-	return s
-}
-
-// SetContentDisposition sets the ContentDisposition field's value.
-func (s *HeadObjectOutput) SetContentDisposition(v string) *HeadObjectOutput {
-	s.ContentDisposition = &v
-	return s
-}
-
-// SetContentEncoding sets the ContentEncoding field's value.
-func (s *HeadObjectOutput) SetContentEncoding(v string) *HeadObjectOutput {
-	s.ContentEncoding = &v
-	return s
-}
-
-// SetContentLanguage sets the ContentLanguage field's value.
-func (s *HeadObjectOutput) SetContentLanguage(v string) *HeadObjectOutput {
-	s.ContentLanguage = &v
-	return s
-}
-
-// SetContentLength sets the ContentLength field's value.
-func (s *HeadObjectOutput) SetContentLength(v int64) *HeadObjectOutput {
-	s.ContentLength = &v
-	return s
-}
-
-// SetContentType sets the ContentType field's value.
-func (s *HeadObjectOutput) SetContentType(v string) *HeadObjectOutput {
-	s.ContentType = &v
-	return s
-}
-
-// SetDeleteMarker sets the DeleteMarker field's value.
-func (s *HeadObjectOutput) SetDeleteMarker(v bool) *HeadObjectOutput {
-	s.DeleteMarker = &v
-	return s
-}
-
-// SetETag sets the ETag field's value.
-func (s *HeadObjectOutput) SetETag(v string) *HeadObjectOutput {
-	s.ETag = &v
-	return s
-}
-
-// SetExpiration sets the Expiration field's value.
-func (s *HeadObjectOutput) SetExpiration(v string) *HeadObjectOutput {
-	s.Expiration = &v
-	return s
-}
-
-// SetExpires sets the Expires field's value.
-func (s *HeadObjectOutput) SetExpires(v string) *HeadObjectOutput {
-	s.Expires = &v
-	return s
-}
-
-// SetLastModified sets the LastModified field's value.
-func (s *HeadObjectOutput) SetLastModified(v time.Time) *HeadObjectOutput {
-	s.LastModified = &v
-	return s
-}
-
-// SetMetadata sets the Metadata field's value.
-func (s *HeadObjectOutput) SetMetadata(v map[string]*string) *HeadObjectOutput {
-	s.Metadata = v
-	return s
-}
-
-// SetMissingMeta sets the MissingMeta field's value.
-func (s *HeadObjectOutput) SetMissingMeta(v int64) *HeadObjectOutput {
-	s.MissingMeta = &v
-	return s
-}
-
-// SetObjectLockLegalHoldStatus sets the ObjectLockLegalHoldStatus field's value.
-func (s *HeadObjectOutput) SetObjectLockLegalHoldStatus(v string) *HeadObjectOutput {
-	s.ObjectLockLegalHoldStatus = &v
-	return s
-}
-
-// SetObjectLockMode sets the ObjectLockMode field's value.
-func (s *HeadObjectOutput) SetObjectLockMode(v string) *HeadObjectOutput {
-	s.ObjectLockMode = &v
-	return s
-}
-
-// SetObjectLockRetainUntilDate sets the ObjectLockRetainUntilDate field's value.
-func (s *HeadObjectOutput) SetObjectLockRetainUntilDate(v time.Time) *HeadObjectOutput {
-	s.ObjectLockRetainUntilDate = &v
-	return s
-}
-
-// SetPartsCount sets the PartsCount field's value.
-func (s *HeadObjectOutput) SetPartsCount(v int64) *HeadObjectOutput {
-	s.PartsCount = &v
-	return s
-}
-
-// SetReplicationStatus sets the ReplicationStatus field's value.
-func (s *HeadObjectOutput) SetReplicationStatus(v string) *HeadObjectOutput {
-	s.ReplicationStatus = &v
-	return s
-}
-
-// SetRequestCharged sets the RequestCharged field's value.
-func (s *HeadObjectOutput) SetRequestCharged(v string) *HeadObjectOutput {
-	s.RequestCharged = &v
-	return s
-}
-
-// SetRestore sets the Restore field's value.
-func (s *HeadObjectOutput) SetRestore(v string) *HeadObjectOutput {
-	s.Restore = &v
-	return s
-}
-
-// SetSSECustomerAlgorithm sets the SSECustomerAlgorithm field's value.
-func (s *HeadObjectOutput) SetSSECustomerAlgorithm(v string) *HeadObjectOutput {
-	s.SSECustomerAlgorithm = &v
-	return s
-}
-
-// SetSSECustomerKeyMD5 sets the SSECustomerKeyMD5 field's value.
-func (s *HeadObjectOutput) SetSSECustomerKeyMD5(v string) *HeadObjectOutput {
-	s.SSECustomerKeyMD5 = &v
-	return s
-}
-
-// SetSSEKMSKeyId sets the SSEKMSKeyId field's value.
-func (s *HeadObjectOutput) SetSSEKMSKeyId(v string) *HeadObjectOutput {
-	s.SSEKMSKeyId = &v
-	return s
-}
-
-// SetServerSideEncryption sets the ServerSideEncryption field's value.
-func (s *HeadObjectOutput) SetServerSideEncryption(v string) *HeadObjectOutput {
-	s.ServerSideEncryption = &v
-	return s
-}
-
-// SetStorageClass sets the StorageClass field's value.
-func (s *HeadObjectOutput) SetStorageClass(v string) *HeadObjectOutput {
-	s.StorageClass = &v
-	return s
-}
-
-// SetVersionId sets the VersionId field's value.
-func (s *HeadObjectOutput) SetVersionId(v string) *HeadObjectOutput {
-	s.VersionId = &v
-	return s
-}
-
-// SetWebsiteRedirectLocation sets the WebsiteRedirectLocation field's value.
-func (s *HeadObjectOutput) SetWebsiteRedirectLocation(v string) *HeadObjectOutput {
-	s.WebsiteRedirectLocation = &v
-	return s
-}
-
-// Container for the Suffix element.
-type IndexDocument struct {
-	_ struct{} `type:"structure"`
-
-	// A suffix that is appended to a request that is for a directory on the website
-	// endpoint (for example,if the suffix is index.html and you make a request
-	// to samplebucket/images/ the data that is returned will be for the object
-	// with the key name images/index.html) The suffix must not be empty and must
-	// not include a slash character.
-	//
-	// Replacement must be made for object keys containing special characters (such
-	// as carriage returns) when using XML requests. For more information, see XML
-	// related object key constraints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints).
-	//
-	// Suffix is a required field
-	Suffix *string `type:"string" required:"true"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s IndexDocument) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s IndexDocument) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *IndexDocument) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "IndexDocument"}
-	if s.Suffix == nil {
-		invalidParams.Add(request.NewErrParamRequired("Suffix"))
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetSuffix sets the Suffix field's value.
-func (s *IndexDocument) SetSuffix(v string) *IndexDocument {
-	s.Suffix = &v
-	return s
-}
-
-// Container element that identifies who initiated the multipart upload.
-type Initiator struct {
-	_ struct{} `type:"structure"`
-
-	// Name of the Principal.
-	DisplayName *string `type:"string"`
-
-	// If the principal is an Amazon Web Services account, it provides the Canonical
-	// User ID. If the principal is an IAM User, it provides a user ARN value.
-	ID *string `type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s Initiator) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s Initiator) GoString() string {
-	return s.String()
-}
-
-// SetDisplayName sets the DisplayName field's value.
-func (s *Initiator) SetDisplayName(v string) *Initiator {
-	s.DisplayName = &v
-	return s
-}
-
-// SetID sets the ID field's value.
-func (s *Initiator) SetID(v string) *Initiator {
-	s.ID = &v
-	return s
-}
-
-// Describes the serialization format of the object.
-type InputSerialization struct {
-	_ struct{} `type:"structure"`
-
-	// Describes the serialization of a CSV-encoded object.
-	CSV *CSVInput `type:"structure"`
-
-	// Specifies object's compression format. Valid values: NONE, GZIP, BZIP2. Default
-	// Value: NONE.
-	CompressionType *string `type:"string" enum:"CompressionType"`
-
-	// Specifies JSON as object's input serialization format.
-	JSON *JSONInput `type:"structure"`
-
-	// Specifies Parquet as object's input serialization format.
-	Parquet *ParquetInput `type:"structure"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s InputSerialization) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s InputSerialization) GoString() string {
-	return s.String()
-}
-
-// SetCSV sets the CSV field's value.
-func (s *InputSerialization) SetCSV(v *CSVInput) *InputSerialization {
-	s.CSV = v
-	return s
-}
-
-// SetCompressionType sets the CompressionType field's value.
-func (s *InputSerialization) SetCompressionType(v string) *InputSerialization {
-	s.CompressionType = &v
-	return s
-}
-
-// SetJSON sets the JSON field's value.
-func (s *InputSerialization) SetJSON(v *JSONInput) *InputSerialization {
-	s.JSON = v
-	return s
-}
-
-// SetParquet sets the Parquet field's value.
-func (s *InputSerialization) SetParquet(v *ParquetInput) *InputSerialization {
-	s.Parquet = v
-	return s
-}
-
-// A container for specifying S3 Intelligent-Tiering filters. The filters determine
-// the subset of objects to which the rule applies.
-type IntelligentTieringAndOperator struct {
-	_ struct{} `type:"structure"`
-
-	// An object key name prefix that identifies the subset of objects to which
-	// the configuration applies.
-	Prefix *string `type:"string"`
-
-	// All of these tags must exist in the object's tag set in order for the configuration
-	// to apply.
-	Tags []*Tag `locationName:"Tag" locationNameList:"Tag" type:"list" flattened:"true"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s IntelligentTieringAndOperator) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s IntelligentTieringAndOperator) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *IntelligentTieringAndOperator) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "IntelligentTieringAndOperator"}
-	if s.Tags != nil {
-		for i, v := range s.Tags {
-			if v == nil {
-				continue
-			}
-			if err := v.Validate(); err != nil {
-				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams))
-			}
-		}
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetPrefix sets the Prefix field's value.
-func (s *IntelligentTieringAndOperator) SetPrefix(v string) *IntelligentTieringAndOperator {
-	s.Prefix = &v
-	return s
-}
-
-// SetTags sets the Tags field's value.
-func (s *IntelligentTieringAndOperator) SetTags(v []*Tag) *IntelligentTieringAndOperator {
-	s.Tags = v
-	return s
-}
-
-// Specifies the S3 Intelligent-Tiering configuration for an Amazon S3 bucket.
-//
-// For information about the S3 Intelligent-Tiering storage class, see Storage
-// class for automatically optimizing frequently and infrequently accessed objects
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html#sc-dynamic-data-access).
-type IntelligentTieringConfiguration struct {
-	_ struct{} `type:"structure"`
-
-	// Specifies a bucket filter. The configuration only includes objects that meet
-	// the filter's criteria.
-	Filter *IntelligentTieringFilter `type:"structure"`
-
-	// The ID used to identify the S3 Intelligent-Tiering configuration.
-	//
-	// Id is a required field
-	Id *string `type:"string" required:"true"`
-
-	// Specifies the status of the configuration.
-	//
-	// Status is a required field
-	Status *string `type:"string" required:"true" enum:"IntelligentTieringStatus"`
-
-	// Specifies the S3 Intelligent-Tiering storage class tier of the configuration.
-	//
-	// Tierings is a required field
-	Tierings []*Tiering `locationName:"Tiering" type:"list" flattened:"true" required:"true"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s IntelligentTieringConfiguration) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s IntelligentTieringConfiguration) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *IntelligentTieringConfiguration) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "IntelligentTieringConfiguration"}
-	if s.Id == nil {
-		invalidParams.Add(request.NewErrParamRequired("Id"))
-	}
-	if s.Status == nil {
-		invalidParams.Add(request.NewErrParamRequired("Status"))
-	}
-	if s.Tierings == nil {
-		invalidParams.Add(request.NewErrParamRequired("Tierings"))
-	}
-	if s.Filter != nil {
-		if err := s.Filter.Validate(); err != nil {
-			invalidParams.AddNested("Filter", err.(request.ErrInvalidParams))
-		}
-	}
-	if s.Tierings != nil {
-		for i, v := range s.Tierings {
-			if v == nil {
-				continue
-			}
-			if err := v.Validate(); err != nil {
-				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tierings", i), err.(request.ErrInvalidParams))
-			}
-		}
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetFilter sets the Filter field's value.
-func (s *IntelligentTieringConfiguration) SetFilter(v *IntelligentTieringFilter) *IntelligentTieringConfiguration {
-	s.Filter = v
-	return s
-}
-
-// SetId sets the Id field's value.
-func (s *IntelligentTieringConfiguration) SetId(v string) *IntelligentTieringConfiguration {
-	s.Id = &v
-	return s
-}
-
-// SetStatus sets the Status field's value.
-func (s *IntelligentTieringConfiguration) SetStatus(v string) *IntelligentTieringConfiguration {
-	s.Status = &v
-	return s
-}
-
-// SetTierings sets the Tierings field's value.
-func (s *IntelligentTieringConfiguration) SetTierings(v []*Tiering) *IntelligentTieringConfiguration {
-	s.Tierings = v
-	return s
-}
-
-// The Filter is used to identify objects that the S3 Intelligent-Tiering configuration
-// applies to.
-type IntelligentTieringFilter struct {
-	_ struct{} `type:"structure"`
-
-	// A conjunction (logical AND) of predicates, which is used in evaluating a
-	// metrics filter. The operator must have at least two predicates, and an object
-	// must match all of the predicates in order for the filter to apply.
-	And *IntelligentTieringAndOperator `type:"structure"`
-
-	// An object key name prefix that identifies the subset of objects to which
-	// the rule applies.
-	//
-	// Replacement must be made for object keys containing special characters (such
-	// as carriage returns) when using XML requests. For more information, see XML
-	// related object key constraints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints).
-	Prefix *string `type:"string"`
-
-	// A container of a key value name pair.
-	Tag *Tag `type:"structure"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s IntelligentTieringFilter) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s IntelligentTieringFilter) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *IntelligentTieringFilter) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "IntelligentTieringFilter"}
-	if s.And != nil {
-		if err := s.And.Validate(); err != nil {
-			invalidParams.AddNested("And", err.(request.ErrInvalidParams))
-		}
-	}
-	if s.Tag != nil {
-		if err := s.Tag.Validate(); err != nil {
-			invalidParams.AddNested("Tag", err.(request.ErrInvalidParams))
-		}
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetAnd sets the And field's value.
-func (s *IntelligentTieringFilter) SetAnd(v *IntelligentTieringAndOperator) *IntelligentTieringFilter {
-	s.And = v
-	return s
-}
-
-// SetPrefix sets the Prefix field's value.
-func (s *IntelligentTieringFilter) SetPrefix(v string) *IntelligentTieringFilter {
-	s.Prefix = &v
-	return s
-}
-
-// SetTag sets the Tag field's value.
-func (s *IntelligentTieringFilter) SetTag(v *Tag) *IntelligentTieringFilter {
-	s.Tag = v
-	return s
-}
-
-// Specifies the inventory configuration for an Amazon S3 bucket. For more information,
-// see GET Bucket inventory (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketGETInventoryConfig.html)
-// in the Amazon S3 API Reference.
-type InventoryConfiguration struct {
-	_ struct{} `type:"structure"`
-
-	// Contains information about where to publish the inventory results.
-	//
-	// Destination is a required field
-	Destination *InventoryDestination `type:"structure" required:"true"`
-
-	// Specifies an inventory filter. The inventory only includes objects that meet
-	// the filter's criteria.
-	Filter *InventoryFilter `type:"structure"`
-
-	// The ID used to identify the inventory configuration.
-	//
-	// Id is a required field
-	Id *string `type:"string" required:"true"`
-
-	// Object versions to include in the inventory list. If set to All, the list
-	// includes all the object versions, which adds the version-related fields VersionId,
-	// IsLatest, and DeleteMarker to the list. If set to Current, the list does
-	// not contain these version-related fields.
-	//
-	// IncludedObjectVersions is a required field
-	IncludedObjectVersions *string `type:"string" required:"true" enum:"InventoryIncludedObjectVersions"`
-
-	// Specifies whether the inventory is enabled or disabled. If set to True, an
-	// inventory list is generated. If set to False, no inventory list is generated.
-	//
-	// IsEnabled is a required field
-	IsEnabled *bool `type:"boolean" required:"true"`
-
-	// Contains the optional fields that are included in the inventory results.
-	OptionalFields []*string `locationNameList:"Field" type:"list" enum:"InventoryOptionalField"`
-
-	// Specifies the schedule for generating inventory results.
-	//
-	// Schedule is a required field
-	Schedule *InventorySchedule `type:"structure" required:"true"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s InventoryConfiguration) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s InventoryConfiguration) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *InventoryConfiguration) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "InventoryConfiguration"}
-	if s.Destination == nil {
-		invalidParams.Add(request.NewErrParamRequired("Destination"))
-	}
-	if s.Id == nil {
-		invalidParams.Add(request.NewErrParamRequired("Id"))
-	}
-	if s.IncludedObjectVersions == nil {
-		invalidParams.Add(request.NewErrParamRequired("IncludedObjectVersions"))
-	}
-	if s.IsEnabled == nil {
-		invalidParams.Add(request.NewErrParamRequired("IsEnabled"))
-	}
-	if s.Schedule == nil {
-		invalidParams.Add(request.NewErrParamRequired("Schedule"))
-	}
-	if s.Destination != nil {
-		if err := s.Destination.Validate(); err != nil {
-			invalidParams.AddNested("Destination", err.(request.ErrInvalidParams))
-		}
-	}
-	if s.Filter != nil {
-		if err := s.Filter.Validate(); err != nil {
-			invalidParams.AddNested("Filter", err.(request.ErrInvalidParams))
-		}
-	}
-	if s.Schedule != nil {
-		if err := s.Schedule.Validate(); err != nil {
-			invalidParams.AddNested("Schedule", err.(request.ErrInvalidParams))
-		}
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetDestination sets the Destination field's value.
-func (s *InventoryConfiguration) SetDestination(v *InventoryDestination) *InventoryConfiguration {
-	s.Destination = v
-	return s
-}
-
-// SetFilter sets the Filter field's value.
-func (s *InventoryConfiguration) SetFilter(v *InventoryFilter) *InventoryConfiguration {
-	s.Filter = v
-	return s
-}
-
-// SetId sets the Id field's value.
-func (s *InventoryConfiguration) SetId(v string) *InventoryConfiguration {
-	s.Id = &v
-	return s
-}
-
-// SetIncludedObjectVersions sets the IncludedObjectVersions field's value.
-func (s *InventoryConfiguration) SetIncludedObjectVersions(v string) *InventoryConfiguration {
-	s.IncludedObjectVersions = &v
-	return s
-}
-
-// SetIsEnabled sets the IsEnabled field's value.
-func (s *InventoryConfiguration) SetIsEnabled(v bool) *InventoryConfiguration {
-	s.IsEnabled = &v
-	return s
-}
-
-// SetOptionalFields sets the OptionalFields field's value.
-func (s *InventoryConfiguration) SetOptionalFields(v []*string) *InventoryConfiguration {
-	s.OptionalFields = v
-	return s
-}
-
-// SetSchedule sets the Schedule field's value.
-func (s *InventoryConfiguration) SetSchedule(v *InventorySchedule) *InventoryConfiguration {
-	s.Schedule = v
-	return s
-}
-
-// Specifies the inventory configuration for an Amazon S3 bucket.
-type InventoryDestination struct {
-	_ struct{} `type:"structure"`
-
-	// Contains the bucket name, file format, bucket owner (optional), and prefix
-	// (optional) where inventory results are published.
-	//
-	// S3BucketDestination is a required field
-	S3BucketDestination *InventoryS3BucketDestination `type:"structure" required:"true"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s InventoryDestination) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s InventoryDestination) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *InventoryDestination) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "InventoryDestination"}
-	if s.S3BucketDestination == nil {
-		invalidParams.Add(request.NewErrParamRequired("S3BucketDestination"))
-	}
-	if s.S3BucketDestination != nil {
-		if err := s.S3BucketDestination.Validate(); err != nil {
-			invalidParams.AddNested("S3BucketDestination", err.(request.ErrInvalidParams))
-		}
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetS3BucketDestination sets the S3BucketDestination field's value.
-func (s *InventoryDestination) SetS3BucketDestination(v *InventoryS3BucketDestination) *InventoryDestination {
-	s.S3BucketDestination = v
-	return s
-}
-
-// Contains the type of server-side encryption used to encrypt the inventory
-// results.
-type InventoryEncryption struct {
-	_ struct{} `type:"structure"`
-
-	// Specifies the use of SSE-KMS to encrypt delivered inventory reports.
-	SSEKMS *SSEKMS `locationName:"SSE-KMS" type:"structure"`
-
-	// Specifies the use of SSE-S3 to encrypt delivered inventory reports.
-	SSES3 *SSES3 `locationName:"SSE-S3" type:"structure"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s InventoryEncryption) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s InventoryEncryption) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *InventoryEncryption) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "InventoryEncryption"}
-	if s.SSEKMS != nil {
-		if err := s.SSEKMS.Validate(); err != nil {
-			invalidParams.AddNested("SSEKMS", err.(request.ErrInvalidParams))
-		}
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetSSEKMS sets the SSEKMS field's value.
-func (s *InventoryEncryption) SetSSEKMS(v *SSEKMS) *InventoryEncryption {
-	s.SSEKMS = v
-	return s
-}
-
-// SetSSES3 sets the SSES3 field's value.
-func (s *InventoryEncryption) SetSSES3(v *SSES3) *InventoryEncryption {
-	s.SSES3 = v
-	return s
-}
-
-// Specifies an inventory filter. The inventory only includes objects that meet
-// the filter's criteria.
-type InventoryFilter struct {
-	_ struct{} `type:"structure"`
-
-	// The prefix that an object must have to be included in the inventory results.
-	//
-	// Prefix is a required field
-	Prefix *string `type:"string" required:"true"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s InventoryFilter) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s InventoryFilter) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *InventoryFilter) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "InventoryFilter"}
-	if s.Prefix == nil {
-		invalidParams.Add(request.NewErrParamRequired("Prefix"))
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetPrefix sets the Prefix field's value.
-func (s *InventoryFilter) SetPrefix(v string) *InventoryFilter {
-	s.Prefix = &v
-	return s
-}
-
-// Contains the bucket name, file format, bucket owner (optional), and prefix
-// (optional) where inventory results are published.
-type InventoryS3BucketDestination struct {
-	_ struct{} `type:"structure"`
-
-	// The account ID that owns the destination S3 bucket. If no account ID is provided,
-	// the owner is not validated before exporting data.
-	//
-	// Although this value is optional, we strongly recommend that you set it to
-	// help prevent problems if the destination bucket ownership changes.
-	AccountId *string `type:"string"`
-
-	// The Amazon Resource Name (ARN) of the bucket where inventory results will
-	// be published.
-	//
-	// Bucket is a required field
-	Bucket *string `type:"string" required:"true"`
-
-	// Contains the type of server-side encryption used to encrypt the inventory
-	// results.
-	Encryption *InventoryEncryption `type:"structure"`
-
-	// Specifies the output format of the inventory results.
-	//
-	// Format is a required field
-	Format *string `type:"string" required:"true" enum:"InventoryFormat"`
-
-	// The prefix that is prepended to all inventory results.
-	Prefix *string `type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s InventoryS3BucketDestination) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s InventoryS3BucketDestination) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *InventoryS3BucketDestination) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "InventoryS3BucketDestination"}
-	if s.Bucket == nil {
-		invalidParams.Add(request.NewErrParamRequired("Bucket"))
-	}
-	if s.Format == nil {
-		invalidParams.Add(request.NewErrParamRequired("Format"))
-	}
-	if s.Encryption != nil {
-		if err := s.Encryption.Validate(); err != nil {
-			invalidParams.AddNested("Encryption", err.(request.ErrInvalidParams))
-		}
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetAccountId sets the AccountId field's value.
-func (s *InventoryS3BucketDestination) SetAccountId(v string) *InventoryS3BucketDestination {
-	s.AccountId = &v
-	return s
-}
-
-// SetBucket sets the Bucket field's value.
-func (s *InventoryS3BucketDestination) SetBucket(v string) *InventoryS3BucketDestination {
-	s.Bucket = &v
-	return s
-}
-
-func (s *InventoryS3BucketDestination) getBucket() (v string) {
-	if s.Bucket == nil {
-		return v
-	}
-	return *s.Bucket
-}
-
-// SetEncryption sets the Encryption field's value.
-func (s *InventoryS3BucketDestination) SetEncryption(v *InventoryEncryption) *InventoryS3BucketDestination {
-	s.Encryption = v
-	return s
-}
-
-// SetFormat sets the Format field's value.
-func (s *InventoryS3BucketDestination) SetFormat(v string) *InventoryS3BucketDestination {
-	s.Format = &v
-	return s
-}
-
-// SetPrefix sets the Prefix field's value.
-func (s *InventoryS3BucketDestination) SetPrefix(v string) *InventoryS3BucketDestination {
-	s.Prefix = &v
-	return s
-}
-
-// Specifies the schedule for generating inventory results.
-type InventorySchedule struct {
-	_ struct{} `type:"structure"`
-
-	// Specifies how frequently inventory results are produced.
-	//
-	// Frequency is a required field
-	Frequency *string `type:"string" required:"true" enum:"InventoryFrequency"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s InventorySchedule) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s InventorySchedule) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *InventorySchedule) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "InventorySchedule"}
-	if s.Frequency == nil {
-		invalidParams.Add(request.NewErrParamRequired("Frequency"))
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetFrequency sets the Frequency field's value.
-func (s *InventorySchedule) SetFrequency(v string) *InventorySchedule {
-	s.Frequency = &v
-	return s
-}
-
-// Specifies JSON as object's input serialization format.
-type JSONInput struct {
-	_ struct{} `type:"structure"`
-
-	// The type of JSON. Valid values: Document, Lines.
-	Type *string `type:"string" enum:"JSONType"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s JSONInput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s JSONInput) GoString() string {
-	return s.String()
-}
-
-// SetType sets the Type field's value.
-func (s *JSONInput) SetType(v string) *JSONInput {
-	s.Type = &v
-	return s
-}
-
-// Specifies JSON as request's output serialization format.
-type JSONOutput struct {
-	_ struct{} `type:"structure"`
-
-	// The value used to separate individual records in the output. If no value
-	// is specified, Amazon S3 uses a newline character ('\n').
-	RecordDelimiter *string `type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s JSONOutput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s JSONOutput) GoString() string {
-	return s.String()
-}
-
-// SetRecordDelimiter sets the RecordDelimiter field's value.
-func (s *JSONOutput) SetRecordDelimiter(v string) *JSONOutput {
-	s.RecordDelimiter = &v
-	return s
-}
-
-// A container for object key name prefix and suffix filtering rules.
-type KeyFilter struct {
-	_ struct{} `type:"structure"`
-
-	// A list of containers for the key-value pair that defines the criteria for
-	// the filter rule.
-	FilterRules []*FilterRule `locationName:"FilterRule" type:"list" flattened:"true"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s KeyFilter) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s KeyFilter) GoString() string {
-	return s.String()
-}
-
-// SetFilterRules sets the FilterRules field's value.
-func (s *KeyFilter) SetFilterRules(v []*FilterRule) *KeyFilter {
-	s.FilterRules = v
-	return s
-}
-
-// A container for specifying the configuration for Lambda notifications.
-type LambdaFunctionConfiguration struct {
-	_ struct{} `type:"structure"`
-
-	// The Amazon S3 bucket event for which to invoke the Lambda function. For more
-	// information, see Supported Event Types (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html)
-	// in the Amazon S3 User Guide.
-	//
-	// Events is a required field
-	Events []*string `locationName:"Event" type:"list" flattened:"true" required:"true" enum:"Event"`
-
-	// Specifies object key name filtering rules. For information about key name
-	// filtering, see Configuring event notifications using object key name filtering
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/notification-how-to-filtering.html)
-	// in the Amazon S3 User Guide.
-	Filter *NotificationConfigurationFilter `type:"structure"`
-
-	// An optional unique identifier for configurations in a notification configuration.
-	// If you don't provide one, Amazon S3 will assign an ID.
-	Id *string `type:"string"`
-
-	// The Amazon Resource Name (ARN) of the Lambda function that Amazon S3 invokes
-	// when the specified event type occurs.
-	//
-	// LambdaFunctionArn is a required field
-	LambdaFunctionArn *string `locationName:"CloudFunction" type:"string" required:"true"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s LambdaFunctionConfiguration) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s LambdaFunctionConfiguration) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *LambdaFunctionConfiguration) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "LambdaFunctionConfiguration"}
-	if s.Events == nil {
-		invalidParams.Add(request.NewErrParamRequired("Events"))
-	}
-	if s.LambdaFunctionArn == nil {
-		invalidParams.Add(request.NewErrParamRequired("LambdaFunctionArn"))
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetEvents sets the Events field's value.
-func (s *LambdaFunctionConfiguration) SetEvents(v []*string) *LambdaFunctionConfiguration {
-	s.Events = v
-	return s
-}
-
-// SetFilter sets the Filter field's value.
-func (s *LambdaFunctionConfiguration) SetFilter(v *NotificationConfigurationFilter) *LambdaFunctionConfiguration {
-	s.Filter = v
-	return s
-}
-
-// SetId sets the Id field's value.
-func (s *LambdaFunctionConfiguration) SetId(v string) *LambdaFunctionConfiguration {
-	s.Id = &v
-	return s
-}
-
-// SetLambdaFunctionArn sets the LambdaFunctionArn field's value.
-func (s *LambdaFunctionConfiguration) SetLambdaFunctionArn(v string) *LambdaFunctionConfiguration {
-	s.LambdaFunctionArn = &v
-	return s
-}
-
-// Container for lifecycle rules. You can add as many as 1000 rules.
-//
-// For more information see, Managing your storage lifecycle (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lifecycle-mgmt.html)
-// in the Amazon S3 User Guide.
-type LifecycleConfiguration struct {
-	_ struct{} `type:"structure"`
-
-	// Specifies lifecycle configuration rules for an Amazon S3 bucket.
-	//
-	// Rules is a required field
-	Rules []*Rule `locationName:"Rule" type:"list" flattened:"true" required:"true"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s LifecycleConfiguration) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s LifecycleConfiguration) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *LifecycleConfiguration) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "LifecycleConfiguration"}
-	if s.Rules == nil {
-		invalidParams.Add(request.NewErrParamRequired("Rules"))
-	}
-	if s.Rules != nil {
-		for i, v := range s.Rules {
-			if v == nil {
-				continue
-			}
-			if err := v.Validate(); err != nil {
-				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Rules", i), err.(request.ErrInvalidParams))
-			}
-		}
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetRules sets the Rules field's value.
-func (s *LifecycleConfiguration) SetRules(v []*Rule) *LifecycleConfiguration {
-	s.Rules = v
-	return s
-}
-
-// Container for the expiration for the lifecycle of the object.
-//
-// For more information see, Managing your storage lifecycle (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lifecycle-mgmt.html)
-// in the Amazon S3 User Guide.
-type LifecycleExpiration struct {
-	_ struct{} `type:"structure"`
-
-	// Indicates at what date the object is to be moved or deleted. The date value
-	// must conform to the ISO 8601 format. The time is always midnight UTC.
-	Date *time.Time `type:"timestamp" timestampFormat:"iso8601"`
-
-	// Indicates the lifetime, in days, of the objects that are subject to the rule.
-	// The value must be a non-zero positive integer.
-	Days *int64 `type:"integer"`
-
-	// Indicates whether Amazon S3 will remove a delete marker with no noncurrent
-	// versions. If set to true, the delete marker will be expired; if set to false
-	// the policy takes no action. This cannot be specified with Days or Date in
-	// a Lifecycle Expiration Policy.
-	ExpiredObjectDeleteMarker *bool `type:"boolean"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s LifecycleExpiration) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s LifecycleExpiration) GoString() string {
-	return s.String()
-}
-
-// SetDate sets the Date field's value.
-func (s *LifecycleExpiration) SetDate(v time.Time) *LifecycleExpiration {
-	s.Date = &v
-	return s
-}
-
-// SetDays sets the Days field's value.
-func (s *LifecycleExpiration) SetDays(v int64) *LifecycleExpiration {
-	s.Days = &v
-	return s
-}
-
-// SetExpiredObjectDeleteMarker sets the ExpiredObjectDeleteMarker field's value.
-func (s *LifecycleExpiration) SetExpiredObjectDeleteMarker(v bool) *LifecycleExpiration {
-	s.ExpiredObjectDeleteMarker = &v
-	return s
-}
-
-// A lifecycle rule for individual objects in an Amazon S3 bucket.
-//
-// For more information see, Managing your storage lifecycle (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lifecycle-mgmt.html)
-// in the Amazon S3 User Guide.
-type LifecycleRule struct {
-	_ struct{} `type:"structure"`
-
-	// Specifies the days since the initiation of an incomplete multipart upload
-	// that Amazon S3 will wait before permanently removing all parts of the upload.
-	// For more information, see Aborting Incomplete Multipart Uploads Using a Bucket
-	// Lifecycle Configuration (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html#mpu-abort-incomplete-mpu-lifecycle-config)
-	// in the Amazon S3 User Guide.
-	AbortIncompleteMultipartUpload *AbortIncompleteMultipartUpload `type:"structure"`
-
-	// Specifies the expiration for the lifecycle of the object in the form of date,
-	// days and, whether the object has a delete marker.
-	Expiration *LifecycleExpiration `type:"structure"`
-
-	// The Filter is used to identify objects that a Lifecycle Rule applies to.
-	// A Filter must have exactly one of Prefix, Tag, or And specified. Filter is
-	// required if the LifecycleRule does not contain a Prefix element.
-	Filter *LifecycleRuleFilter `type:"structure"`
-
-	// Unique identifier for the rule. The value cannot be longer than 255 characters.
-	ID *string `type:"string"`
-
-	// Specifies when noncurrent object versions expire. Upon expiration, Amazon
-	// S3 permanently deletes the noncurrent object versions. You set this lifecycle
-	// configuration action on a bucket that has versioning enabled (or suspended)
-	// to request that Amazon S3 delete noncurrent object versions at a specific
-	// period in the object's lifetime.
-	NoncurrentVersionExpiration *NoncurrentVersionExpiration `type:"structure"`
-
-	// Specifies the transition rule for the lifecycle rule that describes when
-	// noncurrent objects transition to a specific storage class. If your bucket
-	// is versioning-enabled (or versioning is suspended), you can set this action
-	// to request that Amazon S3 transition noncurrent object versions to a specific
-	// storage class at a set period in the object's lifetime.
-	NoncurrentVersionTransitions []*NoncurrentVersionTransition `locationName:"NoncurrentVersionTransition" type:"list" flattened:"true"`
-
-	// Prefix identifying one or more objects to which the rule applies. This is
-	// no longer used; use Filter instead.
-	//
-	// Replacement must be made for object keys containing special characters (such
-	// as carriage returns) when using XML requests. For more information, see XML
-	// related object key constraints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints).
-	//
-	// Deprecated: Prefix has been deprecated
-	Prefix *string `deprecated:"true" type:"string"`
-
-	// If 'Enabled', the rule is currently being applied. If 'Disabled', the rule
-	// is not currently being applied.
-	//
-	// Status is a required field
-	Status *string `type:"string" required:"true" enum:"ExpirationStatus"`
-
-	// Specifies when an Amazon S3 object transitions to a specified storage class.
-	Transitions []*Transition `locationName:"Transition" type:"list" flattened:"true"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s LifecycleRule) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s LifecycleRule) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *LifecycleRule) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "LifecycleRule"}
-	if s.Status == nil {
-		invalidParams.Add(request.NewErrParamRequired("Status"))
-	}
-	if s.Filter != nil {
-		if err := s.Filter.Validate(); err != nil {
-			invalidParams.AddNested("Filter", err.(request.ErrInvalidParams))
-		}
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetAbortIncompleteMultipartUpload sets the AbortIncompleteMultipartUpload field's value.
-func (s *LifecycleRule) SetAbortIncompleteMultipartUpload(v *AbortIncompleteMultipartUpload) *LifecycleRule {
-	s.AbortIncompleteMultipartUpload = v
-	return s
-}
-
-// SetExpiration sets the Expiration field's value.
-func (s *LifecycleRule) SetExpiration(v *LifecycleExpiration) *LifecycleRule {
-	s.Expiration = v
-	return s
-}
-
-// SetFilter sets the Filter field's value.
-func (s *LifecycleRule) SetFilter(v *LifecycleRuleFilter) *LifecycleRule {
-	s.Filter = v
-	return s
-}
-
-// SetID sets the ID field's value.
-func (s *LifecycleRule) SetID(v string) *LifecycleRule {
-	s.ID = &v
-	return s
-}
-
-// SetNoncurrentVersionExpiration sets the NoncurrentVersionExpiration field's value.
-func (s *LifecycleRule) SetNoncurrentVersionExpiration(v *NoncurrentVersionExpiration) *LifecycleRule {
-	s.NoncurrentVersionExpiration = v
-	return s
-}
-
-// SetNoncurrentVersionTransitions sets the NoncurrentVersionTransitions field's value.
-func (s *LifecycleRule) SetNoncurrentVersionTransitions(v []*NoncurrentVersionTransition) *LifecycleRule {
-	s.NoncurrentVersionTransitions = v
-	return s
-}
-
-// SetPrefix sets the Prefix field's value.
-func (s *LifecycleRule) SetPrefix(v string) *LifecycleRule {
-	s.Prefix = &v
-	return s
-}
-
-// SetStatus sets the Status field's value.
-func (s *LifecycleRule) SetStatus(v string) *LifecycleRule {
-	s.Status = &v
-	return s
-}
-
-// SetTransitions sets the Transitions field's value.
-func (s *LifecycleRule) SetTransitions(v []*Transition) *LifecycleRule {
-	s.Transitions = v
-	return s
-}
-
-// This is used in a Lifecycle Rule Filter to apply a logical AND to two or
-// more predicates. The Lifecycle Rule will apply to any object matching all
-// of the predicates configured inside the And operator.
-type LifecycleRuleAndOperator struct {
-	_ struct{} `type:"structure"`
-
-	// Minimum object size to which the rule applies.
-	ObjectSizeGreaterThan *int64 `type:"long"`
-
-	// Maximum object size to which the rule applies.
-	ObjectSizeLessThan *int64 `type:"long"`
-
-	// Prefix identifying one or more objects to which the rule applies.
-	Prefix *string `type:"string"`
-
-	// All of these tags must exist in the object's tag set in order for the rule
-	// to apply.
-	Tags []*Tag `locationName:"Tag" locationNameList:"Tag" type:"list" flattened:"true"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s LifecycleRuleAndOperator) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s LifecycleRuleAndOperator) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *LifecycleRuleAndOperator) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "LifecycleRuleAndOperator"}
-	if s.Tags != nil {
-		for i, v := range s.Tags {
-			if v == nil {
-				continue
-			}
-			if err := v.Validate(); err != nil {
-				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams))
-			}
-		}
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetObjectSizeGreaterThan sets the ObjectSizeGreaterThan field's value.
-func (s *LifecycleRuleAndOperator) SetObjectSizeGreaterThan(v int64) *LifecycleRuleAndOperator {
-	s.ObjectSizeGreaterThan = &v
-	return s
-}
-
-// SetObjectSizeLessThan sets the ObjectSizeLessThan field's value.
-func (s *LifecycleRuleAndOperator) SetObjectSizeLessThan(v int64) *LifecycleRuleAndOperator {
-	s.ObjectSizeLessThan = &v
-	return s
-}
-
-// SetPrefix sets the Prefix field's value.
-func (s *LifecycleRuleAndOperator) SetPrefix(v string) *LifecycleRuleAndOperator {
-	s.Prefix = &v
-	return s
-}
-
-// SetTags sets the Tags field's value.
-func (s *LifecycleRuleAndOperator) SetTags(v []*Tag) *LifecycleRuleAndOperator {
-	s.Tags = v
-	return s
-}
-
-// The Filter is used to identify objects that a Lifecycle Rule applies to.
-// A Filter must have exactly one of Prefix, Tag, or And specified.
-type LifecycleRuleFilter struct {
-	_ struct{} `type:"structure"`
-
-	// This is used in a Lifecycle Rule Filter to apply a logical AND to two or
-	// more predicates. The Lifecycle Rule will apply to any object matching all
-	// of the predicates configured inside the And operator.
-	And *LifecycleRuleAndOperator `type:"structure"`
-
-	// Minimum object size to which the rule applies.
-	ObjectSizeGreaterThan *int64 `type:"long"`
-
-	// Maximum object size to which the rule applies.
-	ObjectSizeLessThan *int64 `type:"long"`
-
-	// Prefix identifying one or more objects to which the rule applies.
-	//
-	// Replacement must be made for object keys containing special characters (such
-	// as carriage returns) when using XML requests. For more information, see XML
-	// related object key constraints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints).
-	Prefix *string `type:"string"`
-
-	// This tag must exist in the object's tag set in order for the rule to apply.
-	Tag *Tag `type:"structure"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s LifecycleRuleFilter) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s LifecycleRuleFilter) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *LifecycleRuleFilter) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "LifecycleRuleFilter"}
-	if s.And != nil {
-		if err := s.And.Validate(); err != nil {
-			invalidParams.AddNested("And", err.(request.ErrInvalidParams))
-		}
-	}
-	if s.Tag != nil {
-		if err := s.Tag.Validate(); err != nil {
-			invalidParams.AddNested("Tag", err.(request.ErrInvalidParams))
-		}
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetAnd sets the And field's value.
-func (s *LifecycleRuleFilter) SetAnd(v *LifecycleRuleAndOperator) *LifecycleRuleFilter {
-	s.And = v
-	return s
-}
-
-// SetObjectSizeGreaterThan sets the ObjectSizeGreaterThan field's value.
-func (s *LifecycleRuleFilter) SetObjectSizeGreaterThan(v int64) *LifecycleRuleFilter {
-	s.ObjectSizeGreaterThan = &v
-	return s
-}
-
-// SetObjectSizeLessThan sets the ObjectSizeLessThan field's value.
-func (s *LifecycleRuleFilter) SetObjectSizeLessThan(v int64) *LifecycleRuleFilter {
-	s.ObjectSizeLessThan = &v
-	return s
-}
-
-// SetPrefix sets the Prefix field's value.
-func (s *LifecycleRuleFilter) SetPrefix(v string) *LifecycleRuleFilter {
-	s.Prefix = &v
-	return s
-}
-
-// SetTag sets the Tag field's value.
-func (s *LifecycleRuleFilter) SetTag(v *Tag) *LifecycleRuleFilter {
-	s.Tag = v
-	return s
-}
-
-type ListBucketAnalyticsConfigurationsInput struct {
-	_ struct{} `locationName:"ListBucketAnalyticsConfigurationsRequest" type:"structure"`
-
-	// The name of the bucket from which analytics configurations are retrieved.
-	//
-	// Bucket is a required field
-	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
-
-	// The ContinuationToken that represents a placeholder from where this request
-	// should begin.
-	ContinuationToken *string `location:"querystring" locationName:"continuation-token" type:"string"`
-
-	// The account ID of the expected bucket owner. If the bucket is owned by a
-	// different account, the request fails with the HTTP status code 403 Forbidden
-	// (access denied).
-	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s ListBucketAnalyticsConfigurationsInput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s ListBucketAnalyticsConfigurationsInput) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *ListBucketAnalyticsConfigurationsInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "ListBucketAnalyticsConfigurationsInput"}
-	if s.Bucket == nil {
-		invalidParams.Add(request.NewErrParamRequired("Bucket"))
-	}
-	if s.Bucket != nil && len(*s.Bucket) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetBucket sets the Bucket field's value.
-func (s *ListBucketAnalyticsConfigurationsInput) SetBucket(v string) *ListBucketAnalyticsConfigurationsInput {
-	s.Bucket = &v
-	return s
-}
-
-func (s *ListBucketAnalyticsConfigurationsInput) getBucket() (v string) {
-	if s.Bucket == nil {
-		return v
-	}
-	return *s.Bucket
-}
-
-// SetContinuationToken sets the ContinuationToken field's value.
-func (s *ListBucketAnalyticsConfigurationsInput) SetContinuationToken(v string) *ListBucketAnalyticsConfigurationsInput {
-	s.ContinuationToken = &v
-	return s
-}
-
-// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
-func (s *ListBucketAnalyticsConfigurationsInput) SetExpectedBucketOwner(v string) *ListBucketAnalyticsConfigurationsInput {
-	s.ExpectedBucketOwner = &v
-	return s
-}
-
-func (s *ListBucketAnalyticsConfigurationsInput) getEndpointARN() (arn.Resource, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	return parseEndpointARN(*s.Bucket)
-}
-
-func (s *ListBucketAnalyticsConfigurationsInput) hasEndpointARN() bool {
-	if s.Bucket == nil {
-		return false
-	}
-	return arn.IsARN(*s.Bucket)
-}
-
-// updateArnableField updates the value of the input field that
-// takes an ARN as an input. This method is useful to backfill
-// the parsed resource name from ARN into the input member.
-// It returns a pointer to a modified copy of input and an error.
-// Note that original input is not modified.
-func (s ListBucketAnalyticsConfigurationsInput) updateArnableField(v string) (interface{}, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	s.Bucket = aws.String(v)
-	return &s, nil
-}
-
-type ListBucketAnalyticsConfigurationsOutput struct {
-	_ struct{} `type:"structure"`
-
-	// The list of analytics configurations for a bucket.
-	AnalyticsConfigurationList []*AnalyticsConfiguration `locationName:"AnalyticsConfiguration" type:"list" flattened:"true"`
-
-	// The marker that is used as a starting point for this analytics configuration
-	// list response. This value is present if it was sent in the request.
-	ContinuationToken *string `type:"string"`
-
-	// Indicates whether the returned list of analytics configurations is complete.
-	// A value of true indicates that the list is not complete and the NextContinuationToken
-	// will be provided for a subsequent request.
-	IsTruncated *bool `type:"boolean"`
-
-	// NextContinuationToken is sent when isTruncated is true, which indicates that
-	// there are more analytics configurations to list. The next request must include
-	// this NextContinuationToken. The token is obfuscated and is not a usable value.
-	NextContinuationToken *string `type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s ListBucketAnalyticsConfigurationsOutput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s ListBucketAnalyticsConfigurationsOutput) GoString() string {
-	return s.String()
-}
-
-// SetAnalyticsConfigurationList sets the AnalyticsConfigurationList field's value.
-func (s *ListBucketAnalyticsConfigurationsOutput) SetAnalyticsConfigurationList(v []*AnalyticsConfiguration) *ListBucketAnalyticsConfigurationsOutput {
-	s.AnalyticsConfigurationList = v
-	return s
-}
-
-// SetContinuationToken sets the ContinuationToken field's value.
-func (s *ListBucketAnalyticsConfigurationsOutput) SetContinuationToken(v string) *ListBucketAnalyticsConfigurationsOutput {
-	s.ContinuationToken = &v
-	return s
-}
-
-// SetIsTruncated sets the IsTruncated field's value.
-func (s *ListBucketAnalyticsConfigurationsOutput) SetIsTruncated(v bool) *ListBucketAnalyticsConfigurationsOutput {
-	s.IsTruncated = &v
-	return s
-}
-
-// SetNextContinuationToken sets the NextContinuationToken field's value.
-func (s *ListBucketAnalyticsConfigurationsOutput) SetNextContinuationToken(v string) *ListBucketAnalyticsConfigurationsOutput {
-	s.NextContinuationToken = &v
-	return s
-}
-
-type ListBucketIntelligentTieringConfigurationsInput struct {
-	_ struct{} `locationName:"ListBucketIntelligentTieringConfigurationsRequest" type:"structure"`
-
-	// The name of the Amazon S3 bucket whose configuration you want to modify or
-	// retrieve.
-	//
-	// Bucket is a required field
-	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
-
-	// The ContinuationToken that represents a placeholder from where this request
-	// should begin.
-	ContinuationToken *string `location:"querystring" locationName:"continuation-token" type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s ListBucketIntelligentTieringConfigurationsInput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s ListBucketIntelligentTieringConfigurationsInput) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *ListBucketIntelligentTieringConfigurationsInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "ListBucketIntelligentTieringConfigurationsInput"}
-	if s.Bucket == nil {
-		invalidParams.Add(request.NewErrParamRequired("Bucket"))
-	}
-	if s.Bucket != nil && len(*s.Bucket) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetBucket sets the Bucket field's value.
-func (s *ListBucketIntelligentTieringConfigurationsInput) SetBucket(v string) *ListBucketIntelligentTieringConfigurationsInput {
-	s.Bucket = &v
-	return s
-}
-
-func (s *ListBucketIntelligentTieringConfigurationsInput) getBucket() (v string) {
-	if s.Bucket == nil {
-		return v
-	}
-	return *s.Bucket
-}
-
-// SetContinuationToken sets the ContinuationToken field's value.
-func (s *ListBucketIntelligentTieringConfigurationsInput) SetContinuationToken(v string) *ListBucketIntelligentTieringConfigurationsInput {
-	s.ContinuationToken = &v
-	return s
-}
-
-func (s *ListBucketIntelligentTieringConfigurationsInput) getEndpointARN() (arn.Resource, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	return parseEndpointARN(*s.Bucket)
-}
-
-func (s *ListBucketIntelligentTieringConfigurationsInput) hasEndpointARN() bool {
-	if s.Bucket == nil {
-		return false
-	}
-	return arn.IsARN(*s.Bucket)
-}
-
-// updateArnableField updates the value of the input field that
-// takes an ARN as an input. This method is useful to backfill
-// the parsed resource name from ARN into the input member.
-// It returns a pointer to a modified copy of input and an error.
-// Note that original input is not modified.
-func (s ListBucketIntelligentTieringConfigurationsInput) updateArnableField(v string) (interface{}, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	s.Bucket = aws.String(v)
-	return &s, nil
-}
-
-type ListBucketIntelligentTieringConfigurationsOutput struct {
-	_ struct{} `type:"structure"`
-
-	// The ContinuationToken that represents a placeholder from where this request
-	// should begin.
-	ContinuationToken *string `type:"string"`
-
-	// The list of S3 Intelligent-Tiering configurations for a bucket.
-	IntelligentTieringConfigurationList []*IntelligentTieringConfiguration `locationName:"IntelligentTieringConfiguration" type:"list" flattened:"true"`
-
-	// Indicates whether the returned list of analytics configurations is complete.
-	// A value of true indicates that the list is not complete and the NextContinuationToken
-	// will be provided for a subsequent request.
-	IsTruncated *bool `type:"boolean"`
-
-	// The marker used to continue this inventory configuration listing. Use the
-	// NextContinuationToken from this response to continue the listing in a subsequent
-	// request. The continuation token is an opaque value that Amazon S3 understands.
-	NextContinuationToken *string `type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s ListBucketIntelligentTieringConfigurationsOutput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s ListBucketIntelligentTieringConfigurationsOutput) GoString() string {
-	return s.String()
-}
-
-// SetContinuationToken sets the ContinuationToken field's value.
-func (s *ListBucketIntelligentTieringConfigurationsOutput) SetContinuationToken(v string) *ListBucketIntelligentTieringConfigurationsOutput {
-	s.ContinuationToken = &v
-	return s
-}
-
-// SetIntelligentTieringConfigurationList sets the IntelligentTieringConfigurationList field's value.
-func (s *ListBucketIntelligentTieringConfigurationsOutput) SetIntelligentTieringConfigurationList(v []*IntelligentTieringConfiguration) *ListBucketIntelligentTieringConfigurationsOutput {
-	s.IntelligentTieringConfigurationList = v
-	return s
-}
-
-// SetIsTruncated sets the IsTruncated field's value.
-func (s *ListBucketIntelligentTieringConfigurationsOutput) SetIsTruncated(v bool) *ListBucketIntelligentTieringConfigurationsOutput {
-	s.IsTruncated = &v
-	return s
-}
-
-// SetNextContinuationToken sets the NextContinuationToken field's value.
-func (s *ListBucketIntelligentTieringConfigurationsOutput) SetNextContinuationToken(v string) *ListBucketIntelligentTieringConfigurationsOutput {
-	s.NextContinuationToken = &v
-	return s
-}
-
-type ListBucketInventoryConfigurationsInput struct {
-	_ struct{} `locationName:"ListBucketInventoryConfigurationsRequest" type:"structure"`
-
-	// The name of the bucket containing the inventory configurations to retrieve.
-	//
-	// Bucket is a required field
-	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
-
-	// The marker used to continue an inventory configuration listing that has been
-	// truncated. Use the NextContinuationToken from a previously truncated list
-	// response to continue the listing. The continuation token is an opaque value
-	// that Amazon S3 understands.
-	ContinuationToken *string `location:"querystring" locationName:"continuation-token" type:"string"`
-
-	// The account ID of the expected bucket owner. If the bucket is owned by a
-	// different account, the request fails with the HTTP status code 403 Forbidden
-	// (access denied).
-	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s ListBucketInventoryConfigurationsInput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s ListBucketInventoryConfigurationsInput) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *ListBucketInventoryConfigurationsInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "ListBucketInventoryConfigurationsInput"}
-	if s.Bucket == nil {
-		invalidParams.Add(request.NewErrParamRequired("Bucket"))
-	}
-	if s.Bucket != nil && len(*s.Bucket) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetBucket sets the Bucket field's value.
-func (s *ListBucketInventoryConfigurationsInput) SetBucket(v string) *ListBucketInventoryConfigurationsInput {
-	s.Bucket = &v
-	return s
-}
-
-func (s *ListBucketInventoryConfigurationsInput) getBucket() (v string) {
-	if s.Bucket == nil {
-		return v
-	}
-	return *s.Bucket
-}
-
-// SetContinuationToken sets the ContinuationToken field's value.
-func (s *ListBucketInventoryConfigurationsInput) SetContinuationToken(v string) *ListBucketInventoryConfigurationsInput {
-	s.ContinuationToken = &v
-	return s
-}
-
-// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
-func (s *ListBucketInventoryConfigurationsInput) SetExpectedBucketOwner(v string) *ListBucketInventoryConfigurationsInput {
-	s.ExpectedBucketOwner = &v
-	return s
-}
-
-func (s *ListBucketInventoryConfigurationsInput) getEndpointARN() (arn.Resource, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	return parseEndpointARN(*s.Bucket)
-}
-
-func (s *ListBucketInventoryConfigurationsInput) hasEndpointARN() bool {
-	if s.Bucket == nil {
-		return false
-	}
-	return arn.IsARN(*s.Bucket)
-}
-
-// updateArnableField updates the value of the input field that
-// takes an ARN as an input. This method is useful to backfill
-// the parsed resource name from ARN into the input member.
-// It returns a pointer to a modified copy of input and an error.
-// Note that original input is not modified.
-func (s ListBucketInventoryConfigurationsInput) updateArnableField(v string) (interface{}, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	s.Bucket = aws.String(v)
-	return &s, nil
-}
-
-type ListBucketInventoryConfigurationsOutput struct {
-	_ struct{} `type:"structure"`
-
-	// If sent in the request, the marker that is used as a starting point for this
-	// inventory configuration list response.
-	ContinuationToken *string `type:"string"`
-
-	// The list of inventory configurations for a bucket.
-	InventoryConfigurationList []*InventoryConfiguration `locationName:"InventoryConfiguration" type:"list" flattened:"true"`
-
-	// Tells whether the returned list of inventory configurations is complete.
-	// A value of true indicates that the list is not complete and the NextContinuationToken
-	// is provided for a subsequent request.
-	IsTruncated *bool `type:"boolean"`
-
-	// The marker used to continue this inventory configuration listing. Use the
-	// NextContinuationToken from this response to continue the listing in a subsequent
-	// request. The continuation token is an opaque value that Amazon S3 understands.
-	NextContinuationToken *string `type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s ListBucketInventoryConfigurationsOutput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s ListBucketInventoryConfigurationsOutput) GoString() string {
-	return s.String()
-}
-
-// SetContinuationToken sets the ContinuationToken field's value.
-func (s *ListBucketInventoryConfigurationsOutput) SetContinuationToken(v string) *ListBucketInventoryConfigurationsOutput {
-	s.ContinuationToken = &v
-	return s
-}
-
-// SetInventoryConfigurationList sets the InventoryConfigurationList field's value.
-func (s *ListBucketInventoryConfigurationsOutput) SetInventoryConfigurationList(v []*InventoryConfiguration) *ListBucketInventoryConfigurationsOutput {
-	s.InventoryConfigurationList = v
-	return s
-}
-
-// SetIsTruncated sets the IsTruncated field's value.
-func (s *ListBucketInventoryConfigurationsOutput) SetIsTruncated(v bool) *ListBucketInventoryConfigurationsOutput {
-	s.IsTruncated = &v
-	return s
-}
-
-// SetNextContinuationToken sets the NextContinuationToken field's value.
-func (s *ListBucketInventoryConfigurationsOutput) SetNextContinuationToken(v string) *ListBucketInventoryConfigurationsOutput {
-	s.NextContinuationToken = &v
-	return s
-}
-
-type ListBucketMetricsConfigurationsInput struct {
-	_ struct{} `locationName:"ListBucketMetricsConfigurationsRequest" type:"structure"`
-
-	// The name of the bucket containing the metrics configurations to retrieve.
-	//
-	// Bucket is a required field
-	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
-
-	// The marker that is used to continue a metrics configuration listing that
-	// has been truncated. Use the NextContinuationToken from a previously truncated
-	// list response to continue the listing. The continuation token is an opaque
-	// value that Amazon S3 understands.
-	ContinuationToken *string `location:"querystring" locationName:"continuation-token" type:"string"`
-
-	// The account ID of the expected bucket owner. If the bucket is owned by a
-	// different account, the request fails with the HTTP status code 403 Forbidden
-	// (access denied).
-	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s ListBucketMetricsConfigurationsInput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s ListBucketMetricsConfigurationsInput) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *ListBucketMetricsConfigurationsInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "ListBucketMetricsConfigurationsInput"}
-	if s.Bucket == nil {
-		invalidParams.Add(request.NewErrParamRequired("Bucket"))
-	}
-	if s.Bucket != nil && len(*s.Bucket) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetBucket sets the Bucket field's value.
-func (s *ListBucketMetricsConfigurationsInput) SetBucket(v string) *ListBucketMetricsConfigurationsInput {
-	s.Bucket = &v
-	return s
-}
-
-func (s *ListBucketMetricsConfigurationsInput) getBucket() (v string) {
-	if s.Bucket == nil {
-		return v
-	}
-	return *s.Bucket
-}
-
-// SetContinuationToken sets the ContinuationToken field's value.
-func (s *ListBucketMetricsConfigurationsInput) SetContinuationToken(v string) *ListBucketMetricsConfigurationsInput {
-	s.ContinuationToken = &v
-	return s
-}
-
-// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
-func (s *ListBucketMetricsConfigurationsInput) SetExpectedBucketOwner(v string) *ListBucketMetricsConfigurationsInput {
-	s.ExpectedBucketOwner = &v
-	return s
-}
-
-func (s *ListBucketMetricsConfigurationsInput) getEndpointARN() (arn.Resource, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	return parseEndpointARN(*s.Bucket)
-}
-
-func (s *ListBucketMetricsConfigurationsInput) hasEndpointARN() bool {
-	if s.Bucket == nil {
-		return false
-	}
-	return arn.IsARN(*s.Bucket)
-}
-
-// updateArnableField updates the value of the input field that
-// takes an ARN as an input. This method is useful to backfill
-// the parsed resource name from ARN into the input member.
-// It returns a pointer to a modified copy of input and an error.
-// Note that original input is not modified.
-func (s ListBucketMetricsConfigurationsInput) updateArnableField(v string) (interface{}, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	s.Bucket = aws.String(v)
-	return &s, nil
-}
-
-type ListBucketMetricsConfigurationsOutput struct {
-	_ struct{} `type:"structure"`
-
-	// The marker that is used as a starting point for this metrics configuration
-	// list response. This value is present if it was sent in the request.
-	ContinuationToken *string `type:"string"`
-
-	// Indicates whether the returned list of metrics configurations is complete.
-	// A value of true indicates that the list is not complete and the NextContinuationToken
-	// will be provided for a subsequent request.
-	IsTruncated *bool `type:"boolean"`
-
-	// The list of metrics configurations for a bucket.
-	MetricsConfigurationList []*MetricsConfiguration `locationName:"MetricsConfiguration" type:"list" flattened:"true"`
-
-	// The marker used to continue a metrics configuration listing that has been
-	// truncated. Use the NextContinuationToken from a previously truncated list
-	// response to continue the listing. The continuation token is an opaque value
-	// that Amazon S3 understands.
-	NextContinuationToken *string `type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s ListBucketMetricsConfigurationsOutput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s ListBucketMetricsConfigurationsOutput) GoString() string {
-	return s.String()
-}
-
-// SetContinuationToken sets the ContinuationToken field's value.
-func (s *ListBucketMetricsConfigurationsOutput) SetContinuationToken(v string) *ListBucketMetricsConfigurationsOutput {
-	s.ContinuationToken = &v
-	return s
-}
-
-// SetIsTruncated sets the IsTruncated field's value.
-func (s *ListBucketMetricsConfigurationsOutput) SetIsTruncated(v bool) *ListBucketMetricsConfigurationsOutput {
-	s.IsTruncated = &v
-	return s
-}
-
-// SetMetricsConfigurationList sets the MetricsConfigurationList field's value.
-func (s *ListBucketMetricsConfigurationsOutput) SetMetricsConfigurationList(v []*MetricsConfiguration) *ListBucketMetricsConfigurationsOutput {
-	s.MetricsConfigurationList = v
-	return s
-}
-
-// SetNextContinuationToken sets the NextContinuationToken field's value.
-func (s *ListBucketMetricsConfigurationsOutput) SetNextContinuationToken(v string) *ListBucketMetricsConfigurationsOutput {
-	s.NextContinuationToken = &v
-	return s
-}
-
-type ListBucketsInput struct {
-	_ struct{} `type:"structure"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s ListBucketsInput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s ListBucketsInput) GoString() string {
-	return s.String()
-}
-
-type ListBucketsOutput struct {
-	_ struct{} `type:"structure"`
-
-	// The list of buckets owned by the requester.
-	Buckets []*Bucket `locationNameList:"Bucket" type:"list"`
-
-	// The owner of the buckets listed.
-	Owner *Owner `type:"structure"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s ListBucketsOutput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s ListBucketsOutput) GoString() string {
-	return s.String()
-}
-
-// SetBuckets sets the Buckets field's value.
-func (s *ListBucketsOutput) SetBuckets(v []*Bucket) *ListBucketsOutput {
-	s.Buckets = v
-	return s
-}
-
-// SetOwner sets the Owner field's value.
-func (s *ListBucketsOutput) SetOwner(v *Owner) *ListBucketsOutput {
-	s.Owner = v
-	return s
-}
-
-type ListMultipartUploadsInput struct {
-	_ struct{} `locationName:"ListMultipartUploadsRequest" type:"structure"`
-
-	// The name of the bucket to which the multipart upload was initiated.
-	//
-	// When using this action with an access point, you must direct requests to
-	// the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com.
-	// When using this action with an access point through the Amazon Web Services
-	// SDKs, you provide the access point ARN in place of the bucket name. For more
-	// information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
-	// in the Amazon S3 User Guide.
-	//
-	// When you use this action with Amazon S3 on Outposts, you must direct requests
-	// to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form
-	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When
-	// you use this action with S3 on Outposts through the Amazon Web Services SDKs,
-	// you provide the Outposts access point ARN in place of the bucket name. For
-	// more information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
-	// in the Amazon S3 User Guide.
-	//
-	// Bucket is a required field
-	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
-
-	// Character you use to group keys.
-	//
-	// All keys that contain the same string between the prefix, if specified, and
-	// the first occurrence of the delimiter after the prefix are grouped under
-	// a single result element, CommonPrefixes. If you don't specify the prefix
-	// parameter, then the substring starts at the beginning of the key. The keys
-	// that are grouped under CommonPrefixes result element are not returned elsewhere
-	// in the response.
-	Delimiter *string `location:"querystring" locationName:"delimiter" type:"string"`
-
-	// Requests Amazon S3 to encode the object keys in the response and specifies
-	// the encoding method to use. An object key may contain any Unicode character;
-	// however, XML 1.0 parser cannot parse some characters, such as characters
-	// with an ASCII value from 0 to 10. For characters that are not supported in
-	// XML 1.0, you can add this parameter to request that Amazon S3 encode the
-	// keys in the response.
-	EncodingType *string `location:"querystring" locationName:"encoding-type" type:"string" enum:"EncodingType"`
-
-	// The account ID of the expected bucket owner. If the bucket is owned by a
-	// different account, the request fails with the HTTP status code 403 Forbidden
-	// (access denied).
-	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
-
-	// Together with upload-id-marker, this parameter specifies the multipart upload
-	// after which listing should begin.
-	//
-	// If upload-id-marker is not specified, only the keys lexicographically greater
-	// than the specified key-marker will be included in the list.
-	//
-	// If upload-id-marker is specified, any multipart uploads for a key equal to
-	// the key-marker might also be included, provided those multipart uploads have
-	// upload IDs lexicographically greater than the specified upload-id-marker.
-	KeyMarker *string `location:"querystring" locationName:"key-marker" type:"string"`
-
-	// Sets the maximum number of multipart uploads, from 1 to 1,000, to return
-	// in the response body. 1,000 is the maximum number of uploads that can be
-	// returned in a response.
-	MaxUploads *int64 `location:"querystring" locationName:"max-uploads" type:"integer"`
-
-	// Lists in-progress uploads only for those keys that begin with the specified
-	// prefix. You can use prefixes to separate a bucket into different grouping
-	// of keys. (You can think of using prefix to make groups in the same way you'd
-	// use a folder in a file system.)
-	Prefix *string `location:"querystring" locationName:"prefix" type:"string"`
-
-	// Confirms that the requester knows that they will be charged for the request.
-	// Bucket owners need not specify this parameter in their requests. For information
-	// about downloading objects from Requester Pays buckets, see Downloading Objects
-	// in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
-	// in the Amazon S3 User Guide.
-	RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"`
-
-	// Together with key-marker, specifies the multipart upload after which listing
-	// should begin. If key-marker is not specified, the upload-id-marker parameter
-	// is ignored. Otherwise, any multipart uploads for a key equal to the key-marker
-	// might be included in the list only if they have an upload ID lexicographically
-	// greater than the specified upload-id-marker.
-	UploadIdMarker *string `location:"querystring" locationName:"upload-id-marker" type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s ListMultipartUploadsInput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s ListMultipartUploadsInput) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *ListMultipartUploadsInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "ListMultipartUploadsInput"}
-	if s.Bucket == nil {
-		invalidParams.Add(request.NewErrParamRequired("Bucket"))
-	}
-	if s.Bucket != nil && len(*s.Bucket) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetBucket sets the Bucket field's value.
-func (s *ListMultipartUploadsInput) SetBucket(v string) *ListMultipartUploadsInput {
-	s.Bucket = &v
-	return s
-}
-
-func (s *ListMultipartUploadsInput) getBucket() (v string) {
-	if s.Bucket == nil {
-		return v
-	}
-	return *s.Bucket
-}
-
-// SetDelimiter sets the Delimiter field's value.
-func (s *ListMultipartUploadsInput) SetDelimiter(v string) *ListMultipartUploadsInput {
-	s.Delimiter = &v
-	return s
-}
-
-// SetEncodingType sets the EncodingType field's value.
-func (s *ListMultipartUploadsInput) SetEncodingType(v string) *ListMultipartUploadsInput {
-	s.EncodingType = &v
-	return s
-}
-
-// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
-func (s *ListMultipartUploadsInput) SetExpectedBucketOwner(v string) *ListMultipartUploadsInput {
-	s.ExpectedBucketOwner = &v
-	return s
-}
-
-// SetKeyMarker sets the KeyMarker field's value.
-func (s *ListMultipartUploadsInput) SetKeyMarker(v string) *ListMultipartUploadsInput {
-	s.KeyMarker = &v
-	return s
-}
-
-// SetMaxUploads sets the MaxUploads field's value.
-func (s *ListMultipartUploadsInput) SetMaxUploads(v int64) *ListMultipartUploadsInput {
-	s.MaxUploads = &v
-	return s
-}
-
-// SetPrefix sets the Prefix field's value.
-func (s *ListMultipartUploadsInput) SetPrefix(v string) *ListMultipartUploadsInput {
-	s.Prefix = &v
-	return s
-}
-
-// SetRequestPayer sets the RequestPayer field's value.
-func (s *ListMultipartUploadsInput) SetRequestPayer(v string) *ListMultipartUploadsInput {
-	s.RequestPayer = &v
-	return s
-}
-
-// SetUploadIdMarker sets the UploadIdMarker field's value.
-func (s *ListMultipartUploadsInput) SetUploadIdMarker(v string) *ListMultipartUploadsInput {
-	s.UploadIdMarker = &v
-	return s
-}
-
-func (s *ListMultipartUploadsInput) getEndpointARN() (arn.Resource, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	return parseEndpointARN(*s.Bucket)
-}
-
-func (s *ListMultipartUploadsInput) hasEndpointARN() bool {
-	if s.Bucket == nil {
-		return false
-	}
-	return arn.IsARN(*s.Bucket)
-}
-
-// updateArnableField updates the value of the input field that
-// takes an ARN as an input. This method is useful to backfill
-// the parsed resource name from ARN into the input member.
-// It returns a pointer to a modified copy of input and an error.
-// Note that original input is not modified.
-func (s ListMultipartUploadsInput) updateArnableField(v string) (interface{}, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	s.Bucket = aws.String(v)
-	return &s, nil
-}
-
-type ListMultipartUploadsOutput struct {
-	_ struct{} `type:"structure"`
-
-	// The name of the bucket to which the multipart upload was initiated. Does
-	// not return the access point ARN or access point alias if used.
-	Bucket *string `type:"string"`
-
-	// If you specify a delimiter in the request, then the result returns each distinct
-	// key prefix containing the delimiter in a CommonPrefixes element. The distinct
-	// key prefixes are returned in the Prefix child element.
-	CommonPrefixes []*CommonPrefix `type:"list" flattened:"true"`
-
-	// Contains the delimiter you specified in the request. If you don't specify
-	// a delimiter in your request, this element is absent from the response.
-	Delimiter *string `type:"string"`
-
-	// Encoding type used by Amazon S3 to encode object keys in the response.
-	//
-	// If you specify encoding-type request parameter, Amazon S3 includes this element
-	// in the response, and returns encoded key name values in the following response
-	// elements:
-	//
-	// Delimiter, KeyMarker, Prefix, NextKeyMarker, Key.
-	EncodingType *string `type:"string" enum:"EncodingType"`
-
-	// Indicates whether the returned list of multipart uploads is truncated. A
-	// value of true indicates that the list was truncated. The list can be truncated
-	// if the number of multipart uploads exceeds the limit allowed or specified
-	// by max uploads.
-	IsTruncated *bool `type:"boolean"`
-
-	// The key at or after which the listing began.
-	KeyMarker *string `type:"string"`
-
-	// Maximum number of multipart uploads that could have been included in the
-	// response.
-	MaxUploads *int64 `type:"integer"`
-
-	// When a list is truncated, this element specifies the value that should be
-	// used for the key-marker request parameter in a subsequent request.
-	NextKeyMarker *string `type:"string"`
-
-	// When a list is truncated, this element specifies the value that should be
-	// used for the upload-id-marker request parameter in a subsequent request.
-	NextUploadIdMarker *string `type:"string"`
-
-	// When a prefix is provided in the request, this field contains the specified
-	// prefix. The result contains only keys starting with the specified prefix.
-	Prefix *string `type:"string"`
-
-	// If present, indicates that the requester was successfully charged for the
-	// request.
-	RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"`
-
-	// Upload ID after which listing began.
-	UploadIdMarker *string `type:"string"`
-
-	// Container for elements related to a particular multipart upload. A response
-	// can contain zero or more Upload elements.
-	Uploads []*MultipartUpload `locationName:"Upload" type:"list" flattened:"true"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s ListMultipartUploadsOutput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s ListMultipartUploadsOutput) GoString() string {
-	return s.String()
-}
-
-// SetBucket sets the Bucket field's value.
-func (s *ListMultipartUploadsOutput) SetBucket(v string) *ListMultipartUploadsOutput {
-	s.Bucket = &v
-	return s
-}
-
-func (s *ListMultipartUploadsOutput) getBucket() (v string) {
-	if s.Bucket == nil {
-		return v
-	}
-	return *s.Bucket
-}
-
-// SetCommonPrefixes sets the CommonPrefixes field's value.
-func (s *ListMultipartUploadsOutput) SetCommonPrefixes(v []*CommonPrefix) *ListMultipartUploadsOutput {
-	s.CommonPrefixes = v
-	return s
-}
-
-// SetDelimiter sets the Delimiter field's value.
-func (s *ListMultipartUploadsOutput) SetDelimiter(v string) *ListMultipartUploadsOutput {
-	s.Delimiter = &v
-	return s
-}
-
-// SetEncodingType sets the EncodingType field's value.
-func (s *ListMultipartUploadsOutput) SetEncodingType(v string) *ListMultipartUploadsOutput {
-	s.EncodingType = &v
-	return s
-}
-
-// SetIsTruncated sets the IsTruncated field's value.
-func (s *ListMultipartUploadsOutput) SetIsTruncated(v bool) *ListMultipartUploadsOutput {
-	s.IsTruncated = &v
-	return s
-}
-
-// SetKeyMarker sets the KeyMarker field's value.
-func (s *ListMultipartUploadsOutput) SetKeyMarker(v string) *ListMultipartUploadsOutput {
-	s.KeyMarker = &v
-	return s
-}
-
-// SetMaxUploads sets the MaxUploads field's value.
-func (s *ListMultipartUploadsOutput) SetMaxUploads(v int64) *ListMultipartUploadsOutput {
-	s.MaxUploads = &v
-	return s
-}
-
-// SetNextKeyMarker sets the NextKeyMarker field's value.
-func (s *ListMultipartUploadsOutput) SetNextKeyMarker(v string) *ListMultipartUploadsOutput {
-	s.NextKeyMarker = &v
-	return s
-}
-
-// SetNextUploadIdMarker sets the NextUploadIdMarker field's value.
-func (s *ListMultipartUploadsOutput) SetNextUploadIdMarker(v string) *ListMultipartUploadsOutput {
-	s.NextUploadIdMarker = &v
-	return s
-}
-
-// SetPrefix sets the Prefix field's value.
-func (s *ListMultipartUploadsOutput) SetPrefix(v string) *ListMultipartUploadsOutput {
-	s.Prefix = &v
-	return s
-}
-
-// SetRequestCharged sets the RequestCharged field's value.
-func (s *ListMultipartUploadsOutput) SetRequestCharged(v string) *ListMultipartUploadsOutput {
-	s.RequestCharged = &v
-	return s
-}
-
-// SetUploadIdMarker sets the UploadIdMarker field's value.
-func (s *ListMultipartUploadsOutput) SetUploadIdMarker(v string) *ListMultipartUploadsOutput {
-	s.UploadIdMarker = &v
-	return s
-}
-
-// SetUploads sets the Uploads field's value.
-func (s *ListMultipartUploadsOutput) SetUploads(v []*MultipartUpload) *ListMultipartUploadsOutput {
-	s.Uploads = v
-	return s
-}
-
-type ListObjectVersionsInput struct {
-	_ struct{} `locationName:"ListObjectVersionsRequest" type:"structure"`
-
-	// The bucket name that contains the objects.
-	//
-	// Bucket is a required field
-	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
-
-	// A delimiter is a character that you specify to group keys. All keys that
-	// contain the same string between the prefix and the first occurrence of the
-	// delimiter are grouped under a single result element in CommonPrefixes. These
-	// groups are counted as one result against the max-keys limitation. These keys
-	// are not returned elsewhere in the response.
-	Delimiter *string `location:"querystring" locationName:"delimiter" type:"string"`
-
-	// Requests Amazon S3 to encode the object keys in the response and specifies
-	// the encoding method to use. An object key may contain any Unicode character;
-	// however, XML 1.0 parser cannot parse some characters, such as characters
-	// with an ASCII value from 0 to 10. For characters that are not supported in
-	// XML 1.0, you can add this parameter to request that Amazon S3 encode the
-	// keys in the response.
-	EncodingType *string `location:"querystring" locationName:"encoding-type" type:"string" enum:"EncodingType"`
-
-	// The account ID of the expected bucket owner. If the bucket is owned by a
-	// different account, the request fails with the HTTP status code 403 Forbidden
-	// (access denied).
-	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
-
-	// Specifies the key to start with when listing objects in a bucket.
-	KeyMarker *string `location:"querystring" locationName:"key-marker" type:"string"`
-
-	// Sets the maximum number of keys returned in the response. By default the
-	// action returns up to 1,000 key names. The response might contain fewer keys
-	// but will never contain more. If additional keys satisfy the search criteria,
-	// but were not returned because max-keys was exceeded, the response contains
-	// <isTruncated>true</isTruncated>. To return the additional keys, see key-marker
-	// and version-id-marker.
-	MaxKeys *int64 `location:"querystring" locationName:"max-keys" type:"integer"`
-
-	// Use this parameter to select only those keys that begin with the specified
-	// prefix. You can use prefixes to separate a bucket into different groupings
-	// of keys. (You can think of using prefix to make groups in the same way you'd
-	// use a folder in a file system.) You can use prefix with delimiter to roll
-	// up numerous objects into a single result under CommonPrefixes.
-	Prefix *string `location:"querystring" locationName:"prefix" type:"string"`
-
-	// Confirms that the requester knows that they will be charged for the request.
-	// Bucket owners need not specify this parameter in their requests. For information
-	// about downloading objects from Requester Pays buckets, see Downloading Objects
-	// in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
-	// in the Amazon S3 User Guide.
-	RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"`
-
-	// Specifies the object version you want to start listing from.
-	VersionIdMarker *string `location:"querystring" locationName:"version-id-marker" type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s ListObjectVersionsInput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s ListObjectVersionsInput) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *ListObjectVersionsInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "ListObjectVersionsInput"}
-	if s.Bucket == nil {
-		invalidParams.Add(request.NewErrParamRequired("Bucket"))
-	}
-	if s.Bucket != nil && len(*s.Bucket) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetBucket sets the Bucket field's value.
-func (s *ListObjectVersionsInput) SetBucket(v string) *ListObjectVersionsInput {
-	s.Bucket = &v
-	return s
-}
-
-func (s *ListObjectVersionsInput) getBucket() (v string) {
-	if s.Bucket == nil {
-		return v
-	}
-	return *s.Bucket
-}
-
-// SetDelimiter sets the Delimiter field's value.
-func (s *ListObjectVersionsInput) SetDelimiter(v string) *ListObjectVersionsInput {
-	s.Delimiter = &v
-	return s
-}
-
-// SetEncodingType sets the EncodingType field's value.
-func (s *ListObjectVersionsInput) SetEncodingType(v string) *ListObjectVersionsInput {
-	s.EncodingType = &v
-	return s
-}
-
-// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
-func (s *ListObjectVersionsInput) SetExpectedBucketOwner(v string) *ListObjectVersionsInput {
-	s.ExpectedBucketOwner = &v
-	return s
-}
-
-// SetKeyMarker sets the KeyMarker field's value.
-func (s *ListObjectVersionsInput) SetKeyMarker(v string) *ListObjectVersionsInput {
-	s.KeyMarker = &v
-	return s
-}
-
-// SetMaxKeys sets the MaxKeys field's value.
-func (s *ListObjectVersionsInput) SetMaxKeys(v int64) *ListObjectVersionsInput {
-	s.MaxKeys = &v
-	return s
-}
-
-// SetPrefix sets the Prefix field's value.
-func (s *ListObjectVersionsInput) SetPrefix(v string) *ListObjectVersionsInput {
-	s.Prefix = &v
-	return s
-}
-
-// SetRequestPayer sets the RequestPayer field's value.
-func (s *ListObjectVersionsInput) SetRequestPayer(v string) *ListObjectVersionsInput {
-	s.RequestPayer = &v
-	return s
-}
-
-// SetVersionIdMarker sets the VersionIdMarker field's value.
-func (s *ListObjectVersionsInput) SetVersionIdMarker(v string) *ListObjectVersionsInput {
-	s.VersionIdMarker = &v
-	return s
-}
-
-func (s *ListObjectVersionsInput) getEndpointARN() (arn.Resource, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	return parseEndpointARN(*s.Bucket)
-}
-
-func (s *ListObjectVersionsInput) hasEndpointARN() bool {
-	if s.Bucket == nil {
-		return false
-	}
-	return arn.IsARN(*s.Bucket)
-}
-
-// updateArnableField updates the value of the input field that
-// takes an ARN as an input. This method is useful to backfill
-// the parsed resource name from ARN into the input member.
-// It returns a pointer to a modified copy of input and an error.
-// Note that original input is not modified.
-func (s ListObjectVersionsInput) updateArnableField(v string) (interface{}, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	s.Bucket = aws.String(v)
-	return &s, nil
-}
-
-type ListObjectVersionsOutput struct {
-	_ struct{} `type:"structure"`
-
-	// All of the keys rolled up into a common prefix count as a single return when
-	// calculating the number of returns.
-	CommonPrefixes []*CommonPrefix `type:"list" flattened:"true"`
-
-	// Container for an object that is a delete marker.
-	DeleteMarkers []*DeleteMarkerEntry `locationName:"DeleteMarker" type:"list" flattened:"true"`
-
-	// The delimiter grouping the included keys. A delimiter is a character that
-	// you specify to group keys. All keys that contain the same string between
-	// the prefix and the first occurrence of the delimiter are grouped under a
-	// single result element in CommonPrefixes. These groups are counted as one
-	// result against the max-keys limitation. These keys are not returned elsewhere
-	// in the response.
-	Delimiter *string `type:"string"`
-
-	// Encoding type used by Amazon S3 to encode object key names in the XML response.
-	//
-	// If you specify encoding-type request parameter, Amazon S3 includes this element
-	// in the response, and returns encoded key name values in the following response
-	// elements:
-	//
-	// KeyMarker, NextKeyMarker, Prefix, Key, and Delimiter.
-	EncodingType *string `type:"string" enum:"EncodingType"`
-
-	// A flag that indicates whether Amazon S3 returned all of the results that
-	// satisfied the search criteria. If your results were truncated, you can make
-	// a follow-up paginated request using the NextKeyMarker and NextVersionIdMarker
-	// response parameters as a starting place in another request to return the
-	// rest of the results.
-	IsTruncated *bool `type:"boolean"`
-
-	// Marks the last key returned in a truncated response.
-	KeyMarker *string `type:"string"`
-
-	// Specifies the maximum number of objects to return.
-	MaxKeys *int64 `type:"integer"`
-
-	// The bucket name.
-	Name *string `type:"string"`
-
-	// When the number of responses exceeds the value of MaxKeys, NextKeyMarker
-	// specifies the first key not returned that satisfies the search criteria.
-	// Use this value for the key-marker request parameter in a subsequent request.
-	NextKeyMarker *string `type:"string"`
-
-	// When the number of responses exceeds the value of MaxKeys, NextVersionIdMarker
-	// specifies the first object version not returned that satisfies the search
-	// criteria. Use this value for the version-id-marker request parameter in a
-	// subsequent request.
-	NextVersionIdMarker *string `type:"string"`
-
-	// Selects objects that start with the value supplied by this parameter.
-	Prefix *string `type:"string"`
-
-	// If present, indicates that the requester was successfully charged for the
-	// request.
-	RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"`
-
-	// Marks the last version of the key returned in a truncated response.
-	VersionIdMarker *string `type:"string"`
-
-	// Container for version information.
-	Versions []*ObjectVersion `locationName:"Version" type:"list" flattened:"true"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s ListObjectVersionsOutput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s ListObjectVersionsOutput) GoString() string {
-	return s.String()
-}
-
-// SetCommonPrefixes sets the CommonPrefixes field's value.
-func (s *ListObjectVersionsOutput) SetCommonPrefixes(v []*CommonPrefix) *ListObjectVersionsOutput {
-	s.CommonPrefixes = v
-	return s
-}
-
-// SetDeleteMarkers sets the DeleteMarkers field's value.
-func (s *ListObjectVersionsOutput) SetDeleteMarkers(v []*DeleteMarkerEntry) *ListObjectVersionsOutput {
-	s.DeleteMarkers = v
-	return s
-}
-
-// SetDelimiter sets the Delimiter field's value.
-func (s *ListObjectVersionsOutput) SetDelimiter(v string) *ListObjectVersionsOutput {
-	s.Delimiter = &v
-	return s
-}
-
-// SetEncodingType sets the EncodingType field's value.
-func (s *ListObjectVersionsOutput) SetEncodingType(v string) *ListObjectVersionsOutput {
-	s.EncodingType = &v
-	return s
-}
-
-// SetIsTruncated sets the IsTruncated field's value.
-func (s *ListObjectVersionsOutput) SetIsTruncated(v bool) *ListObjectVersionsOutput {
-	s.IsTruncated = &v
-	return s
-}
-
-// SetKeyMarker sets the KeyMarker field's value.
-func (s *ListObjectVersionsOutput) SetKeyMarker(v string) *ListObjectVersionsOutput {
-	s.KeyMarker = &v
-	return s
-}
-
-// SetMaxKeys sets the MaxKeys field's value.
-func (s *ListObjectVersionsOutput) SetMaxKeys(v int64) *ListObjectVersionsOutput {
-	s.MaxKeys = &v
-	return s
-}
-
-// SetName sets the Name field's value.
-func (s *ListObjectVersionsOutput) SetName(v string) *ListObjectVersionsOutput {
-	s.Name = &v
-	return s
-}
-
-// SetNextKeyMarker sets the NextKeyMarker field's value.
-func (s *ListObjectVersionsOutput) SetNextKeyMarker(v string) *ListObjectVersionsOutput {
-	s.NextKeyMarker = &v
-	return s
-}
-
-// SetNextVersionIdMarker sets the NextVersionIdMarker field's value.
-func (s *ListObjectVersionsOutput) SetNextVersionIdMarker(v string) *ListObjectVersionsOutput {
-	s.NextVersionIdMarker = &v
-	return s
-}
-
-// SetPrefix sets the Prefix field's value.
-func (s *ListObjectVersionsOutput) SetPrefix(v string) *ListObjectVersionsOutput {
-	s.Prefix = &v
-	return s
-}
-
-// SetRequestCharged sets the RequestCharged field's value.
-func (s *ListObjectVersionsOutput) SetRequestCharged(v string) *ListObjectVersionsOutput {
-	s.RequestCharged = &v
-	return s
-}
-
-// SetVersionIdMarker sets the VersionIdMarker field's value.
-func (s *ListObjectVersionsOutput) SetVersionIdMarker(v string) *ListObjectVersionsOutput {
-	s.VersionIdMarker = &v
-	return s
-}
-
-// SetVersions sets the Versions field's value.
-func (s *ListObjectVersionsOutput) SetVersions(v []*ObjectVersion) *ListObjectVersionsOutput {
-	s.Versions = v
-	return s
-}
-
-type ListObjectsInput struct {
-	_ struct{} `locationName:"ListObjectsRequest" type:"structure"`
-
-	// The name of the bucket containing the objects.
-	//
-	// When using this action with an access point, you must direct requests to
-	// the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com.
-	// When using this action with an access point through the Amazon Web Services
-	// SDKs, you provide the access point ARN in place of the bucket name. For more
-	// information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
-	// in the Amazon S3 User Guide.
-	//
-	// When you use this action with Amazon S3 on Outposts, you must direct requests
-	// to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form
-	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When
-	// you use this action with S3 on Outposts through the Amazon Web Services SDKs,
-	// you provide the Outposts access point ARN in place of the bucket name. For
-	// more information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
-	// in the Amazon S3 User Guide.
-	//
-	// Bucket is a required field
-	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
-
-	// A delimiter is a character you use to group keys.
-	Delimiter *string `location:"querystring" locationName:"delimiter" type:"string"`
-
-	// Requests Amazon S3 to encode the object keys in the response and specifies
-	// the encoding method to use. An object key may contain any Unicode character;
-	// however, XML 1.0 parser cannot parse some characters, such as characters
-	// with an ASCII value from 0 to 10. For characters that are not supported in
-	// XML 1.0, you can add this parameter to request that Amazon S3 encode the
-	// keys in the response.
-	EncodingType *string `location:"querystring" locationName:"encoding-type" type:"string" enum:"EncodingType"`
-
-	// The account ID of the expected bucket owner. If the bucket is owned by a
-	// different account, the request fails with the HTTP status code 403 Forbidden
-	// (access denied).
-	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
-
-	// Marker is where you want Amazon S3 to start listing from. Amazon S3 starts
-	// listing after this specified key. Marker can be any key in the bucket.
-	Marker *string `location:"querystring" locationName:"marker" type:"string"`
-
-	// Sets the maximum number of keys returned in the response. By default the
-	// action returns up to 1,000 key names. The response might contain fewer keys
-	// but will never contain more.
-	MaxKeys *int64 `location:"querystring" locationName:"max-keys" type:"integer"`
-
-	// Limits the response to keys that begin with the specified prefix.
-	Prefix *string `location:"querystring" locationName:"prefix" type:"string"`
-
-	// Confirms that the requester knows that she or he will be charged for the
-	// list objects request. Bucket owners need not specify this parameter in their
-	// requests.
-	RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s ListObjectsInput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s ListObjectsInput) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *ListObjectsInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "ListObjectsInput"}
-	if s.Bucket == nil {
-		invalidParams.Add(request.NewErrParamRequired("Bucket"))
-	}
-	if s.Bucket != nil && len(*s.Bucket) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetBucket sets the Bucket field's value.
-func (s *ListObjectsInput) SetBucket(v string) *ListObjectsInput {
-	s.Bucket = &v
-	return s
-}
-
-func (s *ListObjectsInput) getBucket() (v string) {
-	if s.Bucket == nil {
-		return v
-	}
-	return *s.Bucket
-}
-
-// SetDelimiter sets the Delimiter field's value.
-func (s *ListObjectsInput) SetDelimiter(v string) *ListObjectsInput {
-	s.Delimiter = &v
-	return s
-}
-
-// SetEncodingType sets the EncodingType field's value.
-func (s *ListObjectsInput) SetEncodingType(v string) *ListObjectsInput {
-	s.EncodingType = &v
-	return s
-}
-
-// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
-func (s *ListObjectsInput) SetExpectedBucketOwner(v string) *ListObjectsInput {
-	s.ExpectedBucketOwner = &v
-	return s
-}
-
-// SetMarker sets the Marker field's value.
-func (s *ListObjectsInput) SetMarker(v string) *ListObjectsInput {
-	s.Marker = &v
-	return s
-}
-
-// SetMaxKeys sets the MaxKeys field's value.
-func (s *ListObjectsInput) SetMaxKeys(v int64) *ListObjectsInput {
-	s.MaxKeys = &v
-	return s
-}
-
-// SetPrefix sets the Prefix field's value.
-func (s *ListObjectsInput) SetPrefix(v string) *ListObjectsInput {
-	s.Prefix = &v
-	return s
-}
-
-// SetRequestPayer sets the RequestPayer field's value.
-func (s *ListObjectsInput) SetRequestPayer(v string) *ListObjectsInput {
-	s.RequestPayer = &v
-	return s
-}
-
-func (s *ListObjectsInput) getEndpointARN() (arn.Resource, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	return parseEndpointARN(*s.Bucket)
-}
-
-func (s *ListObjectsInput) hasEndpointARN() bool {
-	if s.Bucket == nil {
-		return false
-	}
-	return arn.IsARN(*s.Bucket)
-}
-
-// updateArnableField updates the value of the input field that
-// takes an ARN as an input. This method is useful to backfill
-// the parsed resource name from ARN into the input member.
-// It returns a pointer to a modified copy of input and an error.
-// Note that original input is not modified.
-func (s ListObjectsInput) updateArnableField(v string) (interface{}, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	s.Bucket = aws.String(v)
-	return &s, nil
-}
-
-type ListObjectsOutput struct {
-	_ struct{} `type:"structure"`
-
-	// All of the keys (up to 1,000) rolled up in a common prefix count as a single
-	// return when calculating the number of returns.
-	//
-	// A response can contain CommonPrefixes only if you specify a delimiter.
-	//
-	// CommonPrefixes contains all (if there are any) keys between Prefix and the
-	// next occurrence of the string specified by the delimiter.
-	//
-	// CommonPrefixes lists keys that act like subdirectories in the directory specified
-	// by Prefix.
-	//
-	// For example, if the prefix is notes/ and the delimiter is a slash (/) as
-	// in notes/summer/july, the common prefix is notes/summer/. All of the keys
-	// that roll up into a common prefix count as a single return when calculating
-	// the number of returns.
-	CommonPrefixes []*CommonPrefix `type:"list" flattened:"true"`
-
-	// Metadata about each object returned.
-	Contents []*Object `type:"list" flattened:"true"`
-
-	// Causes keys that contain the same string between the prefix and the first
-	// occurrence of the delimiter to be rolled up into a single result element
-	// in the CommonPrefixes collection. These rolled-up keys are not returned elsewhere
-	// in the response. Each rolled-up result counts as only one return against
-	// the MaxKeys value.
-	Delimiter *string `type:"string"`
-
-	// Encoding type used by Amazon S3 to encode object keys in the response.
-	EncodingType *string `type:"string" enum:"EncodingType"`
-
-	// A flag that indicates whether Amazon S3 returned all of the results that
-	// satisfied the search criteria.
-	IsTruncated *bool `type:"boolean"`
-
-	// Indicates where in the bucket listing begins. Marker is included in the response
-	// if it was sent with the request.
-	Marker *string `type:"string"`
-
-	// The maximum number of keys returned in the response body.
-	MaxKeys *int64 `type:"integer"`
-
-	// The bucket name.
-	Name *string `type:"string"`
-
-	// When response is truncated (the IsTruncated element value in the response
-	// is true), you can use the key name in this field as marker in the subsequent
-	// request to get next set of objects. Amazon S3 lists objects in alphabetical
-	// order Note: This element is returned only if you have delimiter request parameter
-	// specified. If response does not include the NextMarker and it is truncated,
-	// you can use the value of the last Key in the response as the marker in the
-	// subsequent request to get the next set of object keys.
-	NextMarker *string `type:"string"`
-
-	// Keys that begin with the indicated prefix.
-	Prefix *string `type:"string"`
-
-	// If present, indicates that the requester was successfully charged for the
-	// request.
-	RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s ListObjectsOutput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s ListObjectsOutput) GoString() string {
-	return s.String()
-}
-
-// SetCommonPrefixes sets the CommonPrefixes field's value.
-func (s *ListObjectsOutput) SetCommonPrefixes(v []*CommonPrefix) *ListObjectsOutput {
-	s.CommonPrefixes = v
-	return s
-}
-
-// SetContents sets the Contents field's value.
-func (s *ListObjectsOutput) SetContents(v []*Object) *ListObjectsOutput {
-	s.Contents = v
-	return s
-}
-
-// SetDelimiter sets the Delimiter field's value.
-func (s *ListObjectsOutput) SetDelimiter(v string) *ListObjectsOutput {
-	s.Delimiter = &v
-	return s
-}
-
-// SetEncodingType sets the EncodingType field's value.
-func (s *ListObjectsOutput) SetEncodingType(v string) *ListObjectsOutput {
-	s.EncodingType = &v
-	return s
-}
-
-// SetIsTruncated sets the IsTruncated field's value.
-func (s *ListObjectsOutput) SetIsTruncated(v bool) *ListObjectsOutput {
-	s.IsTruncated = &v
-	return s
-}
-
-// SetMarker sets the Marker field's value.
-func (s *ListObjectsOutput) SetMarker(v string) *ListObjectsOutput {
-	s.Marker = &v
-	return s
-}
-
-// SetMaxKeys sets the MaxKeys field's value.
-func (s *ListObjectsOutput) SetMaxKeys(v int64) *ListObjectsOutput {
-	s.MaxKeys = &v
-	return s
-}
-
-// SetName sets the Name field's value.
-func (s *ListObjectsOutput) SetName(v string) *ListObjectsOutput {
-	s.Name = &v
-	return s
-}
-
-// SetNextMarker sets the NextMarker field's value.
-func (s *ListObjectsOutput) SetNextMarker(v string) *ListObjectsOutput {
-	s.NextMarker = &v
-	return s
-}
-
-// SetPrefix sets the Prefix field's value.
-func (s *ListObjectsOutput) SetPrefix(v string) *ListObjectsOutput {
-	s.Prefix = &v
-	return s
-}
-
-// SetRequestCharged sets the RequestCharged field's value.
-func (s *ListObjectsOutput) SetRequestCharged(v string) *ListObjectsOutput {
-	s.RequestCharged = &v
-	return s
-}
-
-type ListObjectsV2Input struct {
-	_ struct{} `locationName:"ListObjectsV2Request" type:"structure"`
-
-	// Bucket name to list.
-	//
-	// When using this action with an access point, you must direct requests to
-	// the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com.
-	// When using this action with an access point through the Amazon Web Services
-	// SDKs, you provide the access point ARN in place of the bucket name. For more
-	// information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
-	// in the Amazon S3 User Guide.
-	//
-	// When you use this action with Amazon S3 on Outposts, you must direct requests
-	// to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form
-	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When
-	// you use this action with S3 on Outposts through the Amazon Web Services SDKs,
-	// you provide the Outposts access point ARN in place of the bucket name. For
-	// more information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
-	// in the Amazon S3 User Guide.
-	//
-	// Bucket is a required field
-	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
-
-	// ContinuationToken indicates Amazon S3 that the list is being continued on
-	// this bucket with a token. ContinuationToken is obfuscated and is not a real
-	// key.
-	ContinuationToken *string `location:"querystring" locationName:"continuation-token" type:"string"`
-
-	// A delimiter is a character you use to group keys.
-	Delimiter *string `location:"querystring" locationName:"delimiter" type:"string"`
-
-	// Encoding type used by Amazon S3 to encode object keys in the response.
-	EncodingType *string `location:"querystring" locationName:"encoding-type" type:"string" enum:"EncodingType"`
-
-	// The account ID of the expected bucket owner. If the bucket is owned by a
-	// different account, the request fails with the HTTP status code 403 Forbidden
-	// (access denied).
-	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
-
-	// The owner field is not present in listV2 by default, if you want to return
-	// owner field with each key in the result then set the fetch owner field to
-	// true.
-	FetchOwner *bool `location:"querystring" locationName:"fetch-owner" type:"boolean"`
-
-	// Sets the maximum number of keys returned in the response. By default the
-	// action returns up to 1,000 key names. The response might contain fewer keys
-	// but will never contain more.
-	MaxKeys *int64 `location:"querystring" locationName:"max-keys" type:"integer"`
-
-	// Limits the response to keys that begin with the specified prefix.
-	Prefix *string `location:"querystring" locationName:"prefix" type:"string"`
-
-	// Confirms that the requester knows that she or he will be charged for the
-	// list objects request in V2 style. Bucket owners need not specify this parameter
-	// in their requests.
-	RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"`
-
-	// StartAfter is where you want Amazon S3 to start listing from. Amazon S3 starts
-	// listing after this specified key. StartAfter can be any key in the bucket.
-	StartAfter *string `location:"querystring" locationName:"start-after" type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s ListObjectsV2Input) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s ListObjectsV2Input) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *ListObjectsV2Input) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "ListObjectsV2Input"}
-	if s.Bucket == nil {
-		invalidParams.Add(request.NewErrParamRequired("Bucket"))
-	}
-	if s.Bucket != nil && len(*s.Bucket) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetBucket sets the Bucket field's value.
-func (s *ListObjectsV2Input) SetBucket(v string) *ListObjectsV2Input {
-	s.Bucket = &v
-	return s
-}
-
-func (s *ListObjectsV2Input) getBucket() (v string) {
-	if s.Bucket == nil {
-		return v
-	}
-	return *s.Bucket
-}
-
-// SetContinuationToken sets the ContinuationToken field's value.
-func (s *ListObjectsV2Input) SetContinuationToken(v string) *ListObjectsV2Input {
-	s.ContinuationToken = &v
-	return s
-}
-
-// SetDelimiter sets the Delimiter field's value.
-func (s *ListObjectsV2Input) SetDelimiter(v string) *ListObjectsV2Input {
-	s.Delimiter = &v
-	return s
-}
-
-// SetEncodingType sets the EncodingType field's value.
-func (s *ListObjectsV2Input) SetEncodingType(v string) *ListObjectsV2Input {
-	s.EncodingType = &v
-	return s
-}
-
-// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
-func (s *ListObjectsV2Input) SetExpectedBucketOwner(v string) *ListObjectsV2Input {
-	s.ExpectedBucketOwner = &v
-	return s
-}
-
-// SetFetchOwner sets the FetchOwner field's value.
-func (s *ListObjectsV2Input) SetFetchOwner(v bool) *ListObjectsV2Input {
-	s.FetchOwner = &v
-	return s
-}
-
-// SetMaxKeys sets the MaxKeys field's value.
-func (s *ListObjectsV2Input) SetMaxKeys(v int64) *ListObjectsV2Input {
-	s.MaxKeys = &v
-	return s
-}
-
-// SetPrefix sets the Prefix field's value.
-func (s *ListObjectsV2Input) SetPrefix(v string) *ListObjectsV2Input {
-	s.Prefix = &v
-	return s
-}
-
-// SetRequestPayer sets the RequestPayer field's value.
-func (s *ListObjectsV2Input) SetRequestPayer(v string) *ListObjectsV2Input {
-	s.RequestPayer = &v
-	return s
-}
-
-// SetStartAfter sets the StartAfter field's value.
-func (s *ListObjectsV2Input) SetStartAfter(v string) *ListObjectsV2Input {
-	s.StartAfter = &v
-	return s
-}
-
-func (s *ListObjectsV2Input) getEndpointARN() (arn.Resource, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	return parseEndpointARN(*s.Bucket)
-}
-
-func (s *ListObjectsV2Input) hasEndpointARN() bool {
-	if s.Bucket == nil {
-		return false
-	}
-	return arn.IsARN(*s.Bucket)
-}
-
-// updateArnableField updates the value of the input field that
-// takes an ARN as an input. This method is useful to backfill
-// the parsed resource name from ARN into the input member.
-// It returns a pointer to a modified copy of input and an error.
-// Note that original input is not modified.
-func (s ListObjectsV2Input) updateArnableField(v string) (interface{}, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	s.Bucket = aws.String(v)
-	return &s, nil
-}
-
-type ListObjectsV2Output struct {
-	_ struct{} `type:"structure"`
-
-	// All of the keys (up to 1,000) rolled up into a common prefix count as a single
-	// return when calculating the number of returns.
-	//
-	// A response can contain CommonPrefixes only if you specify a delimiter.
-	//
-	// CommonPrefixes contains all (if there are any) keys between Prefix and the
-	// next occurrence of the string specified by a delimiter.
-	//
-	// CommonPrefixes lists keys that act like subdirectories in the directory specified
-	// by Prefix.
-	//
-	// For example, if the prefix is notes/ and the delimiter is a slash (/) as
-	// in notes/summer/july, the common prefix is notes/summer/. All of the keys
-	// that roll up into a common prefix count as a single return when calculating
-	// the number of returns.
-	CommonPrefixes []*CommonPrefix `type:"list" flattened:"true"`
-
-	// Metadata about each object returned.
-	Contents []*Object `type:"list" flattened:"true"`
-
-	// If ContinuationToken was sent with the request, it is included in the response.
-	ContinuationToken *string `type:"string"`
-
-	// Causes keys that contain the same string between the prefix and the first
-	// occurrence of the delimiter to be rolled up into a single result element
-	// in the CommonPrefixes collection. These rolled-up keys are not returned elsewhere
-	// in the response. Each rolled-up result counts as only one return against
-	// the MaxKeys value.
-	Delimiter *string `type:"string"`
-
-	// Encoding type used by Amazon S3 to encode object key names in the XML response.
-	//
-	// If you specify the encoding-type request parameter, Amazon S3 includes this
-	// element in the response, and returns encoded key name values in the following
-	// response elements:
-	//
-	// Delimiter, Prefix, Key, and StartAfter.
-	EncodingType *string `type:"string" enum:"EncodingType"`
-
-	// Set to false if all of the results were returned. Set to true if more keys
-	// are available to return. If the number of results exceeds that specified
-	// by MaxKeys, all of the results might not be returned.
-	IsTruncated *bool `type:"boolean"`
-
-	// KeyCount is the number of keys returned with this request. KeyCount will
-	// always be less than or equal to the MaxKeys field. Say you ask for 50 keys,
-	// your result will include 50 keys or fewer.
-	KeyCount *int64 `type:"integer"`
-
-	// Sets the maximum number of keys returned in the response. By default the
-	// action returns up to 1,000 key names. The response might contain fewer keys
-	// but will never contain more.
-	MaxKeys *int64 `type:"integer"`
-
-	// The bucket name.
-	//
-	// When using this action with an access point, you must direct requests to
-	// the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com.
-	// When using this action with an access point through the Amazon Web Services
-	// SDKs, you provide the access point ARN in place of the bucket name. For more
-	// information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
-	// in the Amazon S3 User Guide.
-	//
-	// When you use this action with Amazon S3 on Outposts, you must direct requests
-	// to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form
-	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When
-	// you use this action with S3 on Outposts through the Amazon Web Services SDKs,
-	// you provide the Outposts access point ARN in place of the bucket name. For
-	// more information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
-	// in the Amazon S3 User Guide.
-	Name *string `type:"string"`
-
-	// NextContinuationToken is sent when isTruncated is true, which means there
-	// are more keys in the bucket that can be listed. The next list requests to
-	// Amazon S3 can be continued with this NextContinuationToken. NextContinuationToken
-	// is obfuscated and is not a real key
-	NextContinuationToken *string `type:"string"`
-
-	// Keys that begin with the indicated prefix.
-	Prefix *string `type:"string"`
-
-	// If present, indicates that the requester was successfully charged for the
-	// request.
-	RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"`
-
-	// If StartAfter was sent with the request, it is included in the response.
-	StartAfter *string `type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s ListObjectsV2Output) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s ListObjectsV2Output) GoString() string {
-	return s.String()
-}
-
-// SetCommonPrefixes sets the CommonPrefixes field's value.
-func (s *ListObjectsV2Output) SetCommonPrefixes(v []*CommonPrefix) *ListObjectsV2Output {
-	s.CommonPrefixes = v
-	return s
-}
-
-// SetContents sets the Contents field's value.
-func (s *ListObjectsV2Output) SetContents(v []*Object) *ListObjectsV2Output {
-	s.Contents = v
-	return s
-}
-
-// SetContinuationToken sets the ContinuationToken field's value.
-func (s *ListObjectsV2Output) SetContinuationToken(v string) *ListObjectsV2Output {
-	s.ContinuationToken = &v
-	return s
-}
-
-// SetDelimiter sets the Delimiter field's value.
-func (s *ListObjectsV2Output) SetDelimiter(v string) *ListObjectsV2Output {
-	s.Delimiter = &v
-	return s
-}
-
-// SetEncodingType sets the EncodingType field's value.
-func (s *ListObjectsV2Output) SetEncodingType(v string) *ListObjectsV2Output {
-	s.EncodingType = &v
-	return s
-}
-
-// SetIsTruncated sets the IsTruncated field's value.
-func (s *ListObjectsV2Output) SetIsTruncated(v bool) *ListObjectsV2Output {
-	s.IsTruncated = &v
-	return s
-}
-
-// SetKeyCount sets the KeyCount field's value.
-func (s *ListObjectsV2Output) SetKeyCount(v int64) *ListObjectsV2Output {
-	s.KeyCount = &v
-	return s
-}
-
-// SetMaxKeys sets the MaxKeys field's value.
-func (s *ListObjectsV2Output) SetMaxKeys(v int64) *ListObjectsV2Output {
-	s.MaxKeys = &v
-	return s
-}
-
-// SetName sets the Name field's value.
-func (s *ListObjectsV2Output) SetName(v string) *ListObjectsV2Output {
-	s.Name = &v
-	return s
-}
-
-// SetNextContinuationToken sets the NextContinuationToken field's value.
-func (s *ListObjectsV2Output) SetNextContinuationToken(v string) *ListObjectsV2Output {
-	s.NextContinuationToken = &v
-	return s
-}
-
-// SetPrefix sets the Prefix field's value.
-func (s *ListObjectsV2Output) SetPrefix(v string) *ListObjectsV2Output {
-	s.Prefix = &v
-	return s
-}
-
-// SetRequestCharged sets the RequestCharged field's value.
-func (s *ListObjectsV2Output) SetRequestCharged(v string) *ListObjectsV2Output {
-	s.RequestCharged = &v
-	return s
-}
-
-// SetStartAfter sets the StartAfter field's value.
-func (s *ListObjectsV2Output) SetStartAfter(v string) *ListObjectsV2Output {
-	s.StartAfter = &v
-	return s
-}
-
-type ListPartsInput struct {
-	_ struct{} `locationName:"ListPartsRequest" type:"structure"`
-
-	// The name of the bucket to which the parts are being uploaded.
-	//
-	// When using this action with an access point, you must direct requests to
-	// the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com.
-	// When using this action with an access point through the Amazon Web Services
-	// SDKs, you provide the access point ARN in place of the bucket name. For more
-	// information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
-	// in the Amazon S3 User Guide.
-	//
-	// When you use this action with Amazon S3 on Outposts, you must direct requests
-	// to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form
-	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When
-	// you use this action with S3 on Outposts through the Amazon Web Services SDKs,
-	// you provide the Outposts access point ARN in place of the bucket name. For
-	// more information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
-	// in the Amazon S3 User Guide.
-	//
-	// Bucket is a required field
-	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
-
-	// The account ID of the expected bucket owner. If the bucket is owned by a
-	// different account, the request fails with the HTTP status code 403 Forbidden
-	// (access denied).
-	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
-
-	// Object key for which the multipart upload was initiated.
-	//
-	// Key is a required field
-	Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"`
-
-	// Sets the maximum number of parts to return.
-	MaxParts *int64 `location:"querystring" locationName:"max-parts" type:"integer"`
-
-	// Specifies the part after which listing should begin. Only parts with higher
-	// part numbers will be listed.
-	PartNumberMarker *int64 `location:"querystring" locationName:"part-number-marker" type:"integer"`
-
-	// Confirms that the requester knows that they will be charged for the request.
-	// Bucket owners need not specify this parameter in their requests. For information
-	// about downloading objects from Requester Pays buckets, see Downloading Objects
-	// in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
-	// in the Amazon S3 User Guide.
-	RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"`
-
-	// The server-side encryption (SSE) algorithm used to encrypt the object. This
-	// parameter is needed only when the object was created using a checksum algorithm.
-	// For more information, see Protecting data using SSE-C keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html)
-	// in the Amazon S3 User Guide.
-	SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"`
-
-	// The server-side encryption (SSE) customer managed key. This parameter is
-	// needed only when the object was created using a checksum algorithm. For more
-	// information, see Protecting data using SSE-C keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html)
-	// in the Amazon S3 User Guide.
-	//
-	// SSECustomerKey is a sensitive parameter and its value will be
-	// replaced with "sensitive" in string returned by ListPartsInput's
-	// String and GoString methods.
-	SSECustomerKey *string `marshal-as:"blob" location:"header" locationName:"x-amz-server-side-encryption-customer-key" type:"string" sensitive:"true"`
-
-	// The MD5 server-side encryption (SSE) customer managed key. This parameter
-	// is needed only when the object was created using a checksum algorithm. For
-	// more information, see Protecting data using SSE-C keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html)
-	// in the Amazon S3 User Guide.
-	SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"`
-
-	// Upload ID identifying the multipart upload whose parts are being listed.
-	//
-	// UploadId is a required field
-	UploadId *string `location:"querystring" locationName:"uploadId" type:"string" required:"true"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s ListPartsInput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s ListPartsInput) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *ListPartsInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "ListPartsInput"}
-	if s.Bucket == nil {
-		invalidParams.Add(request.NewErrParamRequired("Bucket"))
-	}
-	if s.Bucket != nil && len(*s.Bucket) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
-	}
-	if s.Key == nil {
-		invalidParams.Add(request.NewErrParamRequired("Key"))
-	}
-	if s.Key != nil && len(*s.Key) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Key", 1))
-	}
-	if s.UploadId == nil {
-		invalidParams.Add(request.NewErrParamRequired("UploadId"))
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetBucket sets the Bucket field's value.
-func (s *ListPartsInput) SetBucket(v string) *ListPartsInput {
-	s.Bucket = &v
-	return s
-}
-
-func (s *ListPartsInput) getBucket() (v string) {
-	if s.Bucket == nil {
-		return v
-	}
-	return *s.Bucket
-}
-
-// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
-func (s *ListPartsInput) SetExpectedBucketOwner(v string) *ListPartsInput {
-	s.ExpectedBucketOwner = &v
-	return s
-}
-
-// SetKey sets the Key field's value.
-func (s *ListPartsInput) SetKey(v string) *ListPartsInput {
-	s.Key = &v
-	return s
-}
-
-// SetMaxParts sets the MaxParts field's value.
-func (s *ListPartsInput) SetMaxParts(v int64) *ListPartsInput {
-	s.MaxParts = &v
-	return s
-}
-
-// SetPartNumberMarker sets the PartNumberMarker field's value.
-func (s *ListPartsInput) SetPartNumberMarker(v int64) *ListPartsInput {
-	s.PartNumberMarker = &v
-	return s
-}
-
-// SetRequestPayer sets the RequestPayer field's value.
-func (s *ListPartsInput) SetRequestPayer(v string) *ListPartsInput {
-	s.RequestPayer = &v
-	return s
-}
-
-// SetSSECustomerAlgorithm sets the SSECustomerAlgorithm field's value.
-func (s *ListPartsInput) SetSSECustomerAlgorithm(v string) *ListPartsInput {
-	s.SSECustomerAlgorithm = &v
-	return s
-}
-
-// SetSSECustomerKey sets the SSECustomerKey field's value.
-func (s *ListPartsInput) SetSSECustomerKey(v string) *ListPartsInput {
-	s.SSECustomerKey = &v
-	return s
-}
-
-func (s *ListPartsInput) getSSECustomerKey() (v string) {
-	if s.SSECustomerKey == nil {
-		return v
-	}
-	return *s.SSECustomerKey
-}
-
-// SetSSECustomerKeyMD5 sets the SSECustomerKeyMD5 field's value.
-func (s *ListPartsInput) SetSSECustomerKeyMD5(v string) *ListPartsInput {
-	s.SSECustomerKeyMD5 = &v
-	return s
-}
-
-// SetUploadId sets the UploadId field's value.
-func (s *ListPartsInput) SetUploadId(v string) *ListPartsInput {
-	s.UploadId = &v
-	return s
-}
-
-func (s *ListPartsInput) getEndpointARN() (arn.Resource, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	return parseEndpointARN(*s.Bucket)
-}
-
-func (s *ListPartsInput) hasEndpointARN() bool {
-	if s.Bucket == nil {
-		return false
-	}
-	return arn.IsARN(*s.Bucket)
-}
-
-// updateArnableField updates the value of the input field that
-// takes an ARN as an input. This method is useful to backfill
-// the parsed resource name from ARN into the input member.
-// It returns a pointer to a modified copy of input and an error.
-// Note that original input is not modified.
-func (s ListPartsInput) updateArnableField(v string) (interface{}, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	s.Bucket = aws.String(v)
-	return &s, nil
-}
-
-type ListPartsOutput struct {
-	_ struct{} `type:"structure"`
-
-	// If the bucket has a lifecycle rule configured with an action to abort incomplete
-	// multipart uploads and the prefix in the lifecycle rule matches the object
-	// name in the request, then the response includes this header indicating when
-	// the initiated multipart upload will become eligible for abort operation.
-	// For more information, see Aborting Incomplete Multipart Uploads Using a Bucket
-	// Lifecycle Configuration (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html#mpu-abort-incomplete-mpu-lifecycle-config).
-	//
-	// The response will also include the x-amz-abort-rule-id header that will provide
-	// the ID of the lifecycle configuration rule that defines this action.
-	AbortDate *time.Time `location:"header" locationName:"x-amz-abort-date" type:"timestamp"`
-
-	// This header is returned along with the x-amz-abort-date header. It identifies
-	// applicable lifecycle configuration rule that defines the action to abort
-	// incomplete multipart uploads.
-	AbortRuleId *string `location:"header" locationName:"x-amz-abort-rule-id" type:"string"`
-
-	// The name of the bucket to which the multipart upload was initiated. Does
-	// not return the access point ARN or access point alias if used.
-	Bucket *string `type:"string"`
-
-	// The algorithm that was used to create a checksum of the object.
-	ChecksumAlgorithm *string `type:"string" enum:"ChecksumAlgorithm"`
-
-	// Container element that identifies who initiated the multipart upload. If
-	// the initiator is an Amazon Web Services account, this element provides the
-	// same information as the Owner element. If the initiator is an IAM User, this
-	// element provides the user ARN and display name.
-	Initiator *Initiator `type:"structure"`
-
-	// Indicates whether the returned list of parts is truncated. A true value indicates
-	// that the list was truncated. A list can be truncated if the number of parts
-	// exceeds the limit returned in the MaxParts element.
-	IsTruncated *bool `type:"boolean"`
-
-	// Object key for which the multipart upload was initiated.
-	Key *string `min:"1" type:"string"`
-
-	// Maximum number of parts that were allowed in the response.
-	MaxParts *int64 `type:"integer"`
-
-	// When a list is truncated, this element specifies the last part in the list,
-	// as well as the value to use for the part-number-marker request parameter
-	// in a subsequent request.
-	NextPartNumberMarker *int64 `type:"integer"`
-
-	// Container element that identifies the object owner, after the object is created.
-	// If multipart upload is initiated by an IAM user, this element provides the
-	// parent account ID and display name.
-	Owner *Owner `type:"structure"`
-
-	// When a list is truncated, this element specifies the last part in the list,
-	// as well as the value to use for the part-number-marker request parameter
-	// in a subsequent request.
-	PartNumberMarker *int64 `type:"integer"`
-
-	// Container for elements related to a particular part. A response can contain
-	// zero or more Part elements.
-	Parts []*Part `locationName:"Part" type:"list" flattened:"true"`
-
-	// If present, indicates that the requester was successfully charged for the
-	// request.
-	RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"`
-
-	// Class of storage (STANDARD or REDUCED_REDUNDANCY) used to store the uploaded
-	// object.
-	StorageClass *string `type:"string" enum:"StorageClass"`
-
-	// Upload ID identifying the multipart upload whose parts are being listed.
-	UploadId *string `type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s ListPartsOutput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s ListPartsOutput) GoString() string {
-	return s.String()
-}
-
-// SetAbortDate sets the AbortDate field's value.
-func (s *ListPartsOutput) SetAbortDate(v time.Time) *ListPartsOutput {
-	s.AbortDate = &v
-	return s
-}
-
-// SetAbortRuleId sets the AbortRuleId field's value.
-func (s *ListPartsOutput) SetAbortRuleId(v string) *ListPartsOutput {
-	s.AbortRuleId = &v
-	return s
-}
-
-// SetBucket sets the Bucket field's value.
-func (s *ListPartsOutput) SetBucket(v string) *ListPartsOutput {
-	s.Bucket = &v
-	return s
-}
-
-func (s *ListPartsOutput) getBucket() (v string) {
-	if s.Bucket == nil {
-		return v
-	}
-	return *s.Bucket
-}
-
-// SetChecksumAlgorithm sets the ChecksumAlgorithm field's value.
-func (s *ListPartsOutput) SetChecksumAlgorithm(v string) *ListPartsOutput {
-	s.ChecksumAlgorithm = &v
-	return s
-}
-
-// SetInitiator sets the Initiator field's value.
-func (s *ListPartsOutput) SetInitiator(v *Initiator) *ListPartsOutput {
-	s.Initiator = v
-	return s
-}
-
-// SetIsTruncated sets the IsTruncated field's value.
-func (s *ListPartsOutput) SetIsTruncated(v bool) *ListPartsOutput {
-	s.IsTruncated = &v
-	return s
-}
-
-// SetKey sets the Key field's value.
-func (s *ListPartsOutput) SetKey(v string) *ListPartsOutput {
-	s.Key = &v
-	return s
-}
-
-// SetMaxParts sets the MaxParts field's value.
-func (s *ListPartsOutput) SetMaxParts(v int64) *ListPartsOutput {
-	s.MaxParts = &v
-	return s
-}
-
-// SetNextPartNumberMarker sets the NextPartNumberMarker field's value.
-func (s *ListPartsOutput) SetNextPartNumberMarker(v int64) *ListPartsOutput {
-	s.NextPartNumberMarker = &v
-	return s
-}
-
-// SetOwner sets the Owner field's value.
-func (s *ListPartsOutput) SetOwner(v *Owner) *ListPartsOutput {
-	s.Owner = v
-	return s
-}
-
-// SetPartNumberMarker sets the PartNumberMarker field's value.
-func (s *ListPartsOutput) SetPartNumberMarker(v int64) *ListPartsOutput {
-	s.PartNumberMarker = &v
-	return s
-}
-
-// SetParts sets the Parts field's value.
-func (s *ListPartsOutput) SetParts(v []*Part) *ListPartsOutput {
-	s.Parts = v
-	return s
-}
-
-// SetRequestCharged sets the RequestCharged field's value.
-func (s *ListPartsOutput) SetRequestCharged(v string) *ListPartsOutput {
-	s.RequestCharged = &v
-	return s
-}
-
-// SetStorageClass sets the StorageClass field's value.
-func (s *ListPartsOutput) SetStorageClass(v string) *ListPartsOutput {
-	s.StorageClass = &v
-	return s
-}
-
-// SetUploadId sets the UploadId field's value.
-func (s *ListPartsOutput) SetUploadId(v string) *ListPartsOutput {
-	s.UploadId = &v
-	return s
-}
-
-// Describes an Amazon S3 location that will receive the results of the restore
-// request.
-type Location struct {
-	_ struct{} `type:"structure"`
-
-	// A list of grants that control access to the staged results.
-	AccessControlList []*Grant `locationNameList:"Grant" type:"list"`
-
-	// The name of the bucket where the restore results will be placed.
-	//
-	// BucketName is a required field
-	BucketName *string `type:"string" required:"true"`
-
-	// The canned ACL to apply to the restore results.
-	CannedACL *string `type:"string" enum:"ObjectCannedACL"`
-
-	// Contains the type of server-side encryption used.
-	Encryption *Encryption `type:"structure"`
-
-	// The prefix that is prepended to the restore results for this request.
-	//
-	// Prefix is a required field
-	Prefix *string `type:"string" required:"true"`
-
-	// The class of storage used to store the restore results.
-	StorageClass *string `type:"string" enum:"StorageClass"`
-
-	// The tag-set that is applied to the restore results.
-	Tagging *Tagging `type:"structure"`
-
-	// A list of metadata to store with the restore results in S3.
-	UserMetadata []*MetadataEntry `locationNameList:"MetadataEntry" type:"list"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s Location) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s Location) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *Location) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "Location"}
-	if s.BucketName == nil {
-		invalidParams.Add(request.NewErrParamRequired("BucketName"))
-	}
-	if s.Prefix == nil {
-		invalidParams.Add(request.NewErrParamRequired("Prefix"))
-	}
-	if s.AccessControlList != nil {
-		for i, v := range s.AccessControlList {
-			if v == nil {
-				continue
-			}
-			if err := v.Validate(); err != nil {
-				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "AccessControlList", i), err.(request.ErrInvalidParams))
-			}
-		}
-	}
-	if s.Encryption != nil {
-		if err := s.Encryption.Validate(); err != nil {
-			invalidParams.AddNested("Encryption", err.(request.ErrInvalidParams))
-		}
-	}
-	if s.Tagging != nil {
-		if err := s.Tagging.Validate(); err != nil {
-			invalidParams.AddNested("Tagging", err.(request.ErrInvalidParams))
-		}
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetAccessControlList sets the AccessControlList field's value.
-func (s *Location) SetAccessControlList(v []*Grant) *Location {
-	s.AccessControlList = v
-	return s
-}
-
-// SetBucketName sets the BucketName field's value.
-func (s *Location) SetBucketName(v string) *Location {
-	s.BucketName = &v
-	return s
-}
-
-// SetCannedACL sets the CannedACL field's value.
-func (s *Location) SetCannedACL(v string) *Location {
-	s.CannedACL = &v
-	return s
-}
-
-// SetEncryption sets the Encryption field's value.
-func (s *Location) SetEncryption(v *Encryption) *Location {
-	s.Encryption = v
-	return s
-}
-
-// SetPrefix sets the Prefix field's value.
-func (s *Location) SetPrefix(v string) *Location {
-	s.Prefix = &v
-	return s
-}
-
-// SetStorageClass sets the StorageClass field's value.
-func (s *Location) SetStorageClass(v string) *Location {
-	s.StorageClass = &v
-	return s
-}
-
-// SetTagging sets the Tagging field's value.
-func (s *Location) SetTagging(v *Tagging) *Location {
-	s.Tagging = v
-	return s
-}
-
-// SetUserMetadata sets the UserMetadata field's value.
-func (s *Location) SetUserMetadata(v []*MetadataEntry) *Location {
-	s.UserMetadata = v
-	return s
-}
-
-// Describes where logs are stored and the prefix that Amazon S3 assigns to
-// all log object keys for a bucket. For more information, see PUT Bucket logging
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTlogging.html)
-// in the Amazon S3 API Reference.
-type LoggingEnabled struct {
-	_ struct{} `type:"structure"`
-
-	// Specifies the bucket where you want Amazon S3 to store server access logs.
-	// You can have your logs delivered to any bucket that you own, including the
-	// same bucket that is being logged. You can also configure multiple buckets
-	// to deliver their logs to the same target bucket. In this case, you should
-	// choose a different TargetPrefix for each source bucket so that the delivered
-	// log files can be distinguished by key.
-	//
-	// TargetBucket is a required field
-	TargetBucket *string `type:"string" required:"true"`
-
-	// Container for granting information.
-	//
-	// Buckets that use the bucket owner enforced setting for Object Ownership don't
-	// support target grants. For more information, see Permissions for server access
-	// log delivery (https://docs.aws.amazon.com/AmazonS3/latest/userguide/enable-server-access-logging.html#grant-log-delivery-permissions-general)
-	// in the Amazon S3 User Guide.
-	TargetGrants []*TargetGrant `locationNameList:"Grant" type:"list"`
-
-	// A prefix for all log object keys. If you store log files from multiple Amazon
-	// S3 buckets in a single bucket, you can use a prefix to distinguish which
-	// log files came from which bucket.
-	//
-	// TargetPrefix is a required field
-	TargetPrefix *string `type:"string" required:"true"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s LoggingEnabled) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s LoggingEnabled) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *LoggingEnabled) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "LoggingEnabled"}
-	if s.TargetBucket == nil {
-		invalidParams.Add(request.NewErrParamRequired("TargetBucket"))
-	}
-	if s.TargetPrefix == nil {
-		invalidParams.Add(request.NewErrParamRequired("TargetPrefix"))
-	}
-	if s.TargetGrants != nil {
-		for i, v := range s.TargetGrants {
-			if v == nil {
-				continue
-			}
-			if err := v.Validate(); err != nil {
-				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "TargetGrants", i), err.(request.ErrInvalidParams))
-			}
-		}
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetTargetBucket sets the TargetBucket field's value.
-func (s *LoggingEnabled) SetTargetBucket(v string) *LoggingEnabled {
-	s.TargetBucket = &v
-	return s
-}
-
-// SetTargetGrants sets the TargetGrants field's value.
-func (s *LoggingEnabled) SetTargetGrants(v []*TargetGrant) *LoggingEnabled {
-	s.TargetGrants = v
-	return s
-}
-
-// SetTargetPrefix sets the TargetPrefix field's value.
-func (s *LoggingEnabled) SetTargetPrefix(v string) *LoggingEnabled {
-	s.TargetPrefix = &v
-	return s
-}
-
-// A metadata key-value pair to store with an object.
-type MetadataEntry struct {
-	_ struct{} `type:"structure"`
-
-	// Name of the Object.
-	Name *string `type:"string"`
-
-	// Value of the Object.
-	Value *string `type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s MetadataEntry) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s MetadataEntry) GoString() string {
-	return s.String()
-}
-
-// SetName sets the Name field's value.
-func (s *MetadataEntry) SetName(v string) *MetadataEntry {
-	s.Name = &v
-	return s
-}
-
-// SetValue sets the Value field's value.
-func (s *MetadataEntry) SetValue(v string) *MetadataEntry {
-	s.Value = &v
-	return s
-}
-
-// A container specifying replication metrics-related settings enabling replication
-// metrics and events.
-type Metrics struct {
-	_ struct{} `type:"structure"`
-
-	// A container specifying the time threshold for emitting the s3:Replication:OperationMissedThreshold
-	// event.
-	EventThreshold *ReplicationTimeValue `type:"structure"`
-
-	// Specifies whether the replication metrics are enabled.
-	//
-	// Status is a required field
-	Status *string `type:"string" required:"true" enum:"MetricsStatus"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s Metrics) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s Metrics) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *Metrics) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "Metrics"}
-	if s.Status == nil {
-		invalidParams.Add(request.NewErrParamRequired("Status"))
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetEventThreshold sets the EventThreshold field's value.
-func (s *Metrics) SetEventThreshold(v *ReplicationTimeValue) *Metrics {
-	s.EventThreshold = v
-	return s
-}
-
-// SetStatus sets the Status field's value.
-func (s *Metrics) SetStatus(v string) *Metrics {
-	s.Status = &v
-	return s
-}
-
-// A conjunction (logical AND) of predicates, which is used in evaluating a
-// metrics filter. The operator must have at least two predicates, and an object
-// must match all of the predicates in order for the filter to apply.
-type MetricsAndOperator struct {
-	_ struct{} `type:"structure"`
-
-	// The access point ARN used when evaluating an AND predicate.
-	AccessPointArn *string `type:"string"`
-
-	// The prefix used when evaluating an AND predicate.
-	Prefix *string `type:"string"`
-
-	// The list of tags used when evaluating an AND predicate.
-	Tags []*Tag `locationName:"Tag" locationNameList:"Tag" type:"list" flattened:"true"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s MetricsAndOperator) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s MetricsAndOperator) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *MetricsAndOperator) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "MetricsAndOperator"}
-	if s.Tags != nil {
-		for i, v := range s.Tags {
-			if v == nil {
-				continue
-			}
-			if err := v.Validate(); err != nil {
-				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams))
-			}
-		}
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetAccessPointArn sets the AccessPointArn field's value.
-func (s *MetricsAndOperator) SetAccessPointArn(v string) *MetricsAndOperator {
-	s.AccessPointArn = &v
-	return s
-}
-
-// SetPrefix sets the Prefix field's value.
-func (s *MetricsAndOperator) SetPrefix(v string) *MetricsAndOperator {
-	s.Prefix = &v
-	return s
-}
-
-// SetTags sets the Tags field's value.
-func (s *MetricsAndOperator) SetTags(v []*Tag) *MetricsAndOperator {
-	s.Tags = v
-	return s
-}
-
-// Specifies a metrics configuration for the CloudWatch request metrics (specified
-// by the metrics configuration ID) from an Amazon S3 bucket. If you're updating
-// an existing metrics configuration, note that this is a full replacement of
-// the existing metrics configuration. If you don't include the elements you
-// want to keep, they are erased. For more information, see PutBucketMetricsConfiguration
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTMetricConfiguration.html).
-type MetricsConfiguration struct {
-	_ struct{} `type:"structure"`
-
-	// Specifies a metrics configuration filter. The metrics configuration will
-	// only include objects that meet the filter's criteria. A filter must be a
-	// prefix, an object tag, an access point ARN, or a conjunction (MetricsAndOperator).
-	Filter *MetricsFilter `type:"structure"`
-
-	// The ID used to identify the metrics configuration. The ID has a 64 character
-	// limit and can only contain letters, numbers, periods, dashes, and underscores.
-	//
-	// Id is a required field
-	Id *string `type:"string" required:"true"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s MetricsConfiguration) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s MetricsConfiguration) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *MetricsConfiguration) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "MetricsConfiguration"}
-	if s.Id == nil {
-		invalidParams.Add(request.NewErrParamRequired("Id"))
-	}
-	if s.Filter != nil {
-		if err := s.Filter.Validate(); err != nil {
-			invalidParams.AddNested("Filter", err.(request.ErrInvalidParams))
-		}
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetFilter sets the Filter field's value.
-func (s *MetricsConfiguration) SetFilter(v *MetricsFilter) *MetricsConfiguration {
-	s.Filter = v
-	return s
-}
-
-// SetId sets the Id field's value.
-func (s *MetricsConfiguration) SetId(v string) *MetricsConfiguration {
-	s.Id = &v
-	return s
-}
-
-// Specifies a metrics configuration filter. The metrics configuration only
-// includes objects that meet the filter's criteria. A filter must be a prefix,
-// an object tag, an access point ARN, or a conjunction (MetricsAndOperator).
-// For more information, see PutBucketMetricsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketMetricsConfiguration.html).
-type MetricsFilter struct {
-	_ struct{} `type:"structure"`
-
-	// The access point ARN used when evaluating a metrics filter.
-	AccessPointArn *string `type:"string"`
-
-	// A conjunction (logical AND) of predicates, which is used in evaluating a
-	// metrics filter. The operator must have at least two predicates, and an object
-	// must match all of the predicates in order for the filter to apply.
-	And *MetricsAndOperator `type:"structure"`
-
-	// The prefix used when evaluating a metrics filter.
-	Prefix *string `type:"string"`
-
-	// The tag used when evaluating a metrics filter.
-	Tag *Tag `type:"structure"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s MetricsFilter) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s MetricsFilter) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *MetricsFilter) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "MetricsFilter"}
-	if s.And != nil {
-		if err := s.And.Validate(); err != nil {
-			invalidParams.AddNested("And", err.(request.ErrInvalidParams))
-		}
-	}
-	if s.Tag != nil {
-		if err := s.Tag.Validate(); err != nil {
-			invalidParams.AddNested("Tag", err.(request.ErrInvalidParams))
-		}
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetAccessPointArn sets the AccessPointArn field's value.
-func (s *MetricsFilter) SetAccessPointArn(v string) *MetricsFilter {
-	s.AccessPointArn = &v
-	return s
-}
-
-// SetAnd sets the And field's value.
-func (s *MetricsFilter) SetAnd(v *MetricsAndOperator) *MetricsFilter {
-	s.And = v
-	return s
-}
-
-// SetPrefix sets the Prefix field's value.
-func (s *MetricsFilter) SetPrefix(v string) *MetricsFilter {
-	s.Prefix = &v
-	return s
-}
-
-// SetTag sets the Tag field's value.
-func (s *MetricsFilter) SetTag(v *Tag) *MetricsFilter {
-	s.Tag = v
-	return s
-}
-
-// Container for the MultipartUpload for the Amazon S3 object.
-type MultipartUpload struct {
-	_ struct{} `type:"structure"`
-
-	// The algorithm that was used to create a checksum of the object.
-	ChecksumAlgorithm *string `type:"string" enum:"ChecksumAlgorithm"`
-
-	// Date and time at which the multipart upload was initiated.
-	Initiated *time.Time `type:"timestamp"`
-
-	// Identifies who initiated the multipart upload.
-	Initiator *Initiator `type:"structure"`
-
-	// Key of the object for which the multipart upload was initiated.
-	Key *string `min:"1" type:"string"`
-
-	// Specifies the owner of the object that is part of the multipart upload.
-	Owner *Owner `type:"structure"`
-
-	// The class of storage used to store the object.
-	StorageClass *string `type:"string" enum:"StorageClass"`
-
-	// Upload ID that identifies the multipart upload.
-	UploadId *string `type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s MultipartUpload) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s MultipartUpload) GoString() string {
-	return s.String()
-}
-
-// SetChecksumAlgorithm sets the ChecksumAlgorithm field's value.
-func (s *MultipartUpload) SetChecksumAlgorithm(v string) *MultipartUpload {
-	s.ChecksumAlgorithm = &v
-	return s
-}
-
-// SetInitiated sets the Initiated field's value.
-func (s *MultipartUpload) SetInitiated(v time.Time) *MultipartUpload {
-	s.Initiated = &v
-	return s
-}
-
-// SetInitiator sets the Initiator field's value.
-func (s *MultipartUpload) SetInitiator(v *Initiator) *MultipartUpload {
-	s.Initiator = v
-	return s
-}
-
-// SetKey sets the Key field's value.
-func (s *MultipartUpload) SetKey(v string) *MultipartUpload {
-	s.Key = &v
-	return s
-}
-
-// SetOwner sets the Owner field's value.
-func (s *MultipartUpload) SetOwner(v *Owner) *MultipartUpload {
-	s.Owner = v
-	return s
-}
-
-// SetStorageClass sets the StorageClass field's value.
-func (s *MultipartUpload) SetStorageClass(v string) *MultipartUpload {
-	s.StorageClass = &v
-	return s
-}
-
-// SetUploadId sets the UploadId field's value.
-func (s *MultipartUpload) SetUploadId(v string) *MultipartUpload {
-	s.UploadId = &v
-	return s
-}
-
-// Specifies when noncurrent object versions expire. Upon expiration, Amazon
-// S3 permanently deletes the noncurrent object versions. You set this lifecycle
-// configuration action on a bucket that has versioning enabled (or suspended)
-// to request that Amazon S3 delete noncurrent object versions at a specific
-// period in the object's lifetime.
-type NoncurrentVersionExpiration struct {
-	_ struct{} `type:"structure"`
-
-	// Specifies how many noncurrent versions Amazon S3 will retain. If there are
-	// this many more recent noncurrent versions, Amazon S3 will take the associated
-	// action. For more information about noncurrent versions, see Lifecycle configuration
-	// elements (https://docs.aws.amazon.com/AmazonS3/latest/userguide/intro-lifecycle-rules.html)
-	// in the Amazon S3 User Guide.
-	NewerNoncurrentVersions *int64 `type:"integer"`
-
-	// Specifies the number of days an object is noncurrent before Amazon S3 can
-	// perform the associated action. The value must be a non-zero positive integer.
-	// For information about the noncurrent days calculations, see How Amazon S3
-	// Calculates When an Object Became Noncurrent (https://docs.aws.amazon.com/AmazonS3/latest/dev/intro-lifecycle-rules.html#non-current-days-calculations)
-	// in the Amazon S3 User Guide.
-	NoncurrentDays *int64 `type:"integer"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s NoncurrentVersionExpiration) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s NoncurrentVersionExpiration) GoString() string {
-	return s.String()
-}
-
-// SetNewerNoncurrentVersions sets the NewerNoncurrentVersions field's value.
-func (s *NoncurrentVersionExpiration) SetNewerNoncurrentVersions(v int64) *NoncurrentVersionExpiration {
-	s.NewerNoncurrentVersions = &v
-	return s
-}
-
-// SetNoncurrentDays sets the NoncurrentDays field's value.
-func (s *NoncurrentVersionExpiration) SetNoncurrentDays(v int64) *NoncurrentVersionExpiration {
-	s.NoncurrentDays = &v
-	return s
-}
-
-// Container for the transition rule that describes when noncurrent objects
-// transition to the STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER_IR,
-// GLACIER, or DEEP_ARCHIVE storage class. If your bucket is versioning-enabled
-// (or versioning is suspended), you can set this action to request that Amazon
-// S3 transition noncurrent object versions to the STANDARD_IA, ONEZONE_IA,
-// INTELLIGENT_TIERING, GLACIER_IR, GLACIER, or DEEP_ARCHIVE storage class at
-// a specific period in the object's lifetime.
-type NoncurrentVersionTransition struct {
-	_ struct{} `type:"structure"`
-
-	// Specifies how many noncurrent versions Amazon S3 will retain. If there are
-	// this many more recent noncurrent versions, Amazon S3 will take the associated
-	// action. For more information about noncurrent versions, see Lifecycle configuration
-	// elements (https://docs.aws.amazon.com/AmazonS3/latest/userguide/intro-lifecycle-rules.html)
-	// in the Amazon S3 User Guide.
-	NewerNoncurrentVersions *int64 `type:"integer"`
-
-	// Specifies the number of days an object is noncurrent before Amazon S3 can
-	// perform the associated action. For information about the noncurrent days
-	// calculations, see How Amazon S3 Calculates How Long an Object Has Been Noncurrent
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/intro-lifecycle-rules.html#non-current-days-calculations)
-	// in the Amazon S3 User Guide.
-	NoncurrentDays *int64 `type:"integer"`
-
-	// The class of storage used to store the object.
-	StorageClass *string `type:"string" enum:"TransitionStorageClass"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s NoncurrentVersionTransition) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s NoncurrentVersionTransition) GoString() string {
-	return s.String()
-}
-
-// SetNewerNoncurrentVersions sets the NewerNoncurrentVersions field's value.
-func (s *NoncurrentVersionTransition) SetNewerNoncurrentVersions(v int64) *NoncurrentVersionTransition {
-	s.NewerNoncurrentVersions = &v
-	return s
-}
-
-// SetNoncurrentDays sets the NoncurrentDays field's value.
-func (s *NoncurrentVersionTransition) SetNoncurrentDays(v int64) *NoncurrentVersionTransition {
-	s.NoncurrentDays = &v
-	return s
-}
-
-// SetStorageClass sets the StorageClass field's value.
-func (s *NoncurrentVersionTransition) SetStorageClass(v string) *NoncurrentVersionTransition {
-	s.StorageClass = &v
-	return s
-}
-
-// A container for specifying the notification configuration of the bucket.
-// If this element is empty, notifications are turned off for the bucket.
-type NotificationConfiguration struct {
-	_ struct{} `type:"structure"`
-
-	// Enables delivery of events to Amazon EventBridge.
-	EventBridgeConfiguration *EventBridgeConfiguration `type:"structure"`
-
-	// Describes the Lambda functions to invoke and the events for which to invoke
-	// them.
-	LambdaFunctionConfigurations []*LambdaFunctionConfiguration `locationName:"CloudFunctionConfiguration" type:"list" flattened:"true"`
-
-	// The Amazon Simple Queue Service queues to publish messages to and the events
-	// for which to publish messages.
-	QueueConfigurations []*QueueConfiguration `locationName:"QueueConfiguration" type:"list" flattened:"true"`
-
-	// The topic to which notifications are sent and the events for which notifications
-	// are generated.
-	TopicConfigurations []*TopicConfiguration `locationName:"TopicConfiguration" type:"list" flattened:"true"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s NotificationConfiguration) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s NotificationConfiguration) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *NotificationConfiguration) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "NotificationConfiguration"}
-	if s.LambdaFunctionConfigurations != nil {
-		for i, v := range s.LambdaFunctionConfigurations {
-			if v == nil {
-				continue
-			}
-			if err := v.Validate(); err != nil {
-				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "LambdaFunctionConfigurations", i), err.(request.ErrInvalidParams))
-			}
-		}
-	}
-	if s.QueueConfigurations != nil {
-		for i, v := range s.QueueConfigurations {
-			if v == nil {
-				continue
-			}
-			if err := v.Validate(); err != nil {
-				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "QueueConfigurations", i), err.(request.ErrInvalidParams))
-			}
-		}
-	}
-	if s.TopicConfigurations != nil {
-		for i, v := range s.TopicConfigurations {
-			if v == nil {
-				continue
-			}
-			if err := v.Validate(); err != nil {
-				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "TopicConfigurations", i), err.(request.ErrInvalidParams))
-			}
-		}
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetEventBridgeConfiguration sets the EventBridgeConfiguration field's value.
-func (s *NotificationConfiguration) SetEventBridgeConfiguration(v *EventBridgeConfiguration) *NotificationConfiguration {
-	s.EventBridgeConfiguration = v
-	return s
-}
-
-// SetLambdaFunctionConfigurations sets the LambdaFunctionConfigurations field's value.
-func (s *NotificationConfiguration) SetLambdaFunctionConfigurations(v []*LambdaFunctionConfiguration) *NotificationConfiguration {
-	s.LambdaFunctionConfigurations = v
-	return s
-}
-
-// SetQueueConfigurations sets the QueueConfigurations field's value.
-func (s *NotificationConfiguration) SetQueueConfigurations(v []*QueueConfiguration) *NotificationConfiguration {
-	s.QueueConfigurations = v
-	return s
-}
-
-// SetTopicConfigurations sets the TopicConfigurations field's value.
-func (s *NotificationConfiguration) SetTopicConfigurations(v []*TopicConfiguration) *NotificationConfiguration {
-	s.TopicConfigurations = v
-	return s
-}
-
-type NotificationConfigurationDeprecated struct {
-	_ struct{} `type:"structure"`
-
-	// Container for specifying the Lambda notification configuration.
-	CloudFunctionConfiguration *CloudFunctionConfiguration `type:"structure"`
-
-	// This data type is deprecated. This data type specifies the configuration
-	// for publishing messages to an Amazon Simple Queue Service (Amazon SQS) queue
-	// when Amazon S3 detects specified events.
-	QueueConfiguration *QueueConfigurationDeprecated `type:"structure"`
-
-	// This data type is deprecated. A container for specifying the configuration
-	// for publication of messages to an Amazon Simple Notification Service (Amazon
-	// SNS) topic when Amazon S3 detects specified events.
-	TopicConfiguration *TopicConfigurationDeprecated `type:"structure"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s NotificationConfigurationDeprecated) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s NotificationConfigurationDeprecated) GoString() string {
-	return s.String()
-}
-
-// SetCloudFunctionConfiguration sets the CloudFunctionConfiguration field's value.
-func (s *NotificationConfigurationDeprecated) SetCloudFunctionConfiguration(v *CloudFunctionConfiguration) *NotificationConfigurationDeprecated {
-	s.CloudFunctionConfiguration = v
-	return s
-}
-
-// SetQueueConfiguration sets the QueueConfiguration field's value.
-func (s *NotificationConfigurationDeprecated) SetQueueConfiguration(v *QueueConfigurationDeprecated) *NotificationConfigurationDeprecated {
-	s.QueueConfiguration = v
-	return s
-}
-
-// SetTopicConfiguration sets the TopicConfiguration field's value.
-func (s *NotificationConfigurationDeprecated) SetTopicConfiguration(v *TopicConfigurationDeprecated) *NotificationConfigurationDeprecated {
-	s.TopicConfiguration = v
-	return s
-}
-
-// Specifies object key name filtering rules. For information about key name
-// filtering, see Configuring event notifications using object key name filtering
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/notification-how-to-filtering.html)
-// in the Amazon S3 User Guide.
-type NotificationConfigurationFilter struct {
-	_ struct{} `type:"structure"`
-
-	// A container for object key name prefix and suffix filtering rules.
-	Key *KeyFilter `locationName:"S3Key" type:"structure"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s NotificationConfigurationFilter) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s NotificationConfigurationFilter) GoString() string {
-	return s.String()
-}
-
-// SetKey sets the Key field's value.
-func (s *NotificationConfigurationFilter) SetKey(v *KeyFilter) *NotificationConfigurationFilter {
-	s.Key = v
-	return s
-}
-
-// An object consists of data and its descriptive metadata.
-type Object struct {
-	_ struct{} `type:"structure"`
-
-	// The algorithm that was used to create a checksum of the object.
-	ChecksumAlgorithm []*string `type:"list" flattened:"true" enum:"ChecksumAlgorithm"`
-
-	// The entity tag is a hash of the object. The ETag reflects changes only to
-	// the contents of an object, not its metadata. The ETag may or may not be an
-	// MD5 digest of the object data. Whether or not it is depends on how the object
-	// was created and how it is encrypted as described below:
-	//
-	//    * Objects created by the PUT Object, POST Object, or Copy operation, or
-	//    through the Amazon Web Services Management Console, and are encrypted
-	//    by SSE-S3 or plaintext, have ETags that are an MD5 digest of their object
-	//    data.
-	//
-	//    * Objects created by the PUT Object, POST Object, or Copy operation, or
-	//    through the Amazon Web Services Management Console, and are encrypted
-	//    by SSE-C or SSE-KMS, have ETags that are not an MD5 digest of their object
-	//    data.
-	//
-	//    * If an object is created by either the Multipart Upload or Part Copy
-	//    operation, the ETag is not an MD5 digest, regardless of the method of
-	//    encryption. If an object is larger than 16 MB, the Amazon Web Services
-	//    Management Console will upload or copy that object as a Multipart Upload,
-	//    and therefore the ETag will not be an MD5 digest.
-	ETag *string `type:"string"`
-
-	// The name that you assign to an object. You use the object key to retrieve
-	// the object.
-	Key *string `min:"1" type:"string"`
-
-	// Creation date of the object.
-	LastModified *time.Time `type:"timestamp"`
-
-	// The owner of the object
-	Owner *Owner `type:"structure"`
-
-	// Size in bytes of the object
-	Size *int64 `type:"integer"`
-
-	// The class of storage used to store the object.
-	StorageClass *string `type:"string" enum:"ObjectStorageClass"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s Object) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s Object) GoString() string {
-	return s.String()
-}
-
-// SetChecksumAlgorithm sets the ChecksumAlgorithm field's value.
-func (s *Object) SetChecksumAlgorithm(v []*string) *Object {
-	s.ChecksumAlgorithm = v
-	return s
-}
-
-// SetETag sets the ETag field's value.
-func (s *Object) SetETag(v string) *Object {
-	s.ETag = &v
-	return s
-}
-
-// SetKey sets the Key field's value.
-func (s *Object) SetKey(v string) *Object {
-	s.Key = &v
-	return s
-}
-
-// SetLastModified sets the LastModified field's value.
-func (s *Object) SetLastModified(v time.Time) *Object {
-	s.LastModified = &v
-	return s
-}
-
-// SetOwner sets the Owner field's value.
-func (s *Object) SetOwner(v *Owner) *Object {
-	s.Owner = v
-	return s
-}
-
-// SetSize sets the Size field's value.
-func (s *Object) SetSize(v int64) *Object {
-	s.Size = &v
-	return s
-}
-
-// SetStorageClass sets the StorageClass field's value.
-func (s *Object) SetStorageClass(v string) *Object {
-	s.StorageClass = &v
-	return s
-}
-
-// Object Identifier is unique value to identify objects.
-type ObjectIdentifier struct {
-	_ struct{} `type:"structure"`
-
-	// Key name of the object.
-	//
-	// Replacement must be made for object keys containing special characters (such
-	// as carriage returns) when using XML requests. For more information, see XML
-	// related object key constraints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints).
-	//
-	// Key is a required field
-	Key *string `min:"1" type:"string" required:"true"`
-
-	// VersionId for the specific version of the object to delete.
-	VersionId *string `type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s ObjectIdentifier) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s ObjectIdentifier) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *ObjectIdentifier) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "ObjectIdentifier"}
-	if s.Key == nil {
-		invalidParams.Add(request.NewErrParamRequired("Key"))
-	}
-	if s.Key != nil && len(*s.Key) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Key", 1))
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetKey sets the Key field's value.
-func (s *ObjectIdentifier) SetKey(v string) *ObjectIdentifier {
-	s.Key = &v
-	return s
-}
-
-// SetVersionId sets the VersionId field's value.
-func (s *ObjectIdentifier) SetVersionId(v string) *ObjectIdentifier {
-	s.VersionId = &v
-	return s
-}
-
-// The container element for Object Lock configuration parameters.
-type ObjectLockConfiguration struct {
-	_ struct{} `type:"structure"`
-
-	// Indicates whether this bucket has an Object Lock configuration enabled. Enable
-	// ObjectLockEnabled when you apply ObjectLockConfiguration to a bucket.
-	ObjectLockEnabled *string `type:"string" enum:"ObjectLockEnabled"`
-
-	// Specifies the Object Lock rule for the specified object. Enable the this
-	// rule when you apply ObjectLockConfiguration to a bucket. Bucket settings
-	// require both a mode and a period. The period can be either Days or Years
-	// but you must select one. You cannot specify Days and Years at the same time.
-	Rule *ObjectLockRule `type:"structure"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s ObjectLockConfiguration) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s ObjectLockConfiguration) GoString() string {
-	return s.String()
-}
-
-// SetObjectLockEnabled sets the ObjectLockEnabled field's value.
-func (s *ObjectLockConfiguration) SetObjectLockEnabled(v string) *ObjectLockConfiguration {
-	s.ObjectLockEnabled = &v
-	return s
-}
-
-// SetRule sets the Rule field's value.
-func (s *ObjectLockConfiguration) SetRule(v *ObjectLockRule) *ObjectLockConfiguration {
-	s.Rule = v
-	return s
-}
-
-// A legal hold configuration for an object.
-type ObjectLockLegalHold struct {
-	_ struct{} `type:"structure"`
-
-	// Indicates whether the specified object has a legal hold in place.
-	Status *string `type:"string" enum:"ObjectLockLegalHoldStatus"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s ObjectLockLegalHold) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s ObjectLockLegalHold) GoString() string {
-	return s.String()
-}
-
-// SetStatus sets the Status field's value.
-func (s *ObjectLockLegalHold) SetStatus(v string) *ObjectLockLegalHold {
-	s.Status = &v
-	return s
-}
-
-// A Retention configuration for an object.
-type ObjectLockRetention struct {
-	_ struct{} `type:"structure"`
-
-	// Indicates the Retention mode for the specified object.
-	Mode *string `type:"string" enum:"ObjectLockRetentionMode"`
-
-	// The date on which this Object Lock Retention will expire.
-	RetainUntilDate *time.Time `type:"timestamp" timestampFormat:"iso8601"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s ObjectLockRetention) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s ObjectLockRetention) GoString() string {
-	return s.String()
-}
-
-// SetMode sets the Mode field's value.
-func (s *ObjectLockRetention) SetMode(v string) *ObjectLockRetention {
-	s.Mode = &v
-	return s
-}
-
-// SetRetainUntilDate sets the RetainUntilDate field's value.
-func (s *ObjectLockRetention) SetRetainUntilDate(v time.Time) *ObjectLockRetention {
-	s.RetainUntilDate = &v
-	return s
-}
-
-// The container element for an Object Lock rule.
-type ObjectLockRule struct {
-	_ struct{} `type:"structure"`
-
-	// The default Object Lock retention mode and period that you want to apply
-	// to new objects placed in the specified bucket. Bucket settings require both
-	// a mode and a period. The period can be either Days or Years but you must
-	// select one. You cannot specify Days and Years at the same time.
-	DefaultRetention *DefaultRetention `type:"structure"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s ObjectLockRule) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s ObjectLockRule) GoString() string {
-	return s.String()
-}
-
-// SetDefaultRetention sets the DefaultRetention field's value.
-func (s *ObjectLockRule) SetDefaultRetention(v *DefaultRetention) *ObjectLockRule {
-	s.DefaultRetention = v
-	return s
-}
-
-// A container for elements related to an individual part.
-type ObjectPart struct {
-	_ struct{} `type:"structure"`
-
-	// This header can be used as a data integrity check to verify that the data
-	// received is the same data that was originally sent. This header specifies
-	// the base64-encoded, 32-bit CRC32 checksum of the object. For more information,
-	// see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
-	// in the Amazon S3 User Guide.
-	ChecksumCRC32 *string `type:"string"`
-
-	// The base64-encoded, 32-bit CRC32C checksum of the object. This will only
-	// be present if it was uploaded with the object. With multipart uploads, this
-	// may not be a checksum value of the object. For more information about how
-	// checksums are calculated with multipart uploads, see Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
-	// in the Amazon S3 User Guide.
-	ChecksumCRC32C *string `type:"string"`
-
-	// The base64-encoded, 160-bit SHA-1 digest of the object. This will only be
-	// present if it was uploaded with the object. With multipart uploads, this
-	// may not be a checksum value of the object. For more information about how
-	// checksums are calculated with multipart uploads, see Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
-	// in the Amazon S3 User Guide.
-	ChecksumSHA1 *string `type:"string"`
-
-	// The base64-encoded, 256-bit SHA-256 digest of the object. This will only
-	// be present if it was uploaded with the object. With multipart uploads, this
-	// may not be a checksum value of the object. For more information about how
-	// checksums are calculated with multipart uploads, see Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
-	// in the Amazon S3 User Guide.
-	ChecksumSHA256 *string `type:"string"`
-
-	// The part number identifying the part. This value is a positive integer between
-	// 1 and 10,000.
-	PartNumber *int64 `type:"integer"`
-
-	// The size of the uploaded part in bytes.
-	Size *int64 `type:"integer"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s ObjectPart) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s ObjectPart) GoString() string {
-	return s.String()
-}
-
-// SetChecksumCRC32 sets the ChecksumCRC32 field's value.
-func (s *ObjectPart) SetChecksumCRC32(v string) *ObjectPart {
-	s.ChecksumCRC32 = &v
-	return s
-}
-
-// SetChecksumCRC32C sets the ChecksumCRC32C field's value.
-func (s *ObjectPart) SetChecksumCRC32C(v string) *ObjectPart {
-	s.ChecksumCRC32C = &v
-	return s
-}
-
-// SetChecksumSHA1 sets the ChecksumSHA1 field's value.
-func (s *ObjectPart) SetChecksumSHA1(v string) *ObjectPart {
-	s.ChecksumSHA1 = &v
-	return s
-}
-
-// SetChecksumSHA256 sets the ChecksumSHA256 field's value.
-func (s *ObjectPart) SetChecksumSHA256(v string) *ObjectPart {
-	s.ChecksumSHA256 = &v
-	return s
-}
-
-// SetPartNumber sets the PartNumber field's value.
-func (s *ObjectPart) SetPartNumber(v int64) *ObjectPart {
-	s.PartNumber = &v
-	return s
-}
-
-// SetSize sets the Size field's value.
-func (s *ObjectPart) SetSize(v int64) *ObjectPart {
-	s.Size = &v
-	return s
-}
-
-// The version of an object.
-type ObjectVersion struct {
-	_ struct{} `type:"structure"`
-
-	// The algorithm that was used to create a checksum of the object.
-	ChecksumAlgorithm []*string `type:"list" flattened:"true" enum:"ChecksumAlgorithm"`
-
-	// The entity tag is an MD5 hash of that version of the object.
-	ETag *string `type:"string"`
-
-	// Specifies whether the object is (true) or is not (false) the latest version
-	// of an object.
-	IsLatest *bool `type:"boolean"`
-
-	// The object key.
-	Key *string `min:"1" type:"string"`
-
-	// Date and time the object was last modified.
-	LastModified *time.Time `type:"timestamp"`
-
-	// Specifies the owner of the object.
-	Owner *Owner `type:"structure"`
-
-	// Size in bytes of the object.
-	Size *int64 `type:"integer"`
-
-	// The class of storage used to store the object.
-	StorageClass *string `type:"string" enum:"ObjectVersionStorageClass"`
-
-	// Version ID of an object.
-	VersionId *string `type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s ObjectVersion) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s ObjectVersion) GoString() string {
-	return s.String()
-}
-
-// SetChecksumAlgorithm sets the ChecksumAlgorithm field's value.
-func (s *ObjectVersion) SetChecksumAlgorithm(v []*string) *ObjectVersion {
-	s.ChecksumAlgorithm = v
-	return s
-}
-
-// SetETag sets the ETag field's value.
-func (s *ObjectVersion) SetETag(v string) *ObjectVersion {
-	s.ETag = &v
-	return s
-}
-
-// SetIsLatest sets the IsLatest field's value.
-func (s *ObjectVersion) SetIsLatest(v bool) *ObjectVersion {
-	s.IsLatest = &v
-	return s
-}
-
-// SetKey sets the Key field's value.
-func (s *ObjectVersion) SetKey(v string) *ObjectVersion {
-	s.Key = &v
-	return s
-}
-
-// SetLastModified sets the LastModified field's value.
-func (s *ObjectVersion) SetLastModified(v time.Time) *ObjectVersion {
-	s.LastModified = &v
-	return s
-}
-
-// SetOwner sets the Owner field's value.
-func (s *ObjectVersion) SetOwner(v *Owner) *ObjectVersion {
-	s.Owner = v
-	return s
-}
-
-// SetSize sets the Size field's value.
-func (s *ObjectVersion) SetSize(v int64) *ObjectVersion {
-	s.Size = &v
-	return s
-}
-
-// SetStorageClass sets the StorageClass field's value.
-func (s *ObjectVersion) SetStorageClass(v string) *ObjectVersion {
-	s.StorageClass = &v
-	return s
-}
-
-// SetVersionId sets the VersionId field's value.
-func (s *ObjectVersion) SetVersionId(v string) *ObjectVersion {
-	s.VersionId = &v
-	return s
-}
-
-// Describes the location where the restore job's output is stored.
-type OutputLocation struct {
-	_ struct{} `type:"structure"`
-
-	// Describes an S3 location that will receive the results of the restore request.
-	S3 *Location `type:"structure"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s OutputLocation) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s OutputLocation) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *OutputLocation) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "OutputLocation"}
-	if s.S3 != nil {
-		if err := s.S3.Validate(); err != nil {
-			invalidParams.AddNested("S3", err.(request.ErrInvalidParams))
-		}
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetS3 sets the S3 field's value.
-func (s *OutputLocation) SetS3(v *Location) *OutputLocation {
-	s.S3 = v
-	return s
-}
-
-// Describes how results of the Select job are serialized.
-type OutputSerialization struct {
-	_ struct{} `type:"structure"`
-
-	// Describes the serialization of CSV-encoded Select results.
-	CSV *CSVOutput `type:"structure"`
-
-	// Specifies JSON as request's output serialization format.
-	JSON *JSONOutput `type:"structure"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s OutputSerialization) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s OutputSerialization) GoString() string {
-	return s.String()
-}
-
-// SetCSV sets the CSV field's value.
-func (s *OutputSerialization) SetCSV(v *CSVOutput) *OutputSerialization {
-	s.CSV = v
-	return s
-}
-
-// SetJSON sets the JSON field's value.
-func (s *OutputSerialization) SetJSON(v *JSONOutput) *OutputSerialization {
-	s.JSON = v
-	return s
-}
-
-// Container for the owner's display name and ID.
-type Owner struct {
-	_ struct{} `type:"structure"`
-
-	// Container for the display name of the owner. This value is only supported
-	// in the following Amazon Web Services Regions:
-	//
-	//    * US East (N. Virginia)
-	//
-	//    * US West (N. California)
-	//
-	//    * US West (Oregon)
-	//
-	//    * Asia Pacific (Singapore)
-	//
-	//    * Asia Pacific (Sydney)
-	//
-	//    * Asia Pacific (Tokyo)
-	//
-	//    * Europe (Ireland)
-	//
-	//    * South America (São Paulo)
-	DisplayName *string `type:"string"`
-
-	// Container for the ID of the owner.
-	ID *string `type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s Owner) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s Owner) GoString() string {
-	return s.String()
-}
-
-// SetDisplayName sets the DisplayName field's value.
-func (s *Owner) SetDisplayName(v string) *Owner {
-	s.DisplayName = &v
-	return s
-}
-
-// SetID sets the ID field's value.
-func (s *Owner) SetID(v string) *Owner {
-	s.ID = &v
-	return s
-}
-
-// The container element for a bucket's ownership controls.
-type OwnershipControls struct {
-	_ struct{} `type:"structure"`
-
-	// The container element for an ownership control rule.
-	//
-	// Rules is a required field
-	Rules []*OwnershipControlsRule `locationName:"Rule" type:"list" flattened:"true" required:"true"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s OwnershipControls) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s OwnershipControls) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *OwnershipControls) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "OwnershipControls"}
-	if s.Rules == nil {
-		invalidParams.Add(request.NewErrParamRequired("Rules"))
-	}
-	if s.Rules != nil {
-		for i, v := range s.Rules {
-			if v == nil {
-				continue
-			}
-			if err := v.Validate(); err != nil {
-				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Rules", i), err.(request.ErrInvalidParams))
-			}
-		}
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetRules sets the Rules field's value.
-func (s *OwnershipControls) SetRules(v []*OwnershipControlsRule) *OwnershipControls {
-	s.Rules = v
-	return s
-}
-
-// The container element for an ownership control rule.
-type OwnershipControlsRule struct {
-	_ struct{} `type:"structure"`
-
-	// The container element for object ownership for a bucket's ownership controls.
-	//
-	// BucketOwnerPreferred - Objects uploaded to the bucket change ownership to
-	// the bucket owner if the objects are uploaded with the bucket-owner-full-control
-	// canned ACL.
-	//
-	// ObjectWriter - The uploading account will own the object if the object is
-	// uploaded with the bucket-owner-full-control canned ACL.
-	//
-	// BucketOwnerEnforced - Access control lists (ACLs) are disabled and no longer
-	// affect permissions. The bucket owner automatically owns and has full control
-	// over every object in the bucket. The bucket only accepts PUT requests that
-	// don't specify an ACL or bucket owner full control ACLs, such as the bucket-owner-full-control
-	// canned ACL or an equivalent form of this ACL expressed in the XML format.
-	//
-	// ObjectOwnership is a required field
-	ObjectOwnership *string `type:"string" required:"true" enum:"ObjectOwnership"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s OwnershipControlsRule) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s OwnershipControlsRule) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *OwnershipControlsRule) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "OwnershipControlsRule"}
-	if s.ObjectOwnership == nil {
-		invalidParams.Add(request.NewErrParamRequired("ObjectOwnership"))
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetObjectOwnership sets the ObjectOwnership field's value.
-func (s *OwnershipControlsRule) SetObjectOwnership(v string) *OwnershipControlsRule {
-	s.ObjectOwnership = &v
-	return s
-}
-
-// Container for Parquet.
-type ParquetInput struct {
-	_ struct{} `type:"structure"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s ParquetInput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s ParquetInput) GoString() string {
-	return s.String()
-}
-
-// Container for elements related to a part.
-type Part struct {
-	_ struct{} `type:"structure"`
-
-	// This header can be used as a data integrity check to verify that the data
-	// received is the same data that was originally sent. This header specifies
-	// the base64-encoded, 32-bit CRC32 checksum of the object. For more information,
-	// see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
-	// in the Amazon S3 User Guide.
-	ChecksumCRC32 *string `type:"string"`
-
-	// The base64-encoded, 32-bit CRC32C checksum of the object. This will only
-	// be present if it was uploaded with the object. With multipart uploads, this
-	// may not be a checksum value of the object. For more information about how
-	// checksums are calculated with multipart uploads, see Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
-	// in the Amazon S3 User Guide.
-	ChecksumCRC32C *string `type:"string"`
-
-	// The base64-encoded, 160-bit SHA-1 digest of the object. This will only be
-	// present if it was uploaded with the object. With multipart uploads, this
-	// may not be a checksum value of the object. For more information about how
-	// checksums are calculated with multipart uploads, see Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
-	// in the Amazon S3 User Guide.
-	ChecksumSHA1 *string `type:"string"`
-
-	// This header can be used as a data integrity check to verify that the data
-	// received is the same data that was originally sent. This header specifies
-	// the base64-encoded, 256-bit SHA-256 digest of the object. For more information,
-	// see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
-	// in the Amazon S3 User Guide.
-	ChecksumSHA256 *string `type:"string"`
-
-	// Entity tag returned when the part was uploaded.
-	ETag *string `type:"string"`
-
-	// Date and time at which the part was uploaded.
-	LastModified *time.Time `type:"timestamp"`
-
-	// Part number identifying the part. This is a positive integer between 1 and
-	// 10,000.
-	PartNumber *int64 `type:"integer"`
-
-	// Size in bytes of the uploaded part data.
-	Size *int64 `type:"integer"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s Part) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s Part) GoString() string {
-	return s.String()
-}
-
-// SetChecksumCRC32 sets the ChecksumCRC32 field's value.
-func (s *Part) SetChecksumCRC32(v string) *Part {
-	s.ChecksumCRC32 = &v
-	return s
-}
-
-// SetChecksumCRC32C sets the ChecksumCRC32C field's value.
-func (s *Part) SetChecksumCRC32C(v string) *Part {
-	s.ChecksumCRC32C = &v
-	return s
-}
-
-// SetChecksumSHA1 sets the ChecksumSHA1 field's value.
-func (s *Part) SetChecksumSHA1(v string) *Part {
-	s.ChecksumSHA1 = &v
-	return s
-}
-
-// SetChecksumSHA256 sets the ChecksumSHA256 field's value.
-func (s *Part) SetChecksumSHA256(v string) *Part {
-	s.ChecksumSHA256 = &v
-	return s
-}
-
-// SetETag sets the ETag field's value.
-func (s *Part) SetETag(v string) *Part {
-	s.ETag = &v
-	return s
-}
-
-// SetLastModified sets the LastModified field's value.
-func (s *Part) SetLastModified(v time.Time) *Part {
-	s.LastModified = &v
-	return s
-}
-
-// SetPartNumber sets the PartNumber field's value.
-func (s *Part) SetPartNumber(v int64) *Part {
-	s.PartNumber = &v
-	return s
-}
-
-// SetSize sets the Size field's value.
-func (s *Part) SetSize(v int64) *Part {
-	s.Size = &v
-	return s
-}
-
-// The container element for a bucket's policy status.
-type PolicyStatus struct {
-	_ struct{} `type:"structure"`
-
-	// The policy status for this bucket. TRUE indicates that this bucket is public.
-	// FALSE indicates that the bucket is not public.
-	IsPublic *bool `locationName:"IsPublic" type:"boolean"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s PolicyStatus) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s PolicyStatus) GoString() string {
-	return s.String()
-}
-
-// SetIsPublic sets the IsPublic field's value.
-func (s *PolicyStatus) SetIsPublic(v bool) *PolicyStatus {
-	s.IsPublic = &v
-	return s
-}
-
-// This data type contains information about progress of an operation.
-type Progress struct {
-	_ struct{} `type:"structure"`
-
-	// The current number of uncompressed object bytes processed.
-	BytesProcessed *int64 `type:"long"`
-
-	// The current number of bytes of records payload data returned.
-	BytesReturned *int64 `type:"long"`
-
-	// The current number of object bytes scanned.
-	BytesScanned *int64 `type:"long"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s Progress) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s Progress) GoString() string {
-	return s.String()
-}
-
-// SetBytesProcessed sets the BytesProcessed field's value.
-func (s *Progress) SetBytesProcessed(v int64) *Progress {
-	s.BytesProcessed = &v
-	return s
-}
-
-// SetBytesReturned sets the BytesReturned field's value.
-func (s *Progress) SetBytesReturned(v int64) *Progress {
-	s.BytesReturned = &v
-	return s
-}
-
-// SetBytesScanned sets the BytesScanned field's value.
-func (s *Progress) SetBytesScanned(v int64) *Progress {
-	s.BytesScanned = &v
-	return s
-}
-
-// This data type contains information about the progress event of an operation.
-type ProgressEvent struct {
-	_ struct{} `locationName:"ProgressEvent" type:"structure" payload:"Details"`
-
-	// The Progress event details.
-	Details *Progress `locationName:"Details" type:"structure"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s ProgressEvent) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s ProgressEvent) GoString() string {
-	return s.String()
-}
-
-// SetDetails sets the Details field's value.
-func (s *ProgressEvent) SetDetails(v *Progress) *ProgressEvent {
-	s.Details = v
-	return s
-}
-
-// The ProgressEvent is and event in the SelectObjectContentEventStream group of events.
-func (s *ProgressEvent) eventSelectObjectContentEventStream() {}
-
-// UnmarshalEvent unmarshals the EventStream Message into the ProgressEvent value.
-// This method is only used internally within the SDK's EventStream handling.
-func (s *ProgressEvent) UnmarshalEvent(
-	payloadUnmarshaler protocol.PayloadUnmarshaler,
-	msg eventstream.Message,
-) error {
-	if err := payloadUnmarshaler.UnmarshalPayload(
-		bytes.NewReader(msg.Payload), s,
-	); err != nil {
-		return err
-	}
-	return nil
-}
-
-// MarshalEvent marshals the type into an stream event value. This method
-// should only used internally within the SDK's EventStream handling.
-func (s *ProgressEvent) MarshalEvent(pm protocol.PayloadMarshaler) (msg eventstream.Message, err error) {
-	msg.Headers.Set(eventstreamapi.MessageTypeHeader, eventstream.StringValue(eventstreamapi.EventMessageType))
-	var buf bytes.Buffer
-	if err = pm.MarshalPayload(&buf, s); err != nil {
-		return eventstream.Message{}, err
-	}
-	msg.Payload = buf.Bytes()
-	return msg, err
-}
-
-// The PublicAccessBlock configuration that you want to apply to this Amazon
-// S3 bucket. You can enable the configuration options in any combination. For
-// more information about when Amazon S3 considers a bucket or object public,
-// see The Meaning of "Public" (https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html#access-control-block-public-access-policy-status)
-// in the Amazon S3 User Guide.
-type PublicAccessBlockConfiguration struct {
-	_ struct{} `type:"structure"`
-
-	// Specifies whether Amazon S3 should block public access control lists (ACLs)
-	// for this bucket and objects in this bucket. Setting this element to TRUE
-	// causes the following behavior:
-	//
-	//    * PUT Bucket ACL and PUT Object ACL calls fail if the specified ACL is
-	//    public.
-	//
-	//    * PUT Object calls fail if the request includes a public ACL.
-	//
-	//    * PUT Bucket calls fail if the request includes a public ACL.
-	//
-	// Enabling this setting doesn't affect existing policies or ACLs.
-	BlockPublicAcls *bool `locationName:"BlockPublicAcls" type:"boolean"`
-
-	// Specifies whether Amazon S3 should block public bucket policies for this
-	// bucket. Setting this element to TRUE causes Amazon S3 to reject calls to
-	// PUT Bucket policy if the specified bucket policy allows public access.
-	//
-	// Enabling this setting doesn't affect existing bucket policies.
-	BlockPublicPolicy *bool `locationName:"BlockPublicPolicy" type:"boolean"`
-
-	// Specifies whether Amazon S3 should ignore public ACLs for this bucket and
-	// objects in this bucket. Setting this element to TRUE causes Amazon S3 to
-	// ignore all public ACLs on this bucket and objects in this bucket.
-	//
-	// Enabling this setting doesn't affect the persistence of any existing ACLs
-	// and doesn't prevent new public ACLs from being set.
-	IgnorePublicAcls *bool `locationName:"IgnorePublicAcls" type:"boolean"`
-
-	// Specifies whether Amazon S3 should restrict public bucket policies for this
-	// bucket. Setting this element to TRUE restricts access to this bucket to only
-	// Amazon Web Service principals and authorized users within this account if
-	// the bucket has a public policy.
-	//
-	// Enabling this setting doesn't affect previously stored bucket policies, except
-	// that public and cross-account access within any public bucket policy, including
-	// non-public delegation to specific accounts, is blocked.
-	RestrictPublicBuckets *bool `locationName:"RestrictPublicBuckets" type:"boolean"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s PublicAccessBlockConfiguration) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s PublicAccessBlockConfiguration) GoString() string {
-	return s.String()
-}
-
-// SetBlockPublicAcls sets the BlockPublicAcls field's value.
-func (s *PublicAccessBlockConfiguration) SetBlockPublicAcls(v bool) *PublicAccessBlockConfiguration {
-	s.BlockPublicAcls = &v
-	return s
-}
-
-// SetBlockPublicPolicy sets the BlockPublicPolicy field's value.
-func (s *PublicAccessBlockConfiguration) SetBlockPublicPolicy(v bool) *PublicAccessBlockConfiguration {
-	s.BlockPublicPolicy = &v
-	return s
-}
-
-// SetIgnorePublicAcls sets the IgnorePublicAcls field's value.
-func (s *PublicAccessBlockConfiguration) SetIgnorePublicAcls(v bool) *PublicAccessBlockConfiguration {
-	s.IgnorePublicAcls = &v
-	return s
-}
-
-// SetRestrictPublicBuckets sets the RestrictPublicBuckets field's value.
-func (s *PublicAccessBlockConfiguration) SetRestrictPublicBuckets(v bool) *PublicAccessBlockConfiguration {
-	s.RestrictPublicBuckets = &v
-	return s
-}
-
-type PutBucketAccelerateConfigurationInput struct {
-	_ struct{} `locationName:"PutBucketAccelerateConfigurationRequest" type:"structure" payload:"AccelerateConfiguration"`
-
-	// Container for setting the transfer acceleration state.
-	//
-	// AccelerateConfiguration is a required field
-	AccelerateConfiguration *AccelerateConfiguration `locationName:"AccelerateConfiguration" type:"structure" required:"true" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"`
-
-	// The name of the bucket for which the accelerate configuration is set.
-	//
-	// Bucket is a required field
-	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
-
-	// Indicates the algorithm used to create the checksum for the object when using
-	// the SDK. This header will not provide any additional functionality if not
-	// using the SDK. When sending this header, there must be a corresponding x-amz-checksum
-	// or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with
-	// the HTTP status code 400 Bad Request. For more information, see Checking
-	// object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
-	// in the Amazon S3 User Guide.
-	//
-	// If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm
-	// parameter.
-	//
-	// The AWS SDK for Go v1 does not support automatic computing request payload
-	// checksum. This feature is available in the AWS SDK for Go v2. If a value
-	// is specified for this parameter, the matching algorithm's checksum member
-	// must be populated with the algorithm's checksum of the request payload.
-	ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"`
-
-	// The account ID of the expected bucket owner. If the bucket is owned by a
-	// different account, the request fails with the HTTP status code 403 Forbidden
-	// (access denied).
-	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s PutBucketAccelerateConfigurationInput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s PutBucketAccelerateConfigurationInput) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *PutBucketAccelerateConfigurationInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "PutBucketAccelerateConfigurationInput"}
-	if s.AccelerateConfiguration == nil {
-		invalidParams.Add(request.NewErrParamRequired("AccelerateConfiguration"))
-	}
-	if s.Bucket == nil {
-		invalidParams.Add(request.NewErrParamRequired("Bucket"))
-	}
-	if s.Bucket != nil && len(*s.Bucket) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetAccelerateConfiguration sets the AccelerateConfiguration field's value.
-func (s *PutBucketAccelerateConfigurationInput) SetAccelerateConfiguration(v *AccelerateConfiguration) *PutBucketAccelerateConfigurationInput {
-	s.AccelerateConfiguration = v
-	return s
-}
-
-// SetBucket sets the Bucket field's value.
-func (s *PutBucketAccelerateConfigurationInput) SetBucket(v string) *PutBucketAccelerateConfigurationInput {
-	s.Bucket = &v
-	return s
-}
-
-func (s *PutBucketAccelerateConfigurationInput) getBucket() (v string) {
-	if s.Bucket == nil {
-		return v
-	}
-	return *s.Bucket
-}
-
-// SetChecksumAlgorithm sets the ChecksumAlgorithm field's value.
-func (s *PutBucketAccelerateConfigurationInput) SetChecksumAlgorithm(v string) *PutBucketAccelerateConfigurationInput {
-	s.ChecksumAlgorithm = &v
-	return s
-}
-
-// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
-func (s *PutBucketAccelerateConfigurationInput) SetExpectedBucketOwner(v string) *PutBucketAccelerateConfigurationInput {
-	s.ExpectedBucketOwner = &v
-	return s
-}
-
-func (s *PutBucketAccelerateConfigurationInput) getEndpointARN() (arn.Resource, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	return parseEndpointARN(*s.Bucket)
-}
-
-func (s *PutBucketAccelerateConfigurationInput) hasEndpointARN() bool {
-	if s.Bucket == nil {
-		return false
-	}
-	return arn.IsARN(*s.Bucket)
-}
-
-// updateArnableField updates the value of the input field that
-// takes an ARN as an input. This method is useful to backfill
-// the parsed resource name from ARN into the input member.
-// It returns a pointer to a modified copy of input and an error.
-// Note that original input is not modified.
-func (s PutBucketAccelerateConfigurationInput) updateArnableField(v string) (interface{}, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	s.Bucket = aws.String(v)
-	return &s, nil
-}
-
-type PutBucketAccelerateConfigurationOutput struct {
-	_ struct{} `type:"structure"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s PutBucketAccelerateConfigurationOutput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s PutBucketAccelerateConfigurationOutput) GoString() string {
-	return s.String()
-}
-
-type PutBucketAclInput struct {
-	_ struct{} `locationName:"PutBucketAclRequest" type:"structure" payload:"AccessControlPolicy"`
-
-	// The canned ACL to apply to the bucket.
-	ACL *string `location:"header" locationName:"x-amz-acl" type:"string" enum:"BucketCannedACL"`
-
-	// Contains the elements that set the ACL permissions for an object per grantee.
-	AccessControlPolicy *AccessControlPolicy `locationName:"AccessControlPolicy" type:"structure" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"`
-
-	// The bucket to which to apply the ACL.
-	//
-	// Bucket is a required field
-	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
-
-	// Indicates the algorithm used to create the checksum for the object when using
-	// the SDK. This header will not provide any additional functionality if not
-	// using the SDK. When sending this header, there must be a corresponding x-amz-checksum
-	// or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with
-	// the HTTP status code 400 Bad Request. For more information, see Checking
-	// object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
-	// in the Amazon S3 User Guide.
-	//
-	// If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm
-	// parameter.
-	//
-	// The AWS SDK for Go v1 does not support automatic computing request payload
-	// checksum. This feature is available in the AWS SDK for Go v2. If a value
-	// is specified for this parameter, the matching algorithm's checksum member
-	// must be populated with the algorithm's checksum of the request payload.
-	//
-	// The SDK will automatically compute the Content-MD5 checksum for this operation.
-	// The AWS SDK for Go v2 allows you to configure alternative checksum algorithm
-	// to be used.
-	ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"`
-
-	// The account ID of the expected bucket owner. If the bucket is owned by a
-	// different account, the request fails with the HTTP status code 403 Forbidden
-	// (access denied).
-	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
-
-	// Allows grantee the read, write, read ACP, and write ACP permissions on the
-	// bucket.
-	GrantFullControl *string `location:"header" locationName:"x-amz-grant-full-control" type:"string"`
-
-	// Allows grantee to list the objects in the bucket.
-	GrantRead *string `location:"header" locationName:"x-amz-grant-read" type:"string"`
-
-	// Allows grantee to read the bucket ACL.
-	GrantReadACP *string `location:"header" locationName:"x-amz-grant-read-acp" type:"string"`
-
-	// Allows grantee to create new objects in the bucket.
-	//
-	// For the bucket and object owners of existing objects, also allows deletions
-	// and overwrites of those objects.
-	GrantWrite *string `location:"header" locationName:"x-amz-grant-write" type:"string"`
-
-	// Allows grantee to write the ACL for the applicable bucket.
-	GrantWriteACP *string `location:"header" locationName:"x-amz-grant-write-acp" type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s PutBucketAclInput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s PutBucketAclInput) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *PutBucketAclInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "PutBucketAclInput"}
-	if s.Bucket == nil {
-		invalidParams.Add(request.NewErrParamRequired("Bucket"))
-	}
-	if s.Bucket != nil && len(*s.Bucket) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
-	}
-	if s.AccessControlPolicy != nil {
-		if err := s.AccessControlPolicy.Validate(); err != nil {
-			invalidParams.AddNested("AccessControlPolicy", err.(request.ErrInvalidParams))
-		}
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetACL sets the ACL field's value.
-func (s *PutBucketAclInput) SetACL(v string) *PutBucketAclInput {
-	s.ACL = &v
-	return s
-}
-
-// SetAccessControlPolicy sets the AccessControlPolicy field's value.
-func (s *PutBucketAclInput) SetAccessControlPolicy(v *AccessControlPolicy) *PutBucketAclInput {
-	s.AccessControlPolicy = v
-	return s
-}
-
-// SetBucket sets the Bucket field's value.
-func (s *PutBucketAclInput) SetBucket(v string) *PutBucketAclInput {
-	s.Bucket = &v
-	return s
-}
-
-func (s *PutBucketAclInput) getBucket() (v string) {
-	if s.Bucket == nil {
-		return v
-	}
-	return *s.Bucket
-}
-
-// SetChecksumAlgorithm sets the ChecksumAlgorithm field's value.
-func (s *PutBucketAclInput) SetChecksumAlgorithm(v string) *PutBucketAclInput {
-	s.ChecksumAlgorithm = &v
-	return s
-}
-
-// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
-func (s *PutBucketAclInput) SetExpectedBucketOwner(v string) *PutBucketAclInput {
-	s.ExpectedBucketOwner = &v
-	return s
-}
-
-// SetGrantFullControl sets the GrantFullControl field's value.
-func (s *PutBucketAclInput) SetGrantFullControl(v string) *PutBucketAclInput {
-	s.GrantFullControl = &v
-	return s
-}
-
-// SetGrantRead sets the GrantRead field's value.
-func (s *PutBucketAclInput) SetGrantRead(v string) *PutBucketAclInput {
-	s.GrantRead = &v
-	return s
-}
-
-// SetGrantReadACP sets the GrantReadACP field's value.
-func (s *PutBucketAclInput) SetGrantReadACP(v string) *PutBucketAclInput {
-	s.GrantReadACP = &v
-	return s
-}
-
-// SetGrantWrite sets the GrantWrite field's value.
-func (s *PutBucketAclInput) SetGrantWrite(v string) *PutBucketAclInput {
-	s.GrantWrite = &v
-	return s
-}
-
-// SetGrantWriteACP sets the GrantWriteACP field's value.
-func (s *PutBucketAclInput) SetGrantWriteACP(v string) *PutBucketAclInput {
-	s.GrantWriteACP = &v
-	return s
-}
-
-func (s *PutBucketAclInput) getEndpointARN() (arn.Resource, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	return parseEndpointARN(*s.Bucket)
-}
-
-func (s *PutBucketAclInput) hasEndpointARN() bool {
-	if s.Bucket == nil {
-		return false
-	}
-	return arn.IsARN(*s.Bucket)
-}
-
-// updateArnableField updates the value of the input field that
-// takes an ARN as an input. This method is useful to backfill
-// the parsed resource name from ARN into the input member.
-// It returns a pointer to a modified copy of input and an error.
-// Note that original input is not modified.
-func (s PutBucketAclInput) updateArnableField(v string) (interface{}, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	s.Bucket = aws.String(v)
-	return &s, nil
-}
-
-type PutBucketAclOutput struct {
-	_ struct{} `type:"structure"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s PutBucketAclOutput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s PutBucketAclOutput) GoString() string {
-	return s.String()
-}
-
-type PutBucketAnalyticsConfigurationInput struct {
-	_ struct{} `locationName:"PutBucketAnalyticsConfigurationRequest" type:"structure" payload:"AnalyticsConfiguration"`
-
-	// The configuration and any analyses for the analytics filter.
-	//
-	// AnalyticsConfiguration is a required field
-	AnalyticsConfiguration *AnalyticsConfiguration `locationName:"AnalyticsConfiguration" type:"structure" required:"true" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"`
-
-	// The name of the bucket to which an analytics configuration is stored.
-	//
-	// Bucket is a required field
-	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
-
-	// The account ID of the expected bucket owner. If the bucket is owned by a
-	// different account, the request fails with the HTTP status code 403 Forbidden
-	// (access denied).
-	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
-
-	// The ID that identifies the analytics configuration.
-	//
-	// Id is a required field
-	Id *string `location:"querystring" locationName:"id" type:"string" required:"true"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s PutBucketAnalyticsConfigurationInput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s PutBucketAnalyticsConfigurationInput) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *PutBucketAnalyticsConfigurationInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "PutBucketAnalyticsConfigurationInput"}
-	if s.AnalyticsConfiguration == nil {
-		invalidParams.Add(request.NewErrParamRequired("AnalyticsConfiguration"))
-	}
-	if s.Bucket == nil {
-		invalidParams.Add(request.NewErrParamRequired("Bucket"))
-	}
-	if s.Bucket != nil && len(*s.Bucket) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
-	}
-	if s.Id == nil {
-		invalidParams.Add(request.NewErrParamRequired("Id"))
-	}
-	if s.AnalyticsConfiguration != nil {
-		if err := s.AnalyticsConfiguration.Validate(); err != nil {
-			invalidParams.AddNested("AnalyticsConfiguration", err.(request.ErrInvalidParams))
-		}
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetAnalyticsConfiguration sets the AnalyticsConfiguration field's value.
-func (s *PutBucketAnalyticsConfigurationInput) SetAnalyticsConfiguration(v *AnalyticsConfiguration) *PutBucketAnalyticsConfigurationInput {
-	s.AnalyticsConfiguration = v
-	return s
-}
-
-// SetBucket sets the Bucket field's value.
-func (s *PutBucketAnalyticsConfigurationInput) SetBucket(v string) *PutBucketAnalyticsConfigurationInput {
-	s.Bucket = &v
-	return s
-}
-
-func (s *PutBucketAnalyticsConfigurationInput) getBucket() (v string) {
-	if s.Bucket == nil {
-		return v
-	}
-	return *s.Bucket
-}
-
-// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
-func (s *PutBucketAnalyticsConfigurationInput) SetExpectedBucketOwner(v string) *PutBucketAnalyticsConfigurationInput {
-	s.ExpectedBucketOwner = &v
-	return s
-}
-
-// SetId sets the Id field's value.
-func (s *PutBucketAnalyticsConfigurationInput) SetId(v string) *PutBucketAnalyticsConfigurationInput {
-	s.Id = &v
-	return s
-}
-
-func (s *PutBucketAnalyticsConfigurationInput) getEndpointARN() (arn.Resource, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	return parseEndpointARN(*s.Bucket)
-}
-
-func (s *PutBucketAnalyticsConfigurationInput) hasEndpointARN() bool {
-	if s.Bucket == nil {
-		return false
-	}
-	return arn.IsARN(*s.Bucket)
-}
-
-// updateArnableField updates the value of the input field that
-// takes an ARN as an input. This method is useful to backfill
-// the parsed resource name from ARN into the input member.
-// It returns a pointer to a modified copy of input and an error.
-// Note that original input is not modified.
-func (s PutBucketAnalyticsConfigurationInput) updateArnableField(v string) (interface{}, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	s.Bucket = aws.String(v)
-	return &s, nil
-}
-
-type PutBucketAnalyticsConfigurationOutput struct {
-	_ struct{} `type:"structure"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s PutBucketAnalyticsConfigurationOutput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s PutBucketAnalyticsConfigurationOutput) GoString() string {
-	return s.String()
-}
-
-type PutBucketCorsInput struct {
-	_ struct{} `locationName:"PutBucketCorsRequest" type:"structure" payload:"CORSConfiguration"`
-
-	// Specifies the bucket impacted by the corsconfiguration.
-	//
-	// Bucket is a required field
-	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
-
-	// Describes the cross-origin access configuration for objects in an Amazon
-	// S3 bucket. For more information, see Enabling Cross-Origin Resource Sharing
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/cors.html) in the Amazon
-	// S3 User Guide.
-	//
-	// CORSConfiguration is a required field
-	CORSConfiguration *CORSConfiguration `locationName:"CORSConfiguration" type:"structure" required:"true" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"`
-
-	// Indicates the algorithm used to create the checksum for the object when using
-	// the SDK. This header will not provide any additional functionality if not
-	// using the SDK. When sending this header, there must be a corresponding x-amz-checksum
-	// or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with
-	// the HTTP status code 400 Bad Request. For more information, see Checking
-	// object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
-	// in the Amazon S3 User Guide.
-	//
-	// If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm
-	// parameter.
-	//
-	// The AWS SDK for Go v1 does not support automatic computing request payload
-	// checksum. This feature is available in the AWS SDK for Go v2. If a value
-	// is specified for this parameter, the matching algorithm's checksum member
-	// must be populated with the algorithm's checksum of the request payload.
-	//
-	// The SDK will automatically compute the Content-MD5 checksum for this operation.
-	// The AWS SDK for Go v2 allows you to configure alternative checksum algorithm
-	// to be used.
-	ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"`
-
-	// The account ID of the expected bucket owner. If the bucket is owned by a
-	// different account, the request fails with the HTTP status code 403 Forbidden
-	// (access denied).
-	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s PutBucketCorsInput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s PutBucketCorsInput) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *PutBucketCorsInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "PutBucketCorsInput"}
-	if s.Bucket == nil {
-		invalidParams.Add(request.NewErrParamRequired("Bucket"))
-	}
-	if s.Bucket != nil && len(*s.Bucket) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
-	}
-	if s.CORSConfiguration == nil {
-		invalidParams.Add(request.NewErrParamRequired("CORSConfiguration"))
-	}
-	if s.CORSConfiguration != nil {
-		if err := s.CORSConfiguration.Validate(); err != nil {
-			invalidParams.AddNested("CORSConfiguration", err.(request.ErrInvalidParams))
-		}
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetBucket sets the Bucket field's value.
-func (s *PutBucketCorsInput) SetBucket(v string) *PutBucketCorsInput {
-	s.Bucket = &v
-	return s
-}
-
-func (s *PutBucketCorsInput) getBucket() (v string) {
-	if s.Bucket == nil {
-		return v
-	}
-	return *s.Bucket
-}
-
-// SetCORSConfiguration sets the CORSConfiguration field's value.
-func (s *PutBucketCorsInput) SetCORSConfiguration(v *CORSConfiguration) *PutBucketCorsInput {
-	s.CORSConfiguration = v
-	return s
-}
-
-// SetChecksumAlgorithm sets the ChecksumAlgorithm field's value.
-func (s *PutBucketCorsInput) SetChecksumAlgorithm(v string) *PutBucketCorsInput {
-	s.ChecksumAlgorithm = &v
-	return s
-}
-
-// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
-func (s *PutBucketCorsInput) SetExpectedBucketOwner(v string) *PutBucketCorsInput {
-	s.ExpectedBucketOwner = &v
-	return s
-}
-
-func (s *PutBucketCorsInput) getEndpointARN() (arn.Resource, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	return parseEndpointARN(*s.Bucket)
-}
-
-func (s *PutBucketCorsInput) hasEndpointARN() bool {
-	if s.Bucket == nil {
-		return false
-	}
-	return arn.IsARN(*s.Bucket)
-}
-
-// updateArnableField updates the value of the input field that
-// takes an ARN as an input. This method is useful to backfill
-// the parsed resource name from ARN into the input member.
-// It returns a pointer to a modified copy of input and an error.
-// Note that original input is not modified.
-func (s PutBucketCorsInput) updateArnableField(v string) (interface{}, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	s.Bucket = aws.String(v)
-	return &s, nil
-}
-
-type PutBucketCorsOutput struct {
-	_ struct{} `type:"structure"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s PutBucketCorsOutput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s PutBucketCorsOutput) GoString() string {
-	return s.String()
-}
-
-type PutBucketEncryptionInput struct {
-	_ struct{} `locationName:"PutBucketEncryptionRequest" type:"structure" payload:"ServerSideEncryptionConfiguration"`
-
-	// Specifies default encryption for a bucket using server-side encryption with
-	// different key options. By default, all buckets have a default encryption
-	// configuration that uses server-side encryption with Amazon S3 managed keys
-	// (SSE-S3). You can optionally configure default encryption for a bucket by
-	// using server-side encryption with an Amazon Web Services KMS key (SSE-KMS)
-	// or a customer-provided key (SSE-C). For information about the bucket default
-	// encryption feature, see Amazon S3 Bucket Default Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html)
-	// in the Amazon S3 User Guide.
-	//
-	// Bucket is a required field
-	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
-
-	// Indicates the algorithm used to create the checksum for the object when using
-	// the SDK. This header will not provide any additional functionality if not
-	// using the SDK. When sending this header, there must be a corresponding x-amz-checksum
-	// or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with
-	// the HTTP status code 400 Bad Request. For more information, see Checking
-	// object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
-	// in the Amazon S3 User Guide.
-	//
-	// If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm
-	// parameter.
-	//
-	// The AWS SDK for Go v1 does not support automatic computing request payload
-	// checksum. This feature is available in the AWS SDK for Go v2. If a value
-	// is specified for this parameter, the matching algorithm's checksum member
-	// must be populated with the algorithm's checksum of the request payload.
-	//
-	// The SDK will automatically compute the Content-MD5 checksum for this operation.
-	// The AWS SDK for Go v2 allows you to configure alternative checksum algorithm
-	// to be used.
-	ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"`
-
-	// The account ID of the expected bucket owner. If the bucket is owned by a
-	// different account, the request fails with the HTTP status code 403 Forbidden
-	// (access denied).
-	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
-
-	// Specifies the default server-side-encryption configuration.
-	//
-	// ServerSideEncryptionConfiguration is a required field
-	ServerSideEncryptionConfiguration *ServerSideEncryptionConfiguration `locationName:"ServerSideEncryptionConfiguration" type:"structure" required:"true" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s PutBucketEncryptionInput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s PutBucketEncryptionInput) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *PutBucketEncryptionInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "PutBucketEncryptionInput"}
-	if s.Bucket == nil {
-		invalidParams.Add(request.NewErrParamRequired("Bucket"))
-	}
-	if s.Bucket != nil && len(*s.Bucket) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
-	}
-	if s.ServerSideEncryptionConfiguration == nil {
-		invalidParams.Add(request.NewErrParamRequired("ServerSideEncryptionConfiguration"))
-	}
-	if s.ServerSideEncryptionConfiguration != nil {
-		if err := s.ServerSideEncryptionConfiguration.Validate(); err != nil {
-			invalidParams.AddNested("ServerSideEncryptionConfiguration", err.(request.ErrInvalidParams))
-		}
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetBucket sets the Bucket field's value.
-func (s *PutBucketEncryptionInput) SetBucket(v string) *PutBucketEncryptionInput {
-	s.Bucket = &v
-	return s
-}
-
-func (s *PutBucketEncryptionInput) getBucket() (v string) {
-	if s.Bucket == nil {
-		return v
-	}
-	return *s.Bucket
-}
-
-// SetChecksumAlgorithm sets the ChecksumAlgorithm field's value.
-func (s *PutBucketEncryptionInput) SetChecksumAlgorithm(v string) *PutBucketEncryptionInput {
-	s.ChecksumAlgorithm = &v
-	return s
-}
-
-// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
-func (s *PutBucketEncryptionInput) SetExpectedBucketOwner(v string) *PutBucketEncryptionInput {
-	s.ExpectedBucketOwner = &v
-	return s
-}
-
-// SetServerSideEncryptionConfiguration sets the ServerSideEncryptionConfiguration field's value.
-func (s *PutBucketEncryptionInput) SetServerSideEncryptionConfiguration(v *ServerSideEncryptionConfiguration) *PutBucketEncryptionInput {
-	s.ServerSideEncryptionConfiguration = v
-	return s
-}
-
-func (s *PutBucketEncryptionInput) getEndpointARN() (arn.Resource, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	return parseEndpointARN(*s.Bucket)
-}
-
-func (s *PutBucketEncryptionInput) hasEndpointARN() bool {
-	if s.Bucket == nil {
-		return false
-	}
-	return arn.IsARN(*s.Bucket)
-}
-
-// updateArnableField updates the value of the input field that
-// takes an ARN as an input. This method is useful to backfill
-// the parsed resource name from ARN into the input member.
-// It returns a pointer to a modified copy of input and an error.
-// Note that original input is not modified.
-func (s PutBucketEncryptionInput) updateArnableField(v string) (interface{}, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	s.Bucket = aws.String(v)
-	return &s, nil
-}
-
-type PutBucketEncryptionOutput struct {
-	_ struct{} `type:"structure"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s PutBucketEncryptionOutput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s PutBucketEncryptionOutput) GoString() string {
-	return s.String()
-}
-
-type PutBucketIntelligentTieringConfigurationInput struct {
-	_ struct{} `locationName:"PutBucketIntelligentTieringConfigurationRequest" type:"structure" payload:"IntelligentTieringConfiguration"`
-
-	// The name of the Amazon S3 bucket whose configuration you want to modify or
-	// retrieve.
-	//
-	// Bucket is a required field
-	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
-
-	// The ID used to identify the S3 Intelligent-Tiering configuration.
-	//
-	// Id is a required field
-	Id *string `location:"querystring" locationName:"id" type:"string" required:"true"`
-
-	// Container for S3 Intelligent-Tiering configuration.
-	//
-	// IntelligentTieringConfiguration is a required field
-	IntelligentTieringConfiguration *IntelligentTieringConfiguration `locationName:"IntelligentTieringConfiguration" type:"structure" required:"true" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s PutBucketIntelligentTieringConfigurationInput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s PutBucketIntelligentTieringConfigurationInput) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *PutBucketIntelligentTieringConfigurationInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "PutBucketIntelligentTieringConfigurationInput"}
-	if s.Bucket == nil {
-		invalidParams.Add(request.NewErrParamRequired("Bucket"))
-	}
-	if s.Bucket != nil && len(*s.Bucket) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
-	}
-	if s.Id == nil {
-		invalidParams.Add(request.NewErrParamRequired("Id"))
-	}
-	if s.IntelligentTieringConfiguration == nil {
-		invalidParams.Add(request.NewErrParamRequired("IntelligentTieringConfiguration"))
-	}
-	if s.IntelligentTieringConfiguration != nil {
-		if err := s.IntelligentTieringConfiguration.Validate(); err != nil {
-			invalidParams.AddNested("IntelligentTieringConfiguration", err.(request.ErrInvalidParams))
-		}
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetBucket sets the Bucket field's value.
-func (s *PutBucketIntelligentTieringConfigurationInput) SetBucket(v string) *PutBucketIntelligentTieringConfigurationInput {
-	s.Bucket = &v
-	return s
-}
-
-func (s *PutBucketIntelligentTieringConfigurationInput) getBucket() (v string) {
-	if s.Bucket == nil {
-		return v
-	}
-	return *s.Bucket
-}
-
-// SetId sets the Id field's value.
-func (s *PutBucketIntelligentTieringConfigurationInput) SetId(v string) *PutBucketIntelligentTieringConfigurationInput {
-	s.Id = &v
-	return s
-}
-
-// SetIntelligentTieringConfiguration sets the IntelligentTieringConfiguration field's value.
-func (s *PutBucketIntelligentTieringConfigurationInput) SetIntelligentTieringConfiguration(v *IntelligentTieringConfiguration) *PutBucketIntelligentTieringConfigurationInput {
-	s.IntelligentTieringConfiguration = v
-	return s
-}
-
-func (s *PutBucketIntelligentTieringConfigurationInput) getEndpointARN() (arn.Resource, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	return parseEndpointARN(*s.Bucket)
-}
-
-func (s *PutBucketIntelligentTieringConfigurationInput) hasEndpointARN() bool {
-	if s.Bucket == nil {
-		return false
-	}
-	return arn.IsARN(*s.Bucket)
-}
-
-// updateArnableField updates the value of the input field that
-// takes an ARN as an input. This method is useful to backfill
-// the parsed resource name from ARN into the input member.
-// It returns a pointer to a modified copy of input and an error.
-// Note that original input is not modified.
-func (s PutBucketIntelligentTieringConfigurationInput) updateArnableField(v string) (interface{}, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	s.Bucket = aws.String(v)
-	return &s, nil
-}
-
-type PutBucketIntelligentTieringConfigurationOutput struct {
-	_ struct{} `type:"structure"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s PutBucketIntelligentTieringConfigurationOutput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s PutBucketIntelligentTieringConfigurationOutput) GoString() string {
-	return s.String()
-}
-
-type PutBucketInventoryConfigurationInput struct {
-	_ struct{} `locationName:"PutBucketInventoryConfigurationRequest" type:"structure" payload:"InventoryConfiguration"`
-
-	// The name of the bucket where the inventory configuration will be stored.
-	//
-	// Bucket is a required field
-	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
-
-	// The account ID of the expected bucket owner. If the bucket is owned by a
-	// different account, the request fails with the HTTP status code 403 Forbidden
-	// (access denied).
-	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
-
-	// The ID used to identify the inventory configuration.
-	//
-	// Id is a required field
-	Id *string `location:"querystring" locationName:"id" type:"string" required:"true"`
-
-	// Specifies the inventory configuration.
-	//
-	// InventoryConfiguration is a required field
-	InventoryConfiguration *InventoryConfiguration `locationName:"InventoryConfiguration" type:"structure" required:"true" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s PutBucketInventoryConfigurationInput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s PutBucketInventoryConfigurationInput) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *PutBucketInventoryConfigurationInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "PutBucketInventoryConfigurationInput"}
-	if s.Bucket == nil {
-		invalidParams.Add(request.NewErrParamRequired("Bucket"))
-	}
-	if s.Bucket != nil && len(*s.Bucket) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
-	}
-	if s.Id == nil {
-		invalidParams.Add(request.NewErrParamRequired("Id"))
-	}
-	if s.InventoryConfiguration == nil {
-		invalidParams.Add(request.NewErrParamRequired("InventoryConfiguration"))
-	}
-	if s.InventoryConfiguration != nil {
-		if err := s.InventoryConfiguration.Validate(); err != nil {
-			invalidParams.AddNested("InventoryConfiguration", err.(request.ErrInvalidParams))
-		}
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetBucket sets the Bucket field's value.
-func (s *PutBucketInventoryConfigurationInput) SetBucket(v string) *PutBucketInventoryConfigurationInput {
-	s.Bucket = &v
-	return s
-}
-
-func (s *PutBucketInventoryConfigurationInput) getBucket() (v string) {
-	if s.Bucket == nil {
-		return v
-	}
-	return *s.Bucket
-}
-
-// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
-func (s *PutBucketInventoryConfigurationInput) SetExpectedBucketOwner(v string) *PutBucketInventoryConfigurationInput {
-	s.ExpectedBucketOwner = &v
-	return s
-}
-
-// SetId sets the Id field's value.
-func (s *PutBucketInventoryConfigurationInput) SetId(v string) *PutBucketInventoryConfigurationInput {
-	s.Id = &v
-	return s
-}
-
-// SetInventoryConfiguration sets the InventoryConfiguration field's value.
-func (s *PutBucketInventoryConfigurationInput) SetInventoryConfiguration(v *InventoryConfiguration) *PutBucketInventoryConfigurationInput {
-	s.InventoryConfiguration = v
-	return s
-}
-
-func (s *PutBucketInventoryConfigurationInput) getEndpointARN() (arn.Resource, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	return parseEndpointARN(*s.Bucket)
-}
-
-func (s *PutBucketInventoryConfigurationInput) hasEndpointARN() bool {
-	if s.Bucket == nil {
-		return false
-	}
-	return arn.IsARN(*s.Bucket)
-}
-
-// updateArnableField updates the value of the input field that
-// takes an ARN as an input. This method is useful to backfill
-// the parsed resource name from ARN into the input member.
-// It returns a pointer to a modified copy of input and an error.
-// Note that original input is not modified.
-func (s PutBucketInventoryConfigurationInput) updateArnableField(v string) (interface{}, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	s.Bucket = aws.String(v)
-	return &s, nil
-}
-
-type PutBucketInventoryConfigurationOutput struct {
-	_ struct{} `type:"structure"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s PutBucketInventoryConfigurationOutput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s PutBucketInventoryConfigurationOutput) GoString() string {
-	return s.String()
-}
-
-type PutBucketLifecycleConfigurationInput struct {
-	_ struct{} `locationName:"PutBucketLifecycleConfigurationRequest" type:"structure" payload:"LifecycleConfiguration"`
-
-	// The name of the bucket for which to set the configuration.
-	//
-	// Bucket is a required field
-	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
-
-	// Indicates the algorithm used to create the checksum for the object when using
-	// the SDK. This header will not provide any additional functionality if not
-	// using the SDK. When sending this header, there must be a corresponding x-amz-checksum
-	// or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with
-	// the HTTP status code 400 Bad Request. For more information, see Checking
-	// object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
-	// in the Amazon S3 User Guide.
-	//
-	// If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm
-	// parameter.
-	//
-	// The AWS SDK for Go v1 does not support automatic computing request payload
-	// checksum. This feature is available in the AWS SDK for Go v2. If a value
-	// is specified for this parameter, the matching algorithm's checksum member
-	// must be populated with the algorithm's checksum of the request payload.
-	//
-	// The SDK will automatically compute the Content-MD5 checksum for this operation.
-	// The AWS SDK for Go v2 allows you to configure alternative checksum algorithm
-	// to be used.
-	ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"`
-
-	// The account ID of the expected bucket owner. If the bucket is owned by a
-	// different account, the request fails with the HTTP status code 403 Forbidden
-	// (access denied).
-	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
-
-	// Container for lifecycle rules. You can add as many as 1,000 rules.
-	LifecycleConfiguration *BucketLifecycleConfiguration `locationName:"LifecycleConfiguration" type:"structure" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s PutBucketLifecycleConfigurationInput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s PutBucketLifecycleConfigurationInput) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *PutBucketLifecycleConfigurationInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "PutBucketLifecycleConfigurationInput"}
-	if s.Bucket == nil {
-		invalidParams.Add(request.NewErrParamRequired("Bucket"))
-	}
-	if s.Bucket != nil && len(*s.Bucket) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
-	}
-	if s.LifecycleConfiguration != nil {
-		if err := s.LifecycleConfiguration.Validate(); err != nil {
-			invalidParams.AddNested("LifecycleConfiguration", err.(request.ErrInvalidParams))
-		}
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetBucket sets the Bucket field's value.
-func (s *PutBucketLifecycleConfigurationInput) SetBucket(v string) *PutBucketLifecycleConfigurationInput {
-	s.Bucket = &v
-	return s
-}
-
-func (s *PutBucketLifecycleConfigurationInput) getBucket() (v string) {
-	if s.Bucket == nil {
-		return v
-	}
-	return *s.Bucket
-}
-
-// SetChecksumAlgorithm sets the ChecksumAlgorithm field's value.
-func (s *PutBucketLifecycleConfigurationInput) SetChecksumAlgorithm(v string) *PutBucketLifecycleConfigurationInput {
-	s.ChecksumAlgorithm = &v
-	return s
-}
-
-// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
-func (s *PutBucketLifecycleConfigurationInput) SetExpectedBucketOwner(v string) *PutBucketLifecycleConfigurationInput {
-	s.ExpectedBucketOwner = &v
-	return s
-}
-
-// SetLifecycleConfiguration sets the LifecycleConfiguration field's value.
-func (s *PutBucketLifecycleConfigurationInput) SetLifecycleConfiguration(v *BucketLifecycleConfiguration) *PutBucketLifecycleConfigurationInput {
-	s.LifecycleConfiguration = v
-	return s
-}
-
-func (s *PutBucketLifecycleConfigurationInput) getEndpointARN() (arn.Resource, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	return parseEndpointARN(*s.Bucket)
-}
-
-func (s *PutBucketLifecycleConfigurationInput) hasEndpointARN() bool {
-	if s.Bucket == nil {
-		return false
-	}
-	return arn.IsARN(*s.Bucket)
-}
-
-// updateArnableField updates the value of the input field that
-// takes an ARN as an input. This method is useful to backfill
-// the parsed resource name from ARN into the input member.
-// It returns a pointer to a modified copy of input and an error.
-// Note that original input is not modified.
-func (s PutBucketLifecycleConfigurationInput) updateArnableField(v string) (interface{}, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	s.Bucket = aws.String(v)
-	return &s, nil
-}
-
-type PutBucketLifecycleConfigurationOutput struct {
-	_ struct{} `type:"structure"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s PutBucketLifecycleConfigurationOutput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s PutBucketLifecycleConfigurationOutput) GoString() string {
-	return s.String()
-}
-
-type PutBucketLifecycleInput struct {
-	_ struct{} `locationName:"PutBucketLifecycleRequest" type:"structure" payload:"LifecycleConfiguration"`
-
-	// Bucket is a required field
-	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
-
-	// Indicates the algorithm used to create the checksum for the object when using
-	// the SDK. This header will not provide any additional functionality if not
-	// using the SDK. When sending this header, there must be a corresponding x-amz-checksum
-	// or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with
-	// the HTTP status code 400 Bad Request. For more information, see Checking
-	// object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
-	// in the Amazon S3 User Guide.
-	//
-	// If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm
-	// parameter.
-	//
-	// The AWS SDK for Go v1 does not support automatic computing request payload
-	// checksum. This feature is available in the AWS SDK for Go v2. If a value
-	// is specified for this parameter, the matching algorithm's checksum member
-	// must be populated with the algorithm's checksum of the request payload.
-	//
-	// The SDK will automatically compute the Content-MD5 checksum for this operation.
-	// The AWS SDK for Go v2 allows you to configure alternative checksum algorithm
-	// to be used.
-	ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"`
-
-	// The account ID of the expected bucket owner. If the bucket is owned by a
-	// different account, the request fails with the HTTP status code 403 Forbidden
-	// (access denied).
-	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
-
-	// Container for lifecycle rules. You can add as many as 1000 rules.
-	//
-	// For more information see, Managing your storage lifecycle (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lifecycle-mgmt.html)
-	// in the Amazon S3 User Guide.
-	LifecycleConfiguration *LifecycleConfiguration `locationName:"LifecycleConfiguration" type:"structure" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s PutBucketLifecycleInput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s PutBucketLifecycleInput) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *PutBucketLifecycleInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "PutBucketLifecycleInput"}
-	if s.Bucket == nil {
-		invalidParams.Add(request.NewErrParamRequired("Bucket"))
-	}
-	if s.Bucket != nil && len(*s.Bucket) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
-	}
-	if s.LifecycleConfiguration != nil {
-		if err := s.LifecycleConfiguration.Validate(); err != nil {
-			invalidParams.AddNested("LifecycleConfiguration", err.(request.ErrInvalidParams))
-		}
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetBucket sets the Bucket field's value.
-func (s *PutBucketLifecycleInput) SetBucket(v string) *PutBucketLifecycleInput {
-	s.Bucket = &v
-	return s
-}
-
-func (s *PutBucketLifecycleInput) getBucket() (v string) {
-	if s.Bucket == nil {
-		return v
-	}
-	return *s.Bucket
-}
-
-// SetChecksumAlgorithm sets the ChecksumAlgorithm field's value.
-func (s *PutBucketLifecycleInput) SetChecksumAlgorithm(v string) *PutBucketLifecycleInput {
-	s.ChecksumAlgorithm = &v
-	return s
-}
-
-// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
-func (s *PutBucketLifecycleInput) SetExpectedBucketOwner(v string) *PutBucketLifecycleInput {
-	s.ExpectedBucketOwner = &v
-	return s
-}
-
-// SetLifecycleConfiguration sets the LifecycleConfiguration field's value.
-func (s *PutBucketLifecycleInput) SetLifecycleConfiguration(v *LifecycleConfiguration) *PutBucketLifecycleInput {
-	s.LifecycleConfiguration = v
-	return s
-}
-
-func (s *PutBucketLifecycleInput) getEndpointARN() (arn.Resource, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	return parseEndpointARN(*s.Bucket)
-}
-
-func (s *PutBucketLifecycleInput) hasEndpointARN() bool {
-	if s.Bucket == nil {
-		return false
-	}
-	return arn.IsARN(*s.Bucket)
-}
-
-// updateArnableField updates the value of the input field that
-// takes an ARN as an input. This method is useful to backfill
-// the parsed resource name from ARN into the input member.
-// It returns a pointer to a modified copy of input and an error.
-// Note that original input is not modified.
-func (s PutBucketLifecycleInput) updateArnableField(v string) (interface{}, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	s.Bucket = aws.String(v)
-	return &s, nil
-}
-
-type PutBucketLifecycleOutput struct {
-	_ struct{} `type:"structure"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s PutBucketLifecycleOutput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s PutBucketLifecycleOutput) GoString() string {
-	return s.String()
-}
-
-type PutBucketLoggingInput struct {
-	_ struct{} `locationName:"PutBucketLoggingRequest" type:"structure" payload:"BucketLoggingStatus"`
-
-	// The name of the bucket for which to set the logging parameters.
-	//
-	// Bucket is a required field
-	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
-
-	// Container for logging status information.
-	//
-	// BucketLoggingStatus is a required field
-	BucketLoggingStatus *BucketLoggingStatus `locationName:"BucketLoggingStatus" type:"structure" required:"true" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"`
-
-	// Indicates the algorithm used to create the checksum for the object when using
-	// the SDK. This header will not provide any additional functionality if not
-	// using the SDK. When sending this header, there must be a corresponding x-amz-checksum
-	// or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with
-	// the HTTP status code 400 Bad Request. For more information, see Checking
-	// object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
-	// in the Amazon S3 User Guide.
-	//
-	// If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm
-	// parameter.
-	//
-	// The AWS SDK for Go v1 does not support automatic computing request payload
-	// checksum. This feature is available in the AWS SDK for Go v2. If a value
-	// is specified for this parameter, the matching algorithm's checksum member
-	// must be populated with the algorithm's checksum of the request payload.
-	//
-	// The SDK will automatically compute the Content-MD5 checksum for this operation.
-	// The AWS SDK for Go v2 allows you to configure alternative checksum algorithm
-	// to be used.
-	ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"`
-
-	// The account ID of the expected bucket owner. If the bucket is owned by a
-	// different account, the request fails with the HTTP status code 403 Forbidden
-	// (access denied).
-	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s PutBucketLoggingInput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s PutBucketLoggingInput) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *PutBucketLoggingInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "PutBucketLoggingInput"}
-	if s.Bucket == nil {
-		invalidParams.Add(request.NewErrParamRequired("Bucket"))
-	}
-	if s.Bucket != nil && len(*s.Bucket) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
-	}
-	if s.BucketLoggingStatus == nil {
-		invalidParams.Add(request.NewErrParamRequired("BucketLoggingStatus"))
-	}
-	if s.BucketLoggingStatus != nil {
-		if err := s.BucketLoggingStatus.Validate(); err != nil {
-			invalidParams.AddNested("BucketLoggingStatus", err.(request.ErrInvalidParams))
-		}
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetBucket sets the Bucket field's value.
-func (s *PutBucketLoggingInput) SetBucket(v string) *PutBucketLoggingInput {
-	s.Bucket = &v
-	return s
-}
-
-func (s *PutBucketLoggingInput) getBucket() (v string) {
-	if s.Bucket == nil {
-		return v
-	}
-	return *s.Bucket
-}
-
-// SetBucketLoggingStatus sets the BucketLoggingStatus field's value.
-func (s *PutBucketLoggingInput) SetBucketLoggingStatus(v *BucketLoggingStatus) *PutBucketLoggingInput {
-	s.BucketLoggingStatus = v
-	return s
-}
-
-// SetChecksumAlgorithm sets the ChecksumAlgorithm field's value.
-func (s *PutBucketLoggingInput) SetChecksumAlgorithm(v string) *PutBucketLoggingInput {
-	s.ChecksumAlgorithm = &v
-	return s
-}
-
-// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
-func (s *PutBucketLoggingInput) SetExpectedBucketOwner(v string) *PutBucketLoggingInput {
-	s.ExpectedBucketOwner = &v
-	return s
-}
-
-func (s *PutBucketLoggingInput) getEndpointARN() (arn.Resource, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	return parseEndpointARN(*s.Bucket)
-}
-
-func (s *PutBucketLoggingInput) hasEndpointARN() bool {
-	if s.Bucket == nil {
-		return false
-	}
-	return arn.IsARN(*s.Bucket)
-}
-
-// updateArnableField updates the value of the input field that
-// takes an ARN as an input. This method is useful to backfill
-// the parsed resource name from ARN into the input member.
-// It returns a pointer to a modified copy of input and an error.
-// Note that original input is not modified.
-func (s PutBucketLoggingInput) updateArnableField(v string) (interface{}, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	s.Bucket = aws.String(v)
-	return &s, nil
-}
-
-type PutBucketLoggingOutput struct {
-	_ struct{} `type:"structure"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s PutBucketLoggingOutput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s PutBucketLoggingOutput) GoString() string {
-	return s.String()
-}
-
-type PutBucketMetricsConfigurationInput struct {
-	_ struct{} `locationName:"PutBucketMetricsConfigurationRequest" type:"structure" payload:"MetricsConfiguration"`
-
-	// The name of the bucket for which the metrics configuration is set.
-	//
-	// Bucket is a required field
-	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
-
-	// The account ID of the expected bucket owner. If the bucket is owned by a
-	// different account, the request fails with the HTTP status code 403 Forbidden
-	// (access denied).
-	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
-
-	// The ID used to identify the metrics configuration. The ID has a 64 character
-	// limit and can only contain letters, numbers, periods, dashes, and underscores.
-	//
-	// Id is a required field
-	Id *string `location:"querystring" locationName:"id" type:"string" required:"true"`
-
-	// Specifies the metrics configuration.
-	//
-	// MetricsConfiguration is a required field
-	MetricsConfiguration *MetricsConfiguration `locationName:"MetricsConfiguration" type:"structure" required:"true" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s PutBucketMetricsConfigurationInput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s PutBucketMetricsConfigurationInput) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *PutBucketMetricsConfigurationInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "PutBucketMetricsConfigurationInput"}
-	if s.Bucket == nil {
-		invalidParams.Add(request.NewErrParamRequired("Bucket"))
-	}
-	if s.Bucket != nil && len(*s.Bucket) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
-	}
-	if s.Id == nil {
-		invalidParams.Add(request.NewErrParamRequired("Id"))
-	}
-	if s.MetricsConfiguration == nil {
-		invalidParams.Add(request.NewErrParamRequired("MetricsConfiguration"))
-	}
-	if s.MetricsConfiguration != nil {
-		if err := s.MetricsConfiguration.Validate(); err != nil {
-			invalidParams.AddNested("MetricsConfiguration", err.(request.ErrInvalidParams))
-		}
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetBucket sets the Bucket field's value.
-func (s *PutBucketMetricsConfigurationInput) SetBucket(v string) *PutBucketMetricsConfigurationInput {
-	s.Bucket = &v
-	return s
-}
-
-func (s *PutBucketMetricsConfigurationInput) getBucket() (v string) {
-	if s.Bucket == nil {
-		return v
-	}
-	return *s.Bucket
-}
-
-// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
-func (s *PutBucketMetricsConfigurationInput) SetExpectedBucketOwner(v string) *PutBucketMetricsConfigurationInput {
-	s.ExpectedBucketOwner = &v
-	return s
-}
-
-// SetId sets the Id field's value.
-func (s *PutBucketMetricsConfigurationInput) SetId(v string) *PutBucketMetricsConfigurationInput {
-	s.Id = &v
-	return s
-}
-
-// SetMetricsConfiguration sets the MetricsConfiguration field's value.
-func (s *PutBucketMetricsConfigurationInput) SetMetricsConfiguration(v *MetricsConfiguration) *PutBucketMetricsConfigurationInput {
-	s.MetricsConfiguration = v
-	return s
-}
-
-func (s *PutBucketMetricsConfigurationInput) getEndpointARN() (arn.Resource, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	return parseEndpointARN(*s.Bucket)
-}
-
-func (s *PutBucketMetricsConfigurationInput) hasEndpointARN() bool {
-	if s.Bucket == nil {
-		return false
-	}
-	return arn.IsARN(*s.Bucket)
-}
-
-// updateArnableField updates the value of the input field that
-// takes an ARN as an input. This method is useful to backfill
-// the parsed resource name from ARN into the input member.
-// It returns a pointer to a modified copy of input and an error.
-// Note that original input is not modified.
-func (s PutBucketMetricsConfigurationInput) updateArnableField(v string) (interface{}, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	s.Bucket = aws.String(v)
-	return &s, nil
-}
-
-type PutBucketMetricsConfigurationOutput struct {
-	_ struct{} `type:"structure"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s PutBucketMetricsConfigurationOutput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s PutBucketMetricsConfigurationOutput) GoString() string {
-	return s.String()
-}
-
-type PutBucketNotificationConfigurationInput struct {
-	_ struct{} `locationName:"PutBucketNotificationConfigurationRequest" type:"structure" payload:"NotificationConfiguration"`
-
-	// The name of the bucket.
-	//
-	// Bucket is a required field
-	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
-
-	// The account ID of the expected bucket owner. If the bucket is owned by a
-	// different account, the request fails with the HTTP status code 403 Forbidden
-	// (access denied).
-	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
-
-	// A container for specifying the notification configuration of the bucket.
-	// If this element is empty, notifications are turned off for the bucket.
-	//
-	// NotificationConfiguration is a required field
-	NotificationConfiguration *NotificationConfiguration `locationName:"NotificationConfiguration" type:"structure" required:"true" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"`
-
-	// Skips validation of Amazon SQS, Amazon SNS, and Lambda destinations. True
-	// or false value.
-	SkipDestinationValidation *bool `location:"header" locationName:"x-amz-skip-destination-validation" type:"boolean"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s PutBucketNotificationConfigurationInput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s PutBucketNotificationConfigurationInput) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *PutBucketNotificationConfigurationInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "PutBucketNotificationConfigurationInput"}
-	if s.Bucket == nil {
-		invalidParams.Add(request.NewErrParamRequired("Bucket"))
-	}
-	if s.Bucket != nil && len(*s.Bucket) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
-	}
-	if s.NotificationConfiguration == nil {
-		invalidParams.Add(request.NewErrParamRequired("NotificationConfiguration"))
-	}
-	if s.NotificationConfiguration != nil {
-		if err := s.NotificationConfiguration.Validate(); err != nil {
-			invalidParams.AddNested("NotificationConfiguration", err.(request.ErrInvalidParams))
-		}
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetBucket sets the Bucket field's value.
-func (s *PutBucketNotificationConfigurationInput) SetBucket(v string) *PutBucketNotificationConfigurationInput {
-	s.Bucket = &v
-	return s
-}
-
-func (s *PutBucketNotificationConfigurationInput) getBucket() (v string) {
-	if s.Bucket == nil {
-		return v
-	}
-	return *s.Bucket
-}
-
-// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
-func (s *PutBucketNotificationConfigurationInput) SetExpectedBucketOwner(v string) *PutBucketNotificationConfigurationInput {
-	s.ExpectedBucketOwner = &v
-	return s
-}
-
-// SetNotificationConfiguration sets the NotificationConfiguration field's value.
-func (s *PutBucketNotificationConfigurationInput) SetNotificationConfiguration(v *NotificationConfiguration) *PutBucketNotificationConfigurationInput {
-	s.NotificationConfiguration = v
-	return s
-}
-
-// SetSkipDestinationValidation sets the SkipDestinationValidation field's value.
-func (s *PutBucketNotificationConfigurationInput) SetSkipDestinationValidation(v bool) *PutBucketNotificationConfigurationInput {
-	s.SkipDestinationValidation = &v
-	return s
-}
-
-func (s *PutBucketNotificationConfigurationInput) getEndpointARN() (arn.Resource, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	return parseEndpointARN(*s.Bucket)
-}
-
-func (s *PutBucketNotificationConfigurationInput) hasEndpointARN() bool {
-	if s.Bucket == nil {
-		return false
-	}
-	return arn.IsARN(*s.Bucket)
-}
-
-// updateArnableField updates the value of the input field that
-// takes an ARN as an input. This method is useful to backfill
-// the parsed resource name from ARN into the input member.
-// It returns a pointer to a modified copy of input and an error.
-// Note that original input is not modified.
-func (s PutBucketNotificationConfigurationInput) updateArnableField(v string) (interface{}, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	s.Bucket = aws.String(v)
-	return &s, nil
-}
-
-type PutBucketNotificationConfigurationOutput struct {
-	_ struct{} `type:"structure"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s PutBucketNotificationConfigurationOutput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s PutBucketNotificationConfigurationOutput) GoString() string {
-	return s.String()
-}
-
-type PutBucketNotificationInput struct {
-	_ struct{} `locationName:"PutBucketNotificationRequest" type:"structure" payload:"NotificationConfiguration"`
-
-	// The name of the bucket.
-	//
-	// Bucket is a required field
-	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
-
-	// Indicates the algorithm used to create the checksum for the object when using
-	// the SDK. This header will not provide any additional functionality if not
-	// using the SDK. When sending this header, there must be a corresponding x-amz-checksum
-	// or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with
-	// the HTTP status code 400 Bad Request. For more information, see Checking
-	// object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
-	// in the Amazon S3 User Guide.
-	//
-	// If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm
-	// parameter.
-	//
-	// The AWS SDK for Go v1 does not support automatic computing request payload
-	// checksum. This feature is available in the AWS SDK for Go v2. If a value
-	// is specified for this parameter, the matching algorithm's checksum member
-	// must be populated with the algorithm's checksum of the request payload.
-	//
-	// The SDK will automatically compute the Content-MD5 checksum for this operation.
-	// The AWS SDK for Go v2 allows you to configure alternative checksum algorithm
-	// to be used.
-	ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"`
-
-	// The account ID of the expected bucket owner. If the bucket is owned by a
-	// different account, the request fails with the HTTP status code 403 Forbidden
-	// (access denied).
-	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
-
-	// The container for the configuration.
-	//
-	// NotificationConfiguration is a required field
-	NotificationConfiguration *NotificationConfigurationDeprecated `locationName:"NotificationConfiguration" type:"structure" required:"true" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s PutBucketNotificationInput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s PutBucketNotificationInput) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *PutBucketNotificationInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "PutBucketNotificationInput"}
-	if s.Bucket == nil {
-		invalidParams.Add(request.NewErrParamRequired("Bucket"))
-	}
-	if s.Bucket != nil && len(*s.Bucket) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
-	}
-	if s.NotificationConfiguration == nil {
-		invalidParams.Add(request.NewErrParamRequired("NotificationConfiguration"))
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetBucket sets the Bucket field's value.
-func (s *PutBucketNotificationInput) SetBucket(v string) *PutBucketNotificationInput {
-	s.Bucket = &v
-	return s
-}
-
-func (s *PutBucketNotificationInput) getBucket() (v string) {
-	if s.Bucket == nil {
-		return v
-	}
-	return *s.Bucket
-}
-
-// SetChecksumAlgorithm sets the ChecksumAlgorithm field's value.
-func (s *PutBucketNotificationInput) SetChecksumAlgorithm(v string) *PutBucketNotificationInput {
-	s.ChecksumAlgorithm = &v
-	return s
-}
-
-// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
-func (s *PutBucketNotificationInput) SetExpectedBucketOwner(v string) *PutBucketNotificationInput {
-	s.ExpectedBucketOwner = &v
-	return s
-}
-
-// SetNotificationConfiguration sets the NotificationConfiguration field's value.
-func (s *PutBucketNotificationInput) SetNotificationConfiguration(v *NotificationConfigurationDeprecated) *PutBucketNotificationInput {
-	s.NotificationConfiguration = v
-	return s
-}
-
-func (s *PutBucketNotificationInput) getEndpointARN() (arn.Resource, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	return parseEndpointARN(*s.Bucket)
-}
-
-func (s *PutBucketNotificationInput) hasEndpointARN() bool {
-	if s.Bucket == nil {
-		return false
-	}
-	return arn.IsARN(*s.Bucket)
-}
-
-// updateArnableField updates the value of the input field that
-// takes an ARN as an input. This method is useful to backfill
-// the parsed resource name from ARN into the input member.
-// It returns a pointer to a modified copy of input and an error.
-// Note that original input is not modified.
-func (s PutBucketNotificationInput) updateArnableField(v string) (interface{}, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	s.Bucket = aws.String(v)
-	return &s, nil
-}
-
-type PutBucketNotificationOutput struct {
-	_ struct{} `type:"structure"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s PutBucketNotificationOutput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s PutBucketNotificationOutput) GoString() string {
-	return s.String()
-}
-
-type PutBucketOwnershipControlsInput struct {
-	_ struct{} `locationName:"PutBucketOwnershipControlsRequest" type:"structure" payload:"OwnershipControls"`
-
-	// The name of the Amazon S3 bucket whose OwnershipControls you want to set.
-	//
-	// Bucket is a required field
-	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
-
-	// The account ID of the expected bucket owner. If the bucket is owned by a
-	// different account, the request fails with the HTTP status code 403 Forbidden
-	// (access denied).
-	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
-
-	// The OwnershipControls (BucketOwnerEnforced, BucketOwnerPreferred, or ObjectWriter)
-	// that you want to apply to this Amazon S3 bucket.
-	//
-	// OwnershipControls is a required field
-	OwnershipControls *OwnershipControls `locationName:"OwnershipControls" type:"structure" required:"true" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s PutBucketOwnershipControlsInput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s PutBucketOwnershipControlsInput) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *PutBucketOwnershipControlsInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "PutBucketOwnershipControlsInput"}
-	if s.Bucket == nil {
-		invalidParams.Add(request.NewErrParamRequired("Bucket"))
-	}
-	if s.Bucket != nil && len(*s.Bucket) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
-	}
-	if s.OwnershipControls == nil {
-		invalidParams.Add(request.NewErrParamRequired("OwnershipControls"))
-	}
-	if s.OwnershipControls != nil {
-		if err := s.OwnershipControls.Validate(); err != nil {
-			invalidParams.AddNested("OwnershipControls", err.(request.ErrInvalidParams))
-		}
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetBucket sets the Bucket field's value.
-func (s *PutBucketOwnershipControlsInput) SetBucket(v string) *PutBucketOwnershipControlsInput {
-	s.Bucket = &v
-	return s
-}
-
-func (s *PutBucketOwnershipControlsInput) getBucket() (v string) {
-	if s.Bucket == nil {
-		return v
-	}
-	return *s.Bucket
-}
-
-// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
-func (s *PutBucketOwnershipControlsInput) SetExpectedBucketOwner(v string) *PutBucketOwnershipControlsInput {
-	s.ExpectedBucketOwner = &v
-	return s
-}
-
-// SetOwnershipControls sets the OwnershipControls field's value.
-func (s *PutBucketOwnershipControlsInput) SetOwnershipControls(v *OwnershipControls) *PutBucketOwnershipControlsInput {
-	s.OwnershipControls = v
-	return s
-}
-
-func (s *PutBucketOwnershipControlsInput) getEndpointARN() (arn.Resource, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	return parseEndpointARN(*s.Bucket)
-}
-
-func (s *PutBucketOwnershipControlsInput) hasEndpointARN() bool {
-	if s.Bucket == nil {
-		return false
-	}
-	return arn.IsARN(*s.Bucket)
-}
-
-// updateArnableField updates the value of the input field that
-// takes an ARN as an input. This method is useful to backfill
-// the parsed resource name from ARN into the input member.
-// It returns a pointer to a modified copy of input and an error.
-// Note that original input is not modified.
-func (s PutBucketOwnershipControlsInput) updateArnableField(v string) (interface{}, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	s.Bucket = aws.String(v)
-	return &s, nil
-}
-
-type PutBucketOwnershipControlsOutput struct {
-	_ struct{} `type:"structure"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s PutBucketOwnershipControlsOutput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s PutBucketOwnershipControlsOutput) GoString() string {
-	return s.String()
-}
-
-type PutBucketPolicyInput struct {
-	_ struct{} `locationName:"PutBucketPolicyRequest" type:"structure" payload:"Policy"`
-
-	// The name of the bucket.
-	//
-	// Bucket is a required field
-	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
-
-	// Indicates the algorithm used to create the checksum for the object when using
-	// the SDK. This header will not provide any additional functionality if not
-	// using the SDK. When sending this header, there must be a corresponding x-amz-checksum
-	// or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with
-	// the HTTP status code 400 Bad Request. For more information, see Checking
-	// object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
-	// in the Amazon S3 User Guide.
-	//
-	// If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm
-	// parameter.
-	//
-	// The AWS SDK for Go v1 does not support automatic computing request payload
-	// checksum. This feature is available in the AWS SDK for Go v2. If a value
-	// is specified for this parameter, the matching algorithm's checksum member
-	// must be populated with the algorithm's checksum of the request payload.
-	//
-	// The SDK will automatically compute the Content-MD5 checksum for this operation.
-	// The AWS SDK for Go v2 allows you to configure alternative checksum algorithm
-	// to be used.
-	ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"`
-
-	// Set this parameter to true to confirm that you want to remove your permissions
-	// to change this bucket policy in the future.
-	ConfirmRemoveSelfBucketAccess *bool `location:"header" locationName:"x-amz-confirm-remove-self-bucket-access" type:"boolean"`
-
-	// The account ID of the expected bucket owner. If the bucket is owned by a
-	// different account, the request fails with the HTTP status code 403 Forbidden
-	// (access denied).
-	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
-
-	// The bucket policy as a JSON document.
-	//
-	// Policy is a required field
-	Policy *string `type:"string" required:"true"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s PutBucketPolicyInput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s PutBucketPolicyInput) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *PutBucketPolicyInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "PutBucketPolicyInput"}
-	if s.Bucket == nil {
-		invalidParams.Add(request.NewErrParamRequired("Bucket"))
-	}
-	if s.Bucket != nil && len(*s.Bucket) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
-	}
-	if s.Policy == nil {
-		invalidParams.Add(request.NewErrParamRequired("Policy"))
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetBucket sets the Bucket field's value.
-func (s *PutBucketPolicyInput) SetBucket(v string) *PutBucketPolicyInput {
-	s.Bucket = &v
-	return s
-}
-
-func (s *PutBucketPolicyInput) getBucket() (v string) {
-	if s.Bucket == nil {
-		return v
-	}
-	return *s.Bucket
-}
-
-// SetChecksumAlgorithm sets the ChecksumAlgorithm field's value.
-func (s *PutBucketPolicyInput) SetChecksumAlgorithm(v string) *PutBucketPolicyInput {
-	s.ChecksumAlgorithm = &v
-	return s
-}
-
-// SetConfirmRemoveSelfBucketAccess sets the ConfirmRemoveSelfBucketAccess field's value.
-func (s *PutBucketPolicyInput) SetConfirmRemoveSelfBucketAccess(v bool) *PutBucketPolicyInput {
-	s.ConfirmRemoveSelfBucketAccess = &v
-	return s
-}
-
-// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
-func (s *PutBucketPolicyInput) SetExpectedBucketOwner(v string) *PutBucketPolicyInput {
-	s.ExpectedBucketOwner = &v
-	return s
-}
-
-// SetPolicy sets the Policy field's value.
-func (s *PutBucketPolicyInput) SetPolicy(v string) *PutBucketPolicyInput {
-	s.Policy = &v
-	return s
-}
-
-func (s *PutBucketPolicyInput) getEndpointARN() (arn.Resource, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	return parseEndpointARN(*s.Bucket)
-}
-
-func (s *PutBucketPolicyInput) hasEndpointARN() bool {
-	if s.Bucket == nil {
-		return false
-	}
-	return arn.IsARN(*s.Bucket)
-}
-
-// updateArnableField updates the value of the input field that
-// takes an ARN as an input. This method is useful to backfill
-// the parsed resource name from ARN into the input member.
-// It returns a pointer to a modified copy of input and an error.
-// Note that original input is not modified.
-func (s PutBucketPolicyInput) updateArnableField(v string) (interface{}, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	s.Bucket = aws.String(v)
-	return &s, nil
-}
-
-type PutBucketPolicyOutput struct {
-	_ struct{} `type:"structure"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s PutBucketPolicyOutput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s PutBucketPolicyOutput) GoString() string {
-	return s.String()
-}
-
-type PutBucketReplicationInput struct {
-	_ struct{} `locationName:"PutBucketReplicationRequest" type:"structure" payload:"ReplicationConfiguration"`
-
-	// The name of the bucket
-	//
-	// Bucket is a required field
-	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
-
-	// Indicates the algorithm used to create the checksum for the object when using
-	// the SDK. This header will not provide any additional functionality if not
-	// using the SDK. When sending this header, there must be a corresponding x-amz-checksum
-	// or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with
-	// the HTTP status code 400 Bad Request. For more information, see Checking
-	// object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
-	// in the Amazon S3 User Guide.
-	//
-	// If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm
-	// parameter.
-	//
-	// The AWS SDK for Go v1 does not support automatic computing request payload
-	// checksum. This feature is available in the AWS SDK for Go v2. If a value
-	// is specified for this parameter, the matching algorithm's checksum member
-	// must be populated with the algorithm's checksum of the request payload.
-	//
-	// The SDK will automatically compute the Content-MD5 checksum for this operation.
-	// The AWS SDK for Go v2 allows you to configure alternative checksum algorithm
-	// to be used.
-	ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"`
-
-	// The account ID of the expected bucket owner. If the bucket is owned by a
-	// different account, the request fails with the HTTP status code 403 Forbidden
-	// (access denied).
-	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
-
-	// A container for replication rules. You can add up to 1,000 rules. The maximum
-	// size of a replication configuration is 2 MB.
-	//
-	// ReplicationConfiguration is a required field
-	ReplicationConfiguration *ReplicationConfiguration `locationName:"ReplicationConfiguration" type:"structure" required:"true" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"`
-
-	// A token to allow Object Lock to be enabled for an existing bucket.
-	Token *string `location:"header" locationName:"x-amz-bucket-object-lock-token" type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s PutBucketReplicationInput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s PutBucketReplicationInput) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *PutBucketReplicationInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "PutBucketReplicationInput"}
-	if s.Bucket == nil {
-		invalidParams.Add(request.NewErrParamRequired("Bucket"))
-	}
-	if s.Bucket != nil && len(*s.Bucket) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
-	}
-	if s.ReplicationConfiguration == nil {
-		invalidParams.Add(request.NewErrParamRequired("ReplicationConfiguration"))
-	}
-	if s.ReplicationConfiguration != nil {
-		if err := s.ReplicationConfiguration.Validate(); err != nil {
-			invalidParams.AddNested("ReplicationConfiguration", err.(request.ErrInvalidParams))
-		}
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetBucket sets the Bucket field's value.
-func (s *PutBucketReplicationInput) SetBucket(v string) *PutBucketReplicationInput {
-	s.Bucket = &v
-	return s
-}
-
-func (s *PutBucketReplicationInput) getBucket() (v string) {
-	if s.Bucket == nil {
-		return v
-	}
-	return *s.Bucket
-}
-
-// SetChecksumAlgorithm sets the ChecksumAlgorithm field's value.
-func (s *PutBucketReplicationInput) SetChecksumAlgorithm(v string) *PutBucketReplicationInput {
-	s.ChecksumAlgorithm = &v
-	return s
-}
-
-// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
-func (s *PutBucketReplicationInput) SetExpectedBucketOwner(v string) *PutBucketReplicationInput {
-	s.ExpectedBucketOwner = &v
-	return s
-}
-
-// SetReplicationConfiguration sets the ReplicationConfiguration field's value.
-func (s *PutBucketReplicationInput) SetReplicationConfiguration(v *ReplicationConfiguration) *PutBucketReplicationInput {
-	s.ReplicationConfiguration = v
-	return s
-}
-
-// SetToken sets the Token field's value.
-func (s *PutBucketReplicationInput) SetToken(v string) *PutBucketReplicationInput {
-	s.Token = &v
-	return s
-}
-
-func (s *PutBucketReplicationInput) getEndpointARN() (arn.Resource, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	return parseEndpointARN(*s.Bucket)
-}
-
-func (s *PutBucketReplicationInput) hasEndpointARN() bool {
-	if s.Bucket == nil {
-		return false
-	}
-	return arn.IsARN(*s.Bucket)
-}
-
-// updateArnableField updates the value of the input field that
-// takes an ARN as an input. This method is useful to backfill
-// the parsed resource name from ARN into the input member.
-// It returns a pointer to a modified copy of input and an error.
-// Note that original input is not modified.
-func (s PutBucketReplicationInput) updateArnableField(v string) (interface{}, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	s.Bucket = aws.String(v)
-	return &s, nil
-}
-
-type PutBucketReplicationOutput struct {
-	_ struct{} `type:"structure"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s PutBucketReplicationOutput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s PutBucketReplicationOutput) GoString() string {
-	return s.String()
-}
-
-type PutBucketRequestPaymentInput struct {
-	_ struct{} `locationName:"PutBucketRequestPaymentRequest" type:"structure" payload:"RequestPaymentConfiguration"`
-
-	// The bucket name.
-	//
-	// Bucket is a required field
-	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
-
-	// Indicates the algorithm used to create the checksum for the object when using
-	// the SDK. This header will not provide any additional functionality if not
-	// using the SDK. When sending this header, there must be a corresponding x-amz-checksum
-	// or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with
-	// the HTTP status code 400 Bad Request. For more information, see Checking
-	// object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
-	// in the Amazon S3 User Guide.
-	//
-	// If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm
-	// parameter.
-	//
-	// The AWS SDK for Go v1 does not support automatic computing request payload
-	// checksum. This feature is available in the AWS SDK for Go v2. If a value
-	// is specified for this parameter, the matching algorithm's checksum member
-	// must be populated with the algorithm's checksum of the request payload.
-	//
-	// The SDK will automatically compute the Content-MD5 checksum for this operation.
-	// The AWS SDK for Go v2 allows you to configure alternative checksum algorithm
-	// to be used.
-	ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"`
-
-	// The account ID of the expected bucket owner. If the bucket is owned by a
-	// different account, the request fails with the HTTP status code 403 Forbidden
-	// (access denied).
-	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
-
-	// Container for Payer.
-	//
-	// RequestPaymentConfiguration is a required field
-	RequestPaymentConfiguration *RequestPaymentConfiguration `locationName:"RequestPaymentConfiguration" type:"structure" required:"true" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s PutBucketRequestPaymentInput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s PutBucketRequestPaymentInput) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *PutBucketRequestPaymentInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "PutBucketRequestPaymentInput"}
-	if s.Bucket == nil {
-		invalidParams.Add(request.NewErrParamRequired("Bucket"))
-	}
-	if s.Bucket != nil && len(*s.Bucket) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
-	}
-	if s.RequestPaymentConfiguration == nil {
-		invalidParams.Add(request.NewErrParamRequired("RequestPaymentConfiguration"))
-	}
-	if s.RequestPaymentConfiguration != nil {
-		if err := s.RequestPaymentConfiguration.Validate(); err != nil {
-			invalidParams.AddNested("RequestPaymentConfiguration", err.(request.ErrInvalidParams))
-		}
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetBucket sets the Bucket field's value.
-func (s *PutBucketRequestPaymentInput) SetBucket(v string) *PutBucketRequestPaymentInput {
-	s.Bucket = &v
-	return s
-}
-
-func (s *PutBucketRequestPaymentInput) getBucket() (v string) {
-	if s.Bucket == nil {
-		return v
-	}
-	return *s.Bucket
-}
-
-// SetChecksumAlgorithm sets the ChecksumAlgorithm field's value.
-func (s *PutBucketRequestPaymentInput) SetChecksumAlgorithm(v string) *PutBucketRequestPaymentInput {
-	s.ChecksumAlgorithm = &v
-	return s
-}
-
-// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
-func (s *PutBucketRequestPaymentInput) SetExpectedBucketOwner(v string) *PutBucketRequestPaymentInput {
-	s.ExpectedBucketOwner = &v
-	return s
-}
-
-// SetRequestPaymentConfiguration sets the RequestPaymentConfiguration field's value.
-func (s *PutBucketRequestPaymentInput) SetRequestPaymentConfiguration(v *RequestPaymentConfiguration) *PutBucketRequestPaymentInput {
-	s.RequestPaymentConfiguration = v
-	return s
-}
-
-func (s *PutBucketRequestPaymentInput) getEndpointARN() (arn.Resource, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	return parseEndpointARN(*s.Bucket)
-}
-
-func (s *PutBucketRequestPaymentInput) hasEndpointARN() bool {
-	if s.Bucket == nil {
-		return false
-	}
-	return arn.IsARN(*s.Bucket)
-}
-
-// updateArnableField updates the value of the input field that
-// takes an ARN as an input. This method is useful to backfill
-// the parsed resource name from ARN into the input member.
-// It returns a pointer to a modified copy of input and an error.
-// Note that original input is not modified.
-func (s PutBucketRequestPaymentInput) updateArnableField(v string) (interface{}, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	s.Bucket = aws.String(v)
-	return &s, nil
-}
-
-type PutBucketRequestPaymentOutput struct {
-	_ struct{} `type:"structure"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s PutBucketRequestPaymentOutput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s PutBucketRequestPaymentOutput) GoString() string {
-	return s.String()
-}
-
-type PutBucketTaggingInput struct {
-	_ struct{} `locationName:"PutBucketTaggingRequest" type:"structure" payload:"Tagging"`
-
-	// The bucket name.
-	//
-	// Bucket is a required field
-	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
-
-	// Indicates the algorithm used to create the checksum for the object when using
-	// the SDK. This header will not provide any additional functionality if not
-	// using the SDK. When sending this header, there must be a corresponding x-amz-checksum
-	// or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with
-	// the HTTP status code 400 Bad Request. For more information, see Checking
-	// object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
-	// in the Amazon S3 User Guide.
-	//
-	// If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm
-	// parameter.
-	//
-	// The AWS SDK for Go v1 does not support automatic computing request payload
-	// checksum. This feature is available in the AWS SDK for Go v2. If a value
-	// is specified for this parameter, the matching algorithm's checksum member
-	// must be populated with the algorithm's checksum of the request payload.
-	//
-	// The SDK will automatically compute the Content-MD5 checksum for this operation.
-	// The AWS SDK for Go v2 allows you to configure alternative checksum algorithm
-	// to be used.
-	ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"`
-
-	// The account ID of the expected bucket owner. If the bucket is owned by a
-	// different account, the request fails with the HTTP status code 403 Forbidden
-	// (access denied).
-	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
-
-	// Container for the TagSet and Tag elements.
-	//
-	// Tagging is a required field
-	Tagging *Tagging `locationName:"Tagging" type:"structure" required:"true" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s PutBucketTaggingInput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s PutBucketTaggingInput) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *PutBucketTaggingInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "PutBucketTaggingInput"}
-	if s.Bucket == nil {
-		invalidParams.Add(request.NewErrParamRequired("Bucket"))
-	}
-	if s.Bucket != nil && len(*s.Bucket) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
-	}
-	if s.Tagging == nil {
-		invalidParams.Add(request.NewErrParamRequired("Tagging"))
-	}
-	if s.Tagging != nil {
-		if err := s.Tagging.Validate(); err != nil {
-			invalidParams.AddNested("Tagging", err.(request.ErrInvalidParams))
-		}
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetBucket sets the Bucket field's value.
-func (s *PutBucketTaggingInput) SetBucket(v string) *PutBucketTaggingInput {
-	s.Bucket = &v
-	return s
-}
-
-func (s *PutBucketTaggingInput) getBucket() (v string) {
-	if s.Bucket == nil {
-		return v
-	}
-	return *s.Bucket
-}
-
-// SetChecksumAlgorithm sets the ChecksumAlgorithm field's value.
-func (s *PutBucketTaggingInput) SetChecksumAlgorithm(v string) *PutBucketTaggingInput {
-	s.ChecksumAlgorithm = &v
-	return s
-}
-
-// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
-func (s *PutBucketTaggingInput) SetExpectedBucketOwner(v string) *PutBucketTaggingInput {
-	s.ExpectedBucketOwner = &v
-	return s
-}
-
-// SetTagging sets the Tagging field's value.
-func (s *PutBucketTaggingInput) SetTagging(v *Tagging) *PutBucketTaggingInput {
-	s.Tagging = v
-	return s
-}
-
-func (s *PutBucketTaggingInput) getEndpointARN() (arn.Resource, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	return parseEndpointARN(*s.Bucket)
-}
-
-func (s *PutBucketTaggingInput) hasEndpointARN() bool {
-	if s.Bucket == nil {
-		return false
-	}
-	return arn.IsARN(*s.Bucket)
-}
-
-// updateArnableField updates the value of the input field that
-// takes an ARN as an input. This method is useful to backfill
-// the parsed resource name from ARN into the input member.
-// It returns a pointer to a modified copy of input and an error.
-// Note that original input is not modified.
-func (s PutBucketTaggingInput) updateArnableField(v string) (interface{}, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	s.Bucket = aws.String(v)
-	return &s, nil
-}
-
-type PutBucketTaggingOutput struct {
-	_ struct{} `type:"structure"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s PutBucketTaggingOutput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s PutBucketTaggingOutput) GoString() string {
-	return s.String()
-}
-
-type PutBucketVersioningInput struct {
-	_ struct{} `locationName:"PutBucketVersioningRequest" type:"structure" payload:"VersioningConfiguration"`
-
-	// The bucket name.
-	//
-	// Bucket is a required field
-	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
-
-	// Indicates the algorithm used to create the checksum for the object when using
-	// the SDK. This header will not provide any additional functionality if not
-	// using the SDK. When sending this header, there must be a corresponding x-amz-checksum
-	// or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with
-	// the HTTP status code 400 Bad Request. For more information, see Checking
-	// object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
-	// in the Amazon S3 User Guide.
-	//
-	// If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm
-	// parameter.
-	//
-	// The AWS SDK for Go v1 does not support automatic computing request payload
-	// checksum. This feature is available in the AWS SDK for Go v2. If a value
-	// is specified for this parameter, the matching algorithm's checksum member
-	// must be populated with the algorithm's checksum of the request payload.
-	//
-	// The SDK will automatically compute the Content-MD5 checksum for this operation.
-	// The AWS SDK for Go v2 allows you to configure alternative checksum algorithm
-	// to be used.
-	ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"`
-
-	// The account ID of the expected bucket owner. If the bucket is owned by a
-	// different account, the request fails with the HTTP status code 403 Forbidden
-	// (access denied).
-	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
-
-	// The concatenation of the authentication device's serial number, a space,
-	// and the value that is displayed on your authentication device.
-	MFA *string `location:"header" locationName:"x-amz-mfa" type:"string"`
-
-	// Container for setting the versioning state.
-	//
-	// VersioningConfiguration is a required field
-	VersioningConfiguration *VersioningConfiguration `locationName:"VersioningConfiguration" type:"structure" required:"true" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s PutBucketVersioningInput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s PutBucketVersioningInput) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *PutBucketVersioningInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "PutBucketVersioningInput"}
-	if s.Bucket == nil {
-		invalidParams.Add(request.NewErrParamRequired("Bucket"))
-	}
-	if s.Bucket != nil && len(*s.Bucket) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
-	}
-	if s.VersioningConfiguration == nil {
-		invalidParams.Add(request.NewErrParamRequired("VersioningConfiguration"))
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetBucket sets the Bucket field's value.
-func (s *PutBucketVersioningInput) SetBucket(v string) *PutBucketVersioningInput {
-	s.Bucket = &v
-	return s
-}
-
-func (s *PutBucketVersioningInput) getBucket() (v string) {
-	if s.Bucket == nil {
-		return v
-	}
-	return *s.Bucket
-}
-
-// SetChecksumAlgorithm sets the ChecksumAlgorithm field's value.
-func (s *PutBucketVersioningInput) SetChecksumAlgorithm(v string) *PutBucketVersioningInput {
-	s.ChecksumAlgorithm = &v
-	return s
-}
-
-// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
-func (s *PutBucketVersioningInput) SetExpectedBucketOwner(v string) *PutBucketVersioningInput {
-	s.ExpectedBucketOwner = &v
-	return s
-}
-
-// SetMFA sets the MFA field's value.
-func (s *PutBucketVersioningInput) SetMFA(v string) *PutBucketVersioningInput {
-	s.MFA = &v
-	return s
-}
-
-// SetVersioningConfiguration sets the VersioningConfiguration field's value.
-func (s *PutBucketVersioningInput) SetVersioningConfiguration(v *VersioningConfiguration) *PutBucketVersioningInput {
-	s.VersioningConfiguration = v
-	return s
-}
-
-func (s *PutBucketVersioningInput) getEndpointARN() (arn.Resource, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	return parseEndpointARN(*s.Bucket)
-}
-
-func (s *PutBucketVersioningInput) hasEndpointARN() bool {
-	if s.Bucket == nil {
-		return false
-	}
-	return arn.IsARN(*s.Bucket)
-}
-
-// updateArnableField updates the value of the input field that
-// takes an ARN as an input. This method is useful to backfill
-// the parsed resource name from ARN into the input member.
-// It returns a pointer to a modified copy of input and an error.
-// Note that original input is not modified.
-func (s PutBucketVersioningInput) updateArnableField(v string) (interface{}, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	s.Bucket = aws.String(v)
-	return &s, nil
-}
-
-type PutBucketVersioningOutput struct {
-	_ struct{} `type:"structure"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s PutBucketVersioningOutput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s PutBucketVersioningOutput) GoString() string {
-	return s.String()
-}
-
-type PutBucketWebsiteInput struct {
-	_ struct{} `locationName:"PutBucketWebsiteRequest" type:"structure" payload:"WebsiteConfiguration"`
-
-	// The bucket name.
-	//
-	// Bucket is a required field
-	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
-
-	// Indicates the algorithm used to create the checksum for the object when using
-	// the SDK. This header will not provide any additional functionality if not
-	// using the SDK. When sending this header, there must be a corresponding x-amz-checksum
-	// or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with
-	// the HTTP status code 400 Bad Request. For more information, see Checking
-	// object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
-	// in the Amazon S3 User Guide.
-	//
-	// If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm
-	// parameter.
-	//
-	// The AWS SDK for Go v1 does not support automatic computing request payload
-	// checksum. This feature is available in the AWS SDK for Go v2. If a value
-	// is specified for this parameter, the matching algorithm's checksum member
-	// must be populated with the algorithm's checksum of the request payload.
-	//
-	// The SDK will automatically compute the Content-MD5 checksum for this operation.
-	// The AWS SDK for Go v2 allows you to configure alternative checksum algorithm
-	// to be used.
-	ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"`
-
-	// The account ID of the expected bucket owner. If the bucket is owned by a
-	// different account, the request fails with the HTTP status code 403 Forbidden
-	// (access denied).
-	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
-
-	// Container for the request.
-	//
-	// WebsiteConfiguration is a required field
-	WebsiteConfiguration *WebsiteConfiguration `locationName:"WebsiteConfiguration" type:"structure" required:"true" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s PutBucketWebsiteInput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s PutBucketWebsiteInput) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *PutBucketWebsiteInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "PutBucketWebsiteInput"}
-	if s.Bucket == nil {
-		invalidParams.Add(request.NewErrParamRequired("Bucket"))
-	}
-	if s.Bucket != nil && len(*s.Bucket) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
-	}
-	if s.WebsiteConfiguration == nil {
-		invalidParams.Add(request.NewErrParamRequired("WebsiteConfiguration"))
-	}
-	if s.WebsiteConfiguration != nil {
-		if err := s.WebsiteConfiguration.Validate(); err != nil {
-			invalidParams.AddNested("WebsiteConfiguration", err.(request.ErrInvalidParams))
-		}
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetBucket sets the Bucket field's value.
-func (s *PutBucketWebsiteInput) SetBucket(v string) *PutBucketWebsiteInput {
-	s.Bucket = &v
-	return s
-}
-
-func (s *PutBucketWebsiteInput) getBucket() (v string) {
-	if s.Bucket == nil {
-		return v
-	}
-	return *s.Bucket
-}
-
-// SetChecksumAlgorithm sets the ChecksumAlgorithm field's value.
-func (s *PutBucketWebsiteInput) SetChecksumAlgorithm(v string) *PutBucketWebsiteInput {
-	s.ChecksumAlgorithm = &v
-	return s
-}
-
-// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
-func (s *PutBucketWebsiteInput) SetExpectedBucketOwner(v string) *PutBucketWebsiteInput {
-	s.ExpectedBucketOwner = &v
-	return s
-}
-
-// SetWebsiteConfiguration sets the WebsiteConfiguration field's value.
-func (s *PutBucketWebsiteInput) SetWebsiteConfiguration(v *WebsiteConfiguration) *PutBucketWebsiteInput {
-	s.WebsiteConfiguration = v
-	return s
-}
-
-func (s *PutBucketWebsiteInput) getEndpointARN() (arn.Resource, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	return parseEndpointARN(*s.Bucket)
-}
-
-func (s *PutBucketWebsiteInput) hasEndpointARN() bool {
-	if s.Bucket == nil {
-		return false
-	}
-	return arn.IsARN(*s.Bucket)
-}
-
-// updateArnableField updates the value of the input field that
-// takes an ARN as an input. This method is useful to backfill
-// the parsed resource name from ARN into the input member.
-// It returns a pointer to a modified copy of input and an error.
-// Note that original input is not modified.
-func (s PutBucketWebsiteInput) updateArnableField(v string) (interface{}, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	s.Bucket = aws.String(v)
-	return &s, nil
-}
-
-type PutBucketWebsiteOutput struct {
-	_ struct{} `type:"structure"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s PutBucketWebsiteOutput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s PutBucketWebsiteOutput) GoString() string {
-	return s.String()
-}
-
-type PutObjectAclInput struct {
-	_ struct{} `locationName:"PutObjectAclRequest" type:"structure" payload:"AccessControlPolicy"`
-
-	// The canned ACL to apply to the object. For more information, see Canned ACL
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL).
-	ACL *string `location:"header" locationName:"x-amz-acl" type:"string" enum:"ObjectCannedACL"`
-
-	// Contains the elements that set the ACL permissions for an object per grantee.
-	AccessControlPolicy *AccessControlPolicy `locationName:"AccessControlPolicy" type:"structure" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"`
-
-	// The bucket name that contains the object to which you want to attach the
-	// ACL.
-	//
-	// When using this action with an access point, you must direct requests to
-	// the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com.
-	// When using this action with an access point through the Amazon Web Services
-	// SDKs, you provide the access point ARN in place of the bucket name. For more
-	// information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
-	// in the Amazon S3 User Guide.
-	//
-	// Bucket is a required field
-	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
-
-	// Indicates the algorithm used to create the checksum for the object when using
-	// the SDK. This header will not provide any additional functionality if not
-	// using the SDK. When sending this header, there must be a corresponding x-amz-checksum
-	// or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with
-	// the HTTP status code 400 Bad Request. For more information, see Checking
-	// object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
-	// in the Amazon S3 User Guide.
-	//
-	// If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm
-	// parameter.
-	//
-	// The AWS SDK for Go v1 does not support automatic computing request payload
-	// checksum. This feature is available in the AWS SDK for Go v2. If a value
-	// is specified for this parameter, the matching algorithm's checksum member
-	// must be populated with the algorithm's checksum of the request payload.
-	//
-	// The SDK will automatically compute the Content-MD5 checksum for this operation.
-	// The AWS SDK for Go v2 allows you to configure alternative checksum algorithm
-	// to be used.
-	ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"`
-
-	// The account ID of the expected bucket owner. If the bucket is owned by a
-	// different account, the request fails with the HTTP status code 403 Forbidden
-	// (access denied).
-	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
-
-	// Allows grantee the read, write, read ACP, and write ACP permissions on the
-	// bucket.
-	//
-	// This action is not supported by Amazon S3 on Outposts.
-	GrantFullControl *string `location:"header" locationName:"x-amz-grant-full-control" type:"string"`
-
-	// Allows grantee to list the objects in the bucket.
-	//
-	// This action is not supported by Amazon S3 on Outposts.
-	GrantRead *string `location:"header" locationName:"x-amz-grant-read" type:"string"`
-
-	// Allows grantee to read the bucket ACL.
-	//
-	// This action is not supported by Amazon S3 on Outposts.
-	GrantReadACP *string `location:"header" locationName:"x-amz-grant-read-acp" type:"string"`
-
-	// Allows grantee to create new objects in the bucket.
-	//
-	// For the bucket and object owners of existing objects, also allows deletions
-	// and overwrites of those objects.
-	GrantWrite *string `location:"header" locationName:"x-amz-grant-write" type:"string"`
-
-	// Allows grantee to write the ACL for the applicable bucket.
-	//
-	// This action is not supported by Amazon S3 on Outposts.
-	GrantWriteACP *string `location:"header" locationName:"x-amz-grant-write-acp" type:"string"`
-
-	// Key for which the PUT action was initiated.
-	//
-	// When using this action with an access point, you must direct requests to
-	// the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com.
-	// When using this action with an access point through the Amazon Web Services
-	// SDKs, you provide the access point ARN in place of the bucket name. For more
-	// information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
-	// in the Amazon S3 User Guide.
-	//
-	// When you use this action with Amazon S3 on Outposts, you must direct requests
-	// to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form
-	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When
-	// you use this action with S3 on Outposts through the Amazon Web Services SDKs,
-	// you provide the Outposts access point ARN in place of the bucket name. For
-	// more information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
-	// in the Amazon S3 User Guide.
-	//
-	// Key is a required field
-	Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"`
-
-	// Confirms that the requester knows that they will be charged for the request.
-	// Bucket owners need not specify this parameter in their requests. For information
-	// about downloading objects from Requester Pays buckets, see Downloading Objects
-	// in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
-	// in the Amazon S3 User Guide.
-	RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"`
-
-	// VersionId used to reference a specific version of the object.
-	VersionId *string `location:"querystring" locationName:"versionId" type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s PutObjectAclInput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s PutObjectAclInput) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *PutObjectAclInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "PutObjectAclInput"}
-	if s.Bucket == nil {
-		invalidParams.Add(request.NewErrParamRequired("Bucket"))
-	}
-	if s.Bucket != nil && len(*s.Bucket) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
-	}
-	if s.Key == nil {
-		invalidParams.Add(request.NewErrParamRequired("Key"))
-	}
-	if s.Key != nil && len(*s.Key) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Key", 1))
-	}
-	if s.AccessControlPolicy != nil {
-		if err := s.AccessControlPolicy.Validate(); err != nil {
-			invalidParams.AddNested("AccessControlPolicy", err.(request.ErrInvalidParams))
-		}
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetACL sets the ACL field's value.
-func (s *PutObjectAclInput) SetACL(v string) *PutObjectAclInput {
-	s.ACL = &v
-	return s
-}
-
-// SetAccessControlPolicy sets the AccessControlPolicy field's value.
-func (s *PutObjectAclInput) SetAccessControlPolicy(v *AccessControlPolicy) *PutObjectAclInput {
-	s.AccessControlPolicy = v
-	return s
-}
-
-// SetBucket sets the Bucket field's value.
-func (s *PutObjectAclInput) SetBucket(v string) *PutObjectAclInput {
-	s.Bucket = &v
-	return s
-}
-
-func (s *PutObjectAclInput) getBucket() (v string) {
-	if s.Bucket == nil {
-		return v
-	}
-	return *s.Bucket
-}
-
-// SetChecksumAlgorithm sets the ChecksumAlgorithm field's value.
-func (s *PutObjectAclInput) SetChecksumAlgorithm(v string) *PutObjectAclInput {
-	s.ChecksumAlgorithm = &v
-	return s
-}
-
-// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
-func (s *PutObjectAclInput) SetExpectedBucketOwner(v string) *PutObjectAclInput {
-	s.ExpectedBucketOwner = &v
-	return s
-}
-
-// SetGrantFullControl sets the GrantFullControl field's value.
-func (s *PutObjectAclInput) SetGrantFullControl(v string) *PutObjectAclInput {
-	s.GrantFullControl = &v
-	return s
-}
-
-// SetGrantRead sets the GrantRead field's value.
-func (s *PutObjectAclInput) SetGrantRead(v string) *PutObjectAclInput {
-	s.GrantRead = &v
-	return s
-}
-
-// SetGrantReadACP sets the GrantReadACP field's value.
-func (s *PutObjectAclInput) SetGrantReadACP(v string) *PutObjectAclInput {
-	s.GrantReadACP = &v
-	return s
-}
-
-// SetGrantWrite sets the GrantWrite field's value.
-func (s *PutObjectAclInput) SetGrantWrite(v string) *PutObjectAclInput {
-	s.GrantWrite = &v
-	return s
-}
-
-// SetGrantWriteACP sets the GrantWriteACP field's value.
-func (s *PutObjectAclInput) SetGrantWriteACP(v string) *PutObjectAclInput {
-	s.GrantWriteACP = &v
-	return s
-}
-
-// SetKey sets the Key field's value.
-func (s *PutObjectAclInput) SetKey(v string) *PutObjectAclInput {
-	s.Key = &v
-	return s
-}
-
-// SetRequestPayer sets the RequestPayer field's value.
-func (s *PutObjectAclInput) SetRequestPayer(v string) *PutObjectAclInput {
-	s.RequestPayer = &v
-	return s
-}
-
-// SetVersionId sets the VersionId field's value.
-func (s *PutObjectAclInput) SetVersionId(v string) *PutObjectAclInput {
-	s.VersionId = &v
-	return s
-}
-
-func (s *PutObjectAclInput) getEndpointARN() (arn.Resource, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	return parseEndpointARN(*s.Bucket)
-}
-
-func (s *PutObjectAclInput) hasEndpointARN() bool {
-	if s.Bucket == nil {
-		return false
-	}
-	return arn.IsARN(*s.Bucket)
-}
-
-// updateArnableField updates the value of the input field that
-// takes an ARN as an input. This method is useful to backfill
-// the parsed resource name from ARN into the input member.
-// It returns a pointer to a modified copy of input and an error.
-// Note that original input is not modified.
-func (s PutObjectAclInput) updateArnableField(v string) (interface{}, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	s.Bucket = aws.String(v)
-	return &s, nil
-}
-
-type PutObjectAclOutput struct {
-	_ struct{} `type:"structure"`
-
-	// If present, indicates that the requester was successfully charged for the
-	// request.
-	RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s PutObjectAclOutput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s PutObjectAclOutput) GoString() string {
-	return s.String()
-}
-
-// SetRequestCharged sets the RequestCharged field's value.
-func (s *PutObjectAclOutput) SetRequestCharged(v string) *PutObjectAclOutput {
-	s.RequestCharged = &v
-	return s
-}
-
-type PutObjectInput struct {
-	_ struct{} `locationName:"PutObjectRequest" type:"structure" payload:"Body"`
-
-	// The canned ACL to apply to the object. For more information, see Canned ACL
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL).
-	//
-	// This action is not supported by Amazon S3 on Outposts.
-	ACL *string `location:"header" locationName:"x-amz-acl" type:"string" enum:"ObjectCannedACL"`
-
-	// Object data.
-	Body io.ReadSeeker `type:"blob"`
-
-	// The bucket name to which the PUT action was initiated.
-	//
-	// When using this action with an access point, you must direct requests to
-	// the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com.
-	// When using this action with an access point through the Amazon Web Services
-	// SDKs, you provide the access point ARN in place of the bucket name. For more
-	// information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
-	// in the Amazon S3 User Guide.
-	//
-	// When you use this action with Amazon S3 on Outposts, you must direct requests
-	// to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form
-	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When
-	// you use this action with S3 on Outposts through the Amazon Web Services SDKs,
-	// you provide the Outposts access point ARN in place of the bucket name. For
-	// more information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
-	// in the Amazon S3 User Guide.
-	//
-	// Bucket is a required field
-	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
-
-	// Specifies whether Amazon S3 should use an S3 Bucket Key for object encryption
-	// with server-side encryption using Key Management Service (KMS) keys (SSE-KMS).
-	// Setting this header to true causes Amazon S3 to use an S3 Bucket Key for
-	// object encryption with SSE-KMS.
-	//
-	// Specifying this header with a PUT action doesn’t affect bucket-level settings
-	// for S3 Bucket Key.
-	BucketKeyEnabled *bool `location:"header" locationName:"x-amz-server-side-encryption-bucket-key-enabled" type:"boolean"`
-
-	// Can be used to specify caching behavior along the request/reply chain. For
-	// more information, see http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9
-	// (http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9).
-	CacheControl *string `location:"header" locationName:"Cache-Control" type:"string"`
-
-	// Indicates the algorithm used to create the checksum for the object when using
-	// the SDK. This header will not provide any additional functionality if not
-	// using the SDK. When sending this header, there must be a corresponding x-amz-checksum
-	// or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with
-	// the HTTP status code 400 Bad Request. For more information, see Checking
-	// object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
-	// in the Amazon S3 User Guide.
-	//
-	// If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm
-	// parameter.
-	//
-	// The AWS SDK for Go v1 does not support automatic computing request payload
-	// checksum. This feature is available in the AWS SDK for Go v2. If a value
-	// is specified for this parameter, the matching algorithm's checksum member
-	// must be populated with the algorithm's checksum of the request payload.
-	ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"`
-
-	// This header can be used as a data integrity check to verify that the data
-	// received is the same data that was originally sent. This header specifies
-	// the base64-encoded, 32-bit CRC32 checksum of the object. For more information,
-	// see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
-	// in the Amazon S3 User Guide.
-	ChecksumCRC32 *string `location:"header" locationName:"x-amz-checksum-crc32" type:"string"`
-
-	// This header can be used as a data integrity check to verify that the data
-	// received is the same data that was originally sent. This header specifies
-	// the base64-encoded, 32-bit CRC32C checksum of the object. For more information,
-	// see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
-	// in the Amazon S3 User Guide.
-	ChecksumCRC32C *string `location:"header" locationName:"x-amz-checksum-crc32c" type:"string"`
-
-	// This header can be used as a data integrity check to verify that the data
-	// received is the same data that was originally sent. This header specifies
-	// the base64-encoded, 160-bit SHA-1 digest of the object. For more information,
-	// see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
-	// in the Amazon S3 User Guide.
-	ChecksumSHA1 *string `location:"header" locationName:"x-amz-checksum-sha1" type:"string"`
-
-	// This header can be used as a data integrity check to verify that the data
-	// received is the same data that was originally sent. This header specifies
-	// the base64-encoded, 256-bit SHA-256 digest of the object. For more information,
-	// see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
-	// in the Amazon S3 User Guide.
-	ChecksumSHA256 *string `location:"header" locationName:"x-amz-checksum-sha256" type:"string"`
-
-	// Specifies presentational information for the object. For more information,
-	// see https://www.rfc-editor.org/rfc/rfc6266#section-4 (https://www.rfc-editor.org/rfc/rfc6266#section-4).
-	ContentDisposition *string `location:"header" locationName:"Content-Disposition" type:"string"`
-
-	// Specifies what content encodings have been applied to the object and thus
-	// what decoding mechanisms must be applied to obtain the media-type referenced
-	// by the Content-Type header field. For more information, see https://www.rfc-editor.org/rfc/rfc9110.html#field.content-encoding
-	// (https://www.rfc-editor.org/rfc/rfc9110.html#field.content-encoding).
-	ContentEncoding *string `location:"header" locationName:"Content-Encoding" type:"string"`
-
-	// The language the content is in.
-	ContentLanguage *string `location:"header" locationName:"Content-Language" type:"string"`
-
-	// Size of the body in bytes. This parameter is useful when the size of the
-	// body cannot be determined automatically. For more information, see https://www.rfc-editor.org/rfc/rfc9110.html#name-content-length
-	// (https://www.rfc-editor.org/rfc/rfc9110.html#name-content-length).
-	ContentLength *int64 `location:"header" locationName:"Content-Length" type:"long"`
-
-	// The base64-encoded 128-bit MD5 digest of the message (without the headers)
-	// according to RFC 1864. This header can be used as a message integrity check
-	// to verify that the data is the same data that was originally sent. Although
-	// it is optional, we recommend using the Content-MD5 mechanism as an end-to-end
-	// integrity check. For more information about REST request authentication,
-	// see REST Authentication (https://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html).
-	ContentMD5 *string `location:"header" locationName:"Content-MD5" type:"string"`
-
-	// A standard MIME type describing the format of the contents. For more information,
-	// see https://www.rfc-editor.org/rfc/rfc9110.html#name-content-type (https://www.rfc-editor.org/rfc/rfc9110.html#name-content-type).
-	ContentType *string `location:"header" locationName:"Content-Type" type:"string"`
-
-	// The account ID of the expected bucket owner. If the bucket is owned by a
-	// different account, the request fails with the HTTP status code 403 Forbidden
-	// (access denied).
-	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
-
-	// The date and time at which the object is no longer cacheable. For more information,
-	// see https://www.rfc-editor.org/rfc/rfc7234#section-5.3 (https://www.rfc-editor.org/rfc/rfc7234#section-5.3).
-	Expires *time.Time `location:"header" locationName:"Expires" type:"timestamp"`
-
-	// Gives the grantee READ, READ_ACP, and WRITE_ACP permissions on the object.
-	//
-	// This action is not supported by Amazon S3 on Outposts.
-	GrantFullControl *string `location:"header" locationName:"x-amz-grant-full-control" type:"string"`
-
-	// Allows grantee to read the object data and its metadata.
-	//
-	// This action is not supported by Amazon S3 on Outposts.
-	GrantRead *string `location:"header" locationName:"x-amz-grant-read" type:"string"`
-
-	// Allows grantee to read the object ACL.
-	//
-	// This action is not supported by Amazon S3 on Outposts.
-	GrantReadACP *string `location:"header" locationName:"x-amz-grant-read-acp" type:"string"`
-
-	// Allows grantee to write the ACL for the applicable object.
-	//
-	// This action is not supported by Amazon S3 on Outposts.
-	GrantWriteACP *string `location:"header" locationName:"x-amz-grant-write-acp" type:"string"`
-
-	// Object key for which the PUT action was initiated.
-	//
-	// Key is a required field
-	Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"`
-
-	// A map of metadata to store with the object in S3.
-	Metadata map[string]*string `location:"headers" locationName:"x-amz-meta-" type:"map"`
-
-	// Specifies whether a legal hold will be applied to this object. For more information
-	// about S3 Object Lock, see Object Lock (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html).
-	ObjectLockLegalHoldStatus *string `location:"header" locationName:"x-amz-object-lock-legal-hold" type:"string" enum:"ObjectLockLegalHoldStatus"`
-
-	// The Object Lock mode that you want to apply to this object.
-	ObjectLockMode *string `location:"header" locationName:"x-amz-object-lock-mode" type:"string" enum:"ObjectLockMode"`
-
-	// The date and time when you want this object's Object Lock to expire. Must
-	// be formatted as a timestamp parameter.
-	ObjectLockRetainUntilDate *time.Time `location:"header" locationName:"x-amz-object-lock-retain-until-date" type:"timestamp" timestampFormat:"iso8601"`
-
-	// Confirms that the requester knows that they will be charged for the request.
-	// Bucket owners need not specify this parameter in their requests. For information
-	// about downloading objects from Requester Pays buckets, see Downloading Objects
-	// in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
-	// in the Amazon S3 User Guide.
-	RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"`
-
-	// Specifies the algorithm to use to when encrypting the object (for example,
-	// AES256).
-	SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"`
-
-	// Specifies the customer-provided encryption key for Amazon S3 to use in encrypting
-	// data. This value is used to store the object and then it is discarded; Amazon
-	// S3 does not store the encryption key. The key must be appropriate for use
-	// with the algorithm specified in the x-amz-server-side-encryption-customer-algorithm
-	// header.
-	//
-	// SSECustomerKey is a sensitive parameter and its value will be
-	// replaced with "sensitive" in string returned by PutObjectInput's
-	// String and GoString methods.
-	SSECustomerKey *string `marshal-as:"blob" location:"header" locationName:"x-amz-server-side-encryption-customer-key" type:"string" sensitive:"true"`
-
-	// Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321.
-	// Amazon S3 uses this header for a message integrity check to ensure that the
-	// encryption key was transmitted without error.
-	SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"`
-
-	// Specifies the Amazon Web Services KMS Encryption Context to use for object
-	// encryption. The value of this header is a base64-encoded UTF-8 string holding
-	// JSON with the encryption context key-value pairs. This value is stored as
-	// object metadata and automatically gets passed on to Amazon Web Services KMS
-	// for future GetObject or CopyObject operations on this object.
-	//
-	// SSEKMSEncryptionContext is a sensitive parameter and its value will be
-	// replaced with "sensitive" in string returned by PutObjectInput's
-	// String and GoString methods.
-	SSEKMSEncryptionContext *string `location:"header" locationName:"x-amz-server-side-encryption-context" type:"string" sensitive:"true"`
-
-	// If x-amz-server-side-encryption has a valid value of aws:kms or aws:kms:dsse,
-	// this header specifies the ID of the Key Management Service (KMS) symmetric
-	// encryption customer managed key that was used for the object. If you specify
-	// x-amz-server-side-encryption:aws:kms or x-amz-server-side-encryption:aws:kms:dsse,
-	// but do not providex-amz-server-side-encryption-aws-kms-key-id, Amazon S3
-	// uses the Amazon Web Services managed key (aws/s3) to protect the data. If
-	// the KMS key does not exist in the same account that's issuing the command,
-	// you must use the full ARN and not just the ID.
-	//
-	// SSEKMSKeyId is a sensitive parameter and its value will be
-	// replaced with "sensitive" in string returned by PutObjectInput's
-	// String and GoString methods.
-	SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"`
-
-	// The server-side encryption algorithm used when storing this object in Amazon
-	// S3 (for example, AES256, aws:kms, aws:kms:dsse).
-	ServerSideEncryption *string `location:"header" locationName:"x-amz-server-side-encryption" type:"string" enum:"ServerSideEncryption"`
-
-	// By default, Amazon S3 uses the STANDARD Storage Class to store newly created
-	// objects. The STANDARD storage class provides high durability and high availability.
-	// Depending on performance needs, you can specify a different Storage Class.
-	// Amazon S3 on Outposts only uses the OUTPOSTS Storage Class. For more information,
-	// see Storage Classes (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html)
-	// in the Amazon S3 User Guide.
-	StorageClass *string `location:"header" locationName:"x-amz-storage-class" type:"string" enum:"StorageClass"`
-
-	// The tag-set for the object. The tag-set must be encoded as URL Query parameters.
-	// (For example, "Key1=Value1")
-	Tagging *string `location:"header" locationName:"x-amz-tagging" type:"string"`
-
-	// If the bucket is configured as a website, redirects requests for this object
-	// to another object in the same bucket or to an external URL. Amazon S3 stores
-	// the value of this header in the object metadata. For information about object
-	// metadata, see Object Key and Metadata (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMetadata.html).
-	//
-	// In the following example, the request header sets the redirect to an object
-	// (anotherPage.html) in the same bucket:
-	//
-	// x-amz-website-redirect-location: /anotherPage.html
-	//
-	// In the following example, the request header sets the object redirect to
-	// another website:
-	//
-	// x-amz-website-redirect-location: http://www.example.com/
-	//
-	// For more information about website hosting in Amazon S3, see Hosting Websites
-	// on Amazon S3 (https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteHosting.html)
-	// and How to Configure Website Page Redirects (https://docs.aws.amazon.com/AmazonS3/latest/dev/how-to-page-redirect.html).
-	WebsiteRedirectLocation *string `location:"header" locationName:"x-amz-website-redirect-location" type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s PutObjectInput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s PutObjectInput) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *PutObjectInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "PutObjectInput"}
-	if s.Bucket == nil {
-		invalidParams.Add(request.NewErrParamRequired("Bucket"))
-	}
-	if s.Bucket != nil && len(*s.Bucket) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
-	}
-	if s.Key == nil {
-		invalidParams.Add(request.NewErrParamRequired("Key"))
-	}
-	if s.Key != nil && len(*s.Key) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Key", 1))
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetACL sets the ACL field's value.
-func (s *PutObjectInput) SetACL(v string) *PutObjectInput {
-	s.ACL = &v
-	return s
-}
-
-// SetBody sets the Body field's value.
-func (s *PutObjectInput) SetBody(v io.ReadSeeker) *PutObjectInput {
-	s.Body = v
-	return s
-}
-
-// SetBucket sets the Bucket field's value.
-func (s *PutObjectInput) SetBucket(v string) *PutObjectInput {
-	s.Bucket = &v
-	return s
-}
-
-func (s *PutObjectInput) getBucket() (v string) {
-	if s.Bucket == nil {
-		return v
-	}
-	return *s.Bucket
-}
-
-// SetBucketKeyEnabled sets the BucketKeyEnabled field's value.
-func (s *PutObjectInput) SetBucketKeyEnabled(v bool) *PutObjectInput {
-	s.BucketKeyEnabled = &v
-	return s
-}
-
-// SetCacheControl sets the CacheControl field's value.
-func (s *PutObjectInput) SetCacheControl(v string) *PutObjectInput {
-	s.CacheControl = &v
-	return s
-}
-
-// SetChecksumAlgorithm sets the ChecksumAlgorithm field's value.
-func (s *PutObjectInput) SetChecksumAlgorithm(v string) *PutObjectInput {
-	s.ChecksumAlgorithm = &v
-	return s
-}
-
-// SetChecksumCRC32 sets the ChecksumCRC32 field's value.
-func (s *PutObjectInput) SetChecksumCRC32(v string) *PutObjectInput {
-	s.ChecksumCRC32 = &v
-	return s
-}
-
-// SetChecksumCRC32C sets the ChecksumCRC32C field's value.
-func (s *PutObjectInput) SetChecksumCRC32C(v string) *PutObjectInput {
-	s.ChecksumCRC32C = &v
-	return s
-}
-
-// SetChecksumSHA1 sets the ChecksumSHA1 field's value.
-func (s *PutObjectInput) SetChecksumSHA1(v string) *PutObjectInput {
-	s.ChecksumSHA1 = &v
-	return s
-}
-
-// SetChecksumSHA256 sets the ChecksumSHA256 field's value.
-func (s *PutObjectInput) SetChecksumSHA256(v string) *PutObjectInput {
-	s.ChecksumSHA256 = &v
-	return s
-}
-
-// SetContentDisposition sets the ContentDisposition field's value.
-func (s *PutObjectInput) SetContentDisposition(v string) *PutObjectInput {
-	s.ContentDisposition = &v
-	return s
-}
-
-// SetContentEncoding sets the ContentEncoding field's value.
-func (s *PutObjectInput) SetContentEncoding(v string) *PutObjectInput {
-	s.ContentEncoding = &v
-	return s
-}
-
-// SetContentLanguage sets the ContentLanguage field's value.
-func (s *PutObjectInput) SetContentLanguage(v string) *PutObjectInput {
-	s.ContentLanguage = &v
-	return s
-}
-
-// SetContentLength sets the ContentLength field's value.
-func (s *PutObjectInput) SetContentLength(v int64) *PutObjectInput {
-	s.ContentLength = &v
-	return s
-}
-
-// SetContentMD5 sets the ContentMD5 field's value.
-func (s *PutObjectInput) SetContentMD5(v string) *PutObjectInput {
-	s.ContentMD5 = &v
-	return s
-}
-
-// SetContentType sets the ContentType field's value.
-func (s *PutObjectInput) SetContentType(v string) *PutObjectInput {
-	s.ContentType = &v
-	return s
-}
-
-// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
-func (s *PutObjectInput) SetExpectedBucketOwner(v string) *PutObjectInput {
-	s.ExpectedBucketOwner = &v
-	return s
-}
-
-// SetExpires sets the Expires field's value.
-func (s *PutObjectInput) SetExpires(v time.Time) *PutObjectInput {
-	s.Expires = &v
-	return s
-}
-
-// SetGrantFullControl sets the GrantFullControl field's value.
-func (s *PutObjectInput) SetGrantFullControl(v string) *PutObjectInput {
-	s.GrantFullControl = &v
-	return s
-}
-
-// SetGrantRead sets the GrantRead field's value.
-func (s *PutObjectInput) SetGrantRead(v string) *PutObjectInput {
-	s.GrantRead = &v
-	return s
-}
-
-// SetGrantReadACP sets the GrantReadACP field's value.
-func (s *PutObjectInput) SetGrantReadACP(v string) *PutObjectInput {
-	s.GrantReadACP = &v
-	return s
-}
-
-// SetGrantWriteACP sets the GrantWriteACP field's value.
-func (s *PutObjectInput) SetGrantWriteACP(v string) *PutObjectInput {
-	s.GrantWriteACP = &v
-	return s
-}
-
-// SetKey sets the Key field's value.
-func (s *PutObjectInput) SetKey(v string) *PutObjectInput {
-	s.Key = &v
-	return s
-}
-
-// SetMetadata sets the Metadata field's value.
-func (s *PutObjectInput) SetMetadata(v map[string]*string) *PutObjectInput {
-	s.Metadata = v
-	return s
-}
-
-// SetObjectLockLegalHoldStatus sets the ObjectLockLegalHoldStatus field's value.
-func (s *PutObjectInput) SetObjectLockLegalHoldStatus(v string) *PutObjectInput {
-	s.ObjectLockLegalHoldStatus = &v
-	return s
-}
-
-// SetObjectLockMode sets the ObjectLockMode field's value.
-func (s *PutObjectInput) SetObjectLockMode(v string) *PutObjectInput {
-	s.ObjectLockMode = &v
-	return s
-}
-
-// SetObjectLockRetainUntilDate sets the ObjectLockRetainUntilDate field's value.
-func (s *PutObjectInput) SetObjectLockRetainUntilDate(v time.Time) *PutObjectInput {
-	s.ObjectLockRetainUntilDate = &v
-	return s
-}
-
-// SetRequestPayer sets the RequestPayer field's value.
-func (s *PutObjectInput) SetRequestPayer(v string) *PutObjectInput {
-	s.RequestPayer = &v
-	return s
-}
-
-// SetSSECustomerAlgorithm sets the SSECustomerAlgorithm field's value.
-func (s *PutObjectInput) SetSSECustomerAlgorithm(v string) *PutObjectInput {
-	s.SSECustomerAlgorithm = &v
-	return s
-}
-
-// SetSSECustomerKey sets the SSECustomerKey field's value.
-func (s *PutObjectInput) SetSSECustomerKey(v string) *PutObjectInput {
-	s.SSECustomerKey = &v
-	return s
-}
-
-func (s *PutObjectInput) getSSECustomerKey() (v string) {
-	if s.SSECustomerKey == nil {
-		return v
-	}
-	return *s.SSECustomerKey
-}
-
-// SetSSECustomerKeyMD5 sets the SSECustomerKeyMD5 field's value.
-func (s *PutObjectInput) SetSSECustomerKeyMD5(v string) *PutObjectInput {
-	s.SSECustomerKeyMD5 = &v
-	return s
-}
-
-// SetSSEKMSEncryptionContext sets the SSEKMSEncryptionContext field's value.
-func (s *PutObjectInput) SetSSEKMSEncryptionContext(v string) *PutObjectInput {
-	s.SSEKMSEncryptionContext = &v
-	return s
-}
-
-// SetSSEKMSKeyId sets the SSEKMSKeyId field's value.
-func (s *PutObjectInput) SetSSEKMSKeyId(v string) *PutObjectInput {
-	s.SSEKMSKeyId = &v
-	return s
-}
-
-// SetServerSideEncryption sets the ServerSideEncryption field's value.
-func (s *PutObjectInput) SetServerSideEncryption(v string) *PutObjectInput {
-	s.ServerSideEncryption = &v
-	return s
-}
-
-// SetStorageClass sets the StorageClass field's value.
-func (s *PutObjectInput) SetStorageClass(v string) *PutObjectInput {
-	s.StorageClass = &v
-	return s
-}
-
-// SetTagging sets the Tagging field's value.
-func (s *PutObjectInput) SetTagging(v string) *PutObjectInput {
-	s.Tagging = &v
-	return s
-}
-
-// SetWebsiteRedirectLocation sets the WebsiteRedirectLocation field's value.
-func (s *PutObjectInput) SetWebsiteRedirectLocation(v string) *PutObjectInput {
-	s.WebsiteRedirectLocation = &v
-	return s
-}
-
-func (s *PutObjectInput) getEndpointARN() (arn.Resource, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	return parseEndpointARN(*s.Bucket)
-}
-
-func (s *PutObjectInput) hasEndpointARN() bool {
-	if s.Bucket == nil {
-		return false
-	}
-	return arn.IsARN(*s.Bucket)
-}
-
-// updateArnableField updates the value of the input field that
-// takes an ARN as an input. This method is useful to backfill
-// the parsed resource name from ARN into the input member.
-// It returns a pointer to a modified copy of input and an error.
-// Note that original input is not modified.
-func (s PutObjectInput) updateArnableField(v string) (interface{}, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	s.Bucket = aws.String(v)
-	return &s, nil
-}
-
-type PutObjectLegalHoldInput struct {
-	_ struct{} `locationName:"PutObjectLegalHoldRequest" type:"structure" payload:"LegalHold"`
-
-	// The bucket name containing the object that you want to place a legal hold
-	// on.
-	//
-	// When using this action with an access point, you must direct requests to
-	// the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com.
-	// When using this action with an access point through the Amazon Web Services
-	// SDKs, you provide the access point ARN in place of the bucket name. For more
-	// information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
-	// in the Amazon S3 User Guide.
-	//
-	// Bucket is a required field
-	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
-
-	// Indicates the algorithm used to create the checksum for the object when using
-	// the SDK. This header will not provide any additional functionality if not
-	// using the SDK. When sending this header, there must be a corresponding x-amz-checksum
-	// or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with
-	// the HTTP status code 400 Bad Request. For more information, see Checking
-	// object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
-	// in the Amazon S3 User Guide.
-	//
-	// If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm
-	// parameter.
-	//
-	// The AWS SDK for Go v1 does not support automatic computing request payload
-	// checksum. This feature is available in the AWS SDK for Go v2. If a value
-	// is specified for this parameter, the matching algorithm's checksum member
-	// must be populated with the algorithm's checksum of the request payload.
-	//
-	// The SDK will automatically compute the Content-MD5 checksum for this operation.
-	// The AWS SDK for Go v2 allows you to configure alternative checksum algorithm
-	// to be used.
-	ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"`
-
-	// The account ID of the expected bucket owner. If the bucket is owned by a
-	// different account, the request fails with the HTTP status code 403 Forbidden
-	// (access denied).
-	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
-
-	// The key name for the object that you want to place a legal hold on.
-	//
-	// Key is a required field
-	Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"`
-
-	// Container element for the legal hold configuration you want to apply to the
-	// specified object.
-	LegalHold *ObjectLockLegalHold `locationName:"LegalHold" type:"structure" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"`
-
-	// Confirms that the requester knows that they will be charged for the request.
-	// Bucket owners need not specify this parameter in their requests. For information
-	// about downloading objects from Requester Pays buckets, see Downloading Objects
-	// in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
-	// in the Amazon S3 User Guide.
-	RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"`
-
-	// The version ID of the object that you want to place a legal hold on.
-	VersionId *string `location:"querystring" locationName:"versionId" type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s PutObjectLegalHoldInput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s PutObjectLegalHoldInput) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *PutObjectLegalHoldInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "PutObjectLegalHoldInput"}
-	if s.Bucket == nil {
-		invalidParams.Add(request.NewErrParamRequired("Bucket"))
-	}
-	if s.Bucket != nil && len(*s.Bucket) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
-	}
-	if s.Key == nil {
-		invalidParams.Add(request.NewErrParamRequired("Key"))
-	}
-	if s.Key != nil && len(*s.Key) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Key", 1))
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetBucket sets the Bucket field's value.
-func (s *PutObjectLegalHoldInput) SetBucket(v string) *PutObjectLegalHoldInput {
-	s.Bucket = &v
-	return s
-}
-
-func (s *PutObjectLegalHoldInput) getBucket() (v string) {
-	if s.Bucket == nil {
-		return v
-	}
-	return *s.Bucket
-}
-
-// SetChecksumAlgorithm sets the ChecksumAlgorithm field's value.
-func (s *PutObjectLegalHoldInput) SetChecksumAlgorithm(v string) *PutObjectLegalHoldInput {
-	s.ChecksumAlgorithm = &v
-	return s
-}
-
-// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
-func (s *PutObjectLegalHoldInput) SetExpectedBucketOwner(v string) *PutObjectLegalHoldInput {
-	s.ExpectedBucketOwner = &v
-	return s
-}
-
-// SetKey sets the Key field's value.
-func (s *PutObjectLegalHoldInput) SetKey(v string) *PutObjectLegalHoldInput {
-	s.Key = &v
-	return s
-}
-
-// SetLegalHold sets the LegalHold field's value.
-func (s *PutObjectLegalHoldInput) SetLegalHold(v *ObjectLockLegalHold) *PutObjectLegalHoldInput {
-	s.LegalHold = v
-	return s
-}
-
-// SetRequestPayer sets the RequestPayer field's value.
-func (s *PutObjectLegalHoldInput) SetRequestPayer(v string) *PutObjectLegalHoldInput {
-	s.RequestPayer = &v
-	return s
-}
-
-// SetVersionId sets the VersionId field's value.
-func (s *PutObjectLegalHoldInput) SetVersionId(v string) *PutObjectLegalHoldInput {
-	s.VersionId = &v
-	return s
-}
-
-func (s *PutObjectLegalHoldInput) getEndpointARN() (arn.Resource, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	return parseEndpointARN(*s.Bucket)
-}
-
-func (s *PutObjectLegalHoldInput) hasEndpointARN() bool {
-	if s.Bucket == nil {
-		return false
-	}
-	return arn.IsARN(*s.Bucket)
-}
-
-// updateArnableField updates the value of the input field that
-// takes an ARN as an input. This method is useful to backfill
-// the parsed resource name from ARN into the input member.
-// It returns a pointer to a modified copy of input and an error.
-// Note that original input is not modified.
-func (s PutObjectLegalHoldInput) updateArnableField(v string) (interface{}, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	s.Bucket = aws.String(v)
-	return &s, nil
-}
-
-type PutObjectLegalHoldOutput struct {
-	_ struct{} `type:"structure"`
-
-	// If present, indicates that the requester was successfully charged for the
-	// request.
-	RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s PutObjectLegalHoldOutput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s PutObjectLegalHoldOutput) GoString() string {
-	return s.String()
-}
-
-// SetRequestCharged sets the RequestCharged field's value.
-func (s *PutObjectLegalHoldOutput) SetRequestCharged(v string) *PutObjectLegalHoldOutput {
-	s.RequestCharged = &v
-	return s
-}
-
-type PutObjectLockConfigurationInput struct {
-	_ struct{} `locationName:"PutObjectLockConfigurationRequest" type:"structure" payload:"ObjectLockConfiguration"`
-
-	// The bucket whose Object Lock configuration you want to create or replace.
-	//
-	// Bucket is a required field
-	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
-
-	// Indicates the algorithm used to create the checksum for the object when using
-	// the SDK. This header will not provide any additional functionality if not
-	// using the SDK. When sending this header, there must be a corresponding x-amz-checksum
-	// or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with
-	// the HTTP status code 400 Bad Request. For more information, see Checking
-	// object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
-	// in the Amazon S3 User Guide.
-	//
-	// If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm
-	// parameter.
-	//
-	// The AWS SDK for Go v1 does not support automatic computing request payload
-	// checksum. This feature is available in the AWS SDK for Go v2. If a value
-	// is specified for this parameter, the matching algorithm's checksum member
-	// must be populated with the algorithm's checksum of the request payload.
-	//
-	// The SDK will automatically compute the Content-MD5 checksum for this operation.
-	// The AWS SDK for Go v2 allows you to configure alternative checksum algorithm
-	// to be used.
-	ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"`
-
-	// The account ID of the expected bucket owner. If the bucket is owned by a
-	// different account, the request fails with the HTTP status code 403 Forbidden
-	// (access denied).
-	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
-
-	// The Object Lock configuration that you want to apply to the specified bucket.
-	ObjectLockConfiguration *ObjectLockConfiguration `locationName:"ObjectLockConfiguration" type:"structure" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"`
-
-	// Confirms that the requester knows that they will be charged for the request.
-	// Bucket owners need not specify this parameter in their requests. For information
-	// about downloading objects from Requester Pays buckets, see Downloading Objects
-	// in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
-	// in the Amazon S3 User Guide.
-	RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"`
-
-	// A token to allow Object Lock to be enabled for an existing bucket.
-	Token *string `location:"header" locationName:"x-amz-bucket-object-lock-token" type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s PutObjectLockConfigurationInput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s PutObjectLockConfigurationInput) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *PutObjectLockConfigurationInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "PutObjectLockConfigurationInput"}
-	if s.Bucket == nil {
-		invalidParams.Add(request.NewErrParamRequired("Bucket"))
-	}
-	if s.Bucket != nil && len(*s.Bucket) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetBucket sets the Bucket field's value.
-func (s *PutObjectLockConfigurationInput) SetBucket(v string) *PutObjectLockConfigurationInput {
-	s.Bucket = &v
-	return s
-}
-
-func (s *PutObjectLockConfigurationInput) getBucket() (v string) {
-	if s.Bucket == nil {
-		return v
-	}
-	return *s.Bucket
-}
-
-// SetChecksumAlgorithm sets the ChecksumAlgorithm field's value.
-func (s *PutObjectLockConfigurationInput) SetChecksumAlgorithm(v string) *PutObjectLockConfigurationInput {
-	s.ChecksumAlgorithm = &v
-	return s
-}
-
-// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
-func (s *PutObjectLockConfigurationInput) SetExpectedBucketOwner(v string) *PutObjectLockConfigurationInput {
-	s.ExpectedBucketOwner = &v
-	return s
-}
-
-// SetObjectLockConfiguration sets the ObjectLockConfiguration field's value.
-func (s *PutObjectLockConfigurationInput) SetObjectLockConfiguration(v *ObjectLockConfiguration) *PutObjectLockConfigurationInput {
-	s.ObjectLockConfiguration = v
-	return s
-}
-
-// SetRequestPayer sets the RequestPayer field's value.
-func (s *PutObjectLockConfigurationInput) SetRequestPayer(v string) *PutObjectLockConfigurationInput {
-	s.RequestPayer = &v
-	return s
-}
-
-// SetToken sets the Token field's value.
-func (s *PutObjectLockConfigurationInput) SetToken(v string) *PutObjectLockConfigurationInput {
-	s.Token = &v
-	return s
-}
-
-func (s *PutObjectLockConfigurationInput) getEndpointARN() (arn.Resource, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	return parseEndpointARN(*s.Bucket)
-}
-
-func (s *PutObjectLockConfigurationInput) hasEndpointARN() bool {
-	if s.Bucket == nil {
-		return false
-	}
-	return arn.IsARN(*s.Bucket)
-}
-
-// updateArnableField updates the value of the input field that
-// takes an ARN as an input. This method is useful to backfill
-// the parsed resource name from ARN into the input member.
-// It returns a pointer to a modified copy of input and an error.
-// Note that original input is not modified.
-func (s PutObjectLockConfigurationInput) updateArnableField(v string) (interface{}, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	s.Bucket = aws.String(v)
-	return &s, nil
-}
-
-type PutObjectLockConfigurationOutput struct {
-	_ struct{} `type:"structure"`
-
-	// If present, indicates that the requester was successfully charged for the
-	// request.
-	RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s PutObjectLockConfigurationOutput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s PutObjectLockConfigurationOutput) GoString() string {
-	return s.String()
-}
-
-// SetRequestCharged sets the RequestCharged field's value.
-func (s *PutObjectLockConfigurationOutput) SetRequestCharged(v string) *PutObjectLockConfigurationOutput {
-	s.RequestCharged = &v
-	return s
-}
-
-type PutObjectOutput struct {
-	_ struct{} `type:"structure"`
-
-	// Indicates whether the uploaded object uses an S3 Bucket Key for server-side
-	// encryption with Key Management Service (KMS) keys (SSE-KMS).
-	BucketKeyEnabled *bool `location:"header" locationName:"x-amz-server-side-encryption-bucket-key-enabled" type:"boolean"`
-
-	// The base64-encoded, 32-bit CRC32 checksum of the object. This will only be
-	// present if it was uploaded with the object. With multipart uploads, this
-	// may not be a checksum value of the object. For more information about how
-	// checksums are calculated with multipart uploads, see Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
-	// in the Amazon S3 User Guide.
-	ChecksumCRC32 *string `location:"header" locationName:"x-amz-checksum-crc32" type:"string"`
-
-	// The base64-encoded, 32-bit CRC32C checksum of the object. This will only
-	// be present if it was uploaded with the object. With multipart uploads, this
-	// may not be a checksum value of the object. For more information about how
-	// checksums are calculated with multipart uploads, see Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
-	// in the Amazon S3 User Guide.
-	ChecksumCRC32C *string `location:"header" locationName:"x-amz-checksum-crc32c" type:"string"`
-
-	// The base64-encoded, 160-bit SHA-1 digest of the object. This will only be
-	// present if it was uploaded with the object. With multipart uploads, this
-	// may not be a checksum value of the object. For more information about how
-	// checksums are calculated with multipart uploads, see Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
-	// in the Amazon S3 User Guide.
-	ChecksumSHA1 *string `location:"header" locationName:"x-amz-checksum-sha1" type:"string"`
-
-	// The base64-encoded, 256-bit SHA-256 digest of the object. This will only
-	// be present if it was uploaded with the object. With multipart uploads, this
-	// may not be a checksum value of the object. For more information about how
-	// checksums are calculated with multipart uploads, see Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
-	// in the Amazon S3 User Guide.
-	ChecksumSHA256 *string `location:"header" locationName:"x-amz-checksum-sha256" type:"string"`
-
-	// Entity tag for the uploaded object.
-	ETag *string `location:"header" locationName:"ETag" type:"string"`
-
-	// If the expiration is configured for the object (see PutBucketLifecycleConfiguration
-	// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycleConfiguration.html)),
-	// the response includes this header. It includes the expiry-date and rule-id
-	// key-value pairs that provide information about object expiration. The value
-	// of the rule-id is URL-encoded.
-	Expiration *string `location:"header" locationName:"x-amz-expiration" type:"string"`
-
-	// If present, indicates that the requester was successfully charged for the
-	// request.
-	RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"`
-
-	// If server-side encryption with a customer-provided encryption key was requested,
-	// the response will include this header confirming the encryption algorithm
-	// used.
-	SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"`
-
-	// If server-side encryption with a customer-provided encryption key was requested,
-	// the response will include this header to provide round-trip message integrity
-	// verification of the customer-provided encryption key.
-	SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"`
-
-	// If present, specifies the Amazon Web Services KMS Encryption Context to use
-	// for object encryption. The value of this header is a base64-encoded UTF-8
-	// string holding JSON with the encryption context key-value pairs. This value
-	// is stored as object metadata and automatically gets passed on to Amazon Web
-	// Services KMS for future GetObject or CopyObject operations on this object.
-	//
-	// SSEKMSEncryptionContext is a sensitive parameter and its value will be
-	// replaced with "sensitive" in string returned by PutObjectOutput's
-	// String and GoString methods.
-	SSEKMSEncryptionContext *string `location:"header" locationName:"x-amz-server-side-encryption-context" type:"string" sensitive:"true"`
-
-	// If x-amz-server-side-encryption has a valid value of aws:kms or aws:kms:dsse,
-	// this header specifies the ID of the Key Management Service (KMS) symmetric
-	// encryption customer managed key that was used for the object.
-	//
-	// SSEKMSKeyId is a sensitive parameter and its value will be
-	// replaced with "sensitive" in string returned by PutObjectOutput's
-	// String and GoString methods.
-	SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"`
-
-	// The server-side encryption algorithm used when storing this object in Amazon
-	// S3 (for example, AES256, aws:kms, aws:kms:dsse).
-	ServerSideEncryption *string `location:"header" locationName:"x-amz-server-side-encryption" type:"string" enum:"ServerSideEncryption"`
-
-	// Version of the object.
-	VersionId *string `location:"header" locationName:"x-amz-version-id" type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s PutObjectOutput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s PutObjectOutput) GoString() string {
-	return s.String()
-}
-
-// SetBucketKeyEnabled sets the BucketKeyEnabled field's value.
-func (s *PutObjectOutput) SetBucketKeyEnabled(v bool) *PutObjectOutput {
-	s.BucketKeyEnabled = &v
-	return s
-}
-
-// SetChecksumCRC32 sets the ChecksumCRC32 field's value.
-func (s *PutObjectOutput) SetChecksumCRC32(v string) *PutObjectOutput {
-	s.ChecksumCRC32 = &v
-	return s
-}
-
-// SetChecksumCRC32C sets the ChecksumCRC32C field's value.
-func (s *PutObjectOutput) SetChecksumCRC32C(v string) *PutObjectOutput {
-	s.ChecksumCRC32C = &v
-	return s
-}
-
-// SetChecksumSHA1 sets the ChecksumSHA1 field's value.
-func (s *PutObjectOutput) SetChecksumSHA1(v string) *PutObjectOutput {
-	s.ChecksumSHA1 = &v
-	return s
-}
-
-// SetChecksumSHA256 sets the ChecksumSHA256 field's value.
-func (s *PutObjectOutput) SetChecksumSHA256(v string) *PutObjectOutput {
-	s.ChecksumSHA256 = &v
-	return s
-}
-
-// SetETag sets the ETag field's value.
-func (s *PutObjectOutput) SetETag(v string) *PutObjectOutput {
-	s.ETag = &v
-	return s
-}
-
-// SetExpiration sets the Expiration field's value.
-func (s *PutObjectOutput) SetExpiration(v string) *PutObjectOutput {
-	s.Expiration = &v
-	return s
-}
-
-// SetRequestCharged sets the RequestCharged field's value.
-func (s *PutObjectOutput) SetRequestCharged(v string) *PutObjectOutput {
-	s.RequestCharged = &v
-	return s
-}
-
-// SetSSECustomerAlgorithm sets the SSECustomerAlgorithm field's value.
-func (s *PutObjectOutput) SetSSECustomerAlgorithm(v string) *PutObjectOutput {
-	s.SSECustomerAlgorithm = &v
-	return s
-}
-
-// SetSSECustomerKeyMD5 sets the SSECustomerKeyMD5 field's value.
-func (s *PutObjectOutput) SetSSECustomerKeyMD5(v string) *PutObjectOutput {
-	s.SSECustomerKeyMD5 = &v
-	return s
-}
-
-// SetSSEKMSEncryptionContext sets the SSEKMSEncryptionContext field's value.
-func (s *PutObjectOutput) SetSSEKMSEncryptionContext(v string) *PutObjectOutput {
-	s.SSEKMSEncryptionContext = &v
-	return s
-}
-
-// SetSSEKMSKeyId sets the SSEKMSKeyId field's value.
-func (s *PutObjectOutput) SetSSEKMSKeyId(v string) *PutObjectOutput {
-	s.SSEKMSKeyId = &v
-	return s
-}
-
-// SetServerSideEncryption sets the ServerSideEncryption field's value.
-func (s *PutObjectOutput) SetServerSideEncryption(v string) *PutObjectOutput {
-	s.ServerSideEncryption = &v
-	return s
-}
-
-// SetVersionId sets the VersionId field's value.
-func (s *PutObjectOutput) SetVersionId(v string) *PutObjectOutput {
-	s.VersionId = &v
-	return s
-}
-
-type PutObjectRetentionInput struct {
-	_ struct{} `locationName:"PutObjectRetentionRequest" type:"structure" payload:"Retention"`
-
-	// The bucket name that contains the object you want to apply this Object Retention
-	// configuration to.
-	//
-	// When using this action with an access point, you must direct requests to
-	// the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com.
-	// When using this action with an access point through the Amazon Web Services
-	// SDKs, you provide the access point ARN in place of the bucket name. For more
-	// information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
-	// in the Amazon S3 User Guide.
-	//
-	// Bucket is a required field
-	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
-
-	// Indicates whether this action should bypass Governance-mode restrictions.
-	BypassGovernanceRetention *bool `location:"header" locationName:"x-amz-bypass-governance-retention" type:"boolean"`
-
-	// Indicates the algorithm used to create the checksum for the object when using
-	// the SDK. This header will not provide any additional functionality if not
-	// using the SDK. When sending this header, there must be a corresponding x-amz-checksum
-	// or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with
-	// the HTTP status code 400 Bad Request. For more information, see Checking
-	// object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
-	// in the Amazon S3 User Guide.
-	//
-	// If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm
-	// parameter.
-	//
-	// The AWS SDK for Go v1 does not support automatic computing request payload
-	// checksum. This feature is available in the AWS SDK for Go v2. If a value
-	// is specified for this parameter, the matching algorithm's checksum member
-	// must be populated with the algorithm's checksum of the request payload.
-	//
-	// The SDK will automatically compute the Content-MD5 checksum for this operation.
-	// The AWS SDK for Go v2 allows you to configure alternative checksum algorithm
-	// to be used.
-	ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"`
-
-	// The account ID of the expected bucket owner. If the bucket is owned by a
-	// different account, the request fails with the HTTP status code 403 Forbidden
-	// (access denied).
-	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
-
-	// The key name for the object that you want to apply this Object Retention
-	// configuration to.
-	//
-	// Key is a required field
-	Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"`
-
-	// Confirms that the requester knows that they will be charged for the request.
-	// Bucket owners need not specify this parameter in their requests. For information
-	// about downloading objects from Requester Pays buckets, see Downloading Objects
-	// in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
-	// in the Amazon S3 User Guide.
-	RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"`
-
-	// The container element for the Object Retention configuration.
-	Retention *ObjectLockRetention `locationName:"Retention" type:"structure" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"`
-
-	// The version ID for the object that you want to apply this Object Retention
-	// configuration to.
-	VersionId *string `location:"querystring" locationName:"versionId" type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s PutObjectRetentionInput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s PutObjectRetentionInput) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *PutObjectRetentionInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "PutObjectRetentionInput"}
-	if s.Bucket == nil {
-		invalidParams.Add(request.NewErrParamRequired("Bucket"))
-	}
-	if s.Bucket != nil && len(*s.Bucket) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
-	}
-	if s.Key == nil {
-		invalidParams.Add(request.NewErrParamRequired("Key"))
-	}
-	if s.Key != nil && len(*s.Key) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Key", 1))
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetBucket sets the Bucket field's value.
-func (s *PutObjectRetentionInput) SetBucket(v string) *PutObjectRetentionInput {
-	s.Bucket = &v
-	return s
-}
-
-func (s *PutObjectRetentionInput) getBucket() (v string) {
-	if s.Bucket == nil {
-		return v
-	}
-	return *s.Bucket
-}
-
-// SetBypassGovernanceRetention sets the BypassGovernanceRetention field's value.
-func (s *PutObjectRetentionInput) SetBypassGovernanceRetention(v bool) *PutObjectRetentionInput {
-	s.BypassGovernanceRetention = &v
-	return s
-}
-
-// SetChecksumAlgorithm sets the ChecksumAlgorithm field's value.
-func (s *PutObjectRetentionInput) SetChecksumAlgorithm(v string) *PutObjectRetentionInput {
-	s.ChecksumAlgorithm = &v
-	return s
-}
-
-// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
-func (s *PutObjectRetentionInput) SetExpectedBucketOwner(v string) *PutObjectRetentionInput {
-	s.ExpectedBucketOwner = &v
-	return s
-}
-
-// SetKey sets the Key field's value.
-func (s *PutObjectRetentionInput) SetKey(v string) *PutObjectRetentionInput {
-	s.Key = &v
-	return s
-}
-
-// SetRequestPayer sets the RequestPayer field's value.
-func (s *PutObjectRetentionInput) SetRequestPayer(v string) *PutObjectRetentionInput {
-	s.RequestPayer = &v
-	return s
-}
-
-// SetRetention sets the Retention field's value.
-func (s *PutObjectRetentionInput) SetRetention(v *ObjectLockRetention) *PutObjectRetentionInput {
-	s.Retention = v
-	return s
-}
-
-// SetVersionId sets the VersionId field's value.
-func (s *PutObjectRetentionInput) SetVersionId(v string) *PutObjectRetentionInput {
-	s.VersionId = &v
-	return s
-}
-
-func (s *PutObjectRetentionInput) getEndpointARN() (arn.Resource, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	return parseEndpointARN(*s.Bucket)
-}
-
-func (s *PutObjectRetentionInput) hasEndpointARN() bool {
-	if s.Bucket == nil {
-		return false
-	}
-	return arn.IsARN(*s.Bucket)
-}
-
-// updateArnableField updates the value of the input field that
-// takes an ARN as an input. This method is useful to backfill
-// the parsed resource name from ARN into the input member.
-// It returns a pointer to a modified copy of input and an error.
-// Note that original input is not modified.
-func (s PutObjectRetentionInput) updateArnableField(v string) (interface{}, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	s.Bucket = aws.String(v)
-	return &s, nil
-}
-
-type PutObjectRetentionOutput struct {
-	_ struct{} `type:"structure"`
-
-	// If present, indicates that the requester was successfully charged for the
-	// request.
-	RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s PutObjectRetentionOutput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s PutObjectRetentionOutput) GoString() string {
-	return s.String()
-}
-
-// SetRequestCharged sets the RequestCharged field's value.
-func (s *PutObjectRetentionOutput) SetRequestCharged(v string) *PutObjectRetentionOutput {
-	s.RequestCharged = &v
-	return s
-}
-
-type PutObjectTaggingInput struct {
-	_ struct{} `locationName:"PutObjectTaggingRequest" type:"structure" payload:"Tagging"`
-
-	// The bucket name containing the object.
-	//
-	// When using this action with an access point, you must direct requests to
-	// the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com.
-	// When using this action with an access point through the Amazon Web Services
-	// SDKs, you provide the access point ARN in place of the bucket name. For more
-	// information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
-	// in the Amazon S3 User Guide.
-	//
-	// When you use this action with Amazon S3 on Outposts, you must direct requests
-	// to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form
-	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When
-	// you use this action with S3 on Outposts through the Amazon Web Services SDKs,
-	// you provide the Outposts access point ARN in place of the bucket name. For
-	// more information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
-	// in the Amazon S3 User Guide.
-	//
-	// Bucket is a required field
-	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
-
-	// Indicates the algorithm used to create the checksum for the object when using
-	// the SDK. This header will not provide any additional functionality if not
-	// using the SDK. When sending this header, there must be a corresponding x-amz-checksum
-	// or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with
-	// the HTTP status code 400 Bad Request. For more information, see Checking
-	// object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
-	// in the Amazon S3 User Guide.
-	//
-	// If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm
-	// parameter.
-	//
-	// The AWS SDK for Go v1 does not support automatic computing request payload
-	// checksum. This feature is available in the AWS SDK for Go v2. If a value
-	// is specified for this parameter, the matching algorithm's checksum member
-	// must be populated with the algorithm's checksum of the request payload.
-	//
-	// The SDK will automatically compute the Content-MD5 checksum for this operation.
-	// The AWS SDK for Go v2 allows you to configure alternative checksum algorithm
-	// to be used.
-	ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"`
-
-	// The account ID of the expected bucket owner. If the bucket is owned by a
-	// different account, the request fails with the HTTP status code 403 Forbidden
-	// (access denied).
-	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
-
-	// Name of the object key.
-	//
-	// Key is a required field
-	Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"`
-
-	// Confirms that the requester knows that they will be charged for the request.
-	// Bucket owners need not specify this parameter in their requests. For information
-	// about downloading objects from Requester Pays buckets, see Downloading Objects
-	// in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
-	// in the Amazon S3 User Guide.
-	RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"`
-
-	// Container for the TagSet and Tag elements
-	//
-	// Tagging is a required field
-	Tagging *Tagging `locationName:"Tagging" type:"structure" required:"true" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"`
-
-	// The versionId of the object that the tag-set will be added to.
-	VersionId *string `location:"querystring" locationName:"versionId" type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s PutObjectTaggingInput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s PutObjectTaggingInput) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *PutObjectTaggingInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "PutObjectTaggingInput"}
-	if s.Bucket == nil {
-		invalidParams.Add(request.NewErrParamRequired("Bucket"))
-	}
-	if s.Bucket != nil && len(*s.Bucket) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
-	}
-	if s.Key == nil {
-		invalidParams.Add(request.NewErrParamRequired("Key"))
-	}
-	if s.Key != nil && len(*s.Key) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Key", 1))
-	}
-	if s.Tagging == nil {
-		invalidParams.Add(request.NewErrParamRequired("Tagging"))
-	}
-	if s.Tagging != nil {
-		if err := s.Tagging.Validate(); err != nil {
-			invalidParams.AddNested("Tagging", err.(request.ErrInvalidParams))
-		}
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetBucket sets the Bucket field's value.
-func (s *PutObjectTaggingInput) SetBucket(v string) *PutObjectTaggingInput {
-	s.Bucket = &v
-	return s
-}
-
-func (s *PutObjectTaggingInput) getBucket() (v string) {
-	if s.Bucket == nil {
-		return v
-	}
-	return *s.Bucket
-}
-
-// SetChecksumAlgorithm sets the ChecksumAlgorithm field's value.
-func (s *PutObjectTaggingInput) SetChecksumAlgorithm(v string) *PutObjectTaggingInput {
-	s.ChecksumAlgorithm = &v
-	return s
-}
-
-// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
-func (s *PutObjectTaggingInput) SetExpectedBucketOwner(v string) *PutObjectTaggingInput {
-	s.ExpectedBucketOwner = &v
-	return s
-}
-
-// SetKey sets the Key field's value.
-func (s *PutObjectTaggingInput) SetKey(v string) *PutObjectTaggingInput {
-	s.Key = &v
-	return s
-}
-
-// SetRequestPayer sets the RequestPayer field's value.
-func (s *PutObjectTaggingInput) SetRequestPayer(v string) *PutObjectTaggingInput {
-	s.RequestPayer = &v
-	return s
-}
-
-// SetTagging sets the Tagging field's value.
-func (s *PutObjectTaggingInput) SetTagging(v *Tagging) *PutObjectTaggingInput {
-	s.Tagging = v
-	return s
-}
-
-// SetVersionId sets the VersionId field's value.
-func (s *PutObjectTaggingInput) SetVersionId(v string) *PutObjectTaggingInput {
-	s.VersionId = &v
-	return s
-}
-
-func (s *PutObjectTaggingInput) getEndpointARN() (arn.Resource, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	return parseEndpointARN(*s.Bucket)
-}
-
-func (s *PutObjectTaggingInput) hasEndpointARN() bool {
-	if s.Bucket == nil {
-		return false
-	}
-	return arn.IsARN(*s.Bucket)
-}
-
-// updateArnableField updates the value of the input field that
-// takes an ARN as an input. This method is useful to backfill
-// the parsed resource name from ARN into the input member.
-// It returns a pointer to a modified copy of input and an error.
-// Note that original input is not modified.
-func (s PutObjectTaggingInput) updateArnableField(v string) (interface{}, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	s.Bucket = aws.String(v)
-	return &s, nil
-}
-
-type PutObjectTaggingOutput struct {
-	_ struct{} `type:"structure"`
-
-	// The versionId of the object the tag-set was added to.
-	VersionId *string `location:"header" locationName:"x-amz-version-id" type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s PutObjectTaggingOutput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s PutObjectTaggingOutput) GoString() string {
-	return s.String()
-}
-
-// SetVersionId sets the VersionId field's value.
-func (s *PutObjectTaggingOutput) SetVersionId(v string) *PutObjectTaggingOutput {
-	s.VersionId = &v
-	return s
-}
-
-type PutPublicAccessBlockInput struct {
-	_ struct{} `locationName:"PutPublicAccessBlockRequest" type:"structure" payload:"PublicAccessBlockConfiguration"`
-
-	// The name of the Amazon S3 bucket whose PublicAccessBlock configuration you
-	// want to set.
-	//
-	// Bucket is a required field
-	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
-
-	// Indicates the algorithm used to create the checksum for the object when using
-	// the SDK. This header will not provide any additional functionality if not
-	// using the SDK. When sending this header, there must be a corresponding x-amz-checksum
-	// or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with
-	// the HTTP status code 400 Bad Request. For more information, see Checking
-	// object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
-	// in the Amazon S3 User Guide.
-	//
-	// If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm
-	// parameter.
-	//
-	// The AWS SDK for Go v1 does not support automatic computing request payload
-	// checksum. This feature is available in the AWS SDK for Go v2. If a value
-	// is specified for this parameter, the matching algorithm's checksum member
-	// must be populated with the algorithm's checksum of the request payload.
-	//
-	// The SDK will automatically compute the Content-MD5 checksum for this operation.
-	// The AWS SDK for Go v2 allows you to configure alternative checksum algorithm
-	// to be used.
-	ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"`
-
-	// The account ID of the expected bucket owner. If the bucket is owned by a
-	// different account, the request fails with the HTTP status code 403 Forbidden
-	// (access denied).
-	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
-
-	// The PublicAccessBlock configuration that you want to apply to this Amazon
-	// S3 bucket. You can enable the configuration options in any combination. For
-	// more information about when Amazon S3 considers a bucket or object public,
-	// see The Meaning of "Public" (https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html#access-control-block-public-access-policy-status)
-	// in the Amazon S3 User Guide.
-	//
-	// PublicAccessBlockConfiguration is a required field
-	PublicAccessBlockConfiguration *PublicAccessBlockConfiguration `locationName:"PublicAccessBlockConfiguration" type:"structure" required:"true" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s PutPublicAccessBlockInput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s PutPublicAccessBlockInput) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *PutPublicAccessBlockInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "PutPublicAccessBlockInput"}
-	if s.Bucket == nil {
-		invalidParams.Add(request.NewErrParamRequired("Bucket"))
-	}
-	if s.Bucket != nil && len(*s.Bucket) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
-	}
-	if s.PublicAccessBlockConfiguration == nil {
-		invalidParams.Add(request.NewErrParamRequired("PublicAccessBlockConfiguration"))
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetBucket sets the Bucket field's value.
-func (s *PutPublicAccessBlockInput) SetBucket(v string) *PutPublicAccessBlockInput {
-	s.Bucket = &v
-	return s
-}
-
-func (s *PutPublicAccessBlockInput) getBucket() (v string) {
-	if s.Bucket == nil {
-		return v
-	}
-	return *s.Bucket
-}
-
-// SetChecksumAlgorithm sets the ChecksumAlgorithm field's value.
-func (s *PutPublicAccessBlockInput) SetChecksumAlgorithm(v string) *PutPublicAccessBlockInput {
-	s.ChecksumAlgorithm = &v
-	return s
-}
-
-// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
-func (s *PutPublicAccessBlockInput) SetExpectedBucketOwner(v string) *PutPublicAccessBlockInput {
-	s.ExpectedBucketOwner = &v
-	return s
-}
-
-// SetPublicAccessBlockConfiguration sets the PublicAccessBlockConfiguration field's value.
-func (s *PutPublicAccessBlockInput) SetPublicAccessBlockConfiguration(v *PublicAccessBlockConfiguration) *PutPublicAccessBlockInput {
-	s.PublicAccessBlockConfiguration = v
-	return s
-}
-
-func (s *PutPublicAccessBlockInput) getEndpointARN() (arn.Resource, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	return parseEndpointARN(*s.Bucket)
-}
-
-func (s *PutPublicAccessBlockInput) hasEndpointARN() bool {
-	if s.Bucket == nil {
-		return false
-	}
-	return arn.IsARN(*s.Bucket)
-}
-
-// updateArnableField updates the value of the input field that
-// takes an ARN as an input. This method is useful to backfill
-// the parsed resource name from ARN into the input member.
-// It returns a pointer to a modified copy of input and an error.
-// Note that original input is not modified.
-func (s PutPublicAccessBlockInput) updateArnableField(v string) (interface{}, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	s.Bucket = aws.String(v)
-	return &s, nil
-}
-
-type PutPublicAccessBlockOutput struct {
-	_ struct{} `type:"structure"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s PutPublicAccessBlockOutput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s PutPublicAccessBlockOutput) GoString() string {
-	return s.String()
-}
-
-// Specifies the configuration for publishing messages to an Amazon Simple Queue
-// Service (Amazon SQS) queue when Amazon S3 detects specified events.
-type QueueConfiguration struct {
-	_ struct{} `type:"structure"`
-
-	// A collection of bucket events for which to send notifications
-	//
-	// Events is a required field
-	Events []*string `locationName:"Event" type:"list" flattened:"true" required:"true" enum:"Event"`
-
-	// Specifies object key name filtering rules. For information about key name
-	// filtering, see Configuring event notifications using object key name filtering
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/notification-how-to-filtering.html)
-	// in the Amazon S3 User Guide.
-	Filter *NotificationConfigurationFilter `type:"structure"`
-
-	// An optional unique identifier for configurations in a notification configuration.
-	// If you don't provide one, Amazon S3 will assign an ID.
-	Id *string `type:"string"`
-
-	// The Amazon Resource Name (ARN) of the Amazon SQS queue to which Amazon S3
-	// publishes a message when it detects events of the specified type.
-	//
-	// QueueArn is a required field
-	QueueArn *string `locationName:"Queue" type:"string" required:"true"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s QueueConfiguration) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s QueueConfiguration) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *QueueConfiguration) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "QueueConfiguration"}
-	if s.Events == nil {
-		invalidParams.Add(request.NewErrParamRequired("Events"))
-	}
-	if s.QueueArn == nil {
-		invalidParams.Add(request.NewErrParamRequired("QueueArn"))
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetEvents sets the Events field's value.
-func (s *QueueConfiguration) SetEvents(v []*string) *QueueConfiguration {
-	s.Events = v
-	return s
-}
-
-// SetFilter sets the Filter field's value.
-func (s *QueueConfiguration) SetFilter(v *NotificationConfigurationFilter) *QueueConfiguration {
-	s.Filter = v
-	return s
-}
-
-// SetId sets the Id field's value.
-func (s *QueueConfiguration) SetId(v string) *QueueConfiguration {
-	s.Id = &v
-	return s
-}
-
-// SetQueueArn sets the QueueArn field's value.
-func (s *QueueConfiguration) SetQueueArn(v string) *QueueConfiguration {
-	s.QueueArn = &v
-	return s
-}
-
-// This data type is deprecated. Use QueueConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_QueueConfiguration.html)
-// for the same purposes. This data type specifies the configuration for publishing
-// messages to an Amazon Simple Queue Service (Amazon SQS) queue when Amazon
-// S3 detects specified events.
-type QueueConfigurationDeprecated struct {
-	_ struct{} `type:"structure"`
-
-	// The bucket event for which to send notifications.
-	//
-	// Deprecated: Event has been deprecated
-	Event *string `deprecated:"true" type:"string" enum:"Event"`
-
-	// A collection of bucket events for which to send notifications.
-	Events []*string `locationName:"Event" type:"list" flattened:"true" enum:"Event"`
-
-	// An optional unique identifier for configurations in a notification configuration.
-	// If you don't provide one, Amazon S3 will assign an ID.
-	Id *string `type:"string"`
-
-	// The Amazon Resource Name (ARN) of the Amazon SQS queue to which Amazon S3
-	// publishes a message when it detects events of the specified type.
-	Queue *string `type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s QueueConfigurationDeprecated) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s QueueConfigurationDeprecated) GoString() string {
-	return s.String()
-}
-
-// SetEvent sets the Event field's value.
-func (s *QueueConfigurationDeprecated) SetEvent(v string) *QueueConfigurationDeprecated {
-	s.Event = &v
-	return s
-}
-
-// SetEvents sets the Events field's value.
-func (s *QueueConfigurationDeprecated) SetEvents(v []*string) *QueueConfigurationDeprecated {
-	s.Events = v
-	return s
-}
-
-// SetId sets the Id field's value.
-func (s *QueueConfigurationDeprecated) SetId(v string) *QueueConfigurationDeprecated {
-	s.Id = &v
-	return s
-}
-
-// SetQueue sets the Queue field's value.
-func (s *QueueConfigurationDeprecated) SetQueue(v string) *QueueConfigurationDeprecated {
-	s.Queue = &v
-	return s
-}
-
-// The container for the records event.
-type RecordsEvent struct {
-	_ struct{} `locationName:"RecordsEvent" type:"structure" payload:"Payload"`
-
-	// The byte array of partial, one or more result records.
-	// Payload is automatically base64 encoded/decoded by the SDK.
-	Payload []byte `type:"blob"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s RecordsEvent) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s RecordsEvent) GoString() string {
-	return s.String()
-}
-
-// SetPayload sets the Payload field's value.
-func (s *RecordsEvent) SetPayload(v []byte) *RecordsEvent {
-	s.Payload = v
-	return s
-}
-
-// The RecordsEvent is and event in the SelectObjectContentEventStream group of events.
-func (s *RecordsEvent) eventSelectObjectContentEventStream() {}
-
-// UnmarshalEvent unmarshals the EventStream Message into the RecordsEvent value.
-// This method is only used internally within the SDK's EventStream handling.
-func (s *RecordsEvent) UnmarshalEvent(
-	payloadUnmarshaler protocol.PayloadUnmarshaler,
-	msg eventstream.Message,
-) error {
-	s.Payload = make([]byte, len(msg.Payload))
-	copy(s.Payload, msg.Payload)
-	return nil
-}
-
-// MarshalEvent marshals the type into an stream event value. This method
-// should only used internally within the SDK's EventStream handling.
-func (s *RecordsEvent) MarshalEvent(pm protocol.PayloadMarshaler) (msg eventstream.Message, err error) {
-	msg.Headers.Set(eventstreamapi.MessageTypeHeader, eventstream.StringValue(eventstreamapi.EventMessageType))
-	msg.Headers.Set(":content-type", eventstream.StringValue("application/octet-stream"))
-	msg.Payload = s.Payload
-	return msg, err
-}
-
-// Specifies how requests are redirected. In the event of an error, you can
-// specify a different error code to return.
-type Redirect struct {
-	_ struct{} `type:"structure"`
-
-	// The host name to use in the redirect request.
-	HostName *string `type:"string"`
-
-	// The HTTP redirect code to use on the response. Not required if one of the
-	// siblings is present.
-	HttpRedirectCode *string `type:"string"`
-
-	// Protocol to use when redirecting requests. The default is the protocol that
-	// is used in the original request.
-	Protocol *string `type:"string" enum:"Protocol"`
-
-	// The object key prefix to use in the redirect request. For example, to redirect
-	// requests for all pages with prefix docs/ (objects in the docs/ folder) to
-	// documents/, you can set a condition block with KeyPrefixEquals set to docs/
-	// and in the Redirect set ReplaceKeyPrefixWith to /documents. Not required
-	// if one of the siblings is present. Can be present only if ReplaceKeyWith
-	// is not provided.
-	//
-	// Replacement must be made for object keys containing special characters (such
-	// as carriage returns) when using XML requests. For more information, see XML
-	// related object key constraints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints).
-	ReplaceKeyPrefixWith *string `type:"string"`
-
-	// The specific object key to use in the redirect request. For example, redirect
-	// request to error.html. Not required if one of the siblings is present. Can
-	// be present only if ReplaceKeyPrefixWith is not provided.
-	//
-	// Replacement must be made for object keys containing special characters (such
-	// as carriage returns) when using XML requests. For more information, see XML
-	// related object key constraints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints).
-	ReplaceKeyWith *string `type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s Redirect) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s Redirect) GoString() string {
-	return s.String()
-}
-
-// SetHostName sets the HostName field's value.
-func (s *Redirect) SetHostName(v string) *Redirect {
-	s.HostName = &v
-	return s
-}
-
-// SetHttpRedirectCode sets the HttpRedirectCode field's value.
-func (s *Redirect) SetHttpRedirectCode(v string) *Redirect {
-	s.HttpRedirectCode = &v
-	return s
-}
-
-// SetProtocol sets the Protocol field's value.
-func (s *Redirect) SetProtocol(v string) *Redirect {
-	s.Protocol = &v
-	return s
-}
-
-// SetReplaceKeyPrefixWith sets the ReplaceKeyPrefixWith field's value.
-func (s *Redirect) SetReplaceKeyPrefixWith(v string) *Redirect {
-	s.ReplaceKeyPrefixWith = &v
-	return s
-}
-
-// SetReplaceKeyWith sets the ReplaceKeyWith field's value.
-func (s *Redirect) SetReplaceKeyWith(v string) *Redirect {
-	s.ReplaceKeyWith = &v
-	return s
-}
-
-// Specifies the redirect behavior of all requests to a website endpoint of
-// an Amazon S3 bucket.
-type RedirectAllRequestsTo struct {
-	_ struct{} `type:"structure"`
-
-	// Name of the host where requests are redirected.
-	//
-	// HostName is a required field
-	HostName *string `type:"string" required:"true"`
-
-	// Protocol to use when redirecting requests. The default is the protocol that
-	// is used in the original request.
-	Protocol *string `type:"string" enum:"Protocol"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s RedirectAllRequestsTo) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s RedirectAllRequestsTo) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *RedirectAllRequestsTo) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "RedirectAllRequestsTo"}
-	if s.HostName == nil {
-		invalidParams.Add(request.NewErrParamRequired("HostName"))
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetHostName sets the HostName field's value.
-func (s *RedirectAllRequestsTo) SetHostName(v string) *RedirectAllRequestsTo {
-	s.HostName = &v
-	return s
-}
-
-// SetProtocol sets the Protocol field's value.
-func (s *RedirectAllRequestsTo) SetProtocol(v string) *RedirectAllRequestsTo {
-	s.Protocol = &v
-	return s
-}
-
-// A filter that you can specify for selection for modifications on replicas.
-// Amazon S3 doesn't replicate replica modifications by default. In the latest
-// version of replication configuration (when Filter is specified), you can
-// specify this element and set the status to Enabled to replicate modifications
-// on replicas.
-//
-// If you don't specify the Filter element, Amazon S3 assumes that the replication
-// configuration is the earlier version, V1. In the earlier version, this element
-// is not allowed.
-type ReplicaModifications struct {
-	_ struct{} `type:"structure"`
-
-	// Specifies whether Amazon S3 replicates modifications on replicas.
-	//
-	// Status is a required field
-	Status *string `type:"string" required:"true" enum:"ReplicaModificationsStatus"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s ReplicaModifications) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s ReplicaModifications) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *ReplicaModifications) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "ReplicaModifications"}
-	if s.Status == nil {
-		invalidParams.Add(request.NewErrParamRequired("Status"))
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetStatus sets the Status field's value.
-func (s *ReplicaModifications) SetStatus(v string) *ReplicaModifications {
-	s.Status = &v
-	return s
-}
-
-// A container for replication rules. You can add up to 1,000 rules. The maximum
-// size of a replication configuration is 2 MB.
-type ReplicationConfiguration struct {
-	_ struct{} `type:"structure"`
-
-	// The Amazon Resource Name (ARN) of the Identity and Access Management (IAM)
-	// role that Amazon S3 assumes when replicating objects. For more information,
-	// see How to Set Up Replication (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-how-setup.html)
-	// in the Amazon S3 User Guide.
-	//
-	// Role is a required field
-	Role *string `type:"string" required:"true"`
-
-	// A container for one or more replication rules. A replication configuration
-	// must have at least one rule and can contain a maximum of 1,000 rules.
-	//
-	// Rules is a required field
-	Rules []*ReplicationRule `locationName:"Rule" type:"list" flattened:"true" required:"true"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s ReplicationConfiguration) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s ReplicationConfiguration) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *ReplicationConfiguration) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "ReplicationConfiguration"}
-	if s.Role == nil {
-		invalidParams.Add(request.NewErrParamRequired("Role"))
-	}
-	if s.Rules == nil {
-		invalidParams.Add(request.NewErrParamRequired("Rules"))
-	}
-	if s.Rules != nil {
-		for i, v := range s.Rules {
-			if v == nil {
-				continue
-			}
-			if err := v.Validate(); err != nil {
-				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Rules", i), err.(request.ErrInvalidParams))
-			}
-		}
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetRole sets the Role field's value.
-func (s *ReplicationConfiguration) SetRole(v string) *ReplicationConfiguration {
-	s.Role = &v
-	return s
-}
-
-// SetRules sets the Rules field's value.
-func (s *ReplicationConfiguration) SetRules(v []*ReplicationRule) *ReplicationConfiguration {
-	s.Rules = v
-	return s
-}
-
-// Specifies which Amazon S3 objects to replicate and where to store the replicas.
-type ReplicationRule struct {
-	_ struct{} `type:"structure"`
-
-	// Specifies whether Amazon S3 replicates delete markers. If you specify a Filter
-	// in your replication configuration, you must also include a DeleteMarkerReplication
-	// element. If your Filter includes a Tag element, the DeleteMarkerReplication
-	// Status must be set to Disabled, because Amazon S3 does not support replicating
-	// delete markers for tag-based rules. For an example configuration, see Basic
-	// Rule Configuration (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-add-config.html#replication-config-min-rule-config).
-	//
-	// For more information about delete marker replication, see Basic Rule Configuration
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/delete-marker-replication.html).
-	//
-	// If you are using an earlier version of the replication configuration, Amazon
-	// S3 handles replication of delete markers differently. For more information,
-	// see Backward Compatibility (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-add-config.html#replication-backward-compat-considerations).
-	DeleteMarkerReplication *DeleteMarkerReplication `type:"structure"`
-
-	// A container for information about the replication destination and its configurations
-	// including enabling the S3 Replication Time Control (S3 RTC).
-	//
-	// Destination is a required field
-	Destination *Destination `type:"structure" required:"true"`
-
-	// Optional configuration to replicate existing source bucket objects. For more
-	// information, see Replicating Existing Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-what-is-isnot-replicated.html#existing-object-replication)
-	// in the Amazon S3 User Guide.
-	ExistingObjectReplication *ExistingObjectReplication `type:"structure"`
-
-	// A filter that identifies the subset of objects to which the replication rule
-	// applies. A Filter must specify exactly one Prefix, Tag, or an And child element.
-	Filter *ReplicationRuleFilter `type:"structure"`
-
-	// A unique identifier for the rule. The maximum value is 255 characters.
-	ID *string `type:"string"`
-
-	// An object key name prefix that identifies the object or objects to which
-	// the rule applies. The maximum prefix length is 1,024 characters. To include
-	// all objects in a bucket, specify an empty string.
-	//
-	// Replacement must be made for object keys containing special characters (such
-	// as carriage returns) when using XML requests. For more information, see XML
-	// related object key constraints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints).
-	//
-	// Deprecated: Prefix has been deprecated
-	Prefix *string `deprecated:"true" type:"string"`
-
-	// The priority indicates which rule has precedence whenever two or more replication
-	// rules conflict. Amazon S3 will attempt to replicate objects according to
-	// all replication rules. However, if there are two or more rules with the same
-	// destination bucket, then objects will be replicated according to the rule
-	// with the highest priority. The higher the number, the higher the priority.
-	//
-	// For more information, see Replication (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication.html)
-	// in the Amazon S3 User Guide.
-	Priority *int64 `type:"integer"`
-
-	// A container that describes additional filters for identifying the source
-	// objects that you want to replicate. You can choose to enable or disable the
-	// replication of these objects. Currently, Amazon S3 supports only the filter
-	// that you can specify for objects created with server-side encryption using
-	// a customer managed key stored in Amazon Web Services Key Management Service
-	// (SSE-KMS).
-	SourceSelectionCriteria *SourceSelectionCriteria `type:"structure"`
-
-	// Specifies whether the rule is enabled.
-	//
-	// Status is a required field
-	Status *string `type:"string" required:"true" enum:"ReplicationRuleStatus"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s ReplicationRule) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s ReplicationRule) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *ReplicationRule) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "ReplicationRule"}
-	if s.Destination == nil {
-		invalidParams.Add(request.NewErrParamRequired("Destination"))
-	}
-	if s.Status == nil {
-		invalidParams.Add(request.NewErrParamRequired("Status"))
-	}
-	if s.Destination != nil {
-		if err := s.Destination.Validate(); err != nil {
-			invalidParams.AddNested("Destination", err.(request.ErrInvalidParams))
-		}
-	}
-	if s.ExistingObjectReplication != nil {
-		if err := s.ExistingObjectReplication.Validate(); err != nil {
-			invalidParams.AddNested("ExistingObjectReplication", err.(request.ErrInvalidParams))
-		}
-	}
-	if s.Filter != nil {
-		if err := s.Filter.Validate(); err != nil {
-			invalidParams.AddNested("Filter", err.(request.ErrInvalidParams))
-		}
-	}
-	if s.SourceSelectionCriteria != nil {
-		if err := s.SourceSelectionCriteria.Validate(); err != nil {
-			invalidParams.AddNested("SourceSelectionCriteria", err.(request.ErrInvalidParams))
-		}
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetDeleteMarkerReplication sets the DeleteMarkerReplication field's value.
-func (s *ReplicationRule) SetDeleteMarkerReplication(v *DeleteMarkerReplication) *ReplicationRule {
-	s.DeleteMarkerReplication = v
-	return s
-}
-
-// SetDestination sets the Destination field's value.
-func (s *ReplicationRule) SetDestination(v *Destination) *ReplicationRule {
-	s.Destination = v
-	return s
-}
-
-// SetExistingObjectReplication sets the ExistingObjectReplication field's value.
-func (s *ReplicationRule) SetExistingObjectReplication(v *ExistingObjectReplication) *ReplicationRule {
-	s.ExistingObjectReplication = v
-	return s
-}
-
-// SetFilter sets the Filter field's value.
-func (s *ReplicationRule) SetFilter(v *ReplicationRuleFilter) *ReplicationRule {
-	s.Filter = v
-	return s
-}
-
-// SetID sets the ID field's value.
-func (s *ReplicationRule) SetID(v string) *ReplicationRule {
-	s.ID = &v
-	return s
-}
-
-// SetPrefix sets the Prefix field's value.
-func (s *ReplicationRule) SetPrefix(v string) *ReplicationRule {
-	s.Prefix = &v
-	return s
-}
-
-// SetPriority sets the Priority field's value.
-func (s *ReplicationRule) SetPriority(v int64) *ReplicationRule {
-	s.Priority = &v
-	return s
-}
-
-// SetSourceSelectionCriteria sets the SourceSelectionCriteria field's value.
-func (s *ReplicationRule) SetSourceSelectionCriteria(v *SourceSelectionCriteria) *ReplicationRule {
-	s.SourceSelectionCriteria = v
-	return s
-}
-
-// SetStatus sets the Status field's value.
-func (s *ReplicationRule) SetStatus(v string) *ReplicationRule {
-	s.Status = &v
-	return s
-}
-
-// A container for specifying rule filters. The filters determine the subset
-// of objects to which the rule applies. This element is required only if you
-// specify more than one filter.
-//
-// For example:
-//
-//   - If you specify both a Prefix and a Tag filter, wrap these filters in
-//     an And tag.
-//
-//   - If you specify a filter based on multiple tags, wrap the Tag elements
-//     in an And tag.
-type ReplicationRuleAndOperator struct {
-	_ struct{} `type:"structure"`
-
-	// An object key name prefix that identifies the subset of objects to which
-	// the rule applies.
-	Prefix *string `type:"string"`
-
-	// An array of tags containing key and value pairs.
-	Tags []*Tag `locationName:"Tag" locationNameList:"Tag" type:"list" flattened:"true"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s ReplicationRuleAndOperator) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s ReplicationRuleAndOperator) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *ReplicationRuleAndOperator) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "ReplicationRuleAndOperator"}
-	if s.Tags != nil {
-		for i, v := range s.Tags {
-			if v == nil {
-				continue
-			}
-			if err := v.Validate(); err != nil {
-				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams))
-			}
-		}
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetPrefix sets the Prefix field's value.
-func (s *ReplicationRuleAndOperator) SetPrefix(v string) *ReplicationRuleAndOperator {
-	s.Prefix = &v
-	return s
-}
-
-// SetTags sets the Tags field's value.
-func (s *ReplicationRuleAndOperator) SetTags(v []*Tag) *ReplicationRuleAndOperator {
-	s.Tags = v
-	return s
-}
-
-// A filter that identifies the subset of objects to which the replication rule
-// applies. A Filter must specify exactly one Prefix, Tag, or an And child element.
-type ReplicationRuleFilter struct {
-	_ struct{} `type:"structure"`
-
-	// A container for specifying rule filters. The filters determine the subset
-	// of objects to which the rule applies. This element is required only if you
-	// specify more than one filter. For example:
-	//
-	//    * If you specify both a Prefix and a Tag filter, wrap these filters in
-	//    an And tag.
-	//
-	//    * If you specify a filter based on multiple tags, wrap the Tag elements
-	//    in an And tag.
-	And *ReplicationRuleAndOperator `type:"structure"`
-
-	// An object key name prefix that identifies the subset of objects to which
-	// the rule applies.
-	//
-	// Replacement must be made for object keys containing special characters (such
-	// as carriage returns) when using XML requests. For more information, see XML
-	// related object key constraints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints).
-	Prefix *string `type:"string"`
-
-	// A container for specifying a tag key and value.
-	//
-	// The rule applies only to objects that have the tag in their tag set.
-	Tag *Tag `type:"structure"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s ReplicationRuleFilter) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s ReplicationRuleFilter) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *ReplicationRuleFilter) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "ReplicationRuleFilter"}
-	if s.And != nil {
-		if err := s.And.Validate(); err != nil {
-			invalidParams.AddNested("And", err.(request.ErrInvalidParams))
-		}
-	}
-	if s.Tag != nil {
-		if err := s.Tag.Validate(); err != nil {
-			invalidParams.AddNested("Tag", err.(request.ErrInvalidParams))
-		}
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetAnd sets the And field's value.
-func (s *ReplicationRuleFilter) SetAnd(v *ReplicationRuleAndOperator) *ReplicationRuleFilter {
-	s.And = v
-	return s
-}
-
-// SetPrefix sets the Prefix field's value.
-func (s *ReplicationRuleFilter) SetPrefix(v string) *ReplicationRuleFilter {
-	s.Prefix = &v
-	return s
-}
-
-// SetTag sets the Tag field's value.
-func (s *ReplicationRuleFilter) SetTag(v *Tag) *ReplicationRuleFilter {
-	s.Tag = v
-	return s
-}
-
-// A container specifying S3 Replication Time Control (S3 RTC) related information,
-// including whether S3 RTC is enabled and the time when all objects and operations
-// on objects must be replicated. Must be specified together with a Metrics
-// block.
-type ReplicationTime struct {
-	_ struct{} `type:"structure"`
-
-	// Specifies whether the replication time is enabled.
-	//
-	// Status is a required field
-	Status *string `type:"string" required:"true" enum:"ReplicationTimeStatus"`
-
-	// A container specifying the time by which replication should be complete for
-	// all objects and operations on objects.
-	//
-	// Time is a required field
-	Time *ReplicationTimeValue `type:"structure" required:"true"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s ReplicationTime) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s ReplicationTime) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *ReplicationTime) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "ReplicationTime"}
-	if s.Status == nil {
-		invalidParams.Add(request.NewErrParamRequired("Status"))
-	}
-	if s.Time == nil {
-		invalidParams.Add(request.NewErrParamRequired("Time"))
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetStatus sets the Status field's value.
-func (s *ReplicationTime) SetStatus(v string) *ReplicationTime {
-	s.Status = &v
-	return s
-}
-
-// SetTime sets the Time field's value.
-func (s *ReplicationTime) SetTime(v *ReplicationTimeValue) *ReplicationTime {
-	s.Time = v
-	return s
-}
-
-// A container specifying the time value for S3 Replication Time Control (S3
-// RTC) and replication metrics EventThreshold.
-type ReplicationTimeValue struct {
-	_ struct{} `type:"structure"`
-
-	// Contains an integer specifying time in minutes.
-	//
-	// Valid value: 15
-	Minutes *int64 `type:"integer"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s ReplicationTimeValue) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s ReplicationTimeValue) GoString() string {
-	return s.String()
-}
-
-// SetMinutes sets the Minutes field's value.
-func (s *ReplicationTimeValue) SetMinutes(v int64) *ReplicationTimeValue {
-	s.Minutes = &v
-	return s
-}
-
-// Container for Payer.
-type RequestPaymentConfiguration struct {
-	_ struct{} `type:"structure"`
-
-	// Specifies who pays for the download and request fees.
-	//
-	// Payer is a required field
-	Payer *string `type:"string" required:"true" enum:"Payer"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s RequestPaymentConfiguration) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s RequestPaymentConfiguration) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *RequestPaymentConfiguration) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "RequestPaymentConfiguration"}
-	if s.Payer == nil {
-		invalidParams.Add(request.NewErrParamRequired("Payer"))
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetPayer sets the Payer field's value.
-func (s *RequestPaymentConfiguration) SetPayer(v string) *RequestPaymentConfiguration {
-	s.Payer = &v
-	return s
-}
-
-// Container for specifying if periodic QueryProgress messages should be sent.
-type RequestProgress struct {
-	_ struct{} `type:"structure"`
-
-	// Specifies whether periodic QueryProgress frames should be sent. Valid values:
-	// TRUE, FALSE. Default value: FALSE.
-	Enabled *bool `type:"boolean"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s RequestProgress) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s RequestProgress) GoString() string {
-	return s.String()
-}
-
-// SetEnabled sets the Enabled field's value.
-func (s *RequestProgress) SetEnabled(v bool) *RequestProgress {
-	s.Enabled = &v
-	return s
-}
-
-type RestoreObjectInput struct {
-	_ struct{} `locationName:"RestoreObjectRequest" type:"structure" payload:"RestoreRequest"`
-
-	// The bucket name containing the object to restore.
-	//
-	// When using this action with an access point, you must direct requests to
-	// the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com.
-	// When using this action with an access point through the Amazon Web Services
-	// SDKs, you provide the access point ARN in place of the bucket name. For more
-	// information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
-	// in the Amazon S3 User Guide.
-	//
-	// When you use this action with Amazon S3 on Outposts, you must direct requests
-	// to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form
-	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When
-	// you use this action with S3 on Outposts through the Amazon Web Services SDKs,
-	// you provide the Outposts access point ARN in place of the bucket name. For
-	// more information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
-	// in the Amazon S3 User Guide.
-	//
-	// Bucket is a required field
-	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
-
-	// Indicates the algorithm used to create the checksum for the object when using
-	// the SDK. This header will not provide any additional functionality if not
-	// using the SDK. When sending this header, there must be a corresponding x-amz-checksum
-	// or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with
-	// the HTTP status code 400 Bad Request. For more information, see Checking
-	// object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
-	// in the Amazon S3 User Guide.
-	//
-	// If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm
-	// parameter.
-	//
-	// The AWS SDK for Go v1 does not support automatic computing request payload
-	// checksum. This feature is available in the AWS SDK for Go v2. If a value
-	// is specified for this parameter, the matching algorithm's checksum member
-	// must be populated with the algorithm's checksum of the request payload.
-	ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"`
-
-	// The account ID of the expected bucket owner. If the bucket is owned by a
-	// different account, the request fails with the HTTP status code 403 Forbidden
-	// (access denied).
-	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
-
-	// Object key for which the action was initiated.
-	//
-	// Key is a required field
-	Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"`
-
-	// Confirms that the requester knows that they will be charged for the request.
-	// Bucket owners need not specify this parameter in their requests. For information
-	// about downloading objects from Requester Pays buckets, see Downloading Objects
-	// in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
-	// in the Amazon S3 User Guide.
-	RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"`
-
-	// Container for restore job parameters.
-	RestoreRequest *RestoreRequest `locationName:"RestoreRequest" type:"structure" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"`
-
-	// VersionId used to reference a specific version of the object.
-	VersionId *string `location:"querystring" locationName:"versionId" type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s RestoreObjectInput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s RestoreObjectInput) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *RestoreObjectInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "RestoreObjectInput"}
-	if s.Bucket == nil {
-		invalidParams.Add(request.NewErrParamRequired("Bucket"))
-	}
-	if s.Bucket != nil && len(*s.Bucket) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
-	}
-	if s.Key == nil {
-		invalidParams.Add(request.NewErrParamRequired("Key"))
-	}
-	if s.Key != nil && len(*s.Key) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Key", 1))
-	}
-	if s.RestoreRequest != nil {
-		if err := s.RestoreRequest.Validate(); err != nil {
-			invalidParams.AddNested("RestoreRequest", err.(request.ErrInvalidParams))
-		}
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetBucket sets the Bucket field's value.
-func (s *RestoreObjectInput) SetBucket(v string) *RestoreObjectInput {
-	s.Bucket = &v
-	return s
-}
-
-func (s *RestoreObjectInput) getBucket() (v string) {
-	if s.Bucket == nil {
-		return v
-	}
-	return *s.Bucket
-}
-
-// SetChecksumAlgorithm sets the ChecksumAlgorithm field's value.
-func (s *RestoreObjectInput) SetChecksumAlgorithm(v string) *RestoreObjectInput {
-	s.ChecksumAlgorithm = &v
-	return s
-}
-
-// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
-func (s *RestoreObjectInput) SetExpectedBucketOwner(v string) *RestoreObjectInput {
-	s.ExpectedBucketOwner = &v
-	return s
-}
-
-// SetKey sets the Key field's value.
-func (s *RestoreObjectInput) SetKey(v string) *RestoreObjectInput {
-	s.Key = &v
-	return s
-}
-
-// SetRequestPayer sets the RequestPayer field's value.
-func (s *RestoreObjectInput) SetRequestPayer(v string) *RestoreObjectInput {
-	s.RequestPayer = &v
-	return s
-}
-
-// SetRestoreRequest sets the RestoreRequest field's value.
-func (s *RestoreObjectInput) SetRestoreRequest(v *RestoreRequest) *RestoreObjectInput {
-	s.RestoreRequest = v
-	return s
-}
-
-// SetVersionId sets the VersionId field's value.
-func (s *RestoreObjectInput) SetVersionId(v string) *RestoreObjectInput {
-	s.VersionId = &v
-	return s
-}
-
-func (s *RestoreObjectInput) getEndpointARN() (arn.Resource, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	return parseEndpointARN(*s.Bucket)
-}
-
-func (s *RestoreObjectInput) hasEndpointARN() bool {
-	if s.Bucket == nil {
-		return false
-	}
-	return arn.IsARN(*s.Bucket)
-}
-
-// updateArnableField updates the value of the input field that
-// takes an ARN as an input. This method is useful to backfill
-// the parsed resource name from ARN into the input member.
-// It returns a pointer to a modified copy of input and an error.
-// Note that original input is not modified.
-func (s RestoreObjectInput) updateArnableField(v string) (interface{}, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	s.Bucket = aws.String(v)
-	return &s, nil
-}
-
-type RestoreObjectOutput struct {
-	_ struct{} `type:"structure"`
-
-	// If present, indicates that the requester was successfully charged for the
-	// request.
-	RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"`
-
-	// Indicates the path in the provided S3 output location where Select results
-	// will be restored to.
-	RestoreOutputPath *string `location:"header" locationName:"x-amz-restore-output-path" type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s RestoreObjectOutput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s RestoreObjectOutput) GoString() string {
-	return s.String()
-}
-
-// SetRequestCharged sets the RequestCharged field's value.
-func (s *RestoreObjectOutput) SetRequestCharged(v string) *RestoreObjectOutput {
-	s.RequestCharged = &v
-	return s
-}
-
-// SetRestoreOutputPath sets the RestoreOutputPath field's value.
-func (s *RestoreObjectOutput) SetRestoreOutputPath(v string) *RestoreObjectOutput {
-	s.RestoreOutputPath = &v
-	return s
-}
-
-// Container for restore job parameters.
-type RestoreRequest struct {
-	_ struct{} `type:"structure"`
-
-	// Lifetime of the active copy in days. Do not use with restores that specify
-	// OutputLocation.
-	//
-	// The Days element is required for regular restores, and must not be provided
-	// for select requests.
-	Days *int64 `type:"integer"`
-
-	// The optional description for the job.
-	Description *string `type:"string"`
-
-	// S3 Glacier related parameters pertaining to this job. Do not use with restores
-	// that specify OutputLocation.
-	GlacierJobParameters *GlacierJobParameters `type:"structure"`
-
-	// Describes the location where the restore job's output is stored.
-	OutputLocation *OutputLocation `type:"structure"`
-
-	// Describes the parameters for Select job types.
-	SelectParameters *SelectParameters `type:"structure"`
-
-	// Retrieval tier at which the restore will be processed.
-	Tier *string `type:"string" enum:"Tier"`
-
-	// Type of restore request.
-	Type *string `type:"string" enum:"RestoreRequestType"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s RestoreRequest) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s RestoreRequest) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *RestoreRequest) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "RestoreRequest"}
-	if s.GlacierJobParameters != nil {
-		if err := s.GlacierJobParameters.Validate(); err != nil {
-			invalidParams.AddNested("GlacierJobParameters", err.(request.ErrInvalidParams))
-		}
-	}
-	if s.OutputLocation != nil {
-		if err := s.OutputLocation.Validate(); err != nil {
-			invalidParams.AddNested("OutputLocation", err.(request.ErrInvalidParams))
-		}
-	}
-	if s.SelectParameters != nil {
-		if err := s.SelectParameters.Validate(); err != nil {
-			invalidParams.AddNested("SelectParameters", err.(request.ErrInvalidParams))
-		}
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetDays sets the Days field's value.
-func (s *RestoreRequest) SetDays(v int64) *RestoreRequest {
-	s.Days = &v
-	return s
-}
-
-// SetDescription sets the Description field's value.
-func (s *RestoreRequest) SetDescription(v string) *RestoreRequest {
-	s.Description = &v
-	return s
-}
-
-// SetGlacierJobParameters sets the GlacierJobParameters field's value.
-func (s *RestoreRequest) SetGlacierJobParameters(v *GlacierJobParameters) *RestoreRequest {
-	s.GlacierJobParameters = v
-	return s
-}
-
-// SetOutputLocation sets the OutputLocation field's value.
-func (s *RestoreRequest) SetOutputLocation(v *OutputLocation) *RestoreRequest {
-	s.OutputLocation = v
-	return s
-}
-
-// SetSelectParameters sets the SelectParameters field's value.
-func (s *RestoreRequest) SetSelectParameters(v *SelectParameters) *RestoreRequest {
-	s.SelectParameters = v
-	return s
-}
-
-// SetTier sets the Tier field's value.
-func (s *RestoreRequest) SetTier(v string) *RestoreRequest {
-	s.Tier = &v
-	return s
-}
-
-// SetType sets the Type field's value.
-func (s *RestoreRequest) SetType(v string) *RestoreRequest {
-	s.Type = &v
-	return s
-}
-
-// Specifies the redirect behavior and when a redirect is applied. For more
-// information about routing rules, see Configuring advanced conditional redirects
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/how-to-page-redirect.html#advanced-conditional-redirects)
-// in the Amazon S3 User Guide.
-type RoutingRule struct {
-	_ struct{} `type:"structure"`
-
-	// A container for describing a condition that must be met for the specified
-	// redirect to apply. For example, 1. If request is for pages in the /docs folder,
-	// redirect to the /documents folder. 2. If request results in HTTP error 4xx,
-	// redirect request to another host where you might process the error.
-	Condition *Condition `type:"structure"`
-
-	// Container for redirect information. You can redirect requests to another
-	// host, to another page, or with another protocol. In the event of an error,
-	// you can specify a different error code to return.
-	//
-	// Redirect is a required field
-	Redirect *Redirect `type:"structure" required:"true"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s RoutingRule) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s RoutingRule) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *RoutingRule) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "RoutingRule"}
-	if s.Redirect == nil {
-		invalidParams.Add(request.NewErrParamRequired("Redirect"))
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetCondition sets the Condition field's value.
-func (s *RoutingRule) SetCondition(v *Condition) *RoutingRule {
-	s.Condition = v
-	return s
-}
-
-// SetRedirect sets the Redirect field's value.
-func (s *RoutingRule) SetRedirect(v *Redirect) *RoutingRule {
-	s.Redirect = v
-	return s
-}
-
-// Specifies lifecycle rules for an Amazon S3 bucket. For more information,
-// see Put Bucket Lifecycle Configuration (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTlifecycle.html)
-// in the Amazon S3 API Reference. For examples, see Put Bucket Lifecycle Configuration
-// Examples (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycleConfiguration.html#API_PutBucketLifecycleConfiguration_Examples).
-type Rule struct {
-	_ struct{} `type:"structure"`
-
-	// Specifies the days since the initiation of an incomplete multipart upload
-	// that Amazon S3 will wait before permanently removing all parts of the upload.
-	// For more information, see Aborting Incomplete Multipart Uploads Using a Bucket
-	// Lifecycle Configuration (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html#mpu-abort-incomplete-mpu-lifecycle-config)
-	// in the Amazon S3 User Guide.
-	AbortIncompleteMultipartUpload *AbortIncompleteMultipartUpload `type:"structure"`
-
-	// Specifies the expiration for the lifecycle of the object.
-	Expiration *LifecycleExpiration `type:"structure"`
-
-	// Unique identifier for the rule. The value can't be longer than 255 characters.
-	ID *string `type:"string"`
-
-	// Specifies when noncurrent object versions expire. Upon expiration, Amazon
-	// S3 permanently deletes the noncurrent object versions. You set this lifecycle
-	// configuration action on a bucket that has versioning enabled (or suspended)
-	// to request that Amazon S3 delete noncurrent object versions at a specific
-	// period in the object's lifetime.
-	NoncurrentVersionExpiration *NoncurrentVersionExpiration `type:"structure"`
-
-	// Container for the transition rule that describes when noncurrent objects
-	// transition to the STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER_IR,
-	// GLACIER, or DEEP_ARCHIVE storage class. If your bucket is versioning-enabled
-	// (or versioning is suspended), you can set this action to request that Amazon
-	// S3 transition noncurrent object versions to the STANDARD_IA, ONEZONE_IA,
-	// INTELLIGENT_TIERING, GLACIER_IR, GLACIER, or DEEP_ARCHIVE storage class at
-	// a specific period in the object's lifetime.
-	NoncurrentVersionTransition *NoncurrentVersionTransition `type:"structure"`
-
-	// Object key prefix that identifies one or more objects to which this rule
-	// applies.
-	//
-	// Replacement must be made for object keys containing special characters (such
-	// as carriage returns) when using XML requests. For more information, see XML
-	// related object key constraints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints).
-	//
-	// Prefix is a required field
-	Prefix *string `type:"string" required:"true"`
-
-	// If Enabled, the rule is currently being applied. If Disabled, the rule is
-	// not currently being applied.
-	//
-	// Status is a required field
-	Status *string `type:"string" required:"true" enum:"ExpirationStatus"`
-
-	// Specifies when an object transitions to a specified storage class. For more
-	// information about Amazon S3 lifecycle configuration rules, see Transitioning
-	// Objects Using Amazon S3 Lifecycle (https://docs.aws.amazon.com/AmazonS3/latest/dev/lifecycle-transition-general-considerations.html)
-	// in the Amazon S3 User Guide.
-	Transition *Transition `type:"structure"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s Rule) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s Rule) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *Rule) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "Rule"}
-	if s.Prefix == nil {
-		invalidParams.Add(request.NewErrParamRequired("Prefix"))
-	}
-	if s.Status == nil {
-		invalidParams.Add(request.NewErrParamRequired("Status"))
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetAbortIncompleteMultipartUpload sets the AbortIncompleteMultipartUpload field's value.
-func (s *Rule) SetAbortIncompleteMultipartUpload(v *AbortIncompleteMultipartUpload) *Rule {
-	s.AbortIncompleteMultipartUpload = v
-	return s
-}
-
-// SetExpiration sets the Expiration field's value.
-func (s *Rule) SetExpiration(v *LifecycleExpiration) *Rule {
-	s.Expiration = v
-	return s
-}
-
-// SetID sets the ID field's value.
-func (s *Rule) SetID(v string) *Rule {
-	s.ID = &v
-	return s
-}
-
-// SetNoncurrentVersionExpiration sets the NoncurrentVersionExpiration field's value.
-func (s *Rule) SetNoncurrentVersionExpiration(v *NoncurrentVersionExpiration) *Rule {
-	s.NoncurrentVersionExpiration = v
-	return s
-}
-
-// SetNoncurrentVersionTransition sets the NoncurrentVersionTransition field's value.
-func (s *Rule) SetNoncurrentVersionTransition(v *NoncurrentVersionTransition) *Rule {
-	s.NoncurrentVersionTransition = v
-	return s
-}
-
-// SetPrefix sets the Prefix field's value.
-func (s *Rule) SetPrefix(v string) *Rule {
-	s.Prefix = &v
-	return s
-}
-
-// SetStatus sets the Status field's value.
-func (s *Rule) SetStatus(v string) *Rule {
-	s.Status = &v
-	return s
-}
-
-// SetTransition sets the Transition field's value.
-func (s *Rule) SetTransition(v *Transition) *Rule {
-	s.Transition = v
-	return s
-}
-
-// Specifies the use of SSE-KMS to encrypt delivered inventory reports.
-type SSEKMS struct {
-	_ struct{} `locationName:"SSE-KMS" type:"structure"`
-
-	// Specifies the ID of the Key Management Service (KMS) symmetric encryption
-	// customer managed key to use for encrypting inventory reports.
-	//
-	// KeyId is a sensitive parameter and its value will be
-	// replaced with "sensitive" in string returned by SSEKMS's
-	// String and GoString methods.
-	//
-	// KeyId is a required field
-	KeyId *string `type:"string" required:"true" sensitive:"true"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s SSEKMS) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s SSEKMS) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *SSEKMS) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "SSEKMS"}
-	if s.KeyId == nil {
-		invalidParams.Add(request.NewErrParamRequired("KeyId"))
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetKeyId sets the KeyId field's value.
-func (s *SSEKMS) SetKeyId(v string) *SSEKMS {
-	s.KeyId = &v
-	return s
-}
-
-// Specifies the use of SSE-S3 to encrypt delivered inventory reports.
-type SSES3 struct {
-	_ struct{} `locationName:"SSE-S3" type:"structure"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s SSES3) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s SSES3) GoString() string {
-	return s.String()
-}
-
-// Specifies the byte range of the object to get the records from. A record
-// is processed when its first byte is contained by the range. This parameter
-// is optional, but when specified, it must not be empty. See RFC 2616, Section
-// 14.35.1 about how to specify the start and end of the range.
-type ScanRange struct {
-	_ struct{} `type:"structure"`
-
-	// Specifies the end of the byte range. This parameter is optional. Valid values:
-	// non-negative integers. The default value is one less than the size of the
-	// object being queried. If only the End parameter is supplied, it is interpreted
-	// to mean scan the last N bytes of the file. For example, <scanrange><end>50</end></scanrange>
-	// means scan the last 50 bytes.
-	End *int64 `type:"long"`
-
-	// Specifies the start of the byte range. This parameter is optional. Valid
-	// values: non-negative integers. The default value is 0. If only start is supplied,
-	// it means scan from that point to the end of the file. For example, <scanrange><start>50</start></scanrange>
-	// means scan from byte 50 until the end of the file.
-	Start *int64 `type:"long"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s ScanRange) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s ScanRange) GoString() string {
-	return s.String()
-}
-
-// SetEnd sets the End field's value.
-func (s *ScanRange) SetEnd(v int64) *ScanRange {
-	s.End = &v
-	return s
-}
-
-// SetStart sets the Start field's value.
-func (s *ScanRange) SetStart(v int64) *ScanRange {
-	s.Start = &v
-	return s
-}
-
-// SelectObjectContentEventStreamEvent groups together all EventStream
-// events writes for SelectObjectContentEventStream.
-//
-// These events are:
-//
-//   - ContinuationEvent
-//   - EndEvent
-//   - ProgressEvent
-//   - RecordsEvent
-//   - StatsEvent
-type SelectObjectContentEventStreamEvent interface {
-	eventSelectObjectContentEventStream()
-	eventstreamapi.Marshaler
-	eventstreamapi.Unmarshaler
-}
-
-// SelectObjectContentEventStreamReader provides the interface for reading to the stream. The
-// default implementation for this interface will be SelectObjectContentEventStreamData.
-//
-// The reader's Close method must allow multiple concurrent calls.
-//
-// These events are:
-//
-//   - ContinuationEvent
-//   - EndEvent
-//   - ProgressEvent
-//   - RecordsEvent
-//   - StatsEvent
-//   - SelectObjectContentEventStreamUnknownEvent
-type SelectObjectContentEventStreamReader interface {
-	// Returns a channel of events as they are read from the event stream.
-	Events() <-chan SelectObjectContentEventStreamEvent
-
-	// Close will stop the reader reading events from the stream.
-	Close() error
-
-	// Returns any error that has occurred while reading from the event stream.
-	Err() error
-}
-
-type readSelectObjectContentEventStream struct {
-	eventReader *eventstreamapi.EventReader
-	stream      chan SelectObjectContentEventStreamEvent
-	err         *eventstreamapi.OnceError
-
-	done      chan struct{}
-	closeOnce sync.Once
-}
-
-func newReadSelectObjectContentEventStream(eventReader *eventstreamapi.EventReader) *readSelectObjectContentEventStream {
-	r := &readSelectObjectContentEventStream{
-		eventReader: eventReader,
-		stream:      make(chan SelectObjectContentEventStreamEvent),
-		done:        make(chan struct{}),
-		err:         eventstreamapi.NewOnceError(),
-	}
-	go r.readEventStream()
-
-	return r
-}
-
-// Close will close the underlying event stream reader.
-func (r *readSelectObjectContentEventStream) Close() error {
-	r.closeOnce.Do(r.safeClose)
-	return r.Err()
-}
-
-func (r *readSelectObjectContentEventStream) ErrorSet() <-chan struct{} {
-	return r.err.ErrorSet()
-}
-
-func (r *readSelectObjectContentEventStream) Closed() <-chan struct{} {
-	return r.done
-}
-
-func (r *readSelectObjectContentEventStream) safeClose() {
-	close(r.done)
-}
-
-func (r *readSelectObjectContentEventStream) Err() error {
-	return r.err.Err()
-}
-
-func (r *readSelectObjectContentEventStream) Events() <-chan SelectObjectContentEventStreamEvent {
-	return r.stream
-}
-
-func (r *readSelectObjectContentEventStream) readEventStream() {
-	defer r.Close()
-	defer close(r.stream)
-
-	for {
-		event, err := r.eventReader.ReadEvent()
-		if err != nil {
-			if err == io.EOF {
-				return
-			}
-			select {
-			case <-r.done:
-				// If closed already ignore the error
-				return
-			default:
-			}
-			if _, ok := err.(*eventstreamapi.UnknownMessageTypeError); ok {
-				continue
-			}
-			r.err.SetError(err)
-			return
-		}
-
-		select {
-		case r.stream <- event.(SelectObjectContentEventStreamEvent):
-		case <-r.done:
-			return
-		}
-	}
-}
-
-type unmarshalerForSelectObjectContentEventStreamEvent struct {
-	metadata protocol.ResponseMetadata
-}
-
-func (u unmarshalerForSelectObjectContentEventStreamEvent) UnmarshalerForEventName(eventType string) (eventstreamapi.Unmarshaler, error) {
-	switch eventType {
-	case "Cont":
-		return &ContinuationEvent{}, nil
-	case "End":
-		return &EndEvent{}, nil
-	case "Progress":
-		return &ProgressEvent{}, nil
-	case "Records":
-		return &RecordsEvent{}, nil
-	case "Stats":
-		return &StatsEvent{}, nil
-	default:
-		return &SelectObjectContentEventStreamUnknownEvent{Type: eventType}, nil
-	}
-}
-
-// SelectObjectContentEventStreamUnknownEvent provides a failsafe event for the
-// SelectObjectContentEventStream group of events when an unknown event is received.
-type SelectObjectContentEventStreamUnknownEvent struct {
-	Type    string
-	Message eventstream.Message
-}
-
-// The SelectObjectContentEventStreamUnknownEvent is and event in the SelectObjectContentEventStream
-// group of events.
-func (s *SelectObjectContentEventStreamUnknownEvent) eventSelectObjectContentEventStream() {}
-
-// MarshalEvent marshals the type into an stream event value. This method
-// should only used internally within the SDK's EventStream handling.
-func (e *SelectObjectContentEventStreamUnknownEvent) MarshalEvent(pm protocol.PayloadMarshaler) (
-	msg eventstream.Message, err error,
-) {
-	return e.Message.Clone(), nil
-}
-
-// UnmarshalEvent unmarshals the EventStream Message into the SelectObjectContentEventStreamData value.
-// This method is only used internally within the SDK's EventStream handling.
-func (e *SelectObjectContentEventStreamUnknownEvent) UnmarshalEvent(
-	payloadUnmarshaler protocol.PayloadUnmarshaler,
-	msg eventstream.Message,
-) error {
-	e.Message = msg.Clone()
-	return nil
-}
-
-// Request to filter the contents of an Amazon S3 object based on a simple Structured
-// Query Language (SQL) statement. In the request, along with the SQL expression,
-// you must specify a data serialization format (JSON or CSV) of the object.
-// Amazon S3 uses this to parse object data into records. It returns only records
-// that match the specified SQL expression. You must also specify the data serialization
-// format for the response. For more information, see S3Select API Documentation
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTObjectSELECTContent.html).
-type SelectObjectContentInput struct {
-	_ struct{} `locationName:"SelectObjectContentRequest" type:"structure" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"`
-
-	// The S3 bucket.
-	//
-	// Bucket is a required field
-	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
-
-	// The account ID of the expected bucket owner. If the bucket is owned by a
-	// different account, the request fails with the HTTP status code 403 Forbidden
-	// (access denied).
-	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
-
-	// The expression that is used to query the object.
-	//
-	// Expression is a required field
-	Expression *string `type:"string" required:"true"`
-
-	// The type of the provided expression (for example, SQL).
-	//
-	// ExpressionType is a required field
-	ExpressionType *string `type:"string" required:"true" enum:"ExpressionType"`
-
-	// Describes the format of the data in the object that is being queried.
-	//
-	// InputSerialization is a required field
-	InputSerialization *InputSerialization `type:"structure" required:"true"`
-
-	// The object key.
-	//
-	// Key is a required field
-	Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"`
-
-	// Describes the format of the data that you want Amazon S3 to return in response.
-	//
-	// OutputSerialization is a required field
-	OutputSerialization *OutputSerialization `type:"structure" required:"true"`
-
-	// Specifies if periodic request progress information should be enabled.
-	RequestProgress *RequestProgress `type:"structure"`
-
-	// The server-side encryption (SSE) algorithm used to encrypt the object. This
-	// parameter is needed only when the object was created using a checksum algorithm.
-	// For more information, see Protecting data using SSE-C keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html)
-	// in the Amazon S3 User Guide.
-	SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"`
-
-	// The server-side encryption (SSE) customer managed key. This parameter is
-	// needed only when the object was created using a checksum algorithm. For more
-	// information, see Protecting data using SSE-C keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html)
-	// in the Amazon S3 User Guide.
-	//
-	// SSECustomerKey is a sensitive parameter and its value will be
-	// replaced with "sensitive" in string returned by SelectObjectContentInput's
-	// String and GoString methods.
-	SSECustomerKey *string `marshal-as:"blob" location:"header" locationName:"x-amz-server-side-encryption-customer-key" type:"string" sensitive:"true"`
-
-	// The MD5 server-side encryption (SSE) customer managed key. This parameter
-	// is needed only when the object was created using a checksum algorithm. For
-	// more information, see Protecting data using SSE-C keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html)
-	// in the Amazon S3 User Guide.
-	SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"`
-
-	// Specifies the byte range of the object to get the records from. A record
-	// is processed when its first byte is contained by the range. This parameter
-	// is optional, but when specified, it must not be empty. See RFC 2616, Section
-	// 14.35.1 about how to specify the start and end of the range.
-	//
-	// ScanRangemay be used in the following ways:
-	//
-	//    * <scanrange><start>50</start><end>100</end></scanrange> - process only
-	//    the records starting between the bytes 50 and 100 (inclusive, counting
-	//    from zero)
-	//
-	//    * <scanrange><start>50</start></scanrange> - process only the records
-	//    starting after the byte 50
-	//
-	//    * <scanrange><end>50</end></scanrange> - process only the records within
-	//    the last 50 bytes of the file.
-	ScanRange *ScanRange `type:"structure"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s SelectObjectContentInput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s SelectObjectContentInput) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *SelectObjectContentInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "SelectObjectContentInput"}
-	if s.Bucket == nil {
-		invalidParams.Add(request.NewErrParamRequired("Bucket"))
-	}
-	if s.Bucket != nil && len(*s.Bucket) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
-	}
-	if s.Expression == nil {
-		invalidParams.Add(request.NewErrParamRequired("Expression"))
-	}
-	if s.ExpressionType == nil {
-		invalidParams.Add(request.NewErrParamRequired("ExpressionType"))
-	}
-	if s.InputSerialization == nil {
-		invalidParams.Add(request.NewErrParamRequired("InputSerialization"))
-	}
-	if s.Key == nil {
-		invalidParams.Add(request.NewErrParamRequired("Key"))
-	}
-	if s.Key != nil && len(*s.Key) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Key", 1))
-	}
-	if s.OutputSerialization == nil {
-		invalidParams.Add(request.NewErrParamRequired("OutputSerialization"))
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetBucket sets the Bucket field's value.
-func (s *SelectObjectContentInput) SetBucket(v string) *SelectObjectContentInput {
-	s.Bucket = &v
-	return s
-}
-
-func (s *SelectObjectContentInput) getBucket() (v string) {
-	if s.Bucket == nil {
-		return v
-	}
-	return *s.Bucket
-}
-
-// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
-func (s *SelectObjectContentInput) SetExpectedBucketOwner(v string) *SelectObjectContentInput {
-	s.ExpectedBucketOwner = &v
-	return s
-}
-
-// SetExpression sets the Expression field's value.
-func (s *SelectObjectContentInput) SetExpression(v string) *SelectObjectContentInput {
-	s.Expression = &v
-	return s
-}
-
-// SetExpressionType sets the ExpressionType field's value.
-func (s *SelectObjectContentInput) SetExpressionType(v string) *SelectObjectContentInput {
-	s.ExpressionType = &v
-	return s
-}
-
-// SetInputSerialization sets the InputSerialization field's value.
-func (s *SelectObjectContentInput) SetInputSerialization(v *InputSerialization) *SelectObjectContentInput {
-	s.InputSerialization = v
-	return s
-}
-
-// SetKey sets the Key field's value.
-func (s *SelectObjectContentInput) SetKey(v string) *SelectObjectContentInput {
-	s.Key = &v
-	return s
-}
-
-// SetOutputSerialization sets the OutputSerialization field's value.
-func (s *SelectObjectContentInput) SetOutputSerialization(v *OutputSerialization) *SelectObjectContentInput {
-	s.OutputSerialization = v
-	return s
-}
-
-// SetRequestProgress sets the RequestProgress field's value.
-func (s *SelectObjectContentInput) SetRequestProgress(v *RequestProgress) *SelectObjectContentInput {
-	s.RequestProgress = v
-	return s
-}
-
-// SetSSECustomerAlgorithm sets the SSECustomerAlgorithm field's value.
-func (s *SelectObjectContentInput) SetSSECustomerAlgorithm(v string) *SelectObjectContentInput {
-	s.SSECustomerAlgorithm = &v
-	return s
-}
-
-// SetSSECustomerKey sets the SSECustomerKey field's value.
-func (s *SelectObjectContentInput) SetSSECustomerKey(v string) *SelectObjectContentInput {
-	s.SSECustomerKey = &v
-	return s
-}
-
-func (s *SelectObjectContentInput) getSSECustomerKey() (v string) {
-	if s.SSECustomerKey == nil {
-		return v
-	}
-	return *s.SSECustomerKey
-}
-
-// SetSSECustomerKeyMD5 sets the SSECustomerKeyMD5 field's value.
-func (s *SelectObjectContentInput) SetSSECustomerKeyMD5(v string) *SelectObjectContentInput {
-	s.SSECustomerKeyMD5 = &v
-	return s
-}
-
-// SetScanRange sets the ScanRange field's value.
-func (s *SelectObjectContentInput) SetScanRange(v *ScanRange) *SelectObjectContentInput {
-	s.ScanRange = v
-	return s
-}
-
-func (s *SelectObjectContentInput) getEndpointARN() (arn.Resource, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	return parseEndpointARN(*s.Bucket)
-}
-
-func (s *SelectObjectContentInput) hasEndpointARN() bool {
-	if s.Bucket == nil {
-		return false
-	}
-	return arn.IsARN(*s.Bucket)
-}
-
-// updateArnableField updates the value of the input field that
-// takes an ARN as an input. This method is useful to backfill
-// the parsed resource name from ARN into the input member.
-// It returns a pointer to a modified copy of input and an error.
-// Note that original input is not modified.
-func (s SelectObjectContentInput) updateArnableField(v string) (interface{}, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	s.Bucket = aws.String(v)
-	return &s, nil
-}
-
-type SelectObjectContentOutput struct {
-	_ struct{} `type:"structure" payload:"Payload"`
-
-	EventStream *SelectObjectContentEventStream
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s SelectObjectContentOutput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s SelectObjectContentOutput) GoString() string {
-	return s.String()
-}
-
-func (s *SelectObjectContentOutput) SetEventStream(v *SelectObjectContentEventStream) *SelectObjectContentOutput {
-	s.EventStream = v
-	return s
-}
-func (s *SelectObjectContentOutput) GetEventStream() *SelectObjectContentEventStream {
-	return s.EventStream
-}
-
-// GetStream returns the type to interact with the event stream.
-func (s *SelectObjectContentOutput) GetStream() *SelectObjectContentEventStream {
-	return s.EventStream
-}
-
-// Describes the parameters for Select job types.
-type SelectParameters struct {
-	_ struct{} `type:"structure"`
-
-	// The expression that is used to query the object.
-	//
-	// Expression is a required field
-	Expression *string `type:"string" required:"true"`
-
-	// The type of the provided expression (for example, SQL).
-	//
-	// ExpressionType is a required field
-	ExpressionType *string `type:"string" required:"true" enum:"ExpressionType"`
-
-	// Describes the serialization format of the object.
-	//
-	// InputSerialization is a required field
-	InputSerialization *InputSerialization `type:"structure" required:"true"`
-
-	// Describes how the results of the Select job are serialized.
-	//
-	// OutputSerialization is a required field
-	OutputSerialization *OutputSerialization `type:"structure" required:"true"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s SelectParameters) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s SelectParameters) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *SelectParameters) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "SelectParameters"}
-	if s.Expression == nil {
-		invalidParams.Add(request.NewErrParamRequired("Expression"))
-	}
-	if s.ExpressionType == nil {
-		invalidParams.Add(request.NewErrParamRequired("ExpressionType"))
-	}
-	if s.InputSerialization == nil {
-		invalidParams.Add(request.NewErrParamRequired("InputSerialization"))
-	}
-	if s.OutputSerialization == nil {
-		invalidParams.Add(request.NewErrParamRequired("OutputSerialization"))
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetExpression sets the Expression field's value.
-func (s *SelectParameters) SetExpression(v string) *SelectParameters {
-	s.Expression = &v
-	return s
-}
-
-// SetExpressionType sets the ExpressionType field's value.
-func (s *SelectParameters) SetExpressionType(v string) *SelectParameters {
-	s.ExpressionType = &v
-	return s
-}
-
-// SetInputSerialization sets the InputSerialization field's value.
-func (s *SelectParameters) SetInputSerialization(v *InputSerialization) *SelectParameters {
-	s.InputSerialization = v
-	return s
-}
-
-// SetOutputSerialization sets the OutputSerialization field's value.
-func (s *SelectParameters) SetOutputSerialization(v *OutputSerialization) *SelectParameters {
-	s.OutputSerialization = v
-	return s
-}
-
-// Describes the default server-side encryption to apply to new objects in the
-// bucket. If a PUT Object request doesn't specify any server-side encryption,
-// this default encryption will be applied. If you don't specify a customer
-// managed key at configuration, Amazon S3 automatically creates an Amazon Web
-// Services KMS key in your Amazon Web Services account the first time that
-// you add an object encrypted with SSE-KMS to a bucket. By default, Amazon
-// S3 uses this KMS key for SSE-KMS. For more information, see PUT Bucket encryption
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTencryption.html)
-// in the Amazon S3 API Reference.
-type ServerSideEncryptionByDefault struct {
-	_ struct{} `type:"structure"`
-
-	// Amazon Web Services Key Management Service (KMS) customer Amazon Web Services
-	// KMS key ID to use for the default encryption. This parameter is allowed if
-	// and only if SSEAlgorithm is set to aws:kms.
-	//
-	// You can specify the key ID or the Amazon Resource Name (ARN) of the KMS key.
-	// If you use a key ID, you can run into a LogDestination undeliverable error
-	// when creating a VPC flow log.
-	//
-	// If you are using encryption with cross-account or Amazon Web Services service
-	// operations you must use a fully qualified KMS key ARN. For more information,
-	// see Using encryption for cross-account operations (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html#bucket-encryption-update-bucket-policy).
-	//
-	//    * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
-	//
-	//    * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
-	//
-	// Amazon S3 only supports symmetric encryption KMS keys. For more information,
-	// see Asymmetric keys in Amazon Web Services KMS (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html)
-	// in the Amazon Web Services Key Management Service Developer Guide.
-	//
-	// KMSMasterKeyID is a sensitive parameter and its value will be
-	// replaced with "sensitive" in string returned by ServerSideEncryptionByDefault's
-	// String and GoString methods.
-	KMSMasterKeyID *string `type:"string" sensitive:"true"`
-
-	// Server-side encryption algorithm to use for the default encryption.
-	//
-	// SSEAlgorithm is a required field
-	SSEAlgorithm *string `type:"string" required:"true" enum:"ServerSideEncryption"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s ServerSideEncryptionByDefault) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s ServerSideEncryptionByDefault) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *ServerSideEncryptionByDefault) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "ServerSideEncryptionByDefault"}
-	if s.SSEAlgorithm == nil {
-		invalidParams.Add(request.NewErrParamRequired("SSEAlgorithm"))
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetKMSMasterKeyID sets the KMSMasterKeyID field's value.
-func (s *ServerSideEncryptionByDefault) SetKMSMasterKeyID(v string) *ServerSideEncryptionByDefault {
-	s.KMSMasterKeyID = &v
-	return s
-}
-
-// SetSSEAlgorithm sets the SSEAlgorithm field's value.
-func (s *ServerSideEncryptionByDefault) SetSSEAlgorithm(v string) *ServerSideEncryptionByDefault {
-	s.SSEAlgorithm = &v
-	return s
-}
-
-// Specifies the default server-side-encryption configuration.
-type ServerSideEncryptionConfiguration struct {
-	_ struct{} `type:"structure"`
-
-	// Container for information about a particular server-side encryption configuration
-	// rule.
-	//
-	// Rules is a required field
-	Rules []*ServerSideEncryptionRule `locationName:"Rule" type:"list" flattened:"true" required:"true"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s ServerSideEncryptionConfiguration) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s ServerSideEncryptionConfiguration) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *ServerSideEncryptionConfiguration) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "ServerSideEncryptionConfiguration"}
-	if s.Rules == nil {
-		invalidParams.Add(request.NewErrParamRequired("Rules"))
-	}
-	if s.Rules != nil {
-		for i, v := range s.Rules {
-			if v == nil {
-				continue
-			}
-			if err := v.Validate(); err != nil {
-				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Rules", i), err.(request.ErrInvalidParams))
-			}
-		}
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetRules sets the Rules field's value.
-func (s *ServerSideEncryptionConfiguration) SetRules(v []*ServerSideEncryptionRule) *ServerSideEncryptionConfiguration {
-	s.Rules = v
-	return s
-}
-
-// Specifies the default server-side encryption configuration.
-type ServerSideEncryptionRule struct {
-	_ struct{} `type:"structure"`
-
-	// Specifies the default server-side encryption to apply to new objects in the
-	// bucket. If a PUT Object request doesn't specify any server-side encryption,
-	// this default encryption will be applied.
-	ApplyServerSideEncryptionByDefault *ServerSideEncryptionByDefault `type:"structure"`
-
-	// Specifies whether Amazon S3 should use an S3 Bucket Key with server-side
-	// encryption using KMS (SSE-KMS) for new objects in the bucket. Existing objects
-	// are not affected. Setting the BucketKeyEnabled element to true causes Amazon
-	// S3 to use an S3 Bucket Key. By default, S3 Bucket Key is not enabled.
-	//
-	// For more information, see Amazon S3 Bucket Keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-key.html)
-	// in the Amazon S3 User Guide.
-	BucketKeyEnabled *bool `type:"boolean"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s ServerSideEncryptionRule) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s ServerSideEncryptionRule) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *ServerSideEncryptionRule) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "ServerSideEncryptionRule"}
-	if s.ApplyServerSideEncryptionByDefault != nil {
-		if err := s.ApplyServerSideEncryptionByDefault.Validate(); err != nil {
-			invalidParams.AddNested("ApplyServerSideEncryptionByDefault", err.(request.ErrInvalidParams))
-		}
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetApplyServerSideEncryptionByDefault sets the ApplyServerSideEncryptionByDefault field's value.
-func (s *ServerSideEncryptionRule) SetApplyServerSideEncryptionByDefault(v *ServerSideEncryptionByDefault) *ServerSideEncryptionRule {
-	s.ApplyServerSideEncryptionByDefault = v
-	return s
-}
-
-// SetBucketKeyEnabled sets the BucketKeyEnabled field's value.
-func (s *ServerSideEncryptionRule) SetBucketKeyEnabled(v bool) *ServerSideEncryptionRule {
-	s.BucketKeyEnabled = &v
-	return s
-}
-
-// A container that describes additional filters for identifying the source
-// objects that you want to replicate. You can choose to enable or disable the
-// replication of these objects. Currently, Amazon S3 supports only the filter
-// that you can specify for objects created with server-side encryption using
-// a customer managed key stored in Amazon Web Services Key Management Service
-// (SSE-KMS).
-type SourceSelectionCriteria struct {
-	_ struct{} `type:"structure"`
-
-	// A filter that you can specify for selections for modifications on replicas.
-	// Amazon S3 doesn't replicate replica modifications by default. In the latest
-	// version of replication configuration (when Filter is specified), you can
-	// specify this element and set the status to Enabled to replicate modifications
-	// on replicas.
-	//
-	// If you don't specify the Filter element, Amazon S3 assumes that the replication
-	// configuration is the earlier version, V1. In the earlier version, this element
-	// is not allowed
-	ReplicaModifications *ReplicaModifications `type:"structure"`
-
-	// A container for filter information for the selection of Amazon S3 objects
-	// encrypted with Amazon Web Services KMS. If you include SourceSelectionCriteria
-	// in the replication configuration, this element is required.
-	SseKmsEncryptedObjects *SseKmsEncryptedObjects `type:"structure"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s SourceSelectionCriteria) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s SourceSelectionCriteria) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *SourceSelectionCriteria) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "SourceSelectionCriteria"}
-	if s.ReplicaModifications != nil {
-		if err := s.ReplicaModifications.Validate(); err != nil {
-			invalidParams.AddNested("ReplicaModifications", err.(request.ErrInvalidParams))
-		}
-	}
-	if s.SseKmsEncryptedObjects != nil {
-		if err := s.SseKmsEncryptedObjects.Validate(); err != nil {
-			invalidParams.AddNested("SseKmsEncryptedObjects", err.(request.ErrInvalidParams))
-		}
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetReplicaModifications sets the ReplicaModifications field's value.
-func (s *SourceSelectionCriteria) SetReplicaModifications(v *ReplicaModifications) *SourceSelectionCriteria {
-	s.ReplicaModifications = v
-	return s
-}
-
-// SetSseKmsEncryptedObjects sets the SseKmsEncryptedObjects field's value.
-func (s *SourceSelectionCriteria) SetSseKmsEncryptedObjects(v *SseKmsEncryptedObjects) *SourceSelectionCriteria {
-	s.SseKmsEncryptedObjects = v
-	return s
-}
-
-// A container for filter information for the selection of S3 objects encrypted
-// with Amazon Web Services KMS.
-type SseKmsEncryptedObjects struct {
-	_ struct{} `type:"structure"`
-
-	// Specifies whether Amazon S3 replicates objects created with server-side encryption
-	// using an Amazon Web Services KMS key stored in Amazon Web Services Key Management
-	// Service.
-	//
-	// Status is a required field
-	Status *string `type:"string" required:"true" enum:"SseKmsEncryptedObjectsStatus"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s SseKmsEncryptedObjects) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s SseKmsEncryptedObjects) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *SseKmsEncryptedObjects) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "SseKmsEncryptedObjects"}
-	if s.Status == nil {
-		invalidParams.Add(request.NewErrParamRequired("Status"))
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetStatus sets the Status field's value.
-func (s *SseKmsEncryptedObjects) SetStatus(v string) *SseKmsEncryptedObjects {
-	s.Status = &v
-	return s
-}
-
-// Container for the stats details.
-type Stats struct {
-	_ struct{} `type:"structure"`
-
-	// The total number of uncompressed object bytes processed.
-	BytesProcessed *int64 `type:"long"`
-
-	// The total number of bytes of records payload data returned.
-	BytesReturned *int64 `type:"long"`
-
-	// The total number of object bytes scanned.
-	BytesScanned *int64 `type:"long"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s Stats) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s Stats) GoString() string {
-	return s.String()
-}
-
-// SetBytesProcessed sets the BytesProcessed field's value.
-func (s *Stats) SetBytesProcessed(v int64) *Stats {
-	s.BytesProcessed = &v
-	return s
-}
-
-// SetBytesReturned sets the BytesReturned field's value.
-func (s *Stats) SetBytesReturned(v int64) *Stats {
-	s.BytesReturned = &v
-	return s
-}
-
-// SetBytesScanned sets the BytesScanned field's value.
-func (s *Stats) SetBytesScanned(v int64) *Stats {
-	s.BytesScanned = &v
-	return s
-}
-
-// Container for the Stats Event.
-type StatsEvent struct {
-	_ struct{} `locationName:"StatsEvent" type:"structure" payload:"Details"`
-
-	// The Stats event details.
-	Details *Stats `locationName:"Details" type:"structure"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s StatsEvent) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s StatsEvent) GoString() string {
-	return s.String()
-}
-
-// SetDetails sets the Details field's value.
-func (s *StatsEvent) SetDetails(v *Stats) *StatsEvent {
-	s.Details = v
-	return s
-}
-
-// The StatsEvent is and event in the SelectObjectContentEventStream group of events.
-func (s *StatsEvent) eventSelectObjectContentEventStream() {}
-
-// UnmarshalEvent unmarshals the EventStream Message into the StatsEvent value.
-// This method is only used internally within the SDK's EventStream handling.
-func (s *StatsEvent) UnmarshalEvent(
-	payloadUnmarshaler protocol.PayloadUnmarshaler,
-	msg eventstream.Message,
-) error {
-	if err := payloadUnmarshaler.UnmarshalPayload(
-		bytes.NewReader(msg.Payload), s,
-	); err != nil {
-		return err
-	}
-	return nil
-}
-
-// MarshalEvent marshals the type into an stream event value. This method
-// should only used internally within the SDK's EventStream handling.
-func (s *StatsEvent) MarshalEvent(pm protocol.PayloadMarshaler) (msg eventstream.Message, err error) {
-	msg.Headers.Set(eventstreamapi.MessageTypeHeader, eventstream.StringValue(eventstreamapi.EventMessageType))
-	var buf bytes.Buffer
-	if err = pm.MarshalPayload(&buf, s); err != nil {
-		return eventstream.Message{}, err
-	}
-	msg.Payload = buf.Bytes()
-	return msg, err
-}
-
-// Specifies data related to access patterns to be collected and made available
-// to analyze the tradeoffs between different storage classes for an Amazon
-// S3 bucket.
-type StorageClassAnalysis struct {
-	_ struct{} `type:"structure"`
-
-	// Specifies how data related to the storage class analysis for an Amazon S3
-	// bucket should be exported.
-	DataExport *StorageClassAnalysisDataExport `type:"structure"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s StorageClassAnalysis) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s StorageClassAnalysis) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *StorageClassAnalysis) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "StorageClassAnalysis"}
-	if s.DataExport != nil {
-		if err := s.DataExport.Validate(); err != nil {
-			invalidParams.AddNested("DataExport", err.(request.ErrInvalidParams))
-		}
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetDataExport sets the DataExport field's value.
-func (s *StorageClassAnalysis) SetDataExport(v *StorageClassAnalysisDataExport) *StorageClassAnalysis {
-	s.DataExport = v
-	return s
-}
-
-// Container for data related to the storage class analysis for an Amazon S3
-// bucket for export.
-type StorageClassAnalysisDataExport struct {
-	_ struct{} `type:"structure"`
-
-	// The place to store the data for an analysis.
-	//
-	// Destination is a required field
-	Destination *AnalyticsExportDestination `type:"structure" required:"true"`
-
-	// The version of the output schema to use when exporting data. Must be V_1.
-	//
-	// OutputSchemaVersion is a required field
-	OutputSchemaVersion *string `type:"string" required:"true" enum:"StorageClassAnalysisSchemaVersion"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s StorageClassAnalysisDataExport) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s StorageClassAnalysisDataExport) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *StorageClassAnalysisDataExport) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "StorageClassAnalysisDataExport"}
-	if s.Destination == nil {
-		invalidParams.Add(request.NewErrParamRequired("Destination"))
-	}
-	if s.OutputSchemaVersion == nil {
-		invalidParams.Add(request.NewErrParamRequired("OutputSchemaVersion"))
-	}
-	if s.Destination != nil {
-		if err := s.Destination.Validate(); err != nil {
-			invalidParams.AddNested("Destination", err.(request.ErrInvalidParams))
-		}
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetDestination sets the Destination field's value.
-func (s *StorageClassAnalysisDataExport) SetDestination(v *AnalyticsExportDestination) *StorageClassAnalysisDataExport {
-	s.Destination = v
-	return s
-}
-
-// SetOutputSchemaVersion sets the OutputSchemaVersion field's value.
-func (s *StorageClassAnalysisDataExport) SetOutputSchemaVersion(v string) *StorageClassAnalysisDataExport {
-	s.OutputSchemaVersion = &v
-	return s
-}
-
-// A container of a key value name pair.
-type Tag struct {
-	_ struct{} `type:"structure"`
-
-	// Name of the object key.
-	//
-	// Key is a required field
-	Key *string `min:"1" type:"string" required:"true"`
-
-	// Value of the tag.
-	//
-	// Value is a required field
-	Value *string `type:"string" required:"true"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s Tag) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s Tag) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *Tag) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "Tag"}
-	if s.Key == nil {
-		invalidParams.Add(request.NewErrParamRequired("Key"))
-	}
-	if s.Key != nil && len(*s.Key) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Key", 1))
-	}
-	if s.Value == nil {
-		invalidParams.Add(request.NewErrParamRequired("Value"))
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetKey sets the Key field's value.
-func (s *Tag) SetKey(v string) *Tag {
-	s.Key = &v
-	return s
-}
-
-// SetValue sets the Value field's value.
-func (s *Tag) SetValue(v string) *Tag {
-	s.Value = &v
-	return s
-}
-
-// Container for TagSet elements.
-type Tagging struct {
-	_ struct{} `type:"structure"`
-
-	// A collection for a set of tags
-	//
-	// TagSet is a required field
-	TagSet []*Tag `locationNameList:"Tag" type:"list" required:"true"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s Tagging) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s Tagging) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *Tagging) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "Tagging"}
-	if s.TagSet == nil {
-		invalidParams.Add(request.NewErrParamRequired("TagSet"))
-	}
-	if s.TagSet != nil {
-		for i, v := range s.TagSet {
-			if v == nil {
-				continue
-			}
-			if err := v.Validate(); err != nil {
-				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "TagSet", i), err.(request.ErrInvalidParams))
-			}
-		}
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetTagSet sets the TagSet field's value.
-func (s *Tagging) SetTagSet(v []*Tag) *Tagging {
-	s.TagSet = v
-	return s
-}
-
-// Container for granting information.
-//
-// Buckets that use the bucket owner enforced setting for Object Ownership don't
-// support target grants. For more information, see Permissions server access
-// log delivery (https://docs.aws.amazon.com/AmazonS3/latest/userguide/enable-server-access-logging.html#grant-log-delivery-permissions-general)
-// in the Amazon S3 User Guide.
-type TargetGrant struct {
-	_ struct{} `type:"structure"`
-
-	// Container for the person being granted permissions.
-	Grantee *Grantee `type:"structure" xmlPrefix:"xsi" xmlURI:"http://www.w3.org/2001/XMLSchema-instance"`
-
-	// Logging permissions assigned to the grantee for the bucket.
-	Permission *string `type:"string" enum:"BucketLogsPermission"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s TargetGrant) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s TargetGrant) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *TargetGrant) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "TargetGrant"}
-	if s.Grantee != nil {
-		if err := s.Grantee.Validate(); err != nil {
-			invalidParams.AddNested("Grantee", err.(request.ErrInvalidParams))
-		}
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetGrantee sets the Grantee field's value.
-func (s *TargetGrant) SetGrantee(v *Grantee) *TargetGrant {
-	s.Grantee = v
-	return s
-}
-
-// SetPermission sets the Permission field's value.
-func (s *TargetGrant) SetPermission(v string) *TargetGrant {
-	s.Permission = &v
-	return s
-}
-
-// The S3 Intelligent-Tiering storage class is designed to optimize storage
-// costs by automatically moving data to the most cost-effective storage access
-// tier, without additional operational overhead.
-type Tiering struct {
-	_ struct{} `type:"structure"`
-
-	// S3 Intelligent-Tiering access tier. See Storage class for automatically optimizing
-	// frequently and infrequently accessed objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html#sc-dynamic-data-access)
-	// for a list of access tiers in the S3 Intelligent-Tiering storage class.
-	//
-	// AccessTier is a required field
-	AccessTier *string `type:"string" required:"true" enum:"IntelligentTieringAccessTier"`
-
-	// The number of consecutive days of no access after which an object will be
-	// eligible to be transitioned to the corresponding tier. The minimum number
-	// of days specified for Archive Access tier must be at least 90 days and Deep
-	// Archive Access tier must be at least 180 days. The maximum can be up to 2
-	// years (730 days).
-	//
-	// Days is a required field
-	Days *int64 `type:"integer" required:"true"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s Tiering) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s Tiering) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *Tiering) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "Tiering"}
-	if s.AccessTier == nil {
-		invalidParams.Add(request.NewErrParamRequired("AccessTier"))
-	}
-	if s.Days == nil {
-		invalidParams.Add(request.NewErrParamRequired("Days"))
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetAccessTier sets the AccessTier field's value.
-func (s *Tiering) SetAccessTier(v string) *Tiering {
-	s.AccessTier = &v
-	return s
-}
-
-// SetDays sets the Days field's value.
-func (s *Tiering) SetDays(v int64) *Tiering {
-	s.Days = &v
-	return s
-}
-
-// A container for specifying the configuration for publication of messages
-// to an Amazon Simple Notification Service (Amazon SNS) topic when Amazon S3
-// detects specified events.
-type TopicConfiguration struct {
-	_ struct{} `type:"structure"`
-
-	// The Amazon S3 bucket event about which to send notifications. For more information,
-	// see Supported Event Types (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html)
-	// in the Amazon S3 User Guide.
-	//
-	// Events is a required field
-	Events []*string `locationName:"Event" type:"list" flattened:"true" required:"true" enum:"Event"`
-
-	// Specifies object key name filtering rules. For information about key name
-	// filtering, see Configuring event notifications using object key name filtering
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/notification-how-to-filtering.html)
-	// in the Amazon S3 User Guide.
-	Filter *NotificationConfigurationFilter `type:"structure"`
-
-	// An optional unique identifier for configurations in a notification configuration.
-	// If you don't provide one, Amazon S3 will assign an ID.
-	Id *string `type:"string"`
-
-	// The Amazon Resource Name (ARN) of the Amazon SNS topic to which Amazon S3
-	// publishes a message when it detects events of the specified type.
-	//
-	// TopicArn is a required field
-	TopicArn *string `locationName:"Topic" type:"string" required:"true"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s TopicConfiguration) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s TopicConfiguration) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *TopicConfiguration) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "TopicConfiguration"}
-	if s.Events == nil {
-		invalidParams.Add(request.NewErrParamRequired("Events"))
-	}
-	if s.TopicArn == nil {
-		invalidParams.Add(request.NewErrParamRequired("TopicArn"))
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetEvents sets the Events field's value.
-func (s *TopicConfiguration) SetEvents(v []*string) *TopicConfiguration {
-	s.Events = v
-	return s
-}
-
-// SetFilter sets the Filter field's value.
-func (s *TopicConfiguration) SetFilter(v *NotificationConfigurationFilter) *TopicConfiguration {
-	s.Filter = v
-	return s
-}
-
-// SetId sets the Id field's value.
-func (s *TopicConfiguration) SetId(v string) *TopicConfiguration {
-	s.Id = &v
-	return s
-}
-
-// SetTopicArn sets the TopicArn field's value.
-func (s *TopicConfiguration) SetTopicArn(v string) *TopicConfiguration {
-	s.TopicArn = &v
-	return s
-}
-
-// A container for specifying the configuration for publication of messages
-// to an Amazon Simple Notification Service (Amazon SNS) topic when Amazon S3
-// detects specified events. This data type is deprecated. Use TopicConfiguration
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_TopicConfiguration.html)
-// instead.
-type TopicConfigurationDeprecated struct {
-	_ struct{} `type:"structure"`
-
-	// Bucket event for which to send notifications.
-	//
-	// Deprecated: Event has been deprecated
-	Event *string `deprecated:"true" type:"string" enum:"Event"`
-
-	// A collection of events related to objects
-	Events []*string `locationName:"Event" type:"list" flattened:"true" enum:"Event"`
-
-	// An optional unique identifier for configurations in a notification configuration.
-	// If you don't provide one, Amazon S3 will assign an ID.
-	Id *string `type:"string"`
-
-	// Amazon SNS topic to which Amazon S3 will publish a message to report the
-	// specified events for the bucket.
-	Topic *string `type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s TopicConfigurationDeprecated) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s TopicConfigurationDeprecated) GoString() string {
-	return s.String()
-}
-
-// SetEvent sets the Event field's value.
-func (s *TopicConfigurationDeprecated) SetEvent(v string) *TopicConfigurationDeprecated {
-	s.Event = &v
-	return s
-}
-
-// SetEvents sets the Events field's value.
-func (s *TopicConfigurationDeprecated) SetEvents(v []*string) *TopicConfigurationDeprecated {
-	s.Events = v
-	return s
-}
-
-// SetId sets the Id field's value.
-func (s *TopicConfigurationDeprecated) SetId(v string) *TopicConfigurationDeprecated {
-	s.Id = &v
-	return s
-}
-
-// SetTopic sets the Topic field's value.
-func (s *TopicConfigurationDeprecated) SetTopic(v string) *TopicConfigurationDeprecated {
-	s.Topic = &v
-	return s
-}
-
-// Specifies when an object transitions to a specified storage class. For more
-// information about Amazon S3 lifecycle configuration rules, see Transitioning
-// Objects Using Amazon S3 Lifecycle (https://docs.aws.amazon.com/AmazonS3/latest/dev/lifecycle-transition-general-considerations.html)
-// in the Amazon S3 User Guide.
-type Transition struct {
-	_ struct{} `type:"structure"`
-
-	// Indicates when objects are transitioned to the specified storage class. The
-	// date value must be in ISO 8601 format. The time is always midnight UTC.
-	Date *time.Time `type:"timestamp" timestampFormat:"iso8601"`
-
-	// Indicates the number of days after creation when objects are transitioned
-	// to the specified storage class. The value must be a positive integer.
-	Days *int64 `type:"integer"`
-
-	// The storage class to which you want the object to transition.
-	StorageClass *string `type:"string" enum:"TransitionStorageClass"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s Transition) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s Transition) GoString() string {
-	return s.String()
-}
-
-// SetDate sets the Date field's value.
-func (s *Transition) SetDate(v time.Time) *Transition {
-	s.Date = &v
-	return s
-}
-
-// SetDays sets the Days field's value.
-func (s *Transition) SetDays(v int64) *Transition {
-	s.Days = &v
-	return s
-}
-
-// SetStorageClass sets the StorageClass field's value.
-func (s *Transition) SetStorageClass(v string) *Transition {
-	s.StorageClass = &v
-	return s
-}
-
-type UploadPartCopyInput struct {
-	_ struct{} `locationName:"UploadPartCopyRequest" type:"structure"`
-
-	// The bucket name.
-	//
-	// When using this action with an access point, you must direct requests to
-	// the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com.
-	// When using this action with an access point through the Amazon Web Services
-	// SDKs, you provide the access point ARN in place of the bucket name. For more
-	// information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
-	// in the Amazon S3 User Guide.
-	//
-	// When you use this action with Amazon S3 on Outposts, you must direct requests
-	// to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form
-	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When
-	// you use this action with S3 on Outposts through the Amazon Web Services SDKs,
-	// you provide the Outposts access point ARN in place of the bucket name. For
-	// more information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
-	// in the Amazon S3 User Guide.
-	//
-	// Bucket is a required field
-	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
-
-	// Specifies the source object for the copy operation. You specify the value
-	// in one of two formats, depending on whether you want to access the source
-	// object through an access point (https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-points.html):
-	//
-	//    * For objects not accessed through an access point, specify the name of
-	//    the source bucket and key of the source object, separated by a slash (/).
-	//    For example, to copy the object reports/january.pdf from the bucket awsexamplebucket,
-	//    use awsexamplebucket/reports/january.pdf. The value must be URL-encoded.
-	//
-	//    * For objects accessed through access points, specify the Amazon Resource
-	//    Name (ARN) of the object as accessed through the access point, in the
-	//    format arn:aws:s3:<Region>:<account-id>:accesspoint/<access-point-name>/object/<key>.
-	//    For example, to copy the object reports/january.pdf through access point
-	//    my-access-point owned by account 123456789012 in Region us-west-2, use
-	//    the URL encoding of arn:aws:s3:us-west-2:123456789012:accesspoint/my-access-point/object/reports/january.pdf.
-	//    The value must be URL encoded. Amazon S3 supports copy operations using
-	//    access points only when the source and destination buckets are in the
-	//    same Amazon Web Services Region. Alternatively, for objects accessed through
-	//    Amazon S3 on Outposts, specify the ARN of the object as accessed in the
-	//    format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/object/<key>.
-	//    For example, to copy the object reports/january.pdf through outpost my-outpost
-	//    owned by account 123456789012 in Region us-west-2, use the URL encoding
-	//    of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/object/reports/january.pdf.
-	//    The value must be URL-encoded.
-	//
-	// To copy a specific version of an object, append ?versionId=<version-id> to
-	// the value (for example, awsexamplebucket/reports/january.pdf?versionId=QUpfdndhfd8438MNFDN93jdnJFkdmqnh893).
-	// If you don't specify a version ID, Amazon S3 copies the latest version of
-	// the source object.
-	//
-	// CopySource is a required field
-	CopySource *string `location:"header" locationName:"x-amz-copy-source" type:"string" required:"true"`
-
-	// Copies the object if its entity tag (ETag) matches the specified tag.
-	CopySourceIfMatch *string `location:"header" locationName:"x-amz-copy-source-if-match" type:"string"`
-
-	// Copies the object if it has been modified since the specified time.
-	CopySourceIfModifiedSince *time.Time `location:"header" locationName:"x-amz-copy-source-if-modified-since" type:"timestamp"`
-
-	// Copies the object if its entity tag (ETag) is different than the specified
-	// ETag.
-	CopySourceIfNoneMatch *string `location:"header" locationName:"x-amz-copy-source-if-none-match" type:"string"`
-
-	// Copies the object if it hasn't been modified since the specified time.
-	CopySourceIfUnmodifiedSince *time.Time `location:"header" locationName:"x-amz-copy-source-if-unmodified-since" type:"timestamp"`
-
-	// The range of bytes to copy from the source object. The range value must use
-	// the form bytes=first-last, where the first and last are the zero-based byte
-	// offsets to copy. For example, bytes=0-9 indicates that you want to copy the
-	// first 10 bytes of the source. You can copy a range only if the source object
-	// is greater than 5 MB.
-	CopySourceRange *string `location:"header" locationName:"x-amz-copy-source-range" type:"string"`
-
-	// Specifies the algorithm to use when decrypting the source object (for example,
-	// AES256).
-	CopySourceSSECustomerAlgorithm *string `location:"header" locationName:"x-amz-copy-source-server-side-encryption-customer-algorithm" type:"string"`
-
-	// Specifies the customer-provided encryption key for Amazon S3 to use to decrypt
-	// the source object. The encryption key provided in this header must be one
-	// that was used when the source object was created.
-	//
-	// CopySourceSSECustomerKey is a sensitive parameter and its value will be
-	// replaced with "sensitive" in string returned by UploadPartCopyInput's
-	// String and GoString methods.
-	CopySourceSSECustomerKey *string `marshal-as:"blob" location:"header" locationName:"x-amz-copy-source-server-side-encryption-customer-key" type:"string" sensitive:"true"`
-
-	// Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321.
-	// Amazon S3 uses this header for a message integrity check to ensure that the
-	// encryption key was transmitted without error.
-	CopySourceSSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-copy-source-server-side-encryption-customer-key-MD5" type:"string"`
-
-	// The account ID of the expected destination bucket owner. If the destination
-	// bucket is owned by a different account, the request fails with the HTTP status
-	// code 403 Forbidden (access denied).
-	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
-
-	// The account ID of the expected source bucket owner. If the source bucket
-	// is owned by a different account, the request fails with the HTTP status code
-	// 403 Forbidden (access denied).
-	ExpectedSourceBucketOwner *string `location:"header" locationName:"x-amz-source-expected-bucket-owner" type:"string"`
-
-	// Object key for which the multipart upload was initiated.
-	//
-	// Key is a required field
-	Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"`
-
-	// Part number of part being copied. This is a positive integer between 1 and
-	// 10,000.
-	//
-	// PartNumber is a required field
-	PartNumber *int64 `location:"querystring" locationName:"partNumber" type:"integer" required:"true"`
-
-	// Confirms that the requester knows that they will be charged for the request.
-	// Bucket owners need not specify this parameter in their requests. For information
-	// about downloading objects from Requester Pays buckets, see Downloading Objects
-	// in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
-	// in the Amazon S3 User Guide.
-	RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"`
-
-	// Specifies the algorithm to use to when encrypting the object (for example,
-	// AES256).
-	SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"`
-
-	// Specifies the customer-provided encryption key for Amazon S3 to use in encrypting
-	// data. This value is used to store the object and then it is discarded; Amazon
-	// S3 does not store the encryption key. The key must be appropriate for use
-	// with the algorithm specified in the x-amz-server-side-encryption-customer-algorithm
-	// header. This must be the same encryption key specified in the initiate multipart
-	// upload request.
-	//
-	// SSECustomerKey is a sensitive parameter and its value will be
-	// replaced with "sensitive" in string returned by UploadPartCopyInput's
-	// String and GoString methods.
-	SSECustomerKey *string `marshal-as:"blob" location:"header" locationName:"x-amz-server-side-encryption-customer-key" type:"string" sensitive:"true"`
-
-	// Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321.
-	// Amazon S3 uses this header for a message integrity check to ensure that the
-	// encryption key was transmitted without error.
-	SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"`
-
-	// Upload ID identifying the multipart upload whose part is being copied.
-	//
-	// UploadId is a required field
-	UploadId *string `location:"querystring" locationName:"uploadId" type:"string" required:"true"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s UploadPartCopyInput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s UploadPartCopyInput) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *UploadPartCopyInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "UploadPartCopyInput"}
-	if s.Bucket == nil {
-		invalidParams.Add(request.NewErrParamRequired("Bucket"))
-	}
-	if s.Bucket != nil && len(*s.Bucket) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
-	}
-	if s.CopySource == nil {
-		invalidParams.Add(request.NewErrParamRequired("CopySource"))
-	}
-	if s.Key == nil {
-		invalidParams.Add(request.NewErrParamRequired("Key"))
-	}
-	if s.Key != nil && len(*s.Key) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Key", 1))
-	}
-	if s.PartNumber == nil {
-		invalidParams.Add(request.NewErrParamRequired("PartNumber"))
-	}
-	if s.UploadId == nil {
-		invalidParams.Add(request.NewErrParamRequired("UploadId"))
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetBucket sets the Bucket field's value.
-func (s *UploadPartCopyInput) SetBucket(v string) *UploadPartCopyInput {
-	s.Bucket = &v
-	return s
-}
-
-func (s *UploadPartCopyInput) getBucket() (v string) {
-	if s.Bucket == nil {
-		return v
-	}
-	return *s.Bucket
-}
-
-// SetCopySource sets the CopySource field's value.
-func (s *UploadPartCopyInput) SetCopySource(v string) *UploadPartCopyInput {
-	s.CopySource = &v
-	return s
-}
-
-// SetCopySourceIfMatch sets the CopySourceIfMatch field's value.
-func (s *UploadPartCopyInput) SetCopySourceIfMatch(v string) *UploadPartCopyInput {
-	s.CopySourceIfMatch = &v
-	return s
-}
-
-// SetCopySourceIfModifiedSince sets the CopySourceIfModifiedSince field's value.
-func (s *UploadPartCopyInput) SetCopySourceIfModifiedSince(v time.Time) *UploadPartCopyInput {
-	s.CopySourceIfModifiedSince = &v
-	return s
-}
-
-// SetCopySourceIfNoneMatch sets the CopySourceIfNoneMatch field's value.
-func (s *UploadPartCopyInput) SetCopySourceIfNoneMatch(v string) *UploadPartCopyInput {
-	s.CopySourceIfNoneMatch = &v
-	return s
-}
-
-// SetCopySourceIfUnmodifiedSince sets the CopySourceIfUnmodifiedSince field's value.
-func (s *UploadPartCopyInput) SetCopySourceIfUnmodifiedSince(v time.Time) *UploadPartCopyInput {
-	s.CopySourceIfUnmodifiedSince = &v
-	return s
-}
-
-// SetCopySourceRange sets the CopySourceRange field's value.
-func (s *UploadPartCopyInput) SetCopySourceRange(v string) *UploadPartCopyInput {
-	s.CopySourceRange = &v
-	return s
-}
-
-// SetCopySourceSSECustomerAlgorithm sets the CopySourceSSECustomerAlgorithm field's value.
-func (s *UploadPartCopyInput) SetCopySourceSSECustomerAlgorithm(v string) *UploadPartCopyInput {
-	s.CopySourceSSECustomerAlgorithm = &v
-	return s
-}
-
-// SetCopySourceSSECustomerKey sets the CopySourceSSECustomerKey field's value.
-func (s *UploadPartCopyInput) SetCopySourceSSECustomerKey(v string) *UploadPartCopyInput {
-	s.CopySourceSSECustomerKey = &v
-	return s
-}
-
-func (s *UploadPartCopyInput) getCopySourceSSECustomerKey() (v string) {
-	if s.CopySourceSSECustomerKey == nil {
-		return v
-	}
-	return *s.CopySourceSSECustomerKey
-}
-
-// SetCopySourceSSECustomerKeyMD5 sets the CopySourceSSECustomerKeyMD5 field's value.
-func (s *UploadPartCopyInput) SetCopySourceSSECustomerKeyMD5(v string) *UploadPartCopyInput {
-	s.CopySourceSSECustomerKeyMD5 = &v
-	return s
-}
-
-// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
-func (s *UploadPartCopyInput) SetExpectedBucketOwner(v string) *UploadPartCopyInput {
-	s.ExpectedBucketOwner = &v
-	return s
-}
-
-// SetExpectedSourceBucketOwner sets the ExpectedSourceBucketOwner field's value.
-func (s *UploadPartCopyInput) SetExpectedSourceBucketOwner(v string) *UploadPartCopyInput {
-	s.ExpectedSourceBucketOwner = &v
-	return s
-}
-
-// SetKey sets the Key field's value.
-func (s *UploadPartCopyInput) SetKey(v string) *UploadPartCopyInput {
-	s.Key = &v
-	return s
-}
-
-// SetPartNumber sets the PartNumber field's value.
-func (s *UploadPartCopyInput) SetPartNumber(v int64) *UploadPartCopyInput {
-	s.PartNumber = &v
-	return s
-}
-
-// SetRequestPayer sets the RequestPayer field's value.
-func (s *UploadPartCopyInput) SetRequestPayer(v string) *UploadPartCopyInput {
-	s.RequestPayer = &v
-	return s
-}
-
-// SetSSECustomerAlgorithm sets the SSECustomerAlgorithm field's value.
-func (s *UploadPartCopyInput) SetSSECustomerAlgorithm(v string) *UploadPartCopyInput {
-	s.SSECustomerAlgorithm = &v
-	return s
-}
-
-// SetSSECustomerKey sets the SSECustomerKey field's value.
-func (s *UploadPartCopyInput) SetSSECustomerKey(v string) *UploadPartCopyInput {
-	s.SSECustomerKey = &v
-	return s
-}
-
-func (s *UploadPartCopyInput) getSSECustomerKey() (v string) {
-	if s.SSECustomerKey == nil {
-		return v
-	}
-	return *s.SSECustomerKey
-}
-
-// SetSSECustomerKeyMD5 sets the SSECustomerKeyMD5 field's value.
-func (s *UploadPartCopyInput) SetSSECustomerKeyMD5(v string) *UploadPartCopyInput {
-	s.SSECustomerKeyMD5 = &v
-	return s
-}
-
-// SetUploadId sets the UploadId field's value.
-func (s *UploadPartCopyInput) SetUploadId(v string) *UploadPartCopyInput {
-	s.UploadId = &v
-	return s
-}
-
-func (s *UploadPartCopyInput) getEndpointARN() (arn.Resource, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	return parseEndpointARN(*s.Bucket)
-}
-
-func (s *UploadPartCopyInput) hasEndpointARN() bool {
-	if s.Bucket == nil {
-		return false
-	}
-	return arn.IsARN(*s.Bucket)
-}
-
-// updateArnableField updates the value of the input field that
-// takes an ARN as an input. This method is useful to backfill
-// the parsed resource name from ARN into the input member.
-// It returns a pointer to a modified copy of input and an error.
-// Note that original input is not modified.
-func (s UploadPartCopyInput) updateArnableField(v string) (interface{}, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	s.Bucket = aws.String(v)
-	return &s, nil
-}
-
-type UploadPartCopyOutput struct {
-	_ struct{} `type:"structure" payload:"CopyPartResult"`
-
-	// Indicates whether the multipart upload uses an S3 Bucket Key for server-side
-	// encryption with Key Management Service (KMS) keys (SSE-KMS).
-	BucketKeyEnabled *bool `location:"header" locationName:"x-amz-server-side-encryption-bucket-key-enabled" type:"boolean"`
-
-	// Container for all response elements.
-	CopyPartResult *CopyPartResult `type:"structure"`
-
-	// The version of the source object that was copied, if you have enabled versioning
-	// on the source bucket.
-	CopySourceVersionId *string `location:"header" locationName:"x-amz-copy-source-version-id" type:"string"`
-
-	// If present, indicates that the requester was successfully charged for the
-	// request.
-	RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"`
-
-	// If server-side encryption with a customer-provided encryption key was requested,
-	// the response will include this header confirming the encryption algorithm
-	// used.
-	SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"`
-
-	// If server-side encryption with a customer-provided encryption key was requested,
-	// the response will include this header to provide round-trip message integrity
-	// verification of the customer-provided encryption key.
-	SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"`
-
-	// If present, specifies the ID of the Key Management Service (KMS) symmetric
-	// encryption customer managed key that was used for the object.
-	//
-	// SSEKMSKeyId is a sensitive parameter and its value will be
-	// replaced with "sensitive" in string returned by UploadPartCopyOutput's
-	// String and GoString methods.
-	SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"`
-
-	// The server-side encryption algorithm used when storing this object in Amazon
-	// S3 (for example, AES256, aws:kms).
-	ServerSideEncryption *string `location:"header" locationName:"x-amz-server-side-encryption" type:"string" enum:"ServerSideEncryption"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s UploadPartCopyOutput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s UploadPartCopyOutput) GoString() string {
-	return s.String()
-}
-
-// SetBucketKeyEnabled sets the BucketKeyEnabled field's value.
-func (s *UploadPartCopyOutput) SetBucketKeyEnabled(v bool) *UploadPartCopyOutput {
-	s.BucketKeyEnabled = &v
-	return s
-}
-
-// SetCopyPartResult sets the CopyPartResult field's value.
-func (s *UploadPartCopyOutput) SetCopyPartResult(v *CopyPartResult) *UploadPartCopyOutput {
-	s.CopyPartResult = v
-	return s
-}
-
-// SetCopySourceVersionId sets the CopySourceVersionId field's value.
-func (s *UploadPartCopyOutput) SetCopySourceVersionId(v string) *UploadPartCopyOutput {
-	s.CopySourceVersionId = &v
-	return s
-}
-
-// SetRequestCharged sets the RequestCharged field's value.
-func (s *UploadPartCopyOutput) SetRequestCharged(v string) *UploadPartCopyOutput {
-	s.RequestCharged = &v
-	return s
-}
-
-// SetSSECustomerAlgorithm sets the SSECustomerAlgorithm field's value.
-func (s *UploadPartCopyOutput) SetSSECustomerAlgorithm(v string) *UploadPartCopyOutput {
-	s.SSECustomerAlgorithm = &v
-	return s
-}
-
-// SetSSECustomerKeyMD5 sets the SSECustomerKeyMD5 field's value.
-func (s *UploadPartCopyOutput) SetSSECustomerKeyMD5(v string) *UploadPartCopyOutput {
-	s.SSECustomerKeyMD5 = &v
-	return s
-}
-
-// SetSSEKMSKeyId sets the SSEKMSKeyId field's value.
-func (s *UploadPartCopyOutput) SetSSEKMSKeyId(v string) *UploadPartCopyOutput {
-	s.SSEKMSKeyId = &v
-	return s
-}
-
-// SetServerSideEncryption sets the ServerSideEncryption field's value.
-func (s *UploadPartCopyOutput) SetServerSideEncryption(v string) *UploadPartCopyOutput {
-	s.ServerSideEncryption = &v
-	return s
-}
-
-type UploadPartInput struct {
-	_ struct{} `locationName:"UploadPartRequest" type:"structure" payload:"Body"`
-
-	// Object data.
-	Body io.ReadSeeker `type:"blob"`
-
-	// The name of the bucket to which the multipart upload was initiated.
-	//
-	// When using this action with an access point, you must direct requests to
-	// the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com.
-	// When using this action with an access point through the Amazon Web Services
-	// SDKs, you provide the access point ARN in place of the bucket name. For more
-	// information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
-	// in the Amazon S3 User Guide.
-	//
-	// When you use this action with Amazon S3 on Outposts, you must direct requests
-	// to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form
-	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When
-	// you use this action with S3 on Outposts through the Amazon Web Services SDKs,
-	// you provide the Outposts access point ARN in place of the bucket name. For
-	// more information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
-	// in the Amazon S3 User Guide.
-	//
-	// Bucket is a required field
-	Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
-
-	// Indicates the algorithm used to create the checksum for the object when using
-	// the SDK. This header will not provide any additional functionality if not
-	// using the SDK. When sending this header, there must be a corresponding x-amz-checksum
-	// or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with
-	// the HTTP status code 400 Bad Request. For more information, see Checking
-	// object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
-	// in the Amazon S3 User Guide.
-	//
-	// If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm
-	// parameter.
-	//
-	// This checksum algorithm must be the same for all parts and it match the checksum
-	// value supplied in the CreateMultipartUpload request.
-	//
-	// The AWS SDK for Go v1 does not support automatic computing request payload
-	// checksum. This feature is available in the AWS SDK for Go v2. If a value
-	// is specified for this parameter, the matching algorithm's checksum member
-	// must be populated with the algorithm's checksum of the request payload.
-	ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"`
-
-	// This header can be used as a data integrity check to verify that the data
-	// received is the same data that was originally sent. This header specifies
-	// the base64-encoded, 32-bit CRC32 checksum of the object. For more information,
-	// see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
-	// in the Amazon S3 User Guide.
-	ChecksumCRC32 *string `location:"header" locationName:"x-amz-checksum-crc32" type:"string"`
-
-	// This header can be used as a data integrity check to verify that the data
-	// received is the same data that was originally sent. This header specifies
-	// the base64-encoded, 32-bit CRC32C checksum of the object. For more information,
-	// see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
-	// in the Amazon S3 User Guide.
-	ChecksumCRC32C *string `location:"header" locationName:"x-amz-checksum-crc32c" type:"string"`
-
-	// This header can be used as a data integrity check to verify that the data
-	// received is the same data that was originally sent. This header specifies
-	// the base64-encoded, 160-bit SHA-1 digest of the object. For more information,
-	// see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
-	// in the Amazon S3 User Guide.
-	ChecksumSHA1 *string `location:"header" locationName:"x-amz-checksum-sha1" type:"string"`
-
-	// This header can be used as a data integrity check to verify that the data
-	// received is the same data that was originally sent. This header specifies
-	// the base64-encoded, 256-bit SHA-256 digest of the object. For more information,
-	// see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
-	// in the Amazon S3 User Guide.
-	ChecksumSHA256 *string `location:"header" locationName:"x-amz-checksum-sha256" type:"string"`
-
-	// Size of the body in bytes. This parameter is useful when the size of the
-	// body cannot be determined automatically.
-	ContentLength *int64 `location:"header" locationName:"Content-Length" type:"long"`
-
-	// The base64-encoded 128-bit MD5 digest of the part data. This parameter is
-	// auto-populated when using the command from the CLI. This parameter is required
-	// if object lock parameters are specified.
-	ContentMD5 *string `location:"header" locationName:"Content-MD5" type:"string"`
-
-	// The account ID of the expected bucket owner. If the bucket is owned by a
-	// different account, the request fails with the HTTP status code 403 Forbidden
-	// (access denied).
-	ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
-
-	// Object key for which the multipart upload was initiated.
-	//
-	// Key is a required field
-	Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"`
-
-	// Part number of part being uploaded. This is a positive integer between 1
-	// and 10,000.
-	//
-	// PartNumber is a required field
-	PartNumber *int64 `location:"querystring" locationName:"partNumber" type:"integer" required:"true"`
-
-	// Confirms that the requester knows that they will be charged for the request.
-	// Bucket owners need not specify this parameter in their requests. For information
-	// about downloading objects from Requester Pays buckets, see Downloading Objects
-	// in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
-	// in the Amazon S3 User Guide.
-	RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"`
-
-	// Specifies the algorithm to use to when encrypting the object (for example,
-	// AES256).
-	SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"`
-
-	// Specifies the customer-provided encryption key for Amazon S3 to use in encrypting
-	// data. This value is used to store the object and then it is discarded; Amazon
-	// S3 does not store the encryption key. The key must be appropriate for use
-	// with the algorithm specified in the x-amz-server-side-encryption-customer-algorithm
-	// header. This must be the same encryption key specified in the initiate multipart
-	// upload request.
-	//
-	// SSECustomerKey is a sensitive parameter and its value will be
-	// replaced with "sensitive" in string returned by UploadPartInput's
-	// String and GoString methods.
-	SSECustomerKey *string `marshal-as:"blob" location:"header" locationName:"x-amz-server-side-encryption-customer-key" type:"string" sensitive:"true"`
-
-	// Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321.
-	// Amazon S3 uses this header for a message integrity check to ensure that the
-	// encryption key was transmitted without error.
-	SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"`
-
-	// Upload ID identifying the multipart upload whose part is being uploaded.
-	//
-	// UploadId is a required field
-	UploadId *string `location:"querystring" locationName:"uploadId" type:"string" required:"true"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s UploadPartInput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s UploadPartInput) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *UploadPartInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "UploadPartInput"}
-	if s.Bucket == nil {
-		invalidParams.Add(request.NewErrParamRequired("Bucket"))
-	}
-	if s.Bucket != nil && len(*s.Bucket) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Bucket", 1))
-	}
-	if s.Key == nil {
-		invalidParams.Add(request.NewErrParamRequired("Key"))
-	}
-	if s.Key != nil && len(*s.Key) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Key", 1))
-	}
-	if s.PartNumber == nil {
-		invalidParams.Add(request.NewErrParamRequired("PartNumber"))
-	}
-	if s.UploadId == nil {
-		invalidParams.Add(request.NewErrParamRequired("UploadId"))
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetBody sets the Body field's value.
-func (s *UploadPartInput) SetBody(v io.ReadSeeker) *UploadPartInput {
-	s.Body = v
-	return s
-}
-
-// SetBucket sets the Bucket field's value.
-func (s *UploadPartInput) SetBucket(v string) *UploadPartInput {
-	s.Bucket = &v
-	return s
-}
-
-func (s *UploadPartInput) getBucket() (v string) {
-	if s.Bucket == nil {
-		return v
-	}
-	return *s.Bucket
-}
-
-// SetChecksumAlgorithm sets the ChecksumAlgorithm field's value.
-func (s *UploadPartInput) SetChecksumAlgorithm(v string) *UploadPartInput {
-	s.ChecksumAlgorithm = &v
-	return s
-}
-
-// SetChecksumCRC32 sets the ChecksumCRC32 field's value.
-func (s *UploadPartInput) SetChecksumCRC32(v string) *UploadPartInput {
-	s.ChecksumCRC32 = &v
-	return s
-}
-
-// SetChecksumCRC32C sets the ChecksumCRC32C field's value.
-func (s *UploadPartInput) SetChecksumCRC32C(v string) *UploadPartInput {
-	s.ChecksumCRC32C = &v
-	return s
-}
-
-// SetChecksumSHA1 sets the ChecksumSHA1 field's value.
-func (s *UploadPartInput) SetChecksumSHA1(v string) *UploadPartInput {
-	s.ChecksumSHA1 = &v
-	return s
-}
-
-// SetChecksumSHA256 sets the ChecksumSHA256 field's value.
-func (s *UploadPartInput) SetChecksumSHA256(v string) *UploadPartInput {
-	s.ChecksumSHA256 = &v
-	return s
-}
-
-// SetContentLength sets the ContentLength field's value.
-func (s *UploadPartInput) SetContentLength(v int64) *UploadPartInput {
-	s.ContentLength = &v
-	return s
-}
-
-// SetContentMD5 sets the ContentMD5 field's value.
-func (s *UploadPartInput) SetContentMD5(v string) *UploadPartInput {
-	s.ContentMD5 = &v
-	return s
-}
-
-// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value.
-func (s *UploadPartInput) SetExpectedBucketOwner(v string) *UploadPartInput {
-	s.ExpectedBucketOwner = &v
-	return s
-}
-
-// SetKey sets the Key field's value.
-func (s *UploadPartInput) SetKey(v string) *UploadPartInput {
-	s.Key = &v
-	return s
-}
-
-// SetPartNumber sets the PartNumber field's value.
-func (s *UploadPartInput) SetPartNumber(v int64) *UploadPartInput {
-	s.PartNumber = &v
-	return s
-}
-
-// SetRequestPayer sets the RequestPayer field's value.
-func (s *UploadPartInput) SetRequestPayer(v string) *UploadPartInput {
-	s.RequestPayer = &v
-	return s
-}
-
-// SetSSECustomerAlgorithm sets the SSECustomerAlgorithm field's value.
-func (s *UploadPartInput) SetSSECustomerAlgorithm(v string) *UploadPartInput {
-	s.SSECustomerAlgorithm = &v
-	return s
-}
-
-// SetSSECustomerKey sets the SSECustomerKey field's value.
-func (s *UploadPartInput) SetSSECustomerKey(v string) *UploadPartInput {
-	s.SSECustomerKey = &v
-	return s
-}
-
-func (s *UploadPartInput) getSSECustomerKey() (v string) {
-	if s.SSECustomerKey == nil {
-		return v
-	}
-	return *s.SSECustomerKey
-}
-
-// SetSSECustomerKeyMD5 sets the SSECustomerKeyMD5 field's value.
-func (s *UploadPartInput) SetSSECustomerKeyMD5(v string) *UploadPartInput {
-	s.SSECustomerKeyMD5 = &v
-	return s
-}
-
-// SetUploadId sets the UploadId field's value.
-func (s *UploadPartInput) SetUploadId(v string) *UploadPartInput {
-	s.UploadId = &v
-	return s
-}
-
-func (s *UploadPartInput) getEndpointARN() (arn.Resource, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	return parseEndpointARN(*s.Bucket)
-}
-
-func (s *UploadPartInput) hasEndpointARN() bool {
-	if s.Bucket == nil {
-		return false
-	}
-	return arn.IsARN(*s.Bucket)
-}
-
-// updateArnableField updates the value of the input field that
-// takes an ARN as an input. This method is useful to backfill
-// the parsed resource name from ARN into the input member.
-// It returns a pointer to a modified copy of input and an error.
-// Note that original input is not modified.
-func (s UploadPartInput) updateArnableField(v string) (interface{}, error) {
-	if s.Bucket == nil {
-		return nil, fmt.Errorf("member Bucket is nil")
-	}
-	s.Bucket = aws.String(v)
-	return &s, nil
-}
-
-type UploadPartOutput struct {
-	_ struct{} `type:"structure"`
-
-	// Indicates whether the multipart upload uses an S3 Bucket Key for server-side
-	// encryption with Key Management Service (KMS) keys (SSE-KMS).
-	BucketKeyEnabled *bool `location:"header" locationName:"x-amz-server-side-encryption-bucket-key-enabled" type:"boolean"`
-
-	// The base64-encoded, 32-bit CRC32 checksum of the object. This will only be
-	// present if it was uploaded with the object. With multipart uploads, this
-	// may not be a checksum value of the object. For more information about how
-	// checksums are calculated with multipart uploads, see Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
-	// in the Amazon S3 User Guide.
-	ChecksumCRC32 *string `location:"header" locationName:"x-amz-checksum-crc32" type:"string"`
-
-	// The base64-encoded, 32-bit CRC32C checksum of the object. This will only
-	// be present if it was uploaded with the object. With multipart uploads, this
-	// may not be a checksum value of the object. For more information about how
-	// checksums are calculated with multipart uploads, see Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
-	// in the Amazon S3 User Guide.
-	ChecksumCRC32C *string `location:"header" locationName:"x-amz-checksum-crc32c" type:"string"`
-
-	// The base64-encoded, 160-bit SHA-1 digest of the object. This will only be
-	// present if it was uploaded with the object. With multipart uploads, this
-	// may not be a checksum value of the object. For more information about how
-	// checksums are calculated with multipart uploads, see Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
-	// in the Amazon S3 User Guide.
-	ChecksumSHA1 *string `location:"header" locationName:"x-amz-checksum-sha1" type:"string"`
-
-	// The base64-encoded, 256-bit SHA-256 digest of the object. This will only
-	// be present if it was uploaded with the object. With multipart uploads, this
-	// may not be a checksum value of the object. For more information about how
-	// checksums are calculated with multipart uploads, see Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
-	// in the Amazon S3 User Guide.
-	ChecksumSHA256 *string `location:"header" locationName:"x-amz-checksum-sha256" type:"string"`
-
-	// Entity tag for the uploaded object.
-	ETag *string `location:"header" locationName:"ETag" type:"string"`
-
-	// If present, indicates that the requester was successfully charged for the
-	// request.
-	RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"`
-
-	// If server-side encryption with a customer-provided encryption key was requested,
-	// the response will include this header confirming the encryption algorithm
-	// used.
-	SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"`
-
-	// If server-side encryption with a customer-provided encryption key was requested,
-	// the response will include this header to provide round-trip message integrity
-	// verification of the customer-provided encryption key.
-	SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"`
-
-	// If present, specifies the ID of the Key Management Service (KMS) symmetric
-	// encryption customer managed key was used for the object.
-	//
-	// SSEKMSKeyId is a sensitive parameter and its value will be
-	// replaced with "sensitive" in string returned by UploadPartOutput's
-	// String and GoString methods.
-	SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"`
-
-	// The server-side encryption algorithm used when storing this object in Amazon
-	// S3 (for example, AES256, aws:kms).
-	ServerSideEncryption *string `location:"header" locationName:"x-amz-server-side-encryption" type:"string" enum:"ServerSideEncryption"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s UploadPartOutput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s UploadPartOutput) GoString() string {
-	return s.String()
-}
-
-// SetBucketKeyEnabled sets the BucketKeyEnabled field's value.
-func (s *UploadPartOutput) SetBucketKeyEnabled(v bool) *UploadPartOutput {
-	s.BucketKeyEnabled = &v
-	return s
-}
-
-// SetChecksumCRC32 sets the ChecksumCRC32 field's value.
-func (s *UploadPartOutput) SetChecksumCRC32(v string) *UploadPartOutput {
-	s.ChecksumCRC32 = &v
-	return s
-}
-
-// SetChecksumCRC32C sets the ChecksumCRC32C field's value.
-func (s *UploadPartOutput) SetChecksumCRC32C(v string) *UploadPartOutput {
-	s.ChecksumCRC32C = &v
-	return s
-}
-
-// SetChecksumSHA1 sets the ChecksumSHA1 field's value.
-func (s *UploadPartOutput) SetChecksumSHA1(v string) *UploadPartOutput {
-	s.ChecksumSHA1 = &v
-	return s
-}
-
-// SetChecksumSHA256 sets the ChecksumSHA256 field's value.
-func (s *UploadPartOutput) SetChecksumSHA256(v string) *UploadPartOutput {
-	s.ChecksumSHA256 = &v
-	return s
-}
-
-// SetETag sets the ETag field's value.
-func (s *UploadPartOutput) SetETag(v string) *UploadPartOutput {
-	s.ETag = &v
-	return s
-}
-
-// SetRequestCharged sets the RequestCharged field's value.
-func (s *UploadPartOutput) SetRequestCharged(v string) *UploadPartOutput {
-	s.RequestCharged = &v
-	return s
-}
-
-// SetSSECustomerAlgorithm sets the SSECustomerAlgorithm field's value.
-func (s *UploadPartOutput) SetSSECustomerAlgorithm(v string) *UploadPartOutput {
-	s.SSECustomerAlgorithm = &v
-	return s
-}
-
-// SetSSECustomerKeyMD5 sets the SSECustomerKeyMD5 field's value.
-func (s *UploadPartOutput) SetSSECustomerKeyMD5(v string) *UploadPartOutput {
-	s.SSECustomerKeyMD5 = &v
-	return s
-}
-
-// SetSSEKMSKeyId sets the SSEKMSKeyId field's value.
-func (s *UploadPartOutput) SetSSEKMSKeyId(v string) *UploadPartOutput {
-	s.SSEKMSKeyId = &v
-	return s
-}
-
-// SetServerSideEncryption sets the ServerSideEncryption field's value.
-func (s *UploadPartOutput) SetServerSideEncryption(v string) *UploadPartOutput {
-	s.ServerSideEncryption = &v
-	return s
-}
-
-// Describes the versioning state of an Amazon S3 bucket. For more information,
-// see PUT Bucket versioning (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTVersioningStatus.html)
-// in the Amazon S3 API Reference.
-type VersioningConfiguration struct {
-	_ struct{} `type:"structure"`
-
-	// Specifies whether MFA delete is enabled in the bucket versioning configuration.
-	// This element is only returned if the bucket has been configured with MFA
-	// delete. If the bucket has never been so configured, this element is not returned.
-	MFADelete *string `locationName:"MfaDelete" type:"string" enum:"MFADelete"`
-
-	// The versioning state of the bucket.
-	Status *string `type:"string" enum:"BucketVersioningStatus"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s VersioningConfiguration) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s VersioningConfiguration) GoString() string {
-	return s.String()
-}
-
-// SetMFADelete sets the MFADelete field's value.
-func (s *VersioningConfiguration) SetMFADelete(v string) *VersioningConfiguration {
-	s.MFADelete = &v
-	return s
-}
-
-// SetStatus sets the Status field's value.
-func (s *VersioningConfiguration) SetStatus(v string) *VersioningConfiguration {
-	s.Status = &v
-	return s
-}
-
-// Specifies website configuration parameters for an Amazon S3 bucket.
-type WebsiteConfiguration struct {
-	_ struct{} `type:"structure"`
-
-	// The name of the error document for the website.
-	ErrorDocument *ErrorDocument `type:"structure"`
-
-	// The name of the index document for the website.
-	IndexDocument *IndexDocument `type:"structure"`
-
-	// The redirect behavior for every request to this bucket's website endpoint.
-	//
-	// If you specify this property, you can't specify any other property.
-	RedirectAllRequestsTo *RedirectAllRequestsTo `type:"structure"`
-
-	// Rules that define when a redirect is applied and the redirect behavior.
-	RoutingRules []*RoutingRule `locationNameList:"RoutingRule" type:"list"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s WebsiteConfiguration) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s WebsiteConfiguration) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *WebsiteConfiguration) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "WebsiteConfiguration"}
-	if s.ErrorDocument != nil {
-		if err := s.ErrorDocument.Validate(); err != nil {
-			invalidParams.AddNested("ErrorDocument", err.(request.ErrInvalidParams))
-		}
-	}
-	if s.IndexDocument != nil {
-		if err := s.IndexDocument.Validate(); err != nil {
-			invalidParams.AddNested("IndexDocument", err.(request.ErrInvalidParams))
-		}
-	}
-	if s.RedirectAllRequestsTo != nil {
-		if err := s.RedirectAllRequestsTo.Validate(); err != nil {
-			invalidParams.AddNested("RedirectAllRequestsTo", err.(request.ErrInvalidParams))
-		}
-	}
-	if s.RoutingRules != nil {
-		for i, v := range s.RoutingRules {
-			if v == nil {
-				continue
-			}
-			if err := v.Validate(); err != nil {
-				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "RoutingRules", i), err.(request.ErrInvalidParams))
-			}
-		}
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetErrorDocument sets the ErrorDocument field's value.
-func (s *WebsiteConfiguration) SetErrorDocument(v *ErrorDocument) *WebsiteConfiguration {
-	s.ErrorDocument = v
-	return s
-}
-
-// SetIndexDocument sets the IndexDocument field's value.
-func (s *WebsiteConfiguration) SetIndexDocument(v *IndexDocument) *WebsiteConfiguration {
-	s.IndexDocument = v
-	return s
-}
-
-// SetRedirectAllRequestsTo sets the RedirectAllRequestsTo field's value.
-func (s *WebsiteConfiguration) SetRedirectAllRequestsTo(v *RedirectAllRequestsTo) *WebsiteConfiguration {
-	s.RedirectAllRequestsTo = v
-	return s
-}
-
-// SetRoutingRules sets the RoutingRules field's value.
-func (s *WebsiteConfiguration) SetRoutingRules(v []*RoutingRule) *WebsiteConfiguration {
-	s.RoutingRules = v
-	return s
-}
-
-type WriteGetObjectResponseInput struct {
-	_ struct{} `locationName:"WriteGetObjectResponseRequest" type:"structure" payload:"Body"`
-
-	// Indicates that a range of bytes was specified.
-	AcceptRanges *string `location:"header" locationName:"x-amz-fwd-header-accept-ranges" type:"string"`
-
-	// The object data.
-	//
-	// To use an non-seekable io.Reader for this request wrap the io.Reader with
-	// "aws.ReadSeekCloser". The SDK will not retry request errors for non-seekable
-	// readers. This will allow the SDK to send the reader's payload as chunked
-	// transfer encoding.
-	Body io.ReadSeeker `type:"blob"`
-
-	// Indicates whether the object stored in Amazon S3 uses an S3 bucket key for
-	// server-side encryption with Amazon Web Services KMS (SSE-KMS).
-	BucketKeyEnabled *bool `location:"header" locationName:"x-amz-fwd-header-x-amz-server-side-encryption-bucket-key-enabled" type:"boolean"`
-
-	// Specifies caching behavior along the request/reply chain.
-	CacheControl *string `location:"header" locationName:"x-amz-fwd-header-Cache-Control" type:"string"`
-
-	// This header can be used as a data integrity check to verify that the data
-	// received is the same data that was originally sent. This specifies the base64-encoded,
-	// 32-bit CRC32 checksum of the object returned by the Object Lambda function.
-	// This may not match the checksum for the object stored in Amazon S3. Amazon
-	// S3 will perform validation of the checksum values only when the original
-	// GetObject request required checksum validation. For more information about
-	// checksums, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
-	// in the Amazon S3 User Guide.
-	//
-	// Only one checksum header can be specified at a time. If you supply multiple
-	// checksum headers, this request will fail.
-	ChecksumCRC32 *string `location:"header" locationName:"x-amz-fwd-header-x-amz-checksum-crc32" type:"string"`
-
-	// This header can be used as a data integrity check to verify that the data
-	// received is the same data that was originally sent. This specifies the base64-encoded,
-	// 32-bit CRC32C checksum of the object returned by the Object Lambda function.
-	// This may not match the checksum for the object stored in Amazon S3. Amazon
-	// S3 will perform validation of the checksum values only when the original
-	// GetObject request required checksum validation. For more information about
-	// checksums, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
-	// in the Amazon S3 User Guide.
-	//
-	// Only one checksum header can be specified at a time. If you supply multiple
-	// checksum headers, this request will fail.
-	ChecksumCRC32C *string `location:"header" locationName:"x-amz-fwd-header-x-amz-checksum-crc32c" type:"string"`
-
-	// This header can be used as a data integrity check to verify that the data
-	// received is the same data that was originally sent. This specifies the base64-encoded,
-	// 160-bit SHA-1 digest of the object returned by the Object Lambda function.
-	// This may not match the checksum for the object stored in Amazon S3. Amazon
-	// S3 will perform validation of the checksum values only when the original
-	// GetObject request required checksum validation. For more information about
-	// checksums, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
-	// in the Amazon S3 User Guide.
-	//
-	// Only one checksum header can be specified at a time. If you supply multiple
-	// checksum headers, this request will fail.
-	ChecksumSHA1 *string `location:"header" locationName:"x-amz-fwd-header-x-amz-checksum-sha1" type:"string"`
-
-	// This header can be used as a data integrity check to verify that the data
-	// received is the same data that was originally sent. This specifies the base64-encoded,
-	// 256-bit SHA-256 digest of the object returned by the Object Lambda function.
-	// This may not match the checksum for the object stored in Amazon S3. Amazon
-	// S3 will perform validation of the checksum values only when the original
-	// GetObject request required checksum validation. For more information about
-	// checksums, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
-	// in the Amazon S3 User Guide.
-	//
-	// Only one checksum header can be specified at a time. If you supply multiple
-	// checksum headers, this request will fail.
-	ChecksumSHA256 *string `location:"header" locationName:"x-amz-fwd-header-x-amz-checksum-sha256" type:"string"`
-
-	// Specifies presentational information for the object.
-	ContentDisposition *string `location:"header" locationName:"x-amz-fwd-header-Content-Disposition" type:"string"`
-
-	// Specifies what content encodings have been applied to the object and thus
-	// what decoding mechanisms must be applied to obtain the media-type referenced
-	// by the Content-Type header field.
-	ContentEncoding *string `location:"header" locationName:"x-amz-fwd-header-Content-Encoding" type:"string"`
-
-	// The language the content is in.
-	ContentLanguage *string `location:"header" locationName:"x-amz-fwd-header-Content-Language" type:"string"`
-
-	// The size of the content body in bytes.
-	ContentLength *int64 `location:"header" locationName:"Content-Length" type:"long"`
-
-	// The portion of the object returned in the response.
-	ContentRange *string `location:"header" locationName:"x-amz-fwd-header-Content-Range" type:"string"`
-
-	// A standard MIME type describing the format of the object data.
-	ContentType *string `location:"header" locationName:"x-amz-fwd-header-Content-Type" type:"string"`
-
-	// Specifies whether an object stored in Amazon S3 is (true) or is not (false)
-	// a delete marker.
-	DeleteMarker *bool `location:"header" locationName:"x-amz-fwd-header-x-amz-delete-marker" type:"boolean"`
-
-	// An opaque identifier assigned by a web server to a specific version of a
-	// resource found at a URL.
-	ETag *string `location:"header" locationName:"x-amz-fwd-header-ETag" type:"string"`
-
-	// A string that uniquely identifies an error condition. Returned in the <Code>
-	// tag of the error XML response for a corresponding GetObject call. Cannot
-	// be used with a successful StatusCode header or when the transformed object
-	// is provided in the body. All error codes from S3 are sentence-cased. The
-	// regular expression (regex) value is "^[A-Z][a-zA-Z]+$".
-	ErrorCode *string `location:"header" locationName:"x-amz-fwd-error-code" type:"string"`
-
-	// Contains a generic description of the error condition. Returned in the <Message>
-	// tag of the error XML response for a corresponding GetObject call. Cannot
-	// be used with a successful StatusCode header or when the transformed object
-	// is provided in body.
-	ErrorMessage *string `location:"header" locationName:"x-amz-fwd-error-message" type:"string"`
-
-	// If the object expiration is configured (see PUT Bucket lifecycle), the response
-	// includes this header. It includes the expiry-date and rule-id key-value pairs
-	// that provide the object expiration information. The value of the rule-id
-	// is URL-encoded.
-	Expiration *string `location:"header" locationName:"x-amz-fwd-header-x-amz-expiration" type:"string"`
-
-	// The date and time at which the object is no longer cacheable.
-	Expires *time.Time `location:"header" locationName:"x-amz-fwd-header-Expires" type:"timestamp"`
-
-	// The date and time that the object was last modified.
-	LastModified *time.Time `location:"header" locationName:"x-amz-fwd-header-Last-Modified" type:"timestamp"`
-
-	// A map of metadata to store with the object in S3.
-	Metadata map[string]*string `location:"headers" locationName:"x-amz-meta-" type:"map"`
-
-	// Set to the number of metadata entries not returned in x-amz-meta headers.
-	// This can happen if you create metadata using an API like SOAP that supports
-	// more flexible metadata than the REST API. For example, using SOAP, you can
-	// create metadata whose values are not legal HTTP headers.
-	MissingMeta *int64 `location:"header" locationName:"x-amz-fwd-header-x-amz-missing-meta" type:"integer"`
-
-	// Indicates whether an object stored in Amazon S3 has an active legal hold.
-	ObjectLockLegalHoldStatus *string `location:"header" locationName:"x-amz-fwd-header-x-amz-object-lock-legal-hold" type:"string" enum:"ObjectLockLegalHoldStatus"`
-
-	// Indicates whether an object stored in Amazon S3 has Object Lock enabled.
-	// For more information about S3 Object Lock, see Object Lock (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock.html).
-	ObjectLockMode *string `location:"header" locationName:"x-amz-fwd-header-x-amz-object-lock-mode" type:"string" enum:"ObjectLockMode"`
-
-	// The date and time when Object Lock is configured to expire.
-	ObjectLockRetainUntilDate *time.Time `location:"header" locationName:"x-amz-fwd-header-x-amz-object-lock-retain-until-date" type:"timestamp" timestampFormat:"iso8601"`
-
-	// The count of parts this object has.
-	PartsCount *int64 `location:"header" locationName:"x-amz-fwd-header-x-amz-mp-parts-count" type:"integer"`
-
-	// Indicates if request involves bucket that is either a source or destination
-	// in a Replication rule. For more information about S3 Replication, see Replication
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/replication.html).
-	ReplicationStatus *string `location:"header" locationName:"x-amz-fwd-header-x-amz-replication-status" type:"string" enum:"ReplicationStatus"`
-
-	// If present, indicates that the requester was successfully charged for the
-	// request.
-	RequestCharged *string `location:"header" locationName:"x-amz-fwd-header-x-amz-request-charged" type:"string" enum:"RequestCharged"`
-
-	// Route prefix to the HTTP URL generated.
-	//
-	// RequestRoute is a required field
-	RequestRoute *string `location:"header" locationName:"x-amz-request-route" type:"string" required:"true"`
-
-	// A single use encrypted token that maps WriteGetObjectResponse to the end
-	// user GetObject request.
-	//
-	// RequestToken is a required field
-	RequestToken *string `location:"header" locationName:"x-amz-request-token" type:"string" required:"true"`
-
-	// Provides information about object restoration operation and expiration time
-	// of the restored object copy.
-	Restore *string `location:"header" locationName:"x-amz-fwd-header-x-amz-restore" type:"string"`
-
-	// Encryption algorithm used if server-side encryption with a customer-provided
-	// encryption key was specified for object stored in Amazon S3.
-	SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-fwd-header-x-amz-server-side-encryption-customer-algorithm" type:"string"`
-
-	// 128-bit MD5 digest of customer-provided encryption key used in Amazon S3
-	// to encrypt data stored in S3. For more information, see Protecting data using
-	// server-side encryption with customer-provided encryption keys (SSE-C) (https://docs.aws.amazon.com/AmazonS3/latest/userguide/ServerSideEncryptionCustomerKeys.html).
-	SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-fwd-header-x-amz-server-side-encryption-customer-key-MD5" type:"string"`
-
-	// If present, specifies the ID of the Amazon Web Services Key Management Service
-	// (Amazon Web Services KMS) symmetric encryption customer managed key that
-	// was used for stored in Amazon S3 object.
-	//
-	// SSEKMSKeyId is a sensitive parameter and its value will be
-	// replaced with "sensitive" in string returned by WriteGetObjectResponseInput's
-	// String and GoString methods.
-	SSEKMSKeyId *string `location:"header" locationName:"x-amz-fwd-header-x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"`
-
-	// The server-side encryption algorithm used when storing requested object in
-	// Amazon S3 (for example, AES256, aws:kms).
-	ServerSideEncryption *string `location:"header" locationName:"x-amz-fwd-header-x-amz-server-side-encryption" type:"string" enum:"ServerSideEncryption"`
-
-	// The integer status code for an HTTP response of a corresponding GetObject
-	// request. The following is a list of status codes.
-	//
-	//    * 200 - OK
-	//
-	//    * 206 - Partial Content
-	//
-	//    * 304 - Not Modified
-	//
-	//    * 400 - Bad Request
-	//
-	//    * 401 - Unauthorized
-	//
-	//    * 403 - Forbidden
-	//
-	//    * 404 - Not Found
-	//
-	//    * 405 - Method Not Allowed
-	//
-	//    * 409 - Conflict
-	//
-	//    * 411 - Length Required
-	//
-	//    * 412 - Precondition Failed
-	//
-	//    * 416 - Range Not Satisfiable
-	//
-	//    * 500 - Internal Server Error
-	//
-	//    * 503 - Service Unavailable
-	StatusCode *int64 `location:"header" locationName:"x-amz-fwd-status" type:"integer"`
-
-	// Provides storage class information of the object. Amazon S3 returns this
-	// header for all objects except for S3 Standard storage class objects.
-	//
-	// For more information, see Storage Classes (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html).
-	StorageClass *string `location:"header" locationName:"x-amz-fwd-header-x-amz-storage-class" type:"string" enum:"StorageClass"`
-
-	// The number of tags, if any, on the object.
-	TagCount *int64 `location:"header" locationName:"x-amz-fwd-header-x-amz-tagging-count" type:"integer"`
-
-	// An ID used to reference a specific version of the object.
-	VersionId *string `location:"header" locationName:"x-amz-fwd-header-x-amz-version-id" type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s WriteGetObjectResponseInput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s WriteGetObjectResponseInput) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *WriteGetObjectResponseInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "WriteGetObjectResponseInput"}
-	if s.RequestRoute == nil {
-		invalidParams.Add(request.NewErrParamRequired("RequestRoute"))
-	}
-	if s.RequestRoute != nil && len(*s.RequestRoute) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("RequestRoute", 1))
-	}
-	if s.RequestToken == nil {
-		invalidParams.Add(request.NewErrParamRequired("RequestToken"))
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetAcceptRanges sets the AcceptRanges field's value.
-func (s *WriteGetObjectResponseInput) SetAcceptRanges(v string) *WriteGetObjectResponseInput {
-	s.AcceptRanges = &v
-	return s
-}
-
-// SetBody sets the Body field's value.
-func (s *WriteGetObjectResponseInput) SetBody(v io.ReadSeeker) *WriteGetObjectResponseInput {
-	s.Body = v
-	return s
-}
-
-// SetBucketKeyEnabled sets the BucketKeyEnabled field's value.
-func (s *WriteGetObjectResponseInput) SetBucketKeyEnabled(v bool) *WriteGetObjectResponseInput {
-	s.BucketKeyEnabled = &v
-	return s
-}
-
-// SetCacheControl sets the CacheControl field's value.
-func (s *WriteGetObjectResponseInput) SetCacheControl(v string) *WriteGetObjectResponseInput {
-	s.CacheControl = &v
-	return s
-}
-
-// SetChecksumCRC32 sets the ChecksumCRC32 field's value.
-func (s *WriteGetObjectResponseInput) SetChecksumCRC32(v string) *WriteGetObjectResponseInput {
-	s.ChecksumCRC32 = &v
-	return s
-}
-
-// SetChecksumCRC32C sets the ChecksumCRC32C field's value.
-func (s *WriteGetObjectResponseInput) SetChecksumCRC32C(v string) *WriteGetObjectResponseInput {
-	s.ChecksumCRC32C = &v
-	return s
-}
-
-// SetChecksumSHA1 sets the ChecksumSHA1 field's value.
-func (s *WriteGetObjectResponseInput) SetChecksumSHA1(v string) *WriteGetObjectResponseInput {
-	s.ChecksumSHA1 = &v
-	return s
-}
-
-// SetChecksumSHA256 sets the ChecksumSHA256 field's value.
-func (s *WriteGetObjectResponseInput) SetChecksumSHA256(v string) *WriteGetObjectResponseInput {
-	s.ChecksumSHA256 = &v
-	return s
-}
-
-// SetContentDisposition sets the ContentDisposition field's value.
-func (s *WriteGetObjectResponseInput) SetContentDisposition(v string) *WriteGetObjectResponseInput {
-	s.ContentDisposition = &v
-	return s
-}
-
-// SetContentEncoding sets the ContentEncoding field's value.
-func (s *WriteGetObjectResponseInput) SetContentEncoding(v string) *WriteGetObjectResponseInput {
-	s.ContentEncoding = &v
-	return s
-}
-
-// SetContentLanguage sets the ContentLanguage field's value.
-func (s *WriteGetObjectResponseInput) SetContentLanguage(v string) *WriteGetObjectResponseInput {
-	s.ContentLanguage = &v
-	return s
-}
-
-// SetContentLength sets the ContentLength field's value.
-func (s *WriteGetObjectResponseInput) SetContentLength(v int64) *WriteGetObjectResponseInput {
-	s.ContentLength = &v
-	return s
-}
-
-// SetContentRange sets the ContentRange field's value.
-func (s *WriteGetObjectResponseInput) SetContentRange(v string) *WriteGetObjectResponseInput {
-	s.ContentRange = &v
-	return s
-}
-
-// SetContentType sets the ContentType field's value.
-func (s *WriteGetObjectResponseInput) SetContentType(v string) *WriteGetObjectResponseInput {
-	s.ContentType = &v
-	return s
-}
-
-// SetDeleteMarker sets the DeleteMarker field's value.
-func (s *WriteGetObjectResponseInput) SetDeleteMarker(v bool) *WriteGetObjectResponseInput {
-	s.DeleteMarker = &v
-	return s
-}
-
-// SetETag sets the ETag field's value.
-func (s *WriteGetObjectResponseInput) SetETag(v string) *WriteGetObjectResponseInput {
-	s.ETag = &v
-	return s
-}
-
-// SetErrorCode sets the ErrorCode field's value.
-func (s *WriteGetObjectResponseInput) SetErrorCode(v string) *WriteGetObjectResponseInput {
-	s.ErrorCode = &v
-	return s
-}
-
-// SetErrorMessage sets the ErrorMessage field's value.
-func (s *WriteGetObjectResponseInput) SetErrorMessage(v string) *WriteGetObjectResponseInput {
-	s.ErrorMessage = &v
-	return s
-}
-
-// SetExpiration sets the Expiration field's value.
-func (s *WriteGetObjectResponseInput) SetExpiration(v string) *WriteGetObjectResponseInput {
-	s.Expiration = &v
-	return s
-}
-
-// SetExpires sets the Expires field's value.
-func (s *WriteGetObjectResponseInput) SetExpires(v time.Time) *WriteGetObjectResponseInput {
-	s.Expires = &v
-	return s
-}
-
-// SetLastModified sets the LastModified field's value.
-func (s *WriteGetObjectResponseInput) SetLastModified(v time.Time) *WriteGetObjectResponseInput {
-	s.LastModified = &v
-	return s
-}
-
-// SetMetadata sets the Metadata field's value.
-func (s *WriteGetObjectResponseInput) SetMetadata(v map[string]*string) *WriteGetObjectResponseInput {
-	s.Metadata = v
-	return s
-}
-
-// SetMissingMeta sets the MissingMeta field's value.
-func (s *WriteGetObjectResponseInput) SetMissingMeta(v int64) *WriteGetObjectResponseInput {
-	s.MissingMeta = &v
-	return s
-}
-
-// SetObjectLockLegalHoldStatus sets the ObjectLockLegalHoldStatus field's value.
-func (s *WriteGetObjectResponseInput) SetObjectLockLegalHoldStatus(v string) *WriteGetObjectResponseInput {
-	s.ObjectLockLegalHoldStatus = &v
-	return s
-}
-
-// SetObjectLockMode sets the ObjectLockMode field's value.
-func (s *WriteGetObjectResponseInput) SetObjectLockMode(v string) *WriteGetObjectResponseInput {
-	s.ObjectLockMode = &v
-	return s
-}
-
-// SetObjectLockRetainUntilDate sets the ObjectLockRetainUntilDate field's value.
-func (s *WriteGetObjectResponseInput) SetObjectLockRetainUntilDate(v time.Time) *WriteGetObjectResponseInput {
-	s.ObjectLockRetainUntilDate = &v
-	return s
-}
-
-// SetPartsCount sets the PartsCount field's value.
-func (s *WriteGetObjectResponseInput) SetPartsCount(v int64) *WriteGetObjectResponseInput {
-	s.PartsCount = &v
-	return s
-}
-
-// SetReplicationStatus sets the ReplicationStatus field's value.
-func (s *WriteGetObjectResponseInput) SetReplicationStatus(v string) *WriteGetObjectResponseInput {
-	s.ReplicationStatus = &v
-	return s
-}
-
-// SetRequestCharged sets the RequestCharged field's value.
-func (s *WriteGetObjectResponseInput) SetRequestCharged(v string) *WriteGetObjectResponseInput {
-	s.RequestCharged = &v
-	return s
-}
-
-// SetRequestRoute sets the RequestRoute field's value.
-func (s *WriteGetObjectResponseInput) SetRequestRoute(v string) *WriteGetObjectResponseInput {
-	s.RequestRoute = &v
-	return s
-}
-
-// SetRequestToken sets the RequestToken field's value.
-func (s *WriteGetObjectResponseInput) SetRequestToken(v string) *WriteGetObjectResponseInput {
-	s.RequestToken = &v
-	return s
-}
-
-// SetRestore sets the Restore field's value.
-func (s *WriteGetObjectResponseInput) SetRestore(v string) *WriteGetObjectResponseInput {
-	s.Restore = &v
-	return s
-}
-
-// SetSSECustomerAlgorithm sets the SSECustomerAlgorithm field's value.
-func (s *WriteGetObjectResponseInput) SetSSECustomerAlgorithm(v string) *WriteGetObjectResponseInput {
-	s.SSECustomerAlgorithm = &v
-	return s
-}
-
-// SetSSECustomerKeyMD5 sets the SSECustomerKeyMD5 field's value.
-func (s *WriteGetObjectResponseInput) SetSSECustomerKeyMD5(v string) *WriteGetObjectResponseInput {
-	s.SSECustomerKeyMD5 = &v
-	return s
-}
-
-// SetSSEKMSKeyId sets the SSEKMSKeyId field's value.
-func (s *WriteGetObjectResponseInput) SetSSEKMSKeyId(v string) *WriteGetObjectResponseInput {
-	s.SSEKMSKeyId = &v
-	return s
-}
-
-// SetServerSideEncryption sets the ServerSideEncryption field's value.
-func (s *WriteGetObjectResponseInput) SetServerSideEncryption(v string) *WriteGetObjectResponseInput {
-	s.ServerSideEncryption = &v
-	return s
-}
-
-// SetStatusCode sets the StatusCode field's value.
-func (s *WriteGetObjectResponseInput) SetStatusCode(v int64) *WriteGetObjectResponseInput {
-	s.StatusCode = &v
-	return s
-}
-
-// SetStorageClass sets the StorageClass field's value.
-func (s *WriteGetObjectResponseInput) SetStorageClass(v string) *WriteGetObjectResponseInput {
-	s.StorageClass = &v
-	return s
-}
-
-// SetTagCount sets the TagCount field's value.
-func (s *WriteGetObjectResponseInput) SetTagCount(v int64) *WriteGetObjectResponseInput {
-	s.TagCount = &v
-	return s
-}
-
-// SetVersionId sets the VersionId field's value.
-func (s *WriteGetObjectResponseInput) SetVersionId(v string) *WriteGetObjectResponseInput {
-	s.VersionId = &v
-	return s
-}
-
-func (s *WriteGetObjectResponseInput) hostLabels() map[string]string {
-	return map[string]string{
-		"RequestRoute": aws.StringValue(s.RequestRoute),
-	}
-}
-
-type WriteGetObjectResponseOutput struct {
-	_ struct{} `type:"structure"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s WriteGetObjectResponseOutput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s WriteGetObjectResponseOutput) GoString() string {
-	return s.String()
-}
-
-const (
-	// AnalyticsS3ExportFileFormatCsv is a AnalyticsS3ExportFileFormat enum value
-	AnalyticsS3ExportFileFormatCsv = "CSV"
-)
-
-// AnalyticsS3ExportFileFormat_Values returns all elements of the AnalyticsS3ExportFileFormat enum
-func AnalyticsS3ExportFileFormat_Values() []string {
-	return []string{
-		AnalyticsS3ExportFileFormatCsv,
-	}
-}
-
-const (
-	// ArchiveStatusArchiveAccess is a ArchiveStatus enum value
-	ArchiveStatusArchiveAccess = "ARCHIVE_ACCESS"
-
-	// ArchiveStatusDeepArchiveAccess is a ArchiveStatus enum value
-	ArchiveStatusDeepArchiveAccess = "DEEP_ARCHIVE_ACCESS"
-)
-
-// ArchiveStatus_Values returns all elements of the ArchiveStatus enum
-func ArchiveStatus_Values() []string {
-	return []string{
-		ArchiveStatusArchiveAccess,
-		ArchiveStatusDeepArchiveAccess,
-	}
-}
-
-const (
-	// BucketAccelerateStatusEnabled is a BucketAccelerateStatus enum value
-	BucketAccelerateStatusEnabled = "Enabled"
-
-	// BucketAccelerateStatusSuspended is a BucketAccelerateStatus enum value
-	BucketAccelerateStatusSuspended = "Suspended"
-)
-
-// BucketAccelerateStatus_Values returns all elements of the BucketAccelerateStatus enum
-func BucketAccelerateStatus_Values() []string {
-	return []string{
-		BucketAccelerateStatusEnabled,
-		BucketAccelerateStatusSuspended,
-	}
-}
-
-const (
-	// BucketCannedACLPrivate is a BucketCannedACL enum value
-	BucketCannedACLPrivate = "private"
-
-	// BucketCannedACLPublicRead is a BucketCannedACL enum value
-	BucketCannedACLPublicRead = "public-read"
-
-	// BucketCannedACLPublicReadWrite is a BucketCannedACL enum value
-	BucketCannedACLPublicReadWrite = "public-read-write"
-
-	// BucketCannedACLAuthenticatedRead is a BucketCannedACL enum value
-	BucketCannedACLAuthenticatedRead = "authenticated-read"
-)
-
-// BucketCannedACL_Values returns all elements of the BucketCannedACL enum
-func BucketCannedACL_Values() []string {
-	return []string{
-		BucketCannedACLPrivate,
-		BucketCannedACLPublicRead,
-		BucketCannedACLPublicReadWrite,
-		BucketCannedACLAuthenticatedRead,
-	}
-}
-
-const (
-	// BucketLocationConstraintAfSouth1 is a BucketLocationConstraint enum value
-	BucketLocationConstraintAfSouth1 = "af-south-1"
-
-	// BucketLocationConstraintApEast1 is a BucketLocationConstraint enum value
-	BucketLocationConstraintApEast1 = "ap-east-1"
-
-	// BucketLocationConstraintApNortheast1 is a BucketLocationConstraint enum value
-	BucketLocationConstraintApNortheast1 = "ap-northeast-1"
-
-	// BucketLocationConstraintApNortheast2 is a BucketLocationConstraint enum value
-	BucketLocationConstraintApNortheast2 = "ap-northeast-2"
-
-	// BucketLocationConstraintApNortheast3 is a BucketLocationConstraint enum value
-	BucketLocationConstraintApNortheast3 = "ap-northeast-3"
-
-	// BucketLocationConstraintApSouth1 is a BucketLocationConstraint enum value
-	BucketLocationConstraintApSouth1 = "ap-south-1"
-
-	// BucketLocationConstraintApSoutheast1 is a BucketLocationConstraint enum value
-	BucketLocationConstraintApSoutheast1 = "ap-southeast-1"
-
-	// BucketLocationConstraintApSoutheast2 is a BucketLocationConstraint enum value
-	BucketLocationConstraintApSoutheast2 = "ap-southeast-2"
-
-	// BucketLocationConstraintApSoutheast3 is a BucketLocationConstraint enum value
-	BucketLocationConstraintApSoutheast3 = "ap-southeast-3"
-
-	// BucketLocationConstraintCaCentral1 is a BucketLocationConstraint enum value
-	BucketLocationConstraintCaCentral1 = "ca-central-1"
-
-	// BucketLocationConstraintCnNorth1 is a BucketLocationConstraint enum value
-	BucketLocationConstraintCnNorth1 = "cn-north-1"
-
-	// BucketLocationConstraintCnNorthwest1 is a BucketLocationConstraint enum value
-	BucketLocationConstraintCnNorthwest1 = "cn-northwest-1"
-
-	// BucketLocationConstraintEu is a BucketLocationConstraint enum value
-	BucketLocationConstraintEu = "EU"
-
-	// BucketLocationConstraintEuCentral1 is a BucketLocationConstraint enum value
-	BucketLocationConstraintEuCentral1 = "eu-central-1"
-
-	// BucketLocationConstraintEuNorth1 is a BucketLocationConstraint enum value
-	BucketLocationConstraintEuNorth1 = "eu-north-1"
-
-	// BucketLocationConstraintEuSouth1 is a BucketLocationConstraint enum value
-	BucketLocationConstraintEuSouth1 = "eu-south-1"
-
-	// BucketLocationConstraintEuWest1 is a BucketLocationConstraint enum value
-	BucketLocationConstraintEuWest1 = "eu-west-1"
-
-	// BucketLocationConstraintEuWest2 is a BucketLocationConstraint enum value
-	BucketLocationConstraintEuWest2 = "eu-west-2"
-
-	// BucketLocationConstraintEuWest3 is a BucketLocationConstraint enum value
-	BucketLocationConstraintEuWest3 = "eu-west-3"
-
-	// BucketLocationConstraintMeSouth1 is a BucketLocationConstraint enum value
-	BucketLocationConstraintMeSouth1 = "me-south-1"
-
-	// BucketLocationConstraintSaEast1 is a BucketLocationConstraint enum value
-	BucketLocationConstraintSaEast1 = "sa-east-1"
-
-	// BucketLocationConstraintUsEast2 is a BucketLocationConstraint enum value
-	BucketLocationConstraintUsEast2 = "us-east-2"
-
-	// BucketLocationConstraintUsGovEast1 is a BucketLocationConstraint enum value
-	BucketLocationConstraintUsGovEast1 = "us-gov-east-1"
-
-	// BucketLocationConstraintUsGovWest1 is a BucketLocationConstraint enum value
-	BucketLocationConstraintUsGovWest1 = "us-gov-west-1"
-
-	// BucketLocationConstraintUsWest1 is a BucketLocationConstraint enum value
-	BucketLocationConstraintUsWest1 = "us-west-1"
-
-	// BucketLocationConstraintUsWest2 is a BucketLocationConstraint enum value
-	BucketLocationConstraintUsWest2 = "us-west-2"
-)
-
-// BucketLocationConstraint_Values returns all elements of the BucketLocationConstraint enum
-func BucketLocationConstraint_Values() []string {
-	return []string{
-		BucketLocationConstraintAfSouth1,
-		BucketLocationConstraintApEast1,
-		BucketLocationConstraintApNortheast1,
-		BucketLocationConstraintApNortheast2,
-		BucketLocationConstraintApNortheast3,
-		BucketLocationConstraintApSouth1,
-		BucketLocationConstraintApSoutheast1,
-		BucketLocationConstraintApSoutheast2,
-		BucketLocationConstraintApSoutheast3,
-		BucketLocationConstraintCaCentral1,
-		BucketLocationConstraintCnNorth1,
-		BucketLocationConstraintCnNorthwest1,
-		BucketLocationConstraintEu,
-		BucketLocationConstraintEuCentral1,
-		BucketLocationConstraintEuNorth1,
-		BucketLocationConstraintEuSouth1,
-		BucketLocationConstraintEuWest1,
-		BucketLocationConstraintEuWest2,
-		BucketLocationConstraintEuWest3,
-		BucketLocationConstraintMeSouth1,
-		BucketLocationConstraintSaEast1,
-		BucketLocationConstraintUsEast2,
-		BucketLocationConstraintUsGovEast1,
-		BucketLocationConstraintUsGovWest1,
-		BucketLocationConstraintUsWest1,
-		BucketLocationConstraintUsWest2,
-	}
-}
-
-const (
-	// BucketLogsPermissionFullControl is a BucketLogsPermission enum value
-	BucketLogsPermissionFullControl = "FULL_CONTROL"
-
-	// BucketLogsPermissionRead is a BucketLogsPermission enum value
-	BucketLogsPermissionRead = "READ"
-
-	// BucketLogsPermissionWrite is a BucketLogsPermission enum value
-	BucketLogsPermissionWrite = "WRITE"
-)
-
-// BucketLogsPermission_Values returns all elements of the BucketLogsPermission enum
-func BucketLogsPermission_Values() []string {
-	return []string{
-		BucketLogsPermissionFullControl,
-		BucketLogsPermissionRead,
-		BucketLogsPermissionWrite,
-	}
-}
-
-const (
-	// BucketVersioningStatusEnabled is a BucketVersioningStatus enum value
-	BucketVersioningStatusEnabled = "Enabled"
-
-	// BucketVersioningStatusSuspended is a BucketVersioningStatus enum value
-	BucketVersioningStatusSuspended = "Suspended"
-)
-
-// BucketVersioningStatus_Values returns all elements of the BucketVersioningStatus enum
-func BucketVersioningStatus_Values() []string {
-	return []string{
-		BucketVersioningStatusEnabled,
-		BucketVersioningStatusSuspended,
-	}
-}
-
-const (
-	// ChecksumAlgorithmCrc32 is a ChecksumAlgorithm enum value
-	ChecksumAlgorithmCrc32 = "CRC32"
-
-	// ChecksumAlgorithmCrc32c is a ChecksumAlgorithm enum value
-	ChecksumAlgorithmCrc32c = "CRC32C"
-
-	// ChecksumAlgorithmSha1 is a ChecksumAlgorithm enum value
-	ChecksumAlgorithmSha1 = "SHA1"
-
-	// ChecksumAlgorithmSha256 is a ChecksumAlgorithm enum value
-	ChecksumAlgorithmSha256 = "SHA256"
-)
-
-// ChecksumAlgorithm_Values returns all elements of the ChecksumAlgorithm enum
-func ChecksumAlgorithm_Values() []string {
-	return []string{
-		ChecksumAlgorithmCrc32,
-		ChecksumAlgorithmCrc32c,
-		ChecksumAlgorithmSha1,
-		ChecksumAlgorithmSha256,
-	}
-}
-
-const (
-	// ChecksumModeEnabled is a ChecksumMode enum value
-	ChecksumModeEnabled = "ENABLED"
-)
-
-// ChecksumMode_Values returns all elements of the ChecksumMode enum
-func ChecksumMode_Values() []string {
-	return []string{
-		ChecksumModeEnabled,
-	}
-}
-
-const (
-	// CompressionTypeNone is a CompressionType enum value
-	CompressionTypeNone = "NONE"
-
-	// CompressionTypeGzip is a CompressionType enum value
-	CompressionTypeGzip = "GZIP"
-
-	// CompressionTypeBzip2 is a CompressionType enum value
-	CompressionTypeBzip2 = "BZIP2"
-)
-
-// CompressionType_Values returns all elements of the CompressionType enum
-func CompressionType_Values() []string {
-	return []string{
-		CompressionTypeNone,
-		CompressionTypeGzip,
-		CompressionTypeBzip2,
-	}
-}
-
-const (
-	// DeleteMarkerReplicationStatusEnabled is a DeleteMarkerReplicationStatus enum value
-	DeleteMarkerReplicationStatusEnabled = "Enabled"
-
-	// DeleteMarkerReplicationStatusDisabled is a DeleteMarkerReplicationStatus enum value
-	DeleteMarkerReplicationStatusDisabled = "Disabled"
-)
-
-// DeleteMarkerReplicationStatus_Values returns all elements of the DeleteMarkerReplicationStatus enum
-func DeleteMarkerReplicationStatus_Values() []string {
-	return []string{
-		DeleteMarkerReplicationStatusEnabled,
-		DeleteMarkerReplicationStatusDisabled,
-	}
-}
-
-// Requests Amazon S3 to encode the object keys in the response and specifies
-// the encoding method to use. An object key may contain any Unicode character;
-// however, XML 1.0 parser cannot parse some characters, such as characters
-// with an ASCII value from 0 to 10. For characters that are not supported in
-// XML 1.0, you can add this parameter to request that Amazon S3 encode the
-// keys in the response.
-const (
-	// EncodingTypeUrl is a EncodingType enum value
-	EncodingTypeUrl = "url"
-)
-
-// EncodingType_Values returns all elements of the EncodingType enum
-func EncodingType_Values() []string {
-	return []string{
-		EncodingTypeUrl,
-	}
-}
-
-// The bucket event for which to send notifications.
-const (
-	// EventS3ReducedRedundancyLostObject is a Event enum value
-	EventS3ReducedRedundancyLostObject = "s3:ReducedRedundancyLostObject"
-
-	// EventS3ObjectCreated is a Event enum value
-	EventS3ObjectCreated = "s3:ObjectCreated:*"
-
-	// EventS3ObjectCreatedPut is a Event enum value
-	EventS3ObjectCreatedPut = "s3:ObjectCreated:Put"
-
-	// EventS3ObjectCreatedPost is a Event enum value
-	EventS3ObjectCreatedPost = "s3:ObjectCreated:Post"
-
-	// EventS3ObjectCreatedCopy is a Event enum value
-	EventS3ObjectCreatedCopy = "s3:ObjectCreated:Copy"
-
-	// EventS3ObjectCreatedCompleteMultipartUpload is a Event enum value
-	EventS3ObjectCreatedCompleteMultipartUpload = "s3:ObjectCreated:CompleteMultipartUpload"
-
-	// EventS3ObjectRemoved is a Event enum value
-	EventS3ObjectRemoved = "s3:ObjectRemoved:*"
-
-	// EventS3ObjectRemovedDelete is a Event enum value
-	EventS3ObjectRemovedDelete = "s3:ObjectRemoved:Delete"
-
-	// EventS3ObjectRemovedDeleteMarkerCreated is a Event enum value
-	EventS3ObjectRemovedDeleteMarkerCreated = "s3:ObjectRemoved:DeleteMarkerCreated"
-
-	// EventS3ObjectRestore is a Event enum value
-	EventS3ObjectRestore = "s3:ObjectRestore:*"
-
-	// EventS3ObjectRestorePost is a Event enum value
-	EventS3ObjectRestorePost = "s3:ObjectRestore:Post"
-
-	// EventS3ObjectRestoreCompleted is a Event enum value
-	EventS3ObjectRestoreCompleted = "s3:ObjectRestore:Completed"
-
-	// EventS3Replication is a Event enum value
-	EventS3Replication = "s3:Replication:*"
-
-	// EventS3ReplicationOperationFailedReplication is a Event enum value
-	EventS3ReplicationOperationFailedReplication = "s3:Replication:OperationFailedReplication"
-
-	// EventS3ReplicationOperationNotTracked is a Event enum value
-	EventS3ReplicationOperationNotTracked = "s3:Replication:OperationNotTracked"
-
-	// EventS3ReplicationOperationMissedThreshold is a Event enum value
-	EventS3ReplicationOperationMissedThreshold = "s3:Replication:OperationMissedThreshold"
-
-	// EventS3ReplicationOperationReplicatedAfterThreshold is a Event enum value
-	EventS3ReplicationOperationReplicatedAfterThreshold = "s3:Replication:OperationReplicatedAfterThreshold"
-
-	// EventS3ObjectRestoreDelete is a Event enum value
-	EventS3ObjectRestoreDelete = "s3:ObjectRestore:Delete"
-
-	// EventS3LifecycleTransition is a Event enum value
-	EventS3LifecycleTransition = "s3:LifecycleTransition"
-
-	// EventS3IntelligentTiering is a Event enum value
-	EventS3IntelligentTiering = "s3:IntelligentTiering"
-
-	// EventS3ObjectAclPut is a Event enum value
-	EventS3ObjectAclPut = "s3:ObjectAcl:Put"
-
-	// EventS3LifecycleExpiration is a Event enum value
-	EventS3LifecycleExpiration = "s3:LifecycleExpiration:*"
-
-	// EventS3LifecycleExpirationDelete is a Event enum value
-	EventS3LifecycleExpirationDelete = "s3:LifecycleExpiration:Delete"
-
-	// EventS3LifecycleExpirationDeleteMarkerCreated is a Event enum value
-	EventS3LifecycleExpirationDeleteMarkerCreated = "s3:LifecycleExpiration:DeleteMarkerCreated"
-
-	// EventS3ObjectTagging is a Event enum value
-	EventS3ObjectTagging = "s3:ObjectTagging:*"
-
-	// EventS3ObjectTaggingPut is a Event enum value
-	EventS3ObjectTaggingPut = "s3:ObjectTagging:Put"
-
-	// EventS3ObjectTaggingDelete is a Event enum value
-	EventS3ObjectTaggingDelete = "s3:ObjectTagging:Delete"
-)
-
-// Event_Values returns all elements of the Event enum
-func Event_Values() []string {
-	return []string{
-		EventS3ReducedRedundancyLostObject,
-		EventS3ObjectCreated,
-		EventS3ObjectCreatedPut,
-		EventS3ObjectCreatedPost,
-		EventS3ObjectCreatedCopy,
-		EventS3ObjectCreatedCompleteMultipartUpload,
-		EventS3ObjectRemoved,
-		EventS3ObjectRemovedDelete,
-		EventS3ObjectRemovedDeleteMarkerCreated,
-		EventS3ObjectRestore,
-		EventS3ObjectRestorePost,
-		EventS3ObjectRestoreCompleted,
-		EventS3Replication,
-		EventS3ReplicationOperationFailedReplication,
-		EventS3ReplicationOperationNotTracked,
-		EventS3ReplicationOperationMissedThreshold,
-		EventS3ReplicationOperationReplicatedAfterThreshold,
-		EventS3ObjectRestoreDelete,
-		EventS3LifecycleTransition,
-		EventS3IntelligentTiering,
-		EventS3ObjectAclPut,
-		EventS3LifecycleExpiration,
-		EventS3LifecycleExpirationDelete,
-		EventS3LifecycleExpirationDeleteMarkerCreated,
-		EventS3ObjectTagging,
-		EventS3ObjectTaggingPut,
-		EventS3ObjectTaggingDelete,
-	}
-}
-
-const (
-	// ExistingObjectReplicationStatusEnabled is a ExistingObjectReplicationStatus enum value
-	ExistingObjectReplicationStatusEnabled = "Enabled"
-
-	// ExistingObjectReplicationStatusDisabled is a ExistingObjectReplicationStatus enum value
-	ExistingObjectReplicationStatusDisabled = "Disabled"
-)
-
-// ExistingObjectReplicationStatus_Values returns all elements of the ExistingObjectReplicationStatus enum
-func ExistingObjectReplicationStatus_Values() []string {
-	return []string{
-		ExistingObjectReplicationStatusEnabled,
-		ExistingObjectReplicationStatusDisabled,
-	}
-}
-
-const (
-	// ExpirationStatusEnabled is a ExpirationStatus enum value
-	ExpirationStatusEnabled = "Enabled"
-
-	// ExpirationStatusDisabled is a ExpirationStatus enum value
-	ExpirationStatusDisabled = "Disabled"
-)
-
-// ExpirationStatus_Values returns all elements of the ExpirationStatus enum
-func ExpirationStatus_Values() []string {
-	return []string{
-		ExpirationStatusEnabled,
-		ExpirationStatusDisabled,
-	}
-}
-
-const (
-	// ExpressionTypeSql is a ExpressionType enum value
-	ExpressionTypeSql = "SQL"
-)
-
-// ExpressionType_Values returns all elements of the ExpressionType enum
-func ExpressionType_Values() []string {
-	return []string{
-		ExpressionTypeSql,
-	}
-}
-
-const (
-	// FileHeaderInfoUse is a FileHeaderInfo enum value
-	FileHeaderInfoUse = "USE"
-
-	// FileHeaderInfoIgnore is a FileHeaderInfo enum value
-	FileHeaderInfoIgnore = "IGNORE"
-
-	// FileHeaderInfoNone is a FileHeaderInfo enum value
-	FileHeaderInfoNone = "NONE"
-)
-
-// FileHeaderInfo_Values returns all elements of the FileHeaderInfo enum
-func FileHeaderInfo_Values() []string {
-	return []string{
-		FileHeaderInfoUse,
-		FileHeaderInfoIgnore,
-		FileHeaderInfoNone,
-	}
-}
-
-const (
-	// FilterRuleNamePrefix is a FilterRuleName enum value
-	FilterRuleNamePrefix = "prefix"
-
-	// FilterRuleNameSuffix is a FilterRuleName enum value
-	FilterRuleNameSuffix = "suffix"
-)
-
-// FilterRuleName_Values returns all elements of the FilterRuleName enum
-func FilterRuleName_Values() []string {
-	return []string{
-		FilterRuleNamePrefix,
-		FilterRuleNameSuffix,
-	}
-}
-
-const (
-	// IntelligentTieringAccessTierArchiveAccess is a IntelligentTieringAccessTier enum value
-	IntelligentTieringAccessTierArchiveAccess = "ARCHIVE_ACCESS"
-
-	// IntelligentTieringAccessTierDeepArchiveAccess is a IntelligentTieringAccessTier enum value
-	IntelligentTieringAccessTierDeepArchiveAccess = "DEEP_ARCHIVE_ACCESS"
-)
-
-// IntelligentTieringAccessTier_Values returns all elements of the IntelligentTieringAccessTier enum
-func IntelligentTieringAccessTier_Values() []string {
-	return []string{
-		IntelligentTieringAccessTierArchiveAccess,
-		IntelligentTieringAccessTierDeepArchiveAccess,
-	}
-}
-
-const (
-	// IntelligentTieringStatusEnabled is a IntelligentTieringStatus enum value
-	IntelligentTieringStatusEnabled = "Enabled"
-
-	// IntelligentTieringStatusDisabled is a IntelligentTieringStatus enum value
-	IntelligentTieringStatusDisabled = "Disabled"
-)
-
-// IntelligentTieringStatus_Values returns all elements of the IntelligentTieringStatus enum
-func IntelligentTieringStatus_Values() []string {
-	return []string{
-		IntelligentTieringStatusEnabled,
-		IntelligentTieringStatusDisabled,
-	}
-}
-
-const (
-	// InventoryFormatCsv is a InventoryFormat enum value
-	InventoryFormatCsv = "CSV"
-
-	// InventoryFormatOrc is a InventoryFormat enum value
-	InventoryFormatOrc = "ORC"
-
-	// InventoryFormatParquet is a InventoryFormat enum value
-	InventoryFormatParquet = "Parquet"
-)
-
-// InventoryFormat_Values returns all elements of the InventoryFormat enum
-func InventoryFormat_Values() []string {
-	return []string{
-		InventoryFormatCsv,
-		InventoryFormatOrc,
-		InventoryFormatParquet,
-	}
-}
-
-const (
-	// InventoryFrequencyDaily is a InventoryFrequency enum value
-	InventoryFrequencyDaily = "Daily"
-
-	// InventoryFrequencyWeekly is a InventoryFrequency enum value
-	InventoryFrequencyWeekly = "Weekly"
-)
-
-// InventoryFrequency_Values returns all elements of the InventoryFrequency enum
-func InventoryFrequency_Values() []string {
-	return []string{
-		InventoryFrequencyDaily,
-		InventoryFrequencyWeekly,
-	}
-}
-
-const (
-	// InventoryIncludedObjectVersionsAll is a InventoryIncludedObjectVersions enum value
-	InventoryIncludedObjectVersionsAll = "All"
-
-	// InventoryIncludedObjectVersionsCurrent is a InventoryIncludedObjectVersions enum value
-	InventoryIncludedObjectVersionsCurrent = "Current"
-)
-
-// InventoryIncludedObjectVersions_Values returns all elements of the InventoryIncludedObjectVersions enum
-func InventoryIncludedObjectVersions_Values() []string {
-	return []string{
-		InventoryIncludedObjectVersionsAll,
-		InventoryIncludedObjectVersionsCurrent,
-	}
-}
-
-const (
-	// InventoryOptionalFieldSize is a InventoryOptionalField enum value
-	InventoryOptionalFieldSize = "Size"
-
-	// InventoryOptionalFieldLastModifiedDate is a InventoryOptionalField enum value
-	InventoryOptionalFieldLastModifiedDate = "LastModifiedDate"
-
-	// InventoryOptionalFieldStorageClass is a InventoryOptionalField enum value
-	InventoryOptionalFieldStorageClass = "StorageClass"
-
-	// InventoryOptionalFieldEtag is a InventoryOptionalField enum value
-	InventoryOptionalFieldEtag = "ETag"
-
-	// InventoryOptionalFieldIsMultipartUploaded is a InventoryOptionalField enum value
-	InventoryOptionalFieldIsMultipartUploaded = "IsMultipartUploaded"
-
-	// InventoryOptionalFieldReplicationStatus is a InventoryOptionalField enum value
-	InventoryOptionalFieldReplicationStatus = "ReplicationStatus"
-
-	// InventoryOptionalFieldEncryptionStatus is a InventoryOptionalField enum value
-	InventoryOptionalFieldEncryptionStatus = "EncryptionStatus"
-
-	// InventoryOptionalFieldObjectLockRetainUntilDate is a InventoryOptionalField enum value
-	InventoryOptionalFieldObjectLockRetainUntilDate = "ObjectLockRetainUntilDate"
-
-	// InventoryOptionalFieldObjectLockMode is a InventoryOptionalField enum value
-	InventoryOptionalFieldObjectLockMode = "ObjectLockMode"
-
-	// InventoryOptionalFieldObjectLockLegalHoldStatus is a InventoryOptionalField enum value
-	InventoryOptionalFieldObjectLockLegalHoldStatus = "ObjectLockLegalHoldStatus"
-
-	// InventoryOptionalFieldIntelligentTieringAccessTier is a InventoryOptionalField enum value
-	InventoryOptionalFieldIntelligentTieringAccessTier = "IntelligentTieringAccessTier"
-
-	// InventoryOptionalFieldBucketKeyStatus is a InventoryOptionalField enum value
-	InventoryOptionalFieldBucketKeyStatus = "BucketKeyStatus"
-
-	// InventoryOptionalFieldChecksumAlgorithm is a InventoryOptionalField enum value
-	InventoryOptionalFieldChecksumAlgorithm = "ChecksumAlgorithm"
-)
-
-// InventoryOptionalField_Values returns all elements of the InventoryOptionalField enum
-func InventoryOptionalField_Values() []string {
-	return []string{
-		InventoryOptionalFieldSize,
-		InventoryOptionalFieldLastModifiedDate,
-		InventoryOptionalFieldStorageClass,
-		InventoryOptionalFieldEtag,
-		InventoryOptionalFieldIsMultipartUploaded,
-		InventoryOptionalFieldReplicationStatus,
-		InventoryOptionalFieldEncryptionStatus,
-		InventoryOptionalFieldObjectLockRetainUntilDate,
-		InventoryOptionalFieldObjectLockMode,
-		InventoryOptionalFieldObjectLockLegalHoldStatus,
-		InventoryOptionalFieldIntelligentTieringAccessTier,
-		InventoryOptionalFieldBucketKeyStatus,
-		InventoryOptionalFieldChecksumAlgorithm,
-	}
-}
-
-const (
-	// JSONTypeDocument is a JSONType enum value
-	JSONTypeDocument = "DOCUMENT"
-
-	// JSONTypeLines is a JSONType enum value
-	JSONTypeLines = "LINES"
-)
-
-// JSONType_Values returns all elements of the JSONType enum
-func JSONType_Values() []string {
-	return []string{
-		JSONTypeDocument,
-		JSONTypeLines,
-	}
-}
-
-const (
-	// MFADeleteEnabled is a MFADelete enum value
-	MFADeleteEnabled = "Enabled"
-
-	// MFADeleteDisabled is a MFADelete enum value
-	MFADeleteDisabled = "Disabled"
-)
-
-// MFADelete_Values returns all elements of the MFADelete enum
-func MFADelete_Values() []string {
-	return []string{
-		MFADeleteEnabled,
-		MFADeleteDisabled,
-	}
-}
-
-const (
-	// MFADeleteStatusEnabled is a MFADeleteStatus enum value
-	MFADeleteStatusEnabled = "Enabled"
-
-	// MFADeleteStatusDisabled is a MFADeleteStatus enum value
-	MFADeleteStatusDisabled = "Disabled"
-)
-
-// MFADeleteStatus_Values returns all elements of the MFADeleteStatus enum
-func MFADeleteStatus_Values() []string {
-	return []string{
-		MFADeleteStatusEnabled,
-		MFADeleteStatusDisabled,
-	}
-}
-
-const (
-	// MetadataDirectiveCopy is a MetadataDirective enum value
-	MetadataDirectiveCopy = "COPY"
-
-	// MetadataDirectiveReplace is a MetadataDirective enum value
-	MetadataDirectiveReplace = "REPLACE"
-)
-
-// MetadataDirective_Values returns all elements of the MetadataDirective enum
-func MetadataDirective_Values() []string {
-	return []string{
-		MetadataDirectiveCopy,
-		MetadataDirectiveReplace,
-	}
-}
-
-const (
-	// MetricsStatusEnabled is a MetricsStatus enum value
-	MetricsStatusEnabled = "Enabled"
-
-	// MetricsStatusDisabled is a MetricsStatus enum value
-	MetricsStatusDisabled = "Disabled"
-)
-
-// MetricsStatus_Values returns all elements of the MetricsStatus enum
-func MetricsStatus_Values() []string {
-	return []string{
-		MetricsStatusEnabled,
-		MetricsStatusDisabled,
-	}
-}
-
-const (
-	// ObjectAttributesEtag is a ObjectAttributes enum value
-	ObjectAttributesEtag = "ETag"
-
-	// ObjectAttributesChecksum is a ObjectAttributes enum value
-	ObjectAttributesChecksum = "Checksum"
-
-	// ObjectAttributesObjectParts is a ObjectAttributes enum value
-	ObjectAttributesObjectParts = "ObjectParts"
-
-	// ObjectAttributesStorageClass is a ObjectAttributes enum value
-	ObjectAttributesStorageClass = "StorageClass"
-
-	// ObjectAttributesObjectSize is a ObjectAttributes enum value
-	ObjectAttributesObjectSize = "ObjectSize"
-)
-
-// ObjectAttributes_Values returns all elements of the ObjectAttributes enum
-func ObjectAttributes_Values() []string {
-	return []string{
-		ObjectAttributesEtag,
-		ObjectAttributesChecksum,
-		ObjectAttributesObjectParts,
-		ObjectAttributesStorageClass,
-		ObjectAttributesObjectSize,
-	}
-}
-
-const (
-	// ObjectCannedACLPrivate is a ObjectCannedACL enum value
-	ObjectCannedACLPrivate = "private"
-
-	// ObjectCannedACLPublicRead is a ObjectCannedACL enum value
-	ObjectCannedACLPublicRead = "public-read"
-
-	// ObjectCannedACLPublicReadWrite is a ObjectCannedACL enum value
-	ObjectCannedACLPublicReadWrite = "public-read-write"
-
-	// ObjectCannedACLAuthenticatedRead is a ObjectCannedACL enum value
-	ObjectCannedACLAuthenticatedRead = "authenticated-read"
-
-	// ObjectCannedACLAwsExecRead is a ObjectCannedACL enum value
-	ObjectCannedACLAwsExecRead = "aws-exec-read"
-
-	// ObjectCannedACLBucketOwnerRead is a ObjectCannedACL enum value
-	ObjectCannedACLBucketOwnerRead = "bucket-owner-read"
-
-	// ObjectCannedACLBucketOwnerFullControl is a ObjectCannedACL enum value
-	ObjectCannedACLBucketOwnerFullControl = "bucket-owner-full-control"
-)
-
-// ObjectCannedACL_Values returns all elements of the ObjectCannedACL enum
-func ObjectCannedACL_Values() []string {
-	return []string{
-		ObjectCannedACLPrivate,
-		ObjectCannedACLPublicRead,
-		ObjectCannedACLPublicReadWrite,
-		ObjectCannedACLAuthenticatedRead,
-		ObjectCannedACLAwsExecRead,
-		ObjectCannedACLBucketOwnerRead,
-		ObjectCannedACLBucketOwnerFullControl,
-	}
-}
-
-const (
-	// ObjectLockEnabledEnabled is a ObjectLockEnabled enum value
-	ObjectLockEnabledEnabled = "Enabled"
-)
-
-// ObjectLockEnabled_Values returns all elements of the ObjectLockEnabled enum
-func ObjectLockEnabled_Values() []string {
-	return []string{
-		ObjectLockEnabledEnabled,
-	}
-}
-
-const (
-	// ObjectLockLegalHoldStatusOn is a ObjectLockLegalHoldStatus enum value
-	ObjectLockLegalHoldStatusOn = "ON"
-
-	// ObjectLockLegalHoldStatusOff is a ObjectLockLegalHoldStatus enum value
-	ObjectLockLegalHoldStatusOff = "OFF"
-)
-
-// ObjectLockLegalHoldStatus_Values returns all elements of the ObjectLockLegalHoldStatus enum
-func ObjectLockLegalHoldStatus_Values() []string {
-	return []string{
-		ObjectLockLegalHoldStatusOn,
-		ObjectLockLegalHoldStatusOff,
-	}
-}
-
-const (
-	// ObjectLockModeGovernance is a ObjectLockMode enum value
-	ObjectLockModeGovernance = "GOVERNANCE"
-
-	// ObjectLockModeCompliance is a ObjectLockMode enum value
-	ObjectLockModeCompliance = "COMPLIANCE"
-)
-
-// ObjectLockMode_Values returns all elements of the ObjectLockMode enum
-func ObjectLockMode_Values() []string {
-	return []string{
-		ObjectLockModeGovernance,
-		ObjectLockModeCompliance,
-	}
-}
-
-const (
-	// ObjectLockRetentionModeGovernance is a ObjectLockRetentionMode enum value
-	ObjectLockRetentionModeGovernance = "GOVERNANCE"
-
-	// ObjectLockRetentionModeCompliance is a ObjectLockRetentionMode enum value
-	ObjectLockRetentionModeCompliance = "COMPLIANCE"
-)
-
-// ObjectLockRetentionMode_Values returns all elements of the ObjectLockRetentionMode enum
-func ObjectLockRetentionMode_Values() []string {
-	return []string{
-		ObjectLockRetentionModeGovernance,
-		ObjectLockRetentionModeCompliance,
-	}
-}
-
-// The container element for object ownership for a bucket's ownership controls.
-//
-// BucketOwnerPreferred - Objects uploaded to the bucket change ownership to
-// the bucket owner if the objects are uploaded with the bucket-owner-full-control
-// canned ACL.
-//
-// ObjectWriter - The uploading account will own the object if the object is
-// uploaded with the bucket-owner-full-control canned ACL.
-//
-// BucketOwnerEnforced - Access control lists (ACLs) are disabled and no longer
-// affect permissions. The bucket owner automatically owns and has full control
-// over every object in the bucket. The bucket only accepts PUT requests that
-// don't specify an ACL or bucket owner full control ACLs, such as the bucket-owner-full-control
-// canned ACL or an equivalent form of this ACL expressed in the XML format.
-const (
-	// ObjectOwnershipBucketOwnerPreferred is a ObjectOwnership enum value
-	ObjectOwnershipBucketOwnerPreferred = "BucketOwnerPreferred"
-
-	// ObjectOwnershipObjectWriter is a ObjectOwnership enum value
-	ObjectOwnershipObjectWriter = "ObjectWriter"
-
-	// ObjectOwnershipBucketOwnerEnforced is a ObjectOwnership enum value
-	ObjectOwnershipBucketOwnerEnforced = "BucketOwnerEnforced"
-)
-
-// ObjectOwnership_Values returns all elements of the ObjectOwnership enum
-func ObjectOwnership_Values() []string {
-	return []string{
-		ObjectOwnershipBucketOwnerPreferred,
-		ObjectOwnershipObjectWriter,
-		ObjectOwnershipBucketOwnerEnforced,
-	}
-}
-
-const (
-	// ObjectStorageClassStandard is a ObjectStorageClass enum value
-	ObjectStorageClassStandard = "STANDARD"
-
-	// ObjectStorageClassReducedRedundancy is a ObjectStorageClass enum value
-	ObjectStorageClassReducedRedundancy = "REDUCED_REDUNDANCY"
-
-	// ObjectStorageClassGlacier is a ObjectStorageClass enum value
-	ObjectStorageClassGlacier = "GLACIER"
-
-	// ObjectStorageClassStandardIa is a ObjectStorageClass enum value
-	ObjectStorageClassStandardIa = "STANDARD_IA"
-
-	// ObjectStorageClassOnezoneIa is a ObjectStorageClass enum value
-	ObjectStorageClassOnezoneIa = "ONEZONE_IA"
-
-	// ObjectStorageClassIntelligentTiering is a ObjectStorageClass enum value
-	ObjectStorageClassIntelligentTiering = "INTELLIGENT_TIERING"
-
-	// ObjectStorageClassDeepArchive is a ObjectStorageClass enum value
-	ObjectStorageClassDeepArchive = "DEEP_ARCHIVE"
-
-	// ObjectStorageClassOutposts is a ObjectStorageClass enum value
-	ObjectStorageClassOutposts = "OUTPOSTS"
-
-	// ObjectStorageClassGlacierIr is a ObjectStorageClass enum value
-	ObjectStorageClassGlacierIr = "GLACIER_IR"
-
-	// ObjectStorageClassSnow is a ObjectStorageClass enum value
-	ObjectStorageClassSnow = "SNOW"
-)
-
-// ObjectStorageClass_Values returns all elements of the ObjectStorageClass enum
-func ObjectStorageClass_Values() []string {
-	return []string{
-		ObjectStorageClassStandard,
-		ObjectStorageClassReducedRedundancy,
-		ObjectStorageClassGlacier,
-		ObjectStorageClassStandardIa,
-		ObjectStorageClassOnezoneIa,
-		ObjectStorageClassIntelligentTiering,
-		ObjectStorageClassDeepArchive,
-		ObjectStorageClassOutposts,
-		ObjectStorageClassGlacierIr,
-		ObjectStorageClassSnow,
-	}
-}
-
-const (
-	// ObjectVersionStorageClassStandard is a ObjectVersionStorageClass enum value
-	ObjectVersionStorageClassStandard = "STANDARD"
-)
-
-// ObjectVersionStorageClass_Values returns all elements of the ObjectVersionStorageClass enum
-func ObjectVersionStorageClass_Values() []string {
-	return []string{
-		ObjectVersionStorageClassStandard,
-	}
-}
-
-const (
-	// OwnerOverrideDestination is a OwnerOverride enum value
-	OwnerOverrideDestination = "Destination"
-)
-
-// OwnerOverride_Values returns all elements of the OwnerOverride enum
-func OwnerOverride_Values() []string {
-	return []string{
-		OwnerOverrideDestination,
-	}
-}
-
-const (
-	// PayerRequester is a Payer enum value
-	PayerRequester = "Requester"
-
-	// PayerBucketOwner is a Payer enum value
-	PayerBucketOwner = "BucketOwner"
-)
-
-// Payer_Values returns all elements of the Payer enum
-func Payer_Values() []string {
-	return []string{
-		PayerRequester,
-		PayerBucketOwner,
-	}
-}
-
-const (
-	// PermissionFullControl is a Permission enum value
-	PermissionFullControl = "FULL_CONTROL"
-
-	// PermissionWrite is a Permission enum value
-	PermissionWrite = "WRITE"
-
-	// PermissionWriteAcp is a Permission enum value
-	PermissionWriteAcp = "WRITE_ACP"
-
-	// PermissionRead is a Permission enum value
-	PermissionRead = "READ"
-
-	// PermissionReadAcp is a Permission enum value
-	PermissionReadAcp = "READ_ACP"
-)
-
-// Permission_Values returns all elements of the Permission enum
-func Permission_Values() []string {
-	return []string{
-		PermissionFullControl,
-		PermissionWrite,
-		PermissionWriteAcp,
-		PermissionRead,
-		PermissionReadAcp,
-	}
-}
-
-const (
-	// ProtocolHttp is a Protocol enum value
-	ProtocolHttp = "http"
-
-	// ProtocolHttps is a Protocol enum value
-	ProtocolHttps = "https"
-)
-
-// Protocol_Values returns all elements of the Protocol enum
-func Protocol_Values() []string {
-	return []string{
-		ProtocolHttp,
-		ProtocolHttps,
-	}
-}
-
-const (
-	// QuoteFieldsAlways is a QuoteFields enum value
-	QuoteFieldsAlways = "ALWAYS"
-
-	// QuoteFieldsAsneeded is a QuoteFields enum value
-	QuoteFieldsAsneeded = "ASNEEDED"
-)
-
-// QuoteFields_Values returns all elements of the QuoteFields enum
-func QuoteFields_Values() []string {
-	return []string{
-		QuoteFieldsAlways,
-		QuoteFieldsAsneeded,
-	}
-}
-
-const (
-	// ReplicaModificationsStatusEnabled is a ReplicaModificationsStatus enum value
-	ReplicaModificationsStatusEnabled = "Enabled"
-
-	// ReplicaModificationsStatusDisabled is a ReplicaModificationsStatus enum value
-	ReplicaModificationsStatusDisabled = "Disabled"
-)
-
-// ReplicaModificationsStatus_Values returns all elements of the ReplicaModificationsStatus enum
-func ReplicaModificationsStatus_Values() []string {
-	return []string{
-		ReplicaModificationsStatusEnabled,
-		ReplicaModificationsStatusDisabled,
-	}
-}
-
-const (
-	// ReplicationRuleStatusEnabled is a ReplicationRuleStatus enum value
-	ReplicationRuleStatusEnabled = "Enabled"
-
-	// ReplicationRuleStatusDisabled is a ReplicationRuleStatus enum value
-	ReplicationRuleStatusDisabled = "Disabled"
-)
-
-// ReplicationRuleStatus_Values returns all elements of the ReplicationRuleStatus enum
-func ReplicationRuleStatus_Values() []string {
-	return []string{
-		ReplicationRuleStatusEnabled,
-		ReplicationRuleStatusDisabled,
-	}
-}
-
-const (
-	// ReplicationStatusComplete is a ReplicationStatus enum value
-	ReplicationStatusComplete = "COMPLETE"
-
-	// ReplicationStatusPending is a ReplicationStatus enum value
-	ReplicationStatusPending = "PENDING"
-
-	// ReplicationStatusFailed is a ReplicationStatus enum value
-	ReplicationStatusFailed = "FAILED"
-
-	// ReplicationStatusReplica is a ReplicationStatus enum value
-	ReplicationStatusReplica = "REPLICA"
-)
-
-// ReplicationStatus_Values returns all elements of the ReplicationStatus enum
-func ReplicationStatus_Values() []string {
-	return []string{
-		ReplicationStatusComplete,
-		ReplicationStatusPending,
-		ReplicationStatusFailed,
-		ReplicationStatusReplica,
-	}
-}
-
-const (
-	// ReplicationTimeStatusEnabled is a ReplicationTimeStatus enum value
-	ReplicationTimeStatusEnabled = "Enabled"
-
-	// ReplicationTimeStatusDisabled is a ReplicationTimeStatus enum value
-	ReplicationTimeStatusDisabled = "Disabled"
-)
-
-// ReplicationTimeStatus_Values returns all elements of the ReplicationTimeStatus enum
-func ReplicationTimeStatus_Values() []string {
-	return []string{
-		ReplicationTimeStatusEnabled,
-		ReplicationTimeStatusDisabled,
-	}
-}
-
-// If present, indicates that the requester was successfully charged for the
-// request.
-const (
-	// RequestChargedRequester is a RequestCharged enum value
-	RequestChargedRequester = "requester"
-)
-
-// RequestCharged_Values returns all elements of the RequestCharged enum
-func RequestCharged_Values() []string {
-	return []string{
-		RequestChargedRequester,
-	}
-}
-
-// Confirms that the requester knows that they will be charged for the request.
-// Bucket owners need not specify this parameter in their requests. For information
-// about downloading objects from Requester Pays buckets, see Downloading Objects
-// in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
-// in the Amazon S3 User Guide.
-const (
-	// RequestPayerRequester is a RequestPayer enum value
-	RequestPayerRequester = "requester"
-)
-
-// RequestPayer_Values returns all elements of the RequestPayer enum
-func RequestPayer_Values() []string {
-	return []string{
-		RequestPayerRequester,
-	}
-}
-
-const (
-	// RestoreRequestTypeSelect is a RestoreRequestType enum value
-	RestoreRequestTypeSelect = "SELECT"
-)
-
-// RestoreRequestType_Values returns all elements of the RestoreRequestType enum
-func RestoreRequestType_Values() []string {
-	return []string{
-		RestoreRequestTypeSelect,
-	}
-}
-
-const (
-	// ServerSideEncryptionAes256 is a ServerSideEncryption enum value
-	ServerSideEncryptionAes256 = "AES256"
-
-	// ServerSideEncryptionAwsKms is a ServerSideEncryption enum value
-	ServerSideEncryptionAwsKms = "aws:kms"
-
-	// ServerSideEncryptionAwsKmsDsse is a ServerSideEncryption enum value
-	ServerSideEncryptionAwsKmsDsse = "aws:kms:dsse"
-)
-
-// ServerSideEncryption_Values returns all elements of the ServerSideEncryption enum
-func ServerSideEncryption_Values() []string {
-	return []string{
-		ServerSideEncryptionAes256,
-		ServerSideEncryptionAwsKms,
-		ServerSideEncryptionAwsKmsDsse,
-	}
-}
-
-const (
-	// SseKmsEncryptedObjectsStatusEnabled is a SseKmsEncryptedObjectsStatus enum value
-	SseKmsEncryptedObjectsStatusEnabled = "Enabled"
-
-	// SseKmsEncryptedObjectsStatusDisabled is a SseKmsEncryptedObjectsStatus enum value
-	SseKmsEncryptedObjectsStatusDisabled = "Disabled"
-)
-
-// SseKmsEncryptedObjectsStatus_Values returns all elements of the SseKmsEncryptedObjectsStatus enum
-func SseKmsEncryptedObjectsStatus_Values() []string {
-	return []string{
-		SseKmsEncryptedObjectsStatusEnabled,
-		SseKmsEncryptedObjectsStatusDisabled,
-	}
-}
-
-const (
-	// StorageClassStandard is a StorageClass enum value
-	StorageClassStandard = "STANDARD"
-
-	// StorageClassReducedRedundancy is a StorageClass enum value
-	StorageClassReducedRedundancy = "REDUCED_REDUNDANCY"
-
-	// StorageClassStandardIa is a StorageClass enum value
-	StorageClassStandardIa = "STANDARD_IA"
-
-	// StorageClassOnezoneIa is a StorageClass enum value
-	StorageClassOnezoneIa = "ONEZONE_IA"
-
-	// StorageClassIntelligentTiering is a StorageClass enum value
-	StorageClassIntelligentTiering = "INTELLIGENT_TIERING"
-
-	// StorageClassGlacier is a StorageClass enum value
-	StorageClassGlacier = "GLACIER"
-
-	// StorageClassDeepArchive is a StorageClass enum value
-	StorageClassDeepArchive = "DEEP_ARCHIVE"
-
-	// StorageClassOutposts is a StorageClass enum value
-	StorageClassOutposts = "OUTPOSTS"
-
-	// StorageClassGlacierIr is a StorageClass enum value
-	StorageClassGlacierIr = "GLACIER_IR"
-
-	// StorageClassSnow is a StorageClass enum value
-	StorageClassSnow = "SNOW"
-)
-
-// StorageClass_Values returns all elements of the StorageClass enum
-func StorageClass_Values() []string {
-	return []string{
-		StorageClassStandard,
-		StorageClassReducedRedundancy,
-		StorageClassStandardIa,
-		StorageClassOnezoneIa,
-		StorageClassIntelligentTiering,
-		StorageClassGlacier,
-		StorageClassDeepArchive,
-		StorageClassOutposts,
-		StorageClassGlacierIr,
-		StorageClassSnow,
-	}
-}
-
-const (
-	// StorageClassAnalysisSchemaVersionV1 is a StorageClassAnalysisSchemaVersion enum value
-	StorageClassAnalysisSchemaVersionV1 = "V_1"
-)
-
-// StorageClassAnalysisSchemaVersion_Values returns all elements of the StorageClassAnalysisSchemaVersion enum
-func StorageClassAnalysisSchemaVersion_Values() []string {
-	return []string{
-		StorageClassAnalysisSchemaVersionV1,
-	}
-}
-
-const (
-	// TaggingDirectiveCopy is a TaggingDirective enum value
-	TaggingDirectiveCopy = "COPY"
-
-	// TaggingDirectiveReplace is a TaggingDirective enum value
-	TaggingDirectiveReplace = "REPLACE"
-)
-
-// TaggingDirective_Values returns all elements of the TaggingDirective enum
-func TaggingDirective_Values() []string {
-	return []string{
-		TaggingDirectiveCopy,
-		TaggingDirectiveReplace,
-	}
-}
-
-const (
-	// TierStandard is a Tier enum value
-	TierStandard = "Standard"
-
-	// TierBulk is a Tier enum value
-	TierBulk = "Bulk"
-
-	// TierExpedited is a Tier enum value
-	TierExpedited = "Expedited"
-)
-
-// Tier_Values returns all elements of the Tier enum
-func Tier_Values() []string {
-	return []string{
-		TierStandard,
-		TierBulk,
-		TierExpedited,
-	}
-}
-
-const (
-	// TransitionStorageClassGlacier is a TransitionStorageClass enum value
-	TransitionStorageClassGlacier = "GLACIER"
-
-	// TransitionStorageClassStandardIa is a TransitionStorageClass enum value
-	TransitionStorageClassStandardIa = "STANDARD_IA"
-
-	// TransitionStorageClassOnezoneIa is a TransitionStorageClass enum value
-	TransitionStorageClassOnezoneIa = "ONEZONE_IA"
-
-	// TransitionStorageClassIntelligentTiering is a TransitionStorageClass enum value
-	TransitionStorageClassIntelligentTiering = "INTELLIGENT_TIERING"
-
-	// TransitionStorageClassDeepArchive is a TransitionStorageClass enum value
-	TransitionStorageClassDeepArchive = "DEEP_ARCHIVE"
-
-	// TransitionStorageClassGlacierIr is a TransitionStorageClass enum value
-	TransitionStorageClassGlacierIr = "GLACIER_IR"
-)
-
-// TransitionStorageClass_Values returns all elements of the TransitionStorageClass enum
-func TransitionStorageClass_Values() []string {
-	return []string{
-		TransitionStorageClassGlacier,
-		TransitionStorageClassStandardIa,
-		TransitionStorageClassOnezoneIa,
-		TransitionStorageClassIntelligentTiering,
-		TransitionStorageClassDeepArchive,
-		TransitionStorageClassGlacierIr,
-	}
-}
-
-const (
-	// TypeCanonicalUser is a Type enum value
-	TypeCanonicalUser = "CanonicalUser"
-
-	// TypeAmazonCustomerByEmail is a Type enum value
-	TypeAmazonCustomerByEmail = "AmazonCustomerByEmail"
-
-	// TypeGroup is a Type enum value
-	TypeGroup = "Group"
-)
-
-// Type_Values returns all elements of the Type enum
-func Type_Values() []string {
-	return []string{
-		TypeCanonicalUser,
-		TypeAmazonCustomerByEmail,
-		TypeGroup,
-	}
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/body_hash.go b/vendor/github.com/aws/aws-sdk-go/service/s3/body_hash.go
deleted file mode 100644
index 407f06b6e..000000000
--- a/vendor/github.com/aws/aws-sdk-go/service/s3/body_hash.go
+++ /dev/null
@@ -1,202 +0,0 @@
-package s3
-
-import (
-	"bytes"
-	"crypto/md5"
-	"crypto/sha256"
-	"encoding/base64"
-	"encoding/hex"
-	"fmt"
-	"hash"
-	"io"
-
-	"github.com/aws/aws-sdk-go/aws"
-	"github.com/aws/aws-sdk-go/aws/awserr"
-	"github.com/aws/aws-sdk-go/aws/request"
-)
-
-const (
-	contentMD5Header    = "Content-Md5"
-	contentSha256Header = "X-Amz-Content-Sha256"
-	amzTeHeader         = "X-Amz-Te"
-	amzTxEncodingHeader = "X-Amz-Transfer-Encoding"
-
-	appendMD5TxEncoding = "append-md5"
-)
-
-// computeBodyHashes will add Content MD5 and Content Sha256 hashes to the
-// request. If the body is not seekable or S3DisableContentMD5Validation set
-// this handler will be ignored.
-func computeBodyHashes(r *request.Request) {
-	if aws.BoolValue(r.Config.S3DisableContentMD5Validation) {
-		return
-	}
-	if r.IsPresigned() {
-		return
-	}
-	if r.Error != nil || !aws.IsReaderSeekable(r.Body) {
-		return
-	}
-
-	var md5Hash, sha256Hash hash.Hash
-	hashers := make([]io.Writer, 0, 2)
-
-	// Determine upfront which hashes can be set without overriding user
-	// provide header data.
-	if v := r.HTTPRequest.Header.Get(contentMD5Header); len(v) == 0 {
-		md5Hash = md5.New()
-		hashers = append(hashers, md5Hash)
-	}
-
-	if v := r.HTTPRequest.Header.Get(contentSha256Header); len(v) == 0 {
-		sha256Hash = sha256.New()
-		hashers = append(hashers, sha256Hash)
-	}
-
-	// Create the destination writer based on the hashes that are not already
-	// provided by the user.
-	var dst io.Writer
-	switch len(hashers) {
-	case 0:
-		return
-	case 1:
-		dst = hashers[0]
-	default:
-		dst = io.MultiWriter(hashers...)
-	}
-
-	if _, err := aws.CopySeekableBody(dst, r.Body); err != nil {
-		r.Error = awserr.New("BodyHashError", "failed to compute body hashes", err)
-		return
-	}
-
-	// For the hashes created, set the associated headers that the user did not
-	// already provide.
-	if md5Hash != nil {
-		sum := make([]byte, md5.Size)
-		encoded := make([]byte, md5Base64EncLen)
-
-		base64.StdEncoding.Encode(encoded, md5Hash.Sum(sum[0:0]))
-		r.HTTPRequest.Header[contentMD5Header] = []string{string(encoded)}
-	}
-
-	if sha256Hash != nil {
-		encoded := make([]byte, sha256HexEncLen)
-		sum := make([]byte, sha256.Size)
-
-		hex.Encode(encoded, sha256Hash.Sum(sum[0:0]))
-		r.HTTPRequest.Header[contentSha256Header] = []string{string(encoded)}
-	}
-}
-
-const (
-	md5Base64EncLen = (md5.Size + 2) / 3 * 4 // base64.StdEncoding.EncodedLen
-	sha256HexEncLen = sha256.Size * 2        // hex.EncodedLen
-)
-
-// Adds the x-amz-te: append_md5 header to the request. This requests the service
-// responds with a trailing MD5 checksum.
-//
-// Will not ask for append MD5 if disabled, the request is presigned or,
-// or the API operation does not support content MD5 validation.
-func askForTxEncodingAppendMD5(r *request.Request) {
-	if aws.BoolValue(r.Config.S3DisableContentMD5Validation) {
-		return
-	}
-	if r.IsPresigned() {
-		return
-	}
-	r.HTTPRequest.Header.Set(amzTeHeader, appendMD5TxEncoding)
-}
-
-func useMD5ValidationReader(r *request.Request) {
-	if r.Error != nil {
-		return
-	}
-
-	if v := r.HTTPResponse.Header.Get(amzTxEncodingHeader); v != appendMD5TxEncoding {
-		return
-	}
-
-	var bodyReader *io.ReadCloser
-	var contentLen int64
-	switch tv := r.Data.(type) {
-	case *GetObjectOutput:
-		bodyReader = &tv.Body
-		contentLen = aws.Int64Value(tv.ContentLength)
-		// Update ContentLength hiden the trailing MD5 checksum.
-		tv.ContentLength = aws.Int64(contentLen - md5.Size)
-		tv.ContentRange = aws.String(r.HTTPResponse.Header.Get("X-Amz-Content-Range"))
-	default:
-		r.Error = awserr.New("ChecksumValidationError",
-			fmt.Sprintf("%s: %s header received on unsupported API, %s",
-				amzTxEncodingHeader, appendMD5TxEncoding, r.Operation.Name,
-			), nil)
-		return
-	}
-
-	if contentLen < md5.Size {
-		r.Error = awserr.New("ChecksumValidationError",
-			fmt.Sprintf("invalid Content-Length %d for %s %s",
-				contentLen, appendMD5TxEncoding, amzTxEncodingHeader,
-			), nil)
-		return
-	}
-
-	// Wrap and swap the response body reader with the validation reader.
-	*bodyReader = newMD5ValidationReader(*bodyReader, contentLen-md5.Size)
-}
-
-type md5ValidationReader struct {
-	rawReader io.ReadCloser
-	payload   io.Reader
-	hash      hash.Hash
-
-	payloadLen int64
-	read       int64
-}
-
-func newMD5ValidationReader(reader io.ReadCloser, payloadLen int64) *md5ValidationReader {
-	h := md5.New()
-	return &md5ValidationReader{
-		rawReader:  reader,
-		payload:    io.TeeReader(&io.LimitedReader{R: reader, N: payloadLen}, h),
-		hash:       h,
-		payloadLen: payloadLen,
-	}
-}
-
-func (v *md5ValidationReader) Read(p []byte) (n int, err error) {
-	n, err = v.payload.Read(p)
-	if err != nil && err != io.EOF {
-		return n, err
-	}
-
-	v.read += int64(n)
-
-	if err == io.EOF {
-		if v.read != v.payloadLen {
-			return n, io.ErrUnexpectedEOF
-		}
-		expectSum := make([]byte, md5.Size)
-		actualSum := make([]byte, md5.Size)
-		if _, sumReadErr := io.ReadFull(v.rawReader, expectSum); sumReadErr != nil {
-			return n, sumReadErr
-		}
-		actualSum = v.hash.Sum(actualSum[0:0])
-		if !bytes.Equal(expectSum, actualSum) {
-			return n, awserr.New("InvalidChecksum",
-				fmt.Sprintf("expected MD5 checksum %s, got %s",
-					hex.EncodeToString(expectSum),
-					hex.EncodeToString(actualSum),
-				),
-				nil)
-		}
-	}
-
-	return n, err
-}
-
-func (v *md5ValidationReader) Close() error {
-	return v.rawReader.Close()
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/bucket_location.go b/vendor/github.com/aws/aws-sdk-go/service/s3/bucket_location.go
deleted file mode 100644
index 20828387e..000000000
--- a/vendor/github.com/aws/aws-sdk-go/service/s3/bucket_location.go
+++ /dev/null
@@ -1,107 +0,0 @@
-package s3
-
-import (
-	"io/ioutil"
-	"regexp"
-
-	"github.com/aws/aws-sdk-go/aws"
-	"github.com/aws/aws-sdk-go/aws/awserr"
-	"github.com/aws/aws-sdk-go/aws/awsutil"
-	"github.com/aws/aws-sdk-go/aws/request"
-)
-
-var reBucketLocation = regexp.MustCompile(`>([^<>]+)<\/Location`)
-
-// NormalizeBucketLocation is a utility function which will update the
-// passed in value to always be a region ID. Generally this would be used
-// with GetBucketLocation API operation.
-//
-// Replaces empty string with "us-east-1", and "EU" with "eu-west-1".
-//
-// See http://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketGETlocation.html
-// for more information on the values that can be returned.
-func NormalizeBucketLocation(loc string) string {
-	switch loc {
-	case "":
-		loc = "us-east-1"
-	case "EU":
-		loc = "eu-west-1"
-	}
-
-	return loc
-}
-
-// NormalizeBucketLocationHandler is a request handler which will update the
-// GetBucketLocation's result LocationConstraint value to always be a region ID.
-//
-// Replaces empty string with "us-east-1", and "EU" with "eu-west-1".
-//
-// See http://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketGETlocation.html
-// for more information on the values that can be returned.
-//
-//	req, result := svc.GetBucketLocationRequest(&s3.GetBucketLocationInput{
-//	    Bucket: aws.String(bucket),
-//	})
-//	req.Handlers.Unmarshal.PushBackNamed(NormalizeBucketLocationHandler)
-//	err := req.Send()
-var NormalizeBucketLocationHandler = request.NamedHandler{
-	Name: "awssdk.s3.NormalizeBucketLocation",
-	Fn: func(req *request.Request) {
-		if req.Error != nil {
-			return
-		}
-
-		out := req.Data.(*GetBucketLocationOutput)
-		loc := NormalizeBucketLocation(aws.StringValue(out.LocationConstraint))
-		out.LocationConstraint = aws.String(loc)
-	},
-}
-
-// WithNormalizeBucketLocation is a request option which will update the
-// GetBucketLocation's result LocationConstraint value to always be a region ID.
-//
-// Replaces empty string with "us-east-1", and "EU" with "eu-west-1".
-//
-// See http://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketGETlocation.html
-// for more information on the values that can be returned.
-//
-//	result, err := svc.GetBucketLocationWithContext(ctx,
-//	    &s3.GetBucketLocationInput{
-//	        Bucket: aws.String(bucket),
-//	    },
-//	    s3.WithNormalizeBucketLocation,
-//	)
-func WithNormalizeBucketLocation(r *request.Request) {
-	r.Handlers.Unmarshal.PushBackNamed(NormalizeBucketLocationHandler)
-}
-
-func buildGetBucketLocation(r *request.Request) {
-	if r.DataFilled() {
-		out := r.Data.(*GetBucketLocationOutput)
-		b, err := ioutil.ReadAll(r.HTTPResponse.Body)
-		if err != nil {
-			r.Error = awserr.New(request.ErrCodeSerialization,
-				"failed reading response body", err)
-			return
-		}
-
-		match := reBucketLocation.FindSubmatch(b)
-		if len(match) > 1 {
-			loc := string(match[1])
-			out.LocationConstraint = aws.String(loc)
-		}
-	}
-}
-
-func populateLocationConstraint(r *request.Request) {
-	if r.ParamsFilled() && aws.StringValue(r.Config.Region) != "us-east-1" {
-		in := r.Params.(*CreateBucketInput)
-		if in.CreateBucketConfiguration == nil {
-			r.Params = awsutil.CopyOf(r.Params)
-			in = r.Params.(*CreateBucketInput)
-			in.CreateBucketConfiguration = &CreateBucketConfiguration{
-				LocationConstraint: r.Config.Region,
-			}
-		}
-	}
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/customizations.go b/vendor/github.com/aws/aws-sdk-go/service/s3/customizations.go
deleted file mode 100644
index 229606b70..000000000
--- a/vendor/github.com/aws/aws-sdk-go/service/s3/customizations.go
+++ /dev/null
@@ -1,89 +0,0 @@
-package s3
-
-import (
-	"github.com/aws/aws-sdk-go/aws"
-	"github.com/aws/aws-sdk-go/aws/client"
-	"github.com/aws/aws-sdk-go/aws/endpoints"
-	"github.com/aws/aws-sdk-go/aws/request"
-	"github.com/aws/aws-sdk-go/internal/s3shared/arn"
-	"github.com/aws/aws-sdk-go/internal/s3shared/s3err"
-)
-
-func init() {
-	initClient = defaultInitClientFn
-	initRequest = defaultInitRequestFn
-}
-
-func defaultInitClientFn(c *client.Client) {
-	if c.Config.UseDualStackEndpoint == endpoints.DualStackEndpointStateUnset {
-		if aws.BoolValue(c.Config.UseDualStack) {
-			c.Config.UseDualStackEndpoint = endpoints.DualStackEndpointStateEnabled
-		} else {
-			c.Config.UseDualStackEndpoint = endpoints.DualStackEndpointStateDisabled
-		}
-	}
-
-	// Support building custom endpoints based on config
-	c.Handlers.Build.PushFront(endpointHandler)
-
-	// Require SSL when using SSE keys
-	c.Handlers.Validate.PushBack(validateSSERequiresSSL)
-	c.Handlers.Build.PushBack(computeSSEKeyMD5)
-	c.Handlers.Build.PushBack(computeCopySourceSSEKeyMD5)
-
-	// S3 uses custom error unmarshaling logic
-	c.Handlers.UnmarshalError.Clear()
-	c.Handlers.UnmarshalError.PushBack(unmarshalError)
-	c.Handlers.UnmarshalError.PushBackNamed(s3err.RequestFailureWrapperHandler())
-}
-
-func defaultInitRequestFn(r *request.Request) {
-	// Add request handlers for specific platforms.
-	// e.g. 100-continue support for PUT requests using Go 1.6
-	platformRequestHandlers(r)
-
-	switch r.Operation.Name {
-	case opGetBucketLocation:
-		// GetBucketLocation has custom parsing logic
-		r.Handlers.Unmarshal.PushFront(buildGetBucketLocation)
-	case opCreateBucket:
-		// Auto-populate LocationConstraint with current region
-		r.Handlers.Validate.PushFront(populateLocationConstraint)
-	case opCopyObject, opUploadPartCopy, opCompleteMultipartUpload:
-		r.Handlers.Unmarshal.PushFront(copyMultipartStatusOKUnmarshalError)
-		r.Handlers.Unmarshal.PushBackNamed(s3err.RequestFailureWrapperHandler())
-	case opPutObject, opUploadPart:
-		r.Handlers.Build.PushBack(computeBodyHashes)
-		// Disabled until #1837 root issue is resolved.
-		//	case opGetObject:
-		//		r.Handlers.Build.PushBack(askForTxEncodingAppendMD5)
-		//		r.Handlers.Unmarshal.PushBack(useMD5ValidationReader)
-	case opWriteGetObjectResponse:
-		r.Handlers.Build.PushFront(buildWriteGetObjectResponseEndpoint)
-	}
-}
-
-// bucketGetter is an accessor interface to grab the "Bucket" field from
-// an S3 type.
-type bucketGetter interface {
-	getBucket() string
-}
-
-// sseCustomerKeyGetter is an accessor interface to grab the "SSECustomerKey"
-// field from an S3 type.
-type sseCustomerKeyGetter interface {
-	getSSECustomerKey() string
-}
-
-// copySourceSSECustomerKeyGetter is an accessor interface to grab the
-// "CopySourceSSECustomerKey" field from an S3 type.
-type copySourceSSECustomerKeyGetter interface {
-	getCopySourceSSECustomerKey() string
-}
-
-// endpointARNGetter is an accessor interface to grab the
-// the field corresponding to an endpoint ARN input.
-type endpointARNGetter interface {
-	getEndpointARN() (arn.Resource, error)
-	hasEndpointARN() bool
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/doc.go b/vendor/github.com/aws/aws-sdk-go/service/s3/doc.go
deleted file mode 100644
index c148f757e..000000000
--- a/vendor/github.com/aws/aws-sdk-go/service/s3/doc.go
+++ /dev/null
@@ -1,26 +0,0 @@
-// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
-
-// Package s3 provides the client and types for making API
-// requests to Amazon Simple Storage Service.
-//
-// See https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01 for more information on this service.
-//
-// See s3 package documentation for more information.
-// https://docs.aws.amazon.com/sdk-for-go/api/service/s3/
-//
-// # Using the Client
-//
-// To contact Amazon Simple Storage Service with the SDK use the New function to create
-// a new service client. With that client you can make API requests to the service.
-// These clients are safe to use concurrently.
-//
-// See the SDK's documentation for more information on how to use the SDK.
-// https://docs.aws.amazon.com/sdk-for-go/api/
-//
-// See aws.Config documentation for more information on configuring SDK clients.
-// https://docs.aws.amazon.com/sdk-for-go/api/aws/#Config
-//
-// See the Amazon Simple Storage Service client S3 for more
-// information on creating client for this service.
-// https://docs.aws.amazon.com/sdk-for-go/api/service/s3/#New
-package s3
diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/doc_custom.go b/vendor/github.com/aws/aws-sdk-go/service/s3/doc_custom.go
deleted file mode 100644
index 2e8244f8f..000000000
--- a/vendor/github.com/aws/aws-sdk-go/service/s3/doc_custom.go
+++ /dev/null
@@ -1,109 +0,0 @@
-// Upload Managers
-//
-// The s3manager package's Uploader provides concurrent upload of content to S3
-// by taking advantage of S3's Multipart APIs. The Uploader also supports both
-// io.Reader for streaming uploads, and will also take advantage of io.ReadSeeker
-// for optimizations if the Body satisfies that type. Once the Uploader instance
-// is created you can call Upload concurrently from multiple goroutines safely.
-//
-//	// The session the S3 Uploader will use
-//	sess := session.Must(session.NewSession())
-//
-//	// Create an uploader with the session and default options
-//	uploader := s3manager.NewUploader(sess)
-//
-//	f, err  := os.Open(filename)
-//	if err != nil {
-//	    return fmt.Errorf("failed to open file %q, %v", filename, err)
-//	}
-//
-//	// Upload the file to S3.
-//	result, err := uploader.Upload(&s3manager.UploadInput{
-//	    Bucket: aws.String(myBucket),
-//	    Key:    aws.String(myString),
-//	    Body:   f,
-//	})
-//	if err != nil {
-//	    return fmt.Errorf("failed to upload file, %v", err)
-//	}
-//	fmt.Printf("file uploaded to, %s\n", aws.StringValue(result.Location))
-//
-// See the s3manager package's Uploader type documentation for more information.
-// https://docs.aws.amazon.com/sdk-for-go/api/service/s3/s3manager/#Uploader
-//
-// # Download Manager
-//
-// The s3manager package's Downloader provides concurrently downloading of Objects
-// from S3. The Downloader will write S3 Object content with an io.WriterAt.
-// Once the Downloader instance is created you can call Download concurrently from
-// multiple goroutines safely.
-//
-//	// The session the S3 Downloader will use
-//	sess := session.Must(session.NewSession())
-//
-//	// Create a downloader with the session and default options
-//	downloader := s3manager.NewDownloader(sess)
-//
-//	// Create a file to write the S3 Object contents to.
-//	f, err := os.Create(filename)
-//	if err != nil {
-//	    return fmt.Errorf("failed to create file %q, %v", filename, err)
-//	}
-//
-//	// Write the contents of S3 Object to the file
-//	n, err := downloader.Download(f, &s3.GetObjectInput{
-//	    Bucket: aws.String(myBucket),
-//	    Key:    aws.String(myString),
-//	})
-//	if err != nil {
-//	    return fmt.Errorf("failed to download file, %v", err)
-//	}
-//	fmt.Printf("file downloaded, %d bytes\n", n)
-//
-// See the s3manager package's Downloader type documentation for more information.
-// https://docs.aws.amazon.com/sdk-for-go/api/service/s3/s3manager/#Downloader
-//
-// # Automatic URI cleaning
-//
-// Interacting with objects whose keys contain adjacent slashes (e.g. bucketname/foo//bar/objectname)
-// requires setting DisableRestProtocolURICleaning to true in the aws.Config struct
-// used by the service client.
-//
-//	svc := s3.New(sess, &aws.Config{
-//	   	DisableRestProtocolURICleaning: aws.Bool(true),
-//	})
-//	out, err := svc.GetObject(&s3.GetObjectInput {
-//	   	Bucket: aws.String("bucketname"),
-//	    	Key: aws.String("//foo//bar//moo"),
-//	})
-//
-// # Get Bucket Region
-//
-// GetBucketRegion will attempt to get the region for a bucket using a region
-// hint to determine which AWS partition to perform the query on. Use this utility
-// to determine the region a bucket is in.
-//
-//	sess := session.Must(session.NewSession())
-//
-//	bucket := "my-bucket"
-//	region, err := s3manager.GetBucketRegion(ctx, sess, bucket, "us-west-2")
-//	if err != nil {
-//	    if aerr, ok := err.(awserr.Error); ok && aerr.Code() == "NotFound" {
-//	         fmt.Fprintf(os.Stderr, "unable to find bucket %s's region not found\n", bucket)
-//	    }
-//	    return err
-//	}
-//	fmt.Printf("Bucket %s is in %s region\n", bucket, region)
-//
-// See the s3manager package's GetBucketRegion function documentation for more information
-// https://docs.aws.amazon.com/sdk-for-go/api/service/s3/s3manager/#GetBucketRegion
-//
-// # S3 Crypto Client
-//
-// The s3crypto package provides the tools to upload and download encrypted
-// content from S3. The Encryption and Decryption clients can be used concurrently
-// once the client is created.
-//
-// See the s3crypto package documentation for more information.
-// https://docs.aws.amazon.com/sdk-for-go/api/service/s3/s3crypto/
-package s3
diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/endpoint.go b/vendor/github.com/aws/aws-sdk-go/service/s3/endpoint.go
deleted file mode 100644
index 71b438692..000000000
--- a/vendor/github.com/aws/aws-sdk-go/service/s3/endpoint.go
+++ /dev/null
@@ -1,298 +0,0 @@
-package s3
-
-import (
-	"fmt"
-	"github.com/aws/aws-sdk-go/aws/awserr"
-	"github.com/aws/aws-sdk-go/aws/endpoints"
-	"net/url"
-	"strings"
-
-	"github.com/aws/aws-sdk-go/aws"
-	awsarn "github.com/aws/aws-sdk-go/aws/arn"
-	"github.com/aws/aws-sdk-go/aws/request"
-	"github.com/aws/aws-sdk-go/internal/s3shared"
-	"github.com/aws/aws-sdk-go/internal/s3shared/arn"
-)
-
-const (
-	s3Namespace              = "s3"
-	s3AccessPointNamespace   = "s3-accesspoint"
-	s3ObjectsLambdaNamespace = "s3-object-lambda"
-	s3OutpostsNamespace      = "s3-outposts"
-)
-
-// Used by shapes with members decorated as endpoint ARN.
-func parseEndpointARN(v string) (arn.Resource, error) {
-	return arn.ParseResource(v, accessPointResourceParser)
-}
-
-func accessPointResourceParser(a awsarn.ARN) (arn.Resource, error) {
-	resParts := arn.SplitResource(a.Resource)
-	switch resParts[0] {
-	case "accesspoint":
-		switch a.Service {
-		case s3Namespace:
-			return arn.ParseAccessPointResource(a, resParts[1:])
-		case s3ObjectsLambdaNamespace:
-			return parseS3ObjectLambdaAccessPointResource(a, resParts)
-		default:
-			return arn.AccessPointARN{}, arn.InvalidARNError{ARN: a, Reason: fmt.Sprintf("service is not %s or %s", s3Namespace, s3ObjectsLambdaNamespace)}
-		}
-	case "outpost":
-		if a.Service != "s3-outposts" {
-			return arn.OutpostAccessPointARN{}, arn.InvalidARNError{ARN: a, Reason: "service is not s3-outposts"}
-		}
-		return parseOutpostAccessPointResource(a, resParts[1:])
-	default:
-		return nil, arn.InvalidARNError{ARN: a, Reason: "unknown resource type"}
-	}
-}
-
-// parseOutpostAccessPointResource attempts to parse the ARNs resource as an
-// outpost access-point resource.
-//
-// Supported Outpost AccessPoint ARN format:
-//   - ARN format: arn:{partition}:s3-outposts:{region}:{accountId}:outpost/{outpostId}/accesspoint/{accesspointName}
-//   - example: arn:aws:s3-outposts:us-west-2:012345678901:outpost/op-1234567890123456/accesspoint/myaccesspoint
-func parseOutpostAccessPointResource(a awsarn.ARN, resParts []string) (arn.OutpostAccessPointARN, error) {
-	// outpost accesspoint arn is only valid if service is s3-outposts
-	if a.Service != "s3-outposts" {
-		return arn.OutpostAccessPointARN{}, arn.InvalidARNError{ARN: a, Reason: "service is not s3-outposts"}
-	}
-
-	if len(resParts) == 0 {
-		return arn.OutpostAccessPointARN{}, arn.InvalidARNError{ARN: a, Reason: "outpost resource-id not set"}
-	}
-
-	if len(resParts) < 3 {
-		return arn.OutpostAccessPointARN{}, arn.InvalidARNError{
-			ARN: a, Reason: "access-point resource not set in Outpost ARN",
-		}
-	}
-
-	resID := strings.TrimSpace(resParts[0])
-	if len(resID) == 0 {
-		return arn.OutpostAccessPointARN{}, arn.InvalidARNError{ARN: a, Reason: "outpost resource-id not set"}
-	}
-
-	var outpostAccessPointARN = arn.OutpostAccessPointARN{}
-	switch resParts[1] {
-	case "accesspoint":
-		accessPointARN, err := arn.ParseAccessPointResource(a, resParts[2:])
-		if err != nil {
-			return arn.OutpostAccessPointARN{}, err
-		}
-		// set access-point arn
-		outpostAccessPointARN.AccessPointARN = accessPointARN
-	default:
-		return arn.OutpostAccessPointARN{}, arn.InvalidARNError{ARN: a, Reason: "access-point resource not set in Outpost ARN"}
-	}
-
-	// set outpost id
-	outpostAccessPointARN.OutpostID = resID
-	return outpostAccessPointARN, nil
-}
-
-func parseS3ObjectLambdaAccessPointResource(a awsarn.ARN, resParts []string) (arn.S3ObjectLambdaAccessPointARN, error) {
-	if a.Service != s3ObjectsLambdaNamespace {
-		return arn.S3ObjectLambdaAccessPointARN{}, arn.InvalidARNError{ARN: a, Reason: fmt.Sprintf("service is not %s", s3ObjectsLambdaNamespace)}
-	}
-
-	accessPointARN, err := arn.ParseAccessPointResource(a, resParts[1:])
-	if err != nil {
-		return arn.S3ObjectLambdaAccessPointARN{}, err
-	}
-
-	if len(accessPointARN.Region) == 0 {
-		return arn.S3ObjectLambdaAccessPointARN{}, arn.InvalidARNError{ARN: a, Reason: fmt.Sprintf("%s region not set", s3ObjectsLambdaNamespace)}
-	}
-
-	return arn.S3ObjectLambdaAccessPointARN{
-		AccessPointARN: accessPointARN,
-	}, nil
-}
-
-func endpointHandler(req *request.Request) {
-	endpoint, ok := req.Params.(endpointARNGetter)
-	if !ok || !endpoint.hasEndpointARN() {
-		updateBucketEndpointFromParams(req)
-		return
-	}
-
-	resource, err := endpoint.getEndpointARN()
-	if err != nil {
-		req.Error = s3shared.NewInvalidARNError(nil, err)
-		return
-	}
-
-	resReq := s3shared.ResourceRequest{
-		Resource: resource,
-		Request:  req,
-	}
-
-	if len(resReq.Request.ClientInfo.PartitionID) != 0 && resReq.IsCrossPartition() {
-		req.Error = s3shared.NewClientPartitionMismatchError(resource,
-			req.ClientInfo.PartitionID, aws.StringValue(req.Config.Region), nil)
-		return
-	}
-
-	if !resReq.AllowCrossRegion() && resReq.IsCrossRegion() {
-		req.Error = s3shared.NewClientRegionMismatchError(resource,
-			req.ClientInfo.PartitionID, aws.StringValue(req.Config.Region), nil)
-		return
-	}
-
-	switch tv := resource.(type) {
-	case arn.AccessPointARN:
-		err = updateRequestAccessPointEndpoint(req, tv)
-		if err != nil {
-			req.Error = err
-		}
-	case arn.S3ObjectLambdaAccessPointARN:
-		err = updateRequestS3ObjectLambdaAccessPointEndpoint(req, tv)
-		if err != nil {
-			req.Error = err
-		}
-	case arn.OutpostAccessPointARN:
-		// outposts does not support FIPS regions
-		if req.Config.UseFIPSEndpoint == endpoints.FIPSEndpointStateEnabled {
-			req.Error = s3shared.NewFIPSConfigurationError(resource, req.ClientInfo.PartitionID,
-				aws.StringValue(req.Config.Region), nil)
-			return
-		}
-
-		err = updateRequestOutpostAccessPointEndpoint(req, tv)
-		if err != nil {
-			req.Error = err
-		}
-	default:
-		req.Error = s3shared.NewInvalidARNError(resource, nil)
-	}
-}
-
-func updateBucketEndpointFromParams(r *request.Request) {
-	bucket, ok := bucketNameFromReqParams(r.Params)
-	if !ok {
-		// Ignore operation requests if the bucket name was not provided
-		// if this is an input validation error the validation handler
-		// will report it.
-		return
-	}
-	updateEndpointForS3Config(r, bucket)
-}
-
-func updateRequestAccessPointEndpoint(req *request.Request, accessPoint arn.AccessPointARN) error {
-	// Accelerate not supported
-	if aws.BoolValue(req.Config.S3UseAccelerate) {
-		return s3shared.NewClientConfiguredForAccelerateError(accessPoint,
-			req.ClientInfo.PartitionID, aws.StringValue(req.Config.Region), nil)
-	}
-
-	// Ignore the disable host prefix for access points
-	req.Config.DisableEndpointHostPrefix = aws.Bool(false)
-
-	if err := accessPointEndpointBuilder(accessPoint).build(req); err != nil {
-		return err
-	}
-
-	removeBucketFromPath(req.HTTPRequest.URL)
-
-	return nil
-}
-
-func updateRequestS3ObjectLambdaAccessPointEndpoint(req *request.Request, accessPoint arn.S3ObjectLambdaAccessPointARN) error {
-	// DualStack not supported
-	if isUseDualStackEndpoint(req) {
-		return s3shared.NewClientConfiguredForDualStackError(accessPoint,
-			req.ClientInfo.PartitionID, aws.StringValue(req.Config.Region), nil)
-	}
-
-	// Accelerate not supported
-	if aws.BoolValue(req.Config.S3UseAccelerate) {
-		return s3shared.NewClientConfiguredForAccelerateError(accessPoint,
-			req.ClientInfo.PartitionID, aws.StringValue(req.Config.Region), nil)
-	}
-
-	// Ignore the disable host prefix for access points
-	req.Config.DisableEndpointHostPrefix = aws.Bool(false)
-
-	if err := s3ObjectLambdaAccessPointEndpointBuilder(accessPoint).build(req); err != nil {
-		return err
-	}
-
-	removeBucketFromPath(req.HTTPRequest.URL)
-
-	return nil
-}
-
-func updateRequestOutpostAccessPointEndpoint(req *request.Request, accessPoint arn.OutpostAccessPointARN) error {
-	// Accelerate not supported
-	if aws.BoolValue(req.Config.S3UseAccelerate) {
-		return s3shared.NewClientConfiguredForAccelerateError(accessPoint,
-			req.ClientInfo.PartitionID, aws.StringValue(req.Config.Region), nil)
-	}
-
-	// Dualstack not supported
-	if isUseDualStackEndpoint(req) {
-		return s3shared.NewClientConfiguredForDualStackError(accessPoint,
-			req.ClientInfo.PartitionID, aws.StringValue(req.Config.Region), nil)
-	}
-
-	// Ignore the disable host prefix for access points
-	req.Config.DisableEndpointHostPrefix = aws.Bool(false)
-
-	if err := outpostAccessPointEndpointBuilder(accessPoint).build(req); err != nil {
-		return err
-	}
-
-	removeBucketFromPath(req.HTTPRequest.URL)
-	return nil
-}
-
-func removeBucketFromPath(u *url.URL) {
-	u.Path = strings.Replace(u.Path, "/{Bucket}", "", -1)
-	if u.Path == "" {
-		u.Path = "/"
-	}
-}
-
-func buildWriteGetObjectResponseEndpoint(req *request.Request) {
-	// DualStack not supported
-	if isUseDualStackEndpoint(req) {
-		req.Error = awserr.New("ConfigurationError", "client configured for dualstack but not supported for operation", nil)
-		return
-	}
-
-	// Accelerate not supported
-	if aws.BoolValue(req.Config.S3UseAccelerate) {
-		req.Error = awserr.New("ConfigurationError", "client configured for accelerate but not supported for operation", nil)
-		return
-	}
-
-	signingName := s3ObjectsLambdaNamespace
-	signingRegion := req.ClientInfo.SigningRegion
-
-	if !hasCustomEndpoint(req) {
-		endpoint, err := resolveRegionalEndpoint(req, aws.StringValue(req.Config.Region), req.ClientInfo.ResolvedRegion, EndpointsID)
-		if err != nil {
-			req.Error = awserr.New(request.ErrCodeSerialization, "failed to resolve endpoint", err)
-			return
-		}
-		signingRegion = endpoint.SigningRegion
-
-		if err = updateRequestEndpoint(req, endpoint.URL); err != nil {
-			req.Error = err
-			return
-		}
-		updateS3HostPrefixForS3ObjectLambda(req)
-	}
-
-	redirectSigner(req, signingName, signingRegion)
-}
-
-func isUseDualStackEndpoint(req *request.Request) bool {
-	if req.Config.UseDualStackEndpoint != endpoints.DualStackEndpointStateUnset {
-		return req.Config.UseDualStackEndpoint == endpoints.DualStackEndpointStateEnabled
-	}
-	return aws.BoolValue(req.Config.UseDualStack)
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/endpoint_builder.go b/vendor/github.com/aws/aws-sdk-go/service/s3/endpoint_builder.go
deleted file mode 100644
index 7ae18ef54..000000000
--- a/vendor/github.com/aws/aws-sdk-go/service/s3/endpoint_builder.go
+++ /dev/null
@@ -1,239 +0,0 @@
-package s3
-
-import (
-	"net/url"
-	"strings"
-
-	"github.com/aws/aws-sdk-go/aws"
-	"github.com/aws/aws-sdk-go/aws/awserr"
-	"github.com/aws/aws-sdk-go/aws/endpoints"
-	"github.com/aws/aws-sdk-go/aws/request"
-	"github.com/aws/aws-sdk-go/internal/s3shared"
-	"github.com/aws/aws-sdk-go/internal/s3shared/arn"
-	"github.com/aws/aws-sdk-go/private/protocol"
-)
-
-const (
-	accessPointPrefixLabel    = "accesspoint"
-	accountIDPrefixLabel      = "accountID"
-	accessPointPrefixTemplate = "{" + accessPointPrefixLabel + "}-{" + accountIDPrefixLabel + "}."
-
-	outpostPrefixLabel               = "outpost"
-	outpostAccessPointPrefixTemplate = accessPointPrefixTemplate + "{" + outpostPrefixLabel + "}."
-)
-
-// hasCustomEndpoint returns true if endpoint is a custom endpoint
-func hasCustomEndpoint(r *request.Request) bool {
-	return len(aws.StringValue(r.Config.Endpoint)) > 0
-}
-
-// accessPointEndpointBuilder represents the endpoint builder for access point arn
-type accessPointEndpointBuilder arn.AccessPointARN
-
-// build builds the endpoint for corresponding access point arn
-//
-// For building an endpoint from access point arn, format used is:
-// - Access point endpoint format : {accesspointName}-{accountId}.s3-accesspoint.{region}.{dnsSuffix}
-// - example : myaccesspoint-012345678901.s3-accesspoint.us-west-2.amazonaws.com
-//
-// Access Point Endpoint requests are signed using "s3" as signing name.
-func (a accessPointEndpointBuilder) build(req *request.Request) error {
-	resolveService := arn.AccessPointARN(a).Service
-	resolveRegion := arn.AccessPointARN(a).Region
-
-	endpoint, err := resolveRegionalEndpoint(req, resolveRegion, "", resolveService)
-	if err != nil {
-		return s3shared.NewFailedToResolveEndpointError(arn.AccessPointARN(a),
-			req.ClientInfo.PartitionID, resolveRegion, err)
-	}
-
-	endpoint.URL = endpoints.AddScheme(endpoint.URL, aws.BoolValue(req.Config.DisableSSL))
-
-	if !hasCustomEndpoint(req) {
-		if err = updateRequestEndpoint(req, endpoint.URL); err != nil {
-			return err
-		}
-
-		// dual stack provided by endpoint resolver
-		updateS3HostForS3AccessPoint(req)
-	}
-
-	protocol.HostPrefixBuilder{
-		Prefix:   accessPointPrefixTemplate,
-		LabelsFn: a.hostPrefixLabelValues,
-	}.Build(req)
-
-	// signer redirection
-	redirectSigner(req, endpoint.SigningName, endpoint.SigningRegion)
-
-	err = protocol.ValidateEndpointHost(req.Operation.Name, req.HTTPRequest.URL.Host)
-	if err != nil {
-		return s3shared.NewInvalidARNError(arn.AccessPointARN(a), err)
-	}
-
-	return nil
-}
-
-func (a accessPointEndpointBuilder) hostPrefixLabelValues() map[string]string {
-	return map[string]string{
-		accessPointPrefixLabel: arn.AccessPointARN(a).AccessPointName,
-		accountIDPrefixLabel:   arn.AccessPointARN(a).AccountID,
-	}
-}
-
-// s3ObjectLambdaAccessPointEndpointBuilder represents the endpoint builder for an s3 object lambda access point arn
-type s3ObjectLambdaAccessPointEndpointBuilder arn.S3ObjectLambdaAccessPointARN
-
-// build builds the endpoint for corresponding access point arn
-//
-// For building an endpoint from access point arn, format used is:
-// - Access point endpoint format : {accesspointName}-{accountId}.s3-object-lambda.{region}.{dnsSuffix}
-// - example : myaccesspoint-012345678901.s3-object-lambda.us-west-2.amazonaws.com
-//
-// Access Point Endpoint requests are signed using "s3-object-lambda" as signing name.
-func (a s3ObjectLambdaAccessPointEndpointBuilder) build(req *request.Request) error {
-	resolveRegion := arn.S3ObjectLambdaAccessPointARN(a).Region
-
-	endpoint, err := resolveRegionalEndpoint(req, resolveRegion, "", EndpointsID)
-	if err != nil {
-		return s3shared.NewFailedToResolveEndpointError(arn.S3ObjectLambdaAccessPointARN(a),
-			req.ClientInfo.PartitionID, resolveRegion, err)
-	}
-
-	endpoint.URL = endpoints.AddScheme(endpoint.URL, aws.BoolValue(req.Config.DisableSSL))
-
-	endpoint.SigningName = s3ObjectsLambdaNamespace
-
-	if !hasCustomEndpoint(req) {
-		if err = updateRequestEndpoint(req, endpoint.URL); err != nil {
-			return err
-		}
-
-		updateS3HostPrefixForS3ObjectLambda(req)
-	}
-
-	protocol.HostPrefixBuilder{
-		Prefix:   accessPointPrefixTemplate,
-		LabelsFn: a.hostPrefixLabelValues,
-	}.Build(req)
-
-	// signer redirection
-	redirectSigner(req, endpoint.SigningName, endpoint.SigningRegion)
-
-	err = protocol.ValidateEndpointHost(req.Operation.Name, req.HTTPRequest.URL.Host)
-	if err != nil {
-		return s3shared.NewInvalidARNError(arn.S3ObjectLambdaAccessPointARN(a), err)
-	}
-
-	return nil
-}
-
-func (a s3ObjectLambdaAccessPointEndpointBuilder) hostPrefixLabelValues() map[string]string {
-	return map[string]string{
-		accessPointPrefixLabel: arn.S3ObjectLambdaAccessPointARN(a).AccessPointName,
-		accountIDPrefixLabel:   arn.S3ObjectLambdaAccessPointARN(a).AccountID,
-	}
-}
-
-// outpostAccessPointEndpointBuilder represents the Endpoint builder for outpost access point arn.
-type outpostAccessPointEndpointBuilder arn.OutpostAccessPointARN
-
-// build builds an endpoint corresponding to the outpost access point arn.
-//
-// For building an endpoint from outpost access point arn, format used is:
-// - Outpost access point endpoint format : {accesspointName}-{accountId}.{outpostId}.s3-outposts.{region}.{dnsSuffix}
-// - example : myaccesspoint-012345678901.op-01234567890123456.s3-outposts.us-west-2.amazonaws.com
-//
-// Outpost AccessPoint Endpoint request are signed using "s3-outposts" as signing name.
-func (o outpostAccessPointEndpointBuilder) build(req *request.Request) error {
-	resolveRegion := o.Region
-	resolveService := o.Service
-
-	endpointsID := resolveService
-	if resolveService == s3OutpostsNamespace {
-		endpointsID = "s3"
-	}
-
-	endpoint, err := resolveRegionalEndpoint(req, resolveRegion, "", endpointsID)
-	if err != nil {
-		return s3shared.NewFailedToResolveEndpointError(o,
-			req.ClientInfo.PartitionID, resolveRegion, err)
-	}
-
-	endpoint.URL = endpoints.AddScheme(endpoint.URL, aws.BoolValue(req.Config.DisableSSL))
-
-	if !hasCustomEndpoint(req) {
-		if err = updateRequestEndpoint(req, endpoint.URL); err != nil {
-			return err
-		}
-		updateHostPrefix(req, endpointsID, resolveService)
-	}
-
-	protocol.HostPrefixBuilder{
-		Prefix:   outpostAccessPointPrefixTemplate,
-		LabelsFn: o.hostPrefixLabelValues,
-	}.Build(req)
-
-	// set the signing region, name to resolved names from ARN
-	redirectSigner(req, resolveService, resolveRegion)
-
-	err = protocol.ValidateEndpointHost(req.Operation.Name, req.HTTPRequest.URL.Host)
-	if err != nil {
-		return s3shared.NewInvalidARNError(o, err)
-	}
-
-	return nil
-}
-
-func (o outpostAccessPointEndpointBuilder) hostPrefixLabelValues() map[string]string {
-	return map[string]string{
-		accessPointPrefixLabel: o.AccessPointName,
-		accountIDPrefixLabel:   o.AccountID,
-		outpostPrefixLabel:     o.OutpostID,
-	}
-}
-
-func resolveRegionalEndpoint(r *request.Request, region, resolvedRegion, endpointsID string) (endpoints.ResolvedEndpoint, error) {
-	return r.Config.EndpointResolver.EndpointFor(endpointsID, region, func(opts *endpoints.Options) {
-		opts.DisableSSL = aws.BoolValue(r.Config.DisableSSL)
-		opts.UseDualStack = aws.BoolValue(r.Config.UseDualStack)
-		opts.UseDualStackEndpoint = r.Config.UseDualStackEndpoint
-		opts.UseFIPSEndpoint = r.Config.UseFIPSEndpoint
-		opts.S3UsEast1RegionalEndpoint = endpoints.RegionalS3UsEast1Endpoint
-		opts.ResolvedRegion = resolvedRegion
-		opts.Logger = r.Config.Logger
-		opts.LogDeprecated = r.Config.LogLevel.Matches(aws.LogDebugWithDeprecated)
-	})
-}
-
-func updateRequestEndpoint(r *request.Request, endpoint string) (err error) {
-	r.HTTPRequest.URL, err = url.Parse(endpoint + r.Operation.HTTPPath)
-	if err != nil {
-		return awserr.New(request.ErrCodeSerialization,
-			"failed to parse endpoint URL", err)
-	}
-
-	return nil
-}
-
-// redirectSigner sets signing name, signing region for a request
-func redirectSigner(req *request.Request, signingName string, signingRegion string) {
-	req.ClientInfo.SigningName = signingName
-	req.ClientInfo.SigningRegion = signingRegion
-}
-
-func updateS3HostForS3AccessPoint(req *request.Request) {
-	updateHostPrefix(req, "s3", s3AccessPointNamespace)
-}
-
-func updateS3HostPrefixForS3ObjectLambda(req *request.Request) {
-	updateHostPrefix(req, "s3", s3ObjectsLambdaNamespace)
-}
-
-func updateHostPrefix(req *request.Request, oldEndpointPrefix, newEndpointPrefix string) {
-	host := req.HTTPRequest.URL.Host
-	if strings.HasPrefix(host, oldEndpointPrefix) {
-		// replace service hostlabel oldEndpointPrefix to newEndpointPrefix
-		req.HTTPRequest.URL.Host = newEndpointPrefix + host[len(oldEndpointPrefix):]
-	}
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/errors.go b/vendor/github.com/aws/aws-sdk-go/service/s3/errors.go
deleted file mode 100644
index cd6a2e8ae..000000000
--- a/vendor/github.com/aws/aws-sdk-go/service/s3/errors.go
+++ /dev/null
@@ -1,60 +0,0 @@
-// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
-
-package s3
-
-const (
-
-	// ErrCodeBucketAlreadyExists for service response error code
-	// "BucketAlreadyExists".
-	//
-	// The requested bucket name is not available. The bucket namespace is shared
-	// by all users of the system. Select a different name and try again.
-	ErrCodeBucketAlreadyExists = "BucketAlreadyExists"
-
-	// ErrCodeBucketAlreadyOwnedByYou for service response error code
-	// "BucketAlreadyOwnedByYou".
-	//
-	// The bucket you tried to create already exists, and you own it. Amazon S3
-	// returns this error in all Amazon Web Services Regions except in the North
-	// Virginia Region. For legacy compatibility, if you re-create an existing bucket
-	// that you already own in the North Virginia Region, Amazon S3 returns 200
-	// OK and resets the bucket access control lists (ACLs).
-	ErrCodeBucketAlreadyOwnedByYou = "BucketAlreadyOwnedByYou"
-
-	// ErrCodeInvalidObjectState for service response error code
-	// "InvalidObjectState".
-	//
-	// Object is archived and inaccessible until restored.
-	ErrCodeInvalidObjectState = "InvalidObjectState"
-
-	// ErrCodeNoSuchBucket for service response error code
-	// "NoSuchBucket".
-	//
-	// The specified bucket does not exist.
-	ErrCodeNoSuchBucket = "NoSuchBucket"
-
-	// ErrCodeNoSuchKey for service response error code
-	// "NoSuchKey".
-	//
-	// The specified key does not exist.
-	ErrCodeNoSuchKey = "NoSuchKey"
-
-	// ErrCodeNoSuchUpload for service response error code
-	// "NoSuchUpload".
-	//
-	// The specified multipart upload does not exist.
-	ErrCodeNoSuchUpload = "NoSuchUpload"
-
-	// ErrCodeObjectAlreadyInActiveTierError for service response error code
-	// "ObjectAlreadyInActiveTierError".
-	//
-	// This action is not allowed against this storage tier.
-	ErrCodeObjectAlreadyInActiveTierError = "ObjectAlreadyInActiveTierError"
-
-	// ErrCodeObjectNotInActiveTierError for service response error code
-	// "ObjectNotInActiveTierError".
-	//
-	// The source object of the COPY action is not in the active tier and is only
-	// stored in Amazon S3 Glacier.
-	ErrCodeObjectNotInActiveTierError = "ObjectNotInActiveTierError"
-)
diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/host_style_bucket.go b/vendor/github.com/aws/aws-sdk-go/service/s3/host_style_bucket.go
deleted file mode 100644
index 81cdec1ae..000000000
--- a/vendor/github.com/aws/aws-sdk-go/service/s3/host_style_bucket.go
+++ /dev/null
@@ -1,136 +0,0 @@
-package s3
-
-import (
-	"fmt"
-	"net/url"
-	"regexp"
-	"strings"
-
-	"github.com/aws/aws-sdk-go/aws"
-	"github.com/aws/aws-sdk-go/aws/awserr"
-	"github.com/aws/aws-sdk-go/aws/request"
-)
-
-// an operationBlacklist is a list of operation names that should a
-// request handler should not be executed with.
-type operationBlacklist []string
-
-// Continue will return true of the Request's operation name is not
-// in the blacklist. False otherwise.
-func (b operationBlacklist) Continue(r *request.Request) bool {
-	for i := 0; i < len(b); i++ {
-		if b[i] == r.Operation.Name {
-			return false
-		}
-	}
-	return true
-}
-
-var accelerateOpBlacklist = operationBlacklist{
-	opListBuckets, opCreateBucket, opDeleteBucket,
-}
-
-// Automatically add the bucket name to the endpoint domain
-// if possible. This style of bucket is valid for all bucket names which are
-// DNS compatible and do not contain "."
-func updateEndpointForS3Config(r *request.Request, bucketName string) {
-	forceHostStyle := aws.BoolValue(r.Config.S3ForcePathStyle)
-	accelerate := aws.BoolValue(r.Config.S3UseAccelerate)
-
-	if accelerate && accelerateOpBlacklist.Continue(r) {
-		if forceHostStyle {
-			if r.Config.Logger != nil {
-				r.Config.Logger.Log("ERROR: aws.Config.S3UseAccelerate is not compatible with aws.Config.S3ForcePathStyle, ignoring S3ForcePathStyle.")
-			}
-		}
-		updateEndpointForAccelerate(r, bucketName)
-	} else if !forceHostStyle && r.Operation.Name != opGetBucketLocation {
-		updateEndpointForHostStyle(r, bucketName)
-	}
-}
-
-func updateEndpointForHostStyle(r *request.Request, bucketName string) {
-	if !hostCompatibleBucketName(r.HTTPRequest.URL, bucketName) {
-		// bucket name must be valid to put into the host
-		return
-	}
-
-	moveBucketToHost(r.HTTPRequest.URL, bucketName)
-}
-
-var (
-	accelElem = []byte("s3-accelerate.dualstack.")
-)
-
-func updateEndpointForAccelerate(r *request.Request, bucketName string) {
-	if !hostCompatibleBucketName(r.HTTPRequest.URL, bucketName) {
-		r.Error = awserr.New("InvalidParameterException",
-			fmt.Sprintf("bucket name %s is not compatible with S3 Accelerate", bucketName),
-			nil)
-		return
-	}
-
-	parts := strings.Split(r.HTTPRequest.URL.Host, ".")
-	if len(parts) < 3 {
-		r.Error = awserr.New("InvalidParameterExecption",
-			fmt.Sprintf("unable to update endpoint host for S3 accelerate, hostname invalid, %s",
-				r.HTTPRequest.URL.Host), nil)
-		return
-	}
-
-	if parts[0] == "s3" || strings.HasPrefix(parts[0], "s3-") {
-		parts[0] = "s3-accelerate"
-	}
-	for i := 1; i+1 < len(parts); i++ {
-		if parts[i] == aws.StringValue(r.Config.Region) {
-			parts = append(parts[:i], parts[i+1:]...)
-			break
-		}
-	}
-
-	r.HTTPRequest.URL.Host = strings.Join(parts, ".")
-
-	moveBucketToHost(r.HTTPRequest.URL, bucketName)
-}
-
-// Attempts to retrieve the bucket name from the request input parameters.
-// If no bucket is found, or the field is empty "", false will be returned.
-func bucketNameFromReqParams(params interface{}) (string, bool) {
-	if iface, ok := params.(bucketGetter); ok {
-		b := iface.getBucket()
-		return b, len(b) > 0
-	}
-
-	return "", false
-}
-
-// hostCompatibleBucketName returns true if the request should
-// put the bucket in the host. This is false if S3ForcePathStyle is
-// explicitly set or if the bucket is not DNS compatible.
-func hostCompatibleBucketName(u *url.URL, bucket string) bool {
-	// Bucket might be DNS compatible but dots in the hostname will fail
-	// certificate validation, so do not use host-style.
-	if u.Scheme == "https" && strings.Contains(bucket, ".") {
-		return false
-	}
-
-	// if the bucket is DNS compatible
-	return dnsCompatibleBucketName(bucket)
-}
-
-var reDomain = regexp.MustCompile(`^[a-z0-9][a-z0-9\.\-]{1,61}[a-z0-9]$`)
-var reIPAddress = regexp.MustCompile(`^(\d+\.){3}\d+$`)
-
-// dnsCompatibleBucketName returns true if the bucket name is DNS compatible.
-// Buckets created outside of the classic region MUST be DNS compatible.
-func dnsCompatibleBucketName(bucket string) bool {
-	return reDomain.MatchString(bucket) &&
-		!reIPAddress.MatchString(bucket) &&
-		!strings.Contains(bucket, "..")
-}
-
-// moveBucketToHost moves the bucket name from the URI path to URL host.
-func moveBucketToHost(u *url.URL, bucket string) {
-	u.Host = bucket + "." + u.Host
-	removeBucketFromPath(u)
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/platform_handlers.go b/vendor/github.com/aws/aws-sdk-go/service/s3/platform_handlers.go
deleted file mode 100644
index 308b7d473..000000000
--- a/vendor/github.com/aws/aws-sdk-go/service/s3/platform_handlers.go
+++ /dev/null
@@ -1,9 +0,0 @@
-//go:build !go1.6
-// +build !go1.6
-
-package s3
-
-import "github.com/aws/aws-sdk-go/aws/request"
-
-func platformRequestHandlers(r *request.Request) {
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/platform_handlers_go1.6.go b/vendor/github.com/aws/aws-sdk-go/service/s3/platform_handlers_go1.6.go
deleted file mode 100644
index 70feffab7..000000000
--- a/vendor/github.com/aws/aws-sdk-go/service/s3/platform_handlers_go1.6.go
+++ /dev/null
@@ -1,29 +0,0 @@
-//go:build go1.6
-// +build go1.6
-
-package s3
-
-import (
-	"github.com/aws/aws-sdk-go/aws"
-	"github.com/aws/aws-sdk-go/aws/request"
-)
-
-func platformRequestHandlers(r *request.Request) {
-	if r.Operation.HTTPMethod == "PUT" {
-		// 100-Continue should only be used on put requests.
-		r.Handlers.Sign.PushBack(add100Continue)
-	}
-}
-
-func add100Continue(r *request.Request) {
-	if aws.BoolValue(r.Config.S3Disable100Continue) {
-		return
-	}
-	if r.HTTPRequest.ContentLength < 1024*1024*2 {
-		// Ignore requests smaller than 2MB. This helps prevent delaying
-		// requests unnecessarily.
-		return
-	}
-
-	r.HTTPRequest.Header.Set("Expect", "100-continue")
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/service.go b/vendor/github.com/aws/aws-sdk-go/service/s3/service.go
deleted file mode 100644
index 3e75d0e94..000000000
--- a/vendor/github.com/aws/aws-sdk-go/service/s3/service.go
+++ /dev/null
@@ -1,108 +0,0 @@
-// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
-
-package s3
-
-import (
-	"github.com/aws/aws-sdk-go/aws"
-	"github.com/aws/aws-sdk-go/aws/client"
-	"github.com/aws/aws-sdk-go/aws/client/metadata"
-	"github.com/aws/aws-sdk-go/aws/request"
-	"github.com/aws/aws-sdk-go/aws/signer/v4"
-	"github.com/aws/aws-sdk-go/private/protocol/restxml"
-)
-
-// S3 provides the API operation methods for making requests to
-// Amazon Simple Storage Service. See this package's package overview docs
-// for details on the service.
-//
-// S3 methods are safe to use concurrently. It is not safe to
-// modify mutate any of the struct's properties though.
-type S3 struct {
-	*client.Client
-}
-
-// Used for custom client initialization logic
-var initClient func(*client.Client)
-
-// Used for custom request initialization logic
-var initRequest func(*request.Request)
-
-// Service information constants
-const (
-	ServiceName = "s3"        // Name of service.
-	EndpointsID = ServiceName // ID to lookup a service endpoint with.
-	ServiceID   = "S3"        // ServiceID is a unique identifier of a specific service.
-)
-
-// New creates a new instance of the S3 client with a session.
-// If additional configuration is needed for the client instance use the optional
-// aws.Config parameter to add your extra config.
-//
-// Example:
-//
-//	mySession := session.Must(session.NewSession())
-//
-//	// Create a S3 client from just a session.
-//	svc := s3.New(mySession)
-//
-//	// Create a S3 client with additional configuration
-//	svc := s3.New(mySession, aws.NewConfig().WithRegion("us-west-2"))
-func New(p client.ConfigProvider, cfgs ...*aws.Config) *S3 {
-	c := p.ClientConfig(EndpointsID, cfgs...)
-	if c.SigningNameDerived || len(c.SigningName) == 0 {
-		c.SigningName = "s3"
-	}
-	return newClient(*c.Config, c.Handlers, c.PartitionID, c.Endpoint, c.SigningRegion, c.SigningName, c.ResolvedRegion)
-}
-
-// newClient creates, initializes and returns a new service client instance.
-func newClient(cfg aws.Config, handlers request.Handlers, partitionID, endpoint, signingRegion, signingName, resolvedRegion string) *S3 {
-	svc := &S3{
-		Client: client.New(
-			cfg,
-			metadata.ClientInfo{
-				ServiceName:    ServiceName,
-				ServiceID:      ServiceID,
-				SigningName:    signingName,
-				SigningRegion:  signingRegion,
-				PartitionID:    partitionID,
-				Endpoint:       endpoint,
-				APIVersion:     "2006-03-01",
-				ResolvedRegion: resolvedRegion,
-			},
-			handlers,
-		),
-	}
-
-	// Handlers
-	svc.Handlers.Sign.PushBackNamed(v4.BuildNamedHandler(v4.SignRequestHandler.Name, func(s *v4.Signer) {
-		s.DisableURIPathEscaping = true
-	}))
-	svc.Handlers.Build.PushBackNamed(restxml.BuildHandler)
-	svc.Handlers.Unmarshal.PushBackNamed(restxml.UnmarshalHandler)
-	svc.Handlers.UnmarshalMeta.PushBackNamed(restxml.UnmarshalMetaHandler)
-	svc.Handlers.UnmarshalError.PushBackNamed(restxml.UnmarshalErrorHandler)
-
-	svc.Handlers.BuildStream.PushBackNamed(restxml.BuildHandler)
-	svc.Handlers.UnmarshalStream.PushBackNamed(restxml.UnmarshalHandler)
-
-	// Run custom client initialization if present
-	if initClient != nil {
-		initClient(svc.Client)
-	}
-
-	return svc
-}
-
-// newRequest creates a new request for a S3 operation and runs any
-// custom request initialization.
-func (c *S3) newRequest(op *request.Operation, params, data interface{}) *request.Request {
-	req := c.NewRequest(op, params, data)
-
-	// Run custom request initialization if present
-	if initRequest != nil {
-		initRequest(req)
-	}
-
-	return req
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/sse.go b/vendor/github.com/aws/aws-sdk-go/service/s3/sse.go
deleted file mode 100644
index 57a0bd92c..000000000
--- a/vendor/github.com/aws/aws-sdk-go/service/s3/sse.go
+++ /dev/null
@@ -1,84 +0,0 @@
-package s3
-
-import (
-	"crypto/md5"
-	"encoding/base64"
-	"net/http"
-
-	"github.com/aws/aws-sdk-go/aws/awserr"
-	"github.com/aws/aws-sdk-go/aws/request"
-)
-
-var errSSERequiresSSL = awserr.New("ConfigError", "cannot send SSE keys over HTTP.", nil)
-
-func validateSSERequiresSSL(r *request.Request) {
-	if r.HTTPRequest.URL.Scheme == "https" {
-		return
-	}
-
-	if iface, ok := r.Params.(sseCustomerKeyGetter); ok {
-		if len(iface.getSSECustomerKey()) > 0 {
-			r.Error = errSSERequiresSSL
-			return
-		}
-	}
-
-	if iface, ok := r.Params.(copySourceSSECustomerKeyGetter); ok {
-		if len(iface.getCopySourceSSECustomerKey()) > 0 {
-			r.Error = errSSERequiresSSL
-			return
-		}
-	}
-}
-
-const (
-	sseKeyHeader    = "x-amz-server-side-encryption-customer-key"
-	sseKeyMD5Header = sseKeyHeader + "-md5"
-)
-
-func computeSSEKeyMD5(r *request.Request) {
-	var key string
-	if g, ok := r.Params.(sseCustomerKeyGetter); ok {
-		key = g.getSSECustomerKey()
-	}
-
-	computeKeyMD5(sseKeyHeader, sseKeyMD5Header, key, r.HTTPRequest)
-}
-
-const (
-	copySrcSSEKeyHeader    = "x-amz-copy-source-server-side-encryption-customer-key"
-	copySrcSSEKeyMD5Header = copySrcSSEKeyHeader + "-md5"
-)
-
-func computeCopySourceSSEKeyMD5(r *request.Request) {
-	var key string
-	if g, ok := r.Params.(copySourceSSECustomerKeyGetter); ok {
-		key = g.getCopySourceSSECustomerKey()
-	}
-
-	computeKeyMD5(copySrcSSEKeyHeader, copySrcSSEKeyMD5Header, key, r.HTTPRequest)
-}
-
-func computeKeyMD5(keyHeader, keyMD5Header, key string, r *http.Request) {
-	if len(key) == 0 {
-		// Backwards compatiablity where user just set the header value instead
-		// of using the API parameter, or setting the header value for an
-		// operation without the parameters modeled.
-		key = r.Header.Get(keyHeader)
-		if len(key) == 0 {
-			return
-		}
-
-		// In backwards compatible, the header's value is not base64 encoded,
-		// and needs to be encoded and updated by the SDK's customizations.
-		b64Key := base64.StdEncoding.EncodeToString([]byte(key))
-		r.Header.Set(keyHeader, b64Key)
-	}
-
-	// Only update Key's MD5 if not already set.
-	if len(r.Header.Get(keyMD5Header)) == 0 {
-		sum := md5.Sum([]byte(key))
-		keyMD5 := base64.StdEncoding.EncodeToString(sum[:])
-		r.Header.Set(keyMD5Header, keyMD5)
-	}
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/statusok_error.go b/vendor/github.com/aws/aws-sdk-go/service/s3/statusok_error.go
deleted file mode 100644
index 096adc091..000000000
--- a/vendor/github.com/aws/aws-sdk-go/service/s3/statusok_error.go
+++ /dev/null
@@ -1,47 +0,0 @@
-package s3
-
-import (
-	"bytes"
-	"io"
-	"io/ioutil"
-	"net/http"
-
-	"github.com/aws/aws-sdk-go/aws/awserr"
-	"github.com/aws/aws-sdk-go/aws/request"
-	"github.com/aws/aws-sdk-go/internal/sdkio"
-)
-
-func copyMultipartStatusOKUnmarshalError(r *request.Request) {
-	b, err := ioutil.ReadAll(r.HTTPResponse.Body)
-	r.HTTPResponse.Body.Close()
-	if err != nil {
-		r.Error = awserr.NewRequestFailure(
-			awserr.New(request.ErrCodeSerialization, "unable to read response body", err),
-			r.HTTPResponse.StatusCode,
-			r.RequestID,
-		)
-		// Note, some middleware later in the stack like restxml.Unmarshal expect a valid, non-closed Body
-		// even in case of an error, so we replace it with an empty Reader.
-		r.HTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(nil))
-		return
-	}
-
-	body := bytes.NewReader(b)
-	r.HTTPResponse.Body = ioutil.NopCloser(body)
-	defer body.Seek(0, sdkio.SeekStart)
-
-	unmarshalError(r)
-	if err, ok := r.Error.(awserr.Error); ok && err != nil {
-		if err.Code() == request.ErrCodeSerialization &&
-			err.OrigErr() != io.EOF {
-			r.Error = nil
-			return
-		}
-		// if empty payload
-		if err.OrigErr() == io.EOF {
-			r.HTTPResponse.StatusCode = http.StatusInternalServerError
-		} else {
-			r.HTTPResponse.StatusCode = http.StatusServiceUnavailable
-		}
-	}
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/unmarshal_error.go b/vendor/github.com/aws/aws-sdk-go/service/s3/unmarshal_error.go
deleted file mode 100644
index 6eecf6691..000000000
--- a/vendor/github.com/aws/aws-sdk-go/service/s3/unmarshal_error.go
+++ /dev/null
@@ -1,114 +0,0 @@
-package s3
-
-import (
-	"bytes"
-	"encoding/xml"
-	"fmt"
-	"io"
-	"io/ioutil"
-	"net/http"
-	"strings"
-
-	"github.com/aws/aws-sdk-go/aws"
-	"github.com/aws/aws-sdk-go/aws/awserr"
-	"github.com/aws/aws-sdk-go/aws/request"
-	"github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil"
-)
-
-type xmlErrorResponse struct {
-	XMLName xml.Name `xml:"Error"`
-	Code    string   `xml:"Code"`
-	Message string   `xml:"Message"`
-}
-
-func unmarshalError(r *request.Request) {
-	defer r.HTTPResponse.Body.Close()
-	defer io.Copy(ioutil.Discard, r.HTTPResponse.Body)
-
-	// Bucket exists in a different region, and request needs
-	// to be made to the correct region.
-	if r.HTTPResponse.StatusCode == http.StatusMovedPermanently {
-		msg := fmt.Sprintf(
-			"incorrect region, the bucket is not in '%s' region at endpoint '%s'",
-			aws.StringValue(r.Config.Region),
-			aws.StringValue(r.Config.Endpoint),
-		)
-		if v := r.HTTPResponse.Header.Get("x-amz-bucket-region"); len(v) != 0 {
-			msg += fmt.Sprintf(", bucket is in '%s' region", v)
-		}
-		r.Error = awserr.NewRequestFailure(
-			awserr.New("BucketRegionError", msg, nil),
-			r.HTTPResponse.StatusCode,
-			r.RequestID,
-		)
-		return
-	}
-
-	// Attempt to parse error from body if it is known
-	var errResp xmlErrorResponse
-	var err error
-	if r.HTTPResponse.StatusCode >= 200 && r.HTTPResponse.StatusCode < 300 {
-		err = s3unmarshalXMLError(&errResp, r.HTTPResponse.Body)
-	} else {
-		err = xmlutil.UnmarshalXMLError(&errResp, r.HTTPResponse.Body)
-	}
-
-	if err != nil {
-		var errorMsg string
-		if err == io.EOF {
-			errorMsg = "empty response payload"
-		} else {
-			errorMsg = "failed to unmarshal error message"
-		}
-
-		r.Error = awserr.NewRequestFailure(
-			awserr.New(request.ErrCodeSerialization,
-				errorMsg, err),
-			r.HTTPResponse.StatusCode,
-			r.RequestID,
-		)
-		return
-	}
-
-	// Fallback to status code converted to message if still no error code
-	if len(errResp.Code) == 0 {
-		statusText := http.StatusText(r.HTTPResponse.StatusCode)
-		errResp.Code = strings.Replace(statusText, " ", "", -1)
-		errResp.Message = statusText
-	}
-
-	r.Error = awserr.NewRequestFailure(
-		awserr.New(errResp.Code, errResp.Message, err),
-		r.HTTPResponse.StatusCode,
-		r.RequestID,
-	)
-}
-
-// A RequestFailure provides access to the S3 Request ID and Host ID values
-// returned from API operation errors. Getting the error as a string will
-// return the formated error with the same information as awserr.RequestFailure,
-// while also adding the HostID value from the response.
-type RequestFailure interface {
-	awserr.RequestFailure
-
-	// Host ID is the S3 Host ID needed for debug, and contacting support
-	HostID() string
-}
-
-// s3unmarshalXMLError is s3 specific xml error unmarshaler
-// for 200 OK errors and response payloads.
-// This function differs from the xmlUtil.UnmarshalXMLError
-// func. It does not ignore the EOF error and passes it up.
-// Related to bug fix for `s3 200 OK response with empty payload`
-func s3unmarshalXMLError(v interface{}, stream io.Reader) error {
-	var errBuf bytes.Buffer
-	body := io.TeeReader(stream, &errBuf)
-
-	err := xml.NewDecoder(body).Decode(v)
-	if err != nil && err != io.EOF {
-		return awserr.NewUnmarshalError(err,
-			"failed to unmarshal error message", errBuf.Bytes())
-	}
-
-	return err
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/waiters.go b/vendor/github.com/aws/aws-sdk-go/service/s3/waiters.go
deleted file mode 100644
index 2596c694b..000000000
--- a/vendor/github.com/aws/aws-sdk-go/service/s3/waiters.go
+++ /dev/null
@@ -1,214 +0,0 @@
-// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
-
-package s3
-
-import (
-	"time"
-
-	"github.com/aws/aws-sdk-go/aws"
-	"github.com/aws/aws-sdk-go/aws/request"
-)
-
-// WaitUntilBucketExists uses the Amazon S3 API operation
-// HeadBucket to wait for a condition to be met before returning.
-// If the condition is not met within the max attempt window, an error will
-// be returned.
-func (c *S3) WaitUntilBucketExists(input *HeadBucketInput) error {
-	return c.WaitUntilBucketExistsWithContext(aws.BackgroundContext(), input)
-}
-
-// WaitUntilBucketExistsWithContext is an extended version of WaitUntilBucketExists.
-// With the support for passing in a context and options to configure the
-// Waiter and the underlying request options.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-func (c *S3) WaitUntilBucketExistsWithContext(ctx aws.Context, input *HeadBucketInput, opts ...request.WaiterOption) error {
-	w := request.Waiter{
-		Name:        "WaitUntilBucketExists",
-		MaxAttempts: 20,
-		Delay:       request.ConstantWaiterDelay(5 * time.Second),
-		Acceptors: []request.WaiterAcceptor{
-			{
-				State:    request.SuccessWaiterState,
-				Matcher:  request.StatusWaiterMatch,
-				Expected: 200,
-			},
-			{
-				State:    request.SuccessWaiterState,
-				Matcher:  request.StatusWaiterMatch,
-				Expected: 301,
-			},
-			{
-				State:    request.SuccessWaiterState,
-				Matcher:  request.StatusWaiterMatch,
-				Expected: 403,
-			},
-			{
-				State:    request.RetryWaiterState,
-				Matcher:  request.StatusWaiterMatch,
-				Expected: 404,
-			},
-		},
-		Logger: c.Config.Logger,
-		NewRequest: func(opts []request.Option) (*request.Request, error) {
-			var inCpy *HeadBucketInput
-			if input != nil {
-				tmp := *input
-				inCpy = &tmp
-			}
-			req, _ := c.HeadBucketRequest(inCpy)
-			req.SetContext(ctx)
-			req.ApplyOptions(opts...)
-			return req, nil
-		},
-	}
-	w.ApplyOptions(opts...)
-
-	return w.WaitWithContext(ctx)
-}
-
-// WaitUntilBucketNotExists uses the Amazon S3 API operation
-// HeadBucket to wait for a condition to be met before returning.
-// If the condition is not met within the max attempt window, an error will
-// be returned.
-func (c *S3) WaitUntilBucketNotExists(input *HeadBucketInput) error {
-	return c.WaitUntilBucketNotExistsWithContext(aws.BackgroundContext(), input)
-}
-
-// WaitUntilBucketNotExistsWithContext is an extended version of WaitUntilBucketNotExists.
-// With the support for passing in a context and options to configure the
-// Waiter and the underlying request options.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-func (c *S3) WaitUntilBucketNotExistsWithContext(ctx aws.Context, input *HeadBucketInput, opts ...request.WaiterOption) error {
-	w := request.Waiter{
-		Name:        "WaitUntilBucketNotExists",
-		MaxAttempts: 20,
-		Delay:       request.ConstantWaiterDelay(5 * time.Second),
-		Acceptors: []request.WaiterAcceptor{
-			{
-				State:    request.SuccessWaiterState,
-				Matcher:  request.StatusWaiterMatch,
-				Expected: 404,
-			},
-		},
-		Logger: c.Config.Logger,
-		NewRequest: func(opts []request.Option) (*request.Request, error) {
-			var inCpy *HeadBucketInput
-			if input != nil {
-				tmp := *input
-				inCpy = &tmp
-			}
-			req, _ := c.HeadBucketRequest(inCpy)
-			req.SetContext(ctx)
-			req.ApplyOptions(opts...)
-			return req, nil
-		},
-	}
-	w.ApplyOptions(opts...)
-
-	return w.WaitWithContext(ctx)
-}
-
-// WaitUntilObjectExists uses the Amazon S3 API operation
-// HeadObject to wait for a condition to be met before returning.
-// If the condition is not met within the max attempt window, an error will
-// be returned.
-func (c *S3) WaitUntilObjectExists(input *HeadObjectInput) error {
-	return c.WaitUntilObjectExistsWithContext(aws.BackgroundContext(), input)
-}
-
-// WaitUntilObjectExistsWithContext is an extended version of WaitUntilObjectExists.
-// With the support for passing in a context and options to configure the
-// Waiter and the underlying request options.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-func (c *S3) WaitUntilObjectExistsWithContext(ctx aws.Context, input *HeadObjectInput, opts ...request.WaiterOption) error {
-	w := request.Waiter{
-		Name:        "WaitUntilObjectExists",
-		MaxAttempts: 20,
-		Delay:       request.ConstantWaiterDelay(5 * time.Second),
-		Acceptors: []request.WaiterAcceptor{
-			{
-				State:    request.SuccessWaiterState,
-				Matcher:  request.StatusWaiterMatch,
-				Expected: 200,
-			},
-			{
-				State:    request.RetryWaiterState,
-				Matcher:  request.StatusWaiterMatch,
-				Expected: 404,
-			},
-		},
-		Logger: c.Config.Logger,
-		NewRequest: func(opts []request.Option) (*request.Request, error) {
-			var inCpy *HeadObjectInput
-			if input != nil {
-				tmp := *input
-				inCpy = &tmp
-			}
-			req, _ := c.HeadObjectRequest(inCpy)
-			req.SetContext(ctx)
-			req.ApplyOptions(opts...)
-			return req, nil
-		},
-	}
-	w.ApplyOptions(opts...)
-
-	return w.WaitWithContext(ctx)
-}
-
-// WaitUntilObjectNotExists uses the Amazon S3 API operation
-// HeadObject to wait for a condition to be met before returning.
-// If the condition is not met within the max attempt window, an error will
-// be returned.
-func (c *S3) WaitUntilObjectNotExists(input *HeadObjectInput) error {
-	return c.WaitUntilObjectNotExistsWithContext(aws.BackgroundContext(), input)
-}
-
-// WaitUntilObjectNotExistsWithContext is an extended version of WaitUntilObjectNotExists.
-// With the support for passing in a context and options to configure the
-// Waiter and the underlying request options.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-func (c *S3) WaitUntilObjectNotExistsWithContext(ctx aws.Context, input *HeadObjectInput, opts ...request.WaiterOption) error {
-	w := request.Waiter{
-		Name:        "WaitUntilObjectNotExists",
-		MaxAttempts: 20,
-		Delay:       request.ConstantWaiterDelay(5 * time.Second),
-		Acceptors: []request.WaiterAcceptor{
-			{
-				State:    request.SuccessWaiterState,
-				Matcher:  request.StatusWaiterMatch,
-				Expected: 404,
-			},
-		},
-		Logger: c.Config.Logger,
-		NewRequest: func(opts []request.Option) (*request.Request, error) {
-			var inCpy *HeadObjectInput
-			if input != nil {
-				tmp := *input
-				inCpy = &tmp
-			}
-			req, _ := c.HeadObjectRequest(inCpy)
-			req.SetContext(ctx)
-			req.ApplyOptions(opts...)
-			return req, nil
-		},
-	}
-	w.ApplyOptions(opts...)
-
-	return w.WaitWithContext(ctx)
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/service/sso/api.go b/vendor/github.com/aws/aws-sdk-go/service/sso/api.go
deleted file mode 100644
index b8f590f71..000000000
--- a/vendor/github.com/aws/aws-sdk-go/service/sso/api.go
+++ /dev/null
@@ -1,1367 +0,0 @@
-// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
-
-package sso
-
-import (
-	"fmt"
-
-	"github.com/aws/aws-sdk-go/aws"
-	"github.com/aws/aws-sdk-go/aws/awsutil"
-	"github.com/aws/aws-sdk-go/aws/credentials"
-	"github.com/aws/aws-sdk-go/aws/request"
-	"github.com/aws/aws-sdk-go/private/protocol"
-	"github.com/aws/aws-sdk-go/private/protocol/restjson"
-)
-
-const opGetRoleCredentials = "GetRoleCredentials"
-
-// GetRoleCredentialsRequest generates a "aws/request.Request" representing the
-// client's request for the GetRoleCredentials operation. The "output" return
-// value will be populated with the request's response once the request completes
-// successfully.
-//
-// Use "Send" method on the returned Request to send the API call to the service.
-// the "output" return value is not valid until after Send returns without error.
-//
-// See GetRoleCredentials for more information on using the GetRoleCredentials
-// API call, and error handling.
-//
-// This method is useful when you want to inject custom logic or configuration
-// into the SDK's request lifecycle. Such as custom headers, or retry logic.
-//
-//	// Example sending a request using the GetRoleCredentialsRequest method.
-//	req, resp := client.GetRoleCredentialsRequest(params)
-//
-//	err := req.Send()
-//	if err == nil { // resp is now filled
-//	    fmt.Println(resp)
-//	}
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/sso-2019-06-10/GetRoleCredentials
-func (c *SSO) GetRoleCredentialsRequest(input *GetRoleCredentialsInput) (req *request.Request, output *GetRoleCredentialsOutput) {
-	op := &request.Operation{
-		Name:       opGetRoleCredentials,
-		HTTPMethod: "GET",
-		HTTPPath:   "/federation/credentials",
-	}
-
-	if input == nil {
-		input = &GetRoleCredentialsInput{}
-	}
-
-	output = &GetRoleCredentialsOutput{}
-	req = c.newRequest(op, input, output)
-	req.Config.Credentials = credentials.AnonymousCredentials
-	return
-}
-
-// GetRoleCredentials API operation for AWS Single Sign-On.
-//
-// Returns the STS short-term credentials for a given role name that is assigned
-// to the user.
-//
-// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
-// with awserr.Error's Code and Message methods to get detailed information about
-// the error.
-//
-// See the AWS API reference guide for AWS Single Sign-On's
-// API operation GetRoleCredentials for usage and error information.
-//
-// Returned Error Types:
-//
-//   - InvalidRequestException
-//     Indicates that a problem occurred with the input to the request. For example,
-//     a required parameter might be missing or out of range.
-//
-//   - UnauthorizedException
-//     Indicates that the request is not authorized. This can happen due to an invalid
-//     access token in the request.
-//
-//   - TooManyRequestsException
-//     Indicates that the request is being made too frequently and is more than
-//     what the server can handle.
-//
-//   - ResourceNotFoundException
-//     The specified resource doesn't exist.
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/sso-2019-06-10/GetRoleCredentials
-func (c *SSO) GetRoleCredentials(input *GetRoleCredentialsInput) (*GetRoleCredentialsOutput, error) {
-	req, out := c.GetRoleCredentialsRequest(input)
-	return out, req.Send()
-}
-
-// GetRoleCredentialsWithContext is the same as GetRoleCredentials with the addition of
-// the ability to pass a context and additional request options.
-//
-// See GetRoleCredentials for details on how to use this API operation.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-func (c *SSO) GetRoleCredentialsWithContext(ctx aws.Context, input *GetRoleCredentialsInput, opts ...request.Option) (*GetRoleCredentialsOutput, error) {
-	req, out := c.GetRoleCredentialsRequest(input)
-	req.SetContext(ctx)
-	req.ApplyOptions(opts...)
-	return out, req.Send()
-}
-
-const opListAccountRoles = "ListAccountRoles"
-
-// ListAccountRolesRequest generates a "aws/request.Request" representing the
-// client's request for the ListAccountRoles operation. The "output" return
-// value will be populated with the request's response once the request completes
-// successfully.
-//
-// Use "Send" method on the returned Request to send the API call to the service.
-// the "output" return value is not valid until after Send returns without error.
-//
-// See ListAccountRoles for more information on using the ListAccountRoles
-// API call, and error handling.
-//
-// This method is useful when you want to inject custom logic or configuration
-// into the SDK's request lifecycle. Such as custom headers, or retry logic.
-//
-//	// Example sending a request using the ListAccountRolesRequest method.
-//	req, resp := client.ListAccountRolesRequest(params)
-//
-//	err := req.Send()
-//	if err == nil { // resp is now filled
-//	    fmt.Println(resp)
-//	}
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/sso-2019-06-10/ListAccountRoles
-func (c *SSO) ListAccountRolesRequest(input *ListAccountRolesInput) (req *request.Request, output *ListAccountRolesOutput) {
-	op := &request.Operation{
-		Name:       opListAccountRoles,
-		HTTPMethod: "GET",
-		HTTPPath:   "/assignment/roles",
-		Paginator: &request.Paginator{
-			InputTokens:     []string{"nextToken"},
-			OutputTokens:    []string{"nextToken"},
-			LimitToken:      "maxResults",
-			TruncationToken: "",
-		},
-	}
-
-	if input == nil {
-		input = &ListAccountRolesInput{}
-	}
-
-	output = &ListAccountRolesOutput{}
-	req = c.newRequest(op, input, output)
-	req.Config.Credentials = credentials.AnonymousCredentials
-	return
-}
-
-// ListAccountRoles API operation for AWS Single Sign-On.
-//
-// Lists all roles that are assigned to the user for a given AWS account.
-//
-// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
-// with awserr.Error's Code and Message methods to get detailed information about
-// the error.
-//
-// See the AWS API reference guide for AWS Single Sign-On's
-// API operation ListAccountRoles for usage and error information.
-//
-// Returned Error Types:
-//
-//   - InvalidRequestException
-//     Indicates that a problem occurred with the input to the request. For example,
-//     a required parameter might be missing or out of range.
-//
-//   - UnauthorizedException
-//     Indicates that the request is not authorized. This can happen due to an invalid
-//     access token in the request.
-//
-//   - TooManyRequestsException
-//     Indicates that the request is being made too frequently and is more than
-//     what the server can handle.
-//
-//   - ResourceNotFoundException
-//     The specified resource doesn't exist.
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/sso-2019-06-10/ListAccountRoles
-func (c *SSO) ListAccountRoles(input *ListAccountRolesInput) (*ListAccountRolesOutput, error) {
-	req, out := c.ListAccountRolesRequest(input)
-	return out, req.Send()
-}
-
-// ListAccountRolesWithContext is the same as ListAccountRoles with the addition of
-// the ability to pass a context and additional request options.
-//
-// See ListAccountRoles for details on how to use this API operation.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-func (c *SSO) ListAccountRolesWithContext(ctx aws.Context, input *ListAccountRolesInput, opts ...request.Option) (*ListAccountRolesOutput, error) {
-	req, out := c.ListAccountRolesRequest(input)
-	req.SetContext(ctx)
-	req.ApplyOptions(opts...)
-	return out, req.Send()
-}
-
-// ListAccountRolesPages iterates over the pages of a ListAccountRoles operation,
-// calling the "fn" function with the response data for each page. To stop
-// iterating, return false from the fn function.
-//
-// See ListAccountRoles method for more information on how to use this operation.
-//
-// Note: This operation can generate multiple requests to a service.
-//
-//	// Example iterating over at most 3 pages of a ListAccountRoles operation.
-//	pageNum := 0
-//	err := client.ListAccountRolesPages(params,
-//	    func(page *sso.ListAccountRolesOutput, lastPage bool) bool {
-//	        pageNum++
-//	        fmt.Println(page)
-//	        return pageNum <= 3
-//	    })
-func (c *SSO) ListAccountRolesPages(input *ListAccountRolesInput, fn func(*ListAccountRolesOutput, bool) bool) error {
-	return c.ListAccountRolesPagesWithContext(aws.BackgroundContext(), input, fn)
-}
-
-// ListAccountRolesPagesWithContext same as ListAccountRolesPages except
-// it takes a Context and allows setting request options on the pages.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-func (c *SSO) ListAccountRolesPagesWithContext(ctx aws.Context, input *ListAccountRolesInput, fn func(*ListAccountRolesOutput, bool) bool, opts ...request.Option) error {
-	p := request.Pagination{
-		NewRequest: func() (*request.Request, error) {
-			var inCpy *ListAccountRolesInput
-			if input != nil {
-				tmp := *input
-				inCpy = &tmp
-			}
-			req, _ := c.ListAccountRolesRequest(inCpy)
-			req.SetContext(ctx)
-			req.ApplyOptions(opts...)
-			return req, nil
-		},
-	}
-
-	for p.Next() {
-		if !fn(p.Page().(*ListAccountRolesOutput), !p.HasNextPage()) {
-			break
-		}
-	}
-
-	return p.Err()
-}
-
-const opListAccounts = "ListAccounts"
-
-// ListAccountsRequest generates a "aws/request.Request" representing the
-// client's request for the ListAccounts operation. The "output" return
-// value will be populated with the request's response once the request completes
-// successfully.
-//
-// Use "Send" method on the returned Request to send the API call to the service.
-// the "output" return value is not valid until after Send returns without error.
-//
-// See ListAccounts for more information on using the ListAccounts
-// API call, and error handling.
-//
-// This method is useful when you want to inject custom logic or configuration
-// into the SDK's request lifecycle. Such as custom headers, or retry logic.
-//
-//	// Example sending a request using the ListAccountsRequest method.
-//	req, resp := client.ListAccountsRequest(params)
-//
-//	err := req.Send()
-//	if err == nil { // resp is now filled
-//	    fmt.Println(resp)
-//	}
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/sso-2019-06-10/ListAccounts
-func (c *SSO) ListAccountsRequest(input *ListAccountsInput) (req *request.Request, output *ListAccountsOutput) {
-	op := &request.Operation{
-		Name:       opListAccounts,
-		HTTPMethod: "GET",
-		HTTPPath:   "/assignment/accounts",
-		Paginator: &request.Paginator{
-			InputTokens:     []string{"nextToken"},
-			OutputTokens:    []string{"nextToken"},
-			LimitToken:      "maxResults",
-			TruncationToken: "",
-		},
-	}
-
-	if input == nil {
-		input = &ListAccountsInput{}
-	}
-
-	output = &ListAccountsOutput{}
-	req = c.newRequest(op, input, output)
-	req.Config.Credentials = credentials.AnonymousCredentials
-	return
-}
-
-// ListAccounts API operation for AWS Single Sign-On.
-//
-// Lists all AWS accounts assigned to the user. These AWS accounts are assigned
-// by the administrator of the account. For more information, see Assign User
-// Access (https://docs.aws.amazon.com/singlesignon/latest/userguide/useraccess.html#assignusers)
-// in the IAM Identity Center User Guide. This operation returns a paginated
-// response.
-//
-// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
-// with awserr.Error's Code and Message methods to get detailed information about
-// the error.
-//
-// See the AWS API reference guide for AWS Single Sign-On's
-// API operation ListAccounts for usage and error information.
-//
-// Returned Error Types:
-//
-//   - InvalidRequestException
-//     Indicates that a problem occurred with the input to the request. For example,
-//     a required parameter might be missing or out of range.
-//
-//   - UnauthorizedException
-//     Indicates that the request is not authorized. This can happen due to an invalid
-//     access token in the request.
-//
-//   - TooManyRequestsException
-//     Indicates that the request is being made too frequently and is more than
-//     what the server can handle.
-//
-//   - ResourceNotFoundException
-//     The specified resource doesn't exist.
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/sso-2019-06-10/ListAccounts
-func (c *SSO) ListAccounts(input *ListAccountsInput) (*ListAccountsOutput, error) {
-	req, out := c.ListAccountsRequest(input)
-	return out, req.Send()
-}
-
-// ListAccountsWithContext is the same as ListAccounts with the addition of
-// the ability to pass a context and additional request options.
-//
-// See ListAccounts for details on how to use this API operation.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-func (c *SSO) ListAccountsWithContext(ctx aws.Context, input *ListAccountsInput, opts ...request.Option) (*ListAccountsOutput, error) {
-	req, out := c.ListAccountsRequest(input)
-	req.SetContext(ctx)
-	req.ApplyOptions(opts...)
-	return out, req.Send()
-}
-
-// ListAccountsPages iterates over the pages of a ListAccounts operation,
-// calling the "fn" function with the response data for each page. To stop
-// iterating, return false from the fn function.
-//
-// See ListAccounts method for more information on how to use this operation.
-//
-// Note: This operation can generate multiple requests to a service.
-//
-//	// Example iterating over at most 3 pages of a ListAccounts operation.
-//	pageNum := 0
-//	err := client.ListAccountsPages(params,
-//	    func(page *sso.ListAccountsOutput, lastPage bool) bool {
-//	        pageNum++
-//	        fmt.Println(page)
-//	        return pageNum <= 3
-//	    })
-func (c *SSO) ListAccountsPages(input *ListAccountsInput, fn func(*ListAccountsOutput, bool) bool) error {
-	return c.ListAccountsPagesWithContext(aws.BackgroundContext(), input, fn)
-}
-
-// ListAccountsPagesWithContext same as ListAccountsPages except
-// it takes a Context and allows setting request options on the pages.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-func (c *SSO) ListAccountsPagesWithContext(ctx aws.Context, input *ListAccountsInput, fn func(*ListAccountsOutput, bool) bool, opts ...request.Option) error {
-	p := request.Pagination{
-		NewRequest: func() (*request.Request, error) {
-			var inCpy *ListAccountsInput
-			if input != nil {
-				tmp := *input
-				inCpy = &tmp
-			}
-			req, _ := c.ListAccountsRequest(inCpy)
-			req.SetContext(ctx)
-			req.ApplyOptions(opts...)
-			return req, nil
-		},
-	}
-
-	for p.Next() {
-		if !fn(p.Page().(*ListAccountsOutput), !p.HasNextPage()) {
-			break
-		}
-	}
-
-	return p.Err()
-}
-
-const opLogout = "Logout"
-
-// LogoutRequest generates a "aws/request.Request" representing the
-// client's request for the Logout operation. The "output" return
-// value will be populated with the request's response once the request completes
-// successfully.
-//
-// Use "Send" method on the returned Request to send the API call to the service.
-// the "output" return value is not valid until after Send returns without error.
-//
-// See Logout for more information on using the Logout
-// API call, and error handling.
-//
-// This method is useful when you want to inject custom logic or configuration
-// into the SDK's request lifecycle. Such as custom headers, or retry logic.
-//
-//	// Example sending a request using the LogoutRequest method.
-//	req, resp := client.LogoutRequest(params)
-//
-//	err := req.Send()
-//	if err == nil { // resp is now filled
-//	    fmt.Println(resp)
-//	}
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/sso-2019-06-10/Logout
-func (c *SSO) LogoutRequest(input *LogoutInput) (req *request.Request, output *LogoutOutput) {
-	op := &request.Operation{
-		Name:       opLogout,
-		HTTPMethod: "POST",
-		HTTPPath:   "/logout",
-	}
-
-	if input == nil {
-		input = &LogoutInput{}
-	}
-
-	output = &LogoutOutput{}
-	req = c.newRequest(op, input, output)
-	req.Config.Credentials = credentials.AnonymousCredentials
-	req.Handlers.Unmarshal.Swap(restjson.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
-	return
-}
-
-// Logout API operation for AWS Single Sign-On.
-//
-// Removes the locally stored SSO tokens from the client-side cache and sends
-// an API call to the IAM Identity Center service to invalidate the corresponding
-// server-side IAM Identity Center sign in session.
-//
-// If a user uses IAM Identity Center to access the AWS CLI, the user’s IAM
-// Identity Center sign in session is used to obtain an IAM session, as specified
-// in the corresponding IAM Identity Center permission set. More specifically,
-// IAM Identity Center assumes an IAM role in the target account on behalf of
-// the user, and the corresponding temporary AWS credentials are returned to
-// the client.
-//
-// After user logout, any existing IAM role sessions that were created by using
-// IAM Identity Center permission sets continue based on the duration configured
-// in the permission set. For more information, see User authentications (https://docs.aws.amazon.com/singlesignon/latest/userguide/authconcept.html)
-// in the IAM Identity Center User Guide.
-//
-// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
-// with awserr.Error's Code and Message methods to get detailed information about
-// the error.
-//
-// See the AWS API reference guide for AWS Single Sign-On's
-// API operation Logout for usage and error information.
-//
-// Returned Error Types:
-//
-//   - InvalidRequestException
-//     Indicates that a problem occurred with the input to the request. For example,
-//     a required parameter might be missing or out of range.
-//
-//   - UnauthorizedException
-//     Indicates that the request is not authorized. This can happen due to an invalid
-//     access token in the request.
-//
-//   - TooManyRequestsException
-//     Indicates that the request is being made too frequently and is more than
-//     what the server can handle.
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/sso-2019-06-10/Logout
-func (c *SSO) Logout(input *LogoutInput) (*LogoutOutput, error) {
-	req, out := c.LogoutRequest(input)
-	return out, req.Send()
-}
-
-// LogoutWithContext is the same as Logout with the addition of
-// the ability to pass a context and additional request options.
-//
-// See Logout for details on how to use this API operation.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-func (c *SSO) LogoutWithContext(ctx aws.Context, input *LogoutInput, opts ...request.Option) (*LogoutOutput, error) {
-	req, out := c.LogoutRequest(input)
-	req.SetContext(ctx)
-	req.ApplyOptions(opts...)
-	return out, req.Send()
-}
-
-// Provides information about your AWS account.
-type AccountInfo struct {
-	_ struct{} `type:"structure"`
-
-	// The identifier of the AWS account that is assigned to the user.
-	AccountId *string `locationName:"accountId" type:"string"`
-
-	// The display name of the AWS account that is assigned to the user.
-	AccountName *string `locationName:"accountName" type:"string"`
-
-	// The email address of the AWS account that is assigned to the user.
-	EmailAddress *string `locationName:"emailAddress" min:"1" type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s AccountInfo) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s AccountInfo) GoString() string {
-	return s.String()
-}
-
-// SetAccountId sets the AccountId field's value.
-func (s *AccountInfo) SetAccountId(v string) *AccountInfo {
-	s.AccountId = &v
-	return s
-}
-
-// SetAccountName sets the AccountName field's value.
-func (s *AccountInfo) SetAccountName(v string) *AccountInfo {
-	s.AccountName = &v
-	return s
-}
-
-// SetEmailAddress sets the EmailAddress field's value.
-func (s *AccountInfo) SetEmailAddress(v string) *AccountInfo {
-	s.EmailAddress = &v
-	return s
-}
-
-type GetRoleCredentialsInput struct {
-	_ struct{} `type:"structure" nopayload:"true"`
-
-	// The token issued by the CreateToken API call. For more information, see CreateToken
-	// (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/API_CreateToken.html)
-	// in the IAM Identity Center OIDC API Reference Guide.
-	//
-	// AccessToken is a sensitive parameter and its value will be
-	// replaced with "sensitive" in string returned by GetRoleCredentialsInput's
-	// String and GoString methods.
-	//
-	// AccessToken is a required field
-	AccessToken *string `location:"header" locationName:"x-amz-sso_bearer_token" type:"string" required:"true" sensitive:"true"`
-
-	// The identifier for the AWS account that is assigned to the user.
-	//
-	// AccountId is a required field
-	AccountId *string `location:"querystring" locationName:"account_id" type:"string" required:"true"`
-
-	// The friendly name of the role that is assigned to the user.
-	//
-	// RoleName is a required field
-	RoleName *string `location:"querystring" locationName:"role_name" type:"string" required:"true"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetRoleCredentialsInput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetRoleCredentialsInput) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *GetRoleCredentialsInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "GetRoleCredentialsInput"}
-	if s.AccessToken == nil {
-		invalidParams.Add(request.NewErrParamRequired("AccessToken"))
-	}
-	if s.AccountId == nil {
-		invalidParams.Add(request.NewErrParamRequired("AccountId"))
-	}
-	if s.RoleName == nil {
-		invalidParams.Add(request.NewErrParamRequired("RoleName"))
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetAccessToken sets the AccessToken field's value.
-func (s *GetRoleCredentialsInput) SetAccessToken(v string) *GetRoleCredentialsInput {
-	s.AccessToken = &v
-	return s
-}
-
-// SetAccountId sets the AccountId field's value.
-func (s *GetRoleCredentialsInput) SetAccountId(v string) *GetRoleCredentialsInput {
-	s.AccountId = &v
-	return s
-}
-
-// SetRoleName sets the RoleName field's value.
-func (s *GetRoleCredentialsInput) SetRoleName(v string) *GetRoleCredentialsInput {
-	s.RoleName = &v
-	return s
-}
-
-type GetRoleCredentialsOutput struct {
-	_ struct{} `type:"structure"`
-
-	// The credentials for the role that is assigned to the user.
-	RoleCredentials *RoleCredentials `locationName:"roleCredentials" type:"structure"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetRoleCredentialsOutput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetRoleCredentialsOutput) GoString() string {
-	return s.String()
-}
-
-// SetRoleCredentials sets the RoleCredentials field's value.
-func (s *GetRoleCredentialsOutput) SetRoleCredentials(v *RoleCredentials) *GetRoleCredentialsOutput {
-	s.RoleCredentials = v
-	return s
-}
-
-// Indicates that a problem occurred with the input to the request. For example,
-// a required parameter might be missing or out of range.
-type InvalidRequestException struct {
-	_            struct{}                  `type:"structure"`
-	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
-
-	Message_ *string `locationName:"message" type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s InvalidRequestException) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s InvalidRequestException) GoString() string {
-	return s.String()
-}
-
-func newErrorInvalidRequestException(v protocol.ResponseMetadata) error {
-	return &InvalidRequestException{
-		RespMetadata: v,
-	}
-}
-
-// Code returns the exception type name.
-func (s *InvalidRequestException) Code() string {
-	return "InvalidRequestException"
-}
-
-// Message returns the exception's message.
-func (s *InvalidRequestException) Message() string {
-	if s.Message_ != nil {
-		return *s.Message_
-	}
-	return ""
-}
-
-// OrigErr always returns nil, satisfies awserr.Error interface.
-func (s *InvalidRequestException) OrigErr() error {
-	return nil
-}
-
-func (s *InvalidRequestException) Error() string {
-	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
-}
-
-// Status code returns the HTTP status code for the request's response error.
-func (s *InvalidRequestException) StatusCode() int {
-	return s.RespMetadata.StatusCode
-}
-
-// RequestID returns the service's response RequestID for request.
-func (s *InvalidRequestException) RequestID() string {
-	return s.RespMetadata.RequestID
-}
-
-type ListAccountRolesInput struct {
-	_ struct{} `type:"structure" nopayload:"true"`
-
-	// The token issued by the CreateToken API call. For more information, see CreateToken
-	// (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/API_CreateToken.html)
-	// in the IAM Identity Center OIDC API Reference Guide.
-	//
-	// AccessToken is a sensitive parameter and its value will be
-	// replaced with "sensitive" in string returned by ListAccountRolesInput's
-	// String and GoString methods.
-	//
-	// AccessToken is a required field
-	AccessToken *string `location:"header" locationName:"x-amz-sso_bearer_token" type:"string" required:"true" sensitive:"true"`
-
-	// The identifier for the AWS account that is assigned to the user.
-	//
-	// AccountId is a required field
-	AccountId *string `location:"querystring" locationName:"account_id" type:"string" required:"true"`
-
-	// The number of items that clients can request per page.
-	MaxResults *int64 `location:"querystring" locationName:"max_result" min:"1" type:"integer"`
-
-	// The page token from the previous response output when you request subsequent
-	// pages.
-	NextToken *string `location:"querystring" locationName:"next_token" type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s ListAccountRolesInput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s ListAccountRolesInput) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *ListAccountRolesInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "ListAccountRolesInput"}
-	if s.AccessToken == nil {
-		invalidParams.Add(request.NewErrParamRequired("AccessToken"))
-	}
-	if s.AccountId == nil {
-		invalidParams.Add(request.NewErrParamRequired("AccountId"))
-	}
-	if s.MaxResults != nil && *s.MaxResults < 1 {
-		invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1))
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetAccessToken sets the AccessToken field's value.
-func (s *ListAccountRolesInput) SetAccessToken(v string) *ListAccountRolesInput {
-	s.AccessToken = &v
-	return s
-}
-
-// SetAccountId sets the AccountId field's value.
-func (s *ListAccountRolesInput) SetAccountId(v string) *ListAccountRolesInput {
-	s.AccountId = &v
-	return s
-}
-
-// SetMaxResults sets the MaxResults field's value.
-func (s *ListAccountRolesInput) SetMaxResults(v int64) *ListAccountRolesInput {
-	s.MaxResults = &v
-	return s
-}
-
-// SetNextToken sets the NextToken field's value.
-func (s *ListAccountRolesInput) SetNextToken(v string) *ListAccountRolesInput {
-	s.NextToken = &v
-	return s
-}
-
-type ListAccountRolesOutput struct {
-	_ struct{} `type:"structure"`
-
-	// The page token client that is used to retrieve the list of accounts.
-	NextToken *string `locationName:"nextToken" type:"string"`
-
-	// A paginated response with the list of roles and the next token if more results
-	// are available.
-	RoleList []*RoleInfo `locationName:"roleList" type:"list"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s ListAccountRolesOutput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s ListAccountRolesOutput) GoString() string {
-	return s.String()
-}
-
-// SetNextToken sets the NextToken field's value.
-func (s *ListAccountRolesOutput) SetNextToken(v string) *ListAccountRolesOutput {
-	s.NextToken = &v
-	return s
-}
-
-// SetRoleList sets the RoleList field's value.
-func (s *ListAccountRolesOutput) SetRoleList(v []*RoleInfo) *ListAccountRolesOutput {
-	s.RoleList = v
-	return s
-}
-
-type ListAccountsInput struct {
-	_ struct{} `type:"structure" nopayload:"true"`
-
-	// The token issued by the CreateToken API call. For more information, see CreateToken
-	// (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/API_CreateToken.html)
-	// in the IAM Identity Center OIDC API Reference Guide.
-	//
-	// AccessToken is a sensitive parameter and its value will be
-	// replaced with "sensitive" in string returned by ListAccountsInput's
-	// String and GoString methods.
-	//
-	// AccessToken is a required field
-	AccessToken *string `location:"header" locationName:"x-amz-sso_bearer_token" type:"string" required:"true" sensitive:"true"`
-
-	// This is the number of items clients can request per page.
-	MaxResults *int64 `location:"querystring" locationName:"max_result" min:"1" type:"integer"`
-
-	// (Optional) When requesting subsequent pages, this is the page token from
-	// the previous response output.
-	NextToken *string `location:"querystring" locationName:"next_token" type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s ListAccountsInput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s ListAccountsInput) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *ListAccountsInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "ListAccountsInput"}
-	if s.AccessToken == nil {
-		invalidParams.Add(request.NewErrParamRequired("AccessToken"))
-	}
-	if s.MaxResults != nil && *s.MaxResults < 1 {
-		invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1))
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetAccessToken sets the AccessToken field's value.
-func (s *ListAccountsInput) SetAccessToken(v string) *ListAccountsInput {
-	s.AccessToken = &v
-	return s
-}
-
-// SetMaxResults sets the MaxResults field's value.
-func (s *ListAccountsInput) SetMaxResults(v int64) *ListAccountsInput {
-	s.MaxResults = &v
-	return s
-}
-
-// SetNextToken sets the NextToken field's value.
-func (s *ListAccountsInput) SetNextToken(v string) *ListAccountsInput {
-	s.NextToken = &v
-	return s
-}
-
-type ListAccountsOutput struct {
-	_ struct{} `type:"structure"`
-
-	// A paginated response with the list of account information and the next token
-	// if more results are available.
-	AccountList []*AccountInfo `locationName:"accountList" type:"list"`
-
-	// The page token client that is used to retrieve the list of accounts.
-	NextToken *string `locationName:"nextToken" type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s ListAccountsOutput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s ListAccountsOutput) GoString() string {
-	return s.String()
-}
-
-// SetAccountList sets the AccountList field's value.
-func (s *ListAccountsOutput) SetAccountList(v []*AccountInfo) *ListAccountsOutput {
-	s.AccountList = v
-	return s
-}
-
-// SetNextToken sets the NextToken field's value.
-func (s *ListAccountsOutput) SetNextToken(v string) *ListAccountsOutput {
-	s.NextToken = &v
-	return s
-}
-
-type LogoutInput struct {
-	_ struct{} `type:"structure" nopayload:"true"`
-
-	// The token issued by the CreateToken API call. For more information, see CreateToken
-	// (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/API_CreateToken.html)
-	// in the IAM Identity Center OIDC API Reference Guide.
-	//
-	// AccessToken is a sensitive parameter and its value will be
-	// replaced with "sensitive" in string returned by LogoutInput's
-	// String and GoString methods.
-	//
-	// AccessToken is a required field
-	AccessToken *string `location:"header" locationName:"x-amz-sso_bearer_token" type:"string" required:"true" sensitive:"true"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s LogoutInput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s LogoutInput) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *LogoutInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "LogoutInput"}
-	if s.AccessToken == nil {
-		invalidParams.Add(request.NewErrParamRequired("AccessToken"))
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetAccessToken sets the AccessToken field's value.
-func (s *LogoutInput) SetAccessToken(v string) *LogoutInput {
-	s.AccessToken = &v
-	return s
-}
-
-type LogoutOutput struct {
-	_ struct{} `type:"structure"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s LogoutOutput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s LogoutOutput) GoString() string {
-	return s.String()
-}
-
-// The specified resource doesn't exist.
-type ResourceNotFoundException struct {
-	_            struct{}                  `type:"structure"`
-	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
-
-	Message_ *string `locationName:"message" type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s ResourceNotFoundException) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s ResourceNotFoundException) GoString() string {
-	return s.String()
-}
-
-func newErrorResourceNotFoundException(v protocol.ResponseMetadata) error {
-	return &ResourceNotFoundException{
-		RespMetadata: v,
-	}
-}
-
-// Code returns the exception type name.
-func (s *ResourceNotFoundException) Code() string {
-	return "ResourceNotFoundException"
-}
-
-// Message returns the exception's message.
-func (s *ResourceNotFoundException) Message() string {
-	if s.Message_ != nil {
-		return *s.Message_
-	}
-	return ""
-}
-
-// OrigErr always returns nil, satisfies awserr.Error interface.
-func (s *ResourceNotFoundException) OrigErr() error {
-	return nil
-}
-
-func (s *ResourceNotFoundException) Error() string {
-	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
-}
-
-// Status code returns the HTTP status code for the request's response error.
-func (s *ResourceNotFoundException) StatusCode() int {
-	return s.RespMetadata.StatusCode
-}
-
-// RequestID returns the service's response RequestID for request.
-func (s *ResourceNotFoundException) RequestID() string {
-	return s.RespMetadata.RequestID
-}
-
-// Provides information about the role credentials that are assigned to the
-// user.
-type RoleCredentials struct {
-	_ struct{} `type:"structure"`
-
-	// The identifier used for the temporary security credentials. For more information,
-	// see Using Temporary Security Credentials to Request Access to AWS Resources
-	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html)
-	// in the AWS IAM User Guide.
-	AccessKeyId *string `locationName:"accessKeyId" type:"string"`
-
-	// The date on which temporary security credentials expire.
-	Expiration *int64 `locationName:"expiration" type:"long"`
-
-	// The key that is used to sign the request. For more information, see Using
-	// Temporary Security Credentials to Request Access to AWS Resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html)
-	// in the AWS IAM User Guide.
-	//
-	// SecretAccessKey is a sensitive parameter and its value will be
-	// replaced with "sensitive" in string returned by RoleCredentials's
-	// String and GoString methods.
-	SecretAccessKey *string `locationName:"secretAccessKey" type:"string" sensitive:"true"`
-
-	// The token used for temporary credentials. For more information, see Using
-	// Temporary Security Credentials to Request Access to AWS Resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html)
-	// in the AWS IAM User Guide.
-	//
-	// SessionToken is a sensitive parameter and its value will be
-	// replaced with "sensitive" in string returned by RoleCredentials's
-	// String and GoString methods.
-	SessionToken *string `locationName:"sessionToken" type:"string" sensitive:"true"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s RoleCredentials) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s RoleCredentials) GoString() string {
-	return s.String()
-}
-
-// SetAccessKeyId sets the AccessKeyId field's value.
-func (s *RoleCredentials) SetAccessKeyId(v string) *RoleCredentials {
-	s.AccessKeyId = &v
-	return s
-}
-
-// SetExpiration sets the Expiration field's value.
-func (s *RoleCredentials) SetExpiration(v int64) *RoleCredentials {
-	s.Expiration = &v
-	return s
-}
-
-// SetSecretAccessKey sets the SecretAccessKey field's value.
-func (s *RoleCredentials) SetSecretAccessKey(v string) *RoleCredentials {
-	s.SecretAccessKey = &v
-	return s
-}
-
-// SetSessionToken sets the SessionToken field's value.
-func (s *RoleCredentials) SetSessionToken(v string) *RoleCredentials {
-	s.SessionToken = &v
-	return s
-}
-
-// Provides information about the role that is assigned to the user.
-type RoleInfo struct {
-	_ struct{} `type:"structure"`
-
-	// The identifier of the AWS account assigned to the user.
-	AccountId *string `locationName:"accountId" type:"string"`
-
-	// The friendly name of the role that is assigned to the user.
-	RoleName *string `locationName:"roleName" type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s RoleInfo) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s RoleInfo) GoString() string {
-	return s.String()
-}
-
-// SetAccountId sets the AccountId field's value.
-func (s *RoleInfo) SetAccountId(v string) *RoleInfo {
-	s.AccountId = &v
-	return s
-}
-
-// SetRoleName sets the RoleName field's value.
-func (s *RoleInfo) SetRoleName(v string) *RoleInfo {
-	s.RoleName = &v
-	return s
-}
-
-// Indicates that the request is being made too frequently and is more than
-// what the server can handle.
-type TooManyRequestsException struct {
-	_            struct{}                  `type:"structure"`
-	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
-
-	Message_ *string `locationName:"message" type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s TooManyRequestsException) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s TooManyRequestsException) GoString() string {
-	return s.String()
-}
-
-func newErrorTooManyRequestsException(v protocol.ResponseMetadata) error {
-	return &TooManyRequestsException{
-		RespMetadata: v,
-	}
-}
-
-// Code returns the exception type name.
-func (s *TooManyRequestsException) Code() string {
-	return "TooManyRequestsException"
-}
-
-// Message returns the exception's message.
-func (s *TooManyRequestsException) Message() string {
-	if s.Message_ != nil {
-		return *s.Message_
-	}
-	return ""
-}
-
-// OrigErr always returns nil, satisfies awserr.Error interface.
-func (s *TooManyRequestsException) OrigErr() error {
-	return nil
-}
-
-func (s *TooManyRequestsException) Error() string {
-	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
-}
-
-// Status code returns the HTTP status code for the request's response error.
-func (s *TooManyRequestsException) StatusCode() int {
-	return s.RespMetadata.StatusCode
-}
-
-// RequestID returns the service's response RequestID for request.
-func (s *TooManyRequestsException) RequestID() string {
-	return s.RespMetadata.RequestID
-}
-
-// Indicates that the request is not authorized. This can happen due to an invalid
-// access token in the request.
-type UnauthorizedException struct {
-	_            struct{}                  `type:"structure"`
-	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
-
-	Message_ *string `locationName:"message" type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s UnauthorizedException) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s UnauthorizedException) GoString() string {
-	return s.String()
-}
-
-func newErrorUnauthorizedException(v protocol.ResponseMetadata) error {
-	return &UnauthorizedException{
-		RespMetadata: v,
-	}
-}
-
-// Code returns the exception type name.
-func (s *UnauthorizedException) Code() string {
-	return "UnauthorizedException"
-}
-
-// Message returns the exception's message.
-func (s *UnauthorizedException) Message() string {
-	if s.Message_ != nil {
-		return *s.Message_
-	}
-	return ""
-}
-
-// OrigErr always returns nil, satisfies awserr.Error interface.
-func (s *UnauthorizedException) OrigErr() error {
-	return nil
-}
-
-func (s *UnauthorizedException) Error() string {
-	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
-}
-
-// Status code returns the HTTP status code for the request's response error.
-func (s *UnauthorizedException) StatusCode() int {
-	return s.RespMetadata.StatusCode
-}
-
-// RequestID returns the service's response RequestID for request.
-func (s *UnauthorizedException) RequestID() string {
-	return s.RespMetadata.RequestID
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/service/sso/doc.go b/vendor/github.com/aws/aws-sdk-go/service/sso/doc.go
deleted file mode 100644
index 15e61a322..000000000
--- a/vendor/github.com/aws/aws-sdk-go/service/sso/doc.go
+++ /dev/null
@@ -1,45 +0,0 @@
-// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
-
-// Package sso provides the client and types for making API
-// requests to AWS Single Sign-On.
-//
-// AWS IAM Identity Center (successor to AWS Single Sign-On) Portal is a web
-// service that makes it easy for you to assign user access to IAM Identity
-// Center resources such as the AWS access portal. Users can get AWS account
-// applications and roles assigned to them and get federated into the application.
-//
-// Although AWS Single Sign-On was renamed, the sso and identitystore API namespaces
-// will continue to retain their original name for backward compatibility purposes.
-// For more information, see IAM Identity Center rename (https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html#renamed).
-//
-// This reference guide describes the IAM Identity Center Portal operations
-// that you can call programatically and includes detailed information on data
-// types and errors.
-//
-// AWS provides SDKs that consist of libraries and sample code for various programming
-// languages and platforms, such as Java, Ruby, .Net, iOS, or Android. The SDKs
-// provide a convenient way to create programmatic access to IAM Identity Center
-// and other AWS services. For more information about the AWS SDKs, including
-// how to download and install them, see Tools for Amazon Web Services (http://aws.amazon.com/tools/).
-//
-// See https://docs.aws.amazon.com/goto/WebAPI/sso-2019-06-10 for more information on this service.
-//
-// See sso package documentation for more information.
-// https://docs.aws.amazon.com/sdk-for-go/api/service/sso/
-//
-// # Using the Client
-//
-// To contact AWS Single Sign-On with the SDK use the New function to create
-// a new service client. With that client you can make API requests to the service.
-// These clients are safe to use concurrently.
-//
-// See the SDK's documentation for more information on how to use the SDK.
-// https://docs.aws.amazon.com/sdk-for-go/api/
-//
-// See aws.Config documentation for more information on configuring SDK clients.
-// https://docs.aws.amazon.com/sdk-for-go/api/aws/#Config
-//
-// See the AWS Single Sign-On client SSO for more
-// information on creating client for this service.
-// https://docs.aws.amazon.com/sdk-for-go/api/service/sso/#New
-package sso
diff --git a/vendor/github.com/aws/aws-sdk-go/service/sso/errors.go b/vendor/github.com/aws/aws-sdk-go/service/sso/errors.go
deleted file mode 100644
index 77a6792e3..000000000
--- a/vendor/github.com/aws/aws-sdk-go/service/sso/errors.go
+++ /dev/null
@@ -1,44 +0,0 @@
-// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
-
-package sso
-
-import (
-	"github.com/aws/aws-sdk-go/private/protocol"
-)
-
-const (
-
-	// ErrCodeInvalidRequestException for service response error code
-	// "InvalidRequestException".
-	//
-	// Indicates that a problem occurred with the input to the request. For example,
-	// a required parameter might be missing or out of range.
-	ErrCodeInvalidRequestException = "InvalidRequestException"
-
-	// ErrCodeResourceNotFoundException for service response error code
-	// "ResourceNotFoundException".
-	//
-	// The specified resource doesn't exist.
-	ErrCodeResourceNotFoundException = "ResourceNotFoundException"
-
-	// ErrCodeTooManyRequestsException for service response error code
-	// "TooManyRequestsException".
-	//
-	// Indicates that the request is being made too frequently and is more than
-	// what the server can handle.
-	ErrCodeTooManyRequestsException = "TooManyRequestsException"
-
-	// ErrCodeUnauthorizedException for service response error code
-	// "UnauthorizedException".
-	//
-	// Indicates that the request is not authorized. This can happen due to an invalid
-	// access token in the request.
-	ErrCodeUnauthorizedException = "UnauthorizedException"
-)
-
-var exceptionFromCode = map[string]func(protocol.ResponseMetadata) error{
-	"InvalidRequestException":   newErrorInvalidRequestException,
-	"ResourceNotFoundException": newErrorResourceNotFoundException,
-	"TooManyRequestsException":  newErrorTooManyRequestsException,
-	"UnauthorizedException":     newErrorUnauthorizedException,
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/service/sso/service.go b/vendor/github.com/aws/aws-sdk-go/service/sso/service.go
deleted file mode 100644
index 7094cfe41..000000000
--- a/vendor/github.com/aws/aws-sdk-go/service/sso/service.go
+++ /dev/null
@@ -1,106 +0,0 @@
-// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
-
-package sso
-
-import (
-	"github.com/aws/aws-sdk-go/aws"
-	"github.com/aws/aws-sdk-go/aws/client"
-	"github.com/aws/aws-sdk-go/aws/client/metadata"
-	"github.com/aws/aws-sdk-go/aws/request"
-	"github.com/aws/aws-sdk-go/aws/signer/v4"
-	"github.com/aws/aws-sdk-go/private/protocol"
-	"github.com/aws/aws-sdk-go/private/protocol/restjson"
-)
-
-// SSO provides the API operation methods for making requests to
-// AWS Single Sign-On. See this package's package overview docs
-// for details on the service.
-//
-// SSO methods are safe to use concurrently. It is not safe to
-// modify mutate any of the struct's properties though.
-type SSO struct {
-	*client.Client
-}
-
-// Used for custom client initialization logic
-var initClient func(*client.Client)
-
-// Used for custom request initialization logic
-var initRequest func(*request.Request)
-
-// Service information constants
-const (
-	ServiceName = "SSO"        // Name of service.
-	EndpointsID = "portal.sso" // ID to lookup a service endpoint with.
-	ServiceID   = "SSO"        // ServiceID is a unique identifier of a specific service.
-)
-
-// New creates a new instance of the SSO client with a session.
-// If additional configuration is needed for the client instance use the optional
-// aws.Config parameter to add your extra config.
-//
-// Example:
-//
-//	mySession := session.Must(session.NewSession())
-//
-//	// Create a SSO client from just a session.
-//	svc := sso.New(mySession)
-//
-//	// Create a SSO client with additional configuration
-//	svc := sso.New(mySession, aws.NewConfig().WithRegion("us-west-2"))
-func New(p client.ConfigProvider, cfgs ...*aws.Config) *SSO {
-	c := p.ClientConfig(EndpointsID, cfgs...)
-	if c.SigningNameDerived || len(c.SigningName) == 0 {
-		c.SigningName = "awsssoportal"
-	}
-	return newClient(*c.Config, c.Handlers, c.PartitionID, c.Endpoint, c.SigningRegion, c.SigningName, c.ResolvedRegion)
-}
-
-// newClient creates, initializes and returns a new service client instance.
-func newClient(cfg aws.Config, handlers request.Handlers, partitionID, endpoint, signingRegion, signingName, resolvedRegion string) *SSO {
-	svc := &SSO{
-		Client: client.New(
-			cfg,
-			metadata.ClientInfo{
-				ServiceName:    ServiceName,
-				ServiceID:      ServiceID,
-				SigningName:    signingName,
-				SigningRegion:  signingRegion,
-				PartitionID:    partitionID,
-				Endpoint:       endpoint,
-				APIVersion:     "2019-06-10",
-				ResolvedRegion: resolvedRegion,
-			},
-			handlers,
-		),
-	}
-
-	// Handlers
-	svc.Handlers.Sign.PushBackNamed(v4.SignRequestHandler)
-	svc.Handlers.Build.PushBackNamed(restjson.BuildHandler)
-	svc.Handlers.Unmarshal.PushBackNamed(restjson.UnmarshalHandler)
-	svc.Handlers.UnmarshalMeta.PushBackNamed(restjson.UnmarshalMetaHandler)
-	svc.Handlers.UnmarshalError.PushBackNamed(
-		protocol.NewUnmarshalErrorHandler(restjson.NewUnmarshalTypedError(exceptionFromCode)).NamedHandler(),
-	)
-
-	// Run custom client initialization if present
-	if initClient != nil {
-		initClient(svc.Client)
-	}
-
-	return svc
-}
-
-// newRequest creates a new request for a SSO operation and runs any
-// custom request initialization.
-func (c *SSO) newRequest(op *request.Operation, params, data interface{}) *request.Request {
-	req := c.NewRequest(op, params, data)
-
-	// Run custom request initialization if present
-	if initRequest != nil {
-		initRequest(req)
-	}
-
-	return req
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/service/sso/ssoiface/interface.go b/vendor/github.com/aws/aws-sdk-go/service/sso/ssoiface/interface.go
deleted file mode 100644
index 818cab7cd..000000000
--- a/vendor/github.com/aws/aws-sdk-go/service/sso/ssoiface/interface.go
+++ /dev/null
@@ -1,86 +0,0 @@
-// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
-
-// Package ssoiface provides an interface to enable mocking the AWS Single Sign-On service client
-// for testing your code.
-//
-// It is important to note that this interface will have breaking changes
-// when the service model is updated and adds new API operations, paginators,
-// and waiters.
-package ssoiface
-
-import (
-	"github.com/aws/aws-sdk-go/aws"
-	"github.com/aws/aws-sdk-go/aws/request"
-	"github.com/aws/aws-sdk-go/service/sso"
-)
-
-// SSOAPI provides an interface to enable mocking the
-// sso.SSO service client's API operation,
-// paginators, and waiters. This make unit testing your code that calls out
-// to the SDK's service client's calls easier.
-//
-// The best way to use this interface is so the SDK's service client's calls
-// can be stubbed out for unit testing your code with the SDK without needing
-// to inject custom request handlers into the SDK's request pipeline.
-//
-//	// myFunc uses an SDK service client to make a request to
-//	// AWS Single Sign-On.
-//	func myFunc(svc ssoiface.SSOAPI) bool {
-//	    // Make svc.GetRoleCredentials request
-//	}
-//
-//	func main() {
-//	    sess := session.New()
-//	    svc := sso.New(sess)
-//
-//	    myFunc(svc)
-//	}
-//
-// In your _test.go file:
-//
-//	// Define a mock struct to be used in your unit tests of myFunc.
-//	type mockSSOClient struct {
-//	    ssoiface.SSOAPI
-//	}
-//	func (m *mockSSOClient) GetRoleCredentials(input *sso.GetRoleCredentialsInput) (*sso.GetRoleCredentialsOutput, error) {
-//	    // mock response/functionality
-//	}
-//
-//	func TestMyFunc(t *testing.T) {
-//	    // Setup Test
-//	    mockSvc := &mockSSOClient{}
-//
-//	    myfunc(mockSvc)
-//
-//	    // Verify myFunc's functionality
-//	}
-//
-// It is important to note that this interface will have breaking changes
-// when the service model is updated and adds new API operations, paginators,
-// and waiters. Its suggested to use the pattern above for testing, or using
-// tooling to generate mocks to satisfy the interfaces.
-type SSOAPI interface {
-	GetRoleCredentials(*sso.GetRoleCredentialsInput) (*sso.GetRoleCredentialsOutput, error)
-	GetRoleCredentialsWithContext(aws.Context, *sso.GetRoleCredentialsInput, ...request.Option) (*sso.GetRoleCredentialsOutput, error)
-	GetRoleCredentialsRequest(*sso.GetRoleCredentialsInput) (*request.Request, *sso.GetRoleCredentialsOutput)
-
-	ListAccountRoles(*sso.ListAccountRolesInput) (*sso.ListAccountRolesOutput, error)
-	ListAccountRolesWithContext(aws.Context, *sso.ListAccountRolesInput, ...request.Option) (*sso.ListAccountRolesOutput, error)
-	ListAccountRolesRequest(*sso.ListAccountRolesInput) (*request.Request, *sso.ListAccountRolesOutput)
-
-	ListAccountRolesPages(*sso.ListAccountRolesInput, func(*sso.ListAccountRolesOutput, bool) bool) error
-	ListAccountRolesPagesWithContext(aws.Context, *sso.ListAccountRolesInput, func(*sso.ListAccountRolesOutput, bool) bool, ...request.Option) error
-
-	ListAccounts(*sso.ListAccountsInput) (*sso.ListAccountsOutput, error)
-	ListAccountsWithContext(aws.Context, *sso.ListAccountsInput, ...request.Option) (*sso.ListAccountsOutput, error)
-	ListAccountsRequest(*sso.ListAccountsInput) (*request.Request, *sso.ListAccountsOutput)
-
-	ListAccountsPages(*sso.ListAccountsInput, func(*sso.ListAccountsOutput, bool) bool) error
-	ListAccountsPagesWithContext(aws.Context, *sso.ListAccountsInput, func(*sso.ListAccountsOutput, bool) bool, ...request.Option) error
-
-	Logout(*sso.LogoutInput) (*sso.LogoutOutput, error)
-	LogoutWithContext(aws.Context, *sso.LogoutInput, ...request.Option) (*sso.LogoutOutput, error)
-	LogoutRequest(*sso.LogoutInput) (*request.Request, *sso.LogoutOutput)
-}
-
-var _ SSOAPI = (*sso.SSO)(nil)
diff --git a/vendor/github.com/aws/aws-sdk-go/service/sts/api.go b/vendor/github.com/aws/aws-sdk-go/service/sts/api.go
deleted file mode 100644
index 7ac6b93f4..000000000
--- a/vendor/github.com/aws/aws-sdk-go/service/sts/api.go
+++ /dev/null
@@ -1,3464 +0,0 @@
-// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
-
-package sts
-
-import (
-	"fmt"
-	"time"
-
-	"github.com/aws/aws-sdk-go/aws"
-	"github.com/aws/aws-sdk-go/aws/awsutil"
-	"github.com/aws/aws-sdk-go/aws/credentials"
-	"github.com/aws/aws-sdk-go/aws/request"
-)
-
-const opAssumeRole = "AssumeRole"
-
-// AssumeRoleRequest generates a "aws/request.Request" representing the
-// client's request for the AssumeRole operation. The "output" return
-// value will be populated with the request's response once the request completes
-// successfully.
-//
-// Use "Send" method on the returned Request to send the API call to the service.
-// the "output" return value is not valid until after Send returns without error.
-//
-// See AssumeRole for more information on using the AssumeRole
-// API call, and error handling.
-//
-// This method is useful when you want to inject custom logic or configuration
-// into the SDK's request lifecycle. Such as custom headers, or retry logic.
-//
-//	// Example sending a request using the AssumeRoleRequest method.
-//	req, resp := client.AssumeRoleRequest(params)
-//
-//	err := req.Send()
-//	if err == nil { // resp is now filled
-//	    fmt.Println(resp)
-//	}
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRole
-func (c *STS) AssumeRoleRequest(input *AssumeRoleInput) (req *request.Request, output *AssumeRoleOutput) {
-	op := &request.Operation{
-		Name:       opAssumeRole,
-		HTTPMethod: "POST",
-		HTTPPath:   "/",
-	}
-
-	if input == nil {
-		input = &AssumeRoleInput{}
-	}
-
-	output = &AssumeRoleOutput{}
-	req = c.newRequest(op, input, output)
-	return
-}
-
-// AssumeRole API operation for AWS Security Token Service.
-//
-// Returns a set of temporary security credentials that you can use to access
-// Amazon Web Services resources. These temporary credentials consist of an
-// access key ID, a secret access key, and a security token. Typically, you
-// use AssumeRole within your account or for cross-account access. For a comparison
-// of AssumeRole with other API operations that produce temporary credentials,
-// see Requesting Temporary Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html)
-// and Comparing the Amazon Web Services STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison)
-// in the IAM User Guide.
-//
-// # Permissions
-//
-// The temporary security credentials created by AssumeRole can be used to make
-// API calls to any Amazon Web Services service with the following exception:
-// You cannot call the Amazon Web Services STS GetFederationToken or GetSessionToken
-// API operations.
-//
-// (Optional) You can pass inline or managed session policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
-// to this operation. You can pass a single JSON policy document to use as an
-// inline session policy. You can also specify up to 10 managed policy Amazon
-// Resource Names (ARNs) to use as managed session policies. The plaintext that
-// you use for both inline and managed session policies can't exceed 2,048 characters.
-// Passing policies to this operation returns new temporary credentials. The
-// resulting session's permissions are the intersection of the role's identity-based
-// policy and the session policies. You can use the role's temporary credentials
-// in subsequent Amazon Web Services API calls to access resources in the account
-// that owns the role. You cannot use session policies to grant more permissions
-// than those allowed by the identity-based policy of the role that is being
-// assumed. For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
-// in the IAM User Guide.
-//
-// When you create a role, you create two policies: a role trust policy that
-// specifies who can assume the role, and a permissions policy that specifies
-// what can be done with the role. You specify the trusted principal that is
-// allowed to assume the role in the role trust policy.
-//
-// To assume a role from a different account, your Amazon Web Services account
-// must be trusted by the role. The trust relationship is defined in the role's
-// trust policy when the role is created. That trust policy states which accounts
-// are allowed to delegate that access to users in the account.
-//
-// A user who wants to access a role in a different account must also have permissions
-// that are delegated from the account administrator. The administrator must
-// attach a policy that allows the user to call AssumeRole for the ARN of the
-// role in the other account.
-//
-// To allow a user to assume a role in the same account, you can do either of
-// the following:
-//
-//   - Attach a policy to the user that allows the user to call AssumeRole
-//     (as long as the role's trust policy trusts the account).
-//
-//   - Add the user as a principal directly in the role's trust policy.
-//
-// You can do either because the role’s trust policy acts as an IAM resource-based
-// policy. When a resource-based policy grants access to a principal in the
-// same account, no additional identity-based policy is required. For more information
-// about trust policies and resource-based policies, see IAM Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html)
-// in the IAM User Guide.
-//
-// # Tags
-//
-// (Optional) You can pass tag key-value pairs to your session. These tags are
-// called session tags. For more information about session tags, see Passing
-// Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
-// in the IAM User Guide.
-//
-// An administrator must grant you the permissions necessary to pass session
-// tags. The administrator can also create granular permissions to allow you
-// to pass only specific session tags. For more information, see Tutorial: Using
-// Tags for Attribute-Based Access Control (https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html)
-// in the IAM User Guide.
-//
-// You can set the session tags as transitive. Transitive tags persist during
-// role chaining. For more information, see Chaining Roles with Session Tags
-// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining)
-// in the IAM User Guide.
-//
-// # Using MFA with AssumeRole
-//
-// (Optional) You can include multi-factor authentication (MFA) information
-// when you call AssumeRole. This is useful for cross-account scenarios to ensure
-// that the user that assumes the role has been authenticated with an Amazon
-// Web Services MFA device. In that scenario, the trust policy of the role being
-// assumed includes a condition that tests for MFA authentication. If the caller
-// does not include valid MFA information, the request to assume the role is
-// denied. The condition in a trust policy that tests for MFA authentication
-// might look like the following example.
-//
-// "Condition": {"Bool": {"aws:MultiFactorAuthPresent": true}}
-//
-// For more information, see Configuring MFA-Protected API Access (https://docs.aws.amazon.com/IAM/latest/UserGuide/MFAProtectedAPI.html)
-// in the IAM User Guide guide.
-//
-// To use MFA with AssumeRole, you pass values for the SerialNumber and TokenCode
-// parameters. The SerialNumber value identifies the user's hardware or virtual
-// MFA device. The TokenCode is the time-based one-time password (TOTP) that
-// the MFA device produces.
-//
-// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
-// with awserr.Error's Code and Message methods to get detailed information about
-// the error.
-//
-// See the AWS API reference guide for AWS Security Token Service's
-// API operation AssumeRole for usage and error information.
-//
-// Returned Error Codes:
-//
-//   - ErrCodeMalformedPolicyDocumentException "MalformedPolicyDocument"
-//     The request was rejected because the policy document was malformed. The error
-//     message describes the specific error.
-//
-//   - ErrCodePackedPolicyTooLargeException "PackedPolicyTooLarge"
-//     The request was rejected because the total packed size of the session policies
-//     and session tags combined was too large. An Amazon Web Services conversion
-//     compresses the session policy document, session policy ARNs, and session
-//     tags into a packed binary format that has a separate limit. The error message
-//     indicates by percentage how close the policies and tags are to the upper
-//     size limit. For more information, see Passing Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
-//     in the IAM User Guide.
-//
-//     You could receive this error even though you meet other defined session policy
-//     and session tag limits. For more information, see IAM and STS Entity Character
-//     Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-limits-entity-length)
-//     in the IAM User Guide.
-//
-//   - ErrCodeRegionDisabledException "RegionDisabledException"
-//     STS is not activated in the requested region for the account that is being
-//     asked to generate credentials. The account administrator must use the IAM
-//     console to activate STS in that region. For more information, see Activating
-//     and Deactivating Amazon Web Services STS in an Amazon Web Services Region
-//     (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html)
-//     in the IAM User Guide.
-//
-//   - ErrCodeExpiredTokenException "ExpiredTokenException"
-//     The web identity token that was passed is expired or is not valid. Get a
-//     new identity token from the identity provider and then retry the request.
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRole
-func (c *STS) AssumeRole(input *AssumeRoleInput) (*AssumeRoleOutput, error) {
-	req, out := c.AssumeRoleRequest(input)
-	return out, req.Send()
-}
-
-// AssumeRoleWithContext is the same as AssumeRole with the addition of
-// the ability to pass a context and additional request options.
-//
-// See AssumeRole for details on how to use this API operation.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-func (c *STS) AssumeRoleWithContext(ctx aws.Context, input *AssumeRoleInput, opts ...request.Option) (*AssumeRoleOutput, error) {
-	req, out := c.AssumeRoleRequest(input)
-	req.SetContext(ctx)
-	req.ApplyOptions(opts...)
-	return out, req.Send()
-}
-
-const opAssumeRoleWithSAML = "AssumeRoleWithSAML"
-
-// AssumeRoleWithSAMLRequest generates a "aws/request.Request" representing the
-// client's request for the AssumeRoleWithSAML operation. The "output" return
-// value will be populated with the request's response once the request completes
-// successfully.
-//
-// Use "Send" method on the returned Request to send the API call to the service.
-// the "output" return value is not valid until after Send returns without error.
-//
-// See AssumeRoleWithSAML for more information on using the AssumeRoleWithSAML
-// API call, and error handling.
-//
-// This method is useful when you want to inject custom logic or configuration
-// into the SDK's request lifecycle. Such as custom headers, or retry logic.
-//
-//	// Example sending a request using the AssumeRoleWithSAMLRequest method.
-//	req, resp := client.AssumeRoleWithSAMLRequest(params)
-//
-//	err := req.Send()
-//	if err == nil { // resp is now filled
-//	    fmt.Println(resp)
-//	}
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRoleWithSAML
-func (c *STS) AssumeRoleWithSAMLRequest(input *AssumeRoleWithSAMLInput) (req *request.Request, output *AssumeRoleWithSAMLOutput) {
-	op := &request.Operation{
-		Name:       opAssumeRoleWithSAML,
-		HTTPMethod: "POST",
-		HTTPPath:   "/",
-	}
-
-	if input == nil {
-		input = &AssumeRoleWithSAMLInput{}
-	}
-
-	output = &AssumeRoleWithSAMLOutput{}
-	req = c.newRequest(op, input, output)
-	req.Config.Credentials = credentials.AnonymousCredentials
-	return
-}
-
-// AssumeRoleWithSAML API operation for AWS Security Token Service.
-//
-// Returns a set of temporary security credentials for users who have been authenticated
-// via a SAML authentication response. This operation provides a mechanism for
-// tying an enterprise identity store or directory to role-based Amazon Web
-// Services access without user-specific credentials or configuration. For a
-// comparison of AssumeRoleWithSAML with the other API operations that produce
-// temporary credentials, see Requesting Temporary Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html)
-// and Comparing the Amazon Web Services STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison)
-// in the IAM User Guide.
-//
-// The temporary security credentials returned by this operation consist of
-// an access key ID, a secret access key, and a security token. Applications
-// can use these temporary security credentials to sign calls to Amazon Web
-// Services services.
-//
-// # Session Duration
-//
-// By default, the temporary security credentials created by AssumeRoleWithSAML
-// last for one hour. However, you can use the optional DurationSeconds parameter
-// to specify the duration of your session. Your role session lasts for the
-// duration that you specify, or until the time specified in the SAML authentication
-// response's SessionNotOnOrAfter value, whichever is shorter. You can provide
-// a DurationSeconds value from 900 seconds (15 minutes) up to the maximum session
-// duration setting for the role. This setting can have a value from 1 hour
-// to 12 hours. To learn how to view the maximum value for your role, see View
-// the Maximum Session Duration Setting for a Role (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session)
-// in the IAM User Guide. The maximum session duration limit applies when you
-// use the AssumeRole* API operations or the assume-role* CLI commands. However
-// the limit does not apply when you use those operations to create a console
-// URL. For more information, see Using IAM Roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html)
-// in the IAM User Guide.
-//
-// Role chaining (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html#iam-term-role-chaining)
-// limits your CLI or Amazon Web Services API role session to a maximum of one
-// hour. When you use the AssumeRole API operation to assume a role, you can
-// specify the duration of your role session with the DurationSeconds parameter.
-// You can specify a parameter value of up to 43200 seconds (12 hours), depending
-// on the maximum session duration setting for your role. However, if you assume
-// a role using role chaining and provide a DurationSeconds parameter value
-// greater than one hour, the operation fails.
-//
-// # Permissions
-//
-// The temporary security credentials created by AssumeRoleWithSAML can be used
-// to make API calls to any Amazon Web Services service with the following exception:
-// you cannot call the STS GetFederationToken or GetSessionToken API operations.
-//
-// (Optional) You can pass inline or managed session policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
-// to this operation. You can pass a single JSON policy document to use as an
-// inline session policy. You can also specify up to 10 managed policy Amazon
-// Resource Names (ARNs) to use as managed session policies. The plaintext that
-// you use for both inline and managed session policies can't exceed 2,048 characters.
-// Passing policies to this operation returns new temporary credentials. The
-// resulting session's permissions are the intersection of the role's identity-based
-// policy and the session policies. You can use the role's temporary credentials
-// in subsequent Amazon Web Services API calls to access resources in the account
-// that owns the role. You cannot use session policies to grant more permissions
-// than those allowed by the identity-based policy of the role that is being
-// assumed. For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
-// in the IAM User Guide.
-//
-// Calling AssumeRoleWithSAML does not require the use of Amazon Web Services
-// security credentials. The identity of the caller is validated by using keys
-// in the metadata document that is uploaded for the SAML provider entity for
-// your identity provider.
-//
-// Calling AssumeRoleWithSAML can result in an entry in your CloudTrail logs.
-// The entry includes the value in the NameID element of the SAML assertion.
-// We recommend that you use a NameIDType that is not associated with any personally
-// identifiable information (PII). For example, you could instead use the persistent
-// identifier (urn:oasis:names:tc:SAML:2.0:nameid-format:persistent).
-//
-// # Tags
-//
-// (Optional) You can configure your IdP to pass attributes into your SAML assertion
-// as session tags. Each session tag consists of a key name and an associated
-// value. For more information about session tags, see Passing Session Tags
-// in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
-// in the IAM User Guide.
-//
-// You can pass up to 50 session tags. The plaintext session tag keys can’t
-// exceed 128 characters and the values can’t exceed 256 characters. For these
-// and additional limits, see IAM and STS Character Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length)
-// in the IAM User Guide.
-//
-// An Amazon Web Services conversion compresses the passed inline session policy,
-// managed policy ARNs, and session tags into a packed binary format that has
-// a separate limit. Your request can fail for this limit even if your plaintext
-// meets the other requirements. The PackedPolicySize response element indicates
-// by percentage how close the policies and tags for your request are to the
-// upper size limit.
-//
-// You can pass a session tag with the same key as a tag that is attached to
-// the role. When you do, session tags override the role's tags with the same
-// key.
-//
-// An administrator must grant you the permissions necessary to pass session
-// tags. The administrator can also create granular permissions to allow you
-// to pass only specific session tags. For more information, see Tutorial: Using
-// Tags for Attribute-Based Access Control (https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html)
-// in the IAM User Guide.
-//
-// You can set the session tags as transitive. Transitive tags persist during
-// role chaining. For more information, see Chaining Roles with Session Tags
-// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining)
-// in the IAM User Guide.
-//
-// # SAML Configuration
-//
-// Before your application can call AssumeRoleWithSAML, you must configure your
-// SAML identity provider (IdP) to issue the claims required by Amazon Web Services.
-// Additionally, you must use Identity and Access Management (IAM) to create
-// a SAML provider entity in your Amazon Web Services account that represents
-// your identity provider. You must also create an IAM role that specifies this
-// SAML provider in its trust policy.
-//
-// For more information, see the following resources:
-//
-//   - About SAML 2.0-based Federation (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html)
-//     in the IAM User Guide.
-//
-//   - Creating SAML Identity Providers (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_saml.html)
-//     in the IAM User Guide.
-//
-//   - Configuring a Relying Party and Claims (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_saml_relying-party.html)
-//     in the IAM User Guide.
-//
-//   - Creating a Role for SAML 2.0 Federation (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-idp_saml.html)
-//     in the IAM User Guide.
-//
-// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
-// with awserr.Error's Code and Message methods to get detailed information about
-// the error.
-//
-// See the AWS API reference guide for AWS Security Token Service's
-// API operation AssumeRoleWithSAML for usage and error information.
-//
-// Returned Error Codes:
-//
-//   - ErrCodeMalformedPolicyDocumentException "MalformedPolicyDocument"
-//     The request was rejected because the policy document was malformed. The error
-//     message describes the specific error.
-//
-//   - ErrCodePackedPolicyTooLargeException "PackedPolicyTooLarge"
-//     The request was rejected because the total packed size of the session policies
-//     and session tags combined was too large. An Amazon Web Services conversion
-//     compresses the session policy document, session policy ARNs, and session
-//     tags into a packed binary format that has a separate limit. The error message
-//     indicates by percentage how close the policies and tags are to the upper
-//     size limit. For more information, see Passing Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
-//     in the IAM User Guide.
-//
-//     You could receive this error even though you meet other defined session policy
-//     and session tag limits. For more information, see IAM and STS Entity Character
-//     Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-limits-entity-length)
-//     in the IAM User Guide.
-//
-//   - ErrCodeIDPRejectedClaimException "IDPRejectedClaim"
-//     The identity provider (IdP) reported that authentication failed. This might
-//     be because the claim is invalid.
-//
-//     If this error is returned for the AssumeRoleWithWebIdentity operation, it
-//     can also mean that the claim has expired or has been explicitly revoked.
-//
-//   - ErrCodeInvalidIdentityTokenException "InvalidIdentityToken"
-//     The web identity token that was passed could not be validated by Amazon Web
-//     Services. Get a new identity token from the identity provider and then retry
-//     the request.
-//
-//   - ErrCodeExpiredTokenException "ExpiredTokenException"
-//     The web identity token that was passed is expired or is not valid. Get a
-//     new identity token from the identity provider and then retry the request.
-//
-//   - ErrCodeRegionDisabledException "RegionDisabledException"
-//     STS is not activated in the requested region for the account that is being
-//     asked to generate credentials. The account administrator must use the IAM
-//     console to activate STS in that region. For more information, see Activating
-//     and Deactivating Amazon Web Services STS in an Amazon Web Services Region
-//     (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html)
-//     in the IAM User Guide.
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRoleWithSAML
-func (c *STS) AssumeRoleWithSAML(input *AssumeRoleWithSAMLInput) (*AssumeRoleWithSAMLOutput, error) {
-	req, out := c.AssumeRoleWithSAMLRequest(input)
-	return out, req.Send()
-}
-
-// AssumeRoleWithSAMLWithContext is the same as AssumeRoleWithSAML with the addition of
-// the ability to pass a context and additional request options.
-//
-// See AssumeRoleWithSAML for details on how to use this API operation.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-func (c *STS) AssumeRoleWithSAMLWithContext(ctx aws.Context, input *AssumeRoleWithSAMLInput, opts ...request.Option) (*AssumeRoleWithSAMLOutput, error) {
-	req, out := c.AssumeRoleWithSAMLRequest(input)
-	req.SetContext(ctx)
-	req.ApplyOptions(opts...)
-	return out, req.Send()
-}
-
-const opAssumeRoleWithWebIdentity = "AssumeRoleWithWebIdentity"
-
-// AssumeRoleWithWebIdentityRequest generates a "aws/request.Request" representing the
-// client's request for the AssumeRoleWithWebIdentity operation. The "output" return
-// value will be populated with the request's response once the request completes
-// successfully.
-//
-// Use "Send" method on the returned Request to send the API call to the service.
-// the "output" return value is not valid until after Send returns without error.
-//
-// See AssumeRoleWithWebIdentity for more information on using the AssumeRoleWithWebIdentity
-// API call, and error handling.
-//
-// This method is useful when you want to inject custom logic or configuration
-// into the SDK's request lifecycle. Such as custom headers, or retry logic.
-//
-//	// Example sending a request using the AssumeRoleWithWebIdentityRequest method.
-//	req, resp := client.AssumeRoleWithWebIdentityRequest(params)
-//
-//	err := req.Send()
-//	if err == nil { // resp is now filled
-//	    fmt.Println(resp)
-//	}
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRoleWithWebIdentity
-func (c *STS) AssumeRoleWithWebIdentityRequest(input *AssumeRoleWithWebIdentityInput) (req *request.Request, output *AssumeRoleWithWebIdentityOutput) {
-	op := &request.Operation{
-		Name:       opAssumeRoleWithWebIdentity,
-		HTTPMethod: "POST",
-		HTTPPath:   "/",
-	}
-
-	if input == nil {
-		input = &AssumeRoleWithWebIdentityInput{}
-	}
-
-	output = &AssumeRoleWithWebIdentityOutput{}
-	req = c.newRequest(op, input, output)
-	req.Config.Credentials = credentials.AnonymousCredentials
-	return
-}
-
-// AssumeRoleWithWebIdentity API operation for AWS Security Token Service.
-//
-// Returns a set of temporary security credentials for users who have been authenticated
-// in a mobile or web application with a web identity provider. Example providers
-// include the OAuth 2.0 providers Login with Amazon and Facebook, or any OpenID
-// Connect-compatible identity provider such as Google or Amazon Cognito federated
-// identities (https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-identity.html).
-//
-// For mobile applications, we recommend that you use Amazon Cognito. You can
-// use Amazon Cognito with the Amazon Web Services SDK for iOS Developer Guide
-// (http://aws.amazon.com/sdkforios/) and the Amazon Web Services SDK for Android
-// Developer Guide (http://aws.amazon.com/sdkforandroid/) to uniquely identify
-// a user. You can also supply the user with a consistent identity throughout
-// the lifetime of an application.
-//
-// To learn more about Amazon Cognito, see Amazon Cognito identity pools (https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-identity.html)
-// in Amazon Cognito Developer Guide.
-//
-// Calling AssumeRoleWithWebIdentity does not require the use of Amazon Web
-// Services security credentials. Therefore, you can distribute an application
-// (for example, on mobile devices) that requests temporary security credentials
-// without including long-term Amazon Web Services credentials in the application.
-// You also don't need to deploy server-based proxy services that use long-term
-// Amazon Web Services credentials. Instead, the identity of the caller is validated
-// by using a token from the web identity provider. For a comparison of AssumeRoleWithWebIdentity
-// with the other API operations that produce temporary credentials, see Requesting
-// Temporary Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html)
-// and Comparing the Amazon Web Services STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison)
-// in the IAM User Guide.
-//
-// The temporary security credentials returned by this API consist of an access
-// key ID, a secret access key, and a security token. Applications can use these
-// temporary security credentials to sign calls to Amazon Web Services service
-// API operations.
-//
-// # Session Duration
-//
-// By default, the temporary security credentials created by AssumeRoleWithWebIdentity
-// last for one hour. However, you can use the optional DurationSeconds parameter
-// to specify the duration of your session. You can provide a value from 900
-// seconds (15 minutes) up to the maximum session duration setting for the role.
-// This setting can have a value from 1 hour to 12 hours. To learn how to view
-// the maximum value for your role, see View the Maximum Session Duration Setting
-// for a Role (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session)
-// in the IAM User Guide. The maximum session duration limit applies when you
-// use the AssumeRole* API operations or the assume-role* CLI commands. However
-// the limit does not apply when you use those operations to create a console
-// URL. For more information, see Using IAM Roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html)
-// in the IAM User Guide.
-//
-// # Permissions
-//
-// The temporary security credentials created by AssumeRoleWithWebIdentity can
-// be used to make API calls to any Amazon Web Services service with the following
-// exception: you cannot call the STS GetFederationToken or GetSessionToken
-// API operations.
-//
-// (Optional) You can pass inline or managed session policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
-// to this operation. You can pass a single JSON policy document to use as an
-// inline session policy. You can also specify up to 10 managed policy Amazon
-// Resource Names (ARNs) to use as managed session policies. The plaintext that
-// you use for both inline and managed session policies can't exceed 2,048 characters.
-// Passing policies to this operation returns new temporary credentials. The
-// resulting session's permissions are the intersection of the role's identity-based
-// policy and the session policies. You can use the role's temporary credentials
-// in subsequent Amazon Web Services API calls to access resources in the account
-// that owns the role. You cannot use session policies to grant more permissions
-// than those allowed by the identity-based policy of the role that is being
-// assumed. For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
-// in the IAM User Guide.
-//
-// # Tags
-//
-// (Optional) You can configure your IdP to pass attributes into your web identity
-// token as session tags. Each session tag consists of a key name and an associated
-// value. For more information about session tags, see Passing Session Tags
-// in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
-// in the IAM User Guide.
-//
-// You can pass up to 50 session tags. The plaintext session tag keys can’t
-// exceed 128 characters and the values can’t exceed 256 characters. For these
-// and additional limits, see IAM and STS Character Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length)
-// in the IAM User Guide.
-//
-// An Amazon Web Services conversion compresses the passed inline session policy,
-// managed policy ARNs, and session tags into a packed binary format that has
-// a separate limit. Your request can fail for this limit even if your plaintext
-// meets the other requirements. The PackedPolicySize response element indicates
-// by percentage how close the policies and tags for your request are to the
-// upper size limit.
-//
-// You can pass a session tag with the same key as a tag that is attached to
-// the role. When you do, the session tag overrides the role tag with the same
-// key.
-//
-// An administrator must grant you the permissions necessary to pass session
-// tags. The administrator can also create granular permissions to allow you
-// to pass only specific session tags. For more information, see Tutorial: Using
-// Tags for Attribute-Based Access Control (https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html)
-// in the IAM User Guide.
-//
-// You can set the session tags as transitive. Transitive tags persist during
-// role chaining. For more information, see Chaining Roles with Session Tags
-// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining)
-// in the IAM User Guide.
-//
-// # Identities
-//
-// Before your application can call AssumeRoleWithWebIdentity, you must have
-// an identity token from a supported identity provider and create a role that
-// the application can assume. The role that your application assumes must trust
-// the identity provider that is associated with the identity token. In other
-// words, the identity provider must be specified in the role's trust policy.
-//
-// Calling AssumeRoleWithWebIdentity can result in an entry in your CloudTrail
-// logs. The entry includes the Subject (http://openid.net/specs/openid-connect-core-1_0.html#Claims)
-// of the provided web identity token. We recommend that you avoid using any
-// personally identifiable information (PII) in this field. For example, you
-// could instead use a GUID or a pairwise identifier, as suggested in the OIDC
-// specification (http://openid.net/specs/openid-connect-core-1_0.html#SubjectIDTypes).
-//
-// For more information about how to use web identity federation and the AssumeRoleWithWebIdentity
-// API, see the following resources:
-//
-//   - Using Web Identity Federation API Operations for Mobile Apps (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc_manual.html)
-//     and Federation Through a Web-based Identity Provider (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity).
-//
-//   - Web Identity Federation Playground (https://aws.amazon.com/blogs/aws/the-aws-web-identity-federation-playground/).
-//     Walk through the process of authenticating through Login with Amazon,
-//     Facebook, or Google, getting temporary security credentials, and then
-//     using those credentials to make a request to Amazon Web Services.
-//
-//   - Amazon Web Services SDK for iOS Developer Guide (http://aws.amazon.com/sdkforios/)
-//     and Amazon Web Services SDK for Android Developer Guide (http://aws.amazon.com/sdkforandroid/).
-//     These toolkits contain sample apps that show how to invoke the identity
-//     providers. The toolkits then show how to use the information from these
-//     providers to get and use temporary security credentials.
-//
-//   - Web Identity Federation with Mobile Applications (http://aws.amazon.com/articles/web-identity-federation-with-mobile-applications).
-//     This article discusses web identity federation and shows an example of
-//     how to use web identity federation to get access to content in Amazon
-//     S3.
-//
-// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
-// with awserr.Error's Code and Message methods to get detailed information about
-// the error.
-//
-// See the AWS API reference guide for AWS Security Token Service's
-// API operation AssumeRoleWithWebIdentity for usage and error information.
-//
-// Returned Error Codes:
-//
-//   - ErrCodeMalformedPolicyDocumentException "MalformedPolicyDocument"
-//     The request was rejected because the policy document was malformed. The error
-//     message describes the specific error.
-//
-//   - ErrCodePackedPolicyTooLargeException "PackedPolicyTooLarge"
-//     The request was rejected because the total packed size of the session policies
-//     and session tags combined was too large. An Amazon Web Services conversion
-//     compresses the session policy document, session policy ARNs, and session
-//     tags into a packed binary format that has a separate limit. The error message
-//     indicates by percentage how close the policies and tags are to the upper
-//     size limit. For more information, see Passing Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
-//     in the IAM User Guide.
-//
-//     You could receive this error even though you meet other defined session policy
-//     and session tag limits. For more information, see IAM and STS Entity Character
-//     Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-limits-entity-length)
-//     in the IAM User Guide.
-//
-//   - ErrCodeIDPRejectedClaimException "IDPRejectedClaim"
-//     The identity provider (IdP) reported that authentication failed. This might
-//     be because the claim is invalid.
-//
-//     If this error is returned for the AssumeRoleWithWebIdentity operation, it
-//     can also mean that the claim has expired or has been explicitly revoked.
-//
-//   - ErrCodeIDPCommunicationErrorException "IDPCommunicationError"
-//     The request could not be fulfilled because the identity provider (IDP) that
-//     was asked to verify the incoming identity token could not be reached. This
-//     is often a transient error caused by network conditions. Retry the request
-//     a limited number of times so that you don't exceed the request rate. If the
-//     error persists, the identity provider might be down or not responding.
-//
-//   - ErrCodeInvalidIdentityTokenException "InvalidIdentityToken"
-//     The web identity token that was passed could not be validated by Amazon Web
-//     Services. Get a new identity token from the identity provider and then retry
-//     the request.
-//
-//   - ErrCodeExpiredTokenException "ExpiredTokenException"
-//     The web identity token that was passed is expired or is not valid. Get a
-//     new identity token from the identity provider and then retry the request.
-//
-//   - ErrCodeRegionDisabledException "RegionDisabledException"
-//     STS is not activated in the requested region for the account that is being
-//     asked to generate credentials. The account administrator must use the IAM
-//     console to activate STS in that region. For more information, see Activating
-//     and Deactivating Amazon Web Services STS in an Amazon Web Services Region
-//     (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html)
-//     in the IAM User Guide.
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRoleWithWebIdentity
-func (c *STS) AssumeRoleWithWebIdentity(input *AssumeRoleWithWebIdentityInput) (*AssumeRoleWithWebIdentityOutput, error) {
-	req, out := c.AssumeRoleWithWebIdentityRequest(input)
-	return out, req.Send()
-}
-
-// AssumeRoleWithWebIdentityWithContext is the same as AssumeRoleWithWebIdentity with the addition of
-// the ability to pass a context and additional request options.
-//
-// See AssumeRoleWithWebIdentity for details on how to use this API operation.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-func (c *STS) AssumeRoleWithWebIdentityWithContext(ctx aws.Context, input *AssumeRoleWithWebIdentityInput, opts ...request.Option) (*AssumeRoleWithWebIdentityOutput, error) {
-	req, out := c.AssumeRoleWithWebIdentityRequest(input)
-	req.SetContext(ctx)
-	req.ApplyOptions(opts...)
-	return out, req.Send()
-}
-
-const opDecodeAuthorizationMessage = "DecodeAuthorizationMessage"
-
-// DecodeAuthorizationMessageRequest generates a "aws/request.Request" representing the
-// client's request for the DecodeAuthorizationMessage operation. The "output" return
-// value will be populated with the request's response once the request completes
-// successfully.
-//
-// Use "Send" method on the returned Request to send the API call to the service.
-// the "output" return value is not valid until after Send returns without error.
-//
-// See DecodeAuthorizationMessage for more information on using the DecodeAuthorizationMessage
-// API call, and error handling.
-//
-// This method is useful when you want to inject custom logic or configuration
-// into the SDK's request lifecycle. Such as custom headers, or retry logic.
-//
-//	// Example sending a request using the DecodeAuthorizationMessageRequest method.
-//	req, resp := client.DecodeAuthorizationMessageRequest(params)
-//
-//	err := req.Send()
-//	if err == nil { // resp is now filled
-//	    fmt.Println(resp)
-//	}
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/DecodeAuthorizationMessage
-func (c *STS) DecodeAuthorizationMessageRequest(input *DecodeAuthorizationMessageInput) (req *request.Request, output *DecodeAuthorizationMessageOutput) {
-	op := &request.Operation{
-		Name:       opDecodeAuthorizationMessage,
-		HTTPMethod: "POST",
-		HTTPPath:   "/",
-	}
-
-	if input == nil {
-		input = &DecodeAuthorizationMessageInput{}
-	}
-
-	output = &DecodeAuthorizationMessageOutput{}
-	req = c.newRequest(op, input, output)
-	return
-}
-
-// DecodeAuthorizationMessage API operation for AWS Security Token Service.
-//
-// Decodes additional information about the authorization status of a request
-// from an encoded message returned in response to an Amazon Web Services request.
-//
-// For example, if a user is not authorized to perform an operation that he
-// or she has requested, the request returns a Client.UnauthorizedOperation
-// response (an HTTP 403 response). Some Amazon Web Services operations additionally
-// return an encoded message that can provide details about this authorization
-// failure.
-//
-// Only certain Amazon Web Services operations return an encoded authorization
-// message. The documentation for an individual operation indicates whether
-// that operation returns an encoded message in addition to returning an HTTP
-// code.
-//
-// The message is encoded because the details of the authorization status can
-// contain privileged information that the user who requested the operation
-// should not see. To decode an authorization status message, a user must be
-// granted permissions through an IAM policy (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html)
-// to request the DecodeAuthorizationMessage (sts:DecodeAuthorizationMessage)
-// action.
-//
-// The decoded message includes the following type of information:
-//
-//   - Whether the request was denied due to an explicit deny or due to the
-//     absence of an explicit allow. For more information, see Determining Whether
-//     a Request is Allowed or Denied (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-denyallow)
-//     in the IAM User Guide.
-//
-//   - The principal who made the request.
-//
-//   - The requested action.
-//
-//   - The requested resource.
-//
-//   - The values of condition keys in the context of the user's request.
-//
-// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
-// with awserr.Error's Code and Message methods to get detailed information about
-// the error.
-//
-// See the AWS API reference guide for AWS Security Token Service's
-// API operation DecodeAuthorizationMessage for usage and error information.
-//
-// Returned Error Codes:
-//   - ErrCodeInvalidAuthorizationMessageException "InvalidAuthorizationMessageException"
-//     The error returned if the message passed to DecodeAuthorizationMessage was
-//     invalid. This can happen if the token contains invalid characters, such as
-//     linebreaks.
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/DecodeAuthorizationMessage
-func (c *STS) DecodeAuthorizationMessage(input *DecodeAuthorizationMessageInput) (*DecodeAuthorizationMessageOutput, error) {
-	req, out := c.DecodeAuthorizationMessageRequest(input)
-	return out, req.Send()
-}
-
-// DecodeAuthorizationMessageWithContext is the same as DecodeAuthorizationMessage with the addition of
-// the ability to pass a context and additional request options.
-//
-// See DecodeAuthorizationMessage for details on how to use this API operation.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-func (c *STS) DecodeAuthorizationMessageWithContext(ctx aws.Context, input *DecodeAuthorizationMessageInput, opts ...request.Option) (*DecodeAuthorizationMessageOutput, error) {
-	req, out := c.DecodeAuthorizationMessageRequest(input)
-	req.SetContext(ctx)
-	req.ApplyOptions(opts...)
-	return out, req.Send()
-}
-
-const opGetAccessKeyInfo = "GetAccessKeyInfo"
-
-// GetAccessKeyInfoRequest generates a "aws/request.Request" representing the
-// client's request for the GetAccessKeyInfo operation. The "output" return
-// value will be populated with the request's response once the request completes
-// successfully.
-//
-// Use "Send" method on the returned Request to send the API call to the service.
-// the "output" return value is not valid until after Send returns without error.
-//
-// See GetAccessKeyInfo for more information on using the GetAccessKeyInfo
-// API call, and error handling.
-//
-// This method is useful when you want to inject custom logic or configuration
-// into the SDK's request lifecycle. Such as custom headers, or retry logic.
-//
-//	// Example sending a request using the GetAccessKeyInfoRequest method.
-//	req, resp := client.GetAccessKeyInfoRequest(params)
-//
-//	err := req.Send()
-//	if err == nil { // resp is now filled
-//	    fmt.Println(resp)
-//	}
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetAccessKeyInfo
-func (c *STS) GetAccessKeyInfoRequest(input *GetAccessKeyInfoInput) (req *request.Request, output *GetAccessKeyInfoOutput) {
-	op := &request.Operation{
-		Name:       opGetAccessKeyInfo,
-		HTTPMethod: "POST",
-		HTTPPath:   "/",
-	}
-
-	if input == nil {
-		input = &GetAccessKeyInfoInput{}
-	}
-
-	output = &GetAccessKeyInfoOutput{}
-	req = c.newRequest(op, input, output)
-	return
-}
-
-// GetAccessKeyInfo API operation for AWS Security Token Service.
-//
-// Returns the account identifier for the specified access key ID.
-//
-// Access keys consist of two parts: an access key ID (for example, AKIAIOSFODNN7EXAMPLE)
-// and a secret access key (for example, wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY).
-// For more information about access keys, see Managing Access Keys for IAM
-// Users (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html)
-// in the IAM User Guide.
-//
-// When you pass an access key ID to this operation, it returns the ID of the
-// Amazon Web Services account to which the keys belong. Access key IDs beginning
-// with AKIA are long-term credentials for an IAM user or the Amazon Web Services
-// account root user. Access key IDs beginning with ASIA are temporary credentials
-// that are created using STS operations. If the account in the response belongs
-// to you, you can sign in as the root user and review your root user access
-// keys. Then, you can pull a credentials report (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_getting-report.html)
-// to learn which IAM user owns the keys. To learn who requested the temporary
-// credentials for an ASIA access key, view the STS events in your CloudTrail
-// logs (https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-integration.html)
-// in the IAM User Guide.
-//
-// This operation does not indicate the state of the access key. The key might
-// be active, inactive, or deleted. Active keys might not have permissions to
-// perform an operation. Providing a deleted access key might return an error
-// that the key doesn't exist.
-//
-// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
-// with awserr.Error's Code and Message methods to get detailed information about
-// the error.
-//
-// See the AWS API reference guide for AWS Security Token Service's
-// API operation GetAccessKeyInfo for usage and error information.
-// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetAccessKeyInfo
-func (c *STS) GetAccessKeyInfo(input *GetAccessKeyInfoInput) (*GetAccessKeyInfoOutput, error) {
-	req, out := c.GetAccessKeyInfoRequest(input)
-	return out, req.Send()
-}
-
-// GetAccessKeyInfoWithContext is the same as GetAccessKeyInfo with the addition of
-// the ability to pass a context and additional request options.
-//
-// See GetAccessKeyInfo for details on how to use this API operation.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-func (c *STS) GetAccessKeyInfoWithContext(ctx aws.Context, input *GetAccessKeyInfoInput, opts ...request.Option) (*GetAccessKeyInfoOutput, error) {
-	req, out := c.GetAccessKeyInfoRequest(input)
-	req.SetContext(ctx)
-	req.ApplyOptions(opts...)
-	return out, req.Send()
-}
-
-const opGetCallerIdentity = "GetCallerIdentity"
-
-// GetCallerIdentityRequest generates a "aws/request.Request" representing the
-// client's request for the GetCallerIdentity operation. The "output" return
-// value will be populated with the request's response once the request completes
-// successfully.
-//
-// Use "Send" method on the returned Request to send the API call to the service.
-// the "output" return value is not valid until after Send returns without error.
-//
-// See GetCallerIdentity for more information on using the GetCallerIdentity
-// API call, and error handling.
-//
-// This method is useful when you want to inject custom logic or configuration
-// into the SDK's request lifecycle. Such as custom headers, or retry logic.
-//
-//	// Example sending a request using the GetCallerIdentityRequest method.
-//	req, resp := client.GetCallerIdentityRequest(params)
-//
-//	err := req.Send()
-//	if err == nil { // resp is now filled
-//	    fmt.Println(resp)
-//	}
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetCallerIdentity
-func (c *STS) GetCallerIdentityRequest(input *GetCallerIdentityInput) (req *request.Request, output *GetCallerIdentityOutput) {
-	op := &request.Operation{
-		Name:       opGetCallerIdentity,
-		HTTPMethod: "POST",
-		HTTPPath:   "/",
-	}
-
-	if input == nil {
-		input = &GetCallerIdentityInput{}
-	}
-
-	output = &GetCallerIdentityOutput{}
-	req = c.newRequest(op, input, output)
-	return
-}
-
-// GetCallerIdentity API operation for AWS Security Token Service.
-//
-// Returns details about the IAM user or role whose credentials are used to
-// call the operation.
-//
-// No permissions are required to perform this operation. If an administrator
-// attaches a policy to your identity that explicitly denies access to the sts:GetCallerIdentity
-// action, you can still perform this operation. Permissions are not required
-// because the same information is returned when access is denied. To view an
-// example response, see I Am Not Authorized to Perform: iam:DeleteVirtualMFADevice
-// (https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_access-denied-delete-mfa)
-// in the IAM User Guide.
-//
-// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
-// with awserr.Error's Code and Message methods to get detailed information about
-// the error.
-//
-// See the AWS API reference guide for AWS Security Token Service's
-// API operation GetCallerIdentity for usage and error information.
-// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetCallerIdentity
-func (c *STS) GetCallerIdentity(input *GetCallerIdentityInput) (*GetCallerIdentityOutput, error) {
-	req, out := c.GetCallerIdentityRequest(input)
-	return out, req.Send()
-}
-
-// GetCallerIdentityWithContext is the same as GetCallerIdentity with the addition of
-// the ability to pass a context and additional request options.
-//
-// See GetCallerIdentity for details on how to use this API operation.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-func (c *STS) GetCallerIdentityWithContext(ctx aws.Context, input *GetCallerIdentityInput, opts ...request.Option) (*GetCallerIdentityOutput, error) {
-	req, out := c.GetCallerIdentityRequest(input)
-	req.SetContext(ctx)
-	req.ApplyOptions(opts...)
-	return out, req.Send()
-}
-
-const opGetFederationToken = "GetFederationToken"
-
-// GetFederationTokenRequest generates a "aws/request.Request" representing the
-// client's request for the GetFederationToken operation. The "output" return
-// value will be populated with the request's response once the request completes
-// successfully.
-//
-// Use "Send" method on the returned Request to send the API call to the service.
-// the "output" return value is not valid until after Send returns without error.
-//
-// See GetFederationToken for more information on using the GetFederationToken
-// API call, and error handling.
-//
-// This method is useful when you want to inject custom logic or configuration
-// into the SDK's request lifecycle. Such as custom headers, or retry logic.
-//
-//	// Example sending a request using the GetFederationTokenRequest method.
-//	req, resp := client.GetFederationTokenRequest(params)
-//
-//	err := req.Send()
-//	if err == nil { // resp is now filled
-//	    fmt.Println(resp)
-//	}
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetFederationToken
-func (c *STS) GetFederationTokenRequest(input *GetFederationTokenInput) (req *request.Request, output *GetFederationTokenOutput) {
-	op := &request.Operation{
-		Name:       opGetFederationToken,
-		HTTPMethod: "POST",
-		HTTPPath:   "/",
-	}
-
-	if input == nil {
-		input = &GetFederationTokenInput{}
-	}
-
-	output = &GetFederationTokenOutput{}
-	req = c.newRequest(op, input, output)
-	return
-}
-
-// GetFederationToken API operation for AWS Security Token Service.
-//
-// Returns a set of temporary security credentials (consisting of an access
-// key ID, a secret access key, and a security token) for a user. A typical
-// use is in a proxy application that gets temporary security credentials on
-// behalf of distributed applications inside a corporate network.
-//
-// You must call the GetFederationToken operation using the long-term security
-// credentials of an IAM user. As a result, this call is appropriate in contexts
-// where those credentials can be safeguarded, usually in a server-based application.
-// For a comparison of GetFederationToken with the other API operations that
-// produce temporary credentials, see Requesting Temporary Security Credentials
-// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html)
-// and Comparing the Amazon Web Services STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison)
-// in the IAM User Guide.
-//
-// Although it is possible to call GetFederationToken using the security credentials
-// of an Amazon Web Services account root user rather than an IAM user that
-// you create for the purpose of a proxy application, we do not recommend it.
-// For more information, see Safeguard your root user credentials and don't
-// use them for everyday tasks (https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#lock-away-credentials)
-// in the IAM User Guide.
-//
-// You can create a mobile-based or browser-based app that can authenticate
-// users using a web identity provider like Login with Amazon, Facebook, Google,
-// or an OpenID Connect-compatible identity provider. In this case, we recommend
-// that you use Amazon Cognito (http://aws.amazon.com/cognito/) or AssumeRoleWithWebIdentity.
-// For more information, see Federation Through a Web-based Identity Provider
-// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity)
-// in the IAM User Guide.
-//
-// # Session duration
-//
-// The temporary credentials are valid for the specified duration, from 900
-// seconds (15 minutes) up to a maximum of 129,600 seconds (36 hours). The default
-// session duration is 43,200 seconds (12 hours). Temporary credentials obtained
-// by using the root user credentials have a maximum duration of 3,600 seconds
-// (1 hour).
-//
-// # Permissions
-//
-// You can use the temporary credentials created by GetFederationToken in any
-// Amazon Web Services service with the following exceptions:
-//
-//   - You cannot call any IAM operations using the CLI or the Amazon Web Services
-//     API. This limitation does not apply to console sessions.
-//
-//   - You cannot call any STS operations except GetCallerIdentity.
-//
-// You can use temporary credentials for single sign-on (SSO) to the console.
-//
-// You must pass an inline or managed session policy (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
-// to this operation. You can pass a single JSON policy document to use as an
-// inline session policy. You can also specify up to 10 managed policy Amazon
-// Resource Names (ARNs) to use as managed session policies. The plaintext that
-// you use for both inline and managed session policies can't exceed 2,048 characters.
-//
-// Though the session policy parameters are optional, if you do not pass a policy,
-// then the resulting federated user session has no permissions. When you pass
-// session policies, the session permissions are the intersection of the IAM
-// user policies and the session policies that you pass. This gives you a way
-// to further restrict the permissions for a federated user. You cannot use
-// session policies to grant more permissions than those that are defined in
-// the permissions policy of the IAM user. For more information, see Session
-// Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
-// in the IAM User Guide. For information about using GetFederationToken to
-// create temporary security credentials, see GetFederationToken—Federation
-// Through a Custom Identity Broker (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getfederationtoken).
-//
-// You can use the credentials to access a resource that has a resource-based
-// policy. If that policy specifically references the federated user session
-// in the Principal element of the policy, the session has the permissions allowed
-// by the policy. These permissions are granted in addition to the permissions
-// granted by the session policies.
-//
-// # Tags
-//
-// (Optional) You can pass tag key-value pairs to your session. These are called
-// session tags. For more information about session tags, see Passing Session
-// Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
-// in the IAM User Guide.
-//
-// You can create a mobile-based or browser-based app that can authenticate
-// users using a web identity provider like Login with Amazon, Facebook, Google,
-// or an OpenID Connect-compatible identity provider. In this case, we recommend
-// that you use Amazon Cognito (http://aws.amazon.com/cognito/) or AssumeRoleWithWebIdentity.
-// For more information, see Federation Through a Web-based Identity Provider
-// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity)
-// in the IAM User Guide.
-//
-// An administrator must grant you the permissions necessary to pass session
-// tags. The administrator can also create granular permissions to allow you
-// to pass only specific session tags. For more information, see Tutorial: Using
-// Tags for Attribute-Based Access Control (https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html)
-// in the IAM User Guide.
-//
-// Tag key–value pairs are not case sensitive, but case is preserved. This
-// means that you cannot have separate Department and department tag keys. Assume
-// that the user that you are federating has the Department=Marketing tag and
-// you pass the department=engineering session tag. Department and department
-// are not saved as separate tags, and the session tag passed in the request
-// takes precedence over the user tag.
-//
-// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
-// with awserr.Error's Code and Message methods to get detailed information about
-// the error.
-//
-// See the AWS API reference guide for AWS Security Token Service's
-// API operation GetFederationToken for usage and error information.
-//
-// Returned Error Codes:
-//
-//   - ErrCodeMalformedPolicyDocumentException "MalformedPolicyDocument"
-//     The request was rejected because the policy document was malformed. The error
-//     message describes the specific error.
-//
-//   - ErrCodePackedPolicyTooLargeException "PackedPolicyTooLarge"
-//     The request was rejected because the total packed size of the session policies
-//     and session tags combined was too large. An Amazon Web Services conversion
-//     compresses the session policy document, session policy ARNs, and session
-//     tags into a packed binary format that has a separate limit. The error message
-//     indicates by percentage how close the policies and tags are to the upper
-//     size limit. For more information, see Passing Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
-//     in the IAM User Guide.
-//
-//     You could receive this error even though you meet other defined session policy
-//     and session tag limits. For more information, see IAM and STS Entity Character
-//     Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-limits-entity-length)
-//     in the IAM User Guide.
-//
-//   - ErrCodeRegionDisabledException "RegionDisabledException"
-//     STS is not activated in the requested region for the account that is being
-//     asked to generate credentials. The account administrator must use the IAM
-//     console to activate STS in that region. For more information, see Activating
-//     and Deactivating Amazon Web Services STS in an Amazon Web Services Region
-//     (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html)
-//     in the IAM User Guide.
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetFederationToken
-func (c *STS) GetFederationToken(input *GetFederationTokenInput) (*GetFederationTokenOutput, error) {
-	req, out := c.GetFederationTokenRequest(input)
-	return out, req.Send()
-}
-
-// GetFederationTokenWithContext is the same as GetFederationToken with the addition of
-// the ability to pass a context and additional request options.
-//
-// See GetFederationToken for details on how to use this API operation.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-func (c *STS) GetFederationTokenWithContext(ctx aws.Context, input *GetFederationTokenInput, opts ...request.Option) (*GetFederationTokenOutput, error) {
-	req, out := c.GetFederationTokenRequest(input)
-	req.SetContext(ctx)
-	req.ApplyOptions(opts...)
-	return out, req.Send()
-}
-
-const opGetSessionToken = "GetSessionToken"
-
-// GetSessionTokenRequest generates a "aws/request.Request" representing the
-// client's request for the GetSessionToken operation. The "output" return
-// value will be populated with the request's response once the request completes
-// successfully.
-//
-// Use "Send" method on the returned Request to send the API call to the service.
-// the "output" return value is not valid until after Send returns without error.
-//
-// See GetSessionToken for more information on using the GetSessionToken
-// API call, and error handling.
-//
-// This method is useful when you want to inject custom logic or configuration
-// into the SDK's request lifecycle. Such as custom headers, or retry logic.
-//
-//	// Example sending a request using the GetSessionTokenRequest method.
-//	req, resp := client.GetSessionTokenRequest(params)
-//
-//	err := req.Send()
-//	if err == nil { // resp is now filled
-//	    fmt.Println(resp)
-//	}
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetSessionToken
-func (c *STS) GetSessionTokenRequest(input *GetSessionTokenInput) (req *request.Request, output *GetSessionTokenOutput) {
-	op := &request.Operation{
-		Name:       opGetSessionToken,
-		HTTPMethod: "POST",
-		HTTPPath:   "/",
-	}
-
-	if input == nil {
-		input = &GetSessionTokenInput{}
-	}
-
-	output = &GetSessionTokenOutput{}
-	req = c.newRequest(op, input, output)
-	return
-}
-
-// GetSessionToken API operation for AWS Security Token Service.
-//
-// Returns a set of temporary credentials for an Amazon Web Services account
-// or IAM user. The credentials consist of an access key ID, a secret access
-// key, and a security token. Typically, you use GetSessionToken if you want
-// to use MFA to protect programmatic calls to specific Amazon Web Services
-// API operations like Amazon EC2 StopInstances.
-//
-// MFA-enabled IAM users must call GetSessionToken and submit an MFA code that
-// is associated with their MFA device. Using the temporary security credentials
-// that the call returns, IAM users can then make programmatic calls to API
-// operations that require MFA authentication. An incorrect MFA code causes
-// the API to return an access denied error. For a comparison of GetSessionToken
-// with the other API operations that produce temporary credentials, see Requesting
-// Temporary Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html)
-// and Comparing the Amazon Web Services STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison)
-// in the IAM User Guide.
-//
-// No permissions are required for users to perform this operation. The purpose
-// of the sts:GetSessionToken operation is to authenticate the user using MFA.
-// You cannot use policies to control authentication operations. For more information,
-// see Permissions for GetSessionToken (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_getsessiontoken.html)
-// in the IAM User Guide.
-//
-// # Session Duration
-//
-// The GetSessionToken operation must be called by using the long-term Amazon
-// Web Services security credentials of an IAM user. Credentials that are created
-// by IAM users are valid for the duration that you specify. This duration can
-// range from 900 seconds (15 minutes) up to a maximum of 129,600 seconds (36
-// hours), with a default of 43,200 seconds (12 hours). Credentials based on
-// account credentials can range from 900 seconds (15 minutes) up to 3,600 seconds
-// (1 hour), with a default of 1 hour.
-//
-// # Permissions
-//
-// The temporary security credentials created by GetSessionToken can be used
-// to make API calls to any Amazon Web Services service with the following exceptions:
-//
-//   - You cannot call any IAM API operations unless MFA authentication information
-//     is included in the request.
-//
-//   - You cannot call any STS API except AssumeRole or GetCallerIdentity.
-//
-// The credentials that GetSessionToken returns are based on permissions associated
-// with the IAM user whose credentials were used to call the operation. The
-// temporary credentials have the same permissions as the IAM user.
-//
-// Although it is possible to call GetSessionToken using the security credentials
-// of an Amazon Web Services account root user rather than an IAM user, we do
-// not recommend it. If GetSessionToken is called using root user credentials,
-// the temporary credentials have root user permissions. For more information,
-// see Safeguard your root user credentials and don't use them for everyday
-// tasks (https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#lock-away-credentials)
-// in the IAM User Guide
-//
-// For more information about using GetSessionToken to create temporary credentials,
-// see Temporary Credentials for Users in Untrusted Environments (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getsessiontoken)
-// in the IAM User Guide.
-//
-// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
-// with awserr.Error's Code and Message methods to get detailed information about
-// the error.
-//
-// See the AWS API reference guide for AWS Security Token Service's
-// API operation GetSessionToken for usage and error information.
-//
-// Returned Error Codes:
-//   - ErrCodeRegionDisabledException "RegionDisabledException"
-//     STS is not activated in the requested region for the account that is being
-//     asked to generate credentials. The account administrator must use the IAM
-//     console to activate STS in that region. For more information, see Activating
-//     and Deactivating Amazon Web Services STS in an Amazon Web Services Region
-//     (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html)
-//     in the IAM User Guide.
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetSessionToken
-func (c *STS) GetSessionToken(input *GetSessionTokenInput) (*GetSessionTokenOutput, error) {
-	req, out := c.GetSessionTokenRequest(input)
-	return out, req.Send()
-}
-
-// GetSessionTokenWithContext is the same as GetSessionToken with the addition of
-// the ability to pass a context and additional request options.
-//
-// See GetSessionToken for details on how to use this API operation.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-func (c *STS) GetSessionTokenWithContext(ctx aws.Context, input *GetSessionTokenInput, opts ...request.Option) (*GetSessionTokenOutput, error) {
-	req, out := c.GetSessionTokenRequest(input)
-	req.SetContext(ctx)
-	req.ApplyOptions(opts...)
-	return out, req.Send()
-}
-
-type AssumeRoleInput struct {
-	_ struct{} `type:"structure"`
-
-	// The duration, in seconds, of the role session. The value specified can range
-	// from 900 seconds (15 minutes) up to the maximum session duration set for
-	// the role. The maximum session duration setting can have a value from 1 hour
-	// to 12 hours. If you specify a value higher than this setting or the administrator
-	// setting (whichever is lower), the operation fails. For example, if you specify
-	// a session duration of 12 hours, but your administrator set the maximum session
-	// duration to 6 hours, your operation fails.
-	//
-	// Role chaining limits your Amazon Web Services CLI or Amazon Web Services
-	// API role session to a maximum of one hour. When you use the AssumeRole API
-	// operation to assume a role, you can specify the duration of your role session
-	// with the DurationSeconds parameter. You can specify a parameter value of
-	// up to 43200 seconds (12 hours), depending on the maximum session duration
-	// setting for your role. However, if you assume a role using role chaining
-	// and provide a DurationSeconds parameter value greater than one hour, the
-	// operation fails. To learn how to view the maximum value for your role, see
-	// View the Maximum Session Duration Setting for a Role (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session)
-	// in the IAM User Guide.
-	//
-	// By default, the value is set to 3600 seconds.
-	//
-	// The DurationSeconds parameter is separate from the duration of a console
-	// session that you might request using the returned credentials. The request
-	// to the federation endpoint for a console sign-in token takes a SessionDuration
-	// parameter that specifies the maximum length of the console session. For more
-	// information, see Creating a URL that Enables Federated Users to Access the
-	// Amazon Web Services Management Console (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html)
-	// in the IAM User Guide.
-	DurationSeconds *int64 `min:"900" type:"integer"`
-
-	// A unique identifier that might be required when you assume a role in another
-	// account. If the administrator of the account to which the role belongs provided
-	// you with an external ID, then provide that value in the ExternalId parameter.
-	// This value can be any string, such as a passphrase or account number. A cross-account
-	// role is usually set up to trust everyone in an account. Therefore, the administrator
-	// of the trusting account might send an external ID to the administrator of
-	// the trusted account. That way, only someone with the ID can assume the role,
-	// rather than everyone in the account. For more information about the external
-	// ID, see How to Use an External ID When Granting Access to Your Amazon Web
-	// Services Resources to a Third Party (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html)
-	// in the IAM User Guide.
-	//
-	// The regex used to validate this parameter is a string of characters consisting
-	// of upper- and lower-case alphanumeric characters with no spaces. You can
-	// also include underscores or any of the following characters: =,.@:/-
-	ExternalId *string `min:"2" type:"string"`
-
-	// An IAM policy in JSON format that you want to use as an inline session policy.
-	//
-	// This parameter is optional. Passing policies to this operation returns new
-	// temporary credentials. The resulting session's permissions are the intersection
-	// of the role's identity-based policy and the session policies. You can use
-	// the role's temporary credentials in subsequent Amazon Web Services API calls
-	// to access resources in the account that owns the role. You cannot use session
-	// policies to grant more permissions than those allowed by the identity-based
-	// policy of the role that is being assumed. For more information, see Session
-	// Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
-	// in the IAM User Guide.
-	//
-	// The plaintext that you use for both inline and managed session policies can't
-	// exceed 2,048 characters. The JSON policy characters can be any ASCII character
-	// from the space character to the end of the valid character list (\u0020 through
-	// \u00FF). It can also include the tab (\u0009), linefeed (\u000A), and carriage
-	// return (\u000D) characters.
-	//
-	// An Amazon Web Services conversion compresses the passed inline session policy,
-	// managed policy ARNs, and session tags into a packed binary format that has
-	// a separate limit. Your request can fail for this limit even if your plaintext
-	// meets the other requirements. The PackedPolicySize response element indicates
-	// by percentage how close the policies and tags for your request are to the
-	// upper size limit.
-	Policy *string `min:"1" type:"string"`
-
-	// The Amazon Resource Names (ARNs) of the IAM managed policies that you want
-	// to use as managed session policies. The policies must exist in the same account
-	// as the role.
-	//
-	// This parameter is optional. You can provide up to 10 managed policy ARNs.
-	// However, the plaintext that you use for both inline and managed session policies
-	// can't exceed 2,048 characters. For more information about ARNs, see Amazon
-	// Resource Names (ARNs) and Amazon Web Services Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
-	// in the Amazon Web Services General Reference.
-	//
-	// An Amazon Web Services conversion compresses the passed inline session policy,
-	// managed policy ARNs, and session tags into a packed binary format that has
-	// a separate limit. Your request can fail for this limit even if your plaintext
-	// meets the other requirements. The PackedPolicySize response element indicates
-	// by percentage how close the policies and tags for your request are to the
-	// upper size limit.
-	//
-	// Passing policies to this operation returns new temporary credentials. The
-	// resulting session's permissions are the intersection of the role's identity-based
-	// policy and the session policies. You can use the role's temporary credentials
-	// in subsequent Amazon Web Services API calls to access resources in the account
-	// that owns the role. You cannot use session policies to grant more permissions
-	// than those allowed by the identity-based policy of the role that is being
-	// assumed. For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
-	// in the IAM User Guide.
-	PolicyArns []*PolicyDescriptorType `type:"list"`
-
-	// The Amazon Resource Name (ARN) of the role to assume.
-	//
-	// RoleArn is a required field
-	RoleArn *string `min:"20" type:"string" required:"true"`
-
-	// An identifier for the assumed role session.
-	//
-	// Use the role session name to uniquely identify a session when the same role
-	// is assumed by different principals or for different reasons. In cross-account
-	// scenarios, the role session name is visible to, and can be logged by the
-	// account that owns the role. The role session name is also used in the ARN
-	// of the assumed role principal. This means that subsequent cross-account API
-	// requests that use the temporary security credentials will expose the role
-	// session name to the external account in their CloudTrail logs.
-	//
-	// The regex used to validate this parameter is a string of characters consisting
-	// of upper- and lower-case alphanumeric characters with no spaces. You can
-	// also include underscores or any of the following characters: =,.@-
-	//
-	// RoleSessionName is a required field
-	RoleSessionName *string `min:"2" type:"string" required:"true"`
-
-	// The identification number of the MFA device that is associated with the user
-	// who is making the AssumeRole call. Specify this value if the trust policy
-	// of the role being assumed includes a condition that requires MFA authentication.
-	// The value is either the serial number for a hardware device (such as GAHT12345678)
-	// or an Amazon Resource Name (ARN) for a virtual device (such as arn:aws:iam::123456789012:mfa/user).
-	//
-	// The regex used to validate this parameter is a string of characters consisting
-	// of upper- and lower-case alphanumeric characters with no spaces. You can
-	// also include underscores or any of the following characters: =,.@-
-	SerialNumber *string `min:"9" type:"string"`
-
-	// The source identity specified by the principal that is calling the AssumeRole
-	// operation.
-	//
-	// You can require users to specify a source identity when they assume a role.
-	// You do this by using the sts:SourceIdentity condition key in a role trust
-	// policy. You can use source identity information in CloudTrail logs to determine
-	// who took actions with a role. You can use the aws:SourceIdentity condition
-	// key to further control access to Amazon Web Services resources based on the
-	// value of source identity. For more information about using source identity,
-	// see Monitor and control actions taken with assumed roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html)
-	// in the IAM User Guide.
-	//
-	// The regex used to validate this parameter is a string of characters consisting
-	// of upper- and lower-case alphanumeric characters with no spaces. You can
-	// also include underscores or any of the following characters: =,.@-. You cannot
-	// use a value that begins with the text aws:. This prefix is reserved for Amazon
-	// Web Services internal use.
-	SourceIdentity *string `min:"2" type:"string"`
-
-	// A list of session tags that you want to pass. Each session tag consists of
-	// a key name and an associated value. For more information about session tags,
-	// see Tagging Amazon Web Services STS Sessions (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
-	// in the IAM User Guide.
-	//
-	// This parameter is optional. You can pass up to 50 session tags. The plaintext
-	// session tag keys can’t exceed 128 characters, and the values can’t exceed
-	// 256 characters. For these and additional limits, see IAM and STS Character
-	// Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length)
-	// in the IAM User Guide.
-	//
-	// An Amazon Web Services conversion compresses the passed inline session policy,
-	// managed policy ARNs, and session tags into a packed binary format that has
-	// a separate limit. Your request can fail for this limit even if your plaintext
-	// meets the other requirements. The PackedPolicySize response element indicates
-	// by percentage how close the policies and tags for your request are to the
-	// upper size limit.
-	//
-	// You can pass a session tag with the same key as a tag that is already attached
-	// to the role. When you do, session tags override a role tag with the same
-	// key.
-	//
-	// Tag key–value pairs are not case sensitive, but case is preserved. This
-	// means that you cannot have separate Department and department tag keys. Assume
-	// that the role has the Department=Marketing tag and you pass the department=engineering
-	// session tag. Department and department are not saved as separate tags, and
-	// the session tag passed in the request takes precedence over the role tag.
-	//
-	// Additionally, if you used temporary credentials to perform this operation,
-	// the new session inherits any transitive session tags from the calling session.
-	// If you pass a session tag with the same key as an inherited tag, the operation
-	// fails. To view the inherited tags for a session, see the CloudTrail logs.
-	// For more information, see Viewing Session Tags in CloudTrail (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_ctlogs)
-	// in the IAM User Guide.
-	Tags []*Tag `type:"list"`
-
-	// The value provided by the MFA device, if the trust policy of the role being
-	// assumed requires MFA. (In other words, if the policy includes a condition
-	// that tests for MFA). If the role being assumed requires MFA and if the TokenCode
-	// value is missing or expired, the AssumeRole call returns an "access denied"
-	// error.
-	//
-	// The format for this parameter, as described by its regex pattern, is a sequence
-	// of six numeric digits.
-	TokenCode *string `min:"6" type:"string"`
-
-	// A list of keys for session tags that you want to set as transitive. If you
-	// set a tag key as transitive, the corresponding key and value passes to subsequent
-	// sessions in a role chain. For more information, see Chaining Roles with Session
-	// Tags (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining)
-	// in the IAM User Guide.
-	//
-	// This parameter is optional. When you set session tags as transitive, the
-	// session policy and session tags packed binary limit is not affected.
-	//
-	// If you choose not to specify a transitive tag key, then no tags are passed
-	// from this session to any subsequent sessions.
-	TransitiveTagKeys []*string `type:"list"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s AssumeRoleInput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s AssumeRoleInput) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *AssumeRoleInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "AssumeRoleInput"}
-	if s.DurationSeconds != nil && *s.DurationSeconds < 900 {
-		invalidParams.Add(request.NewErrParamMinValue("DurationSeconds", 900))
-	}
-	if s.ExternalId != nil && len(*s.ExternalId) < 2 {
-		invalidParams.Add(request.NewErrParamMinLen("ExternalId", 2))
-	}
-	if s.Policy != nil && len(*s.Policy) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Policy", 1))
-	}
-	if s.RoleArn == nil {
-		invalidParams.Add(request.NewErrParamRequired("RoleArn"))
-	}
-	if s.RoleArn != nil && len(*s.RoleArn) < 20 {
-		invalidParams.Add(request.NewErrParamMinLen("RoleArn", 20))
-	}
-	if s.RoleSessionName == nil {
-		invalidParams.Add(request.NewErrParamRequired("RoleSessionName"))
-	}
-	if s.RoleSessionName != nil && len(*s.RoleSessionName) < 2 {
-		invalidParams.Add(request.NewErrParamMinLen("RoleSessionName", 2))
-	}
-	if s.SerialNumber != nil && len(*s.SerialNumber) < 9 {
-		invalidParams.Add(request.NewErrParamMinLen("SerialNumber", 9))
-	}
-	if s.SourceIdentity != nil && len(*s.SourceIdentity) < 2 {
-		invalidParams.Add(request.NewErrParamMinLen("SourceIdentity", 2))
-	}
-	if s.TokenCode != nil && len(*s.TokenCode) < 6 {
-		invalidParams.Add(request.NewErrParamMinLen("TokenCode", 6))
-	}
-	if s.PolicyArns != nil {
-		for i, v := range s.PolicyArns {
-			if v == nil {
-				continue
-			}
-			if err := v.Validate(); err != nil {
-				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "PolicyArns", i), err.(request.ErrInvalidParams))
-			}
-		}
-	}
-	if s.Tags != nil {
-		for i, v := range s.Tags {
-			if v == nil {
-				continue
-			}
-			if err := v.Validate(); err != nil {
-				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams))
-			}
-		}
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetDurationSeconds sets the DurationSeconds field's value.
-func (s *AssumeRoleInput) SetDurationSeconds(v int64) *AssumeRoleInput {
-	s.DurationSeconds = &v
-	return s
-}
-
-// SetExternalId sets the ExternalId field's value.
-func (s *AssumeRoleInput) SetExternalId(v string) *AssumeRoleInput {
-	s.ExternalId = &v
-	return s
-}
-
-// SetPolicy sets the Policy field's value.
-func (s *AssumeRoleInput) SetPolicy(v string) *AssumeRoleInput {
-	s.Policy = &v
-	return s
-}
-
-// SetPolicyArns sets the PolicyArns field's value.
-func (s *AssumeRoleInput) SetPolicyArns(v []*PolicyDescriptorType) *AssumeRoleInput {
-	s.PolicyArns = v
-	return s
-}
-
-// SetRoleArn sets the RoleArn field's value.
-func (s *AssumeRoleInput) SetRoleArn(v string) *AssumeRoleInput {
-	s.RoleArn = &v
-	return s
-}
-
-// SetRoleSessionName sets the RoleSessionName field's value.
-func (s *AssumeRoleInput) SetRoleSessionName(v string) *AssumeRoleInput {
-	s.RoleSessionName = &v
-	return s
-}
-
-// SetSerialNumber sets the SerialNumber field's value.
-func (s *AssumeRoleInput) SetSerialNumber(v string) *AssumeRoleInput {
-	s.SerialNumber = &v
-	return s
-}
-
-// SetSourceIdentity sets the SourceIdentity field's value.
-func (s *AssumeRoleInput) SetSourceIdentity(v string) *AssumeRoleInput {
-	s.SourceIdentity = &v
-	return s
-}
-
-// SetTags sets the Tags field's value.
-func (s *AssumeRoleInput) SetTags(v []*Tag) *AssumeRoleInput {
-	s.Tags = v
-	return s
-}
-
-// SetTokenCode sets the TokenCode field's value.
-func (s *AssumeRoleInput) SetTokenCode(v string) *AssumeRoleInput {
-	s.TokenCode = &v
-	return s
-}
-
-// SetTransitiveTagKeys sets the TransitiveTagKeys field's value.
-func (s *AssumeRoleInput) SetTransitiveTagKeys(v []*string) *AssumeRoleInput {
-	s.TransitiveTagKeys = v
-	return s
-}
-
-// Contains the response to a successful AssumeRole request, including temporary
-// Amazon Web Services credentials that can be used to make Amazon Web Services
-// requests.
-type AssumeRoleOutput struct {
-	_ struct{} `type:"structure"`
-
-	// The Amazon Resource Name (ARN) and the assumed role ID, which are identifiers
-	// that you can use to refer to the resulting temporary security credentials.
-	// For example, you can reference these credentials as a principal in a resource-based
-	// policy by using the ARN or assumed role ID. The ARN and ID include the RoleSessionName
-	// that you specified when you called AssumeRole.
-	AssumedRoleUser *AssumedRoleUser `type:"structure"`
-
-	// The temporary security credentials, which include an access key ID, a secret
-	// access key, and a security (or session) token.
-	//
-	// The size of the security token that STS API operations return is not fixed.
-	// We strongly recommend that you make no assumptions about the maximum size.
-	Credentials *Credentials `type:"structure"`
-
-	// A percentage value that indicates the packed size of the session policies
-	// and session tags combined passed in the request. The request fails if the
-	// packed size is greater than 100 percent, which means the policies and tags
-	// exceeded the allowed space.
-	PackedPolicySize *int64 `type:"integer"`
-
-	// The source identity specified by the principal that is calling the AssumeRole
-	// operation.
-	//
-	// You can require users to specify a source identity when they assume a role.
-	// You do this by using the sts:SourceIdentity condition key in a role trust
-	// policy. You can use source identity information in CloudTrail logs to determine
-	// who took actions with a role. You can use the aws:SourceIdentity condition
-	// key to further control access to Amazon Web Services resources based on the
-	// value of source identity. For more information about using source identity,
-	// see Monitor and control actions taken with assumed roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html)
-	// in the IAM User Guide.
-	//
-	// The regex used to validate this parameter is a string of characters consisting
-	// of upper- and lower-case alphanumeric characters with no spaces. You can
-	// also include underscores or any of the following characters: =,.@-
-	SourceIdentity *string `min:"2" type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s AssumeRoleOutput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s AssumeRoleOutput) GoString() string {
-	return s.String()
-}
-
-// SetAssumedRoleUser sets the AssumedRoleUser field's value.
-func (s *AssumeRoleOutput) SetAssumedRoleUser(v *AssumedRoleUser) *AssumeRoleOutput {
-	s.AssumedRoleUser = v
-	return s
-}
-
-// SetCredentials sets the Credentials field's value.
-func (s *AssumeRoleOutput) SetCredentials(v *Credentials) *AssumeRoleOutput {
-	s.Credentials = v
-	return s
-}
-
-// SetPackedPolicySize sets the PackedPolicySize field's value.
-func (s *AssumeRoleOutput) SetPackedPolicySize(v int64) *AssumeRoleOutput {
-	s.PackedPolicySize = &v
-	return s
-}
-
-// SetSourceIdentity sets the SourceIdentity field's value.
-func (s *AssumeRoleOutput) SetSourceIdentity(v string) *AssumeRoleOutput {
-	s.SourceIdentity = &v
-	return s
-}
-
-type AssumeRoleWithSAMLInput struct {
-	_ struct{} `type:"structure"`
-
-	// The duration, in seconds, of the role session. Your role session lasts for
-	// the duration that you specify for the DurationSeconds parameter, or until
-	// the time specified in the SAML authentication response's SessionNotOnOrAfter
-	// value, whichever is shorter. You can provide a DurationSeconds value from
-	// 900 seconds (15 minutes) up to the maximum session duration setting for the
-	// role. This setting can have a value from 1 hour to 12 hours. If you specify
-	// a value higher than this setting, the operation fails. For example, if you
-	// specify a session duration of 12 hours, but your administrator set the maximum
-	// session duration to 6 hours, your operation fails. To learn how to view the
-	// maximum value for your role, see View the Maximum Session Duration Setting
-	// for a Role (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session)
-	// in the IAM User Guide.
-	//
-	// By default, the value is set to 3600 seconds.
-	//
-	// The DurationSeconds parameter is separate from the duration of a console
-	// session that you might request using the returned credentials. The request
-	// to the federation endpoint for a console sign-in token takes a SessionDuration
-	// parameter that specifies the maximum length of the console session. For more
-	// information, see Creating a URL that Enables Federated Users to Access the
-	// Amazon Web Services Management Console (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html)
-	// in the IAM User Guide.
-	DurationSeconds *int64 `min:"900" type:"integer"`
-
-	// An IAM policy in JSON format that you want to use as an inline session policy.
-	//
-	// This parameter is optional. Passing policies to this operation returns new
-	// temporary credentials. The resulting session's permissions are the intersection
-	// of the role's identity-based policy and the session policies. You can use
-	// the role's temporary credentials in subsequent Amazon Web Services API calls
-	// to access resources in the account that owns the role. You cannot use session
-	// policies to grant more permissions than those allowed by the identity-based
-	// policy of the role that is being assumed. For more information, see Session
-	// Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
-	// in the IAM User Guide.
-	//
-	// The plaintext that you use for both inline and managed session policies can't
-	// exceed 2,048 characters. The JSON policy characters can be any ASCII character
-	// from the space character to the end of the valid character list (\u0020 through
-	// \u00FF). It can also include the tab (\u0009), linefeed (\u000A), and carriage
-	// return (\u000D) characters.
-	//
-	// An Amazon Web Services conversion compresses the passed inline session policy,
-	// managed policy ARNs, and session tags into a packed binary format that has
-	// a separate limit. Your request can fail for this limit even if your plaintext
-	// meets the other requirements. The PackedPolicySize response element indicates
-	// by percentage how close the policies and tags for your request are to the
-	// upper size limit.
-	Policy *string `min:"1" type:"string"`
-
-	// The Amazon Resource Names (ARNs) of the IAM managed policies that you want
-	// to use as managed session policies. The policies must exist in the same account
-	// as the role.
-	//
-	// This parameter is optional. You can provide up to 10 managed policy ARNs.
-	// However, the plaintext that you use for both inline and managed session policies
-	// can't exceed 2,048 characters. For more information about ARNs, see Amazon
-	// Resource Names (ARNs) and Amazon Web Services Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
-	// in the Amazon Web Services General Reference.
-	//
-	// An Amazon Web Services conversion compresses the passed inline session policy,
-	// managed policy ARNs, and session tags into a packed binary format that has
-	// a separate limit. Your request can fail for this limit even if your plaintext
-	// meets the other requirements. The PackedPolicySize response element indicates
-	// by percentage how close the policies and tags for your request are to the
-	// upper size limit.
-	//
-	// Passing policies to this operation returns new temporary credentials. The
-	// resulting session's permissions are the intersection of the role's identity-based
-	// policy and the session policies. You can use the role's temporary credentials
-	// in subsequent Amazon Web Services API calls to access resources in the account
-	// that owns the role. You cannot use session policies to grant more permissions
-	// than those allowed by the identity-based policy of the role that is being
-	// assumed. For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
-	// in the IAM User Guide.
-	PolicyArns []*PolicyDescriptorType `type:"list"`
-
-	// The Amazon Resource Name (ARN) of the SAML provider in IAM that describes
-	// the IdP.
-	//
-	// PrincipalArn is a required field
-	PrincipalArn *string `min:"20" type:"string" required:"true"`
-
-	// The Amazon Resource Name (ARN) of the role that the caller is assuming.
-	//
-	// RoleArn is a required field
-	RoleArn *string `min:"20" type:"string" required:"true"`
-
-	// The base64 encoded SAML authentication response provided by the IdP.
-	//
-	// For more information, see Configuring a Relying Party and Adding Claims (https://docs.aws.amazon.com/IAM/latest/UserGuide/create-role-saml-IdP-tasks.html)
-	// in the IAM User Guide.
-	//
-	// SAMLAssertion is a sensitive parameter and its value will be
-	// replaced with "sensitive" in string returned by AssumeRoleWithSAMLInput's
-	// String and GoString methods.
-	//
-	// SAMLAssertion is a required field
-	SAMLAssertion *string `min:"4" type:"string" required:"true" sensitive:"true"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s AssumeRoleWithSAMLInput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s AssumeRoleWithSAMLInput) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *AssumeRoleWithSAMLInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "AssumeRoleWithSAMLInput"}
-	if s.DurationSeconds != nil && *s.DurationSeconds < 900 {
-		invalidParams.Add(request.NewErrParamMinValue("DurationSeconds", 900))
-	}
-	if s.Policy != nil && len(*s.Policy) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Policy", 1))
-	}
-	if s.PrincipalArn == nil {
-		invalidParams.Add(request.NewErrParamRequired("PrincipalArn"))
-	}
-	if s.PrincipalArn != nil && len(*s.PrincipalArn) < 20 {
-		invalidParams.Add(request.NewErrParamMinLen("PrincipalArn", 20))
-	}
-	if s.RoleArn == nil {
-		invalidParams.Add(request.NewErrParamRequired("RoleArn"))
-	}
-	if s.RoleArn != nil && len(*s.RoleArn) < 20 {
-		invalidParams.Add(request.NewErrParamMinLen("RoleArn", 20))
-	}
-	if s.SAMLAssertion == nil {
-		invalidParams.Add(request.NewErrParamRequired("SAMLAssertion"))
-	}
-	if s.SAMLAssertion != nil && len(*s.SAMLAssertion) < 4 {
-		invalidParams.Add(request.NewErrParamMinLen("SAMLAssertion", 4))
-	}
-	if s.PolicyArns != nil {
-		for i, v := range s.PolicyArns {
-			if v == nil {
-				continue
-			}
-			if err := v.Validate(); err != nil {
-				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "PolicyArns", i), err.(request.ErrInvalidParams))
-			}
-		}
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetDurationSeconds sets the DurationSeconds field's value.
-func (s *AssumeRoleWithSAMLInput) SetDurationSeconds(v int64) *AssumeRoleWithSAMLInput {
-	s.DurationSeconds = &v
-	return s
-}
-
-// SetPolicy sets the Policy field's value.
-func (s *AssumeRoleWithSAMLInput) SetPolicy(v string) *AssumeRoleWithSAMLInput {
-	s.Policy = &v
-	return s
-}
-
-// SetPolicyArns sets the PolicyArns field's value.
-func (s *AssumeRoleWithSAMLInput) SetPolicyArns(v []*PolicyDescriptorType) *AssumeRoleWithSAMLInput {
-	s.PolicyArns = v
-	return s
-}
-
-// SetPrincipalArn sets the PrincipalArn field's value.
-func (s *AssumeRoleWithSAMLInput) SetPrincipalArn(v string) *AssumeRoleWithSAMLInput {
-	s.PrincipalArn = &v
-	return s
-}
-
-// SetRoleArn sets the RoleArn field's value.
-func (s *AssumeRoleWithSAMLInput) SetRoleArn(v string) *AssumeRoleWithSAMLInput {
-	s.RoleArn = &v
-	return s
-}
-
-// SetSAMLAssertion sets the SAMLAssertion field's value.
-func (s *AssumeRoleWithSAMLInput) SetSAMLAssertion(v string) *AssumeRoleWithSAMLInput {
-	s.SAMLAssertion = &v
-	return s
-}
-
-// Contains the response to a successful AssumeRoleWithSAML request, including
-// temporary Amazon Web Services credentials that can be used to make Amazon
-// Web Services requests.
-type AssumeRoleWithSAMLOutput struct {
-	_ struct{} `type:"structure"`
-
-	// The identifiers for the temporary security credentials that the operation
-	// returns.
-	AssumedRoleUser *AssumedRoleUser `type:"structure"`
-
-	// The value of the Recipient attribute of the SubjectConfirmationData element
-	// of the SAML assertion.
-	Audience *string `type:"string"`
-
-	// The temporary security credentials, which include an access key ID, a secret
-	// access key, and a security (or session) token.
-	//
-	// The size of the security token that STS API operations return is not fixed.
-	// We strongly recommend that you make no assumptions about the maximum size.
-	Credentials *Credentials `type:"structure"`
-
-	// The value of the Issuer element of the SAML assertion.
-	Issuer *string `type:"string"`
-
-	// A hash value based on the concatenation of the following:
-	//
-	//    * The Issuer response value.
-	//
-	//    * The Amazon Web Services account ID.
-	//
-	//    * The friendly name (the last part of the ARN) of the SAML provider in
-	//    IAM.
-	//
-	// The combination of NameQualifier and Subject can be used to uniquely identify
-	// a user.
-	//
-	// The following pseudocode shows how the hash value is calculated:
-	//
-	// BASE64 ( SHA1 ( "https://example.com/saml" + "123456789012" + "/MySAMLIdP"
-	// ) )
-	NameQualifier *string `type:"string"`
-
-	// A percentage value that indicates the packed size of the session policies
-	// and session tags combined passed in the request. The request fails if the
-	// packed size is greater than 100 percent, which means the policies and tags
-	// exceeded the allowed space.
-	PackedPolicySize *int64 `type:"integer"`
-
-	// The value in the SourceIdentity attribute in the SAML assertion.
-	//
-	// You can require users to set a source identity value when they assume a role.
-	// You do this by using the sts:SourceIdentity condition key in a role trust
-	// policy. That way, actions that are taken with the role are associated with
-	// that user. After the source identity is set, the value cannot be changed.
-	// It is present in the request for all actions that are taken by the role and
-	// persists across chained role (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts#iam-term-role-chaining)
-	// sessions. You can configure your SAML identity provider to use an attribute
-	// associated with your users, like user name or email, as the source identity
-	// when calling AssumeRoleWithSAML. You do this by adding an attribute to the
-	// SAML assertion. For more information about using source identity, see Monitor
-	// and control actions taken with assumed roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html)
-	// in the IAM User Guide.
-	//
-	// The regex used to validate this parameter is a string of characters consisting
-	// of upper- and lower-case alphanumeric characters with no spaces. You can
-	// also include underscores or any of the following characters: =,.@-
-	SourceIdentity *string `min:"2" type:"string"`
-
-	// The value of the NameID element in the Subject element of the SAML assertion.
-	Subject *string `type:"string"`
-
-	// The format of the name ID, as defined by the Format attribute in the NameID
-	// element of the SAML assertion. Typical examples of the format are transient
-	// or persistent.
-	//
-	// If the format includes the prefix urn:oasis:names:tc:SAML:2.0:nameid-format,
-	// that prefix is removed. For example, urn:oasis:names:tc:SAML:2.0:nameid-format:transient
-	// is returned as transient. If the format includes any other prefix, the format
-	// is returned with no modifications.
-	SubjectType *string `type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s AssumeRoleWithSAMLOutput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s AssumeRoleWithSAMLOutput) GoString() string {
-	return s.String()
-}
-
-// SetAssumedRoleUser sets the AssumedRoleUser field's value.
-func (s *AssumeRoleWithSAMLOutput) SetAssumedRoleUser(v *AssumedRoleUser) *AssumeRoleWithSAMLOutput {
-	s.AssumedRoleUser = v
-	return s
-}
-
-// SetAudience sets the Audience field's value.
-func (s *AssumeRoleWithSAMLOutput) SetAudience(v string) *AssumeRoleWithSAMLOutput {
-	s.Audience = &v
-	return s
-}
-
-// SetCredentials sets the Credentials field's value.
-func (s *AssumeRoleWithSAMLOutput) SetCredentials(v *Credentials) *AssumeRoleWithSAMLOutput {
-	s.Credentials = v
-	return s
-}
-
-// SetIssuer sets the Issuer field's value.
-func (s *AssumeRoleWithSAMLOutput) SetIssuer(v string) *AssumeRoleWithSAMLOutput {
-	s.Issuer = &v
-	return s
-}
-
-// SetNameQualifier sets the NameQualifier field's value.
-func (s *AssumeRoleWithSAMLOutput) SetNameQualifier(v string) *AssumeRoleWithSAMLOutput {
-	s.NameQualifier = &v
-	return s
-}
-
-// SetPackedPolicySize sets the PackedPolicySize field's value.
-func (s *AssumeRoleWithSAMLOutput) SetPackedPolicySize(v int64) *AssumeRoleWithSAMLOutput {
-	s.PackedPolicySize = &v
-	return s
-}
-
-// SetSourceIdentity sets the SourceIdentity field's value.
-func (s *AssumeRoleWithSAMLOutput) SetSourceIdentity(v string) *AssumeRoleWithSAMLOutput {
-	s.SourceIdentity = &v
-	return s
-}
-
-// SetSubject sets the Subject field's value.
-func (s *AssumeRoleWithSAMLOutput) SetSubject(v string) *AssumeRoleWithSAMLOutput {
-	s.Subject = &v
-	return s
-}
-
-// SetSubjectType sets the SubjectType field's value.
-func (s *AssumeRoleWithSAMLOutput) SetSubjectType(v string) *AssumeRoleWithSAMLOutput {
-	s.SubjectType = &v
-	return s
-}
-
-type AssumeRoleWithWebIdentityInput struct {
-	_ struct{} `type:"structure"`
-
-	// The duration, in seconds, of the role session. The value can range from 900
-	// seconds (15 minutes) up to the maximum session duration setting for the role.
-	// This setting can have a value from 1 hour to 12 hours. If you specify a value
-	// higher than this setting, the operation fails. For example, if you specify
-	// a session duration of 12 hours, but your administrator set the maximum session
-	// duration to 6 hours, your operation fails. To learn how to view the maximum
-	// value for your role, see View the Maximum Session Duration Setting for a
-	// Role (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session)
-	// in the IAM User Guide.
-	//
-	// By default, the value is set to 3600 seconds.
-	//
-	// The DurationSeconds parameter is separate from the duration of a console
-	// session that you might request using the returned credentials. The request
-	// to the federation endpoint for a console sign-in token takes a SessionDuration
-	// parameter that specifies the maximum length of the console session. For more
-	// information, see Creating a URL that Enables Federated Users to Access the
-	// Amazon Web Services Management Console (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html)
-	// in the IAM User Guide.
-	DurationSeconds *int64 `min:"900" type:"integer"`
-
-	// An IAM policy in JSON format that you want to use as an inline session policy.
-	//
-	// This parameter is optional. Passing policies to this operation returns new
-	// temporary credentials. The resulting session's permissions are the intersection
-	// of the role's identity-based policy and the session policies. You can use
-	// the role's temporary credentials in subsequent Amazon Web Services API calls
-	// to access resources in the account that owns the role. You cannot use session
-	// policies to grant more permissions than those allowed by the identity-based
-	// policy of the role that is being assumed. For more information, see Session
-	// Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
-	// in the IAM User Guide.
-	//
-	// The plaintext that you use for both inline and managed session policies can't
-	// exceed 2,048 characters. The JSON policy characters can be any ASCII character
-	// from the space character to the end of the valid character list (\u0020 through
-	// \u00FF). It can also include the tab (\u0009), linefeed (\u000A), and carriage
-	// return (\u000D) characters.
-	//
-	// An Amazon Web Services conversion compresses the passed inline session policy,
-	// managed policy ARNs, and session tags into a packed binary format that has
-	// a separate limit. Your request can fail for this limit even if your plaintext
-	// meets the other requirements. The PackedPolicySize response element indicates
-	// by percentage how close the policies and tags for your request are to the
-	// upper size limit.
-	Policy *string `min:"1" type:"string"`
-
-	// The Amazon Resource Names (ARNs) of the IAM managed policies that you want
-	// to use as managed session policies. The policies must exist in the same account
-	// as the role.
-	//
-	// This parameter is optional. You can provide up to 10 managed policy ARNs.
-	// However, the plaintext that you use for both inline and managed session policies
-	// can't exceed 2,048 characters. For more information about ARNs, see Amazon
-	// Resource Names (ARNs) and Amazon Web Services Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
-	// in the Amazon Web Services General Reference.
-	//
-	// An Amazon Web Services conversion compresses the passed inline session policy,
-	// managed policy ARNs, and session tags into a packed binary format that has
-	// a separate limit. Your request can fail for this limit even if your plaintext
-	// meets the other requirements. The PackedPolicySize response element indicates
-	// by percentage how close the policies and tags for your request are to the
-	// upper size limit.
-	//
-	// Passing policies to this operation returns new temporary credentials. The
-	// resulting session's permissions are the intersection of the role's identity-based
-	// policy and the session policies. You can use the role's temporary credentials
-	// in subsequent Amazon Web Services API calls to access resources in the account
-	// that owns the role. You cannot use session policies to grant more permissions
-	// than those allowed by the identity-based policy of the role that is being
-	// assumed. For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
-	// in the IAM User Guide.
-	PolicyArns []*PolicyDescriptorType `type:"list"`
-
-	// The fully qualified host component of the domain name of the OAuth 2.0 identity
-	// provider. Do not specify this value for an OpenID Connect identity provider.
-	//
-	// Currently www.amazon.com and graph.facebook.com are the only supported identity
-	// providers for OAuth 2.0 access tokens. Do not include URL schemes and port
-	// numbers.
-	//
-	// Do not specify this value for OpenID Connect ID tokens.
-	ProviderId *string `min:"4" type:"string"`
-
-	// The Amazon Resource Name (ARN) of the role that the caller is assuming.
-	//
-	// RoleArn is a required field
-	RoleArn *string `min:"20" type:"string" required:"true"`
-
-	// An identifier for the assumed role session. Typically, you pass the name
-	// or identifier that is associated with the user who is using your application.
-	// That way, the temporary security credentials that your application will use
-	// are associated with that user. This session name is included as part of the
-	// ARN and assumed role ID in the AssumedRoleUser response element.
-	//
-	// The regex used to validate this parameter is a string of characters consisting
-	// of upper- and lower-case alphanumeric characters with no spaces. You can
-	// also include underscores or any of the following characters: =,.@-
-	//
-	// RoleSessionName is a required field
-	RoleSessionName *string `min:"2" type:"string" required:"true"`
-
-	// The OAuth 2.0 access token or OpenID Connect ID token that is provided by
-	// the identity provider. Your application must get this token by authenticating
-	// the user who is using your application with a web identity provider before
-	// the application makes an AssumeRoleWithWebIdentity call.
-	//
-	// WebIdentityToken is a sensitive parameter and its value will be
-	// replaced with "sensitive" in string returned by AssumeRoleWithWebIdentityInput's
-	// String and GoString methods.
-	//
-	// WebIdentityToken is a required field
-	WebIdentityToken *string `min:"4" type:"string" required:"true" sensitive:"true"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s AssumeRoleWithWebIdentityInput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s AssumeRoleWithWebIdentityInput) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *AssumeRoleWithWebIdentityInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "AssumeRoleWithWebIdentityInput"}
-	if s.DurationSeconds != nil && *s.DurationSeconds < 900 {
-		invalidParams.Add(request.NewErrParamMinValue("DurationSeconds", 900))
-	}
-	if s.Policy != nil && len(*s.Policy) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Policy", 1))
-	}
-	if s.ProviderId != nil && len(*s.ProviderId) < 4 {
-		invalidParams.Add(request.NewErrParamMinLen("ProviderId", 4))
-	}
-	if s.RoleArn == nil {
-		invalidParams.Add(request.NewErrParamRequired("RoleArn"))
-	}
-	if s.RoleArn != nil && len(*s.RoleArn) < 20 {
-		invalidParams.Add(request.NewErrParamMinLen("RoleArn", 20))
-	}
-	if s.RoleSessionName == nil {
-		invalidParams.Add(request.NewErrParamRequired("RoleSessionName"))
-	}
-	if s.RoleSessionName != nil && len(*s.RoleSessionName) < 2 {
-		invalidParams.Add(request.NewErrParamMinLen("RoleSessionName", 2))
-	}
-	if s.WebIdentityToken == nil {
-		invalidParams.Add(request.NewErrParamRequired("WebIdentityToken"))
-	}
-	if s.WebIdentityToken != nil && len(*s.WebIdentityToken) < 4 {
-		invalidParams.Add(request.NewErrParamMinLen("WebIdentityToken", 4))
-	}
-	if s.PolicyArns != nil {
-		for i, v := range s.PolicyArns {
-			if v == nil {
-				continue
-			}
-			if err := v.Validate(); err != nil {
-				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "PolicyArns", i), err.(request.ErrInvalidParams))
-			}
-		}
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetDurationSeconds sets the DurationSeconds field's value.
-func (s *AssumeRoleWithWebIdentityInput) SetDurationSeconds(v int64) *AssumeRoleWithWebIdentityInput {
-	s.DurationSeconds = &v
-	return s
-}
-
-// SetPolicy sets the Policy field's value.
-func (s *AssumeRoleWithWebIdentityInput) SetPolicy(v string) *AssumeRoleWithWebIdentityInput {
-	s.Policy = &v
-	return s
-}
-
-// SetPolicyArns sets the PolicyArns field's value.
-func (s *AssumeRoleWithWebIdentityInput) SetPolicyArns(v []*PolicyDescriptorType) *AssumeRoleWithWebIdentityInput {
-	s.PolicyArns = v
-	return s
-}
-
-// SetProviderId sets the ProviderId field's value.
-func (s *AssumeRoleWithWebIdentityInput) SetProviderId(v string) *AssumeRoleWithWebIdentityInput {
-	s.ProviderId = &v
-	return s
-}
-
-// SetRoleArn sets the RoleArn field's value.
-func (s *AssumeRoleWithWebIdentityInput) SetRoleArn(v string) *AssumeRoleWithWebIdentityInput {
-	s.RoleArn = &v
-	return s
-}
-
-// SetRoleSessionName sets the RoleSessionName field's value.
-func (s *AssumeRoleWithWebIdentityInput) SetRoleSessionName(v string) *AssumeRoleWithWebIdentityInput {
-	s.RoleSessionName = &v
-	return s
-}
-
-// SetWebIdentityToken sets the WebIdentityToken field's value.
-func (s *AssumeRoleWithWebIdentityInput) SetWebIdentityToken(v string) *AssumeRoleWithWebIdentityInput {
-	s.WebIdentityToken = &v
-	return s
-}
-
-// Contains the response to a successful AssumeRoleWithWebIdentity request,
-// including temporary Amazon Web Services credentials that can be used to make
-// Amazon Web Services requests.
-type AssumeRoleWithWebIdentityOutput struct {
-	_ struct{} `type:"structure"`
-
-	// The Amazon Resource Name (ARN) and the assumed role ID, which are identifiers
-	// that you can use to refer to the resulting temporary security credentials.
-	// For example, you can reference these credentials as a principal in a resource-based
-	// policy by using the ARN or assumed role ID. The ARN and ID include the RoleSessionName
-	// that you specified when you called AssumeRole.
-	AssumedRoleUser *AssumedRoleUser `type:"structure"`
-
-	// The intended audience (also known as client ID) of the web identity token.
-	// This is traditionally the client identifier issued to the application that
-	// requested the web identity token.
-	Audience *string `type:"string"`
-
-	// The temporary security credentials, which include an access key ID, a secret
-	// access key, and a security token.
-	//
-	// The size of the security token that STS API operations return is not fixed.
-	// We strongly recommend that you make no assumptions about the maximum size.
-	Credentials *Credentials `type:"structure"`
-
-	// A percentage value that indicates the packed size of the session policies
-	// and session tags combined passed in the request. The request fails if the
-	// packed size is greater than 100 percent, which means the policies and tags
-	// exceeded the allowed space.
-	PackedPolicySize *int64 `type:"integer"`
-
-	// The issuing authority of the web identity token presented. For OpenID Connect
-	// ID tokens, this contains the value of the iss field. For OAuth 2.0 access
-	// tokens, this contains the value of the ProviderId parameter that was passed
-	// in the AssumeRoleWithWebIdentity request.
-	Provider *string `type:"string"`
-
-	// The value of the source identity that is returned in the JSON web token (JWT)
-	// from the identity provider.
-	//
-	// You can require users to set a source identity value when they assume a role.
-	// You do this by using the sts:SourceIdentity condition key in a role trust
-	// policy. That way, actions that are taken with the role are associated with
-	// that user. After the source identity is set, the value cannot be changed.
-	// It is present in the request for all actions that are taken by the role and
-	// persists across chained role (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts#iam-term-role-chaining)
-	// sessions. You can configure your identity provider to use an attribute associated
-	// with your users, like user name or email, as the source identity when calling
-	// AssumeRoleWithWebIdentity. You do this by adding a claim to the JSON web
-	// token. To learn more about OIDC tokens and claims, see Using Tokens with
-	// User Pools (https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-using-tokens-with-identity-providers.html)
-	// in the Amazon Cognito Developer Guide. For more information about using source
-	// identity, see Monitor and control actions taken with assumed roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html)
-	// in the IAM User Guide.
-	//
-	// The regex used to validate this parameter is a string of characters consisting
-	// of upper- and lower-case alphanumeric characters with no spaces. You can
-	// also include underscores or any of the following characters: =,.@-
-	SourceIdentity *string `min:"2" type:"string"`
-
-	// The unique user identifier that is returned by the identity provider. This
-	// identifier is associated with the WebIdentityToken that was submitted with
-	// the AssumeRoleWithWebIdentity call. The identifier is typically unique to
-	// the user and the application that acquired the WebIdentityToken (pairwise
-	// identifier). For OpenID Connect ID tokens, this field contains the value
-	// returned by the identity provider as the token's sub (Subject) claim.
-	SubjectFromWebIdentityToken *string `min:"6" type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s AssumeRoleWithWebIdentityOutput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s AssumeRoleWithWebIdentityOutput) GoString() string {
-	return s.String()
-}
-
-// SetAssumedRoleUser sets the AssumedRoleUser field's value.
-func (s *AssumeRoleWithWebIdentityOutput) SetAssumedRoleUser(v *AssumedRoleUser) *AssumeRoleWithWebIdentityOutput {
-	s.AssumedRoleUser = v
-	return s
-}
-
-// SetAudience sets the Audience field's value.
-func (s *AssumeRoleWithWebIdentityOutput) SetAudience(v string) *AssumeRoleWithWebIdentityOutput {
-	s.Audience = &v
-	return s
-}
-
-// SetCredentials sets the Credentials field's value.
-func (s *AssumeRoleWithWebIdentityOutput) SetCredentials(v *Credentials) *AssumeRoleWithWebIdentityOutput {
-	s.Credentials = v
-	return s
-}
-
-// SetPackedPolicySize sets the PackedPolicySize field's value.
-func (s *AssumeRoleWithWebIdentityOutput) SetPackedPolicySize(v int64) *AssumeRoleWithWebIdentityOutput {
-	s.PackedPolicySize = &v
-	return s
-}
-
-// SetProvider sets the Provider field's value.
-func (s *AssumeRoleWithWebIdentityOutput) SetProvider(v string) *AssumeRoleWithWebIdentityOutput {
-	s.Provider = &v
-	return s
-}
-
-// SetSourceIdentity sets the SourceIdentity field's value.
-func (s *AssumeRoleWithWebIdentityOutput) SetSourceIdentity(v string) *AssumeRoleWithWebIdentityOutput {
-	s.SourceIdentity = &v
-	return s
-}
-
-// SetSubjectFromWebIdentityToken sets the SubjectFromWebIdentityToken field's value.
-func (s *AssumeRoleWithWebIdentityOutput) SetSubjectFromWebIdentityToken(v string) *AssumeRoleWithWebIdentityOutput {
-	s.SubjectFromWebIdentityToken = &v
-	return s
-}
-
-// The identifiers for the temporary security credentials that the operation
-// returns.
-type AssumedRoleUser struct {
-	_ struct{} `type:"structure"`
-
-	// The ARN of the temporary security credentials that are returned from the
-	// AssumeRole action. For more information about ARNs and how to use them in
-	// policies, see IAM Identifiers (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html)
-	// in the IAM User Guide.
-	//
-	// Arn is a required field
-	Arn *string `min:"20" type:"string" required:"true"`
-
-	// A unique identifier that contains the role ID and the role session name of
-	// the role that is being assumed. The role ID is generated by Amazon Web Services
-	// when the role is created.
-	//
-	// AssumedRoleId is a required field
-	AssumedRoleId *string `min:"2" type:"string" required:"true"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s AssumedRoleUser) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s AssumedRoleUser) GoString() string {
-	return s.String()
-}
-
-// SetArn sets the Arn field's value.
-func (s *AssumedRoleUser) SetArn(v string) *AssumedRoleUser {
-	s.Arn = &v
-	return s
-}
-
-// SetAssumedRoleId sets the AssumedRoleId field's value.
-func (s *AssumedRoleUser) SetAssumedRoleId(v string) *AssumedRoleUser {
-	s.AssumedRoleId = &v
-	return s
-}
-
-// Amazon Web Services credentials for API authentication.
-type Credentials struct {
-	_ struct{} `type:"structure"`
-
-	// The access key ID that identifies the temporary security credentials.
-	//
-	// AccessKeyId is a required field
-	AccessKeyId *string `min:"16" type:"string" required:"true"`
-
-	// The date on which the current credentials expire.
-	//
-	// Expiration is a required field
-	Expiration *time.Time `type:"timestamp" required:"true"`
-
-	// The secret access key that can be used to sign requests.
-	//
-	// SecretAccessKey is a sensitive parameter and its value will be
-	// replaced with "sensitive" in string returned by Credentials's
-	// String and GoString methods.
-	//
-	// SecretAccessKey is a required field
-	SecretAccessKey *string `type:"string" required:"true" sensitive:"true"`
-
-	// The token that users must pass to the service API to use the temporary credentials.
-	//
-	// SessionToken is a required field
-	SessionToken *string `type:"string" required:"true"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s Credentials) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s Credentials) GoString() string {
-	return s.String()
-}
-
-// SetAccessKeyId sets the AccessKeyId field's value.
-func (s *Credentials) SetAccessKeyId(v string) *Credentials {
-	s.AccessKeyId = &v
-	return s
-}
-
-// SetExpiration sets the Expiration field's value.
-func (s *Credentials) SetExpiration(v time.Time) *Credentials {
-	s.Expiration = &v
-	return s
-}
-
-// SetSecretAccessKey sets the SecretAccessKey field's value.
-func (s *Credentials) SetSecretAccessKey(v string) *Credentials {
-	s.SecretAccessKey = &v
-	return s
-}
-
-// SetSessionToken sets the SessionToken field's value.
-func (s *Credentials) SetSessionToken(v string) *Credentials {
-	s.SessionToken = &v
-	return s
-}
-
-type DecodeAuthorizationMessageInput struct {
-	_ struct{} `type:"structure"`
-
-	// The encoded message that was returned with the response.
-	//
-	// EncodedMessage is a required field
-	EncodedMessage *string `min:"1" type:"string" required:"true"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s DecodeAuthorizationMessageInput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s DecodeAuthorizationMessageInput) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *DecodeAuthorizationMessageInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "DecodeAuthorizationMessageInput"}
-	if s.EncodedMessage == nil {
-		invalidParams.Add(request.NewErrParamRequired("EncodedMessage"))
-	}
-	if s.EncodedMessage != nil && len(*s.EncodedMessage) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("EncodedMessage", 1))
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetEncodedMessage sets the EncodedMessage field's value.
-func (s *DecodeAuthorizationMessageInput) SetEncodedMessage(v string) *DecodeAuthorizationMessageInput {
-	s.EncodedMessage = &v
-	return s
-}
-
-// A document that contains additional information about the authorization status
-// of a request from an encoded message that is returned in response to an Amazon
-// Web Services request.
-type DecodeAuthorizationMessageOutput struct {
-	_ struct{} `type:"structure"`
-
-	// The API returns a response with the decoded message.
-	DecodedMessage *string `type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s DecodeAuthorizationMessageOutput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s DecodeAuthorizationMessageOutput) GoString() string {
-	return s.String()
-}
-
-// SetDecodedMessage sets the DecodedMessage field's value.
-func (s *DecodeAuthorizationMessageOutput) SetDecodedMessage(v string) *DecodeAuthorizationMessageOutput {
-	s.DecodedMessage = &v
-	return s
-}
-
-// Identifiers for the federated user that is associated with the credentials.
-type FederatedUser struct {
-	_ struct{} `type:"structure"`
-
-	// The ARN that specifies the federated user that is associated with the credentials.
-	// For more information about ARNs and how to use them in policies, see IAM
-	// Identifiers (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html)
-	// in the IAM User Guide.
-	//
-	// Arn is a required field
-	Arn *string `min:"20" type:"string" required:"true"`
-
-	// The string that identifies the federated user associated with the credentials,
-	// similar to the unique ID of an IAM user.
-	//
-	// FederatedUserId is a required field
-	FederatedUserId *string `min:"2" type:"string" required:"true"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s FederatedUser) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s FederatedUser) GoString() string {
-	return s.String()
-}
-
-// SetArn sets the Arn field's value.
-func (s *FederatedUser) SetArn(v string) *FederatedUser {
-	s.Arn = &v
-	return s
-}
-
-// SetFederatedUserId sets the FederatedUserId field's value.
-func (s *FederatedUser) SetFederatedUserId(v string) *FederatedUser {
-	s.FederatedUserId = &v
-	return s
-}
-
-type GetAccessKeyInfoInput struct {
-	_ struct{} `type:"structure"`
-
-	// The identifier of an access key.
-	//
-	// This parameter allows (through its regex pattern) a string of characters
-	// that can consist of any upper- or lowercase letter or digit.
-	//
-	// AccessKeyId is a required field
-	AccessKeyId *string `min:"16" type:"string" required:"true"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetAccessKeyInfoInput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetAccessKeyInfoInput) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *GetAccessKeyInfoInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "GetAccessKeyInfoInput"}
-	if s.AccessKeyId == nil {
-		invalidParams.Add(request.NewErrParamRequired("AccessKeyId"))
-	}
-	if s.AccessKeyId != nil && len(*s.AccessKeyId) < 16 {
-		invalidParams.Add(request.NewErrParamMinLen("AccessKeyId", 16))
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetAccessKeyId sets the AccessKeyId field's value.
-func (s *GetAccessKeyInfoInput) SetAccessKeyId(v string) *GetAccessKeyInfoInput {
-	s.AccessKeyId = &v
-	return s
-}
-
-type GetAccessKeyInfoOutput struct {
-	_ struct{} `type:"structure"`
-
-	// The number used to identify the Amazon Web Services account.
-	Account *string `type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetAccessKeyInfoOutput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetAccessKeyInfoOutput) GoString() string {
-	return s.String()
-}
-
-// SetAccount sets the Account field's value.
-func (s *GetAccessKeyInfoOutput) SetAccount(v string) *GetAccessKeyInfoOutput {
-	s.Account = &v
-	return s
-}
-
-type GetCallerIdentityInput struct {
-	_ struct{} `type:"structure"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetCallerIdentityInput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetCallerIdentityInput) GoString() string {
-	return s.String()
-}
-
-// Contains the response to a successful GetCallerIdentity request, including
-// information about the entity making the request.
-type GetCallerIdentityOutput struct {
-	_ struct{} `type:"structure"`
-
-	// The Amazon Web Services account ID number of the account that owns or contains
-	// the calling entity.
-	Account *string `type:"string"`
-
-	// The Amazon Web Services ARN associated with the calling entity.
-	Arn *string `min:"20" type:"string"`
-
-	// The unique identifier of the calling entity. The exact value depends on the
-	// type of entity that is making the call. The values returned are those listed
-	// in the aws:userid column in the Principal table (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_variables.html#principaltable)
-	// found on the Policy Variables reference page in the IAM User Guide.
-	UserId *string `type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetCallerIdentityOutput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetCallerIdentityOutput) GoString() string {
-	return s.String()
-}
-
-// SetAccount sets the Account field's value.
-func (s *GetCallerIdentityOutput) SetAccount(v string) *GetCallerIdentityOutput {
-	s.Account = &v
-	return s
-}
-
-// SetArn sets the Arn field's value.
-func (s *GetCallerIdentityOutput) SetArn(v string) *GetCallerIdentityOutput {
-	s.Arn = &v
-	return s
-}
-
-// SetUserId sets the UserId field's value.
-func (s *GetCallerIdentityOutput) SetUserId(v string) *GetCallerIdentityOutput {
-	s.UserId = &v
-	return s
-}
-
-type GetFederationTokenInput struct {
-	_ struct{} `type:"structure"`
-
-	// The duration, in seconds, that the session should last. Acceptable durations
-	// for federation sessions range from 900 seconds (15 minutes) to 129,600 seconds
-	// (36 hours), with 43,200 seconds (12 hours) as the default. Sessions obtained
-	// using root user credentials are restricted to a maximum of 3,600 seconds
-	// (one hour). If the specified duration is longer than one hour, the session
-	// obtained by using root user credentials defaults to one hour.
-	DurationSeconds *int64 `min:"900" type:"integer"`
-
-	// The name of the federated user. The name is used as an identifier for the
-	// temporary security credentials (such as Bob). For example, you can reference
-	// the federated user name in a resource-based policy, such as in an Amazon
-	// S3 bucket policy.
-	//
-	// The regex used to validate this parameter is a string of characters consisting
-	// of upper- and lower-case alphanumeric characters with no spaces. You can
-	// also include underscores or any of the following characters: =,.@-
-	//
-	// Name is a required field
-	Name *string `min:"2" type:"string" required:"true"`
-
-	// An IAM policy in JSON format that you want to use as an inline session policy.
-	//
-	// You must pass an inline or managed session policy (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
-	// to this operation. You can pass a single JSON policy document to use as an
-	// inline session policy. You can also specify up to 10 managed policy Amazon
-	// Resource Names (ARNs) to use as managed session policies.
-	//
-	// This parameter is optional. However, if you do not pass any session policies,
-	// then the resulting federated user session has no permissions.
-	//
-	// When you pass session policies, the session permissions are the intersection
-	// of the IAM user policies and the session policies that you pass. This gives
-	// you a way to further restrict the permissions for a federated user. You cannot
-	// use session policies to grant more permissions than those that are defined
-	// in the permissions policy of the IAM user. For more information, see Session
-	// Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
-	// in the IAM User Guide.
-	//
-	// The resulting credentials can be used to access a resource that has a resource-based
-	// policy. If that policy specifically references the federated user session
-	// in the Principal element of the policy, the session has the permissions allowed
-	// by the policy. These permissions are granted in addition to the permissions
-	// that are granted by the session policies.
-	//
-	// The plaintext that you use for both inline and managed session policies can't
-	// exceed 2,048 characters. The JSON policy characters can be any ASCII character
-	// from the space character to the end of the valid character list (\u0020 through
-	// \u00FF). It can also include the tab (\u0009), linefeed (\u000A), and carriage
-	// return (\u000D) characters.
-	//
-	// An Amazon Web Services conversion compresses the passed inline session policy,
-	// managed policy ARNs, and session tags into a packed binary format that has
-	// a separate limit. Your request can fail for this limit even if your plaintext
-	// meets the other requirements. The PackedPolicySize response element indicates
-	// by percentage how close the policies and tags for your request are to the
-	// upper size limit.
-	Policy *string `min:"1" type:"string"`
-
-	// The Amazon Resource Names (ARNs) of the IAM managed policies that you want
-	// to use as a managed session policy. The policies must exist in the same account
-	// as the IAM user that is requesting federated access.
-	//
-	// You must pass an inline or managed session policy (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
-	// to this operation. You can pass a single JSON policy document to use as an
-	// inline session policy. You can also specify up to 10 managed policy Amazon
-	// Resource Names (ARNs) to use as managed session policies. The plaintext that
-	// you use for both inline and managed session policies can't exceed 2,048 characters.
-	// You can provide up to 10 managed policy ARNs. For more information about
-	// ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces
-	// (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
-	// in the Amazon Web Services General Reference.
-	//
-	// This parameter is optional. However, if you do not pass any session policies,
-	// then the resulting federated user session has no permissions.
-	//
-	// When you pass session policies, the session permissions are the intersection
-	// of the IAM user policies and the session policies that you pass. This gives
-	// you a way to further restrict the permissions for a federated user. You cannot
-	// use session policies to grant more permissions than those that are defined
-	// in the permissions policy of the IAM user. For more information, see Session
-	// Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
-	// in the IAM User Guide.
-	//
-	// The resulting credentials can be used to access a resource that has a resource-based
-	// policy. If that policy specifically references the federated user session
-	// in the Principal element of the policy, the session has the permissions allowed
-	// by the policy. These permissions are granted in addition to the permissions
-	// that are granted by the session policies.
-	//
-	// An Amazon Web Services conversion compresses the passed inline session policy,
-	// managed policy ARNs, and session tags into a packed binary format that has
-	// a separate limit. Your request can fail for this limit even if your plaintext
-	// meets the other requirements. The PackedPolicySize response element indicates
-	// by percentage how close the policies and tags for your request are to the
-	// upper size limit.
-	PolicyArns []*PolicyDescriptorType `type:"list"`
-
-	// A list of session tags. Each session tag consists of a key name and an associated
-	// value. For more information about session tags, see Passing Session Tags
-	// in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
-	// in the IAM User Guide.
-	//
-	// This parameter is optional. You can pass up to 50 session tags. The plaintext
-	// session tag keys can’t exceed 128 characters and the values can’t exceed
-	// 256 characters. For these and additional limits, see IAM and STS Character
-	// Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length)
-	// in the IAM User Guide.
-	//
-	// An Amazon Web Services conversion compresses the passed inline session policy,
-	// managed policy ARNs, and session tags into a packed binary format that has
-	// a separate limit. Your request can fail for this limit even if your plaintext
-	// meets the other requirements. The PackedPolicySize response element indicates
-	// by percentage how close the policies and tags for your request are to the
-	// upper size limit.
-	//
-	// You can pass a session tag with the same key as a tag that is already attached
-	// to the user you are federating. When you do, session tags override a user
-	// tag with the same key.
-	//
-	// Tag key–value pairs are not case sensitive, but case is preserved. This
-	// means that you cannot have separate Department and department tag keys. Assume
-	// that the role has the Department=Marketing tag and you pass the department=engineering
-	// session tag. Department and department are not saved as separate tags, and
-	// the session tag passed in the request takes precedence over the role tag.
-	Tags []*Tag `type:"list"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetFederationTokenInput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetFederationTokenInput) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *GetFederationTokenInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "GetFederationTokenInput"}
-	if s.DurationSeconds != nil && *s.DurationSeconds < 900 {
-		invalidParams.Add(request.NewErrParamMinValue("DurationSeconds", 900))
-	}
-	if s.Name == nil {
-		invalidParams.Add(request.NewErrParamRequired("Name"))
-	}
-	if s.Name != nil && len(*s.Name) < 2 {
-		invalidParams.Add(request.NewErrParamMinLen("Name", 2))
-	}
-	if s.Policy != nil && len(*s.Policy) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Policy", 1))
-	}
-	if s.PolicyArns != nil {
-		for i, v := range s.PolicyArns {
-			if v == nil {
-				continue
-			}
-			if err := v.Validate(); err != nil {
-				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "PolicyArns", i), err.(request.ErrInvalidParams))
-			}
-		}
-	}
-	if s.Tags != nil {
-		for i, v := range s.Tags {
-			if v == nil {
-				continue
-			}
-			if err := v.Validate(); err != nil {
-				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams))
-			}
-		}
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetDurationSeconds sets the DurationSeconds field's value.
-func (s *GetFederationTokenInput) SetDurationSeconds(v int64) *GetFederationTokenInput {
-	s.DurationSeconds = &v
-	return s
-}
-
-// SetName sets the Name field's value.
-func (s *GetFederationTokenInput) SetName(v string) *GetFederationTokenInput {
-	s.Name = &v
-	return s
-}
-
-// SetPolicy sets the Policy field's value.
-func (s *GetFederationTokenInput) SetPolicy(v string) *GetFederationTokenInput {
-	s.Policy = &v
-	return s
-}
-
-// SetPolicyArns sets the PolicyArns field's value.
-func (s *GetFederationTokenInput) SetPolicyArns(v []*PolicyDescriptorType) *GetFederationTokenInput {
-	s.PolicyArns = v
-	return s
-}
-
-// SetTags sets the Tags field's value.
-func (s *GetFederationTokenInput) SetTags(v []*Tag) *GetFederationTokenInput {
-	s.Tags = v
-	return s
-}
-
-// Contains the response to a successful GetFederationToken request, including
-// temporary Amazon Web Services credentials that can be used to make Amazon
-// Web Services requests.
-type GetFederationTokenOutput struct {
-	_ struct{} `type:"structure"`
-
-	// The temporary security credentials, which include an access key ID, a secret
-	// access key, and a security (or session) token.
-	//
-	// The size of the security token that STS API operations return is not fixed.
-	// We strongly recommend that you make no assumptions about the maximum size.
-	Credentials *Credentials `type:"structure"`
-
-	// Identifiers for the federated user associated with the credentials (such
-	// as arn:aws:sts::123456789012:federated-user/Bob or 123456789012:Bob). You
-	// can use the federated user's ARN in your resource-based policies, such as
-	// an Amazon S3 bucket policy.
-	FederatedUser *FederatedUser `type:"structure"`
-
-	// A percentage value that indicates the packed size of the session policies
-	// and session tags combined passed in the request. The request fails if the
-	// packed size is greater than 100 percent, which means the policies and tags
-	// exceeded the allowed space.
-	PackedPolicySize *int64 `type:"integer"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetFederationTokenOutput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetFederationTokenOutput) GoString() string {
-	return s.String()
-}
-
-// SetCredentials sets the Credentials field's value.
-func (s *GetFederationTokenOutput) SetCredentials(v *Credentials) *GetFederationTokenOutput {
-	s.Credentials = v
-	return s
-}
-
-// SetFederatedUser sets the FederatedUser field's value.
-func (s *GetFederationTokenOutput) SetFederatedUser(v *FederatedUser) *GetFederationTokenOutput {
-	s.FederatedUser = v
-	return s
-}
-
-// SetPackedPolicySize sets the PackedPolicySize field's value.
-func (s *GetFederationTokenOutput) SetPackedPolicySize(v int64) *GetFederationTokenOutput {
-	s.PackedPolicySize = &v
-	return s
-}
-
-type GetSessionTokenInput struct {
-	_ struct{} `type:"structure"`
-
-	// The duration, in seconds, that the credentials should remain valid. Acceptable
-	// durations for IAM user sessions range from 900 seconds (15 minutes) to 129,600
-	// seconds (36 hours), with 43,200 seconds (12 hours) as the default. Sessions
-	// for Amazon Web Services account owners are restricted to a maximum of 3,600
-	// seconds (one hour). If the duration is longer than one hour, the session
-	// for Amazon Web Services account owners defaults to one hour.
-	DurationSeconds *int64 `min:"900" type:"integer"`
-
-	// The identification number of the MFA device that is associated with the IAM
-	// user who is making the GetSessionToken call. Specify this value if the IAM
-	// user has a policy that requires MFA authentication. The value is either the
-	// serial number for a hardware device (such as GAHT12345678) or an Amazon Resource
-	// Name (ARN) for a virtual device (such as arn:aws:iam::123456789012:mfa/user).
-	// You can find the device for an IAM user by going to the Amazon Web Services
-	// Management Console and viewing the user's security credentials.
-	//
-	// The regex used to validate this parameter is a string of characters consisting
-	// of upper- and lower-case alphanumeric characters with no spaces. You can
-	// also include underscores or any of the following characters: =,.@:/-
-	SerialNumber *string `min:"9" type:"string"`
-
-	// The value provided by the MFA device, if MFA is required. If any policy requires
-	// the IAM user to submit an MFA code, specify this value. If MFA authentication
-	// is required, the user must provide a code when requesting a set of temporary
-	// security credentials. A user who fails to provide the code receives an "access
-	// denied" response when requesting resources that require MFA authentication.
-	//
-	// The format for this parameter, as described by its regex pattern, is a sequence
-	// of six numeric digits.
-	TokenCode *string `min:"6" type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetSessionTokenInput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetSessionTokenInput) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *GetSessionTokenInput) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "GetSessionTokenInput"}
-	if s.DurationSeconds != nil && *s.DurationSeconds < 900 {
-		invalidParams.Add(request.NewErrParamMinValue("DurationSeconds", 900))
-	}
-	if s.SerialNumber != nil && len(*s.SerialNumber) < 9 {
-		invalidParams.Add(request.NewErrParamMinLen("SerialNumber", 9))
-	}
-	if s.TokenCode != nil && len(*s.TokenCode) < 6 {
-		invalidParams.Add(request.NewErrParamMinLen("TokenCode", 6))
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetDurationSeconds sets the DurationSeconds field's value.
-func (s *GetSessionTokenInput) SetDurationSeconds(v int64) *GetSessionTokenInput {
-	s.DurationSeconds = &v
-	return s
-}
-
-// SetSerialNumber sets the SerialNumber field's value.
-func (s *GetSessionTokenInput) SetSerialNumber(v string) *GetSessionTokenInput {
-	s.SerialNumber = &v
-	return s
-}
-
-// SetTokenCode sets the TokenCode field's value.
-func (s *GetSessionTokenInput) SetTokenCode(v string) *GetSessionTokenInput {
-	s.TokenCode = &v
-	return s
-}
-
-// Contains the response to a successful GetSessionToken request, including
-// temporary Amazon Web Services credentials that can be used to make Amazon
-// Web Services requests.
-type GetSessionTokenOutput struct {
-	_ struct{} `type:"structure"`
-
-	// The temporary security credentials, which include an access key ID, a secret
-	// access key, and a security (or session) token.
-	//
-	// The size of the security token that STS API operations return is not fixed.
-	// We strongly recommend that you make no assumptions about the maximum size.
-	Credentials *Credentials `type:"structure"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetSessionTokenOutput) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s GetSessionTokenOutput) GoString() string {
-	return s.String()
-}
-
-// SetCredentials sets the Credentials field's value.
-func (s *GetSessionTokenOutput) SetCredentials(v *Credentials) *GetSessionTokenOutput {
-	s.Credentials = v
-	return s
-}
-
-// A reference to the IAM managed policy that is passed as a session policy
-// for a role session or a federated user session.
-type PolicyDescriptorType struct {
-	_ struct{} `type:"structure"`
-
-	// The Amazon Resource Name (ARN) of the IAM managed policy to use as a session
-	// policy for the role. For more information about ARNs, see Amazon Resource
-	// Names (ARNs) and Amazon Web Services Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
-	// in the Amazon Web Services General Reference.
-	Arn *string `locationName:"arn" min:"20" type:"string"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s PolicyDescriptorType) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s PolicyDescriptorType) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *PolicyDescriptorType) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "PolicyDescriptorType"}
-	if s.Arn != nil && len(*s.Arn) < 20 {
-		invalidParams.Add(request.NewErrParamMinLen("Arn", 20))
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetArn sets the Arn field's value.
-func (s *PolicyDescriptorType) SetArn(v string) *PolicyDescriptorType {
-	s.Arn = &v
-	return s
-}
-
-// You can pass custom key-value pair attributes when you assume a role or federate
-// a user. These are called session tags. You can then use the session tags
-// to control access to resources. For more information, see Tagging Amazon
-// Web Services STS Sessions (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
-// in the IAM User Guide.
-type Tag struct {
-	_ struct{} `type:"structure"`
-
-	// The key for a session tag.
-	//
-	// You can pass up to 50 session tags. The plain text session tag keys can’t
-	// exceed 128 characters. For these and additional limits, see IAM and STS Character
-	// Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length)
-	// in the IAM User Guide.
-	//
-	// Key is a required field
-	Key *string `min:"1" type:"string" required:"true"`
-
-	// The value for a session tag.
-	//
-	// You can pass up to 50 session tags. The plain text session tag values can’t
-	// exceed 256 characters. For these and additional limits, see IAM and STS Character
-	// Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length)
-	// in the IAM User Guide.
-	//
-	// Value is a required field
-	Value *string `type:"string" required:"true"`
-}
-
-// String returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s Tag) String() string {
-	return awsutil.Prettify(s)
-}
-
-// GoString returns the string representation.
-//
-// API parameter values that are decorated as "sensitive" in the API will not
-// be included in the string output. The member name will be present, but the
-// value will be replaced with "sensitive".
-func (s Tag) GoString() string {
-	return s.String()
-}
-
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *Tag) Validate() error {
-	invalidParams := request.ErrInvalidParams{Context: "Tag"}
-	if s.Key == nil {
-		invalidParams.Add(request.NewErrParamRequired("Key"))
-	}
-	if s.Key != nil && len(*s.Key) < 1 {
-		invalidParams.Add(request.NewErrParamMinLen("Key", 1))
-	}
-	if s.Value == nil {
-		invalidParams.Add(request.NewErrParamRequired("Value"))
-	}
-
-	if invalidParams.Len() > 0 {
-		return invalidParams
-	}
-	return nil
-}
-
-// SetKey sets the Key field's value.
-func (s *Tag) SetKey(v string) *Tag {
-	s.Key = &v
-	return s
-}
-
-// SetValue sets the Value field's value.
-func (s *Tag) SetValue(v string) *Tag {
-	s.Value = &v
-	return s
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/service/sts/customizations.go b/vendor/github.com/aws/aws-sdk-go/service/sts/customizations.go
deleted file mode 100644
index d5307fcaa..000000000
--- a/vendor/github.com/aws/aws-sdk-go/service/sts/customizations.go
+++ /dev/null
@@ -1,11 +0,0 @@
-package sts
-
-import "github.com/aws/aws-sdk-go/aws/request"
-
-func init() {
-	initRequest = customizeRequest
-}
-
-func customizeRequest(r *request.Request) {
-	r.RetryErrorCodes = append(r.RetryErrorCodes, ErrCodeIDPCommunicationErrorException)
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/service/sts/doc.go b/vendor/github.com/aws/aws-sdk-go/service/sts/doc.go
deleted file mode 100644
index ea1d9eb0c..000000000
--- a/vendor/github.com/aws/aws-sdk-go/service/sts/doc.go
+++ /dev/null
@@ -1,31 +0,0 @@
-// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
-
-// Package sts provides the client and types for making API
-// requests to AWS Security Token Service.
-//
-// Security Token Service (STS) enables you to request temporary, limited-privilege
-// credentials for users. This guide provides descriptions of the STS API. For
-// more information about using this service, see Temporary Security Credentials
-// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html).
-//
-// See https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15 for more information on this service.
-//
-// See sts package documentation for more information.
-// https://docs.aws.amazon.com/sdk-for-go/api/service/sts/
-//
-// # Using the Client
-//
-// To contact AWS Security Token Service with the SDK use the New function to create
-// a new service client. With that client you can make API requests to the service.
-// These clients are safe to use concurrently.
-//
-// See the SDK's documentation for more information on how to use the SDK.
-// https://docs.aws.amazon.com/sdk-for-go/api/
-//
-// See aws.Config documentation for more information on configuring SDK clients.
-// https://docs.aws.amazon.com/sdk-for-go/api/aws/#Config
-//
-// See the AWS Security Token Service client STS for more
-// information on creating client for this service.
-// https://docs.aws.amazon.com/sdk-for-go/api/service/sts/#New
-package sts
diff --git a/vendor/github.com/aws/aws-sdk-go/service/sts/errors.go b/vendor/github.com/aws/aws-sdk-go/service/sts/errors.go
deleted file mode 100644
index b680bbd5d..000000000
--- a/vendor/github.com/aws/aws-sdk-go/service/sts/errors.go
+++ /dev/null
@@ -1,84 +0,0 @@
-// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
-
-package sts
-
-const (
-
-	// ErrCodeExpiredTokenException for service response error code
-	// "ExpiredTokenException".
-	//
-	// The web identity token that was passed is expired or is not valid. Get a
-	// new identity token from the identity provider and then retry the request.
-	ErrCodeExpiredTokenException = "ExpiredTokenException"
-
-	// ErrCodeIDPCommunicationErrorException for service response error code
-	// "IDPCommunicationError".
-	//
-	// The request could not be fulfilled because the identity provider (IDP) that
-	// was asked to verify the incoming identity token could not be reached. This
-	// is often a transient error caused by network conditions. Retry the request
-	// a limited number of times so that you don't exceed the request rate. If the
-	// error persists, the identity provider might be down or not responding.
-	ErrCodeIDPCommunicationErrorException = "IDPCommunicationError"
-
-	// ErrCodeIDPRejectedClaimException for service response error code
-	// "IDPRejectedClaim".
-	//
-	// The identity provider (IdP) reported that authentication failed. This might
-	// be because the claim is invalid.
-	//
-	// If this error is returned for the AssumeRoleWithWebIdentity operation, it
-	// can also mean that the claim has expired or has been explicitly revoked.
-	ErrCodeIDPRejectedClaimException = "IDPRejectedClaim"
-
-	// ErrCodeInvalidAuthorizationMessageException for service response error code
-	// "InvalidAuthorizationMessageException".
-	//
-	// The error returned if the message passed to DecodeAuthorizationMessage was
-	// invalid. This can happen if the token contains invalid characters, such as
-	// linebreaks.
-	ErrCodeInvalidAuthorizationMessageException = "InvalidAuthorizationMessageException"
-
-	// ErrCodeInvalidIdentityTokenException for service response error code
-	// "InvalidIdentityToken".
-	//
-	// The web identity token that was passed could not be validated by Amazon Web
-	// Services. Get a new identity token from the identity provider and then retry
-	// the request.
-	ErrCodeInvalidIdentityTokenException = "InvalidIdentityToken"
-
-	// ErrCodeMalformedPolicyDocumentException for service response error code
-	// "MalformedPolicyDocument".
-	//
-	// The request was rejected because the policy document was malformed. The error
-	// message describes the specific error.
-	ErrCodeMalformedPolicyDocumentException = "MalformedPolicyDocument"
-
-	// ErrCodePackedPolicyTooLargeException for service response error code
-	// "PackedPolicyTooLarge".
-	//
-	// The request was rejected because the total packed size of the session policies
-	// and session tags combined was too large. An Amazon Web Services conversion
-	// compresses the session policy document, session policy ARNs, and session
-	// tags into a packed binary format that has a separate limit. The error message
-	// indicates by percentage how close the policies and tags are to the upper
-	// size limit. For more information, see Passing Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
-	// in the IAM User Guide.
-	//
-	// You could receive this error even though you meet other defined session policy
-	// and session tag limits. For more information, see IAM and STS Entity Character
-	// Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-limits-entity-length)
-	// in the IAM User Guide.
-	ErrCodePackedPolicyTooLargeException = "PackedPolicyTooLarge"
-
-	// ErrCodeRegionDisabledException for service response error code
-	// "RegionDisabledException".
-	//
-	// STS is not activated in the requested region for the account that is being
-	// asked to generate credentials. The account administrator must use the IAM
-	// console to activate STS in that region. For more information, see Activating
-	// and Deactivating Amazon Web Services STS in an Amazon Web Services Region
-	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html)
-	// in the IAM User Guide.
-	ErrCodeRegionDisabledException = "RegionDisabledException"
-)
diff --git a/vendor/github.com/aws/aws-sdk-go/service/sts/service.go b/vendor/github.com/aws/aws-sdk-go/service/sts/service.go
deleted file mode 100644
index 12327d053..000000000
--- a/vendor/github.com/aws/aws-sdk-go/service/sts/service.go
+++ /dev/null
@@ -1,104 +0,0 @@
-// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
-
-package sts
-
-import (
-	"github.com/aws/aws-sdk-go/aws"
-	"github.com/aws/aws-sdk-go/aws/client"
-	"github.com/aws/aws-sdk-go/aws/client/metadata"
-	"github.com/aws/aws-sdk-go/aws/request"
-	"github.com/aws/aws-sdk-go/aws/signer/v4"
-	"github.com/aws/aws-sdk-go/private/protocol/query"
-)
-
-// STS provides the API operation methods for making requests to
-// AWS Security Token Service. See this package's package overview docs
-// for details on the service.
-//
-// STS methods are safe to use concurrently. It is not safe to
-// modify mutate any of the struct's properties though.
-type STS struct {
-	*client.Client
-}
-
-// Used for custom client initialization logic
-var initClient func(*client.Client)
-
-// Used for custom request initialization logic
-var initRequest func(*request.Request)
-
-// Service information constants
-const (
-	ServiceName = "sts"       // Name of service.
-	EndpointsID = ServiceName // ID to lookup a service endpoint with.
-	ServiceID   = "STS"       // ServiceID is a unique identifier of a specific service.
-)
-
-// New creates a new instance of the STS client with a session.
-// If additional configuration is needed for the client instance use the optional
-// aws.Config parameter to add your extra config.
-//
-// Example:
-//
-//	mySession := session.Must(session.NewSession())
-//
-//	// Create a STS client from just a session.
-//	svc := sts.New(mySession)
-//
-//	// Create a STS client with additional configuration
-//	svc := sts.New(mySession, aws.NewConfig().WithRegion("us-west-2"))
-func New(p client.ConfigProvider, cfgs ...*aws.Config) *STS {
-	c := p.ClientConfig(EndpointsID, cfgs...)
-	if c.SigningNameDerived || len(c.SigningName) == 0 {
-		c.SigningName = EndpointsID
-		// No Fallback
-	}
-	return newClient(*c.Config, c.Handlers, c.PartitionID, c.Endpoint, c.SigningRegion, c.SigningName, c.ResolvedRegion)
-}
-
-// newClient creates, initializes and returns a new service client instance.
-func newClient(cfg aws.Config, handlers request.Handlers, partitionID, endpoint, signingRegion, signingName, resolvedRegion string) *STS {
-	svc := &STS{
-		Client: client.New(
-			cfg,
-			metadata.ClientInfo{
-				ServiceName:    ServiceName,
-				ServiceID:      ServiceID,
-				SigningName:    signingName,
-				SigningRegion:  signingRegion,
-				PartitionID:    partitionID,
-				Endpoint:       endpoint,
-				APIVersion:     "2011-06-15",
-				ResolvedRegion: resolvedRegion,
-			},
-			handlers,
-		),
-	}
-
-	// Handlers
-	svc.Handlers.Sign.PushBackNamed(v4.SignRequestHandler)
-	svc.Handlers.Build.PushBackNamed(query.BuildHandler)
-	svc.Handlers.Unmarshal.PushBackNamed(query.UnmarshalHandler)
-	svc.Handlers.UnmarshalMeta.PushBackNamed(query.UnmarshalMetaHandler)
-	svc.Handlers.UnmarshalError.PushBackNamed(query.UnmarshalErrorHandler)
-
-	// Run custom client initialization if present
-	if initClient != nil {
-		initClient(svc.Client)
-	}
-
-	return svc
-}
-
-// newRequest creates a new request for a STS operation and runs any
-// custom request initialization.
-func (c *STS) newRequest(op *request.Operation, params, data interface{}) *request.Request {
-	req := c.NewRequest(op, params, data)
-
-	// Run custom request initialization if present
-	if initRequest != nil {
-		initRequest(req)
-	}
-
-	return req
-}
diff --git a/vendor/github.com/aws/aws-sdk-go/service/sts/stsiface/interface.go b/vendor/github.com/aws/aws-sdk-go/service/sts/stsiface/interface.go
deleted file mode 100644
index bf06b2e7d..000000000
--- a/vendor/github.com/aws/aws-sdk-go/service/sts/stsiface/interface.go
+++ /dev/null
@@ -1,96 +0,0 @@
-// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
-
-// Package stsiface provides an interface to enable mocking the AWS Security Token Service service client
-// for testing your code.
-//
-// It is important to note that this interface will have breaking changes
-// when the service model is updated and adds new API operations, paginators,
-// and waiters.
-package stsiface
-
-import (
-	"github.com/aws/aws-sdk-go/aws"
-	"github.com/aws/aws-sdk-go/aws/request"
-	"github.com/aws/aws-sdk-go/service/sts"
-)
-
-// STSAPI provides an interface to enable mocking the
-// sts.STS service client's API operation,
-// paginators, and waiters. This make unit testing your code that calls out
-// to the SDK's service client's calls easier.
-//
-// The best way to use this interface is so the SDK's service client's calls
-// can be stubbed out for unit testing your code with the SDK without needing
-// to inject custom request handlers into the SDK's request pipeline.
-//
-//	// myFunc uses an SDK service client to make a request to
-//	// AWS Security Token Service.
-//	func myFunc(svc stsiface.STSAPI) bool {
-//	    // Make svc.AssumeRole request
-//	}
-//
-//	func main() {
-//	    sess := session.New()
-//	    svc := sts.New(sess)
-//
-//	    myFunc(svc)
-//	}
-//
-// In your _test.go file:
-//
-//	// Define a mock struct to be used in your unit tests of myFunc.
-//	type mockSTSClient struct {
-//	    stsiface.STSAPI
-//	}
-//	func (m *mockSTSClient) AssumeRole(input *sts.AssumeRoleInput) (*sts.AssumeRoleOutput, error) {
-//	    // mock response/functionality
-//	}
-//
-//	func TestMyFunc(t *testing.T) {
-//	    // Setup Test
-//	    mockSvc := &mockSTSClient{}
-//
-//	    myfunc(mockSvc)
-//
-//	    // Verify myFunc's functionality
-//	}
-//
-// It is important to note that this interface will have breaking changes
-// when the service model is updated and adds new API operations, paginators,
-// and waiters. Its suggested to use the pattern above for testing, or using
-// tooling to generate mocks to satisfy the interfaces.
-type STSAPI interface {
-	AssumeRole(*sts.AssumeRoleInput) (*sts.AssumeRoleOutput, error)
-	AssumeRoleWithContext(aws.Context, *sts.AssumeRoleInput, ...request.Option) (*sts.AssumeRoleOutput, error)
-	AssumeRoleRequest(*sts.AssumeRoleInput) (*request.Request, *sts.AssumeRoleOutput)
-
-	AssumeRoleWithSAML(*sts.AssumeRoleWithSAMLInput) (*sts.AssumeRoleWithSAMLOutput, error)
-	AssumeRoleWithSAMLWithContext(aws.Context, *sts.AssumeRoleWithSAMLInput, ...request.Option) (*sts.AssumeRoleWithSAMLOutput, error)
-	AssumeRoleWithSAMLRequest(*sts.AssumeRoleWithSAMLInput) (*request.Request, *sts.AssumeRoleWithSAMLOutput)
-
-	AssumeRoleWithWebIdentity(*sts.AssumeRoleWithWebIdentityInput) (*sts.AssumeRoleWithWebIdentityOutput, error)
-	AssumeRoleWithWebIdentityWithContext(aws.Context, *sts.AssumeRoleWithWebIdentityInput, ...request.Option) (*sts.AssumeRoleWithWebIdentityOutput, error)
-	AssumeRoleWithWebIdentityRequest(*sts.AssumeRoleWithWebIdentityInput) (*request.Request, *sts.AssumeRoleWithWebIdentityOutput)
-
-	DecodeAuthorizationMessage(*sts.DecodeAuthorizationMessageInput) (*sts.DecodeAuthorizationMessageOutput, error)
-	DecodeAuthorizationMessageWithContext(aws.Context, *sts.DecodeAuthorizationMessageInput, ...request.Option) (*sts.DecodeAuthorizationMessageOutput, error)
-	DecodeAuthorizationMessageRequest(*sts.DecodeAuthorizationMessageInput) (*request.Request, *sts.DecodeAuthorizationMessageOutput)
-
-	GetAccessKeyInfo(*sts.GetAccessKeyInfoInput) (*sts.GetAccessKeyInfoOutput, error)
-	GetAccessKeyInfoWithContext(aws.Context, *sts.GetAccessKeyInfoInput, ...request.Option) (*sts.GetAccessKeyInfoOutput, error)
-	GetAccessKeyInfoRequest(*sts.GetAccessKeyInfoInput) (*request.Request, *sts.GetAccessKeyInfoOutput)
-
-	GetCallerIdentity(*sts.GetCallerIdentityInput) (*sts.GetCallerIdentityOutput, error)
-	GetCallerIdentityWithContext(aws.Context, *sts.GetCallerIdentityInput, ...request.Option) (*sts.GetCallerIdentityOutput, error)
-	GetCallerIdentityRequest(*sts.GetCallerIdentityInput) (*request.Request, *sts.GetCallerIdentityOutput)
-
-	GetFederationToken(*sts.GetFederationTokenInput) (*sts.GetFederationTokenOutput, error)
-	GetFederationTokenWithContext(aws.Context, *sts.GetFederationTokenInput, ...request.Option) (*sts.GetFederationTokenOutput, error)
-	GetFederationTokenRequest(*sts.GetFederationTokenInput) (*request.Request, *sts.GetFederationTokenOutput)
-
-	GetSessionToken(*sts.GetSessionTokenInput) (*sts.GetSessionTokenOutput, error)
-	GetSessionTokenWithContext(aws.Context, *sts.GetSessionTokenInput, ...request.Option) (*sts.GetSessionTokenOutput, error)
-	GetSessionTokenRequest(*sts.GetSessionTokenInput) (*request.Request, *sts.GetSessionTokenOutput)
-}
-
-var _ STSAPI = (*sts.STS)(nil)
diff --git a/vendor/github.com/bshuster-repo/logrus-logstash-hook/.gitignore b/vendor/github.com/bshuster-repo/logrus-logstash-hook/.gitignore
deleted file mode 100644
index 420672329..000000000
--- a/vendor/github.com/bshuster-repo/logrus-logstash-hook/.gitignore
+++ /dev/null
@@ -1,26 +0,0 @@
-# Compiled Object files, Static and Dynamic libs (Shared Objects)
-*.o
-*.a
-*.so
-
-# Folders
-_obj
-_test
-.idea
-
-# Architecture specific extensions/prefixes
-*.[568vq]
-[568vq].out
-
-*.cgo1.go
-*.cgo2.c
-_cgo_defun.c
-_cgo_gotypes.go
-_cgo_export.*
-
-_testmain.go
-
-*.exe
-*.test
-*.prof
-*.iml
diff --git a/vendor/github.com/bshuster-repo/logrus-logstash-hook/.travis.yml b/vendor/github.com/bshuster-repo/logrus-logstash-hook/.travis.yml
deleted file mode 100644
index 0df15979a..000000000
--- a/vendor/github.com/bshuster-repo/logrus-logstash-hook/.travis.yml
+++ /dev/null
@@ -1,16 +0,0 @@
-language: go
-sudo: false
-
-go:
-  - "1.11.x"
-  - "1.12.x"
-  - "tip"
-
-install:
-  - # Skip
-
-script:
-  - go get -t -v ./...
-  - diff -u <(echo -n) <(gofmt -d .)
-  - go vet .
-  - go test -v -race ./...
diff --git a/vendor/github.com/bshuster-repo/logrus-logstash-hook/CHANGELOG.md b/vendor/github.com/bshuster-repo/logrus-logstash-hook/CHANGELOG.md
deleted file mode 100644
index 293d799a4..000000000
--- a/vendor/github.com/bshuster-repo/logrus-logstash-hook/CHANGELOG.md
+++ /dev/null
@@ -1,24 +0,0 @@
-# Changelog
-
-## 1.0
-
- * Remove the old API: `NewConnWith`, `WithPrefix` and etc and move to a simple `New` function.
- * Prefix is no longer supported in this package.
- * Change the Hook structure to have only two members: `logrus.Formatter` and `io.Writer`.
-
-## 0.4
-
- * Update the name of the package from `logrus_logstash` to `logrustash`
- * Add TimeFormat to Hook
- * Replace the old logrus package path: `github.com/Sirupsen/logrus` with `github.com/sirupsen/logrus` 
-
-## 0.3
-
- * Fix the Logstash format to set `@version` to `"1"`
- * Add unit-tests to logstash.go
- * Remove the assert package
- * Add prefix filtering
-
-## Before that (major changes)
-
- * Update LICENSE to MIT from GPL
diff --git a/vendor/github.com/bshuster-repo/logrus-logstash-hook/LICENSE b/vendor/github.com/bshuster-repo/logrus-logstash-hook/LICENSE
deleted file mode 100644
index 3fb4442f8..000000000
--- a/vendor/github.com/bshuster-repo/logrus-logstash-hook/LICENSE
+++ /dev/null
@@ -1,21 +0,0 @@
-The MIT License (MIT)
-
-Copyright (c) 2016 Boaz Shuster
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in
-all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-THE SOFTWARE.
\ No newline at end of file
diff --git a/vendor/github.com/bshuster-repo/logrus-logstash-hook/README.md b/vendor/github.com/bshuster-repo/logrus-logstash-hook/README.md
deleted file mode 100644
index f5cf16382..000000000
--- a/vendor/github.com/bshuster-repo/logrus-logstash-hook/README.md
+++ /dev/null
@@ -1,58 +0,0 @@
-# Logstash hook for logrus <img src="http://i.imgur.com/hTeVwmJ.png" width="40" height="40" alt=":walrus:" class="emoji" title=":walrus:" />
-[![Build Status](https://travis-ci.org/bshuster-repo/logrus-logstash-hook.svg?branch=master)](https://travis-ci.org/bshuster-repo/logrus-logstash-hook)
-[![Go Report Status](https://goreportcard.com/badge/github.com/bshuster-repo/logrus-logstash-hook)](https://goreportcard.com/report/github.com/bshuster-repo/logrus-logstash-hook)
-
-Use this hook to send the logs to [Logstash](https://www.elastic.co/products/logstash).
-
-# Usage
-
-```go
-package main
-
-import (
-        "github.com/bshuster-repo/logrus-logstash-hook"
-        "github.com/sirupsen/logrus"
-        "net"
-)
-
-func main() {
-        log := logrus.New()
-        conn, err := net.Dial("tcp", "logstash.mycompany.net:8911")
-        if err != nil {
-                log.Fatal(err)
-        }
-        hook := logrustash.New(conn, logrustash.DefaultFormatter(logrus.Fields{"type": "myappName"}))
-
-        log.Hooks.Add(hook)
-        ctx := log.WithFields(logrus.Fields{
-                "method": "main",
-        })
-        ctx.Info("Hello World!")
-}
-
-```
-
-This is how it will look like:
-
-```ruby
-{
-    "@timestamp" => "2016-02-29T16:57:23.000Z",
-      "@version" => "1",
-         "level" => "info",
-       "message" => "Hello World!",
-        "method" => "main",
-          "host" => "172.17.0.1",
-          "port" => 45199,
-          "type" => "myappName"
-}
-```
-
-# Maintainers
-
-Name         | Github    | Twitter    |
------------- | --------- | ---------- |
-Boaz Shuster | ripcurld0 | @ripcurld0 |
-
-# License
-
-MIT.
diff --git a/vendor/github.com/bshuster-repo/logrus-logstash-hook/hook.go b/vendor/github.com/bshuster-repo/logrus-logstash-hook/hook.go
deleted file mode 100644
index cd229a75e..000000000
--- a/vendor/github.com/bshuster-repo/logrus-logstash-hook/hook.go
+++ /dev/null
@@ -1,126 +0,0 @@
-package logrustash
-
-import (
-	"io"
-	"sync"
-
-	"github.com/sirupsen/logrus"
-)
-
-// Hook represents a Logstash hook.
-// It has two fields: writer to write the entry to Logstash and
-// formatter to format the entry to a Logstash format before sending.
-//
-// To initialize it use the `New` function.
-//
-type Hook struct {
-	writer    io.Writer
-	formatter logrus.Formatter
-}
-
-// New returns a new logrus.Hook for Logstash.
-//
-// To create a new hook that sends logs to `tcp://logstash.corp.io:9999`:
-//
-// conn, _ := net.Dial("tcp", "logstash.corp.io:9999")
-// hook := logrustash.New(conn, logrustash.DefaultFormatter())
-func New(w io.Writer, f logrus.Formatter) logrus.Hook {
-	return Hook{
-		writer:    w,
-		formatter: f,
-	}
-}
-
-// Fire takes, formats and sends the entry to Logstash.
-// Hook's formatter is used to format the entry into Logstash format
-// and Hook's writer is used to write the formatted entry to the Logstash instance.
-func (h Hook) Fire(e *logrus.Entry) error {
-	dataBytes, err := h.formatter.Format(e)
-	if err != nil {
-		return err
-	}
-	_, err = h.writer.Write(dataBytes)
-	return err
-}
-
-// Levels returns all logrus levels.
-func (h Hook) Levels() []logrus.Level {
-	return logrus.AllLevels
-}
-
-// Using a pool to re-use of old entries when formatting Logstash messages.
-// It is used in the Fire function.
-var entryPool = sync.Pool{
-	New: func() interface{} {
-		return &logrus.Entry{}
-	},
-}
-
-// copyEntry copies the entry `e` to a new entry and then adds all the fields in `fields` that are missing in the new entry data.
-// It uses `entryPool` to re-use allocated entries.
-func copyEntry(e *logrus.Entry, fields logrus.Fields) *logrus.Entry {
-	ne := entryPool.Get().(*logrus.Entry)
-	ne.Message = e.Message
-	ne.Level = e.Level
-	ne.Time = e.Time
-	ne.Data = logrus.Fields{}
-	for k, v := range fields {
-		ne.Data[k] = v
-	}
-	for k, v := range e.Data {
-		ne.Data[k] = v
-	}
-	return ne
-}
-
-// releaseEntry puts the given entry back to `entryPool`. It must be called if copyEntry is called.
-func releaseEntry(e *logrus.Entry) {
-	entryPool.Put(e)
-}
-
-// LogstashFormatter represents a Logstash format.
-// It has logrus.Formatter which formats the entry and logrus.Fields which
-// are added to the JSON message if not given in the entry data.
-//
-// Note: use the `DefaultFormatter` function to set a default Logstash formatter.
-type LogstashFormatter struct {
-	logrus.Formatter
-	logrus.Fields
-}
-
-var (
-	logstashFields   = logrus.Fields{"@version": "1", "type": "log"}
-	logstashFieldMap = logrus.FieldMap{
-		logrus.FieldKeyTime: "@timestamp",
-		logrus.FieldKeyMsg:  "message",
-	}
-)
-
-// DefaultFormatter returns a default Logstash formatter:
-// A JSON format with "@version" set to "1" (unless set differently in `fields`,
-// "type" to "log" (unless set differently in `fields`),
-// "@timestamp" to the log time and "message" to the log message.
-//
-// Note: to set a different configuration use the `LogstashFormatter` structure.
-func DefaultFormatter(fields logrus.Fields) logrus.Formatter {
-	for k, v := range logstashFields {
-		if _, ok := fields[k]; !ok {
-			fields[k] = v
-		}
-	}
-
-	return LogstashFormatter{
-		Formatter: &logrus.JSONFormatter{FieldMap: logstashFieldMap},
-		Fields:    fields,
-	}
-}
-
-// Format formats an entry to a Logstash format according to the given Formatter and Fields.
-//
-// Note: the given entry is copied and not changed during the formatting process.
-func (f LogstashFormatter) Format(e *logrus.Entry) ([]byte, error) {
-	ne := copyEntry(e, f.Fields)
-	dataBytes, err := f.Formatter.Format(ne)
-	releaseEntry(ne)
-	return dataBytes, err
-}
diff --git a/vendor/github.com/bugsnag/bugsnag-go/.travis.yml b/vendor/github.com/bugsnag/bugsnag-go/.travis.yml
deleted file mode 100644
index ddf3c136c..000000000
--- a/vendor/github.com/bugsnag/bugsnag-go/.travis.yml
+++ /dev/null
@@ -1,13 +0,0 @@
-language: go
-
-go:
-  - 1.3
-  - 1.4
-  - tip
-
-install:
-  - go get github.com/bugsnag/panicwrap
-  - go get github.com/bugsnag/osext
-  - go get github.com/bitly/go-simplejson
-  - go get github.com/revel/revel
-  - go get github.com/juju/loggo
diff --git a/vendor/github.com/bugsnag/bugsnag-go/CHANGELOG.md b/vendor/github.com/bugsnag/bugsnag-go/CHANGELOG.md
deleted file mode 100644
index 79f736f00..000000000
--- a/vendor/github.com/bugsnag/bugsnag-go/CHANGELOG.md
+++ /dev/null
@@ -1,22 +0,0 @@
-1.0.4
------
-
-- Fix appengine integration broken by 1.0.3
-
-1.0.3
------
-
-- Allow any Logger with a Printf method.
-
-1.0.2
------
-
-- Use bugsnag copies of dependencies to avoid potential link rot
-
-1.0.1
------
-
-- gofmt/golint/govet docs improvements.
-
-1.0.0
------
diff --git a/vendor/github.com/bugsnag/bugsnag-go/CONTRIBUTING.md b/vendor/github.com/bugsnag/bugsnag-go/CONTRIBUTING.md
deleted file mode 100644
index a665b401e..000000000
--- a/vendor/github.com/bugsnag/bugsnag-go/CONTRIBUTING.md
+++ /dev/null
@@ -1,78 +0,0 @@
-Contributing
-============
-
--   [Fork](https://help.github.com/articles/fork-a-repo) the [notifier on github](https://github.com/bugsnag/bugsnag-go)
--   Build and test your changes
--   Commit and push until you are happy with your contribution
--   [Make a pull request](https://help.github.com/articles/using-pull-requests)
--   Thanks!
-
-
-Installing the go development environment
--------------------------------------
-
-1.  Install homebrew
-
-    ```
-    ruby -e "$(curl -fsSL https://raw.github.com/Homebrew/homebrew/go/install)"
-    ```
-
-1. Install go
-
-    ```
-    brew install go --cross-compile-all
-    ```
-
-1. Configure `$GOPATH` in `~/.bashrc`
-
-    ```
-    export GOPATH="$HOME/go"
-    export PATH=$PATH:$GOPATH/bin
-    ```
-
-Installing the appengine development environment
-------------------------------------------------
-
-1. Follow the [Google instructions](https://cloud.google.com/appengine/downloads).
-
-Downloading the code
---------------------
-
-You can download the code and its dependencies using
-
-```
-go get -t github.com/bugsnag/bugsnag-go
-```
-
-It will be put into "$GOPATH/src/github.com/bugsnag/bugsnag-go"
-
-Then install depend
-
-
-Running Tests
--------------
-
-You can run the tests with
-
-```shell
-go test
-```
-
-If you've made significant changes, please also test the appengine integration with
-
-```shell
-goapp test
-```
-
-Releasing a New Version
------------------------
-
-If you are a project maintainer, you can build and release a new version of
-`bugsnag-go` as follows:
-
-1. Commit all your changes.
-2. Update the version number in `bugsnag.go`.
-3. Add an entry to `CHANGELOG.md` and update the README if necessary.
-4. commit tag and push
-
-    git commit -mv1.0.x && git tag v1.0.x && git push origin v1.0.x
diff --git a/vendor/github.com/bugsnag/bugsnag-go/LICENSE.txt b/vendor/github.com/bugsnag/bugsnag-go/LICENSE.txt
deleted file mode 100644
index 3cb0ec0ff..000000000
--- a/vendor/github.com/bugsnag/bugsnag-go/LICENSE.txt
+++ /dev/null
@@ -1,20 +0,0 @@
-Copyright (c) 2014 Bugsnag
-
-Permission is hereby granted, free of charge, to any person obtaining
-a copy of this software and associated documentation files (the
-"Software"), to deal in the Software without restriction, including
-without limitation the rights to use, copy, modify, merge, publish,
-distribute, sublicense, and/or sell copies of the Software, and to
-permit persons to whom the Software is furnished to do so, subject to
-the following conditions:
-
-The above copyright notice and this permission notice shall be
-included in all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/vendor/github.com/bugsnag/bugsnag-go/Makefile b/vendor/github.com/bugsnag/bugsnag-go/Makefile
deleted file mode 100644
index fbe61b67f..000000000
--- a/vendor/github.com/bugsnag/bugsnag-go/Makefile
+++ /dev/null
@@ -1,2 +0,0 @@
-default:
-	go test
diff --git a/vendor/github.com/bugsnag/bugsnag-go/README.md b/vendor/github.com/bugsnag/bugsnag-go/README.md
deleted file mode 100644
index 2b770fff0..000000000
--- a/vendor/github.com/bugsnag/bugsnag-go/README.md
+++ /dev/null
@@ -1,522 +0,0 @@
-Bugsnag Notifier for Golang
-===========================
-
-The Bugsnag Notifier for Golang gives you instant notification of panics, or
-unexpected errors, in your golang app. Any unhandled panics will trigger a
-notification to be sent to your Bugsnag project.
-
-[Bugsnag](http://bugsnag.com) captures errors in real-time from your web,
-mobile and desktop applications, helping you to understand and resolve them
-as fast as possible. [Create a free account](http://bugsnag.com) to start
-capturing exceptions from your applications.
-
-## How to Install
-
-1. Download the code
-
-    ```shell
-    go get github.com/bugsnag/bugsnag-go
-    ```
-
-### Using with net/http apps
-
-For a golang app based on [net/http](https://godoc.org/net/http), integrating
-Bugsnag takes two steps. You should also use these instructions if you're using
-the [gorilla toolkit](http://www.gorillatoolkit.org/), or the
-[pat](https://github.com/bmizerany/pat/) muxer.
-
-1. Configure bugsnag at the start of your `main()` function:
-
-    ```go
-    import "github.com/bugsnag/bugsnag-go"
-
-    func main() {
-        bugsnag.Configure(bugsnag.Configuration{
-            APIKey: "YOUR_API_KEY_HERE",
-            ReleaseStage: "production",
-            // more configuration options
-        })
-
-        // rest of your program.
-    }
-    ```
-
-2. Wrap your server in a [bugsnag.Handler](https://godoc.org/github.com/bugsnag/bugsnag-go/#Handler)
-
-    ```go
-    // a. If you're using the builtin http mux, you can just pass
-    //    bugsnag.Handler(nil) to http.ListenAndServer
-    http.ListenAndServe(":8080", bugsnag.Handler(nil))
-
-    // b. If you're creating a server manually yourself, you can set
-    //    its handlers the same way
-    srv := http.Server{
-        Handler: bugsnag.Handler(nil)
-    }
-
-    // c. If you're not using the builtin http mux, wrap your own handler
-    // (though make sure that it doesn't already catch panics)
-    http.ListenAndServe(":8080", bugsnag.Handler(handler))
-    ```
-
-### Using with Revel apps
-
-There are two steps to get panic handling in [revel](https://revel.github.io) apps.
-
-1. Add the `bugsnagrevel.Filter` immediately after the `revel.PanicFilter` in `app/init.go`:
-
-    ```go
-
-    import "github.com/bugsnag/bugsnag-go/revel"
-
-    revel.Filters = []revel.Filter{
-        revel.PanicFilter,
-        bugsnagrevel.Filter,
-        // ...
-    }
-    ```
-
-2. Set bugsnag.apikey in the top section of `conf/app.conf`.
-
-    ```
-    module.static=github.com/revel/revel/modules/static
-
-    bugsnag.apikey=YOUR_API_KEY_HERE
-
-    [dev]
-    ```
-
-### Using with Google App Engine
-
-1. Configure bugsnag at the start of your `init()` function:
-
-    ```go
-    import "github.com/bugsnag/bugsnag-go"
-
-    func init() {
-        bugsnag.Configure(bugsnag.Configuration{
-            APIKey: "YOUR_API_KEY_HERE",
-        })
-
-        // ...
-    }
-    ```
-
-2. Wrap *every* http.Handler or http.HandlerFunc with Bugsnag:
-
-    ```go
-    // a. If you're using HandlerFuncs
-    http.HandleFunc("/", bugsnag.HandlerFunc(
-        func (w http.ResponseWriter, r *http.Request) {
-            // ...
-        }))
-
-    // b. If you're using Handlers
-    http.Handle("/", bugsnag.Handler(myHttpHandler))
-    ```
-
-3. In order to use Bugsnag, you must provide the current
-[`appengine.Context`](https://developers.google.com/appengine/docs/go/reference#Context), or
-current `*http.Request` as rawData (This is done automatically for `bugsnag.Handler` and `bugsnag.HandlerFunc`).
-The easiest way to do this is to create a new instance of the notifier.
-
-    ```go
-    c := appengine.NewContext(r)
-    notifier := bugsnag.New(c)
-
-    if err != nil {
-        notifier.Notify(err)
-    }
-
-    go func () {
-        defer notifier.Recover()
-
-        // ...
-    }()
-    ```
-
-
-## Notifying Bugsnag manually
-
-Bugsnag will automatically handle any panics that crash your program and notify
-you of them. If you've integrated with `revel` or `net/http`, then you'll also
-be notified of any panics() that happen while processing a request.
-
-Sometimes however it's useful to manually notify Bugsnag of a problem. To do this,
-call [`bugsnag.Notify()`](https://godoc.org/github.com/bugsnag/bugsnag-go/#Notify)
-
-```go
-if err != nil {
-    bugsnag.Notify(err)
-}
-```
-
-### Manual panic handling
-
-To avoid a panic in a goroutine from crashing your entire app, you can use
-[`bugsnag.Recover()`](https://godoc.org/github.com/bugsnag/bugsnag-go/#Recover)
-to stop a panic from unwinding the stack any further. When `Recover()` is hit,
-it will send any current panic to Bugsnag and then stop panicking. This is
-most useful at the start of a goroutine:
-
-```go
-go func() {
-    defer bugsnag.Recover()
-
-    // ...
-}()
-```
-
-Alternatively you can use
-[`bugsnag.AutoNotify()`](https://godoc.org/github.com/bugsnag/bugsnag-go/#Recover)
-to notify bugsnag of a panic while letting the program continue to panic. This
-is useful if you're using a Framework that already has some handling of panics
-and you are retrofitting bugsnag support.
-
-```go
-defer bugsnag.AutoNotify()
-```
-
-## Sending Custom Data
-
-Most functions in the Bugsnag API, including `bugsnag.Notify()`,
-`bugsnag.Recover()`, `bugsnag.AutoNotify()`, and `bugsnag.Handler()` let you
-attach data to the notifications that they send. To do this you pass in rawData,
-which can be any of the supported types listed here. To add support for more
-types of rawData see [OnBeforeNotify](#custom-data-with-onbeforenotify).
-
-### Custom MetaData
-
-Custom metaData appears as tabs on Bugsnag.com. You can set it by passing
-a [`bugsnag.MetaData`](https://godoc.org/github.com/bugsnag/bugsnag-go/#MetaData)
-object as rawData.
-
-```go
-bugsnag.Notify(err,
-    bugsnag.MetaData{
-        "Account": {
-            "Name": Account.Name,
-            "Paying": Account.Plan.Premium,
-        },
-    })
-```
-
-### Request data
-
-Bugsnag can extract interesting data from
-[`*http.Request`](https://godoc.org/net/http/#Request) objects, and
-[`*revel.Controller`](https://godoc.org/github.com/revel/revel/#Controller)
-objects. These are automatically passed in when handling panics, and you can
-pass them yourself.
-
-```go
-func (w http.ResponseWriter, r *http.Request) {
-    bugsnag.Notify(err, r)
-}
-```
-
-### User data
-
-User data is searchable, and the `Id` powers the count of users affected. You
-can set which user an error affects by passing a
-[`bugsnag.User`](https://godoc.org/github.com/bugsnag/bugsnag-go/#User) object as
-rawData.
-
-```go
-bugsnag.Notify(err,
-    bugsnag.User{Id: "1234", Name: "Conrad", Email: "me@cirw.in"})
-```
-
-### Error Class
-
-Errors in your Bugsnag dashboard are grouped by their "error class" and by line number.
-You can override the error class by passing a
-[`bugsnag.ErrorClass`](https://godoc.org/github.com/bugsnag/bugsnag-go/#ErrorClass) object as
-rawData.
-
-```go
-bugsnag.Notify(err, bugsnag.ErrorClass{"I/O Timeout"})
-```
-
-### Context
-
-The context shows up prominently in the list view so that you can get an idea
-of where a problem occurred. You can set it by passing a
-[`bugsnag.Context`](https://godoc.org/github.com/bugsnag/bugsnag-go/#Context)
-object as rawData.
-
-```go
-bugsnag.Notify(err, bugsnag.Context{"backgroundJob"})
-```
-
-### Severity
-
-Bugsnag supports three severities, `SeverityError`, `SeverityWarning`, and `SeverityInfo`.
-You can set the severity of an error by passing one of these objects as rawData.
-
-```go
-bugsnag.Notify(err, bugsnag.SeverityInfo)
-```
-
-## Configuration
-
-You must call `bugsnag.Configure()` at the start of your program to use Bugsnag, you pass it
-a [`bugsnag.Configuration`](https://godoc.org/github.com/bugsnag/bugsnag-go/#Configuration) object
-containing any of the following values.
-
-### APIKey
-
-The Bugsnag API key can be found on your [Bugsnag dashboard](https://bugsnag.com) under "Settings".
-
-```go
-bugsnag.Configure(bugsnag.Configuration{
-    APIKey: "YOUR_API_KEY_HERE",
-})
-```
-
-### Endpoint
-
-The Bugsnag endpoint defaults to `https://notify.bugsnag.com/`. If you're using Bugsnag enterprise,
-you should set this to the endpoint of your local instance.
-
-```go
-bugsnag.Configure(bugsnag.Configuration{
-    Endpoint: "http://bugsnag.internal:49000/",
-})
-```
-
-### ReleaseStage
-
-The ReleaseStage tracks where your app is deployed. You should set this to `production`, `staging`,
-`development` or similar as appropriate.
-
-```go
-bugsnag.Configure(bugsnag.Configuration{
-    ReleaseStage: "development",
-})
-```
-
-### NotifyReleaseStages
-
-The list of ReleaseStages to notify in. By default Bugsnag will notify you in all release stages, but
-you can use this to silence development errors.
-
-```go
-bugsnag.Configure(bugsnag.Configuration{
-    NotifyReleaseStages: []string{"production", "staging"},
-})
-```
-
-### AppVersion
-
-If you use a versioning scheme for deploys of your app, Bugsnag can use the `AppVersion` to only
-re-open errors if they occur in later version of the app.
-
-```go
-bugsnag.Configure(bugsnag.Configuration{
-    AppVersion: "1.2.3",
-})
-```
-
-### Hostname
-
-The hostname is used to track where exceptions are coming from in the Bugsnag dashboard. The
-default value is obtained from `os.Hostname()` so you won't often need to change this.
-
-```go
-bugsnag.Configure(bugsnag.Configuration{
-    Hostname: "go1",
-})
-```
-
-### ProjectPackages
-
-In order to determine where a crash happens Bugsnag needs to know which packages you consider to
-be part of your app (as opposed to a library). By default this is set to `[]string{"main*"}`. Strings
-are matched to package names using [`filepath.Match`](http://godoc.org/path/filepath#Match).
-
-```go
-bugsnag.Configure(bugsnag.Configuration{
-    ProjectPackages: []string{"main", "github.com/domain/myapp/*"},
-}
-```
-
-### ParamsFilters
-
-Sometimes sensitive data is accidentally included in Bugsnag MetaData. You can remove it by
-setting `ParamsFilters`. Any key in the `MetaData` that includes any string in the filters
-will be redacted. The default is `[]string{"password", "secret"}`, which prevents fields like
-`password`, `password_confirmation` and `secret_answer` from being sent.
-
-```go
-bugsnag.Configure(bugsnag.Configuration{
-    ParamsFilters: []string{"password", "secret"},
-}
-```
-
-### Logger
-
-The Logger to write to in case of an error inside Bugsnag. This defaults to the global logger.
-
-```go
-bugsnag.Configure(bugsnag.Configuration{
-    Logger: app.Logger,
-}
-```
-
-### PanicHandler
-
-The first time Bugsnag is configured, it wraps the running program in a panic
-handler using [panicwrap](http://godoc.org/github.com/ConradIrwin/panicwrap). This
-forks a sub-process which monitors unhandled panics. To prevent this, set
-`PanicHandler` to `func() {}` the first time you call
-`bugsnag.Configure`. This will prevent bugsnag from being able to notify you about
-unhandled panics.
-
-```go
-bugsnag.Configure(bugsnag.Configuration{
-    PanicHandler: func() {},
-})
-```
-
-### Synchronous
-
-Bugsnag usually starts a new goroutine before sending notifications. This means
-that notifications can be lost if you do a bugsnag.Notify and then immediately
-os.Exit. To avoid this problem, set Bugsnag to Synchronous (or just `panic()`
-instead ;).
-
-```go
-bugsnag.Configure(bugsnag.Configuration{
-    Synchronous: true
-})
-```
-
-Or just for one error:
-
-```go
-bugsnag.Notify(err, bugsnag.Configuration{Synchronous: true})
-```
-
-### Transport
-
-The transport configures how Bugsnag makes http requests. By default we use
-[`http.DefaultTransport`](http://godoc.org/net/http#RoundTripper) which handles
-HTTP proxies automatically using the `$HTTP_PROXY` environment variable.
-
-```go
-bugsnag.Configure(bugsnag.Configuration{
-    Transport: http.DefaultTransport,
-})
-```
-
-## Custom data with OnBeforeNotify
-
-While it's nice that you can pass `MetaData` directly into `bugsnag.Notify`,
-`bugsnag.AutoNotify`, and `bugsnag.Recover`, this can be a bit cumbersome and
-inefficient — you're constructing the meta-data whether or not it will actually
-be used.  A better idea is to pass raw data in to these functions, and add an
-`OnBeforeNotify` filter that converts them into `MetaData`.
-
-For example, lets say our system processes jobs:
-
-```go
-type Job struct{
-    Retry     bool
-    UserId    string
-    UserEmail string
-    Name      string
-    Params    map[string]string
-}
-```
-
-You can pass a job directly into Bugsnag.notify:
-
-```go
-bugsnag.Notify(err, job)
-```
-
-And then add a filter to extract information from that job and attach it to the
-Bugsnag event:
-
-```go
-bugsnag.OnBeforeNotify(
-    func(event *bugsnag.Event, config *bugsnag.Configuration) error {
-
-        // Search all the RawData for any *Job pointers that we're passed in
-        // to bugsnag.Notify() and friends.
-        for _, datum := range event.RawData {
-            if job, ok := datum.(*Job); ok {
-                // don't notify bugsnag about errors in retries
-                if job.Retry {
-                    return fmt.Errorf("not notifying about retried jobs")
-                }
-
-                // add the job as a tab on Bugsnag.com
-                event.MetaData.AddStruct("Job", job)
-
-                // set the user correctly
-                event.User = &User{Id: job.UserId, Email: job.UserEmail}
-            }
-        }
-
-        // continue notifying as normal
-        return nil
-    })
-```
-
-## Advanced Usage
-
-If you want to have multiple different configurations around in one program,
-you can use `bugsnag.New()` to create multiple independent instances of
-Bugsnag. You can use these without calling `bugsnag.Configure()`, but bear in
-mind that until you call `bugsnag.Configure()` unhandled panics will not be
-sent to bugsnag.
-
-```go
-notifier := bugsnag.New(bugsnag.Configuration{
-    APIKey: "YOUR_OTHER_API_KEY",
-})
-```
-
-In fact any place that lets you pass in `rawData` also allows you to pass in
-configuration.  For example to send http errors to one bugsnag project, you
-could do:
-
-```go
-bugsnag.Handler(nil, bugsnag.Configuration{APIKey: "YOUR_OTHER_API_KEY"})
-```
-
-### GroupingHash
-
-If you need to override Bugsnag's grouping algorithm, you can set the
-`GroupingHash` in an `OnBeforeNotify`:
-
-```go
-bugsnag.OnBeforeNotify(
-    func (event *bugsnag.Event, config *bugsnag.Configuration) error {
-        event.GroupingHash = calculateGroupingHash(event)
-        return nil
-    })
-```
-
-### Skipping lines in stacktrace
-
-If you have your own logging wrapper all of your errors will appear to
-originate from inside it. You can avoid this problem by constructing
-an error with a stacktrace manually, and then passing that to Bugsnag.notify:
-
-```go
-import (
-    "github.com/bugsnag/bugsnag-go"
-    "github.com/bugsnag/bugsnag-go/errors"
-)
-
-func LogError(e error) {
-    // 1 removes one line of stacktrace, so the caller of LogError
-    // will be at the top.
-    e = errors.New(e, 1)
-    bugsnag.Notify(e)
-}
-```
-
diff --git a/vendor/github.com/bugsnag/bugsnag-go/appengine.go b/vendor/github.com/bugsnag/bugsnag-go/appengine.go
deleted file mode 100644
index 81e25069c..000000000
--- a/vendor/github.com/bugsnag/bugsnag-go/appengine.go
+++ /dev/null
@@ -1,81 +0,0 @@
-// +build appengine
-
-package bugsnag
-
-import (
-	"appengine"
-	"appengine/urlfetch"
-	"appengine/user"
-	"fmt"
-	"log"
-	"net/http"
-)
-
-func defaultPanicHandler() {}
-
-func init() {
-	OnBeforeNotify(appengineMiddleware)
-}
-
-func appengineMiddleware(event *Event, config *Configuration) (err error) {
-	var c appengine.Context
-
-	for _, datum := range event.RawData {
-		if r, ok := datum.(*http.Request); ok {
-			c = appengine.NewContext(r)
-			break
-		} else if context, ok := datum.(appengine.Context); ok {
-			c = context
-			break
-		}
-	}
-
-	if c == nil {
-		return fmt.Errorf("No appengine context given")
-	}
-
-	// You can only use the builtin http library if you pay for appengine,
-	// so we use the appengine urlfetch service instead.
-	config.Transport = &urlfetch.Transport{
-		Context: c,
-	}
-
-	// Anything written to stderr/stdout is discarded, so lets log to the request.
-
-	if configuredLogger, ok := config.Logger.(*log.Logger); ok {
-		config.Logger = log.New(appengineWriter{c}, configuredLogger.Prefix(), configuredLogger.Flags())
-	} else {
-		config.Logger = log.New(appengineWriter{c}, log.Prefix(), log.Flags())
-	}
-
-	// Set the releaseStage appropriately
-	if config.ReleaseStage == "" {
-		if appengine.IsDevAppServer() {
-			config.ReleaseStage = "development"
-		} else {
-			config.ReleaseStage = "production"
-		}
-	}
-
-	if event.User == nil {
-		u := user.Current(c)
-		if u != nil {
-			event.User = &User{
-				Id:    u.ID,
-				Email: u.Email,
-			}
-		}
-	}
-
-	return nil
-}
-
-// Convert an appengine.Context into an io.Writer so we can create a log.Logger.
-type appengineWriter struct {
-	appengine.Context
-}
-
-func (c appengineWriter) Write(b []byte) (int, error) {
-	c.Warningf(string(b))
-	return len(b), nil
-}
diff --git a/vendor/github.com/bugsnag/bugsnag-go/bugsnag.go b/vendor/github.com/bugsnag/bugsnag-go/bugsnag.go
deleted file mode 100644
index e9bbf4656..000000000
--- a/vendor/github.com/bugsnag/bugsnag-go/bugsnag.go
+++ /dev/null
@@ -1,131 +0,0 @@
-package bugsnag
-
-import (
-	"github.com/bugsnag/bugsnag-go/errors"
-	"log"
-	"net/http"
-	"os"
-	"sync"
-
-	// Fixes a bug with SHA-384 intermediate certs on some platforms.
-	// - https://github.com/bugsnag/bugsnag-go/issues/9
-	_ "crypto/sha512"
-)
-
-// The current version of bugsnag-go.
-const VERSION = "1.0.3"
-
-var once sync.Once
-var middleware middlewareStack
-
-// The configuration for the default bugsnag notifier.
-var Config Configuration
-
-var defaultNotifier = Notifier{&Config, nil}
-
-// Configure Bugsnag. The only required setting is the APIKey, which can be
-// obtained by clicking on "Settings" in your Bugsnag dashboard. This function
-// is also responsible for installing the global panic handler, so it should be
-// called as early as possible in your initialization process.
-func Configure(config Configuration) {
-	Config.update(&config)
-	once.Do(Config.PanicHandler)
-}
-
-// Notify sends an error to Bugsnag along with the current stack trace. The
-// rawData is used to send extra information along with the error. For example
-// you can pass the current http.Request to Bugsnag to see information about it
-// in the dashboard, or set the severity of the notification.
-func Notify(err error, rawData ...interface{}) error {
-	return defaultNotifier.Notify(errors.New(err, 1), rawData...)
-}
-
-// AutoNotify logs a panic on a goroutine and then repanics.
-// It should only be used in places that have existing panic handlers further
-// up the stack. See bugsnag.Recover().  The rawData is used to send extra
-// information along with any panics that are handled this way.
-// Usage: defer bugsnag.AutoNotify()
-func AutoNotify(rawData ...interface{}) {
-	if err := recover(); err != nil {
-		rawData = defaultNotifier.addDefaultSeverity(rawData, SeverityError)
-		defaultNotifier.Notify(errors.New(err, 2), rawData...)
-		panic(err)
-	}
-}
-
-// Recover logs a panic on a goroutine and then recovers.
-// The rawData is used to send extra information along with
-// any panics that are handled this way
-// Usage: defer bugsnag.Recover()
-func Recover(rawData ...interface{}) {
-	if err := recover(); err != nil {
-		rawData = defaultNotifier.addDefaultSeverity(rawData, SeverityWarning)
-		defaultNotifier.Notify(errors.New(err, 2), rawData...)
-	}
-}
-
-// OnBeforeNotify adds a callback to be run before a notification is sent to
-// Bugsnag.  It can be used to modify the event or its MetaData. Changes made
-// to the configuration are local to notifying about this event. To prevent the
-// event from being sent to Bugsnag return an error, this error will be
-// returned from bugsnag.Notify() and the event will not be sent.
-func OnBeforeNotify(callback func(event *Event, config *Configuration) error) {
-	middleware.OnBeforeNotify(callback)
-}
-
-// Handler creates an http Handler that notifies Bugsnag any panics that
-// happen. It then repanics so that the default http Server panic handler can
-// handle the panic too. The rawData is used to send extra information along
-// with any panics that are handled this way.
-func Handler(h http.Handler, rawData ...interface{}) http.Handler {
-	notifier := New(rawData...)
-	if h == nil {
-		h = http.DefaultServeMux
-	}
-
-	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		defer notifier.AutoNotify(r)
-		h.ServeHTTP(w, r)
-	})
-}
-
-// HandlerFunc creates an http HandlerFunc that notifies Bugsnag about any
-// panics that happen. It then repanics so that the default http Server panic
-// handler can handle the panic too. The rawData is used to send extra
-// information along with any panics that are handled this way. If you have
-// already wrapped your http server using bugsnag.Handler() you don't also need
-// to wrap each HandlerFunc.
-func HandlerFunc(h http.HandlerFunc, rawData ...interface{}) http.HandlerFunc {
-	notifier := New(rawData...)
-
-	return func(w http.ResponseWriter, r *http.Request) {
-		defer notifier.AutoNotify(r)
-		h(w, r)
-	}
-}
-
-func init() {
-	// Set up builtin middlewarez
-	OnBeforeNotify(httpRequestMiddleware)
-
-	// Default configuration
-	Config.update(&Configuration{
-		APIKey:        "",
-		Endpoint:      "https://notify.bugsnag.com/",
-		Hostname:      "",
-		AppVersion:    "",
-		ReleaseStage:  "",
-		ParamsFilters: []string{"password", "secret"},
-		// * for app-engine
-		ProjectPackages:     []string{"main*"},
-		NotifyReleaseStages: nil,
-		Logger:              log.New(os.Stdout, log.Prefix(), log.Flags()),
-		PanicHandler:        defaultPanicHandler,
-		Transport:           http.DefaultTransport,
-	})
-
-	hostname, err := os.Hostname()
-	if err == nil {
-		Config.Hostname = hostname
-	}
-}
diff --git a/vendor/github.com/bugsnag/bugsnag-go/configuration.go b/vendor/github.com/bugsnag/bugsnag-go/configuration.go
deleted file mode 100644
index 962f4bc62..000000000
--- a/vendor/github.com/bugsnag/bugsnag-go/configuration.go
+++ /dev/null
@@ -1,161 +0,0 @@
-package bugsnag
-
-import (
-	"log"
-	"net/http"
-	"path/filepath"
-	"strings"
-)
-
-// Configuration sets up and customizes communication with the Bugsnag API.
-type Configuration struct {
-	// Your Bugsnag API key, e.g. "c9d60ae4c7e70c4b6c4ebd3e8056d2b8". You can
-	// find this by clicking Settings on https://bugsnag.com/.
-	APIKey string
-	// The Endpoint to notify about crashes. This defaults to
-	// "https://notify.bugsnag.com/", if you're using Bugsnag Enterprise then
-	// set it to your internal Bugsnag endpoint.
-	Endpoint string
-
-	// The current release stage. This defaults to "production" and is used to
-	// filter errors in the Bugsnag dashboard.
-	ReleaseStage string
-	// The currently running version of the app. This is used to filter errors
-	// in the Bugsnag dasboard. If you set this then Bugsnag will only re-open
-	// resolved errors if they happen in different app versions.
-	AppVersion string
-	// The hostname of the current server. This defaults to the return value of
-	// os.Hostname() and is graphed in the Bugsnag dashboard.
-	Hostname string
-
-	// The Release stages to notify in. If you set this then bugsnag-go will
-	// only send notifications to Bugsnag if the ReleaseStage is listed here.
-	NotifyReleaseStages []string
-
-	// packages that are part of your app. Bugsnag uses this to determine how
-	// to group errors and how to display them on your dashboard. You should
-	// include any packages that are part of your app, and exclude libraries
-	// and helpers. You can list wildcards here, and they'll be expanded using
-	// filepath.Glob. The default value is []string{"main*"}
-	ProjectPackages []string
-
-	// Any meta-data that matches these filters will be marked as [REDACTED]
-	// before sending a Notification to Bugsnag. It defaults to
-	// []string{"password", "secret"} so that request parameters like password,
-	// password_confirmation and auth_secret will not be sent to Bugsnag.
-	ParamsFilters []string
-
-	// The PanicHandler is used by Bugsnag to catch unhandled panics in your
-	// application. The default panicHandler uses mitchellh's panicwrap library,
-	// and you can disable this feature by passing an empty: func() {}
-	PanicHandler func()
-
-	// The logger that Bugsnag should log to. Uses the same defaults as go's
-	// builtin logging package. bugsnag-go logs whenever it notifies Bugsnag
-	// of an error, and when any error occurs inside the library itself.
-	Logger interface {
-		Printf(format string, v ...interface{}) // limited to the functions used
-	}
-	// The http Transport to use, defaults to the default http Transport. This
-	// can be configured if you are in an environment like Google App Engine
-	// that has stringent conditions on making http requests.
-	Transport http.RoundTripper
-	// Whether bugsnag should notify synchronously. This defaults to false which
-	// causes bugsnag-go to spawn a new goroutine for each notification.
-	Synchronous bool
-	// TODO: remember to update the update() function when modifying this struct
-}
-
-func (config *Configuration) update(other *Configuration) *Configuration {
-	if other.APIKey != "" {
-		config.APIKey = other.APIKey
-	}
-	if other.Endpoint != "" {
-		config.Endpoint = other.Endpoint
-	}
-	if other.Hostname != "" {
-		config.Hostname = other.Hostname
-	}
-	if other.AppVersion != "" {
-		config.AppVersion = other.AppVersion
-	}
-	if other.ReleaseStage != "" {
-		config.ReleaseStage = other.ReleaseStage
-	}
-	if other.ParamsFilters != nil {
-		config.ParamsFilters = other.ParamsFilters
-	}
-	if other.ProjectPackages != nil {
-		config.ProjectPackages = other.ProjectPackages
-	}
-	if other.Logger != nil {
-		config.Logger = other.Logger
-	}
-	if other.NotifyReleaseStages != nil {
-		config.NotifyReleaseStages = other.NotifyReleaseStages
-	}
-	if other.PanicHandler != nil {
-		config.PanicHandler = other.PanicHandler
-	}
-	if other.Transport != nil {
-		config.Transport = other.Transport
-	}
-	if other.Synchronous {
-		config.Synchronous = true
-	}
-
-	return config
-}
-
-func (config *Configuration) merge(other *Configuration) *Configuration {
-	return config.clone().update(other)
-}
-
-func (config *Configuration) clone() *Configuration {
-	clone := *config
-	return &clone
-}
-
-func (config *Configuration) isProjectPackage(pkg string) bool {
-	for _, p := range config.ProjectPackages {
-		if match, _ := filepath.Match(p, pkg); match {
-			return true
-		}
-	}
-	return false
-}
-
-func (config *Configuration) stripProjectPackages(file string) string {
-	for _, p := range config.ProjectPackages {
-		if len(p) > 2 && p[len(p)-2] == '/' && p[len(p)-1] == '*' {
-			p = p[:len(p)-1]
-		} else {
-			p = p + "/"
-		}
-		if strings.HasPrefix(file, p) {
-			return strings.TrimPrefix(file, p)
-		}
-	}
-
-	return file
-}
-
-func (config *Configuration) log(fmt string, args ...interface{}) {
-	if config != nil && config.Logger != nil {
-		config.Logger.Printf(fmt, args...)
-	} else {
-		log.Printf(fmt, args...)
-	}
-}
-
-func (config *Configuration) notifyInReleaseStage() bool {
-	if config.NotifyReleaseStages == nil {
-		return true
-	}
-	for _, r := range config.NotifyReleaseStages {
-		if r == config.ReleaseStage {
-			return true
-		}
-	}
-	return false
-}
diff --git a/vendor/github.com/bugsnag/bugsnag-go/doc.go b/vendor/github.com/bugsnag/bugsnag-go/doc.go
deleted file mode 100644
index 827e03b8b..000000000
--- a/vendor/github.com/bugsnag/bugsnag-go/doc.go
+++ /dev/null
@@ -1,69 +0,0 @@
-/*
-Package bugsnag captures errors in real-time and reports them to Bugsnag (http://bugsnag.com).
-
-Using bugsnag-go is a three-step process.
-
-1. As early as possible in your program configure the notifier with your APIKey. This sets up
-handling of panics that would otherwise crash your app.
-
-	func init() {
-		bugsnag.Configure(bugsnag.Configuration{
-			APIKey: "YOUR_API_KEY_HERE",
-		})
-	}
-
-2. Add bugsnag to places that already catch panics. For example you should add it to the HTTP server
-when you call ListenAndServer:
-
-	http.ListenAndServe(":8080", bugsnag.Handler(nil))
-
-If that's not possible, for example because you're using Google App Engine, you can also wrap each
-HTTP handler manually:
-
-	http.HandleFunc("/" bugsnag.HandlerFunc(func (w http.ResponseWriter, r *http.Request) {
-		...
-	})
-
-3. To notify Bugsnag of an error that is not a panic, pass it to bugsnag.Notify. This will also
-log the error message using the configured Logger.
-
-	if err != nil {
-		bugsnag.Notify(err)
-	}
-
-For detailed integration instructions see https://bugsnag.com/docs/notifiers/go.
-
-Configuration
-
-The only required configuration is the Bugsnag API key which can be obtained by clicking "Settings"
-on the top of https://bugsnag.com/ after signing up. We also recommend you set the ReleaseStage
-and AppVersion if these make sense for your deployment workflow.
-
-RawData
-
-If you need to attach extra data to Bugsnag notifications you can do that using
-the rawData mechanism.  Most of the functions that send errors to Bugsnag allow
-you to pass in any number of interface{} values as rawData. The rawData can
-consist of the Severity, Context, User or MetaData types listed below, and
-there is also builtin support for *http.Requests.
-
-	bugsnag.Notify(err, bugsnag.SeverityError)
-
-If you want to add custom tabs to your bugsnag dashboard you can pass any value in as rawData,
-and then process it into the event's metadata using a bugsnag.OnBeforeNotify() hook.
-
-	bugsnag.Notify(err, account)
-
-	bugsnag.OnBeforeNotify(func (e *bugsnag.Event, c *bugsnag.Configuration) {
-		for datum := range e.RawData {
-			if account, ok := datum.(Account); ok {
-				e.MetaData.Add("account", "name", account.Name)
-				e.MetaData.Add("account", "url", account.URL)
-			}
-		}
-	})
-
-If necessary you can pass Configuration in as rawData, or modify the Configuration object passed
-into OnBeforeNotify hooks. Configuration passed in this way only affects the current notification.
-*/
-package bugsnag
diff --git a/vendor/github.com/bugsnag/bugsnag-go/errors/README.md b/vendor/github.com/bugsnag/bugsnag-go/errors/README.md
deleted file mode 100644
index 8d8e097aa..000000000
--- a/vendor/github.com/bugsnag/bugsnag-go/errors/README.md
+++ /dev/null
@@ -1,6 +0,0 @@
-Adds stacktraces to errors in golang.
-
-This was made to help build the Bugsnag notifier but can be used standalone if
-you like to have stacktraces on errors.
-
-See [Godoc](https://godoc.org/github.com/bugsnag/bugsnag-go/errors) for the API docs.
diff --git a/vendor/github.com/bugsnag/bugsnag-go/errors/error.go b/vendor/github.com/bugsnag/bugsnag-go/errors/error.go
deleted file mode 100644
index 0081c0a80..000000000
--- a/vendor/github.com/bugsnag/bugsnag-go/errors/error.go
+++ /dev/null
@@ -1,90 +0,0 @@
-// Package errors provides errors that have stack-traces.
-package errors
-
-import (
-	"bytes"
-	"fmt"
-	"reflect"
-	"runtime"
-)
-
-// The maximum number of stackframes on any error.
-var MaxStackDepth = 50
-
-// Error is an error with an attached stacktrace. It can be used
-// wherever the builtin error interface is expected.
-type Error struct {
-	Err    error
-	stack  []uintptr
-	frames []StackFrame
-}
-
-// New makes an Error from the given value. If that value is already an
-// error then it will be used directly, if not, it will be passed to
-// fmt.Errorf("%v"). The skip parameter indicates how far up the stack
-// to start the stacktrace. 0 is from the current call, 1 from its caller, etc.
-func New(e interface{}, skip int) *Error {
-	var err error
-
-	switch e := e.(type) {
-	case *Error:
-		return e
-	case error:
-		err = e
-	default:
-		err = fmt.Errorf("%v", e)
-	}
-
-	stack := make([]uintptr, MaxStackDepth)
-	length := runtime.Callers(2+skip, stack[:])
-	return &Error{
-		Err:   err,
-		stack: stack[:length],
-	}
-}
-
-// Errorf creates a new error with the given message. You can use it
-// as a drop-in replacement for fmt.Errorf() to provide descriptive
-// errors in return values.
-func Errorf(format string, a ...interface{}) *Error {
-	return New(fmt.Errorf(format, a...), 1)
-}
-
-// Error returns the underlying error's message.
-func (err *Error) Error() string {
-	return err.Err.Error()
-}
-
-// Stack returns the callstack formatted the same way that go does
-// in runtime/debug.Stack()
-func (err *Error) Stack() []byte {
-	buf := bytes.Buffer{}
-
-	for _, frame := range err.StackFrames() {
-		buf.WriteString(frame.String())
-	}
-
-	return buf.Bytes()
-}
-
-// StackFrames returns an array of frames containing information about the
-// stack.
-func (err *Error) StackFrames() []StackFrame {
-	if err.frames == nil {
-		err.frames = make([]StackFrame, len(err.stack))
-
-		for i, pc := range err.stack {
-			err.frames[i] = NewStackFrame(pc)
-		}
-	}
-
-	return err.frames
-}
-
-// TypeName returns the type this error. e.g. *errors.stringError.
-func (err *Error) TypeName() string {
-	if _, ok := err.Err.(uncaughtPanic); ok {
-		return "panic"
-	}
-	return reflect.TypeOf(err.Err).String()
-}
diff --git a/vendor/github.com/bugsnag/bugsnag-go/errors/parse_panic.go b/vendor/github.com/bugsnag/bugsnag-go/errors/parse_panic.go
deleted file mode 100644
index cc37052d7..000000000
--- a/vendor/github.com/bugsnag/bugsnag-go/errors/parse_panic.go
+++ /dev/null
@@ -1,127 +0,0 @@
-package errors
-
-import (
-	"strconv"
-	"strings"
-)
-
-type uncaughtPanic struct{ message string }
-
-func (p uncaughtPanic) Error() string {
-	return p.message
-}
-
-// ParsePanic allows you to get an error object from the output of a go program
-// that panicked. This is particularly useful with https://github.com/mitchellh/panicwrap.
-func ParsePanic(text string) (*Error, error) {
-	lines := strings.Split(text, "\n")
-
-	state := "start"
-
-	var message string
-	var stack []StackFrame
-
-	for i := 0; i < len(lines); i++ {
-		line := lines[i]
-
-		if state == "start" {
-			if strings.HasPrefix(line, "panic: ") {
-				message = strings.TrimPrefix(line, "panic: ")
-				state = "seek"
-			} else {
-				return nil, Errorf("bugsnag.panicParser: Invalid line (no prefix): %s", line)
-			}
-
-		} else if state == "seek" {
-			if strings.HasPrefix(line, "goroutine ") && strings.HasSuffix(line, "[running]:") {
-				state = "parsing"
-			}
-
-		} else if state == "parsing" {
-			if line == "" {
-				state = "done"
-				break
-			}
-			createdBy := false
-			if strings.HasPrefix(line, "created by ") {
-				line = strings.TrimPrefix(line, "created by ")
-				createdBy = true
-			}
-
-			i++
-
-			if i >= len(lines) {
-				return nil, Errorf("bugsnag.panicParser: Invalid line (unpaired): %s", line)
-			}
-
-			frame, err := parsePanicFrame(line, lines[i], createdBy)
-			if err != nil {
-				return nil, err
-			}
-
-			stack = append(stack, *frame)
-			if createdBy {
-				state = "done"
-				break
-			}
-		}
-	}
-
-	if state == "done" || state == "parsing" {
-		return &Error{Err: uncaughtPanic{message}, frames: stack}, nil
-	}
-	return nil, Errorf("could not parse panic: %v", text)
-}
-
-// The lines we're passing look like this:
-//
-//     main.(*foo).destruct(0xc208067e98)
-//             /0/go/src/github.com/bugsnag/bugsnag-go/pan/main.go:22 +0x151
-func parsePanicFrame(name string, line string, createdBy bool) (*StackFrame, error) {
-	idx := strings.LastIndex(name, "(")
-	if idx == -1 && !createdBy {
-		return nil, Errorf("bugsnag.panicParser: Invalid line (no call): %s", name)
-	}
-	if idx != -1 {
-		name = name[:idx]
-	}
-	pkg := ""
-
-	if lastslash := strings.LastIndex(name, "/"); lastslash >= 0 {
-		pkg += name[:lastslash] + "/"
-		name = name[lastslash+1:]
-	}
-	if period := strings.Index(name, "."); period >= 0 {
-		pkg += name[:period]
-		name = name[period+1:]
-	}
-
-	name = strings.Replace(name, "·", ".", -1)
-
-	if !strings.HasPrefix(line, "\t") {
-		return nil, Errorf("bugsnag.panicParser: Invalid line (no tab): %s", line)
-	}
-
-	idx = strings.LastIndex(line, ":")
-	if idx == -1 {
-		return nil, Errorf("bugsnag.panicParser: Invalid line (no line number): %s", line)
-	}
-	file := line[1:idx]
-
-	number := line[idx+1:]
-	if idx = strings.Index(number, " +"); idx > -1 {
-		number = number[:idx]
-	}
-
-	lno, err := strconv.ParseInt(number, 10, 32)
-	if err != nil {
-		return nil, Errorf("bugsnag.panicParser: Invalid line (bad line number): %s", line)
-	}
-
-	return &StackFrame{
-		File:       file,
-		LineNumber: int(lno),
-		Package:    pkg,
-		Name:       name,
-	}, nil
-}
diff --git a/vendor/github.com/bugsnag/bugsnag-go/errors/stackframe.go b/vendor/github.com/bugsnag/bugsnag-go/errors/stackframe.go
deleted file mode 100644
index 4edadbc58..000000000
--- a/vendor/github.com/bugsnag/bugsnag-go/errors/stackframe.go
+++ /dev/null
@@ -1,97 +0,0 @@
-package errors
-
-import (
-	"bytes"
-	"fmt"
-	"io/ioutil"
-	"runtime"
-	"strings"
-)
-
-// A StackFrame contains all necessary information about to generate a line
-// in a callstack.
-type StackFrame struct {
-	File           string
-	LineNumber     int
-	Name           string
-	Package        string
-	ProgramCounter uintptr
-}
-
-// NewStackFrame popoulates a stack frame object from the program counter.
-func NewStackFrame(pc uintptr) (frame StackFrame) {
-
-	frame = StackFrame{ProgramCounter: pc}
-	if frame.Func() == nil {
-		return
-	}
-	frame.Package, frame.Name = packageAndName(frame.Func())
-
-	// pc -1 because the program counters we use are usually return addresses,
-	// and we want to show the line that corresponds to the function call
-	frame.File, frame.LineNumber = frame.Func().FileLine(pc - 1)
-	return
-
-}
-
-// Func returns the function that this stackframe corresponds to
-func (frame *StackFrame) Func() *runtime.Func {
-	if frame.ProgramCounter == 0 {
-		return nil
-	}
-	return runtime.FuncForPC(frame.ProgramCounter)
-}
-
-// String returns the stackframe formatted in the same way as go does
-// in runtime/debug.Stack()
-func (frame *StackFrame) String() string {
-	str := fmt.Sprintf("%s:%d (0x%x)\n", frame.File, frame.LineNumber, frame.ProgramCounter)
-
-	source, err := frame.SourceLine()
-	if err != nil {
-		return str
-	}
-
-	return str + fmt.Sprintf("\t%s: %s\n", frame.Name, source)
-}
-
-// SourceLine gets the line of code (from File and Line) of the original source if possible
-func (frame *StackFrame) SourceLine() (string, error) {
-	data, err := ioutil.ReadFile(frame.File)
-
-	if err != nil {
-		return "", err
-	}
-
-	lines := bytes.Split(data, []byte{'\n'})
-	if frame.LineNumber <= 0 || frame.LineNumber >= len(lines) {
-		return "???", nil
-	}
-	// -1 because line-numbers are 1 based, but our array is 0 based
-	return string(bytes.Trim(lines[frame.LineNumber-1], " \t")), nil
-}
-
-func packageAndName(fn *runtime.Func) (string, string) {
-	name := fn.Name()
-	pkg := ""
-
-	// The name includes the path name to the package, which is unnecessary
-	// since the file name is already included.  Plus, it has center dots.
-	// That is, we see
-	//  runtime/debug.*T·ptrmethod
-	// and want
-	//  *T.ptrmethod
-	// Since the package path might contains dots (e.g. code.google.com/...),
-	// we first remove the path prefix if there is one.
-	if lastslash := strings.LastIndex(name, "/"); lastslash >= 0 {
-		pkg += name[:lastslash] + "/"
-		name = name[lastslash+1:]
-	}
-	if period := strings.Index(name, "."); period >= 0 {
-		pkg += name[:period]
-		name = name[period+1:]
-	}
-
-	name = strings.Replace(name, "·", ".", -1)
-	return pkg, name
-}
diff --git a/vendor/github.com/bugsnag/bugsnag-go/event.go b/vendor/github.com/bugsnag/bugsnag-go/event.go
deleted file mode 100644
index 320c6154c..000000000
--- a/vendor/github.com/bugsnag/bugsnag-go/event.go
+++ /dev/null
@@ -1,143 +0,0 @@
-package bugsnag
-
-import (
-	"strings"
-
-	"github.com/bugsnag/bugsnag-go/errors"
-)
-
-// Context is the context of the error in Bugsnag.
-// This can be passed to Notify, Recover or AutoNotify as rawData.
-type Context struct {
-	String string
-}
-
-// User represents the searchable user-data on Bugsnag. The Id is also used
-// to determine the number of users affected by a bug. This can be
-// passed to Notify, Recover or AutoNotify as rawData.
-type User struct {
-	Id    string `json:"id,omitempty"`
-	Name  string `json:"name,omitempty"`
-	Email string `json:"email,omitempty"`
-}
-
-// ErrorClass overrides the error class in Bugsnag.
-// This struct enables you to group errors as you like.
-type ErrorClass struct {
-	Name string
-}
-
-// Sets the severity of the error on Bugsnag. These values can be
-// passed to Notify, Recover or AutoNotify as rawData.
-var (
-	SeverityError   = severity{"error"}
-	SeverityWarning = severity{"warning"}
-	SeverityInfo    = severity{"info"}
-)
-
-// The severity tag type, private so that people can only use Error,Warning,Info
-type severity struct {
-	String string
-}
-
-// The form of stacktrace that Bugsnag expects
-type stackFrame struct {
-	Method     string `json:"method"`
-	File       string `json:"file"`
-	LineNumber int    `json:"lineNumber"`
-	InProject  bool   `json:"inProject,omitempty"`
-}
-
-// Event represents a payload of data that gets sent to Bugsnag.
-// This is passed to each OnBeforeNotify hook.
-type Event struct {
-
-	// The original error that caused this event, not sent to Bugsnag.
-	Error *errors.Error
-
-	// The rawData affecting this error, not sent to Bugsnag.
-	RawData []interface{}
-
-	// The error class to be sent to Bugsnag. This defaults to the type name of the Error, for
-	// example *error.String
-	ErrorClass string
-	// The error message to be sent to Bugsnag. This defaults to the return value of Error.Error()
-	Message string
-	// The stacktrrace of the error to be sent to Bugsnag.
-	Stacktrace []stackFrame
-
-	// The context to be sent to Bugsnag. This should be set to the part of the app that was running,
-	// e.g. for http requests, set it to the path.
-	Context string
-	// The severity of the error. Can be SeverityError, SeverityWarning or SeverityInfo.
-	Severity severity
-	// The grouping hash is used to override Bugsnag's grouping. Set this if you'd like all errors with
-	// the same grouping hash to group together in the dashboard.
-	GroupingHash string
-
-	// User data to send to Bugsnag. This is searchable on the dashboard.
-	User *User
-	// Other MetaData to send to Bugsnag. Appears as a set of tabbed tables in the dashboard.
-	MetaData MetaData
-}
-
-func newEvent(err *errors.Error, rawData []interface{}, notifier *Notifier) (*Event, *Configuration) {
-
-	config := notifier.Config
-	event := &Event{
-		Error:   err,
-		RawData: append(notifier.RawData, rawData...),
-
-		ErrorClass: err.TypeName(),
-		Message:    err.Error(),
-		Stacktrace: make([]stackFrame, len(err.StackFrames())),
-
-		Severity: SeverityWarning,
-
-		MetaData: make(MetaData),
-	}
-
-	for _, datum := range event.RawData {
-		switch datum := datum.(type) {
-		case severity:
-			event.Severity = datum
-
-		case Context:
-			event.Context = datum.String
-
-		case Configuration:
-			config = config.merge(&datum)
-
-		case MetaData:
-			event.MetaData.Update(datum)
-
-		case User:
-			event.User = &datum
-
-		case ErrorClass:
-			event.ErrorClass = datum.Name
-		}
-	}
-
-	for i, frame := range err.StackFrames() {
-		file := frame.File
-		inProject := config.isProjectPackage(frame.Package)
-
-		// remove $GOROOT and $GOHOME from other frames
-		if idx := strings.Index(file, frame.Package); idx > -1 {
-			file = file[idx:]
-		}
-		if inProject {
-			file = config.stripProjectPackages(file)
-		}
-
-		event.Stacktrace[i] = stackFrame{
-			Method:     frame.Name,
-			File:       file,
-			LineNumber: frame.LineNumber,
-			InProject:  inProject,
-		}
-	}
-
-	return event, config
-}
diff --git a/vendor/github.com/bugsnag/bugsnag-go/json_tags.go b/vendor/github.com/bugsnag/bugsnag-go/json_tags.go
deleted file mode 100644
index 45be38fa9..000000000
--- a/vendor/github.com/bugsnag/bugsnag-go/json_tags.go
+++ /dev/null
@@ -1,43 +0,0 @@
-// The code is stripped from:
-// http://golang.org/src/pkg/encoding/json/tags.go?m=text
-
-package bugsnag
-
-import (
-	"strings"
-)
-
-// tagOptions is the string following a comma in a struct field's "json"
-// tag, or the empty string. It does not include the leading comma.
-type tagOptions string
-
-// parseTag splits a struct field's json tag into its name and
-// comma-separated options.
-func parseTag(tag string) (string, tagOptions) {
-	if idx := strings.Index(tag, ","); idx != -1 {
-		return tag[:idx], tagOptions(tag[idx+1:])
-	}
-	return tag, tagOptions("")
-}
-
-// Contains reports whether a comma-separated list of options
-// contains a particular substr flag. substr must be surrounded by a
-// string boundary or commas.
-func (o tagOptions) Contains(optionName string) bool {
-	if len(o) == 0 {
-		return false
-	}
-	s := string(o)
-	for s != "" {
-		var next string
-		i := strings.Index(s, ",")
-		if i >= 0 {
-			s, next = s[:i], s[i+1:]
-		}
-		if s == optionName {
-			return true
-		}
-		s = next
-	}
-	return false
-}
diff --git a/vendor/github.com/bugsnag/bugsnag-go/metadata.go b/vendor/github.com/bugsnag/bugsnag-go/metadata.go
deleted file mode 100644
index 10b0d14f6..000000000
--- a/vendor/github.com/bugsnag/bugsnag-go/metadata.go
+++ /dev/null
@@ -1,189 +0,0 @@
-package bugsnag
-
-import (
-	"fmt"
-	"reflect"
-	"strings"
-)
-
-// MetaData is added to the Bugsnag dashboard in tabs. Each tab is
-// a map of strings -> values. You can pass MetaData to Notify, Recover
-// and AutoNotify as rawData.
-type MetaData map[string]map[string]interface{}
-
-// Update the meta-data with more information. Tabs are merged together such
-// that unique keys from both sides are preserved, and duplicate keys end up
-// with the provided values.
-func (meta MetaData) Update(other MetaData) {
-	for name, tab := range other {
-
-		if meta[name] == nil {
-			meta[name] = make(map[string]interface{})
-		}
-
-		for key, value := range tab {
-			meta[name][key] = value
-		}
-	}
-}
-
-// Add creates a tab of Bugsnag meta-data.
-// If the tab doesn't yet exist it will be created.
-// If the key already exists, it will be overwritten.
-func (meta MetaData) Add(tab string, key string, value interface{}) {
-	if meta[tab] == nil {
-		meta[tab] = make(map[string]interface{})
-	}
-
-	meta[tab][key] = value
-}
-
-// AddStruct creates a tab of Bugsnag meta-data.
-// The struct will be converted to an Object using the
-// reflect library so any private fields will not be exported.
-// As a safety measure, if you pass a non-struct the value will be
-// sent to Bugsnag under the "Extra data" tab.
-func (meta MetaData) AddStruct(tab string, obj interface{}) {
-	val := sanitizer{}.Sanitize(obj)
-	content, ok := val.(map[string]interface{})
-	if ok {
-		meta[tab] = content
-	} else {
-		// Wasn't a struct
-		meta.Add("Extra data", tab, obj)
-	}
-
-}
-
-// Remove any values from meta-data that have keys matching the filters,
-// and any that are recursive data-structures
-func (meta MetaData) sanitize(filters []string) interface{} {
-	return sanitizer{
-		Filters: filters,
-		Seen:    make([]interface{}, 0),
-	}.Sanitize(meta)
-
-}
-
-// The sanitizer is used to remove filtered params and recursion from meta-data.
-type sanitizer struct {
-	Filters []string
-	Seen    []interface{}
-}
-
-func (s sanitizer) Sanitize(data interface{}) interface{} {
-	for _, s := range s.Seen {
-		// TODO: we don't need deep equal here, just type-ignoring equality
-		if reflect.DeepEqual(data, s) {
-			return "[RECURSION]"
-		}
-	}
-
-	// Sanitizers are passed by value, so we can modify s and it only affects
-	// s.Seen for nested calls.
-	s.Seen = append(s.Seen, data)
-
-	t := reflect.TypeOf(data)
-	v := reflect.ValueOf(data)
-	
-	if t == nil {
-		return "<nil>"
-	}
-
-	switch t.Kind() {
-	case reflect.Bool,
-		reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64,
-		reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr,
-		reflect.Float32, reflect.Float64:
-		return data
-
-	case reflect.String:
-		return data
-
-	case reflect.Interface, reflect.Ptr:
-		return s.Sanitize(v.Elem().Interface())
-
-	case reflect.Array, reflect.Slice:
-		ret := make([]interface{}, v.Len())
-		for i := 0; i < v.Len(); i++ {
-			ret[i] = s.Sanitize(v.Index(i).Interface())
-		}
-		return ret
-
-	case reflect.Map:
-		return s.sanitizeMap(v)
-
-	case reflect.Struct:
-		return s.sanitizeStruct(v, t)
-
-		// Things JSON can't serialize:
-		// case t.Chan, t.Func, reflect.Complex64, reflect.Complex128, reflect.UnsafePointer:
-	default:
-		return "[" + t.String() + "]"
-
-	}
-
-}
-
-func (s sanitizer) sanitizeMap(v reflect.Value) interface{} {
-	ret := make(map[string]interface{})
-
-	for _, key := range v.MapKeys() {
-		val := s.Sanitize(v.MapIndex(key).Interface())
-		newKey := fmt.Sprintf("%v", key.Interface())
-
-		if s.shouldRedact(newKey) {
-			val = "[REDACTED]"
-		}
-
-		ret[newKey] = val
-	}
-
-	return ret
-}
-
-func (s sanitizer) sanitizeStruct(v reflect.Value, t reflect.Type) interface{} {
-	ret := make(map[string]interface{})
-
-	for i := 0; i < v.NumField(); i++ {
-
-		val := v.Field(i)
-		// Don't export private fields
-		if !val.CanInterface() {
-			continue
-		}
-
-		name := t.Field(i).Name
-		var opts tagOptions
-
-		// Parse JSON tags. Supports name and "omitempty"
-		if jsonTag := t.Field(i).Tag.Get("json"); len(jsonTag) != 0 {
-			name, opts = parseTag(jsonTag)
-		}
-
-		if s.shouldRedact(name) {
-			ret[name] = "[REDACTED]"
-		} else {
-			sanitized := s.Sanitize(val.Interface())
-			if str, ok := sanitized.(string); ok {
-				if !(opts.Contains("omitempty") && len(str) == 0) {
-					ret[name] = str
-				}
-			} else {
-				ret[name] = sanitized
-			}
-
-		}
-	}
-
-	return ret
-}
-
-func (s sanitizer) shouldRedact(key string) bool {
-	for _, filter := range s.Filters {
-		if strings.Contains(strings.ToLower(filter), strings.ToLower(key)) {
-			return true
-		}
-	}
-	return false
-}
diff --git a/vendor/github.com/bugsnag/bugsnag-go/middleware.go b/vendor/github.com/bugsnag/bugsnag-go/middleware.go
deleted file mode 100644
index 266d5e461..000000000
--- a/vendor/github.com/bugsnag/bugsnag-go/middleware.go
+++ /dev/null
@@ -1,96 +0,0 @@
-package bugsnag
-
-import (
-	"net/http"
-	"strings"
-)
-
-type (
-	beforeFunc func(*Event, *Configuration) error
-
-	// MiddlewareStacks keep middleware in the correct order. They are
-	// called in reverse order, so if you add a new middleware it will
-	// be called before all existing middleware.
-	middlewareStack struct {
-		before []beforeFunc
-	}
-)
-
-// AddMiddleware adds a new middleware to the outside of the existing ones,
-// when the middlewareStack is Run it will be run before all middleware that
-// have been added before.
-func (stack *middlewareStack) OnBeforeNotify(middleware beforeFunc) {
-	stack.before = append(stack.before, middleware)
-}
-
-// Run causes all the middleware to be run. If they all permit it the next callback
-// will be called with all the middleware on the stack.
-func (stack *middlewareStack) Run(event *Event, config *Configuration, next func() error) error {
-	// run all the before filters in reverse order
-	for i := range stack.before {
-		before := stack.before[len(stack.before)-i-1]
-
-		err := stack.runBeforeFilter(before, event, config)
-		if err != nil {
-			return err
-		}
-	}
-
-	return next()
-}
-
-func (stack *middlewareStack) runBeforeFilter(f beforeFunc, event *Event, config *Configuration) error {
-	defer func() {
-		if err := recover(); err != nil {
-			config.log("bugsnag/middleware: unexpected panic: %v", err)
-		}
-	}()
-
-	return f(event, config)
-}
-
-// catchMiddlewarePanic is used to log any panics that happen inside Middleware,
-// we wouldn't want to not notify Bugsnag in this case.
-func catchMiddlewarePanic(event *Event, config *Configuration, next func() error) {
-}
-
-// httpRequestMiddleware is added OnBeforeNotify by default. It takes information
-// from an http.Request passed in as rawData, and adds it to the Event. You can
-// use this as a template for writing your own Middleware.
-func httpRequestMiddleware(event *Event, config *Configuration) error {
-	for _, datum := range event.RawData {
-		if request, ok := datum.(*http.Request); ok {
-			proto := "http://"
-			if request.TLS != nil {
-				proto = "https://"
-			}
-
-			event.MetaData.Update(MetaData{
-				"Request": {
-					"RemoteAddr": request.RemoteAddr,
-					"Method":     request.Method,
-					"Url":        proto + request.Host + request.RequestURI,
-					"Params":     request.URL.Query(),
-				},
-			})
-
-			// Add headers as a separate tab.
-			event.MetaData.AddStruct("Headers", request.Header)
-
-			// Default context to Path
-			if event.Context == "" {
-				event.Context = request.URL.Path
-			}
-
-			// Default user.id to IP so that users-affected works.
-			if event.User == nil {
-				ip := request.RemoteAddr
-				if idx := strings.LastIndex(ip, ":"); idx != -1 {
-					ip = ip[:idx]
-				}
-				event.User = &User{Id: ip}
-			}
-		}
-	}
-	return nil
-}
diff --git a/vendor/github.com/bugsnag/bugsnag-go/notifier.go b/vendor/github.com/bugsnag/bugsnag-go/notifier.go
deleted file mode 100644
index 6b1081787..000000000
--- a/vendor/github.com/bugsnag/bugsnag-go/notifier.go
+++ /dev/null
@@ -1,95 +0,0 @@
-package bugsnag
-
-import (
-	"fmt"
-
-	"github.com/bugsnag/bugsnag-go/errors"
-)
-
-// Notifier sends errors to Bugsnag.
-type Notifier struct {
-	Config  *Configuration
-	RawData []interface{}
-}
-
-// New creates a new notifier.
-// You can pass an instance of bugsnag.Configuration in rawData to change the configuration.
-// Other values of rawData will be passed to Notify.
-func New(rawData ...interface{}) *Notifier {
-	config := Config.clone()
-	for i, datum := range rawData {
-		if c, ok := datum.(Configuration); ok {
-			config.update(&c)
-			rawData[i] = nil
-		}
-	}
-
-	return &Notifier{
-		Config:  config,
-		RawData: rawData,
-	}
-}
-
-// Notify sends an error to Bugsnag. Any rawData you pass here will be sent to
-// Bugsnag after being converted to JSON. e.g. bugsnag.SeverityError, bugsnag.Context,
-// or bugsnag.MetaData.
-func (notifier *Notifier) Notify(err error, rawData ...interface{}) (e error) {
-	event, config := newEvent(errors.New(err, 1), rawData, notifier)
-
-	// Never block, start throwing away errors if we have too many.
-	e = middleware.Run(event, config, func() error {
-		config.log("notifying bugsnag: %s", event.Message)
-		if config.notifyInReleaseStage() {
-			if config.Synchronous {
-				return (&payload{event, config}).deliver()
-			}
-			go (&payload{event, config}).deliver()
-			return nil
-		}
-		return fmt.Errorf("not notifying in %s", config.ReleaseStage)
-	})
-
-	if e != nil {
-		config.log("bugsnag.Notify: %v", e)
-	}
-	return e
-}
-
-// AutoNotify notifies Bugsnag of any panics, then repanics.
-// It sends along any rawData that gets passed in.
-// Usage: defer AutoNotify()
-func (notifier *Notifier) AutoNotify(rawData ...interface{}) {
-	if err := recover(); err != nil {
-		rawData = notifier.addDefaultSeverity(rawData, SeverityError)
-		notifier.Notify(errors.New(err, 2), rawData...)
-		panic(err)
-	}
-}
-
-// Recover logs any panics, then recovers.
-// It sends along any rawData that gets passed in.
-// Usage: defer Recover()
-func (notifier *Notifier) Recover(rawData ...interface{}) {
-	if err := recover(); err != nil {
-		rawData = notifier.addDefaultSeverity(rawData, SeverityWarning)
-		notifier.Notify(errors.New(err, 2), rawData...)
-	}
-}
-
-func (notifier *Notifier) dontPanic() {
-	if err := recover(); err != nil {
-		notifier.Config.log("bugsnag/notifier.Notify: panic! %s", err)
-	}
-}
-
-// Add a severity to raw data only if the default is not set.
-func (notifier *Notifier) addDefaultSeverity(rawData []interface{}, s severity) []interface{} {
-
-	for _, datum := range append(notifier.RawData, rawData...) {
-		if _, ok := datum.(severity); ok {
-			return rawData
-		}
-	}
-
-	return append(rawData, s)
-}
diff --git a/vendor/github.com/bugsnag/bugsnag-go/panicwrap.go b/vendor/github.com/bugsnag/bugsnag-go/panicwrap.go
deleted file mode 100644
index 14fb9fa8d..000000000
--- a/vendor/github.com/bugsnag/bugsnag-go/panicwrap.go
+++ /dev/null
@@ -1,27 +0,0 @@
-// +build !appengine
-
-package bugsnag
-
-import (
-	"github.com/bugsnag/panicwrap"
-	"github.com/bugsnag/bugsnag-go/errors"
-)
-
-// NOTE: this function does not return when you call it, instead it
-// re-exec()s the current process with panic monitoring.
-func defaultPanicHandler() {
-	defer defaultNotifier.dontPanic()
-
-	err := panicwrap.BasicMonitor(func(output string) {
-		toNotify, err := errors.ParsePanic(output)
-
-		if err != nil {
-			defaultNotifier.Config.log("bugsnag.handleUncaughtPanic: %v", err)
-		}
-		Notify(toNotify, SeverityError, Configuration{Synchronous: true})
-	})
-
-	if err != nil {
-		defaultNotifier.Config.log("bugsnag.handleUncaughtPanic: %v", err)
-	}
-}
diff --git a/vendor/github.com/bugsnag/bugsnag-go/payload.go b/vendor/github.com/bugsnag/bugsnag-go/payload.go
deleted file mode 100644
index a516a5d2d..000000000
--- a/vendor/github.com/bugsnag/bugsnag-go/payload.go
+++ /dev/null
@@ -1,96 +0,0 @@
-package bugsnag
-
-import (
-	"bytes"
-	"encoding/json"
-	"fmt"
-	"net/http"
-)
-
-type payload struct {
-	*Event
-	*Configuration
-}
-
-type hash map[string]interface{}
-
-func (p *payload) deliver() error {
-
-	if len(p.APIKey) != 32 {
-		return fmt.Errorf("bugsnag/payload.deliver: invalid api key")
-	}
-
-	buf, err := json.Marshal(p)
-
-	if err != nil {
-		return fmt.Errorf("bugsnag/payload.deliver: %v", err)
-	}
-
-	client := http.Client{
-		Transport: p.Transport,
-	}
-
-	resp, err := client.Post(p.Endpoint, "application/json", bytes.NewBuffer(buf))
-
-	if err != nil {
-		return fmt.Errorf("bugsnag/payload.deliver: %v", err)
-	}
-	defer resp.Body.Close()
-
-	if resp.StatusCode != 200 {
-		return fmt.Errorf("bugsnag/payload.deliver: Got HTTP %s\n", resp.Status)
-	}
-
-	return nil
-}
-
-func (p *payload) MarshalJSON() ([]byte, error) {
-
-	data := hash{
-		"apiKey": p.APIKey,
-
-		"notifier": hash{
-			"name":    "Bugsnag Go",
-			"url":     "https://github.com/bugsnag/bugsnag-go",
-			"version": VERSION,
-		},
-
-		"events": []hash{
-			{
-				"payloadVersion": "2",
-				"exceptions": []hash{
-					{
-						"errorClass": p.ErrorClass,
-						"message":    p.Message,
-						"stacktrace": p.Stacktrace,
-					},
-				},
-				"severity": p.Severity.String,
-				"app": hash{
-					"releaseStage": p.ReleaseStage,
-				},
-				"user":     p.User,
-				"metaData": p.MetaData.sanitize(p.ParamsFilters),
-			},
-		},
-	}
-
-	event := data["events"].([]hash)[0]
-
-	if p.Context != "" {
-		event["context"] = p.Context
-	}
-	if p.GroupingHash != "" {
-		event["groupingHash"] = p.GroupingHash
-	}
-	if p.Hostname != "" {
-		event["device"] = hash{
-			"hostname": p.Hostname,
-		}
-	}
-	if p.AppVersion != "" {
-		event["app"].(hash)["version"] = p.AppVersion
-	}
-	return json.Marshal(data)
-
-}
diff --git a/vendor/github.com/bugsnag/osext/LICENSE b/vendor/github.com/bugsnag/osext/LICENSE
deleted file mode 100644
index 18527a28f..000000000
--- a/vendor/github.com/bugsnag/osext/LICENSE
+++ /dev/null
@@ -1,20 +0,0 @@
-Copyright (c) 2012 Daniel Theophanes
-
-This software is provided 'as-is', without any express or implied
-warranty. In no event will the authors be held liable for any damages
-arising from the use of this software.
-
-Permission is granted to anyone to use this software for any purpose,
-including commercial applications, and to alter it and redistribute it
-freely, subject to the following restrictions:
-
-   1. The origin of this software must not be misrepresented; you must not
-   claim that you wrote the original software. If you use this software
-   in a product, an acknowledgment in the product documentation would be
-   appreciated but is not required.
-
-   2. Altered source versions must be plainly marked as such, and must not be
-   misrepresented as being the original software.
-
-   3. This notice may not be removed or altered from any source
-   distribution.
diff --git a/vendor/github.com/bugsnag/osext/osext.go b/vendor/github.com/bugsnag/osext/osext.go
deleted file mode 100644
index 37efbb221..000000000
--- a/vendor/github.com/bugsnag/osext/osext.go
+++ /dev/null
@@ -1,32 +0,0 @@
-// Copyright 2012 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// Extensions to the standard "os" package.
-package osext
-
-import "path/filepath"
-
-// Executable returns an absolute path that can be used to
-// re-invoke the current program.
-// It may not be valid after the current program exits.
-func Executable() (string, error) {
-	p, err := executable()
-	return filepath.Clean(p), err
-}
-
-// Returns same path as Executable, returns just the folder
-// path. Excludes the executable name.
-func ExecutableFolder() (string, error) {
-	p, err := Executable()
-	if err != nil {
-		return "", err
-	}
-	folder, _ := filepath.Split(p)
-	return folder, nil
-}
-
-// Depricated. Same as Executable().
-func GetExePath() (exePath string, err error) {
-	return Executable()
-}
diff --git a/vendor/github.com/bugsnag/osext/osext_plan9.go b/vendor/github.com/bugsnag/osext/osext_plan9.go
deleted file mode 100644
index e88c1e093..000000000
--- a/vendor/github.com/bugsnag/osext/osext_plan9.go
+++ /dev/null
@@ -1,16 +0,0 @@
-// Copyright 2012 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package osext
-
-import "syscall"
-
-func executable() (string, error) {
-	f, err := Open("/proc/" + itoa(Getpid()) + "/text")
-	if err != nil {
-		return "", err
-	}
-	defer f.Close()
-	return syscall.Fd2path(int(f.Fd()))
-}
diff --git a/vendor/github.com/bugsnag/osext/osext_procfs.go b/vendor/github.com/bugsnag/osext/osext_procfs.go
deleted file mode 100644
index 546fec915..000000000
--- a/vendor/github.com/bugsnag/osext/osext_procfs.go
+++ /dev/null
@@ -1,25 +0,0 @@
-// Copyright 2012 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build linux netbsd openbsd
-
-package osext
-
-import (
-	"errors"
-	"os"
-	"runtime"
-)
-
-func executable() (string, error) {
-	switch runtime.GOOS {
-	case "linux":
-		return os.Readlink("/proc/self/exe")
-	case "netbsd":
-		return os.Readlink("/proc/curproc/exe")
-	case "openbsd":
-		return os.Readlink("/proc/curproc/file")
-	}
-	return "", errors.New("ExecPath not implemented for " + runtime.GOOS)
-}
diff --git a/vendor/github.com/bugsnag/osext/osext_sysctl.go b/vendor/github.com/bugsnag/osext/osext_sysctl.go
deleted file mode 100644
index d76464628..000000000
--- a/vendor/github.com/bugsnag/osext/osext_sysctl.go
+++ /dev/null
@@ -1,64 +0,0 @@
-// Copyright 2012 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build darwin freebsd
-
-package osext
-
-import (
-	"os"
-	"runtime"
-	"syscall"
-	"unsafe"
-)
-
-var startUpcwd, getwdError = os.Getwd()
-
-func executable() (string, error) {
-	var mib [4]int32
-	switch runtime.GOOS {
-	case "freebsd":
-		mib = [4]int32{1 /* CTL_KERN */, 14 /* KERN_PROC */, 12 /* KERN_PROC_PATHNAME */, -1}
-	case "darwin":
-		mib = [4]int32{1 /* CTL_KERN */, 38 /* KERN_PROCARGS */, int32(os.Getpid()), -1}
-	}
-
-	n := uintptr(0)
-	// get length
-	_, _, err := syscall.Syscall6(syscall.SYS___SYSCTL, uintptr(unsafe.Pointer(&mib[0])), 4, 0, uintptr(unsafe.Pointer(&n)), 0, 0)
-	if err != 0 {
-		return "", err
-	}
-	if n == 0 { // shouldn't happen
-		return "", nil
-	}
-	buf := make([]byte, n)
-	_, _, err = syscall.Syscall6(syscall.SYS___SYSCTL, uintptr(unsafe.Pointer(&mib[0])), 4, uintptr(unsafe.Pointer(&buf[0])), uintptr(unsafe.Pointer(&n)), 0, 0)
-	if err != 0 {
-		return "", err
-	}
-	if n == 0 { // shouldn't happen
-		return "", nil
-	}
-	for i, v := range buf {
-		if v == 0 {
-			buf = buf[:i]
-			break
-		}
-	}
-	if buf[0] != '/' {
-		if getwdError != nil {
-			return string(buf), getwdError
-		} else {
-			if buf[0] == '.' {
-				buf = buf[1:]
-			}
-			if startUpcwd[len(startUpcwd)-1] != '/' {
-				return startUpcwd + "/" + string(buf), nil
-			}
-			return startUpcwd + string(buf), nil
-		}
-	}
-	return string(buf), nil
-}
diff --git a/vendor/github.com/bugsnag/osext/osext_windows.go b/vendor/github.com/bugsnag/osext/osext_windows.go
deleted file mode 100644
index 72d282cf8..000000000
--- a/vendor/github.com/bugsnag/osext/osext_windows.go
+++ /dev/null
@@ -1,34 +0,0 @@
-// Copyright 2012 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package osext
-
-import (
-	"syscall"
-	"unicode/utf16"
-	"unsafe"
-)
-
-var (
-	kernel                = syscall.MustLoadDLL("kernel32.dll")
-	getModuleFileNameProc = kernel.MustFindProc("GetModuleFileNameW")
-)
-
-// GetModuleFileName() with hModule = NULL
-func executable() (exePath string, err error) {
-	return getModuleFileName()
-}
-
-func getModuleFileName() (string, error) {
-	var n uint32
-	b := make([]uint16, syscall.MAX_PATH)
-	size := uint32(len(b))
-
-	r0, _, e1 := getModuleFileNameProc.Call(0, uintptr(unsafe.Pointer(&b[0])), uintptr(size))
-	n = uint32(r0)
-	if n == 0 {
-		return "", e1
-	}
-	return string(utf16.Decode(b[0:n])), nil
-}
diff --git a/vendor/github.com/bugsnag/panicwrap/LICENSE b/vendor/github.com/bugsnag/panicwrap/LICENSE
deleted file mode 100644
index f9c841a51..000000000
--- a/vendor/github.com/bugsnag/panicwrap/LICENSE
+++ /dev/null
@@ -1,21 +0,0 @@
-The MIT License (MIT)
-
-Copyright (c) 2013 Mitchell Hashimoto
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in
-all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-THE SOFTWARE.
diff --git a/vendor/github.com/bugsnag/panicwrap/README.md b/vendor/github.com/bugsnag/panicwrap/README.md
deleted file mode 100644
index d0a596753..000000000
--- a/vendor/github.com/bugsnag/panicwrap/README.md
+++ /dev/null
@@ -1,101 +0,0 @@
-# panicwrap
-
-panicwrap is a Go library that re-executes a Go binary and monitors stderr
-output from the binary for a panic. When it find a panic, it executes a
-user-defined handler function. Stdout, stderr, stdin, signals, and exit
-codes continue to work as normal, making the existence of panicwrap mostly
-invisble to the end user until a panic actually occurs.
-
-Since a panic is truly a bug in the program meant to crash the runtime,
-globally catching panics within Go applications is not supposed to be possible.
-Despite this, it is often useful to have a way to know when panics occur.
-panicwrap allows you to do something with these panics, such as writing them
-to a file, so that you can track when panics occur.
-
-panicwrap is ***not a panic recovery system***. Panics indicate serious
-problems with your application and _should_ crash the runtime. panicwrap
-is just meant as a way to monitor for panics. If you still think this is
-the worst idea ever, read the section below on why.
-
-## Features
-
-* **SIMPLE!**
-* Works with all Go applications on all platforms Go supports
-* Custom behavior when a panic occurs
-* Stdout, stderr, stdin, exit codes, and signals continue to work as
-  expected.
-
-## Usage
-
-Using panicwrap is simple. It behaves a lot like `fork`, if you know
-how that works. A basic example is shown below.
-
-Because it would be sad to panic while capturing a panic, it is recommended
-that the handler functions for panicwrap remain relatively simple and well
-tested. panicwrap itself contains many tests.
-
-```go
-package main
-
-import (
-	"fmt"
-	"github.com/mitchellh/panicwrap"
-	"os"
-)
-
-func main() {
-	exitStatus, err := panicwrap.BasicWrap(panicHandler)
-	if err != nil {
-		// Something went wrong setting up the panic wrapper. Unlikely,
-		// but possible.
-		panic(err)
-	}
-
-	// If exitStatus >= 0, then we're the parent process and the panicwrap
-	// re-executed ourselves and completed. Just exit with the proper status.
-	if exitStatus >= 0 {
-		os.Exit(exitStatus)
-	}
-
-	// Otherwise, exitStatus < 0 means we're the child. Continue executing as
-	// normal...
-
-	// Let's say we panic
-	panic("oh shucks")
-}
-
-func panicHandler(output string) {
-	// output contains the full output (including stack traces) of the
-	// panic. Put it in a file or something.
-	fmt.Printf("The child panicked:\n\n%s\n", output)
-	os.Exit(1)
-}
-```
-
-## How Does it Work?
-
-panicwrap works by re-executing the running program (retaining arguments,
-environmental variables, etc.) and monitoring the stderr of the program.
-Since Go always outputs panics in a predictable way with a predictable
-exit code, panicwrap is able to reliably detect panics and allow the parent
-process to handle them.
-
-## WHY?! Panics should CRASH!
-
-Yes, panics _should_ crash. They are 100% always indicative of bugs.
-However, in some cases, such as user-facing programs (programs like
-[Packer](http://github.com/mitchellh/packer) or
-[Docker](http://github.com/dotcloud/docker)), it is up to the user to
-report such panics. This is unreliable, at best, and it would be better if the
-program could have a way to automatically report panics. panicwrap provides
-a way to do this.
-
-For backend applications, it is easier to detect crashes (since the application
-exits). However, it is still nice sometimes to more intelligently log
-panics in some way. For example, at [HashiCorp](http://www.hashicorp.com),
-we use panicwrap to log panics to timestamped files with some additional
-data (configuration settings at the time, environmental variables, etc.)
-
-The goal of panicwrap is _not_ to hide panics. It is instead to provide
-a clean mechanism for handling them before bubbling the up to the user
-and ultimately crashing.
diff --git a/vendor/github.com/bugsnag/panicwrap/dup2.go b/vendor/github.com/bugsnag/panicwrap/dup2.go
deleted file mode 100644
index de523c83d..000000000
--- a/vendor/github.com/bugsnag/panicwrap/dup2.go
+++ /dev/null
@@ -1,11 +0,0 @@
-// +build darwin dragonfly freebsd linux,!arm64 netbsd openbsd
-
-package panicwrap
-
-import (
-	"syscall"
-)
-
-func dup2(oldfd, newfd int) error {
-	return syscall.Dup2(oldfd, newfd)
-}
diff --git a/vendor/github.com/bugsnag/panicwrap/dup3.go b/vendor/github.com/bugsnag/panicwrap/dup3.go
deleted file mode 100644
index 9721b36cc..000000000
--- a/vendor/github.com/bugsnag/panicwrap/dup3.go
+++ /dev/null
@@ -1,11 +0,0 @@
-// +build linux,arm64
-
-package panicwrap
-
-import (
-	"syscall"
-)
-
-func dup2(oldfd, newfd int) error {
-	return syscall.Dup3(oldfd, newfd, 0)
-}
diff --git a/vendor/github.com/bugsnag/panicwrap/monitor.go b/vendor/github.com/bugsnag/panicwrap/monitor.go
deleted file mode 100644
index 72b418a27..000000000
--- a/vendor/github.com/bugsnag/panicwrap/monitor.go
+++ /dev/null
@@ -1,62 +0,0 @@
-// +build !windows
-
-package panicwrap
-
-import (
-	"github.com/bugsnag/osext"
-	"os"
-	"os/exec"
-)
-
-func monitor(c *WrapConfig) (int, error) {
-
-	// If we're the child process, absorb panics.
-	if Wrapped(c) {
-		panicCh := make(chan string)
-
-		go trackPanic(os.Stdin, os.Stderr, c.DetectDuration, panicCh)
-
-		// Wait on the panic data
-		panicTxt := <-panicCh
-		if panicTxt != "" {
-			if !c.HidePanic {
-				os.Stderr.Write([]byte(panicTxt))
-			}
-
-			c.Handler(panicTxt)
-		}
-
-		os.Exit(0)
-	}
-
-	exePath, err := osext.Executable()
-	if err != nil {
-		return -1, err
-	}
-	cmd := exec.Command(exePath, os.Args[1:]...)
-
-	read, write, err := os.Pipe()
-	if err != nil {
-		return -1, err
-	}
-
-	cmd.Stdin = read
-	cmd.Stdout = os.Stdout
-	cmd.Stderr = os.Stderr
-	cmd.Env = append(os.Environ(), c.CookieKey+"="+c.CookieValue)
-
-	if err != nil {
-		return -1, err
-	}
-	err = cmd.Start()
-	if err != nil {
-		return -1, err
-	}
-
-	err = dup2(int(write.Fd()), int(os.Stderr.Fd()))
-	if err != nil {
-		return -1, err
-	}
-
-	return -1, nil
-}
diff --git a/vendor/github.com/bugsnag/panicwrap/monitor_windows.go b/vendor/github.com/bugsnag/panicwrap/monitor_windows.go
deleted file mode 100644
index d07a69218..000000000
--- a/vendor/github.com/bugsnag/panicwrap/monitor_windows.go
+++ /dev/null
@@ -1,7 +0,0 @@
-package panicwrap
-
-import "fmt"
-
-func monitor(c *WrapConfig) (int, error) {
-	return -1, fmt.Errorf("Monitor is not supported on windows")
-}
diff --git a/vendor/github.com/bugsnag/panicwrap/panicwrap.go b/vendor/github.com/bugsnag/panicwrap/panicwrap.go
deleted file mode 100644
index f9ea3e3e6..000000000
--- a/vendor/github.com/bugsnag/panicwrap/panicwrap.go
+++ /dev/null
@@ -1,339 +0,0 @@
-// The panicwrap package provides functions for capturing and handling
-// panics in your application. It does this by re-executing the running
-// application and monitoring stderr for any panics. At the same time,
-// stdout/stderr/etc. are set to the same values so that data is shuttled
-// through properly, making the existence of panicwrap mostly transparent.
-//
-// Panics are only detected when the subprocess exits with a non-zero
-// exit status, since this is the only time panics are real. Otherwise,
-// "panic-like" output is ignored.
-package panicwrap
-
-import (
-	"bytes"
-	"errors"
-	"github.com/bugsnag/osext"
-	"io"
-	"os"
-	"os/exec"
-	"os/signal"
-	"runtime"
-	"syscall"
-	"time"
-)
-
-const (
-	DEFAULT_COOKIE_KEY = "cccf35992f8f3cd8d1d28f0109dd953e26664531"
-	DEFAULT_COOKIE_VAL = "7c28215aca87789f95b406b8dd91aa5198406750"
-)
-
-// HandlerFunc is the type called when a panic is detected.
-type HandlerFunc func(string)
-
-// WrapConfig is the configuration for panicwrap when wrapping an existing
-// binary. To get started, in general, you only need the BasicWrap function
-// that will set this up for you. However, for more customizability,
-// WrapConfig and Wrap can be used.
-type WrapConfig struct {
-	// Handler is the function called when a panic occurs.
-	Handler HandlerFunc
-
-	// The cookie key and value are used within environmental variables
-	// to tell the child process that it is already executing so that
-	// wrap doesn't re-wrap itself.
-	CookieKey   string
-	CookieValue string
-
-	// If true, the panic will not be mirrored to the configured writer
-	// and will instead ONLY go to the handler. This lets you effectively
-	// hide panics from the end user. This is not recommended because if
-	// your handler fails, the panic is effectively lost.
-	HidePanic bool
-
-	// If true, panicwrap will boot a monitor sub-process and let the parent
-	// run the app. This mode is useful for processes run under supervisors
-	// like runit as signals get sent to the correct codebase. This is not
-	// supported when GOOS=windows, and ignores c.Stderr and c.Stdout.
-	Monitor bool
-
-	// The amount of time that a process must exit within after detecting
-	// a panic header for panicwrap to assume it is a panic. Defaults to
-	// 300 milliseconds.
-	DetectDuration time.Duration
-
-	// The writer to send the stderr to. If this is nil, then it defaults
-	// to os.Stderr.
-	Writer io.Writer
-
-	// The writer to send stdout to. If this is nil, then it defaults to
-	// os.Stdout.
-	Stdout io.Writer
-}
-
-// BasicWrap calls Wrap with the given handler function, using defaults
-// for everything else. See Wrap and WrapConfig for more information on
-// functionality and return values.
-func BasicWrap(f HandlerFunc) (int, error) {
-	return Wrap(&WrapConfig{
-		Handler: f,
-	})
-}
-
-// BasicMonitor calls Wrap with Monitor set to true on supported platforms.
-// It forks your program and runs it again form the start. In one process
-// BasicMonitor never returns, it just listens on stderr of the other process,
-// and calls your handler when a panic is seen. In the other it either returns
-// nil to indicate that the panic monitoring is enabled, or an error to indicate
-// that something else went wrong.
-func BasicMonitor(f HandlerFunc) error {
-	exitStatus, err := Wrap(&WrapConfig{
-		Handler: f,
-		Monitor: runtime.GOOS != "windows",
-	})
-
-	if err != nil {
-		return err
-	}
-
-	if exitStatus >= 0 {
-		os.Exit(exitStatus)
-	}
-
-	return nil
-}
-
-// Wrap wraps the current executable in a handler to catch panics. It
-// returns an error if there was an error during the wrapping process.
-// If the error is nil, then the int result indicates the exit status of the
-// child process. If the exit status is -1, then this is the child process,
-// and execution should continue as normal. Otherwise, this is the parent
-// process and the child successfully ran already, and you should exit the
-// process with the returned exit status.
-//
-// This function should be called very very early in your program's execution.
-// Ideally, this runs as the first line of code of main.
-//
-// Once this is called, the given WrapConfig shouldn't be modified or used
-// any further.
-func Wrap(c *WrapConfig) (int, error) {
-	if c.Handler == nil {
-		return -1, errors.New("Handler must be set")
-	}
-
-	if c.DetectDuration == 0 {
-		c.DetectDuration = 300 * time.Millisecond
-	}
-
-	if c.Writer == nil {
-		c.Writer = os.Stderr
-	}
-
-	if c.Monitor {
-		return monitor(c)
-	} else {
-		return wrap(c)
-	}
-}
-
-func wrap(c *WrapConfig) (int, error) {
-
-	// If we're already wrapped, exit out.
-	if Wrapped(c) {
-		return -1, nil
-	}
-
-	// Get the path to our current executable
-	exePath, err := osext.Executable()
-	if err != nil {
-		return -1, err
-	}
-
-	// Pipe the stderr so we can read all the data as we look for panics
-	stderr_r, stderr_w := io.Pipe()
-
-	// doneCh is closed when we're done, signaling any other goroutines
-	// to end immediately.
-	doneCh := make(chan struct{})
-
-	// panicCh is the channel on which the panic text will actually be
-	// sent.
-	panicCh := make(chan string)
-
-	// On close, make sure to finish off the copying of data to stderr
-	defer func() {
-		defer close(doneCh)
-		stderr_w.Close()
-		<-panicCh
-	}()
-
-	// Start the goroutine that will watch stderr for any panics
-	go trackPanic(stderr_r, c.Writer, c.DetectDuration, panicCh)
-
-	// Create the writer for stdout that we're going to use
-	var stdout_w io.Writer = os.Stdout
-	if c.Stdout != nil {
-		stdout_w = c.Stdout
-	}
-
-	// Build a subcommand to re-execute ourselves. We make sure to
-	// set the environmental variable to include our cookie. We also
-	// set stdin/stdout to match the config. Finally, we pipe stderr
-	// through ourselves in order to watch for panics.
-	cmd := exec.Command(exePath, os.Args[1:]...)
-	cmd.Env = append(os.Environ(), c.CookieKey+"="+c.CookieValue)
-	cmd.Stdin = os.Stdin
-	cmd.Stdout = stdout_w
-	cmd.Stderr = stderr_w
-	if err := cmd.Start(); err != nil {
-		return 1, err
-	}
-
-	// Listen to signals and capture them forever. We allow the child
-	// process to handle them in some way.
-	sigCh := make(chan os.Signal)
-	signal.Notify(sigCh, os.Interrupt)
-	go func() {
-		defer signal.Stop(sigCh)
-		for {
-			select {
-			case <-doneCh:
-				return
-			case <-sigCh:
-			}
-		}
-	}()
-
-	if err := cmd.Wait(); err != nil {
-		exitErr, ok := err.(*exec.ExitError)
-		if !ok {
-			// This is some other kind of subprocessing error.
-			return 1, err
-		}
-
-		exitStatus := 1
-		if status, ok := exitErr.Sys().(syscall.WaitStatus); ok {
-			exitStatus = status.ExitStatus()
-		}
-
-		// Close the writer end so that the tracker goroutine ends at some point
-		stderr_w.Close()
-
-		// Wait on the panic data
-		panicTxt := <-panicCh
-		if panicTxt != "" {
-			if !c.HidePanic {
-				c.Writer.Write([]byte(panicTxt))
-			}
-
-			c.Handler(panicTxt)
-		}
-
-		return exitStatus, nil
-	}
-
-	return 0, nil
-}
-
-// Wrapped checks if we're already wrapped according to the configuration
-// given.
-//
-// Wrapped is very cheap and can be used early to short-circuit some pre-wrap
-// logic your application may have.
-func Wrapped(c *WrapConfig) bool {
-	if c.CookieKey == "" {
-		c.CookieKey = DEFAULT_COOKIE_KEY
-	}
-
-	if c.CookieValue == "" {
-		c.CookieValue = DEFAULT_COOKIE_VAL
-	}
-
-	// If the cookie key/value match our environment, then we are the
-	// child, so just exit now and tell the caller that we're the child
-	return os.Getenv(c.CookieKey) == c.CookieValue
-}
-
-// trackPanic monitors the given reader for a panic. If a panic is detected,
-// it is outputted on the result channel. This will close the channel once
-// it is complete.
-func trackPanic(r io.Reader, w io.Writer, dur time.Duration, result chan<- string) {
-	defer close(result)
-
-	var panicTimer <-chan time.Time
-	panicBuf := new(bytes.Buffer)
-	panicHeader := []byte("panic:")
-
-	tempBuf := make([]byte, 2048)
-	for {
-		var buf []byte
-		var n int
-
-		if panicTimer == nil && panicBuf.Len() > 0 {
-			// We're not tracking a panic but the buffer length is
-			// greater than 0. We need to clear out that buffer, but
-			// look for another panic along the way.
-
-			// First, remove the previous panic header so we don't loop
-			w.Write(panicBuf.Next(len(panicHeader)))
-
-			// Next, assume that this is our new buffer to inspect
-			n = panicBuf.Len()
-			buf = make([]byte, n)
-			copy(buf, panicBuf.Bytes())
-			panicBuf.Reset()
-		} else {
-			var err error
-			buf = tempBuf
-			n, err = r.Read(buf)
-			if n <= 0 && err == io.EOF {
-				if panicBuf.Len() > 0 {
-					// We were tracking a panic, assume it was a panic
-					// and return that as the result.
-					result <- panicBuf.String()
-				}
-
-				return
-			}
-		}
-
-		if panicTimer != nil {
-			// We're tracking what we think is a panic right now.
-			// If the timer ended, then it is not a panic.
-			isPanic := true
-			select {
-			case <-panicTimer:
-				isPanic = false
-			default:
-			}
-
-			// No matter what, buffer the text some more.
-			panicBuf.Write(buf[0:n])
-
-			if !isPanic {
-				// It isn't a panic, stop tracking. Clean-up will happen
-				// on the next iteration.
-				panicTimer = nil
-			}
-
-			continue
-		}
-
-		flushIdx := n
-		idx := bytes.Index(buf[0:n], panicHeader)
-		if idx >= 0 {
-			flushIdx = idx
-		}
-
-		// Flush to stderr what isn't a panic
-		w.Write(buf[0:flushIdx])
-
-		if idx < 0 {
-			// Not a panic so just continue along
-			continue
-		}
-
-		// We have a panic header. Write we assume is a panic os far.
-		panicBuf.Write(buf[idx:n])
-		panicTimer = time.After(dur)
-	}
-}
diff --git a/vendor/github.com/denverdino/aliyungo/LICENSE.txt b/vendor/github.com/denverdino/aliyungo/LICENSE.txt
deleted file mode 100644
index 918297133..000000000
--- a/vendor/github.com/denverdino/aliyungo/LICENSE.txt
+++ /dev/null
@@ -1,191 +0,0 @@
-
-                                 Apache License
-                           Version 2.0, January 2004
-                        https://www.apache.org/licenses/
-
-   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
-
-   1. Definitions.
-
-      "License" shall mean the terms and conditions for use, reproduction,
-      and distribution as defined by Sections 1 through 9 of this document.
-
-      "Licensor" shall mean the copyright owner or entity authorized by
-      the copyright owner that is granting the License.
-
-      "Legal Entity" shall mean the union of the acting entity and all
-      other entities that control, are controlled by, or are under common
-      control with that entity. For the purposes of this definition,
-      "control" means (i) the power, direct or indirect, to cause the
-      direction or management of such entity, whether by contract or
-      otherwise, or (ii) ownership of fifty percent (50%) or more of the
-      outstanding shares, or (iii) beneficial ownership of such entity.
-
-      "You" (or "Your") shall mean an individual or Legal Entity
-      exercising permissions granted by this License.
-
-      "Source" form shall mean the preferred form for making modifications,
-      including but not limited to software source code, documentation
-      source, and configuration files.
-
-      "Object" form shall mean any form resulting from mechanical
-      transformation or translation of a Source form, including but
-      not limited to compiled object code, generated documentation,
-      and conversions to other media types.
-
-      "Work" shall mean the work of authorship, whether in Source or
-      Object form, made available under the License, as indicated by a
-      copyright notice that is included in or attached to the work
-      (an example is provided in the Appendix below).
-
-      "Derivative Works" shall mean any work, whether in Source or Object
-      form, that is based on (or derived from) the Work and for which the
-      editorial revisions, annotations, elaborations, or other modifications
-      represent, as a whole, an original work of authorship. For the purposes
-      of this License, Derivative Works shall not include works that remain
-      separable from, or merely link (or bind by name) to the interfaces of,
-      the Work and Derivative Works thereof.
-
-      "Contribution" shall mean any work of authorship, including
-      the original version of the Work and any modifications or additions
-      to that Work or Derivative Works thereof, that is intentionally
-      submitted to Licensor for inclusion in the Work by the copyright owner
-      or by an individual or Legal Entity authorized to submit on behalf of
-      the copyright owner. For the purposes of this definition, "submitted"
-      means any form of electronic, verbal, or written communication sent
-      to the Licensor or its representatives, including but not limited to
-      communication on electronic mailing lists, source code control systems,
-      and issue tracking systems that are managed by, or on behalf of, the
-      Licensor for the purpose of discussing and improving the Work, but
-      excluding communication that is conspicuously marked or otherwise
-      designated in writing by the copyright owner as "Not a Contribution."
-
-      "Contributor" shall mean Licensor and any individual or Legal Entity
-      on behalf of whom a Contribution has been received by Licensor and
-      subsequently incorporated within the Work.
-
-   2. Grant of Copyright License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      copyright license to reproduce, prepare Derivative Works of,
-      publicly display, publicly perform, sublicense, and distribute the
-      Work and such Derivative Works in Source or Object form.
-
-   3. Grant of Patent License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      (except as stated in this section) patent license to make, have made,
-      use, offer to sell, sell, import, and otherwise transfer the Work,
-      where such license applies only to those patent claims licensable
-      by such Contributor that are necessarily infringed by their
-      Contribution(s) alone or by combination of their Contribution(s)
-      with the Work to which such Contribution(s) was submitted. If You
-      institute patent litigation against any entity (including a
-      cross-claim or counterclaim in a lawsuit) alleging that the Work
-      or a Contribution incorporated within the Work constitutes direct
-      or contributory patent infringement, then any patent licenses
-      granted to You under this License for that Work shall terminate
-      as of the date such litigation is filed.
-
-   4. Redistribution. You may reproduce and distribute copies of the
-      Work or Derivative Works thereof in any medium, with or without
-      modifications, and in Source or Object form, provided that You
-      meet the following conditions:
-
-      (a) You must give any other recipients of the Work or
-          Derivative Works a copy of this License; and
-
-      (b) You must cause any modified files to carry prominent notices
-          stating that You changed the files; and
-
-      (c) You must retain, in the Source form of any Derivative Works
-          that You distribute, all copyright, patent, trademark, and
-          attribution notices from the Source form of the Work,
-          excluding those notices that do not pertain to any part of
-          the Derivative Works; and
-
-      (d) If the Work includes a "NOTICE" text file as part of its
-          distribution, then any Derivative Works that You distribute must
-          include a readable copy of the attribution notices contained
-          within such NOTICE file, excluding those notices that do not
-          pertain to any part of the Derivative Works, in at least one
-          of the following places: within a NOTICE text file distributed
-          as part of the Derivative Works; within the Source form or
-          documentation, if provided along with the Derivative Works; or,
-          within a display generated by the Derivative Works, if and
-          wherever such third-party notices normally appear. The contents
-          of the NOTICE file are for informational purposes only and
-          do not modify the License. You may add Your own attribution
-          notices within Derivative Works that You distribute, alongside
-          or as an addendum to the NOTICE text from the Work, provided
-          that such additional attribution notices cannot be construed
-          as modifying the License.
-
-      You may add Your own copyright statement to Your modifications and
-      may provide additional or different license terms and conditions
-      for use, reproduction, or distribution of Your modifications, or
-      for any such Derivative Works as a whole, provided Your use,
-      reproduction, and distribution of the Work otherwise complies with
-      the conditions stated in this License.
-
-   5. Submission of Contributions. Unless You explicitly state otherwise,
-      any Contribution intentionally submitted for inclusion in the Work
-      by You to the Licensor shall be under the terms and conditions of
-      this License, without any additional terms or conditions.
-      Notwithstanding the above, nothing herein shall supersede or modify
-      the terms of any separate license agreement you may have executed
-      with Licensor regarding such Contributions.
-
-   6. Trademarks. This License does not grant permission to use the trade
-      names, trademarks, service marks, or product names of the Licensor,
-      except as required for reasonable and customary use in describing the
-      origin of the Work and reproducing the content of the NOTICE file.
-
-   7. Disclaimer of Warranty. Unless required by applicable law or
-      agreed to in writing, Licensor provides the Work (and each
-      Contributor provides its Contributions) on an "AS IS" BASIS,
-      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
-      implied, including, without limitation, any warranties or conditions
-      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
-      PARTICULAR PURPOSE. You are solely responsible for determining the
-      appropriateness of using or redistributing the Work and assume any
-      risks associated with Your exercise of permissions under this License.
-
-   8. Limitation of Liability. In no event and under no legal theory,
-      whether in tort (including negligence), contract, or otherwise,
-      unless required by applicable law (such as deliberate and grossly
-      negligent acts) or agreed to in writing, shall any Contributor be
-      liable to You for damages, including any direct, indirect, special,
-      incidental, or consequential damages of any character arising as a
-      result of this License or out of the use or inability to use the
-      Work (including but not limited to damages for loss of goodwill,
-      work stoppage, computer failure or malfunction, or any and all
-      other commercial damages or losses), even if such Contributor
-      has been advised of the possibility of such damages.
-
-   9. Accepting Warranty or Additional Liability. While redistributing
-      the Work or Derivative Works thereof, You may choose to offer,
-      and charge a fee for, acceptance of support, warranty, indemnity,
-      or other liability obligations and/or rights consistent with this
-      License. However, in accepting such obligations, You may act only
-      on Your own behalf and on Your sole responsibility, not on behalf
-      of any other Contributor, and only if You agree to indemnify,
-      defend, and hold each Contributor harmless for any liability
-      incurred by, or claims asserted against, such Contributor by reason
-      of your accepting any such warranty or additional liability.
-
-   END OF TERMS AND CONDITIONS
-
-   Copyright 2015-2015 Li Yi (denverdino@gmail.com).
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       https://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
diff --git a/vendor/github.com/denverdino/aliyungo/common/client.go b/vendor/github.com/denverdino/aliyungo/common/client.go
deleted file mode 100644
index 6c00d1c19..000000000
--- a/vendor/github.com/denverdino/aliyungo/common/client.go
+++ /dev/null
@@ -1,550 +0,0 @@
-package common
-
-import (
-	"bytes"
-	"encoding/json"
-	"errors"
-	"fmt"
-	"io/ioutil"
-	"log"
-	"net/http"
-	"net/url"
-	"os"
-	"strconv"
-	"strings"
-	"time"
-
-	"github.com/denverdino/aliyungo/util"
-)
-
-// RemovalPolicy.N add index to array item
-// RemovalPolicy=["a", "b"] => RemovalPolicy.1="a" RemovalPolicy.2="b"
-type FlattenArray []string
-
-// string contains underline which will be replaced with dot
-// SystemDisk_Category => SystemDisk.Category
-type UnderlineString string
-
-// A Client represents a client of ECS services
-type Client struct {
-	AccessKeyId     string //Access Key Id
-	AccessKeySecret string //Access Key Secret
-	securityToken   string
-	debug           bool
-	httpClient      *http.Client
-	endpoint        string
-	version         string
-	serviceCode     string
-	regionID        Region
-	businessInfo    string
-	userAgent       string
-}
-
-// Initialize properties of a client instance
-func (client *Client) Init(endpoint, version, accessKeyId, accessKeySecret string) {
-	client.AccessKeyId = accessKeyId
-	ak := accessKeySecret
-	if !strings.HasSuffix(ak, "&") {
-		ak += "&"
-	}
-	client.AccessKeySecret = ak
-	client.debug = false
-	handshakeTimeout, err := strconv.Atoi(os.Getenv("TLSHandshakeTimeout"))
-	if err != nil {
-		handshakeTimeout = 0
-	}
-	if handshakeTimeout == 0 {
-		client.httpClient = &http.Client{}
-	} else {
-		t := &http.Transport{
-			TLSHandshakeTimeout: time.Duration(handshakeTimeout) * time.Second}
-		client.httpClient = &http.Client{Transport: t}
-	}
-	client.endpoint = endpoint
-	client.version = version
-}
-
-// Initialize properties of a client instance including regionID
-func (client *Client) NewInit(endpoint, version, accessKeyId, accessKeySecret, serviceCode string, regionID Region) {
-	client.Init(endpoint, version, accessKeyId, accessKeySecret)
-	client.serviceCode = serviceCode
-	client.regionID = regionID
-}
-
-// Intialize client object when all properties are ready
-func (client *Client) InitClient() *Client {
-	client.debug = false
-	handshakeTimeout, err := strconv.Atoi(os.Getenv("TLSHandshakeTimeout"))
-	if err != nil {
-		handshakeTimeout = 0
-	}
-	if handshakeTimeout == 0 {
-		client.httpClient = &http.Client{}
-	} else {
-		t := &http.Transport{
-			TLSHandshakeTimeout: time.Duration(handshakeTimeout) * time.Second}
-		client.httpClient = &http.Client{Transport: t}
-	}
-	return client
-}
-
-func (client *Client) NewInitForAssumeRole(endpoint, version, accessKeyId, accessKeySecret, serviceCode string, regionID Region, securityToken string) {
-	client.NewInit(endpoint, version, accessKeyId, accessKeySecret, serviceCode, regionID)
-	client.securityToken = securityToken
-}
-
-//getLocationEndpoint
-func (client *Client) getEndpointByLocation() string {
-	locationClient := NewLocationClient(client.AccessKeyId, client.AccessKeySecret, client.securityToken)
-	locationClient.SetDebug(true)
-	return locationClient.DescribeOpenAPIEndpoint(client.regionID, client.serviceCode)
-}
-
-//NewClient using location service
-func (client *Client) setEndpointByLocation(region Region, serviceCode, accessKeyId, accessKeySecret, securityToken string) {
-	locationClient := NewLocationClient(accessKeyId, accessKeySecret, securityToken)
-	locationClient.SetDebug(true)
-	ep := locationClient.DescribeOpenAPIEndpoint(region, serviceCode)
-	if ep == "" {
-		ep = loadEndpointFromFile(region, serviceCode)
-	}
-
-	if ep != "" {
-		client.endpoint = ep
-	}
-}
-
-// Ensure all necessary properties are valid
-func (client *Client) ensureProperties() error {
-	var msg string
-
-	if client.endpoint == "" {
-		msg = fmt.Sprintf("endpoint cannot be empty!")
-	} else if client.version == "" {
-		msg = fmt.Sprintf("version cannot be empty!")
-	} else if client.AccessKeyId == "" {
-		msg = fmt.Sprintf("AccessKeyId cannot be empty!")
-	} else if client.AccessKeySecret == "" {
-		msg = fmt.Sprintf("AccessKeySecret cannot be empty!")
-	}
-
-	if msg != "" {
-		return errors.New(msg)
-	}
-
-	return nil
-}
-
-// ----------------------------------------------------
-// WithXXX methods
-// ----------------------------------------------------
-
-// WithEndpoint sets custom endpoint
-func (client *Client) WithEndpoint(endpoint string) *Client {
-	client.SetEndpoint(endpoint)
-	return client
-}
-
-// WithVersion sets custom version
-func (client *Client) WithVersion(version string) *Client {
-	client.SetVersion(version)
-	return client
-}
-
-// WithRegionID sets Region ID
-func (client *Client) WithRegionID(regionID Region) *Client {
-	client.SetRegionID(regionID)
-	return client
-}
-
-//WithServiceCode sets serviceCode
-func (client *Client) WithServiceCode(serviceCode string) *Client {
-	client.SetServiceCode(serviceCode)
-	return client
-}
-
-// WithAccessKeyId sets new AccessKeyId
-func (client *Client) WithAccessKeyId(id string) *Client {
-	client.SetAccessKeyId(id)
-	return client
-}
-
-// WithAccessKeySecret sets new AccessKeySecret
-func (client *Client) WithAccessKeySecret(secret string) *Client {
-	client.SetAccessKeySecret(secret)
-	return client
-}
-
-// WithSecurityToken sets securityToken
-func (client *Client) WithSecurityToken(securityToken string) *Client {
-	client.SetSecurityToken(securityToken)
-	return client
-}
-
-// WithDebug sets debug mode to log the request/response message
-func (client *Client) WithDebug(debug bool) *Client {
-	client.SetDebug(debug)
-	return client
-}
-
-// WithBusinessInfo sets business info to log the request/response message
-func (client *Client) WithBusinessInfo(businessInfo string) *Client {
-	client.SetBusinessInfo(businessInfo)
-	return client
-}
-
-// WithUserAgent sets user agent to the request/response message
-func (client *Client) WithUserAgent(userAgent string) *Client {
-	client.SetUserAgent(userAgent)
-	return client
-}
-
-// ----------------------------------------------------
-// SetXXX methods
-// ----------------------------------------------------
-
-// SetEndpoint sets custom endpoint
-func (client *Client) SetEndpoint(endpoint string) {
-	client.endpoint = endpoint
-}
-
-// SetEndpoint sets custom version
-func (client *Client) SetVersion(version string) {
-	client.version = version
-}
-
-// SetEndpoint sets Region ID
-func (client *Client) SetRegionID(regionID Region) {
-	client.regionID = regionID
-}
-
-//SetServiceCode sets serviceCode
-func (client *Client) SetServiceCode(serviceCode string) {
-	client.serviceCode = serviceCode
-}
-
-// SetAccessKeyId sets new AccessKeyId
-func (client *Client) SetAccessKeyId(id string) {
-	client.AccessKeyId = id
-}
-
-// SetAccessKeySecret sets new AccessKeySecret
-func (client *Client) SetAccessKeySecret(secret string) {
-	client.AccessKeySecret = secret + "&"
-}
-
-// SetDebug sets debug mode to log the request/response message
-func (client *Client) SetDebug(debug bool) {
-	client.debug = debug
-}
-
-// SetBusinessInfo sets business info to log the request/response message
-func (client *Client) SetBusinessInfo(businessInfo string) {
-	if strings.HasPrefix(businessInfo, "/") {
-		client.businessInfo = businessInfo
-	} else if businessInfo != "" {
-		client.businessInfo = "/" + businessInfo
-	}
-}
-
-// SetUserAgent sets user agent to the request/response message
-func (client *Client) SetUserAgent(userAgent string) {
-	client.userAgent = userAgent
-}
-
-//set SecurityToken
-func (client *Client) SetSecurityToken(securityToken string) {
-	client.securityToken = securityToken
-}
-
-func (client *Client) initEndpoint() error {
-	// if set any value to "CUSTOMIZED_ENDPOINT" could skip location service.
-	// example: export CUSTOMIZED_ENDPOINT=true
-	if os.Getenv("CUSTOMIZED_ENDPOINT") != "" {
-		return nil
-	}
-
-	if client.serviceCode != "" && client.regionID != "" {
-		endpoint := client.getEndpointByLocation()
-		if endpoint == "" {
-			return GetCustomError("InvalidEndpoint", "endpoint is empty,pls check")
-		}
-		client.endpoint = endpoint
-	}
-	return nil
-}
-
-// Invoke sends the raw HTTP request for ECS services
-func (client *Client) Invoke(action string, args interface{}, response interface{}) error {
-	if err := client.ensureProperties(); err != nil {
-		return err
-	}
-
-	//init endpoint
-	if err := client.initEndpoint(); err != nil {
-		return err
-	}
-
-	request := Request{}
-	request.init(client.version, action, client.AccessKeyId, client.securityToken, client.regionID)
-
-	query := util.ConvertToQueryValues(request)
-	util.SetQueryValues(args, &query)
-
-	// Sign request
-	signature := util.CreateSignatureForRequest(ECSRequestMethod, &query, client.AccessKeySecret)
-
-	// Generate the request URL
-	requestURL := client.endpoint + "?" + query.Encode() + "&Signature=" + url.QueryEscape(signature)
-
-	httpReq, err := http.NewRequest(ECSRequestMethod, requestURL, nil)
-
-	if err != nil {
-		return GetClientError(err)
-	}
-
-	// TODO move to util and add build val flag
-	httpReq.Header.Set("X-SDK-Client", `AliyunGO/`+Version+client.businessInfo)
-
-	httpReq.Header.Set("User-Agent", httpReq.UserAgent()+" "+client.userAgent)
-
-	t0 := time.Now()
-	httpResp, err := client.httpClient.Do(httpReq)
-	t1 := time.Now()
-	if err != nil {
-		return GetClientError(err)
-	}
-	statusCode := httpResp.StatusCode
-
-	if client.debug {
-		log.Printf("Invoke %s %s %d (%v)", ECSRequestMethod, requestURL, statusCode, t1.Sub(t0))
-	}
-
-	defer httpResp.Body.Close()
-	body, err := ioutil.ReadAll(httpResp.Body)
-
-	if err != nil {
-		return GetClientError(err)
-	}
-
-	if client.debug {
-		var prettyJSON bytes.Buffer
-		err = json.Indent(&prettyJSON, body, "", "    ")
-		log.Println(string(prettyJSON.Bytes()))
-	}
-
-	if statusCode >= 400 && statusCode <= 599 {
-		errorResponse := ErrorResponse{}
-		err = json.Unmarshal(body, &errorResponse)
-		ecsError := &Error{
-			ErrorResponse: errorResponse,
-			StatusCode:    statusCode,
-		}
-		return ecsError
-	}
-
-	err = json.Unmarshal(body, response)
-	//log.Printf("%++v", response)
-	if err != nil {
-		return GetClientError(err)
-	}
-
-	return nil
-}
-
-// Invoke sends the raw HTTP request for ECS services
-func (client *Client) InvokeByFlattenMethod(action string, args interface{}, response interface{}) error {
-	if err := client.ensureProperties(); err != nil {
-		return err
-	}
-
-	//init endpoint
-	if err := client.initEndpoint(); err != nil {
-		return err
-	}
-
-	request := Request{}
-	request.init(client.version, action, client.AccessKeyId, client.securityToken, client.regionID)
-
-	query := util.ConvertToQueryValues(request)
-
-	util.SetQueryValueByFlattenMethod(args, &query)
-
-	// Sign request
-	signature := util.CreateSignatureForRequest(ECSRequestMethod, &query, client.AccessKeySecret)
-
-	// Generate the request URL
-	requestURL := client.endpoint + "?" + query.Encode() + "&Signature=" + url.QueryEscape(signature)
-
-	httpReq, err := http.NewRequest(ECSRequestMethod, requestURL, nil)
-
-	if err != nil {
-		return GetClientError(err)
-	}
-
-	// TODO move to util and add build val flag
-	httpReq.Header.Set("X-SDK-Client", `AliyunGO/`+Version+client.businessInfo)
-
-	httpReq.Header.Set("User-Agent", httpReq.UserAgent()+" "+client.userAgent)
-
-	t0 := time.Now()
-	httpResp, err := client.httpClient.Do(httpReq)
-	t1 := time.Now()
-	if err != nil {
-		return GetClientError(err)
-	}
-	statusCode := httpResp.StatusCode
-
-	if client.debug {
-		log.Printf("Invoke %s %s %d (%v)", ECSRequestMethod, requestURL, statusCode, t1.Sub(t0))
-	}
-
-	defer httpResp.Body.Close()
-	body, err := ioutil.ReadAll(httpResp.Body)
-
-	if err != nil {
-		return GetClientError(err)
-	}
-
-	if client.debug {
-		var prettyJSON bytes.Buffer
-		err = json.Indent(&prettyJSON, body, "", "    ")
-		log.Println(string(prettyJSON.Bytes()))
-	}
-
-	if statusCode >= 400 && statusCode <= 599 {
-		errorResponse := ErrorResponse{}
-		err = json.Unmarshal(body, &errorResponse)
-		ecsError := &Error{
-			ErrorResponse: errorResponse,
-			StatusCode:    statusCode,
-		}
-		return ecsError
-	}
-
-	err = json.Unmarshal(body, response)
-	//log.Printf("%++v", response)
-	if err != nil {
-		return GetClientError(err)
-	}
-
-	return nil
-}
-
-// Invoke sends the raw HTTP request for ECS services
-//改进了一下上面那个方法，可以使用各种Http方法
-//2017.1.30 增加了一个path参数，用来拓展访问的地址
-func (client *Client) InvokeByAnyMethod(method, action, path string, args interface{}, response interface{}) error {
-	if err := client.ensureProperties(); err != nil {
-		return err
-	}
-
-	//init endpoint
-	if err := client.initEndpoint(); err != nil {
-		return err
-	}
-
-	request := Request{}
-	request.init(client.version, action, client.AccessKeyId, client.securityToken, client.regionID)
-	data := util.ConvertToQueryValues(request)
-	util.SetQueryValues(args, &data)
-
-	// Sign request
-	signature := util.CreateSignatureForRequest(method, &data, client.AccessKeySecret)
-
-	data.Add("Signature", signature)
-	// Generate the request URL
-	var (
-		httpReq *http.Request
-		err     error
-	)
-	if method == http.MethodGet {
-		requestURL := client.endpoint + path + "?" + data.Encode()
-		//fmt.Println(requestURL)
-		httpReq, err = http.NewRequest(method, requestURL, nil)
-	} else {
-		//fmt.Println(client.endpoint + path)
-		httpReq, err = http.NewRequest(method, client.endpoint+path, strings.NewReader(data.Encode()))
-		httpReq.Header.Set("Content-Type", "application/x-www-form-urlencoded")
-	}
-
-	if err != nil {
-		return GetClientError(err)
-	}
-
-	// TODO move to util and add build val flag
-	httpReq.Header.Set("X-SDK-Client", `AliyunGO/`+Version+client.businessInfo)
-	httpReq.Header.Set("User-Agent", httpReq.Header.Get("User-Agent")+" "+client.userAgent)
-
-	t0 := time.Now()
-	httpResp, err := client.httpClient.Do(httpReq)
-	t1 := time.Now()
-	if err != nil {
-		return GetClientError(err)
-	}
-	statusCode := httpResp.StatusCode
-
-	if client.debug {
-		log.Printf("Invoke %s %s %d (%v) %v", ECSRequestMethod, client.endpoint, statusCode, t1.Sub(t0), data.Encode())
-	}
-
-	defer httpResp.Body.Close()
-	body, err := ioutil.ReadAll(httpResp.Body)
-
-	if err != nil {
-		return GetClientError(err)
-	}
-
-	if client.debug {
-		var prettyJSON bytes.Buffer
-		err = json.Indent(&prettyJSON, body, "", "    ")
-		log.Println(string(prettyJSON.Bytes()))
-	}
-
-	if statusCode >= 400 && statusCode <= 599 {
-		errorResponse := ErrorResponse{}
-		err = json.Unmarshal(body, &errorResponse)
-		ecsError := &Error{
-			ErrorResponse: errorResponse,
-			StatusCode:    statusCode,
-		}
-		return ecsError
-	}
-
-	err = json.Unmarshal(body, response)
-	//log.Printf("%++v", response)
-	if err != nil {
-		return GetClientError(err)
-	}
-
-	return nil
-}
-
-// GenerateClientToken generates the Client Token with random string
-func (client *Client) GenerateClientToken() string {
-	return util.CreateRandomString()
-}
-
-func GetClientErrorFromString(str string) error {
-	return &Error{
-		ErrorResponse: ErrorResponse{
-			Code:    "AliyunGoClientFailure",
-			Message: str,
-		},
-		StatusCode: -1,
-	}
-}
-
-func GetClientError(err error) error {
-	return GetClientErrorFromString(err.Error())
-}
-
-func GetCustomError(code, message string) error {
-	return &Error{
-		ErrorResponse: ErrorResponse{
-			Code:    code,
-			Message: message,
-		},
-		StatusCode: 400,
-	}
-}
diff --git a/vendor/github.com/denverdino/aliyungo/common/endpoint.go b/vendor/github.com/denverdino/aliyungo/common/endpoint.go
deleted file mode 100644
index 757f7a784..000000000
--- a/vendor/github.com/denverdino/aliyungo/common/endpoint.go
+++ /dev/null
@@ -1,208 +0,0 @@
-package common
-
-import (
-	"encoding/xml"
-	"fmt"
-	"io/ioutil"
-	"log"
-	"os"
-	"strings"
-	"time"
-)
-
-const (
-	// LocationDefaultEndpoint is the default API endpoint of Location services
-	locationDefaultEndpoint = "https://location.aliyuncs.com"
-	locationAPIVersion      = "2015-06-12"
-	HTTP_PROTOCOL           = "http"
-	HTTPS_PROTOCOL          = "https"
-)
-
-var (
-	endpoints = make(map[Region]map[string]string)
-
-	SpecailEnpoints = map[Region]map[string]string{
-		APNorthEast1: {
-			"ecs": "https://ecs.ap-northeast-1.aliyuncs.com",
-			"slb": "https://slb.ap-northeast-1.aliyuncs.com",
-			"rds": "https://rds.ap-northeast-1.aliyuncs.com",
-			"vpc": "https://vpc.ap-northeast-1.aliyuncs.com",
-		},
-		APSouthEast2: {
-			"ecs": "https://ecs.ap-southeast-2.aliyuncs.com",
-			"slb": "https://slb.ap-southeast-2.aliyuncs.com",
-			"rds": "https://rds.ap-southeast-2.aliyuncs.com",
-			"vpc": "https://vpc.ap-southeast-2.aliyuncs.com",
-		},
-		APSouthEast3: {
-			"ecs": "https://ecs.ap-southeast-3.aliyuncs.com",
-			"slb": "https://slb.ap-southeast-3.aliyuncs.com",
-			"rds": "https://rds.ap-southeast-3.aliyuncs.com",
-			"vpc": "https://vpc.ap-southeast-3.aliyuncs.com",
-		},
-		MEEast1: {
-			"ecs": "https://ecs.me-east-1.aliyuncs.com",
-			"slb": "https://slb.me-east-1.aliyuncs.com",
-			"rds": "https://rds.me-east-1.aliyuncs.com",
-			"vpc": "https://vpc.me-east-1.aliyuncs.com",
-		},
-		EUCentral1: {
-			"ecs": "https://ecs.eu-central-1.aliyuncs.com",
-			"slb": "https://slb.eu-central-1.aliyuncs.com",
-			"rds": "https://rds.eu-central-1.aliyuncs.com",
-			"vpc": "https://vpc.eu-central-1.aliyuncs.com",
-		},
-		EUWest1: {
-			"ecs": "https://ecs.eu-west-1.aliyuncs.com",
-			"slb": "https://slb.eu-west-1.aliyuncs.com",
-			"rds": "https://rds.eu-west-1.aliyuncs.com",
-			"vpc": "https://vpc.eu-west-1.aliyuncs.com",
-		},
-		Zhangjiakou: {
-			"ecs": "https://ecs.cn-zhangjiakou.aliyuncs.com",
-			"slb": "https://slb.cn-zhangjiakou.aliyuncs.com",
-			"rds": "https://rds.cn-zhangjiakou.aliyuncs.com",
-			"vpc": "https://vpc.cn-zhangjiakou.aliyuncs.com",
-		},
-		Huhehaote: {
-			"ecs": "https://ecs.cn-huhehaote.aliyuncs.com",
-			"slb": "https://slb.cn-huhehaote.aliyuncs.com",
-			"rds": "https://rds.cn-huhehaote.aliyuncs.com",
-			"vpc": "https://vpc.cn-huhehaote.aliyuncs.com",
-		},
-	}
-)
-
-//init endpoints from file
-func init() {
-
-}
-
-type LocationClient struct {
-	Client
-}
-
-func NewLocationClient(accessKeyId, accessKeySecret, securityToken string) *LocationClient {
-	endpoint := os.Getenv("LOCATION_ENDPOINT")
-	if endpoint == "" {
-		endpoint = locationDefaultEndpoint
-	}
-
-	client := &LocationClient{}
-	client.Init(endpoint, locationAPIVersion, accessKeyId, accessKeySecret)
-	client.securityToken = securityToken
-	return client
-}
-
-func NewLocationClientWithSecurityToken(accessKeyId, accessKeySecret, securityToken string) *LocationClient {
-	endpoint := os.Getenv("LOCATION_ENDPOINT")
-	if endpoint == "" {
-		endpoint = locationDefaultEndpoint
-	}
-
-	client := &LocationClient{}
-	client.WithEndpoint(endpoint).
-		WithVersion(locationAPIVersion).
-		WithAccessKeyId(accessKeyId).
-		WithAccessKeySecret(accessKeySecret).
-		WithSecurityToken(securityToken).
-		InitClient()
-	return client
-}
-
-func (client *LocationClient) DescribeEndpoint(args *DescribeEndpointArgs) (*DescribeEndpointResponse, error) {
-	response := &DescribeEndpointResponse{}
-	err := client.Invoke("DescribeEndpoint", args, response)
-	if err != nil {
-		return nil, err
-	}
-	return response, err
-}
-
-func (client *LocationClient) DescribeEndpoints(args *DescribeEndpointsArgs) (*DescribeEndpointsResponse, error) {
-	response := &DescribeEndpointsResponse{}
-	err := client.Invoke("DescribeEndpoints", args, response)
-	if err != nil {
-		return nil, err
-	}
-	return response, err
-}
-
-func getProductRegionEndpoint(region Region, serviceCode string) string {
-	if sp, ok := endpoints[region]; ok {
-		if endpoint, ok := sp[serviceCode]; ok {
-			return endpoint
-		}
-	}
-
-	return ""
-}
-
-func setProductRegionEndpoint(region Region, serviceCode string, endpoint string) {
-	endpoints[region] = map[string]string{
-		serviceCode: endpoint,
-	}
-}
-
-func (client *LocationClient) DescribeOpenAPIEndpoint(region Region, serviceCode string) string {
-	if endpoint := getProductRegionEndpoint(region, serviceCode); endpoint != "" {
-		return endpoint
-	}
-	defaultProtocols := HTTP_PROTOCOL
-
-	args := &DescribeEndpointsArgs{
-		Id:          region,
-		ServiceCode: serviceCode,
-		Type:        "openAPI",
-	}
-
-	var endpoint *DescribeEndpointsResponse
-	var err error
-	for index := 0; index < 5; index++ {
-		endpoint, err = client.DescribeEndpoints(args)
-		if err == nil && endpoint != nil && len(endpoint.Endpoints.Endpoint) > 0 {
-			break
-		}
-		time.Sleep(500 * time.Millisecond)
-	}
-
-	if err != nil || endpoint == nil || len(endpoint.Endpoints.Endpoint) <= 0 {
-		log.Printf("aliyungo: can not get endpoint from service, use default. endpoint=[%v], error=[%v]\n", endpoint, err)
-		return ""
-	}
-
-	for _, protocol := range endpoint.Endpoints.Endpoint[0].Protocols.Protocols {
-		if strings.ToLower(protocol) == HTTPS_PROTOCOL {
-			defaultProtocols = HTTPS_PROTOCOL
-			break
-		}
-	}
-
-	ep := fmt.Sprintf("%s://%s", defaultProtocols, endpoint.Endpoints.Endpoint[0].Endpoint)
-
-	setProductRegionEndpoint(region, serviceCode, ep)
-	return ep
-}
-
-func loadEndpointFromFile(region Region, serviceCode string) string {
-	data, err := ioutil.ReadFile("./endpoints.xml")
-	if err != nil {
-		return ""
-	}
-	var endpoints Endpoints
-	err = xml.Unmarshal(data, &endpoints)
-	if err != nil {
-		return ""
-	}
-	for _, endpoint := range endpoints.Endpoint {
-		if endpoint.RegionIds.RegionId == string(region) {
-			for _, product := range endpoint.Products.Product {
-				if strings.ToLower(product.ProductName) == serviceCode {
-					return fmt.Sprintf("%s://%s", HTTPS_PROTOCOL, product.DomainName)
-				}
-			}
-		}
-	}
-
-	return ""
-}
diff --git a/vendor/github.com/denverdino/aliyungo/common/endpoints.xml b/vendor/github.com/denverdino/aliyungo/common/endpoints.xml
deleted file mode 100644
index 26ea765b2..000000000
--- a/vendor/github.com/denverdino/aliyungo/common/endpoints.xml
+++ /dev/null
@@ -1,1370 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<Endpoints>
-    <Endpoint name="jp-fudao-1">
-        <RegionIds><RegionId>jp-fudao-1</RegionId></RegionIds>
-        <Products>
-            <Product><ProductName>Ecs</ProductName><DomainName>ecs-cn-hangzhou.aliyuncs.com</DomainName></Product>
-        </Products>
-    </Endpoint>
-    <Endpoint name="me-east-1">
-        <RegionIds><RegionId>me-east-1</RegionId></RegionIds>
-        <Products>
-            <Product><ProductName>Rds</ProductName><DomainName>rds.me-east-1.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ecs</ProductName><DomainName>ecs.me-east-1.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Vpc</ProductName><DomainName>vpc.me-east-1.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Kms</ProductName><DomainName>kms.me-east-1.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Cms</ProductName><DomainName>metrics.cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Slb</ProductName><DomainName>slb.me-east-1.aliyuncs.com</DomainName></Product>
-        </Products>
-    </Endpoint>
-    <Endpoint name="us-east-1">
-        <RegionIds><RegionId>us-east-1</RegionId></RegionIds>
-        <Products>
-            <Product><ProductName>CS</ProductName><DomainName>cs.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Push</ProductName><DomainName>cloudpush.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>COS</ProductName><DomainName>cos.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ess</ProductName><DomainName>ess.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ace-ops</ProductName><DomainName>ace-ops.cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Billing</ProductName><DomainName>billing.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Dqs</ProductName><DomainName>dqs.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Dds</ProductName><DomainName>mongodb.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Emr</ProductName><DomainName>emr.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Sms</ProductName><DomainName>sms.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Jaq</ProductName><DomainName>jaq.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>HPC</ProductName><DomainName>hpc.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Location</ProductName><DomainName>location.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>ChargingService</ProductName><DomainName>chargingservice.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Msg</ProductName><DomainName>msg-inner.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Commondriver</ProductName><DomainName>common.driver.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>R-kvstore</ProductName><DomainName>r-kvstore-cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Bss</ProductName><DomainName>bss.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Workorder</ProductName><DomainName>workorder.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ocs</ProductName><DomainName>m-kvstore.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Yundun</ProductName><DomainName>yundun-cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ubsms-inner</ProductName><DomainName>ubsms-inner.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Dm</ProductName><DomainName>dm.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Green</ProductName><DomainName>green.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Risk</ProductName><DomainName>risk-cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>oceanbase</ProductName><DomainName>oceanbase.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Msc</ProductName><DomainName>msc-inner.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Yundunhsm</ProductName><DomainName>yundunhsm.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Iot</ProductName><DomainName>iot.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>jaq</ProductName><DomainName>jaq.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Oms</ProductName><DomainName>oms.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>live</ProductName><DomainName>live.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ecs</ProductName><DomainName>ecs-cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ubsms</ProductName><DomainName>ubsms.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Vpc</ProductName><DomainName>vpc.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Alert</ProductName><DomainName>alert.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ace</ProductName><DomainName>ace.cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>AMS</ProductName><DomainName>ams.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>ROS</ProductName><DomainName>ros.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>PTS</ProductName><DomainName>pts.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Qualitycheck</ProductName><DomainName>qualitycheck.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>M-kvstore</ProductName><DomainName>m-kvstore.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>HighDDos</ProductName><DomainName>yd-highddos-cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>CmsSiteMonitor</ProductName><DomainName>sitemonitor.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Rds</ProductName><DomainName>rds.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>BatchCompute</ProductName><DomainName>batchCompute.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>CF</ProductName><DomainName>cf.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Drds</ProductName><DomainName>drds.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Acs</ProductName><DomainName>acs.aliyun-inc.com</DomainName></Product>
-            <Product><ProductName>Httpdns</ProductName><DomainName>httpdns-api.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Location-inner</ProductName><DomainName>location-inner.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Aas</ProductName><DomainName>aas.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Sts</ProductName><DomainName>sts.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Dts</ProductName><DomainName>dts.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Drc</ProductName><DomainName>drc.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Vpc-inner</ProductName><DomainName>vpc-inner.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Cms</ProductName><DomainName>metrics.cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Slb</ProductName><DomainName>slb.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Crm</ProductName><DomainName>crm-cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Domain</ProductName><DomainName>domain.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ots</ProductName><DomainName>ots-pop.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Oss</ProductName><DomainName>oss-cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ram</ProductName><DomainName>ram.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Sales</ProductName><DomainName>sales.cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>OssAdmin</ProductName><DomainName>oss-admin.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Alidns</ProductName><DomainName>alidns.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ons</ProductName><DomainName>ons.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Cdn</ProductName><DomainName>cdn.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>YundunDdos</ProductName><DomainName>inner-yundun-ddos.cn-hangzhou.aliyuncs.com</DomainName></Product>
-        </Products>
-    </Endpoint>
-    <Endpoint name="ap-northeast-1">
-        <RegionIds><RegionId>ap-northeast-1</RegionId></RegionIds>
-        <Products>
-            <Product><ProductName>Rds</ProductName><DomainName>rds.ap-northeast-1.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Kms</ProductName><DomainName>kms.ap-northeast-1.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Vpc</ProductName><DomainName>vpc.ap-northeast-1.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ecs</ProductName><DomainName>ecs.ap-northeast-1.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Cms</ProductName><DomainName>metrics.ap-northeast-1.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Kvstore</ProductName><DomainName>r-kvstore.ap-northeast-1.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Slb</ProductName><DomainName>slb.ap-northeast-1.aliyuncs.com</DomainName></Product>
-        </Products>
-    </Endpoint>
-    <Endpoint name="cn-hangzhou-bj-b01">
-        <RegionIds><RegionId>cn-hangzhou-bj-b01</RegionId></RegionIds>
-        <Products>
-            <Product><ProductName>Ecs</ProductName><DomainName>ecs-cn-hangzhou.aliyuncs.com</DomainName></Product>
-        </Products>
-    </Endpoint>
-    <Endpoint name="cn-hongkong">
-        <RegionIds><RegionId>cn-hongkong</RegionId></RegionIds>
-        <Products>
-            <Product><ProductName>Push</ProductName><DomainName>cloudpush.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>COS</ProductName><DomainName>cos.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ons</ProductName><DomainName>ons.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ess</ProductName><DomainName>ess.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ace-ops</ProductName><DomainName>ace-ops.cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Billing</ProductName><DomainName>billing.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Dqs</ProductName><DomainName>dqs.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Dds</ProductName><DomainName>mongodb.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Emr</ProductName><DomainName>emr.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Sms</ProductName><DomainName>sms.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Jaq</ProductName><DomainName>jaq.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>CS</ProductName><DomainName>cs.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Kms</ProductName><DomainName>kms.cn-hongkong.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Location</ProductName><DomainName>location.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Msg</ProductName><DomainName>msg-inner.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>ChargingService</ProductName><DomainName>chargingservice.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>R-kvstore</ProductName><DomainName>r-kvstore-cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Alert</ProductName><DomainName>alert.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Msc</ProductName><DomainName>msc-inner.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Drc</ProductName><DomainName>drc.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Yundun</ProductName><DomainName>yundun-cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ubsms-inner</ProductName><DomainName>ubsms-inner.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ocs</ProductName><DomainName>m-kvstore.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Dm</ProductName><DomainName>dm.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Risk</ProductName><DomainName>risk-cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>oceanbase</ProductName><DomainName>oceanbase.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Workorder</ProductName><DomainName>workorder.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Yundunhsm</ProductName><DomainName>yundunhsm.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Iot</ProductName><DomainName>iot.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>HPC</ProductName><DomainName>hpc.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>jaq</ProductName><DomainName>jaq.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Oms</ProductName><DomainName>oms.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>live</ProductName><DomainName>live.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ecs</ProductName><DomainName>ecs-cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>M-kvstore</ProductName><DomainName>m-kvstore.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Vpc</ProductName><DomainName>vpc.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>BatchCompute</ProductName><DomainName>batchCompute.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>AMS</ProductName><DomainName>ams.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>ROS</ProductName><DomainName>ros.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>PTS</ProductName><DomainName>pts.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Qualitycheck</ProductName><DomainName>qualitycheck.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Bss</ProductName><DomainName>bss.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ubsms</ProductName><DomainName>ubsms.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>CloudAPI</ProductName><DomainName>apigateway.cn-hongkong.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Sts</ProductName><DomainName>sts.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>CmsSiteMonitor</ProductName><DomainName>sitemonitor.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ace</ProductName><DomainName>ace.cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Mts</ProductName><DomainName>mts.cn-hongkong.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Location-inner</ProductName><DomainName>location-inner.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>CF</ProductName><DomainName>cf.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Acs</ProductName><DomainName>acs.aliyun-inc.com</DomainName></Product>
-            <Product><ProductName>Httpdns</ProductName><DomainName>httpdns-api.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Green</ProductName><DomainName>green.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Aas</ProductName><DomainName>aas.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Alidns</ProductName><DomainName>alidns.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Dts</ProductName><DomainName>dts.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>HighDDos</ProductName><DomainName>yd-highddos-cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Vpc-inner</ProductName><DomainName>vpc-inner.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Cms</ProductName><DomainName>metrics.cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Slb</ProductName><DomainName>slb.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Commondriver</ProductName><DomainName>common.driver.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Domain</ProductName><DomainName>domain.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ots</ProductName><DomainName>ots-pop.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Cdn</ProductName><DomainName>cdn.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ram</ProductName><DomainName>ram.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Drds</ProductName><DomainName>drds.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Rds</ProductName><DomainName>rds.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Crm</ProductName><DomainName>crm-cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>OssAdmin</ProductName><DomainName>oss-admin.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Sales</ProductName><DomainName>sales.cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>YundunDdos</ProductName><DomainName>inner-yundun-ddos.cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Oss</ProductName><DomainName>oss-cn-hongkong.aliyuncs.com</DomainName></Product>
-        </Products>
-    </Endpoint>
-    <Endpoint name="cn-beijing-nu16-b01">
-        <RegionIds><RegionId>cn-beijing-nu16-b01</RegionId></RegionIds>
-        <Products>
-            <Product><ProductName>Ecs</ProductName><DomainName>ecs-cn-hangzhou.aliyuncs.com</DomainName></Product>
-        </Products>
-    </Endpoint>
-    <Endpoint name="cn-beijing-am13-c01">
-        <RegionIds><RegionId>cn-beijing-am13-c01</RegionId></RegionIds>
-        <Products>
-            <Product><ProductName>Ecs</ProductName><DomainName>ecs-cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Vpc</ProductName><DomainName>vpc.aliyuncs.com</DomainName></Product>
-        </Products>
-    </Endpoint>
-    <Endpoint name="in-west-antgroup-1">
-        <RegionIds><RegionId>in-west-antgroup-1</RegionId></RegionIds>
-        <Products>
-            <Product><ProductName>Ecs</ProductName><DomainName>ecs-cn-hangzhou.aliyuncs.com</DomainName></Product>
-        </Products>
-    </Endpoint>
-    <Endpoint name="cn-guizhou-gov">
-        <RegionIds><RegionId>cn-guizhou-gov</RegionId></RegionIds>
-        <Products>
-            <Product><ProductName>Ecs</ProductName><DomainName>ecs-cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Vpc</ProductName><DomainName>vpc.aliyuncs.com</DomainName></Product>
-        </Products>
-    </Endpoint>
-    <Endpoint name="in-west-antgroup-2">
-        <RegionIds><RegionId>in-west-antgroup-2</RegionId></RegionIds>
-        <Products>
-            <Product><ProductName>Ecs</ProductName><DomainName>ecs-cn-hangzhou.aliyuncs.com</DomainName></Product>
-        </Products>
-    </Endpoint>
-    <Endpoint name="cn-qingdao-cm9">
-        <RegionIds><RegionId>cn-qingdao-cm9</RegionId></RegionIds>
-        <Products>
-            <Product><ProductName>CS</ProductName><DomainName>cs.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Risk</ProductName><DomainName>risk-cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>COS</ProductName><DomainName>cos.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ess</ProductName><DomainName>ess.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Billing</ProductName><DomainName>billing.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Dqs</ProductName><DomainName>dqs.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Dds</ProductName><DomainName>mongodb.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Alidns</ProductName><DomainName>alidns.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Sms</ProductName><DomainName>sms.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Drds</ProductName><DomainName>drds.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>HPC</ProductName><DomainName>hpc.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Location</ProductName><DomainName>location.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Msg</ProductName><DomainName>msg-inner.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>ChargingService</ProductName><DomainName>chargingservice.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ocs</ProductName><DomainName>m-kvstore.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Alert</ProductName><DomainName>alert.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Msc</ProductName><DomainName>msc-inner.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>HighDDos</ProductName><DomainName>yd-highddos-cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>R-kvstore</ProductName><DomainName>r-kvstore-cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Yundun</ProductName><DomainName>yundun-cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ubsms-inner</ProductName><DomainName>ubsms-inner.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Dm</ProductName><DomainName>dm.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Green</ProductName><DomainName>green.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>YundunDdos</ProductName><DomainName>inner-yundun-ddos.cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>oceanbase</ProductName><DomainName>oceanbase.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Workorder</ProductName><DomainName>workorder.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Yundunhsm</ProductName><DomainName>yundunhsm.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Iot</ProductName><DomainName>iot.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>jaq</ProductName><DomainName>jaq.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Oms</ProductName><DomainName>oms.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>live</ProductName><DomainName>live.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ecs</ProductName><DomainName>ecs-cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ubsms</ProductName><DomainName>ubsms.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>CmsSiteMonitor</ProductName><DomainName>sitemonitor.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>AMS</ProductName><DomainName>ams.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Crm</ProductName><DomainName>crm-cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>PTS</ProductName><DomainName>pts.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Qualitycheck</ProductName><DomainName>qualitycheck.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Bss</ProductName><DomainName>bss.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>M-kvstore</ProductName><DomainName>m-kvstore.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ace</ProductName><DomainName>ace.cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Mts</ProductName><DomainName>mts.cn-qingdao.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>CF</ProductName><DomainName>cf.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Httpdns</ProductName><DomainName>httpdns-api.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Location-inner</ProductName><DomainName>location-inner.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Aas</ProductName><DomainName>aas.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Sts</ProductName><DomainName>sts.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Dts</ProductName><DomainName>dts.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Emr</ProductName><DomainName>emr.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Drc</ProductName><DomainName>drc.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Push</ProductName><DomainName>cloudpush.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Cms</ProductName><DomainName>metrics.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Slb</ProductName><DomainName>slb.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Commondriver</ProductName><DomainName>common.driver.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Domain</ProductName><DomainName>domain.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ots</ProductName><DomainName>ots-pop.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>ROS</ProductName><DomainName>ros.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Oss</ProductName><DomainName>oss-cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ram</ProductName><DomainName>ram.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Sales</ProductName><DomainName>sales.cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Rds</ProductName><DomainName>rds.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>OssAdmin</ProductName><DomainName>oss-admin.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ons</ProductName><DomainName>ons.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Cdn</ProductName><DomainName>cdn.aliyuncs.com</DomainName></Product>
-        </Products>
-    </Endpoint>
-    <Endpoint name="tw-snowcloud-kaohsiung">
-        <RegionIds><RegionId>tw-snowcloud-kaohsiung</RegionId></RegionIds>
-        <Products>
-            <Product><ProductName>Ecs</ProductName><DomainName>ecs-cn-hangzhou.aliyuncs.com</DomainName></Product>
-        </Products>
-    </Endpoint>
-    <Endpoint name="cn-shanghai-finance-1">
-        <RegionIds><RegionId>cn-shanghai-finance-1</RegionId></RegionIds>
-        <Products>
-            <Product><ProductName>Kms</ProductName><DomainName>kms.cn-shanghai-finance-1.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ecs</ProductName><DomainName>ecs-cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Vpc</ProductName><DomainName>vpc.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Rds</ProductName><DomainName>rds.aliyuncs.com</DomainName></Product>
-        </Products>
-    </Endpoint>
-    <Endpoint name="cn-guizhou">
-        <RegionIds><RegionId>cn-guizhou</RegionId></RegionIds>
-        <Products>
-            <Product><ProductName>Ecs</ProductName><DomainName>ecs-cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Vpc</ProductName><DomainName>vpc.aliyuncs.com</DomainName></Product>
-        </Products>
-    </Endpoint>
-    <Endpoint name="cn-qingdao-finance">
-        <RegionIds><RegionId>cn-qingdao-finance</RegionId></RegionIds>
-        <Products>
-            <Product><ProductName>Oss</ProductName><DomainName>oss-cn-qdjbp-a.aliyuncs.com</DomainName></Product>
-        </Products>
-    </Endpoint>
-    <Endpoint name="cn-beijing-gov-1">
-        <RegionIds><RegionId>cn-beijing-gov-1</RegionId></RegionIds>
-        <Products>
-            <Product><ProductName>Oss</ProductName><DomainName>oss-cn-haidian-a.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Rds</ProductName><DomainName>rds.aliyuncs.com</DomainName></Product>
-        </Products>
-    </Endpoint>
-    <Endpoint name="cn-shanghai">
-        <RegionIds><RegionId>cn-shanghai</RegionId></RegionIds>
-        <Products>
-            <Product><ProductName>ARMS</ProductName><DomainName>arms.cn-shanghai.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Risk</ProductName><DomainName>risk-cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>COS</ProductName><DomainName>cos.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>HPC</ProductName><DomainName>hpc.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Billing</ProductName><DomainName>billing.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Dqs</ProductName><DomainName>dqs.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Drc</ProductName><DomainName>drc.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Alidns</ProductName><DomainName>alidns.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Sms</ProductName><DomainName>sms.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Drds</ProductName><DomainName>drds.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>CS</ProductName><DomainName>cs.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Kms</ProductName><DomainName>kms.cn-shanghai.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Location</ProductName><DomainName>location.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Msg</ProductName><DomainName>msg-inner.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>ChargingService</ProductName><DomainName>chargingservice.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ocs</ProductName><DomainName>m-kvstore.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Alert</ProductName><DomainName>alert.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Msc</ProductName><DomainName>msc-inner.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>R-kvstore</ProductName><DomainName>r-kvstore-cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Yundun</ProductName><DomainName>yundun-cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ubsms-inner</ProductName><DomainName>ubsms-inner.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Dm</ProductName><DomainName>dm.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Green</ProductName><DomainName>green.cn-shanghai.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Commondriver</ProductName><DomainName>common.driver.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>oceanbase</ProductName><DomainName>oceanbase.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Workorder</ProductName><DomainName>workorder.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Yundunhsm</ProductName><DomainName>yundunhsm.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Iot</ProductName><DomainName>iot.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Bss</ProductName><DomainName>bss.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Oms</ProductName><DomainName>oms.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ubsms</ProductName><DomainName>ubsms.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>live</ProductName><DomainName>live.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ecs</ProductName><DomainName>ecs-cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ace-ops</ProductName><DomainName>ace-ops.cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>CmsSiteMonitor</ProductName><DomainName>sitemonitor.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>BatchCompute</ProductName><DomainName>batchCompute.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>AMS</ProductName><DomainName>ams.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>ROS</ProductName><DomainName>ros.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>PTS</ProductName><DomainName>pts.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Qualitycheck</ProductName><DomainName>qualitycheck.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>M-kvstore</ProductName><DomainName>m-kvstore.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Apigateway</ProductName><DomainName>apigateway.cn-shanghai.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>CloudAPI</ProductName><DomainName>apigateway.cn-shanghai.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Sts</ProductName><DomainName>sts.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Vpc</ProductName><DomainName>vpc.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ace</ProductName><DomainName>ace.cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Mts</ProductName><DomainName>mts.cn-shanghai.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Dds</ProductName><DomainName>mongodb.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>CF</ProductName><DomainName>cf.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Acs</ProductName><DomainName>acs.aliyun-inc.com</DomainName></Product>
-            <Product><ProductName>Httpdns</ProductName><DomainName>httpdns-api.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Push</ProductName><DomainName>cloudpush.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Location-inner</ProductName><DomainName>location-inner.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Aas</ProductName><DomainName>aas.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Emr</ProductName><DomainName>emr.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Dts</ProductName><DomainName>dts.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>HighDDos</ProductName><DomainName>yd-highddos-cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Jaq</ProductName><DomainName>jaq.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Cms</ProductName><DomainName>metrics.cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Slb</ProductName><DomainName>slb.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Crm</ProductName><DomainName>crm-cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Domain</ProductName><DomainName>domain.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ots</ProductName><DomainName>ots-pop.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>jaq</ProductName><DomainName>jaq.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Cdn</ProductName><DomainName>cdn.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ram</ProductName><DomainName>ram.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Sales</ProductName><DomainName>sales.cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Vpc-inner</ProductName><DomainName>vpc-inner.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Rds</ProductName><DomainName>rds.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>OssAdmin</ProductName><DomainName>oss-admin.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ons</ProductName><DomainName>ons.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ess</ProductName><DomainName>ess.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Oss</ProductName><DomainName>oss-cn-shanghai.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>YundunDdos</ProductName><DomainName>inner-yundun-ddos.cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>vod</ProductName><DomainName>vod.cn-shanghai.aliyuncs.com</DomainName></Product>
-        </Products>
-    </Endpoint>
-    <Endpoint name="cn-shenzhen-inner">
-        <RegionIds><RegionId>cn-shenzhen-inner</RegionId></RegionIds>
-        <Products>
-            <Product><ProductName>Risk</ProductName><DomainName>risk-cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>COS</ProductName><DomainName>cos.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ons</ProductName><DomainName>ons.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ess</ProductName><DomainName>ess.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Billing</ProductName><DomainName>billing.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Dqs</ProductName><DomainName>dqs.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Dds</ProductName><DomainName>mongodb.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Alidns</ProductName><DomainName>alidns.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Sms</ProductName><DomainName>sms.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Sales</ProductName><DomainName>sales.cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>HPC</ProductName><DomainName>hpc.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Location</ProductName><DomainName>location.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Msg</ProductName><DomainName>msg-inner.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>ChargingService</ProductName><DomainName>chargingservice.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ocs</ProductName><DomainName>m-kvstore.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>jaq</ProductName><DomainName>jaq.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Msc</ProductName><DomainName>msc-inner.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>HighDDos</ProductName><DomainName>yd-highddos-cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>R-kvstore</ProductName><DomainName>r-kvstore-cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Bss</ProductName><DomainName>bss.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ubsms-inner</ProductName><DomainName>ubsms-inner.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Dm</ProductName><DomainName>dm.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Commondriver</ProductName><DomainName>common.driver.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>oceanbase</ProductName><DomainName>oceanbase.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Workorder</ProductName><DomainName>workorder.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Yundunhsm</ProductName><DomainName>yundunhsm.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Iot</ProductName><DomainName>iot.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Alert</ProductName><DomainName>alert.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Oms</ProductName><DomainName>oms.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>live</ProductName><DomainName>live.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ecs</ProductName><DomainName>ecs-cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ubsms</ProductName><DomainName>ubsms.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>CmsSiteMonitor</ProductName><DomainName>sitemonitor.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>AMS</ProductName><DomainName>ams.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Crm</ProductName><DomainName>crm-cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>PTS</ProductName><DomainName>pts.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Qualitycheck</ProductName><DomainName>qualitycheck.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>M-kvstore</ProductName><DomainName>m-kvstore.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Sts</ProductName><DomainName>sts.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ace</ProductName><DomainName>ace.cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Mts</ProductName><DomainName>mts.cn-shenzhen.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>CF</ProductName><DomainName>cf.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Httpdns</ProductName><DomainName>httpdns-api.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Green</ProductName><DomainName>green.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Aas</ProductName><DomainName>aas.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Emr</ProductName><DomainName>emr.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>CS</ProductName><DomainName>cs.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Drc</ProductName><DomainName>drc.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Push</ProductName><DomainName>cloudpush.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Cms</ProductName><DomainName>metrics.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Slb</ProductName><DomainName>slb.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>YundunDdos</ProductName><DomainName>inner-yundun-ddos.cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Dts</ProductName><DomainName>dts.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Domain</ProductName><DomainName>domain.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ots</ProductName><DomainName>ots-pop.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>ROS</ProductName><DomainName>ros.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Cdn</ProductName><DomainName>cdn.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ram</ProductName><DomainName>ram.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Drds</ProductName><DomainName>drds.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Rds</ProductName><DomainName>rds.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>OssAdmin</ProductName><DomainName>oss-admin.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Location-inner</ProductName><DomainName>location-inner.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Yundun</ProductName><DomainName>yundun-cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Oss</ProductName><DomainName>oss-cn-hangzhou.aliyuncs.com</DomainName></Product>
-        </Products>
-    </Endpoint>
-    <Endpoint name="cn-fujian">
-        <RegionIds><RegionId>cn-fujian</RegionId></RegionIds>
-        <Products>
-            <Product><ProductName>Ecs</ProductName><DomainName>ecs-cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Rds</ProductName><DomainName>rds.aliyuncs.com</DomainName></Product>
-        </Products>
-    </Endpoint>
-    <Endpoint name="in-mumbai-alipay">
-        <RegionIds><RegionId>in-mumbai-alipay</RegionId></RegionIds>
-        <Products>
-            <Product><ProductName>Ecs</ProductName><DomainName>ecs-cn-hangzhou.aliyuncs.com</DomainName></Product>
-        </Products>
-    </Endpoint>
-    <Endpoint name="us-west-1">
-        <RegionIds><RegionId>us-west-1</RegionId></RegionIds>
-        <Products>
-            <Product><ProductName>CS</ProductName><DomainName>cs.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>COS</ProductName><DomainName>cos.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ess</ProductName><DomainName>ess.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ace-ops</ProductName><DomainName>ace-ops.cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Billing</ProductName><DomainName>billing.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Dqs</ProductName><DomainName>dqs.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Dds</ProductName><DomainName>mongodb.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Sts</ProductName><DomainName>sts.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Sms</ProductName><DomainName>sms.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Jaq</ProductName><DomainName>jaq.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Push</ProductName><DomainName>cloudpush.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Alidns</ProductName><DomainName>alidns.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Location</ProductName><DomainName>location.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Msg</ProductName><DomainName>msg-inner.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>ChargingService</ProductName><DomainName>chargingservice.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ocs</ProductName><DomainName>m-kvstore.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Bss</ProductName><DomainName>bss.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Msc</ProductName><DomainName>msc-inner.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>R-kvstore</ProductName><DomainName>r-kvstore-cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Yundun</ProductName><DomainName>yundun-cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ubsms-inner</ProductName><DomainName>ubsms-inner.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Dm</ProductName><DomainName>dm.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Green</ProductName><DomainName>green.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Risk</ProductName><DomainName>risk-cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>oceanbase</ProductName><DomainName>oceanbase.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Workorder</ProductName><DomainName>workorder.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Yundunhsm</ProductName><DomainName>yundunhsm.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Iot</ProductName><DomainName>iot.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Alert</ProductName><DomainName>alert.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Oms</ProductName><DomainName>oms.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>live</ProductName><DomainName>live.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ecs</ProductName><DomainName>ecs-cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>M-kvstore</ProductName><DomainName>m-kvstore.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Vpc</ProductName><DomainName>vpc.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>BatchCompute</ProductName><DomainName>batchCompute.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ace</ProductName><DomainName>ace.cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>AMS</ProductName><DomainName>ams.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>ROS</ProductName><DomainName>ros.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>PTS</ProductName><DomainName>pts.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Qualitycheck</ProductName><DomainName>qualitycheck.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ubsms</ProductName><DomainName>ubsms.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>HighDDos</ProductName><DomainName>yd-highddos-cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>CmsSiteMonitor</ProductName><DomainName>sitemonitor.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Rds</ProductName><DomainName>rds.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Mts</ProductName><DomainName>mts.us-west-1.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>CF</ProductName><DomainName>cf.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Acs</ProductName><DomainName>acs.aliyun-inc.com</DomainName></Product>
-            <Product><ProductName>Httpdns</ProductName><DomainName>httpdns-api.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Location-inner</ProductName><DomainName>location-inner.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Aas</ProductName><DomainName>aas.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Emr</ProductName><DomainName>emr.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>HPC</ProductName><DomainName>hpc.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Drc</ProductName><DomainName>drc.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Vpc-inner</ProductName><DomainName>vpc-inner.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Cms</ProductName><DomainName>metrics.cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Slb</ProductName><DomainName>slb.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Crm</ProductName><DomainName>crm-cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Dts</ProductName><DomainName>dts.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Domain</ProductName><DomainName>domain.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ots</ProductName><DomainName>ots-pop.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Commondriver</ProductName><DomainName>common.driver.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>jaq</ProductName><DomainName>jaq.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Cdn</ProductName><DomainName>cdn.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ram</ProductName><DomainName>ram.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Drds</ProductName><DomainName>drds.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>OssAdmin</ProductName><DomainName>oss-admin.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Sales</ProductName><DomainName>sales.cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ons</ProductName><DomainName>ons.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Oss</ProductName><DomainName>oss-us-west-1.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>YundunDdos</ProductName><DomainName>inner-yundun-ddos.cn-hangzhou.aliyuncs.com</DomainName></Product>
-        </Products>
-    </Endpoint>
-    <Endpoint name="cn-shanghai-inner">
-        <RegionIds><RegionId>cn-shanghai-inner</RegionId></RegionIds>
-        <Products>
-            <Product><ProductName>CS</ProductName><DomainName>cs.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>COS</ProductName><DomainName>cos.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ess</ProductName><DomainName>ess.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Billing</ProductName><DomainName>billing.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Dqs</ProductName><DomainName>dqs.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Dds</ProductName><DomainName>mongodb.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Emr</ProductName><DomainName>emr.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Sms</ProductName><DomainName>sms.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Drds</ProductName><DomainName>drds.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>HPC</ProductName><DomainName>hpc.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Location</ProductName><DomainName>location.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>ChargingService</ProductName><DomainName>chargingservice.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Msg</ProductName><DomainName>msg-inner.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Commondriver</ProductName><DomainName>common.driver.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>R-kvstore</ProductName><DomainName>r-kvstore-cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>jaq</ProductName><DomainName>jaq.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Msc</ProductName><DomainName>msc-inner.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ocs</ProductName><DomainName>m-kvstore.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Yundun</ProductName><DomainName>yundun-cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ubsms-inner</ProductName><DomainName>ubsms-inner.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Dm</ProductName><DomainName>dm.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Green</ProductName><DomainName>green.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Risk</ProductName><DomainName>risk-cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>oceanbase</ProductName><DomainName>oceanbase.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Workorder</ProductName><DomainName>workorder.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Yundunhsm</ProductName><DomainName>yundunhsm.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Iot</ProductName><DomainName>iot.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Bss</ProductName><DomainName>bss.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Oms</ProductName><DomainName>oms.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>live</ProductName><DomainName>live.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ecs</ProductName><DomainName>ecs-cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>M-kvstore</ProductName><DomainName>m-kvstore.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>CmsSiteMonitor</ProductName><DomainName>sitemonitor.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Alert</ProductName><DomainName>alert.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ace</ProductName><DomainName>ace.cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>AMS</ProductName><DomainName>ams.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>ROS</ProductName><DomainName>ros.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>PTS</ProductName><DomainName>pts.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Qualitycheck</ProductName><DomainName>qualitycheck.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ubsms</ProductName><DomainName>ubsms.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>HighDDos</ProductName><DomainName>yd-highddos-cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Rds</ProductName><DomainName>rds.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Mts</ProductName><DomainName>mts.cn-shanghai.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>CF</ProductName><DomainName>cf.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Httpdns</ProductName><DomainName>httpdns-api.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Location-inner</ProductName><DomainName>location-inner.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Aas</ProductName><DomainName>aas.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Sts</ProductName><DomainName>sts.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Dts</ProductName><DomainName>dts.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Drc</ProductName><DomainName>drc.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Push</ProductName><DomainName>cloudpush.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Cms</ProductName><DomainName>metrics.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Slb</ProductName><DomainName>slb.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>YundunDdos</ProductName><DomainName>inner-yundun-ddos.cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Domain</ProductName><DomainName>domain.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ots</ProductName><DomainName>ots-pop.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Oss</ProductName><DomainName>oss-cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ram</ProductName><DomainName>ram.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Sales</ProductName><DomainName>sales.cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Crm</ProductName><DomainName>crm-cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>OssAdmin</ProductName><DomainName>oss-admin.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Alidns</ProductName><DomainName>alidns.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ons</ProductName><DomainName>ons.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Cdn</ProductName><DomainName>cdn.aliyuncs.com</DomainName></Product>
-        </Products>
-    </Endpoint>
-    <Endpoint name="cn-anhui-gov-1">
-        <RegionIds><RegionId>cn-anhui-gov-1</RegionId></RegionIds>
-        <Products>
-            <Product><ProductName>Ecs</ProductName><DomainName>ecs-cn-hangzhou.aliyuncs.com</DomainName></Product>
-        </Products>
-    </Endpoint>
-    <Endpoint name="cn-hangzhou-finance">
-        <RegionIds><RegionId>cn-hangzhou-finance</RegionId></RegionIds>
-        <Products>
-            <Product><ProductName>Oss</ProductName><DomainName>oss-cn-hzjbp-b-console.aliyuncs.com</DomainName></Product>
-        </Products>
-    </Endpoint>
-    <Endpoint name="cn-hangzhou">
-        <RegionIds><RegionId>cn-hangzhou</RegionId></RegionIds>
-        <Products>
-            <Product><ProductName>ARMS</ProductName><DomainName>arms.cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>CS</ProductName><DomainName>cs.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>COS</ProductName><DomainName>cos.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ess</ProductName><DomainName>ess.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ace-ops</ProductName><DomainName>ace-ops.cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Billing</ProductName><DomainName>billing.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Dqs</ProductName><DomainName>dqs.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Dds</ProductName><DomainName>mongodb.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Sts</ProductName><DomainName>sts.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Sms</ProductName><DomainName>sms.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Msg</ProductName><DomainName>msg-inner.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Jaq</ProductName><DomainName>jaq.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Push</ProductName><DomainName>cloudpush.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Live</ProductName><DomainName>live.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Kms</ProductName><DomainName>kms.cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Location</ProductName><DomainName>location.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Hpc</ProductName><DomainName>hpc.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>ChargingService</ProductName><DomainName>chargingservice.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>R-kvstore</ProductName><DomainName>r-kvstore-cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Alert</ProductName><DomainName>alert.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Msc</ProductName><DomainName>msc-inner.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Drc</ProductName><DomainName>drc.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Yundun</ProductName><DomainName>yundun-cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ubsms-inner</ProductName><DomainName>ubsms-inner.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ocs</ProductName><DomainName>m-kvstore.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Dm</ProductName><DomainName>dm.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Green</ProductName><DomainName>green.cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Commondriver</ProductName><DomainName>common.driver.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>oceanbase</ProductName><DomainName>oceanbase.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Workorder</ProductName><DomainName>workorder.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Yundunhsm</ProductName><DomainName>yundunhsm.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Iot</ProductName><DomainName>iot.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>jaq</ProductName><DomainName>jaq.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Oms</ProductName><DomainName>oms.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>live</ProductName><DomainName>live.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ecs</ProductName><DomainName>ecs-cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>M-kvstore</ProductName><DomainName>m-kvstore.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Vpc</ProductName><DomainName>vpc.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>BatchCompute</ProductName><DomainName>batchCompute.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Domain</ProductName><DomainName>domain.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>AMS</ProductName><DomainName>ams.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>ROS</ProductName><DomainName>ros.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>PTS</ProductName><DomainName>pts.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Qualitycheck</ProductName><DomainName>qualitycheck.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ubsms</ProductName><DomainName>ubsms.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Apigateway</ProductName><DomainName>apigateway.cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>CloudAPI</ProductName><DomainName>apigateway.cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>CmsSiteMonitor</ProductName><DomainName>sitemonitor.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ace</ProductName><DomainName>ace.cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Mts</ProductName><DomainName>mts.cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Oas</ProductName><DomainName>cn-hangzhou.oas.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>CF</ProductName><DomainName>cf.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Acs</ProductName><DomainName>acs.aliyun-inc.com</DomainName></Product>
-            <Product><ProductName>Httpdns</ProductName><DomainName>httpdns-api.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Location-inner</ProductName><DomainName>location-inner.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Aas</ProductName><DomainName>aas.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Alidns</ProductName><DomainName>alidns.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>HPC</ProductName><DomainName>hpc.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Emr</ProductName><DomainName>emr.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>HighDDos</ProductName><DomainName>yd-highddos-cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Vpc-inner</ProductName><DomainName>vpc-inner.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Cms</ProductName><DomainName>metrics.cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Slb</ProductName><DomainName>slb.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Risk</ProductName><DomainName>risk-cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Dts</ProductName><DomainName>dts.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Bss</ProductName><DomainName>bss.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ots</ProductName><DomainName>ots-pop.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Cdn</ProductName><DomainName>cdn.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ram</ProductName><DomainName>ram.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Drds</ProductName><DomainName>drds.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Rds</ProductName><DomainName>rds.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Crm</ProductName><DomainName>crm-cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>OssAdmin</ProductName><DomainName>oss-admin.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Sales</ProductName><DomainName>sales.cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ons</ProductName><DomainName>ons.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Oss</ProductName><DomainName>oss-cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>YundunDdos</ProductName><DomainName>inner-yundun-ddos.cn-hangzhou.aliyuncs.com</DomainName></Product>
-        </Products>
-    </Endpoint>
-    <Endpoint name="cn-beijing-inner">
-        <RegionIds><RegionId>cn-beijing-inner</RegionId></RegionIds>
-        <Products>
-            <Product><ProductName>Risk</ProductName><DomainName>risk-cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>COS</ProductName><DomainName>cos.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>HPC</ProductName><DomainName>hpc.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Billing</ProductName><DomainName>billing.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Dqs</ProductName><DomainName>dqs.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Dds</ProductName><DomainName>mongodb.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Emr</ProductName><DomainName>emr.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Sms</ProductName><DomainName>sms.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Drds</ProductName><DomainName>drds.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>CS</ProductName><DomainName>cs.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Location</ProductName><DomainName>location.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>ChargingService</ProductName><DomainName>chargingservice.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Msg</ProductName><DomainName>msg-inner.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ess</ProductName><DomainName>ess.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>R-kvstore</ProductName><DomainName>r-kvstore-cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Bss</ProductName><DomainName>bss.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Workorder</ProductName><DomainName>workorder.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Drc</ProductName><DomainName>drc.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Yundun</ProductName><DomainName>yundun-cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ubsms-inner</ProductName><DomainName>ubsms-inner.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ocs</ProductName><DomainName>m-kvstore.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Dm</ProductName><DomainName>dm.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>YundunDdos</ProductName><DomainName>inner-yundun-ddos.cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>oceanbase</ProductName><DomainName>oceanbase.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Msc</ProductName><DomainName>msc-inner.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Yundunhsm</ProductName><DomainName>yundunhsm.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Iot</ProductName><DomainName>iot.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>jaq</ProductName><DomainName>jaq.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Oms</ProductName><DomainName>oms.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>M-kvstore</ProductName><DomainName>m-kvstore.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>live</ProductName><DomainName>live.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ecs</ProductName><DomainName>ecs-cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Alert</ProductName><DomainName>alert.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>CmsSiteMonitor</ProductName><DomainName>sitemonitor.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ace</ProductName><DomainName>ace.cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>AMS</ProductName><DomainName>ams.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ots</ProductName><DomainName>ots-pop.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>PTS</ProductName><DomainName>pts.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Qualitycheck</ProductName><DomainName>qualitycheck.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ubsms</ProductName><DomainName>ubsms.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Sts</ProductName><DomainName>sts.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Rds</ProductName><DomainName>rds.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Mts</ProductName><DomainName>mts.cn-beijing.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Location-inner</ProductName><DomainName>location-inner.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>CF</ProductName><DomainName>cf.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Httpdns</ProductName><DomainName>httpdns-api.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Green</ProductName><DomainName>green.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Aas</ProductName><DomainName>aas.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Alidns</ProductName><DomainName>alidns.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Push</ProductName><DomainName>cloudpush.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>HighDDos</ProductName><DomainName>yd-highddos-cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Cms</ProductName><DomainName>metrics.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Slb</ProductName><DomainName>slb.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Commondriver</ProductName><DomainName>common.driver.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Dts</ProductName><DomainName>dts.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Domain</ProductName><DomainName>domain.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>ROS</ProductName><DomainName>ros.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Oss</ProductName><DomainName>oss-cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ram</ProductName><DomainName>ram.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Sales</ProductName><DomainName>sales.cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Crm</ProductName><DomainName>crm-cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>OssAdmin</ProductName><DomainName>oss-admin.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ons</ProductName><DomainName>ons.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Cdn</ProductName><DomainName>cdn.aliyuncs.com</DomainName></Product>
-        </Products>
-    </Endpoint>
-    <Endpoint name="cn-haidian-cm12-c01">
-        <RegionIds><RegionId>cn-haidian-cm12-c01</RegionId></RegionIds>
-        <Products>
-            <Product><ProductName>Ecs</ProductName><DomainName>ecs-cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Vpc</ProductName><DomainName>vpc.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Rds</ProductName><DomainName>rds.aliyuncs.com</DomainName></Product>
-        </Products>
-    </Endpoint>
-    <Endpoint name="cn-anhui-gov">
-        <RegionIds><RegionId>cn-anhui-gov</RegionId></RegionIds>
-        <Products>
-            <Product><ProductName>Ecs</ProductName><DomainName>ecs-cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Vpc</ProductName><DomainName>vpc.aliyuncs.com</DomainName></Product>
-        </Products>
-    </Endpoint>
-    <Endpoint name="cn-shenzhen">
-        <RegionIds><RegionId>cn-shenzhen</RegionId></RegionIds>
-        <Products>
-            <Product><ProductName>ARMS</ProductName><DomainName>arms.cn-shenzhen.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>CS</ProductName><DomainName>cs.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>COS</ProductName><DomainName>cos.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ons</ProductName><DomainName>ons.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ess</ProductName><DomainName>ess.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Dqs</ProductName><DomainName>dqs.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Dds</ProductName><DomainName>mongodb.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Alidns</ProductName><DomainName>alidns.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Sms</ProductName><DomainName>sms.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Jaq</ProductName><DomainName>jaq.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Push</ProductName><DomainName>cloudpush.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Kms</ProductName><DomainName>kms.cn-shenzhen.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Location</ProductName><DomainName>location.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ocs</ProductName><DomainName>m-kvstore.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Alert</ProductName><DomainName>alert.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Drc</ProductName><DomainName>drc.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>R-kvstore</ProductName><DomainName>r-kvstore-cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Yundun</ProductName><DomainName>yundun-cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ubsms-inner</ProductName><DomainName>ubsms-inner.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Dm</ProductName><DomainName>dm.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Commondriver</ProductName><DomainName>common.driver.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>oceanbase</ProductName><DomainName>oceanbase.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Iot</ProductName><DomainName>iot.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>HPC</ProductName><DomainName>hpc.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Bss</ProductName><DomainName>bss.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Oms</ProductName><DomainName>oms.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ubsms</ProductName><DomainName>ubsms.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>live</ProductName><DomainName>live.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ecs</ProductName><DomainName>ecs-cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>M-kvstore</ProductName><DomainName>m-kvstore.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>CmsSiteMonitor</ProductName><DomainName>sitemonitor.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>BatchCompute</ProductName><DomainName>batchcompute.cn-shenzhen.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ace</ProductName><DomainName>ace.cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>ROS</ProductName><DomainName>ros.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>PTS</ProductName><DomainName>pts.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ace-ops</ProductName><DomainName>ace-ops.cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Apigateway</ProductName><DomainName>apigateway.cn-shenzhen.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>CloudAPI</ProductName><DomainName>apigateway.cn-shenzhen.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Sts</ProductName><DomainName>sts.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Vpc</ProductName><DomainName>vpc.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Rds</ProductName><DomainName>rds.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Mts</ProductName><DomainName>mts.cn-shenzhen.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Oas</ProductName><DomainName>cn-shenzhen.oas.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>CF</ProductName><DomainName>cf.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Acs</ProductName><DomainName>acs.aliyun-inc.com</DomainName></Product>
-            <Product><ProductName>Crm</ProductName><DomainName>crm-cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Location-inner</ProductName><DomainName>location-inner.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Aas</ProductName><DomainName>aas.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Emr</ProductName><DomainName>emr.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Dts</ProductName><DomainName>dts.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>HighDDos</ProductName><DomainName>yd-highddos-cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Vpc-inner</ProductName><DomainName>vpc-inner.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Cms</ProductName><DomainName>metrics.cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Slb</ProductName><DomainName>slb.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Risk</ProductName><DomainName>risk-cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Domain</ProductName><DomainName>domain.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ots</ProductName><DomainName>ots-pop.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>jaq</ProductName><DomainName>jaq.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Cdn</ProductName><DomainName>cdn.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ram</ProductName><DomainName>ram.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Drds</ProductName><DomainName>drds.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>OssAdmin</ProductName><DomainName>oss-admin.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Green</ProductName><DomainName>green.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Httpdns</ProductName><DomainName>httpdns-api.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Oss</ProductName><DomainName>oss-cn-shenzhen.aliyuncs.com</DomainName></Product>
-        </Products>
-    </Endpoint>
-    <Endpoint name="ap-southeast-2">
-        <RegionIds><RegionId>ap-southeast-2</RegionId></RegionIds>
-        <Products>
-            <Product><ProductName>Rds</ProductName><DomainName>rds.ap-southeast-2.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Kms</ProductName><DomainName>kms.ap-southeast-2.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Vpc</ProductName><DomainName>vpc.ap-southeast-2.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ecs</ProductName><DomainName>ecs.ap-southeast-2.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Cms</ProductName><DomainName>metrics.cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Slb</ProductName><DomainName>slb.ap-southeast-2.aliyuncs.com</DomainName></Product>
-        </Products>
-    </Endpoint>
-    <Endpoint name="cn-qingdao">
-        <RegionIds><RegionId>cn-qingdao</RegionId></RegionIds>
-        <Products>
-            <Product><ProductName>CS</ProductName><DomainName>cs.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>COS</ProductName><DomainName>cos.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>HPC</ProductName><DomainName>hpc.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Dqs</ProductName><DomainName>dqs.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Dds</ProductName><DomainName>mongodb.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Emr</ProductName><DomainName>emr.cn-qingdao.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Sms</ProductName><DomainName>sms.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Jaq</ProductName><DomainName>jaq.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Dts</ProductName><DomainName>dts.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Location</ProductName><DomainName>location.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ess</ProductName><DomainName>ess.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>R-kvstore</ProductName><DomainName>r-kvstore-cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Alert</ProductName><DomainName>alert.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Drc</ProductName><DomainName>drc.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Yundun</ProductName><DomainName>yundun-cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ubsms-inner</ProductName><DomainName>ubsms-inner.cn-qingdao.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ocs</ProductName><DomainName>m-kvstore.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Dm</ProductName><DomainName>dm.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Risk</ProductName><DomainName>risk-cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>oceanbase</ProductName><DomainName>oceanbase.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Iot</ProductName><DomainName>iot.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Bss</ProductName><DomainName>bss.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Oms</ProductName><DomainName>oms.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ubsms</ProductName><DomainName>ubsms.cn-qingdao.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>live</ProductName><DomainName>live.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ecs</ProductName><DomainName>ecs-cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>M-kvstore</ProductName><DomainName>m-kvstore.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>CmsSiteMonitor</ProductName><DomainName>sitemonitor.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>BatchCompute</ProductName><DomainName>batchcompute.cn-qingdao.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ace</ProductName><DomainName>ace.cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ots</ProductName><DomainName>ots-pop.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>PTS</ProductName><DomainName>pts.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ace-ops</ProductName><DomainName>ace-ops.cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Apigateway</ProductName><DomainName>apigateway.cn-qingdao.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>CloudAPI</ProductName><DomainName>apigateway.cn-qingdao.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Sts</ProductName><DomainName>sts.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Rds</ProductName><DomainName>rds.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Mts</ProductName><DomainName>mts.cn-qingdao.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Location-inner</ProductName><DomainName>location-inner.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>CF</ProductName><DomainName>cf.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Acs</ProductName><DomainName>acs.aliyun-inc.com</DomainName></Product>
-            <Product><ProductName>Httpdns</ProductName><DomainName>httpdns-api.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Green</ProductName><DomainName>green.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Aas</ProductName><DomainName>aas.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Alidns</ProductName><DomainName>alidns.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Push</ProductName><DomainName>cloudpush.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>HighDDos</ProductName><DomainName>yd-highddos-cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Vpc-inner</ProductName><DomainName>vpc-inner.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Cms</ProductName><DomainName>metrics.cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Slb</ProductName><DomainName>slb.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Commondriver</ProductName><DomainName>common.driver.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Domain</ProductName><DomainName>domain.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>ROS</ProductName><DomainName>ros.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>jaq</ProductName><DomainName>jaq.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Cdn</ProductName><DomainName>cdn.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ram</ProductName><DomainName>ram.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Drds</ProductName><DomainName>drds.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Crm</ProductName><DomainName>crm-cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>OssAdmin</ProductName><DomainName>oss-admin.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ons</ProductName><DomainName>ons.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Oss</ProductName><DomainName>oss-cn-qingdao.aliyuncs.com</DomainName></Product>
-        </Products>
-    </Endpoint>
-    <Endpoint name="cn-shenzhen-su18-b02">
-        <RegionIds><RegionId>cn-shenzhen-su18-b02</RegionId></RegionIds>
-        <Products>
-            <Product><ProductName>Ecs</ProductName><DomainName>ecs-cn-hangzhou.aliyuncs.com</DomainName></Product>
-        </Products>
-    </Endpoint>
-    <Endpoint name="cn-shenzhen-su18-b03">
-        <RegionIds><RegionId>cn-shenzhen-su18-b03</RegionId></RegionIds>
-        <Products>
-            <Product><ProductName>Ecs</ProductName><DomainName>ecs-cn-hangzhou.aliyuncs.com</DomainName></Product>
-        </Products>
-    </Endpoint>
-    <Endpoint name="cn-shenzhen-su18-b01">
-        <RegionIds><RegionId>cn-shenzhen-su18-b01</RegionId></RegionIds>
-        <Products>
-            <Product><ProductName>Ecs</ProductName><DomainName>ecs-cn-hangzhou.aliyuncs.com</DomainName></Product>
-        </Products>
-    </Endpoint>
-    <Endpoint name="ap-southeast-antgroup-1">
-        <RegionIds><RegionId>ap-southeast-antgroup-1</RegionId></RegionIds>
-        <Products>
-            <Product><ProductName>Ecs</ProductName><DomainName>ecs-cn-hangzhou.aliyuncs.com</DomainName></Product>
-        </Products>
-    </Endpoint>
-    <Endpoint name="oss-cn-bjzwy">
-        <RegionIds><RegionId>oss-cn-bjzwy</RegionId></RegionIds>
-        <Products>
-            <Product><ProductName>Oss</ProductName><DomainName>oss-cn-bjzwy.aliyuncs.com</DomainName></Product>
-        </Products>
-    </Endpoint>
-    <Endpoint name="cn-henan-am12001">
-        <RegionIds><RegionId>cn-henan-am12001</RegionId></RegionIds>
-        <Products>
-            <Product><ProductName>Ecs</ProductName><DomainName>ecs-cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Vpc</ProductName><DomainName>vpc.aliyuncs.com</DomainName></Product>
-        </Products>
-    </Endpoint>
-    <Endpoint name="cn-beijing">
-        <RegionIds><RegionId>cn-beijing</RegionId></RegionIds>
-        <Products>
-            <Product><ProductName>ARMS</ProductName><DomainName>arms.cn-beijing.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>CS</ProductName><DomainName>cs.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>COS</ProductName><DomainName>cos.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Jaq</ProductName><DomainName>jaq.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ess</ProductName><DomainName>ess.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Billing</ProductName><DomainName>billing.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Dqs</ProductName><DomainName>dqs.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Dds</ProductName><DomainName>mongodb.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Sts</ProductName><DomainName>sts.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Sms</ProductName><DomainName>sms.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Msg</ProductName><DomainName>msg-inner.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Sales</ProductName><DomainName>sales.cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>HPC</ProductName><DomainName>hpc.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Oas</ProductName><DomainName>cn-beijing.oas.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Location</ProductName><DomainName>location.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ons</ProductName><DomainName>ons.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>ChargingService</ProductName><DomainName>chargingservice.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Hpc</ProductName><DomainName>hpc.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Commondriver</ProductName><DomainName>common.driver.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ocs</ProductName><DomainName>m-kvstore.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>jaq</ProductName><DomainName>jaq.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Workorder</ProductName><DomainName>workorder.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>R-kvstore</ProductName><DomainName>r-kvstore-cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Bss</ProductName><DomainName>bss.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ubsms-inner</ProductName><DomainName>ubsms-inner.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Dm</ProductName><DomainName>dm.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Risk</ProductName><DomainName>risk-cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>oceanbase</ProductName><DomainName>oceanbase.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Msc</ProductName><DomainName>msc-inner.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Yundunhsm</ProductName><DomainName>yundunhsm.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Iot</ProductName><DomainName>iot.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Alert</ProductName><DomainName>alert.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Oms</ProductName><DomainName>oms.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ubsms</ProductName><DomainName>ubsms.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>live</ProductName><DomainName>live.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ecs</ProductName><DomainName>ecs-cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ace-ops</ProductName><DomainName>ace-ops.cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Vpc</ProductName><DomainName>vpc.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>BatchCompute</ProductName><DomainName>batchCompute.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>AMS</ProductName><DomainName>ams.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>ROS</ProductName><DomainName>ros.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>PTS</ProductName><DomainName>pts.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>M-kvstore</ProductName><DomainName>m-kvstore.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Apigateway</ProductName><DomainName>apigateway.cn-beijing.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>CloudAPI</ProductName><DomainName>apigateway.cn-beijing.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Kms</ProductName><DomainName>kms.cn-beijing.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>HighDDos</ProductName><DomainName>yd-highddos-cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>CmsSiteMonitor</ProductName><DomainName>sitemonitor.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ace</ProductName><DomainName>ace.cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Mts</ProductName><DomainName>mts.cn-beijing.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>CF</ProductName><DomainName>cf.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Acs</ProductName><DomainName>acs.aliyun-inc.com</DomainName></Product>
-            <Product><ProductName>Httpdns</ProductName><DomainName>httpdns-api.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Location-inner</ProductName><DomainName>location-inner.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Aas</ProductName><DomainName>aas.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Emr</ProductName><DomainName>emr.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Dts</ProductName><DomainName>dts.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Drc</ProductName><DomainName>drc.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Push</ProductName><DomainName>cloudpush.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Cms</ProductName><DomainName>metrics.cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Slb</ProductName><DomainName>slb.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Crm</ProductName><DomainName>crm-cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Domain</ProductName><DomainName>domain.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ots</ProductName><DomainName>ots-pop.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Oss</ProductName><DomainName>oss-cn-beijing.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ram</ProductName><DomainName>ram.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Drds</ProductName><DomainName>drds.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Vpc-inner</ProductName><DomainName>vpc-inner.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Rds</ProductName><DomainName>rds.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>OssAdmin</ProductName><DomainName>oss-admin.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Alidns</ProductName><DomainName>alidns.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Green</ProductName><DomainName>green.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Yundun</ProductName><DomainName>yundun-cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Cdn</ProductName><DomainName>cdn.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>YundunDdos</ProductName><DomainName>inner-yundun-ddos.cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>vod</ProductName><DomainName>vod.cn-beijing.aliyuncs.com</DomainName></Product>
-        </Products>
-    </Endpoint>
-    <Endpoint name="cn-hangzhou-d">
-        <RegionIds><RegionId>cn-hangzhou-d</RegionId></RegionIds>
-        <Products>
-            <Product><ProductName>CS</ProductName><DomainName>cs.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>COS</ProductName><DomainName>cos.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ess</ProductName><DomainName>ess.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Billing</ProductName><DomainName>billing.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Dqs</ProductName><DomainName>dqs.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Dds</ProductName><DomainName>mongodb.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Emr</ProductName><DomainName>emr.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Sms</ProductName><DomainName>sms.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Sales</ProductName><DomainName>sales.cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Dts</ProductName><DomainName>dts.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Location</ProductName><DomainName>location.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Msg</ProductName><DomainName>msg-inner.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>ChargingService</ProductName><DomainName>chargingservice.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>R-kvstore</ProductName><DomainName>r-kvstore-cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Bss</ProductName><DomainName>bss.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Msc</ProductName><DomainName>msc-inner.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ocs</ProductName><DomainName>m-kvstore.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Yundun</ProductName><DomainName>yundun-cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ubsms-inner</ProductName><DomainName>ubsms-inner.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Dm</ProductName><DomainName>dm.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Risk</ProductName><DomainName>risk-cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>oceanbase</ProductName><DomainName>oceanbase.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Workorder</ProductName><DomainName>workorder.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Alidns</ProductName><DomainName>alidns.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Iot</ProductName><DomainName>iot.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>HPC</ProductName><DomainName>hpc.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>jaq</ProductName><DomainName>jaq.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Oms</ProductName><DomainName>oms.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>live</ProductName><DomainName>live.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ecs</ProductName><DomainName>ecs-cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>M-kvstore</ProductName><DomainName>m-kvstore.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>CmsSiteMonitor</ProductName><DomainName>sitemonitor.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Alert</ProductName><DomainName>alert.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ace</ProductName><DomainName>ace.cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>AMS</ProductName><DomainName>ams.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ots</ProductName><DomainName>ots-pop.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>PTS</ProductName><DomainName>pts.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Qualitycheck</ProductName><DomainName>qualitycheck.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ubsms</ProductName><DomainName>ubsms.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Rds</ProductName><DomainName>rds.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Mts</ProductName><DomainName>mts.cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Location-inner</ProductName><DomainName>location-inner.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>CF</ProductName><DomainName>cf.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Httpdns</ProductName><DomainName>httpdns-api.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Green</ProductName><DomainName>green.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Aas</ProductName><DomainName>aas.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Sts</ProductName><DomainName>sts.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Push</ProductName><DomainName>cloudpush.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>HighDDos</ProductName><DomainName>yd-highddos-cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Cms</ProductName><DomainName>metrics.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Slb</ProductName><DomainName>slb.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>YundunDdos</ProductName><DomainName>inner-yundun-ddos.cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Domain</ProductName><DomainName>domain.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Commondriver</ProductName><DomainName>common.driver.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>ROS</ProductName><DomainName>ros.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Cdn</ProductName><DomainName>cdn.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ram</ProductName><DomainName>ram.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Drds</ProductName><DomainName>drds.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Crm</ProductName><DomainName>crm-cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>OssAdmin</ProductName><DomainName>oss-admin.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ons</ProductName><DomainName>ons.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Yundunhsm</ProductName><DomainName>yundunhsm.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Drc</ProductName><DomainName>drc.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Oss</ProductName><DomainName>oss-cn-hangzhou.aliyuncs.com</DomainName></Product>
-        </Products>
-    </Endpoint>
-    <Endpoint name="cn-gansu-am6">
-        <RegionIds><RegionId>cn-gansu-am6</RegionId></RegionIds>
-        <Products>
-            <Product><ProductName>Ecs</ProductName><DomainName>ecs-cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Vpc</ProductName><DomainName>vpc.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Rds</ProductName><DomainName>rds.aliyuncs.com</DomainName></Product>
-        </Products>
-    </Endpoint>
-    <Endpoint name="cn-ningxiazhongwei">
-        <RegionIds><RegionId>cn-ningxiazhongwei</RegionId></RegionIds>
-        <Products>
-            <Product><ProductName>Ecs</ProductName><DomainName>ecs-cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Vpc</ProductName><DomainName>vpc.aliyuncs.com</DomainName></Product>
-        </Products>
-    </Endpoint>
-    <Endpoint name="cn-shanghai-et2-b01">
-        <RegionIds><RegionId>cn-shanghai-et2-b01</RegionId></RegionIds>
-        <Products>
-            <Product><ProductName>CS</ProductName><DomainName>cs.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Risk</ProductName><DomainName>risk-cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>COS</ProductName><DomainName>cos.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ons</ProductName><DomainName>ons.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ess</ProductName><DomainName>ess.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Billing</ProductName><DomainName>billing.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Dqs</ProductName><DomainName>dqs.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Dds</ProductName><DomainName>mongodb.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Alidns</ProductName><DomainName>alidns.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Sms</ProductName><DomainName>sms.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Jaq</ProductName><DomainName>jaq.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Dts</ProductName><DomainName>dts.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Location</ProductName><DomainName>location.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Msg</ProductName><DomainName>msg-inner.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>ChargingService</ProductName><DomainName>chargingservice.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ocs</ProductName><DomainName>m-kvstore.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Bss</ProductName><DomainName>bss.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Msc</ProductName><DomainName>msc-inner.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>R-kvstore</ProductName><DomainName>r-kvstore-cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Yundun</ProductName><DomainName>yundun-cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ubsms-inner</ProductName><DomainName>ubsms-inner.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Dm</ProductName><DomainName>dm.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Commondriver</ProductName><DomainName>common.driver.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>oceanbase</ProductName><DomainName>oceanbase.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Workorder</ProductName><DomainName>workorder.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Yundunhsm</ProductName><DomainName>yundunhsm.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Iot</ProductName><DomainName>iot.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>jaq</ProductName><DomainName>jaq.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Oms</ProductName><DomainName>oms.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ubsms</ProductName><DomainName>ubsms.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>live</ProductName><DomainName>live.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ecs</ProductName><DomainName>ecs-cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ace-ops</ProductName><DomainName>ace-ops.cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>CmsSiteMonitor</ProductName><DomainName>sitemonitor.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>BatchCompute</ProductName><DomainName>batchCompute.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ace</ProductName><DomainName>ace.cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>AMS</ProductName><DomainName>ams.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ots</ProductName><DomainName>ots-pop.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>PTS</ProductName><DomainName>pts.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Qualitycheck</ProductName><DomainName>qualitycheck.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>M-kvstore</ProductName><DomainName>m-kvstore.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Rds</ProductName><DomainName>rds.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Mts</ProductName><DomainName>mts.cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>CF</ProductName><DomainName>cf.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Acs</ProductName><DomainName>acs.aliyun-inc.com</DomainName></Product>
-            <Product><ProductName>Httpdns</ProductName><DomainName>httpdns-api.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Location-inner</ProductName><DomainName>location-inner.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Aas</ProductName><DomainName>aas.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Sts</ProductName><DomainName>sts.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>HPC</ProductName><DomainName>hpc.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Emr</ProductName><DomainName>emr.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>HighDDos</ProductName><DomainName>yd-highddos-cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Push</ProductName><DomainName>cloudpush.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Cms</ProductName><DomainName>metrics.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Slb</ProductName><DomainName>slb.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Crm</ProductName><DomainName>crm-cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Alert</ProductName><DomainName>alert.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Domain</ProductName><DomainName>domain.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>ROS</ProductName><DomainName>ros.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Cdn</ProductName><DomainName>cdn.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ram</ProductName><DomainName>ram.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Drds</ProductName><DomainName>drds.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Vpc-inner</ProductName><DomainName>vpc-inner.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>OssAdmin</ProductName><DomainName>oss-admin.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Sales</ProductName><DomainName>sales.cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Green</ProductName><DomainName>green.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Drc</ProductName><DomainName>drc.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Oss</ProductName><DomainName>oss-cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>YundunDdos</ProductName><DomainName>inner-yundun-ddos.cn-hangzhou.aliyuncs.com</DomainName></Product>
-        </Products>
-    </Endpoint>
-    <Endpoint name="cn-ningxia-am7-c01">
-        <RegionIds><RegionId>cn-ningxia-am7-c01</RegionId></RegionIds>
-        <Products>
-            <Product><ProductName>Ecs</ProductName><DomainName>ecs-cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Vpc</ProductName><DomainName>vpc.aliyuncs.com</DomainName></Product>
-        </Products>
-    </Endpoint>
-    <Endpoint name="cn-shenzhen-finance-1">
-        <RegionIds><RegionId>cn-shenzhen-finance-1</RegionId></RegionIds>
-        <Products>
-            <Product><ProductName>Kms</ProductName><DomainName>kms.cn-shenzhen-finance-1.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ecs</ProductName><DomainName>ecs-cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Rds</ProductName><DomainName>rds.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Vpc</ProductName><DomainName>vpc.aliyuncs.com</DomainName></Product>
-        </Products>
-    </Endpoint>
-    <Endpoint name="ap-southeast-1">
-        <RegionIds><RegionId>ap-southeast-1</RegionId></RegionIds>
-        <Products>
-            <Product><ProductName>CS</ProductName><DomainName>cs.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Risk</ProductName><DomainName>risk-cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>COS</ProductName><DomainName>cos.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ess</ProductName><DomainName>ess.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Billing</ProductName><DomainName>billing.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Dqs</ProductName><DomainName>dqs.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Dds</ProductName><DomainName>mongodb.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Alidns</ProductName><DomainName>alidns.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Sms</ProductName><DomainName>sms.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Drds</ProductName><DomainName>drds.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Dts</ProductName><DomainName>dts.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Kms</ProductName><DomainName>kms.ap-southeast-1.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Location</ProductName><DomainName>location.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Msg</ProductName><DomainName>msg-inner.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>ChargingService</ProductName><DomainName>chargingservice.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>R-kvstore</ProductName><DomainName>r-kvstore-cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Alert</ProductName><DomainName>alert.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Msc</ProductName><DomainName>msc-inner.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>HighDDos</ProductName><DomainName>yd-highddos-cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Yundun</ProductName><DomainName>yundun-cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ubsms-inner</ProductName><DomainName>ubsms-inner.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ocs</ProductName><DomainName>m-kvstore.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Dm</ProductName><DomainName>dm.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Green</ProductName><DomainName>green.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Commondriver</ProductName><DomainName>common.driver.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>oceanbase</ProductName><DomainName>oceanbase.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Workorder</ProductName><DomainName>workorder.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Yundunhsm</ProductName><DomainName>yundunhsm.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Iot</ProductName><DomainName>iot.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>HPC</ProductName><DomainName>hpc.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>jaq</ProductName><DomainName>jaq.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Oms</ProductName><DomainName>oms.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>live</ProductName><DomainName>live.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ecs</ProductName><DomainName>ecs-cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>M-kvstore</ProductName><DomainName>m-kvstore.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Vpc</ProductName><DomainName>vpc.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>BatchCompute</ProductName><DomainName>batchCompute.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>AMS</ProductName><DomainName>ams.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>ROS</ProductName><DomainName>ros.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>PTS</ProductName><DomainName>pts.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Qualitycheck</ProductName><DomainName>qualitycheck.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Bss</ProductName><DomainName>bss.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ubsms</ProductName><DomainName>ubsms.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Apigateway</ProductName><DomainName>apigateway.ap-southeast-1.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>CloudAPI</ProductName><DomainName>apigateway.ap-southeast-1.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Sts</ProductName><DomainName>sts.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>CmsSiteMonitor</ProductName><DomainName>sitemonitor.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ace</ProductName><DomainName>ace.cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Mts</ProductName><DomainName>mts.ap-southeast-1.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>CF</ProductName><DomainName>cf.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Crm</ProductName><DomainName>crm-cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Location-inner</ProductName><DomainName>location-inner.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Aas</ProductName><DomainName>aas.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Emr</ProductName><DomainName>emr.ap-southeast-1.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Httpdns</ProductName><DomainName>httpdns-api.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Drc</ProductName><DomainName>drc.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Push</ProductName><DomainName>cloudpush.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Cms</ProductName><DomainName>metrics.cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Slb</ProductName><DomainName>slb.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>YundunDdos</ProductName><DomainName>inner-yundun-ddos.cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Domain</ProductName><DomainName>domain.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ots</ProductName><DomainName>ots-pop.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Cdn</ProductName><DomainName>cdn.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ram</ProductName><DomainName>ram.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Sales</ProductName><DomainName>sales.cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Rds</ProductName><DomainName>rds.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>OssAdmin</ProductName><DomainName>oss-admin.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ons</ProductName><DomainName>ons.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Oss</ProductName><DomainName>oss-ap-southeast-1.aliyuncs.com</DomainName></Product>
-        </Products>
-    </Endpoint>
-    <Endpoint name="cn-shenzhen-st4-d01">
-        <RegionIds><RegionId>cn-shenzhen-st4-d01</RegionId></RegionIds>
-        <Products>
-            <Product><ProductName>Ecs</ProductName><DomainName>ecs-cn-hangzhou.aliyuncs.com</DomainName></Product>
-        </Products>
-    </Endpoint>
-    <Endpoint name="eu-central-1">
-        <RegionIds><RegionId>eu-central-1</RegionId></RegionIds>
-        <Products>
-            <Product><ProductName>Rds</ProductName><DomainName>rds.eu-central-1.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ecs</ProductName><DomainName>ecs.eu-central-1.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Vpc</ProductName><DomainName>vpc.eu-central-1.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Kms</ProductName><DomainName>kms.eu-central-1.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Cms</ProductName><DomainName>metrics.cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Slb</ProductName><DomainName>slb.eu-central-1.aliyuncs.com</DomainName></Product>
-        </Products>
-    </Endpoint>
-    <Endpoint name="eu-west-1">
-        <RegionIds><RegionId>eu-west-1</RegionId></RegionIds>
-        <Products>
-            <Product><ProductName>Rds</ProductName><DomainName>rds.eu-west-1.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ecs</ProductName><DomainName>ecs.eu-west-1.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Vpc</ProductName><DomainName>vpc.eu-west-1.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Kms</ProductName><DomainName>kms.eu-west-1.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Cms</ProductName><DomainName>metrics.cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Slb</ProductName><DomainName>slb.eu-west-1.aliyuncs.com</DomainName></Product>
-        </Products>
-    </Endpoint>
-    <Endpoint name="cn-zhangjiakou">
-        <RegionIds><RegionId>cn-zhangjiakou</RegionId></RegionIds>
-        <Products>
-            <Product><ProductName>Rds</ProductName><DomainName>rds.cn-zhangjiakou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ecs</ProductName><DomainName>ecs.cn-zhangjiakou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Vpc</ProductName><DomainName>vpc.cn-zhangjiakou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Cms</ProductName><DomainName>metrics.cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Slb</ProductName><DomainName>slb.cn-zhangjiakou.aliyuncs.com</DomainName></Product>
-        </Products>
-    </Endpoint>
-    <Endpoint name="cn-huhehaote">
-        <RegionIds><RegionId>cn-huhehaote</RegionId></RegionIds>
-        <Products>
-            <Product><ProductName>Rds</ProductName><DomainName>rds.cn-huhehaote.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Ecs</ProductName><DomainName>ecs.cn-huhehaote.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Vpc</ProductName><DomainName>vpc.cn-huhehaote.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Cms</ProductName><DomainName>metrics.cn-hangzhou.aliyuncs.com</DomainName></Product>
-            <Product><ProductName>Slb</ProductName><DomainName>slb.cn-huhehaote.aliyuncs.com</DomainName></Product>
-        </Products>
-    </Endpoint>
-</Endpoints>
diff --git a/vendor/github.com/denverdino/aliyungo/common/regions.go b/vendor/github.com/denverdino/aliyungo/common/regions.go
deleted file mode 100644
index e6bc728fe..000000000
--- a/vendor/github.com/denverdino/aliyungo/common/regions.go
+++ /dev/null
@@ -1,55 +0,0 @@
-package common
-
-// Region represents ECS region
-type Region string
-
-// Constants of region definition
-const (
-	Hangzhou    = Region("cn-hangzhou")
-	Qingdao     = Region("cn-qingdao")
-	Beijing     = Region("cn-beijing")
-	Hongkong    = Region("cn-hongkong")
-	Shenzhen    = Region("cn-shenzhen")
-	Shanghai    = Region("cn-shanghai")
-	Zhangjiakou = Region("cn-zhangjiakou")
-	Huhehaote   = Region("cn-huhehaote")
-
-	APSouthEast1 = Region("ap-southeast-1")
-	APNorthEast1 = Region("ap-northeast-1")
-	APSouthEast2 = Region("ap-southeast-2")
-	APSouthEast3 = Region("ap-southeast-3")
-	APSouthEast5 = Region("ap-southeast-5")
-
-	APSouth1 = Region("ap-south-1")
-
-	USWest1 = Region("us-west-1")
-	USEast1 = Region("us-east-1")
-
-	MEEast1 = Region("me-east-1")
-
-	EUCentral1 = Region("eu-central-1")
-	EUWest1    = Region("eu-west-1")
-
-	ShenZhenFinance = Region("cn-shenzhen-finance-1")
-	ShanghaiFinance = Region("cn-shanghai-finance-1")
-)
-
-var ValidRegions = []Region{
-	Hangzhou, Qingdao, Beijing, Shenzhen, Hongkong, Shanghai, Zhangjiakou, Huhehaote,
-	USWest1, USEast1,
-	APNorthEast1, APSouthEast1, APSouthEast2, APSouthEast3, APSouthEast5,
-	APSouth1,
-	MEEast1,
-	EUCentral1, EUWest1,
-	ShenZhenFinance, ShanghaiFinance,
-}
-
-// IsValidRegion checks if r is an Ali supported region.
-func IsValidRegion(r string) bool {
-	for _, v := range ValidRegions {
-		if r == string(v) {
-			return true
-		}
-	}
-	return false
-}
diff --git a/vendor/github.com/denverdino/aliyungo/common/request.go b/vendor/github.com/denverdino/aliyungo/common/request.go
deleted file mode 100644
index f35c2990d..000000000
--- a/vendor/github.com/denverdino/aliyungo/common/request.go
+++ /dev/null
@@ -1,105 +0,0 @@
-package common
-
-import (
-	"fmt"
-	"log"
-	"time"
-
-	"github.com/denverdino/aliyungo/util"
-)
-
-// Constants for Aliyun API requests
-const (
-	SignatureVersion   = "1.0"
-	SignatureMethod    = "HMAC-SHA1"
-	JSONResponseFormat = "JSON"
-	XMLResponseFormat  = "XML"
-	ECSRequestMethod   = "GET"
-)
-
-type Request struct {
-	Format               string
-	Version              string
-	RegionId             Region
-	AccessKeyId          string
-	SecurityToken        string
-	Signature            string
-	SignatureMethod      string
-	Timestamp            util.ISO6801Time
-	SignatureVersion     string
-	SignatureNonce       string
-	ResourceOwnerAccount string
-	Action               string
-}
-
-func (request *Request) init(version string, action string, AccessKeyId string, securityToken string, regionId Region) {
-	request.Format = JSONResponseFormat
-	request.Timestamp = util.NewISO6801Time(time.Now().UTC())
-	request.Version = version
-	request.SignatureVersion = SignatureVersion
-	request.SignatureMethod = SignatureMethod
-	request.SignatureNonce = util.CreateRandomString()
-	request.Action = action
-	request.AccessKeyId = AccessKeyId
-	request.SecurityToken = securityToken
-	request.RegionId = regionId
-}
-
-type Response struct {
-	RequestId string
-}
-
-type ErrorResponse struct {
-	Response
-	HostId  string
-	Code    string
-	Message string
-}
-
-// An Error represents a custom error for Aliyun API failure response
-type Error struct {
-	ErrorResponse
-	StatusCode int //Status Code of HTTP Response
-}
-
-func (e *Error) Error() string {
-	return fmt.Sprintf("Aliyun API Error: RequestId: %s Status Code: %d Code: %s Message: %s", e.RequestId, e.StatusCode, e.Code, e.Message)
-}
-
-type Pagination struct {
-	PageNumber int
-	PageSize   int
-}
-
-func (p *Pagination) SetPageSize(size int) {
-	p.PageSize = size
-}
-
-func (p *Pagination) Validate() {
-	if p.PageNumber < 0 {
-		log.Printf("Invalid PageNumber: %d", p.PageNumber)
-		p.PageNumber = 1
-	}
-	if p.PageSize < 0 {
-		log.Printf("Invalid PageSize: %d", p.PageSize)
-		p.PageSize = 10
-	} else if p.PageSize > 50 {
-		log.Printf("Invalid PageSize: %d", p.PageSize)
-		p.PageSize = 50
-	}
-}
-
-// A PaginationResponse represents a response with pagination information
-type PaginationResult struct {
-	TotalCount int
-	PageNumber int
-	PageSize   int
-}
-
-// NextPage gets the next page of the result set
-func (r *PaginationResult) NextPage() *Pagination {
-	if r.PageNumber*r.PageSize >= r.TotalCount {
-		return nil
-	}
-	return &Pagination{PageNumber: r.PageNumber + 1, PageSize: r.PageSize}
-}
diff --git a/vendor/github.com/denverdino/aliyungo/common/types.go b/vendor/github.com/denverdino/aliyungo/common/types.go
deleted file mode 100644
index cf161f11b..000000000
--- a/vendor/github.com/denverdino/aliyungo/common/types.go
+++ /dev/null
@@ -1,107 +0,0 @@
-package common
-
-type InternetChargeType string
-
-const (
-	PayByBandwidth = InternetChargeType("PayByBandwidth")
-	PayByTraffic   = InternetChargeType("PayByTraffic")
-)
-
-type InstanceChargeType string
-
-const (
-	PrePaid  = InstanceChargeType("PrePaid")
-	PostPaid = InstanceChargeType("PostPaid")
-)
-
-type DescribeEndpointArgs struct {
-	Id          Region
-	ServiceCode string
-	Type        string
-}
-
-type EndpointItem struct {
-	Protocols struct {
-		Protocols []string
-	}
-	Type        string
-	Namespace   string
-	Id          Region
-	SerivceCode string
-	Endpoint    string
-}
-
-type DescribeEndpointResponse struct {
-	Response
-	EndpointItem
-}
-
-type DescribeEndpointsArgs struct {
-	Id          Region
-	ServiceCode string
-	Type        string
-}
-
-type DescribeEndpointsResponse struct {
-	Response
-	Endpoints APIEndpoints
-	RequestId string
-	Success   bool
-}
-
-type APIEndpoints struct {
-	Endpoint []EndpointItem
-}
-
-type NetType string
-
-const (
-	Internet = NetType("Internet")
-	Intranet = NetType("Intranet")
-)
-
-type TimeType string
-
-const (
-	Hour  = TimeType("Hour")
-	Day   = TimeType("Day")
-	Week  = TimeType("Week")
-	Month = TimeType("Month")
-	Year  = TimeType("Year")
-)
-
-type NetworkType string
-
-const (
-	Classic = NetworkType("Classic")
-	VPC     = NetworkType("VPC")
-)
-
-type BusinessInfo struct {
-	Pack       string `json:"pack,omitempty"`
-	ActivityId string `json:"activityId,omitempty"`
-}
-
-//xml
-type Endpoints struct {
-	Endpoint []Endpoint `xml:"Endpoint"`
-}
-
-type Endpoint struct {
-	Name      string    `xml:"name,attr"`
-	RegionIds RegionIds `xml:"RegionIds"`
-	Products  Products  `xml:"Products"`
-}
-
-type RegionIds struct {
-	RegionId string `xml:"RegionId"`
-}
-
-type Products struct {
-	Product []Product `xml:"Product"`
-}
-
-type Product struct {
-	ProductName string `xml:"ProductName"`
-	DomainName  string `xml:"DomainName"`
-}
diff --git a/vendor/github.com/denverdino/aliyungo/common/version.go b/vendor/github.com/denverdino/aliyungo/common/version.go
deleted file mode 100644
index 7cb3d3aff..000000000
--- a/vendor/github.com/denverdino/aliyungo/common/version.go
+++ /dev/null
@@ -1,3 +0,0 @@
-package common
-
-const Version = "0.1"
diff --git a/vendor/github.com/denverdino/aliyungo/oss/authenticate_callback.go b/vendor/github.com/denverdino/aliyungo/oss/authenticate_callback.go
deleted file mode 100644
index 74b58fb08..000000000
--- a/vendor/github.com/denverdino/aliyungo/oss/authenticate_callback.go
+++ /dev/null
@@ -1,88 +0,0 @@
-package oss
-
-import (
-	"crypto"
-	"crypto/md5"
-	"crypto/rsa"
-	"crypto/x509"
-	"encoding/base64"
-	"encoding/pem"
-	"errors"
-	"io/ioutil"
-	"net/http"
-	"regexp"
-	"strings"
-	"sync"
-)
-
-type authenticationType struct {
-	lock        *sync.RWMutex
-	certificate map[string]*rsa.PublicKey
-}
-
-var (
-	authentication = authenticationType{lock: &sync.RWMutex{}, certificate: map[string]*rsa.PublicKey{}}
-	urlReg         = regexp.MustCompile(`^http(|s)://gosspublic.alicdn.com/[0-9a-zA-Z]`)
-)
-
-//验证OSS向业务服务器发来的回调函数。
-//该方法是并发安全的
-//pubKeyUrl 回调请求头中[x-oss-pub-key-url]一项，以Base64编码
-//reqUrl oss所发来请求的url，由path+query组成
-//reqBody oss所发来请求的body
-//authorization authorization为回调头中的签名
-func AuthenticateCallBack(pubKeyUrl, reqUrl, reqBody, authorization string) error {
-	//获取证书url
-	keyURL, err := base64.URLEncoding.DecodeString(pubKeyUrl)
-	if err != nil {
-		return err
-	}
-	url := string(keyURL)
-	//判断证书是否来自于阿里云
-	if !urlReg.Match(keyURL) {
-		return errors.New("certificate address error")
-	}
-	//获取文件名
-	rs := []rune(url)
-	filename := string(rs[strings.LastIndex(url, "/") : len(rs)-1])
-	authentication.lock.RLock()
-	certificate := authentication.certificate[filename]
-	authentication.lock.RUnlock()
-	//内存中没有证书，下载
-	if certificate == nil {
-		authentication.lock.Lock()
-		res, err := http.Get(url)
-		if err != nil {
-			return err
-		}
-		defer res.Body.Close()
-		body, err := ioutil.ReadAll(res.Body)
-		if err != nil {
-			return err
-		}
-		block, _ := pem.Decode(body)
-		if block == nil {
-			return errors.New("certificate error")
-		}
-		pubKey, err := x509.ParsePKIXPublicKey(block.Bytes)
-		if err != nil {
-			return err
-		}
-		certificate = pubKey.(*rsa.PublicKey)
-		authentication.certificate[filename] = certificate
-		authentication.lock.Unlock()
-	}
-	//证书准备完毕，开始验证
-	//解析签名
-	signature, err := base64.StdEncoding.DecodeString(authorization)
-	if err != nil {
-		return err
-	}
-	hashed := md5.New()
-	hashed.Write([]byte(reqUrl + "\n" + reqBody))
-	if err := rsa.VerifyPKCS1v15(certificate, crypto.MD5, hashed.Sum(nil), signature); err != nil {
-		return err
-	}
-	//验证通过
-	return nil
-}
diff --git a/vendor/github.com/denverdino/aliyungo/oss/client.go b/vendor/github.com/denverdino/aliyungo/oss/client.go
deleted file mode 100644
index c09191941..000000000
--- a/vendor/github.com/denverdino/aliyungo/oss/client.go
+++ /dev/null
@@ -1,1421 +0,0 @@
-package oss
-
-import (
-	"bytes"
-	"crypto/hmac"
-	"crypto/md5"
-	"crypto/sha1"
-	"encoding/base64"
-	"encoding/xml"
-	"fmt"
-	"io"
-	"io/ioutil"
-	"log"
-	"mime"
-	"net"
-	"net/http"
-	"net/http/httputil"
-	"net/url"
-	"os"
-	"path"
-	"strconv"
-	"strings"
-	"time"
-
-	"github.com/denverdino/aliyungo/common"
-	"github.com/denverdino/aliyungo/util"
-)
-
-const DefaultContentType = "application/octet-stream"
-
-// The Client type encapsulates operations with an OSS region.
-type Client struct {
-	AccessKeyId     string
-	AccessKeySecret string
-	SecurityToken   string
-	Region          Region
-	Internal        bool
-	Secure          bool
-	ConnectTimeout  time.Duration
-
-	endpoint string
-	debug    bool
-}
-
-// The Bucket type encapsulates operations with an bucket.
-type Bucket struct {
-	*Client
-	Name string
-}
-
-// The Owner type represents the owner of the object in an bucket.
-type Owner struct {
-	ID          string
-	DisplayName string
-}
-
-// Options struct
-//
-type Options struct {
-	ServerSideEncryption      bool
-	ServerSideEncryptionKeyID string
-
-	Meta               map[string][]string
-	ContentEncoding    string
-	CacheControl       string
-	ContentMD5         string
-	ContentDisposition string
-	//Range              string
-	//Expires int
-}
-
-type CopyOptions struct {
-	Headers           http.Header
-	CopySourceOptions string
-	MetadataDirective string
-	//ContentType       string
-
-	ServerSideEncryption      bool
-	ServerSideEncryptionKeyID string
-}
-
-// CopyObjectResult is the output from a Copy request
-type CopyObjectResult struct {
-	ETag         string
-	LastModified string
-}
-
-var attempts = util.AttemptStrategy{
-	Min:   5,
-	Total: 5 * time.Second,
-	Delay: 200 * time.Millisecond,
-}
-
-// NewOSSClient creates a new OSS.
-
-func NewOSSClientForAssumeRole(region Region, internal bool, accessKeyId string, accessKeySecret string, securityToken string, secure bool) *Client {
-	return &Client{
-		AccessKeyId:     accessKeyId,
-		AccessKeySecret: accessKeySecret,
-		SecurityToken:   securityToken,
-		Region:          region,
-		Internal:        internal,
-		debug:           false,
-		Secure:          secure,
-	}
-}
-
-func NewOSSClient(region Region, internal bool, accessKeyId string, accessKeySecret string, secure bool) *Client {
-	return &Client{
-		AccessKeyId:     accessKeyId,
-		AccessKeySecret: accessKeySecret,
-		Region:          region,
-		Internal:        internal,
-		debug:           false,
-		Secure:          secure,
-	}
-}
-
-// SetDebug sets debug mode to log the request/response message
-func (client *Client) SetDebug(debug bool) {
-	client.debug = debug
-}
-
-// Bucket returns a Bucket with the given name.
-func (client *Client) Bucket(name string) *Bucket {
-	name = strings.ToLower(name)
-	return &Bucket{
-		Client: client,
-		Name:   name,
-	}
-}
-
-type BucketInfo struct {
-	Name             string
-	CreationDate     string
-	ExtranetEndpoint string
-	IntranetEndpoint string
-	Location         string
-	Grant            string `xml:"AccessControlList>Grant"`
-}
-
-type GetServiceResp struct {
-	Owner   Owner
-	Buckets []BucketInfo `xml:">Bucket"`
-}
-
-type GetBucketInfoResp struct {
-	Bucket BucketInfo
-}
-
-// GetService gets a list of all buckets owned by an account.
-func (client *Client) GetService() (*GetServiceResp, error) {
-	bucket := client.Bucket("")
-
-	r, err := bucket.Get("")
-	if err != nil {
-		return nil, err
-	}
-
-	// Parse the XML response.
-	var resp GetServiceResp
-	if err = xml.Unmarshal(r, &resp); err != nil {
-		return nil, err
-	}
-
-	return &resp, nil
-}
-
-type ACL string
-
-const (
-	Private           = ACL("private")
-	PublicRead        = ACL("public-read")
-	PublicReadWrite   = ACL("public-read-write")
-	AuthenticatedRead = ACL("authenticated-read")
-	BucketOwnerRead   = ACL("bucket-owner-read")
-	BucketOwnerFull   = ACL("bucket-owner-full-control")
-)
-
-var createBucketConfiguration = `<CreateBucketConfiguration>
-  <LocationConstraint>%s</LocationConstraint>
-</CreateBucketConfiguration>`
-
-// locationConstraint returns an io.Reader specifying a LocationConstraint if
-// required for the region.
-func (client *Client) locationConstraint() io.Reader {
-	constraint := fmt.Sprintf(createBucketConfiguration, client.Region)
-	return strings.NewReader(constraint)
-}
-
-// override default endpoint
-func (client *Client) SetEndpoint(endpoint string) {
-	// TODO check endpoint
-	client.endpoint = endpoint
-}
-
-// Info query basic information about the bucket
-//
-// You can read doc at https://help.aliyun.com/document_detail/31968.html
-func (b *Bucket) Info() (BucketInfo, error) {
-	params := make(url.Values)
-	params.Set("bucketInfo", "")
-	r, err := b.GetWithParams("/", params)
-
-	if err != nil {
-		return BucketInfo{}, err
-	}
-
-	// Parse the XML response.
-	var resp GetBucketInfoResp
-	if err = xml.Unmarshal(r, &resp); err != nil {
-		return BucketInfo{}, err
-	}
-
-	return resp.Bucket, nil
-}
-
-// PutBucket creates a new bucket.
-//
-// You can read doc at http://docs.aliyun.com/#/pub/oss/api-reference/bucket&PutBucket
-func (b *Bucket) PutBucket(perm ACL) error {
-	headers := make(http.Header)
-	if perm != "" {
-		headers.Set("x-oss-acl", string(perm))
-	}
-	req := &request{
-		method:  "PUT",
-		bucket:  b.Name,
-		path:    "/",
-		headers: headers,
-		payload: b.Client.locationConstraint(),
-	}
-	return b.Client.query(req, nil)
-}
-
-// DelBucket removes an existing bucket. All objects in the bucket must
-// be removed before the bucket itself can be removed.
-//
-// You can read doc at http://docs.aliyun.com/#/pub/oss/api-reference/bucket&DeleteBucket
-func (b *Bucket) DelBucket() (err error) {
-	for attempt := attempts.Start(); attempt.Next(); {
-		req := &request{
-			method: "DELETE",
-			bucket: b.Name,
-			path:   "/",
-		}
-
-		err = b.Client.query(req, nil)
-		if !shouldRetry(err) {
-			break
-		}
-	}
-	return err
-}
-
-// Get retrieves an object from an bucket.
-//
-// You can read doc at http://docs.aliyun.com/#/pub/oss/api-reference/object&GetObject
-func (b *Bucket) Get(path string) (data []byte, err error) {
-	body, err := b.GetReader(path)
-	if err != nil {
-		return nil, err
-	}
-	data, err = ioutil.ReadAll(body)
-	body.Close()
-	return data, err
-}
-
-// GetReader retrieves an object from an bucket,
-// returning the body of the HTTP response.
-// It is the caller's responsibility to call Close on rc when
-// finished reading.
-func (b *Bucket) GetReader(path string) (rc io.ReadCloser, err error) {
-	resp, err := b.GetResponse(path)
-	if resp != nil {
-		return resp.Body, err
-	}
-	return nil, err
-}
-
-// GetResponse retrieves an object from an bucket,
-// returning the HTTP response.
-// It is the caller's responsibility to call Close on rc when
-// finished reading
-func (b *Bucket) GetResponse(path string) (resp *http.Response, err error) {
-	return b.GetResponseWithHeaders(path, make(http.Header))
-}
-
-// GetResponseWithHeaders retrieves an object from an bucket
-// Accepts custom headers to be sent as the second parameter
-// returning the body of the HTTP response.
-// It is the caller's responsibility to call Close on rc when
-// finished reading
-func (b *Bucket) GetResponseWithHeaders(path string, headers http.Header) (resp *http.Response, err error) {
-	for attempt := attempts.Start(); attempt.Next(); {
-		req := &request{
-			bucket:  b.Name,
-			path:    path,
-			headers: headers,
-		}
-		err = b.Client.prepare(req)
-		if err != nil {
-			return nil, err
-		}
-
-		resp, err := b.Client.run(req, nil)
-		if shouldRetry(err) && attempt.HasNext() {
-			continue
-		}
-		if err != nil {
-			return nil, err
-		}
-		return resp, nil
-	}
-	panic("unreachable")
-}
-
-// Get retrieves an object from an bucket.
-func (b *Bucket) GetWithParams(path string, params url.Values) (data []byte, err error) {
-	resp, err := b.GetResponseWithParamsAndHeaders(path, params, nil)
-	if err != nil {
-		return nil, err
-	}
-	data, err = ioutil.ReadAll(resp.Body)
-	resp.Body.Close()
-	return data, err
-}
-
-func (b *Bucket) GetResponseWithParamsAndHeaders(path string, params url.Values, headers http.Header) (resp *http.Response, err error) {
-	for attempt := attempts.Start(); attempt.Next(); {
-		req := &request{
-			bucket:  b.Name,
-			path:    path,
-			params:  params,
-			headers: headers,
-		}
-		err = b.Client.prepare(req)
-		if err != nil {
-			return nil, err
-		}
-
-		resp, err := b.Client.run(req, nil)
-		if shouldRetry(err) && attempt.HasNext() {
-			continue
-		}
-		if err != nil {
-			return nil, err
-		}
-		return resp, nil
-	}
-	panic("unreachable")
-}
-
-// Exists checks whether or not an object exists on an bucket using a HEAD request.
-func (b *Bucket) Exists(path string) (exists bool, err error) {
-	for attempt := attempts.Start(); attempt.Next(); {
-		req := &request{
-			method: "HEAD",
-			bucket: b.Name,
-			path:   path,
-		}
-		err = b.Client.prepare(req)
-		if err != nil {
-			return
-		}
-
-		resp, err := b.Client.run(req, nil)
-
-		if shouldRetry(err) && attempt.HasNext() {
-			continue
-		}
-
-		if err != nil {
-			// We can treat a 403 or 404 as non existence
-			if e, ok := err.(*Error); ok && (e.StatusCode == 403 || e.StatusCode == 404) {
-				return false, nil
-			}
-			return false, err
-		}
-
-		if resp.StatusCode/100 == 2 {
-			exists = true
-		}
-		if resp.Body != nil {
-			resp.Body.Close()
-		}
-		return exists, err
-	}
-	return false, fmt.Errorf("OSS Currently Unreachable")
-}
-
-// Head HEADs an object in the bucket, returns the response with
-//
-// You can read doc at http://docs.aliyun.com/#/pub/oss/api-reference/object&HeadObject
-func (b *Bucket) Head(path string, headers http.Header) (*http.Response, error) {
-
-	for attempt := attempts.Start(); attempt.Next(); {
-		req := &request{
-			method:  "HEAD",
-			bucket:  b.Name,
-			path:    path,
-			headers: headers,
-		}
-		err := b.Client.prepare(req)
-		if err != nil {
-			return nil, err
-		}
-
-		resp, err := b.Client.run(req, nil)
-		if shouldRetry(err) && attempt.HasNext() {
-			continue
-		}
-		if err != nil {
-			return nil, err
-		}
-		if resp != nil && resp.Body != nil {
-			resp.Body.Close()
-		}
-		return resp, err
-	}
-	return nil, fmt.Errorf("OSS Currently Unreachable")
-}
-
-// Put inserts an object into the bucket.
-//
-// You can read doc at http://docs.aliyun.com/#/pub/oss/api-reference/object&PutObject
-func (b *Bucket) Put(path string, data []byte, contType string, perm ACL, options Options) error {
-	body := bytes.NewBuffer(data)
-	return b.PutReader(path, body, int64(len(data)), contType, perm, options)
-}
-
-// PutCopy puts a copy of an object given by the key path into bucket b using b.Path as the target key
-//
-// You can read doc at http://docs.aliyun.com/#/pub/oss/api-reference/object&CopyObject
-func (b *Bucket) PutCopy(path string, perm ACL, options CopyOptions, source string) (*CopyObjectResult, error) {
-	headers := make(http.Header)
-
-	headers.Set("x-oss-object-acl", string(perm))
-	headers.Set("x-oss-copy-source", source)
-
-	options.addHeaders(headers)
-	req := &request{
-		method:  "PUT",
-		bucket:  b.Name,
-		path:    path,
-		headers: headers,
-		timeout: 5 * time.Minute,
-	}
-	resp := &CopyObjectResult{}
-	err := b.Client.query(req, resp)
-	if err != nil {
-		return resp, err
-	}
-	return resp, nil
-}
-
-// PutReader inserts an object into the bucket by consuming data
-// from r until EOF.
-func (b *Bucket) PutReader(path string, r io.Reader, length int64, contType string, perm ACL, options Options) error {
-	headers := make(http.Header)
-	headers.Set("Content-Length", strconv.FormatInt(length, 10))
-	headers.Set("Content-Type", contType)
-	headers.Set("x-oss-object-acl", string(perm))
-
-	options.addHeaders(headers)
-	req := &request{
-		method:  "PUT",
-		bucket:  b.Name,
-		path:    path,
-		headers: headers,
-		payload: r,
-	}
-	return b.Client.query(req, nil)
-}
-
-// PutFile creates/updates object with file
-func (b *Bucket) PutFile(path string, file *os.File, perm ACL, options Options) error {
-	var contentType string
-	if dotPos := strings.LastIndex(file.Name(), "."); dotPos == -1 {
-		contentType = DefaultContentType
-	} else {
-		if mimeType := mime.TypeByExtension(file.Name()[dotPos:]); mimeType == "" {
-			contentType = DefaultContentType
-		} else {
-			contentType = mimeType
-		}
-	}
-	stats, err := file.Stat()
-	if err != nil {
-		log.Printf("Unable to read file %s stats.\n", file.Name())
-		return err
-	}
-
-	return b.PutReader(path, file, stats.Size(), contentType, perm, options)
-}
-
-// addHeaders adds o's specified fields to headers
-func (o Options) addHeaders(headers http.Header) {
-	if len(o.ServerSideEncryptionKeyID) != 0 {
-		headers.Set("x-oss-server-side-encryption", "KMS")
-		headers.Set("x-oss-server-side-encryption-key-id", o.ServerSideEncryptionKeyID)
-	} else if o.ServerSideEncryption {
-		headers.Set("x-oss-server-side-encryption", "AES256")
-	}
-	if len(o.ContentEncoding) != 0 {
-		headers.Set("Content-Encoding", o.ContentEncoding)
-	}
-	if len(o.CacheControl) != 0 {
-		headers.Set("Cache-Control", o.CacheControl)
-	}
-	if len(o.ContentMD5) != 0 {
-		headers.Set("Content-MD5", o.ContentMD5)
-	}
-	if len(o.ContentDisposition) != 0 {
-		headers.Set("Content-Disposition", o.ContentDisposition)
-	}
-
-	for k, v := range o.Meta {
-		for _, mv := range v {
-			headers.Add("x-oss-meta-"+k, mv)
-		}
-	}
-}
-
-// addHeaders adds o's specified fields to headers
-func (o CopyOptions) addHeaders(headers http.Header) {
-	if len(o.ServerSideEncryptionKeyID) != 0 {
-		headers.Set("x-oss-server-side-encryption", "KMS")
-		headers.Set("x-oss-server-side-encryption-key-id", o.ServerSideEncryptionKeyID)
-	} else if o.ServerSideEncryption {
-		headers.Set("x-oss-server-side-encryption", "AES256")
-	}
-
-	if len(o.MetadataDirective) != 0 {
-		headers.Set("x-oss-metadata-directive", o.MetadataDirective)
-	}
-	if len(o.CopySourceOptions) != 0 {
-		headers.Set("x-oss-copy-source-range", o.CopySourceOptions)
-	}
-	if o.Headers != nil {
-		for k, v := range o.Headers {
-			newSlice := make([]string, len(v))
-			copy(newSlice, v)
-			headers[k] = newSlice
-		}
-	}
-}
-
-func makeXMLBuffer(doc []byte) *bytes.Buffer {
-	buf := new(bytes.Buffer)
-	buf.WriteString(xml.Header)
-	buf.Write(doc)
-	return buf
-}
-
-type IndexDocument struct {
-	Suffix string `xml:"Suffix"`
-}
-
-type ErrorDocument struct {
-	Key string `xml:"Key"`
-}
-
-type RoutingRule struct {
-	ConditionKeyPrefixEquals     string `xml:"Condition>KeyPrefixEquals"`
-	RedirectReplaceKeyPrefixWith string `xml:"Redirect>ReplaceKeyPrefixWith,omitempty"`
-	RedirectReplaceKeyWith       string `xml:"Redirect>ReplaceKeyWith,omitempty"`
-}
-
-type RedirectAllRequestsTo struct {
-	HostName string `xml:"HostName"`
-	Protocol string `xml:"Protocol,omitempty"`
-}
-
-type WebsiteConfiguration struct {
-	XMLName               xml.Name               `xml:"http://doc.oss-cn-hangzhou.aliyuncs.com WebsiteConfiguration"`
-	IndexDocument         *IndexDocument         `xml:"IndexDocument,omitempty"`
-	ErrorDocument         *ErrorDocument         `xml:"ErrorDocument,omitempty"`
-	RoutingRules          *[]RoutingRule         `xml:"RoutingRules>RoutingRule,omitempty"`
-	RedirectAllRequestsTo *RedirectAllRequestsTo `xml:"RedirectAllRequestsTo,omitempty"`
-}
-
-// PutBucketWebsite configures a bucket as a website.
-//
-// You can read doc at http://docs.aliyun.com/#/pub/oss/api-reference/bucket&PutBucketWebsite
-func (b *Bucket) PutBucketWebsite(configuration WebsiteConfiguration) error {
-	doc, err := xml.Marshal(configuration)
-	if err != nil {
-		return err
-	}
-
-	buf := makeXMLBuffer(doc)
-
-	return b.PutBucketSubresource("website", buf, int64(buf.Len()))
-}
-
-func (b *Bucket) PutBucketSubresource(subresource string, r io.Reader, length int64) error {
-	headers := make(http.Header)
-	headers.Set("Content-Length", strconv.FormatInt(length, 10))
-
-	req := &request{
-		path:    "/",
-		method:  "PUT",
-		bucket:  b.Name,
-		headers: headers,
-		payload: r,
-		params:  url.Values{subresource: {""}},
-	}
-
-	return b.Client.query(req, nil)
-}
-
-// Del removes an object from the bucket.
-//
-// You can read doc at http://docs.aliyun.com/#/pub/oss/api-reference/object&DeleteObject
-func (b *Bucket) Del(path string) error {
-	req := &request{
-		method: "DELETE",
-		bucket: b.Name,
-		path:   path,
-	}
-	return b.Client.query(req, nil)
-}
-
-type Delete struct {
-	Quiet   bool     `xml:"Quiet,omitempty"`
-	Objects []Object `xml:"Object"`
-}
-
-type Object struct {
-	Key       string `xml:"Key"`
-	VersionId string `xml:"VersionId,omitempty"`
-}
-
-// DelMulti removes up to 1000 objects from the bucket.
-//
-// You can read doc at http://docs.aliyun.com/#/pub/oss/api-reference/object&DeleteMultipleObjects
-func (b *Bucket) DelMulti(objects Delete) error {
-	doc, err := xml.Marshal(objects)
-	if err != nil {
-		return err
-	}
-
-	buf := makeXMLBuffer(doc)
-	digest := md5.New()
-	size, err := digest.Write(buf.Bytes())
-	if err != nil {
-		return err
-	}
-
-	headers := make(http.Header)
-	headers.Set("Content-Length", strconv.FormatInt(int64(size), 10))
-	headers.Set("Content-MD5", base64.StdEncoding.EncodeToString(digest.Sum(nil)))
-	headers.Set("Content-Type", "text/xml")
-
-	req := &request{
-		path:    "/",
-		method:  "POST",
-		params:  url.Values{"delete": {""}},
-		bucket:  b.Name,
-		headers: headers,
-		payload: buf,
-	}
-
-	return b.Client.query(req, nil)
-}
-
-// The ListResp type holds the results of a List bucket operation.
-type ListResp struct {
-	Name      string
-	Prefix    string
-	Delimiter string
-	Marker    string
-	MaxKeys   int
-	// IsTruncated is true if the results have been truncated because
-	// there are more keys and prefixes than can fit in MaxKeys.
-	// N.B. this is the opposite sense to that documented (incorrectly) in
-	// http://goo.gl/YjQTc
-	IsTruncated    bool
-	Contents       []Key
-	CommonPrefixes []string `xml:">Prefix"`
-	// if IsTruncated is true, pass NextMarker as marker argument to List()
-	// to get the next set of keys
-	NextMarker string
-}
-
-// The Key type represents an item stored in an bucket.
-type Key struct {
-	Key          string
-	LastModified string
-	Type         string
-	Size         int64
-	// ETag gives the hex-encoded MD5 sum of the contents,
-	// surrounded with double-quotes.
-	ETag         string
-	StorageClass string
-	Owner        Owner
-}
-
-// List returns information about objects in an bucket.
-//
-// The prefix parameter limits the response to keys that begin with the
-// specified prefix.
-//
-// The delim parameter causes the response to group all of the keys that
-// share a common prefix up to the next delimiter in a single entry within
-// the CommonPrefixes field. You can use delimiters to separate a bucket
-// into different groupings of keys, similar to how folders would work.
-//
-// The marker parameter specifies the key to start with when listing objects
-// in a bucket. OSS lists objects in alphabetical order and
-// will return keys alphabetically greater than the marker.
-//
-// The max parameter specifies how many keys + common prefixes to return in
-// the response, at most 1000. The default is 100.
-//
-// For example, given these keys in a bucket:
-//
-//     index.html
-//     index2.html
-//     photos/2006/January/sample.jpg
-//     photos/2006/February/sample2.jpg
-//     photos/2006/February/sample3.jpg
-//     photos/2006/February/sample4.jpg
-//
-// Listing this bucket with delimiter set to "/" would yield the
-// following result:
-//
-//     &ListResp{
-//         Name:      "sample-bucket",
-//         MaxKeys:   1000,
-//         Delimiter: "/",
-//         Contents:  []Key{
-//             {Key: "index.html", "index2.html"},
-//         },
-//         CommonPrefixes: []string{
-//             "photos/",
-//         },
-//     }
-//
-// Listing the same bucket with delimiter set to "/" and prefix set to
-// "photos/2006/" would yield the following result:
-//
-//     &ListResp{
-//         Name:      "sample-bucket",
-//         MaxKeys:   1000,
-//         Delimiter: "/",
-//         Prefix:    "photos/2006/",
-//         CommonPrefixes: []string{
-//             "photos/2006/February/",
-//             "photos/2006/January/",
-//         },
-//     }
-//
-//
-// You can read doc at http://docs.aliyun.com/#/pub/oss/api-reference/bucket&GetBucket
-func (b *Bucket) List(prefix, delim, marker string, max int) (result *ListResp, err error) {
-	params := make(url.Values)
-	params.Set("prefix", prefix)
-	params.Set("delimiter", delim)
-	params.Set("marker", marker)
-	if max != 0 {
-		params.Set("max-keys", strconv.FormatInt(int64(max), 10))
-	}
-	result = &ListResp{}
-	for attempt := attempts.Start(); attempt.Next(); {
-		req := &request{
-			bucket: b.Name,
-			params: params,
-		}
-		err = b.Client.query(req, result)
-		if !shouldRetry(err) {
-			break
-		}
-	}
-	if err != nil {
-		return nil, err
-	}
-	// if NextMarker is not returned, it should be set to the name of last key,
-	// so let's do it so that each caller doesn't have to
-	if result.IsTruncated && result.NextMarker == "" {
-		n := len(result.Contents)
-		if n > 0 {
-			result.NextMarker = result.Contents[n-1].Key
-		}
-	}
-	return result, nil
-}
-
-type GetLocationResp struct {
-	Location string `xml:",innerxml"`
-}
-
-func (b *Bucket) Location() (string, error) {
-	params := make(url.Values)
-	params.Set("location", "")
-	r, err := b.GetWithParams("/", params)
-
-	if err != nil {
-		return "", err
-	}
-
-	// Parse the XML response.
-	var resp GetLocationResp
-	if err = xml.Unmarshal(r, &resp); err != nil {
-		return "", err
-	}
-
-	if resp.Location == "" {
-		return string(Hangzhou), nil
-	}
-	return resp.Location, nil
-}
-
-func (b *Bucket) Path(path string) string {
-	if !strings.HasPrefix(path, "/") {
-		path = "/" + path
-	}
-	return "/" + b.Name + path
-}
-
-// URL returns a non-signed URL that allows retriving the
-// object at path. It only works if the object is publicly
-// readable (see SignedURL).
-func (b *Bucket) URL(path string) string {
-	req := &request{
-		bucket: b.Name,
-		path:   path,
-	}
-	err := b.Client.prepare(req)
-	if err != nil {
-		panic(err)
-	}
-	u, err := req.url()
-	if err != nil {
-		panic(err)
-	}
-	u.RawQuery = ""
-	return u.String()
-}
-
-// SignedURL returns a signed URL that allows anyone holding the URL
-// to retrieve the object at path. The signature is valid until expires.
-func (b *Bucket) SignedURL(path string, expires time.Time) string {
-	return b.SignedURLWithArgs(path, expires, nil, nil)
-}
-
-// SignedURLWithArgs returns a signed URL that allows anyone holding the URL
-// to retrieve the object at path. The signature is valid until expires.
-func (b *Bucket) SignedURLWithArgs(path string, expires time.Time, params url.Values, headers http.Header) string {
-	return b.SignedURLWithMethod("GET", path, expires, params, headers)
-}
-
-func (b *Bucket) SignedURLWithMethodForAssumeRole(method, path string, expires time.Time, params url.Values, headers http.Header) string {
-	var uv = url.Values{}
-	if params != nil {
-		uv = params
-	}
-	if len(b.Client.SecurityToken) != 0 {
-		uv.Set("security-token", b.Client.SecurityToken)
-	}
-	return b.SignedURLWithMethod(method, path, expires, params, headers)
-}
-
-// SignedURLWithMethod returns a signed URL that allows anyone holding the URL
-// to either retrieve the object at path or make a HEAD request against it. The signature is valid until expires.
-func (b *Bucket) SignedURLWithMethod(method, path string, expires time.Time, params url.Values, headers http.Header) string {
-	var uv = url.Values{}
-
-	if params != nil {
-		uv = params
-	}
-
-	uv.Set("Expires", strconv.FormatInt(expires.Unix(), 10))
-	uv.Set("OSSAccessKeyId", b.AccessKeyId)
-
-	req := &request{
-		method:  method,
-		bucket:  b.Name,
-		path:    path,
-		params:  uv,
-		headers: headers,
-	}
-	err := b.Client.prepare(req)
-	if err != nil {
-		panic(err)
-	}
-	u, err := req.url()
-	if err != nil {
-		panic(err)
-	}
-
-	return u.String()
-}
-
-// UploadSignedURL returns a signed URL that allows anyone holding the URL
-// to upload the object at path. The signature is valid until expires.
-// contenttype is a string like image/png
-// name is the resource name in OSS terminology like images/ali.png [obviously excluding the bucket name itself]
-func (b *Bucket) UploadSignedURL(name, method, contentType string, expires time.Time) string {
-	//TODO TESTING
-	expireDate := expires.Unix()
-	if method != "POST" {
-		method = "PUT"
-	}
-
-	tokenData := ""
-
-	stringToSign := method + "\n\n" + contentType + "\n" + strconv.FormatInt(expireDate, 10) + "\n" + tokenData + "/" + path.Join(b.Name, name)
-	secretKey := b.AccessKeySecret
-	accessId := b.AccessKeyId
-	mac := hmac.New(sha1.New, []byte(secretKey))
-	mac.Write([]byte(stringToSign))
-	macsum := mac.Sum(nil)
-	signature := base64.StdEncoding.EncodeToString(macsum)
-	signature = strings.TrimSpace(signature)
-
-	signedurl, err := url.Parse(b.Region.GetEndpoint(b.Internal, b.Name, b.Secure))
-	if err != nil {
-		log.Println("ERROR sining url for OSS upload", err)
-		return ""
-	}
-	signedurl.Path = name
-	params := url.Values{}
-	params.Add("OSSAccessKeyId", accessId)
-	params.Add("Expires", strconv.FormatInt(expireDate, 10))
-	params.Add("Signature", signature)
-
-	signedurl.RawQuery = params.Encode()
-	return signedurl.String()
-}
-
-// PostFormArgsEx returns the action and input fields needed to allow anonymous
-// uploads to a bucket within the expiration limit
-// Additional conditions can be specified with conds
-func (b *Bucket) PostFormArgsEx(path string, expires time.Time, redirect string, conds []string) (action string, fields map[string]string) {
-	conditions := []string{}
-	fields = map[string]string{
-		"AWSAccessKeyId": b.AccessKeyId,
-		"key":            path,
-	}
-
-	if conds != nil {
-		conditions = append(conditions, conds...)
-	}
-
-	conditions = append(conditions, fmt.Sprintf("{\"key\": \"%s\"}", path))
-	conditions = append(conditions, fmt.Sprintf("{\"bucket\": \"%s\"}", b.Name))
-	if redirect != "" {
-		conditions = append(conditions, fmt.Sprintf("{\"success_action_redirect\": \"%s\"}", redirect))
-		fields["success_action_redirect"] = redirect
-	}
-
-	vExpiration := expires.Format("2006-01-02T15:04:05Z")
-	vConditions := strings.Join(conditions, ",")
-	policy := fmt.Sprintf("{\"expiration\": \"%s\", \"conditions\": [%s]}", vExpiration, vConditions)
-	policy64 := base64.StdEncoding.EncodeToString([]byte(policy))
-	fields["policy"] = policy64
-
-	signer := hmac.New(sha1.New, []byte(b.AccessKeySecret))
-	signer.Write([]byte(policy64))
-	fields["signature"] = base64.StdEncoding.EncodeToString(signer.Sum(nil))
-
-	action = fmt.Sprintf("%s/%s/", b.Client.Region, b.Name)
-	return
-}
-
-// PostFormArgs returns the action and input fields needed to allow anonymous
-// uploads to a bucket within the expiration limit
-func (b *Bucket) PostFormArgs(path string, expires time.Time, redirect string) (action string, fields map[string]string) {
-	return b.PostFormArgsEx(path, expires, redirect, nil)
-}
-
-type request struct {
-	method   string
-	bucket   string
-	path     string
-	params   url.Values
-	headers  http.Header
-	baseurl  string
-	payload  io.Reader
-	prepared bool
-	timeout  time.Duration
-}
-
-func (req *request) url() (*url.URL, error) {
-	u, err := url.Parse(req.baseurl)
-	if err != nil {
-		return nil, fmt.Errorf("bad OSS endpoint URL %q: %v", req.baseurl, err)
-	}
-	u.RawQuery = req.params.Encode()
-	u.Path = req.path
-	return u, nil
-}
-
-// query prepares and runs the req request.
-// If resp is not nil, the XML data contained in the response
-// body will be unmarshalled on it.
-func (client *Client) query(req *request, resp interface{}) error {
-	err := client.prepare(req)
-	if err != nil {
-		return err
-	}
-	r, err := client.run(req, resp)
-	if r != nil && r.Body != nil {
-		r.Body.Close()
-	}
-	return err
-}
-
-// Sets baseurl on req from bucket name and the region endpoint
-func (client *Client) setBaseURL(req *request) error {
-
-	if client.endpoint == "" {
-		req.baseurl = client.Region.GetEndpoint(client.Internal, req.bucket, client.Secure)
-	} else {
-		req.baseurl = fmt.Sprintf("%s://%s", getProtocol(client.Secure), client.endpoint)
-	}
-
-	return nil
-}
-
-// partiallyEscapedPath partially escapes the OSS path allowing for all OSS REST API calls.
-//
-// Some commands including:
-//      GET Bucket acl              http://goo.gl/aoXflF
-//      GET Bucket cors             http://goo.gl/UlmBdx
-//      GET Bucket lifecycle        http://goo.gl/8Fme7M
-//      GET Bucket policy           http://goo.gl/ClXIo3
-//      GET Bucket location         http://goo.gl/5lh8RD
-//      GET Bucket Logging          http://goo.gl/sZ5ckF
-//      GET Bucket notification     http://goo.gl/qSSZKD
-//      GET Bucket tagging          http://goo.gl/QRvxnM
-// require the first character after the bucket name in the path to be a literal '?' and
-// not the escaped hex representation '%3F'.
-func partiallyEscapedPath(path string) string {
-	pathEscapedAndSplit := strings.Split((&url.URL{Path: path}).String(), "/")
-	if len(pathEscapedAndSplit) >= 3 {
-		if len(pathEscapedAndSplit[2]) >= 3 {
-			// Check for the one "?" that should not be escaped.
-			if pathEscapedAndSplit[2][0:3] == "%3F" {
-				pathEscapedAndSplit[2] = "?" + pathEscapedAndSplit[2][3:]
-			}
-		}
-	}
-	return strings.Replace(strings.Join(pathEscapedAndSplit, "/"), "+", "%2B", -1)
-}
-
-// prepare sets up req to be delivered to OSS.
-func (client *Client) prepare(req *request) error {
-	// Copy so they can be mutated without affecting on retries.
-	headers := copyHeader(req.headers)
-	// security-token should be in either Params or Header, cannot be in both
-	if len(req.params.Get("security-token")) == 0 && len(client.SecurityToken) != 0 {
-		headers.Set("x-oss-security-token", client.SecurityToken)
-	}
-
-	params := make(url.Values)
-
-	for k, v := range req.params {
-		params[k] = v
-	}
-
-	req.params = params
-	req.headers = headers
-
-	if !req.prepared {
-		req.prepared = true
-		if req.method == "" {
-			req.method = "GET"
-		}
-
-		if !strings.HasPrefix(req.path, "/") {
-			req.path = "/" + req.path
-		}
-
-		err := client.setBaseURL(req)
-		if err != nil {
-			return err
-		}
-	}
-
-	req.headers.Set("Date", util.GetGMTime())
-	client.signRequest(req)
-
-	return nil
-}
-
-// Prepares an *http.Request for doHttpRequest
-func (client *Client) setupHttpRequest(req *request) (*http.Request, error) {
-	// Copy so that signing the http request will not mutate it
-
-	u, err := req.url()
-	if err != nil {
-		return nil, err
-	}
-	u.Opaque = fmt.Sprintf("//%s%s", u.Host, partiallyEscapedPath(u.Path))
-
-	hreq := http.Request{
-		URL:        u,
-		Method:     req.method,
-		ProtoMajor: 1,
-		ProtoMinor: 1,
-		Close:      true,
-		Header:     req.headers,
-		Form:       req.params,
-	}
-
-	hreq.Header.Set("X-SDK-Client", `AliyunGO/`+common.Version)
-
-	contentLength := req.headers.Get("Content-Length")
-
-	if contentLength != "" {
-		hreq.ContentLength, _ = strconv.ParseInt(contentLength, 10, 64)
-		req.headers.Del("Content-Length")
-	}
-
-	if req.payload != nil {
-		hreq.Body = ioutil.NopCloser(req.payload)
-	}
-
-	return &hreq, nil
-}
-
-// doHttpRequest sends hreq and returns the http response from the server.
-// If resp is not nil, the XML data contained in the response
-// body will be unmarshalled on it.
-func (client *Client) doHttpRequest(c *http.Client, hreq *http.Request, resp interface{}) (*http.Response, error) {
-
-	if client.debug {
-		log.Printf("%s %s ...\n", hreq.Method, hreq.URL.String())
-	}
-	hresp, err := c.Do(hreq)
-	if err != nil {
-		return nil, err
-	}
-	if client.debug {
-		log.Printf("%s %s %d\n", hreq.Method, hreq.URL.String(), hresp.StatusCode)
-		contentType := hresp.Header.Get("Content-Type")
-		if contentType == "application/xml" || contentType == "text/xml" {
-			dump, _ := httputil.DumpResponse(hresp, true)
-			log.Printf("%s\n", dump)
-		} else {
-			log.Printf("Response Content-Type: %s\n", contentType)
-		}
-	}
-	if hresp.StatusCode != 200 && hresp.StatusCode != 204 && hresp.StatusCode != 206 {
-		return nil, client.buildError(hresp)
-	}
-	if resp != nil {
-		err = xml.NewDecoder(hresp.Body).Decode(resp)
-		hresp.Body.Close()
-
-		if client.debug {
-			log.Printf("aliyungo.oss> decoded xml into %#v", resp)
-		}
-
-	}
-	return hresp, err
-}
-
-// run sends req and returns the http response from the server.
-// If resp is not nil, the XML data contained in the response
-// body will be unmarshalled on it.
-func (client *Client) run(req *request, resp interface{}) (*http.Response, error) {
-	if client.debug {
-		log.Printf("Running OSS request: %#v", req)
-	}
-
-	hreq, err := client.setupHttpRequest(req)
-	if err != nil {
-		return nil, err
-	}
-
-	c := &http.Client{
-		Transport: &http.Transport{
-			Dial: func(netw, addr string) (c net.Conn, err error) {
-				if client.ConnectTimeout > 0 {
-					c, err = net.DialTimeout(netw, addr, client.ConnectTimeout)
-				} else {
-					c, err = net.Dial(netw, addr)
-				}
-				if err != nil {
-					return
-				}
-				return
-			},
-			Proxy: http.ProxyFromEnvironment,
-		},
-		Timeout: req.timeout,
-	}
-
-	return client.doHttpRequest(c, hreq, resp)
-}
-
-// Error represents an error in an operation with OSS.
-type Error struct {
-	StatusCode int    // HTTP status code (200, 403, ...)
-	Code       string // OSS error code ("UnsupportedOperation", ...)
-	Message    string // The human-oriented error message
-	BucketName string
-	RequestId  string
-	HostId     string
-}
-
-func (e *Error) Error() string {
-	return fmt.Sprintf("Aliyun API Error: RequestId: %s Status Code: %d Code: %s Message: %s", e.RequestId, e.StatusCode, e.Code, e.Message)
-}
-
-func (client *Client) buildError(r *http.Response) error {
-	if client.debug {
-		log.Printf("got error (status code %v)", r.StatusCode)
-		data, err := ioutil.ReadAll(r.Body)
-		if err != nil {
-			log.Printf("\tread error: %v", err)
-		} else {
-			log.Printf("\tdata:\n%s\n\n", data)
-		}
-		r.Body = ioutil.NopCloser(bytes.NewBuffer(data))
-	}
-
-	err := Error{}
-	// TODO return error if Unmarshal fails?
-	xml.NewDecoder(r.Body).Decode(&err)
-	r.Body.Close()
-	err.StatusCode = r.StatusCode
-	if err.Message == "" {
-		err.Message = r.Status
-	}
-	if client.debug {
-		log.Printf("err: %#v\n", err)
-	}
-	return &err
-}
-
-type TimeoutError interface {
-	error
-	Timeout() bool // Is the error a timeout?
-}
-
-func shouldRetry(err error) bool {
-	if err == nil {
-		return false
-	}
-
-	_, ok := err.(TimeoutError)
-	if ok {
-		return true
-	}
-
-	switch err {
-	case io.ErrUnexpectedEOF, io.EOF:
-		return true
-	}
-	switch e := err.(type) {
-	case *net.DNSError:
-		return true
-	case *net.OpError:
-		switch e.Op {
-		case "read", "write":
-			return true
-		}
-	case *url.Error:
-		// url.Error can be returned either by net/url if a URL cannot be
-		// parsed, or by net/http if the response is closed before the headers
-		// are received or parsed correctly. In that later case, e.Op is set to
-		// the HTTP method name with the first letter uppercased. We don't want
-		// to retry on POST operations, since those are not idempotent, all the
-		// other ones should be safe to retry.
-		switch e.Op {
-		case "Get", "Put", "Delete", "Head":
-			return shouldRetry(e.Err)
-		default:
-			return false
-		}
-	case *Error:
-		switch e.Code {
-		case "InternalError", "NoSuchUpload", "NoSuchBucket":
-			return true
-		}
-	}
-	return false
-}
-
-func hasCode(err error, code string) bool {
-	e, ok := err.(*Error)
-	return ok && e.Code == code
-}
-
-func copyHeader(header http.Header) (newHeader http.Header) {
-	newHeader = make(http.Header)
-	for k, v := range header {
-		newSlice := make([]string, len(v))
-		copy(newSlice, v)
-		newHeader[k] = newSlice
-	}
-	return
-}
-
-type AccessControlPolicy struct {
-	Owner  Owner
-	Grants []string `xml:"AccessControlList>Grant"`
-}
-
-// ACL returns ACL of bucket
-//
-// You can read doc at http://docs.aliyun.com/#/pub/oss/api-reference/bucket&GetBucketAcl
-func (b *Bucket) ACL() (result *AccessControlPolicy, err error) {
-
-	params := make(url.Values)
-	params.Set("acl", "")
-
-	r, err := b.GetWithParams("/", params)
-	if err != nil {
-		return nil, err
-	}
-
-	// Parse the XML response.
-	var resp AccessControlPolicy
-	if err = xml.Unmarshal(r, &resp); err != nil {
-		return nil, err
-	}
-
-	return &resp, nil
-}
-
-func (b *Bucket) GetContentLength(sourcePath string) (int64, error) {
-	resp, err := b.Head(sourcePath, nil)
-	if err != nil {
-		return 0, err
-	}
-
-	currentLength := resp.ContentLength
-
-	return currentLength, err
-}
-
-func (b *Bucket) CopyLargeFile(sourcePath string, destPath string, contentType string, perm ACL, options Options) error {
-	return b.CopyLargeFileInParallel(sourcePath, destPath, contentType, perm, options, 1)
-}
-
-const defaultChunkSize = int64(128 * 1024 * 1024) //128MB
-const maxCopytSize = int64(128 * 1024 * 1024)     //128MB
-
-// Copy large file in the same bucket
-func (b *Bucket) CopyLargeFileInParallel(sourcePath string, destPath string, contentType string, perm ACL, options Options, maxConcurrency int) error {
-
-	if maxConcurrency < 1 {
-		maxConcurrency = 1
-	}
-
-	currentLength, err := b.GetContentLength(sourcePath)
-
-	log.Printf("Parallel Copy large file[size: %d] from %s to %s\n", currentLength, sourcePath, destPath)
-
-	if err != nil {
-		return err
-	}
-
-	if currentLength < maxCopytSize {
-		_, err := b.PutCopy(destPath, perm,
-			CopyOptions{},
-			b.Path(sourcePath))
-		return err
-	}
-
-	multi, err := b.InitMulti(destPath, contentType, perm, options)
-	if err != nil {
-		return err
-	}
-
-	numParts := (currentLength + defaultChunkSize - 1) / defaultChunkSize
-	completedParts := make([]Part, numParts)
-
-	errChan := make(chan error, numParts)
-	limiter := make(chan struct{}, maxConcurrency)
-
-	var start int64 = 0
-	var to int64 = 0
-	var partNumber = 0
-	sourcePathForCopy := b.Path(sourcePath)
-
-	for start = 0; start < currentLength; start = to {
-		to = start + defaultChunkSize
-		if to > currentLength {
-			to = currentLength
-		}
-		partNumber++
-
-		rangeStr := fmt.Sprintf("bytes=%d-%d", start, to-1)
-		limiter <- struct{}{}
-		go func(partNumber int, rangeStr string) {
-			_, part, err := multi.PutPartCopyWithContentLength(partNumber,
-				CopyOptions{CopySourceOptions: rangeStr},
-				sourcePathForCopy, currentLength)
-			if err == nil {
-				completedParts[partNumber-1] = part
-			} else {
-				log.Printf("Unable in PutPartCopy of part %d for %s: %v\n", partNumber, sourcePathForCopy, err)
-			}
-			errChan <- err
-			<-limiter
-		}(partNumber, rangeStr)
-	}
-
-	fullyCompleted := true
-	for range completedParts {
-		err := <-errChan
-		if err != nil {
-			fullyCompleted = false
-		}
-	}
-
-	if fullyCompleted {
-		err = multi.Complete(completedParts)
-	} else {
-		err = multi.Abort()
-	}
-
-	return err
-}
diff --git a/vendor/github.com/denverdino/aliyungo/oss/export.go b/vendor/github.com/denverdino/aliyungo/oss/export.go
deleted file mode 100644
index ebdb0477a..000000000
--- a/vendor/github.com/denverdino/aliyungo/oss/export.go
+++ /dev/null
@@ -1,23 +0,0 @@
-package oss
-
-import (
-	"github.com/denverdino/aliyungo/util"
-)
-
-var originalStrategy = attempts
-
-func SetAttemptStrategy(s *util.AttemptStrategy) {
-	if s == nil {
-		attempts = originalStrategy
-	} else {
-		attempts = *s
-	}
-}
-
-func SetListPartsMax(n int) {
-	listPartsMax = n
-}
-
-func SetListMultiMax(n int) {
-	listMultiMax = n
-}
diff --git a/vendor/github.com/denverdino/aliyungo/oss/multi.go b/vendor/github.com/denverdino/aliyungo/oss/multi.go
deleted file mode 100644
index d720e1884..000000000
--- a/vendor/github.com/denverdino/aliyungo/oss/multi.go
+++ /dev/null
@@ -1,489 +0,0 @@
-package oss
-
-import (
-	"bytes"
-	"crypto/md5"
-	"encoding/base64"
-	"encoding/hex"
-	"encoding/xml"
-	"errors"
-	"io"
-	"time"
-	//"log"
-	"net/http"
-	"net/url"
-	"sort"
-	"strconv"
-	"strings"
-)
-
-// Multi represents an unfinished multipart upload.
-//
-// Multipart uploads allow sending big objects in smaller chunks.
-// After all parts have been sent, the upload must be explicitly
-// completed by calling Complete with the list of parts.
-
-type Multi struct {
-	Bucket   *Bucket
-	Key      string
-	UploadId string
-}
-
-// That's the default. Here just for testing.
-var listMultiMax = 1000
-
-type listMultiResp struct {
-	NextKeyMarker      string
-	NextUploadIdMarker string
-	IsTruncated        bool
-	Upload             []Multi
-	CommonPrefixes     []string `xml:"CommonPrefixes>Prefix"`
-}
-
-// ListMulti returns the list of unfinished multipart uploads in b.
-//
-// The prefix parameter limits the response to keys that begin with the
-// specified prefix. You can use prefixes to separate a bucket into different
-// groupings of keys (to get the feeling of folders, for example).
-//
-// The delim parameter causes the response to group all of the keys that
-// share a common prefix up to the next delimiter in a single entry within
-// the CommonPrefixes field. You can use delimiters to separate a bucket
-// into different groupings of keys, similar to how folders would work.
-//
-func (b *Bucket) ListMulti(prefix, delim string) (multis []*Multi, prefixes []string, err error) {
-	params := make(url.Values)
-	params.Set("uploads", "")
-	params.Set("max-uploads", strconv.FormatInt(int64(listMultiMax), 10))
-	params.Set("prefix", prefix)
-	params.Set("delimiter", delim)
-
-	for attempt := attempts.Start(); attempt.Next(); {
-		req := &request{
-			method: "GET",
-			bucket: b.Name,
-			params: params,
-		}
-		var resp listMultiResp
-		err := b.Client.query(req, &resp)
-		if shouldRetry(err) && attempt.HasNext() {
-			continue
-		}
-		if err != nil {
-			return nil, nil, err
-		}
-		for i := range resp.Upload {
-			multi := &resp.Upload[i]
-			multi.Bucket = b
-			multis = append(multis, multi)
-		}
-		prefixes = append(prefixes, resp.CommonPrefixes...)
-		if !resp.IsTruncated {
-			return multis, prefixes, nil
-		}
-		params.Set("key-marker", resp.NextKeyMarker)
-		params.Set("upload-id-marker", resp.NextUploadIdMarker)
-		attempt = attempts.Start() // Last request worked.
-	}
-	panic("unreachable")
-}
-
-// Multi returns a multipart upload handler for the provided key
-// inside b. If a multipart upload exists for key, it is returned,
-// otherwise a new multipart upload is initiated with contType and perm.
-func (b *Bucket) Multi(key, contType string, perm ACL, options Options) (*Multi, error) {
-	multis, _, err := b.ListMulti(key, "")
-	if err != nil && !hasCode(err, "NoSuchUpload") {
-		return nil, err
-	}
-	for _, m := range multis {
-		if m.Key == key {
-			return m, nil
-		}
-	}
-	return b.InitMulti(key, contType, perm, options)
-}
-
-// InitMulti initializes a new multipart upload at the provided
-// key inside b and returns a value for manipulating it.
-//
-//
-// You can read doc at http://docs.aliyun.com/#/pub/oss/api-reference/multipart-upload&InitiateMultipartUpload
-func (b *Bucket) InitMulti(key string, contType string, perm ACL, options Options) (*Multi, error) {
-	headers := make(http.Header)
-	headers.Set("Content-Length", "0")
-	headers.Set("Content-Type", contType)
-	headers.Set("x-oss-acl", string(perm))
-
-	options.addHeaders(headers)
-	params := make(url.Values)
-	params.Set("uploads", "")
-	req := &request{
-		method:  "POST",
-		bucket:  b.Name,
-		path:    key,
-		headers: headers,
-		params:  params,
-	}
-	var err error
-	var resp struct {
-		UploadId string `xml:"UploadId"`
-	}
-	for attempt := attempts.Start(); attempt.Next(); {
-		err = b.Client.query(req, &resp)
-		if !shouldRetry(err) {
-			break
-		}
-	}
-	if err != nil {
-		return nil, err
-	}
-	return &Multi{Bucket: b, Key: key, UploadId: resp.UploadId}, nil
-}
-
-func (m *Multi) PutPartCopy(n int, options CopyOptions, source string) (*CopyObjectResult, Part, error) {
-	return m.PutPartCopyWithContentLength(n, options, source, -1)
-}
-
-//
-// You can read doc at http://docs.aliyun.com/#/pub/oss/api-reference/multipart-upload&UploadPartCopy
-func (m *Multi) PutPartCopyWithContentLength(n int, options CopyOptions, source string, contentLength int64) (*CopyObjectResult, Part, error) {
-	// TODO source format a /BUCKET/PATH/TO/OBJECT
-	// TODO not a good design. API could be changed to PutPartCopyWithinBucket(..., path) and PutPartCopyFromBucket(bucket, path)
-
-	headers := make(http.Header)
-	headers.Set("x-oss-copy-source", source)
-
-	options.addHeaders(headers)
-	params := make(url.Values)
-	params.Set("uploadId", m.UploadId)
-	params.Set("partNumber", strconv.FormatInt(int64(n), 10))
-
-	if contentLength < 0 {
-		sourceBucket := m.Bucket.Client.Bucket(strings.TrimRight(strings.Split(source, "/")[1], "/"))
-		//log.Println("source: ", source)
-		//log.Println("sourceBucket: ", sourceBucket.Name)
-		//log.Println("HEAD: ", strings.strings.SplitAfterN(source, "/", 3)[2])
-		// TODO SplitAfterN can be use in bucket name
-		sourceMeta, err := sourceBucket.Head(strings.SplitAfterN(source, "/", 3)[2], nil)
-		if err != nil {
-			return nil, Part{}, err
-		}
-		contentLength = sourceMeta.ContentLength
-	}
-
-	for attempt := attempts.Start(); attempt.Next(); {
-		req := &request{
-			method:  "PUT",
-			bucket:  m.Bucket.Name,
-			path:    m.Key,
-			headers: headers,
-			params:  params,
-		}
-		resp := &CopyObjectResult{}
-		err := m.Bucket.Client.query(req, resp)
-		if shouldRetry(err) && attempt.HasNext() {
-			continue
-		}
-		if err != nil {
-			return nil, Part{}, err
-		}
-		if resp.ETag == "" {
-			return nil, Part{}, errors.New("part upload succeeded with no ETag")
-		}
-		return resp, Part{n, resp.ETag, contentLength}, nil
-	}
-	panic("unreachable")
-}
-
-// PutPart sends part n of the multipart upload, reading all the content from r.
-// Each part, except for the last one, must be at least 5MB in size.
-//
-//
-// You can read doc at http://docs.aliyun.com/#/pub/oss/api-reference/multipart-upload&UploadPart
-func (m *Multi) PutPart(n int, r io.ReadSeeker) (Part, error) {
-	partSize, _, md5b64, err := seekerInfo(r)
-	if err != nil {
-		return Part{}, err
-	}
-	return m.putPart(n, r, partSize, md5b64, 0)
-}
-
-func (m *Multi) PutPartWithTimeout(n int, r io.ReadSeeker, timeout time.Duration) (Part, error) {
-	partSize, _, md5b64, err := seekerInfo(r)
-	if err != nil {
-		return Part{}, err
-	}
-	return m.putPart(n, r, partSize, md5b64, timeout)
-}
-
-func (m *Multi) putPart(n int, r io.ReadSeeker, partSize int64, md5b64 string, timeout time.Duration) (Part, error) {
-	headers := make(http.Header)
-	headers.Set("Content-Length", strconv.FormatInt(partSize, 10))
-	headers.Set("Content-MD5", md5b64)
-
-	params := make(url.Values)
-	params.Set("uploadId", m.UploadId)
-	params.Set("partNumber", strconv.FormatInt(int64(n), 10))
-
-	for attempt := attempts.Start(); attempt.Next(); {
-		_, err := r.Seek(0, 0)
-		if err != nil {
-			return Part{}, err
-		}
-		req := &request{
-			method:  "PUT",
-			bucket:  m.Bucket.Name,
-			path:    m.Key,
-			headers: headers,
-			params:  params,
-			payload: r,
-			timeout: timeout,
-		}
-		err = m.Bucket.Client.prepare(req)
-		if err != nil {
-			return Part{}, err
-		}
-		resp, err := m.Bucket.Client.run(req, nil)
-		if shouldRetry(err) && attempt.HasNext() {
-			continue
-		}
-		if err != nil {
-			return Part{}, err
-		}
-		etag := resp.Header.Get("ETag")
-		if etag == "" {
-			return Part{}, errors.New("part upload succeeded with no ETag")
-		}
-		return Part{n, etag, partSize}, nil
-	}
-	panic("unreachable")
-}
-
-func seekerInfo(r io.ReadSeeker) (size int64, md5hex string, md5b64 string, err error) {
-	_, err = r.Seek(0, 0)
-	if err != nil {
-		return 0, "", "", err
-	}
-	digest := md5.New()
-	size, err = io.Copy(digest, r)
-	if err != nil {
-		return 0, "", "", err
-	}
-	sum := digest.Sum(nil)
-	md5hex = hex.EncodeToString(sum)
-	md5b64 = base64.StdEncoding.EncodeToString(sum)
-	return size, md5hex, md5b64, nil
-}
-
-type Part struct {
-	N    int `xml:"PartNumber"`
-	ETag string
-	Size int64
-}
-
-type partSlice []Part
-
-func (s partSlice) Len() int           { return len(s) }
-func (s partSlice) Less(i, j int) bool { return s[i].N < s[j].N }
-func (s partSlice) Swap(i, j int)      { s[i], s[j] = s[j], s[i] }
-
-type listPartsResp struct {
-	NextPartNumberMarker string
-	IsTruncated          bool
-	Part                 []Part
-}
-
-// That's the default. Here just for testing.
-var listPartsMax = 1000
-
-// ListParts for backcompatability. See the documentation for ListPartsFull
-func (m *Multi) ListParts() ([]Part, error) {
-	return m.ListPartsFull(0, listPartsMax)
-}
-
-// ListPartsFull returns the list of previously uploaded parts in m,
-// ordered by part number (Only parts with higher part numbers than
-// partNumberMarker will be listed). Only up to maxParts parts will be
-// returned.
-//
-func (m *Multi) ListPartsFull(partNumberMarker int, maxParts int) ([]Part, error) {
-	if maxParts > listPartsMax {
-		maxParts = listPartsMax
-	}
-
-	params := make(url.Values)
-	params.Set("uploadId", m.UploadId)
-	params.Set("max-parts", strconv.FormatInt(int64(maxParts), 10))
-	params.Set("part-number-marker", strconv.FormatInt(int64(partNumberMarker), 10))
-
-	var parts partSlice
-	for attempt := attempts.Start(); attempt.Next(); {
-		req := &request{
-			method: "GET",
-			bucket: m.Bucket.Name,
-			path:   m.Key,
-			params: params,
-		}
-		var resp listPartsResp
-		err := m.Bucket.Client.query(req, &resp)
-		if shouldRetry(err) && attempt.HasNext() {
-			continue
-		}
-		if err != nil {
-			return nil, err
-		}
-		parts = append(parts, resp.Part...)
-		if !resp.IsTruncated {
-			sort.Sort(parts)
-			return parts, nil
-		}
-		params.Set("part-number-marker", resp.NextPartNumberMarker)
-		attempt = attempts.Start() // Last request worked.
-	}
-	panic("unreachable")
-}
-
-type ReaderAtSeeker interface {
-	io.ReaderAt
-	io.ReadSeeker
-}
-
-// PutAll sends all of r via a multipart upload with parts no larger
-// than partSize bytes, which must be set to at least 5MB.
-// Parts previously uploaded are either reused if their checksum
-// and size match the new part, or otherwise overwritten with the
-// new content.
-// PutAll returns all the parts of m (reused or not).
-func (m *Multi) PutAll(r ReaderAtSeeker, partSize int64) ([]Part, error) {
-	old, err := m.ListParts()
-	if err != nil && !hasCode(err, "NoSuchUpload") {
-		return nil, err
-	}
-	reuse := 0   // Index of next old part to consider reusing.
-	current := 1 // Part number of latest good part handled.
-	totalSize, err := r.Seek(0, 2)
-	if err != nil {
-		return nil, err
-	}
-	first := true // Must send at least one empty part if the file is empty.
-	var result []Part
-NextSection:
-	for offset := int64(0); offset < totalSize || first; offset += partSize {
-		first = false
-		if offset+partSize > totalSize {
-			partSize = totalSize - offset
-		}
-		section := io.NewSectionReader(r, offset, partSize)
-		_, md5hex, md5b64, err := seekerInfo(section)
-		if err != nil {
-			return nil, err
-		}
-		for reuse < len(old) && old[reuse].N <= current {
-			// Looks like this part was already sent.
-			part := &old[reuse]
-			etag := `"` + md5hex + `"`
-			if part.N == current && part.Size == partSize && part.ETag == etag {
-				// Checksum matches. Reuse the old part.
-				result = append(result, *part)
-				current++
-				continue NextSection
-			}
-			reuse++
-		}
-
-		// Part wasn't found or doesn't match. Send it.
-		part, err := m.putPart(current, section, partSize, md5b64, 0)
-		if err != nil {
-			return nil, err
-		}
-		result = append(result, part)
-		current++
-	}
-	return result, nil
-}
-
-type completeUpload struct {
-	XMLName xml.Name      `xml:"CompleteMultipartUpload"`
-	Parts   completeParts `xml:"Part"`
-}
-
-type completePart struct {
-	PartNumber int
-	ETag       string
-}
-
-type completeParts []completePart
-
-func (p completeParts) Len() int           { return len(p) }
-func (p completeParts) Less(i, j int) bool { return p[i].PartNumber < p[j].PartNumber }
-func (p completeParts) Swap(i, j int)      { p[i], p[j] = p[j], p[i] }
-
-// Complete assembles the given previously uploaded parts into the
-// final object. This operation may take several minutes.
-//
-func (m *Multi) Complete(parts []Part) error {
-	params := make(url.Values)
-	params.Set("uploadId", m.UploadId)
-
-	c := completeUpload{}
-	for _, p := range parts {
-		c.Parts = append(c.Parts, completePart{p.N, p.ETag})
-	}
-	sort.Sort(c.Parts)
-	data, err := xml.Marshal(&c)
-	if err != nil {
-		return err
-	}
-	for attempt := attempts.Start(); attempt.Next(); {
-		req := &request{
-			method:  "POST",
-			bucket:  m.Bucket.Name,
-			path:    m.Key,
-			params:  params,
-			payload: bytes.NewReader(data),
-		}
-		err := m.Bucket.Client.query(req, nil)
-		if shouldRetry(err) && attempt.HasNext() {
-			continue
-		}
-		return err
-	}
-	panic("unreachable")
-}
-
-// Abort deletes an unifinished multipart upload and any previously
-// uploaded parts for it.
-//
-// After a multipart upload is aborted, no additional parts can be
-// uploaded using it. However, if any part uploads are currently in
-// progress, those part uploads might or might not succeed. As a result,
-// it might be necessary to abort a given multipart upload multiple
-// times in order to completely free all storage consumed by all parts.
-//
-// NOTE: If the described scenario happens to you, please report back to
-// the goamz authors with details. In the future such retrying should be
-// handled internally, but it's not clear what happens precisely (Is an
-// error returned? Is the issue completely undetectable?).
-//
-//
-// You can read doc at http://docs.aliyun.com/#/pub/oss/api-reference/multipart-upload&AbortMultipartUpload
-func (m *Multi) Abort() error {
-	params := make(url.Values)
-	params.Set("uploadId", m.UploadId)
-
-	for attempt := attempts.Start(); attempt.Next(); {
-		req := &request{
-			method: "DELETE",
-			bucket: m.Bucket.Name,
-			path:   m.Key,
-			params: params,
-		}
-		err := m.Bucket.Client.query(req, nil)
-		if shouldRetry(err) && attempt.HasNext() {
-			continue
-		}
-		return err
-	}
-	panic("unreachable")
-}
diff --git a/vendor/github.com/denverdino/aliyungo/oss/regions.go b/vendor/github.com/denverdino/aliyungo/oss/regions.go
deleted file mode 100644
index 89bac8384..000000000
--- a/vendor/github.com/denverdino/aliyungo/oss/regions.go
+++ /dev/null
@@ -1,80 +0,0 @@
-package oss
-
-import (
-	"fmt"
-)
-
-// Region represents OSS region
-type Region string
-
-// Constants of region definition
-const (
-	Hangzhou    = Region("oss-cn-hangzhou")
-	Qingdao     = Region("oss-cn-qingdao")
-	Beijing     = Region("oss-cn-beijing")
-	Hongkong    = Region("oss-cn-hongkong")
-	Shenzhen    = Region("oss-cn-shenzhen")
-	Shanghai    = Region("oss-cn-shanghai")
-	Zhangjiakou = Region("oss-cn-zhangjiakou")
-	Huhehaote   = Region("oss-cn-huhehaote")
-
-	USWest1      = Region("oss-us-west-1")
-	USEast1      = Region("oss-us-east-1")
-	APSouthEast1 = Region("oss-ap-southeast-1")
-	APNorthEast1 = Region("oss-ap-northeast-1")
-	APSouthEast2 = Region("oss-ap-southeast-2")
-
-	MEEast1 = Region("oss-me-east-1")
-
-	EUCentral1 = Region("oss-eu-central-1")
-	EUWest1    = Region("oss-eu-west-1")
-
-	DefaultRegion = Hangzhou
-)
-
-// GetEndpoint returns endpoint of region
-func (r Region) GetEndpoint(internal bool, bucket string, secure bool) string {
-	if internal {
-		return r.GetInternalEndpoint(bucket, secure)
-	}
-	return r.GetInternetEndpoint(bucket, secure)
-}
-
-func getProtocol(secure bool) string {
-	protocol := "http"
-	if secure {
-		protocol = "https"
-	}
-	return protocol
-}
-
-// GetInternetEndpoint returns internet endpoint of region
-func (r Region) GetInternetEndpoint(bucket string, secure bool) string {
-	protocol := getProtocol(secure)
-	if bucket == "" {
-		return fmt.Sprintf("%s://oss.aliyuncs.com", protocol)
-	}
-	return fmt.Sprintf("%s://%s.%s.aliyuncs.com", protocol, bucket, string(r))
-}
-
-// GetInternalEndpoint returns internal endpoint of region
-func (r Region) GetInternalEndpoint(bucket string, secure bool) string {
-	protocol := getProtocol(secure)
-	if bucket == "" {
-		return fmt.Sprintf("%s://oss-internal.aliyuncs.com", protocol)
-	}
-	return fmt.Sprintf("%s://%s.%s-internal.aliyuncs.com", protocol, bucket, string(r))
-}
-
-// GetInternalEndpoint returns internal endpoint of region
-func (r Region) GetVPCInternalEndpoint(bucket string, secure bool) string {
-	protocol := getProtocol(secure)
-	if bucket == "" {
-		return fmt.Sprintf("%s://vpc100-oss-cn-hangzhou.aliyuncs.com", protocol)
-	}
-	if r == USEast1 {
-		return r.GetInternalEndpoint(bucket, secure)
-	} else {
-		return fmt.Sprintf("%s://%s.vpc100-%s.aliyuncs.com", protocol, bucket, string(r))
-	}
-}
diff --git a/vendor/github.com/denverdino/aliyungo/oss/signature.go b/vendor/github.com/denverdino/aliyungo/oss/signature.go
deleted file mode 100644
index 4a0f4d97a..000000000
--- a/vendor/github.com/denverdino/aliyungo/oss/signature.go
+++ /dev/null
@@ -1,125 +0,0 @@
-package oss
-
-import (
-	"github.com/denverdino/aliyungo/util"
-	//"log"
-	"net/http"
-	"net/url"
-	"sort"
-	"strings"
-)
-
-const HeaderOSSPrefix = "x-oss-"
-
-var ossParamsToSign = map[string]bool{
-	"acl":                          true,
-	"append":                       true,
-	"bucketInfo":                   true,
-	"cname":                        true,
-	"comp":                         true,
-	"cors":                         true,
-	"delete":                       true,
-	"endTime":                      true,
-	"img":                          true,
-	"lifecycle":                    true,
-	"live":                         true,
-	"location":                     true,
-	"logging":                      true,
-	"objectMeta":                   true,
-	"partNumber":                   true,
-	"position":                     true,
-	"qos":                          true,
-	"referer":                      true,
-	"replication":                  true,
-	"replicationLocation":          true,
-	"replicationProgress":          true,
-	"response-cache-control":       true,
-	"response-content-disposition": true,
-	"response-content-encoding":    true,
-	"response-content-language":    true,
-	"response-content-type":        true,
-	"response-expires":             true,
-	"security-token":               true,
-	"startTime":                    true,
-	"status":                       true,
-	"style":                        true,
-	"styleName":                    true,
-	"symlink":                      true,
-	"tagging":                      true,
-	"uploadId":                     true,
-	"uploads":                      true,
-	"vod":                          true,
-	"website":                      true,
-	"x-oss-process":                true,
-}
-
-func (client *Client) signRequest(request *request) {
-	query := request.params
-
-	urlSignature := query.Get("OSSAccessKeyId") != ""
-
-	headers := request.headers
-	contentMd5 := headers.Get("Content-Md5")
-	contentType := headers.Get("Content-Type")
-	date := ""
-	if urlSignature {
-		date = query.Get("Expires")
-	} else {
-		date = headers.Get("Date")
-	}
-
-	resource := request.path
-	if request.bucket != "" {
-		resource = "/" + request.bucket + request.path
-	}
-	params := make(url.Values)
-	for k, v := range query {
-		if ossParamsToSign[k] {
-			params[k] = v
-		}
-	}
-
-	if len(params) > 0 {
-		resource = resource + "?" + util.EncodeWithoutEscape(params)
-	}
-
-	canonicalizedResource := resource
-
-	_, canonicalizedHeader := canonicalizeHeader(headers)
-
-	stringToSign := request.method + "\n" + contentMd5 + "\n" + contentType + "\n" + date + "\n" + canonicalizedHeader + canonicalizedResource
-
-	//log.Println("stringToSign: ", stringToSign)
-	signature := util.CreateSignature(stringToSign, client.AccessKeySecret)
-
-	if urlSignature {
-		query.Set("Signature", signature)
-	} else {
-		headers.Set("Authorization", "OSS "+client.AccessKeyId+":"+signature)
-	}
-}
-
-//Have to break the abstraction to append keys with lower case.
-func canonicalizeHeader(headers http.Header) (newHeaders http.Header, result string) {
-	var canonicalizedHeaders []string
-	newHeaders = http.Header{}
-
-	for k, v := range headers {
-		if lower := strings.ToLower(k); strings.HasPrefix(lower, HeaderOSSPrefix) {
-			newHeaders[lower] = v
-			canonicalizedHeaders = append(canonicalizedHeaders, lower)
-		} else {
-			newHeaders[k] = v
-		}
-	}
-
-	sort.Strings(canonicalizedHeaders)
-
-	var canonicalizedHeader string
-
-	for _, k := range canonicalizedHeaders {
-		canonicalizedHeader += k + ":" + headers.Get(k) + "\n"
-	}
-
-	return newHeaders, canonicalizedHeader
-}
diff --git a/vendor/github.com/denverdino/aliyungo/util/attempt.go b/vendor/github.com/denverdino/aliyungo/util/attempt.go
deleted file mode 100644
index 2d07f03a8..000000000
--- a/vendor/github.com/denverdino/aliyungo/util/attempt.go
+++ /dev/null
@@ -1,76 +0,0 @@
-package util
-
-import (
-	"time"
-)
-
-// AttemptStrategy is reused from the goamz package
-
-// AttemptStrategy represents a strategy for waiting for an action
-// to complete successfully. This is an internal type used by the
-// implementation of other packages.
-type AttemptStrategy struct {
-	Total time.Duration // total duration of attempt.
-	Delay time.Duration // interval between each try in the burst.
-	Min   int           // minimum number of retries; overrides Total
-}
-
-type Attempt struct {
-	strategy AttemptStrategy
-	last     time.Time
-	end      time.Time
-	force    bool
-	count    int
-}
-
-// Start begins a new sequence of attempts for the given strategy.
-func (s AttemptStrategy) Start() *Attempt {
-	now := time.Now()
-	return &Attempt{
-		strategy: s,
-		last:     now,
-		end:      now.Add(s.Total),
-		force:    true,
-	}
-}
-
-// Next waits until it is time to perform the next attempt or returns
-// false if it is time to stop trying.
-func (a *Attempt) Next() bool {
-	now := time.Now()
-	sleep := a.nextSleep(now)
-	if !a.force && !now.Add(sleep).Before(a.end) && a.strategy.Min <= a.count {
-		return false
-	}
-	a.force = false
-	if sleep > 0 && a.count > 0 {
-		time.Sleep(sleep)
-		now = time.Now()
-	}
-	a.count++
-	a.last = now
-	return true
-}
-
-func (a *Attempt) nextSleep(now time.Time) time.Duration {
-	sleep := a.strategy.Delay - now.Sub(a.last)
-	if sleep < 0 {
-		return 0
-	}
-	return sleep
-}
-
-// HasNext returns whether another attempt will be made if the current
-// one fails. If it returns true, the following call to Next is
-// guaranteed to return true.
-func (a *Attempt) HasNext() bool {
-	if a.force || a.strategy.Min > a.count {
-		return true
-	}
-	now := time.Now()
-	if now.Add(a.nextSleep(now)).Before(a.end) {
-		a.force = true
-		return true
-	}
-	return false
-}
diff --git a/vendor/github.com/denverdino/aliyungo/util/encoding.go b/vendor/github.com/denverdino/aliyungo/util/encoding.go
deleted file mode 100644
index ec1a5b137..000000000
--- a/vendor/github.com/denverdino/aliyungo/util/encoding.go
+++ /dev/null
@@ -1,331 +0,0 @@
-package util
-
-import (
-	"encoding/json"
-	"fmt"
-	"log"
-	"net/url"
-	"reflect"
-	"strconv"
-	"strings"
-	"time"
-)
-
-// change instance=["a", "b"]
-// to instance.1="a" instance.2="b"
-func FlattenFn(fieldName string, field reflect.Value, values *url.Values) {
-	l := field.Len()
-	if l > 0 {
-		for i := 0; i < l; i++ {
-			str := field.Index(i).String()
-			values.Set(fieldName+"."+strconv.Itoa(i+1), str)
-		}
-	}
-}
-
-func Underline2Dot(name string) string {
-	return strings.Replace(name, "_", ".", -1)
-}
-
-//ConvertToQueryValues converts the struct to url.Values
-func ConvertToQueryValues(ifc interface{}) url.Values {
-	values := url.Values{}
-	SetQueryValues(ifc, &values)
-	return values
-}
-
-//SetQueryValues sets the struct to existing url.Values following ECS encoding rules
-func SetQueryValues(ifc interface{}, values *url.Values) {
-	setQueryValues(ifc, values, "")
-}
-
-func SetQueryValueByFlattenMethod(ifc interface{}, values *url.Values) {
-	setQueryValuesByFlattenMethod(ifc, values, "")
-}
-
-func setQueryValues(i interface{}, values *url.Values, prefix string) {
-	// add to support url.Values
-	mapValues, ok := i.(url.Values)
-	if ok {
-		for k, _ := range mapValues {
-			values.Set(k, mapValues.Get(k))
-		}
-		return
-	}
-
-	elem := reflect.ValueOf(i)
-	if elem.Kind() == reflect.Ptr {
-		elem = elem.Elem()
-	}
-	elemType := elem.Type()
-	for i := 0; i < elem.NumField(); i++ {
-
-		fieldName := elemType.Field(i).Name
-		anonymous := elemType.Field(i).Anonymous
-		tag := elemType.Field(i).Tag.Get("query")
-		argName := elemType.Field(i).Tag.Get("ArgName")
-		field := elem.Field(i)
-		// TODO Use Tag for validation
-		// tag := typ.Field(i).Tag.Get("tagname")
-		kind := field.Kind()
-		isPtr := false
-		if (kind == reflect.Ptr || kind == reflect.Array || kind == reflect.Slice || kind == reflect.Map || kind == reflect.Chan) && field.IsNil() {
-			continue
-		}
-		if kind == reflect.Ptr {
-			field = field.Elem()
-			kind = field.Kind()
-			isPtr = true
-		}
-		var value string
-		//switch field.Interface().(type) {
-		switch kind {
-		case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64:
-			i := field.Int()
-			if i != 0 || isPtr {
-				value = strconv.FormatInt(i, 10)
-			}
-		case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64:
-			i := field.Uint()
-			if i != 0 || isPtr {
-				value = strconv.FormatUint(i, 10)
-			}
-		case reflect.Float32:
-			value = strconv.FormatFloat(field.Float(), 'f', 4, 32)
-		case reflect.Float64:
-			value = strconv.FormatFloat(field.Float(), 'f', 4, 64)
-		case reflect.Bool:
-			value = strconv.FormatBool(field.Bool())
-		case reflect.String:
-			value = field.String()
-		case reflect.Map:
-			ifc := field.Interface()
-			m := ifc.(map[string]string)
-			if m != nil {
-				j := 0
-				for k, v := range m {
-					j++
-					keyName := fmt.Sprintf("%s.%d.Key", fieldName, j)
-					values.Set(keyName, k)
-					valueName := fmt.Sprintf("%s.%d.Value", fieldName, j)
-					values.Set(valueName, v)
-				}
-			}
-		case reflect.Slice:
-			switch field.Type().Elem().Kind() {
-			case reflect.Uint8:
-				value = string(field.Bytes())
-			case reflect.String:
-				l := field.Len()
-				if l > 0 {
-					if tag == "list" {
-						name := argName
-						if argName == "" {
-							name = fieldName
-						}
-						for i := 0; i < l; i++ {
-							valueName := fmt.Sprintf("%s.%d", name, (i + 1))
-							values.Set(valueName, field.Index(i).String())
-						}
-					} else {
-						strArray := make([]string, l)
-						for i := 0; i < l; i++ {
-							strArray[i] = field.Index(i).String()
-						}
-						bytes, err := json.Marshal(strArray)
-						if err == nil {
-							value = string(bytes)
-						} else {
-							log.Printf("Failed to convert JSON: %v", err)
-						}
-					}
-				}
-			default:
-				l := field.Len()
-				for j := 0; j < l; j++ {
-					prefixName := fmt.Sprintf("%s.%d.", fieldName, (j + 1))
-					ifc := field.Index(j).Interface()
-					//log.Printf("%s : %v", prefixName, ifc)
-					if ifc != nil {
-						setQueryValues(ifc, values, prefixName)
-					}
-				}
-				continue
-			}
-
-		default:
-			switch field.Interface().(type) {
-			case ISO6801Time:
-				t := field.Interface().(ISO6801Time)
-				value = t.String()
-			case time.Time:
-				t := field.Interface().(time.Time)
-				value = GetISO8601TimeStamp(t)
-			default:
-				ifc := field.Interface()
-				if ifc != nil {
-					if anonymous {
-						SetQueryValues(ifc, values)
-					} else {
-						prefixName := fieldName + "."
-						setQueryValues(ifc, values, prefixName)
-					}
-					continue
-				}
-			}
-		}
-		if value != "" {
-			name := argName
-			if argName == "" {
-				name = fieldName
-			}
-			if prefix != "" {
-				name = prefix + name
-			}
-			values.Set(name, value)
-		}
-	}
-}
-
-func setQueryValuesByFlattenMethod(i interface{}, values *url.Values, prefix string) {
-	// add to support url.Values
-	mapValues, ok := i.(url.Values)
-	if ok {
-		for k, _ := range mapValues {
-			values.Set(k, mapValues.Get(k))
-		}
-		return
-	}
-
-	elem := reflect.ValueOf(i)
-	if elem.Kind() == reflect.Ptr {
-		elem = elem.Elem()
-	}
-	elemType := elem.Type()
-	for i := 0; i < elem.NumField(); i++ {
-
-		fieldName := elemType.Field(i).Name
-		anonymous := elemType.Field(i).Anonymous
-		field := elem.Field(i)
-
-		// TODO Use Tag for validation
-		// tag := typ.Field(i).Tag.Get("tagname")
-		kind := field.Kind()
-
-		isPtr := false
-		if (kind == reflect.Ptr || kind == reflect.Array || kind == reflect.Slice || kind == reflect.Map || kind == reflect.Chan) && field.IsNil() {
-			continue
-		}
-		if kind == reflect.Ptr {
-			field = field.Elem()
-			kind = field.Kind()
-			isPtr = true
-		}
-
-		var value string
-		//switch field.Interface().(type) {
-		switch kind {
-		case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64:
-			i := field.Int()
-			if i != 0 || isPtr {
-				value = strconv.FormatInt(i, 10)
-			}
-		case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64:
-			i := field.Uint()
-			if i != 0 || isPtr {
-				value = strconv.FormatUint(i, 10)
-			}
-		case reflect.Float32:
-			value = strconv.FormatFloat(field.Float(), 'f', 4, 32)
-		case reflect.Float64:
-			value = strconv.FormatFloat(field.Float(), 'f', 4, 64)
-		case reflect.Bool:
-			value = strconv.FormatBool(field.Bool())
-		case reflect.String:
-			value = field.String()
-		case reflect.Map:
-			ifc := field.Interface()
-			m := ifc.(map[string]string)
-			if m != nil {
-				j := 0
-				for k, v := range m {
-					j++
-					keyName := fmt.Sprintf("%s.%d.Key", fieldName, j)
-					values.Set(keyName, k)
-					valueName := fmt.Sprintf("%s.%d.Value", fieldName, j)
-					values.Set(valueName, v)
-				}
-			}
-		case reflect.Slice:
-			if field.Type().Name() == "FlattenArray" {
-				FlattenFn(fieldName, field, values)
-			} else {
-				switch field.Type().Elem().Kind() {
-				case reflect.Uint8:
-					value = string(field.Bytes())
-				case reflect.String:
-					l := field.Len()
-					if l > 0 {
-						strArray := make([]string, l)
-						for i := 0; i < l; i++ {
-							strArray[i] = field.Index(i).String()
-						}
-						bytes, err := json.Marshal(strArray)
-						if err == nil {
-							value = string(bytes)
-						} else {
-							log.Printf("Failed to convert JSON: %v", err)
-						}
-					}
-				default:
-					l := field.Len()
-					for j := 0; j < l; j++ {
-						prefixName := fmt.Sprintf("%s.%d.", fieldName, (j + 1))
-						ifc := field.Index(j).Interface()
-						//log.Printf("%s : %v", prefixName, ifc)
-						if ifc != nil {
-							setQueryValuesByFlattenMethod(ifc, values, prefixName)
-						}
-					}
-					continue
-				}
-			}
-
-		default:
-			switch field.Interface().(type) {
-			case ISO6801Time:
-				t := field.Interface().(ISO6801Time)
-				value = t.String()
-			case time.Time:
-				t := field.Interface().(time.Time)
-				value = GetISO8601TimeStamp(t)
-			default:
-
-				ifc := field.Interface()
-				if ifc != nil {
-					if anonymous {
-						SetQueryValues(ifc, values)
-					} else {
-						prefixName := fieldName + "."
-						setQueryValuesByFlattenMethod(ifc, values, prefixName)
-					}
-					continue
-				}
-			}
-		}
-		if value != "" {
-			name := elemType.Field(i).Tag.Get("ArgName")
-			if name == "" {
-				name = fieldName
-			}
-			if prefix != "" {
-				name = prefix + name
-			}
-			// NOTE: here we will change name to underline style when the type is UnderlineString
-			if field.Type().Name() == "UnderlineString" {
-				name = Underline2Dot(name)
-			}
-			values.Set(name, value)
-		}
-	}
-}
diff --git a/vendor/github.com/denverdino/aliyungo/util/iso6801.go b/vendor/github.com/denverdino/aliyungo/util/iso6801.go
deleted file mode 100644
index 9c25e8f68..000000000
--- a/vendor/github.com/denverdino/aliyungo/util/iso6801.go
+++ /dev/null
@@ -1,80 +0,0 @@
-package util
-
-import (
-	"fmt"
-	"strconv"
-	"time"
-)
-
-// GetISO8601TimeStamp gets timestamp string in ISO8601 format
-func GetISO8601TimeStamp(ts time.Time) string {
-	t := ts.UTC()
-	return fmt.Sprintf("%04d-%02d-%02dT%02d:%02d:%02dZ", t.Year(), t.Month(), t.Day(), t.Hour(), t.Minute(), t.Second())
-}
-
-const formatISO8601 = "2006-01-02T15:04:05Z"
-const jsonFormatISO8601 = `"` + formatISO8601 + `"`
-const formatISO8601withoutSeconds = "2006-01-02T15:04Z"
-const jsonFormatISO8601withoutSeconds = `"` + formatISO8601withoutSeconds + `"`
-
-// A ISO6801Time represents a time in ISO8601 format
-type ISO6801Time time.Time
-
-// New constructs a new iso8601.Time instance from an existing
-// time.Time instance.  This causes the nanosecond field to be set to
-// 0, and its time zone set to a fixed zone with no offset from UTC
-// (but it is *not* UTC itself).
-func NewISO6801Time(t time.Time) ISO6801Time {
-	return ISO6801Time(time.Date(
-		t.Year(),
-		t.Month(),
-		t.Day(),
-		t.Hour(),
-		t.Minute(),
-		t.Second(),
-		0,
-		time.UTC,
-	))
-}
-
-// IsDefault checks if the time is default
-func (it *ISO6801Time) IsDefault() bool {
-	return *it == ISO6801Time{}
-}
-
-// MarshalJSON serializes the ISO6801Time into JSON string
-func (it ISO6801Time) MarshalJSON() ([]byte, error) {
-	return []byte(time.Time(it).Format(jsonFormatISO8601)), nil
-}
-
-// UnmarshalJSON deserializes the ISO6801Time from JSON string
-func (it *ISO6801Time) UnmarshalJSON(data []byte) error {
-	str := string(data)
-
-	if str == "\"\"" || len(data) == 0 {
-		return nil
-	}
-	var t time.Time
-	var err error
-	if str[0] == '"' {
-		t, err = time.ParseInLocation(jsonFormatISO8601, str, time.UTC)
-		if err != nil {
-			t, err = time.ParseInLocation(jsonFormatISO8601withoutSeconds, str, time.UTC)
-		}
-	} else {
-		var i int64
-		i, err = strconv.ParseInt(str, 10, 64)
-		if err == nil {
-			t = time.Unix(i/1000, i%1000)
-		}
-	}
-	if err == nil {
-		*it = ISO6801Time(t)
-	}
-	return err
-}
-
-// String returns the time in ISO6801Time format
-func (it ISO6801Time) String() string {
-	return time.Time(it).Format(formatISO8601)
-}
diff --git a/vendor/github.com/denverdino/aliyungo/util/signature.go b/vendor/github.com/denverdino/aliyungo/util/signature.go
deleted file mode 100644
index 1be6d39c7..000000000
--- a/vendor/github.com/denverdino/aliyungo/util/signature.go
+++ /dev/null
@@ -1,39 +0,0 @@
-package util
-
-import (
-	"crypto/hmac"
-	"crypto/sha1"
-	"encoding/base64"
-	"net/url"
-	"strings"
-)
-
-//CreateSignature creates signature for string following Aliyun rules
-func CreateSignature(stringToSignature, accessKeySecret string) string {
-	// Crypto by HMAC-SHA1
-	hmacSha1 := hmac.New(sha1.New, []byte(accessKeySecret))
-	hmacSha1.Write([]byte(stringToSignature))
-	sign := hmacSha1.Sum(nil)
-
-	// Encode to Base64
-	base64Sign := base64.StdEncoding.EncodeToString(sign)
-
-	return base64Sign
-}
-
-func percentReplace(str string) string {
-	str = strings.Replace(str, "+", "%20", -1)
-	str = strings.Replace(str, "*", "%2A", -1)
-	str = strings.Replace(str, "%7E", "~", -1)
-
-	return str
-}
-
-// CreateSignatureForRequest creates signature for query string values
-func CreateSignatureForRequest(method string, values *url.Values, accessKeySecret string) string {
-
-	canonicalizedQueryString := percentReplace(values.Encode())
-
-	stringToSign := method + "&%2F&" + url.QueryEscape(canonicalizedQueryString)
-	return CreateSignature(stringToSign, accessKeySecret)
-}
diff --git a/vendor/github.com/denverdino/aliyungo/util/util.go b/vendor/github.com/denverdino/aliyungo/util/util.go
deleted file mode 100644
index 15a990da1..000000000
--- a/vendor/github.com/denverdino/aliyungo/util/util.go
+++ /dev/null
@@ -1,185 +0,0 @@
-package util
-
-import (
-	"bytes"
-	srand "crypto/rand"
-	"encoding/binary"
-	"encoding/json"
-	"fmt"
-	"math/rand"
-	"net/http"
-	"net/url"
-	"sort"
-	"time"
-)
-
-const dictionary = "_0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
-
-//CreateRandomString create random string
-func CreateRandomString() string {
-	b := make([]byte, 32)
-	l := len(dictionary)
-
-	_, err := srand.Read(b)
-
-	if err != nil {
-		// fail back to insecure rand
-		rand.Seed(time.Now().UnixNano())
-		for i := range b {
-			b[i] = dictionary[rand.Int()%l]
-		}
-	} else {
-		for i, v := range b {
-			b[i] = dictionary[v%byte(l)]
-		}
-	}
-
-	return string(b)
-}
-
-// Encode encodes the values into ``URL encoded'' form
-// ("acl&bar=baz&foo=quux") sorted by key.
-func Encode(v url.Values) string {
-	if v == nil {
-		return ""
-	}
-	var buf bytes.Buffer
-	keys := make([]string, 0, len(v))
-	for k := range v {
-		keys = append(keys, k)
-	}
-	sort.Strings(keys)
-	for _, k := range keys {
-		vs := v[k]
-		prefix := url.QueryEscape(k)
-		for _, v := range vs {
-			if buf.Len() > 0 {
-				buf.WriteByte('&')
-			}
-			buf.WriteString(prefix)
-			if v != "" {
-				buf.WriteString("=")
-				buf.WriteString(url.QueryEscape(v))
-			}
-		}
-	}
-	return buf.String()
-}
-
-// Like Encode, but key and value are not escaped
-func EncodeWithoutEscape(v url.Values) string {
-	if v == nil {
-		return ""
-	}
-	var buf bytes.Buffer
-	keys := make([]string, 0, len(v))
-	for k := range v {
-		keys = append(keys, k)
-	}
-	sort.Strings(keys)
-	for _, k := range keys {
-		vs := v[k]
-		prefix := k
-		for _, v := range vs {
-			if buf.Len() > 0 {
-				buf.WriteByte('&')
-			}
-			buf.WriteString(prefix)
-			if v != "" {
-				buf.WriteString("=")
-				buf.WriteString(v)
-			}
-		}
-	}
-	return buf.String()
-}
-
-func GetGMTime() string {
-	return time.Now().UTC().Format(http.TimeFormat)
-}
-
-//
-
-func randUint32() uint32 {
-	return randUint32Slice(1)[0]
-}
-
-func randUint32Slice(c int) []uint32 {
-	b := make([]byte, c*4)
-
-	_, err := srand.Read(b)
-
-	if err != nil {
-		// fail back to insecure rand
-		rand.Seed(time.Now().UnixNano())
-		for i := range b {
-			b[i] = byte(rand.Int())
-		}
-	}
-
-	n := make([]uint32, c)
-
-	for i := range n {
-		n[i] = binary.BigEndian.Uint32(b[i*4 : i*4+4])
-	}
-
-	return n
-}
-
-func toByte(n uint32, st, ed byte) byte {
-	return byte(n%uint32(ed-st+1) + uint32(st))
-}
-
-func toDigit(n uint32) byte {
-	return toByte(n, '0', '9')
-}
-
-func toLowerLetter(n uint32) byte {
-	return toByte(n, 'a', 'z')
-}
-
-func toUpperLetter(n uint32) byte {
-	return toByte(n, 'A', 'Z')
-}
-
-type convFunc func(uint32) byte
-
-var convFuncs = []convFunc{toDigit, toLowerLetter, toUpperLetter}
-
-// tools for generating a random ECS instance password
-// from 8 to 30 char MUST contain digit upper, case letter and upper case letter
-// http://docs.aliyun.com/#/pub/ecs/open-api/instance&createinstance
-func GenerateRandomECSPassword() string {
-
-	// [8, 30]
-	l := int(randUint32()%23 + 8)
-
-	n := randUint32Slice(l)
-
-	b := make([]byte, l)
-
-	b[0] = toDigit(n[0])
-	b[1] = toLowerLetter(n[1])
-	b[2] = toUpperLetter(n[2])
-
-	for i := 3; i < l; i++ {
-		b[i] = convFuncs[n[i]%3](n[i])
-	}
-
-	s := make([]byte, l)
-	perm := rand.Perm(l)
-	for i, v := range perm {
-		s[v] = b[i]
-	}
-
-	return string(s)
-
-}
-
-func PrettyJson(object interface{}) string {
-	b, err := json.MarshalIndent(object, "", "    ")
-	if err != nil {
-		fmt.Printf("ERROR: PrettyJson, %v\n %s\n", err, b)
-	}
-	return string(b)
-}
diff --git a/vendor/github.com/distribution/reference/.gitattributes b/vendor/github.com/distribution/reference/.gitattributes
deleted file mode 100644
index d207b1802..000000000
--- a/vendor/github.com/distribution/reference/.gitattributes
+++ /dev/null
@@ -1 +0,0 @@
-*.go text eol=lf
diff --git a/vendor/github.com/distribution/reference/.gitignore b/vendor/github.com/distribution/reference/.gitignore
deleted file mode 100644
index dc07e6b04..000000000
--- a/vendor/github.com/distribution/reference/.gitignore
+++ /dev/null
@@ -1,2 +0,0 @@
-# Cover profiles
-*.out
diff --git a/vendor/github.com/distribution/reference/.golangci.yml b/vendor/github.com/distribution/reference/.golangci.yml
deleted file mode 100644
index 793f0bb7e..000000000
--- a/vendor/github.com/distribution/reference/.golangci.yml
+++ /dev/null
@@ -1,18 +0,0 @@
-linters:
-  enable:
-    - bodyclose
-    - dupword # Checks for duplicate words in the source code
-    - gofmt
-    - goimports
-    - ineffassign
-    - misspell
-    - revive
-    - staticcheck
-    - unconvert
-    - unused
-    - vet
-  disable:
-    - errcheck
-
-run:
-  deadline: 2m
diff --git a/vendor/github.com/distribution/reference/CODE-OF-CONDUCT.md b/vendor/github.com/distribution/reference/CODE-OF-CONDUCT.md
deleted file mode 100644
index 48f6704c6..000000000
--- a/vendor/github.com/distribution/reference/CODE-OF-CONDUCT.md
+++ /dev/null
@@ -1,5 +0,0 @@
-# Code of Conduct
-
-We follow the [CNCF Code of Conduct](https://github.com/cncf/foundation/blob/main/code-of-conduct.md).
-
-Please contact the [CNCF Code of Conduct Committee](mailto:conduct@cncf.io) in order to report violations of the Code of Conduct.
diff --git a/vendor/github.com/distribution/reference/CONTRIBUTING.md b/vendor/github.com/distribution/reference/CONTRIBUTING.md
deleted file mode 100644
index ab2194665..000000000
--- a/vendor/github.com/distribution/reference/CONTRIBUTING.md
+++ /dev/null
@@ -1,114 +0,0 @@
-# Contributing to the reference library
-
-## Community help
-
-If you need help, please ask in the [#distribution](https://cloud-native.slack.com/archives/C01GVR8SY4R) channel on CNCF community slack.
-[Click here for an invite to the CNCF community slack](https://slack.cncf.io/)
-
-## Reporting security issues
-
-The maintainers take security seriously. If you discover a security
-issue, please bring it to their attention right away!
-
-Please **DO NOT** file a public issue, instead send your report privately to
-[cncf-distribution-security@lists.cncf.io](mailto:cncf-distribution-security@lists.cncf.io).
-
-## Reporting an issue properly
-
-By following these simple rules you will get better and faster feedback on your issue.
-
- - search the bugtracker for an already reported issue
-
-### If you found an issue that describes your problem:
-
- - please read other user comments first, and confirm this is the same issue: a given error condition might be indicative of different problems - you may also find a workaround in the comments
- - please refrain from adding "same thing here" or "+1" comments
- - you don't need to comment on an issue to get notified of updates: just hit the "subscribe" button
- - comment if you have some new, technical and relevant information to add to the case
- - __DO NOT__ comment on closed issues or merged PRs. If you think you have a related problem, open up a new issue and reference the PR or issue.
-
-### If you have not found an existing issue that describes your problem:
-
- 1. create a new issue, with a succinct title that describes your issue:
-   - bad title: "It doesn't work with my docker"
-   - good title: "Private registry push fail: 400 error with E_INVALID_DIGEST"
- 2. copy the output of (or similar for other container tools):
-   - `docker version`
-   - `docker info`
-   - `docker exec <registry-container> registry --version`
- 3. copy the command line you used to launch your Registry
- 4. restart your docker daemon in debug mode (add `-D` to the daemon launch arguments)
- 5. reproduce your problem and get your docker daemon logs showing the error
- 6. if relevant, copy your registry logs that show the error
- 7. provide any relevant detail about your specific Registry configuration (e.g., storage backend used)
- 8. indicate if you are using an enterprise proxy, Nginx, or anything else between you and your Registry
-
-## Contributing Code
-
-Contributions should be made via pull requests. Pull requests will be reviewed
-by one or more maintainers or reviewers and merged when acceptable.
-
-You should follow the basic GitHub workflow:
-
- 1. Use your own [fork](https://help.github.com/en/articles/about-forks)
- 2. Create your [change](https://github.com/containerd/project/blob/master/CONTRIBUTING.md#successful-changes)
- 3. Test your code
- 4. [Commit](https://github.com/containerd/project/blob/master/CONTRIBUTING.md#commit-messages) your work, always [sign your commits](https://github.com/containerd/project/blob/master/CONTRIBUTING.md#commit-messages)
- 5. Push your change to your fork and create a [Pull Request](https://help.github.com/en/github/collaborating-with-issues-and-pull-requests/creating-a-pull-request-from-a-fork)
-
-Refer to [containerd's contribution guide](https://github.com/containerd/project/blob/master/CONTRIBUTING.md#successful-changes)
-for tips on creating a successful contribution.
-
-## Sign your work
-
-The sign-off is a simple line at the end of the explanation for the patch. Your
-signature certifies that you wrote the patch or otherwise have the right to pass
-it on as an open-source patch. The rules are pretty simple: if you can certify
-the below (from [developercertificate.org](http://developercertificate.org/)):
-
-```
-Developer Certificate of Origin
-Version 1.1
-
-Copyright (C) 2004, 2006 The Linux Foundation and its contributors.
-660 York Street, Suite 102,
-San Francisco, CA 94110 USA
-
-Everyone is permitted to copy and distribute verbatim copies of this
-license document, but changing it is not allowed.
-
-Developer's Certificate of Origin 1.1
-
-By making a contribution to this project, I certify that:
-
-(a) The contribution was created in whole or in part by me and I
-    have the right to submit it under the open source license
-    indicated in the file; or
-
-(b) The contribution is based upon previous work that, to the best
-    of my knowledge, is covered under an appropriate open source
-    license and I have the right under that license to submit that
-    work with modifications, whether created in whole or in part
-    by me, under the same open source license (unless I am
-    permitted to submit under a different license), as indicated
-    in the file; or
-
-(c) The contribution was provided directly to me by some other
-    person who certified (a), (b) or (c) and I have not modified
-    it.
-
-(d) I understand and agree that this project and the contribution
-    are public and that a record of the contribution (including all
-    personal information I submit with it, including my sign-off) is
-    maintained indefinitely and may be redistributed consistent with
-    this project or the open source license(s) involved.
-```
-
-Then you just add a line to every git commit message:
-
-    Signed-off-by: Joe Smith <joe.smith@email.com>
-
-Use your real name (sorry, no pseudonyms or anonymous contributions.)
-
-If you set your `user.name` and `user.email` git configs, you can sign your
-commit automatically with `git commit -s`.
diff --git a/vendor/github.com/distribution/reference/GOVERNANCE.md b/vendor/github.com/distribution/reference/GOVERNANCE.md
deleted file mode 100644
index 200045b05..000000000
--- a/vendor/github.com/distribution/reference/GOVERNANCE.md
+++ /dev/null
@@ -1,144 +0,0 @@
-# distribution/reference Project Governance
-
-Distribution [Code of Conduct](./CODE-OF-CONDUCT.md) can be found here.
-
-For specific guidance on practical contribution steps please
-see our [CONTRIBUTING.md](./CONTRIBUTING.md) guide.
-
-## Maintainership
-
-There are different types of maintainers, with different responsibilities, but
-all maintainers have 3 things in common:
-
-1) They share responsibility in the project's success.
-2) They have made a long-term, recurring time investment to improve the project.
-3) They spend that time doing whatever needs to be done, not necessarily what
-is the most interesting or fun.
-
-Maintainers are often under-appreciated, because their work is harder to appreciate.
-It's easy to appreciate a really cool and technically advanced feature. It's harder
-to appreciate the absence of bugs, the slow but steady improvement in stability,
-or the reliability of a release process. But those things distinguish a good
-project from a great one.
-
-## Reviewers
-
-A reviewer is a core role within the project.
-They share in reviewing issues and pull requests and their LGTM counts towards the
-required LGTM count to merge a code change into the project.
-
-Reviewers are part of the organization but do not have write access.
-Becoming a reviewer is a core aspect in the journey to becoming a maintainer.
-
-## Adding maintainers
-
-Maintainers are first and foremost contributors that have shown they are
-committed to the long term success of a project. Contributors wanting to become
-maintainers are expected to be deeply involved in contributing code, pull
-request review, and triage of issues in the project for more than three months.
-
-Just contributing does not make you a maintainer, it is about building trust
-with the current maintainers of the project and being a person that they can
-depend on and trust to make decisions in the best interest of the project.
-
-Periodically, the existing maintainers curate a list of contributors that have
-shown regular activity on the project over the prior months. From this list,
-maintainer candidates are selected and proposed in a pull request or a
-maintainers communication channel.
-
-After a candidate has been announced to the maintainers, the existing
-maintainers are given five business days to discuss the candidate, raise
-objections and cast their vote. Votes may take place on the communication
-channel or via pull request comment. Candidates must be approved by at least 66%
-of the current maintainers by adding their vote on the mailing list. The
-reviewer role has the same process but only requires 33% of current maintainers.
-Only maintainers of the repository that the candidate is proposed for are
-allowed to vote.
-
-If a candidate is approved, a maintainer will contact the candidate to invite
-the candidate to open a pull request that adds the contributor to the
-MAINTAINERS file. The voting process may take place inside a pull request if a
-maintainer has already discussed the candidacy with the candidate and a
-maintainer is willing to be a sponsor by opening the pull request. The candidate
-becomes a maintainer once the pull request is merged.
-
-## Stepping down policy
-
-Life priorities, interests, and passions can change. If you're a maintainer but
-feel you must remove yourself from the list, inform other maintainers that you
-intend to step down, and if possible, help find someone to pick up your work.
-At the very least, ensure your work can be continued where you left off.
-
-After you've informed other maintainers, create a pull request to remove
-yourself from the MAINTAINERS file.
-
-## Removal of inactive maintainers
-
-Similar to the procedure for adding new maintainers, existing maintainers can
-be removed from the list if they do not show significant activity on the
-project. Periodically, the maintainers review the list of maintainers and their
-activity over the last three months.
-
-If a maintainer has shown insufficient activity over this period, a neutral
-person will contact the maintainer to ask if they want to continue being
-a maintainer. If the maintainer decides to step down as a maintainer, they
-open a pull request to be removed from the MAINTAINERS file.
-
-If the maintainer wants to remain a maintainer, but is unable to perform the
-required duties they can be removed with a vote of at least 66% of the current
-maintainers. In this case, maintainers should first propose the change to
-maintainers via the maintainers communication channel, then open a pull request
-for voting. The voting period is five business days. The voting pull request
-should not come as a surpise to any maintainer and any discussion related to
-performance must not be discussed on the pull request.
-
-## How are decisions made?
-
-Docker distribution is an open-source project with an open design philosophy.
-This means that the repository is the source of truth for EVERY aspect of the
-project, including its philosophy, design, road map, and APIs. *If it's part of
-the project, it's in the repo. If it's in the repo, it's part of the project.*
-
-As a result, all decisions can be expressed as changes to the repository. An
-implementation change is a change to the source code. An API change is a change
-to the API specification. A philosophy change is a change to the philosophy
-manifesto, and so on.
-
-All decisions affecting distribution, big and small, follow the same 3 steps:
-
-* Step 1: Open a pull request. Anyone can do this.
-
-* Step 2: Discuss the pull request. Anyone can do this.
-
-* Step 3: Merge or refuse the pull request. Who does this depends on the nature
-of the pull request and which areas of the project it affects.
-
-## Helping contributors with the DCO
-
-The [DCO or `Sign your work`](./CONTRIBUTING.md#sign-your-work)
-requirement is not intended as a roadblock or speed bump.
-
-Some contributors are not as familiar with `git`, or have used a web
-based editor, and thus asking them to `git commit --amend -s` is not the best
-way forward.
-
-In this case, maintainers can update the commits based on clause (c) of the DCO.
-The most trivial way for a contributor to allow the maintainer to do this, is to
-add a DCO signature in a pull requests's comment, or a maintainer can simply
-note that the change is sufficiently trivial that it does not substantially
-change the existing contribution - i.e., a spelling change.
-
-When you add someone's DCO, please also add your own to keep a log.
-
-## I'm a maintainer. Should I make pull requests too?
-
-Yes. Nobody should ever push to master directly. All changes should be
-made through a pull request.
-
-## Conflict Resolution
-
-If you have a technical dispute that you feel has reached an impasse with a
-subset of the community, any contributor may open an issue, specifically
-calling for a resolution vote of the current core maintainers to resolve the
-dispute. The same voting quorums required (2/3) for adding and removing
-maintainers will apply to conflict resolution.
diff --git a/vendor/github.com/distribution/reference/LICENSE b/vendor/github.com/distribution/reference/LICENSE
deleted file mode 100644
index e06d20818..000000000
--- a/vendor/github.com/distribution/reference/LICENSE
+++ /dev/null
@@ -1,202 +0,0 @@
-Apache License
-                           Version 2.0, January 2004
-                        http://www.apache.org/licenses/
-
-   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
-
-   1. Definitions.
-
-      "License" shall mean the terms and conditions for use, reproduction,
-      and distribution as defined by Sections 1 through 9 of this document.
-
-      "Licensor" shall mean the copyright owner or entity authorized by
-      the copyright owner that is granting the License.
-
-      "Legal Entity" shall mean the union of the acting entity and all
-      other entities that control, are controlled by, or are under common
-      control with that entity. For the purposes of this definition,
-      "control" means (i) the power, direct or indirect, to cause the
-      direction or management of such entity, whether by contract or
-      otherwise, or (ii) ownership of fifty percent (50%) or more of the
-      outstanding shares, or (iii) beneficial ownership of such entity.
-
-      "You" (or "Your") shall mean an individual or Legal Entity
-      exercising permissions granted by this License.
-
-      "Source" form shall mean the preferred form for making modifications,
-      including but not limited to software source code, documentation
-      source, and configuration files.
-
-      "Object" form shall mean any form resulting from mechanical
-      transformation or translation of a Source form, including but
-      not limited to compiled object code, generated documentation,
-      and conversions to other media types.
-
-      "Work" shall mean the work of authorship, whether in Source or
-      Object form, made available under the License, as indicated by a
-      copyright notice that is included in or attached to the work
-      (an example is provided in the Appendix below).
-
-      "Derivative Works" shall mean any work, whether in Source or Object
-      form, that is based on (or derived from) the Work and for which the
-      editorial revisions, annotations, elaborations, or other modifications
-      represent, as a whole, an original work of authorship. For the purposes
-      of this License, Derivative Works shall not include works that remain
-      separable from, or merely link (or bind by name) to the interfaces of,
-      the Work and Derivative Works thereof.
-
-      "Contribution" shall mean any work of authorship, including
-      the original version of the Work and any modifications or additions
-      to that Work or Derivative Works thereof, that is intentionally
-      submitted to Licensor for inclusion in the Work by the copyright owner
-      or by an individual or Legal Entity authorized to submit on behalf of
-      the copyright owner. For the purposes of this definition, "submitted"
-      means any form of electronic, verbal, or written communication sent
-      to the Licensor or its representatives, including but not limited to
-      communication on electronic mailing lists, source code control systems,
-      and issue tracking systems that are managed by, or on behalf of, the
-      Licensor for the purpose of discussing and improving the Work, but
-      excluding communication that is conspicuously marked or otherwise
-      designated in writing by the copyright owner as "Not a Contribution."
-
-      "Contributor" shall mean Licensor and any individual or Legal Entity
-      on behalf of whom a Contribution has been received by Licensor and
-      subsequently incorporated within the Work.
-
-   2. Grant of Copyright License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      copyright license to reproduce, prepare Derivative Works of,
-      publicly display, publicly perform, sublicense, and distribute the
-      Work and such Derivative Works in Source or Object form.
-
-   3. Grant of Patent License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      (except as stated in this section) patent license to make, have made,
-      use, offer to sell, sell, import, and otherwise transfer the Work,
-      where such license applies only to those patent claims licensable
-      by such Contributor that are necessarily infringed by their
-      Contribution(s) alone or by combination of their Contribution(s)
-      with the Work to which such Contribution(s) was submitted. If You
-      institute patent litigation against any entity (including a
-      cross-claim or counterclaim in a lawsuit) alleging that the Work
-      or a Contribution incorporated within the Work constitutes direct
-      or contributory patent infringement, then any patent licenses
-      granted to You under this License for that Work shall terminate
-      as of the date such litigation is filed.
-
-   4. Redistribution. You may reproduce and distribute copies of the
-      Work or Derivative Works thereof in any medium, with or without
-      modifications, and in Source or Object form, provided that You
-      meet the following conditions:
-
-      (a) You must give any other recipients of the Work or
-          Derivative Works a copy of this License; and
-
-      (b) You must cause any modified files to carry prominent notices
-          stating that You changed the files; and
-
-      (c) You must retain, in the Source form of any Derivative Works
-          that You distribute, all copyright, patent, trademark, and
-          attribution notices from the Source form of the Work,
-          excluding those notices that do not pertain to any part of
-          the Derivative Works; and
-
-      (d) If the Work includes a "NOTICE" text file as part of its
-          distribution, then any Derivative Works that You distribute must
-          include a readable copy of the attribution notices contained
-          within such NOTICE file, excluding those notices that do not
-          pertain to any part of the Derivative Works, in at least one
-          of the following places: within a NOTICE text file distributed
-          as part of the Derivative Works; within the Source form or
-          documentation, if provided along with the Derivative Works; or,
-          within a display generated by the Derivative Works, if and
-          wherever such third-party notices normally appear. The contents
-          of the NOTICE file are for informational purposes only and
-          do not modify the License. You may add Your own attribution
-          notices within Derivative Works that You distribute, alongside
-          or as an addendum to the NOTICE text from the Work, provided
-          that such additional attribution notices cannot be construed
-          as modifying the License.
-
-      You may add Your own copyright statement to Your modifications and
-      may provide additional or different license terms and conditions
-      for use, reproduction, or distribution of Your modifications, or
-      for any such Derivative Works as a whole, provided Your use,
-      reproduction, and distribution of the Work otherwise complies with
-      the conditions stated in this License.
-
-   5. Submission of Contributions. Unless You explicitly state otherwise,
-      any Contribution intentionally submitted for inclusion in the Work
-      by You to the Licensor shall be under the terms and conditions of
-      this License, without any additional terms or conditions.
-      Notwithstanding the above, nothing herein shall supersede or modify
-      the terms of any separate license agreement you may have executed
-      with Licensor regarding such Contributions.
-
-   6. Trademarks. This License does not grant permission to use the trade
-      names, trademarks, service marks, or product names of the Licensor,
-      except as required for reasonable and customary use in describing the
-      origin of the Work and reproducing the content of the NOTICE file.
-
-   7. Disclaimer of Warranty. Unless required by applicable law or
-      agreed to in writing, Licensor provides the Work (and each
-      Contributor provides its Contributions) on an "AS IS" BASIS,
-      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
-      implied, including, without limitation, any warranties or conditions
-      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
-      PARTICULAR PURPOSE. You are solely responsible for determining the
-      appropriateness of using or redistributing the Work and assume any
-      risks associated with Your exercise of permissions under this License.
-
-   8. Limitation of Liability. In no event and under no legal theory,
-      whether in tort (including negligence), contract, or otherwise,
-      unless required by applicable law (such as deliberate and grossly
-      negligent acts) or agreed to in writing, shall any Contributor be
-      liable to You for damages, including any direct, indirect, special,
-      incidental, or consequential damages of any character arising as a
-      result of this License or out of the use or inability to use the
-      Work (including but not limited to damages for loss of goodwill,
-      work stoppage, computer failure or malfunction, or any and all
-      other commercial damages or losses), even if such Contributor
-      has been advised of the possibility of such damages.
-
-   9. Accepting Warranty or Additional Liability. While redistributing
-      the Work or Derivative Works thereof, You may choose to offer,
-      and charge a fee for, acceptance of support, warranty, indemnity,
-      or other liability obligations and/or rights consistent with this
-      License. However, in accepting such obligations, You may act only
-      on Your own behalf and on Your sole responsibility, not on behalf
-      of any other Contributor, and only if You agree to indemnify,
-      defend, and hold each Contributor harmless for any liability
-      incurred by, or claims asserted against, such Contributor by reason
-      of your accepting any such warranty or additional liability.
-
-   END OF TERMS AND CONDITIONS
-
-   APPENDIX: How to apply the Apache License to your work.
-
-      To apply the Apache License to your work, attach the following
-      boilerplate notice, with the fields enclosed by brackets "{}"
-      replaced with your own identifying information. (Don't include
-      the brackets!)  The text should be enclosed in the appropriate
-      comment syntax for the file format. We also recommend that a
-      file or class name and description of purpose be included on the
-      same "printed page" as the copyright notice for easier
-      identification within third-party archives.
-
-   Copyright {yyyy} {name of copyright owner}
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
-
diff --git a/vendor/github.com/distribution/reference/MAINTAINERS b/vendor/github.com/distribution/reference/MAINTAINERS
deleted file mode 100644
index 9e0a60c8b..000000000
--- a/vendor/github.com/distribution/reference/MAINTAINERS
+++ /dev/null
@@ -1,26 +0,0 @@
-# Distribution project maintainers & reviewers
-#
-# See GOVERNANCE.md for maintainer versus reviewer roles
-#
-# MAINTAINERS (cncf-distribution-maintainers@lists.cncf.io)
-# GitHub ID, Name, Email address
-"chrispat","Chris Patterson","chrispat@github.com"
-"clarkbw","Bryan Clark","clarkbw@github.com"
-"corhere","Cory Snider","csnider@mirantis.com"
-"deleteriousEffect","Hayley Swimelar","hswimelar@gitlab.com"
-"heww","He Weiwei","hweiwei@vmware.com"
-"joaodrp","João Pereira","jpereira@gitlab.com"
-"justincormack","Justin Cormack","justin.cormack@docker.com"
-"squizzi","Kyle Squizzato","ksquizzato@mirantis.com"
-"milosgajdos","Milos Gajdos","milosthegajdos@gmail.com"
-"sargun","Sargun Dhillon","sargun@sargun.me"
-"wy65701436","Wang Yan","wangyan@vmware.com"
-"stevelasker","Steve Lasker","steve.lasker@microsoft.com"
-#
-# REVIEWERS
-# GitHub ID, Name, Email address
-"dmcgowan","Derek McGowan","derek@mcgstyle.net"
-"stevvooe","Stephen Day","stevvooe@gmail.com"
-"thajeztah","Sebastiaan van Stijn","github@gone.nl"
-"DavidSpek", "David van der Spek", "vanderspek.david@gmail.com"
-"Jamstah", "James Hewitt", "james.hewitt@gmail.com"
diff --git a/vendor/github.com/distribution/reference/Makefile b/vendor/github.com/distribution/reference/Makefile
deleted file mode 100644
index c78576b75..000000000
--- a/vendor/github.com/distribution/reference/Makefile
+++ /dev/null
@@ -1,25 +0,0 @@
-# Project packages.
-PACKAGES=$(shell go list ./...)
-
-# Flags passed to `go test`
-BUILDFLAGS ?= 
-TESTFLAGS ?= 
-
-.PHONY: all build test coverage
-.DEFAULT: all
-
-all: build
-
-build: ## no binaries to build, so just check compilation suceeds
-	go build ${BUILDFLAGS} ./...
-
-test: ## run tests
-	go test ${TESTFLAGS} ./...
-
-coverage: ## generate coverprofiles from the unit tests
-	rm -f coverage.txt
-	go test ${TESTFLAGS} -cover -coverprofile=cover.out ./...
-
-.PHONY: help
-help:
-	@awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n  make \033[36m\033[0m\n"} /^[a-zA-Z_\/%-]+:.*?##/ { printf "  \033[36m%-27s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST)
diff --git a/vendor/github.com/distribution/reference/README.md b/vendor/github.com/distribution/reference/README.md
deleted file mode 100644
index e2531e49c..000000000
--- a/vendor/github.com/distribution/reference/README.md
+++ /dev/null
@@ -1,30 +0,0 @@
-# Distribution reference
-
-Go library to handle references to container images.
-
-<img src="/distribution-logo.svg" width="200px" />
-
-[![Build Status](https://github.com/distribution/reference/actions/workflows/test.yml/badge.svg?branch=main&event=push)](https://github.com/distribution/reference/actions?query=workflow%3ACI)
-[![GoDoc](https://img.shields.io/badge/go.dev-reference-007d9c?logo=go&logoColor=white&style=flat-square)](https://pkg.go.dev/github.com/distribution/reference)
-[![License: Apache-2.0](https://img.shields.io/badge/License-Apache--2.0-blue.svg)](LICENSE)
-[![codecov](https://codecov.io/gh/distribution/reference/branch/main/graph/badge.svg)](https://codecov.io/gh/distribution/reference)
-[![FOSSA Status](https://app.fossa.com/api/projects/custom%2B162%2Fgithub.com%2Fdistribution%2Freference.svg?type=shield)](https://app.fossa.com/projects/custom%2B162%2Fgithub.com%2Fdistribution%2Freference?ref=badge_shield)
-
-This repository contains a library for handling refrences to container images held in container registries. Please see [godoc](https://pkg.go.dev/github.com/distribution/reference) for details.
-
-## Contribution
-
-Please see [CONTRIBUTING.md](CONTRIBUTING.md) for details on how to contribute
-issues, fixes, and patches to this project.
-
-## Communication
-
-For async communication and long running discussions please use issues and pull requests on the github repo.
-This will be the best place to discuss design and implementation.
-
-For sync communication we have a #distribution channel in the [CNCF Slack](https://slack.cncf.io/)
-that everyone is welcome to join and chat about development.
-
-## Licenses
-
-The distribution codebase is released under the [Apache 2.0 license](LICENSE).
diff --git a/vendor/github.com/distribution/reference/SECURITY.md b/vendor/github.com/distribution/reference/SECURITY.md
deleted file mode 100644
index aaf983c0f..000000000
--- a/vendor/github.com/distribution/reference/SECURITY.md
+++ /dev/null
@@ -1,7 +0,0 @@
-# Security Policy
-
-## Reporting a Vulnerability
-
-The maintainers take security seriously. If you discover a security issue, please bring it to their attention right away!
-
-Please DO NOT file a public issue, instead send your report privately to cncf-distribution-security@lists.cncf.io.
diff --git a/vendor/github.com/distribution/reference/distribution-logo.svg b/vendor/github.com/distribution/reference/distribution-logo.svg
deleted file mode 100644
index cc9f4073b..000000000
--- a/vendor/github.com/distribution/reference/distribution-logo.svg
+++ /dev/null
@@ -1 +0,0 @@
-<svg id="Layer_1" data-name="Layer 1" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 564.27793 654.82002"><defs><style>.cls-1{fill:#416ba9;}.cls-2{fill:#74c3d5;}</style></defs><path class="cls-1" d="M17.48582,567.55941c0-3.66375,2.2168-4.91716,4.91609-4.91716H36.66877c18.70153,0,28.24476,9.06127,28.24476,33.64387,0,22.26771-7.51889,35.57065-27.95526,35.57065H22.40191c-2.69929,0-4.91609-1.25341-4.91609-4.91609Zm20.33987,49.741c7.61539,0,10.60365-6.94043,10.60365-20.72586,0-15.13429-3.85568-19.376-10.70015-19.376H33.97v40.10182Z"/><path class="cls-1" d="M72.43613,567.55941c0-3.66375,2.21681-4.91716,4.9161-4.91716h6.36251c2.69876,0,4.91609,1.25341,4.91609,4.91716v59.38127c0,3.66268-2.21733,4.91609-4.91609,4.91609H77.35223c-2.69929,0-4.9161-1.25341-4.9161-4.91609Z"/><path class="cls-1" d="M99.718,613.05875l5.78405-1.06042c4.33764-.77092,4.53063,1.15692,5.78352,3.85674a6.70953,6.70953,0,0,0,6.5555,3.95218c3.56672,0,6.26548-1.83134,6.26548-5.59158,0-12.82046-27.6663-11.08561-27.6663-34.31724,0-10.79718,7.80839-18.1236,20.43637-18.1236,11.08614,0,16.96615,4.8196,20.05091,12.918.96445,2.31277,1.44641,4.7231-2.98826,5.59052l-5.20559,1.06042c-3.95218.77092-4.33764-1.06042-6.073-3.66269a6.39679,6.39679,0,0,0-5.49456-3.08475c-3.18125,0-5.20559,1.83134-5.20559,4.7231,0,12.24252,27.56981,10.60418,27.56981,33.73931,0,12.532-8.77231,19.66545-22.36422,19.66545-11.47159,0-17.93007-4.43467-20.82236-14.07387C95.57286,616.24,95.1874,613.92617,99.718,613.05875Z"/><path class="cls-1" d="M154.86187,576.62068h-8.09735c-3.66321,0-4.91662-2.21734-4.91662-4.91716v-4.14411c0-2.69983,1.25341-4.91716,4.91662-4.91716H179.058c3.66321,0,4.91609,2.21733,4.91609,4.91716v4.14411c0,2.69982-1.25288,4.91716-4.91609,4.91716h-8.09788v50.32c0,3.66268-2.21681,4.91609-4.9161,4.91609h-6.266c-2.69876,0-4.9161-1.25341-4.9161-4.91609Z"/><path class="cls-1" d="M189.76022,567.55941c0-3.66375,2.21681-4.91716,4.9161-4.91716h16.2912c15.13481,0,23.03969,5.68808,23.03969,20.05144,0,8.38684-3.27775,13.68787-8.29034,16.77369l9.35076,27.76173c1.34938,4.04974-.96445,4.62766-3.37425,4.62766h-8.67581c-2.89176,0-4.53063-1.92783-5.30208-4.7231L211.546,605.92532h-5.68755v21.01536c0,3.66268-2.2168,4.91609-4.91609,4.91609h-6.266c-2.69929,0-4.9161-1.25341-4.9161-4.91609Zm20.14688,25.35246c4.14517,0,7.61592-1.6394,7.61592-8.57984,0-7.61486-3.37425-8.19384-7.22993-8.19384h-4.43467v16.77368Z"/><path class="cls-1" d="M241.91422,567.55941c0-3.66375,2.2168-4.91716,4.91609-4.91716h6.36251c2.69876,0,4.9161,1.25341,4.9161,4.91716v59.38127c0,3.66268-2.21734,4.91609-4.9161,4.91609h-6.36251c-2.69929,0-4.91609-1.25341-4.91609-4.91609Z"/><path class="cls-1" d="M267.75024,567.55941c0-3.66375,2.2168-4.91716,4.91609-4.91716h14.94182c16.77316,0,24.09958,5.49508,24.09958,18.31659,0,6.94044-3.08475,11.953-8.96477,14.5553v.193c6.74744,2.31384,10.41065,7.13343,10.41065,15.80977,0,16.58069-11.3751,20.33987-25.449,20.33987H272.66633c-2.69929,0-4.91609-1.25341-4.91609-4.91609Zm20.72533,22.5572c4.33817,0,6.84447-2.12083,6.84447-7.32642,0-4.91716-2.79579-6.36251-6.84447-6.36251h-4.9161v13.68893Zm.386,27.95473c5.88,0,7.90436-2.40926,7.90436-7.80785,0-5.88-3.18126-7.80786-7.80839-7.80786h-5.39806v15.61571Z"/><path class="cls-1" d="M320.09776,567.55941c0-3.66375,2.21733-4.91716,4.91662-4.91716h6.362c2.69929,0,4.91663,1.25341,4.91663,4.91716v43.282c0,5.78457,2.3133,8.38684,6.748,8.38684,4.43413,0,7.13343-2.60227,7.13343-8.38684v-43.282c0-3.66375,2.21733-4.91716,4.91609-4.91716H361.26c2.6993,0,4.91663,1.25341,4.91663,4.91716v41.06573c0,15.80871-7.13343,24.00256-23.42516,24.00256-16.0982,0-22.6537-8.19385-22.6537-24.00256Z"/><path class="cls-1" d="M384.59236,576.62068H376.495c-3.66322,0-4.91663-2.21734-4.91663-4.91716v-4.14411c0-2.69983,1.25341-4.91716,4.91663-4.91716h32.29343c3.66321,0,4.91609,2.21733,4.91609,4.91716v4.14411c0,2.69982-1.25288,4.91716-4.91609,4.91716H400.6911v50.32c0,3.66268-2.21734,4.91609-4.91663,4.91609h-6.266c-2.69929,0-4.9161-1.25341-4.9161-4.91609Z"/><path class="cls-1" d="M419.49071,567.55941c0-3.66375,2.21681-4.91716,4.9161-4.91716h6.36251c2.69876,0,4.91609,1.25341,4.91609,4.91716v59.38127c0,3.66268-2.21733,4.91609-4.91609,4.91609h-6.36251c-2.69929,0-4.9161-1.25341-4.9161-4.91609Z"/><path class="cls-1" d="M443.20536,597.34654c0-21.30485,5.59106-35.57171,24.48505-35.57171s24.48505,14.26686,24.48505,35.57171c0,22.07472-6.84394,35.37766-24.485,35.37766S443.20536,619.42126,443.20536,597.34654Zm32.48643,0c0-16.29226-2.12083-22.26877-8.00138-22.26877-5.88,0-8.00085,5.97651-8.00085,22.26877,0,17.06212,2.4098,22.17121,8.00085,22.17121C473.378,619.51775,475.69179,614.40866,475.69179,597.34654Z"/><path class="cls-1" d="M499.69859,567.55941c0-3.66375,2.2168-4.91716,4.9161-4.91716h6.941a7.56728,7.56728,0,0,1,6.84394,4.43467l13.207,29.88363h.19247V567.55941c0-3.66375,2.21733-4.91716,4.91662-4.91716h4.62714c2.69876,0,4.91609,1.25341,4.91609,4.91716v59.38127c0,3.66268-2.21733,4.91609-4.91609,4.91609h-5.68756c-2.98878,0-4.72363-1.83134-5.977-4.43466L514.15792,593.5863h-.19247v33.35438c0,3.66268-2.21733,4.91609-4.91663,4.91609h-4.43413c-2.6993,0-4.9161-1.25341-4.9161-4.91609Z"/><g id="F1L4Xu"><path class="cls-2" d="M461.28162,365.26377c14.626-14.99573,31.51073-27.88581,43.901-45.3001,23.6055-33.17709,21.5881-53.98611-9.08528-79.89549-5.54727-4.68571-8.18237-7.96252-5.187-15.251,2.57641-6.26934,3.76528-13.21711,4.83156-19.981,5.90314-37.44659-11.00082-60.70078-48.64828-63.33267-13.137-.91842-16.45015-5.43062-19.21754-16.935-9.30387-38.67663-34.59038-53.67167-74.13662-44.585-10.18443,2.3401-17.05741,2.2529-24.8593-6.77926-30.175-34.93317-59.58084-35.22646-91.95222-.348-9.64337,10.39025-15.6225,11.83918-28.62783,5.4055-32.90341-16.27713-59.8387-3.10046-69.78437,35.47712-4.6848,18.17164-11.36854,26.3489-30.24471,30.1582-31.33028,6.32259-44.78933,33.5759-35.57532,69.531,3.76252,14.68215,4.6826,23.43655-10.28992,33.26423-22.74913,14.93216-25.22052,35.33713-11.0953,59.39875a163.06863,163.06863,0,0,0,18.46085,24.68707c6.40258,7.28037,13.94521,13.55817,19.80434,21.482C65.25053,338.04809,43.116,321.28746,27.8598,297.29993c-17.05057-26.80876-13.40609-48.15088,13.33187-65.26212,13.64688-8.73344,14.87507-15.92347,10.65871-30.93464-12.7269-45.31048,5.12054-71.29348,52.09339-78.34017,9.12234-1.36851,13.24368-4.37134,14.93358-13.09156a120.37358,120.37358,0,0,1,6.91928-23.66458C140.26672,51.59355,166.89048,40.64934,200.93587,56.76c12.995,6.14933,20.16447,5.77862,30.68022-5.2998C268.21035,12.90788,301.23887,13.957,336.089,53.95609c7.03437,8.07364,13.32723,7.58749,21.51782,5.54845,49.26567-12.26462,82.34232,9.66738,86.80352,52.02378.85563,8.12375,4.89151,12.49189,13.59822,11.06745a9.08058,9.08058,0,0,1,2.06083.01162c48.42775,3.32745,67.90447,29.37216,55.65225,76.28488-3.68675,14.11627-5.266,23.35647,9.83168,33.3918,24.025,15.96919,26.43605,40.908,10.89058,67.22194C523.519,321.384,492.3391,349.49056,461.28162,365.26377Z"/><path class="cls-2" d="M222.21166,412.15994c-43.3335,8.71069-88.628,7.98395-130.77907,28.38523,94.59324,34.57588,265.86321,39.32494,381.28659.87883-20.80256-13.03877-43.25235-15.46757-64.96771-19.52875-21.46582-4.01455-43.21049-6.53754-65.22855-9.773,2.32155-9.0906,5.71941-13.26155,14.6818-11.53506,34.9755,6.73747,70.6065,10.43856,104.30053,22.96341,8.18218,3.04152,18.89124,4.40911,19.86455,15.15614,1.09622,12.10448-6.10692,24.09739-16.79915,25.67409-30.25013,4.46064-56.38559,26.36212-84.9133,26.506-28.47048.14371-52.82989-.52977-79.492,14.17476-20.18156,11.13047-46.332,2.83194-64.16335-15.45408-6.83775-7.01216-11.13794-6.37864-19.02114-2.85829-23.91278,10.67842-47.24546,8.5124-67.31614-8.79886-7.10279-6.12627-13.27536-7.629-22.06165-6.68907a44.08867,44.08867,0,0,1-27.74743-5.86122C89.8179,459.38315,82.0507,451.437,82.898,439.18832c.77048-11.13889,11.49627-12.35089,19.55689-15.40536,33.62848-12.74306,69.18754-16.82889,104.26785-23.14551C215.75685,399.01074,219.15407,403.38339,222.21166,412.15994Z"/></g><rect class="cls-1" x="157.9184" y="278.28554" width="63.75238" height="63.75238"/><rect class="cls-1" x="241.008" y="278.28554" width="63.75238" height="63.75238"/><rect class="cls-1" x="157.9184" y="361.37514" width="63.75238" height="63.75238"/><rect class="cls-1" x="367.09657" y="153.06724" width="63.75176" height="63.75177" transform="translate(-13.91822 336.28471) rotate(-45)"/><polygon class="cls-1" points="239.799 221.785 239.799 222.389 296.3 250.79 325.004 193.987 268.201 165.284 239.799 221.785"/><rect class="cls-1" x="341.49858" y="264.8759" width="63.75384" height="63.75383" transform="translate(-59.8512 496.2174) rotate(-63.19922)"/><rect class="cls-1" x="157.9184" y="195.19594" width="63.75238" height="63.75238"/><rect class="cls-1" x="241.008" y="361.37514" width="63.75238" height="63.75238"/><rect class="cls-1" x="324.39973" y="361.37514" width="63.75238" height="63.75238"/></svg>
\ No newline at end of file
diff --git a/vendor/github.com/distribution/reference/helpers.go b/vendor/github.com/distribution/reference/helpers.go
deleted file mode 100644
index d10c7ef83..000000000
--- a/vendor/github.com/distribution/reference/helpers.go
+++ /dev/null
@@ -1,42 +0,0 @@
-package reference
-
-import "path"
-
-// IsNameOnly returns true if reference only contains a repo name.
-func IsNameOnly(ref Named) bool {
-	if _, ok := ref.(NamedTagged); ok {
-		return false
-	}
-	if _, ok := ref.(Canonical); ok {
-		return false
-	}
-	return true
-}
-
-// FamiliarName returns the familiar name string
-// for the given named, familiarizing if needed.
-func FamiliarName(ref Named) string {
-	if nn, ok := ref.(normalizedNamed); ok {
-		return nn.Familiar().Name()
-	}
-	return ref.Name()
-}
-
-// FamiliarString returns the familiar string representation
-// for the given reference, familiarizing if needed.
-func FamiliarString(ref Reference) string {
-	if nn, ok := ref.(normalizedNamed); ok {
-		return nn.Familiar().String()
-	}
-	return ref.String()
-}
-
-// FamiliarMatch reports whether ref matches the specified pattern.
-// See [path.Match] for supported patterns.
-func FamiliarMatch(pattern string, ref Reference) (bool, error) {
-	matched, err := path.Match(pattern, FamiliarString(ref))
-	if namedRef, isNamed := ref.(Named); isNamed && !matched {
-		matched, _ = path.Match(pattern, FamiliarName(namedRef))
-	}
-	return matched, err
-}
diff --git a/vendor/github.com/distribution/reference/normalize.go b/vendor/github.com/distribution/reference/normalize.go
deleted file mode 100644
index a30229d01..000000000
--- a/vendor/github.com/distribution/reference/normalize.go
+++ /dev/null
@@ -1,224 +0,0 @@
-package reference
-
-import (
-	"fmt"
-	"strings"
-
-	"github.com/opencontainers/go-digest"
-)
-
-const (
-	// legacyDefaultDomain is the legacy domain for Docker Hub (which was
-	// originally named "the Docker Index"). This domain is still used for
-	// authentication and image search, which were part of the "v1" Docker
-	// registry specification.
-	//
-	// This domain will continue to be supported, but there are plans to consolidate
-	// legacy domains to new "canonical" domains. Once those domains are decided
-	// on, we must update the normalization functions, but preserve compatibility
-	// with existing installs, clients, and user configuration.
-	legacyDefaultDomain = "index.docker.io"
-
-	// defaultDomain is the default domain used for images on Docker Hub.
-	// It is used to normalize "familiar" names to canonical names, for example,
-	// to convert "ubuntu" to "docker.io/library/ubuntu:latest".
-	//
-	// Note that actual domain of Docker Hub's registry is registry-1.docker.io.
-	// This domain will continue to be supported, but there are plans to consolidate
-	// legacy domains to new "canonical" domains. Once those domains are decided
-	// on, we must update the normalization functions, but preserve compatibility
-	// with existing installs, clients, and user configuration.
-	defaultDomain = "docker.io"
-
-	// officialRepoPrefix is the namespace used for official images on Docker Hub.
-	// It is used to normalize "familiar" names to canonical names, for example,
-	// to convert "ubuntu" to "docker.io/library/ubuntu:latest".
-	officialRepoPrefix = "library/"
-
-	// defaultTag is the default tag if no tag is provided.
-	defaultTag = "latest"
-)
-
-// normalizedNamed represents a name which has been
-// normalized and has a familiar form. A familiar name
-// is what is used in Docker UI. An example normalized
-// name is "docker.io/library/ubuntu" and corresponding
-// familiar name of "ubuntu".
-type normalizedNamed interface {
-	Named
-	Familiar() Named
-}
-
-// ParseNormalizedNamed parses a string into a named reference
-// transforming a familiar name from Docker UI to a fully
-// qualified reference. If the value may be an identifier
-// use ParseAnyReference.
-func ParseNormalizedNamed(s string) (Named, error) {
-	if ok := anchoredIdentifierRegexp.MatchString(s); ok {
-		return nil, fmt.Errorf("invalid repository name (%s), cannot specify 64-byte hexadecimal strings", s)
-	}
-	domain, remainder := splitDockerDomain(s)
-	var remote string
-	if tagSep := strings.IndexRune(remainder, ':'); tagSep > -1 {
-		remote = remainder[:tagSep]
-	} else {
-		remote = remainder
-	}
-	if strings.ToLower(remote) != remote {
-		return nil, fmt.Errorf("invalid reference format: repository name (%s) must be lowercase", remote)
-	}
-
-	ref, err := Parse(domain + "/" + remainder)
-	if err != nil {
-		return nil, err
-	}
-	named, isNamed := ref.(Named)
-	if !isNamed {
-		return nil, fmt.Errorf("reference %s has no name", ref.String())
-	}
-	return named, nil
-}
-
-// namedTaggedDigested is a reference that has both a tag and a digest.
-type namedTaggedDigested interface {
-	NamedTagged
-	Digested
-}
-
-// ParseDockerRef normalizes the image reference following the docker convention,
-// which allows for references to contain both a tag and a digest. It returns a
-// reference that is either tagged or digested. For references containing both
-// a tag and a digest, it returns a digested reference. For example, the following
-// reference:
-//
-//	docker.io/library/busybox:latest@sha256:7cc4b5aefd1d0cadf8d97d4350462ba51c694ebca145b08d7d41b41acc8db5aa
-//
-// Is returned as a digested reference (with the ":latest" tag removed):
-//
-//	docker.io/library/busybox@sha256:7cc4b5aefd1d0cadf8d97d4350462ba51c694ebca145b08d7d41b41acc8db5aa
-//
-// References that are already "tagged" or "digested" are returned unmodified:
-//
-//	// Already a digested reference
-//	docker.io/library/busybox@sha256:7cc4b5aefd1d0cadf8d97d4350462ba51c694ebca145b08d7d41b41acc8db5aa
-//
-//	// Already a named reference
-//	docker.io/library/busybox:latest
-func ParseDockerRef(ref string) (Named, error) {
-	named, err := ParseNormalizedNamed(ref)
-	if err != nil {
-		return nil, err
-	}
-	if canonical, ok := named.(namedTaggedDigested); ok {
-		// The reference is both tagged and digested; only return digested.
-		newNamed, err := WithName(canonical.Name())
-		if err != nil {
-			return nil, err
-		}
-		return WithDigest(newNamed, canonical.Digest())
-	}
-	return TagNameOnly(named), nil
-}
-
-// splitDockerDomain splits a repository name to domain and remote-name.
-// If no valid domain is found, the default domain is used. Repository name
-// needs to be already validated before.
-func splitDockerDomain(name string) (domain, remainder string) {
-	i := strings.IndexRune(name, '/')
-	if i == -1 || (!strings.ContainsAny(name[:i], ".:") && name[:i] != localhost && strings.ToLower(name[:i]) == name[:i]) {
-		domain, remainder = defaultDomain, name
-	} else {
-		domain, remainder = name[:i], name[i+1:]
-	}
-	if domain == legacyDefaultDomain {
-		domain = defaultDomain
-	}
-	if domain == defaultDomain && !strings.ContainsRune(remainder, '/') {
-		remainder = officialRepoPrefix + remainder
-	}
-	return
-}
-
-// familiarizeName returns a shortened version of the name familiar
-// to the Docker UI. Familiar names have the default domain
-// "docker.io" and "library/" repository prefix removed.
-// For example, "docker.io/library/redis" will have the familiar
-// name "redis" and "docker.io/dmcgowan/myapp" will be "dmcgowan/myapp".
-// Returns a familiarized named only reference.
-func familiarizeName(named namedRepository) repository {
-	repo := repository{
-		domain: named.Domain(),
-		path:   named.Path(),
-	}
-
-	if repo.domain == defaultDomain {
-		repo.domain = ""
-		// Handle official repositories which have the pattern "library/<official repo name>"
-		if strings.HasPrefix(repo.path, officialRepoPrefix) {
-			// TODO(thaJeztah): this check may be too strict, as it assumes the
-			//  "library/" namespace does not have nested namespaces. While this
-			//  is true (currently), technically it would be possible for Docker
-			//  Hub to use those (e.g. "library/distros/ubuntu:latest").
-			//  See https://github.com/distribution/distribution/pull/3769#issuecomment-1302031785.
-			if remainder := strings.TrimPrefix(repo.path, officialRepoPrefix); !strings.ContainsRune(remainder, '/') {
-				repo.path = remainder
-			}
-		}
-	}
-	return repo
-}
-
-func (r reference) Familiar() Named {
-	return reference{
-		namedRepository: familiarizeName(r.namedRepository),
-		tag:             r.tag,
-		digest:          r.digest,
-	}
-}
-
-func (r repository) Familiar() Named {
-	return familiarizeName(r)
-}
-
-func (t taggedReference) Familiar() Named {
-	return taggedReference{
-		namedRepository: familiarizeName(t.namedRepository),
-		tag:             t.tag,
-	}
-}
-
-func (c canonicalReference) Familiar() Named {
-	return canonicalReference{
-		namedRepository: familiarizeName(c.namedRepository),
-		digest:          c.digest,
-	}
-}
-
-// TagNameOnly adds the default tag "latest" to a reference if it only has
-// a repo name.
-func TagNameOnly(ref Named) Named {
-	if IsNameOnly(ref) {
-		namedTagged, err := WithTag(ref, defaultTag)
-		if err != nil {
-			// Default tag must be valid, to create a NamedTagged
-			// type with non-validated input the WithTag function
-			// should be used instead
-			panic(err)
-		}
-		return namedTagged
-	}
-	return ref
-}
-
-// ParseAnyReference parses a reference string as a possible identifier,
-// full digest, or familiar name.
-func ParseAnyReference(ref string) (Reference, error) {
-	if ok := anchoredIdentifierRegexp.MatchString(ref); ok {
-		return digestReference("sha256:" + ref), nil
-	}
-	if dgst, err := digest.Parse(ref); err == nil {
-		return digestReference(dgst), nil
-	}
-
-	return ParseNormalizedNamed(ref)
-}
diff --git a/vendor/github.com/distribution/reference/reference.go b/vendor/github.com/distribution/reference/reference.go
deleted file mode 100644
index e98c44daa..000000000
--- a/vendor/github.com/distribution/reference/reference.go
+++ /dev/null
@@ -1,436 +0,0 @@
-// Package reference provides a general type to represent any way of referencing images within the registry.
-// Its main purpose is to abstract tags and digests (content-addressable hash).
-//
-// Grammar
-//
-//	reference                       := name [ ":" tag ] [ "@" digest ]
-//	name                            := [domain '/'] remote-name
-//	domain                          := host [':' port-number]
-//	host                            := domain-name | IPv4address | \[ IPv6address \]	; rfc3986 appendix-A
-//	domain-name                     := domain-component ['.' domain-component]*
-//	domain-component                := /([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])/
-//	port-number                     := /[0-9]+/
-//	path-component                  := alpha-numeric [separator alpha-numeric]*
-//	path (or "remote-name")         := path-component ['/' path-component]*
-//	alpha-numeric                   := /[a-z0-9]+/
-//	separator                       := /[_.]|__|[-]*/
-//
-//	tag                             := /[\w][\w.-]{0,127}/
-//
-//	digest                          := digest-algorithm ":" digest-hex
-//	digest-algorithm                := digest-algorithm-component [ digest-algorithm-separator digest-algorithm-component ]*
-//	digest-algorithm-separator      := /[+.-_]/
-//	digest-algorithm-component      := /[A-Za-z][A-Za-z0-9]*/
-//	digest-hex                      := /[0-9a-fA-F]{32,}/ ; At least 128 bit digest value
-//
-//	identifier                      := /[a-f0-9]{64}/
-package reference
-
-import (
-	"errors"
-	"fmt"
-	"strings"
-
-	"github.com/opencontainers/go-digest"
-)
-
-const (
-	// NameTotalLengthMax is the maximum total number of characters in a repository name.
-	NameTotalLengthMax = 255
-)
-
-var (
-	// ErrReferenceInvalidFormat represents an error while trying to parse a string as a reference.
-	ErrReferenceInvalidFormat = errors.New("invalid reference format")
-
-	// ErrTagInvalidFormat represents an error while trying to parse a string as a tag.
-	ErrTagInvalidFormat = errors.New("invalid tag format")
-
-	// ErrDigestInvalidFormat represents an error while trying to parse a string as a tag.
-	ErrDigestInvalidFormat = errors.New("invalid digest format")
-
-	// ErrNameContainsUppercase is returned for invalid repository names that contain uppercase characters.
-	ErrNameContainsUppercase = errors.New("repository name must be lowercase")
-
-	// ErrNameEmpty is returned for empty, invalid repository names.
-	ErrNameEmpty = errors.New("repository name must have at least one component")
-
-	// ErrNameTooLong is returned when a repository name is longer than NameTotalLengthMax.
-	ErrNameTooLong = fmt.Errorf("repository name must not be more than %v characters", NameTotalLengthMax)
-
-	// ErrNameNotCanonical is returned when a name is not canonical.
-	ErrNameNotCanonical = errors.New("repository name must be canonical")
-)
-
-// Reference is an opaque object reference identifier that may include
-// modifiers such as a hostname, name, tag, and digest.
-type Reference interface {
-	// String returns the full reference
-	String() string
-}
-
-// Field provides a wrapper type for resolving correct reference types when
-// working with encoding.
-type Field struct {
-	reference Reference
-}
-
-// AsField wraps a reference in a Field for encoding.
-func AsField(reference Reference) Field {
-	return Field{reference}
-}
-
-// Reference unwraps the reference type from the field to
-// return the Reference object. This object should be
-// of the appropriate type to further check for different
-// reference types.
-func (f Field) Reference() Reference {
-	return f.reference
-}
-
-// MarshalText serializes the field to byte text which
-// is the string of the reference.
-func (f Field) MarshalText() (p []byte, err error) {
-	return []byte(f.reference.String()), nil
-}
-
-// UnmarshalText parses text bytes by invoking the
-// reference parser to ensure the appropriately
-// typed reference object is wrapped by field.
-func (f *Field) UnmarshalText(p []byte) error {
-	r, err := Parse(string(p))
-	if err != nil {
-		return err
-	}
-
-	f.reference = r
-	return nil
-}
-
-// Named is an object with a full name
-type Named interface {
-	Reference
-	Name() string
-}
-
-// Tagged is an object which has a tag
-type Tagged interface {
-	Reference
-	Tag() string
-}
-
-// NamedTagged is an object including a name and tag.
-type NamedTagged interface {
-	Named
-	Tag() string
-}
-
-// Digested is an object which has a digest
-// in which it can be referenced by
-type Digested interface {
-	Reference
-	Digest() digest.Digest
-}
-
-// Canonical reference is an object with a fully unique
-// name including a name with domain and digest
-type Canonical interface {
-	Named
-	Digest() digest.Digest
-}
-
-// namedRepository is a reference to a repository with a name.
-// A namedRepository has both domain and path components.
-type namedRepository interface {
-	Named
-	Domain() string
-	Path() string
-}
-
-// Domain returns the domain part of the [Named] reference.
-func Domain(named Named) string {
-	if r, ok := named.(namedRepository); ok {
-		return r.Domain()
-	}
-	domain, _ := splitDomain(named.Name())
-	return domain
-}
-
-// Path returns the name without the domain part of the [Named] reference.
-func Path(named Named) (name string) {
-	if r, ok := named.(namedRepository); ok {
-		return r.Path()
-	}
-	_, path := splitDomain(named.Name())
-	return path
-}
-
-func splitDomain(name string) (string, string) {
-	match := anchoredNameRegexp.FindStringSubmatch(name)
-	if len(match) != 3 {
-		return "", name
-	}
-	return match[1], match[2]
-}
-
-// SplitHostname splits a named reference into a
-// hostname and name string. If no valid hostname is
-// found, the hostname is empty and the full value
-// is returned as name
-//
-// Deprecated: Use [Domain] or [Path].
-func SplitHostname(named Named) (string, string) {
-	if r, ok := named.(namedRepository); ok {
-		return r.Domain(), r.Path()
-	}
-	return splitDomain(named.Name())
-}
-
-// Parse parses s and returns a syntactically valid Reference.
-// If an error was encountered it is returned, along with a nil Reference.
-func Parse(s string) (Reference, error) {
-	matches := ReferenceRegexp.FindStringSubmatch(s)
-	if matches == nil {
-		if s == "" {
-			return nil, ErrNameEmpty
-		}
-		if ReferenceRegexp.FindStringSubmatch(strings.ToLower(s)) != nil {
-			return nil, ErrNameContainsUppercase
-		}
-		return nil, ErrReferenceInvalidFormat
-	}
-
-	if len(matches[1]) > NameTotalLengthMax {
-		return nil, ErrNameTooLong
-	}
-
-	var repo repository
-
-	nameMatch := anchoredNameRegexp.FindStringSubmatch(matches[1])
-	if len(nameMatch) == 3 {
-		repo.domain = nameMatch[1]
-		repo.path = nameMatch[2]
-	} else {
-		repo.domain = ""
-		repo.path = matches[1]
-	}
-
-	ref := reference{
-		namedRepository: repo,
-		tag:             matches[2],
-	}
-	if matches[3] != "" {
-		var err error
-		ref.digest, err = digest.Parse(matches[3])
-		if err != nil {
-			return nil, err
-		}
-	}
-
-	r := getBestReferenceType(ref)
-	if r == nil {
-		return nil, ErrNameEmpty
-	}
-
-	return r, nil
-}
-
-// ParseNamed parses s and returns a syntactically valid reference implementing
-// the Named interface. The reference must have a name and be in the canonical
-// form, otherwise an error is returned.
-// If an error was encountered it is returned, along with a nil Reference.
-func ParseNamed(s string) (Named, error) {
-	named, err := ParseNormalizedNamed(s)
-	if err != nil {
-		return nil, err
-	}
-	if named.String() != s {
-		return nil, ErrNameNotCanonical
-	}
-	return named, nil
-}
-
-// WithName returns a named object representing the given string. If the input
-// is invalid ErrReferenceInvalidFormat will be returned.
-func WithName(name string) (Named, error) {
-	if len(name) > NameTotalLengthMax {
-		return nil, ErrNameTooLong
-	}
-
-	match := anchoredNameRegexp.FindStringSubmatch(name)
-	if match == nil || len(match) != 3 {
-		return nil, ErrReferenceInvalidFormat
-	}
-	return repository{
-		domain: match[1],
-		path:   match[2],
-	}, nil
-}
-
-// WithTag combines the name from "name" and the tag from "tag" to form a
-// reference incorporating both the name and the tag.
-func WithTag(name Named, tag string) (NamedTagged, error) {
-	if !anchoredTagRegexp.MatchString(tag) {
-		return nil, ErrTagInvalidFormat
-	}
-	var repo repository
-	if r, ok := name.(namedRepository); ok {
-		repo.domain = r.Domain()
-		repo.path = r.Path()
-	} else {
-		repo.path = name.Name()
-	}
-	if canonical, ok := name.(Canonical); ok {
-		return reference{
-			namedRepository: repo,
-			tag:             tag,
-			digest:          canonical.Digest(),
-		}, nil
-	}
-	return taggedReference{
-		namedRepository: repo,
-		tag:             tag,
-	}, nil
-}
-
-// WithDigest combines the name from "name" and the digest from "digest" to form
-// a reference incorporating both the name and the digest.
-func WithDigest(name Named, digest digest.Digest) (Canonical, error) {
-	if !anchoredDigestRegexp.MatchString(digest.String()) {
-		return nil, ErrDigestInvalidFormat
-	}
-	var repo repository
-	if r, ok := name.(namedRepository); ok {
-		repo.domain = r.Domain()
-		repo.path = r.Path()
-	} else {
-		repo.path = name.Name()
-	}
-	if tagged, ok := name.(Tagged); ok {
-		return reference{
-			namedRepository: repo,
-			tag:             tagged.Tag(),
-			digest:          digest,
-		}, nil
-	}
-	return canonicalReference{
-		namedRepository: repo,
-		digest:          digest,
-	}, nil
-}
-
-// TrimNamed removes any tag or digest from the named reference.
-func TrimNamed(ref Named) Named {
-	repo := repository{}
-	if r, ok := ref.(namedRepository); ok {
-		repo.domain, repo.path = r.Domain(), r.Path()
-	} else {
-		repo.domain, repo.path = splitDomain(ref.Name())
-	}
-	return repo
-}
-
-func getBestReferenceType(ref reference) Reference {
-	if ref.Name() == "" {
-		// Allow digest only references
-		if ref.digest != "" {
-			return digestReference(ref.digest)
-		}
-		return nil
-	}
-	if ref.tag == "" {
-		if ref.digest != "" {
-			return canonicalReference{
-				namedRepository: ref.namedRepository,
-				digest:          ref.digest,
-			}
-		}
-		return ref.namedRepository
-	}
-	if ref.digest == "" {
-		return taggedReference{
-			namedRepository: ref.namedRepository,
-			tag:             ref.tag,
-		}
-	}
-
-	return ref
-}
-
-type reference struct {
-	namedRepository
-	tag    string
-	digest digest.Digest
-}
-
-func (r reference) String() string {
-	return r.Name() + ":" + r.tag + "@" + r.digest.String()
-}
-
-func (r reference) Tag() string {
-	return r.tag
-}
-
-func (r reference) Digest() digest.Digest {
-	return r.digest
-}
-
-type repository struct {
-	domain string
-	path   string
-}
-
-func (r repository) String() string {
-	return r.Name()
-}
-
-func (r repository) Name() string {
-	if r.domain == "" {
-		return r.path
-	}
-	return r.domain + "/" + r.path
-}
-
-func (r repository) Domain() string {
-	return r.domain
-}
-
-func (r repository) Path() string {
-	return r.path
-}
-
-type digestReference digest.Digest
-
-func (d digestReference) String() string {
-	return digest.Digest(d).String()
-}
-
-func (d digestReference) Digest() digest.Digest {
-	return digest.Digest(d)
-}
-
-type taggedReference struct {
-	namedRepository
-	tag string
-}
-
-func (t taggedReference) String() string {
-	return t.Name() + ":" + t.tag
-}
-
-func (t taggedReference) Tag() string {
-	return t.tag
-}
-
-type canonicalReference struct {
-	namedRepository
-	digest digest.Digest
-}
-
-func (c canonicalReference) String() string {
-	return c.Name() + "@" + c.digest.String()
-}
-
-func (c canonicalReference) Digest() digest.Digest {
-	return c.digest
-}
diff --git a/vendor/github.com/distribution/reference/regexp.go b/vendor/github.com/distribution/reference/regexp.go
deleted file mode 100644
index 65bc49d79..000000000
--- a/vendor/github.com/distribution/reference/regexp.go
+++ /dev/null
@@ -1,163 +0,0 @@
-package reference
-
-import (
-	"regexp"
-	"strings"
-)
-
-// DigestRegexp matches well-formed digests, including algorithm (e.g. "sha256:<encoded>").
-var DigestRegexp = regexp.MustCompile(digestPat)
-
-// DomainRegexp matches hostname or IP-addresses, optionally including a port
-// number. It defines the structure of potential domain components that may be
-// part of image names. This is purposely a subset of what is allowed by DNS to
-// ensure backwards compatibility with Docker image names. It may be a subset of
-// DNS domain name, an IPv4 address in decimal format, or an IPv6 address between
-// square brackets (excluding zone identifiers as defined by [RFC 6874] or special
-// addresses such as IPv4-Mapped).
-//
-// [RFC 6874]: https://www.rfc-editor.org/rfc/rfc6874.
-var DomainRegexp = regexp.MustCompile(domainAndPort)
-
-// IdentifierRegexp is the format for string identifier used as a
-// content addressable identifier using sha256. These identifiers
-// are like digests without the algorithm, since sha256 is used.
-var IdentifierRegexp = regexp.MustCompile(identifier)
-
-// NameRegexp is the format for the name component of references, including
-// an optional domain and port, but without tag or digest suffix.
-var NameRegexp = regexp.MustCompile(namePat)
-
-// ReferenceRegexp is the full supported format of a reference. The regexp
-// is anchored and has capturing groups for name, tag, and digest
-// components.
-var ReferenceRegexp = regexp.MustCompile(referencePat)
-
-// TagRegexp matches valid tag names. From [docker/docker:graph/tags.go].
-//
-// [docker/docker:graph/tags.go]: https://github.com/moby/moby/blob/v1.6.0/graph/tags.go#L26-L28
-var TagRegexp = regexp.MustCompile(tag)
-
-const (
-	// alphanumeric defines the alphanumeric atom, typically a
-	// component of names. This only allows lower case characters and digits.
-	alphanumeric = `[a-z0-9]+`
-
-	// separator defines the separators allowed to be embedded in name
-	// components. This allows one period, one or two underscore and multiple
-	// dashes. Repeated dashes and underscores are intentionally treated
-	// differently. In order to support valid hostnames as name components,
-	// supporting repeated dash was added. Additionally double underscore is
-	// now allowed as a separator to loosen the restriction for previously
-	// supported names.
-	separator = `(?:[._]|__|[-]+)`
-
-	// localhost is treated as a special value for domain-name. Any other
-	// domain-name without a "." or a ":port" are considered a path component.
-	localhost = `localhost`
-
-	// domainNameComponent restricts the registry domain component of a
-	// repository name to start with a component as defined by DomainRegexp.
-	domainNameComponent = `(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])`
-
-	// optionalPort matches an optional port-number including the port separator
-	// (e.g. ":80").
-	optionalPort = `(?::[0-9]+)?`
-
-	// tag matches valid tag names. From docker/docker:graph/tags.go.
-	tag = `[\w][\w.-]{0,127}`
-
-	// digestPat matches well-formed digests, including algorithm (e.g. "sha256:<encoded>").
-	//
-	// TODO(thaJeztah): this should follow the same rules as https://pkg.go.dev/github.com/opencontainers/go-digest@v1.0.0#DigestRegexp
-	// so that go-digest defines the canonical format. Note that the go-digest is
-	// more relaxed:
-	//   - it allows multiple algorithms (e.g. "sha256+b64:<encoded>") to allow
-	//     future expansion of supported algorithms.
-	//   - it allows the "<encoded>" value to use urlsafe base64 encoding as defined
-	//     in [rfc4648, section 5].
-	//
-	// [rfc4648, section 5]: https://www.rfc-editor.org/rfc/rfc4648#section-5.
-	digestPat = `[A-Za-z][A-Za-z0-9]*(?:[-_+.][A-Za-z][A-Za-z0-9]*)*[:][[:xdigit:]]{32,}`
-
-	// identifier is the format for a content addressable identifier using sha256.
-	// These identifiers are like digests without the algorithm, since sha256 is used.
-	identifier = `([a-f0-9]{64})`
-
-	// ipv6address are enclosed between square brackets and may be represented
-	// in many ways, see rfc5952. Only IPv6 in compressed or uncompressed format
-	// are allowed, IPv6 zone identifiers (rfc6874) or Special addresses such as
-	// IPv4-Mapped are deliberately excluded.
-	ipv6address = `\[(?:[a-fA-F0-9:]+)\]`
-)
-
-var (
-	// domainName defines the structure of potential domain components
-	// that may be part of image names. This is purposely a subset of what is
-	// allowed by DNS to ensure backwards compatibility with Docker image
-	// names. This includes IPv4 addresses on decimal format.
-	domainName = domainNameComponent + anyTimes(`\.`+domainNameComponent)
-
-	// host defines the structure of potential domains based on the URI
-	// Host subcomponent on rfc3986. It may be a subset of DNS domain name,
-	// or an IPv4 address in decimal format, or an IPv6 address between square
-	// brackets (excluding zone identifiers as defined by rfc6874 or special
-	// addresses such as IPv4-Mapped).
-	host = `(?:` + domainName + `|` + ipv6address + `)`
-
-	// allowed by the URI Host subcomponent on rfc3986 to ensure backwards
-	// compatibility with Docker image names.
-	domainAndPort = host + optionalPort
-
-	// anchoredTagRegexp matches valid tag names, anchored at the start and
-	// end of the matched string.
-	anchoredTagRegexp = regexp.MustCompile(anchored(tag))
-
-	// anchoredDigestRegexp matches valid digests, anchored at the start and
-	// end of the matched string.
-	anchoredDigestRegexp = regexp.MustCompile(anchored(digestPat))
-
-	// pathComponent restricts path-components to start with an alphanumeric
-	// character, with following parts able to be separated by a separator
-	// (one period, one or two underscore and multiple dashes).
-	pathComponent = alphanumeric + anyTimes(separator+alphanumeric)
-
-	// remoteName matches the remote-name of a repository. It consists of one
-	// or more forward slash (/) delimited path-components:
-	//
-	//	pathComponent[[/pathComponent] ...] // e.g., "library/ubuntu"
-	remoteName = pathComponent + anyTimes(`/`+pathComponent)
-	namePat    = optional(domainAndPort+`/`) + remoteName
-
-	// anchoredNameRegexp is used to parse a name value, capturing the
-	// domain and trailing components.
-	anchoredNameRegexp = regexp.MustCompile(anchored(optional(capture(domainAndPort), `/`), capture(remoteName)))
-
-	referencePat = anchored(capture(namePat), optional(`:`, capture(tag)), optional(`@`, capture(digestPat)))
-
-	// anchoredIdentifierRegexp is used to check or match an
-	// identifier value, anchored at start and end of string.
-	anchoredIdentifierRegexp = regexp.MustCompile(anchored(identifier))
-)
-
-// optional wraps the expression in a non-capturing group and makes the
-// production optional.
-func optional(res ...string) string {
-	return `(?:` + strings.Join(res, "") + `)?`
-}
-
-// anyTimes wraps the expression in a non-capturing group that can occur
-// any number of times.
-func anyTimes(res ...string) string {
-	return `(?:` + strings.Join(res, "") + `)*`
-}
-
-// capture wraps the expression in a capturing group.
-func capture(res ...string) string {
-	return `(` + strings.Join(res, "") + `)`
-}
-
-// anchored anchors the regular expression by adding start and end delimiters.
-func anchored(res ...string) string {
-	return `^` + strings.Join(res, "") + `$`
-}
diff --git a/vendor/github.com/distribution/reference/sort.go b/vendor/github.com/distribution/reference/sort.go
deleted file mode 100644
index 416c37b07..000000000
--- a/vendor/github.com/distribution/reference/sort.go
+++ /dev/null
@@ -1,75 +0,0 @@
-/*
-   Copyright The containerd Authors.
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
-*/
-
-package reference
-
-import (
-	"sort"
-)
-
-// Sort sorts string references preferring higher information references.
-//
-// The precedence is as follows:
-//
-//  1. [Named] + [Tagged] + [Digested] (e.g., "docker.io/library/busybox:latest@sha256:<digest>")
-//  2. [Named] + [Tagged]              (e.g., "docker.io/library/busybox:latest")
-//  3. [Named] + [Digested]            (e.g., "docker.io/library/busybo@sha256:<digest>")
-//  4. [Named]                         (e.g., "docker.io/library/busybox")
-//  5. [Digested]                      (e.g., "docker.io@sha256:<digest>")
-//  6. Parse error
-func Sort(references []string) []string {
-	var prefs []Reference
-	var bad []string
-
-	for _, ref := range references {
-		pref, err := ParseAnyReference(ref)
-		if err != nil {
-			bad = append(bad, ref)
-		} else {
-			prefs = append(prefs, pref)
-		}
-	}
-	sort.Slice(prefs, func(a, b int) bool {
-		ar := refRank(prefs[a])
-		br := refRank(prefs[b])
-		if ar == br {
-			return prefs[a].String() < prefs[b].String()
-		}
-		return ar < br
-	})
-	sort.Strings(bad)
-	var refs []string
-	for _, pref := range prefs {
-		refs = append(refs, pref.String())
-	}
-	return append(refs, bad...)
-}
-
-func refRank(ref Reference) uint8 {
-	if _, ok := ref.(Named); ok {
-		if _, ok = ref.(Tagged); ok {
-			if _, ok = ref.(Digested); ok {
-				return 1
-			}
-			return 2
-		}
-		if _, ok = ref.(Digested); ok {
-			return 3
-		}
-		return 4
-	}
-	return 5
-}
diff --git a/vendor/github.com/docker/distribution/configuration/configuration.go b/vendor/github.com/docker/distribution/configuration/configuration.go
deleted file mode 100644
index 7076df85d..000000000
--- a/vendor/github.com/docker/distribution/configuration/configuration.go
+++ /dev/null
@@ -1,706 +0,0 @@
-package configuration
-
-import (
-	"errors"
-	"fmt"
-	"io"
-	"io/ioutil"
-	"net/http"
-	"reflect"
-	"strings"
-	"time"
-)
-
-// Configuration is a versioned registry configuration, intended to be provided by a yaml file, and
-// optionally modified by environment variables.
-//
-// Note that yaml field names should never include _ characters, since this is the separator used
-// in environment variable names.
-type Configuration struct {
-	// Version is the version which defines the format of the rest of the configuration
-	Version Version `yaml:"version"`
-
-	// Log supports setting various parameters related to the logging
-	// subsystem.
-	Log struct {
-		// AccessLog configures access logging.
-		AccessLog struct {
-			// Disabled disables access logging.
-			Disabled bool `yaml:"disabled,omitempty"`
-		} `yaml:"accesslog,omitempty"`
-
-		// Level is the granularity at which registry operations are logged.
-		Level Loglevel `yaml:"level,omitempty"`
-
-		// Formatter overrides the default formatter with another. Options
-		// include "text", "json" and "logstash".
-		Formatter string `yaml:"formatter,omitempty"`
-
-		// Fields allows users to specify static string fields to include in
-		// the logger context.
-		Fields map[string]interface{} `yaml:"fields,omitempty"`
-
-		// Hooks allows users to configure the log hooks, to enabling the
-		// sequent handling behavior, when defined levels of log message emit.
-		Hooks []LogHook `yaml:"hooks,omitempty"`
-	}
-
-	// Loglevel is the level at which registry operations are logged.
-	//
-	// Deprecated: Use Log.Level instead.
-	Loglevel Loglevel `yaml:"loglevel,omitempty"`
-
-	// Storage is the configuration for the registry's storage driver
-	Storage Storage `yaml:"storage"`
-
-	// Auth allows configuration of various authorization methods that may be
-	// used to gate requests.
-	Auth Auth `yaml:"auth,omitempty"`
-
-	// Middleware lists all middlewares to be used by the registry.
-	Middleware map[string][]Middleware `yaml:"middleware,omitempty"`
-
-	// Reporting is the configuration for error reporting
-	Reporting Reporting `yaml:"reporting,omitempty"`
-
-	// HTTP contains configuration parameters for the registry's http
-	// interface.
-	HTTP struct {
-		// Addr specifies the bind address for the registry instance.
-		Addr string `yaml:"addr,omitempty"`
-
-		// Net specifies the net portion of the bind address. A default empty value means tcp.
-		Net string `yaml:"net,omitempty"`
-
-		// Host specifies an externally-reachable address for the registry, as a fully
-		// qualified URL.
-		Host string `yaml:"host,omitempty"`
-
-		Prefix string `yaml:"prefix,omitempty"`
-
-		// Secret specifies the secret key which HMAC tokens are created with.
-		Secret string `yaml:"secret,omitempty"`
-
-		// RelativeURLs specifies that relative URLs should be returned in
-		// Location headers
-		RelativeURLs bool `yaml:"relativeurls,omitempty"`
-
-		// Amount of time to wait for connection to drain before shutting down when registry
-		// receives a stop signal
-		DrainTimeout time.Duration `yaml:"draintimeout,omitempty"`
-
-		// TLS instructs the http server to listen with a TLS configuration.
-		// This only support simple tls configuration with a cert and key.
-		// Mostly, this is useful for testing situations or simple deployments
-		// that require tls. If more complex configurations are required, use
-		// a proxy or make a proposal to add support here.
-		TLS struct {
-			// Certificate specifies the path to an x509 certificate file to
-			// be used for TLS.
-			Certificate string `yaml:"certificate,omitempty"`
-
-			// Key specifies the path to the x509 key file, which should
-			// contain the private portion for the file specified in
-			// Certificate.
-			Key string `yaml:"key,omitempty"`
-
-			// Specifies the CA certs for client authentication
-			// A file may contain multiple CA certificates encoded as PEM
-			ClientCAs []string `yaml:"clientcas,omitempty"`
-
-			// Specifies the lowest TLS version allowed
-			MinimumTLS string `yaml:"minimumtls,omitempty"`
-
-			// Specifies a list of cipher suites allowed
-			CipherSuites []string `yaml:"ciphersuites,omitempty"`
-
-			// LetsEncrypt is used to configuration setting up TLS through
-			// Let's Encrypt instead of manually specifying certificate and
-			// key. If a TLS certificate is specified, the Let's Encrypt
-			// section will not be used.
-			LetsEncrypt struct {
-				// CacheFile specifies cache file to use for lets encrypt
-				// certificates and keys.
-				CacheFile string `yaml:"cachefile,omitempty"`
-
-				// Email is the email to use during Let's Encrypt registration
-				Email string `yaml:"email,omitempty"`
-
-				// Hosts specifies the hosts which are allowed to obtain Let's
-				// Encrypt certificates.
-				Hosts []string `yaml:"hosts,omitempty"`
-			} `yaml:"letsencrypt,omitempty"`
-		} `yaml:"tls,omitempty"`
-
-		// Headers is a set of headers to include in HTTP responses. A common
-		// use case for this would be security headers such as
-		// Strict-Transport-Security. The map keys are the header names, and
-		// the values are the associated header payloads.
-		Headers http.Header `yaml:"headers,omitempty"`
-
-		// Debug configures the http debug interface, if specified. This can
-		// include services such as pprof, expvar and other data that should
-		// not be exposed externally. Left disabled by default.
-		Debug struct {
-			// Addr specifies the bind address for the debug server.
-			Addr string `yaml:"addr,omitempty"`
-			// Prometheus configures the Prometheus telemetry endpoint.
-			Prometheus struct {
-				Enabled bool   `yaml:"enabled,omitempty"`
-				Path    string `yaml:"path,omitempty"`
-			} `yaml:"prometheus,omitempty"`
-		} `yaml:"debug,omitempty"`
-
-		// HTTP2 configuration options
-		HTTP2 struct {
-			// Specifies whether the registry should disallow clients attempting
-			// to connect via http2. If set to true, only http/1.1 is supported.
-			Disabled bool `yaml:"disabled,omitempty"`
-		} `yaml:"http2,omitempty"`
-	} `yaml:"http,omitempty"`
-
-	// Notifications specifies configuration about various endpoint to which
-	// registry events are dispatched.
-	Notifications Notifications `yaml:"notifications,omitempty"`
-
-	// Redis configures the redis pool available to the registry webapp.
-	Redis struct {
-		// Addr specifies the the redis instance available to the application.
-		Addr string `yaml:"addr,omitempty"`
-
-		// Password string to use when making a connection.
-		Password string `yaml:"password,omitempty"`
-
-		// DB specifies the database to connect to on the redis instance.
-		DB int `yaml:"db,omitempty"`
-
-		DialTimeout  time.Duration `yaml:"dialtimeout,omitempty"`  // timeout for connect
-		ReadTimeout  time.Duration `yaml:"readtimeout,omitempty"`  // timeout for reads of data
-		WriteTimeout time.Duration `yaml:"writetimeout,omitempty"` // timeout for writes of data
-
-		// Pool configures the behavior of the redis connection pool.
-		Pool struct {
-			// MaxIdle sets the maximum number of idle connections.
-			MaxIdle int `yaml:"maxidle,omitempty"`
-
-			// MaxActive sets the maximum number of connections that should be
-			// opened before blocking a connection request.
-			MaxActive int `yaml:"maxactive,omitempty"`
-
-			// IdleTimeout sets the amount time to wait before closing
-			// inactive connections.
-			IdleTimeout time.Duration `yaml:"idletimeout,omitempty"`
-		} `yaml:"pool,omitempty"`
-	} `yaml:"redis,omitempty"`
-
-	Health  Health  `yaml:"health,omitempty"`
-	Catalog Catalog `yaml:"catalog,omitempty"`
-
-	Proxy Proxy `yaml:"proxy,omitempty"`
-
-	// Compatibility is used for configurations of working with older or deprecated features.
-	Compatibility struct {
-		// Schema1 configures how schema1 manifests will be handled
-		Schema1 struct {
-			// TrustKey is the signing key to use for adding the signature to
-			// schema1 manifests.
-			TrustKey string `yaml:"signingkeyfile,omitempty"`
-			// Enabled determines if schema1 manifests should be pullable
-			Enabled bool `yaml:"enabled,omitempty"`
-		} `yaml:"schema1,omitempty"`
-	} `yaml:"compatibility,omitempty"`
-
-	// Validation configures validation options for the registry.
-	Validation struct {
-		// Enabled enables the other options in this section. This field is
-		// deprecated in favor of Disabled.
-		Enabled bool `yaml:"enabled,omitempty"`
-		// Disabled disables the other options in this section.
-		Disabled bool `yaml:"disabled,omitempty"`
-		// Manifests configures manifest validation.
-		Manifests struct {
-			// URLs configures validation for URLs in pushed manifests.
-			URLs struct {
-				// Allow specifies regular expressions (https://godoc.org/regexp/syntax)
-				// that URLs in pushed manifests must match.
-				Allow []string `yaml:"allow,omitempty"`
-				// Deny specifies regular expressions (https://godoc.org/regexp/syntax)
-				// that URLs in pushed manifests must not match.
-				Deny []string `yaml:"deny,omitempty"`
-			} `yaml:"urls,omitempty"`
-		} `yaml:"manifests,omitempty"`
-	} `yaml:"validation,omitempty"`
-
-	// Policy configures registry policy options.
-	Policy struct {
-		// Repository configures policies for repositories
-		Repository struct {
-			// Classes is a list of repository classes which the
-			// registry allows content for. This class is matched
-			// against the configuration media type inside uploaded
-			// manifests. When non-empty, the registry will enforce
-			// the class in authorized resources.
-			Classes []string `yaml:"classes"`
-		} `yaml:"repository,omitempty"`
-	} `yaml:"policy,omitempty"`
-}
-
-// Catalog is composed of MaxEntries.
-// Catalog endpoint (/v2/_catalog) configuration, it provides the configuration
-// options to control the maximum number of entries returned by the catalog endpoint.
-type Catalog struct {
-	// Max number of entries returned by the catalog endpoint. Requesting n entries
-	// to the catalog endpoint will return at most MaxEntries entries.
-	// An empty or a negative value will set a default of 1000 maximum entries by default.
-	MaxEntries int `yaml:"maxentries,omitempty"`
-}
-
-// LogHook is composed of hook Level and Type.
-// After hooks configuration, it can execute the next handling automatically,
-// when defined levels of log message emitted.
-// Example: hook can sending an email notification when error log happens in app.
-type LogHook struct {
-	// Disable lets user select to enable hook or not.
-	Disabled bool `yaml:"disabled,omitempty"`
-
-	// Type allows user to select which type of hook handler they want.
-	Type string `yaml:"type,omitempty"`
-
-	// Levels set which levels of log message will let hook executed.
-	Levels []string `yaml:"levels,omitempty"`
-
-	// MailOptions allows user to configure email parameters.
-	MailOptions MailOptions `yaml:"options,omitempty"`
-}
-
-// MailOptions provides the configuration sections to user, for specific handler.
-type MailOptions struct {
-	SMTP struct {
-		// Addr defines smtp host address
-		Addr string `yaml:"addr,omitempty"`
-
-		// Username defines user name to smtp host
-		Username string `yaml:"username,omitempty"`
-
-		// Password defines password of login user
-		Password string `yaml:"password,omitempty"`
-
-		// Insecure defines if smtp login skips the secure certification.
-		Insecure bool `yaml:"insecure,omitempty"`
-	} `yaml:"smtp,omitempty"`
-
-	// From defines mail sending address
-	From string `yaml:"from,omitempty"`
-
-	// To defines mail receiving address
-	To []string `yaml:"to,omitempty"`
-}
-
-// FileChecker is a type of entry in the health section for checking files.
-type FileChecker struct {
-	// Interval is the duration in between checks
-	Interval time.Duration `yaml:"interval,omitempty"`
-	// File is the path to check
-	File string `yaml:"file,omitempty"`
-	// Threshold is the number of times a check must fail to trigger an
-	// unhealthy state
-	Threshold int `yaml:"threshold,omitempty"`
-}
-
-// HTTPChecker is a type of entry in the health section for checking HTTP URIs.
-type HTTPChecker struct {
-	// Timeout is the duration to wait before timing out the HTTP request
-	Timeout time.Duration `yaml:"timeout,omitempty"`
-	// StatusCode is the expected status code
-	StatusCode int
-	// Interval is the duration in between checks
-	Interval time.Duration `yaml:"interval,omitempty"`
-	// URI is the HTTP URI to check
-	URI string `yaml:"uri,omitempty"`
-	// Headers lists static headers that should be added to all requests
-	Headers http.Header `yaml:"headers"`
-	// Threshold is the number of times a check must fail to trigger an
-	// unhealthy state
-	Threshold int `yaml:"threshold,omitempty"`
-}
-
-// TCPChecker is a type of entry in the health section for checking TCP servers.
-type TCPChecker struct {
-	// Timeout is the duration to wait before timing out the TCP connection
-	Timeout time.Duration `yaml:"timeout,omitempty"`
-	// Interval is the duration in between checks
-	Interval time.Duration `yaml:"interval,omitempty"`
-	// Addr is the TCP address to check
-	Addr string `yaml:"addr,omitempty"`
-	// Threshold is the number of times a check must fail to trigger an
-	// unhealthy state
-	Threshold int `yaml:"threshold,omitempty"`
-}
-
-// Health provides the configuration section for health checks.
-type Health struct {
-	// FileCheckers is a list of paths to check
-	FileCheckers []FileChecker `yaml:"file,omitempty"`
-	// HTTPCheckers is a list of URIs to check
-	HTTPCheckers []HTTPChecker `yaml:"http,omitempty"`
-	// TCPCheckers is a list of URIs to check
-	TCPCheckers []TCPChecker `yaml:"tcp,omitempty"`
-	// StorageDriver configures a health check on the configured storage
-	// driver
-	StorageDriver struct {
-		// Enabled turns on the health check for the storage driver
-		Enabled bool `yaml:"enabled,omitempty"`
-		// Interval is the duration in between checks
-		Interval time.Duration `yaml:"interval,omitempty"`
-		// Threshold is the number of times a check must fail to trigger an
-		// unhealthy state
-		Threshold int `yaml:"threshold,omitempty"`
-	} `yaml:"storagedriver,omitempty"`
-}
-
-// v0_1Configuration is a Version 0.1 Configuration struct
-// This is currently aliased to Configuration, as it is the current version
-type v0_1Configuration Configuration
-
-// UnmarshalYAML implements the yaml.Unmarshaler interface
-// Unmarshals a string of the form X.Y into a Version, validating that X and Y can represent unsigned integers
-func (version *Version) UnmarshalYAML(unmarshal func(interface{}) error) error {
-	var versionString string
-	err := unmarshal(&versionString)
-	if err != nil {
-		return err
-	}
-
-	newVersion := Version(versionString)
-	if _, err := newVersion.major(); err != nil {
-		return err
-	}
-
-	if _, err := newVersion.minor(); err != nil {
-		return err
-	}
-
-	*version = newVersion
-	return nil
-}
-
-// CurrentVersion is the most recent Version that can be parsed
-var CurrentVersion = MajorMinorVersion(0, 1)
-
-// Loglevel is the level at which operations are logged
-// This can be error, warn, info, or debug
-type Loglevel string
-
-// UnmarshalYAML implements the yaml.Umarshaler interface
-// Unmarshals a string into a Loglevel, lowercasing the string and validating that it represents a
-// valid loglevel
-func (loglevel *Loglevel) UnmarshalYAML(unmarshal func(interface{}) error) error {
-	var loglevelString string
-	err := unmarshal(&loglevelString)
-	if err != nil {
-		return err
-	}
-
-	loglevelString = strings.ToLower(loglevelString)
-	switch loglevelString {
-	case "error", "warn", "info", "debug":
-	default:
-		return fmt.Errorf("invalid loglevel %s Must be one of [error, warn, info, debug]", loglevelString)
-	}
-
-	*loglevel = Loglevel(loglevelString)
-	return nil
-}
-
-// Parameters defines a key-value parameters mapping
-type Parameters map[string]interface{}
-
-// Storage defines the configuration for registry object storage
-type Storage map[string]Parameters
-
-// Type returns the storage driver type, such as filesystem or s3
-func (storage Storage) Type() string {
-	var storageType []string
-
-	// Return only key in this map
-	for k := range storage {
-		switch k {
-		case "maintenance":
-			// allow configuration of maintenance
-		case "cache":
-			// allow configuration of caching
-		case "delete":
-			// allow configuration of delete
-		case "redirect":
-			// allow configuration of redirect
-		default:
-			storageType = append(storageType, k)
-		}
-	}
-	if len(storageType) > 1 {
-		panic("multiple storage drivers specified in configuration or environment: " + strings.Join(storageType, ", "))
-	}
-	if len(storageType) == 1 {
-		return storageType[0]
-	}
-	return ""
-}
-
-// Parameters returns the Parameters map for a Storage configuration
-func (storage Storage) Parameters() Parameters {
-	return storage[storage.Type()]
-}
-
-// setParameter changes the parameter at the provided key to the new value
-func (storage Storage) setParameter(key string, value interface{}) {
-	storage[storage.Type()][key] = value
-}
-
-// UnmarshalYAML implements the yaml.Unmarshaler interface
-// Unmarshals a single item map into a Storage or a string into a Storage type with no parameters
-func (storage *Storage) UnmarshalYAML(unmarshal func(interface{}) error) error {
-	var storageMap map[string]Parameters
-	err := unmarshal(&storageMap)
-	if err == nil {
-		if len(storageMap) > 1 {
-			types := make([]string, 0, len(storageMap))
-			for k := range storageMap {
-				switch k {
-				case "maintenance":
-					// allow for configuration of maintenance
-				case "cache":
-					// allow configuration of caching
-				case "delete":
-					// allow configuration of delete
-				case "redirect":
-					// allow configuration of redirect
-				default:
-					types = append(types, k)
-				}
-			}
-
-			if len(types) > 1 {
-				return fmt.Errorf("must provide exactly one storage type. Provided: %v", types)
-			}
-		}
-		*storage = storageMap
-		return nil
-	}
-
-	var storageType string
-	err = unmarshal(&storageType)
-	if err == nil {
-		*storage = Storage{storageType: Parameters{}}
-		return nil
-	}
-
-	return err
-}
-
-// MarshalYAML implements the yaml.Marshaler interface
-func (storage Storage) MarshalYAML() (interface{}, error) {
-	if storage.Parameters() == nil {
-		return storage.Type(), nil
-	}
-	return map[string]Parameters(storage), nil
-}
-
-// Auth defines the configuration for registry authorization.
-type Auth map[string]Parameters
-
-// Type returns the auth type, such as htpasswd or token
-func (auth Auth) Type() string {
-	// Return only key in this map
-	for k := range auth {
-		return k
-	}
-	return ""
-}
-
-// Parameters returns the Parameters map for an Auth configuration
-func (auth Auth) Parameters() Parameters {
-	return auth[auth.Type()]
-}
-
-// setParameter changes the parameter at the provided key to the new value
-func (auth Auth) setParameter(key string, value interface{}) {
-	auth[auth.Type()][key] = value
-}
-
-// UnmarshalYAML implements the yaml.Unmarshaler interface
-// Unmarshals a single item map into a Storage or a string into a Storage type with no parameters
-func (auth *Auth) UnmarshalYAML(unmarshal func(interface{}) error) error {
-	var m map[string]Parameters
-	err := unmarshal(&m)
-	if err == nil {
-		if len(m) > 1 {
-			types := make([]string, 0, len(m))
-			for k := range m {
-				types = append(types, k)
-			}
-
-			// TODO(stevvooe): May want to change this slightly for
-			// authorization to allow multiple challenges.
-			return fmt.Errorf("must provide exactly one type. Provided: %v", types)
-
-		}
-		*auth = m
-		return nil
-	}
-
-	var authType string
-	err = unmarshal(&authType)
-	if err == nil {
-		*auth = Auth{authType: Parameters{}}
-		return nil
-	}
-
-	return err
-}
-
-// MarshalYAML implements the yaml.Marshaler interface
-func (auth Auth) MarshalYAML() (interface{}, error) {
-	if auth.Parameters() == nil {
-		return auth.Type(), nil
-	}
-	return map[string]Parameters(auth), nil
-}
-
-// Notifications configures multiple http endpoints.
-type Notifications struct {
-	// EventConfig is the configuration for the event format that is sent to each Endpoint.
-	EventConfig Events `yaml:"events,omitempty"`
-	// Endpoints is a list of http configurations for endpoints that
-	// respond to webhook notifications. In the future, we may allow other
-	// kinds of endpoints, such as external queues.
-	Endpoints []Endpoint `yaml:"endpoints,omitempty"`
-}
-
-// Endpoint describes the configuration of an http webhook notification
-// endpoint.
-type Endpoint struct {
-	Name              string        `yaml:"name"`              // identifies the endpoint in the registry instance.
-	Disabled          bool          `yaml:"disabled"`          // disables the endpoint
-	URL               string        `yaml:"url"`               // post url for the endpoint.
-	Headers           http.Header   `yaml:"headers"`           // static headers that should be added to all requests
-	Timeout           time.Duration `yaml:"timeout"`           // HTTP timeout
-	Threshold         int           `yaml:"threshold"`         // circuit breaker threshold before backing off on failure
-	Backoff           time.Duration `yaml:"backoff"`           // backoff duration
-	IgnoredMediaTypes []string      `yaml:"ignoredmediatypes"` // target media types to ignore
-	Ignore            Ignore        `yaml:"ignore"`            // ignore event types
-}
-
-// Events configures notification events.
-type Events struct {
-	IncludeReferences bool `yaml:"includereferences"` // include reference data in manifest events
-}
-
-// Ignore configures mediaTypes and actions of the event, that it won't be propagated
-type Ignore struct {
-	MediaTypes []string `yaml:"mediatypes"` // target media types to ignore
-	Actions    []string `yaml:"actions"`    // ignore action types
-}
-
-// Reporting defines error reporting methods.
-type Reporting struct {
-	// Bugsnag configures error reporting for Bugsnag (bugsnag.com).
-	Bugsnag BugsnagReporting `yaml:"bugsnag,omitempty"`
-	// NewRelic configures error reporting for NewRelic (newrelic.com)
-	NewRelic NewRelicReporting `yaml:"newrelic,omitempty"`
-}
-
-// BugsnagReporting configures error reporting for Bugsnag (bugsnag.com).
-type BugsnagReporting struct {
-	// APIKey is the Bugsnag api key.
-	APIKey string `yaml:"apikey,omitempty"`
-	// ReleaseStage tracks where the registry is deployed.
-	// Examples: production, staging, development
-	ReleaseStage string `yaml:"releasestage,omitempty"`
-	// Endpoint is used for specifying an enterprise Bugsnag endpoint.
-	Endpoint string `yaml:"endpoint,omitempty"`
-}
-
-// NewRelicReporting configures error reporting for NewRelic (newrelic.com)
-type NewRelicReporting struct {
-	// LicenseKey is the NewRelic user license key
-	LicenseKey string `yaml:"licensekey,omitempty"`
-	// Name is the component name of the registry in NewRelic
-	Name string `yaml:"name,omitempty"`
-	// Verbose configures debug output to STDOUT
-	Verbose bool `yaml:"verbose,omitempty"`
-}
-
-// Middleware configures named middlewares to be applied at injection points.
-type Middleware struct {
-	// Name the middleware registers itself as
-	Name string `yaml:"name"`
-	// Flag to disable middleware easily
-	Disabled bool `yaml:"disabled,omitempty"`
-	// Map of parameters that will be passed to the middleware's initialization function
-	Options Parameters `yaml:"options"`
-}
-
-// Proxy configures the registry as a pull through cache
-type Proxy struct {
-	// RemoteURL is the URL of the remote registry
-	RemoteURL string `yaml:"remoteurl"`
-
-	// Username of the hub user
-	Username string `yaml:"username"`
-
-	// Password of the hub user
-	Password string `yaml:"password"`
-}
-
-// Parse parses an input configuration yaml document into a Configuration struct
-// This should generally be capable of handling old configuration format versions
-//
-// Environment variables may be used to override configuration parameters other than version,
-// following the scheme below:
-// Configuration.Abc may be replaced by the value of REGISTRY_ABC,
-// Configuration.Abc.Xyz may be replaced by the value of REGISTRY_ABC_XYZ, and so forth
-func Parse(rd io.Reader) (*Configuration, error) {
-	in, err := ioutil.ReadAll(rd)
-	if err != nil {
-		return nil, err
-	}
-
-	p := NewParser("registry", []VersionedParseInfo{
-		{
-			Version: MajorMinorVersion(0, 1),
-			ParseAs: reflect.TypeOf(v0_1Configuration{}),
-			ConversionFunc: func(c interface{}) (interface{}, error) {
-				if v0_1, ok := c.(*v0_1Configuration); ok {
-					if v0_1.Log.Level == Loglevel("") {
-						if v0_1.Loglevel != Loglevel("") {
-							v0_1.Log.Level = v0_1.Loglevel
-						} else {
-							v0_1.Log.Level = Loglevel("info")
-						}
-					}
-					if v0_1.Loglevel != Loglevel("") {
-						v0_1.Loglevel = Loglevel("")
-					}
-
-					if v0_1.Catalog.MaxEntries <= 0 {
-						v0_1.Catalog.MaxEntries = 1000
-					}
-
-					if v0_1.Storage.Type() == "" {
-						return nil, errors.New("no storage configuration provided")
-					}
-					return (*Configuration)(v0_1), nil
-				}
-				return nil, fmt.Errorf("expected *v0_1Configuration, received %#v", c)
-			},
-		},
-	})
-
-	config := new(Configuration)
-	err = p.Parse(in, config)
-	if err != nil {
-		return nil, err
-	}
-
-	return config, nil
-}
diff --git a/vendor/github.com/docker/distribution/configuration/parser.go b/vendor/github.com/docker/distribution/configuration/parser.go
deleted file mode 100644
index 2bf59d219..000000000
--- a/vendor/github.com/docker/distribution/configuration/parser.go
+++ /dev/null
@@ -1,283 +0,0 @@
-package configuration
-
-import (
-	"fmt"
-	"os"
-	"reflect"
-	"sort"
-	"strconv"
-	"strings"
-
-	"github.com/sirupsen/logrus"
-	"gopkg.in/yaml.v2"
-)
-
-// Version is a major/minor version pair of the form Major.Minor
-// Major version upgrades indicate structure or type changes
-// Minor version upgrades should be strictly additive
-type Version string
-
-// MajorMinorVersion constructs a Version from its Major and Minor components
-func MajorMinorVersion(major, minor uint) Version {
-	return Version(fmt.Sprintf("%d.%d", major, minor))
-}
-
-func (version Version) major() (uint, error) {
-	majorPart := strings.Split(string(version), ".")[0]
-	major, err := strconv.ParseUint(majorPart, 10, 0)
-	return uint(major), err
-}
-
-// Major returns the major version portion of a Version
-func (version Version) Major() uint {
-	major, _ := version.major()
-	return major
-}
-
-func (version Version) minor() (uint, error) {
-	minorPart := strings.Split(string(version), ".")[1]
-	minor, err := strconv.ParseUint(minorPart, 10, 0)
-	return uint(minor), err
-}
-
-// Minor returns the minor version portion of a Version
-func (version Version) Minor() uint {
-	minor, _ := version.minor()
-	return minor
-}
-
-// VersionedParseInfo defines how a specific version of a configuration should
-// be parsed into the current version
-type VersionedParseInfo struct {
-	// Version is the version which this parsing information relates to
-	Version Version
-	// ParseAs defines the type which a configuration file of this version
-	// should be parsed into
-	ParseAs reflect.Type
-	// ConversionFunc defines a method for converting the parsed configuration
-	// (of type ParseAs) into the current configuration version
-	// Note: this method signature is very unclear with the absence of generics
-	ConversionFunc func(interface{}) (interface{}, error)
-}
-
-type envVar struct {
-	name  string
-	value string
-}
-
-type envVars []envVar
-
-func (a envVars) Len() int           { return len(a) }
-func (a envVars) Swap(i, j int)      { a[i], a[j] = a[j], a[i] }
-func (a envVars) Less(i, j int) bool { return a[i].name < a[j].name }
-
-// Parser can be used to parse a configuration file and environment of a defined
-// version into a unified output structure
-type Parser struct {
-	prefix  string
-	mapping map[Version]VersionedParseInfo
-	env     envVars
-}
-
-// NewParser returns a *Parser with the given environment prefix which handles
-// versioned configurations which match the given parseInfos
-func NewParser(prefix string, parseInfos []VersionedParseInfo) *Parser {
-	p := Parser{prefix: prefix, mapping: make(map[Version]VersionedParseInfo)}
-
-	for _, parseInfo := range parseInfos {
-		p.mapping[parseInfo.Version] = parseInfo
-	}
-
-	for _, env := range os.Environ() {
-		envParts := strings.SplitN(env, "=", 2)
-		p.env = append(p.env, envVar{envParts[0], envParts[1]})
-	}
-
-	// We must sort the environment variables lexically by name so that
-	// more specific variables are applied before less specific ones
-	// (i.e. REGISTRY_STORAGE before
-	// REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY). This sucks, but it's a
-	// lot simpler and easier to get right than unmarshalling map entries
-	// into temporaries and merging with the existing entry.
-	sort.Sort(p.env)
-
-	return &p
-}
-
-// Parse reads in the given []byte and environment and writes the resulting
-// configuration into the input v
-//
-// Environment variables may be used to override configuration parameters other
-// than version, following the scheme below:
-// v.Abc may be replaced by the value of PREFIX_ABC,
-// v.Abc.Xyz may be replaced by the value of PREFIX_ABC_XYZ, and so forth
-func (p *Parser) Parse(in []byte, v interface{}) error {
-	var versionedStruct struct {
-		Version Version
-	}
-
-	if err := yaml.Unmarshal(in, &versionedStruct); err != nil {
-		return err
-	}
-
-	parseInfo, ok := p.mapping[versionedStruct.Version]
-	if !ok {
-		return fmt.Errorf("unsupported version: %q", versionedStruct.Version)
-	}
-
-	parseAs := reflect.New(parseInfo.ParseAs)
-	err := yaml.Unmarshal(in, parseAs.Interface())
-	if err != nil {
-		return err
-	}
-
-	for _, envVar := range p.env {
-		pathStr := envVar.name
-		if strings.HasPrefix(pathStr, strings.ToUpper(p.prefix)+"_") {
-			path := strings.Split(pathStr, "_")
-
-			err = p.overwriteFields(parseAs, pathStr, path[1:], envVar.value)
-			if err != nil {
-				return err
-			}
-		}
-	}
-
-	c, err := parseInfo.ConversionFunc(parseAs.Interface())
-	if err != nil {
-		return err
-	}
-	reflect.ValueOf(v).Elem().Set(reflect.Indirect(reflect.ValueOf(c)))
-	return nil
-}
-
-// overwriteFields replaces configuration values with alternate values specified
-// through the environment. Precondition: an empty path slice must never be
-// passed in.
-func (p *Parser) overwriteFields(v reflect.Value, fullpath string, path []string, payload string) error {
-	for v.Kind() == reflect.Ptr {
-		if v.IsNil() {
-			panic("encountered nil pointer while handling environment variable " + fullpath)
-		}
-		v = reflect.Indirect(v)
-	}
-	switch v.Kind() {
-	case reflect.Struct:
-		return p.overwriteStruct(v, fullpath, path, payload)
-	case reflect.Map:
-		return p.overwriteMap(v, fullpath, path, payload)
-	case reflect.Interface:
-		if v.NumMethod() == 0 {
-			if !v.IsNil() {
-				return p.overwriteFields(v.Elem(), fullpath, path, payload)
-			}
-			// Interface was empty; create an implicit map
-			var template map[string]interface{}
-			wrappedV := reflect.MakeMap(reflect.TypeOf(template))
-			v.Set(wrappedV)
-			return p.overwriteMap(wrappedV, fullpath, path, payload)
-		}
-	}
-	return nil
-}
-
-func (p *Parser) overwriteStruct(v reflect.Value, fullpath string, path []string, payload string) error {
-	// Generate case-insensitive map of struct fields
-	byUpperCase := make(map[string]int)
-	for i := 0; i < v.NumField(); i++ {
-		sf := v.Type().Field(i)
-		upper := strings.ToUpper(sf.Name)
-		if _, present := byUpperCase[upper]; present {
-			panic(fmt.Sprintf("field name collision in configuration object: %s", sf.Name))
-		}
-		byUpperCase[upper] = i
-	}
-
-	fieldIndex, present := byUpperCase[path[0]]
-	if !present {
-		logrus.Warnf("Ignoring unrecognized environment variable %s", fullpath)
-		return nil
-	}
-	field := v.Field(fieldIndex)
-	sf := v.Type().Field(fieldIndex)
-
-	if len(path) == 1 {
-		// Env var specifies this field directly
-		fieldVal := reflect.New(sf.Type)
-		err := yaml.Unmarshal([]byte(payload), fieldVal.Interface())
-		if err != nil {
-			return err
-		}
-		field.Set(reflect.Indirect(fieldVal))
-		return nil
-	}
-
-	// If the field is nil, must create an object
-	switch sf.Type.Kind() {
-	case reflect.Map:
-		if field.IsNil() {
-			field.Set(reflect.MakeMap(sf.Type))
-		}
-	case reflect.Ptr:
-		if field.IsNil() {
-			field.Set(reflect.New(sf.Type))
-		}
-	}
-
-	err := p.overwriteFields(field, fullpath, path[1:], payload)
-	if err != nil {
-		return err
-	}
-
-	return nil
-}
-
-func (p *Parser) overwriteMap(m reflect.Value, fullpath string, path []string, payload string) error {
-	if m.Type().Key().Kind() != reflect.String {
-		// non-string keys unsupported
-		logrus.Warnf("Ignoring environment variable %s involving map with non-string keys", fullpath)
-		return nil
-	}
-
-	if len(path) > 1 {
-		// If a matching key exists, get its value and continue the
-		// overwriting process.
-		for _, k := range m.MapKeys() {
-			if strings.ToUpper(k.String()) == path[0] {
-				mapValue := m.MapIndex(k)
-				// If the existing value is nil, we want to
-				// recreate it instead of using this value.
-				if (mapValue.Kind() == reflect.Ptr ||
-					mapValue.Kind() == reflect.Interface ||
-					mapValue.Kind() == reflect.Map) &&
-					mapValue.IsNil() {
-					break
-				}
-				return p.overwriteFields(mapValue, fullpath, path[1:], payload)
-			}
-		}
-	}
-
-	// (Re)create this key
-	var mapValue reflect.Value
-	if m.Type().Elem().Kind() == reflect.Map {
-		mapValue = reflect.MakeMap(m.Type().Elem())
-	} else {
-		mapValue = reflect.New(m.Type().Elem())
-	}
-	if len(path) > 1 {
-		err := p.overwriteFields(mapValue, fullpath, path[1:], payload)
-		if err != nil {
-			return err
-		}
-	} else {
-		err := yaml.Unmarshal([]byte(payload), mapValue.Interface())
-		if err != nil {
-			return err
-		}
-	}
-
-	m.SetMapIndex(reflect.ValueOf(strings.ToLower(path[0])), reflect.Indirect(mapValue))
-
-	return nil
-}
diff --git a/vendor/github.com/docker/distribution/context/context.go b/vendor/github.com/docker/distribution/context/context.go
deleted file mode 100644
index ab6865467..000000000
--- a/vendor/github.com/docker/distribution/context/context.go
+++ /dev/null
@@ -1,73 +0,0 @@
-package context
-
-import (
-	"context"
-	"sync"
-
-	"github.com/docker/distribution/uuid"
-)
-
-// instanceContext is a context that provides only an instance id. It is
-// provided as the main background context.
-type instanceContext struct {
-	context.Context
-	id   string    // id of context, logged as "instance.id"
-	once sync.Once // once protect generation of the id
-}
-
-func (ic *instanceContext) Value(key interface{}) interface{} {
-	if key == "instance.id" {
-		ic.once.Do(func() {
-			// We want to lazy initialize the UUID such that we don't
-			// call a random generator from the package initialization
-			// code. For various reasons random could not be available
-			// https://github.com/docker/distribution/issues/782
-			ic.id = uuid.Generate().String()
-		})
-		return ic.id
-	}
-
-	return ic.Context.Value(key)
-}
-
-var background = &instanceContext{
-	Context: context.Background(),
-}
-
-// Background returns a non-nil, empty Context. The background context
-// provides a single key, "instance.id" that is globally unique to the
-// process.
-func Background() context.Context {
-	return background
-}
-
-// stringMapContext is a simple context implementation that checks a map for a
-// key, falling back to a parent if not present.
-type stringMapContext struct {
-	context.Context
-	m map[string]interface{}
-}
-
-// WithValues returns a context that proxies lookups through a map. Only
-// supports string keys.
-func WithValues(ctx context.Context, m map[string]interface{}) context.Context {
-	mo := make(map[string]interface{}, len(m)) // make our own copy.
-	for k, v := range m {
-		mo[k] = v
-	}
-
-	return stringMapContext{
-		Context: ctx,
-		m:       mo,
-	}
-}
-
-func (smc stringMapContext) Value(key interface{}) interface{} {
-	if ks, ok := key.(string); ok {
-		if v, ok := smc.m[ks]; ok {
-			return v
-		}
-	}
-
-	return smc.Context.Value(key)
-}
diff --git a/vendor/github.com/docker/distribution/context/doc.go b/vendor/github.com/docker/distribution/context/doc.go
deleted file mode 100644
index 51376dd69..000000000
--- a/vendor/github.com/docker/distribution/context/doc.go
+++ /dev/null
@@ -1,88 +0,0 @@
-// Package context provides several utilities for working with
-// Go's context in http requests. Primarily, the focus is on logging relevant
-// request information but this package is not limited to that purpose.
-//
-// The easiest way to get started is to get the background context:
-//
-//	ctx := context.Background()
-//
-// The returned context should be passed around your application and be the
-// root of all other context instances. If the application has a version, this
-// line should be called before anything else:
-//
-//	ctx := context.WithVersion(context.Background(), version)
-//
-// The above will store the version in the context and will be available to
-// the logger.
-//
-// # Logging
-//
-// The most useful aspect of this package is GetLogger. This function takes
-// any context.Context interface and returns the current logger from the
-// context. Canonical usage looks like this:
-//
-//	GetLogger(ctx).Infof("something interesting happened")
-//
-// GetLogger also takes optional key arguments. The keys will be looked up in
-// the context and reported with the logger. The following example would
-// return a logger that prints the version with each log message:
-//
-//	ctx := context.Context(context.Background(), "version", version)
-//	GetLogger(ctx, "version").Infof("this log message has a version field")
-//
-// The above would print out a log message like this:
-//
-//	INFO[0000] this log message has a version field        version=v2.0.0-alpha.2.m
-//
-// When used with WithLogger, we gain the ability to decorate the context with
-// loggers that have information from disparate parts of the call stack.
-// Following from the version example, we can build a new context with the
-// configured logger such that we always print the version field:
-//
-//	ctx = WithLogger(ctx, GetLogger(ctx, "version"))
-//
-// Since the logger has been pushed to the context, we can now get the version
-// field for free with our log messages. Future calls to GetLogger on the new
-// context will have the version field:
-//
-//	GetLogger(ctx).Infof("this log message has a version field")
-//
-// This becomes more powerful when we start stacking loggers. Let's say we
-// have the version logger from above but also want a request id. Using the
-// context above, in our request scoped function, we place another logger in
-// the context:
-//
-//	ctx = context.WithValue(ctx, "http.request.id", "unique id") // called when building request context
-//	ctx = WithLogger(ctx, GetLogger(ctx, "http.request.id"))
-//
-// When GetLogger is called on the new context, "http.request.id" will be
-// included as a logger field, along with the original "version" field:
-//
-//	INFO[0000] this log message has a version field        http.request.id=unique id version=v2.0.0-alpha.2.m
-//
-// Note that this only affects the new context, the previous context, with the
-// version field, can be used independently. Put another way, the new logger,
-// added to the request context, is unique to that context and can have
-// request scoped variables.
-//
-// # HTTP Requests
-//
-// This package also contains several methods for working with http requests.
-// The concepts are very similar to those described above. We simply place the
-// request in the context using WithRequest. This makes the request variables
-// available. GetRequestLogger can then be called to get request specific
-// variables in a log line:
-//
-//	ctx = WithRequest(ctx, req)
-//	GetRequestLogger(ctx).Infof("request variables")
-//
-// Like above, if we want to include the request data in all log messages in
-// the context, we push the logger to a new context and use that one:
-//
-//	ctx = WithLogger(ctx, GetRequestLogger(ctx))
-//
-// The concept is fairly powerful and ensures that calls throughout the stack
-// can be traced in log messages. Using the fields like "http.request.id", one
-// can analyze call flow for a particular request with a simple grep of the
-// logs.
-package context
diff --git a/vendor/github.com/docker/distribution/context/http.go b/vendor/github.com/docker/distribution/context/http.go
deleted file mode 100644
index 48e354865..000000000
--- a/vendor/github.com/docker/distribution/context/http.go
+++ /dev/null
@@ -1,333 +0,0 @@
-package context
-
-import (
-	"context"
-	"errors"
-	"net"
-	"net/http"
-	"strings"
-	"sync"
-	"time"
-
-	"github.com/docker/distribution/uuid"
-	"github.com/gorilla/mux"
-	log "github.com/sirupsen/logrus"
-)
-
-// Common errors used with this package.
-var (
-	ErrNoRequestContext        = errors.New("no http request in context")
-	ErrNoResponseWriterContext = errors.New("no http response in context")
-)
-
-func parseIP(ipStr string) net.IP {
-	ip := net.ParseIP(ipStr)
-	if ip == nil {
-		log.Warnf("invalid remote IP address: %q", ipStr)
-	}
-	return ip
-}
-
-// RemoteAddr extracts the remote address of the request, taking into
-// account proxy headers.
-func RemoteAddr(r *http.Request) string {
-	if prior := r.Header.Get("X-Forwarded-For"); prior != "" {
-		proxies := strings.Split(prior, ",")
-		if len(proxies) > 0 {
-			remoteAddr := strings.Trim(proxies[0], " ")
-			if parseIP(remoteAddr) != nil {
-				return remoteAddr
-			}
-		}
-	}
-	// X-Real-Ip is less supported, but worth checking in the
-	// absence of X-Forwarded-For
-	if realIP := r.Header.Get("X-Real-Ip"); realIP != "" {
-		if parseIP(realIP) != nil {
-			return realIP
-		}
-	}
-
-	return r.RemoteAddr
-}
-
-// RemoteIP extracts the remote IP of the request, taking into
-// account proxy headers.
-func RemoteIP(r *http.Request) string {
-	addr := RemoteAddr(r)
-
-	// Try parsing it as "IP:port"
-	if ip, _, err := net.SplitHostPort(addr); err == nil {
-		return ip
-	}
-
-	return addr
-}
-
-// WithRequest places the request on the context. The context of the request
-// is assigned a unique id, available at "http.request.id". The request itself
-// is available at "http.request". Other common attributes are available under
-// the prefix "http.request.". If a request is already present on the context,
-// this method will panic.
-func WithRequest(ctx context.Context, r *http.Request) context.Context {
-	if ctx.Value("http.request") != nil {
-		// NOTE(stevvooe): This needs to be considered a programming error. It
-		// is unlikely that we'd want to have more than one request in
-		// context.
-		panic("only one request per context")
-	}
-
-	return &httpRequestContext{
-		Context:   ctx,
-		startedAt: time.Now(),
-		id:        uuid.Generate().String(),
-		r:         r,
-	}
-}
-
-// GetRequest returns the http request in the given context. Returns
-// ErrNoRequestContext if the context does not have an http request associated
-// with it.
-func GetRequest(ctx context.Context) (*http.Request, error) {
-	if r, ok := ctx.Value("http.request").(*http.Request); r != nil && ok {
-		return r, nil
-	}
-	return nil, ErrNoRequestContext
-}
-
-// GetRequestID attempts to resolve the current request id, if possible. An
-// error is return if it is not available on the context.
-func GetRequestID(ctx context.Context) string {
-	return GetStringValue(ctx, "http.request.id")
-}
-
-// WithResponseWriter returns a new context and response writer that makes
-// interesting response statistics available within the context.
-func WithResponseWriter(ctx context.Context, w http.ResponseWriter) (context.Context, http.ResponseWriter) {
-	irw := instrumentedResponseWriter{
-		ResponseWriter: w,
-		Context:        ctx,
-	}
-	return &irw, &irw
-}
-
-// GetResponseWriter returns the http.ResponseWriter from the provided
-// context. If not present, ErrNoResponseWriterContext is returned. The
-// returned instance provides instrumentation in the context.
-func GetResponseWriter(ctx context.Context) (http.ResponseWriter, error) {
-	v := ctx.Value("http.response")
-
-	rw, ok := v.(http.ResponseWriter)
-	if !ok || rw == nil {
-		return nil, ErrNoResponseWriterContext
-	}
-
-	return rw, nil
-}
-
-// getVarsFromRequest let's us change request vars implementation for testing
-// and maybe future changes.
-var getVarsFromRequest = mux.Vars
-
-// WithVars extracts gorilla/mux vars and makes them available on the returned
-// context. Variables are available at keys with the prefix "vars.". For
-// example, if looking for the variable "name", it can be accessed as
-// "vars.name". Implementations that are accessing values need not know that
-// the underlying context is implemented with gorilla/mux vars.
-func WithVars(ctx context.Context, r *http.Request) context.Context {
-	return &muxVarsContext{
-		Context: ctx,
-		vars:    getVarsFromRequest(r),
-	}
-}
-
-// GetRequestLogger returns a logger that contains fields from the request in
-// the current context. If the request is not available in the context, no
-// fields will display. Request loggers can safely be pushed onto the context.
-func GetRequestLogger(ctx context.Context) Logger {
-	return GetLogger(ctx,
-		"http.request.id",
-		"http.request.method",
-		"http.request.host",
-		"http.request.uri",
-		"http.request.referer",
-		"http.request.useragent",
-		"http.request.remoteaddr",
-		"http.request.contenttype")
-}
-
-// GetResponseLogger reads the current response stats and builds a logger.
-// Because the values are read at call time, pushing a logger returned from
-// this function on the context will lead to missing or invalid data. Only
-// call this at the end of a request, after the response has been written.
-func GetResponseLogger(ctx context.Context) Logger {
-	l := getLogrusLogger(ctx,
-		"http.response.written",
-		"http.response.status",
-		"http.response.contenttype")
-
-	duration := Since(ctx, "http.request.startedat")
-
-	if duration > 0 {
-		l = l.WithField("http.response.duration", duration.String())
-	}
-
-	return l
-}
-
-// httpRequestContext makes information about a request available to context.
-type httpRequestContext struct {
-	context.Context
-
-	startedAt time.Time
-	id        string
-	r         *http.Request
-}
-
-// Value returns a keyed element of the request for use in the context. To get
-// the request itself, query "request". For other components, access them as
-// "request.<component>". For example, r.RequestURI
-func (ctx *httpRequestContext) Value(key interface{}) interface{} {
-	if keyStr, ok := key.(string); ok {
-		if keyStr == "http.request" {
-			return ctx.r
-		}
-
-		if !strings.HasPrefix(keyStr, "http.request.") {
-			goto fallback
-		}
-
-		parts := strings.Split(keyStr, ".")
-
-		if len(parts) != 3 {
-			goto fallback
-		}
-
-		switch parts[2] {
-		case "uri":
-			return ctx.r.RequestURI
-		case "remoteaddr":
-			return RemoteAddr(ctx.r)
-		case "method":
-			return ctx.r.Method
-		case "host":
-			return ctx.r.Host
-		case "referer":
-			referer := ctx.r.Referer()
-			if referer != "" {
-				return referer
-			}
-		case "useragent":
-			return ctx.r.UserAgent()
-		case "id":
-			return ctx.id
-		case "startedat":
-			return ctx.startedAt
-		case "contenttype":
-			ct := ctx.r.Header.Get("Content-Type")
-			if ct != "" {
-				return ct
-			}
-		}
-	}
-
-fallback:
-	return ctx.Context.Value(key)
-}
-
-type muxVarsContext struct {
-	context.Context
-	vars map[string]string
-}
-
-func (ctx *muxVarsContext) Value(key interface{}) interface{} {
-	if keyStr, ok := key.(string); ok {
-		if keyStr == "vars" {
-			return ctx.vars
-		}
-
-		if v, ok := ctx.vars[strings.TrimPrefix(keyStr, "vars.")]; ok {
-			return v
-		}
-	}
-
-	return ctx.Context.Value(key)
-}
-
-// instrumentedResponseWriter provides response writer information in a
-// context. This variant is only used in the case where CloseNotifier is not
-// implemented by the parent ResponseWriter.
-type instrumentedResponseWriter struct {
-	http.ResponseWriter
-	context.Context
-
-	mu      sync.Mutex
-	status  int
-	written int64
-}
-
-func (irw *instrumentedResponseWriter) Write(p []byte) (n int, err error) {
-	n, err = irw.ResponseWriter.Write(p)
-
-	irw.mu.Lock()
-	irw.written += int64(n)
-
-	// Guess the likely status if not set.
-	if irw.status == 0 {
-		irw.status = http.StatusOK
-	}
-
-	irw.mu.Unlock()
-
-	return
-}
-
-func (irw *instrumentedResponseWriter) WriteHeader(status int) {
-	irw.ResponseWriter.WriteHeader(status)
-
-	irw.mu.Lock()
-	irw.status = status
-	irw.mu.Unlock()
-}
-
-func (irw *instrumentedResponseWriter) Flush() {
-	if flusher, ok := irw.ResponseWriter.(http.Flusher); ok {
-		flusher.Flush()
-	}
-}
-
-func (irw *instrumentedResponseWriter) Value(key interface{}) interface{} {
-	if keyStr, ok := key.(string); ok {
-		if keyStr == "http.response" {
-			return irw
-		}
-
-		if !strings.HasPrefix(keyStr, "http.response.") {
-			goto fallback
-		}
-
-		parts := strings.Split(keyStr, ".")
-
-		if len(parts) != 3 {
-			goto fallback
-		}
-
-		irw.mu.Lock()
-		defer irw.mu.Unlock()
-
-		switch parts[2] {
-		case "written":
-			return irw.written
-		case "status":
-			return irw.status
-		case "contenttype":
-			contentType := irw.Header().Get("Content-Type")
-			if contentType != "" {
-				return contentType
-			}
-		}
-	}
-
-fallback:
-	return irw.Context.Value(key)
-}
diff --git a/vendor/github.com/docker/distribution/context/logger.go b/vendor/github.com/docker/distribution/context/logger.go
deleted file mode 100644
index 3e5b81bbf..000000000
--- a/vendor/github.com/docker/distribution/context/logger.go
+++ /dev/null
@@ -1,121 +0,0 @@
-package context
-
-import (
-	"context"
-	"fmt"
-	"runtime"
-
-	"github.com/sirupsen/logrus"
-)
-
-// Logger provides a leveled-logging interface.
-type Logger interface {
-	// standard logger methods
-	Print(args ...interface{})
-	Printf(format string, args ...interface{})
-	Println(args ...interface{})
-
-	Fatal(args ...interface{})
-	Fatalf(format string, args ...interface{})
-	Fatalln(args ...interface{})
-
-	Panic(args ...interface{})
-	Panicf(format string, args ...interface{})
-	Panicln(args ...interface{})
-
-	// Leveled methods, from logrus
-	Debug(args ...interface{})
-	Debugf(format string, args ...interface{})
-	Debugln(args ...interface{})
-
-	Error(args ...interface{})
-	Errorf(format string, args ...interface{})
-	Errorln(args ...interface{})
-
-	Info(args ...interface{})
-	Infof(format string, args ...interface{})
-	Infoln(args ...interface{})
-
-	Warn(args ...interface{})
-	Warnf(format string, args ...interface{})
-	Warnln(args ...interface{})
-
-	WithError(err error) *logrus.Entry
-}
-
-type loggerKey struct{}
-
-// WithLogger creates a new context with provided logger.
-func WithLogger(ctx context.Context, logger Logger) context.Context {
-	return context.WithValue(ctx, loggerKey{}, logger)
-}
-
-// GetLoggerWithField returns a logger instance with the specified field key
-// and value without affecting the context. Extra specified keys will be
-// resolved from the context.
-func GetLoggerWithField(ctx context.Context, key, value interface{}, keys ...interface{}) Logger {
-	return getLogrusLogger(ctx, keys...).WithField(fmt.Sprint(key), value)
-}
-
-// GetLoggerWithFields returns a logger instance with the specified fields
-// without affecting the context. Extra specified keys will be resolved from
-// the context.
-func GetLoggerWithFields(ctx context.Context, fields map[interface{}]interface{}, keys ...interface{}) Logger {
-	// must convert from interface{} -> interface{} to string -> interface{} for logrus.
-	lfields := make(logrus.Fields, len(fields))
-	for key, value := range fields {
-		lfields[fmt.Sprint(key)] = value
-	}
-
-	return getLogrusLogger(ctx, keys...).WithFields(lfields)
-}
-
-// GetLogger returns the logger from the current context, if present. If one
-// or more keys are provided, they will be resolved on the context and
-// included in the logger. While context.Value takes an interface, any key
-// argument passed to GetLogger will be passed to fmt.Sprint when expanded as
-// a logging key field. If context keys are integer constants, for example,
-// its recommended that a String method is implemented.
-func GetLogger(ctx context.Context, keys ...interface{}) Logger {
-	return getLogrusLogger(ctx, keys...)
-}
-
-// GetLogrusLogger returns the logrus logger for the context. If one more keys
-// are provided, they will be resolved on the context and included in the
-// logger. Only use this function if specific logrus functionality is
-// required.
-func getLogrusLogger(ctx context.Context, keys ...interface{}) *logrus.Entry {
-	var logger *logrus.Entry
-
-	// Get a logger, if it is present.
-	loggerInterface := ctx.Value(loggerKey{})
-	if loggerInterface != nil {
-		if lgr, ok := loggerInterface.(*logrus.Entry); ok {
-			logger = lgr
-		}
-	}
-
-	if logger == nil {
-		fields := logrus.Fields{}
-
-		// Fill in the instance id, if we have it.
-		instanceID := ctx.Value("instance.id")
-		if instanceID != nil {
-			fields["instance.id"] = instanceID
-		}
-
-		fields["go.version"] = runtime.Version()
-		// If no logger is found, just return the standard logger.
-		logger = logrus.StandardLogger().WithFields(fields)
-	}
-
-	fields := logrus.Fields{}
-	for _, key := range keys {
-		v := ctx.Value(key)
-		if v != nil {
-			fields[fmt.Sprint(key)] = v
-		}
-	}
-
-	return logger.WithFields(fields)
-}
diff --git a/vendor/github.com/docker/distribution/context/trace.go b/vendor/github.com/docker/distribution/context/trace.go
deleted file mode 100644
index 092ef608c..000000000
--- a/vendor/github.com/docker/distribution/context/trace.go
+++ /dev/null
@@ -1,105 +0,0 @@
-package context
-
-import (
-	"context"
-	"runtime"
-	"time"
-
-	"github.com/docker/distribution/uuid"
-)
-
-// WithTrace allocates a traced timing span in a new context. This allows a
-// caller to track the time between calling WithTrace and the returned done
-// function. When the done function is called, a log message is emitted with a
-// "trace.duration" field, corresponding to the elapsed time and a
-// "trace.func" field, corresponding to the function that called WithTrace.
-//
-// The logging keys "trace.id" and "trace.parent.id" are provided to implement
-// dapper-like tracing. This function should be complemented with a WithSpan
-// method that could be used for tracing distributed RPC calls.
-//
-// The main benefit of this function is to post-process log messages or
-// intercept them in a hook to provide timing data. Trace ids and parent ids
-// can also be linked to provide call tracing, if so required.
-//
-// Here is an example of the usage:
-//
-//	func timedOperation(ctx Context) {
-//		ctx, done := WithTrace(ctx)
-//		defer done("this will be the log message")
-//		// ... function body ...
-//	}
-//
-// If the function ran for roughly 1s, such a usage would emit a log message
-// as follows:
-//
-//	INFO[0001] this will be the log message  trace.duration=1.004575763s trace.func=github.com/docker/distribution/context.traceOperation trace.id=<id> ...
-//
-// Notice that the function name is automatically resolved, along with the
-// package and a trace id is emitted that can be linked with parent ids.
-func WithTrace(ctx context.Context) (context.Context, func(format string, a ...interface{})) {
-	if ctx == nil {
-		ctx = Background()
-	}
-
-	pc, file, line, _ := runtime.Caller(1)
-	f := runtime.FuncForPC(pc)
-	ctx = &traced{
-		Context: ctx,
-		id:      uuid.Generate().String(),
-		start:   time.Now(),
-		parent:  GetStringValue(ctx, "trace.id"),
-		fnname:  f.Name(),
-		file:    file,
-		line:    line,
-	}
-
-	return ctx, func(format string, a ...interface{}) {
-		GetLogger(ctx,
-			"trace.duration",
-			"trace.id",
-			"trace.parent.id",
-			"trace.func",
-			"trace.file",
-			"trace.line").
-			Debugf(format, a...)
-	}
-}
-
-// traced represents a context that is traced for function call timing. It
-// also provides fast lookup for the various attributes that are available on
-// the trace.
-type traced struct {
-	context.Context
-	id     string
-	parent string
-	start  time.Time
-	fnname string
-	file   string
-	line   int
-}
-
-func (ts *traced) Value(key interface{}) interface{} {
-	switch key {
-	case "trace.start":
-		return ts.start
-	case "trace.duration":
-		return time.Since(ts.start)
-	case "trace.id":
-		return ts.id
-	case "trace.parent.id":
-		if ts.parent == "" {
-			return nil // must return nil to signal no parent.
-		}
-
-		return ts.parent
-	case "trace.func":
-		return ts.fnname
-	case "trace.file":
-		return ts.file
-	case "trace.line":
-		return ts.line
-	}
-
-	return ts.Context.Value(key)
-}
diff --git a/vendor/github.com/docker/distribution/context/util.go b/vendor/github.com/docker/distribution/context/util.go
deleted file mode 100644
index c462e7563..000000000
--- a/vendor/github.com/docker/distribution/context/util.go
+++ /dev/null
@@ -1,25 +0,0 @@
-package context
-
-import (
-	"context"
-	"time"
-)
-
-// Since looks up key, which should be a time.Time, and returns the duration
-// since that time. If the key is not found, the value returned will be zero.
-// This is helpful when inferring metrics related to context execution times.
-func Since(ctx context.Context, key interface{}) time.Duration {
-	if startedAt, ok := ctx.Value(key).(time.Time); ok {
-		return time.Since(startedAt)
-	}
-	return 0
-}
-
-// GetStringValue returns a string value from the context. The empty string
-// will be returned if not found.
-func GetStringValue(ctx context.Context, key interface{}) (value string) {
-	if valuev, ok := ctx.Value(key).(string); ok {
-		value = valuev
-	}
-	return value
-}
diff --git a/vendor/github.com/docker/distribution/context/version.go b/vendor/github.com/docker/distribution/context/version.go
deleted file mode 100644
index 97cf9d665..000000000
--- a/vendor/github.com/docker/distribution/context/version.go
+++ /dev/null
@@ -1,22 +0,0 @@
-package context
-
-import "context"
-
-type versionKey struct{}
-
-func (versionKey) String() string { return "version" }
-
-// WithVersion stores the application version in the context. The new context
-// gets a logger to ensure log messages are marked with the application
-// version.
-func WithVersion(ctx context.Context, version string) context.Context {
-	ctx = context.WithValue(ctx, versionKey{}, version)
-	// push a new logger onto the stack
-	return WithLogger(ctx, GetLogger(ctx, versionKey{}))
-}
-
-// GetVersion returns the application version from the context. An empty
-// string may returned if the version was not set on the context.
-func GetVersion(ctx context.Context) string {
-	return GetStringValue(ctx, versionKey{})
-}
diff --git a/vendor/github.com/docker/distribution/health/checks/checks.go b/vendor/github.com/docker/distribution/health/checks/checks.go
deleted file mode 100644
index 7760f6105..000000000
--- a/vendor/github.com/docker/distribution/health/checks/checks.go
+++ /dev/null
@@ -1,73 +0,0 @@
-package checks
-
-import (
-	"errors"
-	"fmt"
-	"net"
-	"net/http"
-	"os"
-	"path/filepath"
-	"strconv"
-	"time"
-
-	"github.com/docker/distribution/health"
-)
-
-// FileChecker checks the existence of a file and returns an error
-// if the file exists.
-func FileChecker(f string) health.Checker {
-	return health.CheckFunc(func() error {
-		absoluteFilePath, err := filepath.Abs(f)
-		if err != nil {
-			return fmt.Errorf("failed to get absolute path for %q: %v", f, err)
-		}
-
-		_, err = os.Stat(absoluteFilePath)
-		if err == nil {
-			return errors.New("file exists")
-		} else if os.IsNotExist(err) {
-			return nil
-		}
-
-		return err
-	})
-}
-
-// HTTPChecker does a HEAD request and verifies that the HTTP status code
-// returned matches statusCode.
-func HTTPChecker(r string, statusCode int, timeout time.Duration, headers http.Header) health.Checker {
-	return health.CheckFunc(func() error {
-		client := http.Client{
-			Timeout: timeout,
-		}
-		req, err := http.NewRequest("HEAD", r, nil)
-		if err != nil {
-			return errors.New("error creating request: " + r)
-		}
-		for headerName, headerValues := range headers {
-			for _, headerValue := range headerValues {
-				req.Header.Add(headerName, headerValue)
-			}
-		}
-		response, err := client.Do(req)
-		if err != nil {
-			return errors.New("error while checking: " + r)
-		}
-		if response.StatusCode != statusCode {
-			return errors.New("downstream service returned unexpected status: " + strconv.Itoa(response.StatusCode))
-		}
-		return nil
-	})
-}
-
-// TCPChecker attempts to open a TCP connection.
-func TCPChecker(addr string, timeout time.Duration) health.Checker {
-	return health.CheckFunc(func() error {
-		conn, err := net.DialTimeout("tcp", addr, timeout)
-		if err != nil {
-			return errors.New("connection to " + addr + " failed")
-		}
-		conn.Close()
-		return nil
-	})
-}
diff --git a/vendor/github.com/docker/distribution/health/doc.go b/vendor/github.com/docker/distribution/health/doc.go
deleted file mode 100644
index 5e5ba2fc0..000000000
--- a/vendor/github.com/docker/distribution/health/doc.go
+++ /dev/null
@@ -1,136 +0,0 @@
-// Package health provides a generic health checking framework.
-// The health package works expvar style. By importing the package the debug
-// server is getting a "/debug/health" endpoint that returns the current
-// status of the application.
-// If there are no errors, "/debug/health" will return an HTTP 200 status,
-// together with an empty JSON reply "{}". If there are any checks
-// with errors, the JSON reply will include all the failed checks, and the
-// response will be have an HTTP 503 status.
-//
-// A Check can either be run synchronously, or asynchronously. We recommend
-// that most checks are registered as an asynchronous check, so a call to the
-// "/debug/health" endpoint always returns immediately. This pattern is
-// particularly useful for checks that verify upstream connectivity or
-// database status, since they might take a long time to return/timeout.
-//
-// # Installing
-//
-// To install health, just import it in your application:
-//
-//	import "github.com/docker/distribution/health"
-//
-// You can also (optionally) import "health/api" that will add two convenience
-// endpoints: "/debug/health/down" and "/debug/health/up". These endpoints add
-// "manual" checks that allow the service to quickly be brought in/out of
-// rotation.
-//
-//	import _ "github.com/docker/distribution/health/api"
-//
-//	# curl localhost:5001/debug/health
-//	{}
-//	# curl -X POST localhost:5001/debug/health/down
-//	# curl localhost:5001/debug/health
-//	{"manual_http_status":"Manual Check"}
-//
-// After importing these packages to your main application, you can start
-// registering checks.
-//
-// # Registering Checks
-//
-// The recommended way of registering checks is using a periodic Check.
-// PeriodicChecks run on a certain schedule and asynchronously update the
-// status of the check. This allows CheckStatus to return without blocking
-// on an expensive check.
-//
-// A trivial example of a check that runs every 5 seconds and shuts down our
-// server if the current minute is even, could be added as follows:
-//
-//	func currentMinuteEvenCheck() error {
-//	  m := time.Now().Minute()
-//	  if m%2 == 0 {
-//	    return errors.New("Current minute is even!")
-//	  }
-//	  return nil
-//	}
-//
-//	health.RegisterPeriodicFunc("minute_even", currentMinuteEvenCheck, time.Second*5)
-//
-// Alternatively, you can also make use of "RegisterPeriodicThresholdFunc" to
-// implement the exact same check, but add a threshold of failures after which
-// the check will be unhealthy. This is particularly useful for flaky Checks,
-// ensuring some stability of the service when handling them.
-//
-//	health.RegisterPeriodicThresholdFunc("minute_even", currentMinuteEvenCheck, time.Second*5, 4)
-//
-// The lowest-level way to interact with the health package is calling
-// "Register" directly. Register allows you to pass in an arbitrary string and
-// something that implements "Checker" and runs your check. If your method
-// returns an error with nil, it is considered a healthy check, otherwise it
-// will make the health check endpoint "/debug/health" start returning a 503
-// and list the specific check that failed.
-//
-// Assuming you wish to register a method called "currentMinuteEvenCheck()
-// error" you could do that by doing:
-//
-//	health.Register("even_minute", health.CheckFunc(currentMinuteEvenCheck))
-//
-// CheckFunc is a convenience type that implements Checker.
-//
-// Another way of registering a check could be by using an anonymous function
-// and the convenience method RegisterFunc. An example that makes the status
-// endpoint always return an error:
-//
-//	health.RegisterFunc("my_check", func() error {
-//	 return Errors.new("This is an error!")
-//	}))
-//
-// # Examples
-//
-// You could also use the health checker mechanism to ensure your application
-// only comes up if certain conditions are met, or to allow the developer to
-// take the service out of rotation immediately. An example that checks
-// database connectivity and immediately takes the server out of rotation on
-// err:
-//
-//	updater = health.NewStatusUpdater()
-//	 health.RegisterFunc("database_check", func() error {
-//	  return updater.Check()
-//	}))
-//
-//	conn, err := Connect(...) // database call here
-//	if err != nil {
-//	  updater.Update(errors.New("Error connecting to the database: " + err.Error()))
-//	}
-//
-// You can also use the predefined Checkers that come included with the health
-// package. First, import the checks:
-//
-//	import "github.com/docker/distribution/health/checks
-//
-// After that you can make use of any of the provided checks. An example of
-// using a `FileChecker` to take the application out of rotation if a certain
-// file exists can be done as follows:
-//
-//	health.Register("fileChecker", health.PeriodicChecker(checks.FileChecker("/tmp/disable"), time.Second*5))
-//
-// After registering the check, it is trivial to take an application out of
-// rotation from the console:
-//
-//	# curl localhost:5001/debug/health
-//	{}
-//	# touch /tmp/disable
-//	# curl localhost:5001/debug/health
-//	{"fileChecker":"file exists"}
-//
-// FileChecker only accepts absolute or relative file path. It does not work
-// properly with tilde(~). You should make sure that the application has
-// proper permission(read and execute permission for directory along with
-// the specified file path). Otherwise, the FileChecker will report error
-// and file health check is not ok.
-//
-// You could also test the connectivity to a downstream service by using a
-// "HTTPChecker", but ensure that you only mark the test unhealthy if there
-// are a minimum of two failures in a row:
-//
-//	health.Register("httpChecker", health.PeriodicThresholdChecker(checks.HTTPChecker("https://www.google.pt"), time.Second*5, 2))
-package health
diff --git a/vendor/github.com/docker/distribution/health/health.go b/vendor/github.com/docker/distribution/health/health.go
deleted file mode 100644
index 592bce576..000000000
--- a/vendor/github.com/docker/distribution/health/health.go
+++ /dev/null
@@ -1,306 +0,0 @@
-package health
-
-import (
-	"encoding/json"
-	"fmt"
-	"net/http"
-	"sync"
-	"time"
-
-	"github.com/docker/distribution/context"
-	"github.com/docker/distribution/registry/api/errcode"
-)
-
-// A Registry is a collection of checks. Most applications will use the global
-// registry defined in DefaultRegistry. However, unit tests may need to create
-// separate registries to isolate themselves from other tests.
-type Registry struct {
-	mu               sync.RWMutex
-	registeredChecks map[string]Checker
-}
-
-// NewRegistry creates a new registry. This isn't necessary for normal use of
-// the package, but may be useful for unit tests so individual tests have their
-// own set of checks.
-func NewRegistry() *Registry {
-	return &Registry{
-		registeredChecks: make(map[string]Checker),
-	}
-}
-
-// DefaultRegistry is the default registry where checks are registered. It is
-// the registry used by the HTTP handler.
-var DefaultRegistry *Registry
-
-// Checker is the interface for a Health Checker
-type Checker interface {
-	// Check returns nil if the service is okay.
-	Check() error
-}
-
-// CheckFunc is a convenience type to create functions that implement
-// the Checker interface
-type CheckFunc func() error
-
-// Check Implements the Checker interface to allow for any func() error method
-// to be passed as a Checker
-func (cf CheckFunc) Check() error {
-	return cf()
-}
-
-// Updater implements a health check that is explicitly set.
-type Updater interface {
-	Checker
-
-	// Update updates the current status of the health check.
-	Update(status error)
-}
-
-// updater implements Checker and Updater, providing an asynchronous Update
-// method.
-// This allows us to have a Checker that returns the Check() call immediately
-// not blocking on a potentially expensive check.
-type updater struct {
-	mu     sync.Mutex
-	status error
-}
-
-// Check implements the Checker interface
-func (u *updater) Check() error {
-	u.mu.Lock()
-	defer u.mu.Unlock()
-
-	return u.status
-}
-
-// Update implements the Updater interface, allowing asynchronous access to
-// the status of a Checker.
-func (u *updater) Update(status error) {
-	u.mu.Lock()
-	defer u.mu.Unlock()
-
-	u.status = status
-}
-
-// NewStatusUpdater returns a new updater
-func NewStatusUpdater() Updater {
-	return &updater{}
-}
-
-// thresholdUpdater implements Checker and Updater, providing an asynchronous Update
-// method.
-// This allows us to have a Checker that returns the Check() call immediately
-// not blocking on a potentially expensive check.
-type thresholdUpdater struct {
-	mu        sync.Mutex
-	status    error
-	threshold int
-	count     int
-}
-
-// Check implements the Checker interface
-func (tu *thresholdUpdater) Check() error {
-	tu.mu.Lock()
-	defer tu.mu.Unlock()
-
-	if tu.count >= tu.threshold {
-		return tu.status
-	}
-
-	return nil
-}
-
-// thresholdUpdater implements the Updater interface, allowing asynchronous
-// access to the status of a Checker.
-func (tu *thresholdUpdater) Update(status error) {
-	tu.mu.Lock()
-	defer tu.mu.Unlock()
-
-	if status == nil {
-		tu.count = 0
-	} else if tu.count < tu.threshold {
-		tu.count++
-	}
-
-	tu.status = status
-}
-
-// NewThresholdStatusUpdater returns a new thresholdUpdater
-func NewThresholdStatusUpdater(t int) Updater {
-	return &thresholdUpdater{threshold: t}
-}
-
-// PeriodicChecker wraps an updater to provide a periodic checker
-func PeriodicChecker(check Checker, period time.Duration) Checker {
-	u := NewStatusUpdater()
-	go func() {
-		t := time.NewTicker(period)
-		for {
-			<-t.C
-			u.Update(check.Check())
-		}
-	}()
-
-	return u
-}
-
-// PeriodicThresholdChecker wraps an updater to provide a periodic checker that
-// uses a threshold before it changes status
-func PeriodicThresholdChecker(check Checker, period time.Duration, threshold int) Checker {
-	tu := NewThresholdStatusUpdater(threshold)
-	go func() {
-		t := time.NewTicker(period)
-		for {
-			<-t.C
-			tu.Update(check.Check())
-		}
-	}()
-
-	return tu
-}
-
-// CheckStatus returns a map with all the current health check errors
-func (registry *Registry) CheckStatus() map[string]string { // TODO(stevvooe) this needs a proper type
-	registry.mu.RLock()
-	defer registry.mu.RUnlock()
-	statusKeys := make(map[string]string)
-	for k, v := range registry.registeredChecks {
-		err := v.Check()
-		if err != nil {
-			statusKeys[k] = err.Error()
-		}
-	}
-
-	return statusKeys
-}
-
-// CheckStatus returns a map with all the current health check errors from the
-// default registry.
-func CheckStatus() map[string]string {
-	return DefaultRegistry.CheckStatus()
-}
-
-// Register associates the checker with the provided name.
-func (registry *Registry) Register(name string, check Checker) {
-	if registry == nil {
-		registry = DefaultRegistry
-	}
-	registry.mu.Lock()
-	defer registry.mu.Unlock()
-	_, ok := registry.registeredChecks[name]
-	if ok {
-		panic("Check already exists: " + name)
-	}
-	registry.registeredChecks[name] = check
-}
-
-// Register associates the checker with the provided name in the default
-// registry.
-func Register(name string, check Checker) {
-	DefaultRegistry.Register(name, check)
-}
-
-// RegisterFunc allows the convenience of registering a checker directly from
-// an arbitrary func() error.
-func (registry *Registry) RegisterFunc(name string, check func() error) {
-	registry.Register(name, CheckFunc(check))
-}
-
-// RegisterFunc allows the convenience of registering a checker in the default
-// registry directly from an arbitrary func() error.
-func RegisterFunc(name string, check func() error) {
-	DefaultRegistry.RegisterFunc(name, check)
-}
-
-// RegisterPeriodicFunc allows the convenience of registering a PeriodicChecker
-// from an arbitrary func() error.
-func (registry *Registry) RegisterPeriodicFunc(name string, period time.Duration, check CheckFunc) {
-	registry.Register(name, PeriodicChecker(check, period))
-}
-
-// RegisterPeriodicFunc allows the convenience of registering a PeriodicChecker
-// in the default registry from an arbitrary func() error.
-func RegisterPeriodicFunc(name string, period time.Duration, check CheckFunc) {
-	DefaultRegistry.RegisterPeriodicFunc(name, period, check)
-}
-
-// RegisterPeriodicThresholdFunc allows the convenience of registering a
-// PeriodicChecker from an arbitrary func() error.
-func (registry *Registry) RegisterPeriodicThresholdFunc(name string, period time.Duration, threshold int, check CheckFunc) {
-	registry.Register(name, PeriodicThresholdChecker(check, period, threshold))
-}
-
-// RegisterPeriodicThresholdFunc allows the convenience of registering a
-// PeriodicChecker in the default registry from an arbitrary func() error.
-func RegisterPeriodicThresholdFunc(name string, period time.Duration, threshold int, check CheckFunc) {
-	DefaultRegistry.RegisterPeriodicThresholdFunc(name, period, threshold, check)
-}
-
-// StatusHandler returns a JSON blob with all the currently registered Health Checks
-// and their corresponding status.
-// Returns 503 if any Error status exists, 200 otherwise
-func StatusHandler(w http.ResponseWriter, r *http.Request) {
-	if r.Method == "GET" {
-		checks := CheckStatus()
-		status := http.StatusOK
-
-		// If there is an error, return 503
-		if len(checks) != 0 {
-			status = http.StatusServiceUnavailable
-		}
-
-		statusResponse(w, r, status, checks)
-	} else {
-		http.NotFound(w, r)
-	}
-}
-
-// Handler returns a handler that will return 503 response code if the health
-// checks have failed. If everything is okay with the health checks, the
-// handler will pass through to the provided handler. Use this handler to
-// disable a web application when the health checks fail.
-func Handler(handler http.Handler) http.Handler {
-	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		checks := CheckStatus()
-		if len(checks) != 0 {
-			errcode.ServeJSON(w, errcode.ErrorCodeUnavailable.
-				WithDetail("health check failed: please see /debug/health"))
-			return
-		}
-
-		handler.ServeHTTP(w, r) // pass through
-	})
-}
-
-// statusResponse completes the request with a response describing the health
-// of the service.
-func statusResponse(w http.ResponseWriter, r *http.Request, status int, checks map[string]string) {
-	p, err := json.Marshal(checks)
-	if err != nil {
-		context.GetLogger(context.Background()).Errorf("error serializing health status: %v", err)
-		p, err = json.Marshal(struct {
-			ServerError string `json:"server_error"`
-		}{
-			ServerError: "Could not parse error message",
-		})
-		status = http.StatusInternalServerError
-
-		if err != nil {
-			context.GetLogger(context.Background()).Errorf("error serializing health status failure message: %v", err)
-			return
-		}
-	}
-
-	w.Header().Set("Content-Type", "application/json; charset=utf-8")
-	w.Header().Set("Content-Length", fmt.Sprint(len(p)))
-	w.WriteHeader(status)
-	if _, err := w.Write(p); err != nil {
-		context.GetLogger(context.Background()).Errorf("error writing health status response body: %v", err)
-	}
-}
-
-// Registers global /debug/health api endpoint, creates default registry
-func init() {
-	DefaultRegistry = NewRegistry()
-	http.HandleFunc("/debug/health", StatusHandler)
-}
diff --git a/vendor/github.com/docker/distribution/manifest/schema1/config_builder.go b/vendor/github.com/docker/distribution/manifest/schema1/config_builder.go
deleted file mode 100644
index a96dc3d26..000000000
--- a/vendor/github.com/docker/distribution/manifest/schema1/config_builder.go
+++ /dev/null
@@ -1,287 +0,0 @@
-package schema1
-
-import (
-	"context"
-	"crypto/sha512"
-	"encoding/json"
-	"errors"
-	"fmt"
-	"time"
-
-	"github.com/docker/distribution"
-	"github.com/docker/distribution/manifest"
-	"github.com/docker/distribution/reference"
-	"github.com/docker/libtrust"
-	"github.com/opencontainers/go-digest"
-)
-
-type diffID digest.Digest
-
-// gzippedEmptyTar is a gzip-compressed version of an empty tar file
-// (1024 NULL bytes)
-var gzippedEmptyTar = []byte{
-	31, 139, 8, 0, 0, 9, 110, 136, 0, 255, 98, 24, 5, 163, 96, 20, 140, 88,
-	0, 8, 0, 0, 255, 255, 46, 175, 181, 239, 0, 4, 0, 0,
-}
-
-// digestSHA256GzippedEmptyTar is the canonical sha256 digest of
-// gzippedEmptyTar
-const digestSHA256GzippedEmptyTar = digest.Digest("sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4")
-
-// configManifestBuilder is a type for constructing manifests from an image
-// configuration and generic descriptors.
-type configManifestBuilder struct {
-	// bs is a BlobService used to create empty layer tars in the
-	// blob store if necessary.
-	bs distribution.BlobService
-	// pk is the libtrust private key used to sign the final manifest.
-	pk libtrust.PrivateKey
-	// configJSON is configuration supplied when the ManifestBuilder was
-	// created.
-	configJSON []byte
-	// ref contains the name and optional tag provided to NewConfigManifestBuilder.
-	ref reference.Named
-	// descriptors is the set of descriptors referencing the layers.
-	descriptors []distribution.Descriptor
-	// emptyTarDigest is set to a valid digest if an empty tar has been
-	// put in the blob store; otherwise it is empty.
-	emptyTarDigest digest.Digest
-}
-
-// NewConfigManifestBuilder is used to build new manifests for the current
-// schema version from an image configuration and a set of descriptors.
-// It takes a BlobService so that it can add an empty tar to the blob store
-// if the resulting manifest needs empty layers.
-func NewConfigManifestBuilder(bs distribution.BlobService, pk libtrust.PrivateKey, ref reference.Named, configJSON []byte) distribution.ManifestBuilder {
-	return &configManifestBuilder{
-		bs:         bs,
-		pk:         pk,
-		configJSON: configJSON,
-		ref:        ref,
-	}
-}
-
-// Build produces a final manifest from the given references
-func (mb *configManifestBuilder) Build(ctx context.Context) (m distribution.Manifest, err error) {
-	type imageRootFS struct {
-		Type      string   `json:"type"`
-		DiffIDs   []diffID `json:"diff_ids,omitempty"`
-		BaseLayer string   `json:"base_layer,omitempty"`
-	}
-
-	type imageHistory struct {
-		Created    time.Time `json:"created"`
-		Author     string    `json:"author,omitempty"`
-		CreatedBy  string    `json:"created_by,omitempty"`
-		Comment    string    `json:"comment,omitempty"`
-		EmptyLayer bool      `json:"empty_layer,omitempty"`
-	}
-
-	type imageConfig struct {
-		RootFS       *imageRootFS   `json:"rootfs,omitempty"`
-		History      []imageHistory `json:"history,omitempty"`
-		Architecture string         `json:"architecture,omitempty"`
-	}
-
-	var img imageConfig
-
-	if err := json.Unmarshal(mb.configJSON, &img); err != nil {
-		return nil, err
-	}
-
-	if len(img.History) == 0 {
-		return nil, errors.New("empty history when trying to create schema1 manifest")
-	}
-
-	if len(img.RootFS.DiffIDs) != len(mb.descriptors) {
-		return nil, fmt.Errorf("number of descriptors and number of layers in rootfs must match: len(%v) != len(%v)", img.RootFS.DiffIDs, mb.descriptors)
-	}
-
-	// Generate IDs for each layer
-	// For non-top-level layers, create fake V1Compatibility strings that
-	// fit the format and don't collide with anything else, but don't
-	// result in runnable images on their own.
-	type v1Compatibility struct {
-		ID              string    `json:"id"`
-		Parent          string    `json:"parent,omitempty"`
-		Comment         string    `json:"comment,omitempty"`
-		Created         time.Time `json:"created"`
-		ContainerConfig struct {
-			Cmd []string
-		} `json:"container_config,omitempty"`
-		Author    string `json:"author,omitempty"`
-		ThrowAway bool   `json:"throwaway,omitempty"`
-	}
-
-	fsLayerList := make([]FSLayer, len(img.History))
-	history := make([]History, len(img.History))
-
-	parent := ""
-	layerCounter := 0
-	for i, h := range img.History[:len(img.History)-1] {
-		var blobsum digest.Digest
-		if h.EmptyLayer {
-			if blobsum, err = mb.emptyTar(ctx); err != nil {
-				return nil, err
-			}
-		} else {
-			if len(img.RootFS.DiffIDs) <= layerCounter {
-				return nil, errors.New("too many non-empty layers in History section")
-			}
-			blobsum = mb.descriptors[layerCounter].Digest
-			layerCounter++
-		}
-
-		v1ID := digest.FromBytes([]byte(blobsum.Hex() + " " + parent)).Hex()
-
-		if i == 0 && img.RootFS.BaseLayer != "" {
-			// windows-only baselayer setup
-			baseID := sha512.Sum384([]byte(img.RootFS.BaseLayer))
-			parent = fmt.Sprintf("%x", baseID[:32])
-		}
-
-		v1Compatibility := v1Compatibility{
-			ID:      v1ID,
-			Parent:  parent,
-			Comment: h.Comment,
-			Created: h.Created,
-			Author:  h.Author,
-		}
-		v1Compatibility.ContainerConfig.Cmd = []string{img.History[i].CreatedBy}
-		if h.EmptyLayer {
-			v1Compatibility.ThrowAway = true
-		}
-		jsonBytes, err := json.Marshal(&v1Compatibility)
-		if err != nil {
-			return nil, err
-		}
-
-		reversedIndex := len(img.History) - i - 1
-		history[reversedIndex].V1Compatibility = string(jsonBytes)
-		fsLayerList[reversedIndex] = FSLayer{BlobSum: blobsum}
-
-		parent = v1ID
-	}
-
-	latestHistory := img.History[len(img.History)-1]
-
-	var blobsum digest.Digest
-	if latestHistory.EmptyLayer {
-		if blobsum, err = mb.emptyTar(ctx); err != nil {
-			return nil, err
-		}
-	} else {
-		if len(img.RootFS.DiffIDs) <= layerCounter {
-			return nil, errors.New("too many non-empty layers in History section")
-		}
-		blobsum = mb.descriptors[layerCounter].Digest
-	}
-
-	fsLayerList[0] = FSLayer{BlobSum: blobsum}
-	dgst := digest.FromBytes([]byte(blobsum.Hex() + " " + parent + " " + string(mb.configJSON)))
-
-	// Top-level v1compatibility string should be a modified version of the
-	// image config.
-	transformedConfig, err := MakeV1ConfigFromConfig(mb.configJSON, dgst.Hex(), parent, latestHistory.EmptyLayer)
-	if err != nil {
-		return nil, err
-	}
-
-	history[0].V1Compatibility = string(transformedConfig)
-
-	tag := ""
-	if tagged, isTagged := mb.ref.(reference.Tagged); isTagged {
-		tag = tagged.Tag()
-	}
-
-	mfst := Manifest{
-		Versioned: manifest.Versioned{
-			SchemaVersion: 1,
-		},
-		Name:         mb.ref.Name(),
-		Tag:          tag,
-		Architecture: img.Architecture,
-		FSLayers:     fsLayerList,
-		History:      history,
-	}
-
-	return Sign(&mfst, mb.pk)
-}
-
-// emptyTar pushes a compressed empty tar to the blob store if one doesn't
-// already exist, and returns its blobsum.
-func (mb *configManifestBuilder) emptyTar(ctx context.Context) (digest.Digest, error) {
-	if mb.emptyTarDigest != "" {
-		// Already put an empty tar
-		return mb.emptyTarDigest, nil
-	}
-
-	descriptor, err := mb.bs.Stat(ctx, digestSHA256GzippedEmptyTar)
-	switch err {
-	case nil:
-		mb.emptyTarDigest = descriptor.Digest
-		return descriptor.Digest, nil
-	case distribution.ErrBlobUnknown:
-		// nop
-	default:
-		return "", err
-	}
-
-	// Add gzipped empty tar to the blob store
-	descriptor, err = mb.bs.Put(ctx, "", gzippedEmptyTar)
-	if err != nil {
-		return "", err
-	}
-
-	mb.emptyTarDigest = descriptor.Digest
-
-	return descriptor.Digest, nil
-}
-
-// AppendReference adds a reference to the current ManifestBuilder
-func (mb *configManifestBuilder) AppendReference(d distribution.Describable) error {
-	descriptor := d.Descriptor()
-
-	if err := descriptor.Digest.Validate(); err != nil {
-		return err
-	}
-
-	mb.descriptors = append(mb.descriptors, descriptor)
-	return nil
-}
-
-// References returns the current references added to this builder
-func (mb *configManifestBuilder) References() []distribution.Descriptor {
-	return mb.descriptors
-}
-
-// MakeV1ConfigFromConfig creates an legacy V1 image config from image config JSON
-func MakeV1ConfigFromConfig(configJSON []byte, v1ID, parentV1ID string, throwaway bool) ([]byte, error) {
-	// Top-level v1compatibility string should be a modified version of the
-	// image config.
-	var configAsMap map[string]*json.RawMessage
-	if err := json.Unmarshal(configJSON, &configAsMap); err != nil {
-		return nil, err
-	}
-
-	// Delete fields that didn't exist in old manifest
-	delete(configAsMap, "rootfs")
-	delete(configAsMap, "history")
-	configAsMap["id"] = rawJSON(v1ID)
-	if parentV1ID != "" {
-		configAsMap["parent"] = rawJSON(parentV1ID)
-	}
-	if throwaway {
-		configAsMap["throwaway"] = rawJSON(true)
-	}
-
-	return json.Marshal(configAsMap)
-}
-
-func rawJSON(value interface{}) *json.RawMessage {
-	jsonval, err := json.Marshal(value)
-	if err != nil {
-		return nil
-	}
-	return (*json.RawMessage)(&jsonval)
-}
diff --git a/vendor/github.com/docker/distribution/manifest/schema1/manifest.go b/vendor/github.com/docker/distribution/manifest/schema1/manifest.go
deleted file mode 100644
index 9fef4dc7e..000000000
--- a/vendor/github.com/docker/distribution/manifest/schema1/manifest.go
+++ /dev/null
@@ -1,184 +0,0 @@
-package schema1
-
-import (
-	"encoding/json"
-	"fmt"
-
-	"github.com/docker/distribution"
-	"github.com/docker/distribution/manifest"
-	"github.com/docker/libtrust"
-	"github.com/opencontainers/go-digest"
-)
-
-const (
-	// MediaTypeManifest specifies the mediaType for the current version. Note
-	// that for schema version 1, the the media is optionally "application/json".
-	MediaTypeManifest = "application/vnd.docker.distribution.manifest.v1+json"
-	// MediaTypeSignedManifest specifies the mediatype for current SignedManifest version
-	MediaTypeSignedManifest = "application/vnd.docker.distribution.manifest.v1+prettyjws"
-	// MediaTypeManifestLayer specifies the media type for manifest layers
-	MediaTypeManifestLayer = "application/vnd.docker.container.image.rootfs.diff+x-gtar"
-)
-
-var (
-	// SchemaVersion provides a pre-initialized version structure for this
-	// packages version of the manifest.
-	SchemaVersion = manifest.Versioned{
-		SchemaVersion: 1,
-	}
-)
-
-func init() {
-	schema1Func := func(b []byte) (distribution.Manifest, distribution.Descriptor, error) {
-		sm := new(SignedManifest)
-		err := sm.UnmarshalJSON(b)
-		if err != nil {
-			return nil, distribution.Descriptor{}, err
-		}
-
-		desc := distribution.Descriptor{
-			Digest:    digest.FromBytes(sm.Canonical),
-			Size:      int64(len(sm.Canonical)),
-			MediaType: MediaTypeSignedManifest,
-		}
-		return sm, desc, err
-	}
-	err := distribution.RegisterManifestSchema(MediaTypeSignedManifest, schema1Func)
-	if err != nil {
-		panic(fmt.Sprintf("Unable to register manifest: %s", err))
-	}
-	err = distribution.RegisterManifestSchema("", schema1Func)
-	if err != nil {
-		panic(fmt.Sprintf("Unable to register manifest: %s", err))
-	}
-	err = distribution.RegisterManifestSchema("application/json", schema1Func)
-	if err != nil {
-		panic(fmt.Sprintf("Unable to register manifest: %s", err))
-	}
-}
-
-// FSLayer is a container struct for BlobSums defined in an image manifest
-type FSLayer struct {
-	// BlobSum is the tarsum of the referenced filesystem image layer
-	BlobSum digest.Digest `json:"blobSum"`
-}
-
-// History stores unstructured v1 compatibility information
-type History struct {
-	// V1Compatibility is the raw v1 compatibility information
-	V1Compatibility string `json:"v1Compatibility"`
-}
-
-// Manifest provides the base accessible fields for working with V2 image
-// format in the registry.
-type Manifest struct {
-	manifest.Versioned
-
-	// Name is the name of the image's repository
-	Name string `json:"name"`
-
-	// Tag is the tag of the image specified by this manifest
-	Tag string `json:"tag"`
-
-	// Architecture is the host architecture on which this image is intended to
-	// run
-	Architecture string `json:"architecture"`
-
-	// FSLayers is a list of filesystem layer blobSums contained in this image
-	FSLayers []FSLayer `json:"fsLayers"`
-
-	// History is a list of unstructured historical data for v1 compatibility
-	History []History `json:"history"`
-}
-
-// SignedManifest provides an envelope for a signed image manifest, including
-// the format sensitive raw bytes.
-type SignedManifest struct {
-	Manifest
-
-	// Canonical is the canonical byte representation of the ImageManifest,
-	// without any attached signatures. The manifest byte
-	// representation cannot change or it will have to be re-signed.
-	Canonical []byte `json:"-"`
-
-	// all contains the byte representation of the Manifest including signatures
-	// and is returned by Payload()
-	all []byte
-}
-
-// UnmarshalJSON populates a new SignedManifest struct from JSON data.
-func (sm *SignedManifest) UnmarshalJSON(b []byte) error {
-	sm.all = make([]byte, len(b))
-	// store manifest and signatures in all
-	copy(sm.all, b)
-
-	jsig, err := libtrust.ParsePrettySignature(b, "signatures")
-	if err != nil {
-		return err
-	}
-
-	// Resolve the payload in the manifest.
-	bytes, err := jsig.Payload()
-	if err != nil {
-		return err
-	}
-
-	// sm.Canonical stores the canonical manifest JSON
-	sm.Canonical = make([]byte, len(bytes))
-	copy(sm.Canonical, bytes)
-
-	// Unmarshal canonical JSON into Manifest object
-	var manifest Manifest
-	if err := json.Unmarshal(sm.Canonical, &manifest); err != nil {
-		return err
-	}
-
-	sm.Manifest = manifest
-
-	return nil
-}
-
-// References returns the descriptors of this manifests references
-func (sm SignedManifest) References() []distribution.Descriptor {
-	dependencies := make([]distribution.Descriptor, len(sm.FSLayers))
-	for i, fsLayer := range sm.FSLayers {
-		dependencies[i] = distribution.Descriptor{
-			MediaType: "application/vnd.docker.container.image.rootfs.diff+x-gtar",
-			Digest:    fsLayer.BlobSum,
-		}
-	}
-
-	return dependencies
-
-}
-
-// MarshalJSON returns the contents of raw. If Raw is nil, marshals the inner
-// contents. Applications requiring a marshaled signed manifest should simply
-// use Raw directly, since the the content produced by json.Marshal will be
-// compacted and will fail signature checks.
-func (sm *SignedManifest) MarshalJSON() ([]byte, error) {
-	if len(sm.all) > 0 {
-		return sm.all, nil
-	}
-
-	// If the raw data is not available, just dump the inner content.
-	return json.Marshal(&sm.Manifest)
-}
-
-// Payload returns the signed content of the signed manifest.
-func (sm SignedManifest) Payload() (string, []byte, error) {
-	return MediaTypeSignedManifest, sm.all, nil
-}
-
-// Signatures returns the signatures as provided by
-// (*libtrust.JSONSignature).Signatures. The byte slices are opaque jws
-// signatures.
-func (sm *SignedManifest) Signatures() ([][]byte, error) {
-	jsig, err := libtrust.ParsePrettySignature(sm.all, "signatures")
-	if err != nil {
-		return nil, err
-	}
-
-	// Resolve the payload in the manifest.
-	return jsig.Signatures()
-}
diff --git a/vendor/github.com/docker/distribution/manifest/schema1/reference_builder.go b/vendor/github.com/docker/distribution/manifest/schema1/reference_builder.go
deleted file mode 100644
index 0f1d386aa..000000000
--- a/vendor/github.com/docker/distribution/manifest/schema1/reference_builder.go
+++ /dev/null
@@ -1,98 +0,0 @@
-package schema1
-
-import (
-	"context"
-	"errors"
-	"fmt"
-
-	"github.com/docker/distribution"
-	"github.com/docker/distribution/manifest"
-	"github.com/docker/distribution/reference"
-	"github.com/docker/libtrust"
-	"github.com/opencontainers/go-digest"
-)
-
-// referenceManifestBuilder is a type for constructing manifests from schema1
-// dependencies.
-type referenceManifestBuilder struct {
-	Manifest
-	pk libtrust.PrivateKey
-}
-
-// NewReferenceManifestBuilder is used to build new manifests for the current
-// schema version using schema1 dependencies.
-func NewReferenceManifestBuilder(pk libtrust.PrivateKey, ref reference.Named, architecture string) distribution.ManifestBuilder {
-	tag := ""
-	if tagged, isTagged := ref.(reference.Tagged); isTagged {
-		tag = tagged.Tag()
-	}
-
-	return &referenceManifestBuilder{
-		Manifest: Manifest{
-			Versioned: manifest.Versioned{
-				SchemaVersion: 1,
-			},
-			Name:         ref.Name(),
-			Tag:          tag,
-			Architecture: architecture,
-		},
-		pk: pk,
-	}
-}
-
-func (mb *referenceManifestBuilder) Build(ctx context.Context) (distribution.Manifest, error) {
-	m := mb.Manifest
-	if len(m.FSLayers) == 0 {
-		return nil, errors.New("cannot build manifest with zero layers or history")
-	}
-
-	m.FSLayers = make([]FSLayer, len(mb.Manifest.FSLayers))
-	m.History = make([]History, len(mb.Manifest.History))
-	copy(m.FSLayers, mb.Manifest.FSLayers)
-	copy(m.History, mb.Manifest.History)
-
-	return Sign(&m, mb.pk)
-}
-
-// AppendReference adds a reference to the current ManifestBuilder
-func (mb *referenceManifestBuilder) AppendReference(d distribution.Describable) error {
-	r, ok := d.(Reference)
-	if !ok {
-		return fmt.Errorf("unable to add non-reference type to v1 builder")
-	}
-
-	// Entries need to be prepended
-	mb.Manifest.FSLayers = append([]FSLayer{{BlobSum: r.Digest}}, mb.Manifest.FSLayers...)
-	mb.Manifest.History = append([]History{r.History}, mb.Manifest.History...)
-	return nil
-
-}
-
-// References returns the current references added to this builder
-func (mb *referenceManifestBuilder) References() []distribution.Descriptor {
-	refs := make([]distribution.Descriptor, len(mb.Manifest.FSLayers))
-	for i := range mb.Manifest.FSLayers {
-		layerDigest := mb.Manifest.FSLayers[i].BlobSum
-		history := mb.Manifest.History[i]
-		ref := Reference{layerDigest, 0, history}
-		refs[i] = ref.Descriptor()
-	}
-	return refs
-}
-
-// Reference describes a manifest v2, schema version 1 dependency.
-// An FSLayer associated with a history entry.
-type Reference struct {
-	Digest  digest.Digest
-	Size    int64 // if we know it, set it for the descriptor.
-	History History
-}
-
-// Descriptor describes a reference
-func (r Reference) Descriptor() distribution.Descriptor {
-	return distribution.Descriptor{
-		MediaType: MediaTypeManifestLayer,
-		Digest:    r.Digest,
-		Size:      r.Size,
-	}
-}
diff --git a/vendor/github.com/docker/distribution/manifest/schema1/sign.go b/vendor/github.com/docker/distribution/manifest/schema1/sign.go
deleted file mode 100644
index c862dd812..000000000
--- a/vendor/github.com/docker/distribution/manifest/schema1/sign.go
+++ /dev/null
@@ -1,68 +0,0 @@
-package schema1
-
-import (
-	"crypto/x509"
-	"encoding/json"
-
-	"github.com/docker/libtrust"
-)
-
-// Sign signs the manifest with the provided private key, returning a
-// SignedManifest. This typically won't be used within the registry, except
-// for testing.
-func Sign(m *Manifest, pk libtrust.PrivateKey) (*SignedManifest, error) {
-	p, err := json.MarshalIndent(m, "", "   ")
-	if err != nil {
-		return nil, err
-	}
-
-	js, err := libtrust.NewJSONSignature(p)
-	if err != nil {
-		return nil, err
-	}
-
-	if err := js.Sign(pk); err != nil {
-		return nil, err
-	}
-
-	pretty, err := js.PrettySignature("signatures")
-	if err != nil {
-		return nil, err
-	}
-
-	return &SignedManifest{
-		Manifest:  *m,
-		all:       pretty,
-		Canonical: p,
-	}, nil
-}
-
-// SignWithChain signs the manifest with the given private key and x509 chain.
-// The public key of the first element in the chain must be the public key
-// corresponding with the sign key.
-func SignWithChain(m *Manifest, key libtrust.PrivateKey, chain []*x509.Certificate) (*SignedManifest, error) {
-	p, err := json.MarshalIndent(m, "", "   ")
-	if err != nil {
-		return nil, err
-	}
-
-	js, err := libtrust.NewJSONSignature(p)
-	if err != nil {
-		return nil, err
-	}
-
-	if err := js.SignWithChain(key, chain); err != nil {
-		return nil, err
-	}
-
-	pretty, err := js.PrettySignature("signatures")
-	if err != nil {
-		return nil, err
-	}
-
-	return &SignedManifest{
-		Manifest:  *m,
-		all:       pretty,
-		Canonical: p,
-	}, nil
-}
diff --git a/vendor/github.com/docker/distribution/manifest/schema1/verify.go b/vendor/github.com/docker/distribution/manifest/schema1/verify.go
deleted file mode 100644
index ef59065cd..000000000
--- a/vendor/github.com/docker/distribution/manifest/schema1/verify.go
+++ /dev/null
@@ -1,32 +0,0 @@
-package schema1
-
-import (
-	"crypto/x509"
-
-	"github.com/docker/libtrust"
-	"github.com/sirupsen/logrus"
-)
-
-// Verify verifies the signature of the signed manifest returning the public
-// keys used during signing.
-func Verify(sm *SignedManifest) ([]libtrust.PublicKey, error) {
-	js, err := libtrust.ParsePrettySignature(sm.all, "signatures")
-	if err != nil {
-		logrus.WithField("err", err).Debugf("(*SignedManifest).Verify")
-		return nil, err
-	}
-
-	return js.Verify()
-}
-
-// VerifyChains verifies the signature of the signed manifest against the
-// certificate pool returning the list of verified chains. Signatures without
-// an x509 chain are not checked.
-func VerifyChains(sm *SignedManifest, ca *x509.CertPool) ([][]*x509.Certificate, error) {
-	js, err := libtrust.ParsePrettySignature(sm.all, "signatures")
-	if err != nil {
-		return nil, err
-	}
-
-	return js.VerifyChains(ca)
-}
diff --git a/vendor/github.com/docker/distribution/notifications/bridge.go b/vendor/github.com/docker/distribution/notifications/bridge.go
deleted file mode 100644
index 86af43f30..000000000
--- a/vendor/github.com/docker/distribution/notifications/bridge.go
+++ /dev/null
@@ -1,225 +0,0 @@
-package notifications
-
-import (
-	"net/http"
-	"time"
-
-	"github.com/docker/distribution"
-	"github.com/docker/distribution/context"
-	"github.com/docker/distribution/reference"
-	"github.com/docker/distribution/uuid"
-	"github.com/opencontainers/go-digest"
-)
-
-type bridge struct {
-	ub                URLBuilder
-	includeReferences bool
-	actor             ActorRecord
-	source            SourceRecord
-	request           RequestRecord
-	sink              Sink
-}
-
-var _ Listener = &bridge{}
-
-// URLBuilder defines a subset of url builder to be used by the event listener.
-type URLBuilder interface {
-	BuildManifestURL(name reference.Named) (string, error)
-	BuildBlobURL(ref reference.Canonical) (string, error)
-}
-
-// NewBridge returns a notification listener that writes records to sink,
-// using the actor and source. Any urls populated in the events created by
-// this bridge will be created using the URLBuilder.
-// TODO(stevvooe): Update this to simply take a context.Context object.
-func NewBridge(ub URLBuilder, source SourceRecord, actor ActorRecord, request RequestRecord, sink Sink, includeReferences bool) Listener {
-	return &bridge{
-		ub:                ub,
-		includeReferences: includeReferences,
-		actor:             actor,
-		source:            source,
-		request:           request,
-		sink:              sink,
-	}
-}
-
-// NewRequestRecord builds a RequestRecord for use in NewBridge from an
-// http.Request, associating it with a request id.
-func NewRequestRecord(id string, r *http.Request) RequestRecord {
-	return RequestRecord{
-		ID:        id,
-		Addr:      context.RemoteAddr(r),
-		Host:      r.Host,
-		Method:    r.Method,
-		UserAgent: r.UserAgent(),
-	}
-}
-
-func (b *bridge) ManifestPushed(repo reference.Named, sm distribution.Manifest, options ...distribution.ManifestServiceOption) error {
-	manifestEvent, err := b.createManifestEvent(EventActionPush, repo, sm)
-	if err != nil {
-		return err
-	}
-
-	for _, option := range options {
-		if opt, ok := option.(distribution.WithTagOption); ok {
-			manifestEvent.Target.Tag = opt.Tag
-			break
-		}
-	}
-	return b.sink.Write(*manifestEvent)
-}
-
-func (b *bridge) ManifestPulled(repo reference.Named, sm distribution.Manifest, options ...distribution.ManifestServiceOption) error {
-	manifestEvent, err := b.createManifestEvent(EventActionPull, repo, sm)
-	if err != nil {
-		return err
-	}
-
-	for _, option := range options {
-		if opt, ok := option.(distribution.WithTagOption); ok {
-			manifestEvent.Target.Tag = opt.Tag
-			break
-		}
-	}
-	return b.sink.Write(*manifestEvent)
-}
-
-func (b *bridge) ManifestDeleted(repo reference.Named, dgst digest.Digest) error {
-	return b.createManifestDeleteEventAndWrite(EventActionDelete, repo, dgst)
-}
-
-func (b *bridge) BlobPushed(repo reference.Named, desc distribution.Descriptor) error {
-	return b.createBlobEventAndWrite(EventActionPush, repo, desc)
-}
-
-func (b *bridge) BlobPulled(repo reference.Named, desc distribution.Descriptor) error {
-	return b.createBlobEventAndWrite(EventActionPull, repo, desc)
-}
-
-func (b *bridge) BlobMounted(repo reference.Named, desc distribution.Descriptor, fromRepo reference.Named) error {
-	event, err := b.createBlobEvent(EventActionMount, repo, desc)
-	if err != nil {
-		return err
-	}
-	event.Target.FromRepository = fromRepo.Name()
-	return b.sink.Write(*event)
-}
-
-func (b *bridge) BlobDeleted(repo reference.Named, dgst digest.Digest) error {
-	return b.createBlobDeleteEventAndWrite(EventActionDelete, repo, dgst)
-}
-
-func (b *bridge) TagDeleted(repo reference.Named, tag string) error {
-	event := b.createEvent(EventActionDelete)
-	event.Target.Repository = repo.Name()
-	event.Target.Tag = tag
-
-	return b.sink.Write(*event)
-}
-
-func (b *bridge) RepoDeleted(repo reference.Named) error {
-	event := b.createEvent(EventActionDelete)
-	event.Target.Repository = repo.Name()
-
-	return b.sink.Write(*event)
-}
-
-func (b *bridge) createManifestDeleteEventAndWrite(action string, repo reference.Named, dgst digest.Digest) error {
-	event := b.createEvent(action)
-	event.Target.Repository = repo.Name()
-	event.Target.Digest = dgst
-
-	return b.sink.Write(*event)
-}
-
-func (b *bridge) createManifestEvent(action string, repo reference.Named, sm distribution.Manifest) (*Event, error) {
-	event := b.createEvent(action)
-	event.Target.Repository = repo.Name()
-
-	mt, p, err := sm.Payload()
-	if err != nil {
-		return nil, err
-	}
-
-	// Ensure we have the canonical manifest descriptor here
-	manifest, desc, err := distribution.UnmarshalManifest(mt, p)
-	if err != nil {
-		return nil, err
-	}
-
-	event.Target.MediaType = mt
-	event.Target.Length = desc.Size
-	event.Target.Size = desc.Size
-	event.Target.Digest = desc.Digest
-	if b.includeReferences {
-		event.Target.References = append(event.Target.References, manifest.References()...)
-	}
-
-	ref, err := reference.WithDigest(repo, event.Target.Digest)
-	if err != nil {
-		return nil, err
-	}
-
-	event.Target.URL, err = b.ub.BuildManifestURL(ref)
-	if err != nil {
-		return nil, err
-	}
-
-	return event, nil
-}
-
-func (b *bridge) createBlobDeleteEventAndWrite(action string, repo reference.Named, dgst digest.Digest) error {
-	event := b.createEvent(action)
-	event.Target.Digest = dgst
-	event.Target.Repository = repo.Name()
-
-	return b.sink.Write(*event)
-}
-
-func (b *bridge) createBlobEventAndWrite(action string, repo reference.Named, desc distribution.Descriptor) error {
-	event, err := b.createBlobEvent(action, repo, desc)
-	if err != nil {
-		return err
-	}
-
-	return b.sink.Write(*event)
-}
-
-func (b *bridge) createBlobEvent(action string, repo reference.Named, desc distribution.Descriptor) (*Event, error) {
-	event := b.createEvent(action)
-	event.Target.Descriptor = desc
-	event.Target.Length = desc.Size
-	event.Target.Repository = repo.Name()
-
-	ref, err := reference.WithDigest(repo, desc.Digest)
-	if err != nil {
-		return nil, err
-	}
-
-	event.Target.URL, err = b.ub.BuildBlobURL(ref)
-	if err != nil {
-		return nil, err
-	}
-
-	return event, nil
-}
-
-// createEvent creates an event with actor and source populated.
-func (b *bridge) createEvent(action string) *Event {
-	event := createEvent(action)
-	event.Source = b.source
-	event.Actor = b.actor
-	event.Request = b.request
-
-	return event
-}
-
-// createEvent returns a new event, timestamped, with the specified action.
-func createEvent(action string) *Event {
-	return &Event{
-		ID:        uuid.Generate().String(),
-		Timestamp: time.Now(),
-		Action:    action,
-	}
-}
diff --git a/vendor/github.com/docker/distribution/notifications/endpoint.go b/vendor/github.com/docker/distribution/notifications/endpoint.go
deleted file mode 100644
index a8a52d0c9..000000000
--- a/vendor/github.com/docker/distribution/notifications/endpoint.go
+++ /dev/null
@@ -1,97 +0,0 @@
-package notifications
-
-import (
-	"net/http"
-	"time"
-
-	"github.com/docker/distribution/configuration"
-)
-
-// EndpointConfig covers the optional configuration parameters for an active
-// endpoint.
-type EndpointConfig struct {
-	Headers           http.Header
-	Timeout           time.Duration
-	Threshold         int
-	Backoff           time.Duration
-	IgnoredMediaTypes []string
-	Transport         *http.Transport `json:"-"`
-	Ignore            configuration.Ignore
-}
-
-// defaults set any zero-valued fields to a reasonable default.
-func (ec *EndpointConfig) defaults() {
-	if ec.Timeout <= 0 {
-		ec.Timeout = time.Second
-	}
-
-	if ec.Threshold <= 0 {
-		ec.Threshold = 10
-	}
-
-	if ec.Backoff <= 0 {
-		ec.Backoff = time.Second
-	}
-
-	if ec.Transport == nil {
-		ec.Transport = http.DefaultTransport.(*http.Transport)
-	}
-}
-
-// Endpoint is a reliable, queued, thread-safe sink that notify external http
-// services when events are written. Writes are non-blocking and always
-// succeed for callers but events may be queued internally.
-type Endpoint struct {
-	Sink
-	url  string
-	name string
-
-	EndpointConfig
-
-	metrics *safeMetrics
-}
-
-// NewEndpoint returns a running endpoint, ready to receive events.
-func NewEndpoint(name, url string, config EndpointConfig) *Endpoint {
-	var endpoint Endpoint
-	endpoint.name = name
-	endpoint.url = url
-	endpoint.EndpointConfig = config
-	endpoint.defaults()
-	endpoint.metrics = newSafeMetrics()
-
-	// Configures the inmemory queue, retry, http pipeline.
-	endpoint.Sink = newHTTPSink(
-		endpoint.url, endpoint.Timeout, endpoint.Headers,
-		endpoint.Transport, endpoint.metrics.httpStatusListener())
-	endpoint.Sink = newRetryingSink(endpoint.Sink, endpoint.Threshold, endpoint.Backoff)
-	endpoint.Sink = newEventQueue(endpoint.Sink, endpoint.metrics.eventQueueListener())
-	mediaTypes := append(config.Ignore.MediaTypes, config.IgnoredMediaTypes...)
-	endpoint.Sink = newIgnoredSink(endpoint.Sink, mediaTypes, config.Ignore.Actions)
-
-	register(&endpoint)
-	return &endpoint
-}
-
-// Name returns the name of the endpoint, generally used for debugging.
-func (e *Endpoint) Name() string {
-	return e.name
-}
-
-// URL returns the url of the endpoint.
-func (e *Endpoint) URL() string {
-	return e.url
-}
-
-// ReadMetrics populates em with metrics from the endpoint.
-func (e *Endpoint) ReadMetrics(em *EndpointMetrics) {
-	e.metrics.Lock()
-	defer e.metrics.Unlock()
-
-	*em = e.metrics.EndpointMetrics
-	// Map still need to copied in a threadsafe manner.
-	em.Statuses = make(map[string]int)
-	for k, v := range e.metrics.Statuses {
-		em.Statuses[k] = v
-	}
-}
diff --git a/vendor/github.com/docker/distribution/notifications/event.go b/vendor/github.com/docker/distribution/notifications/event.go
deleted file mode 100644
index 54940a46f..000000000
--- a/vendor/github.com/docker/distribution/notifications/event.go
+++ /dev/null
@@ -1,163 +0,0 @@
-package notifications
-
-import (
-	"fmt"
-	"time"
-
-	"github.com/docker/distribution"
-)
-
-// EventAction constants used in action field of Event.
-const (
-	EventActionPull   = "pull"
-	EventActionPush   = "push"
-	EventActionMount  = "mount"
-	EventActionDelete = "delete"
-)
-
-const (
-	// EventsMediaType is the mediatype for the json event envelope. If the
-	// Event, ActorRecord, SourceRecord or Envelope structs change, the version
-	// number should be incremented.
-	EventsMediaType = "application/vnd.docker.distribution.events.v1+json"
-	// LayerMediaType is the media type for image rootfs diffs (aka "layers")
-	// used by Docker. We don't expect this to change for quite a while.
-	layerMediaType = "application/vnd.docker.container.image.rootfs.diff+x-gtar"
-)
-
-// Envelope defines the fields of a json event envelope message that can hold
-// one or more events.
-type Envelope struct {
-	// Events make up the contents of the envelope. Events present in a single
-	// envelope are not necessarily related.
-	Events []Event `json:"events,omitempty"`
-}
-
-// TODO(stevvooe): The event type should be separate from the json format. It
-// should be defined as an interface. Leaving as is for now since we don't
-// need that at this time. If we make this change, the struct below would be
-// called "EventRecord".
-
-// Event provides the fields required to describe a registry event.
-type Event struct {
-	// ID provides a unique identifier for the event.
-	ID string `json:"id,omitempty"`
-
-	// Timestamp is the time at which the event occurred.
-	Timestamp time.Time `json:"timestamp,omitempty"`
-
-	// Action indicates what action encompasses the provided event.
-	Action string `json:"action,omitempty"`
-
-	// Target uniquely describes the target of the event.
-	Target struct {
-		// TODO(stevvooe): Use http.DetectContentType for layers, maybe.
-
-		distribution.Descriptor
-
-		// Length in bytes of content. Same as Size field in Descriptor.
-		// Provided for backwards compatibility.
-		Length int64 `json:"length,omitempty"`
-
-		// Repository identifies the named repository.
-		Repository string `json:"repository,omitempty"`
-
-		// FromRepository identifies the named repository which a blob was mounted
-		// from if appropriate.
-		FromRepository string `json:"fromRepository,omitempty"`
-
-		// URL provides a direct link to the content.
-		URL string `json:"url,omitempty"`
-
-		// Tag provides the tag
-		Tag string `json:"tag,omitempty"`
-
-		// References provides the references descriptors.
-		References []distribution.Descriptor `json:"references,omitempty"`
-	} `json:"target,omitempty"`
-
-	// Request covers the request that generated the event.
-	Request RequestRecord `json:"request,omitempty"`
-
-	// Actor specifies the agent that initiated the event. For most
-	// situations, this could be from the authorization context of the request.
-	Actor ActorRecord `json:"actor,omitempty"`
-
-	// Source identifies the registry node that generated the event. Put
-	// differently, while the actor "initiates" the event, the source
-	// "generates" it.
-	Source SourceRecord `json:"source,omitempty"`
-}
-
-// ActorRecord specifies the agent that initiated the event. For most
-// situations, this could be from the authorization context of the request.
-// Data in this record can refer to both the initiating client and the
-// generating request.
-type ActorRecord struct {
-	// Name corresponds to the subject or username associated with the
-	// request context that generated the event.
-	Name string `json:"name,omitempty"`
-
-	// TODO(stevvooe): Look into setting a session cookie to get this
-	// without docker daemon.
-	//    SessionID
-
-	// TODO(stevvooe): Push the "Docker-Command" header to replace cookie and
-	// get the actual command.
-	//    Command
-}
-
-// RequestRecord covers the request that generated the event.
-type RequestRecord struct {
-	// ID uniquely identifies the request that initiated the event.
-	ID string `json:"id"`
-
-	// Addr contains the ip or hostname and possibly port of the client
-	// connection that initiated the event. This is the RemoteAddr from
-	// the standard http request.
-	Addr string `json:"addr,omitempty"`
-
-	// Host is the externally accessible host name of the registry instance,
-	// as specified by the http host header on incoming requests.
-	Host string `json:"host,omitempty"`
-
-	// Method has the request method that generated the event.
-	Method string `json:"method"`
-
-	// UserAgent contains the user agent header of the request.
-	UserAgent string `json:"useragent"`
-}
-
-// SourceRecord identifies the registry node that generated the event. Put
-// differently, while the actor "initiates" the event, the source "generates"
-// it.
-type SourceRecord struct {
-	// Addr contains the ip or hostname and the port of the registry node
-	// that generated the event. Generally, this will be resolved by
-	// os.Hostname() along with the running port.
-	Addr string `json:"addr,omitempty"`
-
-	// InstanceID identifies a running instance of an application. Changes
-	// after each restart.
-	InstanceID string `json:"instanceID,omitempty"`
-}
-
-var (
-	// ErrSinkClosed is returned if a write is issued to a sink that has been
-	// closed. If encountered, the error should be considered terminal and
-	// retries will not be successful.
-	ErrSinkClosed = fmt.Errorf("sink: closed")
-)
-
-// Sink accepts and sends events.
-type Sink interface {
-	// Write writes one or more events to the sink. If no error is returned,
-	// the caller will assume that all events have been committed and will not
-	// try to send them again. If an error is received, the caller may retry
-	// sending the event. The caller should cede the slice of memory to the
-	// sink and not modify it after calling this method.
-	Write(events ...Event) error
-
-	// Close the sink, possibly waiting for pending events to flush.
-	Close() error
-}
diff --git a/vendor/github.com/docker/distribution/notifications/http.go b/vendor/github.com/docker/distribution/notifications/http.go
deleted file mode 100644
index 46f47af2b..000000000
--- a/vendor/github.com/docker/distribution/notifications/http.go
+++ /dev/null
@@ -1,149 +0,0 @@
-package notifications
-
-import (
-	"bytes"
-	"encoding/json"
-	"fmt"
-	"net/http"
-	"sync"
-	"time"
-)
-
-// httpSink implements a single-flight, http notification endpoint. This is
-// very lightweight in that it only makes an attempt at an http request.
-// Reliability should be provided by the caller.
-type httpSink struct {
-	url string
-
-	mu        sync.Mutex
-	closed    bool
-	client    *http.Client
-	listeners []httpStatusListener
-
-	// TODO(stevvooe): Allow one to configure the media type accepted by this
-	// sink and choose the serialization based on that.
-}
-
-// newHTTPSink returns an unreliable, single-flight http sink. Wrap in other
-// sinks for increased reliability.
-func newHTTPSink(u string, timeout time.Duration, headers http.Header, transport *http.Transport, listeners ...httpStatusListener) *httpSink {
-	if transport == nil {
-		transport = http.DefaultTransport.(*http.Transport)
-	}
-	return &httpSink{
-		url:       u,
-		listeners: listeners,
-		client: &http.Client{
-			Transport: &headerRoundTripper{
-				Transport: transport,
-				headers:   headers,
-			},
-			Timeout: timeout,
-		},
-	}
-}
-
-// httpStatusListener is called on various outcomes of sending notifications.
-type httpStatusListener interface {
-	success(status int, events ...Event)
-	failure(status int, events ...Event)
-	err(err error, events ...Event)
-}
-
-// Accept makes an attempt to notify the endpoint, returning an error if it
-// fails. It is the caller's responsibility to retry on error. The events are
-// accepted or rejected as a group.
-func (hs *httpSink) Write(events ...Event) error {
-	hs.mu.Lock()
-	defer hs.mu.Unlock()
-	defer hs.client.Transport.(*headerRoundTripper).CloseIdleConnections()
-
-	if hs.closed {
-		return ErrSinkClosed
-	}
-
-	envelope := Envelope{
-		Events: events,
-	}
-
-	// TODO(stevvooe): It is not ideal to keep re-encoding the request body on
-	// retry but we are going to do it to keep the code simple. It is likely
-	// we could change the event struct to manage its own buffer.
-
-	p, err := json.MarshalIndent(envelope, "", "   ")
-	if err != nil {
-		for _, listener := range hs.listeners {
-			listener.err(err, events...)
-		}
-		return fmt.Errorf("%v: error marshaling event envelope: %v", hs, err)
-	}
-
-	body := bytes.NewReader(p)
-	resp, err := hs.client.Post(hs.url, EventsMediaType, body)
-	if err != nil {
-		for _, listener := range hs.listeners {
-			listener.err(err, events...)
-		}
-
-		return fmt.Errorf("%v: error posting: %v", hs, err)
-	}
-	defer resp.Body.Close()
-
-	// The notifier will treat any 2xx or 3xx response as accepted by the
-	// endpoint.
-	switch {
-	case resp.StatusCode >= 200 && resp.StatusCode < 400:
-		for _, listener := range hs.listeners {
-			listener.success(resp.StatusCode, events...)
-		}
-
-		// TODO(stevvooe): This is a little accepting: we may want to support
-		// unsupported media type responses with retries using the correct
-		// media type. There may also be cases that will never work.
-
-		return nil
-	default:
-		for _, listener := range hs.listeners {
-			listener.failure(resp.StatusCode, events...)
-		}
-		return fmt.Errorf("%v: response status %v unaccepted", hs, resp.Status)
-	}
-}
-
-// Close the endpoint
-func (hs *httpSink) Close() error {
-	hs.mu.Lock()
-	defer hs.mu.Unlock()
-
-	if hs.closed {
-		return fmt.Errorf("httpsink: already closed")
-	}
-
-	hs.closed = true
-	return nil
-}
-
-func (hs *httpSink) String() string {
-	return fmt.Sprintf("httpSink{%s}", hs.url)
-}
-
-type headerRoundTripper struct {
-	*http.Transport // must be transport to support CancelRequest
-	headers         http.Header
-}
-
-func (hrt *headerRoundTripper) RoundTrip(req *http.Request) (*http.Response, error) {
-	var nreq = *req
-	nreq.Header = make(http.Header)
-
-	merge := func(headers http.Header) {
-		for k, v := range headers {
-			nreq.Header[k] = append(nreq.Header[k], v...)
-		}
-	}
-
-	merge(req.Header)
-	merge(hrt.headers)
-
-	return hrt.Transport.RoundTrip(&nreq)
-}
diff --git a/vendor/github.com/docker/distribution/notifications/listener.go b/vendor/github.com/docker/distribution/notifications/listener.go
deleted file mode 100644
index 98ad8da9f..000000000
--- a/vendor/github.com/docker/distribution/notifications/listener.go
+++ /dev/null
@@ -1,263 +0,0 @@
-package notifications
-
-import (
-	"context"
-	"net/http"
-
-	"github.com/docker/distribution"
-
-	dcontext "github.com/docker/distribution/context"
-	"github.com/docker/distribution/reference"
-	"github.com/opencontainers/go-digest"
-)
-
-// ManifestListener describes a set of methods for listening to events related to manifests.
-type ManifestListener interface {
-	ManifestPushed(repo reference.Named, sm distribution.Manifest, options ...distribution.ManifestServiceOption) error
-	ManifestPulled(repo reference.Named, sm distribution.Manifest, options ...distribution.ManifestServiceOption) error
-	ManifestDeleted(repo reference.Named, dgst digest.Digest) error
-}
-
-// BlobListener describes a listener that can respond to layer related events.
-type BlobListener interface {
-	BlobPushed(repo reference.Named, desc distribution.Descriptor) error
-	BlobPulled(repo reference.Named, desc distribution.Descriptor) error
-	BlobMounted(repo reference.Named, desc distribution.Descriptor, fromRepo reference.Named) error
-	BlobDeleted(repo reference.Named, desc digest.Digest) error
-}
-
-// RepoListener provides repository methods that respond to repository lifecycle
-type RepoListener interface {
-	TagDeleted(repo reference.Named, tag string) error
-	RepoDeleted(repo reference.Named) error
-}
-
-// Listener combines all repository events into a single interface.
-type Listener interface {
-	ManifestListener
-	BlobListener
-	RepoListener
-}
-
-type repositoryListener struct {
-	distribution.Repository
-	listener Listener
-}
-
-type removerListener struct {
-	distribution.RepositoryRemover
-	listener Listener
-}
-
-// Listen dispatches events on the repository to the listener.
-func Listen(repo distribution.Repository, remover distribution.RepositoryRemover, listener Listener) (distribution.Repository, distribution.RepositoryRemover) {
-	return &repositoryListener{
-			Repository: repo,
-			listener:   listener,
-		}, &removerListener{
-			RepositoryRemover: remover,
-			listener:          listener,
-		}
-}
-
-func (nl *removerListener) Remove(ctx context.Context, name reference.Named) error {
-	err := nl.RepositoryRemover.Remove(ctx, name)
-	if err != nil {
-		return err
-	}
-	return nl.listener.RepoDeleted(name)
-}
-
-func (rl *repositoryListener) Manifests(ctx context.Context, options ...distribution.ManifestServiceOption) (distribution.ManifestService, error) {
-	manifests, err := rl.Repository.Manifests(ctx, options...)
-	if err != nil {
-		return nil, err
-	}
-	return &manifestServiceListener{
-		ManifestService: manifests,
-		parent:          rl,
-	}, nil
-}
-
-func (rl *repositoryListener) Blobs(ctx context.Context) distribution.BlobStore {
-	return &blobServiceListener{
-		BlobStore: rl.Repository.Blobs(ctx),
-		parent:    rl,
-	}
-}
-
-type manifestServiceListener struct {
-	distribution.ManifestService
-	parent *repositoryListener
-}
-
-func (msl *manifestServiceListener) Delete(ctx context.Context, dgst digest.Digest) error {
-	err := msl.ManifestService.Delete(ctx, dgst)
-	if err == nil {
-		if err := msl.parent.listener.ManifestDeleted(msl.parent.Repository.Named(), dgst); err != nil {
-			dcontext.GetLogger(ctx).Errorf("error dispatching manifest delete to listener: %v", err)
-		}
-	}
-
-	return err
-}
-
-func (msl *manifestServiceListener) Get(ctx context.Context, dgst digest.Digest, options ...distribution.ManifestServiceOption) (distribution.Manifest, error) {
-	sm, err := msl.ManifestService.Get(ctx, dgst, options...)
-	if err == nil {
-		if err := msl.parent.listener.ManifestPulled(msl.parent.Repository.Named(), sm, options...); err != nil {
-			dcontext.GetLogger(ctx).Errorf("error dispatching manifest pull to listener: %v", err)
-		}
-	}
-
-	return sm, err
-}
-
-func (msl *manifestServiceListener) Put(ctx context.Context, sm distribution.Manifest, options ...distribution.ManifestServiceOption) (digest.Digest, error) {
-	dgst, err := msl.ManifestService.Put(ctx, sm, options...)
-
-	if err == nil {
-		if err := msl.parent.listener.ManifestPushed(msl.parent.Repository.Named(), sm, options...); err != nil {
-			dcontext.GetLogger(ctx).Errorf("error dispatching manifest push to listener: %v", err)
-		}
-	}
-
-	return dgst, err
-}
-
-type blobServiceListener struct {
-	distribution.BlobStore
-	parent *repositoryListener
-}
-
-var _ distribution.BlobStore = &blobServiceListener{}
-
-func (bsl *blobServiceListener) Get(ctx context.Context, dgst digest.Digest) ([]byte, error) {
-	p, err := bsl.BlobStore.Get(ctx, dgst)
-	if err == nil {
-		if desc, err := bsl.Stat(ctx, dgst); err != nil {
-			dcontext.GetLogger(ctx).Errorf("error resolving descriptor in ServeBlob listener: %v", err)
-		} else {
-			if err := bsl.parent.listener.BlobPulled(bsl.parent.Repository.Named(), desc); err != nil {
-				dcontext.GetLogger(ctx).Errorf("error dispatching layer pull to listener: %v", err)
-			}
-		}
-	}
-
-	return p, err
-}
-
-func (bsl *blobServiceListener) Open(ctx context.Context, dgst digest.Digest) (distribution.ReadSeekCloser, error) {
-	rc, err := bsl.BlobStore.Open(ctx, dgst)
-	if err == nil {
-		if desc, err := bsl.Stat(ctx, dgst); err != nil {
-			dcontext.GetLogger(ctx).Errorf("error resolving descriptor in ServeBlob listener: %v", err)
-		} else {
-			if err := bsl.parent.listener.BlobPulled(bsl.parent.Repository.Named(), desc); err != nil {
-				dcontext.GetLogger(ctx).Errorf("error dispatching layer pull to listener: %v", err)
-			}
-		}
-	}
-
-	return rc, err
-}
-
-func (bsl *blobServiceListener) ServeBlob(ctx context.Context, w http.ResponseWriter, r *http.Request, dgst digest.Digest) error {
-	err := bsl.BlobStore.ServeBlob(ctx, w, r, dgst)
-	if err == nil {
-		if desc, err := bsl.Stat(ctx, dgst); err != nil {
-			dcontext.GetLogger(ctx).Errorf("error resolving descriptor in ServeBlob listener: %v", err)
-		} else {
-			if err := bsl.parent.listener.BlobPulled(bsl.parent.Repository.Named(), desc); err != nil {
-				dcontext.GetLogger(ctx).Errorf("error dispatching layer pull to listener: %v", err)
-			}
-		}
-	}
-
-	return err
-}
-
-func (bsl *blobServiceListener) Put(ctx context.Context, mediaType string, p []byte) (distribution.Descriptor, error) {
-	desc, err := bsl.BlobStore.Put(ctx, mediaType, p)
-	if err == nil {
-		if err := bsl.parent.listener.BlobPushed(bsl.parent.Repository.Named(), desc); err != nil {
-			dcontext.GetLogger(ctx).Errorf("error dispatching layer push to listener: %v", err)
-		}
-	}
-
-	return desc, err
-}
-
-func (bsl *blobServiceListener) Create(ctx context.Context, options ...distribution.BlobCreateOption) (distribution.BlobWriter, error) {
-	wr, err := bsl.BlobStore.Create(ctx, options...)
-	switch err := err.(type) {
-	case distribution.ErrBlobMounted:
-		if err := bsl.parent.listener.BlobMounted(bsl.parent.Repository.Named(), err.Descriptor, err.From); err != nil {
-			dcontext.GetLogger(ctx).Errorf("error dispatching blob mount to listener: %v", err)
-		}
-		return nil, err
-	}
-	return bsl.decorateWriter(wr), err
-}
-
-func (bsl *blobServiceListener) Delete(ctx context.Context, dgst digest.Digest) error {
-	err := bsl.BlobStore.Delete(ctx, dgst)
-	if err == nil {
-		if err := bsl.parent.listener.BlobDeleted(bsl.parent.Repository.Named(), dgst); err != nil {
-			dcontext.GetLogger(ctx).Errorf("error dispatching layer delete to listener: %v", err)
-		}
-	}
-
-	return err
-}
-
-func (bsl *blobServiceListener) Resume(ctx context.Context, id string) (distribution.BlobWriter, error) {
-	wr, err := bsl.BlobStore.Resume(ctx, id)
-	return bsl.decorateWriter(wr), err
-}
-
-func (bsl *blobServiceListener) decorateWriter(wr distribution.BlobWriter) distribution.BlobWriter {
-	return &blobWriterListener{
-		BlobWriter: wr,
-		parent:     bsl,
-	}
-}
-
-type blobWriterListener struct {
-	distribution.BlobWriter
-	parent *blobServiceListener
-}
-
-func (bwl *blobWriterListener) Commit(ctx context.Context, desc distribution.Descriptor) (distribution.Descriptor, error) {
-	committed, err := bwl.BlobWriter.Commit(ctx, desc)
-	if err == nil {
-		if err := bwl.parent.parent.listener.BlobPushed(bwl.parent.parent.Repository.Named(), committed); err != nil {
-			dcontext.GetLogger(ctx).Errorf("error dispatching blob push to listener: %v", err)
-		}
-	}
-
-	return committed, err
-}
-
-type tagServiceListener struct {
-	distribution.TagService
-	parent *repositoryListener
-}
-
-func (rl *repositoryListener) Tags(ctx context.Context) distribution.TagService {
-	return &tagServiceListener{
-		TagService: rl.Repository.Tags(ctx),
-		parent:     rl,
-	}
-}
-
-func (tagSL *tagServiceListener) Untag(ctx context.Context, tag string) error {
-	if err := tagSL.TagService.Untag(ctx, tag); err != nil {
-		return err
-	}
-	if err := tagSL.parent.listener.TagDeleted(tagSL.parent.Repository.Named(), tag); err != nil {
-		dcontext.GetLogger(ctx).Errorf("error dispatching tag deleted to listener: %v", err)
-		return err
-	}
-	return nil
-}
diff --git a/vendor/github.com/docker/distribution/notifications/metrics.go b/vendor/github.com/docker/distribution/notifications/metrics.go
deleted file mode 100644
index a20af1687..000000000
--- a/vendor/github.com/docker/distribution/notifications/metrics.go
+++ /dev/null
@@ -1,152 +0,0 @@
-package notifications
-
-import (
-	"expvar"
-	"fmt"
-	"net/http"
-	"sync"
-)
-
-// EndpointMetrics track various actions taken by the endpoint, typically by
-// number of events. The goal of this to export it via expvar but we may find
-// some other future solution to be better.
-type EndpointMetrics struct {
-	Pending   int            // events pending in queue
-	Events    int            // total events incoming
-	Successes int            // total events written successfully
-	Failures  int            // total events failed
-	Errors    int            // total events errored
-	Statuses  map[string]int // status code histogram, per call event
-}
-
-// safeMetrics guards the metrics implementation with a lock and provides a
-// safe update function.
-type safeMetrics struct {
-	EndpointMetrics
-	sync.Mutex // protects statuses map
-}
-
-// newSafeMetrics returns safeMetrics with map allocated.
-func newSafeMetrics() *safeMetrics {
-	var sm safeMetrics
-	sm.Statuses = make(map[string]int)
-	return &sm
-}
-
-// httpStatusListener returns the listener for the http sink that updates the
-// relevant counters.
-func (sm *safeMetrics) httpStatusListener() httpStatusListener {
-	return &endpointMetricsHTTPStatusListener{
-		safeMetrics: sm,
-	}
-}
-
-// eventQueueListener returns a listener that maintains queue related counters.
-func (sm *safeMetrics) eventQueueListener() eventQueueListener {
-	return &endpointMetricsEventQueueListener{
-		safeMetrics: sm,
-	}
-}
-
-// endpointMetricsHTTPStatusListener increments counters related to http sinks
-// for the relevant events.
-type endpointMetricsHTTPStatusListener struct {
-	*safeMetrics
-}
-
-var _ httpStatusListener = &endpointMetricsHTTPStatusListener{}
-
-func (emsl *endpointMetricsHTTPStatusListener) success(status int, events ...Event) {
-	emsl.safeMetrics.Lock()
-	defer emsl.safeMetrics.Unlock()
-	emsl.Statuses[fmt.Sprintf("%d %s", status, http.StatusText(status))] += len(events)
-	emsl.Successes += len(events)
-}
-
-func (emsl *endpointMetricsHTTPStatusListener) failure(status int, events ...Event) {
-	emsl.safeMetrics.Lock()
-	defer emsl.safeMetrics.Unlock()
-	emsl.Statuses[fmt.Sprintf("%d %s", status, http.StatusText(status))] += len(events)
-	emsl.Failures += len(events)
-}
-
-func (emsl *endpointMetricsHTTPStatusListener) err(err error, events ...Event) {
-	emsl.safeMetrics.Lock()
-	defer emsl.safeMetrics.Unlock()
-	emsl.Errors += len(events)
-}
-
-// endpointMetricsEventQueueListener maintains the incoming events counter and
-// the queues pending count.
-type endpointMetricsEventQueueListener struct {
-	*safeMetrics
-}
-
-func (eqc *endpointMetricsEventQueueListener) ingress(events ...Event) {
-	eqc.Lock()
-	defer eqc.Unlock()
-	eqc.Events += len(events)
-	eqc.Pending += len(events)
-}
-
-func (eqc *endpointMetricsEventQueueListener) egress(events ...Event) {
-	eqc.Lock()
-	defer eqc.Unlock()
-	eqc.Pending -= len(events)
-}
-
-// endpoints is global registry of endpoints used to report metrics to expvar
-var endpoints struct {
-	registered []*Endpoint
-	mu         sync.Mutex
-}
-
-// register places the endpoint into expvar so that stats are tracked.
-func register(e *Endpoint) {
-	endpoints.mu.Lock()
-	defer endpoints.mu.Unlock()
-
-	endpoints.registered = append(endpoints.registered, e)
-}
-
-func init() {
-	// NOTE(stevvooe): Setup registry metrics structure to report to expvar.
-	// Ideally, we do more metrics through logging but we need some nice
-	// realtime metrics for queue state for now.
-
-	registry := expvar.Get("registry")
-
-	if registry == nil {
-		registry = expvar.NewMap("registry")
-	}
-
-	var notifications expvar.Map
-	notifications.Init()
-	notifications.Set("endpoints", expvar.Func(func() interface{} {
-		endpoints.mu.Lock()
-		defer endpoints.mu.Unlock()
-
-		var names []interface{}
-		for _, v := range endpoints.registered {
-			var epjson struct {
-				Name string `json:"name"`
-				URL  string `json:"url"`
-				EndpointConfig
-
-				Metrics EndpointMetrics
-			}
-
-			epjson.Name = v.Name()
-			epjson.URL = v.URL()
-			epjson.EndpointConfig = v.EndpointConfig
-
-			v.ReadMetrics(&epjson.Metrics)
-
-			names = append(names, epjson)
-		}
-
-		return names
-	}))
-
-	registry.(*expvar.Map).Set("notifications", &notifications)
-}
diff --git a/vendor/github.com/docker/distribution/notifications/sinks.go b/vendor/github.com/docker/distribution/notifications/sinks.go
deleted file mode 100644
index 816f75d7b..000000000
--- a/vendor/github.com/docker/distribution/notifications/sinks.go
+++ /dev/null
@@ -1,387 +0,0 @@
-package notifications
-
-import (
-	"container/list"
-	"fmt"
-	"sync"
-	"time"
-
-	"github.com/sirupsen/logrus"
-)
-
-// NOTE(stevvooe): This file contains definitions for several utility sinks.
-// Typically, the broadcaster is the only sink that should be required
-// externally, but others are suitable for export if the need arises. Albeit,
-// the tight integration with endpoint metrics should be removed.
-
-// Broadcaster sends events to multiple, reliable Sinks. The goal of this
-// component is to dispatch events to configured endpoints. Reliability can be
-// provided by wrapping incoming sinks.
-type Broadcaster struct {
-	sinks  []Sink
-	events chan []Event
-	closed chan chan struct{}
-}
-
-// NewBroadcaster ...
-// Add appends one or more sinks to the list of sinks. The broadcaster
-// behavior will be affected by the properties of the sink. Generally, the
-// sink should accept all messages and deal with reliability on its own. Use
-// of EventQueue and RetryingSink should be used here.
-func NewBroadcaster(sinks ...Sink) *Broadcaster {
-	b := Broadcaster{
-		sinks:  sinks,
-		events: make(chan []Event),
-		closed: make(chan chan struct{}),
-	}
-
-	// Start the broadcaster
-	go b.run()
-
-	return &b
-}
-
-// Write accepts a block of events to be dispatched to all sinks. This method
-// will never fail and should never block (hopefully!). The caller cedes the
-// slice memory to the broadcaster and should not modify it after calling
-// write.
-func (b *Broadcaster) Write(events ...Event) error {
-	select {
-	case b.events <- events:
-	case <-b.closed:
-		return ErrSinkClosed
-	}
-	return nil
-}
-
-// Close the broadcaster, ensuring that all messages are flushed to the
-// underlying sink before returning.
-func (b *Broadcaster) Close() error {
-	logrus.Infof("broadcaster: closing")
-	select {
-	case <-b.closed:
-		// already closed
-		return fmt.Errorf("broadcaster: already closed")
-	default:
-		// do a little chan handoff dance to synchronize closing
-		closed := make(chan struct{})
-		b.closed <- closed
-		close(b.closed)
-		<-closed
-		return nil
-	}
-}
-
-// run is the main broadcast loop, started when the broadcaster is created.
-// Under normal conditions, it waits for events on the event channel. After
-// Close is called, this goroutine will exit.
-func (b *Broadcaster) run() {
-	for {
-		select {
-		case block := <-b.events:
-			for _, sink := range b.sinks {
-				if err := sink.Write(block...); err != nil {
-					logrus.Errorf("broadcaster: error writing events to %v, these events will be lost: %v", sink, err)
-				}
-			}
-		case closing := <-b.closed:
-
-			// close all the underlying sinks
-			for _, sink := range b.sinks {
-				if err := sink.Close(); err != nil {
-					logrus.Errorf("broadcaster: error closing sink %v: %v", sink, err)
-				}
-			}
-			closing <- struct{}{}
-
-			logrus.Debugf("broadcaster: closed")
-			return
-		}
-	}
-}
-
-// eventQueue accepts all messages into a queue for asynchronous consumption
-// by a sink. It is unbounded and thread safe but the sink must be reliable or
-// events will be dropped.
-type eventQueue struct {
-	sink      Sink
-	events    *list.List
-	listeners []eventQueueListener
-	cond      *sync.Cond
-	mu        sync.Mutex
-	closed    bool
-}
-
-// eventQueueListener is called when various events happen on the queue.
-type eventQueueListener interface {
-	ingress(events ...Event)
-	egress(events ...Event)
-}
-
-// newEventQueue returns a queue to the provided sink. If the updater is non-
-// nil, it will be called to update pending metrics on ingress and egress.
-func newEventQueue(sink Sink, listeners ...eventQueueListener) *eventQueue {
-	eq := eventQueue{
-		sink:      sink,
-		events:    list.New(),
-		listeners: listeners,
-	}
-
-	eq.cond = sync.NewCond(&eq.mu)
-	go eq.run()
-	return &eq
-}
-
-// Write accepts the events into the queue, only failing if the queue has
-// beend closed.
-func (eq *eventQueue) Write(events ...Event) error {
-	eq.mu.Lock()
-	defer eq.mu.Unlock()
-
-	if eq.closed {
-		return ErrSinkClosed
-	}
-
-	for _, listener := range eq.listeners {
-		listener.ingress(events...)
-	}
-	eq.events.PushBack(events)
-	eq.cond.Signal() // signal waiters
-
-	return nil
-}
-
-// Close shuts down the event queue, flushing
-func (eq *eventQueue) Close() error {
-	eq.mu.Lock()
-	defer eq.mu.Unlock()
-
-	if eq.closed {
-		return fmt.Errorf("eventqueue: already closed")
-	}
-
-	// set closed flag
-	eq.closed = true
-	eq.cond.Signal() // signal flushes queue
-	eq.cond.Wait()   // wait for signal from last flush
-
-	return eq.sink.Close()
-}
-
-// run is the main goroutine to flush events to the target sink.
-func (eq *eventQueue) run() {
-	for {
-		block := eq.next()
-
-		if block == nil {
-			return // nil block means event queue is closed.
-		}
-
-		if err := eq.sink.Write(block...); err != nil {
-			logrus.Warnf("eventqueue: error writing events to %v, these events will be lost: %v", eq.sink, err)
-		}
-
-		for _, listener := range eq.listeners {
-			listener.egress(block...)
-		}
-	}
-}
-
-// next encompasses the critical section of the run loop. When the queue is
-// empty, it will block on the condition. If new data arrives, it will wake
-// and return a block. When closed, a nil slice will be returned.
-func (eq *eventQueue) next() []Event {
-	eq.mu.Lock()
-	defer eq.mu.Unlock()
-
-	for eq.events.Len() < 1 {
-		if eq.closed {
-			eq.cond.Broadcast()
-			return nil
-		}
-
-		eq.cond.Wait()
-	}
-
-	front := eq.events.Front()
-	block := front.Value.([]Event)
-	eq.events.Remove(front)
-
-	return block
-}
-
-// ignoredSink discards events with ignored target media types and actions.
-// passes the rest along.
-type ignoredSink struct {
-	Sink
-	ignoreMediaTypes map[string]bool
-	ignoreActions    map[string]bool
-}
-
-func newIgnoredSink(sink Sink, ignored []string, ignoreActions []string) Sink {
-	if len(ignored) == 0 {
-		return sink
-	}
-
-	ignoredMap := make(map[string]bool)
-	for _, mediaType := range ignored {
-		ignoredMap[mediaType] = true
-	}
-
-	ignoredActionsMap := make(map[string]bool)
-	for _, action := range ignoreActions {
-		ignoredActionsMap[action] = true
-	}
-
-	return &ignoredSink{
-		Sink:             sink,
-		ignoreMediaTypes: ignoredMap,
-		ignoreActions:    ignoredActionsMap,
-	}
-}
-
-// Write discards events with ignored target media types and passes the rest
-// along.
-func (imts *ignoredSink) Write(events ...Event) error {
-	var kept []Event
-	for _, e := range events {
-		if !imts.ignoreMediaTypes[e.Target.MediaType] {
-			kept = append(kept, e)
-		}
-	}
-	if len(kept) == 0 {
-		return nil
-	}
-
-	var results []Event
-	for _, e := range kept {
-		if !imts.ignoreActions[e.Action] {
-			results = append(results, e)
-		}
-	}
-	if len(results) == 0 {
-		return nil
-	}
-	return imts.Sink.Write(results...)
-}
-
-// retryingSink retries the write until success or an ErrSinkClosed is
-// returned. Underlying sink must have p > 0 of succeeding or the sink will
-// block. Internally, it is a circuit breaker retries to manage reset.
-// Concurrent calls to a retrying sink are serialized through the sink,
-// meaning that if one is in-flight, another will not proceed.
-type retryingSink struct {
-	mu     sync.Mutex
-	sink   Sink
-	closed bool
-
-	// circuit breaker heuristics
-	failures struct {
-		threshold int
-		recent    int
-		last      time.Time
-		backoff   time.Duration // time after which we retry after failure.
-	}
-}
-
-// TODO(stevvooe): We are using circuit break here, which actually doesn't
-// make a whole lot of sense for this use case, since we always retry. Move
-// this to use bounded exponential backoff.
-
-// newRetryingSink returns a sink that will retry writes to a sink, backing
-// off on failure. Parameters threshold and backoff adjust the behavior of the
-// circuit breaker.
-func newRetryingSink(sink Sink, threshold int, backoff time.Duration) *retryingSink {
-	rs := &retryingSink{
-		sink: sink,
-	}
-	rs.failures.threshold = threshold
-	rs.failures.backoff = backoff
-
-	return rs
-}
-
-// Write attempts to flush the events to the downstream sink until it succeeds
-// or the sink is closed.
-func (rs *retryingSink) Write(events ...Event) error {
-	rs.mu.Lock()
-	defer rs.mu.Unlock()
-
-retry:
-
-	if rs.closed {
-		return ErrSinkClosed
-	}
-
-	if !rs.proceed() {
-		logrus.Warnf("%v encountered too many errors, backing off", rs.sink)
-		rs.wait(rs.failures.backoff)
-		goto retry
-	}
-
-	if err := rs.write(events...); err != nil {
-		if err == ErrSinkClosed {
-			// terminal!
-			return err
-		}
-
-		logrus.Errorf("retryingsink: error writing events: %v, retrying", err)
-		goto retry
-	}
-
-	return nil
-}
-
-// Close closes the sink and the underlying sink.
-func (rs *retryingSink) Close() error {
-	rs.mu.Lock()
-	defer rs.mu.Unlock()
-
-	if rs.closed {
-		return fmt.Errorf("retryingsink: already closed")
-	}
-
-	rs.closed = true
-	return rs.sink.Close()
-}
-
-// write provides a helper that dispatches failure and success properly. Used
-// by write as the single-flight write call.
-func (rs *retryingSink) write(events ...Event) error {
-	if err := rs.sink.Write(events...); err != nil {
-		rs.failure()
-		return err
-	}
-
-	rs.reset()
-	return nil
-}
-
-// wait backoff time against the sink, unlocking so others can proceed. Should
-// only be called by methods that currently have the mutex.
-func (rs *retryingSink) wait(backoff time.Duration) {
-	rs.mu.Unlock()
-	defer rs.mu.Lock()
-
-	// backoff here
-	time.Sleep(backoff)
-}
-
-// reset marks a successful call.
-func (rs *retryingSink) reset() {
-	rs.failures.recent = 0
-	rs.failures.last = time.Time{}
-}
-
-// failure records a failure.
-func (rs *retryingSink) failure() {
-	rs.failures.recent++
-	rs.failures.last = time.Now().UTC()
-}
-
-// proceed returns true if the call should proceed based on circuit breaker
-// heuristics.
-func (rs *retryingSink) proceed() bool {
-	return rs.failures.recent < rs.failures.threshold ||
-		time.Now().UTC().After(rs.failures.last.Add(rs.failures.backoff))
-}
diff --git a/vendor/github.com/docker/distribution/registry/auth/auth.go b/vendor/github.com/docker/distribution/registry/auth/auth.go
deleted file mode 100644
index 9cb036f1f..000000000
--- a/vendor/github.com/docker/distribution/registry/auth/auth.go
+++ /dev/null
@@ -1,200 +0,0 @@
-// Package auth defines a standard interface for request access controllers.
-//
-// An access controller has a simple interface with a single `Authorized`
-// method which checks that a given request is authorized to perform one or
-// more actions on one or more resources. This method should return a non-nil
-// error if the request is not authorized.
-//
-// An implementation registers its access controller by name with a constructor
-// which accepts an options map for configuring the access controller.
-//
-//	options := map[string]interface{}{"sillySecret": "whysosilly?"}
-//	accessController, _ := auth.GetAccessController("silly", options)
-//
-// This `accessController` can then be used in a request handler like so:
-//
-//	func updateOrder(w http.ResponseWriter, r *http.Request) {
-//		orderNumber := r.FormValue("orderNumber")
-//		resource := auth.Resource{Type: "customerOrder", Name: orderNumber}
-//		access := auth.Access{Resource: resource, Action: "update"}
-//
-//		if ctx, err := accessController.Authorized(ctx, access); err != nil {
-//			if challenge, ok := err.(auth.Challenge) {
-//				// Let the challenge write the response.
-//				challenge.SetHeaders(r, w)
-//				w.WriteHeader(http.StatusUnauthorized)
-//				return
-//			} else {
-//				// Some other error.
-//			}
-//		}
-//	}
-package auth
-
-import (
-	"context"
-	"errors"
-	"fmt"
-	"net/http"
-)
-
-const (
-	// UserKey is used to get the user object from
-	// a user context
-	UserKey = "auth.user"
-
-	// UserNameKey is used to get the user name from
-	// a user context
-	UserNameKey = "auth.user.name"
-)
-
-var (
-	// ErrInvalidCredential is returned when the auth token does not authenticate correctly.
-	ErrInvalidCredential = errors.New("invalid authorization credential")
-
-	// ErrAuthenticationFailure returned when authentication fails.
-	ErrAuthenticationFailure = errors.New("authentication failure")
-)
-
-// UserInfo carries information about
-// an autenticated/authorized client.
-type UserInfo struct {
-	Name string
-}
-
-// Resource describes a resource by type and name.
-type Resource struct {
-	Type  string
-	Class string
-	Name  string
-}
-
-// Access describes a specific action that is
-// requested or allowed for a given resource.
-type Access struct {
-	Resource
-	Action string
-}
-
-// Challenge is a special error type which is used for HTTP 401 Unauthorized
-// responses and is able to write the response with WWW-Authenticate challenge
-// header values based on the error.
-type Challenge interface {
-	error
-
-	// SetHeaders prepares the request to conduct a challenge response by
-	// adding the an HTTP challenge header on the response message. Callers
-	// are expected to set the appropriate HTTP status code (e.g. 401)
-	// themselves.
-	SetHeaders(r *http.Request, w http.ResponseWriter)
-}
-
-// AccessController controls access to registry resources based on a request
-// and required access levels for a request. Implementations can support both
-// complete denial and http authorization challenges.
-type AccessController interface {
-	// Authorized returns a non-nil error if the context is granted access and
-	// returns a new authorized context. If one or more Access structs are
-	// provided, the requested access will be compared with what is available
-	// to the context. The given context will contain a "http.request" key with
-	// a `*http.Request` value. If the error is non-nil, access should always
-	// be denied. The error may be of type Challenge, in which case the caller
-	// may have the Challenge handle the request or choose what action to take
-	// based on the Challenge header or response status. The returned context
-	// object should have a "auth.user" value set to a UserInfo struct.
-	Authorized(ctx context.Context, access ...Access) (context.Context, error)
-}
-
-// CredentialAuthenticator is an object which is able to authenticate credentials
-type CredentialAuthenticator interface {
-	AuthenticateUser(username, password string) error
-}
-
-// WithUser returns a context with the authorized user info.
-func WithUser(ctx context.Context, user UserInfo) context.Context {
-	return userInfoContext{
-		Context: ctx,
-		user:    user,
-	}
-}
-
-type userInfoContext struct {
-	context.Context
-	user UserInfo
-}
-
-func (uic userInfoContext) Value(key interface{}) interface{} {
-	switch key {
-	case UserKey:
-		return uic.user
-	case UserNameKey:
-		return uic.user.Name
-	}
-
-	return uic.Context.Value(key)
-}
-
-// WithResources returns a context with the authorized resources.
-func WithResources(ctx context.Context, resources []Resource) context.Context {
-	return resourceContext{
-		Context:   ctx,
-		resources: resources,
-	}
-}
-
-type resourceContext struct {
-	context.Context
-	resources []Resource
-}
-
-type resourceKey struct{}
-
-func (rc resourceContext) Value(key interface{}) interface{} {
-	if key == (resourceKey{}) {
-		return rc.resources
-	}
-
-	return rc.Context.Value(key)
-}
-
-// AuthorizedResources returns the list of resources which have
-// been authorized for this request.
-func AuthorizedResources(ctx context.Context) []Resource {
-	if resources, ok := ctx.Value(resourceKey{}).([]Resource); ok {
-		return resources
-	}
-
-	return nil
-}
-
-// InitFunc is the type of an AccessController factory function and is used
-// to register the constructor for different AccesController backends.
-type InitFunc func(options map[string]interface{}) (AccessController, error)
-
-var accessControllers map[string]InitFunc
-
-func init() {
-	accessControllers = make(map[string]InitFunc)
-}
-
-// Register is used to register an InitFunc for
-// an AccessController backend with the given name.
-func Register(name string, initFunc InitFunc) error {
-	if _, exists := accessControllers[name]; exists {
-		return fmt.Errorf("name already registered: %s", name)
-	}
-
-	accessControllers[name] = initFunc
-
-	return nil
-}
-
-// GetAccessController constructs an AccessController
-// with the given options using the named backend.
-func GetAccessController(name string, options map[string]interface{}) (AccessController, error) {
-	if initFunc, exists := accessControllers[name]; exists {
-		return initFunc(options)
-	}
-
-	return nil, fmt.Errorf("no access controller registered with name: %s", name)
-}
diff --git a/vendor/github.com/docker/distribution/registry/auth/htpasswd/access.go b/vendor/github.com/docker/distribution/registry/auth/htpasswd/access.go
deleted file mode 100644
index 2611a23be..000000000
--- a/vendor/github.com/docker/distribution/registry/auth/htpasswd/access.go
+++ /dev/null
@@ -1,160 +0,0 @@
-// Package htpasswd provides a simple authentication scheme that checks for the
-// user credential hash in an htpasswd formatted file in a configuration-determined
-// location.
-//
-// This authentication method MUST be used under TLS, as simple token-replay attack is possible.
-package htpasswd
-
-import (
-	"context"
-	"crypto/rand"
-	"encoding/base64"
-	"fmt"
-	"net/http"
-	"os"
-	"path/filepath"
-	"sync"
-	"time"
-
-	"golang.org/x/crypto/bcrypt"
-
-	dcontext "github.com/docker/distribution/context"
-	"github.com/docker/distribution/registry/auth"
-)
-
-type accessController struct {
-	realm    string
-	path     string
-	modtime  time.Time
-	mu       sync.Mutex
-	htpasswd *htpasswd
-}
-
-var _ auth.AccessController = &accessController{}
-
-func newAccessController(options map[string]interface{}) (auth.AccessController, error) {
-	realm, present := options["realm"]
-	if _, ok := realm.(string); !present || !ok {
-		return nil, fmt.Errorf(`"realm" must be set for htpasswd access controller`)
-	}
-
-	pathOpt, present := options["path"]
-	path, ok := pathOpt.(string)
-	if !present || !ok {
-		return nil, fmt.Errorf(`"path" must be set for htpasswd access controller`)
-	}
-	if err := createHtpasswdFile(path); err != nil {
-		return nil, err
-	}
-	return &accessController{realm: realm.(string), path: path}, nil
-}
-
-func (ac *accessController) Authorized(ctx context.Context, accessRecords ...auth.Access) (context.Context, error) {
-	req, err := dcontext.GetRequest(ctx)
-	if err != nil {
-		return nil, err
-	}
-
-	username, password, ok := req.BasicAuth()
-	if !ok {
-		return nil, &challenge{
-			realm: ac.realm,
-			err:   auth.ErrInvalidCredential,
-		}
-	}
-
-	// Dynamically parsing the latest account list
-	fstat, err := os.Stat(ac.path)
-	if err != nil {
-		return nil, err
-	}
-
-	lastModified := fstat.ModTime()
-	ac.mu.Lock()
-	if ac.htpasswd == nil || !ac.modtime.Equal(lastModified) {
-		ac.modtime = lastModified
-
-		f, err := os.Open(ac.path)
-		if err != nil {
-			ac.mu.Unlock()
-			return nil, err
-		}
-		defer f.Close()
-
-		h, err := newHTPasswd(f)
-		if err != nil {
-			ac.mu.Unlock()
-			return nil, err
-		}
-		ac.htpasswd = h
-	}
-	localHTPasswd := ac.htpasswd
-	ac.mu.Unlock()
-
-	if err := localHTPasswd.authenticateUser(username, password); err != nil {
-		dcontext.GetLogger(ctx).Errorf("error authenticating user %q: %v", username, err)
-		return nil, &challenge{
-			realm: ac.realm,
-			err:   auth.ErrAuthenticationFailure,
-		}
-	}
-
-	return auth.WithUser(ctx, auth.UserInfo{Name: username}), nil
-}
-
-// challenge implements the auth.Challenge interface.
-type challenge struct {
-	realm string
-	err   error
-}
-
-var _ auth.Challenge = challenge{}
-
-// SetHeaders sets the basic challenge header on the response.
-func (ch challenge) SetHeaders(r *http.Request, w http.ResponseWriter) {
-	w.Header().Set("WWW-Authenticate", fmt.Sprintf("Basic realm=%q", ch.realm))
-}
-
-func (ch challenge) Error() string {
-	return fmt.Sprintf("basic authentication challenge for realm %q: %s", ch.realm, ch.err)
-}
-
-// createHtpasswdFile creates and populates htpasswd file with a new user in case the file is missing
-func createHtpasswdFile(path string) error {
-	if f, err := os.Open(path); err == nil {
-		f.Close()
-		return nil
-	} else if !os.IsNotExist(err) {
-		return err
-	}
-
-	if err := os.MkdirAll(filepath.Dir(path), 0700); err != nil {
-		return err
-	}
-	f, err := os.OpenFile(path, os.O_WRONLY|os.O_CREATE, 0600)
-	if err != nil {
-		return fmt.Errorf("failed to open htpasswd path %s", err)
-	}
-	defer f.Close()
-	var secretBytes [32]byte
-	if _, err := rand.Read(secretBytes[:]); err != nil {
-		return err
-	}
-	pass := base64.RawURLEncoding.EncodeToString(secretBytes[:])
-	encryptedPass, err := bcrypt.GenerateFromPassword([]byte(pass), bcrypt.DefaultCost)
-	if err != nil {
-		return err
-	}
-	if _, err := f.Write([]byte(fmt.Sprintf("docker:%s", string(encryptedPass[:])))); err != nil {
-		return err
-	}
-	dcontext.GetLoggerWithFields(context.Background(), map[interface{}]interface{}{
-		"user":     "docker",
-		"password": pass,
-	}).Warnf("htpasswd is missing, provisioning with default user")
-	return nil
-}
-
-func init() {
-	auth.Register("htpasswd", auth.InitFunc(newAccessController))
-}
diff --git a/vendor/github.com/docker/distribution/registry/auth/htpasswd/htpasswd.go b/vendor/github.com/docker/distribution/registry/auth/htpasswd/htpasswd.go
deleted file mode 100644
index 832051609..000000000
--- a/vendor/github.com/docker/distribution/registry/auth/htpasswd/htpasswd.go
+++ /dev/null
@@ -1,82 +0,0 @@
-package htpasswd
-
-import (
-	"bufio"
-	"fmt"
-	"io"
-	"strings"
-
-	"github.com/docker/distribution/registry/auth"
-
-	"golang.org/x/crypto/bcrypt"
-)
-
-// htpasswd holds a path to a system .htpasswd file and the machinery to parse
-// it. Only bcrypt hash entries are supported.
-type htpasswd struct {
-	entries map[string][]byte // maps username to password byte slice.
-}
-
-// newHTPasswd parses the reader and returns an htpasswd or an error.
-func newHTPasswd(rd io.Reader) (*htpasswd, error) {
-	entries, err := parseHTPasswd(rd)
-	if err != nil {
-		return nil, err
-	}
-
-	return &htpasswd{entries: entries}, nil
-}
-
-// AuthenticateUser checks a given user:password credential against the
-// receiving HTPasswd's file. If the check passes, nil is returned.
-func (htpasswd *htpasswd) authenticateUser(username string, password string) error {
-	credentials, ok := htpasswd.entries[username]
-	if !ok {
-		// timing attack paranoia
-		bcrypt.CompareHashAndPassword([]byte{}, []byte(password))
-
-		return auth.ErrAuthenticationFailure
-	}
-
-	err := bcrypt.CompareHashAndPassword(credentials, []byte(password))
-	if err != nil {
-		return auth.ErrAuthenticationFailure
-	}
-
-	return nil
-}
-
-// parseHTPasswd parses the contents of htpasswd. This will read all the
-// entries in the file, whether or not they are needed. An error is returned
-// if a syntax errors are encountered or if the reader fails.
-func parseHTPasswd(rd io.Reader) (map[string][]byte, error) {
-	entries := map[string][]byte{}
-	scanner := bufio.NewScanner(rd)
-	var line int
-	for scanner.Scan() {
-		line++ // 1-based line numbering
-		t := strings.TrimSpace(scanner.Text())
-
-		if len(t) < 1 {
-			continue
-		}
-
-		// lines that *begin* with a '#' are considered comments
-		if t[0] == '#' {
-			continue
-		}
-
-		i := strings.Index(t, ":")
-		if i < 0 || i >= len(t) {
-			return nil, fmt.Errorf("htpasswd: invalid entry at line %d: %q", line, scanner.Text())
-		}
-
-		entries[t[:i]] = []byte(t[i+1:])
-	}
-
-	if err := scanner.Err(); err != nil {
-		return nil, err
-	}
-
-	return entries, nil
-}
diff --git a/vendor/github.com/docker/distribution/registry/auth/silly/access.go b/vendor/github.com/docker/distribution/registry/auth/silly/access.go
deleted file mode 100644
index 3ead560df..000000000
--- a/vendor/github.com/docker/distribution/registry/auth/silly/access.go
+++ /dev/null
@@ -1,102 +0,0 @@
-// Package silly provides a simple authentication scheme that checks for the
-// existence of an Authorization header and issues access if is present and
-// non-empty.
-//
-// This package is present as an example implementation of a minimal
-// auth.AccessController and for testing. This is not suitable for any kind of
-// production security.
-package silly
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"strings"
-
-	dcontext "github.com/docker/distribution/context"
-	"github.com/docker/distribution/registry/auth"
-)
-
-// accessController provides a simple implementation of auth.AccessController
-// that simply checks for a non-empty Authorization header. It is useful for
-// demonstration and testing.
-type accessController struct {
-	realm   string
-	service string
-}
-
-var _ auth.AccessController = &accessController{}
-
-func newAccessController(options map[string]interface{}) (auth.AccessController, error) {
-	realm, present := options["realm"]
-	if _, ok := realm.(string); !present || !ok {
-		return nil, fmt.Errorf(`"realm" must be set for silly access controller`)
-	}
-
-	service, present := options["service"]
-	if _, ok := service.(string); !present || !ok {
-		return nil, fmt.Errorf(`"service" must be set for silly access controller`)
-	}
-
-	return &accessController{realm: realm.(string), service: service.(string)}, nil
-}
-
-// Authorized simply checks for the existence of the authorization header,
-// responding with a bearer challenge if it doesn't exist.
-func (ac *accessController) Authorized(ctx context.Context, accessRecords ...auth.Access) (context.Context, error) {
-	req, err := dcontext.GetRequest(ctx)
-	if err != nil {
-		return nil, err
-	}
-
-	if req.Header.Get("Authorization") == "" {
-		challenge := challenge{
-			realm:   ac.realm,
-			service: ac.service,
-		}
-
-		if len(accessRecords) > 0 {
-			var scopes []string
-			for _, access := range accessRecords {
-				scopes = append(scopes, fmt.Sprintf("%s:%s:%s", access.Type, access.Resource.Name, access.Action))
-			}
-			challenge.scope = strings.Join(scopes, " ")
-		}
-
-		return nil, &challenge
-	}
-
-	ctx = auth.WithUser(ctx, auth.UserInfo{Name: "silly"})
-	ctx = dcontext.WithLogger(ctx, dcontext.GetLogger(ctx, auth.UserNameKey, auth.UserKey))
-
-	return ctx, nil
-
-}
-
-type challenge struct {
-	realm   string
-	service string
-	scope   string
-}
-
-var _ auth.Challenge = challenge{}
-
-// SetHeaders sets a simple bearer challenge on the response.
-func (ch challenge) SetHeaders(r *http.Request, w http.ResponseWriter) {
-	header := fmt.Sprintf("Bearer realm=%q,service=%q", ch.realm, ch.service)
-
-	if ch.scope != "" {
-		header = fmt.Sprintf("%s,scope=%q", header, ch.scope)
-	}
-
-	w.Header().Set("WWW-Authenticate", header)
-}
-
-func (ch challenge) Error() string {
-	return fmt.Sprintf("silly authentication challenge: %#v", ch)
-}
-
-// init registers the silly auth backend.
-func init() {
-	auth.Register("silly", auth.InitFunc(newAccessController))
-}
diff --git a/vendor/github.com/docker/distribution/registry/auth/token/accesscontroller.go b/vendor/github.com/docker/distribution/registry/auth/token/accesscontroller.go
deleted file mode 100644
index fa924f0be..000000000
--- a/vendor/github.com/docker/distribution/registry/auth/token/accesscontroller.go
+++ /dev/null
@@ -1,293 +0,0 @@
-package token
-
-import (
-	"context"
-	"crypto"
-	"crypto/x509"
-	"encoding/pem"
-	"errors"
-	"fmt"
-	"io/ioutil"
-	"net/http"
-	"os"
-	"strings"
-
-	dcontext "github.com/docker/distribution/context"
-	"github.com/docker/distribution/registry/auth"
-	"github.com/docker/libtrust"
-)
-
-// accessSet maps a typed, named resource to
-// a set of actions requested or authorized.
-type accessSet map[auth.Resource]actionSet
-
-// newAccessSet constructs an accessSet from
-// a variable number of auth.Access items.
-func newAccessSet(accessItems ...auth.Access) accessSet {
-	accessSet := make(accessSet, len(accessItems))
-
-	for _, access := range accessItems {
-		resource := auth.Resource{
-			Type: access.Type,
-			Name: access.Name,
-		}
-
-		set, exists := accessSet[resource]
-		if !exists {
-			set = newActionSet()
-			accessSet[resource] = set
-		}
-
-		set.add(access.Action)
-	}
-
-	return accessSet
-}
-
-// contains returns whether or not the given access is in this accessSet.
-func (s accessSet) contains(access auth.Access) bool {
-	actionSet, ok := s[access.Resource]
-	if ok {
-		return actionSet.contains(access.Action)
-	}
-
-	return false
-}
-
-// scopeParam returns a collection of scopes which can
-// be used for a WWW-Authenticate challenge parameter.
-// See https://tools.ietf.org/html/rfc6750#section-3
-func (s accessSet) scopeParam() string {
-	scopes := make([]string, 0, len(s))
-
-	for resource, actionSet := range s {
-		actions := strings.Join(actionSet.keys(), ",")
-		scopes = append(scopes, fmt.Sprintf("%s:%s:%s", resource.Type, resource.Name, actions))
-	}
-
-	return strings.Join(scopes, " ")
-}
-
-// Errors used and exported by this package.
-var (
-	ErrInsufficientScope = errors.New("insufficient scope")
-	ErrTokenRequired     = errors.New("authorization token required")
-)
-
-// authChallenge implements the auth.Challenge interface.
-type authChallenge struct {
-	err          error
-	realm        string
-	autoRedirect bool
-	service      string
-	accessSet    accessSet
-}
-
-var _ auth.Challenge = authChallenge{}
-
-// Error returns the internal error string for this authChallenge.
-func (ac authChallenge) Error() string {
-	return ac.err.Error()
-}
-
-// Status returns the HTTP Response Status Code for this authChallenge.
-func (ac authChallenge) Status() int {
-	return http.StatusUnauthorized
-}
-
-// challengeParams constructs the value to be used in
-// the WWW-Authenticate response challenge header.
-// See https://tools.ietf.org/html/rfc6750#section-3
-func (ac authChallenge) challengeParams(r *http.Request) string {
-	var realm string
-	if ac.autoRedirect {
-		realm = fmt.Sprintf("https://%s/auth/token", r.Host)
-	} else {
-		realm = ac.realm
-	}
-	str := fmt.Sprintf("Bearer realm=%q,service=%q", realm, ac.service)
-
-	if scope := ac.accessSet.scopeParam(); scope != "" {
-		str = fmt.Sprintf("%s,scope=%q", str, scope)
-	}
-
-	if ac.err == ErrInvalidToken || ac.err == ErrMalformedToken {
-		str = fmt.Sprintf("%s,error=%q", str, "invalid_token")
-	} else if ac.err == ErrInsufficientScope {
-		str = fmt.Sprintf("%s,error=%q", str, "insufficient_scope")
-	}
-
-	return str
-}
-
-// SetChallenge sets the WWW-Authenticate value for the response.
-func (ac authChallenge) SetHeaders(r *http.Request, w http.ResponseWriter) {
-	w.Header().Add("WWW-Authenticate", ac.challengeParams(r))
-}
-
-// accessController implements the auth.AccessController interface.
-type accessController struct {
-	realm        string
-	autoRedirect bool
-	issuer       string
-	service      string
-	rootCerts    *x509.CertPool
-	trustedKeys  map[string]libtrust.PublicKey
-}
-
-// tokenAccessOptions is a convenience type for handling
-// options to the contstructor of an accessController.
-type tokenAccessOptions struct {
-	realm          string
-	autoRedirect   bool
-	issuer         string
-	service        string
-	rootCertBundle string
-}
-
-// checkOptions gathers the necessary options
-// for an accessController from the given map.
-func checkOptions(options map[string]interface{}) (tokenAccessOptions, error) {
-	var opts tokenAccessOptions
-
-	keys := []string{"realm", "issuer", "service", "rootcertbundle"}
-	vals := make([]string, 0, len(keys))
-	for _, key := range keys {
-		val, ok := options[key].(string)
-		if !ok {
-			return opts, fmt.Errorf("token auth requires a valid option string: %q", key)
-		}
-		vals = append(vals, val)
-	}
-
-	opts.realm, opts.issuer, opts.service, opts.rootCertBundle = vals[0], vals[1], vals[2], vals[3]
-
-	autoRedirectVal, ok := options["autoredirect"]
-	if ok {
-		autoRedirect, ok := autoRedirectVal.(bool)
-		if !ok {
-			return opts, fmt.Errorf("token auth requires a valid option bool: autoredirect")
-		}
-		opts.autoRedirect = autoRedirect
-	}
-
-	return opts, nil
-}
-
-// newAccessController creates an accessController using the given options.
-func newAccessController(options map[string]interface{}) (auth.AccessController, error) {
-	config, err := checkOptions(options)
-	if err != nil {
-		return nil, err
-	}
-
-	fp, err := os.Open(config.rootCertBundle)
-	if err != nil {
-		return nil, fmt.Errorf("unable to open token auth root certificate bundle file %q: %s", config.rootCertBundle, err)
-	}
-	defer fp.Close()
-
-	rawCertBundle, err := ioutil.ReadAll(fp)
-	if err != nil {
-		return nil, fmt.Errorf("unable to read token auth root certificate bundle file %q: %s", config.rootCertBundle, err)
-	}
-
-	var rootCerts []*x509.Certificate
-	pemBlock, rawCertBundle := pem.Decode(rawCertBundle)
-	for pemBlock != nil {
-		if pemBlock.Type == "CERTIFICATE" {
-			cert, err := x509.ParseCertificate(pemBlock.Bytes)
-			if err != nil {
-				return nil, fmt.Errorf("unable to parse token auth root certificate: %s", err)
-			}
-
-			rootCerts = append(rootCerts, cert)
-		}
-
-		pemBlock, rawCertBundle = pem.Decode(rawCertBundle)
-	}
-
-	if len(rootCerts) == 0 {
-		return nil, errors.New("token auth requires at least one token signing root certificate")
-	}
-
-	rootPool := x509.NewCertPool()
-	trustedKeys := make(map[string]libtrust.PublicKey, len(rootCerts))
-	for _, rootCert := range rootCerts {
-		rootPool.AddCert(rootCert)
-		pubKey, err := libtrust.FromCryptoPublicKey(crypto.PublicKey(rootCert.PublicKey))
-		if err != nil {
-			return nil, fmt.Errorf("unable to get public key from token auth root certificate: %s", err)
-		}
-		trustedKeys[pubKey.KeyID()] = pubKey
-	}
-
-	return &accessController{
-		realm:        config.realm,
-		autoRedirect: config.autoRedirect,
-		issuer:       config.issuer,
-		service:      config.service,
-		rootCerts:    rootPool,
-		trustedKeys:  trustedKeys,
-	}, nil
-}
-
-// Authorized handles checking whether the given request is authorized
-// for actions on resources described by the given access items.
-func (ac *accessController) Authorized(ctx context.Context, accessItems ...auth.Access) (context.Context, error) {
-	challenge := &authChallenge{
-		realm:        ac.realm,
-		autoRedirect: ac.autoRedirect,
-		service:      ac.service,
-		accessSet:    newAccessSet(accessItems...),
-	}
-
-	req, err := dcontext.GetRequest(ctx)
-	if err != nil {
-		return nil, err
-	}
-
-	parts := strings.Split(req.Header.Get("Authorization"), " ")
-
-	if len(parts) != 2 || strings.ToLower(parts[0]) != "bearer" {
-		challenge.err = ErrTokenRequired
-		return nil, challenge
-	}
-
-	rawToken := parts[1]
-
-	token, err := NewToken(rawToken)
-	if err != nil {
-		challenge.err = err
-		return nil, challenge
-	}
-
-	verifyOpts := VerifyOptions{
-		TrustedIssuers:    []string{ac.issuer},
-		AcceptedAudiences: []string{ac.service},
-		Roots:             ac.rootCerts,
-		TrustedKeys:       ac.trustedKeys,
-	}
-
-	if err = token.Verify(verifyOpts); err != nil {
-		challenge.err = err
-		return nil, challenge
-	}
-
-	accessSet := token.accessSet()
-	for _, access := range accessItems {
-		if !accessSet.contains(access) {
-			challenge.err = ErrInsufficientScope
-			return nil, challenge
-		}
-	}
-
-	ctx = auth.WithResources(ctx, token.resources())
-
-	return auth.WithUser(ctx, auth.UserInfo{Name: token.Claims.Subject}), nil
-}
-
-// init handles registering the token auth backend.
-func init() {
-	auth.Register("token", auth.InitFunc(newAccessController))
-}
diff --git a/vendor/github.com/docker/distribution/registry/auth/token/stringset.go b/vendor/github.com/docker/distribution/registry/auth/token/stringset.go
deleted file mode 100644
index 1d04f104c..000000000
--- a/vendor/github.com/docker/distribution/registry/auth/token/stringset.go
+++ /dev/null
@@ -1,35 +0,0 @@
-package token
-
-// StringSet is a useful type for looking up strings.
-type stringSet map[string]struct{}
-
-// NewStringSet creates a new StringSet with the given strings.
-func newStringSet(keys ...string) stringSet {
-	ss := make(stringSet, len(keys))
-	ss.add(keys...)
-	return ss
-}
-
-// Add inserts the given keys into this StringSet.
-func (ss stringSet) add(keys ...string) {
-	for _, key := range keys {
-		ss[key] = struct{}{}
-	}
-}
-
-// Contains returns whether the given key is in this StringSet.
-func (ss stringSet) contains(key string) bool {
-	_, ok := ss[key]
-	return ok
-}
-
-// Keys returns a slice of all keys in this StringSet.
-func (ss stringSet) keys() []string {
-	keys := make([]string, 0, len(ss))
-
-	for key := range ss {
-		keys = append(keys, key)
-	}
-
-	return keys
-}
diff --git a/vendor/github.com/docker/distribution/registry/auth/token/token.go b/vendor/github.com/docker/distribution/registry/auth/token/token.go
deleted file mode 100644
index f803415fe..000000000
--- a/vendor/github.com/docker/distribution/registry/auth/token/token.go
+++ /dev/null
@@ -1,380 +0,0 @@
-package token
-
-import (
-	"crypto"
-	"crypto/x509"
-	"encoding/base64"
-	"encoding/json"
-	"errors"
-	"fmt"
-	"strings"
-	"time"
-
-	"github.com/docker/libtrust"
-	log "github.com/sirupsen/logrus"
-
-	"github.com/docker/distribution/registry/auth"
-)
-
-const (
-	// TokenSeparator is the value which separates the header, claims, and
-	// signature in the compact serialization of a JSON Web Token.
-	TokenSeparator = "."
-	// Leeway is the Duration that will be added to NBF and EXP claim
-	// checks to account for clock skew as per https://tools.ietf.org/html/rfc7519#section-4.1.5
-	Leeway = 60 * time.Second
-)
-
-// Errors used by token parsing and verification.
-var (
-	ErrMalformedToken = errors.New("malformed token")
-	ErrInvalidToken   = errors.New("invalid token")
-)
-
-// ResourceActions stores allowed actions on a named and typed resource.
-type ResourceActions struct {
-	Type    string   `json:"type"`
-	Class   string   `json:"class,omitempty"`
-	Name    string   `json:"name"`
-	Actions []string `json:"actions"`
-}
-
-// ClaimSet describes the main section of a JSON Web Token.
-type ClaimSet struct {
-	// Public claims
-	Issuer     string `json:"iss"`
-	Subject    string `json:"sub"`
-	Audience   string `json:"aud"`
-	Expiration int64  `json:"exp"`
-	NotBefore  int64  `json:"nbf"`
-	IssuedAt   int64  `json:"iat"`
-	JWTID      string `json:"jti"`
-
-	// Private claims
-	Access []*ResourceActions `json:"access"`
-}
-
-// Header describes the header section of a JSON Web Token.
-type Header struct {
-	Type       string           `json:"typ"`
-	SigningAlg string           `json:"alg"`
-	KeyID      string           `json:"kid,omitempty"`
-	X5c        []string         `json:"x5c,omitempty"`
-	RawJWK     *json.RawMessage `json:"jwk,omitempty"`
-}
-
-// Token describes a JSON Web Token.
-type Token struct {
-	Raw       string
-	Header    *Header
-	Claims    *ClaimSet
-	Signature []byte
-}
-
-// VerifyOptions is used to specify
-// options when verifying a JSON Web Token.
-type VerifyOptions struct {
-	TrustedIssuers    []string
-	AcceptedAudiences []string
-	Roots             *x509.CertPool
-	TrustedKeys       map[string]libtrust.PublicKey
-}
-
-// NewToken parses the given raw token string
-// and constructs an unverified JSON Web Token.
-func NewToken(rawToken string) (*Token, error) {
-	parts := strings.Split(rawToken, TokenSeparator)
-	if len(parts) != 3 {
-		return nil, ErrMalformedToken
-	}
-
-	var (
-		rawHeader, rawClaims   = parts[0], parts[1]
-		headerJSON, claimsJSON []byte
-		err                    error
-	)
-
-	defer func() {
-		if err != nil {
-			log.Infof("error while unmarshalling raw token: %s", err)
-		}
-	}()
-
-	if headerJSON, err = joseBase64UrlDecode(rawHeader); err != nil {
-		err = fmt.Errorf("unable to decode header: %s", err)
-		return nil, ErrMalformedToken
-	}
-
-	if claimsJSON, err = joseBase64UrlDecode(rawClaims); err != nil {
-		err = fmt.Errorf("unable to decode claims: %s", err)
-		return nil, ErrMalformedToken
-	}
-
-	token := new(Token)
-	token.Header = new(Header)
-	token.Claims = new(ClaimSet)
-
-	token.Raw = strings.Join(parts[:2], TokenSeparator)
-	if token.Signature, err = joseBase64UrlDecode(parts[2]); err != nil {
-		err = fmt.Errorf("unable to decode signature: %s", err)
-		return nil, ErrMalformedToken
-	}
-
-	if err = json.Unmarshal(headerJSON, token.Header); err != nil {
-		return nil, ErrMalformedToken
-	}
-
-	if err = json.Unmarshal(claimsJSON, token.Claims); err != nil {
-		return nil, ErrMalformedToken
-	}
-
-	return token, nil
-}
-
-// Verify attempts to verify this token using the given options.
-// Returns a nil error if the token is valid.
-func (t *Token) Verify(verifyOpts VerifyOptions) error {
-	// Verify that the Issuer claim is a trusted authority.
-	if !contains(verifyOpts.TrustedIssuers, t.Claims.Issuer) {
-		log.Infof("token from untrusted issuer: %q", t.Claims.Issuer)
-		return ErrInvalidToken
-	}
-
-	// Verify that the Audience claim is allowed.
-	if !contains(verifyOpts.AcceptedAudiences, t.Claims.Audience) {
-		log.Infof("token intended for another audience: %q", t.Claims.Audience)
-		return ErrInvalidToken
-	}
-
-	// Verify that the token is currently usable and not expired.
-	currentTime := time.Now()
-
-	ExpWithLeeway := time.Unix(t.Claims.Expiration, 0).Add(Leeway)
-	if currentTime.After(ExpWithLeeway) {
-		log.Infof("token not to be used after %s - currently %s", ExpWithLeeway, currentTime)
-		return ErrInvalidToken
-	}
-
-	NotBeforeWithLeeway := time.Unix(t.Claims.NotBefore, 0).Add(-Leeway)
-	if currentTime.Before(NotBeforeWithLeeway) {
-		log.Infof("token not to be used before %s - currently %s", NotBeforeWithLeeway, currentTime)
-		return ErrInvalidToken
-	}
-
-	// Verify the token signature.
-	if len(t.Signature) == 0 {
-		log.Info("token has no signature")
-		return ErrInvalidToken
-	}
-
-	// Verify that the signing key is trusted.
-	signingKey, err := t.VerifySigningKey(verifyOpts)
-	if err != nil {
-		log.Info(err)
-		return ErrInvalidToken
-	}
-
-	// Finally, verify the signature of the token using the key which signed it.
-	if err := signingKey.Verify(strings.NewReader(t.Raw), t.Header.SigningAlg, t.Signature); err != nil {
-		log.Infof("unable to verify token signature: %s", err)
-		return ErrInvalidToken
-	}
-
-	return nil
-}
-
-// VerifySigningKey attempts to get the key which was used to sign this token.
-// The token header should contain either of these 3 fields:
-//
-//	`x5c` - The x509 certificate chain for the signing key. Needs to be
-//	        verified.
-//	`jwk` - The JSON Web Key representation of the signing key.
-//	        May contain its own `x5c` field which needs to be verified.
-//	`kid` - The unique identifier for the key. This library interprets it
-//	        as a libtrust fingerprint. The key itself can be looked up in
-//	        the trustedKeys field of the given verify options.
-//
-// Each of these methods are tried in that order of preference until the
-// signing key is found or an error is returned.
-func (t *Token) VerifySigningKey(verifyOpts VerifyOptions) (signingKey libtrust.PublicKey, err error) {
-	// First attempt to get an x509 certificate chain from the header.
-	var (
-		x5c    = t.Header.X5c
-		rawJWK = t.Header.RawJWK
-		keyID  = t.Header.KeyID
-	)
-
-	switch {
-	case len(x5c) > 0:
-		signingKey, err = parseAndVerifyCertChain(x5c, verifyOpts.Roots)
-	case rawJWK != nil:
-		signingKey, err = parseAndVerifyRawJWK(rawJWK, verifyOpts)
-	case len(keyID) > 0:
-		signingKey = verifyOpts.TrustedKeys[keyID]
-		if signingKey == nil {
-			err = fmt.Errorf("token signed by untrusted key with ID: %q", keyID)
-		}
-	default:
-		err = errors.New("unable to get token signing key")
-	}
-
-	return
-}
-
-func parseAndVerifyCertChain(x5c []string, roots *x509.CertPool) (leafKey libtrust.PublicKey, err error) {
-	if len(x5c) == 0 {
-		return nil, errors.New("empty x509 certificate chain")
-	}
-
-	// Ensure the first element is encoded correctly.
-	leafCertDer, err := base64.StdEncoding.DecodeString(x5c[0])
-	if err != nil {
-		return nil, fmt.Errorf("unable to decode leaf certificate: %s", err)
-	}
-
-	// And that it is a valid x509 certificate.
-	leafCert, err := x509.ParseCertificate(leafCertDer)
-	if err != nil {
-		return nil, fmt.Errorf("unable to parse leaf certificate: %s", err)
-	}
-
-	// The rest of the certificate chain are intermediate certificates.
-	intermediates := x509.NewCertPool()
-	for i := 1; i < len(x5c); i++ {
-		intermediateCertDer, err := base64.StdEncoding.DecodeString(x5c[i])
-		if err != nil {
-			return nil, fmt.Errorf("unable to decode intermediate certificate: %s", err)
-		}
-
-		intermediateCert, err := x509.ParseCertificate(intermediateCertDer)
-		if err != nil {
-			return nil, fmt.Errorf("unable to parse intermediate certificate: %s", err)
-		}
-
-		intermediates.AddCert(intermediateCert)
-	}
-
-	verifyOpts := x509.VerifyOptions{
-		Intermediates: intermediates,
-		Roots:         roots,
-		KeyUsages:     []x509.ExtKeyUsage{x509.ExtKeyUsageAny},
-	}
-
-	// TODO: this call returns certificate chains which we ignore for now, but
-	// we should check them for revocations if we have the ability later.
-	if _, err = leafCert.Verify(verifyOpts); err != nil {
-		return nil, fmt.Errorf("unable to verify certificate chain: %s", err)
-	}
-
-	// Get the public key from the leaf certificate.
-	leafCryptoKey, ok := leafCert.PublicKey.(crypto.PublicKey)
-	if !ok {
-		return nil, errors.New("unable to get leaf cert public key value")
-	}
-
-	leafKey, err = libtrust.FromCryptoPublicKey(leafCryptoKey)
-	if err != nil {
-		return nil, fmt.Errorf("unable to make libtrust public key from leaf certificate: %s", err)
-	}
-
-	return
-}
-
-func parseAndVerifyRawJWK(rawJWK *json.RawMessage, verifyOpts VerifyOptions) (pubKey libtrust.PublicKey, err error) {
-	pubKey, err = libtrust.UnmarshalPublicKeyJWK([]byte(*rawJWK))
-	if err != nil {
-		return nil, fmt.Errorf("unable to decode raw JWK value: %s", err)
-	}
-
-	// Check to see if the key includes a certificate chain.
-	x5cVal, ok := pubKey.GetExtendedField("x5c").([]interface{})
-	if !ok {
-		// The JWK should be one of the trusted root keys.
-		if _, trusted := verifyOpts.TrustedKeys[pubKey.KeyID()]; !trusted {
-			return nil, errors.New("untrusted JWK with no certificate chain")
-		}
-
-		// The JWK is one of the trusted keys.
-		return
-	}
-
-	// Ensure each item in the chain is of the correct type.
-	x5c := make([]string, len(x5cVal))
-	for i, val := range x5cVal {
-		certString, ok := val.(string)
-		if !ok || len(certString) == 0 {
-			return nil, errors.New("malformed certificate chain")
-		}
-		x5c[i] = certString
-	}
-
-	// Ensure that the x509 certificate chain can
-	// be verified up to one of our trusted roots.
-	leafKey, err := parseAndVerifyCertChain(x5c, verifyOpts.Roots)
-	if err != nil {
-		return nil, fmt.Errorf("could not verify JWK certificate chain: %s", err)
-	}
-
-	// Verify that the public key in the leaf cert *is* the signing key.
-	if pubKey.KeyID() != leafKey.KeyID() {
-		return nil, errors.New("leaf certificate public key ID does not match JWK key ID")
-	}
-
-	return
-}
-
-// accessSet returns a set of actions available for the resource
-// actions listed in the `access` section of this token.
-func (t *Token) accessSet() accessSet {
-	if t.Claims == nil {
-		return nil
-	}
-
-	accessSet := make(accessSet, len(t.Claims.Access))
-
-	for _, resourceActions := range t.Claims.Access {
-		resource := auth.Resource{
-			Type: resourceActions.Type,
-			Name: resourceActions.Name,
-		}
-
-		set, exists := accessSet[resource]
-		if !exists {
-			set = newActionSet()
-			accessSet[resource] = set
-		}
-
-		for _, action := range resourceActions.Actions {
-			set.add(action)
-		}
-	}
-
-	return accessSet
-}
-
-func (t *Token) resources() []auth.Resource {
-	if t.Claims == nil {
-		return nil
-	}
-
-	resourceSet := map[auth.Resource]struct{}{}
-	for _, resourceActions := range t.Claims.Access {
-		resource := auth.Resource{
-			Type:  resourceActions.Type,
-			Class: resourceActions.Class,
-			Name:  resourceActions.Name,
-		}
-		resourceSet[resource] = struct{}{}
-	}
-
-	resources := make([]auth.Resource, 0, len(resourceSet))
-	for resource := range resourceSet {
-		resources = append(resources, resource)
-	}
-
-	return resources
-}
-
-func (t *Token) compactRaw() string {
-	return fmt.Sprintf("%s.%s", t.Raw, joseBase64UrlEncode(t.Signature))
-}
diff --git a/vendor/github.com/docker/distribution/registry/auth/token/util.go b/vendor/github.com/docker/distribution/registry/auth/token/util.go
deleted file mode 100644
index d7f95be42..000000000
--- a/vendor/github.com/docker/distribution/registry/auth/token/util.go
+++ /dev/null
@@ -1,58 +0,0 @@
-package token
-
-import (
-	"encoding/base64"
-	"errors"
-	"strings"
-)
-
-// joseBase64UrlEncode encodes the given data using the standard base64 url
-// encoding format but with all trailing '=' characters omitted in accordance
-// with the jose specification.
-// http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-31#section-2
-func joseBase64UrlEncode(b []byte) string {
-	return strings.TrimRight(base64.URLEncoding.EncodeToString(b), "=")
-}
-
-// joseBase64UrlDecode decodes the given string using the standard base64 url
-// decoder but first adds the appropriate number of trailing '=' characters in
-// accordance with the jose specification.
-// http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-31#section-2
-func joseBase64UrlDecode(s string) ([]byte, error) {
-	switch len(s) % 4 {
-	case 0:
-	case 2:
-		s += "=="
-	case 3:
-		s += "="
-	default:
-		return nil, errors.New("illegal base64url string")
-	}
-	return base64.URLEncoding.DecodeString(s)
-}
-
-// actionSet is a special type of stringSet.
-type actionSet struct {
-	stringSet
-}
-
-func newActionSet(actions ...string) actionSet {
-	return actionSet{newStringSet(actions...)}
-}
-
-// Contains calls StringSet.Contains() for
-// either "*" or the given action string.
-func (s actionSet) contains(action string) bool {
-	return s.stringSet.contains("*") || s.stringSet.contains(action)
-}
-
-// contains returns true if q is found in ss.
-func contains(ss []string, q string) bool {
-	for _, s := range ss {
-		if s == q {
-			return true
-		}
-	}
-
-	return false
-}
diff --git a/vendor/github.com/docker/distribution/registry/doc.go b/vendor/github.com/docker/distribution/registry/doc.go
deleted file mode 100644
index a1ba7f3ab..000000000
--- a/vendor/github.com/docker/distribution/registry/doc.go
+++ /dev/null
@@ -1,2 +0,0 @@
-// Package registry provides the main entrypoints for running a registry.
-package registry
diff --git a/vendor/github.com/docker/distribution/registry/handlers/app.go b/vendor/github.com/docker/distribution/registry/handlers/app.go
deleted file mode 100644
index 8a30bd4de..000000000
--- a/vendor/github.com/docker/distribution/registry/handlers/app.go
+++ /dev/null
@@ -1,1080 +0,0 @@
-package handlers
-
-import (
-	"context"
-	"crypto/rand"
-	"expvar"
-	"fmt"
-	"math"
-	"math/big"
-	"net"
-	"net/http"
-	"net/url"
-	"os"
-	"regexp"
-	"runtime"
-	"strings"
-	"time"
-
-	"github.com/docker/distribution"
-	"github.com/docker/distribution/configuration"
-	dcontext "github.com/docker/distribution/context"
-	"github.com/docker/distribution/health"
-	"github.com/docker/distribution/health/checks"
-	prometheus "github.com/docker/distribution/metrics"
-	"github.com/docker/distribution/notifications"
-	"github.com/docker/distribution/reference"
-	"github.com/docker/distribution/registry/api/errcode"
-	v2 "github.com/docker/distribution/registry/api/v2"
-	"github.com/docker/distribution/registry/auth"
-	registrymiddleware "github.com/docker/distribution/registry/middleware/registry"
-	repositorymiddleware "github.com/docker/distribution/registry/middleware/repository"
-	"github.com/docker/distribution/registry/proxy"
-	"github.com/docker/distribution/registry/storage"
-	memorycache "github.com/docker/distribution/registry/storage/cache/memory"
-	rediscache "github.com/docker/distribution/registry/storage/cache/redis"
-	storagedriver "github.com/docker/distribution/registry/storage/driver"
-	"github.com/docker/distribution/registry/storage/driver/factory"
-	storagemiddleware "github.com/docker/distribution/registry/storage/driver/middleware"
-	"github.com/docker/distribution/version"
-	"github.com/docker/go-metrics"
-	"github.com/docker/libtrust"
-	"github.com/garyburd/redigo/redis"
-	"github.com/gorilla/mux"
-	"github.com/sirupsen/logrus"
-)
-
-// randomSecretSize is the number of random bytes to generate if no secret
-// was specified.
-const randomSecretSize = 32
-
-// defaultCheckInterval is the default time in between health checks
-const defaultCheckInterval = 10 * time.Second
-
-// App is a global registry application object. Shared resources can be placed
-// on this object that will be accessible from all requests. Any writable
-// fields should be protected.
-type App struct {
-	context.Context
-
-	Config *configuration.Configuration
-
-	router           *mux.Router                    // main application router, configured with dispatchers
-	driver           storagedriver.StorageDriver    // driver maintains the app global storage driver instance.
-	registry         distribution.Namespace         // registry is the primary registry backend for the app instance.
-	repoRemover      distribution.RepositoryRemover // repoRemover provides ability to delete repos
-	accessController auth.AccessController          // main access controller for application
-
-	// httpHost is a parsed representation of the http.host parameter from
-	// the configuration. Only the Scheme and Host fields are used.
-	httpHost url.URL
-
-	// events contains notification related configuration.
-	events struct {
-		sink   notifications.Sink
-		source notifications.SourceRecord
-	}
-
-	redis *redis.Pool
-
-	// trustKey is a deprecated key used to sign manifests converted to
-	// schema1 for backward compatibility. It should not be used for any
-	// other purposes.
-	trustKey libtrust.PrivateKey
-
-	// isCache is true if this registry is configured as a pull through cache
-	isCache bool
-
-	// readOnly is true if the registry is in a read-only maintenance mode
-	readOnly bool
-}
-
-// NewApp takes a configuration and returns a configured app, ready to serve
-// requests. The app only implements ServeHTTP and can be wrapped in other
-// handlers accordingly.
-func NewApp(ctx context.Context, config *configuration.Configuration) *App {
-	app := &App{
-		Config:  config,
-		Context: ctx,
-		router:  v2.RouterWithPrefix(config.HTTP.Prefix),
-		isCache: config.Proxy.RemoteURL != "",
-	}
-
-	// Register the handler dispatchers.
-	app.register(v2.RouteNameBase, func(ctx *Context, r *http.Request) http.Handler {
-		return http.HandlerFunc(apiBase)
-	})
-	app.register(v2.RouteNameManifest, manifestDispatcher)
-	app.register(v2.RouteNameCatalog, catalogDispatcher)
-	app.register(v2.RouteNameTags, tagsDispatcher)
-	app.register(v2.RouteNameBlob, blobDispatcher)
-	app.register(v2.RouteNameBlobUpload, blobUploadDispatcher)
-	app.register(v2.RouteNameBlobUploadChunk, blobUploadDispatcher)
-
-	// override the storage driver's UA string for registry outbound HTTP requests
-	storageParams := config.Storage.Parameters()
-	if storageParams == nil {
-		storageParams = make(configuration.Parameters)
-	}
-	storageParams["useragent"] = fmt.Sprintf("docker-distribution/%s %s", version.Version, runtime.Version())
-
-	var err error
-	app.driver, err = factory.Create(config.Storage.Type(), storageParams)
-	if err != nil {
-		// TODO(stevvooe): Move the creation of a service into a protected
-		// method, where this is created lazily. Its status can be queried via
-		// a health check.
-		panic(err)
-	}
-
-	purgeConfig := uploadPurgeDefaultConfig()
-	if mc, ok := config.Storage["maintenance"]; ok {
-		if v, ok := mc["uploadpurging"]; ok {
-			purgeConfig, ok = v.(map[interface{}]interface{})
-			if !ok {
-				panic("uploadpurging config key must contain additional keys")
-			}
-		}
-		if v, ok := mc["readonly"]; ok {
-			readOnly, ok := v.(map[interface{}]interface{})
-			if !ok {
-				panic("readonly config key must contain additional keys")
-			}
-			if readOnlyEnabled, ok := readOnly["enabled"]; ok {
-				app.readOnly, ok = readOnlyEnabled.(bool)
-				if !ok {
-					panic("readonly's enabled config key must have a boolean value")
-				}
-			}
-		}
-	}
-
-	startUploadPurger(app, app.driver, dcontext.GetLogger(app), purgeConfig)
-
-	app.driver, err = applyStorageMiddleware(app.driver, config.Middleware["storage"])
-	if err != nil {
-		panic(err)
-	}
-
-	app.configureSecret(config)
-	app.configureEvents(config)
-	app.configureRedis(config)
-	app.configureLogHook(config)
-
-	options := registrymiddleware.GetRegistryOptions()
-	if config.Compatibility.Schema1.TrustKey != "" {
-		app.trustKey, err = libtrust.LoadKeyFile(config.Compatibility.Schema1.TrustKey)
-		if err != nil {
-			panic(fmt.Sprintf(`could not load schema1 "signingkey" parameter: %v`, err))
-		}
-	} else {
-		// Generate an ephemeral key to be used for signing converted manifests
-		// for clients that don't support schema2.
-		app.trustKey, err = libtrust.GenerateECP256PrivateKey()
-		if err != nil {
-			panic(err)
-		}
-	}
-
-	options = append(options, storage.Schema1SigningKey(app.trustKey))
-
-	if config.Compatibility.Schema1.Enabled {
-		options = append(options, storage.EnableSchema1)
-	}
-
-	if config.HTTP.Host != "" {
-		u, err := url.Parse(config.HTTP.Host)
-		if err != nil {
-			panic(fmt.Sprintf(`could not parse http "host" parameter: %v`, err))
-		}
-		app.httpHost = *u
-	}
-
-	if app.isCache {
-		options = append(options, storage.DisableDigestResumption)
-	}
-
-	// configure deletion
-	if d, ok := config.Storage["delete"]; ok {
-		e, ok := d["enabled"]
-		if ok {
-			if deleteEnabled, ok := e.(bool); ok && deleteEnabled {
-				options = append(options, storage.EnableDelete)
-			}
-		}
-	}
-
-	// configure redirects
-	var redirectDisabled bool
-	if redirectConfig, ok := config.Storage["redirect"]; ok {
-		v := redirectConfig["disable"]
-		switch v := v.(type) {
-		case bool:
-			redirectDisabled = v
-		default:
-			panic(fmt.Sprintf("invalid type for redirect config: %#v", redirectConfig))
-		}
-	}
-	if redirectDisabled {
-		dcontext.GetLogger(app).Infof("backend redirection disabled")
-	} else {
-		options = append(options, storage.EnableRedirect)
-	}
-
-	if !config.Validation.Enabled {
-		config.Validation.Enabled = !config.Validation.Disabled
-	}
-
-	// configure validation
-	if config.Validation.Enabled {
-		if len(config.Validation.Manifests.URLs.Allow) == 0 && len(config.Validation.Manifests.URLs.Deny) == 0 {
-			// If Allow and Deny are empty, allow nothing.
-			options = append(options, storage.ManifestURLsAllowRegexp(regexp.MustCompile("^$")))
-		} else {
-			if len(config.Validation.Manifests.URLs.Allow) > 0 {
-				for i, s := range config.Validation.Manifests.URLs.Allow {
-					// Validate via compilation.
-					if _, err := regexp.Compile(s); err != nil {
-						panic(fmt.Sprintf("validation.manifests.urls.allow: %s", err))
-					}
-					// Wrap with non-capturing group.
-					config.Validation.Manifests.URLs.Allow[i] = fmt.Sprintf("(?:%s)", s)
-				}
-				re := regexp.MustCompile(strings.Join(config.Validation.Manifests.URLs.Allow, "|"))
-				options = append(options, storage.ManifestURLsAllowRegexp(re))
-			}
-			if len(config.Validation.Manifests.URLs.Deny) > 0 {
-				for i, s := range config.Validation.Manifests.URLs.Deny {
-					// Validate via compilation.
-					if _, err := regexp.Compile(s); err != nil {
-						panic(fmt.Sprintf("validation.manifests.urls.deny: %s", err))
-					}
-					// Wrap with non-capturing group.
-					config.Validation.Manifests.URLs.Deny[i] = fmt.Sprintf("(?:%s)", s)
-				}
-				re := regexp.MustCompile(strings.Join(config.Validation.Manifests.URLs.Deny, "|"))
-				options = append(options, storage.ManifestURLsDenyRegexp(re))
-			}
-		}
-	}
-
-	// configure storage caches
-	if cc, ok := config.Storage["cache"]; ok {
-		v, ok := cc["blobdescriptor"]
-		if !ok {
-			// Backwards compatible: "layerinfo" == "blobdescriptor"
-			v = cc["layerinfo"]
-		}
-
-		switch v {
-		case "redis":
-			if app.redis == nil {
-				panic("redis configuration required to use for layerinfo cache")
-			}
-			cacheProvider := rediscache.NewRedisBlobDescriptorCacheProvider(app.redis)
-			localOptions := append(options, storage.BlobDescriptorCacheProvider(cacheProvider))
-			app.registry, err = storage.NewRegistry(app, app.driver, localOptions...)
-			if err != nil {
-				panic("could not create registry: " + err.Error())
-			}
-			dcontext.GetLogger(app).Infof("using redis blob descriptor cache")
-		case "inmemory":
-			cacheProvider := memorycache.NewInMemoryBlobDescriptorCacheProvider()
-			localOptions := append(options, storage.BlobDescriptorCacheProvider(cacheProvider))
-			app.registry, err = storage.NewRegistry(app, app.driver, localOptions...)
-			if err != nil {
-				panic("could not create registry: " + err.Error())
-			}
-			dcontext.GetLogger(app).Infof("using inmemory blob descriptor cache")
-		default:
-			if v != "" {
-				dcontext.GetLogger(app).Warnf("unknown cache type %q, caching disabled", config.Storage["cache"])
-			}
-		}
-	}
-
-	if app.registry == nil {
-		// configure the registry if no cache section is available.
-		app.registry, err = storage.NewRegistry(app.Context, app.driver, options...)
-		if err != nil {
-			panic("could not create registry: " + err.Error())
-		}
-	}
-
-	app.registry, err = applyRegistryMiddleware(app, app.registry, config.Middleware["registry"])
-	if err != nil {
-		panic(err)
-	}
-
-	authType := config.Auth.Type()
-
-	if authType != "" && !strings.EqualFold(authType, "none") {
-		accessController, err := auth.GetAccessController(config.Auth.Type(), config.Auth.Parameters())
-		if err != nil {
-			panic(fmt.Sprintf("unable to configure authorization (%s): %v", authType, err))
-		}
-		app.accessController = accessController
-		dcontext.GetLogger(app).Debugf("configured %q access controller", authType)
-	}
-
-	// configure as a pull through cache
-	if config.Proxy.RemoteURL != "" {
-		app.registry, err = proxy.NewRegistryPullThroughCache(ctx, app.registry, app.driver, config.Proxy)
-		if err != nil {
-			panic(err.Error())
-		}
-		app.isCache = true
-		dcontext.GetLogger(app).Info("Registry configured as a proxy cache to ", config.Proxy.RemoteURL)
-	}
-	var ok bool
-	app.repoRemover, ok = app.registry.(distribution.RepositoryRemover)
-	if !ok {
-		dcontext.GetLogger(app).Warnf("Registry does not implement RempositoryRemover. Will not be able to delete repos and tags")
-	}
-
-	return app
-}
-
-// RegisterHealthChecks is an awful hack to defer health check registration
-// control to callers. This should only ever be called once per registry
-// process, typically in a main function. The correct way would be register
-// health checks outside of app, since multiple apps may exist in the same
-// process. Because the configuration and app are tightly coupled,
-// implementing this properly will require a refactor. This method may panic
-// if called twice in the same process.
-func (app *App) RegisterHealthChecks(healthRegistries ...*health.Registry) {
-	if len(healthRegistries) > 1 {
-		panic("RegisterHealthChecks called with more than one registry")
-	}
-	healthRegistry := health.DefaultRegistry
-	if len(healthRegistries) == 1 {
-		healthRegistry = healthRegistries[0]
-	}
-
-	if app.Config.Health.StorageDriver.Enabled {
-		interval := app.Config.Health.StorageDriver.Interval
-		if interval == 0 {
-			interval = defaultCheckInterval
-		}
-
-		storageDriverCheck := func() error {
-			_, err := app.driver.Stat(app, "/") // "/" should always exist
-			if _, ok := err.(storagedriver.PathNotFoundError); ok {
-				err = nil // pass this through, backend is responding, but this path doesn't exist.
-			}
-			return err
-		}
-
-		if app.Config.Health.StorageDriver.Threshold != 0 {
-			healthRegistry.RegisterPeriodicThresholdFunc("storagedriver_"+app.Config.Storage.Type(), interval, app.Config.Health.StorageDriver.Threshold, storageDriverCheck)
-		} else {
-			healthRegistry.RegisterPeriodicFunc("storagedriver_"+app.Config.Storage.Type(), interval, storageDriverCheck)
-		}
-	}
-
-	for _, fileChecker := range app.Config.Health.FileCheckers {
-		interval := fileChecker.Interval
-		if interval == 0 {
-			interval = defaultCheckInterval
-		}
-		dcontext.GetLogger(app).Infof("configuring file health check path=%s, interval=%d", fileChecker.File, interval/time.Second)
-		healthRegistry.Register(fileChecker.File, health.PeriodicChecker(checks.FileChecker(fileChecker.File), interval))
-	}
-
-	for _, httpChecker := range app.Config.Health.HTTPCheckers {
-		interval := httpChecker.Interval
-		if interval == 0 {
-			interval = defaultCheckInterval
-		}
-
-		statusCode := httpChecker.StatusCode
-		if statusCode == 0 {
-			statusCode = 200
-		}
-
-		checker := checks.HTTPChecker(httpChecker.URI, statusCode, httpChecker.Timeout, httpChecker.Headers)
-
-		if httpChecker.Threshold != 0 {
-			dcontext.GetLogger(app).Infof("configuring HTTP health check uri=%s, interval=%d, threshold=%d", httpChecker.URI, interval/time.Second, httpChecker.Threshold)
-			healthRegistry.Register(httpChecker.URI, health.PeriodicThresholdChecker(checker, interval, httpChecker.Threshold))
-		} else {
-			dcontext.GetLogger(app).Infof("configuring HTTP health check uri=%s, interval=%d", httpChecker.URI, interval/time.Second)
-			healthRegistry.Register(httpChecker.URI, health.PeriodicChecker(checker, interval))
-		}
-	}
-
-	for _, tcpChecker := range app.Config.Health.TCPCheckers {
-		interval := tcpChecker.Interval
-		if interval == 0 {
-			interval = defaultCheckInterval
-		}
-
-		checker := checks.TCPChecker(tcpChecker.Addr, tcpChecker.Timeout)
-
-		if tcpChecker.Threshold != 0 {
-			dcontext.GetLogger(app).Infof("configuring TCP health check addr=%s, interval=%d, threshold=%d", tcpChecker.Addr, interval/time.Second, tcpChecker.Threshold)
-			healthRegistry.Register(tcpChecker.Addr, health.PeriodicThresholdChecker(checker, interval, tcpChecker.Threshold))
-		} else {
-			dcontext.GetLogger(app).Infof("configuring TCP health check addr=%s, interval=%d", tcpChecker.Addr, interval/time.Second)
-			healthRegistry.Register(tcpChecker.Addr, health.PeriodicChecker(checker, interval))
-		}
-	}
-}
-
-// register a handler with the application, by route name. The handler will be
-// passed through the application filters and context will be constructed at
-// request time.
-func (app *App) register(routeName string, dispatch dispatchFunc) {
-	handler := app.dispatcher(dispatch)
-
-	// Chain the handler with prometheus instrumented handler
-	if app.Config.HTTP.Debug.Prometheus.Enabled {
-		namespace := metrics.NewNamespace(prometheus.NamespacePrefix, "http", nil)
-		httpMetrics := namespace.NewDefaultHttpMetrics(strings.Replace(routeName, "-", "_", -1))
-		metrics.Register(namespace)
-		handler = metrics.InstrumentHandler(httpMetrics, handler)
-	}
-
-	// TODO(stevvooe): This odd dispatcher/route registration is by-product of
-	// some limitations in the gorilla/mux router. We are using it to keep
-	// routing consistent between the client and server, but we may want to
-	// replace it with manual routing and structure-based dispatch for better
-	// control over the request execution.
-
-	app.router.GetRoute(routeName).Handler(handler)
-}
-
-// configureEvents prepares the event sink for action.
-func (app *App) configureEvents(configuration *configuration.Configuration) {
-	// Configure all of the endpoint sinks.
-	var sinks []notifications.Sink
-	for _, endpoint := range configuration.Notifications.Endpoints {
-		if endpoint.Disabled {
-			dcontext.GetLogger(app).Infof("endpoint %s disabled, skipping", endpoint.Name)
-			continue
-		}
-
-		dcontext.GetLogger(app).Infof("configuring endpoint %v (%v), timeout=%s, headers=%v", endpoint.Name, endpoint.URL, endpoint.Timeout, endpoint.Headers)
-		endpoint := notifications.NewEndpoint(endpoint.Name, endpoint.URL, notifications.EndpointConfig{
-			Timeout:           endpoint.Timeout,
-			Threshold:         endpoint.Threshold,
-			Backoff:           endpoint.Backoff,
-			Headers:           endpoint.Headers,
-			IgnoredMediaTypes: endpoint.IgnoredMediaTypes,
-			Ignore:            endpoint.Ignore,
-		})
-
-		sinks = append(sinks, endpoint)
-	}
-
-	// NOTE(stevvooe): Moving to a new queuing implementation is as easy as
-	// replacing broadcaster with a rabbitmq implementation. It's recommended
-	// that the registry instances also act as the workers to keep deployment
-	// simple.
-	app.events.sink = notifications.NewBroadcaster(sinks...)
-
-	// Populate registry event source
-	hostname, err := os.Hostname()
-	if err != nil {
-		hostname = configuration.HTTP.Addr
-	} else {
-		// try to pick the port off the config
-		_, port, err := net.SplitHostPort(configuration.HTTP.Addr)
-		if err == nil {
-			hostname = net.JoinHostPort(hostname, port)
-		}
-	}
-
-	app.events.source = notifications.SourceRecord{
-		Addr:       hostname,
-		InstanceID: dcontext.GetStringValue(app, "instance.id"),
-	}
-}
-
-type redisStartAtKey struct{}
-
-func (app *App) configureRedis(configuration *configuration.Configuration) {
-	if configuration.Redis.Addr == "" {
-		dcontext.GetLogger(app).Infof("redis not configured")
-		return
-	}
-
-	pool := &redis.Pool{
-		Dial: func() (redis.Conn, error) {
-			// TODO(stevvooe): Yet another use case for contextual timing.
-			ctx := context.WithValue(app, redisStartAtKey{}, time.Now())
-
-			done := func(err error) {
-				logger := dcontext.GetLoggerWithField(ctx, "redis.connect.duration",
-					dcontext.Since(ctx, redisStartAtKey{}))
-				if err != nil {
-					logger.Errorf("redis: error connecting: %v", err)
-				} else {
-					logger.Infof("redis: connect %v", configuration.Redis.Addr)
-				}
-			}
-
-			conn, err := redis.DialTimeout("tcp",
-				configuration.Redis.Addr,
-				configuration.Redis.DialTimeout,
-				configuration.Redis.ReadTimeout,
-				configuration.Redis.WriteTimeout)
-			if err != nil {
-				dcontext.GetLogger(app).Errorf("error connecting to redis instance %s: %v",
-					configuration.Redis.Addr, err)
-				done(err)
-				return nil, err
-			}
-
-			// authorize the connection
-			if configuration.Redis.Password != "" {
-				if _, err = conn.Do("AUTH", configuration.Redis.Password); err != nil {
-					defer conn.Close()
-					done(err)
-					return nil, err
-				}
-			}
-
-			// select the database to use
-			if configuration.Redis.DB != 0 {
-				if _, err = conn.Do("SELECT", configuration.Redis.DB); err != nil {
-					defer conn.Close()
-					done(err)
-					return nil, err
-				}
-			}
-
-			done(nil)
-			return conn, nil
-		},
-		MaxIdle:     configuration.Redis.Pool.MaxIdle,
-		MaxActive:   configuration.Redis.Pool.MaxActive,
-		IdleTimeout: configuration.Redis.Pool.IdleTimeout,
-		TestOnBorrow: func(c redis.Conn, t time.Time) error {
-			// TODO(stevvooe): We can probably do something more interesting
-			// here with the health package.
-			_, err := c.Do("PING")
-			return err
-		},
-		Wait: false, // if a connection is not available, proceed without cache.
-	}
-
-	app.redis = pool
-
-	// setup expvar
-	registry := expvar.Get("registry")
-	if registry == nil {
-		registry = expvar.NewMap("registry")
-	}
-
-	registry.(*expvar.Map).Set("redis", expvar.Func(func() interface{} {
-		return map[string]interface{}{
-			"Config": configuration.Redis,
-			"Active": app.redis.ActiveCount(),
-		}
-	}))
-}
-
-// configureLogHook prepares logging hook parameters.
-func (app *App) configureLogHook(configuration *configuration.Configuration) {
-	entry, ok := dcontext.GetLogger(app).(*logrus.Entry)
-	if !ok {
-		// somehow, we are not using logrus
-		return
-	}
-
-	logger := entry.Logger
-
-	for _, configHook := range configuration.Log.Hooks {
-		if !configHook.Disabled {
-			switch configHook.Type {
-			case "mail":
-				hook := &logHook{}
-				hook.LevelsParam = configHook.Levels
-				hook.Mail = &mailer{
-					Addr:     configHook.MailOptions.SMTP.Addr,
-					Username: configHook.MailOptions.SMTP.Username,
-					Password: configHook.MailOptions.SMTP.Password,
-					Insecure: configHook.MailOptions.SMTP.Insecure,
-					From:     configHook.MailOptions.From,
-					To:       configHook.MailOptions.To,
-				}
-				logger.Hooks.Add(hook)
-			default:
-			}
-		}
-	}
-}
-
-// configureSecret creates a random secret if a secret wasn't included in the
-// configuration.
-func (app *App) configureSecret(configuration *configuration.Configuration) {
-	if configuration.HTTP.Secret == "" {
-		var secretBytes [randomSecretSize]byte
-		if _, err := rand.Read(secretBytes[:]); err != nil {
-			panic(fmt.Sprintf("could not generate random bytes for HTTP secret: %v", err))
-		}
-		configuration.HTTP.Secret = string(secretBytes[:])
-		dcontext.GetLogger(app).Warn("No HTTP secret provided - generated random secret. This may cause problems with uploads if multiple registries are behind a load-balancer. To provide a shared secret, fill in http.secret in the configuration file or set the REGISTRY_HTTP_SECRET environment variable.")
-	}
-}
-
-func (app *App) ServeHTTP(w http.ResponseWriter, r *http.Request) {
-	defer r.Body.Close() // ensure that request body is always closed.
-
-	// Prepare the context with our own little decorations.
-	ctx := r.Context()
-	ctx = dcontext.WithRequest(ctx, r)
-	ctx, w = dcontext.WithResponseWriter(ctx, w)
-	ctx = dcontext.WithLogger(ctx, dcontext.GetRequestLogger(ctx))
-	r = r.WithContext(ctx)
-
-	defer func() {
-		status, ok := ctx.Value("http.response.status").(int)
-		if ok && status >= 200 && status <= 399 {
-			dcontext.GetResponseLogger(r.Context()).Infof("response completed")
-		}
-	}()
-
-	// Set a header with the Docker Distribution API Version for all responses.
-	w.Header().Add("Docker-Distribution-API-Version", "registry/2.0")
-	app.router.ServeHTTP(w, r)
-}
-
-// dispatchFunc takes a context and request and returns a constructed handler
-// for the route. The dispatcher will use this to dynamically create request
-// specific handlers for each endpoint without creating a new router for each
-// request.
-type dispatchFunc func(ctx *Context, r *http.Request) http.Handler
-
-// TODO(stevvooe): dispatchers should probably have some validation error
-// chain with proper error reporting.
-
-// dispatcher returns a handler that constructs a request specific context and
-// handler, using the dispatch factory function.
-func (app *App) dispatcher(dispatch dispatchFunc) http.Handler {
-	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		for headerName, headerValues := range app.Config.HTTP.Headers {
-			for _, value := range headerValues {
-				w.Header().Add(headerName, value)
-			}
-		}
-
-		context := app.context(w, r)
-
-		if err := app.authorized(w, r, context); err != nil {
-			dcontext.GetLogger(context).Warnf("error authorizing context: %v", err)
-			return
-		}
-
-		// Add username to request logging
-		context.Context = dcontext.WithLogger(context.Context, dcontext.GetLogger(context.Context, auth.UserNameKey))
-
-		// sync up context on the request.
-		r = r.WithContext(context)
-
-		if app.nameRequired(r) {
-			nameRef, err := reference.WithName(getName(context))
-			if err != nil {
-				dcontext.GetLogger(context).Errorf("error parsing reference from context: %v", err)
-				context.Errors = append(context.Errors, distribution.ErrRepositoryNameInvalid{
-					Name:   getName(context),
-					Reason: err,
-				})
-				if err := errcode.ServeJSON(w, context.Errors); err != nil {
-					dcontext.GetLogger(context).Errorf("error serving error json: %v (from %v)", err, context.Errors)
-				}
-				return
-			}
-			repository, err := app.registry.Repository(context, nameRef)
-
-			if err != nil {
-				dcontext.GetLogger(context).Errorf("error resolving repository: %v", err)
-
-				switch err := err.(type) {
-				case distribution.ErrRepositoryUnknown:
-					context.Errors = append(context.Errors, v2.ErrorCodeNameUnknown.WithDetail(err))
-				case distribution.ErrRepositoryNameInvalid:
-					context.Errors = append(context.Errors, v2.ErrorCodeNameInvalid.WithDetail(err))
-				case errcode.Error:
-					context.Errors = append(context.Errors, err)
-				}
-
-				if err := errcode.ServeJSON(w, context.Errors); err != nil {
-					dcontext.GetLogger(context).Errorf("error serving error json: %v (from %v)", err, context.Errors)
-				}
-				return
-			}
-
-			// assign and decorate the authorized repository with an event bridge.
-			context.Repository, context.RepositoryRemover = notifications.Listen(
-				repository,
-				context.App.repoRemover,
-				app.eventBridge(context, r))
-
-			context.Repository, err = applyRepoMiddleware(app, context.Repository, app.Config.Middleware["repository"])
-			if err != nil {
-				dcontext.GetLogger(context).Errorf("error initializing repository middleware: %v", err)
-				context.Errors = append(context.Errors, errcode.ErrorCodeUnknown.WithDetail(err))
-
-				if err := errcode.ServeJSON(w, context.Errors); err != nil {
-					dcontext.GetLogger(context).Errorf("error serving error json: %v (from %v)", err, context.Errors)
-				}
-				return
-			}
-		}
-
-		dispatch(context, r).ServeHTTP(w, r)
-		// Automated error response handling here. Handlers may return their
-		// own errors if they need different behavior (such as range errors
-		// for layer upload).
-		if context.Errors.Len() > 0 {
-			if err := errcode.ServeJSON(w, context.Errors); err != nil {
-				dcontext.GetLogger(context).Errorf("error serving error json: %v (from %v)", err, context.Errors)
-			}
-
-			app.logError(context, context.Errors)
-		}
-	})
-}
-
-type errCodeKey struct{}
-
-func (errCodeKey) String() string { return "err.code" }
-
-type errMessageKey struct{}
-
-func (errMessageKey) String() string { return "err.message" }
-
-type errDetailKey struct{}
-
-func (errDetailKey) String() string { return "err.detail" }
-
-func (app *App) logError(ctx context.Context, errors errcode.Errors) {
-	for _, e1 := range errors {
-		var c context.Context
-
-		switch e := e1.(type) {
-		case errcode.Error:
-			c = context.WithValue(ctx, errCodeKey{}, e.Code)
-			c = context.WithValue(c, errMessageKey{}, e.Message)
-			c = context.WithValue(c, errDetailKey{}, e.Detail)
-		case errcode.ErrorCode:
-			c = context.WithValue(ctx, errCodeKey{}, e)
-			c = context.WithValue(c, errMessageKey{}, e.Message())
-		default:
-			// just normal go 'error'
-			c = context.WithValue(ctx, errCodeKey{}, errcode.ErrorCodeUnknown)
-			c = context.WithValue(c, errMessageKey{}, e.Error())
-		}
-
-		c = dcontext.WithLogger(c, dcontext.GetLogger(c,
-			errCodeKey{},
-			errMessageKey{},
-			errDetailKey{}))
-		dcontext.GetResponseLogger(c).Errorf("response completed with error")
-	}
-}
-
-// context constructs the context object for the application. This only be
-// called once per request.
-func (app *App) context(w http.ResponseWriter, r *http.Request) *Context {
-	ctx := r.Context()
-	ctx = dcontext.WithVars(ctx, r)
-	ctx = dcontext.WithLogger(ctx, dcontext.GetLogger(ctx,
-		"vars.name",
-		"vars.reference",
-		"vars.digest",
-		"vars.uuid"))
-
-	context := &Context{
-		App:     app,
-		Context: ctx,
-	}
-
-	if app.httpHost.Scheme != "" && app.httpHost.Host != "" {
-		// A "host" item in the configuration takes precedence over
-		// X-Forwarded-Proto and X-Forwarded-Host headers, and the
-		// hostname in the request.
-		context.urlBuilder = v2.NewURLBuilder(&app.httpHost, false)
-	} else {
-		context.urlBuilder = v2.NewURLBuilderFromRequest(r, app.Config.HTTP.RelativeURLs)
-	}
-
-	return context
-}
-
-// authorized checks if the request can proceed with access to the requested
-// repository. If it succeeds, the context may access the requested
-// repository. An error will be returned if access is not available.
-func (app *App) authorized(w http.ResponseWriter, r *http.Request, context *Context) error {
-	dcontext.GetLogger(context).Debug("authorizing request")
-	repo := getName(context)
-
-	if app.accessController == nil {
-		return nil // access controller is not enabled.
-	}
-
-	var accessRecords []auth.Access
-
-	if repo != "" {
-		accessRecords = appendAccessRecords(accessRecords, r.Method, repo)
-		if fromRepo := r.FormValue("from"); fromRepo != "" {
-			// mounting a blob from one repository to another requires pull (GET)
-			// access to the source repository.
-			accessRecords = appendAccessRecords(accessRecords, "GET", fromRepo)
-		}
-	} else {
-		// Only allow the name not to be set on the base route.
-		if app.nameRequired(r) {
-			// For this to be properly secured, repo must always be set for a
-			// resource that may make a modification. The only condition under
-			// which name is not set and we still allow access is when the
-			// base route is accessed. This section prevents us from making
-			// that mistake elsewhere in the code, allowing any operation to
-			// proceed.
-			if err := errcode.ServeJSON(w, errcode.ErrorCodeUnauthorized); err != nil {
-				dcontext.GetLogger(context).Errorf("error serving error json: %v (from %v)", err, context.Errors)
-			}
-			return fmt.Errorf("forbidden: no repository name")
-		}
-		accessRecords = appendCatalogAccessRecord(accessRecords, r)
-	}
-
-	ctx, err := app.accessController.Authorized(context.Context, accessRecords...)
-	if err != nil {
-		switch err := err.(type) {
-		case auth.Challenge:
-			// Add the appropriate WWW-Auth header
-			err.SetHeaders(r, w)
-
-			if err := errcode.ServeJSON(w, errcode.ErrorCodeUnauthorized.WithDetail(accessRecords)); err != nil {
-				dcontext.GetLogger(context).Errorf("error serving error json: %v (from %v)", err, context.Errors)
-			}
-		default:
-			// This condition is a potential security problem either in
-			// the configuration or whatever is backing the access
-			// controller. Just return a bad request with no information
-			// to avoid exposure. The request should not proceed.
-			dcontext.GetLogger(context).Errorf("error checking authorization: %v", err)
-			w.WriteHeader(http.StatusBadRequest)
-		}
-
-		return err
-	}
-
-	dcontext.GetLogger(ctx).Info("authorized request")
-	// TODO(stevvooe): This pattern needs to be cleaned up a bit. One context
-	// should be replaced by another, rather than replacing the context on a
-	// mutable object.
-	context.Context = ctx
-	return nil
-}
-
-// eventBridge returns a bridge for the current request, configured with the
-// correct actor and source.
-func (app *App) eventBridge(ctx *Context, r *http.Request) notifications.Listener {
-	actor := notifications.ActorRecord{
-		Name: getUserName(ctx, r),
-	}
-	request := notifications.NewRequestRecord(dcontext.GetRequestID(ctx), r)
-
-	return notifications.NewBridge(ctx.urlBuilder, app.events.source, actor, request, app.events.sink, app.Config.Notifications.EventConfig.IncludeReferences)
-}
-
-// nameRequired returns true if the route requires a name.
-func (app *App) nameRequired(r *http.Request) bool {
-	route := mux.CurrentRoute(r)
-	if route == nil {
-		return true
-	}
-	routeName := route.GetName()
-	return routeName != v2.RouteNameBase && routeName != v2.RouteNameCatalog
-}
-
-// apiBase implements a simple yes-man for doing overall checks against the
-// api. This can support auth roundtrips to support docker login.
-func apiBase(w http.ResponseWriter, r *http.Request) {
-	const emptyJSON = "{}"
-	// Provide a simple /v2/ 200 OK response with empty json response.
-	w.Header().Set("Content-Type", "application/json; charset=utf-8")
-	w.Header().Set("Content-Length", fmt.Sprint(len(emptyJSON)))
-
-	fmt.Fprint(w, emptyJSON)
-}
-
-// appendAccessRecords checks the method and adds the appropriate Access records to the records list.
-func appendAccessRecords(records []auth.Access, method string, repo string) []auth.Access {
-	resource := auth.Resource{
-		Type: "repository",
-		Name: repo,
-	}
-
-	switch method {
-	case "GET", "HEAD":
-		records = append(records,
-			auth.Access{
-				Resource: resource,
-				Action:   "pull",
-			})
-	case "POST", "PUT", "PATCH":
-		records = append(records,
-			auth.Access{
-				Resource: resource,
-				Action:   "pull",
-			},
-			auth.Access{
-				Resource: resource,
-				Action:   "push",
-			})
-	case "DELETE":
-		records = append(records,
-			auth.Access{
-				Resource: resource,
-				Action:   "delete",
-			})
-	}
-	return records
-}
-
-// Add the access record for the catalog if it's our current route
-func appendCatalogAccessRecord(accessRecords []auth.Access, r *http.Request) []auth.Access {
-	route := mux.CurrentRoute(r)
-	routeName := route.GetName()
-
-	if routeName == v2.RouteNameCatalog {
-		resource := auth.Resource{
-			Type: "registry",
-			Name: "catalog",
-		}
-
-		accessRecords = append(accessRecords,
-			auth.Access{
-				Resource: resource,
-				Action:   "*",
-			})
-	}
-	return accessRecords
-}
-
-// applyRegistryMiddleware wraps a registry instance with the configured middlewares
-func applyRegistryMiddleware(ctx context.Context, registry distribution.Namespace, middlewares []configuration.Middleware) (distribution.Namespace, error) {
-	for _, mw := range middlewares {
-		rmw, err := registrymiddleware.Get(ctx, mw.Name, mw.Options, registry)
-		if err != nil {
-			return nil, fmt.Errorf("unable to configure registry middleware (%s): %s", mw.Name, err)
-		}
-		registry = rmw
-	}
-	return registry, nil
-
-}
-
-// applyRepoMiddleware wraps a repository with the configured middlewares
-func applyRepoMiddleware(ctx context.Context, repository distribution.Repository, middlewares []configuration.Middleware) (distribution.Repository, error) {
-	for _, mw := range middlewares {
-		rmw, err := repositorymiddleware.Get(ctx, mw.Name, mw.Options, repository)
-		if err != nil {
-			return nil, err
-		}
-		repository = rmw
-	}
-	return repository, nil
-}
-
-// applyStorageMiddleware wraps a storage driver with the configured middlewares
-func applyStorageMiddleware(driver storagedriver.StorageDriver, middlewares []configuration.Middleware) (storagedriver.StorageDriver, error) {
-	for _, mw := range middlewares {
-		smw, err := storagemiddleware.Get(mw.Name, mw.Options, driver)
-		if err != nil {
-			return nil, fmt.Errorf("unable to configure storage middleware (%s): %v", mw.Name, err)
-		}
-		driver = smw
-	}
-	return driver, nil
-}
-
-// uploadPurgeDefaultConfig provides a default configuration for upload
-// purging to be used in the absence of configuration in the
-// configuration file
-func uploadPurgeDefaultConfig() map[interface{}]interface{} {
-	config := map[interface{}]interface{}{}
-	config["enabled"] = true
-	config["age"] = "168h"
-	config["interval"] = "24h"
-	config["dryrun"] = false
-	return config
-}
-
-func badPurgeUploadConfig(reason string) {
-	panic(fmt.Sprintf("Unable to parse upload purge configuration: %s", reason))
-}
-
-// startUploadPurger schedules a goroutine which will periodically
-// check upload directories for old files and delete them
-func startUploadPurger(ctx context.Context, storageDriver storagedriver.StorageDriver, log dcontext.Logger, config map[interface{}]interface{}) {
-	if config["enabled"] == false {
-		return
-	}
-
-	var purgeAgeDuration time.Duration
-	var err error
-	purgeAge, ok := config["age"]
-	if ok {
-		ageStr, ok := purgeAge.(string)
-		if !ok {
-			badPurgeUploadConfig("age is not a string")
-		}
-		purgeAgeDuration, err = time.ParseDuration(ageStr)
-		if err != nil {
-			badPurgeUploadConfig(fmt.Sprintf("Cannot parse duration: %s", err.Error()))
-		}
-	} else {
-		badPurgeUploadConfig("age missing")
-	}
-
-	var intervalDuration time.Duration
-	interval, ok := config["interval"]
-	if ok {
-		intervalStr, ok := interval.(string)
-		if !ok {
-			badPurgeUploadConfig("interval is not a string")
-		}
-
-		intervalDuration, err = time.ParseDuration(intervalStr)
-		if err != nil {
-			badPurgeUploadConfig(fmt.Sprintf("Cannot parse interval: %s", err.Error()))
-		}
-	} else {
-		badPurgeUploadConfig("interval missing")
-	}
-
-	var dryRunBool bool
-	dryRun, ok := config["dryrun"]
-	if ok {
-		dryRunBool, ok = dryRun.(bool)
-		if !ok {
-			badPurgeUploadConfig("cannot parse dryrun")
-		}
-	} else {
-		badPurgeUploadConfig("dryrun missing")
-	}
-
-	go func() {
-		randInt, err := rand.Int(rand.Reader, new(big.Int).SetInt64(math.MaxInt64))
-		if err != nil {
-			log.Infof("Failed to generate random jitter: %v", err)
-			// sleep 30min for failure case
-			randInt = big.NewInt(30)
-		}
-		jitter := time.Duration(randInt.Int64()%60) * time.Minute
-		log.Infof("Starting upload purge in %s", jitter)
-		time.Sleep(jitter)
-
-		for {
-			storage.PurgeUploads(ctx, storageDriver, time.Now().Add(-purgeAgeDuration), !dryRunBool)
-			log.Infof("Starting upload purge in %s", intervalDuration)
-			time.Sleep(intervalDuration)
-		}
-	}()
-}
diff --git a/vendor/github.com/docker/distribution/registry/handlers/basicauth.go b/vendor/github.com/docker/distribution/registry/handlers/basicauth.go
deleted file mode 100644
index a41965dcf..000000000
--- a/vendor/github.com/docker/distribution/registry/handlers/basicauth.go
+++ /dev/null
@@ -1,12 +0,0 @@
-//go:build go1.4
-// +build go1.4
-
-package handlers
-
-import (
-	"net/http"
-)
-
-func basicAuth(r *http.Request) (username, password string, ok bool) {
-	return r.BasicAuth()
-}
diff --git a/vendor/github.com/docker/distribution/registry/handlers/basicauth_prego14.go b/vendor/github.com/docker/distribution/registry/handlers/basicauth_prego14.go
deleted file mode 100644
index 01290adfe..000000000
--- a/vendor/github.com/docker/distribution/registry/handlers/basicauth_prego14.go
+++ /dev/null
@@ -1,42 +0,0 @@
-//go:build !go1.4
-// +build !go1.4
-
-package handlers
-
-import (
-	"encoding/base64"
-	"net/http"
-	"strings"
-)
-
-// NOTE(stevvooe): This is basic auth support from go1.4 present to ensure we
-// can compile on go1.3 and earlier.
-
-// BasicAuth returns the username and password provided in the request's
-// Authorization header, if the request uses HTTP Basic Authentication.
-// See RFC 2617, Section 2.
-func basicAuth(r *http.Request) (username, password string, ok bool) {
-	auth := r.Header.Get("Authorization")
-	if auth == "" {
-		return
-	}
-	return parseBasicAuth(auth)
-}
-
-// parseBasicAuth parses an HTTP Basic Authentication string.
-// "Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==" returns ("Aladdin", "open sesame", true).
-func parseBasicAuth(auth string) (username, password string, ok bool) {
-	if !strings.HasPrefix(auth, "Basic ") {
-		return
-	}
-	c, err := base64.StdEncoding.DecodeString(strings.TrimPrefix(auth, "Basic "))
-	if err != nil {
-		return
-	}
-	cs := string(c)
-	s := strings.IndexByte(cs, ':')
-	if s < 0 {
-		return
-	}
-	return cs[:s], cs[s+1:], true
-}
diff --git a/vendor/github.com/docker/distribution/registry/handlers/blob.go b/vendor/github.com/docker/distribution/registry/handlers/blob.go
deleted file mode 100644
index 515fdad0a..000000000
--- a/vendor/github.com/docker/distribution/registry/handlers/blob.go
+++ /dev/null
@@ -1,99 +0,0 @@
-package handlers
-
-import (
-	"net/http"
-
-	"github.com/docker/distribution"
-	"github.com/docker/distribution/context"
-	"github.com/docker/distribution/registry/api/errcode"
-	v2 "github.com/docker/distribution/registry/api/v2"
-	"github.com/gorilla/handlers"
-	"github.com/opencontainers/go-digest"
-)
-
-// blobDispatcher uses the request context to build a blobHandler.
-func blobDispatcher(ctx *Context, r *http.Request) http.Handler {
-	dgst, err := getDigest(ctx)
-	if err != nil {
-
-		if err == errDigestNotAvailable {
-			return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-				ctx.Errors = append(ctx.Errors, v2.ErrorCodeDigestInvalid.WithDetail(err))
-			})
-		}
-
-		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-			ctx.Errors = append(ctx.Errors, v2.ErrorCodeDigestInvalid.WithDetail(err))
-		})
-	}
-
-	blobHandler := &blobHandler{
-		Context: ctx,
-		Digest:  dgst,
-	}
-
-	mhandler := handlers.MethodHandler{
-		"GET":  http.HandlerFunc(blobHandler.GetBlob),
-		"HEAD": http.HandlerFunc(blobHandler.GetBlob),
-	}
-
-	if !ctx.readOnly {
-		mhandler["DELETE"] = http.HandlerFunc(blobHandler.DeleteBlob)
-	}
-
-	return mhandler
-}
-
-// blobHandler serves http blob requests.
-type blobHandler struct {
-	*Context
-
-	Digest digest.Digest
-}
-
-// GetBlob fetches the binary data from backend storage returns it in the
-// response.
-func (bh *blobHandler) GetBlob(w http.ResponseWriter, r *http.Request) {
-	context.GetLogger(bh).Debug("GetBlob")
-	blobs := bh.Repository.Blobs(bh)
-	desc, err := blobs.Stat(bh, bh.Digest)
-	if err != nil {
-		if err == distribution.ErrBlobUnknown {
-			bh.Errors = append(bh.Errors, v2.ErrorCodeBlobUnknown.WithDetail(bh.Digest))
-		} else {
-			bh.Errors = append(bh.Errors, errcode.ErrorCodeUnknown.WithDetail(err))
-		}
-		return
-	}
-
-	if err := blobs.ServeBlob(bh, w, r, desc.Digest); err != nil {
-		context.GetLogger(bh).Debugf("unexpected error getting blob HTTP handler: %v", err)
-		bh.Errors = append(bh.Errors, errcode.ErrorCodeUnknown.WithDetail(err))
-		return
-	}
-}
-
-// DeleteBlob deletes a layer blob
-func (bh *blobHandler) DeleteBlob(w http.ResponseWriter, r *http.Request) {
-	context.GetLogger(bh).Debug("DeleteBlob")
-
-	blobs := bh.Repository.Blobs(bh)
-	err := blobs.Delete(bh, bh.Digest)
-	if err != nil {
-		switch err {
-		case distribution.ErrUnsupported:
-			bh.Errors = append(bh.Errors, errcode.ErrorCodeUnsupported)
-			return
-		case distribution.ErrBlobUnknown:
-			bh.Errors = append(bh.Errors, v2.ErrorCodeBlobUnknown)
-			return
-		default:
-			bh.Errors = append(bh.Errors, err)
-			context.GetLogger(bh).Errorf("Unknown error deleting blob: %s", err.Error())
-			return
-		}
-	}
-
-	w.Header().Set("Content-Length", "0")
-	w.WriteHeader(http.StatusAccepted)
-}
diff --git a/vendor/github.com/docker/distribution/registry/handlers/blobupload.go b/vendor/github.com/docker/distribution/registry/handlers/blobupload.go
deleted file mode 100644
index 53ffbe8cc..000000000
--- a/vendor/github.com/docker/distribution/registry/handlers/blobupload.go
+++ /dev/null
@@ -1,368 +0,0 @@
-package handlers
-
-import (
-	"fmt"
-	"net/http"
-	"net/url"
-
-	"github.com/docker/distribution"
-	dcontext "github.com/docker/distribution/context"
-	"github.com/docker/distribution/reference"
-	"github.com/docker/distribution/registry/api/errcode"
-	v2 "github.com/docker/distribution/registry/api/v2"
-	"github.com/docker/distribution/registry/storage"
-	"github.com/gorilla/handlers"
-	"github.com/opencontainers/go-digest"
-)
-
-// blobUploadDispatcher constructs and returns the blob upload handler for the
-// given request context.
-func blobUploadDispatcher(ctx *Context, r *http.Request) http.Handler {
-	buh := &blobUploadHandler{
-		Context: ctx,
-		UUID:    getUploadUUID(ctx),
-	}
-
-	handler := handlers.MethodHandler{
-		"GET":  http.HandlerFunc(buh.GetUploadStatus),
-		"HEAD": http.HandlerFunc(buh.GetUploadStatus),
-	}
-
-	if !ctx.readOnly {
-		handler["POST"] = http.HandlerFunc(buh.StartBlobUpload)
-		handler["PATCH"] = http.HandlerFunc(buh.PatchBlobData)
-		handler["PUT"] = http.HandlerFunc(buh.PutBlobUploadComplete)
-		handler["DELETE"] = http.HandlerFunc(buh.CancelBlobUpload)
-	}
-
-	if buh.UUID != "" {
-		state, err := hmacKey(ctx.Config.HTTP.Secret).unpackUploadState(r.FormValue("_state"))
-		if err != nil {
-			return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-				dcontext.GetLogger(ctx).Infof("error resolving upload: %v", err)
-				buh.Errors = append(buh.Errors, v2.ErrorCodeBlobUploadInvalid.WithDetail(err))
-			})
-		}
-		buh.State = state
-
-		if state.Name != ctx.Repository.Named().Name() {
-			return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-				dcontext.GetLogger(ctx).Infof("mismatched repository name in upload state: %q != %q", state.Name, buh.Repository.Named().Name())
-				buh.Errors = append(buh.Errors, v2.ErrorCodeBlobUploadInvalid.WithDetail(err))
-			})
-		}
-
-		if state.UUID != buh.UUID {
-			return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-				dcontext.GetLogger(ctx).Infof("mismatched uuid in upload state: %q != %q", state.UUID, buh.UUID)
-				buh.Errors = append(buh.Errors, v2.ErrorCodeBlobUploadInvalid.WithDetail(err))
-			})
-		}
-
-		blobs := ctx.Repository.Blobs(buh)
-		upload, err := blobs.Resume(buh, buh.UUID)
-		if err != nil {
-			dcontext.GetLogger(ctx).Errorf("error resolving upload: %v", err)
-			if err == distribution.ErrBlobUploadUnknown {
-				return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-					buh.Errors = append(buh.Errors, v2.ErrorCodeBlobUploadUnknown.WithDetail(err))
-				})
-			}
-
-			return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-				buh.Errors = append(buh.Errors, errcode.ErrorCodeUnknown.WithDetail(err))
-			})
-		}
-		buh.Upload = upload
-
-		if size := upload.Size(); size != buh.State.Offset {
-			defer upload.Close()
-			dcontext.GetLogger(ctx).Errorf("upload resumed at wrong offest: %d != %d", size, buh.State.Offset)
-			return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-				buh.Errors = append(buh.Errors, v2.ErrorCodeBlobUploadInvalid.WithDetail(err))
-				upload.Cancel(buh)
-			})
-		}
-		return closeResources(handler, buh.Upload)
-	}
-
-	return handler
-}
-
-// blobUploadHandler handles the http blob upload process.
-type blobUploadHandler struct {
-	*Context
-
-	// UUID identifies the upload instance for the current request. Using UUID
-	// to key blob writers since this implementation uses UUIDs.
-	UUID string
-
-	Upload distribution.BlobWriter
-
-	State blobUploadState
-}
-
-// StartBlobUpload begins the blob upload process and allocates a server-side
-// blob writer session, optionally mounting the blob from a separate repository.
-func (buh *blobUploadHandler) StartBlobUpload(w http.ResponseWriter, r *http.Request) {
-	var options []distribution.BlobCreateOption
-
-	fromRepo := r.FormValue("from")
-	mountDigest := r.FormValue("mount")
-
-	if mountDigest != "" && fromRepo != "" {
-		opt, err := buh.createBlobMountOption(fromRepo, mountDigest)
-		if opt != nil && err == nil {
-			options = append(options, opt)
-		}
-	}
-
-	blobs := buh.Repository.Blobs(buh)
-	upload, err := blobs.Create(buh, options...)
-
-	if err != nil {
-		if ebm, ok := err.(distribution.ErrBlobMounted); ok {
-			if err := buh.writeBlobCreatedHeaders(w, ebm.Descriptor); err != nil {
-				buh.Errors = append(buh.Errors, errcode.ErrorCodeUnknown.WithDetail(err))
-			}
-		} else if err == distribution.ErrUnsupported {
-			buh.Errors = append(buh.Errors, errcode.ErrorCodeUnsupported)
-		} else {
-			buh.Errors = append(buh.Errors, errcode.ErrorCodeUnknown.WithDetail(err))
-		}
-		return
-	}
-
-	buh.Upload = upload
-
-	if err := buh.blobUploadResponse(w, r, true); err != nil {
-		buh.Errors = append(buh.Errors, errcode.ErrorCodeUnknown.WithDetail(err))
-		return
-	}
-
-	w.Header().Set("Docker-Upload-UUID", buh.Upload.ID())
-	w.WriteHeader(http.StatusAccepted)
-}
-
-// GetUploadStatus returns the status of a given upload, identified by id.
-func (buh *blobUploadHandler) GetUploadStatus(w http.ResponseWriter, r *http.Request) {
-	if buh.Upload == nil {
-		buh.Errors = append(buh.Errors, v2.ErrorCodeBlobUploadUnknown)
-		return
-	}
-
-	// TODO(dmcgowan): Set last argument to false in blobUploadResponse when
-	// resumable upload is supported. This will enable returning a non-zero
-	// range for clients to begin uploading at an offset.
-	if err := buh.blobUploadResponse(w, r, true); err != nil {
-		buh.Errors = append(buh.Errors, errcode.ErrorCodeUnknown.WithDetail(err))
-		return
-	}
-
-	w.Header().Set("Docker-Upload-UUID", buh.UUID)
-	w.WriteHeader(http.StatusNoContent)
-}
-
-// PatchBlobData writes data to an upload.
-func (buh *blobUploadHandler) PatchBlobData(w http.ResponseWriter, r *http.Request) {
-	if buh.Upload == nil {
-		buh.Errors = append(buh.Errors, v2.ErrorCodeBlobUploadUnknown)
-		return
-	}
-
-	ct := r.Header.Get("Content-Type")
-	if ct != "" && ct != "application/octet-stream" {
-		buh.Errors = append(buh.Errors, errcode.ErrorCodeUnknown.WithDetail(fmt.Errorf("bad Content-Type")))
-		// TODO(dmcgowan): encode error
-		return
-	}
-
-	// TODO(dmcgowan): support Content-Range header to seek and write range
-
-	if err := copyFullPayload(buh, w, r, buh.Upload, -1, "blob PATCH"); err != nil {
-		buh.Errors = append(buh.Errors, errcode.ErrorCodeUnknown.WithDetail(err.Error()))
-		return
-	}
-
-	if err := buh.blobUploadResponse(w, r, false); err != nil {
-		buh.Errors = append(buh.Errors, errcode.ErrorCodeUnknown.WithDetail(err))
-		return
-	}
-
-	w.WriteHeader(http.StatusAccepted)
-}
-
-// PutBlobUploadComplete takes the final request of a blob upload. The
-// request may include all the blob data or no blob data. Any data
-// provided is received and verified. If successful, the blob is linked
-// into the blob store and 201 Created is returned with the canonical
-// url of the blob.
-func (buh *blobUploadHandler) PutBlobUploadComplete(w http.ResponseWriter, r *http.Request) {
-	if buh.Upload == nil {
-		buh.Errors = append(buh.Errors, v2.ErrorCodeBlobUploadUnknown)
-		return
-	}
-
-	dgstStr := r.FormValue("digest") // TODO(stevvooe): Support multiple digest parameters!
-
-	if dgstStr == "" {
-		// no digest? return error, but allow retry.
-		buh.Errors = append(buh.Errors, v2.ErrorCodeDigestInvalid.WithDetail("digest missing"))
-		return
-	}
-
-	dgst, err := digest.Parse(dgstStr)
-	if err != nil {
-		// no digest? return error, but allow retry.
-		buh.Errors = append(buh.Errors, v2.ErrorCodeDigestInvalid.WithDetail("digest parsing failed"))
-		return
-	}
-
-	if err := copyFullPayload(buh, w, r, buh.Upload, -1, "blob PUT"); err != nil {
-		buh.Errors = append(buh.Errors, errcode.ErrorCodeUnknown.WithDetail(err.Error()))
-		return
-	}
-
-	desc, err := buh.Upload.Commit(buh, distribution.Descriptor{
-		Digest: dgst,
-
-		// TODO(stevvooe): This isn't wildly important yet, but we should
-		// really set the mediatype. For now, we can let the backend take care
-		// of this.
-	})
-
-	if err != nil {
-		switch err := err.(type) {
-		case distribution.ErrBlobInvalidDigest:
-			buh.Errors = append(buh.Errors, v2.ErrorCodeDigestInvalid.WithDetail(err))
-		case errcode.Error:
-			buh.Errors = append(buh.Errors, err)
-		default:
-			switch err {
-			case distribution.ErrAccessDenied:
-				buh.Errors = append(buh.Errors, errcode.ErrorCodeDenied)
-			case distribution.ErrUnsupported:
-				buh.Errors = append(buh.Errors, errcode.ErrorCodeUnsupported)
-			case distribution.ErrBlobInvalidLength, distribution.ErrBlobDigestUnsupported:
-				buh.Errors = append(buh.Errors, v2.ErrorCodeBlobUploadInvalid.WithDetail(err))
-			default:
-				dcontext.GetLogger(buh).Errorf("unknown error completing upload: %v", err)
-				buh.Errors = append(buh.Errors, errcode.ErrorCodeUnknown.WithDetail(err))
-			}
-
-		}
-
-		// Clean up the backend blob data if there was an error.
-		if err := buh.Upload.Cancel(buh); err != nil {
-			// If the cleanup fails, all we can do is observe and report.
-			dcontext.GetLogger(buh).Errorf("error canceling upload after error: %v", err)
-		}
-
-		return
-	}
-	if err := buh.writeBlobCreatedHeaders(w, desc); err != nil {
-		buh.Errors = append(buh.Errors, errcode.ErrorCodeUnknown.WithDetail(err))
-		return
-	}
-}
-
-// CancelBlobUpload cancels an in-progress upload of a blob.
-func (buh *blobUploadHandler) CancelBlobUpload(w http.ResponseWriter, r *http.Request) {
-	if buh.Upload == nil {
-		buh.Errors = append(buh.Errors, v2.ErrorCodeBlobUploadUnknown)
-		return
-	}
-
-	w.Header().Set("Docker-Upload-UUID", buh.UUID)
-	if err := buh.Upload.Cancel(buh); err != nil {
-		dcontext.GetLogger(buh).Errorf("error encountered canceling upload: %v", err)
-		buh.Errors = append(buh.Errors, errcode.ErrorCodeUnknown.WithDetail(err))
-	}
-
-	w.WriteHeader(http.StatusNoContent)
-}
-
-// blobUploadResponse provides a standard request for uploading blobs and
-// chunk responses. This sets the correct headers but the response status is
-// left to the caller. The fresh argument is used to ensure that new blob
-// uploads always start at a 0 offset. This allows disabling resumable push by
-// always returning a 0 offset on check status.
-func (buh *blobUploadHandler) blobUploadResponse(w http.ResponseWriter, r *http.Request, fresh bool) error {
-	// TODO(stevvooe): Need a better way to manage the upload state automatically.
-	buh.State.Name = buh.Repository.Named().Name()
-	buh.State.UUID = buh.Upload.ID()
-	buh.Upload.Close()
-	buh.State.Offset = buh.Upload.Size()
-	buh.State.StartedAt = buh.Upload.StartedAt()
-
-	token, err := hmacKey(buh.Config.HTTP.Secret).packUploadState(buh.State)
-	if err != nil {
-		dcontext.GetLogger(buh).Infof("error building upload state token: %s", err)
-		return err
-	}
-
-	uploadURL, err := buh.urlBuilder.BuildBlobUploadChunkURL(
-		buh.Repository.Named(), buh.Upload.ID(),
-		url.Values{
-			"_state": []string{token},
-		})
-	if err != nil {
-		dcontext.GetLogger(buh).Infof("error building upload url: %s", err)
-		return err
-	}
-
-	endRange := buh.Upload.Size()
-	if endRange > 0 {
-		endRange = endRange - 1
-	}
-
-	w.Header().Set("Docker-Upload-UUID", buh.UUID)
-	w.Header().Set("Location", uploadURL)
-
-	w.Header().Set("Content-Length", "0")
-	w.Header().Set("Range", fmt.Sprintf("0-%d", endRange))
-
-	return nil
-}
-
-// mountBlob attempts to mount a blob from another repository by its digest. If
-// successful, the blob is linked into the blob store and 201 Created is
-// returned with the canonical url of the blob.
-func (buh *blobUploadHandler) createBlobMountOption(fromRepo, mountDigest string) (distribution.BlobCreateOption, error) {
-	dgst, err := digest.Parse(mountDigest)
-	if err != nil {
-		return nil, err
-	}
-
-	ref, err := reference.WithName(fromRepo)
-	if err != nil {
-		return nil, err
-	}
-
-	canonical, err := reference.WithDigest(ref, dgst)
-	if err != nil {
-		return nil, err
-	}
-
-	return storage.WithMountFrom(canonical), nil
-}
-
-// writeBlobCreatedHeaders writes the standard headers describing a newly
-// created blob. A 201 Created is written as well as the canonical URL and
-// blob digest.
-func (buh *blobUploadHandler) writeBlobCreatedHeaders(w http.ResponseWriter, desc distribution.Descriptor) error {
-	ref, err := reference.WithDigest(buh.Repository.Named(), desc.Digest)
-	if err != nil {
-		return err
-	}
-	blobURL, err := buh.urlBuilder.BuildBlobURL(ref)
-	if err != nil {
-		return err
-	}
-
-	w.Header().Set("Location", blobURL)
-	w.Header().Set("Content-Length", "0")
-	w.Header().Set("Docker-Content-Digest", desc.Digest.String())
-	w.WriteHeader(http.StatusCreated)
-	return nil
-}
diff --git a/vendor/github.com/docker/distribution/registry/handlers/catalog.go b/vendor/github.com/docker/distribution/registry/handlers/catalog.go
deleted file mode 100644
index 83ec0a9c3..000000000
--- a/vendor/github.com/docker/distribution/registry/handlers/catalog.go
+++ /dev/null
@@ -1,126 +0,0 @@
-package handlers
-
-import (
-	"encoding/json"
-	"fmt"
-	"io"
-	"net/http"
-	"net/url"
-	"strconv"
-
-	"github.com/docker/distribution/registry/api/errcode"
-	v2 "github.com/docker/distribution/registry/api/v2"
-	"github.com/docker/distribution/registry/storage/driver"
-
-	"github.com/gorilla/handlers"
-)
-
-const defaultReturnedEntries = 100
-
-func catalogDispatcher(ctx *Context, r *http.Request) http.Handler {
-	catalogHandler := &catalogHandler{
-		Context: ctx,
-	}
-
-	return handlers.MethodHandler{
-		"GET": http.HandlerFunc(catalogHandler.GetCatalog),
-	}
-}
-
-type catalogHandler struct {
-	*Context
-}
-
-type catalogAPIResponse struct {
-	Repositories []string `json:"repositories"`
-}
-
-func (ch *catalogHandler) GetCatalog(w http.ResponseWriter, r *http.Request) {
-	var moreEntries = true
-
-	q := r.URL.Query()
-	lastEntry := q.Get("last")
-
-	entries := defaultReturnedEntries
-	maximumConfiguredEntries := ch.App.Config.Catalog.MaxEntries
-
-	// parse n, if n unparseable, or negative assign it to defaultReturnedEntries
-	if n := q.Get("n"); n != "" {
-		parsedMax, err := strconv.Atoi(n)
-		if err == nil {
-			if parsedMax > maximumConfiguredEntries {
-				ch.Errors = append(ch.Errors, v2.ErrorCodePaginationNumberInvalid.WithDetail(map[string]int{"n": parsedMax}))
-				return
-			} else if parsedMax >= 0 {
-				entries = parsedMax
-			}
-		}
-	}
-
-	// then enforce entries to be between 0 & maximumConfiguredEntries
-	// max(0, min(entries, maximumConfiguredEntries))
-	if entries < 0 || entries > maximumConfiguredEntries {
-		entries = maximumConfiguredEntries
-	}
-
-	repos := make([]string, entries)
-	filled := 0
-
-	// entries is guaranteed to be >= 0 and < maximumConfiguredEntries
-	if entries == 0 {
-		moreEntries = false
-	} else {
-		returnedRepositories, err := ch.App.registry.Repositories(ch.Context, repos, lastEntry)
-		if err != nil {
-			_, pathNotFound := err.(driver.PathNotFoundError)
-			if err != io.EOF && !pathNotFound {
-				ch.Errors = append(ch.Errors, errcode.ErrorCodeUnknown.WithDetail(err))
-				return
-			}
-			// err is either io.EOF or not PathNotFoundError
-			moreEntries = false
-		}
-		filled = returnedRepositories
-	}
-
-	w.Header().Set("Content-Type", "application/json; charset=utf-8")
-
-	// Add a link header if there are more entries to retrieve
-	if moreEntries {
-		lastEntry = repos[filled-1]
-		urlStr, err := createLinkEntry(r.URL.String(), entries, lastEntry)
-		if err != nil {
-			ch.Errors = append(ch.Errors, errcode.ErrorCodeUnknown.WithDetail(err))
-			return
-		}
-		w.Header().Set("Link", urlStr)
-	}
-
-	enc := json.NewEncoder(w)
-	if err := enc.Encode(catalogAPIResponse{
-		Repositories: repos[0:filled],
-	}); err != nil {
-		ch.Errors = append(ch.Errors, errcode.ErrorCodeUnknown.WithDetail(err))
-		return
-	}
-}
-
-// Use the original URL from the request to create a new URL for
-// the link header
-func createLinkEntry(origURL string, maxEntries int, lastEntry string) (string, error) {
-	calledURL, err := url.Parse(origURL)
-	if err != nil {
-		return "", err
-	}
-
-	v := url.Values{}
-	v.Add("n", strconv.Itoa(maxEntries))
-	v.Add("last", lastEntry)
-
-	calledURL.RawQuery = v.Encode()
-
-	calledURL.Fragment = ""
-	urlStr := fmt.Sprintf("<%s>; rel=\"next\"", calledURL.String())
-
-	return urlStr, nil
-}
diff --git a/vendor/github.com/docker/distribution/registry/handlers/context.go b/vendor/github.com/docker/distribution/registry/handlers/context.go
deleted file mode 100644
index b1b7a13d3..000000000
--- a/vendor/github.com/docker/distribution/registry/handlers/context.go
+++ /dev/null
@@ -1,95 +0,0 @@
-package handlers
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-
-	"github.com/docker/distribution"
-	dcontext "github.com/docker/distribution/context"
-	"github.com/docker/distribution/registry/api/errcode"
-	v2 "github.com/docker/distribution/registry/api/v2"
-	"github.com/docker/distribution/registry/auth"
-	"github.com/opencontainers/go-digest"
-)
-
-// Context should contain the request specific context for use in across
-// handlers. Resources that don't need to be shared across handlers should not
-// be on this object.
-type Context struct {
-	// App points to the application structure that created this context.
-	*App
-	context.Context
-
-	// Repository is the repository for the current request. All requests
-	// should be scoped to a single repository. This field may be nil.
-	Repository distribution.Repository
-
-	// RepositoryRemover provides method to delete a repository
-	RepositoryRemover distribution.RepositoryRemover
-
-	// Errors is a collection of errors encountered during the request to be
-	// returned to the client API. If errors are added to the collection, the
-	// handler *must not* start the response via http.ResponseWriter.
-	Errors errcode.Errors
-
-	urlBuilder *v2.URLBuilder
-
-	// TODO(stevvooe): The goal is too completely factor this context and
-	// dispatching out of the web application. Ideally, we should lean on
-	// context.Context for injection of these resources.
-}
-
-// Value overrides context.Context.Value to ensure that calls are routed to
-// correct context.
-func (ctx *Context) Value(key interface{}) interface{} {
-	return ctx.Context.Value(key)
-}
-
-func getName(ctx context.Context) (name string) {
-	return dcontext.GetStringValue(ctx, "vars.name")
-}
-
-func getReference(ctx context.Context) (reference string) {
-	return dcontext.GetStringValue(ctx, "vars.reference")
-}
-
-var errDigestNotAvailable = fmt.Errorf("digest not available in context")
-
-func getDigest(ctx context.Context) (dgst digest.Digest, err error) {
-	dgstStr := dcontext.GetStringValue(ctx, "vars.digest")
-
-	if dgstStr == "" {
-		dcontext.GetLogger(ctx).Errorf("digest not available")
-		return "", errDigestNotAvailable
-	}
-
-	d, err := digest.Parse(dgstStr)
-	if err != nil {
-		dcontext.GetLogger(ctx).Errorf("error parsing digest=%q: %v", dgstStr, err)
-		return "", err
-	}
-
-	return d, nil
-}
-
-func getUploadUUID(ctx context.Context) (uuid string) {
-	return dcontext.GetStringValue(ctx, "vars.uuid")
-}
-
-// getUserName attempts to resolve a username from the context and request. If
-// a username cannot be resolved, the empty string is returned.
-func getUserName(ctx context.Context, r *http.Request) string {
-	username := dcontext.GetStringValue(ctx, auth.UserNameKey)
-
-	// Fallback to request user with basic auth
-	if username == "" {
-		var ok bool
-		uname, _, ok := basicAuth(r)
-		if ok {
-			username = uname
-		}
-	}
-
-	return username
-}
diff --git a/vendor/github.com/docker/distribution/registry/handlers/helpers.go b/vendor/github.com/docker/distribution/registry/handlers/helpers.go
deleted file mode 100644
index b02338e9b..000000000
--- a/vendor/github.com/docker/distribution/registry/handlers/helpers.go
+++ /dev/null
@@ -1,66 +0,0 @@
-package handlers
-
-import (
-	"context"
-	"errors"
-	"io"
-	"net/http"
-
-	dcontext "github.com/docker/distribution/context"
-)
-
-// closeResources closes all the provided resources after running the target
-// handler.
-func closeResources(handler http.Handler, closers ...io.Closer) http.Handler {
-	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		for _, closer := range closers {
-			defer closer.Close()
-		}
-		handler.ServeHTTP(w, r)
-	})
-}
-
-// copyFullPayload copies the payload of an HTTP request to destWriter. If it
-// receives less content than expected, and the client disconnected during the
-// upload, it avoids sending a 400 error to keep the logs cleaner.
-//
-// The copy will be limited to `limit` bytes, if limit is greater than zero.
-func copyFullPayload(ctx context.Context, responseWriter http.ResponseWriter, r *http.Request, destWriter io.Writer, limit int64, action string) error {
-	// Get a channel that tells us if the client disconnects
-	clientClosed := r.Context().Done()
-	var body = r.Body
-	if limit > 0 {
-		body = http.MaxBytesReader(responseWriter, body, limit)
-	}
-
-	// Read in the data, if any.
-	copied, err := io.Copy(destWriter, body)
-	if clientClosed != nil && (err != nil || (r.ContentLength > 0 && copied < r.ContentLength)) {
-		// Didn't receive as much content as expected. Did the client
-		// disconnect during the request? If so, avoid returning a 400
-		// error to keep the logs cleaner.
-		select {
-		case <-clientClosed:
-			// Set the response code to "499 Client Closed Request"
-			// Even though the connection has already been closed,
-			// this causes the logger to pick up a 499 error
-			// instead of showing 0 for the HTTP status.
-			responseWriter.WriteHeader(499)
-
-			dcontext.GetLoggerWithFields(ctx, map[interface{}]interface{}{
-				"error":         err,
-				"copied":        copied,
-				"contentLength": r.ContentLength,
-			}, "error", "copied", "contentLength").Error("client disconnected during " + action)
-			return errors.New("client disconnected")
-		default:
-		}
-	}
-
-	if err != nil {
-		dcontext.GetLogger(ctx).Errorf("unknown error reading request payload: %v", err)
-		return err
-	}
-
-	return nil
-}
diff --git a/vendor/github.com/docker/distribution/registry/handlers/hmac.go b/vendor/github.com/docker/distribution/registry/handlers/hmac.go
deleted file mode 100644
index 94ed9fda5..000000000
--- a/vendor/github.com/docker/distribution/registry/handlers/hmac.go
+++ /dev/null
@@ -1,74 +0,0 @@
-package handlers
-
-import (
-	"crypto/hmac"
-	"crypto/sha256"
-	"encoding/base64"
-	"encoding/json"
-	"fmt"
-	"time"
-)
-
-// blobUploadState captures the state serializable state of the blob upload.
-type blobUploadState struct {
-	// name is the primary repository under which the blob will be linked.
-	Name string
-
-	// UUID identifies the upload.
-	UUID string
-
-	// offset contains the current progress of the upload.
-	Offset int64
-
-	// StartedAt is the original start time of the upload.
-	StartedAt time.Time
-}
-
-type hmacKey string
-
-var errInvalidSecret = fmt.Errorf("invalid secret")
-
-// unpackUploadState unpacks and validates the blob upload state from the
-// token, using the hmacKey secret.
-func (secret hmacKey) unpackUploadState(token string) (blobUploadState, error) {
-	var state blobUploadState
-
-	tokenBytes, err := base64.URLEncoding.DecodeString(token)
-	if err != nil {
-		return state, err
-	}
-	mac := hmac.New(sha256.New, []byte(secret))
-
-	if len(tokenBytes) < mac.Size() {
-		return state, errInvalidSecret
-	}
-
-	macBytes := tokenBytes[:mac.Size()]
-	messageBytes := tokenBytes[mac.Size():]
-
-	mac.Write(messageBytes)
-	if !hmac.Equal(mac.Sum(nil), macBytes) {
-		return state, errInvalidSecret
-	}
-
-	if err := json.Unmarshal(messageBytes, &state); err != nil {
-		return state, err
-	}
-
-	return state, nil
-}
-
-// packUploadState packs the upload state signed with and hmac digest using
-// the hmacKey secret, encoding to url safe base64. The resulting token can be
-// used to share data with minimized risk of external tampering.
-func (secret hmacKey) packUploadState(lus blobUploadState) (string, error) {
-	mac := hmac.New(sha256.New, []byte(secret))
-	p, err := json.Marshal(lus)
-	if err != nil {
-		return "", err
-	}
-
-	mac.Write(p)
-
-	return base64.URLEncoding.EncodeToString(append(mac.Sum(nil), p...)), nil
-}
diff --git a/vendor/github.com/docker/distribution/registry/handlers/hooks.go b/vendor/github.com/docker/distribution/registry/handlers/hooks.go
deleted file mode 100644
index 4a2b1be84..000000000
--- a/vendor/github.com/docker/distribution/registry/handlers/hooks.go
+++ /dev/null
@@ -1,53 +0,0 @@
-package handlers
-
-import (
-	"bytes"
-	"errors"
-	"fmt"
-	"strings"
-	"text/template"
-
-	"github.com/sirupsen/logrus"
-)
-
-// logHook is for hooking Panic in web application
-type logHook struct {
-	LevelsParam []string
-	Mail        *mailer
-}
-
-// Fire forwards an error to LogHook
-func (hook *logHook) Fire(entry *logrus.Entry) error {
-	addr := strings.Split(hook.Mail.Addr, ":")
-	if len(addr) != 2 {
-		return errors.New("invalid Mail Address")
-	}
-	host := addr[0]
-	subject := fmt.Sprintf("[%s] %s: %s", entry.Level, host, entry.Message)
-
-	html := `
-	{{.Message}}
-
-	{{range $key, $value := .Data}}
-	{{$key}}: {{$value}}
-	{{end}}
-	`
-	b := bytes.NewBuffer(make([]byte, 0))
-	t := template.Must(template.New("mail body").Parse(html))
-	if err := t.Execute(b, entry); err != nil {
-		return err
-	}
-	body := b.String()
-
-	return hook.Mail.sendMail(subject, body)
-}
-
-// Levels contains hook levels to be catched
-func (hook *logHook) Levels() []logrus.Level {
-	levels := []logrus.Level{}
-	for _, v := range hook.LevelsParam {
-		lv, _ := logrus.ParseLevel(v)
-		levels = append(levels, lv)
-	}
-	return levels
-}
diff --git a/vendor/github.com/docker/distribution/registry/handlers/mail.go b/vendor/github.com/docker/distribution/registry/handlers/mail.go
deleted file mode 100644
index 684b1b34c..000000000
--- a/vendor/github.com/docker/distribution/registry/handlers/mail.go
+++ /dev/null
@@ -1,45 +0,0 @@
-package handlers
-
-import (
-	"errors"
-	"net/smtp"
-	"strings"
-)
-
-// mailer provides fields of email configuration for sending.
-type mailer struct {
-	Addr, Username, Password, From string
-	Insecure                       bool
-	To                             []string
-}
-
-// sendMail allows users to send email, only if mail parameters is configured correctly.
-func (mail *mailer) sendMail(subject, message string) error {
-	addr := strings.Split(mail.Addr, ":")
-	if len(addr) != 2 {
-		return errors.New("invalid Mail Address")
-	}
-	host := addr[0]
-	msg := []byte("To:" + strings.Join(mail.To, ";") +
-		"\r\nFrom: " + mail.From +
-		"\r\nSubject: " + subject +
-		"\r\nContent-Type: text/plain\r\n\r\n" +
-		message)
-	auth := smtp.PlainAuth(
-		"",
-		mail.Username,
-		mail.Password,
-		host,
-	)
-	err := smtp.SendMail(
-		mail.Addr,
-		auth,
-		mail.From,
-		mail.To,
-		msg,
-	)
-	if err != nil {
-		return err
-	}
-	return nil
-}
diff --git a/vendor/github.com/docker/distribution/registry/handlers/manifests.go b/vendor/github.com/docker/distribution/registry/handlers/manifests.go
deleted file mode 100644
index 8b33b992e..000000000
--- a/vendor/github.com/docker/distribution/registry/handlers/manifests.go
+++ /dev/null
@@ -1,531 +0,0 @@
-package handlers
-
-import (
-	"bytes"
-	"fmt"
-	"net/http"
-	"strings"
-
-	"github.com/docker/distribution"
-	dcontext "github.com/docker/distribution/context"
-	"github.com/docker/distribution/manifest/manifestlist"
-	"github.com/docker/distribution/manifest/ocischema"
-	"github.com/docker/distribution/manifest/schema1"
-	"github.com/docker/distribution/manifest/schema2"
-	"github.com/docker/distribution/reference"
-	"github.com/docker/distribution/registry/api/errcode"
-	v2 "github.com/docker/distribution/registry/api/v2"
-	"github.com/docker/distribution/registry/auth"
-	"github.com/gorilla/handlers"
-	"github.com/opencontainers/go-digest"
-	v1 "github.com/opencontainers/image-spec/specs-go/v1"
-)
-
-// These constants determine which architecture and OS to choose from a
-// manifest list when downconverting it to a schema1 manifest.
-const (
-	defaultArch         = "amd64"
-	defaultOS           = "linux"
-	maxManifestBodySize = 4 << 20
-	imageClass          = "image"
-)
-
-type storageType int
-
-const (
-	manifestSchema1     storageType = iota // 0
-	manifestSchema2                        // 1
-	manifestlistSchema                     // 2
-	ociSchema                              // 3
-	ociImageIndexSchema                    // 4
-	numStorageTypes                        // 5
-)
-
-// manifestDispatcher takes the request context and builds the
-// appropriate handler for handling manifest requests.
-func manifestDispatcher(ctx *Context, r *http.Request) http.Handler {
-	manifestHandler := &manifestHandler{
-		Context: ctx,
-	}
-	reference := getReference(ctx)
-	dgst, err := digest.Parse(reference)
-	if err != nil {
-		// We just have a tag
-		manifestHandler.Tag = reference
-	} else {
-		manifestHandler.Digest = dgst
-	}
-
-	mhandler := handlers.MethodHandler{
-		"GET":  http.HandlerFunc(manifestHandler.GetManifest),
-		"HEAD": http.HandlerFunc(manifestHandler.GetManifest),
-	}
-
-	if !ctx.readOnly {
-		mhandler["PUT"] = http.HandlerFunc(manifestHandler.PutManifest)
-		mhandler["DELETE"] = http.HandlerFunc(manifestHandler.DeleteManifest)
-	}
-
-	return mhandler
-}
-
-// manifestHandler handles http operations on image manifests.
-type manifestHandler struct {
-	*Context
-
-	// One of tag or digest gets set, depending on what is present in context.
-	Tag    string
-	Digest digest.Digest
-}
-
-// GetManifest fetches the image manifest from the storage backend, if it exists.
-func (imh *manifestHandler) GetManifest(w http.ResponseWriter, r *http.Request) {
-	dcontext.GetLogger(imh).Debug("GetImageManifest")
-	manifests, err := imh.Repository.Manifests(imh)
-	if err != nil {
-		imh.Errors = append(imh.Errors, err)
-		return
-	}
-	var supports [numStorageTypes]bool
-
-	// this parsing of Accept headers is not quite as full-featured as godoc.org's parser, but we don't care about "q=" values
-	// https://github.com/golang/gddo/blob/e91d4165076d7474d20abda83f92d15c7ebc3e81/httputil/header/header.go#L165-L202
-	for _, acceptHeader := range r.Header["Accept"] {
-		// r.Header[...] is a slice in case the request contains the same header more than once
-		// if the header isn't set, we'll get the zero value, which "range" will handle gracefully
-
-		// we need to split each header value on "," to get the full list of "Accept" values (per RFC 2616)
-		// https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.1
-		for _, mediaType := range strings.Split(acceptHeader, ",") {
-			// remove "; q=..." if present
-			if i := strings.Index(mediaType, ";"); i >= 0 {
-				mediaType = mediaType[:i]
-			}
-
-			// it's common (but not required) for Accept values to be space separated ("a/b, c/d, e/f")
-			mediaType = strings.TrimSpace(mediaType)
-
-			if mediaType == schema2.MediaTypeManifest {
-				supports[manifestSchema2] = true
-			}
-			if mediaType == manifestlist.MediaTypeManifestList {
-				supports[manifestlistSchema] = true
-			}
-			if mediaType == v1.MediaTypeImageManifest {
-				supports[ociSchema] = true
-			}
-			if mediaType == v1.MediaTypeImageIndex {
-				supports[ociImageIndexSchema] = true
-			}
-		}
-	}
-
-	if imh.Tag != "" {
-		tags := imh.Repository.Tags(imh)
-		desc, err := tags.Get(imh, imh.Tag)
-		if err != nil {
-			if _, ok := err.(distribution.ErrTagUnknown); ok {
-				imh.Errors = append(imh.Errors, v2.ErrorCodeManifestUnknown.WithDetail(err))
-			} else {
-				imh.Errors = append(imh.Errors, errcode.ErrorCodeUnknown.WithDetail(err))
-			}
-			return
-		}
-		imh.Digest = desc.Digest
-	}
-
-	if etagMatch(r, imh.Digest.String()) {
-		w.WriteHeader(http.StatusNotModified)
-		return
-	}
-
-	var options []distribution.ManifestServiceOption
-	if imh.Tag != "" {
-		options = append(options, distribution.WithTag(imh.Tag))
-	}
-	manifest, err := manifests.Get(imh, imh.Digest, options...)
-	if err != nil {
-		if _, ok := err.(distribution.ErrManifestUnknownRevision); ok {
-			imh.Errors = append(imh.Errors, v2.ErrorCodeManifestUnknown.WithDetail(err))
-		} else {
-			imh.Errors = append(imh.Errors, errcode.ErrorCodeUnknown.WithDetail(err))
-		}
-		return
-	}
-	// determine the type of the returned manifest
-	manifestType := manifestSchema1
-	schema2Manifest, isSchema2 := manifest.(*schema2.DeserializedManifest)
-	manifestList, isManifestList := manifest.(*manifestlist.DeserializedManifestList)
-	if isSchema2 {
-		manifestType = manifestSchema2
-	} else if _, isOCImanifest := manifest.(*ocischema.DeserializedManifest); isOCImanifest {
-		manifestType = ociSchema
-	} else if isManifestList {
-		if manifestList.MediaType == manifestlist.MediaTypeManifestList {
-			manifestType = manifestlistSchema
-		} else if manifestList.MediaType == v1.MediaTypeImageIndex {
-			manifestType = ociImageIndexSchema
-		}
-	}
-
-	if manifestType == ociSchema && !supports[ociSchema] {
-		imh.Errors = append(imh.Errors, v2.ErrorCodeManifestUnknown.WithMessage("OCI manifest found, but accept header does not support OCI manifests"))
-		return
-	}
-	if manifestType == ociImageIndexSchema && !supports[ociImageIndexSchema] {
-		imh.Errors = append(imh.Errors, v2.ErrorCodeManifestUnknown.WithMessage("OCI index found, but accept header does not support OCI indexes"))
-		return
-	}
-	// Only rewrite schema2 manifests when they are being fetched by tag.
-	// If they are being fetched by digest, we can't return something not
-	// matching the digest.
-	if imh.Tag != "" && manifestType == manifestSchema2 && !supports[manifestSchema2] {
-		// Rewrite manifest in schema1 format
-		dcontext.GetLogger(imh).Infof("rewriting manifest %s in schema1 format to support old client", imh.Digest.String())
-
-		manifest, err = imh.convertSchema2Manifest(schema2Manifest)
-		if err != nil {
-			return
-		}
-	} else if imh.Tag != "" && manifestType == manifestlistSchema && !supports[manifestlistSchema] {
-		// Rewrite manifest in schema1 format
-		dcontext.GetLogger(imh).Infof("rewriting manifest list %s in schema1 format to support old client", imh.Digest.String())
-
-		// Find the image manifest corresponding to the default
-		// platform
-		var manifestDigest digest.Digest
-		for _, manifestDescriptor := range manifestList.Manifests {
-			if manifestDescriptor.Platform.Architecture == defaultArch && manifestDescriptor.Platform.OS == defaultOS {
-				manifestDigest = manifestDescriptor.Digest
-				break
-			}
-		}
-
-		if manifestDigest == "" {
-			imh.Errors = append(imh.Errors, v2.ErrorCodeManifestUnknown)
-			return
-		}
-
-		manifest, err = manifests.Get(imh, manifestDigest)
-		if err != nil {
-			if _, ok := err.(distribution.ErrManifestUnknownRevision); ok {
-				imh.Errors = append(imh.Errors, v2.ErrorCodeManifestUnknown.WithDetail(err))
-			} else {
-				imh.Errors = append(imh.Errors, errcode.ErrorCodeUnknown.WithDetail(err))
-			}
-			return
-		}
-
-		// If necessary, convert the image manifest
-		if schema2Manifest, isSchema2 := manifest.(*schema2.DeserializedManifest); isSchema2 && !supports[manifestSchema2] {
-			manifest, err = imh.convertSchema2Manifest(schema2Manifest)
-			if err != nil {
-				return
-			}
-		} else {
-			imh.Digest = manifestDigest
-		}
-	}
-
-	ct, p, err := manifest.Payload()
-	if err != nil {
-		return
-	}
-
-	w.Header().Set("Content-Type", ct)
-	w.Header().Set("Content-Length", fmt.Sprint(len(p)))
-	w.Header().Set("Docker-Content-Digest", imh.Digest.String())
-	w.Header().Set("Etag", fmt.Sprintf(`"%s"`, imh.Digest))
-	w.Write(p)
-}
-
-func (imh *manifestHandler) convertSchema2Manifest(schema2Manifest *schema2.DeserializedManifest) (distribution.Manifest, error) {
-	targetDescriptor := schema2Manifest.Target()
-	blobs := imh.Repository.Blobs(imh)
-	configJSON, err := blobs.Get(imh, targetDescriptor.Digest)
-	if err != nil {
-		if err == distribution.ErrBlobUnknown {
-			imh.Errors = append(imh.Errors, v2.ErrorCodeManifestInvalid.WithDetail(err))
-		} else {
-			imh.Errors = append(imh.Errors, errcode.ErrorCodeUnknown.WithDetail(err))
-		}
-		return nil, err
-	}
-
-	ref := imh.Repository.Named()
-
-	if imh.Tag != "" {
-		ref, err = reference.WithTag(ref, imh.Tag)
-		if err != nil {
-			imh.Errors = append(imh.Errors, v2.ErrorCodeTagInvalid.WithDetail(err))
-			return nil, err
-		}
-	}
-
-	builder := schema1.NewConfigManifestBuilder(imh.Repository.Blobs(imh), imh.Context.App.trustKey, ref, configJSON)
-	for _, d := range schema2Manifest.Layers {
-		if err := builder.AppendReference(d); err != nil {
-			imh.Errors = append(imh.Errors, v2.ErrorCodeManifestInvalid.WithDetail(err))
-			return nil, err
-		}
-	}
-	manifest, err := builder.Build(imh)
-	if err != nil {
-		imh.Errors = append(imh.Errors, v2.ErrorCodeManifestInvalid.WithDetail(err))
-		return nil, err
-	}
-	imh.Digest = digest.FromBytes(manifest.(*schema1.SignedManifest).Canonical)
-
-	return manifest, nil
-}
-
-func etagMatch(r *http.Request, etag string) bool {
-	for _, headerVal := range r.Header["If-None-Match"] {
-		if headerVal == etag || headerVal == fmt.Sprintf(`"%s"`, etag) { // allow quoted or unquoted
-			return true
-		}
-	}
-	return false
-}
-
-// PutManifest validates and stores a manifest in the registry.
-func (imh *manifestHandler) PutManifest(w http.ResponseWriter, r *http.Request) {
-	dcontext.GetLogger(imh).Debug("PutImageManifest")
-	manifests, err := imh.Repository.Manifests(imh)
-	if err != nil {
-		imh.Errors = append(imh.Errors, err)
-		return
-	}
-
-	var jsonBuf bytes.Buffer
-	if err := copyFullPayload(imh, w, r, &jsonBuf, maxManifestBodySize, "image manifest PUT"); err != nil {
-		// copyFullPayload reports the error if necessary
-		imh.Errors = append(imh.Errors, v2.ErrorCodeManifestInvalid.WithDetail(err.Error()))
-		return
-	}
-
-	mediaType := r.Header.Get("Content-Type")
-	manifest, desc, err := distribution.UnmarshalManifest(mediaType, jsonBuf.Bytes())
-	if err != nil {
-		imh.Errors = append(imh.Errors, v2.ErrorCodeManifestInvalid.WithDetail(err))
-		return
-	}
-
-	if imh.Digest != "" {
-		if desc.Digest != imh.Digest {
-			dcontext.GetLogger(imh).Errorf("payload digest does match: %q != %q", desc.Digest, imh.Digest)
-			imh.Errors = append(imh.Errors, v2.ErrorCodeDigestInvalid)
-			return
-		}
-	} else if imh.Tag != "" {
-		imh.Digest = desc.Digest
-	} else {
-		imh.Errors = append(imh.Errors, v2.ErrorCodeTagInvalid.WithDetail("no tag or digest specified"))
-		return
-	}
-
-	isAnOCIManifest := mediaType == v1.MediaTypeImageManifest || mediaType == v1.MediaTypeImageIndex
-
-	if isAnOCIManifest {
-		dcontext.GetLogger(imh).Debug("Putting an OCI Manifest!")
-	} else {
-		dcontext.GetLogger(imh).Debug("Putting a Docker Manifest!")
-	}
-
-	var options []distribution.ManifestServiceOption
-	if imh.Tag != "" {
-		options = append(options, distribution.WithTag(imh.Tag))
-	}
-
-	if err := imh.applyResourcePolicy(manifest); err != nil {
-		imh.Errors = append(imh.Errors, err)
-		return
-	}
-
-	_, err = manifests.Put(imh, manifest, options...)
-	if err != nil {
-		// TODO(stevvooe): These error handling switches really need to be
-		// handled by an app global mapper.
-		if err == distribution.ErrUnsupported {
-			imh.Errors = append(imh.Errors, errcode.ErrorCodeUnsupported)
-			return
-		}
-		if err == distribution.ErrAccessDenied {
-			imh.Errors = append(imh.Errors, errcode.ErrorCodeDenied)
-			return
-		}
-		switch err := err.(type) {
-		case distribution.ErrManifestVerification:
-			for _, verificationError := range err {
-				switch verificationError := verificationError.(type) {
-				case distribution.ErrManifestBlobUnknown:
-					imh.Errors = append(imh.Errors, v2.ErrorCodeManifestBlobUnknown.WithDetail(verificationError.Digest))
-				case distribution.ErrManifestNameInvalid:
-					imh.Errors = append(imh.Errors, v2.ErrorCodeNameInvalid.WithDetail(err))
-				case distribution.ErrManifestUnverified:
-					imh.Errors = append(imh.Errors, v2.ErrorCodeManifestUnverified)
-				default:
-					if verificationError == digest.ErrDigestInvalidFormat {
-						imh.Errors = append(imh.Errors, v2.ErrorCodeDigestInvalid)
-					} else {
-						imh.Errors = append(imh.Errors, errcode.ErrorCodeUnknown, verificationError)
-					}
-				}
-			}
-		case errcode.Error:
-			imh.Errors = append(imh.Errors, err)
-		default:
-			imh.Errors = append(imh.Errors, errcode.ErrorCodeUnknown.WithDetail(err))
-		}
-		return
-	}
-
-	// Tag this manifest
-	if imh.Tag != "" {
-		tags := imh.Repository.Tags(imh)
-		err = tags.Tag(imh, imh.Tag, desc)
-		if err != nil {
-			imh.Errors = append(imh.Errors, errcode.ErrorCodeUnknown.WithDetail(err))
-			return
-		}
-
-	}
-
-	// Construct a canonical url for the uploaded manifest.
-	ref, err := reference.WithDigest(imh.Repository.Named(), imh.Digest)
-	if err != nil {
-		imh.Errors = append(imh.Errors, errcode.ErrorCodeUnknown.WithDetail(err))
-		return
-	}
-
-	location, err := imh.urlBuilder.BuildManifestURL(ref)
-	if err != nil {
-		// NOTE(stevvooe): Given the behavior above, this absurdly unlikely to
-		// happen. We'll log the error here but proceed as if it worked. Worst
-		// case, we set an empty location header.
-		dcontext.GetLogger(imh).Errorf("error building manifest url from digest: %v", err)
-	}
-
-	w.Header().Set("Location", location)
-	w.Header().Set("Docker-Content-Digest", imh.Digest.String())
-	w.WriteHeader(http.StatusCreated)
-
-	dcontext.GetLogger(imh).Debug("Succeeded in putting manifest!")
-}
-
-// applyResourcePolicy checks whether the resource class matches what has
-// been authorized and allowed by the policy configuration.
-func (imh *manifestHandler) applyResourcePolicy(manifest distribution.Manifest) error {
-	allowedClasses := imh.App.Config.Policy.Repository.Classes
-	if len(allowedClasses) == 0 {
-		return nil
-	}
-
-	var class string
-	switch m := manifest.(type) {
-	case *schema1.SignedManifest:
-		class = imageClass
-	case *schema2.DeserializedManifest:
-		switch m.Config.MediaType {
-		case schema2.MediaTypeImageConfig:
-			class = imageClass
-		case schema2.MediaTypePluginConfig:
-			class = "plugin"
-		default:
-			return errcode.ErrorCodeDenied.WithMessage("unknown manifest class for " + m.Config.MediaType)
-		}
-	case *ocischema.DeserializedManifest:
-		switch m.Config.MediaType {
-		case v1.MediaTypeImageConfig:
-			class = imageClass
-		default:
-			return errcode.ErrorCodeDenied.WithMessage("unknown manifest class for " + m.Config.MediaType)
-		}
-	}
-
-	if class == "" {
-		return nil
-	}
-
-	// Check to see if class is allowed in registry
-	var allowedClass bool
-	for _, c := range allowedClasses {
-		if class == c {
-			allowedClass = true
-			break
-		}
-	}
-	if !allowedClass {
-		return errcode.ErrorCodeDenied.WithMessage(fmt.Sprintf("registry does not allow %s manifest", class))
-	}
-
-	resources := auth.AuthorizedResources(imh)
-	n := imh.Repository.Named().Name()
-
-	var foundResource bool
-	for _, r := range resources {
-		if r.Name == n {
-			if r.Class == "" {
-				r.Class = imageClass
-			}
-			if r.Class == class {
-				return nil
-			}
-			foundResource = true
-		}
-	}
-
-	// resource was found but no matching class was found
-	if foundResource {
-		return errcode.ErrorCodeDenied.WithMessage(fmt.Sprintf("repository not authorized for %s manifest", class))
-	}
-
-	return nil
-
-}
-
-// DeleteManifest removes the manifest with the given digest from the registry.
-func (imh *manifestHandler) DeleteManifest(w http.ResponseWriter, r *http.Request) {
-	dcontext.GetLogger(imh).Debug("DeleteImageManifest")
-
-	manifests, err := imh.Repository.Manifests(imh)
-	if err != nil {
-		imh.Errors = append(imh.Errors, err)
-		return
-	}
-
-	err = manifests.Delete(imh, imh.Digest)
-	if err != nil {
-		switch err {
-		case digest.ErrDigestUnsupported:
-		case digest.ErrDigestInvalidFormat:
-			imh.Errors = append(imh.Errors, v2.ErrorCodeDigestInvalid)
-			return
-		case distribution.ErrBlobUnknown:
-			imh.Errors = append(imh.Errors, v2.ErrorCodeManifestUnknown)
-			return
-		case distribution.ErrUnsupported:
-			imh.Errors = append(imh.Errors, errcode.ErrorCodeUnsupported)
-			return
-		default:
-			imh.Errors = append(imh.Errors, errcode.ErrorCodeUnknown)
-			return
-		}
-	}
-
-	tagService := imh.Repository.Tags(imh)
-	referencedTags, err := tagService.Lookup(imh, distribution.Descriptor{Digest: imh.Digest})
-	if err != nil {
-		imh.Errors = append(imh.Errors, err)
-		return
-	}
-
-	for _, tag := range referencedTags {
-		if err := tagService.Untag(imh, tag); err != nil {
-			imh.Errors = append(imh.Errors, err)
-			return
-		}
-	}
-
-	w.WriteHeader(http.StatusAccepted)
-}
diff --git a/vendor/github.com/docker/distribution/registry/handlers/tags.go b/vendor/github.com/docker/distribution/registry/handlers/tags.go
deleted file mode 100644
index b7463a5a3..000000000
--- a/vendor/github.com/docker/distribution/registry/handlers/tags.go
+++ /dev/null
@@ -1,62 +0,0 @@
-package handlers
-
-import (
-	"encoding/json"
-	"net/http"
-
-	"github.com/docker/distribution"
-	"github.com/docker/distribution/registry/api/errcode"
-	v2 "github.com/docker/distribution/registry/api/v2"
-	"github.com/gorilla/handlers"
-)
-
-// tagsDispatcher constructs the tags handler api endpoint.
-func tagsDispatcher(ctx *Context, r *http.Request) http.Handler {
-	tagsHandler := &tagsHandler{
-		Context: ctx,
-	}
-
-	return handlers.MethodHandler{
-		"GET": http.HandlerFunc(tagsHandler.GetTags),
-	}
-}
-
-// tagsHandler handles requests for lists of tags under a repository name.
-type tagsHandler struct {
-	*Context
-}
-
-type tagsAPIResponse struct {
-	Name string   `json:"name"`
-	Tags []string `json:"tags"`
-}
-
-// GetTags returns a json list of tags for a specific image name.
-func (th *tagsHandler) GetTags(w http.ResponseWriter, r *http.Request) {
-	defer r.Body.Close()
-
-	tagService := th.Repository.Tags(th)
-	tags, err := tagService.All(th)
-	if err != nil {
-		switch err := err.(type) {
-		case distribution.ErrRepositoryUnknown:
-			th.Errors = append(th.Errors, v2.ErrorCodeNameUnknown.WithDetail(map[string]string{"name": th.Repository.Named().Name()}))
-		case errcode.Error:
-			th.Errors = append(th.Errors, err)
-		default:
-			th.Errors = append(th.Errors, errcode.ErrorCodeUnknown.WithDetail(err))
-		}
-		return
-	}
-
-	w.Header().Set("Content-Type", "application/json; charset=utf-8")
-
-	enc := json.NewEncoder(w)
-	if err := enc.Encode(tagsAPIResponse{
-		Name: th.Repository.Named().Name(),
-		Tags: tags,
-	}); err != nil {
-		th.Errors = append(th.Errors, errcode.ErrorCodeUnknown.WithDetail(err))
-		return
-	}
-}
diff --git a/vendor/github.com/docker/distribution/registry/listener/listener.go b/vendor/github.com/docker/distribution/registry/listener/listener.go
deleted file mode 100644
index b93a7a63f..000000000
--- a/vendor/github.com/docker/distribution/registry/listener/listener.go
+++ /dev/null
@@ -1,74 +0,0 @@
-package listener
-
-import (
-	"fmt"
-	"net"
-	"os"
-	"time"
-)
-
-// tcpKeepAliveListener sets TCP keep-alive timeouts on accepted
-// connections. It's used by ListenAndServe and ListenAndServeTLS so
-// dead TCP connections (e.g. closing laptop mid-download) eventually
-// go away.
-// it is a plain copy-paste from net/http/server.go
-type tcpKeepAliveListener struct {
-	*net.TCPListener
-}
-
-func (ln tcpKeepAliveListener) Accept() (c net.Conn, err error) {
-	tc, err := ln.AcceptTCP()
-	if err != nil {
-		return
-	}
-	tc.SetKeepAlive(true)
-	tc.SetKeepAlivePeriod(3 * time.Minute)
-	return tc, nil
-}
-
-// NewListener announces on laddr and net. Accepted values of the net are
-// 'unix' and 'tcp'
-func NewListener(net, laddr string) (net.Listener, error) {
-	switch net {
-	case "unix":
-		return newUnixListener(laddr)
-	case "tcp", "": // an empty net means tcp
-		return newTCPListener(laddr)
-	default:
-		return nil, fmt.Errorf("unknown address type %s", net)
-	}
-}
-
-func newUnixListener(laddr string) (net.Listener, error) {
-	fi, err := os.Stat(laddr)
-	if err == nil {
-		// the file exists.
-		// try to remove it if it's a socket
-		if !isSocket(fi.Mode()) {
-			return nil, fmt.Errorf("file %s exists and is not a socket", laddr)
-		}
-
-		if err := os.Remove(laddr); err != nil {
-			return nil, err
-		}
-	} else if !os.IsNotExist(err) {
-		// we can't do stat on the file.
-		// it means we can not remove it
-		return nil, err
-	}
-
-	return net.Listen("unix", laddr)
-}
-
-func isSocket(m os.FileMode) bool {
-	return m&os.ModeSocket != 0
-}
-
-func newTCPListener(laddr string) (net.Listener, error) {
-	ln, err := net.Listen("tcp", laddr)
-	if err != nil {
-		return nil, err
-	}
-
-	return tcpKeepAliveListener{ln.(*net.TCPListener)}, nil
-}
diff --git a/vendor/github.com/docker/distribution/registry/middleware/registry/middleware.go b/vendor/github.com/docker/distribution/registry/middleware/registry/middleware.go
deleted file mode 100644
index 49defd825..000000000
--- a/vendor/github.com/docker/distribution/registry/middleware/registry/middleware.go
+++ /dev/null
@@ -1,54 +0,0 @@
-package middleware
-
-import (
-	"context"
-	"fmt"
-
-	"github.com/docker/distribution"
-	"github.com/docker/distribution/registry/storage"
-)
-
-// InitFunc is the type of a RegistryMiddleware factory function and is
-// used to register the constructor for different RegistryMiddleware backends.
-type InitFunc func(ctx context.Context, registry distribution.Namespace, options map[string]interface{}) (distribution.Namespace, error)
-
-var middlewares map[string]InitFunc
-var registryoptions []storage.RegistryOption
-
-// Register is used to register an InitFunc for
-// a RegistryMiddleware backend with the given name.
-func Register(name string, initFunc InitFunc) error {
-	if middlewares == nil {
-		middlewares = make(map[string]InitFunc)
-	}
-	if _, exists := middlewares[name]; exists {
-		return fmt.Errorf("name already registered: %s", name)
-	}
-
-	middlewares[name] = initFunc
-
-	return nil
-}
-
-// Get constructs a RegistryMiddleware with the given options using the named backend.
-func Get(ctx context.Context, name string, options map[string]interface{}, registry distribution.Namespace) (distribution.Namespace, error) {
-	if middlewares != nil {
-		if initFunc, exists := middlewares[name]; exists {
-			return initFunc(ctx, registry, options)
-		}
-	}
-
-	return nil, fmt.Errorf("no registry middleware registered with name: %s", name)
-}
-
-// RegisterOptions adds more options to RegistryOption list. Options get applied before
-// any other configuration-based options.
-func RegisterOptions(options ...storage.RegistryOption) error {
-	registryoptions = append(registryoptions, options...)
-	return nil
-}
-
-// GetRegistryOptions returns list of RegistryOption.
-func GetRegistryOptions() []storage.RegistryOption {
-	return registryoptions
-}
diff --git a/vendor/github.com/docker/distribution/registry/middleware/repository/middleware.go b/vendor/github.com/docker/distribution/registry/middleware/repository/middleware.go
deleted file mode 100644
index f1554b709..000000000
--- a/vendor/github.com/docker/distribution/registry/middleware/repository/middleware.go
+++ /dev/null
@@ -1,40 +0,0 @@
-package middleware
-
-import (
-	"context"
-	"fmt"
-
-	"github.com/docker/distribution"
-)
-
-// InitFunc is the type of a RepositoryMiddleware factory function and is
-// used to register the constructor for different RepositoryMiddleware backends.
-type InitFunc func(ctx context.Context, repository distribution.Repository, options map[string]interface{}) (distribution.Repository, error)
-
-var middlewares map[string]InitFunc
-
-// Register is used to register an InitFunc for
-// a RepositoryMiddleware backend with the given name.
-func Register(name string, initFunc InitFunc) error {
-	if middlewares == nil {
-		middlewares = make(map[string]InitFunc)
-	}
-	if _, exists := middlewares[name]; exists {
-		return fmt.Errorf("name already registered: %s", name)
-	}
-
-	middlewares[name] = initFunc
-
-	return nil
-}
-
-// Get constructs a RepositoryMiddleware with the given options using the named backend.
-func Get(ctx context.Context, name string, options map[string]interface{}, repository distribution.Repository) (distribution.Repository, error) {
-	if middlewares != nil {
-		if initFunc, exists := middlewares[name]; exists {
-			return initFunc(ctx, repository, options)
-		}
-	}
-
-	return nil, fmt.Errorf("no repository middleware registered with name: %s", name)
-}
diff --git a/vendor/github.com/docker/distribution/registry/proxy/proxyauth.go b/vendor/github.com/docker/distribution/registry/proxy/proxyauth.go
deleted file mode 100644
index 09a0973e6..000000000
--- a/vendor/github.com/docker/distribution/registry/proxy/proxyauth.go
+++ /dev/null
@@ -1,83 +0,0 @@
-package proxy
-
-import (
-	"net/http"
-	"net/url"
-	"strings"
-
-	"github.com/docker/distribution/context"
-	"github.com/docker/distribution/registry/client/auth"
-	"github.com/docker/distribution/registry/client/auth/challenge"
-)
-
-const challengeHeader = "Docker-Distribution-Api-Version"
-
-type userpass struct {
-	username string
-	password string
-}
-
-type credentials struct {
-	creds map[string]userpass
-}
-
-func (c credentials) Basic(u *url.URL) (string, string) {
-	up := c.creds[u.String()]
-
-	return up.username, up.password
-}
-
-func (c credentials) RefreshToken(u *url.URL, service string) string {
-	return ""
-}
-
-func (c credentials) SetRefreshToken(u *url.URL, service, token string) {
-}
-
-// configureAuth stores credentials for challenge responses
-func configureAuth(username, password, remoteURL string) (auth.CredentialStore, error) {
-	creds := map[string]userpass{}
-
-	authURLs, err := getAuthURLs(remoteURL)
-	if err != nil {
-		return nil, err
-	}
-
-	for _, url := range authURLs {
-		context.GetLogger(context.Background()).Infof("Discovered token authentication URL: %s", url)
-		creds[url] = userpass{
-			username: username,
-			password: password,
-		}
-	}
-
-	return credentials{creds: creds}, nil
-}
-
-func getAuthURLs(remoteURL string) ([]string, error) {
-	authURLs := []string{}
-
-	resp, err := http.Get(remoteURL + "/v2/")
-	if err != nil {
-		return nil, err
-	}
-	defer resp.Body.Close()
-
-	for _, c := range challenge.ResponseChallenges(resp) {
-		if strings.EqualFold(c.Scheme, "bearer") {
-			authURLs = append(authURLs, c.Parameters["realm"])
-		}
-	}
-
-	return authURLs, nil
-}
-
-func ping(manager challenge.Manager, endpoint, versionHeader string) error {
-	resp, err := http.Get(endpoint)
-	if err != nil {
-		return err
-	}
-	defer resp.Body.Close()
-
-	return manager.AddResponse(resp)
-}
diff --git a/vendor/github.com/docker/distribution/registry/proxy/proxyblobstore.go b/vendor/github.com/docker/distribution/registry/proxy/proxyblobstore.go
deleted file mode 100644
index 9ca9c9683..000000000
--- a/vendor/github.com/docker/distribution/registry/proxy/proxyblobstore.go
+++ /dev/null
@@ -1,221 +0,0 @@
-package proxy
-
-import (
-	"context"
-	"io"
-	"net/http"
-	"strconv"
-	"sync"
-
-	"github.com/docker/distribution"
-	dcontext "github.com/docker/distribution/context"
-	"github.com/docker/distribution/reference"
-	"github.com/docker/distribution/registry/proxy/scheduler"
-	"github.com/opencontainers/go-digest"
-)
-
-type proxyBlobStore struct {
-	localStore     distribution.BlobStore
-	remoteStore    distribution.BlobService
-	scheduler      *scheduler.TTLExpirationScheduler
-	repositoryName reference.Named
-	authChallenger authChallenger
-}
-
-var _ distribution.BlobStore = &proxyBlobStore{}
-
-// inflight tracks currently downloading blobs
-var inflight = make(map[digest.Digest]struct{})
-
-// mu protects inflight
-var mu sync.Mutex
-
-func setResponseHeaders(w http.ResponseWriter, length int64, mediaType string, digest digest.Digest) {
-	w.Header().Set("Content-Length", strconv.FormatInt(length, 10))
-	w.Header().Set("Content-Type", mediaType)
-	w.Header().Set("Docker-Content-Digest", digest.String())
-	w.Header().Set("Etag", digest.String())
-}
-
-func (pbs *proxyBlobStore) copyContent(ctx context.Context, dgst digest.Digest, writer io.Writer) (distribution.Descriptor, error) {
-	desc, err := pbs.remoteStore.Stat(ctx, dgst)
-	if err != nil {
-		return distribution.Descriptor{}, err
-	}
-
-	if w, ok := writer.(http.ResponseWriter); ok {
-		setResponseHeaders(w, desc.Size, desc.MediaType, dgst)
-	}
-
-	remoteReader, err := pbs.remoteStore.Open(ctx, dgst)
-	if err != nil {
-		return distribution.Descriptor{}, err
-	}
-
-	defer remoteReader.Close()
-
-	_, err = io.CopyN(writer, remoteReader, desc.Size)
-	if err != nil {
-		return distribution.Descriptor{}, err
-	}
-
-	proxyMetrics.BlobPush(uint64(desc.Size))
-
-	return desc, nil
-}
-
-func (pbs *proxyBlobStore) serveLocal(ctx context.Context, w http.ResponseWriter, r *http.Request, dgst digest.Digest) (bool, error) {
-	localDesc, err := pbs.localStore.Stat(ctx, dgst)
-	if err != nil {
-		// Stat can report a zero sized file here if it's checked between creation
-		// and population.  Return nil error, and continue
-		return false, nil
-	}
-
-	if err == nil {
-		proxyMetrics.BlobPush(uint64(localDesc.Size))
-		return true, pbs.localStore.ServeBlob(ctx, w, r, dgst)
-	}
-
-	return false, nil
-
-}
-
-func (pbs *proxyBlobStore) storeLocal(ctx context.Context, dgst digest.Digest) error {
-	defer func() {
-		mu.Lock()
-		delete(inflight, dgst)
-		mu.Unlock()
-	}()
-
-	var desc distribution.Descriptor
-	var err error
-	var bw distribution.BlobWriter
-
-	bw, err = pbs.localStore.Create(ctx)
-	if err != nil {
-		return err
-	}
-
-	desc, err = pbs.copyContent(ctx, dgst, bw)
-	if err != nil {
-		return err
-	}
-
-	_, err = bw.Commit(ctx, desc)
-	if err != nil {
-		return err
-	}
-
-	return nil
-}
-
-func (pbs *proxyBlobStore) ServeBlob(ctx context.Context, w http.ResponseWriter, r *http.Request, dgst digest.Digest) error {
-	served, err := pbs.serveLocal(ctx, w, r, dgst)
-	if err != nil {
-		dcontext.GetLogger(ctx).Errorf("Error serving blob from local storage: %s", err.Error())
-		return err
-	}
-
-	if served {
-		return nil
-	}
-
-	if err := pbs.authChallenger.tryEstablishChallenges(ctx); err != nil {
-		return err
-	}
-
-	mu.Lock()
-	_, ok := inflight[dgst]
-	if ok {
-		mu.Unlock()
-		_, err := pbs.copyContent(ctx, dgst, w)
-		return err
-	}
-	inflight[dgst] = struct{}{}
-	mu.Unlock()
-
-	go func(dgst digest.Digest) {
-		if err := pbs.storeLocal(ctx, dgst); err != nil {
-			dcontext.GetLogger(ctx).Errorf("Error committing to storage: %s", err.Error())
-		}
-
-		blobRef, err := reference.WithDigest(pbs.repositoryName, dgst)
-		if err != nil {
-			dcontext.GetLogger(ctx).Errorf("Error creating reference: %s", err)
-			return
-		}
-
-		pbs.scheduler.AddBlob(blobRef, repositoryTTL)
-	}(dgst)
-
-	_, err = pbs.copyContent(ctx, dgst, w)
-	if err != nil {
-		return err
-	}
-	return nil
-}
-
-func (pbs *proxyBlobStore) Stat(ctx context.Context, dgst digest.Digest) (distribution.Descriptor, error) {
-	desc, err := pbs.localStore.Stat(ctx, dgst)
-	if err == nil {
-		return desc, err
-	}
-
-	if err != distribution.ErrBlobUnknown {
-		return distribution.Descriptor{}, err
-	}
-
-	if err := pbs.authChallenger.tryEstablishChallenges(ctx); err != nil {
-		return distribution.Descriptor{}, err
-	}
-
-	return pbs.remoteStore.Stat(ctx, dgst)
-}
-
-func (pbs *proxyBlobStore) Get(ctx context.Context, dgst digest.Digest) ([]byte, error) {
-	blob, err := pbs.localStore.Get(ctx, dgst)
-	if err == nil {
-		return blob, nil
-	}
-
-	if err := pbs.authChallenger.tryEstablishChallenges(ctx); err != nil {
-		return []byte{}, err
-	}
-
-	blob, err = pbs.remoteStore.Get(ctx, dgst)
-	if err != nil {
-		return []byte{}, err
-	}
-
-	_, err = pbs.localStore.Put(ctx, "", blob)
-	if err != nil {
-		return []byte{}, err
-	}
-	return blob, nil
-}
-
-// Unsupported functions
-func (pbs *proxyBlobStore) Put(ctx context.Context, mediaType string, p []byte) (distribution.Descriptor, error) {
-	return distribution.Descriptor{}, distribution.ErrUnsupported
-}
-
-func (pbs *proxyBlobStore) Create(ctx context.Context, options ...distribution.BlobCreateOption) (distribution.BlobWriter, error) {
-	return nil, distribution.ErrUnsupported
-}
-
-func (pbs *proxyBlobStore) Resume(ctx context.Context, id string) (distribution.BlobWriter, error) {
-	return nil, distribution.ErrUnsupported
-}
-
-func (pbs *proxyBlobStore) Mount(ctx context.Context, sourceRepo reference.Named, dgst digest.Digest) (distribution.Descriptor, error) {
-	return distribution.Descriptor{}, distribution.ErrUnsupported
-}
-
-func (pbs *proxyBlobStore) Open(ctx context.Context, dgst digest.Digest) (distribution.ReadSeekCloser, error) {
-	return nil, distribution.ErrUnsupported
-}
-
-func (pbs *proxyBlobStore) Delete(ctx context.Context, dgst digest.Digest) error {
-	return distribution.ErrUnsupported
-}
diff --git a/vendor/github.com/docker/distribution/registry/proxy/proxymanifeststore.go b/vendor/github.com/docker/distribution/registry/proxy/proxymanifeststore.go
deleted file mode 100644
index 9b017a0ba..000000000
--- a/vendor/github.com/docker/distribution/registry/proxy/proxymanifeststore.go
+++ /dev/null
@@ -1,96 +0,0 @@
-package proxy
-
-import (
-	"context"
-	"time"
-
-	"github.com/docker/distribution"
-	dcontext "github.com/docker/distribution/context"
-	"github.com/docker/distribution/reference"
-	"github.com/docker/distribution/registry/proxy/scheduler"
-	"github.com/opencontainers/go-digest"
-)
-
-// todo(richardscothern): from cache control header or config
-const repositoryTTL = 24 * 7 * time.Hour
-
-type proxyManifestStore struct {
-	ctx             context.Context
-	localManifests  distribution.ManifestService
-	remoteManifests distribution.ManifestService
-	repositoryName  reference.Named
-	scheduler       *scheduler.TTLExpirationScheduler
-	authChallenger  authChallenger
-}
-
-var _ distribution.ManifestService = &proxyManifestStore{}
-
-func (pms proxyManifestStore) Exists(ctx context.Context, dgst digest.Digest) (bool, error) {
-	exists, err := pms.localManifests.Exists(ctx, dgst)
-	if err != nil {
-		return false, err
-	}
-	if exists {
-		return true, nil
-	}
-	if err := pms.authChallenger.tryEstablishChallenges(ctx); err != nil {
-		return false, err
-	}
-	return pms.remoteManifests.Exists(ctx, dgst)
-}
-
-func (pms proxyManifestStore) Get(ctx context.Context, dgst digest.Digest, options ...distribution.ManifestServiceOption) (distribution.Manifest, error) {
-	// At this point `dgst` was either specified explicitly, or returned by the
-	// tagstore with the most recent association.
-	var fromRemote bool
-	manifest, err := pms.localManifests.Get(ctx, dgst, options...)
-	if err != nil {
-		if err := pms.authChallenger.tryEstablishChallenges(ctx); err != nil {
-			return nil, err
-		}
-
-		manifest, err = pms.remoteManifests.Get(ctx, dgst, options...)
-		if err != nil {
-			return nil, err
-		}
-		fromRemote = true
-	}
-
-	_, payload, err := manifest.Payload()
-	if err != nil {
-		return nil, err
-	}
-
-	proxyMetrics.ManifestPush(uint64(len(payload)))
-	if fromRemote {
-		proxyMetrics.ManifestPull(uint64(len(payload)))
-
-		_, err = pms.localManifests.Put(ctx, manifest)
-		if err != nil {
-			return nil, err
-		}
-
-		// Schedule the manifest blob for removal
-		repoBlob, err := reference.WithDigest(pms.repositoryName, dgst)
-		if err != nil {
-			dcontext.GetLogger(ctx).Errorf("Error creating reference: %s", err)
-			return nil, err
-		}
-
-		pms.scheduler.AddManifest(repoBlob, repositoryTTL)
-		// Ensure the manifest blob is cleaned up
-		//pms.scheduler.AddBlob(blobRef, repositoryTTL)
-
-	}
-
-	return manifest, err
-}
-
-func (pms proxyManifestStore) Put(ctx context.Context, manifest distribution.Manifest, options ...distribution.ManifestServiceOption) (digest.Digest, error) {
-	var d digest.Digest
-	return d, distribution.ErrUnsupported
-}
-
-func (pms proxyManifestStore) Delete(ctx context.Context, dgst digest.Digest) error {
-	return distribution.ErrUnsupported
-}
diff --git a/vendor/github.com/docker/distribution/registry/proxy/proxymetrics.go b/vendor/github.com/docker/distribution/registry/proxy/proxymetrics.go
deleted file mode 100644
index d3d84d786..000000000
--- a/vendor/github.com/docker/distribution/registry/proxy/proxymetrics.go
+++ /dev/null
@@ -1,74 +0,0 @@
-package proxy
-
-import (
-	"expvar"
-	"sync/atomic"
-)
-
-// Metrics is used to hold metric counters
-// related to the proxy
-type Metrics struct {
-	Requests    uint64
-	Hits        uint64
-	Misses      uint64
-	BytesPulled uint64
-	BytesPushed uint64
-}
-
-type proxyMetricsCollector struct {
-	blobMetrics     Metrics
-	manifestMetrics Metrics
-}
-
-// BlobPull tracks metrics about blobs pulled into the cache
-func (pmc *proxyMetricsCollector) BlobPull(bytesPulled uint64) {
-	atomic.AddUint64(&pmc.blobMetrics.Misses, 1)
-	atomic.AddUint64(&pmc.blobMetrics.BytesPulled, bytesPulled)
-}
-
-// BlobPush tracks metrics about blobs pushed to clients
-func (pmc *proxyMetricsCollector) BlobPush(bytesPushed uint64) {
-	atomic.AddUint64(&pmc.blobMetrics.Requests, 1)
-	atomic.AddUint64(&pmc.blobMetrics.Hits, 1)
-	atomic.AddUint64(&pmc.blobMetrics.BytesPushed, bytesPushed)
-}
-
-// ManifestPull tracks metrics related to Manifests pulled into the cache
-func (pmc *proxyMetricsCollector) ManifestPull(bytesPulled uint64) {
-	atomic.AddUint64(&pmc.manifestMetrics.Misses, 1)
-	atomic.AddUint64(&pmc.manifestMetrics.BytesPulled, bytesPulled)
-}
-
-// ManifestPush tracks metrics about manifests pushed to clients
-func (pmc *proxyMetricsCollector) ManifestPush(bytesPushed uint64) {
-	atomic.AddUint64(&pmc.manifestMetrics.Requests, 1)
-	atomic.AddUint64(&pmc.manifestMetrics.Hits, 1)
-	atomic.AddUint64(&pmc.manifestMetrics.BytesPushed, bytesPushed)
-}
-
-// proxyMetrics tracks metrics about the proxy cache.  This is
-// kept globally and made available via expvar.
-var proxyMetrics = &proxyMetricsCollector{}
-
-func init() {
-	registry := expvar.Get("registry")
-	if registry == nil {
-		registry = expvar.NewMap("registry")
-	}
-
-	pm := registry.(*expvar.Map).Get("proxy")
-	if pm == nil {
-		pm = &expvar.Map{}
-		pm.(*expvar.Map).Init()
-		registry.(*expvar.Map).Set("proxy", pm)
-	}
-
-	pm.(*expvar.Map).Set("blobs", expvar.Func(func() interface{} {
-		return proxyMetrics.blobMetrics
-	}))
-
-	pm.(*expvar.Map).Set("manifests", expvar.Func(func() interface{} {
-		return proxyMetrics.manifestMetrics
-	}))
-
-}
diff --git a/vendor/github.com/docker/distribution/registry/proxy/proxyregistry.go b/vendor/github.com/docker/distribution/registry/proxy/proxyregistry.go
deleted file mode 100644
index e8a8f3526..000000000
--- a/vendor/github.com/docker/distribution/registry/proxy/proxyregistry.go
+++ /dev/null
@@ -1,263 +0,0 @@
-package proxy
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"net/url"
-	"sync"
-
-	"github.com/docker/distribution"
-	"github.com/docker/distribution/configuration"
-	dcontext "github.com/docker/distribution/context"
-	"github.com/docker/distribution/reference"
-	"github.com/docker/distribution/registry/client"
-	"github.com/docker/distribution/registry/client/auth"
-	"github.com/docker/distribution/registry/client/auth/challenge"
-	"github.com/docker/distribution/registry/client/transport"
-	"github.com/docker/distribution/registry/proxy/scheduler"
-	"github.com/docker/distribution/registry/storage"
-	"github.com/docker/distribution/registry/storage/driver"
-)
-
-// proxyingRegistry fetches content from a remote registry and caches it locally
-type proxyingRegistry struct {
-	embedded       distribution.Namespace // provides local registry functionality
-	scheduler      *scheduler.TTLExpirationScheduler
-	remoteURL      url.URL
-	authChallenger authChallenger
-}
-
-// NewRegistryPullThroughCache creates a registry acting as a pull through cache
-func NewRegistryPullThroughCache(ctx context.Context, registry distribution.Namespace, driver driver.StorageDriver, config configuration.Proxy) (distribution.Namespace, error) {
-	remoteURL, err := url.Parse(config.RemoteURL)
-	if err != nil {
-		return nil, err
-	}
-
-	v := storage.NewVacuum(ctx, driver)
-	s := scheduler.New(ctx, driver, "/scheduler-state.json")
-	s.OnBlobExpire(func(ref reference.Reference) error {
-		var r reference.Canonical
-		var ok bool
-		if r, ok = ref.(reference.Canonical); !ok {
-			return fmt.Errorf("unexpected reference type : %T", ref)
-		}
-
-		repo, err := registry.Repository(ctx, r)
-		if err != nil {
-			return err
-		}
-
-		blobs := repo.Blobs(ctx)
-
-		// Clear the repository reference and descriptor caches
-		err = blobs.Delete(ctx, r.Digest())
-		if err != nil {
-			return err
-		}
-
-		err = v.RemoveBlob(r.Digest().String())
-		if err != nil {
-			return err
-		}
-
-		return nil
-	})
-
-	s.OnManifestExpire(func(ref reference.Reference) error {
-		var r reference.Canonical
-		var ok bool
-		if r, ok = ref.(reference.Canonical); !ok {
-			return fmt.Errorf("unexpected reference type : %T", ref)
-		}
-
-		repo, err := registry.Repository(ctx, r)
-		if err != nil {
-			return err
-		}
-
-		manifests, err := repo.Manifests(ctx)
-		if err != nil {
-			return err
-		}
-		err = manifests.Delete(ctx, r.Digest())
-		if err != nil {
-			return err
-		}
-		return nil
-	})
-
-	err = s.Start()
-	if err != nil {
-		return nil, err
-	}
-
-	cs, err := configureAuth(config.Username, config.Password, config.RemoteURL)
-	if err != nil {
-		return nil, err
-	}
-
-	return &proxyingRegistry{
-		embedded:  registry,
-		scheduler: s,
-		remoteURL: *remoteURL,
-		authChallenger: &remoteAuthChallenger{
-			remoteURL: *remoteURL,
-			cm:        challenge.NewSimpleManager(),
-			cs:        cs,
-		},
-	}, nil
-}
-
-func (pr *proxyingRegistry) Scope() distribution.Scope {
-	return distribution.GlobalScope
-}
-
-func (pr *proxyingRegistry) Repositories(ctx context.Context, repos []string, last string) (n int, err error) {
-	return pr.embedded.Repositories(ctx, repos, last)
-}
-
-func (pr *proxyingRegistry) Repository(ctx context.Context, name reference.Named) (distribution.Repository, error) {
-	c := pr.authChallenger
-
-	tkopts := auth.TokenHandlerOptions{
-		Transport:   http.DefaultTransport,
-		Credentials: c.credentialStore(),
-		Scopes: []auth.Scope{
-			auth.RepositoryScope{
-				Repository: name.Name(),
-				Actions:    []string{"pull"},
-			},
-		},
-		Logger: dcontext.GetLogger(ctx),
-	}
-
-	tr := transport.NewTransport(http.DefaultTransport,
-		auth.NewAuthorizer(c.challengeManager(),
-			auth.NewTokenHandlerWithOptions(tkopts)))
-
-	localRepo, err := pr.embedded.Repository(ctx, name)
-	if err != nil {
-		return nil, err
-	}
-	localManifests, err := localRepo.Manifests(ctx, storage.SkipLayerVerification())
-	if err != nil {
-		return nil, err
-	}
-
-	remoteRepo, err := client.NewRepository(name, pr.remoteURL.String(), tr)
-	if err != nil {
-		return nil, err
-	}
-
-	remoteManifests, err := remoteRepo.Manifests(ctx)
-	if err != nil {
-		return nil, err
-	}
-
-	return &proxiedRepository{
-		blobStore: &proxyBlobStore{
-			localStore:     localRepo.Blobs(ctx),
-			remoteStore:    remoteRepo.Blobs(ctx),
-			scheduler:      pr.scheduler,
-			repositoryName: name,
-			authChallenger: pr.authChallenger,
-		},
-		manifests: &proxyManifestStore{
-			repositoryName:  name,
-			localManifests:  localManifests, // Options?
-			remoteManifests: remoteManifests,
-			ctx:             ctx,
-			scheduler:       pr.scheduler,
-			authChallenger:  pr.authChallenger,
-		},
-		name: name,
-		tags: &proxyTagService{
-			localTags:      localRepo.Tags(ctx),
-			remoteTags:     remoteRepo.Tags(ctx),
-			authChallenger: pr.authChallenger,
-		},
-	}, nil
-}
-
-func (pr *proxyingRegistry) Blobs() distribution.BlobEnumerator {
-	return pr.embedded.Blobs()
-}
-
-func (pr *proxyingRegistry) BlobStatter() distribution.BlobStatter {
-	return pr.embedded.BlobStatter()
-}
-
-// authChallenger encapsulates a request to the upstream to establish credential challenges
-type authChallenger interface {
-	tryEstablishChallenges(context.Context) error
-	challengeManager() challenge.Manager
-	credentialStore() auth.CredentialStore
-}
-
-type remoteAuthChallenger struct {
-	remoteURL url.URL
-	sync.Mutex
-	cm challenge.Manager
-	cs auth.CredentialStore
-}
-
-func (r *remoteAuthChallenger) credentialStore() auth.CredentialStore {
-	return r.cs
-}
-
-func (r *remoteAuthChallenger) challengeManager() challenge.Manager {
-	return r.cm
-}
-
-// tryEstablishChallenges will attempt to get a challenge type for the upstream if none currently exist
-func (r *remoteAuthChallenger) tryEstablishChallenges(ctx context.Context) error {
-	r.Lock()
-	defer r.Unlock()
-
-	remoteURL := r.remoteURL
-	remoteURL.Path = "/v2/"
-	challenges, err := r.cm.GetChallenges(remoteURL)
-	if err != nil {
-		return err
-	}
-
-	if len(challenges) > 0 {
-		return nil
-	}
-
-	// establish challenge type with upstream
-	if err := ping(r.cm, remoteURL.String(), challengeHeader); err != nil {
-		return err
-	}
-
-	dcontext.GetLogger(ctx).Infof("Challenge established with upstream : %s %s", remoteURL, r.cm)
-	return nil
-}
-
-// proxiedRepository uses proxying blob and manifest services to serve content
-// locally, or pulling it through from a remote and caching it locally if it doesn't
-// already exist
-type proxiedRepository struct {
-	blobStore distribution.BlobStore
-	manifests distribution.ManifestService
-	name      reference.Named
-	tags      distribution.TagService
-}
-
-func (pr *proxiedRepository) Manifests(ctx context.Context, options ...distribution.ManifestServiceOption) (distribution.ManifestService, error) {
-	return pr.manifests, nil
-}
-
-func (pr *proxiedRepository) Blobs(ctx context.Context) distribution.BlobStore {
-	return pr.blobStore
-}
-
-func (pr *proxiedRepository) Named() reference.Named {
-	return pr.name
-}
-
-func (pr *proxiedRepository) Tags(ctx context.Context) distribution.TagService {
-	return pr.tags
-}
diff --git a/vendor/github.com/docker/distribution/registry/proxy/proxytagservice.go b/vendor/github.com/docker/distribution/registry/proxy/proxytagservice.go
deleted file mode 100644
index 6a9256395..000000000
--- a/vendor/github.com/docker/distribution/registry/proxy/proxytagservice.go
+++ /dev/null
@@ -1,66 +0,0 @@
-package proxy
-
-import (
-	"context"
-
-	"github.com/docker/distribution"
-)
-
-// proxyTagService supports local and remote lookup of tags.
-type proxyTagService struct {
-	localTags      distribution.TagService
-	remoteTags     distribution.TagService
-	authChallenger authChallenger
-}
-
-var _ distribution.TagService = proxyTagService{}
-
-// Get attempts to get the most recent digest for the tag by checking the remote
-// tag service first and then caching it locally.  If the remote is unavailable
-// the local association is returned
-func (pt proxyTagService) Get(ctx context.Context, tag string) (distribution.Descriptor, error) {
-	err := pt.authChallenger.tryEstablishChallenges(ctx)
-	if err == nil {
-		desc, err := pt.remoteTags.Get(ctx, tag)
-		if err == nil {
-			err := pt.localTags.Tag(ctx, tag, desc)
-			if err != nil {
-				return distribution.Descriptor{}, err
-			}
-			return desc, nil
-		}
-	}
-
-	desc, err := pt.localTags.Get(ctx, tag)
-	if err != nil {
-		return distribution.Descriptor{}, err
-	}
-	return desc, nil
-}
-
-func (pt proxyTagService) Tag(ctx context.Context, tag string, desc distribution.Descriptor) error {
-	return distribution.ErrUnsupported
-}
-
-func (pt proxyTagService) Untag(ctx context.Context, tag string) error {
-	err := pt.localTags.Untag(ctx, tag)
-	if err != nil {
-		return err
-	}
-	return nil
-}
-
-func (pt proxyTagService) All(ctx context.Context) ([]string, error) {
-	err := pt.authChallenger.tryEstablishChallenges(ctx)
-	if err == nil {
-		tags, err := pt.remoteTags.All(ctx)
-		if err == nil {
-			return tags, err
-		}
-	}
-	return pt.localTags.All(ctx)
-}
-
-func (pt proxyTagService) Lookup(ctx context.Context, digest distribution.Descriptor) ([]string, error) {
-	return []string{}, distribution.ErrUnsupported
-}
diff --git a/vendor/github.com/docker/distribution/registry/proxy/scheduler/scheduler.go b/vendor/github.com/docker/distribution/registry/proxy/scheduler/scheduler.go
deleted file mode 100644
index f3c1caa03..000000000
--- a/vendor/github.com/docker/distribution/registry/proxy/scheduler/scheduler.go
+++ /dev/null
@@ -1,260 +0,0 @@
-package scheduler
-
-import (
-	"context"
-	"encoding/json"
-	"fmt"
-	"sync"
-	"time"
-
-	dcontext "github.com/docker/distribution/context"
-	"github.com/docker/distribution/reference"
-	"github.com/docker/distribution/registry/storage/driver"
-)
-
-// onTTLExpiryFunc is called when a repository's TTL expires
-type expiryFunc func(reference.Reference) error
-
-const (
-	entryTypeBlob = iota
-	entryTypeManifest
-	indexSaveFrequency = 5 * time.Second
-)
-
-// schedulerEntry represents an entry in the scheduler
-// fields are exported for serialization
-type schedulerEntry struct {
-	Key       string    `json:"Key"`
-	Expiry    time.Time `json:"ExpiryData"`
-	EntryType int       `json:"EntryType"`
-
-	timer *time.Timer
-}
-
-// New returns a new instance of the scheduler
-func New(ctx context.Context, driver driver.StorageDriver, path string) *TTLExpirationScheduler {
-	return &TTLExpirationScheduler{
-		entries:         make(map[string]*schedulerEntry),
-		driver:          driver,
-		pathToStateFile: path,
-		ctx:             ctx,
-		stopped:         true,
-		doneChan:        make(chan struct{}),
-		saveTimer:       time.NewTicker(indexSaveFrequency),
-	}
-}
-
-// TTLExpirationScheduler is a scheduler used to perform actions
-// when TTLs expire
-type TTLExpirationScheduler struct {
-	sync.Mutex
-
-	entries map[string]*schedulerEntry
-
-	driver          driver.StorageDriver
-	ctx             context.Context
-	pathToStateFile string
-
-	stopped bool
-
-	onBlobExpire     expiryFunc
-	onManifestExpire expiryFunc
-
-	indexDirty bool
-	saveTimer  *time.Ticker
-	doneChan   chan struct{}
-}
-
-// OnBlobExpire is called when a scheduled blob's TTL expires
-func (ttles *TTLExpirationScheduler) OnBlobExpire(f expiryFunc) {
-	ttles.Lock()
-	defer ttles.Unlock()
-
-	ttles.onBlobExpire = f
-}
-
-// OnManifestExpire is called when a scheduled manifest's TTL expires
-func (ttles *TTLExpirationScheduler) OnManifestExpire(f expiryFunc) {
-	ttles.Lock()
-	defer ttles.Unlock()
-
-	ttles.onManifestExpire = f
-}
-
-// AddBlob schedules a blob cleanup after ttl expires
-func (ttles *TTLExpirationScheduler) AddBlob(blobRef reference.Canonical, ttl time.Duration) error {
-	ttles.Lock()
-	defer ttles.Unlock()
-
-	if ttles.stopped {
-		return fmt.Errorf("scheduler not started")
-	}
-
-	ttles.add(blobRef, ttl, entryTypeBlob)
-	return nil
-}
-
-// AddManifest schedules a manifest cleanup after ttl expires
-func (ttles *TTLExpirationScheduler) AddManifest(manifestRef reference.Canonical, ttl time.Duration) error {
-	ttles.Lock()
-	defer ttles.Unlock()
-
-	if ttles.stopped {
-		return fmt.Errorf("scheduler not started")
-	}
-
-	ttles.add(manifestRef, ttl, entryTypeManifest)
-	return nil
-}
-
-// Start starts the scheduler
-func (ttles *TTLExpirationScheduler) Start() error {
-	ttles.Lock()
-	defer ttles.Unlock()
-
-	err := ttles.readState()
-	if err != nil {
-		return err
-	}
-
-	if !ttles.stopped {
-		return fmt.Errorf("scheduler already started")
-	}
-
-	dcontext.GetLogger(ttles.ctx).Infof("Starting cached object TTL expiration scheduler...")
-	ttles.stopped = false
-
-	// Start timer for each deserialized entry
-	for _, entry := range ttles.entries {
-		entry.timer = ttles.startTimer(entry, time.Until(entry.Expiry))
-	}
-
-	// Start a ticker to periodically save the entries index
-
-	go func() {
-		for {
-			select {
-			case <-ttles.saveTimer.C:
-				ttles.Lock()
-				if !ttles.indexDirty {
-					ttles.Unlock()
-					continue
-				}
-
-				err := ttles.writeState()
-				if err != nil {
-					dcontext.GetLogger(ttles.ctx).Errorf("Error writing scheduler state: %s", err)
-				} else {
-					ttles.indexDirty = false
-				}
-				ttles.Unlock()
-
-			case <-ttles.doneChan:
-				return
-			}
-		}
-	}()
-
-	return nil
-}
-
-func (ttles *TTLExpirationScheduler) add(r reference.Reference, ttl time.Duration, eType int) {
-	entry := &schedulerEntry{
-		Key:       r.String(),
-		Expiry:    time.Now().Add(ttl),
-		EntryType: eType,
-	}
-	dcontext.GetLogger(ttles.ctx).Infof("Adding new scheduler entry for %s with ttl=%s", entry.Key, time.Until(entry.Expiry))
-	if oldEntry, present := ttles.entries[entry.Key]; present && oldEntry.timer != nil {
-		oldEntry.timer.Stop()
-	}
-	ttles.entries[entry.Key] = entry
-	entry.timer = ttles.startTimer(entry, ttl)
-	ttles.indexDirty = true
-}
-
-func (ttles *TTLExpirationScheduler) startTimer(entry *schedulerEntry, ttl time.Duration) *time.Timer {
-	return time.AfterFunc(ttl, func() {
-		ttles.Lock()
-		defer ttles.Unlock()
-
-		var f expiryFunc
-
-		switch entry.EntryType {
-		case entryTypeBlob:
-			f = ttles.onBlobExpire
-		case entryTypeManifest:
-			f = ttles.onManifestExpire
-		default:
-			f = func(reference.Reference) error {
-				return fmt.Errorf("scheduler entry type")
-			}
-		}
-
-		ref, err := reference.Parse(entry.Key)
-		if err == nil {
-			if err := f(ref); err != nil {
-				dcontext.GetLogger(ttles.ctx).Errorf("Scheduler error returned from OnExpire(%s): %s", entry.Key, err)
-			}
-		} else {
-			dcontext.GetLogger(ttles.ctx).Errorf("Error unpacking reference: %s", err)
-		}
-
-		delete(ttles.entries, entry.Key)
-		ttles.indexDirty = true
-	})
-}
-
-// Stop stops the scheduler.
-func (ttles *TTLExpirationScheduler) Stop() {
-	ttles.Lock()
-	defer ttles.Unlock()
-
-	if err := ttles.writeState(); err != nil {
-		dcontext.GetLogger(ttles.ctx).Errorf("Error writing scheduler state: %s", err)
-	}
-
-	for _, entry := range ttles.entries {
-		entry.timer.Stop()
-	}
-
-	close(ttles.doneChan)
-	ttles.saveTimer.Stop()
-	ttles.stopped = true
-}
-
-func (ttles *TTLExpirationScheduler) writeState() error {
-	jsonBytes, err := json.Marshal(ttles.entries)
-	if err != nil {
-		return err
-	}
-
-	err = ttles.driver.PutContent(ttles.ctx, ttles.pathToStateFile, jsonBytes)
-	if err != nil {
-		return err
-	}
-
-	return nil
-}
-
-func (ttles *TTLExpirationScheduler) readState() error {
-	if _, err := ttles.driver.Stat(ttles.ctx, ttles.pathToStateFile); err != nil {
-		switch err := err.(type) {
-		case driver.PathNotFoundError:
-			return nil
-		default:
-			return err
-		}
-	}
-
-	bytes, err := ttles.driver.GetContent(ttles.ctx, ttles.pathToStateFile)
-	if err != nil {
-		return err
-	}
-
-	err = json.Unmarshal(bytes, &ttles.entries)
-	if err != nil {
-		return err
-	}
-	return nil
-}
diff --git a/vendor/github.com/docker/distribution/registry/registry.go b/vendor/github.com/docker/distribution/registry/registry.go
deleted file mode 100644
index dc156f462..000000000
--- a/vendor/github.com/docker/distribution/registry/registry.go
+++ /dev/null
@@ -1,497 +0,0 @@
-package registry
-
-import (
-	"context"
-	"crypto/tls"
-	"crypto/x509"
-	"fmt"
-	"io/ioutil"
-	"net/http"
-	"os"
-	"os/signal"
-	"strings"
-	"syscall"
-	"time"
-
-	"rsc.io/letsencrypt"
-
-	logrus_bugsnag "github.com/Shopify/logrus-bugsnag"
-
-	logstash "github.com/bshuster-repo/logrus-logstash-hook"
-	"github.com/bugsnag/bugsnag-go"
-	"github.com/docker/distribution/configuration"
-	dcontext "github.com/docker/distribution/context"
-	"github.com/docker/distribution/health"
-	"github.com/docker/distribution/registry/handlers"
-	"github.com/docker/distribution/registry/listener"
-	"github.com/docker/distribution/uuid"
-	"github.com/docker/distribution/version"
-	"github.com/docker/go-metrics"
-	gorhandlers "github.com/gorilla/handlers"
-	log "github.com/sirupsen/logrus"
-	"github.com/spf13/cobra"
-	"github.com/yvasiyarov/gorelic"
-)
-
-// a map of TLS cipher suite names to constants in https://golang.org/pkg/crypto/tls/#pkg-constants
-var cipherSuites = map[string]uint16{
-	// TLS 1.0 - 1.2 cipher suites
-	"TLS_RSA_WITH_RC4_128_SHA":                      tls.TLS_RSA_WITH_RC4_128_SHA,
-	"TLS_RSA_WITH_3DES_EDE_CBC_SHA":                 tls.TLS_RSA_WITH_3DES_EDE_CBC_SHA,
-	"TLS_RSA_WITH_AES_128_CBC_SHA":                  tls.TLS_RSA_WITH_AES_128_CBC_SHA,
-	"TLS_RSA_WITH_AES_256_CBC_SHA":                  tls.TLS_RSA_WITH_AES_256_CBC_SHA,
-	"TLS_RSA_WITH_AES_128_CBC_SHA256":               tls.TLS_RSA_WITH_AES_128_CBC_SHA256,
-	"TLS_RSA_WITH_AES_128_GCM_SHA256":               tls.TLS_RSA_WITH_AES_128_GCM_SHA256,
-	"TLS_RSA_WITH_AES_256_GCM_SHA384":               tls.TLS_RSA_WITH_AES_256_GCM_SHA384,
-	"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA":              tls.TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
-	"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA":          tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
-	"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA":          tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
-	"TLS_ECDHE_RSA_WITH_RC4_128_SHA":                tls.TLS_ECDHE_RSA_WITH_RC4_128_SHA,
-	"TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA":           tls.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
-	"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA":            tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
-	"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA":            tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
-	"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256":       tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
-	"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256":         tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
-	"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256":         tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
-	"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256":       tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
-	"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384":         tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
-	"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384":       tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
-	"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256":   tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
-	"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256": tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
-	// TLS 1.3 cipher suites
-	"TLS_AES_128_GCM_SHA256":       tls.TLS_AES_128_GCM_SHA256,
-	"TLS_AES_256_GCM_SHA384":       tls.TLS_AES_256_GCM_SHA384,
-	"TLS_CHACHA20_POLY1305_SHA256": tls.TLS_CHACHA20_POLY1305_SHA256,
-}
-
-// a list of default ciphersuites to utilize
-var defaultCipherSuites = []uint16{
-	tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
-	tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
-	tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
-	tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
-	tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
-	tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
-	tls.TLS_AES_128_GCM_SHA256,
-	tls.TLS_CHACHA20_POLY1305_SHA256,
-	tls.TLS_AES_256_GCM_SHA384,
-}
-
-// maps tls version strings to constants
-var defaultTLSVersionStr = "tls1.2"
-var tlsVersions = map[string]uint16{
-	// user specified values
-	"tls1.0": tls.VersionTLS10,
-	"tls1.1": tls.VersionTLS11,
-	"tls1.2": tls.VersionTLS12,
-	"tls1.3": tls.VersionTLS13,
-}
-
-// this channel gets notified when process receives signal. It is global to ease unit testing
-var quit = make(chan os.Signal, 1)
-
-// ServeCmd is a cobra command for running the registry.
-var ServeCmd = &cobra.Command{
-	Use:   "serve <config>",
-	Short: "`serve` stores and distributes Docker images",
-	Long:  "`serve` stores and distributes Docker images.",
-	Run: func(cmd *cobra.Command, args []string) {
-
-		// setup context
-		ctx := dcontext.WithVersion(dcontext.Background(), version.Version)
-
-		config, err := resolveConfiguration(args)
-		if err != nil {
-			fmt.Fprintf(os.Stderr, "configuration error: %v\n", err)
-			cmd.Usage()
-			os.Exit(1)
-		}
-
-		if config.HTTP.Debug.Addr != "" {
-			go func(addr string) {
-				log.Infof("debug server listening %v", addr)
-				if err := http.ListenAndServe(addr, nil); err != nil {
-					log.Fatalf("error listening on debug interface: %v", err)
-				}
-			}(config.HTTP.Debug.Addr)
-		}
-
-		registry, err := NewRegistry(ctx, config)
-		if err != nil {
-			log.Fatalln(err)
-		}
-
-		if config.HTTP.Debug.Prometheus.Enabled {
-			path := config.HTTP.Debug.Prometheus.Path
-			if path == "" {
-				path = "/metrics"
-			}
-			log.Info("providing prometheus metrics on ", path)
-			http.Handle(path, metrics.Handler())
-		}
-
-		if err = registry.ListenAndServe(); err != nil {
-			log.Fatalln(err)
-		}
-	},
-}
-
-// A Registry represents a complete instance of the registry.
-// TODO(aaronl): It might make sense for Registry to become an interface.
-type Registry struct {
-	config *configuration.Configuration
-	app    *handlers.App
-	server *http.Server
-}
-
-// NewRegistry creates a new registry from a context and configuration struct.
-func NewRegistry(ctx context.Context, config *configuration.Configuration) (*Registry, error) {
-	var err error
-	ctx, err = configureLogging(ctx, config)
-	if err != nil {
-		return nil, fmt.Errorf("error configuring logger: %v", err)
-	}
-
-	configureBugsnag(config)
-
-	// inject a logger into the uuid library. warns us if there is a problem
-	// with uuid generation under low entropy.
-	uuid.Loggerf = dcontext.GetLogger(ctx).Warnf
-
-	app := handlers.NewApp(ctx, config)
-	// TODO(aaronl): The global scope of the health checks means NewRegistry
-	// can only be called once per process.
-	app.RegisterHealthChecks()
-	handler := configureReporting(app)
-	handler = alive("/", handler)
-	handler = health.Handler(handler)
-	handler = panicHandler(handler)
-	if !config.Log.AccessLog.Disabled {
-		handler = gorhandlers.CombinedLoggingHandler(os.Stdout, handler)
-	}
-
-	server := &http.Server{
-		Handler: handler,
-	}
-
-	return &Registry{
-		app:    app,
-		config: config,
-		server: server,
-	}, nil
-}
-
-// takes a list of cipher suites and converts it to a list of respective tls constants
-// if an empty list is provided, then the defaults will be used
-func getCipherSuites(names []string) ([]uint16, error) {
-	if len(names) == 0 {
-		return defaultCipherSuites, nil
-	}
-	cipherSuiteConsts := make([]uint16, len(names))
-	for i, name := range names {
-		cipherSuiteConst, ok := cipherSuites[name]
-		if !ok {
-			return nil, fmt.Errorf("unknown TLS cipher suite '%s' specified for http.tls.cipherSuites", name)
-		}
-		cipherSuiteConsts[i] = cipherSuiteConst
-	}
-	return cipherSuiteConsts, nil
-}
-
-// takes a list of cipher suite ids and converts it to a list of respective names
-func getCipherSuiteNames(ids []uint16) []string {
-	if len(ids) == 0 {
-		return nil
-	}
-	names := make([]string, len(ids))
-	for i, id := range ids {
-		names[i] = tls.CipherSuiteName(id)
-	}
-	return names
-}
-
-// ListenAndServe runs the registry's HTTP server.
-func (registry *Registry) ListenAndServe() error {
-	config := registry.config
-
-	ln, err := listener.NewListener(config.HTTP.Net, config.HTTP.Addr)
-	if err != nil {
-		return err
-	}
-
-	if config.HTTP.TLS.Certificate != "" || config.HTTP.TLS.LetsEncrypt.CacheFile != "" {
-		if config.HTTP.TLS.MinimumTLS == "" {
-			config.HTTP.TLS.MinimumTLS = defaultTLSVersionStr
-		}
-		tlsMinVersion, ok := tlsVersions[config.HTTP.TLS.MinimumTLS]
-		if !ok {
-			return fmt.Errorf("unknown minimum TLS level '%s' specified for http.tls.minimumtls", config.HTTP.TLS.MinimumTLS)
-		}
-		dcontext.GetLogger(registry.app).Infof("restricting TLS version to %s or higher", config.HTTP.TLS.MinimumTLS)
-
-		tlsCipherSuites, err := getCipherSuites(config.HTTP.TLS.CipherSuites)
-		if err != nil {
-			return err
-		}
-		dcontext.GetLogger(registry.app).Infof("restricting TLS cipher suites to: %s", strings.Join(getCipherSuiteNames(tlsCipherSuites), ","))
-
-		tlsConf := &tls.Config{
-			ClientAuth:               tls.NoClientCert,
-			NextProtos:               nextProtos(config),
-			MinVersion:               tlsMinVersion,
-			PreferServerCipherSuites: true,
-			CipherSuites:             tlsCipherSuites,
-		}
-
-		if config.HTTP.TLS.LetsEncrypt.CacheFile != "" {
-			if config.HTTP.TLS.Certificate != "" {
-				return fmt.Errorf("cannot specify both certificate and Let's Encrypt")
-			}
-			var m letsencrypt.Manager
-			if err := m.CacheFile(config.HTTP.TLS.LetsEncrypt.CacheFile); err != nil {
-				return err
-			}
-			if !m.Registered() {
-				if err := m.Register(config.HTTP.TLS.LetsEncrypt.Email, nil); err != nil {
-					return err
-				}
-			}
-			if len(config.HTTP.TLS.LetsEncrypt.Hosts) > 0 {
-				m.SetHosts(config.HTTP.TLS.LetsEncrypt.Hosts)
-			}
-			tlsConf.GetCertificate = m.GetCertificate
-		} else {
-			tlsConf.Certificates = make([]tls.Certificate, 1)
-			tlsConf.Certificates[0], err = tls.LoadX509KeyPair(config.HTTP.TLS.Certificate, config.HTTP.TLS.Key)
-			if err != nil {
-				return err
-			}
-		}
-
-		if len(config.HTTP.TLS.ClientCAs) != 0 {
-			pool := x509.NewCertPool()
-
-			for _, ca := range config.HTTP.TLS.ClientCAs {
-				caPem, err := ioutil.ReadFile(ca)
-				if err != nil {
-					return err
-				}
-
-				if ok := pool.AppendCertsFromPEM(caPem); !ok {
-					return fmt.Errorf("could not add CA to pool")
-				}
-			}
-
-			for _, subj := range pool.Subjects() {
-				dcontext.GetLogger(registry.app).Debugf("CA Subject: %s", string(subj))
-			}
-
-			tlsConf.ClientAuth = tls.RequireAndVerifyClientCert
-			tlsConf.ClientCAs = pool
-		}
-
-		ln = tls.NewListener(ln, tlsConf)
-		dcontext.GetLogger(registry.app).Infof("listening on %v, tls", ln.Addr())
-	} else {
-		dcontext.GetLogger(registry.app).Infof("listening on %v", ln.Addr())
-	}
-
-	if config.HTTP.DrainTimeout == 0 {
-		return registry.server.Serve(ln)
-	}
-
-	// setup channel to get notified on SIGTERM signal
-	signal.Notify(quit, syscall.SIGTERM)
-	serveErr := make(chan error)
-
-	// Start serving in goroutine and listen for stop signal in main thread
-	go func() {
-		serveErr <- registry.server.Serve(ln)
-	}()
-
-	select {
-	case err := <-serveErr:
-		return err
-	case <-quit:
-		dcontext.GetLogger(registry.app).Info("stopping server gracefully. Draining connections for ", config.HTTP.DrainTimeout)
-		// shutdown the server with a grace period of configured timeout
-		c, cancel := context.WithTimeout(context.Background(), config.HTTP.DrainTimeout)
-		defer cancel()
-		return registry.server.Shutdown(c)
-	}
-}
-
-func configureReporting(app *handlers.App) http.Handler {
-	var handler http.Handler = app
-
-	if app.Config.Reporting.Bugsnag.APIKey != "" {
-		handler = bugsnag.Handler(handler)
-	}
-
-	if app.Config.Reporting.NewRelic.LicenseKey != "" {
-		agent := gorelic.NewAgent()
-		agent.NewrelicLicense = app.Config.Reporting.NewRelic.LicenseKey
-		if app.Config.Reporting.NewRelic.Name != "" {
-			agent.NewrelicName = app.Config.Reporting.NewRelic.Name
-		}
-		agent.CollectHTTPStat = true
-		agent.Verbose = app.Config.Reporting.NewRelic.Verbose
-		agent.Run()
-
-		handler = agent.WrapHTTPHandler(handler)
-	}
-
-	return handler
-}
-
-// configureLogging prepares the context with a logger using the
-// configuration.
-func configureLogging(ctx context.Context, config *configuration.Configuration) (context.Context, error) {
-	log.SetLevel(logLevel(config.Log.Level))
-
-	formatter := config.Log.Formatter
-	if formatter == "" {
-		formatter = "text" // default formatter
-	}
-
-	switch formatter {
-	case "json":
-		log.SetFormatter(&log.JSONFormatter{
-			TimestampFormat: time.RFC3339Nano,
-		})
-	case "text":
-		log.SetFormatter(&log.TextFormatter{
-			TimestampFormat: time.RFC3339Nano,
-		})
-	case "logstash":
-		log.SetFormatter(&logstash.LogstashFormatter{
-			TimestampFormat: time.RFC3339Nano,
-		})
-	default:
-		// just let the library use default on empty string.
-		if config.Log.Formatter != "" {
-			return ctx, fmt.Errorf("unsupported logging formatter: %q", config.Log.Formatter)
-		}
-	}
-
-	if config.Log.Formatter != "" {
-		log.Debugf("using %q logging formatter", config.Log.Formatter)
-	}
-
-	if len(config.Log.Fields) > 0 {
-		// build up the static fields, if present.
-		var fields []interface{}
-		for k := range config.Log.Fields {
-			fields = append(fields, k)
-		}
-
-		ctx = dcontext.WithValues(ctx, config.Log.Fields)
-		ctx = dcontext.WithLogger(ctx, dcontext.GetLogger(ctx, fields...))
-	}
-
-	return ctx, nil
-}
-
-func logLevel(level configuration.Loglevel) log.Level {
-	l, err := log.ParseLevel(string(level))
-	if err != nil {
-		l = log.InfoLevel
-		log.Warnf("error parsing level %q: %v, using %q	", level, err, l)
-	}
-
-	return l
-}
-
-// configureBugsnag configures bugsnag reporting, if enabled
-func configureBugsnag(config *configuration.Configuration) {
-	if config.Reporting.Bugsnag.APIKey == "" {
-		return
-	}
-
-	bugsnagConfig := bugsnag.Configuration{
-		APIKey: config.Reporting.Bugsnag.APIKey,
-	}
-	if config.Reporting.Bugsnag.ReleaseStage != "" {
-		bugsnagConfig.ReleaseStage = config.Reporting.Bugsnag.ReleaseStage
-	}
-	if config.Reporting.Bugsnag.Endpoint != "" {
-		bugsnagConfig.Endpoint = config.Reporting.Bugsnag.Endpoint
-	}
-	bugsnag.Configure(bugsnagConfig)
-
-	// configure logrus bugsnag hook
-	hook, err := logrus_bugsnag.NewBugsnagHook()
-	if err != nil {
-		log.Fatalln(err)
-	}
-
-	log.AddHook(hook)
-}
-
-// panicHandler add an HTTP handler to web app. The handler recover the happening
-// panic. logrus.Panic transmits panic message to pre-config log hooks, which is
-// defined in config.yml.
-func panicHandler(handler http.Handler) http.Handler {
-	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		defer func() {
-			if err := recover(); err != nil {
-				log.Panic(fmt.Sprintf("%v", err))
-			}
-		}()
-		handler.ServeHTTP(w, r)
-	})
-}
-
-// alive simply wraps the handler with a route that always returns an http 200
-// response when the path is matched. If the path is not matched, the request
-// is passed to the provided handler. There is no guarantee of anything but
-// that the server is up. Wrap with other handlers (such as health.Handler)
-// for greater affect.
-func alive(path string, handler http.Handler) http.Handler {
-	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		if r.URL.Path == path {
-			w.Header().Set("Cache-Control", "no-cache")
-			w.WriteHeader(http.StatusOK)
-			return
-		}
-
-		handler.ServeHTTP(w, r)
-	})
-}
-
-func resolveConfiguration(args []string) (*configuration.Configuration, error) {
-	var configurationPath string
-
-	if len(args) > 0 {
-		configurationPath = args[0]
-	} else if os.Getenv("REGISTRY_CONFIGURATION_PATH") != "" {
-		configurationPath = os.Getenv("REGISTRY_CONFIGURATION_PATH")
-	}
-
-	if configurationPath == "" {
-		return nil, fmt.Errorf("configuration path unspecified")
-	}
-
-	fp, err := os.Open(configurationPath)
-	if err != nil {
-		return nil, err
-	}
-
-	defer fp.Close()
-
-	config, err := configuration.Parse(fp)
-	if err != nil {
-		return nil, fmt.Errorf("error parsing %s: %v", configurationPath, err)
-	}
-
-	return config, nil
-}
-
-func nextProtos(config *configuration.Configuration) []string {
-	switch config.HTTP.HTTP2.Disabled {
-	case true:
-		return []string{"http/1.1"}
-	default:
-		return []string{"h2", "http/1.1"}
-	}
-}
diff --git a/vendor/github.com/docker/distribution/registry/root.go b/vendor/github.com/docker/distribution/registry/root.go
deleted file mode 100644
index 94d22f3c7..000000000
--- a/vendor/github.com/docker/distribution/registry/root.go
+++ /dev/null
@@ -1,89 +0,0 @@
-package registry
-
-import (
-	"fmt"
-	"os"
-
-	dcontext "github.com/docker/distribution/context"
-	"github.com/docker/distribution/registry/storage"
-	"github.com/docker/distribution/registry/storage/driver/factory"
-	"github.com/docker/distribution/version"
-	"github.com/docker/libtrust"
-	"github.com/spf13/cobra"
-)
-
-var showVersion bool
-
-func init() {
-	RootCmd.AddCommand(ServeCmd)
-	RootCmd.AddCommand(GCCmd)
-	GCCmd.Flags().BoolVarP(&dryRun, "dry-run", "d", false, "do everything except remove the blobs")
-	GCCmd.Flags().BoolVarP(&removeUntagged, "delete-untagged", "m", false, "delete manifests that are not currently referenced via tag")
-	RootCmd.Flags().BoolVarP(&showVersion, "version", "v", false, "show the version and exit")
-}
-
-// RootCmd is the main command for the 'registry' binary.
-var RootCmd = &cobra.Command{
-	Use:   "registry",
-	Short: "`registry`",
-	Long:  "`registry`",
-	Run: func(cmd *cobra.Command, args []string) {
-		if showVersion {
-			version.PrintVersion()
-			return
-		}
-		cmd.Usage()
-	},
-}
-
-var dryRun bool
-var removeUntagged bool
-
-// GCCmd is the cobra command that corresponds to the garbage-collect subcommand
-var GCCmd = &cobra.Command{
-	Use:   "garbage-collect <config>",
-	Short: "`garbage-collect` deletes layers not referenced by any manifests",
-	Long:  "`garbage-collect` deletes layers not referenced by any manifests",
-	Run: func(cmd *cobra.Command, args []string) {
-		config, err := resolveConfiguration(args)
-		if err != nil {
-			fmt.Fprintf(os.Stderr, "configuration error: %v\n", err)
-			cmd.Usage()
-			os.Exit(1)
-		}
-
-		driver, err := factory.Create(config.Storage.Type(), config.Storage.Parameters())
-		if err != nil {
-			fmt.Fprintf(os.Stderr, "failed to construct %s driver: %v", config.Storage.Type(), err)
-			os.Exit(1)
-		}
-
-		ctx := dcontext.Background()
-		ctx, err = configureLogging(ctx, config)
-		if err != nil {
-			fmt.Fprintf(os.Stderr, "unable to configure logging with config: %s", err)
-			os.Exit(1)
-		}
-
-		k, err := libtrust.GenerateECP256PrivateKey()
-		if err != nil {
-			fmt.Fprint(os.Stderr, err)
-			os.Exit(1)
-		}
-
-		registry, err := storage.NewRegistry(ctx, driver, storage.Schema1SigningKey(k))
-		if err != nil {
-			fmt.Fprintf(os.Stderr, "failed to construct registry: %v", err)
-			os.Exit(1)
-		}
-
-		err = storage.MarkAndSweep(ctx, driver, registry, storage.GCOpts{
-			DryRun:         dryRun,
-			RemoveUntagged: removeUntagged,
-		})
-		if err != nil {
-			fmt.Fprintf(os.Stderr, "failed to garbage collect: %v", err)
-			os.Exit(1)
-		}
-	},
-}
diff --git a/vendor/github.com/docker/distribution/registry/storage/blobcachemetrics.go b/vendor/github.com/docker/distribution/registry/storage/blobcachemetrics.go
deleted file mode 100644
index 238b5806c..000000000
--- a/vendor/github.com/docker/distribution/registry/storage/blobcachemetrics.go
+++ /dev/null
@@ -1,66 +0,0 @@
-package storage
-
-import (
-	"context"
-	"expvar"
-	"sync/atomic"
-
-	dcontext "github.com/docker/distribution/context"
-	"github.com/docker/distribution/registry/storage/cache"
-)
-
-type blobStatCollector struct {
-	metrics cache.Metrics
-}
-
-func (bsc *blobStatCollector) Hit() {
-	atomic.AddUint64(&bsc.metrics.Requests, 1)
-	atomic.AddUint64(&bsc.metrics.Hits, 1)
-}
-
-func (bsc *blobStatCollector) Miss() {
-	atomic.AddUint64(&bsc.metrics.Requests, 1)
-	atomic.AddUint64(&bsc.metrics.Misses, 1)
-}
-
-func (bsc *blobStatCollector) Metrics() cache.Metrics {
-	return bsc.metrics
-}
-
-func (bsc *blobStatCollector) Logger(ctx context.Context) cache.Logger {
-	return dcontext.GetLogger(ctx)
-}
-
-// blobStatterCacheMetrics keeps track of cache metrics for blob descriptor
-// cache requests. Note this is kept globally and made available via expvar.
-// For more detailed metrics, its recommend to instrument a particular cache
-// implementation.
-var blobStatterCacheMetrics cache.MetricsTracker = &blobStatCollector{}
-
-func init() {
-	registry := expvar.Get("registry")
-	if registry == nil {
-		registry = expvar.NewMap("registry")
-	}
-
-	cache := registry.(*expvar.Map).Get("cache")
-	if cache == nil {
-		cache = &expvar.Map{}
-		cache.(*expvar.Map).Init()
-		registry.(*expvar.Map).Set("cache", cache)
-	}
-
-	storage := cache.(*expvar.Map).Get("storage")
-	if storage == nil {
-		storage = &expvar.Map{}
-		storage.(*expvar.Map).Init()
-		cache.(*expvar.Map).Set("storage", storage)
-	}
-
-	storage.(*expvar.Map).Set("blobdescriptor", expvar.Func(func() interface{} {
-		// no need for synchronous access: the increments are atomic and
-		// during reading, we don't care if the data is up to date. The
-		// numbers will always *eventually* be reported correctly.
-		return blobStatterCacheMetrics
-	}))
-}
diff --git a/vendor/github.com/docker/distribution/registry/storage/blobserver.go b/vendor/github.com/docker/distribution/registry/storage/blobserver.go
deleted file mode 100644
index 57d4f907b..000000000
--- a/vendor/github.com/docker/distribution/registry/storage/blobserver.go
+++ /dev/null
@@ -1,78 +0,0 @@
-package storage
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"time"
-
-	"github.com/docker/distribution"
-	"github.com/docker/distribution/registry/storage/driver"
-	"github.com/opencontainers/go-digest"
-)
-
-// TODO(stevvooe): This should configurable in the future.
-const blobCacheControlMaxAge = 365 * 24 * time.Hour
-
-// blobServer simply serves blobs from a driver instance using a path function
-// to identify paths and a descriptor service to fill in metadata.
-type blobServer struct {
-	driver   driver.StorageDriver
-	statter  distribution.BlobStatter
-	pathFn   func(dgst digest.Digest) (string, error)
-	redirect bool // allows disabling URLFor redirects
-}
-
-func (bs *blobServer) ServeBlob(ctx context.Context, w http.ResponseWriter, r *http.Request, dgst digest.Digest) error {
-	desc, err := bs.statter.Stat(ctx, dgst)
-	if err != nil {
-		return err
-	}
-
-	path, err := bs.pathFn(desc.Digest)
-	if err != nil {
-		return err
-	}
-
-	if bs.redirect {
-		redirectURL, err := bs.driver.URLFor(ctx, path, map[string]interface{}{"method": r.Method})
-		switch err.(type) {
-		case nil:
-			// Redirect to storage URL.
-			http.Redirect(w, r, redirectURL, http.StatusTemporaryRedirect)
-			return err
-
-		case driver.ErrUnsupportedMethod:
-			// Fallback to serving the content directly.
-		default:
-			// Some unexpected error.
-			return err
-		}
-	}
-
-	br, err := newFileReader(ctx, bs.driver, path, desc.Size)
-	if err != nil {
-		return err
-	}
-	defer br.Close()
-
-	w.Header().Set("ETag", fmt.Sprintf(`"%s"`, desc.Digest)) // If-None-Match handled by ServeContent
-	w.Header().Set("Cache-Control", fmt.Sprintf("max-age=%.f", blobCacheControlMaxAge.Seconds()))
-
-	if w.Header().Get("Docker-Content-Digest") == "" {
-		w.Header().Set("Docker-Content-Digest", desc.Digest.String())
-	}
-
-	if w.Header().Get("Content-Type") == "" {
-		// Set the content type if not already set.
-		w.Header().Set("Content-Type", desc.MediaType)
-	}
-
-	if w.Header().Get("Content-Length") == "" {
-		// Set the content length if not already set.
-		w.Header().Set("Content-Length", fmt.Sprint(desc.Size))
-	}
-
-	http.ServeContent(w, r, desc.Digest.String(), time.Time{}, br)
-	return nil
-}
diff --git a/vendor/github.com/docker/distribution/registry/storage/blobstore.go b/vendor/github.com/docker/distribution/registry/storage/blobstore.go
deleted file mode 100644
index 1008aad8c..000000000
--- a/vendor/github.com/docker/distribution/registry/storage/blobstore.go
+++ /dev/null
@@ -1,212 +0,0 @@
-package storage
-
-import (
-	"context"
-	"path"
-
-	"github.com/docker/distribution"
-	dcontext "github.com/docker/distribution/context"
-	"github.com/docker/distribution/registry/storage/driver"
-	"github.com/opencontainers/go-digest"
-)
-
-// blobStore implements the read side of the blob store interface over a
-// driver without enforcing per-repository membership. This object is
-// intentionally a leaky abstraction, providing utility methods that support
-// creating and traversing backend links.
-type blobStore struct {
-	driver  driver.StorageDriver
-	statter distribution.BlobStatter
-}
-
-var _ distribution.BlobProvider = &blobStore{}
-
-// Get implements the BlobReadService.Get call.
-func (bs *blobStore) Get(ctx context.Context, dgst digest.Digest) ([]byte, error) {
-	bp, err := bs.path(dgst)
-	if err != nil {
-		return nil, err
-	}
-
-	p, err := getContent(ctx, bs.driver, bp)
-	if err != nil {
-		switch err.(type) {
-		case driver.PathNotFoundError:
-			return nil, distribution.ErrBlobUnknown
-		}
-
-		return nil, err
-	}
-
-	return p, nil
-}
-
-func (bs *blobStore) Open(ctx context.Context, dgst digest.Digest) (distribution.ReadSeekCloser, error) {
-	desc, err := bs.statter.Stat(ctx, dgst)
-	if err != nil {
-		return nil, err
-	}
-
-	path, err := bs.path(desc.Digest)
-	if err != nil {
-		return nil, err
-	}
-
-	return newFileReader(ctx, bs.driver, path, desc.Size)
-}
-
-// Put stores the content p in the blob store, calculating the digest. If the
-// content is already present, only the digest will be returned. This should
-// only be used for small objects, such as manifests. This implemented as a convenience for other Put implementations
-func (bs *blobStore) Put(ctx context.Context, mediaType string, p []byte) (distribution.Descriptor, error) {
-	dgst := digest.FromBytes(p)
-	desc, err := bs.statter.Stat(ctx, dgst)
-	if err == nil {
-		// content already present
-		return desc, nil
-	} else if err != distribution.ErrBlobUnknown {
-		dcontext.GetLogger(ctx).Errorf("blobStore: error stating content (%v): %v", dgst, err)
-		// real error, return it
-		return distribution.Descriptor{}, err
-	}
-
-	bp, err := bs.path(dgst)
-	if err != nil {
-		return distribution.Descriptor{}, err
-	}
-
-	// TODO(stevvooe): Write out mediatype here, as well.
-	return distribution.Descriptor{
-		Size: int64(len(p)),
-
-		// NOTE(stevvooe): The central blob store firewalls media types from
-		// other users. The caller should look this up and override the value
-		// for the specific repository.
-		MediaType: "application/octet-stream",
-		Digest:    dgst,
-	}, bs.driver.PutContent(ctx, bp, p)
-}
-
-func (bs *blobStore) Enumerate(ctx context.Context, ingester func(dgst digest.Digest) error) error {
-	specPath, err := pathFor(blobsPathSpec{})
-	if err != nil {
-		return err
-	}
-
-	return bs.driver.Walk(ctx, specPath, func(fileInfo driver.FileInfo) error {
-		// skip directories
-		if fileInfo.IsDir() {
-			return nil
-		}
-
-		currentPath := fileInfo.Path()
-		// we only want to parse paths that end with /data
-		_, fileName := path.Split(currentPath)
-		if fileName != "data" {
-			return nil
-		}
-
-		digest, err := digestFromPath(currentPath)
-		if err != nil {
-			return err
-		}
-
-		return ingester(digest)
-	})
-}
-
-// path returns the canonical path for the blob identified by digest. The blob
-// may or may not exist.
-func (bs *blobStore) path(dgst digest.Digest) (string, error) {
-	bp, err := pathFor(blobDataPathSpec{
-		digest: dgst,
-	})
-
-	if err != nil {
-		return "", err
-	}
-
-	return bp, nil
-}
-
-// link links the path to the provided digest by writing the digest into the
-// target file. Caller must ensure that the blob actually exists.
-func (bs *blobStore) link(ctx context.Context, path string, dgst digest.Digest) error {
-	// The contents of the "link" file are the exact string contents of the
-	// digest, which is specified in that package.
-	return bs.driver.PutContent(ctx, path, []byte(dgst))
-}
-
-// readlink returns the linked digest at path.
-func (bs *blobStore) readlink(ctx context.Context, path string) (digest.Digest, error) {
-	content, err := bs.driver.GetContent(ctx, path)
-	if err != nil {
-		return "", err
-	}
-
-	linked, err := digest.Parse(string(content))
-	if err != nil {
-		return "", err
-	}
-
-	return linked, nil
-}
-
-type blobStatter struct {
-	driver driver.StorageDriver
-}
-
-var _ distribution.BlobDescriptorService = &blobStatter{}
-
-// Stat implements BlobStatter.Stat by returning the descriptor for the blob
-// in the main blob store. If this method returns successfully, there is
-// strong guarantee that the blob exists and is available.
-func (bs *blobStatter) Stat(ctx context.Context, dgst digest.Digest) (distribution.Descriptor, error) {
-	path, err := pathFor(blobDataPathSpec{
-		digest: dgst,
-	})
-
-	if err != nil {
-		return distribution.Descriptor{}, err
-	}
-
-	fi, err := bs.driver.Stat(ctx, path)
-	if err != nil {
-		switch err := err.(type) {
-		case driver.PathNotFoundError:
-			return distribution.Descriptor{}, distribution.ErrBlobUnknown
-		default:
-			return distribution.Descriptor{}, err
-		}
-	}
-
-	if fi.IsDir() {
-		// NOTE(stevvooe): This represents a corruption situation. Somehow, we
-		// calculated a blob path and then detected a directory. We log the
-		// error and then error on the side of not knowing about the blob.
-		dcontext.GetLogger(ctx).Warnf("blob path should not be a directory: %q", path)
-		return distribution.Descriptor{}, distribution.ErrBlobUnknown
-	}
-
-	// TODO(stevvooe): Add method to resolve the mediatype. We can store and
-	// cache a "global" media type for the blob, even if a specific repo has a
-	// mediatype that overrides the main one.
-
-	return distribution.Descriptor{
-		Size: fi.Size(),
-
-		// NOTE(stevvooe): The central blob store firewalls media types from
-		// other users. The caller should look this up and override the value
-		// for the specific repository.
-		MediaType: "application/octet-stream",
-		Digest:    dgst,
-	}, nil
-}
-
-func (bs *blobStatter) Clear(ctx context.Context, dgst digest.Digest) error {
-	return distribution.ErrUnsupported
-}
-
-func (bs *blobStatter) SetDescriptor(ctx context.Context, dgst digest.Digest, desc distribution.Descriptor) error {
-	return distribution.ErrUnsupported
-}
diff --git a/vendor/github.com/docker/distribution/registry/storage/blobwriter.go b/vendor/github.com/docker/distribution/registry/storage/blobwriter.go
deleted file mode 100644
index 54c79b6f3..000000000
--- a/vendor/github.com/docker/distribution/registry/storage/blobwriter.go
+++ /dev/null
@@ -1,406 +0,0 @@
-package storage
-
-import (
-	"context"
-	"errors"
-	"fmt"
-	"io"
-	"path"
-	"time"
-
-	"github.com/docker/distribution"
-	dcontext "github.com/docker/distribution/context"
-	storagedriver "github.com/docker/distribution/registry/storage/driver"
-	"github.com/opencontainers/go-digest"
-	"github.com/sirupsen/logrus"
-)
-
-var (
-	errResumableDigestNotAvailable = errors.New("resumable digest not available")
-)
-
-const (
-	// digestSha256Empty is the canonical sha256 digest of empty data
-	digestSha256Empty = "sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"
-)
-
-// blobWriter is used to control the various aspects of resumable
-// blob upload.
-type blobWriter struct {
-	ctx       context.Context
-	blobStore *linkedBlobStore
-
-	id        string
-	startedAt time.Time
-	digester  digest.Digester
-	written   int64 // track the write to digester
-
-	fileWriter storagedriver.FileWriter
-	driver     storagedriver.StorageDriver
-	path       string
-
-	resumableDigestEnabled bool
-	committed              bool
-}
-
-var _ distribution.BlobWriter = &blobWriter{}
-
-// ID returns the identifier for this upload.
-func (bw *blobWriter) ID() string {
-	return bw.id
-}
-
-func (bw *blobWriter) StartedAt() time.Time {
-	return bw.startedAt
-}
-
-// Commit marks the upload as completed, returning a valid descriptor. The
-// final size and digest are checked against the first descriptor provided.
-func (bw *blobWriter) Commit(ctx context.Context, desc distribution.Descriptor) (distribution.Descriptor, error) {
-	dcontext.GetLogger(ctx).Debug("(*blobWriter).Commit")
-
-	if err := bw.fileWriter.Commit(); err != nil {
-		return distribution.Descriptor{}, err
-	}
-
-	bw.Close()
-	desc.Size = bw.Size()
-
-	canonical, err := bw.validateBlob(ctx, desc)
-	if err != nil {
-		return distribution.Descriptor{}, err
-	}
-
-	if err := bw.moveBlob(ctx, canonical); err != nil {
-		return distribution.Descriptor{}, err
-	}
-
-	if err := bw.blobStore.linkBlob(ctx, canonical, desc.Digest); err != nil {
-		return distribution.Descriptor{}, err
-	}
-
-	if err := bw.removeResources(ctx); err != nil {
-		return distribution.Descriptor{}, err
-	}
-
-	err = bw.blobStore.blobAccessController.SetDescriptor(ctx, canonical.Digest, canonical)
-	if err != nil {
-		return distribution.Descriptor{}, err
-	}
-
-	bw.committed = true
-	return canonical, nil
-}
-
-// Cancel the blob upload process, releasing any resources associated with
-// the writer and canceling the operation.
-func (bw *blobWriter) Cancel(ctx context.Context) error {
-	dcontext.GetLogger(ctx).Debug("(*blobWriter).Cancel")
-	if err := bw.fileWriter.Cancel(); err != nil {
-		return err
-	}
-
-	if err := bw.Close(); err != nil {
-		dcontext.GetLogger(ctx).Errorf("error closing blobwriter: %s", err)
-	}
-
-	return bw.removeResources(ctx)
-}
-
-func (bw *blobWriter) Size() int64 {
-	return bw.fileWriter.Size()
-}
-
-func (bw *blobWriter) Write(p []byte) (int, error) {
-	// Ensure that the current write offset matches how many bytes have been
-	// written to the digester. If not, we need to update the digest state to
-	// match the current write position.
-	if err := bw.resumeDigest(bw.blobStore.ctx); err != nil && err != errResumableDigestNotAvailable {
-		return 0, err
-	}
-
-	_, err := bw.fileWriter.Write(p)
-	if err != nil {
-		return 0, err
-	}
-
-	n, err := bw.digester.Hash().Write(p)
-	bw.written += int64(n)
-
-	return n, err
-}
-
-func (bw *blobWriter) ReadFrom(r io.Reader) (n int64, err error) {
-	// Ensure that the current write offset matches how many bytes have been
-	// written to the digester. If not, we need to update the digest state to
-	// match the current write position.
-	if err := bw.resumeDigest(bw.blobStore.ctx); err != nil && err != errResumableDigestNotAvailable {
-		return 0, err
-	}
-
-	// Using a TeeReader instead of MultiWriter ensures Copy returns
-	// the amount written to the digester as well as ensuring that we
-	// write to the fileWriter first
-	tee := io.TeeReader(r, bw.fileWriter)
-	nn, err := io.Copy(bw.digester.Hash(), tee)
-	bw.written += nn
-
-	return nn, err
-}
-
-func (bw *blobWriter) Close() error {
-	if bw.committed {
-		return errors.New("blobwriter close after commit")
-	}
-
-	if err := bw.storeHashState(bw.blobStore.ctx); err != nil && err != errResumableDigestNotAvailable {
-		return err
-	}
-
-	return bw.fileWriter.Close()
-}
-
-// validateBlob checks the data against the digest, returning an error if it
-// does not match. The canonical descriptor is returned.
-func (bw *blobWriter) validateBlob(ctx context.Context, desc distribution.Descriptor) (distribution.Descriptor, error) {
-	var (
-		verified, fullHash bool
-		canonical          digest.Digest
-	)
-
-	if desc.Digest == "" {
-		// if no descriptors are provided, we have nothing to validate
-		// against. We don't really want to support this for the registry.
-		return distribution.Descriptor{}, distribution.ErrBlobInvalidDigest{
-			Reason: fmt.Errorf("cannot validate against empty digest"),
-		}
-	}
-
-	var size int64
-
-	// Stat the on disk file
-	if fi, err := bw.driver.Stat(ctx, bw.path); err != nil {
-		switch err := err.(type) {
-		case storagedriver.PathNotFoundError:
-			// NOTE(stevvooe): We really don't care if the file is
-			// not actually present for the reader. We now assume
-			// that the desc length is zero.
-			desc.Size = 0
-		default:
-			// Any other error we want propagated up the stack.
-			return distribution.Descriptor{}, err
-		}
-	} else {
-		if fi.IsDir() {
-			return distribution.Descriptor{}, fmt.Errorf("unexpected directory at upload location %q", bw.path)
-		}
-
-		size = fi.Size()
-	}
-
-	if desc.Size > 0 {
-		if desc.Size != size {
-			return distribution.Descriptor{}, distribution.ErrBlobInvalidLength
-		}
-	} else {
-		// if provided 0 or negative length, we can assume caller doesn't know or
-		// care about length.
-		desc.Size = size
-	}
-
-	// TODO(stevvooe): This section is very meandering. Need to be broken down
-	// to be a lot more clear.
-
-	if err := bw.resumeDigest(ctx); err == nil {
-		canonical = bw.digester.Digest()
-
-		if canonical.Algorithm() == desc.Digest.Algorithm() {
-			// Common case: client and server prefer the same canonical digest
-			// algorithm - currently SHA256.
-			verified = desc.Digest == canonical
-		} else {
-			// The client wants to use a different digest algorithm. They'll just
-			// have to be patient and wait for us to download and re-hash the
-			// uploaded content using that digest algorithm.
-			fullHash = true
-		}
-	} else if err == errResumableDigestNotAvailable {
-		// Not using resumable digests, so we need to hash the entire layer.
-		fullHash = true
-	} else {
-		return distribution.Descriptor{}, err
-	}
-
-	if fullHash {
-		// a fantastic optimization: if the the written data and the size are
-		// the same, we don't need to read the data from the backend. This is
-		// because we've written the entire file in the lifecycle of the
-		// current instance.
-		if bw.written == size && digest.Canonical == desc.Digest.Algorithm() {
-			canonical = bw.digester.Digest()
-			verified = desc.Digest == canonical
-		}
-
-		// If the check based on size fails, we fall back to the slowest of
-		// paths. We may be able to make the size-based check a stronger
-		// guarantee, so this may be defensive.
-		if !verified {
-			digester := digest.Canonical.Digester()
-			verifier := desc.Digest.Verifier()
-
-			// Read the file from the backend driver and validate it.
-			fr, err := newFileReader(ctx, bw.driver, bw.path, desc.Size)
-			if err != nil {
-				return distribution.Descriptor{}, err
-			}
-			defer fr.Close()
-
-			tr := io.TeeReader(fr, digester.Hash())
-
-			if _, err := io.Copy(verifier, tr); err != nil {
-				return distribution.Descriptor{}, err
-			}
-
-			canonical = digester.Digest()
-			verified = verifier.Verified()
-		}
-	}
-
-	if !verified {
-		dcontext.GetLoggerWithFields(ctx,
-			map[interface{}]interface{}{
-				"canonical": canonical,
-				"provided":  desc.Digest,
-			}, "canonical", "provided").
-			Errorf("canonical digest does match provided digest")
-		return distribution.Descriptor{}, distribution.ErrBlobInvalidDigest{
-			Digest: desc.Digest,
-			Reason: fmt.Errorf("content does not match digest"),
-		}
-	}
-
-	// update desc with canonical hash
-	desc.Digest = canonical
-
-	if desc.MediaType == "" {
-		desc.MediaType = "application/octet-stream"
-	}
-
-	return desc, nil
-}
-
-// moveBlob moves the data into its final, hash-qualified destination,
-// identified by dgst. The layer should be validated before commencing the
-// move.
-func (bw *blobWriter) moveBlob(ctx context.Context, desc distribution.Descriptor) error {
-	blobPath, err := pathFor(blobDataPathSpec{
-		digest: desc.Digest,
-	})
-
-	if err != nil {
-		return err
-	}
-
-	// Check for existence
-	if _, err := bw.blobStore.driver.Stat(ctx, blobPath); err != nil {
-		switch err := err.(type) {
-		case storagedriver.PathNotFoundError:
-			break // ensure that it doesn't exist.
-		default:
-			return err
-		}
-	} else {
-		// If the path exists, we can assume that the content has already
-		// been uploaded, since the blob storage is content-addressable.
-		// While it may be corrupted, detection of such corruption belongs
-		// elsewhere.
-		return nil
-	}
-
-	// If no data was received, we may not actually have a file on disk. Check
-	// the size here and write a zero-length file to blobPath if this is the
-	// case. For the most part, this should only ever happen with zero-length
-	// blobs.
-	if _, err := bw.blobStore.driver.Stat(ctx, bw.path); err != nil {
-		switch err := err.(type) {
-		case storagedriver.PathNotFoundError:
-			// HACK(stevvooe): This is slightly dangerous: if we verify above,
-			// get a hash, then the underlying file is deleted, we risk moving
-			// a zero-length blob into a nonzero-length blob location. To
-			// prevent this horrid thing, we employ the hack of only allowing
-			// to this happen for the digest of an empty blob.
-			if desc.Digest == digestSha256Empty {
-				return bw.blobStore.driver.PutContent(ctx, blobPath, []byte{})
-			}
-
-			// We let this fail during the move below.
-			logrus.
-				WithField("upload.id", bw.ID()).
-				WithField("digest", desc.Digest).Warnf("attempted to move zero-length content with non-zero digest")
-		default:
-			return err // unrelated error
-		}
-	}
-
-	// TODO(stevvooe): We should also write the mediatype when executing this move.
-
-	return bw.blobStore.driver.Move(ctx, bw.path, blobPath)
-}
-
-// removeResources should clean up all resources associated with the upload
-// instance. An error will be returned if the clean up cannot proceed. If the
-// resources are already not present, no error will be returned.
-func (bw *blobWriter) removeResources(ctx context.Context) error {
-	dataPath, err := pathFor(uploadDataPathSpec{
-		name: bw.blobStore.repository.Named().Name(),
-		id:   bw.id,
-	})
-
-	if err != nil {
-		return err
-	}
-
-	// Resolve and delete the containing directory, which should include any
-	// upload related files.
-	dirPath := path.Dir(dataPath)
-	if err := bw.blobStore.driver.Delete(ctx, dirPath); err != nil {
-		switch err := err.(type) {
-		case storagedriver.PathNotFoundError:
-			break // already gone!
-		default:
-			// This should be uncommon enough such that returning an error
-			// should be okay. At this point, the upload should be mostly
-			// complete, but perhaps the backend became unaccessible.
-			dcontext.GetLogger(ctx).Errorf("unable to delete layer upload resources %q: %v", dirPath, err)
-			return err
-		}
-	}
-
-	return nil
-}
-
-func (bw *blobWriter) Reader() (io.ReadCloser, error) {
-	// todo(richardscothern): Change to exponential backoff, i=0.5, e=2, n=4
-	try := 1
-	for try <= 5 {
-		_, err := bw.driver.Stat(bw.ctx, bw.path)
-		if err == nil {
-			break
-		}
-		switch err.(type) {
-		case storagedriver.PathNotFoundError:
-			dcontext.GetLogger(bw.ctx).Debugf("Nothing found on try %d, sleeping...", try)
-			time.Sleep(1 * time.Second)
-			try++
-		default:
-			return nil, err
-		}
-	}
-
-	readCloser, err := bw.driver.Reader(bw.ctx, bw.path, 0)
-	if err != nil {
-		return nil, err
-	}
-
-	return readCloser, nil
-}
diff --git a/vendor/github.com/docker/distribution/registry/storage/blobwriter_nonresumable.go b/vendor/github.com/docker/distribution/registry/storage/blobwriter_nonresumable.go
deleted file mode 100644
index 38267cf60..000000000
--- a/vendor/github.com/docker/distribution/registry/storage/blobwriter_nonresumable.go
+++ /dev/null
@@ -1,18 +0,0 @@
-//go:build noresumabledigest
-// +build noresumabledigest
-
-package storage
-
-import (
-	"github.com/docker/distribution/context"
-)
-
-// resumeHashAt is a noop when resumable digest support is disabled.
-func (bw *blobWriter) resumeDigest(ctx context.Context) error {
-	return errResumableDigestNotAvailable
-}
-
-// storeHashState is a noop when resumable digest support is disabled.
-func (bw *blobWriter) storeHashState(ctx context.Context) error {
-	return errResumableDigestNotAvailable
-}
diff --git a/vendor/github.com/docker/distribution/registry/storage/blobwriter_resumable.go b/vendor/github.com/docker/distribution/registry/storage/blobwriter_resumable.go
deleted file mode 100644
index 8406cfd1f..000000000
--- a/vendor/github.com/docker/distribution/registry/storage/blobwriter_resumable.go
+++ /dev/null
@@ -1,145 +0,0 @@
-//go:build !noresumabledigest
-// +build !noresumabledigest
-
-package storage
-
-import (
-	"context"
-	"encoding"
-	"fmt"
-	"hash"
-	"path"
-	"strconv"
-
-	storagedriver "github.com/docker/distribution/registry/storage/driver"
-	"github.com/sirupsen/logrus"
-)
-
-// resumeDigest attempts to restore the state of the internal hash function
-// by loading the most recent saved hash state equal to the current size of the blob.
-func (bw *blobWriter) resumeDigest(ctx context.Context) error {
-	if !bw.resumableDigestEnabled {
-		return errResumableDigestNotAvailable
-	}
-
-	h, ok := bw.digester.Hash().(encoding.BinaryUnmarshaler)
-	if !ok {
-		return errResumableDigestNotAvailable
-	}
-
-	offset := bw.fileWriter.Size()
-	if offset == bw.written {
-		// State of digester is already at the requested offset.
-		return nil
-	}
-
-	// List hash states from storage backend.
-	var hashStateMatch hashStateEntry
-	hashStates, err := bw.getStoredHashStates(ctx)
-	if err != nil {
-		return fmt.Errorf("unable to get stored hash states with offset %d: %s", offset, err)
-	}
-
-	// Find the highest stored hashState with offset equal to
-	// the requested offset.
-	for _, hashState := range hashStates {
-		if hashState.offset == offset {
-			hashStateMatch = hashState
-			break // Found an exact offset match.
-		}
-	}
-
-	if hashStateMatch.offset == 0 {
-		// No need to load any state, just reset the hasher.
-		h.(hash.Hash).Reset()
-	} else {
-		storedState, err := bw.driver.GetContent(ctx, hashStateMatch.path)
-		if err != nil {
-			return err
-		}
-
-		if err = h.UnmarshalBinary(storedState); err != nil {
-			return err
-		}
-		bw.written = hashStateMatch.offset
-	}
-
-	// Mind the gap.
-	if gapLen := offset - bw.written; gapLen > 0 {
-		return errResumableDigestNotAvailable
-	}
-
-	return nil
-}
-
-type hashStateEntry struct {
-	offset int64
-	path   string
-}
-
-// getStoredHashStates returns a slice of hashStateEntries for this upload.
-func (bw *blobWriter) getStoredHashStates(ctx context.Context) ([]hashStateEntry, error) {
-	uploadHashStatePathPrefix, err := pathFor(uploadHashStatePathSpec{
-		name: bw.blobStore.repository.Named().String(),
-		id:   bw.id,
-		alg:  bw.digester.Digest().Algorithm(),
-		list: true,
-	})
-
-	if err != nil {
-		return nil, err
-	}
-
-	paths, err := bw.blobStore.driver.List(ctx, uploadHashStatePathPrefix)
-	if err != nil {
-		if _, ok := err.(storagedriver.PathNotFoundError); !ok {
-			return nil, err
-		}
-		// Treat PathNotFoundError as no entries.
-		paths = nil
-	}
-
-	hashStateEntries := make([]hashStateEntry, 0, len(paths))
-
-	for _, p := range paths {
-		pathSuffix := path.Base(p)
-		// The suffix should be the offset.
-		offset, err := strconv.ParseInt(pathSuffix, 0, 64)
-		if err != nil {
-			logrus.Errorf("unable to parse offset from upload state path %q: %s", p, err)
-		}
-
-		hashStateEntries = append(hashStateEntries, hashStateEntry{offset: offset, path: p})
-	}
-
-	return hashStateEntries, nil
-}
-
-func (bw *blobWriter) storeHashState(ctx context.Context) error {
-	if !bw.resumableDigestEnabled {
-		return errResumableDigestNotAvailable
-	}
-
-	h, ok := bw.digester.Hash().(encoding.BinaryMarshaler)
-	if !ok {
-		return errResumableDigestNotAvailable
-	}
-
-	state, err := h.MarshalBinary()
-	if err != nil {
-		return err
-	}
-
-	uploadHashStatePath, err := pathFor(uploadHashStatePathSpec{
-		name:   bw.blobStore.repository.Named().String(),
-		id:     bw.id,
-		alg:    bw.digester.Digest().Algorithm(),
-		offset: bw.written,
-	})
-
-	if err != nil {
-		return err
-	}
-
-	return bw.driver.PutContent(ctx, uploadHashStatePath, state)
-}
diff --git a/vendor/github.com/docker/distribution/registry/storage/cache/cachecheck/suite.go b/vendor/github.com/docker/distribution/registry/storage/cache/cachecheck/suite.go
deleted file mode 100644
index d241bd04c..000000000
--- a/vendor/github.com/docker/distribution/registry/storage/cache/cachecheck/suite.go
+++ /dev/null
@@ -1,179 +0,0 @@
-package cachecheck
-
-import (
-	"context"
-	"reflect"
-	"testing"
-
-	"github.com/docker/distribution"
-	"github.com/docker/distribution/registry/storage/cache"
-	"github.com/opencontainers/go-digest"
-)
-
-// CheckBlobDescriptorCache takes a cache implementation through a common set
-// of operations. If adding new tests, please add them here so new
-// implementations get the benefit. This should be used for unit tests.
-func CheckBlobDescriptorCache(t *testing.T, provider cache.BlobDescriptorCacheProvider) {
-	ctx := context.Background()
-
-	checkBlobDescriptorCacheEmptyRepository(ctx, t, provider)
-	checkBlobDescriptorCacheSetAndRead(ctx, t, provider)
-	checkBlobDescriptorCacheClear(ctx, t, provider)
-}
-
-func checkBlobDescriptorCacheEmptyRepository(ctx context.Context, t *testing.T, provider cache.BlobDescriptorCacheProvider) {
-	if _, err := provider.Stat(ctx, "sha384:abc111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111"); err != distribution.ErrBlobUnknown {
-		t.Fatalf("expected unknown blob error with empty store: %v", err)
-	}
-
-	_, err := provider.RepositoryScoped("")
-	if err == nil {
-		t.Fatalf("expected an error when asking for invalid repo")
-	}
-
-	cache, err := provider.RepositoryScoped("foo/bar")
-	if err != nil {
-		t.Fatalf("unexpected error getting repository: %v", err)
-	}
-
-	if err := cache.SetDescriptor(ctx, "", distribution.Descriptor{
-		Digest:    "sha384:abc",
-		Size:      10,
-		MediaType: "application/octet-stream"}); err != digest.ErrDigestInvalidFormat {
-		t.Fatalf("expected error with invalid digest: %v", err)
-	}
-
-	if err := cache.SetDescriptor(ctx, "sha384:abc111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111", distribution.Descriptor{
-		Digest:    "",
-		Size:      10,
-		MediaType: "application/octet-stream"}); err == nil {
-		t.Fatalf("expected error setting value on invalid descriptor")
-	}
-
-	if _, err := cache.Stat(ctx, ""); err != digest.ErrDigestInvalidFormat {
-		t.Fatalf("expected error checking for cache item with empty digest: %v", err)
-	}
-
-	if _, err := cache.Stat(ctx, "sha384:abc111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111"); err != distribution.ErrBlobUnknown {
-		t.Fatalf("expected unknown blob error with empty repo: %v", err)
-	}
-}
-
-func checkBlobDescriptorCacheSetAndRead(ctx context.Context, t *testing.T, provider cache.BlobDescriptorCacheProvider) {
-	localDigest := digest.Digest("sha384:abc111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111")
-	expected := distribution.Descriptor{
-		Digest:    "sha256:abc1111111111111111111111111111111111111111111111111111111111111",
-		Size:      10,
-		MediaType: "application/octet-stream"}
-
-	cache, err := provider.RepositoryScoped("foo/bar")
-	if err != nil {
-		t.Fatalf("unexpected error getting scoped cache: %v", err)
-	}
-
-	if err := cache.SetDescriptor(ctx, localDigest, expected); err != nil {
-		t.Fatalf("error setting descriptor: %v", err)
-	}
-
-	desc, err := cache.Stat(ctx, localDigest)
-	if err != nil {
-		t.Fatalf("unexpected error statting fake2:abc: %v", err)
-	}
-
-	if !reflect.DeepEqual(expected, desc) {
-		t.Fatalf("unexpected descriptor: %#v != %#v", expected, desc)
-	}
-
-	// also check that we set the canonical key ("fake:abc")
-	desc, err = cache.Stat(ctx, localDigest)
-	if err != nil {
-		t.Fatalf("descriptor not returned for canonical key: %v", err)
-	}
-
-	if !reflect.DeepEqual(expected, desc) {
-		t.Fatalf("unexpected descriptor: %#v != %#v", expected, desc)
-	}
-
-	// ensure that global gets extra descriptor mapping
-	desc, err = provider.Stat(ctx, localDigest)
-	if err != nil {
-		t.Fatalf("expected blob unknown in global cache: %v, %v", err, desc)
-	}
-
-	if !reflect.DeepEqual(desc, expected) {
-		t.Fatalf("unexpected descriptor: %#v != %#v", expected, desc)
-	}
-
-	// get at it through canonical descriptor
-	desc, err = provider.Stat(ctx, expected.Digest)
-	if err != nil {
-		t.Fatalf("unexpected error checking glboal descriptor: %v", err)
-	}
-
-	if !reflect.DeepEqual(desc, expected) {
-		t.Fatalf("unexpected descriptor: %#v != %#v", expected, desc)
-	}
-
-	// now, we set the repo local mediatype to something else and ensure it
-	// doesn't get changed in the provider cache.
-	expected.MediaType = "application/json"
-
-	if err := cache.SetDescriptor(ctx, localDigest, expected); err != nil {
-		t.Fatalf("unexpected error setting descriptor: %v", err)
-	}
-
-	desc, err = cache.Stat(ctx, localDigest)
-	if err != nil {
-		t.Fatalf("unexpected error getting descriptor: %v", err)
-	}
-
-	if !reflect.DeepEqual(desc, expected) {
-		t.Fatalf("unexpected descriptor: %#v != %#v", desc, expected)
-	}
-
-	desc, err = provider.Stat(ctx, localDigest)
-	if err != nil {
-		t.Fatalf("unexpected error getting global descriptor: %v", err)
-	}
-
-	expected.MediaType = "application/octet-stream" // expect original mediatype in global
-
-	if !reflect.DeepEqual(desc, expected) {
-		t.Fatalf("unexpected descriptor: %#v != %#v", desc, expected)
-	}
-}
-
-func checkBlobDescriptorCacheClear(ctx context.Context, t *testing.T, provider cache.BlobDescriptorCacheProvider) {
-	localDigest := digest.Digest("sha384:def111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111")
-	expected := distribution.Descriptor{
-		Digest:    "sha256:def1111111111111111111111111111111111111111111111111111111111111",
-		Size:      10,
-		MediaType: "application/octet-stream"}
-
-	cache, err := provider.RepositoryScoped("foo/bar")
-	if err != nil {
-		t.Fatalf("unexpected error getting scoped cache: %v", err)
-	}
-
-	if err := cache.SetDescriptor(ctx, localDigest, expected); err != nil {
-		t.Fatalf("error setting descriptor: %v", err)
-	}
-
-	desc, err := cache.Stat(ctx, localDigest)
-	if err != nil {
-		t.Fatalf("unexpected error statting fake2:abc: %v", err)
-	}
-
-	if !reflect.DeepEqual(expected, desc) {
-		t.Fatalf("unexpected descriptor: %#v != %#v", expected, desc)
-	}
-
-	err = cache.Clear(ctx, localDigest)
-	if err != nil {
-		t.Error(err)
-	}
-
-	if _, err = cache.Stat(ctx, localDigest); err == nil {
-		t.Fatalf("expected error statting deleted blob: %v", err)
-	}
-}
diff --git a/vendor/github.com/docker/distribution/registry/storage/cache/redis/redis.go b/vendor/github.com/docker/distribution/registry/storage/cache/redis/redis.go
deleted file mode 100644
index 550d703b6..000000000
--- a/vendor/github.com/docker/distribution/registry/storage/cache/redis/redis.go
+++ /dev/null
@@ -1,268 +0,0 @@
-package redis
-
-import (
-	"context"
-	"fmt"
-
-	"github.com/docker/distribution"
-	"github.com/docker/distribution/reference"
-	"github.com/docker/distribution/registry/storage/cache"
-	"github.com/garyburd/redigo/redis"
-	"github.com/opencontainers/go-digest"
-)
-
-// redisBlobStatService provides an implementation of
-// BlobDescriptorCacheProvider based on redis. Blob descriptors are stored in
-// two parts. The first provide fast access to repository membership through a
-// redis set for each repo. The second is a redis hash keyed by the digest of
-// the layer, providing path, length and mediatype information. There is also
-// a per-repository redis hash of the blob descriptor, allowing override of
-// data. This is currently used to override the mediatype on a per-repository
-// basis.
-//
-// Note that there is no implied relationship between these two caches. The
-// layer may exist in one, both or none and the code must be written this way.
-type redisBlobDescriptorService struct {
-	pool *redis.Pool
-
-	// TODO(stevvooe): We use a pool because we don't have great control over
-	// the cache lifecycle to manage connections. A new connection if fetched
-	// for each operation. Once we have better lifecycle management of the
-	// request objects, we can change this to a connection.
-}
-
-// NewRedisBlobDescriptorCacheProvider returns a new redis-based
-// BlobDescriptorCacheProvider using the provided redis connection pool.
-func NewRedisBlobDescriptorCacheProvider(pool *redis.Pool) cache.BlobDescriptorCacheProvider {
-	return &redisBlobDescriptorService{
-		pool: pool,
-	}
-}
-
-// RepositoryScoped returns the scoped cache.
-func (rbds *redisBlobDescriptorService) RepositoryScoped(repo string) (distribution.BlobDescriptorService, error) {
-	if _, err := reference.ParseNormalizedNamed(repo); err != nil {
-		return nil, err
-	}
-
-	return &repositoryScopedRedisBlobDescriptorService{
-		repo:     repo,
-		upstream: rbds,
-	}, nil
-}
-
-// Stat retrieves the descriptor data from the redis hash entry.
-func (rbds *redisBlobDescriptorService) Stat(ctx context.Context, dgst digest.Digest) (distribution.Descriptor, error) {
-	if err := dgst.Validate(); err != nil {
-		return distribution.Descriptor{}, err
-	}
-
-	conn := rbds.pool.Get()
-	defer conn.Close()
-
-	return rbds.stat(ctx, conn, dgst)
-}
-
-func (rbds *redisBlobDescriptorService) Clear(ctx context.Context, dgst digest.Digest) error {
-	if err := dgst.Validate(); err != nil {
-		return err
-	}
-
-	conn := rbds.pool.Get()
-	defer conn.Close()
-
-	// Not atomic in redis <= 2.3
-	reply, err := conn.Do("HDEL", rbds.blobDescriptorHashKey(dgst), "digest", "size", "mediatype")
-	if err != nil {
-		return err
-	}
-
-	if reply == 0 {
-		return distribution.ErrBlobUnknown
-	}
-
-	return nil
-}
-
-// stat provides an internal stat call that takes a connection parameter. This
-// allows some internal management of the connection scope.
-func (rbds *redisBlobDescriptorService) stat(ctx context.Context, conn redis.Conn, dgst digest.Digest) (distribution.Descriptor, error) {
-	reply, err := redis.Values(conn.Do("HMGET", rbds.blobDescriptorHashKey(dgst), "digest", "size", "mediatype"))
-	if err != nil {
-		return distribution.Descriptor{}, err
-	}
-
-	// NOTE(stevvooe): The "size" field used to be "length". We treat a
-	// missing "size" field here as an unknown blob, which causes a cache
-	// miss, effectively migrating the field.
-	if len(reply) < 3 || reply[0] == nil || reply[1] == nil { // don't care if mediatype is nil
-		return distribution.Descriptor{}, distribution.ErrBlobUnknown
-	}
-
-	var desc distribution.Descriptor
-	if _, err := redis.Scan(reply, &desc.Digest, &desc.Size, &desc.MediaType); err != nil {
-		return distribution.Descriptor{}, err
-	}
-
-	return desc, nil
-}
-
-// SetDescriptor sets the descriptor data for the given digest using a redis
-// hash. A hash is used here since we may store unrelated fields about a layer
-// in the future.
-func (rbds *redisBlobDescriptorService) SetDescriptor(ctx context.Context, dgst digest.Digest, desc distribution.Descriptor) error {
-	if err := dgst.Validate(); err != nil {
-		return err
-	}
-
-	if err := cache.ValidateDescriptor(desc); err != nil {
-		return err
-	}
-
-	conn := rbds.pool.Get()
-	defer conn.Close()
-
-	return rbds.setDescriptor(ctx, conn, dgst, desc)
-}
-
-func (rbds *redisBlobDescriptorService) setDescriptor(ctx context.Context, conn redis.Conn, dgst digest.Digest, desc distribution.Descriptor) error {
-	if _, err := conn.Do("HMSET", rbds.blobDescriptorHashKey(dgst),
-		"digest", desc.Digest,
-		"size", desc.Size); err != nil {
-		return err
-	}
-
-	// Only set mediatype if not already set.
-	if _, err := conn.Do("HSETNX", rbds.blobDescriptorHashKey(dgst),
-		"mediatype", desc.MediaType); err != nil {
-		return err
-	}
-
-	return nil
-}
-
-func (rbds *redisBlobDescriptorService) blobDescriptorHashKey(dgst digest.Digest) string {
-	return "blobs::" + dgst.String()
-}
-
-type repositoryScopedRedisBlobDescriptorService struct {
-	repo     string
-	upstream *redisBlobDescriptorService
-}
-
-var _ distribution.BlobDescriptorService = &repositoryScopedRedisBlobDescriptorService{}
-
-// Stat ensures that the digest is a member of the specified repository and
-// forwards the descriptor request to the global blob store. If the media type
-// differs for the repository, we override it.
-func (rsrbds *repositoryScopedRedisBlobDescriptorService) Stat(ctx context.Context, dgst digest.Digest) (distribution.Descriptor, error) {
-	if err := dgst.Validate(); err != nil {
-		return distribution.Descriptor{}, err
-	}
-
-	conn := rsrbds.upstream.pool.Get()
-	defer conn.Close()
-
-	// Check membership to repository first
-	member, err := redis.Bool(conn.Do("SISMEMBER", rsrbds.repositoryBlobSetKey(rsrbds.repo), dgst))
-	if err != nil {
-		return distribution.Descriptor{}, err
-	}
-
-	if !member {
-		return distribution.Descriptor{}, distribution.ErrBlobUnknown
-	}
-
-	upstream, err := rsrbds.upstream.stat(ctx, conn, dgst)
-	if err != nil {
-		return distribution.Descriptor{}, err
-	}
-
-	// We allow a per repository mediatype, let's look it up here.
-	mediatype, err := redis.String(conn.Do("HGET", rsrbds.blobDescriptorHashKey(dgst), "mediatype"))
-	if err != nil {
-		return distribution.Descriptor{}, err
-	}
-
-	if mediatype != "" {
-		upstream.MediaType = mediatype
-	}
-
-	return upstream, nil
-}
-
-// Clear removes the descriptor from the cache and forwards to the upstream descriptor store
-func (rsrbds *repositoryScopedRedisBlobDescriptorService) Clear(ctx context.Context, dgst digest.Digest) error {
-	if err := dgst.Validate(); err != nil {
-		return err
-	}
-
-	conn := rsrbds.upstream.pool.Get()
-	defer conn.Close()
-
-	// Check membership to repository first
-	member, err := redis.Bool(conn.Do("SISMEMBER", rsrbds.repositoryBlobSetKey(rsrbds.repo), dgst))
-	if err != nil {
-		return err
-	}
-
-	if !member {
-		return distribution.ErrBlobUnknown
-	}
-
-	return rsrbds.upstream.Clear(ctx, dgst)
-}
-
-func (rsrbds *repositoryScopedRedisBlobDescriptorService) SetDescriptor(ctx context.Context, dgst digest.Digest, desc distribution.Descriptor) error {
-	if err := dgst.Validate(); err != nil {
-		return err
-	}
-
-	if err := cache.ValidateDescriptor(desc); err != nil {
-		return err
-	}
-
-	if dgst != desc.Digest {
-		if dgst.Algorithm() == desc.Digest.Algorithm() {
-			return fmt.Errorf("redis cache: digest for descriptors differ but algorithm does not: %q != %q", dgst, desc.Digest)
-		}
-	}
-
-	conn := rsrbds.upstream.pool.Get()
-	defer conn.Close()
-
-	return rsrbds.setDescriptor(ctx, conn, dgst, desc)
-}
-
-func (rsrbds *repositoryScopedRedisBlobDescriptorService) setDescriptor(ctx context.Context, conn redis.Conn, dgst digest.Digest, desc distribution.Descriptor) error {
-	if _, err := conn.Do("SADD", rsrbds.repositoryBlobSetKey(rsrbds.repo), dgst); err != nil {
-		return err
-	}
-
-	if err := rsrbds.upstream.setDescriptor(ctx, conn, dgst, desc); err != nil {
-		return err
-	}
-
-	// Override repository mediatype.
-	if _, err := conn.Do("HSET", rsrbds.blobDescriptorHashKey(dgst), "mediatype", desc.MediaType); err != nil {
-		return err
-	}
-
-	// Also set the values for the primary descriptor, if they differ by
-	// algorithm (ie sha256 vs sha512).
-	if desc.Digest != "" && dgst != desc.Digest && dgst.Algorithm() != desc.Digest.Algorithm() {
-		if err := rsrbds.setDescriptor(ctx, conn, desc.Digest, desc); err != nil {
-			return err
-		}
-	}
-
-	return nil
-}
-
-func (rsrbds *repositoryScopedRedisBlobDescriptorService) blobDescriptorHashKey(dgst digest.Digest) string {
-	return "repository::" + rsrbds.repo + "::blobs::" + dgst.String()
-}
-
-func (rsrbds *repositoryScopedRedisBlobDescriptorService) repositoryBlobSetKey(repo string) string {
-	return "repository::" + rsrbds.repo + "::blobs"
-}
diff --git a/vendor/github.com/docker/distribution/registry/storage/catalog.go b/vendor/github.com/docker/distribution/registry/storage/catalog.go
deleted file mode 100644
index ebf80e05b..000000000
--- a/vendor/github.com/docker/distribution/registry/storage/catalog.go
+++ /dev/null
@@ -1,159 +0,0 @@
-package storage
-
-import (
-	"context"
-	"errors"
-	"io"
-	"path"
-	"strings"
-
-	"github.com/docker/distribution/reference"
-	"github.com/docker/distribution/registry/storage/driver"
-)
-
-// Returns a list, or partial list, of repositories in the registry.
-// Because it's a quite expensive operation, it should only be used when building up
-// an initial set of repositories.
-func (reg *registry) Repositories(ctx context.Context, repos []string, last string) (n int, err error) {
-	var finishedWalk bool
-	var foundRepos []string
-
-	if len(repos) == 0 {
-		return 0, errors.New("no space in slice")
-	}
-
-	root, err := pathFor(repositoriesRootPathSpec{})
-	if err != nil {
-		return 0, err
-	}
-
-	err = reg.blobStore.driver.Walk(ctx, root, func(fileInfo driver.FileInfo) error {
-		err := handleRepository(fileInfo, root, last, func(repoPath string) error {
-			foundRepos = append(foundRepos, repoPath)
-			return nil
-		})
-		if err != nil {
-			return err
-		}
-
-		// if we've filled our array, no need to walk any further
-		if len(foundRepos) == len(repos) {
-			finishedWalk = true
-			return driver.ErrSkipDir
-		}
-
-		return nil
-	})
-
-	n = copy(repos, foundRepos)
-
-	if err != nil {
-		return n, err
-	} else if !finishedWalk {
-		// We didn't fill buffer. No more records are available.
-		return n, io.EOF
-	}
-
-	return n, err
-}
-
-// Enumerate applies ingester to each repository
-func (reg *registry) Enumerate(ctx context.Context, ingester func(string) error) error {
-	root, err := pathFor(repositoriesRootPathSpec{})
-	if err != nil {
-		return err
-	}
-
-	err = reg.blobStore.driver.Walk(ctx, root, func(fileInfo driver.FileInfo) error {
-		return handleRepository(fileInfo, root, "", ingester)
-	})
-
-	return err
-}
-
-// Remove removes a repository from storage
-func (reg *registry) Remove(ctx context.Context, name reference.Named) error {
-	root, err := pathFor(repositoriesRootPathSpec{})
-	if err != nil {
-		return err
-	}
-	repoDir := path.Join(root, name.Name())
-	return reg.driver.Delete(ctx, repoDir)
-}
-
-// lessPath returns true if one path a is less than path b.
-//
-// A component-wise comparison is done, rather than the lexical comparison of
-// strings.
-func lessPath(a, b string) bool {
-	// we provide this behavior by making separator always sort first.
-	return compareReplaceInline(a, b, '/', '\x00') < 0
-}
-
-// compareReplaceInline modifies runtime.cmpstring to replace old with new
-// during a byte-wise comparison.
-func compareReplaceInline(s1, s2 string, old, new byte) int {
-	// TODO(stevvooe): We are missing an optimization when the s1 and s2 have
-	// the exact same slice header. It will make the code unsafe but can
-	// provide some extra performance.
-
-	l := len(s1)
-	if len(s2) < l {
-		l = len(s2)
-	}
-
-	for i := 0; i < l; i++ {
-		c1, c2 := s1[i], s2[i]
-		if c1 == old {
-			c1 = new
-		}
-
-		if c2 == old {
-			c2 = new
-		}
-
-		if c1 < c2 {
-			return -1
-		}
-
-		if c1 > c2 {
-			return +1
-		}
-	}
-
-	if len(s1) < len(s2) {
-		return -1
-	}
-
-	if len(s1) > len(s2) {
-		return +1
-	}
-
-	return 0
-}
-
-// handleRepository calls function fn with a repository path if fileInfo
-// has a path of a repository under root and that it is lexographically
-// after last. Otherwise, it will return ErrSkipDir. This should be used
-// with Walk to do handling with repositories in a storage.
-func handleRepository(fileInfo driver.FileInfo, root, last string, fn func(repoPath string) error) error {
-	filePath := fileInfo.Path()
-
-	// lop the base path off
-	repo := filePath[len(root)+1:]
-
-	_, file := path.Split(repo)
-	if file == "_layers" {
-		repo = strings.TrimSuffix(repo, "/_layers")
-		if lessPath(last, repo) {
-			if err := fn(repo); err != nil {
-				return err
-			}
-		}
-		return driver.ErrSkipDir
-	} else if strings.HasPrefix(file, "_") {
-		return driver.ErrSkipDir
-	}
-
-	return nil
-}
diff --git a/vendor/github.com/docker/distribution/registry/storage/doc.go b/vendor/github.com/docker/distribution/registry/storage/doc.go
deleted file mode 100644
index 387d92348..000000000
--- a/vendor/github.com/docker/distribution/registry/storage/doc.go
+++ /dev/null
@@ -1,3 +0,0 @@
-// Package storage contains storage services for use in the registry
-// application. It should be considered an internal package, as of Go 1.4.
-package storage
diff --git a/vendor/github.com/docker/distribution/registry/storage/driver/azure/azure.go b/vendor/github.com/docker/distribution/registry/storage/driver/azure/azure.go
deleted file mode 100644
index 58c6293b2..000000000
--- a/vendor/github.com/docker/distribution/registry/storage/driver/azure/azure.go
+++ /dev/null
@@ -1,532 +0,0 @@
-// Package azure provides a storagedriver.StorageDriver implementation to
-// store blobs in Microsoft Azure Blob Storage Service.
-package azure
-
-import (
-	"bufio"
-	"bytes"
-	"context"
-	"fmt"
-	"io"
-	"io/ioutil"
-	"net/http"
-	"strings"
-	"time"
-
-	storagedriver "github.com/docker/distribution/registry/storage/driver"
-	"github.com/docker/distribution/registry/storage/driver/base"
-	"github.com/docker/distribution/registry/storage/driver/factory"
-
-	azure "github.com/Azure/azure-sdk-for-go/storage"
-)
-
-const driverName = "azure"
-
-const (
-	paramAccountName = "accountname"
-	paramAccountKey  = "accountkey"
-	paramContainer   = "container"
-	paramRealm       = "realm"
-	maxChunkSize     = 4 * 1024 * 1024
-)
-
-type driver struct {
-	client    azure.BlobStorageClient
-	container string
-}
-
-type baseEmbed struct{ base.Base }
-
-// Driver is a storagedriver.StorageDriver implementation backed by
-// Microsoft Azure Blob Storage Service.
-type Driver struct{ baseEmbed }
-
-func init() {
-	factory.Register(driverName, &azureDriverFactory{})
-}
-
-type azureDriverFactory struct{}
-
-func (factory *azureDriverFactory) Create(parameters map[string]interface{}) (storagedriver.StorageDriver, error) {
-	return FromParameters(parameters)
-}
-
-// FromParameters constructs a new Driver with a given parameters map.
-func FromParameters(parameters map[string]interface{}) (*Driver, error) {
-	accountName, ok := parameters[paramAccountName]
-	if !ok || fmt.Sprint(accountName) == "" {
-		return nil, fmt.Errorf("no %s parameter provided", paramAccountName)
-	}
-
-	accountKey, ok := parameters[paramAccountKey]
-	if !ok || fmt.Sprint(accountKey) == "" {
-		return nil, fmt.Errorf("no %s parameter provided", paramAccountKey)
-	}
-
-	container, ok := parameters[paramContainer]
-	if !ok || fmt.Sprint(container) == "" {
-		return nil, fmt.Errorf("no %s parameter provided", paramContainer)
-	}
-
-	realm, ok := parameters[paramRealm]
-	if !ok || fmt.Sprint(realm) == "" {
-		realm = azure.DefaultBaseURL
-	}
-
-	return New(fmt.Sprint(accountName), fmt.Sprint(accountKey), fmt.Sprint(container), fmt.Sprint(realm))
-}
-
-// New constructs a new Driver with the given Azure Storage Account credentials
-func New(accountName, accountKey, container, realm string) (*Driver, error) {
-	api, err := azure.NewClient(accountName, accountKey, realm, azure.DefaultAPIVersion, true)
-	if err != nil {
-		return nil, err
-	}
-
-	blobClient := api.GetBlobService()
-
-	// Create registry container
-	containerRef := blobClient.GetContainerReference(container)
-	if _, err = containerRef.CreateIfNotExists(nil); err != nil {
-		return nil, err
-	}
-
-	d := &driver{
-		client:    blobClient,
-		container: container}
-	return &Driver{baseEmbed: baseEmbed{Base: base.Base{StorageDriver: d}}}, nil
-}
-
-// Implement the storagedriver.StorageDriver interface.
-func (d *driver) Name() string {
-	return driverName
-}
-
-// GetContent retrieves the content stored at "path" as a []byte.
-func (d *driver) GetContent(ctx context.Context, path string) ([]byte, error) {
-	blobRef := d.client.GetContainerReference(d.container).GetBlobReference(path)
-	blob, err := blobRef.Get(nil)
-	if err != nil {
-		if is404(err) {
-			return nil, storagedriver.PathNotFoundError{Path: path}
-		}
-		return nil, err
-	}
-
-	defer blob.Close()
-	return ioutil.ReadAll(blob)
-}
-
-// PutContent stores the []byte content at a location designated by "path".
-func (d *driver) PutContent(ctx context.Context, path string, contents []byte) error {
-	// max size for block blobs uploaded via single "Put Blob" for version after "2016-05-31"
-	// https://docs.microsoft.com/en-us/rest/api/storageservices/put-blob#remarks
-	const limit = 256 * 1024 * 1024
-	if len(contents) > limit {
-		return fmt.Errorf("uploading %d bytes with PutContent is not supported; limit: %d bytes", len(contents), limit)
-	}
-
-	// Historically, blobs uploaded via PutContent used to be of type AppendBlob
-	// (https://github.com/docker/distribution/pull/1438). We can't replace
-	// these blobs atomically via a single "Put Blob" operation without
-	// deleting them first. Once we detect they are BlockBlob type, we can
-	// overwrite them with an atomically "Put Blob" operation.
-	//
-	// While we delete the blob and create a new one, there will be a small
-	// window of inconsistency and if the Put Blob fails, we may end up with
-	// losing the existing data while migrating it to BlockBlob type. However,
-	// expectation is the clients pushing will be retrying when they get an error
-	// response.
-	blobRef := d.client.GetContainerReference(d.container).GetBlobReference(path)
-	err := blobRef.GetProperties(nil)
-	if err != nil && !is404(err) {
-		return fmt.Errorf("failed to get blob properties: %v", err)
-	}
-	if err == nil && blobRef.Properties.BlobType != azure.BlobTypeBlock {
-		if err := blobRef.Delete(nil); err != nil {
-			return fmt.Errorf("failed to delete legacy blob (%s): %v", blobRef.Properties.BlobType, err)
-		}
-	}
-
-	r := bytes.NewReader(contents)
-	// reset properties to empty before doing overwrite
-	blobRef.Properties = azure.BlobProperties{}
-	return blobRef.CreateBlockBlobFromReader(r, nil)
-}
-
-// Reader retrieves an io.ReadCloser for the content stored at "path" with a
-// given byte offset.
-func (d *driver) Reader(ctx context.Context, path string, offset int64) (io.ReadCloser, error) {
-	blobRef := d.client.GetContainerReference(d.container).GetBlobReference(path)
-	if ok, err := blobRef.Exists(); err != nil {
-		return nil, err
-	} else if !ok {
-		return nil, storagedriver.PathNotFoundError{Path: path}
-	}
-
-	err := blobRef.GetProperties(nil)
-	if err != nil {
-		return nil, err
-	}
-	info := blobRef.Properties
-	size := info.ContentLength
-	if offset >= size {
-		return ioutil.NopCloser(bytes.NewReader(nil)), nil
-	}
-
-	resp, err := blobRef.GetRange(&azure.GetBlobRangeOptions{
-		Range: &azure.BlobRange{
-			Start: uint64(offset),
-			End:   0,
-		},
-	})
-	if err != nil {
-		return nil, err
-	}
-	return resp, nil
-}
-
-// Writer returns a FileWriter which will store the content written to it
-// at the location designated by "path" after the call to Commit.
-func (d *driver) Writer(ctx context.Context, path string, append bool) (storagedriver.FileWriter, error) {
-	blobRef := d.client.GetContainerReference(d.container).GetBlobReference(path)
-	blobExists, err := blobRef.Exists()
-	if err != nil {
-		return nil, err
-	}
-	var size int64
-	if blobExists {
-		if append {
-			err = blobRef.GetProperties(nil)
-			if err != nil {
-				return nil, err
-			}
-			blobProperties := blobRef.Properties
-			size = blobProperties.ContentLength
-		} else {
-			err = blobRef.Delete(nil)
-			if err != nil {
-				return nil, err
-			}
-		}
-	} else {
-		if append {
-			return nil, storagedriver.PathNotFoundError{Path: path}
-		}
-		err = blobRef.PutAppendBlob(nil)
-		if err != nil {
-			return nil, err
-		}
-	}
-
-	return d.newWriter(path, size), nil
-}
-
-// Stat retrieves the FileInfo for the given path, including the current size
-// in bytes and the creation time.
-func (d *driver) Stat(ctx context.Context, path string) (storagedriver.FileInfo, error) {
-	blobRef := d.client.GetContainerReference(d.container).GetBlobReference(path)
-	// Check if the path is a blob
-	if ok, err := blobRef.Exists(); err != nil {
-		return nil, err
-	} else if ok {
-		err = blobRef.GetProperties(nil)
-		if err != nil {
-			return nil, err
-		}
-		blobProperties := blobRef.Properties
-
-		return storagedriver.FileInfoInternal{FileInfoFields: storagedriver.FileInfoFields{
-			Path:    path,
-			Size:    blobProperties.ContentLength,
-			ModTime: time.Time(blobProperties.LastModified),
-			IsDir:   false,
-		}}, nil
-	}
-
-	// Check if path is a virtual container
-	virtContainerPath := path
-	if !strings.HasSuffix(virtContainerPath, "/") {
-		virtContainerPath += "/"
-	}
-
-	containerRef := d.client.GetContainerReference(d.container)
-	blobs, err := containerRef.ListBlobs(azure.ListBlobsParameters{
-		Prefix:     virtContainerPath,
-		MaxResults: 1,
-	})
-	if err != nil {
-		return nil, err
-	}
-	if len(blobs.Blobs) > 0 {
-		// path is a virtual container
-		return storagedriver.FileInfoInternal{FileInfoFields: storagedriver.FileInfoFields{
-			Path:  path,
-			IsDir: true,
-		}}, nil
-	}
-
-	// path is not a blob or virtual container
-	return nil, storagedriver.PathNotFoundError{Path: path}
-}
-
-// List returns a list of the objects that are direct descendants of the given
-// path.
-func (d *driver) List(ctx context.Context, path string) ([]string, error) {
-	if path == "/" {
-		path = ""
-	}
-
-	blobs, err := d.listBlobs(d.container, path)
-	if err != nil {
-		return blobs, err
-	}
-
-	list := directDescendants(blobs, path)
-	if path != "" && len(list) == 0 {
-		return nil, storagedriver.PathNotFoundError{Path: path}
-	}
-	return list, nil
-}
-
-// Move moves an object stored at sourcePath to destPath, removing the original
-// object.
-func (d *driver) Move(ctx context.Context, sourcePath string, destPath string) error {
-	srcBlobRef := d.client.GetContainerReference(d.container).GetBlobReference(sourcePath)
-	sourceBlobURL := srcBlobRef.GetURL()
-	destBlobRef := d.client.GetContainerReference(d.container).GetBlobReference(destPath)
-	err := destBlobRef.Copy(sourceBlobURL, nil)
-	if err != nil {
-		if is404(err) {
-			return storagedriver.PathNotFoundError{Path: sourcePath}
-		}
-		return err
-	}
-
-	return srcBlobRef.Delete(nil)
-}
-
-// Delete recursively deletes all objects stored at "path" and its subpaths.
-func (d *driver) Delete(ctx context.Context, path string) error {
-	blobRef := d.client.GetContainerReference(d.container).GetBlobReference(path)
-	ok, err := blobRef.DeleteIfExists(nil)
-	if err != nil {
-		return err
-	}
-	if ok {
-		return nil // was a blob and deleted, return
-	}
-
-	// Not a blob, see if path is a virtual container with blobs
-	blobs, err := d.listBlobs(d.container, path)
-	if err != nil {
-		return err
-	}
-
-	for _, b := range blobs {
-		blobRef = d.client.GetContainerReference(d.container).GetBlobReference(b)
-		if err = blobRef.Delete(nil); err != nil {
-			return err
-		}
-	}
-
-	if len(blobs) == 0 {
-		return storagedriver.PathNotFoundError{Path: path}
-	}
-	return nil
-}
-
-// URLFor returns a publicly accessible URL for the blob stored at given path
-// for specified duration by making use of Azure Storage Shared Access Signatures (SAS).
-// See https://msdn.microsoft.com/en-us/library/azure/ee395415.aspx for more info.
-func (d *driver) URLFor(ctx context.Context, path string, options map[string]interface{}) (string, error) {
-	expiresTime := time.Now().UTC().Add(20 * time.Minute) // default expiration
-	expires, ok := options["expiry"]
-	if ok {
-		t, ok := expires.(time.Time)
-		if ok {
-			expiresTime = t
-		}
-	}
-	blobRef := d.client.GetContainerReference(d.container).GetBlobReference(path)
-	return blobRef.GetSASURI(azure.BlobSASOptions{
-		BlobServiceSASPermissions: azure.BlobServiceSASPermissions{
-			Read: true,
-		},
-		SASOptions: azure.SASOptions{
-			Expiry: expiresTime,
-		},
-	})
-}
-
-// Walk traverses a filesystem defined within driver, starting
-// from the given path, calling f on each file
-func (d *driver) Walk(ctx context.Context, path string, f storagedriver.WalkFn) error {
-	return storagedriver.WalkFallback(ctx, d, path, f)
-}
-
-// directDescendants will find direct descendants (blobs or virtual containers)
-// of from list of blob paths and will return their full paths. Elements in blobs
-// list must be prefixed with a "/" and
-//
-// Example: direct descendants of "/" in {"/foo", "/bar/1", "/bar/2"} is
-// {"/foo", "/bar"} and direct descendants of "bar" is {"/bar/1", "/bar/2"}
-func directDescendants(blobs []string, prefix string) []string {
-	if !strings.HasPrefix(prefix, "/") { // add trailing '/'
-		prefix = "/" + prefix
-	}
-	if !strings.HasSuffix(prefix, "/") { // containerify the path
-		prefix += "/"
-	}
-
-	out := make(map[string]bool)
-	for _, b := range blobs {
-		if strings.HasPrefix(b, prefix) {
-			rel := b[len(prefix):]
-			c := strings.Count(rel, "/")
-			if c == 0 {
-				out[b] = true
-			} else {
-				out[prefix+rel[:strings.Index(rel, "/")]] = true
-			}
-		}
-	}
-
-	var keys []string
-	for k := range out {
-		keys = append(keys, k)
-	}
-	return keys
-}
-
-func (d *driver) listBlobs(container, virtPath string) ([]string, error) {
-	if virtPath != "" && !strings.HasSuffix(virtPath, "/") { // containerify the path
-		virtPath += "/"
-	}
-
-	out := []string{}
-	marker := ""
-	containerRef := d.client.GetContainerReference(d.container)
-	for {
-		resp, err := containerRef.ListBlobs(azure.ListBlobsParameters{
-			Marker: marker,
-			Prefix: virtPath,
-		})
-
-		if err != nil {
-			return out, err
-		}
-
-		for _, b := range resp.Blobs {
-			out = append(out, b.Name)
-		}
-
-		if len(resp.Blobs) == 0 || resp.NextMarker == "" {
-			break
-		}
-		marker = resp.NextMarker
-	}
-	return out, nil
-}
-
-func is404(err error) bool {
-	statusCodeErr, ok := err.(azure.AzureStorageServiceError)
-	return ok && statusCodeErr.StatusCode == http.StatusNotFound
-}
-
-type writer struct {
-	driver    *driver
-	path      string
-	size      int64
-	bw        *bufio.Writer
-	closed    bool
-	committed bool
-	cancelled bool
-}
-
-func (d *driver) newWriter(path string, size int64) storagedriver.FileWriter {
-	return &writer{
-		driver: d,
-		path:   path,
-		size:   size,
-		bw: bufio.NewWriterSize(&blockWriter{
-			client:    d.client,
-			container: d.container,
-			path:      path,
-		}, maxChunkSize),
-	}
-}
-
-func (w *writer) Write(p []byte) (int, error) {
-	if w.closed {
-		return 0, fmt.Errorf("already closed")
-	} else if w.committed {
-		return 0, fmt.Errorf("already committed")
-	} else if w.cancelled {
-		return 0, fmt.Errorf("already cancelled")
-	}
-
-	n, err := w.bw.Write(p)
-	w.size += int64(n)
-	return n, err
-}
-
-func (w *writer) Size() int64 {
-	return w.size
-}
-
-func (w *writer) Close() error {
-	if w.closed {
-		return fmt.Errorf("already closed")
-	}
-	w.closed = true
-	return w.bw.Flush()
-}
-
-func (w *writer) Cancel() error {
-	if w.closed {
-		return fmt.Errorf("already closed")
-	} else if w.committed {
-		return fmt.Errorf("already committed")
-	}
-	w.cancelled = true
-	blobRef := w.driver.client.GetContainerReference(w.driver.container).GetBlobReference(w.path)
-	return blobRef.Delete(nil)
-}
-
-func (w *writer) Commit() error {
-	if w.closed {
-		return fmt.Errorf("already closed")
-	} else if w.committed {
-		return fmt.Errorf("already committed")
-	} else if w.cancelled {
-		return fmt.Errorf("already cancelled")
-	}
-	w.committed = true
-	return w.bw.Flush()
-}
-
-type blockWriter struct {
-	client    azure.BlobStorageClient
-	container string
-	path      string
-}
-
-func (bw *blockWriter) Write(p []byte) (int, error) {
-	n := 0
-	blobRef := bw.client.GetContainerReference(bw.container).GetBlobReference(bw.path)
-	for offset := 0; offset < len(p); offset += maxChunkSize {
-		chunkSize := maxChunkSize
-		if offset+chunkSize > len(p) {
-			chunkSize = len(p) - offset
-		}
-		err := blobRef.AppendBlock(p[offset:offset+chunkSize], nil)
-		if err != nil {
-			return n, err
-		}
-
-		n += chunkSize
-	}
-
-	return n, nil
-}
diff --git a/vendor/github.com/docker/distribution/registry/storage/driver/base/base.go b/vendor/github.com/docker/distribution/registry/storage/driver/base/base.go
deleted file mode 100644
index 83b8c423b..000000000
--- a/vendor/github.com/docker/distribution/registry/storage/driver/base/base.go
+++ /dev/null
@@ -1,240 +0,0 @@
-// Package base provides a base implementation of the storage driver that can
-// be used to implement common checks. The goal is to increase the amount of
-// code sharing.
-//
-// The canonical approach to use this class is to embed in the exported driver
-// struct such that calls are proxied through this implementation. First,
-// declare the internal driver, as follows:
-//
-//	type driver struct { ... internal ...}
-//
-// The resulting type should implement StorageDriver such that it can be the
-// target of a Base struct. The exported type can then be declared as follows:
-//
-//	type Driver struct {
-//		Base
-//	}
-//
-// Because Driver embeds Base, it effectively implements Base. If the driver
-// needs to intercept a call, before going to base, Driver should implement
-// that method. Effectively, Driver can intercept calls before coming in and
-// driver implements the actual logic.
-//
-// To further shield the embed from other packages, it is recommended to
-// employ a private embed struct:
-//
-//	type baseEmbed struct {
-//		base.Base
-//	}
-//
-// Then, declare driver to embed baseEmbed, rather than Base directly:
-//
-//	type Driver struct {
-//		baseEmbed
-//	}
-//
-// The type now implements StorageDriver, proxying through Base, without
-// exporting an unnecessary field.
-package base
-
-import (
-	"context"
-	"io"
-	"time"
-
-	dcontext "github.com/docker/distribution/context"
-	prometheus "github.com/docker/distribution/metrics"
-	storagedriver "github.com/docker/distribution/registry/storage/driver"
-	"github.com/docker/go-metrics"
-)
-
-var (
-	// storageAction is the metrics of blob related operations
-	storageAction = prometheus.StorageNamespace.NewLabeledTimer("action", "The number of seconds that the storage action takes", "driver", "action")
-)
-
-func init() {
-	metrics.Register(prometheus.StorageNamespace)
-}
-
-// Base provides a wrapper around a storagedriver implementation that provides
-// common path and bounds checking.
-type Base struct {
-	storagedriver.StorageDriver
-}
-
-// Format errors received from the storage driver
-func (base *Base) setDriverName(e error) error {
-	switch actual := e.(type) {
-	case nil:
-		return nil
-	case storagedriver.ErrUnsupportedMethod:
-		actual.DriverName = base.StorageDriver.Name()
-		return actual
-	case storagedriver.PathNotFoundError:
-		actual.DriverName = base.StorageDriver.Name()
-		return actual
-	case storagedriver.InvalidPathError:
-		actual.DriverName = base.StorageDriver.Name()
-		return actual
-	case storagedriver.InvalidOffsetError:
-		actual.DriverName = base.StorageDriver.Name()
-		return actual
-	default:
-		storageError := storagedriver.Error{
-			DriverName: base.StorageDriver.Name(),
-			Enclosed:   e,
-		}
-
-		return storageError
-	}
-}
-
-// GetContent wraps GetContent of underlying storage driver.
-func (base *Base) GetContent(ctx context.Context, path string) ([]byte, error) {
-	ctx, done := dcontext.WithTrace(ctx)
-	defer done("%s.GetContent(%q)", base.Name(), path)
-
-	if !storagedriver.PathRegexp.MatchString(path) {
-		return nil, storagedriver.InvalidPathError{Path: path, DriverName: base.StorageDriver.Name()}
-	}
-
-	start := time.Now()
-	b, e := base.StorageDriver.GetContent(ctx, path)
-	storageAction.WithValues(base.Name(), "GetContent").UpdateSince(start)
-	return b, base.setDriverName(e)
-}
-
-// PutContent wraps PutContent of underlying storage driver.
-func (base *Base) PutContent(ctx context.Context, path string, content []byte) error {
-	ctx, done := dcontext.WithTrace(ctx)
-	defer done("%s.PutContent(%q)", base.Name(), path)
-
-	if !storagedriver.PathRegexp.MatchString(path) {
-		return storagedriver.InvalidPathError{Path: path, DriverName: base.StorageDriver.Name()}
-	}
-
-	start := time.Now()
-	err := base.setDriverName(base.StorageDriver.PutContent(ctx, path, content))
-	storageAction.WithValues(base.Name(), "PutContent").UpdateSince(start)
-	return err
-}
-
-// Reader wraps Reader of underlying storage driver.
-func (base *Base) Reader(ctx context.Context, path string, offset int64) (io.ReadCloser, error) {
-	ctx, done := dcontext.WithTrace(ctx)
-	defer done("%s.Reader(%q, %d)", base.Name(), path, offset)
-
-	if offset < 0 {
-		return nil, storagedriver.InvalidOffsetError{Path: path, Offset: offset, DriverName: base.StorageDriver.Name()}
-	}
-
-	if !storagedriver.PathRegexp.MatchString(path) {
-		return nil, storagedriver.InvalidPathError{Path: path, DriverName: base.StorageDriver.Name()}
-	}
-
-	rc, e := base.StorageDriver.Reader(ctx, path, offset)
-	return rc, base.setDriverName(e)
-}
-
-// Writer wraps Writer of underlying storage driver.
-func (base *Base) Writer(ctx context.Context, path string, append bool) (storagedriver.FileWriter, error) {
-	ctx, done := dcontext.WithTrace(ctx)
-	defer done("%s.Writer(%q, %v)", base.Name(), path, append)
-
-	if !storagedriver.PathRegexp.MatchString(path) {
-		return nil, storagedriver.InvalidPathError{Path: path, DriverName: base.StorageDriver.Name()}
-	}
-
-	writer, e := base.StorageDriver.Writer(ctx, path, append)
-	return writer, base.setDriverName(e)
-}
-
-// Stat wraps Stat of underlying storage driver.
-func (base *Base) Stat(ctx context.Context, path string) (storagedriver.FileInfo, error) {
-	ctx, done := dcontext.WithTrace(ctx)
-	defer done("%s.Stat(%q)", base.Name(), path)
-
-	if !storagedriver.PathRegexp.MatchString(path) && path != "/" {
-		return nil, storagedriver.InvalidPathError{Path: path, DriverName: base.StorageDriver.Name()}
-	}
-
-	start := time.Now()
-	fi, e := base.StorageDriver.Stat(ctx, path)
-	storageAction.WithValues(base.Name(), "Stat").UpdateSince(start)
-	return fi, base.setDriverName(e)
-}
-
-// List wraps List of underlying storage driver.
-func (base *Base) List(ctx context.Context, path string) ([]string, error) {
-	ctx, done := dcontext.WithTrace(ctx)
-	defer done("%s.List(%q)", base.Name(), path)
-
-	if !storagedriver.PathRegexp.MatchString(path) && path != "/" {
-		return nil, storagedriver.InvalidPathError{Path: path, DriverName: base.StorageDriver.Name()}
-	}
-
-	start := time.Now()
-	str, e := base.StorageDriver.List(ctx, path)
-	storageAction.WithValues(base.Name(), "List").UpdateSince(start)
-	return str, base.setDriverName(e)
-}
-
-// Move wraps Move of underlying storage driver.
-func (base *Base) Move(ctx context.Context, sourcePath string, destPath string) error {
-	ctx, done := dcontext.WithTrace(ctx)
-	defer done("%s.Move(%q, %q", base.Name(), sourcePath, destPath)
-
-	if !storagedriver.PathRegexp.MatchString(sourcePath) {
-		return storagedriver.InvalidPathError{Path: sourcePath, DriverName: base.StorageDriver.Name()}
-	} else if !storagedriver.PathRegexp.MatchString(destPath) {
-		return storagedriver.InvalidPathError{Path: destPath, DriverName: base.StorageDriver.Name()}
-	}
-
-	start := time.Now()
-	err := base.setDriverName(base.StorageDriver.Move(ctx, sourcePath, destPath))
-	storageAction.WithValues(base.Name(), "Move").UpdateSince(start)
-	return err
-}
-
-// Delete wraps Delete of underlying storage driver.
-func (base *Base) Delete(ctx context.Context, path string) error {
-	ctx, done := dcontext.WithTrace(ctx)
-	defer done("%s.Delete(%q)", base.Name(), path)
-
-	if !storagedriver.PathRegexp.MatchString(path) {
-		return storagedriver.InvalidPathError{Path: path, DriverName: base.StorageDriver.Name()}
-	}
-
-	start := time.Now()
-	err := base.setDriverName(base.StorageDriver.Delete(ctx, path))
-	storageAction.WithValues(base.Name(), "Delete").UpdateSince(start)
-	return err
-}
-
-// URLFor wraps URLFor of underlying storage driver.
-func (base *Base) URLFor(ctx context.Context, path string, options map[string]interface{}) (string, error) {
-	ctx, done := dcontext.WithTrace(ctx)
-	defer done("%s.URLFor(%q)", base.Name(), path)
-
-	if !storagedriver.PathRegexp.MatchString(path) {
-		return "", storagedriver.InvalidPathError{Path: path, DriverName: base.StorageDriver.Name()}
-	}
-
-	start := time.Now()
-	str, e := base.StorageDriver.URLFor(ctx, path, options)
-	storageAction.WithValues(base.Name(), "URLFor").UpdateSince(start)
-	return str, base.setDriverName(e)
-}
-
-// Walk wraps Walk of underlying storage driver.
-func (base *Base) Walk(ctx context.Context, path string, f storagedriver.WalkFn) error {
-	ctx, done := dcontext.WithTrace(ctx)
-	defer done("%s.Walk(%q)", base.Name(), path)
-
-	if !storagedriver.PathRegexp.MatchString(path) && path != "/" {
-		return storagedriver.InvalidPathError{Path: path, DriverName: base.StorageDriver.Name()}
-	}
-
-	return base.setDriverName(base.StorageDriver.Walk(ctx, path, f))
-}
diff --git a/vendor/github.com/docker/distribution/registry/storage/driver/base/regulator.go b/vendor/github.com/docker/distribution/registry/storage/driver/base/regulator.go
deleted file mode 100644
index df6e50385..000000000
--- a/vendor/github.com/docker/distribution/registry/storage/driver/base/regulator.go
+++ /dev/null
@@ -1,184 +0,0 @@
-package base
-
-import (
-	"context"
-	"fmt"
-	"io"
-	"reflect"
-	"strconv"
-	"sync"
-
-	storagedriver "github.com/docker/distribution/registry/storage/driver"
-)
-
-type regulator struct {
-	storagedriver.StorageDriver
-	*sync.Cond
-
-	available uint64
-}
-
-// GetLimitFromParameter takes an interface type as decoded from the YAML
-// configuration and returns a uint64 representing the maximum number of
-// concurrent calls given a minimum limit and default.
-//
-// If the parameter supplied is of an invalid type this returns an error.
-func GetLimitFromParameter(param interface{}, min, def uint64) (uint64, error) {
-	limit := def
-
-	switch v := param.(type) {
-	case string:
-		var err error
-		if limit, err = strconv.ParseUint(v, 0, 64); err != nil {
-			return limit, fmt.Errorf("parameter must be an integer, '%v' invalid", param)
-		}
-	case uint64:
-		limit = v
-	case int, int32, int64:
-		val := reflect.ValueOf(v).Convert(reflect.TypeOf(param)).Int()
-		// if param is negative casting to uint64 will wrap around and
-		// give you the hugest thread limit ever. Let's be sensible, here
-		if val > 0 {
-			limit = uint64(val)
-		} else {
-			limit = min
-		}
-	case uint, uint32:
-		limit = reflect.ValueOf(v).Convert(reflect.TypeOf(param)).Uint()
-	case nil:
-		// use the default
-	default:
-		return 0, fmt.Errorf("invalid value '%#v'", param)
-	}
-
-	if limit < min {
-		return min, nil
-	}
-
-	return limit, nil
-}
-
-// NewRegulator wraps the given driver and is used to regulate concurrent calls
-// to the given storage driver to a maximum of the given limit. This is useful
-// for storage drivers that would otherwise create an unbounded number of OS
-// threads if allowed to be called unregulated.
-func NewRegulator(driver storagedriver.StorageDriver, limit uint64) storagedriver.StorageDriver {
-	return &regulator{
-		StorageDriver: driver,
-		Cond:          sync.NewCond(&sync.Mutex{}),
-		available:     limit,
-	}
-}
-
-func (r *regulator) enter() {
-	r.L.Lock()
-	for r.available == 0 {
-		r.Wait()
-	}
-	r.available--
-	r.L.Unlock()
-}
-
-func (r *regulator) exit() {
-	r.L.Lock()
-	r.Signal()
-	r.available++
-	r.L.Unlock()
-}
-
-// Name returns the human-readable "name" of the driver, useful in error
-// messages and logging. By convention, this will just be the registration
-// name, but drivers may provide other information here.
-func (r *regulator) Name() string {
-	r.enter()
-	defer r.exit()
-
-	return r.StorageDriver.Name()
-}
-
-// GetContent retrieves the content stored at "path" as a []byte.
-// This should primarily be used for small objects.
-func (r *regulator) GetContent(ctx context.Context, path string) ([]byte, error) {
-	r.enter()
-	defer r.exit()
-
-	return r.StorageDriver.GetContent(ctx, path)
-}
-
-// PutContent stores the []byte content at a location designated by "path".
-// This should primarily be used for small objects.
-func (r *regulator) PutContent(ctx context.Context, path string, content []byte) error {
-	r.enter()
-	defer r.exit()
-
-	return r.StorageDriver.PutContent(ctx, path, content)
-}
-
-// Reader retrieves an io.ReadCloser for the content stored at "path"
-// with a given byte offset.
-// May be used to resume reading a stream by providing a nonzero offset.
-func (r *regulator) Reader(ctx context.Context, path string, offset int64) (io.ReadCloser, error) {
-	r.enter()
-	defer r.exit()
-
-	return r.StorageDriver.Reader(ctx, path, offset)
-}
-
-// Writer stores the contents of the provided io.ReadCloser at a
-// location designated by the given path.
-// May be used to resume writing a stream by providing a nonzero offset.
-// The offset must be no larger than the CurrentSize for this path.
-func (r *regulator) Writer(ctx context.Context, path string, append bool) (storagedriver.FileWriter, error) {
-	r.enter()
-	defer r.exit()
-
-	return r.StorageDriver.Writer(ctx, path, append)
-}
-
-// Stat retrieves the FileInfo for the given path, including the current
-// size in bytes and the creation time.
-func (r *regulator) Stat(ctx context.Context, path string) (storagedriver.FileInfo, error) {
-	r.enter()
-	defer r.exit()
-
-	return r.StorageDriver.Stat(ctx, path)
-}
-
-// List returns a list of the objects that are direct descendants of the
-// given path.
-func (r *regulator) List(ctx context.Context, path string) ([]string, error) {
-	r.enter()
-	defer r.exit()
-
-	return r.StorageDriver.List(ctx, path)
-}
-
-// Move moves an object stored at sourcePath to destPath, removing the
-// original object.
-// Note: This may be no more efficient than a copy followed by a delete for
-// many implementations.
-func (r *regulator) Move(ctx context.Context, sourcePath string, destPath string) error {
-	r.enter()
-	defer r.exit()
-
-	return r.StorageDriver.Move(ctx, sourcePath, destPath)
-}
-
-// Delete recursively deletes all objects stored at "path" and its subpaths.
-func (r *regulator) Delete(ctx context.Context, path string) error {
-	r.enter()
-	defer r.exit()
-
-	return r.StorageDriver.Delete(ctx, path)
-}
-
-// URLFor returns a URL which may be used to retrieve the content stored at
-// the given path, possibly using the given options.
-// May return an ErrUnsupportedMethod in certain StorageDriver
-// implementations.
-func (r *regulator) URLFor(ctx context.Context, path string, options map[string]interface{}) (string, error) {
-	r.enter()
-	defer r.exit()
-
-	return r.StorageDriver.URLFor(ctx, path, options)
-}
diff --git a/vendor/github.com/docker/distribution/registry/storage/driver/factory/factory.go b/vendor/github.com/docker/distribution/registry/storage/driver/factory/factory.go
deleted file mode 100644
index a9c04ec59..000000000
--- a/vendor/github.com/docker/distribution/registry/storage/driver/factory/factory.go
+++ /dev/null
@@ -1,64 +0,0 @@
-package factory
-
-import (
-	"fmt"
-
-	storagedriver "github.com/docker/distribution/registry/storage/driver"
-)
-
-// driverFactories stores an internal mapping between storage driver names and their respective
-// factories
-var driverFactories = make(map[string]StorageDriverFactory)
-
-// StorageDriverFactory is a factory interface for creating storagedriver.StorageDriver interfaces
-// Storage drivers should call Register() with a factory to make the driver available by name.
-// Individual StorageDriver implementations generally register with the factory via the Register
-// func (below) in their init() funcs, and as such they should be imported anonymously before use.
-// See below for an example of how to register and get a StorageDriver for S3
-//
-//	import _ "github.com/docker/distribution/registry/storage/driver/s3-aws"
-//	s3Driver, err = factory.Create("s3", storageParams)
-//	// assuming no error, s3Driver is the StorageDriver that communicates with S3 according to storageParams
-type StorageDriverFactory interface {
-	// Create returns a new storagedriver.StorageDriver with the given parameters
-	// Parameters will vary by driver and may be ignored
-	// Each parameter key must only consist of lowercase letters and numbers
-	Create(parameters map[string]interface{}) (storagedriver.StorageDriver, error)
-}
-
-// Register makes a storage driver available by the provided name.
-// If Register is called twice with the same name or if driver factory is nil, it panics.
-// Additionally, it is not concurrency safe. Most Storage Drivers call this function
-// in their init() functions. See the documentation for StorageDriverFactory for more.
-func Register(name string, factory StorageDriverFactory) {
-	if factory == nil {
-		panic("Must not provide nil StorageDriverFactory")
-	}
-	_, registered := driverFactories[name]
-	if registered {
-		panic(fmt.Sprintf("StorageDriverFactory named %s already registered", name))
-	}
-
-	driverFactories[name] = factory
-}
-
-// Create a new storagedriver.StorageDriver with the given name and
-// parameters. To use a driver, the StorageDriverFactory must first be
-// registered with the given name. If no drivers are found, an
-// InvalidStorageDriverError is returned
-func Create(name string, parameters map[string]interface{}) (storagedriver.StorageDriver, error) {
-	driverFactory, ok := driverFactories[name]
-	if !ok {
-		return nil, InvalidStorageDriverError{name}
-	}
-	return driverFactory.Create(parameters)
-}
-
-// InvalidStorageDriverError records an attempt to construct an unregistered storage driver
-type InvalidStorageDriverError struct {
-	Name string
-}
-
-func (err InvalidStorageDriverError) Error() string {
-	return fmt.Sprintf("StorageDriver not registered: %s", err.Name)
-}
diff --git a/vendor/github.com/docker/distribution/registry/storage/driver/fileinfo.go b/vendor/github.com/docker/distribution/registry/storage/driver/fileinfo.go
deleted file mode 100644
index e5064029a..000000000
--- a/vendor/github.com/docker/distribution/registry/storage/driver/fileinfo.go
+++ /dev/null
@@ -1,79 +0,0 @@
-package driver
-
-import "time"
-
-// FileInfo returns information about a given path. Inspired by os.FileInfo,
-// it elides the base name method for a full path instead.
-type FileInfo interface {
-	// Path provides the full path of the target of this file info.
-	Path() string
-
-	// Size returns current length in bytes of the file. The return value can
-	// be used to write to the end of the file at path. The value is
-	// meaningless if IsDir returns true.
-	Size() int64
-
-	// ModTime returns the modification time for the file. For backends that
-	// don't have a modification time, the creation time should be returned.
-	ModTime() time.Time
-
-	// IsDir returns true if the path is a directory.
-	IsDir() bool
-}
-
-// NOTE(stevvooe): The next two types, FileInfoFields and FileInfoInternal
-// should only be used by storagedriver implementations. They should moved to
-// a "driver" package, similar to database/sql.
-
-// FileInfoFields provides the exported fields for implementing FileInfo
-// interface in storagedriver implementations. It should be used with
-// InternalFileInfo.
-type FileInfoFields struct {
-	// Path provides the full path of the target of this file info.
-	Path string
-
-	// Size is current length in bytes of the file. The value of this field
-	// can be used to write to the end of the file at path. The value is
-	// meaningless if IsDir is set to true.
-	Size int64
-
-	// ModTime returns the modification time for the file. For backends that
-	// don't have a modification time, the creation time should be returned.
-	ModTime time.Time
-
-	// IsDir returns true if the path is a directory.
-	IsDir bool
-}
-
-// FileInfoInternal implements the FileInfo interface. This should only be
-// used by storagedriver implementations that don't have a specialized
-// FileInfo type.
-type FileInfoInternal struct {
-	FileInfoFields
-}
-
-var _ FileInfo = FileInfoInternal{}
-var _ FileInfo = &FileInfoInternal{}
-
-// Path provides the full path of the target of this file info.
-func (fi FileInfoInternal) Path() string {
-	return fi.FileInfoFields.Path
-}
-
-// Size returns current length in bytes of the file. The return value can
-// be used to write to the end of the file at path. The value is
-// meaningless if IsDir returns true.
-func (fi FileInfoInternal) Size() int64 {
-	return fi.FileInfoFields.Size
-}
-
-// ModTime returns the modification time for the file. For backends that
-// don't have a modification time, the creation time should be returned.
-func (fi FileInfoInternal) ModTime() time.Time {
-	return fi.FileInfoFields.ModTime
-}
-
-// IsDir returns true if the path is a directory.
-func (fi FileInfoInternal) IsDir() bool {
-	return fi.FileInfoFields.IsDir
-}
diff --git a/vendor/github.com/docker/distribution/registry/storage/driver/filesystem/driver.go b/vendor/github.com/docker/distribution/registry/storage/driver/filesystem/driver.go
deleted file mode 100644
index 8fc9d1ca0..000000000
--- a/vendor/github.com/docker/distribution/registry/storage/driver/filesystem/driver.go
+++ /dev/null
@@ -1,420 +0,0 @@
-package filesystem
-
-import (
-	"bufio"
-	"bytes"
-	"context"
-	"fmt"
-	"io"
-	"io/ioutil"
-	"os"
-	"path"
-	"time"
-
-	storagedriver "github.com/docker/distribution/registry/storage/driver"
-	"github.com/docker/distribution/registry/storage/driver/base"
-	"github.com/docker/distribution/registry/storage/driver/factory"
-)
-
-const (
-	driverName           = "filesystem"
-	defaultRootDirectory = "/var/lib/registry"
-	defaultMaxThreads    = uint64(100)
-
-	// minThreads is the minimum value for the maxthreads configuration
-	// parameter. If the driver's parameters are less than this we set
-	// the parameters to minThreads
-	minThreads = uint64(25)
-)
-
-// DriverParameters represents all configuration options available for the
-// filesystem driver
-type DriverParameters struct {
-	RootDirectory string
-	MaxThreads    uint64
-}
-
-func init() {
-	factory.Register(driverName, &filesystemDriverFactory{})
-}
-
-// filesystemDriverFactory implements the factory.StorageDriverFactory interface
-type filesystemDriverFactory struct{}
-
-func (factory *filesystemDriverFactory) Create(parameters map[string]interface{}) (storagedriver.StorageDriver, error) {
-	return FromParameters(parameters)
-}
-
-type driver struct {
-	rootDirectory string
-}
-
-type baseEmbed struct {
-	base.Base
-}
-
-// Driver is a storagedriver.StorageDriver implementation backed by a local
-// filesystem. All provided paths will be subpaths of the RootDirectory.
-type Driver struct {
-	baseEmbed
-}
-
-// FromParameters constructs a new Driver with a given parameters map
-// Optional Parameters:
-// - rootdirectory
-// - maxthreads
-func FromParameters(parameters map[string]interface{}) (*Driver, error) {
-	params, err := fromParametersImpl(parameters)
-	if err != nil || params == nil {
-		return nil, err
-	}
-	return New(*params), nil
-}
-
-func fromParametersImpl(parameters map[string]interface{}) (*DriverParameters, error) {
-	var (
-		err           error
-		maxThreads    = defaultMaxThreads
-		rootDirectory = defaultRootDirectory
-	)
-
-	if parameters != nil {
-		if rootDir, ok := parameters["rootdirectory"]; ok {
-			rootDirectory = fmt.Sprint(rootDir)
-		}
-
-		maxThreads, err = base.GetLimitFromParameter(parameters["maxthreads"], minThreads, defaultMaxThreads)
-		if err != nil {
-			return nil, fmt.Errorf("maxthreads config error: %s", err.Error())
-		}
-	}
-
-	params := &DriverParameters{
-		RootDirectory: rootDirectory,
-		MaxThreads:    maxThreads,
-	}
-	return params, nil
-}
-
-// New constructs a new Driver with a given rootDirectory
-func New(params DriverParameters) *Driver {
-	fsDriver := &driver{rootDirectory: params.RootDirectory}
-
-	return &Driver{
-		baseEmbed: baseEmbed{
-			Base: base.Base{
-				StorageDriver: base.NewRegulator(fsDriver, params.MaxThreads),
-			},
-		},
-	}
-}
-
-// Implement the storagedriver.StorageDriver interface
-
-func (d *driver) Name() string {
-	return driverName
-}
-
-// GetContent retrieves the content stored at "path" as a []byte.
-func (d *driver) GetContent(ctx context.Context, path string) ([]byte, error) {
-	rc, err := d.Reader(ctx, path, 0)
-	if err != nil {
-		return nil, err
-	}
-	defer rc.Close()
-
-	p, err := ioutil.ReadAll(rc)
-	if err != nil {
-		return nil, err
-	}
-
-	return p, nil
-}
-
-// PutContent stores the []byte content at a location designated by "path".
-func (d *driver) PutContent(ctx context.Context, subPath string, contents []byte) error {
-	writer, err := d.Writer(ctx, subPath, false)
-	if err != nil {
-		return err
-	}
-	defer writer.Close()
-	_, err = io.Copy(writer, bytes.NewReader(contents))
-	if err != nil {
-		writer.Cancel()
-		return err
-	}
-	return writer.Commit()
-}
-
-// Reader retrieves an io.ReadCloser for the content stored at "path" with a
-// given byte offset.
-func (d *driver) Reader(ctx context.Context, path string, offset int64) (io.ReadCloser, error) {
-	file, err := os.OpenFile(d.fullPath(path), os.O_RDONLY, 0644)
-	if err != nil {
-		if os.IsNotExist(err) {
-			return nil, storagedriver.PathNotFoundError{Path: path}
-		}
-
-		return nil, err
-	}
-
-	seekPos, err := file.Seek(offset, io.SeekStart)
-	if err != nil {
-		file.Close()
-		return nil, err
-	} else if seekPos < offset {
-		file.Close()
-		return nil, storagedriver.InvalidOffsetError{Path: path, Offset: offset}
-	}
-
-	return file, nil
-}
-
-func (d *driver) Writer(ctx context.Context, subPath string, append bool) (storagedriver.FileWriter, error) {
-	fullPath := d.fullPath(subPath)
-	parentDir := path.Dir(fullPath)
-	if err := os.MkdirAll(parentDir, 0777); err != nil {
-		return nil, err
-	}
-
-	fp, err := os.OpenFile(fullPath, os.O_WRONLY|os.O_CREATE, 0666)
-	if err != nil {
-		return nil, err
-	}
-
-	var offset int64
-
-	if !append {
-		err := fp.Truncate(0)
-		if err != nil {
-			fp.Close()
-			return nil, err
-		}
-	} else {
-		n, err := fp.Seek(0, io.SeekEnd)
-		if err != nil {
-			fp.Close()
-			return nil, err
-		}
-		offset = n
-	}
-
-	return newFileWriter(fp, offset), nil
-}
-
-// Stat retrieves the FileInfo for the given path, including the current size
-// in bytes and the creation time.
-func (d *driver) Stat(ctx context.Context, subPath string) (storagedriver.FileInfo, error) {
-	fullPath := d.fullPath(subPath)
-
-	fi, err := os.Stat(fullPath)
-	if err != nil {
-		if os.IsNotExist(err) {
-			return nil, storagedriver.PathNotFoundError{Path: subPath}
-		}
-
-		return nil, err
-	}
-
-	return fileInfo{
-		path:     subPath,
-		FileInfo: fi,
-	}, nil
-}
-
-// List returns a list of the objects that are direct descendants of the given
-// path.
-func (d *driver) List(ctx context.Context, subPath string) ([]string, error) {
-	fullPath := d.fullPath(subPath)
-
-	dir, err := os.Open(fullPath)
-	if err != nil {
-		if os.IsNotExist(err) {
-			return nil, storagedriver.PathNotFoundError{Path: subPath}
-		}
-		return nil, err
-	}
-
-	defer dir.Close()
-
-	fileNames, err := dir.Readdirnames(0)
-	if err != nil {
-		return nil, err
-	}
-
-	keys := make([]string, 0, len(fileNames))
-	for _, fileName := range fileNames {
-		keys = append(keys, path.Join(subPath, fileName))
-	}
-
-	return keys, nil
-}
-
-// Move moves an object stored at sourcePath to destPath, removing the original
-// object.
-func (d *driver) Move(ctx context.Context, sourcePath string, destPath string) error {
-	source := d.fullPath(sourcePath)
-	dest := d.fullPath(destPath)
-
-	if _, err := os.Stat(source); os.IsNotExist(err) {
-		return storagedriver.PathNotFoundError{Path: sourcePath}
-	}
-
-	if err := os.MkdirAll(path.Dir(dest), 0755); err != nil {
-		return err
-	}
-
-	err := os.Rename(source, dest)
-	return err
-}
-
-// Delete recursively deletes all objects stored at "path" and its subpaths.
-func (d *driver) Delete(ctx context.Context, subPath string) error {
-	fullPath := d.fullPath(subPath)
-
-	_, err := os.Stat(fullPath)
-	if err != nil && !os.IsNotExist(err) {
-		return err
-	} else if err != nil {
-		return storagedriver.PathNotFoundError{Path: subPath}
-	}
-
-	err = os.RemoveAll(fullPath)
-	return err
-}
-
-// URLFor returns a URL which may be used to retrieve the content stored at the given path.
-// May return an UnsupportedMethodErr in certain StorageDriver implementations.
-func (d *driver) URLFor(ctx context.Context, path string, options map[string]interface{}) (string, error) {
-	return "", storagedriver.ErrUnsupportedMethod{}
-}
-
-// Walk traverses a filesystem defined within driver, starting
-// from the given path, calling f on each file
-func (d *driver) Walk(ctx context.Context, path string, f storagedriver.WalkFn) error {
-	return storagedriver.WalkFallback(ctx, d, path, f)
-}
-
-// fullPath returns the absolute path of a key within the Driver's storage.
-func (d *driver) fullPath(subPath string) string {
-	return path.Join(d.rootDirectory, subPath)
-}
-
-type fileInfo struct {
-	os.FileInfo
-	path string
-}
-
-var _ storagedriver.FileInfo = fileInfo{}
-
-// Path provides the full path of the target of this file info.
-func (fi fileInfo) Path() string {
-	return fi.path
-}
-
-// Size returns current length in bytes of the file. The return value can
-// be used to write to the end of the file at path. The value is
-// meaningless if IsDir returns true.
-func (fi fileInfo) Size() int64 {
-	if fi.IsDir() {
-		return 0
-	}
-
-	return fi.FileInfo.Size()
-}
-
-// ModTime returns the modification time for the file. For backends that
-// don't have a modification time, the creation time should be returned.
-func (fi fileInfo) ModTime() time.Time {
-	return fi.FileInfo.ModTime()
-}
-
-// IsDir returns true if the path is a directory.
-func (fi fileInfo) IsDir() bool {
-	return fi.FileInfo.IsDir()
-}
-
-type fileWriter struct {
-	file      *os.File
-	size      int64
-	bw        *bufio.Writer
-	closed    bool
-	committed bool
-	cancelled bool
-}
-
-func newFileWriter(file *os.File, size int64) *fileWriter {
-	return &fileWriter{
-		file: file,
-		size: size,
-		bw:   bufio.NewWriter(file),
-	}
-}
-
-func (fw *fileWriter) Write(p []byte) (int, error) {
-	if fw.closed {
-		return 0, fmt.Errorf("already closed")
-	} else if fw.committed {
-		return 0, fmt.Errorf("already committed")
-	} else if fw.cancelled {
-		return 0, fmt.Errorf("already cancelled")
-	}
-	n, err := fw.bw.Write(p)
-	fw.size += int64(n)
-	return n, err
-}
-
-func (fw *fileWriter) Size() int64 {
-	return fw.size
-}
-
-func (fw *fileWriter) Close() error {
-	if fw.closed {
-		return fmt.Errorf("already closed")
-	}
-
-	if err := fw.bw.Flush(); err != nil {
-		return err
-	}
-
-	if err := fw.file.Sync(); err != nil {
-		return err
-	}
-
-	if err := fw.file.Close(); err != nil {
-		return err
-	}
-	fw.closed = true
-	return nil
-}
-
-func (fw *fileWriter) Cancel() error {
-	if fw.closed {
-		return fmt.Errorf("already closed")
-	}
-
-	fw.cancelled = true
-	fw.file.Close()
-	return os.Remove(fw.file.Name())
-}
-
-func (fw *fileWriter) Commit() error {
-	if fw.closed {
-		return fmt.Errorf("already closed")
-	} else if fw.committed {
-		return fmt.Errorf("already committed")
-	} else if fw.cancelled {
-		return fmt.Errorf("already cancelled")
-	}
-
-	if err := fw.bw.Flush(); err != nil {
-		return err
-	}
-
-	if err := fw.file.Sync(); err != nil {
-		return err
-	}
-
-	fw.committed = true
-	return nil
-}
diff --git a/vendor/github.com/docker/distribution/registry/storage/driver/gcs/doc.go b/vendor/github.com/docker/distribution/registry/storage/driver/gcs/doc.go
deleted file mode 100644
index 0f23ea785..000000000
--- a/vendor/github.com/docker/distribution/registry/storage/driver/gcs/doc.go
+++ /dev/null
@@ -1,3 +0,0 @@
-// Package gcs implements the Google Cloud Storage driver backend. Support can be
-// enabled by including the "include_gcs" build tag.
-package gcs
diff --git a/vendor/github.com/docker/distribution/registry/storage/driver/gcs/gcs.go b/vendor/github.com/docker/distribution/registry/storage/driver/gcs/gcs.go
deleted file mode 100644
index 66d0d1ad7..000000000
--- a/vendor/github.com/docker/distribution/registry/storage/driver/gcs/gcs.go
+++ /dev/null
@@ -1,931 +0,0 @@
-// Package gcs provides a storagedriver.StorageDriver implementation to
-// store blobs in Google cloud storage.
-//
-// This package leverages the google.golang.org/cloud/storage client library
-//for interfacing with gcs.
-//
-// Because gcs is a key, value store the Stat call does not support last modification
-// time for directories (directories are an abstraction for key, value stores)
-//
-// Note that the contents of incomplete uploads are not accessible even though
-// Stat returns their length
-//
-//go:build include_gcs
-// +build include_gcs
-
-package gcs
-
-import (
-	"bytes"
-	"context"
-	"encoding/json"
-	"fmt"
-	"io"
-	"io/ioutil"
-	"math/rand"
-	"net/http"
-	"net/url"
-	"reflect"
-	"regexp"
-	"sort"
-	"strconv"
-	"strings"
-	"time"
-
-	storagedriver "github.com/docker/distribution/registry/storage/driver"
-	"github.com/docker/distribution/registry/storage/driver/base"
-	"github.com/docker/distribution/registry/storage/driver/factory"
-	"github.com/sirupsen/logrus"
-	"golang.org/x/oauth2"
-	"golang.org/x/oauth2/google"
-	"golang.org/x/oauth2/jwt"
-	"google.golang.org/api/googleapi"
-	"google.golang.org/cloud"
-	"google.golang.org/cloud/storage"
-)
-
-const (
-	driverName     = "gcs"
-	dummyProjectID = "<unknown>"
-
-	uploadSessionContentType = "application/x-docker-upload-session"
-	minChunkSize             = 256 * 1024
-	defaultChunkSize         = 20 * minChunkSize
-	defaultMaxConcurrency    = 50
-	minConcurrency           = 25
-
-	maxTries = 5
-)
-
-var rangeHeader = regexp.MustCompile(`^bytes=([0-9])+-([0-9]+)$`)
-
-// driverParameters is a struct that encapsulates all of the driver parameters after all values have been set
-type driverParameters struct {
-	bucket        string
-	config        *jwt.Config
-	email         string
-	privateKey    []byte
-	client        *http.Client
-	rootDirectory string
-	chunkSize     int
-
-	// maxConcurrency limits the number of concurrent driver operations
-	// to GCS, which ultimately increases reliability of many simultaneous
-	// pushes by ensuring we aren't DoSing our own server with many
-	// connections.
-	maxConcurrency uint64
-}
-
-func init() {
-	factory.Register(driverName, &gcsDriverFactory{})
-}
-
-// gcsDriverFactory implements the factory.StorageDriverFactory interface
-type gcsDriverFactory struct{}
-
-// Create StorageDriver from parameters
-func (factory *gcsDriverFactory) Create(parameters map[string]interface{}) (storagedriver.StorageDriver, error) {
-	return FromParameters(parameters)
-}
-
-// driver is a storagedriver.StorageDriver implementation backed by GCS
-// Objects are stored at absolute keys in the provided bucket.
-type driver struct {
-	client        *http.Client
-	bucket        string
-	email         string
-	privateKey    []byte
-	rootDirectory string
-	chunkSize     int
-}
-
-// Wrapper wraps `driver` with a throttler, ensuring that no more than N
-// GCS actions can occur concurrently. The default limit is 75.
-type Wrapper struct {
-	baseEmbed
-}
-
-type baseEmbed struct {
-	base.Base
-}
-
-// FromParameters constructs a new Driver with a given parameters map
-// Required parameters:
-// - bucket
-func FromParameters(parameters map[string]interface{}) (storagedriver.StorageDriver, error) {
-	bucket, ok := parameters["bucket"]
-	if !ok || fmt.Sprint(bucket) == "" {
-		return nil, fmt.Errorf("No bucket parameter provided")
-	}
-
-	rootDirectory, ok := parameters["rootdirectory"]
-	if !ok {
-		rootDirectory = ""
-	}
-
-	chunkSize := defaultChunkSize
-	chunkSizeParam, ok := parameters["chunksize"]
-	if ok {
-		switch v := chunkSizeParam.(type) {
-		case string:
-			vv, err := strconv.Atoi(v)
-			if err != nil {
-				return nil, fmt.Errorf("chunksize parameter must be an integer, %v invalid", chunkSizeParam)
-			}
-			chunkSize = vv
-		case int, uint, int32, uint32, uint64, int64:
-			chunkSize = int(reflect.ValueOf(v).Convert(reflect.TypeOf(chunkSize)).Int())
-		default:
-			return nil, fmt.Errorf("invalid valud for chunksize: %#v", chunkSizeParam)
-		}
-
-		if chunkSize < minChunkSize {
-			return nil, fmt.Errorf("The chunksize %#v parameter should be a number that is larger than or equal to %d", chunkSize, minChunkSize)
-		}
-
-		if chunkSize%minChunkSize != 0 {
-			return nil, fmt.Errorf("chunksize should be a multiple of %d", minChunkSize)
-		}
-	}
-
-	var ts oauth2.TokenSource
-	jwtConf := new(jwt.Config)
-	if keyfile, ok := parameters["keyfile"]; ok {
-		jsonKey, err := ioutil.ReadFile(fmt.Sprint(keyfile))
-		if err != nil {
-			return nil, err
-		}
-		jwtConf, err = google.JWTConfigFromJSON(jsonKey, storage.ScopeFullControl)
-		if err != nil {
-			return nil, err
-		}
-		ts = jwtConf.TokenSource(context.Background())
-	} else if credentials, ok := parameters["credentials"]; ok {
-		credentialMap, ok := credentials.(map[interface{}]interface{})
-		if !ok {
-			return nil, fmt.Errorf("The credentials were not specified in the correct format")
-		}
-
-		stringMap := map[string]interface{}{}
-		for k, v := range credentialMap {
-			key, ok := k.(string)
-			if !ok {
-				return nil, fmt.Errorf("One of the credential keys was not a string: %s", fmt.Sprint(k))
-			}
-			stringMap[key] = v
-		}
-
-		data, err := json.Marshal(stringMap)
-		if err != nil {
-			return nil, fmt.Errorf("Failed to marshal gcs credentials to json")
-		}
-
-		jwtConf, err = google.JWTConfigFromJSON(data, storage.ScopeFullControl)
-		if err != nil {
-			return nil, err
-		}
-		ts = jwtConf.TokenSource(context.Background())
-	} else {
-		var err error
-		ts, err = google.DefaultTokenSource(context.Background(), storage.ScopeFullControl)
-		if err != nil {
-			return nil, err
-		}
-	}
-
-	maxConcurrency, err := base.GetLimitFromParameter(parameters["maxconcurrency"], minConcurrency, defaultMaxConcurrency)
-	if err != nil {
-		return nil, fmt.Errorf("maxconcurrency config error: %s", err)
-	}
-
-	params := driverParameters{
-		bucket:         fmt.Sprint(bucket),
-		rootDirectory:  fmt.Sprint(rootDirectory),
-		email:          jwtConf.Email,
-		privateKey:     jwtConf.PrivateKey,
-		client:         oauth2.NewClient(context.Background(), ts),
-		chunkSize:      chunkSize,
-		maxConcurrency: maxConcurrency,
-	}
-
-	return New(params)
-}
-
-// New constructs a new driver
-func New(params driverParameters) (storagedriver.StorageDriver, error) {
-	rootDirectory := strings.Trim(params.rootDirectory, "/")
-	if rootDirectory != "" {
-		rootDirectory += "/"
-	}
-	if params.chunkSize <= 0 || params.chunkSize%minChunkSize != 0 {
-		return nil, fmt.Errorf("Invalid chunksize: %d is not a positive multiple of %d", params.chunkSize, minChunkSize)
-	}
-	d := &driver{
-		bucket:        params.bucket,
-		rootDirectory: rootDirectory,
-		email:         params.email,
-		privateKey:    params.privateKey,
-		client:        params.client,
-		chunkSize:     params.chunkSize,
-	}
-
-	return &Wrapper{
-		baseEmbed: baseEmbed{
-			Base: base.Base{
-				StorageDriver: base.NewRegulator(d, params.maxConcurrency),
-			},
-		},
-	}, nil
-}
-
-// Implement the storagedriver.StorageDriver interface
-
-func (d *driver) Name() string {
-	return driverName
-}
-
-// GetContent retrieves the content stored at "path" as a []byte.
-// This should primarily be used for small objects.
-func (d *driver) GetContent(context context.Context, path string) ([]byte, error) {
-	gcsContext := d.context(context)
-	name := d.pathToKey(path)
-	var rc io.ReadCloser
-	err := retry(func() error {
-		var err error
-		rc, err = storage.NewReader(gcsContext, d.bucket, name)
-		return err
-	})
-	if err == storage.ErrObjectNotExist {
-		return nil, storagedriver.PathNotFoundError{Path: path}
-	}
-	if err != nil {
-		return nil, err
-	}
-	defer rc.Close()
-
-	p, err := ioutil.ReadAll(rc)
-	if err != nil {
-		return nil, err
-	}
-	return p, nil
-}
-
-// PutContent stores the []byte content at a location designated by "path".
-// This should primarily be used for small objects.
-func (d *driver) PutContent(context context.Context, path string, contents []byte) error {
-	return retry(func() error {
-		wc := storage.NewWriter(d.context(context), d.bucket, d.pathToKey(path))
-		wc.ContentType = "application/octet-stream"
-		return putContentsClose(wc, contents)
-	})
-}
-
-// Reader retrieves an io.ReadCloser for the content stored at "path"
-// with a given byte offset.
-// May be used to resume reading a stream by providing a nonzero offset.
-func (d *driver) Reader(context context.Context, path string, offset int64) (io.ReadCloser, error) {
-	res, err := getObject(d.client, d.bucket, d.pathToKey(path), offset)
-	if err != nil {
-		if res != nil {
-			if res.StatusCode == http.StatusNotFound {
-				res.Body.Close()
-				return nil, storagedriver.PathNotFoundError{Path: path}
-			}
-
-			if res.StatusCode == http.StatusRequestedRangeNotSatisfiable {
-				res.Body.Close()
-				obj, err := storageStatObject(d.context(context), d.bucket, d.pathToKey(path))
-				if err != nil {
-					return nil, err
-				}
-				if offset == int64(obj.Size) {
-					return ioutil.NopCloser(bytes.NewReader([]byte{})), nil
-				}
-				return nil, storagedriver.InvalidOffsetError{Path: path, Offset: offset}
-			}
-		}
-		return nil, err
-	}
-	if res.Header.Get("Content-Type") == uploadSessionContentType {
-		defer res.Body.Close()
-		return nil, storagedriver.PathNotFoundError{Path: path}
-	}
-	return res.Body, nil
-}
-
-func getObject(client *http.Client, bucket string, name string, offset int64) (*http.Response, error) {
-	// copied from google.golang.org/cloud/storage#NewReader :
-	// to set the additional "Range" header
-	u := &url.URL{
-		Scheme: "https",
-		Host:   "storage.googleapis.com",
-		Path:   fmt.Sprintf("/%s/%s", bucket, name),
-	}
-	req, err := http.NewRequest("GET", u.String(), nil)
-	if err != nil {
-		return nil, err
-	}
-	if offset > 0 {
-		req.Header.Set("Range", fmt.Sprintf("bytes=%v-", offset))
-	}
-	var res *http.Response
-	err = retry(func() error {
-		var err error
-		res, err = client.Do(req)
-		return err
-	})
-	if err != nil {
-		return nil, err
-	}
-	return res, googleapi.CheckMediaResponse(res)
-}
-
-// Writer returns a FileWriter which will store the content written to it
-// at the location designated by "path" after the call to Commit.
-func (d *driver) Writer(context context.Context, path string, append bool) (storagedriver.FileWriter, error) {
-	writer := &writer{
-		client: d.client,
-		bucket: d.bucket,
-		name:   d.pathToKey(path),
-		buffer: make([]byte, d.chunkSize),
-	}
-
-	if append {
-		err := writer.init(path)
-		if err != nil {
-			return nil, err
-		}
-	}
-	return writer, nil
-}
-
-type writer struct {
-	client     *http.Client
-	bucket     string
-	name       string
-	size       int64
-	offset     int64
-	closed     bool
-	sessionURI string
-	buffer     []byte
-	buffSize   int
-}
-
-// Cancel removes any written content from this FileWriter.
-func (w *writer) Cancel() error {
-	w.closed = true
-	err := storageDeleteObject(cloud.NewContext(dummyProjectID, w.client), w.bucket, w.name)
-	if err != nil {
-		if status, ok := err.(*googleapi.Error); ok {
-			if status.Code == http.StatusNotFound {
-				err = nil
-			}
-		}
-	}
-	return err
-}
-
-func (w *writer) Close() error {
-	if w.closed {
-		return nil
-	}
-	w.closed = true
-
-	err := w.writeChunk()
-	if err != nil {
-		return err
-	}
-
-	// Copy the remaining bytes from the buffer to the upload session
-	// Normally buffSize will be smaller than minChunkSize. However, in the
-	// unlikely event that the upload session failed to start, this number could be higher.
-	// In this case we can safely clip the remaining bytes to the minChunkSize
-	if w.buffSize > minChunkSize {
-		w.buffSize = minChunkSize
-	}
-
-	// commit the writes by updating the upload session
-	err = retry(func() error {
-		wc := storage.NewWriter(cloud.NewContext(dummyProjectID, w.client), w.bucket, w.name)
-		wc.ContentType = uploadSessionContentType
-		wc.Metadata = map[string]string{
-			"Session-URI": w.sessionURI,
-			"Offset":      strconv.FormatInt(w.offset, 10),
-		}
-		return putContentsClose(wc, w.buffer[0:w.buffSize])
-	})
-	if err != nil {
-		return err
-	}
-	w.size = w.offset + int64(w.buffSize)
-	w.buffSize = 0
-	return nil
-}
-
-func putContentsClose(wc *storage.Writer, contents []byte) error {
-	size := len(contents)
-	var nn int
-	var err error
-	for nn < size {
-		n, err := wc.Write(contents[nn:size])
-		nn += n
-		if err != nil {
-			break
-		}
-	}
-	if err != nil {
-		wc.CloseWithError(err)
-		return err
-	}
-	return wc.Close()
-}
-
-// Commit flushes all content written to this FileWriter and makes it
-// available for future calls to StorageDriver.GetContent and
-// StorageDriver.Reader.
-func (w *writer) Commit() error {
-
-	if err := w.checkClosed(); err != nil {
-		return err
-	}
-	w.closed = true
-
-	// no session started yet just perform a simple upload
-	if w.sessionURI == "" {
-		err := retry(func() error {
-			wc := storage.NewWriter(cloud.NewContext(dummyProjectID, w.client), w.bucket, w.name)
-			wc.ContentType = "application/octet-stream"
-			return putContentsClose(wc, w.buffer[0:w.buffSize])
-		})
-		if err != nil {
-			return err
-		}
-		w.size = w.offset + int64(w.buffSize)
-		w.buffSize = 0
-		return nil
-	}
-	size := w.offset + int64(w.buffSize)
-	var nn int
-	// loop must be performed at least once to ensure the file is committed even when
-	// the buffer is empty
-	for {
-		n, err := putChunk(w.client, w.sessionURI, w.buffer[nn:w.buffSize], w.offset, size)
-		nn += int(n)
-		w.offset += n
-		w.size = w.offset
-		if err != nil {
-			w.buffSize = copy(w.buffer, w.buffer[nn:w.buffSize])
-			return err
-		}
-		if nn == w.buffSize {
-			break
-		}
-	}
-	w.buffSize = 0
-	return nil
-}
-
-func (w *writer) checkClosed() error {
-	if w.closed {
-		return fmt.Errorf("Writer already closed")
-	}
-	return nil
-}
-
-func (w *writer) writeChunk() error {
-	var err error
-	// chunks can be uploaded only in multiples of minChunkSize
-	// chunkSize is a multiple of minChunkSize less than or equal to buffSize
-	chunkSize := w.buffSize - (w.buffSize % minChunkSize)
-	if chunkSize == 0 {
-		return nil
-	}
-	// if their is no sessionURI yet, obtain one by starting the session
-	if w.sessionURI == "" {
-		w.sessionURI, err = startSession(w.client, w.bucket, w.name)
-	}
-	if err != nil {
-		return err
-	}
-	nn, err := putChunk(w.client, w.sessionURI, w.buffer[0:chunkSize], w.offset, -1)
-	w.offset += nn
-	if w.offset > w.size {
-		w.size = w.offset
-	}
-	// shift the remaining bytes to the start of the buffer
-	w.buffSize = copy(w.buffer, w.buffer[int(nn):w.buffSize])
-
-	return err
-}
-
-func (w *writer) Write(p []byte) (int, error) {
-	err := w.checkClosed()
-	if err != nil {
-		return 0, err
-	}
-
-	var nn int
-	for nn < len(p) {
-		n := copy(w.buffer[w.buffSize:], p[nn:])
-		w.buffSize += n
-		if w.buffSize == cap(w.buffer) {
-			err = w.writeChunk()
-			if err != nil {
-				break
-			}
-		}
-		nn += n
-	}
-	return nn, err
-}
-
-// Size returns the number of bytes written to this FileWriter.
-func (w *writer) Size() int64 {
-	return w.size
-}
-
-func (w *writer) init(path string) error {
-	res, err := getObject(w.client, w.bucket, w.name, 0)
-	if err != nil {
-		return err
-	}
-	defer res.Body.Close()
-	if res.Header.Get("Content-Type") != uploadSessionContentType {
-		return storagedriver.PathNotFoundError{Path: path}
-	}
-	offset, err := strconv.ParseInt(res.Header.Get("X-Goog-Meta-Offset"), 10, 64)
-	if err != nil {
-		return err
-	}
-	buffer, err := ioutil.ReadAll(res.Body)
-	if err != nil {
-		return err
-	}
-	w.sessionURI = res.Header.Get("X-Goog-Meta-Session-URI")
-	w.buffSize = copy(w.buffer, buffer)
-	w.offset = offset
-	w.size = offset + int64(w.buffSize)
-	return nil
-}
-
-type request func() error
-
-func retry(req request) error {
-	backoff := time.Second
-	var err error
-	for i := 0; i < maxTries; i++ {
-		err = req()
-		if err == nil {
-			return nil
-		}
-
-		status, ok := err.(*googleapi.Error)
-		if !ok || (status.Code != 429 && status.Code < http.StatusInternalServerError) {
-			return err
-		}
-
-		time.Sleep(backoff - time.Second + (time.Duration(rand.Int31n(1000)) * time.Millisecond))
-		if i <= 4 {
-			backoff = backoff * 2
-		}
-	}
-	return err
-}
-
-// Stat retrieves the FileInfo for the given path, including the current
-// size in bytes and the creation time.
-func (d *driver) Stat(context context.Context, path string) (storagedriver.FileInfo, error) {
-	var fi storagedriver.FileInfoFields
-	//try to get as file
-	gcsContext := d.context(context)
-	obj, err := storageStatObject(gcsContext, d.bucket, d.pathToKey(path))
-	if err == nil {
-		if obj.ContentType == uploadSessionContentType {
-			return nil, storagedriver.PathNotFoundError{Path: path}
-		}
-		fi = storagedriver.FileInfoFields{
-			Path:    path,
-			Size:    obj.Size,
-			ModTime: obj.Updated,
-			IsDir:   false,
-		}
-		return storagedriver.FileInfoInternal{FileInfoFields: fi}, nil
-	}
-	//try to get as folder
-	dirpath := d.pathToDirKey(path)
-
-	var query *storage.Query
-	query = &storage.Query{}
-	query.Prefix = dirpath
-	query.MaxResults = 1
-
-	objects, err := storageListObjects(gcsContext, d.bucket, query)
-	if err != nil {
-		return nil, err
-	}
-	if len(objects.Results) < 1 {
-		return nil, storagedriver.PathNotFoundError{Path: path}
-	}
-	fi = storagedriver.FileInfoFields{
-		Path:  path,
-		IsDir: true,
-	}
-	obj = objects.Results[0]
-	if obj.Name == dirpath {
-		fi.Size = obj.Size
-		fi.ModTime = obj.Updated
-	}
-	return storagedriver.FileInfoInternal{FileInfoFields: fi}, nil
-}
-
-// List returns a list of the objects that are direct descendants of the
-//given path.
-func (d *driver) List(context context.Context, path string) ([]string, error) {
-	var query *storage.Query
-	query = &storage.Query{}
-	query.Delimiter = "/"
-	query.Prefix = d.pathToDirKey(path)
-	list := make([]string, 0, 64)
-	for {
-		objects, err := storageListObjects(d.context(context), d.bucket, query)
-		if err != nil {
-			return nil, err
-		}
-		for _, object := range objects.Results {
-			// GCS does not guarantee strong consistency between
-			// DELETE and LIST operations. Check that the object is not deleted,
-			// and filter out any objects with a non-zero time-deleted
-			if object.Deleted.IsZero() && object.ContentType != uploadSessionContentType {
-				list = append(list, d.keyToPath(object.Name))
-			}
-		}
-		for _, subpath := range objects.Prefixes {
-			subpath = d.keyToPath(subpath)
-			list = append(list, subpath)
-		}
-		query = objects.Next
-		if query == nil {
-			break
-		}
-	}
-	if path != "/" && len(list) == 0 {
-		// Treat empty response as missing directory, since we don't actually
-		// have directories in Google Cloud Storage.
-		return nil, storagedriver.PathNotFoundError{Path: path}
-	}
-	return list, nil
-}
-
-// Move moves an object stored at sourcePath to destPath, removing the
-// original object.
-func (d *driver) Move(context context.Context, sourcePath string, destPath string) error {
-	gcsContext := d.context(context)
-	_, err := storageCopyObject(gcsContext, d.bucket, d.pathToKey(sourcePath), d.bucket, d.pathToKey(destPath), nil)
-	if err != nil {
-		if status, ok := err.(*googleapi.Error); ok {
-			if status.Code == http.StatusNotFound {
-				return storagedriver.PathNotFoundError{Path: sourcePath}
-			}
-		}
-		return err
-	}
-	err = storageDeleteObject(gcsContext, d.bucket, d.pathToKey(sourcePath))
-	// if deleting the file fails, log the error, but do not fail; the file was successfully copied,
-	// and the original should eventually be cleaned when purging the uploads folder.
-	if err != nil {
-		logrus.Infof("error deleting file: %v due to %v", sourcePath, err)
-	}
-	return nil
-}
-
-// listAll recursively lists all names of objects stored at "prefix" and its subpaths.
-func (d *driver) listAll(context context.Context, prefix string) ([]string, error) {
-	list := make([]string, 0, 64)
-	query := &storage.Query{}
-	query.Prefix = prefix
-	query.Versions = false
-	for {
-		objects, err := storageListObjects(d.context(context), d.bucket, query)
-		if err != nil {
-			return nil, err
-		}
-		for _, obj := range objects.Results {
-			// GCS does not guarantee strong consistency between
-			// DELETE and LIST operations. Check that the object is not deleted,
-			// and filter out any objects with a non-zero time-deleted
-			if obj.Deleted.IsZero() {
-				list = append(list, obj.Name)
-			}
-		}
-		query = objects.Next
-		if query == nil {
-			break
-		}
-	}
-	return list, nil
-}
-
-// Delete recursively deletes all objects stored at "path" and its subpaths.
-func (d *driver) Delete(context context.Context, path string) error {
-	prefix := d.pathToDirKey(path)
-	gcsContext := d.context(context)
-	keys, err := d.listAll(gcsContext, prefix)
-	if err != nil {
-		return err
-	}
-	if len(keys) > 0 {
-		sort.Sort(sort.Reverse(sort.StringSlice(keys)))
-		for _, key := range keys {
-			err := storageDeleteObject(gcsContext, d.bucket, key)
-			// GCS only guarantees eventual consistency, so listAll might return
-			// paths that no longer exist. If this happens, just ignore any not
-			// found error
-			if status, ok := err.(*googleapi.Error); ok {
-				if status.Code == http.StatusNotFound {
-					err = nil
-				}
-			}
-			if err != nil {
-				return err
-			}
-		}
-		return nil
-	}
-	err = storageDeleteObject(gcsContext, d.bucket, d.pathToKey(path))
-	if err != nil {
-		if status, ok := err.(*googleapi.Error); ok {
-			if status.Code == http.StatusNotFound {
-				return storagedriver.PathNotFoundError{Path: path}
-			}
-		}
-	}
-	return err
-}
-
-func storageDeleteObject(context context.Context, bucket string, name string) error {
-	return retry(func() error {
-		return storage.DeleteObject(context, bucket, name)
-	})
-}
-
-func storageStatObject(context context.Context, bucket string, name string) (*storage.Object, error) {
-	var obj *storage.Object
-	err := retry(func() error {
-		var err error
-		obj, err = storage.StatObject(context, bucket, name)
-		return err
-	})
-	return obj, err
-}
-
-func storageListObjects(context context.Context, bucket string, q *storage.Query) (*storage.Objects, error) {
-	var objs *storage.Objects
-	err := retry(func() error {
-		var err error
-		objs, err = storage.ListObjects(context, bucket, q)
-		return err
-	})
-	return objs, err
-}
-
-func storageCopyObject(context context.Context, srcBucket, srcName string, destBucket, destName string, attrs *storage.ObjectAttrs) (*storage.Object, error) {
-	var obj *storage.Object
-	err := retry(func() error {
-		var err error
-		obj, err = storage.CopyObject(context, srcBucket, srcName, destBucket, destName, attrs)
-		return err
-	})
-	return obj, err
-}
-
-// URLFor returns a URL which may be used to retrieve the content stored at
-// the given path, possibly using the given options.
-// Returns ErrUnsupportedMethod if this driver has no privateKey
-func (d *driver) URLFor(context context.Context, path string, options map[string]interface{}) (string, error) {
-	if d.privateKey == nil {
-		return "", storagedriver.ErrUnsupportedMethod{}
-	}
-
-	name := d.pathToKey(path)
-	methodString := "GET"
-	method, ok := options["method"]
-	if ok {
-		methodString, ok = method.(string)
-		if !ok || (methodString != "GET" && methodString != "HEAD") {
-			return "", storagedriver.ErrUnsupportedMethod{}
-		}
-	}
-
-	expiresTime := time.Now().Add(20 * time.Minute)
-	expires, ok := options["expiry"]
-	if ok {
-		et, ok := expires.(time.Time)
-		if ok {
-			expiresTime = et
-		}
-	}
-
-	opts := &storage.SignedURLOptions{
-		GoogleAccessID: d.email,
-		PrivateKey:     d.privateKey,
-		Method:         methodString,
-		Expires:        expiresTime,
-	}
-	return storage.SignedURL(d.bucket, name, opts)
-}
-
-// Walk traverses a filesystem defined within driver, starting
-// from the given path, calling f on each file
-func (d *driver) Walk(ctx context.Context, path string, f storagedriver.WalkFn) error {
-	return storagedriver.WalkFallback(ctx, d, path, f)
-}
-
-func startSession(client *http.Client, bucket string, name string) (uri string, err error) {
-	u := &url.URL{
-		Scheme:   "https",
-		Host:     "www.googleapis.com",
-		Path:     fmt.Sprintf("/upload/storage/v1/b/%v/o", bucket),
-		RawQuery: fmt.Sprintf("uploadType=resumable&name=%v", name),
-	}
-	err = retry(func() error {
-		req, err := http.NewRequest("POST", u.String(), nil)
-		if err != nil {
-			return err
-		}
-		req.Header.Set("X-Upload-Content-Type", "application/octet-stream")
-		req.Header.Set("Content-Length", "0")
-		resp, err := client.Do(req)
-		if err != nil {
-			return err
-		}
-		defer resp.Body.Close()
-		err = googleapi.CheckMediaResponse(resp)
-		if err != nil {
-			return err
-		}
-		uri = resp.Header.Get("Location")
-		return nil
-	})
-	return uri, err
-}
-
-func putChunk(client *http.Client, sessionURI string, chunk []byte, from int64, totalSize int64) (int64, error) {
-	bytesPut := int64(0)
-	err := retry(func() error {
-		req, err := http.NewRequest("PUT", sessionURI, bytes.NewReader(chunk))
-		if err != nil {
-			return err
-		}
-		length := int64(len(chunk))
-		to := from + length - 1
-		size := "*"
-		if totalSize >= 0 {
-			size = strconv.FormatInt(totalSize, 10)
-		}
-		req.Header.Set("Content-Type", "application/octet-stream")
-		if from == to+1 {
-			req.Header.Set("Content-Range", fmt.Sprintf("bytes */%v", size))
-		} else {
-			req.Header.Set("Content-Range", fmt.Sprintf("bytes %v-%v/%v", from, to, size))
-		}
-		req.Header.Set("Content-Length", strconv.FormatInt(length, 10))
-
-		resp, err := client.Do(req)
-		if err != nil {
-			return err
-		}
-		defer resp.Body.Close()
-		if totalSize < 0 && resp.StatusCode == 308 {
-			groups := rangeHeader.FindStringSubmatch(resp.Header.Get("Range"))
-			end, err := strconv.ParseInt(groups[2], 10, 64)
-			if err != nil {
-				return err
-			}
-			bytesPut = end - from + 1
-			return nil
-		}
-		err = googleapi.CheckMediaResponse(resp)
-		if err != nil {
-			return err
-		}
-		bytesPut = to - from + 1
-		return nil
-	})
-	return bytesPut, err
-}
-
-func (d *driver) context(context context.Context) context.Context {
-	return cloud.WithContext(context, dummyProjectID, d.client)
-}
-
-func (d *driver) pathToKey(path string) string {
-	return strings.TrimSpace(strings.TrimRight(d.rootDirectory+strings.TrimLeft(path, "/"), "/"))
-}
-
-func (d *driver) pathToDirKey(path string) string {
-	return d.pathToKey(path) + "/"
-}
-
-func (d *driver) keyToPath(key string) string {
-	return "/" + strings.Trim(strings.TrimPrefix(key, d.rootDirectory), "/")
-}
diff --git a/vendor/github.com/docker/distribution/registry/storage/driver/inmemory/driver.go b/vendor/github.com/docker/distribution/registry/storage/driver/inmemory/driver.go
deleted file mode 100644
index 4b1f5f48d..000000000
--- a/vendor/github.com/docker/distribution/registry/storage/driver/inmemory/driver.go
+++ /dev/null
@@ -1,322 +0,0 @@
-package inmemory
-
-import (
-	"context"
-	"fmt"
-	"io"
-	"io/ioutil"
-	"sync"
-	"time"
-
-	storagedriver "github.com/docker/distribution/registry/storage/driver"
-	"github.com/docker/distribution/registry/storage/driver/base"
-	"github.com/docker/distribution/registry/storage/driver/factory"
-)
-
-const driverName = "inmemory"
-
-func init() {
-	factory.Register(driverName, &inMemoryDriverFactory{})
-}
-
-// inMemoryDriverFacotry implements the factory.StorageDriverFactory interface.
-type inMemoryDriverFactory struct{}
-
-func (factory *inMemoryDriverFactory) Create(parameters map[string]interface{}) (storagedriver.StorageDriver, error) {
-	return New(), nil
-}
-
-type driver struct {
-	root  *dir
-	mutex sync.RWMutex
-}
-
-// baseEmbed allows us to hide the Base embed.
-type baseEmbed struct {
-	base.Base
-}
-
-// Driver is a storagedriver.StorageDriver implementation backed by a local map.
-// Intended solely for example and testing purposes.
-type Driver struct {
-	baseEmbed // embedded, hidden base driver.
-}
-
-var _ storagedriver.StorageDriver = &Driver{}
-
-// New constructs a new Driver.
-func New() *Driver {
-	return &Driver{
-		baseEmbed: baseEmbed{
-			Base: base.Base{
-				StorageDriver: &driver{
-					root: &dir{
-						common: common{
-							p:   "/",
-							mod: time.Now(),
-						},
-					},
-				},
-			},
-		},
-	}
-}
-
-// Implement the storagedriver.StorageDriver interface.
-
-func (d *driver) Name() string {
-	return driverName
-}
-
-// GetContent retrieves the content stored at "path" as a []byte.
-func (d *driver) GetContent(ctx context.Context, path string) ([]byte, error) {
-	d.mutex.RLock()
-	defer d.mutex.RUnlock()
-
-	rc, err := d.reader(ctx, path, 0)
-	if err != nil {
-		return nil, err
-	}
-	defer rc.Close()
-
-	return ioutil.ReadAll(rc)
-}
-
-// PutContent stores the []byte content at a location designated by "path".
-func (d *driver) PutContent(ctx context.Context, p string, contents []byte) error {
-	d.mutex.Lock()
-	defer d.mutex.Unlock()
-
-	normalized := normalize(p)
-
-	f, err := d.root.mkfile(normalized)
-	if err != nil {
-		// TODO(stevvooe): Again, we need to clarify when this is not a
-		// directory in StorageDriver API.
-		return fmt.Errorf("not a file")
-	}
-
-	f.truncate()
-	f.WriteAt(contents, 0)
-
-	return nil
-}
-
-// Reader retrieves an io.ReadCloser for the content stored at "path" with a
-// given byte offset.
-func (d *driver) Reader(ctx context.Context, path string, offset int64) (io.ReadCloser, error) {
-	d.mutex.RLock()
-	defer d.mutex.RUnlock()
-
-	return d.reader(ctx, path, offset)
-}
-
-func (d *driver) reader(ctx context.Context, path string, offset int64) (io.ReadCloser, error) {
-	if offset < 0 {
-		return nil, storagedriver.InvalidOffsetError{Path: path, Offset: offset}
-	}
-
-	normalized := normalize(path)
-	found := d.root.find(normalized)
-
-	if found.path() != normalized {
-		return nil, storagedriver.PathNotFoundError{Path: path}
-	}
-
-	if found.isdir() {
-		return nil, fmt.Errorf("%q is a directory", path)
-	}
-
-	return ioutil.NopCloser(found.(*file).sectionReader(offset)), nil
-}
-
-// Writer returns a FileWriter which will store the content written to it
-// at the location designated by "path" after the call to Commit.
-func (d *driver) Writer(ctx context.Context, path string, append bool) (storagedriver.FileWriter, error) {
-	d.mutex.Lock()
-	defer d.mutex.Unlock()
-
-	normalized := normalize(path)
-
-	f, err := d.root.mkfile(normalized)
-	if err != nil {
-		return nil, fmt.Errorf("not a file")
-	}
-
-	if !append {
-		f.truncate()
-	}
-
-	return d.newWriter(f), nil
-}
-
-// Stat returns info about the provided path.
-func (d *driver) Stat(ctx context.Context, path string) (storagedriver.FileInfo, error) {
-	d.mutex.RLock()
-	defer d.mutex.RUnlock()
-
-	normalized := normalize(path)
-	found := d.root.find(normalized)
-
-	if found.path() != normalized {
-		return nil, storagedriver.PathNotFoundError{Path: path}
-	}
-
-	fi := storagedriver.FileInfoFields{
-		Path:    path,
-		IsDir:   found.isdir(),
-		ModTime: found.modtime(),
-	}
-
-	if !fi.IsDir {
-		fi.Size = int64(len(found.(*file).data))
-	}
-
-	return storagedriver.FileInfoInternal{FileInfoFields: fi}, nil
-}
-
-// List returns a list of the objects that are direct descendants of the given
-// path.
-func (d *driver) List(ctx context.Context, path string) ([]string, error) {
-	d.mutex.RLock()
-	defer d.mutex.RUnlock()
-
-	normalized := normalize(path)
-
-	found := d.root.find(normalized)
-
-	if !found.isdir() {
-		return nil, fmt.Errorf("not a directory") // TODO(stevvooe): Need error type for this...
-	}
-
-	entries, err := found.(*dir).list(normalized)
-
-	if err != nil {
-		switch err {
-		case errNotExists:
-			return nil, storagedriver.PathNotFoundError{Path: path}
-		case errIsNotDir:
-			return nil, fmt.Errorf("not a directory")
-		default:
-			return nil, err
-		}
-	}
-
-	return entries, nil
-}
-
-// Move moves an object stored at sourcePath to destPath, removing the original
-// object.
-func (d *driver) Move(ctx context.Context, sourcePath string, destPath string) error {
-	d.mutex.Lock()
-	defer d.mutex.Unlock()
-
-	normalizedSrc, normalizedDst := normalize(sourcePath), normalize(destPath)
-
-	err := d.root.move(normalizedSrc, normalizedDst)
-	switch err {
-	case errNotExists:
-		return storagedriver.PathNotFoundError{Path: destPath}
-	default:
-		return err
-	}
-}
-
-// Delete recursively deletes all objects stored at "path" and its subpaths.
-func (d *driver) Delete(ctx context.Context, path string) error {
-	d.mutex.Lock()
-	defer d.mutex.Unlock()
-
-	normalized := normalize(path)
-
-	err := d.root.delete(normalized)
-	switch err {
-	case errNotExists:
-		return storagedriver.PathNotFoundError{Path: path}
-	default:
-		return err
-	}
-}
-
-// URLFor returns a URL which may be used to retrieve the content stored at the given path.
-// May return an UnsupportedMethodErr in certain StorageDriver implementations.
-func (d *driver) URLFor(ctx context.Context, path string, options map[string]interface{}) (string, error) {
-	return "", storagedriver.ErrUnsupportedMethod{}
-}
-
-// Walk traverses a filesystem defined within driver, starting
-// from the given path, calling f on each file
-func (d *driver) Walk(ctx context.Context, path string, f storagedriver.WalkFn) error {
-	return storagedriver.WalkFallback(ctx, d, path, f)
-}
-
-type writer struct {
-	d         *driver
-	f         *file
-	closed    bool
-	committed bool
-	cancelled bool
-}
-
-func (d *driver) newWriter(f *file) storagedriver.FileWriter {
-	return &writer{
-		d: d,
-		f: f,
-	}
-}
-
-func (w *writer) Write(p []byte) (int, error) {
-	if w.closed {
-		return 0, fmt.Errorf("already closed")
-	} else if w.committed {
-		return 0, fmt.Errorf("already committed")
-	} else if w.cancelled {
-		return 0, fmt.Errorf("already cancelled")
-	}
-
-	w.d.mutex.Lock()
-	defer w.d.mutex.Unlock()
-
-	return w.f.WriteAt(p, int64(len(w.f.data)))
-}
-
-func (w *writer) Size() int64 {
-	w.d.mutex.RLock()
-	defer w.d.mutex.RUnlock()
-
-	return int64(len(w.f.data))
-}
-
-func (w *writer) Close() error {
-	if w.closed {
-		return fmt.Errorf("already closed")
-	}
-	w.closed = true
-	return nil
-}
-
-func (w *writer) Cancel() error {
-	if w.closed {
-		return fmt.Errorf("already closed")
-	} else if w.committed {
-		return fmt.Errorf("already committed")
-	}
-	w.cancelled = true
-
-	w.d.mutex.Lock()
-	defer w.d.mutex.Unlock()
-
-	return w.d.root.delete(w.f.path())
-}
-
-func (w *writer) Commit() error {
-	if w.closed {
-		return fmt.Errorf("already closed")
-	} else if w.committed {
-		return fmt.Errorf("already committed")
-	} else if w.cancelled {
-		return fmt.Errorf("already cancelled")
-	}
-	w.committed = true
-	return nil
-}
diff --git a/vendor/github.com/docker/distribution/registry/storage/driver/inmemory/mfs.go b/vendor/github.com/docker/distribution/registry/storage/driver/inmemory/mfs.go
deleted file mode 100644
index 24eeef98d..000000000
--- a/vendor/github.com/docker/distribution/registry/storage/driver/inmemory/mfs.go
+++ /dev/null
@@ -1,327 +0,0 @@
-package inmemory
-
-import (
-	"fmt"
-	"io"
-	"path"
-	"sort"
-	"strings"
-	"time"
-)
-
-var (
-	errExists    = fmt.Errorf("exists")
-	errNotExists = fmt.Errorf("notexists")
-	errIsNotDir  = fmt.Errorf("notdir")
-	errIsDir     = fmt.Errorf("isdir")
-)
-
-type node interface {
-	name() string
-	path() string
-	isdir() bool
-	modtime() time.Time
-}
-
-// dir is the central type for the memory-based  storagedriver. All operations
-// are dispatched from a root dir.
-type dir struct {
-	common
-
-	// TODO(stevvooe): Use sorted slice + search.
-	children map[string]node
-}
-
-var _ node = &dir{}
-
-func (d *dir) isdir() bool {
-	return true
-}
-
-// add places the node n into dir d.
-func (d *dir) add(n node) {
-	if d.children == nil {
-		d.children = make(map[string]node)
-	}
-
-	d.children[n.name()] = n
-	d.mod = time.Now()
-}
-
-// find searches for the node, given path q in dir. If the node is found, it
-// will be returned. If the node is not found, the closet existing parent. If
-// the node is found, the returned (node).path() will match q.
-func (d *dir) find(q string) node {
-	q = strings.Trim(q, "/")
-	i := strings.Index(q, "/")
-
-	if q == "" {
-		return d
-	}
-
-	if i == 0 {
-		panic("shouldn't happen, no root paths")
-	}
-
-	var component string
-	if i < 0 {
-		// No more path components
-		component = q
-	} else {
-		component = q[:i]
-	}
-
-	child, ok := d.children[component]
-	if !ok {
-		// Node was not found. Return p and the current node.
-		return d
-	}
-
-	if child.isdir() {
-		// traverse down!
-		q = q[i+1:]
-		return child.(*dir).find(q)
-	}
-
-	return child
-}
-
-func (d *dir) list(p string) ([]string, error) {
-	n := d.find(p)
-
-	if n.path() != p {
-		return nil, errNotExists
-	}
-
-	if !n.isdir() {
-		return nil, errIsNotDir
-	}
-
-	var children []string
-	for _, child := range n.(*dir).children {
-		children = append(children, child.path())
-	}
-
-	sort.Strings(children)
-	return children, nil
-}
-
-// mkfile or return the existing one. returns an error if it exists and is a
-// directory. Essentially, this is open or create.
-func (d *dir) mkfile(p string) (*file, error) {
-	n := d.find(p)
-	if n.path() == p {
-		if n.isdir() {
-			return nil, errIsDir
-		}
-
-		return n.(*file), nil
-	}
-
-	dirpath, filename := path.Split(p)
-	// Make any non-existent directories
-	n, err := d.mkdirs(dirpath)
-	if err != nil {
-		return nil, err
-	}
-
-	dd := n.(*dir)
-	n = &file{
-		common: common{
-			p:   path.Join(dd.path(), filename),
-			mod: time.Now(),
-		},
-	}
-
-	dd.add(n)
-	return n.(*file), nil
-}
-
-// mkdirs creates any missing directory entries in p and returns the result.
-func (d *dir) mkdirs(p string) (*dir, error) {
-	p = normalize(p)
-
-	n := d.find(p)
-
-	if !n.isdir() {
-		// Found something there
-		return nil, errIsNotDir
-	}
-
-	if n.path() == p {
-		return n.(*dir), nil
-	}
-
-	dd := n.(*dir)
-
-	relative := strings.Trim(strings.TrimPrefix(p, n.path()), "/")
-
-	if relative == "" {
-		return dd, nil
-	}
-
-	components := strings.Split(relative, "/")
-	for _, component := range components {
-		d, err := dd.mkdir(component)
-
-		if err != nil {
-			// This should actually never happen, since there are no children.
-			return nil, err
-		}
-		dd = d
-	}
-
-	return dd, nil
-}
-
-// mkdir creates a child directory under d with the given name.
-func (d *dir) mkdir(name string) (*dir, error) {
-	if name == "" {
-		return nil, fmt.Errorf("invalid dirname")
-	}
-
-	_, ok := d.children[name]
-	if ok {
-		return nil, errExists
-	}
-
-	child := &dir{
-		common: common{
-			p:   path.Join(d.path(), name),
-			mod: time.Now(),
-		},
-	}
-	d.add(child)
-	d.mod = time.Now()
-
-	return child, nil
-}
-
-func (d *dir) move(src, dst string) error {
-	dstDirname, _ := path.Split(dst)
-
-	dp, err := d.mkdirs(dstDirname)
-	if err != nil {
-		return err
-	}
-
-	srcDirname, srcFilename := path.Split(src)
-	sp := d.find(srcDirname)
-
-	if normalize(srcDirname) != normalize(sp.path()) {
-		return errNotExists
-	}
-
-	spd, ok := sp.(*dir)
-	if !ok {
-		return errIsNotDir // paranoid.
-	}
-
-	s, ok := spd.children[srcFilename]
-	if !ok {
-		return errNotExists
-	}
-
-	delete(spd.children, srcFilename)
-
-	switch n := s.(type) {
-	case *dir:
-		n.p = dst
-	case *file:
-		n.p = dst
-	}
-
-	dp.add(s)
-
-	return nil
-}
-
-func (d *dir) delete(p string) error {
-	dirname, filename := path.Split(p)
-	parent := d.find(dirname)
-
-	if normalize(dirname) != normalize(parent.path()) {
-		return errNotExists
-	}
-
-	if _, ok := parent.(*dir).children[filename]; !ok {
-		return errNotExists
-	}
-
-	delete(parent.(*dir).children, filename)
-	return nil
-}
-
-func (d *dir) String() string {
-	return fmt.Sprintf("&dir{path: %v, children: %v}", d.p, d.children)
-}
-
-// file stores actual data in the fs tree. It acts like an open, seekable file
-// where operations are conducted through ReadAt and WriteAt. Use it with
-// SectionReader for the best effect.
-type file struct {
-	common
-	data []byte
-}
-
-var _ node = &file{}
-
-func (f *file) isdir() bool {
-	return false
-}
-
-func (f *file) truncate() {
-	f.data = f.data[:0]
-}
-
-func (f *file) sectionReader(offset int64) io.Reader {
-	return io.NewSectionReader(f, offset, int64(len(f.data))-offset)
-}
-
-func (f *file) ReadAt(p []byte, offset int64) (n int, err error) {
-	if offset >= int64(len(f.data)) {
-		return 0, io.EOF
-	}
-	return copy(p, f.data[offset:]), nil
-}
-
-func (f *file) WriteAt(p []byte, offset int64) (n int, err error) {
-	off := int(offset)
-	if cap(f.data) < off+len(p) {
-		data := make([]byte, len(f.data), off+len(p))
-		copy(data, f.data)
-		f.data = data
-	}
-
-	f.mod = time.Now()
-	f.data = f.data[:off+len(p)]
-
-	return copy(f.data[off:off+len(p)], p), nil
-}
-
-func (f *file) String() string {
-	return fmt.Sprintf("&file{path: %q}", f.p)
-}
-
-// common provides shared fields and methods for node implementations.
-type common struct {
-	p   string
-	mod time.Time
-}
-
-func (c *common) name() string {
-	_, name := path.Split(c.p)
-	return name
-}
-
-func (c *common) path() string {
-	return c.p
-}
-
-func (c *common) modtime() time.Time {
-	return c.mod
-}
-
-func normalize(p string) string {
-	return "/" + strings.Trim(p, "/")
-}
diff --git a/vendor/github.com/docker/distribution/registry/storage/driver/middleware/cloudfront/middleware.go b/vendor/github.com/docker/distribution/registry/storage/driver/middleware/cloudfront/middleware.go
deleted file mode 100644
index 632578310..000000000
--- a/vendor/github.com/docker/distribution/registry/storage/driver/middleware/cloudfront/middleware.go
+++ /dev/null
@@ -1,211 +0,0 @@
-// Package middleware - cloudfront wrapper for storage libs
-// N.B. currently only works with S3, not arbitrary sites
-package middleware
-
-import (
-	"context"
-	"crypto/x509"
-	"encoding/pem"
-	"fmt"
-	"io/ioutil"
-	"net/url"
-	"strings"
-	"time"
-
-	"github.com/aws/aws-sdk-go/service/cloudfront/sign"
-	dcontext "github.com/docker/distribution/context"
-	storagedriver "github.com/docker/distribution/registry/storage/driver"
-	storagemiddleware "github.com/docker/distribution/registry/storage/driver/middleware"
-)
-
-// cloudFrontStorageMiddleware provides a simple implementation of layerHandler that
-// constructs temporary signed CloudFront URLs from the storagedriver layer URL,
-// then issues HTTP Temporary Redirects to this CloudFront content URL.
-type cloudFrontStorageMiddleware struct {
-	storagedriver.StorageDriver
-	awsIPs    *awsIPs
-	urlSigner *sign.URLSigner
-	baseURL   string
-	duration  time.Duration
-}
-
-var _ storagedriver.StorageDriver = &cloudFrontStorageMiddleware{}
-
-// newCloudFrontLayerHandler constructs and returns a new CloudFront
-// LayerHandler implementation.
-// Required options: baseurl, privatekey, keypairid
-
-// Optional options: ipFilteredBy, awsregion
-// ipfilteredby: valid value "none|aws|awsregion". "none", do not filter any IP, default value. "aws", only aws IP goes
-//
-//	to S3 directly. "awsregion", only regions listed in awsregion options goes to S3 directly
-//
-// awsregion: a comma separated string of AWS regions.
-func newCloudFrontStorageMiddleware(storageDriver storagedriver.StorageDriver, options map[string]interface{}) (storagedriver.StorageDriver, error) {
-	// parse baseurl
-	base, ok := options["baseurl"]
-	if !ok {
-		return nil, fmt.Errorf("no baseurl provided")
-	}
-	baseURL, ok := base.(string)
-	if !ok {
-		return nil, fmt.Errorf("baseurl must be a string")
-	}
-	if !strings.Contains(baseURL, "://") {
-		baseURL = "https://" + baseURL
-	}
-	if !strings.HasSuffix(baseURL, "/") {
-		baseURL += "/"
-	}
-	if _, err := url.Parse(baseURL); err != nil {
-		return nil, fmt.Errorf("invalid baseurl: %v", err)
-	}
-
-	// parse privatekey to get pkPath
-	pk, ok := options["privatekey"]
-	if !ok {
-		return nil, fmt.Errorf("no privatekey provided")
-	}
-	pkPath, ok := pk.(string)
-	if !ok {
-		return nil, fmt.Errorf("privatekey must be a string")
-	}
-
-	// parse keypairid
-	kpid, ok := options["keypairid"]
-	if !ok {
-		return nil, fmt.Errorf("no keypairid provided")
-	}
-	keypairID, ok := kpid.(string)
-	if !ok {
-		return nil, fmt.Errorf("keypairid must be a string")
-	}
-
-	// get urlSigner from the file specified in pkPath
-	pkBytes, err := ioutil.ReadFile(pkPath)
-	if err != nil {
-		return nil, fmt.Errorf("failed to read privatekey file: %s", err)
-	}
-
-	block, _ := pem.Decode(pkBytes)
-	if block == nil {
-		return nil, fmt.Errorf("failed to decode private key as an rsa private key")
-	}
-	privateKey, err := x509.ParsePKCS1PrivateKey(block.Bytes)
-	if err != nil {
-		return nil, err
-	}
-	urlSigner := sign.NewURLSigner(keypairID, privateKey)
-
-	// parse duration
-	duration := 20 * time.Minute
-	if d, ok := options["duration"]; ok {
-		switch d := d.(type) {
-		case time.Duration:
-			duration = d
-		case string:
-			dur, err := time.ParseDuration(d)
-			if err != nil {
-				return nil, fmt.Errorf("invalid duration: %s", err)
-			}
-			duration = dur
-		}
-	}
-
-	// parse updatefrenquency
-	updateFrequency := defaultUpdateFrequency
-	if u, ok := options["updatefrenquency"]; ok {
-		switch u := u.(type) {
-		case time.Duration:
-			updateFrequency = u
-		case string:
-			updateFreq, err := time.ParseDuration(u)
-			if err != nil {
-				return nil, fmt.Errorf("invalid updatefrenquency: %s", err)
-			}
-			duration = updateFreq
-		}
-	}
-
-	// parse iprangesurl
-	ipRangesURL := defaultIPRangesURL
-	if i, ok := options["iprangesurl"]; ok {
-		if iprangeurl, ok := i.(string); ok {
-			ipRangesURL = iprangeurl
-		} else {
-			return nil, fmt.Errorf("iprangesurl must be a string")
-		}
-	}
-
-	// parse ipfilteredby
-	var awsIPs *awsIPs
-	if i, ok := options["ipfilteredby"]; ok {
-		if ipFilteredBy, ok := i.(string); ok {
-			switch strings.ToLower(strings.TrimSpace(ipFilteredBy)) {
-			case "", "none":
-				awsIPs = nil
-			case "aws":
-				awsIPs = newAWSIPs(ipRangesURL, updateFrequency, nil)
-			case "awsregion":
-				var awsRegion []string
-				if i, ok := options["awsregion"]; ok {
-					if regions, ok := i.(string); ok {
-						for _, awsRegions := range strings.Split(regions, ",") {
-							awsRegion = append(awsRegion, strings.ToLower(strings.TrimSpace(awsRegions)))
-						}
-						awsIPs = newAWSIPs(ipRangesURL, updateFrequency, awsRegion)
-					} else {
-						return nil, fmt.Errorf("awsRegion must be a comma separated string of valid aws regions")
-					}
-				} else {
-					return nil, fmt.Errorf("awsRegion is not defined")
-				}
-			default:
-				return nil, fmt.Errorf("ipfilteredby only allows a string the following value: none|aws|awsregion")
-			}
-		} else {
-			return nil, fmt.Errorf("ipfilteredby only allows a string with the following value: none|aws|awsregion")
-		}
-	}
-
-	return &cloudFrontStorageMiddleware{
-		StorageDriver: storageDriver,
-		urlSigner:     urlSigner,
-		baseURL:       baseURL,
-		duration:      duration,
-		awsIPs:        awsIPs,
-	}, nil
-}
-
-// S3BucketKeyer is any type that is capable of returning the S3 bucket key
-// which should be cached by AWS CloudFront.
-type S3BucketKeyer interface {
-	S3BucketKey(path string) string
-}
-
-// URLFor attempts to find a url which may be used to retrieve the file at the given path.
-// Returns an error if the file cannot be found.
-func (lh *cloudFrontStorageMiddleware) URLFor(ctx context.Context, path string, options map[string]interface{}) (string, error) {
-	// TODO(endophage): currently only supports S3
-	keyer, ok := lh.StorageDriver.(S3BucketKeyer)
-	if !ok {
-		dcontext.GetLogger(ctx).Warn("the CloudFront middleware does not support this backend storage driver")
-		return lh.StorageDriver.URLFor(ctx, path, options)
-	}
-
-	if eligibleForS3(ctx, lh.awsIPs) {
-		return lh.StorageDriver.URLFor(ctx, path, options)
-	}
-
-	// Get signed cloudfront url.
-	cfURL, err := lh.urlSigner.Sign(lh.baseURL+keyer.S3BucketKey(path), time.Now().Add(lh.duration))
-	if err != nil {
-		return "", err
-	}
-	return cfURL, nil
-}
-
-// init registers the cloudfront layerHandler backend.
-func init() {
-	storagemiddleware.Register("cloudfront", storagemiddleware.InitFunc(newCloudFrontStorageMiddleware))
-}
diff --git a/vendor/github.com/docker/distribution/registry/storage/driver/middleware/cloudfront/s3filter.go b/vendor/github.com/docker/distribution/registry/storage/driver/middleware/cloudfront/s3filter.go
deleted file mode 100644
index c8c7f5703..000000000
--- a/vendor/github.com/docker/distribution/registry/storage/driver/middleware/cloudfront/s3filter.go
+++ /dev/null
@@ -1,223 +0,0 @@
-package middleware
-
-import (
-	"context"
-	"encoding/json"
-	"fmt"
-	"io/ioutil"
-	"net"
-	"net/http"
-	"strings"
-	"sync"
-	"time"
-
-	dcontext "github.com/docker/distribution/context"
-)
-
-const (
-	// ipRangesURL is the URL to get definition of AWS IPs
-	defaultIPRangesURL = "https://ip-ranges.amazonaws.com/ip-ranges.json"
-	// updateFrequency tells how frequently AWS IPs need to be updated
-	defaultUpdateFrequency = time.Hour * 12
-)
-
-// newAWSIPs returns a New awsIP object.
-// If awsRegion is `nil`, it accepts any region. Otherwise, it only allow the regions specified
-func newAWSIPs(host string, updateFrequency time.Duration, awsRegion []string) *awsIPs {
-	ips := &awsIPs{
-		host:            host,
-		updateFrequency: updateFrequency,
-		awsRegion:       awsRegion,
-		updaterStopChan: make(chan bool),
-	}
-	if err := ips.tryUpdate(); err != nil {
-		dcontext.GetLogger(context.Background()).WithError(err).Warn("failed to update AWS IP")
-	}
-	go ips.updater()
-	return ips
-}
-
-// awsIPs tracks a list of AWS ips, filtered by awsRegion
-type awsIPs struct {
-	host            string
-	updateFrequency time.Duration
-	ipv4            []net.IPNet
-	ipv6            []net.IPNet
-	mutex           sync.RWMutex
-	awsRegion       []string
-	updaterStopChan chan bool
-	initialized     bool
-}
-
-type awsIPResponse struct {
-	Prefixes   []prefixEntry `json:"prefixes"`
-	V6Prefixes []prefixEntry `json:"ipv6_prefixes"`
-}
-
-type prefixEntry struct {
-	IPV4Prefix string `json:"ip_prefix"`
-	IPV6Prefix string `json:"ipv6_prefix"`
-	Region     string `json:"region"`
-	Service    string `json:"service"`
-}
-
-func fetchAWSIPs(url string) (awsIPResponse, error) {
-	var response awsIPResponse
-	resp, err := http.Get(url)
-	if err != nil {
-		return response, err
-	}
-	if resp.StatusCode != 200 {
-		body, _ := ioutil.ReadAll(resp.Body)
-		return response, fmt.Errorf("failed to fetch network data. response = %s", body)
-	}
-	decoder := json.NewDecoder(resp.Body)
-	err = decoder.Decode(&response)
-	if err != nil {
-		return response, err
-	}
-	return response, nil
-}
-
-// tryUpdate attempts to download the new set of ip addresses.
-// tryUpdate must be thread safe with contains
-func (s *awsIPs) tryUpdate() error {
-	response, err := fetchAWSIPs(s.host)
-	if err != nil {
-		return err
-	}
-
-	var ipv4 []net.IPNet
-	var ipv6 []net.IPNet
-
-	processAddress := func(output *[]net.IPNet, prefix string, region string) {
-		regionAllowed := false
-		if len(s.awsRegion) > 0 {
-			for _, ar := range s.awsRegion {
-				if strings.ToLower(region) == ar {
-					regionAllowed = true
-					break
-				}
-			}
-		} else {
-			regionAllowed = true
-		}
-
-		_, network, err := net.ParseCIDR(prefix)
-		if err != nil {
-			dcontext.GetLoggerWithFields(dcontext.Background(), map[interface{}]interface{}{
-				"cidr": prefix,
-			}).Error("unparseable cidr")
-			return
-		}
-		if regionAllowed {
-			*output = append(*output, *network)
-		}
-
-	}
-
-	for _, prefix := range response.Prefixes {
-		processAddress(&ipv4, prefix.IPV4Prefix, prefix.Region)
-	}
-	for _, prefix := range response.V6Prefixes {
-		processAddress(&ipv6, prefix.IPV6Prefix, prefix.Region)
-	}
-	s.mutex.Lock()
-	defer s.mutex.Unlock()
-	// Update each attr of awsips atomically.
-	s.ipv4 = ipv4
-	s.ipv6 = ipv6
-	s.initialized = true
-	return nil
-}
-
-// This function is meant to be run in a background goroutine.
-// It will periodically update the ips from aws.
-func (s *awsIPs) updater() {
-	defer close(s.updaterStopChan)
-	for {
-		time.Sleep(s.updateFrequency)
-		select {
-		case <-s.updaterStopChan:
-			dcontext.GetLogger(context.Background()).Info("aws ip updater received stop signal")
-			return
-		default:
-			err := s.tryUpdate()
-			if err != nil {
-				dcontext.GetLogger(context.Background()).WithError(err).Error("git  AWS IP")
-			}
-		}
-	}
-}
-
-// getCandidateNetworks returns either the ipv4 or ipv6 networks
-// that were last read from aws. The networks returned
-// have the same type as the ip address provided.
-func (s *awsIPs) getCandidateNetworks(ip net.IP) []net.IPNet {
-	s.mutex.RLock()
-	defer s.mutex.RUnlock()
-	if ip.To4() != nil {
-		return s.ipv4
-	} else if ip.To16() != nil {
-		return s.ipv6
-	} else {
-		dcontext.GetLoggerWithFields(dcontext.Background(), map[interface{}]interface{}{
-			"ip": ip,
-		}).Error("unknown ip address format")
-		// assume mismatch, pass through cloudfront
-		return nil
-	}
-}
-
-// Contains determines whether the host is within aws.
-func (s *awsIPs) contains(ip net.IP) bool {
-	networks := s.getCandidateNetworks(ip)
-	for _, network := range networks {
-		if network.Contains(ip) {
-			return true
-		}
-	}
-	return false
-}
-
-// parseIPFromRequest attempts to extract the ip address of the
-// client that made the request
-func parseIPFromRequest(ctx context.Context) (net.IP, error) {
-	request, err := dcontext.GetRequest(ctx)
-	if err != nil {
-		return nil, err
-	}
-	ipStr := dcontext.RemoteIP(request)
-	ip := net.ParseIP(ipStr)
-	if ip == nil {
-		return nil, fmt.Errorf("invalid ip address from requester: %s", ipStr)
-	}
-
-	return ip, nil
-}
-
-// eligibleForS3 checks if a request is eligible for using S3 directly
-// Return true only when the IP belongs to a specific aws region and user-agent is docker
-func eligibleForS3(ctx context.Context, awsIPs *awsIPs) bool {
-	if awsIPs != nil && awsIPs.initialized {
-		if addr, err := parseIPFromRequest(ctx); err == nil {
-			request, err := dcontext.GetRequest(ctx)
-			if err != nil {
-				dcontext.GetLogger(ctx).Warnf("the CloudFront middleware cannot parse the request: %s", err)
-			} else {
-				loggerField := map[interface{}]interface{}{
-					"user-client": request.UserAgent(),
-					"ip":          dcontext.RemoteIP(request),
-				}
-				if awsIPs.contains(addr) {
-					dcontext.GetLoggerWithFields(ctx, loggerField).Info("request from the allowed AWS region, skipping CloudFront")
-					return true
-				}
-				dcontext.GetLoggerWithFields(ctx, loggerField).Warn("request not from the allowed AWS region, fallback to CloudFront")
-			}
-		} else {
-			dcontext.GetLogger(ctx).WithError(err).Warn("failed to parse ip address from context, fallback to CloudFront")
-		}
-	}
-	return false
-}
diff --git a/vendor/github.com/docker/distribution/registry/storage/driver/middleware/redirect/middleware.go b/vendor/github.com/docker/distribution/registry/storage/driver/middleware/redirect/middleware.go
deleted file mode 100644
index 8f63674c6..000000000
--- a/vendor/github.com/docker/distribution/registry/storage/driver/middleware/redirect/middleware.go
+++ /dev/null
@@ -1,50 +0,0 @@
-package middleware
-
-import (
-	"context"
-	"fmt"
-	"net/url"
-
-	storagedriver "github.com/docker/distribution/registry/storage/driver"
-	storagemiddleware "github.com/docker/distribution/registry/storage/driver/middleware"
-)
-
-type redirectStorageMiddleware struct {
-	storagedriver.StorageDriver
-	scheme string
-	host   string
-}
-
-var _ storagedriver.StorageDriver = &redirectStorageMiddleware{}
-
-func newRedirectStorageMiddleware(sd storagedriver.StorageDriver, options map[string]interface{}) (storagedriver.StorageDriver, error) {
-	o, ok := options["baseurl"]
-	if !ok {
-		return nil, fmt.Errorf("no baseurl provided")
-	}
-	b, ok := o.(string)
-	if !ok {
-		return nil, fmt.Errorf("baseurl must be a string")
-	}
-	u, err := url.Parse(b)
-	if err != nil {
-		return nil, fmt.Errorf("unable to parse redirect baseurl: %s", b)
-	}
-	if u.Scheme == "" {
-		return nil, fmt.Errorf("no scheme specified for redirect baseurl")
-	}
-	if u.Host == "" {
-		return nil, fmt.Errorf("no host specified for redirect baseurl")
-	}
-
-	return &redirectStorageMiddleware{StorageDriver: sd, scheme: u.Scheme, host: u.Host}, nil
-}
-
-func (r *redirectStorageMiddleware) URLFor(ctx context.Context, path string, options map[string]interface{}) (string, error) {
-	u := &url.URL{Scheme: r.scheme, Host: r.host, Path: path}
-	return u.String(), nil
-}
-
-func init() {
-	storagemiddleware.Register("redirect", storagemiddleware.InitFunc(newRedirectStorageMiddleware))
-}
diff --git a/vendor/github.com/docker/distribution/registry/storage/driver/middleware/storagemiddleware.go b/vendor/github.com/docker/distribution/registry/storage/driver/middleware/storagemiddleware.go
deleted file mode 100644
index 7e40a8dd9..000000000
--- a/vendor/github.com/docker/distribution/registry/storage/driver/middleware/storagemiddleware.go
+++ /dev/null
@@ -1,39 +0,0 @@
-package storagemiddleware
-
-import (
-	"fmt"
-
-	storagedriver "github.com/docker/distribution/registry/storage/driver"
-)
-
-// InitFunc is the type of a StorageMiddleware factory function and is
-// used to register the constructor for different StorageMiddleware backends.
-type InitFunc func(storageDriver storagedriver.StorageDriver, options map[string]interface{}) (storagedriver.StorageDriver, error)
-
-var storageMiddlewares map[string]InitFunc
-
-// Register is used to register an InitFunc for
-// a StorageMiddleware backend with the given name.
-func Register(name string, initFunc InitFunc) error {
-	if storageMiddlewares == nil {
-		storageMiddlewares = make(map[string]InitFunc)
-	}
-	if _, exists := storageMiddlewares[name]; exists {
-		return fmt.Errorf("name already registered: %s", name)
-	}
-
-	storageMiddlewares[name] = initFunc
-
-	return nil
-}
-
-// Get constructs a StorageMiddleware with the given options using the named backend.
-func Get(name string, options map[string]interface{}, storageDriver storagedriver.StorageDriver) (storagedriver.StorageDriver, error) {
-	if storageMiddlewares != nil {
-		if initFunc, exists := storageMiddlewares[name]; exists {
-			return initFunc(storageDriver, options)
-		}
-	}
-
-	return nil, fmt.Errorf("no storage middleware registered with name: %s", name)
-}
diff --git a/vendor/github.com/docker/distribution/registry/storage/driver/oss/doc.go b/vendor/github.com/docker/distribution/registry/storage/driver/oss/doc.go
deleted file mode 100644
index d1bc932f8..000000000
--- a/vendor/github.com/docker/distribution/registry/storage/driver/oss/doc.go
+++ /dev/null
@@ -1,3 +0,0 @@
-// Package oss implements the Aliyun OSS Storage driver backend. Support can be
-// enabled by including the "include_oss" build tag.
-package oss
diff --git a/vendor/github.com/docker/distribution/registry/storage/driver/oss/oss.go b/vendor/github.com/docker/distribution/registry/storage/driver/oss/oss.go
deleted file mode 100644
index 8738b1e0c..000000000
--- a/vendor/github.com/docker/distribution/registry/storage/driver/oss/oss.go
+++ /dev/null
@@ -1,695 +0,0 @@
-// Package oss provides a storagedriver.StorageDriver implementation to
-// store blobs in Aliyun OSS cloud storage.
-//
-// This package leverages the denverdino/aliyungo client library for interfacing with
-// oss.
-//
-// Because OSS is a key, value store the Stat call does not support last modification
-// time for directories (directories are an abstraction for key, value stores)
-//
-//go:build include_oss
-// +build include_oss
-
-package oss
-
-import (
-	"bytes"
-	"context"
-	"fmt"
-	"io"
-	"io/ioutil"
-	"net/http"
-	"reflect"
-	"strconv"
-	"strings"
-	"time"
-
-	"github.com/denverdino/aliyungo/oss"
-	storagedriver "github.com/docker/distribution/registry/storage/driver"
-	"github.com/docker/distribution/registry/storage/driver/base"
-	"github.com/docker/distribution/registry/storage/driver/factory"
-	"github.com/sirupsen/logrus"
-)
-
-const driverName = "oss"
-
-// minChunkSize defines the minimum multipart upload chunk size
-// OSS API requires multipart upload chunks to be at least 5MB
-const minChunkSize = 5 << 20
-
-const defaultChunkSize = 2 * minChunkSize
-const defaultTimeout = 2 * time.Minute // 2 minute timeout per chunk
-
-// listMax is the largest amount of objects you can request from OSS in a list call
-const listMax = 1000
-
-//DriverParameters A struct that encapsulates all of the driver parameters after all values have been set
-type DriverParameters struct {
-	AccessKeyID     string
-	AccessKeySecret string
-	Bucket          string
-	Region          oss.Region
-	Internal        bool
-	Encrypt         bool
-	Secure          bool
-	ChunkSize       int64
-	RootDirectory   string
-	Endpoint        string
-}
-
-func init() {
-	factory.Register(driverName, &ossDriverFactory{})
-}
-
-// ossDriverFactory implements the factory.StorageDriverFactory interface
-type ossDriverFactory struct{}
-
-func (factory *ossDriverFactory) Create(parameters map[string]interface{}) (storagedriver.StorageDriver, error) {
-	return FromParameters(parameters)
-}
-
-type driver struct {
-	Client        *oss.Client
-	Bucket        *oss.Bucket
-	ChunkSize     int64
-	Encrypt       bool
-	RootDirectory string
-}
-
-type baseEmbed struct {
-	base.Base
-}
-
-// Driver is a storagedriver.StorageDriver implementation backed by Aliyun OSS
-// Objects are stored at absolute keys in the provided bucket.
-type Driver struct {
-	baseEmbed
-}
-
-// FromParameters constructs a new Driver with a given parameters map
-// Required parameters:
-// - accesskey
-// - secretkey
-// - region
-// - bucket
-// - encrypt
-func FromParameters(parameters map[string]interface{}) (*Driver, error) {
-	// Providing no values for these is valid in case the user is authenticating
-
-	accessKey, ok := parameters["accesskeyid"]
-	if !ok {
-		return nil, fmt.Errorf("No accesskeyid parameter provided")
-	}
-	secretKey, ok := parameters["accesskeysecret"]
-	if !ok {
-		return nil, fmt.Errorf("No accesskeysecret parameter provided")
-	}
-
-	regionName, ok := parameters["region"]
-	if !ok || fmt.Sprint(regionName) == "" {
-		return nil, fmt.Errorf("No region parameter provided")
-	}
-
-	bucket, ok := parameters["bucket"]
-	if !ok || fmt.Sprint(bucket) == "" {
-		return nil, fmt.Errorf("No bucket parameter provided")
-	}
-
-	internalBool := false
-	internal, ok := parameters["internal"]
-	if ok {
-		internalBool, ok = internal.(bool)
-		if !ok {
-			return nil, fmt.Errorf("The internal parameter should be a boolean")
-		}
-	}
-
-	encryptBool := false
-	encrypt, ok := parameters["encrypt"]
-	if ok {
-		encryptBool, ok = encrypt.(bool)
-		if !ok {
-			return nil, fmt.Errorf("The encrypt parameter should be a boolean")
-		}
-	}
-
-	secureBool := true
-	secure, ok := parameters["secure"]
-	if ok {
-		secureBool, ok = secure.(bool)
-		if !ok {
-			return nil, fmt.Errorf("The secure parameter should be a boolean")
-		}
-	}
-
-	chunkSize := int64(defaultChunkSize)
-	chunkSizeParam, ok := parameters["chunksize"]
-	if ok {
-		switch v := chunkSizeParam.(type) {
-		case string:
-			vv, err := strconv.ParseInt(v, 0, 64)
-			if err != nil {
-				return nil, fmt.Errorf("chunksize parameter must be an integer, %v invalid", chunkSizeParam)
-			}
-			chunkSize = vv
-		case int64:
-			chunkSize = v
-		case int, uint, int32, uint32, uint64:
-			chunkSize = reflect.ValueOf(v).Convert(reflect.TypeOf(chunkSize)).Int()
-		default:
-			return nil, fmt.Errorf("invalid valud for chunksize: %#v", chunkSizeParam)
-		}
-
-		if chunkSize < minChunkSize {
-			return nil, fmt.Errorf("The chunksize %#v parameter should be a number that is larger than or equal to %d", chunkSize, minChunkSize)
-		}
-	}
-
-	rootDirectory, ok := parameters["rootdirectory"]
-	if !ok {
-		rootDirectory = ""
-	}
-
-	endpoint, ok := parameters["endpoint"]
-	if !ok {
-		endpoint = ""
-	}
-
-	params := DriverParameters{
-		AccessKeyID:     fmt.Sprint(accessKey),
-		AccessKeySecret: fmt.Sprint(secretKey),
-		Bucket:          fmt.Sprint(bucket),
-		Region:          oss.Region(fmt.Sprint(regionName)),
-		ChunkSize:       chunkSize,
-		RootDirectory:   fmt.Sprint(rootDirectory),
-		Encrypt:         encryptBool,
-		Secure:          secureBool,
-		Internal:        internalBool,
-		Endpoint:        fmt.Sprint(endpoint),
-	}
-
-	return New(params)
-}
-
-// New constructs a new Driver with the given Aliyun credentials, region, encryption flag, and
-// bucketName
-func New(params DriverParameters) (*Driver, error) {
-
-	client := oss.NewOSSClient(params.Region, params.Internal, params.AccessKeyID, params.AccessKeySecret, params.Secure)
-	client.SetEndpoint(params.Endpoint)
-	bucket := client.Bucket(params.Bucket)
-	client.SetDebug(false)
-
-	// Validate that the given credentials have at least read permissions in the
-	// given bucket scope.
-	if _, err := bucket.List(strings.TrimRight(params.RootDirectory, "/"), "", "", 1); err != nil {
-		return nil, err
-	}
-
-	// TODO(tg123): Currently multipart uploads have no timestamps, so this would be unwise
-	// if you initiated a new OSS client while another one is running on the same bucket.
-
-	d := &driver{
-		Client:        client,
-		Bucket:        bucket,
-		ChunkSize:     params.ChunkSize,
-		Encrypt:       params.Encrypt,
-		RootDirectory: params.RootDirectory,
-	}
-
-	return &Driver{
-		baseEmbed: baseEmbed{
-			Base: base.Base{
-				StorageDriver: d,
-			},
-		},
-	}, nil
-}
-
-// Implement the storagedriver.StorageDriver interface
-
-func (d *driver) Name() string {
-	return driverName
-}
-
-// GetContent retrieves the content stored at "path" as a []byte.
-func (d *driver) GetContent(ctx context.Context, path string) ([]byte, error) {
-	content, err := d.Bucket.Get(d.ossPath(path))
-	if err != nil {
-		return nil, parseError(path, err)
-	}
-	return content, nil
-}
-
-// PutContent stores the []byte content at a location designated by "path".
-func (d *driver) PutContent(ctx context.Context, path string, contents []byte) error {
-	return parseError(path, d.Bucket.Put(d.ossPath(path), contents, d.getContentType(), getPermissions(), d.getOptions()))
-}
-
-// Reader retrieves an io.ReadCloser for the content stored at "path" with a
-// given byte offset.
-func (d *driver) Reader(ctx context.Context, path string, offset int64) (io.ReadCloser, error) {
-	headers := make(http.Header)
-	headers.Add("Range", "bytes="+strconv.FormatInt(offset, 10)+"-")
-
-	resp, err := d.Bucket.GetResponseWithHeaders(d.ossPath(path), headers)
-	if err != nil {
-		return nil, parseError(path, err)
-	}
-
-	// Due to Aliyun OSS API, status 200 and whole object will be return instead of an
-	// InvalidRange error when range is invalid.
-	//
-	// OSS sever will always return http.StatusPartialContent if range is acceptable.
-	if resp.StatusCode != http.StatusPartialContent {
-		resp.Body.Close()
-		return ioutil.NopCloser(bytes.NewReader(nil)), nil
-	}
-
-	return resp.Body, nil
-}
-
-// Writer returns a FileWriter which will store the content written to it
-// at the location designated by "path" after the call to Commit.
-func (d *driver) Writer(ctx context.Context, path string, append bool) (storagedriver.FileWriter, error) {
-	key := d.ossPath(path)
-	if !append {
-		// TODO (brianbland): cancel other uploads at this path
-		multi, err := d.Bucket.InitMulti(key, d.getContentType(), getPermissions(), d.getOptions())
-		if err != nil {
-			return nil, err
-		}
-		return d.newWriter(key, multi, nil), nil
-	}
-	multis, _, err := d.Bucket.ListMulti(key, "")
-	if err != nil {
-		return nil, parseError(path, err)
-	}
-	for _, multi := range multis {
-		if key != multi.Key {
-			continue
-		}
-		parts, err := multi.ListParts()
-		if err != nil {
-			return nil, parseError(path, err)
-		}
-		var multiSize int64
-		for _, part := range parts {
-			multiSize += part.Size
-		}
-		return d.newWriter(key, multi, parts), nil
-	}
-	return nil, storagedriver.PathNotFoundError{Path: path}
-}
-
-// Stat retrieves the FileInfo for the given path, including the current size
-// in bytes and the creation time.
-func (d *driver) Stat(ctx context.Context, path string) (storagedriver.FileInfo, error) {
-	listResponse, err := d.Bucket.List(d.ossPath(path), "", "", 1)
-	if err != nil {
-		return nil, err
-	}
-
-	fi := storagedriver.FileInfoFields{
-		Path: path,
-	}
-
-	if len(listResponse.Contents) == 1 {
-		if listResponse.Contents[0].Key != d.ossPath(path) {
-			fi.IsDir = true
-		} else {
-			fi.IsDir = false
-			fi.Size = listResponse.Contents[0].Size
-
-			timestamp, err := time.Parse(time.RFC3339Nano, listResponse.Contents[0].LastModified)
-			if err != nil {
-				return nil, err
-			}
-			fi.ModTime = timestamp
-		}
-	} else if len(listResponse.CommonPrefixes) == 1 {
-		fi.IsDir = true
-	} else {
-		return nil, storagedriver.PathNotFoundError{Path: path}
-	}
-
-	return storagedriver.FileInfoInternal{FileInfoFields: fi}, nil
-}
-
-// List returns a list of the objects that are direct descendants of the given path.
-func (d *driver) List(ctx context.Context, opath string) ([]string, error) {
-	path := opath
-	if path != "/" && opath[len(path)-1] != '/' {
-		path = path + "/"
-	}
-
-	// This is to cover for the cases when the rootDirectory of the driver is either "" or "/".
-	// In those cases, there is no root prefix to replace and we must actually add a "/" to all
-	// results in order to keep them as valid paths as recognized by storagedriver.PathRegexp
-	prefix := ""
-	if d.ossPath("") == "" {
-		prefix = "/"
-	}
-
-	ossPath := d.ossPath(path)
-	listResponse, err := d.Bucket.List(ossPath, "/", "", listMax)
-	if err != nil {
-		return nil, parseError(opath, err)
-	}
-
-	files := []string{}
-	directories := []string{}
-
-	for {
-		for _, key := range listResponse.Contents {
-			files = append(files, strings.Replace(key.Key, d.ossPath(""), prefix, 1))
-		}
-
-		for _, commonPrefix := range listResponse.CommonPrefixes {
-			directories = append(directories, strings.Replace(commonPrefix[0:len(commonPrefix)-1], d.ossPath(""), prefix, 1))
-		}
-
-		if listResponse.IsTruncated {
-			listResponse, err = d.Bucket.List(ossPath, "/", listResponse.NextMarker, listMax)
-			if err != nil {
-				return nil, err
-			}
-		} else {
-			break
-		}
-	}
-
-	// This is to cover for the cases when the first key equal to ossPath.
-	if len(files) > 0 && files[0] == strings.Replace(ossPath, d.ossPath(""), prefix, 1) {
-		files = files[1:]
-	}
-
-	if opath != "/" {
-		if len(files) == 0 && len(directories) == 0 {
-			// Treat empty response as missing directory, since we don't actually
-			// have directories in s3.
-			return nil, storagedriver.PathNotFoundError{Path: opath}
-		}
-	}
-
-	return append(files, directories...), nil
-}
-
-const maxConcurrency = 10
-
-// Move moves an object stored at sourcePath to destPath, removing the original
-// object.
-func (d *driver) Move(ctx context.Context, sourcePath string, destPath string) error {
-	logrus.Infof("Move from %s to %s", d.ossPath(sourcePath), d.ossPath(destPath))
-	err := d.Bucket.CopyLargeFileInParallel(d.ossPath(sourcePath), d.ossPath(destPath),
-		d.getContentType(),
-		getPermissions(),
-		oss.Options{},
-		maxConcurrency)
-	if err != nil {
-		logrus.Errorf("Failed for move from %s to %s: %v", d.ossPath(sourcePath), d.ossPath(destPath), err)
-		return parseError(sourcePath, err)
-	}
-
-	return d.Delete(ctx, sourcePath)
-}
-
-// Delete recursively deletes all objects stored at "path" and its subpaths.
-func (d *driver) Delete(ctx context.Context, path string) error {
-	ossPath := d.ossPath(path)
-	listResponse, err := d.Bucket.List(ossPath, "", "", listMax)
-	if err != nil || len(listResponse.Contents) == 0 {
-		return storagedriver.PathNotFoundError{Path: path}
-	}
-
-	ossObjects := make([]oss.Object, listMax)
-
-	for len(listResponse.Contents) > 0 {
-		numOssObjects := len(listResponse.Contents)
-		for index, key := range listResponse.Contents {
-			// Stop if we encounter a key that is not a subpath (so that deleting "/a" does not delete "/ab").
-			if len(key.Key) > len(ossPath) && (key.Key)[len(ossPath)] != '/' {
-				numOssObjects = index
-				break
-			}
-			ossObjects[index].Key = key.Key
-		}
-
-		err := d.Bucket.DelMulti(oss.Delete{Quiet: false, Objects: ossObjects[0:numOssObjects]})
-		if err != nil {
-			return nil
-		}
-
-		if numOssObjects < len(listResponse.Contents) {
-			return nil
-		}
-
-		listResponse, err = d.Bucket.List(d.ossPath(path), "", "", listMax)
-		if err != nil {
-			return err
-		}
-	}
-
-	return nil
-}
-
-// URLFor returns a URL which may be used to retrieve the content stored at the given path.
-// May return an UnsupportedMethodErr in certain StorageDriver implementations.
-func (d *driver) URLFor(ctx context.Context, path string, options map[string]interface{}) (string, error) {
-	methodString := "GET"
-	method, ok := options["method"]
-	if ok {
-		methodString, ok = method.(string)
-		if !ok || (methodString != "GET") {
-			return "", storagedriver.ErrUnsupportedMethod{}
-		}
-	}
-
-	expiresTime := time.Now().Add(20 * time.Minute)
-
-	expires, ok := options["expiry"]
-	if ok {
-		et, ok := expires.(time.Time)
-		if ok {
-			expiresTime = et
-		}
-	}
-	logrus.Infof("methodString: %s, expiresTime: %v", methodString, expiresTime)
-	signedURL := d.Bucket.SignedURLWithMethod(methodString, d.ossPath(path), expiresTime, nil, nil)
-	logrus.Infof("signed URL: %s", signedURL)
-	return signedURL, nil
-}
-
-// Walk traverses a filesystem defined within driver, starting
-// from the given path, calling f on each file
-func (d *driver) Walk(ctx context.Context, path string, f storagedriver.WalkFn) error {
-	return storagedriver.WalkFallback(ctx, d, path, f)
-}
-
-func (d *driver) ossPath(path string) string {
-	return strings.TrimLeft(strings.TrimRight(d.RootDirectory, "/")+path, "/")
-}
-
-func parseError(path string, err error) error {
-	if ossErr, ok := err.(*oss.Error); ok && ossErr.StatusCode == http.StatusNotFound && (ossErr.Code == "NoSuchKey" || ossErr.Code == "") {
-		return storagedriver.PathNotFoundError{Path: path}
-	}
-
-	return err
-}
-
-func hasCode(err error, code string) bool {
-	ossErr, ok := err.(*oss.Error)
-	return ok && ossErr.Code == code
-}
-
-func (d *driver) getOptions() oss.Options {
-	return oss.Options{ServerSideEncryption: d.Encrypt}
-}
-
-func getPermissions() oss.ACL {
-	return oss.Private
-}
-
-func (d *driver) getContentType() string {
-	return "application/octet-stream"
-}
-
-// writer attempts to upload parts to S3 in a buffered fashion where the last
-// part is at least as large as the chunksize, so the multipart upload could be
-// cleanly resumed in the future. This is violated if Close is called after less
-// than a full chunk is written.
-type writer struct {
-	driver      *driver
-	key         string
-	multi       *oss.Multi
-	parts       []oss.Part
-	size        int64
-	readyPart   []byte
-	pendingPart []byte
-	closed      bool
-	committed   bool
-	cancelled   bool
-}
-
-func (d *driver) newWriter(key string, multi *oss.Multi, parts []oss.Part) storagedriver.FileWriter {
-	var size int64
-	for _, part := range parts {
-		size += part.Size
-	}
-	return &writer{
-		driver: d,
-		key:    key,
-		multi:  multi,
-		parts:  parts,
-		size:   size,
-	}
-}
-
-func (w *writer) Write(p []byte) (int, error) {
-	if w.closed {
-		return 0, fmt.Errorf("already closed")
-	} else if w.committed {
-		return 0, fmt.Errorf("already committed")
-	} else if w.cancelled {
-		return 0, fmt.Errorf("already cancelled")
-	}
-
-	// If the last written part is smaller than minChunkSize, we need to make a
-	// new multipart upload :sadface:
-	if len(w.parts) > 0 && int(w.parts[len(w.parts)-1].Size) < minChunkSize {
-		err := w.multi.Complete(w.parts)
-		if err != nil {
-			w.multi.Abort()
-			return 0, err
-		}
-
-		multi, err := w.driver.Bucket.InitMulti(w.key, w.driver.getContentType(), getPermissions(), w.driver.getOptions())
-		if err != nil {
-			return 0, err
-		}
-		w.multi = multi
-
-		// If the entire written file is smaller than minChunkSize, we need to make
-		// a new part from scratch :double sad face:
-		if w.size < minChunkSize {
-			contents, err := w.driver.Bucket.Get(w.key)
-			if err != nil {
-				return 0, err
-			}
-			w.parts = nil
-			w.readyPart = contents
-		} else {
-			// Otherwise we can use the old file as the new first part
-			_, part, err := multi.PutPartCopy(1, oss.CopyOptions{}, w.driver.Bucket.Name+"/"+w.key)
-			if err != nil {
-				return 0, err
-			}
-			w.parts = []oss.Part{part}
-		}
-	}
-
-	var n int
-
-	for len(p) > 0 {
-		// If no parts are ready to write, fill up the first part
-		if neededBytes := int(w.driver.ChunkSize) - len(w.readyPart); neededBytes > 0 {
-			if len(p) >= neededBytes {
-				w.readyPart = append(w.readyPart, p[:neededBytes]...)
-				n += neededBytes
-				p = p[neededBytes:]
-			} else {
-				w.readyPart = append(w.readyPart, p...)
-				n += len(p)
-				p = nil
-			}
-		}
-
-		if neededBytes := int(w.driver.ChunkSize) - len(w.pendingPart); neededBytes > 0 {
-			if len(p) >= neededBytes {
-				w.pendingPart = append(w.pendingPart, p[:neededBytes]...)
-				n += neededBytes
-				p = p[neededBytes:]
-				err := w.flushPart()
-				if err != nil {
-					w.size += int64(n)
-					return n, err
-				}
-			} else {
-				w.pendingPart = append(w.pendingPart, p...)
-				n += len(p)
-				p = nil
-			}
-		}
-	}
-	w.size += int64(n)
-	return n, nil
-}
-
-func (w *writer) Size() int64 {
-	return w.size
-}
-
-func (w *writer) Close() error {
-	if w.closed {
-		return fmt.Errorf("already closed")
-	}
-	w.closed = true
-	return w.flushPart()
-}
-
-func (w *writer) Cancel() error {
-	if w.closed {
-		return fmt.Errorf("already closed")
-	} else if w.committed {
-		return fmt.Errorf("already committed")
-	}
-	w.cancelled = true
-	err := w.multi.Abort()
-	return err
-}
-
-func (w *writer) Commit() error {
-	if w.closed {
-		return fmt.Errorf("already closed")
-	} else if w.committed {
-		return fmt.Errorf("already committed")
-	} else if w.cancelled {
-		return fmt.Errorf("already cancelled")
-	}
-	err := w.flushPart()
-	if err != nil {
-		return err
-	}
-	w.committed = true
-	err = w.multi.Complete(w.parts)
-	if err != nil {
-		w.multi.Abort()
-		return err
-	}
-	return nil
-}
-
-// flushPart flushes buffers to write a part to S3.
-// Only called by Write (with both buffers full) and Close/Commit (always)
-func (w *writer) flushPart() error {
-	if len(w.readyPart) == 0 && len(w.pendingPart) == 0 {
-		// nothing to write
-		return nil
-	}
-	if len(w.pendingPart) < int(w.driver.ChunkSize) {
-		// closing with a small pending part
-		// combine ready and pending to avoid writing a small part
-		w.readyPart = append(w.readyPart, w.pendingPart...)
-		w.pendingPart = nil
-	}
-
-	part, err := w.multi.PutPart(len(w.parts)+1, bytes.NewReader(w.readyPart))
-	if err != nil {
-		return err
-	}
-	w.parts = append(w.parts, part)
-	w.readyPart = w.pendingPart
-	w.pendingPart = nil
-	return nil
-}
diff --git a/vendor/github.com/docker/distribution/registry/storage/driver/s3-aws/s3.go b/vendor/github.com/docker/distribution/registry/storage/driver/s3-aws/s3.go
deleted file mode 100644
index 77b821f82..000000000
--- a/vendor/github.com/docker/distribution/registry/storage/driver/s3-aws/s3.go
+++ /dev/null
@@ -1,1371 +0,0 @@
-// Package s3 provides a storagedriver.StorageDriver implementation to
-// store blobs in Amazon S3 cloud storage.
-//
-// This package leverages the official aws client library for interfacing with
-// S3.
-//
-// Because S3 is a key, value store the Stat call does not support last modification
-// time for directories (directories are an abstraction for key, value stores)
-//
-// Keep in mind that S3 guarantees only read-after-write consistency for new
-// objects, but no read-after-update or list-after-write consistency.
-package s3
-
-import (
-	"bytes"
-	"context"
-	"crypto/tls"
-	"fmt"
-	"io"
-	"io/ioutil"
-	"math"
-	"net/http"
-	"reflect"
-	"sort"
-	"strconv"
-	"strings"
-	"time"
-
-	"github.com/aws/aws-sdk-go/aws"
-	"github.com/aws/aws-sdk-go/aws/awserr"
-	"github.com/aws/aws-sdk-go/aws/credentials"
-	"github.com/aws/aws-sdk-go/aws/credentials/ec2rolecreds"
-	"github.com/aws/aws-sdk-go/aws/ec2metadata"
-	"github.com/aws/aws-sdk-go/aws/endpoints"
-	"github.com/aws/aws-sdk-go/aws/request"
-	"github.com/aws/aws-sdk-go/aws/session"
-	"github.com/aws/aws-sdk-go/service/s3"
-
-	dcontext "github.com/docker/distribution/context"
-	"github.com/docker/distribution/registry/client/transport"
-	storagedriver "github.com/docker/distribution/registry/storage/driver"
-	"github.com/docker/distribution/registry/storage/driver/base"
-	"github.com/docker/distribution/registry/storage/driver/factory"
-)
-
-const driverName = "s3aws"
-
-// minChunkSize defines the minimum multipart upload chunk size
-// S3 API requires multipart upload chunks to be at least 5MB
-const minChunkSize = 5 << 20
-
-// maxChunkSize defines the maximum multipart upload chunk size allowed by S3.
-const maxChunkSize = 5 << 30
-
-const defaultChunkSize = 2 * minChunkSize
-
-const (
-	// defaultMultipartCopyChunkSize defines the default chunk size for all
-	// but the last Upload Part - Copy operation of a multipart copy.
-	// Empirically, 32 MB is optimal.
-	defaultMultipartCopyChunkSize = 32 << 20
-
-	// defaultMultipartCopyMaxConcurrency defines the default maximum number
-	// of concurrent Upload Part - Copy operations for a multipart copy.
-	defaultMultipartCopyMaxConcurrency = 100
-
-	// defaultMultipartCopyThresholdSize defines the default object size
-	// above which multipart copy will be used. (PUT Object - Copy is used
-	// for objects at or below this size.)  Empirically, 32 MB is optimal.
-	defaultMultipartCopyThresholdSize = 32 << 20
-)
-
-// listMax is the largest amount of objects you can request from S3 in a list call
-const listMax = 1000
-
-// noStorageClass defines the value to be used if storage class is not supported by the S3 endpoint
-const noStorageClass = "NONE"
-
-// validRegions maps known s3 region identifiers to region descriptors
-var validRegions = map[string]struct{}{}
-
-// validObjectACLs contains known s3 object Acls
-var validObjectACLs = map[string]struct{}{}
-
-// DriverParameters A struct that encapsulates all of the driver parameters after all values have been set
-type DriverParameters struct {
-	AccessKey                   string
-	SecretKey                   string
-	Bucket                      string
-	Region                      string
-	RegionEndpoint              string
-	Encrypt                     bool
-	KeyID                       string
-	Secure                      bool
-	SkipVerify                  bool
-	V4Auth                      bool
-	ChunkSize                   int64
-	MultipartCopyChunkSize      int64
-	MultipartCopyMaxConcurrency int64
-	MultipartCopyThresholdSize  int64
-	RootDirectory               string
-	StorageClass                string
-	UserAgent                   string
-	ObjectACL                   string
-	SessionToken                string
-}
-
-func init() {
-	partitions := endpoints.DefaultPartitions()
-	for _, p := range partitions {
-		for region := range p.Regions() {
-			validRegions[region] = struct{}{}
-		}
-	}
-
-	for _, objectACL := range []string{
-		s3.ObjectCannedACLPrivate,
-		s3.ObjectCannedACLPublicRead,
-		s3.ObjectCannedACLPublicReadWrite,
-		s3.ObjectCannedACLAuthenticatedRead,
-		s3.ObjectCannedACLAwsExecRead,
-		s3.ObjectCannedACLBucketOwnerRead,
-		s3.ObjectCannedACLBucketOwnerFullControl,
-	} {
-		validObjectACLs[objectACL] = struct{}{}
-	}
-
-	// Register this as the default s3 driver in addition to s3aws
-	factory.Register("s3", &s3DriverFactory{})
-	factory.Register(driverName, &s3DriverFactory{})
-}
-
-// s3DriverFactory implements the factory.StorageDriverFactory interface
-type s3DriverFactory struct{}
-
-func (factory *s3DriverFactory) Create(parameters map[string]interface{}) (storagedriver.StorageDriver, error) {
-	return FromParameters(parameters)
-}
-
-type driver struct {
-	S3                          *s3.S3
-	Bucket                      string
-	ChunkSize                   int64
-	Encrypt                     bool
-	KeyID                       string
-	MultipartCopyChunkSize      int64
-	MultipartCopyMaxConcurrency int64
-	MultipartCopyThresholdSize  int64
-	RootDirectory               string
-	StorageClass                string
-	ObjectACL                   string
-}
-
-type baseEmbed struct {
-	base.Base
-}
-
-// Driver is a storagedriver.StorageDriver implementation backed by Amazon S3
-// Objects are stored at absolute keys in the provided bucket.
-type Driver struct {
-	baseEmbed
-}
-
-// FromParameters constructs a new Driver with a given parameters map
-// Required parameters:
-// - accesskey
-// - secretkey
-// - region
-// - bucket
-// - encrypt
-func FromParameters(parameters map[string]interface{}) (*Driver, error) {
-	// Providing no values for these is valid in case the user is authenticating
-	// with an IAM on an ec2 instance (in which case the instance credentials will
-	// be summoned when GetAuth is called)
-	accessKey := parameters["accesskey"]
-	if accessKey == nil {
-		accessKey = ""
-	}
-	secretKey := parameters["secretkey"]
-	if secretKey == nil {
-		secretKey = ""
-	}
-
-	regionEndpoint := parameters["regionendpoint"]
-	if regionEndpoint == nil {
-		regionEndpoint = ""
-	}
-
-	regionName := parameters["region"]
-	if regionName == nil || fmt.Sprint(regionName) == "" {
-		return nil, fmt.Errorf("no region parameter provided")
-	}
-	region := fmt.Sprint(regionName)
-	// Don't check the region value if a custom endpoint is provided.
-	if regionEndpoint == "" {
-		if _, ok := validRegions[region]; !ok {
-			return nil, fmt.Errorf("invalid region provided: %v", region)
-		}
-	}
-
-	bucket := parameters["bucket"]
-	if bucket == nil || fmt.Sprint(bucket) == "" {
-		return nil, fmt.Errorf("no bucket parameter provided")
-	}
-
-	encryptBool := false
-	encrypt := parameters["encrypt"]
-	switch encrypt := encrypt.(type) {
-	case string:
-		b, err := strconv.ParseBool(encrypt)
-		if err != nil {
-			return nil, fmt.Errorf("the encrypt parameter should be a boolean")
-		}
-		encryptBool = b
-	case bool:
-		encryptBool = encrypt
-	case nil:
-		// do nothing
-	default:
-		return nil, fmt.Errorf("the encrypt parameter should be a boolean")
-	}
-
-	secureBool := true
-	secure := parameters["secure"]
-	switch secure := secure.(type) {
-	case string:
-		b, err := strconv.ParseBool(secure)
-		if err != nil {
-			return nil, fmt.Errorf("the secure parameter should be a boolean")
-		}
-		secureBool = b
-	case bool:
-		secureBool = secure
-	case nil:
-		// do nothing
-	default:
-		return nil, fmt.Errorf("the secure parameter should be a boolean")
-	}
-
-	skipVerifyBool := false
-	skipVerify := parameters["skipverify"]
-	switch skipVerify := skipVerify.(type) {
-	case string:
-		b, err := strconv.ParseBool(skipVerify)
-		if err != nil {
-			return nil, fmt.Errorf("the skipVerify parameter should be a boolean")
-		}
-		skipVerifyBool = b
-	case bool:
-		skipVerifyBool = skipVerify
-	case nil:
-		// do nothing
-	default:
-		return nil, fmt.Errorf("the skipVerify parameter should be a boolean")
-	}
-
-	v4Bool := true
-	v4auth := parameters["v4auth"]
-	switch v4auth := v4auth.(type) {
-	case string:
-		b, err := strconv.ParseBool(v4auth)
-		if err != nil {
-			return nil, fmt.Errorf("the v4auth parameter should be a boolean")
-		}
-		v4Bool = b
-	case bool:
-		v4Bool = v4auth
-	case nil:
-		// do nothing
-	default:
-		return nil, fmt.Errorf("the v4auth parameter should be a boolean")
-	}
-
-	keyID := parameters["keyid"]
-	if keyID == nil {
-		keyID = ""
-	}
-
-	chunkSize, err := getParameterAsInt64(parameters, "chunksize", defaultChunkSize, minChunkSize, maxChunkSize)
-	if err != nil {
-		return nil, err
-	}
-
-	multipartCopyChunkSize, err := getParameterAsInt64(parameters, "multipartcopychunksize", defaultMultipartCopyChunkSize, minChunkSize, maxChunkSize)
-	if err != nil {
-		return nil, err
-	}
-
-	multipartCopyMaxConcurrency, err := getParameterAsInt64(parameters, "multipartcopymaxconcurrency", defaultMultipartCopyMaxConcurrency, 1, math.MaxInt64)
-	if err != nil {
-		return nil, err
-	}
-
-	multipartCopyThresholdSize, err := getParameterAsInt64(parameters, "multipartcopythresholdsize", defaultMultipartCopyThresholdSize, 0, maxChunkSize)
-	if err != nil {
-		return nil, err
-	}
-
-	rootDirectory := parameters["rootdirectory"]
-	if rootDirectory == nil {
-		rootDirectory = ""
-	}
-
-	storageClass := s3.StorageClassStandard
-	storageClassParam := parameters["storageclass"]
-	if storageClassParam != nil {
-		storageClassString, ok := storageClassParam.(string)
-		if !ok {
-			return nil, fmt.Errorf("the storageclass parameter must be one of %v, %v invalid",
-				[]string{s3.StorageClassStandard, s3.StorageClassReducedRedundancy}, storageClassParam)
-		}
-		// All valid storage class parameters are UPPERCASE, so be a bit more flexible here
-		storageClassString = strings.ToUpper(storageClassString)
-		if storageClassString != noStorageClass &&
-			storageClassString != s3.StorageClassStandard &&
-			storageClassString != s3.StorageClassReducedRedundancy {
-			return nil, fmt.Errorf("the storageclass parameter must be one of %v, %v invalid",
-				[]string{noStorageClass, s3.StorageClassStandard, s3.StorageClassReducedRedundancy}, storageClassParam)
-		}
-		storageClass = storageClassString
-	}
-
-	userAgent := parameters["useragent"]
-	if userAgent == nil {
-		userAgent = ""
-	}
-
-	objectACL := s3.ObjectCannedACLPrivate
-	objectACLParam := parameters["objectacl"]
-	if objectACLParam != nil {
-		objectACLString, ok := objectACLParam.(string)
-		if !ok {
-			return nil, fmt.Errorf("invalid value for objectacl parameter: %v", objectACLParam)
-		}
-
-		if _, ok = validObjectACLs[objectACLString]; !ok {
-			return nil, fmt.Errorf("invalid value for objectacl parameter: %v", objectACLParam)
-		}
-		objectACL = objectACLString
-	}
-
-	sessionToken := ""
-
-	params := DriverParameters{
-		fmt.Sprint(accessKey),
-		fmt.Sprint(secretKey),
-		fmt.Sprint(bucket),
-		region,
-		fmt.Sprint(regionEndpoint),
-		encryptBool,
-		fmt.Sprint(keyID),
-		secureBool,
-		skipVerifyBool,
-		v4Bool,
-		chunkSize,
-		multipartCopyChunkSize,
-		multipartCopyMaxConcurrency,
-		multipartCopyThresholdSize,
-		fmt.Sprint(rootDirectory),
-		storageClass,
-		fmt.Sprint(userAgent),
-		objectACL,
-		fmt.Sprint(sessionToken),
-	}
-
-	return New(params)
-}
-
-// getParameterAsInt64 converts parameters[name] to an int64 value (using
-// defaultt if nil), verifies it is no smaller than min, and returns it.
-func getParameterAsInt64(parameters map[string]interface{}, name string, defaultt int64, min int64, max int64) (int64, error) {
-	rv := defaultt
-	param := parameters[name]
-	switch v := param.(type) {
-	case string:
-		vv, err := strconv.ParseInt(v, 0, 64)
-		if err != nil {
-			return 0, fmt.Errorf("%s parameter must be an integer, %v invalid", name, param)
-		}
-		rv = vv
-	case int64:
-		rv = v
-	case int, uint, int32, uint32, uint64:
-		rv = reflect.ValueOf(v).Convert(reflect.TypeOf(rv)).Int()
-	case nil:
-		// do nothing
-	default:
-		return 0, fmt.Errorf("invalid value for %s: %#v", name, param)
-	}
-
-	if rv < min || rv > max {
-		return 0, fmt.Errorf("the %s %#v parameter should be a number between %d and %d (inclusive)", name, rv, min, max)
-	}
-
-	return rv, nil
-}
-
-// New constructs a new Driver with the given AWS credentials, region, encryption flag, and
-// bucketName
-func New(params DriverParameters) (*Driver, error) {
-	if !params.V4Auth &&
-		(params.RegionEndpoint == "" ||
-			strings.Contains(params.RegionEndpoint, "s3.amazonaws.com")) {
-		return nil, fmt.Errorf("on Amazon S3 this storage driver can only be used with v4 authentication")
-	}
-
-	awsConfig := aws.NewConfig()
-	sess, err := session.NewSession()
-	if err != nil {
-		return nil, fmt.Errorf("failed to create new session: %v", err)
-	}
-	creds := credentials.NewChainCredentials([]credentials.Provider{
-		&credentials.StaticProvider{
-			Value: credentials.Value{
-				AccessKeyID:     params.AccessKey,
-				SecretAccessKey: params.SecretKey,
-				SessionToken:    params.SessionToken,
-			},
-		},
-		&credentials.EnvProvider{},
-		&credentials.SharedCredentialsProvider{},
-		&ec2rolecreds.EC2RoleProvider{Client: ec2metadata.New(sess)},
-	})
-
-	if params.RegionEndpoint != "" {
-		awsConfig.WithS3ForcePathStyle(true)
-		awsConfig.WithEndpoint(params.RegionEndpoint)
-	}
-
-	awsConfig.WithCredentials(creds)
-	awsConfig.WithRegion(params.Region)
-	awsConfig.WithDisableSSL(!params.Secure)
-
-	if params.UserAgent != "" || params.SkipVerify {
-		httpTransport := http.DefaultTransport
-		if params.SkipVerify {
-			httpTransport = &http.Transport{
-				TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
-			}
-		}
-		if params.UserAgent != "" {
-			awsConfig.WithHTTPClient(&http.Client{
-				Transport: transport.NewTransport(httpTransport, transport.NewHeaderRequestModifier(http.Header{http.CanonicalHeaderKey("User-Agent"): []string{params.UserAgent}})),
-			})
-		} else {
-			awsConfig.WithHTTPClient(&http.Client{
-				Transport: transport.NewTransport(httpTransport),
-			})
-		}
-	}
-
-	sess, err = session.NewSession(awsConfig)
-	if err != nil {
-		return nil, fmt.Errorf("failed to create new session with aws config: %v", err)
-	}
-	s3obj := s3.New(sess)
-
-	// enable S3 compatible signature v2 signing instead
-	if !params.V4Auth {
-		setv2Handlers(s3obj)
-	}
-
-	// TODO Currently multipart uploads have no timestamps, so this would be unwise
-	// if you initiated a new s3driver while another one is running on the same bucket.
-	// multis, _, err := bucket.ListMulti("", "")
-	// if err != nil {
-	// 	return nil, err
-	// }
-
-	// for _, multi := range multis {
-	// 	err := multi.Abort()
-	// 	//TODO appropriate to do this error checking?
-	// 	if err != nil {
-	// 		return nil, err
-	// 	}
-	// }
-
-	d := &driver{
-		S3:                          s3obj,
-		Bucket:                      params.Bucket,
-		ChunkSize:                   params.ChunkSize,
-		Encrypt:                     params.Encrypt,
-		KeyID:                       params.KeyID,
-		MultipartCopyChunkSize:      params.MultipartCopyChunkSize,
-		MultipartCopyMaxConcurrency: params.MultipartCopyMaxConcurrency,
-		MultipartCopyThresholdSize:  params.MultipartCopyThresholdSize,
-		RootDirectory:               params.RootDirectory,
-		StorageClass:                params.StorageClass,
-		ObjectACL:                   params.ObjectACL,
-	}
-
-	return &Driver{
-		baseEmbed: baseEmbed{
-			Base: base.Base{
-				StorageDriver: d,
-			},
-		},
-	}, nil
-}
-
-// Implement the storagedriver.StorageDriver interface
-
-func (d *driver) Name() string {
-	return driverName
-}
-
-// GetContent retrieves the content stored at "path" as a []byte.
-func (d *driver) GetContent(ctx context.Context, path string) ([]byte, error) {
-	reader, err := d.Reader(ctx, path, 0)
-	if err != nil {
-		return nil, err
-	}
-	return ioutil.ReadAll(reader)
-}
-
-// PutContent stores the []byte content at a location designated by "path".
-func (d *driver) PutContent(ctx context.Context, path string, contents []byte) error {
-	_, err := d.S3.PutObject(&s3.PutObjectInput{
-		Bucket:               aws.String(d.Bucket),
-		Key:                  aws.String(d.s3Path(path)),
-		ContentType:          d.getContentType(),
-		ACL:                  d.getACL(),
-		ServerSideEncryption: d.getEncryptionMode(),
-		SSEKMSKeyId:          d.getSSEKMSKeyID(),
-		StorageClass:         d.getStorageClass(),
-		Body:                 bytes.NewReader(contents),
-	})
-	return parseError(path, err)
-}
-
-// Reader retrieves an io.ReadCloser for the content stored at "path" with a
-// given byte offset.
-func (d *driver) Reader(ctx context.Context, path string, offset int64) (io.ReadCloser, error) {
-	resp, err := d.S3.GetObject(&s3.GetObjectInput{
-		Bucket: aws.String(d.Bucket),
-		Key:    aws.String(d.s3Path(path)),
-		Range:  aws.String("bytes=" + strconv.FormatInt(offset, 10) + "-"),
-	})
-
-	if err != nil {
-		if s3Err, ok := err.(awserr.Error); ok && s3Err.Code() == "InvalidRange" {
-			return ioutil.NopCloser(bytes.NewReader(nil)), nil
-		}
-
-		return nil, parseError(path, err)
-	}
-	return resp.Body, nil
-}
-
-// Writer returns a FileWriter which will store the content written to it
-// at the location designated by "path" after the call to Commit.
-func (d *driver) Writer(ctx context.Context, path string, appendParam bool) (storagedriver.FileWriter, error) {
-	key := d.s3Path(path)
-	if !appendParam {
-		// TODO (brianbland): cancel other uploads at this path
-		resp, err := d.S3.CreateMultipartUpload(&s3.CreateMultipartUploadInput{
-			Bucket:               aws.String(d.Bucket),
-			Key:                  aws.String(key),
-			ContentType:          d.getContentType(),
-			ACL:                  d.getACL(),
-			ServerSideEncryption: d.getEncryptionMode(),
-			SSEKMSKeyId:          d.getSSEKMSKeyID(),
-			StorageClass:         d.getStorageClass(),
-		})
-		if err != nil {
-			return nil, err
-		}
-		return d.newWriter(key, *resp.UploadId, nil), nil
-	}
-	resp, err := d.S3.ListMultipartUploads(&s3.ListMultipartUploadsInput{
-		Bucket: aws.String(d.Bucket),
-		Prefix: aws.String(key),
-	})
-	if err != nil {
-		return nil, parseError(path, err)
-	}
-	var allParts []*s3.Part
-	for _, multi := range resp.Uploads {
-		if key != *multi.Key {
-			continue
-		}
-		resp, err := d.S3.ListParts(&s3.ListPartsInput{
-			Bucket:   aws.String(d.Bucket),
-			Key:      aws.String(key),
-			UploadId: multi.UploadId,
-		})
-		if err != nil {
-			return nil, parseError(path, err)
-		}
-		allParts = append(allParts, resp.Parts...)
-		for *resp.IsTruncated {
-			resp, err = d.S3.ListParts(&s3.ListPartsInput{
-				Bucket:           aws.String(d.Bucket),
-				Key:              aws.String(key),
-				UploadId:         multi.UploadId,
-				PartNumberMarker: resp.NextPartNumberMarker,
-			})
-			if err != nil {
-				return nil, parseError(path, err)
-			}
-			allParts = append(allParts, resp.Parts...)
-		}
-		return d.newWriter(key, *multi.UploadId, allParts), nil
-	}
-	return nil, storagedriver.PathNotFoundError{Path: path}
-}
-
-// Stat retrieves the FileInfo for the given path, including the current size
-// in bytes and the creation time.
-func (d *driver) Stat(ctx context.Context, path string) (storagedriver.FileInfo, error) {
-	resp, err := d.S3.ListObjects(&s3.ListObjectsInput{
-		Bucket:  aws.String(d.Bucket),
-		Prefix:  aws.String(d.s3Path(path)),
-		MaxKeys: aws.Int64(1),
-	})
-	if err != nil {
-		return nil, err
-	}
-
-	fi := storagedriver.FileInfoFields{
-		Path: path,
-	}
-
-	if len(resp.Contents) == 1 {
-		if *resp.Contents[0].Key != d.s3Path(path) {
-			fi.IsDir = true
-		} else {
-			fi.IsDir = false
-			fi.Size = *resp.Contents[0].Size
-			fi.ModTime = *resp.Contents[0].LastModified
-		}
-	} else if len(resp.CommonPrefixes) == 1 {
-		fi.IsDir = true
-	} else {
-		return nil, storagedriver.PathNotFoundError{Path: path}
-	}
-
-	return storagedriver.FileInfoInternal{FileInfoFields: fi}, nil
-}
-
-// List returns a list of the objects that are direct descendants of the given path.
-func (d *driver) List(ctx context.Context, opath string) ([]string, error) {
-	path := opath
-	if path != "/" && path[len(path)-1] != '/' {
-		path = path + "/"
-	}
-
-	// This is to cover for the cases when the rootDirectory of the driver is either "" or "/".
-	// In those cases, there is no root prefix to replace and we must actually add a "/" to all
-	// results in order to keep them as valid paths as recognized by storagedriver.PathRegexp
-	prefix := ""
-	if d.s3Path("") == "" {
-		prefix = "/"
-	}
-
-	resp, err := d.S3.ListObjects(&s3.ListObjectsInput{
-		Bucket:    aws.String(d.Bucket),
-		Prefix:    aws.String(d.s3Path(path)),
-		Delimiter: aws.String("/"),
-		MaxKeys:   aws.Int64(listMax),
-	})
-	if err != nil {
-		return nil, parseError(opath, err)
-	}
-
-	files := []string{}
-	directories := []string{}
-
-	for {
-		for _, key := range resp.Contents {
-			files = append(files, strings.Replace(*key.Key, d.s3Path(""), prefix, 1))
-		}
-
-		for _, commonPrefix := range resp.CommonPrefixes {
-			commonPrefix := *commonPrefix.Prefix
-			directories = append(directories, strings.Replace(commonPrefix[0:len(commonPrefix)-1], d.s3Path(""), prefix, 1))
-		}
-
-		if *resp.IsTruncated {
-			resp, err = d.S3.ListObjects(&s3.ListObjectsInput{
-				Bucket:    aws.String(d.Bucket),
-				Prefix:    aws.String(d.s3Path(path)),
-				Delimiter: aws.String("/"),
-				MaxKeys:   aws.Int64(listMax),
-				Marker:    resp.NextMarker,
-			})
-			if err != nil {
-				return nil, err
-			}
-		} else {
-			break
-		}
-	}
-
-	if opath != "/" {
-		if len(files) == 0 && len(directories) == 0 {
-			// Treat empty response as missing directory, since we don't actually
-			// have directories in s3.
-			return nil, storagedriver.PathNotFoundError{Path: opath}
-		}
-	}
-
-	return append(files, directories...), nil
-}
-
-// Move moves an object stored at sourcePath to destPath, removing the original
-// object.
-func (d *driver) Move(ctx context.Context, sourcePath string, destPath string) error {
-	/* This is terrible, but aws doesn't have an actual move. */
-	if err := d.copy(ctx, sourcePath, destPath); err != nil {
-		return err
-	}
-	return d.Delete(ctx, sourcePath)
-}
-
-// copy copies an object stored at sourcePath to destPath.
-func (d *driver) copy(ctx context.Context, sourcePath string, destPath string) error {
-	// S3 can copy objects up to 5 GB in size with a single PUT Object - Copy
-	// operation. For larger objects, the multipart upload API must be used.
-	//
-	// Empirically, multipart copy is fastest with 32 MB parts and is faster
-	// than PUT Object - Copy for objects larger than 32 MB.
-
-	fileInfo, err := d.Stat(ctx, sourcePath)
-	if err != nil {
-		return parseError(sourcePath, err)
-	}
-
-	if fileInfo.Size() <= d.MultipartCopyThresholdSize {
-		_, err := d.S3.CopyObject(&s3.CopyObjectInput{
-			Bucket:               aws.String(d.Bucket),
-			Key:                  aws.String(d.s3Path(destPath)),
-			ContentType:          d.getContentType(),
-			ACL:                  d.getACL(),
-			ServerSideEncryption: d.getEncryptionMode(),
-			SSEKMSKeyId:          d.getSSEKMSKeyID(),
-			StorageClass:         d.getStorageClass(),
-			CopySource:           aws.String(d.Bucket + "/" + d.s3Path(sourcePath)),
-		})
-		if err != nil {
-			return parseError(sourcePath, err)
-		}
-		return nil
-	}
-
-	createResp, err := d.S3.CreateMultipartUpload(&s3.CreateMultipartUploadInput{
-		Bucket:               aws.String(d.Bucket),
-		Key:                  aws.String(d.s3Path(destPath)),
-		ContentType:          d.getContentType(),
-		ACL:                  d.getACL(),
-		SSEKMSKeyId:          d.getSSEKMSKeyID(),
-		ServerSideEncryption: d.getEncryptionMode(),
-		StorageClass:         d.getStorageClass(),
-	})
-	if err != nil {
-		return err
-	}
-
-	numParts := (fileInfo.Size() + d.MultipartCopyChunkSize - 1) / d.MultipartCopyChunkSize
-	completedParts := make([]*s3.CompletedPart, numParts)
-	errChan := make(chan error, numParts)
-	limiter := make(chan struct{}, d.MultipartCopyMaxConcurrency)
-
-	for i := range completedParts {
-		i := int64(i)
-		go func() {
-			limiter <- struct{}{}
-			firstByte := i * d.MultipartCopyChunkSize
-			lastByte := firstByte + d.MultipartCopyChunkSize - 1
-			if lastByte >= fileInfo.Size() {
-				lastByte = fileInfo.Size() - 1
-			}
-			uploadResp, err := d.S3.UploadPartCopy(&s3.UploadPartCopyInput{
-				Bucket:          aws.String(d.Bucket),
-				CopySource:      aws.String(d.Bucket + "/" + d.s3Path(sourcePath)),
-				Key:             aws.String(d.s3Path(destPath)),
-				PartNumber:      aws.Int64(i + 1),
-				UploadId:        createResp.UploadId,
-				CopySourceRange: aws.String(fmt.Sprintf("bytes=%d-%d", firstByte, lastByte)),
-			})
-			if err == nil {
-				completedParts[i] = &s3.CompletedPart{
-					ETag:       uploadResp.CopyPartResult.ETag,
-					PartNumber: aws.Int64(i + 1),
-				}
-			}
-			errChan <- err
-			<-limiter
-		}()
-	}
-
-	for range completedParts {
-		err := <-errChan
-		if err != nil {
-			return err
-		}
-	}
-
-	_, err = d.S3.CompleteMultipartUpload(&s3.CompleteMultipartUploadInput{
-		Bucket:          aws.String(d.Bucket),
-		Key:             aws.String(d.s3Path(destPath)),
-		UploadId:        createResp.UploadId,
-		MultipartUpload: &s3.CompletedMultipartUpload{Parts: completedParts},
-	})
-	return err
-}
-
-func min(a, b int) int {
-	if a < b {
-		return a
-	}
-	return b
-}
-
-// Delete recursively deletes all objects stored at "path" and its subpaths.
-// We must be careful since S3 does not guarantee read after delete consistency
-func (d *driver) Delete(ctx context.Context, path string) error {
-	s3Objects := make([]*s3.ObjectIdentifier, 0, listMax)
-	s3Path := d.s3Path(path)
-	listObjectsInput := &s3.ListObjectsInput{
-		Bucket: aws.String(d.Bucket),
-		Prefix: aws.String(s3Path),
-	}
-ListLoop:
-	for {
-		// list all the objects
-		resp, err := d.S3.ListObjects(listObjectsInput)
-
-		// resp.Contents can only be empty on the first call
-		// if there were no more results to return after the first call, resp.IsTruncated would have been false
-		// and the loop would be exited without recalling ListObjects
-		if err != nil || len(resp.Contents) == 0 {
-			return storagedriver.PathNotFoundError{Path: path}
-		}
-
-		for _, key := range resp.Contents {
-			// Stop if we encounter a key that is not a subpath (so that deleting "/a" does not delete "/ab").
-			if len(*key.Key) > len(s3Path) && (*key.Key)[len(s3Path)] != '/' {
-				break ListLoop
-			}
-			s3Objects = append(s3Objects, &s3.ObjectIdentifier{
-				Key: key.Key,
-			})
-		}
-
-		// resp.Contents must have at least one element or we would have returned not found
-		listObjectsInput.Marker = resp.Contents[len(resp.Contents)-1].Key
-
-		// from the s3 api docs, IsTruncated "specifies whether (true) or not (false) all of the results were returned"
-		// if everything has been returned, break
-		if resp.IsTruncated == nil || !*resp.IsTruncated {
-			break
-		}
-	}
-
-	// need to chunk objects into groups of 1000 per s3 restrictions
-	total := len(s3Objects)
-	for i := 0; i < total; i += 1000 {
-		_, err := d.S3.DeleteObjects(&s3.DeleteObjectsInput{
-			Bucket: aws.String(d.Bucket),
-			Delete: &s3.Delete{
-				Objects: s3Objects[i:min(i+1000, total)],
-				Quiet:   aws.Bool(false),
-			},
-		})
-		if err != nil {
-			return err
-		}
-	}
-	return nil
-}
-
-// URLFor returns a URL which may be used to retrieve the content stored at the given path.
-// May return an UnsupportedMethodErr in certain StorageDriver implementations.
-func (d *driver) URLFor(ctx context.Context, path string, options map[string]interface{}) (string, error) {
-	methodString := "GET"
-	method, ok := options["method"]
-	if ok {
-		methodString, ok = method.(string)
-		if !ok || (methodString != "GET" && methodString != "HEAD") {
-			return "", storagedriver.ErrUnsupportedMethod{}
-		}
-	}
-
-	expiresIn := 20 * time.Minute
-	expires, ok := options["expiry"]
-	if ok {
-		et, ok := expires.(time.Time)
-		if ok {
-			expiresIn = time.Until(et)
-		}
-	}
-
-	var req *request.Request
-
-	switch methodString {
-	case "GET":
-		req, _ = d.S3.GetObjectRequest(&s3.GetObjectInput{
-			Bucket: aws.String(d.Bucket),
-			Key:    aws.String(d.s3Path(path)),
-		})
-	case "HEAD":
-		req, _ = d.S3.HeadObjectRequest(&s3.HeadObjectInput{
-			Bucket: aws.String(d.Bucket),
-			Key:    aws.String(d.s3Path(path)),
-		})
-	default:
-		panic("unreachable")
-	}
-
-	return req.Presign(expiresIn)
-}
-
-// Walk traverses a filesystem defined within driver, starting
-// from the given path, calling f on each file
-func (d *driver) Walk(ctx context.Context, from string, f storagedriver.WalkFn) error {
-	path := from
-	if !strings.HasSuffix(path, "/") {
-		path = path + "/"
-	}
-
-	prefix := ""
-	if d.s3Path("") == "" {
-		prefix = "/"
-	}
-
-	var objectCount int64
-	if err := d.doWalk(ctx, &objectCount, d.s3Path(path), prefix, f); err != nil {
-		return err
-	}
-
-	// S3 doesn't have the concept of empty directories, so it'll return path not found if there are no objects
-	if objectCount == 0 {
-		return storagedriver.PathNotFoundError{Path: from}
-	}
-
-	return nil
-}
-
-type walkInfoContainer struct {
-	storagedriver.FileInfoFields
-	prefix *string
-}
-
-// Path provides the full path of the target of this file info.
-func (wi walkInfoContainer) Path() string {
-	return wi.FileInfoFields.Path
-}
-
-// Size returns current length in bytes of the file. The return value can
-// be used to write to the end of the file at path. The value is
-// meaningless if IsDir returns true.
-func (wi walkInfoContainer) Size() int64 {
-	return wi.FileInfoFields.Size
-}
-
-// ModTime returns the modification time for the file. For backends that
-// don't have a modification time, the creation time should be returned.
-func (wi walkInfoContainer) ModTime() time.Time {
-	return wi.FileInfoFields.ModTime
-}
-
-// IsDir returns true if the path is a directory.
-func (wi walkInfoContainer) IsDir() bool {
-	return wi.FileInfoFields.IsDir
-}
-
-func (d *driver) doWalk(parentCtx context.Context, objectCount *int64, path, prefix string, f storagedriver.WalkFn) error {
-	var retError error
-
-	listObjectsInput := &s3.ListObjectsV2Input{
-		Bucket:    aws.String(d.Bucket),
-		Prefix:    aws.String(path),
-		Delimiter: aws.String("/"),
-		MaxKeys:   aws.Int64(listMax),
-	}
-
-	ctx, done := dcontext.WithTrace(parentCtx)
-	defer done("s3aws.ListObjectsV2Pages(%s)", path)
-	listObjectErr := d.S3.ListObjectsV2PagesWithContext(ctx, listObjectsInput, func(objects *s3.ListObjectsV2Output, lastPage bool) bool {
-
-		var count int64
-		// KeyCount was introduced with version 2 of the GET Bucket operation in S3.
-		// Some S3 implementations don't support V2 now, so we fall back to manual
-		// calculation of the key count if required
-		if objects.KeyCount != nil {
-			count = *objects.KeyCount
-			*objectCount += *objects.KeyCount
-		} else {
-			count = int64(len(objects.Contents) + len(objects.CommonPrefixes))
-			*objectCount += count
-		}
-
-		walkInfos := make([]walkInfoContainer, 0, count)
-
-		for _, dir := range objects.CommonPrefixes {
-			commonPrefix := *dir.Prefix
-			walkInfos = append(walkInfos, walkInfoContainer{
-				prefix: dir.Prefix,
-				FileInfoFields: storagedriver.FileInfoFields{
-					IsDir: true,
-					Path:  strings.Replace(commonPrefix[:len(commonPrefix)-1], d.s3Path(""), prefix, 1),
-				},
-			})
-		}
-
-		for _, file := range objects.Contents {
-			walkInfos = append(walkInfos, walkInfoContainer{
-				FileInfoFields: storagedriver.FileInfoFields{
-					IsDir:   false,
-					Size:    *file.Size,
-					ModTime: *file.LastModified,
-					Path:    strings.Replace(*file.Key, d.s3Path(""), prefix, 1),
-				},
-			})
-		}
-
-		sort.SliceStable(walkInfos, func(i, j int) bool { return walkInfos[i].FileInfoFields.Path < walkInfos[j].FileInfoFields.Path })
-
-		for _, walkInfo := range walkInfos {
-			err := f(walkInfo)
-
-			if err == storagedriver.ErrSkipDir {
-				if walkInfo.IsDir() {
-					continue
-				} else {
-					break
-				}
-			} else if err != nil {
-				retError = err
-				return false
-			}
-
-			if walkInfo.IsDir() {
-				if err := d.doWalk(ctx, objectCount, *walkInfo.prefix, prefix, f); err != nil {
-					retError = err
-					return false
-				}
-			}
-		}
-		return true
-	})
-
-	if retError != nil {
-		return retError
-	}
-
-	if listObjectErr != nil {
-		return listObjectErr
-	}
-
-	return nil
-}
-
-func (d *driver) s3Path(path string) string {
-	return strings.TrimLeft(strings.TrimRight(d.RootDirectory, "/")+path, "/")
-}
-
-// S3BucketKey returns the s3 bucket key for the given storage driver path.
-func (d *Driver) S3BucketKey(path string) string {
-	return d.StorageDriver.(*driver).s3Path(path)
-}
-
-func parseError(path string, err error) error {
-	if s3Err, ok := err.(awserr.Error); ok && s3Err.Code() == "NoSuchKey" {
-		return storagedriver.PathNotFoundError{Path: path}
-	}
-
-	return err
-}
-
-func (d *driver) getEncryptionMode() *string {
-	if !d.Encrypt {
-		return nil
-	}
-	if d.KeyID == "" {
-		return aws.String("AES256")
-	}
-	return aws.String("aws:kms")
-}
-
-func (d *driver) getSSEKMSKeyID() *string {
-	if d.KeyID != "" {
-		return aws.String(d.KeyID)
-	}
-	return nil
-}
-
-func (d *driver) getContentType() *string {
-	return aws.String("application/octet-stream")
-}
-
-func (d *driver) getACL() *string {
-	return aws.String(d.ObjectACL)
-}
-
-func (d *driver) getStorageClass() *string {
-	if d.StorageClass == noStorageClass {
-		return nil
-	}
-	return aws.String(d.StorageClass)
-}
-
-// writer attempts to upload parts to S3 in a buffered fashion where the last
-// part is at least as large as the chunksize, so the multipart upload could be
-// cleanly resumed in the future. This is violated if Close is called after less
-// than a full chunk is written.
-type writer struct {
-	driver      *driver
-	key         string
-	uploadID    string
-	parts       []*s3.Part
-	size        int64
-	readyPart   []byte
-	pendingPart []byte
-	closed      bool
-	committed   bool
-	cancelled   bool
-}
-
-func (d *driver) newWriter(key, uploadID string, parts []*s3.Part) storagedriver.FileWriter {
-	var size int64
-	for _, part := range parts {
-		size += *part.Size
-	}
-	return &writer{
-		driver:   d,
-		key:      key,
-		uploadID: uploadID,
-		parts:    parts,
-		size:     size,
-	}
-}
-
-type completedParts []*s3.CompletedPart
-
-func (a completedParts) Len() int           { return len(a) }
-func (a completedParts) Swap(i, j int)      { a[i], a[j] = a[j], a[i] }
-func (a completedParts) Less(i, j int) bool { return *a[i].PartNumber < *a[j].PartNumber }
-
-func (w *writer) Write(p []byte) (int, error) {
-	if w.closed {
-		return 0, fmt.Errorf("already closed")
-	} else if w.committed {
-		return 0, fmt.Errorf("already committed")
-	} else if w.cancelled {
-		return 0, fmt.Errorf("already cancelled")
-	}
-
-	// If the last written part is smaller than minChunkSize, we need to make a
-	// new multipart upload :sadface:
-	if len(w.parts) > 0 && int(*w.parts[len(w.parts)-1].Size) < minChunkSize {
-		var completedUploadedParts completedParts
-		for _, part := range w.parts {
-			completedUploadedParts = append(completedUploadedParts, &s3.CompletedPart{
-				ETag:       part.ETag,
-				PartNumber: part.PartNumber,
-			})
-		}
-
-		sort.Sort(completedUploadedParts)
-
-		_, err := w.driver.S3.CompleteMultipartUpload(&s3.CompleteMultipartUploadInput{
-			Bucket:   aws.String(w.driver.Bucket),
-			Key:      aws.String(w.key),
-			UploadId: aws.String(w.uploadID),
-			MultipartUpload: &s3.CompletedMultipartUpload{
-				Parts: completedUploadedParts,
-			},
-		})
-		if err != nil {
-			w.driver.S3.AbortMultipartUpload(&s3.AbortMultipartUploadInput{
-				Bucket:   aws.String(w.driver.Bucket),
-				Key:      aws.String(w.key),
-				UploadId: aws.String(w.uploadID),
-			})
-			return 0, err
-		}
-
-		resp, err := w.driver.S3.CreateMultipartUpload(&s3.CreateMultipartUploadInput{
-			Bucket:               aws.String(w.driver.Bucket),
-			Key:                  aws.String(w.key),
-			ContentType:          w.driver.getContentType(),
-			ACL:                  w.driver.getACL(),
-			ServerSideEncryption: w.driver.getEncryptionMode(),
-			StorageClass:         w.driver.getStorageClass(),
-		})
-		if err != nil {
-			return 0, err
-		}
-		w.uploadID = *resp.UploadId
-
-		// If the entire written file is smaller than minChunkSize, we need to make
-		// a new part from scratch :double sad face:
-		if w.size < minChunkSize {
-			resp, err := w.driver.S3.GetObject(&s3.GetObjectInput{
-				Bucket: aws.String(w.driver.Bucket),
-				Key:    aws.String(w.key),
-			})
-			if err != nil {
-				return 0, err
-			}
-			defer resp.Body.Close()
-			w.parts = nil
-			w.readyPart, err = ioutil.ReadAll(resp.Body)
-			if err != nil {
-				return 0, err
-			}
-		} else {
-			// Otherwise we can use the old file as the new first part
-			copyPartResp, err := w.driver.S3.UploadPartCopy(&s3.UploadPartCopyInput{
-				Bucket:     aws.String(w.driver.Bucket),
-				CopySource: aws.String(w.driver.Bucket + "/" + w.key),
-				Key:        aws.String(w.key),
-				PartNumber: aws.Int64(1),
-				UploadId:   resp.UploadId,
-			})
-			if err != nil {
-				return 0, err
-			}
-			w.parts = []*s3.Part{
-				{
-					ETag:       copyPartResp.CopyPartResult.ETag,
-					PartNumber: aws.Int64(1),
-					Size:       aws.Int64(w.size),
-				},
-			}
-		}
-	}
-
-	var n int
-
-	for len(p) > 0 {
-		// If no parts are ready to write, fill up the first part
-		if neededBytes := int(w.driver.ChunkSize) - len(w.readyPart); neededBytes > 0 {
-			if len(p) >= neededBytes {
-				w.readyPart = append(w.readyPart, p[:neededBytes]...)
-				n += neededBytes
-				p = p[neededBytes:]
-			} else {
-				w.readyPart = append(w.readyPart, p...)
-				n += len(p)
-				p = nil
-			}
-		}
-
-		if neededBytes := int(w.driver.ChunkSize) - len(w.pendingPart); neededBytes > 0 {
-			if len(p) >= neededBytes {
-				w.pendingPart = append(w.pendingPart, p[:neededBytes]...)
-				n += neededBytes
-				p = p[neededBytes:]
-				err := w.flushPart()
-				if err != nil {
-					w.size += int64(n)
-					return n, err
-				}
-			} else {
-				w.pendingPart = append(w.pendingPart, p...)
-				n += len(p)
-				p = nil
-			}
-		}
-	}
-	w.size += int64(n)
-	return n, nil
-}
-
-func (w *writer) Size() int64 {
-	return w.size
-}
-
-func (w *writer) Close() error {
-	if w.closed {
-		return fmt.Errorf("already closed")
-	}
-	w.closed = true
-	return w.flushPart()
-}
-
-func (w *writer) Cancel() error {
-	if w.closed {
-		return fmt.Errorf("already closed")
-	} else if w.committed {
-		return fmt.Errorf("already committed")
-	}
-	w.cancelled = true
-	_, err := w.driver.S3.AbortMultipartUpload(&s3.AbortMultipartUploadInput{
-		Bucket:   aws.String(w.driver.Bucket),
-		Key:      aws.String(w.key),
-		UploadId: aws.String(w.uploadID),
-	})
-	return err
-}
-
-func (w *writer) Commit() error {
-	if w.closed {
-		return fmt.Errorf("already closed")
-	} else if w.committed {
-		return fmt.Errorf("already committed")
-	} else if w.cancelled {
-		return fmt.Errorf("already cancelled")
-	}
-	err := w.flushPart()
-	if err != nil {
-		return err
-	}
-	w.committed = true
-
-	var completedUploadedParts completedParts
-	for _, part := range w.parts {
-		completedUploadedParts = append(completedUploadedParts, &s3.CompletedPart{
-			ETag:       part.ETag,
-			PartNumber: part.PartNumber,
-		})
-	}
-
-	sort.Sort(completedUploadedParts)
-
-	_, err = w.driver.S3.CompleteMultipartUpload(&s3.CompleteMultipartUploadInput{
-		Bucket:   aws.String(w.driver.Bucket),
-		Key:      aws.String(w.key),
-		UploadId: aws.String(w.uploadID),
-		MultipartUpload: &s3.CompletedMultipartUpload{
-			Parts: completedUploadedParts,
-		},
-	})
-	if err != nil {
-		w.driver.S3.AbortMultipartUpload(&s3.AbortMultipartUploadInput{
-			Bucket:   aws.String(w.driver.Bucket),
-			Key:      aws.String(w.key),
-			UploadId: aws.String(w.uploadID),
-		})
-		return err
-	}
-	return nil
-}
-
-// flushPart flushes buffers to write a part to S3.
-// Only called by Write (with both buffers full) and Close/Commit (always)
-func (w *writer) flushPart() error {
-	if len(w.readyPart) == 0 && len(w.pendingPart) == 0 {
-		// nothing to write
-		return nil
-	}
-	if len(w.pendingPart) < int(w.driver.ChunkSize) {
-		// closing with a small pending part
-		// combine ready and pending to avoid writing a small part
-		w.readyPart = append(w.readyPart, w.pendingPart...)
-		w.pendingPart = nil
-	}
-
-	partNumber := aws.Int64(int64(len(w.parts) + 1))
-	resp, err := w.driver.S3.UploadPart(&s3.UploadPartInput{
-		Bucket:     aws.String(w.driver.Bucket),
-		Key:        aws.String(w.key),
-		PartNumber: partNumber,
-		UploadId:   aws.String(w.uploadID),
-		Body:       bytes.NewReader(w.readyPart),
-	})
-	if err != nil {
-		return err
-	}
-	w.parts = append(w.parts, &s3.Part{
-		ETag:       resp.ETag,
-		PartNumber: partNumber,
-		Size:       aws.Int64(int64(len(w.readyPart))),
-	})
-	w.readyPart = w.pendingPart
-	w.pendingPart = nil
-	return nil
-}
diff --git a/vendor/github.com/docker/distribution/registry/storage/driver/s3-aws/s3_v2_signer.go b/vendor/github.com/docker/distribution/registry/storage/driver/s3-aws/s3_v2_signer.go
deleted file mode 100644
index 9f1e621cf..000000000
--- a/vendor/github.com/docker/distribution/registry/storage/driver/s3-aws/s3_v2_signer.go
+++ /dev/null
@@ -1,216 +0,0 @@
-package s3
-
-// Source: https://github.com/pivotal-golang/s3cli
-
-// Copyright (c) 2013 Damien Le Berrigaud and Nick Wade
-
-// Permission is hereby granted, free of charge, to any person obtaining a copy
-// of this software and associated documentation files (the "Software"), to deal
-// in the Software without restriction, including without limitation the rights
-// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-// copies of the Software, and to permit persons to whom the Software is
-// furnished to do so, subject to the following conditions:
-
-// The above copyright notice and this permission notice shall be included in
-// all copies or substantial portions of the Software.
-
-// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-// THE SOFTWARE.
-
-import (
-	"crypto/hmac"
-	"crypto/sha1"
-	"encoding/base64"
-	"net/http"
-	"net/url"
-	"sort"
-	"strings"
-	"time"
-
-	"github.com/aws/aws-sdk-go/aws/corehandlers"
-	"github.com/aws/aws-sdk-go/aws/credentials"
-	"github.com/aws/aws-sdk-go/aws/request"
-	"github.com/aws/aws-sdk-go/service/s3"
-	log "github.com/sirupsen/logrus"
-)
-
-type signer struct {
-	// Values that must be populated from the request
-	Request      *http.Request
-	Time         time.Time
-	Credentials  *credentials.Credentials
-	Query        url.Values
-	stringToSign string
-	signature    string
-}
-
-var s3ParamsToSign = map[string]bool{
-	"acl":                          true,
-	"location":                     true,
-	"logging":                      true,
-	"notification":                 true,
-	"partNumber":                   true,
-	"policy":                       true,
-	"requestPayment":               true,
-	"torrent":                      true,
-	"uploadId":                     true,
-	"uploads":                      true,
-	"versionId":                    true,
-	"versioning":                   true,
-	"versions":                     true,
-	"response-content-type":        true,
-	"response-content-language":    true,
-	"response-expires":             true,
-	"response-cache-control":       true,
-	"response-content-disposition": true,
-	"response-content-encoding":    true,
-	"website":                      true,
-	"delete":                       true,
-}
-
-// setv2Handlers will setup v2 signature signing on the S3 driver
-func setv2Handlers(svc *s3.S3) {
-	svc.Handlers.Build.PushBack(func(r *request.Request) {
-		parsedURL, err := url.Parse(r.HTTPRequest.URL.String())
-		if err != nil {
-			log.Fatalf("Failed to parse URL: %v", err)
-		}
-		r.HTTPRequest.URL.Opaque = parsedURL.Path
-	})
-
-	svc.Handlers.Sign.Clear()
-	svc.Handlers.Sign.PushBack(Sign)
-	svc.Handlers.Sign.PushBackNamed(corehandlers.BuildContentLengthHandler)
-}
-
-// Sign requests with signature version 2.
-//
-// Will sign the requests with the service config's Credentials object
-// Signing is skipped if the credentials is the credentials.AnonymousCredentials
-// object.
-func Sign(req *request.Request) {
-	// If the request does not need to be signed ignore the signing of the
-	// request if the AnonymousCredentials object is used.
-	if req.Config.Credentials == credentials.AnonymousCredentials {
-		return
-	}
-
-	v2 := signer{
-		Request:     req.HTTPRequest,
-		Time:        req.Time,
-		Credentials: req.Config.Credentials,
-	}
-	v2.Sign()
-}
-
-func (v2 *signer) Sign() error {
-	credValue, err := v2.Credentials.Get()
-	if err != nil {
-		return err
-	}
-	accessKey := credValue.AccessKeyID
-	var (
-		md5, ctype, date, xamz string
-		xamzDate               bool
-		sarray                 []string
-		smap                   map[string]string
-		sharray                []string
-	)
-
-	headers := v2.Request.Header
-	params := v2.Request.URL.Query()
-	parsedURL, err := url.Parse(v2.Request.URL.String())
-	if err != nil {
-		return err
-	}
-	host, canonicalPath := parsedURL.Host, parsedURL.Path
-	v2.Request.Header["Host"] = []string{host}
-	v2.Request.Header["date"] = []string{v2.Time.In(time.UTC).Format(time.RFC1123)}
-	if credValue.SessionToken != "" {
-		v2.Request.Header["x-amz-security-token"] = []string{credValue.SessionToken}
-	}
-
-	smap = make(map[string]string)
-	for k, v := range headers {
-		k = strings.ToLower(k)
-		switch k {
-		case "content-md5":
-			md5 = v[0]
-		case "content-type":
-			ctype = v[0]
-		case "date":
-			if !xamzDate {
-				date = v[0]
-			}
-		default:
-			if strings.HasPrefix(k, "x-amz-") {
-				vall := strings.Join(v, ",")
-				smap[k] = k + ":" + vall
-				if k == "x-amz-date" {
-					xamzDate = true
-					date = ""
-				}
-				sharray = append(sharray, k)
-			}
-		}
-	}
-	if len(sharray) > 0 {
-		sort.StringSlice(sharray).Sort()
-		for _, h := range sharray {
-			sarray = append(sarray, smap[h])
-		}
-		xamz = strings.Join(sarray, "\n") + "\n"
-	}
-
-	expires := false
-	if v, ok := params["Expires"]; ok {
-		expires = true
-		date = v[0]
-		params["AWSAccessKeyId"] = []string{accessKey}
-	}
-
-	sarray = sarray[0:0]
-	for k, v := range params {
-		if s3ParamsToSign[k] {
-			for _, vi := range v {
-				if vi == "" {
-					sarray = append(sarray, k)
-				} else {
-					sarray = append(sarray, k+"="+vi)
-				}
-			}
-		}
-	}
-	if len(sarray) > 0 {
-		sort.StringSlice(sarray).Sort()
-		canonicalPath = canonicalPath + "?" + strings.Join(sarray, "&")
-	}
-
-	v2.stringToSign = strings.Join([]string{
-		v2.Request.Method,
-		md5,
-		ctype,
-		date,
-		xamz + canonicalPath,
-	}, "\n")
-	hash := hmac.New(sha1.New, []byte(credValue.SecretAccessKey))
-	hash.Write([]byte(v2.stringToSign))
-	v2.signature = base64.StdEncoding.EncodeToString(hash.Sum(nil))
-
-	if expires {
-		params["Signature"] = []string{v2.signature}
-	} else {
-		headers["Authorization"] = []string{"AWS " + accessKey + ":" + v2.signature}
-	}
-
-	log.WithFields(log.Fields{
-		"string-to-sign": v2.stringToSign,
-		"signature":      v2.signature,
-	}).Debugln("request signature")
-	return nil
-}
diff --git a/vendor/github.com/docker/distribution/registry/storage/driver/storagedriver.go b/vendor/github.com/docker/distribution/registry/storage/driver/storagedriver.go
deleted file mode 100644
index b220713f2..000000000
--- a/vendor/github.com/docker/distribution/registry/storage/driver/storagedriver.go
+++ /dev/null
@@ -1,171 +0,0 @@
-package driver
-
-import (
-	"context"
-	"fmt"
-	"io"
-	"regexp"
-	"strconv"
-	"strings"
-)
-
-// Version is a string representing the storage driver version, of the form
-// Major.Minor.
-// The registry must accept storage drivers with equal major version and greater
-// minor version, but may not be compatible with older storage driver versions.
-type Version string
-
-// Major returns the major (primary) component of a version.
-func (version Version) Major() uint {
-	majorPart := strings.Split(string(version), ".")[0]
-	major, _ := strconv.ParseUint(majorPart, 10, 0)
-	return uint(major)
-}
-
-// Minor returns the minor (secondary) component of a version.
-func (version Version) Minor() uint {
-	minorPart := strings.Split(string(version), ".")[1]
-	minor, _ := strconv.ParseUint(minorPart, 10, 0)
-	return uint(minor)
-}
-
-// CurrentVersion is the current storage driver Version.
-const CurrentVersion Version = "0.1"
-
-// StorageDriver defines methods that a Storage Driver must implement for a
-// filesystem-like key/value object storage. Storage Drivers are automatically
-// registered via an internal registration mechanism, and generally created
-// via the StorageDriverFactory interface (https://godoc.org/github.com/docker/distribution/registry/storage/driver/factory).
-// Please see the aforementioned factory package for example code showing how to get an instance
-// of a StorageDriver
-type StorageDriver interface {
-	// Name returns the human-readable "name" of the driver, useful in error
-	// messages and logging. By convention, this will just be the registration
-	// name, but drivers may provide other information here.
-	Name() string
-
-	// GetContent retrieves the content stored at "path" as a []byte.
-	// This should primarily be used for small objects.
-	GetContent(ctx context.Context, path string) ([]byte, error)
-
-	// PutContent stores the []byte content at a location designated by "path".
-	// This should primarily be used for small objects.
-	PutContent(ctx context.Context, path string, content []byte) error
-
-	// Reader retrieves an io.ReadCloser for the content stored at "path"
-	// with a given byte offset.
-	// May be used to resume reading a stream by providing a nonzero offset.
-	Reader(ctx context.Context, path string, offset int64) (io.ReadCloser, error)
-
-	// Writer returns a FileWriter which will store the content written to it
-	// at the location designated by "path" after the call to Commit.
-	Writer(ctx context.Context, path string, append bool) (FileWriter, error)
-
-	// Stat retrieves the FileInfo for the given path, including the current
-	// size in bytes and the creation time.
-	Stat(ctx context.Context, path string) (FileInfo, error)
-
-	// List returns a list of the objects that are direct descendants of the
-	//given path.
-	List(ctx context.Context, path string) ([]string, error)
-
-	// Move moves an object stored at sourcePath to destPath, removing the
-	// original object.
-	// Note: This may be no more efficient than a copy followed by a delete for
-	// many implementations.
-	Move(ctx context.Context, sourcePath string, destPath string) error
-
-	// Delete recursively deletes all objects stored at "path" and its subpaths.
-	Delete(ctx context.Context, path string) error
-
-	// URLFor returns a URL which may be used to retrieve the content stored at
-	// the given path, possibly using the given options.
-	// May return an ErrUnsupportedMethod in certain StorageDriver
-	// implementations.
-	URLFor(ctx context.Context, path string, options map[string]interface{}) (string, error)
-
-	// Walk traverses a filesystem defined within driver, starting
-	// from the given path, calling f on each file.
-	// If the returned error from the WalkFn is ErrSkipDir and fileInfo refers
-	// to a directory, the directory will not be entered and Walk
-	// will continue the traversal.  If fileInfo refers to a normal file, processing stops
-	Walk(ctx context.Context, path string, f WalkFn) error
-}
-
-// FileWriter provides an abstraction for an opened writable file-like object in
-// the storage backend. The FileWriter must flush all content written to it on
-// the call to Close, but is only required to make its content readable on a
-// call to Commit.
-type FileWriter interface {
-	io.WriteCloser
-
-	// Size returns the number of bytes written to this FileWriter.
-	Size() int64
-
-	// Cancel removes any written content from this FileWriter.
-	Cancel() error
-
-	// Commit flushes all content written to this FileWriter and makes it
-	// available for future calls to StorageDriver.GetContent and
-	// StorageDriver.Reader.
-	Commit() error
-}
-
-// PathRegexp is the regular expression which each file path must match. A
-// file path is absolute, beginning with a slash and containing a positive
-// number of path components separated by slashes, where each component is
-// restricted to alphanumeric characters or a period, underscore, or
-// hyphen.
-var PathRegexp = regexp.MustCompile(`^(/[A-Za-z0-9._-]+)+$`)
-
-// ErrUnsupportedMethod may be returned in the case where a StorageDriver implementation does not support an optional method.
-type ErrUnsupportedMethod struct {
-	DriverName string
-}
-
-func (err ErrUnsupportedMethod) Error() string {
-	return fmt.Sprintf("%s: unsupported method", err.DriverName)
-}
-
-// PathNotFoundError is returned when operating on a nonexistent path.
-type PathNotFoundError struct {
-	Path       string
-	DriverName string
-}
-
-func (err PathNotFoundError) Error() string {
-	return fmt.Sprintf("%s: Path not found: %s", err.DriverName, err.Path)
-}
-
-// InvalidPathError is returned when the provided path is malformed.
-type InvalidPathError struct {
-	Path       string
-	DriverName string
-}
-
-func (err InvalidPathError) Error() string {
-	return fmt.Sprintf("%s: invalid path: %s", err.DriverName, err.Path)
-}
-
-// InvalidOffsetError is returned when attempting to read or write from an
-// invalid offset.
-type InvalidOffsetError struct {
-	Path       string
-	Offset     int64
-	DriverName string
-}
-
-func (err InvalidOffsetError) Error() string {
-	return fmt.Sprintf("%s: invalid offset: %d for path: %s", err.DriverName, err.Offset, err.Path)
-}
-
-// Error is a catch-all error type which captures an error string and
-// the driver type on which it occurred.
-type Error struct {
-	DriverName string
-	Enclosed   error
-}
-
-func (err Error) Error() string {
-	return fmt.Sprintf("%s: %s", err.DriverName, err.Enclosed)
-}
diff --git a/vendor/github.com/docker/distribution/registry/storage/driver/swift/swift.go b/vendor/github.com/docker/distribution/registry/storage/driver/swift/swift.go
deleted file mode 100644
index adbe8aa99..000000000
--- a/vendor/github.com/docker/distribution/registry/storage/driver/swift/swift.go
+++ /dev/null
@@ -1,934 +0,0 @@
-// Package swift provides a storagedriver.StorageDriver implementation to
-// store blobs in Openstack Swift object storage.
-//
-// This package leverages the ncw/swift client library for interfacing with
-// Swift.
-//
-// It supports both TempAuth authentication and Keystone authentication
-// (up to version 3).
-//
-// As Swift has a limit on the size of a single uploaded object (by default
-// this is 5GB), the driver makes use of the Swift Large Object Support
-// (http://docs.openstack.org/developer/swift/overview_large_objects.html).
-// Only one container is used for both manifests and data objects. Manifests
-// are stored in the 'files' pseudo directory, data objects are stored under
-// 'segments'.
-package swift
-
-import (
-	"bufio"
-	"bytes"
-	"context"
-	"crypto/rand"
-	"crypto/sha1"
-	"crypto/tls"
-	"encoding/hex"
-	"fmt"
-	"io"
-	"io/ioutil"
-	"net/http"
-	"net/url"
-	"strconv"
-	"strings"
-	"time"
-
-	"github.com/mitchellh/mapstructure"
-	"github.com/ncw/swift"
-
-	storagedriver "github.com/docker/distribution/registry/storage/driver"
-	"github.com/docker/distribution/registry/storage/driver/base"
-	"github.com/docker/distribution/registry/storage/driver/factory"
-	"github.com/docker/distribution/version"
-)
-
-const driverName = "swift"
-
-// defaultChunkSize defines the default size of a segment
-const defaultChunkSize = 20 * 1024 * 1024
-
-// minChunkSize defines the minimum size of a segment
-const minChunkSize = 1 << 20
-
-// contentType defines the Content-Type header associated with stored segments
-const contentType = "application/octet-stream"
-
-// readAfterWriteTimeout defines the time we wait before an object appears after having been uploaded
-var readAfterWriteTimeout = 15 * time.Second
-
-// readAfterWriteWait defines the time to sleep between two retries
-var readAfterWriteWait = 200 * time.Millisecond
-
-// Parameters A struct that encapsulates all of the driver parameters after all values have been set
-type Parameters struct {
-	Username            string
-	Password            string
-	AuthURL             string
-	Tenant              string
-	TenantID            string
-	Domain              string
-	DomainID            string
-	TenantDomain        string
-	TenantDomainID      string
-	TrustID             string
-	Region              string
-	AuthVersion         int
-	Container           string
-	Prefix              string
-	EndpointType        string
-	InsecureSkipVerify  bool
-	ChunkSize           int
-	SecretKey           string
-	AccessKey           string
-	TempURLContainerKey bool
-	TempURLMethods      []string
-}
-
-// swiftInfo maps the JSON structure returned by Swift /info endpoint
-type swiftInfo struct {
-	Swift struct {
-		Version string `mapstructure:"version"`
-	}
-	Tempurl struct {
-		Methods []string `mapstructure:"methods"`
-	}
-	BulkDelete struct {
-		MaxDeletesPerRequest int `mapstructure:"max_deletes_per_request"`
-	} `mapstructure:"bulk_delete"`
-}
-
-func init() {
-	factory.Register(driverName, &swiftDriverFactory{})
-}
-
-// swiftDriverFactory implements the factory.StorageDriverFactory interface
-type swiftDriverFactory struct{}
-
-func (factory *swiftDriverFactory) Create(parameters map[string]interface{}) (storagedriver.StorageDriver, error) {
-	return FromParameters(parameters)
-}
-
-type driver struct {
-	Conn                 *swift.Connection
-	Container            string
-	Prefix               string
-	BulkDeleteSupport    bool
-	BulkDeleteMaxDeletes int
-	ChunkSize            int
-	SecretKey            string
-	AccessKey            string
-	TempURLContainerKey  bool
-	TempURLMethods       []string
-}
-
-type baseEmbed struct {
-	base.Base
-}
-
-// Driver is a storagedriver.StorageDriver implementation backed by Openstack Swift
-// Objects are stored at absolute keys in the provided container.
-type Driver struct {
-	baseEmbed
-}
-
-// FromParameters constructs a new Driver with a given parameters map
-// Required parameters:
-// - username
-// - password
-// - authurl
-// - container
-func FromParameters(parameters map[string]interface{}) (*Driver, error) {
-	params := Parameters{
-		ChunkSize:          defaultChunkSize,
-		InsecureSkipVerify: false,
-	}
-
-	// Sanitize some entries before trying to decode parameters with mapstructure
-	// TenantID and Tenant when integers only and passed as ENV variables
-	// are considered as integer and not string. The parser fails in this
-	// case.
-	_, ok := parameters["tenant"]
-	if ok {
-		parameters["tenant"] = fmt.Sprint(parameters["tenant"])
-	}
-	_, ok = parameters["tenantid"]
-	if ok {
-		parameters["tenantid"] = fmt.Sprint(parameters["tenantid"])
-	}
-
-	if err := mapstructure.Decode(parameters, &params); err != nil {
-		return nil, err
-	}
-
-	if params.Username == "" {
-		return nil, fmt.Errorf("no username parameter provided")
-	}
-
-	if params.Password == "" {
-		return nil, fmt.Errorf("no password parameter provided")
-	}
-
-	if params.AuthURL == "" {
-		return nil, fmt.Errorf("no authurl parameter provided")
-	}
-
-	if params.Container == "" {
-		return nil, fmt.Errorf("no container parameter provided")
-	}
-
-	if params.ChunkSize < minChunkSize {
-		return nil, fmt.Errorf("the chunksize %#v parameter should be a number that is larger than or equal to %d", params.ChunkSize, minChunkSize)
-	}
-
-	return New(params)
-}
-
-// New constructs a new Driver with the given Openstack Swift credentials and container name
-func New(params Parameters) (*Driver, error) {
-	transport := &http.Transport{
-		Proxy:               http.ProxyFromEnvironment,
-		MaxIdleConnsPerHost: 2048,
-		TLSClientConfig:     &tls.Config{InsecureSkipVerify: params.InsecureSkipVerify},
-	}
-
-	ct := &swift.Connection{
-		UserName:       params.Username,
-		ApiKey:         params.Password,
-		AuthUrl:        params.AuthURL,
-		Region:         params.Region,
-		AuthVersion:    params.AuthVersion,
-		UserAgent:      "distribution/" + version.Version,
-		Tenant:         params.Tenant,
-		TenantId:       params.TenantID,
-		Domain:         params.Domain,
-		DomainId:       params.DomainID,
-		TenantDomain:   params.TenantDomain,
-		TenantDomainId: params.TenantDomainID,
-		TrustId:        params.TrustID,
-		EndpointType:   swift.EndpointType(params.EndpointType),
-		Transport:      transport,
-		ConnectTimeout: 60 * time.Second,
-		Timeout:        15 * 60 * time.Second,
-	}
-	err := ct.Authenticate()
-	if err != nil {
-		return nil, fmt.Errorf("swift authentication failed: %s", err)
-	}
-
-	if _, _, err := ct.Container(params.Container); err == swift.ContainerNotFound {
-		if err := ct.ContainerCreate(params.Container, nil); err != nil {
-			return nil, fmt.Errorf("failed to create container %s (%s)", params.Container, err)
-		}
-	} else if err != nil {
-		return nil, fmt.Errorf("failed to retrieve info about container %s (%s)", params.Container, err)
-	}
-
-	d := &driver{
-		Conn:           ct,
-		Container:      params.Container,
-		Prefix:         params.Prefix,
-		ChunkSize:      params.ChunkSize,
-		TempURLMethods: make([]string, 0),
-		AccessKey:      params.AccessKey,
-	}
-
-	info := swiftInfo{}
-	if config, err := d.Conn.QueryInfo(); err == nil {
-		_, d.BulkDeleteSupport = config["bulk_delete"]
-
-		if err := mapstructure.Decode(config, &info); err == nil {
-			d.TempURLContainerKey = info.Swift.Version >= "2.3.0"
-			d.TempURLMethods = info.Tempurl.Methods
-			if d.BulkDeleteSupport {
-				d.BulkDeleteMaxDeletes = info.BulkDelete.MaxDeletesPerRequest
-			}
-		}
-	} else {
-		d.TempURLContainerKey = params.TempURLContainerKey
-		d.TempURLMethods = params.TempURLMethods
-	}
-
-	if len(d.TempURLMethods) > 0 {
-		secretKey := params.SecretKey
-		if secretKey == "" {
-			secretKey, _ = generateSecret()
-		}
-
-		// Since Swift 2.2.2, we can now set secret keys on containers
-		// in addition to the account secret keys. Use them in preference.
-		if d.TempURLContainerKey {
-			_, containerHeaders, err := d.Conn.Container(d.Container)
-			if err != nil {
-				return nil, fmt.Errorf("failed to fetch container info %s (%s)", d.Container, err)
-			}
-
-			d.SecretKey = containerHeaders["X-Container-Meta-Temp-Url-Key"]
-			if d.SecretKey == "" || (params.SecretKey != "" && d.SecretKey != params.SecretKey) {
-				m := swift.Metadata{}
-				m["temp-url-key"] = secretKey
-				if d.Conn.ContainerUpdate(d.Container, m.ContainerHeaders()); err == nil {
-					d.SecretKey = secretKey
-				}
-			}
-		} else {
-			// Use the account secret key
-			_, accountHeaders, err := d.Conn.Account()
-			if err != nil {
-				return nil, fmt.Errorf("failed to fetch account info (%s)", err)
-			}
-
-			d.SecretKey = accountHeaders["X-Account-Meta-Temp-Url-Key"]
-			if d.SecretKey == "" || (params.SecretKey != "" && d.SecretKey != params.SecretKey) {
-				m := swift.Metadata{}
-				m["temp-url-key"] = secretKey
-				if err := d.Conn.AccountUpdate(m.AccountHeaders()); err == nil {
-					d.SecretKey = secretKey
-				}
-			}
-		}
-	}
-
-	return &Driver{
-		baseEmbed: baseEmbed{
-			Base: base.Base{
-				StorageDriver: d,
-			},
-		},
-	}, nil
-}
-
-// Implement the storagedriver.StorageDriver interface
-
-func (d *driver) Name() string {
-	return driverName
-}
-
-// GetContent retrieves the content stored at "path" as a []byte.
-func (d *driver) GetContent(ctx context.Context, path string) ([]byte, error) {
-	content, err := d.Conn.ObjectGetBytes(d.Container, d.swiftPath(path))
-	if err == swift.ObjectNotFound {
-		return nil, storagedriver.PathNotFoundError{Path: path}
-	}
-	return content, err
-}
-
-// PutContent stores the []byte content at a location designated by "path".
-func (d *driver) PutContent(ctx context.Context, path string, contents []byte) error {
-	err := d.Conn.ObjectPutBytes(d.Container, d.swiftPath(path), contents, contentType)
-	if err == swift.ObjectNotFound {
-		return storagedriver.PathNotFoundError{Path: path}
-	}
-	return err
-}
-
-// Reader retrieves an io.ReadCloser for the content stored at "path" with a
-// given byte offset.
-func (d *driver) Reader(ctx context.Context, path string, offset int64) (io.ReadCloser, error) {
-	headers := make(swift.Headers)
-	headers["Range"] = "bytes=" + strconv.FormatInt(offset, 10) + "-"
-
-	waitingTime := readAfterWriteWait
-	endTime := time.Now().Add(readAfterWriteTimeout)
-
-	for {
-		file, headers, err := d.Conn.ObjectOpen(d.Container, d.swiftPath(path), false, headers)
-		if err != nil {
-			if err == swift.ObjectNotFound {
-				return nil, storagedriver.PathNotFoundError{Path: path}
-			}
-			if swiftErr, ok := err.(*swift.Error); ok && swiftErr.StatusCode == http.StatusRequestedRangeNotSatisfiable {
-				return ioutil.NopCloser(bytes.NewReader(nil)), nil
-			}
-			return file, err
-		}
-
-		//if this is a DLO and it is clear that segments are still missing,
-		//wait until they show up
-		_, isDLO := headers["X-Object-Manifest"]
-		size, err := file.Length()
-		if err != nil {
-			return file, err
-		}
-		if isDLO && size == 0 {
-			if time.Now().Add(waitingTime).After(endTime) {
-				return nil, fmt.Errorf("timeout expired while waiting for segments of %s to show up", path)
-			}
-			time.Sleep(waitingTime)
-			waitingTime *= 2
-			continue
-		}
-
-		//if not, then this reader will be fine
-		return file, nil
-	}
-}
-
-// Writer returns a FileWriter which will store the content written to it
-// at the location designated by "path" after the call to Commit.
-func (d *driver) Writer(ctx context.Context, path string, append bool) (storagedriver.FileWriter, error) {
-	var (
-		segments     []swift.Object
-		segmentsPath string
-		err          error
-	)
-
-	if !append {
-		segmentsPath, err = d.swiftSegmentPath(path)
-		if err != nil {
-			return nil, err
-		}
-	} else {
-		info, headers, err := d.Conn.Object(d.Container, d.swiftPath(path))
-		if err == swift.ObjectNotFound {
-			return nil, storagedriver.PathNotFoundError{Path: path}
-		} else if err != nil {
-			return nil, err
-		}
-		manifest, ok := headers["X-Object-Manifest"]
-		if !ok {
-			segmentsPath, err = d.swiftSegmentPath(path)
-			if err != nil {
-				return nil, err
-			}
-			if err := d.Conn.ObjectMove(d.Container, d.swiftPath(path), d.Container, getSegmentPath(segmentsPath, len(segments))); err != nil {
-				return nil, err
-			}
-			segments = []swift.Object{info}
-		} else {
-			_, segmentsPath = parseManifest(manifest)
-			if segments, err = d.getAllSegments(segmentsPath); err != nil {
-				return nil, err
-			}
-		}
-	}
-
-	return d.newWriter(path, segmentsPath, segments), nil
-}
-
-// Stat retrieves the FileInfo for the given path, including the current size
-// in bytes and the creation time.
-func (d *driver) Stat(ctx context.Context, path string) (storagedriver.FileInfo, error) {
-	swiftPath := d.swiftPath(path)
-	opts := &swift.ObjectsOpts{
-		Prefix:    swiftPath,
-		Delimiter: '/',
-	}
-
-	objects, err := d.Conn.ObjectsAll(d.Container, opts)
-	if err != nil {
-		if err == swift.ContainerNotFound {
-			return nil, storagedriver.PathNotFoundError{Path: path}
-		}
-		return nil, err
-	}
-
-	fi := storagedriver.FileInfoFields{
-		Path: strings.TrimPrefix(strings.TrimSuffix(swiftPath, "/"), d.swiftPath("/")),
-	}
-
-	for _, obj := range objects {
-		if obj.PseudoDirectory && obj.Name == swiftPath+"/" {
-			fi.IsDir = true
-			return storagedriver.FileInfoInternal{FileInfoFields: fi}, nil
-		} else if obj.Name == swiftPath {
-			// The file exists. But on Swift 1.12, the 'bytes' field is always 0 so
-			// we need to do a separate HEAD request.
-			break
-		}
-	}
-
-	//Don't trust an empty `objects` slice. A container listing can be
-	//outdated. For files, we can make a HEAD request on the object which
-	//reports existence (at least) much more reliably.
-	waitingTime := readAfterWriteWait
-	endTime := time.Now().Add(readAfterWriteTimeout)
-
-	for {
-		info, headers, err := d.Conn.Object(d.Container, swiftPath)
-		if err != nil {
-			if err == swift.ObjectNotFound {
-				return nil, storagedriver.PathNotFoundError{Path: path}
-			}
-			return nil, err
-		}
-
-		//if this is a DLO and it is clear that segments are still missing,
-		//wait until they show up
-		_, isDLO := headers["X-Object-Manifest"]
-		if isDLO && info.Bytes == 0 {
-			if time.Now().Add(waitingTime).After(endTime) {
-				return nil, fmt.Errorf("timeout expired while waiting for segments of %s to show up", path)
-			}
-			time.Sleep(waitingTime)
-			waitingTime *= 2
-			continue
-		}
-
-		//otherwise, accept the result
-		fi.IsDir = false
-		fi.Size = info.Bytes
-		fi.ModTime = info.LastModified
-		return storagedriver.FileInfoInternal{FileInfoFields: fi}, nil
-	}
-}
-
-// List returns a list of the objects that are direct descendants of the given path.
-func (d *driver) List(ctx context.Context, path string) ([]string, error) {
-	var files []string
-
-	prefix := d.swiftPath(path)
-	if prefix != "" {
-		prefix += "/"
-	}
-
-	opts := &swift.ObjectsOpts{
-		Prefix:    prefix,
-		Delimiter: '/',
-	}
-
-	objects, err := d.Conn.ObjectsAll(d.Container, opts)
-	for _, obj := range objects {
-		files = append(files, strings.TrimPrefix(strings.TrimSuffix(obj.Name, "/"), d.swiftPath("/")))
-	}
-
-	if err == swift.ContainerNotFound || (len(objects) == 0 && path != "/") {
-		return files, storagedriver.PathNotFoundError{Path: path}
-	}
-	return files, err
-}
-
-// Move moves an object stored at sourcePath to destPath, removing the original
-// object.
-func (d *driver) Move(ctx context.Context, sourcePath string, destPath string) error {
-	_, headers, err := d.Conn.Object(d.Container, d.swiftPath(sourcePath))
-	if err == nil {
-		if manifest, ok := headers["X-Object-Manifest"]; ok {
-			if err = d.createManifest(destPath, manifest); err != nil {
-				return err
-			}
-			err = d.Conn.ObjectDelete(d.Container, d.swiftPath(sourcePath))
-		} else {
-			err = d.Conn.ObjectMove(d.Container, d.swiftPath(sourcePath), d.Container, d.swiftPath(destPath))
-		}
-	}
-	if err == swift.ObjectNotFound {
-		return storagedriver.PathNotFoundError{Path: sourcePath}
-	}
-	return err
-}
-
-// Delete recursively deletes all objects stored at "path" and its subpaths.
-func (d *driver) Delete(ctx context.Context, path string) error {
-	opts := swift.ObjectsOpts{
-		Prefix: d.swiftPath(path) + "/",
-	}
-
-	objects, err := d.Conn.ObjectsAll(d.Container, &opts)
-	if err != nil {
-		if err == swift.ContainerNotFound {
-			return storagedriver.PathNotFoundError{Path: path}
-		}
-		return err
-	}
-
-	for _, obj := range objects {
-		if obj.PseudoDirectory {
-			continue
-		}
-		if _, headers, err := d.Conn.Object(d.Container, obj.Name); err == nil {
-			manifest, ok := headers["X-Object-Manifest"]
-			if ok {
-				_, prefix := parseManifest(manifest)
-				segments, err := d.getAllSegments(prefix)
-				if err != nil {
-					return err
-				}
-				objects = append(objects, segments...)
-			}
-		} else {
-			if err == swift.ObjectNotFound {
-				return storagedriver.PathNotFoundError{Path: obj.Name}
-			}
-			return err
-		}
-	}
-
-	if d.BulkDeleteSupport && len(objects) > 0 && d.BulkDeleteMaxDeletes > 0 {
-		filenames := make([]string, len(objects))
-		for i, obj := range objects {
-			filenames[i] = obj.Name
-		}
-
-		chunks, err := chunkFilenames(filenames, d.BulkDeleteMaxDeletes)
-		if err != nil {
-			return err
-		}
-		for _, chunk := range chunks {
-			_, err := d.Conn.BulkDelete(d.Container, chunk)
-			// Don't fail on ObjectNotFound because eventual consistency
-			// makes this situation normal.
-			if err != nil && err != swift.Forbidden && err != swift.ObjectNotFound {
-				if err == swift.ContainerNotFound {
-					return storagedriver.PathNotFoundError{Path: path}
-				}
-				return err
-			}
-		}
-	} else {
-		for _, obj := range objects {
-			if err := d.Conn.ObjectDelete(d.Container, obj.Name); err != nil {
-				if err == swift.ObjectNotFound {
-					return storagedriver.PathNotFoundError{Path: obj.Name}
-				}
-				return err
-			}
-		}
-	}
-
-	_, _, err = d.Conn.Object(d.Container, d.swiftPath(path))
-	if err == nil {
-		if err := d.Conn.ObjectDelete(d.Container, d.swiftPath(path)); err != nil {
-			if err == swift.ObjectNotFound {
-				return storagedriver.PathNotFoundError{Path: path}
-			}
-			return err
-		}
-	} else if err == swift.ObjectNotFound {
-		if len(objects) == 0 {
-			return storagedriver.PathNotFoundError{Path: path}
-		}
-	} else {
-		return err
-	}
-	return nil
-}
-
-// URLFor returns a URL which may be used to retrieve the content stored at the given path.
-func (d *driver) URLFor(ctx context.Context, path string, options map[string]interface{}) (string, error) {
-	if d.SecretKey == "" {
-		return "", storagedriver.ErrUnsupportedMethod{}
-	}
-
-	methodString := "GET"
-	method, ok := options["method"]
-	if ok {
-		if methodString, ok = method.(string); !ok {
-			return "", storagedriver.ErrUnsupportedMethod{}
-		}
-	}
-
-	if methodString == "HEAD" {
-		// A "HEAD" request on a temporary URL is allowed if the
-		// signature was generated with "GET", "POST" or "PUT"
-		methodString = "GET"
-	}
-
-	supported := false
-	for _, method := range d.TempURLMethods {
-		if method == methodString {
-			supported = true
-			break
-		}
-	}
-
-	if !supported {
-		return "", storagedriver.ErrUnsupportedMethod{}
-	}
-
-	expiresTime := time.Now().Add(20 * time.Minute)
-	expires, ok := options["expiry"]
-	if ok {
-		et, ok := expires.(time.Time)
-		if ok {
-			expiresTime = et
-		}
-	}
-
-	tempURL := d.Conn.ObjectTempUrl(d.Container, d.swiftPath(path), d.SecretKey, methodString, expiresTime)
-
-	if d.AccessKey != "" {
-		// On HP Cloud, the signature must be in the form of tenant_id:access_key:signature
-		url, _ := url.Parse(tempURL)
-		query := url.Query()
-		query.Set("temp_url_sig", fmt.Sprintf("%s:%s:%s", d.Conn.TenantId, d.AccessKey, query.Get("temp_url_sig")))
-		url.RawQuery = query.Encode()
-		tempURL = url.String()
-	}
-
-	return tempURL, nil
-}
-
-// Walk traverses a filesystem defined within driver, starting
-// from the given path, calling f on each file
-func (d *driver) Walk(ctx context.Context, path string, f storagedriver.WalkFn) error {
-	return storagedriver.WalkFallback(ctx, d, path, f)
-}
-
-func (d *driver) swiftPath(path string) string {
-	return strings.TrimLeft(strings.TrimRight(d.Prefix+"/files"+path, "/"), "/")
-}
-
-func (d *driver) swiftSegmentPath(path string) (string, error) {
-	checksum := sha1.New()
-	random := make([]byte, 32)
-	if _, err := rand.Read(random); err != nil {
-		return "", err
-	}
-	path = hex.EncodeToString(checksum.Sum(append([]byte(path), random...)))
-	return strings.TrimLeft(strings.TrimRight(d.Prefix+"/segments/"+path[0:3]+"/"+path[3:], "/"), "/"), nil
-}
-
-func (d *driver) getAllSegments(path string) ([]swift.Object, error) {
-	//a simple container listing works 99.9% of the time
-	segments, err := d.Conn.ObjectsAll(d.Container, &swift.ObjectsOpts{Prefix: path})
-	if err != nil {
-		if err == swift.ContainerNotFound {
-			return nil, storagedriver.PathNotFoundError{Path: path}
-		}
-		return nil, err
-	}
-
-	//build a lookup table by object name
-	hasObjectName := make(map[string]struct{})
-	for _, segment := range segments {
-		hasObjectName[segment.Name] = struct{}{}
-	}
-
-	//The container listing might be outdated (i.e. not contain all existing
-	//segment objects yet) because of temporary inconsistency (Swift is only
-	//eventually consistent!). Check its completeness.
-	segmentNumber := 0
-	for {
-		segmentNumber++
-		segmentPath := getSegmentPath(path, segmentNumber)
-
-		if _, seen := hasObjectName[segmentPath]; seen {
-			continue
-		}
-
-		//This segment is missing in the container listing. Use a more reliable
-		//request to check its existence. (HEAD requests on segments are
-		//guaranteed to return the correct metadata, except for the pathological
-		//case of an outage of large parts of the Swift cluster or its network,
-		//since every segment is only written once.)
-		segment, _, err := d.Conn.Object(d.Container, segmentPath)
-		switch err {
-		case nil:
-			//found new segment -> keep going, more might be missing
-			segments = append(segments, segment)
-			continue
-		case swift.ObjectNotFound:
-			//This segment is missing. Since we upload segments sequentially,
-			//there won't be any more segments after it.
-			return segments, nil
-		default:
-			return nil, err //unexpected error
-		}
-	}
-}
-
-func (d *driver) createManifest(path string, segments string) error {
-	headers := make(swift.Headers)
-	headers["X-Object-Manifest"] = segments
-	manifest, err := d.Conn.ObjectCreate(d.Container, d.swiftPath(path), false, "", contentType, headers)
-	if err != nil {
-		if err == swift.ObjectNotFound {
-			return storagedriver.PathNotFoundError{Path: path}
-		}
-		return err
-	}
-	if err := manifest.Close(); err != nil {
-		if err == swift.ObjectNotFound {
-			return storagedriver.PathNotFoundError{Path: path}
-		}
-		return err
-	}
-	return nil
-}
-
-func chunkFilenames(slice []string, maxSize int) (chunks [][]string, err error) {
-	if maxSize > 0 {
-		for offset := 0; offset < len(slice); offset += maxSize {
-			chunkSize := maxSize
-			if offset+chunkSize > len(slice) {
-				chunkSize = len(slice) - offset
-			}
-			chunks = append(chunks, slice[offset:offset+chunkSize])
-		}
-	} else {
-		return nil, fmt.Errorf("max chunk size must be > 0")
-	}
-	return
-}
-
-func parseManifest(manifest string) (container string, prefix string) {
-	components := strings.SplitN(manifest, "/", 2)
-	container = components[0]
-	if len(components) > 1 {
-		prefix = components[1]
-	}
-	return container, prefix
-}
-
-func generateSecret() (string, error) {
-	var secretBytes [32]byte
-	if _, err := rand.Read(secretBytes[:]); err != nil {
-		return "", fmt.Errorf("could not generate random bytes for Swift secret key: %v", err)
-	}
-	return hex.EncodeToString(secretBytes[:]), nil
-}
-
-func getSegmentPath(segmentsPath string, partNumber int) string {
-	return fmt.Sprintf("%s/%016d", segmentsPath, partNumber)
-}
-
-type writer struct {
-	driver       *driver
-	path         string
-	segmentsPath string
-	size         int64
-	bw           *bufio.Writer
-	closed       bool
-	committed    bool
-	cancelled    bool
-}
-
-func (d *driver) newWriter(path, segmentsPath string, segments []swift.Object) storagedriver.FileWriter {
-	var size int64
-	for _, segment := range segments {
-		size += segment.Bytes
-	}
-	return &writer{
-		driver:       d,
-		path:         path,
-		segmentsPath: segmentsPath,
-		size:         size,
-		bw: bufio.NewWriterSize(&segmentWriter{
-			conn:          d.Conn,
-			container:     d.Container,
-			segmentsPath:  segmentsPath,
-			segmentNumber: len(segments) + 1,
-			maxChunkSize:  d.ChunkSize,
-		}, d.ChunkSize),
-	}
-}
-
-func (w *writer) Write(p []byte) (int, error) {
-	if w.closed {
-		return 0, fmt.Errorf("already closed")
-	} else if w.committed {
-		return 0, fmt.Errorf("already committed")
-	} else if w.cancelled {
-		return 0, fmt.Errorf("already cancelled")
-	}
-
-	n, err := w.bw.Write(p)
-	w.size += int64(n)
-	return n, err
-}
-
-func (w *writer) Size() int64 {
-	return w.size
-}
-
-func (w *writer) Close() error {
-	if w.closed {
-		return fmt.Errorf("already closed")
-	}
-
-	if err := w.bw.Flush(); err != nil {
-		return err
-	}
-
-	if !w.committed && !w.cancelled {
-		if err := w.driver.createManifest(w.path, w.driver.Container+"/"+w.segmentsPath); err != nil {
-			return err
-		}
-		if err := w.waitForSegmentsToShowUp(); err != nil {
-			return err
-		}
-	}
-	w.closed = true
-
-	return nil
-}
-
-func (w *writer) Cancel() error {
-	if w.closed {
-		return fmt.Errorf("already closed")
-	} else if w.committed {
-		return fmt.Errorf("already committed")
-	}
-	w.cancelled = true
-	return w.driver.Delete(context.Background(), w.path)
-}
-
-func (w *writer) Commit() error {
-	if w.closed {
-		return fmt.Errorf("already closed")
-	} else if w.committed {
-		return fmt.Errorf("already committed")
-	} else if w.cancelled {
-		return fmt.Errorf("already cancelled")
-	}
-
-	if err := w.bw.Flush(); err != nil {
-		return err
-	}
-
-	if err := w.driver.createManifest(w.path, w.driver.Container+"/"+w.segmentsPath); err != nil {
-		return err
-	}
-
-	w.committed = true
-	return w.waitForSegmentsToShowUp()
-}
-
-func (w *writer) waitForSegmentsToShowUp() error {
-	var err error
-	waitingTime := readAfterWriteWait
-	endTime := time.Now().Add(readAfterWriteTimeout)
-
-	for {
-		var info swift.Object
-		if info, _, err = w.driver.Conn.Object(w.driver.Container, w.driver.swiftPath(w.path)); err == nil {
-			if info.Bytes == w.size {
-				break
-			}
-			err = fmt.Errorf("timeout expired while waiting for segments of %s to show up", w.path)
-		}
-		if time.Now().Add(waitingTime).After(endTime) {
-			break
-		}
-		time.Sleep(waitingTime)
-		waitingTime *= 2
-	}
-
-	return err
-}
-
-type segmentWriter struct {
-	conn          *swift.Connection
-	container     string
-	segmentsPath  string
-	segmentNumber int
-	maxChunkSize  int
-}
-
-func (sw *segmentWriter) Write(p []byte) (int, error) {
-	n := 0
-	for offset := 0; offset < len(p); offset += sw.maxChunkSize {
-		chunkSize := sw.maxChunkSize
-		if offset+chunkSize > len(p) {
-			chunkSize = len(p) - offset
-		}
-		_, err := sw.conn.ObjectPut(sw.container, getSegmentPath(sw.segmentsPath, sw.segmentNumber), bytes.NewReader(p[offset:offset+chunkSize]), false, "", contentType, nil)
-		if err != nil {
-			return n, err
-		}
-
-		sw.segmentNumber++
-		n += chunkSize
-	}
-
-	return n, nil
-}
diff --git a/vendor/github.com/docker/distribution/registry/storage/driver/testdriver/testdriver.go b/vendor/github.com/docker/distribution/registry/storage/driver/testdriver/testdriver.go
deleted file mode 100644
index 91254627b..000000000
--- a/vendor/github.com/docker/distribution/registry/storage/driver/testdriver/testdriver.go
+++ /dev/null
@@ -1,72 +0,0 @@
-package testdriver
-
-import (
-	"context"
-
-	storagedriver "github.com/docker/distribution/registry/storage/driver"
-	"github.com/docker/distribution/registry/storage/driver/factory"
-	"github.com/docker/distribution/registry/storage/driver/inmemory"
-)
-
-const driverName = "testdriver"
-
-func init() {
-	factory.Register(driverName, &testDriverFactory{})
-}
-
-// testDriverFactory implements the factory.StorageDriverFactory interface.
-type testDriverFactory struct{}
-
-func (factory *testDriverFactory) Create(parameters map[string]interface{}) (storagedriver.StorageDriver, error) {
-	return New(), nil
-}
-
-// TestDriver is a StorageDriver for testing purposes. The Writer returned by this driver
-// simulates the case where Write operations are buffered. This causes the value returned by Size to lag
-// behind until Close (or Commit, or Cancel) is called.
-type TestDriver struct {
-	storagedriver.StorageDriver
-}
-
-type testFileWriter struct {
-	storagedriver.FileWriter
-	prevchunk []byte
-}
-
-var _ storagedriver.StorageDriver = &TestDriver{}
-
-// New constructs a new StorageDriver for testing purposes. The Writer returned by this driver
-// simulates the case where Write operations are buffered. This causes the value returned by Size to lag
-// behind until Close (or Commit, or Cancel) is called.
-func New() *TestDriver {
-	return &TestDriver{StorageDriver: inmemory.New()}
-}
-
-// Writer returns a FileWriter which will store the content written to it
-// at the location designated by "path" after the call to Commit.
-func (td *TestDriver) Writer(ctx context.Context, path string, append bool) (storagedriver.FileWriter, error) {
-	fw, err := td.StorageDriver.Writer(ctx, path, append)
-	return &testFileWriter{FileWriter: fw}, err
-}
-
-func (tfw *testFileWriter) Write(p []byte) (int, error) {
-	_, err := tfw.FileWriter.Write(tfw.prevchunk)
-	tfw.prevchunk = make([]byte, len(p))
-	copy(tfw.prevchunk, p)
-	return len(p), err
-}
-
-func (tfw *testFileWriter) Close() error {
-	tfw.Write(nil)
-	return tfw.FileWriter.Close()
-}
-
-func (tfw *testFileWriter) Cancel() error {
-	tfw.Write(nil)
-	return tfw.FileWriter.Cancel()
-}
-
-func (tfw *testFileWriter) Commit() error {
-	tfw.Write(nil)
-	return tfw.FileWriter.Commit()
-}
diff --git a/vendor/github.com/docker/distribution/registry/storage/driver/testsuites/testsuites.go b/vendor/github.com/docker/distribution/registry/storage/driver/testsuites/testsuites.go
deleted file mode 100644
index 5e37c5f3c..000000000
--- a/vendor/github.com/docker/distribution/registry/storage/driver/testsuites/testsuites.go
+++ /dev/null
@@ -1,1272 +0,0 @@
-package testsuites
-
-import (
-	"bytes"
-	"context"
-	"crypto/sha1"
-	"io"
-	"io/ioutil"
-	"math/rand"
-	"net/http"
-	"os"
-	"path"
-	"sort"
-	"strings"
-	"sync"
-	"testing"
-	"time"
-
-	storagedriver "github.com/docker/distribution/registry/storage/driver"
-	"gopkg.in/check.v1"
-)
-
-// Test hooks up gocheck into the "go test" runner.
-func Test(t *testing.T) { check.TestingT(t) }
-
-// RegisterSuite registers an in-process storage driver test suite with
-// the go test runner.
-func RegisterSuite(driverConstructor DriverConstructor, skipCheck SkipCheck) {
-	check.Suite(&DriverSuite{
-		Constructor: driverConstructor,
-		SkipCheck:   skipCheck,
-		ctx:         context.Background(),
-	})
-}
-
-// SkipCheck is a function used to determine if a test suite should be skipped.
-// If a SkipCheck returns a non-empty skip reason, the suite is skipped with
-// the given reason.
-type SkipCheck func() (reason string)
-
-// NeverSkip is a default SkipCheck which never skips the suite.
-var NeverSkip SkipCheck = func() string { return "" }
-
-// DriverConstructor is a function which returns a new
-// storagedriver.StorageDriver.
-type DriverConstructor func() (storagedriver.StorageDriver, error)
-
-// DriverTeardown is a function which cleans up a suite's
-// storagedriver.StorageDriver.
-type DriverTeardown func() error
-
-// DriverSuite is a gocheck test suite designed to test a
-// storagedriver.StorageDriver. The intended way to create a DriverSuite is
-// with RegisterSuite.
-type DriverSuite struct {
-	Constructor DriverConstructor
-	Teardown    DriverTeardown
-	SkipCheck
-	storagedriver.StorageDriver
-	ctx context.Context
-}
-
-// SetUpSuite sets up the gocheck test suite.
-func (suite *DriverSuite) SetUpSuite(c *check.C) {
-	if reason := suite.SkipCheck(); reason != "" {
-		c.Skip(reason)
-	}
-	d, err := suite.Constructor()
-	c.Assert(err, check.IsNil)
-	suite.StorageDriver = d
-}
-
-// TearDownSuite tears down the gocheck test suite.
-func (suite *DriverSuite) TearDownSuite(c *check.C) {
-	if suite.Teardown != nil {
-		err := suite.Teardown()
-		c.Assert(err, check.IsNil)
-	}
-}
-
-// TearDownTest tears down the gocheck test.
-// This causes the suite to abort if any files are left around in the storage
-// driver.
-func (suite *DriverSuite) TearDownTest(c *check.C) {
-	files, _ := suite.StorageDriver.List(suite.ctx, "/")
-	if len(files) > 0 {
-		c.Fatalf("Storage driver did not clean up properly. Offending files: %#v", files)
-	}
-}
-
-// TestRootExists ensures that all storage drivers have a root path by default.
-func (suite *DriverSuite) TestRootExists(c *check.C) {
-	_, err := suite.StorageDriver.List(suite.ctx, "/")
-	if err != nil {
-		c.Fatalf(`the root path "/" should always exist: %v`, err)
-	}
-}
-
-// TestValidPaths checks that various valid file paths are accepted by the
-// storage driver.
-func (suite *DriverSuite) TestValidPaths(c *check.C) {
-	contents := randomContents(64)
-	validFiles := []string{
-		"/a",
-		"/2",
-		"/aa",
-		"/a.a",
-		"/0-9/abcdefg",
-		"/abcdefg/z.75",
-		"/abc/1.2.3.4.5-6_zyx/123.z/4",
-		"/docker/docker-registry",
-		"/123.abc",
-		"/abc./abc",
-		"/.abc",
-		"/a--b",
-		"/a-.b",
-		"/_.abc",
-		"/Docker/docker-registry",
-		"/Abc/Cba"}
-
-	for _, filename := range validFiles {
-		err := suite.StorageDriver.PutContent(suite.ctx, filename, contents)
-		defer suite.deletePath(c, firstPart(filename))
-		c.Assert(err, check.IsNil)
-
-		received, err := suite.StorageDriver.GetContent(suite.ctx, filename)
-		c.Assert(err, check.IsNil)
-		c.Assert(received, check.DeepEquals, contents)
-	}
-}
-
-func (suite *DriverSuite) deletePath(c *check.C, path string) {
-	for tries := 2; tries > 0; tries-- {
-		err := suite.StorageDriver.Delete(suite.ctx, path)
-		if _, ok := err.(storagedriver.PathNotFoundError); ok {
-			err = nil
-		}
-		c.Assert(err, check.IsNil)
-		paths, _ := suite.StorageDriver.List(suite.ctx, path)
-		if len(paths) == 0 {
-			break
-		}
-		time.Sleep(time.Second * 2)
-	}
-}
-
-// TestInvalidPaths checks that various invalid file paths are rejected by the
-// storage driver.
-func (suite *DriverSuite) TestInvalidPaths(c *check.C) {
-	contents := randomContents(64)
-	invalidFiles := []string{
-		"",
-		"/",
-		"abc",
-		"123.abc",
-		"//bcd",
-		"/abc_123/"}
-
-	for _, filename := range invalidFiles {
-		err := suite.StorageDriver.PutContent(suite.ctx, filename, contents)
-		// only delete if file was successfully written
-		if err == nil {
-			defer suite.deletePath(c, firstPart(filename))
-		}
-		c.Assert(err, check.NotNil)
-		c.Assert(err, check.FitsTypeOf, storagedriver.InvalidPathError{})
-		c.Assert(strings.Contains(err.Error(), suite.Name()), check.Equals, true)
-
-		_, err = suite.StorageDriver.GetContent(suite.ctx, filename)
-		c.Assert(err, check.NotNil)
-		c.Assert(err, check.FitsTypeOf, storagedriver.InvalidPathError{})
-		c.Assert(strings.Contains(err.Error(), suite.Name()), check.Equals, true)
-	}
-}
-
-// TestWriteRead1 tests a simple write-read workflow.
-func (suite *DriverSuite) TestWriteRead1(c *check.C) {
-	filename := randomPath(32)
-	contents := []byte("a")
-	suite.writeReadCompare(c, filename, contents)
-}
-
-// TestWriteRead2 tests a simple write-read workflow with unicode data.
-func (suite *DriverSuite) TestWriteRead2(c *check.C) {
-	filename := randomPath(32)
-	contents := []byte("\xc3\x9f")
-	suite.writeReadCompare(c, filename, contents)
-}
-
-// TestWriteRead3 tests a simple write-read workflow with a small string.
-func (suite *DriverSuite) TestWriteRead3(c *check.C) {
-	filename := randomPath(32)
-	contents := randomContents(32)
-	suite.writeReadCompare(c, filename, contents)
-}
-
-// TestWriteRead4 tests a simple write-read workflow with 1MB of data.
-func (suite *DriverSuite) TestWriteRead4(c *check.C) {
-	filename := randomPath(32)
-	contents := randomContents(1024 * 1024)
-	suite.writeReadCompare(c, filename, contents)
-}
-
-// TestWriteReadNonUTF8 tests that non-utf8 data may be written to the storage
-// driver safely.
-func (suite *DriverSuite) TestWriteReadNonUTF8(c *check.C) {
-	filename := randomPath(32)
-	contents := []byte{0x80, 0x80, 0x80, 0x80}
-	suite.writeReadCompare(c, filename, contents)
-}
-
-// TestTruncate tests that putting smaller contents than an original file does
-// remove the excess contents.
-func (suite *DriverSuite) TestTruncate(c *check.C) {
-	filename := randomPath(32)
-	contents := randomContents(1024 * 1024)
-	suite.writeReadCompare(c, filename, contents)
-
-	contents = randomContents(1024)
-	suite.writeReadCompare(c, filename, contents)
-}
-
-// TestReadNonexistent tests reading content from an empty path.
-func (suite *DriverSuite) TestReadNonexistent(c *check.C) {
-	filename := randomPath(32)
-	_, err := suite.StorageDriver.GetContent(suite.ctx, filename)
-	c.Assert(err, check.NotNil)
-	c.Assert(err, check.FitsTypeOf, storagedriver.PathNotFoundError{})
-	c.Assert(strings.Contains(err.Error(), suite.Name()), check.Equals, true)
-}
-
-// TestWriteReadStreams1 tests a simple write-read streaming workflow.
-func (suite *DriverSuite) TestWriteReadStreams1(c *check.C) {
-	filename := randomPath(32)
-	contents := []byte("a")
-	suite.writeReadCompareStreams(c, filename, contents)
-}
-
-// TestWriteReadStreams2 tests a simple write-read streaming workflow with
-// unicode data.
-func (suite *DriverSuite) TestWriteReadStreams2(c *check.C) {
-	filename := randomPath(32)
-	contents := []byte("\xc3\x9f")
-	suite.writeReadCompareStreams(c, filename, contents)
-}
-
-// TestWriteReadStreams3 tests a simple write-read streaming workflow with a
-// small amount of data.
-func (suite *DriverSuite) TestWriteReadStreams3(c *check.C) {
-	filename := randomPath(32)
-	contents := randomContents(32)
-	suite.writeReadCompareStreams(c, filename, contents)
-}
-
-// TestWriteReadStreams4 tests a simple write-read streaming workflow with 1MB
-// of data.
-func (suite *DriverSuite) TestWriteReadStreams4(c *check.C) {
-	filename := randomPath(32)
-	contents := randomContents(1024 * 1024)
-	suite.writeReadCompareStreams(c, filename, contents)
-}
-
-// TestWriteReadStreamsNonUTF8 tests that non-utf8 data may be written to the
-// storage driver safely.
-func (suite *DriverSuite) TestWriteReadStreamsNonUTF8(c *check.C) {
-	filename := randomPath(32)
-	contents := []byte{0x80, 0x80, 0x80, 0x80}
-	suite.writeReadCompareStreams(c, filename, contents)
-}
-
-// TestWriteReadLargeStreams tests that a 5GB file may be written to the storage
-// driver safely.
-func (suite *DriverSuite) TestWriteReadLargeStreams(c *check.C) {
-	if testing.Short() {
-		c.Skip("Skipping test in short mode")
-	}
-
-	filename := randomPath(32)
-	defer suite.deletePath(c, firstPart(filename))
-
-	checksum := sha1.New()
-	var fileSize int64 = 5 * 1024 * 1024 * 1024
-
-	contents := newRandReader(fileSize)
-
-	writer, err := suite.StorageDriver.Writer(suite.ctx, filename, false)
-	c.Assert(err, check.IsNil)
-	written, err := io.Copy(writer, io.TeeReader(contents, checksum))
-	c.Assert(err, check.IsNil)
-	c.Assert(written, check.Equals, fileSize)
-
-	err = writer.Commit()
-	c.Assert(err, check.IsNil)
-	err = writer.Close()
-	c.Assert(err, check.IsNil)
-
-	reader, err := suite.StorageDriver.Reader(suite.ctx, filename, 0)
-	c.Assert(err, check.IsNil)
-	defer reader.Close()
-
-	writtenChecksum := sha1.New()
-	io.Copy(writtenChecksum, reader)
-
-	c.Assert(writtenChecksum.Sum(nil), check.DeepEquals, checksum.Sum(nil))
-}
-
-// TestReaderWithOffset tests that the appropriate data is streamed when
-// reading with a given offset.
-func (suite *DriverSuite) TestReaderWithOffset(c *check.C) {
-	filename := randomPath(32)
-	defer suite.deletePath(c, firstPart(filename))
-
-	chunkSize := int64(32)
-
-	contentsChunk1 := randomContents(chunkSize)
-	contentsChunk2 := randomContents(chunkSize)
-	contentsChunk3 := randomContents(chunkSize)
-
-	err := suite.StorageDriver.PutContent(suite.ctx, filename, append(append(contentsChunk1, contentsChunk2...), contentsChunk3...))
-	c.Assert(err, check.IsNil)
-
-	reader, err := suite.StorageDriver.Reader(suite.ctx, filename, 0)
-	c.Assert(err, check.IsNil)
-	defer reader.Close()
-
-	readContents, err := ioutil.ReadAll(reader)
-	c.Assert(err, check.IsNil)
-
-	c.Assert(readContents, check.DeepEquals, append(append(contentsChunk1, contentsChunk2...), contentsChunk3...))
-
-	reader, err = suite.StorageDriver.Reader(suite.ctx, filename, chunkSize)
-	c.Assert(err, check.IsNil)
-	defer reader.Close()
-
-	readContents, err = ioutil.ReadAll(reader)
-	c.Assert(err, check.IsNil)
-
-	c.Assert(readContents, check.DeepEquals, append(contentsChunk2, contentsChunk3...))
-
-	reader, err = suite.StorageDriver.Reader(suite.ctx, filename, chunkSize*2)
-	c.Assert(err, check.IsNil)
-	defer reader.Close()
-
-	readContents, err = ioutil.ReadAll(reader)
-	c.Assert(err, check.IsNil)
-	c.Assert(readContents, check.DeepEquals, contentsChunk3)
-
-	// Ensure we get invalid offest for negative offsets.
-	reader, err = suite.StorageDriver.Reader(suite.ctx, filename, -1)
-	c.Assert(err, check.FitsTypeOf, storagedriver.InvalidOffsetError{})
-	c.Assert(err.(storagedriver.InvalidOffsetError).Offset, check.Equals, int64(-1))
-	c.Assert(err.(storagedriver.InvalidOffsetError).Path, check.Equals, filename)
-	c.Assert(reader, check.IsNil)
-	c.Assert(strings.Contains(err.Error(), suite.Name()), check.Equals, true)
-
-	// Read past the end of the content and make sure we get a reader that
-	// returns 0 bytes and io.EOF
-	reader, err = suite.StorageDriver.Reader(suite.ctx, filename, chunkSize*3)
-	c.Assert(err, check.IsNil)
-	defer reader.Close()
-
-	buf := make([]byte, chunkSize)
-	n, err := reader.Read(buf)
-	c.Assert(err, check.Equals, io.EOF)
-	c.Assert(n, check.Equals, 0)
-
-	// Check the N-1 boundary condition, ensuring we get 1 byte then io.EOF.
-	reader, err = suite.StorageDriver.Reader(suite.ctx, filename, chunkSize*3-1)
-	c.Assert(err, check.IsNil)
-	defer reader.Close()
-
-	n, err = reader.Read(buf)
-	c.Assert(n, check.Equals, 1)
-
-	// We don't care whether the io.EOF comes on the this read or the first
-	// zero read, but the only error acceptable here is io.EOF.
-	if err != nil {
-		c.Assert(err, check.Equals, io.EOF)
-	}
-
-	// Any more reads should result in zero bytes and io.EOF
-	n, err = reader.Read(buf)
-	c.Assert(n, check.Equals, 0)
-	c.Assert(err, check.Equals, io.EOF)
-}
-
-// TestContinueStreamAppendLarge tests that a stream write can be appended to without
-// corrupting the data with a large chunk size.
-func (suite *DriverSuite) TestContinueStreamAppendLarge(c *check.C) {
-	suite.testContinueStreamAppend(c, int64(10*1024*1024))
-}
-
-// TestContinueStreamAppendSmall is the same as TestContinueStreamAppendLarge, but only
-// with a tiny chunk size in order to test corner cases for some cloud storage drivers.
-func (suite *DriverSuite) TestContinueStreamAppendSmall(c *check.C) {
-	suite.testContinueStreamAppend(c, int64(32))
-}
-
-func (suite *DriverSuite) testContinueStreamAppend(c *check.C, chunkSize int64) {
-	filename := randomPath(32)
-	defer suite.deletePath(c, firstPart(filename))
-
-	contentsChunk1 := randomContents(chunkSize)
-	contentsChunk2 := randomContents(chunkSize)
-	contentsChunk3 := randomContents(chunkSize)
-
-	fullContents := append(append(contentsChunk1, contentsChunk2...), contentsChunk3...)
-
-	writer, err := suite.StorageDriver.Writer(suite.ctx, filename, false)
-	c.Assert(err, check.IsNil)
-	nn, err := io.Copy(writer, bytes.NewReader(contentsChunk1))
-	c.Assert(err, check.IsNil)
-	c.Assert(nn, check.Equals, int64(len(contentsChunk1)))
-
-	err = writer.Close()
-	c.Assert(err, check.IsNil)
-
-	curSize := writer.Size()
-	c.Assert(curSize, check.Equals, int64(len(contentsChunk1)))
-
-	writer, err = suite.StorageDriver.Writer(suite.ctx, filename, true)
-	c.Assert(err, check.IsNil)
-	c.Assert(writer.Size(), check.Equals, curSize)
-
-	nn, err = io.Copy(writer, bytes.NewReader(contentsChunk2))
-	c.Assert(err, check.IsNil)
-	c.Assert(nn, check.Equals, int64(len(contentsChunk2)))
-
-	err = writer.Close()
-	c.Assert(err, check.IsNil)
-
-	curSize = writer.Size()
-	c.Assert(curSize, check.Equals, 2*chunkSize)
-
-	writer, err = suite.StorageDriver.Writer(suite.ctx, filename, true)
-	c.Assert(err, check.IsNil)
-	c.Assert(writer.Size(), check.Equals, curSize)
-
-	nn, err = io.Copy(writer, bytes.NewReader(fullContents[curSize:]))
-	c.Assert(err, check.IsNil)
-	c.Assert(nn, check.Equals, int64(len(fullContents[curSize:])))
-
-	err = writer.Commit()
-	c.Assert(err, check.IsNil)
-	err = writer.Close()
-	c.Assert(err, check.IsNil)
-
-	received, err := suite.StorageDriver.GetContent(suite.ctx, filename)
-	c.Assert(err, check.IsNil)
-	c.Assert(received, check.DeepEquals, fullContents)
-}
-
-// TestReadNonexistentStream tests that reading a stream for a nonexistent path
-// fails.
-func (suite *DriverSuite) TestReadNonexistentStream(c *check.C) {
-	filename := randomPath(32)
-
-	_, err := suite.StorageDriver.Reader(suite.ctx, filename, 0)
-	c.Assert(err, check.NotNil)
-	c.Assert(err, check.FitsTypeOf, storagedriver.PathNotFoundError{})
-	c.Assert(strings.Contains(err.Error(), suite.Name()), check.Equals, true)
-
-	_, err = suite.StorageDriver.Reader(suite.ctx, filename, 64)
-	c.Assert(err, check.NotNil)
-	c.Assert(err, check.FitsTypeOf, storagedriver.PathNotFoundError{})
-	c.Assert(strings.Contains(err.Error(), suite.Name()), check.Equals, true)
-}
-
-// TestList checks the returned list of keys after populating a directory tree.
-func (suite *DriverSuite) TestList(c *check.C) {
-	rootDirectory := "/" + randomFilename(int64(8+rand.Intn(8)))
-	defer suite.deletePath(c, rootDirectory)
-
-	doesnotexist := path.Join(rootDirectory, "nonexistent")
-	_, err := suite.StorageDriver.List(suite.ctx, doesnotexist)
-	c.Assert(err, check.Equals, storagedriver.PathNotFoundError{
-		Path:       doesnotexist,
-		DriverName: suite.StorageDriver.Name(),
-	})
-
-	parentDirectory := rootDirectory + "/" + randomFilename(int64(8+rand.Intn(8)))
-	childFiles := make([]string, 50)
-	for i := 0; i < len(childFiles); i++ {
-		childFile := parentDirectory + "/" + randomFilename(int64(8+rand.Intn(8)))
-		childFiles[i] = childFile
-		err := suite.StorageDriver.PutContent(suite.ctx, childFile, randomContents(32))
-		c.Assert(err, check.IsNil)
-	}
-	sort.Strings(childFiles)
-
-	keys, err := suite.StorageDriver.List(suite.ctx, "/")
-	c.Assert(err, check.IsNil)
-	c.Assert(keys, check.DeepEquals, []string{rootDirectory})
-
-	keys, err = suite.StorageDriver.List(suite.ctx, rootDirectory)
-	c.Assert(err, check.IsNil)
-	c.Assert(keys, check.DeepEquals, []string{parentDirectory})
-
-	keys, err = suite.StorageDriver.List(suite.ctx, parentDirectory)
-	c.Assert(err, check.IsNil)
-
-	sort.Strings(keys)
-	c.Assert(keys, check.DeepEquals, childFiles)
-
-	// A few checks to add here (check out #819 for more discussion on this):
-	// 1. Ensure that all paths are absolute.
-	// 2. Ensure that listings only include direct children.
-	// 3. Ensure that we only respond to directory listings that end with a slash (maybe?).
-}
-
-// TestMove checks that a moved object no longer exists at the source path and
-// does exist at the destination.
-func (suite *DriverSuite) TestMove(c *check.C) {
-	contents := randomContents(32)
-	sourcePath := randomPath(32)
-	destPath := randomPath(32)
-
-	defer suite.deletePath(c, firstPart(sourcePath))
-	defer suite.deletePath(c, firstPart(destPath))
-
-	err := suite.StorageDriver.PutContent(suite.ctx, sourcePath, contents)
-	c.Assert(err, check.IsNil)
-
-	err = suite.StorageDriver.Move(suite.ctx, sourcePath, destPath)
-	c.Assert(err, check.IsNil)
-
-	received, err := suite.StorageDriver.GetContent(suite.ctx, destPath)
-	c.Assert(err, check.IsNil)
-	c.Assert(received, check.DeepEquals, contents)
-
-	_, err = suite.StorageDriver.GetContent(suite.ctx, sourcePath)
-	c.Assert(err, check.NotNil)
-	c.Assert(err, check.FitsTypeOf, storagedriver.PathNotFoundError{})
-	c.Assert(strings.Contains(err.Error(), suite.Name()), check.Equals, true)
-}
-
-// TestMoveOverwrite checks that a moved object no longer exists at the source
-// path and overwrites the contents at the destination.
-func (suite *DriverSuite) TestMoveOverwrite(c *check.C) {
-	sourcePath := randomPath(32)
-	destPath := randomPath(32)
-	sourceContents := randomContents(32)
-	destContents := randomContents(64)
-
-	defer suite.deletePath(c, firstPart(sourcePath))
-	defer suite.deletePath(c, firstPart(destPath))
-
-	err := suite.StorageDriver.PutContent(suite.ctx, sourcePath, sourceContents)
-	c.Assert(err, check.IsNil)
-
-	err = suite.StorageDriver.PutContent(suite.ctx, destPath, destContents)
-	c.Assert(err, check.IsNil)
-
-	err = suite.StorageDriver.Move(suite.ctx, sourcePath, destPath)
-	c.Assert(err, check.IsNil)
-
-	received, err := suite.StorageDriver.GetContent(suite.ctx, destPath)
-	c.Assert(err, check.IsNil)
-	c.Assert(received, check.DeepEquals, sourceContents)
-
-	_, err = suite.StorageDriver.GetContent(suite.ctx, sourcePath)
-	c.Assert(err, check.NotNil)
-	c.Assert(err, check.FitsTypeOf, storagedriver.PathNotFoundError{})
-	c.Assert(strings.Contains(err.Error(), suite.Name()), check.Equals, true)
-}
-
-// TestMoveNonexistent checks that moving a nonexistent key fails and does not
-// delete the data at the destination path.
-func (suite *DriverSuite) TestMoveNonexistent(c *check.C) {
-	contents := randomContents(32)
-	sourcePath := randomPath(32)
-	destPath := randomPath(32)
-
-	defer suite.deletePath(c, firstPart(destPath))
-
-	err := suite.StorageDriver.PutContent(suite.ctx, destPath, contents)
-	c.Assert(err, check.IsNil)
-
-	err = suite.StorageDriver.Move(suite.ctx, sourcePath, destPath)
-	c.Assert(err, check.NotNil)
-	c.Assert(err, check.FitsTypeOf, storagedriver.PathNotFoundError{})
-	c.Assert(strings.Contains(err.Error(), suite.Name()), check.Equals, true)
-
-	received, err := suite.StorageDriver.GetContent(suite.ctx, destPath)
-	c.Assert(err, check.IsNil)
-	c.Assert(received, check.DeepEquals, contents)
-}
-
-// TestMoveInvalid provides various checks for invalid moves.
-func (suite *DriverSuite) TestMoveInvalid(c *check.C) {
-	contents := randomContents(32)
-
-	// Create a regular file.
-	err := suite.StorageDriver.PutContent(suite.ctx, "/notadir", contents)
-	c.Assert(err, check.IsNil)
-	defer suite.deletePath(c, "/notadir")
-
-	// Now try to move a non-existent file under it.
-	err = suite.StorageDriver.Move(suite.ctx, "/notadir/foo", "/notadir/bar")
-	c.Assert(err, check.NotNil) // non-nil error
-}
-
-// TestDelete checks that the delete operation removes data from the storage
-// driver
-func (suite *DriverSuite) TestDelete(c *check.C) {
-	filename := randomPath(32)
-	contents := randomContents(32)
-
-	defer suite.deletePath(c, firstPart(filename))
-
-	err := suite.StorageDriver.PutContent(suite.ctx, filename, contents)
-	c.Assert(err, check.IsNil)
-
-	err = suite.StorageDriver.Delete(suite.ctx, filename)
-	c.Assert(err, check.IsNil)
-
-	_, err = suite.StorageDriver.GetContent(suite.ctx, filename)
-	c.Assert(err, check.NotNil)
-	c.Assert(err, check.FitsTypeOf, storagedriver.PathNotFoundError{})
-	c.Assert(strings.Contains(err.Error(), suite.Name()), check.Equals, true)
-}
-
-// TestURLFor checks that the URLFor method functions properly, but only if it
-// is implemented
-func (suite *DriverSuite) TestURLFor(c *check.C) {
-	filename := randomPath(32)
-	contents := randomContents(32)
-
-	defer suite.deletePath(c, firstPart(filename))
-
-	err := suite.StorageDriver.PutContent(suite.ctx, filename, contents)
-	c.Assert(err, check.IsNil)
-
-	url, err := suite.StorageDriver.URLFor(suite.ctx, filename, nil)
-	if _, ok := err.(storagedriver.ErrUnsupportedMethod); ok {
-		return
-	}
-	c.Assert(err, check.IsNil)
-
-	response, err := http.Get(url)
-	c.Assert(err, check.IsNil)
-	defer response.Body.Close()
-
-	read, err := ioutil.ReadAll(response.Body)
-	c.Assert(err, check.IsNil)
-	c.Assert(read, check.DeepEquals, contents)
-
-	url, err = suite.StorageDriver.URLFor(suite.ctx, filename, map[string]interface{}{"method": "HEAD"})
-	if _, ok := err.(storagedriver.ErrUnsupportedMethod); ok {
-		return
-	}
-	c.Assert(err, check.IsNil)
-
-	response, _ = http.Head(url)
-	c.Assert(response.StatusCode, check.Equals, 200)
-	c.Assert(response.ContentLength, check.Equals, int64(32))
-}
-
-// TestDeleteNonexistent checks that removing a nonexistent key fails.
-func (suite *DriverSuite) TestDeleteNonexistent(c *check.C) {
-	filename := randomPath(32)
-	err := suite.StorageDriver.Delete(suite.ctx, filename)
-	c.Assert(err, check.NotNil)
-	c.Assert(err, check.FitsTypeOf, storagedriver.PathNotFoundError{})
-	c.Assert(strings.Contains(err.Error(), suite.Name()), check.Equals, true)
-}
-
-// TestDeleteFolder checks that deleting a folder removes all child elements.
-func (suite *DriverSuite) TestDeleteFolder(c *check.C) {
-	dirname := randomPath(32)
-	filename1 := randomPath(32)
-	filename2 := randomPath(32)
-	filename3 := randomPath(32)
-	contents := randomContents(32)
-
-	defer suite.deletePath(c, firstPart(dirname))
-
-	err := suite.StorageDriver.PutContent(suite.ctx, path.Join(dirname, filename1), contents)
-	c.Assert(err, check.IsNil)
-
-	err = suite.StorageDriver.PutContent(suite.ctx, path.Join(dirname, filename2), contents)
-	c.Assert(err, check.IsNil)
-
-	err = suite.StorageDriver.PutContent(suite.ctx, path.Join(dirname, filename3), contents)
-	c.Assert(err, check.IsNil)
-
-	err = suite.StorageDriver.Delete(suite.ctx, path.Join(dirname, filename1))
-	c.Assert(err, check.IsNil)
-
-	_, err = suite.StorageDriver.GetContent(suite.ctx, path.Join(dirname, filename1))
-	c.Assert(err, check.NotNil)
-	c.Assert(err, check.FitsTypeOf, storagedriver.PathNotFoundError{})
-	c.Assert(strings.Contains(err.Error(), suite.Name()), check.Equals, true)
-
-	_, err = suite.StorageDriver.GetContent(suite.ctx, path.Join(dirname, filename2))
-	c.Assert(err, check.IsNil)
-
-	_, err = suite.StorageDriver.GetContent(suite.ctx, path.Join(dirname, filename3))
-	c.Assert(err, check.IsNil)
-
-	err = suite.StorageDriver.Delete(suite.ctx, dirname)
-	c.Assert(err, check.IsNil)
-
-	_, err = suite.StorageDriver.GetContent(suite.ctx, path.Join(dirname, filename1))
-	c.Assert(err, check.NotNil)
-	c.Assert(err, check.FitsTypeOf, storagedriver.PathNotFoundError{})
-	c.Assert(strings.Contains(err.Error(), suite.Name()), check.Equals, true)
-
-	_, err = suite.StorageDriver.GetContent(suite.ctx, path.Join(dirname, filename2))
-	c.Assert(err, check.NotNil)
-	c.Assert(err, check.FitsTypeOf, storagedriver.PathNotFoundError{})
-	c.Assert(strings.Contains(err.Error(), suite.Name()), check.Equals, true)
-
-	_, err = suite.StorageDriver.GetContent(suite.ctx, path.Join(dirname, filename3))
-	c.Assert(err, check.NotNil)
-	c.Assert(err, check.FitsTypeOf, storagedriver.PathNotFoundError{})
-	c.Assert(strings.Contains(err.Error(), suite.Name()), check.Equals, true)
-}
-
-// TestDeleteOnlyDeletesSubpaths checks that deleting path A does not
-// delete path B when A is a prefix of B but B is not a subpath of A (so that
-// deleting "/a" does not delete "/ab").  This matters for services like S3 that
-// do not implement directories.
-func (suite *DriverSuite) TestDeleteOnlyDeletesSubpaths(c *check.C) {
-	dirname := randomPath(32)
-	filename := randomPath(32)
-	contents := randomContents(32)
-
-	defer suite.deletePath(c, firstPart(dirname))
-
-	err := suite.StorageDriver.PutContent(suite.ctx, path.Join(dirname, filename), contents)
-	c.Assert(err, check.IsNil)
-
-	err = suite.StorageDriver.PutContent(suite.ctx, path.Join(dirname, filename+"suffix"), contents)
-	c.Assert(err, check.IsNil)
-
-	err = suite.StorageDriver.PutContent(suite.ctx, path.Join(dirname, dirname, filename), contents)
-	c.Assert(err, check.IsNil)
-
-	err = suite.StorageDriver.PutContent(suite.ctx, path.Join(dirname, dirname+"suffix", filename), contents)
-	c.Assert(err, check.IsNil)
-
-	err = suite.StorageDriver.Delete(suite.ctx, path.Join(dirname, filename))
-	c.Assert(err, check.IsNil)
-
-	_, err = suite.StorageDriver.GetContent(suite.ctx, path.Join(dirname, filename))
-	c.Assert(err, check.NotNil)
-	c.Assert(err, check.FitsTypeOf, storagedriver.PathNotFoundError{})
-	c.Assert(strings.Contains(err.Error(), suite.Name()), check.Equals, true)
-
-	_, err = suite.StorageDriver.GetContent(suite.ctx, path.Join(dirname, filename+"suffix"))
-	c.Assert(err, check.IsNil)
-
-	err = suite.StorageDriver.Delete(suite.ctx, path.Join(dirname, dirname))
-	c.Assert(err, check.IsNil)
-
-	_, err = suite.StorageDriver.GetContent(suite.ctx, path.Join(dirname, dirname, filename))
-	c.Assert(err, check.NotNil)
-	c.Assert(err, check.FitsTypeOf, storagedriver.PathNotFoundError{})
-	c.Assert(strings.Contains(err.Error(), suite.Name()), check.Equals, true)
-
-	_, err = suite.StorageDriver.GetContent(suite.ctx, path.Join(dirname, dirname+"suffix", filename))
-	c.Assert(err, check.IsNil)
-}
-
-// TestStatCall runs verifies the implementation of the storagedriver's Stat call.
-func (suite *DriverSuite) TestStatCall(c *check.C) {
-	content := randomContents(4096)
-	dirPath := randomPath(32)
-	fileName := randomFilename(32)
-	filePath := path.Join(dirPath, fileName)
-
-	defer suite.deletePath(c, firstPart(dirPath))
-
-	// Call on non-existent file/dir, check error.
-	fi, err := suite.StorageDriver.Stat(suite.ctx, dirPath)
-	c.Assert(err, check.NotNil)
-	c.Assert(err, check.FitsTypeOf, storagedriver.PathNotFoundError{})
-	c.Assert(strings.Contains(err.Error(), suite.Name()), check.Equals, true)
-	c.Assert(fi, check.IsNil)
-
-	fi, err = suite.StorageDriver.Stat(suite.ctx, filePath)
-	c.Assert(err, check.NotNil)
-	c.Assert(err, check.FitsTypeOf, storagedriver.PathNotFoundError{})
-	c.Assert(strings.Contains(err.Error(), suite.Name()), check.Equals, true)
-	c.Assert(fi, check.IsNil)
-
-	err = suite.StorageDriver.PutContent(suite.ctx, filePath, content)
-	c.Assert(err, check.IsNil)
-
-	// Call on regular file, check results
-	fi, err = suite.StorageDriver.Stat(suite.ctx, filePath)
-	c.Assert(err, check.IsNil)
-	c.Assert(fi, check.NotNil)
-	c.Assert(fi.Path(), check.Equals, filePath)
-	c.Assert(fi.Size(), check.Equals, int64(len(content)))
-	c.Assert(fi.IsDir(), check.Equals, false)
-	createdTime := fi.ModTime()
-
-	// Sleep and modify the file
-	time.Sleep(time.Second * 10)
-	content = randomContents(4096)
-	err = suite.StorageDriver.PutContent(suite.ctx, filePath, content)
-	c.Assert(err, check.IsNil)
-	fi, err = suite.StorageDriver.Stat(suite.ctx, filePath)
-	c.Assert(err, check.IsNil)
-	c.Assert(fi, check.NotNil)
-	time.Sleep(time.Second * 5) // allow changes to propagate (eventual consistency)
-
-	// Check if the modification time is after the creation time.
-	// In case of cloud storage services, storage frontend nodes might have
-	// time drift between them, however that should be solved with sleeping
-	// before update.
-	modTime := fi.ModTime()
-	if !modTime.After(createdTime) {
-		c.Errorf("modtime (%s) is before the creation time (%s)", modTime, createdTime)
-	}
-
-	// Call on directory (do not check ModTime as dirs don't need to support it)
-	fi, err = suite.StorageDriver.Stat(suite.ctx, dirPath)
-	c.Assert(err, check.IsNil)
-	c.Assert(fi, check.NotNil)
-	c.Assert(fi.Path(), check.Equals, dirPath)
-	c.Assert(fi.Size(), check.Equals, int64(0))
-	c.Assert(fi.IsDir(), check.Equals, true)
-}
-
-// TestPutContentMultipleTimes checks that if storage driver can overwrite the content
-// in the subsequent puts. Validates that PutContent does not have to work
-// with an offset like Writer does and overwrites the file entirely
-// rather than writing the data to the [0,len(data)) of the file.
-func (suite *DriverSuite) TestPutContentMultipleTimes(c *check.C) {
-	filename := randomPath(32)
-	contents := randomContents(4096)
-
-	defer suite.deletePath(c, firstPart(filename))
-	err := suite.StorageDriver.PutContent(suite.ctx, filename, contents)
-	c.Assert(err, check.IsNil)
-
-	contents = randomContents(2048) // upload a different, smaller file
-	err = suite.StorageDriver.PutContent(suite.ctx, filename, contents)
-	c.Assert(err, check.IsNil)
-
-	readContents, err := suite.StorageDriver.GetContent(suite.ctx, filename)
-	c.Assert(err, check.IsNil)
-	c.Assert(readContents, check.DeepEquals, contents)
-}
-
-// TestConcurrentStreamReads checks that multiple clients can safely read from
-// the same file simultaneously with various offsets.
-func (suite *DriverSuite) TestConcurrentStreamReads(c *check.C) {
-	var filesize int64 = 128 * 1024 * 1024
-
-	if testing.Short() {
-		filesize = 10 * 1024 * 1024
-		c.Log("Reducing file size to 10MB for short mode")
-	}
-
-	filename := randomPath(32)
-	contents := randomContents(filesize)
-
-	defer suite.deletePath(c, firstPart(filename))
-
-	err := suite.StorageDriver.PutContent(suite.ctx, filename, contents)
-	c.Assert(err, check.IsNil)
-
-	var wg sync.WaitGroup
-
-	readContents := func() {
-		defer wg.Done()
-		offset := rand.Int63n(int64(len(contents)))
-		reader, err := suite.StorageDriver.Reader(suite.ctx, filename, offset)
-		c.Assert(err, check.IsNil)
-
-		readContents, err := ioutil.ReadAll(reader)
-		c.Assert(err, check.IsNil)
-		c.Assert(readContents, check.DeepEquals, contents[offset:])
-	}
-
-	wg.Add(10)
-	for i := 0; i < 10; i++ {
-		go readContents()
-	}
-	wg.Wait()
-}
-
-// TestConcurrentFileStreams checks that multiple *os.File objects can be passed
-// in to Writer concurrently without hanging.
-func (suite *DriverSuite) TestConcurrentFileStreams(c *check.C) {
-	numStreams := 32
-
-	if testing.Short() {
-		numStreams = 8
-		c.Log("Reducing number of streams to 8 for short mode")
-	}
-
-	var wg sync.WaitGroup
-
-	testStream := func(size int64) {
-		defer wg.Done()
-		suite.testFileStreams(c, size)
-	}
-
-	wg.Add(numStreams)
-	for i := numStreams; i > 0; i-- {
-		go testStream(int64(numStreams) * 1024 * 1024)
-	}
-
-	wg.Wait()
-}
-
-// TODO (brianbland): evaluate the relevancy of this test
-// TestEventualConsistency checks that if stat says that a file is a certain size, then
-// you can freely read from the file (this is the only guarantee that the driver needs to provide)
-// func (suite *DriverSuite) TestEventualConsistency(c *check.C) {
-// 	if testing.Short() {
-// 		c.Skip("Skipping test in short mode")
-// 	}
-//
-// 	filename := randomPath(32)
-// 	defer suite.deletePath(c, firstPart(filename))
-//
-// 	var offset int64
-// 	var misswrites int
-// 	var chunkSize int64 = 32
-//
-// 	for i := 0; i < 1024; i++ {
-// 		contents := randomContents(chunkSize)
-// 		read, err := suite.StorageDriver.Writer(suite.ctx, filename, offset, bytes.NewReader(contents))
-// 		c.Assert(err, check.IsNil)
-//
-// 		fi, err := suite.StorageDriver.Stat(suite.ctx, filename)
-// 		c.Assert(err, check.IsNil)
-//
-// 		// We are most concerned with being able to read data as soon as Stat declares
-// 		// it is uploaded. This is the strongest guarantee that some drivers (that guarantee
-// 		// at best eventual consistency) absolutely need to provide.
-// 		if fi.Size() == offset+chunkSize {
-// 			reader, err := suite.StorageDriver.Reader(suite.ctx, filename, offset)
-// 			c.Assert(err, check.IsNil)
-//
-// 			readContents, err := ioutil.ReadAll(reader)
-// 			c.Assert(err, check.IsNil)
-//
-// 			c.Assert(readContents, check.DeepEquals, contents)
-//
-// 			reader.Close()
-// 			offset += read
-// 		} else {
-// 			misswrites++
-// 		}
-// 	}
-//
-// 	if misswrites > 0 {
-//		c.Log("There were " + string(misswrites) + " occurrences of a write not being instantly available.")
-// 	}
-//
-// 	c.Assert(misswrites, check.Not(check.Equals), 1024)
-// }
-
-// BenchmarkPutGetEmptyFiles benchmarks PutContent/GetContent for 0B files
-func (suite *DriverSuite) BenchmarkPutGetEmptyFiles(c *check.C) {
-	suite.benchmarkPutGetFiles(c, 0)
-}
-
-// BenchmarkPutGet1KBFiles benchmarks PutContent/GetContent for 1KB files
-func (suite *DriverSuite) BenchmarkPutGet1KBFiles(c *check.C) {
-	suite.benchmarkPutGetFiles(c, 1024)
-}
-
-// BenchmarkPutGet1MBFiles benchmarks PutContent/GetContent for 1MB files
-func (suite *DriverSuite) BenchmarkPutGet1MBFiles(c *check.C) {
-	suite.benchmarkPutGetFiles(c, 1024*1024)
-}
-
-// BenchmarkPutGet1GBFiles benchmarks PutContent/GetContent for 1GB files
-func (suite *DriverSuite) BenchmarkPutGet1GBFiles(c *check.C) {
-	suite.benchmarkPutGetFiles(c, 1024*1024*1024)
-}
-
-func (suite *DriverSuite) benchmarkPutGetFiles(c *check.C, size int64) {
-	c.SetBytes(size)
-	parentDir := randomPath(8)
-	defer func() {
-		c.StopTimer()
-		suite.StorageDriver.Delete(suite.ctx, firstPart(parentDir))
-	}()
-
-	for i := 0; i < c.N; i++ {
-		filename := path.Join(parentDir, randomPath(32))
-		err := suite.StorageDriver.PutContent(suite.ctx, filename, randomContents(size))
-		c.Assert(err, check.IsNil)
-
-		_, err = suite.StorageDriver.GetContent(suite.ctx, filename)
-		c.Assert(err, check.IsNil)
-	}
-}
-
-// BenchmarkStreamEmptyFiles benchmarks Writer/Reader for 0B files
-func (suite *DriverSuite) BenchmarkStreamEmptyFiles(c *check.C) {
-	suite.benchmarkStreamFiles(c, 0)
-}
-
-// BenchmarkStream1KBFiles benchmarks Writer/Reader for 1KB files
-func (suite *DriverSuite) BenchmarkStream1KBFiles(c *check.C) {
-	suite.benchmarkStreamFiles(c, 1024)
-}
-
-// BenchmarkStream1MBFiles benchmarks Writer/Reader for 1MB files
-func (suite *DriverSuite) BenchmarkStream1MBFiles(c *check.C) {
-	suite.benchmarkStreamFiles(c, 1024*1024)
-}
-
-// BenchmarkStream1GBFiles benchmarks Writer/Reader for 1GB files
-func (suite *DriverSuite) BenchmarkStream1GBFiles(c *check.C) {
-	suite.benchmarkStreamFiles(c, 1024*1024*1024)
-}
-
-func (suite *DriverSuite) benchmarkStreamFiles(c *check.C, size int64) {
-	c.SetBytes(size)
-	parentDir := randomPath(8)
-	defer func() {
-		c.StopTimer()
-		suite.StorageDriver.Delete(suite.ctx, firstPart(parentDir))
-	}()
-
-	for i := 0; i < c.N; i++ {
-		filename := path.Join(parentDir, randomPath(32))
-		writer, err := suite.StorageDriver.Writer(suite.ctx, filename, false)
-		c.Assert(err, check.IsNil)
-		written, err := io.Copy(writer, bytes.NewReader(randomContents(size)))
-		c.Assert(err, check.IsNil)
-		c.Assert(written, check.Equals, size)
-
-		err = writer.Commit()
-		c.Assert(err, check.IsNil)
-		err = writer.Close()
-		c.Assert(err, check.IsNil)
-
-		rc, err := suite.StorageDriver.Reader(suite.ctx, filename, 0)
-		c.Assert(err, check.IsNil)
-		rc.Close()
-	}
-}
-
-// BenchmarkList5Files benchmarks List for 5 small files
-func (suite *DriverSuite) BenchmarkList5Files(c *check.C) {
-	suite.benchmarkListFiles(c, 5)
-}
-
-// BenchmarkList50Files benchmarks List for 50 small files
-func (suite *DriverSuite) BenchmarkList50Files(c *check.C) {
-	suite.benchmarkListFiles(c, 50)
-}
-
-func (suite *DriverSuite) benchmarkListFiles(c *check.C, numFiles int64) {
-	parentDir := randomPath(8)
-	defer func() {
-		c.StopTimer()
-		suite.StorageDriver.Delete(suite.ctx, firstPart(parentDir))
-	}()
-
-	for i := int64(0); i < numFiles; i++ {
-		err := suite.StorageDriver.PutContent(suite.ctx, path.Join(parentDir, randomPath(32)), nil)
-		c.Assert(err, check.IsNil)
-	}
-
-	c.ResetTimer()
-	for i := 0; i < c.N; i++ {
-		files, err := suite.StorageDriver.List(suite.ctx, parentDir)
-		c.Assert(err, check.IsNil)
-		c.Assert(int64(len(files)), check.Equals, numFiles)
-	}
-}
-
-// BenchmarkDelete5Files benchmarks Delete for 5 small files
-func (suite *DriverSuite) BenchmarkDelete5Files(c *check.C) {
-	suite.benchmarkDeleteFiles(c, 5)
-}
-
-// BenchmarkDelete50Files benchmarks Delete for 50 small files
-func (suite *DriverSuite) BenchmarkDelete50Files(c *check.C) {
-	suite.benchmarkDeleteFiles(c, 50)
-}
-
-func (suite *DriverSuite) benchmarkDeleteFiles(c *check.C, numFiles int64) {
-	for i := 0; i < c.N; i++ {
-		parentDir := randomPath(8)
-		defer suite.deletePath(c, firstPart(parentDir))
-
-		c.StopTimer()
-		for j := int64(0); j < numFiles; j++ {
-			err := suite.StorageDriver.PutContent(suite.ctx, path.Join(parentDir, randomPath(32)), nil)
-			c.Assert(err, check.IsNil)
-		}
-		c.StartTimer()
-
-		// This is the operation we're benchmarking
-		err := suite.StorageDriver.Delete(suite.ctx, firstPart(parentDir))
-		c.Assert(err, check.IsNil)
-	}
-}
-
-func (suite *DriverSuite) testFileStreams(c *check.C, size int64) {
-	tf, err := ioutil.TempFile("", "tf")
-	c.Assert(err, check.IsNil)
-	defer os.Remove(tf.Name())
-	defer tf.Close()
-
-	filename := randomPath(32)
-	defer suite.deletePath(c, firstPart(filename))
-
-	contents := randomContents(size)
-
-	_, err = tf.Write(contents)
-	c.Assert(err, check.IsNil)
-
-	tf.Sync()
-	tf.Seek(0, io.SeekStart)
-
-	writer, err := suite.StorageDriver.Writer(suite.ctx, filename, false)
-	c.Assert(err, check.IsNil)
-	nn, err := io.Copy(writer, tf)
-	c.Assert(err, check.IsNil)
-	c.Assert(nn, check.Equals, size)
-
-	err = writer.Commit()
-	c.Assert(err, check.IsNil)
-	err = writer.Close()
-	c.Assert(err, check.IsNil)
-
-	reader, err := suite.StorageDriver.Reader(suite.ctx, filename, 0)
-	c.Assert(err, check.IsNil)
-	defer reader.Close()
-
-	readContents, err := ioutil.ReadAll(reader)
-	c.Assert(err, check.IsNil)
-
-	c.Assert(readContents, check.DeepEquals, contents)
-}
-
-func (suite *DriverSuite) writeReadCompare(c *check.C, filename string, contents []byte) {
-	defer suite.deletePath(c, firstPart(filename))
-
-	err := suite.StorageDriver.PutContent(suite.ctx, filename, contents)
-	c.Assert(err, check.IsNil)
-
-	readContents, err := suite.StorageDriver.GetContent(suite.ctx, filename)
-	c.Assert(err, check.IsNil)
-
-	c.Assert(readContents, check.DeepEquals, contents)
-}
-
-func (suite *DriverSuite) writeReadCompareStreams(c *check.C, filename string, contents []byte) {
-	defer suite.deletePath(c, firstPart(filename))
-
-	writer, err := suite.StorageDriver.Writer(suite.ctx, filename, false)
-	c.Assert(err, check.IsNil)
-	nn, err := io.Copy(writer, bytes.NewReader(contents))
-	c.Assert(err, check.IsNil)
-	c.Assert(nn, check.Equals, int64(len(contents)))
-
-	err = writer.Commit()
-	c.Assert(err, check.IsNil)
-	err = writer.Close()
-	c.Assert(err, check.IsNil)
-
-	reader, err := suite.StorageDriver.Reader(suite.ctx, filename, 0)
-	c.Assert(err, check.IsNil)
-	defer reader.Close()
-
-	readContents, err := ioutil.ReadAll(reader)
-	c.Assert(err, check.IsNil)
-
-	c.Assert(readContents, check.DeepEquals, contents)
-}
-
-var filenameChars = []byte("abcdefghijklmnopqrstuvwxyz0123456789")
-var separatorChars = []byte("._-")
-
-func randomPath(length int64) string {
-	path := "/"
-	for int64(len(path)) < length {
-		chunkLength := rand.Int63n(length-int64(len(path))) + 1
-		chunk := randomFilename(chunkLength)
-		path += chunk
-		remaining := length - int64(len(path))
-		if remaining == 1 {
-			path += randomFilename(1)
-		} else if remaining > 1 {
-			path += "/"
-		}
-	}
-	return path
-}
-
-func randomFilename(length int64) string {
-	b := make([]byte, length)
-	wasSeparator := true
-	for i := range b {
-		if !wasSeparator && i < len(b)-1 && rand.Intn(4) == 0 {
-			b[i] = separatorChars[rand.Intn(len(separatorChars))]
-			wasSeparator = true
-		} else {
-			b[i] = filenameChars[rand.Intn(len(filenameChars))]
-			wasSeparator = false
-		}
-	}
-	return string(b)
-}
-
-// randomBytes pre-allocates all of the memory sizes needed for the test. If
-// anything panics while accessing randomBytes, just make this number bigger.
-var randomBytes = make([]byte, 128<<20)
-
-func init() {
-	_, _ = rand.Read(randomBytes) // always returns len(randomBytes) and nil error
-}
-
-func randomContents(length int64) []byte {
-	return randomBytes[:length]
-}
-
-type randReader struct {
-	r int64
-	m sync.Mutex
-}
-
-func (rr *randReader) Read(p []byte) (n int, err error) {
-	rr.m.Lock()
-	defer rr.m.Unlock()
-
-	toread := int64(len(p))
-	if toread > rr.r {
-		toread = rr.r
-	}
-	n = copy(p, randomContents(toread))
-	rr.r -= int64(n)
-
-	if rr.r <= 0 {
-		err = io.EOF
-	}
-
-	return
-}
-
-func newRandReader(n int64) *randReader {
-	return &randReader{r: n}
-}
-
-func firstPart(filePath string) string {
-	if filePath == "" {
-		return "/"
-	}
-	for {
-		if filePath[len(filePath)-1] == '/' {
-			filePath = filePath[:len(filePath)-1]
-		}
-
-		dir, file := path.Split(filePath)
-		if dir == "" && file == "" {
-			return "/"
-		}
-		if dir == "/" || dir == "" {
-			return "/" + file
-		}
-		if file == "" {
-			return dir
-		}
-		filePath = dir
-	}
-}
diff --git a/vendor/github.com/docker/distribution/registry/storage/driver/walk.go b/vendor/github.com/docker/distribution/registry/storage/driver/walk.go
deleted file mode 100644
index 8ded5b8be..000000000
--- a/vendor/github.com/docker/distribution/registry/storage/driver/walk.go
+++ /dev/null
@@ -1,61 +0,0 @@
-package driver
-
-import (
-	"context"
-	"errors"
-	"sort"
-
-	"github.com/sirupsen/logrus"
-)
-
-// ErrSkipDir is used as a return value from onFileFunc to indicate that
-// the directory named in the call is to be skipped. It is not returned
-// as an error by any function.
-var ErrSkipDir = errors.New("skip this directory")
-
-// WalkFn is called once per file by Walk
-type WalkFn func(fileInfo FileInfo) error
-
-// WalkFallback traverses a filesystem defined within driver, starting
-// from the given path, calling f on each file. It uses the List method and Stat to drive itself.
-// If the returned error from the WalkFn is ErrSkipDir and fileInfo refers
-// to a directory, the directory will not be entered and Walk
-// will continue the traversal.  If fileInfo refers to a normal file, processing stops
-func WalkFallback(ctx context.Context, driver StorageDriver, from string, f WalkFn) error {
-	children, err := driver.List(ctx, from)
-	if err != nil {
-		return err
-	}
-	sort.Stable(sort.StringSlice(children))
-	for _, child := range children {
-		// TODO(stevvooe): Calling driver.Stat for every entry is quite
-		// expensive when running against backends with a slow Stat
-		// implementation, such as s3. This is very likely a serious
-		// performance bottleneck.
-		fileInfo, err := driver.Stat(ctx, child)
-		if err != nil {
-			switch err.(type) {
-			case PathNotFoundError:
-				// repository was removed in between listing and enumeration. Ignore it.
-				logrus.WithField("path", child).Infof("ignoring deleted path")
-				continue
-			default:
-				return err
-			}
-		}
-		err = f(fileInfo)
-		if err == nil && fileInfo.IsDir() {
-			if err := WalkFallback(ctx, driver, child, f); err != nil {
-				return err
-			}
-		} else if err == ErrSkipDir {
-			// Stop iteration if it's a file, otherwise noop if it's a directory
-			if !fileInfo.IsDir() {
-				return nil
-			}
-		} else if err != nil {
-			return err
-		}
-	}
-	return nil
-}
diff --git a/vendor/github.com/docker/distribution/registry/storage/error.go b/vendor/github.com/docker/distribution/registry/storage/error.go
deleted file mode 100644
index 109136586..000000000
--- a/vendor/github.com/docker/distribution/registry/storage/error.go
+++ /dev/null
@@ -1,9 +0,0 @@
-package storage
-
-import "fmt"
-
-// pushError formats an error type given a path and an error
-// and pushes it to a slice of errors
-func pushError(errors []error, path string, err error) []error {
-	return append(errors, fmt.Errorf("%s: %s", path, err))
-}
diff --git a/vendor/github.com/docker/distribution/registry/storage/filereader.go b/vendor/github.com/docker/distribution/registry/storage/filereader.go
deleted file mode 100644
index 90afaad0a..000000000
--- a/vendor/github.com/docker/distribution/registry/storage/filereader.go
+++ /dev/null
@@ -1,176 +0,0 @@
-package storage
-
-import (
-	"bufio"
-	"bytes"
-	"context"
-	"fmt"
-	"io"
-	"io/ioutil"
-
-	storagedriver "github.com/docker/distribution/registry/storage/driver"
-)
-
-// TODO(stevvooe): Set an optimal buffer size here. We'll have to
-// understand the latency characteristics of the underlying network to
-// set this correctly, so we may want to leave it to the driver. For
-// out of process drivers, we'll have to optimize this buffer size for
-// local communication.
-const fileReaderBufferSize = 4 << 20
-
-// remoteFileReader provides a read seeker interface to files stored in
-// storagedriver. Used to implement part of layer interface and will be used
-// to implement read side of LayerUpload.
-type fileReader struct {
-	driver storagedriver.StorageDriver
-
-	ctx context.Context
-
-	// identifying fields
-	path string
-	size int64 // size is the total size, must be set.
-
-	// mutable fields
-	rc     io.ReadCloser // remote read closer
-	brd    *bufio.Reader // internal buffered io
-	offset int64         // offset is the current read offset
-	err    error         // terminal error, if set, reader is closed
-}
-
-// newFileReader initializes a file reader for the remote file. The reader
-// takes on the size and path that must be determined externally with a stat
-// call. The reader operates optimistically, assuming that the file is already
-// there.
-func newFileReader(ctx context.Context, driver storagedriver.StorageDriver, path string, size int64) (*fileReader, error) {
-	return &fileReader{
-		ctx:    ctx,
-		driver: driver,
-		path:   path,
-		size:   size,
-	}, nil
-}
-
-func (fr *fileReader) Read(p []byte) (n int, err error) {
-	if fr.err != nil {
-		return 0, fr.err
-	}
-
-	rd, err := fr.reader()
-	if err != nil {
-		return 0, err
-	}
-
-	n, err = rd.Read(p)
-	fr.offset += int64(n)
-
-	// Simulate io.EOR error if we reach filesize.
-	if err == nil && fr.offset >= fr.size {
-		err = io.EOF
-	}
-
-	return n, err
-}
-
-func (fr *fileReader) Seek(offset int64, whence int) (int64, error) {
-	if fr.err != nil {
-		return 0, fr.err
-	}
-
-	var err error
-	newOffset := fr.offset
-
-	switch whence {
-	case io.SeekCurrent:
-		newOffset += offset
-	case io.SeekEnd:
-		newOffset = fr.size + offset
-	case io.SeekStart:
-		newOffset = offset
-	}
-
-	if newOffset < 0 {
-		err = fmt.Errorf("cannot seek to negative position")
-	} else {
-		if fr.offset != newOffset {
-			fr.reset()
-		}
-
-		// No problems, set the offset.
-		fr.offset = newOffset
-	}
-
-	return fr.offset, err
-}
-
-func (fr *fileReader) Close() error {
-	return fr.closeWithErr(fmt.Errorf("fileReader: closed"))
-}
-
-// reader prepares the current reader at the lrs offset, ensuring its buffered
-// and ready to go.
-func (fr *fileReader) reader() (io.Reader, error) {
-	if fr.err != nil {
-		return nil, fr.err
-	}
-
-	if fr.rc != nil {
-		return fr.brd, nil
-	}
-
-	// If we don't have a reader, open one up.
-	rc, err := fr.driver.Reader(fr.ctx, fr.path, fr.offset)
-	if err != nil {
-		switch err := err.(type) {
-		case storagedriver.PathNotFoundError:
-			// NOTE(stevvooe): If the path is not found, we simply return a
-			// reader that returns io.EOF. However, we do not set fr.rc,
-			// allowing future attempts at getting a reader to possibly
-			// succeed if the file turns up later.
-			return ioutil.NopCloser(bytes.NewReader([]byte{})), nil
-		default:
-			return nil, err
-		}
-	}
-
-	fr.rc = rc
-
-	if fr.brd == nil {
-		fr.brd = bufio.NewReaderSize(fr.rc, fileReaderBufferSize)
-	} else {
-		fr.brd.Reset(fr.rc)
-	}
-
-	return fr.brd, nil
-}
-
-// resetReader resets the reader, forcing the read method to open up a new
-// connection and rebuild the buffered reader. This should be called when the
-// offset and the reader will become out of sync, such as during a seek
-// operation.
-func (fr *fileReader) reset() {
-	if fr.err != nil {
-		return
-	}
-	if fr.rc != nil {
-		fr.rc.Close()
-		fr.rc = nil
-	}
-}
-
-func (fr *fileReader) closeWithErr(err error) error {
-	if fr.err != nil {
-		return fr.err
-	}
-
-	fr.err = err
-
-	// close and release reader chain
-	if fr.rc != nil {
-		fr.rc.Close()
-	}
-
-	fr.rc = nil
-	fr.brd = nil
-
-	return fr.err
-}
diff --git a/vendor/github.com/docker/distribution/registry/storage/garbagecollect.go b/vendor/github.com/docker/distribution/registry/storage/garbagecollect.go
deleted file mode 100644
index 317c792da..000000000
--- a/vendor/github.com/docker/distribution/registry/storage/garbagecollect.go
+++ /dev/null
@@ -1,152 +0,0 @@
-package storage
-
-import (
-	"context"
-	"fmt"
-
-	"github.com/docker/distribution"
-	"github.com/docker/distribution/reference"
-	"github.com/docker/distribution/registry/storage/driver"
-	"github.com/opencontainers/go-digest"
-)
-
-func emit(format string, a ...interface{}) {
-	fmt.Printf(format+"\n", a...)
-}
-
-// GCOpts contains options for garbage collector
-type GCOpts struct {
-	DryRun         bool
-	RemoveUntagged bool
-}
-
-// ManifestDel contains manifest structure which will be deleted
-type ManifestDel struct {
-	Name   string
-	Digest digest.Digest
-	Tags   []string
-}
-
-// MarkAndSweep performs a mark and sweep of registry data
-func MarkAndSweep(ctx context.Context, storageDriver driver.StorageDriver, registry distribution.Namespace, opts GCOpts) error {
-	repositoryEnumerator, ok := registry.(distribution.RepositoryEnumerator)
-	if !ok {
-		return fmt.Errorf("unable to convert Namespace to RepositoryEnumerator")
-	}
-
-	// mark
-	markSet := make(map[digest.Digest]struct{})
-	manifestArr := make([]ManifestDel, 0)
-	err := repositoryEnumerator.Enumerate(ctx, func(repoName string) error {
-		emit(repoName)
-
-		var err error
-		named, err := reference.WithName(repoName)
-		if err != nil {
-			return fmt.Errorf("failed to parse repo name %s: %v", repoName, err)
-		}
-		repository, err := registry.Repository(ctx, named)
-		if err != nil {
-			return fmt.Errorf("failed to construct repository: %v", err)
-		}
-
-		manifestService, err := repository.Manifests(ctx)
-		if err != nil {
-			return fmt.Errorf("failed to construct manifest service: %v", err)
-		}
-
-		manifestEnumerator, ok := manifestService.(distribution.ManifestEnumerator)
-		if !ok {
-			return fmt.Errorf("unable to convert ManifestService into ManifestEnumerator")
-		}
-
-		err = manifestEnumerator.Enumerate(ctx, func(dgst digest.Digest) error {
-			if opts.RemoveUntagged {
-				// fetch all tags where this manifest is the latest one
-				tags, err := repository.Tags(ctx).Lookup(ctx, distribution.Descriptor{Digest: dgst})
-				if err != nil {
-					return fmt.Errorf("failed to retrieve tags for digest %v: %v", dgst, err)
-				}
-				if len(tags) == 0 {
-					emit("manifest eligible for deletion: %s", dgst)
-					// fetch all tags from repository
-					// all of these tags could contain manifest in history
-					// which means that we need check (and delete) those references when deleting manifest
-					allTags, err := repository.Tags(ctx).All(ctx)
-					if err != nil {
-						return fmt.Errorf("failed to retrieve tags %v", err)
-					}
-					manifestArr = append(manifestArr, ManifestDel{Name: repoName, Digest: dgst, Tags: allTags})
-					return nil
-				}
-			}
-			// Mark the manifest's blob
-			emit("%s: marking manifest %s ", repoName, dgst)
-			markSet[dgst] = struct{}{}
-
-			manifest, err := manifestService.Get(ctx, dgst)
-			if err != nil {
-				return fmt.Errorf("failed to retrieve manifest for digest %v: %v", dgst, err)
-			}
-
-			descriptors := manifest.References()
-			for _, descriptor := range descriptors {
-				markSet[descriptor.Digest] = struct{}{}
-				emit("%s: marking blob %s", repoName, descriptor.Digest)
-			}
-
-			return nil
-		})
-
-		// In certain situations such as unfinished uploads, deleting all
-		// tags in S3 or removing the _manifests folder manually, this
-		// error may be of type PathNotFound.
-		//
-		// In these cases we can continue marking other manifests safely.
-		if _, ok := err.(driver.PathNotFoundError); ok {
-			return nil
-		}
-
-		return err
-	})
-
-	if err != nil {
-		return fmt.Errorf("failed to mark: %v", err)
-	}
-
-	// sweep
-	vacuum := NewVacuum(ctx, storageDriver)
-	if !opts.DryRun {
-		for _, obj := range manifestArr {
-			err = vacuum.RemoveManifest(obj.Name, obj.Digest, obj.Tags)
-			if err != nil {
-				return fmt.Errorf("failed to delete manifest %s: %v", obj.Digest, err)
-			}
-		}
-	}
-	blobService := registry.Blobs()
-	deleteSet := make(map[digest.Digest]struct{})
-	err = blobService.Enumerate(ctx, func(dgst digest.Digest) error {
-		// check if digest is in markSet. If not, delete it!
-		if _, ok := markSet[dgst]; !ok {
-			deleteSet[dgst] = struct{}{}
-		}
-		return nil
-	})
-	if err != nil {
-		return fmt.Errorf("error enumerating blobs: %v", err)
-	}
-	emit("\n%d blobs marked, %d blobs and %d manifests eligible for deletion", len(markSet), len(deleteSet), len(manifestArr))
-	for dgst := range deleteSet {
-		emit("blob eligible for deletion: %s", dgst)
-		if opts.DryRun {
-			continue
-		}
-		err = vacuum.RemoveBlob(string(dgst))
-		if err != nil {
-			return fmt.Errorf("failed to delete blob %s: %v", dgst, err)
-		}
-	}
-
-	return err
-}
diff --git a/vendor/github.com/docker/distribution/registry/storage/io.go b/vendor/github.com/docker/distribution/registry/storage/io.go
deleted file mode 100644
index 7cde6a334..000000000
--- a/vendor/github.com/docker/distribution/registry/storage/io.go
+++ /dev/null
@@ -1,72 +0,0 @@
-package storage
-
-import (
-	"context"
-	"errors"
-	"io"
-	"io/ioutil"
-
-	"github.com/docker/distribution/registry/storage/driver"
-)
-
-const (
-	maxBlobGetSize = 4 << 20
-)
-
-func getContent(ctx context.Context, driver driver.StorageDriver, p string) ([]byte, error) {
-	r, err := driver.Reader(ctx, p, 0)
-	if err != nil {
-		return nil, err
-	}
-	defer r.Close()
-
-	return readAllLimited(r, maxBlobGetSize)
-}
-
-func readAllLimited(r io.Reader, limit int64) ([]byte, error) {
-	r = limitReader(r, limit)
-	return ioutil.ReadAll(r)
-}
-
-// limitReader returns a new reader limited to n bytes. Unlike io.LimitReader,
-// this returns an error when the limit reached.
-func limitReader(r io.Reader, n int64) io.Reader {
-	return &limitedReader{r: r, n: n}
-}
-
-// limitedReader implements a reader that errors when the limit is reached.
-//
-// Partially cribbed from net/http.MaxBytesReader.
-type limitedReader struct {
-	r   io.Reader // underlying reader
-	n   int64     // max bytes remaining
-	err error     // sticky error
-}
-
-func (l *limitedReader) Read(p []byte) (n int, err error) {
-	if l.err != nil {
-		return 0, l.err
-	}
-	if len(p) == 0 {
-		return 0, nil
-	}
-	// If they asked for a 32KB byte read but only 5 bytes are
-	// remaining, no need to read 32KB. 6 bytes will answer the
-	// question of the whether we hit the limit or go past it.
-	if int64(len(p)) > l.n+1 {
-		p = p[:l.n+1]
-	}
-	n, err = l.r.Read(p)
-
-	if int64(n) <= l.n {
-		l.n -= int64(n)
-		l.err = err
-		return n, err
-	}
-
-	n = int(l.n)
-	l.n = 0
-
-	l.err = errors.New("storage: read exceeds limit")
-	return n, l.err
-}
diff --git a/vendor/github.com/docker/distribution/registry/storage/linkedblobstore.go b/vendor/github.com/docker/distribution/registry/storage/linkedblobstore.go
deleted file mode 100644
index de591c8a5..000000000
--- a/vendor/github.com/docker/distribution/registry/storage/linkedblobstore.go
+++ /dev/null
@@ -1,465 +0,0 @@
-package storage
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"path"
-	"time"
-
-	"github.com/docker/distribution"
-	dcontext "github.com/docker/distribution/context"
-	"github.com/docker/distribution/reference"
-	"github.com/docker/distribution/registry/storage/driver"
-	"github.com/docker/distribution/uuid"
-	"github.com/opencontainers/go-digest"
-)
-
-// linkPathFunc describes a function that can resolve a link based on the
-// repository name and digest.
-type linkPathFunc func(name string, dgst digest.Digest) (string, error)
-
-// linkedBlobStore provides a full BlobService that namespaces the blobs to a
-// given repository. Effectively, it manages the links in a given repository
-// that grant access to the global blob store.
-type linkedBlobStore struct {
-	*blobStore
-	registry               *registry
-	blobServer             distribution.BlobServer
-	blobAccessController   distribution.BlobDescriptorService
-	repository             distribution.Repository
-	ctx                    context.Context // only to be used where context can't come through method args
-	deleteEnabled          bool
-	resumableDigestEnabled bool
-
-	// linkPathFns specifies one or more path functions allowing one to
-	// control the repository blob link set to which the blob store
-	// dispatches. This is required because manifest and layer blobs have not
-	// yet been fully merged. At some point, this functionality should be
-	// removed the blob links folder should be merged. The first entry is
-	// treated as the "canonical" link location and will be used for writes.
-	linkPathFns []linkPathFunc
-
-	// linkDirectoryPathSpec locates the root directories in which one might find links
-	linkDirectoryPathSpec pathSpec
-}
-
-var _ distribution.BlobStore = &linkedBlobStore{}
-
-func (lbs *linkedBlobStore) Stat(ctx context.Context, dgst digest.Digest) (distribution.Descriptor, error) {
-	return lbs.blobAccessController.Stat(ctx, dgst)
-}
-
-func (lbs *linkedBlobStore) Get(ctx context.Context, dgst digest.Digest) ([]byte, error) {
-	canonical, err := lbs.Stat(ctx, dgst) // access check
-	if err != nil {
-		return nil, err
-	}
-
-	return lbs.blobStore.Get(ctx, canonical.Digest)
-}
-
-func (lbs *linkedBlobStore) Open(ctx context.Context, dgst digest.Digest) (distribution.ReadSeekCloser, error) {
-	canonical, err := lbs.Stat(ctx, dgst) // access check
-	if err != nil {
-		return nil, err
-	}
-
-	return lbs.blobStore.Open(ctx, canonical.Digest)
-}
-
-func (lbs *linkedBlobStore) ServeBlob(ctx context.Context, w http.ResponseWriter, r *http.Request, dgst digest.Digest) error {
-	canonical, err := lbs.Stat(ctx, dgst) // access check
-	if err != nil {
-		return err
-	}
-
-	if canonical.MediaType != "" {
-		// Set the repository local content type.
-		w.Header().Set("Content-Type", canonical.MediaType)
-	}
-
-	return lbs.blobServer.ServeBlob(ctx, w, r, canonical.Digest)
-}
-
-func (lbs *linkedBlobStore) Put(ctx context.Context, mediaType string, p []byte) (distribution.Descriptor, error) {
-	dgst := digest.FromBytes(p)
-	// Place the data in the blob store first.
-	desc, err := lbs.blobStore.Put(ctx, mediaType, p)
-	if err != nil {
-		dcontext.GetLogger(ctx).Errorf("error putting into main store: %v", err)
-		return distribution.Descriptor{}, err
-	}
-
-	if err := lbs.blobAccessController.SetDescriptor(ctx, dgst, desc); err != nil {
-		return distribution.Descriptor{}, err
-	}
-
-	// TODO(stevvooe): Write out mediatype if incoming differs from what is
-	// returned by Put above. Note that we should allow updates for a given
-	// repository.
-
-	return desc, lbs.linkBlob(ctx, desc)
-}
-
-type optionFunc func(interface{}) error
-
-func (f optionFunc) Apply(v interface{}) error {
-	return f(v)
-}
-
-// WithMountFrom returns a BlobCreateOption which designates that the blob should be
-// mounted from the given canonical reference.
-func WithMountFrom(ref reference.Canonical) distribution.BlobCreateOption {
-	return optionFunc(func(v interface{}) error {
-		opts, ok := v.(*distribution.CreateOptions)
-		if !ok {
-			return fmt.Errorf("unexpected options type: %T", v)
-		}
-
-		opts.Mount.ShouldMount = true
-		opts.Mount.From = ref
-
-		return nil
-	})
-}
-
-// Writer begins a blob write session, returning a handle.
-func (lbs *linkedBlobStore) Create(ctx context.Context, options ...distribution.BlobCreateOption) (distribution.BlobWriter, error) {
-	dcontext.GetLogger(ctx).Debug("(*linkedBlobStore).Writer")
-
-	var opts distribution.CreateOptions
-
-	for _, option := range options {
-		err := option.Apply(&opts)
-		if err != nil {
-			return nil, err
-		}
-	}
-
-	if opts.Mount.ShouldMount {
-		desc, err := lbs.mount(ctx, opts.Mount.From, opts.Mount.From.Digest(), opts.Mount.Stat)
-		if err == nil {
-			// Mount successful, no need to initiate an upload session
-			return nil, distribution.ErrBlobMounted{From: opts.Mount.From, Descriptor: desc}
-		}
-	}
-
-	uuid := uuid.Generate().String()
-	startedAt := time.Now().UTC()
-
-	path, err := pathFor(uploadDataPathSpec{
-		name: lbs.repository.Named().Name(),
-		id:   uuid,
-	})
-
-	if err != nil {
-		return nil, err
-	}
-
-	startedAtPath, err := pathFor(uploadStartedAtPathSpec{
-		name: lbs.repository.Named().Name(),
-		id:   uuid,
-	})
-
-	if err != nil {
-		return nil, err
-	}
-
-	// Write a startedat file for this upload
-	if err := lbs.blobStore.driver.PutContent(ctx, startedAtPath, []byte(startedAt.Format(time.RFC3339))); err != nil {
-		return nil, err
-	}
-
-	return lbs.newBlobUpload(ctx, uuid, path, startedAt, false)
-}
-
-func (lbs *linkedBlobStore) Resume(ctx context.Context, id string) (distribution.BlobWriter, error) {
-	dcontext.GetLogger(ctx).Debug("(*linkedBlobStore).Resume")
-
-	startedAtPath, err := pathFor(uploadStartedAtPathSpec{
-		name: lbs.repository.Named().Name(),
-		id:   id,
-	})
-
-	if err != nil {
-		return nil, err
-	}
-
-	startedAtBytes, err := lbs.blobStore.driver.GetContent(ctx, startedAtPath)
-	if err != nil {
-		switch err := err.(type) {
-		case driver.PathNotFoundError:
-			return nil, distribution.ErrBlobUploadUnknown
-		default:
-			return nil, err
-		}
-	}
-
-	startedAt, err := time.Parse(time.RFC3339, string(startedAtBytes))
-	if err != nil {
-		return nil, err
-	}
-
-	path, err := pathFor(uploadDataPathSpec{
-		name: lbs.repository.Named().Name(),
-		id:   id,
-	})
-
-	if err != nil {
-		return nil, err
-	}
-
-	return lbs.newBlobUpload(ctx, id, path, startedAt, true)
-}
-
-func (lbs *linkedBlobStore) Delete(ctx context.Context, dgst digest.Digest) error {
-	if !lbs.deleteEnabled {
-		return distribution.ErrUnsupported
-	}
-
-	// Ensure the blob is available for deletion
-	_, err := lbs.blobAccessController.Stat(ctx, dgst)
-	if err != nil {
-		return err
-	}
-
-	err = lbs.blobAccessController.Clear(ctx, dgst)
-	if err != nil {
-		return err
-	}
-
-	return nil
-}
-
-func (lbs *linkedBlobStore) Enumerate(ctx context.Context, ingestor func(digest.Digest) error) error {
-	rootPath, err := pathFor(lbs.linkDirectoryPathSpec)
-	if err != nil {
-		return err
-	}
-	return lbs.driver.Walk(ctx, rootPath, func(fileInfo driver.FileInfo) error {
-		// exit early if directory...
-		if fileInfo.IsDir() {
-			return nil
-		}
-		filePath := fileInfo.Path()
-
-		// check if it's a link
-		_, fileName := path.Split(filePath)
-		if fileName != "link" {
-			return nil
-		}
-
-		// read the digest found in link
-		digest, err := lbs.blobStore.readlink(ctx, filePath)
-		if err != nil {
-			return err
-		}
-
-		// ensure this conforms to the linkPathFns
-		_, err = lbs.Stat(ctx, digest)
-		if err != nil {
-			// we expect this error to occur so we move on
-			if err == distribution.ErrBlobUnknown {
-				return nil
-			}
-			return err
-		}
-
-		err = ingestor(digest)
-		if err != nil {
-			return err
-		}
-
-		return nil
-	})
-}
-
-func (lbs *linkedBlobStore) mount(ctx context.Context, sourceRepo reference.Named, dgst digest.Digest, sourceStat *distribution.Descriptor) (distribution.Descriptor, error) {
-	var stat distribution.Descriptor
-	if sourceStat == nil {
-		// look up the blob info from the sourceRepo if not already provided
-		repo, err := lbs.registry.Repository(ctx, sourceRepo)
-		if err != nil {
-			return distribution.Descriptor{}, err
-		}
-		stat, err = repo.Blobs(ctx).Stat(ctx, dgst)
-		if err != nil {
-			return distribution.Descriptor{}, err
-		}
-	} else {
-		// use the provided blob info
-		stat = *sourceStat
-	}
-
-	desc := distribution.Descriptor{
-		Size: stat.Size,
-
-		// NOTE(stevvooe): The central blob store firewalls media types from
-		// other users. The caller should look this up and override the value
-		// for the specific repository.
-		MediaType: "application/octet-stream",
-		Digest:    dgst,
-	}
-	return desc, lbs.linkBlob(ctx, desc)
-}
-
-// newBlobUpload allocates a new upload controller with the given state.
-func (lbs *linkedBlobStore) newBlobUpload(ctx context.Context, uuid, path string, startedAt time.Time, append bool) (distribution.BlobWriter, error) {
-	fw, err := lbs.driver.Writer(ctx, path, append)
-	if err != nil {
-		return nil, err
-	}
-
-	bw := &blobWriter{
-		ctx:                    ctx,
-		blobStore:              lbs,
-		id:                     uuid,
-		startedAt:              startedAt,
-		digester:               digest.Canonical.Digester(),
-		fileWriter:             fw,
-		driver:                 lbs.driver,
-		path:                   path,
-		resumableDigestEnabled: lbs.resumableDigestEnabled,
-	}
-
-	return bw, nil
-}
-
-// linkBlob links a valid, written blob into the registry under the named
-// repository for the upload controller.
-func (lbs *linkedBlobStore) linkBlob(ctx context.Context, canonical distribution.Descriptor, aliases ...digest.Digest) error {
-	dgsts := append([]digest.Digest{canonical.Digest}, aliases...)
-
-	// TODO(stevvooe): Need to write out mediatype for only canonical hash
-	// since we don't care about the aliases. They are generally unused except
-	// for tarsum but those versions don't care about mediatype.
-
-	// Don't make duplicate links.
-	seenDigests := make(map[digest.Digest]struct{}, len(dgsts))
-
-	// only use the first link
-	linkPathFn := lbs.linkPathFns[0]
-
-	for _, dgst := range dgsts {
-		if _, seen := seenDigests[dgst]; seen {
-			continue
-		}
-		seenDigests[dgst] = struct{}{}
-
-		blobLinkPath, err := linkPathFn(lbs.repository.Named().Name(), dgst)
-		if err != nil {
-			return err
-		}
-
-		if err := lbs.blobStore.link(ctx, blobLinkPath, canonical.Digest); err != nil {
-			return err
-		}
-	}
-
-	return nil
-}
-
-type linkedBlobStatter struct {
-	*blobStore
-	repository distribution.Repository
-
-	// linkPathFns specifies one or more path functions allowing one to
-	// control the repository blob link set to which the blob store
-	// dispatches. This is required because manifest and layer blobs have not
-	// yet been fully merged. At some point, this functionality should be
-	// removed an the blob links folder should be merged. The first entry is
-	// treated as the "canonical" link location and will be used for writes.
-	linkPathFns []linkPathFunc
-}
-
-var _ distribution.BlobDescriptorService = &linkedBlobStatter{}
-
-func (lbs *linkedBlobStatter) Stat(ctx context.Context, dgst digest.Digest) (distribution.Descriptor, error) {
-	var (
-		found  bool
-		target digest.Digest
-	)
-
-	// try the many link path functions until we get success or an error that
-	// is not PathNotFoundError.
-	for _, linkPathFn := range lbs.linkPathFns {
-		var err error
-		target, err = lbs.resolveWithLinkFunc(ctx, dgst, linkPathFn)
-
-		if err == nil {
-			found = true
-			break // success!
-		}
-
-		switch err := err.(type) {
-		case driver.PathNotFoundError:
-			// do nothing, just move to the next linkPathFn
-		default:
-			return distribution.Descriptor{}, err
-		}
-	}
-
-	if !found {
-		return distribution.Descriptor{}, distribution.ErrBlobUnknown
-	}
-
-	if target != dgst {
-		// Track when we are doing cross-digest domain lookups. ie, sha512 to sha256.
-		dcontext.GetLogger(ctx).Warnf("looking up blob with canonical target: %v -> %v", dgst, target)
-	}
-
-	// TODO(stevvooe): Look up repository local mediatype and replace that on
-	// the returned descriptor.
-
-	return lbs.blobStore.statter.Stat(ctx, target)
-}
-
-func (lbs *linkedBlobStatter) Clear(ctx context.Context, dgst digest.Digest) (err error) {
-	// clear any possible existence of a link described in linkPathFns
-	for _, linkPathFn := range lbs.linkPathFns {
-		blobLinkPath, err := linkPathFn(lbs.repository.Named().Name(), dgst)
-		if err != nil {
-			return err
-		}
-
-		err = lbs.blobStore.driver.Delete(ctx, blobLinkPath)
-		if err != nil {
-			switch err := err.(type) {
-			case driver.PathNotFoundError:
-				continue // just ignore this error and continue
-			default:
-				return err
-			}
-		}
-	}
-
-	return nil
-}
-
-// resolveTargetWithFunc allows us to read a link to a resource with different
-// linkPathFuncs to let us try a few different paths before returning not
-// found.
-func (lbs *linkedBlobStatter) resolveWithLinkFunc(ctx context.Context, dgst digest.Digest, linkPathFn linkPathFunc) (digest.Digest, error) {
-	blobLinkPath, err := linkPathFn(lbs.repository.Named().Name(), dgst)
-	if err != nil {
-		return "", err
-	}
-
-	return lbs.blobStore.readlink(ctx, blobLinkPath)
-}
-
-func (lbs *linkedBlobStatter) SetDescriptor(ctx context.Context, dgst digest.Digest, desc distribution.Descriptor) error {
-	// The canonical descriptor for a blob is set at the commit phase of upload
-	return nil
-}
-
-// blobLinkPath provides the path to the blob link, also known as layers.
-func blobLinkPath(name string, dgst digest.Digest) (string, error) {
-	return pathFor(layerLinkPathSpec{name: name, digest: dgst})
-}
-
-// manifestRevisionLinkPath provides the path to the manifest revision link.
-func manifestRevisionLinkPath(name string, dgst digest.Digest) (string, error) {
-	return pathFor(manifestRevisionLinkPathSpec{name: name, revision: dgst})
-}
diff --git a/vendor/github.com/docker/distribution/registry/storage/manifestlisthandler.go b/vendor/github.com/docker/distribution/registry/storage/manifestlisthandler.go
deleted file mode 100644
index ffc391617..000000000
--- a/vendor/github.com/docker/distribution/registry/storage/manifestlisthandler.go
+++ /dev/null
@@ -1,96 +0,0 @@
-package storage
-
-import (
-	"context"
-	"fmt"
-
-	"github.com/docker/distribution"
-	dcontext "github.com/docker/distribution/context"
-	"github.com/docker/distribution/manifest/manifestlist"
-	"github.com/opencontainers/go-digest"
-)
-
-// manifestListHandler is a ManifestHandler that covers schema2 manifest lists.
-type manifestListHandler struct {
-	repository distribution.Repository
-	blobStore  distribution.BlobStore
-	ctx        context.Context
-}
-
-var _ ManifestHandler = &manifestListHandler{}
-
-func (ms *manifestListHandler) Unmarshal(ctx context.Context, dgst digest.Digest, content []byte) (distribution.Manifest, error) {
-	dcontext.GetLogger(ms.ctx).Debug("(*manifestListHandler).Unmarshal")
-
-	m := &manifestlist.DeserializedManifestList{}
-	if err := m.UnmarshalJSON(content); err != nil {
-		return nil, err
-	}
-
-	return m, nil
-}
-
-func (ms *manifestListHandler) Put(ctx context.Context, manifestList distribution.Manifest, skipDependencyVerification bool) (digest.Digest, error) {
-	dcontext.GetLogger(ms.ctx).Debug("(*manifestListHandler).Put")
-
-	m, ok := manifestList.(*manifestlist.DeserializedManifestList)
-	if !ok {
-		return "", fmt.Errorf("wrong type put to manifestListHandler: %T", manifestList)
-	}
-
-	if err := ms.verifyManifest(ms.ctx, *m, skipDependencyVerification); err != nil {
-		return "", err
-	}
-
-	mt, payload, err := m.Payload()
-	if err != nil {
-		return "", err
-	}
-
-	revision, err := ms.blobStore.Put(ctx, mt, payload)
-	if err != nil {
-		dcontext.GetLogger(ctx).Errorf("error putting payload into blobstore: %v", err)
-		return "", err
-	}
-
-	return revision.Digest, nil
-}
-
-// verifyManifest ensures that the manifest content is valid from the
-// perspective of the registry. As a policy, the registry only tries to
-// store valid content, leaving trust policies of that content up to
-// consumers.
-func (ms *manifestListHandler) verifyManifest(ctx context.Context, mnfst manifestlist.DeserializedManifestList, skipDependencyVerification bool) error {
-	var errs distribution.ErrManifestVerification
-
-	if mnfst.SchemaVersion != 2 {
-		return fmt.Errorf("unrecognized manifest list schema version %d", mnfst.SchemaVersion)
-	}
-
-	if !skipDependencyVerification {
-		// This manifest service is different from the blob service
-		// returned by Blob. It uses a linked blob store to ensure that
-		// only manifests are accessible.
-
-		manifestService, err := ms.repository.Manifests(ctx)
-		if err != nil {
-			return err
-		}
-
-		for _, manifestDescriptor := range mnfst.References() {
-			exists, err := manifestService.Exists(ctx, manifestDescriptor.Digest)
-			if err != nil && err != distribution.ErrBlobUnknown {
-				errs = append(errs, err)
-			}
-			if err != nil || !exists {
-				// On error here, we always append unknown blob errors.
-				errs = append(errs, distribution.ErrManifestBlobUnknown{Digest: manifestDescriptor.Digest})
-			}
-		}
-	}
-	if len(errs) != 0 {
-		return errs
-	}
-
-	return nil
-}
diff --git a/vendor/github.com/docker/distribution/registry/storage/manifeststore.go b/vendor/github.com/docker/distribution/registry/storage/manifeststore.go
deleted file mode 100644
index 7daa9a729..000000000
--- a/vendor/github.com/docker/distribution/registry/storage/manifeststore.go
+++ /dev/null
@@ -1,161 +0,0 @@
-package storage
-
-import (
-	"context"
-	"encoding/json"
-	"fmt"
-
-	"github.com/docker/distribution"
-	dcontext "github.com/docker/distribution/context"
-	"github.com/docker/distribution/manifest"
-	"github.com/docker/distribution/manifest/manifestlist"
-	"github.com/docker/distribution/manifest/ocischema"
-	"github.com/docker/distribution/manifest/schema1"
-	"github.com/docker/distribution/manifest/schema2"
-	"github.com/opencontainers/go-digest"
-	v1 "github.com/opencontainers/image-spec/specs-go/v1"
-)
-
-// A ManifestHandler gets and puts manifests of a particular type.
-type ManifestHandler interface {
-	// Unmarshal unmarshals the manifest from a byte slice.
-	Unmarshal(ctx context.Context, dgst digest.Digest, content []byte) (distribution.Manifest, error)
-
-	// Put creates or updates the given manifest returning the manifest digest.
-	Put(ctx context.Context, manifest distribution.Manifest, skipDependencyVerification bool) (digest.Digest, error)
-}
-
-// SkipLayerVerification allows a manifest to be Put before its
-// layers are on the filesystem
-func SkipLayerVerification() distribution.ManifestServiceOption {
-	return skipLayerOption{}
-}
-
-type skipLayerOption struct{}
-
-func (o skipLayerOption) Apply(m distribution.ManifestService) error {
-	if ms, ok := m.(*manifestStore); ok {
-		ms.skipDependencyVerification = true
-		return nil
-	}
-	return fmt.Errorf("skip layer verification only valid for manifestStore")
-}
-
-type manifestStore struct {
-	repository *repository
-	blobStore  *linkedBlobStore
-	ctx        context.Context
-
-	skipDependencyVerification bool
-
-	schema1Handler      ManifestHandler
-	schema2Handler      ManifestHandler
-	ocischemaHandler    ManifestHandler
-	manifestListHandler ManifestHandler
-}
-
-var _ distribution.ManifestService = &manifestStore{}
-
-func (ms *manifestStore) Exists(ctx context.Context, dgst digest.Digest) (bool, error) {
-	dcontext.GetLogger(ms.ctx).Debug("(*manifestStore).Exists")
-
-	_, err := ms.blobStore.Stat(ms.ctx, dgst)
-	if err != nil {
-		if err == distribution.ErrBlobUnknown {
-			return false, nil
-		}
-
-		return false, err
-	}
-
-	return true, nil
-}
-
-func (ms *manifestStore) Get(ctx context.Context, dgst digest.Digest, options ...distribution.ManifestServiceOption) (distribution.Manifest, error) {
-	dcontext.GetLogger(ms.ctx).Debug("(*manifestStore).Get")
-
-	// TODO(stevvooe): Need to check descriptor from above to ensure that the
-	// mediatype is as we expect for the manifest store.
-
-	content, err := ms.blobStore.Get(ctx, dgst)
-	if err != nil {
-		if err == distribution.ErrBlobUnknown {
-			return nil, distribution.ErrManifestUnknownRevision{
-				Name:     ms.repository.Named().Name(),
-				Revision: dgst,
-			}
-		}
-
-		return nil, err
-	}
-
-	var versioned manifest.Versioned
-	if err = json.Unmarshal(content, &versioned); err != nil {
-		return nil, err
-	}
-
-	switch versioned.SchemaVersion {
-	case 1:
-		return ms.schema1Handler.Unmarshal(ctx, dgst, content)
-	case 2:
-		// This can be an image manifest or a manifest list
-		switch versioned.MediaType {
-		case schema2.MediaTypeManifest:
-			return ms.schema2Handler.Unmarshal(ctx, dgst, content)
-		case v1.MediaTypeImageManifest:
-			return ms.ocischemaHandler.Unmarshal(ctx, dgst, content)
-		case manifestlist.MediaTypeManifestList, v1.MediaTypeImageIndex:
-			return ms.manifestListHandler.Unmarshal(ctx, dgst, content)
-		case "":
-			// OCI image or image index - no media type in the content
-
-			// First see if it looks like an image index
-			res, err := ms.manifestListHandler.Unmarshal(ctx, dgst, content)
-			resIndex := res.(*manifestlist.DeserializedManifestList)
-			if err == nil && resIndex.Manifests != nil {
-				return resIndex, nil
-			}
-
-			// Otherwise, assume it must be an image manifest
-			return ms.ocischemaHandler.Unmarshal(ctx, dgst, content)
-		default:
-			return nil, distribution.ErrManifestVerification{fmt.Errorf("unrecognized manifest content type %s", versioned.MediaType)}
-		}
-	}
-
-	return nil, fmt.Errorf("unrecognized manifest schema version %d", versioned.SchemaVersion)
-}
-
-func (ms *manifestStore) Put(ctx context.Context, manifest distribution.Manifest, options ...distribution.ManifestServiceOption) (digest.Digest, error) {
-	dcontext.GetLogger(ms.ctx).Debug("(*manifestStore).Put")
-
-	switch manifest.(type) {
-	case *schema1.SignedManifest:
-		return ms.schema1Handler.Put(ctx, manifest, ms.skipDependencyVerification)
-	case *schema2.DeserializedManifest:
-		return ms.schema2Handler.Put(ctx, manifest, ms.skipDependencyVerification)
-	case *ocischema.DeserializedManifest:
-		return ms.ocischemaHandler.Put(ctx, manifest, ms.skipDependencyVerification)
-	case *manifestlist.DeserializedManifestList:
-		return ms.manifestListHandler.Put(ctx, manifest, ms.skipDependencyVerification)
-	}
-
-	return "", fmt.Errorf("unrecognized manifest type %T", manifest)
-}
-
-// Delete removes the revision of the specified manifest.
-func (ms *manifestStore) Delete(ctx context.Context, dgst digest.Digest) error {
-	dcontext.GetLogger(ms.ctx).Debug("(*manifestStore).Delete")
-	return ms.blobStore.Delete(ctx, dgst)
-}
-
-func (ms *manifestStore) Enumerate(ctx context.Context, ingester func(digest.Digest) error) error {
-	err := ms.blobStore.Enumerate(ctx, func(dgst digest.Digest) error {
-		err := ingester(dgst)
-		if err != nil {
-			return err
-		}
-		return nil
-	})
-	return err
-}
diff --git a/vendor/github.com/docker/distribution/registry/storage/ocimanifesthandler.go b/vendor/github.com/docker/distribution/registry/storage/ocimanifesthandler.go
deleted file mode 100644
index 6fa499fe7..000000000
--- a/vendor/github.com/docker/distribution/registry/storage/ocimanifesthandler.go
+++ /dev/null
@@ -1,133 +0,0 @@
-package storage
-
-import (
-	"context"
-	"fmt"
-	"net/url"
-
-	"github.com/docker/distribution"
-	dcontext "github.com/docker/distribution/context"
-	"github.com/docker/distribution/manifest/ocischema"
-	"github.com/opencontainers/go-digest"
-	v1 "github.com/opencontainers/image-spec/specs-go/v1"
-)
-
-// ocischemaManifestHandler is a ManifestHandler that covers ocischema manifests.
-type ocischemaManifestHandler struct {
-	repository   distribution.Repository
-	blobStore    distribution.BlobStore
-	ctx          context.Context
-	manifestURLs manifestURLs
-}
-
-var _ ManifestHandler = &ocischemaManifestHandler{}
-
-func (ms *ocischemaManifestHandler) Unmarshal(ctx context.Context, dgst digest.Digest, content []byte) (distribution.Manifest, error) {
-	dcontext.GetLogger(ms.ctx).Debug("(*ocischemaManifestHandler).Unmarshal")
-
-	m := &ocischema.DeserializedManifest{}
-	if err := m.UnmarshalJSON(content); err != nil {
-		return nil, err
-	}
-
-	return m, nil
-}
-
-func (ms *ocischemaManifestHandler) Put(ctx context.Context, manifest distribution.Manifest, skipDependencyVerification bool) (digest.Digest, error) {
-	dcontext.GetLogger(ms.ctx).Debug("(*ocischemaManifestHandler).Put")
-
-	m, ok := manifest.(*ocischema.DeserializedManifest)
-	if !ok {
-		return "", fmt.Errorf("non-ocischema manifest put to ocischemaManifestHandler: %T", manifest)
-	}
-
-	if err := ms.verifyManifest(ms.ctx, *m, skipDependencyVerification); err != nil {
-		return "", err
-	}
-
-	mt, payload, err := m.Payload()
-	if err != nil {
-		return "", err
-	}
-
-	revision, err := ms.blobStore.Put(ctx, mt, payload)
-	if err != nil {
-		dcontext.GetLogger(ctx).Errorf("error putting payload into blobstore: %v", err)
-		return "", err
-	}
-
-	return revision.Digest, nil
-}
-
-// verifyManifest ensures that the manifest content is valid from the
-// perspective of the registry. As a policy, the registry only tries to store
-// valid content, leaving trust policies of that content up to consumers.
-func (ms *ocischemaManifestHandler) verifyManifest(ctx context.Context, mnfst ocischema.DeserializedManifest, skipDependencyVerification bool) error {
-	var errs distribution.ErrManifestVerification
-
-	if mnfst.Manifest.SchemaVersion != 2 {
-		return fmt.Errorf("unrecognized manifest schema version %d", mnfst.Manifest.SchemaVersion)
-	}
-
-	if skipDependencyVerification {
-		return nil
-	}
-
-	manifestService, err := ms.repository.Manifests(ctx)
-	if err != nil {
-		return err
-	}
-
-	blobsService := ms.repository.Blobs(ctx)
-
-	for _, descriptor := range mnfst.References() {
-		var err error
-
-		switch descriptor.MediaType {
-		case v1.MediaTypeImageLayer, v1.MediaTypeImageLayerGzip, v1.MediaTypeImageLayerNonDistributable, v1.MediaTypeImageLayerNonDistributableGzip:
-			allow := ms.manifestURLs.allow
-			deny := ms.manifestURLs.deny
-			for _, u := range descriptor.URLs {
-				var pu *url.URL
-				pu, err = url.Parse(u)
-				if err != nil || (pu.Scheme != "http" && pu.Scheme != "https") || pu.Fragment != "" || (allow != nil && !allow.MatchString(u)) || (deny != nil && deny.MatchString(u)) {
-					err = errInvalidURL
-					break
-				}
-			}
-			if err == nil && len(descriptor.URLs) == 0 {
-				// If no URLs, require that the blob exists
-				_, err = blobsService.Stat(ctx, descriptor.Digest)
-			}
-
-		case v1.MediaTypeImageManifest:
-			var exists bool
-			exists, err = manifestService.Exists(ctx, descriptor.Digest)
-			if err != nil || !exists {
-				err = distribution.ErrBlobUnknown // just coerce to unknown.
-			}
-
-			fallthrough // double check the blob store.
-		default:
-			// forward all else to blob storage
-			if len(descriptor.URLs) == 0 {
-				_, err = blobsService.Stat(ctx, descriptor.Digest)
-			}
-		}
-
-		if err != nil {
-			if err != distribution.ErrBlobUnknown {
-				errs = append(errs, err)
-			}
-
-			// On error here, we always append unknown blob errors.
-			errs = append(errs, distribution.ErrManifestBlobUnknown{Digest: descriptor.Digest})
-		}
-	}
-
-	if len(errs) != 0 {
-		return errs
-	}
-
-	return nil
-}
diff --git a/vendor/github.com/docker/distribution/registry/storage/paths.go b/vendor/github.com/docker/distribution/registry/storage/paths.go
deleted file mode 100644
index b8f327267..000000000
--- a/vendor/github.com/docker/distribution/registry/storage/paths.go
+++ /dev/null
@@ -1,476 +0,0 @@
-package storage
-
-import (
-	"fmt"
-	"path"
-	"strings"
-
-	"github.com/opencontainers/go-digest"
-)
-
-const (
-	storagePathVersion = "v2"                // fixed storage layout version
-	storagePathRoot    = "/docker/registry/" // all driver paths have a prefix
-
-	// TODO(stevvooe): Get rid of the "storagePathRoot". Initially, we though
-	// storage path root would configurable for all drivers through this
-	// package. In reality, we've found it simpler to do this on a per driver
-	// basis.
-)
-
-// pathFor maps paths based on "object names" and their ids. The "object
-// names" mapped by are internal to the storage system.
-//
-// The path layout in the storage backend is roughly as follows:
-//
-//	<root>/v2
-//		-> repositories/
-//			-><name>/
-//				-> _manifests/
-//					revisions
-//						-> <manifest digest path>
-//							-> link
-//					tags/<tag>
-//						-> current/link
-//						-> index
-//							-> <algorithm>/<hex digest>/link
-//				-> _layers/
-//					<layer links to blob store>
-//				-> _uploads/<id>
-//					data
-//					startedat
-//					hashstates/<algorithm>/<offset>
-//		-> blob/<algorithm>
-//			<split directory content addressable storage>
-//
-// The storage backend layout is broken up into a content-addressable blob
-// store and repositories. The content-addressable blob store holds most data
-// throughout the backend, keyed by algorithm and digests of the underlying
-// content. Access to the blob store is controlled through links from the
-// repository to blobstore.
-//
-// A repository is made up of layers, manifests and tags. The layers component
-// is just a directory of layers which are "linked" into a repository. A layer
-// can only be accessed through a qualified repository name if it is linked in
-// the repository. Uploads of layers are managed in the uploads directory,
-// which is key by upload id. When all data for an upload is received, the
-// data is moved into the blob store and the upload directory is deleted.
-// Abandoned uploads can be garbage collected by reading the startedat file
-// and removing uploads that have been active for longer than a certain time.
-//
-// The third component of the repository directory is the manifests store,
-// which is made up of a revision store and tag store. Manifests are stored in
-// the blob store and linked into the revision store.
-// While the registry can save all revisions of a manifest, no relationship is
-// implied as to the ordering of changes to a manifest. The tag store provides
-// support for name, tag lookups of manifests, using "current/link" under a
-// named tag directory. An index is maintained to support deletions of all
-// revisions of a given manifest tag.
-//
-// We cover the path formats implemented by this path mapper below.
-//
-//	Manifests:
-//
-//	manifestRevisionsPathSpec:      <root>/v2/repositories/<name>/_manifests/revisions/
-//	manifestRevisionPathSpec:      <root>/v2/repositories/<name>/_manifests/revisions/<algorithm>/<hex digest>/
-//	manifestRevisionLinkPathSpec:  <root>/v2/repositories/<name>/_manifests/revisions/<algorithm>/<hex digest>/link
-//
-//	Tags:
-//
-//	manifestTagsPathSpec:                  <root>/v2/repositories/<name>/_manifests/tags/
-//	manifestTagPathSpec:                   <root>/v2/repositories/<name>/_manifests/tags/<tag>/
-//	manifestTagCurrentPathSpec:            <root>/v2/repositories/<name>/_manifests/tags/<tag>/current/link
-//	manifestTagIndexPathSpec:              <root>/v2/repositories/<name>/_manifests/tags/<tag>/index/
-//	manifestTagIndexEntryPathSpec:         <root>/v2/repositories/<name>/_manifests/tags/<tag>/index/<algorithm>/<hex digest>/
-//	manifestTagIndexEntryLinkPathSpec:     <root>/v2/repositories/<name>/_manifests/tags/<tag>/index/<algorithm>/<hex digest>/link
-//
-//	Blobs:
-//
-//	layerLinkPathSpec:            <root>/v2/repositories/<name>/_layers/<algorithm>/<hex digest>/link
-//
-//	Uploads:
-//
-//	uploadDataPathSpec:             <root>/v2/repositories/<name>/_uploads/<id>/data
-//	uploadStartedAtPathSpec:        <root>/v2/repositories/<name>/_uploads/<id>/startedat
-//	uploadHashStatePathSpec:        <root>/v2/repositories/<name>/_uploads/<id>/hashstates/<algorithm>/<offset>
-//
-//	Blob Store:
-//
-//	blobsPathSpec:                  <root>/v2/blobs/
-//	blobPathSpec:                   <root>/v2/blobs/<algorithm>/<first two hex bytes of digest>/<hex digest>
-//	blobDataPathSpec:               <root>/v2/blobs/<algorithm>/<first two hex bytes of digest>/<hex digest>/data
-//	blobMediaTypePathSpec:               <root>/v2/blobs/<algorithm>/<first two hex bytes of digest>/<hex digest>/data
-//
-// For more information on the semantic meaning of each path and their
-// contents, please see the path spec documentation.
-func pathFor(spec pathSpec) (string, error) {
-
-	// Switch on the path object type and return the appropriate path. At
-	// first glance, one may wonder why we don't use an interface to
-	// accomplish this. By keep the formatting separate from the pathSpec, we
-	// keep separate the path generation componentized. These specs could be
-	// passed to a completely different mapper implementation and generate a
-	// different set of paths.
-	//
-	// For example, imagine migrating from one backend to the other: one could
-	// build a filesystem walker that converts a string path in one version,
-	// to an intermediate path object, than can be consumed and mapped by the
-	// other version.
-
-	rootPrefix := []string{storagePathRoot, storagePathVersion}
-	repoPrefix := append(rootPrefix, "repositories")
-
-	switch v := spec.(type) {
-
-	case manifestRevisionsPathSpec:
-		return path.Join(append(repoPrefix, v.name, "_manifests", "revisions")...), nil
-
-	case manifestRevisionPathSpec:
-		components, err := digestPathComponents(v.revision, false)
-		if err != nil {
-			return "", err
-		}
-
-		return path.Join(append(append(repoPrefix, v.name, "_manifests", "revisions"), components...)...), nil
-	case manifestRevisionLinkPathSpec:
-		root, err := pathFor(manifestRevisionPathSpec(v))
-
-		if err != nil {
-			return "", err
-		}
-
-		return path.Join(root, "link"), nil
-	case manifestTagsPathSpec:
-		return path.Join(append(repoPrefix, v.name, "_manifests", "tags")...), nil
-	case manifestTagPathSpec:
-		root, err := pathFor(manifestTagsPathSpec{
-			name: v.name,
-		})
-
-		if err != nil {
-			return "", err
-		}
-
-		return path.Join(root, v.tag), nil
-	case manifestTagCurrentPathSpec:
-		root, err := pathFor(manifestTagPathSpec(v))
-
-		if err != nil {
-			return "", err
-		}
-
-		return path.Join(root, "current", "link"), nil
-	case manifestTagIndexPathSpec:
-		root, err := pathFor(manifestTagPathSpec(v))
-
-		if err != nil {
-			return "", err
-		}
-
-		return path.Join(root, "index"), nil
-	case manifestTagIndexEntryLinkPathSpec:
-		root, err := pathFor(manifestTagIndexEntryPathSpec(v))
-
-		if err != nil {
-			return "", err
-		}
-
-		return path.Join(root, "link"), nil
-	case manifestTagIndexEntryPathSpec:
-		root, err := pathFor(manifestTagIndexPathSpec{
-			name: v.name,
-			tag:  v.tag,
-		})
-
-		if err != nil {
-			return "", err
-		}
-
-		components, err := digestPathComponents(v.revision, false)
-		if err != nil {
-			return "", err
-		}
-
-		return path.Join(root, path.Join(components...)), nil
-	case layerLinkPathSpec:
-		components, err := digestPathComponents(v.digest, false)
-		if err != nil {
-			return "", err
-		}
-
-		// TODO(stevvooe): Right now, all blobs are linked under "_layers". If
-		// we have future migrations, we may want to rename this to "_blobs".
-		// A migration strategy would simply leave existing items in place and
-		// write the new paths, commit a file then delete the old files.
-
-		blobLinkPathComponents := append(repoPrefix, v.name, "_layers")
-
-		return path.Join(path.Join(append(blobLinkPathComponents, components...)...), "link"), nil
-	case blobsPathSpec:
-		blobsPathPrefix := append(rootPrefix, "blobs")
-		return path.Join(blobsPathPrefix...), nil
-	case blobPathSpec:
-		components, err := digestPathComponents(v.digest, true)
-		if err != nil {
-			return "", err
-		}
-
-		blobPathPrefix := append(rootPrefix, "blobs")
-		return path.Join(append(blobPathPrefix, components...)...), nil
-	case blobDataPathSpec:
-		components, err := digestPathComponents(v.digest, true)
-		if err != nil {
-			return "", err
-		}
-
-		components = append(components, "data")
-		blobPathPrefix := append(rootPrefix, "blobs")
-		return path.Join(append(blobPathPrefix, components...)...), nil
-
-	case uploadDataPathSpec:
-		return path.Join(append(repoPrefix, v.name, "_uploads", v.id, "data")...), nil
-	case uploadStartedAtPathSpec:
-		return path.Join(append(repoPrefix, v.name, "_uploads", v.id, "startedat")...), nil
-	case uploadHashStatePathSpec:
-		offset := fmt.Sprintf("%d", v.offset)
-		if v.list {
-			offset = "" // Limit to the prefix for listing offsets.
-		}
-		return path.Join(append(repoPrefix, v.name, "_uploads", v.id, "hashstates", string(v.alg), offset)...), nil
-	case repositoriesRootPathSpec:
-		return path.Join(repoPrefix...), nil
-	default:
-		// TODO(sday): This is an internal error. Ensure it doesn't escape (panic?).
-		return "", fmt.Errorf("unknown path spec: %#v", v)
-	}
-}
-
-// pathSpec is a type to mark structs as path specs. There is no
-// implementation because we'd like to keep the specs and the mappers
-// decoupled.
-type pathSpec interface {
-	pathSpec()
-}
-
-// manifestRevisionsPathSpec describes the directory path for
-// a manifest revision.
-type manifestRevisionsPathSpec struct {
-	name string
-}
-
-func (manifestRevisionsPathSpec) pathSpec() {}
-
-// manifestRevisionPathSpec describes the components of the directory path for
-// a manifest revision.
-type manifestRevisionPathSpec struct {
-	name     string
-	revision digest.Digest
-}
-
-func (manifestRevisionPathSpec) pathSpec() {}
-
-// manifestRevisionLinkPathSpec describes the path components required to look
-// up the data link for a revision of a manifest. If this file is not present,
-// the manifest blob is not available in the given repo. The contents of this
-// file should just be the digest.
-type manifestRevisionLinkPathSpec struct {
-	name     string
-	revision digest.Digest
-}
-
-func (manifestRevisionLinkPathSpec) pathSpec() {}
-
-// manifestTagsPathSpec describes the path elements required to point to the
-// manifest tags directory.
-type manifestTagsPathSpec struct {
-	name string
-}
-
-func (manifestTagsPathSpec) pathSpec() {}
-
-// manifestTagPathSpec describes the path elements required to point to the
-// manifest tag links files under a repository. These contain a blob id that
-// can be used to look up the data and signatures.
-type manifestTagPathSpec struct {
-	name string
-	tag  string
-}
-
-func (manifestTagPathSpec) pathSpec() {}
-
-// manifestTagCurrentPathSpec describes the link to the current revision for a
-// given tag.
-type manifestTagCurrentPathSpec struct {
-	name string
-	tag  string
-}
-
-func (manifestTagCurrentPathSpec) pathSpec() {}
-
-// manifestTagCurrentPathSpec describes the link to the index of revisions
-// with the given tag.
-type manifestTagIndexPathSpec struct {
-	name string
-	tag  string
-}
-
-func (manifestTagIndexPathSpec) pathSpec() {}
-
-// manifestTagIndexEntryPathSpec contains the entries of the index by revision.
-type manifestTagIndexEntryPathSpec struct {
-	name     string
-	tag      string
-	revision digest.Digest
-}
-
-func (manifestTagIndexEntryPathSpec) pathSpec() {}
-
-// manifestTagIndexEntryLinkPathSpec describes the link to a revisions of a
-// manifest with given tag within the index.
-type manifestTagIndexEntryLinkPathSpec struct {
-	name     string
-	tag      string
-	revision digest.Digest
-}
-
-func (manifestTagIndexEntryLinkPathSpec) pathSpec() {}
-
-// blobLinkPathSpec specifies a path for a blob link, which is a file with a
-// blob id. The blob link will contain a content addressable blob id reference
-// into the blob store. The format of the contents is as follows:
-//
-//	<algorithm>:<hex digest of layer data>
-//
-// The following example of the file contents is more illustrative:
-//
-//	sha256:96443a84ce518ac22acb2e985eda402b58ac19ce6f91980bde63726a79d80b36
-//
-// This  indicates that there is a blob with the id/digest, calculated via
-// sha256 that can be fetched from the blob store.
-type layerLinkPathSpec struct {
-	name   string
-	digest digest.Digest
-}
-
-func (layerLinkPathSpec) pathSpec() {}
-
-// blobAlgorithmReplacer does some very simple path sanitization for user
-// input. Paths should be "safe" before getting this far due to strict digest
-// requirements but we can add further path conversion here, if needed.
-var blobAlgorithmReplacer = strings.NewReplacer(
-	"+", "/",
-	".", "/",
-	";", "/",
-)
-
-// blobsPathSpec contains the path for the blobs directory
-type blobsPathSpec struct{}
-
-func (blobsPathSpec) pathSpec() {}
-
-// blobPathSpec contains the path for the registry global blob store.
-type blobPathSpec struct {
-	digest digest.Digest
-}
-
-func (blobPathSpec) pathSpec() {}
-
-// blobDataPathSpec contains the path for the registry global blob store. For
-// now, this contains layer data, exclusively.
-type blobDataPathSpec struct {
-	digest digest.Digest
-}
-
-func (blobDataPathSpec) pathSpec() {}
-
-// uploadDataPathSpec defines the path parameters of the data file for
-// uploads.
-type uploadDataPathSpec struct {
-	name string
-	id   string
-}
-
-func (uploadDataPathSpec) pathSpec() {}
-
-// uploadDataPathSpec defines the path parameters for the file that stores the
-// start time of an uploads. If it is missing, the upload is considered
-// unknown. Admittedly, the presence of this file is an ugly hack to make sure
-// we have a way to cleanup old or stalled uploads that doesn't rely on driver
-// FileInfo behavior. If we come up with a more clever way to do this, we
-// should remove this file immediately and rely on the startetAt field from
-// the client to enforce time out policies.
-type uploadStartedAtPathSpec struct {
-	name string
-	id   string
-}
-
-func (uploadStartedAtPathSpec) pathSpec() {}
-
-// uploadHashStatePathSpec defines the path parameters for the file that stores
-// the hash function state of an upload at a specific byte offset. If `list` is
-// set, then the path mapper will generate a list prefix for all hash state
-// offsets for the upload identified by the name, id, and alg.
-type uploadHashStatePathSpec struct {
-	name   string
-	id     string
-	alg    digest.Algorithm
-	offset int64
-	list   bool
-}
-
-func (uploadHashStatePathSpec) pathSpec() {}
-
-// repositoriesRootPathSpec returns the root of repositories
-type repositoriesRootPathSpec struct {
-}
-
-func (repositoriesRootPathSpec) pathSpec() {}
-
-// digestPathComponents provides a consistent path breakdown for a given
-// digest. For a generic digest, it will be as follows:
-//
-//	<algorithm>/<hex digest>
-//
-// If multilevel is true, the first two bytes of the digest will separate
-// groups of digest folder. It will be as follows:
-//
-//	<algorithm>/<first two bytes of digest>/<full digest>
-func digestPathComponents(dgst digest.Digest, multilevel bool) ([]string, error) {
-	if err := dgst.Validate(); err != nil {
-		return nil, err
-	}
-
-	algorithm := blobAlgorithmReplacer.Replace(string(dgst.Algorithm()))
-	hex := dgst.Hex()
-	prefix := []string{algorithm}
-
-	var suffix []string
-
-	if multilevel {
-		suffix = append(suffix, hex[:2])
-	}
-
-	suffix = append(suffix, hex)
-
-	return append(prefix, suffix...), nil
-}
-
-// Reconstructs a digest from a path
-func digestFromPath(digestPath string) (digest.Digest, error) {
-
-	digestPath = strings.TrimSuffix(digestPath, "/data")
-	dir, hex := path.Split(digestPath)
-	dir = path.Dir(dir)
-	dir, next := path.Split(dir)
-
-	// next is either the algorithm OR the first two characters in the hex string
-	var algo string
-	if next == hex[:2] {
-		algo = path.Base(dir)
-	} else {
-		algo = next
-	}
-
-	dgst := digest.NewDigestFromHex(algo, hex)
-	return dgst, dgst.Validate()
-}
diff --git a/vendor/github.com/docker/distribution/registry/storage/purgeuploads.go b/vendor/github.com/docker/distribution/registry/storage/purgeuploads.go
deleted file mode 100644
index cac921210..000000000
--- a/vendor/github.com/docker/distribution/registry/storage/purgeuploads.go
+++ /dev/null
@@ -1,139 +0,0 @@
-package storage
-
-import (
-	"context"
-	"path"
-	"strings"
-	"time"
-
-	storageDriver "github.com/docker/distribution/registry/storage/driver"
-	"github.com/docker/distribution/uuid"
-	"github.com/sirupsen/logrus"
-)
-
-// uploadData stored the location of temporary files created during a layer upload
-// along with the date the upload was started
-type uploadData struct {
-	containingDir string
-	startedAt     time.Time
-}
-
-func newUploadData() uploadData {
-	return uploadData{
-		containingDir: "",
-		// default to far in future to protect against missing startedat
-		startedAt: time.Now().Add(10000 * time.Hour),
-	}
-}
-
-// PurgeUploads deletes files from the upload directory
-// created before olderThan.  The list of files deleted and errors
-// encountered are returned
-func PurgeUploads(ctx context.Context, driver storageDriver.StorageDriver, olderThan time.Time, actuallyDelete bool) ([]string, []error) {
-	logrus.Infof("PurgeUploads starting: olderThan=%s, actuallyDelete=%t", olderThan, actuallyDelete)
-	uploadData, errors := getOutstandingUploads(ctx, driver)
-	var deleted []string
-	for _, uploadData := range uploadData {
-		if uploadData.startedAt.Before(olderThan) {
-			var err error
-			logrus.Infof("Upload files in %s have older date (%s) than purge date (%s).  Removing upload directory.",
-				uploadData.containingDir, uploadData.startedAt, olderThan)
-			if actuallyDelete {
-				err = driver.Delete(ctx, uploadData.containingDir)
-			}
-			if err == nil {
-				deleted = append(deleted, uploadData.containingDir)
-			} else {
-				errors = append(errors, err)
-			}
-		}
-	}
-
-	logrus.Infof("Purge uploads finished.  Num deleted=%d, num errors=%d", len(deleted), len(errors))
-	return deleted, errors
-}
-
-// getOutstandingUploads walks the upload directory, collecting files
-// which could be eligible for deletion.  The only reliable way to
-// classify the age of a file is with the date stored in the startedAt
-// file, so gather files by UUID with a date from startedAt.
-func getOutstandingUploads(ctx context.Context, driver storageDriver.StorageDriver) (map[string]uploadData, []error) {
-	var errors []error
-	uploads := make(map[string]uploadData)
-
-	inUploadDir := false
-	root, err := pathFor(repositoriesRootPathSpec{})
-	if err != nil {
-		return uploads, append(errors, err)
-	}
-
-	err = driver.Walk(ctx, root, func(fileInfo storageDriver.FileInfo) error {
-		filePath := fileInfo.Path()
-		_, file := path.Split(filePath)
-		if file[0] == '_' {
-			// Reserved directory
-			inUploadDir = (file == "_uploads")
-
-			if fileInfo.IsDir() && !inUploadDir {
-				return storageDriver.ErrSkipDir
-			}
-
-		}
-
-		uuid, isContainingDir := uuidFromPath(filePath)
-		if uuid == "" {
-			// Cannot reliably delete
-			return nil
-		}
-		ud, ok := uploads[uuid]
-		if !ok {
-			ud = newUploadData()
-		}
-		if isContainingDir {
-			ud.containingDir = filePath
-		}
-		if file == "startedat" {
-			if t, err := readStartedAtFile(driver, filePath); err == nil {
-				ud.startedAt = t
-			} else {
-				errors = pushError(errors, filePath, err)
-			}
-
-		}
-
-		uploads[uuid] = ud
-		return nil
-	})
-
-	if err != nil {
-		errors = pushError(errors, root, err)
-	}
-	return uploads, errors
-}
-
-// uuidFromPath extracts the upload UUID from a given path
-// If the UUID is the last path component, this is the containing
-// directory for all upload files
-func uuidFromPath(path string) (string, bool) {
-	components := strings.Split(path, "/")
-	for i := len(components) - 1; i >= 0; i-- {
-		if u, err := uuid.Parse(components[i]); err == nil {
-			return u.String(), i == len(components)-1
-		}
-	}
-	return "", false
-}
-
-// readStartedAtFile reads the date from an upload's startedAtFile
-func readStartedAtFile(driver storageDriver.StorageDriver, path string) (time.Time, error) {
-	// todo:(richardscothern) - pass in a context
-	startedAtBytes, err := driver.GetContent(context.Background(), path)
-	if err != nil {
-		return time.Now(), err
-	}
-	startedAt, err := time.Parse(time.RFC3339, string(startedAtBytes))
-	if err != nil {
-		return time.Now(), err
-	}
-	return startedAt, nil
-}
diff --git a/vendor/github.com/docker/distribution/registry/storage/registry.go b/vendor/github.com/docker/distribution/registry/storage/registry.go
deleted file mode 100644
index 7e932ab9a..000000000
--- a/vendor/github.com/docker/distribution/registry/storage/registry.go
+++ /dev/null
@@ -1,336 +0,0 @@
-package storage
-
-import (
-	"context"
-	"regexp"
-
-	"github.com/docker/distribution"
-	"github.com/docker/distribution/reference"
-	"github.com/docker/distribution/registry/storage/cache"
-	storagedriver "github.com/docker/distribution/registry/storage/driver"
-	"github.com/docker/libtrust"
-)
-
-// registry is the top-level implementation of Registry for use in the storage
-// package. All instances should descend from this object.
-type registry struct {
-	blobStore                    *blobStore
-	blobServer                   *blobServer
-	statter                      *blobStatter // global statter service.
-	blobDescriptorCacheProvider  cache.BlobDescriptorCacheProvider
-	deleteEnabled                bool
-	schema1Enabled               bool
-	resumableDigestEnabled       bool
-	schema1SigningKey            libtrust.PrivateKey
-	blobDescriptorServiceFactory distribution.BlobDescriptorServiceFactory
-	manifestURLs                 manifestURLs
-	driver                       storagedriver.StorageDriver
-}
-
-// manifestURLs holds regular expressions for controlling manifest URL whitelisting
-type manifestURLs struct {
-	allow *regexp.Regexp
-	deny  *regexp.Regexp
-}
-
-// RegistryOption is the type used for functional options for NewRegistry.
-type RegistryOption func(*registry) error
-
-// EnableRedirect is a functional option for NewRegistry. It causes the backend
-// blob server to attempt using (StorageDriver).URLFor to serve all blobs.
-func EnableRedirect(registry *registry) error {
-	registry.blobServer.redirect = true
-	return nil
-}
-
-// EnableDelete is a functional option for NewRegistry. It enables deletion on
-// the registry.
-func EnableDelete(registry *registry) error {
-	registry.deleteEnabled = true
-	return nil
-}
-
-// EnableSchema1 is a functional option for NewRegistry. It enables pushing of
-// schema1 manifests.
-func EnableSchema1(registry *registry) error {
-	registry.schema1Enabled = true
-	return nil
-}
-
-// DisableDigestResumption is a functional option for NewRegistry. It should be
-// used if the registry is acting as a caching proxy.
-func DisableDigestResumption(registry *registry) error {
-	registry.resumableDigestEnabled = false
-	return nil
-}
-
-// ManifestURLsAllowRegexp is a functional option for NewRegistry.
-func ManifestURLsAllowRegexp(r *regexp.Regexp) RegistryOption {
-	return func(registry *registry) error {
-		registry.manifestURLs.allow = r
-		return nil
-	}
-}
-
-// ManifestURLsDenyRegexp is a functional option for NewRegistry.
-func ManifestURLsDenyRegexp(r *regexp.Regexp) RegistryOption {
-	return func(registry *registry) error {
-		registry.manifestURLs.deny = r
-		return nil
-	}
-}
-
-// Schema1SigningKey returns a functional option for NewRegistry. It sets the
-// key for signing  all schema1 manifests.
-func Schema1SigningKey(key libtrust.PrivateKey) RegistryOption {
-	return func(registry *registry) error {
-		registry.schema1SigningKey = key
-		return nil
-	}
-}
-
-// BlobDescriptorServiceFactory returns a functional option for NewRegistry. It sets the
-// factory to create BlobDescriptorServiceFactory middleware.
-func BlobDescriptorServiceFactory(factory distribution.BlobDescriptorServiceFactory) RegistryOption {
-	return func(registry *registry) error {
-		registry.blobDescriptorServiceFactory = factory
-		return nil
-	}
-}
-
-// BlobDescriptorCacheProvider returns a functional option for
-// NewRegistry. It creates a cached blob statter for use by the
-// registry.
-func BlobDescriptorCacheProvider(blobDescriptorCacheProvider cache.BlobDescriptorCacheProvider) RegistryOption {
-	// TODO(aaronl): The duplication of statter across several objects is
-	// ugly, and prevents us from using interface types in the registry
-	// struct. Ideally, blobStore and blobServer should be lazily
-	// initialized, and use the current value of
-	// blobDescriptorCacheProvider.
-	return func(registry *registry) error {
-		if blobDescriptorCacheProvider != nil {
-			statter := cache.NewCachedBlobStatter(blobDescriptorCacheProvider, registry.statter)
-			registry.blobStore.statter = statter
-			registry.blobServer.statter = statter
-			registry.blobDescriptorCacheProvider = blobDescriptorCacheProvider
-		}
-		return nil
-	}
-}
-
-// NewRegistry creates a new registry instance from the provided driver. The
-// resulting registry may be shared by multiple goroutines but is cheap to
-// allocate. If the Redirect option is specified, the backend blob server will
-// attempt to use (StorageDriver).URLFor to serve all blobs.
-func NewRegistry(ctx context.Context, driver storagedriver.StorageDriver, options ...RegistryOption) (distribution.Namespace, error) {
-	// create global statter
-	statter := &blobStatter{
-		driver: driver,
-	}
-
-	bs := &blobStore{
-		driver:  driver,
-		statter: statter,
-	}
-
-	registry := &registry{
-		blobStore: bs,
-		blobServer: &blobServer{
-			driver:  driver,
-			statter: statter,
-			pathFn:  bs.path,
-		},
-		statter:                statter,
-		resumableDigestEnabled: true,
-		driver:                 driver,
-	}
-
-	for _, option := range options {
-		if err := option(registry); err != nil {
-			return nil, err
-		}
-	}
-
-	return registry, nil
-}
-
-// Scope returns the namespace scope for a registry. The registry
-// will only serve repositories contained within this scope.
-func (reg *registry) Scope() distribution.Scope {
-	return distribution.GlobalScope
-}
-
-// Repository returns an instance of the repository tied to the registry.
-// Instances should not be shared between goroutines but are cheap to
-// allocate. In general, they should be request scoped.
-func (reg *registry) Repository(ctx context.Context, canonicalName reference.Named) (distribution.Repository, error) {
-	var descriptorCache distribution.BlobDescriptorService
-	if reg.blobDescriptorCacheProvider != nil {
-		var err error
-		descriptorCache, err = reg.blobDescriptorCacheProvider.RepositoryScoped(canonicalName.Name())
-		if err != nil {
-			return nil, err
-		}
-	}
-
-	return &repository{
-		ctx:             ctx,
-		registry:        reg,
-		name:            canonicalName,
-		descriptorCache: descriptorCache,
-	}, nil
-}
-
-func (reg *registry) Blobs() distribution.BlobEnumerator {
-	return reg.blobStore
-}
-
-func (reg *registry) BlobStatter() distribution.BlobStatter {
-	return reg.statter
-}
-
-// repository provides name-scoped access to various services.
-type repository struct {
-	*registry
-	ctx             context.Context
-	name            reference.Named
-	descriptorCache distribution.BlobDescriptorService
-}
-
-// Name returns the name of the repository.
-func (repo *repository) Named() reference.Named {
-	return repo.name
-}
-
-func (repo *repository) Tags(ctx context.Context) distribution.TagService {
-	tags := &tagStore{
-		repository: repo,
-		blobStore:  repo.registry.blobStore,
-	}
-
-	return tags
-}
-
-// Manifests returns an instance of ManifestService. Instantiation is cheap and
-// may be context sensitive in the future. The instance should be used similar
-// to a request local.
-func (repo *repository) Manifests(ctx context.Context, options ...distribution.ManifestServiceOption) (distribution.ManifestService, error) {
-	manifestLinkPathFns := []linkPathFunc{
-		// NOTE(stevvooe): Need to search through multiple locations since
-		// 2.1.0 unintentionally linked into  _layers.
-		manifestRevisionLinkPath,
-		blobLinkPath,
-	}
-
-	manifestDirectoryPathSpec := manifestRevisionsPathSpec{name: repo.name.Name()}
-
-	var statter distribution.BlobDescriptorService = &linkedBlobStatter{
-		blobStore:   repo.blobStore,
-		repository:  repo,
-		linkPathFns: manifestLinkPathFns,
-	}
-
-	if repo.registry.blobDescriptorServiceFactory != nil {
-		statter = repo.registry.blobDescriptorServiceFactory.BlobAccessController(statter)
-	}
-
-	blobStore := &linkedBlobStore{
-		ctx:                  ctx,
-		blobStore:            repo.blobStore,
-		repository:           repo,
-		deleteEnabled:        repo.registry.deleteEnabled,
-		blobAccessController: statter,
-
-		// TODO(stevvooe): linkPath limits this blob store to only
-		// manifests. This instance cannot be used for blob checks.
-		linkPathFns:           manifestLinkPathFns,
-		linkDirectoryPathSpec: manifestDirectoryPathSpec,
-	}
-
-	var v1Handler ManifestHandler
-	if repo.schema1Enabled {
-		v1Handler = &signedManifestHandler{
-			ctx:               ctx,
-			schema1SigningKey: repo.schema1SigningKey,
-			repository:        repo,
-			blobStore:         blobStore,
-		}
-	} else {
-		v1Handler = &v1UnsupportedHandler{
-			innerHandler: &signedManifestHandler{
-				ctx:               ctx,
-				schema1SigningKey: repo.schema1SigningKey,
-				repository:        repo,
-				blobStore:         blobStore,
-			},
-		}
-	}
-
-	ms := &manifestStore{
-		ctx:            ctx,
-		repository:     repo,
-		blobStore:      blobStore,
-		schema1Handler: v1Handler,
-		schema2Handler: &schema2ManifestHandler{
-			ctx:          ctx,
-			repository:   repo,
-			blobStore:    blobStore,
-			manifestURLs: repo.registry.manifestURLs,
-		},
-		manifestListHandler: &manifestListHandler{
-			ctx:        ctx,
-			repository: repo,
-			blobStore:  blobStore,
-		},
-		ocischemaHandler: &ocischemaManifestHandler{
-			ctx:          ctx,
-			repository:   repo,
-			blobStore:    blobStore,
-			manifestURLs: repo.registry.manifestURLs,
-		},
-	}
-
-	// Apply options
-	for _, option := range options {
-		err := option.Apply(ms)
-		if err != nil {
-			return nil, err
-		}
-	}
-
-	return ms, nil
-}
-
-// Blobs returns an instance of the BlobStore. Instantiation is cheap and
-// may be context sensitive in the future. The instance should be used similar
-// to a request local.
-func (repo *repository) Blobs(ctx context.Context) distribution.BlobStore {
-	var statter distribution.BlobDescriptorService = &linkedBlobStatter{
-		blobStore:   repo.blobStore,
-		repository:  repo,
-		linkPathFns: []linkPathFunc{blobLinkPath},
-	}
-
-	if repo.descriptorCache != nil {
-		statter = cache.NewCachedBlobStatter(repo.descriptorCache, statter)
-	}
-
-	if repo.registry.blobDescriptorServiceFactory != nil {
-		statter = repo.registry.blobDescriptorServiceFactory.BlobAccessController(statter)
-	}
-
-	return &linkedBlobStore{
-		registry:             repo.registry,
-		blobStore:            repo.blobStore,
-		blobServer:           repo.blobServer,
-		blobAccessController: statter,
-		repository:           repo,
-		ctx:                  ctx,
-
-		// TODO(stevvooe): linkPath limits this blob store to only layers.
-		// This instance cannot be used for manifest checks.
-		linkPathFns:            []linkPathFunc{blobLinkPath},
-		deleteEnabled:          repo.registry.deleteEnabled,
-		resumableDigestEnabled: repo.resumableDigestEnabled,
-	}
-}
diff --git a/vendor/github.com/docker/distribution/registry/storage/schema2manifesthandler.go b/vendor/github.com/docker/distribution/registry/storage/schema2manifesthandler.go
deleted file mode 100644
index d9339403a..000000000
--- a/vendor/github.com/docker/distribution/registry/storage/schema2manifesthandler.go
+++ /dev/null
@@ -1,139 +0,0 @@
-package storage
-
-import (
-	"context"
-	"errors"
-	"fmt"
-	"net/url"
-
-	"github.com/docker/distribution"
-	dcontext "github.com/docker/distribution/context"
-	"github.com/docker/distribution/manifest/schema1"
-	"github.com/docker/distribution/manifest/schema2"
-	"github.com/opencontainers/go-digest"
-)
-
-var (
-	errMissingURL = errors.New("missing URL on layer")
-	errInvalidURL = errors.New("invalid URL on layer")
-)
-
-// schema2ManifestHandler is a ManifestHandler that covers schema2 manifests.
-type schema2ManifestHandler struct {
-	repository   distribution.Repository
-	blobStore    distribution.BlobStore
-	ctx          context.Context
-	manifestURLs manifestURLs
-}
-
-var _ ManifestHandler = &schema2ManifestHandler{}
-
-func (ms *schema2ManifestHandler) Unmarshal(ctx context.Context, dgst digest.Digest, content []byte) (distribution.Manifest, error) {
-	dcontext.GetLogger(ms.ctx).Debug("(*schema2ManifestHandler).Unmarshal")
-
-	m := &schema2.DeserializedManifest{}
-	if err := m.UnmarshalJSON(content); err != nil {
-		return nil, err
-	}
-
-	return m, nil
-}
-
-func (ms *schema2ManifestHandler) Put(ctx context.Context, manifest distribution.Manifest, skipDependencyVerification bool) (digest.Digest, error) {
-	dcontext.GetLogger(ms.ctx).Debug("(*schema2ManifestHandler).Put")
-
-	m, ok := manifest.(*schema2.DeserializedManifest)
-	if !ok {
-		return "", fmt.Errorf("non-schema2 manifest put to schema2ManifestHandler: %T", manifest)
-	}
-
-	if err := ms.verifyManifest(ms.ctx, *m, skipDependencyVerification); err != nil {
-		return "", err
-	}
-
-	mt, payload, err := m.Payload()
-	if err != nil {
-		return "", err
-	}
-
-	revision, err := ms.blobStore.Put(ctx, mt, payload)
-	if err != nil {
-		dcontext.GetLogger(ctx).Errorf("error putting payload into blobstore: %v", err)
-		return "", err
-	}
-
-	return revision.Digest, nil
-}
-
-// verifyManifest ensures that the manifest content is valid from the
-// perspective of the registry. As a policy, the registry only tries to store
-// valid content, leaving trust policies of that content up to consumers.
-func (ms *schema2ManifestHandler) verifyManifest(ctx context.Context, mnfst schema2.DeserializedManifest, skipDependencyVerification bool) error {
-	var errs distribution.ErrManifestVerification
-
-	if mnfst.Manifest.SchemaVersion != 2 {
-		return fmt.Errorf("unrecognized manifest schema version %d", mnfst.Manifest.SchemaVersion)
-	}
-
-	if skipDependencyVerification {
-		return nil
-	}
-
-	manifestService, err := ms.repository.Manifests(ctx)
-	if err != nil {
-		return err
-	}
-
-	blobsService := ms.repository.Blobs(ctx)
-
-	for _, descriptor := range mnfst.References() {
-		var err error
-
-		switch descriptor.MediaType {
-		case schema2.MediaTypeForeignLayer:
-			// Clients download this layer from an external URL, so do not check for
-			// its presence.
-			if len(descriptor.URLs) == 0 {
-				err = errMissingURL
-			}
-			allow := ms.manifestURLs.allow
-			deny := ms.manifestURLs.deny
-			for _, u := range descriptor.URLs {
-				var pu *url.URL
-				pu, err = url.Parse(u)
-				if err != nil || (pu.Scheme != "http" && pu.Scheme != "https") || pu.Fragment != "" || (allow != nil && !allow.MatchString(u)) || (deny != nil && deny.MatchString(u)) {
-					err = errInvalidURL
-					break
-				}
-			}
-		case schema2.MediaTypeManifest, schema1.MediaTypeManifest:
-			var exists bool
-			exists, err = manifestService.Exists(ctx, descriptor.Digest)
-			if err != nil || !exists {
-				err = distribution.ErrBlobUnknown // just coerce to unknown.
-			}
-
-			fallthrough // double check the blob store.
-		default:
-			// forward all else to blob storage
-			if len(descriptor.URLs) == 0 {
-				_, err = blobsService.Stat(ctx, descriptor.Digest)
-			}
-		}
-
-		if err != nil {
-			if err != distribution.ErrBlobUnknown {
-				errs = append(errs, err)
-			}
-
-			// On error here, we always append unknown blob errors.
-			errs = append(errs, distribution.ErrManifestBlobUnknown{Digest: descriptor.Digest})
-		}
-	}
-
-	if len(errs) != 0 {
-		return errs
-	}
-
-	return nil
-}
diff --git a/vendor/github.com/docker/distribution/registry/storage/signedmanifesthandler.go b/vendor/github.com/docker/distribution/registry/storage/signedmanifesthandler.go
deleted file mode 100644
index f94ecbea5..000000000
--- a/vendor/github.com/docker/distribution/registry/storage/signedmanifesthandler.go
+++ /dev/null
@@ -1,142 +0,0 @@
-package storage
-
-import (
-	"context"
-	"encoding/json"
-	"fmt"
-
-	"github.com/docker/distribution"
-	dcontext "github.com/docker/distribution/context"
-	"github.com/docker/distribution/manifest/schema1"
-	"github.com/docker/distribution/reference"
-	"github.com/docker/libtrust"
-	"github.com/opencontainers/go-digest"
-)
-
-// signedManifestHandler is a ManifestHandler that covers schema1 manifests. It
-// can unmarshal and put schema1 manifests that have been signed by libtrust.
-type signedManifestHandler struct {
-	repository        distribution.Repository
-	schema1SigningKey libtrust.PrivateKey
-	blobStore         distribution.BlobStore
-	ctx               context.Context
-}
-
-var _ ManifestHandler = &signedManifestHandler{}
-
-func (ms *signedManifestHandler) Unmarshal(ctx context.Context, dgst digest.Digest, content []byte) (distribution.Manifest, error) {
-	dcontext.GetLogger(ms.ctx).Debug("(*signedManifestHandler).Unmarshal")
-
-	var (
-		signatures [][]byte
-		err        error
-	)
-
-	jsig, err := libtrust.NewJSONSignature(content, signatures...)
-	if err != nil {
-		return nil, err
-	}
-
-	if ms.schema1SigningKey != nil {
-		if err := jsig.Sign(ms.schema1SigningKey); err != nil {
-			return nil, err
-		}
-	}
-
-	// Extract the pretty JWS
-	raw, err := jsig.PrettySignature("signatures")
-	if err != nil {
-		return nil, err
-	}
-
-	var sm schema1.SignedManifest
-	if err := json.Unmarshal(raw, &sm); err != nil {
-		return nil, err
-	}
-	return &sm, nil
-}
-
-func (ms *signedManifestHandler) Put(ctx context.Context, manifest distribution.Manifest, skipDependencyVerification bool) (digest.Digest, error) {
-	dcontext.GetLogger(ms.ctx).Debug("(*signedManifestHandler).Put")
-
-	sm, ok := manifest.(*schema1.SignedManifest)
-	if !ok {
-		return "", fmt.Errorf("non-schema1 manifest put to signedManifestHandler: %T", manifest)
-	}
-
-	if err := ms.verifyManifest(ms.ctx, *sm, skipDependencyVerification); err != nil {
-		return "", err
-	}
-
-	mt := schema1.MediaTypeManifest
-	payload := sm.Canonical
-
-	revision, err := ms.blobStore.Put(ctx, mt, payload)
-	if err != nil {
-		dcontext.GetLogger(ctx).Errorf("error putting payload into blobstore: %v", err)
-		return "", err
-	}
-
-	return revision.Digest, nil
-}
-
-// verifyManifest ensures that the manifest content is valid from the
-// perspective of the registry. It ensures that the signature is valid for the
-// enclosed payload. As a policy, the registry only tries to store valid
-// content, leaving trust policies of that content up to consumers.
-func (ms *signedManifestHandler) verifyManifest(ctx context.Context, mnfst schema1.SignedManifest, skipDependencyVerification bool) error {
-	var errs distribution.ErrManifestVerification
-
-	if len(mnfst.Name) > reference.NameTotalLengthMax {
-		errs = append(errs,
-			distribution.ErrManifestNameInvalid{
-				Name:   mnfst.Name,
-				Reason: fmt.Errorf("manifest name must not be more than %v characters", reference.NameTotalLengthMax),
-			})
-	}
-
-	if !reference.NameRegexp.MatchString(mnfst.Name) {
-		errs = append(errs,
-			distribution.ErrManifestNameInvalid{
-				Name:   mnfst.Name,
-				Reason: fmt.Errorf("invalid manifest name format"),
-			})
-	}
-
-	if len(mnfst.History) != len(mnfst.FSLayers) {
-		errs = append(errs, fmt.Errorf("mismatched history and fslayer cardinality %d != %d",
-			len(mnfst.History), len(mnfst.FSLayers)))
-	}
-
-	if _, err := schema1.Verify(&mnfst); err != nil {
-		switch err {
-		case libtrust.ErrMissingSignatureKey, libtrust.ErrInvalidJSONContent, libtrust.ErrMissingSignatureKey:
-			errs = append(errs, distribution.ErrManifestUnverified{})
-		default:
-			if err.Error() == "invalid signature" { // TODO(stevvooe): This should be exported by libtrust
-				errs = append(errs, distribution.ErrManifestUnverified{})
-			} else {
-				errs = append(errs, err)
-			}
-		}
-	}
-
-	if !skipDependencyVerification {
-		for _, fsLayer := range mnfst.References() {
-			_, err := ms.repository.Blobs(ctx).Stat(ctx, fsLayer.Digest)
-			if err != nil {
-				if err != distribution.ErrBlobUnknown {
-					errs = append(errs, err)
-				}
-
-				// On error here, we always append unknown blob errors.
-				errs = append(errs, distribution.ErrManifestBlobUnknown{Digest: fsLayer.Digest})
-			}
-		}
-	}
-	if len(errs) != 0 {
-		return errs
-	}
-
-	return nil
-}
diff --git a/vendor/github.com/docker/distribution/registry/storage/tagstore.go b/vendor/github.com/docker/distribution/registry/storage/tagstore.go
deleted file mode 100644
index a3c766b4f..000000000
--- a/vendor/github.com/docker/distribution/registry/storage/tagstore.go
+++ /dev/null
@@ -1,179 +0,0 @@
-package storage
-
-import (
-	"context"
-	"path"
-
-	"github.com/docker/distribution"
-	storagedriver "github.com/docker/distribution/registry/storage/driver"
-	"github.com/opencontainers/go-digest"
-)
-
-var _ distribution.TagService = &tagStore{}
-
-// tagStore provides methods to manage manifest tags in a backend storage driver.
-// This implementation uses the same on-disk layout as the (now deleted) tag
-// store.  This provides backward compatibility with current registry deployments
-// which only makes use of the Digest field of the returned distribution.Descriptor
-// but does not enable full roundtripping of Descriptor objects
-type tagStore struct {
-	repository *repository
-	blobStore  *blobStore
-}
-
-// All returns all tags
-func (ts *tagStore) All(ctx context.Context) ([]string, error) {
-	var tags []string
-
-	pathSpec, err := pathFor(manifestTagPathSpec{
-		name: ts.repository.Named().Name(),
-	})
-	if err != nil {
-		return tags, err
-	}
-
-	entries, err := ts.blobStore.driver.List(ctx, pathSpec)
-	if err != nil {
-		switch err := err.(type) {
-		case storagedriver.PathNotFoundError:
-			return tags, distribution.ErrRepositoryUnknown{Name: ts.repository.Named().Name()}
-		default:
-			return tags, err
-		}
-	}
-
-	for _, entry := range entries {
-		_, filename := path.Split(entry)
-		tags = append(tags, filename)
-	}
-
-	return tags, nil
-}
-
-// Tag tags the digest with the given tag, updating the the store to point at
-// the current tag. The digest must point to a manifest.
-func (ts *tagStore) Tag(ctx context.Context, tag string, desc distribution.Descriptor) error {
-	currentPath, err := pathFor(manifestTagCurrentPathSpec{
-		name: ts.repository.Named().Name(),
-		tag:  tag,
-	})
-
-	if err != nil {
-		return err
-	}
-
-	lbs := ts.linkedBlobStore(ctx, tag)
-
-	// Link into the index
-	if err := lbs.linkBlob(ctx, desc); err != nil {
-		return err
-	}
-
-	// Overwrite the current link
-	return ts.blobStore.link(ctx, currentPath, desc.Digest)
-}
-
-// resolve the current revision for name and tag.
-func (ts *tagStore) Get(ctx context.Context, tag string) (distribution.Descriptor, error) {
-	currentPath, err := pathFor(manifestTagCurrentPathSpec{
-		name: ts.repository.Named().Name(),
-		tag:  tag,
-	})
-
-	if err != nil {
-		return distribution.Descriptor{}, err
-	}
-
-	revision, err := ts.blobStore.readlink(ctx, currentPath)
-	if err != nil {
-		switch err.(type) {
-		case storagedriver.PathNotFoundError:
-			return distribution.Descriptor{}, distribution.ErrTagUnknown{Tag: tag}
-		}
-
-		return distribution.Descriptor{}, err
-	}
-
-	return distribution.Descriptor{Digest: revision}, nil
-}
-
-// Untag removes the tag association
-func (ts *tagStore) Untag(ctx context.Context, tag string) error {
-	tagPath, err := pathFor(manifestTagPathSpec{
-		name: ts.repository.Named().Name(),
-		tag:  tag,
-	})
-	if err != nil {
-		return err
-	}
-
-	if err := ts.blobStore.driver.Delete(ctx, tagPath); err != nil {
-		switch err.(type) {
-		case storagedriver.PathNotFoundError:
-			return nil // Untag is idempotent, we don't care if it didn't exist
-		default:
-			return err
-		}
-	}
-
-	return nil
-}
-
-// linkedBlobStore returns the linkedBlobStore for the named tag, allowing one
-// to index manifest blobs by tag name. While the tag store doesn't map
-// precisely to the linked blob store, using this ensures the links are
-// managed via the same code path.
-func (ts *tagStore) linkedBlobStore(ctx context.Context, tag string) *linkedBlobStore {
-	return &linkedBlobStore{
-		blobStore:  ts.blobStore,
-		repository: ts.repository,
-		ctx:        ctx,
-		linkPathFns: []linkPathFunc{func(name string, dgst digest.Digest) (string, error) {
-			return pathFor(manifestTagIndexEntryLinkPathSpec{
-				name:     name,
-				tag:      tag,
-				revision: dgst,
-			})
-
-		}},
-	}
-}
-
-// Lookup recovers a list of tags which refer to this digest.  When a manifest is deleted by
-// digest, tag entries which point to it need to be recovered to avoid dangling tags.
-func (ts *tagStore) Lookup(ctx context.Context, desc distribution.Descriptor) ([]string, error) {
-	allTags, err := ts.All(ctx)
-	switch err.(type) {
-	case distribution.ErrRepositoryUnknown:
-		// This tag store has been initialized but not yet populated
-		break
-	case nil:
-		break
-	default:
-		return nil, err
-	}
-
-	var tags []string
-	for _, tag := range allTags {
-		tagLinkPathSpec := manifestTagCurrentPathSpec{
-			name: ts.repository.Named().Name(),
-			tag:  tag,
-		}
-
-		tagLinkPath, _ := pathFor(tagLinkPathSpec)
-		tagDigest, err := ts.blobStore.readlink(ctx, tagLinkPath)
-		if err != nil {
-			switch err.(type) {
-			case storagedriver.PathNotFoundError:
-				continue
-			}
-			return nil, err
-		}
-
-		if tagDigest == desc.Digest {
-			tags = append(tags, tag)
-		}
-	}
-
-	return tags, nil
-}
diff --git a/vendor/github.com/docker/distribution/registry/storage/v1unsupportedhandler.go b/vendor/github.com/docker/distribution/registry/storage/v1unsupportedhandler.go
deleted file mode 100644
index fb6ca14e3..000000000
--- a/vendor/github.com/docker/distribution/registry/storage/v1unsupportedhandler.go
+++ /dev/null
@@ -1,23 +0,0 @@
-package storage
-
-import (
-	"context"
-
-	"github.com/docker/distribution"
-	digest "github.com/opencontainers/go-digest"
-)
-
-// signedManifestHandler is a ManifestHandler that unmarshals v1 manifests but
-// refuses to Put v1 manifests
-type v1UnsupportedHandler struct {
-	innerHandler ManifestHandler
-}
-
-var _ ManifestHandler = &v1UnsupportedHandler{}
-
-func (v *v1UnsupportedHandler) Unmarshal(ctx context.Context, dgst digest.Digest, content []byte) (distribution.Manifest, error) {
-	return v.innerHandler.Unmarshal(ctx, dgst, content)
-}
-func (v *v1UnsupportedHandler) Put(ctx context.Context, manifest distribution.Manifest, skipDependencyVerification bool) (digest.Digest, error) {
-	return digest.Digest(""), distribution.ErrSchemaV1Unsupported
-}
diff --git a/vendor/github.com/docker/distribution/registry/storage/vacuum.go b/vendor/github.com/docker/distribution/registry/storage/vacuum.go
deleted file mode 100644
index a43db17a4..000000000
--- a/vendor/github.com/docker/distribution/registry/storage/vacuum.go
+++ /dev/null
@@ -1,102 +0,0 @@
-package storage
-
-import (
-	"context"
-	"path"
-
-	dcontext "github.com/docker/distribution/context"
-	"github.com/docker/distribution/registry/storage/driver"
-	"github.com/opencontainers/go-digest"
-)
-
-// vacuum contains functions for cleaning up repositories and blobs
-// These functions will only reliably work on strongly consistent
-// storage systems.
-// https://en.wikipedia.org/wiki/Consistency_model
-
-// NewVacuum creates a new Vacuum
-func NewVacuum(ctx context.Context, driver driver.StorageDriver) Vacuum {
-	return Vacuum{
-		ctx:    ctx,
-		driver: driver,
-	}
-}
-
-// Vacuum removes content from the filesystem
-type Vacuum struct {
-	driver driver.StorageDriver
-	ctx    context.Context
-}
-
-// RemoveBlob removes a blob from the filesystem
-func (v Vacuum) RemoveBlob(dgst string) error {
-	d, err := digest.Parse(dgst)
-	if err != nil {
-		return err
-	}
-
-	blobPath, err := pathFor(blobPathSpec{digest: d})
-	if err != nil {
-		return err
-	}
-
-	dcontext.GetLogger(v.ctx).Infof("Deleting blob: %s", blobPath)
-
-	err = v.driver.Delete(v.ctx, blobPath)
-	if err != nil {
-		return err
-	}
-
-	return nil
-}
-
-// RemoveManifest removes a manifest from the filesystem
-func (v Vacuum) RemoveManifest(name string, dgst digest.Digest, tags []string) error {
-	// remove a tag manifest reference, in case of not found continue to next one
-	for _, tag := range tags {
-
-		tagsPath, err := pathFor(manifestTagIndexEntryPathSpec{name: name, revision: dgst, tag: tag})
-		if err != nil {
-			return err
-		}
-
-		_, err = v.driver.Stat(v.ctx, tagsPath)
-		if err != nil {
-			switch err := err.(type) {
-			case driver.PathNotFoundError:
-				continue
-			default:
-				return err
-			}
-		}
-		dcontext.GetLogger(v.ctx).Infof("deleting manifest tag reference: %s", tagsPath)
-		err = v.driver.Delete(v.ctx, tagsPath)
-		if err != nil {
-			return err
-		}
-	}
-
-	manifestPath, err := pathFor(manifestRevisionPathSpec{name: name, revision: dgst})
-	if err != nil {
-		return err
-	}
-	dcontext.GetLogger(v.ctx).Infof("deleting manifest: %s", manifestPath)
-	return v.driver.Delete(v.ctx, manifestPath)
-}
-
-// RemoveRepository removes a repository directory from the
-// filesystem
-func (v Vacuum) RemoveRepository(repoName string) error {
-	rootForRepository, err := pathFor(repositoriesRootPathSpec{})
-	if err != nil {
-		return err
-	}
-	repoDir := path.Join(rootForRepository, repoName)
-	dcontext.GetLogger(v.ctx).Infof("Deleting repo: %s", repoDir)
-	err = v.driver.Delete(v.ctx, repoDir)
-	if err != nil {
-		return err
-	}
-
-	return nil
-}
diff --git a/vendor/github.com/docker/distribution/testutil/handler.go b/vendor/github.com/docker/distribution/testutil/handler.go
deleted file mode 100644
index 00cd8a6ac..000000000
--- a/vendor/github.com/docker/distribution/testutil/handler.go
+++ /dev/null
@@ -1,148 +0,0 @@
-package testutil
-
-import (
-	"bytes"
-	"fmt"
-	"io"
-	"io/ioutil"
-	"net/http"
-	"net/url"
-	"sort"
-	"strings"
-)
-
-// RequestResponseMap is an ordered mapping from Requests to Responses
-type RequestResponseMap []RequestResponseMapping
-
-// RequestResponseMapping defines a Response to be sent in response to a given
-// Request
-type RequestResponseMapping struct {
-	Request  Request
-	Response Response
-}
-
-// Request is a simplified http.Request object
-type Request struct {
-	// Method is the http method of the request, for example GET
-	Method string
-
-	// Route is the http route of this request
-	Route string
-
-	// QueryParams are the query parameters of this request
-	QueryParams map[string][]string
-
-	// Body is the byte contents of the http request
-	Body []byte
-
-	// Headers are the header for this request
-	Headers http.Header
-}
-
-func (r Request) String() string {
-	queryString := ""
-	if len(r.QueryParams) > 0 {
-		keys := make([]string, 0, len(r.QueryParams))
-		queryParts := make([]string, 0, len(r.QueryParams))
-		for k := range r.QueryParams {
-			keys = append(keys, k)
-		}
-		sort.Strings(keys)
-		for _, k := range keys {
-			for _, val := range r.QueryParams[k] {
-				queryParts = append(queryParts, fmt.Sprintf("%s=%s", k, url.QueryEscape(val)))
-			}
-		}
-		queryString = "?" + strings.Join(queryParts, "&")
-	}
-	var headers []string
-	if len(r.Headers) > 0 {
-		var headerKeys []string
-		for k := range r.Headers {
-			headerKeys = append(headerKeys, k)
-		}
-		sort.Strings(headerKeys)
-
-		for _, k := range headerKeys {
-			for _, val := range r.Headers[k] {
-				headers = append(headers, fmt.Sprintf("%s:%s", k, val))
-			}
-		}
-
-	}
-	return fmt.Sprintf("%s %s%s\n%s\n%s", r.Method, r.Route, queryString, headers, r.Body)
-}
-
-// Response is a simplified http.Response object
-type Response struct {
-	// Statuscode is the http status code of the Response
-	StatusCode int
-
-	// Headers are the http headers of this Response
-	Headers http.Header
-
-	// Body is the response body
-	Body []byte
-}
-
-// testHandler is an http.Handler with a defined mapping from Request to an
-// ordered list of Response objects
-type testHandler struct {
-	responseMap map[string][]Response
-}
-
-// NewHandler returns a new test handler that responds to defined requests
-// with specified responses
-// Each time a Request is received, the next Response is returned in the
-// mapping, until no Responses are defined, at which point a 404 is sent back
-func NewHandler(requestResponseMap RequestResponseMap) http.Handler {
-	responseMap := make(map[string][]Response)
-	for _, mapping := range requestResponseMap {
-		responses, ok := responseMap[mapping.Request.String()]
-		if ok {
-			responseMap[mapping.Request.String()] = append(responses, mapping.Response)
-		} else {
-			responseMap[mapping.Request.String()] = []Response{mapping.Response}
-		}
-	}
-	return &testHandler{responseMap: responseMap}
-}
-
-func (app *testHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
-	defer r.Body.Close()
-
-	requestBody, _ := ioutil.ReadAll(r.Body)
-	request := Request{
-		Method:      r.Method,
-		Route:       r.URL.Path,
-		QueryParams: r.URL.Query(),
-		Body:        requestBody,
-		Headers:     make(map[string][]string),
-	}
-
-	// Add headers of interest here
-	for k, v := range r.Header {
-		if k == "If-None-Match" {
-			request.Headers[k] = v
-		}
-	}
-
-	responses, ok := app.responseMap[request.String()]
-
-	if !ok || len(responses) == 0 {
-		http.NotFound(w, r)
-		return
-	}
-
-	response := responses[0]
-	app.responseMap[request.String()] = responses[1:]
-
-	responseHeader := w.Header()
-	for k, v := range response.Headers {
-		responseHeader[k] = v
-	}
-
-	w.WriteHeader(response.StatusCode)
-
-	io.Copy(w, bytes.NewReader(response.Body))
-}
diff --git a/vendor/github.com/docker/distribution/testutil/manifests.go b/vendor/github.com/docker/distribution/testutil/manifests.go
deleted file mode 100644
index 8afe82e48..000000000
--- a/vendor/github.com/docker/distribution/testutil/manifests.go
+++ /dev/null
@@ -1,87 +0,0 @@
-package testutil
-
-import (
-	"fmt"
-
-	"github.com/docker/distribution"
-	"github.com/docker/distribution/context"
-	"github.com/docker/distribution/manifest"
-	"github.com/docker/distribution/manifest/manifestlist"
-	"github.com/docker/distribution/manifest/schema1"
-	"github.com/docker/distribution/manifest/schema2"
-	"github.com/docker/libtrust"
-	"github.com/opencontainers/go-digest"
-)
-
-// MakeManifestList constructs a manifest list out of a list of manifest digests
-func MakeManifestList(blobstatter distribution.BlobStatter, manifestDigests []digest.Digest) (*manifestlist.DeserializedManifestList, error) {
-	ctx := context.Background()
-
-	var manifestDescriptors []manifestlist.ManifestDescriptor
-	for _, manifestDigest := range manifestDigests {
-		descriptor, err := blobstatter.Stat(ctx, manifestDigest)
-		if err != nil {
-			return nil, err
-		}
-		platformSpec := manifestlist.PlatformSpec{
-			Architecture: "atari2600",
-			OS:           "CP/M",
-			Variant:      "ternary",
-			Features:     []string{"VLIW", "superscalaroutoforderdevnull"},
-		}
-		manifestDescriptor := manifestlist.ManifestDescriptor{
-			Descriptor: descriptor,
-			Platform:   platformSpec,
-		}
-		manifestDescriptors = append(manifestDescriptors, manifestDescriptor)
-	}
-
-	return manifestlist.FromDescriptors(manifestDescriptors)
-}
-
-// MakeSchema1Manifest constructs a schema 1 manifest from a given list of digests and returns
-// the digest of the manifest
-func MakeSchema1Manifest(digests []digest.Digest) (distribution.Manifest, error) {
-	manifest := schema1.Manifest{
-		Versioned: manifest.Versioned{
-			SchemaVersion: 1,
-		},
-		Name: "who",
-		Tag:  "cares",
-	}
-
-	for _, digest := range digests {
-		manifest.FSLayers = append(manifest.FSLayers, schema1.FSLayer{BlobSum: digest})
-		manifest.History = append(manifest.History, schema1.History{V1Compatibility: ""})
-	}
-
-	pk, err := libtrust.GenerateECP256PrivateKey()
-	if err != nil {
-		return nil, fmt.Errorf("unexpected error generating private key: %v", err)
-	}
-
-	signedManifest, err := schema1.Sign(&manifest, pk)
-	if err != nil {
-		return nil, fmt.Errorf("error signing manifest: %v", err)
-	}
-
-	return signedManifest, nil
-}
-
-// MakeSchema2Manifest constructs a schema 2 manifest from a given list of digests and returns
-// the digest of the manifest
-func MakeSchema2Manifest(repository distribution.Repository, digests []digest.Digest) (distribution.Manifest, error) {
-	ctx := context.Background()
-	blobStore := repository.Blobs(ctx)
-	builder := schema2.NewManifestBuilder(blobStore, schema2.MediaTypeImageConfig, []byte{})
-	for _, digest := range digests {
-		builder.AppendReference(distribution.Descriptor{Digest: digest})
-	}
-
-	manifest, err := builder.Build(ctx)
-	if err != nil {
-		return nil, fmt.Errorf("unexpected error generating manifest: %v", err)
-	}
-
-	return manifest, nil
-}
diff --git a/vendor/github.com/docker/distribution/testutil/tarfile.go b/vendor/github.com/docker/distribution/testutil/tarfile.go
deleted file mode 100644
index 2ebd364a2..000000000
--- a/vendor/github.com/docker/distribution/testutil/tarfile.go
+++ /dev/null
@@ -1,114 +0,0 @@
-package testutil
-
-import (
-	"archive/tar"
-	"bytes"
-	"fmt"
-	"io"
-	mrand "math/rand"
-	"time"
-
-	"github.com/docker/distribution"
-	"github.com/docker/distribution/context"
-	"github.com/opencontainers/go-digest"
-)
-
-// CreateRandomTarFile creates a random tarfile, returning it as an
-// io.ReadSeeker along with its digest. An error is returned if there is a
-// problem generating valid content.
-func CreateRandomTarFile() (rs io.ReadSeeker, dgst digest.Digest, err error) {
-	nFiles := mrand.Intn(10) + 10
-	target := &bytes.Buffer{}
-	wr := tar.NewWriter(target)
-
-	// Perturb this on each iteration of the loop below.
-	header := &tar.Header{
-		Mode:       0644,
-		ModTime:    time.Now(),
-		Typeflag:   tar.TypeReg,
-		Uname:      "randocalrissian",
-		Gname:      "cloudcity",
-		AccessTime: time.Now(),
-		ChangeTime: time.Now(),
-	}
-
-	for fileNumber := 0; fileNumber < nFiles; fileNumber++ {
-		fileSize := mrand.Int63n(1<<20) + 1<<20
-
-		header.Name = fmt.Sprint(fileNumber)
-		header.Size = fileSize
-
-		if err := wr.WriteHeader(header); err != nil {
-			return nil, "", err
-		}
-
-		randomData := make([]byte, fileSize)
-
-		// Fill up the buffer with some random data.
-		n, err := mrand.Read(randomData)
-
-		if n != len(randomData) {
-			return nil, "", fmt.Errorf("short read creating random reader: %v bytes != %v bytes", n, len(randomData))
-		}
-
-		if err != nil {
-			return nil, "", err
-		}
-
-		nn, err := io.Copy(wr, bytes.NewReader(randomData))
-		if nn != fileSize {
-			return nil, "", fmt.Errorf("short copy writing random file to tar")
-		}
-
-		if err != nil {
-			return nil, "", err
-		}
-
-		if err := wr.Flush(); err != nil {
-			return nil, "", err
-		}
-	}
-
-	if err := wr.Close(); err != nil {
-		return nil, "", err
-	}
-
-	dgst = digest.FromBytes(target.Bytes())
-
-	return bytes.NewReader(target.Bytes()), dgst, nil
-}
-
-// CreateRandomLayers returns a map of n digests. We don't particularly care
-// about the order of said digests (since they're all random anyway).
-func CreateRandomLayers(n int) (map[digest.Digest]io.ReadSeeker, error) {
-	digestMap := map[digest.Digest]io.ReadSeeker{}
-	for i := 0; i < n; i++ {
-		rs, ds, err := CreateRandomTarFile()
-		if err != nil {
-			return nil, fmt.Errorf("unexpected error generating test layer file: %v", err)
-		}
-
-		digestMap[ds] = rs
-	}
-	return digestMap, nil
-}
-
-// UploadBlobs lets you upload blobs to a repository
-func UploadBlobs(repository distribution.Repository, layers map[digest.Digest]io.ReadSeeker) error {
-	ctx := context.Background()
-	for digest, rs := range layers {
-		wr, err := repository.Blobs(ctx).Create(ctx)
-		if err != nil {
-			return fmt.Errorf("unexpected error creating upload: %v", err)
-		}
-
-		if _, err := io.Copy(wr, rs); err != nil {
-			return fmt.Errorf("unexpected error copying to upload: %v", err)
-		}
-
-		if _, err := wr.Commit(ctx, distribution.Descriptor{Digest: digest}); err != nil {
-			return fmt.Errorf("unexpected error committinng upload: %v", err)
-		}
-	}
-	return nil
-}
diff --git a/vendor/github.com/docker/distribution/version/print.go b/vendor/github.com/docker/distribution/version/print.go
deleted file mode 100644
index 318ac6953..000000000
--- a/vendor/github.com/docker/distribution/version/print.go
+++ /dev/null
@@ -1,25 +0,0 @@
-package version
-
-import (
-	"fmt"
-	"io"
-	"os"
-)
-
-// FprintVersion outputs the version string to the writer, in the following
-// format, followed by a newline:
-//
-//	<cmd> <project> <version>
-//
-// For example, a binary "registry" built from github.com/docker/distribution
-// with version "v2.0" would print the following:
-//
-//	registry github.com/docker/distribution v2.0
-func FprintVersion(w io.Writer) {
-	fmt.Fprintln(w, os.Args[0], Package, Version)
-}
-
-// PrintVersion outputs the version information, from Fprint, to stdout.
-func PrintVersion() {
-	FprintVersion(os.Stdout)
-}
diff --git a/vendor/github.com/docker/distribution/version/version.go b/vendor/github.com/docker/distribution/version/version.go
deleted file mode 100644
index 567610d9d..000000000
--- a/vendor/github.com/docker/distribution/version/version.go
+++ /dev/null
@@ -1,15 +0,0 @@
-package version
-
-// Package is the overall, canonical project import path under which the
-// package was built.
-var Package = "github.com/docker/distribution"
-
-// Version indicates which version of the binary is running. This is set to
-// the latest release tag by hand, always suffixed by "+unknown". During
-// build, it will be replaced by the actual version. The value here will be
-// used if the registry is run after a go get based install.
-var Version = "v2.8.2+unknown"
-
-// Revision is filled with the VCS (e.g. git) revision being used to build
-// the program at linking time.
-var Revision = ""
diff --git a/vendor/github.com/docker/distribution/version/version.sh b/vendor/github.com/docker/distribution/version/version.sh
deleted file mode 100644
index dd8296968..000000000
--- a/vendor/github.com/docker/distribution/version/version.sh
+++ /dev/null
@@ -1,26 +0,0 @@
-#!/bin/sh
-
-# This bash script outputs the current, desired content of version.go, using
-# git describe. For best effect, pipe this to the target file. Generally, this
-# only needs to updated for releases. The actual value of will be replaced
-# during build time if the makefile is used.
-
-set -e
-
-cat <<EOF
-package version
-
-// Package is the overall, canonical project import path under which the
-// package was built.
-var Package = "$(go list)"
-
-// Version indicates which version of the binary is running. This is set to
-// the latest release tag by hand, always suffixed by "+unknown". During
-// build, it will be replaced by the actual version. The value here will be
-// used if the registry is run after a go install based install.
-var Version = "$(git describe --match 'v[0-9]*' --dirty='.m' --always)+unknown"
-
-// Revision is filled with the VCS (e.g. git) revision being used to build
-// the program at linking time.
-var Revision = ""
-EOF
diff --git a/vendor/github.com/docker/libtrust/CONTRIBUTING.md b/vendor/github.com/docker/libtrust/CONTRIBUTING.md
deleted file mode 100644
index 05be0f8ab..000000000
--- a/vendor/github.com/docker/libtrust/CONTRIBUTING.md
+++ /dev/null
@@ -1,13 +0,0 @@
-# Contributing to libtrust
-
-Want to hack on libtrust? Awesome! Here are instructions to get you
-started.
-
-libtrust is a part of the [Docker](https://www.docker.com) project, and follows
-the same rules and principles. If you're already familiar with the way
-Docker does things, you'll feel right at home.
-
-Otherwise, go read
-[Docker's contributions guidelines](https://github.com/docker/docker/blob/master/CONTRIBUTING.md).
-
-Happy hacking!
diff --git a/vendor/github.com/docker/libtrust/LICENSE b/vendor/github.com/docker/libtrust/LICENSE
deleted file mode 100644
index 27448585a..000000000
--- a/vendor/github.com/docker/libtrust/LICENSE
+++ /dev/null
@@ -1,191 +0,0 @@
-
-                                 Apache License
-                           Version 2.0, January 2004
-                        http://www.apache.org/licenses/
-
-   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
-
-   1. Definitions.
-
-      "License" shall mean the terms and conditions for use, reproduction,
-      and distribution as defined by Sections 1 through 9 of this document.
-
-      "Licensor" shall mean the copyright owner or entity authorized by
-      the copyright owner that is granting the License.
-
-      "Legal Entity" shall mean the union of the acting entity and all
-      other entities that control, are controlled by, or are under common
-      control with that entity. For the purposes of this definition,
-      "control" means (i) the power, direct or indirect, to cause the
-      direction or management of such entity, whether by contract or
-      otherwise, or (ii) ownership of fifty percent (50%) or more of the
-      outstanding shares, or (iii) beneficial ownership of such entity.
-
-      "You" (or "Your") shall mean an individual or Legal Entity
-      exercising permissions granted by this License.
-
-      "Source" form shall mean the preferred form for making modifications,
-      including but not limited to software source code, documentation
-      source, and configuration files.
-
-      "Object" form shall mean any form resulting from mechanical
-      transformation or translation of a Source form, including but
-      not limited to compiled object code, generated documentation,
-      and conversions to other media types.
-
-      "Work" shall mean the work of authorship, whether in Source or
-      Object form, made available under the License, as indicated by a
-      copyright notice that is included in or attached to the work
-      (an example is provided in the Appendix below).
-
-      "Derivative Works" shall mean any work, whether in Source or Object
-      form, that is based on (or derived from) the Work and for which the
-      editorial revisions, annotations, elaborations, or other modifications
-      represent, as a whole, an original work of authorship. For the purposes
-      of this License, Derivative Works shall not include works that remain
-      separable from, or merely link (or bind by name) to the interfaces of,
-      the Work and Derivative Works thereof.
-
-      "Contribution" shall mean any work of authorship, including
-      the original version of the Work and any modifications or additions
-      to that Work or Derivative Works thereof, that is intentionally
-      submitted to Licensor for inclusion in the Work by the copyright owner
-      or by an individual or Legal Entity authorized to submit on behalf of
-      the copyright owner. For the purposes of this definition, "submitted"
-      means any form of electronic, verbal, or written communication sent
-      to the Licensor or its representatives, including but not limited to
-      communication on electronic mailing lists, source code control systems,
-      and issue tracking systems that are managed by, or on behalf of, the
-      Licensor for the purpose of discussing and improving the Work, but
-      excluding communication that is conspicuously marked or otherwise
-      designated in writing by the copyright owner as "Not a Contribution."
-
-      "Contributor" shall mean Licensor and any individual or Legal Entity
-      on behalf of whom a Contribution has been received by Licensor and
-      subsequently incorporated within the Work.
-
-   2. Grant of Copyright License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      copyright license to reproduce, prepare Derivative Works of,
-      publicly display, publicly perform, sublicense, and distribute the
-      Work and such Derivative Works in Source or Object form.
-
-   3. Grant of Patent License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      (except as stated in this section) patent license to make, have made,
-      use, offer to sell, sell, import, and otherwise transfer the Work,
-      where such license applies only to those patent claims licensable
-      by such Contributor that are necessarily infringed by their
-      Contribution(s) alone or by combination of their Contribution(s)
-      with the Work to which such Contribution(s) was submitted. If You
-      institute patent litigation against any entity (including a
-      cross-claim or counterclaim in a lawsuit) alleging that the Work
-      or a Contribution incorporated within the Work constitutes direct
-      or contributory patent infringement, then any patent licenses
-      granted to You under this License for that Work shall terminate
-      as of the date such litigation is filed.
-
-   4. Redistribution. You may reproduce and distribute copies of the
-      Work or Derivative Works thereof in any medium, with or without
-      modifications, and in Source or Object form, provided that You
-      meet the following conditions:
-
-      (a) You must give any other recipients of the Work or
-          Derivative Works a copy of this License; and
-
-      (b) You must cause any modified files to carry prominent notices
-          stating that You changed the files; and
-
-      (c) You must retain, in the Source form of any Derivative Works
-          that You distribute, all copyright, patent, trademark, and
-          attribution notices from the Source form of the Work,
-          excluding those notices that do not pertain to any part of
-          the Derivative Works; and
-
-      (d) If the Work includes a "NOTICE" text file as part of its
-          distribution, then any Derivative Works that You distribute must
-          include a readable copy of the attribution notices contained
-          within such NOTICE file, excluding those notices that do not
-          pertain to any part of the Derivative Works, in at least one
-          of the following places: within a NOTICE text file distributed
-          as part of the Derivative Works; within the Source form or
-          documentation, if provided along with the Derivative Works; or,
-          within a display generated by the Derivative Works, if and
-          wherever such third-party notices normally appear. The contents
-          of the NOTICE file are for informational purposes only and
-          do not modify the License. You may add Your own attribution
-          notices within Derivative Works that You distribute, alongside
-          or as an addendum to the NOTICE text from the Work, provided
-          that such additional attribution notices cannot be construed
-          as modifying the License.
-
-      You may add Your own copyright statement to Your modifications and
-      may provide additional or different license terms and conditions
-      for use, reproduction, or distribution of Your modifications, or
-      for any such Derivative Works as a whole, provided Your use,
-      reproduction, and distribution of the Work otherwise complies with
-      the conditions stated in this License.
-
-   5. Submission of Contributions. Unless You explicitly state otherwise,
-      any Contribution intentionally submitted for inclusion in the Work
-      by You to the Licensor shall be under the terms and conditions of
-      this License, without any additional terms or conditions.
-      Notwithstanding the above, nothing herein shall supersede or modify
-      the terms of any separate license agreement you may have executed
-      with Licensor regarding such Contributions.
-
-   6. Trademarks. This License does not grant permission to use the trade
-      names, trademarks, service marks, or product names of the Licensor,
-      except as required for reasonable and customary use in describing the
-      origin of the Work and reproducing the content of the NOTICE file.
-
-   7. Disclaimer of Warranty. Unless required by applicable law or
-      agreed to in writing, Licensor provides the Work (and each
-      Contributor provides its Contributions) on an "AS IS" BASIS,
-      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
-      implied, including, without limitation, any warranties or conditions
-      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
-      PARTICULAR PURPOSE. You are solely responsible for determining the
-      appropriateness of using or redistributing the Work and assume any
-      risks associated with Your exercise of permissions under this License.
-
-   8. Limitation of Liability. In no event and under no legal theory,
-      whether in tort (including negligence), contract, or otherwise,
-      unless required by applicable law (such as deliberate and grossly
-      negligent acts) or agreed to in writing, shall any Contributor be
-      liable to You for damages, including any direct, indirect, special,
-      incidental, or consequential damages of any character arising as a
-      result of this License or out of the use or inability to use the
-      Work (including but not limited to damages for loss of goodwill,
-      work stoppage, computer failure or malfunction, or any and all
-      other commercial damages or losses), even if such Contributor
-      has been advised of the possibility of such damages.
-
-   9. Accepting Warranty or Additional Liability. While redistributing
-      the Work or Derivative Works thereof, You may choose to offer,
-      and charge a fee for, acceptance of support, warranty, indemnity,
-      or other liability obligations and/or rights consistent with this
-      License. However, in accepting such obligations, You may act only
-      on Your own behalf and on Your sole responsibility, not on behalf
-      of any other Contributor, and only if You agree to indemnify,
-      defend, and hold each Contributor harmless for any liability
-      incurred by, or claims asserted against, such Contributor by reason
-      of your accepting any such warranty or additional liability.
-
-   END OF TERMS AND CONDITIONS
-
-   Copyright 2014 Docker, Inc.
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
diff --git a/vendor/github.com/docker/libtrust/MAINTAINERS b/vendor/github.com/docker/libtrust/MAINTAINERS
deleted file mode 100644
index 9768175fe..000000000
--- a/vendor/github.com/docker/libtrust/MAINTAINERS
+++ /dev/null
@@ -1,3 +0,0 @@
-Solomon Hykes <solomon@docker.com>
-Josh Hawn <josh@docker.com> (github: jlhawn)
-Derek McGowan <derek@docker.com> (github: dmcgowan)
diff --git a/vendor/github.com/docker/libtrust/README.md b/vendor/github.com/docker/libtrust/README.md
deleted file mode 100644
index dcffb31ae..000000000
--- a/vendor/github.com/docker/libtrust/README.md
+++ /dev/null
@@ -1,22 +0,0 @@
-# libtrust
-
-> **WARNING** this library is no longer actively developed, and will be integrated
-> in the [docker/distribution][https://www.github.com/docker/distribution]
-> repository in future.
-
-Libtrust is library for managing authentication and authorization using public key cryptography.
-
-Authentication is handled using the identity attached to the public key.
-Libtrust provides multiple methods to prove possession of the private key associated with an identity.
- - TLS x509 certificates
- - Signature verification
- - Key Challenge
-
-Authorization and access control is managed through a distributed trust graph.
-Trust servers are used as the authorities of the trust graph and allow caching portions of the graph for faster access.
-
-## Copyright and license
-
-Code and documentation copyright 2014 Docker, inc. Code released under the Apache 2.0 license.
-Docs released under Creative commons.
-
diff --git a/vendor/github.com/docker/libtrust/certificates.go b/vendor/github.com/docker/libtrust/certificates.go
deleted file mode 100644
index 3dcca33cb..000000000
--- a/vendor/github.com/docker/libtrust/certificates.go
+++ /dev/null
@@ -1,175 +0,0 @@
-package libtrust
-
-import (
-	"crypto/rand"
-	"crypto/x509"
-	"crypto/x509/pkix"
-	"encoding/pem"
-	"fmt"
-	"io/ioutil"
-	"math/big"
-	"net"
-	"time"
-)
-
-type certTemplateInfo struct {
-	commonName  string
-	domains     []string
-	ipAddresses []net.IP
-	isCA        bool
-	clientAuth  bool
-	serverAuth  bool
-}
-
-func generateCertTemplate(info *certTemplateInfo) *x509.Certificate {
-	// Generate a certificate template which is valid from the past week to
-	// 10 years from now. The usage of the certificate depends on the
-	// specified fields in the given certTempInfo object.
-	var (
-		keyUsage    x509.KeyUsage
-		extKeyUsage []x509.ExtKeyUsage
-	)
-
-	if info.isCA {
-		keyUsage = x509.KeyUsageCertSign
-	}
-
-	if info.clientAuth {
-		extKeyUsage = append(extKeyUsage, x509.ExtKeyUsageClientAuth)
-	}
-
-	if info.serverAuth {
-		extKeyUsage = append(extKeyUsage, x509.ExtKeyUsageServerAuth)
-	}
-
-	return &x509.Certificate{
-		SerialNumber: big.NewInt(0),
-		Subject: pkix.Name{
-			CommonName: info.commonName,
-		},
-		NotBefore:             time.Now().Add(-time.Hour * 24 * 7),
-		NotAfter:              time.Now().Add(time.Hour * 24 * 365 * 10),
-		DNSNames:              info.domains,
-		IPAddresses:           info.ipAddresses,
-		IsCA:                  info.isCA,
-		KeyUsage:              keyUsage,
-		ExtKeyUsage:           extKeyUsage,
-		BasicConstraintsValid: info.isCA,
-	}
-}
-
-func generateCert(pub PublicKey, priv PrivateKey, subInfo, issInfo *certTemplateInfo) (cert *x509.Certificate, err error) {
-	pubCertTemplate := generateCertTemplate(subInfo)
-	privCertTemplate := generateCertTemplate(issInfo)
-
-	certDER, err := x509.CreateCertificate(
-		rand.Reader, pubCertTemplate, privCertTemplate,
-		pub.CryptoPublicKey(), priv.CryptoPrivateKey(),
-	)
-	if err != nil {
-		return nil, fmt.Errorf("failed to create certificate: %s", err)
-	}
-
-	cert, err = x509.ParseCertificate(certDER)
-	if err != nil {
-		return nil, fmt.Errorf("failed to parse certificate: %s", err)
-	}
-
-	return
-}
-
-// GenerateSelfSignedServerCert creates a self-signed certificate for the
-// given key which is to be used for TLS servers with the given domains and
-// IP addresses.
-func GenerateSelfSignedServerCert(key PrivateKey, domains []string, ipAddresses []net.IP) (*x509.Certificate, error) {
-	info := &certTemplateInfo{
-		commonName:  key.KeyID(),
-		domains:     domains,
-		ipAddresses: ipAddresses,
-		serverAuth:  true,
-	}
-
-	return generateCert(key.PublicKey(), key, info, info)
-}
-
-// GenerateSelfSignedClientCert creates a self-signed certificate for the
-// given key which is to be used for TLS clients.
-func GenerateSelfSignedClientCert(key PrivateKey) (*x509.Certificate, error) {
-	info := &certTemplateInfo{
-		commonName: key.KeyID(),
-		clientAuth: true,
-	}
-
-	return generateCert(key.PublicKey(), key, info, info)
-}
-
-// GenerateCACert creates a certificate which can be used as a trusted
-// certificate authority.
-func GenerateCACert(signer PrivateKey, trustedKey PublicKey) (*x509.Certificate, error) {
-	subjectInfo := &certTemplateInfo{
-		commonName: trustedKey.KeyID(),
-		isCA:       true,
-	}
-	issuerInfo := &certTemplateInfo{
-		commonName: signer.KeyID(),
-	}
-
-	return generateCert(trustedKey, signer, subjectInfo, issuerInfo)
-}
-
-// GenerateCACertPool creates a certificate authority pool to be used for a
-// TLS configuration. Any self-signed certificates issued by the specified
-// trusted keys will be verified during a TLS handshake
-func GenerateCACertPool(signer PrivateKey, trustedKeys []PublicKey) (*x509.CertPool, error) {
-	certPool := x509.NewCertPool()
-
-	for _, trustedKey := range trustedKeys {
-		cert, err := GenerateCACert(signer, trustedKey)
-		if err != nil {
-			return nil, fmt.Errorf("failed to generate CA certificate: %s", err)
-		}
-
-		certPool.AddCert(cert)
-	}
-
-	return certPool, nil
-}
-
-// LoadCertificateBundle loads certificates from the given file.  The file should be pem encoded
-// containing one or more certificates.  The expected pem type is "CERTIFICATE".
-func LoadCertificateBundle(filename string) ([]*x509.Certificate, error) {
-	b, err := ioutil.ReadFile(filename)
-	if err != nil {
-		return nil, err
-	}
-	certificates := []*x509.Certificate{}
-	var block *pem.Block
-	block, b = pem.Decode(b)
-	for ; block != nil; block, b = pem.Decode(b) {
-		if block.Type == "CERTIFICATE" {
-			cert, err := x509.ParseCertificate(block.Bytes)
-			if err != nil {
-				return nil, err
-			}
-			certificates = append(certificates, cert)
-		} else {
-			return nil, fmt.Errorf("invalid pem block type: %s", block.Type)
-		}
-	}
-
-	return certificates, nil
-}
-
-// LoadCertificatePool loads a CA pool from the given file.  The file should be pem encoded
-// containing one or more certificates. The expected pem type is "CERTIFICATE".
-func LoadCertificatePool(filename string) (*x509.CertPool, error) {
-	certs, err := LoadCertificateBundle(filename)
-	if err != nil {
-		return nil, err
-	}
-	pool := x509.NewCertPool()
-	for _, cert := range certs {
-		pool.AddCert(cert)
-	}
-	return pool, nil
-}
diff --git a/vendor/github.com/docker/libtrust/doc.go b/vendor/github.com/docker/libtrust/doc.go
deleted file mode 100644
index ec5d2159c..000000000
--- a/vendor/github.com/docker/libtrust/doc.go
+++ /dev/null
@@ -1,9 +0,0 @@
-/*
-Package libtrust provides an interface for managing authentication and
-authorization using public key cryptography. Authentication is handled
-using the identity attached to the public key and verified through TLS
-x509 certificates, a key challenge, or signature. Authorization and
-access control is managed through a trust graph distributed between
-both remote trust servers and locally cached and managed data.
-*/
-package libtrust
diff --git a/vendor/github.com/docker/libtrust/ec_key.go b/vendor/github.com/docker/libtrust/ec_key.go
deleted file mode 100644
index 00bbe4b3c..000000000
--- a/vendor/github.com/docker/libtrust/ec_key.go
+++ /dev/null
@@ -1,428 +0,0 @@
-package libtrust
-
-import (
-	"crypto"
-	"crypto/ecdsa"
-	"crypto/elliptic"
-	"crypto/rand"
-	"crypto/x509"
-	"encoding/json"
-	"encoding/pem"
-	"errors"
-	"fmt"
-	"io"
-	"math/big"
-)
-
-/*
- * EC DSA PUBLIC KEY
- */
-
-// ecPublicKey implements a libtrust.PublicKey using elliptic curve digital
-// signature algorithms.
-type ecPublicKey struct {
-	*ecdsa.PublicKey
-	curveName          string
-	signatureAlgorithm *signatureAlgorithm
-	extended           map[string]interface{}
-}
-
-func fromECPublicKey(cryptoPublicKey *ecdsa.PublicKey) (*ecPublicKey, error) {
-	curve := cryptoPublicKey.Curve
-
-	switch {
-	case curve == elliptic.P256():
-		return &ecPublicKey{cryptoPublicKey, "P-256", es256, map[string]interface{}{}}, nil
-	case curve == elliptic.P384():
-		return &ecPublicKey{cryptoPublicKey, "P-384", es384, map[string]interface{}{}}, nil
-	case curve == elliptic.P521():
-		return &ecPublicKey{cryptoPublicKey, "P-521", es512, map[string]interface{}{}}, nil
-	default:
-		return nil, errors.New("unsupported elliptic curve")
-	}
-}
-
-// KeyType returns the key type for elliptic curve keys, i.e., "EC".
-func (k *ecPublicKey) KeyType() string {
-	return "EC"
-}
-
-// CurveName returns the elliptic curve identifier.
-// Possible values are "P-256", "P-384", and "P-521".
-func (k *ecPublicKey) CurveName() string {
-	return k.curveName
-}
-
-// KeyID returns a distinct identifier which is unique to this Public Key.
-func (k *ecPublicKey) KeyID() string {
-	return keyIDFromCryptoKey(k)
-}
-
-func (k *ecPublicKey) String() string {
-	return fmt.Sprintf("EC Public Key <%s>", k.KeyID())
-}
-
-// Verify verifyies the signature of the data in the io.Reader using this
-// PublicKey. The alg parameter should identify the digital signature
-// algorithm which was used to produce the signature and should be supported
-// by this public key. Returns a nil error if the signature is valid.
-func (k *ecPublicKey) Verify(data io.Reader, alg string, signature []byte) error {
-	// For EC keys there is only one supported signature algorithm depending
-	// on the curve parameters.
-	if k.signatureAlgorithm.HeaderParam() != alg {
-		return fmt.Errorf("unable to verify signature: EC Public Key with curve %q does not support signature algorithm %q", k.curveName, alg)
-	}
-
-	// signature is the concatenation of (r, s), base64Url encoded.
-	sigLength := len(signature)
-	expectedOctetLength := 2 * ((k.Params().BitSize + 7) >> 3)
-	if sigLength != expectedOctetLength {
-		return fmt.Errorf("signature length is %d octets long, should be %d", sigLength, expectedOctetLength)
-	}
-
-	rBytes, sBytes := signature[:sigLength/2], signature[sigLength/2:]
-	r := new(big.Int).SetBytes(rBytes)
-	s := new(big.Int).SetBytes(sBytes)
-
-	hasher := k.signatureAlgorithm.HashID().New()
-	_, err := io.Copy(hasher, data)
-	if err != nil {
-		return fmt.Errorf("error reading data to sign: %s", err)
-	}
-	hash := hasher.Sum(nil)
-
-	if !ecdsa.Verify(k.PublicKey, hash, r, s) {
-		return errors.New("invalid signature")
-	}
-
-	return nil
-}
-
-// CryptoPublicKey returns the internal object which can be used as a
-// crypto.PublicKey for use with other standard library operations. The type
-// is either *rsa.PublicKey or *ecdsa.PublicKey
-func (k *ecPublicKey) CryptoPublicKey() crypto.PublicKey {
-	return k.PublicKey
-}
-
-func (k *ecPublicKey) toMap() map[string]interface{} {
-	jwk := make(map[string]interface{})
-	for k, v := range k.extended {
-		jwk[k] = v
-	}
-	jwk["kty"] = k.KeyType()
-	jwk["kid"] = k.KeyID()
-	jwk["crv"] = k.CurveName()
-
-	xBytes := k.X.Bytes()
-	yBytes := k.Y.Bytes()
-	octetLength := (k.Params().BitSize + 7) >> 3
-	// MUST include leading zeros in the output so that x, y are each
-	// *octetLength* bytes long.
-	xBuf := make([]byte, octetLength-len(xBytes), octetLength)
-	yBuf := make([]byte, octetLength-len(yBytes), octetLength)
-	xBuf = append(xBuf, xBytes...)
-	yBuf = append(yBuf, yBytes...)
-
-	jwk["x"] = joseBase64UrlEncode(xBuf)
-	jwk["y"] = joseBase64UrlEncode(yBuf)
-
-	return jwk
-}
-
-// MarshalJSON serializes this Public Key using the JWK JSON serialization format for
-// elliptic curve keys.
-func (k *ecPublicKey) MarshalJSON() (data []byte, err error) {
-	return json.Marshal(k.toMap())
-}
-
-// PEMBlock serializes this Public Key to DER-encoded PKIX format.
-func (k *ecPublicKey) PEMBlock() (*pem.Block, error) {
-	derBytes, err := x509.MarshalPKIXPublicKey(k.PublicKey)
-	if err != nil {
-		return nil, fmt.Errorf("unable to serialize EC PublicKey to DER-encoded PKIX format: %s", err)
-	}
-	k.extended["kid"] = k.KeyID() // For display purposes.
-	return createPemBlock("PUBLIC KEY", derBytes, k.extended)
-}
-
-func (k *ecPublicKey) AddExtendedField(field string, value interface{}) {
-	k.extended[field] = value
-}
-
-func (k *ecPublicKey) GetExtendedField(field string) interface{} {
-	v, ok := k.extended[field]
-	if !ok {
-		return nil
-	}
-	return v
-}
-
-func ecPublicKeyFromMap(jwk map[string]interface{}) (*ecPublicKey, error) {
-	// JWK key type (kty) has already been determined to be "EC".
-	// Need to extract 'crv', 'x', 'y', and 'kid' and check for
-	// consistency.
-
-	// Get the curve identifier value.
-	crv, err := stringFromMap(jwk, "crv")
-	if err != nil {
-		return nil, fmt.Errorf("JWK EC Public Key curve identifier: %s", err)
-	}
-
-	var (
-		curve  elliptic.Curve
-		sigAlg *signatureAlgorithm
-	)
-
-	switch {
-	case crv == "P-256":
-		curve = elliptic.P256()
-		sigAlg = es256
-	case crv == "P-384":
-		curve = elliptic.P384()
-		sigAlg = es384
-	case crv == "P-521":
-		curve = elliptic.P521()
-		sigAlg = es512
-	default:
-		return nil, fmt.Errorf("JWK EC Public Key curve identifier not supported: %q\n", crv)
-	}
-
-	// Get the X and Y coordinates for the public key point.
-	xB64Url, err := stringFromMap(jwk, "x")
-	if err != nil {
-		return nil, fmt.Errorf("JWK EC Public Key x-coordinate: %s", err)
-	}
-	x, err := parseECCoordinate(xB64Url, curve)
-	if err != nil {
-		return nil, fmt.Errorf("JWK EC Public Key x-coordinate: %s", err)
-	}
-
-	yB64Url, err := stringFromMap(jwk, "y")
-	if err != nil {
-		return nil, fmt.Errorf("JWK EC Public Key y-coordinate: %s", err)
-	}
-	y, err := parseECCoordinate(yB64Url, curve)
-	if err != nil {
-		return nil, fmt.Errorf("JWK EC Public Key y-coordinate: %s", err)
-	}
-
-	key := &ecPublicKey{
-		PublicKey: &ecdsa.PublicKey{Curve: curve, X: x, Y: y},
-		curveName: crv, signatureAlgorithm: sigAlg,
-	}
-
-	// Key ID is optional too, but if it exists, it should match the key.
-	_, ok := jwk["kid"]
-	if ok {
-		kid, err := stringFromMap(jwk, "kid")
-		if err != nil {
-			return nil, fmt.Errorf("JWK EC Public Key ID: %s", err)
-		}
-		if kid != key.KeyID() {
-			return nil, fmt.Errorf("JWK EC Public Key ID does not match: %s", kid)
-		}
-	}
-
-	key.extended = jwk
-
-	return key, nil
-}
-
-/*
- * EC DSA PRIVATE KEY
- */
-
-// ecPrivateKey implements a JWK Private Key using elliptic curve digital signature
-// algorithms.
-type ecPrivateKey struct {
-	ecPublicKey
-	*ecdsa.PrivateKey
-}
-
-func fromECPrivateKey(cryptoPrivateKey *ecdsa.PrivateKey) (*ecPrivateKey, error) {
-	publicKey, err := fromECPublicKey(&cryptoPrivateKey.PublicKey)
-	if err != nil {
-		return nil, err
-	}
-
-	return &ecPrivateKey{*publicKey, cryptoPrivateKey}, nil
-}
-
-// PublicKey returns the Public Key data associated with this Private Key.
-func (k *ecPrivateKey) PublicKey() PublicKey {
-	return &k.ecPublicKey
-}
-
-func (k *ecPrivateKey) String() string {
-	return fmt.Sprintf("EC Private Key <%s>", k.KeyID())
-}
-
-// Sign signs the data read from the io.Reader using a signature algorithm supported
-// by the elliptic curve private key. If the specified hashing algorithm is
-// supported by this key, that hash function is used to generate the signature
-// otherwise the the default hashing algorithm for this key is used. Returns
-// the signature and the name of the JWK signature algorithm used, e.g.,
-// "ES256", "ES384", "ES512".
-func (k *ecPrivateKey) Sign(data io.Reader, hashID crypto.Hash) (signature []byte, alg string, err error) {
-	// Generate a signature of the data using the internal alg.
-	// The given hashId is only a suggestion, and since EC keys only support
-	// on signature/hash algorithm given the curve name, we disregard it for
-	// the elliptic curve JWK signature implementation.
-	hasher := k.signatureAlgorithm.HashID().New()
-	_, err = io.Copy(hasher, data)
-	if err != nil {
-		return nil, "", fmt.Errorf("error reading data to sign: %s", err)
-	}
-	hash := hasher.Sum(nil)
-
-	r, s, err := ecdsa.Sign(rand.Reader, k.PrivateKey, hash)
-	if err != nil {
-		return nil, "", fmt.Errorf("error producing signature: %s", err)
-	}
-	rBytes, sBytes := r.Bytes(), s.Bytes()
-	octetLength := (k.ecPublicKey.Params().BitSize + 7) >> 3
-	// MUST include leading zeros in the output
-	rBuf := make([]byte, octetLength-len(rBytes), octetLength)
-	sBuf := make([]byte, octetLength-len(sBytes), octetLength)
-
-	rBuf = append(rBuf, rBytes...)
-	sBuf = append(sBuf, sBytes...)
-
-	signature = append(rBuf, sBuf...)
-	alg = k.signatureAlgorithm.HeaderParam()
-
-	return
-}
-
-// CryptoPrivateKey returns the internal object which can be used as a
-// crypto.PublicKey for use with other standard library operations. The type
-// is either *rsa.PublicKey or *ecdsa.PublicKey
-func (k *ecPrivateKey) CryptoPrivateKey() crypto.PrivateKey {
-	return k.PrivateKey
-}
-
-func (k *ecPrivateKey) toMap() map[string]interface{} {
-	jwk := k.ecPublicKey.toMap()
-
-	dBytes := k.D.Bytes()
-	// The length of this octet string MUST be ceiling(log-base-2(n)/8)
-	// octets (where n is the order of the curve). This is because the private
-	// key d must be in the interval [1, n-1] so the bitlength of d should be
-	// no larger than the bitlength of n-1. The easiest way to find the octet
-	// length is to take bitlength(n-1), add 7 to force a carry, and shift this
-	// bit sequence right by 3, which is essentially dividing by 8 and adding
-	// 1 if there is any remainder. Thus, the private key value d should be
-	// output to (bitlength(n-1)+7)>>3 octets.
-	n := k.ecPublicKey.Params().N
-	octetLength := (new(big.Int).Sub(n, big.NewInt(1)).BitLen() + 7) >> 3
-	// Create a buffer with the necessary zero-padding.
-	dBuf := make([]byte, octetLength-len(dBytes), octetLength)
-	dBuf = append(dBuf, dBytes...)
-
-	jwk["d"] = joseBase64UrlEncode(dBuf)
-
-	return jwk
-}
-
-// MarshalJSON serializes this Private Key using the JWK JSON serialization format for
-// elliptic curve keys.
-func (k *ecPrivateKey) MarshalJSON() (data []byte, err error) {
-	return json.Marshal(k.toMap())
-}
-
-// PEMBlock serializes this Private Key to DER-encoded PKIX format.
-func (k *ecPrivateKey) PEMBlock() (*pem.Block, error) {
-	derBytes, err := x509.MarshalECPrivateKey(k.PrivateKey)
-	if err != nil {
-		return nil, fmt.Errorf("unable to serialize EC PrivateKey to DER-encoded PKIX format: %s", err)
-	}
-	k.extended["keyID"] = k.KeyID() // For display purposes.
-	return createPemBlock("EC PRIVATE KEY", derBytes, k.extended)
-}
-
-func ecPrivateKeyFromMap(jwk map[string]interface{}) (*ecPrivateKey, error) {
-	dB64Url, err := stringFromMap(jwk, "d")
-	if err != nil {
-		return nil, fmt.Errorf("JWK EC Private Key: %s", err)
-	}
-
-	// JWK key type (kty) has already been determined to be "EC".
-	// Need to extract the public key information, then extract the private
-	// key value 'd'.
-	publicKey, err := ecPublicKeyFromMap(jwk)
-	if err != nil {
-		return nil, err
-	}
-
-	d, err := parseECPrivateParam(dB64Url, publicKey.Curve)
-	if err != nil {
-		return nil, fmt.Errorf("JWK EC Private Key d-param: %s", err)
-	}
-
-	key := &ecPrivateKey{
-		ecPublicKey: *publicKey,
-		PrivateKey: &ecdsa.PrivateKey{
-			PublicKey: *publicKey.PublicKey,
-			D:         d,
-		},
-	}
-
-	return key, nil
-}
-
-/*
- *	Key Generation Functions.
- */
-
-func generateECPrivateKey(curve elliptic.Curve) (k *ecPrivateKey, err error) {
-	k = new(ecPrivateKey)
-	k.PrivateKey, err = ecdsa.GenerateKey(curve, rand.Reader)
-	if err != nil {
-		return nil, err
-	}
-
-	k.ecPublicKey.PublicKey = &k.PrivateKey.PublicKey
-	k.extended = make(map[string]interface{})
-
-	return
-}
-
-// GenerateECP256PrivateKey generates a key pair using elliptic curve P-256.
-func GenerateECP256PrivateKey() (PrivateKey, error) {
-	k, err := generateECPrivateKey(elliptic.P256())
-	if err != nil {
-		return nil, fmt.Errorf("error generating EC P-256 key: %s", err)
-	}
-
-	k.curveName = "P-256"
-	k.signatureAlgorithm = es256
-
-	return k, nil
-}
-
-// GenerateECP384PrivateKey generates a key pair using elliptic curve P-384.
-func GenerateECP384PrivateKey() (PrivateKey, error) {
-	k, err := generateECPrivateKey(elliptic.P384())
-	if err != nil {
-		return nil, fmt.Errorf("error generating EC P-384 key: %s", err)
-	}
-
-	k.curveName = "P-384"
-	k.signatureAlgorithm = es384
-
-	return k, nil
-}
-
-// GenerateECP521PrivateKey generates aß key pair using elliptic curve P-521.
-func GenerateECP521PrivateKey() (PrivateKey, error) {
-	k, err := generateECPrivateKey(elliptic.P521())
-	if err != nil {
-		return nil, fmt.Errorf("error generating EC P-521 key: %s", err)
-	}
-
-	k.curveName = "P-521"
-	k.signatureAlgorithm = es512
-
-	return k, nil
-}
diff --git a/vendor/github.com/docker/libtrust/filter.go b/vendor/github.com/docker/libtrust/filter.go
deleted file mode 100644
index 5b2b4fca6..000000000
--- a/vendor/github.com/docker/libtrust/filter.go
+++ /dev/null
@@ -1,50 +0,0 @@
-package libtrust
-
-import (
-	"path/filepath"
-)
-
-// FilterByHosts filters the list of PublicKeys to only those which contain a
-// 'hosts' pattern which matches the given host. If *includeEmpty* is true,
-// then keys which do not specify any hosts are also returned.
-func FilterByHosts(keys []PublicKey, host string, includeEmpty bool) ([]PublicKey, error) {
-	filtered := make([]PublicKey, 0, len(keys))
-
-	for _, pubKey := range keys {
-		var hosts []string
-		switch v := pubKey.GetExtendedField("hosts").(type) {
-		case []string:
-			hosts = v
-		case []interface{}:
-			for _, value := range v {
-				h, ok := value.(string)
-				if !ok {
-					continue
-				}
-				hosts = append(hosts, h)
-			}
-		}
-
-		if len(hosts) == 0 {
-			if includeEmpty {
-				filtered = append(filtered, pubKey)
-			}
-			continue
-		}
-
-		// Check if any hosts match pattern
-		for _, hostPattern := range hosts {
-			match, err := filepath.Match(hostPattern, host)
-			if err != nil {
-				return nil, err
-			}
-
-			if match {
-				filtered = append(filtered, pubKey)
-				continue
-			}
-		}
-	}
-
-	return filtered, nil
-}
diff --git a/vendor/github.com/docker/libtrust/hash.go b/vendor/github.com/docker/libtrust/hash.go
deleted file mode 100644
index a2df787dd..000000000
--- a/vendor/github.com/docker/libtrust/hash.go
+++ /dev/null
@@ -1,56 +0,0 @@
-package libtrust
-
-import (
-	"crypto"
-	_ "crypto/sha256" // Registrer SHA224 and SHA256
-	_ "crypto/sha512" // Registrer SHA384 and SHA512
-	"fmt"
-)
-
-type signatureAlgorithm struct {
-	algHeaderParam string
-	hashID         crypto.Hash
-}
-
-func (h *signatureAlgorithm) HeaderParam() string {
-	return h.algHeaderParam
-}
-
-func (h *signatureAlgorithm) HashID() crypto.Hash {
-	return h.hashID
-}
-
-var (
-	rs256 = &signatureAlgorithm{"RS256", crypto.SHA256}
-	rs384 = &signatureAlgorithm{"RS384", crypto.SHA384}
-	rs512 = &signatureAlgorithm{"RS512", crypto.SHA512}
-	es256 = &signatureAlgorithm{"ES256", crypto.SHA256}
-	es384 = &signatureAlgorithm{"ES384", crypto.SHA384}
-	es512 = &signatureAlgorithm{"ES512", crypto.SHA512}
-)
-
-func rsaSignatureAlgorithmByName(alg string) (*signatureAlgorithm, error) {
-	switch {
-	case alg == "RS256":
-		return rs256, nil
-	case alg == "RS384":
-		return rs384, nil
-	case alg == "RS512":
-		return rs512, nil
-	default:
-		return nil, fmt.Errorf("RSA Digital Signature Algorithm %q not supported", alg)
-	}
-}
-
-func rsaPKCS1v15SignatureAlgorithmForHashID(hashID crypto.Hash) *signatureAlgorithm {
-	switch {
-	case hashID == crypto.SHA512:
-		return rs512
-	case hashID == crypto.SHA384:
-		return rs384
-	case hashID == crypto.SHA256:
-		fallthrough
-	default:
-		return rs256
-	}
-}
diff --git a/vendor/github.com/docker/libtrust/jsonsign.go b/vendor/github.com/docker/libtrust/jsonsign.go
deleted file mode 100644
index cb2ca9a76..000000000
--- a/vendor/github.com/docker/libtrust/jsonsign.go
+++ /dev/null
@@ -1,657 +0,0 @@
-package libtrust
-
-import (
-	"bytes"
-	"crypto"
-	"crypto/x509"
-	"encoding/base64"
-	"encoding/json"
-	"errors"
-	"fmt"
-	"sort"
-	"time"
-	"unicode"
-)
-
-var (
-	// ErrInvalidSignContent is used when the content to be signed is invalid.
-	ErrInvalidSignContent = errors.New("invalid sign content")
-
-	// ErrInvalidJSONContent is used when invalid json is encountered.
-	ErrInvalidJSONContent = errors.New("invalid json content")
-
-	// ErrMissingSignatureKey is used when the specified signature key
-	// does not exist in the JSON content.
-	ErrMissingSignatureKey = errors.New("missing signature key")
-)
-
-type jsHeader struct {
-	JWK       PublicKey `json:"jwk,omitempty"`
-	Algorithm string    `json:"alg"`
-	Chain     []string  `json:"x5c,omitempty"`
-}
-
-type jsSignature struct {
-	Header    jsHeader `json:"header"`
-	Signature string   `json:"signature"`
-	Protected string   `json:"protected,omitempty"`
-}
-
-type jsSignaturesSorted []jsSignature
-
-func (jsbkid jsSignaturesSorted) Swap(i, j int) { jsbkid[i], jsbkid[j] = jsbkid[j], jsbkid[i] }
-func (jsbkid jsSignaturesSorted) Len() int      { return len(jsbkid) }
-
-func (jsbkid jsSignaturesSorted) Less(i, j int) bool {
-	ki, kj := jsbkid[i].Header.JWK.KeyID(), jsbkid[j].Header.JWK.KeyID()
-	si, sj := jsbkid[i].Signature, jsbkid[j].Signature
-
-	if ki == kj {
-		return si < sj
-	}
-
-	return ki < kj
-}
-
-type signKey struct {
-	PrivateKey
-	Chain []*x509.Certificate
-}
-
-// JSONSignature represents a signature of a json object.
-type JSONSignature struct {
-	payload      string
-	signatures   []jsSignature
-	indent       string
-	formatLength int
-	formatTail   []byte
-}
-
-func newJSONSignature() *JSONSignature {
-	return &JSONSignature{
-		signatures: make([]jsSignature, 0, 1),
-	}
-}
-
-// Payload returns the encoded payload of the signature. This
-// payload should not be signed directly
-func (js *JSONSignature) Payload() ([]byte, error) {
-	return joseBase64UrlDecode(js.payload)
-}
-
-func (js *JSONSignature) protectedHeader() (string, error) {
-	protected := map[string]interface{}{
-		"formatLength": js.formatLength,
-		"formatTail":   joseBase64UrlEncode(js.formatTail),
-		"time":         time.Now().UTC().Format(time.RFC3339),
-	}
-	protectedBytes, err := json.Marshal(protected)
-	if err != nil {
-		return "", err
-	}
-
-	return joseBase64UrlEncode(protectedBytes), nil
-}
-
-func (js *JSONSignature) signBytes(protectedHeader string) ([]byte, error) {
-	buf := make([]byte, len(js.payload)+len(protectedHeader)+1)
-	copy(buf, protectedHeader)
-	buf[len(protectedHeader)] = '.'
-	copy(buf[len(protectedHeader)+1:], js.payload)
-	return buf, nil
-}
-
-// Sign adds a signature using the given private key.
-func (js *JSONSignature) Sign(key PrivateKey) error {
-	protected, err := js.protectedHeader()
-	if err != nil {
-		return err
-	}
-	signBytes, err := js.signBytes(protected)
-	if err != nil {
-		return err
-	}
-	sigBytes, algorithm, err := key.Sign(bytes.NewReader(signBytes), crypto.SHA256)
-	if err != nil {
-		return err
-	}
-
-	js.signatures = append(js.signatures, jsSignature{
-		Header: jsHeader{
-			JWK:       key.PublicKey(),
-			Algorithm: algorithm,
-		},
-		Signature: joseBase64UrlEncode(sigBytes),
-		Protected: protected,
-	})
-
-	return nil
-}
-
-// SignWithChain adds a signature using the given private key
-// and setting the x509 chain. The public key of the first element
-// in the chain must be the public key corresponding with the sign key.
-func (js *JSONSignature) SignWithChain(key PrivateKey, chain []*x509.Certificate) error {
-	// Ensure key.Chain[0] is public key for key
-	//key.Chain.PublicKey
-	//key.PublicKey().CryptoPublicKey()
-
-	// Verify chain
-	protected, err := js.protectedHeader()
-	if err != nil {
-		return err
-	}
-	signBytes, err := js.signBytes(protected)
-	if err != nil {
-		return err
-	}
-	sigBytes, algorithm, err := key.Sign(bytes.NewReader(signBytes), crypto.SHA256)
-	if err != nil {
-		return err
-	}
-
-	header := jsHeader{
-		Chain:     make([]string, len(chain)),
-		Algorithm: algorithm,
-	}
-
-	for i, cert := range chain {
-		header.Chain[i] = base64.StdEncoding.EncodeToString(cert.Raw)
-	}
-
-	js.signatures = append(js.signatures, jsSignature{
-		Header:    header,
-		Signature: joseBase64UrlEncode(sigBytes),
-		Protected: protected,
-	})
-
-	return nil
-}
-
-// Verify verifies all the signatures and returns the list of
-// public keys used to sign. Any x509 chains are not checked.
-func (js *JSONSignature) Verify() ([]PublicKey, error) {
-	keys := make([]PublicKey, len(js.signatures))
-	for i, signature := range js.signatures {
-		signBytes, err := js.signBytes(signature.Protected)
-		if err != nil {
-			return nil, err
-		}
-		var publicKey PublicKey
-		if len(signature.Header.Chain) > 0 {
-			certBytes, err := base64.StdEncoding.DecodeString(signature.Header.Chain[0])
-			if err != nil {
-				return nil, err
-			}
-			cert, err := x509.ParseCertificate(certBytes)
-			if err != nil {
-				return nil, err
-			}
-			publicKey, err = FromCryptoPublicKey(cert.PublicKey)
-			if err != nil {
-				return nil, err
-			}
-		} else if signature.Header.JWK != nil {
-			publicKey = signature.Header.JWK
-		} else {
-			return nil, errors.New("missing public key")
-		}
-
-		sigBytes, err := joseBase64UrlDecode(signature.Signature)
-		if err != nil {
-			return nil, err
-		}
-
-		err = publicKey.Verify(bytes.NewReader(signBytes), signature.Header.Algorithm, sigBytes)
-		if err != nil {
-			return nil, err
-		}
-
-		keys[i] = publicKey
-	}
-	return keys, nil
-}
-
-// VerifyChains verifies all the signatures and the chains associated
-// with each signature and returns the list of verified chains.
-// Signatures without an x509 chain are not checked.
-func (js *JSONSignature) VerifyChains(ca *x509.CertPool) ([][]*x509.Certificate, error) {
-	chains := make([][]*x509.Certificate, 0, len(js.signatures))
-	for _, signature := range js.signatures {
-		signBytes, err := js.signBytes(signature.Protected)
-		if err != nil {
-			return nil, err
-		}
-		var publicKey PublicKey
-		if len(signature.Header.Chain) > 0 {
-			certBytes, err := base64.StdEncoding.DecodeString(signature.Header.Chain[0])
-			if err != nil {
-				return nil, err
-			}
-			cert, err := x509.ParseCertificate(certBytes)
-			if err != nil {
-				return nil, err
-			}
-			publicKey, err = FromCryptoPublicKey(cert.PublicKey)
-			if err != nil {
-				return nil, err
-			}
-			intermediates := x509.NewCertPool()
-			if len(signature.Header.Chain) > 1 {
-				intermediateChain := signature.Header.Chain[1:]
-				for i := range intermediateChain {
-					certBytes, err := base64.StdEncoding.DecodeString(intermediateChain[i])
-					if err != nil {
-						return nil, err
-					}
-					intermediate, err := x509.ParseCertificate(certBytes)
-					if err != nil {
-						return nil, err
-					}
-					intermediates.AddCert(intermediate)
-				}
-			}
-
-			verifyOptions := x509.VerifyOptions{
-				Intermediates: intermediates,
-				Roots:         ca,
-			}
-
-			verifiedChains, err := cert.Verify(verifyOptions)
-			if err != nil {
-				return nil, err
-			}
-			chains = append(chains, verifiedChains...)
-
-			sigBytes, err := joseBase64UrlDecode(signature.Signature)
-			if err != nil {
-				return nil, err
-			}
-
-			err = publicKey.Verify(bytes.NewReader(signBytes), signature.Header.Algorithm, sigBytes)
-			if err != nil {
-				return nil, err
-			}
-		}
-
-	}
-	return chains, nil
-}
-
-// JWS returns JSON serialized JWS according to
-// http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-31#section-7.2
-func (js *JSONSignature) JWS() ([]byte, error) {
-	if len(js.signatures) == 0 {
-		return nil, errors.New("missing signature")
-	}
-
-	sort.Sort(jsSignaturesSorted(js.signatures))
-
-	jsonMap := map[string]interface{}{
-		"payload":    js.payload,
-		"signatures": js.signatures,
-	}
-
-	return json.MarshalIndent(jsonMap, "", "   ")
-}
-
-func notSpace(r rune) bool {
-	return !unicode.IsSpace(r)
-}
-
-func detectJSONIndent(jsonContent []byte) (indent string) {
-	if len(jsonContent) > 2 && jsonContent[0] == '{' && jsonContent[1] == '\n' {
-		quoteIndex := bytes.IndexRune(jsonContent[1:], '"')
-		if quoteIndex > 0 {
-			indent = string(jsonContent[2 : quoteIndex+1])
-		}
-	}
-	return
-}
-
-type jsParsedHeader struct {
-	JWK       json.RawMessage `json:"jwk"`
-	Algorithm string          `json:"alg"`
-	Chain     []string        `json:"x5c"`
-}
-
-type jsParsedSignature struct {
-	Header    jsParsedHeader `json:"header"`
-	Signature string         `json:"signature"`
-	Protected string         `json:"protected"`
-}
-
-// ParseJWS parses a JWS serialized JSON object into a Json Signature.
-func ParseJWS(content []byte) (*JSONSignature, error) {
-	type jsParsed struct {
-		Payload    string              `json:"payload"`
-		Signatures []jsParsedSignature `json:"signatures"`
-	}
-	parsed := &jsParsed{}
-	err := json.Unmarshal(content, parsed)
-	if err != nil {
-		return nil, err
-	}
-	if len(parsed.Signatures) == 0 {
-		return nil, errors.New("missing signatures")
-	}
-	payload, err := joseBase64UrlDecode(parsed.Payload)
-	if err != nil {
-		return nil, err
-	}
-
-	js, err := NewJSONSignature(payload)
-	if err != nil {
-		return nil, err
-	}
-	js.signatures = make([]jsSignature, len(parsed.Signatures))
-	for i, signature := range parsed.Signatures {
-		header := jsHeader{
-			Algorithm: signature.Header.Algorithm,
-		}
-		if signature.Header.Chain != nil {
-			header.Chain = signature.Header.Chain
-		}
-		if signature.Header.JWK != nil {
-			publicKey, err := UnmarshalPublicKeyJWK([]byte(signature.Header.JWK))
-			if err != nil {
-				return nil, err
-			}
-			header.JWK = publicKey
-		}
-		js.signatures[i] = jsSignature{
-			Header:    header,
-			Signature: signature.Signature,
-			Protected: signature.Protected,
-		}
-	}
-
-	return js, nil
-}
-
-// NewJSONSignature returns a new unsigned JWS from a json byte array.
-// JSONSignature will need to be signed before serializing or storing.
-// Optionally, one or more signatures can be provided as byte buffers,
-// containing serialized JWS signatures, to assemble a fully signed JWS
-// package. It is the callers responsibility to ensure uniqueness of the
-// provided signatures.
-func NewJSONSignature(content []byte, signatures ...[]byte) (*JSONSignature, error) {
-	var dataMap map[string]interface{}
-	err := json.Unmarshal(content, &dataMap)
-	if err != nil {
-		return nil, err
-	}
-
-	js := newJSONSignature()
-	js.indent = detectJSONIndent(content)
-
-	js.payload = joseBase64UrlEncode(content)
-
-	// Find trailing } and whitespace, put in protected header
-	closeIndex := bytes.LastIndexFunc(content, notSpace)
-	if content[closeIndex] != '}' {
-		return nil, ErrInvalidJSONContent
-	}
-	lastRuneIndex := bytes.LastIndexFunc(content[:closeIndex], notSpace)
-	if content[lastRuneIndex] == ',' {
-		return nil, ErrInvalidJSONContent
-	}
-	js.formatLength = lastRuneIndex + 1
-	js.formatTail = content[js.formatLength:]
-
-	if len(signatures) > 0 {
-		for _, signature := range signatures {
-			var parsedJSig jsParsedSignature
-
-			if err := json.Unmarshal(signature, &parsedJSig); err != nil {
-				return nil, err
-			}
-
-			// TODO(stevvooe): A lot of the code below is repeated in
-			// ParseJWS. It will require more refactoring to fix that.
-			jsig := jsSignature{
-				Header: jsHeader{
-					Algorithm: parsedJSig.Header.Algorithm,
-				},
-				Signature: parsedJSig.Signature,
-				Protected: parsedJSig.Protected,
-			}
-
-			if parsedJSig.Header.Chain != nil {
-				jsig.Header.Chain = parsedJSig.Header.Chain
-			}
-
-			if parsedJSig.Header.JWK != nil {
-				publicKey, err := UnmarshalPublicKeyJWK([]byte(parsedJSig.Header.JWK))
-				if err != nil {
-					return nil, err
-				}
-				jsig.Header.JWK = publicKey
-			}
-
-			js.signatures = append(js.signatures, jsig)
-		}
-	}
-
-	return js, nil
-}
-
-// NewJSONSignatureFromMap returns a new unsigned JSONSignature from a map or
-// struct. JWS will need to be signed before serializing or storing.
-func NewJSONSignatureFromMap(content interface{}) (*JSONSignature, error) {
-	switch content.(type) {
-	case map[string]interface{}:
-	case struct{}:
-	default:
-		return nil, errors.New("invalid data type")
-	}
-
-	js := newJSONSignature()
-	js.indent = "   "
-
-	payload, err := json.MarshalIndent(content, "", js.indent)
-	if err != nil {
-		return nil, err
-	}
-	js.payload = joseBase64UrlEncode(payload)
-
-	// Remove '\n}' from formatted section, put in protected header
-	js.formatLength = len(payload) - 2
-	js.formatTail = payload[js.formatLength:]
-
-	return js, nil
-}
-
-func readIntFromMap(key string, m map[string]interface{}) (int, bool) {
-	value, ok := m[key]
-	if !ok {
-		return 0, false
-	}
-	switch v := value.(type) {
-	case int:
-		return v, true
-	case float64:
-		return int(v), true
-	default:
-		return 0, false
-	}
-}
-
-func readStringFromMap(key string, m map[string]interface{}) (v string, ok bool) {
-	value, ok := m[key]
-	if !ok {
-		return "", false
-	}
-	v, ok = value.(string)
-	return
-}
-
-// ParsePrettySignature parses a formatted signature into a
-// JSON signature. If the signatures are missing the format information
-// an error is thrown. The formatted signature must be created by
-// the same method as format signature.
-func ParsePrettySignature(content []byte, signatureKey string) (*JSONSignature, error) {
-	var contentMap map[string]json.RawMessage
-	err := json.Unmarshal(content, &contentMap)
-	if err != nil {
-		return nil, fmt.Errorf("error unmarshalling content: %s", err)
-	}
-	sigMessage, ok := contentMap[signatureKey]
-	if !ok {
-		return nil, ErrMissingSignatureKey
-	}
-
-	var signatureBlocks []jsParsedSignature
-	err = json.Unmarshal([]byte(sigMessage), &signatureBlocks)
-	if err != nil {
-		return nil, fmt.Errorf("error unmarshalling signatures: %s", err)
-	}
-
-	js := newJSONSignature()
-	js.signatures = make([]jsSignature, len(signatureBlocks))
-
-	for i, signatureBlock := range signatureBlocks {
-		protectedBytes, err := joseBase64UrlDecode(signatureBlock.Protected)
-		if err != nil {
-			return nil, fmt.Errorf("base64 decode error: %s", err)
-		}
-		var protectedHeader map[string]interface{}
-		err = json.Unmarshal(protectedBytes, &protectedHeader)
-		if err != nil {
-			return nil, fmt.Errorf("error unmarshalling protected header: %s", err)
-		}
-
-		formatLength, ok := readIntFromMap("formatLength", protectedHeader)
-		if !ok {
-			return nil, errors.New("missing formatted length")
-		}
-		encodedTail, ok := readStringFromMap("formatTail", protectedHeader)
-		if !ok {
-			return nil, errors.New("missing formatted tail")
-		}
-		formatTail, err := joseBase64UrlDecode(encodedTail)
-		if err != nil {
-			return nil, fmt.Errorf("base64 decode error on tail: %s", err)
-		}
-		if js.formatLength == 0 {
-			js.formatLength = formatLength
-		} else if js.formatLength != formatLength {
-			return nil, errors.New("conflicting format length")
-		}
-		if len(js.formatTail) == 0 {
-			js.formatTail = formatTail
-		} else if bytes.Compare(js.formatTail, formatTail) != 0 {
-			return nil, errors.New("conflicting format tail")
-		}
-
-		header := jsHeader{
-			Algorithm: signatureBlock.Header.Algorithm,
-			Chain:     signatureBlock.Header.Chain,
-		}
-		if signatureBlock.Header.JWK != nil {
-			publicKey, err := UnmarshalPublicKeyJWK([]byte(signatureBlock.Header.JWK))
-			if err != nil {
-				return nil, fmt.Errorf("error unmarshalling public key: %s", err)
-			}
-			header.JWK = publicKey
-		}
-		js.signatures[i] = jsSignature{
-			Header:    header,
-			Signature: signatureBlock.Signature,
-			Protected: signatureBlock.Protected,
-		}
-	}
-	if js.formatLength > len(content) {
-		return nil, errors.New("invalid format length")
-	}
-	formatted := make([]byte, js.formatLength+len(js.formatTail))
-	copy(formatted, content[:js.formatLength])
-	copy(formatted[js.formatLength:], js.formatTail)
-	js.indent = detectJSONIndent(formatted)
-	js.payload = joseBase64UrlEncode(formatted)
-
-	return js, nil
-}
-
-// PrettySignature formats a json signature into an easy to read
-// single json serialized object.
-func (js *JSONSignature) PrettySignature(signatureKey string) ([]byte, error) {
-	if len(js.signatures) == 0 {
-		return nil, errors.New("no signatures")
-	}
-	payload, err := joseBase64UrlDecode(js.payload)
-	if err != nil {
-		return nil, err
-	}
-	payload = payload[:js.formatLength]
-
-	sort.Sort(jsSignaturesSorted(js.signatures))
-
-	var marshalled []byte
-	var marshallErr error
-	if js.indent != "" {
-		marshalled, marshallErr = json.MarshalIndent(js.signatures, js.indent, js.indent)
-	} else {
-		marshalled, marshallErr = json.Marshal(js.signatures)
-	}
-	if marshallErr != nil {
-		return nil, marshallErr
-	}
-
-	buf := bytes.NewBuffer(make([]byte, 0, len(payload)+len(marshalled)+34))
-	buf.Write(payload)
-	buf.WriteByte(',')
-	if js.indent != "" {
-		buf.WriteByte('\n')
-		buf.WriteString(js.indent)
-		buf.WriteByte('"')
-		buf.WriteString(signatureKey)
-		buf.WriteString("\": ")
-		buf.Write(marshalled)
-		buf.WriteByte('\n')
-	} else {
-		buf.WriteByte('"')
-		buf.WriteString(signatureKey)
-		buf.WriteString("\":")
-		buf.Write(marshalled)
-	}
-	buf.WriteByte('}')
-
-	return buf.Bytes(), nil
-}
-
-// Signatures provides the signatures on this JWS as opaque blobs, sorted by
-// keyID. These blobs can be stored and reassembled with payloads. Internally,
-// they are simply marshaled json web signatures but implementations should
-// not rely on this.
-func (js *JSONSignature) Signatures() ([][]byte, error) {
-	sort.Sort(jsSignaturesSorted(js.signatures))
-
-	var sb [][]byte
-	for _, jsig := range js.signatures {
-		p, err := json.Marshal(jsig)
-		if err != nil {
-			return nil, err
-		}
-
-		sb = append(sb, p)
-	}
-
-	return sb, nil
-}
-
-// Merge combines the signatures from one or more other signatures into the
-// method receiver. If the payloads differ for any argument, an error will be
-// returned and the receiver will not be modified.
-func (js *JSONSignature) Merge(others ...*JSONSignature) error {
-	merged := js.signatures
-	for _, other := range others {
-		if js.payload != other.payload {
-			return fmt.Errorf("payloads differ from merge target")
-		}
-		merged = append(merged, other.signatures...)
-	}
-
-	js.signatures = merged
-	return nil
-}
diff --git a/vendor/github.com/docker/libtrust/key.go b/vendor/github.com/docker/libtrust/key.go
deleted file mode 100644
index 73642db2a..000000000
--- a/vendor/github.com/docker/libtrust/key.go
+++ /dev/null
@@ -1,253 +0,0 @@
-package libtrust
-
-import (
-	"crypto"
-	"crypto/ecdsa"
-	"crypto/rsa"
-	"crypto/x509"
-	"encoding/json"
-	"encoding/pem"
-	"errors"
-	"fmt"
-	"io"
-)
-
-// PublicKey is a generic interface for a Public Key.
-type PublicKey interface {
-	// KeyType returns the key type for this key. For elliptic curve keys,
-	// this value should be "EC". For RSA keys, this value should be "RSA".
-	KeyType() string
-	// KeyID returns a distinct identifier which is unique to this Public Key.
-	// The format generated by this library is a base32 encoding of a 240 bit
-	// hash of the public key data divided into 12 groups like so:
-	//    ABCD:EFGH:IJKL:MNOP:QRST:UVWX:YZ23:4567:ABCD:EFGH:IJKL:MNOP
-	KeyID() string
-	// Verify verifyies the signature of the data in the io.Reader using this
-	// Public Key. The alg parameter should identify the digital signature
-	// algorithm which was used to produce the signature and should be
-	// supported by this public key. Returns a nil error if the signature
-	// is valid.
-	Verify(data io.Reader, alg string, signature []byte) error
-	// CryptoPublicKey returns the internal object which can be used as a
-	// crypto.PublicKey for use with other standard library operations. The type
-	// is either *rsa.PublicKey or *ecdsa.PublicKey
-	CryptoPublicKey() crypto.PublicKey
-	// These public keys can be serialized to the standard JSON encoding for
-	// JSON Web Keys. See section 6 of the IETF draft RFC for JOSE JSON Web
-	// Algorithms.
-	MarshalJSON() ([]byte, error)
-	// These keys can also be serialized to the standard PEM encoding.
-	PEMBlock() (*pem.Block, error)
-	// The string representation of a key is its key type and ID.
-	String() string
-	AddExtendedField(string, interface{})
-	GetExtendedField(string) interface{}
-}
-
-// PrivateKey is a generic interface for a Private Key.
-type PrivateKey interface {
-	// A PrivateKey contains all fields and methods of a PublicKey of the
-	// same type. The MarshalJSON method also outputs the private key as a
-	// JSON Web Key, and the PEMBlock method outputs the private key as a
-	// PEM block.
-	PublicKey
-	// PublicKey returns the PublicKey associated with this PrivateKey.
-	PublicKey() PublicKey
-	// Sign signs the data read from the io.Reader using a signature algorithm
-	// supported by the private key. If the specified hashing algorithm is
-	// supported by this key, that hash function is used to generate the
-	// signature otherwise the the default hashing algorithm for this key is
-	// used. Returns the signature and identifier of the algorithm used.
-	Sign(data io.Reader, hashID crypto.Hash) (signature []byte, alg string, err error)
-	// CryptoPrivateKey returns the internal object which can be used as a
-	// crypto.PublicKey for use with other standard library operations. The
-	// type is either *rsa.PublicKey or *ecdsa.PublicKey
-	CryptoPrivateKey() crypto.PrivateKey
-}
-
-// FromCryptoPublicKey returns a libtrust PublicKey representation of the given
-// *ecdsa.PublicKey or *rsa.PublicKey. Returns a non-nil error when the given
-// key is of an unsupported type.
-func FromCryptoPublicKey(cryptoPublicKey crypto.PublicKey) (PublicKey, error) {
-	switch cryptoPublicKey := cryptoPublicKey.(type) {
-	case *ecdsa.PublicKey:
-		return fromECPublicKey(cryptoPublicKey)
-	case *rsa.PublicKey:
-		return fromRSAPublicKey(cryptoPublicKey), nil
-	default:
-		return nil, fmt.Errorf("public key type %T is not supported", cryptoPublicKey)
-	}
-}
-
-// FromCryptoPrivateKey returns a libtrust PrivateKey representation of the given
-// *ecdsa.PrivateKey or *rsa.PrivateKey. Returns a non-nil error when the given
-// key is of an unsupported type.
-func FromCryptoPrivateKey(cryptoPrivateKey crypto.PrivateKey) (PrivateKey, error) {
-	switch cryptoPrivateKey := cryptoPrivateKey.(type) {
-	case *ecdsa.PrivateKey:
-		return fromECPrivateKey(cryptoPrivateKey)
-	case *rsa.PrivateKey:
-		return fromRSAPrivateKey(cryptoPrivateKey), nil
-	default:
-		return nil, fmt.Errorf("private key type %T is not supported", cryptoPrivateKey)
-	}
-}
-
-// UnmarshalPublicKeyPEM parses the PEM encoded data and returns a libtrust
-// PublicKey or an error if there is a problem with the encoding.
-func UnmarshalPublicKeyPEM(data []byte) (PublicKey, error) {
-	pemBlock, _ := pem.Decode(data)
-	if pemBlock == nil {
-		return nil, errors.New("unable to find PEM encoded data")
-	} else if pemBlock.Type != "PUBLIC KEY" {
-		return nil, fmt.Errorf("unable to get PublicKey from PEM type: %s", pemBlock.Type)
-	}
-
-	return pubKeyFromPEMBlock(pemBlock)
-}
-
-// UnmarshalPublicKeyPEMBundle parses the PEM encoded data as a bundle of
-// PEM blocks appended one after the other and returns a slice of PublicKey
-// objects that it finds.
-func UnmarshalPublicKeyPEMBundle(data []byte) ([]PublicKey, error) {
-	pubKeys := []PublicKey{}
-
-	for {
-		var pemBlock *pem.Block
-		pemBlock, data = pem.Decode(data)
-		if pemBlock == nil {
-			break
-		} else if pemBlock.Type != "PUBLIC KEY" {
-			return nil, fmt.Errorf("unable to get PublicKey from PEM type: %s", pemBlock.Type)
-		}
-
-		pubKey, err := pubKeyFromPEMBlock(pemBlock)
-		if err != nil {
-			return nil, err
-		}
-
-		pubKeys = append(pubKeys, pubKey)
-	}
-
-	return pubKeys, nil
-}
-
-// UnmarshalPrivateKeyPEM parses the PEM encoded data and returns a libtrust
-// PrivateKey or an error if there is a problem with the encoding.
-func UnmarshalPrivateKeyPEM(data []byte) (PrivateKey, error) {
-	pemBlock, _ := pem.Decode(data)
-	if pemBlock == nil {
-		return nil, errors.New("unable to find PEM encoded data")
-	}
-
-	var key PrivateKey
-
-	switch {
-	case pemBlock.Type == "RSA PRIVATE KEY":
-		rsaPrivateKey, err := x509.ParsePKCS1PrivateKey(pemBlock.Bytes)
-		if err != nil {
-			return nil, fmt.Errorf("unable to decode RSA Private Key PEM data: %s", err)
-		}
-		key = fromRSAPrivateKey(rsaPrivateKey)
-	case pemBlock.Type == "EC PRIVATE KEY":
-		ecPrivateKey, err := x509.ParseECPrivateKey(pemBlock.Bytes)
-		if err != nil {
-			return nil, fmt.Errorf("unable to decode EC Private Key PEM data: %s", err)
-		}
-		key, err = fromECPrivateKey(ecPrivateKey)
-		if err != nil {
-			return nil, err
-		}
-	default:
-		return nil, fmt.Errorf("unable to get PrivateKey from PEM type: %s", pemBlock.Type)
-	}
-
-	addPEMHeadersToKey(pemBlock, key.PublicKey())
-
-	return key, nil
-}
-
-// UnmarshalPublicKeyJWK unmarshals the given JSON Web Key into a generic
-// Public Key to be used with libtrust.
-func UnmarshalPublicKeyJWK(data []byte) (PublicKey, error) {
-	jwk := make(map[string]interface{})
-
-	err := json.Unmarshal(data, &jwk)
-	if err != nil {
-		return nil, fmt.Errorf(
-			"decoding JWK Public Key JSON data: %s\n", err,
-		)
-	}
-
-	// Get the Key Type value.
-	kty, err := stringFromMap(jwk, "kty")
-	if err != nil {
-		return nil, fmt.Errorf("JWK Public Key type: %s", err)
-	}
-
-	switch {
-	case kty == "EC":
-		// Call out to unmarshal EC public key.
-		return ecPublicKeyFromMap(jwk)
-	case kty == "RSA":
-		// Call out to unmarshal RSA public key.
-		return rsaPublicKeyFromMap(jwk)
-	default:
-		return nil, fmt.Errorf(
-			"JWK Public Key type not supported: %q\n", kty,
-		)
-	}
-}
-
-// UnmarshalPublicKeyJWKSet parses the JSON encoded data as a JSON Web Key Set
-// and returns a slice of Public Key objects.
-func UnmarshalPublicKeyJWKSet(data []byte) ([]PublicKey, error) {
-	rawKeys, err := loadJSONKeySetRaw(data)
-	if err != nil {
-		return nil, err
-	}
-
-	pubKeys := make([]PublicKey, 0, len(rawKeys))
-
-	for _, rawKey := range rawKeys {
-		pubKey, err := UnmarshalPublicKeyJWK(rawKey)
-		if err != nil {
-			return nil, err
-		}
-		pubKeys = append(pubKeys, pubKey)
-	}
-
-	return pubKeys, nil
-}
-
-// UnmarshalPrivateKeyJWK unmarshals the given JSON Web Key into a generic
-// Private Key to be used with libtrust.
-func UnmarshalPrivateKeyJWK(data []byte) (PrivateKey, error) {
-	jwk := make(map[string]interface{})
-
-	err := json.Unmarshal(data, &jwk)
-	if err != nil {
-		return nil, fmt.Errorf(
-			"decoding JWK Private Key JSON data: %s\n", err,
-		)
-	}
-
-	// Get the Key Type value.
-	kty, err := stringFromMap(jwk, "kty")
-	if err != nil {
-		return nil, fmt.Errorf("JWK Private Key type: %s", err)
-	}
-
-	switch {
-	case kty == "EC":
-		// Call out to unmarshal EC private key.
-		return ecPrivateKeyFromMap(jwk)
-	case kty == "RSA":
-		// Call out to unmarshal RSA private key.
-		return rsaPrivateKeyFromMap(jwk)
-	default:
-		return nil, fmt.Errorf(
-			"JWK Private Key type not supported: %q\n", kty,
-		)
-	}
-}
diff --git a/vendor/github.com/docker/libtrust/key_files.go b/vendor/github.com/docker/libtrust/key_files.go
deleted file mode 100644
index c526de545..000000000
--- a/vendor/github.com/docker/libtrust/key_files.go
+++ /dev/null
@@ -1,255 +0,0 @@
-package libtrust
-
-import (
-	"encoding/json"
-	"encoding/pem"
-	"errors"
-	"fmt"
-	"io/ioutil"
-	"os"
-	"strings"
-)
-
-var (
-	// ErrKeyFileDoesNotExist indicates that the private key file does not exist.
-	ErrKeyFileDoesNotExist = errors.New("key file does not exist")
-)
-
-func readKeyFileBytes(filename string) ([]byte, error) {
-	data, err := ioutil.ReadFile(filename)
-	if err != nil {
-		if os.IsNotExist(err) {
-			err = ErrKeyFileDoesNotExist
-		} else {
-			err = fmt.Errorf("unable to read key file %s: %s", filename, err)
-		}
-
-		return nil, err
-	}
-
-	return data, nil
-}
-
-/*
-	Loading and Saving of Public and Private Keys in either PEM or JWK format.
-*/
-
-// LoadKeyFile opens the given filename and attempts to read a Private Key
-// encoded in either PEM or JWK format (if .json or .jwk file extension).
-func LoadKeyFile(filename string) (PrivateKey, error) {
-	contents, err := readKeyFileBytes(filename)
-	if err != nil {
-		return nil, err
-	}
-
-	var key PrivateKey
-
-	if strings.HasSuffix(filename, ".json") || strings.HasSuffix(filename, ".jwk") {
-		key, err = UnmarshalPrivateKeyJWK(contents)
-		if err != nil {
-			return nil, fmt.Errorf("unable to decode private key JWK: %s", err)
-		}
-	} else {
-		key, err = UnmarshalPrivateKeyPEM(contents)
-		if err != nil {
-			return nil, fmt.Errorf("unable to decode private key PEM: %s", err)
-		}
-	}
-
-	return key, nil
-}
-
-// LoadPublicKeyFile opens the given filename and attempts to read a Public Key
-// encoded in either PEM or JWK format (if .json or .jwk file extension).
-func LoadPublicKeyFile(filename string) (PublicKey, error) {
-	contents, err := readKeyFileBytes(filename)
-	if err != nil {
-		return nil, err
-	}
-
-	var key PublicKey
-
-	if strings.HasSuffix(filename, ".json") || strings.HasSuffix(filename, ".jwk") {
-		key, err = UnmarshalPublicKeyJWK(contents)
-		if err != nil {
-			return nil, fmt.Errorf("unable to decode public key JWK: %s", err)
-		}
-	} else {
-		key, err = UnmarshalPublicKeyPEM(contents)
-		if err != nil {
-			return nil, fmt.Errorf("unable to decode public key PEM: %s", err)
-		}
-	}
-
-	return key, nil
-}
-
-// SaveKey saves the given key to a file using the provided filename.
-// This process will overwrite any existing file at the provided location.
-func SaveKey(filename string, key PrivateKey) error {
-	var encodedKey []byte
-	var err error
-
-	if strings.HasSuffix(filename, ".json") || strings.HasSuffix(filename, ".jwk") {
-		// Encode in JSON Web Key format.
-		encodedKey, err = json.MarshalIndent(key, "", "    ")
-		if err != nil {
-			return fmt.Errorf("unable to encode private key JWK: %s", err)
-		}
-	} else {
-		// Encode in PEM format.
-		pemBlock, err := key.PEMBlock()
-		if err != nil {
-			return fmt.Errorf("unable to encode private key PEM: %s", err)
-		}
-		encodedKey = pem.EncodeToMemory(pemBlock)
-	}
-
-	err = ioutil.WriteFile(filename, encodedKey, os.FileMode(0600))
-	if err != nil {
-		return fmt.Errorf("unable to write private key file %s: %s", filename, err)
-	}
-
-	return nil
-}
-
-// SavePublicKey saves the given public key to the file.
-func SavePublicKey(filename string, key PublicKey) error {
-	var encodedKey []byte
-	var err error
-
-	if strings.HasSuffix(filename, ".json") || strings.HasSuffix(filename, ".jwk") {
-		// Encode in JSON Web Key format.
-		encodedKey, err = json.MarshalIndent(key, "", "    ")
-		if err != nil {
-			return fmt.Errorf("unable to encode public key JWK: %s", err)
-		}
-	} else {
-		// Encode in PEM format.
-		pemBlock, err := key.PEMBlock()
-		if err != nil {
-			return fmt.Errorf("unable to encode public key PEM: %s", err)
-		}
-		encodedKey = pem.EncodeToMemory(pemBlock)
-	}
-
-	err = ioutil.WriteFile(filename, encodedKey, os.FileMode(0644))
-	if err != nil {
-		return fmt.Errorf("unable to write public key file %s: %s", filename, err)
-	}
-
-	return nil
-}
-
-// Public Key Set files
-
-type jwkSet struct {
-	Keys []json.RawMessage `json:"keys"`
-}
-
-// LoadKeySetFile loads a key set
-func LoadKeySetFile(filename string) ([]PublicKey, error) {
-	if strings.HasSuffix(filename, ".json") || strings.HasSuffix(filename, ".jwk") {
-		return loadJSONKeySetFile(filename)
-	}
-
-	// Must be a PEM format file
-	return loadPEMKeySetFile(filename)
-}
-
-func loadJSONKeySetRaw(data []byte) ([]json.RawMessage, error) {
-	if len(data) == 0 {
-		// This is okay, just return an empty slice.
-		return []json.RawMessage{}, nil
-	}
-
-	keySet := jwkSet{}
-
-	err := json.Unmarshal(data, &keySet)
-	if err != nil {
-		return nil, fmt.Errorf("unable to decode JSON Web Key Set: %s", err)
-	}
-
-	return keySet.Keys, nil
-}
-
-func loadJSONKeySetFile(filename string) ([]PublicKey, error) {
-	contents, err := readKeyFileBytes(filename)
-	if err != nil && err != ErrKeyFileDoesNotExist {
-		return nil, err
-	}
-
-	return UnmarshalPublicKeyJWKSet(contents)
-}
-
-func loadPEMKeySetFile(filename string) ([]PublicKey, error) {
-	data, err := readKeyFileBytes(filename)
-	if err != nil && err != ErrKeyFileDoesNotExist {
-		return nil, err
-	}
-
-	return UnmarshalPublicKeyPEMBundle(data)
-}
-
-// AddKeySetFile adds a key to a key set
-func AddKeySetFile(filename string, key PublicKey) error {
-	if strings.HasSuffix(filename, ".json") || strings.HasSuffix(filename, ".jwk") {
-		return addKeySetJSONFile(filename, key)
-	}
-
-	// Must be a PEM format file
-	return addKeySetPEMFile(filename, key)
-}
-
-func addKeySetJSONFile(filename string, key PublicKey) error {
-	encodedKey, err := json.Marshal(key)
-	if err != nil {
-		return fmt.Errorf("unable to encode trusted client key: %s", err)
-	}
-
-	contents, err := readKeyFileBytes(filename)
-	if err != nil && err != ErrKeyFileDoesNotExist {
-		return err
-	}
-
-	rawEntries, err := loadJSONKeySetRaw(contents)
-	if err != nil {
-		return err
-	}
-
-	rawEntries = append(rawEntries, json.RawMessage(encodedKey))
-	entriesWrapper := jwkSet{Keys: rawEntries}
-
-	encodedEntries, err := json.MarshalIndent(entriesWrapper, "", "    ")
-	if err != nil {
-		return fmt.Errorf("unable to encode trusted client keys: %s", err)
-	}
-
-	err = ioutil.WriteFile(filename, encodedEntries, os.FileMode(0644))
-	if err != nil {
-		return fmt.Errorf("unable to write trusted client keys file %s: %s", filename, err)
-	}
-
-	return nil
-}
-
-func addKeySetPEMFile(filename string, key PublicKey) error {
-	// Encode to PEM, open file for appending, write PEM.
-	file, err := os.OpenFile(filename, os.O_CREATE|os.O_APPEND|os.O_RDWR, os.FileMode(0644))
-	if err != nil {
-		return fmt.Errorf("unable to open trusted client keys file %s: %s", filename, err)
-	}
-	defer file.Close()
-
-	pemBlock, err := key.PEMBlock()
-	if err != nil {
-		return fmt.Errorf("unable to encoded trusted key: %s", err)
-	}
-
-	_, err = file.Write(pem.EncodeToMemory(pemBlock))
-	if err != nil {
-		return fmt.Errorf("unable to write trusted keys file: %s", err)
-	}
-
-	return nil
-}
diff --git a/vendor/github.com/docker/libtrust/key_manager.go b/vendor/github.com/docker/libtrust/key_manager.go
deleted file mode 100644
index 9a98ae357..000000000
--- a/vendor/github.com/docker/libtrust/key_manager.go
+++ /dev/null
@@ -1,175 +0,0 @@
-package libtrust
-
-import (
-	"crypto/tls"
-	"crypto/x509"
-	"fmt"
-	"io/ioutil"
-	"net"
-	"os"
-	"path"
-	"sync"
-)
-
-// ClientKeyManager manages client keys on the filesystem
-type ClientKeyManager struct {
-	key        PrivateKey
-	clientFile string
-	clientDir  string
-
-	clientLock sync.RWMutex
-	clients    []PublicKey
-
-	configLock sync.Mutex
-	configs    []*tls.Config
-}
-
-// NewClientKeyManager loads a new manager from a set of key files
-// and managed by the given private key.
-func NewClientKeyManager(trustKey PrivateKey, clientFile, clientDir string) (*ClientKeyManager, error) {
-	m := &ClientKeyManager{
-		key:        trustKey,
-		clientFile: clientFile,
-		clientDir:  clientDir,
-	}
-	if err := m.loadKeys(); err != nil {
-		return nil, err
-	}
-	// TODO Start watching file and directory
-
-	return m, nil
-}
-
-func (c *ClientKeyManager) loadKeys() (err error) {
-	// Load authorized keys file
-	var clients []PublicKey
-	if c.clientFile != "" {
-		clients, err = LoadKeySetFile(c.clientFile)
-		if err != nil {
-			return fmt.Errorf("unable to load authorized keys: %s", err)
-		}
-	}
-
-	// Add clients from authorized keys directory
-	files, err := ioutil.ReadDir(c.clientDir)
-	if err != nil && !os.IsNotExist(err) {
-		return fmt.Errorf("unable to open authorized keys directory: %s", err)
-	}
-	for _, f := range files {
-		if !f.IsDir() {
-			publicKey, err := LoadPublicKeyFile(path.Join(c.clientDir, f.Name()))
-			if err != nil {
-				return fmt.Errorf("unable to load authorized key file: %s", err)
-			}
-			clients = append(clients, publicKey)
-		}
-	}
-
-	c.clientLock.Lock()
-	c.clients = clients
-	c.clientLock.Unlock()
-
-	return nil
-}
-
-// RegisterTLSConfig registers a tls configuration to manager
-// such that any changes to the keys may be reflected in
-// the tls client CA pool
-func (c *ClientKeyManager) RegisterTLSConfig(tlsConfig *tls.Config) error {
-	c.clientLock.RLock()
-	certPool, err := GenerateCACertPool(c.key, c.clients)
-	if err != nil {
-		return fmt.Errorf("CA pool generation error: %s", err)
-	}
-	c.clientLock.RUnlock()
-
-	tlsConfig.ClientCAs = certPool
-
-	c.configLock.Lock()
-	c.configs = append(c.configs, tlsConfig)
-	c.configLock.Unlock()
-
-	return nil
-}
-
-// NewIdentityAuthTLSConfig creates a tls.Config for the server to use for
-// libtrust identity authentication for the domain specified
-func NewIdentityAuthTLSConfig(trustKey PrivateKey, clients *ClientKeyManager, addr string, domain string) (*tls.Config, error) {
-	tlsConfig := newTLSConfig()
-
-	tlsConfig.ClientAuth = tls.RequireAndVerifyClientCert
-	if err := clients.RegisterTLSConfig(tlsConfig); err != nil {
-		return nil, err
-	}
-
-	// Generate cert
-	ips, domains, err := parseAddr(addr)
-	if err != nil {
-		return nil, err
-	}
-	// add domain that it expects clients to use
-	domains = append(domains, domain)
-	x509Cert, err := GenerateSelfSignedServerCert(trustKey, domains, ips)
-	if err != nil {
-		return nil, fmt.Errorf("certificate generation error: %s", err)
-	}
-	tlsConfig.Certificates = []tls.Certificate{{
-		Certificate: [][]byte{x509Cert.Raw},
-		PrivateKey:  trustKey.CryptoPrivateKey(),
-		Leaf:        x509Cert,
-	}}
-
-	return tlsConfig, nil
-}
-
-// NewCertAuthTLSConfig creates a tls.Config for the server to use for
-// certificate authentication
-func NewCertAuthTLSConfig(caPath, certPath, keyPath string) (*tls.Config, error) {
-	tlsConfig := newTLSConfig()
-
-	cert, err := tls.LoadX509KeyPair(certPath, keyPath)
-	if err != nil {
-		return nil, fmt.Errorf("Couldn't load X509 key pair (%s, %s): %s. Key encrypted?", certPath, keyPath, err)
-	}
-	tlsConfig.Certificates = []tls.Certificate{cert}
-
-	// Verify client certificates against a CA?
-	if caPath != "" {
-		certPool := x509.NewCertPool()
-		file, err := ioutil.ReadFile(caPath)
-		if err != nil {
-			return nil, fmt.Errorf("Couldn't read CA certificate: %s", err)
-		}
-		certPool.AppendCertsFromPEM(file)
-
-		tlsConfig.ClientAuth = tls.RequireAndVerifyClientCert
-		tlsConfig.ClientCAs = certPool
-	}
-
-	return tlsConfig, nil
-}
-
-func newTLSConfig() *tls.Config {
-	return &tls.Config{
-		NextProtos: []string{"http/1.1"},
-		// Avoid fallback on insecure SSL protocols
-		MinVersion: tls.VersionTLS10,
-	}
-}
-
-// parseAddr parses an address into an array of IPs and domains
-func parseAddr(addr string) ([]net.IP, []string, error) {
-	host, _, err := net.SplitHostPort(addr)
-	if err != nil {
-		return nil, nil, err
-	}
-	var domains []string
-	var ips []net.IP
-	ip := net.ParseIP(host)
-	if ip != nil {
-		ips = []net.IP{ip}
-	} else {
-		domains = []string{host}
-	}
-	return ips, domains, nil
-}
diff --git a/vendor/github.com/docker/libtrust/rsa_key.go b/vendor/github.com/docker/libtrust/rsa_key.go
deleted file mode 100644
index dac4cacf2..000000000
--- a/vendor/github.com/docker/libtrust/rsa_key.go
+++ /dev/null
@@ -1,427 +0,0 @@
-package libtrust
-
-import (
-	"crypto"
-	"crypto/rand"
-	"crypto/rsa"
-	"crypto/x509"
-	"encoding/json"
-	"encoding/pem"
-	"errors"
-	"fmt"
-	"io"
-	"math/big"
-)
-
-/*
- * RSA DSA PUBLIC KEY
- */
-
-// rsaPublicKey implements a JWK Public Key using RSA digital signature algorithms.
-type rsaPublicKey struct {
-	*rsa.PublicKey
-	extended map[string]interface{}
-}
-
-func fromRSAPublicKey(cryptoPublicKey *rsa.PublicKey) *rsaPublicKey {
-	return &rsaPublicKey{cryptoPublicKey, map[string]interface{}{}}
-}
-
-// KeyType returns the JWK key type for RSA keys, i.e., "RSA".
-func (k *rsaPublicKey) KeyType() string {
-	return "RSA"
-}
-
-// KeyID returns a distinct identifier which is unique to this Public Key.
-func (k *rsaPublicKey) KeyID() string {
-	return keyIDFromCryptoKey(k)
-}
-
-func (k *rsaPublicKey) String() string {
-	return fmt.Sprintf("RSA Public Key <%s>", k.KeyID())
-}
-
-// Verify verifyies the signature of the data in the io.Reader using this Public Key.
-// The alg parameter should be the name of the JWA digital signature algorithm
-// which was used to produce the signature and should be supported by this
-// public key. Returns a nil error if the signature is valid.
-func (k *rsaPublicKey) Verify(data io.Reader, alg string, signature []byte) error {
-	// Verify the signature of the given date, return non-nil error if valid.
-	sigAlg, err := rsaSignatureAlgorithmByName(alg)
-	if err != nil {
-		return fmt.Errorf("unable to verify Signature: %s", err)
-	}
-
-	hasher := sigAlg.HashID().New()
-	_, err = io.Copy(hasher, data)
-	if err != nil {
-		return fmt.Errorf("error reading data to sign: %s", err)
-	}
-	hash := hasher.Sum(nil)
-
-	err = rsa.VerifyPKCS1v15(k.PublicKey, sigAlg.HashID(), hash, signature)
-	if err != nil {
-		return fmt.Errorf("invalid %s signature: %s", sigAlg.HeaderParam(), err)
-	}
-
-	return nil
-}
-
-// CryptoPublicKey returns the internal object which can be used as a
-// crypto.PublicKey for use with other standard library operations. The type
-// is either *rsa.PublicKey or *ecdsa.PublicKey
-func (k *rsaPublicKey) CryptoPublicKey() crypto.PublicKey {
-	return k.PublicKey
-}
-
-func (k *rsaPublicKey) toMap() map[string]interface{} {
-	jwk := make(map[string]interface{})
-	for k, v := range k.extended {
-		jwk[k] = v
-	}
-	jwk["kty"] = k.KeyType()
-	jwk["kid"] = k.KeyID()
-	jwk["n"] = joseBase64UrlEncode(k.N.Bytes())
-	jwk["e"] = joseBase64UrlEncode(serializeRSAPublicExponentParam(k.E))
-
-	return jwk
-}
-
-// MarshalJSON serializes this Public Key using the JWK JSON serialization format for
-// RSA keys.
-func (k *rsaPublicKey) MarshalJSON() (data []byte, err error) {
-	return json.Marshal(k.toMap())
-}
-
-// PEMBlock serializes this Public Key to DER-encoded PKIX format.
-func (k *rsaPublicKey) PEMBlock() (*pem.Block, error) {
-	derBytes, err := x509.MarshalPKIXPublicKey(k.PublicKey)
-	if err != nil {
-		return nil, fmt.Errorf("unable to serialize RSA PublicKey to DER-encoded PKIX format: %s", err)
-	}
-	k.extended["kid"] = k.KeyID() // For display purposes.
-	return createPemBlock("PUBLIC KEY", derBytes, k.extended)
-}
-
-func (k *rsaPublicKey) AddExtendedField(field string, value interface{}) {
-	k.extended[field] = value
-}
-
-func (k *rsaPublicKey) GetExtendedField(field string) interface{} {
-	v, ok := k.extended[field]
-	if !ok {
-		return nil
-	}
-	return v
-}
-
-func rsaPublicKeyFromMap(jwk map[string]interface{}) (*rsaPublicKey, error) {
-	// JWK key type (kty) has already been determined to be "RSA".
-	// Need to extract 'n', 'e', and 'kid' and check for
-	// consistency.
-
-	// Get the modulus parameter N.
-	nB64Url, err := stringFromMap(jwk, "n")
-	if err != nil {
-		return nil, fmt.Errorf("JWK RSA Public Key modulus: %s", err)
-	}
-
-	n, err := parseRSAModulusParam(nB64Url)
-	if err != nil {
-		return nil, fmt.Errorf("JWK RSA Public Key modulus: %s", err)
-	}
-
-	// Get the public exponent E.
-	eB64Url, err := stringFromMap(jwk, "e")
-	if err != nil {
-		return nil, fmt.Errorf("JWK RSA Public Key exponent: %s", err)
-	}
-
-	e, err := parseRSAPublicExponentParam(eB64Url)
-	if err != nil {
-		return nil, fmt.Errorf("JWK RSA Public Key exponent: %s", err)
-	}
-
-	key := &rsaPublicKey{
-		PublicKey: &rsa.PublicKey{N: n, E: e},
-	}
-
-	// Key ID is optional, but if it exists, it should match the key.
-	_, ok := jwk["kid"]
-	if ok {
-		kid, err := stringFromMap(jwk, "kid")
-		if err != nil {
-			return nil, fmt.Errorf("JWK RSA Public Key ID: %s", err)
-		}
-		if kid != key.KeyID() {
-			return nil, fmt.Errorf("JWK RSA Public Key ID does not match: %s", kid)
-		}
-	}
-
-	if _, ok := jwk["d"]; ok {
-		return nil, fmt.Errorf("JWK RSA Public Key cannot contain private exponent")
-	}
-
-	key.extended = jwk
-
-	return key, nil
-}
-
-/*
- * RSA DSA PRIVATE KEY
- */
-
-// rsaPrivateKey implements a JWK Private Key using RSA digital signature algorithms.
-type rsaPrivateKey struct {
-	rsaPublicKey
-	*rsa.PrivateKey
-}
-
-func fromRSAPrivateKey(cryptoPrivateKey *rsa.PrivateKey) *rsaPrivateKey {
-	return &rsaPrivateKey{
-		*fromRSAPublicKey(&cryptoPrivateKey.PublicKey),
-		cryptoPrivateKey,
-	}
-}
-
-// PublicKey returns the Public Key data associated with this Private Key.
-func (k *rsaPrivateKey) PublicKey() PublicKey {
-	return &k.rsaPublicKey
-}
-
-func (k *rsaPrivateKey) String() string {
-	return fmt.Sprintf("RSA Private Key <%s>", k.KeyID())
-}
-
-// Sign signs the data read from the io.Reader using a signature algorithm supported
-// by the RSA private key. If the specified hashing algorithm is supported by
-// this key, that hash function is used to generate the signature otherwise the
-// the default hashing algorithm for this key is used. Returns the signature
-// and the name of the JWK signature algorithm used, e.g., "RS256", "RS384",
-// "RS512".
-func (k *rsaPrivateKey) Sign(data io.Reader, hashID crypto.Hash) (signature []byte, alg string, err error) {
-	// Generate a signature of the data using the internal alg.
-	sigAlg := rsaPKCS1v15SignatureAlgorithmForHashID(hashID)
-	hasher := sigAlg.HashID().New()
-
-	_, err = io.Copy(hasher, data)
-	if err != nil {
-		return nil, "", fmt.Errorf("error reading data to sign: %s", err)
-	}
-	hash := hasher.Sum(nil)
-
-	signature, err = rsa.SignPKCS1v15(rand.Reader, k.PrivateKey, sigAlg.HashID(), hash)
-	if err != nil {
-		return nil, "", fmt.Errorf("error producing signature: %s", err)
-	}
-
-	alg = sigAlg.HeaderParam()
-
-	return
-}
-
-// CryptoPrivateKey returns the internal object which can be used as a
-// crypto.PublicKey for use with other standard library operations. The type
-// is either *rsa.PublicKey or *ecdsa.PublicKey
-func (k *rsaPrivateKey) CryptoPrivateKey() crypto.PrivateKey {
-	return k.PrivateKey
-}
-
-func (k *rsaPrivateKey) toMap() map[string]interface{} {
-	k.Precompute() // Make sure the precomputed values are stored.
-	jwk := k.rsaPublicKey.toMap()
-
-	jwk["d"] = joseBase64UrlEncode(k.D.Bytes())
-	jwk["p"] = joseBase64UrlEncode(k.Primes[0].Bytes())
-	jwk["q"] = joseBase64UrlEncode(k.Primes[1].Bytes())
-	jwk["dp"] = joseBase64UrlEncode(k.Precomputed.Dp.Bytes())
-	jwk["dq"] = joseBase64UrlEncode(k.Precomputed.Dq.Bytes())
-	jwk["qi"] = joseBase64UrlEncode(k.Precomputed.Qinv.Bytes())
-
-	otherPrimes := k.Primes[2:]
-
-	if len(otherPrimes) > 0 {
-		otherPrimesInfo := make([]interface{}, len(otherPrimes))
-		for i, r := range otherPrimes {
-			otherPrimeInfo := make(map[string]string, 3)
-			otherPrimeInfo["r"] = joseBase64UrlEncode(r.Bytes())
-			crtVal := k.Precomputed.CRTValues[i]
-			otherPrimeInfo["d"] = joseBase64UrlEncode(crtVal.Exp.Bytes())
-			otherPrimeInfo["t"] = joseBase64UrlEncode(crtVal.Coeff.Bytes())
-			otherPrimesInfo[i] = otherPrimeInfo
-		}
-		jwk["oth"] = otherPrimesInfo
-	}
-
-	return jwk
-}
-
-// MarshalJSON serializes this Private Key using the JWK JSON serialization format for
-// RSA keys.
-func (k *rsaPrivateKey) MarshalJSON() (data []byte, err error) {
-	return json.Marshal(k.toMap())
-}
-
-// PEMBlock serializes this Private Key to DER-encoded PKIX format.
-func (k *rsaPrivateKey) PEMBlock() (*pem.Block, error) {
-	derBytes := x509.MarshalPKCS1PrivateKey(k.PrivateKey)
-	k.extended["keyID"] = k.KeyID() // For display purposes.
-	return createPemBlock("RSA PRIVATE KEY", derBytes, k.extended)
-}
-
-func rsaPrivateKeyFromMap(jwk map[string]interface{}) (*rsaPrivateKey, error) {
-	// The JWA spec for RSA Private Keys (draft rfc section 5.3.2) states that
-	// only the private key exponent 'd' is REQUIRED, the others are just for
-	// signature/decryption optimizations and SHOULD be included when the JWK
-	// is produced. We MAY choose to accept a JWK which only includes 'd', but
-	// we're going to go ahead and not choose to accept it without the extra
-	// fields. Only the 'oth' field will be optional (for multi-prime keys).
-	privateExponent, err := parseRSAPrivateKeyParamFromMap(jwk, "d")
-	if err != nil {
-		return nil, fmt.Errorf("JWK RSA Private Key exponent: %s", err)
-	}
-	firstPrimeFactor, err := parseRSAPrivateKeyParamFromMap(jwk, "p")
-	if err != nil {
-		return nil, fmt.Errorf("JWK RSA Private Key prime factor: %s", err)
-	}
-	secondPrimeFactor, err := parseRSAPrivateKeyParamFromMap(jwk, "q")
-	if err != nil {
-		return nil, fmt.Errorf("JWK RSA Private Key prime factor: %s", err)
-	}
-	firstFactorCRT, err := parseRSAPrivateKeyParamFromMap(jwk, "dp")
-	if err != nil {
-		return nil, fmt.Errorf("JWK RSA Private Key CRT exponent: %s", err)
-	}
-	secondFactorCRT, err := parseRSAPrivateKeyParamFromMap(jwk, "dq")
-	if err != nil {
-		return nil, fmt.Errorf("JWK RSA Private Key CRT exponent: %s", err)
-	}
-	crtCoeff, err := parseRSAPrivateKeyParamFromMap(jwk, "qi")
-	if err != nil {
-		return nil, fmt.Errorf("JWK RSA Private Key CRT coefficient: %s", err)
-	}
-
-	var oth interface{}
-	if _, ok := jwk["oth"]; ok {
-		oth = jwk["oth"]
-		delete(jwk, "oth")
-	}
-
-	// JWK key type (kty) has already been determined to be "RSA".
-	// Need to extract the public key information, then extract the private
-	// key values.
-	publicKey, err := rsaPublicKeyFromMap(jwk)
-	if err != nil {
-		return nil, err
-	}
-
-	privateKey := &rsa.PrivateKey{
-		PublicKey: *publicKey.PublicKey,
-		D:         privateExponent,
-		Primes:    []*big.Int{firstPrimeFactor, secondPrimeFactor},
-		Precomputed: rsa.PrecomputedValues{
-			Dp:   firstFactorCRT,
-			Dq:   secondFactorCRT,
-			Qinv: crtCoeff,
-		},
-	}
-
-	if oth != nil {
-		// Should be an array of more JSON objects.
-		otherPrimesInfo, ok := oth.([]interface{})
-		if !ok {
-			return nil, errors.New("JWK RSA Private Key: Invalid other primes info: must be an array")
-		}
-		numOtherPrimeFactors := len(otherPrimesInfo)
-		if numOtherPrimeFactors == 0 {
-			return nil, errors.New("JWK RSA Privake Key: Invalid other primes info: must be absent or non-empty")
-		}
-		otherPrimeFactors := make([]*big.Int, numOtherPrimeFactors)
-		productOfPrimes := new(big.Int).Mul(firstPrimeFactor, secondPrimeFactor)
-		crtValues := make([]rsa.CRTValue, numOtherPrimeFactors)
-
-		for i, val := range otherPrimesInfo {
-			otherPrimeinfo, ok := val.(map[string]interface{})
-			if !ok {
-				return nil, errors.New("JWK RSA Private Key: Invalid other prime info: must be a JSON object")
-			}
-
-			otherPrimeFactor, err := parseRSAPrivateKeyParamFromMap(otherPrimeinfo, "r")
-			if err != nil {
-				return nil, fmt.Errorf("JWK RSA Private Key prime factor: %s", err)
-			}
-			otherFactorCRT, err := parseRSAPrivateKeyParamFromMap(otherPrimeinfo, "d")
-			if err != nil {
-				return nil, fmt.Errorf("JWK RSA Private Key CRT exponent: %s", err)
-			}
-			otherCrtCoeff, err := parseRSAPrivateKeyParamFromMap(otherPrimeinfo, "t")
-			if err != nil {
-				return nil, fmt.Errorf("JWK RSA Private Key CRT coefficient: %s", err)
-			}
-
-			crtValue := crtValues[i]
-			crtValue.Exp = otherFactorCRT
-			crtValue.Coeff = otherCrtCoeff
-			crtValue.R = productOfPrimes
-			otherPrimeFactors[i] = otherPrimeFactor
-			productOfPrimes = new(big.Int).Mul(productOfPrimes, otherPrimeFactor)
-		}
-
-		privateKey.Primes = append(privateKey.Primes, otherPrimeFactors...)
-		privateKey.Precomputed.CRTValues = crtValues
-	}
-
-	key := &rsaPrivateKey{
-		rsaPublicKey: *publicKey,
-		PrivateKey:   privateKey,
-	}
-
-	return key, nil
-}
-
-/*
- *	Key Generation Functions.
- */
-
-func generateRSAPrivateKey(bits int) (k *rsaPrivateKey, err error) {
-	k = new(rsaPrivateKey)
-	k.PrivateKey, err = rsa.GenerateKey(rand.Reader, bits)
-	if err != nil {
-		return nil, err
-	}
-
-	k.rsaPublicKey.PublicKey = &k.PrivateKey.PublicKey
-	k.extended = make(map[string]interface{})
-
-	return
-}
-
-// GenerateRSA2048PrivateKey generates a key pair using 2048-bit RSA.
-func GenerateRSA2048PrivateKey() (PrivateKey, error) {
-	k, err := generateRSAPrivateKey(2048)
-	if err != nil {
-		return nil, fmt.Errorf("error generating RSA 2048-bit key: %s", err)
-	}
-
-	return k, nil
-}
-
-// GenerateRSA3072PrivateKey generates a key pair using 3072-bit RSA.
-func GenerateRSA3072PrivateKey() (PrivateKey, error) {
-	k, err := generateRSAPrivateKey(3072)
-	if err != nil {
-		return nil, fmt.Errorf("error generating RSA 3072-bit key: %s", err)
-	}
-
-	return k, nil
-}
-
-// GenerateRSA4096PrivateKey generates a key pair using 4096-bit RSA.
-func GenerateRSA4096PrivateKey() (PrivateKey, error) {
-	k, err := generateRSAPrivateKey(4096)
-	if err != nil {
-		return nil, fmt.Errorf("error generating RSA 4096-bit key: %s", err)
-	}
-
-	return k, nil
-}
diff --git a/vendor/github.com/docker/libtrust/util.go b/vendor/github.com/docker/libtrust/util.go
deleted file mode 100644
index a5a101d3f..000000000
--- a/vendor/github.com/docker/libtrust/util.go
+++ /dev/null
@@ -1,363 +0,0 @@
-package libtrust
-
-import (
-	"bytes"
-	"crypto"
-	"crypto/elliptic"
-	"crypto/tls"
-	"crypto/x509"
-	"encoding/base32"
-	"encoding/base64"
-	"encoding/binary"
-	"encoding/pem"
-	"errors"
-	"fmt"
-	"math/big"
-	"net/url"
-	"os"
-	"path/filepath"
-	"strings"
-	"time"
-)
-
-// LoadOrCreateTrustKey will load a PrivateKey from the specified path
-func LoadOrCreateTrustKey(trustKeyPath string) (PrivateKey, error) {
-	if err := os.MkdirAll(filepath.Dir(trustKeyPath), 0700); err != nil {
-		return nil, err
-	}
-
-	trustKey, err := LoadKeyFile(trustKeyPath)
-	if err == ErrKeyFileDoesNotExist {
-		trustKey, err = GenerateECP256PrivateKey()
-		if err != nil {
-			return nil, fmt.Errorf("error generating key: %s", err)
-		}
-
-		if err := SaveKey(trustKeyPath, trustKey); err != nil {
-			return nil, fmt.Errorf("error saving key file: %s", err)
-		}
-
-		dir, file := filepath.Split(trustKeyPath)
-		if err := SavePublicKey(filepath.Join(dir, "public-"+file), trustKey.PublicKey()); err != nil {
-			return nil, fmt.Errorf("error saving public key file: %s", err)
-		}
-	} else if err != nil {
-		return nil, fmt.Errorf("error loading key file: %s", err)
-	}
-	return trustKey, nil
-}
-
-// NewIdentityAuthTLSClientConfig returns a tls.Config configured to use identity
-// based authentication from the specified dockerUrl, the rootConfigPath and
-// the server name to which it is connecting.
-// If trustUnknownHosts is true it will automatically add the host to the
-// known-hosts.json in rootConfigPath.
-func NewIdentityAuthTLSClientConfig(dockerUrl string, trustUnknownHosts bool, rootConfigPath string, serverName string) (*tls.Config, error) {
-	tlsConfig := newTLSConfig()
-
-	trustKeyPath := filepath.Join(rootConfigPath, "key.json")
-	knownHostsPath := filepath.Join(rootConfigPath, "known-hosts.json")
-
-	u, err := url.Parse(dockerUrl)
-	if err != nil {
-		return nil, fmt.Errorf("unable to parse machine url")
-	}
-
-	if u.Scheme == "unix" {
-		return nil, nil
-	}
-
-	addr := u.Host
-	proto := "tcp"
-
-	trustKey, err := LoadOrCreateTrustKey(trustKeyPath)
-	if err != nil {
-		return nil, fmt.Errorf("unable to load trust key: %s", err)
-	}
-
-	knownHosts, err := LoadKeySetFile(knownHostsPath)
-	if err != nil {
-		return nil, fmt.Errorf("could not load trusted hosts file: %s", err)
-	}
-
-	allowedHosts, err := FilterByHosts(knownHosts, addr, false)
-	if err != nil {
-		return nil, fmt.Errorf("error filtering hosts: %s", err)
-	}
-
-	certPool, err := GenerateCACertPool(trustKey, allowedHosts)
-	if err != nil {
-		return nil, fmt.Errorf("Could not create CA pool: %s", err)
-	}
-
-	tlsConfig.ServerName = serverName
-	tlsConfig.RootCAs = certPool
-
-	x509Cert, err := GenerateSelfSignedClientCert(trustKey)
-	if err != nil {
-		return nil, fmt.Errorf("certificate generation error: %s", err)
-	}
-
-	tlsConfig.Certificates = []tls.Certificate{{
-		Certificate: [][]byte{x509Cert.Raw},
-		PrivateKey:  trustKey.CryptoPrivateKey(),
-		Leaf:        x509Cert,
-	}}
-
-	tlsConfig.InsecureSkipVerify = true
-
-	testConn, err := tls.Dial(proto, addr, tlsConfig)
-	if err != nil {
-		return nil, fmt.Errorf("tls Handshake error: %s", err)
-	}
-
-	opts := x509.VerifyOptions{
-		Roots:         tlsConfig.RootCAs,
-		CurrentTime:   time.Now(),
-		DNSName:       tlsConfig.ServerName,
-		Intermediates: x509.NewCertPool(),
-	}
-
-	certs := testConn.ConnectionState().PeerCertificates
-	for i, cert := range certs {
-		if i == 0 {
-			continue
-		}
-		opts.Intermediates.AddCert(cert)
-	}
-
-	if _, err := certs[0].Verify(opts); err != nil {
-		if _, ok := err.(x509.UnknownAuthorityError); ok {
-			if trustUnknownHosts {
-				pubKey, err := FromCryptoPublicKey(certs[0].PublicKey)
-				if err != nil {
-					return nil, fmt.Errorf("error extracting public key from cert: %s", err)
-				}
-
-				pubKey.AddExtendedField("hosts", []string{addr})
-
-				if err := AddKeySetFile(knownHostsPath, pubKey); err != nil {
-					return nil, fmt.Errorf("error adding machine to known hosts: %s", err)
-				}
-			} else {
-				return nil, fmt.Errorf("unable to connect.  unknown host: %s", addr)
-			}
-		}
-	}
-
-	testConn.Close()
-	tlsConfig.InsecureSkipVerify = false
-
-	return tlsConfig, nil
-}
-
-// joseBase64UrlEncode encodes the given data using the standard base64 url
-// encoding format but with all trailing '=' characters omitted in accordance
-// with the jose specification.
-// http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-31#section-2
-func joseBase64UrlEncode(b []byte) string {
-	return strings.TrimRight(base64.URLEncoding.EncodeToString(b), "=")
-}
-
-// joseBase64UrlDecode decodes the given string using the standard base64 url
-// decoder but first adds the appropriate number of trailing '=' characters in
-// accordance with the jose specification.
-// http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-31#section-2
-func joseBase64UrlDecode(s string) ([]byte, error) {
-	s = strings.Replace(s, "\n", "", -1)
-	s = strings.Replace(s, " ", "", -1)
-	switch len(s) % 4 {
-	case 0:
-	case 2:
-		s += "=="
-	case 3:
-		s += "="
-	default:
-		return nil, errors.New("illegal base64url string")
-	}
-	return base64.URLEncoding.DecodeString(s)
-}
-
-func keyIDEncode(b []byte) string {
-	s := strings.TrimRight(base32.StdEncoding.EncodeToString(b), "=")
-	var buf bytes.Buffer
-	var i int
-	for i = 0; i < len(s)/4-1; i++ {
-		start := i * 4
-		end := start + 4
-		buf.WriteString(s[start:end] + ":")
-	}
-	buf.WriteString(s[i*4:])
-	return buf.String()
-}
-
-func keyIDFromCryptoKey(pubKey PublicKey) string {
-	// Generate and return a 'libtrust' fingerprint of the public key.
-	// For an RSA key this should be:
-	//   SHA256(DER encoded ASN1)
-	// Then truncated to 240 bits and encoded into 12 base32 groups like so:
-	//   ABCD:EFGH:IJKL:MNOP:QRST:UVWX:YZ23:4567:ABCD:EFGH:IJKL:MNOP
-	derBytes, err := x509.MarshalPKIXPublicKey(pubKey.CryptoPublicKey())
-	if err != nil {
-		return ""
-	}
-	hasher := crypto.SHA256.New()
-	hasher.Write(derBytes)
-	return keyIDEncode(hasher.Sum(nil)[:30])
-}
-
-func stringFromMap(m map[string]interface{}, key string) (string, error) {
-	val, ok := m[key]
-	if !ok {
-		return "", fmt.Errorf("%q value not specified", key)
-	}
-
-	str, ok := val.(string)
-	if !ok {
-		return "", fmt.Errorf("%q value must be a string", key)
-	}
-	delete(m, key)
-
-	return str, nil
-}
-
-func parseECCoordinate(cB64Url string, curve elliptic.Curve) (*big.Int, error) {
-	curveByteLen := (curve.Params().BitSize + 7) >> 3
-
-	cBytes, err := joseBase64UrlDecode(cB64Url)
-	if err != nil {
-		return nil, fmt.Errorf("invalid base64 URL encoding: %s", err)
-	}
-	cByteLength := len(cBytes)
-	if cByteLength != curveByteLen {
-		return nil, fmt.Errorf("invalid number of octets: got %d, should be %d", cByteLength, curveByteLen)
-	}
-	return new(big.Int).SetBytes(cBytes), nil
-}
-
-func parseECPrivateParam(dB64Url string, curve elliptic.Curve) (*big.Int, error) {
-	dBytes, err := joseBase64UrlDecode(dB64Url)
-	if err != nil {
-		return nil, fmt.Errorf("invalid base64 URL encoding: %s", err)
-	}
-
-	// The length of this octet string MUST be ceiling(log-base-2(n)/8)
-	// octets (where n is the order of the curve). This is because the private
-	// key d must be in the interval [1, n-1] so the bitlength of d should be
-	// no larger than the bitlength of n-1. The easiest way to find the octet
-	// length is to take bitlength(n-1), add 7 to force a carry, and shift this
-	// bit sequence right by 3, which is essentially dividing by 8 and adding
-	// 1 if there is any remainder. Thus, the private key value d should be
-	// output to (bitlength(n-1)+7)>>3 octets.
-	n := curve.Params().N
-	octetLength := (new(big.Int).Sub(n, big.NewInt(1)).BitLen() + 7) >> 3
-	dByteLength := len(dBytes)
-
-	if dByteLength != octetLength {
-		return nil, fmt.Errorf("invalid number of octets: got %d, should be %d", dByteLength, octetLength)
-	}
-
-	return new(big.Int).SetBytes(dBytes), nil
-}
-
-func parseRSAModulusParam(nB64Url string) (*big.Int, error) {
-	nBytes, err := joseBase64UrlDecode(nB64Url)
-	if err != nil {
-		return nil, fmt.Errorf("invalid base64 URL encoding: %s", err)
-	}
-
-	return new(big.Int).SetBytes(nBytes), nil
-}
-
-func serializeRSAPublicExponentParam(e int) []byte {
-	// We MUST use the minimum number of octets to represent E.
-	// E is supposed to be 65537 for performance and security reasons
-	// and is what golang's rsa package generates, but it might be
-	// different if imported from some other generator.
-	buf := make([]byte, 4)
-	binary.BigEndian.PutUint32(buf, uint32(e))
-	var i int
-	for i = 0; i < 8; i++ {
-		if buf[i] != 0 {
-			break
-		}
-	}
-	return buf[i:]
-}
-
-func parseRSAPublicExponentParam(eB64Url string) (int, error) {
-	eBytes, err := joseBase64UrlDecode(eB64Url)
-	if err != nil {
-		return 0, fmt.Errorf("invalid base64 URL encoding: %s", err)
-	}
-	// Only the minimum number of bytes were used to represent E, but
-	// binary.BigEndian.Uint32 expects at least 4 bytes, so we need
-	// to add zero padding if necassary.
-	byteLen := len(eBytes)
-	buf := make([]byte, 4-byteLen, 4)
-	eBytes = append(buf, eBytes...)
-
-	return int(binary.BigEndian.Uint32(eBytes)), nil
-}
-
-func parseRSAPrivateKeyParamFromMap(m map[string]interface{}, key string) (*big.Int, error) {
-	b64Url, err := stringFromMap(m, key)
-	if err != nil {
-		return nil, err
-	}
-
-	paramBytes, err := joseBase64UrlDecode(b64Url)
-	if err != nil {
-		return nil, fmt.Errorf("invaled base64 URL encoding: %s", err)
-	}
-
-	return new(big.Int).SetBytes(paramBytes), nil
-}
-
-func createPemBlock(name string, derBytes []byte, headers map[string]interface{}) (*pem.Block, error) {
-	pemBlock := &pem.Block{Type: name, Bytes: derBytes, Headers: map[string]string{}}
-	for k, v := range headers {
-		switch val := v.(type) {
-		case string:
-			pemBlock.Headers[k] = val
-		case []string:
-			if k == "hosts" {
-				pemBlock.Headers[k] = strings.Join(val, ",")
-			} else {
-				// Return error, non-encodable type
-			}
-		default:
-			// Return error, non-encodable type
-		}
-	}
-
-	return pemBlock, nil
-}
-
-func pubKeyFromPEMBlock(pemBlock *pem.Block) (PublicKey, error) {
-	cryptoPublicKey, err := x509.ParsePKIXPublicKey(pemBlock.Bytes)
-	if err != nil {
-		return nil, fmt.Errorf("unable to decode Public Key PEM data: %s", err)
-	}
-
-	pubKey, err := FromCryptoPublicKey(cryptoPublicKey)
-	if err != nil {
-		return nil, err
-	}
-
-	addPEMHeadersToKey(pemBlock, pubKey)
-
-	return pubKey, nil
-}
-
-func addPEMHeadersToKey(pemBlock *pem.Block, pubKey PublicKey) {
-	for key, value := range pemBlock.Headers {
-		var safeVal interface{}
-		if key == "hosts" {
-			safeVal = strings.Split(value, ",")
-		} else {
-			safeVal = value
-		}
-		pubKey.AddExtendedField(key, safeVal)
-	}
-}
diff --git a/vendor/github.com/felixge/httpsnoop/.gitignore b/vendor/github.com/felixge/httpsnoop/.gitignore
deleted file mode 100644
index e69de29bb..000000000
diff --git a/vendor/github.com/felixge/httpsnoop/.travis.yml b/vendor/github.com/felixge/httpsnoop/.travis.yml
deleted file mode 100644
index bfc421200..000000000
--- a/vendor/github.com/felixge/httpsnoop/.travis.yml
+++ /dev/null
@@ -1,6 +0,0 @@
-language: go
-
-go:
-  - 1.6
-  - 1.7
-  - 1.8
diff --git a/vendor/github.com/felixge/httpsnoop/LICENSE.txt b/vendor/github.com/felixge/httpsnoop/LICENSE.txt
deleted file mode 100644
index e028b46a9..000000000
--- a/vendor/github.com/felixge/httpsnoop/LICENSE.txt
+++ /dev/null
@@ -1,19 +0,0 @@
-Copyright (c) 2016 Felix Geisendörfer (felix@debuggable.com)
-
- Permission is hereby granted, free of charge, to any person obtaining a copy
- of this software and associated documentation files (the "Software"), to deal
- in the Software without restriction, including without limitation the rights
- to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- copies of the Software, and to permit persons to whom the Software is
- furnished to do so, subject to the following conditions:
-
- The above copyright notice and this permission notice shall be included in
- all copies or substantial portions of the Software.
-
- THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- THE SOFTWARE.
diff --git a/vendor/github.com/felixge/httpsnoop/Makefile b/vendor/github.com/felixge/httpsnoop/Makefile
deleted file mode 100644
index 2d84889ae..000000000
--- a/vendor/github.com/felixge/httpsnoop/Makefile
+++ /dev/null
@@ -1,10 +0,0 @@
-.PHONY: ci generate clean
-
-ci: clean generate
-	go test -v ./...
-
-generate:
-	go generate .
-
-clean:
-	rm -rf *_generated*.go
diff --git a/vendor/github.com/felixge/httpsnoop/README.md b/vendor/github.com/felixge/httpsnoop/README.md
deleted file mode 100644
index ddcecd13e..000000000
--- a/vendor/github.com/felixge/httpsnoop/README.md
+++ /dev/null
@@ -1,95 +0,0 @@
-# httpsnoop
-
-Package httpsnoop provides an easy way to capture http related metrics (i.e.
-response time, bytes written, and http status code) from your application's
-http.Handlers.
-
-Doing this requires non-trivial wrapping of the http.ResponseWriter interface,
-which is also exposed for users interested in a more low-level API.
-
-[![GoDoc](https://godoc.org/github.com/felixge/httpsnoop?status.svg)](https://godoc.org/github.com/felixge/httpsnoop)
-[![Build Status](https://travis-ci.org/felixge/httpsnoop.svg?branch=master)](https://travis-ci.org/felixge/httpsnoop)
-
-## Usage Example
-
-```go
-// myH is your app's http handler, perhaps a http.ServeMux or similar.
-var myH http.Handler
-// wrappedH wraps myH in order to log every request.
-wrappedH := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-	m := httpsnoop.CaptureMetrics(myH, w, r)
-	log.Printf(
-		"%s %s (code=%d dt=%s written=%d)",
-		r.Method,
-		r.URL,
-		m.Code,
-		m.Duration,
-		m.Written,
-	)
-})
-http.ListenAndServe(":8080", wrappedH)
-```
-
-## Why this package exists
-
-Instrumenting an application's http.Handler is surprisingly difficult.
-
-However if you google for e.g. "capture ResponseWriter status code" you'll find
-lots of advise and code examples that suggest it to be a fairly trivial
-undertaking. Unfortunately everything I've seen so far has a high chance of
-breaking your application.
-
-The main problem is that a `http.ResponseWriter` often implements additional
-interfaces such as `http.Flusher`, `http.CloseNotifier`, `http.Hijacker`, `http.Pusher`, and
-`io.ReaderFrom`. So the naive approach of just wrapping `http.ResponseWriter`
-in your own struct that also implements the `http.ResponseWriter` interface
-will hide the additional interfaces mentioned above. This has a high change of
-introducing subtle bugs into any non-trivial application.
-
-Another approach I've seen people take is to return a struct that implements
-all of the interfaces above. However, that's also problematic, because it's
-difficult to fake some of these interfaces behaviors when the underlying
-`http.ResponseWriter` doesn't have an implementation. It's also dangerous,
-because an application may choose to operate differently, merely because it
-detects the presence of these additional interfaces.
-
-This package solves this problem by checking which additional interfaces a
-`http.ResponseWriter` implements, returning a wrapped version implementing the
-exact same set of interfaces.
-
-Additionally this package properly handles edge cases such as `WriteHeader` not
-being called, or called more than once, as well as concurrent calls to
-`http.ResponseWriter` methods, and even calls happening after the wrapped
-`ServeHTTP` has already returned.
-
-Unfortunately this package is not perfect either. It's possible that it is
-still missing some interfaces provided by the go core (let me know if you find
-one), and it won't work for applications adding their own interfaces into the
-mix. You can however use `httpsnoop.Unwrap(w)` to access the underlying
-`http.ResponseWriter` and type-assert the result to its other interfaces.
-
-However, hopefully the explanation above has sufficiently scared you of rolling
-your own solution to this problem. httpsnoop may still break your application,
-but at least it tries to avoid it as much as possible.
-
-Anyway, the real problem here is that smuggling additional interfaces inside
-`http.ResponseWriter` is a problematic design choice, but it probably goes as
-deep as the Go language specification itself. But that's okay, I still prefer
-Go over the alternatives ;).
-
-## Performance
-
-```
-BenchmarkBaseline-8      	   20000	     94912 ns/op
-BenchmarkCaptureMetrics-8	   20000	     95461 ns/op
-```
-
-As you can see, using `CaptureMetrics` on a vanilla http.Handler introduces an
-overhead of ~500 ns per http request on my machine. However, the margin of
-error appears to be larger than that, therefor it should be reasonable to
-assume that the overhead introduced by `CaptureMetrics` is absolutely
-negligible.
-
-## License
-
-MIT
diff --git a/vendor/github.com/felixge/httpsnoop/capture_metrics.go b/vendor/github.com/felixge/httpsnoop/capture_metrics.go
deleted file mode 100644
index b77cc7c00..000000000
--- a/vendor/github.com/felixge/httpsnoop/capture_metrics.go
+++ /dev/null
@@ -1,86 +0,0 @@
-package httpsnoop
-
-import (
-	"io"
-	"net/http"
-	"time"
-)
-
-// Metrics holds metrics captured from CaptureMetrics.
-type Metrics struct {
-	// Code is the first http response code passed to the WriteHeader func of
-	// the ResponseWriter. If no such call is made, a default code of 200 is
-	// assumed instead.
-	Code int
-	// Duration is the time it took to execute the handler.
-	Duration time.Duration
-	// Written is the number of bytes successfully written by the Write or
-	// ReadFrom function of the ResponseWriter. ResponseWriters may also write
-	// data to their underlaying connection directly (e.g. headers), but those
-	// are not tracked. Therefor the number of Written bytes will usually match
-	// the size of the response body.
-	Written int64
-}
-
-// CaptureMetrics wraps the given hnd, executes it with the given w and r, and
-// returns the metrics it captured from it.
-func CaptureMetrics(hnd http.Handler, w http.ResponseWriter, r *http.Request) Metrics {
-	return CaptureMetricsFn(w, func(ww http.ResponseWriter) {
-		hnd.ServeHTTP(ww, r)
-	})
-}
-
-// CaptureMetricsFn wraps w and calls fn with the wrapped w and returns the
-// resulting metrics. This is very similar to CaptureMetrics (which is just
-// sugar on top of this func), but is a more usable interface if your
-// application doesn't use the Go http.Handler interface.
-func CaptureMetricsFn(w http.ResponseWriter, fn func(http.ResponseWriter)) Metrics {
-	m := Metrics{Code: http.StatusOK}
-	m.CaptureMetrics(w, fn)
-	return m
-}
-
-// CaptureMetrics wraps w and calls fn with the wrapped w and updates
-// Metrics m with the resulting metrics. This is similar to CaptureMetricsFn,
-// but allows one to customize starting Metrics object.
-func (m *Metrics) CaptureMetrics(w http.ResponseWriter, fn func(http.ResponseWriter)) {
-	var (
-		start         = time.Now()
-		headerWritten bool
-		hooks         = Hooks{
-			WriteHeader: func(next WriteHeaderFunc) WriteHeaderFunc {
-				return func(code int) {
-					next(code)
-
-					if !headerWritten {
-						m.Code = code
-						headerWritten = true
-					}
-				}
-			},
-
-			Write: func(next WriteFunc) WriteFunc {
-				return func(p []byte) (int, error) {
-					n, err := next(p)
-
-					m.Written += int64(n)
-					headerWritten = true
-					return n, err
-				}
-			},
-
-			ReadFrom: func(next ReadFromFunc) ReadFromFunc {
-				return func(src io.Reader) (int64, error) {
-					n, err := next(src)
-
-					headerWritten = true
-					m.Written += n
-					return n, err
-				}
-			},
-		}
-	)
-
-	fn(Wrap(w, hooks))
-	m.Duration += time.Since(start)
-}
diff --git a/vendor/github.com/felixge/httpsnoop/docs.go b/vendor/github.com/felixge/httpsnoop/docs.go
deleted file mode 100644
index 203c35b3c..000000000
--- a/vendor/github.com/felixge/httpsnoop/docs.go
+++ /dev/null
@@ -1,10 +0,0 @@
-// Package httpsnoop provides an easy way to capture http related metrics (i.e.
-// response time, bytes written, and http status code) from your application's
-// http.Handlers.
-//
-// Doing this requires non-trivial wrapping of the http.ResponseWriter
-// interface, which is also exposed for users interested in a more low-level
-// API.
-package httpsnoop
-
-//go:generate go run codegen/main.go
diff --git a/vendor/github.com/felixge/httpsnoop/wrap_generated_gteq_1.8.go b/vendor/github.com/felixge/httpsnoop/wrap_generated_gteq_1.8.go
deleted file mode 100644
index 31cbdfb8e..000000000
--- a/vendor/github.com/felixge/httpsnoop/wrap_generated_gteq_1.8.go
+++ /dev/null
@@ -1,436 +0,0 @@
-// +build go1.8
-// Code generated by "httpsnoop/codegen"; DO NOT EDIT
-
-package httpsnoop
-
-import (
-	"bufio"
-	"io"
-	"net"
-	"net/http"
-)
-
-// HeaderFunc is part of the http.ResponseWriter interface.
-type HeaderFunc func() http.Header
-
-// WriteHeaderFunc is part of the http.ResponseWriter interface.
-type WriteHeaderFunc func(code int)
-
-// WriteFunc is part of the http.ResponseWriter interface.
-type WriteFunc func(b []byte) (int, error)
-
-// FlushFunc is part of the http.Flusher interface.
-type FlushFunc func()
-
-// CloseNotifyFunc is part of the http.CloseNotifier interface.
-type CloseNotifyFunc func() <-chan bool
-
-// HijackFunc is part of the http.Hijacker interface.
-type HijackFunc func() (net.Conn, *bufio.ReadWriter, error)
-
-// ReadFromFunc is part of the io.ReaderFrom interface.
-type ReadFromFunc func(src io.Reader) (int64, error)
-
-// PushFunc is part of the http.Pusher interface.
-type PushFunc func(target string, opts *http.PushOptions) error
-
-// Hooks defines a set of method interceptors for methods included in
-// http.ResponseWriter as well as some others. You can think of them as
-// middleware for the function calls they target. See Wrap for more details.
-type Hooks struct {
-	Header      func(HeaderFunc) HeaderFunc
-	WriteHeader func(WriteHeaderFunc) WriteHeaderFunc
-	Write       func(WriteFunc) WriteFunc
-	Flush       func(FlushFunc) FlushFunc
-	CloseNotify func(CloseNotifyFunc) CloseNotifyFunc
-	Hijack      func(HijackFunc) HijackFunc
-	ReadFrom    func(ReadFromFunc) ReadFromFunc
-	Push        func(PushFunc) PushFunc
-}
-
-// Wrap returns a wrapped version of w that provides the exact same interface
-// as w. Specifically if w implements any combination of:
-//
-// - http.Flusher
-// - http.CloseNotifier
-// - http.Hijacker
-// - io.ReaderFrom
-// - http.Pusher
-//
-// The wrapped version will implement the exact same combination. If no hooks
-// are set, the wrapped version also behaves exactly as w. Hooks targeting
-// methods not supported by w are ignored. Any other hooks will intercept the
-// method they target and may modify the call's arguments and/or return values.
-// The CaptureMetrics implementation serves as a working example for how the
-// hooks can be used.
-func Wrap(w http.ResponseWriter, hooks Hooks) http.ResponseWriter {
-	rw := &rw{w: w, h: hooks}
-	_, i0 := w.(http.Flusher)
-	_, i1 := w.(http.CloseNotifier)
-	_, i2 := w.(http.Hijacker)
-	_, i3 := w.(io.ReaderFrom)
-	_, i4 := w.(http.Pusher)
-	switch {
-	// combination 1/32
-	case !i0 && !i1 && !i2 && !i3 && !i4:
-		return struct {
-			Unwrapper
-			http.ResponseWriter
-		}{rw, rw}
-	// combination 2/32
-	case !i0 && !i1 && !i2 && !i3 && i4:
-		return struct {
-			Unwrapper
-			http.ResponseWriter
-			http.Pusher
-		}{rw, rw, rw}
-	// combination 3/32
-	case !i0 && !i1 && !i2 && i3 && !i4:
-		return struct {
-			Unwrapper
-			http.ResponseWriter
-			io.ReaderFrom
-		}{rw, rw, rw}
-	// combination 4/32
-	case !i0 && !i1 && !i2 && i3 && i4:
-		return struct {
-			Unwrapper
-			http.ResponseWriter
-			io.ReaderFrom
-			http.Pusher
-		}{rw, rw, rw, rw}
-	// combination 5/32
-	case !i0 && !i1 && i2 && !i3 && !i4:
-		return struct {
-			Unwrapper
-			http.ResponseWriter
-			http.Hijacker
-		}{rw, rw, rw}
-	// combination 6/32
-	case !i0 && !i1 && i2 && !i3 && i4:
-		return struct {
-			Unwrapper
-			http.ResponseWriter
-			http.Hijacker
-			http.Pusher
-		}{rw, rw, rw, rw}
-	// combination 7/32
-	case !i0 && !i1 && i2 && i3 && !i4:
-		return struct {
-			Unwrapper
-			http.ResponseWriter
-			http.Hijacker
-			io.ReaderFrom
-		}{rw, rw, rw, rw}
-	// combination 8/32
-	case !i0 && !i1 && i2 && i3 && i4:
-		return struct {
-			Unwrapper
-			http.ResponseWriter
-			http.Hijacker
-			io.ReaderFrom
-			http.Pusher
-		}{rw, rw, rw, rw, rw}
-	// combination 9/32
-	case !i0 && i1 && !i2 && !i3 && !i4:
-		return struct {
-			Unwrapper
-			http.ResponseWriter
-			http.CloseNotifier
-		}{rw, rw, rw}
-	// combination 10/32
-	case !i0 && i1 && !i2 && !i3 && i4:
-		return struct {
-			Unwrapper
-			http.ResponseWriter
-			http.CloseNotifier
-			http.Pusher
-		}{rw, rw, rw, rw}
-	// combination 11/32
-	case !i0 && i1 && !i2 && i3 && !i4:
-		return struct {
-			Unwrapper
-			http.ResponseWriter
-			http.CloseNotifier
-			io.ReaderFrom
-		}{rw, rw, rw, rw}
-	// combination 12/32
-	case !i0 && i1 && !i2 && i3 && i4:
-		return struct {
-			Unwrapper
-			http.ResponseWriter
-			http.CloseNotifier
-			io.ReaderFrom
-			http.Pusher
-		}{rw, rw, rw, rw, rw}
-	// combination 13/32
-	case !i0 && i1 && i2 && !i3 && !i4:
-		return struct {
-			Unwrapper
-			http.ResponseWriter
-			http.CloseNotifier
-			http.Hijacker
-		}{rw, rw, rw, rw}
-	// combination 14/32
-	case !i0 && i1 && i2 && !i3 && i4:
-		return struct {
-			Unwrapper
-			http.ResponseWriter
-			http.CloseNotifier
-			http.Hijacker
-			http.Pusher
-		}{rw, rw, rw, rw, rw}
-	// combination 15/32
-	case !i0 && i1 && i2 && i3 && !i4:
-		return struct {
-			Unwrapper
-			http.ResponseWriter
-			http.CloseNotifier
-			http.Hijacker
-			io.ReaderFrom
-		}{rw, rw, rw, rw, rw}
-	// combination 16/32
-	case !i0 && i1 && i2 && i3 && i4:
-		return struct {
-			Unwrapper
-			http.ResponseWriter
-			http.CloseNotifier
-			http.Hijacker
-			io.ReaderFrom
-			http.Pusher
-		}{rw, rw, rw, rw, rw, rw}
-	// combination 17/32
-	case i0 && !i1 && !i2 && !i3 && !i4:
-		return struct {
-			Unwrapper
-			http.ResponseWriter
-			http.Flusher
-		}{rw, rw, rw}
-	// combination 18/32
-	case i0 && !i1 && !i2 && !i3 && i4:
-		return struct {
-			Unwrapper
-			http.ResponseWriter
-			http.Flusher
-			http.Pusher
-		}{rw, rw, rw, rw}
-	// combination 19/32
-	case i0 && !i1 && !i2 && i3 && !i4:
-		return struct {
-			Unwrapper
-			http.ResponseWriter
-			http.Flusher
-			io.ReaderFrom
-		}{rw, rw, rw, rw}
-	// combination 20/32
-	case i0 && !i1 && !i2 && i3 && i4:
-		return struct {
-			Unwrapper
-			http.ResponseWriter
-			http.Flusher
-			io.ReaderFrom
-			http.Pusher
-		}{rw, rw, rw, rw, rw}
-	// combination 21/32
-	case i0 && !i1 && i2 && !i3 && !i4:
-		return struct {
-			Unwrapper
-			http.ResponseWriter
-			http.Flusher
-			http.Hijacker
-		}{rw, rw, rw, rw}
-	// combination 22/32
-	case i0 && !i1 && i2 && !i3 && i4:
-		return struct {
-			Unwrapper
-			http.ResponseWriter
-			http.Flusher
-			http.Hijacker
-			http.Pusher
-		}{rw, rw, rw, rw, rw}
-	// combination 23/32
-	case i0 && !i1 && i2 && i3 && !i4:
-		return struct {
-			Unwrapper
-			http.ResponseWriter
-			http.Flusher
-			http.Hijacker
-			io.ReaderFrom
-		}{rw, rw, rw, rw, rw}
-	// combination 24/32
-	case i0 && !i1 && i2 && i3 && i4:
-		return struct {
-			Unwrapper
-			http.ResponseWriter
-			http.Flusher
-			http.Hijacker
-			io.ReaderFrom
-			http.Pusher
-		}{rw, rw, rw, rw, rw, rw}
-	// combination 25/32
-	case i0 && i1 && !i2 && !i3 && !i4:
-		return struct {
-			Unwrapper
-			http.ResponseWriter
-			http.Flusher
-			http.CloseNotifier
-		}{rw, rw, rw, rw}
-	// combination 26/32
-	case i0 && i1 && !i2 && !i3 && i4:
-		return struct {
-			Unwrapper
-			http.ResponseWriter
-			http.Flusher
-			http.CloseNotifier
-			http.Pusher
-		}{rw, rw, rw, rw, rw}
-	// combination 27/32
-	case i0 && i1 && !i2 && i3 && !i4:
-		return struct {
-			Unwrapper
-			http.ResponseWriter
-			http.Flusher
-			http.CloseNotifier
-			io.ReaderFrom
-		}{rw, rw, rw, rw, rw}
-	// combination 28/32
-	case i0 && i1 && !i2 && i3 && i4:
-		return struct {
-			Unwrapper
-			http.ResponseWriter
-			http.Flusher
-			http.CloseNotifier
-			io.ReaderFrom
-			http.Pusher
-		}{rw, rw, rw, rw, rw, rw}
-	// combination 29/32
-	case i0 && i1 && i2 && !i3 && !i4:
-		return struct {
-			Unwrapper
-			http.ResponseWriter
-			http.Flusher
-			http.CloseNotifier
-			http.Hijacker
-		}{rw, rw, rw, rw, rw}
-	// combination 30/32
-	case i0 && i1 && i2 && !i3 && i4:
-		return struct {
-			Unwrapper
-			http.ResponseWriter
-			http.Flusher
-			http.CloseNotifier
-			http.Hijacker
-			http.Pusher
-		}{rw, rw, rw, rw, rw, rw}
-	// combination 31/32
-	case i0 && i1 && i2 && i3 && !i4:
-		return struct {
-			Unwrapper
-			http.ResponseWriter
-			http.Flusher
-			http.CloseNotifier
-			http.Hijacker
-			io.ReaderFrom
-		}{rw, rw, rw, rw, rw, rw}
-	// combination 32/32
-	case i0 && i1 && i2 && i3 && i4:
-		return struct {
-			Unwrapper
-			http.ResponseWriter
-			http.Flusher
-			http.CloseNotifier
-			http.Hijacker
-			io.ReaderFrom
-			http.Pusher
-		}{rw, rw, rw, rw, rw, rw, rw}
-	}
-	panic("unreachable")
-}
-
-type rw struct {
-	w http.ResponseWriter
-	h Hooks
-}
-
-func (w *rw) Unwrap() http.ResponseWriter {
-	return w.w
-}
-
-func (w *rw) Header() http.Header {
-	f := w.w.(http.ResponseWriter).Header
-	if w.h.Header != nil {
-		f = w.h.Header(f)
-	}
-	return f()
-}
-
-func (w *rw) WriteHeader(code int) {
-	f := w.w.(http.ResponseWriter).WriteHeader
-	if w.h.WriteHeader != nil {
-		f = w.h.WriteHeader(f)
-	}
-	f(code)
-}
-
-func (w *rw) Write(b []byte) (int, error) {
-	f := w.w.(http.ResponseWriter).Write
-	if w.h.Write != nil {
-		f = w.h.Write(f)
-	}
-	return f(b)
-}
-
-func (w *rw) Flush() {
-	f := w.w.(http.Flusher).Flush
-	if w.h.Flush != nil {
-		f = w.h.Flush(f)
-	}
-	f()
-}
-
-func (w *rw) CloseNotify() <-chan bool {
-	f := w.w.(http.CloseNotifier).CloseNotify
-	if w.h.CloseNotify != nil {
-		f = w.h.CloseNotify(f)
-	}
-	return f()
-}
-
-func (w *rw) Hijack() (net.Conn, *bufio.ReadWriter, error) {
-	f := w.w.(http.Hijacker).Hijack
-	if w.h.Hijack != nil {
-		f = w.h.Hijack(f)
-	}
-	return f()
-}
-
-func (w *rw) ReadFrom(src io.Reader) (int64, error) {
-	f := w.w.(io.ReaderFrom).ReadFrom
-	if w.h.ReadFrom != nil {
-		f = w.h.ReadFrom(f)
-	}
-	return f(src)
-}
-
-func (w *rw) Push(target string, opts *http.PushOptions) error {
-	f := w.w.(http.Pusher).Push
-	if w.h.Push != nil {
-		f = w.h.Push(f)
-	}
-	return f(target, opts)
-}
-
-type Unwrapper interface {
-	Unwrap() http.ResponseWriter
-}
-
-// Unwrap returns the underlying http.ResponseWriter from within zero or more
-// layers of httpsnoop wrappers.
-func Unwrap(w http.ResponseWriter) http.ResponseWriter {
-	if rw, ok := w.(Unwrapper); ok {
-		// recurse until rw.Unwrap() returns a non-Unwrapper
-		return Unwrap(rw.Unwrap())
-	} else {
-		return w
-	}
-}
diff --git a/vendor/github.com/felixge/httpsnoop/wrap_generated_lt_1.8.go b/vendor/github.com/felixge/httpsnoop/wrap_generated_lt_1.8.go
deleted file mode 100644
index ab99c07c7..000000000
--- a/vendor/github.com/felixge/httpsnoop/wrap_generated_lt_1.8.go
+++ /dev/null
@@ -1,278 +0,0 @@
-// +build !go1.8
-// Code generated by "httpsnoop/codegen"; DO NOT EDIT
-
-package httpsnoop
-
-import (
-	"bufio"
-	"io"
-	"net"
-	"net/http"
-)
-
-// HeaderFunc is part of the http.ResponseWriter interface.
-type HeaderFunc func() http.Header
-
-// WriteHeaderFunc is part of the http.ResponseWriter interface.
-type WriteHeaderFunc func(code int)
-
-// WriteFunc is part of the http.ResponseWriter interface.
-type WriteFunc func(b []byte) (int, error)
-
-// FlushFunc is part of the http.Flusher interface.
-type FlushFunc func()
-
-// CloseNotifyFunc is part of the http.CloseNotifier interface.
-type CloseNotifyFunc func() <-chan bool
-
-// HijackFunc is part of the http.Hijacker interface.
-type HijackFunc func() (net.Conn, *bufio.ReadWriter, error)
-
-// ReadFromFunc is part of the io.ReaderFrom interface.
-type ReadFromFunc func(src io.Reader) (int64, error)
-
-// Hooks defines a set of method interceptors for methods included in
-// http.ResponseWriter as well as some others. You can think of them as
-// middleware for the function calls they target. See Wrap for more details.
-type Hooks struct {
-	Header      func(HeaderFunc) HeaderFunc
-	WriteHeader func(WriteHeaderFunc) WriteHeaderFunc
-	Write       func(WriteFunc) WriteFunc
-	Flush       func(FlushFunc) FlushFunc
-	CloseNotify func(CloseNotifyFunc) CloseNotifyFunc
-	Hijack      func(HijackFunc) HijackFunc
-	ReadFrom    func(ReadFromFunc) ReadFromFunc
-}
-
-// Wrap returns a wrapped version of w that provides the exact same interface
-// as w. Specifically if w implements any combination of:
-//
-// - http.Flusher
-// - http.CloseNotifier
-// - http.Hijacker
-// - io.ReaderFrom
-//
-// The wrapped version will implement the exact same combination. If no hooks
-// are set, the wrapped version also behaves exactly as w. Hooks targeting
-// methods not supported by w are ignored. Any other hooks will intercept the
-// method they target and may modify the call's arguments and/or return values.
-// The CaptureMetrics implementation serves as a working example for how the
-// hooks can be used.
-func Wrap(w http.ResponseWriter, hooks Hooks) http.ResponseWriter {
-	rw := &rw{w: w, h: hooks}
-	_, i0 := w.(http.Flusher)
-	_, i1 := w.(http.CloseNotifier)
-	_, i2 := w.(http.Hijacker)
-	_, i3 := w.(io.ReaderFrom)
-	switch {
-	// combination 1/16
-	case !i0 && !i1 && !i2 && !i3:
-		return struct {
-			Unwrapper
-			http.ResponseWriter
-		}{rw, rw}
-	// combination 2/16
-	case !i0 && !i1 && !i2 && i3:
-		return struct {
-			Unwrapper
-			http.ResponseWriter
-			io.ReaderFrom
-		}{rw, rw, rw}
-	// combination 3/16
-	case !i0 && !i1 && i2 && !i3:
-		return struct {
-			Unwrapper
-			http.ResponseWriter
-			http.Hijacker
-		}{rw, rw, rw}
-	// combination 4/16
-	case !i0 && !i1 && i2 && i3:
-		return struct {
-			Unwrapper
-			http.ResponseWriter
-			http.Hijacker
-			io.ReaderFrom
-		}{rw, rw, rw, rw}
-	// combination 5/16
-	case !i0 && i1 && !i2 && !i3:
-		return struct {
-			Unwrapper
-			http.ResponseWriter
-			http.CloseNotifier
-		}{rw, rw, rw}
-	// combination 6/16
-	case !i0 && i1 && !i2 && i3:
-		return struct {
-			Unwrapper
-			http.ResponseWriter
-			http.CloseNotifier
-			io.ReaderFrom
-		}{rw, rw, rw, rw}
-	// combination 7/16
-	case !i0 && i1 && i2 && !i3:
-		return struct {
-			Unwrapper
-			http.ResponseWriter
-			http.CloseNotifier
-			http.Hijacker
-		}{rw, rw, rw, rw}
-	// combination 8/16
-	case !i0 && i1 && i2 && i3:
-		return struct {
-			Unwrapper
-			http.ResponseWriter
-			http.CloseNotifier
-			http.Hijacker
-			io.ReaderFrom
-		}{rw, rw, rw, rw, rw}
-	// combination 9/16
-	case i0 && !i1 && !i2 && !i3:
-		return struct {
-			Unwrapper
-			http.ResponseWriter
-			http.Flusher
-		}{rw, rw, rw}
-	// combination 10/16
-	case i0 && !i1 && !i2 && i3:
-		return struct {
-			Unwrapper
-			http.ResponseWriter
-			http.Flusher
-			io.ReaderFrom
-		}{rw, rw, rw, rw}
-	// combination 11/16
-	case i0 && !i1 && i2 && !i3:
-		return struct {
-			Unwrapper
-			http.ResponseWriter
-			http.Flusher
-			http.Hijacker
-		}{rw, rw, rw, rw}
-	// combination 12/16
-	case i0 && !i1 && i2 && i3:
-		return struct {
-			Unwrapper
-			http.ResponseWriter
-			http.Flusher
-			http.Hijacker
-			io.ReaderFrom
-		}{rw, rw, rw, rw, rw}
-	// combination 13/16
-	case i0 && i1 && !i2 && !i3:
-		return struct {
-			Unwrapper
-			http.ResponseWriter
-			http.Flusher
-			http.CloseNotifier
-		}{rw, rw, rw, rw}
-	// combination 14/16
-	case i0 && i1 && !i2 && i3:
-		return struct {
-			Unwrapper
-			http.ResponseWriter
-			http.Flusher
-			http.CloseNotifier
-			io.ReaderFrom
-		}{rw, rw, rw, rw, rw}
-	// combination 15/16
-	case i0 && i1 && i2 && !i3:
-		return struct {
-			Unwrapper
-			http.ResponseWriter
-			http.Flusher
-			http.CloseNotifier
-			http.Hijacker
-		}{rw, rw, rw, rw, rw}
-	// combination 16/16
-	case i0 && i1 && i2 && i3:
-		return struct {
-			Unwrapper
-			http.ResponseWriter
-			http.Flusher
-			http.CloseNotifier
-			http.Hijacker
-			io.ReaderFrom
-		}{rw, rw, rw, rw, rw, rw}
-	}
-	panic("unreachable")
-}
-
-type rw struct {
-	w http.ResponseWriter
-	h Hooks
-}
-
-func (w *rw) Unwrap() http.ResponseWriter {
-	return w.w
-}
-
-func (w *rw) Header() http.Header {
-	f := w.w.(http.ResponseWriter).Header
-	if w.h.Header != nil {
-		f = w.h.Header(f)
-	}
-	return f()
-}
-
-func (w *rw) WriteHeader(code int) {
-	f := w.w.(http.ResponseWriter).WriteHeader
-	if w.h.WriteHeader != nil {
-		f = w.h.WriteHeader(f)
-	}
-	f(code)
-}
-
-func (w *rw) Write(b []byte) (int, error) {
-	f := w.w.(http.ResponseWriter).Write
-	if w.h.Write != nil {
-		f = w.h.Write(f)
-	}
-	return f(b)
-}
-
-func (w *rw) Flush() {
-	f := w.w.(http.Flusher).Flush
-	if w.h.Flush != nil {
-		f = w.h.Flush(f)
-	}
-	f()
-}
-
-func (w *rw) CloseNotify() <-chan bool {
-	f := w.w.(http.CloseNotifier).CloseNotify
-	if w.h.CloseNotify != nil {
-		f = w.h.CloseNotify(f)
-	}
-	return f()
-}
-
-func (w *rw) Hijack() (net.Conn, *bufio.ReadWriter, error) {
-	f := w.w.(http.Hijacker).Hijack
-	if w.h.Hijack != nil {
-		f = w.h.Hijack(f)
-	}
-	return f()
-}
-
-func (w *rw) ReadFrom(src io.Reader) (int64, error) {
-	f := w.w.(io.ReaderFrom).ReadFrom
-	if w.h.ReadFrom != nil {
-		f = w.h.ReadFrom(f)
-	}
-	return f(src)
-}
-
-type Unwrapper interface {
-	Unwrap() http.ResponseWriter
-}
-
-// Unwrap returns the underlying http.ResponseWriter from within zero or more
-// layers of httpsnoop wrappers.
-func Unwrap(w http.ResponseWriter) http.ResponseWriter {
-	if rw, ok := w.(Unwrapper); ok {
-		// recurse until rw.Unwrap() returns a non-Unwrapper
-		return Unwrap(rw.Unwrap())
-	} else {
-		return w
-	}
-}
diff --git a/vendor/github.com/garyburd/redigo/internal/commandinfo.go b/vendor/github.com/garyburd/redigo/internal/commandinfo.go
deleted file mode 100644
index 7ad1ade57..000000000
--- a/vendor/github.com/garyburd/redigo/internal/commandinfo.go
+++ /dev/null
@@ -1,45 +0,0 @@
-// Copyright 2014 Gary Burd
-//
-// Licensed under the Apache License, Version 2.0 (the "License"): you may
-// not use this file except in compliance with the License. You may obtain
-// a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-// WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-// License for the specific language governing permissions and limitations
-// under the License.
-
-package internal // import "github.com/garyburd/redigo/internal"
-
-import (
-	"strings"
-)
-
-const (
-	WatchState = 1 << iota
-	MultiState
-	SubscribeState
-	MonitorState
-)
-
-type CommandInfo struct {
-	Set, Clear int
-}
-
-var commandInfos = map[string]CommandInfo{
-	"WATCH":      {Set: WatchState},
-	"UNWATCH":    {Clear: WatchState},
-	"MULTI":      {Set: MultiState},
-	"EXEC":       {Clear: WatchState | MultiState},
-	"DISCARD":    {Clear: WatchState | MultiState},
-	"PSUBSCRIBE": {Set: SubscribeState},
-	"SUBSCRIBE":  {Set: SubscribeState},
-	"MONITOR":    {Set: MonitorState},
-}
-
-func LookupCommandInfo(commandName string) CommandInfo {
-	return commandInfos[strings.ToUpper(commandName)]
-}
diff --git a/vendor/github.com/garyburd/redigo/redis/conn.go b/vendor/github.com/garyburd/redigo/redis/conn.go
deleted file mode 100644
index ac0e971c4..000000000
--- a/vendor/github.com/garyburd/redigo/redis/conn.go
+++ /dev/null
@@ -1,455 +0,0 @@
-// Copyright 2012 Gary Burd
-//
-// Licensed under the Apache License, Version 2.0 (the "License"): you may
-// not use this file except in compliance with the License. You may obtain
-// a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-// WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-// License for the specific language governing permissions and limitations
-// under the License.
-
-package redis
-
-import (
-	"bufio"
-	"bytes"
-	"errors"
-	"fmt"
-	"io"
-	"net"
-	"strconv"
-	"sync"
-	"time"
-)
-
-// conn is the low-level implementation of Conn
-type conn struct {
-
-	// Shared
-	mu      sync.Mutex
-	pending int
-	err     error
-	conn    net.Conn
-
-	// Read
-	readTimeout time.Duration
-	br          *bufio.Reader
-
-	// Write
-	writeTimeout time.Duration
-	bw           *bufio.Writer
-
-	// Scratch space for formatting argument length.
-	// '*' or '$', length, "\r\n"
-	lenScratch [32]byte
-
-	// Scratch space for formatting integers and floats.
-	numScratch [40]byte
-}
-
-// Dial connects to the Redis server at the given network and address.
-func Dial(network, address string) (Conn, error) {
-	dialer := xDialer{}
-	return dialer.Dial(network, address)
-}
-
-// DialTimeout acts like Dial but takes timeouts for establishing the
-// connection to the server, writing a command and reading a reply.
-func DialTimeout(network, address string, connectTimeout, readTimeout, writeTimeout time.Duration) (Conn, error) {
-	netDialer := net.Dialer{Timeout: connectTimeout}
-	dialer := xDialer{
-		NetDial:      netDialer.Dial,
-		ReadTimeout:  readTimeout,
-		WriteTimeout: writeTimeout,
-	}
-	return dialer.Dial(network, address)
-}
-
-// A Dialer specifies options for connecting to a Redis server.
-type xDialer struct {
-	// NetDial specifies the dial function for creating TCP connections. If
-	// NetDial is nil, then net.Dial is used.
-	NetDial func(network, addr string) (net.Conn, error)
-
-	// ReadTimeout specifies the timeout for reading a single command
-	// reply. If ReadTimeout is zero, then no timeout is used.
-	ReadTimeout time.Duration
-
-	// WriteTimeout specifies the timeout for writing a single command.  If
-	// WriteTimeout is zero, then no timeout is used.
-	WriteTimeout time.Duration
-}
-
-// Dial connects to the Redis server at address on the named network.
-func (d *xDialer) Dial(network, address string) (Conn, error) {
-	dial := d.NetDial
-	if dial == nil {
-		dial = net.Dial
-	}
-	netConn, err := dial(network, address)
-	if err != nil {
-		return nil, err
-	}
-	return &conn{
-		conn:         netConn,
-		bw:           bufio.NewWriter(netConn),
-		br:           bufio.NewReader(netConn),
-		readTimeout:  d.ReadTimeout,
-		writeTimeout: d.WriteTimeout,
-	}, nil
-}
-
-// NewConn returns a new Redigo connection for the given net connection.
-func NewConn(netConn net.Conn, readTimeout, writeTimeout time.Duration) Conn {
-	return &conn{
-		conn:         netConn,
-		bw:           bufio.NewWriter(netConn),
-		br:           bufio.NewReader(netConn),
-		readTimeout:  readTimeout,
-		writeTimeout: writeTimeout,
-	}
-}
-
-func (c *conn) Close() error {
-	c.mu.Lock()
-	err := c.err
-	if c.err == nil {
-		c.err = errors.New("redigo: closed")
-		err = c.conn.Close()
-	}
-	c.mu.Unlock()
-	return err
-}
-
-func (c *conn) fatal(err error) error {
-	c.mu.Lock()
-	if c.err == nil {
-		c.err = err
-		// Close connection to force errors on subsequent calls and to unblock
-		// other reader or writer.
-		c.conn.Close()
-	}
-	c.mu.Unlock()
-	return err
-}
-
-func (c *conn) Err() error {
-	c.mu.Lock()
-	err := c.err
-	c.mu.Unlock()
-	return err
-}
-
-func (c *conn) writeLen(prefix byte, n int) error {
-	c.lenScratch[len(c.lenScratch)-1] = '\n'
-	c.lenScratch[len(c.lenScratch)-2] = '\r'
-	i := len(c.lenScratch) - 3
-	for {
-		c.lenScratch[i] = byte('0' + n%10)
-		i -= 1
-		n = n / 10
-		if n == 0 {
-			break
-		}
-	}
-	c.lenScratch[i] = prefix
-	_, err := c.bw.Write(c.lenScratch[i:])
-	return err
-}
-
-func (c *conn) writeString(s string) error {
-	c.writeLen('$', len(s))
-	c.bw.WriteString(s)
-	_, err := c.bw.WriteString("\r\n")
-	return err
-}
-
-func (c *conn) writeBytes(p []byte) error {
-	c.writeLen('$', len(p))
-	c.bw.Write(p)
-	_, err := c.bw.WriteString("\r\n")
-	return err
-}
-
-func (c *conn) writeInt64(n int64) error {
-	return c.writeBytes(strconv.AppendInt(c.numScratch[:0], n, 10))
-}
-
-func (c *conn) writeFloat64(n float64) error {
-	return c.writeBytes(strconv.AppendFloat(c.numScratch[:0], n, 'g', -1, 64))
-}
-
-func (c *conn) writeCommand(cmd string, args []interface{}) (err error) {
-	c.writeLen('*', 1+len(args))
-	err = c.writeString(cmd)
-	for _, arg := range args {
-		if err != nil {
-			break
-		}
-		switch arg := arg.(type) {
-		case string:
-			err = c.writeString(arg)
-		case []byte:
-			err = c.writeBytes(arg)
-		case int:
-			err = c.writeInt64(int64(arg))
-		case int64:
-			err = c.writeInt64(arg)
-		case float64:
-			err = c.writeFloat64(arg)
-		case bool:
-			if arg {
-				err = c.writeString("1")
-			} else {
-				err = c.writeString("0")
-			}
-		case nil:
-			err = c.writeString("")
-		default:
-			var buf bytes.Buffer
-			fmt.Fprint(&buf, arg)
-			err = c.writeBytes(buf.Bytes())
-		}
-	}
-	return err
-}
-
-type protocolError string
-
-func (pe protocolError) Error() string {
-	return fmt.Sprintf("redigo: %s (possible server error or unsupported concurrent read by application)", string(pe))
-}
-
-func (c *conn) readLine() ([]byte, error) {
-	p, err := c.br.ReadSlice('\n')
-	if err == bufio.ErrBufferFull {
-		return nil, protocolError("long response line")
-	}
-	if err != nil {
-		return nil, err
-	}
-	i := len(p) - 2
-	if i < 0 || p[i] != '\r' {
-		return nil, protocolError("bad response line terminator")
-	}
-	return p[:i], nil
-}
-
-// parseLen parses bulk string and array lengths.
-func parseLen(p []byte) (int, error) {
-	if len(p) == 0 {
-		return -1, protocolError("malformed length")
-	}
-
-	if p[0] == '-' && len(p) == 2 && p[1] == '1' {
-		// handle $-1 and $-1 null replies.
-		return -1, nil
-	}
-
-	var n int
-	for _, b := range p {
-		n *= 10
-		if b < '0' || b > '9' {
-			return -1, protocolError("illegal bytes in length")
-		}
-		n += int(b - '0')
-	}
-
-	return n, nil
-}
-
-// parseInt parses an integer reply.
-func parseInt(p []byte) (interface{}, error) {
-	if len(p) == 0 {
-		return 0, protocolError("malformed integer")
-	}
-
-	var negate bool
-	if p[0] == '-' {
-		negate = true
-		p = p[1:]
-		if len(p) == 0 {
-			return 0, protocolError("malformed integer")
-		}
-	}
-
-	var n int64
-	for _, b := range p {
-		n *= 10
-		if b < '0' || b > '9' {
-			return 0, protocolError("illegal bytes in length")
-		}
-		n += int64(b - '0')
-	}
-
-	if negate {
-		n = -n
-	}
-	return n, nil
-}
-
-var (
-	okReply   interface{} = "OK"
-	pongReply interface{} = "PONG"
-)
-
-func (c *conn) readReply() (interface{}, error) {
-	line, err := c.readLine()
-	if err != nil {
-		return nil, err
-	}
-	if len(line) == 0 {
-		return nil, protocolError("short response line")
-	}
-	switch line[0] {
-	case '+':
-		switch {
-		case len(line) == 3 && line[1] == 'O' && line[2] == 'K':
-			// Avoid allocation for frequent "+OK" response.
-			return okReply, nil
-		case len(line) == 5 && line[1] == 'P' && line[2] == 'O' && line[3] == 'N' && line[4] == 'G':
-			// Avoid allocation in PING command benchmarks :)
-			return pongReply, nil
-		default:
-			return string(line[1:]), nil
-		}
-	case '-':
-		return Error(string(line[1:])), nil
-	case ':':
-		return parseInt(line[1:])
-	case '$':
-		n, err := parseLen(line[1:])
-		if n < 0 || err != nil {
-			return nil, err
-		}
-		p := make([]byte, n)
-		_, err = io.ReadFull(c.br, p)
-		if err != nil {
-			return nil, err
-		}
-		if line, err := c.readLine(); err != nil {
-			return nil, err
-		} else if len(line) != 0 {
-			return nil, protocolError("bad bulk string format")
-		}
-		return p, nil
-	case '*':
-		n, err := parseLen(line[1:])
-		if n < 0 || err != nil {
-			return nil, err
-		}
-		r := make([]interface{}, n)
-		for i := range r {
-			r[i], err = c.readReply()
-			if err != nil {
-				return nil, err
-			}
-		}
-		return r, nil
-	}
-	return nil, protocolError("unexpected response line")
-}
-
-func (c *conn) Send(cmd string, args ...interface{}) error {
-	c.mu.Lock()
-	c.pending += 1
-	c.mu.Unlock()
-	if c.writeTimeout != 0 {
-		c.conn.SetWriteDeadline(time.Now().Add(c.writeTimeout))
-	}
-	if err := c.writeCommand(cmd, args); err != nil {
-		return c.fatal(err)
-	}
-	return nil
-}
-
-func (c *conn) Flush() error {
-	if c.writeTimeout != 0 {
-		c.conn.SetWriteDeadline(time.Now().Add(c.writeTimeout))
-	}
-	if err := c.bw.Flush(); err != nil {
-		return c.fatal(err)
-	}
-	return nil
-}
-
-func (c *conn) Receive() (reply interface{}, err error) {
-	if c.readTimeout != 0 {
-		c.conn.SetReadDeadline(time.Now().Add(c.readTimeout))
-	}
-	if reply, err = c.readReply(); err != nil {
-		return nil, c.fatal(err)
-	}
-	// When using pub/sub, the number of receives can be greater than the
-	// number of sends. To enable normal use of the connection after
-	// unsubscribing from all channels, we do not decrement pending to a
-	// negative value.
-	//
-	// The pending field is decremented after the reply is read to handle the
-	// case where Receive is called before Send.
-	c.mu.Lock()
-	if c.pending > 0 {
-		c.pending -= 1
-	}
-	c.mu.Unlock()
-	if err, ok := reply.(Error); ok {
-		return nil, err
-	}
-	return
-}
-
-func (c *conn) Do(cmd string, args ...interface{}) (interface{}, error) {
-	c.mu.Lock()
-	pending := c.pending
-	c.pending = 0
-	c.mu.Unlock()
-
-	if cmd == "" && pending == 0 {
-		return nil, nil
-	}
-
-	if c.writeTimeout != 0 {
-		c.conn.SetWriteDeadline(time.Now().Add(c.writeTimeout))
-	}
-
-	if cmd != "" {
-		c.writeCommand(cmd, args)
-	}
-
-	if err := c.bw.Flush(); err != nil {
-		return nil, c.fatal(err)
-	}
-
-	if c.readTimeout != 0 {
-		c.conn.SetReadDeadline(time.Now().Add(c.readTimeout))
-	}
-
-	if cmd == "" {
-		reply := make([]interface{}, pending)
-		for i := range reply {
-			r, e := c.readReply()
-			if e != nil {
-				return nil, c.fatal(e)
-			}
-			reply[i] = r
-		}
-		return reply, nil
-	}
-
-	var err error
-	var reply interface{}
-	for i := 0; i <= pending; i++ {
-		var e error
-		if reply, e = c.readReply(); e != nil {
-			return nil, c.fatal(e)
-		}
-		if e, ok := reply.(Error); ok && err == nil {
-			err = e
-		}
-	}
-	return reply, err
-}
diff --git a/vendor/github.com/garyburd/redigo/redis/doc.go b/vendor/github.com/garyburd/redigo/redis/doc.go
deleted file mode 100644
index a5cd454af..000000000
--- a/vendor/github.com/garyburd/redigo/redis/doc.go
+++ /dev/null
@@ -1,169 +0,0 @@
-// Copyright 2012 Gary Burd
-//
-// Licensed under the Apache License, Version 2.0 (the "License"): you may
-// not use this file except in compliance with the License. You may obtain
-// a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-// WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-// License for the specific language governing permissions and limitations
-// under the License.
-
-// Package redis is a client for the Redis database.
-//
-// The Redigo FAQ (https://github.com/garyburd/redigo/wiki/FAQ) contains more
-// documentation about this package.
-//
-// Connections
-//
-// The Conn interface is the primary interface for working with Redis.
-// Applications create connections by calling the Dial, DialWithTimeout or
-// NewConn functions. In the future, functions will be added for creating
-// sharded and other types of connections.
-//
-// The application must call the connection Close method when the application
-// is done with the connection.
-//
-// Executing Commands
-//
-// The Conn interface has a generic method for executing Redis commands:
-//
-//  Do(commandName string, args ...interface{}) (reply interface{}, err error)
-//
-// The Redis command reference (http://redis.io/commands) lists the available
-// commands. An example of using the Redis APPEND command is:
-//
-//  n, err := conn.Do("APPEND", "key", "value")
-//
-// The Do method converts command arguments to binary strings for transmission
-// to the server as follows:
-//
-//  Go Type                 Conversion
-//  []byte                  Sent as is
-//  string                  Sent as is
-//  int, int64              strconv.FormatInt(v)
-//  float64                 strconv.FormatFloat(v, 'g', -1, 64)
-//  bool                    true -> "1", false -> "0"
-//  nil                     ""
-//  all other types         fmt.Print(v)
-//
-// Redis command reply types are represented using the following Go types:
-//
-//  Redis type              Go type
-//  error                   redis.Error
-//  integer                 int64
-//  simple string           string
-//  bulk string             []byte or nil if value not present.
-//  array                   []interface{} or nil if value not present.
-//
-// Use type assertions or the reply helper functions to convert from
-// interface{} to the specific Go type for the command result.
-//
-// Pipelining
-//
-// Connections support pipelining using the Send, Flush and Receive methods.
-//
-//  Send(commandName string, args ...interface{}) error
-//  Flush() error
-//  Receive() (reply interface{}, err error)
-//
-// Send writes the command to the connection's output buffer. Flush flushes the
-// connection's output buffer to the server. Receive reads a single reply from
-// the server. The following example shows a simple pipeline.
-//
-//  c.Send("SET", "foo", "bar")
-//  c.Send("GET", "foo")
-//  c.Flush()
-//  c.Receive() // reply from SET
-//  v, err = c.Receive() // reply from GET
-//
-// The Do method combines the functionality of the Send, Flush and Receive
-// methods. The Do method starts by writing the command and flushing the output
-// buffer. Next, the Do method receives all pending replies including the reply
-// for the command just sent by Do. If any of the received replies is an error,
-// then Do returns the error. If there are no errors, then Do returns the last
-// reply. If the command argument to the Do method is "", then the Do method
-// will flush the output buffer and receive pending replies without sending a
-// command.
-//
-// Use the Send and Do methods to implement pipelined transactions.
-//
-//  c.Send("MULTI")
-//  c.Send("INCR", "foo")
-//  c.Send("INCR", "bar")
-//  r, err := c.Do("EXEC")
-//  fmt.Println(r) // prints [1, 1]
-//
-// Concurrency
-//
-// Connections do not support concurrent calls to the write methods (Send,
-// Flush) or concurrent calls to the read method (Receive). Connections do
-// allow a concurrent reader and writer.
-//
-// Because the Do method combines the functionality of Send, Flush and Receive,
-// the Do method cannot be called concurrently with the other methods.
-//
-// For full concurrent access to Redis, use the thread-safe Pool to get and
-// release connections from within a goroutine.
-//
-// Publish and Subscribe
-//
-// Use the Send, Flush and Receive methods to implement Pub/Sub subscribers.
-//
-//  c.Send("SUBSCRIBE", "example")
-//  c.Flush()
-//  for {
-//      reply, err := c.Receive()
-//      if err != nil {
-//          return err
-//      }
-//      // process pushed message
-//  }
-//
-// The PubSubConn type wraps a Conn with convenience methods for implementing
-// subscribers. The Subscribe, PSubscribe, Unsubscribe and PUnsubscribe methods
-// send and flush a subscription management command. The receive method
-// converts a pushed message to convenient types for use in a type switch.
-//
-//  psc := redis.PubSubConn{c}
-//  psc.Subscribe("example")
-//  for {
-//      switch v := psc.Receive().(type) {
-//      case redis.Message:
-//          fmt.Printf("%s: message: %s\n", v.Channel, v.Data)
-//      case redis.Subscription:
-//          fmt.Printf("%s: %s %d\n", v.Channel, v.Kind, v.Count)
-//      case error:
-//          return v
-//      }
-//  }
-//
-// Reply Helpers
-//
-// The Bool, Int, Bytes, String, Strings and Values functions convert a reply
-// to a value of a specific type. To allow convenient wrapping of calls to the
-// connection Do and Receive methods, the functions take a second argument of
-// type error.  If the error is non-nil, then the helper function returns the
-// error. If the error is nil, the function converts the reply to the specified
-// type:
-//
-//  exists, err := redis.Bool(c.Do("EXISTS", "foo"))
-//  if err != nil {
-//      // handle error return from c.Do or type conversion error.
-//  }
-//
-// The Scan function converts elements of a array reply to Go types:
-//
-//  var value1 int
-//  var value2 string
-//  reply, err := redis.Values(c.Do("MGET", "key1", "key2"))
-//  if err != nil {
-//      // handle error
-//  }
-//   if _, err := redis.Scan(reply, &value1, &value2); err != nil {
-//      // handle error
-//  }
-package redis // import "github.com/garyburd/redigo/redis"
diff --git a/vendor/github.com/garyburd/redigo/redis/log.go b/vendor/github.com/garyburd/redigo/redis/log.go
deleted file mode 100644
index 129b86d67..000000000
--- a/vendor/github.com/garyburd/redigo/redis/log.go
+++ /dev/null
@@ -1,117 +0,0 @@
-// Copyright 2012 Gary Burd
-//
-// Licensed under the Apache License, Version 2.0 (the "License"): you may
-// not use this file except in compliance with the License. You may obtain
-// a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-// WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-// License for the specific language governing permissions and limitations
-// under the License.
-
-package redis
-
-import (
-	"bytes"
-	"fmt"
-	"log"
-)
-
-// NewLoggingConn returns a logging wrapper around a connection.
-func NewLoggingConn(conn Conn, logger *log.Logger, prefix string) Conn {
-	if prefix != "" {
-		prefix = prefix + "."
-	}
-	return &loggingConn{conn, logger, prefix}
-}
-
-type loggingConn struct {
-	Conn
-	logger *log.Logger
-	prefix string
-}
-
-func (c *loggingConn) Close() error {
-	err := c.Conn.Close()
-	var buf bytes.Buffer
-	fmt.Fprintf(&buf, "%sClose() -> (%v)", c.prefix, err)
-	c.logger.Output(2, buf.String())
-	return err
-}
-
-func (c *loggingConn) printValue(buf *bytes.Buffer, v interface{}) {
-	const chop = 32
-	switch v := v.(type) {
-	case []byte:
-		if len(v) > chop {
-			fmt.Fprintf(buf, "%q...", v[:chop])
-		} else {
-			fmt.Fprintf(buf, "%q", v)
-		}
-	case string:
-		if len(v) > chop {
-			fmt.Fprintf(buf, "%q...", v[:chop])
-		} else {
-			fmt.Fprintf(buf, "%q", v)
-		}
-	case []interface{}:
-		if len(v) == 0 {
-			buf.WriteString("[]")
-		} else {
-			sep := "["
-			fin := "]"
-			if len(v) > chop {
-				v = v[:chop]
-				fin = "...]"
-			}
-			for _, vv := range v {
-				buf.WriteString(sep)
-				c.printValue(buf, vv)
-				sep = ", "
-			}
-			buf.WriteString(fin)
-		}
-	default:
-		fmt.Fprint(buf, v)
-	}
-}
-
-func (c *loggingConn) print(method, commandName string, args []interface{}, reply interface{}, err error) {
-	var buf bytes.Buffer
-	fmt.Fprintf(&buf, "%s%s(", c.prefix, method)
-	if method != "Receive" {
-		buf.WriteString(commandName)
-		for _, arg := range args {
-			buf.WriteString(", ")
-			c.printValue(&buf, arg)
-		}
-	}
-	buf.WriteString(") -> (")
-	if method != "Send" {
-		c.printValue(&buf, reply)
-		buf.WriteString(", ")
-	}
-	fmt.Fprintf(&buf, "%v)", err)
-	c.logger.Output(3, buf.String())
-}
-
-func (c *loggingConn) Do(commandName string, args ...interface{}) (interface{}, error) {
-	reply, err := c.Conn.Do(commandName, args...)
-	c.print("Do", commandName, args, reply, err)
-	return reply, err
-}
-
-func (c *loggingConn) Send(commandName string, args ...interface{}) error {
-	err := c.Conn.Send(commandName, args...)
-	c.print("Send", commandName, args, nil, err)
-	return err
-}
-
-func (c *loggingConn) Receive() (interface{}, error) {
-	reply, err := c.Conn.Receive()
-	c.print("Receive", "", nil, reply, err)
-	return reply, err
-}
diff --git a/vendor/github.com/garyburd/redigo/redis/pool.go b/vendor/github.com/garyburd/redigo/redis/pool.go
deleted file mode 100644
index 9daf2e33f..000000000
--- a/vendor/github.com/garyburd/redigo/redis/pool.go
+++ /dev/null
@@ -1,389 +0,0 @@
-// Copyright 2012 Gary Burd
-//
-// Licensed under the Apache License, Version 2.0 (the "License"): you may
-// not use this file except in compliance with the License. You may obtain
-// a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-// WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-// License for the specific language governing permissions and limitations
-// under the License.
-
-package redis
-
-import (
-	"bytes"
-	"container/list"
-	"crypto/rand"
-	"crypto/sha1"
-	"errors"
-	"io"
-	"strconv"
-	"sync"
-	"time"
-
-	"github.com/garyburd/redigo/internal"
-)
-
-var nowFunc = time.Now // for testing
-
-// ErrPoolExhausted is returned from a pool connection method (Do, Send,
-// Receive, Flush, Err) when the maximum number of database connections in the
-// pool has been reached.
-var ErrPoolExhausted = errors.New("redigo: connection pool exhausted")
-
-var (
-	errPoolClosed = errors.New("redigo: connection pool closed")
-	errConnClosed = errors.New("redigo: connection closed")
-)
-
-// Pool maintains a pool of connections. The application calls the Get method
-// to get a connection from the pool and the connection's Close method to
-// return the connection's resources to the pool.
-//
-// The following example shows how to use a pool in a web application. The
-// application creates a pool at application startup and makes it available to
-// request handlers using a global variable.
-//
-//  func newPool(server, password string) *redis.Pool {
-//      return &redis.Pool{
-//          MaxIdle: 3,
-//          IdleTimeout: 240 * time.Second,
-//          Dial: func () (redis.Conn, error) {
-//              c, err := redis.Dial("tcp", server)
-//              if err != nil {
-//                  return nil, err
-//              }
-//              if _, err := c.Do("AUTH", password); err != nil {
-//                  c.Close()
-//                  return nil, err
-//              }
-//              return c, err
-//          },
-//          TestOnBorrow: func(c redis.Conn, t time.Time) error {
-//              _, err := c.Do("PING")
-//              return err
-//          },
-//      }
-//  }
-//
-//  var (
-//      pool *redis.Pool
-//      redisServer = flag.String("redisServer", ":6379", "")
-//      redisPassword = flag.String("redisPassword", "", "")
-//  )
-//
-//  func main() {
-//      flag.Parse()
-//      pool = newPool(*redisServer, *redisPassword)
-//      ...
-//  }
-//
-// A request handler gets a connection from the pool and closes the connection
-// when the handler is done:
-//
-//  func serveHome(w http.ResponseWriter, r *http.Request) {
-//      conn := pool.Get()
-//      defer conn.Close()
-//      ....
-//  }
-//
-type Pool struct {
-
-	// Dial is an application supplied function for creating and configuring a
-	// connection
-	Dial func() (Conn, error)
-
-	// TestOnBorrow is an optional application supplied function for checking
-	// the health of an idle connection before the connection is used again by
-	// the application. Argument t is the time that the connection was returned
-	// to the pool. If the function returns an error, then the connection is
-	// closed.
-	TestOnBorrow func(c Conn, t time.Time) error
-
-	// Maximum number of idle connections in the pool.
-	MaxIdle int
-
-	// Maximum number of connections allocated by the pool at a given time.
-	// When zero, there is no limit on the number of connections in the pool.
-	MaxActive int
-
-	// Close connections after remaining idle for this duration. If the value
-	// is zero, then idle connections are not closed. Applications should set
-	// the timeout to a value less than the server's timeout.
-	IdleTimeout time.Duration
-
-	// If Wait is true and the pool is at the MaxIdle limit, then Get() waits
-	// for a connection to be returned to the pool before returning.
-	Wait bool
-
-	// mu protects fields defined below.
-	mu     sync.Mutex
-	cond   *sync.Cond
-	closed bool
-	active int
-
-	// Stack of idleConn with most recently used at the front.
-	idle list.List
-}
-
-type idleConn struct {
-	c Conn
-	t time.Time
-}
-
-// NewPool creates a new pool. This function is deprecated. Applications should
-// initialize the Pool fields directly as shown in example.
-func NewPool(newFn func() (Conn, error), maxIdle int) *Pool {
-	return &Pool{Dial: newFn, MaxIdle: maxIdle}
-}
-
-// Get gets a connection. The application must close the returned connection.
-// This method always returns a valid connection so that applications can defer
-// error handling to the first use of the connection. If there is an error
-// getting an underlying connection, then the connection Err, Do, Send, Flush
-// and Receive methods return that error.
-func (p *Pool) Get() Conn {
-	c, err := p.get()
-	if err != nil {
-		return errorConnection{err}
-	}
-	return &pooledConnection{p: p, c: c}
-}
-
-// ActiveCount returns the number of active connections in the pool.
-func (p *Pool) ActiveCount() int {
-	p.mu.Lock()
-	active := p.active
-	p.mu.Unlock()
-	return active
-}
-
-// Close releases the resources used by the pool.
-func (p *Pool) Close() error {
-	p.mu.Lock()
-	idle := p.idle
-	p.idle.Init()
-	p.closed = true
-	p.active -= idle.Len()
-	if p.cond != nil {
-		p.cond.Broadcast()
-	}
-	p.mu.Unlock()
-	for e := idle.Front(); e != nil; e = e.Next() {
-		e.Value.(idleConn).c.Close()
-	}
-	return nil
-}
-
-// release decrements the active count and signals waiters. The caller must
-// hold p.mu during the call.
-func (p *Pool) release() {
-	p.active -= 1
-	if p.cond != nil {
-		p.cond.Signal()
-	}
-}
-
-// get prunes stale connections and returns a connection from the idle list or
-// creates a new connection.
-func (p *Pool) get() (Conn, error) {
-	p.mu.Lock()
-
-	// Prune stale connections.
-
-	if timeout := p.IdleTimeout; timeout > 0 {
-		for i, n := 0, p.idle.Len(); i < n; i++ {
-			e := p.idle.Back()
-			if e == nil {
-				break
-			}
-			ic := e.Value.(idleConn)
-			if ic.t.Add(timeout).After(nowFunc()) {
-				break
-			}
-			p.idle.Remove(e)
-			p.release()
-			p.mu.Unlock()
-			ic.c.Close()
-			p.mu.Lock()
-		}
-	}
-
-	for {
-
-		// Get idle connection.
-
-		for i, n := 0, p.idle.Len(); i < n; i++ {
-			e := p.idle.Front()
-			if e == nil {
-				break
-			}
-			ic := e.Value.(idleConn)
-			p.idle.Remove(e)
-			test := p.TestOnBorrow
-			p.mu.Unlock()
-			if test == nil || test(ic.c, ic.t) == nil {
-				return ic.c, nil
-			}
-			ic.c.Close()
-			p.mu.Lock()
-			p.release()
-		}
-
-		// Check for pool closed before dialing a new connection.
-
-		if p.closed {
-			p.mu.Unlock()
-			return nil, errors.New("redigo: get on closed pool")
-		}
-
-		// Dial new connection if under limit.
-
-		if p.MaxActive == 0 || p.active < p.MaxActive {
-			dial := p.Dial
-			p.active += 1
-			p.mu.Unlock()
-			c, err := dial()
-			if err != nil {
-				p.mu.Lock()
-				p.release()
-				p.mu.Unlock()
-				c = nil
-			}
-			return c, err
-		}
-
-		if !p.Wait {
-			p.mu.Unlock()
-			return nil, ErrPoolExhausted
-		}
-
-		if p.cond == nil {
-			p.cond = sync.NewCond(&p.mu)
-		}
-		p.cond.Wait()
-	}
-}
-
-func (p *Pool) put(c Conn, forceClose bool) error {
-	err := c.Err()
-	p.mu.Lock()
-	if !p.closed && err == nil && !forceClose {
-		p.idle.PushFront(idleConn{t: nowFunc(), c: c})
-		if p.idle.Len() > p.MaxIdle {
-			c = p.idle.Remove(p.idle.Back()).(idleConn).c
-		} else {
-			c = nil
-		}
-	}
-
-	if c == nil {
-		if p.cond != nil {
-			p.cond.Signal()
-		}
-		p.mu.Unlock()
-		return nil
-	}
-
-	p.release()
-	p.mu.Unlock()
-	return c.Close()
-}
-
-type pooledConnection struct {
-	p     *Pool
-	c     Conn
-	state int
-}
-
-var (
-	sentinel     []byte
-	sentinelOnce sync.Once
-)
-
-func initSentinel() {
-	p := make([]byte, 64)
-	if _, err := rand.Read(p); err == nil {
-		sentinel = p
-	} else {
-		h := sha1.New()
-		io.WriteString(h, "Oops, rand failed. Use time instead.")
-		io.WriteString(h, strconv.FormatInt(time.Now().UnixNano(), 10))
-		sentinel = h.Sum(nil)
-	}
-}
-
-func (pc *pooledConnection) Close() error {
-	c := pc.c
-	if _, ok := c.(errorConnection); ok {
-		return nil
-	}
-	pc.c = errorConnection{errConnClosed}
-
-	if pc.state&internal.MultiState != 0 {
-		c.Send("DISCARD")
-		pc.state &^= (internal.MultiState | internal.WatchState)
-	} else if pc.state&internal.WatchState != 0 {
-		c.Send("UNWATCH")
-		pc.state &^= internal.WatchState
-	}
-	if pc.state&internal.SubscribeState != 0 {
-		c.Send("UNSUBSCRIBE")
-		c.Send("PUNSUBSCRIBE")
-		// To detect the end of the message stream, ask the server to echo
-		// a sentinel value and read until we see that value.
-		sentinelOnce.Do(initSentinel)
-		c.Send("ECHO", sentinel)
-		c.Flush()
-		for {
-			p, err := c.Receive()
-			if err != nil {
-				break
-			}
-			if p, ok := p.([]byte); ok && bytes.Equal(p, sentinel) {
-				pc.state &^= internal.SubscribeState
-				break
-			}
-		}
-	}
-	c.Do("")
-	pc.p.put(c, pc.state != 0)
-	return nil
-}
-
-func (pc *pooledConnection) Err() error {
-	return pc.c.Err()
-}
-
-func (pc *pooledConnection) Do(commandName string, args ...interface{}) (reply interface{}, err error) {
-	ci := internal.LookupCommandInfo(commandName)
-	pc.state = (pc.state | ci.Set) &^ ci.Clear
-	return pc.c.Do(commandName, args...)
-}
-
-func (pc *pooledConnection) Send(commandName string, args ...interface{}) error {
-	ci := internal.LookupCommandInfo(commandName)
-	pc.state = (pc.state | ci.Set) &^ ci.Clear
-	return pc.c.Send(commandName, args...)
-}
-
-func (pc *pooledConnection) Flush() error {
-	return pc.c.Flush()
-}
-
-func (pc *pooledConnection) Receive() (reply interface{}, err error) {
-	return pc.c.Receive()
-}
-
-type errorConnection struct{ err error }
-
-func (ec errorConnection) Do(string, ...interface{}) (interface{}, error) { return nil, ec.err }
-func (ec errorConnection) Send(string, ...interface{}) error              { return ec.err }
-func (ec errorConnection) Err() error                                     { return ec.err }
-func (ec errorConnection) Close() error                                   { return ec.err }
-func (ec errorConnection) Flush() error                                   { return ec.err }
-func (ec errorConnection) Receive() (interface{}, error)                  { return nil, ec.err }
diff --git a/vendor/github.com/garyburd/redigo/redis/pubsub.go b/vendor/github.com/garyburd/redigo/redis/pubsub.go
deleted file mode 100644
index f0790429f..000000000
--- a/vendor/github.com/garyburd/redigo/redis/pubsub.go
+++ /dev/null
@@ -1,129 +0,0 @@
-// Copyright 2012 Gary Burd
-//
-// Licensed under the Apache License, Version 2.0 (the "License"): you may
-// not use this file except in compliance with the License. You may obtain
-// a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-// WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-// License for the specific language governing permissions and limitations
-// under the License.
-
-package redis
-
-import (
-	"errors"
-)
-
-// Subscription represents a subscribe or unsubscribe notification.
-type Subscription struct {
-
-	// Kind is "subscribe", "unsubscribe", "psubscribe" or "punsubscribe"
-	Kind string
-
-	// The channel that was changed.
-	Channel string
-
-	// The current number of subscriptions for connection.
-	Count int
-}
-
-// Message represents a message notification.
-type Message struct {
-
-	// The originating channel.
-	Channel string
-
-	// The message data.
-	Data []byte
-}
-
-// PMessage represents a pmessage notification.
-type PMessage struct {
-
-	// The matched pattern.
-	Pattern string
-
-	// The originating channel.
-	Channel string
-
-	// The message data.
-	Data []byte
-}
-
-// PubSubConn wraps a Conn with convenience methods for subscribers.
-type PubSubConn struct {
-	Conn Conn
-}
-
-// Close closes the connection.
-func (c PubSubConn) Close() error {
-	return c.Conn.Close()
-}
-
-// Subscribe subscribes the connection to the specified channels.
-func (c PubSubConn) Subscribe(channel ...interface{}) error {
-	c.Conn.Send("SUBSCRIBE", channel...)
-	return c.Conn.Flush()
-}
-
-// PSubscribe subscribes the connection to the given patterns.
-func (c PubSubConn) PSubscribe(channel ...interface{}) error {
-	c.Conn.Send("PSUBSCRIBE", channel...)
-	return c.Conn.Flush()
-}
-
-// Unsubscribe unsubscribes the connection from the given channels, or from all
-// of them if none is given.
-func (c PubSubConn) Unsubscribe(channel ...interface{}) error {
-	c.Conn.Send("UNSUBSCRIBE", channel...)
-	return c.Conn.Flush()
-}
-
-// PUnsubscribe unsubscribes the connection from the given patterns, or from all
-// of them if none is given.
-func (c PubSubConn) PUnsubscribe(channel ...interface{}) error {
-	c.Conn.Send("PUNSUBSCRIBE", channel...)
-	return c.Conn.Flush()
-}
-
-// Receive returns a pushed message as a Subscription, Message, PMessage or
-// error. The return value is intended to be used directly in a type switch as
-// illustrated in the PubSubConn example.
-func (c PubSubConn) Receive() interface{} {
-	reply, err := Values(c.Conn.Receive())
-	if err != nil {
-		return err
-	}
-
-	var kind string
-	reply, err = Scan(reply, &kind)
-	if err != nil {
-		return err
-	}
-
-	switch kind {
-	case "message":
-		var m Message
-		if _, err := Scan(reply, &m.Channel, &m.Data); err != nil {
-			return err
-		}
-		return m
-	case "pmessage":
-		var pm PMessage
-		if _, err := Scan(reply, &pm.Pattern, &pm.Channel, &pm.Data); err != nil {
-			return err
-		}
-		return pm
-	case "subscribe", "psubscribe", "unsubscribe", "punsubscribe":
-		s := Subscription{Kind: kind}
-		if _, err := Scan(reply, &s.Channel, &s.Count); err != nil {
-			return err
-		}
-		return s
-	}
-	return errors.New("redigo: unknown pubsub notification")
-}
diff --git a/vendor/github.com/garyburd/redigo/redis/redis.go b/vendor/github.com/garyburd/redigo/redis/redis.go
deleted file mode 100644
index c90a48ed4..000000000
--- a/vendor/github.com/garyburd/redigo/redis/redis.go
+++ /dev/null
@@ -1,44 +0,0 @@
-// Copyright 2012 Gary Burd
-//
-// Licensed under the Apache License, Version 2.0 (the "License"): you may
-// not use this file except in compliance with the License. You may obtain
-// a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-// WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-// License for the specific language governing permissions and limitations
-// under the License.
-
-package redis
-
-// Error represents an error returned in a command reply.
-type Error string
-
-func (err Error) Error() string { return string(err) }
-
-// Conn represents a connection to a Redis server.
-type Conn interface {
-	// Close closes the connection.
-	Close() error
-
-	// Err returns a non-nil value if the connection is broken. The returned
-	// value is either the first non-nil value returned from the underlying
-	// network connection or a protocol parsing error. Applications should
-	// close broken connections.
-	Err() error
-
-	// Do sends a command to the server and returns the received reply.
-	Do(commandName string, args ...interface{}) (reply interface{}, err error)
-
-	// Send writes the command to the client's output buffer.
-	Send(commandName string, args ...interface{}) error
-
-	// Flush flushes the output buffer to the Redis server.
-	Flush() error
-
-	// Receive receives a single reply from the Redis server
-	Receive() (reply interface{}, err error)
-}
diff --git a/vendor/github.com/garyburd/redigo/redis/reply.go b/vendor/github.com/garyburd/redigo/redis/reply.go
deleted file mode 100644
index 5648f930d..000000000
--- a/vendor/github.com/garyburd/redigo/redis/reply.go
+++ /dev/null
@@ -1,312 +0,0 @@
-// Copyright 2012 Gary Burd
-//
-// Licensed under the Apache License, Version 2.0 (the "License"): you may
-// not use this file except in compliance with the License. You may obtain
-// a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-// WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-// License for the specific language governing permissions and limitations
-// under the License.
-
-package redis
-
-import (
-	"errors"
-	"fmt"
-	"strconv"
-)
-
-// ErrNil indicates that a reply value is nil.
-var ErrNil = errors.New("redigo: nil returned")
-
-// Int is a helper that converts a command reply to an integer. If err is not
-// equal to nil, then Int returns 0, err. Otherwise, Int converts the
-// reply to an int as follows:
-//
-//  Reply type    Result
-//  integer       int(reply), nil
-//  bulk string   parsed reply, nil
-//  nil           0, ErrNil
-//  other         0, error
-func Int(reply interface{}, err error) (int, error) {
-	if err != nil {
-		return 0, err
-	}
-	switch reply := reply.(type) {
-	case int64:
-		x := int(reply)
-		if int64(x) != reply {
-			return 0, strconv.ErrRange
-		}
-		return x, nil
-	case []byte:
-		n, err := strconv.ParseInt(string(reply), 10, 0)
-		return int(n), err
-	case nil:
-		return 0, ErrNil
-	case Error:
-		return 0, reply
-	}
-	return 0, fmt.Errorf("redigo: unexpected type for Int, got type %T", reply)
-}
-
-// Int64 is a helper that converts a command reply to 64 bit integer. If err is
-// not equal to nil, then Int returns 0, err. Otherwise, Int64 converts the
-// reply to an int64 as follows:
-//
-//  Reply type    Result
-//  integer       reply, nil
-//  bulk string   parsed reply, nil
-//  nil           0, ErrNil
-//  other         0, error
-func Int64(reply interface{}, err error) (int64, error) {
-	if err != nil {
-		return 0, err
-	}
-	switch reply := reply.(type) {
-	case int64:
-		return reply, nil
-	case []byte:
-		n, err := strconv.ParseInt(string(reply), 10, 64)
-		return n, err
-	case nil:
-		return 0, ErrNil
-	case Error:
-		return 0, reply
-	}
-	return 0, fmt.Errorf("redigo: unexpected type for Int64, got type %T", reply)
-}
-
-var errNegativeInt = errors.New("redigo: unexpected value for Uint64")
-
-// Uint64 is a helper that converts a command reply to 64 bit integer. If err is
-// not equal to nil, then Int returns 0, err. Otherwise, Int64 converts the
-// reply to an int64 as follows:
-//
-//  Reply type    Result
-//  integer       reply, nil
-//  bulk string   parsed reply, nil
-//  nil           0, ErrNil
-//  other         0, error
-func Uint64(reply interface{}, err error) (uint64, error) {
-	if err != nil {
-		return 0, err
-	}
-	switch reply := reply.(type) {
-	case int64:
-		if reply < 0 {
-			return 0, errNegativeInt
-		}
-		return uint64(reply), nil
-	case []byte:
-		n, err := strconv.ParseUint(string(reply), 10, 64)
-		return n, err
-	case nil:
-		return 0, ErrNil
-	case Error:
-		return 0, reply
-	}
-	return 0, fmt.Errorf("redigo: unexpected type for Uint64, got type %T", reply)
-}
-
-// Float64 is a helper that converts a command reply to 64 bit float. If err is
-// not equal to nil, then Float64 returns 0, err. Otherwise, Float64 converts
-// the reply to an int as follows:
-//
-//  Reply type    Result
-//  bulk string   parsed reply, nil
-//  nil           0, ErrNil
-//  other         0, error
-func Float64(reply interface{}, err error) (float64, error) {
-	if err != nil {
-		return 0, err
-	}
-	switch reply := reply.(type) {
-	case []byte:
-		n, err := strconv.ParseFloat(string(reply), 64)
-		return n, err
-	case nil:
-		return 0, ErrNil
-	case Error:
-		return 0, reply
-	}
-	return 0, fmt.Errorf("redigo: unexpected type for Float64, got type %T", reply)
-}
-
-// String is a helper that converts a command reply to a string. If err is not
-// equal to nil, then String returns "", err. Otherwise String converts the
-// reply to a string as follows:
-//
-//  Reply type      Result
-//  bulk string     string(reply), nil
-//  simple string   reply, nil
-//  nil             "",  ErrNil
-//  other           "",  error
-func String(reply interface{}, err error) (string, error) {
-	if err != nil {
-		return "", err
-	}
-	switch reply := reply.(type) {
-	case []byte:
-		return string(reply), nil
-	case string:
-		return reply, nil
-	case nil:
-		return "", ErrNil
-	case Error:
-		return "", reply
-	}
-	return "", fmt.Errorf("redigo: unexpected type for String, got type %T", reply)
-}
-
-// Bytes is a helper that converts a command reply to a slice of bytes. If err
-// is not equal to nil, then Bytes returns nil, err. Otherwise Bytes converts
-// the reply to a slice of bytes as follows:
-//
-//  Reply type      Result
-//  bulk string     reply, nil
-//  simple string   []byte(reply), nil
-//  nil             nil, ErrNil
-//  other           nil, error
-func Bytes(reply interface{}, err error) ([]byte, error) {
-	if err != nil {
-		return nil, err
-	}
-	switch reply := reply.(type) {
-	case []byte:
-		return reply, nil
-	case string:
-		return []byte(reply), nil
-	case nil:
-		return nil, ErrNil
-	case Error:
-		return nil, reply
-	}
-	return nil, fmt.Errorf("redigo: unexpected type for Bytes, got type %T", reply)
-}
-
-// Bool is a helper that converts a command reply to a boolean. If err is not
-// equal to nil, then Bool returns false, err. Otherwise Bool converts the
-// reply to boolean as follows:
-//
-//  Reply type      Result
-//  integer         value != 0, nil
-//  bulk string     strconv.ParseBool(reply)
-//  nil             false, ErrNil
-//  other           false, error
-func Bool(reply interface{}, err error) (bool, error) {
-	if err != nil {
-		return false, err
-	}
-	switch reply := reply.(type) {
-	case int64:
-		return reply != 0, nil
-	case []byte:
-		return strconv.ParseBool(string(reply))
-	case nil:
-		return false, ErrNil
-	case Error:
-		return false, reply
-	}
-	return false, fmt.Errorf("redigo: unexpected type for Bool, got type %T", reply)
-}
-
-// MultiBulk is deprecated. Use Values.
-func MultiBulk(reply interface{}, err error) ([]interface{}, error) { return Values(reply, err) }
-
-// Values is a helper that converts an array command reply to a []interface{}.
-// If err is not equal to nil, then Values returns nil, err. Otherwise, Values
-// converts the reply as follows:
-//
-//  Reply type      Result
-//  array           reply, nil
-//  nil             nil, ErrNil
-//  other           nil, error
-func Values(reply interface{}, err error) ([]interface{}, error) {
-	if err != nil {
-		return nil, err
-	}
-	switch reply := reply.(type) {
-	case []interface{}:
-		return reply, nil
-	case nil:
-		return nil, ErrNil
-	case Error:
-		return nil, reply
-	}
-	return nil, fmt.Errorf("redigo: unexpected type for Values, got type %T", reply)
-}
-
-// Strings is a helper that converts an array command reply to a []string. If
-// err is not equal to nil, then Strings returns nil, err. Nil array items are
-// converted to "" in the output slice. Strings returns an error if an array
-// item is not a bulk string or nil.
-func Strings(reply interface{}, err error) ([]string, error) {
-	if err != nil {
-		return nil, err
-	}
-	switch reply := reply.(type) {
-	case []interface{}:
-		result := make([]string, len(reply))
-		for i := range reply {
-			if reply[i] == nil {
-				continue
-			}
-			p, ok := reply[i].([]byte)
-			if !ok {
-				return nil, fmt.Errorf("redigo: unexpected element type for Strings, got type %T", reply[i])
-			}
-			result[i] = string(p)
-		}
-		return result, nil
-	case nil:
-		return nil, ErrNil
-	case Error:
-		return nil, reply
-	}
-	return nil, fmt.Errorf("redigo: unexpected type for Strings, got type %T", reply)
-}
-
-// Ints is a helper that converts an array command reply to a []int. If
-// err is not equal to nil, then Ints returns nil, err.
-func Ints(reply interface{}, err error) ([]int, error) {
-	var ints []int
-	if reply == nil {
-		return ints, ErrNil
-	}
-	values, err := Values(reply, err)
-	if err != nil {
-		return ints, err
-	}
-	if err := ScanSlice(values, &ints); err != nil {
-		return ints, err
-	}
-	return ints, nil
-}
-
-// StringMap is a helper that converts an array of strings (alternating key, value)
-// into a map[string]string. The HGETALL and CONFIG GET commands return replies in this format.
-// Requires an even number of values in result.
-func StringMap(result interface{}, err error) (map[string]string, error) {
-	values, err := Values(result, err)
-	if err != nil {
-		return nil, err
-	}
-	if len(values)%2 != 0 {
-		return nil, errors.New("redigo: StringMap expects even number of values result")
-	}
-	m := make(map[string]string, len(values)/2)
-	for i := 0; i < len(values); i += 2 {
-		key, okKey := values[i].([]byte)
-		value, okValue := values[i+1].([]byte)
-		if !okKey || !okValue {
-			return nil, errors.New("redigo: ScanMap key not a bulk string value")
-		}
-		m[string(key)] = string(value)
-	}
-	return m, nil
-}
diff --git a/vendor/github.com/garyburd/redigo/redis/scan.go b/vendor/github.com/garyburd/redigo/redis/scan.go
deleted file mode 100644
index 8c9cfa18d..000000000
--- a/vendor/github.com/garyburd/redigo/redis/scan.go
+++ /dev/null
@@ -1,513 +0,0 @@
-// Copyright 2012 Gary Burd
-//
-// Licensed under the Apache License, Version 2.0 (the "License"): you may
-// not use this file except in compliance with the License. You may obtain
-// a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-// WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-// License for the specific language governing permissions and limitations
-// under the License.
-
-package redis
-
-import (
-	"errors"
-	"fmt"
-	"reflect"
-	"strconv"
-	"strings"
-	"sync"
-)
-
-func ensureLen(d reflect.Value, n int) {
-	if n > d.Cap() {
-		d.Set(reflect.MakeSlice(d.Type(), n, n))
-	} else {
-		d.SetLen(n)
-	}
-}
-
-func cannotConvert(d reflect.Value, s interface{}) error {
-	return fmt.Errorf("redigo: Scan cannot convert from %s to %s",
-		reflect.TypeOf(s), d.Type())
-}
-
-func convertAssignBytes(d reflect.Value, s []byte) (err error) {
-	switch d.Type().Kind() {
-	case reflect.Float32, reflect.Float64:
-		var x float64
-		x, err = strconv.ParseFloat(string(s), d.Type().Bits())
-		d.SetFloat(x)
-	case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64:
-		var x int64
-		x, err = strconv.ParseInt(string(s), 10, d.Type().Bits())
-		d.SetInt(x)
-	case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64:
-		var x uint64
-		x, err = strconv.ParseUint(string(s), 10, d.Type().Bits())
-		d.SetUint(x)
-	case reflect.Bool:
-		var x bool
-		x, err = strconv.ParseBool(string(s))
-		d.SetBool(x)
-	case reflect.String:
-		d.SetString(string(s))
-	case reflect.Slice:
-		if d.Type().Elem().Kind() != reflect.Uint8 {
-			err = cannotConvert(d, s)
-		} else {
-			d.SetBytes(s)
-		}
-	default:
-		err = cannotConvert(d, s)
-	}
-	return
-}
-
-func convertAssignInt(d reflect.Value, s int64) (err error) {
-	switch d.Type().Kind() {
-	case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64:
-		d.SetInt(s)
-		if d.Int() != s {
-			err = strconv.ErrRange
-			d.SetInt(0)
-		}
-	case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64:
-		if s < 0 {
-			err = strconv.ErrRange
-		} else {
-			x := uint64(s)
-			d.SetUint(x)
-			if d.Uint() != x {
-				err = strconv.ErrRange
-				d.SetUint(0)
-			}
-		}
-	case reflect.Bool:
-		d.SetBool(s != 0)
-	default:
-		err = cannotConvert(d, s)
-	}
-	return
-}
-
-func convertAssignValue(d reflect.Value, s interface{}) (err error) {
-	switch s := s.(type) {
-	case []byte:
-		err = convertAssignBytes(d, s)
-	case int64:
-		err = convertAssignInt(d, s)
-	default:
-		err = cannotConvert(d, s)
-	}
-	return err
-}
-
-func convertAssignValues(d reflect.Value, s []interface{}) error {
-	if d.Type().Kind() != reflect.Slice {
-		return cannotConvert(d, s)
-	}
-	ensureLen(d, len(s))
-	for i := 0; i < len(s); i++ {
-		if err := convertAssignValue(d.Index(i), s[i]); err != nil {
-			return err
-		}
-	}
-	return nil
-}
-
-func convertAssign(d interface{}, s interface{}) (err error) {
-	// Handle the most common destination types using type switches and
-	// fall back to reflection for all other types.
-	switch s := s.(type) {
-	case nil:
-		// ingore
-	case []byte:
-		switch d := d.(type) {
-		case *string:
-			*d = string(s)
-		case *int:
-			*d, err = strconv.Atoi(string(s))
-		case *bool:
-			*d, err = strconv.ParseBool(string(s))
-		case *[]byte:
-			*d = s
-		case *interface{}:
-			*d = s
-		case nil:
-			// skip value
-		default:
-			if d := reflect.ValueOf(d); d.Type().Kind() != reflect.Ptr {
-				err = cannotConvert(d, s)
-			} else {
-				err = convertAssignBytes(d.Elem(), s)
-			}
-		}
-	case int64:
-		switch d := d.(type) {
-		case *int:
-			x := int(s)
-			if int64(x) != s {
-				err = strconv.ErrRange
-				x = 0
-			}
-			*d = x
-		case *bool:
-			*d = s != 0
-		case *interface{}:
-			*d = s
-		case nil:
-			// skip value
-		default:
-			if d := reflect.ValueOf(d); d.Type().Kind() != reflect.Ptr {
-				err = cannotConvert(d, s)
-			} else {
-				err = convertAssignInt(d.Elem(), s)
-			}
-		}
-	case []interface{}:
-		switch d := d.(type) {
-		case *[]interface{}:
-			*d = s
-		case *interface{}:
-			*d = s
-		case nil:
-			// skip value
-		default:
-			if d := reflect.ValueOf(d); d.Type().Kind() != reflect.Ptr {
-				err = cannotConvert(d, s)
-			} else {
-				err = convertAssignValues(d.Elem(), s)
-			}
-		}
-	case Error:
-		err = s
-	default:
-		err = cannotConvert(reflect.ValueOf(d), s)
-	}
-	return
-}
-
-// Scan copies from src to the values pointed at by dest.
-//
-// The values pointed at by dest must be an integer, float, boolean, string,
-// []byte, interface{} or slices of these types. Scan uses the standard strconv
-// package to convert bulk strings to numeric and boolean types.
-//
-// If a dest value is nil, then the corresponding src value is skipped.
-//
-// If a src element is nil, then the corresponding dest value is not modified.
-//
-// To enable easy use of Scan in a loop, Scan returns the slice of src
-// following the copied values.
-func Scan(src []interface{}, dest ...interface{}) ([]interface{}, error) {
-	if len(src) < len(dest) {
-		return nil, errors.New("redigo: Scan array short")
-	}
-	var err error
-	for i, d := range dest {
-		err = convertAssign(d, src[i])
-		if err != nil {
-			break
-		}
-	}
-	return src[len(dest):], err
-}
-
-type fieldSpec struct {
-	name  string
-	index []int
-	//omitEmpty bool
-}
-
-type structSpec struct {
-	m map[string]*fieldSpec
-	l []*fieldSpec
-}
-
-func (ss *structSpec) fieldSpec(name []byte) *fieldSpec {
-	return ss.m[string(name)]
-}
-
-func compileStructSpec(t reflect.Type, depth map[string]int, index []int, ss *structSpec) {
-	for i := 0; i < t.NumField(); i++ {
-		f := t.Field(i)
-		switch {
-		case f.PkgPath != "":
-			// Ignore unexported fields.
-		case f.Anonymous:
-			// TODO: Handle pointers. Requires change to decoder and
-			// protection against infinite recursion.
-			if f.Type.Kind() == reflect.Struct {
-				compileStructSpec(f.Type, depth, append(index, i), ss)
-			}
-		default:
-			fs := &fieldSpec{name: f.Name}
-			tag := f.Tag.Get("redis")
-			p := strings.Split(tag, ",")
-			if len(p) > 0 {
-				if p[0] == "-" {
-					continue
-				}
-				if len(p[0]) > 0 {
-					fs.name = p[0]
-				}
-				for _, s := range p[1:] {
-					switch s {
-					//case "omitempty":
-					//  fs.omitempty = true
-					default:
-						panic(errors.New("redigo: unknown field flag " + s + " for type " + t.Name()))
-					}
-				}
-			}
-			d, found := depth[fs.name]
-			if !found {
-				d = 1 << 30
-			}
-			switch {
-			case len(index) == d:
-				// At same depth, remove from result.
-				delete(ss.m, fs.name)
-				j := 0
-				for i := 0; i < len(ss.l); i++ {
-					if fs.name != ss.l[i].name {
-						ss.l[j] = ss.l[i]
-						j += 1
-					}
-				}
-				ss.l = ss.l[:j]
-			case len(index) < d:
-				fs.index = make([]int, len(index)+1)
-				copy(fs.index, index)
-				fs.index[len(index)] = i
-				depth[fs.name] = len(index)
-				ss.m[fs.name] = fs
-				ss.l = append(ss.l, fs)
-			}
-		}
-	}
-}
-
-var (
-	structSpecMutex  sync.RWMutex
-	structSpecCache  = make(map[reflect.Type]*structSpec)
-	defaultFieldSpec = &fieldSpec{}
-)
-
-func structSpecForType(t reflect.Type) *structSpec {
-
-	structSpecMutex.RLock()
-	ss, found := structSpecCache[t]
-	structSpecMutex.RUnlock()
-	if found {
-		return ss
-	}
-
-	structSpecMutex.Lock()
-	defer structSpecMutex.Unlock()
-	ss, found = structSpecCache[t]
-	if found {
-		return ss
-	}
-
-	ss = &structSpec{m: make(map[string]*fieldSpec)}
-	compileStructSpec(t, make(map[string]int), nil, ss)
-	structSpecCache[t] = ss
-	return ss
-}
-
-var errScanStructValue = errors.New("redigo: ScanStruct value must be non-nil pointer to a struct")
-
-// ScanStruct scans alternating names and values from src to a struct. The
-// HGETALL and CONFIG GET commands return replies in this format.
-//
-// ScanStruct uses exported field names to match values in the response. Use
-// 'redis' field tag to override the name:
-//
-//      Field int `redis:"myName"`
-//
-// Fields with the tag redis:"-" are ignored.
-//
-// Integer, float, boolean, string and []byte fields are supported. Scan uses the
-// standard strconv package to convert bulk string values to numeric and
-// boolean types.
-//
-// If a src element is nil, then the corresponding field is not modified.
-func ScanStruct(src []interface{}, dest interface{}) error {
-	d := reflect.ValueOf(dest)
-	if d.Kind() != reflect.Ptr || d.IsNil() {
-		return errScanStructValue
-	}
-	d = d.Elem()
-	if d.Kind() != reflect.Struct {
-		return errScanStructValue
-	}
-	ss := structSpecForType(d.Type())
-
-	if len(src)%2 != 0 {
-		return errors.New("redigo: ScanStruct expects even number of values in values")
-	}
-
-	for i := 0; i < len(src); i += 2 {
-		s := src[i+1]
-		if s == nil {
-			continue
-		}
-		name, ok := src[i].([]byte)
-		if !ok {
-			return errors.New("redigo: ScanStruct key not a bulk string value")
-		}
-		fs := ss.fieldSpec(name)
-		if fs == nil {
-			continue
-		}
-		if err := convertAssignValue(d.FieldByIndex(fs.index), s); err != nil {
-			return err
-		}
-	}
-	return nil
-}
-
-var (
-	errScanSliceValue = errors.New("redigo: ScanSlice dest must be non-nil pointer to a struct")
-)
-
-// ScanSlice scans src to the slice pointed to by dest. The elements the dest
-// slice must be integer, float, boolean, string, struct or pointer to struct
-// values.
-//
-// Struct fields must be integer, float, boolean or string values. All struct
-// fields are used unless a subset is specified using fieldNames.
-func ScanSlice(src []interface{}, dest interface{}, fieldNames ...string) error {
-	d := reflect.ValueOf(dest)
-	if d.Kind() != reflect.Ptr || d.IsNil() {
-		return errScanSliceValue
-	}
-	d = d.Elem()
-	if d.Kind() != reflect.Slice {
-		return errScanSliceValue
-	}
-
-	isPtr := false
-	t := d.Type().Elem()
-	if t.Kind() == reflect.Ptr && t.Elem().Kind() == reflect.Struct {
-		isPtr = true
-		t = t.Elem()
-	}
-
-	if t.Kind() != reflect.Struct {
-		ensureLen(d, len(src))
-		for i, s := range src {
-			if s == nil {
-				continue
-			}
-			if err := convertAssignValue(d.Index(i), s); err != nil {
-				return err
-			}
-		}
-		return nil
-	}
-
-	ss := structSpecForType(t)
-	fss := ss.l
-	if len(fieldNames) > 0 {
-		fss = make([]*fieldSpec, len(fieldNames))
-		for i, name := range fieldNames {
-			fss[i] = ss.m[name]
-			if fss[i] == nil {
-				return errors.New("redigo: ScanSlice bad field name " + name)
-			}
-		}
-	}
-
-	if len(fss) == 0 {
-		return errors.New("redigo: ScanSlice no struct fields")
-	}
-
-	n := len(src) / len(fss)
-	if n*len(fss) != len(src) {
-		return errors.New("redigo: ScanSlice length not a multiple of struct field count")
-	}
-
-	ensureLen(d, n)
-	for i := 0; i < n; i++ {
-		d := d.Index(i)
-		if isPtr {
-			if d.IsNil() {
-				d.Set(reflect.New(t))
-			}
-			d = d.Elem()
-		}
-		for j, fs := range fss {
-			s := src[i*len(fss)+j]
-			if s == nil {
-				continue
-			}
-			if err := convertAssignValue(d.FieldByIndex(fs.index), s); err != nil {
-				return err
-			}
-		}
-	}
-	return nil
-}
-
-// Args is a helper for constructing command arguments from structured values.
-type Args []interface{}
-
-// Add returns the result of appending value to args.
-func (args Args) Add(value ...interface{}) Args {
-	return append(args, value...)
-}
-
-// AddFlat returns the result of appending the flattened value of v to args.
-//
-// Maps are flattened by appending the alternating keys and map values to args.
-//
-// Slices are flattened by appending the slice elements to args.
-//
-// Structs are flattened by appending the alternating names and values of
-// exported fields to args. If v is a nil struct pointer, then nothing is
-// appended. The 'redis' field tag overrides struct field names. See ScanStruct
-// for more information on the use of the 'redis' field tag.
-//
-// Other types are appended to args as is.
-func (args Args) AddFlat(v interface{}) Args {
-	rv := reflect.ValueOf(v)
-	switch rv.Kind() {
-	case reflect.Struct:
-		args = flattenStruct(args, rv)
-	case reflect.Slice:
-		for i := 0; i < rv.Len(); i++ {
-			args = append(args, rv.Index(i).Interface())
-		}
-	case reflect.Map:
-		for _, k := range rv.MapKeys() {
-			args = append(args, k.Interface(), rv.MapIndex(k).Interface())
-		}
-	case reflect.Ptr:
-		if rv.Type().Elem().Kind() == reflect.Struct {
-			if !rv.IsNil() {
-				args = flattenStruct(args, rv.Elem())
-			}
-		} else {
-			args = append(args, v)
-		}
-	default:
-		args = append(args, v)
-	}
-	return args
-}
-
-func flattenStruct(args Args, v reflect.Value) Args {
-	ss := structSpecForType(v.Type())
-	for _, fs := range ss.l {
-		fv := v.FieldByIndex(fs.index)
-		args = append(args, fs.name, fv.Interface())
-	}
-	return args
-}
diff --git a/vendor/github.com/garyburd/redigo/redis/script.go b/vendor/github.com/garyburd/redigo/redis/script.go
deleted file mode 100644
index 78605a90a..000000000
--- a/vendor/github.com/garyburd/redigo/redis/script.go
+++ /dev/null
@@ -1,86 +0,0 @@
-// Copyright 2012 Gary Burd
-//
-// Licensed under the Apache License, Version 2.0 (the "License"): you may
-// not use this file except in compliance with the License. You may obtain
-// a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-// WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-// License for the specific language governing permissions and limitations
-// under the License.
-
-package redis
-
-import (
-	"crypto/sha1"
-	"encoding/hex"
-	"io"
-	"strings"
-)
-
-// Script encapsulates the source, hash and key count for a Lua script. See
-// http://redis.io/commands/eval for information on scripts in Redis.
-type Script struct {
-	keyCount int
-	src      string
-	hash     string
-}
-
-// NewScript returns a new script object. If keyCount is greater than or equal
-// to zero, then the count is automatically inserted in the EVAL command
-// argument list. If keyCount is less than zero, then the application supplies
-// the count as the first value in the keysAndArgs argument to the Do, Send and
-// SendHash methods.
-func NewScript(keyCount int, src string) *Script {
-	h := sha1.New()
-	io.WriteString(h, src)
-	return &Script{keyCount, src, hex.EncodeToString(h.Sum(nil))}
-}
-
-func (s *Script) args(spec string, keysAndArgs []interface{}) []interface{} {
-	var args []interface{}
-	if s.keyCount < 0 {
-		args = make([]interface{}, 1+len(keysAndArgs))
-		args[0] = spec
-		copy(args[1:], keysAndArgs)
-	} else {
-		args = make([]interface{}, 2+len(keysAndArgs))
-		args[0] = spec
-		args[1] = s.keyCount
-		copy(args[2:], keysAndArgs)
-	}
-	return args
-}
-
-// Do evaluates the script. Under the covers, Do optimistically evaluates the
-// script using the EVALSHA command. If the command fails because the script is
-// not loaded, then Do evaluates the script using the EVAL command (thus
-// causing the script to load).
-func (s *Script) Do(c Conn, keysAndArgs ...interface{}) (interface{}, error) {
-	v, err := c.Do("EVALSHA", s.args(s.hash, keysAndArgs)...)
-	if e, ok := err.(Error); ok && strings.HasPrefix(string(e), "NOSCRIPT ") {
-		v, err = c.Do("EVAL", s.args(s.src, keysAndArgs)...)
-	}
-	return v, err
-}
-
-// SendHash evaluates the script without waiting for the reply. The script is
-// evaluated with the EVALSHA command. The application must ensure that the
-// script is loaded by a previous call to Send, Do or Load methods.
-func (s *Script) SendHash(c Conn, keysAndArgs ...interface{}) error {
-	return c.Send("EVALSHA", s.args(s.hash, keysAndArgs)...)
-}
-
-// Send evaluates the script without waiting for the reply.
-func (s *Script) Send(c Conn, keysAndArgs ...interface{}) error {
-	return c.Send("EVAL", s.args(s.src, keysAndArgs)...)
-}
-
-// Load loads the script without evaluating it.
-func (s *Script) Load(c Conn) error {
-	_, err := c.Do("SCRIPT", "LOAD", s.src)
-	return err
-}
diff --git a/vendor/github.com/gofrs/uuid/.gitignore b/vendor/github.com/gofrs/uuid/.gitignore
deleted file mode 100644
index 666dbbb5b..000000000
--- a/vendor/github.com/gofrs/uuid/.gitignore
+++ /dev/null
@@ -1,15 +0,0 @@
-# Binaries for programs and plugins
-*.exe
-*.exe~
-*.dll
-*.so
-*.dylib
-
-# Test binary, build with `go test -c`
-*.test
-
-# Output of the go coverage tool, specifically when used with LiteIDE
-*.out
-
-# binary bundle generated by go-fuzz
-uuid-fuzz.zip
diff --git a/vendor/github.com/gofrs/uuid/LICENSE b/vendor/github.com/gofrs/uuid/LICENSE
deleted file mode 100644
index 926d54987..000000000
--- a/vendor/github.com/gofrs/uuid/LICENSE
+++ /dev/null
@@ -1,20 +0,0 @@
-Copyright (C) 2013-2018 by Maxim Bublis <b@codemonkey.ru>
-
-Permission is hereby granted, free of charge, to any person obtaining
-a copy of this software and associated documentation files (the
-"Software"), to deal in the Software without restriction, including
-without limitation the rights to use, copy, modify, merge, publish,
-distribute, sublicense, and/or sell copies of the Software, and to
-permit persons to whom the Software is furnished to do so, subject to
-the following conditions:
-
-The above copyright notice and this permission notice shall be
-included in all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/vendor/github.com/gofrs/uuid/README.md b/vendor/github.com/gofrs/uuid/README.md
deleted file mode 100644
index 4f73bec82..000000000
--- a/vendor/github.com/gofrs/uuid/README.md
+++ /dev/null
@@ -1,117 +0,0 @@
-# UUID
-
-[![License](https://img.shields.io/github/license/gofrs/uuid.svg)](https://github.com/gofrs/uuid/blob/master/LICENSE)
-[![Build Status](https://travis-ci.org/gofrs/uuid.svg?branch=master)](https://travis-ci.org/gofrs/uuid)
-[![GoDoc](http://godoc.org/github.com/gofrs/uuid?status.svg)](http://godoc.org/github.com/gofrs/uuid)
-[![Coverage Status](https://codecov.io/gh/gofrs/uuid/branch/master/graphs/badge.svg?branch=master)](https://codecov.io/gh/gofrs/uuid/)
-[![Go Report Card](https://goreportcard.com/badge/github.com/gofrs/uuid)](https://goreportcard.com/report/github.com/gofrs/uuid)
-
-Package uuid provides a pure Go implementation of Universally Unique Identifiers
-(UUID) variant as defined in RFC-4122. This package supports both the creation
-and parsing of UUIDs in different formats.
-
-This package supports the following UUID versions:
-* Version 1, based on timestamp and MAC address (RFC-4122)
-* Version 3, based on MD5 hashing of a named value (RFC-4122)
-* Version 4, based on random numbers (RFC-4122)
-* Version 5, based on SHA-1 hashing of a named value (RFC-4122)
-
-This package also supports experimental Universally Unique Identifier implementations based on a
-[draft RFC](https://www.ietf.org/archive/id/draft-peabody-dispatch-new-uuid-format-04.html) that updates RFC-4122
-* Version 6, a k-sortable id based on timestamp, and field-compatible with v1 (draft-peabody-dispatch-new-uuid-format, RFC-4122)
-* Version 7, a k-sortable id based on timestamp (draft-peabody-dispatch-new-uuid-format, RFC-4122)
-
-The v6 and v7 IDs are **not** considered a part of the stable API, and may be subject to behavior or API changes as part of minor releases
-to this package. They will be updated as the draft RFC changes, and will become stable if and when the draft RFC is accepted.
-
-## Project History
-
-This project was originally forked from the
-[github.com/satori/go.uuid](https://github.com/satori/go.uuid) repository after
-it appeared to be no longer maintained, while exhibiting [critical
-flaws](https://github.com/satori/go.uuid/issues/73). We have decided to take
-over this project to ensure it receives regular maintenance for the benefit of
-the larger Go community.
-
-We'd like to thank Maxim Bublis for his hard work on the original iteration of
-the package.
-
-## License
-
-This source code of this package is released under the MIT License. Please see
-the [LICENSE](https://github.com/gofrs/uuid/blob/master/LICENSE) for the full
-content of the license.
-
-## Recommended Package Version
-
-We recommend using v2.0.0+ of this package, as versions prior to 2.0.0 were
-created before our fork of the original package and have some known
-deficiencies.
-
-## Installation
-
-It is recommended to use a package manager like `dep` that understands tagged
-releases of a package, as well as semantic versioning.
-
-If you are unable to make use of a dependency manager with your project, you can
-use the `go get` command to download it directly:
-
-```Shell
-$ go get github.com/gofrs/uuid
-```
-
-## Requirements
-
-Due to subtests not being supported in older versions of Go, this package is
-only regularly tested against Go 1.7+. This package may work perfectly fine with
-Go 1.2+, but support for these older versions is not actively maintained.
-
-## Go 1.11 Modules
-
-As of v3.2.0, this repository no longer adopts Go modules, and v3.2.0 no longer has a `go.mod` file.  As a result, v3.2.0 also drops support for the `github.com/gofrs/uuid/v3` import path. Only module-based consumers are impacted.  With the v3.2.0 release, _all_ gofrs/uuid consumers should use the `github.com/gofrs/uuid` import path.
-
-An existing module-based consumer will continue to be able to build using the `github.com/gofrs/uuid/v3` import path using any valid consumer `go.mod` that worked prior to the publishing of v3.2.0, but any module-based consumer should start using the `github.com/gofrs/uuid` import path when possible and _must_ use the `github.com/gofrs/uuid` import path prior to upgrading to v3.2.0.
-
-Please refer to [Issue #61](https://github.com/gofrs/uuid/issues/61) and [Issue #66](https://github.com/gofrs/uuid/issues/66) for more details.
-
-## Usage
-
-Here is a quick overview of how to use this package. For more detailed
-documentation, please see the [GoDoc Page](http://godoc.org/github.com/gofrs/uuid).
-
-```go
-package main
-
-import (
-	"log"
-
-	"github.com/gofrs/uuid"
-)
-
-// Create a Version 4 UUID, panicking on error.
-// Use this form to initialize package-level variables.
-var u1 = uuid.Must(uuid.NewV4())
-
-func main() {
-	// Create a Version 4 UUID.
-	u2, err := uuid.NewV4()
-	if err != nil {
-		log.Fatalf("failed to generate UUID: %v", err)
-	}
-	log.Printf("generated Version 4 UUID %v", u2)
-
-	// Parse a UUID from a string.
-	s := "6ba7b810-9dad-11d1-80b4-00c04fd430c8"
-	u3, err := uuid.FromString(s)
-	if err != nil {
-		log.Fatalf("failed to parse UUID %q: %v", s, err)
-	}
-	log.Printf("successfully parsed UUID %v", u3)
-}
-```
-
-## References
-
-* [RFC-4122](https://tools.ietf.org/html/rfc4122)
-* [DCE 1.1: Authentication and Security Services](http://pubs.opengroup.org/onlinepubs/9696989899/chap5.htm#tagcjh_08_02_01_01)
-* [New UUID Formats RFC Draft (Peabody) Rev 04](https://www.ietf.org/archive/id/draft-peabody-dispatch-new-uuid-format-04.html#)
diff --git a/vendor/github.com/gofrs/uuid/codec.go b/vendor/github.com/gofrs/uuid/codec.go
deleted file mode 100644
index 665026414..000000000
--- a/vendor/github.com/gofrs/uuid/codec.go
+++ /dev/null
@@ -1,234 +0,0 @@
-// Copyright (C) 2013-2018 by Maxim Bublis <b@codemonkey.ru>
-//
-// Permission is hereby granted, free of charge, to any person obtaining
-// a copy of this software and associated documentation files (the
-// "Software"), to deal in the Software without restriction, including
-// without limitation the rights to use, copy, modify, merge, publish,
-// distribute, sublicense, and/or sell copies of the Software, and to
-// permit persons to whom the Software is furnished to do so, subject to
-// the following conditions:
-//
-// The above copyright notice and this permission notice shall be
-// included in all copies or substantial portions of the Software.
-//
-// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-
-package uuid
-
-import (
-	"errors"
-	"fmt"
-)
-
-// FromBytes returns a UUID generated from the raw byte slice input.
-// It will return an error if the slice isn't 16 bytes long.
-func FromBytes(input []byte) (UUID, error) {
-	u := UUID{}
-	err := u.UnmarshalBinary(input)
-	return u, err
-}
-
-// FromBytesOrNil returns a UUID generated from the raw byte slice input.
-// Same behavior as FromBytes(), but returns uuid.Nil instead of an error.
-func FromBytesOrNil(input []byte) UUID {
-	uuid, err := FromBytes(input)
-	if err != nil {
-		return Nil
-	}
-	return uuid
-}
-
-var errInvalidFormat = errors.New("uuid: invalid UUID format")
-
-func fromHexChar(c byte) byte {
-	switch {
-	case '0' <= c && c <= '9':
-		return c - '0'
-	case 'a' <= c && c <= 'f':
-		return c - 'a' + 10
-	case 'A' <= c && c <= 'F':
-		return c - 'A' + 10
-	}
-	return 255
-}
-
-// Parse parses the UUID stored in the string text. Parsing and supported
-// formats are the same as UnmarshalText.
-func (u *UUID) Parse(s string) error {
-	switch len(s) {
-	case 32: // hash
-	case 36: // canonical
-	case 34, 38:
-		if s[0] != '{' || s[len(s)-1] != '}' {
-			return fmt.Errorf("uuid: incorrect UUID format in string %q", s)
-		}
-		s = s[1 : len(s)-1]
-	case 41, 45:
-		if s[:9] != "urn:uuid:" {
-			return fmt.Errorf("uuid: incorrect UUID format in string %q", s[:9])
-		}
-		s = s[9:]
-	default:
-		return fmt.Errorf("uuid: incorrect UUID length %d in string %q", len(s), s)
-	}
-	// canonical
-	if len(s) == 36 {
-		if s[8] != '-' || s[13] != '-' || s[18] != '-' || s[23] != '-' {
-			return fmt.Errorf("uuid: incorrect UUID format in string %q", s)
-		}
-		for i, x := range [16]byte{
-			0, 2, 4, 6,
-			9, 11,
-			14, 16,
-			19, 21,
-			24, 26, 28, 30, 32, 34,
-		} {
-			v1 := fromHexChar(s[x])
-			v2 := fromHexChar(s[x+1])
-			if v1|v2 == 255 {
-				return errInvalidFormat
-			}
-			u[i] = (v1 << 4) | v2
-		}
-		return nil
-	}
-	// hash like
-	for i := 0; i < 32; i += 2 {
-		v1 := fromHexChar(s[i])
-		v2 := fromHexChar(s[i+1])
-		if v1|v2 == 255 {
-			return errInvalidFormat
-		}
-		u[i/2] = (v1 << 4) | v2
-	}
-	return nil
-}
-
-// FromString returns a UUID parsed from the input string.
-// Input is expected in a form accepted by UnmarshalText.
-func FromString(text string) (UUID, error) {
-	var u UUID
-	err := u.Parse(text)
-	return u, err
-}
-
-// FromStringOrNil returns a UUID parsed from the input string.
-// Same behavior as FromString(), but returns uuid.Nil instead of an error.
-func FromStringOrNil(input string) UUID {
-	uuid, err := FromString(input)
-	if err != nil {
-		return Nil
-	}
-	return uuid
-}
-
-// MarshalText implements the encoding.TextMarshaler interface.
-// The encoding is the same as returned by the String() method.
-func (u UUID) MarshalText() ([]byte, error) {
-	var buf [36]byte
-	encodeCanonical(buf[:], u)
-	return buf[:], nil
-}
-
-// UnmarshalText implements the encoding.TextUnmarshaler interface.
-// Following formats are supported:
-//
-//	"6ba7b810-9dad-11d1-80b4-00c04fd430c8",
-//	"{6ba7b810-9dad-11d1-80b4-00c04fd430c8}",
-//	"urn:uuid:6ba7b810-9dad-11d1-80b4-00c04fd430c8"
-//	"6ba7b8109dad11d180b400c04fd430c8"
-//	"{6ba7b8109dad11d180b400c04fd430c8}",
-//	"urn:uuid:6ba7b8109dad11d180b400c04fd430c8"
-//
-// ABNF for supported UUID text representation follows:
-//
-//	URN := 'urn'
-//	UUID-NID := 'uuid'
-//
-//	hexdig := '0' | '1' | '2' | '3' | '4' | '5' | '6' | '7' | '8' | '9' |
-//	          'a' | 'b' | 'c' | 'd' | 'e' | 'f' |
-//	          'A' | 'B' | 'C' | 'D' | 'E' | 'F'
-//
-//	hexoct := hexdig hexdig
-//	2hexoct := hexoct hexoct
-//	4hexoct := 2hexoct 2hexoct
-//	6hexoct := 4hexoct 2hexoct
-//	12hexoct := 6hexoct 6hexoct
-//
-//	hashlike := 12hexoct
-//	canonical := 4hexoct '-' 2hexoct '-' 2hexoct '-' 6hexoct
-//
-//	plain := canonical | hashlike
-//	uuid := canonical | hashlike | braced | urn
-//
-//	braced := '{' plain '}' | '{' hashlike  '}'
-//	urn := URN ':' UUID-NID ':' plain
-func (u *UUID) UnmarshalText(b []byte) error {
-	switch len(b) {
-	case 32: // hash
-	case 36: // canonical
-	case 34, 38:
-		if b[0] != '{' || b[len(b)-1] != '}' {
-			return fmt.Errorf("uuid: incorrect UUID format in string %q", b)
-		}
-		b = b[1 : len(b)-1]
-	case 41, 45:
-		if string(b[:9]) != "urn:uuid:" {
-			return fmt.Errorf("uuid: incorrect UUID format in string %q", b[:9])
-		}
-		b = b[9:]
-	default:
-		return fmt.Errorf("uuid: incorrect UUID length %d in string %q", len(b), b)
-	}
-	if len(b) == 36 {
-		if b[8] != '-' || b[13] != '-' || b[18] != '-' || b[23] != '-' {
-			return fmt.Errorf("uuid: incorrect UUID format in string %q", b)
-		}
-		for i, x := range [16]byte{
-			0, 2, 4, 6,
-			9, 11,
-			14, 16,
-			19, 21,
-			24, 26, 28, 30, 32, 34,
-		} {
-			v1 := fromHexChar(b[x])
-			v2 := fromHexChar(b[x+1])
-			if v1|v2 == 255 {
-				return errInvalidFormat
-			}
-			u[i] = (v1 << 4) | v2
-		}
-		return nil
-	}
-	for i := 0; i < 32; i += 2 {
-		v1 := fromHexChar(b[i])
-		v2 := fromHexChar(b[i+1])
-		if v1|v2 == 255 {
-			return errInvalidFormat
-		}
-		u[i/2] = (v1 << 4) | v2
-	}
-	return nil
-}
-
-// MarshalBinary implements the encoding.BinaryMarshaler interface.
-func (u UUID) MarshalBinary() ([]byte, error) {
-	return u.Bytes(), nil
-}
-
-// UnmarshalBinary implements the encoding.BinaryUnmarshaler interface.
-// It will return an error if the slice isn't 16 bytes long.
-func (u *UUID) UnmarshalBinary(data []byte) error {
-	if len(data) != Size {
-		return fmt.Errorf("uuid: UUID must be exactly 16 bytes long, got %d bytes", len(data))
-	}
-	copy(u[:], data)
-
-	return nil
-}
diff --git a/vendor/github.com/gofrs/uuid/fuzz.go b/vendor/github.com/gofrs/uuid/fuzz.go
deleted file mode 100644
index ccf8d4ca2..000000000
--- a/vendor/github.com/gofrs/uuid/fuzz.go
+++ /dev/null
@@ -1,48 +0,0 @@
-// Copyright (c) 2018 Andrei Tudor Călin <mail@acln.ro>
-//
-// Permission is hereby granted, free of charge, to any person obtaining
-// a copy of this software and associated documentation files (the
-// "Software"), to deal in the Software without restriction, including
-// without limitation the rights to use, copy, modify, merge, publish,
-// distribute, sublicense, and/or sell copies of the Software, and to
-// permit persons to whom the Software is furnished to do so, subject to
-// the following conditions:
-//
-// The above copyright notice and this permission notice shall be
-// included in all copies or substantial portions of the Software.
-//
-// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-
-//go:build gofuzz
-// +build gofuzz
-
-package uuid
-
-// Fuzz implements a simple fuzz test for FromString / UnmarshalText.
-//
-// To run:
-//
-//	$ go get github.com/dvyukov/go-fuzz/...
-//	$ cd $GOPATH/src/github.com/gofrs/uuid
-//	$ go-fuzz-build github.com/gofrs/uuid
-//	$ go-fuzz -bin=uuid-fuzz.zip -workdir=./testdata
-//
-// If you make significant changes to FromString / UnmarshalText and add
-// new cases to fromStringTests (in codec_test.go), please run
-//
-//	$ go test -seed_fuzz_corpus
-//
-// to seed the corpus with the new interesting inputs, then run the fuzzer.
-func Fuzz(data []byte) int {
-	_, err := FromString(string(data))
-	if err != nil {
-		return 0
-	}
-	return 1
-}
diff --git a/vendor/github.com/gofrs/uuid/generator.go b/vendor/github.com/gofrs/uuid/generator.go
deleted file mode 100644
index 44be9e158..000000000
--- a/vendor/github.com/gofrs/uuid/generator.go
+++ /dev/null
@@ -1,456 +0,0 @@
-// Copyright (C) 2013-2018 by Maxim Bublis <b@codemonkey.ru>
-//
-// Permission is hereby granted, free of charge, to any person obtaining
-// a copy of this software and associated documentation files (the
-// "Software"), to deal in the Software without restriction, including
-// without limitation the rights to use, copy, modify, merge, publish,
-// distribute, sublicense, and/or sell copies of the Software, and to
-// permit persons to whom the Software is furnished to do so, subject to
-// the following conditions:
-//
-// The above copyright notice and this permission notice shall be
-// included in all copies or substantial portions of the Software.
-//
-// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-
-package uuid
-
-import (
-	"crypto/md5"
-	"crypto/rand"
-	"crypto/sha1"
-	"encoding/binary"
-	"fmt"
-	"hash"
-	"io"
-	"net"
-	"sync"
-	"time"
-)
-
-// Difference in 100-nanosecond intervals between
-// UUID epoch (October 15, 1582) and Unix epoch (January 1, 1970).
-const epochStart = 122192928000000000
-
-// EpochFunc is the function type used to provide the current time.
-type EpochFunc func() time.Time
-
-// HWAddrFunc is the function type used to provide hardware (MAC) addresses.
-type HWAddrFunc func() (net.HardwareAddr, error)
-
-// DefaultGenerator is the default UUID Generator used by this package.
-var DefaultGenerator Generator = NewGen()
-
-// NewV1 returns a UUID based on the current timestamp and MAC address.
-func NewV1() (UUID, error) {
-	return DefaultGenerator.NewV1()
-}
-
-// NewV3 returns a UUID based on the MD5 hash of the namespace UUID and name.
-func NewV3(ns UUID, name string) UUID {
-	return DefaultGenerator.NewV3(ns, name)
-}
-
-// NewV4 returns a randomly generated UUID.
-func NewV4() (UUID, error) {
-	return DefaultGenerator.NewV4()
-}
-
-// NewV5 returns a UUID based on SHA-1 hash of the namespace UUID and name.
-func NewV5(ns UUID, name string) UUID {
-	return DefaultGenerator.NewV5(ns, name)
-}
-
-// NewV6 returns a k-sortable UUID based on a timestamp and 48 bits of
-// pseudorandom data. The timestamp in a V6 UUID is the same as V1, with the bit
-// order being adjusted to allow the UUID to be k-sortable.
-//
-// This is implemented based on revision 03 of the Peabody UUID draft, and may
-// be subject to change pending further revisions. Until the final specification
-// revision is finished, changes required to implement updates to the spec will
-// not be considered a breaking change. They will happen as a minor version
-// releases until the spec is final.
-func NewV6() (UUID, error) {
-	return DefaultGenerator.NewV6()
-}
-
-// NewV7 returns a k-sortable UUID based on the current millisecond precision
-// UNIX epoch and 74 bits of pseudorandom data. It supports single-node batch generation (multiple UUIDs in the same timestamp) with a Monotonic Random counter.
-//
-// This is implemented based on revision 04 of the Peabody UUID draft, and may
-// be subject to change pending further revisions. Until the final specification
-// revision is finished, changes required to implement updates to the spec will
-// not be considered a breaking change. They will happen as a minor version
-// releases until the spec is final.
-func NewV7() (UUID, error) {
-	return DefaultGenerator.NewV7()
-}
-
-// Generator provides an interface for generating UUIDs.
-type Generator interface {
-	NewV1() (UUID, error)
-	NewV3(ns UUID, name string) UUID
-	NewV4() (UUID, error)
-	NewV5(ns UUID, name string) UUID
-	NewV6() (UUID, error)
-	NewV7() (UUID, error)
-}
-
-// Gen is a reference UUID generator based on the specifications laid out in
-// RFC-4122 and DCE 1.1: Authentication and Security Services. This type
-// satisfies the Generator interface as defined in this package.
-//
-// For consumers who are generating V1 UUIDs, but don't want to expose the MAC
-// address of the node generating the UUIDs, the NewGenWithHWAF() function has been
-// provided as a convenience. See the function's documentation for more info.
-//
-// The authors of this package do not feel that the majority of users will need
-// to obfuscate their MAC address, and so we recommend using NewGen() to create
-// a new generator.
-type Gen struct {
-	clockSequenceOnce sync.Once
-	hardwareAddrOnce  sync.Once
-	storageMutex      sync.Mutex
-
-	rand io.Reader
-
-	epochFunc     EpochFunc
-	hwAddrFunc    HWAddrFunc
-	lastTime      uint64
-	clockSequence uint16
-	hardwareAddr  [6]byte
-}
-
-// GenOption is a function type that can be used to configure a Gen generator.
-type GenOption func(*Gen)
-
-// interface check -- build will fail if *Gen doesn't satisfy Generator
-var _ Generator = (*Gen)(nil)
-
-// NewGen returns a new instance of Gen with some default values set. Most
-// people should use this.
-func NewGen() *Gen {
-	return NewGenWithHWAF(defaultHWAddrFunc)
-}
-
-// NewGenWithHWAF builds a new UUID generator with the HWAddrFunc provided. Most
-// consumers should use NewGen() instead.
-//
-// This is used so that consumers can generate their own MAC addresses, for use
-// in the generated UUIDs, if there is some concern about exposing the physical
-// address of the machine generating the UUID.
-//
-// The Gen generator will only invoke the HWAddrFunc once, and cache that MAC
-// address for all the future UUIDs generated by it. If you'd like to switch the
-// MAC address being used, you'll need to create a new generator using this
-// function.
-func NewGenWithHWAF(hwaf HWAddrFunc) *Gen {
-	return NewGenWithOptions(WithHWAddrFunc(hwaf))
-}
-
-// NewGenWithOptions returns a new instance of Gen with the options provided.
-// Most people should use NewGen() or NewGenWithHWAF() instead.
-//
-// To customize the generator, you can pass in one or more GenOption functions.
-// For example:
-//
-//	gen := NewGenWithOptions(
-//	    WithHWAddrFunc(myHWAddrFunc),
-//	    WithEpochFunc(myEpochFunc),
-//	    WithRandomReader(myRandomReader),
-//	)
-//
-// NewGenWithOptions(WithHWAddrFunc(myHWAddrFunc)) is equivalent to calling
-// NewGenWithHWAF(myHWAddrFunc)
-// NewGenWithOptions() is equivalent to calling NewGen()
-func NewGenWithOptions(opts ...GenOption) *Gen {
-	gen := &Gen{
-		epochFunc:  time.Now,
-		hwAddrFunc: defaultHWAddrFunc,
-		rand:       rand.Reader,
-	}
-
-	for _, opt := range opts {
-		opt(gen)
-	}
-
-	return gen
-}
-
-// WithHWAddrFunc is a GenOption that allows you to provide your own HWAddrFunc
-// function.
-// When this option is nil, the defaultHWAddrFunc is used.
-func WithHWAddrFunc(hwaf HWAddrFunc) GenOption {
-	return func(gen *Gen) {
-		if hwaf == nil {
-			hwaf = defaultHWAddrFunc
-		}
-
-		gen.hwAddrFunc = hwaf
-	}
-}
-
-// WithEpochFunc is a GenOption that allows you to provide your own EpochFunc
-// function.
-// When this option is nil, time.Now is used.
-func WithEpochFunc(epochf EpochFunc) GenOption {
-	return func(gen *Gen) {
-		if epochf == nil {
-			epochf = time.Now
-		}
-
-		gen.epochFunc = epochf
-	}
-}
-
-// WithRandomReader is a GenOption that allows you to provide your own random
-// reader.
-// When this option is nil, the default rand.Reader is used.
-func WithRandomReader(reader io.Reader) GenOption {
-	return func(gen *Gen) {
-		if reader == nil {
-			reader = rand.Reader
-		}
-
-		gen.rand = reader
-	}
-}
-
-// NewV1 returns a UUID based on the current timestamp and MAC address.
-func (g *Gen) NewV1() (UUID, error) {
-	u := UUID{}
-
-	timeNow, clockSeq, err := g.getClockSequence(false)
-	if err != nil {
-		return Nil, err
-	}
-	binary.BigEndian.PutUint32(u[0:], uint32(timeNow))
-	binary.BigEndian.PutUint16(u[4:], uint16(timeNow>>32))
-	binary.BigEndian.PutUint16(u[6:], uint16(timeNow>>48))
-	binary.BigEndian.PutUint16(u[8:], clockSeq)
-
-	hardwareAddr, err := g.getHardwareAddr()
-	if err != nil {
-		return Nil, err
-	}
-	copy(u[10:], hardwareAddr)
-
-	u.SetVersion(V1)
-	u.SetVariant(VariantRFC4122)
-
-	return u, nil
-}
-
-// NewV3 returns a UUID based on the MD5 hash of the namespace UUID and name.
-func (g *Gen) NewV3(ns UUID, name string) UUID {
-	u := newFromHash(md5.New(), ns, name)
-	u.SetVersion(V3)
-	u.SetVariant(VariantRFC4122)
-
-	return u
-}
-
-// NewV4 returns a randomly generated UUID.
-func (g *Gen) NewV4() (UUID, error) {
-	u := UUID{}
-	if _, err := io.ReadFull(g.rand, u[:]); err != nil {
-		return Nil, err
-	}
-	u.SetVersion(V4)
-	u.SetVariant(VariantRFC4122)
-
-	return u, nil
-}
-
-// NewV5 returns a UUID based on SHA-1 hash of the namespace UUID and name.
-func (g *Gen) NewV5(ns UUID, name string) UUID {
-	u := newFromHash(sha1.New(), ns, name)
-	u.SetVersion(V5)
-	u.SetVariant(VariantRFC4122)
-
-	return u
-}
-
-// NewV6 returns a k-sortable UUID based on a timestamp and 48 bits of
-// pseudorandom data. The timestamp in a V6 UUID is the same as V1, with the bit
-// order being adjusted to allow the UUID to be k-sortable.
-//
-// This is implemented based on revision 03 of the Peabody UUID draft, and may
-// be subject to change pending further revisions. Until the final specification
-// revision is finished, changes required to implement updates to the spec will
-// not be considered a breaking change. They will happen as a minor version
-// releases until the spec is final.
-func (g *Gen) NewV6() (UUID, error) {
-	var u UUID
-
-	if _, err := io.ReadFull(g.rand, u[10:]); err != nil {
-		return Nil, err
-	}
-
-	timeNow, clockSeq, err := g.getClockSequence(false)
-	if err != nil {
-		return Nil, err
-	}
-
-	binary.BigEndian.PutUint32(u[0:], uint32(timeNow>>28))   // set time_high
-	binary.BigEndian.PutUint16(u[4:], uint16(timeNow>>12))   // set time_mid
-	binary.BigEndian.PutUint16(u[6:], uint16(timeNow&0xfff)) // set time_low (minus four version bits)
-	binary.BigEndian.PutUint16(u[8:], clockSeq&0x3fff)       // set clk_seq_hi_res (minus two variant bits)
-
-	u.SetVersion(V6)
-	u.SetVariant(VariantRFC4122)
-
-	return u, nil
-}
-
-// getClockSequence returns the epoch and clock sequence for V1,V6 and V7 UUIDs.
-//
-//	When useUnixTSMs is false, it uses the Coordinated Universal Time (UTC) as a count of 100-
-//
-// nanosecond intervals since 00:00:00.00, 15 October 1582 (the date of Gregorian reform to the Christian calendar).
-func (g *Gen) getClockSequence(useUnixTSMs bool) (uint64, uint16, error) {
-	var err error
-	g.clockSequenceOnce.Do(func() {
-		buf := make([]byte, 2)
-		if _, err = io.ReadFull(g.rand, buf); err != nil {
-			return
-		}
-		g.clockSequence = binary.BigEndian.Uint16(buf)
-	})
-	if err != nil {
-		return 0, 0, err
-	}
-
-	g.storageMutex.Lock()
-	defer g.storageMutex.Unlock()
-
-	var timeNow uint64
-	if useUnixTSMs {
-		timeNow = uint64(g.epochFunc().UnixMilli())
-	} else {
-		timeNow = g.getEpoch()
-	}
-	// Clock didn't change since last UUID generation.
-	// Should increase clock sequence.
-	if timeNow <= g.lastTime {
-		g.clockSequence++
-	}
-	g.lastTime = timeNow
-
-	return timeNow, g.clockSequence, nil
-}
-
-// NewV7 returns a k-sortable UUID based on the current millisecond precision
-// UNIX epoch and 74 bits of pseudorandom data.
-//
-// This is implemented based on revision 04 of the Peabody UUID draft, and may
-// be subject to change pending further revisions. Until the final specification
-// revision is finished, changes required to implement updates to the spec will
-// not be considered a breaking change. They will happen as a minor version
-// releases until the spec is final.
-func (g *Gen) NewV7() (UUID, error) {
-	var u UUID
-	/* https://www.ietf.org/archive/id/draft-peabody-dispatch-new-uuid-format-04.html#name-uuid-version-7
-		0                   1                   2                   3
-	    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
-	   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-	   |                           unix_ts_ms                          |
-	   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-	   |          unix_ts_ms           |  ver  |       rand_a          |
-	   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-	   |var|                        rand_b                             |
-	   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-	   |                            rand_b                             |
-	   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ */
-
-	ms, clockSeq, err := g.getClockSequence(true)
-	if err != nil {
-		return Nil, err
-	}
-	//UUIDv7 features a 48 bit timestamp. First 32bit (4bytes) represents seconds since 1970, followed by 2 bytes for the ms granularity.
-	u[0] = byte(ms >> 40) //1-6 bytes: big-endian unsigned number of Unix epoch timestamp
-	u[1] = byte(ms >> 32)
-	u[2] = byte(ms >> 24)
-	u[3] = byte(ms >> 16)
-	u[4] = byte(ms >> 8)
-	u[5] = byte(ms)
-
-	//support batching by using a monotonic pseudo-random sequence
-	//The 6th byte contains the version and partially rand_a data.
-	//We will lose the most significant bites from the clockSeq (with SetVersion), but it is ok, we need the least significant that contains the counter to ensure the monotonic property
-	binary.BigEndian.PutUint16(u[6:8], clockSeq) // set rand_a with clock seq which is random and monotonic
-
-	//override first 4bits of u[6].
-	u.SetVersion(V7)
-
-	//set rand_b 64bits of pseudo-random bits (first 2 will be overridden)
-	if _, err = io.ReadFull(g.rand, u[8:16]); err != nil {
-		return Nil, err
-	}
-	//override first 2 bits of byte[8] for the variant
-	u.SetVariant(VariantRFC4122)
-
-	return u, nil
-}
-
-// Returns the hardware address.
-func (g *Gen) getHardwareAddr() ([]byte, error) {
-	var err error
-	g.hardwareAddrOnce.Do(func() {
-		var hwAddr net.HardwareAddr
-		if hwAddr, err = g.hwAddrFunc(); err == nil {
-			copy(g.hardwareAddr[:], hwAddr)
-			return
-		}
-
-		// Initialize hardwareAddr randomly in case
-		// of real network interfaces absence.
-		if _, err = io.ReadFull(g.rand, g.hardwareAddr[:]); err != nil {
-			return
-		}
-		// Set multicast bit as recommended by RFC-4122
-		g.hardwareAddr[0] |= 0x01
-	})
-	if err != nil {
-		return []byte{}, err
-	}
-	return g.hardwareAddr[:], nil
-}
-
-// Returns the difference between UUID epoch (October 15, 1582)
-// and current time in 100-nanosecond intervals.
-func (g *Gen) getEpoch() uint64 {
-	return epochStart + uint64(g.epochFunc().UnixNano()/100)
-}
-
-// Returns the UUID based on the hashing of the namespace UUID and name.
-func newFromHash(h hash.Hash, ns UUID, name string) UUID {
-	u := UUID{}
-	h.Write(ns[:])
-	h.Write([]byte(name))
-	copy(u[:], h.Sum(nil))
-
-	return u
-}
-
-var netInterfaces = net.Interfaces
-
-// Returns the hardware address.
-func defaultHWAddrFunc() (net.HardwareAddr, error) {
-	ifaces, err := netInterfaces()
-	if err != nil {
-		return []byte{}, err
-	}
-	for _, iface := range ifaces {
-		if len(iface.HardwareAddr) >= 6 {
-			return iface.HardwareAddr, nil
-		}
-	}
-	return []byte{}, fmt.Errorf("uuid: no HW address found")
-}
diff --git a/vendor/github.com/gofrs/uuid/sql.go b/vendor/github.com/gofrs/uuid/sql.go
deleted file mode 100644
index 01d5d8849..000000000
--- a/vendor/github.com/gofrs/uuid/sql.go
+++ /dev/null
@@ -1,116 +0,0 @@
-// Copyright (C) 2013-2018 by Maxim Bublis <b@codemonkey.ru>
-//
-// Permission is hereby granted, free of charge, to any person obtaining
-// a copy of this software and associated documentation files (the
-// "Software"), to deal in the Software without restriction, including
-// without limitation the rights to use, copy, modify, merge, publish,
-// distribute, sublicense, and/or sell copies of the Software, and to
-// permit persons to whom the Software is furnished to do so, subject to
-// the following conditions:
-//
-// The above copyright notice and this permission notice shall be
-// included in all copies or substantial portions of the Software.
-//
-// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-
-package uuid
-
-import (
-	"database/sql"
-	"database/sql/driver"
-	"fmt"
-)
-
-var _ driver.Valuer = UUID{}
-var _ sql.Scanner = (*UUID)(nil)
-
-// Value implements the driver.Valuer interface.
-func (u UUID) Value() (driver.Value, error) {
-	return u.String(), nil
-}
-
-// Scan implements the sql.Scanner interface.
-// A 16-byte slice will be handled by UnmarshalBinary, while
-// a longer byte slice or a string will be handled by UnmarshalText.
-func (u *UUID) Scan(src interface{}) error {
-	switch src := src.(type) {
-	case UUID: // support gorm convert from UUID to NullUUID
-		*u = src
-		return nil
-
-	case []byte:
-		if len(src) == Size {
-			return u.UnmarshalBinary(src)
-		}
-		return u.UnmarshalText(src)
-
-	case string:
-		uu, err := FromString(src)
-		*u = uu
-		return err
-	}
-
-	return fmt.Errorf("uuid: cannot convert %T to UUID", src)
-}
-
-// NullUUID can be used with the standard sql package to represent a
-// UUID value that can be NULL in the database.
-type NullUUID struct {
-	UUID  UUID
-	Valid bool
-}
-
-// Value implements the driver.Valuer interface.
-func (u NullUUID) Value() (driver.Value, error) {
-	if !u.Valid {
-		return nil, nil
-	}
-	// Delegate to UUID Value function
-	return u.UUID.Value()
-}
-
-// Scan implements the sql.Scanner interface.
-func (u *NullUUID) Scan(src interface{}) error {
-	if src == nil {
-		u.UUID, u.Valid = Nil, false
-		return nil
-	}
-
-	// Delegate to UUID Scan function
-	u.Valid = true
-	return u.UUID.Scan(src)
-}
-
-var nullJSON = []byte("null")
-
-// MarshalJSON marshals the NullUUID as null or the nested UUID
-func (u NullUUID) MarshalJSON() ([]byte, error) {
-	if !u.Valid {
-		return nullJSON, nil
-	}
-	var buf [38]byte
-	buf[0] = '"'
-	encodeCanonical(buf[1:37], u.UUID)
-	buf[37] = '"'
-	return buf[:], nil
-}
-
-// UnmarshalJSON unmarshals a NullUUID
-func (u *NullUUID) UnmarshalJSON(b []byte) error {
-	if string(b) == "null" {
-		u.UUID, u.Valid = Nil, false
-		return nil
-	}
-	if n := len(b); n >= 2 && b[0] == '"' {
-		b = b[1 : n-1]
-	}
-	err := u.UUID.UnmarshalText(b)
-	u.Valid = (err == nil)
-	return err
-}
diff --git a/vendor/github.com/gofrs/uuid/uuid.go b/vendor/github.com/gofrs/uuid/uuid.go
deleted file mode 100644
index 5320fb538..000000000
--- a/vendor/github.com/gofrs/uuid/uuid.go
+++ /dev/null
@@ -1,285 +0,0 @@
-// Copyright (C) 2013-2018 by Maxim Bublis <b@codemonkey.ru>
-//
-// Permission is hereby granted, free of charge, to any person obtaining
-// a copy of this software and associated documentation files (the
-// "Software"), to deal in the Software without restriction, including
-// without limitation the rights to use, copy, modify, merge, publish,
-// distribute, sublicense, and/or sell copies of the Software, and to
-// permit persons to whom the Software is furnished to do so, subject to
-// the following conditions:
-//
-// The above copyright notice and this permission notice shall be
-// included in all copies or substantial portions of the Software.
-//
-// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-
-// Package uuid provides implementations of the Universally Unique Identifier
-// (UUID), as specified in RFC-4122 and the Peabody RFC Draft (revision 03).
-//
-// RFC-4122[1] provides the specification for versions 1, 3, 4, and 5. The
-// Peabody UUID RFC Draft[2] provides the specification for the new k-sortable
-// UUIDs, versions 6 and 7.
-//
-// DCE 1.1[3] provides the specification for version 2, but version 2 support
-// was removed from this package in v4 due to some concerns with the
-// specification itself. Reading the spec, it seems that it would result in
-// generating UUIDs that aren't very unique. In having read the spec it seemed
-// that our implementation did not meet the spec. It also seems to be at-odds
-// with RFC 4122, meaning we would need quite a bit of special code to support
-// it. Lastly, there were no Version 2 implementations that we could find to
-// ensure we were understanding the specification correctly.
-//
-// [1] https://tools.ietf.org/html/rfc4122
-// [2] https://datatracker.ietf.org/doc/html/draft-peabody-dispatch-new-uuid-format-03
-// [3] http://pubs.opengroup.org/onlinepubs/9696989899/chap5.htm#tagcjh_08_02_01_01
-package uuid
-
-import (
-	"encoding/binary"
-	"encoding/hex"
-	"fmt"
-	"time"
-)
-
-// Size of a UUID in bytes.
-const Size = 16
-
-// UUID is an array type to represent the value of a UUID, as defined in RFC-4122.
-type UUID [Size]byte
-
-// UUID versions.
-const (
-	_  byte = iota
-	V1      // Version 1 (date-time and MAC address)
-	_       // Version 2 (date-time and MAC address, DCE security version) [removed]
-	V3      // Version 3 (namespace name-based)
-	V4      // Version 4 (random)
-	V5      // Version 5 (namespace name-based)
-	V6      // Version 6 (k-sortable timestamp and random data, field-compatible with v1) [peabody draft]
-	V7      // Version 7 (k-sortable timestamp and random data) [peabody draft]
-	_       // Version 8 (k-sortable timestamp, meant for custom implementations) [peabody draft] [not implemented]
-)
-
-// UUID layout variants.
-const (
-	VariantNCS byte = iota
-	VariantRFC4122
-	VariantMicrosoft
-	VariantFuture
-)
-
-// UUID DCE domains.
-const (
-	DomainPerson = iota
-	DomainGroup
-	DomainOrg
-)
-
-// Timestamp is the count of 100-nanosecond intervals since 00:00:00.00,
-// 15 October 1582 within a V1 UUID. This type has no meaning for other
-// UUID versions since they don't have an embedded timestamp.
-type Timestamp uint64
-
-const _100nsPerSecond = 10000000
-
-// Time returns the UTC time.Time representation of a Timestamp
-func (t Timestamp) Time() (time.Time, error) {
-	secs := uint64(t) / _100nsPerSecond
-	nsecs := 100 * (uint64(t) % _100nsPerSecond)
-
-	return time.Unix(int64(secs)-(epochStart/_100nsPerSecond), int64(nsecs)), nil
-}
-
-// TimestampFromV1 returns the Timestamp embedded within a V1 UUID.
-// Returns an error if the UUID is any version other than 1.
-func TimestampFromV1(u UUID) (Timestamp, error) {
-	if u.Version() != 1 {
-		err := fmt.Errorf("uuid: %s is version %d, not version 1", u, u.Version())
-		return 0, err
-	}
-
-	low := binary.BigEndian.Uint32(u[0:4])
-	mid := binary.BigEndian.Uint16(u[4:6])
-	hi := binary.BigEndian.Uint16(u[6:8]) & 0xfff
-
-	return Timestamp(uint64(low) + (uint64(mid) << 32) + (uint64(hi) << 48)), nil
-}
-
-// TimestampFromV6 returns the Timestamp embedded within a V6 UUID. This
-// function returns an error if the UUID is any version other than 6.
-//
-// This is implemented based on revision 03 of the Peabody UUID draft, and may
-// be subject to change pending further revisions. Until the final specification
-// revision is finished, changes required to implement updates to the spec will
-// not be considered a breaking change. They will happen as a minor version
-// releases until the spec is final.
-func TimestampFromV6(u UUID) (Timestamp, error) {
-	if u.Version() != 6 {
-		return 0, fmt.Errorf("uuid: %s is version %d, not version 6", u, u.Version())
-	}
-
-	hi := binary.BigEndian.Uint32(u[0:4])
-	mid := binary.BigEndian.Uint16(u[4:6])
-	low := binary.BigEndian.Uint16(u[6:8]) & 0xfff
-
-	return Timestamp(uint64(low) + (uint64(mid) << 12) + (uint64(hi) << 28)), nil
-}
-
-// Nil is the nil UUID, as specified in RFC-4122, that has all 128 bits set to
-// zero.
-var Nil = UUID{}
-
-// Predefined namespace UUIDs.
-var (
-	NamespaceDNS  = Must(FromString("6ba7b810-9dad-11d1-80b4-00c04fd430c8"))
-	NamespaceURL  = Must(FromString("6ba7b811-9dad-11d1-80b4-00c04fd430c8"))
-	NamespaceOID  = Must(FromString("6ba7b812-9dad-11d1-80b4-00c04fd430c8"))
-	NamespaceX500 = Must(FromString("6ba7b814-9dad-11d1-80b4-00c04fd430c8"))
-)
-
-// IsNil returns if the UUID is equal to the nil UUID
-func (u UUID) IsNil() bool {
-	return u == Nil
-}
-
-// Version returns the algorithm version used to generate the UUID.
-func (u UUID) Version() byte {
-	return u[6] >> 4
-}
-
-// Variant returns the UUID layout variant.
-func (u UUID) Variant() byte {
-	switch {
-	case (u[8] >> 7) == 0x00:
-		return VariantNCS
-	case (u[8] >> 6) == 0x02:
-		return VariantRFC4122
-	case (u[8] >> 5) == 0x06:
-		return VariantMicrosoft
-	case (u[8] >> 5) == 0x07:
-		fallthrough
-	default:
-		return VariantFuture
-	}
-}
-
-// Bytes returns a byte slice representation of the UUID.
-func (u UUID) Bytes() []byte {
-	return u[:]
-}
-
-// encodeCanonical encodes the canonical RFC-4122 form of UUID u into the
-// first 36 bytes dst.
-func encodeCanonical(dst []byte, u UUID) {
-	const hextable = "0123456789abcdef"
-	dst[8] = '-'
-	dst[13] = '-'
-	dst[18] = '-'
-	dst[23] = '-'
-	for i, x := range [16]byte{
-		0, 2, 4, 6,
-		9, 11,
-		14, 16,
-		19, 21,
-		24, 26, 28, 30, 32, 34,
-	} {
-		c := u[i]
-		dst[x] = hextable[c>>4]
-		dst[x+1] = hextable[c&0x0f]
-	}
-}
-
-// String returns a canonical RFC-4122 string representation of the UUID:
-// xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx.
-func (u UUID) String() string {
-	var buf [36]byte
-	encodeCanonical(buf[:], u)
-	return string(buf[:])
-}
-
-// Format implements fmt.Formatter for UUID values.
-//
-// The behavior is as follows:
-// The 'x' and 'X' verbs output only the hex digits of the UUID, using a-f for 'x' and A-F for 'X'.
-// The 'v', '+v', 's' and 'q' verbs return the canonical RFC-4122 string representation.
-// The 'S' verb returns the RFC-4122 format, but with capital hex digits.
-// The '#v' verb returns the "Go syntax" representation, which is a 16 byte array initializer.
-// All other verbs not handled directly by the fmt package (like '%p') are unsupported and will return
-// "%!verb(uuid.UUID=value)" as recommended by the fmt package.
-func (u UUID) Format(f fmt.State, c rune) {
-	if c == 'v' && f.Flag('#') {
-		fmt.Fprintf(f, "%#v", [Size]byte(u))
-		return
-	}
-	switch c {
-	case 'x', 'X':
-		b := make([]byte, 32)
-		hex.Encode(b, u[:])
-		if c == 'X' {
-			toUpperHex(b)
-		}
-		_, _ = f.Write(b)
-	case 'v', 's', 'S':
-		b, _ := u.MarshalText()
-		if c == 'S' {
-			toUpperHex(b)
-		}
-		_, _ = f.Write(b)
-	case 'q':
-		b := make([]byte, 38)
-		b[0] = '"'
-		encodeCanonical(b[1:], u)
-		b[37] = '"'
-		_, _ = f.Write(b)
-	default:
-		// invalid/unsupported format verb
-		fmt.Fprintf(f, "%%!%c(uuid.UUID=%s)", c, u.String())
-	}
-}
-
-func toUpperHex(b []byte) {
-	for i, c := range b {
-		if 'a' <= c && c <= 'f' {
-			b[i] = c - ('a' - 'A')
-		}
-	}
-}
-
-// SetVersion sets the version bits.
-func (u *UUID) SetVersion(v byte) {
-	u[6] = (u[6] & 0x0f) | (v << 4)
-}
-
-// SetVariant sets the variant bits.
-func (u *UUID) SetVariant(v byte) {
-	switch v {
-	case VariantNCS:
-		u[8] = (u[8]&(0xff>>1) | (0x00 << 7))
-	case VariantRFC4122:
-		u[8] = (u[8]&(0xff>>2) | (0x02 << 6))
-	case VariantMicrosoft:
-		u[8] = (u[8]&(0xff>>3) | (0x06 << 5))
-	case VariantFuture:
-		fallthrough
-	default:
-		u[8] = (u[8]&(0xff>>3) | (0x07 << 5))
-	}
-}
-
-// Must is a helper that wraps a call to a function returning (UUID, error)
-// and panics if the error is non-nil. It is intended for use in variable
-// initializations such as
-//
-//	var packageUUID = uuid.Must(uuid.FromString("123e4567-e89b-12d3-a456-426655440000"))
-func Must(u UUID, err error) UUID {
-	if err != nil {
-		panic(err)
-	}
-	return u
-}
diff --git a/vendor/github.com/googleapis/gax-go/v2/.release-please-manifest.json b/vendor/github.com/googleapis/gax-go/v2/.release-please-manifest.json
deleted file mode 100644
index 91d60a809..000000000
--- a/vendor/github.com/googleapis/gax-go/v2/.release-please-manifest.json
+++ /dev/null
@@ -1,3 +0,0 @@
-{
-    "v2": "2.11.0"
-}
diff --git a/vendor/github.com/googleapis/gax-go/v2/CHANGES.md b/vendor/github.com/googleapis/gax-go/v2/CHANGES.md
deleted file mode 100644
index e17b196f6..000000000
--- a/vendor/github.com/googleapis/gax-go/v2/CHANGES.md
+++ /dev/null
@@ -1,99 +0,0 @@
-# Changelog
-
-## [2.11.0](https://github.com/googleapis/gax-go/compare/v2.10.0...v2.11.0) (2023-06-13)
-
-
-### Features
-
-* **v2:** add GoVersion package variable ([#283](https://github.com/googleapis/gax-go/issues/283)) ([26553cc](https://github.com/googleapis/gax-go/commit/26553ccadb4016b189881f52e6c253b68bb3e3d5))
-
-
-### Bug Fixes
-
-* **v2:** handle space in non-devel go version ([#288](https://github.com/googleapis/gax-go/issues/288)) ([fd7bca0](https://github.com/googleapis/gax-go/commit/fd7bca029a1c5e63def8f0a5fd1ec3f725d92f75))
-
-## [2.10.0](https://github.com/googleapis/gax-go/compare/v2.9.1...v2.10.0) (2023-05-30)
-
-
-### Features
-
-* update dependencies ([#280](https://github.com/googleapis/gax-go/issues/280)) ([4514281](https://github.com/googleapis/gax-go/commit/4514281058590f3637c36bfd49baa65c4d3cfb21))
-
-## [2.9.1](https://github.com/googleapis/gax-go/compare/v2.9.0...v2.9.1) (2023-05-23)
-
-
-### Bug Fixes
-
-* **v2:** drop cloud lro test dep ([#276](https://github.com/googleapis/gax-go/issues/276)) ([c67eeba](https://github.com/googleapis/gax-go/commit/c67eeba0f10a3294b1d93c1b8fbe40211a55ae5f)), refs [#270](https://github.com/googleapis/gax-go/issues/270)
-
-## [2.9.0](https://github.com/googleapis/gax-go/compare/v2.8.0...v2.9.0) (2023-05-22)
-
-
-### Features
-
-* **apierror:** add method to return HTTP status code conditionally ([#274](https://github.com/googleapis/gax-go/issues/274)) ([5874431](https://github.com/googleapis/gax-go/commit/587443169acd10f7f86d1989dc8aaf189e645e98)), refs [#229](https://github.com/googleapis/gax-go/issues/229)
-
-
-### Documentation
-
-* add ref to usage with clients ([#272](https://github.com/googleapis/gax-go/issues/272)) ([ea4d72d](https://github.com/googleapis/gax-go/commit/ea4d72d514beba4de450868b5fb028601a29164e)), refs [#228](https://github.com/googleapis/gax-go/issues/228)
-
-## [2.8.0](https://github.com/googleapis/gax-go/compare/v2.7.1...v2.8.0) (2023-03-15)
-
-
-### Features
-
-* **v2:** add WithTimeout option ([#259](https://github.com/googleapis/gax-go/issues/259)) ([9a8da43](https://github.com/googleapis/gax-go/commit/9a8da43693002448b1e8758023699387481866d1))
-
-## [2.7.1](https://github.com/googleapis/gax-go/compare/v2.7.0...v2.7.1) (2023-03-06)
-
-
-### Bug Fixes
-
-* **v2/apierror:** return Unknown GRPCStatus when err source is HTTP ([#260](https://github.com/googleapis/gax-go/issues/260)) ([043b734](https://github.com/googleapis/gax-go/commit/043b73437a240a91229207fb3ee52a9935a36f23)), refs [#254](https://github.com/googleapis/gax-go/issues/254)
-
-## [2.7.0](https://github.com/googleapis/gax-go/compare/v2.6.0...v2.7.0) (2022-11-02)
-
-
-### Features
-
-* update google.golang.org/api to latest ([#240](https://github.com/googleapis/gax-go/issues/240)) ([f690a02](https://github.com/googleapis/gax-go/commit/f690a02c806a2903bdee943ede3a58e3a331ebd6))
-* **v2/apierror:** add apierror.FromWrappingError ([#238](https://github.com/googleapis/gax-go/issues/238)) ([9dbd96d](https://github.com/googleapis/gax-go/commit/9dbd96d59b9d54ceb7c025513aa8c1a9d727382f))
-
-## [2.6.0](https://github.com/googleapis/gax-go/compare/v2.5.1...v2.6.0) (2022-10-13)
-
-
-### Features
-
-* **v2:** copy DetermineContentType functionality ([#230](https://github.com/googleapis/gax-go/issues/230)) ([2c52a70](https://github.com/googleapis/gax-go/commit/2c52a70bae965397f740ed27d46aabe89ff249b3))
-
-## [2.5.1](https://github.com/googleapis/gax-go/compare/v2.5.0...v2.5.1) (2022-08-04)
-
-
-### Bug Fixes
-
-* **v2:** resolve bad genproto pseudoversion in go.mod ([#218](https://github.com/googleapis/gax-go/issues/218)) ([1379b27](https://github.com/googleapis/gax-go/commit/1379b27e9846d959f7e1163b9ef298b3c92c8d23))
-
-## [2.5.0](https://github.com/googleapis/gax-go/compare/v2.4.0...v2.5.0) (2022-08-04)
-
-
-### Features
-
-* add ExtractProtoMessage to apierror ([#213](https://github.com/googleapis/gax-go/issues/213)) ([a6ce70c](https://github.com/googleapis/gax-go/commit/a6ce70c725c890533a9de6272d3b5ba2e336d6bb))
-
-## [2.4.0](https://github.com/googleapis/gax-go/compare/v2.3.0...v2.4.0) (2022-05-09)
-
-
-### Features
-
-* **v2:** add OnHTTPCodes CallOption ([#188](https://github.com/googleapis/gax-go/issues/188)) ([ba7c534](https://github.com/googleapis/gax-go/commit/ba7c5348363ab6c33e1cee3c03c0be68a46ca07c))
-
-
-### Bug Fixes
-
-* **v2/apierror:** use errors.As in FromError ([#189](https://github.com/googleapis/gax-go/issues/189)) ([f30f05b](https://github.com/googleapis/gax-go/commit/f30f05be583828f4c09cca4091333ea88ff8d79e))
-
-
-### Miscellaneous Chores
-
-* **v2:** bump release-please processing ([#192](https://github.com/googleapis/gax-go/issues/192)) ([56172f9](https://github.com/googleapis/gax-go/commit/56172f971d1141d7687edaac053ad3470af76719))
diff --git a/vendor/github.com/googleapis/gax-go/v2/LICENSE b/vendor/github.com/googleapis/gax-go/v2/LICENSE
deleted file mode 100644
index 6d16b6578..000000000
--- a/vendor/github.com/googleapis/gax-go/v2/LICENSE
+++ /dev/null
@@ -1,27 +0,0 @@
-Copyright 2016, Google Inc.
-All rights reserved.
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions are
-met:
-
-   * Redistributions of source code must retain the above copyright
-notice, this list of conditions and the following disclaimer.
-   * Redistributions in binary form must reproduce the above
-copyright notice, this list of conditions and the following disclaimer
-in the documentation and/or other materials provided with the
-distribution.
-   * Neither the name of Google Inc. nor the names of its
-contributors may be used to endorse or promote products derived from
-this software without specific prior written permission.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/vendor/github.com/googleapis/gax-go/v2/apierror/apierror.go b/vendor/github.com/googleapis/gax-go/v2/apierror/apierror.go
deleted file mode 100644
index d785a065c..000000000
--- a/vendor/github.com/googleapis/gax-go/v2/apierror/apierror.go
+++ /dev/null
@@ -1,361 +0,0 @@
-// Copyright 2021, Google Inc.
-// All rights reserved.
-//
-// Redistribution and use in source and binary forms, with or without
-// modification, are permitted provided that the following conditions are
-// met:
-//
-//     * Redistributions of source code must retain the above copyright
-// notice, this list of conditions and the following disclaimer.
-//     * Redistributions in binary form must reproduce the above
-// copyright notice, this list of conditions and the following disclaimer
-// in the documentation and/or other materials provided with the
-// distribution.
-//     * Neither the name of Google Inc. nor the names of its
-// contributors may be used to endorse or promote products derived from
-// this software without specific prior written permission.
-//
-// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-// Package apierror implements a wrapper error for parsing error details from
-// API calls. Both HTTP & gRPC status errors are supported.
-//
-// For examples of how to use [APIError] with client libraries please reference
-// [Inspecting errors](https://pkg.go.dev/cloud.google.com/go#hdr-Inspecting_errors)
-// in the client library documentation.
-package apierror
-
-import (
-	"errors"
-	"fmt"
-	"strings"
-
-	jsonerror "github.com/googleapis/gax-go/v2/apierror/internal/proto"
-	"google.golang.org/api/googleapi"
-	"google.golang.org/genproto/googleapis/rpc/errdetails"
-	"google.golang.org/grpc/codes"
-	"google.golang.org/grpc/status"
-	"google.golang.org/protobuf/encoding/protojson"
-	"google.golang.org/protobuf/proto"
-)
-
-// ErrDetails holds the google/rpc/error_details.proto messages.
-type ErrDetails struct {
-	ErrorInfo           *errdetails.ErrorInfo
-	BadRequest          *errdetails.BadRequest
-	PreconditionFailure *errdetails.PreconditionFailure
-	QuotaFailure        *errdetails.QuotaFailure
-	RetryInfo           *errdetails.RetryInfo
-	ResourceInfo        *errdetails.ResourceInfo
-	RequestInfo         *errdetails.RequestInfo
-	DebugInfo           *errdetails.DebugInfo
-	Help                *errdetails.Help
-	LocalizedMessage    *errdetails.LocalizedMessage
-
-	// Unknown stores unidentifiable error details.
-	Unknown []interface{}
-}
-
-// ErrMessageNotFound is used to signal ExtractProtoMessage found no matching messages.
-var ErrMessageNotFound = errors.New("message not found")
-
-// ExtractProtoMessage provides a mechanism for extracting protobuf messages from the
-// Unknown error details. If ExtractProtoMessage finds an unknown message of the same type,
-// the content of the message is copied to the provided message.
-//
-// ExtractProtoMessage will return ErrMessageNotFound if there are no message matching the
-// protocol buffer type of the provided message.
-func (e ErrDetails) ExtractProtoMessage(v proto.Message) error {
-	if v == nil {
-		return ErrMessageNotFound
-	}
-	for _, elem := range e.Unknown {
-		if elemProto, ok := elem.(proto.Message); ok {
-			if v.ProtoReflect().Type() == elemProto.ProtoReflect().Type() {
-				proto.Merge(v, elemProto)
-				return nil
-			}
-		}
-	}
-	return ErrMessageNotFound
-}
-
-func (e ErrDetails) String() string {
-	var d strings.Builder
-	if e.ErrorInfo != nil {
-		d.WriteString(fmt.Sprintf("error details: name = ErrorInfo reason = %s domain = %s metadata = %s\n",
-			e.ErrorInfo.GetReason(), e.ErrorInfo.GetDomain(), e.ErrorInfo.GetMetadata()))
-	}
-
-	if e.BadRequest != nil {
-		v := e.BadRequest.GetFieldViolations()
-		var f []string
-		var desc []string
-		for _, x := range v {
-			f = append(f, x.GetField())
-			desc = append(desc, x.GetDescription())
-		}
-		d.WriteString(fmt.Sprintf("error details: name = BadRequest field = %s desc = %s\n",
-			strings.Join(f, " "), strings.Join(desc, " ")))
-	}
-
-	if e.PreconditionFailure != nil {
-		v := e.PreconditionFailure.GetViolations()
-		var t []string
-		var s []string
-		var desc []string
-		for _, x := range v {
-			t = append(t, x.GetType())
-			s = append(s, x.GetSubject())
-			desc = append(desc, x.GetDescription())
-		}
-		d.WriteString(fmt.Sprintf("error details: name = PreconditionFailure type = %s subj = %s desc = %s\n", strings.Join(t, " "),
-			strings.Join(s, " "), strings.Join(desc, " ")))
-	}
-
-	if e.QuotaFailure != nil {
-		v := e.QuotaFailure.GetViolations()
-		var s []string
-		var desc []string
-		for _, x := range v {
-			s = append(s, x.GetSubject())
-			desc = append(desc, x.GetDescription())
-		}
-		d.WriteString(fmt.Sprintf("error details: name = QuotaFailure subj = %s desc = %s\n",
-			strings.Join(s, " "), strings.Join(desc, " ")))
-	}
-
-	if e.RequestInfo != nil {
-		d.WriteString(fmt.Sprintf("error details: name = RequestInfo id = %s data = %s\n",
-			e.RequestInfo.GetRequestId(), e.RequestInfo.GetServingData()))
-	}
-
-	if e.ResourceInfo != nil {
-		d.WriteString(fmt.Sprintf("error details: name = ResourceInfo type = %s resourcename = %s owner = %s desc = %s\n",
-			e.ResourceInfo.GetResourceType(), e.ResourceInfo.GetResourceName(),
-			e.ResourceInfo.GetOwner(), e.ResourceInfo.GetDescription()))
-
-	}
-	if e.RetryInfo != nil {
-		d.WriteString(fmt.Sprintf("error details: retry in %s\n", e.RetryInfo.GetRetryDelay().AsDuration()))
-
-	}
-	if e.Unknown != nil {
-		var s []string
-		for _, x := range e.Unknown {
-			s = append(s, fmt.Sprintf("%v", x))
-		}
-		d.WriteString(fmt.Sprintf("error details: name = Unknown  desc = %s\n", strings.Join(s, " ")))
-	}
-
-	if e.DebugInfo != nil {
-		d.WriteString(fmt.Sprintf("error details: name = DebugInfo detail = %s stack = %s\n", e.DebugInfo.GetDetail(),
-			strings.Join(e.DebugInfo.GetStackEntries(), " ")))
-	}
-	if e.Help != nil {
-		var desc []string
-		var url []string
-		for _, x := range e.Help.Links {
-			desc = append(desc, x.GetDescription())
-			url = append(url, x.GetUrl())
-		}
-		d.WriteString(fmt.Sprintf("error details: name = Help desc = %s url = %s\n",
-			strings.Join(desc, " "), strings.Join(url, " ")))
-	}
-	if e.LocalizedMessage != nil {
-		d.WriteString(fmt.Sprintf("error details: name = LocalizedMessage locale = %s msg = %s\n",
-			e.LocalizedMessage.GetLocale(), e.LocalizedMessage.GetMessage()))
-	}
-
-	return d.String()
-}
-
-// APIError wraps either a gRPC Status error or a HTTP googleapi.Error. It
-// implements error and Status interfaces.
-type APIError struct {
-	err     error
-	status  *status.Status
-	httpErr *googleapi.Error
-	details ErrDetails
-}
-
-// Details presents the error details of the APIError.
-func (a *APIError) Details() ErrDetails {
-	return a.details
-}
-
-// Unwrap extracts the original error.
-func (a *APIError) Unwrap() error {
-	return a.err
-}
-
-// Error returns a readable representation of the APIError.
-func (a *APIError) Error() string {
-	var msg string
-	if a.httpErr != nil {
-		// Truncate the googleapi.Error message because it dumps the Details in
-		// an ugly way.
-		msg = fmt.Sprintf("googleapi: Error %d: %s", a.httpErr.Code, a.httpErr.Message)
-	} else if a.status != nil {
-		msg = a.err.Error()
-	}
-	return strings.TrimSpace(fmt.Sprintf("%s\n%s", msg, a.details))
-}
-
-// GRPCStatus extracts the underlying gRPC Status error.
-// This method is necessary to fulfill the interface
-// described in https://pkg.go.dev/google.golang.org/grpc/status#FromError.
-func (a *APIError) GRPCStatus() *status.Status {
-	return a.status
-}
-
-// Reason returns the reason in an ErrorInfo.
-// If ErrorInfo is nil, it returns an empty string.
-func (a *APIError) Reason() string {
-	return a.details.ErrorInfo.GetReason()
-}
-
-// Domain returns the domain in an ErrorInfo.
-// If ErrorInfo is nil, it returns an empty string.
-func (a *APIError) Domain() string {
-	return a.details.ErrorInfo.GetDomain()
-}
-
-// Metadata returns the metadata in an ErrorInfo.
-// If ErrorInfo is nil, it returns nil.
-func (a *APIError) Metadata() map[string]string {
-	return a.details.ErrorInfo.GetMetadata()
-
-}
-
-// setDetailsFromError parses a Status error or a googleapi.Error
-// and sets status and details or httpErr and details, respectively.
-// It returns false if neither Status nor googleapi.Error can be parsed.
-// When err is a googleapi.Error, the status of the returned error will
-// be set to an Unknown error, rather than nil, since a nil code is
-// interpreted as OK in the gRPC status package.
-func (a *APIError) setDetailsFromError(err error) bool {
-	st, isStatus := status.FromError(err)
-	var herr *googleapi.Error
-	isHTTPErr := errors.As(err, &herr)
-
-	switch {
-	case isStatus:
-		a.status = st
-		a.details = parseDetails(st.Details())
-	case isHTTPErr:
-		a.httpErr = herr
-		a.details = parseHTTPDetails(herr)
-		a.status = status.New(codes.Unknown, herr.Message)
-	default:
-		return false
-	}
-	return true
-}
-
-// FromError parses a Status error or a googleapi.Error and builds an
-// APIError, wrapping the provided error in the new APIError. It
-// returns false if neither Status nor googleapi.Error can be parsed.
-func FromError(err error) (*APIError, bool) {
-	return ParseError(err, true)
-}
-
-// ParseError parses a Status error or a googleapi.Error and builds an
-// APIError. If wrap is true, it wraps the error in the new APIError.
-// It returns false if neither Status nor googleapi.Error can be parsed.
-func ParseError(err error, wrap bool) (*APIError, bool) {
-	if err == nil {
-		return nil, false
-	}
-	ae := APIError{}
-	if wrap {
-		ae = APIError{err: err}
-	}
-	if !ae.setDetailsFromError(err) {
-		return nil, false
-	}
-	return &ae, true
-}
-
-// parseDetails accepts a slice of interface{} that should be backed by some
-// sort of proto.Message that can be cast to the google/rpc/error_details.proto
-// types.
-//
-// This is for internal use only.
-func parseDetails(details []interface{}) ErrDetails {
-	var ed ErrDetails
-	for _, d := range details {
-		switch d := d.(type) {
-		case *errdetails.ErrorInfo:
-			ed.ErrorInfo = d
-		case *errdetails.BadRequest:
-			ed.BadRequest = d
-		case *errdetails.PreconditionFailure:
-			ed.PreconditionFailure = d
-		case *errdetails.QuotaFailure:
-			ed.QuotaFailure = d
-		case *errdetails.RetryInfo:
-			ed.RetryInfo = d
-		case *errdetails.ResourceInfo:
-			ed.ResourceInfo = d
-		case *errdetails.RequestInfo:
-			ed.RequestInfo = d
-		case *errdetails.DebugInfo:
-			ed.DebugInfo = d
-		case *errdetails.Help:
-			ed.Help = d
-		case *errdetails.LocalizedMessage:
-			ed.LocalizedMessage = d
-		default:
-			ed.Unknown = append(ed.Unknown, d)
-		}
-	}
-
-	return ed
-}
-
-// parseHTTPDetails will convert the given googleapi.Error into the protobuf
-// representation then parse the Any values that contain the error details.
-//
-// This is for internal use only.
-func parseHTTPDetails(gae *googleapi.Error) ErrDetails {
-	e := &jsonerror.Error{}
-	if err := protojson.Unmarshal([]byte(gae.Body), e); err != nil {
-		// If the error body does not conform to the error schema, ignore it
-		// altogther. See https://cloud.google.com/apis/design/errors#http_mapping.
-		return ErrDetails{}
-	}
-
-	// Coerce the Any messages into proto.Message then parse the details.
-	details := []interface{}{}
-	for _, any := range e.GetError().GetDetails() {
-		m, err := any.UnmarshalNew()
-		if err != nil {
-			// Ignore malformed Any values.
-			continue
-		}
-		details = append(details, m)
-	}
-
-	return parseDetails(details)
-}
-
-// HTTPCode returns the underlying HTTP response status code. This method returns
-// `-1` if the underlying error is a [google.golang.org/grpc/status.Status]. To
-// check gRPC error codes use [google.golang.org/grpc/status.Code].
-func (a *APIError) HTTPCode() int {
-	if a.httpErr == nil {
-		return -1
-	}
-	return a.httpErr.Code
-}
diff --git a/vendor/github.com/googleapis/gax-go/v2/apierror/internal/proto/README.md b/vendor/github.com/googleapis/gax-go/v2/apierror/internal/proto/README.md
deleted file mode 100644
index 9ff0caea9..000000000
--- a/vendor/github.com/googleapis/gax-go/v2/apierror/internal/proto/README.md
+++ /dev/null
@@ -1,30 +0,0 @@
-# HTTP JSON Error Schema
-
-The `error.proto` represents the HTTP-JSON schema used by Google APIs to convey
-error payloads as described by https://cloud.google.com/apis/design/errors#http_mapping.
-This package is for internal parsing logic only and should not be used in any
-other context.
-
-## Regeneration
-
-To regenerate the protobuf Go code you will need the following:
-
-* A local copy of [googleapis], the absolute path to which should be exported to
-the environment variable `GOOGLEAPIS`
-* The protobuf compiler [protoc]
-* The Go [protobuf plugin]
-* The [goimports] tool
-
-From this directory run the following command:
-```sh
-protoc -I $GOOGLEAPIS -I. --go_out=. --go_opt=module=github.com/googleapis/gax-go/v2/apierror/internal/proto error.proto
-goimports -w .
-```
-
-Note: the `module` plugin option ensures the generated code is placed in this
-directory, and not in several nested directories defined by `go_package` option.
-
-[googleapis]: https://github.com/googleapis/googleapis
-[protoc]: https://github.com/protocolbuffers/protobuf#protocol-compiler-installation
-[protobuf plugin]: https://developers.google.com/protocol-buffers/docs/reference/go-generated
-[goimports]: https://pkg.go.dev/golang.org/x/tools/cmd/goimports
\ No newline at end of file
diff --git a/vendor/github.com/googleapis/gax-go/v2/apierror/internal/proto/custom_error.pb.go b/vendor/github.com/googleapis/gax-go/v2/apierror/internal/proto/custom_error.pb.go
deleted file mode 100644
index e4b03f161..000000000
--- a/vendor/github.com/googleapis/gax-go/v2/apierror/internal/proto/custom_error.pb.go
+++ /dev/null
@@ -1,256 +0,0 @@
-// Copyright 2022 Google LLC
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-// Code generated by protoc-gen-go. DO NOT EDIT.
-// versions:
-// 	protoc-gen-go v1.28.0
-// 	protoc        v3.17.3
-// source: custom_error.proto
-
-package jsonerror
-
-import (
-	reflect "reflect"
-	sync "sync"
-
-	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
-	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
-)
-
-const (
-	// Verify that this generated code is sufficiently up-to-date.
-	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
-	// Verify that runtime/protoimpl is sufficiently up-to-date.
-	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
-)
-
-// Error code for `CustomError`.
-type CustomError_CustomErrorCode int32
-
-const (
-	// Default error.
-	CustomError_CUSTOM_ERROR_CODE_UNSPECIFIED CustomError_CustomErrorCode = 0
-	// Too many foo.
-	CustomError_TOO_MANY_FOO CustomError_CustomErrorCode = 1
-	// Not enough foo.
-	CustomError_NOT_ENOUGH_FOO CustomError_CustomErrorCode = 2
-	// Catastrophic error.
-	CustomError_UNIVERSE_WAS_DESTROYED CustomError_CustomErrorCode = 3
-)
-
-// Enum value maps for CustomError_CustomErrorCode.
-var (
-	CustomError_CustomErrorCode_name = map[int32]string{
-		0: "CUSTOM_ERROR_CODE_UNSPECIFIED",
-		1: "TOO_MANY_FOO",
-		2: "NOT_ENOUGH_FOO",
-		3: "UNIVERSE_WAS_DESTROYED",
-	}
-	CustomError_CustomErrorCode_value = map[string]int32{
-		"CUSTOM_ERROR_CODE_UNSPECIFIED": 0,
-		"TOO_MANY_FOO":                  1,
-		"NOT_ENOUGH_FOO":                2,
-		"UNIVERSE_WAS_DESTROYED":        3,
-	}
-)
-
-func (x CustomError_CustomErrorCode) Enum() *CustomError_CustomErrorCode {
-	p := new(CustomError_CustomErrorCode)
-	*p = x
-	return p
-}
-
-func (x CustomError_CustomErrorCode) String() string {
-	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
-}
-
-func (CustomError_CustomErrorCode) Descriptor() protoreflect.EnumDescriptor {
-	return file_custom_error_proto_enumTypes[0].Descriptor()
-}
-
-func (CustomError_CustomErrorCode) Type() protoreflect.EnumType {
-	return &file_custom_error_proto_enumTypes[0]
-}
-
-func (x CustomError_CustomErrorCode) Number() protoreflect.EnumNumber {
-	return protoreflect.EnumNumber(x)
-}
-
-// Deprecated: Use CustomError_CustomErrorCode.Descriptor instead.
-func (CustomError_CustomErrorCode) EnumDescriptor() ([]byte, []int) {
-	return file_custom_error_proto_rawDescGZIP(), []int{0, 0}
-}
-
-// CustomError is an example of a custom error message  which may be included
-// in an rpc status. It is not meant to reflect a standard error.
-type CustomError struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// Error code specific to the custom API being invoked.
-	Code CustomError_CustomErrorCode `protobuf:"varint,1,opt,name=code,proto3,enum=error.CustomError_CustomErrorCode" json:"code,omitempty"`
-	// Name of the failed entity.
-	Entity string `protobuf:"bytes,2,opt,name=entity,proto3" json:"entity,omitempty"`
-	// Message that describes the error.
-	ErrorMessage string `protobuf:"bytes,3,opt,name=error_message,json=errorMessage,proto3" json:"error_message,omitempty"`
-}
-
-func (x *CustomError) Reset() {
-	*x = CustomError{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_custom_error_proto_msgTypes[0]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *CustomError) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*CustomError) ProtoMessage() {}
-
-func (x *CustomError) ProtoReflect() protoreflect.Message {
-	mi := &file_custom_error_proto_msgTypes[0]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use CustomError.ProtoReflect.Descriptor instead.
-func (*CustomError) Descriptor() ([]byte, []int) {
-	return file_custom_error_proto_rawDescGZIP(), []int{0}
-}
-
-func (x *CustomError) GetCode() CustomError_CustomErrorCode {
-	if x != nil {
-		return x.Code
-	}
-	return CustomError_CUSTOM_ERROR_CODE_UNSPECIFIED
-}
-
-func (x *CustomError) GetEntity() string {
-	if x != nil {
-		return x.Entity
-	}
-	return ""
-}
-
-func (x *CustomError) GetErrorMessage() string {
-	if x != nil {
-		return x.ErrorMessage
-	}
-	return ""
-}
-
-var File_custom_error_proto protoreflect.FileDescriptor
-
-var file_custom_error_proto_rawDesc = []byte{
-	0x0a, 0x12, 0x63, 0x75, 0x73, 0x74, 0x6f, 0x6d, 0x5f, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x2e, 0x70,
-	0x72, 0x6f, 0x74, 0x6f, 0x12, 0x05, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x22, 0xfa, 0x01, 0x0a, 0x0b,
-	0x43, 0x75, 0x73, 0x74, 0x6f, 0x6d, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x12, 0x36, 0x0a, 0x04, 0x63,
-	0x6f, 0x64, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x22, 0x2e, 0x65, 0x72, 0x72, 0x6f,
-	0x72, 0x2e, 0x43, 0x75, 0x73, 0x74, 0x6f, 0x6d, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x2e, 0x43, 0x75,
-	0x73, 0x74, 0x6f, 0x6d, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x43, 0x6f, 0x64, 0x65, 0x52, 0x04, 0x63,
-	0x6f, 0x64, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x18, 0x02, 0x20,
-	0x01, 0x28, 0x09, 0x52, 0x06, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x12, 0x23, 0x0a, 0x0d, 0x65,
-	0x72, 0x72, 0x6f, 0x72, 0x5f, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x18, 0x03, 0x20, 0x01,
-	0x28, 0x09, 0x52, 0x0c, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65,
-	0x22, 0x76, 0x0a, 0x0f, 0x43, 0x75, 0x73, 0x74, 0x6f, 0x6d, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x43,
-	0x6f, 0x64, 0x65, 0x12, 0x21, 0x0a, 0x1d, 0x43, 0x55, 0x53, 0x54, 0x4f, 0x4d, 0x5f, 0x45, 0x52,
-	0x52, 0x4f, 0x52, 0x5f, 0x43, 0x4f, 0x44, 0x45, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49,
-	0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x10, 0x0a, 0x0c, 0x54, 0x4f, 0x4f, 0x5f, 0x4d, 0x41,
-	0x4e, 0x59, 0x5f, 0x46, 0x4f, 0x4f, 0x10, 0x01, 0x12, 0x12, 0x0a, 0x0e, 0x4e, 0x4f, 0x54, 0x5f,
-	0x45, 0x4e, 0x4f, 0x55, 0x47, 0x48, 0x5f, 0x46, 0x4f, 0x4f, 0x10, 0x02, 0x12, 0x1a, 0x0a, 0x16,
-	0x55, 0x4e, 0x49, 0x56, 0x45, 0x52, 0x53, 0x45, 0x5f, 0x57, 0x41, 0x53, 0x5f, 0x44, 0x45, 0x53,
-	0x54, 0x52, 0x4f, 0x59, 0x45, 0x44, 0x10, 0x03, 0x42, 0x43, 0x5a, 0x41, 0x67, 0x69, 0x74, 0x68,
-	0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x61, 0x70, 0x69,
-	0x73, 0x2f, 0x67, 0x61, 0x78, 0x2d, 0x67, 0x6f, 0x2f, 0x76, 0x32, 0x2f, 0x61, 0x70, 0x69, 0x65,
-	0x72, 0x72, 0x6f, 0x72, 0x2f, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2f, 0x70, 0x72,
-	0x6f, 0x74, 0x6f, 0x3b, 0x6a, 0x73, 0x6f, 0x6e, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x62, 0x06, 0x70,
-	0x72, 0x6f, 0x74, 0x6f, 0x33,
-}
-
-var (
-	file_custom_error_proto_rawDescOnce sync.Once
-	file_custom_error_proto_rawDescData = file_custom_error_proto_rawDesc
-)
-
-func file_custom_error_proto_rawDescGZIP() []byte {
-	file_custom_error_proto_rawDescOnce.Do(func() {
-		file_custom_error_proto_rawDescData = protoimpl.X.CompressGZIP(file_custom_error_proto_rawDescData)
-	})
-	return file_custom_error_proto_rawDescData
-}
-
-var file_custom_error_proto_enumTypes = make([]protoimpl.EnumInfo, 1)
-var file_custom_error_proto_msgTypes = make([]protoimpl.MessageInfo, 1)
-var file_custom_error_proto_goTypes = []interface{}{
-	(CustomError_CustomErrorCode)(0), // 0: error.CustomError.CustomErrorCode
-	(*CustomError)(nil),              // 1: error.CustomError
-}
-var file_custom_error_proto_depIdxs = []int32{
-	0, // 0: error.CustomError.code:type_name -> error.CustomError.CustomErrorCode
-	1, // [1:1] is the sub-list for method output_type
-	1, // [1:1] is the sub-list for method input_type
-	1, // [1:1] is the sub-list for extension type_name
-	1, // [1:1] is the sub-list for extension extendee
-	0, // [0:1] is the sub-list for field type_name
-}
-
-func init() { file_custom_error_proto_init() }
-func file_custom_error_proto_init() {
-	if File_custom_error_proto != nil {
-		return
-	}
-	if !protoimpl.UnsafeEnabled {
-		file_custom_error_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*CustomError); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-	}
-	type x struct{}
-	out := protoimpl.TypeBuilder{
-		File: protoimpl.DescBuilder{
-			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
-			RawDescriptor: file_custom_error_proto_rawDesc,
-			NumEnums:      1,
-			NumMessages:   1,
-			NumExtensions: 0,
-			NumServices:   0,
-		},
-		GoTypes:           file_custom_error_proto_goTypes,
-		DependencyIndexes: file_custom_error_proto_depIdxs,
-		EnumInfos:         file_custom_error_proto_enumTypes,
-		MessageInfos:      file_custom_error_proto_msgTypes,
-	}.Build()
-	File_custom_error_proto = out.File
-	file_custom_error_proto_rawDesc = nil
-	file_custom_error_proto_goTypes = nil
-	file_custom_error_proto_depIdxs = nil
-}
diff --git a/vendor/github.com/googleapis/gax-go/v2/apierror/internal/proto/custom_error.proto b/vendor/github.com/googleapis/gax-go/v2/apierror/internal/proto/custom_error.proto
deleted file mode 100644
index 21678ae65..000000000
--- a/vendor/github.com/googleapis/gax-go/v2/apierror/internal/proto/custom_error.proto
+++ /dev/null
@@ -1,50 +0,0 @@
-// Copyright 2022 Google LLC
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-syntax = "proto3";
-
-package error;
-
-option go_package = "github.com/googleapis/gax-go/v2/apierror/internal/proto;jsonerror";
-
-
-// CustomError is an example of a custom error message  which may be included
-// in an rpc status. It is not meant to reflect a standard error.
-message CustomError {
-
-  // Error code for `CustomError`.
-  enum CustomErrorCode {
-    // Default error.
-    CUSTOM_ERROR_CODE_UNSPECIFIED = 0;
-
-    // Too many foo.
-    TOO_MANY_FOO = 1;
-
-    // Not enough foo.
-    NOT_ENOUGH_FOO = 2;
-
-    // Catastrophic error.
-    UNIVERSE_WAS_DESTROYED = 3;
-
-  }
-
-  // Error code specific to the custom API being invoked.
-  CustomErrorCode code = 1;
-
-  // Name of the failed entity.
-  string entity = 2;
-
-  // Message that describes the error.
-  string error_message = 3;
-}
diff --git a/vendor/github.com/googleapis/gax-go/v2/apierror/internal/proto/error.pb.go b/vendor/github.com/googleapis/gax-go/v2/apierror/internal/proto/error.pb.go
deleted file mode 100644
index 7dd9b8373..000000000
--- a/vendor/github.com/googleapis/gax-go/v2/apierror/internal/proto/error.pb.go
+++ /dev/null
@@ -1,280 +0,0 @@
-// Copyright 2021 Google LLC
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-// Code generated by protoc-gen-go. DO NOT EDIT.
-// versions:
-// 	protoc-gen-go v1.28.0
-// 	protoc        v3.15.8
-// source: apierror/internal/proto/error.proto
-
-package jsonerror
-
-import (
-	reflect "reflect"
-	sync "sync"
-
-	code "google.golang.org/genproto/googleapis/rpc/code"
-	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
-	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
-	anypb "google.golang.org/protobuf/types/known/anypb"
-)
-
-const (
-	// Verify that this generated code is sufficiently up-to-date.
-	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
-	// Verify that runtime/protoimpl is sufficiently up-to-date.
-	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
-)
-
-// The error format v2 for Google JSON REST APIs.
-// Copied from https://cloud.google.com/apis/design/errors#http_mapping.
-//
-// NOTE: This schema is not used for other wire protocols.
-type Error struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// The actual error payload. The nested message structure is for backward
-	// compatibility with Google API client libraries. It also makes the error
-	// more readable to developers.
-	Error *Error_Status `protobuf:"bytes,1,opt,name=error,proto3" json:"error,omitempty"`
-}
-
-func (x *Error) Reset() {
-	*x = Error{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_apierror_internal_proto_error_proto_msgTypes[0]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *Error) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*Error) ProtoMessage() {}
-
-func (x *Error) ProtoReflect() protoreflect.Message {
-	mi := &file_apierror_internal_proto_error_proto_msgTypes[0]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use Error.ProtoReflect.Descriptor instead.
-func (*Error) Descriptor() ([]byte, []int) {
-	return file_apierror_internal_proto_error_proto_rawDescGZIP(), []int{0}
-}
-
-func (x *Error) GetError() *Error_Status {
-	if x != nil {
-		return x.Error
-	}
-	return nil
-}
-
-// This message has the same semantics as `google.rpc.Status`. It uses HTTP
-// status code instead of gRPC status code. It has an extra field `status`
-// for backward compatibility with Google API Client Libraries.
-type Error_Status struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// The HTTP status code that corresponds to `google.rpc.Status.code`.
-	Code int32 `protobuf:"varint,1,opt,name=code,proto3" json:"code,omitempty"`
-	// This corresponds to `google.rpc.Status.message`.
-	Message string `protobuf:"bytes,2,opt,name=message,proto3" json:"message,omitempty"`
-	// This is the enum version for `google.rpc.Status.code`.
-	Status code.Code `protobuf:"varint,4,opt,name=status,proto3,enum=google.rpc.Code" json:"status,omitempty"`
-	// This corresponds to `google.rpc.Status.details`.
-	Details []*anypb.Any `protobuf:"bytes,5,rep,name=details,proto3" json:"details,omitempty"`
-}
-
-func (x *Error_Status) Reset() {
-	*x = Error_Status{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_apierror_internal_proto_error_proto_msgTypes[1]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *Error_Status) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*Error_Status) ProtoMessage() {}
-
-func (x *Error_Status) ProtoReflect() protoreflect.Message {
-	mi := &file_apierror_internal_proto_error_proto_msgTypes[1]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use Error_Status.ProtoReflect.Descriptor instead.
-func (*Error_Status) Descriptor() ([]byte, []int) {
-	return file_apierror_internal_proto_error_proto_rawDescGZIP(), []int{0, 0}
-}
-
-func (x *Error_Status) GetCode() int32 {
-	if x != nil {
-		return x.Code
-	}
-	return 0
-}
-
-func (x *Error_Status) GetMessage() string {
-	if x != nil {
-		return x.Message
-	}
-	return ""
-}
-
-func (x *Error_Status) GetStatus() code.Code {
-	if x != nil {
-		return x.Status
-	}
-	return code.Code(0)
-}
-
-func (x *Error_Status) GetDetails() []*anypb.Any {
-	if x != nil {
-		return x.Details
-	}
-	return nil
-}
-
-var File_apierror_internal_proto_error_proto protoreflect.FileDescriptor
-
-var file_apierror_internal_proto_error_proto_rawDesc = []byte{
-	0x0a, 0x23, 0x61, 0x70, 0x69, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x2f, 0x69, 0x6e, 0x74, 0x65, 0x72,
-	0x6e, 0x61, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x2e,
-	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x05, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x1a, 0x19, 0x67, 0x6f,
-	0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x61, 0x6e,
-	0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x15, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f,
-	0x72, 0x70, 0x63, 0x2f, 0x63, 0x6f, 0x64, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xc5,
-	0x01, 0x0a, 0x05, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x12, 0x29, 0x0a, 0x05, 0x65, 0x72, 0x72, 0x6f,
-	0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x2e,
-	0x45, 0x72, 0x72, 0x6f, 0x72, 0x2e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x05, 0x65, 0x72,
-	0x72, 0x6f, 0x72, 0x1a, 0x90, 0x01, 0x0a, 0x06, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x12,
-	0x0a, 0x04, 0x63, 0x6f, 0x64, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x04, 0x63, 0x6f,
-	0x64, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x18, 0x02, 0x20,
-	0x01, 0x28, 0x09, 0x52, 0x07, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x12, 0x28, 0x0a, 0x06,
-	0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x10, 0x2e, 0x67,
-	0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x72, 0x70, 0x63, 0x2e, 0x43, 0x6f, 0x64, 0x65, 0x52, 0x06,
-	0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x2e, 0x0a, 0x07, 0x64, 0x65, 0x74, 0x61, 0x69, 0x6c,
-	0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
-	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x41, 0x6e, 0x79, 0x52, 0x07, 0x64,
-	0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x42, 0x43, 0x5a, 0x41, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62,
-	0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x61, 0x70, 0x69, 0x73, 0x2f,
-	0x67, 0x61, 0x78, 0x2d, 0x67, 0x6f, 0x2f, 0x76, 0x32, 0x2f, 0x61, 0x70, 0x69, 0x65, 0x72, 0x72,
-	0x6f, 0x72, 0x2f, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74,
-	0x6f, 0x3b, 0x6a, 0x73, 0x6f, 0x6e, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x62, 0x06, 0x70, 0x72, 0x6f,
-	0x74, 0x6f, 0x33,
-}
-
-var (
-	file_apierror_internal_proto_error_proto_rawDescOnce sync.Once
-	file_apierror_internal_proto_error_proto_rawDescData = file_apierror_internal_proto_error_proto_rawDesc
-)
-
-func file_apierror_internal_proto_error_proto_rawDescGZIP() []byte {
-	file_apierror_internal_proto_error_proto_rawDescOnce.Do(func() {
-		file_apierror_internal_proto_error_proto_rawDescData = protoimpl.X.CompressGZIP(file_apierror_internal_proto_error_proto_rawDescData)
-	})
-	return file_apierror_internal_proto_error_proto_rawDescData
-}
-
-var file_apierror_internal_proto_error_proto_msgTypes = make([]protoimpl.MessageInfo, 2)
-var file_apierror_internal_proto_error_proto_goTypes = []interface{}{
-	(*Error)(nil),        // 0: error.Error
-	(*Error_Status)(nil), // 1: error.Error.Status
-	(code.Code)(0),       // 2: google.rpc.Code
-	(*anypb.Any)(nil),    // 3: google.protobuf.Any
-}
-var file_apierror_internal_proto_error_proto_depIdxs = []int32{
-	1, // 0: error.Error.error:type_name -> error.Error.Status
-	2, // 1: error.Error.Status.status:type_name -> google.rpc.Code
-	3, // 2: error.Error.Status.details:type_name -> google.protobuf.Any
-	3, // [3:3] is the sub-list for method output_type
-	3, // [3:3] is the sub-list for method input_type
-	3, // [3:3] is the sub-list for extension type_name
-	3, // [3:3] is the sub-list for extension extendee
-	0, // [0:3] is the sub-list for field type_name
-}
-
-func init() { file_apierror_internal_proto_error_proto_init() }
-func file_apierror_internal_proto_error_proto_init() {
-	if File_apierror_internal_proto_error_proto != nil {
-		return
-	}
-	if !protoimpl.UnsafeEnabled {
-		file_apierror_internal_proto_error_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*Error); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_apierror_internal_proto_error_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*Error_Status); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-	}
-	type x struct{}
-	out := protoimpl.TypeBuilder{
-		File: protoimpl.DescBuilder{
-			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
-			RawDescriptor: file_apierror_internal_proto_error_proto_rawDesc,
-			NumEnums:      0,
-			NumMessages:   2,
-			NumExtensions: 0,
-			NumServices:   0,
-		},
-		GoTypes:           file_apierror_internal_proto_error_proto_goTypes,
-		DependencyIndexes: file_apierror_internal_proto_error_proto_depIdxs,
-		MessageInfos:      file_apierror_internal_proto_error_proto_msgTypes,
-	}.Build()
-	File_apierror_internal_proto_error_proto = out.File
-	file_apierror_internal_proto_error_proto_rawDesc = nil
-	file_apierror_internal_proto_error_proto_goTypes = nil
-	file_apierror_internal_proto_error_proto_depIdxs = nil
-}
diff --git a/vendor/github.com/googleapis/gax-go/v2/apierror/internal/proto/error.proto b/vendor/github.com/googleapis/gax-go/v2/apierror/internal/proto/error.proto
deleted file mode 100644
index 4b9b13ce1..000000000
--- a/vendor/github.com/googleapis/gax-go/v2/apierror/internal/proto/error.proto
+++ /dev/null
@@ -1,46 +0,0 @@
-// Copyright 2021 Google LLC
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-syntax = "proto3";
-
-package error;
-
-import "google/protobuf/any.proto";
-import "google/rpc/code.proto";
-
-option go_package = "github.com/googleapis/gax-go/v2/apierror/internal/proto;jsonerror";
-
-// The error format v2 for Google JSON REST APIs.
-// Copied from https://cloud.google.com/apis/design/errors#http_mapping.
-//
-// NOTE: This schema is not used for other wire protocols.
-message Error {
-  // This message has the same semantics as `google.rpc.Status`. It uses HTTP
-  // status code instead of gRPC status code. It has an extra field `status`
-  // for backward compatibility with Google API Client Libraries.
-  message Status {
-    // The HTTP status code that corresponds to `google.rpc.Status.code`.
-    int32 code = 1;
-    // This corresponds to `google.rpc.Status.message`.
-    string message = 2;
-    // This is the enum version for `google.rpc.Status.code`.
-    google.rpc.Code status = 4;
-    // This corresponds to `google.rpc.Status.details`.
-    repeated google.protobuf.Any details = 5;
-  }
-  // The actual error payload. The nested message structure is for backward
-  // compatibility with Google API client libraries. It also makes the error
-  // more readable to developers.
-  Status error = 1;
-}
diff --git a/vendor/github.com/googleapis/gax-go/v2/call_option.go b/vendor/github.com/googleapis/gax-go/v2/call_option.go
deleted file mode 100644
index c52e03f64..000000000
--- a/vendor/github.com/googleapis/gax-go/v2/call_option.go
+++ /dev/null
@@ -1,265 +0,0 @@
-// Copyright 2016, Google Inc.
-// All rights reserved.
-//
-// Redistribution and use in source and binary forms, with or without
-// modification, are permitted provided that the following conditions are
-// met:
-//
-//     * Redistributions of source code must retain the above copyright
-// notice, this list of conditions and the following disclaimer.
-//     * Redistributions in binary form must reproduce the above
-// copyright notice, this list of conditions and the following disclaimer
-// in the documentation and/or other materials provided with the
-// distribution.
-//     * Neither the name of Google Inc. nor the names of its
-// contributors may be used to endorse or promote products derived from
-// this software without specific prior written permission.
-//
-// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-package gax
-
-import (
-	"errors"
-	"math/rand"
-	"time"
-
-	"google.golang.org/api/googleapi"
-	"google.golang.org/grpc"
-	"google.golang.org/grpc/codes"
-	"google.golang.org/grpc/status"
-)
-
-// CallOption is an option used by Invoke to control behaviors of RPC calls.
-// CallOption works by modifying relevant fields of CallSettings.
-type CallOption interface {
-	// Resolve applies the option by modifying cs.
-	Resolve(cs *CallSettings)
-}
-
-// Retryer is used by Invoke to determine retry behavior.
-type Retryer interface {
-	// Retry reports whether a request should be retried and how long to pause before retrying
-	// if the previous attempt returned with err. Invoke never calls Retry with nil error.
-	Retry(err error) (pause time.Duration, shouldRetry bool)
-}
-
-type retryerOption func() Retryer
-
-func (o retryerOption) Resolve(s *CallSettings) {
-	s.Retry = o
-}
-
-// WithRetry sets CallSettings.Retry to fn.
-func WithRetry(fn func() Retryer) CallOption {
-	return retryerOption(fn)
-}
-
-// OnErrorFunc returns a Retryer that retries if and only if the previous attempt
-// returns an error that satisfies shouldRetry.
-//
-// Pause times between retries are specified by bo. bo is only used for its
-// parameters; each Retryer has its own copy.
-func OnErrorFunc(bo Backoff, shouldRetry func(err error) bool) Retryer {
-	return &errorRetryer{
-		shouldRetry: shouldRetry,
-		backoff:     bo,
-	}
-}
-
-type errorRetryer struct {
-	backoff     Backoff
-	shouldRetry func(err error) bool
-}
-
-func (r *errorRetryer) Retry(err error) (time.Duration, bool) {
-	if r.shouldRetry(err) {
-		return r.backoff.Pause(), true
-	}
-
-	return 0, false
-}
-
-// OnCodes returns a Retryer that retries if and only if
-// the previous attempt returns a GRPC error whose error code is stored in cc.
-// Pause times between retries are specified by bo.
-//
-// bo is only used for its parameters; each Retryer has its own copy.
-func OnCodes(cc []codes.Code, bo Backoff) Retryer {
-	return &boRetryer{
-		backoff: bo,
-		codes:   append([]codes.Code(nil), cc...),
-	}
-}
-
-type boRetryer struct {
-	backoff Backoff
-	codes   []codes.Code
-}
-
-func (r *boRetryer) Retry(err error) (time.Duration, bool) {
-	st, ok := status.FromError(err)
-	if !ok {
-		return 0, false
-	}
-	c := st.Code()
-	for _, rc := range r.codes {
-		if c == rc {
-			return r.backoff.Pause(), true
-		}
-	}
-	return 0, false
-}
-
-// OnHTTPCodes returns a Retryer that retries if and only if
-// the previous attempt returns a googleapi.Error whose status code is stored in
-// cc. Pause times between retries are specified by bo.
-//
-// bo is only used for its parameters; each Retryer has its own copy.
-func OnHTTPCodes(bo Backoff, cc ...int) Retryer {
-	codes := make(map[int]bool, len(cc))
-	for _, c := range cc {
-		codes[c] = true
-	}
-
-	return &httpRetryer{
-		backoff: bo,
-		codes:   codes,
-	}
-}
-
-type httpRetryer struct {
-	backoff Backoff
-	codes   map[int]bool
-}
-
-func (r *httpRetryer) Retry(err error) (time.Duration, bool) {
-	var gerr *googleapi.Error
-	if !errors.As(err, &gerr) {
-		return 0, false
-	}
-
-	if r.codes[gerr.Code] {
-		return r.backoff.Pause(), true
-	}
-
-	return 0, false
-}
-
-// Backoff implements exponential backoff. The wait time between retries is a
-// random value between 0 and the "retry period" - the time between retries. The
-// retry period starts at Initial and increases by the factor of Multiplier
-// every retry, but is capped at Max.
-//
-// Note: MaxNumRetries / RPCDeadline is specifically not provided. These should
-// be built on top of Backoff.
-type Backoff struct {
-	// Initial is the initial value of the retry period, defaults to 1 second.
-	Initial time.Duration
-
-	// Max is the maximum value of the retry period, defaults to 30 seconds.
-	Max time.Duration
-
-	// Multiplier is the factor by which the retry period increases.
-	// It should be greater than 1 and defaults to 2.
-	Multiplier float64
-
-	// cur is the current retry period.
-	cur time.Duration
-}
-
-// Pause returns the next time.Duration that the caller should use to backoff.
-func (bo *Backoff) Pause() time.Duration {
-	if bo.Initial == 0 {
-		bo.Initial = time.Second
-	}
-	if bo.cur == 0 {
-		bo.cur = bo.Initial
-	}
-	if bo.Max == 0 {
-		bo.Max = 30 * time.Second
-	}
-	if bo.Multiplier < 1 {
-		bo.Multiplier = 2
-	}
-	// Select a duration between 1ns and the current max. It might seem
-	// counterintuitive to have so much jitter, but
-	// https://www.awsarchitectureblog.com/2015/03/backoff.html argues that
-	// that is the best strategy.
-	d := time.Duration(1 + rand.Int63n(int64(bo.cur)))
-	bo.cur = time.Duration(float64(bo.cur) * bo.Multiplier)
-	if bo.cur > bo.Max {
-		bo.cur = bo.Max
-	}
-	return d
-}
-
-type grpcOpt []grpc.CallOption
-
-func (o grpcOpt) Resolve(s *CallSettings) {
-	s.GRPC = o
-}
-
-type pathOpt struct {
-	p string
-}
-
-func (p pathOpt) Resolve(s *CallSettings) {
-	s.Path = p.p
-}
-
-type timeoutOpt struct {
-	t time.Duration
-}
-
-func (t timeoutOpt) Resolve(s *CallSettings) {
-	s.timeout = t.t
-}
-
-// WithPath applies a Path override to the HTTP-based APICall.
-//
-// This is for internal use only.
-func WithPath(p string) CallOption {
-	return &pathOpt{p: p}
-}
-
-// WithGRPCOptions allows passing gRPC call options during client creation.
-func WithGRPCOptions(opt ...grpc.CallOption) CallOption {
-	return grpcOpt(append([]grpc.CallOption(nil), opt...))
-}
-
-// WithTimeout is a convenience option for setting a context.WithTimeout on the
-// singular context.Context used for **all** APICall attempts. Calculated from
-// the start of the first APICall attempt.
-// If the context.Context provided to Invoke already has a Deadline set, that
-// will always be respected over the deadline calculated using this option.
-func WithTimeout(t time.Duration) CallOption {
-	return &timeoutOpt{t: t}
-}
-
-// CallSettings allow fine-grained control over how calls are made.
-type CallSettings struct {
-	// Retry returns a Retryer to be used to control retry logic of a method call.
-	// If Retry is nil or the returned Retryer is nil, the call will not be retried.
-	Retry func() Retryer
-
-	// CallOptions to be forwarded to GRPC.
-	GRPC []grpc.CallOption
-
-	// Path is an HTTP override for an APICall.
-	Path string
-
-	// Timeout defines the amount of time that Invoke has to complete.
-	// Unexported so it cannot be changed by the code in an APICall.
-	timeout time.Duration
-}
diff --git a/vendor/github.com/googleapis/gax-go/v2/content_type.go b/vendor/github.com/googleapis/gax-go/v2/content_type.go
deleted file mode 100644
index 1b53d0a3a..000000000
--- a/vendor/github.com/googleapis/gax-go/v2/content_type.go
+++ /dev/null
@@ -1,112 +0,0 @@
-// Copyright 2022, Google Inc.
-// All rights reserved.
-//
-// Redistribution and use in source and binary forms, with or without
-// modification, are permitted provided that the following conditions are
-// met:
-//
-//     * Redistributions of source code must retain the above copyright
-// notice, this list of conditions and the following disclaimer.
-//     * Redistributions in binary form must reproduce the above
-// copyright notice, this list of conditions and the following disclaimer
-// in the documentation and/or other materials provided with the
-// distribution.
-//     * Neither the name of Google Inc. nor the names of its
-// contributors may be used to endorse or promote products derived from
-// this software without specific prior written permission.
-//
-// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-package gax
-
-import (
-	"io"
-	"io/ioutil"
-	"net/http"
-)
-
-const sniffBuffSize = 512
-
-func newContentSniffer(r io.Reader) *contentSniffer {
-	return &contentSniffer{r: r}
-}
-
-// contentSniffer wraps a Reader, and reports the content type determined by sniffing up to 512 bytes from the Reader.
-type contentSniffer struct {
-	r     io.Reader
-	start []byte // buffer for the sniffed bytes.
-	err   error  // set to any error encountered while reading bytes to be sniffed.
-
-	ctype   string // set on first sniff.
-	sniffed bool   // set to true on first sniff.
-}
-
-func (cs *contentSniffer) Read(p []byte) (n int, err error) {
-	// Ensure that the content type is sniffed before any data is consumed from Reader.
-	_, _ = cs.ContentType()
-
-	if len(cs.start) > 0 {
-		n := copy(p, cs.start)
-		cs.start = cs.start[n:]
-		return n, nil
-	}
-
-	// We may have read some bytes into start while sniffing, even if the read ended in an error.
-	// We should first return those bytes, then the error.
-	if cs.err != nil {
-		return 0, cs.err
-	}
-
-	// Now we have handled all bytes that were buffered while sniffing.  Now just delegate to the underlying reader.
-	return cs.r.Read(p)
-}
-
-// ContentType returns the sniffed content type, and whether the content type was successfully sniffed.
-func (cs *contentSniffer) ContentType() (string, bool) {
-	if cs.sniffed {
-		return cs.ctype, cs.ctype != ""
-	}
-	cs.sniffed = true
-	// If ReadAll hits EOF, it returns err==nil.
-	cs.start, cs.err = ioutil.ReadAll(io.LimitReader(cs.r, sniffBuffSize))
-
-	// Don't try to detect the content type based on possibly incomplete data.
-	if cs.err != nil {
-		return "", false
-	}
-
-	cs.ctype = http.DetectContentType(cs.start)
-	return cs.ctype, true
-}
-
-// DetermineContentType determines the content type of the supplied reader.
-// The content of media will be sniffed to determine the content type.
-// After calling DetectContentType the caller must not perform further reads on
-// media, but rather read from the Reader that is returned.
-func DetermineContentType(media io.Reader) (io.Reader, string) {
-	// For backwards compatibility, allow clients to set content
-	// type by providing a ContentTyper for media.
-	// Note: This is an anonymous interface definition copied from googleapi.ContentTyper.
-	if typer, ok := media.(interface {
-		ContentType() string
-	}); ok {
-		return media, typer.ContentType()
-	}
-
-	sniffer := newContentSniffer(media)
-	if ctype, ok := sniffer.ContentType(); ok {
-		return sniffer, ctype
-	}
-	// If content type could not be sniffed, reads from sniffer will eventually fail with an error.
-	return sniffer, ""
-}
diff --git a/vendor/github.com/googleapis/gax-go/v2/gax.go b/vendor/github.com/googleapis/gax-go/v2/gax.go
deleted file mode 100644
index 36cdfa33e..000000000
--- a/vendor/github.com/googleapis/gax-go/v2/gax.go
+++ /dev/null
@@ -1,41 +0,0 @@
-// Copyright 2016, Google Inc.
-// All rights reserved.
-//
-// Redistribution and use in source and binary forms, with or without
-// modification, are permitted provided that the following conditions are
-// met:
-//
-//     * Redistributions of source code must retain the above copyright
-// notice, this list of conditions and the following disclaimer.
-//     * Redistributions in binary form must reproduce the above
-// copyright notice, this list of conditions and the following disclaimer
-// in the documentation and/or other materials provided with the
-// distribution.
-//     * Neither the name of Google Inc. nor the names of its
-// contributors may be used to endorse or promote products derived from
-// this software without specific prior written permission.
-//
-// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-// Package gax contains a set of modules which aid the development of APIs
-// for clients and servers based on gRPC and Google API conventions.
-//
-// Application code will rarely need to use this library directly.
-// However, code generated automatically from API definition files can use it
-// to simplify code generation and to provide more convenient and idiomatic API surfaces.
-package gax
-
-import "github.com/googleapis/gax-go/v2/internal"
-
-// Version specifies the gax-go version being used.
-const Version = internal.Version
diff --git a/vendor/github.com/googleapis/gax-go/v2/header.go b/vendor/github.com/googleapis/gax-go/v2/header.go
deleted file mode 100644
index 6488461f4..000000000
--- a/vendor/github.com/googleapis/gax-go/v2/header.go
+++ /dev/null
@@ -1,119 +0,0 @@
-// Copyright 2018, Google Inc.
-// All rights reserved.
-//
-// Redistribution and use in source and binary forms, with or without
-// modification, are permitted provided that the following conditions are
-// met:
-//
-//     * Redistributions of source code must retain the above copyright
-// notice, this list of conditions and the following disclaimer.
-//     * Redistributions in binary form must reproduce the above
-// copyright notice, this list of conditions and the following disclaimer
-// in the documentation and/or other materials provided with the
-// distribution.
-//     * Neither the name of Google Inc. nor the names of its
-// contributors may be used to endorse or promote products derived from
-// this software without specific prior written permission.
-//
-// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-package gax
-
-import (
-	"bytes"
-	"runtime"
-	"strings"
-	"unicode"
-)
-
-var (
-	// GoVersion is a header-safe representation of the current runtime
-	// environment's Go version. This is for GAX consumers that need to
-	// report the Go runtime version in API calls.
-	GoVersion string
-	// version is a package internal global variable for testing purposes.
-	version = runtime.Version
-)
-
-// versionUnknown is only used when the runtime version cannot be determined.
-const versionUnknown = "UNKNOWN"
-
-func init() {
-	GoVersion = goVersion()
-}
-
-// goVersion returns a Go runtime version derived from the runtime environment
-// that is modified to be suitable for reporting in a header, meaning it has no
-// whitespace. If it is unable to determine the Go runtime version, it returns
-// versionUnknown.
-func goVersion() string {
-	const develPrefix = "devel +"
-
-	s := version()
-	if strings.HasPrefix(s, develPrefix) {
-		s = s[len(develPrefix):]
-		if p := strings.IndexFunc(s, unicode.IsSpace); p >= 0 {
-			s = s[:p]
-		}
-		return s
-	} else if p := strings.IndexFunc(s, unicode.IsSpace); p >= 0 {
-		s = s[:p]
-	}
-
-	notSemverRune := func(r rune) bool {
-		return !strings.ContainsRune("0123456789.", r)
-	}
-
-	if strings.HasPrefix(s, "go1") {
-		s = s[2:]
-		var prerelease string
-		if p := strings.IndexFunc(s, notSemverRune); p >= 0 {
-			s, prerelease = s[:p], s[p:]
-		}
-		if strings.HasSuffix(s, ".") {
-			s += "0"
-		} else if strings.Count(s, ".") < 2 {
-			s += ".0"
-		}
-		if prerelease != "" {
-			// Some release candidates already have a dash in them.
-			if !strings.HasPrefix(prerelease, "-") {
-				prerelease = "-" + prerelease
-			}
-			s += prerelease
-		}
-		return s
-	}
-	return "UNKNOWN"
-}
-
-// XGoogHeader is for use by the Google Cloud Libraries only.
-//
-// XGoogHeader formats key-value pairs.
-// The resulting string is suitable for x-goog-api-client header.
-func XGoogHeader(keyval ...string) string {
-	if len(keyval) == 0 {
-		return ""
-	}
-	if len(keyval)%2 != 0 {
-		panic("gax.Header: odd argument count")
-	}
-	var buf bytes.Buffer
-	for i := 0; i < len(keyval); i += 2 {
-		buf.WriteByte(' ')
-		buf.WriteString(keyval[i])
-		buf.WriteByte('/')
-		buf.WriteString(keyval[i+1])
-	}
-	return buf.String()[1:]
-}
diff --git a/vendor/github.com/googleapis/gax-go/v2/internal/version.go b/vendor/github.com/googleapis/gax-go/v2/internal/version.go
deleted file mode 100644
index 374dcdb11..000000000
--- a/vendor/github.com/googleapis/gax-go/v2/internal/version.go
+++ /dev/null
@@ -1,33 +0,0 @@
-// Copyright 2022, Google Inc.
-// All rights reserved.
-//
-// Redistribution and use in source and binary forms, with or without
-// modification, are permitted provided that the following conditions are
-// met:
-//
-//     * Redistributions of source code must retain the above copyright
-// notice, this list of conditions and the following disclaimer.
-//     * Redistributions in binary form must reproduce the above
-// copyright notice, this list of conditions and the following disclaimer
-// in the documentation and/or other materials provided with the
-// distribution.
-//     * Neither the name of Google Inc. nor the names of its
-// contributors may be used to endorse or promote products derived from
-// this software without specific prior written permission.
-//
-// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-package internal
-
-// Version is the current tagged release of the library.
-const Version = "2.11.0"
diff --git a/vendor/github.com/googleapis/gax-go/v2/invoke.go b/vendor/github.com/googleapis/gax-go/v2/invoke.go
deleted file mode 100644
index 721d1af55..000000000
--- a/vendor/github.com/googleapis/gax-go/v2/invoke.go
+++ /dev/null
@@ -1,114 +0,0 @@
-// Copyright 2016, Google Inc.
-// All rights reserved.
-//
-// Redistribution and use in source and binary forms, with or without
-// modification, are permitted provided that the following conditions are
-// met:
-//
-//     * Redistributions of source code must retain the above copyright
-// notice, this list of conditions and the following disclaimer.
-//     * Redistributions in binary form must reproduce the above
-// copyright notice, this list of conditions and the following disclaimer
-// in the documentation and/or other materials provided with the
-// distribution.
-//     * Neither the name of Google Inc. nor the names of its
-// contributors may be used to endorse or promote products derived from
-// this software without specific prior written permission.
-//
-// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-package gax
-
-import (
-	"context"
-	"strings"
-	"time"
-
-	"github.com/googleapis/gax-go/v2/apierror"
-)
-
-// APICall is a user defined call stub.
-type APICall func(context.Context, CallSettings) error
-
-// Invoke calls the given APICall, performing retries as specified by opts, if
-// any.
-func Invoke(ctx context.Context, call APICall, opts ...CallOption) error {
-	var settings CallSettings
-	for _, opt := range opts {
-		opt.Resolve(&settings)
-	}
-	return invoke(ctx, call, settings, Sleep)
-}
-
-// Sleep is similar to time.Sleep, but it can be interrupted by ctx.Done() closing.
-// If interrupted, Sleep returns ctx.Err().
-func Sleep(ctx context.Context, d time.Duration) error {
-	t := time.NewTimer(d)
-	select {
-	case <-ctx.Done():
-		t.Stop()
-		return ctx.Err()
-	case <-t.C:
-		return nil
-	}
-}
-
-type sleeper func(ctx context.Context, d time.Duration) error
-
-// invoke implements Invoke, taking an additional sleeper argument for testing.
-func invoke(ctx context.Context, call APICall, settings CallSettings, sp sleeper) error {
-	var retryer Retryer
-
-	// Only use the value provided via WithTimeout if the context doesn't
-	// already have a deadline. This is important for backwards compatibility if
-	// the user already set a deadline on the context given to Invoke.
-	if _, ok := ctx.Deadline(); !ok && settings.timeout != 0 {
-		c, cc := context.WithTimeout(ctx, settings.timeout)
-		defer cc()
-		ctx = c
-	}
-
-	for {
-		err := call(ctx, settings)
-		if err == nil {
-			return nil
-		}
-		// Never retry permanent certificate errors. (e.x. if ca-certificates
-		// are not installed). We should only make very few, targeted
-		// exceptions: many (other) status=Unavailable should be retried, such
-		// as if there's a network hiccup, or the internet goes out for a
-		// minute. This is also why here we are doing string parsing instead of
-		// simply making Unavailable a non-retried code elsewhere.
-		if strings.Contains(err.Error(), "x509: certificate signed by unknown authority") {
-			return err
-		}
-		if apierr, ok := apierror.FromError(err); ok {
-			err = apierr
-		}
-		if settings.Retry == nil {
-			return err
-		}
-		if retryer == nil {
-			if r := settings.Retry(); r != nil {
-				retryer = r
-			} else {
-				return err
-			}
-		}
-		if d, ok := retryer.Retry(err); !ok {
-			return err
-		} else if err = sp(ctx, d); err != nil {
-			return err
-		}
-	}
-}
diff --git a/vendor/github.com/googleapis/gax-go/v2/proto_json_stream.go b/vendor/github.com/googleapis/gax-go/v2/proto_json_stream.go
deleted file mode 100644
index cc4486eb9..000000000
--- a/vendor/github.com/googleapis/gax-go/v2/proto_json_stream.go
+++ /dev/null
@@ -1,126 +0,0 @@
-// Copyright 2022, Google Inc.
-// All rights reserved.
-//
-// Redistribution and use in source and binary forms, with or without
-// modification, are permitted provided that the following conditions are
-// met:
-//
-//     * Redistributions of source code must retain the above copyright
-// notice, this list of conditions and the following disclaimer.
-//     * Redistributions in binary form must reproduce the above
-// copyright notice, this list of conditions and the following disclaimer
-// in the documentation and/or other materials provided with the
-// distribution.
-//     * Neither the name of Google Inc. nor the names of its
-// contributors may be used to endorse or promote products derived from
-// this software without specific prior written permission.
-//
-// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-package gax
-
-import (
-	"encoding/json"
-	"errors"
-	"io"
-
-	"google.golang.org/protobuf/encoding/protojson"
-	"google.golang.org/protobuf/proto"
-	"google.golang.org/protobuf/reflect/protoreflect"
-)
-
-var (
-	arrayOpen     = json.Delim('[')
-	arrayClose    = json.Delim(']')
-	errBadOpening = errors.New("unexpected opening token, expected '['")
-)
-
-// ProtoJSONStream represents a wrapper for consuming a stream of protobuf
-// messages encoded using protobuf-JSON format. More information on this format
-// can be found at https://developers.google.com/protocol-buffers/docs/proto3#json.
-// The stream must appear as a comma-delimited, JSON array of obbjects with
-// opening and closing square braces.
-//
-// This is for internal use only.
-type ProtoJSONStream struct {
-	first, closed bool
-	reader        io.ReadCloser
-	stream        *json.Decoder
-	typ           protoreflect.MessageType
-}
-
-// NewProtoJSONStreamReader accepts a stream of bytes via an io.ReadCloser that are
-// protobuf-JSON encoded protobuf messages of the given type. The ProtoJSONStream
-// must be closed when done.
-//
-// This is for internal use only.
-func NewProtoJSONStreamReader(rc io.ReadCloser, typ protoreflect.MessageType) *ProtoJSONStream {
-	return &ProtoJSONStream{
-		first:  true,
-		reader: rc,
-		stream: json.NewDecoder(rc),
-		typ:    typ,
-	}
-}
-
-// Recv decodes the next protobuf message in the stream or returns io.EOF if
-// the stream is done. It is not safe to call Recv on the same stream from
-// different goroutines, just like it is not safe to do so with a single gRPC
-// stream. Type-cast the protobuf message returned to the type provided at
-// ProtoJSONStream creation.
-// Calls to Recv after calling Close will produce io.EOF.
-func (s *ProtoJSONStream) Recv() (proto.Message, error) {
-	if s.closed {
-		return nil, io.EOF
-	}
-	if s.first {
-		s.first = false
-
-		// Consume the opening '[' so Decode gets one object at a time.
-		if t, err := s.stream.Token(); err != nil {
-			return nil, err
-		} else if t != arrayOpen {
-			return nil, errBadOpening
-		}
-	}
-
-	// Capture the next block of data for the item (a JSON object) in the stream.
-	var raw json.RawMessage
-	if err := s.stream.Decode(&raw); err != nil {
-		e := err
-		// To avoid checking the first token of each stream, just attempt to
-		// Decode the next blob and if that fails, double check if it is just
-		// the closing token ']'. If it is the closing, return io.EOF. If it
-		// isn't, return the original error.
-		if t, _ := s.stream.Token(); t == arrayClose {
-			e = io.EOF
-		}
-		return nil, e
-	}
-
-	// Initialize a new instance of the protobuf message to unmarshal the
-	// raw data into.
-	m := s.typ.New().Interface()
-	err := protojson.Unmarshal(raw, m)
-
-	return m, err
-}
-
-// Close closes the stream so that resources are cleaned up.
-func (s *ProtoJSONStream) Close() error {
-	// Dereference the *json.Decoder so that the memory is gc'd.
-	s.stream = nil
-	s.closed = true
-
-	return s.reader.Close()
-}
diff --git a/vendor/github.com/googleapis/gax-go/v2/release-please-config.json b/vendor/github.com/googleapis/gax-go/v2/release-please-config.json
deleted file mode 100644
index 61ee266a1..000000000
--- a/vendor/github.com/googleapis/gax-go/v2/release-please-config.json
+++ /dev/null
@@ -1,10 +0,0 @@
-{
-    "release-type": "go-yoshi",
-    "separate-pull-requests": true,
-    "include-component-in-tag": false,
-    "packages": {
-        "v2": {
-            "component": "v2"
-        }
-    }
-}
diff --git a/vendor/github.com/gorilla/handlers/LICENSE b/vendor/github.com/gorilla/handlers/LICENSE
deleted file mode 100644
index 66ea3c8ae..000000000
--- a/vendor/github.com/gorilla/handlers/LICENSE
+++ /dev/null
@@ -1,22 +0,0 @@
-Copyright (c) 2013 The Gorilla Handlers Authors. All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions are met:
-
-  Redistributions of source code must retain the above copyright notice, this
-  list of conditions and the following disclaimer.
-
-  Redistributions in binary form must reproduce the above copyright notice,
-  this list of conditions and the following disclaimer in the documentation
-  and/or other materials provided with the distribution.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
-ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
-WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
-FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
-SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
-CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
-OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/vendor/github.com/gorilla/handlers/README.md b/vendor/github.com/gorilla/handlers/README.md
deleted file mode 100644
index 6eba66bf3..000000000
--- a/vendor/github.com/gorilla/handlers/README.md
+++ /dev/null
@@ -1,56 +0,0 @@
-gorilla/handlers
-================
-[![GoDoc](https://godoc.org/github.com/gorilla/handlers?status.svg)](https://godoc.org/github.com/gorilla/handlers)
-[![CircleCI](https://circleci.com/gh/gorilla/handlers.svg?style=svg)](https://circleci.com/gh/gorilla/handlers)
-[![Sourcegraph](https://sourcegraph.com/github.com/gorilla/handlers/-/badge.svg)](https://sourcegraph.com/github.com/gorilla/handlers?badge)
-
-
-Package handlers is a collection of handlers (aka "HTTP middleware") for use
-with Go's `net/http` package (or any framework supporting `http.Handler`), including:
-
-* [**LoggingHandler**](https://godoc.org/github.com/gorilla/handlers#LoggingHandler) for logging HTTP requests in the Apache [Common Log
-  Format](http://httpd.apache.org/docs/2.2/logs.html#common).
-* [**CombinedLoggingHandler**](https://godoc.org/github.com/gorilla/handlers#CombinedLoggingHandler) for logging HTTP requests in the Apache [Combined Log
-  Format](http://httpd.apache.org/docs/2.2/logs.html#combined) commonly used by
-  both Apache and nginx.
-* [**CompressHandler**](https://godoc.org/github.com/gorilla/handlers#CompressHandler) for gzipping responses.
-* [**ContentTypeHandler**](https://godoc.org/github.com/gorilla/handlers#ContentTypeHandler) for validating requests against a list of accepted
-  content types.
-* [**MethodHandler**](https://godoc.org/github.com/gorilla/handlers#MethodHandler) for matching HTTP methods against handlers in a
-  `map[string]http.Handler`
-* [**ProxyHeaders**](https://godoc.org/github.com/gorilla/handlers#ProxyHeaders) for populating `r.RemoteAddr` and `r.URL.Scheme` based on the
-  `X-Forwarded-For`, `X-Real-IP`, `X-Forwarded-Proto` and RFC7239 `Forwarded`
-  headers when running a Go server behind a HTTP reverse proxy.
-* [**CanonicalHost**](https://godoc.org/github.com/gorilla/handlers#CanonicalHost) for re-directing to the preferred host when handling multiple 
-  domains (i.e. multiple CNAME aliases).
-* [**RecoveryHandler**](https://godoc.org/github.com/gorilla/handlers#RecoveryHandler) for recovering from unexpected panics.
-
-Other handlers are documented [on the Gorilla
-website](https://www.gorillatoolkit.org/pkg/handlers).
-
-## Example
-
-A simple example using `handlers.LoggingHandler` and `handlers.CompressHandler`:
-
-```go
-import (
-    "net/http"
-    "github.com/gorilla/handlers"
-)
-
-func main() {
-    r := http.NewServeMux()
-
-    // Only log requests to our admin dashboard to stdout
-    r.Handle("/admin", handlers.LoggingHandler(os.Stdout, http.HandlerFunc(ShowAdminDashboard)))
-    r.HandleFunc("/", ShowIndex)
-
-    // Wrap our server with our gzip handler to gzip compress all responses.
-    http.ListenAndServe(":8000", handlers.CompressHandler(r))
-}
-```
-
-## License
-
-BSD licensed. See the included LICENSE file for details.
-
diff --git a/vendor/github.com/gorilla/handlers/canonical.go b/vendor/github.com/gorilla/handlers/canonical.go
deleted file mode 100644
index 8437fefc1..000000000
--- a/vendor/github.com/gorilla/handlers/canonical.go
+++ /dev/null
@@ -1,74 +0,0 @@
-package handlers
-
-import (
-	"net/http"
-	"net/url"
-	"strings"
-)
-
-type canonical struct {
-	h      http.Handler
-	domain string
-	code   int
-}
-
-// CanonicalHost is HTTP middleware that re-directs requests to the canonical
-// domain. It accepts a domain and a status code (e.g. 301 or 302) and
-// re-directs clients to this domain. The existing request path is maintained.
-//
-// Note: If the provided domain is considered invalid by url.Parse or otherwise
-// returns an empty scheme or host, clients are not re-directed.
-//
-// Example:
-//
-//  r := mux.NewRouter()
-//  canonical := handlers.CanonicalHost("http://www.gorillatoolkit.org", 302)
-//  r.HandleFunc("/route", YourHandler)
-//
-//  log.Fatal(http.ListenAndServe(":7000", canonical(r)))
-//
-func CanonicalHost(domain string, code int) func(h http.Handler) http.Handler {
-	fn := func(h http.Handler) http.Handler {
-		return canonical{h, domain, code}
-	}
-
-	return fn
-}
-
-func (c canonical) ServeHTTP(w http.ResponseWriter, r *http.Request) {
-	dest, err := url.Parse(c.domain)
-	if err != nil {
-		// Call the next handler if the provided domain fails to parse.
-		c.h.ServeHTTP(w, r)
-		return
-	}
-
-	if dest.Scheme == "" || dest.Host == "" {
-		// Call the next handler if the scheme or host are empty.
-		// Note that url.Parse won't fail on in this case.
-		c.h.ServeHTTP(w, r)
-		return
-	}
-
-	if !strings.EqualFold(cleanHost(r.Host), dest.Host) {
-		// Re-build the destination URL
-		dest := dest.Scheme + "://" + dest.Host + r.URL.Path
-		if r.URL.RawQuery != "" {
-			dest += "?" + r.URL.RawQuery
-		}
-		http.Redirect(w, r, dest, c.code)
-		return
-	}
-
-	c.h.ServeHTTP(w, r)
-}
-
-// cleanHost cleans invalid Host headers by stripping anything after '/' or ' '.
-// This is backported from Go 1.5 (in response to issue #11206) and attempts to
-// mitigate malformed Host headers that do not match the format in RFC7230.
-func cleanHost(in string) string {
-	if i := strings.IndexAny(in, " /"); i != -1 {
-		return in[:i]
-	}
-	return in
-}
diff --git a/vendor/github.com/gorilla/handlers/compress.go b/vendor/github.com/gorilla/handlers/compress.go
deleted file mode 100644
index 1e95f1ccb..000000000
--- a/vendor/github.com/gorilla/handlers/compress.go
+++ /dev/null
@@ -1,143 +0,0 @@
-// Copyright 2013 The Gorilla Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package handlers
-
-import (
-	"compress/flate"
-	"compress/gzip"
-	"io"
-	"net/http"
-	"strings"
-
-	"github.com/felixge/httpsnoop"
-)
-
-const acceptEncoding string = "Accept-Encoding"
-
-type compressResponseWriter struct {
-	compressor io.Writer
-	w          http.ResponseWriter
-}
-
-func (cw *compressResponseWriter) WriteHeader(c int) {
-	cw.w.Header().Del("Content-Length")
-	cw.w.WriteHeader(c)
-}
-
-func (cw *compressResponseWriter) Write(b []byte) (int, error) {
-	h := cw.w.Header()
-	if h.Get("Content-Type") == "" {
-		h.Set("Content-Type", http.DetectContentType(b))
-	}
-	h.Del("Content-Length")
-
-	return cw.compressor.Write(b)
-}
-
-func (cw *compressResponseWriter) ReadFrom(r io.Reader) (int64, error) {
-	return io.Copy(cw.compressor, r)
-}
-
-type flusher interface {
-	Flush() error
-}
-
-func (w *compressResponseWriter) Flush() {
-	// Flush compressed data if compressor supports it.
-	if f, ok := w.compressor.(flusher); ok {
-		f.Flush()
-	}
-	// Flush HTTP response.
-	if f, ok := w.w.(http.Flusher); ok {
-		f.Flush()
-	}
-}
-
-// CompressHandler gzip compresses HTTP responses for clients that support it
-// via the 'Accept-Encoding' header.
-//
-// Compressing TLS traffic may leak the page contents to an attacker if the
-// page contains user input: http://security.stackexchange.com/a/102015/12208
-func CompressHandler(h http.Handler) http.Handler {
-	return CompressHandlerLevel(h, gzip.DefaultCompression)
-}
-
-// CompressHandlerLevel gzip compresses HTTP responses with specified compression level
-// for clients that support it via the 'Accept-Encoding' header.
-//
-// The compression level should be gzip.DefaultCompression, gzip.NoCompression,
-// or any integer value between gzip.BestSpeed and gzip.BestCompression inclusive.
-// gzip.DefaultCompression is used in case of invalid compression level.
-func CompressHandlerLevel(h http.Handler, level int) http.Handler {
-	if level < gzip.DefaultCompression || level > gzip.BestCompression {
-		level = gzip.DefaultCompression
-	}
-
-	const (
-		gzipEncoding  = "gzip"
-		flateEncoding = "deflate"
-	)
-
-	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		// detect what encoding to use
-		var encoding string
-		for _, curEnc := range strings.Split(r.Header.Get(acceptEncoding), ",") {
-			curEnc = strings.TrimSpace(curEnc)
-			if curEnc == gzipEncoding || curEnc == flateEncoding {
-				encoding = curEnc
-				break
-			}
-		}
-
-		// always add Accept-Encoding to Vary to prevent intermediate caches corruption
-		w.Header().Add("Vary", acceptEncoding)
-
-		// if we weren't able to identify an encoding we're familiar with, pass on the
-		// request to the handler and return
-		if encoding == "" {
-			h.ServeHTTP(w, r)
-			return
-		}
-
-		if r.Header.Get("Upgrade") != "" {
-			h.ServeHTTP(w, r)
-			return
-		}
-
-		// wrap the ResponseWriter with the writer for the chosen encoding
-		var encWriter io.WriteCloser
-		if encoding == gzipEncoding {
-			encWriter, _ = gzip.NewWriterLevel(w, level)
-		} else if encoding == flateEncoding {
-			encWriter, _ = flate.NewWriter(w, level)
-		}
-		defer encWriter.Close()
-
-		w.Header().Set("Content-Encoding", encoding)
-		r.Header.Del(acceptEncoding)
-
-		cw := &compressResponseWriter{
-			w:          w,
-			compressor: encWriter,
-		}
-
-		w = httpsnoop.Wrap(w, httpsnoop.Hooks{
-			Write: func(httpsnoop.WriteFunc) httpsnoop.WriteFunc {
-				return cw.Write
-			},
-			WriteHeader: func(httpsnoop.WriteHeaderFunc) httpsnoop.WriteHeaderFunc {
-				return cw.WriteHeader
-			},
-			Flush: func(httpsnoop.FlushFunc) httpsnoop.FlushFunc {
-				return cw.Flush
-			},
-			ReadFrom: func(rff httpsnoop.ReadFromFunc) httpsnoop.ReadFromFunc {
-				return cw.ReadFrom
-			},
-		})
-
-		h.ServeHTTP(w, r)
-	})
-}
diff --git a/vendor/github.com/gorilla/handlers/cors.go b/vendor/github.com/gorilla/handlers/cors.go
deleted file mode 100644
index 0dcdffb3d..000000000
--- a/vendor/github.com/gorilla/handlers/cors.go
+++ /dev/null
@@ -1,355 +0,0 @@
-package handlers
-
-import (
-	"net/http"
-	"strconv"
-	"strings"
-)
-
-// CORSOption represents a functional option for configuring the CORS middleware.
-type CORSOption func(*cors) error
-
-type cors struct {
-	h                      http.Handler
-	allowedHeaders         []string
-	allowedMethods         []string
-	allowedOrigins         []string
-	allowedOriginValidator OriginValidator
-	exposedHeaders         []string
-	maxAge                 int
-	ignoreOptions          bool
-	allowCredentials       bool
-	optionStatusCode       int
-}
-
-// OriginValidator takes an origin string and returns whether or not that origin is allowed.
-type OriginValidator func(string) bool
-
-var (
-	defaultCorsOptionStatusCode = 200
-	defaultCorsMethods          = []string{"GET", "HEAD", "POST"}
-	defaultCorsHeaders          = []string{"Accept", "Accept-Language", "Content-Language", "Origin"}
-	// (WebKit/Safari v9 sends the Origin header by default in AJAX requests)
-)
-
-const (
-	corsOptionMethod           string = "OPTIONS"
-	corsAllowOriginHeader      string = "Access-Control-Allow-Origin"
-	corsExposeHeadersHeader    string = "Access-Control-Expose-Headers"
-	corsMaxAgeHeader           string = "Access-Control-Max-Age"
-	corsAllowMethodsHeader     string = "Access-Control-Allow-Methods"
-	corsAllowHeadersHeader     string = "Access-Control-Allow-Headers"
-	corsAllowCredentialsHeader string = "Access-Control-Allow-Credentials"
-	corsRequestMethodHeader    string = "Access-Control-Request-Method"
-	corsRequestHeadersHeader   string = "Access-Control-Request-Headers"
-	corsOriginHeader           string = "Origin"
-	corsVaryHeader             string = "Vary"
-	corsOriginMatchAll         string = "*"
-)
-
-func (ch *cors) ServeHTTP(w http.ResponseWriter, r *http.Request) {
-	origin := r.Header.Get(corsOriginHeader)
-	if !ch.isOriginAllowed(origin) {
-		if r.Method != corsOptionMethod || ch.ignoreOptions {
-			ch.h.ServeHTTP(w, r)
-		}
-
-		return
-	}
-
-	if r.Method == corsOptionMethod {
-		if ch.ignoreOptions {
-			ch.h.ServeHTTP(w, r)
-			return
-		}
-
-		if _, ok := r.Header[corsRequestMethodHeader]; !ok {
-			w.WriteHeader(http.StatusBadRequest)
-			return
-		}
-
-		method := r.Header.Get(corsRequestMethodHeader)
-		if !ch.isMatch(method, ch.allowedMethods) {
-			w.WriteHeader(http.StatusMethodNotAllowed)
-			return
-		}
-
-		requestHeaders := strings.Split(r.Header.Get(corsRequestHeadersHeader), ",")
-		allowedHeaders := []string{}
-		for _, v := range requestHeaders {
-			canonicalHeader := http.CanonicalHeaderKey(strings.TrimSpace(v))
-			if canonicalHeader == "" || ch.isMatch(canonicalHeader, defaultCorsHeaders) {
-				continue
-			}
-
-			if !ch.isMatch(canonicalHeader, ch.allowedHeaders) {
-				w.WriteHeader(http.StatusForbidden)
-				return
-			}
-
-			allowedHeaders = append(allowedHeaders, canonicalHeader)
-		}
-
-		if len(allowedHeaders) > 0 {
-			w.Header().Set(corsAllowHeadersHeader, strings.Join(allowedHeaders, ","))
-		}
-
-		if ch.maxAge > 0 {
-			w.Header().Set(corsMaxAgeHeader, strconv.Itoa(ch.maxAge))
-		}
-
-		if !ch.isMatch(method, defaultCorsMethods) {
-			w.Header().Set(corsAllowMethodsHeader, method)
-		}
-	} else {
-		if len(ch.exposedHeaders) > 0 {
-			w.Header().Set(corsExposeHeadersHeader, strings.Join(ch.exposedHeaders, ","))
-		}
-	}
-
-	if ch.allowCredentials {
-		w.Header().Set(corsAllowCredentialsHeader, "true")
-	}
-
-	if len(ch.allowedOrigins) > 1 {
-		w.Header().Set(corsVaryHeader, corsOriginHeader)
-	}
-
-	returnOrigin := origin
-	if ch.allowedOriginValidator == nil && len(ch.allowedOrigins) == 0 {
-		returnOrigin = "*"
-	} else {
-		for _, o := range ch.allowedOrigins {
-			// A configuration of * is different than explicitly setting an allowed
-			// origin. Returning arbitrary origin headers in an access control allow
-			// origin header is unsafe and is not required by any use case.
-			if o == corsOriginMatchAll {
-				returnOrigin = "*"
-				break
-			}
-		}
-	}
-	w.Header().Set(corsAllowOriginHeader, returnOrigin)
-
-	if r.Method == corsOptionMethod {
-		w.WriteHeader(ch.optionStatusCode)
-		return
-	}
-	ch.h.ServeHTTP(w, r)
-}
-
-// CORS provides Cross-Origin Resource Sharing middleware.
-// Example:
-//
-//  import (
-//      "net/http"
-//
-//      "github.com/gorilla/handlers"
-//      "github.com/gorilla/mux"
-//  )
-//
-//  func main() {
-//      r := mux.NewRouter()
-//      r.HandleFunc("/users", UserEndpoint)
-//      r.HandleFunc("/projects", ProjectEndpoint)
-//
-//      // Apply the CORS middleware to our top-level router, with the defaults.
-//      http.ListenAndServe(":8000", handlers.CORS()(r))
-//  }
-//
-func CORS(opts ...CORSOption) func(http.Handler) http.Handler {
-	return func(h http.Handler) http.Handler {
-		ch := parseCORSOptions(opts...)
-		ch.h = h
-		return ch
-	}
-}
-
-func parseCORSOptions(opts ...CORSOption) *cors {
-	ch := &cors{
-		allowedMethods:   defaultCorsMethods,
-		allowedHeaders:   defaultCorsHeaders,
-		allowedOrigins:   []string{},
-		optionStatusCode: defaultCorsOptionStatusCode,
-	}
-
-	for _, option := range opts {
-		option(ch)
-	}
-
-	return ch
-}
-
-//
-// Functional options for configuring CORS.
-//
-
-// AllowedHeaders adds the provided headers to the list of allowed headers in a
-// CORS request.
-// This is an append operation so the headers Accept, Accept-Language,
-// and Content-Language are always allowed.
-// Content-Type must be explicitly declared if accepting Content-Types other than
-// application/x-www-form-urlencoded, multipart/form-data, or text/plain.
-func AllowedHeaders(headers []string) CORSOption {
-	return func(ch *cors) error {
-		for _, v := range headers {
-			normalizedHeader := http.CanonicalHeaderKey(strings.TrimSpace(v))
-			if normalizedHeader == "" {
-				continue
-			}
-
-			if !ch.isMatch(normalizedHeader, ch.allowedHeaders) {
-				ch.allowedHeaders = append(ch.allowedHeaders, normalizedHeader)
-			}
-		}
-
-		return nil
-	}
-}
-
-// AllowedMethods can be used to explicitly allow methods in the
-// Access-Control-Allow-Methods header.
-// This is a replacement operation so you must also
-// pass GET, HEAD, and POST if you wish to support those methods.
-func AllowedMethods(methods []string) CORSOption {
-	return func(ch *cors) error {
-		ch.allowedMethods = []string{}
-		for _, v := range methods {
-			normalizedMethod := strings.ToUpper(strings.TrimSpace(v))
-			if normalizedMethod == "" {
-				continue
-			}
-
-			if !ch.isMatch(normalizedMethod, ch.allowedMethods) {
-				ch.allowedMethods = append(ch.allowedMethods, normalizedMethod)
-			}
-		}
-
-		return nil
-	}
-}
-
-// AllowedOrigins sets the allowed origins for CORS requests, as used in the
-// 'Allow-Access-Control-Origin' HTTP header.
-// Note: Passing in a []string{"*"} will allow any domain.
-func AllowedOrigins(origins []string) CORSOption {
-	return func(ch *cors) error {
-		for _, v := range origins {
-			if v == corsOriginMatchAll {
-				ch.allowedOrigins = []string{corsOriginMatchAll}
-				return nil
-			}
-		}
-
-		ch.allowedOrigins = origins
-		return nil
-	}
-}
-
-// AllowedOriginValidator sets a function for evaluating allowed origins in CORS requests, represented by the
-// 'Allow-Access-Control-Origin' HTTP header.
-func AllowedOriginValidator(fn OriginValidator) CORSOption {
-	return func(ch *cors) error {
-		ch.allowedOriginValidator = fn
-		return nil
-	}
-}
-
-// OptionStatusCode sets a custom status code on the OPTIONS requests.
-// Default behaviour sets it to 200 to reflect best practices. This is option is not mandatory
-// and can be used if you need a custom status code (i.e 204).
-//
-// More informations on the spec:
-// https://fetch.spec.whatwg.org/#cors-preflight-fetch
-func OptionStatusCode(code int) CORSOption {
-	return func(ch *cors) error {
-		ch.optionStatusCode = code
-		return nil
-	}
-}
-
-// ExposedHeaders can be used to specify headers that are available
-// and will not be stripped out by the user-agent.
-func ExposedHeaders(headers []string) CORSOption {
-	return func(ch *cors) error {
-		ch.exposedHeaders = []string{}
-		for _, v := range headers {
-			normalizedHeader := http.CanonicalHeaderKey(strings.TrimSpace(v))
-			if normalizedHeader == "" {
-				continue
-			}
-
-			if !ch.isMatch(normalizedHeader, ch.exposedHeaders) {
-				ch.exposedHeaders = append(ch.exposedHeaders, normalizedHeader)
-			}
-		}
-
-		return nil
-	}
-}
-
-// MaxAge determines the maximum age (in seconds) between preflight requests. A
-// maximum of 10 minutes is allowed. An age above this value will default to 10
-// minutes.
-func MaxAge(age int) CORSOption {
-	return func(ch *cors) error {
-		// Maximum of 10 minutes.
-		if age > 600 {
-			age = 600
-		}
-
-		ch.maxAge = age
-		return nil
-	}
-}
-
-// IgnoreOptions causes the CORS middleware to ignore OPTIONS requests, instead
-// passing them through to the next handler. This is useful when your application
-// or framework has a pre-existing mechanism for responding to OPTIONS requests.
-func IgnoreOptions() CORSOption {
-	return func(ch *cors) error {
-		ch.ignoreOptions = true
-		return nil
-	}
-}
-
-// AllowCredentials can be used to specify that the user agent may pass
-// authentication details along with the request.
-func AllowCredentials() CORSOption {
-	return func(ch *cors) error {
-		ch.allowCredentials = true
-		return nil
-	}
-}
-
-func (ch *cors) isOriginAllowed(origin string) bool {
-	if origin == "" {
-		return false
-	}
-
-	if ch.allowedOriginValidator != nil {
-		return ch.allowedOriginValidator(origin)
-	}
-
-	if len(ch.allowedOrigins) == 0 {
-		return true
-	}
-
-	for _, allowedOrigin := range ch.allowedOrigins {
-		if allowedOrigin == origin || allowedOrigin == corsOriginMatchAll {
-			return true
-		}
-	}
-
-	return false
-}
-
-func (ch *cors) isMatch(needle string, haystack []string) bool {
-	for _, v := range haystack {
-		if v == needle {
-			return true
-		}
-	}
-
-	return false
-}
diff --git a/vendor/github.com/gorilla/handlers/doc.go b/vendor/github.com/gorilla/handlers/doc.go
deleted file mode 100644
index 944e5a8ae..000000000
--- a/vendor/github.com/gorilla/handlers/doc.go
+++ /dev/null
@@ -1,9 +0,0 @@
-/*
-Package handlers is a collection of handlers (aka "HTTP middleware") for use
-with Go's net/http package (or any framework supporting http.Handler).
-
-The package includes handlers for logging in standardised formats, compressing
-HTTP responses, validating content types and other useful tools for manipulating
-requests and responses.
-*/
-package handlers
diff --git a/vendor/github.com/gorilla/handlers/handlers.go b/vendor/github.com/gorilla/handlers/handlers.go
deleted file mode 100644
index 0509482ad..000000000
--- a/vendor/github.com/gorilla/handlers/handlers.go
+++ /dev/null
@@ -1,147 +0,0 @@
-// Copyright 2013 The Gorilla Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package handlers
-
-import (
-	"bufio"
-	"fmt"
-	"net"
-	"net/http"
-	"sort"
-	"strings"
-)
-
-// MethodHandler is an http.Handler that dispatches to a handler whose key in the
-// MethodHandler's map matches the name of the HTTP request's method, eg: GET
-//
-// If the request's method is OPTIONS and OPTIONS is not a key in the map then
-// the handler responds with a status of 200 and sets the Allow header to a
-// comma-separated list of available methods.
-//
-// If the request's method doesn't match any of its keys the handler responds
-// with a status of HTTP 405 "Method Not Allowed" and sets the Allow header to a
-// comma-separated list of available methods.
-type MethodHandler map[string]http.Handler
-
-func (h MethodHandler) ServeHTTP(w http.ResponseWriter, req *http.Request) {
-	if handler, ok := h[req.Method]; ok {
-		handler.ServeHTTP(w, req)
-	} else {
-		allow := []string{}
-		for k := range h {
-			allow = append(allow, k)
-		}
-		sort.Strings(allow)
-		w.Header().Set("Allow", strings.Join(allow, ", "))
-		if req.Method == "OPTIONS" {
-			w.WriteHeader(http.StatusOK)
-		} else {
-			http.Error(w, "Method not allowed", http.StatusMethodNotAllowed)
-		}
-	}
-}
-
-// responseLogger is wrapper of http.ResponseWriter that keeps track of its HTTP
-// status code and body size
-type responseLogger struct {
-	w      http.ResponseWriter
-	status int
-	size   int
-}
-
-func (l *responseLogger) Write(b []byte) (int, error) {
-	size, err := l.w.Write(b)
-	l.size += size
-	return size, err
-}
-
-func (l *responseLogger) WriteHeader(s int) {
-	l.w.WriteHeader(s)
-	l.status = s
-}
-
-func (l *responseLogger) Status() int {
-	return l.status
-}
-
-func (l *responseLogger) Size() int {
-	return l.size
-}
-
-func (l *responseLogger) Hijack() (net.Conn, *bufio.ReadWriter, error) {
-	conn, rw, err := l.w.(http.Hijacker).Hijack()
-	if err == nil && l.status == 0 {
-		// The status will be StatusSwitchingProtocols if there was no error and
-		// WriteHeader has not been called yet
-		l.status = http.StatusSwitchingProtocols
-	}
-	return conn, rw, err
-}
-
-// isContentType validates the Content-Type header matches the supplied
-// contentType. That is, its type and subtype match.
-func isContentType(h http.Header, contentType string) bool {
-	ct := h.Get("Content-Type")
-	if i := strings.IndexRune(ct, ';'); i != -1 {
-		ct = ct[0:i]
-	}
-	return ct == contentType
-}
-
-// ContentTypeHandler wraps and returns a http.Handler, validating the request
-// content type is compatible with the contentTypes list. It writes a HTTP 415
-// error if that fails.
-//
-// Only PUT, POST, and PATCH requests are considered.
-func ContentTypeHandler(h http.Handler, contentTypes ...string) http.Handler {
-	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		if !(r.Method == "PUT" || r.Method == "POST" || r.Method == "PATCH") {
-			h.ServeHTTP(w, r)
-			return
-		}
-
-		for _, ct := range contentTypes {
-			if isContentType(r.Header, ct) {
-				h.ServeHTTP(w, r)
-				return
-			}
-		}
-		http.Error(w, fmt.Sprintf("Unsupported content type %q; expected one of %q", r.Header.Get("Content-Type"), contentTypes), http.StatusUnsupportedMediaType)
-	})
-}
-
-const (
-	// HTTPMethodOverrideHeader is a commonly used
-	// http header to override a request method.
-	HTTPMethodOverrideHeader = "X-HTTP-Method-Override"
-	// HTTPMethodOverrideFormKey is a commonly used
-	// HTML form key to override a request method.
-	HTTPMethodOverrideFormKey = "_method"
-)
-
-// HTTPMethodOverrideHandler wraps and returns a http.Handler which checks for
-// the X-HTTP-Method-Override header or the _method form key, and overrides (if
-// valid) request.Method with its value.
-//
-// This is especially useful for HTTP clients that don't support many http verbs.
-// It isn't secure to override e.g a GET to a POST, so only POST requests are
-// considered.  Likewise, the override method can only be a "write" method: PUT,
-// PATCH or DELETE.
-//
-// Form method takes precedence over header method.
-func HTTPMethodOverrideHandler(h http.Handler) http.Handler {
-	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		if r.Method == "POST" {
-			om := r.FormValue(HTTPMethodOverrideFormKey)
-			if om == "" {
-				om = r.Header.Get(HTTPMethodOverrideHeader)
-			}
-			if om == "PUT" || om == "PATCH" || om == "DELETE" {
-				r.Method = om
-			}
-		}
-		h.ServeHTTP(w, r)
-	})
-}
diff --git a/vendor/github.com/gorilla/handlers/logging.go b/vendor/github.com/gorilla/handlers/logging.go
deleted file mode 100644
index 228465eba..000000000
--- a/vendor/github.com/gorilla/handlers/logging.go
+++ /dev/null
@@ -1,244 +0,0 @@
-// Copyright 2013 The Gorilla Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package handlers
-
-import (
-	"io"
-	"net"
-	"net/http"
-	"net/url"
-	"strconv"
-	"time"
-	"unicode/utf8"
-
-	"github.com/felixge/httpsnoop"
-)
-
-// Logging
-
-// LogFormatterParams is the structure any formatter will be handed when time to log comes
-type LogFormatterParams struct {
-	Request    *http.Request
-	URL        url.URL
-	TimeStamp  time.Time
-	StatusCode int
-	Size       int
-}
-
-// LogFormatter gives the signature of the formatter function passed to CustomLoggingHandler
-type LogFormatter func(writer io.Writer, params LogFormatterParams)
-
-// loggingHandler is the http.Handler implementation for LoggingHandlerTo and its
-// friends
-
-type loggingHandler struct {
-	writer    io.Writer
-	handler   http.Handler
-	formatter LogFormatter
-}
-
-func (h loggingHandler) ServeHTTP(w http.ResponseWriter, req *http.Request) {
-	t := time.Now()
-	logger, w := makeLogger(w)
-	url := *req.URL
-
-	h.handler.ServeHTTP(w, req)
-	if req.MultipartForm != nil {
-		req.MultipartForm.RemoveAll()
-	}
-
-	params := LogFormatterParams{
-		Request:    req,
-		URL:        url,
-		TimeStamp:  t,
-		StatusCode: logger.Status(),
-		Size:       logger.Size(),
-	}
-
-	h.formatter(h.writer, params)
-}
-
-func makeLogger(w http.ResponseWriter) (*responseLogger, http.ResponseWriter) {
-	logger := &responseLogger{w: w, status: http.StatusOK}
-	return logger, httpsnoop.Wrap(w, httpsnoop.Hooks{
-		Write: func(httpsnoop.WriteFunc) httpsnoop.WriteFunc {
-			return logger.Write
-		},
-		WriteHeader: func(httpsnoop.WriteHeaderFunc) httpsnoop.WriteHeaderFunc {
-			return logger.WriteHeader
-		},
-	})
-}
-
-const lowerhex = "0123456789abcdef"
-
-func appendQuoted(buf []byte, s string) []byte {
-	var runeTmp [utf8.UTFMax]byte
-	for width := 0; len(s) > 0; s = s[width:] {
-		r := rune(s[0])
-		width = 1
-		if r >= utf8.RuneSelf {
-			r, width = utf8.DecodeRuneInString(s)
-		}
-		if width == 1 && r == utf8.RuneError {
-			buf = append(buf, `\x`...)
-			buf = append(buf, lowerhex[s[0]>>4])
-			buf = append(buf, lowerhex[s[0]&0xF])
-			continue
-		}
-		if r == rune('"') || r == '\\' { // always backslashed
-			buf = append(buf, '\\')
-			buf = append(buf, byte(r))
-			continue
-		}
-		if strconv.IsPrint(r) {
-			n := utf8.EncodeRune(runeTmp[:], r)
-			buf = append(buf, runeTmp[:n]...)
-			continue
-		}
-		switch r {
-		case '\a':
-			buf = append(buf, `\a`...)
-		case '\b':
-			buf = append(buf, `\b`...)
-		case '\f':
-			buf = append(buf, `\f`...)
-		case '\n':
-			buf = append(buf, `\n`...)
-		case '\r':
-			buf = append(buf, `\r`...)
-		case '\t':
-			buf = append(buf, `\t`...)
-		case '\v':
-			buf = append(buf, `\v`...)
-		default:
-			switch {
-			case r < ' ':
-				buf = append(buf, `\x`...)
-				buf = append(buf, lowerhex[s[0]>>4])
-				buf = append(buf, lowerhex[s[0]&0xF])
-			case r > utf8.MaxRune:
-				r = 0xFFFD
-				fallthrough
-			case r < 0x10000:
-				buf = append(buf, `\u`...)
-				for s := 12; s >= 0; s -= 4 {
-					buf = append(buf, lowerhex[r>>uint(s)&0xF])
-				}
-			default:
-				buf = append(buf, `\U`...)
-				for s := 28; s >= 0; s -= 4 {
-					buf = append(buf, lowerhex[r>>uint(s)&0xF])
-				}
-			}
-		}
-	}
-	return buf
-}
-
-// buildCommonLogLine builds a log entry for req in Apache Common Log Format.
-// ts is the timestamp with which the entry should be logged.
-// status and size are used to provide the response HTTP status and size.
-func buildCommonLogLine(req *http.Request, url url.URL, ts time.Time, status int, size int) []byte {
-	username := "-"
-	if url.User != nil {
-		if name := url.User.Username(); name != "" {
-			username = name
-		}
-	}
-
-	host, _, err := net.SplitHostPort(req.RemoteAddr)
-	if err != nil {
-		host = req.RemoteAddr
-	}
-
-	uri := req.RequestURI
-
-	// Requests using the CONNECT method over HTTP/2.0 must use
-	// the authority field (aka r.Host) to identify the target.
-	// Refer: https://httpwg.github.io/specs/rfc7540.html#CONNECT
-	if req.ProtoMajor == 2 && req.Method == "CONNECT" {
-		uri = req.Host
-	}
-	if uri == "" {
-		uri = url.RequestURI()
-	}
-
-	buf := make([]byte, 0, 3*(len(host)+len(username)+len(req.Method)+len(uri)+len(req.Proto)+50)/2)
-	buf = append(buf, host...)
-	buf = append(buf, " - "...)
-	buf = append(buf, username...)
-	buf = append(buf, " ["...)
-	buf = append(buf, ts.Format("02/Jan/2006:15:04:05 -0700")...)
-	buf = append(buf, `] "`...)
-	buf = append(buf, req.Method...)
-	buf = append(buf, " "...)
-	buf = appendQuoted(buf, uri)
-	buf = append(buf, " "...)
-	buf = append(buf, req.Proto...)
-	buf = append(buf, `" `...)
-	buf = append(buf, strconv.Itoa(status)...)
-	buf = append(buf, " "...)
-	buf = append(buf, strconv.Itoa(size)...)
-	return buf
-}
-
-// writeLog writes a log entry for req to w in Apache Common Log Format.
-// ts is the timestamp with which the entry should be logged.
-// status and size are used to provide the response HTTP status and size.
-func writeLog(writer io.Writer, params LogFormatterParams) {
-	buf := buildCommonLogLine(params.Request, params.URL, params.TimeStamp, params.StatusCode, params.Size)
-	buf = append(buf, '\n')
-	writer.Write(buf)
-}
-
-// writeCombinedLog writes a log entry for req to w in Apache Combined Log Format.
-// ts is the timestamp with which the entry should be logged.
-// status and size are used to provide the response HTTP status and size.
-func writeCombinedLog(writer io.Writer, params LogFormatterParams) {
-	buf := buildCommonLogLine(params.Request, params.URL, params.TimeStamp, params.StatusCode, params.Size)
-	buf = append(buf, ` "`...)
-	buf = appendQuoted(buf, params.Request.Referer())
-	buf = append(buf, `" "`...)
-	buf = appendQuoted(buf, params.Request.UserAgent())
-	buf = append(buf, '"', '\n')
-	writer.Write(buf)
-}
-
-// CombinedLoggingHandler return a http.Handler that wraps h and logs requests to out in
-// Apache Combined Log Format.
-//
-// See http://httpd.apache.org/docs/2.2/logs.html#combined for a description of this format.
-//
-// LoggingHandler always sets the ident field of the log to -
-func CombinedLoggingHandler(out io.Writer, h http.Handler) http.Handler {
-	return loggingHandler{out, h, writeCombinedLog}
-}
-
-// LoggingHandler return a http.Handler that wraps h and logs requests to out in
-// Apache Common Log Format (CLF).
-//
-// See http://httpd.apache.org/docs/2.2/logs.html#common for a description of this format.
-//
-// LoggingHandler always sets the ident field of the log to -
-//
-// Example:
-//
-//  r := mux.NewRouter()
-//  r.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
-//  	w.Write([]byte("This is a catch-all route"))
-//  })
-//  loggedRouter := handlers.LoggingHandler(os.Stdout, r)
-//  http.ListenAndServe(":1123", loggedRouter)
-//
-func LoggingHandler(out io.Writer, h http.Handler) http.Handler {
-	return loggingHandler{out, h, writeLog}
-}
-
-// CustomLoggingHandler provides a way to supply a custom log formatter
-// while taking advantage of the mechanisms in this package
-func CustomLoggingHandler(out io.Writer, h http.Handler, f LogFormatter) http.Handler {
-	return loggingHandler{out, h, f}
-}
diff --git a/vendor/github.com/gorilla/handlers/proxy_headers.go b/vendor/github.com/gorilla/handlers/proxy_headers.go
deleted file mode 100644
index ed939dcef..000000000
--- a/vendor/github.com/gorilla/handlers/proxy_headers.go
+++ /dev/null
@@ -1,120 +0,0 @@
-package handlers
-
-import (
-	"net/http"
-	"regexp"
-	"strings"
-)
-
-var (
-	// De-facto standard header keys.
-	xForwardedFor    = http.CanonicalHeaderKey("X-Forwarded-For")
-	xForwardedHost   = http.CanonicalHeaderKey("X-Forwarded-Host")
-	xForwardedProto  = http.CanonicalHeaderKey("X-Forwarded-Proto")
-	xForwardedScheme = http.CanonicalHeaderKey("X-Forwarded-Scheme")
-	xRealIP          = http.CanonicalHeaderKey("X-Real-IP")
-)
-
-var (
-	// RFC7239 defines a new "Forwarded: " header designed to replace the
-	// existing use of X-Forwarded-* headers.
-	// e.g. Forwarded: for=192.0.2.60;proto=https;by=203.0.113.43
-	forwarded = http.CanonicalHeaderKey("Forwarded")
-	// Allows for a sub-match of the first value after 'for=' to the next
-	// comma, semi-colon or space. The match is case-insensitive.
-	forRegex = regexp.MustCompile(`(?i)(?:for=)([^(;|,| )]+)`)
-	// Allows for a sub-match for the first instance of scheme (http|https)
-	// prefixed by 'proto='. The match is case-insensitive.
-	protoRegex = regexp.MustCompile(`(?i)(?:proto=)(https|http)`)
-)
-
-// ProxyHeaders inspects common reverse proxy headers and sets the corresponding
-// fields in the HTTP request struct. These are X-Forwarded-For and X-Real-IP
-// for the remote (client) IP address, X-Forwarded-Proto or X-Forwarded-Scheme
-// for the scheme (http|https), X-Forwarded-Host for the host and the RFC7239
-// Forwarded header, which may include both client IPs and schemes.
-//
-// NOTE: This middleware should only be used when behind a reverse
-// proxy like nginx, HAProxy or Apache. Reverse proxies that don't (or are
-// configured not to) strip these headers from client requests, or where these
-// headers are accepted "as is" from a remote client (e.g. when Go is not behind
-// a proxy), can manifest as a vulnerability if your application uses these
-// headers for validating the 'trustworthiness' of a request.
-func ProxyHeaders(h http.Handler) http.Handler {
-	fn := func(w http.ResponseWriter, r *http.Request) {
-		// Set the remote IP with the value passed from the proxy.
-		if fwd := getIP(r); fwd != "" {
-			r.RemoteAddr = fwd
-		}
-
-		// Set the scheme (proto) with the value passed from the proxy.
-		if scheme := getScheme(r); scheme != "" {
-			r.URL.Scheme = scheme
-		}
-		// Set the host with the value passed by the proxy
-		if r.Header.Get(xForwardedHost) != "" {
-			r.Host = r.Header.Get(xForwardedHost)
-		}
-		// Call the next handler in the chain.
-		h.ServeHTTP(w, r)
-	}
-
-	return http.HandlerFunc(fn)
-}
-
-// getIP retrieves the IP from the X-Forwarded-For, X-Real-IP and RFC7239
-// Forwarded headers (in that order).
-func getIP(r *http.Request) string {
-	var addr string
-
-	if fwd := r.Header.Get(xForwardedFor); fwd != "" {
-		// Only grab the first (client) address. Note that '192.168.0.1,
-		// 10.1.1.1' is a valid key for X-Forwarded-For where addresses after
-		// the first may represent forwarding proxies earlier in the chain.
-		s := strings.Index(fwd, ", ")
-		if s == -1 {
-			s = len(fwd)
-		}
-		addr = fwd[:s]
-	} else if fwd := r.Header.Get(xRealIP); fwd != "" {
-		// X-Real-IP should only contain one IP address (the client making the
-		// request).
-		addr = fwd
-	} else if fwd := r.Header.Get(forwarded); fwd != "" {
-		// match should contain at least two elements if the protocol was
-		// specified in the Forwarded header. The first element will always be
-		// the 'for=' capture, which we ignore. In the case of multiple IP
-		// addresses (for=8.8.8.8, 8.8.4.4,172.16.1.20 is valid) we only
-		// extract the first, which should be the client IP.
-		if match := forRegex.FindStringSubmatch(fwd); len(match) > 1 {
-			// IPv6 addresses in Forwarded headers are quoted-strings. We strip
-			// these quotes.
-			addr = strings.Trim(match[1], `"`)
-		}
-	}
-
-	return addr
-}
-
-// getScheme retrieves the scheme from the X-Forwarded-Proto and RFC7239
-// Forwarded headers (in that order).
-func getScheme(r *http.Request) string {
-	var scheme string
-
-	// Retrieve the scheme from X-Forwarded-Proto.
-	if proto := r.Header.Get(xForwardedProto); proto != "" {
-		scheme = strings.ToLower(proto)
-	} else if proto = r.Header.Get(xForwardedScheme); proto != "" {
-		scheme = strings.ToLower(proto)
-	} else if proto = r.Header.Get(forwarded); proto != "" {
-		// match should contain at least two elements if the protocol was
-		// specified in the Forwarded header. The first element will always be
-		// the 'proto=' capture, which we ignore. In the case of multiple proto
-		// parameters (invalid) we only extract the first.
-		if match := protoRegex.FindStringSubmatch(proto); len(match) > 1 {
-			scheme = strings.ToLower(match[1])
-		}
-	}
-
-	return scheme
-}
diff --git a/vendor/github.com/gorilla/handlers/recovery.go b/vendor/github.com/gorilla/handlers/recovery.go
deleted file mode 100644
index 4c4c1d9c6..000000000
--- a/vendor/github.com/gorilla/handlers/recovery.go
+++ /dev/null
@@ -1,96 +0,0 @@
-package handlers
-
-import (
-	"log"
-	"net/http"
-	"runtime/debug"
-)
-
-// RecoveryHandlerLogger is an interface used by the recovering handler to print logs.
-type RecoveryHandlerLogger interface {
-	Println(...interface{})
-}
-
-type recoveryHandler struct {
-	handler    http.Handler
-	logger     RecoveryHandlerLogger
-	printStack bool
-}
-
-// RecoveryOption provides a functional approach to define
-// configuration for a handler; such as setting the logging
-// whether or not to print stack traces on panic.
-type RecoveryOption func(http.Handler)
-
-func parseRecoveryOptions(h http.Handler, opts ...RecoveryOption) http.Handler {
-	for _, option := range opts {
-		option(h)
-	}
-
-	return h
-}
-
-// RecoveryHandler is HTTP middleware that recovers from a panic,
-// logs the panic, writes http.StatusInternalServerError, and
-// continues to the next handler.
-//
-// Example:
-//
-//  r := mux.NewRouter()
-//  r.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
-//  	panic("Unexpected error!")
-//  })
-//
-//  http.ListenAndServe(":1123", handlers.RecoveryHandler()(r))
-func RecoveryHandler(opts ...RecoveryOption) func(h http.Handler) http.Handler {
-	return func(h http.Handler) http.Handler {
-		r := &recoveryHandler{handler: h}
-		return parseRecoveryOptions(r, opts...)
-	}
-}
-
-// RecoveryLogger is a functional option to override
-// the default logger
-func RecoveryLogger(logger RecoveryHandlerLogger) RecoveryOption {
-	return func(h http.Handler) {
-		r := h.(*recoveryHandler)
-		r.logger = logger
-	}
-}
-
-// PrintRecoveryStack is a functional option to enable
-// or disable printing stack traces on panic.
-func PrintRecoveryStack(print bool) RecoveryOption {
-	return func(h http.Handler) {
-		r := h.(*recoveryHandler)
-		r.printStack = print
-	}
-}
-
-func (h recoveryHandler) ServeHTTP(w http.ResponseWriter, req *http.Request) {
-	defer func() {
-		if err := recover(); err != nil {
-			w.WriteHeader(http.StatusInternalServerError)
-			h.log(err)
-		}
-	}()
-
-	h.handler.ServeHTTP(w, req)
-}
-
-func (h recoveryHandler) log(v ...interface{}) {
-	if h.logger != nil {
-		h.logger.Println(v...)
-	} else {
-		log.Println(v...)
-	}
-
-	if h.printStack {
-		stack := string(debug.Stack())
-		if h.logger != nil {
-			h.logger.Println(stack)
-		} else {
-			log.Println(stack)
-		}
-	}
-}
diff --git a/vendor/github.com/kr/pretty/.gitignore b/vendor/github.com/kr/pretty/.gitignore
deleted file mode 100644
index b2d47811f..000000000
--- a/vendor/github.com/kr/pretty/.gitignore
+++ /dev/null
@@ -1,5 +0,0 @@
-[568].out
-_go*
-_test*
-_obj
-/.idea
diff --git a/vendor/github.com/kr/pretty/License b/vendor/github.com/kr/pretty/License
deleted file mode 100644
index 480a32805..000000000
--- a/vendor/github.com/kr/pretty/License
+++ /dev/null
@@ -1,19 +0,0 @@
-Copyright 2012 Keith Rarick
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in
-all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-THE SOFTWARE.
diff --git a/vendor/github.com/kr/pretty/Readme b/vendor/github.com/kr/pretty/Readme
deleted file mode 100644
index c589fc622..000000000
--- a/vendor/github.com/kr/pretty/Readme
+++ /dev/null
@@ -1,9 +0,0 @@
-package pretty
-
-    import "github.com/kr/pretty"
-
-    Package pretty provides pretty-printing for Go values.
-
-Documentation
-
-    http://godoc.org/github.com/kr/pretty
diff --git a/vendor/github.com/kr/pretty/diff.go b/vendor/github.com/kr/pretty/diff.go
deleted file mode 100644
index 40a09dc64..000000000
--- a/vendor/github.com/kr/pretty/diff.go
+++ /dev/null
@@ -1,295 +0,0 @@
-package pretty
-
-import (
-	"fmt"
-	"io"
-	"reflect"
-)
-
-type sbuf []string
-
-func (p *sbuf) Printf(format string, a ...interface{}) {
-	s := fmt.Sprintf(format, a...)
-	*p = append(*p, s)
-}
-
-// Diff returns a slice where each element describes
-// a difference between a and b.
-func Diff(a, b interface{}) (desc []string) {
-	Pdiff((*sbuf)(&desc), a, b)
-	return desc
-}
-
-// wprintfer calls Fprintf on w for each Printf call
-// with a trailing newline.
-type wprintfer struct{ w io.Writer }
-
-func (p *wprintfer) Printf(format string, a ...interface{}) {
-	fmt.Fprintf(p.w, format+"\n", a...)
-}
-
-// Fdiff writes to w a description of the differences between a and b.
-func Fdiff(w io.Writer, a, b interface{}) {
-	Pdiff(&wprintfer{w}, a, b)
-}
-
-type Printfer interface {
-	Printf(format string, a ...interface{})
-}
-
-// Pdiff prints to p a description of the differences between a and b.
-// It calls Printf once for each difference, with no trailing newline.
-// The standard library log.Logger is a Printfer.
-func Pdiff(p Printfer, a, b interface{}) {
-	d := diffPrinter{
-		w:        p,
-		aVisited: make(map[visit]visit),
-		bVisited: make(map[visit]visit),
-	}
-	d.diff(reflect.ValueOf(a), reflect.ValueOf(b))
-}
-
-type Logfer interface {
-	Logf(format string, a ...interface{})
-}
-
-// logprintfer calls Fprintf on w for each Printf call
-// with a trailing newline.
-type logprintfer struct{ l Logfer }
-
-func (p *logprintfer) Printf(format string, a ...interface{}) {
-	p.l.Logf(format, a...)
-}
-
-// Ldiff prints to l a description of the differences between a and b.
-// It calls Logf once for each difference, with no trailing newline.
-// The standard library testing.T and testing.B are Logfers.
-func Ldiff(l Logfer, a, b interface{}) {
-	Pdiff(&logprintfer{l}, a, b)
-}
-
-type diffPrinter struct {
-	w Printfer
-	l string // label
-
-	aVisited map[visit]visit
-	bVisited map[visit]visit
-}
-
-func (w diffPrinter) printf(f string, a ...interface{}) {
-	var l string
-	if w.l != "" {
-		l = w.l + ": "
-	}
-	w.w.Printf(l+f, a...)
-}
-
-func (w diffPrinter) diff(av, bv reflect.Value) {
-	if !av.IsValid() && bv.IsValid() {
-		w.printf("nil != %# v", formatter{v: bv, quote: true})
-		return
-	}
-	if av.IsValid() && !bv.IsValid() {
-		w.printf("%# v != nil", formatter{v: av, quote: true})
-		return
-	}
-	if !av.IsValid() && !bv.IsValid() {
-		return
-	}
-
-	at := av.Type()
-	bt := bv.Type()
-	if at != bt {
-		w.printf("%v != %v", at, bt)
-		return
-	}
-
-	if av.CanAddr() && bv.CanAddr() {
-		avis := visit{av.UnsafeAddr(), at}
-		bvis := visit{bv.UnsafeAddr(), bt}
-		var cycle bool
-
-		// Have we seen this value before?
-		if vis, ok := w.aVisited[avis]; ok {
-			cycle = true
-			if vis != bvis {
-				w.printf("%# v (previously visited) != %# v", formatter{v: av, quote: true}, formatter{v: bv, quote: true})
-			}
-		} else if _, ok := w.bVisited[bvis]; ok {
-			cycle = true
-			w.printf("%# v != %# v (previously visited)", formatter{v: av, quote: true}, formatter{v: bv, quote: true})
-		}
-		w.aVisited[avis] = bvis
-		w.bVisited[bvis] = avis
-		if cycle {
-			return
-		}
-	}
-
-	switch kind := at.Kind(); kind {
-	case reflect.Bool:
-		if a, b := av.Bool(), bv.Bool(); a != b {
-			w.printf("%v != %v", a, b)
-		}
-	case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64:
-		if a, b := av.Int(), bv.Int(); a != b {
-			w.printf("%d != %d", a, b)
-		}
-	case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr:
-		if a, b := av.Uint(), bv.Uint(); a != b {
-			w.printf("%d != %d", a, b)
-		}
-	case reflect.Float32, reflect.Float64:
-		if a, b := av.Float(), bv.Float(); a != b {
-			w.printf("%v != %v", a, b)
-		}
-	case reflect.Complex64, reflect.Complex128:
-		if a, b := av.Complex(), bv.Complex(); a != b {
-			w.printf("%v != %v", a, b)
-		}
-	case reflect.Array:
-		n := av.Len()
-		for i := 0; i < n; i++ {
-			w.relabel(fmt.Sprintf("[%d]", i)).diff(av.Index(i), bv.Index(i))
-		}
-	case reflect.Chan, reflect.Func, reflect.UnsafePointer:
-		if a, b := av.Pointer(), bv.Pointer(); a != b {
-			w.printf("%#x != %#x", a, b)
-		}
-	case reflect.Interface:
-		w.diff(av.Elem(), bv.Elem())
-	case reflect.Map:
-		ak, both, bk := keyDiff(av.MapKeys(), bv.MapKeys())
-		for _, k := range ak {
-			w := w.relabel(fmt.Sprintf("[%#v]", k))
-			w.printf("%q != (missing)", av.MapIndex(k))
-		}
-		for _, k := range both {
-			w := w.relabel(fmt.Sprintf("[%#v]", k))
-			w.diff(av.MapIndex(k), bv.MapIndex(k))
-		}
-		for _, k := range bk {
-			w := w.relabel(fmt.Sprintf("[%#v]", k))
-			w.printf("(missing) != %q", bv.MapIndex(k))
-		}
-	case reflect.Ptr:
-		switch {
-		case av.IsNil() && !bv.IsNil():
-			w.printf("nil != %# v", formatter{v: bv, quote: true})
-		case !av.IsNil() && bv.IsNil():
-			w.printf("%# v != nil", formatter{v: av, quote: true})
-		case !av.IsNil() && !bv.IsNil():
-			w.diff(av.Elem(), bv.Elem())
-		}
-	case reflect.Slice:
-		lenA := av.Len()
-		lenB := bv.Len()
-		if lenA != lenB {
-			w.printf("%s[%d] != %s[%d]", av.Type(), lenA, bv.Type(), lenB)
-			break
-		}
-		for i := 0; i < lenA; i++ {
-			w.relabel(fmt.Sprintf("[%d]", i)).diff(av.Index(i), bv.Index(i))
-		}
-	case reflect.String:
-		if a, b := av.String(), bv.String(); a != b {
-			w.printf("%q != %q", a, b)
-		}
-	case reflect.Struct:
-		for i := 0; i < av.NumField(); i++ {
-			w.relabel(at.Field(i).Name).diff(av.Field(i), bv.Field(i))
-		}
-	default:
-		panic("unknown reflect Kind: " + kind.String())
-	}
-}
-
-func (d diffPrinter) relabel(name string) (d1 diffPrinter) {
-	d1 = d
-	if d.l != "" && name[0] != '[' {
-		d1.l += "."
-	}
-	d1.l += name
-	return d1
-}
-
-// keyEqual compares a and b for equality.
-// Both a and b must be valid map keys.
-func keyEqual(av, bv reflect.Value) bool {
-	if !av.IsValid() && !bv.IsValid() {
-		return true
-	}
-	if !av.IsValid() || !bv.IsValid() || av.Type() != bv.Type() {
-		return false
-	}
-	switch kind := av.Kind(); kind {
-	case reflect.Bool:
-		a, b := av.Bool(), bv.Bool()
-		return a == b
-	case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64:
-		a, b := av.Int(), bv.Int()
-		return a == b
-	case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr:
-		a, b := av.Uint(), bv.Uint()
-		return a == b
-	case reflect.Float32, reflect.Float64:
-		a, b := av.Float(), bv.Float()
-		return a == b
-	case reflect.Complex64, reflect.Complex128:
-		a, b := av.Complex(), bv.Complex()
-		return a == b
-	case reflect.Array:
-		for i := 0; i < av.Len(); i++ {
-			if !keyEqual(av.Index(i), bv.Index(i)) {
-				return false
-			}
-		}
-		return true
-	case reflect.Chan, reflect.UnsafePointer, reflect.Ptr:
-		a, b := av.Pointer(), bv.Pointer()
-		return a == b
-	case reflect.Interface:
-		return keyEqual(av.Elem(), bv.Elem())
-	case reflect.String:
-		a, b := av.String(), bv.String()
-		return a == b
-	case reflect.Struct:
-		for i := 0; i < av.NumField(); i++ {
-			if !keyEqual(av.Field(i), bv.Field(i)) {
-				return false
-			}
-		}
-		return true
-	default:
-		panic("invalid map key type " + av.Type().String())
-	}
-}
-
-func keyDiff(a, b []reflect.Value) (ak, both, bk []reflect.Value) {
-	for _, av := range a {
-		inBoth := false
-		for _, bv := range b {
-			if keyEqual(av, bv) {
-				inBoth = true
-				both = append(both, av)
-				break
-			}
-		}
-		if !inBoth {
-			ak = append(ak, av)
-		}
-	}
-	for _, bv := range b {
-		inBoth := false
-		for _, av := range a {
-			if keyEqual(av, bv) {
-				inBoth = true
-				break
-			}
-		}
-		if !inBoth {
-			bk = append(bk, bv)
-		}
-	}
-	return
-}
diff --git a/vendor/github.com/kr/pretty/formatter.go b/vendor/github.com/kr/pretty/formatter.go
deleted file mode 100644
index 8e6969c59..000000000
--- a/vendor/github.com/kr/pretty/formatter.go
+++ /dev/null
@@ -1,355 +0,0 @@
-package pretty
-
-import (
-	"fmt"
-	"io"
-	"reflect"
-	"strconv"
-	"text/tabwriter"
-
-	"github.com/kr/text"
-	"github.com/rogpeppe/go-internal/fmtsort"
-)
-
-type formatter struct {
-	v     reflect.Value
-	force bool
-	quote bool
-}
-
-// Formatter makes a wrapper, f, that will format x as go source with line
-// breaks and tabs. Object f responds to the "%v" formatting verb when both the
-// "#" and " " (space) flags are set, for example:
-//
-//     fmt.Sprintf("%# v", Formatter(x))
-//
-// If one of these two flags is not set, or any other verb is used, f will
-// format x according to the usual rules of package fmt.
-// In particular, if x satisfies fmt.Formatter, then x.Format will be called.
-func Formatter(x interface{}) (f fmt.Formatter) {
-	return formatter{v: reflect.ValueOf(x), quote: true}
-}
-
-func (fo formatter) String() string {
-	return fmt.Sprint(fo.v.Interface()) // unwrap it
-}
-
-func (fo formatter) passThrough(f fmt.State, c rune) {
-	s := "%"
-	for i := 0; i < 128; i++ {
-		if f.Flag(i) {
-			s += string(rune(i))
-		}
-	}
-	if w, ok := f.Width(); ok {
-		s += fmt.Sprintf("%d", w)
-	}
-	if p, ok := f.Precision(); ok {
-		s += fmt.Sprintf(".%d", p)
-	}
-	s += string(c)
-	fmt.Fprintf(f, s, fo.v.Interface())
-}
-
-func (fo formatter) Format(f fmt.State, c rune) {
-	if fo.force || c == 'v' && f.Flag('#') && f.Flag(' ') {
-		w := tabwriter.NewWriter(f, 4, 4, 1, ' ', 0)
-		p := &printer{tw: w, Writer: w, visited: make(map[visit]int)}
-		p.printValue(fo.v, true, fo.quote)
-		w.Flush()
-		return
-	}
-	fo.passThrough(f, c)
-}
-
-type printer struct {
-	io.Writer
-	tw      *tabwriter.Writer
-	visited map[visit]int
-	depth   int
-}
-
-func (p *printer) indent() *printer {
-	q := *p
-	q.tw = tabwriter.NewWriter(p.Writer, 4, 4, 1, ' ', 0)
-	q.Writer = text.NewIndentWriter(q.tw, []byte{'\t'})
-	return &q
-}
-
-func (p *printer) printInline(v reflect.Value, x interface{}, showType bool) {
-	if showType {
-		io.WriteString(p, v.Type().String())
-		fmt.Fprintf(p, "(%#v)", x)
-	} else {
-		fmt.Fprintf(p, "%#v", x)
-	}
-}
-
-// printValue must keep track of already-printed pointer values to avoid
-// infinite recursion.
-type visit struct {
-	v   uintptr
-	typ reflect.Type
-}
-
-func (p *printer) catchPanic(v reflect.Value, method string) {
-	if r := recover(); r != nil {
-		if v.Kind() == reflect.Ptr && v.IsNil() {
-			writeByte(p, '(')
-			io.WriteString(p, v.Type().String())
-			io.WriteString(p, ")(nil)")
-			return
-		}
-		writeByte(p, '(')
-		io.WriteString(p, v.Type().String())
-		io.WriteString(p, ")(PANIC=calling method ")
-		io.WriteString(p, strconv.Quote(method))
-		io.WriteString(p, ": ")
-		fmt.Fprint(p, r)
-		writeByte(p, ')')
-	}
-}
-
-func (p *printer) printValue(v reflect.Value, showType, quote bool) {
-	if p.depth > 10 {
-		io.WriteString(p, "!%v(DEPTH EXCEEDED)")
-		return
-	}
-
-	if v.IsValid() && v.CanInterface() {
-		i := v.Interface()
-		if goStringer, ok := i.(fmt.GoStringer); ok {
-			defer p.catchPanic(v, "GoString")
-			io.WriteString(p, goStringer.GoString())
-			return
-		}
-	}
-
-	switch v.Kind() {
-	case reflect.Bool:
-		p.printInline(v, v.Bool(), showType)
-	case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64:
-		p.printInline(v, v.Int(), showType)
-	case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr:
-		p.printInline(v, v.Uint(), showType)
-	case reflect.Float32, reflect.Float64:
-		p.printInline(v, v.Float(), showType)
-	case reflect.Complex64, reflect.Complex128:
-		fmt.Fprintf(p, "%#v", v.Complex())
-	case reflect.String:
-		p.fmtString(v.String(), quote)
-	case reflect.Map:
-		t := v.Type()
-		if showType {
-			io.WriteString(p, t.String())
-		}
-		writeByte(p, '{')
-		if nonzero(v) {
-			expand := !canInline(v.Type())
-			pp := p
-			if expand {
-				writeByte(p, '\n')
-				pp = p.indent()
-			}
-			sm := fmtsort.Sort(v)
-			for i := 0; i < v.Len(); i++ {
-				k := sm.Key[i]
-				mv := sm.Value[i]
-				pp.printValue(k, false, true)
-				writeByte(pp, ':')
-				if expand {
-					writeByte(pp, '\t')
-				}
-				showTypeInStruct := t.Elem().Kind() == reflect.Interface
-				pp.printValue(mv, showTypeInStruct, true)
-				if expand {
-					io.WriteString(pp, ",\n")
-				} else if i < v.Len()-1 {
-					io.WriteString(pp, ", ")
-				}
-			}
-			if expand {
-				pp.tw.Flush()
-			}
-		}
-		writeByte(p, '}')
-	case reflect.Struct:
-		t := v.Type()
-		if v.CanAddr() {
-			addr := v.UnsafeAddr()
-			vis := visit{addr, t}
-			if vd, ok := p.visited[vis]; ok && vd < p.depth {
-				p.fmtString(t.String()+"{(CYCLIC REFERENCE)}", false)
-				break // don't print v again
-			}
-			p.visited[vis] = p.depth
-		}
-
-		if showType {
-			io.WriteString(p, t.String())
-		}
-		writeByte(p, '{')
-		if nonzero(v) {
-			expand := !canInline(v.Type())
-			pp := p
-			if expand {
-				writeByte(p, '\n')
-				pp = p.indent()
-			}
-			for i := 0; i < v.NumField(); i++ {
-				showTypeInStruct := true
-				if f := t.Field(i); f.Name != "" {
-					io.WriteString(pp, f.Name)
-					writeByte(pp, ':')
-					if expand {
-						writeByte(pp, '\t')
-					}
-					showTypeInStruct = labelType(f.Type)
-				}
-				pp.printValue(getField(v, i), showTypeInStruct, true)
-				if expand {
-					io.WriteString(pp, ",\n")
-				} else if i < v.NumField()-1 {
-					io.WriteString(pp, ", ")
-				}
-			}
-			if expand {
-				pp.tw.Flush()
-			}
-		}
-		writeByte(p, '}')
-	case reflect.Interface:
-		switch e := v.Elem(); {
-		case e.Kind() == reflect.Invalid:
-			io.WriteString(p, "nil")
-		case e.IsValid():
-			pp := *p
-			pp.depth++
-			pp.printValue(e, showType, true)
-		default:
-			io.WriteString(p, v.Type().String())
-			io.WriteString(p, "(nil)")
-		}
-	case reflect.Array, reflect.Slice:
-		t := v.Type()
-		if showType {
-			io.WriteString(p, t.String())
-		}
-		if v.Kind() == reflect.Slice && v.IsNil() && showType {
-			io.WriteString(p, "(nil)")
-			break
-		}
-		if v.Kind() == reflect.Slice && v.IsNil() {
-			io.WriteString(p, "nil")
-			break
-		}
-		writeByte(p, '{')
-		expand := !canInline(v.Type())
-		pp := p
-		if expand {
-			writeByte(p, '\n')
-			pp = p.indent()
-		}
-		for i := 0; i < v.Len(); i++ {
-			showTypeInSlice := t.Elem().Kind() == reflect.Interface
-			pp.printValue(v.Index(i), showTypeInSlice, true)
-			if expand {
-				io.WriteString(pp, ",\n")
-			} else if i < v.Len()-1 {
-				io.WriteString(pp, ", ")
-			}
-		}
-		if expand {
-			pp.tw.Flush()
-		}
-		writeByte(p, '}')
-	case reflect.Ptr:
-		e := v.Elem()
-		if !e.IsValid() {
-			writeByte(p, '(')
-			io.WriteString(p, v.Type().String())
-			io.WriteString(p, ")(nil)")
-		} else {
-			pp := *p
-			pp.depth++
-			writeByte(pp, '&')
-			pp.printValue(e, true, true)
-		}
-	case reflect.Chan:
-		x := v.Pointer()
-		if showType {
-			writeByte(p, '(')
-			io.WriteString(p, v.Type().String())
-			fmt.Fprintf(p, ")(%#v)", x)
-		} else {
-			fmt.Fprintf(p, "%#v", x)
-		}
-	case reflect.Func:
-		io.WriteString(p, v.Type().String())
-		io.WriteString(p, " {...}")
-	case reflect.UnsafePointer:
-		p.printInline(v, v.Pointer(), showType)
-	case reflect.Invalid:
-		io.WriteString(p, "nil")
-	}
-}
-
-func canInline(t reflect.Type) bool {
-	switch t.Kind() {
-	case reflect.Map:
-		return !canExpand(t.Elem())
-	case reflect.Struct:
-		for i := 0; i < t.NumField(); i++ {
-			if canExpand(t.Field(i).Type) {
-				return false
-			}
-		}
-		return true
-	case reflect.Interface:
-		return false
-	case reflect.Array, reflect.Slice:
-		return !canExpand(t.Elem())
-	case reflect.Ptr:
-		return false
-	case reflect.Chan, reflect.Func, reflect.UnsafePointer:
-		return false
-	}
-	return true
-}
-
-func canExpand(t reflect.Type) bool {
-	switch t.Kind() {
-	case reflect.Map, reflect.Struct,
-		reflect.Interface, reflect.Array, reflect.Slice,
-		reflect.Ptr:
-		return true
-	}
-	return false
-}
-
-func labelType(t reflect.Type) bool {
-	switch t.Kind() {
-	case reflect.Interface, reflect.Struct:
-		return true
-	}
-	return false
-}
-
-func (p *printer) fmtString(s string, quote bool) {
-	if quote {
-		s = strconv.Quote(s)
-	}
-	io.WriteString(p, s)
-}
-
-func writeByte(w io.Writer, b byte) {
-	w.Write([]byte{b})
-}
-
-func getField(v reflect.Value, i int) reflect.Value {
-	val := v.Field(i)
-	if val.Kind() == reflect.Interface && !val.IsNil() {
-		val = val.Elem()
-	}
-	return val
-}
diff --git a/vendor/github.com/kr/pretty/pretty.go b/vendor/github.com/kr/pretty/pretty.go
deleted file mode 100644
index b4ca583c0..000000000
--- a/vendor/github.com/kr/pretty/pretty.go
+++ /dev/null
@@ -1,108 +0,0 @@
-// Package pretty provides pretty-printing for Go values. This is
-// useful during debugging, to avoid wrapping long output lines in
-// the terminal.
-//
-// It provides a function, Formatter, that can be used with any
-// function that accepts a format string. It also provides
-// convenience wrappers for functions in packages fmt and log.
-package pretty
-
-import (
-	"fmt"
-	"io"
-	"log"
-	"reflect"
-)
-
-// Errorf is a convenience wrapper for fmt.Errorf.
-//
-// Calling Errorf(f, x, y) is equivalent to
-// fmt.Errorf(f, Formatter(x), Formatter(y)).
-func Errorf(format string, a ...interface{}) error {
-	return fmt.Errorf(format, wrap(a, false)...)
-}
-
-// Fprintf is a convenience wrapper for fmt.Fprintf.
-//
-// Calling Fprintf(w, f, x, y) is equivalent to
-// fmt.Fprintf(w, f, Formatter(x), Formatter(y)).
-func Fprintf(w io.Writer, format string, a ...interface{}) (n int, error error) {
-	return fmt.Fprintf(w, format, wrap(a, false)...)
-}
-
-// Log is a convenience wrapper for log.Printf.
-//
-// Calling Log(x, y) is equivalent to
-// log.Print(Formatter(x), Formatter(y)), but each operand is
-// formatted with "%# v".
-func Log(a ...interface{}) {
-	log.Print(wrap(a, true)...)
-}
-
-// Logf is a convenience wrapper for log.Printf.
-//
-// Calling Logf(f, x, y) is equivalent to
-// log.Printf(f, Formatter(x), Formatter(y)).
-func Logf(format string, a ...interface{}) {
-	log.Printf(format, wrap(a, false)...)
-}
-
-// Logln is a convenience wrapper for log.Printf.
-//
-// Calling Logln(x, y) is equivalent to
-// log.Println(Formatter(x), Formatter(y)), but each operand is
-// formatted with "%# v".
-func Logln(a ...interface{}) {
-	log.Println(wrap(a, true)...)
-}
-
-// Print pretty-prints its operands and writes to standard output.
-//
-// Calling Print(x, y) is equivalent to
-// fmt.Print(Formatter(x), Formatter(y)), but each operand is
-// formatted with "%# v".
-func Print(a ...interface{}) (n int, errno error) {
-	return fmt.Print(wrap(a, true)...)
-}
-
-// Printf is a convenience wrapper for fmt.Printf.
-//
-// Calling Printf(f, x, y) is equivalent to
-// fmt.Printf(f, Formatter(x), Formatter(y)).
-func Printf(format string, a ...interface{}) (n int, errno error) {
-	return fmt.Printf(format, wrap(a, false)...)
-}
-
-// Println pretty-prints its operands and writes to standard output.
-//
-// Calling Println(x, y) is equivalent to
-// fmt.Println(Formatter(x), Formatter(y)), but each operand is
-// formatted with "%# v".
-func Println(a ...interface{}) (n int, errno error) {
-	return fmt.Println(wrap(a, true)...)
-}
-
-// Sprint is a convenience wrapper for fmt.Sprintf.
-//
-// Calling Sprint(x, y) is equivalent to
-// fmt.Sprint(Formatter(x), Formatter(y)), but each operand is
-// formatted with "%# v".
-func Sprint(a ...interface{}) string {
-	return fmt.Sprint(wrap(a, true)...)
-}
-
-// Sprintf is a convenience wrapper for fmt.Sprintf.
-//
-// Calling Sprintf(f, x, y) is equivalent to
-// fmt.Sprintf(f, Formatter(x), Formatter(y)).
-func Sprintf(format string, a ...interface{}) string {
-	return fmt.Sprintf(format, wrap(a, false)...)
-}
-
-func wrap(a []interface{}, force bool) []interface{} {
-	w := make([]interface{}, len(a))
-	for i, x := range a {
-		w[i] = formatter{v: reflect.ValueOf(x), force: force}
-	}
-	return w
-}
diff --git a/vendor/github.com/kr/pretty/zero.go b/vendor/github.com/kr/pretty/zero.go
deleted file mode 100644
index abb5b6fc1..000000000
--- a/vendor/github.com/kr/pretty/zero.go
+++ /dev/null
@@ -1,41 +0,0 @@
-package pretty
-
-import (
-	"reflect"
-)
-
-func nonzero(v reflect.Value) bool {
-	switch v.Kind() {
-	case reflect.Bool:
-		return v.Bool()
-	case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64:
-		return v.Int() != 0
-	case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr:
-		return v.Uint() != 0
-	case reflect.Float32, reflect.Float64:
-		return v.Float() != 0
-	case reflect.Complex64, reflect.Complex128:
-		return v.Complex() != complex(0, 0)
-	case reflect.String:
-		return v.String() != ""
-	case reflect.Struct:
-		for i := 0; i < v.NumField(); i++ {
-			if nonzero(getField(v, i)) {
-				return true
-			}
-		}
-		return false
-	case reflect.Array:
-		for i := 0; i < v.Len(); i++ {
-			if nonzero(v.Index(i)) {
-				return true
-			}
-		}
-		return false
-	case reflect.Map, reflect.Interface, reflect.Slice, reflect.Ptr, reflect.Chan, reflect.Func:
-		return !v.IsNil()
-	case reflect.UnsafePointer:
-		return v.Pointer() != 0
-	}
-	return true
-}
diff --git a/vendor/github.com/kr/text/License b/vendor/github.com/kr/text/License
deleted file mode 100644
index 480a32805..000000000
--- a/vendor/github.com/kr/text/License
+++ /dev/null
@@ -1,19 +0,0 @@
-Copyright 2012 Keith Rarick
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in
-all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-THE SOFTWARE.
diff --git a/vendor/github.com/kr/text/Readme b/vendor/github.com/kr/text/Readme
deleted file mode 100644
index 7e6e7c068..000000000
--- a/vendor/github.com/kr/text/Readme
+++ /dev/null
@@ -1,3 +0,0 @@
-This is a Go package for manipulating paragraphs of text.
-
-See http://go.pkgdoc.org/github.com/kr/text for full documentation.
diff --git a/vendor/github.com/kr/text/doc.go b/vendor/github.com/kr/text/doc.go
deleted file mode 100644
index cf4c198f9..000000000
--- a/vendor/github.com/kr/text/doc.go
+++ /dev/null
@@ -1,3 +0,0 @@
-// Package text provides rudimentary functions for manipulating text in
-// paragraphs.
-package text
diff --git a/vendor/github.com/kr/text/indent.go b/vendor/github.com/kr/text/indent.go
deleted file mode 100644
index 4ebac45c0..000000000
--- a/vendor/github.com/kr/text/indent.go
+++ /dev/null
@@ -1,74 +0,0 @@
-package text
-
-import (
-	"io"
-)
-
-// Indent inserts prefix at the beginning of each non-empty line of s. The
-// end-of-line marker is NL.
-func Indent(s, prefix string) string {
-	return string(IndentBytes([]byte(s), []byte(prefix)))
-}
-
-// IndentBytes inserts prefix at the beginning of each non-empty line of b.
-// The end-of-line marker is NL.
-func IndentBytes(b, prefix []byte) []byte {
-	var res []byte
-	bol := true
-	for _, c := range b {
-		if bol && c != '\n' {
-			res = append(res, prefix...)
-		}
-		res = append(res, c)
-		bol = c == '\n'
-	}
-	return res
-}
-
-// Writer indents each line of its input.
-type indentWriter struct {
-	w   io.Writer
-	bol bool
-	pre [][]byte
-	sel int
-	off int
-}
-
-// NewIndentWriter makes a new write filter that indents the input
-// lines. Each line is prefixed in order with the corresponding
-// element of pre. If there are more lines than elements, the last
-// element of pre is repeated for each subsequent line.
-func NewIndentWriter(w io.Writer, pre ...[]byte) io.Writer {
-	return &indentWriter{
-		w:   w,
-		pre: pre,
-		bol: true,
-	}
-}
-
-// The only errors returned are from the underlying indentWriter.
-func (w *indentWriter) Write(p []byte) (n int, err error) {
-	for _, c := range p {
-		if w.bol {
-			var i int
-			i, err = w.w.Write(w.pre[w.sel][w.off:])
-			w.off += i
-			if err != nil {
-				return n, err
-			}
-		}
-		_, err = w.w.Write([]byte{c})
-		if err != nil {
-			return n, err
-		}
-		n++
-		w.bol = c == '\n'
-		if w.bol {
-			w.off = 0
-			if w.sel < len(w.pre)-1 {
-				w.sel++
-			}
-		}
-	}
-	return n, nil
-}
diff --git a/vendor/github.com/kr/text/wrap.go b/vendor/github.com/kr/text/wrap.go
deleted file mode 100644
index b09bb0373..000000000
--- a/vendor/github.com/kr/text/wrap.go
+++ /dev/null
@@ -1,86 +0,0 @@
-package text
-
-import (
-	"bytes"
-	"math"
-)
-
-var (
-	nl = []byte{'\n'}
-	sp = []byte{' '}
-)
-
-const defaultPenalty = 1e5
-
-// Wrap wraps s into a paragraph of lines of length lim, with minimal
-// raggedness.
-func Wrap(s string, lim int) string {
-	return string(WrapBytes([]byte(s), lim))
-}
-
-// WrapBytes wraps b into a paragraph of lines of length lim, with minimal
-// raggedness.
-func WrapBytes(b []byte, lim int) []byte {
-	words := bytes.Split(bytes.Replace(bytes.TrimSpace(b), nl, sp, -1), sp)
-	var lines [][]byte
-	for _, line := range WrapWords(words, 1, lim, defaultPenalty) {
-		lines = append(lines, bytes.Join(line, sp))
-	}
-	return bytes.Join(lines, nl)
-}
-
-// WrapWords is the low-level line-breaking algorithm, useful if you need more
-// control over the details of the text wrapping process. For most uses, either
-// Wrap or WrapBytes will be sufficient and more convenient.
-//
-// WrapWords splits a list of words into lines with minimal "raggedness",
-// treating each byte as one unit, accounting for spc units between adjacent
-// words on each line, and attempting to limit lines to lim units. Raggedness
-// is the total error over all lines, where error is the square of the
-// difference of the length of the line and lim. Too-long lines (which only
-// happen when a single word is longer than lim units) have pen penalty units
-// added to the error.
-func WrapWords(words [][]byte, spc, lim, pen int) [][][]byte {
-	n := len(words)
-
-	length := make([][]int, n)
-	for i := 0; i < n; i++ {
-		length[i] = make([]int, n)
-		length[i][i] = len(words[i])
-		for j := i + 1; j < n; j++ {
-			length[i][j] = length[i][j-1] + spc + len(words[j])
-		}
-	}
-
-	nbrk := make([]int, n)
-	cost := make([]int, n)
-	for i := range cost {
-		cost[i] = math.MaxInt32
-	}
-	for i := n - 1; i >= 0; i-- {
-		if length[i][n-1] <= lim || i == n-1 {
-			cost[i] = 0
-			nbrk[i] = n
-		} else {
-			for j := i + 1; j < n; j++ {
-				d := lim - length[i][j-1]
-				c := d*d + cost[j]
-				if length[i][j-1] > lim {
-					c += pen // too-long lines get a worse penalty
-				}
-				if c < cost[i] {
-					cost[i] = c
-					nbrk[i] = j
-				}
-			}
-		}
-	}
-
-	var lines [][][]byte
-	i := 0
-	for i < n {
-		lines = append(lines, words[i:nbrk[i]])
-		i = nbrk[i]
-	}
-	return lines
-}
diff --git a/vendor/github.com/ncw/swift/.gitignore b/vendor/github.com/ncw/swift/.gitignore
deleted file mode 100644
index 5cdbab794..000000000
--- a/vendor/github.com/ncw/swift/.gitignore
+++ /dev/null
@@ -1,4 +0,0 @@
-*~
-*.pyc
-test-env*
-junk/
\ No newline at end of file
diff --git a/vendor/github.com/ncw/swift/.travis.yml b/vendor/github.com/ncw/swift/.travis.yml
deleted file mode 100644
index e0a61643b..000000000
--- a/vendor/github.com/ncw/swift/.travis.yml
+++ /dev/null
@@ -1,33 +0,0 @@
-language: go
-sudo: false
-
-go:
-  - 1.2.x
-  - 1.3.x
-  - 1.4.x
-  - 1.5.x
-  - 1.6.x
-  - 1.7.x
-  - 1.8.x
-  - 1.9.x
-  - 1.10.x
-  - 1.11.x
-  - 1.12.x
-  - master
-
-matrix:
-  include:
-  - go: 1.12.x
-    env: TEST_REAL_SERVER=rackspace
-  - go: 1.12.x
-    env: TEST_REAL_SERVER=memset
-  allow_failures:
-  - go: 1.12.x
-    env: TEST_REAL_SERVER=rackspace
-  - go: 1.12.x
-    env: TEST_REAL_SERVER=memset
-install: go test -i ./...
-script:
-  - test -z "$(go fmt ./...)"
-  - go test
-  - ./travis_realserver.sh
diff --git a/vendor/github.com/ncw/swift/COPYING b/vendor/github.com/ncw/swift/COPYING
deleted file mode 100644
index 8c27c67fd..000000000
--- a/vendor/github.com/ncw/swift/COPYING
+++ /dev/null
@@ -1,20 +0,0 @@
-Copyright (C) 2012 by Nick Craig-Wood http://www.craig-wood.com/nick/
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in
-all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-THE SOFTWARE.
-
diff --git a/vendor/github.com/ncw/swift/README.md b/vendor/github.com/ncw/swift/README.md
deleted file mode 100644
index 0a09293d8..000000000
--- a/vendor/github.com/ncw/swift/README.md
+++ /dev/null
@@ -1,156 +0,0 @@
-Swift
-=====
-
-This package provides an easy to use library for interfacing with
-Swift / Openstack Object Storage / Rackspace cloud files from the Go
-Language
-
-See here for package docs
-
-  http://godoc.org/github.com/ncw/swift
-
-[![Build Status](https://api.travis-ci.org/ncw/swift.svg?branch=master)](https://travis-ci.org/ncw/swift) [![GoDoc](https://godoc.org/github.com/ncw/swift?status.svg)](https://godoc.org/github.com/ncw/swift) 
-
-Install
--------
-
-Use go to install the library
-
-    go get github.com/ncw/swift
-
-Usage
------
-
-See here for full package docs
-
-- http://godoc.org/github.com/ncw/swift
-
-Here is a short example from the docs
-```go
-import "github.com/ncw/swift"
-
-// Create a connection
-c := swift.Connection{
-    UserName: "user",
-    ApiKey:   "key",
-    AuthUrl:  "auth_url",
-    Domain:   "domain",  // Name of the domain (v3 auth only)
-    Tenant:   "tenant",  // Name of the tenant (v2 auth only)
-}
-// Authenticate
-err := c.Authenticate()
-if err != nil {
-    panic(err)
-}
-// List all the containers
-containers, err := c.ContainerNames(nil)
-fmt.Println(containers)
-// etc...
-```
-
-Additions
----------
-
-The `rs` sub project contains a wrapper for the Rackspace specific CDN Management interface.
-
-Testing
--------
-
-To run the tests you can either use an embedded fake Swift server
-either use a real Openstack Swift server or a Rackspace Cloud files account.
-
-When using a real Swift server, you need to set these environment variables
-before running the tests
-
-    export SWIFT_API_USER='user'
-    export SWIFT_API_KEY='key'
-    export SWIFT_AUTH_URL='https://url.of.auth.server/v1.0'
-
-And optionally these if using v2 authentication
-
-    export SWIFT_TENANT='TenantName'
-    export SWIFT_TENANT_ID='TenantId'
-
-And optionally these if using v3 authentication
-
-    export SWIFT_TENANT='TenantName'
-    export SWIFT_TENANT_ID='TenantId'
-    export SWIFT_API_DOMAIN_ID='domain id'
-    export SWIFT_API_DOMAIN='domain name'
-
-And optionally these if using v3 trust
-
-    export SWIFT_TRUST_ID='TrustId'
-
-And optionally this if you want to skip server certificate validation
-
-    export SWIFT_AUTH_INSECURE=1
-
-And optionally this to configure the connect channel timeout, in seconds
-
-    export SWIFT_CONNECTION_CHANNEL_TIMEOUT=60
-
-And optionally this to configure the data channel timeout, in seconds
-
-    export SWIFT_DATA_CHANNEL_TIMEOUT=60
-
-Then run the tests with `go test`
-
-License
--------
-
-This is free software under the terms of MIT license (check COPYING file
-included in this package).
-
-Contact and support
--------------------
-
-The project website is at:
-
-- https://github.com/ncw/swift
-
-There you can file bug reports, ask for help or contribute patches.
-
-Authors
--------
-
-- Nick Craig-Wood <nick@craig-wood.com>
-
-Contributors
-------------
-
-- Brian "bojo" Jones <mojobojo@gmail.com>
-- Janika Liiv <janika@toggl.com>
-- Yamamoto, Hirotaka <ymmt2005@gmail.com>
-- Stephen <yo@groks.org>
-- platformpurple <stephen@platformpurple.com>
-- Paul Querna <pquerna@apache.org>
-- Livio Soares <liviobs@gmail.com>
-- thesyncim <thesyncim@gmail.com>
-- lsowen <lsowen@s1network.com> <logan@s1network.com>
-- Sylvain Baubeau <sbaubeau@redhat.com>
-- Chris Kastorff <encryptio@gmail.com>
-- Dai HaoJun <haojun.dai@hp.com>
-- Hua Wang <wanghua.humble@gmail.com>
-- Fabian Ruff <fabian@progra.de> <fabian.ruff@sap.com>
-- Arturo Reuschenbach Puncernau <reuschenbach@gmail.com>
-- Petr Kotek <petr.kotek@bigcommerce.com>
-- Stefan Majewsky <stefan.majewsky@sap.com> <majewsky@gmx.net>
-- Cezar Sa Espinola <cezarsa@gmail.com>
-- Sam Gunaratne <samgzeit@gmail.com>
-- Richard Scothern <richard.scothern@gmail.com>
-- Michel Couillard <!--<couillard.michel@voxlog.ca>--> <michel.couillard@gmail.com>
-- Christopher Waldon <ckwaldon@us.ibm.com>
-- dennis <dai.haojun@gmail.com>
-- hag <hannes.georg@xing.com>
-- Alexander Neumann <alexander@bumpern.de>
-- eclipseo <30413512+eclipseo@users.noreply.github.com>
-- Yuri Per <yuri@acronis.com>
-- Falk Reimann <falk.reimann@sap.com>
-- Arthur Paim Arnold <arthurpaimarnold@gmail.com>
-- Bruno Michel <bmichel@menfin.info>
-- Charles Hsu <charles0126@gmail.com>
-- Omar Ali <omarali@users.noreply.github.com>
-- Andreas Andersen <andreas@softwaredesign.se>
-- kayrus <kay.diam@gmail.com>
-- CodeLingo Bot <bot@codelingo.io>
diff --git a/vendor/github.com/ncw/swift/auth.go b/vendor/github.com/ncw/swift/auth.go
deleted file mode 100644
index 25654f429..000000000
--- a/vendor/github.com/ncw/swift/auth.go
+++ /dev/null
@@ -1,335 +0,0 @@
-package swift
-
-import (
-	"bytes"
-	"encoding/json"
-	"net/http"
-	"net/url"
-	"strings"
-	"time"
-)
-
-// Auth defines the operations needed to authenticate with swift
-//
-// This encapsulates the different authentication schemes in use
-type Authenticator interface {
-	// Request creates an http.Request for the auth - return nil if not needed
-	Request(*Connection) (*http.Request, error)
-	// Response parses the http.Response
-	Response(resp *http.Response) error
-	// The public storage URL - set Internal to true to read
-	// internal/service net URL
-	StorageUrl(Internal bool) string
-	// The access token
-	Token() string
-	// The CDN url if available
-	CdnUrl() string
-}
-
-// Expireser is an optional interface to read the expiration time of the token
-type Expireser interface {
-	Expires() time.Time
-}
-
-type CustomEndpointAuthenticator interface {
-	StorageUrlForEndpoint(endpointType EndpointType) string
-}
-
-type EndpointType string
-
-const (
-	// Use public URL as storage URL
-	EndpointTypePublic = EndpointType("public")
-
-	// Use internal URL as storage URL
-	EndpointTypeInternal = EndpointType("internal")
-
-	// Use admin URL as storage URL
-	EndpointTypeAdmin = EndpointType("admin")
-)
-
-// newAuth - create a new Authenticator from the AuthUrl
-//
-// A hint for AuthVersion can be provided
-func newAuth(c *Connection) (Authenticator, error) {
-	AuthVersion := c.AuthVersion
-	if AuthVersion == 0 {
-		if strings.Contains(c.AuthUrl, "v3") {
-			AuthVersion = 3
-		} else if strings.Contains(c.AuthUrl, "v2") {
-			AuthVersion = 2
-		} else if strings.Contains(c.AuthUrl, "v1") {
-			AuthVersion = 1
-		} else {
-			return nil, newErrorf(500, "Can't find AuthVersion in AuthUrl - set explicitly")
-		}
-	}
-	switch AuthVersion {
-	case 1:
-		return &v1Auth{}, nil
-	case 2:
-		return &v2Auth{
-			// Guess as to whether using API key or
-			// password it will try both eventually so
-			// this is just an optimization.
-			useApiKey: len(c.ApiKey) >= 32,
-		}, nil
-	case 3:
-		return &v3Auth{}, nil
-	}
-	return nil, newErrorf(500, "Auth Version %d not supported", AuthVersion)
-}
-
-// ------------------------------------------------------------
-
-// v1 auth
-type v1Auth struct {
-	Headers http.Header // V1 auth: the authentication headers so extensions can access them
-}
-
-// v1 Authentication - make request
-func (auth *v1Auth) Request(c *Connection) (*http.Request, error) {
-	req, err := http.NewRequest("GET", c.AuthUrl, nil)
-	if err != nil {
-		return nil, err
-	}
-	req.Header.Set("User-Agent", c.UserAgent)
-	req.Header.Set("X-Auth-Key", c.ApiKey)
-	req.Header.Set("X-Auth-User", c.UserName)
-	return req, nil
-}
-
-// v1 Authentication - read response
-func (auth *v1Auth) Response(resp *http.Response) error {
-	auth.Headers = resp.Header
-	return nil
-}
-
-// v1 Authentication - read storage url
-func (auth *v1Auth) StorageUrl(Internal bool) string {
-	storageUrl := auth.Headers.Get("X-Storage-Url")
-	if Internal {
-		newUrl, err := url.Parse(storageUrl)
-		if err != nil {
-			return storageUrl
-		}
-		newUrl.Host = "snet-" + newUrl.Host
-		storageUrl = newUrl.String()
-	}
-	return storageUrl
-}
-
-// v1 Authentication - read auth token
-func (auth *v1Auth) Token() string {
-	return auth.Headers.Get("X-Auth-Token")
-}
-
-// v1 Authentication - read cdn url
-func (auth *v1Auth) CdnUrl() string {
-	return auth.Headers.Get("X-CDN-Management-Url")
-}
-
-// ------------------------------------------------------------
-
-// v2 Authentication
-type v2Auth struct {
-	Auth        *v2AuthResponse
-	Region      string
-	useApiKey   bool // if set will use API key not Password
-	useApiKeyOk bool // if set won't change useApiKey any more
-	notFirst    bool // set after first run
-}
-
-// v2 Authentication - make request
-func (auth *v2Auth) Request(c *Connection) (*http.Request, error) {
-	auth.Region = c.Region
-	// Toggle useApiKey if not first run and not OK yet
-	if auth.notFirst && !auth.useApiKeyOk {
-		auth.useApiKey = !auth.useApiKey
-	}
-	auth.notFirst = true
-	// Create a V2 auth request for the body of the connection
-	var v2i interface{}
-	if !auth.useApiKey {
-		// Normal swift authentication
-		v2 := v2AuthRequest{}
-		v2.Auth.PasswordCredentials.UserName = c.UserName
-		v2.Auth.PasswordCredentials.Password = c.ApiKey
-		v2.Auth.Tenant = c.Tenant
-		v2.Auth.TenantId = c.TenantId
-		v2i = v2
-	} else {
-		// Rackspace special with API Key
-		v2 := v2AuthRequestRackspace{}
-		v2.Auth.ApiKeyCredentials.UserName = c.UserName
-		v2.Auth.ApiKeyCredentials.ApiKey = c.ApiKey
-		v2.Auth.Tenant = c.Tenant
-		v2.Auth.TenantId = c.TenantId
-		v2i = v2
-	}
-	body, err := json.Marshal(v2i)
-	if err != nil {
-		return nil, err
-	}
-	url := c.AuthUrl
-	if !strings.HasSuffix(url, "/") {
-		url += "/"
-	}
-	url += "tokens"
-	req, err := http.NewRequest("POST", url, bytes.NewBuffer(body))
-	if err != nil {
-		return nil, err
-	}
-	req.Header.Set("Content-Type", "application/json")
-	req.Header.Set("User-Agent", c.UserAgent)
-	return req, nil
-}
-
-// v2 Authentication - read response
-func (auth *v2Auth) Response(resp *http.Response) error {
-	auth.Auth = new(v2AuthResponse)
-	err := readJson(resp, auth.Auth)
-	// If successfully read Auth then no need to toggle useApiKey any more
-	if err == nil {
-		auth.useApiKeyOk = true
-	}
-	return err
-}
-
-// Finds the Endpoint Url of "type" from the v2AuthResponse using the
-// Region if set or defaulting to the first one if not
-//
-// Returns "" if not found
-func (auth *v2Auth) endpointUrl(Type string, endpointType EndpointType) string {
-	for _, catalog := range auth.Auth.Access.ServiceCatalog {
-		if catalog.Type == Type {
-			for _, endpoint := range catalog.Endpoints {
-				if auth.Region == "" || (auth.Region == endpoint.Region) {
-					switch endpointType {
-					case EndpointTypeInternal:
-						return endpoint.InternalUrl
-					case EndpointTypePublic:
-						return endpoint.PublicUrl
-					case EndpointTypeAdmin:
-						return endpoint.AdminUrl
-					default:
-						return ""
-					}
-				}
-			}
-		}
-	}
-	return ""
-}
-
-// v2 Authentication - read storage url
-//
-// If Internal is true then it reads the private (internal / service
-// net) URL.
-func (auth *v2Auth) StorageUrl(Internal bool) string {
-	endpointType := EndpointTypePublic
-	if Internal {
-		endpointType = EndpointTypeInternal
-	}
-	return auth.StorageUrlForEndpoint(endpointType)
-}
-
-// v2 Authentication - read storage url
-//
-// Use the indicated endpointType to choose a URL.
-func (auth *v2Auth) StorageUrlForEndpoint(endpointType EndpointType) string {
-	return auth.endpointUrl("object-store", endpointType)
-}
-
-// v2 Authentication - read auth token
-func (auth *v2Auth) Token() string {
-	return auth.Auth.Access.Token.Id
-}
-
-// v2 Authentication - read expires
-func (auth *v2Auth) Expires() time.Time {
-	t, err := time.Parse(time.RFC3339, auth.Auth.Access.Token.Expires)
-	if err != nil {
-		return time.Time{} // return Zero if not parsed
-	}
-	return t
-}
-
-// v2 Authentication - read cdn url
-func (auth *v2Auth) CdnUrl() string {
-	return auth.endpointUrl("rax:object-cdn", EndpointTypePublic)
-}
-
-// ------------------------------------------------------------
-
-// V2 Authentication request
-//
-// http://docs.openstack.org/developer/keystone/api_curl_examples.html
-// http://docs.rackspace.com/servers/api/v2/cs-gettingstarted/content/curl_auth.html
-// http://docs.openstack.org/api/openstack-identity-service/2.0/content/POST_authenticate_v2.0_tokens_.html
-type v2AuthRequest struct {
-	Auth struct {
-		PasswordCredentials struct {
-			UserName string `json:"username"`
-			Password string `json:"password"`
-		} `json:"passwordCredentials"`
-		Tenant   string `json:"tenantName,omitempty"`
-		TenantId string `json:"tenantId,omitempty"`
-	} `json:"auth"`
-}
-
-// V2 Authentication request - Rackspace variant
-//
-// http://docs.openstack.org/developer/keystone/api_curl_examples.html
-// http://docs.rackspace.com/servers/api/v2/cs-gettingstarted/content/curl_auth.html
-// http://docs.openstack.org/api/openstack-identity-service/2.0/content/POST_authenticate_v2.0_tokens_.html
-type v2AuthRequestRackspace struct {
-	Auth struct {
-		ApiKeyCredentials struct {
-			UserName string `json:"username"`
-			ApiKey   string `json:"apiKey"`
-		} `json:"RAX-KSKEY:apiKeyCredentials"`
-		Tenant   string `json:"tenantName,omitempty"`
-		TenantId string `json:"tenantId,omitempty"`
-	} `json:"auth"`
-}
-
-// V2 Authentication reply
-//
-// http://docs.openstack.org/developer/keystone/api_curl_examples.html
-// http://docs.rackspace.com/servers/api/v2/cs-gettingstarted/content/curl_auth.html
-// http://docs.openstack.org/api/openstack-identity-service/2.0/content/POST_authenticate_v2.0_tokens_.html
-type v2AuthResponse struct {
-	Access struct {
-		ServiceCatalog []struct {
-			Endpoints []struct {
-				InternalUrl string
-				PublicUrl   string
-				AdminUrl    string
-				Region      string
-				TenantId    string
-			}
-			Name string
-			Type string
-		}
-		Token struct {
-			Expires string
-			Id      string
-			Tenant  struct {
-				Id   string
-				Name string
-			}
-		}
-		User struct {
-			DefaultRegion string `json:"RAX-AUTH:defaultRegion"`
-			Id            string
-			Name          string
-			Roles         []struct {
-				Description string
-				Id          string
-				Name        string
-				TenantId    string
-			}
-		}
-	}
-}
diff --git a/vendor/github.com/ncw/swift/auth_v3.go b/vendor/github.com/ncw/swift/auth_v3.go
deleted file mode 100644
index 1e34ad814..000000000
--- a/vendor/github.com/ncw/swift/auth_v3.go
+++ /dev/null
@@ -1,300 +0,0 @@
-package swift
-
-import (
-	"bytes"
-	"encoding/json"
-	"fmt"
-	"net/http"
-	"strings"
-	"time"
-)
-
-const (
-	v3AuthMethodToken                 = "token"
-	v3AuthMethodPassword              = "password"
-	v3AuthMethodApplicationCredential = "application_credential"
-	v3CatalogTypeObjectStore          = "object-store"
-)
-
-// V3 Authentication request
-// http://docs.openstack.org/developer/keystone/api_curl_examples.html
-// http://developer.openstack.org/api-ref-identity-v3.html
-type v3AuthRequest struct {
-	Auth struct {
-		Identity struct {
-			Methods               []string                     `json:"methods"`
-			Password              *v3AuthPassword              `json:"password,omitempty"`
-			Token                 *v3AuthToken                 `json:"token,omitempty"`
-			ApplicationCredential *v3AuthApplicationCredential `json:"application_credential,omitempty"`
-		} `json:"identity"`
-		Scope *v3Scope `json:"scope,omitempty"`
-	} `json:"auth"`
-}
-
-type v3Scope struct {
-	Project *v3Project `json:"project,omitempty"`
-	Domain  *v3Domain  `json:"domain,omitempty"`
-	Trust   *v3Trust   `json:"OS-TRUST:trust,omitempty"`
-}
-
-type v3Domain struct {
-	Id   string `json:"id,omitempty"`
-	Name string `json:"name,omitempty"`
-}
-
-type v3Project struct {
-	Name   string    `json:"name,omitempty"`
-	Id     string    `json:"id,omitempty"`
-	Domain *v3Domain `json:"domain,omitempty"`
-}
-
-type v3Trust struct {
-	Id string `json:"id"`
-}
-
-type v3User struct {
-	Domain   *v3Domain `json:"domain,omitempty"`
-	Id       string    `json:"id,omitempty"`
-	Name     string    `json:"name,omitempty"`
-	Password string    `json:"password,omitempty"`
-}
-
-type v3AuthToken struct {
-	Id string `json:"id"`
-}
-
-type v3AuthPassword struct {
-	User v3User `json:"user"`
-}
-
-type v3AuthApplicationCredential struct {
-	Id     string  `json:"id,omitempty"`
-	Name   string  `json:"name,omitempty"`
-	Secret string  `json:"secret,omitempty"`
-	User   *v3User `json:"user,omitempty"`
-}
-
-// V3 Authentication response
-type v3AuthResponse struct {
-	Token struct {
-		ExpiresAt string `json:"expires_at"`
-		IssuedAt  string `json:"issued_at"`
-		Methods   []string
-		Roles     []struct {
-			Id, Name string
-			Links    struct {
-				Self string
-			}
-		}
-
-		Project struct {
-			Domain struct {
-				Id, Name string
-			}
-			Id, Name string
-		}
-
-		Catalog []struct {
-			Id, Namem, Type string
-			Endpoints       []struct {
-				Id, Region_Id, Url, Region string
-				Interface                  EndpointType
-			}
-		}
-
-		User struct {
-			Id, Name string
-			Domain   struct {
-				Id, Name string
-				Links    struct {
-					Self string
-				}
-			}
-		}
-
-		Audit_Ids []string
-	}
-}
-
-type v3Auth struct {
-	Region  string
-	Auth    *v3AuthResponse
-	Headers http.Header
-}
-
-func (auth *v3Auth) Request(c *Connection) (*http.Request, error) {
-	auth.Region = c.Region
-
-	var v3i interface{}
-
-	v3 := v3AuthRequest{}
-
-	if (c.ApplicationCredentialId != "" || c.ApplicationCredentialName != "") && c.ApplicationCredentialSecret != "" {
-		var user *v3User
-
-		if c.ApplicationCredentialId != "" {
-			c.ApplicationCredentialName = ""
-			user = &v3User{}
-		}
-
-		if user == nil && c.UserId != "" {
-			// UserID could be used without the domain information
-			user = &v3User{
-				Id: c.UserId,
-			}
-		}
-
-		if user == nil && c.UserName == "" {
-			// Make sure that Username or UserID are provided
-			return nil, fmt.Errorf("UserID or Name should be provided")
-		}
-
-		if user == nil && c.DomainId != "" {
-			user = &v3User{
-				Name: c.UserName,
-				Domain: &v3Domain{
-					Id: c.DomainId,
-				},
-			}
-		}
-
-		if user == nil && c.Domain != "" {
-			user = &v3User{
-				Name: c.UserName,
-				Domain: &v3Domain{
-					Name: c.Domain,
-				},
-			}
-		}
-
-		// Make sure that DomainID or DomainName are provided among Username
-		if user == nil {
-			return nil, fmt.Errorf("DomainID or Domain should be provided")
-		}
-
-		v3.Auth.Identity.Methods = []string{v3AuthMethodApplicationCredential}
-		v3.Auth.Identity.ApplicationCredential = &v3AuthApplicationCredential{
-			Id:     c.ApplicationCredentialId,
-			Name:   c.ApplicationCredentialName,
-			Secret: c.ApplicationCredentialSecret,
-			User:   user,
-		}
-	} else if c.UserName == "" && c.UserId == "" {
-		v3.Auth.Identity.Methods = []string{v3AuthMethodToken}
-		v3.Auth.Identity.Token = &v3AuthToken{Id: c.ApiKey}
-	} else {
-		v3.Auth.Identity.Methods = []string{v3AuthMethodPassword}
-		v3.Auth.Identity.Password = &v3AuthPassword{
-			User: v3User{
-				Name:     c.UserName,
-				Id:       c.UserId,
-				Password: c.ApiKey,
-			},
-		}
-
-		var domain *v3Domain
-
-		if c.Domain != "" {
-			domain = &v3Domain{Name: c.Domain}
-		} else if c.DomainId != "" {
-			domain = &v3Domain{Id: c.DomainId}
-		}
-		v3.Auth.Identity.Password.User.Domain = domain
-	}
-
-	if v3.Auth.Identity.Methods[0] != v3AuthMethodApplicationCredential {
-		if c.TrustId != "" {
-			v3.Auth.Scope = &v3Scope{Trust: &v3Trust{Id: c.TrustId}}
-		} else if c.TenantId != "" || c.Tenant != "" {
-
-			v3.Auth.Scope = &v3Scope{Project: &v3Project{}}
-
-			if c.TenantId != "" {
-				v3.Auth.Scope.Project.Id = c.TenantId
-			} else if c.Tenant != "" {
-				v3.Auth.Scope.Project.Name = c.Tenant
-				switch {
-				case c.TenantDomain != "":
-					v3.Auth.Scope.Project.Domain = &v3Domain{Name: c.TenantDomain}
-				case c.TenantDomainId != "":
-					v3.Auth.Scope.Project.Domain = &v3Domain{Id: c.TenantDomainId}
-				case c.Domain != "":
-					v3.Auth.Scope.Project.Domain = &v3Domain{Name: c.Domain}
-				case c.DomainId != "":
-					v3.Auth.Scope.Project.Domain = &v3Domain{Id: c.DomainId}
-				default:
-					v3.Auth.Scope.Project.Domain = &v3Domain{Name: "Default"}
-				}
-			}
-		}
-	}
-
-	v3i = v3
-
-	body, err := json.Marshal(v3i)
-
-	if err != nil {
-		return nil, err
-	}
-
-	url := c.AuthUrl
-	if !strings.HasSuffix(url, "/") {
-		url += "/"
-	}
-	url += "auth/tokens"
-	req, err := http.NewRequest("POST", url, bytes.NewBuffer(body))
-	if err != nil {
-		return nil, err
-	}
-	req.Header.Set("Content-Type", "application/json")
-	req.Header.Set("User-Agent", c.UserAgent)
-	return req, nil
-}
-
-func (auth *v3Auth) Response(resp *http.Response) error {
-	auth.Auth = &v3AuthResponse{}
-	auth.Headers = resp.Header
-	err := readJson(resp, auth.Auth)
-	return err
-}
-
-func (auth *v3Auth) endpointUrl(Type string, endpointType EndpointType) string {
-	for _, catalog := range auth.Auth.Token.Catalog {
-		if catalog.Type == Type {
-			for _, endpoint := range catalog.Endpoints {
-				if endpoint.Interface == endpointType && (auth.Region == "" || (auth.Region == endpoint.Region)) {
-					return endpoint.Url
-				}
-			}
-		}
-	}
-	return ""
-}
-
-func (auth *v3Auth) StorageUrl(Internal bool) string {
-	endpointType := EndpointTypePublic
-	if Internal {
-		endpointType = EndpointTypeInternal
-	}
-	return auth.StorageUrlForEndpoint(endpointType)
-}
-
-func (auth *v3Auth) StorageUrlForEndpoint(endpointType EndpointType) string {
-	return auth.endpointUrl("object-store", endpointType)
-}
-
-func (auth *v3Auth) Token() string {
-	return auth.Headers.Get("X-Subject-Token")
-}
-
-func (auth *v3Auth) Expires() time.Time {
-	t, err := time.Parse(time.RFC3339, auth.Auth.Token.ExpiresAt)
-	if err != nil {
-		return time.Time{} // return Zero if not parsed
-	}
-	return t
-}
-
-func (auth *v3Auth) CdnUrl() string {
-	return ""
-}
diff --git a/vendor/github.com/ncw/swift/compatibility_1_0.go b/vendor/github.com/ncw/swift/compatibility_1_0.go
deleted file mode 100644
index 7b69a757a..000000000
--- a/vendor/github.com/ncw/swift/compatibility_1_0.go
+++ /dev/null
@@ -1,28 +0,0 @@
-// Go 1.0 compatibility functions
-
-// +build !go1.1
-
-package swift
-
-import (
-	"log"
-	"net/http"
-	"time"
-)
-
-// Cancel the request - doesn't work under < go 1.1
-func cancelRequest(transport http.RoundTripper, req *http.Request) {
-	log.Printf("Tried to cancel a request but couldn't - recompile with go 1.1")
-}
-
-// Reset a timer - Doesn't work properly < go 1.1
-//
-// This is quite hard to do properly under go < 1.1 so we do a crude
-// approximation and hope that everyone upgrades to go 1.1 quickly
-func resetTimer(t *time.Timer, d time.Duration) {
-	t.Stop()
-	// Very likely this doesn't actually work if we are already
-	// selecting on t.C.  However we've stopped the original timer
-	// so won't break transfers but may not time them out :-(
-	*t = *time.NewTimer(d)
-}
diff --git a/vendor/github.com/ncw/swift/compatibility_1_1.go b/vendor/github.com/ncw/swift/compatibility_1_1.go
deleted file mode 100644
index a4f9c3ab2..000000000
--- a/vendor/github.com/ncw/swift/compatibility_1_1.go
+++ /dev/null
@@ -1,24 +0,0 @@
-// Go 1.1 and later compatibility functions
-//
-// +build go1.1
-
-package swift
-
-import (
-	"net/http"
-	"time"
-)
-
-// Cancel the request
-func cancelRequest(transport http.RoundTripper, req *http.Request) {
-	if tr, ok := transport.(interface {
-		CancelRequest(*http.Request)
-	}); ok {
-		tr.CancelRequest(req)
-	}
-}
-
-// Reset a timer
-func resetTimer(t *time.Timer, d time.Duration) {
-	t.Reset(d)
-}
diff --git a/vendor/github.com/ncw/swift/compatibility_1_6.go b/vendor/github.com/ncw/swift/compatibility_1_6.go
deleted file mode 100644
index b443d01d2..000000000
--- a/vendor/github.com/ncw/swift/compatibility_1_6.go
+++ /dev/null
@@ -1,23 +0,0 @@
-// +build go1.6
-
-package swift
-
-import (
-	"net/http"
-	"time"
-)
-
-const IS_AT_LEAST_GO_16 = true
-
-func SetExpectContinueTimeout(tr *http.Transport, t time.Duration) {
-	tr.ExpectContinueTimeout = t
-}
-
-func AddExpectAndTransferEncoding(req *http.Request, hasContentLength bool) {
-	if req.Body != nil {
-		req.Header.Add("Expect", "100-continue")
-	}
-	if !hasContentLength {
-		req.TransferEncoding = []string{"chunked"}
-	}
-}
diff --git a/vendor/github.com/ncw/swift/compatibility_not_1_6.go b/vendor/github.com/ncw/swift/compatibility_not_1_6.go
deleted file mode 100644
index aabb44e2b..000000000
--- a/vendor/github.com/ncw/swift/compatibility_not_1_6.go
+++ /dev/null
@@ -1,13 +0,0 @@
-// +build !go1.6
-
-package swift
-
-import (
-	"net/http"
-	"time"
-)
-
-const IS_AT_LEAST_GO_16 = false
-
-func SetExpectContinueTimeout(tr *http.Transport, t time.Duration)          {}
-func AddExpectAndTransferEncoding(req *http.Request, hasContentLength bool) {}
diff --git a/vendor/github.com/ncw/swift/dlo.go b/vendor/github.com/ncw/swift/dlo.go
deleted file mode 100644
index e2e2aa97e..000000000
--- a/vendor/github.com/ncw/swift/dlo.go
+++ /dev/null
@@ -1,136 +0,0 @@
-package swift
-
-import (
-	"os"
-)
-
-// DynamicLargeObjectCreateFile represents an open static large object
-type DynamicLargeObjectCreateFile struct {
-	largeObjectCreateFile
-}
-
-// DynamicLargeObjectCreateFile creates a dynamic large object
-// returning an object which satisfies io.Writer, io.Seeker, io.Closer
-// and io.ReaderFrom.  The flags are as passes to the
-// largeObjectCreate method.
-func (c *Connection) DynamicLargeObjectCreateFile(opts *LargeObjectOpts) (LargeObjectFile, error) {
-	lo, err := c.largeObjectCreate(opts)
-	if err != nil {
-		return nil, err
-	}
-
-	return withBuffer(opts, &DynamicLargeObjectCreateFile{
-		largeObjectCreateFile: *lo,
-	}), nil
-}
-
-// DynamicLargeObjectCreate creates or truncates an existing dynamic
-// large object returning a writeable object.  This sets opts.Flags to
-// an appropriate value before calling DynamicLargeObjectCreateFile
-func (c *Connection) DynamicLargeObjectCreate(opts *LargeObjectOpts) (LargeObjectFile, error) {
-	opts.Flags = os.O_TRUNC | os.O_CREATE
-	return c.DynamicLargeObjectCreateFile(opts)
-}
-
-// DynamicLargeObjectDelete deletes a dynamic large object and all of its segments.
-func (c *Connection) DynamicLargeObjectDelete(container string, path string) error {
-	return c.LargeObjectDelete(container, path)
-}
-
-// DynamicLargeObjectMove moves a dynamic large object from srcContainer, srcObjectName to dstContainer, dstObjectName
-func (c *Connection) DynamicLargeObjectMove(srcContainer string, srcObjectName string, dstContainer string, dstObjectName string) error {
-	info, headers, err := c.Object(dstContainer, srcObjectName)
-	if err != nil {
-		return err
-	}
-
-	segmentContainer, segmentPath := parseFullPath(headers["X-Object-Manifest"])
-	if err := c.createDLOManifest(dstContainer, dstObjectName, segmentContainer+"/"+segmentPath, info.ContentType); err != nil {
-		return err
-	}
-
-	if err := c.ObjectDelete(srcContainer, srcObjectName); err != nil {
-		return err
-	}
-
-	return nil
-}
-
-// createDLOManifest creates a dynamic large object manifest
-func (c *Connection) createDLOManifest(container string, objectName string, prefix string, contentType string) error {
-	headers := make(Headers)
-	headers["X-Object-Manifest"] = prefix
-	manifest, err := c.ObjectCreate(container, objectName, false, "", contentType, headers)
-	if err != nil {
-		return err
-	}
-
-	if err := manifest.Close(); err != nil {
-		return err
-	}
-
-	return nil
-}
-
-// Close satisfies the io.Closer interface
-func (file *DynamicLargeObjectCreateFile) Close() error {
-	return file.Flush()
-}
-
-func (file *DynamicLargeObjectCreateFile) Flush() error {
-	err := file.conn.createDLOManifest(file.container, file.objectName, file.segmentContainer+"/"+file.prefix, file.contentType)
-	if err != nil {
-		return err
-	}
-	return file.conn.waitForSegmentsToShowUp(file.container, file.objectName, file.Size())
-}
-
-func (c *Connection) getAllDLOSegments(segmentContainer, segmentPath string) ([]Object, error) {
-	//a simple container listing works 99.9% of the time
-	segments, err := c.ObjectsAll(segmentContainer, &ObjectsOpts{Prefix: segmentPath})
-	if err != nil {
-		return nil, err
-	}
-
-	hasObjectName := make(map[string]struct{})
-	for _, segment := range segments {
-		hasObjectName[segment.Name] = struct{}{}
-	}
-
-	//The container listing might be outdated (i.e. not contain all existing
-	//segment objects yet) because of temporary inconsistency (Swift is only
-	//eventually consistent!). Check its completeness.
-	segmentNumber := 0
-	for {
-		segmentNumber++
-		segmentName := getSegment(segmentPath, segmentNumber)
-		if _, seen := hasObjectName[segmentName]; seen {
-			continue
-		}
-
-		//This segment is missing in the container listing. Use a more reliable
-		//request to check its existence. (HEAD requests on segments are
-		//guaranteed to return the correct metadata, except for the pathological
-		//case of an outage of large parts of the Swift cluster or its network,
-		//since every segment is only written once.)
-		segment, _, err := c.Object(segmentContainer, segmentName)
-		switch err {
-		case nil:
-			//found new segment -> add it in the correct position and keep
-			//going, more might be missing
-			if segmentNumber <= len(segments) {
-				segments = append(segments[:segmentNumber], segments[segmentNumber-1:]...)
-				segments[segmentNumber-1] = segment
-			} else {
-				segments = append(segments, segment)
-			}
-			continue
-		case ObjectNotFound:
-			//This segment is missing. Since we upload segments sequentially,
-			//there won't be any more segments after it.
-			return segments, nil
-		default:
-			return nil, err //unexpected error
-		}
-	}
-}
diff --git a/vendor/github.com/ncw/swift/doc.go b/vendor/github.com/ncw/swift/doc.go
deleted file mode 100644
index 44efde7bf..000000000
--- a/vendor/github.com/ncw/swift/doc.go
+++ /dev/null
@@ -1,19 +0,0 @@
-/*
-Package swift provides an easy to use interface to Swift / Openstack Object Storage / Rackspace Cloud Files
-
-Standard Usage
-
-Most of the work is done through the Container*() and Object*() methods.
-
-All methods are safe to use concurrently in multiple go routines.
-
-Object Versioning
-
-As defined by http://docs.openstack.org/api/openstack-object-storage/1.0/content/Object_Versioning-e1e3230.html#d6e983 one can create a container which allows for version control of files.  The suggested method is to create a version container for holding all non-current files, and a current container for holding the latest version that the file points to.  The container and objects inside it can be used in the standard manner, however, pushing a file multiple times will result in it being copied to the version container and the new file put in it's place.  If the current file is deleted, the previous file in the version container will replace it.  This means that if a file is updated 5 times, it must be deleted 5 times to be completely removed from the system.
-
-Rackspace Sub Module
-
-This module specifically allows the enabling/disabling of Rackspace Cloud File CDN management on a container.  This is specific to the Rackspace API and not Swift/Openstack, therefore it has been placed in a submodule.  One can easily create a RsConnection and use it like the standard Connection to access and manipulate containers and objects.
-
-*/
-package swift
diff --git a/vendor/github.com/ncw/swift/largeobjects.go b/vendor/github.com/ncw/swift/largeobjects.go
deleted file mode 100644
index bec640b00..000000000
--- a/vendor/github.com/ncw/swift/largeobjects.go
+++ /dev/null
@@ -1,448 +0,0 @@
-package swift
-
-import (
-	"bufio"
-	"bytes"
-	"crypto/rand"
-	"crypto/sha1"
-	"encoding/hex"
-	"errors"
-	"fmt"
-	"io"
-	"os"
-	gopath "path"
-	"strconv"
-	"strings"
-	"time"
-)
-
-// NotLargeObject is returned if an operation is performed on an object which isn't large.
-var NotLargeObject = errors.New("Not a large object")
-
-// readAfterWriteTimeout defines the time we wait before an object appears after having been uploaded
-var readAfterWriteTimeout = 15 * time.Second
-
-// readAfterWriteWait defines the time to sleep between two retries
-var readAfterWriteWait = 200 * time.Millisecond
-
-// largeObjectCreateFile represents an open static or dynamic large object
-type largeObjectCreateFile struct {
-	conn             *Connection
-	container        string
-	objectName       string
-	currentLength    int64
-	filePos          int64
-	chunkSize        int64
-	segmentContainer string
-	prefix           string
-	contentType      string
-	checkHash        bool
-	segments         []Object
-	headers          Headers
-	minChunkSize     int64
-}
-
-func swiftSegmentPath(path string) (string, error) {
-	checksum := sha1.New()
-	random := make([]byte, 32)
-	if _, err := rand.Read(random); err != nil {
-		return "", err
-	}
-	path = hex.EncodeToString(checksum.Sum(append([]byte(path), random...)))
-	return strings.TrimLeft(strings.TrimRight("segments/"+path[0:3]+"/"+path[3:], "/"), "/"), nil
-}
-
-func getSegment(segmentPath string, partNumber int) string {
-	return fmt.Sprintf("%s/%016d", segmentPath, partNumber)
-}
-
-func parseFullPath(manifest string) (container string, prefix string) {
-	components := strings.SplitN(manifest, "/", 2)
-	container = components[0]
-	if len(components) > 1 {
-		prefix = components[1]
-	}
-	return container, prefix
-}
-
-func (headers Headers) IsLargeObjectDLO() bool {
-	_, isDLO := headers["X-Object-Manifest"]
-	return isDLO
-}
-
-func (headers Headers) IsLargeObjectSLO() bool {
-	_, isSLO := headers["X-Static-Large-Object"]
-	return isSLO
-}
-
-func (headers Headers) IsLargeObject() bool {
-	return headers.IsLargeObjectSLO() || headers.IsLargeObjectDLO()
-}
-
-func (c *Connection) getAllSegments(container string, path string, headers Headers) (string, []Object, error) {
-	if manifest, isDLO := headers["X-Object-Manifest"]; isDLO {
-		segmentContainer, segmentPath := parseFullPath(manifest)
-		segments, err := c.getAllDLOSegments(segmentContainer, segmentPath)
-		return segmentContainer, segments, err
-	}
-	if headers.IsLargeObjectSLO() {
-		return c.getAllSLOSegments(container, path)
-	}
-	return "", nil, NotLargeObject
-}
-
-// LargeObjectOpts describes how a large object should be created
-type LargeObjectOpts struct {
-	Container        string  // Name of container to place object
-	ObjectName       string  // Name of object
-	Flags            int     // Creation flags
-	CheckHash        bool    // If set Check the hash
-	Hash             string  // If set use this hash to check
-	ContentType      string  // Content-Type of the object
-	Headers          Headers // Additional headers to upload the object with
-	ChunkSize        int64   // Size of chunks of the object, defaults to 10MB if not set
-	MinChunkSize     int64   // Minimum chunk size, automatically set for SLO's based on info
-	SegmentContainer string  // Name of the container to place segments
-	SegmentPrefix    string  // Prefix to use for the segments
-	NoBuffer         bool    // Prevents using a bufio.Writer to write segments
-}
-
-type LargeObjectFile interface {
-	io.Writer
-	io.Seeker
-	io.Closer
-	Size() int64
-	Flush() error
-}
-
-// largeObjectCreate creates a large object at opts.Container, opts.ObjectName.
-//
-// opts.Flags can have the following bits set
-//   os.TRUNC  - remove the contents of the large object if it exists
-//   os.APPEND - write at the end of the large object
-func (c *Connection) largeObjectCreate(opts *LargeObjectOpts) (*largeObjectCreateFile, error) {
-	var (
-		segmentPath      string
-		segmentContainer string
-		segments         []Object
-		currentLength    int64
-		err              error
-	)
-
-	if opts.SegmentPrefix != "" {
-		segmentPath = opts.SegmentPrefix
-	} else if segmentPath, err = swiftSegmentPath(opts.ObjectName); err != nil {
-		return nil, err
-	}
-
-	if info, headers, err := c.Object(opts.Container, opts.ObjectName); err == nil {
-		if opts.Flags&os.O_TRUNC != 0 {
-			c.LargeObjectDelete(opts.Container, opts.ObjectName)
-		} else {
-			currentLength = info.Bytes
-			if headers.IsLargeObject() {
-				segmentContainer, segments, err = c.getAllSegments(opts.Container, opts.ObjectName, headers)
-				if err != nil {
-					return nil, err
-				}
-				if len(segments) > 0 {
-					segmentPath = gopath.Dir(segments[0].Name)
-				}
-			} else {
-				if err = c.ObjectMove(opts.Container, opts.ObjectName, opts.Container, getSegment(segmentPath, 1)); err != nil {
-					return nil, err
-				}
-				segments = append(segments, info)
-			}
-		}
-	} else if err != ObjectNotFound {
-		return nil, err
-	}
-
-	// segmentContainer is not empty when the manifest already existed
-	if segmentContainer == "" {
-		if opts.SegmentContainer != "" {
-			segmentContainer = opts.SegmentContainer
-		} else {
-			segmentContainer = opts.Container + "_segments"
-		}
-	}
-
-	file := &largeObjectCreateFile{
-		conn:             c,
-		checkHash:        opts.CheckHash,
-		container:        opts.Container,
-		objectName:       opts.ObjectName,
-		chunkSize:        opts.ChunkSize,
-		minChunkSize:     opts.MinChunkSize,
-		headers:          opts.Headers,
-		segmentContainer: segmentContainer,
-		prefix:           segmentPath,
-		segments:         segments,
-		currentLength:    currentLength,
-	}
-
-	if file.chunkSize == 0 {
-		file.chunkSize = 10 * 1024 * 1024
-	}
-
-	if file.minChunkSize > file.chunkSize {
-		file.chunkSize = file.minChunkSize
-	}
-
-	if opts.Flags&os.O_APPEND != 0 {
-		file.filePos = currentLength
-	}
-
-	return file, nil
-}
-
-// LargeObjectDelete deletes the large object named by container, path
-func (c *Connection) LargeObjectDelete(container string, objectName string) error {
-	_, headers, err := c.Object(container, objectName)
-	if err != nil {
-		return err
-	}
-
-	var objects [][]string
-	if headers.IsLargeObject() {
-		segmentContainer, segments, err := c.getAllSegments(container, objectName, headers)
-		if err != nil {
-			return err
-		}
-		for _, obj := range segments {
-			objects = append(objects, []string{segmentContainer, obj.Name})
-		}
-	}
-	objects = append(objects, []string{container, objectName})
-
-	info, err := c.cachedQueryInfo()
-	if err == nil && info.SupportsBulkDelete() && len(objects) > 0 {
-		filenames := make([]string, len(objects))
-		for i, obj := range objects {
-			filenames[i] = obj[0] + "/" + obj[1]
-		}
-		_, err = c.doBulkDelete(filenames)
-		// Don't fail on ObjectNotFound because eventual consistency
-		// makes this situation normal.
-		if err != nil && err != Forbidden && err != ObjectNotFound {
-			return err
-		}
-	} else {
-		for _, obj := range objects {
-			if err := c.ObjectDelete(obj[0], obj[1]); err != nil {
-				return err
-			}
-		}
-	}
-
-	return nil
-}
-
-// LargeObjectGetSegments returns all the segments that compose an object
-// If the object is a Dynamic Large Object (DLO), it just returns the objects
-// that have the prefix as indicated by the manifest.
-// If the object is a Static Large Object (SLO), it retrieves the JSON content
-// of the manifest and return all the segments of it.
-func (c *Connection) LargeObjectGetSegments(container string, path string) (string, []Object, error) {
-	_, headers, err := c.Object(container, path)
-	if err != nil {
-		return "", nil, err
-	}
-
-	return c.getAllSegments(container, path, headers)
-}
-
-// Seek sets the offset for the next write operation
-func (file *largeObjectCreateFile) Seek(offset int64, whence int) (int64, error) {
-	switch whence {
-	case 0:
-		file.filePos = offset
-	case 1:
-		file.filePos += offset
-	case 2:
-		file.filePos = file.currentLength + offset
-	default:
-		return -1, fmt.Errorf("invalid value for whence")
-	}
-	if file.filePos < 0 {
-		return -1, fmt.Errorf("negative offset")
-	}
-	return file.filePos, nil
-}
-
-func (file *largeObjectCreateFile) Size() int64 {
-	return file.currentLength
-}
-
-func withLORetry(expectedSize int64, fn func() (Headers, int64, error)) (err error) {
-	endTimer := time.NewTimer(readAfterWriteTimeout)
-	defer endTimer.Stop()
-	waitingTime := readAfterWriteWait
-	for {
-		var headers Headers
-		var sz int64
-		if headers, sz, err = fn(); err == nil {
-			if !headers.IsLargeObjectDLO() || (expectedSize == 0 && sz > 0) || expectedSize == sz {
-				return
-			}
-		} else {
-			return
-		}
-		waitTimer := time.NewTimer(waitingTime)
-		select {
-		case <-endTimer.C:
-			waitTimer.Stop()
-			err = fmt.Errorf("Timeout expired while waiting for object to have size == %d, got: %d", expectedSize, sz)
-			return
-		case <-waitTimer.C:
-			waitingTime *= 2
-		}
-	}
-}
-
-func (c *Connection) waitForSegmentsToShowUp(container, objectName string, expectedSize int64) (err error) {
-	err = withLORetry(expectedSize, func() (Headers, int64, error) {
-		var info Object
-		var headers Headers
-		info, headers, err = c.objectBase(container, objectName)
-		if err != nil {
-			return headers, 0, err
-		}
-		return headers, info.Bytes, nil
-	})
-	return
-}
-
-// Write satisfies the io.Writer interface
-func (file *largeObjectCreateFile) Write(buf []byte) (int, error) {
-	var sz int64
-	var relativeFilePos int
-	writeSegmentIdx := 0
-	for i, obj := range file.segments {
-		if file.filePos < sz+obj.Bytes || (i == len(file.segments)-1 && file.filePos < sz+file.minChunkSize) {
-			relativeFilePos = int(file.filePos - sz)
-			break
-		}
-		writeSegmentIdx++
-		sz += obj.Bytes
-	}
-	sizeToWrite := len(buf)
-	for offset := 0; offset < sizeToWrite; {
-		newSegment, n, err := file.writeSegment(buf[offset:], writeSegmentIdx, relativeFilePos)
-		if err != nil {
-			return 0, err
-		}
-		if writeSegmentIdx < len(file.segments) {
-			file.segments[writeSegmentIdx] = *newSegment
-		} else {
-			file.segments = append(file.segments, *newSegment)
-		}
-		offset += n
-		writeSegmentIdx++
-		relativeFilePos = 0
-	}
-	file.filePos += int64(sizeToWrite)
-	file.currentLength = 0
-	for _, obj := range file.segments {
-		file.currentLength += obj.Bytes
-	}
-	return sizeToWrite, nil
-}
-
-func (file *largeObjectCreateFile) writeSegment(buf []byte, writeSegmentIdx int, relativeFilePos int) (*Object, int, error) {
-	var (
-		readers         []io.Reader
-		existingSegment *Object
-		segmentSize     int
-	)
-	segmentName := getSegment(file.prefix, writeSegmentIdx+1)
-	sizeToRead := int(file.chunkSize)
-	if writeSegmentIdx < len(file.segments) {
-		existingSegment = &file.segments[writeSegmentIdx]
-		if writeSegmentIdx != len(file.segments)-1 {
-			sizeToRead = int(existingSegment.Bytes)
-		}
-		if relativeFilePos > 0 {
-			headers := make(Headers)
-			headers["Range"] = "bytes=0-" + strconv.FormatInt(int64(relativeFilePos-1), 10)
-			existingSegmentReader, _, err := file.conn.ObjectOpen(file.segmentContainer, segmentName, true, headers)
-			if err != nil {
-				return nil, 0, err
-			}
-			defer existingSegmentReader.Close()
-			sizeToRead -= relativeFilePos
-			segmentSize += relativeFilePos
-			readers = []io.Reader{existingSegmentReader}
-		}
-	}
-	if sizeToRead > len(buf) {
-		sizeToRead = len(buf)
-	}
-	segmentSize += sizeToRead
-	readers = append(readers, bytes.NewReader(buf[:sizeToRead]))
-	if existingSegment != nil && segmentSize < int(existingSegment.Bytes) {
-		headers := make(Headers)
-		headers["Range"] = "bytes=" + strconv.FormatInt(int64(segmentSize), 10) + "-"
-		tailSegmentReader, _, err := file.conn.ObjectOpen(file.segmentContainer, segmentName, true, headers)
-		if err != nil {
-			return nil, 0, err
-		}
-		defer tailSegmentReader.Close()
-		segmentSize = int(existingSegment.Bytes)
-		readers = append(readers, tailSegmentReader)
-	}
-	segmentReader := io.MultiReader(readers...)
-	headers, err := file.conn.ObjectPut(file.segmentContainer, segmentName, segmentReader, true, "", file.contentType, nil)
-	if err != nil {
-		return nil, 0, err
-	}
-	return &Object{Name: segmentName, Bytes: int64(segmentSize), Hash: headers["Etag"]}, sizeToRead, nil
-}
-
-func withBuffer(opts *LargeObjectOpts, lo LargeObjectFile) LargeObjectFile {
-	if !opts.NoBuffer {
-		return &bufferedLargeObjectFile{
-			LargeObjectFile: lo,
-			bw:              bufio.NewWriterSize(lo, int(opts.ChunkSize)),
-		}
-	}
-	return lo
-}
-
-type bufferedLargeObjectFile struct {
-	LargeObjectFile
-	bw *bufio.Writer
-}
-
-func (blo *bufferedLargeObjectFile) Close() error {
-	err := blo.bw.Flush()
-	if err != nil {
-		return err
-	}
-	return blo.LargeObjectFile.Close()
-}
-
-func (blo *bufferedLargeObjectFile) Write(p []byte) (n int, err error) {
-	return blo.bw.Write(p)
-}
-
-func (blo *bufferedLargeObjectFile) Seek(offset int64, whence int) (int64, error) {
-	err := blo.bw.Flush()
-	if err != nil {
-		return 0, err
-	}
-	return blo.LargeObjectFile.Seek(offset, whence)
-}
-
-func (blo *bufferedLargeObjectFile) Size() int64 {
-	return blo.LargeObjectFile.Size() + int64(blo.bw.Buffered())
-}
-
-func (blo *bufferedLargeObjectFile) Flush() error {
-	err := blo.bw.Flush()
-	if err != nil {
-		return err
-	}
-	return blo.LargeObjectFile.Flush()
-}
diff --git a/vendor/github.com/ncw/swift/meta.go b/vendor/github.com/ncw/swift/meta.go
deleted file mode 100644
index 7e149e139..000000000
--- a/vendor/github.com/ncw/swift/meta.go
+++ /dev/null
@@ -1,174 +0,0 @@
-// Metadata manipulation in and out of Headers
-
-package swift
-
-import (
-	"fmt"
-	"net/http"
-	"strconv"
-	"strings"
-	"time"
-)
-
-// Metadata stores account, container or object metadata.
-type Metadata map[string]string
-
-// Metadata gets the Metadata starting with the metaPrefix out of the Headers.
-//
-// The keys in the Metadata will be converted to lower case
-func (h Headers) Metadata(metaPrefix string) Metadata {
-	m := Metadata{}
-	metaPrefix = http.CanonicalHeaderKey(metaPrefix)
-	for key, value := range h {
-		if strings.HasPrefix(key, metaPrefix) {
-			metaKey := strings.ToLower(key[len(metaPrefix):])
-			m[metaKey] = value
-		}
-	}
-	return m
-}
-
-// AccountMetadata converts Headers from account to a Metadata.
-//
-// The keys in the Metadata will be converted to lower case.
-func (h Headers) AccountMetadata() Metadata {
-	return h.Metadata("X-Account-Meta-")
-}
-
-// ContainerMetadata converts Headers from container to a Metadata.
-//
-// The keys in the Metadata will be converted to lower case.
-func (h Headers) ContainerMetadata() Metadata {
-	return h.Metadata("X-Container-Meta-")
-}
-
-// ObjectMetadata converts Headers from object to a Metadata.
-//
-// The keys in the Metadata will be converted to lower case.
-func (h Headers) ObjectMetadata() Metadata {
-	return h.Metadata("X-Object-Meta-")
-}
-
-// Headers convert the Metadata starting with the metaPrefix into a
-// Headers.
-//
-// The keys in the Metadata will be converted from lower case to http
-// Canonical (see http.CanonicalHeaderKey).
-func (m Metadata) Headers(metaPrefix string) Headers {
-	h := Headers{}
-	for key, value := range m {
-		key = http.CanonicalHeaderKey(metaPrefix + key)
-		h[key] = value
-	}
-	return h
-}
-
-// AccountHeaders converts the Metadata for the account.
-func (m Metadata) AccountHeaders() Headers {
-	return m.Headers("X-Account-Meta-")
-}
-
-// ContainerHeaders converts the Metadata for the container.
-func (m Metadata) ContainerHeaders() Headers {
-	return m.Headers("X-Container-Meta-")
-}
-
-// ObjectHeaders converts the Metadata for the object.
-func (m Metadata) ObjectHeaders() Headers {
-	return m.Headers("X-Object-Meta-")
-}
-
-// Turns a number of ns into a floating point string in seconds
-//
-// Trims trailing zeros and guaranteed to be perfectly accurate
-func nsToFloatString(ns int64) string {
-	if ns < 0 {
-		return "-" + nsToFloatString(-ns)
-	}
-	result := fmt.Sprintf("%010d", ns)
-	split := len(result) - 9
-	result, decimals := result[:split], result[split:]
-	decimals = strings.TrimRight(decimals, "0")
-	if decimals != "" {
-		result += "."
-		result += decimals
-	}
-	return result
-}
-
-// Turns a floating point string in seconds into a ns integer
-//
-// Guaranteed to be perfectly accurate
-func floatStringToNs(s string) (int64, error) {
-	const zeros = "000000000"
-	if point := strings.IndexRune(s, '.'); point >= 0 {
-		tail := s[point+1:]
-		if fill := 9 - len(tail); fill < 0 {
-			tail = tail[:9]
-		} else {
-			tail += zeros[:fill]
-		}
-		s = s[:point] + tail
-	} else if len(s) > 0 { // Make sure empty string produces an error
-		s += zeros
-	}
-	return strconv.ParseInt(s, 10, 64)
-}
-
-// FloatStringToTime converts a floating point number string to a time.Time
-//
-// The string is floating point number of seconds since the epoch
-// (Unix time).  The number should be in fixed point format (not
-// exponential), eg "1354040105.123456789" which represents the time
-// "2012-11-27T18:15:05.123456789Z"
-//
-// Some care is taken to preserve all the accuracy in the time.Time
-// (which wouldn't happen with a naive conversion through float64) so
-// a round trip conversion won't change the data.
-//
-// If an error is returned then time will be returned as the zero time.
-func FloatStringToTime(s string) (t time.Time, err error) {
-	ns, err := floatStringToNs(s)
-	if err != nil {
-		return
-	}
-	t = time.Unix(0, ns)
-	return
-}
-
-// TimeToFloatString converts a time.Time object to a floating point string
-//
-// The string is floating point number of seconds since the epoch
-// (Unix time).  The number is in fixed point format (not
-// exponential), eg "1354040105.123456789" which represents the time
-// "2012-11-27T18:15:05.123456789Z".  Trailing zeros will be dropped
-// from the output.
-//
-// Some care is taken to preserve all the accuracy in the time.Time
-// (which wouldn't happen with a naive conversion through float64) so
-// a round trip conversion won't change the data.
-func TimeToFloatString(t time.Time) string {
-	return nsToFloatString(t.UnixNano())
-}
-
-// GetModTime reads a modification time (mtime) from a Metadata object
-//
-// This is a defacto standard (used in the official python-swiftclient
-// amongst others) for storing the modification time (as read using
-// os.Stat) for an object.  It is stored using the key 'mtime', which
-// for example when written to an object will be 'X-Object-Meta-Mtime'.
-//
-// If an error is returned then time will be returned as the zero time.
-func (m Metadata) GetModTime() (t time.Time, err error) {
-	return FloatStringToTime(m["mtime"])
-}
-
-// SetModTime writes an modification time (mtime) to a Metadata object
-//
-// This is a defacto standard (used in the official python-swiftclient
-// amongst others) for storing the modification time (as read using
-// os.Stat) for an object.  It is stored using the key 'mtime', which
-// for example when written to an object will be 'X-Object-Meta-Mtime'.
-func (m Metadata) SetModTime(t time.Time) {
-	m["mtime"] = TimeToFloatString(t)
-}
diff --git a/vendor/github.com/ncw/swift/notes.txt b/vendor/github.com/ncw/swift/notes.txt
deleted file mode 100644
index f738552cd..000000000
--- a/vendor/github.com/ncw/swift/notes.txt
+++ /dev/null
@@ -1,55 +0,0 @@
-Notes on Go Swift
-=================
-
-Make a builder style interface like the Google Go APIs?  Advantages
-are that it is easy to add named methods to the service object to do
-specific things.  Slightly less efficient.  Not sure about how to
-return extra stuff though - in an object?
-
-Make a container struct so these could be methods on it?
-
-Make noResponse check for 204?
-
-Make storage public so it can be extended easily?
-
-Rename to go-swift to match user agent string?
-
-Reconnect on auth error - 401 when token expires isn't tested
-
-Make more api compatible with python cloudfiles?
-
-Retry operations on timeout / network errors?
-- also 408 error
-- GET requests only?
-
-Make Connection thread safe - whenever it is changed take a write lock whenever it is read from a read lock
-
-Add extra headers field to Connection (for via etc)
-
-Make errors use an error heirachy then can catch them with a type assertion
-
- Error(...)
- ObjectCorrupted{ Error }
-
-Make a Debug flag in connection for logging stuff
-
-Object If-Match, If-None-Match, If-Modified-Since, If-Unmodified-Since etc
-
-Object range
-
-Object create, update with X-Delete-At or X-Delete-After
-
-Large object support
-- check uploads are less than 5GB in normal mode?
-
-Access control CORS?
-
-Swift client retries and backs off for all types of errors
-
-Implement net error interface?
-
-type Error interface {
-    error
-    Timeout() bool   // Is the error a timeout?
-    Temporary() bool // Is the error temporary?
-}
diff --git a/vendor/github.com/ncw/swift/slo.go b/vendor/github.com/ncw/swift/slo.go
deleted file mode 100644
index 6a10ddfc0..000000000
--- a/vendor/github.com/ncw/swift/slo.go
+++ /dev/null
@@ -1,171 +0,0 @@
-package swift
-
-import (
-	"bytes"
-	"encoding/json"
-	"errors"
-	"fmt"
-	"io/ioutil"
-	"net/url"
-	"os"
-)
-
-// StaticLargeObjectCreateFile represents an open static large object
-type StaticLargeObjectCreateFile struct {
-	largeObjectCreateFile
-}
-
-var SLONotSupported = errors.New("SLO not supported")
-
-type swiftSegment struct {
-	Path string `json:"path,omitempty"`
-	Etag string `json:"etag,omitempty"`
-	Size int64  `json:"size_bytes,omitempty"`
-	// When uploading a manifest, the attributes must be named `path`, `etag` and `size_bytes`
-	// but when querying the JSON content of a manifest with the `multipart-manifest=get`
-	// parameter, Swift names those attributes `name`, `hash` and `bytes`.
-	// We use all the different attributes names in this structure to be able to use
-	// the same structure for both uploading and retrieving.
-	Name         string `json:"name,omitempty"`
-	Hash         string `json:"hash,omitempty"`
-	Bytes        int64  `json:"bytes,omitempty"`
-	ContentType  string `json:"content_type,omitempty"`
-	LastModified string `json:"last_modified,omitempty"`
-}
-
-// StaticLargeObjectCreateFile creates a static large object returning
-// an object which satisfies io.Writer, io.Seeker, io.Closer and
-// io.ReaderFrom.  The flags are as passed to the largeObjectCreate
-// method.
-func (c *Connection) StaticLargeObjectCreateFile(opts *LargeObjectOpts) (LargeObjectFile, error) {
-	info, err := c.cachedQueryInfo()
-	if err != nil || !info.SupportsSLO() {
-		return nil, SLONotSupported
-	}
-	realMinChunkSize := info.SLOMinSegmentSize()
-	if realMinChunkSize > opts.MinChunkSize {
-		opts.MinChunkSize = realMinChunkSize
-	}
-	lo, err := c.largeObjectCreate(opts)
-	if err != nil {
-		return nil, err
-	}
-	return withBuffer(opts, &StaticLargeObjectCreateFile{
-		largeObjectCreateFile: *lo,
-	}), nil
-}
-
-// StaticLargeObjectCreate creates or truncates an existing static
-// large object returning a writeable object. This sets opts.Flags to
-// an appropriate value before calling StaticLargeObjectCreateFile
-func (c *Connection) StaticLargeObjectCreate(opts *LargeObjectOpts) (LargeObjectFile, error) {
-	opts.Flags = os.O_TRUNC | os.O_CREATE
-	return c.StaticLargeObjectCreateFile(opts)
-}
-
-// StaticLargeObjectDelete deletes a static large object and all of its segments.
-func (c *Connection) StaticLargeObjectDelete(container string, path string) error {
-	info, err := c.cachedQueryInfo()
-	if err != nil || !info.SupportsSLO() {
-		return SLONotSupported
-	}
-	return c.LargeObjectDelete(container, path)
-}
-
-// StaticLargeObjectMove moves a static large object from srcContainer, srcObjectName to dstContainer, dstObjectName
-func (c *Connection) StaticLargeObjectMove(srcContainer string, srcObjectName string, dstContainer string, dstObjectName string) error {
-	swiftInfo, err := c.cachedQueryInfo()
-	if err != nil || !swiftInfo.SupportsSLO() {
-		return SLONotSupported
-	}
-	info, headers, err := c.Object(srcContainer, srcObjectName)
-	if err != nil {
-		return err
-	}
-
-	container, segments, err := c.getAllSegments(srcContainer, srcObjectName, headers)
-	if err != nil {
-		return err
-	}
-
-	//copy only metadata during move (other headers might not be safe for copying)
-	headers = headers.ObjectMetadata().ObjectHeaders()
-
-	if err := c.createSLOManifest(dstContainer, dstObjectName, info.ContentType, container, segments, headers); err != nil {
-		return err
-	}
-
-	if err := c.ObjectDelete(srcContainer, srcObjectName); err != nil {
-		return err
-	}
-
-	return nil
-}
-
-// createSLOManifest creates a static large object manifest
-func (c *Connection) createSLOManifest(container string, path string, contentType string, segmentContainer string, segments []Object, h Headers) error {
-	sloSegments := make([]swiftSegment, len(segments))
-	for i, segment := range segments {
-		sloSegments[i].Path = fmt.Sprintf("%s/%s", segmentContainer, segment.Name)
-		sloSegments[i].Etag = segment.Hash
-		sloSegments[i].Size = segment.Bytes
-	}
-
-	content, err := json.Marshal(sloSegments)
-	if err != nil {
-		return err
-	}
-
-	values := url.Values{}
-	values.Set("multipart-manifest", "put")
-	if _, err := c.objectPut(container, path, bytes.NewBuffer(content), false, "", contentType, h, values); err != nil {
-		return err
-	}
-
-	return nil
-}
-
-func (file *StaticLargeObjectCreateFile) Close() error {
-	return file.Flush()
-}
-
-func (file *StaticLargeObjectCreateFile) Flush() error {
-	if err := file.conn.createSLOManifest(file.container, file.objectName, file.contentType, file.segmentContainer, file.segments, file.headers); err != nil {
-		return err
-	}
-	return file.conn.waitForSegmentsToShowUp(file.container, file.objectName, file.Size())
-}
-
-func (c *Connection) getAllSLOSegments(container, path string) (string, []Object, error) {
-	var (
-		segmentList      []swiftSegment
-		segments         []Object
-		segPath          string
-		segmentContainer string
-	)
-
-	values := url.Values{}
-	values.Set("multipart-manifest", "get")
-
-	file, _, err := c.objectOpen(container, path, true, nil, values)
-	if err != nil {
-		return "", nil, err
-	}
-
-	content, err := ioutil.ReadAll(file)
-	if err != nil {
-		return "", nil, err
-	}
-
-	json.Unmarshal(content, &segmentList)
-	for _, segment := range segmentList {
-		segmentContainer, segPath = parseFullPath(segment.Name[1:])
-		segments = append(segments, Object{
-			Name:  segPath,
-			Bytes: segment.Bytes,
-			Hash:  segment.Hash,
-		})
-	}
-
-	return segmentContainer, segments, nil
-}
diff --git a/vendor/github.com/ncw/swift/swift.go b/vendor/github.com/ncw/swift/swift.go
deleted file mode 100644
index 72ede2493..000000000
--- a/vendor/github.com/ncw/swift/swift.go
+++ /dev/null
@@ -1,2243 +0,0 @@
-package swift
-
-import (
-	"bufio"
-	"bytes"
-	"crypto/hmac"
-	"crypto/md5"
-	"crypto/sha1"
-	"encoding/hex"
-	"encoding/json"
-	"fmt"
-	"hash"
-	"io"
-	"io/ioutil"
-	"mime"
-	"net/http"
-	"net/url"
-	"os"
-	"path"
-	"strconv"
-	"strings"
-	"sync"
-	"time"
-)
-
-const (
-	DefaultUserAgent    = "goswift/1.0"         // Default user agent
-	DefaultRetries      = 3                     // Default number of retries on token expiry
-	TimeFormat          = "2006-01-02T15:04:05" // Python date format for json replies parsed as UTC
-	UploadTar           = "tar"                 // Data format specifier for Connection.BulkUpload().
-	UploadTarGzip       = "tar.gz"              // Data format specifier for Connection.BulkUpload().
-	UploadTarBzip2      = "tar.bz2"             // Data format specifier for Connection.BulkUpload().
-	allContainersLimit  = 10000                 // Number of containers to fetch at once
-	allObjectsLimit     = 10000                 // Number objects to fetch at once
-	allObjectsChanLimit = 1000                  // ...when fetching to a channel
-)
-
-// ObjectType is the type of the swift object, regular, static large,
-// or dynamic large.
-type ObjectType int
-
-// Values that ObjectType can take
-const (
-	RegularObjectType ObjectType = iota
-	StaticLargeObjectType
-	DynamicLargeObjectType
-)
-
-// Connection holds the details of the connection to the swift server.
-//
-// You need to provide UserName, ApiKey and AuthUrl when you create a
-// connection then call Authenticate on it.
-//
-// The auth version in use will be detected from the AuthURL - you can
-// override this with the AuthVersion parameter.
-//
-// If using v2 auth you can also set Region in the Connection
-// structure.  If you don't set Region you will get the default region
-// which may not be what you want.
-//
-// For reference some common AuthUrls looks like this:
-//
-//  Rackspace US        https://auth.api.rackspacecloud.com/v1.0
-//  Rackspace UK        https://lon.auth.api.rackspacecloud.com/v1.0
-//  Rackspace v2        https://identity.api.rackspacecloud.com/v2.0
-//  Memset Memstore UK  https://auth.storage.memset.com/v1.0
-//  Memstore v2         https://auth.storage.memset.com/v2.0
-//
-// When using Google Appengine you must provide the Connection with an
-// appengine-specific Transport:
-//
-//	import (
-//		"appengine/urlfetch"
-//		"fmt"
-//		"github.com/ncw/swift"
-//	)
-//
-//	func handler(w http.ResponseWriter, r *http.Request) {
-//		ctx := appengine.NewContext(r)
-//		tr := urlfetch.Transport{Context: ctx}
-//		c := swift.Connection{
-//			UserName:  "user",
-//			ApiKey:    "key",
-//			AuthUrl:   "auth_url",
-//			Transport: tr,
-//		}
-//		_ := c.Authenticate()
-//		containers, _ := c.ContainerNames(nil)
-//		fmt.Fprintf(w, "containers: %q", containers)
-//	}
-//
-// If you don't supply a Transport, one is made which relies on
-// http.ProxyFromEnvironment (http://golang.org/pkg/net/http/#ProxyFromEnvironment).
-// This means that the connection will respect the HTTP proxy specified by the
-// environment variables $HTTP_PROXY and $NO_PROXY.
-type Connection struct {
-	// Parameters - fill these in before calling Authenticate
-	// They are all optional except UserName, ApiKey and AuthUrl
-	Domain                      string            // User's domain name
-	DomainId                    string            // User's domain Id
-	UserName                    string            // UserName for api
-	UserId                      string            // User Id
-	ApiKey                      string            // Key for api access
-	ApplicationCredentialId     string            // Application Credential ID
-	ApplicationCredentialName   string            // Application Credential Name
-	ApplicationCredentialSecret string            // Application Credential Secret
-	AuthUrl                     string            // Auth URL
-	Retries                     int               // Retries on error (default is 3)
-	UserAgent                   string            // Http User agent (default goswift/1.0)
-	ConnectTimeout              time.Duration     // Connect channel timeout (default 10s)
-	Timeout                     time.Duration     // Data channel timeout (default 60s)
-	Region                      string            // Region to use eg "LON", "ORD" - default is use first region (v2,v3 auth only)
-	AuthVersion                 int               // Set to 1, 2 or 3 or leave at 0 for autodetect
-	Internal                    bool              // Set this to true to use the the internal / service network
-	Tenant                      string            // Name of the tenant (v2,v3 auth only)
-	TenantId                    string            // Id of the tenant (v2,v3 auth only)
-	EndpointType                EndpointType      // Endpoint type (v2,v3 auth only) (default is public URL unless Internal is set)
-	TenantDomain                string            // Name of the tenant's domain (v3 auth only), only needed if it differs from the user domain
-	TenantDomainId              string            // Id of the tenant's domain (v3 auth only), only needed if it differs the from user domain
-	TrustId                     string            // Id of the trust (v3 auth only)
-	Transport                   http.RoundTripper `json:"-" xml:"-"` // Optional specialised http.Transport (eg. for Google Appengine)
-	// These are filled in after Authenticate is called as are the defaults for above
-	StorageUrl string
-	AuthToken  string
-	Expires    time.Time // time the token expires, may be Zero if unknown
-	client     *http.Client
-	Auth       Authenticator `json:"-" xml:"-"` // the current authenticator
-	authLock   sync.Mutex    // lock when R/W StorageUrl, AuthToken, Auth
-	// swiftInfo is filled after QueryInfo is called
-	swiftInfo SwiftInfo
-}
-
-// setFromEnv reads the value that param points to (it must be a
-// pointer), if it isn't the zero value then it reads the environment
-// variable name passed in, parses it according to the type and writes
-// it to the pointer.
-func setFromEnv(param interface{}, name string) (err error) {
-	val := os.Getenv(name)
-	if val == "" {
-		return
-	}
-	switch result := param.(type) {
-	case *string:
-		if *result == "" {
-			*result = val
-		}
-	case *int:
-		if *result == 0 {
-			*result, err = strconv.Atoi(val)
-		}
-	case *bool:
-		if *result == false {
-			*result, err = strconv.ParseBool(val)
-		}
-	case *time.Duration:
-		if *result == 0 {
-			*result, err = time.ParseDuration(val)
-		}
-	case *EndpointType:
-		if *result == EndpointType("") {
-			*result = EndpointType(val)
-		}
-	default:
-		return newErrorf(0, "can't set var of type %T", param)
-	}
-	return err
-}
-
-// ApplyEnvironment reads environment variables and applies them to
-// the Connection structure.  It won't overwrite any parameters which
-// are already set in the Connection struct.
-//
-// To make a new Connection object entirely from the environment you
-// would do:
-//
-//    c := new(Connection)
-//    err := c.ApplyEnvironment()
-//    if err != nil { log.Fatal(err) }
-//
-// The naming of these variables follows the official Openstack naming
-// scheme so it should be compatible with OpenStack rc files.
-//
-// For v1 authentication (obsolete)
-//     ST_AUTH - Auth URL
-//     ST_USER - UserName for api
-//     ST_KEY - Key for api access
-//
-// For v2 authentication
-//     OS_AUTH_URL - Auth URL
-//     OS_USERNAME - UserName for api
-//     OS_PASSWORD - Key for api access
-//     OS_TENANT_NAME - Name of the tenant
-//     OS_TENANT_ID   - Id of the tenant
-//     OS_REGION_NAME - Region to use - default is use first region
-//
-// For v3 authentication
-//     OS_AUTH_URL - Auth URL
-//     OS_USERNAME - UserName for api
-//     OS_USER_ID - User Id
-//     OS_PASSWORD - Key for api access
-//     OS_APPLICATION_CREDENTIAL_ID - Application Credential ID
-//     OS_APPLICATION_CREDENTIAL_NAME - Application Credential Name
-//     OS_APPLICATION_CREDENTIAL_SECRET - Application Credential Secret
-//     OS_USER_DOMAIN_NAME - User's domain name
-//     OS_USER_DOMAIN_ID - User's domain Id
-//     OS_PROJECT_NAME - Name of the project
-//     OS_PROJECT_DOMAIN_NAME - Name of the tenant's domain, only needed if it differs from the user domain
-//     OS_PROJECT_DOMAIN_ID - Id of the tenant's domain, only needed if it differs the from user domain
-//     OS_TRUST_ID - If of the trust
-//     OS_REGION_NAME - Region to use - default is use first region
-//
-// Other
-//     OS_ENDPOINT_TYPE - Endpoint type public, internal or admin
-//     ST_AUTH_VERSION - Choose auth version - 1, 2 or 3 or leave at 0 for autodetect
-//
-// For manual authentication
-//     OS_STORAGE_URL - storage URL from alternate authentication
-//     OS_AUTH_TOKEN - Auth Token from alternate authentication
-//
-// Library specific
-//     GOSWIFT_RETRIES - Retries on error (default is 3)
-//     GOSWIFT_USER_AGENT - HTTP User agent (default goswift/1.0)
-//     GOSWIFT_CONNECT_TIMEOUT - Connect channel timeout with unit, eg "10s", "100ms" (default "10s")
-//     GOSWIFT_TIMEOUT - Data channel timeout with unit, eg "10s", "100ms" (default "60s")
-//     GOSWIFT_INTERNAL - Set this to "true" to use the the internal network (obsolete - use OS_ENDPOINT_TYPE)
-func (c *Connection) ApplyEnvironment() (err error) {
-	for _, item := range []struct {
-		result interface{}
-		name   string
-	}{
-		// Environment variables - keep in same order as Connection
-		{&c.Domain, "OS_USER_DOMAIN_NAME"},
-		{&c.DomainId, "OS_USER_DOMAIN_ID"},
-		{&c.UserName, "OS_USERNAME"},
-		{&c.UserId, "OS_USER_ID"},
-		{&c.ApiKey, "OS_PASSWORD"},
-		{&c.ApplicationCredentialId, "OS_APPLICATION_CREDENTIAL_ID"},
-		{&c.ApplicationCredentialName, "OS_APPLICATION_CREDENTIAL_NAME"},
-		{&c.ApplicationCredentialSecret, "OS_APPLICATION_CREDENTIAL_SECRET"},
-		{&c.AuthUrl, "OS_AUTH_URL"},
-		{&c.Retries, "GOSWIFT_RETRIES"},
-		{&c.UserAgent, "GOSWIFT_USER_AGENT"},
-		{&c.ConnectTimeout, "GOSWIFT_CONNECT_TIMEOUT"},
-		{&c.Timeout, "GOSWIFT_TIMEOUT"},
-		{&c.Region, "OS_REGION_NAME"},
-		{&c.AuthVersion, "ST_AUTH_VERSION"},
-		{&c.Internal, "GOSWIFT_INTERNAL"},
-		{&c.Tenant, "OS_TENANT_NAME"},  //v2
-		{&c.Tenant, "OS_PROJECT_NAME"}, // v3
-		{&c.TenantId, "OS_TENANT_ID"},
-		{&c.EndpointType, "OS_ENDPOINT_TYPE"},
-		{&c.TenantDomain, "OS_PROJECT_DOMAIN_NAME"},
-		{&c.TenantDomainId, "OS_PROJECT_DOMAIN_ID"},
-		{&c.TrustId, "OS_TRUST_ID"},
-		{&c.StorageUrl, "OS_STORAGE_URL"},
-		{&c.AuthToken, "OS_AUTH_TOKEN"},
-		// v1 auth alternatives
-		{&c.ApiKey, "ST_KEY"},
-		{&c.UserName, "ST_USER"},
-		{&c.AuthUrl, "ST_AUTH"},
-	} {
-		err = setFromEnv(item.result, item.name)
-		if err != nil {
-			return newErrorf(0, "failed to read env var %q: %v", item.name, err)
-		}
-	}
-	return nil
-}
-
-// Error - all errors generated by this package are of this type.  Other error
-// may be passed on from library functions though.
-type Error struct {
-	StatusCode int // HTTP status code if relevant or 0 if not
-	Text       string
-}
-
-// Error satisfy the error interface.
-func (e *Error) Error() string {
-	return e.Text
-}
-
-// newError make a new error from a string.
-func newError(StatusCode int, Text string) *Error {
-	return &Error{
-		StatusCode: StatusCode,
-		Text:       Text,
-	}
-}
-
-// newErrorf makes a new error from sprintf parameters.
-func newErrorf(StatusCode int, Text string, Parameters ...interface{}) *Error {
-	return newError(StatusCode, fmt.Sprintf(Text, Parameters...))
-}
-
-// errorMap defines http error codes to error mappings.
-type errorMap map[int]error
-
-var (
-	// Specific Errors you might want to check for equality
-	NotModified         = newError(304, "Not Modified")
-	BadRequest          = newError(400, "Bad Request")
-	AuthorizationFailed = newError(401, "Authorization Failed")
-	ContainerNotFound   = newError(404, "Container Not Found")
-	ContainerNotEmpty   = newError(409, "Container Not Empty")
-	ObjectNotFound      = newError(404, "Object Not Found")
-	ObjectCorrupted     = newError(422, "Object Corrupted")
-	TimeoutError        = newError(408, "Timeout when reading or writing data")
-	Forbidden           = newError(403, "Operation forbidden")
-	TooLargeObject      = newError(413, "Too Large Object")
-	RateLimit           = newError(498, "Rate Limit")
-	TooManyRequests     = newError(429, "TooManyRequests")
-
-	// Mappings for authentication errors
-	authErrorMap = errorMap{
-		400: BadRequest,
-		401: AuthorizationFailed,
-		403: Forbidden,
-	}
-
-	// Mappings for container errors
-	ContainerErrorMap = errorMap{
-		400: BadRequest,
-		403: Forbidden,
-		404: ContainerNotFound,
-		409: ContainerNotEmpty,
-		498: RateLimit,
-	}
-
-	// Mappings for object errors
-	objectErrorMap = errorMap{
-		304: NotModified,
-		400: BadRequest,
-		403: Forbidden,
-		404: ObjectNotFound,
-		413: TooLargeObject,
-		422: ObjectCorrupted,
-		429: TooManyRequests,
-		498: RateLimit,
-	}
-)
-
-// checkClose is used to check the return from Close in a defer
-// statement.
-func checkClose(c io.Closer, err *error) {
-	cerr := c.Close()
-	if *err == nil {
-		*err = cerr
-	}
-}
-
-// drainAndClose discards all data from rd and closes it.
-// If an error occurs during Read, it is discarded.
-func drainAndClose(rd io.ReadCloser, err *error) {
-	if rd == nil {
-		return
-	}
-
-	_, _ = io.Copy(ioutil.Discard, rd)
-	cerr := rd.Close()
-	if err != nil && *err == nil {
-		*err = cerr
-	}
-}
-
-// parseHeaders checks a response for errors and translates into
-// standard errors if necessary. If an error is returned, resp.Body
-// has been drained and closed.
-func (c *Connection) parseHeaders(resp *http.Response, errorMap errorMap) error {
-	if errorMap != nil {
-		if err, ok := errorMap[resp.StatusCode]; ok {
-			drainAndClose(resp.Body, nil)
-			return err
-		}
-	}
-	if resp.StatusCode < 200 || resp.StatusCode > 299 {
-		drainAndClose(resp.Body, nil)
-		return newErrorf(resp.StatusCode, "HTTP Error: %d: %s", resp.StatusCode, resp.Status)
-	}
-	return nil
-}
-
-// readHeaders returns a Headers object from the http.Response.
-//
-// If it receives multiple values for a key (which should never
-// happen) it will use the first one
-func readHeaders(resp *http.Response) Headers {
-	headers := Headers{}
-	for key, values := range resp.Header {
-		headers[key] = values[0]
-	}
-	return headers
-}
-
-// Headers stores HTTP headers (can only have one of each header like Swift).
-type Headers map[string]string
-
-// Does an http request using the running timer passed in
-func (c *Connection) doTimeoutRequest(timer *time.Timer, req *http.Request) (*http.Response, error) {
-	// Do the request in the background so we can check the timeout
-	type result struct {
-		resp *http.Response
-		err  error
-	}
-	done := make(chan result, 1)
-	go func() {
-		resp, err := c.client.Do(req)
-		done <- result{resp, err}
-	}()
-	// Wait for the read or the timeout
-	select {
-	case r := <-done:
-		return r.resp, r.err
-	case <-timer.C:
-		// Kill the connection on timeout so we don't leak sockets or goroutines
-		cancelRequest(c.Transport, req)
-		return nil, TimeoutError
-	}
-	panic("unreachable") // For Go 1.0
-}
-
-// Set defaults for any unset values
-//
-// Call with authLock held
-func (c *Connection) setDefaults() {
-	if c.UserAgent == "" {
-		c.UserAgent = DefaultUserAgent
-	}
-	if c.Retries == 0 {
-		c.Retries = DefaultRetries
-	}
-	if c.ConnectTimeout == 0 {
-		c.ConnectTimeout = 10 * time.Second
-	}
-	if c.Timeout == 0 {
-		c.Timeout = 60 * time.Second
-	}
-	if c.Transport == nil {
-		t := &http.Transport{
-			//		TLSClientConfig:    &tls.Config{RootCAs: pool},
-			//		DisableCompression: true,
-			Proxy: http.ProxyFromEnvironment,
-			// Half of linux's default open files limit (1024).
-			MaxIdleConnsPerHost: 512,
-		}
-		SetExpectContinueTimeout(t, 5*time.Second)
-		c.Transport = t
-	}
-	if c.client == nil {
-		c.client = &http.Client{
-			//		CheckRedirect: redirectPolicyFunc,
-			Transport: c.Transport,
-		}
-	}
-}
-
-// Authenticate connects to the Swift server.
-//
-// If you don't call it before calling one of the connection methods
-// then it will be called for you on the first access.
-func (c *Connection) Authenticate() (err error) {
-	c.authLock.Lock()
-	defer c.authLock.Unlock()
-	return c.authenticate()
-}
-
-// Internal implementation of Authenticate
-//
-// Call with authLock held
-func (c *Connection) authenticate() (err error) {
-	c.setDefaults()
-
-	// Flush the keepalives connection - if we are
-	// re-authenticating then stuff has gone wrong
-	flushKeepaliveConnections(c.Transport)
-
-	if c.Auth == nil {
-		c.Auth, err = newAuth(c)
-		if err != nil {
-			return
-		}
-	}
-
-	retries := 1
-again:
-	var req *http.Request
-	req, err = c.Auth.Request(c)
-	if err != nil {
-		return
-	}
-	if req != nil {
-		timer := time.NewTimer(c.ConnectTimeout)
-		defer timer.Stop()
-		var resp *http.Response
-		resp, err = c.doTimeoutRequest(timer, req)
-		if err != nil {
-			return
-		}
-		defer func() {
-			drainAndClose(resp.Body, &err)
-			// Flush the auth connection - we don't want to keep
-			// it open if keepalives were enabled
-			flushKeepaliveConnections(c.Transport)
-		}()
-		if err = c.parseHeaders(resp, authErrorMap); err != nil {
-			// Try again for a limited number of times on
-			// AuthorizationFailed or BadRequest. This allows us
-			// to try some alternate forms of the request
-			if (err == AuthorizationFailed || err == BadRequest) && retries > 0 {
-				retries--
-				goto again
-			}
-			return
-		}
-		err = c.Auth.Response(resp)
-		if err != nil {
-			return
-		}
-	}
-	if customAuth, isCustom := c.Auth.(CustomEndpointAuthenticator); isCustom && c.EndpointType != "" {
-		c.StorageUrl = customAuth.StorageUrlForEndpoint(c.EndpointType)
-	} else {
-		c.StorageUrl = c.Auth.StorageUrl(c.Internal)
-	}
-	c.AuthToken = c.Auth.Token()
-	if do, ok := c.Auth.(Expireser); ok {
-		c.Expires = do.Expires()
-	} else {
-		c.Expires = time.Time{}
-	}
-
-	if !c.authenticated() {
-		err = newError(0, "Response didn't have storage url and auth token")
-		return
-	}
-	return
-}
-
-// Get an authToken and url
-//
-// The Url may be updated if it needed to authenticate using the OnReAuth function
-func (c *Connection) getUrlAndAuthToken(targetUrlIn string, OnReAuth func() (string, error)) (targetUrlOut, authToken string, err error) {
-	c.authLock.Lock()
-	defer c.authLock.Unlock()
-	targetUrlOut = targetUrlIn
-	if !c.authenticated() {
-		err = c.authenticate()
-		if err != nil {
-			return
-		}
-		if OnReAuth != nil {
-			targetUrlOut, err = OnReAuth()
-			if err != nil {
-				return
-			}
-		}
-	}
-	authToken = c.AuthToken
-	return
-}
-
-// flushKeepaliveConnections is called to flush pending requests after an error.
-func flushKeepaliveConnections(transport http.RoundTripper) {
-	if tr, ok := transport.(interface {
-		CloseIdleConnections()
-	}); ok {
-		tr.CloseIdleConnections()
-	}
-}
-
-// UnAuthenticate removes the authentication from the Connection.
-func (c *Connection) UnAuthenticate() {
-	c.authLock.Lock()
-	c.StorageUrl = ""
-	c.AuthToken = ""
-	c.authLock.Unlock()
-}
-
-// Authenticated returns a boolean to show if the current connection
-// is authenticated.
-//
-// Doesn't actually check the credentials against the server.
-func (c *Connection) Authenticated() bool {
-	c.authLock.Lock()
-	defer c.authLock.Unlock()
-	return c.authenticated()
-}
-
-// Internal version of Authenticated()
-//
-// Call with authLock held
-func (c *Connection) authenticated() bool {
-	if c.StorageUrl == "" || c.AuthToken == "" {
-		return false
-	}
-	if c.Expires.IsZero() {
-		return true
-	}
-	timeUntilExpiry := c.Expires.Sub(time.Now())
-	return timeUntilExpiry >= 60*time.Second
-}
-
-// SwiftInfo contains the JSON object returned by Swift when the /info
-// route is queried. The object contains, among others, the Swift version,
-// the enabled middlewares and their configuration
-type SwiftInfo map[string]interface{}
-
-func (i SwiftInfo) SupportsBulkDelete() bool {
-	_, val := i["bulk_delete"]
-	return val
-}
-
-func (i SwiftInfo) SupportsSLO() bool {
-	_, val := i["slo"]
-	return val
-}
-
-func (i SwiftInfo) SLOMinSegmentSize() int64 {
-	if slo, ok := i["slo"].(map[string]interface{}); ok {
-		val, _ := slo["min_segment_size"].(float64)
-		return int64(val)
-	}
-	return 1
-}
-
-// Discover Swift configuration by doing a request against /info
-func (c *Connection) QueryInfo() (infos SwiftInfo, err error) {
-	infoUrl, err := url.Parse(c.StorageUrl)
-	if err != nil {
-		return nil, err
-	}
-	infoUrl.Path = path.Join(infoUrl.Path, "..", "..", "info")
-	resp, err := c.client.Get(infoUrl.String())
-	if err == nil {
-		if resp.StatusCode != http.StatusOK {
-			drainAndClose(resp.Body, nil)
-			return nil, fmt.Errorf("Invalid status code for info request: %d", resp.StatusCode)
-		}
-		err = readJson(resp, &infos)
-		if err == nil {
-			c.authLock.Lock()
-			c.swiftInfo = infos
-			c.authLock.Unlock()
-		}
-		return infos, err
-	}
-	return nil, err
-}
-
-func (c *Connection) cachedQueryInfo() (infos SwiftInfo, err error) {
-	c.authLock.Lock()
-	infos = c.swiftInfo
-	c.authLock.Unlock()
-	if infos == nil {
-		infos, err = c.QueryInfo()
-		if err != nil {
-			return
-		}
-	}
-	return infos, nil
-}
-
-// RequestOpts contains parameters for Connection.storage.
-type RequestOpts struct {
-	Container  string
-	ObjectName string
-	Operation  string
-	Parameters url.Values
-	Headers    Headers
-	ErrorMap   errorMap
-	NoResponse bool
-	Body       io.Reader
-	Retries    int
-	// if set this is called on re-authentication to refresh the targetUrl
-	OnReAuth func() (string, error)
-}
-
-// Call runs a remote command on the targetUrl, returns a
-// response, headers and possible error.
-//
-// operation is GET, HEAD etc
-// container is the name of a container
-// Any other parameters (if not None) are added to the targetUrl
-//
-// Returns a response or an error.  If response is returned then
-// the resp.Body must be read completely and
-// resp.Body.Close() must be called on it, unless noResponse is set in
-// which case the body will be closed in this function
-//
-// If "Content-Length" is set in p.Headers it will be used - this can
-// be used to override the default chunked transfer encoding for
-// uploads.
-//
-// This will Authenticate if necessary, and re-authenticate if it
-// receives a 401 error which means the token has expired
-//
-// This method is exported so extensions can call it.
-func (c *Connection) Call(targetUrl string, p RequestOpts) (resp *http.Response, headers Headers, err error) {
-	c.authLock.Lock()
-	c.setDefaults()
-	c.authLock.Unlock()
-	retries := p.Retries
-	if retries == 0 {
-		retries = c.Retries
-	}
-	var req *http.Request
-	for {
-		var authToken string
-		if targetUrl, authToken, err = c.getUrlAndAuthToken(targetUrl, p.OnReAuth); err != nil {
-			return //authentication failure
-		}
-		var URL *url.URL
-		URL, err = url.Parse(targetUrl)
-		if err != nil {
-			return
-		}
-		if p.Container != "" {
-			URL.Path += "/" + p.Container
-			if p.ObjectName != "" {
-				URL.Path += "/" + p.ObjectName
-			}
-		}
-		if p.Parameters != nil {
-			URL.RawQuery = p.Parameters.Encode()
-		}
-		timer := time.NewTimer(c.ConnectTimeout)
-		defer timer.Stop()
-		reader := p.Body
-		if reader != nil {
-			reader = newWatchdogReader(reader, c.Timeout, timer)
-		}
-		req, err = http.NewRequest(p.Operation, URL.String(), reader)
-		if err != nil {
-			return
-		}
-		if p.Headers != nil {
-			for k, v := range p.Headers {
-				// Set ContentLength in req if the user passed it in in the headers
-				if k == "Content-Length" {
-					req.ContentLength, err = strconv.ParseInt(v, 10, 64)
-					if err != nil {
-						err = fmt.Errorf("Invalid %q header %q: %v", k, v, err)
-						return
-					}
-				} else {
-					req.Header.Add(k, v)
-				}
-			}
-		}
-		req.Header.Add("User-Agent", c.UserAgent)
-		req.Header.Add("X-Auth-Token", authToken)
-
-		_, hasCL := p.Headers["Content-Length"]
-		AddExpectAndTransferEncoding(req, hasCL)
-
-		resp, err = c.doTimeoutRequest(timer, req)
-		if err != nil {
-			if (p.Operation == "HEAD" || p.Operation == "GET") && retries > 0 {
-				retries--
-				continue
-			}
-			return
-		}
-		// Check to see if token has expired
-		if resp.StatusCode == 401 && retries > 0 {
-			drainAndClose(resp.Body, nil)
-			c.UnAuthenticate()
-			retries--
-		} else {
-			break
-		}
-	}
-
-	headers = readHeaders(resp)
-	if err = c.parseHeaders(resp, p.ErrorMap); err != nil {
-		return
-	}
-	if p.NoResponse {
-		drainAndClose(resp.Body, &err)
-		if err != nil {
-			return
-		}
-	} else {
-		// Cancel the request on timeout
-		cancel := func() {
-			cancelRequest(c.Transport, req)
-		}
-		// Wrap resp.Body to make it obey an idle timeout
-		resp.Body = newTimeoutReader(resp.Body, c.Timeout, cancel)
-	}
-	return
-}
-
-// storage runs a remote command on a the storage url, returns a
-// response, headers and possible error.
-//
-// operation is GET, HEAD etc
-// container is the name of a container
-// Any other parameters (if not None) are added to the storage url
-//
-// Returns a response or an error.  If response is returned then
-// resp.Body.Close() must be called on it, unless noResponse is set in
-// which case the body will be closed in this function
-//
-// This will Authenticate if necessary, and re-authenticate if it
-// receives a 401 error which means the token has expired
-func (c *Connection) storage(p RequestOpts) (resp *http.Response, headers Headers, err error) {
-	p.OnReAuth = func() (string, error) {
-		return c.StorageUrl, nil
-	}
-	c.authLock.Lock()
-	url := c.StorageUrl
-	c.authLock.Unlock()
-	return c.Call(url, p)
-}
-
-// readLines reads the response into an array of strings.
-//
-// Closes the response when done
-func readLines(resp *http.Response) (lines []string, err error) {
-	defer drainAndClose(resp.Body, &err)
-	reader := bufio.NewReader(resp.Body)
-	buffer := bytes.NewBuffer(make([]byte, 0, 128))
-	var part []byte
-	var prefix bool
-	for {
-		if part, prefix, err = reader.ReadLine(); err != nil {
-			break
-		}
-		buffer.Write(part)
-		if !prefix {
-			lines = append(lines, buffer.String())
-			buffer.Reset()
-		}
-	}
-	if err == io.EOF {
-		err = nil
-	}
-	return
-}
-
-// readJson reads the response into the json type passed in
-//
-// Closes the response when done
-func readJson(resp *http.Response, result interface{}) (err error) {
-	defer drainAndClose(resp.Body, &err)
-	decoder := json.NewDecoder(resp.Body)
-	return decoder.Decode(result)
-}
-
-/* ------------------------------------------------------------ */
-
-// ContainersOpts is options for Containers() and ContainerNames()
-type ContainersOpts struct {
-	Limit     int     // For an integer value n, limits the number of results to at most n values.
-	Prefix    string  // Given a string value x, return container names matching the specified prefix.
-	Marker    string  // Given a string value x, return container names greater in value than the specified marker.
-	EndMarker string  // Given a string value x, return container names less in value than the specified marker.
-	Headers   Headers // Any additional HTTP headers - can be nil
-}
-
-// parse the ContainerOpts
-func (opts *ContainersOpts) parse() (url.Values, Headers) {
-	v := url.Values{}
-	var h Headers
-	if opts != nil {
-		if opts.Limit > 0 {
-			v.Set("limit", strconv.Itoa(opts.Limit))
-		}
-		if opts.Prefix != "" {
-			v.Set("prefix", opts.Prefix)
-		}
-		if opts.Marker != "" {
-			v.Set("marker", opts.Marker)
-		}
-		if opts.EndMarker != "" {
-			v.Set("end_marker", opts.EndMarker)
-		}
-		h = opts.Headers
-	}
-	return v, h
-}
-
-// ContainerNames returns a slice of names of containers in this account.
-func (c *Connection) ContainerNames(opts *ContainersOpts) ([]string, error) {
-	v, h := opts.parse()
-	resp, _, err := c.storage(RequestOpts{
-		Operation:  "GET",
-		Parameters: v,
-		ErrorMap:   ContainerErrorMap,
-		Headers:    h,
-	})
-	if err != nil {
-		return nil, err
-	}
-	lines, err := readLines(resp)
-	return lines, err
-}
-
-// Container contains information about a container
-type Container struct {
-	Name  string // Name of the container
-	Count int64  // Number of objects in the container
-	Bytes int64  // Total number of bytes used in the container
-}
-
-// Containers returns a slice of structures with full information as
-// described in Container.
-func (c *Connection) Containers(opts *ContainersOpts) ([]Container, error) {
-	v, h := opts.parse()
-	v.Set("format", "json")
-	resp, _, err := c.storage(RequestOpts{
-		Operation:  "GET",
-		Parameters: v,
-		ErrorMap:   ContainerErrorMap,
-		Headers:    h,
-	})
-	if err != nil {
-		return nil, err
-	}
-	var containers []Container
-	err = readJson(resp, &containers)
-	return containers, err
-}
-
-// containersAllOpts makes a copy of opts if set or makes a new one and
-// overrides Limit and Marker
-func containersAllOpts(opts *ContainersOpts) *ContainersOpts {
-	var newOpts ContainersOpts
-	if opts != nil {
-		newOpts = *opts
-	}
-	if newOpts.Limit == 0 {
-		newOpts.Limit = allContainersLimit
-	}
-	newOpts.Marker = ""
-	return &newOpts
-}
-
-// ContainersAll is like Containers but it returns all the Containers
-//
-// It calls Containers multiple times using the Marker parameter
-//
-// It has a default Limit parameter but you may pass in your own
-func (c *Connection) ContainersAll(opts *ContainersOpts) ([]Container, error) {
-	opts = containersAllOpts(opts)
-	containers := make([]Container, 0)
-	for {
-		newContainers, err := c.Containers(opts)
-		if err != nil {
-			return nil, err
-		}
-		containers = append(containers, newContainers...)
-		if len(newContainers) < opts.Limit {
-			break
-		}
-		opts.Marker = newContainers[len(newContainers)-1].Name
-	}
-	return containers, nil
-}
-
-// ContainerNamesAll is like ContainerNamess but it returns all the Containers
-//
-// It calls ContainerNames multiple times using the Marker parameter
-//
-// It has a default Limit parameter but you may pass in your own
-func (c *Connection) ContainerNamesAll(opts *ContainersOpts) ([]string, error) {
-	opts = containersAllOpts(opts)
-	containers := make([]string, 0)
-	for {
-		newContainers, err := c.ContainerNames(opts)
-		if err != nil {
-			return nil, err
-		}
-		containers = append(containers, newContainers...)
-		if len(newContainers) < opts.Limit {
-			break
-		}
-		opts.Marker = newContainers[len(newContainers)-1]
-	}
-	return containers, nil
-}
-
-/* ------------------------------------------------------------ */
-
-// ObjectOpts is options for Objects() and ObjectNames()
-type ObjectsOpts struct {
-	Limit     int     // For an integer value n, limits the number of results to at most n values.
-	Marker    string  // Given a string value x, return object names greater in value than the  specified marker.
-	EndMarker string  // Given a string value x, return object names less in value than the specified marker
-	Prefix    string  // For a string value x, causes the results to be limited to object names beginning with the substring x.
-	Path      string  // For a string value x, return the object names nested in the pseudo path
-	Delimiter rune    // For a character c, return all the object names nested in the container
-	Headers   Headers // Any additional HTTP headers - can be nil
-}
-
-// parse reads values out of ObjectsOpts
-func (opts *ObjectsOpts) parse() (url.Values, Headers) {
-	v := url.Values{}
-	var h Headers
-	if opts != nil {
-		if opts.Limit > 0 {
-			v.Set("limit", strconv.Itoa(opts.Limit))
-		}
-		if opts.Marker != "" {
-			v.Set("marker", opts.Marker)
-		}
-		if opts.EndMarker != "" {
-			v.Set("end_marker", opts.EndMarker)
-		}
-		if opts.Prefix != "" {
-			v.Set("prefix", opts.Prefix)
-		}
-		if opts.Path != "" {
-			v.Set("path", opts.Path)
-		}
-		if opts.Delimiter != 0 {
-			v.Set("delimiter", string(opts.Delimiter))
-		}
-		h = opts.Headers
-	}
-	return v, h
-}
-
-// ObjectNames returns a slice of names of objects in a given container.
-func (c *Connection) ObjectNames(container string, opts *ObjectsOpts) ([]string, error) {
-	v, h := opts.parse()
-	resp, _, err := c.storage(RequestOpts{
-		Container:  container,
-		Operation:  "GET",
-		Parameters: v,
-		ErrorMap:   ContainerErrorMap,
-		Headers:    h,
-	})
-	if err != nil {
-		return nil, err
-	}
-	return readLines(resp)
-}
-
-// Object contains information about an object
-type Object struct {
-	Name               string     `json:"name"`          // object name
-	ContentType        string     `json:"content_type"`  // eg application/directory
-	Bytes              int64      `json:"bytes"`         // size in bytes
-	ServerLastModified string     `json:"last_modified"` // Last modified time, eg '2011-06-30T08:20:47.736680' as a string supplied by the server
-	LastModified       time.Time  // Last modified time converted to a time.Time
-	Hash               string     `json:"hash"`     // MD5 hash, eg "d41d8cd98f00b204e9800998ecf8427e"
-	SLOHash            string     `json:"slo_etag"` // MD5 hash of all segments' MD5 hash, eg "d41d8cd98f00b204e9800998ecf8427e"
-	PseudoDirectory    bool       // Set when using delimiter to show that this directory object does not really exist
-	SubDir             string     `json:"subdir"` // returned only when using delimiter to mark "pseudo directories"
-	ObjectType         ObjectType // type of this object
-}
-
-// Objects returns a slice of Object with information about each
-// object in the container.
-//
-// If Delimiter is set in the opts then PseudoDirectory may be set,
-// with ContentType 'application/directory'.  These are not real
-// objects but represent directories of objects which haven't had an
-// object created for them.
-func (c *Connection) Objects(container string, opts *ObjectsOpts) ([]Object, error) {
-	v, h := opts.parse()
-	v.Set("format", "json")
-	resp, _, err := c.storage(RequestOpts{
-		Container:  container,
-		Operation:  "GET",
-		Parameters: v,
-		ErrorMap:   ContainerErrorMap,
-		Headers:    h,
-	})
-	if err != nil {
-		return nil, err
-	}
-	var objects []Object
-	err = readJson(resp, &objects)
-	// Convert Pseudo directories and dates
-	for i := range objects {
-		object := &objects[i]
-		if object.SubDir != "" {
-			object.Name = object.SubDir
-			object.PseudoDirectory = true
-			object.ContentType = "application/directory"
-		}
-		if object.ServerLastModified != "" {
-			// 2012-11-11T14:49:47.887250
-			//
-			// Remove fractional seconds if present. This
-			// then keeps it consistent with Object
-			// which can only return timestamps accurate
-			// to 1 second
-			//
-			// The TimeFormat will parse fractional
-			// seconds if desired though
-			datetime := strings.SplitN(object.ServerLastModified, ".", 2)[0]
-			object.LastModified, err = time.Parse(TimeFormat, datetime)
-			if err != nil {
-				return nil, err
-			}
-		}
-		if object.SLOHash != "" {
-			object.ObjectType = StaticLargeObjectType
-		}
-	}
-	return objects, err
-}
-
-// objectsAllOpts makes a copy of opts if set or makes a new one and
-// overrides Limit and Marker
-func objectsAllOpts(opts *ObjectsOpts, Limit int) *ObjectsOpts {
-	var newOpts ObjectsOpts
-	if opts != nil {
-		newOpts = *opts
-	}
-	if newOpts.Limit == 0 {
-		newOpts.Limit = Limit
-	}
-	newOpts.Marker = ""
-	return &newOpts
-}
-
-// A closure defined by the caller to iterate through all objects
-//
-// Call Objects or ObjectNames from here with the *ObjectOpts passed in
-//
-// Do whatever is required with the results then return them
-type ObjectsWalkFn func(*ObjectsOpts) (interface{}, error)
-
-// ObjectsWalk is uses to iterate through all the objects in chunks as
-// returned by Objects or ObjectNames using the Marker and Limit
-// parameters in the ObjectsOpts.
-//
-// Pass in a closure `walkFn` which calls Objects or ObjectNames with
-// the *ObjectsOpts passed to it and does something with the results.
-//
-// Errors will be returned from this function
-//
-// It has a default Limit parameter but you may pass in your own
-func (c *Connection) ObjectsWalk(container string, opts *ObjectsOpts, walkFn ObjectsWalkFn) error {
-	opts = objectsAllOpts(opts, allObjectsChanLimit)
-	for {
-		objects, err := walkFn(opts)
-		if err != nil {
-			return err
-		}
-		var n int
-		var last string
-		switch objects := objects.(type) {
-		case []string:
-			n = len(objects)
-			if n > 0 {
-				last = objects[len(objects)-1]
-			}
-		case []Object:
-			n = len(objects)
-			if n > 0 {
-				last = objects[len(objects)-1].Name
-			}
-		default:
-			panic("Unknown type returned to ObjectsWalk")
-		}
-		if n < opts.Limit {
-			break
-		}
-		opts.Marker = last
-	}
-	return nil
-}
-
-// ObjectsAll is like Objects but it returns an unlimited number of Objects in a slice
-//
-// It calls Objects multiple times using the Marker parameter
-func (c *Connection) ObjectsAll(container string, opts *ObjectsOpts) ([]Object, error) {
-	objects := make([]Object, 0)
-	err := c.ObjectsWalk(container, opts, func(opts *ObjectsOpts) (interface{}, error) {
-		newObjects, err := c.Objects(container, opts)
-		if err == nil {
-			objects = append(objects, newObjects...)
-		}
-		return newObjects, err
-	})
-	return objects, err
-}
-
-// ObjectNamesAll is like ObjectNames but it returns all the Objects
-//
-// It calls ObjectNames multiple times using the Marker parameter
-//
-// It has a default Limit parameter but you may pass in your own
-func (c *Connection) ObjectNamesAll(container string, opts *ObjectsOpts) ([]string, error) {
-	objects := make([]string, 0)
-	err := c.ObjectsWalk(container, opts, func(opts *ObjectsOpts) (interface{}, error) {
-		newObjects, err := c.ObjectNames(container, opts)
-		if err == nil {
-			objects = append(objects, newObjects...)
-		}
-		return newObjects, err
-	})
-	return objects, err
-}
-
-// Account contains information about this account.
-type Account struct {
-	BytesUsed  int64 // total number of bytes used
-	Containers int64 // total number of containers
-	Objects    int64 // total number of objects
-}
-
-// getInt64FromHeader is a helper function to decode int64 from header.
-func getInt64FromHeader(resp *http.Response, header string) (result int64, err error) {
-	value := resp.Header.Get(header)
-	result, err = strconv.ParseInt(value, 10, 64)
-	if err != nil {
-		err = newErrorf(0, "Bad Header '%s': '%s': %s", header, value, err)
-	}
-	return
-}
-
-// Account returns info about the account in an Account struct.
-func (c *Connection) Account() (info Account, headers Headers, err error) {
-	var resp *http.Response
-	resp, headers, err = c.storage(RequestOpts{
-		Operation:  "HEAD",
-		ErrorMap:   ContainerErrorMap,
-		NoResponse: true,
-	})
-	if err != nil {
-		return
-	}
-	// Parse the headers into a dict
-	//
-	//    {'Accept-Ranges': 'bytes',
-	//     'Content-Length': '0',
-	//     'Date': 'Tue, 05 Jul 2011 16:37:06 GMT',
-	//     'X-Account-Bytes-Used': '316598182',
-	//     'X-Account-Container-Count': '4',
-	//     'X-Account-Object-Count': '1433'}
-	if info.BytesUsed, err = getInt64FromHeader(resp, "X-Account-Bytes-Used"); err != nil {
-		return
-	}
-	if info.Containers, err = getInt64FromHeader(resp, "X-Account-Container-Count"); err != nil {
-		return
-	}
-	if info.Objects, err = getInt64FromHeader(resp, "X-Account-Object-Count"); err != nil {
-		return
-	}
-	return
-}
-
-// AccountUpdate adds, replaces or remove account metadata.
-//
-// Add or update keys by mentioning them in the Headers.
-//
-// Remove keys by setting them to an empty string.
-func (c *Connection) AccountUpdate(h Headers) error {
-	_, _, err := c.storage(RequestOpts{
-		Operation:  "POST",
-		ErrorMap:   ContainerErrorMap,
-		NoResponse: true,
-		Headers:    h,
-	})
-	return err
-}
-
-// ContainerCreate creates a container.
-//
-// If you don't want to add Headers just pass in nil
-//
-// No error is returned if it already exists but the metadata if any will be updated.
-func (c *Connection) ContainerCreate(container string, h Headers) error {
-	_, _, err := c.storage(RequestOpts{
-		Container:  container,
-		Operation:  "PUT",
-		ErrorMap:   ContainerErrorMap,
-		NoResponse: true,
-		Headers:    h,
-	})
-	return err
-}
-
-// ContainerDelete deletes a container.
-//
-// May return ContainerDoesNotExist or ContainerNotEmpty
-func (c *Connection) ContainerDelete(container string) error {
-	_, _, err := c.storage(RequestOpts{
-		Container:  container,
-		Operation:  "DELETE",
-		ErrorMap:   ContainerErrorMap,
-		NoResponse: true,
-	})
-	return err
-}
-
-// Container returns info about a single container including any
-// metadata in the headers.
-func (c *Connection) Container(container string) (info Container, headers Headers, err error) {
-	var resp *http.Response
-	resp, headers, err = c.storage(RequestOpts{
-		Container:  container,
-		Operation:  "HEAD",
-		ErrorMap:   ContainerErrorMap,
-		NoResponse: true,
-	})
-	if err != nil {
-		return
-	}
-	// Parse the headers into the struct
-	info.Name = container
-	if info.Bytes, err = getInt64FromHeader(resp, "X-Container-Bytes-Used"); err != nil {
-		return
-	}
-	if info.Count, err = getInt64FromHeader(resp, "X-Container-Object-Count"); err != nil {
-		return
-	}
-	return
-}
-
-// ContainerUpdate adds, replaces or removes container metadata.
-//
-// Add or update keys by mentioning them in the Metadata.
-//
-// Remove keys by setting them to an empty string.
-//
-// Container metadata can only be read with Container() not with Containers().
-func (c *Connection) ContainerUpdate(container string, h Headers) error {
-	_, _, err := c.storage(RequestOpts{
-		Container:  container,
-		Operation:  "POST",
-		ErrorMap:   ContainerErrorMap,
-		NoResponse: true,
-		Headers:    h,
-	})
-	return err
-}
-
-// ------------------------------------------------------------
-
-// ObjectCreateFile represents a swift object open for writing
-type ObjectCreateFile struct {
-	checkHash  bool           // whether we are checking the hash
-	pipeReader *io.PipeReader // pipe for the caller to use
-	pipeWriter *io.PipeWriter
-	hash       hash.Hash      // hash being build up as we go along
-	done       chan struct{}  // signals when the upload has finished
-	resp       *http.Response // valid when done has signalled
-	err        error          // ditto
-	headers    Headers        // ditto
-}
-
-// Write bytes to the object - see io.Writer
-func (file *ObjectCreateFile) Write(p []byte) (n int, err error) {
-	n, err = file.pipeWriter.Write(p)
-	if err == io.ErrClosedPipe {
-		if file.err != nil {
-			return 0, file.err
-		}
-		return 0, newError(500, "Write on closed file")
-	}
-	if err == nil && file.checkHash {
-		_, _ = file.hash.Write(p)
-	}
-	return
-}
-
-// Close the object and checks the md5sum if it was required.
-//
-// Also returns any other errors from the server (eg container not
-// found) so it is very important to check the errors on this method.
-func (file *ObjectCreateFile) Close() error {
-	// Close the body
-	err := file.pipeWriter.Close()
-	if err != nil {
-		return err
-	}
-
-	// Wait for the HTTP operation to complete
-	<-file.done
-
-	// Check errors
-	if file.err != nil {
-		return file.err
-	}
-	if file.checkHash {
-		receivedMd5 := strings.ToLower(file.headers["Etag"])
-		calculatedMd5 := fmt.Sprintf("%x", file.hash.Sum(nil))
-		if receivedMd5 != calculatedMd5 {
-			return ObjectCorrupted
-		}
-	}
-	return nil
-}
-
-// Headers returns the response headers from the created object if the upload
-// has been completed. The Close() method must be called on an ObjectCreateFile
-// before this method.
-func (file *ObjectCreateFile) Headers() (Headers, error) {
-	// error out if upload is not complete.
-	select {
-	case <-file.done:
-	default:
-		return nil, fmt.Errorf("Cannot get metadata, object upload failed or has not yet completed.")
-	}
-	return file.headers, nil
-}
-
-// Check it satisfies the interface
-var _ io.WriteCloser = &ObjectCreateFile{}
-
-// objectPutHeaders create a set of headers for a PUT
-//
-// It guesses the contentType from the objectName if it isn't set
-//
-// checkHash may be changed
-func objectPutHeaders(objectName string, checkHash *bool, Hash string, contentType string, h Headers) Headers {
-	if contentType == "" {
-		contentType = mime.TypeByExtension(path.Ext(objectName))
-		if contentType == "" {
-			contentType = "application/octet-stream"
-		}
-	}
-	// Meta stuff
-	extraHeaders := map[string]string{
-		"Content-Type": contentType,
-	}
-	for key, value := range h {
-		extraHeaders[key] = value
-	}
-	if Hash != "" {
-		extraHeaders["Etag"] = Hash
-		*checkHash = false // the server will do it
-	}
-	return extraHeaders
-}
-
-// ObjectCreate creates or updates the object in the container.  It
-// returns an io.WriteCloser you should write the contents to.  You
-// MUST call Close() on it and you MUST check the error return from
-// Close().
-//
-// If checkHash is True then it will calculate the MD5 Hash of the
-// file as it is being uploaded and check it against that returned
-// from the server.  If it is wrong then it will return
-// ObjectCorrupted on Close()
-//
-// If you know the MD5 hash of the object ahead of time then set the
-// Hash parameter and it will be sent to the server (as an Etag
-// header) and the server will check the MD5 itself after the upload,
-// and this will return ObjectCorrupted on Close() if it is incorrect.
-//
-// If you don't want any error protection (not recommended) then set
-// checkHash to false and Hash to "".
-//
-// If contentType is set it will be used, otherwise one will be
-// guessed from objectName using mime.TypeByExtension
-func (c *Connection) ObjectCreate(container string, objectName string, checkHash bool, Hash string, contentType string, h Headers) (file *ObjectCreateFile, err error) {
-	extraHeaders := objectPutHeaders(objectName, &checkHash, Hash, contentType, h)
-	pipeReader, pipeWriter := io.Pipe()
-	file = &ObjectCreateFile{
-		hash:       md5.New(),
-		checkHash:  checkHash,
-		pipeReader: pipeReader,
-		pipeWriter: pipeWriter,
-		done:       make(chan struct{}),
-	}
-	// Run the PUT in the background piping it data
-	go func() {
-		opts := RequestOpts{
-			Container:  container,
-			ObjectName: objectName,
-			Operation:  "PUT",
-			Headers:    extraHeaders,
-			Body:       pipeReader,
-			NoResponse: true,
-			ErrorMap:   objectErrorMap,
-		}
-		file.resp, file.headers, file.err = c.storage(opts)
-		// Signal finished
-		pipeReader.Close()
-		close(file.done)
-	}()
-	return
-}
-
-func (c *Connection) objectPut(container string, objectName string, contents io.Reader, checkHash bool, Hash string, contentType string, h Headers, parameters url.Values) (headers Headers, err error) {
-	extraHeaders := objectPutHeaders(objectName, &checkHash, Hash, contentType, h)
-	hash := md5.New()
-	var body io.Reader = contents
-	if checkHash {
-		body = io.TeeReader(contents, hash)
-	}
-	_, headers, err = c.storage(RequestOpts{
-		Container:  container,
-		ObjectName: objectName,
-		Operation:  "PUT",
-		Headers:    extraHeaders,
-		Body:       body,
-		NoResponse: true,
-		ErrorMap:   objectErrorMap,
-		Parameters: parameters,
-	})
-	if err != nil {
-		return
-	}
-	if checkHash {
-		receivedMd5 := strings.ToLower(headers["Etag"])
-		calculatedMd5 := fmt.Sprintf("%x", hash.Sum(nil))
-		if receivedMd5 != calculatedMd5 {
-			err = ObjectCorrupted
-			return
-		}
-	}
-	return
-}
-
-// ObjectPut creates or updates the path in the container from
-// contents.  contents should be an open io.Reader which will have all
-// its contents read.
-//
-// This is a low level interface.
-//
-// If checkHash is True then it will calculate the MD5 Hash of the
-// file as it is being uploaded and check it against that returned
-// from the server.  If it is wrong then it will return
-// ObjectCorrupted.
-//
-// If you know the MD5 hash of the object ahead of time then set the
-// Hash parameter and it will be sent to the server (as an Etag
-// header) and the server will check the MD5 itself after the upload,
-// and this will return ObjectCorrupted if it is incorrect.
-//
-// If you don't want any error protection (not recommended) then set
-// checkHash to false and Hash to "".
-//
-// If contentType is set it will be used, otherwise one will be
-// guessed from objectName using mime.TypeByExtension
-func (c *Connection) ObjectPut(container string, objectName string, contents io.Reader, checkHash bool, Hash string, contentType string, h Headers) (headers Headers, err error) {
-	return c.objectPut(container, objectName, contents, checkHash, Hash, contentType, h, nil)
-}
-
-// ObjectPutBytes creates an object from a []byte in a container.
-//
-// This is a simplified interface which checks the MD5.
-func (c *Connection) ObjectPutBytes(container string, objectName string, contents []byte, contentType string) (err error) {
-	buf := bytes.NewBuffer(contents)
-	h := Headers{"Content-Length": strconv.Itoa(len(contents))}
-	_, err = c.ObjectPut(container, objectName, buf, true, "", contentType, h)
-	return
-}
-
-// ObjectPutString creates an object from a string in a container.
-//
-// This is a simplified interface which checks the MD5
-func (c *Connection) ObjectPutString(container string, objectName string, contents string, contentType string) (err error) {
-	buf := strings.NewReader(contents)
-	h := Headers{"Content-Length": strconv.Itoa(len(contents))}
-	_, err = c.ObjectPut(container, objectName, buf, true, "", contentType, h)
-	return
-}
-
-// ObjectOpenFile represents a swift object open for reading
-type ObjectOpenFile struct {
-	connection *Connection    // stored copy of Connection used in Open
-	container  string         // stored copy of container used in Open
-	objectName string         // stored copy of objectName used in Open
-	headers    Headers        // stored copy of headers used in Open
-	resp       *http.Response // http connection
-	body       io.Reader      // read data from this
-	checkHash  bool           // true if checking MD5
-	hash       hash.Hash      // currently accumulating MD5
-	bytes      int64          // number of bytes read on this connection
-	eof        bool           // whether we have read end of file
-	pos        int64          // current position when reading
-	lengthOk   bool           // whether length is valid
-	length     int64          // length of the object if read
-	seeked     bool           // whether we have seeked this file or not
-	overSeeked bool           // set if we have seeked to the end or beyond
-}
-
-// Read bytes from the object - see io.Reader
-func (file *ObjectOpenFile) Read(p []byte) (n int, err error) {
-	if file.overSeeked {
-		return 0, io.EOF
-	}
-	n, err = file.body.Read(p)
-	file.bytes += int64(n)
-	file.pos += int64(n)
-	if err == io.EOF {
-		file.eof = true
-	}
-	return
-}
-
-// Seek sets the offset for the next Read to offset, interpreted
-// according to whence: 0 means relative to the origin of the file, 1
-// means relative to the current offset, and 2 means relative to the
-// end. Seek returns the new offset and an Error, if any.
-//
-// Seek uses HTTP Range headers which, if the file pointer is moved,
-// will involve reopening the HTTP connection.
-//
-// Note that you can't seek to the end of a file or beyond; HTTP Range
-// requests don't support the file pointer being outside the data,
-// unlike os.File
-//
-// Seek(0, 1) will return the current file pointer.
-func (file *ObjectOpenFile) Seek(offset int64, whence int) (newPos int64, err error) {
-	file.overSeeked = false
-	switch whence {
-	case 0: // relative to start
-		newPos = offset
-	case 1: // relative to current
-		newPos = file.pos + offset
-	case 2: // relative to end
-		if !file.lengthOk {
-			return file.pos, newError(0, "Length of file unknown so can't seek from end")
-		}
-		newPos = file.length + offset
-		if offset >= 0 {
-			file.overSeeked = true
-			return
-		}
-	default:
-		panic("Unknown whence in ObjectOpenFile.Seek")
-	}
-	// If at correct position (quite likely), do nothing
-	if newPos == file.pos {
-		return
-	}
-	// Close the file...
-	file.seeked = true
-	err = file.Close()
-	if err != nil {
-		return
-	}
-	// ...and re-open with a Range header
-	if file.headers == nil {
-		file.headers = Headers{}
-	}
-	if newPos > 0 {
-		file.headers["Range"] = fmt.Sprintf("bytes=%d-", newPos)
-	} else {
-		delete(file.headers, "Range")
-	}
-	newFile, _, err := file.connection.ObjectOpen(file.container, file.objectName, false, file.headers)
-	if err != nil {
-		return
-	}
-	// Update the file
-	file.resp = newFile.resp
-	file.body = newFile.body
-	file.checkHash = false
-	file.pos = newPos
-	return
-}
-
-// Length gets the objects content length either from a cached copy or
-// from the server.
-func (file *ObjectOpenFile) Length() (int64, error) {
-	if !file.lengthOk {
-		info, _, err := file.connection.Object(file.container, file.objectName)
-		file.length = info.Bytes
-		file.lengthOk = (err == nil)
-		return file.length, err
-	}
-	return file.length, nil
-}
-
-// Close the object and checks the length and md5sum if it was
-// required and all the object was read
-func (file *ObjectOpenFile) Close() (err error) {
-	// Close the body at the end
-	defer checkClose(file.resp.Body, &err)
-
-	// If not end of file or seeked then can't check anything
-	if !file.eof || file.seeked {
-		return
-	}
-
-	// Check the MD5 sum if requested
-	if file.checkHash {
-		receivedMd5 := strings.ToLower(file.resp.Header.Get("Etag"))
-		calculatedMd5 := fmt.Sprintf("%x", file.hash.Sum(nil))
-		if receivedMd5 != calculatedMd5 {
-			err = ObjectCorrupted
-			return
-		}
-	}
-
-	// Check to see we read the correct number of bytes
-	if file.lengthOk && file.length != file.bytes {
-		err = ObjectCorrupted
-		return
-	}
-	return
-}
-
-// Check it satisfies the interfaces
-var _ io.ReadCloser = &ObjectOpenFile{}
-var _ io.Seeker = &ObjectOpenFile{}
-
-func (c *Connection) objectOpenBase(container string, objectName string, checkHash bool, h Headers, parameters url.Values) (file *ObjectOpenFile, headers Headers, err error) {
-	var resp *http.Response
-	opts := RequestOpts{
-		Container:  container,
-		ObjectName: objectName,
-		Operation:  "GET",
-		ErrorMap:   objectErrorMap,
-		Headers:    h,
-		Parameters: parameters,
-	}
-	resp, headers, err = c.storage(opts)
-	if err != nil {
-		return
-	}
-	// Can't check MD5 on an object with X-Object-Manifest or X-Static-Large-Object set
-	if checkHash && headers.IsLargeObject() {
-		// log.Printf("swift: turning off md5 checking on object with manifest %v", objectName)
-		checkHash = false
-	}
-	file = &ObjectOpenFile{
-		connection: c,
-		container:  container,
-		objectName: objectName,
-		headers:    h,
-		resp:       resp,
-		checkHash:  checkHash,
-		body:       resp.Body,
-	}
-	if checkHash {
-		file.hash = md5.New()
-		file.body = io.TeeReader(resp.Body, file.hash)
-	}
-	// Read Content-Length
-	if resp.Header.Get("Content-Length") != "" {
-		file.length, err = getInt64FromHeader(resp, "Content-Length")
-		file.lengthOk = (err == nil)
-	}
-	return
-}
-
-func (c *Connection) objectOpen(container string, objectName string, checkHash bool, h Headers, parameters url.Values) (file *ObjectOpenFile, headers Headers, err error) {
-	err = withLORetry(0, func() (Headers, int64, error) {
-		file, headers, err = c.objectOpenBase(container, objectName, checkHash, h, parameters)
-		if err != nil {
-			return headers, 0, err
-		}
-		return headers, file.length, nil
-	})
-	return
-}
-
-// ObjectOpen returns an ObjectOpenFile for reading the contents of
-// the object.  This satisfies the io.ReadCloser and the io.Seeker
-// interfaces.
-//
-// You must call Close() on contents when finished
-//
-// Returns the headers of the response.
-//
-// If checkHash is true then it will calculate the md5sum of the file
-// as it is being received and check it against that returned from the
-// server.  If it is wrong then it will return ObjectCorrupted. It
-// will also check the length returned. No checking will be done if
-// you don't read all the contents.
-//
-// Note that objects with X-Object-Manifest or X-Static-Large-Object
-// set won't ever have their md5sum's checked as the md5sum reported
-// on the object is actually the md5sum of the md5sums of the
-// parts. This isn't very helpful to detect a corrupted download as
-// the size of the parts aren't known without doing more operations.
-// If you want to ensure integrity of an object with a manifest then
-// you will need to download everything in the manifest separately.
-//
-// headers["Content-Type"] will give the content type if desired.
-func (c *Connection) ObjectOpen(container string, objectName string, checkHash bool, h Headers) (file *ObjectOpenFile, headers Headers, err error) {
-	return c.objectOpen(container, objectName, checkHash, h, nil)
-}
-
-// ObjectGet gets the object into the io.Writer contents.
-//
-// Returns the headers of the response.
-//
-// If checkHash is true then it will calculate the md5sum of the file
-// as it is being received and check it against that returned from the
-// server.  If it is wrong then it will return ObjectCorrupted.
-//
-// headers["Content-Type"] will give the content type if desired.
-func (c *Connection) ObjectGet(container string, objectName string, contents io.Writer, checkHash bool, h Headers) (headers Headers, err error) {
-	file, headers, err := c.ObjectOpen(container, objectName, checkHash, h)
-	if err != nil {
-		return
-	}
-	defer checkClose(file, &err)
-	_, err = io.Copy(contents, file)
-	return
-}
-
-// ObjectGetBytes returns an object as a []byte.
-//
-// This is a simplified interface which checks the MD5
-func (c *Connection) ObjectGetBytes(container string, objectName string) (contents []byte, err error) {
-	var buf bytes.Buffer
-	_, err = c.ObjectGet(container, objectName, &buf, true, nil)
-	contents = buf.Bytes()
-	return
-}
-
-// ObjectGetString returns an object as a string.
-//
-// This is a simplified interface which checks the MD5
-func (c *Connection) ObjectGetString(container string, objectName string) (contents string, err error) {
-	var buf bytes.Buffer
-	_, err = c.ObjectGet(container, objectName, &buf, true, nil)
-	contents = buf.String()
-	return
-}
-
-// ObjectDelete deletes the object.
-//
-// May return ObjectNotFound if the object isn't found
-func (c *Connection) ObjectDelete(container string, objectName string) error {
-	_, _, err := c.storage(RequestOpts{
-		Container:  container,
-		ObjectName: objectName,
-		Operation:  "DELETE",
-		ErrorMap:   objectErrorMap,
-	})
-	return err
-}
-
-// ObjectTempUrl returns a temporary URL for an object
-func (c *Connection) ObjectTempUrl(container string, objectName string, secretKey string, method string, expires time.Time) string {
-	mac := hmac.New(sha1.New, []byte(secretKey))
-	prefix, _ := url.Parse(c.StorageUrl)
-	body := fmt.Sprintf("%s\n%d\n%s/%s/%s", method, expires.Unix(), prefix.Path, container, objectName)
-	mac.Write([]byte(body))
-	sig := hex.EncodeToString(mac.Sum(nil))
-	return fmt.Sprintf("%s/%s/%s?temp_url_sig=%s&temp_url_expires=%d", c.StorageUrl, container, objectName, sig, expires.Unix())
-}
-
-// parseResponseStatus parses string like "200 OK" and returns Error.
-//
-// For status codes beween 200 and 299, this returns nil.
-func parseResponseStatus(resp string, errorMap errorMap) error {
-	code := 0
-	reason := resp
-	t := strings.SplitN(resp, " ", 2)
-	if len(t) == 2 {
-		ncode, err := strconv.Atoi(t[0])
-		if err == nil {
-			code = ncode
-			reason = t[1]
-		}
-	}
-	if errorMap != nil {
-		if err, ok := errorMap[code]; ok {
-			return err
-		}
-	}
-	if 200 <= code && code <= 299 {
-		return nil
-	}
-	return newError(code, reason)
-}
-
-// BulkDeleteResult stores results of BulkDelete().
-//
-// Individual errors may (or may not) be returned by Errors.
-// Errors is a map whose keys are a full path of where the object was
-// to be deleted, and whose values are Error objects.  A full path of
-// object looks like "/API_VERSION/USER_ACCOUNT/CONTAINER/OBJECT_PATH".
-type BulkDeleteResult struct {
-	NumberNotFound int64            // # of objects not found.
-	NumberDeleted  int64            // # of deleted objects.
-	Errors         map[string]error // Mapping between object name and an error.
-	Headers        Headers          // Response HTTP headers.
-}
-
-func (c *Connection) doBulkDelete(objects []string) (result BulkDeleteResult, err error) {
-	var buffer bytes.Buffer
-	for _, s := range objects {
-		u := url.URL{Path: s}
-		buffer.WriteString(u.String() + "\n")
-	}
-	resp, headers, err := c.storage(RequestOpts{
-		Operation:  "DELETE",
-		Parameters: url.Values{"bulk-delete": []string{"1"}},
-		Headers: Headers{
-			"Accept":         "application/json",
-			"Content-Type":   "text/plain",
-			"Content-Length": strconv.Itoa(buffer.Len()),
-		},
-		ErrorMap: ContainerErrorMap,
-		Body:     &buffer,
-	})
-	if err != nil {
-		return
-	}
-	var jsonResult struct {
-		NotFound int64  `json:"Number Not Found"`
-		Status   string `json:"Response Status"`
-		Errors   [][]string
-		Deleted  int64 `json:"Number Deleted"`
-	}
-	err = readJson(resp, &jsonResult)
-	if err != nil {
-		return
-	}
-
-	err = parseResponseStatus(jsonResult.Status, objectErrorMap)
-	result.NumberNotFound = jsonResult.NotFound
-	result.NumberDeleted = jsonResult.Deleted
-	result.Headers = headers
-	el := make(map[string]error, len(jsonResult.Errors))
-	for _, t := range jsonResult.Errors {
-		if len(t) != 2 {
-			continue
-		}
-		el[t[0]] = parseResponseStatus(t[1], objectErrorMap)
-	}
-	result.Errors = el
-	return
-}
-
-// BulkDelete deletes multiple objectNames from container in one operation.
-//
-// Some servers may not accept bulk-delete requests since bulk-delete is
-// an optional feature of swift - these will return the Forbidden error.
-//
-// See also:
-// * http://docs.openstack.org/trunk/openstack-object-storage/admin/content/object-storage-bulk-delete.html
-// * http://docs.rackspace.com/files/api/v1/cf-devguide/content/Bulk_Delete-d1e2338.html
-func (c *Connection) BulkDelete(container string, objectNames []string) (result BulkDeleteResult, err error) {
-	if len(objectNames) == 0 {
-		result.Errors = make(map[string]error)
-		return
-	}
-	fullPaths := make([]string, len(objectNames))
-	for i, name := range objectNames {
-		fullPaths[i] = fmt.Sprintf("/%s/%s", container, name)
-	}
-	return c.doBulkDelete(fullPaths)
-}
-
-// BulkUploadResult stores results of BulkUpload().
-//
-// Individual errors may (or may not) be returned by Errors.
-// Errors is a map whose keys are a full path of where an object was
-// to be created, and whose values are Error objects.  A full path of
-// object looks like "/API_VERSION/USER_ACCOUNT/CONTAINER/OBJECT_PATH".
-type BulkUploadResult struct {
-	NumberCreated int64            // # of created objects.
-	Errors        map[string]error // Mapping between object name and an error.
-	Headers       Headers          // Response HTTP headers.
-}
-
-// BulkUpload uploads multiple files in one operation.
-//
-// uploadPath can be empty, a container name, or a pseudo-directory
-// within a container.  If uploadPath is empty, new containers may be
-// automatically created.
-//
-// Files are read from dataStream.  The format of the stream is specified
-// by the format parameter.  Available formats are:
-// * UploadTar       - Plain tar stream.
-// * UploadTarGzip   - Gzip compressed tar stream.
-// * UploadTarBzip2  - Bzip2 compressed tar stream.
-//
-// Some servers may not accept bulk-upload requests since bulk-upload is
-// an optional feature of swift - these will return the Forbidden error.
-//
-// See also:
-// * http://docs.openstack.org/trunk/openstack-object-storage/admin/content/object-storage-extract-archive.html
-// * http://docs.rackspace.com/files/api/v1/cf-devguide/content/Extract_Archive-d1e2338.html
-func (c *Connection) BulkUpload(uploadPath string, dataStream io.Reader, format string, h Headers) (result BulkUploadResult, err error) {
-	extraHeaders := Headers{"Accept": "application/json"}
-	for key, value := range h {
-		extraHeaders[key] = value
-	}
-	// The following code abuses Container parameter intentionally.
-	// The best fix might be to rename Container to UploadPath.
-	resp, headers, err := c.storage(RequestOpts{
-		Container:  uploadPath,
-		Operation:  "PUT",
-		Parameters: url.Values{"extract-archive": []string{format}},
-		Headers:    extraHeaders,
-		ErrorMap:   ContainerErrorMap,
-		Body:       dataStream,
-	})
-	if err != nil {
-		return
-	}
-	// Detect old servers which don't support this feature
-	if headers["Content-Type"] != "application/json" {
-		err = Forbidden
-		return
-	}
-	var jsonResult struct {
-		Created int64  `json:"Number Files Created"`
-		Status  string `json:"Response Status"`
-		Errors  [][]string
-	}
-	err = readJson(resp, &jsonResult)
-	if err != nil {
-		return
-	}
-
-	err = parseResponseStatus(jsonResult.Status, objectErrorMap)
-	result.NumberCreated = jsonResult.Created
-	result.Headers = headers
-	el := make(map[string]error, len(jsonResult.Errors))
-	for _, t := range jsonResult.Errors {
-		if len(t) != 2 {
-			continue
-		}
-		el[t[0]] = parseResponseStatus(t[1], objectErrorMap)
-	}
-	result.Errors = el
-	return
-}
-
-// Object returns info about a single object including any metadata in the header.
-//
-// May return ObjectNotFound.
-//
-// Use headers.ObjectMetadata() to read the metadata in the Headers.
-func (c *Connection) Object(container string, objectName string) (info Object, headers Headers, err error) {
-	err = withLORetry(0, func() (Headers, int64, error) {
-		info, headers, err = c.objectBase(container, objectName)
-		if err != nil {
-			return headers, 0, err
-		}
-		return headers, info.Bytes, nil
-	})
-	return
-}
-
-func (c *Connection) objectBase(container string, objectName string) (info Object, headers Headers, err error) {
-	var resp *http.Response
-	resp, headers, err = c.storage(RequestOpts{
-		Container:  container,
-		ObjectName: objectName,
-		Operation:  "HEAD",
-		ErrorMap:   objectErrorMap,
-		NoResponse: true,
-	})
-	if err != nil {
-		return
-	}
-	// Parse the headers into the struct
-	// HTTP/1.1 200 OK
-	// Date: Thu, 07 Jun 2010 20:59:39 GMT
-	// Server: Apache
-	// Last-Modified: Fri, 12 Jun 2010 13:40:18 GMT
-	// ETag: 8a964ee2a5e88be344f36c22562a6486
-	// Content-Length: 512000
-	// Content-Type: text/plain; charset=UTF-8
-	// X-Object-Meta-Meat: Bacon
-	// X-Object-Meta-Fruit: Bacon
-	// X-Object-Meta-Veggie: Bacon
-	// X-Object-Meta-Dairy: Bacon
-	info.Name = objectName
-	info.ContentType = resp.Header.Get("Content-Type")
-	if resp.Header.Get("Content-Length") != "" {
-		if info.Bytes, err = getInt64FromHeader(resp, "Content-Length"); err != nil {
-			return
-		}
-	}
-	// Currently ceph doesn't return a Last-Modified header for DLO manifests without any segments
-	// See ceph http://tracker.ceph.com/issues/15812
-	if resp.Header.Get("Last-Modified") != "" {
-		info.ServerLastModified = resp.Header.Get("Last-Modified")
-		if info.LastModified, err = time.Parse(http.TimeFormat, info.ServerLastModified); err != nil {
-			return
-		}
-	}
-
-	info.Hash = resp.Header.Get("Etag")
-	if resp.Header.Get("X-Object-Manifest") != "" {
-		info.ObjectType = DynamicLargeObjectType
-	} else if resp.Header.Get("X-Static-Large-Object") != "" {
-		info.ObjectType = StaticLargeObjectType
-	}
-
-	return
-}
-
-// ObjectUpdate adds, replaces or removes object metadata.
-//
-// Add or Update keys by mentioning them in the Metadata.  Use
-// Metadata.ObjectHeaders and Headers.ObjectMetadata to convert your
-// Metadata to and from normal HTTP headers.
-//
-// This removes all metadata previously added to the object and
-// replaces it with that passed in so to delete keys, just don't
-// mention them the headers you pass in.
-//
-// Object metadata can only be read with Object() not with Objects().
-//
-// This can also be used to set headers not already assigned such as
-// X-Delete-At or X-Delete-After for expiring objects.
-//
-// You cannot use this to change any of the object's other headers
-// such as Content-Type, ETag, etc.
-//
-// Refer to copying an object when you need to update metadata or
-// other headers such as Content-Type or CORS headers.
-//
-// May return ObjectNotFound.
-func (c *Connection) ObjectUpdate(container string, objectName string, h Headers) error {
-	_, _, err := c.storage(RequestOpts{
-		Container:  container,
-		ObjectName: objectName,
-		Operation:  "POST",
-		ErrorMap:   objectErrorMap,
-		NoResponse: true,
-		Headers:    h,
-	})
-	return err
-}
-
-// urlPathEscape escapes URL path the in string using URL escaping rules
-//
-// This mimics url.PathEscape which only available from go 1.8
-func urlPathEscape(in string) string {
-	var u url.URL
-	u.Path = in
-	return u.String()
-}
-
-// ObjectCopy does a server side copy of an object to a new position
-//
-// All metadata is preserved.  If metadata is set in the headers then
-// it overrides the old metadata on the copied object.
-//
-// The destination container must exist before the copy.
-//
-// You can use this to copy an object to itself - this is the only way
-// to update the content type of an object.
-func (c *Connection) ObjectCopy(srcContainer string, srcObjectName string, dstContainer string, dstObjectName string, h Headers) (headers Headers, err error) {
-	// Meta stuff
-	extraHeaders := map[string]string{
-		"Destination": urlPathEscape(dstContainer + "/" + dstObjectName),
-	}
-	for key, value := range h {
-		extraHeaders[key] = value
-	}
-	_, headers, err = c.storage(RequestOpts{
-		Container:  srcContainer,
-		ObjectName: srcObjectName,
-		Operation:  "COPY",
-		ErrorMap:   objectErrorMap,
-		NoResponse: true,
-		Headers:    extraHeaders,
-	})
-	return
-}
-
-// ObjectMove does a server side move of an object to a new position
-//
-// This is a convenience method which calls ObjectCopy then ObjectDelete
-//
-// All metadata is preserved.
-//
-// The destination container must exist before the copy.
-func (c *Connection) ObjectMove(srcContainer string, srcObjectName string, dstContainer string, dstObjectName string) (err error) {
-	_, err = c.ObjectCopy(srcContainer, srcObjectName, dstContainer, dstObjectName, nil)
-	if err != nil {
-		return
-	}
-	return c.ObjectDelete(srcContainer, srcObjectName)
-}
-
-// ObjectUpdateContentType updates the content type of an object
-//
-// This is a convenience method which calls ObjectCopy
-//
-// All other metadata is preserved.
-func (c *Connection) ObjectUpdateContentType(container string, objectName string, contentType string) (err error) {
-	h := Headers{"Content-Type": contentType}
-	_, err = c.ObjectCopy(container, objectName, container, objectName, h)
-	return
-}
-
-// ------------------------------------------------------------
-
-// VersionContainerCreate is a helper method for creating and enabling version controlled containers.
-//
-// It builds the current object container, the non-current object version container, and enables versioning.
-//
-// If the server doesn't support versioning then it will return
-// Forbidden however it will have created both the containers at that point.
-func (c *Connection) VersionContainerCreate(current, version string) error {
-	if err := c.ContainerCreate(version, nil); err != nil {
-		return err
-	}
-	if err := c.ContainerCreate(current, nil); err != nil {
-		return err
-	}
-	if err := c.VersionEnable(current, version); err != nil {
-		return err
-	}
-	return nil
-}
-
-// VersionEnable enables versioning on the current container with version as the tracking container.
-//
-// May return Forbidden if this isn't supported by the server
-func (c *Connection) VersionEnable(current, version string) error {
-	h := Headers{"X-Versions-Location": version}
-	if err := c.ContainerUpdate(current, h); err != nil {
-		return err
-	}
-	// Check to see if the header was set properly
-	_, headers, err := c.Container(current)
-	if err != nil {
-		return err
-	}
-	// If failed to set versions header, return Forbidden as the server doesn't support this
-	if headers["X-Versions-Location"] != version {
-		return Forbidden
-	}
-	return nil
-}
-
-// VersionDisable disables versioning on the current container.
-func (c *Connection) VersionDisable(current string) error {
-	h := Headers{"X-Versions-Location": ""}
-	if err := c.ContainerUpdate(current, h); err != nil {
-		return err
-	}
-	return nil
-}
-
-// VersionObjectList returns a list of older versions of the object.
-//
-// Objects are returned in the format <length><object_name>/<timestamp>
-func (c *Connection) VersionObjectList(version, object string) ([]string, error) {
-	opts := &ObjectsOpts{
-		// <3-character zero-padded hexadecimal character length><object name>/
-		Prefix: fmt.Sprintf("%03x", len(object)) + object + "/",
-	}
-	return c.ObjectNames(version, opts)
-}
diff --git a/vendor/github.com/ncw/swift/swifttest/server.go b/vendor/github.com/ncw/swift/swifttest/server.go
deleted file mode 100644
index 6ec50f609..000000000
--- a/vendor/github.com/ncw/swift/swifttest/server.go
+++ /dev/null
@@ -1,1107 +0,0 @@
-// This implements a very basic Swift server
-// Everything is stored in memory
-//
-// This comes from the https://github.com/mitchellh/goamz
-// and was adapted for Swift
-//
-package swifttest
-
-import (
-	"bytes"
-	"crypto/hmac"
-	"crypto/md5"
-	"crypto/rand"
-	"crypto/sha1"
-	"encoding/hex"
-	"encoding/json"
-	"fmt"
-	"io"
-	"io/ioutil"
-	"log"
-	"mime"
-	"net"
-	"net/http"
-	"net/http/httptest"
-	"net/url"
-	"path"
-	"regexp"
-	"sort"
-	"strconv"
-	"strings"
-	"sync"
-	"sync/atomic"
-	"testing"
-	"time"
-
-	"github.com/ncw/swift"
-)
-
-const (
-	DEBUG        = false
-	TEST_ACCOUNT = "swifttest"
-)
-
-type HandlerOverrideFunc func(w http.ResponseWriter, r *http.Request, recorder *httptest.ResponseRecorder)
-
-type SwiftServer struct {
-	// `sync/atomic` expects the first word in an allocated struct to be 64-bit
-	// aligned on both ARM and x86-32.
-	// See https://golang.org/pkg/sync/atomic/#pkg-note-BUG for more details.
-	reqId int64
-	sync.RWMutex
-	t        *testing.T
-	mu       sync.Mutex
-	Listener net.Listener
-	AuthURL  string
-	URL      string
-	Accounts map[string]*account
-	Sessions map[string]*session
-	override map[string]HandlerOverrideFunc
-}
-
-// The Folder type represents a container stored in an account
-type Folder struct {
-	Count int64  `json:"count"`
-	Bytes int64  `json:"bytes"`
-	Name  string `json:"name"`
-}
-
-// The Key type represents an item stored in an container.
-type Key struct {
-	Key          string `json:"name"`
-	LastModified string `json:"last_modified"`
-	Size         int64  `json:"bytes"`
-	// ETag gives the hex-encoded MD5 sum of the contents,
-	// surrounded with double-quotes.
-	ETag        string `json:"hash"`
-	ContentType string `json:"content_type"`
-	// Owner        Owner
-}
-
-type Subdir struct {
-	Subdir string `json:"subdir"`
-}
-
-type swiftError struct {
-	statusCode int
-	Code       string
-	Message    string
-}
-
-type action struct {
-	srv   *SwiftServer
-	w     http.ResponseWriter
-	req   *http.Request
-	reqId string
-	user  *account
-}
-
-type session struct {
-	username string
-}
-
-type metadata struct {
-	meta http.Header // metadata to return with requests.
-}
-
-type account struct {
-	sync.RWMutex
-	swift.Account
-	metadata
-	password       string
-	ContainersLock sync.RWMutex
-	Containers     map[string]*container
-}
-
-type object struct {
-	sync.RWMutex
-	metadata
-	name         string
-	mtime        time.Time
-	checksum     []byte // also held as ETag in meta.
-	data         []byte
-	content_type string
-}
-
-type container struct {
-	// `sync/atomic` expects the first word in an allocated struct to be 64-bit
-	// aligned on both ARM and x86-32.
-	// See https://golang.org/pkg/sync/atomic/#pkg-note-BUG for more details.
-	bytes int64
-	sync.RWMutex
-	metadata
-	name    string
-	ctime   time.Time
-	objects map[string]*object
-}
-
-type segment struct {
-	Path string `json:"path,omitempty"`
-	Hash string `json:"hash,omitempty"`
-	Size int64  `json:"size_bytes,omitempty"`
-	// When uploading a manifest, the attributes must be named `path`, `hash` and `size`
-	// but when querying the JSON content of a manifest with the `multipart-manifest=get`
-	// parameter, Swift names those attributes `name`, `etag` and `bytes`.
-	// We use all the different attributes names in this structure to be able to use
-	// the same structure for both uploading and retrieving.
-	Name         string `json:"name,omitempty"`
-	Etag         string `json:"etag,omitempty"`
-	Bytes        int64  `json:"bytes,omitempty"`
-	ContentType  string `json:"content_type,omitempty"`
-	LastModified string `json:"last_modified,omitempty"`
-}
-
-// A resource encapsulates the subject of an HTTP request.
-// The resource referred to may or may not exist
-// when the request is made.
-type resource interface {
-	put(a *action) interface{}
-	get(a *action) interface{}
-	post(a *action) interface{}
-	delete(a *action) interface{}
-	copy(a *action) interface{}
-}
-
-type objectResource struct {
-	name      string
-	version   string
-	container *container // always non-nil.
-	object    *object    // may be nil.
-}
-
-type containerResource struct {
-	name      string
-	container *container // non-nil if the container already exists.
-}
-
-var responseParams = map[string]bool{
-	"content-type":        true,
-	"content-language":    true,
-	"expires":             true,
-	"cache-control":       true,
-	"content-disposition": true,
-	"content-encoding":    true,
-}
-
-func fatalf(code int, codeStr string, errf string, a ...interface{}) {
-	panic(&swiftError{
-		statusCode: code,
-		Code:       codeStr,
-		Message:    fmt.Sprintf(errf, a...),
-	})
-}
-
-func (m metadata) setMetadata(a *action, resource string) {
-	for key, values := range a.req.Header {
-		key = http.CanonicalHeaderKey(key)
-		if metaHeaders[key] || strings.HasPrefix(key, "X-"+strings.Title(resource)+"-Meta-") {
-			if values[0] != "" || resource == "object" {
-				m.meta[key] = values
-			} else {
-				m.meta.Del(key)
-			}
-		}
-	}
-}
-
-func (m metadata) getMetadata(a *action) {
-	h := a.w.Header()
-	for name, d := range m.meta {
-		h[name] = d
-	}
-}
-
-func (c *container) list(delimiter string, marker string, prefix string, parent string) (resp []interface{}) {
-	var tmp orderedObjects
-
-	c.RLock()
-	defer c.RUnlock()
-
-	// first get all matching objects and arrange them in alphabetical order.
-	for _, obj := range c.objects {
-		if strings.HasPrefix(obj.name, prefix) {
-			tmp = append(tmp, obj)
-		}
-	}
-	sort.Sort(tmp)
-
-	var prefixes []string
-	for _, obj := range tmp {
-		if !strings.HasPrefix(obj.name, prefix) {
-			continue
-		}
-
-		isPrefix := false
-		name := obj.name
-		if parent != "" {
-			if path.Dir(obj.name) != path.Clean(parent) {
-				continue
-			}
-		} else if delimiter != "" {
-			if i := strings.Index(obj.name[len(prefix):], delimiter); i >= 0 {
-				name = obj.name[:len(prefix)+i+len(delimiter)]
-				if prefixes != nil && prefixes[len(prefixes)-1] == name {
-					continue
-				}
-				isPrefix = true
-			}
-		}
-
-		if name <= marker {
-			continue
-		}
-
-		if isPrefix {
-			prefixes = append(prefixes, name)
-
-			resp = append(resp, Subdir{
-				Subdir: name,
-			})
-		} else {
-			resp = append(resp, obj)
-		}
-	}
-
-	return
-}
-
-// GET on a container lists the objects in the container.
-func (r containerResource) get(a *action) interface{} {
-	if r.container == nil {
-		fatalf(404, "NoSuchContainer", "The specified container does not exist")
-	}
-
-	r.container.RLock()
-
-	delimiter := a.req.Form.Get("delimiter")
-	marker := a.req.Form.Get("marker")
-	prefix := a.req.Form.Get("prefix")
-	format := a.req.URL.Query().Get("format")
-	parent := a.req.Form.Get("path")
-
-	a.w.Header().Set("X-Container-Bytes-Used", strconv.Itoa(int(r.container.bytes)))
-	a.w.Header().Set("X-Container-Object-Count", strconv.Itoa(len(r.container.objects)))
-	r.container.getMetadata(a)
-
-	if a.req.Method == "HEAD" {
-		r.container.RUnlock()
-		return nil
-	}
-	r.container.RUnlock()
-
-	objects := r.container.list(delimiter, marker, prefix, parent)
-
-	if format == "json" {
-		a.w.Header().Set("Content-Type", "application/json")
-		var resp []interface{}
-		for _, item := range objects {
-			if obj, ok := item.(*object); ok {
-				resp = append(resp, obj.Key())
-			} else {
-				resp = append(resp, item)
-			}
-		}
-		return resp
-	} else {
-		for _, item := range objects {
-			if obj, ok := item.(*object); ok {
-				a.w.Write([]byte(obj.name + "\n"))
-			} else if subdir, ok := item.(Subdir); ok {
-				a.w.Write([]byte(subdir.Subdir + "\n"))
-			}
-		}
-		return nil
-	}
-}
-
-// orderedContainers holds a slice of containers that can be sorted
-// by name.
-type orderedContainers []*container
-
-func (s orderedContainers) Len() int {
-	return len(s)
-}
-func (s orderedContainers) Swap(i, j int) {
-	s[i], s[j] = s[j], s[i]
-}
-func (s orderedContainers) Less(i, j int) bool {
-	return s[i].name < s[j].name
-}
-
-func (r containerResource) delete(a *action) interface{} {
-	b := r.container
-	if b == nil {
-		fatalf(404, "NoSuchContainer", "The specified container does not exist")
-	}
-	if len(b.objects) > 0 {
-		fatalf(409, "Conflict", "The container you tried to delete is not empty")
-	}
-	a.user.Lock()
-	delete(a.user.Containers, b.name)
-	a.user.Account.Containers--
-	a.user.Unlock()
-	return nil
-}
-
-func (r containerResource) put(a *action) interface{} {
-	if a.req.URL.Query().Get("extract-archive") != "" {
-		fatalf(403, "Operation forbidden", "Bulk upload is not supported")
-	}
-
-	if r.container == nil {
-		if !validContainerName(r.name) {
-			fatalf(400, "InvalidContainerName", "The specified container is not valid")
-		}
-		r.container = &container{
-			name:    r.name,
-			objects: make(map[string]*object),
-			metadata: metadata{
-				meta: make(http.Header),
-			},
-		}
-		r.container.setMetadata(a, "container")
-
-		a.user.Lock()
-		a.user.Containers[r.name] = r.container
-		a.user.Account.Containers++
-		a.user.Unlock()
-	}
-
-	return nil
-}
-
-func (r containerResource) post(a *action) interface{} {
-	if r.container == nil {
-		fatalf(400, "Method", "The resource could not be found.")
-	} else {
-		r.container.RLock()
-		defer r.container.RUnlock()
-
-		r.container.setMetadata(a, "container")
-		a.w.WriteHeader(201)
-		jsonMarshal(a.w, Folder{
-			Count: int64(len(r.container.objects)),
-			Bytes: r.container.bytes,
-			Name:  r.container.name,
-		})
-	}
-	return nil
-}
-
-func (containerResource) copy(a *action) interface{} { return notAllowed() }
-
-// validContainerName returns whether name is a valid bucket name.
-// Here are the rules, from:
-// http://docs.openstack.org/api/openstack-object-storage/1.0/content/ch_object-storage-dev-api-storage.html
-//
-// Container names cannot exceed 256 bytes and cannot contain the / character.
-//
-func validContainerName(name string) bool {
-	if len(name) == 0 || len(name) > 256 {
-		return false
-	}
-	for _, r := range name {
-		switch {
-		case r == '/':
-			return false
-		default:
-		}
-	}
-	return true
-}
-
-// orderedObjects holds a slice of objects that can be sorted
-// by name.
-type orderedObjects []*object
-
-func (s orderedObjects) Len() int {
-	return len(s)
-}
-func (s orderedObjects) Swap(i, j int) {
-	s[i], s[j] = s[j], s[i]
-}
-func (s orderedObjects) Less(i, j int) bool {
-	return s[i].name < s[j].name
-}
-
-func (obj *object) Key() Key {
-	return Key{
-		Key:          obj.name,
-		LastModified: obj.mtime.Format("2006-01-02T15:04:05"),
-		Size:         int64(len(obj.data)),
-		ETag:         fmt.Sprintf("%x", obj.checksum),
-		ContentType:  obj.content_type,
-	}
-}
-
-var metaHeaders = map[string]bool{
-	"Content-Type":          true,
-	"Content-Encoding":      true,
-	"Content-Disposition":   true,
-	"X-Object-Manifest":     true,
-	"X-Static-Large-Object": true,
-}
-
-var rangeRegexp = regexp.MustCompile("(bytes=)?([0-9]*)-([0-9]*)")
-
-// GET on an object gets the contents of the object.
-func (objr objectResource) get(a *action) interface{} {
-	var (
-		etag   []byte
-		reader io.Reader
-		start  int
-		end    int = -1
-	)
-	obj := objr.object
-	if obj == nil {
-		fatalf(404, "Not Found", "The resource could not be found.")
-	}
-
-	obj.RLock()
-	defer obj.RUnlock()
-
-	h := a.w.Header()
-	// add metadata
-	obj.getMetadata(a)
-
-	if r := a.req.Header.Get("Range"); r != "" {
-		m := rangeRegexp.FindStringSubmatch(r)
-		if m[2] != "" {
-			start, _ = strconv.Atoi(m[2])
-		}
-		if m[3] != "" {
-			end, _ = strconv.Atoi(m[3])
-		}
-	}
-
-	max := func(a int, b int) int {
-		if a > b {
-			return a
-		}
-		return b
-	}
-
-	if manifest, ok := obj.meta["X-Object-Manifest"]; ok {
-		var segments []io.Reader
-		components := strings.SplitN(manifest[0], "/", 2)
-		a.user.RLock()
-		segContainer := a.user.Containers[components[0]]
-		a.user.RUnlock()
-		prefix := components[1]
-		resp := segContainer.list("", "", prefix, "")
-		sum := md5.New()
-		cursor := 0
-		size := 0
-		for _, item := range resp {
-			if obj, ok := item.(*object); ok {
-				length := len(obj.data)
-				size += length
-				sum.Write([]byte(hex.EncodeToString(obj.checksum)))
-				if start >= cursor+length {
-					continue
-				}
-				segments = append(segments, bytes.NewReader(obj.data[max(0, start-cursor):]))
-				cursor += length
-			}
-		}
-		etag = sum.Sum(nil)
-		if end == -1 {
-			end = size - 1
-		}
-		reader = io.LimitReader(io.MultiReader(segments...), int64(end-start+1))
-	} else if value, ok := obj.meta["X-Static-Large-Object"]; ok && value[0] == "True" && a.req.URL.Query().Get("multipart-manifest") != "get" {
-		var segments []io.Reader
-		var segmentList []segment
-		json.Unmarshal(obj.data, &segmentList)
-		cursor := 0
-		size := 0
-		sum := md5.New()
-		for _, segment := range segmentList {
-			components := strings.SplitN(segment.Name[1:], "/", 2)
-			a.user.RLock()
-			segContainer := a.user.Containers[components[0]]
-			a.user.RUnlock()
-			objectName := components[1]
-			segObject := segContainer.objects[objectName]
-			length := len(segObject.data)
-			size += length
-			sum.Write([]byte(hex.EncodeToString(segObject.checksum)))
-			if start >= cursor+length {
-				continue
-			}
-			segments = append(segments, bytes.NewReader(segObject.data[max(0, start-cursor):]))
-			cursor += length
-		}
-		etag = sum.Sum(nil)
-		if end == -1 {
-			end = size - 1
-		}
-		reader = io.LimitReader(io.MultiReader(segments...), int64(end-start+1))
-	} else {
-		if end == -1 {
-			end = len(obj.data) - 1
-		}
-		etag = obj.checksum
-		reader = bytes.NewReader(obj.data[start : end+1])
-	}
-
-	etagHex := hex.EncodeToString(etag)
-
-	if a.req.Header.Get("If-None-Match") == etagHex {
-		a.w.WriteHeader(http.StatusNotModified)
-		return nil
-	}
-
-	h.Set("Content-Length", fmt.Sprint(end-start+1))
-	h.Set("ETag", etagHex)
-	h.Set("Last-Modified", obj.mtime.Format(http.TimeFormat))
-
-	if a.req.Method == "HEAD" {
-		return nil
-	}
-
-	// TODO avoid holding the lock when writing data.
-	_, err := io.Copy(a.w, reader)
-	if err != nil {
-		// we can't do much except just log the fact.
-		log.Printf("error writing data: %v", err)
-	}
-	return nil
-}
-
-// PUT on an object creates the object.
-func (objr objectResource) put(a *action) interface{} {
-	var expectHash []byte
-	if c := a.req.Header.Get("ETag"); c != "" {
-		var err error
-		expectHash, err = hex.DecodeString(c)
-		if err != nil || len(expectHash) != md5.Size {
-			fatalf(400, "InvalidDigest", "The ETag you specified was invalid")
-		}
-	}
-	sum := md5.New()
-	// TODO avoid holding lock while reading data.
-	data, err := ioutil.ReadAll(io.TeeReader(a.req.Body, sum))
-	if err != nil {
-		fatalf(400, "TODO", "read error")
-	}
-	gotHash := sum.Sum(nil)
-	if expectHash != nil && bytes.Compare(gotHash, expectHash) != 0 {
-		fatalf(422, "Bad ETag", "The ETag you specified did not match what we received")
-	}
-	if a.req.ContentLength >= 0 && int64(len(data)) != a.req.ContentLength {
-		fatalf(400, "IncompleteBody", "You did not provide the number of bytes specified by the Content-Length HTTP header")
-	}
-
-	// TODO is this correct, or should we erase all previous metadata?
-	obj := objr.object
-	if obj == nil {
-		obj = &object{
-			name: objr.name,
-			metadata: metadata{
-				meta: make(http.Header),
-			},
-		}
-		atomic.AddInt64(&a.user.Objects, 1)
-	} else {
-		atomic.AddInt64(&objr.container.bytes, -int64(len(obj.data)))
-		atomic.AddInt64(&a.user.BytesUsed, -int64(len(obj.data)))
-	}
-
-	var content_type string
-	if content_type = a.req.Header.Get("Content-Type"); content_type == "" {
-		content_type = mime.TypeByExtension(obj.name)
-		if content_type == "" {
-			content_type = "application/octet-stream"
-		}
-	}
-
-	if a.req.URL.Query().Get("multipart-manifest") == "put" {
-		// TODO: check the content of the SLO
-		a.req.Header.Set("X-Static-Large-Object", "True")
-
-		var segments []segment
-		json.Unmarshal(data, &segments)
-		for i := range segments {
-			segments[i].Name = "/" + segments[i].Path
-			segments[i].Path = ""
-			segments[i].Hash = segments[i].Etag
-			segments[i].Etag = ""
-			segments[i].Bytes = segments[i].Size
-			segments[i].Size = 0
-		}
-
-		data, _ = json.Marshal(segments)
-		sum = md5.New()
-		sum.Write(data)
-		gotHash = sum.Sum(nil)
-	}
-
-	// PUT request has been successful - save data and metadata
-	obj.setMetadata(a, "object")
-	obj.content_type = content_type
-	obj.data = data
-	obj.checksum = gotHash
-	obj.mtime = time.Now().UTC()
-	objr.container.Lock()
-	objr.container.objects[objr.name] = obj
-	objr.container.bytes += int64(len(data))
-	objr.container.Unlock()
-
-	atomic.AddInt64(&a.user.BytesUsed, int64(len(data)))
-
-	h := a.w.Header()
-	h.Set("ETag", hex.EncodeToString(obj.checksum))
-
-	return nil
-}
-
-func (objr objectResource) delete(a *action) interface{} {
-	if objr.object == nil {
-		fatalf(404, "NoSuchKey", "The specified key does not exist.")
-	}
-
-	objr.container.Lock()
-	defer objr.container.Unlock()
-
-	objr.object.Lock()
-	defer objr.object.Unlock()
-
-	objr.container.bytes -= int64(len(objr.object.data))
-	delete(objr.container.objects, objr.name)
-
-	atomic.AddInt64(&a.user.BytesUsed, -int64(len(objr.object.data)))
-	atomic.AddInt64(&a.user.Objects, -1)
-
-	return nil
-}
-
-func (objr objectResource) post(a *action) interface{} {
-	objr.object.Lock()
-	defer objr.object.Unlock()
-
-	obj := objr.object
-	obj.setMetadata(a, "object")
-	return nil
-}
-
-func (objr objectResource) copy(a *action) interface{} {
-	if objr.object == nil {
-		fatalf(404, "NoSuchKey", "The specified key does not exist.")
-	}
-
-	obj := objr.object
-	obj.RLock()
-	defer obj.RUnlock()
-
-	destination := a.req.Header.Get("Destination")
-	if destination == "" {
-		fatalf(400, "Bad Request", "You must provide a Destination header")
-	}
-
-	var (
-		obj2  *object
-		objr2 objectResource
-	)
-
-	destURL, _ := url.Parse("/v1/AUTH_" + TEST_ACCOUNT + "/" + destination)
-	r := a.srv.resourceForURL(destURL)
-	switch t := r.(type) {
-	case objectResource:
-		objr2 = t
-		if objr2.object == nil {
-			obj2 = &object{
-				name: objr2.name,
-				metadata: metadata{
-					meta: make(http.Header),
-				},
-			}
-			atomic.AddInt64(&a.user.Objects, 1)
-		} else {
-			obj2 = objr2.object
-			atomic.AddInt64(&objr2.container.bytes, -int64(len(obj2.data)))
-			atomic.AddInt64(&a.user.BytesUsed, -int64(len(obj2.data)))
-		}
-	default:
-		fatalf(400, "Bad Request", "Destination must point to a valid object path")
-	}
-
-	if objr2.container.name != objr2.container.name && obj2.name != obj.name {
-		obj2.Lock()
-		defer obj2.Unlock()
-	}
-
-	obj2.content_type = obj.content_type
-	obj2.data = obj.data
-	obj2.checksum = obj.checksum
-	obj2.mtime = time.Now()
-
-	for key, values := range obj.metadata.meta {
-		obj2.metadata.meta[key] = values
-	}
-	obj2.setMetadata(a, "object")
-
-	objr2.container.Lock()
-	objr2.container.objects[objr2.name] = obj2
-	objr2.container.bytes += int64(len(obj.data))
-	objr2.container.Unlock()
-
-	atomic.AddInt64(&a.user.BytesUsed, int64(len(obj.data)))
-
-	return nil
-}
-
-func (s *SwiftServer) serveHTTP(w http.ResponseWriter, req *http.Request) {
-	// ignore error from ParseForm as it's usually spurious.
-	req.ParseForm()
-
-	if fn := s.override[req.URL.Path]; fn != nil {
-		originalRW := w
-		recorder := httptest.NewRecorder()
-		w = recorder
-		defer func() {
-			fn(originalRW, req, recorder)
-		}()
-	}
-
-	if DEBUG {
-		log.Printf("swifttest %q %q", req.Method, req.URL)
-	}
-	a := &action{
-		srv:   s,
-		w:     w,
-		req:   req,
-		reqId: fmt.Sprintf("%09X", atomic.LoadInt64(&s.reqId)),
-	}
-	atomic.AddInt64(&s.reqId, 1)
-
-	var r resource
-	defer func() {
-		switch err := recover().(type) {
-		case *swiftError:
-			w.Header().Set("Content-Type", `text/plain; charset=utf-8`)
-			http.Error(w, err.Message, err.statusCode)
-		case nil:
-		default:
-			panic(err)
-		}
-	}()
-
-	var resp interface{}
-
-	if req.URL.String() == "/v1.0" {
-		username := req.Header.Get("x-auth-user")
-		key := req.Header.Get("x-auth-key")
-		s.Lock()
-		defer s.Unlock()
-		if acct, ok := s.Accounts[username]; ok {
-			if acct.password == key {
-				r := make([]byte, 16)
-				_, _ = rand.Read(r)
-				id := fmt.Sprintf("%X", r)
-				w.Header().Set("X-Storage-Url", s.URL+"/AUTH_"+username)
-				w.Header().Set("X-Auth-Token", "AUTH_tk"+string(id))
-				w.Header().Set("X-Storage-Token", "AUTH_tk"+string(id))
-				s.Sessions[id] = &session{
-					username: username,
-				}
-				return
-			}
-		}
-		panic(notAuthorized())
-	}
-
-	if req.URL.String() == "/info" {
-		jsonMarshal(w, &swift.SwiftInfo{
-			"swift": map[string]interface{}{
-				"version": "1.2",
-			},
-			"tempurl": map[string]interface{}{
-				"methods": []string{"GET", "HEAD", "PUT"},
-			},
-			"slo": map[string]interface{}{
-				"max_manifest_segments": 1000,
-				"max_manifest_size":     2097152,
-				"min_segment_size":      1,
-			},
-		})
-		return
-	}
-
-	r = s.resourceForURL(req.URL)
-
-	key := req.Header.Get("x-auth-token")
-	signature := req.URL.Query().Get("temp_url_sig")
-	expires := req.URL.Query().Get("temp_url_expires")
-	if key == "" && signature != "" && expires != "" {
-		accountName, _, _, _ := s.parseURL(req.URL)
-		secretKey := ""
-		s.RLock()
-		if account, ok := s.Accounts[accountName]; ok {
-			secretKey = account.meta.Get("X-Account-Meta-Temp-Url-Key")
-		}
-		s.RUnlock()
-
-		get_hmac := func(method string) string {
-			mac := hmac.New(sha1.New, []byte(secretKey))
-			body := fmt.Sprintf("%s\n%s\n%s", method, expires, req.URL.Path)
-			mac.Write([]byte(body))
-			return hex.EncodeToString(mac.Sum(nil))
-		}
-
-		if req.Method == "HEAD" {
-			if signature != get_hmac("GET") && signature != get_hmac("POST") && signature != get_hmac("PUT") {
-				panic(notAuthorized())
-			}
-		} else if signature != get_hmac(req.Method) {
-			panic(notAuthorized())
-		}
-	} else {
-		s.RLock()
-		session, ok := s.Sessions[key[7:]]
-		if !ok {
-			s.RUnlock()
-			panic(notAuthorized())
-			return
-		}
-
-		a.user = s.Accounts[session.username]
-		s.RUnlock()
-	}
-
-	switch req.Method {
-	case "PUT":
-		resp = r.put(a)
-	case "GET", "HEAD":
-		resp = r.get(a)
-	case "DELETE":
-		resp = r.delete(a)
-	case "POST":
-		resp = r.post(a)
-	case "COPY":
-		resp = r.copy(a)
-	default:
-		fatalf(400, "MethodNotAllowed", "unknown http request method %q", req.Method)
-	}
-
-	content_type := req.Header.Get("Content-Type")
-	if resp != nil && req.Method != "HEAD" {
-		if strings.HasPrefix(content_type, "application/json") ||
-			req.URL.Query().Get("format") == "json" {
-			jsonMarshal(w, resp)
-		} else {
-			switch r := resp.(type) {
-			case string:
-				w.Write([]byte(r))
-			default:
-				w.Write(resp.([]byte))
-			}
-		}
-	}
-}
-
-func (s *SwiftServer) SetOverride(path string, fn HandlerOverrideFunc) {
-	s.override[path] = fn
-}
-
-func (s *SwiftServer) UnsetOverride(path string) {
-	delete(s.override, path)
-}
-
-func jsonMarshal(w io.Writer, x interface{}) {
-	if err := json.NewEncoder(w).Encode(x); err != nil {
-		panic(fmt.Errorf("error marshalling %#v: %v", x, err))
-	}
-}
-
-var pathRegexp = regexp.MustCompile("/v1/AUTH_([a-zA-Z0-9]+)(/([^/]+)(/(.*))?)?")
-
-func (srv *SwiftServer) parseURL(u *url.URL) (account string, container string, object string, err error) {
-	m := pathRegexp.FindStringSubmatch(u.Path)
-	if m == nil {
-		return "", "", "", fmt.Errorf("Couldn't parse the specified URI")
-	}
-	account = m[1]
-	container = m[3]
-	object = m[5]
-	return
-}
-
-// resourceForURL returns a resource object for the given URL.
-func (srv *SwiftServer) resourceForURL(u *url.URL) (r resource) {
-	accountName, containerName, objectName, err := srv.parseURL(u)
-
-	if err != nil {
-		fatalf(404, "InvalidURI", err.Error())
-	}
-
-	srv.RLock()
-	account, ok := srv.Accounts[accountName]
-	if !ok {
-		//srv.RUnlock()
-		fatalf(404, "NoSuchAccount", "The specified account does not exist")
-	}
-	srv.RUnlock()
-
-	account.RLock()
-	if containerName == "" {
-		account.RUnlock()
-		return rootResource{}
-	}
-	account.RUnlock()
-
-	b := containerResource{
-		name:      containerName,
-		container: account.Containers[containerName],
-	}
-
-	if objectName == "" {
-		return b
-	}
-
-	if b.container == nil {
-		fatalf(404, "NoSuchContainer", "The specified container does not exist")
-	}
-
-	objr := objectResource{
-		name:      objectName,
-		version:   u.Query().Get("versionId"),
-		container: b.container,
-	}
-
-	objr.container.RLock()
-	defer objr.container.RUnlock()
-	if obj := objr.container.objects[objr.name]; obj != nil {
-		objr.object = obj
-	}
-	return objr
-}
-
-// nullResource has error stubs for all resource methods.
-type nullResource struct{}
-
-func notAllowed() interface{} {
-	fatalf(400, "MethodNotAllowed", "The specified method is not allowed against this resource")
-	return nil
-}
-
-func notAuthorized() interface{} {
-	fatalf(401, "Unauthorized", "This server could not verify that you are authorized to access the document you requested.")
-	return nil
-}
-
-func (nullResource) put(a *action) interface{}    { return notAllowed() }
-func (nullResource) get(a *action) interface{}    { return notAllowed() }
-func (nullResource) post(a *action) interface{}   { return notAllowed() }
-func (nullResource) delete(a *action) interface{} { return notAllowed() }
-func (nullResource) copy(a *action) interface{}   { return notAllowed() }
-
-type rootResource struct{}
-
-func (rootResource) put(a *action) interface{} { return notAllowed() }
-func (rootResource) get(a *action) interface{} {
-	marker := a.req.Form.Get("marker")
-	prefix := a.req.Form.Get("prefix")
-	format := a.req.URL.Query().Get("format")
-
-	h := a.w.Header()
-
-	h.Set("X-Account-Bytes-Used", strconv.Itoa(int(atomic.LoadInt64(&a.user.BytesUsed))))
-	h.Set("X-Account-Container-Count", strconv.Itoa(int(atomic.LoadInt64(&a.user.Account.Containers))))
-	h.Set("X-Account-Object-Count", strconv.Itoa(int(atomic.LoadInt64(&a.user.Objects))))
-
-	a.user.RLock()
-	defer a.user.RUnlock()
-
-	// add metadata
-	a.user.metadata.getMetadata(a)
-
-	if a.req.Method == "HEAD" {
-		return nil
-	}
-
-	var tmp orderedContainers
-	// first get all matching objects and arrange them in alphabetical order.
-	for _, container := range a.user.Containers {
-		if strings.HasPrefix(container.name, prefix) {
-			tmp = append(tmp, container)
-		}
-	}
-	sort.Sort(tmp)
-
-	resp := make([]Folder, 0)
-	for _, container := range tmp {
-		if container.name <= marker {
-			continue
-		}
-		if format == "json" {
-			resp = append(resp, Folder{
-				Count: int64(len(container.objects)),
-				Bytes: container.bytes,
-				Name:  container.name,
-			})
-		} else {
-			a.w.Write([]byte(container.name + "\n"))
-		}
-	}
-
-	if format == "json" {
-		return resp
-	} else {
-		return nil
-	}
-}
-
-func (r rootResource) post(a *action) interface{} {
-	a.user.Lock()
-	a.user.metadata.setMetadata(a, "account")
-	a.user.Unlock()
-	return nil
-}
-
-func (rootResource) delete(a *action) interface{} {
-	if a.req.URL.Query().Get("bulk-delete") == "1" {
-		fatalf(403, "Operation forbidden", "Bulk delete is not supported")
-	}
-
-	return notAllowed()
-}
-
-func (rootResource) copy(a *action) interface{} { return notAllowed() }
-
-func NewSwiftServer(address string) (*SwiftServer, error) {
-	if strings.Index(address, ":") == -1 {
-		address += ":0"
-	}
-	l, err := net.Listen("tcp", address)
-	if err != nil {
-		return nil, fmt.Errorf("cannot listen on %s: %v", address, err)
-	}
-
-	server := &SwiftServer{
-		Listener: l,
-		AuthURL:  "http://" + l.Addr().String() + "/v1.0",
-		URL:      "http://" + l.Addr().String() + "/v1",
-		Accounts: make(map[string]*account),
-		Sessions: make(map[string]*session),
-		override: make(map[string]HandlerOverrideFunc),
-	}
-
-	server.Accounts[TEST_ACCOUNT] = &account{
-		password: TEST_ACCOUNT,
-		metadata: metadata{
-			meta: make(http.Header),
-		},
-		Containers: make(map[string]*container),
-	}
-
-	go http.Serve(l, http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
-		server.serveHTTP(w, req)
-	}))
-
-	return server, nil
-}
-
-func (srv *SwiftServer) Close() {
-	srv.Listener.Close()
-}
diff --git a/vendor/github.com/ncw/swift/timeout_reader.go b/vendor/github.com/ncw/swift/timeout_reader.go
deleted file mode 100644
index 88ae73328..000000000
--- a/vendor/github.com/ncw/swift/timeout_reader.go
+++ /dev/null
@@ -1,59 +0,0 @@
-package swift
-
-import (
-	"io"
-	"time"
-)
-
-// An io.ReadCloser which obeys an idle timeout
-type timeoutReader struct {
-	reader  io.ReadCloser
-	timeout time.Duration
-	cancel  func()
-}
-
-// Returns a wrapper around the reader which obeys an idle
-// timeout. The cancel function is called if the timeout happens
-func newTimeoutReader(reader io.ReadCloser, timeout time.Duration, cancel func()) *timeoutReader {
-	return &timeoutReader{
-		reader:  reader,
-		timeout: timeout,
-		cancel:  cancel,
-	}
-}
-
-// Read reads up to len(p) bytes into p
-//
-// Waits at most for timeout for the read to complete otherwise returns a timeout
-func (t *timeoutReader) Read(p []byte) (int, error) {
-	// FIXME limit the amount of data read in one chunk so as to not exceed the timeout?
-	// Do the read in the background
-	type result struct {
-		n   int
-		err error
-	}
-	done := make(chan result, 1)
-	go func() {
-		n, err := t.reader.Read(p)
-		done <- result{n, err}
-	}()
-	// Wait for the read or the timeout
-	timer := time.NewTimer(t.timeout)
-	defer timer.Stop()
-	select {
-	case r := <-done:
-		return r.n, r.err
-	case <-timer.C:
-		t.cancel()
-		return 0, TimeoutError
-	}
-	panic("unreachable") // for Go 1.0
-}
-
-// Close the channel
-func (t *timeoutReader) Close() error {
-	return t.reader.Close()
-}
-
-// Check it satisfies the interface
-var _ io.ReadCloser = &timeoutReader{}
diff --git a/vendor/github.com/ncw/swift/travis_realserver.sh b/vendor/github.com/ncw/swift/travis_realserver.sh
deleted file mode 100644
index 970e94c0d..000000000
--- a/vendor/github.com/ncw/swift/travis_realserver.sh
+++ /dev/null
@@ -1,22 +0,0 @@
-#!/bin/bash
-set -e
-
-if [ "${TRAVIS_PULL_REQUEST}" = "true" ]; then
-    exit 0
-fi
-
-if [ "${TEST_REAL_SERVER}" = "rackspace" ] && [ ! -z "${RACKSPACE_APIKEY}" ]; then
-    echo "Running tests pointing to Rackspace"
-    export SWIFT_API_KEY=$RACKSPACE_APIKEY
-    export SWIFT_API_USER=$RACKSPACE_USER
-    export SWIFT_AUTH_URL=$RACKSPACE_AUTH
-    go test ./...
-fi
-
-if [ "${TEST_REAL_SERVER}" = "memset" ] && [ ! -z "${MEMSET_APIKEY}" ]; then
-    echo "Running tests pointing to Memset"
-    export SWIFT_API_KEY=$MEMSET_APIKEY
-    export SWIFT_API_USER=$MEMSET_USER
-    export SWIFT_AUTH_URL=$MEMSET_AUTH
-    go test
-fi
diff --git a/vendor/github.com/ncw/swift/watchdog_reader.go b/vendor/github.com/ncw/swift/watchdog_reader.go
deleted file mode 100644
index 2714c9e1a..000000000
--- a/vendor/github.com/ncw/swift/watchdog_reader.go
+++ /dev/null
@@ -1,55 +0,0 @@
-package swift
-
-import (
-	"io"
-	"time"
-)
-
-var watchdogChunkSize = 1 << 20 // 1 MiB
-
-// An io.Reader which resets a watchdog timer whenever data is read
-type watchdogReader struct {
-	timeout   time.Duration
-	reader    io.Reader
-	timer     *time.Timer
-	chunkSize int
-}
-
-// Returns a new reader which will kick the watchdog timer whenever data is read
-func newWatchdogReader(reader io.Reader, timeout time.Duration, timer *time.Timer) *watchdogReader {
-	return &watchdogReader{
-		timeout:   timeout,
-		reader:    reader,
-		timer:     timer,
-		chunkSize: watchdogChunkSize,
-	}
-}
-
-// Read reads up to len(p) bytes into p
-func (t *watchdogReader) Read(p []byte) (int, error) {
-	//read from underlying reader in chunks not larger than t.chunkSize
-	//while resetting the watchdog timer before every read; the small chunk
-	//size ensures that the timer does not fire when reading a large amount of
-	//data from a slow connection
-	start := 0
-	end := len(p)
-	for start < end {
-		length := end - start
-		if length > t.chunkSize {
-			length = t.chunkSize
-		}
-
-		resetTimer(t.timer, t.timeout)
-		n, err := t.reader.Read(p[start : start+length])
-		start += n
-		if n == 0 || err != nil {
-			return start, err
-		}
-	}
-
-	resetTimer(t.timer, t.timeout)
-	return start, nil
-}
-
-// Check it satisfies the interface
-var _ io.Reader = &watchdogReader{}
diff --git a/vendor/github.com/opencontainers/go-digest/digestset/set.go b/vendor/github.com/opencontainers/go-digest/digestset/set.go
deleted file mode 100644
index 71f24184c..000000000
--- a/vendor/github.com/opencontainers/go-digest/digestset/set.go
+++ /dev/null
@@ -1,262 +0,0 @@
-// Copyright 2020, 2020 OCI Contributors
-// Copyright 2017 Docker, Inc.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     https://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package digestset
-
-import (
-	"errors"
-	"sort"
-	"strings"
-	"sync"
-
-	digest "github.com/opencontainers/go-digest"
-)
-
-var (
-	// ErrDigestNotFound is used when a matching digest
-	// could not be found in a set.
-	ErrDigestNotFound = errors.New("digest not found")
-
-	// ErrDigestAmbiguous is used when multiple digests
-	// are found in a set. None of the matching digests
-	// should be considered valid matches.
-	ErrDigestAmbiguous = errors.New("ambiguous digest string")
-)
-
-// Set is used to hold a unique set of digests which
-// may be easily referenced by easily  referenced by a string
-// representation of the digest as well as short representation.
-// The uniqueness of the short representation is based on other
-// digests in the set. If digests are omitted from this set,
-// collisions in a larger set may not be detected, therefore it
-// is important to always do short representation lookups on
-// the complete set of digests. To mitigate collisions, an
-// appropriately long short code should be used.
-type Set struct {
-	mutex   sync.RWMutex
-	entries digestEntries
-}
-
-// NewSet creates an empty set of digests
-// which may have digests added.
-func NewSet() *Set {
-	return &Set{
-		entries: digestEntries{},
-	}
-}
-
-// checkShortMatch checks whether two digests match as either whole
-// values or short values. This function does not test equality,
-// rather whether the second value could match against the first
-// value.
-func checkShortMatch(alg digest.Algorithm, hex, shortAlg, shortHex string) bool {
-	if len(hex) == len(shortHex) {
-		if hex != shortHex {
-			return false
-		}
-		if len(shortAlg) > 0 && string(alg) != shortAlg {
-			return false
-		}
-	} else if !strings.HasPrefix(hex, shortHex) {
-		return false
-	} else if len(shortAlg) > 0 && string(alg) != shortAlg {
-		return false
-	}
-	return true
-}
-
-// Lookup looks for a digest matching the given string representation.
-// If no digests could be found ErrDigestNotFound will be returned
-// with an empty digest value. If multiple matches are found
-// ErrDigestAmbiguous will be returned with an empty digest value.
-func (dst *Set) Lookup(d string) (digest.Digest, error) {
-	dst.mutex.RLock()
-	defer dst.mutex.RUnlock()
-	if len(dst.entries) == 0 {
-		return "", ErrDigestNotFound
-	}
-	var (
-		searchFunc func(int) bool
-		alg        digest.Algorithm
-		hex        string
-	)
-	dgst, err := digest.Parse(d)
-	if err == digest.ErrDigestInvalidFormat {
-		hex = d
-		searchFunc = func(i int) bool {
-			return dst.entries[i].val >= d
-		}
-	} else {
-		hex = dgst.Hex()
-		alg = dgst.Algorithm()
-		searchFunc = func(i int) bool {
-			if dst.entries[i].val == hex {
-				return dst.entries[i].alg >= alg
-			}
-			return dst.entries[i].val >= hex
-		}
-	}
-	idx := sort.Search(len(dst.entries), searchFunc)
-	if idx == len(dst.entries) || !checkShortMatch(dst.entries[idx].alg, dst.entries[idx].val, string(alg), hex) {
-		return "", ErrDigestNotFound
-	}
-	if dst.entries[idx].alg == alg && dst.entries[idx].val == hex {
-		return dst.entries[idx].digest, nil
-	}
-	if idx+1 < len(dst.entries) && checkShortMatch(dst.entries[idx+1].alg, dst.entries[idx+1].val, string(alg), hex) {
-		return "", ErrDigestAmbiguous
-	}
-
-	return dst.entries[idx].digest, nil
-}
-
-// Add adds the given digest to the set. An error will be returned
-// if the given digest is invalid. If the digest already exists in the
-// set, this operation will be a no-op.
-func (dst *Set) Add(d digest.Digest) error {
-	if err := d.Validate(); err != nil {
-		return err
-	}
-	dst.mutex.Lock()
-	defer dst.mutex.Unlock()
-	entry := &digestEntry{alg: d.Algorithm(), val: d.Hex(), digest: d}
-	searchFunc := func(i int) bool {
-		if dst.entries[i].val == entry.val {
-			return dst.entries[i].alg >= entry.alg
-		}
-		return dst.entries[i].val >= entry.val
-	}
-	idx := sort.Search(len(dst.entries), searchFunc)
-	if idx == len(dst.entries) {
-		dst.entries = append(dst.entries, entry)
-		return nil
-	} else if dst.entries[idx].digest == d {
-		return nil
-	}
-
-	entries := append(dst.entries, nil)
-	copy(entries[idx+1:], entries[idx:len(entries)-1])
-	entries[idx] = entry
-	dst.entries = entries
-	return nil
-}
-
-// Remove removes the given digest from the set. An err will be
-// returned if the given digest is invalid. If the digest does
-// not exist in the set, this operation will be a no-op.
-func (dst *Set) Remove(d digest.Digest) error {
-	if err := d.Validate(); err != nil {
-		return err
-	}
-	dst.mutex.Lock()
-	defer dst.mutex.Unlock()
-	entry := &digestEntry{alg: d.Algorithm(), val: d.Hex(), digest: d}
-	searchFunc := func(i int) bool {
-		if dst.entries[i].val == entry.val {
-			return dst.entries[i].alg >= entry.alg
-		}
-		return dst.entries[i].val >= entry.val
-	}
-	idx := sort.Search(len(dst.entries), searchFunc)
-	// Not found if idx is after or value at idx is not digest
-	if idx == len(dst.entries) || dst.entries[idx].digest != d {
-		return nil
-	}
-
-	entries := dst.entries
-	copy(entries[idx:], entries[idx+1:])
-	entries = entries[:len(entries)-1]
-	dst.entries = entries
-
-	return nil
-}
-
-// All returns all the digests in the set
-func (dst *Set) All() []digest.Digest {
-	dst.mutex.RLock()
-	defer dst.mutex.RUnlock()
-	retValues := make([]digest.Digest, len(dst.entries))
-	for i := range dst.entries {
-		retValues[i] = dst.entries[i].digest
-	}
-
-	return retValues
-}
-
-// ShortCodeTable returns a map of Digest to unique short codes. The
-// length represents the minimum value, the maximum length may be the
-// entire value of digest if uniqueness cannot be achieved without the
-// full value. This function will attempt to make short codes as short
-// as possible to be unique.
-func ShortCodeTable(dst *Set, length int) map[digest.Digest]string {
-	dst.mutex.RLock()
-	defer dst.mutex.RUnlock()
-	m := make(map[digest.Digest]string, len(dst.entries))
-	l := length
-	resetIdx := 0
-	for i := 0; i < len(dst.entries); i++ {
-		var short string
-		extended := true
-		for extended {
-			extended = false
-			if len(dst.entries[i].val) <= l {
-				short = dst.entries[i].digest.String()
-			} else {
-				short = dst.entries[i].val[:l]
-				for j := i + 1; j < len(dst.entries); j++ {
-					if checkShortMatch(dst.entries[j].alg, dst.entries[j].val, "", short) {
-						if j > resetIdx {
-							resetIdx = j
-						}
-						extended = true
-					} else {
-						break
-					}
-				}
-				if extended {
-					l++
-				}
-			}
-		}
-		m[dst.entries[i].digest] = short
-		if i >= resetIdx {
-			l = length
-		}
-	}
-	return m
-}
-
-type digestEntry struct {
-	alg    digest.Algorithm
-	val    string
-	digest digest.Digest
-}
-
-type digestEntries []*digestEntry
-
-func (d digestEntries) Len() int {
-	return len(d)
-}
-
-func (d digestEntries) Less(i, j int) bool {
-	if d[i].val != d[j].val {
-		return d[i].val < d[j].val
-	}
-	return d[i].alg < d[j].alg
-}
-
-func (d digestEntries) Swap(i, j int) {
-	d[i], d[j] = d[j], d[i]
-}
diff --git a/vendor/github.com/rogpeppe/go-internal/LICENSE b/vendor/github.com/rogpeppe/go-internal/LICENSE
deleted file mode 100644
index 49ea0f928..000000000
--- a/vendor/github.com/rogpeppe/go-internal/LICENSE
+++ /dev/null
@@ -1,27 +0,0 @@
-Copyright (c) 2018 The Go Authors. All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions are
-met:
-
-   * Redistributions of source code must retain the above copyright
-notice, this list of conditions and the following disclaimer.
-   * Redistributions in binary form must reproduce the above
-copyright notice, this list of conditions and the following disclaimer
-in the documentation and/or other materials provided with the
-distribution.
-   * Neither the name of Google Inc. nor the names of its
-contributors may be used to endorse or promote products derived from
-this software without specific prior written permission.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/vendor/github.com/rogpeppe/go-internal/fmtsort/mapelem.go b/vendor/github.com/rogpeppe/go-internal/fmtsort/mapelem.go
deleted file mode 100644
index 98e4e38f4..000000000
--- a/vendor/github.com/rogpeppe/go-internal/fmtsort/mapelem.go
+++ /dev/null
@@ -1,20 +0,0 @@
-package fmtsort
-
-import "reflect"
-
-const brokenNaNs = false
-
-func mapElems(mapValue reflect.Value) ([]reflect.Value, []reflect.Value) {
-	// Note: this code is arranged to not panic even in the presence
-	// of a concurrent map update. The runtime is responsible for
-	// yelling loudly if that happens. See issue 33275.
-	n := mapValue.Len()
-	key := make([]reflect.Value, 0, n)
-	value := make([]reflect.Value, 0, n)
-	iter := mapValue.MapRange()
-	for iter.Next() {
-		key = append(key, iter.Key())
-		value = append(value, iter.Value())
-	}
-	return key, value
-}
diff --git a/vendor/github.com/rogpeppe/go-internal/fmtsort/sort.go b/vendor/github.com/rogpeppe/go-internal/fmtsort/sort.go
deleted file mode 100644
index 7f5185417..000000000
--- a/vendor/github.com/rogpeppe/go-internal/fmtsort/sort.go
+++ /dev/null
@@ -1,209 +0,0 @@
-// Copyright 2018 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// Package fmtsort provides a general stable ordering mechanism
-// for maps, on behalf of the fmt and text/template packages.
-// It is not guaranteed to be efficient and works only for types
-// that are valid map keys.
-package fmtsort
-
-import (
-	"reflect"
-	"sort"
-)
-
-// Note: Throughout this package we avoid calling reflect.Value.Interface as
-// it is not always legal to do so and it's easier to avoid the issue than to face it.
-
-// SortedMap represents a map's keys and values. The keys and values are
-// aligned in index order: Value[i] is the value in the map corresponding to Key[i].
-type SortedMap struct {
-	Key   []reflect.Value
-	Value []reflect.Value
-}
-
-func (o *SortedMap) Len() int           { return len(o.Key) }
-func (o *SortedMap) Less(i, j int) bool { return compare(o.Key[i], o.Key[j]) < 0 }
-func (o *SortedMap) Swap(i, j int) {
-	o.Key[i], o.Key[j] = o.Key[j], o.Key[i]
-	o.Value[i], o.Value[j] = o.Value[j], o.Value[i]
-}
-
-// Sort accepts a map and returns a SortedMap that has the same keys and
-// values but in a stable sorted order according to the keys, modulo issues
-// raised by unorderable key values such as NaNs.
-//
-// The ordering rules are more general than with Go's < operator:
-//
-//   - when applicable, nil compares low
-//   - ints, floats, and strings order by <
-//   - NaN compares less than non-NaN floats
-//   - bool compares false before true
-//   - complex compares real, then imag
-//   - pointers compare by machine address
-//   - channel values compare by machine address
-//   - structs compare each field in turn
-//   - arrays compare each element in turn.
-//     Otherwise identical arrays compare by length.
-//   - interface values compare first by reflect.Type describing the concrete type
-//     and then by concrete value as described in the previous rules.
-func Sort(mapValue reflect.Value) *SortedMap {
-	if mapValue.Type().Kind() != reflect.Map {
-		return nil
-	}
-	key, value := mapElems(mapValue)
-	sorted := &SortedMap{
-		Key:   key,
-		Value: value,
-	}
-	sort.Stable(sorted)
-	return sorted
-}
-
-// compare compares two values of the same type. It returns -1, 0, 1
-// according to whether a > b (1), a == b (0), or a < b (-1).
-// If the types differ, it returns -1.
-// See the comment on Sort for the comparison rules.
-func compare(aVal, bVal reflect.Value) int {
-	aType, bType := aVal.Type(), bVal.Type()
-	if aType != bType {
-		return -1 // No good answer possible, but don't return 0: they're not equal.
-	}
-	switch aVal.Kind() {
-	case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64:
-		a, b := aVal.Int(), bVal.Int()
-		switch {
-		case a < b:
-			return -1
-		case a > b:
-			return 1
-		default:
-			return 0
-		}
-	case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr:
-		a, b := aVal.Uint(), bVal.Uint()
-		switch {
-		case a < b:
-			return -1
-		case a > b:
-			return 1
-		default:
-			return 0
-		}
-	case reflect.String:
-		a, b := aVal.String(), bVal.String()
-		switch {
-		case a < b:
-			return -1
-		case a > b:
-			return 1
-		default:
-			return 0
-		}
-	case reflect.Float32, reflect.Float64:
-		return floatCompare(aVal.Float(), bVal.Float())
-	case reflect.Complex64, reflect.Complex128:
-		a, b := aVal.Complex(), bVal.Complex()
-		if c := floatCompare(real(a), real(b)); c != 0 {
-			return c
-		}
-		return floatCompare(imag(a), imag(b))
-	case reflect.Bool:
-		a, b := aVal.Bool(), bVal.Bool()
-		switch {
-		case a == b:
-			return 0
-		case a:
-			return 1
-		default:
-			return -1
-		}
-	case reflect.Ptr:
-		a, b := aVal.Pointer(), bVal.Pointer()
-		switch {
-		case a < b:
-			return -1
-		case a > b:
-			return 1
-		default:
-			return 0
-		}
-	case reflect.Chan:
-		if c, ok := nilCompare(aVal, bVal); ok {
-			return c
-		}
-		ap, bp := aVal.Pointer(), bVal.Pointer()
-		switch {
-		case ap < bp:
-			return -1
-		case ap > bp:
-			return 1
-		default:
-			return 0
-		}
-	case reflect.Struct:
-		for i := 0; i < aVal.NumField(); i++ {
-			if c := compare(aVal.Field(i), bVal.Field(i)); c != 0 {
-				return c
-			}
-		}
-		return 0
-	case reflect.Array:
-		for i := 0; i < aVal.Len(); i++ {
-			if c := compare(aVal.Index(i), bVal.Index(i)); c != 0 {
-				return c
-			}
-		}
-		return 0
-	case reflect.Interface:
-		if c, ok := nilCompare(aVal, bVal); ok {
-			return c
-		}
-		c := compare(reflect.ValueOf(aVal.Elem().Type()), reflect.ValueOf(bVal.Elem().Type()))
-		if c != 0 {
-			return c
-		}
-		return compare(aVal.Elem(), bVal.Elem())
-	default:
-		// Certain types cannot appear as keys (maps, funcs, slices), but be explicit.
-		panic("bad type in compare: " + aType.String())
-	}
-}
-
-// nilCompare checks whether either value is nil. If not, the boolean is false.
-// If either value is nil, the boolean is true and the integer is the comparison
-// value. The comparison is defined to be 0 if both are nil, otherwise the one
-// nil value compares low. Both arguments must represent a chan, func,
-// interface, map, pointer, or slice.
-func nilCompare(aVal, bVal reflect.Value) (int, bool) {
-	if aVal.IsNil() {
-		if bVal.IsNil() {
-			return 0, true
-		}
-		return -1, true
-	}
-	if bVal.IsNil() {
-		return 1, true
-	}
-	return 0, false
-}
-
-// floatCompare compares two floating-point values. NaNs compare low.
-func floatCompare(a, b float64) int {
-	switch {
-	case isNaN(a):
-		return -1 // No good answer if b is a NaN so don't bother checking.
-	case isNaN(b):
-		return 1
-	case a < b:
-		return -1
-	case a > b:
-		return 1
-	}
-	return 0
-}
-
-func isNaN(a float64) bool {
-	return a != a
-}
diff --git a/vendor/github.com/yvasiyarov/go-metrics/.gitignore b/vendor/github.com/yvasiyarov/go-metrics/.gitignore
deleted file mode 100644
index 83c8f8237..000000000
--- a/vendor/github.com/yvasiyarov/go-metrics/.gitignore
+++ /dev/null
@@ -1,9 +0,0 @@
-*.[68]
-*.a
-*.out
-*.swp
-_obj
-_testmain.go
-cmd/metrics-bench/metrics-bench
-cmd/metrics-example/metrics-example
-cmd/never-read/never-read
diff --git a/vendor/github.com/yvasiyarov/go-metrics/LICENSE b/vendor/github.com/yvasiyarov/go-metrics/LICENSE
deleted file mode 100644
index 363fa9ee7..000000000
--- a/vendor/github.com/yvasiyarov/go-metrics/LICENSE
+++ /dev/null
@@ -1,29 +0,0 @@
-Copyright 2012 Richard Crowley. All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions are
-met:
-
-    1.  Redistributions of source code must retain the above copyright
-        notice, this list of conditions and the following disclaimer.
-
-    2.  Redistributions in binary form must reproduce the above
-        copyright notice, this list of conditions and the following
-        disclaimer in the documentation and/or other materials provided
-        with the distribution.
-
-THIS SOFTWARE IS PROVIDED BY RICHARD CROWLEY ``AS IS'' AND ANY EXPRESS
-OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
-WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-DISCLAIMED. IN NO EVENT SHALL RICHARD CROWLEY OR CONTRIBUTORS BE LIABLE
-FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
-THE POSSIBILITY OF SUCH DAMAGE.
-
-The views and conclusions contained in the software and documentation
-are those of the authors and should not be interpreted as representing
-official policies, either expressed or implied, of Richard Crowley.
diff --git a/vendor/github.com/yvasiyarov/go-metrics/README.md b/vendor/github.com/yvasiyarov/go-metrics/README.md
deleted file mode 100644
index e0091a4bd..000000000
--- a/vendor/github.com/yvasiyarov/go-metrics/README.md
+++ /dev/null
@@ -1,104 +0,0 @@
-go-metrics
-==========
-
-Go port of Coda Hale's Metrics library: <https://github.com/codahale/metrics>.
-
-Documentation: <http://godoc.org/github.com/rcrowley/go-metrics>.
-
-Usage
------
-
-Create and update metrics:
-
-```go
-c := metrics.NewCounter()
-metrics.Register("foo", c)
-c.Inc(47)
-
-g := metrics.NewGauge()
-metrics.Register("bar", g)
-g.Update(47)
-
-s := metrics.NewExpDecaySample(1028, 0.015) // or metrics.NewUniformSample(1028)
-h := metrics.NewHistogram(s)
-metrics.Register("baz", h)
-h.Update(47)
-
-m := metrics.NewMeter()
-metrics.Register("quux", m)
-m.Mark(47)
-
-t := metrics.NewTimer()
-metrics.Register("bang", t)
-t.Time(func() {})
-t.Update(47)
-```
-
-Periodically log every metric in human-readable form to standard error:
-
-```go
-go metrics.Log(metrics.DefaultRegistry, 60e9, log.New(os.Stderr, "metrics: ", log.Lmicroseconds))
-```
-
-Periodically log every metric in slightly-more-parseable form to syslog:
-
-```go
-w, _ := syslog.Dial("unixgram", "/dev/log", syslog.LOG_INFO, "metrics")
-go metrics.Syslog(metrics.DefaultRegistry, 60e9, w)
-```
-
-Periodically emit every metric to Graphite:
-
-```go
-addr, _ := net.ResolveTCPAddr("tcp", "127.0.0.1:2003")
-go metrics.Graphite(metrics.DefaultRegistry, 10e9, "metrics", addr)
-```
-
-Periodically emit every metric into InfluxDB:
-
-```go
-import "github.com/rcrowley/go-metrics/influxdb"
-
-go influxdb.Influxdb(metrics.DefaultRegistry, 10e9, &influxdb.Config{
-    Host:     "127.0.0.1:8086",
-    Database: "metrics",
-    Username: "test",
-    Password: "test",
-})
-```
-
-Periodically upload every metric to Librato:
-
-```go
-import "github.com/rcrowley/go-metrics/librato"
-
-go librato.Librato(metrics.DefaultRegistry,
-    10e9,                  // interval
-    "example@example.com", // account owner email address
-    "token",               // Librato API token
-    "hostname",            // source
-    []float64{0.95},       // precentiles to send
-    time.Millisecond,      // time unit
-)
-```
-
-Periodically emit every metric to StatHat:
-
-```go
-import "github.com/rcrowley/go-metrics/stathat"
-
-go stathat.Stathat(metrics.DefaultRegistry, 10e9, "example@example.com")
-```
-
-Installation
-------------
-
-```sh
-go get github.com/rcrowley/go-metrics
-```
-
-StatHat support additionally requires their Go client:
-
-```sh
-go get github.com/stathat/go
-```
diff --git a/vendor/github.com/yvasiyarov/go-metrics/counter.go b/vendor/github.com/yvasiyarov/go-metrics/counter.go
deleted file mode 100644
index bb7b039cb..000000000
--- a/vendor/github.com/yvasiyarov/go-metrics/counter.go
+++ /dev/null
@@ -1,112 +0,0 @@
-package metrics
-
-import "sync/atomic"
-
-// Counters hold an int64 value that can be incremented and decremented.
-type Counter interface {
-	Clear()
-	Count() int64
-	Dec(int64)
-	Inc(int64)
-	Snapshot() Counter
-}
-
-// GetOrRegisterCounter returns an existing Counter or constructs and registers
-// a new StandardCounter.
-func GetOrRegisterCounter(name string, r Registry) Counter {
-	if nil == r {
-		r = DefaultRegistry
-	}
-	return r.GetOrRegister(name, NewCounter).(Counter)
-}
-
-// NewCounter constructs a new StandardCounter.
-func NewCounter() Counter {
-	if UseNilMetrics {
-		return NilCounter{}
-	}
-	return &StandardCounter{0}
-}
-
-// NewRegisteredCounter constructs and registers a new StandardCounter.
-func NewRegisteredCounter(name string, r Registry) Counter {
-	c := NewCounter()
-	if nil == r {
-		r = DefaultRegistry
-	}
-	r.Register(name, c)
-	return c
-}
-
-// CounterSnapshot is a read-only copy of another Counter.
-type CounterSnapshot int64
-
-// Clear panics.
-func (CounterSnapshot) Clear() {
-	panic("Clear called on a CounterSnapshot")
-}
-
-// Count returns the count at the time the snapshot was taken.
-func (c CounterSnapshot) Count() int64 { return int64(c) }
-
-// Dec panics.
-func (CounterSnapshot) Dec(int64) {
-	panic("Dec called on a CounterSnapshot")
-}
-
-// Inc panics.
-func (CounterSnapshot) Inc(int64) {
-	panic("Inc called on a CounterSnapshot")
-}
-
-// Snapshot returns the snapshot.
-func (c CounterSnapshot) Snapshot() Counter { return c }
-
-// NilCounter is a no-op Counter.
-type NilCounter struct{}
-
-// Clear is a no-op.
-func (NilCounter) Clear() {}
-
-// Count is a no-op.
-func (NilCounter) Count() int64 { return 0 }
-
-// Dec is a no-op.
-func (NilCounter) Dec(i int64) {}
-
-// Inc is a no-op.
-func (NilCounter) Inc(i int64) {}
-
-// Snapshot is a no-op.
-func (NilCounter) Snapshot() Counter { return NilCounter{} }
-
-// StandardCounter is the standard implementation of a Counter and uses the
-// sync/atomic package to manage a single int64 value.
-type StandardCounter struct {
-	count int64
-}
-
-// Clear sets the counter to zero.
-func (c *StandardCounter) Clear() {
-	atomic.StoreInt64(&c.count, 0)
-}
-
-// Count returns the current count.
-func (c *StandardCounter) Count() int64 {
-	return atomic.LoadInt64(&c.count)
-}
-
-// Dec decrements the counter by the given amount.
-func (c *StandardCounter) Dec(i int64) {
-	atomic.AddInt64(&c.count, -i)
-}
-
-// Inc increments the counter by the given amount.
-func (c *StandardCounter) Inc(i int64) {
-	atomic.AddInt64(&c.count, i)
-}
-
-// Snapshot returns a read-only copy of the counter.
-func (c *StandardCounter) Snapshot() Counter {
-	return CounterSnapshot(c.Count())
-}
diff --git a/vendor/github.com/yvasiyarov/go-metrics/debug.go b/vendor/github.com/yvasiyarov/go-metrics/debug.go
deleted file mode 100644
index 043ccefab..000000000
--- a/vendor/github.com/yvasiyarov/go-metrics/debug.go
+++ /dev/null
@@ -1,76 +0,0 @@
-package metrics
-
-import (
-	"runtime/debug"
-	"time"
-)
-
-var (
-	debugMetrics struct {
-		GCStats struct {
-			LastGC Gauge
-			NumGC  Gauge
-			Pause  Histogram
-			//PauseQuantiles Histogram
-			PauseTotal Gauge
-		}
-		ReadGCStats Timer
-	}
-	gcStats debug.GCStats
-)
-
-// Capture new values for the Go garbage collector statistics exported in
-// debug.GCStats.  This is designed to be called as a goroutine.
-func CaptureDebugGCStats(r Registry, d time.Duration) {
-	for _ = range time.Tick(d) {
-		CaptureDebugGCStatsOnce(r)
-	}
-}
-
-// Capture new values for the Go garbage collector statistics exported in
-// debug.GCStats.  This is designed to be called in a background goroutine.
-// Giving a registry which has not been given to RegisterDebugGCStats will
-// panic.
-//
-// Be careful (but much less so) with this because debug.ReadGCStats calls
-// the C function runtime·lock(runtime·mheap) which, while not a stop-the-world
-// operation, isn't something you want to be doing all the time.
-func CaptureDebugGCStatsOnce(r Registry) {
-	lastGC := gcStats.LastGC
-	t := time.Now()
-	debug.ReadGCStats(&gcStats)
-	debugMetrics.ReadGCStats.UpdateSince(t)
-
-	debugMetrics.GCStats.LastGC.Update(int64(gcStats.LastGC.UnixNano()))
-	debugMetrics.GCStats.NumGC.Update(int64(gcStats.NumGC))
-	if lastGC != gcStats.LastGC && 0 < len(gcStats.Pause) {
-		debugMetrics.GCStats.Pause.Update(int64(gcStats.Pause[0]))
-	}
-	//debugMetrics.GCStats.PauseQuantiles.Update(gcStats.PauseQuantiles)
-	debugMetrics.GCStats.PauseTotal.Update(int64(gcStats.PauseTotal))
-}
-
-// Register metrics for the Go garbage collector statistics exported in
-// debug.GCStats.  The metrics are named by their fully-qualified Go symbols,
-// i.e. debug.GCStats.PauseTotal.
-func RegisterDebugGCStats(r Registry) {
-	debugMetrics.GCStats.LastGC = NewGauge()
-	debugMetrics.GCStats.NumGC = NewGauge()
-	debugMetrics.GCStats.Pause = NewHistogram(NewExpDecaySample(1028, 0.015))
-	//debugMetrics.GCStats.PauseQuantiles = NewHistogram(NewExpDecaySample(1028, 0.015))
-	debugMetrics.GCStats.PauseTotal = NewGauge()
-	debugMetrics.ReadGCStats = NewTimer()
-
-	r.Register("debug.GCStats.LastGC", debugMetrics.GCStats.LastGC)
-	r.Register("debug.GCStats.NumGC", debugMetrics.GCStats.NumGC)
-	r.Register("debug.GCStats.Pause", debugMetrics.GCStats.Pause)
-	//r.Register("debug.GCStats.PauseQuantiles", debugMetrics.GCStats.PauseQuantiles)
-	r.Register("debug.GCStats.PauseTotal", debugMetrics.GCStats.PauseTotal)
-	r.Register("debug.ReadGCStats", debugMetrics.ReadGCStats)
-}
-
-// Allocate an initial slice for gcStats.Pause to avoid allocations during
-// normal operation.
-func init() {
-	gcStats.Pause = make([]time.Duration, 11)
-}
diff --git a/vendor/github.com/yvasiyarov/go-metrics/ewma.go b/vendor/github.com/yvasiyarov/go-metrics/ewma.go
deleted file mode 100644
index 7c152a174..000000000
--- a/vendor/github.com/yvasiyarov/go-metrics/ewma.go
+++ /dev/null
@@ -1,118 +0,0 @@
-package metrics
-
-import (
-	"math"
-	"sync"
-	"sync/atomic"
-)
-
-// EWMAs continuously calculate an exponentially-weighted moving average
-// based on an outside source of clock ticks.
-type EWMA interface {
-	Rate() float64
-	Snapshot() EWMA
-	Tick()
-	Update(int64)
-}
-
-// NewEWMA constructs a new EWMA with the given alpha.
-func NewEWMA(alpha float64) EWMA {
-	if UseNilMetrics {
-		return NilEWMA{}
-	}
-	return &StandardEWMA{alpha: alpha}
-}
-
-// NewEWMA1 constructs a new EWMA for a one-minute moving average.
-func NewEWMA1() EWMA {
-	return NewEWMA(1 - math.Exp(-5.0/60.0/1))
-}
-
-// NewEWMA5 constructs a new EWMA for a five-minute moving average.
-func NewEWMA5() EWMA {
-	return NewEWMA(1 - math.Exp(-5.0/60.0/5))
-}
-
-// NewEWMA15 constructs a new EWMA for a fifteen-minute moving average.
-func NewEWMA15() EWMA {
-	return NewEWMA(1 - math.Exp(-5.0/60.0/15))
-}
-
-// EWMASnapshot is a read-only copy of another EWMA.
-type EWMASnapshot float64
-
-// Rate returns the rate of events per second at the time the snapshot was
-// taken.
-func (a EWMASnapshot) Rate() float64 { return float64(a) }
-
-// Snapshot returns the snapshot.
-func (a EWMASnapshot) Snapshot() EWMA { return a }
-
-// Tick panics.
-func (EWMASnapshot) Tick() {
-	panic("Tick called on an EWMASnapshot")
-}
-
-// Update panics.
-func (EWMASnapshot) Update(int64) {
-	panic("Update called on an EWMASnapshot")
-}
-
-// NilEWMA is a no-op EWMA.
-type NilEWMA struct{}
-
-// Rate is a no-op.
-func (NilEWMA) Rate() float64 { return 0.0 }
-
-// Snapshot is a no-op.
-func (NilEWMA) Snapshot() EWMA { return NilEWMA{} }
-
-// Tick is a no-op.
-func (NilEWMA) Tick() {}
-
-// Update is a no-op.
-func (NilEWMA) Update(n int64) {}
-
-// StandardEWMA is the standard implementation of an EWMA and tracks the number
-// of uncounted events and processes them on each tick.  It uses the
-// sync/atomic package to manage uncounted events.
-type StandardEWMA struct {
-	uncounted int64		// /!\ this should be the first member to ensure 64-bit alignment
-	alpha     float64
-	rate      float64
-	init      bool
-	mutex     sync.Mutex
-}
-
-// Rate returns the moving average rate of events per second.
-func (a *StandardEWMA) Rate() float64 {
-	a.mutex.Lock()
-	defer a.mutex.Unlock()
-	return a.rate * float64(1e9)
-}
-
-// Snapshot returns a read-only copy of the EWMA.
-func (a *StandardEWMA) Snapshot() EWMA {
-	return EWMASnapshot(a.Rate())
-}
-
-// Tick ticks the clock to update the moving average.  It assumes it is called
-// every five seconds.
-func (a *StandardEWMA) Tick() {
-	count := atomic.LoadInt64(&a.uncounted)
-	atomic.AddInt64(&a.uncounted, -count)
-	instantRate := float64(count) / float64(5e9)
-	a.mutex.Lock()
-	defer a.mutex.Unlock()
-	if a.init {
-		a.rate += a.alpha * (instantRate - a.rate)
-	} else {
-		a.init = true
-		a.rate = instantRate
-	}
-}
-
-// Update adds n uncounted events.
-func (a *StandardEWMA) Update(n int64) {
-	atomic.AddInt64(&a.uncounted, n)
-}
diff --git a/vendor/github.com/yvasiyarov/go-metrics/gauge.go b/vendor/github.com/yvasiyarov/go-metrics/gauge.go
deleted file mode 100644
index 807638a31..000000000
--- a/vendor/github.com/yvasiyarov/go-metrics/gauge.go
+++ /dev/null
@@ -1,84 +0,0 @@
-package metrics
-
-import "sync/atomic"
-
-// Gauges hold an int64 value that can be set arbitrarily.
-type Gauge interface {
-	Snapshot() Gauge
-	Update(int64)
-	Value() int64
-}
-
-// GetOrRegisterGauge returns an existing Gauge or constructs and registers a
-// new StandardGauge.
-func GetOrRegisterGauge(name string, r Registry) Gauge {
-	if nil == r {
-		r = DefaultRegistry
-	}
-	return r.GetOrRegister(name, NewGauge).(Gauge)
-}
-
-// NewGauge constructs a new StandardGauge.
-func NewGauge() Gauge {
-	if UseNilMetrics {
-		return NilGauge{}
-	}
-	return &StandardGauge{0}
-}
-
-// NewRegisteredGauge constructs and registers a new StandardGauge.
-func NewRegisteredGauge(name string, r Registry) Gauge {
-	c := NewGauge()
-	if nil == r {
-		r = DefaultRegistry
-	}
-	r.Register(name, c)
-	return c
-}
-
-// GaugeSnapshot is a read-only copy of another Gauge.
-type GaugeSnapshot int64
-
-// Snapshot returns the snapshot.
-func (g GaugeSnapshot) Snapshot() Gauge { return g }
-
-// Update panics.
-func (GaugeSnapshot) Update(int64) {
-	panic("Update called on a GaugeSnapshot")
-}
-
-// Value returns the value at the time the snapshot was taken.
-func (g GaugeSnapshot) Value() int64 { return int64(g) }
-
-// NilGauge is a no-op Gauge.
-type NilGauge struct{}
-
-// Snapshot is a no-op.
-func (NilGauge) Snapshot() Gauge { return NilGauge{} }
-
-// Update is a no-op.
-func (NilGauge) Update(v int64) {}
-
-// Value is a no-op.
-func (NilGauge) Value() int64 { return 0 }
-
-// StandardGauge is the standard implementation of a Gauge and uses the
-// sync/atomic package to manage a single int64 value.
-type StandardGauge struct {
-	value int64
-}
-
-// Snapshot returns a read-only copy of the gauge.
-func (g *StandardGauge) Snapshot() Gauge {
-	return GaugeSnapshot(g.Value())
-}
-
-// Update updates the gauge's value.
-func (g *StandardGauge) Update(v int64) {
-	atomic.StoreInt64(&g.value, v)
-}
-
-// Value returns the gauge's current value.
-func (g *StandardGauge) Value() int64 {
-	return atomic.LoadInt64(&g.value)
-}
diff --git a/vendor/github.com/yvasiyarov/go-metrics/gauge_float64.go b/vendor/github.com/yvasiyarov/go-metrics/gauge_float64.go
deleted file mode 100644
index 47c3566c2..000000000
--- a/vendor/github.com/yvasiyarov/go-metrics/gauge_float64.go
+++ /dev/null
@@ -1,91 +0,0 @@
-package metrics
-
-import "sync"
-
-// GaugeFloat64s hold a float64 value that can be set arbitrarily.
-type GaugeFloat64 interface {
-	Snapshot() GaugeFloat64
-	Update(float64)
-	Value() float64
-}
-
-// GetOrRegisterGaugeFloat64 returns an existing GaugeFloat64 or constructs and registers a
-// new StandardGaugeFloat64.
-func GetOrRegisterGaugeFloat64(name string, r Registry) GaugeFloat64 {
-	if nil == r {
-		r = DefaultRegistry
-	}
-	return r.GetOrRegister(name, NewGaugeFloat64()).(GaugeFloat64)
-}
-
-// NewGaugeFloat64 constructs a new StandardGaugeFloat64.
-func NewGaugeFloat64() GaugeFloat64 {
-	if UseNilMetrics {
-		return NilGaugeFloat64{}
-	}
-	return &StandardGaugeFloat64{
-		value: 0.0,
-	}
-}
-
-// NewRegisteredGaugeFloat64 constructs and registers a new StandardGaugeFloat64.
-func NewRegisteredGaugeFloat64(name string, r Registry) GaugeFloat64 {
-	c := NewGaugeFloat64()
-	if nil == r {
-		r = DefaultRegistry
-	}
-	r.Register(name, c)
-	return c
-}
-
-// GaugeFloat64Snapshot is a read-only copy of another GaugeFloat64.
-type GaugeFloat64Snapshot float64
-
-// Snapshot returns the snapshot.
-func (g GaugeFloat64Snapshot) Snapshot() GaugeFloat64 { return g }
-
-// Update panics.
-func (GaugeFloat64Snapshot) Update(float64) {
-	panic("Update called on a GaugeFloat64Snapshot")
-}
-
-// Value returns the value at the time the snapshot was taken.
-func (g GaugeFloat64Snapshot) Value() float64 { return float64(g) }
-
-// NilGauge is a no-op Gauge.
-type NilGaugeFloat64 struct{}
-
-// Snapshot is a no-op.
-func (NilGaugeFloat64) Snapshot() GaugeFloat64 { return NilGaugeFloat64{} }
-
-// Update is a no-op.
-func (NilGaugeFloat64) Update(v float64) {}
-
-// Value is a no-op.
-func (NilGaugeFloat64) Value() float64 { return 0.0 }
-
-// StandardGaugeFloat64 is the standard implementation of a GaugeFloat64 and uses
-// sync.Mutex to manage a single float64 value.
-type StandardGaugeFloat64 struct {
-	mutex sync.Mutex
-	value float64
-}
-
-// Snapshot returns a read-only copy of the gauge.
-func (g *StandardGaugeFloat64) Snapshot() GaugeFloat64 {
-	return GaugeFloat64Snapshot(g.Value())
-}
-
-// Update updates the gauge's value.
-func (g *StandardGaugeFloat64) Update(v float64) {
-	g.mutex.Lock()
-	defer g.mutex.Unlock()
-	g.value = v
-}
-
-// Value returns the gauge's current value.
-func (g *StandardGaugeFloat64) Value() float64 {
-	g.mutex.Lock()
-	defer g.mutex.Unlock()
-	return g.value
-}
diff --git a/vendor/github.com/yvasiyarov/go-metrics/graphite.go b/vendor/github.com/yvasiyarov/go-metrics/graphite.go
deleted file mode 100644
index 643b3ec50..000000000
--- a/vendor/github.com/yvasiyarov/go-metrics/graphite.go
+++ /dev/null
@@ -1,104 +0,0 @@
-package metrics
-
-import (
-	"bufio"
-	"fmt"
-	"log"
-	"net"
-	"strconv"
-	"strings"
-	"time"
-)
-
-// GraphiteConfig provides a container with configuration parameters for
-// the Graphite exporter
-type GraphiteConfig struct {
-	Addr          *net.TCPAddr  // Network address to connect to
-	Registry      Registry      // Registry to be exported
-	FlushInterval time.Duration // Flush interval
-	DurationUnit  time.Duration // Time conversion unit for durations
-	Prefix        string        // Prefix to be prepended to metric names
-	Percentiles   []float64     // Percentiles to export from timers and histograms
-}
-
-// Graphite is a blocking exporter function which reports metrics in r
-// to a graphite server located at addr, flushing them every d duration
-// and prepending metric names with prefix.
-func Graphite(r Registry, d time.Duration, prefix string, addr *net.TCPAddr) {
-	GraphiteWithConfig(GraphiteConfig{
-		Addr:          addr,
-		Registry:      r,
-		FlushInterval: d,
-		DurationUnit:  time.Nanosecond,
-		Prefix:        prefix,
-		Percentiles:   []float64{0.5, 0.75, 0.95, 0.99, 0.999},
-	})
-}
-
-// GraphiteWithConfig is a blocking exporter function just like Graphite,
-// but it takes a GraphiteConfig instead.
-func GraphiteWithConfig(c GraphiteConfig) {
-	for _ = range time.Tick(c.FlushInterval) {
-		if err := graphite(&c); nil != err {
-			log.Println(err)
-		}
-	}
-}
-
-func graphite(c *GraphiteConfig) error {
-	now := time.Now().Unix()
-	du := float64(c.DurationUnit)
-	conn, err := net.DialTCP("tcp", nil, c.Addr)
-	if nil != err {
-		return err
-	}
-	defer conn.Close()
-	w := bufio.NewWriter(conn)
-	c.Registry.Each(func(name string, i interface{}) {
-		switch metric := i.(type) {
-		case Counter:
-			fmt.Fprintf(w, "%s.%s.count %d %d\n", c.Prefix, name, metric.Count(), now)
-		case Gauge:
-			fmt.Fprintf(w, "%s.%s.value %d %d\n", c.Prefix, name, metric.Value(), now)
-		case GaugeFloat64:
-			fmt.Fprintf(w, "%s.%s.value %f %d\n", c.Prefix, name, metric.Value(), now)
-		case Histogram:
-			h := metric.Snapshot()
-			ps := h.Percentiles(c.Percentiles)
-			fmt.Fprintf(w, "%s.%s.count %d %d\n", c.Prefix, name, h.Count(), now)
-			fmt.Fprintf(w, "%s.%s.min %d %d\n", c.Prefix, name, h.Min(), now)
-			fmt.Fprintf(w, "%s.%s.max %d %d\n", c.Prefix, name, h.Max(), now)
-			fmt.Fprintf(w, "%s.%s.mean %.2f %d\n", c.Prefix, name, h.Mean(), now)
-			fmt.Fprintf(w, "%s.%s.std-dev %.2f %d\n", c.Prefix, name, h.StdDev(), now)
-			for psIdx, psKey := range c.Percentiles {
-				key := strings.Replace(strconv.FormatFloat(psKey*100.0, 'f', -1, 64), ".", "", 1)
-				fmt.Fprintf(w, "%s.%s.%s-percentile %.2f %d\n", c.Prefix, name, key, ps[psIdx], now)
-			}
-		case Meter:
-			m := metric.Snapshot()
-			fmt.Fprintf(w, "%s.%s.count %d %d\n", c.Prefix, name, m.Count(), now)
-			fmt.Fprintf(w, "%s.%s.one-minute %.2f %d\n", c.Prefix, name, m.Rate1(), now)
-			fmt.Fprintf(w, "%s.%s.five-minute %.2f %d\n", c.Prefix, name, m.Rate5(), now)
-			fmt.Fprintf(w, "%s.%s.fifteen-minute %.2f %d\n", c.Prefix, name, m.Rate15(), now)
-			fmt.Fprintf(w, "%s.%s.mean %.2f %d\n", c.Prefix, name, m.RateMean(), now)
-		case Timer:
-			t := metric.Snapshot()
-			ps := t.Percentiles(c.Percentiles)
-			fmt.Fprintf(w, "%s.%s.count %d %d\n", c.Prefix, name, t.Count(), now)
-			fmt.Fprintf(w, "%s.%s.min %d %d\n", c.Prefix, name, int64(du)*t.Min(), now)
-			fmt.Fprintf(w, "%s.%s.max %d %d\n", c.Prefix, name, int64(du)*t.Max(), now)
-			fmt.Fprintf(w, "%s.%s.mean %.2f %d\n", c.Prefix, name, du*t.Mean(), now)
-			fmt.Fprintf(w, "%s.%s.std-dev %.2f %d\n", c.Prefix, name, du*t.StdDev(), now)
-			for psIdx, psKey := range c.Percentiles {
-				key := strings.Replace(strconv.FormatFloat(psKey*100.0, 'f', -1, 64), ".", "", 1)
-				fmt.Fprintf(w, "%s.%s.%s-percentile %.2f %d\n", c.Prefix, name, key, ps[psIdx], now)
-			}
-			fmt.Fprintf(w, "%s.%s.one-minute %.2f %d\n", c.Prefix, name, t.Rate1(), now)
-			fmt.Fprintf(w, "%s.%s.five-minute %.2f %d\n", c.Prefix, name, t.Rate5(), now)
-			fmt.Fprintf(w, "%s.%s.fifteen-minute %.2f %d\n", c.Prefix, name, t.Rate15(), now)
-			fmt.Fprintf(w, "%s.%s.mean-rate %.2f %d\n", c.Prefix, name, t.RateMean(), now)
-		}
-		w.Flush()
-	})
-	return nil
-}
diff --git a/vendor/github.com/yvasiyarov/go-metrics/healthcheck.go b/vendor/github.com/yvasiyarov/go-metrics/healthcheck.go
deleted file mode 100644
index 445131cae..000000000
--- a/vendor/github.com/yvasiyarov/go-metrics/healthcheck.go
+++ /dev/null
@@ -1,61 +0,0 @@
-package metrics
-
-// Healthchecks hold an error value describing an arbitrary up/down status.
-type Healthcheck interface {
-	Check()
-	Error() error
-	Healthy()
-	Unhealthy(error)
-}
-
-// NewHealthcheck constructs a new Healthcheck which will use the given
-// function to update its status.
-func NewHealthcheck(f func(Healthcheck)) Healthcheck {
-	if UseNilMetrics {
-		return NilHealthcheck{}
-	}
-	return &StandardHealthcheck{nil, f}
-}
-
-// NilHealthcheck is a no-op.
-type NilHealthcheck struct{}
-
-// Check is a no-op.
-func (NilHealthcheck) Check() {}
-
-// Error is a no-op.
-func (NilHealthcheck) Error() error { return nil }
-
-// Healthy is a no-op.
-func (NilHealthcheck) Healthy() {}
-
-// Unhealthy is a no-op.
-func (NilHealthcheck) Unhealthy(error) {}
-
-// StandardHealthcheck is the standard implementation of a Healthcheck and
-// stores the status and a function to call to update the status.
-type StandardHealthcheck struct {
-	err error
-	f   func(Healthcheck)
-}
-
-// Check runs the healthcheck function to update the healthcheck's status.
-func (h *StandardHealthcheck) Check() {
-	h.f(h)
-}
-
-// Error returns the healthcheck's status, which will be nil if it is healthy.
-func (h *StandardHealthcheck) Error() error {
-	return h.err
-}
-
-// Healthy marks the healthcheck as healthy.
-func (h *StandardHealthcheck) Healthy() {
-	h.err = nil
-}
-
-// Unhealthy marks the healthcheck as unhealthy.  The error is stored and
-// may be retrieved by the Error method.
-func (h *StandardHealthcheck) Unhealthy(err error) {
-	h.err = err
-}
diff --git a/vendor/github.com/yvasiyarov/go-metrics/histogram.go b/vendor/github.com/yvasiyarov/go-metrics/histogram.go
deleted file mode 100644
index 7f3ee70cc..000000000
--- a/vendor/github.com/yvasiyarov/go-metrics/histogram.go
+++ /dev/null
@@ -1,192 +0,0 @@
-package metrics
-
-// Histograms calculate distribution statistics from a series of int64 values.
-type Histogram interface {
-	Clear()
-	Count() int64
-	Max() int64
-	Mean() float64
-	Min() int64
-	Percentile(float64) float64
-	Percentiles([]float64) []float64
-	Sample() Sample
-	Snapshot() Histogram
-	StdDev() float64
-	Update(int64)
-	Variance() float64
-}
-
-// GetOrRegisterHistogram returns an existing Histogram or constructs and
-// registers a new StandardHistogram.
-func GetOrRegisterHistogram(name string, r Registry, s Sample) Histogram {
-	if nil == r {
-		r = DefaultRegistry
-	}
-	return r.GetOrRegister(name, func() Histogram { return NewHistogram(s) }).(Histogram)
-}
-
-// NewHistogram constructs a new StandardHistogram from a Sample.
-func NewHistogram(s Sample) Histogram {
-	if UseNilMetrics {
-		return NilHistogram{}
-	}
-	return &StandardHistogram{sample: s}
-}
-
-// NewRegisteredHistogram constructs and registers a new StandardHistogram from
-// a Sample.
-func NewRegisteredHistogram(name string, r Registry, s Sample) Histogram {
-	c := NewHistogram(s)
-	if nil == r {
-		r = DefaultRegistry
-	}
-	r.Register(name, c)
-	return c
-}
-
-// HistogramSnapshot is a read-only copy of another Histogram.
-type HistogramSnapshot struct {
-	sample *SampleSnapshot
-}
-
-// Clear panics.
-func (*HistogramSnapshot) Clear() {
-	panic("Clear called on a HistogramSnapshot")
-}
-
-// Count returns the number of samples recorded at the time the snapshot was
-// taken.
-func (h *HistogramSnapshot) Count() int64 { return h.sample.Count() }
-
-// Max returns the maximum value in the sample at the time the snapshot was
-// taken.
-func (h *HistogramSnapshot) Max() int64 { return h.sample.Max() }
-
-// Mean returns the mean of the values in the sample at the time the snapshot
-// was taken.
-func (h *HistogramSnapshot) Mean() float64 { return h.sample.Mean() }
-
-// Min returns the minimum value in the sample at the time the snapshot was
-// taken.
-func (h *HistogramSnapshot) Min() int64 { return h.sample.Min() }
-
-// Percentile returns an arbitrary percentile of values in the sample at the
-// time the snapshot was taken.
-func (h *HistogramSnapshot) Percentile(p float64) float64 {
-	return h.sample.Percentile(p)
-}
-
-// Percentiles returns a slice of arbitrary percentiles of values in the sample
-// at the time the snapshot was taken.
-func (h *HistogramSnapshot) Percentiles(ps []float64) []float64 {
-	return h.sample.Percentiles(ps)
-}
-
-// Sample returns the Sample underlying the histogram.
-func (h *HistogramSnapshot) Sample() Sample { return h.sample }
-
-// Snapshot returns the snapshot.
-func (h *HistogramSnapshot) Snapshot() Histogram { return h }
-
-// StdDev returns the standard deviation of the values in the sample at the
-// time the snapshot was taken.
-func (h *HistogramSnapshot) StdDev() float64 { return h.sample.StdDev() }
-
-// Update panics.
-func (*HistogramSnapshot) Update(int64) {
-	panic("Update called on a HistogramSnapshot")
-}
-
-// Variance returns the variance of inputs at the time the snapshot was taken.
-func (h *HistogramSnapshot) Variance() float64 { return h.sample.Variance() }
-
-// NilHistogram is a no-op Histogram.
-type NilHistogram struct{}
-
-// Clear is a no-op.
-func (NilHistogram) Clear() {}
-
-// Count is a no-op.
-func (NilHistogram) Count() int64 { return 0 }
-
-// Max is a no-op.
-func (NilHistogram) Max() int64 { return 0 }
-
-// Mean is a no-op.
-func (NilHistogram) Mean() float64 { return 0.0 }
-
-// Min is a no-op.
-func (NilHistogram) Min() int64 { return 0 }
-
-// Percentile is a no-op.
-func (NilHistogram) Percentile(p float64) float64 { return 0.0 }
-
-// Percentiles is a no-op.
-func (NilHistogram) Percentiles(ps []float64) []float64 {
-	return make([]float64, len(ps))
-}
-
-// Sample is a no-op.
-func (NilHistogram) Sample() Sample { return NilSample{} }
-
-// Snapshot is a no-op.
-func (NilHistogram) Snapshot() Histogram { return NilHistogram{} }
-
-// StdDev is a no-op.
-func (NilHistogram) StdDev() float64 { return 0.0 }
-
-// Update is a no-op.
-func (NilHistogram) Update(v int64) {}
-
-// Variance is a no-op.
-func (NilHistogram) Variance() float64 { return 0.0 }
-
-// StandardHistogram is the standard implementation of a Histogram and uses a
-// Sample to bound its memory use.
-type StandardHistogram struct {
-	sample Sample
-}
-
-// Clear clears the histogram and its sample.
-func (h *StandardHistogram) Clear() { h.sample.Clear() }
-
-// Count returns the number of samples recorded since the histogram was last
-// cleared.
-func (h *StandardHistogram) Count() int64 { return h.sample.Count() }
-
-// Max returns the maximum value in the sample.
-func (h *StandardHistogram) Max() int64 { return h.sample.Max() }
-
-// Mean returns the mean of the values in the sample.
-func (h *StandardHistogram) Mean() float64 { return h.sample.Mean() }
-
-// Min returns the minimum value in the sample.
-func (h *StandardHistogram) Min() int64 { return h.sample.Min() }
-
-// Percentile returns an arbitrary percentile of the values in the sample.
-func (h *StandardHistogram) Percentile(p float64) float64 {
-	return h.sample.Percentile(p)
-}
-
-// Percentiles returns a slice of arbitrary percentiles of the values in the
-// sample.
-func (h *StandardHistogram) Percentiles(ps []float64) []float64 {
-	return h.sample.Percentiles(ps)
-}
-
-// Sample returns the Sample underlying the histogram.
-func (h *StandardHistogram) Sample() Sample { return h.sample }
-
-// Snapshot returns a read-only copy of the histogram.
-func (h *StandardHistogram) Snapshot() Histogram {
-	return &HistogramSnapshot{sample: h.sample.Snapshot().(*SampleSnapshot)}
-}
-
-// StdDev returns the standard deviation of the values in the sample.
-func (h *StandardHistogram) StdDev() float64 { return h.sample.StdDev() }
-
-// Update samples a new value.
-func (h *StandardHistogram) Update(v int64) { h.sample.Update(v) }
-
-// Variance returns the variance of the values in the sample.
-func (h *StandardHistogram) Variance() float64 { return h.sample.Variance() }
diff --git a/vendor/github.com/yvasiyarov/go-metrics/json.go b/vendor/github.com/yvasiyarov/go-metrics/json.go
deleted file mode 100644
index 04a9c9198..000000000
--- a/vendor/github.com/yvasiyarov/go-metrics/json.go
+++ /dev/null
@@ -1,83 +0,0 @@
-package metrics
-
-import (
-	"encoding/json"
-	"io"
-	"time"
-)
-
-// MarshalJSON returns a byte slice containing a JSON representation of all
-// the metrics in the Registry.
-func (r StandardRegistry) MarshalJSON() ([]byte, error) {
-	data := make(map[string]map[string]interface{})
-	r.Each(func(name string, i interface{}) {
-		values := make(map[string]interface{})
-		switch metric := i.(type) {
-		case Counter:
-			values["count"] = metric.Count()
-		case Gauge:
-			values["value"] = metric.Value()
-		case GaugeFloat64:
-			values["value"] = metric.Value()
-		case Healthcheck:
-			values["error"] = nil
-			metric.Check()
-			if err := metric.Error(); nil != err {
-				values["error"] = metric.Error().Error()
-			}
-		case Histogram:
-			h := metric.Snapshot()
-			ps := h.Percentiles([]float64{0.5, 0.75, 0.95, 0.99, 0.999})
-			values["count"] = h.Count()
-			values["min"] = h.Min()
-			values["max"] = h.Max()
-			values["mean"] = h.Mean()
-			values["stddev"] = h.StdDev()
-			values["median"] = ps[0]
-			values["75%"] = ps[1]
-			values["95%"] = ps[2]
-			values["99%"] = ps[3]
-			values["99.9%"] = ps[4]
-		case Meter:
-			m := metric.Snapshot()
-			values["count"] = m.Count()
-			values["1m.rate"] = m.Rate1()
-			values["5m.rate"] = m.Rate5()
-			values["15m.rate"] = m.Rate15()
-			values["mean.rate"] = m.RateMean()
-		case Timer:
-			t := metric.Snapshot()
-			ps := t.Percentiles([]float64{0.5, 0.75, 0.95, 0.99, 0.999})
-			values["count"] = t.Count()
-			values["min"] = t.Min()
-			values["max"] = t.Max()
-			values["mean"] = t.Mean()
-			values["stddev"] = t.StdDev()
-			values["median"] = ps[0]
-			values["75%"] = ps[1]
-			values["95%"] = ps[2]
-			values["99%"] = ps[3]
-			values["99.9%"] = ps[4]
-			values["1m.rate"] = t.Rate1()
-			values["5m.rate"] = t.Rate5()
-			values["15m.rate"] = t.Rate15()
-			values["mean.rate"] = t.RateMean()
-		}
-		data[name] = values
-	})
-	return json.Marshal(data)
-}
-
-// WriteJSON writes metrics from the given registry  periodically to the
-// specified io.Writer as JSON.
-func WriteJSON(r Registry, d time.Duration, w io.Writer) {
-	for _ = range time.Tick(d) {
-		WriteJSONOnce(r, w)
-	}
-}
-
-// WriteJSONOnce writes metrics from the given registry to the specified
-// io.Writer as JSON.
-func WriteJSONOnce(r Registry, w io.Writer) {
-	json.NewEncoder(w).Encode(r)
-}
diff --git a/vendor/github.com/yvasiyarov/go-metrics/log.go b/vendor/github.com/yvasiyarov/go-metrics/log.go
deleted file mode 100644
index 278a8a441..000000000
--- a/vendor/github.com/yvasiyarov/go-metrics/log.go
+++ /dev/null
@@ -1,70 +0,0 @@
-package metrics
-
-import (
-	"log"
-	"time"
-)
-
-// Output each metric in the given registry periodically using the given
-// logger.
-func Log(r Registry, d time.Duration, l *log.Logger) {
-	for _ = range time.Tick(d) {
-		r.Each(func(name string, i interface{}) {
-			switch metric := i.(type) {
-			case Counter:
-				l.Printf("counter %s\n", name)
-				l.Printf("  count:       %9d\n", metric.Count())
-			case Gauge:
-				l.Printf("gauge %s\n", name)
-				l.Printf("  value:       %9d\n", metric.Value())
-			case GaugeFloat64:
-				l.Printf("gauge %s\n", name)
-				l.Printf("  value:       %f\n", metric.Value())
-			case Healthcheck:
-				metric.Check()
-				l.Printf("healthcheck %s\n", name)
-				l.Printf("  error:       %v\n", metric.Error())
-			case Histogram:
-				h := metric.Snapshot()
-				ps := h.Percentiles([]float64{0.5, 0.75, 0.95, 0.99, 0.999})
-				l.Printf("histogram %s\n", name)
-				l.Printf("  count:       %9d\n", h.Count())
-				l.Printf("  min:         %9d\n", h.Min())
-				l.Printf("  max:         %9d\n", h.Max())
-				l.Printf("  mean:        %12.2f\n", h.Mean())
-				l.Printf("  stddev:      %12.2f\n", h.StdDev())
-				l.Printf("  median:      %12.2f\n", ps[0])
-				l.Printf("  75%%:         %12.2f\n", ps[1])
-				l.Printf("  95%%:         %12.2f\n", ps[2])
-				l.Printf("  99%%:         %12.2f\n", ps[3])
-				l.Printf("  99.9%%:       %12.2f\n", ps[4])
-			case Meter:
-				m := metric.Snapshot()
-				l.Printf("meter %s\n", name)
-				l.Printf("  count:       %9d\n", m.Count())
-				l.Printf("  1-min rate:  %12.2f\n", m.Rate1())
-				l.Printf("  5-min rate:  %12.2f\n", m.Rate5())
-				l.Printf("  15-min rate: %12.2f\n", m.Rate15())
-				l.Printf("  mean rate:   %12.2f\n", m.RateMean())
-			case Timer:
-				t := metric.Snapshot()
-				ps := t.Percentiles([]float64{0.5, 0.75, 0.95, 0.99, 0.999})
-				l.Printf("timer %s\n", name)
-				l.Printf("  count:       %9d\n", t.Count())
-				l.Printf("  min:         %9d\n", t.Min())
-				l.Printf("  max:         %9d\n", t.Max())
-				l.Printf("  mean:        %12.2f\n", t.Mean())
-				l.Printf("  stddev:      %12.2f\n", t.StdDev())
-				l.Printf("  median:      %12.2f\n", ps[0])
-				l.Printf("  75%%:         %12.2f\n", ps[1])
-				l.Printf("  95%%:         %12.2f\n", ps[2])
-				l.Printf("  99%%:         %12.2f\n", ps[3])
-				l.Printf("  99.9%%:       %12.2f\n", ps[4])
-				l.Printf("  1-min rate:  %12.2f\n", t.Rate1())
-				l.Printf("  5-min rate:  %12.2f\n", t.Rate5())
-				l.Printf("  15-min rate: %12.2f\n", t.Rate15())
-				l.Printf("  mean rate:   %12.2f\n", t.RateMean())
-			}
-		})
-	}
-}
diff --git a/vendor/github.com/yvasiyarov/go-metrics/memory.md b/vendor/github.com/yvasiyarov/go-metrics/memory.md
deleted file mode 100644
index 47454f54b..000000000
--- a/vendor/github.com/yvasiyarov/go-metrics/memory.md
+++ /dev/null
@@ -1,285 +0,0 @@
-Memory usage
-============
-
-(Highly unscientific.)
-
-Command used to gather static memory usage:
-
-```sh
-grep ^Vm "/proc/$(ps fax | grep [m]etrics-bench | awk '{print $1}')/status"
-```
-
-Program used to gather baseline memory usage:
-
-```go
-package main
-
-import "time"
-
-func main() {
-	time.Sleep(600e9)
-}
-```
-
-Baseline
---------
-
-```
-VmPeak:    42604 kB
-VmSize:    42604 kB
-VmLck:         0 kB
-VmHWM:      1120 kB
-VmRSS:      1120 kB
-VmData:    35460 kB
-VmStk:       136 kB
-VmExe:      1020 kB
-VmLib:      1848 kB
-VmPTE:        36 kB
-VmSwap:        0 kB
-```
-
-Program used to gather metric memory usage (with other metrics being similar):
-
-```go
-package main
-
-import (
-	"fmt"
-	"metrics"
-	"time"
-)
-
-func main() {
-	fmt.Sprintf("foo")
-	metrics.NewRegistry()
-	time.Sleep(600e9)
-}
-```
-
-1000 counters registered
-------------------------
-
-```
-VmPeak:    44016 kB
-VmSize:    44016 kB
-VmLck:         0 kB
-VmHWM:      1928 kB
-VmRSS:      1928 kB
-VmData:    36868 kB
-VmStk:       136 kB
-VmExe:      1024 kB
-VmLib:      1848 kB
-VmPTE:        40 kB
-VmSwap:        0 kB
-```
-
-**1.412 kB virtual, TODO 0.808 kB resident per counter.**
-
-100000 counters registered
---------------------------
-
-```
-VmPeak:    55024 kB
-VmSize:    55024 kB
-VmLck:         0 kB
-VmHWM:     12440 kB
-VmRSS:     12440 kB
-VmData:    47876 kB
-VmStk:       136 kB
-VmExe:      1024 kB
-VmLib:      1848 kB
-VmPTE:        64 kB
-VmSwap:        0 kB
-```
-
-**0.1242 kB virtual, 0.1132 kB resident per counter.**
-
-1000 gauges registered
-----------------------
-
-```
-VmPeak:    44012 kB
-VmSize:    44012 kB
-VmLck:         0 kB
-VmHWM:      1928 kB
-VmRSS:      1928 kB
-VmData:    36868 kB
-VmStk:       136 kB
-VmExe:      1020 kB
-VmLib:      1848 kB
-VmPTE:        40 kB
-VmSwap:        0 kB
-```
-
-**1.408 kB virtual, 0.808 kB resident per counter.**
-
-100000 gauges registered
-------------------------
-
-```
-VmPeak:    55020 kB
-VmSize:    55020 kB
-VmLck:         0 kB
-VmHWM:     12432 kB
-VmRSS:     12432 kB
-VmData:    47876 kB
-VmStk:       136 kB
-VmExe:      1020 kB
-VmLib:      1848 kB
-VmPTE:        60 kB
-VmSwap:        0 kB
-```
-
-**0.12416 kB virtual, 0.11312 resident per gauge.**
-
-1000 histograms with a uniform sample size of 1028
---------------------------------------------------
-
-```
-VmPeak:    72272 kB
-VmSize:    72272 kB
-VmLck:         0 kB
-VmHWM:     16204 kB
-VmRSS:     16204 kB
-VmData:    65100 kB
-VmStk:       136 kB
-VmExe:      1048 kB
-VmLib:      1848 kB
-VmPTE:        80 kB
-VmSwap:        0 kB
-```
-
-**29.668 kB virtual, TODO 15.084 resident per histogram.**
-
-10000 histograms with a uniform sample size of 1028
----------------------------------------------------
-
-```
-VmPeak:   256912 kB
-VmSize:   256912 kB
-VmLck:         0 kB
-VmHWM:    146204 kB
-VmRSS:    146204 kB
-VmData:   249740 kB
-VmStk:       136 kB
-VmExe:      1048 kB
-VmLib:      1848 kB
-VmPTE:       448 kB
-VmSwap:        0 kB
-```
-
-**21.4308 kB virtual, 14.5084 kB resident per histogram.**
-
-50000 histograms with a uniform sample size of 1028
----------------------------------------------------
-
-```
-VmPeak:   908112 kB
-VmSize:   908112 kB
-VmLck:         0 kB
-VmHWM:    645832 kB
-VmRSS:    645588 kB
-VmData:   900940 kB
-VmStk:       136 kB
-VmExe:      1048 kB
-VmLib:      1848 kB
-VmPTE:      1716 kB
-VmSwap:     1544 kB
-```
-
-**17.31016 kB virtual, 12.88936 kB resident per histogram.**
-
-1000 histograms with an exponentially-decaying sample size of 1028 and alpha of 0.015
--------------------------------------------------------------------------------------
-
-```
-VmPeak:    62480 kB
-VmSize:    62480 kB
-VmLck:         0 kB
-VmHWM:     11572 kB
-VmRSS:     11572 kB
-VmData:    55308 kB
-VmStk:       136 kB
-VmExe:      1048 kB
-VmLib:      1848 kB
-VmPTE:        64 kB
-VmSwap:        0 kB
-```
-
-**19.876 kB virtual, 10.452 kB resident per histogram.**
-
-10000 histograms with an exponentially-decaying sample size of 1028 and alpha of 0.015
---------------------------------------------------------------------------------------
-
-```
-VmPeak:   153296 kB
-VmSize:   153296 kB
-VmLck:         0 kB
-VmHWM:    101176 kB
-VmRSS:    101176 kB
-VmData:   146124 kB
-VmStk:       136 kB
-VmExe:      1048 kB
-VmLib:      1848 kB
-VmPTE:       240 kB
-VmSwap:        0 kB
-```
-
-**11.0692 kB virtual, 10.0056 kB resident per histogram.**
-
-50000 histograms with an exponentially-decaying sample size of 1028 and alpha of 0.015
---------------------------------------------------------------------------------------
-
-```
-VmPeak:   557264 kB
-VmSize:   557264 kB
-VmLck:         0 kB
-VmHWM:    501056 kB
-VmRSS:    501056 kB
-VmData:   550092 kB
-VmStk:       136 kB
-VmExe:      1048 kB
-VmLib:      1848 kB
-VmPTE:      1032 kB
-VmSwap:        0 kB
-```
-
-**10.2932 kB virtual, 9.99872 kB resident per histogram.**
-
-1000 meters
------------
-
-```
-VmPeak:    74504 kB
-VmSize:    74504 kB
-VmLck:         0 kB
-VmHWM:     24124 kB
-VmRSS:     24124 kB
-VmData:    67340 kB
-VmStk:       136 kB
-VmExe:      1040 kB
-VmLib:      1848 kB
-VmPTE:        92 kB
-VmSwap:        0 kB
-```
-
-**31.9 kB virtual, 23.004 kB resident per meter.**
-
-10000 meters
-------------
-
-```
-VmPeak:   278920 kB
-VmSize:   278920 kB
-VmLck:         0 kB
-VmHWM:    227300 kB
-VmRSS:    227300 kB
-VmData:   271756 kB
-VmStk:       136 kB
-VmExe:      1040 kB
-VmLib:      1848 kB
-VmPTE:       488 kB
-VmSwap:        0 kB
-```
-
-**23.6316 kB virtual, 22.618 kB resident per meter.**
diff --git a/vendor/github.com/yvasiyarov/go-metrics/meter.go b/vendor/github.com/yvasiyarov/go-metrics/meter.go
deleted file mode 100644
index 0389ab0b8..000000000
--- a/vendor/github.com/yvasiyarov/go-metrics/meter.go
+++ /dev/null
@@ -1,233 +0,0 @@
-package metrics
-
-import (
-	"sync"
-	"time"
-)
-
-// Meters count events to produce exponentially-weighted moving average rates
-// at one-, five-, and fifteen-minutes and a mean rate.
-type Meter interface {
-	Count() int64
-	Mark(int64)
-	Rate1() float64
-	Rate5() float64
-	Rate15() float64
-	RateMean() float64
-	Snapshot() Meter
-}
-
-// GetOrRegisterMeter returns an existing Meter or constructs and registers a
-// new StandardMeter.
-func GetOrRegisterMeter(name string, r Registry) Meter {
-	if nil == r {
-		r = DefaultRegistry
-	}
-	return r.GetOrRegister(name, NewMeter).(Meter)
-}
-
-// NewMeter constructs a new StandardMeter and launches a goroutine.
-func NewMeter() Meter {
-	if UseNilMetrics {
-		return NilMeter{}
-	}
-	m := newStandardMeter()
-	arbiter.Lock()
-	defer arbiter.Unlock()
-	arbiter.meters = append(arbiter.meters, m)
-	if !arbiter.started {
-		arbiter.started = true
-		go arbiter.tick()
-	}
-	return m
-}
-
-// NewMeter constructs and registers a new StandardMeter and launches a
-// goroutine.
-func NewRegisteredMeter(name string, r Registry) Meter {
-	c := NewMeter()
-	if nil == r {
-		r = DefaultRegistry
-	}
-	r.Register(name, c)
-	return c
-}
-
-// MeterSnapshot is a read-only copy of another Meter.
-type MeterSnapshot struct {
-	count                          int64
-	rate1, rate5, rate15, rateMean float64
-}
-
-// Count returns the count of events at the time the snapshot was taken.
-func (m *MeterSnapshot) Count() int64 { return m.count }
-
-// Mark panics.
-func (*MeterSnapshot) Mark(n int64) {
-	panic("Mark called on a MeterSnapshot")
-}
-
-// Rate1 returns the one-minute moving average rate of events per second at the
-// time the snapshot was taken.
-func (m *MeterSnapshot) Rate1() float64 { return m.rate1 }
-
-// Rate5 returns the five-minute moving average rate of events per second at
-// the time the snapshot was taken.
-func (m *MeterSnapshot) Rate5() float64 { return m.rate5 }
-
-// Rate15 returns the fifteen-minute moving average rate of events per second
-// at the time the snapshot was taken.
-func (m *MeterSnapshot) Rate15() float64 { return m.rate15 }
-
-// RateMean returns the meter's mean rate of events per second at the time the
-// snapshot was taken.
-func (m *MeterSnapshot) RateMean() float64 { return m.rateMean }
-
-// Snapshot returns the snapshot.
-func (m *MeterSnapshot) Snapshot() Meter { return m }
-
-// NilMeter is a no-op Meter.
-type NilMeter struct{}
-
-// Count is a no-op.
-func (NilMeter) Count() int64 { return 0 }
-
-// Mark is a no-op.
-func (NilMeter) Mark(n int64) {}
-
-// Rate1 is a no-op.
-func (NilMeter) Rate1() float64 { return 0.0 }
-
-// Rate5 is a no-op.
-func (NilMeter) Rate5() float64 { return 0.0 }
-
-// Rate15is a no-op.
-func (NilMeter) Rate15() float64 { return 0.0 }
-
-// RateMean is a no-op.
-func (NilMeter) RateMean() float64 { return 0.0 }
-
-// Snapshot is a no-op.
-func (NilMeter) Snapshot() Meter { return NilMeter{} }
-
-// StandardMeter is the standard implementation of a Meter.
-type StandardMeter struct {
-	lock        sync.RWMutex
-	snapshot    *MeterSnapshot
-	a1, a5, a15 EWMA
-	startTime   time.Time
-}
-
-func newStandardMeter() *StandardMeter {
-	return &StandardMeter{
-		snapshot:  &MeterSnapshot{},
-		a1:        NewEWMA1(),
-		a5:        NewEWMA5(),
-		a15:       NewEWMA15(),
-		startTime: time.Now(),
-	}
-}
-
-// Count returns the number of events recorded.
-func (m *StandardMeter) Count() int64 {
-	m.lock.RLock()
-	count := m.snapshot.count
-	m.lock.RUnlock()
-	return count
-}
-
-// Mark records the occurance of n events.
-func (m *StandardMeter) Mark(n int64) {
-	m.lock.Lock()
-	defer m.lock.Unlock()
-	m.snapshot.count += n
-	m.a1.Update(n)
-	m.a5.Update(n)
-	m.a15.Update(n)
-	m.updateSnapshot()
-}
-
-// Rate1 returns the one-minute moving average rate of events per second.
-func (m *StandardMeter) Rate1() float64 {
-	m.lock.RLock()
-	rate1 := m.snapshot.rate1
-	m.lock.RUnlock()
-	return rate1
-}
-
-// Rate5 returns the five-minute moving average rate of events per second.
-func (m *StandardMeter) Rate5() float64 {
-	m.lock.RLock()
-	rate5 := m.snapshot.rate5
-	m.lock.RUnlock()
-	return rate5
-}
-
-// Rate15 returns the fifteen-minute moving average rate of events per second.
-func (m *StandardMeter) Rate15() float64 {
-	m.lock.RLock()
-	rate15 := m.snapshot.rate15
-	m.lock.RUnlock()
-	return rate15
-}
-
-// RateMean returns the meter's mean rate of events per second.
-func (m *StandardMeter) RateMean() float64 {
-	m.lock.RLock()
-	rateMean := m.snapshot.rateMean
-	m.lock.RUnlock()
-	return rateMean
-}
-
-// Snapshot returns a read-only copy of the meter.
-func (m *StandardMeter) Snapshot() Meter {
-	m.lock.RLock()
-	snapshot := *m.snapshot
-	m.lock.RUnlock()
-	return &snapshot
-}
-
-func (m *StandardMeter) updateSnapshot() {
-	// should run with write lock held on m.lock
-	snapshot := m.snapshot
-	snapshot.rate1 = m.a1.Rate()
-	snapshot.rate5 = m.a5.Rate()
-	snapshot.rate15 = m.a15.Rate()
-	snapshot.rateMean = float64(snapshot.count) / time.Since(m.startTime).Seconds()
-}
-
-func (m *StandardMeter) tick() {
-	m.lock.Lock()
-	defer m.lock.Unlock()
-	m.a1.Tick()
-	m.a5.Tick()
-	m.a15.Tick()
-	m.updateSnapshot()
-}
-
-type meterArbiter struct {
-	sync.RWMutex
-	started bool
-	meters  []*StandardMeter
-	ticker  *time.Ticker
-}
-
-var arbiter = meterArbiter{ticker: time.NewTicker(5e9)}
-
-// Ticks meters on the scheduled interval
-func (ma *meterArbiter) tick() {
-	for {
-		select {
-		case <-ma.ticker.C:
-			ma.tickMeters()
-		}
-	}
-}
-
-func (ma *meterArbiter) tickMeters() {
-	ma.RLock()
-	defer ma.RUnlock()
-	for _, meter := range ma.meters {
-		meter.tick()
-	}
-}
diff --git a/vendor/github.com/yvasiyarov/go-metrics/metrics.go b/vendor/github.com/yvasiyarov/go-metrics/metrics.go
deleted file mode 100644
index b97a49ed1..000000000
--- a/vendor/github.com/yvasiyarov/go-metrics/metrics.go
+++ /dev/null
@@ -1,13 +0,0 @@
-// Go port of Coda Hale's Metrics library
-//
-// <https://github.com/rcrowley/go-metrics>
-//
-// Coda Hale's original work: <https://github.com/codahale/metrics>
-package metrics
-
-// UseNilMetrics is checked by the constructor functions for all of the
-// standard metrics.  If it is true, the metric returned is a stub.
-//
-// This global kill-switch helps quantify the observer effect and makes
-// for less cluttered pprof profiles.
-var UseNilMetrics bool = false
diff --git a/vendor/github.com/yvasiyarov/go-metrics/opentsdb.go b/vendor/github.com/yvasiyarov/go-metrics/opentsdb.go
deleted file mode 100644
index fbc292de1..000000000
--- a/vendor/github.com/yvasiyarov/go-metrics/opentsdb.go
+++ /dev/null
@@ -1,119 +0,0 @@
-package metrics
-
-import (
-	"bufio"
-	"fmt"
-	"log"
-	"net"
-	"time"
-    "os"
-    "strings"
-)
-
-var shortHostName string = ""
-
-// OpenTSDBConfig provides a container with configuration parameters for
-// the OpenTSDB exporter
-type OpenTSDBConfig struct {
-	Addr          *net.TCPAddr  // Network address to connect to
-	Registry      Registry      // Registry to be exported
-	FlushInterval time.Duration // Flush interval
-	DurationUnit  time.Duration // Time conversion unit for durations
-	Prefix        string        // Prefix to be prepended to metric names
-}
-
-// OpenTSDB is a blocking exporter function which reports metrics in r
-// to a TSDB server located at addr, flushing them every d duration
-// and prepending metric names with prefix.
-func OpenTSDB(r Registry, d time.Duration, prefix string, addr *net.TCPAddr) {
-	OpenTSDBWithConfig(OpenTSDBConfig{
-		Addr:          addr,
-		Registry:      r,
-		FlushInterval: d,
-		DurationUnit:  time.Nanosecond,
-		Prefix:        prefix,
-	})
-}
-
-// OpenTSDBWithConfig is a blocking exporter function just like OpenTSDB,
-// but it takes a OpenTSDBConfig instead.
-func OpenTSDBWithConfig(c OpenTSDBConfig) {
-	for _ = range time.Tick(c.FlushInterval) {
-		if err := openTSDB(&c); nil != err {
-			log.Println(err)
-		}
-	}
-}
-
-func getShortHostname() string {
-    if shortHostName == "" {
-        host, _ := os.Hostname()
-        if index := strings.Index(host, "."); index > 0 {
-            shortHostName = host[:index]
-        } else {
-            shortHostName = host
-        }
-    }
-    return shortHostName
-}
-
-func openTSDB(c *OpenTSDBConfig) error {
-    shortHostname := getShortHostname()
-	now := time.Now().Unix()
-	du := float64(c.DurationUnit)
-	conn, err := net.DialTCP("tcp", nil, c.Addr)
-	if nil != err {
-		return err
-	}
-	defer conn.Close()
-	w := bufio.NewWriter(conn)
-	c.Registry.Each(func(name string, i interface{}) {
-		switch metric := i.(type) {
-		case Counter:
-			fmt.Fprintf(w, "put %s.%s.count %d %d host=%s\n", c.Prefix, name, now, metric.Count(), shortHostname)
-		case Gauge:
-			fmt.Fprintf(w, "put %s.%s.value %d %d host=%s\n", c.Prefix, name, now, metric.Value(), shortHostname)
-		case GaugeFloat64:
-			fmt.Fprintf(w, "put %s.%s.value %d %f host=%s\n", c.Prefix, name, now, metric.Value(), shortHostname)
-		case Histogram:
-			h := metric.Snapshot()
-			ps := h.Percentiles([]float64{0.5, 0.75, 0.95, 0.99, 0.999})
-			fmt.Fprintf(w, "put %s.%s.count %d %d host=%s\n", c.Prefix, name, now, h.Count(), shortHostname)
-			fmt.Fprintf(w, "put %s.%s.min %d %d host=%s\n", c.Prefix, name, now, h.Min(), shortHostname)
-			fmt.Fprintf(w, "put %s.%s.max %d %d host=%s\n", c.Prefix, name, now, h.Max(), shortHostname)
-			fmt.Fprintf(w, "put %s.%s.mean %d %.2f host=%s\n", c.Prefix, name, now, h.Mean(), shortHostname)
-			fmt.Fprintf(w, "put %s.%s.std-dev %d %.2f host=%s\n", c.Prefix, name, now, h.StdDev(), shortHostname)
-			fmt.Fprintf(w, "put %s.%s.50-percentile %d %.2f host=%s\n", c.Prefix, name, now, ps[0], shortHostname)
-			fmt.Fprintf(w, "put %s.%s.75-percentile %d %.2f host=%s\n", c.Prefix, name, now, ps[1], shortHostname)
-			fmt.Fprintf(w, "put %s.%s.95-percentile %d %.2f host=%s\n", c.Prefix, name, now, ps[2], shortHostname)
-			fmt.Fprintf(w, "put %s.%s.99-percentile %d %.2f host=%s\n", c.Prefix, name, now, ps[3], shortHostname)
-			fmt.Fprintf(w, "put %s.%s.999-percentile %d %.2f host=%s\n", c.Prefix, name, now, ps[4], shortHostname)
-		case Meter:
-			m := metric.Snapshot()
-			fmt.Fprintf(w, "put %s.%s.count %d %d host=%s\n", c.Prefix, name, now, m.Count(), shortHostname)
-			fmt.Fprintf(w, "put %s.%s.one-minute %d %.2f host=%s\n", c.Prefix, name, now, m.Rate1(), shortHostname)
-			fmt.Fprintf(w, "put %s.%s.five-minute %d %.2f host=%s\n", c.Prefix, name, now, m.Rate5(), shortHostname)
-			fmt.Fprintf(w, "put %s.%s.fifteen-minute %d %.2f host=%s\n", c.Prefix, name, now, m.Rate15(), shortHostname)
-			fmt.Fprintf(w, "put %s.%s.mean %d %.2f host=%s\n", c.Prefix, name, now, m.RateMean(), shortHostname)
-		case Timer:
-			t := metric.Snapshot()
-			ps := t.Percentiles([]float64{0.5, 0.75, 0.95, 0.99, 0.999})
-			fmt.Fprintf(w, "put %s.%s.count %d %d host=%s\n", c.Prefix, name, now, t.Count(), shortHostname)
-			fmt.Fprintf(w, "put %s.%s.min %d %d host=%s\n", c.Prefix, name, now, int64(du)*t.Min(), shortHostname)
-			fmt.Fprintf(w, "put %s.%s.max %d %d host=%s\n", c.Prefix, name, now, int64(du)*t.Max(), shortHostname)
-			fmt.Fprintf(w, "put %s.%s.mean %d %.2f host=%s\n", c.Prefix, name, now, du*t.Mean(), shortHostname)
-			fmt.Fprintf(w, "put %s.%s.std-dev %d %.2f host=%s\n", c.Prefix, name, now, du*t.StdDev(), shortHostname)
-			fmt.Fprintf(w, "put %s.%s.50-percentile %d %.2f host=%s\n", c.Prefix, name, now, du*ps[0], shortHostname)
-			fmt.Fprintf(w, "put %s.%s.75-percentile %d %.2f host=%s\n", c.Prefix, name, now, du*ps[1], shortHostname)
-			fmt.Fprintf(w, "put %s.%s.95-percentile %d %.2f host=%s\n", c.Prefix, name, now, du*ps[2], shortHostname)
-			fmt.Fprintf(w, "put %s.%s.99-percentile %d %.2f host=%s\n", c.Prefix, name, now, du*ps[3], shortHostname)
-			fmt.Fprintf(w, "put %s.%s.999-percentile %d %.2f host=%s\n", c.Prefix, name, now, du*ps[4], shortHostname)
-			fmt.Fprintf(w, "put %s.%s.one-minute %d %.2f host=%s\n", c.Prefix, name, now, t.Rate1(), shortHostname)
-			fmt.Fprintf(w, "put %s.%s.five-minute %d %.2f host=%s\n", c.Prefix, name, now, t.Rate5(), shortHostname)
-			fmt.Fprintf(w, "put %s.%s.fifteen-minute %d %.2f host=%s\n", c.Prefix, name, now, t.Rate15(), shortHostname)
-			fmt.Fprintf(w, "put %s.%s.mean-rate %d %.2f host=%s\n", c.Prefix, name, now, t.RateMean(), shortHostname)
-		}
-		w.Flush()
-	})
-	return nil
-}
diff --git a/vendor/github.com/yvasiyarov/go-metrics/registry.go b/vendor/github.com/yvasiyarov/go-metrics/registry.go
deleted file mode 100644
index 9ef498a2a..000000000
--- a/vendor/github.com/yvasiyarov/go-metrics/registry.go
+++ /dev/null
@@ -1,168 +0,0 @@
-package metrics
-
-import (
-	"fmt"
-	"reflect"
-	"sync"
-)
-
-// DuplicateMetric is the error returned by Registry.Register when a metric
-// already exists.  If you mean to Register that metric you must first
-// Unregister the existing metric.
-type DuplicateMetric string
-
-func (err DuplicateMetric) Error() string {
-	return fmt.Sprintf("duplicate metric: %s", string(err))
-}
-
-// A Registry holds references to a set of metrics by name and can iterate
-// over them, calling callback functions provided by the user.
-//
-// This is an interface so as to encourage other structs to implement
-// the Registry API as appropriate.
-type Registry interface {
-
-	// Call the given function for each registered metric.
-	Each(func(string, interface{}))
-
-	// Get the metric by the given name or nil if none is registered.
-	Get(string) interface{}
-
-	// Gets an existing metric or registers the given one.
-	// The interface can be the metric to register if not found in registry,
-	// or a function returning the metric for lazy instantiation.
-	GetOrRegister(string, interface{}) interface{}
-
-	// Register the given metric under the given name.
-	Register(string, interface{}) error
-
-	// Run all registered healthchecks.
-	RunHealthchecks()
-
-	// Unregister the metric with the given name.
-	Unregister(string)
-}
-
-// The standard implementation of a Registry is a mutex-protected map
-// of names to metrics.
-type StandardRegistry struct {
-	metrics map[string]interface{}
-	mutex   sync.Mutex
-}
-
-// Create a new registry.
-func NewRegistry() Registry {
-	return &StandardRegistry{metrics: make(map[string]interface{})}
-}
-
-// Call the given function for each registered metric.
-func (r *StandardRegistry) Each(f func(string, interface{})) {
-	for name, i := range r.registered() {
-		f(name, i)
-	}
-}
-
-// Get the metric by the given name or nil if none is registered.
-func (r *StandardRegistry) Get(name string) interface{} {
-	r.mutex.Lock()
-	defer r.mutex.Unlock()
-	return r.metrics[name]
-}
-
-// Gets an existing metric or creates and registers a new one. Threadsafe
-// alternative to calling Get and Register on failure.
-// The interface can be the metric to register if not found in registry,
-// or a function returning the metric for lazy instantiation.
-func (r *StandardRegistry) GetOrRegister(name string, i interface{}) interface{} {
-	r.mutex.Lock()
-	defer r.mutex.Unlock()
-	if metric, ok := r.metrics[name]; ok {
-		return metric
-	}
-	if v := reflect.ValueOf(i); v.Kind() == reflect.Func {
-		i = v.Call(nil)[0].Interface()
-	}
-	r.register(name, i)
-	return i
-}
-
-// Register the given metric under the given name.  Returns a DuplicateMetric
-// if a metric by the given name is already registered.
-func (r *StandardRegistry) Register(name string, i interface{}) error {
-	r.mutex.Lock()
-	defer r.mutex.Unlock()
-	return r.register(name, i)
-}
-
-// Run all registered healthchecks.
-func (r *StandardRegistry) RunHealthchecks() {
-	r.mutex.Lock()
-	defer r.mutex.Unlock()
-	for _, i := range r.metrics {
-		if h, ok := i.(Healthcheck); ok {
-			h.Check()
-		}
-	}
-}
-
-// Unregister the metric with the given name.
-func (r *StandardRegistry) Unregister(name string) {
-	r.mutex.Lock()
-	defer r.mutex.Unlock()
-	delete(r.metrics, name)
-}
-
-func (r *StandardRegistry) register(name string, i interface{}) error {
-	if _, ok := r.metrics[name]; ok {
-		return DuplicateMetric(name)
-	}
-	switch i.(type) {
-	case Counter, Gauge, GaugeFloat64, Healthcheck, Histogram, Meter, Timer:
-		r.metrics[name] = i
-	}
-	return nil
-}
-
-func (r *StandardRegistry) registered() map[string]interface{} {
-	metrics := make(map[string]interface{}, len(r.metrics))
-	r.mutex.Lock()
-	defer r.mutex.Unlock()
-	for name, i := range r.metrics {
-		metrics[name] = i
-	}
-	return metrics
-}
-
-var DefaultRegistry Registry = NewRegistry()
-
-// Call the given function for each registered metric.
-func Each(f func(string, interface{})) {
-	DefaultRegistry.Each(f)
-}
-
-// Get the metric by the given name or nil if none is registered.
-func Get(name string) interface{} {
-	return DefaultRegistry.Get(name)
-}
-
-// Gets an existing metric or creates and registers a new one. Threadsafe
-// alternative to calling Get and Register on failure.
-func GetOrRegister(name string, i interface{}) interface{} {
-	return DefaultRegistry.GetOrRegister(name, i)
-}
-
-// Register the given metric under the given name.  Returns a DuplicateMetric
-// if a metric by the given name is already registered.
-func Register(name string, i interface{}) error {
-	return DefaultRegistry.Register(name, i)
-}
-
-// Run all registered healthchecks.
-func RunHealthchecks() {
-	DefaultRegistry.RunHealthchecks()
-}
-
-// Unregister the metric with the given name.
-func Unregister(name string) {
-	DefaultRegistry.Unregister(name)
-}
diff --git a/vendor/github.com/yvasiyarov/go-metrics/runtime.go b/vendor/github.com/yvasiyarov/go-metrics/runtime.go
deleted file mode 100644
index 82574bf25..000000000
--- a/vendor/github.com/yvasiyarov/go-metrics/runtime.go
+++ /dev/null
@@ -1,200 +0,0 @@
-package metrics
-
-import (
-	"runtime"
-	"time"
-)
-
-var (
-	memStats       runtime.MemStats
-	runtimeMetrics struct {
-		MemStats struct {
-			Alloc        Gauge
-			BuckHashSys  Gauge
-			DebugGC      Gauge
-			EnableGC     Gauge
-			Frees        Gauge
-			HeapAlloc    Gauge
-			HeapIdle     Gauge
-			HeapInuse    Gauge
-			HeapObjects  Gauge
-			HeapReleased Gauge
-			HeapSys      Gauge
-			LastGC       Gauge
-			Lookups      Gauge
-			Mallocs      Gauge
-			MCacheInuse  Gauge
-			MCacheSys    Gauge
-			MSpanInuse   Gauge
-			MSpanSys     Gauge
-			NextGC       Gauge
-			NumGC        Gauge
-			PauseNs      Histogram
-			PauseTotalNs Gauge
-			StackInuse   Gauge
-			StackSys     Gauge
-			Sys          Gauge
-			TotalAlloc   Gauge
-		}
-		NumCgoCall   Gauge
-		NumGoroutine Gauge
-		ReadMemStats Timer
-	}
-	frees       uint64
-	lookups     uint64
-	mallocs     uint64
-	numGC       uint32
-	numCgoCalls int64
-)
-
-// Capture new values for the Go runtime statistics exported in
-// runtime.MemStats.  This is designed to be called as a goroutine.
-func CaptureRuntimeMemStats(r Registry, d time.Duration) {
-	for _ = range time.Tick(d) {
-		CaptureRuntimeMemStatsOnce(r)
-	}
-}
-
-// Capture new values for the Go runtime statistics exported in
-// runtime.MemStats.  This is designed to be called in a background
-// goroutine.  Giving a registry which has not been given to
-// RegisterRuntimeMemStats will panic.
-//
-// Be very careful with this because runtime.ReadMemStats calls the C
-// functions runtime·semacquire(&runtime·worldsema) and runtime·stoptheworld()
-// and that last one does what it says on the tin.
-func CaptureRuntimeMemStatsOnce(r Registry) {
-	t := time.Now()
-	runtime.ReadMemStats(&memStats) // This takes 50-200us.
-	runtimeMetrics.ReadMemStats.UpdateSince(t)
-
-	runtimeMetrics.MemStats.Alloc.Update(int64(memStats.Alloc))
-	runtimeMetrics.MemStats.BuckHashSys.Update(int64(memStats.BuckHashSys))
-	if memStats.DebugGC {
-		runtimeMetrics.MemStats.DebugGC.Update(1)
-	} else {
-		runtimeMetrics.MemStats.DebugGC.Update(0)
-	}
-	if memStats.EnableGC {
-		runtimeMetrics.MemStats.EnableGC.Update(1)
-	} else {
-		runtimeMetrics.MemStats.EnableGC.Update(0)
-	}
-
-	runtimeMetrics.MemStats.Frees.Update(int64(memStats.Frees - frees))
-	runtimeMetrics.MemStats.HeapAlloc.Update(int64(memStats.HeapAlloc))
-	runtimeMetrics.MemStats.HeapIdle.Update(int64(memStats.HeapIdle))
-	runtimeMetrics.MemStats.HeapInuse.Update(int64(memStats.HeapInuse))
-	runtimeMetrics.MemStats.HeapObjects.Update(int64(memStats.HeapObjects))
-	runtimeMetrics.MemStats.HeapReleased.Update(int64(memStats.HeapReleased))
-	runtimeMetrics.MemStats.HeapSys.Update(int64(memStats.HeapSys))
-	runtimeMetrics.MemStats.LastGC.Update(int64(memStats.LastGC))
-	runtimeMetrics.MemStats.Lookups.Update(int64(memStats.Lookups - lookups))
-	runtimeMetrics.MemStats.Mallocs.Update(int64(memStats.Mallocs - mallocs))
-	runtimeMetrics.MemStats.MCacheInuse.Update(int64(memStats.MCacheInuse))
-	runtimeMetrics.MemStats.MCacheSys.Update(int64(memStats.MCacheSys))
-	runtimeMetrics.MemStats.MSpanInuse.Update(int64(memStats.MSpanInuse))
-	runtimeMetrics.MemStats.MSpanSys.Update(int64(memStats.MSpanSys))
-	runtimeMetrics.MemStats.NextGC.Update(int64(memStats.NextGC))
-	runtimeMetrics.MemStats.NumGC.Update(int64(memStats.NumGC - numGC))
-
-	// <https://code.google.com/p/go/source/browse/src/pkg/runtime/mgc0.c>
-	i := numGC % uint32(len(memStats.PauseNs))
-	ii := memStats.NumGC % uint32(len(memStats.PauseNs))
-	if memStats.NumGC-numGC >= uint32(len(memStats.PauseNs)) {
-		for i = 0; i < uint32(len(memStats.PauseNs)); i++ {
-			runtimeMetrics.MemStats.PauseNs.Update(int64(memStats.PauseNs[i]))
-		}
-	} else {
-		if i > ii {
-			for ; i < uint32(len(memStats.PauseNs)); i++ {
-				runtimeMetrics.MemStats.PauseNs.Update(int64(memStats.PauseNs[i]))
-			}
-			i = 0
-		}
-		for ; i < ii; i++ {
-			runtimeMetrics.MemStats.PauseNs.Update(int64(memStats.PauseNs[i]))
-		}
-	}
-	frees = memStats.Frees
-	lookups = memStats.Lookups
-	mallocs = memStats.Mallocs
-	numGC = memStats.NumGC
-
-	runtimeMetrics.MemStats.PauseTotalNs.Update(int64(memStats.PauseTotalNs))
-	runtimeMetrics.MemStats.StackInuse.Update(int64(memStats.StackInuse))
-	runtimeMetrics.MemStats.StackSys.Update(int64(memStats.StackSys))
-	runtimeMetrics.MemStats.Sys.Update(int64(memStats.Sys))
-	runtimeMetrics.MemStats.TotalAlloc.Update(int64(memStats.TotalAlloc))
-
-	currentNumCgoCalls := numCgoCall()
-	runtimeMetrics.NumCgoCall.Update(currentNumCgoCalls - numCgoCalls)
-	numCgoCalls = currentNumCgoCalls
-
-	runtimeMetrics.NumGoroutine.Update(int64(runtime.NumGoroutine()))
-}
-
-// Register runtimeMetrics for the Go runtime statistics exported in runtime and
-// specifically runtime.MemStats.  The runtimeMetrics are named by their
-// fully-qualified Go symbols, i.e. runtime.MemStats.Alloc.
-func RegisterRuntimeMemStats(r Registry) {
-	runtimeMetrics.MemStats.Alloc = NewGauge()
-	runtimeMetrics.MemStats.BuckHashSys = NewGauge()
-	runtimeMetrics.MemStats.DebugGC = NewGauge()
-	runtimeMetrics.MemStats.EnableGC = NewGauge()
-	runtimeMetrics.MemStats.Frees = NewGauge()
-	runtimeMetrics.MemStats.HeapAlloc = NewGauge()
-	runtimeMetrics.MemStats.HeapIdle = NewGauge()
-	runtimeMetrics.MemStats.HeapInuse = NewGauge()
-	runtimeMetrics.MemStats.HeapObjects = NewGauge()
-	runtimeMetrics.MemStats.HeapReleased = NewGauge()
-	runtimeMetrics.MemStats.HeapSys = NewGauge()
-	runtimeMetrics.MemStats.LastGC = NewGauge()
-	runtimeMetrics.MemStats.Lookups = NewGauge()
-	runtimeMetrics.MemStats.Mallocs = NewGauge()
-	runtimeMetrics.MemStats.MCacheInuse = NewGauge()
-	runtimeMetrics.MemStats.MCacheSys = NewGauge()
-	runtimeMetrics.MemStats.MSpanInuse = NewGauge()
-	runtimeMetrics.MemStats.MSpanSys = NewGauge()
-	runtimeMetrics.MemStats.NextGC = NewGauge()
-	runtimeMetrics.MemStats.NumGC = NewGauge()
-	runtimeMetrics.MemStats.PauseNs = NewHistogram(NewExpDecaySample(1028, 0.015))
-	runtimeMetrics.MemStats.PauseTotalNs = NewGauge()
-	runtimeMetrics.MemStats.StackInuse = NewGauge()
-	runtimeMetrics.MemStats.StackSys = NewGauge()
-	runtimeMetrics.MemStats.Sys = NewGauge()
-	runtimeMetrics.MemStats.TotalAlloc = NewGauge()
-	runtimeMetrics.NumCgoCall = NewGauge()
-	runtimeMetrics.NumGoroutine = NewGauge()
-	runtimeMetrics.ReadMemStats = NewTimer()
-
-	r.Register("runtime.MemStats.Alloc", runtimeMetrics.MemStats.Alloc)
-	r.Register("runtime.MemStats.BuckHashSys", runtimeMetrics.MemStats.BuckHashSys)
-	r.Register("runtime.MemStats.DebugGC", runtimeMetrics.MemStats.DebugGC)
-	r.Register("runtime.MemStats.EnableGC", runtimeMetrics.MemStats.EnableGC)
-	r.Register("runtime.MemStats.Frees", runtimeMetrics.MemStats.Frees)
-	r.Register("runtime.MemStats.HeapAlloc", runtimeMetrics.MemStats.HeapAlloc)
-	r.Register("runtime.MemStats.HeapIdle", runtimeMetrics.MemStats.HeapIdle)
-	r.Register("runtime.MemStats.HeapInuse", runtimeMetrics.MemStats.HeapInuse)
-	r.Register("runtime.MemStats.HeapObjects", runtimeMetrics.MemStats.HeapObjects)
-	r.Register("runtime.MemStats.HeapReleased", runtimeMetrics.MemStats.HeapReleased)
-	r.Register("runtime.MemStats.HeapSys", runtimeMetrics.MemStats.HeapSys)
-	r.Register("runtime.MemStats.LastGC", runtimeMetrics.MemStats.LastGC)
-	r.Register("runtime.MemStats.Lookups", runtimeMetrics.MemStats.Lookups)
-	r.Register("runtime.MemStats.Mallocs", runtimeMetrics.MemStats.Mallocs)
-	r.Register("runtime.MemStats.MCacheInuse", runtimeMetrics.MemStats.MCacheInuse)
-	r.Register("runtime.MemStats.MCacheSys", runtimeMetrics.MemStats.MCacheSys)
-	r.Register("runtime.MemStats.MSpanInuse", runtimeMetrics.MemStats.MSpanInuse)
-	r.Register("runtime.MemStats.MSpanSys", runtimeMetrics.MemStats.MSpanSys)
-	r.Register("runtime.MemStats.NextGC", runtimeMetrics.MemStats.NextGC)
-	r.Register("runtime.MemStats.NumGC", runtimeMetrics.MemStats.NumGC)
-	r.Register("runtime.MemStats.PauseNs", runtimeMetrics.MemStats.PauseNs)
-	r.Register("runtime.MemStats.PauseTotalNs", runtimeMetrics.MemStats.PauseTotalNs)
-	r.Register("runtime.MemStats.StackInuse", runtimeMetrics.MemStats.StackInuse)
-	r.Register("runtime.MemStats.StackSys", runtimeMetrics.MemStats.StackSys)
-	r.Register("runtime.MemStats.Sys", runtimeMetrics.MemStats.Sys)
-	r.Register("runtime.MemStats.TotalAlloc", runtimeMetrics.MemStats.TotalAlloc)
-	r.Register("runtime.NumCgoCall", runtimeMetrics.NumCgoCall)
-	r.Register("runtime.NumGoroutine", runtimeMetrics.NumGoroutine)
-	r.Register("runtime.ReadMemStats", runtimeMetrics.ReadMemStats)
-}
diff --git a/vendor/github.com/yvasiyarov/go-metrics/runtime_cgo.go b/vendor/github.com/yvasiyarov/go-metrics/runtime_cgo.go
deleted file mode 100644
index 38976a8c5..000000000
--- a/vendor/github.com/yvasiyarov/go-metrics/runtime_cgo.go
+++ /dev/null
@@ -1,9 +0,0 @@
-// +build cgo
-
-package metrics
-
-import "runtime"
-
-func numCgoCall() int64 {
-	return runtime.NumCgoCall()
-}
diff --git a/vendor/github.com/yvasiyarov/go-metrics/runtime_no_cgo.go b/vendor/github.com/yvasiyarov/go-metrics/runtime_no_cgo.go
deleted file mode 100644
index 38220330c..000000000
--- a/vendor/github.com/yvasiyarov/go-metrics/runtime_no_cgo.go
+++ /dev/null
@@ -1,7 +0,0 @@
-// +build !cgo
-
-package metrics
-
-func numCgoCall() int64 {
-	return 0
-}
diff --git a/vendor/github.com/yvasiyarov/go-metrics/sample.go b/vendor/github.com/yvasiyarov/go-metrics/sample.go
deleted file mode 100644
index e34b7b585..000000000
--- a/vendor/github.com/yvasiyarov/go-metrics/sample.go
+++ /dev/null
@@ -1,568 +0,0 @@
-package metrics
-
-import (
-	"container/heap"
-	"math"
-	"math/rand"
-	"sort"
-	"sync"
-	"time"
-)
-
-const rescaleThreshold = time.Hour
-
-// Samples maintain a statistically-significant selection of values from
-// a stream.
-type Sample interface {
-	Clear()
-	Count() int64
-	Max() int64
-	Mean() float64
-	Min() int64
-	Percentile(float64) float64
-	Percentiles([]float64) []float64
-	Size() int
-	Snapshot() Sample
-	StdDev() float64
-	Sum() int64
-	Update(int64)
-	Values() []int64
-	Variance() float64
-}
-
-// ExpDecaySample is an exponentially-decaying sample using a forward-decaying
-// priority reservoir.  See Cormode et al's "Forward Decay: A Practical Time
-// Decay Model for Streaming Systems".
-//
-// <http://www.research.att.com/people/Cormode_Graham/library/publications/CormodeShkapenyukSrivastavaXu09.pdf>
-type ExpDecaySample struct {
-	alpha         float64
-	count         int64
-	mutex         sync.Mutex
-	reservoirSize int
-	t0, t1        time.Time
-	values        expDecaySampleHeap
-}
-
-// NewExpDecaySample constructs a new exponentially-decaying sample with the
-// given reservoir size and alpha.
-func NewExpDecaySample(reservoirSize int, alpha float64) Sample {
-	if UseNilMetrics {
-		return NilSample{}
-	}
-	s := &ExpDecaySample{
-		alpha:         alpha,
-		reservoirSize: reservoirSize,
-		t0:            time.Now(),
-		values:        make(expDecaySampleHeap, 0, reservoirSize),
-	}
-	s.t1 = time.Now().Add(rescaleThreshold)
-	return s
-}
-
-// Clear clears all samples.
-func (s *ExpDecaySample) Clear() {
-	s.mutex.Lock()
-	defer s.mutex.Unlock()
-	s.count = 0
-	s.t0 = time.Now()
-	s.t1 = s.t0.Add(rescaleThreshold)
-	s.values = make(expDecaySampleHeap, 0, s.reservoirSize)
-}
-
-// Count returns the number of samples recorded, which may exceed the
-// reservoir size.
-func (s *ExpDecaySample) Count() int64 {
-	s.mutex.Lock()
-	defer s.mutex.Unlock()
-	return s.count
-}
-
-// Max returns the maximum value in the sample, which may not be the maximum
-// value ever to be part of the sample.
-func (s *ExpDecaySample) Max() int64 {
-	return SampleMax(s.Values())
-}
-
-// Mean returns the mean of the values in the sample.
-func (s *ExpDecaySample) Mean() float64 {
-	return SampleMean(s.Values())
-}
-
-// Min returns the minimum value in the sample, which may not be the minimum
-// value ever to be part of the sample.
-func (s *ExpDecaySample) Min() int64 {
-	return SampleMin(s.Values())
-}
-
-// Percentile returns an arbitrary percentile of values in the sample.
-func (s *ExpDecaySample) Percentile(p float64) float64 {
-	return SamplePercentile(s.Values(), p)
-}
-
-// Percentiles returns a slice of arbitrary percentiles of values in the
-// sample.
-func (s *ExpDecaySample) Percentiles(ps []float64) []float64 {
-	return SamplePercentiles(s.Values(), ps)
-}
-
-// Size returns the size of the sample, which is at most the reservoir size.
-func (s *ExpDecaySample) Size() int {
-	s.mutex.Lock()
-	defer s.mutex.Unlock()
-	return len(s.values)
-}
-
-// Snapshot returns a read-only copy of the sample.
-func (s *ExpDecaySample) Snapshot() Sample {
-	s.mutex.Lock()
-	defer s.mutex.Unlock()
-	values := make([]int64, len(s.values))
-	for i, v := range s.values {
-		values[i] = v.v
-	}
-	return &SampleSnapshot{
-		count:  s.count,
-		values: values,
-	}
-}
-
-// StdDev returns the standard deviation of the values in the sample.
-func (s *ExpDecaySample) StdDev() float64 {
-	return SampleStdDev(s.Values())
-}
-
-// Sum returns the sum of the values in the sample.
-func (s *ExpDecaySample) Sum() int64 {
-	return SampleSum(s.Values())
-}
-
-// Update samples a new value.
-func (s *ExpDecaySample) Update(v int64) {
-	s.update(time.Now(), v)
-}
-
-// Values returns a copy of the values in the sample.
-func (s *ExpDecaySample) Values() []int64 {
-	s.mutex.Lock()
-	defer s.mutex.Unlock()
-	values := make([]int64, len(s.values))
-	for i, v := range s.values {
-		values[i] = v.v
-	}
-	return values
-}
-
-// Variance returns the variance of the values in the sample.
-func (s *ExpDecaySample) Variance() float64 {
-	return SampleVariance(s.Values())
-}
-
-// update samples a new value at a particular timestamp.  This is a method all
-// its own to facilitate testing.
-func (s *ExpDecaySample) update(t time.Time, v int64) {
-	s.mutex.Lock()
-	defer s.mutex.Unlock()
-	s.count++
-	if len(s.values) == s.reservoirSize {
-		heap.Pop(&s.values)
-	}
-	heap.Push(&s.values, expDecaySample{
-		k: math.Exp(t.Sub(s.t0).Seconds()*s.alpha) / rand.Float64(),
-		v: v,
-	})
-	if t.After(s.t1) {
-		values := s.values
-		t0 := s.t0
-		s.values = make(expDecaySampleHeap, 0, s.reservoirSize)
-		s.t0 = t
-		s.t1 = s.t0.Add(rescaleThreshold)
-		for _, v := range values {
-			v.k = v.k * math.Exp(-s.alpha*float64(s.t0.Sub(t0)))
-			heap.Push(&s.values, v)
-		}
-	}
-}
-
-// NilSample is a no-op Sample.
-type NilSample struct{}
-
-// Clear is a no-op.
-func (NilSample) Clear() {}
-
-// Count is a no-op.
-func (NilSample) Count() int64 { return 0 }
-
-// Max is a no-op.
-func (NilSample) Max() int64 { return 0 }
-
-// Mean is a no-op.
-func (NilSample) Mean() float64 { return 0.0 }
-
-// Min is a no-op.
-func (NilSample) Min() int64 { return 0 }
-
-// Percentile is a no-op.
-func (NilSample) Percentile(p float64) float64 { return 0.0 }
-
-// Percentiles is a no-op.
-func (NilSample) Percentiles(ps []float64) []float64 {
-	return make([]float64, len(ps))
-}
-
-// Size is a no-op.
-func (NilSample) Size() int { return 0 }
-
-// Sample is a no-op.
-func (NilSample) Snapshot() Sample { return NilSample{} }
-
-// StdDev is a no-op.
-func (NilSample) StdDev() float64 { return 0.0 }
-
-// Sum is a no-op.
-func (NilSample) Sum() int64 { return 0 }
-
-// Update is a no-op.
-func (NilSample) Update(v int64) {}
-
-// Values is a no-op.
-func (NilSample) Values() []int64 { return []int64{} }
-
-// Variance is a no-op.
-func (NilSample) Variance() float64 { return 0.0 }
-
-// SampleMax returns the maximum value of the slice of int64.
-func SampleMax(values []int64) int64 {
-	if 0 == len(values) {
-		return 0
-	}
-	var max int64 = math.MinInt64
-	for _, v := range values {
-		if max < v {
-			max = v
-		}
-	}
-	return max
-}
-
-// SampleMean returns the mean value of the slice of int64.
-func SampleMean(values []int64) float64 {
-	if 0 == len(values) {
-		return 0.0
-	}
-	return float64(SampleSum(values)) / float64(len(values))
-}
-
-// SampleMin returns the minimum value of the slice of int64.
-func SampleMin(values []int64) int64 {
-	if 0 == len(values) {
-		return 0
-	}
-	var min int64 = math.MaxInt64
-	for _, v := range values {
-		if min > v {
-			min = v
-		}
-	}
-	return min
-}
-
-// SamplePercentiles returns an arbitrary percentile of the slice of int64.
-func SamplePercentile(values int64Slice, p float64) float64 {
-	return SamplePercentiles(values, []float64{p})[0]
-}
-
-// SamplePercentiles returns a slice of arbitrary percentiles of the slice of
-// int64.
-func SamplePercentiles(values int64Slice, ps []float64) []float64 {
-	scores := make([]float64, len(ps))
-	size := len(values)
-	if size > 0 {
-		sort.Sort(values)
-		for i, p := range ps {
-			pos := p * float64(size+1)
-			if pos < 1.0 {
-				scores[i] = float64(values[0])
-			} else if pos >= float64(size) {
-				scores[i] = float64(values[size-1])
-			} else {
-				lower := float64(values[int(pos)-1])
-				upper := float64(values[int(pos)])
-				scores[i] = lower + (pos-math.Floor(pos))*(upper-lower)
-			}
-		}
-	}
-	return scores
-}
-
-// SampleSnapshot is a read-only copy of another Sample.
-type SampleSnapshot struct {
-	count  int64
-	values []int64
-}
-
-// Clear panics.
-func (*SampleSnapshot) Clear() {
-	panic("Clear called on a SampleSnapshot")
-}
-
-// Count returns the count of inputs at the time the snapshot was taken.
-func (s *SampleSnapshot) Count() int64 { return s.count }
-
-// Max returns the maximal value at the time the snapshot was taken.
-func (s *SampleSnapshot) Max() int64 { return SampleMax(s.values) }
-
-// Mean returns the mean value at the time the snapshot was taken.
-func (s *SampleSnapshot) Mean() float64 { return SampleMean(s.values) }
-
-// Min returns the minimal value at the time the snapshot was taken.
-func (s *SampleSnapshot) Min() int64 { return SampleMin(s.values) }
-
-// Percentile returns an arbitrary percentile of values at the time the
-// snapshot was taken.
-func (s *SampleSnapshot) Percentile(p float64) float64 {
-	return SamplePercentile(s.values, p)
-}
-
-// Percentiles returns a slice of arbitrary percentiles of values at the time
-// the snapshot was taken.
-func (s *SampleSnapshot) Percentiles(ps []float64) []float64 {
-	return SamplePercentiles(s.values, ps)
-}
-
-// Size returns the size of the sample at the time the snapshot was taken.
-func (s *SampleSnapshot) Size() int { return len(s.values) }
-
-// Snapshot returns the snapshot.
-func (s *SampleSnapshot) Snapshot() Sample { return s }
-
-// StdDev returns the standard deviation of values at the time the snapshot was
-// taken.
-func (s *SampleSnapshot) StdDev() float64 { return SampleStdDev(s.values) }
-
-// Sum returns the sum of values at the time the snapshot was taken.
-func (s *SampleSnapshot) Sum() int64 { return SampleSum(s.values) }
-
-// Update panics.
-func (*SampleSnapshot) Update(int64) {
-	panic("Update called on a SampleSnapshot")
-}
-
-// Values returns a copy of the values in the sample.
-func (s *SampleSnapshot) Values() []int64 {
-	values := make([]int64, len(s.values))
-	copy(values, s.values)
-	return values
-}
-
-// Variance returns the variance of values at the time the snapshot was taken.
-func (s *SampleSnapshot) Variance() float64 { return SampleVariance(s.values) }
-
-// SampleStdDev returns the standard deviation of the slice of int64.
-func SampleStdDev(values []int64) float64 {
-	return math.Sqrt(SampleVariance(values))
-}
-
-// SampleSum returns the sum of the slice of int64.
-func SampleSum(values []int64) int64 {
-	var sum int64
-	for _, v := range values {
-		sum += v
-	}
-	return sum
-}
-
-// SampleVariance returns the variance of the slice of int64.
-func SampleVariance(values []int64) float64 {
-	if 0 == len(values) {
-		return 0.0
-	}
-	m := SampleMean(values)
-	var sum float64
-	for _, v := range values {
-		d := float64(v) - m
-		sum += d * d
-	}
-	return sum / float64(len(values))
-}
-
-// A uniform sample using Vitter's Algorithm R.
-//
-// <http://www.cs.umd.edu/~samir/498/vitter.pdf>
-type UniformSample struct {
-	count         int64
-	mutex         sync.Mutex
-	reservoirSize int
-	values        []int64
-}
-
-// NewUniformSample constructs a new uniform sample with the given reservoir
-// size.
-func NewUniformSample(reservoirSize int) Sample {
-	if UseNilMetrics {
-		return NilSample{}
-	}
-	return &UniformSample{
-		reservoirSize: reservoirSize,
-		values:        make([]int64, 0, reservoirSize),
-	}
-}
-
-// Clear clears all samples.
-func (s *UniformSample) Clear() {
-	s.mutex.Lock()
-	defer s.mutex.Unlock()
-	s.count = 0
-	s.values = make([]int64, 0, s.reservoirSize)
-}
-
-// Count returns the number of samples recorded, which may exceed the
-// reservoir size.
-func (s *UniformSample) Count() int64 {
-	s.mutex.Lock()
-	defer s.mutex.Unlock()
-	return s.count
-}
-
-// Max returns the maximum value in the sample, which may not be the maximum
-// value ever to be part of the sample.
-func (s *UniformSample) Max() int64 {
-	s.mutex.Lock()
-	defer s.mutex.Unlock()
-	return SampleMax(s.values)
-}
-
-// Mean returns the mean of the values in the sample.
-func (s *UniformSample) Mean() float64 {
-	s.mutex.Lock()
-	defer s.mutex.Unlock()
-	return SampleMean(s.values)
-}
-
-// Min returns the minimum value in the sample, which may not be the minimum
-// value ever to be part of the sample.
-func (s *UniformSample) Min() int64 {
-	s.mutex.Lock()
-	defer s.mutex.Unlock()
-	return SampleMin(s.values)
-}
-
-// Percentile returns an arbitrary percentile of values in the sample.
-func (s *UniformSample) Percentile(p float64) float64 {
-	s.mutex.Lock()
-	defer s.mutex.Unlock()
-	return SamplePercentile(s.values, p)
-}
-
-// Percentiles returns a slice of arbitrary percentiles of values in the
-// sample.
-func (s *UniformSample) Percentiles(ps []float64) []float64 {
-	s.mutex.Lock()
-	defer s.mutex.Unlock()
-	return SamplePercentiles(s.values, ps)
-}
-
-// Size returns the size of the sample, which is at most the reservoir size.
-func (s *UniformSample) Size() int {
-	s.mutex.Lock()
-	defer s.mutex.Unlock()
-	return len(s.values)
-}
-
-// Snapshot returns a read-only copy of the sample.
-func (s *UniformSample) Snapshot() Sample {
-	s.mutex.Lock()
-	defer s.mutex.Unlock()
-	values := make([]int64, len(s.values))
-	copy(values, s.values)
-	return &SampleSnapshot{
-		count:  s.count,
-		values: values,
-	}
-}
-
-// StdDev returns the standard deviation of the values in the sample.
-func (s *UniformSample) StdDev() float64 {
-	s.mutex.Lock()
-	defer s.mutex.Unlock()
-	return SampleStdDev(s.values)
-}
-
-// Sum returns the sum of the values in the sample.
-func (s *UniformSample) Sum() int64 {
-	s.mutex.Lock()
-	defer s.mutex.Unlock()
-	return SampleSum(s.values)
-}
-
-// Update samples a new value.
-func (s *UniformSample) Update(v int64) {
-	s.mutex.Lock()
-	defer s.mutex.Unlock()
-	s.count++
-	if len(s.values) < s.reservoirSize {
-		s.values = append(s.values, v)
-	} else {
-		s.values[rand.Intn(s.reservoirSize)] = v
-	}
-}
-
-// Values returns a copy of the values in the sample.
-func (s *UniformSample) Values() []int64 {
-	s.mutex.Lock()
-	defer s.mutex.Unlock()
-	values := make([]int64, len(s.values))
-	copy(values, s.values)
-	return values
-}
-
-// Variance returns the variance of the values in the sample.
-func (s *UniformSample) Variance() float64 {
-	s.mutex.Lock()
-	defer s.mutex.Unlock()
-	return SampleVariance(s.values)
-}
-
-// expDecaySample represents an individual sample in a heap.
-type expDecaySample struct {
-	k float64
-	v int64
-}
-
-// expDecaySampleHeap is a min-heap of expDecaySamples.
-type expDecaySampleHeap []expDecaySample
-
-func (q expDecaySampleHeap) Len() int {
-	return len(q)
-}
-
-func (q expDecaySampleHeap) Less(i, j int) bool {
-	return q[i].k < q[j].k
-}
-
-func (q *expDecaySampleHeap) Pop() interface{} {
-	q_ := *q
-	n := len(q_)
-	i := q_[n-1]
-	q_ = q_[0 : n-1]
-	*q = q_
-	return i
-}
-
-func (q *expDecaySampleHeap) Push(x interface{}) {
-	q_ := *q
-	n := len(q_)
-	q_ = q_[0 : n+1]
-	q_[n] = x.(expDecaySample)
-	*q = q_
-}
-
-func (q expDecaySampleHeap) Swap(i, j int) {
-	q[i], q[j] = q[j], q[i]
-}
-
-type int64Slice []int64
-
-func (p int64Slice) Len() int           { return len(p) }
-func (p int64Slice) Less(i, j int) bool { return p[i] < p[j] }
-func (p int64Slice) Swap(i, j int)      { p[i], p[j] = p[j], p[i] }
diff --git a/vendor/github.com/yvasiyarov/go-metrics/syslog.go b/vendor/github.com/yvasiyarov/go-metrics/syslog.go
deleted file mode 100644
index 693f19085..000000000
--- a/vendor/github.com/yvasiyarov/go-metrics/syslog.go
+++ /dev/null
@@ -1,78 +0,0 @@
-// +build !windows
-
-package metrics
-
-import (
-	"fmt"
-	"log/syslog"
-	"time"
-)
-
-// Output each metric in the given registry to syslog periodically using
-// the given syslogger.
-func Syslog(r Registry, d time.Duration, w *syslog.Writer) {
-	for _ = range time.Tick(d) {
-		r.Each(func(name string, i interface{}) {
-			switch metric := i.(type) {
-			case Counter:
-				w.Info(fmt.Sprintf("counter %s: count: %d", name, metric.Count()))
-			case Gauge:
-				w.Info(fmt.Sprintf("gauge %s: value: %d", name, metric.Value()))
-			case GaugeFloat64:
-				w.Info(fmt.Sprintf("gauge %s: value: %f", name, metric.Value()))
-			case Healthcheck:
-				metric.Check()
-				w.Info(fmt.Sprintf("healthcheck %s: error: %v", name, metric.Error()))
-			case Histogram:
-				h := metric.Snapshot()
-				ps := h.Percentiles([]float64{0.5, 0.75, 0.95, 0.99, 0.999})
-				w.Info(fmt.Sprintf(
-					"histogram %s: count: %d min: %d max: %d mean: %.2f stddev: %.2f median: %.2f 75%%: %.2f 95%%: %.2f 99%%: %.2f 99.9%%: %.2f",
-					name,
-					h.Count(),
-					h.Min(),
-					h.Max(),
-					h.Mean(),
-					h.StdDev(),
-					ps[0],
-					ps[1],
-					ps[2],
-					ps[3],
-					ps[4],
-				))
-			case Meter:
-				m := metric.Snapshot()
-				w.Info(fmt.Sprintf(
-					"meter %s: count: %d 1-min: %.2f 5-min: %.2f 15-min: %.2f mean: %.2f",
-					name,
-					m.Count(),
-					m.Rate1(),
-					m.Rate5(),
-					m.Rate15(),
-					m.RateMean(),
-				))
-			case Timer:
-				t := metric.Snapshot()
-				ps := t.Percentiles([]float64{0.5, 0.75, 0.95, 0.99, 0.999})
-				w.Info(fmt.Sprintf(
-					"timer %s: count: %d min: %d max: %d mean: %.2f stddev: %.2f median: %.2f 75%%: %.2f 95%%: %.2f 99%%: %.2f 99.9%%: %.2f 1-min: %.2f 5-min: %.2f 15-min: %.2f mean-rate: %.2f",
-					name,
-					t.Count(),
-					t.Min(),
-					t.Max(),
-					t.Mean(),
-					t.StdDev(),
-					ps[0],
-					ps[1],
-					ps[2],
-					ps[3],
-					ps[4],
-					t.Rate1(),
-					t.Rate5(),
-					t.Rate15(),
-					t.RateMean(),
-				))
-			}
-		})
-	}
-}
diff --git a/vendor/github.com/yvasiyarov/go-metrics/timer.go b/vendor/github.com/yvasiyarov/go-metrics/timer.go
deleted file mode 100644
index 73f19b585..000000000
--- a/vendor/github.com/yvasiyarov/go-metrics/timer.go
+++ /dev/null
@@ -1,299 +0,0 @@
-package metrics
-
-import (
-	"sync"
-	"time"
-)
-
-// Timers capture the duration and rate of events.
-type Timer interface {
-	Count() int64
-	Max() int64
-	Mean() float64
-	Min() int64
-	Percentile(float64) float64
-	Percentiles([]float64) []float64
-	Rate1() float64
-	Rate5() float64
-	Rate15() float64
-	RateMean() float64
-	Snapshot() Timer
-	StdDev() float64
-	Time(func())
-	Update(time.Duration)
-	UpdateSince(time.Time)
-	Variance() float64
-}
-
-// GetOrRegisterTimer returns an existing Timer or constructs and registers a
-// new StandardTimer.
-func GetOrRegisterTimer(name string, r Registry) Timer {
-	if nil == r {
-		r = DefaultRegistry
-	}
-	return r.GetOrRegister(name, NewTimer).(Timer)
-}
-
-// NewCustomTimer constructs a new StandardTimer from a Histogram and a Meter.
-func NewCustomTimer(h Histogram, m Meter) Timer {
-	if UseNilMetrics {
-		return NilTimer{}
-	}
-	return &StandardTimer{
-		histogram: h,
-		meter:     m,
-	}
-}
-
-// NewRegisteredTimer constructs and registers a new StandardTimer.
-func NewRegisteredTimer(name string, r Registry) Timer {
-	c := NewTimer()
-	if nil == r {
-		r = DefaultRegistry
-	}
-	r.Register(name, c)
-	return c
-}
-
-// NewTimer constructs a new StandardTimer using an exponentially-decaying
-// sample with the same reservoir size and alpha as UNIX load averages.
-func NewTimer() Timer {
-	if UseNilMetrics {
-		return NilTimer{}
-	}
-	return &StandardTimer{
-		histogram: NewHistogram(NewExpDecaySample(1028, 0.015)),
-		meter:     NewMeter(),
-	}
-}
-
-// NilTimer is a no-op Timer.
-type NilTimer struct {
-	h Histogram
-	m Meter
-}
-
-// Count is a no-op.
-func (NilTimer) Count() int64 { return 0 }
-
-// Max is a no-op.
-func (NilTimer) Max() int64 { return 0 }
-
-// Mean is a no-op.
-func (NilTimer) Mean() float64 { return 0.0 }
-
-// Min is a no-op.
-func (NilTimer) Min() int64 { return 0 }
-
-// Percentile is a no-op.
-func (NilTimer) Percentile(p float64) float64 { return 0.0 }
-
-// Percentiles is a no-op.
-func (NilTimer) Percentiles(ps []float64) []float64 {
-	return make([]float64, len(ps))
-}
-
-// Rate1 is a no-op.
-func (NilTimer) Rate1() float64 { return 0.0 }
-
-// Rate5 is a no-op.
-func (NilTimer) Rate5() float64 { return 0.0 }
-
-// Rate15 is a no-op.
-func (NilTimer) Rate15() float64 { return 0.0 }
-
-// RateMean is a no-op.
-func (NilTimer) RateMean() float64 { return 0.0 }
-
-// Snapshot is a no-op.
-func (NilTimer) Snapshot() Timer { return NilTimer{} }
-
-// StdDev is a no-op.
-func (NilTimer) StdDev() float64 { return 0.0 }
-
-// Time is a no-op.
-func (NilTimer) Time(func()) {}
-
-// Update is a no-op.
-func (NilTimer) Update(time.Duration) {}
-
-// UpdateSince is a no-op.
-func (NilTimer) UpdateSince(time.Time) {}
-
-// Variance is a no-op.
-func (NilTimer) Variance() float64 { return 0.0 }
-
-// StandardTimer is the standard implementation of a Timer and uses a Histogram
-// and Meter.
-type StandardTimer struct {
-	histogram Histogram
-	meter     Meter
-	mutex     sync.Mutex
-}
-
-// Count returns the number of events recorded.
-func (t *StandardTimer) Count() int64 {
-	return t.histogram.Count()
-}
-
-// Max returns the maximum value in the sample.
-func (t *StandardTimer) Max() int64 {
-	return t.histogram.Max()
-}
-
-// Mean returns the mean of the values in the sample.
-func (t *StandardTimer) Mean() float64 {
-	return t.histogram.Mean()
-}
-
-// Min returns the minimum value in the sample.
-func (t *StandardTimer) Min() int64 {
-	return t.histogram.Min()
-}
-
-// Percentile returns an arbitrary percentile of the values in the sample.
-func (t *StandardTimer) Percentile(p float64) float64 {
-	return t.histogram.Percentile(p)
-}
-
-// Percentiles returns a slice of arbitrary percentiles of the values in the
-// sample.
-func (t *StandardTimer) Percentiles(ps []float64) []float64 {
-	return t.histogram.Percentiles(ps)
-}
-
-// Rate1 returns the one-minute moving average rate of events per second.
-func (t *StandardTimer) Rate1() float64 {
-	return t.meter.Rate1()
-}
-
-// Rate5 returns the five-minute moving average rate of events per second.
-func (t *StandardTimer) Rate5() float64 {
-	return t.meter.Rate5()
-}
-
-// Rate15 returns the fifteen-minute moving average rate of events per second.
-func (t *StandardTimer) Rate15() float64 {
-	return t.meter.Rate15()
-}
-
-// RateMean returns the meter's mean rate of events per second.
-func (t *StandardTimer) RateMean() float64 {
-	return t.meter.RateMean()
-}
-
-// Snapshot returns a read-only copy of the timer.
-func (t *StandardTimer) Snapshot() Timer {
-	t.mutex.Lock()
-	defer t.mutex.Unlock()
-	return &TimerSnapshot{
-		histogram: t.histogram.Snapshot().(*HistogramSnapshot),
-		meter:     t.meter.Snapshot().(*MeterSnapshot),
-	}
-}
-
-// StdDev returns the standard deviation of the values in the sample.
-func (t *StandardTimer) StdDev() float64 {
-	return t.histogram.StdDev()
-}
-
-// Record the duration of the execution of the given function.
-func (t *StandardTimer) Time(f func()) {
-	ts := time.Now()
-	f()
-	t.Update(time.Since(ts))
-}
-
-// Record the duration of an event.
-func (t *StandardTimer) Update(d time.Duration) {
-	t.mutex.Lock()
-	defer t.mutex.Unlock()
-	t.histogram.Update(int64(d))
-	t.meter.Mark(1)
-}
-
-// Record the duration of an event that started at a time and ends now.
-func (t *StandardTimer) UpdateSince(ts time.Time) {
-	t.mutex.Lock()
-	defer t.mutex.Unlock()
-	t.histogram.Update(int64(time.Since(ts)))
-	t.meter.Mark(1)
-}
-
-// Variance returns the variance of the values in the sample.
-func (t *StandardTimer) Variance() float64 {
-	return t.histogram.Variance()
-}
-
-// TimerSnapshot is a read-only copy of another Timer.
-type TimerSnapshot struct {
-	histogram *HistogramSnapshot
-	meter     *MeterSnapshot
-}
-
-// Count returns the number of events recorded at the time the snapshot was
-// taken.
-func (t *TimerSnapshot) Count() int64 { return t.histogram.Count() }
-
-// Max returns the maximum value at the time the snapshot was taken.
-func (t *TimerSnapshot) Max() int64 { return t.histogram.Max() }
-
-// Mean returns the mean value at the time the snapshot was taken.
-func (t *TimerSnapshot) Mean() float64 { return t.histogram.Mean() }
-
-// Min returns the minimum value at the time the snapshot was taken.
-func (t *TimerSnapshot) Min() int64 { return t.histogram.Min() }
-
-// Percentile returns an arbitrary percentile of sampled values at the time the
-// snapshot was taken.
-func (t *TimerSnapshot) Percentile(p float64) float64 {
-	return t.histogram.Percentile(p)
-}
-
-// Percentiles returns a slice of arbitrary percentiles of sampled values at
-// the time the snapshot was taken.
-func (t *TimerSnapshot) Percentiles(ps []float64) []float64 {
-	return t.histogram.Percentiles(ps)
-}
-
-// Rate1 returns the one-minute moving average rate of events per second at the
-// time the snapshot was taken.
-func (t *TimerSnapshot) Rate1() float64 { return t.meter.Rate1() }
-
-// Rate5 returns the five-minute moving average rate of events per second at
-// the time the snapshot was taken.
-func (t *TimerSnapshot) Rate5() float64 { return t.meter.Rate5() }
-
-// Rate15 returns the fifteen-minute moving average rate of events per second
-// at the time the snapshot was taken.
-func (t *TimerSnapshot) Rate15() float64 { return t.meter.Rate15() }
-
-// RateMean returns the meter's mean rate of events per second at the time the
-// snapshot was taken.
-func (t *TimerSnapshot) RateMean() float64 { return t.meter.RateMean() }
-
-// Snapshot returns the snapshot.
-func (t *TimerSnapshot) Snapshot() Timer { return t }
-
-// StdDev returns the standard deviation of the values at the time the snapshot
-// was taken.
-func (t *TimerSnapshot) StdDev() float64 { return t.histogram.StdDev() }
-
-// Time panics.
-func (*TimerSnapshot) Time(func()) {
-	panic("Time called on a TimerSnapshot")
-}
-
-// Update panics.
-func (*TimerSnapshot) Update(time.Duration) {
-	panic("Update called on a TimerSnapshot")
-}
-
-// UpdateSince panics.
-func (*TimerSnapshot) UpdateSince(time.Time) {
-	panic("UpdateSince called on a TimerSnapshot")
-}
-
-// Variance returns the variance of the values at the time the snapshot was
-// taken.
-func (t *TimerSnapshot) Variance() float64 { return t.histogram.Variance() }
diff --git a/vendor/github.com/yvasiyarov/go-metrics/writer.go b/vendor/github.com/yvasiyarov/go-metrics/writer.go
deleted file mode 100644
index 091e971d2..000000000
--- a/vendor/github.com/yvasiyarov/go-metrics/writer.go
+++ /dev/null
@@ -1,100 +0,0 @@
-package metrics
-
-import (
-	"fmt"
-	"io"
-	"sort"
-	"time"
-)
-
-// Write sorts writes each metric in the given registry periodically to the
-// given io.Writer.
-func Write(r Registry, d time.Duration, w io.Writer) {
-	for _ = range time.Tick(d) {
-		WriteOnce(r, w)
-	}
-}
-
-// WriteOnce sorts and writes metrics in the given registry to the given
-// io.Writer.
-func WriteOnce(r Registry, w io.Writer) {
-	var namedMetrics namedMetricSlice
-	r.Each(func(name string, i interface{}) {
-		namedMetrics = append(namedMetrics, namedMetric{name, i})
-	})
-
-	sort.Sort(namedMetrics)
-	for _, namedMetric := range namedMetrics {
-		switch metric := namedMetric.m.(type) {
-		case Counter:
-			fmt.Fprintf(w, "counter %s\n", namedMetric.name)
-			fmt.Fprintf(w, "  count:       %9d\n", metric.Count())
-		case Gauge:
-			fmt.Fprintf(w, "gauge %s\n", namedMetric.name)
-			fmt.Fprintf(w, "  value:       %9d\n", metric.Value())
-		case GaugeFloat64:
-			fmt.Fprintf(w, "gauge %s\n", namedMetric.name)
-			fmt.Fprintf(w, "  value:       %f\n", metric.Value())
-		case Healthcheck:
-			metric.Check()
-			fmt.Fprintf(w, "healthcheck %s\n", namedMetric.name)
-			fmt.Fprintf(w, "  error:       %v\n", metric.Error())
-		case Histogram:
-			h := metric.Snapshot()
-			ps := h.Percentiles([]float64{0.5, 0.75, 0.95, 0.99, 0.999})
-			fmt.Fprintf(w, "histogram %s\n", namedMetric.name)
-			fmt.Fprintf(w, "  count:       %9d\n", h.Count())
-			fmt.Fprintf(w, "  min:         %9d\n", h.Min())
-			fmt.Fprintf(w, "  max:         %9d\n", h.Max())
-			fmt.Fprintf(w, "  mean:        %12.2f\n", h.Mean())
-			fmt.Fprintf(w, "  stddev:      %12.2f\n", h.StdDev())
-			fmt.Fprintf(w, "  median:      %12.2f\n", ps[0])
-			fmt.Fprintf(w, "  75%%:         %12.2f\n", ps[1])
-			fmt.Fprintf(w, "  95%%:         %12.2f\n", ps[2])
-			fmt.Fprintf(w, "  99%%:         %12.2f\n", ps[3])
-			fmt.Fprintf(w, "  99.9%%:       %12.2f\n", ps[4])
-		case Meter:
-			m := metric.Snapshot()
-			fmt.Fprintf(w, "meter %s\n", namedMetric.name)
-			fmt.Fprintf(w, "  count:       %9d\n", m.Count())
-			fmt.Fprintf(w, "  1-min rate:  %12.2f\n", m.Rate1())
-			fmt.Fprintf(w, "  5-min rate:  %12.2f\n", m.Rate5())
-			fmt.Fprintf(w, "  15-min rate: %12.2f\n", m.Rate15())
-			fmt.Fprintf(w, "  mean rate:   %12.2f\n", m.RateMean())
-		case Timer:
-			t := metric.Snapshot()
-			ps := t.Percentiles([]float64{0.5, 0.75, 0.95, 0.99, 0.999})
-			fmt.Fprintf(w, "timer %s\n", namedMetric.name)
-			fmt.Fprintf(w, "  count:       %9d\n", t.Count())
-			fmt.Fprintf(w, "  min:         %9d\n", t.Min())
-			fmt.Fprintf(w, "  max:         %9d\n", t.Max())
-			fmt.Fprintf(w, "  mean:        %12.2f\n", t.Mean())
-			fmt.Fprintf(w, "  stddev:      %12.2f\n", t.StdDev())
-			fmt.Fprintf(w, "  median:      %12.2f\n", ps[0])
-			fmt.Fprintf(w, "  75%%:         %12.2f\n", ps[1])
-			fmt.Fprintf(w, "  95%%:         %12.2f\n", ps[2])
-			fmt.Fprintf(w, "  99%%:         %12.2f\n", ps[3])
-			fmt.Fprintf(w, "  99.9%%:       %12.2f\n", ps[4])
-			fmt.Fprintf(w, "  1-min rate:  %12.2f\n", t.Rate1())
-			fmt.Fprintf(w, "  5-min rate:  %12.2f\n", t.Rate5())
-			fmt.Fprintf(w, "  15-min rate: %12.2f\n", t.Rate15())
-			fmt.Fprintf(w, "  mean rate:   %12.2f\n", t.RateMean())
-		}
-	}
-}
-
-type namedMetric struct {
-	name string
-	m    interface{}
-}
-
-// namedMetricSlice is a slice of namedMetrics that implements sort.Interface.
-type namedMetricSlice []namedMetric
-
-func (nms namedMetricSlice) Len() int { return len(nms) }
-
-func (nms namedMetricSlice) Swap(i, j int) { nms[i], nms[j] = nms[j], nms[i] }
-
-func (nms namedMetricSlice) Less(i, j int) bool {
-	return nms[i].name < nms[j].name
-}
diff --git a/vendor/github.com/yvasiyarov/gorelic/.gitignore b/vendor/github.com/yvasiyarov/gorelic/.gitignore
deleted file mode 100644
index ca502e294..000000000
--- a/vendor/github.com/yvasiyarov/gorelic/.gitignore
+++ /dev/null
@@ -1,4 +0,0 @@
-*.nut
-*.swp
-examples/example1
-examples/example_web
diff --git a/vendor/github.com/yvasiyarov/gorelic/.travis.yml b/vendor/github.com/yvasiyarov/gorelic/.travis.yml
deleted file mode 100644
index 4f2ee4d97..000000000
--- a/vendor/github.com/yvasiyarov/gorelic/.travis.yml
+++ /dev/null
@@ -1 +0,0 @@
-language: go
diff --git a/vendor/github.com/yvasiyarov/gorelic/LICENSE b/vendor/github.com/yvasiyarov/gorelic/LICENSE
deleted file mode 100644
index 01a9a5c4d..000000000
--- a/vendor/github.com/yvasiyarov/gorelic/LICENSE
+++ /dev/null
@@ -1,24 +0,0 @@
-Copyright (c) 2013 Yuriy Vasiyarov. All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions are
-met:
-
-   * Redistributions of source code must retain the above copyright
-notice, this list of conditions and the following disclaimer.
-   * Redistributions in binary form must reproduce the above
-copyright notice, this list of conditions and the following disclaimer
-in the documentation and/or other materials provided with the
-distribution.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/vendor/github.com/yvasiyarov/gorelic/README.md b/vendor/github.com/yvasiyarov/gorelic/README.md
deleted file mode 100644
index 61068a82a..000000000
--- a/vendor/github.com/yvasiyarov/gorelic/README.md
+++ /dev/null
@@ -1,119 +0,0 @@
-# GoRelic
-
-New Relic agent for Go runtime. It collect a lot of metrics about scheduler, garbage collector and memory allocator and 
-send them to NewRelic.
-
-### Requirements  
-- Go 1.1 or higher
-- github.com/yvasiyarov/gorelic
-- github.com/yvasiyarov/newrelic_platform_go
-- github.com/yvasiyarov/go-metrics
-
-You have to install manually only first two dependencies. All other dependencies will be installed automatically 
-by Go toolchain.   
-
-### Installation   
-```bash
-go get github.com/yvasiyarov/gorelic
-```
-and add to the initialization part of your application following code:  
-```go
-import (
-    "github.com/yvasiyarov/gorelic"
-)
-....
-
-agent := gorelic.NewAgent()
-agent.Verbose = true
-agent.NewrelicLicense = "YOUR NEWRELIC LICENSE KEY THERE"
-agent.Run()
-
-```
-
-### Middleware  
-If you using Beego, Martini, Revel or Gin framework you can hook up gorelic with your application by using the following middleware:
-- https://github.com/yvasiyarov/beego_gorelic   
-- https://github.com/yvasiyarov/martini_gorelic   
-- https://github.com/yvasiyarov/gocraft_gorelic   
-- http://wiki.colar.net/revel_newelic
-- https://github.com/jingweno/negroni-gorelic
-- https://github.com/brandfolder/gin-gorelic
-   
-
-### Configuration  
-- NewrelicLicense - its the only mandatory setting of this agent.
-- NewrelicName - component name in NewRelic dashboard. Default value: "Go daemon"
-- NewrelicPollInterval - how often metrics will be sent to NewRelic. Default value: 60 seconds
-- Verbose - print some usefull for debugging information. Default value: false
-- CollectGcStat - should agent collect garbage collector statistic or not. Default value: true
-- CollectHTTPStat - should agent collect HTTP metrics. Default value: false
-- CollectMemoryStat - should agent collect memory allocator statistic or not. Default value: true
-- GCPollInterval - how often should GC statistic collected. Default value: 10 seconds. It has performance impact. For more information, please, see metrics documentation.
-- MemoryAllocatorPollInterval - how often should memory allocator statistic collected. Default value: 60 seconds. It has performance impact. For more information, please, read metrics documentation.
-
-
-## Metrics reported by plugin
-This agent use functions exposed by runtime or runtime/debug packages to collect most important information about Go runtime.
-
-### General metrics   
-- Runtime/General/NOGoroutines - number of runned go routines, as it reported by NumGoroutine() from runtime package
-- Runtime/General/NOCgoCalls - number of runned cgo calls, as it reported by NumCgoCall() from runtime package
-
-### Garbage collector metrics      
-- Runtime/GC/NumberOfGCCalls - Nuber of GC calls, as it reported by ReadGCStats() from runtime/debug 
-- Runtime/GC/PauseTotalTime - Total pause time diring GC calls, as it reported by ReadGCStats() from runtime/debug (in nanoseconds)
-- Runtime/GC/GCTime/Max - max GC time
-- Runtime/GC/GCTime/Min - min GC time
-- Runtime/GC/GCTime/Mean - GC mean time
-- Runtime/GC/GCTime/Percentile95 - 95% percentile of GC time
-
-All this metrics are measured in nanoseconds. Last 4 of them can be inaccurate if GC called more often then once in GCPollInterval. 
-If in your workload GC is called more often - you can consider decreasing value of GCPollInterval. 
-But be carefull, ReadGCStats() blocks mheap, so its not good idea to set GCPollInterval to very low values.
-
-### Memory allocator 
-- Component/Runtime/Memory/SysMem/Total - number of bytes/minute allocated from OS totally. 
-- Component/Runtime/Memory/SysMem/Stack - number of bytes/minute allocated from OS for stacks.
-- Component/Runtime/Memory/SysMem/MSpan - number of bytes/minute allocated from OS for internal MSpan structs.
-- Component/Runtime/Memory/SysMem/MCache - number of bytes/minute allocated from OS for internal MCache structs.
-- Component/Runtime/Memory/SysMem/Heap - number of bytes/minute allocated from OS for heap.
-- Component/Runtime/Memory/SysMem/BuckHash - number of bytes/minute allocated from OS for internal BuckHash structs.
-- Component/Runtime/Memory/Operations/NoFrees - number of memory frees per minute
-- Component/Runtime/Memory/Operations/NoMallocs - number of memory allocations per minute
-- Component/Runtime/Memory/Operations/NoPointerLookups - number of pointer lookups per minute
-- Component/Runtime/Memory/InUse/Total - total amount of memory in use
-- Component/Runtime/Memory/InUse/Heap - amount of memory in use for heap
-- Component/Runtime/Memory/InUse/MCacheInuse - amount of memory in use for MCache internal structures
-- Component/Runtime/Memory/InUse/MSpanInuse - amount of memory in use for MSpan internal structures  
-- Component/Runtime/Memory/InUse/Stack - amount of memory in use for stacks
-
-### Process metrics
-- Component/Runtime/System/Threads - number of OS threads used
-- Runtime/System/FDSize - number of file descriptors, used by process
-- Runtime/System/Memory/VmPeakSize - VM max size
-- Runtime/System/Memory/VmCurrent  - VM current size
-- Runtime/System/Memory/RssPeak    - max size of resident memory set
-- Runtime/System/Memory/RssCurrent - current size of resident memory set   
-
-All this metrics collected once in MemoryAllocatorPollInterval. In order to collect this statistic agent use ReadMemStats() routine.
-This routine calls stoptheworld() internally and it block everything. So, please, consider this when you change MemoryAllocatorPollInterval value.
-
-### HTTP metrics   
-- throughput (requests per second), calculated for last minute  
-- mean throughput (requests per second)   
-- mean response time  
-- min response time  
-- max response time  
-- 75%, 90%, 95% percentiles for response time
- 
-
-In order to collect HTTP metrics, handler functions must be wrapped using WrapHTTPHandlerFunc:
-
-```go
-http.HandleFunc("/", agent.WrapHTTPHandlerFunc(handler))
-```
-
-## TODO
-- Collect per-size allocation statistic
-- Collect user defined metrics
-
diff --git a/vendor/github.com/yvasiyarov/gorelic/agent.go b/vendor/github.com/yvasiyarov/gorelic/agent.go
deleted file mode 100644
index 660623d6f..000000000
--- a/vendor/github.com/yvasiyarov/gorelic/agent.go
+++ /dev/null
@@ -1,137 +0,0 @@
-package gorelic
-
-import (
-	"errors"
-	"fmt"
-	metrics "github.com/yvasiyarov/go-metrics"
-	"github.com/yvasiyarov/newrelic_platform_go"
-	"log"
-	"net/http"
-)
-
-const (
-	// DefaultNewRelicPollInterval - how often we will report metrics to NewRelic.
-	// Recommended values is 60 seconds
-	DefaultNewRelicPollInterval = 60
-
-	// DefaultGcPollIntervalInSeconds - how often we will get garbage collector run statistic
-	// Default value is - every 10 seconds
-	// During GC stat pooling - mheap will be locked, so be carefull changing this value
-	DefaultGcPollIntervalInSeconds = 10
-
-	// DefaultMemoryAllocatorPollIntervalInSeconds - how often we will get memory allocator statistic.
-	// Default value is - every 60 seconds
-	// During this process stoptheword() is called, so be carefull changing this value
-	DefaultMemoryAllocatorPollIntervalInSeconds = 60
-
-	//DefaultAgentGuid is plugin ID in NewRelic.
-	//You should not change it unless you want to create your own plugin.
-	DefaultAgentGuid = "com.github.yvasiyarov.GoRelic"
-
-	//CurrentAgentVersion is plugin version
-	CurrentAgentVersion = "0.0.6"
-
-	//DefaultAgentName in NewRelic GUI. You can change it.
-	DefaultAgentName = "Go daemon"
-)
-
-//Agent - is NewRelic agent implementation.
-//Agent start separate go routine which will report data to NewRelic
-type Agent struct {
-	NewrelicName                string
-	NewrelicLicense             string
-	NewrelicPollInterval        int
-	Verbose                     bool
-	CollectGcStat               bool
-	CollectMemoryStat           bool
-	CollectHTTPStat             bool
-	GCPollInterval              int
-	MemoryAllocatorPollInterval int
-	AgentGUID                   string
-	AgentVersion                string
-	plugin                      *newrelic_platform_go.NewrelicPlugin
-	HTTPTimer                   metrics.Timer
-}
-
-//NewAgent build new Agent objects.
-func NewAgent() *Agent {
-	agent := &Agent{
-		NewrelicName:                DefaultAgentName,
-		NewrelicPollInterval:        DefaultNewRelicPollInterval,
-		Verbose:                     false,
-		CollectGcStat:               true,
-		CollectMemoryStat:           true,
-		GCPollInterval:              DefaultGcPollIntervalInSeconds,
-		MemoryAllocatorPollInterval: DefaultMemoryAllocatorPollIntervalInSeconds,
-		AgentGUID:                   DefaultAgentGuid,
-		AgentVersion:                CurrentAgentVersion,
-	}
-	return agent
-}
-
-//WrapHTTPHandlerFunc  instrument HTTP handler functions to collect HTTP metrics
-func (agent *Agent) WrapHTTPHandlerFunc(h tHTTPHandlerFunc) tHTTPHandlerFunc {
-	agent.initTimer()
-	return func(w http.ResponseWriter, req *http.Request) {
-		proxy := newHTTPHandlerFunc(h)
-		proxy.timer = agent.HTTPTimer
-		proxy.ServeHTTP(w, req)
-	}
-}
-
-//WrapHTTPHandler  instrument HTTP handler object to collect HTTP metrics
-func (agent *Agent) WrapHTTPHandler(h http.Handler) http.Handler {
-	agent.initTimer()
-
-	proxy := newHTTPHandler(h)
-	proxy.timer = agent.HTTPTimer
-	return proxy
-}
-
-//Run initialize Agent instance and start harvest go routine
-func (agent *Agent) Run() error {
-	if agent.NewrelicLicense == "" {
-		return errors.New("please, pass a valid newrelic license key")
-	}
-
-	agent.plugin = newrelic_platform_go.NewNewrelicPlugin(agent.AgentVersion, agent.NewrelicLicense, agent.NewrelicPollInterval)
-	component := newrelic_platform_go.NewPluginComponent(agent.NewrelicName, agent.AgentGUID)
-	agent.plugin.AddComponent(component)
-
-	addRuntimeMericsToComponent(component)
-
-	if agent.CollectGcStat {
-		addGCMericsToComponent(component, agent.GCPollInterval)
-		agent.debug(fmt.Sprintf("Init GC metrics collection. Poll interval %d seconds.", agent.GCPollInterval))
-	}
-	if agent.CollectMemoryStat {
-		addMemoryMericsToComponent(component, agent.MemoryAllocatorPollInterval)
-		agent.debug(fmt.Sprintf("Init memory allocator metrics collection. Poll interval %d seconds.", agent.MemoryAllocatorPollInterval))
-	}
-
-	if agent.CollectHTTPStat {
-		agent.initTimer()
-		addHTTPMericsToComponent(component, agent.HTTPTimer)
-		agent.debug(fmt.Sprintf("Init HTTP metrics collection."))
-	}
-
-	agent.plugin.Verbose = agent.Verbose
-	go agent.plugin.Run()
-	return nil
-}
-
-//Initialize global metrics.Timer object, used to collect HTTP metrics
-func (agent *Agent) initTimer() {
-	if agent.HTTPTimer == nil {
-		agent.HTTPTimer = metrics.NewTimer()
-	}
-
-	agent.CollectHTTPStat = true
-}
-
-//Print debug messages
-func (agent *Agent) debug(msg string) {
-	if agent.Verbose {
-		log.Println(msg)
-	}
-}
diff --git a/vendor/github.com/yvasiyarov/gorelic/doc.go b/vendor/github.com/yvasiyarov/gorelic/doc.go
deleted file mode 100644
index 69de9fee3..000000000
--- a/vendor/github.com/yvasiyarov/gorelic/doc.go
+++ /dev/null
@@ -1,2 +0,0 @@
-// Package gorelic is an New Relic agent implementation for Go runtime. It collect a lot of metrics about Go scheduler, garbage collector and memory allocator and send them to NewRelic.
-package gorelic
diff --git a/vendor/github.com/yvasiyarov/gorelic/gc_metrics.go b/vendor/github.com/yvasiyarov/gorelic/gc_metrics.go
deleted file mode 100644
index 394059402..000000000
--- a/vendor/github.com/yvasiyarov/gorelic/gc_metrics.go
+++ /dev/null
@@ -1,65 +0,0 @@
-package gorelic
-
-import (
-	metrics "github.com/yvasiyarov/go-metrics"
-	"github.com/yvasiyarov/newrelic_platform_go"
-	"time"
-)
-
-func newGCMetricaDataSource(pollInterval int) goMetricaDataSource {
-	r := metrics.NewRegistry()
-
-	metrics.RegisterDebugGCStats(r)
-	go metrics.CaptureDebugGCStats(r, time.Duration(pollInterval)*time.Second)
-	return goMetricaDataSource{r}
-}
-
-func addGCMericsToComponent(component newrelic_platform_go.IComponent, pollInterval int) {
-	metrics := []*baseGoMetrica{
-		&baseGoMetrica{
-			name:          "NumberOfGCCalls",
-			units:         "calls",
-			dataSourceKey: "debug.GCStats.NumGC",
-		},
-		&baseGoMetrica{
-			name:          "PauseTotalTime",
-			units:         "nanoseconds",
-			dataSourceKey: "debug.GCStats.PauseTotal",
-		},
-	}
-
-	ds := newGCMetricaDataSource(pollInterval)
-	for _, m := range metrics {
-		m.basePath = "Runtime/GC/"
-		m.dataSource = ds
-		component.AddMetrica(&gaugeMetrica{m})
-	}
-
-	histogramMetrics := []*histogramMetrica{
-		&histogramMetrica{
-			statFunction:  histogramMax,
-			baseGoMetrica: &baseGoMetrica{name: "Max"},
-		},
-		&histogramMetrica{
-			statFunction:  histogramMin,
-			baseGoMetrica: &baseGoMetrica{name: "Min"},
-		},
-		&histogramMetrica{
-			statFunction:  histogramMean,
-			baseGoMetrica: &baseGoMetrica{name: "Mean"},
-		},
-		&histogramMetrica{
-			statFunction:    histogramPercentile,
-			percentileValue: 0.95,
-			baseGoMetrica:   &baseGoMetrica{name: "Percentile95"},
-		},
-	}
-	for _, m := range histogramMetrics {
-		m.baseGoMetrica.units = "nanoseconds"
-		m.baseGoMetrica.dataSourceKey = "debug.GCStats.Pause"
-		m.baseGoMetrica.basePath = "Runtime/GC/GCTime/"
-		m.baseGoMetrica.dataSource = ds
-
-		component.AddMetrica(m)
-	}
-}
diff --git a/vendor/github.com/yvasiyarov/gorelic/gometrica.go b/vendor/github.com/yvasiyarov/gorelic/gometrica.go
deleted file mode 100644
index 52fcdd575..000000000
--- a/vendor/github.com/yvasiyarov/gorelic/gometrica.go
+++ /dev/null
@@ -1,105 +0,0 @@
-package gorelic
-
-import (
-	"fmt"
-	metrics "github.com/yvasiyarov/go-metrics"
-)
-
-const (
-	histogramMin = iota
-	histogramMax
-	histogramMean
-	histogramPercentile
-	histogramStdDev
-	histogramVariance
-	noHistogramFunctions
-)
-
-type goMetricaDataSource struct {
-	metrics.Registry
-}
-
-func (ds goMetricaDataSource) GetGaugeValue(key string) (float64, error) {
-	if valueContainer := ds.Get(key); valueContainer == nil {
-		return 0, fmt.Errorf("metrica with name %s is not registered\n", key)
-	} else if gauge, ok := valueContainer.(metrics.Gauge); ok {
-		return float64(gauge.Value()), nil
-	} else {
-		return 0, fmt.Errorf("metrica container has unexpected type: %T\n", valueContainer)
-	}
-}
-
-func (ds goMetricaDataSource) GetHistogramValue(key string, statFunction int, percentile float64) (float64, error) {
-	if valueContainer := ds.Get(key); valueContainer == nil {
-		return 0, fmt.Errorf("metrica with name %s is not registered\n", key)
-	} else if histogram, ok := valueContainer.(metrics.Histogram); ok {
-		switch statFunction {
-		default:
-			return 0, fmt.Errorf("unsupported stat function for histogram: %s\n", statFunction)
-		case histogramMax:
-			return float64(histogram.Max()), nil
-		case histogramMin:
-			return float64(histogram.Min()), nil
-		case histogramMean:
-			return float64(histogram.Mean()), nil
-		case histogramStdDev:
-			return float64(histogram.StdDev()), nil
-		case histogramVariance:
-			return float64(histogram.Variance()), nil
-		case histogramPercentile:
-			return float64(histogram.Percentile(percentile)), nil
-		}
-	} else {
-		return 0, fmt.Errorf("metrica container has unexpected type: %T\n", valueContainer)
-	}
-}
-
-type baseGoMetrica struct {
-	dataSource    goMetricaDataSource
-	basePath      string
-	name          string
-	units         string
-	dataSourceKey string
-}
-
-func (metrica *baseGoMetrica) GetName() string {
-	return metrica.basePath + metrica.name
-}
-
-func (metrica *baseGoMetrica) GetUnits() string {
-	return metrica.units
-}
-
-type gaugeMetrica struct {
-	*baseGoMetrica
-}
-
-func (metrica *gaugeMetrica) GetValue() (float64, error) {
-	return metrica.dataSource.GetGaugeValue(metrica.dataSourceKey)
-}
-
-type gaugeIncMetrica struct {
-	*baseGoMetrica
-	previousValue float64
-}
-
-func (metrica *gaugeIncMetrica) GetValue() (float64, error) {
-	var value float64
-	var currentValue float64
-	var err error
-	if currentValue, err = metrica.dataSource.GetGaugeValue(metrica.dataSourceKey); err == nil {
-		value = currentValue - metrica.previousValue
-		metrica.previousValue = currentValue
-	}
-	return value, err
-}
-
-type histogramMetrica struct {
-	*baseGoMetrica
-	statFunction    int
-	percentileValue float64
-}
-
-func (metrica *histogramMetrica) GetValue() (float64, error) {
-	return metrica.dataSource.GetHistogramValue(metrica.dataSourceKey, metrica.statFunction, metrica.percentileValue)
-}
diff --git a/vendor/github.com/yvasiyarov/gorelic/http_metrics.go b/vendor/github.com/yvasiyarov/gorelic/http_metrics.go
deleted file mode 100644
index e54cbd371..000000000
--- a/vendor/github.com/yvasiyarov/gorelic/http_metrics.go
+++ /dev/null
@@ -1,194 +0,0 @@
-package gorelic
-
-import (
-	metrics "github.com/yvasiyarov/go-metrics"
-	"github.com/yvasiyarov/newrelic_platform_go"
-	"net/http"
-	"time"
-)
-
-type tHTTPHandlerFunc func(http.ResponseWriter, *http.Request)
-type tHTTPHandler struct {
-	originalHandler     http.Handler
-	originalHandlerFunc tHTTPHandlerFunc
-	isFunc              bool
-	timer               metrics.Timer
-}
-
-var httpTimer metrics.Timer
-
-func newHTTPHandlerFunc(h tHTTPHandlerFunc) *tHTTPHandler {
-	return &tHTTPHandler{
-		isFunc:              true,
-		originalHandlerFunc: h,
-	}
-}
-func newHTTPHandler(h http.Handler) *tHTTPHandler {
-	return &tHTTPHandler{
-		isFunc:          false,
-		originalHandler: h,
-	}
-}
-
-func (handler *tHTTPHandler) ServeHTTP(w http.ResponseWriter, req *http.Request) {
-	startTime := time.Now()
-	defer handler.timer.UpdateSince(startTime)
-
-	if handler.isFunc {
-		handler.originalHandlerFunc(w, req)
-	} else {
-		handler.originalHandler.ServeHTTP(w, req)
-	}
-}
-
-type baseTimerMetrica struct {
-	dataSource metrics.Timer
-	name       string
-	units      string
-}
-
-func (metrica *baseTimerMetrica) GetName() string {
-	return metrica.name
-}
-
-func (metrica *baseTimerMetrica) GetUnits() string {
-	return metrica.units
-}
-
-type timerRate1Metrica struct {
-	*baseTimerMetrica
-}
-
-func (metrica *timerRate1Metrica) GetValue() (float64, error) {
-	return metrica.dataSource.Rate1(), nil
-}
-
-type timerRateMeanMetrica struct {
-	*baseTimerMetrica
-}
-
-func (metrica *timerRateMeanMetrica) GetValue() (float64, error) {
-	return metrica.dataSource.RateMean(), nil
-}
-
-type timerMeanMetrica struct {
-	*baseTimerMetrica
-}
-
-func (metrica *timerMeanMetrica) GetValue() (float64, error) {
-	return metrica.dataSource.Mean() / float64(time.Millisecond), nil
-}
-
-type timerMinMetrica struct {
-	*baseTimerMetrica
-}
-
-func (metrica *timerMinMetrica) GetValue() (float64, error) {
-	return float64(metrica.dataSource.Min()) / float64(time.Millisecond), nil
-}
-
-type timerMaxMetrica struct {
-	*baseTimerMetrica
-}
-
-func (metrica *timerMaxMetrica) GetValue() (float64, error) {
-	return float64(metrica.dataSource.Max()) / float64(time.Millisecond), nil
-}
-
-type timerPercentile75Metrica struct {
-	*baseTimerMetrica
-}
-
-func (metrica *timerPercentile75Metrica) GetValue() (float64, error) {
-	return metrica.dataSource.Percentile(0.75) / float64(time.Millisecond), nil
-}
-
-type timerPercentile90Metrica struct {
-	*baseTimerMetrica
-}
-
-func (metrica *timerPercentile90Metrica) GetValue() (float64, error) {
-	return metrica.dataSource.Percentile(0.90) / float64(time.Millisecond), nil
-}
-
-type timerPercentile95Metrica struct {
-	*baseTimerMetrica
-}
-
-func (metrica *timerPercentile95Metrica) GetValue() (float64, error) {
-	return metrica.dataSource.Percentile(0.95) / float64(time.Millisecond), nil
-}
-
-func addHTTPMericsToComponent(component newrelic_platform_go.IComponent, timer metrics.Timer) {
-	rate1 := &timerRate1Metrica{
-		baseTimerMetrica: &baseTimerMetrica{
-			name:       "http/throughput/1minute",
-			units:      "rps",
-			dataSource: timer,
-		},
-	}
-	component.AddMetrica(rate1)
-
-	rateMean := &timerRateMeanMetrica{
-		baseTimerMetrica: &baseTimerMetrica{
-			name:       "http/throughput/rateMean",
-			units:      "rps",
-			dataSource: timer,
-		},
-	}
-	component.AddMetrica(rateMean)
-
-	responseTimeMean := &timerMeanMetrica{
-		baseTimerMetrica: &baseTimerMetrica{
-			name:       "http/responseTime/mean",
-			units:      "ms",
-			dataSource: timer,
-		},
-	}
-	component.AddMetrica(responseTimeMean)
-
-	responseTimeMax := &timerMaxMetrica{
-		baseTimerMetrica: &baseTimerMetrica{
-			name:       "http/responseTime/max",
-			units:      "ms",
-			dataSource: timer,
-		},
-	}
-	component.AddMetrica(responseTimeMax)
-
-	responseTimeMin := &timerMinMetrica{
-		baseTimerMetrica: &baseTimerMetrica{
-			name:       "http/responseTime/min",
-			units:      "ms",
-			dataSource: timer,
-		},
-	}
-	component.AddMetrica(responseTimeMin)
-
-	responseTimePercentile75 := &timerPercentile75Metrica{
-		baseTimerMetrica: &baseTimerMetrica{
-			name:       "http/responseTime/percentile75",
-			units:      "ms",
-			dataSource: timer,
-		},
-	}
-	component.AddMetrica(responseTimePercentile75)
-
-	responseTimePercentile90 := &timerPercentile90Metrica{
-		baseTimerMetrica: &baseTimerMetrica{
-			name:       "http/responseTime/percentile90",
-			units:      "ms",
-			dataSource: timer,
-		},
-	}
-	component.AddMetrica(responseTimePercentile90)
-
-	responseTimePercentile95 := &timerPercentile95Metrica{
-		baseTimerMetrica: &baseTimerMetrica{
-			name:       "http/responseTime/percentile95",
-			units:      "ms",
-			dataSource: timer,
-		},
-	}
-	component.AddMetrica(responseTimePercentile95)
-}
diff --git a/vendor/github.com/yvasiyarov/gorelic/memory_metrics.go b/vendor/github.com/yvasiyarov/gorelic/memory_metrics.go
deleted file mode 100644
index 5c8d3e4ec..000000000
--- a/vendor/github.com/yvasiyarov/gorelic/memory_metrics.go
+++ /dev/null
@@ -1,110 +0,0 @@
-package gorelic
-
-import (
-	metrics "github.com/yvasiyarov/go-metrics"
-	"github.com/yvasiyarov/newrelic_platform_go"
-	"time"
-)
-
-func newMemoryMetricaDataSource(pollInterval int) goMetricaDataSource {
-	r := metrics.NewRegistry()
-
-	metrics.RegisterRuntimeMemStats(r)
-	metrics.CaptureRuntimeMemStatsOnce(r)
-	go metrics.CaptureRuntimeMemStats(r, time.Duration(pollInterval)*time.Second)
-	return goMetricaDataSource{r}
-}
-
-func addMemoryMericsToComponent(component newrelic_platform_go.IComponent, pollInterval int) {
-	gaugeMetrics := []*baseGoMetrica{
-		//Memory in use metrics
-		&baseGoMetrica{
-			name:          "InUse/Total",
-			units:         "bytes",
-			dataSourceKey: "runtime.MemStats.Alloc",
-		},
-		&baseGoMetrica{
-			name:          "InUse/Heap",
-			units:         "bytes",
-			dataSourceKey: "runtime.MemStats.HeapAlloc",
-		},
-		&baseGoMetrica{
-			name:          "InUse/Stack",
-			units:         "bytes",
-			dataSourceKey: "runtime.MemStats.StackInuse",
-		},
-		&baseGoMetrica{
-			name:          "InUse/MSpanInuse",
-			units:         "bytes",
-			dataSourceKey: "runtime.MemStats.MSpanInuse",
-		},
-		&baseGoMetrica{
-			name:          "InUse/MCacheInuse",
-			units:         "bytes",
-			dataSourceKey: "runtime.MemStats.MCacheInuse",
-		},
-	}
-	ds := newMemoryMetricaDataSource(pollInterval)
-	for _, m := range gaugeMetrics {
-		m.basePath = "Runtime/Memory/"
-		m.dataSource = ds
-		component.AddMetrica(&gaugeMetrica{m})
-	}
-
-	gaugeIncMetrics := []*baseGoMetrica{
-		//NO operations graph
-		&baseGoMetrica{
-			name:          "Operations/NoPointerLookups",
-			units:         "lookups",
-			dataSourceKey: "runtime.MemStats.Lookups",
-		},
-		&baseGoMetrica{
-			name:          "Operations/NoMallocs",
-			units:         "mallocs",
-			dataSourceKey: "runtime.MemStats.Mallocs",
-		},
-		&baseGoMetrica{
-			name:          "Operations/NoFrees",
-			units:         "frees",
-			dataSourceKey: "runtime.MemStats.Frees",
-		},
-
-		// Sytem memory allocations
-		&baseGoMetrica{
-			name:          "SysMem/Total",
-			units:         "bytes",
-			dataSourceKey: "runtime.MemStats.Sys",
-		},
-		&baseGoMetrica{
-			name:          "SysMem/Heap",
-			units:         "bytes",
-			dataSourceKey: "runtime.MemStats.HeapSys",
-		},
-		&baseGoMetrica{
-			name:          "SysMem/Stack",
-			units:         "bytes",
-			dataSourceKey: "runtime.MemStats.StackSys",
-		},
-		&baseGoMetrica{
-			name:          "SysMem/MSpan",
-			units:         "bytes",
-			dataSourceKey: "runtime.MemStats.MSpanSys",
-		},
-		&baseGoMetrica{
-			name:          "SysMem/MCache",
-			units:         "bytes",
-			dataSourceKey: "runtime.MemStats.MCacheSys",
-		},
-		&baseGoMetrica{
-			name:          "SysMem/BuckHash",
-			units:         "bytes",
-			dataSourceKey: "runtime.MemStats.BuckHashSys",
-		},
-	}
-
-	for _, m := range gaugeIncMetrics {
-		m.basePath = "Runtime/Memory/"
-		m.dataSource = ds
-		component.AddMetrica(&gaugeIncMetrica{baseGoMetrica: m})
-	}
-}
diff --git a/vendor/github.com/yvasiyarov/gorelic/nut.json b/vendor/github.com/yvasiyarov/gorelic/nut.json
deleted file mode 100644
index 7abb8ec69..000000000
--- a/vendor/github.com/yvasiyarov/gorelic/nut.json
+++ /dev/null
@@ -1,15 +0,0 @@
-{
-  "Version": "0.0.6",
-  "Vendor": "yvasiyarov",
-  "Authors": [
-    {
-      "FullName": "Yuriy Vasiyarov",
-      "Email": "varyous@gmail.com"
-    }
-  ],
-  "ExtraFiles": [
-    "README.md",
-    "LICENSE"
-  ],
-  "Homepage": "https://github.com/yvasiyarov/gorelic"
-}
diff --git a/vendor/github.com/yvasiyarov/gorelic/runtime_metrics.go b/vendor/github.com/yvasiyarov/gorelic/runtime_metrics.go
deleted file mode 100644
index 87a42ca69..000000000
--- a/vendor/github.com/yvasiyarov/gorelic/runtime_metrics.go
+++ /dev/null
@@ -1,196 +0,0 @@
-package gorelic
-
-import (
-	"fmt"
-	"github.com/yvasiyarov/newrelic_platform_go"
-	"io/ioutil"
-	"os"
-	"runtime"
-	"strconv"
-	"strings"
-	"time"
-)
-
-const linuxSystemQueryInterval = 60
-
-// Number of goroutines metrica
-type noGoroutinesMetrica struct{}
-
-func (metrica *noGoroutinesMetrica) GetName() string {
-	return "Runtime/General/NOGoroutines"
-}
-func (metrica *noGoroutinesMetrica) GetUnits() string {
-	return "goroutines"
-}
-func (metrica *noGoroutinesMetrica) GetValue() (float64, error) {
-	return float64(runtime.NumGoroutine()), nil
-}
-
-// Number of CGO calls metrica
-type noCgoCallsMetrica struct {
-	lastValue int64
-}
-
-func (metrica *noCgoCallsMetrica) GetName() string {
-	return "Runtime/General/NOCgoCalls"
-}
-func (metrica *noCgoCallsMetrica) GetUnits() string {
-	return "calls"
-}
-func (metrica *noCgoCallsMetrica) GetValue() (float64, error) {
-	currentValue := runtime.NumCgoCall()
-	value := float64(currentValue - metrica.lastValue)
-	metrica.lastValue = currentValue
-
-	return value, nil
-}
-
-//OS specific metrics data source interface
-type iSystemMetricaDataSource interface {
-	GetValue(key string) (float64, error)
-}
-
-// iSystemMetricaDataSource fabrica
-func newSystemMetricaDataSource() iSystemMetricaDataSource {
-	var ds iSystemMetricaDataSource
-	switch runtime.GOOS {
-	default:
-		ds = &systemMetricaDataSource{}
-	case "linux":
-		ds = &linuxSystemMetricaDataSource{
-			systemData: make(map[string]string),
-		}
-	}
-	return ds
-}
-
-//Default implementation of iSystemMetricaDataSource. Just return an error
-type systemMetricaDataSource struct{}
-
-func (ds *systemMetricaDataSource) GetValue(key string) (float64, error) {
-	return 0, fmt.Errorf("this metrica was not implemented yet for %s", runtime.GOOS)
-}
-
-// Linux OS implementation of ISystemMetricaDataSource
-type linuxSystemMetricaDataSource struct {
-	lastUpdate time.Time
-	systemData map[string]string
-}
-
-func (ds *linuxSystemMetricaDataSource) GetValue(key string) (float64, error) {
-	if err := ds.checkAndUpdateData(); err != nil {
-		return 0, err
-	} else if val, ok := ds.systemData[key]; !ok {
-		return 0, fmt.Errorf("system data with key %s was not found", key)
-	} else if key == "VmSize" || key == "VmPeak" || key == "VmHWM" || key == "VmRSS" {
-		valueParts := strings.Split(val, " ")
-		if len(valueParts) != 2 {
-			return 0, fmt.Errorf("invalid format for value %s", key)
-		}
-		valConverted, err := strconv.ParseFloat(valueParts[0], 64)
-		if err != nil {
-			return 0, err
-		}
-		switch valueParts[1] {
-		case "kB":
-			valConverted *= 1 << 10
-		case "mB":
-			valConverted *= 1 << 20
-		case "gB":
-			valConverted *= 1 << 30
-		}
-		return valConverted, nil
-	} else if valConverted, err := strconv.ParseFloat(val, 64); err != nil {
-		return valConverted, nil
-	} else {
-		return valConverted, nil
-	}
-}
-func (ds *linuxSystemMetricaDataSource) checkAndUpdateData() error {
-	startTime := time.Now()
-	if startTime.Sub(ds.lastUpdate) > time.Second*linuxSystemQueryInterval {
-		path := fmt.Sprintf("/proc/%d/status", os.Getpid())
-		rawStats, err := ioutil.ReadFile(path)
-		if err != nil {
-			return err
-		}
-
-		lines := strings.Split(string(rawStats), "\n")
-		for _, line := range lines {
-			parts := strings.Split(line, ":")
-			if len(parts) == 2 {
-				k := strings.TrimSpace(parts[0])
-				v := strings.TrimSpace(parts[1])
-
-				ds.systemData[k] = v
-			}
-		}
-		ds.lastUpdate = startTime
-	}
-	return nil
-}
-
-// OS specific metrica
-type systemMetrica struct {
-	sourceKey    string
-	newrelicName string
-	units        string
-	dataSource   iSystemMetricaDataSource
-}
-
-func (metrica *systemMetrica) GetName() string {
-	return metrica.newrelicName
-}
-func (metrica *systemMetrica) GetUnits() string {
-	return metrica.units
-}
-func (metrica *systemMetrica) GetValue() (float64, error) {
-	return metrica.dataSource.GetValue(metrica.sourceKey)
-}
-
-func addRuntimeMericsToComponent(component newrelic_platform_go.IComponent) {
-	component.AddMetrica(&noGoroutinesMetrica{})
-	component.AddMetrica(&noCgoCallsMetrica{})
-
-	ds := newSystemMetricaDataSource()
-	metrics := []*systemMetrica{
-		&systemMetrica{
-			sourceKey:    "Threads",
-			units:        "Threads",
-			newrelicName: "Runtime/System/Threads",
-		},
-		&systemMetrica{
-			sourceKey:    "FDSize",
-			units:        "fd",
-			newrelicName: "Runtime/System/FDSize",
-		},
-		// Peak virtual memory size
-		&systemMetrica{
-			sourceKey:    "VmPeak",
-			units:        "bytes",
-			newrelicName: "Runtime/System/Memory/VmPeakSize",
-		},
-		//Virtual memory size
-		&systemMetrica{
-			sourceKey:    "VmSize",
-			units:        "bytes",
-			newrelicName: "Runtime/System/Memory/VmCurrent",
-		},
-		//Peak resident set size
-		&systemMetrica{
-			sourceKey:    "VmHWM",
-			units:        "bytes",
-			newrelicName: "Runtime/System/Memory/RssPeak",
-		},
-		//Resident set size
-		&systemMetrica{
-			sourceKey:    "VmRSS",
-			units:        "bytes",
-			newrelicName: "Runtime/System/Memory/RssCurrent",
-		},
-	}
-	for _, m := range metrics {
-		m.dataSource = ds
-		component.AddMetrica(m)
-	}
-}
diff --git a/vendor/github.com/yvasiyarov/newrelic_platform_go/.travis.yml b/vendor/github.com/yvasiyarov/newrelic_platform_go/.travis.yml
deleted file mode 100644
index 4f2ee4d97..000000000
--- a/vendor/github.com/yvasiyarov/newrelic_platform_go/.travis.yml
+++ /dev/null
@@ -1 +0,0 @@
-language: go
diff --git a/vendor/github.com/yvasiyarov/newrelic_platform_go/LICENSE b/vendor/github.com/yvasiyarov/newrelic_platform_go/LICENSE
deleted file mode 100644
index 01a9a5c4d..000000000
--- a/vendor/github.com/yvasiyarov/newrelic_platform_go/LICENSE
+++ /dev/null
@@ -1,24 +0,0 @@
-Copyright (c) 2013 Yuriy Vasiyarov. All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions are
-met:
-
-   * Redistributions of source code must retain the above copyright
-notice, this list of conditions and the following disclaimer.
-   * Redistributions in binary form must reproduce the above
-copyright notice, this list of conditions and the following disclaimer
-in the documentation and/or other materials provided with the
-distribution.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/vendor/github.com/yvasiyarov/newrelic_platform_go/README.md b/vendor/github.com/yvasiyarov/newrelic_platform_go/README.md
deleted file mode 100644
index 344623440..000000000
--- a/vendor/github.com/yvasiyarov/newrelic_platform_go/README.md
+++ /dev/null
@@ -1,11 +0,0 @@
-New Relic Platform Agent SDK for Go(golang)
-====================
-
-[![Build Status](https://travis-ci.org/yvasiyarov/newrelic_platform_go.png?branch=master)](https://travis-ci.org/yvasiyarov/newrelic_platform_go)
-
-This package provide very simple interface to NewRelic Platform http://newrelic.com/platform
-
-For example of usage see examples/wave_plugin.go
-
-For real-word example, you can have a look at:   
-https://github.com/yvasiyarov/newrelic_sphinx   
diff --git a/vendor/github.com/yvasiyarov/newrelic_platform_go/agent.go b/vendor/github.com/yvasiyarov/newrelic_platform_go/agent.go
deleted file mode 100644
index d9d275354..000000000
--- a/vendor/github.com/yvasiyarov/newrelic_platform_go/agent.go
+++ /dev/null
@@ -1,27 +0,0 @@
-package newrelic_platform_go
-
-import (
-	"log"
-	"os"
-)
-
-type Agent struct {
-	Host    string `json:"host"`
-	Version string `json:"version"`
-	Pid     int    `json:"pid"`
-}
-
-func NewAgent(Version string) *Agent {
-	agent := &Agent{
-		Version: Version,
-	}
-	return agent
-}
-
-func (agent *Agent) CollectEnvironmentInfo() {
-	var err error
-	agent.Pid = os.Getpid()
-	if agent.Host, err = os.Hostname(); err != nil {
-		log.Fatalf("Can not get hostname: %#v \n", err)
-	}
-}
diff --git a/vendor/github.com/yvasiyarov/newrelic_platform_go/component.go b/vendor/github.com/yvasiyarov/newrelic_platform_go/component.go
deleted file mode 100644
index 000f7ab76..000000000
--- a/vendor/github.com/yvasiyarov/newrelic_platform_go/component.go
+++ /dev/null
@@ -1,71 +0,0 @@
-package newrelic_platform_go
-
-import (
-	"log"
-	"math"
-)
-
-type ComponentData interface{}
-type IComponent interface {
-	Harvest(plugin INewrelicPlugin) ComponentData
-	SetDuration(duration int)
-	AddMetrica(model IMetrica)
-	ClearSentData()
-}
-
-type PluginComponent struct {
-	Name          string                  `json:"name"`
-	GUID          string                  `json:"guid"`
-	Duration      int                     `json:"duration"`
-	Metrics       map[string]MetricaValue `json:"metrics"`
-	MetricaModels []IMetrica              `json:"-"`
-}
-
-func NewPluginComponent(name string, guid string) *PluginComponent {
-	c := &PluginComponent{
-		Name: name,
-		GUID: guid,
-	}
-	return c
-}
-
-func (component *PluginComponent) AddMetrica(model IMetrica) {
-	component.MetricaModels = append(component.MetricaModels, model)
-}
-
-func (component *PluginComponent) ClearSentData() {
-	component.Metrics = nil
-}
-
-func (component *PluginComponent) SetDuration(duration int) {
-	component.Duration = duration
-}
-
-func (component *PluginComponent) Harvest(plugin INewrelicPlugin) ComponentData {
-	component.Metrics = make(map[string]MetricaValue, len(component.MetricaModels))
-	for i := 0; i < len(component.MetricaModels); i++ {
-		model := component.MetricaModels[i]
-		metricaKey := plugin.GetMetricaKey(model)
-
-		if newValue, err := model.GetValue(); err == nil {
-		        if math.IsInf(newValue, 0) || math.IsNaN(newValue) {
-                                newValue = 0
-                        }
-
-			if existMetric, ok := component.Metrics[metricaKey]; ok {
-				if floatExistVal, ok := existMetric.(float64); ok {
-					component.Metrics[metricaKey] = NewAggregatedMetricaValue(floatExistVal, newValue)
-				} else if aggregatedValue, ok := existMetric.(*AggregatedMetricaValue); ok {
-					aggregatedValue.Aggregate(newValue)
-				} else {
-					panic("Invalid type in metrica value")
-				}
-			} else {
-				component.Metrics[metricaKey] = newValue
-			}
-		} else {
-			log.Printf("Can not get metrica: %v, got error:%#v", model.GetName(), err)
-		}
-	}
-	return component
-}
diff --git a/vendor/github.com/yvasiyarov/newrelic_platform_go/doc.go b/vendor/github.com/yvasiyarov/newrelic_platform_go/doc.go
deleted file mode 100644
index ef41e9697..000000000
--- a/vendor/github.com/yvasiyarov/newrelic_platform_go/doc.go
+++ /dev/null
@@ -1,2 +0,0 @@
-// Package newrelic_platform_go is New Relic Platform Agent SDK for Go language.
-package newrelic_platform_go
diff --git a/vendor/github.com/yvasiyarov/newrelic_platform_go/metrica.go b/vendor/github.com/yvasiyarov/newrelic_platform_go/metrica.go
deleted file mode 100644
index fc4fbd48f..000000000
--- a/vendor/github.com/yvasiyarov/newrelic_platform_go/metrica.go
+++ /dev/null
@@ -1,42 +0,0 @@
-package newrelic_platform_go
-
-import (
-	"math"
-)
-
-type IMetrica interface {
-	GetValue() (float64, error)
-	GetName() string
-	GetUnits() string
-}
-
-type MetricaValue interface{}
-
-type SimpleMetricaValue float64
-
-type AggregatedMetricaValue struct {
-	Min          float64 `json:"min"`
-	Max          float64 `json:"max"`
-	Total        float64 `json:"total"`
-	Count        int     `json:"count"`
-	SumOfSquares float64 `json:"sum_of_squares"`
-}
-
-func NewAggregatedMetricaValue(existValue float64, newValue float64) *AggregatedMetricaValue {
-	v := &AggregatedMetricaValue{
-		Min:          math.Min(newValue, existValue),
-		Max:          math.Max(newValue, existValue),
-		Total:        newValue + existValue,
-		Count:        2,
-		SumOfSquares: newValue*newValue + existValue*existValue,
-	}
-	return v
-}
-
-func (aggregatedValue *AggregatedMetricaValue) Aggregate(newValue float64) {
-	aggregatedValue.Min = math.Min(newValue, aggregatedValue.Min)
-	aggregatedValue.Max = math.Max(newValue, aggregatedValue.Max)
-	aggregatedValue.Total += newValue
-	aggregatedValue.Count++
-	aggregatedValue.SumOfSquares += newValue * newValue
-}
diff --git a/vendor/github.com/yvasiyarov/newrelic_platform_go/nut.json b/vendor/github.com/yvasiyarov/newrelic_platform_go/nut.json
deleted file mode 100644
index 1e57c3952..000000000
--- a/vendor/github.com/yvasiyarov/newrelic_platform_go/nut.json
+++ /dev/null
@@ -1,15 +0,0 @@
-{
-  "Version": "0.0.1",
-  "Vendor": "yvasiyarov",
-  "Authors": [
-    {
-      "FullName": "Yuriy Vasiyarov",
-      "Email": "varyous@gmail.com"
-    }
-  ],
-  "ExtraFiles": [
-    "README.md",
-    "LICENSE"
-  ],
-  "Homepage": "https://github.com/yvasiyarov/newrelic_platform_go"
-}
diff --git a/vendor/github.com/yvasiyarov/newrelic_platform_go/plugin.go b/vendor/github.com/yvasiyarov/newrelic_platform_go/plugin.go
deleted file mode 100644
index 3e45666de..000000000
--- a/vendor/github.com/yvasiyarov/newrelic_platform_go/plugin.go
+++ /dev/null
@@ -1,194 +0,0 @@
-package newrelic_platform_go
-
-import (
-	"bytes"
-	"encoding/json"
-	"fmt"
-	"log"
-	"net/http"
-	"strings"
-	"time"
-)
-
-const (
-	NEWRELIC_API_URL = "https://platform-api.newrelic.com/platform/v1/metrics"
-)
-
-type INewrelicPlugin interface {
-	GetMetricaKey(metrica IMetrica) string
-	Harvest() error
-	Run()
-	AddComponent(component IComponent)
-}
-type NewrelicPlugin struct {
-	Agent      *Agent          `json:"agent"`
-	Components []ComponentData `json:"components"`
-
-	ComponentModels      []IComponent `json:"-"`
-	LastPollTime         time.Time    `json:"-"`
-	Verbose              bool         `json:"-"`
-	LicenseKey           string       `json:"-"`
-	PollIntervalInSecond int          `json:"-"`
-}
-
-func NewNewrelicPlugin(version string, licenseKey string, pollInterval int) *NewrelicPlugin {
-	plugin := &NewrelicPlugin{
-		LicenseKey:           licenseKey,
-		PollIntervalInSecond: pollInterval,
-	}
-
-	plugin.Agent = NewAgent(version)
-	plugin.Agent.CollectEnvironmentInfo()
-
-	plugin.ComponentModels = []IComponent{}
-	return plugin
-}
-
-func (plugin *NewrelicPlugin) Harvest() error {
-	startTime := time.Now()
-	var duration int
-	if plugin.LastPollTime.IsZero() {
-		duration = plugin.PollIntervalInSecond
-	} else {
-		duration = int(startTime.Sub(plugin.LastPollTime).Seconds())
-	}
-
-	plugin.Components = make([]ComponentData, 0, len(plugin.ComponentModels))
-	for i := 0; i < len(plugin.ComponentModels); i++ {
-		plugin.ComponentModels[i].SetDuration(duration)
-		plugin.Components = append(plugin.Components, plugin.ComponentModels[i].Harvest(plugin))
-	}
-
-	if httpCode, err := plugin.SendMetricas(); err != nil {
-		log.Printf("Can not send metricas to newrelic: %#v\n", err)
-		return err
-	} else {
-
-		if plugin.Verbose {
-			log.Printf("Got HTTP response code:%d", httpCode)
-		}
-
-		if err, isFatal := plugin.CheckResponse(httpCode); isFatal {		
-			log.Printf("Got fatal error:%v\n", err)
-			return err
-		} else {
-			if err != nil {
-				log.Printf("WARNING: %v", err)
-			}
-			return err
-		}
-	}
-	return nil
-}
-
-func (plugin *NewrelicPlugin) GetMetricaKey(metrica IMetrica) string {
-	var keyBuffer bytes.Buffer
-
-	keyBuffer.WriteString("Component/")
-	keyBuffer.WriteString(metrica.GetName())
-	keyBuffer.WriteString("[")
-	keyBuffer.WriteString(metrica.GetUnits())
-	keyBuffer.WriteString("]")
-
-	return keyBuffer.String()
-}
-
-func (plugin *NewrelicPlugin) SendMetricas() (int, error) {
-	client := &http.Client{}
-	var metricasJson []byte
-	var encodingError error
-
-	if plugin.Verbose {
-		metricasJson, encodingError = json.MarshalIndent(plugin, "", "    ")
-	} else {
-		metricasJson, encodingError = json.Marshal(plugin)
-	}
-
-	if encodingError != nil {
-		return 0, encodingError
-	}
-
-	jsonAsString := string(metricasJson)
-	if plugin.Verbose {
-		log.Printf("Send data:%s \n", jsonAsString)
-	}
-
-	if httpRequest, err := http.NewRequest("POST", NEWRELIC_API_URL, strings.NewReader(jsonAsString)); err != nil {
-		return 0, err
-	} else {
-		httpRequest.Header.Set("X-License-Key", plugin.LicenseKey)
-		httpRequest.Header.Set("Content-Type", "application/json")
-		httpRequest.Header.Set("Accept", "application/json")
-
-		if httpResponse, err := client.Do(httpRequest); err != nil {
-			return 0, err
-		} else {
-			defer httpResponse.Body.Close()
-			return httpResponse.StatusCode, nil
-		}
-	}
-
-	// we will never get there
-	return 0, nil
-}
-
-func (plugin *NewrelicPlugin) ClearSentData() {
-	for _, component := range plugin.ComponentModels {
-		component.ClearSentData()
-	}
-	plugin.Components = nil
-	plugin.LastPollTime = time.Now()
-}
-
-func (plugin *NewrelicPlugin) CheckResponse(httpResponseCode int) (error, bool) {
-	isFatal := false
-	var err error
-	switch httpResponseCode {
-	case http.StatusOK:
-		{
-			plugin.ClearSentData()
-		}
-	case http.StatusForbidden:
-		{
-			err = fmt.Errorf("Authentication error (no license key header, or invalid license key).\n")
-			isFatal = true
-		}
-	case http.StatusBadRequest:
-		{
-			err = fmt.Errorf("The request or headers are in the wrong format or the URL is incorrect.\n")
-			isFatal = true
-		}
-	case http.StatusNotFound:
-		{
-			err = fmt.Errorf("Invalid URL\n")
-			isFatal = true
-		}
-	case http.StatusRequestEntityTooLarge:
-		{
-			err = fmt.Errorf("Too many metrics were sent in one request, or too many components (instances) were specified in one request, or other single-request limits were reached.\n")
-			//discard metrics
-			plugin.ClearSentData()
-		}
-	case http.StatusInternalServerError, http.StatusBadGateway, http.StatusServiceUnavailable, http.StatusGatewayTimeout:
-		{
-			err = fmt.Errorf("Got %v response code.Metricas will be aggregated", httpResponseCode)
-		}
-	}
-	return err, isFatal
-}
-
-func (plugin *NewrelicPlugin) Run() {
-	plugin.Harvest()
-	tickerChannel := time.Tick(time.Duration(plugin.PollIntervalInSecond) * time.Second)
-	for ts := range tickerChannel {
-		plugin.Harvest()
-
-		if plugin.Verbose {
-			log.Printf("Harvest ended at:%v\n", ts)
-		}
-	}
-}
-
-func (plugin *NewrelicPlugin) AddComponent(component IComponent) {
-	plugin.ComponentModels = append(plugin.ComponentModels, component)
-}
diff --git a/vendor/google.golang.org/api/googleapi/googleapi.go b/vendor/google.golang.org/api/googleapi/googleapi.go
deleted file mode 100644
index b5e38c662..000000000
--- a/vendor/google.golang.org/api/googleapi/googleapi.go
+++ /dev/null
@@ -1,480 +0,0 @@
-// Copyright 2011 Google LLC. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// Package googleapi contains the common code shared by all Google API
-// libraries.
-package googleapi // import "google.golang.org/api/googleapi"
-
-import (
-	"bytes"
-	"encoding/json"
-	"fmt"
-	"io"
-	"net/http"
-	"net/url"
-	"strings"
-	"time"
-
-	"google.golang.org/api/internal/third_party/uritemplates"
-)
-
-// ContentTyper is an interface for Readers which know (or would like
-// to override) their Content-Type. If a media body doesn't implement
-// ContentTyper, the type is sniffed from the content using
-// http.DetectContentType.
-type ContentTyper interface {
-	ContentType() string
-}
-
-// A SizeReaderAt is a ReaderAt with a Size method.
-// An io.SectionReader implements SizeReaderAt.
-type SizeReaderAt interface {
-	io.ReaderAt
-	Size() int64
-}
-
-// ServerResponse is embedded in each Do response and
-// provides the HTTP status code and header sent by the server.
-type ServerResponse struct {
-	// HTTPStatusCode is the server's response status code. When using a
-	// resource method's Do call, this will always be in the 2xx range.
-	HTTPStatusCode int
-	// Header contains the response header fields from the server.
-	Header http.Header
-}
-
-const (
-	// Version defines the gax version being used. This is typically sent
-	// in an HTTP header to services.
-	Version = "0.5"
-
-	// UserAgent is the header string used to identify this package.
-	UserAgent = "google-api-go-client/" + Version
-
-	// DefaultUploadChunkSize is the default chunk size to use for resumable
-	// uploads if not specified by the user.
-	DefaultUploadChunkSize = 16 * 1024 * 1024
-
-	// MinUploadChunkSize is the minimum chunk size that can be used for
-	// resumable uploads.  All user-specified chunk sizes must be multiple of
-	// this value.
-	MinUploadChunkSize = 256 * 1024
-)
-
-// Error contains an error response from the server.
-type Error struct {
-	// Code is the HTTP response status code and will always be populated.
-	Code int `json:"code"`
-	// Message is the server response message and is only populated when
-	// explicitly referenced by the JSON server response.
-	Message string `json:"message"`
-	// Details provide more context to an error.
-	Details []interface{} `json:"details"`
-	// Body is the raw response returned by the server.
-	// It is often but not always JSON, depending on how the request fails.
-	Body string
-	// Header contains the response header fields from the server.
-	Header http.Header
-
-	Errors []ErrorItem
-	// err is typically a wrapped apierror.APIError, see
-	// google-api-go-client/internal/gensupport/error.go.
-	err error
-}
-
-// ErrorItem is a detailed error code & message from the Google API frontend.
-type ErrorItem struct {
-	// Reason is the typed error code. For example: "some_example".
-	Reason string `json:"reason"`
-	// Message is the human-readable description of the error.
-	Message string `json:"message"`
-}
-
-func (e *Error) Error() string {
-	if len(e.Errors) == 0 && e.Message == "" {
-		return fmt.Sprintf("googleapi: got HTTP response code %d with body: %v", e.Code, e.Body)
-	}
-	var buf bytes.Buffer
-	fmt.Fprintf(&buf, "googleapi: Error %d: ", e.Code)
-	if e.Message != "" {
-		fmt.Fprintf(&buf, "%s", e.Message)
-	}
-	if len(e.Details) > 0 {
-		var detailBuf bytes.Buffer
-		enc := json.NewEncoder(&detailBuf)
-		enc.SetIndent("", "  ")
-		if err := enc.Encode(e.Details); err == nil {
-			fmt.Fprint(&buf, "\nDetails:")
-			fmt.Fprintf(&buf, "\n%s", detailBuf.String())
-
-		}
-	}
-	if len(e.Errors) == 0 {
-		return strings.TrimSpace(buf.String())
-	}
-	if len(e.Errors) == 1 && e.Errors[0].Message == e.Message {
-		fmt.Fprintf(&buf, ", %s", e.Errors[0].Reason)
-		return buf.String()
-	}
-	fmt.Fprintln(&buf, "\nMore details:")
-	for _, v := range e.Errors {
-		fmt.Fprintf(&buf, "Reason: %s, Message: %s\n", v.Reason, v.Message)
-	}
-	return buf.String()
-}
-
-// Wrap allows an existing Error to wrap another error. See also [Error.Unwrap].
-func (e *Error) Wrap(err error) {
-	e.err = err
-}
-
-func (e *Error) Unwrap() error {
-	return e.err
-}
-
-type errorReply struct {
-	Error *Error `json:"error"`
-}
-
-// CheckResponse returns an error (of type *Error) if the response
-// status code is not 2xx.
-func CheckResponse(res *http.Response) error {
-	if res.StatusCode >= 200 && res.StatusCode <= 299 {
-		return nil
-	}
-	slurp, err := io.ReadAll(res.Body)
-	if err == nil {
-		jerr := new(errorReply)
-		err = json.Unmarshal(slurp, jerr)
-		if err == nil && jerr.Error != nil {
-			if jerr.Error.Code == 0 {
-				jerr.Error.Code = res.StatusCode
-			}
-			jerr.Error.Body = string(slurp)
-			jerr.Error.Header = res.Header
-			return jerr.Error
-		}
-	}
-	return &Error{
-		Code:   res.StatusCode,
-		Body:   string(slurp),
-		Header: res.Header,
-	}
-}
-
-// IsNotModified reports whether err is the result of the
-// server replying with http.StatusNotModified.
-// Such error values are sometimes returned by "Do" methods
-// on calls when If-None-Match is used.
-func IsNotModified(err error) bool {
-	if err == nil {
-		return false
-	}
-	ae, ok := err.(*Error)
-	return ok && ae.Code == http.StatusNotModified
-}
-
-// CheckMediaResponse returns an error (of type *Error) if the response
-// status code is not 2xx. Unlike CheckResponse it does not assume the
-// body is a JSON error document.
-// It is the caller's responsibility to close res.Body.
-func CheckMediaResponse(res *http.Response) error {
-	if res.StatusCode >= 200 && res.StatusCode <= 299 {
-		return nil
-	}
-	slurp, _ := io.ReadAll(io.LimitReader(res.Body, 1<<20))
-	return &Error{
-		Code:   res.StatusCode,
-		Body:   string(slurp),
-		Header: res.Header,
-	}
-}
-
-// MarshalStyle defines whether to marshal JSON with a {"data": ...} wrapper.
-type MarshalStyle bool
-
-// WithDataWrapper marshals JSON with a {"data": ...} wrapper.
-var WithDataWrapper = MarshalStyle(true)
-
-// WithoutDataWrapper marshals JSON without a {"data": ...} wrapper.
-var WithoutDataWrapper = MarshalStyle(false)
-
-func (wrap MarshalStyle) JSONReader(v interface{}) (io.Reader, error) {
-	buf := new(bytes.Buffer)
-	if wrap {
-		buf.Write([]byte(`{"data": `))
-	}
-	err := json.NewEncoder(buf).Encode(v)
-	if err != nil {
-		return nil, err
-	}
-	if wrap {
-		buf.Write([]byte(`}`))
-	}
-	return buf, nil
-}
-
-// ProgressUpdater is a function that is called upon every progress update of a resumable upload.
-// This is the only part of a resumable upload (from googleapi) that is usable by the developer.
-// The remaining usable pieces of resumable uploads is exposed in each auto-generated API.
-type ProgressUpdater func(current, total int64)
-
-// MediaOption defines the interface for setting media options.
-type MediaOption interface {
-	setOptions(o *MediaOptions)
-}
-
-type contentTypeOption string
-
-func (ct contentTypeOption) setOptions(o *MediaOptions) {
-	o.ContentType = string(ct)
-	if o.ContentType == "" {
-		o.ForceEmptyContentType = true
-	}
-}
-
-// ContentType returns a MediaOption which sets the Content-Type header for media uploads.
-// If ctype is empty, the Content-Type header will be omitted.
-func ContentType(ctype string) MediaOption {
-	return contentTypeOption(ctype)
-}
-
-type chunkSizeOption int
-
-func (cs chunkSizeOption) setOptions(o *MediaOptions) {
-	size := int(cs)
-	if size%MinUploadChunkSize != 0 {
-		size += MinUploadChunkSize - (size % MinUploadChunkSize)
-	}
-	o.ChunkSize = size
-}
-
-// ChunkSize returns a MediaOption which sets the chunk size for media uploads.
-// size will be rounded up to the nearest multiple of 256K.
-// Media which contains fewer than size bytes will be uploaded in a single request.
-// Media which contains size bytes or more will be uploaded in separate chunks.
-// If size is zero, media will be uploaded in a single request.
-func ChunkSize(size int) MediaOption {
-	return chunkSizeOption(size)
-}
-
-type chunkRetryDeadlineOption time.Duration
-
-func (cd chunkRetryDeadlineOption) setOptions(o *MediaOptions) {
-	o.ChunkRetryDeadline = time.Duration(cd)
-}
-
-// ChunkRetryDeadline returns a MediaOption which sets a per-chunk retry
-// deadline. If a single chunk has been attempting to upload for longer than
-// this time and the request fails, it will no longer be retried, and the error
-// will be returned to the caller.
-// This is only applicable for files which are large enough to require
-// a multi-chunk resumable upload.
-// The default value is 32s.
-// To set a deadline on the entire upload, use context timeout or cancellation.
-func ChunkRetryDeadline(deadline time.Duration) MediaOption {
-	return chunkRetryDeadlineOption(deadline)
-}
-
-// MediaOptions stores options for customizing media upload.  It is not used by developers directly.
-type MediaOptions struct {
-	ContentType           string
-	ForceEmptyContentType bool
-	ChunkSize             int
-	ChunkRetryDeadline    time.Duration
-}
-
-// ProcessMediaOptions stores options from opts in a MediaOptions.
-// It is not used by developers directly.
-func ProcessMediaOptions(opts []MediaOption) *MediaOptions {
-	mo := &MediaOptions{ChunkSize: DefaultUploadChunkSize}
-	for _, o := range opts {
-		o.setOptions(mo)
-	}
-	return mo
-}
-
-// ResolveRelative resolves relatives such as "http://www.golang.org/" and
-// "topics/myproject/mytopic" into a single string, such as
-// "http://www.golang.org/topics/myproject/mytopic". It strips all parent
-// references (e.g. ../..) as well as anything after the host
-// (e.g. /bar/gaz gets stripped out of foo.com/bar/gaz).
-//
-// ResolveRelative panics if either basestr or relstr is not able to be parsed.
-func ResolveRelative(basestr, relstr string) string {
-	u, err := url.Parse(basestr)
-	if err != nil {
-		panic(fmt.Sprintf("failed to parse %q", basestr))
-	}
-	afterColonPath := ""
-	if i := strings.IndexRune(relstr, ':'); i > 0 {
-		afterColonPath = relstr[i+1:]
-		relstr = relstr[:i]
-	}
-	rel, err := url.Parse(relstr)
-	if err != nil {
-		panic(fmt.Sprintf("failed to parse %q", relstr))
-	}
-	u = u.ResolveReference(rel)
-	us := u.String()
-	if afterColonPath != "" {
-		us = fmt.Sprintf("%s:%s", us, afterColonPath)
-	}
-	us = strings.Replace(us, "%7B", "{", -1)
-	us = strings.Replace(us, "%7D", "}", -1)
-	us = strings.Replace(us, "%2A", "*", -1)
-	return us
-}
-
-// Expand subsitutes any {encoded} strings in the URL passed in using
-// the map supplied.
-//
-// This calls SetOpaque to avoid encoding of the parameters in the URL path.
-func Expand(u *url.URL, expansions map[string]string) {
-	escaped, unescaped, err := uritemplates.Expand(u.Path, expansions)
-	if err == nil {
-		u.Path = unescaped
-		u.RawPath = escaped
-	}
-}
-
-// CloseBody is used to close res.Body.
-// Prior to calling Close, it also tries to Read a small amount to see an EOF.
-// Not seeing an EOF can prevent HTTP Transports from reusing connections.
-func CloseBody(res *http.Response) {
-	if res == nil || res.Body == nil {
-		return
-	}
-	// Justification for 3 byte reads: two for up to "\r\n" after
-	// a JSON/XML document, and then 1 to see EOF if we haven't yet.
-	// TODO(bradfitz): detect Go 1.3+ and skip these reads.
-	// See https://codereview.appspot.com/58240043
-	// and https://codereview.appspot.com/49570044
-	buf := make([]byte, 1)
-	for i := 0; i < 3; i++ {
-		_, err := res.Body.Read(buf)
-		if err != nil {
-			break
-		}
-	}
-	res.Body.Close()
-
-}
-
-// VariantType returns the type name of the given variant.
-// If the map doesn't contain the named key or the value is not a []interface{}, "" is returned.
-// This is used to support "variant" APIs that can return one of a number of different types.
-func VariantType(t map[string]interface{}) string {
-	s, _ := t["type"].(string)
-	return s
-}
-
-// ConvertVariant uses the JSON encoder/decoder to fill in the struct 'dst' with the fields found in variant 'v'.
-// This is used to support "variant" APIs that can return one of a number of different types.
-// It reports whether the conversion was successful.
-func ConvertVariant(v map[string]interface{}, dst interface{}) bool {
-	var buf bytes.Buffer
-	err := json.NewEncoder(&buf).Encode(v)
-	if err != nil {
-		return false
-	}
-	return json.Unmarshal(buf.Bytes(), dst) == nil
-}
-
-// A Field names a field to be retrieved with a partial response.
-// https://cloud.google.com/storage/docs/json_api/v1/how-tos/performance
-//
-// Partial responses can dramatically reduce the amount of data that must be sent to your application.
-// In order to request partial responses, you can specify the full list of fields
-// that your application needs by adding the Fields option to your request.
-//
-// Field strings use camelCase with leading lower-case characters to identify fields within the response.
-//
-// For example, if your response has a "NextPageToken" and a slice of "Items" with "Id" fields,
-// you could request just those fields like this:
-//
-//	svc.Events.List().Fields("nextPageToken", "items/id").Do()
-//
-// or if you were also interested in each Item's "Updated" field, you can combine them like this:
-//
-//	svc.Events.List().Fields("nextPageToken", "items(id,updated)").Do()
-//
-// Another way to find field names is through the Google API explorer:
-// https://developers.google.com/apis-explorer/#p/
-type Field string
-
-// CombineFields combines fields into a single string.
-func CombineFields(s []Field) string {
-	r := make([]string, len(s))
-	for i, v := range s {
-		r[i] = string(v)
-	}
-	return strings.Join(r, ",")
-}
-
-// A CallOption is an optional argument to an API call.
-// It should be treated as an opaque value by users of Google APIs.
-//
-// A CallOption is something that configures an API call in a way that is
-// not specific to that API; for instance, controlling the quota user for
-// an API call is common across many APIs, and is thus a CallOption.
-type CallOption interface {
-	Get() (key, value string)
-}
-
-// A MultiCallOption is an option argument to an API call and can be passed
-// anywhere a CallOption is accepted. It additionally supports returning a slice
-// of values for a given key.
-type MultiCallOption interface {
-	CallOption
-	GetMulti() (key string, value []string)
-}
-
-// QuotaUser returns a CallOption that will set the quota user for a call.
-// The quota user can be used by server-side applications to control accounting.
-// It can be an arbitrary string up to 40 characters, and will override UserIP
-// if both are provided.
-func QuotaUser(u string) CallOption { return quotaUser(u) }
-
-type quotaUser string
-
-func (q quotaUser) Get() (string, string) { return "quotaUser", string(q) }
-
-// UserIP returns a CallOption that will set the "userIp" parameter of a call.
-// This should be the IP address of the originating request.
-func UserIP(ip string) CallOption { return userIP(ip) }
-
-type userIP string
-
-func (i userIP) Get() (string, string) { return "userIp", string(i) }
-
-// Trace returns a CallOption that enables diagnostic tracing for a call.
-// traceToken is an ID supplied by Google support.
-func Trace(traceToken string) CallOption { return traceTok(traceToken) }
-
-type traceTok string
-
-func (t traceTok) Get() (string, string) { return "trace", "token:" + string(t) }
-
-type queryParameter struct {
-	key    string
-	values []string
-}
-
-// QueryParameter allows setting the value(s) of an arbitrary key.
-func QueryParameter(key string, values ...string) CallOption {
-	return queryParameter{key: key, values: append([]string{}, values...)}
-}
-
-// Get will never actually be called -- GetMulti will.
-func (q queryParameter) Get() (string, string) {
-	return "", ""
-}
-
-// GetMulti returns the key and values values associated to that key.
-func (q queryParameter) GetMulti() (string, []string) {
-	return q.key, q.values
-}
-
-// TODO: Fields too
diff --git a/vendor/google.golang.org/api/googleapi/types.go b/vendor/google.golang.org/api/googleapi/types.go
deleted file mode 100644
index fabf74d50..000000000
--- a/vendor/google.golang.org/api/googleapi/types.go
+++ /dev/null
@@ -1,202 +0,0 @@
-// Copyright 2013 Google LLC. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package googleapi
-
-import (
-	"encoding/json"
-	"errors"
-	"strconv"
-)
-
-// Int64s is a slice of int64s that marshal as quoted strings in JSON.
-type Int64s []int64
-
-func (q *Int64s) UnmarshalJSON(raw []byte) error {
-	*q = (*q)[:0]
-	var ss []string
-	if err := json.Unmarshal(raw, &ss); err != nil {
-		return err
-	}
-	for _, s := range ss {
-		v, err := strconv.ParseInt(s, 10, 64)
-		if err != nil {
-			return err
-		}
-		*q = append(*q, int64(v))
-	}
-	return nil
-}
-
-// Int32s is a slice of int32s that marshal as quoted strings in JSON.
-type Int32s []int32
-
-func (q *Int32s) UnmarshalJSON(raw []byte) error {
-	*q = (*q)[:0]
-	var ss []string
-	if err := json.Unmarshal(raw, &ss); err != nil {
-		return err
-	}
-	for _, s := range ss {
-		v, err := strconv.ParseInt(s, 10, 32)
-		if err != nil {
-			return err
-		}
-		*q = append(*q, int32(v))
-	}
-	return nil
-}
-
-// Uint64s is a slice of uint64s that marshal as quoted strings in JSON.
-type Uint64s []uint64
-
-func (q *Uint64s) UnmarshalJSON(raw []byte) error {
-	*q = (*q)[:0]
-	var ss []string
-	if err := json.Unmarshal(raw, &ss); err != nil {
-		return err
-	}
-	for _, s := range ss {
-		v, err := strconv.ParseUint(s, 10, 64)
-		if err != nil {
-			return err
-		}
-		*q = append(*q, uint64(v))
-	}
-	return nil
-}
-
-// Uint32s is a slice of uint32s that marshal as quoted strings in JSON.
-type Uint32s []uint32
-
-func (q *Uint32s) UnmarshalJSON(raw []byte) error {
-	*q = (*q)[:0]
-	var ss []string
-	if err := json.Unmarshal(raw, &ss); err != nil {
-		return err
-	}
-	for _, s := range ss {
-		v, err := strconv.ParseUint(s, 10, 32)
-		if err != nil {
-			return err
-		}
-		*q = append(*q, uint32(v))
-	}
-	return nil
-}
-
-// Float64s is a slice of float64s that marshal as quoted strings in JSON.
-type Float64s []float64
-
-func (q *Float64s) UnmarshalJSON(raw []byte) error {
-	*q = (*q)[:0]
-	var ss []string
-	if err := json.Unmarshal(raw, &ss); err != nil {
-		return err
-	}
-	for _, s := range ss {
-		v, err := strconv.ParseFloat(s, 64)
-		if err != nil {
-			return err
-		}
-		*q = append(*q, float64(v))
-	}
-	return nil
-}
-
-func quotedList(n int, fn func(dst []byte, i int) []byte) ([]byte, error) {
-	dst := make([]byte, 0, 2+n*10) // somewhat arbitrary
-	dst = append(dst, '[')
-	for i := 0; i < n; i++ {
-		if i > 0 {
-			dst = append(dst, ',')
-		}
-		dst = append(dst, '"')
-		dst = fn(dst, i)
-		dst = append(dst, '"')
-	}
-	dst = append(dst, ']')
-	return dst, nil
-}
-
-func (q Int64s) MarshalJSON() ([]byte, error) {
-	return quotedList(len(q), func(dst []byte, i int) []byte {
-		return strconv.AppendInt(dst, q[i], 10)
-	})
-}
-
-func (q Int32s) MarshalJSON() ([]byte, error) {
-	return quotedList(len(q), func(dst []byte, i int) []byte {
-		return strconv.AppendInt(dst, int64(q[i]), 10)
-	})
-}
-
-func (q Uint64s) MarshalJSON() ([]byte, error) {
-	return quotedList(len(q), func(dst []byte, i int) []byte {
-		return strconv.AppendUint(dst, q[i], 10)
-	})
-}
-
-func (q Uint32s) MarshalJSON() ([]byte, error) {
-	return quotedList(len(q), func(dst []byte, i int) []byte {
-		return strconv.AppendUint(dst, uint64(q[i]), 10)
-	})
-}
-
-func (q Float64s) MarshalJSON() ([]byte, error) {
-	return quotedList(len(q), func(dst []byte, i int) []byte {
-		return strconv.AppendFloat(dst, q[i], 'g', -1, 64)
-	})
-}
-
-// RawMessage is a raw encoded JSON value.
-// It is identical to json.RawMessage, except it does not suffer from
-// https://golang.org/issue/14493.
-type RawMessage []byte
-
-// MarshalJSON returns m.
-func (m RawMessage) MarshalJSON() ([]byte, error) {
-	return m, nil
-}
-
-// UnmarshalJSON sets *m to a copy of data.
-func (m *RawMessage) UnmarshalJSON(data []byte) error {
-	if m == nil {
-		return errors.New("googleapi.RawMessage: UnmarshalJSON on nil pointer")
-	}
-	*m = append((*m)[:0], data...)
-	return nil
-}
-
-/*
- * Helper routines for simplifying the creation of optional fields of basic type.
- */
-
-// Bool is a helper routine that allocates a new bool value
-// to store v and returns a pointer to it.
-func Bool(v bool) *bool { return &v }
-
-// Int32 is a helper routine that allocates a new int32 value
-// to store v and returns a pointer to it.
-func Int32(v int32) *int32 { return &v }
-
-// Int64 is a helper routine that allocates a new int64 value
-// to store v and returns a pointer to it.
-func Int64(v int64) *int64 { return &v }
-
-// Float64 is a helper routine that allocates a new float64 value
-// to store v and returns a pointer to it.
-func Float64(v float64) *float64 { return &v }
-
-// Uint32 is a helper routine that allocates a new uint32 value
-// to store v and returns a pointer to it.
-func Uint32(v uint32) *uint32 { return &v }
-
-// Uint64 is a helper routine that allocates a new uint64 value
-// to store v and returns a pointer to it.
-func Uint64(v uint64) *uint64 { return &v }
-
-// String is a helper routine that allocates a new string value
-// to store v and returns a pointer to it.
-func String(v string) *string { return &v }
diff --git a/vendor/google.golang.org/api/internal/gensupport/buffer.go b/vendor/google.golang.org/api/internal/gensupport/buffer.go
deleted file mode 100644
index 3d0817ede..000000000
--- a/vendor/google.golang.org/api/internal/gensupport/buffer.go
+++ /dev/null
@@ -1,79 +0,0 @@
-// Copyright 2016 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package gensupport
-
-import (
-	"bytes"
-	"io"
-
-	"google.golang.org/api/googleapi"
-)
-
-// MediaBuffer buffers data from an io.Reader to support uploading media in
-// retryable chunks. It should be created with NewMediaBuffer.
-type MediaBuffer struct {
-	media io.Reader
-
-	chunk []byte // The current chunk which is pending upload.  The capacity is the chunk size.
-	err   error  // Any error generated when populating chunk by reading media.
-
-	// The absolute position of chunk in the underlying media.
-	off int64
-}
-
-// NewMediaBuffer initializes a MediaBuffer.
-func NewMediaBuffer(media io.Reader, chunkSize int) *MediaBuffer {
-	return &MediaBuffer{media: media, chunk: make([]byte, 0, chunkSize)}
-}
-
-// Chunk returns the current buffered chunk, the offset in the underlying media
-// from which the chunk is drawn, and the size of the chunk.
-// Successive calls to Chunk return the same chunk between calls to Next.
-func (mb *MediaBuffer) Chunk() (chunk io.Reader, off int64, size int, err error) {
-	// There may already be data in chunk if Next has not been called since the previous call to Chunk.
-	if mb.err == nil && len(mb.chunk) == 0 {
-		mb.err = mb.loadChunk()
-	}
-	return bytes.NewReader(mb.chunk), mb.off, len(mb.chunk), mb.err
-}
-
-// loadChunk will read from media into chunk, up to the capacity of chunk.
-func (mb *MediaBuffer) loadChunk() error {
-	bufSize := cap(mb.chunk)
-	mb.chunk = mb.chunk[:bufSize]
-
-	read := 0
-	var err error
-	for err == nil && read < bufSize {
-		var n int
-		n, err = mb.media.Read(mb.chunk[read:])
-		read += n
-	}
-	mb.chunk = mb.chunk[:read]
-	return err
-}
-
-// Next advances to the next chunk, which will be returned by the next call to Chunk.
-// Calls to Next without a corresponding prior call to Chunk will have no effect.
-func (mb *MediaBuffer) Next() {
-	mb.off += int64(len(mb.chunk))
-	mb.chunk = mb.chunk[0:0]
-}
-
-type readerTyper struct {
-	io.Reader
-	googleapi.ContentTyper
-}
-
-// ReaderAtToReader adapts a ReaderAt to be used as a Reader.
-// If ra implements googleapi.ContentTyper, then the returned reader
-// will also implement googleapi.ContentTyper, delegating to ra.
-func ReaderAtToReader(ra io.ReaderAt, size int64) io.Reader {
-	r := io.NewSectionReader(ra, 0, size)
-	if typer, ok := ra.(googleapi.ContentTyper); ok {
-		return readerTyper{r, typer}
-	}
-	return r
-}
diff --git a/vendor/google.golang.org/api/internal/gensupport/doc.go b/vendor/google.golang.org/api/internal/gensupport/doc.go
deleted file mode 100644
index 752c4b411..000000000
--- a/vendor/google.golang.org/api/internal/gensupport/doc.go
+++ /dev/null
@@ -1,10 +0,0 @@
-// Copyright 2016 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// Package gensupport is an internal implementation detail used by code
-// generated by the google-api-go-generator tool.
-//
-// This package may be modified at any time without regard for backwards
-// compatibility. It should not be used directly by API users.
-package gensupport
diff --git a/vendor/google.golang.org/api/internal/gensupport/error.go b/vendor/google.golang.org/api/internal/gensupport/error.go
deleted file mode 100644
index 886c6532b..000000000
--- a/vendor/google.golang.org/api/internal/gensupport/error.go
+++ /dev/null
@@ -1,24 +0,0 @@
-// Copyright 2022 Google LLC. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package gensupport
-
-import (
-	"errors"
-
-	"github.com/googleapis/gax-go/v2/apierror"
-	"google.golang.org/api/googleapi"
-)
-
-// WrapError creates an [apierror.APIError] from err, wraps it in err, and
-// returns err. If err is not a [googleapi.Error] (or a
-// [google.golang.org/grpc/status.Status]), it returns err without modification.
-func WrapError(err error) error {
-	var herr *googleapi.Error
-	apiError, ok := apierror.ParseError(err, false)
-	if ok && errors.As(err, &herr) {
-		herr.Wrap(apiError)
-	}
-	return err
-}
diff --git a/vendor/google.golang.org/api/internal/gensupport/json.go b/vendor/google.golang.org/api/internal/gensupport/json.go
deleted file mode 100644
index eab49a11e..000000000
--- a/vendor/google.golang.org/api/internal/gensupport/json.go
+++ /dev/null
@@ -1,236 +0,0 @@
-// Copyright 2015 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package gensupport
-
-import (
-	"encoding/json"
-	"fmt"
-	"reflect"
-	"strings"
-)
-
-// MarshalJSON returns a JSON encoding of schema containing only selected fields.
-// A field is selected if any of the following is true:
-//   - it has a non-empty value
-//   - its field name is present in forceSendFields and it is not a nil pointer or nil interface
-//   - its field name is present in nullFields.
-//
-// The JSON key for each selected field is taken from the field's json: struct tag.
-func MarshalJSON(schema interface{}, forceSendFields, nullFields []string) ([]byte, error) {
-	if len(forceSendFields) == 0 && len(nullFields) == 0 {
-		return json.Marshal(schema)
-	}
-
-	mustInclude := make(map[string]bool)
-	for _, f := range forceSendFields {
-		mustInclude[f] = true
-	}
-	useNull := make(map[string]bool)
-	useNullMaps := make(map[string]map[string]bool)
-	for _, nf := range nullFields {
-		parts := strings.SplitN(nf, ".", 2)
-		field := parts[0]
-		if len(parts) == 1 {
-			useNull[field] = true
-		} else {
-			if useNullMaps[field] == nil {
-				useNullMaps[field] = map[string]bool{}
-			}
-			useNullMaps[field][parts[1]] = true
-		}
-	}
-
-	dataMap, err := schemaToMap(schema, mustInclude, useNull, useNullMaps)
-	if err != nil {
-		return nil, err
-	}
-	return json.Marshal(dataMap)
-}
-
-func schemaToMap(schema interface{}, mustInclude, useNull map[string]bool, useNullMaps map[string]map[string]bool) (map[string]interface{}, error) {
-	m := make(map[string]interface{})
-	s := reflect.ValueOf(schema)
-	st := s.Type()
-
-	for i := 0; i < s.NumField(); i++ {
-		jsonTag := st.Field(i).Tag.Get("json")
-		if jsonTag == "" {
-			continue
-		}
-		tag, err := parseJSONTag(jsonTag)
-		if err != nil {
-			return nil, err
-		}
-		if tag.ignore {
-			continue
-		}
-
-		v := s.Field(i)
-		f := st.Field(i)
-
-		if useNull[f.Name] {
-			if !isEmptyValue(v) {
-				return nil, fmt.Errorf("field %q in NullFields has non-empty value", f.Name)
-			}
-			m[tag.apiName] = nil
-			continue
-		}
-
-		if !includeField(v, f, mustInclude) {
-			continue
-		}
-
-		// If map fields are explicitly set to null, use a map[string]interface{}.
-		if f.Type.Kind() == reflect.Map && useNullMaps[f.Name] != nil {
-			ms, ok := v.Interface().(map[string]string)
-			if !ok {
-				mi, err := initMapSlow(v, f.Name, useNullMaps)
-				if err != nil {
-					return nil, err
-				}
-				m[tag.apiName] = mi
-				continue
-			}
-			mi := map[string]interface{}{}
-			for k, v := range ms {
-				mi[k] = v
-			}
-			for k := range useNullMaps[f.Name] {
-				mi[k] = nil
-			}
-			m[tag.apiName] = mi
-			continue
-		}
-
-		// nil maps are treated as empty maps.
-		if f.Type.Kind() == reflect.Map && v.IsNil() {
-			m[tag.apiName] = map[string]string{}
-			continue
-		}
-
-		// nil slices are treated as empty slices.
-		if f.Type.Kind() == reflect.Slice && v.IsNil() {
-			m[tag.apiName] = []bool{}
-			continue
-		}
-
-		if tag.stringFormat {
-			m[tag.apiName] = formatAsString(v, f.Type.Kind())
-		} else {
-			m[tag.apiName] = v.Interface()
-		}
-	}
-	return m, nil
-}
-
-// initMapSlow uses reflection to build up a map object. This is slower than
-// the default behavior so it should be used only as a fallback.
-func initMapSlow(rv reflect.Value, fieldName string, useNullMaps map[string]map[string]bool) (map[string]interface{}, error) {
-	mi := map[string]interface{}{}
-	iter := rv.MapRange()
-	for iter.Next() {
-		k, ok := iter.Key().Interface().(string)
-		if !ok {
-			return nil, fmt.Errorf("field %q has keys in NullFields but is not a map[string]any", fieldName)
-		}
-		v := iter.Value().Interface()
-		mi[k] = v
-	}
-	for k := range useNullMaps[fieldName] {
-		mi[k] = nil
-	}
-	return mi, nil
-}
-
-// formatAsString returns a string representation of v, dereferencing it first if possible.
-func formatAsString(v reflect.Value, kind reflect.Kind) string {
-	if kind == reflect.Ptr && !v.IsNil() {
-		v = v.Elem()
-	}
-
-	return fmt.Sprintf("%v", v.Interface())
-}
-
-// jsonTag represents a restricted version of the struct tag format used by encoding/json.
-// It is used to describe the JSON encoding of fields in a Schema struct.
-type jsonTag struct {
-	apiName      string
-	stringFormat bool
-	ignore       bool
-}
-
-// parseJSONTag parses a restricted version of the struct tag format used by encoding/json.
-// The format of the tag must match that generated by the Schema.writeSchemaStruct method
-// in the api generator.
-func parseJSONTag(val string) (jsonTag, error) {
-	if val == "-" {
-		return jsonTag{ignore: true}, nil
-	}
-
-	var tag jsonTag
-
-	i := strings.Index(val, ",")
-	if i == -1 || val[:i] == "" {
-		return tag, fmt.Errorf("malformed json tag: %s", val)
-	}
-
-	tag = jsonTag{
-		apiName: val[:i],
-	}
-
-	switch val[i+1:] {
-	case "omitempty":
-	case "omitempty,string":
-		tag.stringFormat = true
-	default:
-		return tag, fmt.Errorf("malformed json tag: %s", val)
-	}
-
-	return tag, nil
-}
-
-// Reports whether the struct field "f" with value "v" should be included in JSON output.
-func includeField(v reflect.Value, f reflect.StructField, mustInclude map[string]bool) bool {
-	// The regular JSON encoding of a nil pointer is "null", which means "delete this field".
-	// Therefore, we could enable field deletion by honoring pointer fields' presence in the mustInclude set.
-	// However, many fields are not pointers, so there would be no way to delete these fields.
-	// Rather than partially supporting field deletion, we ignore mustInclude for nil pointer fields.
-	// Deletion will be handled by a separate mechanism.
-	if f.Type.Kind() == reflect.Ptr && v.IsNil() {
-		return false
-	}
-
-	// The "any" type is represented as an interface{}.  If this interface
-	// is nil, there is no reasonable representation to send.  We ignore
-	// these fields, for the same reasons as given above for pointers.
-	if f.Type.Kind() == reflect.Interface && v.IsNil() {
-		return false
-	}
-
-	return mustInclude[f.Name] || !isEmptyValue(v)
-}
-
-// isEmptyValue reports whether v is the empty value for its type.  This
-// implementation is based on that of the encoding/json package, but its
-// correctness does not depend on it being identical. What's important is that
-// this function return false in situations where v should not be sent as part
-// of a PATCH operation.
-func isEmptyValue(v reflect.Value) bool {
-	switch v.Kind() {
-	case reflect.Array, reflect.Map, reflect.Slice, reflect.String:
-		return v.Len() == 0
-	case reflect.Bool:
-		return !v.Bool()
-	case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64:
-		return v.Int() == 0
-	case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr:
-		return v.Uint() == 0
-	case reflect.Float32, reflect.Float64:
-		return v.Float() == 0
-	case reflect.Interface, reflect.Ptr:
-		return v.IsNil()
-	}
-	return false
-}
diff --git a/vendor/google.golang.org/api/internal/gensupport/jsonfloat.go b/vendor/google.golang.org/api/internal/gensupport/jsonfloat.go
deleted file mode 100644
index 13c2f9302..000000000
--- a/vendor/google.golang.org/api/internal/gensupport/jsonfloat.go
+++ /dev/null
@@ -1,47 +0,0 @@
-// Copyright 2016 Google LLC.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package gensupport
-
-import (
-	"encoding/json"
-	"errors"
-	"fmt"
-	"math"
-)
-
-// JSONFloat64 is a float64 that supports proper unmarshaling of special float
-// values in JSON, according to
-// https://developers.google.com/protocol-buffers/docs/proto3#json. Although
-// that is a proto-to-JSON spec, it applies to all Google APIs.
-//
-// The jsonpb package
-// (https://github.com/golang/protobuf/blob/master/jsonpb/jsonpb.go) has
-// similar functionality, but only for direct translation from proto messages
-// to JSON.
-type JSONFloat64 float64
-
-func (f *JSONFloat64) UnmarshalJSON(data []byte) error {
-	var ff float64
-	if err := json.Unmarshal(data, &ff); err == nil {
-		*f = JSONFloat64(ff)
-		return nil
-	}
-	var s string
-	if err := json.Unmarshal(data, &s); err == nil {
-		switch s {
-		case "NaN":
-			ff = math.NaN()
-		case "Infinity":
-			ff = math.Inf(1)
-		case "-Infinity":
-			ff = math.Inf(-1)
-		default:
-			return fmt.Errorf("google.golang.org/api/internal: bad float string %q", s)
-		}
-		*f = JSONFloat64(ff)
-		return nil
-	}
-	return errors.New("google.golang.org/api/internal: data not float or string")
-}
diff --git a/vendor/google.golang.org/api/internal/gensupport/media.go b/vendor/google.golang.org/api/internal/gensupport/media.go
deleted file mode 100644
index c048a5708..000000000
--- a/vendor/google.golang.org/api/internal/gensupport/media.go
+++ /dev/null
@@ -1,311 +0,0 @@
-// Copyright 2016 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package gensupport
-
-import (
-	"bytes"
-	"fmt"
-	"io"
-	"mime"
-	"mime/multipart"
-	"net/http"
-	"net/textproto"
-	"strings"
-	"sync"
-	"time"
-
-	gax "github.com/googleapis/gax-go/v2"
-	"google.golang.org/api/googleapi"
-)
-
-type typeReader struct {
-	io.Reader
-	typ string
-}
-
-// multipartReader combines the contents of multiple readers to create a multipart/related HTTP body.
-// Close must be called if reads from the multipartReader are abandoned before reaching EOF.
-type multipartReader struct {
-	pr       *io.PipeReader
-	ctype    string
-	mu       sync.Mutex
-	pipeOpen bool
-}
-
-// boundary optionally specifies the MIME boundary
-func newMultipartReader(parts []typeReader, boundary string) *multipartReader {
-	mp := &multipartReader{pipeOpen: true}
-	var pw *io.PipeWriter
-	mp.pr, pw = io.Pipe()
-	mpw := multipart.NewWriter(pw)
-	if boundary != "" {
-		mpw.SetBoundary(boundary)
-	}
-	mp.ctype = "multipart/related; boundary=" + mpw.Boundary()
-	go func() {
-		for _, part := range parts {
-			w, err := mpw.CreatePart(typeHeader(part.typ))
-			if err != nil {
-				mpw.Close()
-				pw.CloseWithError(fmt.Errorf("googleapi: CreatePart failed: %v", err))
-				return
-			}
-			_, err = io.Copy(w, part.Reader)
-			if err != nil {
-				mpw.Close()
-				pw.CloseWithError(fmt.Errorf("googleapi: Copy failed: %v", err))
-				return
-			}
-		}
-
-		mpw.Close()
-		pw.Close()
-	}()
-	return mp
-}
-
-func (mp *multipartReader) Read(data []byte) (n int, err error) {
-	return mp.pr.Read(data)
-}
-
-func (mp *multipartReader) Close() error {
-	mp.mu.Lock()
-	if !mp.pipeOpen {
-		mp.mu.Unlock()
-		return nil
-	}
-	mp.pipeOpen = false
-	mp.mu.Unlock()
-	return mp.pr.Close()
-}
-
-// CombineBodyMedia combines a json body with media content to create a multipart/related HTTP body.
-// It returns a ReadCloser containing the combined body, and the overall "multipart/related" content type, with random boundary.
-//
-// The caller must call Close on the returned ReadCloser if reads are abandoned before reaching EOF.
-func CombineBodyMedia(body io.Reader, bodyContentType string, media io.Reader, mediaContentType string) (io.ReadCloser, string) {
-	return combineBodyMedia(body, bodyContentType, media, mediaContentType, "")
-}
-
-// combineBodyMedia is CombineBodyMedia but with an optional mimeBoundary field.
-func combineBodyMedia(body io.Reader, bodyContentType string, media io.Reader, mediaContentType, mimeBoundary string) (io.ReadCloser, string) {
-	mp := newMultipartReader([]typeReader{
-		{body, bodyContentType},
-		{media, mediaContentType},
-	}, mimeBoundary)
-	return mp, mp.ctype
-}
-
-func typeHeader(contentType string) textproto.MIMEHeader {
-	h := make(textproto.MIMEHeader)
-	if contentType != "" {
-		h.Set("Content-Type", contentType)
-	}
-	return h
-}
-
-// PrepareUpload determines whether the data in the supplied reader should be
-// uploaded in a single request, or in sequential chunks.
-// chunkSize is the size of the chunk that media should be split into.
-//
-// If chunkSize is zero, media is returned as the first value, and the other
-// two return values are nil, true.
-//
-// Otherwise, a MediaBuffer is returned, along with a bool indicating whether the
-// contents of media fit in a single chunk.
-//
-// After PrepareUpload has been called, media should no longer be used: the
-// media content should be accessed via one of the return values.
-func PrepareUpload(media io.Reader, chunkSize int) (r io.Reader, mb *MediaBuffer, singleChunk bool) {
-	if chunkSize == 0 { // do not chunk
-		return media, nil, true
-	}
-	mb = NewMediaBuffer(media, chunkSize)
-	_, _, _, err := mb.Chunk()
-	// If err is io.EOF, we can upload this in a single request. Otherwise, err is
-	// either nil or a non-EOF error. If it is the latter, then the next call to
-	// mb.Chunk will return the same error. Returning a MediaBuffer ensures that this
-	// error will be handled at some point.
-	return nil, mb, err == io.EOF
-}
-
-// MediaInfo holds information for media uploads. It is intended for use by generated
-// code only.
-type MediaInfo struct {
-	// At most one of Media and MediaBuffer will be set.
-	media              io.Reader
-	buffer             *MediaBuffer
-	singleChunk        bool
-	mType              string
-	size               int64 // mediaSize, if known.  Used only for calls to progressUpdater_.
-	progressUpdater    googleapi.ProgressUpdater
-	chunkRetryDeadline time.Duration
-}
-
-// NewInfoFromMedia should be invoked from the Media method of a call. It returns a
-// MediaInfo populated with chunk size and content type, and a reader or MediaBuffer
-// if needed.
-func NewInfoFromMedia(r io.Reader, options []googleapi.MediaOption) *MediaInfo {
-	mi := &MediaInfo{}
-	opts := googleapi.ProcessMediaOptions(options)
-	if !opts.ForceEmptyContentType {
-		mi.mType = opts.ContentType
-		if mi.mType == "" {
-			r, mi.mType = gax.DetermineContentType(r)
-		}
-	}
-	mi.chunkRetryDeadline = opts.ChunkRetryDeadline
-	mi.media, mi.buffer, mi.singleChunk = PrepareUpload(r, opts.ChunkSize)
-	return mi
-}
-
-// NewInfoFromResumableMedia should be invoked from the ResumableMedia method of a
-// call. It returns a MediaInfo using the given reader, size and media type.
-func NewInfoFromResumableMedia(r io.ReaderAt, size int64, mediaType string) *MediaInfo {
-	rdr := ReaderAtToReader(r, size)
-	mType := mediaType
-	if mType == "" {
-		rdr, mType = gax.DetermineContentType(rdr)
-	}
-
-	return &MediaInfo{
-		size:        size,
-		mType:       mType,
-		buffer:      NewMediaBuffer(rdr, googleapi.DefaultUploadChunkSize),
-		media:       nil,
-		singleChunk: false,
-	}
-}
-
-// SetProgressUpdater sets the progress updater for the media info.
-func (mi *MediaInfo) SetProgressUpdater(pu googleapi.ProgressUpdater) {
-	if mi != nil {
-		mi.progressUpdater = pu
-	}
-}
-
-// UploadType determines the type of upload: a single request, or a resumable
-// series of requests.
-func (mi *MediaInfo) UploadType() string {
-	if mi.singleChunk {
-		return "multipart"
-	}
-	return "resumable"
-}
-
-// UploadRequest sets up an HTTP request for media upload. It adds headers
-// as necessary, and returns a replacement for the body and a function for http.Request.GetBody.
-func (mi *MediaInfo) UploadRequest(reqHeaders http.Header, body io.Reader) (newBody io.Reader, getBody func() (io.ReadCloser, error), cleanup func()) {
-	cleanup = func() {}
-	if mi == nil {
-		return body, nil, cleanup
-	}
-	var media io.Reader
-	if mi.media != nil {
-		// This only happens when the caller has turned off chunking. In that
-		// case, we write all of media in a single non-retryable request.
-		media = mi.media
-	} else if mi.singleChunk {
-		// The data fits in a single chunk, which has now been read into the MediaBuffer.
-		// We obtain that chunk so we can write it in a single request. The request can
-		// be retried because the data is stored in the MediaBuffer.
-		media, _, _, _ = mi.buffer.Chunk()
-	}
-	toCleanup := []io.Closer{}
-	if media != nil {
-		fb := readerFunc(body)
-		fm := readerFunc(media)
-		combined, ctype := CombineBodyMedia(body, "application/json", media, mi.mType)
-		toCleanup = append(toCleanup, combined)
-		if fb != nil && fm != nil {
-			getBody = func() (io.ReadCloser, error) {
-				rb := io.NopCloser(fb())
-				rm := io.NopCloser(fm())
-				var mimeBoundary string
-				if _, params, err := mime.ParseMediaType(ctype); err == nil {
-					mimeBoundary = params["boundary"]
-				}
-				r, _ := combineBodyMedia(rb, "application/json", rm, mi.mType, mimeBoundary)
-				toCleanup = append(toCleanup, r)
-				return r, nil
-			}
-		}
-		reqHeaders.Set("Content-Type", ctype)
-		body = combined
-	}
-	if mi.buffer != nil && mi.mType != "" && !mi.singleChunk {
-		// This happens when initiating a resumable upload session.
-		// The initial request contains a JSON body rather than media.
-		// It can be retried with a getBody function that re-creates the request body.
-		fb := readerFunc(body)
-		if fb != nil {
-			getBody = func() (io.ReadCloser, error) {
-				rb := io.NopCloser(fb())
-				toCleanup = append(toCleanup, rb)
-				return rb, nil
-			}
-		}
-		reqHeaders.Set("X-Upload-Content-Type", mi.mType)
-	}
-	// Ensure that any bodies created in getBody are cleaned up.
-	cleanup = func() {
-		for _, closer := range toCleanup {
-			_ = closer.Close()
-		}
-
-	}
-	return body, getBody, cleanup
-}
-
-// readerFunc returns a function that always returns an io.Reader that has the same
-// contents as r, provided that can be done without consuming r. Otherwise, it
-// returns nil.
-// See http.NewRequest (in net/http/request.go).
-func readerFunc(r io.Reader) func() io.Reader {
-	switch r := r.(type) {
-	case *bytes.Buffer:
-		buf := r.Bytes()
-		return func() io.Reader { return bytes.NewReader(buf) }
-	case *bytes.Reader:
-		snapshot := *r
-		return func() io.Reader { r := snapshot; return &r }
-	case *strings.Reader:
-		snapshot := *r
-		return func() io.Reader { r := snapshot; return &r }
-	default:
-		return nil
-	}
-}
-
-// ResumableUpload returns an appropriately configured ResumableUpload value if the
-// upload is resumable, or nil otherwise.
-func (mi *MediaInfo) ResumableUpload(locURI string) *ResumableUpload {
-	if mi == nil || mi.singleChunk {
-		return nil
-	}
-	return &ResumableUpload{
-		URI:       locURI,
-		Media:     mi.buffer,
-		MediaType: mi.mType,
-		Callback: func(curr int64) {
-			if mi.progressUpdater != nil {
-				mi.progressUpdater(curr, mi.size)
-			}
-		},
-		ChunkRetryDeadline: mi.chunkRetryDeadline,
-	}
-}
-
-// SetGetBody sets the GetBody field of req to f. This was once needed
-// to gracefully support Go 1.7 and earlier which didn't have that
-// field.
-//
-// Deprecated: the code generator no longer uses this as of
-// 2019-02-19. Nothing else should be calling this anyway, but we
-// won't delete this immediately; it will be deleted in as early as 6
-// months.
-func SetGetBody(req *http.Request, f func() (io.ReadCloser, error)) {
-	req.GetBody = f
-}
diff --git a/vendor/google.golang.org/api/internal/gensupport/params.go b/vendor/google.golang.org/api/internal/gensupport/params.go
deleted file mode 100644
index 1a30d2ca2..000000000
--- a/vendor/google.golang.org/api/internal/gensupport/params.go
+++ /dev/null
@@ -1,57 +0,0 @@
-// Copyright 2015 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package gensupport
-
-import (
-	"net/url"
-
-	"google.golang.org/api/googleapi"
-)
-
-// URLParams is a simplified replacement for url.Values
-// that safely builds up URL parameters for encoding.
-type URLParams map[string][]string
-
-// Get returns the first value for the given key, or "".
-func (u URLParams) Get(key string) string {
-	vs := u[key]
-	if len(vs) == 0 {
-		return ""
-	}
-	return vs[0]
-}
-
-// Set sets the key to value.
-// It replaces any existing values.
-func (u URLParams) Set(key, value string) {
-	u[key] = []string{value}
-}
-
-// SetMulti sets the key to an array of values.
-// It replaces any existing values.
-// Note that values must not be modified after calling SetMulti
-// so the caller is responsible for making a copy if necessary.
-func (u URLParams) SetMulti(key string, values []string) {
-	u[key] = values
-}
-
-// Encode encodes the values into “URL encoded” form
-// ("bar=baz&foo=quux") sorted by key.
-func (u URLParams) Encode() string {
-	return url.Values(u).Encode()
-}
-
-// SetOptions sets the URL params and any additional `CallOption` or
-// `MultiCallOption` passed in.
-func SetOptions(u URLParams, opts ...googleapi.CallOption) {
-	for _, o := range opts {
-		m, ok := o.(googleapi.MultiCallOption)
-		if ok {
-			u.SetMulti(m.GetMulti())
-			continue
-		}
-		u.Set(o.Get())
-	}
-}
diff --git a/vendor/google.golang.org/api/internal/gensupport/resumable.go b/vendor/google.golang.org/api/internal/gensupport/resumable.go
deleted file mode 100644
index 08e7aacef..000000000
--- a/vendor/google.golang.org/api/internal/gensupport/resumable.go
+++ /dev/null
@@ -1,269 +0,0 @@
-// Copyright 2016 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package gensupport
-
-import (
-	"context"
-	"errors"
-	"fmt"
-	"io"
-	"net/http"
-	"strings"
-	"sync"
-	"time"
-
-	"github.com/google/uuid"
-	"google.golang.org/api/internal"
-)
-
-// ResumableUpload is used by the generated APIs to provide resumable uploads.
-// It is not used by developers directly.
-type ResumableUpload struct {
-	Client *http.Client
-	// URI is the resumable resource destination provided by the server after specifying "&uploadType=resumable".
-	URI       string
-	UserAgent string // User-Agent for header of the request
-	// Media is the object being uploaded.
-	Media *MediaBuffer
-	// MediaType defines the media type, e.g. "image/jpeg".
-	MediaType string
-
-	mu       sync.Mutex // guards progress
-	progress int64      // number of bytes uploaded so far
-
-	// Callback is an optional function that will be periodically called with the cumulative number of bytes uploaded.
-	Callback func(int64)
-
-	// Retry optionally configures retries for requests made against the upload.
-	Retry *RetryConfig
-
-	// ChunkRetryDeadline configures the per-chunk deadline after which no further
-	// retries should happen.
-	ChunkRetryDeadline time.Duration
-
-	// Track current request invocation ID and attempt count for retry metrics
-	// and idempotency headers.
-	invocationID string
-	attempts     int
-}
-
-// Progress returns the number of bytes uploaded at this point.
-func (rx *ResumableUpload) Progress() int64 {
-	rx.mu.Lock()
-	defer rx.mu.Unlock()
-	return rx.progress
-}
-
-// doUploadRequest performs a single HTTP request to upload data.
-// off specifies the offset in rx.Media from which data is drawn.
-// size is the number of bytes in data.
-// final specifies whether data is the final chunk to be uploaded.
-func (rx *ResumableUpload) doUploadRequest(ctx context.Context, data io.Reader, off, size int64, final bool) (*http.Response, error) {
-	req, err := http.NewRequest("POST", rx.URI, data)
-	if err != nil {
-		return nil, err
-	}
-
-	req.ContentLength = size
-	var contentRange string
-	if final {
-		if size == 0 {
-			contentRange = fmt.Sprintf("bytes */%v", off)
-		} else {
-			contentRange = fmt.Sprintf("bytes %v-%v/%v", off, off+size-1, off+size)
-		}
-	} else {
-		contentRange = fmt.Sprintf("bytes %v-%v/*", off, off+size-1)
-	}
-	req.Header.Set("Content-Range", contentRange)
-	req.Header.Set("Content-Type", rx.MediaType)
-	req.Header.Set("User-Agent", rx.UserAgent)
-
-	// TODO(b/274504690): Consider dropping gccl-invocation-id key since it
-	// duplicates the X-Goog-Gcs-Idempotency-Token header (added in v0.115.0).
-	baseXGoogHeader := "gl-go/" + GoVersion() + " gdcl/" + internal.Version
-	invocationHeader := fmt.Sprintf("gccl-invocation-id/%s gccl-attempt-count/%d", rx.invocationID, rx.attempts)
-	req.Header.Set("X-Goog-Api-Client", strings.Join([]string{baseXGoogHeader, invocationHeader}, " "))
-
-	// Set idempotency token header which is used by GCS uploads.
-	req.Header.Set("X-Goog-Gcs-Idempotency-Token", rx.invocationID)
-
-	// Google's upload endpoint uses status code 308 for a
-	// different purpose than the "308 Permanent Redirect"
-	// since-standardized in RFC 7238. Because of the conflict in
-	// semantics, Google added this new request header which
-	// causes it to not use "308" and instead reply with 200 OK
-	// and sets the upload-specific "X-HTTP-Status-Code-Override:
-	// 308" response header.
-	req.Header.Set("X-GUploader-No-308", "yes")
-
-	return SendRequest(ctx, rx.Client, req)
-}
-
-func statusResumeIncomplete(resp *http.Response) bool {
-	// This is how the server signals "status resume incomplete"
-	// when X-GUploader-No-308 is set to "yes":
-	return resp != nil && resp.Header.Get("X-Http-Status-Code-Override") == "308"
-}
-
-// reportProgress calls a user-supplied callback to report upload progress.
-// If old==updated, the callback is not called.
-func (rx *ResumableUpload) reportProgress(old, updated int64) {
-	if updated-old == 0 {
-		return
-	}
-	rx.mu.Lock()
-	rx.progress = updated
-	rx.mu.Unlock()
-	if rx.Callback != nil {
-		rx.Callback(updated)
-	}
-}
-
-// transferChunk performs a single HTTP request to upload a single chunk from rx.Media.
-func (rx *ResumableUpload) transferChunk(ctx context.Context) (*http.Response, error) {
-	chunk, off, size, err := rx.Media.Chunk()
-
-	done := err == io.EOF
-	if !done && err != nil {
-		return nil, err
-	}
-
-	res, err := rx.doUploadRequest(ctx, chunk, off, int64(size), done)
-	if err != nil {
-		return res, err
-	}
-
-	// We sent "X-GUploader-No-308: yes" (see comment elsewhere in
-	// this file), so we don't expect to get a 308.
-	if res.StatusCode == 308 {
-		return nil, errors.New("unexpected 308 response status code")
-	}
-
-	if res.StatusCode == http.StatusOK {
-		rx.reportProgress(off, off+int64(size))
-	}
-
-	if statusResumeIncomplete(res) {
-		rx.Media.Next()
-	}
-	return res, nil
-}
-
-// Upload starts the process of a resumable upload with a cancellable context.
-// It retries using the provided back off strategy until cancelled or the
-// strategy indicates to stop retrying.
-// It is called from the auto-generated API code and is not visible to the user.
-// Before sending an HTTP request, Upload calls any registered hook functions,
-// and calls the returned functions after the request returns (see send.go).
-// rx is private to the auto-generated API code.
-// Exactly one of resp or err will be nil.  If resp is non-nil, the caller must call resp.Body.Close.
-func (rx *ResumableUpload) Upload(ctx context.Context) (resp *http.Response, err error) {
-
-	// There are a couple of cases where it's possible for err and resp to both
-	// be non-nil. However, we expose a simpler contract to our callers: exactly
-	// one of resp and err will be non-nil. This means that any response body
-	// must be closed here before returning a non-nil error.
-	var prepareReturn = func(resp *http.Response, err error) (*http.Response, error) {
-		if err != nil {
-			if resp != nil && resp.Body != nil {
-				resp.Body.Close()
-			}
-			return nil, err
-		}
-		// This case is very unlikely but possible only if rx.ChunkRetryDeadline is
-		// set to a very small value, in which case no requests will be sent before
-		// the deadline. Return an error to avoid causing a panic.
-		if resp == nil {
-			return nil, fmt.Errorf("upload request to %v not sent, choose larger value for ChunkRetryDealine", rx.URI)
-		}
-		return resp, nil
-	}
-	// Configure retryable error criteria.
-	errorFunc := rx.Retry.errorFunc()
-
-	// Configure per-chunk retry deadline.
-	var retryDeadline time.Duration
-	if rx.ChunkRetryDeadline != 0 {
-		retryDeadline = rx.ChunkRetryDeadline
-	} else {
-		retryDeadline = defaultRetryDeadline
-	}
-
-	// Send all chunks.
-	for {
-		var pause time.Duration
-
-		// Each chunk gets its own initialized-at-zero backoff and invocation ID.
-		bo := rx.Retry.backoff()
-		quitAfterTimer := time.NewTimer(retryDeadline)
-		rx.attempts = 1
-		rx.invocationID = uuid.New().String()
-
-		// Retry loop for a single chunk.
-		for {
-			pauseTimer := time.NewTimer(pause)
-			select {
-			case <-ctx.Done():
-				quitAfterTimer.Stop()
-				pauseTimer.Stop()
-				if err == nil {
-					err = ctx.Err()
-				}
-				return prepareReturn(resp, err)
-			case <-pauseTimer.C:
-			case <-quitAfterTimer.C:
-				pauseTimer.Stop()
-				return prepareReturn(resp, err)
-			}
-			pauseTimer.Stop()
-
-			// Check for context cancellation or timeout once more. If more than one
-			// case in the select statement above was satisfied at the same time, Go
-			// will choose one arbitrarily.
-			// That can cause an operation to go through even if the context was
-			// canceled before or the timeout was reached.
-			select {
-			case <-ctx.Done():
-				quitAfterTimer.Stop()
-				if err == nil {
-					err = ctx.Err()
-				}
-				return prepareReturn(resp, err)
-			case <-quitAfterTimer.C:
-				return prepareReturn(resp, err)
-			default:
-			}
-
-			resp, err = rx.transferChunk(ctx)
-
-			var status int
-			if resp != nil {
-				status = resp.StatusCode
-			}
-
-			// Check if we should retry the request.
-			if !errorFunc(status, err) {
-				quitAfterTimer.Stop()
-				break
-			}
-
-			rx.attempts++
-			pause = bo.Pause()
-			if resp != nil && resp.Body != nil {
-				resp.Body.Close()
-			}
-		}
-
-		// If the chunk was uploaded successfully, but there's still
-		// more to go, upload the next chunk without any delay.
-		if statusResumeIncomplete(resp) {
-			resp.Body.Close()
-			continue
-		}
-
-		return prepareReturn(resp, err)
-	}
-}
diff --git a/vendor/google.golang.org/api/internal/gensupport/retry.go b/vendor/google.golang.org/api/internal/gensupport/retry.go
deleted file mode 100644
index 20b57d925..000000000
--- a/vendor/google.golang.org/api/internal/gensupport/retry.go
+++ /dev/null
@@ -1,121 +0,0 @@
-// Copyright 2021 Google LLC.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package gensupport
-
-import (
-	"errors"
-	"io"
-	"net"
-	"strings"
-	"time"
-
-	"github.com/googleapis/gax-go/v2"
-	"google.golang.org/api/googleapi"
-)
-
-// Backoff is an interface around gax.Backoff's Pause method, allowing tests to provide their
-// own implementation.
-type Backoff interface {
-	Pause() time.Duration
-}
-
-// These are declared as global variables so that tests can overwrite them.
-var (
-	// Default per-chunk deadline for resumable uploads.
-	defaultRetryDeadline = 32 * time.Second
-	// Default backoff timer.
-	backoff = func() Backoff {
-		return &gax.Backoff{Initial: 100 * time.Millisecond}
-	}
-	// syscallRetryable is a platform-specific hook, specified in retryable_linux.go
-	syscallRetryable func(error) bool = func(err error) bool { return false }
-)
-
-const (
-	// statusTooManyRequests is returned by the storage API if the
-	// per-project limits have been temporarily exceeded. The request
-	// should be retried.
-	// https://cloud.google.com/storage/docs/json_api/v1/status-codes#standardcodes
-	statusTooManyRequests = 429
-
-	// statusRequestTimeout is returned by the storage API if the
-	// upload connection was broken. The request should be retried.
-	statusRequestTimeout = 408
-)
-
-// shouldRetry indicates whether an error is retryable for the purposes of this
-// package, unless a ShouldRetry func is specified by the RetryConfig instead.
-// It follows guidance from
-// https://cloud.google.com/storage/docs/exponential-backoff .
-func shouldRetry(status int, err error) bool {
-	if 500 <= status && status <= 599 {
-		return true
-	}
-	if status == statusTooManyRequests || status == statusRequestTimeout {
-		return true
-	}
-	if err == io.ErrUnexpectedEOF {
-		return true
-	}
-	// Transient network errors should be retried.
-	if syscallRetryable(err) {
-		return true
-	}
-	if err, ok := err.(interface{ Temporary() bool }); ok {
-		if err.Temporary() {
-			return true
-		}
-	}
-	var opErr *net.OpError
-	if errors.As(err, &opErr) {
-		if strings.Contains(opErr.Error(), "use of closed network connection") {
-			// TODO: check against net.ErrClosed (go 1.16+) instead of string
-			return true
-		}
-	}
-
-	// If Go 1.13 error unwrapping is available, use this to examine wrapped
-	// errors.
-	if err, ok := err.(interface{ Unwrap() error }); ok {
-		return shouldRetry(status, err.Unwrap())
-	}
-	return false
-}
-
-// RetryConfig allows configuration of backoff timing and retryable errors.
-type RetryConfig struct {
-	Backoff     *gax.Backoff
-	ShouldRetry func(err error) bool
-}
-
-// Get a new backoff object based on the configured values.
-func (r *RetryConfig) backoff() Backoff {
-	if r == nil || r.Backoff == nil {
-		return backoff()
-	}
-	return &gax.Backoff{
-		Initial:    r.Backoff.Initial,
-		Max:        r.Backoff.Max,
-		Multiplier: r.Backoff.Multiplier,
-	}
-}
-
-// This is kind of hacky; it is necessary because ShouldRetry expects to
-// handle HTTP errors via googleapi.Error, but the error has not yet been
-// wrapped with a googleapi.Error at this layer, and the ErrorFunc type
-// in the manual layer does not pass in a status explicitly as it does
-// here. So, we must wrap error status codes in a googleapi.Error so that
-// ShouldRetry can parse this correctly.
-func (r *RetryConfig) errorFunc() func(status int, err error) bool {
-	if r == nil || r.ShouldRetry == nil {
-		return shouldRetry
-	}
-	return func(status int, err error) bool {
-		if status >= 400 {
-			return r.ShouldRetry(&googleapi.Error{Code: status})
-		}
-		return r.ShouldRetry(err)
-	}
-}
diff --git a/vendor/google.golang.org/api/internal/gensupport/retryable_linux.go b/vendor/google.golang.org/api/internal/gensupport/retryable_linux.go
deleted file mode 100644
index a916c3da2..000000000
--- a/vendor/google.golang.org/api/internal/gensupport/retryable_linux.go
+++ /dev/null
@@ -1,16 +0,0 @@
-// Copyright 2020 Google LLC.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build linux
-// +build linux
-
-package gensupport
-
-import "syscall"
-
-func init() {
-	// Initialize syscallRetryable to return true on transient socket-level
-	// errors. These errors are specific to Linux.
-	syscallRetryable = func(err error) bool { return err == syscall.ECONNRESET || err == syscall.ECONNREFUSED }
-}
diff --git a/vendor/google.golang.org/api/internal/gensupport/send.go b/vendor/google.golang.org/api/internal/gensupport/send.go
deleted file mode 100644
index 693a1b1ab..000000000
--- a/vendor/google.golang.org/api/internal/gensupport/send.go
+++ /dev/null
@@ -1,185 +0,0 @@
-// Copyright 2016 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package gensupport
-
-import (
-	"context"
-	"encoding/json"
-	"errors"
-	"fmt"
-	"net/http"
-	"strings"
-	"time"
-
-	"github.com/google/uuid"
-	"github.com/googleapis/gax-go/v2"
-)
-
-// Use this error type to return an error which allows introspection of both
-// the context error and the error from the service.
-type wrappedCallErr struct {
-	ctxErr     error
-	wrappedErr error
-}
-
-func (e wrappedCallErr) Error() string {
-	return fmt.Sprintf("retry failed with %v; last error: %v", e.ctxErr, e.wrappedErr)
-}
-
-func (e wrappedCallErr) Unwrap() error {
-	return e.wrappedErr
-}
-
-// Is allows errors.Is to match the error from the call as well as context
-// sentinel errors.
-func (e wrappedCallErr) Is(target error) bool {
-	return errors.Is(e.ctxErr, target) || errors.Is(e.wrappedErr, target)
-}
-
-// SendRequest sends a single HTTP request using the given client.
-// If ctx is non-nil, it calls all hooks, then sends the request with
-// req.WithContext, then calls any functions returned by the hooks in
-// reverse order.
-func SendRequest(ctx context.Context, client *http.Client, req *http.Request) (*http.Response, error) {
-	// Disallow Accept-Encoding because it interferes with the automatic gzip handling
-	// done by the default http.Transport. See https://github.com/google/google-api-go-client/issues/219.
-	if _, ok := req.Header["Accept-Encoding"]; ok {
-		return nil, errors.New("google api: custom Accept-Encoding headers not allowed")
-	}
-	if ctx == nil {
-		return client.Do(req)
-	}
-	return send(ctx, client, req)
-}
-
-func send(ctx context.Context, client *http.Client, req *http.Request) (*http.Response, error) {
-	if client == nil {
-		client = http.DefaultClient
-	}
-	resp, err := client.Do(req.WithContext(ctx))
-	// If we got an error, and the context has been canceled,
-	// the context's error is probably more useful.
-	if err != nil {
-		select {
-		case <-ctx.Done():
-			err = ctx.Err()
-		default:
-		}
-	}
-	return resp, err
-}
-
-// SendRequestWithRetry sends a single HTTP request using the given client,
-// with retries if a retryable error is returned.
-// If ctx is non-nil, it calls all hooks, then sends the request with
-// req.WithContext, then calls any functions returned by the hooks in
-// reverse order.
-func SendRequestWithRetry(ctx context.Context, client *http.Client, req *http.Request, retry *RetryConfig) (*http.Response, error) {
-	// Disallow Accept-Encoding because it interferes with the automatic gzip handling
-	// done by the default http.Transport. See https://github.com/google/google-api-go-client/issues/219.
-	if _, ok := req.Header["Accept-Encoding"]; ok {
-		return nil, errors.New("google api: custom Accept-Encoding headers not allowed")
-	}
-	if ctx == nil {
-		return client.Do(req)
-	}
-	return sendAndRetry(ctx, client, req, retry)
-}
-
-func sendAndRetry(ctx context.Context, client *http.Client, req *http.Request, retry *RetryConfig) (*http.Response, error) {
-	if client == nil {
-		client = http.DefaultClient
-	}
-
-	var resp *http.Response
-	var err error
-	attempts := 1
-	invocationID := uuid.New().String()
-	baseXGoogHeader := req.Header.Get("X-Goog-Api-Client")
-
-	// Loop to retry the request, up to the context deadline.
-	var pause time.Duration
-	var bo Backoff
-	if retry != nil && retry.Backoff != nil {
-		bo = &gax.Backoff{
-			Initial:    retry.Backoff.Initial,
-			Max:        retry.Backoff.Max,
-			Multiplier: retry.Backoff.Multiplier,
-		}
-	} else {
-		bo = backoff()
-	}
-
-	var errorFunc = retry.errorFunc()
-
-	for {
-		t := time.NewTimer(pause)
-		select {
-		case <-ctx.Done():
-			t.Stop()
-			// If we got an error and the context has been canceled, return an error acknowledging
-			// both the context cancelation and the service error.
-			if err != nil {
-				return resp, wrappedCallErr{ctx.Err(), err}
-			}
-			return resp, ctx.Err()
-		case <-t.C:
-		}
-
-		if ctx.Err() != nil {
-			// Check for context cancellation once more. If more than one case in a
-			// select is satisfied at the same time, Go will choose one arbitrarily.
-			// That can cause an operation to go through even if the context was
-			// canceled before.
-			if err != nil {
-				return resp, wrappedCallErr{ctx.Err(), err}
-			}
-			return resp, ctx.Err()
-		}
-
-		// Set retry metrics and idempotency headers for GCS.
-		// TODO(b/274504690): Consider dropping gccl-invocation-id key since it
-		// duplicates the X-Goog-Gcs-Idempotency-Token header (added in v0.115.0).
-		invocationHeader := fmt.Sprintf("gccl-invocation-id/%s gccl-attempt-count/%d", invocationID, attempts)
-		xGoogHeader := strings.Join([]string{invocationHeader, baseXGoogHeader}, " ")
-		req.Header.Set("X-Goog-Api-Client", xGoogHeader)
-		req.Header.Set("X-Goog-Gcs-Idempotency-Token", invocationID)
-
-		resp, err = client.Do(req.WithContext(ctx))
-
-		var status int
-		if resp != nil {
-			status = resp.StatusCode
-		}
-
-		// Check if we can retry the request. A retry can only be done if the error
-		// is retryable and the request body can be re-created using GetBody (this
-		// will not be possible if the body was unbuffered).
-		if req.GetBody == nil || !errorFunc(status, err) {
-			break
-		}
-		attempts++
-		var errBody error
-		req.Body, errBody = req.GetBody()
-		if errBody != nil {
-			break
-		}
-
-		pause = bo.Pause()
-		if resp != nil && resp.Body != nil {
-			resp.Body.Close()
-		}
-	}
-	return resp, err
-}
-
-// DecodeResponse decodes the body of res into target. If there is no body,
-// target is unchanged.
-func DecodeResponse(target interface{}, res *http.Response) error {
-	if res.StatusCode == http.StatusNoContent {
-		return nil
-	}
-	return json.NewDecoder(res.Body).Decode(target)
-}
diff --git a/vendor/google.golang.org/api/internal/gensupport/version.go b/vendor/google.golang.org/api/internal/gensupport/version.go
deleted file mode 100644
index 23f6aa24e..000000000
--- a/vendor/google.golang.org/api/internal/gensupport/version.go
+++ /dev/null
@@ -1,53 +0,0 @@
-// Copyright 2020 Google LLC. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package gensupport
-
-import (
-	"runtime"
-	"strings"
-	"unicode"
-)
-
-// GoVersion returns the Go runtime version. The returned string
-// has no whitespace.
-func GoVersion() string {
-	return goVersion
-}
-
-var goVersion = goVer(runtime.Version())
-
-const develPrefix = "devel +"
-
-func goVer(s string) string {
-	if strings.HasPrefix(s, develPrefix) {
-		s = s[len(develPrefix):]
-		if p := strings.IndexFunc(s, unicode.IsSpace); p >= 0 {
-			s = s[:p]
-		}
-		return s
-	}
-
-	if strings.HasPrefix(s, "go1") {
-		s = s[2:]
-		var prerelease string
-		if p := strings.IndexFunc(s, notSemverRune); p >= 0 {
-			s, prerelease = s[:p], s[p:]
-		}
-		if strings.HasSuffix(s, ".") {
-			s += "0"
-		} else if strings.Count(s, ".") < 2 {
-			s += ".0"
-		}
-		if prerelease != "" {
-			s += "-" + prerelease
-		}
-		return s
-	}
-	return ""
-}
-
-func notSemverRune(r rune) bool {
-	return !strings.ContainsRune("0123456789.", r)
-}
diff --git a/vendor/google.golang.org/api/internal/third_party/uritemplates/LICENSE b/vendor/google.golang.org/api/internal/third_party/uritemplates/LICENSE
deleted file mode 100644
index 7109c6ef9..000000000
--- a/vendor/google.golang.org/api/internal/third_party/uritemplates/LICENSE
+++ /dev/null
@@ -1,27 +0,0 @@
-Copyright (c) 2013 Joshua Tacoma. All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions are
-met:
-
-   * Redistributions of source code must retain the above copyright
-notice, this list of conditions and the following disclaimer.
-   * Redistributions in binary form must reproduce the above
-copyright notice, this list of conditions and the following disclaimer
-in the documentation and/or other materials provided with the
-distribution.
-   * Neither the name of Google Inc. nor the names of its
-contributors may be used to endorse or promote products derived from
-this software without specific prior written permission.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/vendor/google.golang.org/api/internal/third_party/uritemplates/METADATA b/vendor/google.golang.org/api/internal/third_party/uritemplates/METADATA
deleted file mode 100644
index c7f86fcd5..000000000
--- a/vendor/google.golang.org/api/internal/third_party/uritemplates/METADATA
+++ /dev/null
@@ -1,14 +0,0 @@
-name: "uritemplates"
-description:
-    "Package uritemplates is a level 4 implementation of RFC 6570 (URI "
-    "Template, http://tools.ietf.org/html/rfc6570)."
-
-third_party {
-  url {
-    type: GIT
-    value: "https://github.com/jtacoma/uritemplates"
-  }
-  version: "0.1"
-  last_upgrade_date { year: 2014 month: 8 day: 18 }
-  license_type: NOTICE
-}
diff --git a/vendor/google.golang.org/api/internal/third_party/uritemplates/uritemplates.go b/vendor/google.golang.org/api/internal/third_party/uritemplates/uritemplates.go
deleted file mode 100644
index 8c27d19d7..000000000
--- a/vendor/google.golang.org/api/internal/third_party/uritemplates/uritemplates.go
+++ /dev/null
@@ -1,248 +0,0 @@
-// Copyright 2013 Joshua Tacoma. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// Package uritemplates is a level 3 implementation of RFC 6570 (URI
-// Template, http://tools.ietf.org/html/rfc6570).
-// uritemplates does not support composite values (in Go: slices or maps)
-// and so does not qualify as a level 4 implementation.
-package uritemplates
-
-import (
-	"bytes"
-	"errors"
-	"regexp"
-	"strconv"
-	"strings"
-)
-
-var (
-	unreserved = regexp.MustCompile("[^A-Za-z0-9\\-._~]")
-	reserved   = regexp.MustCompile("[^A-Za-z0-9\\-._~:/?#[\\]@!$&'()*+,;=]")
-	validname  = regexp.MustCompile("^([A-Za-z0-9_\\.]|%[0-9A-Fa-f][0-9A-Fa-f])+$")
-	hex        = []byte("0123456789ABCDEF")
-)
-
-func pctEncode(src []byte) []byte {
-	dst := make([]byte, len(src)*3)
-	for i, b := range src {
-		buf := dst[i*3 : i*3+3]
-		buf[0] = 0x25
-		buf[1] = hex[b/16]
-		buf[2] = hex[b%16]
-	}
-	return dst
-}
-
-// pairWriter is a convenience struct which allows escaped and unescaped
-// versions of the template to be written in parallel.
-type pairWriter struct {
-	escaped, unescaped bytes.Buffer
-}
-
-// Write writes the provided string directly without any escaping.
-func (w *pairWriter) Write(s string) {
-	w.escaped.WriteString(s)
-	w.unescaped.WriteString(s)
-}
-
-// Escape writes the provided string, escaping the string for the
-// escaped output.
-func (w *pairWriter) Escape(s string, allowReserved bool) {
-	w.unescaped.WriteString(s)
-	if allowReserved {
-		w.escaped.Write(reserved.ReplaceAllFunc([]byte(s), pctEncode))
-	} else {
-		w.escaped.Write(unreserved.ReplaceAllFunc([]byte(s), pctEncode))
-	}
-}
-
-// Escaped returns the escaped string.
-func (w *pairWriter) Escaped() string {
-	return w.escaped.String()
-}
-
-// Unescaped returns the unescaped string.
-func (w *pairWriter) Unescaped() string {
-	return w.unescaped.String()
-}
-
-// A uriTemplate is a parsed representation of a URI template.
-type uriTemplate struct {
-	raw   string
-	parts []templatePart
-}
-
-// parse parses a URI template string into a uriTemplate object.
-func parse(rawTemplate string) (*uriTemplate, error) {
-	split := strings.Split(rawTemplate, "{")
-	parts := make([]templatePart, len(split)*2-1)
-	for i, s := range split {
-		if i == 0 {
-			if strings.Contains(s, "}") {
-				return nil, errors.New("unexpected }")
-			}
-			parts[i].raw = s
-			continue
-		}
-		subsplit := strings.Split(s, "}")
-		if len(subsplit) != 2 {
-			return nil, errors.New("malformed template")
-		}
-		expression := subsplit[0]
-		var err error
-		parts[i*2-1], err = parseExpression(expression)
-		if err != nil {
-			return nil, err
-		}
-		parts[i*2].raw = subsplit[1]
-	}
-	return &uriTemplate{
-		raw:   rawTemplate,
-		parts: parts,
-	}, nil
-}
-
-type templatePart struct {
-	raw           string
-	terms         []templateTerm
-	first         string
-	sep           string
-	named         bool
-	ifemp         string
-	allowReserved bool
-}
-
-type templateTerm struct {
-	name     string
-	explode  bool
-	truncate int
-}
-
-func parseExpression(expression string) (result templatePart, err error) {
-	switch expression[0] {
-	case '+':
-		result.sep = ","
-		result.allowReserved = true
-		expression = expression[1:]
-	case '.':
-		result.first = "."
-		result.sep = "."
-		expression = expression[1:]
-	case '/':
-		result.first = "/"
-		result.sep = "/"
-		expression = expression[1:]
-	case ';':
-		result.first = ";"
-		result.sep = ";"
-		result.named = true
-		expression = expression[1:]
-	case '?':
-		result.first = "?"
-		result.sep = "&"
-		result.named = true
-		result.ifemp = "="
-		expression = expression[1:]
-	case '&':
-		result.first = "&"
-		result.sep = "&"
-		result.named = true
-		result.ifemp = "="
-		expression = expression[1:]
-	case '#':
-		result.first = "#"
-		result.sep = ","
-		result.allowReserved = true
-		expression = expression[1:]
-	default:
-		result.sep = ","
-	}
-	rawterms := strings.Split(expression, ",")
-	result.terms = make([]templateTerm, len(rawterms))
-	for i, raw := range rawterms {
-		result.terms[i], err = parseTerm(raw)
-		if err != nil {
-			break
-		}
-	}
-	return result, err
-}
-
-func parseTerm(term string) (result templateTerm, err error) {
-	// TODO(djd): Remove "*" suffix parsing once we check that no APIs have
-	// mistakenly used that attribute.
-	if strings.HasSuffix(term, "*") {
-		result.explode = true
-		term = term[:len(term)-1]
-	}
-	split := strings.Split(term, ":")
-	if len(split) == 1 {
-		result.name = term
-	} else if len(split) == 2 {
-		result.name = split[0]
-		var parsed int64
-		parsed, err = strconv.ParseInt(split[1], 10, 0)
-		result.truncate = int(parsed)
-	} else {
-		err = errors.New("multiple colons in same term")
-	}
-	if !validname.MatchString(result.name) {
-		err = errors.New("not a valid name: " + result.name)
-	}
-	if result.explode && result.truncate > 0 {
-		err = errors.New("both explode and prefix modifiers on same term")
-	}
-	return result, err
-}
-
-// Expand expands a URI template with a set of values to produce the
-// resultant URI. Two forms of the result are returned: one with all the
-// elements escaped, and one with the elements unescaped.
-func (t *uriTemplate) Expand(values map[string]string) (escaped, unescaped string) {
-	var w pairWriter
-	for _, p := range t.parts {
-		p.expand(&w, values)
-	}
-	return w.Escaped(), w.Unescaped()
-}
-
-func (tp *templatePart) expand(w *pairWriter, values map[string]string) {
-	if len(tp.raw) > 0 {
-		w.Write(tp.raw)
-		return
-	}
-	var first = true
-	for _, term := range tp.terms {
-		value, exists := values[term.name]
-		if !exists {
-			continue
-		}
-		if first {
-			w.Write(tp.first)
-			first = false
-		} else {
-			w.Write(tp.sep)
-		}
-		tp.expandString(w, term, value)
-	}
-}
-
-func (tp *templatePart) expandName(w *pairWriter, name string, empty bool) {
-	if tp.named {
-		w.Write(name)
-		if empty {
-			w.Write(tp.ifemp)
-		} else {
-			w.Write("=")
-		}
-	}
-}
-
-func (tp *templatePart) expandString(w *pairWriter, t templateTerm, s string) {
-	if len(s) > t.truncate && t.truncate > 0 {
-		s = s[:t.truncate]
-	}
-	tp.expandName(w, t.name, len(s) == 0)
-	w.Escape(s, tp.allowReserved)
-}
diff --git a/vendor/google.golang.org/api/internal/third_party/uritemplates/utils.go b/vendor/google.golang.org/api/internal/third_party/uritemplates/utils.go
deleted file mode 100644
index 2e70b8154..000000000
--- a/vendor/google.golang.org/api/internal/third_party/uritemplates/utils.go
+++ /dev/null
@@ -1,17 +0,0 @@
-// Copyright 2016 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package uritemplates
-
-// Expand parses then expands a URI template with a set of values to produce
-// the resultant URI. Two forms of the result are returned: one with all the
-// elements escaped, and one with the elements unescaped.
-func Expand(path string, values map[string]string) (escaped, unescaped string, err error) {
-	template, err := parse(path)
-	if err != nil {
-		return "", "", err
-	}
-	escaped, unescaped = template.Expand(values)
-	return escaped, unescaped, nil
-}
diff --git a/vendor/google.golang.org/api/storage/v1/storage-api.json b/vendor/google.golang.org/api/storage/v1/storage-api.json
deleted file mode 100644
index edebc73ad..000000000
--- a/vendor/google.golang.org/api/storage/v1/storage-api.json
+++ /dev/null
@@ -1,4283 +0,0 @@
-{
-  "auth": {
-    "oauth2": {
-      "scopes": {
-        "https://www.googleapis.com/auth/cloud-platform": {
-          "description": "View and manage your data across Google Cloud Platform services"
-        },
-        "https://www.googleapis.com/auth/cloud-platform.read-only": {
-          "description": "View your data across Google Cloud Platform services"
-        },
-        "https://www.googleapis.com/auth/devstorage.full_control": {
-          "description": "Manage your data and permissions in Google Cloud Storage"
-        },
-        "https://www.googleapis.com/auth/devstorage.read_only": {
-          "description": "View your data in Google Cloud Storage"
-        },
-        "https://www.googleapis.com/auth/devstorage.read_write": {
-          "description": "Manage your data in Google Cloud Storage"
-        }
-      }
-    }
-  },
-  "basePath": "/storage/v1/",
-  "baseUrl": "https://storage.googleapis.com/storage/v1/",
-  "batchPath": "batch/storage/v1",
-  "description": "Stores and retrieves potentially large, immutable data objects.",
-  "discoveryVersion": "v1",
-  "documentationLink": "https://developers.google.com/storage/docs/json_api/",
-  "etag": "\"34333739363230323936363635393736363430\"",
-  "icons": {
-    "x16": "https://www.google.com/images/icons/product/cloud_storage-16.png",
-    "x32": "https://www.google.com/images/icons/product/cloud_storage-32.png"
-  },
-  "id": "storage:v1",
-  "kind": "discovery#restDescription",
-  "labels": [
-    "labs"
-  ],
-  "mtlsRootUrl": "https://storage.mtls.googleapis.com/",
-  "name": "storage",
-  "ownerDomain": "google.com",
-  "ownerName": "Google",
-  "parameters": {
-    "alt": {
-      "default": "json",
-      "description": "Data format for the response.",
-      "enum": [
-        "json"
-      ],
-      "enumDescriptions": [
-        "Responses with Content-Type of application/json"
-      ],
-      "location": "query",
-      "type": "string"
-    },
-    "fields": {
-      "description": "Selector specifying which fields to include in a partial response.",
-      "location": "query",
-      "type": "string"
-    },
-    "key": {
-      "description": "API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.",
-      "location": "query",
-      "type": "string"
-    },
-    "oauth_token": {
-      "description": "OAuth 2.0 token for the current user.",
-      "location": "query",
-      "type": "string"
-    },
-    "prettyPrint": {
-      "default": "true",
-      "description": "Returns response with indentations and line breaks.",
-      "location": "query",
-      "type": "boolean"
-    },
-    "quotaUser": {
-      "description": "An opaque string that represents a user for quota purposes. Must not exceed 40 characters.",
-      "location": "query",
-      "type": "string"
-    },
-    "uploadType": {
-      "description": "Upload protocol for media (e.g. \"media\", \"multipart\", \"resumable\").",
-      "location": "query",
-      "type": "string"
-    },
-    "userIp": {
-      "description": "Deprecated. Please use quotaUser instead.",
-      "location": "query",
-      "type": "string"
-    }
-  },
-  "protocol": "rest",
-  "resources": {
-    "bucketAccessControls": {
-      "methods": {
-        "delete": {
-          "description": "Permanently deletes the ACL entry for the specified entity on the specified bucket.",
-          "httpMethod": "DELETE",
-          "id": "storage.bucketAccessControls.delete",
-          "parameterOrder": [
-            "bucket",
-            "entity"
-          ],
-          "parameters": {
-            "bucket": {
-              "description": "Name of a bucket.",
-              "location": "path",
-              "required": true,
-              "type": "string"
-            },
-            "entity": {
-              "description": "The entity holding the permission. Can be user-userId, user-emailAddress, group-groupId, group-emailAddress, allUsers, or allAuthenticatedUsers.",
-              "location": "path",
-              "required": true,
-              "type": "string"
-            },
-            "userProject": {
-              "description": "The project to be billed for this request. Required for Requester Pays buckets.",
-              "location": "query",
-              "type": "string"
-            }
-          },
-          "path": "b/{bucket}/acl/{entity}",
-          "scopes": [
-            "https://www.googleapis.com/auth/cloud-platform",
-            "https://www.googleapis.com/auth/devstorage.full_control"
-          ]
-        },
-        "get": {
-          "description": "Returns the ACL entry for the specified entity on the specified bucket.",
-          "httpMethod": "GET",
-          "id": "storage.bucketAccessControls.get",
-          "parameterOrder": [
-            "bucket",
-            "entity"
-          ],
-          "parameters": {
-            "bucket": {
-              "description": "Name of a bucket.",
-              "location": "path",
-              "required": true,
-              "type": "string"
-            },
-            "entity": {
-              "description": "The entity holding the permission. Can be user-userId, user-emailAddress, group-groupId, group-emailAddress, allUsers, or allAuthenticatedUsers.",
-              "location": "path",
-              "required": true,
-              "type": "string"
-            },
-            "userProject": {
-              "description": "The project to be billed for this request. Required for Requester Pays buckets.",
-              "location": "query",
-              "type": "string"
-            }
-          },
-          "path": "b/{bucket}/acl/{entity}",
-          "response": {
-            "$ref": "BucketAccessControl"
-          },
-          "scopes": [
-            "https://www.googleapis.com/auth/cloud-platform",
-            "https://www.googleapis.com/auth/devstorage.full_control"
-          ]
-        },
-        "insert": {
-          "description": "Creates a new ACL entry on the specified bucket.",
-          "httpMethod": "POST",
-          "id": "storage.bucketAccessControls.insert",
-          "parameterOrder": [
-            "bucket"
-          ],
-          "parameters": {
-            "bucket": {
-              "description": "Name of a bucket.",
-              "location": "path",
-              "required": true,
-              "type": "string"
-            },
-            "userProject": {
-              "description": "The project to be billed for this request. Required for Requester Pays buckets.",
-              "location": "query",
-              "type": "string"
-            }
-          },
-          "path": "b/{bucket}/acl",
-          "request": {
-            "$ref": "BucketAccessControl"
-          },
-          "response": {
-            "$ref": "BucketAccessControl"
-          },
-          "scopes": [
-            "https://www.googleapis.com/auth/cloud-platform",
-            "https://www.googleapis.com/auth/devstorage.full_control"
-          ]
-        },
-        "list": {
-          "description": "Retrieves ACL entries on the specified bucket.",
-          "httpMethod": "GET",
-          "id": "storage.bucketAccessControls.list",
-          "parameterOrder": [
-            "bucket"
-          ],
-          "parameters": {
-            "bucket": {
-              "description": "Name of a bucket.",
-              "location": "path",
-              "required": true,
-              "type": "string"
-            },
-            "userProject": {
-              "description": "The project to be billed for this request. Required for Requester Pays buckets.",
-              "location": "query",
-              "type": "string"
-            }
-          },
-          "path": "b/{bucket}/acl",
-          "response": {
-            "$ref": "BucketAccessControls"
-          },
-          "scopes": [
-            "https://www.googleapis.com/auth/cloud-platform",
-            "https://www.googleapis.com/auth/devstorage.full_control"
-          ]
-        },
-        "patch": {
-          "description": "Patches an ACL entry on the specified bucket.",
-          "httpMethod": "PATCH",
-          "id": "storage.bucketAccessControls.patch",
-          "parameterOrder": [
-            "bucket",
-            "entity"
-          ],
-          "parameters": {
-            "bucket": {
-              "description": "Name of a bucket.",
-              "location": "path",
-              "required": true,
-              "type": "string"
-            },
-            "entity": {
-              "description": "The entity holding the permission. Can be user-userId, user-emailAddress, group-groupId, group-emailAddress, allUsers, or allAuthenticatedUsers.",
-              "location": "path",
-              "required": true,
-              "type": "string"
-            },
-            "userProject": {
-              "description": "The project to be billed for this request. Required for Requester Pays buckets.",
-              "location": "query",
-              "type": "string"
-            }
-          },
-          "path": "b/{bucket}/acl/{entity}",
-          "request": {
-            "$ref": "BucketAccessControl"
-          },
-          "response": {
-            "$ref": "BucketAccessControl"
-          },
-          "scopes": [
-            "https://www.googleapis.com/auth/cloud-platform",
-            "https://www.googleapis.com/auth/devstorage.full_control"
-          ]
-        },
-        "update": {
-          "description": "Updates an ACL entry on the specified bucket.",
-          "httpMethod": "PUT",
-          "id": "storage.bucketAccessControls.update",
-          "parameterOrder": [
-            "bucket",
-            "entity"
-          ],
-          "parameters": {
-            "bucket": {
-              "description": "Name of a bucket.",
-              "location": "path",
-              "required": true,
-              "type": "string"
-            },
-            "entity": {
-              "description": "The entity holding the permission. Can be user-userId, user-emailAddress, group-groupId, group-emailAddress, allUsers, or allAuthenticatedUsers.",
-              "location": "path",
-              "required": true,
-              "type": "string"
-            },
-            "userProject": {
-              "description": "The project to be billed for this request. Required for Requester Pays buckets.",
-              "location": "query",
-              "type": "string"
-            }
-          },
-          "path": "b/{bucket}/acl/{entity}",
-          "request": {
-            "$ref": "BucketAccessControl"
-          },
-          "response": {
-            "$ref": "BucketAccessControl"
-          },
-          "scopes": [
-            "https://www.googleapis.com/auth/cloud-platform",
-            "https://www.googleapis.com/auth/devstorage.full_control"
-          ]
-        }
-      }
-    },
-    "buckets": {
-      "methods": {
-        "delete": {
-          "description": "Permanently deletes an empty bucket.",
-          "httpMethod": "DELETE",
-          "id": "storage.buckets.delete",
-          "parameterOrder": [
-            "bucket"
-          ],
-          "parameters": {
-            "bucket": {
-              "description": "Name of a bucket.",
-              "location": "path",
-              "required": true,
-              "type": "string"
-            },
-            "ifMetagenerationMatch": {
-              "description": "If set, only deletes the bucket if its metageneration matches this value.",
-              "format": "int64",
-              "location": "query",
-              "type": "string"
-            },
-            "ifMetagenerationNotMatch": {
-              "description": "If set, only deletes the bucket if its metageneration does not match this value.",
-              "format": "int64",
-              "location": "query",
-              "type": "string"
-            },
-            "userProject": {
-              "description": "The project to be billed for this request. Required for Requester Pays buckets.",
-              "location": "query",
-              "type": "string"
-            }
-          },
-          "path": "b/{bucket}",
-          "scopes": [
-            "https://www.googleapis.com/auth/cloud-platform",
-            "https://www.googleapis.com/auth/devstorage.full_control",
-            "https://www.googleapis.com/auth/devstorage.read_write"
-          ]
-        },
-        "get": {
-          "description": "Returns metadata for the specified bucket.",
-          "httpMethod": "GET",
-          "id": "storage.buckets.get",
-          "parameterOrder": [
-            "bucket"
-          ],
-          "parameters": {
-            "bucket": {
-              "description": "Name of a bucket.",
-              "location": "path",
-              "required": true,
-              "type": "string"
-            },
-            "ifMetagenerationMatch": {
-              "description": "Makes the return of the bucket metadata conditional on whether the bucket's current metageneration matches the given value.",
-              "format": "int64",
-              "location": "query",
-              "type": "string"
-            },
-            "ifMetagenerationNotMatch": {
-              "description": "Makes the return of the bucket metadata conditional on whether the bucket's current metageneration does not match the given value.",
-              "format": "int64",
-              "location": "query",
-              "type": "string"
-            },
-            "projection": {
-              "description": "Set of properties to return. Defaults to noAcl.",
-              "enum": [
-                "full",
-                "noAcl"
-              ],
-              "enumDescriptions": [
-                "Include all properties.",
-                "Omit owner, acl and defaultObjectAcl properties."
-              ],
-              "location": "query",
-              "type": "string"
-            },
-            "userProject": {
-              "description": "The project to be billed for this request. Required for Requester Pays buckets.",
-              "location": "query",
-              "type": "string"
-            }
-          },
-          "path": "b/{bucket}",
-          "response": {
-            "$ref": "Bucket"
-          },
-          "scopes": [
-            "https://www.googleapis.com/auth/cloud-platform",
-            "https://www.googleapis.com/auth/cloud-platform.read-only",
-            "https://www.googleapis.com/auth/devstorage.full_control",
-            "https://www.googleapis.com/auth/devstorage.read_only",
-            "https://www.googleapis.com/auth/devstorage.read_write"
-          ]
-        },
-        "getIamPolicy": {
-          "description": "Returns an IAM policy for the specified bucket.",
-          "httpMethod": "GET",
-          "id": "storage.buckets.getIamPolicy",
-          "parameterOrder": [
-            "bucket"
-          ],
-          "parameters": {
-            "bucket": {
-              "description": "Name of a bucket.",
-              "location": "path",
-              "required": true,
-              "type": "string"
-            },
-            "optionsRequestedPolicyVersion": {
-              "description": "The IAM policy format version to be returned. If the optionsRequestedPolicyVersion is for an older version that doesn't support part of the requested IAM policy, the request fails.",
-              "format": "int32",
-              "location": "query",
-              "minimum": "1",
-              "type": "integer"
-            },
-            "userProject": {
-              "description": "The project to be billed for this request. Required for Requester Pays buckets.",
-              "location": "query",
-              "type": "string"
-            }
-          },
-          "path": "b/{bucket}/iam",
-          "response": {
-            "$ref": "Policy"
-          },
-          "scopes": [
-            "https://www.googleapis.com/auth/cloud-platform",
-            "https://www.googleapis.com/auth/devstorage.full_control"
-          ]
-        },
-        "insert": {
-          "description": "Creates a new bucket.",
-          "httpMethod": "POST",
-          "id": "storage.buckets.insert",
-          "parameterOrder": [
-            "project"
-          ],
-          "parameters": {
-            "predefinedAcl": {
-              "description": "Apply a predefined set of access controls to this bucket.",
-              "enum": [
-                "authenticatedRead",
-                "private",
-                "projectPrivate",
-                "publicRead",
-                "publicReadWrite"
-              ],
-              "enumDescriptions": [
-                "Project team owners get OWNER access, and allAuthenticatedUsers get READER access.",
-                "Project team owners get OWNER access.",
-                "Project team members get access according to their roles.",
-                "Project team owners get OWNER access, and allUsers get READER access.",
-                "Project team owners get OWNER access, and allUsers get WRITER access."
-              ],
-              "location": "query",
-              "type": "string"
-            },
-            "predefinedDefaultObjectAcl": {
-              "description": "Apply a predefined set of default object access controls to this bucket.",
-              "enum": [
-                "authenticatedRead",
-                "bucketOwnerFullControl",
-                "bucketOwnerRead",
-                "private",
-                "projectPrivate",
-                "publicRead"
-              ],
-              "enumDescriptions": [
-                "Object owner gets OWNER access, and allAuthenticatedUsers get READER access.",
-                "Object owner gets OWNER access, and project team owners get OWNER access.",
-                "Object owner gets OWNER access, and project team owners get READER access.",
-                "Object owner gets OWNER access.",
-                "Object owner gets OWNER access, and project team members get access according to their roles.",
-                "Object owner gets OWNER access, and allUsers get READER access."
-              ],
-              "location": "query",
-              "type": "string"
-            },
-            "project": {
-              "description": "A valid API project identifier.",
-              "location": "query",
-              "required": true,
-              "type": "string"
-            },
-            "projection": {
-              "description": "Set of properties to return. Defaults to noAcl, unless the bucket resource specifies acl or defaultObjectAcl properties, when it defaults to full.",
-              "enum": [
-                "full",
-                "noAcl"
-              ],
-              "enumDescriptions": [
-                "Include all properties.",
-                "Omit owner, acl and defaultObjectAcl properties."
-              ],
-              "location": "query",
-              "type": "string"
-            },
-            "userProject": {
-              "description": "The project to be billed for this request.",
-              "location": "query",
-              "type": "string"
-            }
-          },
-          "path": "b",
-          "request": {
-            "$ref": "Bucket"
-          },
-          "response": {
-            "$ref": "Bucket"
-          },
-          "scopes": [
-            "https://www.googleapis.com/auth/cloud-platform",
-            "https://www.googleapis.com/auth/devstorage.full_control",
-            "https://www.googleapis.com/auth/devstorage.read_write"
-          ]
-        },
-        "list": {
-          "description": "Retrieves a list of buckets for a given project.",
-          "httpMethod": "GET",
-          "id": "storage.buckets.list",
-          "parameterOrder": [
-            "project"
-          ],
-          "parameters": {
-            "maxResults": {
-              "default": "1000",
-              "description": "Maximum number of buckets to return in a single response. The service will use this parameter or 1,000 items, whichever is smaller.",
-              "format": "uint32",
-              "location": "query",
-              "minimum": "0",
-              "type": "integer"
-            },
-            "pageToken": {
-              "description": "A previously-returned page token representing part of the larger set of results to view.",
-              "location": "query",
-              "type": "string"
-            },
-            "prefix": {
-              "description": "Filter results to buckets whose names begin with this prefix.",
-              "location": "query",
-              "type": "string"
-            },
-            "project": {
-              "description": "A valid API project identifier.",
-              "location": "query",
-              "required": true,
-              "type": "string"
-            },
-            "projection": {
-              "description": "Set of properties to return. Defaults to noAcl.",
-              "enum": [
-                "full",
-                "noAcl"
-              ],
-              "enumDescriptions": [
-                "Include all properties.",
-                "Omit owner, acl and defaultObjectAcl properties."
-              ],
-              "location": "query",
-              "type": "string"
-            },
-            "userProject": {
-              "description": "The project to be billed for this request.",
-              "location": "query",
-              "type": "string"
-            }
-          },
-          "path": "b",
-          "response": {
-            "$ref": "Buckets"
-          },
-          "scopes": [
-            "https://www.googleapis.com/auth/cloud-platform",
-            "https://www.googleapis.com/auth/cloud-platform.read-only",
-            "https://www.googleapis.com/auth/devstorage.full_control",
-            "https://www.googleapis.com/auth/devstorage.read_only",
-            "https://www.googleapis.com/auth/devstorage.read_write"
-          ]
-        },
-        "lockRetentionPolicy": {
-          "description": "Locks retention policy on a bucket.",
-          "httpMethod": "POST",
-          "id": "storage.buckets.lockRetentionPolicy",
-          "parameterOrder": [
-            "bucket",
-            "ifMetagenerationMatch"
-          ],
-          "parameters": {
-            "bucket": {
-              "description": "Name of a bucket.",
-              "location": "path",
-              "required": true,
-              "type": "string"
-            },
-            "ifMetagenerationMatch": {
-              "description": "Makes the operation conditional on whether bucket's current metageneration matches the given value.",
-              "format": "int64",
-              "location": "query",
-              "required": true,
-              "type": "string"
-            },
-            "userProject": {
-              "description": "The project to be billed for this request. Required for Requester Pays buckets.",
-              "location": "query",
-              "type": "string"
-            }
-          },
-          "path": "b/{bucket}/lockRetentionPolicy",
-          "response": {
-            "$ref": "Bucket"
-          },
-          "scopes": [
-            "https://www.googleapis.com/auth/cloud-platform",
-            "https://www.googleapis.com/auth/devstorage.full_control",
-            "https://www.googleapis.com/auth/devstorage.read_write"
-          ]
-        },
-        "patch": {
-          "description": "Patches a bucket. Changes to the bucket will be readable immediately after writing, but configuration changes may take time to propagate.",
-          "httpMethod": "PATCH",
-          "id": "storage.buckets.patch",
-          "parameterOrder": [
-            "bucket"
-          ],
-          "parameters": {
-            "bucket": {
-              "description": "Name of a bucket.",
-              "location": "path",
-              "required": true,
-              "type": "string"
-            },
-            "ifMetagenerationMatch": {
-              "description": "Makes the return of the bucket metadata conditional on whether the bucket's current metageneration matches the given value.",
-              "format": "int64",
-              "location": "query",
-              "type": "string"
-            },
-            "ifMetagenerationNotMatch": {
-              "description": "Makes the return of the bucket metadata conditional on whether the bucket's current metageneration does not match the given value.",
-              "format": "int64",
-              "location": "query",
-              "type": "string"
-            },
-            "predefinedAcl": {
-              "description": "Apply a predefined set of access controls to this bucket.",
-              "enum": [
-                "authenticatedRead",
-                "private",
-                "projectPrivate",
-                "publicRead",
-                "publicReadWrite"
-              ],
-              "enumDescriptions": [
-                "Project team owners get OWNER access, and allAuthenticatedUsers get READER access.",
-                "Project team owners get OWNER access.",
-                "Project team members get access according to their roles.",
-                "Project team owners get OWNER access, and allUsers get READER access.",
-                "Project team owners get OWNER access, and allUsers get WRITER access."
-              ],
-              "location": "query",
-              "type": "string"
-            },
-            "predefinedDefaultObjectAcl": {
-              "description": "Apply a predefined set of default object access controls to this bucket.",
-              "enum": [
-                "authenticatedRead",
-                "bucketOwnerFullControl",
-                "bucketOwnerRead",
-                "private",
-                "projectPrivate",
-                "publicRead"
-              ],
-              "enumDescriptions": [
-                "Object owner gets OWNER access, and allAuthenticatedUsers get READER access.",
-                "Object owner gets OWNER access, and project team owners get OWNER access.",
-                "Object owner gets OWNER access, and project team owners get READER access.",
-                "Object owner gets OWNER access.",
-                "Object owner gets OWNER access, and project team members get access according to their roles.",
-                "Object owner gets OWNER access, and allUsers get READER access."
-              ],
-              "location": "query",
-              "type": "string"
-            },
-            "projection": {
-              "description": "Set of properties to return. Defaults to full.",
-              "enum": [
-                "full",
-                "noAcl"
-              ],
-              "enumDescriptions": [
-                "Include all properties.",
-                "Omit owner, acl and defaultObjectAcl properties."
-              ],
-              "location": "query",
-              "type": "string"
-            },
-            "userProject": {
-              "description": "The project to be billed for this request. Required for Requester Pays buckets.",
-              "location": "query",
-              "type": "string"
-            }
-          },
-          "path": "b/{bucket}",
-          "request": {
-            "$ref": "Bucket"
-          },
-          "response": {
-            "$ref": "Bucket"
-          },
-          "scopes": [
-            "https://www.googleapis.com/auth/cloud-platform",
-            "https://www.googleapis.com/auth/devstorage.full_control"
-          ]
-        },
-        "setIamPolicy": {
-          "description": "Updates an IAM policy for the specified bucket.",
-          "httpMethod": "PUT",
-          "id": "storage.buckets.setIamPolicy",
-          "parameterOrder": [
-            "bucket"
-          ],
-          "parameters": {
-            "bucket": {
-              "description": "Name of a bucket.",
-              "location": "path",
-              "required": true,
-              "type": "string"
-            },
-            "userProject": {
-              "description": "The project to be billed for this request. Required for Requester Pays buckets.",
-              "location": "query",
-              "type": "string"
-            }
-          },
-          "path": "b/{bucket}/iam",
-          "request": {
-            "$ref": "Policy"
-          },
-          "response": {
-            "$ref": "Policy"
-          },
-          "scopes": [
-            "https://www.googleapis.com/auth/cloud-platform",
-            "https://www.googleapis.com/auth/devstorage.full_control"
-          ]
-        },
-        "testIamPermissions": {
-          "description": "Tests a set of permissions on the given bucket to see which, if any, are held by the caller.",
-          "httpMethod": "GET",
-          "id": "storage.buckets.testIamPermissions",
-          "parameterOrder": [
-            "bucket",
-            "permissions"
-          ],
-          "parameters": {
-            "bucket": {
-              "description": "Name of a bucket.",
-              "location": "path",
-              "required": true,
-              "type": "string"
-            },
-            "permissions": {
-              "description": "Permissions to test.",
-              "location": "query",
-              "repeated": true,
-              "required": true,
-              "type": "string"
-            },
-            "userProject": {
-              "description": "The project to be billed for this request. Required for Requester Pays buckets.",
-              "location": "query",
-              "type": "string"
-            }
-          },
-          "path": "b/{bucket}/iam/testPermissions",
-          "response": {
-            "$ref": "TestIamPermissionsResponse"
-          },
-          "scopes": [
-            "https://www.googleapis.com/auth/cloud-platform",
-            "https://www.googleapis.com/auth/cloud-platform.read-only",
-            "https://www.googleapis.com/auth/devstorage.full_control",
-            "https://www.googleapis.com/auth/devstorage.read_only",
-            "https://www.googleapis.com/auth/devstorage.read_write"
-          ]
-        },
-        "update": {
-          "description": "Updates a bucket. Changes to the bucket will be readable immediately after writing, but configuration changes may take time to propagate.",
-          "httpMethod": "PUT",
-          "id": "storage.buckets.update",
-          "parameterOrder": [
-            "bucket"
-          ],
-          "parameters": {
-            "bucket": {
-              "description": "Name of a bucket.",
-              "location": "path",
-              "required": true,
-              "type": "string"
-            },
-            "ifMetagenerationMatch": {
-              "description": "Makes the return of the bucket metadata conditional on whether the bucket's current metageneration matches the given value.",
-              "format": "int64",
-              "location": "query",
-              "type": "string"
-            },
-            "ifMetagenerationNotMatch": {
-              "description": "Makes the return of the bucket metadata conditional on whether the bucket's current metageneration does not match the given value.",
-              "format": "int64",
-              "location": "query",
-              "type": "string"
-            },
-            "predefinedAcl": {
-              "description": "Apply a predefined set of access controls to this bucket.",
-              "enum": [
-                "authenticatedRead",
-                "private",
-                "projectPrivate",
-                "publicRead",
-                "publicReadWrite"
-              ],
-              "enumDescriptions": [
-                "Project team owners get OWNER access, and allAuthenticatedUsers get READER access.",
-                "Project team owners get OWNER access.",
-                "Project team members get access according to their roles.",
-                "Project team owners get OWNER access, and allUsers get READER access.",
-                "Project team owners get OWNER access, and allUsers get WRITER access."
-              ],
-              "location": "query",
-              "type": "string"
-            },
-            "predefinedDefaultObjectAcl": {
-              "description": "Apply a predefined set of default object access controls to this bucket.",
-              "enum": [
-                "authenticatedRead",
-                "bucketOwnerFullControl",
-                "bucketOwnerRead",
-                "private",
-                "projectPrivate",
-                "publicRead"
-              ],
-              "enumDescriptions": [
-                "Object owner gets OWNER access, and allAuthenticatedUsers get READER access.",
-                "Object owner gets OWNER access, and project team owners get OWNER access.",
-                "Object owner gets OWNER access, and project team owners get READER access.",
-                "Object owner gets OWNER access.",
-                "Object owner gets OWNER access, and project team members get access according to their roles.",
-                "Object owner gets OWNER access, and allUsers get READER access."
-              ],
-              "location": "query",
-              "type": "string"
-            },
-            "projection": {
-              "description": "Set of properties to return. Defaults to full.",
-              "enum": [
-                "full",
-                "noAcl"
-              ],
-              "enumDescriptions": [
-                "Include all properties.",
-                "Omit owner, acl and defaultObjectAcl properties."
-              ],
-              "location": "query",
-              "type": "string"
-            },
-            "userProject": {
-              "description": "The project to be billed for this request. Required for Requester Pays buckets.",
-              "location": "query",
-              "type": "string"
-            }
-          },
-          "path": "b/{bucket}",
-          "request": {
-            "$ref": "Bucket"
-          },
-          "response": {
-            "$ref": "Bucket"
-          },
-          "scopes": [
-            "https://www.googleapis.com/auth/cloud-platform",
-            "https://www.googleapis.com/auth/devstorage.full_control"
-          ]
-        }
-      }
-    },
-    "channels": {
-      "methods": {
-        "stop": {
-          "description": "Stop watching resources through this channel",
-          "httpMethod": "POST",
-          "id": "storage.channels.stop",
-          "path": "channels/stop",
-          "request": {
-            "$ref": "Channel",
-            "parameterName": "resource"
-          },
-          "scopes": [
-            "https://www.googleapis.com/auth/cloud-platform",
-            "https://www.googleapis.com/auth/cloud-platform.read-only",
-            "https://www.googleapis.com/auth/devstorage.full_control",
-            "https://www.googleapis.com/auth/devstorage.read_only",
-            "https://www.googleapis.com/auth/devstorage.read_write"
-          ]
-        }
-      }
-    },
-    "defaultObjectAccessControls": {
-      "methods": {
-        "delete": {
-          "description": "Permanently deletes the default object ACL entry for the specified entity on the specified bucket.",
-          "httpMethod": "DELETE",
-          "id": "storage.defaultObjectAccessControls.delete",
-          "parameterOrder": [
-            "bucket",
-            "entity"
-          ],
-          "parameters": {
-            "bucket": {
-              "description": "Name of a bucket.",
-              "location": "path",
-              "required": true,
-              "type": "string"
-            },
-            "entity": {
-              "description": "The entity holding the permission. Can be user-userId, user-emailAddress, group-groupId, group-emailAddress, allUsers, or allAuthenticatedUsers.",
-              "location": "path",
-              "required": true,
-              "type": "string"
-            },
-            "userProject": {
-              "description": "The project to be billed for this request. Required for Requester Pays buckets.",
-              "location": "query",
-              "type": "string"
-            }
-          },
-          "path": "b/{bucket}/defaultObjectAcl/{entity}",
-          "scopes": [
-            "https://www.googleapis.com/auth/cloud-platform",
-            "https://www.googleapis.com/auth/devstorage.full_control"
-          ]
-        },
-        "get": {
-          "description": "Returns the default object ACL entry for the specified entity on the specified bucket.",
-          "httpMethod": "GET",
-          "id": "storage.defaultObjectAccessControls.get",
-          "parameterOrder": [
-            "bucket",
-            "entity"
-          ],
-          "parameters": {
-            "bucket": {
-              "description": "Name of a bucket.",
-              "location": "path",
-              "required": true,
-              "type": "string"
-            },
-            "entity": {
-              "description": "The entity holding the permission. Can be user-userId, user-emailAddress, group-groupId, group-emailAddress, allUsers, or allAuthenticatedUsers.",
-              "location": "path",
-              "required": true,
-              "type": "string"
-            },
-            "userProject": {
-              "description": "The project to be billed for this request. Required for Requester Pays buckets.",
-              "location": "query",
-              "type": "string"
-            }
-          },
-          "path": "b/{bucket}/defaultObjectAcl/{entity}",
-          "response": {
-            "$ref": "ObjectAccessControl"
-          },
-          "scopes": [
-            "https://www.googleapis.com/auth/cloud-platform",
-            "https://www.googleapis.com/auth/devstorage.full_control"
-          ]
-        },
-        "insert": {
-          "description": "Creates a new default object ACL entry on the specified bucket.",
-          "httpMethod": "POST",
-          "id": "storage.defaultObjectAccessControls.insert",
-          "parameterOrder": [
-            "bucket"
-          ],
-          "parameters": {
-            "bucket": {
-              "description": "Name of a bucket.",
-              "location": "path",
-              "required": true,
-              "type": "string"
-            },
-            "userProject": {
-              "description": "The project to be billed for this request. Required for Requester Pays buckets.",
-              "location": "query",
-              "type": "string"
-            }
-          },
-          "path": "b/{bucket}/defaultObjectAcl",
-          "request": {
-            "$ref": "ObjectAccessControl"
-          },
-          "response": {
-            "$ref": "ObjectAccessControl"
-          },
-          "scopes": [
-            "https://www.googleapis.com/auth/cloud-platform",
-            "https://www.googleapis.com/auth/devstorage.full_control"
-          ]
-        },
-        "list": {
-          "description": "Retrieves default object ACL entries on the specified bucket.",
-          "httpMethod": "GET",
-          "id": "storage.defaultObjectAccessControls.list",
-          "parameterOrder": [
-            "bucket"
-          ],
-          "parameters": {
-            "bucket": {
-              "description": "Name of a bucket.",
-              "location": "path",
-              "required": true,
-              "type": "string"
-            },
-            "ifMetagenerationMatch": {
-              "description": "If present, only return default ACL listing if the bucket's current metageneration matches this value.",
-              "format": "int64",
-              "location": "query",
-              "type": "string"
-            },
-            "ifMetagenerationNotMatch": {
-              "description": "If present, only return default ACL listing if the bucket's current metageneration does not match the given value.",
-              "format": "int64",
-              "location": "query",
-              "type": "string"
-            },
-            "userProject": {
-              "description": "The project to be billed for this request. Required for Requester Pays buckets.",
-              "location": "query",
-              "type": "string"
-            }
-          },
-          "path": "b/{bucket}/defaultObjectAcl",
-          "response": {
-            "$ref": "ObjectAccessControls"
-          },
-          "scopes": [
-            "https://www.googleapis.com/auth/cloud-platform",
-            "https://www.googleapis.com/auth/devstorage.full_control"
-          ]
-        },
-        "patch": {
-          "description": "Patches a default object ACL entry on the specified bucket.",
-          "httpMethod": "PATCH",
-          "id": "storage.defaultObjectAccessControls.patch",
-          "parameterOrder": [
-            "bucket",
-            "entity"
-          ],
-          "parameters": {
-            "bucket": {
-              "description": "Name of a bucket.",
-              "location": "path",
-              "required": true,
-              "type": "string"
-            },
-            "entity": {
-              "description": "The entity holding the permission. Can be user-userId, user-emailAddress, group-groupId, group-emailAddress, allUsers, or allAuthenticatedUsers.",
-              "location": "path",
-              "required": true,
-              "type": "string"
-            },
-            "userProject": {
-              "description": "The project to be billed for this request. Required for Requester Pays buckets.",
-              "location": "query",
-              "type": "string"
-            }
-          },
-          "path": "b/{bucket}/defaultObjectAcl/{entity}",
-          "request": {
-            "$ref": "ObjectAccessControl"
-          },
-          "response": {
-            "$ref": "ObjectAccessControl"
-          },
-          "scopes": [
-            "https://www.googleapis.com/auth/cloud-platform",
-            "https://www.googleapis.com/auth/devstorage.full_control"
-          ]
-        },
-        "update": {
-          "description": "Updates a default object ACL entry on the specified bucket.",
-          "httpMethod": "PUT",
-          "id": "storage.defaultObjectAccessControls.update",
-          "parameterOrder": [
-            "bucket",
-            "entity"
-          ],
-          "parameters": {
-            "bucket": {
-              "description": "Name of a bucket.",
-              "location": "path",
-              "required": true,
-              "type": "string"
-            },
-            "entity": {
-              "description": "The entity holding the permission. Can be user-userId, user-emailAddress, group-groupId, group-emailAddress, allUsers, or allAuthenticatedUsers.",
-              "location": "path",
-              "required": true,
-              "type": "string"
-            },
-            "userProject": {
-              "description": "The project to be billed for this request. Required for Requester Pays buckets.",
-              "location": "query",
-              "type": "string"
-            }
-          },
-          "path": "b/{bucket}/defaultObjectAcl/{entity}",
-          "request": {
-            "$ref": "ObjectAccessControl"
-          },
-          "response": {
-            "$ref": "ObjectAccessControl"
-          },
-          "scopes": [
-            "https://www.googleapis.com/auth/cloud-platform",
-            "https://www.googleapis.com/auth/devstorage.full_control"
-          ]
-        }
-      }
-    },
-    "notifications": {
-      "methods": {
-        "delete": {
-          "description": "Permanently deletes a notification subscription.",
-          "httpMethod": "DELETE",
-          "id": "storage.notifications.delete",
-          "parameterOrder": [
-            "bucket",
-            "notification"
-          ],
-          "parameters": {
-            "bucket": {
-              "description": "The parent bucket of the notification.",
-              "location": "path",
-              "required": true,
-              "type": "string"
-            },
-            "notification": {
-              "description": "ID of the notification to delete.",
-              "location": "path",
-              "required": true,
-              "type": "string"
-            },
-            "userProject": {
-              "description": "The project to be billed for this request. Required for Requester Pays buckets.",
-              "location": "query",
-              "type": "string"
-            }
-          },
-          "path": "b/{bucket}/notificationConfigs/{notification}",
-          "scopes": [
-            "https://www.googleapis.com/auth/cloud-platform",
-            "https://www.googleapis.com/auth/devstorage.full_control",
-            "https://www.googleapis.com/auth/devstorage.read_write"
-          ]
-        },
-        "get": {
-          "description": "View a notification configuration.",
-          "httpMethod": "GET",
-          "id": "storage.notifications.get",
-          "parameterOrder": [
-            "bucket",
-            "notification"
-          ],
-          "parameters": {
-            "bucket": {
-              "description": "The parent bucket of the notification.",
-              "location": "path",
-              "required": true,
-              "type": "string"
-            },
-            "notification": {
-              "description": "Notification ID",
-              "location": "path",
-              "required": true,
-              "type": "string"
-            },
-            "userProject": {
-              "description": "The project to be billed for this request. Required for Requester Pays buckets.",
-              "location": "query",
-              "type": "string"
-            }
-          },
-          "path": "b/{bucket}/notificationConfigs/{notification}",
-          "response": {
-            "$ref": "Notification"
-          },
-          "scopes": [
-            "https://www.googleapis.com/auth/cloud-platform",
-            "https://www.googleapis.com/auth/cloud-platform.read-only",
-            "https://www.googleapis.com/auth/devstorage.full_control",
-            "https://www.googleapis.com/auth/devstorage.read_only",
-            "https://www.googleapis.com/auth/devstorage.read_write"
-          ]
-        },
-        "insert": {
-          "description": "Creates a notification subscription for a given bucket.",
-          "httpMethod": "POST",
-          "id": "storage.notifications.insert",
-          "parameterOrder": [
-            "bucket"
-          ],
-          "parameters": {
-            "bucket": {
-              "description": "The parent bucket of the notification.",
-              "location": "path",
-              "required": true,
-              "type": "string"
-            },
-            "userProject": {
-              "description": "The project to be billed for this request. Required for Requester Pays buckets.",
-              "location": "query",
-              "type": "string"
-            }
-          },
-          "path": "b/{bucket}/notificationConfigs",
-          "request": {
-            "$ref": "Notification"
-          },
-          "response": {
-            "$ref": "Notification"
-          },
-          "scopes": [
-            "https://www.googleapis.com/auth/cloud-platform",
-            "https://www.googleapis.com/auth/devstorage.full_control",
-            "https://www.googleapis.com/auth/devstorage.read_write"
-          ]
-        },
-        "list": {
-          "description": "Retrieves a list of notification subscriptions for a given bucket.",
-          "httpMethod": "GET",
-          "id": "storage.notifications.list",
-          "parameterOrder": [
-            "bucket"
-          ],
-          "parameters": {
-            "bucket": {
-              "description": "Name of a Google Cloud Storage bucket.",
-              "location": "path",
-              "required": true,
-              "type": "string"
-            },
-            "userProject": {
-              "description": "The project to be billed for this request. Required for Requester Pays buckets.",
-              "location": "query",
-              "type": "string"
-            }
-          },
-          "path": "b/{bucket}/notificationConfigs",
-          "response": {
-            "$ref": "Notifications"
-          },
-          "scopes": [
-            "https://www.googleapis.com/auth/cloud-platform",
-            "https://www.googleapis.com/auth/cloud-platform.read-only",
-            "https://www.googleapis.com/auth/devstorage.full_control",
-            "https://www.googleapis.com/auth/devstorage.read_only",
-            "https://www.googleapis.com/auth/devstorage.read_write"
-          ]
-        }
-      }
-    },
-    "objectAccessControls": {
-      "methods": {
-        "delete": {
-          "description": "Permanently deletes the ACL entry for the specified entity on the specified object.",
-          "httpMethod": "DELETE",
-          "id": "storage.objectAccessControls.delete",
-          "parameterOrder": [
-            "bucket",
-            "object",
-            "entity"
-          ],
-          "parameters": {
-            "bucket": {
-              "description": "Name of a bucket.",
-              "location": "path",
-              "required": true,
-              "type": "string"
-            },
-            "entity": {
-              "description": "The entity holding the permission. Can be user-userId, user-emailAddress, group-groupId, group-emailAddress, allUsers, or allAuthenticatedUsers.",
-              "location": "path",
-              "required": true,
-              "type": "string"
-            },
-            "generation": {
-              "description": "If present, selects a specific revision of this object (as opposed to the latest version, the default).",
-              "format": "int64",
-              "location": "query",
-              "type": "string"
-            },
-            "object": {
-              "description": "Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.",
-              "location": "path",
-              "required": true,
-              "type": "string"
-            },
-            "userProject": {
-              "description": "The project to be billed for this request. Required for Requester Pays buckets.",
-              "location": "query",
-              "type": "string"
-            }
-          },
-          "path": "b/{bucket}/o/{object}/acl/{entity}",
-          "scopes": [
-            "https://www.googleapis.com/auth/cloud-platform",
-            "https://www.googleapis.com/auth/devstorage.full_control"
-          ]
-        },
-        "get": {
-          "description": "Returns the ACL entry for the specified entity on the specified object.",
-          "httpMethod": "GET",
-          "id": "storage.objectAccessControls.get",
-          "parameterOrder": [
-            "bucket",
-            "object",
-            "entity"
-          ],
-          "parameters": {
-            "bucket": {
-              "description": "Name of a bucket.",
-              "location": "path",
-              "required": true,
-              "type": "string"
-            },
-            "entity": {
-              "description": "The entity holding the permission. Can be user-userId, user-emailAddress, group-groupId, group-emailAddress, allUsers, or allAuthenticatedUsers.",
-              "location": "path",
-              "required": true,
-              "type": "string"
-            },
-            "generation": {
-              "description": "If present, selects a specific revision of this object (as opposed to the latest version, the default).",
-              "format": "int64",
-              "location": "query",
-              "type": "string"
-            },
-            "object": {
-              "description": "Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.",
-              "location": "path",
-              "required": true,
-              "type": "string"
-            },
-            "userProject": {
-              "description": "The project to be billed for this request. Required for Requester Pays buckets.",
-              "location": "query",
-              "type": "string"
-            }
-          },
-          "path": "b/{bucket}/o/{object}/acl/{entity}",
-          "response": {
-            "$ref": "ObjectAccessControl"
-          },
-          "scopes": [
-            "https://www.googleapis.com/auth/cloud-platform",
-            "https://www.googleapis.com/auth/devstorage.full_control"
-          ]
-        },
-        "insert": {
-          "description": "Creates a new ACL entry on the specified object.",
-          "httpMethod": "POST",
-          "id": "storage.objectAccessControls.insert",
-          "parameterOrder": [
-            "bucket",
-            "object"
-          ],
-          "parameters": {
-            "bucket": {
-              "description": "Name of a bucket.",
-              "location": "path",
-              "required": true,
-              "type": "string"
-            },
-            "generation": {
-              "description": "If present, selects a specific revision of this object (as opposed to the latest version, the default).",
-              "format": "int64",
-              "location": "query",
-              "type": "string"
-            },
-            "object": {
-              "description": "Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.",
-              "location": "path",
-              "required": true,
-              "type": "string"
-            },
-            "userProject": {
-              "description": "The project to be billed for this request. Required for Requester Pays buckets.",
-              "location": "query",
-              "type": "string"
-            }
-          },
-          "path": "b/{bucket}/o/{object}/acl",
-          "request": {
-            "$ref": "ObjectAccessControl"
-          },
-          "response": {
-            "$ref": "ObjectAccessControl"
-          },
-          "scopes": [
-            "https://www.googleapis.com/auth/cloud-platform",
-            "https://www.googleapis.com/auth/devstorage.full_control"
-          ]
-        },
-        "list": {
-          "description": "Retrieves ACL entries on the specified object.",
-          "httpMethod": "GET",
-          "id": "storage.objectAccessControls.list",
-          "parameterOrder": [
-            "bucket",
-            "object"
-          ],
-          "parameters": {
-            "bucket": {
-              "description": "Name of a bucket.",
-              "location": "path",
-              "required": true,
-              "type": "string"
-            },
-            "generation": {
-              "description": "If present, selects a specific revision of this object (as opposed to the latest version, the default).",
-              "format": "int64",
-              "location": "query",
-              "type": "string"
-            },
-            "object": {
-              "description": "Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.",
-              "location": "path",
-              "required": true,
-              "type": "string"
-            },
-            "userProject": {
-              "description": "The project to be billed for this request. Required for Requester Pays buckets.",
-              "location": "query",
-              "type": "string"
-            }
-          },
-          "path": "b/{bucket}/o/{object}/acl",
-          "response": {
-            "$ref": "ObjectAccessControls"
-          },
-          "scopes": [
-            "https://www.googleapis.com/auth/cloud-platform",
-            "https://www.googleapis.com/auth/devstorage.full_control"
-          ]
-        },
-        "patch": {
-          "description": "Patches an ACL entry on the specified object.",
-          "httpMethod": "PATCH",
-          "id": "storage.objectAccessControls.patch",
-          "parameterOrder": [
-            "bucket",
-            "object",
-            "entity"
-          ],
-          "parameters": {
-            "bucket": {
-              "description": "Name of a bucket.",
-              "location": "path",
-              "required": true,
-              "type": "string"
-            },
-            "entity": {
-              "description": "The entity holding the permission. Can be user-userId, user-emailAddress, group-groupId, group-emailAddress, allUsers, or allAuthenticatedUsers.",
-              "location": "path",
-              "required": true,
-              "type": "string"
-            },
-            "generation": {
-              "description": "If present, selects a specific revision of this object (as opposed to the latest version, the default).",
-              "format": "int64",
-              "location": "query",
-              "type": "string"
-            },
-            "object": {
-              "description": "Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.",
-              "location": "path",
-              "required": true,
-              "type": "string"
-            },
-            "userProject": {
-              "description": "The project to be billed for this request. Required for Requester Pays buckets.",
-              "location": "query",
-              "type": "string"
-            }
-          },
-          "path": "b/{bucket}/o/{object}/acl/{entity}",
-          "request": {
-            "$ref": "ObjectAccessControl"
-          },
-          "response": {
-            "$ref": "ObjectAccessControl"
-          },
-          "scopes": [
-            "https://www.googleapis.com/auth/cloud-platform",
-            "https://www.googleapis.com/auth/devstorage.full_control"
-          ]
-        },
-        "update": {
-          "description": "Updates an ACL entry on the specified object.",
-          "httpMethod": "PUT",
-          "id": "storage.objectAccessControls.update",
-          "parameterOrder": [
-            "bucket",
-            "object",
-            "entity"
-          ],
-          "parameters": {
-            "bucket": {
-              "description": "Name of a bucket.",
-              "location": "path",
-              "required": true,
-              "type": "string"
-            },
-            "entity": {
-              "description": "The entity holding the permission. Can be user-userId, user-emailAddress, group-groupId, group-emailAddress, allUsers, or allAuthenticatedUsers.",
-              "location": "path",
-              "required": true,
-              "type": "string"
-            },
-            "generation": {
-              "description": "If present, selects a specific revision of this object (as opposed to the latest version, the default).",
-              "format": "int64",
-              "location": "query",
-              "type": "string"
-            },
-            "object": {
-              "description": "Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.",
-              "location": "path",
-              "required": true,
-              "type": "string"
-            },
-            "userProject": {
-              "description": "The project to be billed for this request. Required for Requester Pays buckets.",
-              "location": "query",
-              "type": "string"
-            }
-          },
-          "path": "b/{bucket}/o/{object}/acl/{entity}",
-          "request": {
-            "$ref": "ObjectAccessControl"
-          },
-          "response": {
-            "$ref": "ObjectAccessControl"
-          },
-          "scopes": [
-            "https://www.googleapis.com/auth/cloud-platform",
-            "https://www.googleapis.com/auth/devstorage.full_control"
-          ]
-        }
-      }
-    },
-    "objects": {
-      "methods": {
-        "compose": {
-          "description": "Concatenates a list of existing objects into a new object in the same bucket.",
-          "httpMethod": "POST",
-          "id": "storage.objects.compose",
-          "parameterOrder": [
-            "destinationBucket",
-            "destinationObject"
-          ],
-          "parameters": {
-            "destinationBucket": {
-              "description": "Name of the bucket containing the source objects. The destination object is stored in this bucket.",
-              "location": "path",
-              "required": true,
-              "type": "string"
-            },
-            "destinationObject": {
-              "description": "Name of the new object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.",
-              "location": "path",
-              "required": true,
-              "type": "string"
-            },
-            "destinationPredefinedAcl": {
-              "description": "Apply a predefined set of access controls to the destination object.",
-              "enum": [
-                "authenticatedRead",
-                "bucketOwnerFullControl",
-                "bucketOwnerRead",
-                "private",
-                "projectPrivate",
-                "publicRead"
-              ],
-              "enumDescriptions": [
-                "Object owner gets OWNER access, and allAuthenticatedUsers get READER access.",
-                "Object owner gets OWNER access, and project team owners get OWNER access.",
-                "Object owner gets OWNER access, and project team owners get READER access.",
-                "Object owner gets OWNER access.",
-                "Object owner gets OWNER access, and project team members get access according to their roles.",
-                "Object owner gets OWNER access, and allUsers get READER access."
-              ],
-              "location": "query",
-              "type": "string"
-            },
-            "ifGenerationMatch": {
-              "description": "Makes the operation conditional on whether the object's current generation matches the given value. Setting to 0 makes the operation succeed only if there are no live versions of the object.",
-              "format": "int64",
-              "location": "query",
-              "type": "string"
-            },
-            "ifMetagenerationMatch": {
-              "description": "Makes the operation conditional on whether the object's current metageneration matches the given value.",
-              "format": "int64",
-              "location": "query",
-              "type": "string"
-            },
-            "kmsKeyName": {
-              "description": "Resource name of the Cloud KMS key, of the form projects/my-project/locations/global/keyRings/my-kr/cryptoKeys/my-key, that will be used to encrypt the object. Overrides the object metadata's kms_key_name value, if any.",
-              "location": "query",
-              "type": "string"
-            },
-            "userProject": {
-              "description": "The project to be billed for this request. Required for Requester Pays buckets.",
-              "location": "query",
-              "type": "string"
-            }
-          },
-          "path": "b/{destinationBucket}/o/{destinationObject}/compose",
-          "request": {
-            "$ref": "ComposeRequest"
-          },
-          "response": {
-            "$ref": "Object"
-          },
-          "scopes": [
-            "https://www.googleapis.com/auth/cloud-platform",
-            "https://www.googleapis.com/auth/devstorage.full_control",
-            "https://www.googleapis.com/auth/devstorage.read_write"
-          ]
-        },
-        "copy": {
-          "description": "Copies a source object to a destination object. Optionally overrides metadata.",
-          "httpMethod": "POST",
-          "id": "storage.objects.copy",
-          "parameterOrder": [
-            "sourceBucket",
-            "sourceObject",
-            "destinationBucket",
-            "destinationObject"
-          ],
-          "parameters": {
-            "destinationBucket": {
-              "description": "Name of the bucket in which to store the new object. Overrides the provided object metadata's bucket value, if any.For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.",
-              "location": "path",
-              "required": true,
-              "type": "string"
-            },
-            "destinationKmsKeyName": {
-              "description": "Resource name of the Cloud KMS key, of the form projects/my-project/locations/global/keyRings/my-kr/cryptoKeys/my-key, that will be used to encrypt the object. Overrides the object metadata's kms_key_name value, if any.",
-              "location": "query",
-              "type": "string"
-            },
-            "destinationObject": {
-              "description": "Name of the new object. Required when the object metadata is not otherwise provided. Overrides the object metadata's name value, if any.",
-              "location": "path",
-              "required": true,
-              "type": "string"
-            },
-            "destinationPredefinedAcl": {
-              "description": "Apply a predefined set of access controls to the destination object.",
-              "enum": [
-                "authenticatedRead",
-                "bucketOwnerFullControl",
-                "bucketOwnerRead",
-                "private",
-                "projectPrivate",
-                "publicRead"
-              ],
-              "enumDescriptions": [
-                "Object owner gets OWNER access, and allAuthenticatedUsers get READER access.",
-                "Object owner gets OWNER access, and project team owners get OWNER access.",
-                "Object owner gets OWNER access, and project team owners get READER access.",
-                "Object owner gets OWNER access.",
-                "Object owner gets OWNER access, and project team members get access according to their roles.",
-                "Object owner gets OWNER access, and allUsers get READER access."
-              ],
-              "location": "query",
-              "type": "string"
-            },
-            "ifGenerationMatch": {
-              "description": "Makes the operation conditional on whether the destination object's current generation matches the given value. Setting to 0 makes the operation succeed only if there are no live versions of the object.",
-              "format": "int64",
-              "location": "query",
-              "type": "string"
-            },
-            "ifGenerationNotMatch": {
-              "description": "Makes the operation conditional on whether the destination object's current generation does not match the given value. If no live object exists, the precondition fails. Setting to 0 makes the operation succeed only if there is a live version of the object.",
-              "format": "int64",
-              "location": "query",
-              "type": "string"
-            },
-            "ifMetagenerationMatch": {
-              "description": "Makes the operation conditional on whether the destination object's current metageneration matches the given value.",
-              "format": "int64",
-              "location": "query",
-              "type": "string"
-            },
-            "ifMetagenerationNotMatch": {
-              "description": "Makes the operation conditional on whether the destination object's current metageneration does not match the given value.",
-              "format": "int64",
-              "location": "query",
-              "type": "string"
-            },
-            "ifSourceGenerationMatch": {
-              "description": "Makes the operation conditional on whether the source object's current generation matches the given value.",
-              "format": "int64",
-              "location": "query",
-              "type": "string"
-            },
-            "ifSourceGenerationNotMatch": {
-              "description": "Makes the operation conditional on whether the source object's current generation does not match the given value.",
-              "format": "int64",
-              "location": "query",
-              "type": "string"
-            },
-            "ifSourceMetagenerationMatch": {
-              "description": "Makes the operation conditional on whether the source object's current metageneration matches the given value.",
-              "format": "int64",
-              "location": "query",
-              "type": "string"
-            },
-            "ifSourceMetagenerationNotMatch": {
-              "description": "Makes the operation conditional on whether the source object's current metageneration does not match the given value.",
-              "format": "int64",
-              "location": "query",
-              "type": "string"
-            },
-            "projection": {
-              "description": "Set of properties to return. Defaults to noAcl, unless the object resource specifies the acl property, when it defaults to full.",
-              "enum": [
-                "full",
-                "noAcl"
-              ],
-              "enumDescriptions": [
-                "Include all properties.",
-                "Omit the owner, acl property."
-              ],
-              "location": "query",
-              "type": "string"
-            },
-            "sourceBucket": {
-              "description": "Name of the bucket in which to find the source object.",
-              "location": "path",
-              "required": true,
-              "type": "string"
-            },
-            "sourceGeneration": {
-              "description": "If present, selects a specific revision of the source object (as opposed to the latest version, the default).",
-              "format": "int64",
-              "location": "query",
-              "type": "string"
-            },
-            "sourceObject": {
-              "description": "Name of the source object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.",
-              "location": "path",
-              "required": true,
-              "type": "string"
-            },
-            "userProject": {
-              "description": "The project to be billed for this request. Required for Requester Pays buckets.",
-              "location": "query",
-              "type": "string"
-            }
-          },
-          "path": "b/{sourceBucket}/o/{sourceObject}/copyTo/b/{destinationBucket}/o/{destinationObject}",
-          "request": {
-            "$ref": "Object"
-          },
-          "response": {
-            "$ref": "Object"
-          },
-          "scopes": [
-            "https://www.googleapis.com/auth/cloud-platform",
-            "https://www.googleapis.com/auth/devstorage.full_control",
-            "https://www.googleapis.com/auth/devstorage.read_write"
-          ]
-        },
-        "delete": {
-          "description": "Deletes an object and its metadata. Deletions are permanent if versioning is not enabled for the bucket, or if the generation parameter is used.",
-          "httpMethod": "DELETE",
-          "id": "storage.objects.delete",
-          "parameterOrder": [
-            "bucket",
-            "object"
-          ],
-          "parameters": {
-            "bucket": {
-              "description": "Name of the bucket in which the object resides.",
-              "location": "path",
-              "required": true,
-              "type": "string"
-            },
-            "generation": {
-              "description": "If present, permanently deletes a specific revision of this object (as opposed to the latest version, the default).",
-              "format": "int64",
-              "location": "query",
-              "type": "string"
-            },
-            "ifGenerationMatch": {
-              "description": "Makes the operation conditional on whether the object's current generation matches the given value. Setting to 0 makes the operation succeed only if there are no live versions of the object.",
-              "format": "int64",
-              "location": "query",
-              "type": "string"
-            },
-            "ifGenerationNotMatch": {
-              "description": "Makes the operation conditional on whether the object's current generation does not match the given value. If no live object exists, the precondition fails. Setting to 0 makes the operation succeed only if there is a live version of the object.",
-              "format": "int64",
-              "location": "query",
-              "type": "string"
-            },
-            "ifMetagenerationMatch": {
-              "description": "Makes the operation conditional on whether the object's current metageneration matches the given value.",
-              "format": "int64",
-              "location": "query",
-              "type": "string"
-            },
-            "ifMetagenerationNotMatch": {
-              "description": "Makes the operation conditional on whether the object's current metageneration does not match the given value.",
-              "format": "int64",
-              "location": "query",
-              "type": "string"
-            },
-            "object": {
-              "description": "Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.",
-              "location": "path",
-              "required": true,
-              "type": "string"
-            },
-            "userProject": {
-              "description": "The project to be billed for this request. Required for Requester Pays buckets.",
-              "location": "query",
-              "type": "string"
-            }
-          },
-          "path": "b/{bucket}/o/{object}",
-          "scopes": [
-            "https://www.googleapis.com/auth/cloud-platform",
-            "https://www.googleapis.com/auth/devstorage.full_control",
-            "https://www.googleapis.com/auth/devstorage.read_write"
-          ]
-        },
-        "get": {
-          "description": "Retrieves an object or its metadata.",
-          "httpMethod": "GET",
-          "id": "storage.objects.get",
-          "parameterOrder": [
-            "bucket",
-            "object"
-          ],
-          "parameters": {
-            "bucket": {
-              "description": "Name of the bucket in which the object resides.",
-              "location": "path",
-              "required": true,
-              "type": "string"
-            },
-            "generation": {
-              "description": "If present, selects a specific revision of this object (as opposed to the latest version, the default).",
-              "format": "int64",
-              "location": "query",
-              "type": "string"
-            },
-            "ifGenerationMatch": {
-              "description": "Makes the operation conditional on whether the object's current generation matches the given value. Setting to 0 makes the operation succeed only if there are no live versions of the object.",
-              "format": "int64",
-              "location": "query",
-              "type": "string"
-            },
-            "ifGenerationNotMatch": {
-              "description": "Makes the operation conditional on whether the object's current generation does not match the given value. If no live object exists, the precondition fails. Setting to 0 makes the operation succeed only if there is a live version of the object.",
-              "format": "int64",
-              "location": "query",
-              "type": "string"
-            },
-            "ifMetagenerationMatch": {
-              "description": "Makes the operation conditional on whether the object's current metageneration matches the given value.",
-              "format": "int64",
-              "location": "query",
-              "type": "string"
-            },
-            "ifMetagenerationNotMatch": {
-              "description": "Makes the operation conditional on whether the object's current metageneration does not match the given value.",
-              "format": "int64",
-              "location": "query",
-              "type": "string"
-            },
-            "object": {
-              "description": "Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.",
-              "location": "path",
-              "required": true,
-              "type": "string"
-            },
-            "projection": {
-              "description": "Set of properties to return. Defaults to noAcl.",
-              "enum": [
-                "full",
-                "noAcl"
-              ],
-              "enumDescriptions": [
-                "Include all properties.",
-                "Omit the owner, acl property."
-              ],
-              "location": "query",
-              "type": "string"
-            },
-            "userProject": {
-              "description": "The project to be billed for this request. Required for Requester Pays buckets.",
-              "location": "query",
-              "type": "string"
-            }
-          },
-          "path": "b/{bucket}/o/{object}",
-          "response": {
-            "$ref": "Object"
-          },
-          "scopes": [
-            "https://www.googleapis.com/auth/cloud-platform",
-            "https://www.googleapis.com/auth/cloud-platform.read-only",
-            "https://www.googleapis.com/auth/devstorage.full_control",
-            "https://www.googleapis.com/auth/devstorage.read_only",
-            "https://www.googleapis.com/auth/devstorage.read_write"
-          ],
-          "supportsMediaDownload": true,
-          "useMediaDownloadService": true
-        },
-        "getIamPolicy": {
-          "description": "Returns an IAM policy for the specified object.",
-          "httpMethod": "GET",
-          "id": "storage.objects.getIamPolicy",
-          "parameterOrder": [
-            "bucket",
-            "object"
-          ],
-          "parameters": {
-            "bucket": {
-              "description": "Name of the bucket in which the object resides.",
-              "location": "path",
-              "required": true,
-              "type": "string"
-            },
-            "generation": {
-              "description": "If present, selects a specific revision of this object (as opposed to the latest version, the default).",
-              "format": "int64",
-              "location": "query",
-              "type": "string"
-            },
-            "object": {
-              "description": "Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.",
-              "location": "path",
-              "required": true,
-              "type": "string"
-            },
-            "userProject": {
-              "description": "The project to be billed for this request. Required for Requester Pays buckets.",
-              "location": "query",
-              "type": "string"
-            }
-          },
-          "path": "b/{bucket}/o/{object}/iam",
-          "response": {
-            "$ref": "Policy"
-          },
-          "scopes": [
-            "https://www.googleapis.com/auth/cloud-platform",
-            "https://www.googleapis.com/auth/cloud-platform.read-only",
-            "https://www.googleapis.com/auth/devstorage.full_control",
-            "https://www.googleapis.com/auth/devstorage.read_only",
-            "https://www.googleapis.com/auth/devstorage.read_write"
-          ]
-        },
-        "insert": {
-          "description": "Stores a new object and metadata.",
-          "httpMethod": "POST",
-          "id": "storage.objects.insert",
-          "mediaUpload": {
-            "accept": [
-              "*/*"
-            ],
-            "protocols": {
-              "resumable": {
-                "multipart": true,
-                "path": "/resumable/upload/storage/v1/b/{bucket}/o"
-              },
-              "simple": {
-                "multipart": true,
-                "path": "/upload/storage/v1/b/{bucket}/o"
-              }
-            }
-          },
-          "parameterOrder": [
-            "bucket"
-          ],
-          "parameters": {
-            "bucket": {
-              "description": "Name of the bucket in which to store the new object. Overrides the provided object metadata's bucket value, if any.",
-              "location": "path",
-              "required": true,
-              "type": "string"
-            },
-            "contentEncoding": {
-              "description": "If set, sets the contentEncoding property of the final object to this value. Setting this parameter is equivalent to setting the contentEncoding metadata property. This can be useful when uploading an object with uploadType=media to indicate the encoding of the content being uploaded.",
-              "location": "query",
-              "type": "string"
-            },
-            "ifGenerationMatch": {
-              "description": "Makes the operation conditional on whether the object's current generation matches the given value. Setting to 0 makes the operation succeed only if there are no live versions of the object.",
-              "format": "int64",
-              "location": "query",
-              "type": "string"
-            },
-            "ifGenerationNotMatch": {
-              "description": "Makes the operation conditional on whether the object's current generation does not match the given value. If no live object exists, the precondition fails. Setting to 0 makes the operation succeed only if there is a live version of the object.",
-              "format": "int64",
-              "location": "query",
-              "type": "string"
-            },
-            "ifMetagenerationMatch": {
-              "description": "Makes the operation conditional on whether the object's current metageneration matches the given value.",
-              "format": "int64",
-              "location": "query",
-              "type": "string"
-            },
-            "ifMetagenerationNotMatch": {
-              "description": "Makes the operation conditional on whether the object's current metageneration does not match the given value.",
-              "format": "int64",
-              "location": "query",
-              "type": "string"
-            },
-            "kmsKeyName": {
-              "description": "Resource name of the Cloud KMS key, of the form projects/my-project/locations/global/keyRings/my-kr/cryptoKeys/my-key, that will be used to encrypt the object. Overrides the object metadata's kms_key_name value, if any.",
-              "location": "query",
-              "type": "string"
-            },
-            "name": {
-              "description": "Name of the object. Required when the object metadata is not otherwise provided. Overrides the object metadata's name value, if any. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.",
-              "location": "query",
-              "type": "string"
-            },
-            "predefinedAcl": {
-              "description": "Apply a predefined set of access controls to this object.",
-              "enum": [
-                "authenticatedRead",
-                "bucketOwnerFullControl",
-                "bucketOwnerRead",
-                "private",
-                "projectPrivate",
-                "publicRead"
-              ],
-              "enumDescriptions": [
-                "Object owner gets OWNER access, and allAuthenticatedUsers get READER access.",
-                "Object owner gets OWNER access, and project team owners get OWNER access.",
-                "Object owner gets OWNER access, and project team owners get READER access.",
-                "Object owner gets OWNER access.",
-                "Object owner gets OWNER access, and project team members get access according to their roles.",
-                "Object owner gets OWNER access, and allUsers get READER access."
-              ],
-              "location": "query",
-              "type": "string"
-            },
-            "projection": {
-              "description": "Set of properties to return. Defaults to noAcl, unless the object resource specifies the acl property, when it defaults to full.",
-              "enum": [
-                "full",
-                "noAcl"
-              ],
-              "enumDescriptions": [
-                "Include all properties.",
-                "Omit the owner, acl property."
-              ],
-              "location": "query",
-              "type": "string"
-            },
-            "userProject": {
-              "description": "The project to be billed for this request. Required for Requester Pays buckets.",
-              "location": "query",
-              "type": "string"
-            }
-          },
-          "path": "b/{bucket}/o",
-          "request": {
-            "$ref": "Object"
-          },
-          "response": {
-            "$ref": "Object"
-          },
-          "scopes": [
-            "https://www.googleapis.com/auth/cloud-platform",
-            "https://www.googleapis.com/auth/devstorage.full_control",
-            "https://www.googleapis.com/auth/devstorage.read_write"
-          ],
-          "supportsMediaUpload": true
-        },
-        "list": {
-          "description": "Retrieves a list of objects matching the criteria.",
-          "httpMethod": "GET",
-          "id": "storage.objects.list",
-          "parameterOrder": [
-            "bucket"
-          ],
-          "parameters": {
-            "bucket": {
-              "description": "Name of the bucket in which to look for objects.",
-              "location": "path",
-              "required": true,
-              "type": "string"
-            },
-            "delimiter": {
-              "description": "Returns results in a directory-like mode. items will contain only objects whose names, aside from the prefix, do not contain delimiter. Objects whose names, aside from the prefix, contain delimiter will have their name, truncated after the delimiter, returned in prefixes. Duplicate prefixes are omitted.",
-              "location": "query",
-              "type": "string"
-            },
-            "endOffset": {
-              "description": "Filter results to objects whose names are lexicographically before endOffset. If startOffset is also set, the objects listed will have names between startOffset (inclusive) and endOffset (exclusive).",
-              "location": "query",
-              "type": "string"
-            },
-            "includeTrailingDelimiter": {
-              "description": "If true, objects that end in exactly one instance of delimiter will have their metadata included in items in addition to prefixes.",
-              "location": "query",
-              "type": "boolean"
-            },
-            "matchGlob": {
-              "description": "Filter results to objects and prefixes that match this glob pattern.",
-              "location": "query",
-              "type": "string"
-            },
-            "maxResults": {
-              "default": "1000",
-              "description": "Maximum number of items plus prefixes to return in a single page of responses. As duplicate prefixes are omitted, fewer total results may be returned than requested. The service will use this parameter or 1,000 items, whichever is smaller.",
-              "format": "uint32",
-              "location": "query",
-              "minimum": "0",
-              "type": "integer"
-            },
-            "pageToken": {
-              "description": "A previously-returned page token representing part of the larger set of results to view.",
-              "location": "query",
-              "type": "string"
-            },
-            "prefix": {
-              "description": "Filter results to objects whose names begin with this prefix.",
-              "location": "query",
-              "type": "string"
-            },
-            "projection": {
-              "description": "Set of properties to return. Defaults to noAcl.",
-              "enum": [
-                "full",
-                "noAcl"
-              ],
-              "enumDescriptions": [
-                "Include all properties.",
-                "Omit the owner, acl property."
-              ],
-              "location": "query",
-              "type": "string"
-            },
-            "startOffset": {
-              "description": "Filter results to objects whose names are lexicographically equal to or after startOffset. If endOffset is also set, the objects listed will have names between startOffset (inclusive) and endOffset (exclusive).",
-              "location": "query",
-              "type": "string"
-            },
-            "userProject": {
-              "description": "The project to be billed for this request. Required for Requester Pays buckets.",
-              "location": "query",
-              "type": "string"
-            },
-            "versions": {
-              "description": "If true, lists all versions of an object as distinct results. The default is false. For more information, see Object Versioning.",
-              "location": "query",
-              "type": "boolean"
-            }
-          },
-          "path": "b/{bucket}/o",
-          "response": {
-            "$ref": "Objects"
-          },
-          "scopes": [
-            "https://www.googleapis.com/auth/cloud-platform",
-            "https://www.googleapis.com/auth/cloud-platform.read-only",
-            "https://www.googleapis.com/auth/devstorage.full_control",
-            "https://www.googleapis.com/auth/devstorage.read_only",
-            "https://www.googleapis.com/auth/devstorage.read_write"
-          ],
-          "supportsSubscription": true
-        },
-        "patch": {
-          "description": "Patches an object's metadata.",
-          "httpMethod": "PATCH",
-          "id": "storage.objects.patch",
-          "parameterOrder": [
-            "bucket",
-            "object"
-          ],
-          "parameters": {
-            "bucket": {
-              "description": "Name of the bucket in which the object resides.",
-              "location": "path",
-              "required": true,
-              "type": "string"
-            },
-            "generation": {
-              "description": "If present, selects a specific revision of this object (as opposed to the latest version, the default).",
-              "format": "int64",
-              "location": "query",
-              "type": "string"
-            },
-            "ifGenerationMatch": {
-              "description": "Makes the operation conditional on whether the object's current generation matches the given value. Setting to 0 makes the operation succeed only if there are no live versions of the object.",
-              "format": "int64",
-              "location": "query",
-              "type": "string"
-            },
-            "ifGenerationNotMatch": {
-              "description": "Makes the operation conditional on whether the object's current generation does not match the given value. If no live object exists, the precondition fails. Setting to 0 makes the operation succeed only if there is a live version of the object.",
-              "format": "int64",
-              "location": "query",
-              "type": "string"
-            },
-            "ifMetagenerationMatch": {
-              "description": "Makes the operation conditional on whether the object's current metageneration matches the given value.",
-              "format": "int64",
-              "location": "query",
-              "type": "string"
-            },
-            "ifMetagenerationNotMatch": {
-              "description": "Makes the operation conditional on whether the object's current metageneration does not match the given value.",
-              "format": "int64",
-              "location": "query",
-              "type": "string"
-            },
-            "object": {
-              "description": "Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.",
-              "location": "path",
-              "required": true,
-              "type": "string"
-            },
-            "predefinedAcl": {
-              "description": "Apply a predefined set of access controls to this object.",
-              "enum": [
-                "authenticatedRead",
-                "bucketOwnerFullControl",
-                "bucketOwnerRead",
-                "private",
-                "projectPrivate",
-                "publicRead"
-              ],
-              "enumDescriptions": [
-                "Object owner gets OWNER access, and allAuthenticatedUsers get READER access.",
-                "Object owner gets OWNER access, and project team owners get OWNER access.",
-                "Object owner gets OWNER access, and project team owners get READER access.",
-                "Object owner gets OWNER access.",
-                "Object owner gets OWNER access, and project team members get access according to their roles.",
-                "Object owner gets OWNER access, and allUsers get READER access."
-              ],
-              "location": "query",
-              "type": "string"
-            },
-            "projection": {
-              "description": "Set of properties to return. Defaults to full.",
-              "enum": [
-                "full",
-                "noAcl"
-              ],
-              "enumDescriptions": [
-                "Include all properties.",
-                "Omit the owner, acl property."
-              ],
-              "location": "query",
-              "type": "string"
-            },
-            "userProject": {
-              "description": "The project to be billed for this request, for Requester Pays buckets.",
-              "location": "query",
-              "type": "string"
-            }
-          },
-          "path": "b/{bucket}/o/{object}",
-          "request": {
-            "$ref": "Object"
-          },
-          "response": {
-            "$ref": "Object"
-          },
-          "scopes": [
-            "https://www.googleapis.com/auth/cloud-platform",
-            "https://www.googleapis.com/auth/devstorage.full_control"
-          ]
-        },
-        "rewrite": {
-          "description": "Rewrites a source object to a destination object. Optionally overrides metadata.",
-          "httpMethod": "POST",
-          "id": "storage.objects.rewrite",
-          "parameterOrder": [
-            "sourceBucket",
-            "sourceObject",
-            "destinationBucket",
-            "destinationObject"
-          ],
-          "parameters": {
-            "destinationBucket": {
-              "description": "Name of the bucket in which to store the new object. Overrides the provided object metadata's bucket value, if any.",
-              "location": "path",
-              "required": true,
-              "type": "string"
-            },
-            "destinationKmsKeyName": {
-              "description": "Resource name of the Cloud KMS key, of the form projects/my-project/locations/global/keyRings/my-kr/cryptoKeys/my-key, that will be used to encrypt the object. Overrides the object metadata's kms_key_name value, if any.",
-              "location": "query",
-              "type": "string"
-            },
-            "destinationObject": {
-              "description": "Name of the new object. Required when the object metadata is not otherwise provided. Overrides the object metadata's name value, if any. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.",
-              "location": "path",
-              "required": true,
-              "type": "string"
-            },
-            "destinationPredefinedAcl": {
-              "description": "Apply a predefined set of access controls to the destination object.",
-              "enum": [
-                "authenticatedRead",
-                "bucketOwnerFullControl",
-                "bucketOwnerRead",
-                "private",
-                "projectPrivate",
-                "publicRead"
-              ],
-              "enumDescriptions": [
-                "Object owner gets OWNER access, and allAuthenticatedUsers get READER access.",
-                "Object owner gets OWNER access, and project team owners get OWNER access.",
-                "Object owner gets OWNER access, and project team owners get READER access.",
-                "Object owner gets OWNER access.",
-                "Object owner gets OWNER access, and project team members get access according to their roles.",
-                "Object owner gets OWNER access, and allUsers get READER access."
-              ],
-              "location": "query",
-              "type": "string"
-            },
-            "ifGenerationMatch": {
-              "description": "Makes the operation conditional on whether the object's current generation matches the given value. Setting to 0 makes the operation succeed only if there are no live versions of the object.",
-              "format": "int64",
-              "location": "query",
-              "type": "string"
-            },
-            "ifGenerationNotMatch": {
-              "description": "Makes the operation conditional on whether the object's current generation does not match the given value. If no live object exists, the precondition fails. Setting to 0 makes the operation succeed only if there is a live version of the object.",
-              "format": "int64",
-              "location": "query",
-              "type": "string"
-            },
-            "ifMetagenerationMatch": {
-              "description": "Makes the operation conditional on whether the destination object's current metageneration matches the given value.",
-              "format": "int64",
-              "location": "query",
-              "type": "string"
-            },
-            "ifMetagenerationNotMatch": {
-              "description": "Makes the operation conditional on whether the destination object's current metageneration does not match the given value.",
-              "format": "int64",
-              "location": "query",
-              "type": "string"
-            },
-            "ifSourceGenerationMatch": {
-              "description": "Makes the operation conditional on whether the source object's current generation matches the given value.",
-              "format": "int64",
-              "location": "query",
-              "type": "string"
-            },
-            "ifSourceGenerationNotMatch": {
-              "description": "Makes the operation conditional on whether the source object's current generation does not match the given value.",
-              "format": "int64",
-              "location": "query",
-              "type": "string"
-            },
-            "ifSourceMetagenerationMatch": {
-              "description": "Makes the operation conditional on whether the source object's current metageneration matches the given value.",
-              "format": "int64",
-              "location": "query",
-              "type": "string"
-            },
-            "ifSourceMetagenerationNotMatch": {
-              "description": "Makes the operation conditional on whether the source object's current metageneration does not match the given value.",
-              "format": "int64",
-              "location": "query",
-              "type": "string"
-            },
-            "maxBytesRewrittenPerCall": {
-              "description": "The maximum number of bytes that will be rewritten per rewrite request. Most callers shouldn't need to specify this parameter - it is primarily in place to support testing. If specified the value must be an integral multiple of 1 MiB (1048576). Also, this only applies to requests where the source and destination span locations and/or storage classes. Finally, this value must not change across rewrite calls else you'll get an error that the rewriteToken is invalid.",
-              "format": "int64",
-              "location": "query",
-              "type": "string"
-            },
-            "projection": {
-              "description": "Set of properties to return. Defaults to noAcl, unless the object resource specifies the acl property, when it defaults to full.",
-              "enum": [
-                "full",
-                "noAcl"
-              ],
-              "enumDescriptions": [
-                "Include all properties.",
-                "Omit the owner, acl property."
-              ],
-              "location": "query",
-              "type": "string"
-            },
-            "rewriteToken": {
-              "description": "Include this field (from the previous rewrite response) on each rewrite request after the first one, until the rewrite response 'done' flag is true. Calls that provide a rewriteToken can omit all other request fields, but if included those fields must match the values provided in the first rewrite request.",
-              "location": "query",
-              "type": "string"
-            },
-            "sourceBucket": {
-              "description": "Name of the bucket in which to find the source object.",
-              "location": "path",
-              "required": true,
-              "type": "string"
-            },
-            "sourceGeneration": {
-              "description": "If present, selects a specific revision of the source object (as opposed to the latest version, the default).",
-              "format": "int64",
-              "location": "query",
-              "type": "string"
-            },
-            "sourceObject": {
-              "description": "Name of the source object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.",
-              "location": "path",
-              "required": true,
-              "type": "string"
-            },
-            "userProject": {
-              "description": "The project to be billed for this request. Required for Requester Pays buckets.",
-              "location": "query",
-              "type": "string"
-            }
-          },
-          "path": "b/{sourceBucket}/o/{sourceObject}/rewriteTo/b/{destinationBucket}/o/{destinationObject}",
-          "request": {
-            "$ref": "Object"
-          },
-          "response": {
-            "$ref": "RewriteResponse"
-          },
-          "scopes": [
-            "https://www.googleapis.com/auth/cloud-platform",
-            "https://www.googleapis.com/auth/devstorage.full_control",
-            "https://www.googleapis.com/auth/devstorage.read_write"
-          ]
-        },
-        "setIamPolicy": {
-          "description": "Updates an IAM policy for the specified object.",
-          "httpMethod": "PUT",
-          "id": "storage.objects.setIamPolicy",
-          "parameterOrder": [
-            "bucket",
-            "object"
-          ],
-          "parameters": {
-            "bucket": {
-              "description": "Name of the bucket in which the object resides.",
-              "location": "path",
-              "required": true,
-              "type": "string"
-            },
-            "generation": {
-              "description": "If present, selects a specific revision of this object (as opposed to the latest version, the default).",
-              "format": "int64",
-              "location": "query",
-              "type": "string"
-            },
-            "object": {
-              "description": "Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.",
-              "location": "path",
-              "required": true,
-              "type": "string"
-            },
-            "userProject": {
-              "description": "The project to be billed for this request. Required for Requester Pays buckets.",
-              "location": "query",
-              "type": "string"
-            }
-          },
-          "path": "b/{bucket}/o/{object}/iam",
-          "request": {
-            "$ref": "Policy"
-          },
-          "response": {
-            "$ref": "Policy"
-          },
-          "scopes": [
-            "https://www.googleapis.com/auth/cloud-platform",
-            "https://www.googleapis.com/auth/devstorage.full_control",
-            "https://www.googleapis.com/auth/devstorage.read_write"
-          ]
-        },
-        "testIamPermissions": {
-          "description": "Tests a set of permissions on the given object to see which, if any, are held by the caller.",
-          "httpMethod": "GET",
-          "id": "storage.objects.testIamPermissions",
-          "parameterOrder": [
-            "bucket",
-            "object",
-            "permissions"
-          ],
-          "parameters": {
-            "bucket": {
-              "description": "Name of the bucket in which the object resides.",
-              "location": "path",
-              "required": true,
-              "type": "string"
-            },
-            "generation": {
-              "description": "If present, selects a specific revision of this object (as opposed to the latest version, the default).",
-              "format": "int64",
-              "location": "query",
-              "type": "string"
-            },
-            "object": {
-              "description": "Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.",
-              "location": "path",
-              "required": true,
-              "type": "string"
-            },
-            "permissions": {
-              "description": "Permissions to test.",
-              "location": "query",
-              "repeated": true,
-              "required": true,
-              "type": "string"
-            },
-            "userProject": {
-              "description": "The project to be billed for this request. Required for Requester Pays buckets.",
-              "location": "query",
-              "type": "string"
-            }
-          },
-          "path": "b/{bucket}/o/{object}/iam/testPermissions",
-          "response": {
-            "$ref": "TestIamPermissionsResponse"
-          },
-          "scopes": [
-            "https://www.googleapis.com/auth/cloud-platform",
-            "https://www.googleapis.com/auth/cloud-platform.read-only",
-            "https://www.googleapis.com/auth/devstorage.full_control",
-            "https://www.googleapis.com/auth/devstorage.read_only",
-            "https://www.googleapis.com/auth/devstorage.read_write"
-          ]
-        },
-        "update": {
-          "description": "Updates an object's metadata.",
-          "httpMethod": "PUT",
-          "id": "storage.objects.update",
-          "parameterOrder": [
-            "bucket",
-            "object"
-          ],
-          "parameters": {
-            "bucket": {
-              "description": "Name of the bucket in which the object resides.",
-              "location": "path",
-              "required": true,
-              "type": "string"
-            },
-            "generation": {
-              "description": "If present, selects a specific revision of this object (as opposed to the latest version, the default).",
-              "format": "int64",
-              "location": "query",
-              "type": "string"
-            },
-            "ifGenerationMatch": {
-              "description": "Makes the operation conditional on whether the object's current generation matches the given value. Setting to 0 makes the operation succeed only if there are no live versions of the object.",
-              "format": "int64",
-              "location": "query",
-              "type": "string"
-            },
-            "ifGenerationNotMatch": {
-              "description": "Makes the operation conditional on whether the object's current generation does not match the given value. If no live object exists, the precondition fails. Setting to 0 makes the operation succeed only if there is a live version of the object.",
-              "format": "int64",
-              "location": "query",
-              "type": "string"
-            },
-            "ifMetagenerationMatch": {
-              "description": "Makes the operation conditional on whether the object's current metageneration matches the given value.",
-              "format": "int64",
-              "location": "query",
-              "type": "string"
-            },
-            "ifMetagenerationNotMatch": {
-              "description": "Makes the operation conditional on whether the object's current metageneration does not match the given value.",
-              "format": "int64",
-              "location": "query",
-              "type": "string"
-            },
-            "object": {
-              "description": "Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.",
-              "location": "path",
-              "required": true,
-              "type": "string"
-            },
-            "predefinedAcl": {
-              "description": "Apply a predefined set of access controls to this object.",
-              "enum": [
-                "authenticatedRead",
-                "bucketOwnerFullControl",
-                "bucketOwnerRead",
-                "private",
-                "projectPrivate",
-                "publicRead"
-              ],
-              "enumDescriptions": [
-                "Object owner gets OWNER access, and allAuthenticatedUsers get READER access.",
-                "Object owner gets OWNER access, and project team owners get OWNER access.",
-                "Object owner gets OWNER access, and project team owners get READER access.",
-                "Object owner gets OWNER access.",
-                "Object owner gets OWNER access, and project team members get access according to their roles.",
-                "Object owner gets OWNER access, and allUsers get READER access."
-              ],
-              "location": "query",
-              "type": "string"
-            },
-            "projection": {
-              "description": "Set of properties to return. Defaults to full.",
-              "enum": [
-                "full",
-                "noAcl"
-              ],
-              "enumDescriptions": [
-                "Include all properties.",
-                "Omit the owner, acl property."
-              ],
-              "location": "query",
-              "type": "string"
-            },
-            "userProject": {
-              "description": "The project to be billed for this request. Required for Requester Pays buckets.",
-              "location": "query",
-              "type": "string"
-            }
-          },
-          "path": "b/{bucket}/o/{object}",
-          "request": {
-            "$ref": "Object"
-          },
-          "response": {
-            "$ref": "Object"
-          },
-          "scopes": [
-            "https://www.googleapis.com/auth/cloud-platform",
-            "https://www.googleapis.com/auth/devstorage.full_control"
-          ]
-        },
-        "watchAll": {
-          "description": "Watch for changes on all objects in a bucket.",
-          "httpMethod": "POST",
-          "id": "storage.objects.watchAll",
-          "parameterOrder": [
-            "bucket"
-          ],
-          "parameters": {
-            "bucket": {
-              "description": "Name of the bucket in which to look for objects.",
-              "location": "path",
-              "required": true,
-              "type": "string"
-            },
-            "delimiter": {
-              "description": "Returns results in a directory-like mode. items will contain only objects whose names, aside from the prefix, do not contain delimiter. Objects whose names, aside from the prefix, contain delimiter will have their name, truncated after the delimiter, returned in prefixes. Duplicate prefixes are omitted.",
-              "location": "query",
-              "type": "string"
-            },
-            "endOffset": {
-              "description": "Filter results to objects whose names are lexicographically before endOffset. If startOffset is also set, the objects listed will have names between startOffset (inclusive) and endOffset (exclusive).",
-              "location": "query",
-              "type": "string"
-            },
-            "includeTrailingDelimiter": {
-              "description": "If true, objects that end in exactly one instance of delimiter will have their metadata included in items in addition to prefixes.",
-              "location": "query",
-              "type": "boolean"
-            },
-            "maxResults": {
-              "default": "1000",
-              "description": "Maximum number of items plus prefixes to return in a single page of responses. As duplicate prefixes are omitted, fewer total results may be returned than requested. The service will use this parameter or 1,000 items, whichever is smaller.",
-              "format": "uint32",
-              "location": "query",
-              "minimum": "0",
-              "type": "integer"
-            },
-            "pageToken": {
-              "description": "A previously-returned page token representing part of the larger set of results to view.",
-              "location": "query",
-              "type": "string"
-            },
-            "prefix": {
-              "description": "Filter results to objects whose names begin with this prefix.",
-              "location": "query",
-              "type": "string"
-            },
-            "projection": {
-              "description": "Set of properties to return. Defaults to noAcl.",
-              "enum": [
-                "full",
-                "noAcl"
-              ],
-              "enumDescriptions": [
-                "Include all properties.",
-                "Omit the owner, acl property."
-              ],
-              "location": "query",
-              "type": "string"
-            },
-            "startOffset": {
-              "description": "Filter results to objects whose names are lexicographically equal to or after startOffset. If endOffset is also set, the objects listed will have names between startOffset (inclusive) and endOffset (exclusive).",
-              "location": "query",
-              "type": "string"
-            },
-            "userProject": {
-              "description": "The project to be billed for this request. Required for Requester Pays buckets.",
-              "location": "query",
-              "type": "string"
-            },
-            "versions": {
-              "description": "If true, lists all versions of an object as distinct results. The default is false. For more information, see Object Versioning.",
-              "location": "query",
-              "type": "boolean"
-            }
-          },
-          "path": "b/{bucket}/o/watch",
-          "request": {
-            "$ref": "Channel",
-            "parameterName": "resource"
-          },
-          "response": {
-            "$ref": "Channel"
-          },
-          "scopes": [
-            "https://www.googleapis.com/auth/cloud-platform",
-            "https://www.googleapis.com/auth/cloud-platform.read-only",
-            "https://www.googleapis.com/auth/devstorage.full_control",
-            "https://www.googleapis.com/auth/devstorage.read_only",
-            "https://www.googleapis.com/auth/devstorage.read_write"
-          ],
-          "supportsSubscription": true
-        }
-      }
-    },
-    "projects": {
-      "resources": {
-        "hmacKeys": {
-          "methods": {
-            "create": {
-              "description": "Creates a new HMAC key for the specified service account.",
-              "httpMethod": "POST",
-              "id": "storage.projects.hmacKeys.create",
-              "parameterOrder": [
-                "projectId",
-                "serviceAccountEmail"
-              ],
-              "parameters": {
-                "projectId": {
-                  "description": "Project ID owning the service account.",
-                  "location": "path",
-                  "required": true,
-                  "type": "string"
-                },
-                "serviceAccountEmail": {
-                  "description": "Email address of the service account.",
-                  "location": "query",
-                  "required": true,
-                  "type": "string"
-                },
-                "userProject": {
-                  "description": "The project to be billed for this request.",
-                  "location": "query",
-                  "type": "string"
-                }
-              },
-              "path": "projects/{projectId}/hmacKeys",
-              "response": {
-                "$ref": "HmacKey"
-              },
-              "scopes": [
-                "https://www.googleapis.com/auth/cloud-platform",
-                "https://www.googleapis.com/auth/devstorage.full_control"
-              ]
-            },
-            "delete": {
-              "description": "Deletes an HMAC key.",
-              "httpMethod": "DELETE",
-              "id": "storage.projects.hmacKeys.delete",
-              "parameterOrder": [
-                "projectId",
-                "accessId"
-              ],
-              "parameters": {
-                "accessId": {
-                  "description": "Name of the HMAC key to be deleted.",
-                  "location": "path",
-                  "required": true,
-                  "type": "string"
-                },
-                "projectId": {
-                  "description": "Project ID owning the requested key",
-                  "location": "path",
-                  "required": true,
-                  "type": "string"
-                },
-                "userProject": {
-                  "description": "The project to be billed for this request.",
-                  "location": "query",
-                  "type": "string"
-                }
-              },
-              "path": "projects/{projectId}/hmacKeys/{accessId}",
-              "scopes": [
-                "https://www.googleapis.com/auth/cloud-platform",
-                "https://www.googleapis.com/auth/devstorage.full_control",
-                "https://www.googleapis.com/auth/devstorage.read_write"
-              ]
-            },
-            "get": {
-              "description": "Retrieves an HMAC key's metadata",
-              "httpMethod": "GET",
-              "id": "storage.projects.hmacKeys.get",
-              "parameterOrder": [
-                "projectId",
-                "accessId"
-              ],
-              "parameters": {
-                "accessId": {
-                  "description": "Name of the HMAC key.",
-                  "location": "path",
-                  "required": true,
-                  "type": "string"
-                },
-                "projectId": {
-                  "description": "Project ID owning the service account of the requested key.",
-                  "location": "path",
-                  "required": true,
-                  "type": "string"
-                },
-                "userProject": {
-                  "description": "The project to be billed for this request.",
-                  "location": "query",
-                  "type": "string"
-                }
-              },
-              "path": "projects/{projectId}/hmacKeys/{accessId}",
-              "response": {
-                "$ref": "HmacKeyMetadata"
-              },
-              "scopes": [
-                "https://www.googleapis.com/auth/cloud-platform",
-                "https://www.googleapis.com/auth/cloud-platform.read-only",
-                "https://www.googleapis.com/auth/devstorage.full_control",
-                "https://www.googleapis.com/auth/devstorage.read_only"
-              ]
-            },
-            "list": {
-              "description": "Retrieves a list of HMAC keys matching the criteria.",
-              "httpMethod": "GET",
-              "id": "storage.projects.hmacKeys.list",
-              "parameterOrder": [
-                "projectId"
-              ],
-              "parameters": {
-                "maxResults": {
-                  "default": "250",
-                  "description": "Maximum number of items to return in a single page of responses. The service uses this parameter or 250 items, whichever is smaller. The max number of items per page will also be limited by the number of distinct service accounts in the response. If the number of service accounts in a single response is too high, the page will truncated and a next page token will be returned.",
-                  "format": "uint32",
-                  "location": "query",
-                  "minimum": "0",
-                  "type": "integer"
-                },
-                "pageToken": {
-                  "description": "A previously-returned page token representing part of the larger set of results to view.",
-                  "location": "query",
-                  "type": "string"
-                },
-                "projectId": {
-                  "description": "Name of the project in which to look for HMAC keys.",
-                  "location": "path",
-                  "required": true,
-                  "type": "string"
-                },
-                "serviceAccountEmail": {
-                  "description": "If present, only keys for the given service account are returned.",
-                  "location": "query",
-                  "type": "string"
-                },
-                "showDeletedKeys": {
-                  "description": "Whether or not to show keys in the DELETED state.",
-                  "location": "query",
-                  "type": "boolean"
-                },
-                "userProject": {
-                  "description": "The project to be billed for this request.",
-                  "location": "query",
-                  "type": "string"
-                }
-              },
-              "path": "projects/{projectId}/hmacKeys",
-              "response": {
-                "$ref": "HmacKeysMetadata"
-              },
-              "scopes": [
-                "https://www.googleapis.com/auth/cloud-platform",
-                "https://www.googleapis.com/auth/cloud-platform.read-only",
-                "https://www.googleapis.com/auth/devstorage.full_control",
-                "https://www.googleapis.com/auth/devstorage.read_only"
-              ]
-            },
-            "update": {
-              "description": "Updates the state of an HMAC key. See the HMAC Key resource descriptor for valid states.",
-              "httpMethod": "PUT",
-              "id": "storage.projects.hmacKeys.update",
-              "parameterOrder": [
-                "projectId",
-                "accessId"
-              ],
-              "parameters": {
-                "accessId": {
-                  "description": "Name of the HMAC key being updated.",
-                  "location": "path",
-                  "required": true,
-                  "type": "string"
-                },
-                "projectId": {
-                  "description": "Project ID owning the service account of the updated key.",
-                  "location": "path",
-                  "required": true,
-                  "type": "string"
-                },
-                "userProject": {
-                  "description": "The project to be billed for this request.",
-                  "location": "query",
-                  "type": "string"
-                }
-              },
-              "path": "projects/{projectId}/hmacKeys/{accessId}",
-              "request": {
-                "$ref": "HmacKeyMetadata"
-              },
-              "response": {
-                "$ref": "HmacKeyMetadata"
-              },
-              "scopes": [
-                "https://www.googleapis.com/auth/cloud-platform",
-                "https://www.googleapis.com/auth/devstorage.full_control"
-              ]
-            }
-          }
-        },
-        "serviceAccount": {
-          "methods": {
-            "get": {
-              "description": "Get the email address of this project's Google Cloud Storage service account.",
-              "httpMethod": "GET",
-              "id": "storage.projects.serviceAccount.get",
-              "parameterOrder": [
-                "projectId"
-              ],
-              "parameters": {
-                "projectId": {
-                  "description": "Project ID",
-                  "location": "path",
-                  "required": true,
-                  "type": "string"
-                },
-                "userProject": {
-                  "description": "The project to be billed for this request.",
-                  "location": "query",
-                  "type": "string"
-                }
-              },
-              "path": "projects/{projectId}/serviceAccount",
-              "response": {
-                "$ref": "ServiceAccount"
-              },
-              "scopes": [
-                "https://www.googleapis.com/auth/cloud-platform",
-                "https://www.googleapis.com/auth/cloud-platform.read-only",
-                "https://www.googleapis.com/auth/devstorage.full_control",
-                "https://www.googleapis.com/auth/devstorage.read_only",
-                "https://www.googleapis.com/auth/devstorage.read_write"
-              ]
-            }
-          }
-        }
-      }
-    }
-  },
-  "revision": "20230301",
-  "rootUrl": "https://storage.googleapis.com/",
-  "schemas": {
-    "Bucket": {
-      "description": "A bucket.",
-      "id": "Bucket",
-      "properties": {
-        "acl": {
-          "annotations": {
-            "required": [
-              "storage.buckets.update"
-            ]
-          },
-          "description": "Access controls on the bucket.",
-          "items": {
-            "$ref": "BucketAccessControl"
-          },
-          "type": "array"
-        },
-        "autoclass": {
-          "description": "The bucket's Autoclass configuration.",
-          "properties": {
-            "enabled": {
-              "description": "Whether or not Autoclass is enabled on this bucket",
-              "type": "boolean"
-            },
-            "toggleTime": {
-              "description": "A date and time in RFC 3339 format representing the instant at which \"enabled\" was last toggled.",
-              "format": "date-time",
-              "type": "string"
-            }
-          },
-          "type": "object"
-        },
-        "billing": {
-          "description": "The bucket's billing configuration.",
-          "properties": {
-            "requesterPays": {
-              "description": "When set to true, Requester Pays is enabled for this bucket.",
-              "type": "boolean"
-            }
-          },
-          "type": "object"
-        },
-        "cors": {
-          "description": "The bucket's Cross-Origin Resource Sharing (CORS) configuration.",
-          "items": {
-            "properties": {
-              "maxAgeSeconds": {
-                "description": "The value, in seconds, to return in the  Access-Control-Max-Age header used in preflight responses.",
-                "format": "int32",
-                "type": "integer"
-              },
-              "method": {
-                "description": "The list of HTTP methods on which to include CORS response headers, (GET, OPTIONS, POST, etc) Note: \"*\" is permitted in the list of methods, and means \"any method\".",
-                "items": {
-                  "type": "string"
-                },
-                "type": "array"
-              },
-              "origin": {
-                "description": "The list of Origins eligible to receive CORS response headers. Note: \"*\" is permitted in the list of origins, and means \"any Origin\".",
-                "items": {
-                  "type": "string"
-                },
-                "type": "array"
-              },
-              "responseHeader": {
-                "description": "The list of HTTP headers other than the simple response headers to give permission for the user-agent to share across domains.",
-                "items": {
-                  "type": "string"
-                },
-                "type": "array"
-              }
-            },
-            "type": "object"
-          },
-          "type": "array"
-        },
-        "customPlacementConfig": {
-          "description": "The bucket's custom placement configuration for Custom Dual Regions.",
-          "properties": {
-            "dataLocations": {
-              "description": "The list of regional locations in which data is placed.",
-              "items": {
-                "type": "string"
-              },
-              "type": "array"
-            }
-          },
-          "type": "object"
-        },
-        "defaultEventBasedHold": {
-          "description": "The default value for event-based hold on newly created objects in this bucket. Event-based hold is a way to retain objects indefinitely until an event occurs, signified by the hold's release. After being released, such objects will be subject to bucket-level retention (if any). One sample use case of this flag is for banks to hold loan documents for at least 3 years after loan is paid in full. Here, bucket-level retention is 3 years and the event is loan being paid in full. In this example, these objects will be held intact for any number of years until the event has occurred (event-based hold on the object is released) and then 3 more years after that. That means retention duration of the objects begins from the moment event-based hold transitioned from true to false. Objects under event-based hold cannot be deleted, overwritten or archived until the hold is removed.",
-          "type": "boolean"
-        },
-        "defaultObjectAcl": {
-          "description": "Default access controls to apply to new objects when no ACL is provided.",
-          "items": {
-            "$ref": "ObjectAccessControl"
-          },
-          "type": "array"
-        },
-        "encryption": {
-          "description": "Encryption configuration for a bucket.",
-          "properties": {
-            "defaultKmsKeyName": {
-              "description": "A Cloud KMS key that will be used to encrypt objects inserted into this bucket, if no encryption method is specified.",
-              "type": "string"
-            }
-          },
-          "type": "object"
-        },
-        "etag": {
-          "description": "HTTP 1.1 Entity tag for the bucket.",
-          "type": "string"
-        },
-        "iamConfiguration": {
-          "description": "The bucket's IAM configuration.",
-          "properties": {
-            "bucketPolicyOnly": {
-              "description": "The bucket's uniform bucket-level access configuration. The feature was formerly known as Bucket Policy Only. For backward compatibility, this field will be populated with identical information as the uniformBucketLevelAccess field. We recommend using the uniformBucketLevelAccess field to enable and disable the feature.",
-              "properties": {
-                "enabled": {
-                  "description": "If set, access is controlled only by bucket-level or above IAM policies.",
-                  "type": "boolean"
-                },
-                "lockedTime": {
-                  "description": "The deadline for changing iamConfiguration.bucketPolicyOnly.enabled from true to false in RFC 3339 format. iamConfiguration.bucketPolicyOnly.enabled may be changed from true to false until the locked time, after which the field is immutable.",
-                  "format": "date-time",
-                  "type": "string"
-                }
-              },
-              "type": "object"
-            },
-            "publicAccessPrevention": {
-              "description": "The bucket's Public Access Prevention configuration. Currently, 'inherited' and 'enforced' are supported.",
-              "type": "string"
-            },
-            "uniformBucketLevelAccess": {
-              "description": "The bucket's uniform bucket-level access configuration.",
-              "properties": {
-                "enabled": {
-                  "description": "If set, access is controlled only by bucket-level or above IAM policies.",
-                  "type": "boolean"
-                },
-                "lockedTime": {
-                  "description": "The deadline for changing iamConfiguration.uniformBucketLevelAccess.enabled from true to false in RFC 3339  format. iamConfiguration.uniformBucketLevelAccess.enabled may be changed from true to false until the locked time, after which the field is immutable.",
-                  "format": "date-time",
-                  "type": "string"
-                }
-              },
-              "type": "object"
-            }
-          },
-          "type": "object"
-        },
-        "id": {
-          "description": "The ID of the bucket. For buckets, the id and name properties are the same.",
-          "type": "string"
-        },
-        "kind": {
-          "default": "storage#bucket",
-          "description": "The kind of item this is. For buckets, this is always storage#bucket.",
-          "type": "string"
-        },
-        "labels": {
-          "additionalProperties": {
-            "description": "An individual label entry.",
-            "type": "string"
-          },
-          "description": "User-provided labels, in key/value pairs.",
-          "type": "object"
-        },
-        "lifecycle": {
-          "description": "The bucket's lifecycle configuration. See lifecycle management for more information.",
-          "properties": {
-            "rule": {
-              "description": "A lifecycle management rule, which is made of an action to take and the condition(s) under which the action will be taken.",
-              "items": {
-                "properties": {
-                  "action": {
-                    "description": "The action to take.",
-                    "properties": {
-                      "storageClass": {
-                        "description": "Target storage class. Required iff the type of the action is SetStorageClass.",
-                        "type": "string"
-                      },
-                      "type": {
-                        "description": "Type of the action. Currently, only Delete, SetStorageClass, and AbortIncompleteMultipartUpload are supported.",
-                        "type": "string"
-                      }
-                    },
-                    "type": "object"
-                  },
-                  "condition": {
-                    "description": "The condition(s) under which the action will be taken.",
-                    "properties": {
-                      "age": {
-                        "description": "Age of an object (in days). This condition is satisfied when an object reaches the specified age.",
-                        "format": "int32",
-                        "type": "integer"
-                      },
-                      "createdBefore": {
-                        "description": "A date in RFC 3339 format with only the date part (for instance, \"2013-01-15\"). This condition is satisfied when an object is created before midnight of the specified date in UTC.",
-                        "format": "date",
-                        "type": "string"
-                      },
-                      "customTimeBefore": {
-                        "description": "A date in RFC 3339 format with only the date part (for instance, \"2013-01-15\"). This condition is satisfied when the custom time on an object is before this date in UTC.",
-                        "format": "date",
-                        "type": "string"
-                      },
-                      "daysSinceCustomTime": {
-                        "description": "Number of days elapsed since the user-specified timestamp set on an object. The condition is satisfied if the days elapsed is at least this number. If no custom timestamp is specified on an object, the condition does not apply.",
-                        "format": "int32",
-                        "type": "integer"
-                      },
-                      "daysSinceNoncurrentTime": {
-                        "description": "Number of days elapsed since the noncurrent timestamp of an object. The condition is satisfied if the days elapsed is at least this number. This condition is relevant only for versioned objects. The value of the field must be a nonnegative integer. If it's zero, the object version will become eligible for Lifecycle action as soon as it becomes noncurrent.",
-                        "format": "int32",
-                        "type": "integer"
-                      },
-                      "isLive": {
-                        "description": "Relevant only for versioned objects. If the value is true, this condition matches live objects; if the value is false, it matches archived objects.",
-                        "type": "boolean"
-                      },
-                      "matchesPattern": {
-                        "description": "A regular expression that satisfies the RE2 syntax. This condition is satisfied when the name of the object matches the RE2 pattern. Note: This feature is currently in the \"Early Access\" launch stage and is only available to a whitelisted set of users; that means that this feature may be changed in backward-incompatible ways and that it is not guaranteed to be released.",
-                        "type": "string"
-                      },
-                      "matchesPrefix": {
-                        "description": "List of object name prefixes. This condition will be satisfied when at least one of the prefixes exactly matches the beginning of the object name.",
-                        "items": {
-                          "type": "string"
-                        },
-                        "type": "array"
-                      },
-                      "matchesStorageClass": {
-                        "description": "Objects having any of the storage classes specified by this condition will be matched. Values include MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, ARCHIVE, STANDARD, and DURABLE_REDUCED_AVAILABILITY.",
-                        "items": {
-                          "type": "string"
-                        },
-                        "type": "array"
-                      },
-                      "matchesSuffix": {
-                        "description": "List of object name suffixes. This condition will be satisfied when at least one of the suffixes exactly matches the end of the object name.",
-                        "items": {
-                          "type": "string"
-                        },
-                        "type": "array"
-                      },
-                      "noncurrentTimeBefore": {
-                        "description": "A date in RFC 3339 format with only the date part (for instance, \"2013-01-15\"). This condition is satisfied when the noncurrent time on an object is before this date in UTC. This condition is relevant only for versioned objects.",
-                        "format": "date",
-                        "type": "string"
-                      },
-                      "numNewerVersions": {
-                        "description": "Relevant only for versioned objects. If the value is N, this condition is satisfied when there are at least N versions (including the live version) newer than this version of the object.",
-                        "format": "int32",
-                        "type": "integer"
-                      }
-                    },
-                    "type": "object"
-                  }
-                },
-                "type": "object"
-              },
-              "type": "array"
-            }
-          },
-          "type": "object"
-        },
-        "location": {
-          "description": "The location of the bucket. Object data for objects in the bucket resides in physical storage within this region. Defaults to US. See the developer's guide for the authoritative list.",
-          "type": "string"
-        },
-        "locationType": {
-          "description": "The type of the bucket location.",
-          "type": "string"
-        },
-        "logging": {
-          "description": "The bucket's logging configuration, which defines the destination bucket and optional name prefix for the current bucket's logs.",
-          "properties": {
-            "logBucket": {
-              "description": "The destination bucket where the current bucket's logs should be placed.",
-              "type": "string"
-            },
-            "logObjectPrefix": {
-              "description": "A prefix for log object names.",
-              "type": "string"
-            }
-          },
-          "type": "object"
-        },
-        "metageneration": {
-          "description": "The metadata generation of this bucket.",
-          "format": "int64",
-          "type": "string"
-        },
-        "name": {
-          "annotations": {
-            "required": [
-              "storage.buckets.insert"
-            ]
-          },
-          "description": "The name of the bucket.",
-          "type": "string"
-        },
-        "owner": {
-          "description": "The owner of the bucket. This is always the project team's owner group.",
-          "properties": {
-            "entity": {
-              "description": "The entity, in the form project-owner-projectId.",
-              "type": "string"
-            },
-            "entityId": {
-              "description": "The ID for the entity.",
-              "type": "string"
-            }
-          },
-          "type": "object"
-        },
-        "projectNumber": {
-          "description": "The project number of the project the bucket belongs to.",
-          "format": "uint64",
-          "type": "string"
-        },
-        "retentionPolicy": {
-          "description": "The bucket's retention policy. The retention policy enforces a minimum retention time for all objects contained in the bucket, based on their creation time. Any attempt to overwrite or delete objects younger than the retention period will result in a PERMISSION_DENIED error. An unlocked retention policy can be modified or removed from the bucket via a storage.buckets.update operation. A locked retention policy cannot be removed or shortened in duration for the lifetime of the bucket. Attempting to remove or decrease period of a locked retention policy will result in a PERMISSION_DENIED error.",
-          "properties": {
-            "effectiveTime": {
-              "description": "Server-determined value that indicates the time from which policy was enforced and effective. This value is in RFC 3339 format.",
-              "format": "date-time",
-              "type": "string"
-            },
-            "isLocked": {
-              "description": "Once locked, an object retention policy cannot be modified.",
-              "type": "boolean"
-            },
-            "retentionPeriod": {
-              "description": "The duration in seconds that objects need to be retained. Retention duration must be greater than zero and less than 100 years. Note that enforcement of retention periods less than a day is not guaranteed. Such periods should only be used for testing purposes.",
-              "format": "int64",
-              "type": "string"
-            }
-          },
-          "type": "object"
-        },
-        "rpo": {
-          "description": "The Recovery Point Objective (RPO) of this bucket. Set to ASYNC_TURBO to turn on Turbo Replication on a bucket.",
-          "type": "string"
-        },
-        "satisfiesPZS": {
-          "description": "Reserved for future use.",
-          "type": "boolean"
-        },
-        "selfLink": {
-          "description": "The URI of this bucket.",
-          "type": "string"
-        },
-        "storageClass": {
-          "description": "The bucket's default storage class, used whenever no storageClass is specified for a newly-created object. This defines how objects in the bucket are stored and determines the SLA and the cost of storage. Values include MULTI_REGIONAL, REGIONAL, STANDARD, NEARLINE, COLDLINE, ARCHIVE, and DURABLE_REDUCED_AVAILABILITY. If this value is not specified when the bucket is created, it will default to STANDARD. For more information, see storage classes.",
-          "type": "string"
-        },
-        "timeCreated": {
-          "description": "The creation time of the bucket in RFC 3339 format.",
-          "format": "date-time",
-          "type": "string"
-        },
-        "updated": {
-          "description": "The modification time of the bucket in RFC 3339 format.",
-          "format": "date-time",
-          "type": "string"
-        },
-        "versioning": {
-          "description": "The bucket's versioning configuration.",
-          "properties": {
-            "enabled": {
-              "description": "While set to true, versioning is fully enabled for this bucket.",
-              "type": "boolean"
-            }
-          },
-          "type": "object"
-        },
-        "website": {
-          "description": "The bucket's website configuration, controlling how the service behaves when accessing bucket contents as a web site. See the Static Website Examples for more information.",
-          "properties": {
-            "mainPageSuffix": {
-              "description": "If the requested object path is missing, the service will ensure the path has a trailing '/', append this suffix, and attempt to retrieve the resulting object. This allows the creation of index.html objects to represent directory pages.",
-              "type": "string"
-            },
-            "notFoundPage": {
-              "description": "If the requested object path is missing, and any mainPageSuffix object is missing, if applicable, the service will return the named object from this bucket as the content for a 404 Not Found result.",
-              "type": "string"
-            }
-          },
-          "type": "object"
-        }
-      },
-      "type": "object"
-    },
-    "BucketAccessControl": {
-      "description": "An access-control entry.",
-      "id": "BucketAccessControl",
-      "properties": {
-        "bucket": {
-          "description": "The name of the bucket.",
-          "type": "string"
-        },
-        "domain": {
-          "description": "The domain associated with the entity, if any.",
-          "type": "string"
-        },
-        "email": {
-          "description": "The email address associated with the entity, if any.",
-          "type": "string"
-        },
-        "entity": {
-          "annotations": {
-            "required": [
-              "storage.bucketAccessControls.insert"
-            ]
-          },
-          "description": "The entity holding the permission, in one of the following forms: \n- user-userId \n- user-email \n- group-groupId \n- group-email \n- domain-domain \n- project-team-projectId \n- allUsers \n- allAuthenticatedUsers Examples: \n- The user liz@example.com would be user-liz@example.com. \n- The group example@googlegroups.com would be group-example@googlegroups.com. \n- To refer to all members of the Google Apps for Business domain example.com, the entity would be domain-example.com.",
-          "type": "string"
-        },
-        "entityId": {
-          "description": "The ID for the entity, if any.",
-          "type": "string"
-        },
-        "etag": {
-          "description": "HTTP 1.1 Entity tag for the access-control entry.",
-          "type": "string"
-        },
-        "id": {
-          "description": "The ID of the access-control entry.",
-          "type": "string"
-        },
-        "kind": {
-          "default": "storage#bucketAccessControl",
-          "description": "The kind of item this is. For bucket access control entries, this is always storage#bucketAccessControl.",
-          "type": "string"
-        },
-        "projectTeam": {
-          "description": "The project team associated with the entity, if any.",
-          "properties": {
-            "projectNumber": {
-              "description": "The project number.",
-              "type": "string"
-            },
-            "team": {
-              "description": "The team.",
-              "type": "string"
-            }
-          },
-          "type": "object"
-        },
-        "role": {
-          "annotations": {
-            "required": [
-              "storage.bucketAccessControls.insert"
-            ]
-          },
-          "description": "The access permission for the entity.",
-          "type": "string"
-        },
-        "selfLink": {
-          "description": "The link to this access-control entry.",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "BucketAccessControls": {
-      "description": "An access-control list.",
-      "id": "BucketAccessControls",
-      "properties": {
-        "items": {
-          "description": "The list of items.",
-          "items": {
-            "$ref": "BucketAccessControl"
-          },
-          "type": "array"
-        },
-        "kind": {
-          "default": "storage#bucketAccessControls",
-          "description": "The kind of item this is. For lists of bucket access control entries, this is always storage#bucketAccessControls.",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "Buckets": {
-      "description": "A list of buckets.",
-      "id": "Buckets",
-      "properties": {
-        "items": {
-          "description": "The list of items.",
-          "items": {
-            "$ref": "Bucket"
-          },
-          "type": "array"
-        },
-        "kind": {
-          "default": "storage#buckets",
-          "description": "The kind of item this is. For lists of buckets, this is always storage#buckets.",
-          "type": "string"
-        },
-        "nextPageToken": {
-          "description": "The continuation token, used to page through large result sets. Provide this value in a subsequent request to return the next page of results.",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "Channel": {
-      "description": "An notification channel used to watch for resource changes.",
-      "id": "Channel",
-      "properties": {
-        "address": {
-          "description": "The address where notifications are delivered for this channel.",
-          "type": "string"
-        },
-        "expiration": {
-          "description": "Date and time of notification channel expiration, expressed as a Unix timestamp, in milliseconds. Optional.",
-          "format": "int64",
-          "type": "string"
-        },
-        "id": {
-          "description": "A UUID or similar unique string that identifies this channel.",
-          "type": "string"
-        },
-        "kind": {
-          "default": "api#channel",
-          "description": "Identifies this as a notification channel used to watch for changes to a resource, which is \"api#channel\".",
-          "type": "string"
-        },
-        "params": {
-          "additionalProperties": {
-            "description": "Declares a new parameter by name.",
-            "type": "string"
-          },
-          "description": "Additional parameters controlling delivery channel behavior. Optional.",
-          "type": "object"
-        },
-        "payload": {
-          "description": "A Boolean value to indicate whether payload is wanted. Optional.",
-          "type": "boolean"
-        },
-        "resourceId": {
-          "description": "An opaque ID that identifies the resource being watched on this channel. Stable across different API versions.",
-          "type": "string"
-        },
-        "resourceUri": {
-          "description": "A version-specific identifier for the watched resource.",
-          "type": "string"
-        },
-        "token": {
-          "description": "An arbitrary string delivered to the target address with each notification delivered over this channel. Optional.",
-          "type": "string"
-        },
-        "type": {
-          "description": "The type of delivery mechanism used for this channel.",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "ComposeRequest": {
-      "description": "A Compose request.",
-      "id": "ComposeRequest",
-      "properties": {
-        "destination": {
-          "$ref": "Object",
-          "description": "Properties of the resulting object."
-        },
-        "kind": {
-          "default": "storage#composeRequest",
-          "description": "The kind of item this is.",
-          "type": "string"
-        },
-        "sourceObjects": {
-          "annotations": {
-            "required": [
-              "storage.objects.compose"
-            ]
-          },
-          "description": "The list of source objects that will be concatenated into a single object.",
-          "items": {
-            "properties": {
-              "generation": {
-                "description": "The generation of this object to use as the source.",
-                "format": "int64",
-                "type": "string"
-              },
-              "name": {
-                "annotations": {
-                  "required": [
-                    "storage.objects.compose"
-                  ]
-                },
-                "description": "The source object's name. All source objects must reside in the same bucket.",
-                "type": "string"
-              },
-              "objectPreconditions": {
-                "description": "Conditions that must be met for this operation to execute.",
-                "properties": {
-                  "ifGenerationMatch": {
-                    "description": "Only perform the composition if the generation of the source object that would be used matches this value. If this value and a generation are both specified, they must be the same value or the call will fail.",
-                    "format": "int64",
-                    "type": "string"
-                  }
-                },
-                "type": "object"
-              }
-            },
-            "type": "object"
-          },
-          "type": "array"
-        }
-      },
-      "type": "object"
-    },
-    "Expr": {
-      "description": "Represents an expression text. Example: title: \"User account presence\" description: \"Determines whether the request has a user account\" expression: \"size(request.user) \u003e 0\"",
-      "id": "Expr",
-      "properties": {
-        "description": {
-          "description": "An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.",
-          "type": "string"
-        },
-        "expression": {
-          "description": "Textual representation of an expression in Common Expression Language syntax. The application context of the containing message determines which well-known feature set of CEL is supported.",
-          "type": "string"
-        },
-        "location": {
-          "description": "An optional string indicating the location of the expression for error reporting, e.g. a file name and a position in the file.",
-          "type": "string"
-        },
-        "title": {
-          "description": "An optional title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "HmacKey": {
-      "description": "JSON template to produce a JSON-style HMAC Key resource for Create responses.",
-      "id": "HmacKey",
-      "properties": {
-        "kind": {
-          "default": "storage#hmacKey",
-          "description": "The kind of item this is. For HMAC keys, this is always storage#hmacKey.",
-          "type": "string"
-        },
-        "metadata": {
-          "$ref": "HmacKeyMetadata",
-          "description": "Key metadata."
-        },
-        "secret": {
-          "description": "HMAC secret key material.",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "HmacKeyMetadata": {
-      "description": "JSON template to produce a JSON-style HMAC Key metadata resource.",
-      "id": "HmacKeyMetadata",
-      "properties": {
-        "accessId": {
-          "description": "The ID of the HMAC Key.",
-          "type": "string"
-        },
-        "etag": {
-          "description": "HTTP 1.1 Entity tag for the HMAC key.",
-          "type": "string"
-        },
-        "id": {
-          "description": "The ID of the HMAC key, including the Project ID and the Access ID.",
-          "type": "string"
-        },
-        "kind": {
-          "default": "storage#hmacKeyMetadata",
-          "description": "The kind of item this is. For HMAC Key metadata, this is always storage#hmacKeyMetadata.",
-          "type": "string"
-        },
-        "projectId": {
-          "description": "Project ID owning the service account to which the key authenticates.",
-          "type": "string"
-        },
-        "selfLink": {
-          "description": "The link to this resource.",
-          "type": "string"
-        },
-        "serviceAccountEmail": {
-          "description": "The email address of the key's associated service account.",
-          "type": "string"
-        },
-        "state": {
-          "description": "The state of the key. Can be one of ACTIVE, INACTIVE, or DELETED.",
-          "type": "string"
-        },
-        "timeCreated": {
-          "description": "The creation time of the HMAC key in RFC 3339 format.",
-          "format": "date-time",
-          "type": "string"
-        },
-        "updated": {
-          "description": "The last modification time of the HMAC key metadata in RFC 3339 format.",
-          "format": "date-time",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "HmacKeysMetadata": {
-      "description": "A list of hmacKeys.",
-      "id": "HmacKeysMetadata",
-      "properties": {
-        "items": {
-          "description": "The list of items.",
-          "items": {
-            "$ref": "HmacKeyMetadata"
-          },
-          "type": "array"
-        },
-        "kind": {
-          "default": "storage#hmacKeysMetadata",
-          "description": "The kind of item this is. For lists of hmacKeys, this is always storage#hmacKeysMetadata.",
-          "type": "string"
-        },
-        "nextPageToken": {
-          "description": "The continuation token, used to page through large result sets. Provide this value in a subsequent request to return the next page of results.",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "Notification": {
-      "description": "A subscription to receive Google PubSub notifications.",
-      "id": "Notification",
-      "properties": {
-        "custom_attributes": {
-          "additionalProperties": {
-            "type": "string"
-          },
-          "description": "An optional list of additional attributes to attach to each Cloud PubSub message published for this notification subscription.",
-          "type": "object"
-        },
-        "etag": {
-          "description": "HTTP 1.1 Entity tag for this subscription notification.",
-          "type": "string"
-        },
-        "event_types": {
-          "description": "If present, only send notifications about listed event types. If empty, sent notifications for all event types.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
-        "id": {
-          "description": "The ID of the notification.",
-          "type": "string"
-        },
-        "kind": {
-          "default": "storage#notification",
-          "description": "The kind of item this is. For notifications, this is always storage#notification.",
-          "type": "string"
-        },
-        "object_name_prefix": {
-          "description": "If present, only apply this notification configuration to object names that begin with this prefix.",
-          "type": "string"
-        },
-        "payload_format": {
-          "annotations": {
-            "required": [
-              "storage.notifications.insert"
-            ]
-          },
-          "default": "JSON_API_V1",
-          "description": "The desired content of the Payload.",
-          "type": "string"
-        },
-        "selfLink": {
-          "description": "The canonical URL of this notification.",
-          "type": "string"
-        },
-        "topic": {
-          "annotations": {
-            "required": [
-              "storage.notifications.insert"
-            ]
-          },
-          "description": "The Cloud PubSub topic to which this subscription publishes. Formatted as: '//pubsub.googleapis.com/projects/{project-identifier}/topics/{my-topic}'",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "Notifications": {
-      "description": "A list of notification subscriptions.",
-      "id": "Notifications",
-      "properties": {
-        "items": {
-          "description": "The list of items.",
-          "items": {
-            "$ref": "Notification"
-          },
-          "type": "array"
-        },
-        "kind": {
-          "default": "storage#notifications",
-          "description": "The kind of item this is. For lists of notifications, this is always storage#notifications.",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "Object": {
-      "description": "An object.",
-      "id": "Object",
-      "properties": {
-        "acl": {
-          "annotations": {
-            "required": [
-              "storage.objects.update"
-            ]
-          },
-          "description": "Access controls on the object.",
-          "items": {
-            "$ref": "ObjectAccessControl"
-          },
-          "type": "array"
-        },
-        "bucket": {
-          "description": "The name of the bucket containing this object.",
-          "type": "string"
-        },
-        "cacheControl": {
-          "description": "Cache-Control directive for the object data. If omitted, and the object is accessible to all anonymous users, the default will be public, max-age=3600.",
-          "type": "string"
-        },
-        "componentCount": {
-          "description": "Number of underlying components that make up this object. Components are accumulated by compose operations.",
-          "format": "int32",
-          "type": "integer"
-        },
-        "contentDisposition": {
-          "description": "Content-Disposition of the object data.",
-          "type": "string"
-        },
-        "contentEncoding": {
-          "description": "Content-Encoding of the object data.",
-          "type": "string"
-        },
-        "contentLanguage": {
-          "description": "Content-Language of the object data.",
-          "type": "string"
-        },
-        "contentType": {
-          "description": "Content-Type of the object data. If an object is stored without a Content-Type, it is served as application/octet-stream.",
-          "type": "string"
-        },
-        "crc32c": {
-          "description": "CRC32c checksum, as described in RFC 4960, Appendix B; encoded using base64 in big-endian byte order. For more information about using the CRC32c checksum, see Hashes and ETags: Best Practices.",
-          "type": "string"
-        },
-        "customTime": {
-          "description": "A timestamp in RFC 3339 format specified by the user for an object.",
-          "format": "date-time",
-          "type": "string"
-        },
-        "customerEncryption": {
-          "description": "Metadata of customer-supplied encryption key, if the object is encrypted by such a key.",
-          "properties": {
-            "encryptionAlgorithm": {
-              "description": "The encryption algorithm.",
-              "type": "string"
-            },
-            "keySha256": {
-              "description": "SHA256 hash value of the encryption key.",
-              "type": "string"
-            }
-          },
-          "type": "object"
-        },
-        "etag": {
-          "description": "HTTP 1.1 Entity tag for the object.",
-          "type": "string"
-        },
-        "eventBasedHold": {
-          "description": "Whether an object is under event-based hold. Event-based hold is a way to retain objects until an event occurs, which is signified by the hold's release (i.e. this value is set to false). After being released (set to false), such objects will be subject to bucket-level retention (if any). One sample use case of this flag is for banks to hold loan documents for at least 3 years after loan is paid in full. Here, bucket-level retention is 3 years and the event is the loan being paid in full. In this example, these objects will be held intact for any number of years until the event has occurred (event-based hold on the object is released) and then 3 more years after that. That means retention duration of the objects begins from the moment event-based hold transitioned from true to false.",
-          "type": "boolean"
-        },
-        "generation": {
-          "description": "The content generation of this object. Used for object versioning.",
-          "format": "int64",
-          "type": "string"
-        },
-        "id": {
-          "description": "The ID of the object, including the bucket name, object name, and generation number.",
-          "type": "string"
-        },
-        "kind": {
-          "default": "storage#object",
-          "description": "The kind of item this is. For objects, this is always storage#object.",
-          "type": "string"
-        },
-        "kmsKeyName": {
-          "description": "Not currently supported. Specifying the parameter causes the request to fail with status code 400 - Bad Request.",
-          "type": "string"
-        },
-        "md5Hash": {
-          "description": "MD5 hash of the data; encoded using base64. For more information about using the MD5 hash, see Hashes and ETags: Best Practices.",
-          "type": "string"
-        },
-        "mediaLink": {
-          "description": "Media download link.",
-          "type": "string"
-        },
-        "metadata": {
-          "additionalProperties": {
-            "description": "An individual metadata entry.",
-            "type": "string"
-          },
-          "description": "User-provided metadata, in key/value pairs.",
-          "type": "object"
-        },
-        "metageneration": {
-          "description": "The version of the metadata for this object at this generation. Used for preconditions and for detecting changes in metadata. A metageneration number is only meaningful in the context of a particular generation of a particular object.",
-          "format": "int64",
-          "type": "string"
-        },
-        "name": {
-          "description": "The name of the object. Required if not specified by URL parameter.",
-          "type": "string"
-        },
-        "owner": {
-          "description": "The owner of the object. This will always be the uploader of the object.",
-          "properties": {
-            "entity": {
-              "description": "The entity, in the form user-userId.",
-              "type": "string"
-            },
-            "entityId": {
-              "description": "The ID for the entity.",
-              "type": "string"
-            }
-          },
-          "type": "object"
-        },
-        "retentionExpirationTime": {
-          "description": "A server-determined value that specifies the earliest time that the object's retention period expires. This value is in RFC 3339 format. Note 1: This field is not provided for objects with an active event-based hold, since retention expiration is unknown until the hold is removed. Note 2: This value can be provided even when temporary hold is set (so that the user can reason about policy without having to first unset the temporary hold).",
-          "format": "date-time",
-          "type": "string"
-        },
-        "selfLink": {
-          "description": "The link to this object.",
-          "type": "string"
-        },
-        "size": {
-          "description": "Content-Length of the data in bytes.",
-          "format": "uint64",
-          "type": "string"
-        },
-        "storageClass": {
-          "description": "Storage class of the object.",
-          "type": "string"
-        },
-        "temporaryHold": {
-          "description": "Whether an object is under temporary hold. While this flag is set to true, the object is protected against deletion and overwrites. A common use case of this flag is regulatory investigations where objects need to be retained while the investigation is ongoing. Note that unlike event-based hold, temporary hold does not impact retention expiration time of an object.",
-          "type": "boolean"
-        },
-        "timeCreated": {
-          "description": "The creation time of the object in RFC 3339 format.",
-          "format": "date-time",
-          "type": "string"
-        },
-        "timeDeleted": {
-          "description": "The deletion time of the object in RFC 3339 format. Will be returned if and only if this version of the object has been deleted.",
-          "format": "date-time",
-          "type": "string"
-        },
-        "timeStorageClassUpdated": {
-          "description": "The time at which the object's storage class was last changed. When the object is initially created, it will be set to timeCreated.",
-          "format": "date-time",
-          "type": "string"
-        },
-        "updated": {
-          "description": "The modification time of the object metadata in RFC 3339 format. Set initially to object creation time and then updated whenever any metadata of the object changes. This includes changes made by a requester, such as modifying custom metadata, as well as changes made by Cloud Storage on behalf of a requester, such as changing the storage class based on an Object Lifecycle Configuration.",
-          "format": "date-time",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "ObjectAccessControl": {
-      "description": "An access-control entry.",
-      "id": "ObjectAccessControl",
-      "properties": {
-        "bucket": {
-          "description": "The name of the bucket.",
-          "type": "string"
-        },
-        "domain": {
-          "description": "The domain associated with the entity, if any.",
-          "type": "string"
-        },
-        "email": {
-          "description": "The email address associated with the entity, if any.",
-          "type": "string"
-        },
-        "entity": {
-          "annotations": {
-            "required": [
-              "storage.defaultObjectAccessControls.insert",
-              "storage.objectAccessControls.insert"
-            ]
-          },
-          "description": "The entity holding the permission, in one of the following forms: \n- user-userId \n- user-email \n- group-groupId \n- group-email \n- domain-domain \n- project-team-projectId \n- allUsers \n- allAuthenticatedUsers Examples: \n- The user liz@example.com would be user-liz@example.com. \n- The group example@googlegroups.com would be group-example@googlegroups.com. \n- To refer to all members of the Google Apps for Business domain example.com, the entity would be domain-example.com.",
-          "type": "string"
-        },
-        "entityId": {
-          "description": "The ID for the entity, if any.",
-          "type": "string"
-        },
-        "etag": {
-          "description": "HTTP 1.1 Entity tag for the access-control entry.",
-          "type": "string"
-        },
-        "generation": {
-          "description": "The content generation of the object, if applied to an object.",
-          "format": "int64",
-          "type": "string"
-        },
-        "id": {
-          "description": "The ID of the access-control entry.",
-          "type": "string"
-        },
-        "kind": {
-          "default": "storage#objectAccessControl",
-          "description": "The kind of item this is. For object access control entries, this is always storage#objectAccessControl.",
-          "type": "string"
-        },
-        "object": {
-          "description": "The name of the object, if applied to an object.",
-          "type": "string"
-        },
-        "projectTeam": {
-          "description": "The project team associated with the entity, if any.",
-          "properties": {
-            "projectNumber": {
-              "description": "The project number.",
-              "type": "string"
-            },
-            "team": {
-              "description": "The team.",
-              "type": "string"
-            }
-          },
-          "type": "object"
-        },
-        "role": {
-          "annotations": {
-            "required": [
-              "storage.defaultObjectAccessControls.insert",
-              "storage.objectAccessControls.insert"
-            ]
-          },
-          "description": "The access permission for the entity.",
-          "type": "string"
-        },
-        "selfLink": {
-          "description": "The link to this access-control entry.",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "ObjectAccessControls": {
-      "description": "An access-control list.",
-      "id": "ObjectAccessControls",
-      "properties": {
-        "items": {
-          "description": "The list of items.",
-          "items": {
-            "$ref": "ObjectAccessControl"
-          },
-          "type": "array"
-        },
-        "kind": {
-          "default": "storage#objectAccessControls",
-          "description": "The kind of item this is. For lists of object access control entries, this is always storage#objectAccessControls.",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "Objects": {
-      "description": "A list of objects.",
-      "id": "Objects",
-      "properties": {
-        "items": {
-          "description": "The list of items.",
-          "items": {
-            "$ref": "Object"
-          },
-          "type": "array"
-        },
-        "kind": {
-          "default": "storage#objects",
-          "description": "The kind of item this is. For lists of objects, this is always storage#objects.",
-          "type": "string"
-        },
-        "nextPageToken": {
-          "description": "The continuation token, used to page through large result sets. Provide this value in a subsequent request to return the next page of results.",
-          "type": "string"
-        },
-        "prefixes": {
-          "description": "The list of prefixes of objects matching-but-not-listed up to and including the requested delimiter.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        }
-      },
-      "type": "object"
-    },
-    "Policy": {
-      "description": "A bucket/object IAM policy.",
-      "id": "Policy",
-      "properties": {
-        "bindings": {
-          "annotations": {
-            "required": [
-              "storage.buckets.setIamPolicy",
-              "storage.objects.setIamPolicy"
-            ]
-          },
-          "description": "An association between a role, which comes with a set of permissions, and members who may assume that role.",
-          "items": {
-            "properties": {
-              "condition": {
-                "$ref": "Expr",
-                "description": "The condition that is associated with this binding. NOTE: an unsatisfied condition will not allow user access via current binding. Different bindings, including their conditions, are examined independently."
-              },
-              "members": {
-                "annotations": {
-                  "required": [
-                    "storage.buckets.setIamPolicy",
-                    "storage.objects.setIamPolicy"
-                  ]
-                },
-                "description": "A collection of identifiers for members who may assume the provided role. Recognized identifiers are as follows:  \n- allUsers — A special identifier that represents anyone on the internet; with or without a Google account.  \n- allAuthenticatedUsers — A special identifier that represents anyone who is authenticated with a Google account or a service account.  \n- user:emailid — An email address that represents a specific account. For example, user:alice@gmail.com or user:joe@example.com.  \n- serviceAccount:emailid — An email address that represents a service account. For example,  serviceAccount:my-other-app@appspot.gserviceaccount.com .  \n- group:emailid — An email address that represents a Google group. For example, group:admins@example.com.  \n- domain:domain — A Google Apps domain name that represents all the users of that domain. For example, domain:google.com or domain:example.com.  \n- projectOwner:projectid — Owners of the given project. For example, projectOwner:my-example-project  \n- projectEditor:projectid — Editors of the given project. For example, projectEditor:my-example-project  \n- projectViewer:projectid — Viewers of the given project. For example, projectViewer:my-example-project",
-                "items": {
-                  "type": "string"
-                },
-                "type": "array"
-              },
-              "role": {
-                "annotations": {
-                  "required": [
-                    "storage.buckets.setIamPolicy",
-                    "storage.objects.setIamPolicy"
-                  ]
-                },
-                "description": "The role to which members belong. Two types of roles are supported: new IAM roles, which grant permissions that do not map directly to those provided by ACLs, and legacy IAM roles, which do map directly to ACL permissions. All roles are of the format roles/storage.specificRole.\nThe new IAM roles are:  \n- roles/storage.admin — Full control of Google Cloud Storage resources.  \n- roles/storage.objectViewer — Read-Only access to Google Cloud Storage objects.  \n- roles/storage.objectCreator — Access to create objects in Google Cloud Storage.  \n- roles/storage.objectAdmin — Full control of Google Cloud Storage objects.   The legacy IAM roles are:  \n- roles/storage.legacyObjectReader — Read-only access to objects without listing. Equivalent to an ACL entry on an object with the READER role.  \n- roles/storage.legacyObjectOwner — Read/write access to existing objects without listing. Equivalent to an ACL entry on an object with the OWNER role.  \n- roles/storage.legacyBucketReader — Read access to buckets with object listing. Equivalent to an ACL entry on a bucket with the READER role.  \n- roles/storage.legacyBucketWriter — Read access to buckets with object listing/creation/deletion. Equivalent to an ACL entry on a bucket with the WRITER role.  \n- roles/storage.legacyBucketOwner — Read and write access to existing buckets with object listing/creation/deletion. Equivalent to an ACL entry on a bucket with the OWNER role.",
-                "type": "string"
-              }
-            },
-            "type": "object"
-          },
-          "type": "array"
-        },
-        "etag": {
-          "description": "HTTP 1.1  Entity tag for the policy.",
-          "format": "byte",
-          "type": "string"
-        },
-        "kind": {
-          "default": "storage#policy",
-          "description": "The kind of item this is. For policies, this is always storage#policy. This field is ignored on input.",
-          "type": "string"
-        },
-        "resourceId": {
-          "description": "The ID of the resource to which this policy belongs. Will be of the form projects/_/buckets/bucket for buckets, and projects/_/buckets/bucket/objects/object for objects. A specific generation may be specified by appending #generationNumber to the end of the object name, e.g. projects/_/buckets/my-bucket/objects/data.txt#17. The current generation can be denoted with #0. This field is ignored on input.",
-          "type": "string"
-        },
-        "version": {
-          "description": "The IAM policy format version.",
-          "format": "int32",
-          "type": "integer"
-        }
-      },
-      "type": "object"
-    },
-    "RewriteResponse": {
-      "description": "A rewrite response.",
-      "id": "RewriteResponse",
-      "properties": {
-        "done": {
-          "description": "true if the copy is finished; otherwise, false if the copy is in progress. This property is always present in the response.",
-          "type": "boolean"
-        },
-        "kind": {
-          "default": "storage#rewriteResponse",
-          "description": "The kind of item this is.",
-          "type": "string"
-        },
-        "objectSize": {
-          "description": "The total size of the object being copied in bytes. This property is always present in the response.",
-          "format": "int64",
-          "type": "string"
-        },
-        "resource": {
-          "$ref": "Object",
-          "description": "A resource containing the metadata for the copied-to object. This property is present in the response only when copying completes."
-        },
-        "rewriteToken": {
-          "description": "A token to use in subsequent requests to continue copying data. This token is present in the response only when there is more data to copy.",
-          "type": "string"
-        },
-        "totalBytesRewritten": {
-          "description": "The total bytes written so far, which can be used to provide a waiting user with a progress indicator. This property is always present in the response.",
-          "format": "int64",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "ServiceAccount": {
-      "description": "A subscription to receive Google PubSub notifications.",
-      "id": "ServiceAccount",
-      "properties": {
-        "email_address": {
-          "description": "The ID of the notification.",
-          "type": "string"
-        },
-        "kind": {
-          "default": "storage#serviceAccount",
-          "description": "The kind of item this is. For notifications, this is always storage#notification.",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "TestIamPermissionsResponse": {
-      "description": "A storage.(buckets|objects).testIamPermissions response.",
-      "id": "TestIamPermissionsResponse",
-      "properties": {
-        "kind": {
-          "default": "storage#testIamPermissionsResponse",
-          "description": "The kind of item this is.",
-          "type": "string"
-        },
-        "permissions": {
-          "description": "The permissions held by the caller. Permissions are always of the format storage.resource.capability, where resource is one of buckets or objects. The supported permissions are as follows:  \n- storage.buckets.delete — Delete bucket.  \n- storage.buckets.get — Read bucket metadata.  \n- storage.buckets.getIamPolicy — Read bucket IAM policy.  \n- storage.buckets.create — Create bucket.  \n- storage.buckets.list — List buckets.  \n- storage.buckets.setIamPolicy — Update bucket IAM policy.  \n- storage.buckets.update — Update bucket metadata.  \n- storage.objects.delete — Delete object.  \n- storage.objects.get — Read object data and metadata.  \n- storage.objects.getIamPolicy — Read object IAM policy.  \n- storage.objects.create — Create object.  \n- storage.objects.list — List objects.  \n- storage.objects.setIamPolicy — Update object IAM policy.  \n- storage.objects.update — Update object metadata.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        }
-      },
-      "type": "object"
-    }
-  },
-  "servicePath": "storage/v1/",
-  "title": "Cloud Storage JSON API",
-  "version": "v1"
-}
\ No newline at end of file
diff --git a/vendor/google.golang.org/api/storage/v1/storage-gen.go b/vendor/google.golang.org/api/storage/v1/storage-gen.go
deleted file mode 100644
index e11bf2e6d..000000000
--- a/vendor/google.golang.org/api/storage/v1/storage-gen.go
+++ /dev/null
@@ -1,13283 +0,0 @@
-// Copyright 2023 Google LLC.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// Code generated file. DO NOT EDIT.
-
-// Package storage provides access to the Cloud Storage JSON API.
-//
-// This package is DEPRECATED. Use package cloud.google.com/go/storage instead.
-//
-// For product documentation, see: https://developers.google.com/storage/docs/json_api/
-//
-// # Creating a client
-//
-// Usage example:
-//
-//	import "google.golang.org/api/storage/v1"
-//	...
-//	ctx := context.Background()
-//	storageService, err := storage.NewService(ctx)
-//
-// In this example, Google Application Default Credentials are used for authentication.
-//
-// For information on how to create and obtain Application Default Credentials, see https://developers.google.com/identity/protocols/application-default-credentials.
-//
-// # Other authentication options
-//
-// By default, all available scopes (see "Constants") are used to authenticate. To restrict scopes, use option.WithScopes:
-//
-//	storageService, err := storage.NewService(ctx, option.WithScopes(storage.DevstorageReadWriteScope))
-//
-// To use an API key for authentication (note: some APIs do not support API keys), use option.WithAPIKey:
-//
-//	storageService, err := storage.NewService(ctx, option.WithAPIKey("AIza..."))
-//
-// To use an OAuth token (e.g., a user token obtained via a three-legged OAuth flow), use option.WithTokenSource:
-//
-//	config := &oauth2.Config{...}
-//	// ...
-//	token, err := config.Exchange(ctx, ...)
-//	storageService, err := storage.NewService(ctx, option.WithTokenSource(config.TokenSource(ctx, token)))
-//
-// See https://godoc.org/google.golang.org/api/option/ for details on options.
-package storage // import "google.golang.org/api/storage/v1"
-
-import (
-	"bytes"
-	"context"
-	"encoding/json"
-	"errors"
-	"fmt"
-	"io"
-	"net/http"
-	"net/url"
-	"strconv"
-	"strings"
-
-	"github.com/googleapis/gax-go/v2"
-	googleapi "google.golang.org/api/googleapi"
-	internal "google.golang.org/api/internal"
-	gensupport "google.golang.org/api/internal/gensupport"
-	option "google.golang.org/api/option"
-	internaloption "google.golang.org/api/option/internaloption"
-	htransport "google.golang.org/api/transport/http"
-)
-
-// Always reference these packages, just in case the auto-generated code
-// below doesn't.
-var _ = bytes.NewBuffer
-var _ = strconv.Itoa
-var _ = fmt.Sprintf
-var _ = json.NewDecoder
-var _ = io.Copy
-var _ = url.Parse
-var _ = gensupport.MarshalJSON
-var _ = googleapi.Version
-var _ = errors.New
-var _ = strings.Replace
-var _ = context.Canceled
-var _ = internaloption.WithDefaultEndpoint
-var _ = internal.Version
-
-const apiId = "storage:v1"
-const apiName = "storage"
-const apiVersion = "v1"
-const basePath = "https://storage.googleapis.com/storage/v1/"
-const mtlsBasePath = "https://storage.mtls.googleapis.com/storage/v1/"
-
-// OAuth2 scopes used by this API.
-const (
-	// View and manage your data across Google Cloud Platform services
-	CloudPlatformScope = "https://www.googleapis.com/auth/cloud-platform"
-
-	// View your data across Google Cloud Platform services
-	CloudPlatformReadOnlyScope = "https://www.googleapis.com/auth/cloud-platform.read-only"
-
-	// Manage your data and permissions in Google Cloud Storage
-	DevstorageFullControlScope = "https://www.googleapis.com/auth/devstorage.full_control"
-
-	// View your data in Google Cloud Storage
-	DevstorageReadOnlyScope = "https://www.googleapis.com/auth/devstorage.read_only"
-
-	// Manage your data in Google Cloud Storage
-	DevstorageReadWriteScope = "https://www.googleapis.com/auth/devstorage.read_write"
-)
-
-// NewService creates a new Service.
-func NewService(ctx context.Context, opts ...option.ClientOption) (*Service, error) {
-	scopesOption := internaloption.WithDefaultScopes(
-		"https://www.googleapis.com/auth/cloud-platform",
-		"https://www.googleapis.com/auth/cloud-platform.read-only",
-		"https://www.googleapis.com/auth/devstorage.full_control",
-		"https://www.googleapis.com/auth/devstorage.read_only",
-		"https://www.googleapis.com/auth/devstorage.read_write",
-	)
-	// NOTE: prepend, so we don't override user-specified scopes.
-	opts = append([]option.ClientOption{scopesOption}, opts...)
-	opts = append(opts, internaloption.WithDefaultEndpoint(basePath))
-	opts = append(opts, internaloption.WithDefaultMTLSEndpoint(mtlsBasePath))
-	client, endpoint, err := htransport.NewClient(ctx, opts...)
-	if err != nil {
-		return nil, err
-	}
-	s, err := New(client)
-	if err != nil {
-		return nil, err
-	}
-	if endpoint != "" {
-		s.BasePath = endpoint
-	}
-	return s, nil
-}
-
-// New creates a new Service. It uses the provided http.Client for requests.
-//
-// Deprecated: please use NewService instead.
-// To provide a custom HTTP client, use option.WithHTTPClient.
-// If you are using google.golang.org/api/googleapis/transport.APIKey, use option.WithAPIKey with NewService instead.
-func New(client *http.Client) (*Service, error) {
-	if client == nil {
-		return nil, errors.New("client is nil")
-	}
-	s := &Service{client: client, BasePath: basePath}
-	s.BucketAccessControls = NewBucketAccessControlsService(s)
-	s.Buckets = NewBucketsService(s)
-	s.Channels = NewChannelsService(s)
-	s.DefaultObjectAccessControls = NewDefaultObjectAccessControlsService(s)
-	s.Notifications = NewNotificationsService(s)
-	s.ObjectAccessControls = NewObjectAccessControlsService(s)
-	s.Objects = NewObjectsService(s)
-	s.Projects = NewProjectsService(s)
-	return s, nil
-}
-
-type Service struct {
-	client    *http.Client
-	BasePath  string // API endpoint base URL
-	UserAgent string // optional additional User-Agent fragment
-
-	BucketAccessControls *BucketAccessControlsService
-
-	Buckets *BucketsService
-
-	Channels *ChannelsService
-
-	DefaultObjectAccessControls *DefaultObjectAccessControlsService
-
-	Notifications *NotificationsService
-
-	ObjectAccessControls *ObjectAccessControlsService
-
-	Objects *ObjectsService
-
-	Projects *ProjectsService
-}
-
-func (s *Service) userAgent() string {
-	if s.UserAgent == "" {
-		return googleapi.UserAgent
-	}
-	return googleapi.UserAgent + " " + s.UserAgent
-}
-
-func NewBucketAccessControlsService(s *Service) *BucketAccessControlsService {
-	rs := &BucketAccessControlsService{s: s}
-	return rs
-}
-
-type BucketAccessControlsService struct {
-	s *Service
-}
-
-func NewBucketsService(s *Service) *BucketsService {
-	rs := &BucketsService{s: s}
-	return rs
-}
-
-type BucketsService struct {
-	s *Service
-}
-
-func NewChannelsService(s *Service) *ChannelsService {
-	rs := &ChannelsService{s: s}
-	return rs
-}
-
-type ChannelsService struct {
-	s *Service
-}
-
-func NewDefaultObjectAccessControlsService(s *Service) *DefaultObjectAccessControlsService {
-	rs := &DefaultObjectAccessControlsService{s: s}
-	return rs
-}
-
-type DefaultObjectAccessControlsService struct {
-	s *Service
-}
-
-func NewNotificationsService(s *Service) *NotificationsService {
-	rs := &NotificationsService{s: s}
-	return rs
-}
-
-type NotificationsService struct {
-	s *Service
-}
-
-func NewObjectAccessControlsService(s *Service) *ObjectAccessControlsService {
-	rs := &ObjectAccessControlsService{s: s}
-	return rs
-}
-
-type ObjectAccessControlsService struct {
-	s *Service
-}
-
-func NewObjectsService(s *Service) *ObjectsService {
-	rs := &ObjectsService{s: s}
-	return rs
-}
-
-type ObjectsService struct {
-	s *Service
-}
-
-func NewProjectsService(s *Service) *ProjectsService {
-	rs := &ProjectsService{s: s}
-	rs.HmacKeys = NewProjectsHmacKeysService(s)
-	rs.ServiceAccount = NewProjectsServiceAccountService(s)
-	return rs
-}
-
-type ProjectsService struct {
-	s *Service
-
-	HmacKeys *ProjectsHmacKeysService
-
-	ServiceAccount *ProjectsServiceAccountService
-}
-
-func NewProjectsHmacKeysService(s *Service) *ProjectsHmacKeysService {
-	rs := &ProjectsHmacKeysService{s: s}
-	return rs
-}
-
-type ProjectsHmacKeysService struct {
-	s *Service
-}
-
-func NewProjectsServiceAccountService(s *Service) *ProjectsServiceAccountService {
-	rs := &ProjectsServiceAccountService{s: s}
-	return rs
-}
-
-type ProjectsServiceAccountService struct {
-	s *Service
-}
-
-// Bucket: A bucket.
-type Bucket struct {
-	// Acl: Access controls on the bucket.
-	Acl []*BucketAccessControl `json:"acl,omitempty"`
-
-	// Autoclass: The bucket's Autoclass configuration.
-	Autoclass *BucketAutoclass `json:"autoclass,omitempty"`
-
-	// Billing: The bucket's billing configuration.
-	Billing *BucketBilling `json:"billing,omitempty"`
-
-	// Cors: The bucket's Cross-Origin Resource Sharing (CORS)
-	// configuration.
-	Cors []*BucketCors `json:"cors,omitempty"`
-
-	// CustomPlacementConfig: The bucket's custom placement configuration
-	// for Custom Dual Regions.
-	CustomPlacementConfig *BucketCustomPlacementConfig `json:"customPlacementConfig,omitempty"`
-
-	// DefaultEventBasedHold: The default value for event-based hold on
-	// newly created objects in this bucket. Event-based hold is a way to
-	// retain objects indefinitely until an event occurs, signified by the
-	// hold's release. After being released, such objects will be subject to
-	// bucket-level retention (if any). One sample use case of this flag is
-	// for banks to hold loan documents for at least 3 years after loan is
-	// paid in full. Here, bucket-level retention is 3 years and the event
-	// is loan being paid in full. In this example, these objects will be
-	// held intact for any number of years until the event has occurred
-	// (event-based hold on the object is released) and then 3 more years
-	// after that. That means retention duration of the objects begins from
-	// the moment event-based hold transitioned from true to false. Objects
-	// under event-based hold cannot be deleted, overwritten or archived
-	// until the hold is removed.
-	DefaultEventBasedHold bool `json:"defaultEventBasedHold,omitempty"`
-
-	// DefaultObjectAcl: Default access controls to apply to new objects
-	// when no ACL is provided.
-	DefaultObjectAcl []*ObjectAccessControl `json:"defaultObjectAcl,omitempty"`
-
-	// Encryption: Encryption configuration for a bucket.
-	Encryption *BucketEncryption `json:"encryption,omitempty"`
-
-	// Etag: HTTP 1.1 Entity tag for the bucket.
-	Etag string `json:"etag,omitempty"`
-
-	// IamConfiguration: The bucket's IAM configuration.
-	IamConfiguration *BucketIamConfiguration `json:"iamConfiguration,omitempty"`
-
-	// Id: The ID of the bucket. For buckets, the id and name properties are
-	// the same.
-	Id string `json:"id,omitempty"`
-
-	// Kind: The kind of item this is. For buckets, this is always
-	// storage#bucket.
-	Kind string `json:"kind,omitempty"`
-
-	// Labels: User-provided labels, in key/value pairs.
-	Labels map[string]string `json:"labels,omitempty"`
-
-	// Lifecycle: The bucket's lifecycle configuration. See lifecycle
-	// management for more information.
-	Lifecycle *BucketLifecycle `json:"lifecycle,omitempty"`
-
-	// Location: The location of the bucket. Object data for objects in the
-	// bucket resides in physical storage within this region. Defaults to
-	// US. See the developer's guide for the authoritative list.
-	Location string `json:"location,omitempty"`
-
-	// LocationType: The type of the bucket location.
-	LocationType string `json:"locationType,omitempty"`
-
-	// Logging: The bucket's logging configuration, which defines the
-	// destination bucket and optional name prefix for the current bucket's
-	// logs.
-	Logging *BucketLogging `json:"logging,omitempty"`
-
-	// Metageneration: The metadata generation of this bucket.
-	Metageneration int64 `json:"metageneration,omitempty,string"`
-
-	// Name: The name of the bucket.
-	Name string `json:"name,omitempty"`
-
-	// Owner: The owner of the bucket. This is always the project team's
-	// owner group.
-	Owner *BucketOwner `json:"owner,omitempty"`
-
-	// ProjectNumber: The project number of the project the bucket belongs
-	// to.
-	ProjectNumber uint64 `json:"projectNumber,omitempty,string"`
-
-	// RetentionPolicy: The bucket's retention policy. The retention policy
-	// enforces a minimum retention time for all objects contained in the
-	// bucket, based on their creation time. Any attempt to overwrite or
-	// delete objects younger than the retention period will result in a
-	// PERMISSION_DENIED error. An unlocked retention policy can be modified
-	// or removed from the bucket via a storage.buckets.update operation. A
-	// locked retention policy cannot be removed or shortened in duration
-	// for the lifetime of the bucket. Attempting to remove or decrease
-	// period of a locked retention policy will result in a
-	// PERMISSION_DENIED error.
-	RetentionPolicy *BucketRetentionPolicy `json:"retentionPolicy,omitempty"`
-
-	// Rpo: The Recovery Point Objective (RPO) of this bucket. Set to
-	// ASYNC_TURBO to turn on Turbo Replication on a bucket.
-	Rpo string `json:"rpo,omitempty"`
-
-	// SatisfiesPZS: Reserved for future use.
-	SatisfiesPZS bool `json:"satisfiesPZS,omitempty"`
-
-	// SelfLink: The URI of this bucket.
-	SelfLink string `json:"selfLink,omitempty"`
-
-	// StorageClass: The bucket's default storage class, used whenever no
-	// storageClass is specified for a newly-created object. This defines
-	// how objects in the bucket are stored and determines the SLA and the
-	// cost of storage. Values include MULTI_REGIONAL, REGIONAL, STANDARD,
-	// NEARLINE, COLDLINE, ARCHIVE, and DURABLE_REDUCED_AVAILABILITY. If
-	// this value is not specified when the bucket is created, it will
-	// default to STANDARD. For more information, see storage classes.
-	StorageClass string `json:"storageClass,omitempty"`
-
-	// TimeCreated: The creation time of the bucket in RFC 3339 format.
-	TimeCreated string `json:"timeCreated,omitempty"`
-
-	// Updated: The modification time of the bucket in RFC 3339 format.
-	Updated string `json:"updated,omitempty"`
-
-	// Versioning: The bucket's versioning configuration.
-	Versioning *BucketVersioning `json:"versioning,omitempty"`
-
-	// Website: The bucket's website configuration, controlling how the
-	// service behaves when accessing bucket contents as a web site. See the
-	// Static Website Examples for more information.
-	Website *BucketWebsite `json:"website,omitempty"`
-
-	// ServerResponse contains the HTTP response code and headers from the
-	// server.
-	googleapi.ServerResponse `json:"-"`
-
-	// ForceSendFields is a list of field names (e.g. "Acl") to
-	// unconditionally include in API requests. By default, fields with
-	// empty or default values are omitted from API requests. However, any
-	// non-pointer, non-interface field appearing in ForceSendFields will be
-	// sent to the server regardless of whether the field is empty or not.
-	// This may be used to include empty fields in Patch requests.
-	ForceSendFields []string `json:"-"`
-
-	// NullFields is a list of field names (e.g. "Acl") to include in API
-	// requests with the JSON null value. By default, fields with empty
-	// values are omitted from API requests. However, any field with an
-	// empty value appearing in NullFields will be sent to the server as
-	// null. It is an error if a field in this list has a non-empty value.
-	// This may be used to include null fields in Patch requests.
-	NullFields []string `json:"-"`
-}
-
-func (s *Bucket) MarshalJSON() ([]byte, error) {
-	type NoMethod Bucket
-	raw := NoMethod(*s)
-	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
-}
-
-// BucketAutoclass: The bucket's Autoclass configuration.
-type BucketAutoclass struct {
-	// Enabled: Whether or not Autoclass is enabled on this bucket
-	Enabled bool `json:"enabled,omitempty"`
-
-	// ToggleTime: A date and time in RFC 3339 format representing the
-	// instant at which "enabled" was last toggled.
-	ToggleTime string `json:"toggleTime,omitempty"`
-
-	// ForceSendFields is a list of field names (e.g. "Enabled") to
-	// unconditionally include in API requests. By default, fields with
-	// empty or default values are omitted from API requests. However, any
-	// non-pointer, non-interface field appearing in ForceSendFields will be
-	// sent to the server regardless of whether the field is empty or not.
-	// This may be used to include empty fields in Patch requests.
-	ForceSendFields []string `json:"-"`
-
-	// NullFields is a list of field names (e.g. "Enabled") to include in
-	// API requests with the JSON null value. By default, fields with empty
-	// values are omitted from API requests. However, any field with an
-	// empty value appearing in NullFields will be sent to the server as
-	// null. It is an error if a field in this list has a non-empty value.
-	// This may be used to include null fields in Patch requests.
-	NullFields []string `json:"-"`
-}
-
-func (s *BucketAutoclass) MarshalJSON() ([]byte, error) {
-	type NoMethod BucketAutoclass
-	raw := NoMethod(*s)
-	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
-}
-
-// BucketBilling: The bucket's billing configuration.
-type BucketBilling struct {
-	// RequesterPays: When set to true, Requester Pays is enabled for this
-	// bucket.
-	RequesterPays bool `json:"requesterPays,omitempty"`
-
-	// ForceSendFields is a list of field names (e.g. "RequesterPays") to
-	// unconditionally include in API requests. By default, fields with
-	// empty or default values are omitted from API requests. However, any
-	// non-pointer, non-interface field appearing in ForceSendFields will be
-	// sent to the server regardless of whether the field is empty or not.
-	// This may be used to include empty fields in Patch requests.
-	ForceSendFields []string `json:"-"`
-
-	// NullFields is a list of field names (e.g. "RequesterPays") to include
-	// in API requests with the JSON null value. By default, fields with
-	// empty values are omitted from API requests. However, any field with
-	// an empty value appearing in NullFields will be sent to the server as
-	// null. It is an error if a field in this list has a non-empty value.
-	// This may be used to include null fields in Patch requests.
-	NullFields []string `json:"-"`
-}
-
-func (s *BucketBilling) MarshalJSON() ([]byte, error) {
-	type NoMethod BucketBilling
-	raw := NoMethod(*s)
-	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
-}
-
-type BucketCors struct {
-	// MaxAgeSeconds: The value, in seconds, to return in the
-	// Access-Control-Max-Age header used in preflight responses.
-	MaxAgeSeconds int64 `json:"maxAgeSeconds,omitempty"`
-
-	// Method: The list of HTTP methods on which to include CORS response
-	// headers, (GET, OPTIONS, POST, etc) Note: "*" is permitted in the list
-	// of methods, and means "any method".
-	Method []string `json:"method,omitempty"`
-
-	// Origin: The list of Origins eligible to receive CORS response
-	// headers. Note: "*" is permitted in the list of origins, and means
-	// "any Origin".
-	Origin []string `json:"origin,omitempty"`
-
-	// ResponseHeader: The list of HTTP headers other than the simple
-	// response headers to give permission for the user-agent to share
-	// across domains.
-	ResponseHeader []string `json:"responseHeader,omitempty"`
-
-	// ForceSendFields is a list of field names (e.g. "MaxAgeSeconds") to
-	// unconditionally include in API requests. By default, fields with
-	// empty or default values are omitted from API requests. However, any
-	// non-pointer, non-interface field appearing in ForceSendFields will be
-	// sent to the server regardless of whether the field is empty or not.
-	// This may be used to include empty fields in Patch requests.
-	ForceSendFields []string `json:"-"`
-
-	// NullFields is a list of field names (e.g. "MaxAgeSeconds") to include
-	// in API requests with the JSON null value. By default, fields with
-	// empty values are omitted from API requests. However, any field with
-	// an empty value appearing in NullFields will be sent to the server as
-	// null. It is an error if a field in this list has a non-empty value.
-	// This may be used to include null fields in Patch requests.
-	NullFields []string `json:"-"`
-}
-
-func (s *BucketCors) MarshalJSON() ([]byte, error) {
-	type NoMethod BucketCors
-	raw := NoMethod(*s)
-	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
-}
-
-// BucketCustomPlacementConfig: The bucket's custom placement
-// configuration for Custom Dual Regions.
-type BucketCustomPlacementConfig struct {
-	// DataLocations: The list of regional locations in which data is
-	// placed.
-	DataLocations []string `json:"dataLocations,omitempty"`
-
-	// ForceSendFields is a list of field names (e.g. "DataLocations") to
-	// unconditionally include in API requests. By default, fields with
-	// empty or default values are omitted from API requests. However, any
-	// non-pointer, non-interface field appearing in ForceSendFields will be
-	// sent to the server regardless of whether the field is empty or not.
-	// This may be used to include empty fields in Patch requests.
-	ForceSendFields []string `json:"-"`
-
-	// NullFields is a list of field names (e.g. "DataLocations") to include
-	// in API requests with the JSON null value. By default, fields with
-	// empty values are omitted from API requests. However, any field with
-	// an empty value appearing in NullFields will be sent to the server as
-	// null. It is an error if a field in this list has a non-empty value.
-	// This may be used to include null fields in Patch requests.
-	NullFields []string `json:"-"`
-}
-
-func (s *BucketCustomPlacementConfig) MarshalJSON() ([]byte, error) {
-	type NoMethod BucketCustomPlacementConfig
-	raw := NoMethod(*s)
-	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
-}
-
-// BucketEncryption: Encryption configuration for a bucket.
-type BucketEncryption struct {
-	// DefaultKmsKeyName: A Cloud KMS key that will be used to encrypt
-	// objects inserted into this bucket, if no encryption method is
-	// specified.
-	DefaultKmsKeyName string `json:"defaultKmsKeyName,omitempty"`
-
-	// ForceSendFields is a list of field names (e.g. "DefaultKmsKeyName")
-	// to unconditionally include in API requests. By default, fields with
-	// empty or default values are omitted from API requests. However, any
-	// non-pointer, non-interface field appearing in ForceSendFields will be
-	// sent to the server regardless of whether the field is empty or not.
-	// This may be used to include empty fields in Patch requests.
-	ForceSendFields []string `json:"-"`
-
-	// NullFields is a list of field names (e.g. "DefaultKmsKeyName") to
-	// include in API requests with the JSON null value. By default, fields
-	// with empty values are omitted from API requests. However, any field
-	// with an empty value appearing in NullFields will be sent to the
-	// server as null. It is an error if a field in this list has a
-	// non-empty value. This may be used to include null fields in Patch
-	// requests.
-	NullFields []string `json:"-"`
-}
-
-func (s *BucketEncryption) MarshalJSON() ([]byte, error) {
-	type NoMethod BucketEncryption
-	raw := NoMethod(*s)
-	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
-}
-
-// BucketIamConfiguration: The bucket's IAM configuration.
-type BucketIamConfiguration struct {
-	// BucketPolicyOnly: The bucket's uniform bucket-level access
-	// configuration. The feature was formerly known as Bucket Policy Only.
-	// For backward compatibility, this field will be populated with
-	// identical information as the uniformBucketLevelAccess field. We
-	// recommend using the uniformBucketLevelAccess field to enable and
-	// disable the feature.
-	BucketPolicyOnly *BucketIamConfigurationBucketPolicyOnly `json:"bucketPolicyOnly,omitempty"`
-
-	// PublicAccessPrevention: The bucket's Public Access Prevention
-	// configuration. Currently, 'inherited' and 'enforced' are supported.
-	PublicAccessPrevention string `json:"publicAccessPrevention,omitempty"`
-
-	// UniformBucketLevelAccess: The bucket's uniform bucket-level access
-	// configuration.
-	UniformBucketLevelAccess *BucketIamConfigurationUniformBucketLevelAccess `json:"uniformBucketLevelAccess,omitempty"`
-
-	// ForceSendFields is a list of field names (e.g. "BucketPolicyOnly") to
-	// unconditionally include in API requests. By default, fields with
-	// empty or default values are omitted from API requests. However, any
-	// non-pointer, non-interface field appearing in ForceSendFields will be
-	// sent to the server regardless of whether the field is empty or not.
-	// This may be used to include empty fields in Patch requests.
-	ForceSendFields []string `json:"-"`
-
-	// NullFields is a list of field names (e.g. "BucketPolicyOnly") to
-	// include in API requests with the JSON null value. By default, fields
-	// with empty values are omitted from API requests. However, any field
-	// with an empty value appearing in NullFields will be sent to the
-	// server as null. It is an error if a field in this list has a
-	// non-empty value. This may be used to include null fields in Patch
-	// requests.
-	NullFields []string `json:"-"`
-}
-
-func (s *BucketIamConfiguration) MarshalJSON() ([]byte, error) {
-	type NoMethod BucketIamConfiguration
-	raw := NoMethod(*s)
-	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
-}
-
-// BucketIamConfigurationBucketPolicyOnly: The bucket's uniform
-// bucket-level access configuration. The feature was formerly known as
-// Bucket Policy Only. For backward compatibility, this field will be
-// populated with identical information as the uniformBucketLevelAccess
-// field. We recommend using the uniformBucketLevelAccess field to
-// enable and disable the feature.
-type BucketIamConfigurationBucketPolicyOnly struct {
-	// Enabled: If set, access is controlled only by bucket-level or above
-	// IAM policies.
-	Enabled bool `json:"enabled,omitempty"`
-
-	// LockedTime: The deadline for changing
-	// iamConfiguration.bucketPolicyOnly.enabled from true to false in RFC
-	// 3339 format. iamConfiguration.bucketPolicyOnly.enabled may be changed
-	// from true to false until the locked time, after which the field is
-	// immutable.
-	LockedTime string `json:"lockedTime,omitempty"`
-
-	// ForceSendFields is a list of field names (e.g. "Enabled") to
-	// unconditionally include in API requests. By default, fields with
-	// empty or default values are omitted from API requests. However, any
-	// non-pointer, non-interface field appearing in ForceSendFields will be
-	// sent to the server regardless of whether the field is empty or not.
-	// This may be used to include empty fields in Patch requests.
-	ForceSendFields []string `json:"-"`
-
-	// NullFields is a list of field names (e.g. "Enabled") to include in
-	// API requests with the JSON null value. By default, fields with empty
-	// values are omitted from API requests. However, any field with an
-	// empty value appearing in NullFields will be sent to the server as
-	// null. It is an error if a field in this list has a non-empty value.
-	// This may be used to include null fields in Patch requests.
-	NullFields []string `json:"-"`
-}
-
-func (s *BucketIamConfigurationBucketPolicyOnly) MarshalJSON() ([]byte, error) {
-	type NoMethod BucketIamConfigurationBucketPolicyOnly
-	raw := NoMethod(*s)
-	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
-}
-
-// BucketIamConfigurationUniformBucketLevelAccess: The bucket's uniform
-// bucket-level access configuration.
-type BucketIamConfigurationUniformBucketLevelAccess struct {
-	// Enabled: If set, access is controlled only by bucket-level or above
-	// IAM policies.
-	Enabled bool `json:"enabled,omitempty"`
-
-	// LockedTime: The deadline for changing
-	// iamConfiguration.uniformBucketLevelAccess.enabled from true to false
-	// in RFC 3339  format.
-	// iamConfiguration.uniformBucketLevelAccess.enabled may be changed from
-	// true to false until the locked time, after which the field is
-	// immutable.
-	LockedTime string `json:"lockedTime,omitempty"`
-
-	// ForceSendFields is a list of field names (e.g. "Enabled") to
-	// unconditionally include in API requests. By default, fields with
-	// empty or default values are omitted from API requests. However, any
-	// non-pointer, non-interface field appearing in ForceSendFields will be
-	// sent to the server regardless of whether the field is empty or not.
-	// This may be used to include empty fields in Patch requests.
-	ForceSendFields []string `json:"-"`
-
-	// NullFields is a list of field names (e.g. "Enabled") to include in
-	// API requests with the JSON null value. By default, fields with empty
-	// values are omitted from API requests. However, any field with an
-	// empty value appearing in NullFields will be sent to the server as
-	// null. It is an error if a field in this list has a non-empty value.
-	// This may be used to include null fields in Patch requests.
-	NullFields []string `json:"-"`
-}
-
-func (s *BucketIamConfigurationUniformBucketLevelAccess) MarshalJSON() ([]byte, error) {
-	type NoMethod BucketIamConfigurationUniformBucketLevelAccess
-	raw := NoMethod(*s)
-	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
-}
-
-// BucketLifecycle: The bucket's lifecycle configuration. See lifecycle
-// management for more information.
-type BucketLifecycle struct {
-	// Rule: A lifecycle management rule, which is made of an action to take
-	// and the condition(s) under which the action will be taken.
-	Rule []*BucketLifecycleRule `json:"rule,omitempty"`
-
-	// ForceSendFields is a list of field names (e.g. "Rule") to
-	// unconditionally include in API requests. By default, fields with
-	// empty or default values are omitted from API requests. However, any
-	// non-pointer, non-interface field appearing in ForceSendFields will be
-	// sent to the server regardless of whether the field is empty or not.
-	// This may be used to include empty fields in Patch requests.
-	ForceSendFields []string `json:"-"`
-
-	// NullFields is a list of field names (e.g. "Rule") to include in API
-	// requests with the JSON null value. By default, fields with empty
-	// values are omitted from API requests. However, any field with an
-	// empty value appearing in NullFields will be sent to the server as
-	// null. It is an error if a field in this list has a non-empty value.
-	// This may be used to include null fields in Patch requests.
-	NullFields []string `json:"-"`
-}
-
-func (s *BucketLifecycle) MarshalJSON() ([]byte, error) {
-	type NoMethod BucketLifecycle
-	raw := NoMethod(*s)
-	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
-}
-
-type BucketLifecycleRule struct {
-	// Action: The action to take.
-	Action *BucketLifecycleRuleAction `json:"action,omitempty"`
-
-	// Condition: The condition(s) under which the action will be taken.
-	Condition *BucketLifecycleRuleCondition `json:"condition,omitempty"`
-
-	// ForceSendFields is a list of field names (e.g. "Action") to
-	// unconditionally include in API requests. By default, fields with
-	// empty or default values are omitted from API requests. However, any
-	// non-pointer, non-interface field appearing in ForceSendFields will be
-	// sent to the server regardless of whether the field is empty or not.
-	// This may be used to include empty fields in Patch requests.
-	ForceSendFields []string `json:"-"`
-
-	// NullFields is a list of field names (e.g. "Action") to include in API
-	// requests with the JSON null value. By default, fields with empty
-	// values are omitted from API requests. However, any field with an
-	// empty value appearing in NullFields will be sent to the server as
-	// null. It is an error if a field in this list has a non-empty value.
-	// This may be used to include null fields in Patch requests.
-	NullFields []string `json:"-"`
-}
-
-func (s *BucketLifecycleRule) MarshalJSON() ([]byte, error) {
-	type NoMethod BucketLifecycleRule
-	raw := NoMethod(*s)
-	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
-}
-
-// BucketLifecycleRuleAction: The action to take.
-type BucketLifecycleRuleAction struct {
-	// StorageClass: Target storage class. Required iff the type of the
-	// action is SetStorageClass.
-	StorageClass string `json:"storageClass,omitempty"`
-
-	// Type: Type of the action. Currently, only Delete, SetStorageClass,
-	// and AbortIncompleteMultipartUpload are supported.
-	Type string `json:"type,omitempty"`
-
-	// ForceSendFields is a list of field names (e.g. "StorageClass") to
-	// unconditionally include in API requests. By default, fields with
-	// empty or default values are omitted from API requests. However, any
-	// non-pointer, non-interface field appearing in ForceSendFields will be
-	// sent to the server regardless of whether the field is empty or not.
-	// This may be used to include empty fields in Patch requests.
-	ForceSendFields []string `json:"-"`
-
-	// NullFields is a list of field names (e.g. "StorageClass") to include
-	// in API requests with the JSON null value. By default, fields with
-	// empty values are omitted from API requests. However, any field with
-	// an empty value appearing in NullFields will be sent to the server as
-	// null. It is an error if a field in this list has a non-empty value.
-	// This may be used to include null fields in Patch requests.
-	NullFields []string `json:"-"`
-}
-
-func (s *BucketLifecycleRuleAction) MarshalJSON() ([]byte, error) {
-	type NoMethod BucketLifecycleRuleAction
-	raw := NoMethod(*s)
-	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
-}
-
-// BucketLifecycleRuleCondition: The condition(s) under which the action
-// will be taken.
-type BucketLifecycleRuleCondition struct {
-	// Age: Age of an object (in days). This condition is satisfied when an
-	// object reaches the specified age.
-	Age *int64 `json:"age,omitempty"`
-
-	// CreatedBefore: A date in RFC 3339 format with only the date part (for
-	// instance, "2013-01-15"). This condition is satisfied when an object
-	// is created before midnight of the specified date in UTC.
-	CreatedBefore string `json:"createdBefore,omitempty"`
-
-	// CustomTimeBefore: A date in RFC 3339 format with only the date part
-	// (for instance, "2013-01-15"). This condition is satisfied when the
-	// custom time on an object is before this date in UTC.
-	CustomTimeBefore string `json:"customTimeBefore,omitempty"`
-
-	// DaysSinceCustomTime: Number of days elapsed since the user-specified
-	// timestamp set on an object. The condition is satisfied if the days
-	// elapsed is at least this number. If no custom timestamp is specified
-	// on an object, the condition does not apply.
-	DaysSinceCustomTime int64 `json:"daysSinceCustomTime,omitempty"`
-
-	// DaysSinceNoncurrentTime: Number of days elapsed since the noncurrent
-	// timestamp of an object. The condition is satisfied if the days
-	// elapsed is at least this number. This condition is relevant only for
-	// versioned objects. The value of the field must be a nonnegative
-	// integer. If it's zero, the object version will become eligible for
-	// Lifecycle action as soon as it becomes noncurrent.
-	DaysSinceNoncurrentTime int64 `json:"daysSinceNoncurrentTime,omitempty"`
-
-	// IsLive: Relevant only for versioned objects. If the value is true,
-	// this condition matches live objects; if the value is false, it
-	// matches archived objects.
-	IsLive *bool `json:"isLive,omitempty"`
-
-	// MatchesPattern: A regular expression that satisfies the RE2 syntax.
-	// This condition is satisfied when the name of the object matches the
-	// RE2 pattern. Note: This feature is currently in the "Early Access"
-	// launch stage and is only available to a whitelisted set of users;
-	// that means that this feature may be changed in backward-incompatible
-	// ways and that it is not guaranteed to be released.
-	MatchesPattern string `json:"matchesPattern,omitempty"`
-
-	// MatchesPrefix: List of object name prefixes. This condition will be
-	// satisfied when at least one of the prefixes exactly matches the
-	// beginning of the object name.
-	MatchesPrefix []string `json:"matchesPrefix,omitempty"`
-
-	// MatchesStorageClass: Objects having any of the storage classes
-	// specified by this condition will be matched. Values include
-	// MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, ARCHIVE, STANDARD, and
-	// DURABLE_REDUCED_AVAILABILITY.
-	MatchesStorageClass []string `json:"matchesStorageClass,omitempty"`
-
-	// MatchesSuffix: List of object name suffixes. This condition will be
-	// satisfied when at least one of the suffixes exactly matches the end
-	// of the object name.
-	MatchesSuffix []string `json:"matchesSuffix,omitempty"`
-
-	// NoncurrentTimeBefore: A date in RFC 3339 format with only the date
-	// part (for instance, "2013-01-15"). This condition is satisfied when
-	// the noncurrent time on an object is before this date in UTC. This
-	// condition is relevant only for versioned objects.
-	NoncurrentTimeBefore string `json:"noncurrentTimeBefore,omitempty"`
-
-	// NumNewerVersions: Relevant only for versioned objects. If the value
-	// is N, this condition is satisfied when there are at least N versions
-	// (including the live version) newer than this version of the object.
-	NumNewerVersions int64 `json:"numNewerVersions,omitempty"`
-
-	// ForceSendFields is a list of field names (e.g. "Age") to
-	// unconditionally include in API requests. By default, fields with
-	// empty or default values are omitted from API requests. However, any
-	// non-pointer, non-interface field appearing in ForceSendFields will be
-	// sent to the server regardless of whether the field is empty or not.
-	// This may be used to include empty fields in Patch requests.
-	ForceSendFields []string `json:"-"`
-
-	// NullFields is a list of field names (e.g. "Age") to include in API
-	// requests with the JSON null value. By default, fields with empty
-	// values are omitted from API requests. However, any field with an
-	// empty value appearing in NullFields will be sent to the server as
-	// null. It is an error if a field in this list has a non-empty value.
-	// This may be used to include null fields in Patch requests.
-	NullFields []string `json:"-"`
-}
-
-func (s *BucketLifecycleRuleCondition) MarshalJSON() ([]byte, error) {
-	type NoMethod BucketLifecycleRuleCondition
-	raw := NoMethod(*s)
-	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
-}
-
-// BucketLogging: The bucket's logging configuration, which defines the
-// destination bucket and optional name prefix for the current bucket's
-// logs.
-type BucketLogging struct {
-	// LogBucket: The destination bucket where the current bucket's logs
-	// should be placed.
-	LogBucket string `json:"logBucket,omitempty"`
-
-	// LogObjectPrefix: A prefix for log object names.
-	LogObjectPrefix string `json:"logObjectPrefix,omitempty"`
-
-	// ForceSendFields is a list of field names (e.g. "LogBucket") to
-	// unconditionally include in API requests. By default, fields with
-	// empty or default values are omitted from API requests. However, any
-	// non-pointer, non-interface field appearing in ForceSendFields will be
-	// sent to the server regardless of whether the field is empty or not.
-	// This may be used to include empty fields in Patch requests.
-	ForceSendFields []string `json:"-"`
-
-	// NullFields is a list of field names (e.g. "LogBucket") to include in
-	// API requests with the JSON null value. By default, fields with empty
-	// values are omitted from API requests. However, any field with an
-	// empty value appearing in NullFields will be sent to the server as
-	// null. It is an error if a field in this list has a non-empty value.
-	// This may be used to include null fields in Patch requests.
-	NullFields []string `json:"-"`
-}
-
-func (s *BucketLogging) MarshalJSON() ([]byte, error) {
-	type NoMethod BucketLogging
-	raw := NoMethod(*s)
-	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
-}
-
-// BucketOwner: The owner of the bucket. This is always the project
-// team's owner group.
-type BucketOwner struct {
-	// Entity: The entity, in the form project-owner-projectId.
-	Entity string `json:"entity,omitempty"`
-
-	// EntityId: The ID for the entity.
-	EntityId string `json:"entityId,omitempty"`
-
-	// ForceSendFields is a list of field names (e.g. "Entity") to
-	// unconditionally include in API requests. By default, fields with
-	// empty or default values are omitted from API requests. However, any
-	// non-pointer, non-interface field appearing in ForceSendFields will be
-	// sent to the server regardless of whether the field is empty or not.
-	// This may be used to include empty fields in Patch requests.
-	ForceSendFields []string `json:"-"`
-
-	// NullFields is a list of field names (e.g. "Entity") to include in API
-	// requests with the JSON null value. By default, fields with empty
-	// values are omitted from API requests. However, any field with an
-	// empty value appearing in NullFields will be sent to the server as
-	// null. It is an error if a field in this list has a non-empty value.
-	// This may be used to include null fields in Patch requests.
-	NullFields []string `json:"-"`
-}
-
-func (s *BucketOwner) MarshalJSON() ([]byte, error) {
-	type NoMethod BucketOwner
-	raw := NoMethod(*s)
-	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
-}
-
-// BucketRetentionPolicy: The bucket's retention policy. The retention
-// policy enforces a minimum retention time for all objects contained in
-// the bucket, based on their creation time. Any attempt to overwrite or
-// delete objects younger than the retention period will result in a
-// PERMISSION_DENIED error. An unlocked retention policy can be modified
-// or removed from the bucket via a storage.buckets.update operation. A
-// locked retention policy cannot be removed or shortened in duration
-// for the lifetime of the bucket. Attempting to remove or decrease
-// period of a locked retention policy will result in a
-// PERMISSION_DENIED error.
-type BucketRetentionPolicy struct {
-	// EffectiveTime: Server-determined value that indicates the time from
-	// which policy was enforced and effective. This value is in RFC 3339
-	// format.
-	EffectiveTime string `json:"effectiveTime,omitempty"`
-
-	// IsLocked: Once locked, an object retention policy cannot be modified.
-	IsLocked bool `json:"isLocked,omitempty"`
-
-	// RetentionPeriod: The duration in seconds that objects need to be
-	// retained. Retention duration must be greater than zero and less than
-	// 100 years. Note that enforcement of retention periods less than a day
-	// is not guaranteed. Such periods should only be used for testing
-	// purposes.
-	RetentionPeriod int64 `json:"retentionPeriod,omitempty,string"`
-
-	// ForceSendFields is a list of field names (e.g. "EffectiveTime") to
-	// unconditionally include in API requests. By default, fields with
-	// empty or default values are omitted from API requests. However, any
-	// non-pointer, non-interface field appearing in ForceSendFields will be
-	// sent to the server regardless of whether the field is empty or not.
-	// This may be used to include empty fields in Patch requests.
-	ForceSendFields []string `json:"-"`
-
-	// NullFields is a list of field names (e.g. "EffectiveTime") to include
-	// in API requests with the JSON null value. By default, fields with
-	// empty values are omitted from API requests. However, any field with
-	// an empty value appearing in NullFields will be sent to the server as
-	// null. It is an error if a field in this list has a non-empty value.
-	// This may be used to include null fields in Patch requests.
-	NullFields []string `json:"-"`
-}
-
-func (s *BucketRetentionPolicy) MarshalJSON() ([]byte, error) {
-	type NoMethod BucketRetentionPolicy
-	raw := NoMethod(*s)
-	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
-}
-
-// BucketVersioning: The bucket's versioning configuration.
-type BucketVersioning struct {
-	// Enabled: While set to true, versioning is fully enabled for this
-	// bucket.
-	Enabled bool `json:"enabled,omitempty"`
-
-	// ForceSendFields is a list of field names (e.g. "Enabled") to
-	// unconditionally include in API requests. By default, fields with
-	// empty or default values are omitted from API requests. However, any
-	// non-pointer, non-interface field appearing in ForceSendFields will be
-	// sent to the server regardless of whether the field is empty or not.
-	// This may be used to include empty fields in Patch requests.
-	ForceSendFields []string `json:"-"`
-
-	// NullFields is a list of field names (e.g. "Enabled") to include in
-	// API requests with the JSON null value. By default, fields with empty
-	// values are omitted from API requests. However, any field with an
-	// empty value appearing in NullFields will be sent to the server as
-	// null. It is an error if a field in this list has a non-empty value.
-	// This may be used to include null fields in Patch requests.
-	NullFields []string `json:"-"`
-}
-
-func (s *BucketVersioning) MarshalJSON() ([]byte, error) {
-	type NoMethod BucketVersioning
-	raw := NoMethod(*s)
-	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
-}
-
-// BucketWebsite: The bucket's website configuration, controlling how
-// the service behaves when accessing bucket contents as a web site. See
-// the Static Website Examples for more information.
-type BucketWebsite struct {
-	// MainPageSuffix: If the requested object path is missing, the service
-	// will ensure the path has a trailing '/', append this suffix, and
-	// attempt to retrieve the resulting object. This allows the creation of
-	// index.html objects to represent directory pages.
-	MainPageSuffix string `json:"mainPageSuffix,omitempty"`
-
-	// NotFoundPage: If the requested object path is missing, and any
-	// mainPageSuffix object is missing, if applicable, the service will
-	// return the named object from this bucket as the content for a 404 Not
-	// Found result.
-	NotFoundPage string `json:"notFoundPage,omitempty"`
-
-	// ForceSendFields is a list of field names (e.g. "MainPageSuffix") to
-	// unconditionally include in API requests. By default, fields with
-	// empty or default values are omitted from API requests. However, any
-	// non-pointer, non-interface field appearing in ForceSendFields will be
-	// sent to the server regardless of whether the field is empty or not.
-	// This may be used to include empty fields in Patch requests.
-	ForceSendFields []string `json:"-"`
-
-	// NullFields is a list of field names (e.g. "MainPageSuffix") to
-	// include in API requests with the JSON null value. By default, fields
-	// with empty values are omitted from API requests. However, any field
-	// with an empty value appearing in NullFields will be sent to the
-	// server as null. It is an error if a field in this list has a
-	// non-empty value. This may be used to include null fields in Patch
-	// requests.
-	NullFields []string `json:"-"`
-}
-
-func (s *BucketWebsite) MarshalJSON() ([]byte, error) {
-	type NoMethod BucketWebsite
-	raw := NoMethod(*s)
-	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
-}
-
-// BucketAccessControl: An access-control entry.
-type BucketAccessControl struct {
-	// Bucket: The name of the bucket.
-	Bucket string `json:"bucket,omitempty"`
-
-	// Domain: The domain associated with the entity, if any.
-	Domain string `json:"domain,omitempty"`
-
-	// Email: The email address associated with the entity, if any.
-	Email string `json:"email,omitempty"`
-
-	// Entity: The entity holding the permission, in one of the following
-	// forms:
-	// - user-userId
-	// - user-email
-	// - group-groupId
-	// - group-email
-	// - domain-domain
-	// - project-team-projectId
-	// - allUsers
-	// - allAuthenticatedUsers Examples:
-	// - The user liz@example.com would be user-liz@example.com.
-	// - The group example@googlegroups.com would be
-	// group-example@googlegroups.com.
-	// - To refer to all members of the Google Apps for Business domain
-	// example.com, the entity would be domain-example.com.
-	Entity string `json:"entity,omitempty"`
-
-	// EntityId: The ID for the entity, if any.
-	EntityId string `json:"entityId,omitempty"`
-
-	// Etag: HTTP 1.1 Entity tag for the access-control entry.
-	Etag string `json:"etag,omitempty"`
-
-	// Id: The ID of the access-control entry.
-	Id string `json:"id,omitempty"`
-
-	// Kind: The kind of item this is. For bucket access control entries,
-	// this is always storage#bucketAccessControl.
-	Kind string `json:"kind,omitempty"`
-
-	// ProjectTeam: The project team associated with the entity, if any.
-	ProjectTeam *BucketAccessControlProjectTeam `json:"projectTeam,omitempty"`
-
-	// Role: The access permission for the entity.
-	Role string `json:"role,omitempty"`
-
-	// SelfLink: The link to this access-control entry.
-	SelfLink string `json:"selfLink,omitempty"`
-
-	// ServerResponse contains the HTTP response code and headers from the
-	// server.
-	googleapi.ServerResponse `json:"-"`
-
-	// ForceSendFields is a list of field names (e.g. "Bucket") to
-	// unconditionally include in API requests. By default, fields with
-	// empty or default values are omitted from API requests. However, any
-	// non-pointer, non-interface field appearing in ForceSendFields will be
-	// sent to the server regardless of whether the field is empty or not.
-	// This may be used to include empty fields in Patch requests.
-	ForceSendFields []string `json:"-"`
-
-	// NullFields is a list of field names (e.g. "Bucket") to include in API
-	// requests with the JSON null value. By default, fields with empty
-	// values are omitted from API requests. However, any field with an
-	// empty value appearing in NullFields will be sent to the server as
-	// null. It is an error if a field in this list has a non-empty value.
-	// This may be used to include null fields in Patch requests.
-	NullFields []string `json:"-"`
-}
-
-func (s *BucketAccessControl) MarshalJSON() ([]byte, error) {
-	type NoMethod BucketAccessControl
-	raw := NoMethod(*s)
-	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
-}
-
-// BucketAccessControlProjectTeam: The project team associated with the
-// entity, if any.
-type BucketAccessControlProjectTeam struct {
-	// ProjectNumber: The project number.
-	ProjectNumber string `json:"projectNumber,omitempty"`
-
-	// Team: The team.
-	Team string `json:"team,omitempty"`
-
-	// ForceSendFields is a list of field names (e.g. "ProjectNumber") to
-	// unconditionally include in API requests. By default, fields with
-	// empty or default values are omitted from API requests. However, any
-	// non-pointer, non-interface field appearing in ForceSendFields will be
-	// sent to the server regardless of whether the field is empty or not.
-	// This may be used to include empty fields in Patch requests.
-	ForceSendFields []string `json:"-"`
-
-	// NullFields is a list of field names (e.g. "ProjectNumber") to include
-	// in API requests with the JSON null value. By default, fields with
-	// empty values are omitted from API requests. However, any field with
-	// an empty value appearing in NullFields will be sent to the server as
-	// null. It is an error if a field in this list has a non-empty value.
-	// This may be used to include null fields in Patch requests.
-	NullFields []string `json:"-"`
-}
-
-func (s *BucketAccessControlProjectTeam) MarshalJSON() ([]byte, error) {
-	type NoMethod BucketAccessControlProjectTeam
-	raw := NoMethod(*s)
-	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
-}
-
-// BucketAccessControls: An access-control list.
-type BucketAccessControls struct {
-	// Items: The list of items.
-	Items []*BucketAccessControl `json:"items,omitempty"`
-
-	// Kind: The kind of item this is. For lists of bucket access control
-	// entries, this is always storage#bucketAccessControls.
-	Kind string `json:"kind,omitempty"`
-
-	// ServerResponse contains the HTTP response code and headers from the
-	// server.
-	googleapi.ServerResponse `json:"-"`
-
-	// ForceSendFields is a list of field names (e.g. "Items") to
-	// unconditionally include in API requests. By default, fields with
-	// empty or default values are omitted from API requests. However, any
-	// non-pointer, non-interface field appearing in ForceSendFields will be
-	// sent to the server regardless of whether the field is empty or not.
-	// This may be used to include empty fields in Patch requests.
-	ForceSendFields []string `json:"-"`
-
-	// NullFields is a list of field names (e.g. "Items") to include in API
-	// requests with the JSON null value. By default, fields with empty
-	// values are omitted from API requests. However, any field with an
-	// empty value appearing in NullFields will be sent to the server as
-	// null. It is an error if a field in this list has a non-empty value.
-	// This may be used to include null fields in Patch requests.
-	NullFields []string `json:"-"`
-}
-
-func (s *BucketAccessControls) MarshalJSON() ([]byte, error) {
-	type NoMethod BucketAccessControls
-	raw := NoMethod(*s)
-	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
-}
-
-// Buckets: A list of buckets.
-type Buckets struct {
-	// Items: The list of items.
-	Items []*Bucket `json:"items,omitempty"`
-
-	// Kind: The kind of item this is. For lists of buckets, this is always
-	// storage#buckets.
-	Kind string `json:"kind,omitempty"`
-
-	// NextPageToken: The continuation token, used to page through large
-	// result sets. Provide this value in a subsequent request to return the
-	// next page of results.
-	NextPageToken string `json:"nextPageToken,omitempty"`
-
-	// ServerResponse contains the HTTP response code and headers from the
-	// server.
-	googleapi.ServerResponse `json:"-"`
-
-	// ForceSendFields is a list of field names (e.g. "Items") to
-	// unconditionally include in API requests. By default, fields with
-	// empty or default values are omitted from API requests. However, any
-	// non-pointer, non-interface field appearing in ForceSendFields will be
-	// sent to the server regardless of whether the field is empty or not.
-	// This may be used to include empty fields in Patch requests.
-	ForceSendFields []string `json:"-"`
-
-	// NullFields is a list of field names (e.g. "Items") to include in API
-	// requests with the JSON null value. By default, fields with empty
-	// values are omitted from API requests. However, any field with an
-	// empty value appearing in NullFields will be sent to the server as
-	// null. It is an error if a field in this list has a non-empty value.
-	// This may be used to include null fields in Patch requests.
-	NullFields []string `json:"-"`
-}
-
-func (s *Buckets) MarshalJSON() ([]byte, error) {
-	type NoMethod Buckets
-	raw := NoMethod(*s)
-	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
-}
-
-// Channel: An notification channel used to watch for resource changes.
-type Channel struct {
-	// Address: The address where notifications are delivered for this
-	// channel.
-	Address string `json:"address,omitempty"`
-
-	// Expiration: Date and time of notification channel expiration,
-	// expressed as a Unix timestamp, in milliseconds. Optional.
-	Expiration int64 `json:"expiration,omitempty,string"`
-
-	// Id: A UUID or similar unique string that identifies this channel.
-	Id string `json:"id,omitempty"`
-
-	// Kind: Identifies this as a notification channel used to watch for
-	// changes to a resource, which is "api#channel".
-	Kind string `json:"kind,omitempty"`
-
-	// Params: Additional parameters controlling delivery channel behavior.
-	// Optional.
-	Params map[string]string `json:"params,omitempty"`
-
-	// Payload: A Boolean value to indicate whether payload is wanted.
-	// Optional.
-	Payload bool `json:"payload,omitempty"`
-
-	// ResourceId: An opaque ID that identifies the resource being watched
-	// on this channel. Stable across different API versions.
-	ResourceId string `json:"resourceId,omitempty"`
-
-	// ResourceUri: A version-specific identifier for the watched resource.
-	ResourceUri string `json:"resourceUri,omitempty"`
-
-	// Token: An arbitrary string delivered to the target address with each
-	// notification delivered over this channel. Optional.
-	Token string `json:"token,omitempty"`
-
-	// Type: The type of delivery mechanism used for this channel.
-	Type string `json:"type,omitempty"`
-
-	// ServerResponse contains the HTTP response code and headers from the
-	// server.
-	googleapi.ServerResponse `json:"-"`
-
-	// ForceSendFields is a list of field names (e.g. "Address") to
-	// unconditionally include in API requests. By default, fields with
-	// empty or default values are omitted from API requests. However, any
-	// non-pointer, non-interface field appearing in ForceSendFields will be
-	// sent to the server regardless of whether the field is empty or not.
-	// This may be used to include empty fields in Patch requests.
-	ForceSendFields []string `json:"-"`
-
-	// NullFields is a list of field names (e.g. "Address") to include in
-	// API requests with the JSON null value. By default, fields with empty
-	// values are omitted from API requests. However, any field with an
-	// empty value appearing in NullFields will be sent to the server as
-	// null. It is an error if a field in this list has a non-empty value.
-	// This may be used to include null fields in Patch requests.
-	NullFields []string `json:"-"`
-}
-
-func (s *Channel) MarshalJSON() ([]byte, error) {
-	type NoMethod Channel
-	raw := NoMethod(*s)
-	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
-}
-
-// ComposeRequest: A Compose request.
-type ComposeRequest struct {
-	// Destination: Properties of the resulting object.
-	Destination *Object `json:"destination,omitempty"`
-
-	// Kind: The kind of item this is.
-	Kind string `json:"kind,omitempty"`
-
-	// SourceObjects: The list of source objects that will be concatenated
-	// into a single object.
-	SourceObjects []*ComposeRequestSourceObjects `json:"sourceObjects,omitempty"`
-
-	// ForceSendFields is a list of field names (e.g. "Destination") to
-	// unconditionally include in API requests. By default, fields with
-	// empty or default values are omitted from API requests. However, any
-	// non-pointer, non-interface field appearing in ForceSendFields will be
-	// sent to the server regardless of whether the field is empty or not.
-	// This may be used to include empty fields in Patch requests.
-	ForceSendFields []string `json:"-"`
-
-	// NullFields is a list of field names (e.g. "Destination") to include
-	// in API requests with the JSON null value. By default, fields with
-	// empty values are omitted from API requests. However, any field with
-	// an empty value appearing in NullFields will be sent to the server as
-	// null. It is an error if a field in this list has a non-empty value.
-	// This may be used to include null fields in Patch requests.
-	NullFields []string `json:"-"`
-}
-
-func (s *ComposeRequest) MarshalJSON() ([]byte, error) {
-	type NoMethod ComposeRequest
-	raw := NoMethod(*s)
-	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
-}
-
-type ComposeRequestSourceObjects struct {
-	// Generation: The generation of this object to use as the source.
-	Generation int64 `json:"generation,omitempty,string"`
-
-	// Name: The source object's name. All source objects must reside in the
-	// same bucket.
-	Name string `json:"name,omitempty"`
-
-	// ObjectPreconditions: Conditions that must be met for this operation
-	// to execute.
-	ObjectPreconditions *ComposeRequestSourceObjectsObjectPreconditions `json:"objectPreconditions,omitempty"`
-
-	// ForceSendFields is a list of field names (e.g. "Generation") to
-	// unconditionally include in API requests. By default, fields with
-	// empty or default values are omitted from API requests. However, any
-	// non-pointer, non-interface field appearing in ForceSendFields will be
-	// sent to the server regardless of whether the field is empty or not.
-	// This may be used to include empty fields in Patch requests.
-	ForceSendFields []string `json:"-"`
-
-	// NullFields is a list of field names (e.g. "Generation") to include in
-	// API requests with the JSON null value. By default, fields with empty
-	// values are omitted from API requests. However, any field with an
-	// empty value appearing in NullFields will be sent to the server as
-	// null. It is an error if a field in this list has a non-empty value.
-	// This may be used to include null fields in Patch requests.
-	NullFields []string `json:"-"`
-}
-
-func (s *ComposeRequestSourceObjects) MarshalJSON() ([]byte, error) {
-	type NoMethod ComposeRequestSourceObjects
-	raw := NoMethod(*s)
-	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
-}
-
-// ComposeRequestSourceObjectsObjectPreconditions: Conditions that must
-// be met for this operation to execute.
-type ComposeRequestSourceObjectsObjectPreconditions struct {
-	// IfGenerationMatch: Only perform the composition if the generation of
-	// the source object that would be used matches this value. If this
-	// value and a generation are both specified, they must be the same
-	// value or the call will fail.
-	IfGenerationMatch int64 `json:"ifGenerationMatch,omitempty,string"`
-
-	// ForceSendFields is a list of field names (e.g. "IfGenerationMatch")
-	// to unconditionally include in API requests. By default, fields with
-	// empty or default values are omitted from API requests. However, any
-	// non-pointer, non-interface field appearing in ForceSendFields will be
-	// sent to the server regardless of whether the field is empty or not.
-	// This may be used to include empty fields in Patch requests.
-	ForceSendFields []string `json:"-"`
-
-	// NullFields is a list of field names (e.g. "IfGenerationMatch") to
-	// include in API requests with the JSON null value. By default, fields
-	// with empty values are omitted from API requests. However, any field
-	// with an empty value appearing in NullFields will be sent to the
-	// server as null. It is an error if a field in this list has a
-	// non-empty value. This may be used to include null fields in Patch
-	// requests.
-	NullFields []string `json:"-"`
-}
-
-func (s *ComposeRequestSourceObjectsObjectPreconditions) MarshalJSON() ([]byte, error) {
-	type NoMethod ComposeRequestSourceObjectsObjectPreconditions
-	raw := NoMethod(*s)
-	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
-}
-
-// Expr: Represents an expression text. Example: title: "User account
-// presence" description: "Determines whether the request has a user
-// account" expression: "size(request.user) > 0"
-type Expr struct {
-	// Description: An optional description of the expression. This is a
-	// longer text which describes the expression, e.g. when hovered over it
-	// in a UI.
-	Description string `json:"description,omitempty"`
-
-	// Expression: Textual representation of an expression in Common
-	// Expression Language syntax. The application context of the containing
-	// message determines which well-known feature set of CEL is supported.
-	Expression string `json:"expression,omitempty"`
-
-	// Location: An optional string indicating the location of the
-	// expression for error reporting, e.g. a file name and a position in
-	// the file.
-	Location string `json:"location,omitempty"`
-
-	// Title: An optional title for the expression, i.e. a short string
-	// describing its purpose. This can be used e.g. in UIs which allow to
-	// enter the expression.
-	Title string `json:"title,omitempty"`
-
-	// ForceSendFields is a list of field names (e.g. "Description") to
-	// unconditionally include in API requests. By default, fields with
-	// empty or default values are omitted from API requests. However, any
-	// non-pointer, non-interface field appearing in ForceSendFields will be
-	// sent to the server regardless of whether the field is empty or not.
-	// This may be used to include empty fields in Patch requests.
-	ForceSendFields []string `json:"-"`
-
-	// NullFields is a list of field names (e.g. "Description") to include
-	// in API requests with the JSON null value. By default, fields with
-	// empty values are omitted from API requests. However, any field with
-	// an empty value appearing in NullFields will be sent to the server as
-	// null. It is an error if a field in this list has a non-empty value.
-	// This may be used to include null fields in Patch requests.
-	NullFields []string `json:"-"`
-}
-
-func (s *Expr) MarshalJSON() ([]byte, error) {
-	type NoMethod Expr
-	raw := NoMethod(*s)
-	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
-}
-
-// HmacKey: JSON template to produce a JSON-style HMAC Key resource for
-// Create responses.
-type HmacKey struct {
-	// Kind: The kind of item this is. For HMAC keys, this is always
-	// storage#hmacKey.
-	Kind string `json:"kind,omitempty"`
-
-	// Metadata: Key metadata.
-	Metadata *HmacKeyMetadata `json:"metadata,omitempty"`
-
-	// Secret: HMAC secret key material.
-	Secret string `json:"secret,omitempty"`
-
-	// ServerResponse contains the HTTP response code and headers from the
-	// server.
-	googleapi.ServerResponse `json:"-"`
-
-	// ForceSendFields is a list of field names (e.g. "Kind") to
-	// unconditionally include in API requests. By default, fields with
-	// empty or default values are omitted from API requests. However, any
-	// non-pointer, non-interface field appearing in ForceSendFields will be
-	// sent to the server regardless of whether the field is empty or not.
-	// This may be used to include empty fields in Patch requests.
-	ForceSendFields []string `json:"-"`
-
-	// NullFields is a list of field names (e.g. "Kind") to include in API
-	// requests with the JSON null value. By default, fields with empty
-	// values are omitted from API requests. However, any field with an
-	// empty value appearing in NullFields will be sent to the server as
-	// null. It is an error if a field in this list has a non-empty value.
-	// This may be used to include null fields in Patch requests.
-	NullFields []string `json:"-"`
-}
-
-func (s *HmacKey) MarshalJSON() ([]byte, error) {
-	type NoMethod HmacKey
-	raw := NoMethod(*s)
-	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
-}
-
-// HmacKeyMetadata: JSON template to produce a JSON-style HMAC Key
-// metadata resource.
-type HmacKeyMetadata struct {
-	// AccessId: The ID of the HMAC Key.
-	AccessId string `json:"accessId,omitempty"`
-
-	// Etag: HTTP 1.1 Entity tag for the HMAC key.
-	Etag string `json:"etag,omitempty"`
-
-	// Id: The ID of the HMAC key, including the Project ID and the Access
-	// ID.
-	Id string `json:"id,omitempty"`
-
-	// Kind: The kind of item this is. For HMAC Key metadata, this is always
-	// storage#hmacKeyMetadata.
-	Kind string `json:"kind,omitempty"`
-
-	// ProjectId: Project ID owning the service account to which the key
-	// authenticates.
-	ProjectId string `json:"projectId,omitempty"`
-
-	// SelfLink: The link to this resource.
-	SelfLink string `json:"selfLink,omitempty"`
-
-	// ServiceAccountEmail: The email address of the key's associated
-	// service account.
-	ServiceAccountEmail string `json:"serviceAccountEmail,omitempty"`
-
-	// State: The state of the key. Can be one of ACTIVE, INACTIVE, or
-	// DELETED.
-	State string `json:"state,omitempty"`
-
-	// TimeCreated: The creation time of the HMAC key in RFC 3339 format.
-	TimeCreated string `json:"timeCreated,omitempty"`
-
-	// Updated: The last modification time of the HMAC key metadata in RFC
-	// 3339 format.
-	Updated string `json:"updated,omitempty"`
-
-	// ServerResponse contains the HTTP response code and headers from the
-	// server.
-	googleapi.ServerResponse `json:"-"`
-
-	// ForceSendFields is a list of field names (e.g. "AccessId") to
-	// unconditionally include in API requests. By default, fields with
-	// empty or default values are omitted from API requests. However, any
-	// non-pointer, non-interface field appearing in ForceSendFields will be
-	// sent to the server regardless of whether the field is empty or not.
-	// This may be used to include empty fields in Patch requests.
-	ForceSendFields []string `json:"-"`
-
-	// NullFields is a list of field names (e.g. "AccessId") to include in
-	// API requests with the JSON null value. By default, fields with empty
-	// values are omitted from API requests. However, any field with an
-	// empty value appearing in NullFields will be sent to the server as
-	// null. It is an error if a field in this list has a non-empty value.
-	// This may be used to include null fields in Patch requests.
-	NullFields []string `json:"-"`
-}
-
-func (s *HmacKeyMetadata) MarshalJSON() ([]byte, error) {
-	type NoMethod HmacKeyMetadata
-	raw := NoMethod(*s)
-	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
-}
-
-// HmacKeysMetadata: A list of hmacKeys.
-type HmacKeysMetadata struct {
-	// Items: The list of items.
-	Items []*HmacKeyMetadata `json:"items,omitempty"`
-
-	// Kind: The kind of item this is. For lists of hmacKeys, this is always
-	// storage#hmacKeysMetadata.
-	Kind string `json:"kind,omitempty"`
-
-	// NextPageToken: The continuation token, used to page through large
-	// result sets. Provide this value in a subsequent request to return the
-	// next page of results.
-	NextPageToken string `json:"nextPageToken,omitempty"`
-
-	// ServerResponse contains the HTTP response code and headers from the
-	// server.
-	googleapi.ServerResponse `json:"-"`
-
-	// ForceSendFields is a list of field names (e.g. "Items") to
-	// unconditionally include in API requests. By default, fields with
-	// empty or default values are omitted from API requests. However, any
-	// non-pointer, non-interface field appearing in ForceSendFields will be
-	// sent to the server regardless of whether the field is empty or not.
-	// This may be used to include empty fields in Patch requests.
-	ForceSendFields []string `json:"-"`
-
-	// NullFields is a list of field names (e.g. "Items") to include in API
-	// requests with the JSON null value. By default, fields with empty
-	// values are omitted from API requests. However, any field with an
-	// empty value appearing in NullFields will be sent to the server as
-	// null. It is an error if a field in this list has a non-empty value.
-	// This may be used to include null fields in Patch requests.
-	NullFields []string `json:"-"`
-}
-
-func (s *HmacKeysMetadata) MarshalJSON() ([]byte, error) {
-	type NoMethod HmacKeysMetadata
-	raw := NoMethod(*s)
-	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
-}
-
-// Notification: A subscription to receive Google PubSub notifications.
-type Notification struct {
-	// CustomAttributes: An optional list of additional attributes to attach
-	// to each Cloud PubSub message published for this notification
-	// subscription.
-	CustomAttributes map[string]string `json:"custom_attributes,omitempty"`
-
-	// Etag: HTTP 1.1 Entity tag for this subscription notification.
-	Etag string `json:"etag,omitempty"`
-
-	// EventTypes: If present, only send notifications about listed event
-	// types. If empty, sent notifications for all event types.
-	EventTypes []string `json:"event_types,omitempty"`
-
-	// Id: The ID of the notification.
-	Id string `json:"id,omitempty"`
-
-	// Kind: The kind of item this is. For notifications, this is always
-	// storage#notification.
-	Kind string `json:"kind,omitempty"`
-
-	// ObjectNamePrefix: If present, only apply this notification
-	// configuration to object names that begin with this prefix.
-	ObjectNamePrefix string `json:"object_name_prefix,omitempty"`
-
-	// PayloadFormat: The desired content of the Payload.
-	PayloadFormat string `json:"payload_format,omitempty"`
-
-	// SelfLink: The canonical URL of this notification.
-	SelfLink string `json:"selfLink,omitempty"`
-
-	// Topic: The Cloud PubSub topic to which this subscription publishes.
-	// Formatted as:
-	// '//pubsub.googleapis.com/projects/{project-identifier}/topics/{my-topi
-	// c}'
-	Topic string `json:"topic,omitempty"`
-
-	// ServerResponse contains the HTTP response code and headers from the
-	// server.
-	googleapi.ServerResponse `json:"-"`
-
-	// ForceSendFields is a list of field names (e.g. "CustomAttributes") to
-	// unconditionally include in API requests. By default, fields with
-	// empty or default values are omitted from API requests. However, any
-	// non-pointer, non-interface field appearing in ForceSendFields will be
-	// sent to the server regardless of whether the field is empty or not.
-	// This may be used to include empty fields in Patch requests.
-	ForceSendFields []string `json:"-"`
-
-	// NullFields is a list of field names (e.g. "CustomAttributes") to
-	// include in API requests with the JSON null value. By default, fields
-	// with empty values are omitted from API requests. However, any field
-	// with an empty value appearing in NullFields will be sent to the
-	// server as null. It is an error if a field in this list has a
-	// non-empty value. This may be used to include null fields in Patch
-	// requests.
-	NullFields []string `json:"-"`
-}
-
-func (s *Notification) MarshalJSON() ([]byte, error) {
-	type NoMethod Notification
-	raw := NoMethod(*s)
-	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
-}
-
-// Notifications: A list of notification subscriptions.
-type Notifications struct {
-	// Items: The list of items.
-	Items []*Notification `json:"items,omitempty"`
-
-	// Kind: The kind of item this is. For lists of notifications, this is
-	// always storage#notifications.
-	Kind string `json:"kind,omitempty"`
-
-	// ServerResponse contains the HTTP response code and headers from the
-	// server.
-	googleapi.ServerResponse `json:"-"`
-
-	// ForceSendFields is a list of field names (e.g. "Items") to
-	// unconditionally include in API requests. By default, fields with
-	// empty or default values are omitted from API requests. However, any
-	// non-pointer, non-interface field appearing in ForceSendFields will be
-	// sent to the server regardless of whether the field is empty or not.
-	// This may be used to include empty fields in Patch requests.
-	ForceSendFields []string `json:"-"`
-
-	// NullFields is a list of field names (e.g. "Items") to include in API
-	// requests with the JSON null value. By default, fields with empty
-	// values are omitted from API requests. However, any field with an
-	// empty value appearing in NullFields will be sent to the server as
-	// null. It is an error if a field in this list has a non-empty value.
-	// This may be used to include null fields in Patch requests.
-	NullFields []string `json:"-"`
-}
-
-func (s *Notifications) MarshalJSON() ([]byte, error) {
-	type NoMethod Notifications
-	raw := NoMethod(*s)
-	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
-}
-
-// Object: An object.
-type Object struct {
-	// Acl: Access controls on the object.
-	Acl []*ObjectAccessControl `json:"acl,omitempty"`
-
-	// Bucket: The name of the bucket containing this object.
-	Bucket string `json:"bucket,omitempty"`
-
-	// CacheControl: Cache-Control directive for the object data. If
-	// omitted, and the object is accessible to all anonymous users, the
-	// default will be public, max-age=3600.
-	CacheControl string `json:"cacheControl,omitempty"`
-
-	// ComponentCount: Number of underlying components that make up this
-	// object. Components are accumulated by compose operations.
-	ComponentCount int64 `json:"componentCount,omitempty"`
-
-	// ContentDisposition: Content-Disposition of the object data.
-	ContentDisposition string `json:"contentDisposition,omitempty"`
-
-	// ContentEncoding: Content-Encoding of the object data.
-	ContentEncoding string `json:"contentEncoding,omitempty"`
-
-	// ContentLanguage: Content-Language of the object data.
-	ContentLanguage string `json:"contentLanguage,omitempty"`
-
-	// ContentType: Content-Type of the object data. If an object is stored
-	// without a Content-Type, it is served as application/octet-stream.
-	ContentType string `json:"contentType,omitempty"`
-
-	// Crc32c: CRC32c checksum, as described in RFC 4960, Appendix B;
-	// encoded using base64 in big-endian byte order. For more information
-	// about using the CRC32c checksum, see Hashes and ETags: Best
-	// Practices.
-	Crc32c string `json:"crc32c,omitempty"`
-
-	// CustomTime: A timestamp in RFC 3339 format specified by the user for
-	// an object.
-	CustomTime string `json:"customTime,omitempty"`
-
-	// CustomerEncryption: Metadata of customer-supplied encryption key, if
-	// the object is encrypted by such a key.
-	CustomerEncryption *ObjectCustomerEncryption `json:"customerEncryption,omitempty"`
-
-	// Etag: HTTP 1.1 Entity tag for the object.
-	Etag string `json:"etag,omitempty"`
-
-	// EventBasedHold: Whether an object is under event-based hold.
-	// Event-based hold is a way to retain objects until an event occurs,
-	// which is signified by the hold's release (i.e. this value is set to
-	// false). After being released (set to false), such objects will be
-	// subject to bucket-level retention (if any). One sample use case of
-	// this flag is for banks to hold loan documents for at least 3 years
-	// after loan is paid in full. Here, bucket-level retention is 3 years
-	// and the event is the loan being paid in full. In this example, these
-	// objects will be held intact for any number of years until the event
-	// has occurred (event-based hold on the object is released) and then 3
-	// more years after that. That means retention duration of the objects
-	// begins from the moment event-based hold transitioned from true to
-	// false.
-	EventBasedHold bool `json:"eventBasedHold,omitempty"`
-
-	// Generation: The content generation of this object. Used for object
-	// versioning.
-	Generation int64 `json:"generation,omitempty,string"`
-
-	// Id: The ID of the object, including the bucket name, object name, and
-	// generation number.
-	Id string `json:"id,omitempty"`
-
-	// Kind: The kind of item this is. For objects, this is always
-	// storage#object.
-	Kind string `json:"kind,omitempty"`
-
-	// KmsKeyName: Not currently supported. Specifying the parameter causes
-	// the request to fail with status code 400 - Bad Request.
-	KmsKeyName string `json:"kmsKeyName,omitempty"`
-
-	// Md5Hash: MD5 hash of the data; encoded using base64. For more
-	// information about using the MD5 hash, see Hashes and ETags: Best
-	// Practices.
-	Md5Hash string `json:"md5Hash,omitempty"`
-
-	// MediaLink: Media download link.
-	MediaLink string `json:"mediaLink,omitempty"`
-
-	// Metadata: User-provided metadata, in key/value pairs.
-	Metadata map[string]string `json:"metadata,omitempty"`
-
-	// Metageneration: The version of the metadata for this object at this
-	// generation. Used for preconditions and for detecting changes in
-	// metadata. A metageneration number is only meaningful in the context
-	// of a particular generation of a particular object.
-	Metageneration int64 `json:"metageneration,omitempty,string"`
-
-	// Name: The name of the object. Required if not specified by URL
-	// parameter.
-	Name string `json:"name,omitempty"`
-
-	// Owner: The owner of the object. This will always be the uploader of
-	// the object.
-	Owner *ObjectOwner `json:"owner,omitempty"`
-
-	// RetentionExpirationTime: A server-determined value that specifies the
-	// earliest time that the object's retention period expires. This value
-	// is in RFC 3339 format. Note 1: This field is not provided for objects
-	// with an active event-based hold, since retention expiration is
-	// unknown until the hold is removed. Note 2: This value can be provided
-	// even when temporary hold is set (so that the user can reason about
-	// policy without having to first unset the temporary hold).
-	RetentionExpirationTime string `json:"retentionExpirationTime,omitempty"`
-
-	// SelfLink: The link to this object.
-	SelfLink string `json:"selfLink,omitempty"`
-
-	// Size: Content-Length of the data in bytes.
-	Size uint64 `json:"size,omitempty,string"`
-
-	// StorageClass: Storage class of the object.
-	StorageClass string `json:"storageClass,omitempty"`
-
-	// TemporaryHold: Whether an object is under temporary hold. While this
-	// flag is set to true, the object is protected against deletion and
-	// overwrites. A common use case of this flag is regulatory
-	// investigations where objects need to be retained while the
-	// investigation is ongoing. Note that unlike event-based hold,
-	// temporary hold does not impact retention expiration time of an
-	// object.
-	TemporaryHold bool `json:"temporaryHold,omitempty"`
-
-	// TimeCreated: The creation time of the object in RFC 3339 format.
-	TimeCreated string `json:"timeCreated,omitempty"`
-
-	// TimeDeleted: The deletion time of the object in RFC 3339 format. Will
-	// be returned if and only if this version of the object has been
-	// deleted.
-	TimeDeleted string `json:"timeDeleted,omitempty"`
-
-	// TimeStorageClassUpdated: The time at which the object's storage class
-	// was last changed. When the object is initially created, it will be
-	// set to timeCreated.
-	TimeStorageClassUpdated string `json:"timeStorageClassUpdated,omitempty"`
-
-	// Updated: The modification time of the object metadata in RFC 3339
-	// format. Set initially to object creation time and then updated
-	// whenever any metadata of the object changes. This includes changes
-	// made by a requester, such as modifying custom metadata, as well as
-	// changes made by Cloud Storage on behalf of a requester, such as
-	// changing the storage class based on an Object Lifecycle
-	// Configuration.
-	Updated string `json:"updated,omitempty"`
-
-	// ServerResponse contains the HTTP response code and headers from the
-	// server.
-	googleapi.ServerResponse `json:"-"`
-
-	// ForceSendFields is a list of field names (e.g. "Acl") to
-	// unconditionally include in API requests. By default, fields with
-	// empty or default values are omitted from API requests. However, any
-	// non-pointer, non-interface field appearing in ForceSendFields will be
-	// sent to the server regardless of whether the field is empty or not.
-	// This may be used to include empty fields in Patch requests.
-	ForceSendFields []string `json:"-"`
-
-	// NullFields is a list of field names (e.g. "Acl") to include in API
-	// requests with the JSON null value. By default, fields with empty
-	// values are omitted from API requests. However, any field with an
-	// empty value appearing in NullFields will be sent to the server as
-	// null. It is an error if a field in this list has a non-empty value.
-	// This may be used to include null fields in Patch requests.
-	NullFields []string `json:"-"`
-}
-
-func (s *Object) MarshalJSON() ([]byte, error) {
-	type NoMethod Object
-	raw := NoMethod(*s)
-	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
-}
-
-// ObjectCustomerEncryption: Metadata of customer-supplied encryption
-// key, if the object is encrypted by such a key.
-type ObjectCustomerEncryption struct {
-	// EncryptionAlgorithm: The encryption algorithm.
-	EncryptionAlgorithm string `json:"encryptionAlgorithm,omitempty"`
-
-	// KeySha256: SHA256 hash value of the encryption key.
-	KeySha256 string `json:"keySha256,omitempty"`
-
-	// ForceSendFields is a list of field names (e.g. "EncryptionAlgorithm")
-	// to unconditionally include in API requests. By default, fields with
-	// empty or default values are omitted from API requests. However, any
-	// non-pointer, non-interface field appearing in ForceSendFields will be
-	// sent to the server regardless of whether the field is empty or not.
-	// This may be used to include empty fields in Patch requests.
-	ForceSendFields []string `json:"-"`
-
-	// NullFields is a list of field names (e.g. "EncryptionAlgorithm") to
-	// include in API requests with the JSON null value. By default, fields
-	// with empty values are omitted from API requests. However, any field
-	// with an empty value appearing in NullFields will be sent to the
-	// server as null. It is an error if a field in this list has a
-	// non-empty value. This may be used to include null fields in Patch
-	// requests.
-	NullFields []string `json:"-"`
-}
-
-func (s *ObjectCustomerEncryption) MarshalJSON() ([]byte, error) {
-	type NoMethod ObjectCustomerEncryption
-	raw := NoMethod(*s)
-	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
-}
-
-// ObjectOwner: The owner of the object. This will always be the
-// uploader of the object.
-type ObjectOwner struct {
-	// Entity: The entity, in the form user-userId.
-	Entity string `json:"entity,omitempty"`
-
-	// EntityId: The ID for the entity.
-	EntityId string `json:"entityId,omitempty"`
-
-	// ForceSendFields is a list of field names (e.g. "Entity") to
-	// unconditionally include in API requests. By default, fields with
-	// empty or default values are omitted from API requests. However, any
-	// non-pointer, non-interface field appearing in ForceSendFields will be
-	// sent to the server regardless of whether the field is empty or not.
-	// This may be used to include empty fields in Patch requests.
-	ForceSendFields []string `json:"-"`
-
-	// NullFields is a list of field names (e.g. "Entity") to include in API
-	// requests with the JSON null value. By default, fields with empty
-	// values are omitted from API requests. However, any field with an
-	// empty value appearing in NullFields will be sent to the server as
-	// null. It is an error if a field in this list has a non-empty value.
-	// This may be used to include null fields in Patch requests.
-	NullFields []string `json:"-"`
-}
-
-func (s *ObjectOwner) MarshalJSON() ([]byte, error) {
-	type NoMethod ObjectOwner
-	raw := NoMethod(*s)
-	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
-}
-
-// ObjectAccessControl: An access-control entry.
-type ObjectAccessControl struct {
-	// Bucket: The name of the bucket.
-	Bucket string `json:"bucket,omitempty"`
-
-	// Domain: The domain associated with the entity, if any.
-	Domain string `json:"domain,omitempty"`
-
-	// Email: The email address associated with the entity, if any.
-	Email string `json:"email,omitempty"`
-
-	// Entity: The entity holding the permission, in one of the following
-	// forms:
-	// - user-userId
-	// - user-email
-	// - group-groupId
-	// - group-email
-	// - domain-domain
-	// - project-team-projectId
-	// - allUsers
-	// - allAuthenticatedUsers Examples:
-	// - The user liz@example.com would be user-liz@example.com.
-	// - The group example@googlegroups.com would be
-	// group-example@googlegroups.com.
-	// - To refer to all members of the Google Apps for Business domain
-	// example.com, the entity would be domain-example.com.
-	Entity string `json:"entity,omitempty"`
-
-	// EntityId: The ID for the entity, if any.
-	EntityId string `json:"entityId,omitempty"`
-
-	// Etag: HTTP 1.1 Entity tag for the access-control entry.
-	Etag string `json:"etag,omitempty"`
-
-	// Generation: The content generation of the object, if applied to an
-	// object.
-	Generation int64 `json:"generation,omitempty,string"`
-
-	// Id: The ID of the access-control entry.
-	Id string `json:"id,omitempty"`
-
-	// Kind: The kind of item this is. For object access control entries,
-	// this is always storage#objectAccessControl.
-	Kind string `json:"kind,omitempty"`
-
-	// Object: The name of the object, if applied to an object.
-	Object string `json:"object,omitempty"`
-
-	// ProjectTeam: The project team associated with the entity, if any.
-	ProjectTeam *ObjectAccessControlProjectTeam `json:"projectTeam,omitempty"`
-
-	// Role: The access permission for the entity.
-	Role string `json:"role,omitempty"`
-
-	// SelfLink: The link to this access-control entry.
-	SelfLink string `json:"selfLink,omitempty"`
-
-	// ServerResponse contains the HTTP response code and headers from the
-	// server.
-	googleapi.ServerResponse `json:"-"`
-
-	// ForceSendFields is a list of field names (e.g. "Bucket") to
-	// unconditionally include in API requests. By default, fields with
-	// empty or default values are omitted from API requests. However, any
-	// non-pointer, non-interface field appearing in ForceSendFields will be
-	// sent to the server regardless of whether the field is empty or not.
-	// This may be used to include empty fields in Patch requests.
-	ForceSendFields []string `json:"-"`
-
-	// NullFields is a list of field names (e.g. "Bucket") to include in API
-	// requests with the JSON null value. By default, fields with empty
-	// values are omitted from API requests. However, any field with an
-	// empty value appearing in NullFields will be sent to the server as
-	// null. It is an error if a field in this list has a non-empty value.
-	// This may be used to include null fields in Patch requests.
-	NullFields []string `json:"-"`
-}
-
-func (s *ObjectAccessControl) MarshalJSON() ([]byte, error) {
-	type NoMethod ObjectAccessControl
-	raw := NoMethod(*s)
-	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
-}
-
-// ObjectAccessControlProjectTeam: The project team associated with the
-// entity, if any.
-type ObjectAccessControlProjectTeam struct {
-	// ProjectNumber: The project number.
-	ProjectNumber string `json:"projectNumber,omitempty"`
-
-	// Team: The team.
-	Team string `json:"team,omitempty"`
-
-	// ForceSendFields is a list of field names (e.g. "ProjectNumber") to
-	// unconditionally include in API requests. By default, fields with
-	// empty or default values are omitted from API requests. However, any
-	// non-pointer, non-interface field appearing in ForceSendFields will be
-	// sent to the server regardless of whether the field is empty or not.
-	// This may be used to include empty fields in Patch requests.
-	ForceSendFields []string `json:"-"`
-
-	// NullFields is a list of field names (e.g. "ProjectNumber") to include
-	// in API requests with the JSON null value. By default, fields with
-	// empty values are omitted from API requests. However, any field with
-	// an empty value appearing in NullFields will be sent to the server as
-	// null. It is an error if a field in this list has a non-empty value.
-	// This may be used to include null fields in Patch requests.
-	NullFields []string `json:"-"`
-}
-
-func (s *ObjectAccessControlProjectTeam) MarshalJSON() ([]byte, error) {
-	type NoMethod ObjectAccessControlProjectTeam
-	raw := NoMethod(*s)
-	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
-}
-
-// ObjectAccessControls: An access-control list.
-type ObjectAccessControls struct {
-	// Items: The list of items.
-	Items []*ObjectAccessControl `json:"items,omitempty"`
-
-	// Kind: The kind of item this is. For lists of object access control
-	// entries, this is always storage#objectAccessControls.
-	Kind string `json:"kind,omitempty"`
-
-	// ServerResponse contains the HTTP response code and headers from the
-	// server.
-	googleapi.ServerResponse `json:"-"`
-
-	// ForceSendFields is a list of field names (e.g. "Items") to
-	// unconditionally include in API requests. By default, fields with
-	// empty or default values are omitted from API requests. However, any
-	// non-pointer, non-interface field appearing in ForceSendFields will be
-	// sent to the server regardless of whether the field is empty or not.
-	// This may be used to include empty fields in Patch requests.
-	ForceSendFields []string `json:"-"`
-
-	// NullFields is a list of field names (e.g. "Items") to include in API
-	// requests with the JSON null value. By default, fields with empty
-	// values are omitted from API requests. However, any field with an
-	// empty value appearing in NullFields will be sent to the server as
-	// null. It is an error if a field in this list has a non-empty value.
-	// This may be used to include null fields in Patch requests.
-	NullFields []string `json:"-"`
-}
-
-func (s *ObjectAccessControls) MarshalJSON() ([]byte, error) {
-	type NoMethod ObjectAccessControls
-	raw := NoMethod(*s)
-	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
-}
-
-// Objects: A list of objects.
-type Objects struct {
-	// Items: The list of items.
-	Items []*Object `json:"items,omitempty"`
-
-	// Kind: The kind of item this is. For lists of objects, this is always
-	// storage#objects.
-	Kind string `json:"kind,omitempty"`
-
-	// NextPageToken: The continuation token, used to page through large
-	// result sets. Provide this value in a subsequent request to return the
-	// next page of results.
-	NextPageToken string `json:"nextPageToken,omitempty"`
-
-	// Prefixes: The list of prefixes of objects matching-but-not-listed up
-	// to and including the requested delimiter.
-	Prefixes []string `json:"prefixes,omitempty"`
-
-	// ServerResponse contains the HTTP response code and headers from the
-	// server.
-	googleapi.ServerResponse `json:"-"`
-
-	// ForceSendFields is a list of field names (e.g. "Items") to
-	// unconditionally include in API requests. By default, fields with
-	// empty or default values are omitted from API requests. However, any
-	// non-pointer, non-interface field appearing in ForceSendFields will be
-	// sent to the server regardless of whether the field is empty or not.
-	// This may be used to include empty fields in Patch requests.
-	ForceSendFields []string `json:"-"`
-
-	// NullFields is a list of field names (e.g. "Items") to include in API
-	// requests with the JSON null value. By default, fields with empty
-	// values are omitted from API requests. However, any field with an
-	// empty value appearing in NullFields will be sent to the server as
-	// null. It is an error if a field in this list has a non-empty value.
-	// This may be used to include null fields in Patch requests.
-	NullFields []string `json:"-"`
-}
-
-func (s *Objects) MarshalJSON() ([]byte, error) {
-	type NoMethod Objects
-	raw := NoMethod(*s)
-	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
-}
-
-// Policy: A bucket/object IAM policy.
-type Policy struct {
-	// Bindings: An association between a role, which comes with a set of
-	// permissions, and members who may assume that role.
-	Bindings []*PolicyBindings `json:"bindings,omitempty"`
-
-	// Etag: HTTP 1.1  Entity tag for the policy.
-	Etag string `json:"etag,omitempty"`
-
-	// Kind: The kind of item this is. For policies, this is always
-	// storage#policy. This field is ignored on input.
-	Kind string `json:"kind,omitempty"`
-
-	// ResourceId: The ID of the resource to which this policy belongs. Will
-	// be of the form projects/_/buckets/bucket for buckets, and
-	// projects/_/buckets/bucket/objects/object for objects. A specific
-	// generation may be specified by appending #generationNumber to the end
-	// of the object name, e.g.
-	// projects/_/buckets/my-bucket/objects/data.txt#17. The current
-	// generation can be denoted with #0. This field is ignored on input.
-	ResourceId string `json:"resourceId,omitempty"`
-
-	// Version: The IAM policy format version.
-	Version int64 `json:"version,omitempty"`
-
-	// ServerResponse contains the HTTP response code and headers from the
-	// server.
-	googleapi.ServerResponse `json:"-"`
-
-	// ForceSendFields is a list of field names (e.g. "Bindings") to
-	// unconditionally include in API requests. By default, fields with
-	// empty or default values are omitted from API requests. However, any
-	// non-pointer, non-interface field appearing in ForceSendFields will be
-	// sent to the server regardless of whether the field is empty or not.
-	// This may be used to include empty fields in Patch requests.
-	ForceSendFields []string `json:"-"`
-
-	// NullFields is a list of field names (e.g. "Bindings") to include in
-	// API requests with the JSON null value. By default, fields with empty
-	// values are omitted from API requests. However, any field with an
-	// empty value appearing in NullFields will be sent to the server as
-	// null. It is an error if a field in this list has a non-empty value.
-	// This may be used to include null fields in Patch requests.
-	NullFields []string `json:"-"`
-}
-
-func (s *Policy) MarshalJSON() ([]byte, error) {
-	type NoMethod Policy
-	raw := NoMethod(*s)
-	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
-}
-
-type PolicyBindings struct {
-	// Condition: The condition that is associated with this binding. NOTE:
-	// an unsatisfied condition will not allow user access via current
-	// binding. Different bindings, including their conditions, are examined
-	// independently.
-	Condition *Expr `json:"condition,omitempty"`
-
-	// Members: A collection of identifiers for members who may assume the
-	// provided role. Recognized identifiers are as follows:
-	// - allUsers — A special identifier that represents anyone on the
-	// internet; with or without a Google account.
-	// - allAuthenticatedUsers — A special identifier that represents
-	// anyone who is authenticated with a Google account or a service
-	// account.
-	// - user:emailid — An email address that represents a specific
-	// account. For example, user:alice@gmail.com or user:joe@example.com.
-	//
-	// - serviceAccount:emailid — An email address that represents a
-	// service account. For example,
-	// serviceAccount:my-other-app@appspot.gserviceaccount.com .
-	// - group:emailid — An email address that represents a Google group.
-	// For example, group:admins@example.com.
-	// - domain:domain — A Google Apps domain name that represents all the
-	// users of that domain. For example, domain:google.com or
-	// domain:example.com.
-	// - projectOwner:projectid — Owners of the given project. For
-	// example, projectOwner:my-example-project
-	// - projectEditor:projectid — Editors of the given project. For
-	// example, projectEditor:my-example-project
-	// - projectViewer:projectid — Viewers of the given project. For
-	// example, projectViewer:my-example-project
-	Members []string `json:"members,omitempty"`
-
-	// Role: The role to which members belong. Two types of roles are
-	// supported: new IAM roles, which grant permissions that do not map
-	// directly to those provided by ACLs, and legacy IAM roles, which do
-	// map directly to ACL permissions. All roles are of the format
-	// roles/storage.specificRole.
-	// The new IAM roles are:
-	// - roles/storage.admin — Full control of Google Cloud Storage
-	// resources.
-	// - roles/storage.objectViewer — Read-Only access to Google Cloud
-	// Storage objects.
-	// - roles/storage.objectCreator — Access to create objects in Google
-	// Cloud Storage.
-	// - roles/storage.objectAdmin — Full control of Google Cloud Storage
-	// objects.   The legacy IAM roles are:
-	// - roles/storage.legacyObjectReader — Read-only access to objects
-	// without listing. Equivalent to an ACL entry on an object with the
-	// READER role.
-	// - roles/storage.legacyObjectOwner — Read/write access to existing
-	// objects without listing. Equivalent to an ACL entry on an object with
-	// the OWNER role.
-	// - roles/storage.legacyBucketReader — Read access to buckets with
-	// object listing. Equivalent to an ACL entry on a bucket with the
-	// READER role.
-	// - roles/storage.legacyBucketWriter — Read access to buckets with
-	// object listing/creation/deletion. Equivalent to an ACL entry on a
-	// bucket with the WRITER role.
-	// - roles/storage.legacyBucketOwner — Read and write access to
-	// existing buckets with object listing/creation/deletion. Equivalent to
-	// an ACL entry on a bucket with the OWNER role.
-	Role string `json:"role,omitempty"`
-
-	// ForceSendFields is a list of field names (e.g. "Condition") to
-	// unconditionally include in API requests. By default, fields with
-	// empty or default values are omitted from API requests. However, any
-	// non-pointer, non-interface field appearing in ForceSendFields will be
-	// sent to the server regardless of whether the field is empty or not.
-	// This may be used to include empty fields in Patch requests.
-	ForceSendFields []string `json:"-"`
-
-	// NullFields is a list of field names (e.g. "Condition") to include in
-	// API requests with the JSON null value. By default, fields with empty
-	// values are omitted from API requests. However, any field with an
-	// empty value appearing in NullFields will be sent to the server as
-	// null. It is an error if a field in this list has a non-empty value.
-	// This may be used to include null fields in Patch requests.
-	NullFields []string `json:"-"`
-}
-
-func (s *PolicyBindings) MarshalJSON() ([]byte, error) {
-	type NoMethod PolicyBindings
-	raw := NoMethod(*s)
-	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
-}
-
-// RewriteResponse: A rewrite response.
-type RewriteResponse struct {
-	// Done: true if the copy is finished; otherwise, false if the copy is
-	// in progress. This property is always present in the response.
-	Done bool `json:"done,omitempty"`
-
-	// Kind: The kind of item this is.
-	Kind string `json:"kind,omitempty"`
-
-	// ObjectSize: The total size of the object being copied in bytes. This
-	// property is always present in the response.
-	ObjectSize int64 `json:"objectSize,omitempty,string"`
-
-	// Resource: A resource containing the metadata for the copied-to
-	// object. This property is present in the response only when copying
-	// completes.
-	Resource *Object `json:"resource,omitempty"`
-
-	// RewriteToken: A token to use in subsequent requests to continue
-	// copying data. This token is present in the response only when there
-	// is more data to copy.
-	RewriteToken string `json:"rewriteToken,omitempty"`
-
-	// TotalBytesRewritten: The total bytes written so far, which can be
-	// used to provide a waiting user with a progress indicator. This
-	// property is always present in the response.
-	TotalBytesRewritten int64 `json:"totalBytesRewritten,omitempty,string"`
-
-	// ServerResponse contains the HTTP response code and headers from the
-	// server.
-	googleapi.ServerResponse `json:"-"`
-
-	// ForceSendFields is a list of field names (e.g. "Done") to
-	// unconditionally include in API requests. By default, fields with
-	// empty or default values are omitted from API requests. However, any
-	// non-pointer, non-interface field appearing in ForceSendFields will be
-	// sent to the server regardless of whether the field is empty or not.
-	// This may be used to include empty fields in Patch requests.
-	ForceSendFields []string `json:"-"`
-
-	// NullFields is a list of field names (e.g. "Done") to include in API
-	// requests with the JSON null value. By default, fields with empty
-	// values are omitted from API requests. However, any field with an
-	// empty value appearing in NullFields will be sent to the server as
-	// null. It is an error if a field in this list has a non-empty value.
-	// This may be used to include null fields in Patch requests.
-	NullFields []string `json:"-"`
-}
-
-func (s *RewriteResponse) MarshalJSON() ([]byte, error) {
-	type NoMethod RewriteResponse
-	raw := NoMethod(*s)
-	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
-}
-
-// ServiceAccount: A subscription to receive Google PubSub
-// notifications.
-type ServiceAccount struct {
-	// EmailAddress: The ID of the notification.
-	EmailAddress string `json:"email_address,omitempty"`
-
-	// Kind: The kind of item this is. For notifications, this is always
-	// storage#notification.
-	Kind string `json:"kind,omitempty"`
-
-	// ServerResponse contains the HTTP response code and headers from the
-	// server.
-	googleapi.ServerResponse `json:"-"`
-
-	// ForceSendFields is a list of field names (e.g. "EmailAddress") to
-	// unconditionally include in API requests. By default, fields with
-	// empty or default values are omitted from API requests. However, any
-	// non-pointer, non-interface field appearing in ForceSendFields will be
-	// sent to the server regardless of whether the field is empty or not.
-	// This may be used to include empty fields in Patch requests.
-	ForceSendFields []string `json:"-"`
-
-	// NullFields is a list of field names (e.g. "EmailAddress") to include
-	// in API requests with the JSON null value. By default, fields with
-	// empty values are omitted from API requests. However, any field with
-	// an empty value appearing in NullFields will be sent to the server as
-	// null. It is an error if a field in this list has a non-empty value.
-	// This may be used to include null fields in Patch requests.
-	NullFields []string `json:"-"`
-}
-
-func (s *ServiceAccount) MarshalJSON() ([]byte, error) {
-	type NoMethod ServiceAccount
-	raw := NoMethod(*s)
-	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
-}
-
-// TestIamPermissionsResponse: A
-// storage.(buckets|objects).testIamPermissions response.
-type TestIamPermissionsResponse struct {
-	// Kind: The kind of item this is.
-	Kind string `json:"kind,omitempty"`
-
-	// Permissions: The permissions held by the caller. Permissions are
-	// always of the format storage.resource.capability, where resource is
-	// one of buckets or objects. The supported permissions are as follows:
-	//
-	// - storage.buckets.delete — Delete bucket.
-	// - storage.buckets.get — Read bucket metadata.
-	// - storage.buckets.getIamPolicy — Read bucket IAM policy.
-	// - storage.buckets.create — Create bucket.
-	// - storage.buckets.list — List buckets.
-	// - storage.buckets.setIamPolicy — Update bucket IAM policy.
-	// - storage.buckets.update — Update bucket metadata.
-	// - storage.objects.delete — Delete object.
-	// - storage.objects.get — Read object data and metadata.
-	// - storage.objects.getIamPolicy — Read object IAM policy.
-	// - storage.objects.create — Create object.
-	// - storage.objects.list — List objects.
-	// - storage.objects.setIamPolicy — Update object IAM policy.
-	// - storage.objects.update — Update object metadata.
-	Permissions []string `json:"permissions,omitempty"`
-
-	// ServerResponse contains the HTTP response code and headers from the
-	// server.
-	googleapi.ServerResponse `json:"-"`
-
-	// ForceSendFields is a list of field names (e.g. "Kind") to
-	// unconditionally include in API requests. By default, fields with
-	// empty or default values are omitted from API requests. However, any
-	// non-pointer, non-interface field appearing in ForceSendFields will be
-	// sent to the server regardless of whether the field is empty or not.
-	// This may be used to include empty fields in Patch requests.
-	ForceSendFields []string `json:"-"`
-
-	// NullFields is a list of field names (e.g. "Kind") to include in API
-	// requests with the JSON null value. By default, fields with empty
-	// values are omitted from API requests. However, any field with an
-	// empty value appearing in NullFields will be sent to the server as
-	// null. It is an error if a field in this list has a non-empty value.
-	// This may be used to include null fields in Patch requests.
-	NullFields []string `json:"-"`
-}
-
-func (s *TestIamPermissionsResponse) MarshalJSON() ([]byte, error) {
-	type NoMethod TestIamPermissionsResponse
-	raw := NoMethod(*s)
-	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
-}
-
-// method id "storage.bucketAccessControls.delete":
-
-type BucketAccessControlsDeleteCall struct {
-	s          *Service
-	bucket     string
-	entity     string
-	urlParams_ gensupport.URLParams
-	ctx_       context.Context
-	header_    http.Header
-}
-
-// Delete: Permanently deletes the ACL entry for the specified entity on
-// the specified bucket.
-//
-//   - bucket: Name of a bucket.
-//   - entity: The entity holding the permission. Can be user-userId,
-//     user-emailAddress, group-groupId, group-emailAddress, allUsers, or
-//     allAuthenticatedUsers.
-func (r *BucketAccessControlsService) Delete(bucket string, entity string) *BucketAccessControlsDeleteCall {
-	c := &BucketAccessControlsDeleteCall{s: r.s, urlParams_: make(gensupport.URLParams)}
-	c.bucket = bucket
-	c.entity = entity
-	return c
-}
-
-// UserProject sets the optional parameter "userProject": The project to
-// be billed for this request. Required for Requester Pays buckets.
-func (c *BucketAccessControlsDeleteCall) UserProject(userProject string) *BucketAccessControlsDeleteCall {
-	c.urlParams_.Set("userProject", userProject)
-	return c
-}
-
-// Fields allows partial responses to be retrieved. See
-// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
-// for more information.
-func (c *BucketAccessControlsDeleteCall) Fields(s ...googleapi.Field) *BucketAccessControlsDeleteCall {
-	c.urlParams_.Set("fields", googleapi.CombineFields(s))
-	return c
-}
-
-// Context sets the context to be used in this call's Do method. Any
-// pending HTTP request will be aborted if the provided context is
-// canceled.
-func (c *BucketAccessControlsDeleteCall) Context(ctx context.Context) *BucketAccessControlsDeleteCall {
-	c.ctx_ = ctx
-	return c
-}
-
-// Header returns an http.Header that can be modified by the caller to
-// add HTTP headers to the request.
-func (c *BucketAccessControlsDeleteCall) Header() http.Header {
-	if c.header_ == nil {
-		c.header_ = make(http.Header)
-	}
-	return c.header_
-}
-
-func (c *BucketAccessControlsDeleteCall) doRequest(alt string) (*http.Response, error) {
-	reqHeaders := make(http.Header)
-	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
-	for k, v := range c.header_ {
-		reqHeaders[k] = v
-	}
-	reqHeaders.Set("User-Agent", c.s.userAgent())
-	var body io.Reader = nil
-	c.urlParams_.Set("alt", alt)
-	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "b/{bucket}/acl/{entity}")
-	urls += "?" + c.urlParams_.Encode()
-	req, err := http.NewRequest("DELETE", urls, body)
-	if err != nil {
-		return nil, err
-	}
-	req.Header = reqHeaders
-	googleapi.Expand(req.URL, map[string]string{
-		"bucket": c.bucket,
-		"entity": c.entity,
-	})
-	return gensupport.SendRequest(c.ctx_, c.s.client, req)
-}
-
-// Do executes the "storage.bucketAccessControls.delete" call.
-func (c *BucketAccessControlsDeleteCall) Do(opts ...googleapi.CallOption) error {
-	gensupport.SetOptions(c.urlParams_, opts...)
-	res, err := c.doRequest("json")
-	if err != nil {
-		return err
-	}
-	defer googleapi.CloseBody(res)
-	if err := googleapi.CheckResponse(res); err != nil {
-		return gensupport.WrapError(err)
-	}
-	return nil
-	// {
-	//   "description": "Permanently deletes the ACL entry for the specified entity on the specified bucket.",
-	//   "httpMethod": "DELETE",
-	//   "id": "storage.bucketAccessControls.delete",
-	//   "parameterOrder": [
-	//     "bucket",
-	//     "entity"
-	//   ],
-	//   "parameters": {
-	//     "bucket": {
-	//       "description": "Name of a bucket.",
-	//       "location": "path",
-	//       "required": true,
-	//       "type": "string"
-	//     },
-	//     "entity": {
-	//       "description": "The entity holding the permission. Can be user-userId, user-emailAddress, group-groupId, group-emailAddress, allUsers, or allAuthenticatedUsers.",
-	//       "location": "path",
-	//       "required": true,
-	//       "type": "string"
-	//     },
-	//     "userProject": {
-	//       "description": "The project to be billed for this request. Required for Requester Pays buckets.",
-	//       "location": "query",
-	//       "type": "string"
-	//     }
-	//   },
-	//   "path": "b/{bucket}/acl/{entity}",
-	//   "scopes": [
-	//     "https://www.googleapis.com/auth/cloud-platform",
-	//     "https://www.googleapis.com/auth/devstorage.full_control"
-	//   ]
-	// }
-
-}
-
-// method id "storage.bucketAccessControls.get":
-
-type BucketAccessControlsGetCall struct {
-	s            *Service
-	bucket       string
-	entity       string
-	urlParams_   gensupport.URLParams
-	ifNoneMatch_ string
-	ctx_         context.Context
-	header_      http.Header
-}
-
-// Get: Returns the ACL entry for the specified entity on the specified
-// bucket.
-//
-//   - bucket: Name of a bucket.
-//   - entity: The entity holding the permission. Can be user-userId,
-//     user-emailAddress, group-groupId, group-emailAddress, allUsers, or
-//     allAuthenticatedUsers.
-func (r *BucketAccessControlsService) Get(bucket string, entity string) *BucketAccessControlsGetCall {
-	c := &BucketAccessControlsGetCall{s: r.s, urlParams_: make(gensupport.URLParams)}
-	c.bucket = bucket
-	c.entity = entity
-	return c
-}
-
-// UserProject sets the optional parameter "userProject": The project to
-// be billed for this request. Required for Requester Pays buckets.
-func (c *BucketAccessControlsGetCall) UserProject(userProject string) *BucketAccessControlsGetCall {
-	c.urlParams_.Set("userProject", userProject)
-	return c
-}
-
-// Fields allows partial responses to be retrieved. See
-// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
-// for more information.
-func (c *BucketAccessControlsGetCall) Fields(s ...googleapi.Field) *BucketAccessControlsGetCall {
-	c.urlParams_.Set("fields", googleapi.CombineFields(s))
-	return c
-}
-
-// IfNoneMatch sets the optional parameter which makes the operation
-// fail if the object's ETag matches the given value. This is useful for
-// getting updates only after the object has changed since the last
-// request. Use googleapi.IsNotModified to check whether the response
-// error from Do is the result of In-None-Match.
-func (c *BucketAccessControlsGetCall) IfNoneMatch(entityTag string) *BucketAccessControlsGetCall {
-	c.ifNoneMatch_ = entityTag
-	return c
-}
-
-// Context sets the context to be used in this call's Do method. Any
-// pending HTTP request will be aborted if the provided context is
-// canceled.
-func (c *BucketAccessControlsGetCall) Context(ctx context.Context) *BucketAccessControlsGetCall {
-	c.ctx_ = ctx
-	return c
-}
-
-// Header returns an http.Header that can be modified by the caller to
-// add HTTP headers to the request.
-func (c *BucketAccessControlsGetCall) Header() http.Header {
-	if c.header_ == nil {
-		c.header_ = make(http.Header)
-	}
-	return c.header_
-}
-
-func (c *BucketAccessControlsGetCall) doRequest(alt string) (*http.Response, error) {
-	reqHeaders := make(http.Header)
-	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
-	for k, v := range c.header_ {
-		reqHeaders[k] = v
-	}
-	reqHeaders.Set("User-Agent", c.s.userAgent())
-	if c.ifNoneMatch_ != "" {
-		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
-	}
-	var body io.Reader = nil
-	c.urlParams_.Set("alt", alt)
-	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "b/{bucket}/acl/{entity}")
-	urls += "?" + c.urlParams_.Encode()
-	req, err := http.NewRequest("GET", urls, body)
-	if err != nil {
-		return nil, err
-	}
-	req.Header = reqHeaders
-	googleapi.Expand(req.URL, map[string]string{
-		"bucket": c.bucket,
-		"entity": c.entity,
-	})
-	return gensupport.SendRequest(c.ctx_, c.s.client, req)
-}
-
-// Do executes the "storage.bucketAccessControls.get" call.
-// Exactly one of *BucketAccessControl or error will be non-nil. Any
-// non-2xx status code is an error. Response headers are in either
-// *BucketAccessControl.ServerResponse.Header or (if a response was
-// returned at all) in error.(*googleapi.Error).Header. Use
-// googleapi.IsNotModified to check whether the returned error was
-// because http.StatusNotModified was returned.
-func (c *BucketAccessControlsGetCall) Do(opts ...googleapi.CallOption) (*BucketAccessControl, error) {
-	gensupport.SetOptions(c.urlParams_, opts...)
-	res, err := c.doRequest("json")
-	if res != nil && res.StatusCode == http.StatusNotModified {
-		if res.Body != nil {
-			res.Body.Close()
-		}
-		return nil, gensupport.WrapError(&googleapi.Error{
-			Code:   res.StatusCode,
-			Header: res.Header,
-		})
-	}
-	if err != nil {
-		return nil, err
-	}
-	defer googleapi.CloseBody(res)
-	if err := googleapi.CheckResponse(res); err != nil {
-		return nil, gensupport.WrapError(err)
-	}
-	ret := &BucketAccessControl{
-		ServerResponse: googleapi.ServerResponse{
-			Header:         res.Header,
-			HTTPStatusCode: res.StatusCode,
-		},
-	}
-	target := &ret
-	if err := gensupport.DecodeResponse(target, res); err != nil {
-		return nil, err
-	}
-	return ret, nil
-	// {
-	//   "description": "Returns the ACL entry for the specified entity on the specified bucket.",
-	//   "httpMethod": "GET",
-	//   "id": "storage.bucketAccessControls.get",
-	//   "parameterOrder": [
-	//     "bucket",
-	//     "entity"
-	//   ],
-	//   "parameters": {
-	//     "bucket": {
-	//       "description": "Name of a bucket.",
-	//       "location": "path",
-	//       "required": true,
-	//       "type": "string"
-	//     },
-	//     "entity": {
-	//       "description": "The entity holding the permission. Can be user-userId, user-emailAddress, group-groupId, group-emailAddress, allUsers, or allAuthenticatedUsers.",
-	//       "location": "path",
-	//       "required": true,
-	//       "type": "string"
-	//     },
-	//     "userProject": {
-	//       "description": "The project to be billed for this request. Required for Requester Pays buckets.",
-	//       "location": "query",
-	//       "type": "string"
-	//     }
-	//   },
-	//   "path": "b/{bucket}/acl/{entity}",
-	//   "response": {
-	//     "$ref": "BucketAccessControl"
-	//   },
-	//   "scopes": [
-	//     "https://www.googleapis.com/auth/cloud-platform",
-	//     "https://www.googleapis.com/auth/devstorage.full_control"
-	//   ]
-	// }
-
-}
-
-// method id "storage.bucketAccessControls.insert":
-
-type BucketAccessControlsInsertCall struct {
-	s                   *Service
-	bucket              string
-	bucketaccesscontrol *BucketAccessControl
-	urlParams_          gensupport.URLParams
-	ctx_                context.Context
-	header_             http.Header
-}
-
-// Insert: Creates a new ACL entry on the specified bucket.
-//
-// - bucket: Name of a bucket.
-func (r *BucketAccessControlsService) Insert(bucket string, bucketaccesscontrol *BucketAccessControl) *BucketAccessControlsInsertCall {
-	c := &BucketAccessControlsInsertCall{s: r.s, urlParams_: make(gensupport.URLParams)}
-	c.bucket = bucket
-	c.bucketaccesscontrol = bucketaccesscontrol
-	return c
-}
-
-// UserProject sets the optional parameter "userProject": The project to
-// be billed for this request. Required for Requester Pays buckets.
-func (c *BucketAccessControlsInsertCall) UserProject(userProject string) *BucketAccessControlsInsertCall {
-	c.urlParams_.Set("userProject", userProject)
-	return c
-}
-
-// Fields allows partial responses to be retrieved. See
-// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
-// for more information.
-func (c *BucketAccessControlsInsertCall) Fields(s ...googleapi.Field) *BucketAccessControlsInsertCall {
-	c.urlParams_.Set("fields", googleapi.CombineFields(s))
-	return c
-}
-
-// Context sets the context to be used in this call's Do method. Any
-// pending HTTP request will be aborted if the provided context is
-// canceled.
-func (c *BucketAccessControlsInsertCall) Context(ctx context.Context) *BucketAccessControlsInsertCall {
-	c.ctx_ = ctx
-	return c
-}
-
-// Header returns an http.Header that can be modified by the caller to
-// add HTTP headers to the request.
-func (c *BucketAccessControlsInsertCall) Header() http.Header {
-	if c.header_ == nil {
-		c.header_ = make(http.Header)
-	}
-	return c.header_
-}
-
-func (c *BucketAccessControlsInsertCall) doRequest(alt string) (*http.Response, error) {
-	reqHeaders := make(http.Header)
-	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
-	for k, v := range c.header_ {
-		reqHeaders[k] = v
-	}
-	reqHeaders.Set("User-Agent", c.s.userAgent())
-	var body io.Reader = nil
-	body, err := googleapi.WithoutDataWrapper.JSONReader(c.bucketaccesscontrol)
-	if err != nil {
-		return nil, err
-	}
-	reqHeaders.Set("Content-Type", "application/json")
-	c.urlParams_.Set("alt", alt)
-	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "b/{bucket}/acl")
-	urls += "?" + c.urlParams_.Encode()
-	req, err := http.NewRequest("POST", urls, body)
-	if err != nil {
-		return nil, err
-	}
-	req.Header = reqHeaders
-	googleapi.Expand(req.URL, map[string]string{
-		"bucket": c.bucket,
-	})
-	return gensupport.SendRequest(c.ctx_, c.s.client, req)
-}
-
-// Do executes the "storage.bucketAccessControls.insert" call.
-// Exactly one of *BucketAccessControl or error will be non-nil. Any
-// non-2xx status code is an error. Response headers are in either
-// *BucketAccessControl.ServerResponse.Header or (if a response was
-// returned at all) in error.(*googleapi.Error).Header. Use
-// googleapi.IsNotModified to check whether the returned error was
-// because http.StatusNotModified was returned.
-func (c *BucketAccessControlsInsertCall) Do(opts ...googleapi.CallOption) (*BucketAccessControl, error) {
-	gensupport.SetOptions(c.urlParams_, opts...)
-	res, err := c.doRequest("json")
-	if res != nil && res.StatusCode == http.StatusNotModified {
-		if res.Body != nil {
-			res.Body.Close()
-		}
-		return nil, gensupport.WrapError(&googleapi.Error{
-			Code:   res.StatusCode,
-			Header: res.Header,
-		})
-	}
-	if err != nil {
-		return nil, err
-	}
-	defer googleapi.CloseBody(res)
-	if err := googleapi.CheckResponse(res); err != nil {
-		return nil, gensupport.WrapError(err)
-	}
-	ret := &BucketAccessControl{
-		ServerResponse: googleapi.ServerResponse{
-			Header:         res.Header,
-			HTTPStatusCode: res.StatusCode,
-		},
-	}
-	target := &ret
-	if err := gensupport.DecodeResponse(target, res); err != nil {
-		return nil, err
-	}
-	return ret, nil
-	// {
-	//   "description": "Creates a new ACL entry on the specified bucket.",
-	//   "httpMethod": "POST",
-	//   "id": "storage.bucketAccessControls.insert",
-	//   "parameterOrder": [
-	//     "bucket"
-	//   ],
-	//   "parameters": {
-	//     "bucket": {
-	//       "description": "Name of a bucket.",
-	//       "location": "path",
-	//       "required": true,
-	//       "type": "string"
-	//     },
-	//     "userProject": {
-	//       "description": "The project to be billed for this request. Required for Requester Pays buckets.",
-	//       "location": "query",
-	//       "type": "string"
-	//     }
-	//   },
-	//   "path": "b/{bucket}/acl",
-	//   "request": {
-	//     "$ref": "BucketAccessControl"
-	//   },
-	//   "response": {
-	//     "$ref": "BucketAccessControl"
-	//   },
-	//   "scopes": [
-	//     "https://www.googleapis.com/auth/cloud-platform",
-	//     "https://www.googleapis.com/auth/devstorage.full_control"
-	//   ]
-	// }
-
-}
-
-// method id "storage.bucketAccessControls.list":
-
-type BucketAccessControlsListCall struct {
-	s            *Service
-	bucket       string
-	urlParams_   gensupport.URLParams
-	ifNoneMatch_ string
-	ctx_         context.Context
-	header_      http.Header
-}
-
-// List: Retrieves ACL entries on the specified bucket.
-//
-// - bucket: Name of a bucket.
-func (r *BucketAccessControlsService) List(bucket string) *BucketAccessControlsListCall {
-	c := &BucketAccessControlsListCall{s: r.s, urlParams_: make(gensupport.URLParams)}
-	c.bucket = bucket
-	return c
-}
-
-// UserProject sets the optional parameter "userProject": The project to
-// be billed for this request. Required for Requester Pays buckets.
-func (c *BucketAccessControlsListCall) UserProject(userProject string) *BucketAccessControlsListCall {
-	c.urlParams_.Set("userProject", userProject)
-	return c
-}
-
-// Fields allows partial responses to be retrieved. See
-// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
-// for more information.
-func (c *BucketAccessControlsListCall) Fields(s ...googleapi.Field) *BucketAccessControlsListCall {
-	c.urlParams_.Set("fields", googleapi.CombineFields(s))
-	return c
-}
-
-// IfNoneMatch sets the optional parameter which makes the operation
-// fail if the object's ETag matches the given value. This is useful for
-// getting updates only after the object has changed since the last
-// request. Use googleapi.IsNotModified to check whether the response
-// error from Do is the result of In-None-Match.
-func (c *BucketAccessControlsListCall) IfNoneMatch(entityTag string) *BucketAccessControlsListCall {
-	c.ifNoneMatch_ = entityTag
-	return c
-}
-
-// Context sets the context to be used in this call's Do method. Any
-// pending HTTP request will be aborted if the provided context is
-// canceled.
-func (c *BucketAccessControlsListCall) Context(ctx context.Context) *BucketAccessControlsListCall {
-	c.ctx_ = ctx
-	return c
-}
-
-// Header returns an http.Header that can be modified by the caller to
-// add HTTP headers to the request.
-func (c *BucketAccessControlsListCall) Header() http.Header {
-	if c.header_ == nil {
-		c.header_ = make(http.Header)
-	}
-	return c.header_
-}
-
-func (c *BucketAccessControlsListCall) doRequest(alt string) (*http.Response, error) {
-	reqHeaders := make(http.Header)
-	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
-	for k, v := range c.header_ {
-		reqHeaders[k] = v
-	}
-	reqHeaders.Set("User-Agent", c.s.userAgent())
-	if c.ifNoneMatch_ != "" {
-		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
-	}
-	var body io.Reader = nil
-	c.urlParams_.Set("alt", alt)
-	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "b/{bucket}/acl")
-	urls += "?" + c.urlParams_.Encode()
-	req, err := http.NewRequest("GET", urls, body)
-	if err != nil {
-		return nil, err
-	}
-	req.Header = reqHeaders
-	googleapi.Expand(req.URL, map[string]string{
-		"bucket": c.bucket,
-	})
-	return gensupport.SendRequest(c.ctx_, c.s.client, req)
-}
-
-// Do executes the "storage.bucketAccessControls.list" call.
-// Exactly one of *BucketAccessControls or error will be non-nil. Any
-// non-2xx status code is an error. Response headers are in either
-// *BucketAccessControls.ServerResponse.Header or (if a response was
-// returned at all) in error.(*googleapi.Error).Header. Use
-// googleapi.IsNotModified to check whether the returned error was
-// because http.StatusNotModified was returned.
-func (c *BucketAccessControlsListCall) Do(opts ...googleapi.CallOption) (*BucketAccessControls, error) {
-	gensupport.SetOptions(c.urlParams_, opts...)
-	res, err := c.doRequest("json")
-	if res != nil && res.StatusCode == http.StatusNotModified {
-		if res.Body != nil {
-			res.Body.Close()
-		}
-		return nil, gensupport.WrapError(&googleapi.Error{
-			Code:   res.StatusCode,
-			Header: res.Header,
-		})
-	}
-	if err != nil {
-		return nil, err
-	}
-	defer googleapi.CloseBody(res)
-	if err := googleapi.CheckResponse(res); err != nil {
-		return nil, gensupport.WrapError(err)
-	}
-	ret := &BucketAccessControls{
-		ServerResponse: googleapi.ServerResponse{
-			Header:         res.Header,
-			HTTPStatusCode: res.StatusCode,
-		},
-	}
-	target := &ret
-	if err := gensupport.DecodeResponse(target, res); err != nil {
-		return nil, err
-	}
-	return ret, nil
-	// {
-	//   "description": "Retrieves ACL entries on the specified bucket.",
-	//   "httpMethod": "GET",
-	//   "id": "storage.bucketAccessControls.list",
-	//   "parameterOrder": [
-	//     "bucket"
-	//   ],
-	//   "parameters": {
-	//     "bucket": {
-	//       "description": "Name of a bucket.",
-	//       "location": "path",
-	//       "required": true,
-	//       "type": "string"
-	//     },
-	//     "userProject": {
-	//       "description": "The project to be billed for this request. Required for Requester Pays buckets.",
-	//       "location": "query",
-	//       "type": "string"
-	//     }
-	//   },
-	//   "path": "b/{bucket}/acl",
-	//   "response": {
-	//     "$ref": "BucketAccessControls"
-	//   },
-	//   "scopes": [
-	//     "https://www.googleapis.com/auth/cloud-platform",
-	//     "https://www.googleapis.com/auth/devstorage.full_control"
-	//   ]
-	// }
-
-}
-
-// method id "storage.bucketAccessControls.patch":
-
-type BucketAccessControlsPatchCall struct {
-	s                   *Service
-	bucket              string
-	entity              string
-	bucketaccesscontrol *BucketAccessControl
-	urlParams_          gensupport.URLParams
-	ctx_                context.Context
-	header_             http.Header
-}
-
-// Patch: Patches an ACL entry on the specified bucket.
-//
-//   - bucket: Name of a bucket.
-//   - entity: The entity holding the permission. Can be user-userId,
-//     user-emailAddress, group-groupId, group-emailAddress, allUsers, or
-//     allAuthenticatedUsers.
-func (r *BucketAccessControlsService) Patch(bucket string, entity string, bucketaccesscontrol *BucketAccessControl) *BucketAccessControlsPatchCall {
-	c := &BucketAccessControlsPatchCall{s: r.s, urlParams_: make(gensupport.URLParams)}
-	c.bucket = bucket
-	c.entity = entity
-	c.bucketaccesscontrol = bucketaccesscontrol
-	return c
-}
-
-// UserProject sets the optional parameter "userProject": The project to
-// be billed for this request. Required for Requester Pays buckets.
-func (c *BucketAccessControlsPatchCall) UserProject(userProject string) *BucketAccessControlsPatchCall {
-	c.urlParams_.Set("userProject", userProject)
-	return c
-}
-
-// Fields allows partial responses to be retrieved. See
-// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
-// for more information.
-func (c *BucketAccessControlsPatchCall) Fields(s ...googleapi.Field) *BucketAccessControlsPatchCall {
-	c.urlParams_.Set("fields", googleapi.CombineFields(s))
-	return c
-}
-
-// Context sets the context to be used in this call's Do method. Any
-// pending HTTP request will be aborted if the provided context is
-// canceled.
-func (c *BucketAccessControlsPatchCall) Context(ctx context.Context) *BucketAccessControlsPatchCall {
-	c.ctx_ = ctx
-	return c
-}
-
-// Header returns an http.Header that can be modified by the caller to
-// add HTTP headers to the request.
-func (c *BucketAccessControlsPatchCall) Header() http.Header {
-	if c.header_ == nil {
-		c.header_ = make(http.Header)
-	}
-	return c.header_
-}
-
-func (c *BucketAccessControlsPatchCall) doRequest(alt string) (*http.Response, error) {
-	reqHeaders := make(http.Header)
-	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
-	for k, v := range c.header_ {
-		reqHeaders[k] = v
-	}
-	reqHeaders.Set("User-Agent", c.s.userAgent())
-	var body io.Reader = nil
-	body, err := googleapi.WithoutDataWrapper.JSONReader(c.bucketaccesscontrol)
-	if err != nil {
-		return nil, err
-	}
-	reqHeaders.Set("Content-Type", "application/json")
-	c.urlParams_.Set("alt", alt)
-	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "b/{bucket}/acl/{entity}")
-	urls += "?" + c.urlParams_.Encode()
-	req, err := http.NewRequest("PATCH", urls, body)
-	if err != nil {
-		return nil, err
-	}
-	req.Header = reqHeaders
-	googleapi.Expand(req.URL, map[string]string{
-		"bucket": c.bucket,
-		"entity": c.entity,
-	})
-	return gensupport.SendRequest(c.ctx_, c.s.client, req)
-}
-
-// Do executes the "storage.bucketAccessControls.patch" call.
-// Exactly one of *BucketAccessControl or error will be non-nil. Any
-// non-2xx status code is an error. Response headers are in either
-// *BucketAccessControl.ServerResponse.Header or (if a response was
-// returned at all) in error.(*googleapi.Error).Header. Use
-// googleapi.IsNotModified to check whether the returned error was
-// because http.StatusNotModified was returned.
-func (c *BucketAccessControlsPatchCall) Do(opts ...googleapi.CallOption) (*BucketAccessControl, error) {
-	gensupport.SetOptions(c.urlParams_, opts...)
-	res, err := c.doRequest("json")
-	if res != nil && res.StatusCode == http.StatusNotModified {
-		if res.Body != nil {
-			res.Body.Close()
-		}
-		return nil, gensupport.WrapError(&googleapi.Error{
-			Code:   res.StatusCode,
-			Header: res.Header,
-		})
-	}
-	if err != nil {
-		return nil, err
-	}
-	defer googleapi.CloseBody(res)
-	if err := googleapi.CheckResponse(res); err != nil {
-		return nil, gensupport.WrapError(err)
-	}
-	ret := &BucketAccessControl{
-		ServerResponse: googleapi.ServerResponse{
-			Header:         res.Header,
-			HTTPStatusCode: res.StatusCode,
-		},
-	}
-	target := &ret
-	if err := gensupport.DecodeResponse(target, res); err != nil {
-		return nil, err
-	}
-	return ret, nil
-	// {
-	//   "description": "Patches an ACL entry on the specified bucket.",
-	//   "httpMethod": "PATCH",
-	//   "id": "storage.bucketAccessControls.patch",
-	//   "parameterOrder": [
-	//     "bucket",
-	//     "entity"
-	//   ],
-	//   "parameters": {
-	//     "bucket": {
-	//       "description": "Name of a bucket.",
-	//       "location": "path",
-	//       "required": true,
-	//       "type": "string"
-	//     },
-	//     "entity": {
-	//       "description": "The entity holding the permission. Can be user-userId, user-emailAddress, group-groupId, group-emailAddress, allUsers, or allAuthenticatedUsers.",
-	//       "location": "path",
-	//       "required": true,
-	//       "type": "string"
-	//     },
-	//     "userProject": {
-	//       "description": "The project to be billed for this request. Required for Requester Pays buckets.",
-	//       "location": "query",
-	//       "type": "string"
-	//     }
-	//   },
-	//   "path": "b/{bucket}/acl/{entity}",
-	//   "request": {
-	//     "$ref": "BucketAccessControl"
-	//   },
-	//   "response": {
-	//     "$ref": "BucketAccessControl"
-	//   },
-	//   "scopes": [
-	//     "https://www.googleapis.com/auth/cloud-platform",
-	//     "https://www.googleapis.com/auth/devstorage.full_control"
-	//   ]
-	// }
-
-}
-
-// method id "storage.bucketAccessControls.update":
-
-type BucketAccessControlsUpdateCall struct {
-	s                   *Service
-	bucket              string
-	entity              string
-	bucketaccesscontrol *BucketAccessControl
-	urlParams_          gensupport.URLParams
-	ctx_                context.Context
-	header_             http.Header
-}
-
-// Update: Updates an ACL entry on the specified bucket.
-//
-//   - bucket: Name of a bucket.
-//   - entity: The entity holding the permission. Can be user-userId,
-//     user-emailAddress, group-groupId, group-emailAddress, allUsers, or
-//     allAuthenticatedUsers.
-func (r *BucketAccessControlsService) Update(bucket string, entity string, bucketaccesscontrol *BucketAccessControl) *BucketAccessControlsUpdateCall {
-	c := &BucketAccessControlsUpdateCall{s: r.s, urlParams_: make(gensupport.URLParams)}
-	c.bucket = bucket
-	c.entity = entity
-	c.bucketaccesscontrol = bucketaccesscontrol
-	return c
-}
-
-// UserProject sets the optional parameter "userProject": The project to
-// be billed for this request. Required for Requester Pays buckets.
-func (c *BucketAccessControlsUpdateCall) UserProject(userProject string) *BucketAccessControlsUpdateCall {
-	c.urlParams_.Set("userProject", userProject)
-	return c
-}
-
-// Fields allows partial responses to be retrieved. See
-// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
-// for more information.
-func (c *BucketAccessControlsUpdateCall) Fields(s ...googleapi.Field) *BucketAccessControlsUpdateCall {
-	c.urlParams_.Set("fields", googleapi.CombineFields(s))
-	return c
-}
-
-// Context sets the context to be used in this call's Do method. Any
-// pending HTTP request will be aborted if the provided context is
-// canceled.
-func (c *BucketAccessControlsUpdateCall) Context(ctx context.Context) *BucketAccessControlsUpdateCall {
-	c.ctx_ = ctx
-	return c
-}
-
-// Header returns an http.Header that can be modified by the caller to
-// add HTTP headers to the request.
-func (c *BucketAccessControlsUpdateCall) Header() http.Header {
-	if c.header_ == nil {
-		c.header_ = make(http.Header)
-	}
-	return c.header_
-}
-
-func (c *BucketAccessControlsUpdateCall) doRequest(alt string) (*http.Response, error) {
-	reqHeaders := make(http.Header)
-	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
-	for k, v := range c.header_ {
-		reqHeaders[k] = v
-	}
-	reqHeaders.Set("User-Agent", c.s.userAgent())
-	var body io.Reader = nil
-	body, err := googleapi.WithoutDataWrapper.JSONReader(c.bucketaccesscontrol)
-	if err != nil {
-		return nil, err
-	}
-	reqHeaders.Set("Content-Type", "application/json")
-	c.urlParams_.Set("alt", alt)
-	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "b/{bucket}/acl/{entity}")
-	urls += "?" + c.urlParams_.Encode()
-	req, err := http.NewRequest("PUT", urls, body)
-	if err != nil {
-		return nil, err
-	}
-	req.Header = reqHeaders
-	googleapi.Expand(req.URL, map[string]string{
-		"bucket": c.bucket,
-		"entity": c.entity,
-	})
-	return gensupport.SendRequest(c.ctx_, c.s.client, req)
-}
-
-// Do executes the "storage.bucketAccessControls.update" call.
-// Exactly one of *BucketAccessControl or error will be non-nil. Any
-// non-2xx status code is an error. Response headers are in either
-// *BucketAccessControl.ServerResponse.Header or (if a response was
-// returned at all) in error.(*googleapi.Error).Header. Use
-// googleapi.IsNotModified to check whether the returned error was
-// because http.StatusNotModified was returned.
-func (c *BucketAccessControlsUpdateCall) Do(opts ...googleapi.CallOption) (*BucketAccessControl, error) {
-	gensupport.SetOptions(c.urlParams_, opts...)
-	res, err := c.doRequest("json")
-	if res != nil && res.StatusCode == http.StatusNotModified {
-		if res.Body != nil {
-			res.Body.Close()
-		}
-		return nil, gensupport.WrapError(&googleapi.Error{
-			Code:   res.StatusCode,
-			Header: res.Header,
-		})
-	}
-	if err != nil {
-		return nil, err
-	}
-	defer googleapi.CloseBody(res)
-	if err := googleapi.CheckResponse(res); err != nil {
-		return nil, gensupport.WrapError(err)
-	}
-	ret := &BucketAccessControl{
-		ServerResponse: googleapi.ServerResponse{
-			Header:         res.Header,
-			HTTPStatusCode: res.StatusCode,
-		},
-	}
-	target := &ret
-	if err := gensupport.DecodeResponse(target, res); err != nil {
-		return nil, err
-	}
-	return ret, nil
-	// {
-	//   "description": "Updates an ACL entry on the specified bucket.",
-	//   "httpMethod": "PUT",
-	//   "id": "storage.bucketAccessControls.update",
-	//   "parameterOrder": [
-	//     "bucket",
-	//     "entity"
-	//   ],
-	//   "parameters": {
-	//     "bucket": {
-	//       "description": "Name of a bucket.",
-	//       "location": "path",
-	//       "required": true,
-	//       "type": "string"
-	//     },
-	//     "entity": {
-	//       "description": "The entity holding the permission. Can be user-userId, user-emailAddress, group-groupId, group-emailAddress, allUsers, or allAuthenticatedUsers.",
-	//       "location": "path",
-	//       "required": true,
-	//       "type": "string"
-	//     },
-	//     "userProject": {
-	//       "description": "The project to be billed for this request. Required for Requester Pays buckets.",
-	//       "location": "query",
-	//       "type": "string"
-	//     }
-	//   },
-	//   "path": "b/{bucket}/acl/{entity}",
-	//   "request": {
-	//     "$ref": "BucketAccessControl"
-	//   },
-	//   "response": {
-	//     "$ref": "BucketAccessControl"
-	//   },
-	//   "scopes": [
-	//     "https://www.googleapis.com/auth/cloud-platform",
-	//     "https://www.googleapis.com/auth/devstorage.full_control"
-	//   ]
-	// }
-
-}
-
-// method id "storage.buckets.delete":
-
-type BucketsDeleteCall struct {
-	s          *Service
-	bucket     string
-	urlParams_ gensupport.URLParams
-	ctx_       context.Context
-	header_    http.Header
-}
-
-// Delete: Permanently deletes an empty bucket.
-//
-// - bucket: Name of a bucket.
-func (r *BucketsService) Delete(bucket string) *BucketsDeleteCall {
-	c := &BucketsDeleteCall{s: r.s, urlParams_: make(gensupport.URLParams)}
-	c.bucket = bucket
-	return c
-}
-
-// IfMetagenerationMatch sets the optional parameter
-// "ifMetagenerationMatch": If set, only deletes the bucket if its
-// metageneration matches this value.
-func (c *BucketsDeleteCall) IfMetagenerationMatch(ifMetagenerationMatch int64) *BucketsDeleteCall {
-	c.urlParams_.Set("ifMetagenerationMatch", fmt.Sprint(ifMetagenerationMatch))
-	return c
-}
-
-// IfMetagenerationNotMatch sets the optional parameter
-// "ifMetagenerationNotMatch": If set, only deletes the bucket if its
-// metageneration does not match this value.
-func (c *BucketsDeleteCall) IfMetagenerationNotMatch(ifMetagenerationNotMatch int64) *BucketsDeleteCall {
-	c.urlParams_.Set("ifMetagenerationNotMatch", fmt.Sprint(ifMetagenerationNotMatch))
-	return c
-}
-
-// UserProject sets the optional parameter "userProject": The project to
-// be billed for this request. Required for Requester Pays buckets.
-func (c *BucketsDeleteCall) UserProject(userProject string) *BucketsDeleteCall {
-	c.urlParams_.Set("userProject", userProject)
-	return c
-}
-
-// Fields allows partial responses to be retrieved. See
-// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
-// for more information.
-func (c *BucketsDeleteCall) Fields(s ...googleapi.Field) *BucketsDeleteCall {
-	c.urlParams_.Set("fields", googleapi.CombineFields(s))
-	return c
-}
-
-// Context sets the context to be used in this call's Do method. Any
-// pending HTTP request will be aborted if the provided context is
-// canceled.
-func (c *BucketsDeleteCall) Context(ctx context.Context) *BucketsDeleteCall {
-	c.ctx_ = ctx
-	return c
-}
-
-// Header returns an http.Header that can be modified by the caller to
-// add HTTP headers to the request.
-func (c *BucketsDeleteCall) Header() http.Header {
-	if c.header_ == nil {
-		c.header_ = make(http.Header)
-	}
-	return c.header_
-}
-
-func (c *BucketsDeleteCall) doRequest(alt string) (*http.Response, error) {
-	reqHeaders := make(http.Header)
-	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
-	for k, v := range c.header_ {
-		reqHeaders[k] = v
-	}
-	reqHeaders.Set("User-Agent", c.s.userAgent())
-	var body io.Reader = nil
-	c.urlParams_.Set("alt", alt)
-	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "b/{bucket}")
-	urls += "?" + c.urlParams_.Encode()
-	req, err := http.NewRequest("DELETE", urls, body)
-	if err != nil {
-		return nil, err
-	}
-	req.Header = reqHeaders
-	googleapi.Expand(req.URL, map[string]string{
-		"bucket": c.bucket,
-	})
-	return gensupport.SendRequest(c.ctx_, c.s.client, req)
-}
-
-// Do executes the "storage.buckets.delete" call.
-func (c *BucketsDeleteCall) Do(opts ...googleapi.CallOption) error {
-	gensupport.SetOptions(c.urlParams_, opts...)
-	res, err := c.doRequest("json")
-	if err != nil {
-		return err
-	}
-	defer googleapi.CloseBody(res)
-	if err := googleapi.CheckResponse(res); err != nil {
-		return gensupport.WrapError(err)
-	}
-	return nil
-	// {
-	//   "description": "Permanently deletes an empty bucket.",
-	//   "httpMethod": "DELETE",
-	//   "id": "storage.buckets.delete",
-	//   "parameterOrder": [
-	//     "bucket"
-	//   ],
-	//   "parameters": {
-	//     "bucket": {
-	//       "description": "Name of a bucket.",
-	//       "location": "path",
-	//       "required": true,
-	//       "type": "string"
-	//     },
-	//     "ifMetagenerationMatch": {
-	//       "description": "If set, only deletes the bucket if its metageneration matches this value.",
-	//       "format": "int64",
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "ifMetagenerationNotMatch": {
-	//       "description": "If set, only deletes the bucket if its metageneration does not match this value.",
-	//       "format": "int64",
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "userProject": {
-	//       "description": "The project to be billed for this request. Required for Requester Pays buckets.",
-	//       "location": "query",
-	//       "type": "string"
-	//     }
-	//   },
-	//   "path": "b/{bucket}",
-	//   "scopes": [
-	//     "https://www.googleapis.com/auth/cloud-platform",
-	//     "https://www.googleapis.com/auth/devstorage.full_control",
-	//     "https://www.googleapis.com/auth/devstorage.read_write"
-	//   ]
-	// }
-
-}
-
-// method id "storage.buckets.get":
-
-type BucketsGetCall struct {
-	s            *Service
-	bucket       string
-	urlParams_   gensupport.URLParams
-	ifNoneMatch_ string
-	ctx_         context.Context
-	header_      http.Header
-}
-
-// Get: Returns metadata for the specified bucket.
-//
-// - bucket: Name of a bucket.
-func (r *BucketsService) Get(bucket string) *BucketsGetCall {
-	c := &BucketsGetCall{s: r.s, urlParams_: make(gensupport.URLParams)}
-	c.bucket = bucket
-	return c
-}
-
-// IfMetagenerationMatch sets the optional parameter
-// "ifMetagenerationMatch": Makes the return of the bucket metadata
-// conditional on whether the bucket's current metageneration matches
-// the given value.
-func (c *BucketsGetCall) IfMetagenerationMatch(ifMetagenerationMatch int64) *BucketsGetCall {
-	c.urlParams_.Set("ifMetagenerationMatch", fmt.Sprint(ifMetagenerationMatch))
-	return c
-}
-
-// IfMetagenerationNotMatch sets the optional parameter
-// "ifMetagenerationNotMatch": Makes the return of the bucket metadata
-// conditional on whether the bucket's current metageneration does not
-// match the given value.
-func (c *BucketsGetCall) IfMetagenerationNotMatch(ifMetagenerationNotMatch int64) *BucketsGetCall {
-	c.urlParams_.Set("ifMetagenerationNotMatch", fmt.Sprint(ifMetagenerationNotMatch))
-	return c
-}
-
-// Projection sets the optional parameter "projection": Set of
-// properties to return. Defaults to noAcl.
-//
-// Possible values:
-//
-//	"full" - Include all properties.
-//	"noAcl" - Omit owner, acl and defaultObjectAcl properties.
-func (c *BucketsGetCall) Projection(projection string) *BucketsGetCall {
-	c.urlParams_.Set("projection", projection)
-	return c
-}
-
-// UserProject sets the optional parameter "userProject": The project to
-// be billed for this request. Required for Requester Pays buckets.
-func (c *BucketsGetCall) UserProject(userProject string) *BucketsGetCall {
-	c.urlParams_.Set("userProject", userProject)
-	return c
-}
-
-// Fields allows partial responses to be retrieved. See
-// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
-// for more information.
-func (c *BucketsGetCall) Fields(s ...googleapi.Field) *BucketsGetCall {
-	c.urlParams_.Set("fields", googleapi.CombineFields(s))
-	return c
-}
-
-// IfNoneMatch sets the optional parameter which makes the operation
-// fail if the object's ETag matches the given value. This is useful for
-// getting updates only after the object has changed since the last
-// request. Use googleapi.IsNotModified to check whether the response
-// error from Do is the result of In-None-Match.
-func (c *BucketsGetCall) IfNoneMatch(entityTag string) *BucketsGetCall {
-	c.ifNoneMatch_ = entityTag
-	return c
-}
-
-// Context sets the context to be used in this call's Do method. Any
-// pending HTTP request will be aborted if the provided context is
-// canceled.
-func (c *BucketsGetCall) Context(ctx context.Context) *BucketsGetCall {
-	c.ctx_ = ctx
-	return c
-}
-
-// Header returns an http.Header that can be modified by the caller to
-// add HTTP headers to the request.
-func (c *BucketsGetCall) Header() http.Header {
-	if c.header_ == nil {
-		c.header_ = make(http.Header)
-	}
-	return c.header_
-}
-
-func (c *BucketsGetCall) doRequest(alt string) (*http.Response, error) {
-	reqHeaders := make(http.Header)
-	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
-	for k, v := range c.header_ {
-		reqHeaders[k] = v
-	}
-	reqHeaders.Set("User-Agent", c.s.userAgent())
-	if c.ifNoneMatch_ != "" {
-		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
-	}
-	var body io.Reader = nil
-	c.urlParams_.Set("alt", alt)
-	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "b/{bucket}")
-	urls += "?" + c.urlParams_.Encode()
-	req, err := http.NewRequest("GET", urls, body)
-	if err != nil {
-		return nil, err
-	}
-	req.Header = reqHeaders
-	googleapi.Expand(req.URL, map[string]string{
-		"bucket": c.bucket,
-	})
-	return gensupport.SendRequest(c.ctx_, c.s.client, req)
-}
-
-// Do executes the "storage.buckets.get" call.
-// Exactly one of *Bucket or error will be non-nil. Any non-2xx status
-// code is an error. Response headers are in either
-// *Bucket.ServerResponse.Header or (if a response was returned at all)
-// in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to
-// check whether the returned error was because http.StatusNotModified
-// was returned.
-func (c *BucketsGetCall) Do(opts ...googleapi.CallOption) (*Bucket, error) {
-	gensupport.SetOptions(c.urlParams_, opts...)
-	res, err := c.doRequest("json")
-	if res != nil && res.StatusCode == http.StatusNotModified {
-		if res.Body != nil {
-			res.Body.Close()
-		}
-		return nil, gensupport.WrapError(&googleapi.Error{
-			Code:   res.StatusCode,
-			Header: res.Header,
-		})
-	}
-	if err != nil {
-		return nil, err
-	}
-	defer googleapi.CloseBody(res)
-	if err := googleapi.CheckResponse(res); err != nil {
-		return nil, gensupport.WrapError(err)
-	}
-	ret := &Bucket{
-		ServerResponse: googleapi.ServerResponse{
-			Header:         res.Header,
-			HTTPStatusCode: res.StatusCode,
-		},
-	}
-	target := &ret
-	if err := gensupport.DecodeResponse(target, res); err != nil {
-		return nil, err
-	}
-	return ret, nil
-	// {
-	//   "description": "Returns metadata for the specified bucket.",
-	//   "httpMethod": "GET",
-	//   "id": "storage.buckets.get",
-	//   "parameterOrder": [
-	//     "bucket"
-	//   ],
-	//   "parameters": {
-	//     "bucket": {
-	//       "description": "Name of a bucket.",
-	//       "location": "path",
-	//       "required": true,
-	//       "type": "string"
-	//     },
-	//     "ifMetagenerationMatch": {
-	//       "description": "Makes the return of the bucket metadata conditional on whether the bucket's current metageneration matches the given value.",
-	//       "format": "int64",
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "ifMetagenerationNotMatch": {
-	//       "description": "Makes the return of the bucket metadata conditional on whether the bucket's current metageneration does not match the given value.",
-	//       "format": "int64",
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "projection": {
-	//       "description": "Set of properties to return. Defaults to noAcl.",
-	//       "enum": [
-	//         "full",
-	//         "noAcl"
-	//       ],
-	//       "enumDescriptions": [
-	//         "Include all properties.",
-	//         "Omit owner, acl and defaultObjectAcl properties."
-	//       ],
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "userProject": {
-	//       "description": "The project to be billed for this request. Required for Requester Pays buckets.",
-	//       "location": "query",
-	//       "type": "string"
-	//     }
-	//   },
-	//   "path": "b/{bucket}",
-	//   "response": {
-	//     "$ref": "Bucket"
-	//   },
-	//   "scopes": [
-	//     "https://www.googleapis.com/auth/cloud-platform",
-	//     "https://www.googleapis.com/auth/cloud-platform.read-only",
-	//     "https://www.googleapis.com/auth/devstorage.full_control",
-	//     "https://www.googleapis.com/auth/devstorage.read_only",
-	//     "https://www.googleapis.com/auth/devstorage.read_write"
-	//   ]
-	// }
-
-}
-
-// method id "storage.buckets.getIamPolicy":
-
-type BucketsGetIamPolicyCall struct {
-	s            *Service
-	bucket       string
-	urlParams_   gensupport.URLParams
-	ifNoneMatch_ string
-	ctx_         context.Context
-	header_      http.Header
-}
-
-// GetIamPolicy: Returns an IAM policy for the specified bucket.
-//
-// - bucket: Name of a bucket.
-func (r *BucketsService) GetIamPolicy(bucket string) *BucketsGetIamPolicyCall {
-	c := &BucketsGetIamPolicyCall{s: r.s, urlParams_: make(gensupport.URLParams)}
-	c.bucket = bucket
-	return c
-}
-
-// OptionsRequestedPolicyVersion sets the optional parameter
-// "optionsRequestedPolicyVersion": The IAM policy format version to be
-// returned. If the optionsRequestedPolicyVersion is for an older
-// version that doesn't support part of the requested IAM policy, the
-// request fails.
-func (c *BucketsGetIamPolicyCall) OptionsRequestedPolicyVersion(optionsRequestedPolicyVersion int64) *BucketsGetIamPolicyCall {
-	c.urlParams_.Set("optionsRequestedPolicyVersion", fmt.Sprint(optionsRequestedPolicyVersion))
-	return c
-}
-
-// UserProject sets the optional parameter "userProject": The project to
-// be billed for this request. Required for Requester Pays buckets.
-func (c *BucketsGetIamPolicyCall) UserProject(userProject string) *BucketsGetIamPolicyCall {
-	c.urlParams_.Set("userProject", userProject)
-	return c
-}
-
-// Fields allows partial responses to be retrieved. See
-// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
-// for more information.
-func (c *BucketsGetIamPolicyCall) Fields(s ...googleapi.Field) *BucketsGetIamPolicyCall {
-	c.urlParams_.Set("fields", googleapi.CombineFields(s))
-	return c
-}
-
-// IfNoneMatch sets the optional parameter which makes the operation
-// fail if the object's ETag matches the given value. This is useful for
-// getting updates only after the object has changed since the last
-// request. Use googleapi.IsNotModified to check whether the response
-// error from Do is the result of In-None-Match.
-func (c *BucketsGetIamPolicyCall) IfNoneMatch(entityTag string) *BucketsGetIamPolicyCall {
-	c.ifNoneMatch_ = entityTag
-	return c
-}
-
-// Context sets the context to be used in this call's Do method. Any
-// pending HTTP request will be aborted if the provided context is
-// canceled.
-func (c *BucketsGetIamPolicyCall) Context(ctx context.Context) *BucketsGetIamPolicyCall {
-	c.ctx_ = ctx
-	return c
-}
-
-// Header returns an http.Header that can be modified by the caller to
-// add HTTP headers to the request.
-func (c *BucketsGetIamPolicyCall) Header() http.Header {
-	if c.header_ == nil {
-		c.header_ = make(http.Header)
-	}
-	return c.header_
-}
-
-func (c *BucketsGetIamPolicyCall) doRequest(alt string) (*http.Response, error) {
-	reqHeaders := make(http.Header)
-	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
-	for k, v := range c.header_ {
-		reqHeaders[k] = v
-	}
-	reqHeaders.Set("User-Agent", c.s.userAgent())
-	if c.ifNoneMatch_ != "" {
-		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
-	}
-	var body io.Reader = nil
-	c.urlParams_.Set("alt", alt)
-	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "b/{bucket}/iam")
-	urls += "?" + c.urlParams_.Encode()
-	req, err := http.NewRequest("GET", urls, body)
-	if err != nil {
-		return nil, err
-	}
-	req.Header = reqHeaders
-	googleapi.Expand(req.URL, map[string]string{
-		"bucket": c.bucket,
-	})
-	return gensupport.SendRequest(c.ctx_, c.s.client, req)
-}
-
-// Do executes the "storage.buckets.getIamPolicy" call.
-// Exactly one of *Policy or error will be non-nil. Any non-2xx status
-// code is an error. Response headers are in either
-// *Policy.ServerResponse.Header or (if a response was returned at all)
-// in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to
-// check whether the returned error was because http.StatusNotModified
-// was returned.
-func (c *BucketsGetIamPolicyCall) Do(opts ...googleapi.CallOption) (*Policy, error) {
-	gensupport.SetOptions(c.urlParams_, opts...)
-	res, err := c.doRequest("json")
-	if res != nil && res.StatusCode == http.StatusNotModified {
-		if res.Body != nil {
-			res.Body.Close()
-		}
-		return nil, gensupport.WrapError(&googleapi.Error{
-			Code:   res.StatusCode,
-			Header: res.Header,
-		})
-	}
-	if err != nil {
-		return nil, err
-	}
-	defer googleapi.CloseBody(res)
-	if err := googleapi.CheckResponse(res); err != nil {
-		return nil, gensupport.WrapError(err)
-	}
-	ret := &Policy{
-		ServerResponse: googleapi.ServerResponse{
-			Header:         res.Header,
-			HTTPStatusCode: res.StatusCode,
-		},
-	}
-	target := &ret
-	if err := gensupport.DecodeResponse(target, res); err != nil {
-		return nil, err
-	}
-	return ret, nil
-	// {
-	//   "description": "Returns an IAM policy for the specified bucket.",
-	//   "httpMethod": "GET",
-	//   "id": "storage.buckets.getIamPolicy",
-	//   "parameterOrder": [
-	//     "bucket"
-	//   ],
-	//   "parameters": {
-	//     "bucket": {
-	//       "description": "Name of a bucket.",
-	//       "location": "path",
-	//       "required": true,
-	//       "type": "string"
-	//     },
-	//     "optionsRequestedPolicyVersion": {
-	//       "description": "The IAM policy format version to be returned. If the optionsRequestedPolicyVersion is for an older version that doesn't support part of the requested IAM policy, the request fails.",
-	//       "format": "int32",
-	//       "location": "query",
-	//       "minimum": "1",
-	//       "type": "integer"
-	//     },
-	//     "userProject": {
-	//       "description": "The project to be billed for this request. Required for Requester Pays buckets.",
-	//       "location": "query",
-	//       "type": "string"
-	//     }
-	//   },
-	//   "path": "b/{bucket}/iam",
-	//   "response": {
-	//     "$ref": "Policy"
-	//   },
-	//   "scopes": [
-	//     "https://www.googleapis.com/auth/cloud-platform",
-	//     "https://www.googleapis.com/auth/devstorage.full_control"
-	//   ]
-	// }
-
-}
-
-// method id "storage.buckets.insert":
-
-type BucketsInsertCall struct {
-	s          *Service
-	bucket     *Bucket
-	urlParams_ gensupport.URLParams
-	ctx_       context.Context
-	header_    http.Header
-}
-
-// Insert: Creates a new bucket.
-//
-// - project: A valid API project identifier.
-func (r *BucketsService) Insert(projectid string, bucket *Bucket) *BucketsInsertCall {
-	c := &BucketsInsertCall{s: r.s, urlParams_: make(gensupport.URLParams)}
-	c.urlParams_.Set("project", projectid)
-	c.bucket = bucket
-	return c
-}
-
-// PredefinedAcl sets the optional parameter "predefinedAcl": Apply a
-// predefined set of access controls to this bucket.
-//
-// Possible values:
-//
-//	"authenticatedRead" - Project team owners get OWNER access, and
-//
-// allAuthenticatedUsers get READER access.
-//
-//	"private" - Project team owners get OWNER access.
-//	"projectPrivate" - Project team members get access according to
-//
-// their roles.
-//
-//	"publicRead" - Project team owners get OWNER access, and allUsers
-//
-// get READER access.
-//
-//	"publicReadWrite" - Project team owners get OWNER access, and
-//
-// allUsers get WRITER access.
-func (c *BucketsInsertCall) PredefinedAcl(predefinedAcl string) *BucketsInsertCall {
-	c.urlParams_.Set("predefinedAcl", predefinedAcl)
-	return c
-}
-
-// PredefinedDefaultObjectAcl sets the optional parameter
-// "predefinedDefaultObjectAcl": Apply a predefined set of default
-// object access controls to this bucket.
-//
-// Possible values:
-//
-//	"authenticatedRead" - Object owner gets OWNER access, and
-//
-// allAuthenticatedUsers get READER access.
-//
-//	"bucketOwnerFullControl" - Object owner gets OWNER access, and
-//
-// project team owners get OWNER access.
-//
-//	"bucketOwnerRead" - Object owner gets OWNER access, and project
-//
-// team owners get READER access.
-//
-//	"private" - Object owner gets OWNER access.
-//	"projectPrivate" - Object owner gets OWNER access, and project team
-//
-// members get access according to their roles.
-//
-//	"publicRead" - Object owner gets OWNER access, and allUsers get
-//
-// READER access.
-func (c *BucketsInsertCall) PredefinedDefaultObjectAcl(predefinedDefaultObjectAcl string) *BucketsInsertCall {
-	c.urlParams_.Set("predefinedDefaultObjectAcl", predefinedDefaultObjectAcl)
-	return c
-}
-
-// Projection sets the optional parameter "projection": Set of
-// properties to return. Defaults to noAcl, unless the bucket resource
-// specifies acl or defaultObjectAcl properties, when it defaults to
-// full.
-//
-// Possible values:
-//
-//	"full" - Include all properties.
-//	"noAcl" - Omit owner, acl and defaultObjectAcl properties.
-func (c *BucketsInsertCall) Projection(projection string) *BucketsInsertCall {
-	c.urlParams_.Set("projection", projection)
-	return c
-}
-
-// UserProject sets the optional parameter "userProject": The project to
-// be billed for this request.
-func (c *BucketsInsertCall) UserProject(userProject string) *BucketsInsertCall {
-	c.urlParams_.Set("userProject", userProject)
-	return c
-}
-
-// Fields allows partial responses to be retrieved. See
-// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
-// for more information.
-func (c *BucketsInsertCall) Fields(s ...googleapi.Field) *BucketsInsertCall {
-	c.urlParams_.Set("fields", googleapi.CombineFields(s))
-	return c
-}
-
-// Context sets the context to be used in this call's Do method. Any
-// pending HTTP request will be aborted if the provided context is
-// canceled.
-func (c *BucketsInsertCall) Context(ctx context.Context) *BucketsInsertCall {
-	c.ctx_ = ctx
-	return c
-}
-
-// Header returns an http.Header that can be modified by the caller to
-// add HTTP headers to the request.
-func (c *BucketsInsertCall) Header() http.Header {
-	if c.header_ == nil {
-		c.header_ = make(http.Header)
-	}
-	return c.header_
-}
-
-func (c *BucketsInsertCall) doRequest(alt string) (*http.Response, error) {
-	reqHeaders := make(http.Header)
-	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
-	for k, v := range c.header_ {
-		reqHeaders[k] = v
-	}
-	reqHeaders.Set("User-Agent", c.s.userAgent())
-	var body io.Reader = nil
-	body, err := googleapi.WithoutDataWrapper.JSONReader(c.bucket)
-	if err != nil {
-		return nil, err
-	}
-	reqHeaders.Set("Content-Type", "application/json")
-	c.urlParams_.Set("alt", alt)
-	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "b")
-	urls += "?" + c.urlParams_.Encode()
-	req, err := http.NewRequest("POST", urls, body)
-	if err != nil {
-		return nil, err
-	}
-	req.Header = reqHeaders
-	return gensupport.SendRequest(c.ctx_, c.s.client, req)
-}
-
-// Do executes the "storage.buckets.insert" call.
-// Exactly one of *Bucket or error will be non-nil. Any non-2xx status
-// code is an error. Response headers are in either
-// *Bucket.ServerResponse.Header or (if a response was returned at all)
-// in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to
-// check whether the returned error was because http.StatusNotModified
-// was returned.
-func (c *BucketsInsertCall) Do(opts ...googleapi.CallOption) (*Bucket, error) {
-	gensupport.SetOptions(c.urlParams_, opts...)
-	res, err := c.doRequest("json")
-	if res != nil && res.StatusCode == http.StatusNotModified {
-		if res.Body != nil {
-			res.Body.Close()
-		}
-		return nil, gensupport.WrapError(&googleapi.Error{
-			Code:   res.StatusCode,
-			Header: res.Header,
-		})
-	}
-	if err != nil {
-		return nil, err
-	}
-	defer googleapi.CloseBody(res)
-	if err := googleapi.CheckResponse(res); err != nil {
-		return nil, gensupport.WrapError(err)
-	}
-	ret := &Bucket{
-		ServerResponse: googleapi.ServerResponse{
-			Header:         res.Header,
-			HTTPStatusCode: res.StatusCode,
-		},
-	}
-	target := &ret
-	if err := gensupport.DecodeResponse(target, res); err != nil {
-		return nil, err
-	}
-	return ret, nil
-	// {
-	//   "description": "Creates a new bucket.",
-	//   "httpMethod": "POST",
-	//   "id": "storage.buckets.insert",
-	//   "parameterOrder": [
-	//     "project"
-	//   ],
-	//   "parameters": {
-	//     "predefinedAcl": {
-	//       "description": "Apply a predefined set of access controls to this bucket.",
-	//       "enum": [
-	//         "authenticatedRead",
-	//         "private",
-	//         "projectPrivate",
-	//         "publicRead",
-	//         "publicReadWrite"
-	//       ],
-	//       "enumDescriptions": [
-	//         "Project team owners get OWNER access, and allAuthenticatedUsers get READER access.",
-	//         "Project team owners get OWNER access.",
-	//         "Project team members get access according to their roles.",
-	//         "Project team owners get OWNER access, and allUsers get READER access.",
-	//         "Project team owners get OWNER access, and allUsers get WRITER access."
-	//       ],
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "predefinedDefaultObjectAcl": {
-	//       "description": "Apply a predefined set of default object access controls to this bucket.",
-	//       "enum": [
-	//         "authenticatedRead",
-	//         "bucketOwnerFullControl",
-	//         "bucketOwnerRead",
-	//         "private",
-	//         "projectPrivate",
-	//         "publicRead"
-	//       ],
-	//       "enumDescriptions": [
-	//         "Object owner gets OWNER access, and allAuthenticatedUsers get READER access.",
-	//         "Object owner gets OWNER access, and project team owners get OWNER access.",
-	//         "Object owner gets OWNER access, and project team owners get READER access.",
-	//         "Object owner gets OWNER access.",
-	//         "Object owner gets OWNER access, and project team members get access according to their roles.",
-	//         "Object owner gets OWNER access, and allUsers get READER access."
-	//       ],
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "project": {
-	//       "description": "A valid API project identifier.",
-	//       "location": "query",
-	//       "required": true,
-	//       "type": "string"
-	//     },
-	//     "projection": {
-	//       "description": "Set of properties to return. Defaults to noAcl, unless the bucket resource specifies acl or defaultObjectAcl properties, when it defaults to full.",
-	//       "enum": [
-	//         "full",
-	//         "noAcl"
-	//       ],
-	//       "enumDescriptions": [
-	//         "Include all properties.",
-	//         "Omit owner, acl and defaultObjectAcl properties."
-	//       ],
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "userProject": {
-	//       "description": "The project to be billed for this request.",
-	//       "location": "query",
-	//       "type": "string"
-	//     }
-	//   },
-	//   "path": "b",
-	//   "request": {
-	//     "$ref": "Bucket"
-	//   },
-	//   "response": {
-	//     "$ref": "Bucket"
-	//   },
-	//   "scopes": [
-	//     "https://www.googleapis.com/auth/cloud-platform",
-	//     "https://www.googleapis.com/auth/devstorage.full_control",
-	//     "https://www.googleapis.com/auth/devstorage.read_write"
-	//   ]
-	// }
-
-}
-
-// method id "storage.buckets.list":
-
-type BucketsListCall struct {
-	s            *Service
-	urlParams_   gensupport.URLParams
-	ifNoneMatch_ string
-	ctx_         context.Context
-	header_      http.Header
-}
-
-// List: Retrieves a list of buckets for a given project.
-//
-// - project: A valid API project identifier.
-func (r *BucketsService) List(projectid string) *BucketsListCall {
-	c := &BucketsListCall{s: r.s, urlParams_: make(gensupport.URLParams)}
-	c.urlParams_.Set("project", projectid)
-	return c
-}
-
-// MaxResults sets the optional parameter "maxResults": Maximum number
-// of buckets to return in a single response. The service will use this
-// parameter or 1,000 items, whichever is smaller.
-func (c *BucketsListCall) MaxResults(maxResults int64) *BucketsListCall {
-	c.urlParams_.Set("maxResults", fmt.Sprint(maxResults))
-	return c
-}
-
-// PageToken sets the optional parameter "pageToken": A
-// previously-returned page token representing part of the larger set of
-// results to view.
-func (c *BucketsListCall) PageToken(pageToken string) *BucketsListCall {
-	c.urlParams_.Set("pageToken", pageToken)
-	return c
-}
-
-// Prefix sets the optional parameter "prefix": Filter results to
-// buckets whose names begin with this prefix.
-func (c *BucketsListCall) Prefix(prefix string) *BucketsListCall {
-	c.urlParams_.Set("prefix", prefix)
-	return c
-}
-
-// Projection sets the optional parameter "projection": Set of
-// properties to return. Defaults to noAcl.
-//
-// Possible values:
-//
-//	"full" - Include all properties.
-//	"noAcl" - Omit owner, acl and defaultObjectAcl properties.
-func (c *BucketsListCall) Projection(projection string) *BucketsListCall {
-	c.urlParams_.Set("projection", projection)
-	return c
-}
-
-// UserProject sets the optional parameter "userProject": The project to
-// be billed for this request.
-func (c *BucketsListCall) UserProject(userProject string) *BucketsListCall {
-	c.urlParams_.Set("userProject", userProject)
-	return c
-}
-
-// Fields allows partial responses to be retrieved. See
-// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
-// for more information.
-func (c *BucketsListCall) Fields(s ...googleapi.Field) *BucketsListCall {
-	c.urlParams_.Set("fields", googleapi.CombineFields(s))
-	return c
-}
-
-// IfNoneMatch sets the optional parameter which makes the operation
-// fail if the object's ETag matches the given value. This is useful for
-// getting updates only after the object has changed since the last
-// request. Use googleapi.IsNotModified to check whether the response
-// error from Do is the result of In-None-Match.
-func (c *BucketsListCall) IfNoneMatch(entityTag string) *BucketsListCall {
-	c.ifNoneMatch_ = entityTag
-	return c
-}
-
-// Context sets the context to be used in this call's Do method. Any
-// pending HTTP request will be aborted if the provided context is
-// canceled.
-func (c *BucketsListCall) Context(ctx context.Context) *BucketsListCall {
-	c.ctx_ = ctx
-	return c
-}
-
-// Header returns an http.Header that can be modified by the caller to
-// add HTTP headers to the request.
-func (c *BucketsListCall) Header() http.Header {
-	if c.header_ == nil {
-		c.header_ = make(http.Header)
-	}
-	return c.header_
-}
-
-func (c *BucketsListCall) doRequest(alt string) (*http.Response, error) {
-	reqHeaders := make(http.Header)
-	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
-	for k, v := range c.header_ {
-		reqHeaders[k] = v
-	}
-	reqHeaders.Set("User-Agent", c.s.userAgent())
-	if c.ifNoneMatch_ != "" {
-		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
-	}
-	var body io.Reader = nil
-	c.urlParams_.Set("alt", alt)
-	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "b")
-	urls += "?" + c.urlParams_.Encode()
-	req, err := http.NewRequest("GET", urls, body)
-	if err != nil {
-		return nil, err
-	}
-	req.Header = reqHeaders
-	return gensupport.SendRequest(c.ctx_, c.s.client, req)
-}
-
-// Do executes the "storage.buckets.list" call.
-// Exactly one of *Buckets or error will be non-nil. Any non-2xx status
-// code is an error. Response headers are in either
-// *Buckets.ServerResponse.Header or (if a response was returned at all)
-// in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to
-// check whether the returned error was because http.StatusNotModified
-// was returned.
-func (c *BucketsListCall) Do(opts ...googleapi.CallOption) (*Buckets, error) {
-	gensupport.SetOptions(c.urlParams_, opts...)
-	res, err := c.doRequest("json")
-	if res != nil && res.StatusCode == http.StatusNotModified {
-		if res.Body != nil {
-			res.Body.Close()
-		}
-		return nil, gensupport.WrapError(&googleapi.Error{
-			Code:   res.StatusCode,
-			Header: res.Header,
-		})
-	}
-	if err != nil {
-		return nil, err
-	}
-	defer googleapi.CloseBody(res)
-	if err := googleapi.CheckResponse(res); err != nil {
-		return nil, gensupport.WrapError(err)
-	}
-	ret := &Buckets{
-		ServerResponse: googleapi.ServerResponse{
-			Header:         res.Header,
-			HTTPStatusCode: res.StatusCode,
-		},
-	}
-	target := &ret
-	if err := gensupport.DecodeResponse(target, res); err != nil {
-		return nil, err
-	}
-	return ret, nil
-	// {
-	//   "description": "Retrieves a list of buckets for a given project.",
-	//   "httpMethod": "GET",
-	//   "id": "storage.buckets.list",
-	//   "parameterOrder": [
-	//     "project"
-	//   ],
-	//   "parameters": {
-	//     "maxResults": {
-	//       "default": "1000",
-	//       "description": "Maximum number of buckets to return in a single response. The service will use this parameter or 1,000 items, whichever is smaller.",
-	//       "format": "uint32",
-	//       "location": "query",
-	//       "minimum": "0",
-	//       "type": "integer"
-	//     },
-	//     "pageToken": {
-	//       "description": "A previously-returned page token representing part of the larger set of results to view.",
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "prefix": {
-	//       "description": "Filter results to buckets whose names begin with this prefix.",
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "project": {
-	//       "description": "A valid API project identifier.",
-	//       "location": "query",
-	//       "required": true,
-	//       "type": "string"
-	//     },
-	//     "projection": {
-	//       "description": "Set of properties to return. Defaults to noAcl.",
-	//       "enum": [
-	//         "full",
-	//         "noAcl"
-	//       ],
-	//       "enumDescriptions": [
-	//         "Include all properties.",
-	//         "Omit owner, acl and defaultObjectAcl properties."
-	//       ],
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "userProject": {
-	//       "description": "The project to be billed for this request.",
-	//       "location": "query",
-	//       "type": "string"
-	//     }
-	//   },
-	//   "path": "b",
-	//   "response": {
-	//     "$ref": "Buckets"
-	//   },
-	//   "scopes": [
-	//     "https://www.googleapis.com/auth/cloud-platform",
-	//     "https://www.googleapis.com/auth/cloud-platform.read-only",
-	//     "https://www.googleapis.com/auth/devstorage.full_control",
-	//     "https://www.googleapis.com/auth/devstorage.read_only",
-	//     "https://www.googleapis.com/auth/devstorage.read_write"
-	//   ]
-	// }
-
-}
-
-// Pages invokes f for each page of results.
-// A non-nil error returned from f will halt the iteration.
-// The provided context supersedes any context provided to the Context method.
-func (c *BucketsListCall) Pages(ctx context.Context, f func(*Buckets) error) error {
-	c.ctx_ = ctx
-	defer c.PageToken(c.urlParams_.Get("pageToken")) // reset paging to original point
-	for {
-		x, err := c.Do()
-		if err != nil {
-			return err
-		}
-		if err := f(x); err != nil {
-			return err
-		}
-		if x.NextPageToken == "" {
-			return nil
-		}
-		c.PageToken(x.NextPageToken)
-	}
-}
-
-// method id "storage.buckets.lockRetentionPolicy":
-
-type BucketsLockRetentionPolicyCall struct {
-	s          *Service
-	bucket     string
-	urlParams_ gensupport.URLParams
-	ctx_       context.Context
-	header_    http.Header
-}
-
-// LockRetentionPolicy: Locks retention policy on a bucket.
-//
-//   - bucket: Name of a bucket.
-//   - ifMetagenerationMatch: Makes the operation conditional on whether
-//     bucket's current metageneration matches the given value.
-func (r *BucketsService) LockRetentionPolicy(bucket string, ifMetagenerationMatch int64) *BucketsLockRetentionPolicyCall {
-	c := &BucketsLockRetentionPolicyCall{s: r.s, urlParams_: make(gensupport.URLParams)}
-	c.bucket = bucket
-	c.urlParams_.Set("ifMetagenerationMatch", fmt.Sprint(ifMetagenerationMatch))
-	return c
-}
-
-// UserProject sets the optional parameter "userProject": The project to
-// be billed for this request. Required for Requester Pays buckets.
-func (c *BucketsLockRetentionPolicyCall) UserProject(userProject string) *BucketsLockRetentionPolicyCall {
-	c.urlParams_.Set("userProject", userProject)
-	return c
-}
-
-// Fields allows partial responses to be retrieved. See
-// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
-// for more information.
-func (c *BucketsLockRetentionPolicyCall) Fields(s ...googleapi.Field) *BucketsLockRetentionPolicyCall {
-	c.urlParams_.Set("fields", googleapi.CombineFields(s))
-	return c
-}
-
-// Context sets the context to be used in this call's Do method. Any
-// pending HTTP request will be aborted if the provided context is
-// canceled.
-func (c *BucketsLockRetentionPolicyCall) Context(ctx context.Context) *BucketsLockRetentionPolicyCall {
-	c.ctx_ = ctx
-	return c
-}
-
-// Header returns an http.Header that can be modified by the caller to
-// add HTTP headers to the request.
-func (c *BucketsLockRetentionPolicyCall) Header() http.Header {
-	if c.header_ == nil {
-		c.header_ = make(http.Header)
-	}
-	return c.header_
-}
-
-func (c *BucketsLockRetentionPolicyCall) doRequest(alt string) (*http.Response, error) {
-	reqHeaders := make(http.Header)
-	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
-	for k, v := range c.header_ {
-		reqHeaders[k] = v
-	}
-	reqHeaders.Set("User-Agent", c.s.userAgent())
-	var body io.Reader = nil
-	c.urlParams_.Set("alt", alt)
-	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "b/{bucket}/lockRetentionPolicy")
-	urls += "?" + c.urlParams_.Encode()
-	req, err := http.NewRequest("POST", urls, body)
-	if err != nil {
-		return nil, err
-	}
-	req.Header = reqHeaders
-	googleapi.Expand(req.URL, map[string]string{
-		"bucket": c.bucket,
-	})
-	return gensupport.SendRequest(c.ctx_, c.s.client, req)
-}
-
-// Do executes the "storage.buckets.lockRetentionPolicy" call.
-// Exactly one of *Bucket or error will be non-nil. Any non-2xx status
-// code is an error. Response headers are in either
-// *Bucket.ServerResponse.Header or (if a response was returned at all)
-// in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to
-// check whether the returned error was because http.StatusNotModified
-// was returned.
-func (c *BucketsLockRetentionPolicyCall) Do(opts ...googleapi.CallOption) (*Bucket, error) {
-	gensupport.SetOptions(c.urlParams_, opts...)
-	res, err := c.doRequest("json")
-	if res != nil && res.StatusCode == http.StatusNotModified {
-		if res.Body != nil {
-			res.Body.Close()
-		}
-		return nil, gensupport.WrapError(&googleapi.Error{
-			Code:   res.StatusCode,
-			Header: res.Header,
-		})
-	}
-	if err != nil {
-		return nil, err
-	}
-	defer googleapi.CloseBody(res)
-	if err := googleapi.CheckResponse(res); err != nil {
-		return nil, gensupport.WrapError(err)
-	}
-	ret := &Bucket{
-		ServerResponse: googleapi.ServerResponse{
-			Header:         res.Header,
-			HTTPStatusCode: res.StatusCode,
-		},
-	}
-	target := &ret
-	if err := gensupport.DecodeResponse(target, res); err != nil {
-		return nil, err
-	}
-	return ret, nil
-	// {
-	//   "description": "Locks retention policy on a bucket.",
-	//   "httpMethod": "POST",
-	//   "id": "storage.buckets.lockRetentionPolicy",
-	//   "parameterOrder": [
-	//     "bucket",
-	//     "ifMetagenerationMatch"
-	//   ],
-	//   "parameters": {
-	//     "bucket": {
-	//       "description": "Name of a bucket.",
-	//       "location": "path",
-	//       "required": true,
-	//       "type": "string"
-	//     },
-	//     "ifMetagenerationMatch": {
-	//       "description": "Makes the operation conditional on whether bucket's current metageneration matches the given value.",
-	//       "format": "int64",
-	//       "location": "query",
-	//       "required": true,
-	//       "type": "string"
-	//     },
-	//     "userProject": {
-	//       "description": "The project to be billed for this request. Required for Requester Pays buckets.",
-	//       "location": "query",
-	//       "type": "string"
-	//     }
-	//   },
-	//   "path": "b/{bucket}/lockRetentionPolicy",
-	//   "response": {
-	//     "$ref": "Bucket"
-	//   },
-	//   "scopes": [
-	//     "https://www.googleapis.com/auth/cloud-platform",
-	//     "https://www.googleapis.com/auth/devstorage.full_control",
-	//     "https://www.googleapis.com/auth/devstorage.read_write"
-	//   ]
-	// }
-
-}
-
-// method id "storage.buckets.patch":
-
-type BucketsPatchCall struct {
-	s          *Service
-	bucket     string
-	bucket2    *Bucket
-	urlParams_ gensupport.URLParams
-	ctx_       context.Context
-	header_    http.Header
-}
-
-// Patch: Patches a bucket. Changes to the bucket will be readable
-// immediately after writing, but configuration changes may take time to
-// propagate.
-//
-// - bucket: Name of a bucket.
-func (r *BucketsService) Patch(bucket string, bucket2 *Bucket) *BucketsPatchCall {
-	c := &BucketsPatchCall{s: r.s, urlParams_: make(gensupport.URLParams)}
-	c.bucket = bucket
-	c.bucket2 = bucket2
-	return c
-}
-
-// IfMetagenerationMatch sets the optional parameter
-// "ifMetagenerationMatch": Makes the return of the bucket metadata
-// conditional on whether the bucket's current metageneration matches
-// the given value.
-func (c *BucketsPatchCall) IfMetagenerationMatch(ifMetagenerationMatch int64) *BucketsPatchCall {
-	c.urlParams_.Set("ifMetagenerationMatch", fmt.Sprint(ifMetagenerationMatch))
-	return c
-}
-
-// IfMetagenerationNotMatch sets the optional parameter
-// "ifMetagenerationNotMatch": Makes the return of the bucket metadata
-// conditional on whether the bucket's current metageneration does not
-// match the given value.
-func (c *BucketsPatchCall) IfMetagenerationNotMatch(ifMetagenerationNotMatch int64) *BucketsPatchCall {
-	c.urlParams_.Set("ifMetagenerationNotMatch", fmt.Sprint(ifMetagenerationNotMatch))
-	return c
-}
-
-// PredefinedAcl sets the optional parameter "predefinedAcl": Apply a
-// predefined set of access controls to this bucket.
-//
-// Possible values:
-//
-//	"authenticatedRead" - Project team owners get OWNER access, and
-//
-// allAuthenticatedUsers get READER access.
-//
-//	"private" - Project team owners get OWNER access.
-//	"projectPrivate" - Project team members get access according to
-//
-// their roles.
-//
-//	"publicRead" - Project team owners get OWNER access, and allUsers
-//
-// get READER access.
-//
-//	"publicReadWrite" - Project team owners get OWNER access, and
-//
-// allUsers get WRITER access.
-func (c *BucketsPatchCall) PredefinedAcl(predefinedAcl string) *BucketsPatchCall {
-	c.urlParams_.Set("predefinedAcl", predefinedAcl)
-	return c
-}
-
-// PredefinedDefaultObjectAcl sets the optional parameter
-// "predefinedDefaultObjectAcl": Apply a predefined set of default
-// object access controls to this bucket.
-//
-// Possible values:
-//
-//	"authenticatedRead" - Object owner gets OWNER access, and
-//
-// allAuthenticatedUsers get READER access.
-//
-//	"bucketOwnerFullControl" - Object owner gets OWNER access, and
-//
-// project team owners get OWNER access.
-//
-//	"bucketOwnerRead" - Object owner gets OWNER access, and project
-//
-// team owners get READER access.
-//
-//	"private" - Object owner gets OWNER access.
-//	"projectPrivate" - Object owner gets OWNER access, and project team
-//
-// members get access according to their roles.
-//
-//	"publicRead" - Object owner gets OWNER access, and allUsers get
-//
-// READER access.
-func (c *BucketsPatchCall) PredefinedDefaultObjectAcl(predefinedDefaultObjectAcl string) *BucketsPatchCall {
-	c.urlParams_.Set("predefinedDefaultObjectAcl", predefinedDefaultObjectAcl)
-	return c
-}
-
-// Projection sets the optional parameter "projection": Set of
-// properties to return. Defaults to full.
-//
-// Possible values:
-//
-//	"full" - Include all properties.
-//	"noAcl" - Omit owner, acl and defaultObjectAcl properties.
-func (c *BucketsPatchCall) Projection(projection string) *BucketsPatchCall {
-	c.urlParams_.Set("projection", projection)
-	return c
-}
-
-// UserProject sets the optional parameter "userProject": The project to
-// be billed for this request. Required for Requester Pays buckets.
-func (c *BucketsPatchCall) UserProject(userProject string) *BucketsPatchCall {
-	c.urlParams_.Set("userProject", userProject)
-	return c
-}
-
-// Fields allows partial responses to be retrieved. See
-// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
-// for more information.
-func (c *BucketsPatchCall) Fields(s ...googleapi.Field) *BucketsPatchCall {
-	c.urlParams_.Set("fields", googleapi.CombineFields(s))
-	return c
-}
-
-// Context sets the context to be used in this call's Do method. Any
-// pending HTTP request will be aborted if the provided context is
-// canceled.
-func (c *BucketsPatchCall) Context(ctx context.Context) *BucketsPatchCall {
-	c.ctx_ = ctx
-	return c
-}
-
-// Header returns an http.Header that can be modified by the caller to
-// add HTTP headers to the request.
-func (c *BucketsPatchCall) Header() http.Header {
-	if c.header_ == nil {
-		c.header_ = make(http.Header)
-	}
-	return c.header_
-}
-
-func (c *BucketsPatchCall) doRequest(alt string) (*http.Response, error) {
-	reqHeaders := make(http.Header)
-	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
-	for k, v := range c.header_ {
-		reqHeaders[k] = v
-	}
-	reqHeaders.Set("User-Agent", c.s.userAgent())
-	var body io.Reader = nil
-	body, err := googleapi.WithoutDataWrapper.JSONReader(c.bucket2)
-	if err != nil {
-		return nil, err
-	}
-	reqHeaders.Set("Content-Type", "application/json")
-	c.urlParams_.Set("alt", alt)
-	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "b/{bucket}")
-	urls += "?" + c.urlParams_.Encode()
-	req, err := http.NewRequest("PATCH", urls, body)
-	if err != nil {
-		return nil, err
-	}
-	req.Header = reqHeaders
-	googleapi.Expand(req.URL, map[string]string{
-		"bucket": c.bucket,
-	})
-	return gensupport.SendRequest(c.ctx_, c.s.client, req)
-}
-
-// Do executes the "storage.buckets.patch" call.
-// Exactly one of *Bucket or error will be non-nil. Any non-2xx status
-// code is an error. Response headers are in either
-// *Bucket.ServerResponse.Header or (if a response was returned at all)
-// in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to
-// check whether the returned error was because http.StatusNotModified
-// was returned.
-func (c *BucketsPatchCall) Do(opts ...googleapi.CallOption) (*Bucket, error) {
-	gensupport.SetOptions(c.urlParams_, opts...)
-	res, err := c.doRequest("json")
-	if res != nil && res.StatusCode == http.StatusNotModified {
-		if res.Body != nil {
-			res.Body.Close()
-		}
-		return nil, gensupport.WrapError(&googleapi.Error{
-			Code:   res.StatusCode,
-			Header: res.Header,
-		})
-	}
-	if err != nil {
-		return nil, err
-	}
-	defer googleapi.CloseBody(res)
-	if err := googleapi.CheckResponse(res); err != nil {
-		return nil, gensupport.WrapError(err)
-	}
-	ret := &Bucket{
-		ServerResponse: googleapi.ServerResponse{
-			Header:         res.Header,
-			HTTPStatusCode: res.StatusCode,
-		},
-	}
-	target := &ret
-	if err := gensupport.DecodeResponse(target, res); err != nil {
-		return nil, err
-	}
-	return ret, nil
-	// {
-	//   "description": "Patches a bucket. Changes to the bucket will be readable immediately after writing, but configuration changes may take time to propagate.",
-	//   "httpMethod": "PATCH",
-	//   "id": "storage.buckets.patch",
-	//   "parameterOrder": [
-	//     "bucket"
-	//   ],
-	//   "parameters": {
-	//     "bucket": {
-	//       "description": "Name of a bucket.",
-	//       "location": "path",
-	//       "required": true,
-	//       "type": "string"
-	//     },
-	//     "ifMetagenerationMatch": {
-	//       "description": "Makes the return of the bucket metadata conditional on whether the bucket's current metageneration matches the given value.",
-	//       "format": "int64",
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "ifMetagenerationNotMatch": {
-	//       "description": "Makes the return of the bucket metadata conditional on whether the bucket's current metageneration does not match the given value.",
-	//       "format": "int64",
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "predefinedAcl": {
-	//       "description": "Apply a predefined set of access controls to this bucket.",
-	//       "enum": [
-	//         "authenticatedRead",
-	//         "private",
-	//         "projectPrivate",
-	//         "publicRead",
-	//         "publicReadWrite"
-	//       ],
-	//       "enumDescriptions": [
-	//         "Project team owners get OWNER access, and allAuthenticatedUsers get READER access.",
-	//         "Project team owners get OWNER access.",
-	//         "Project team members get access according to their roles.",
-	//         "Project team owners get OWNER access, and allUsers get READER access.",
-	//         "Project team owners get OWNER access, and allUsers get WRITER access."
-	//       ],
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "predefinedDefaultObjectAcl": {
-	//       "description": "Apply a predefined set of default object access controls to this bucket.",
-	//       "enum": [
-	//         "authenticatedRead",
-	//         "bucketOwnerFullControl",
-	//         "bucketOwnerRead",
-	//         "private",
-	//         "projectPrivate",
-	//         "publicRead"
-	//       ],
-	//       "enumDescriptions": [
-	//         "Object owner gets OWNER access, and allAuthenticatedUsers get READER access.",
-	//         "Object owner gets OWNER access, and project team owners get OWNER access.",
-	//         "Object owner gets OWNER access, and project team owners get READER access.",
-	//         "Object owner gets OWNER access.",
-	//         "Object owner gets OWNER access, and project team members get access according to their roles.",
-	//         "Object owner gets OWNER access, and allUsers get READER access."
-	//       ],
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "projection": {
-	//       "description": "Set of properties to return. Defaults to full.",
-	//       "enum": [
-	//         "full",
-	//         "noAcl"
-	//       ],
-	//       "enumDescriptions": [
-	//         "Include all properties.",
-	//         "Omit owner, acl and defaultObjectAcl properties."
-	//       ],
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "userProject": {
-	//       "description": "The project to be billed for this request. Required for Requester Pays buckets.",
-	//       "location": "query",
-	//       "type": "string"
-	//     }
-	//   },
-	//   "path": "b/{bucket}",
-	//   "request": {
-	//     "$ref": "Bucket"
-	//   },
-	//   "response": {
-	//     "$ref": "Bucket"
-	//   },
-	//   "scopes": [
-	//     "https://www.googleapis.com/auth/cloud-platform",
-	//     "https://www.googleapis.com/auth/devstorage.full_control"
-	//   ]
-	// }
-
-}
-
-// method id "storage.buckets.setIamPolicy":
-
-type BucketsSetIamPolicyCall struct {
-	s          *Service
-	bucket     string
-	policy     *Policy
-	urlParams_ gensupport.URLParams
-	ctx_       context.Context
-	header_    http.Header
-}
-
-// SetIamPolicy: Updates an IAM policy for the specified bucket.
-//
-// - bucket: Name of a bucket.
-func (r *BucketsService) SetIamPolicy(bucket string, policy *Policy) *BucketsSetIamPolicyCall {
-	c := &BucketsSetIamPolicyCall{s: r.s, urlParams_: make(gensupport.URLParams)}
-	c.bucket = bucket
-	c.policy = policy
-	return c
-}
-
-// UserProject sets the optional parameter "userProject": The project to
-// be billed for this request. Required for Requester Pays buckets.
-func (c *BucketsSetIamPolicyCall) UserProject(userProject string) *BucketsSetIamPolicyCall {
-	c.urlParams_.Set("userProject", userProject)
-	return c
-}
-
-// Fields allows partial responses to be retrieved. See
-// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
-// for more information.
-func (c *BucketsSetIamPolicyCall) Fields(s ...googleapi.Field) *BucketsSetIamPolicyCall {
-	c.urlParams_.Set("fields", googleapi.CombineFields(s))
-	return c
-}
-
-// Context sets the context to be used in this call's Do method. Any
-// pending HTTP request will be aborted if the provided context is
-// canceled.
-func (c *BucketsSetIamPolicyCall) Context(ctx context.Context) *BucketsSetIamPolicyCall {
-	c.ctx_ = ctx
-	return c
-}
-
-// Header returns an http.Header that can be modified by the caller to
-// add HTTP headers to the request.
-func (c *BucketsSetIamPolicyCall) Header() http.Header {
-	if c.header_ == nil {
-		c.header_ = make(http.Header)
-	}
-	return c.header_
-}
-
-func (c *BucketsSetIamPolicyCall) doRequest(alt string) (*http.Response, error) {
-	reqHeaders := make(http.Header)
-	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
-	for k, v := range c.header_ {
-		reqHeaders[k] = v
-	}
-	reqHeaders.Set("User-Agent", c.s.userAgent())
-	var body io.Reader = nil
-	body, err := googleapi.WithoutDataWrapper.JSONReader(c.policy)
-	if err != nil {
-		return nil, err
-	}
-	reqHeaders.Set("Content-Type", "application/json")
-	c.urlParams_.Set("alt", alt)
-	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "b/{bucket}/iam")
-	urls += "?" + c.urlParams_.Encode()
-	req, err := http.NewRequest("PUT", urls, body)
-	if err != nil {
-		return nil, err
-	}
-	req.Header = reqHeaders
-	googleapi.Expand(req.URL, map[string]string{
-		"bucket": c.bucket,
-	})
-	return gensupport.SendRequest(c.ctx_, c.s.client, req)
-}
-
-// Do executes the "storage.buckets.setIamPolicy" call.
-// Exactly one of *Policy or error will be non-nil. Any non-2xx status
-// code is an error. Response headers are in either
-// *Policy.ServerResponse.Header or (if a response was returned at all)
-// in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to
-// check whether the returned error was because http.StatusNotModified
-// was returned.
-func (c *BucketsSetIamPolicyCall) Do(opts ...googleapi.CallOption) (*Policy, error) {
-	gensupport.SetOptions(c.urlParams_, opts...)
-	res, err := c.doRequest("json")
-	if res != nil && res.StatusCode == http.StatusNotModified {
-		if res.Body != nil {
-			res.Body.Close()
-		}
-		return nil, gensupport.WrapError(&googleapi.Error{
-			Code:   res.StatusCode,
-			Header: res.Header,
-		})
-	}
-	if err != nil {
-		return nil, err
-	}
-	defer googleapi.CloseBody(res)
-	if err := googleapi.CheckResponse(res); err != nil {
-		return nil, gensupport.WrapError(err)
-	}
-	ret := &Policy{
-		ServerResponse: googleapi.ServerResponse{
-			Header:         res.Header,
-			HTTPStatusCode: res.StatusCode,
-		},
-	}
-	target := &ret
-	if err := gensupport.DecodeResponse(target, res); err != nil {
-		return nil, err
-	}
-	return ret, nil
-	// {
-	//   "description": "Updates an IAM policy for the specified bucket.",
-	//   "httpMethod": "PUT",
-	//   "id": "storage.buckets.setIamPolicy",
-	//   "parameterOrder": [
-	//     "bucket"
-	//   ],
-	//   "parameters": {
-	//     "bucket": {
-	//       "description": "Name of a bucket.",
-	//       "location": "path",
-	//       "required": true,
-	//       "type": "string"
-	//     },
-	//     "userProject": {
-	//       "description": "The project to be billed for this request. Required for Requester Pays buckets.",
-	//       "location": "query",
-	//       "type": "string"
-	//     }
-	//   },
-	//   "path": "b/{bucket}/iam",
-	//   "request": {
-	//     "$ref": "Policy"
-	//   },
-	//   "response": {
-	//     "$ref": "Policy"
-	//   },
-	//   "scopes": [
-	//     "https://www.googleapis.com/auth/cloud-platform",
-	//     "https://www.googleapis.com/auth/devstorage.full_control"
-	//   ]
-	// }
-
-}
-
-// method id "storage.buckets.testIamPermissions":
-
-type BucketsTestIamPermissionsCall struct {
-	s            *Service
-	bucket       string
-	urlParams_   gensupport.URLParams
-	ifNoneMatch_ string
-	ctx_         context.Context
-	header_      http.Header
-}
-
-// TestIamPermissions: Tests a set of permissions on the given bucket to
-// see which, if any, are held by the caller.
-//
-// - bucket: Name of a bucket.
-// - permissions: Permissions to test.
-func (r *BucketsService) TestIamPermissions(bucket string, permissions []string) *BucketsTestIamPermissionsCall {
-	c := &BucketsTestIamPermissionsCall{s: r.s, urlParams_: make(gensupport.URLParams)}
-	c.bucket = bucket
-	c.urlParams_.SetMulti("permissions", append([]string{}, permissions...))
-	return c
-}
-
-// UserProject sets the optional parameter "userProject": The project to
-// be billed for this request. Required for Requester Pays buckets.
-func (c *BucketsTestIamPermissionsCall) UserProject(userProject string) *BucketsTestIamPermissionsCall {
-	c.urlParams_.Set("userProject", userProject)
-	return c
-}
-
-// Fields allows partial responses to be retrieved. See
-// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
-// for more information.
-func (c *BucketsTestIamPermissionsCall) Fields(s ...googleapi.Field) *BucketsTestIamPermissionsCall {
-	c.urlParams_.Set("fields", googleapi.CombineFields(s))
-	return c
-}
-
-// IfNoneMatch sets the optional parameter which makes the operation
-// fail if the object's ETag matches the given value. This is useful for
-// getting updates only after the object has changed since the last
-// request. Use googleapi.IsNotModified to check whether the response
-// error from Do is the result of In-None-Match.
-func (c *BucketsTestIamPermissionsCall) IfNoneMatch(entityTag string) *BucketsTestIamPermissionsCall {
-	c.ifNoneMatch_ = entityTag
-	return c
-}
-
-// Context sets the context to be used in this call's Do method. Any
-// pending HTTP request will be aborted if the provided context is
-// canceled.
-func (c *BucketsTestIamPermissionsCall) Context(ctx context.Context) *BucketsTestIamPermissionsCall {
-	c.ctx_ = ctx
-	return c
-}
-
-// Header returns an http.Header that can be modified by the caller to
-// add HTTP headers to the request.
-func (c *BucketsTestIamPermissionsCall) Header() http.Header {
-	if c.header_ == nil {
-		c.header_ = make(http.Header)
-	}
-	return c.header_
-}
-
-func (c *BucketsTestIamPermissionsCall) doRequest(alt string) (*http.Response, error) {
-	reqHeaders := make(http.Header)
-	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
-	for k, v := range c.header_ {
-		reqHeaders[k] = v
-	}
-	reqHeaders.Set("User-Agent", c.s.userAgent())
-	if c.ifNoneMatch_ != "" {
-		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
-	}
-	var body io.Reader = nil
-	c.urlParams_.Set("alt", alt)
-	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "b/{bucket}/iam/testPermissions")
-	urls += "?" + c.urlParams_.Encode()
-	req, err := http.NewRequest("GET", urls, body)
-	if err != nil {
-		return nil, err
-	}
-	req.Header = reqHeaders
-	googleapi.Expand(req.URL, map[string]string{
-		"bucket": c.bucket,
-	})
-	return gensupport.SendRequest(c.ctx_, c.s.client, req)
-}
-
-// Do executes the "storage.buckets.testIamPermissions" call.
-// Exactly one of *TestIamPermissionsResponse or error will be non-nil.
-// Any non-2xx status code is an error. Response headers are in either
-// *TestIamPermissionsResponse.ServerResponse.Header or (if a response
-// was returned at all) in error.(*googleapi.Error).Header. Use
-// googleapi.IsNotModified to check whether the returned error was
-// because http.StatusNotModified was returned.
-func (c *BucketsTestIamPermissionsCall) Do(opts ...googleapi.CallOption) (*TestIamPermissionsResponse, error) {
-	gensupport.SetOptions(c.urlParams_, opts...)
-	res, err := c.doRequest("json")
-	if res != nil && res.StatusCode == http.StatusNotModified {
-		if res.Body != nil {
-			res.Body.Close()
-		}
-		return nil, gensupport.WrapError(&googleapi.Error{
-			Code:   res.StatusCode,
-			Header: res.Header,
-		})
-	}
-	if err != nil {
-		return nil, err
-	}
-	defer googleapi.CloseBody(res)
-	if err := googleapi.CheckResponse(res); err != nil {
-		return nil, gensupport.WrapError(err)
-	}
-	ret := &TestIamPermissionsResponse{
-		ServerResponse: googleapi.ServerResponse{
-			Header:         res.Header,
-			HTTPStatusCode: res.StatusCode,
-		},
-	}
-	target := &ret
-	if err := gensupport.DecodeResponse(target, res); err != nil {
-		return nil, err
-	}
-	return ret, nil
-	// {
-	//   "description": "Tests a set of permissions on the given bucket to see which, if any, are held by the caller.",
-	//   "httpMethod": "GET",
-	//   "id": "storage.buckets.testIamPermissions",
-	//   "parameterOrder": [
-	//     "bucket",
-	//     "permissions"
-	//   ],
-	//   "parameters": {
-	//     "bucket": {
-	//       "description": "Name of a bucket.",
-	//       "location": "path",
-	//       "required": true,
-	//       "type": "string"
-	//     },
-	//     "permissions": {
-	//       "description": "Permissions to test.",
-	//       "location": "query",
-	//       "repeated": true,
-	//       "required": true,
-	//       "type": "string"
-	//     },
-	//     "userProject": {
-	//       "description": "The project to be billed for this request. Required for Requester Pays buckets.",
-	//       "location": "query",
-	//       "type": "string"
-	//     }
-	//   },
-	//   "path": "b/{bucket}/iam/testPermissions",
-	//   "response": {
-	//     "$ref": "TestIamPermissionsResponse"
-	//   },
-	//   "scopes": [
-	//     "https://www.googleapis.com/auth/cloud-platform",
-	//     "https://www.googleapis.com/auth/cloud-platform.read-only",
-	//     "https://www.googleapis.com/auth/devstorage.full_control",
-	//     "https://www.googleapis.com/auth/devstorage.read_only",
-	//     "https://www.googleapis.com/auth/devstorage.read_write"
-	//   ]
-	// }
-
-}
-
-// method id "storage.buckets.update":
-
-type BucketsUpdateCall struct {
-	s          *Service
-	bucket     string
-	bucket2    *Bucket
-	urlParams_ gensupport.URLParams
-	ctx_       context.Context
-	header_    http.Header
-}
-
-// Update: Updates a bucket. Changes to the bucket will be readable
-// immediately after writing, but configuration changes may take time to
-// propagate.
-//
-// - bucket: Name of a bucket.
-func (r *BucketsService) Update(bucket string, bucket2 *Bucket) *BucketsUpdateCall {
-	c := &BucketsUpdateCall{s: r.s, urlParams_: make(gensupport.URLParams)}
-	c.bucket = bucket
-	c.bucket2 = bucket2
-	return c
-}
-
-// IfMetagenerationMatch sets the optional parameter
-// "ifMetagenerationMatch": Makes the return of the bucket metadata
-// conditional on whether the bucket's current metageneration matches
-// the given value.
-func (c *BucketsUpdateCall) IfMetagenerationMatch(ifMetagenerationMatch int64) *BucketsUpdateCall {
-	c.urlParams_.Set("ifMetagenerationMatch", fmt.Sprint(ifMetagenerationMatch))
-	return c
-}
-
-// IfMetagenerationNotMatch sets the optional parameter
-// "ifMetagenerationNotMatch": Makes the return of the bucket metadata
-// conditional on whether the bucket's current metageneration does not
-// match the given value.
-func (c *BucketsUpdateCall) IfMetagenerationNotMatch(ifMetagenerationNotMatch int64) *BucketsUpdateCall {
-	c.urlParams_.Set("ifMetagenerationNotMatch", fmt.Sprint(ifMetagenerationNotMatch))
-	return c
-}
-
-// PredefinedAcl sets the optional parameter "predefinedAcl": Apply a
-// predefined set of access controls to this bucket.
-//
-// Possible values:
-//
-//	"authenticatedRead" - Project team owners get OWNER access, and
-//
-// allAuthenticatedUsers get READER access.
-//
-//	"private" - Project team owners get OWNER access.
-//	"projectPrivate" - Project team members get access according to
-//
-// their roles.
-//
-//	"publicRead" - Project team owners get OWNER access, and allUsers
-//
-// get READER access.
-//
-//	"publicReadWrite" - Project team owners get OWNER access, and
-//
-// allUsers get WRITER access.
-func (c *BucketsUpdateCall) PredefinedAcl(predefinedAcl string) *BucketsUpdateCall {
-	c.urlParams_.Set("predefinedAcl", predefinedAcl)
-	return c
-}
-
-// PredefinedDefaultObjectAcl sets the optional parameter
-// "predefinedDefaultObjectAcl": Apply a predefined set of default
-// object access controls to this bucket.
-//
-// Possible values:
-//
-//	"authenticatedRead" - Object owner gets OWNER access, and
-//
-// allAuthenticatedUsers get READER access.
-//
-//	"bucketOwnerFullControl" - Object owner gets OWNER access, and
-//
-// project team owners get OWNER access.
-//
-//	"bucketOwnerRead" - Object owner gets OWNER access, and project
-//
-// team owners get READER access.
-//
-//	"private" - Object owner gets OWNER access.
-//	"projectPrivate" - Object owner gets OWNER access, and project team
-//
-// members get access according to their roles.
-//
-//	"publicRead" - Object owner gets OWNER access, and allUsers get
-//
-// READER access.
-func (c *BucketsUpdateCall) PredefinedDefaultObjectAcl(predefinedDefaultObjectAcl string) *BucketsUpdateCall {
-	c.urlParams_.Set("predefinedDefaultObjectAcl", predefinedDefaultObjectAcl)
-	return c
-}
-
-// Projection sets the optional parameter "projection": Set of
-// properties to return. Defaults to full.
-//
-// Possible values:
-//
-//	"full" - Include all properties.
-//	"noAcl" - Omit owner, acl and defaultObjectAcl properties.
-func (c *BucketsUpdateCall) Projection(projection string) *BucketsUpdateCall {
-	c.urlParams_.Set("projection", projection)
-	return c
-}
-
-// UserProject sets the optional parameter "userProject": The project to
-// be billed for this request. Required for Requester Pays buckets.
-func (c *BucketsUpdateCall) UserProject(userProject string) *BucketsUpdateCall {
-	c.urlParams_.Set("userProject", userProject)
-	return c
-}
-
-// Fields allows partial responses to be retrieved. See
-// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
-// for more information.
-func (c *BucketsUpdateCall) Fields(s ...googleapi.Field) *BucketsUpdateCall {
-	c.urlParams_.Set("fields", googleapi.CombineFields(s))
-	return c
-}
-
-// Context sets the context to be used in this call's Do method. Any
-// pending HTTP request will be aborted if the provided context is
-// canceled.
-func (c *BucketsUpdateCall) Context(ctx context.Context) *BucketsUpdateCall {
-	c.ctx_ = ctx
-	return c
-}
-
-// Header returns an http.Header that can be modified by the caller to
-// add HTTP headers to the request.
-func (c *BucketsUpdateCall) Header() http.Header {
-	if c.header_ == nil {
-		c.header_ = make(http.Header)
-	}
-	return c.header_
-}
-
-func (c *BucketsUpdateCall) doRequest(alt string) (*http.Response, error) {
-	reqHeaders := make(http.Header)
-	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
-	for k, v := range c.header_ {
-		reqHeaders[k] = v
-	}
-	reqHeaders.Set("User-Agent", c.s.userAgent())
-	var body io.Reader = nil
-	body, err := googleapi.WithoutDataWrapper.JSONReader(c.bucket2)
-	if err != nil {
-		return nil, err
-	}
-	reqHeaders.Set("Content-Type", "application/json")
-	c.urlParams_.Set("alt", alt)
-	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "b/{bucket}")
-	urls += "?" + c.urlParams_.Encode()
-	req, err := http.NewRequest("PUT", urls, body)
-	if err != nil {
-		return nil, err
-	}
-	req.Header = reqHeaders
-	googleapi.Expand(req.URL, map[string]string{
-		"bucket": c.bucket,
-	})
-	return gensupport.SendRequest(c.ctx_, c.s.client, req)
-}
-
-// Do executes the "storage.buckets.update" call.
-// Exactly one of *Bucket or error will be non-nil. Any non-2xx status
-// code is an error. Response headers are in either
-// *Bucket.ServerResponse.Header or (if a response was returned at all)
-// in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to
-// check whether the returned error was because http.StatusNotModified
-// was returned.
-func (c *BucketsUpdateCall) Do(opts ...googleapi.CallOption) (*Bucket, error) {
-	gensupport.SetOptions(c.urlParams_, opts...)
-	res, err := c.doRequest("json")
-	if res != nil && res.StatusCode == http.StatusNotModified {
-		if res.Body != nil {
-			res.Body.Close()
-		}
-		return nil, gensupport.WrapError(&googleapi.Error{
-			Code:   res.StatusCode,
-			Header: res.Header,
-		})
-	}
-	if err != nil {
-		return nil, err
-	}
-	defer googleapi.CloseBody(res)
-	if err := googleapi.CheckResponse(res); err != nil {
-		return nil, gensupport.WrapError(err)
-	}
-	ret := &Bucket{
-		ServerResponse: googleapi.ServerResponse{
-			Header:         res.Header,
-			HTTPStatusCode: res.StatusCode,
-		},
-	}
-	target := &ret
-	if err := gensupport.DecodeResponse(target, res); err != nil {
-		return nil, err
-	}
-	return ret, nil
-	// {
-	//   "description": "Updates a bucket. Changes to the bucket will be readable immediately after writing, but configuration changes may take time to propagate.",
-	//   "httpMethod": "PUT",
-	//   "id": "storage.buckets.update",
-	//   "parameterOrder": [
-	//     "bucket"
-	//   ],
-	//   "parameters": {
-	//     "bucket": {
-	//       "description": "Name of a bucket.",
-	//       "location": "path",
-	//       "required": true,
-	//       "type": "string"
-	//     },
-	//     "ifMetagenerationMatch": {
-	//       "description": "Makes the return of the bucket metadata conditional on whether the bucket's current metageneration matches the given value.",
-	//       "format": "int64",
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "ifMetagenerationNotMatch": {
-	//       "description": "Makes the return of the bucket metadata conditional on whether the bucket's current metageneration does not match the given value.",
-	//       "format": "int64",
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "predefinedAcl": {
-	//       "description": "Apply a predefined set of access controls to this bucket.",
-	//       "enum": [
-	//         "authenticatedRead",
-	//         "private",
-	//         "projectPrivate",
-	//         "publicRead",
-	//         "publicReadWrite"
-	//       ],
-	//       "enumDescriptions": [
-	//         "Project team owners get OWNER access, and allAuthenticatedUsers get READER access.",
-	//         "Project team owners get OWNER access.",
-	//         "Project team members get access according to their roles.",
-	//         "Project team owners get OWNER access, and allUsers get READER access.",
-	//         "Project team owners get OWNER access, and allUsers get WRITER access."
-	//       ],
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "predefinedDefaultObjectAcl": {
-	//       "description": "Apply a predefined set of default object access controls to this bucket.",
-	//       "enum": [
-	//         "authenticatedRead",
-	//         "bucketOwnerFullControl",
-	//         "bucketOwnerRead",
-	//         "private",
-	//         "projectPrivate",
-	//         "publicRead"
-	//       ],
-	//       "enumDescriptions": [
-	//         "Object owner gets OWNER access, and allAuthenticatedUsers get READER access.",
-	//         "Object owner gets OWNER access, and project team owners get OWNER access.",
-	//         "Object owner gets OWNER access, and project team owners get READER access.",
-	//         "Object owner gets OWNER access.",
-	//         "Object owner gets OWNER access, and project team members get access according to their roles.",
-	//         "Object owner gets OWNER access, and allUsers get READER access."
-	//       ],
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "projection": {
-	//       "description": "Set of properties to return. Defaults to full.",
-	//       "enum": [
-	//         "full",
-	//         "noAcl"
-	//       ],
-	//       "enumDescriptions": [
-	//         "Include all properties.",
-	//         "Omit owner, acl and defaultObjectAcl properties."
-	//       ],
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "userProject": {
-	//       "description": "The project to be billed for this request. Required for Requester Pays buckets.",
-	//       "location": "query",
-	//       "type": "string"
-	//     }
-	//   },
-	//   "path": "b/{bucket}",
-	//   "request": {
-	//     "$ref": "Bucket"
-	//   },
-	//   "response": {
-	//     "$ref": "Bucket"
-	//   },
-	//   "scopes": [
-	//     "https://www.googleapis.com/auth/cloud-platform",
-	//     "https://www.googleapis.com/auth/devstorage.full_control"
-	//   ]
-	// }
-
-}
-
-// method id "storage.channels.stop":
-
-type ChannelsStopCall struct {
-	s          *Service
-	channel    *Channel
-	urlParams_ gensupport.URLParams
-	ctx_       context.Context
-	header_    http.Header
-}
-
-// Stop: Stop watching resources through this channel
-func (r *ChannelsService) Stop(channel *Channel) *ChannelsStopCall {
-	c := &ChannelsStopCall{s: r.s, urlParams_: make(gensupport.URLParams)}
-	c.channel = channel
-	return c
-}
-
-// Fields allows partial responses to be retrieved. See
-// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
-// for more information.
-func (c *ChannelsStopCall) Fields(s ...googleapi.Field) *ChannelsStopCall {
-	c.urlParams_.Set("fields", googleapi.CombineFields(s))
-	return c
-}
-
-// Context sets the context to be used in this call's Do method. Any
-// pending HTTP request will be aborted if the provided context is
-// canceled.
-func (c *ChannelsStopCall) Context(ctx context.Context) *ChannelsStopCall {
-	c.ctx_ = ctx
-	return c
-}
-
-// Header returns an http.Header that can be modified by the caller to
-// add HTTP headers to the request.
-func (c *ChannelsStopCall) Header() http.Header {
-	if c.header_ == nil {
-		c.header_ = make(http.Header)
-	}
-	return c.header_
-}
-
-func (c *ChannelsStopCall) doRequest(alt string) (*http.Response, error) {
-	reqHeaders := make(http.Header)
-	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
-	for k, v := range c.header_ {
-		reqHeaders[k] = v
-	}
-	reqHeaders.Set("User-Agent", c.s.userAgent())
-	var body io.Reader = nil
-	body, err := googleapi.WithoutDataWrapper.JSONReader(c.channel)
-	if err != nil {
-		return nil, err
-	}
-	reqHeaders.Set("Content-Type", "application/json")
-	c.urlParams_.Set("alt", alt)
-	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "channels/stop")
-	urls += "?" + c.urlParams_.Encode()
-	req, err := http.NewRequest("POST", urls, body)
-	if err != nil {
-		return nil, err
-	}
-	req.Header = reqHeaders
-	return gensupport.SendRequest(c.ctx_, c.s.client, req)
-}
-
-// Do executes the "storage.channels.stop" call.
-func (c *ChannelsStopCall) Do(opts ...googleapi.CallOption) error {
-	gensupport.SetOptions(c.urlParams_, opts...)
-	res, err := c.doRequest("json")
-	if err != nil {
-		return err
-	}
-	defer googleapi.CloseBody(res)
-	if err := googleapi.CheckResponse(res); err != nil {
-		return gensupport.WrapError(err)
-	}
-	return nil
-	// {
-	//   "description": "Stop watching resources through this channel",
-	//   "httpMethod": "POST",
-	//   "id": "storage.channels.stop",
-	//   "path": "channels/stop",
-	//   "request": {
-	//     "$ref": "Channel",
-	//     "parameterName": "resource"
-	//   },
-	//   "scopes": [
-	//     "https://www.googleapis.com/auth/cloud-platform",
-	//     "https://www.googleapis.com/auth/cloud-platform.read-only",
-	//     "https://www.googleapis.com/auth/devstorage.full_control",
-	//     "https://www.googleapis.com/auth/devstorage.read_only",
-	//     "https://www.googleapis.com/auth/devstorage.read_write"
-	//   ]
-	// }
-
-}
-
-// method id "storage.defaultObjectAccessControls.delete":
-
-type DefaultObjectAccessControlsDeleteCall struct {
-	s          *Service
-	bucket     string
-	entity     string
-	urlParams_ gensupport.URLParams
-	ctx_       context.Context
-	header_    http.Header
-}
-
-// Delete: Permanently deletes the default object ACL entry for the
-// specified entity on the specified bucket.
-//
-//   - bucket: Name of a bucket.
-//   - entity: The entity holding the permission. Can be user-userId,
-//     user-emailAddress, group-groupId, group-emailAddress, allUsers, or
-//     allAuthenticatedUsers.
-func (r *DefaultObjectAccessControlsService) Delete(bucket string, entity string) *DefaultObjectAccessControlsDeleteCall {
-	c := &DefaultObjectAccessControlsDeleteCall{s: r.s, urlParams_: make(gensupport.URLParams)}
-	c.bucket = bucket
-	c.entity = entity
-	return c
-}
-
-// UserProject sets the optional parameter "userProject": The project to
-// be billed for this request. Required for Requester Pays buckets.
-func (c *DefaultObjectAccessControlsDeleteCall) UserProject(userProject string) *DefaultObjectAccessControlsDeleteCall {
-	c.urlParams_.Set("userProject", userProject)
-	return c
-}
-
-// Fields allows partial responses to be retrieved. See
-// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
-// for more information.
-func (c *DefaultObjectAccessControlsDeleteCall) Fields(s ...googleapi.Field) *DefaultObjectAccessControlsDeleteCall {
-	c.urlParams_.Set("fields", googleapi.CombineFields(s))
-	return c
-}
-
-// Context sets the context to be used in this call's Do method. Any
-// pending HTTP request will be aborted if the provided context is
-// canceled.
-func (c *DefaultObjectAccessControlsDeleteCall) Context(ctx context.Context) *DefaultObjectAccessControlsDeleteCall {
-	c.ctx_ = ctx
-	return c
-}
-
-// Header returns an http.Header that can be modified by the caller to
-// add HTTP headers to the request.
-func (c *DefaultObjectAccessControlsDeleteCall) Header() http.Header {
-	if c.header_ == nil {
-		c.header_ = make(http.Header)
-	}
-	return c.header_
-}
-
-func (c *DefaultObjectAccessControlsDeleteCall) doRequest(alt string) (*http.Response, error) {
-	reqHeaders := make(http.Header)
-	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
-	for k, v := range c.header_ {
-		reqHeaders[k] = v
-	}
-	reqHeaders.Set("User-Agent", c.s.userAgent())
-	var body io.Reader = nil
-	c.urlParams_.Set("alt", alt)
-	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "b/{bucket}/defaultObjectAcl/{entity}")
-	urls += "?" + c.urlParams_.Encode()
-	req, err := http.NewRequest("DELETE", urls, body)
-	if err != nil {
-		return nil, err
-	}
-	req.Header = reqHeaders
-	googleapi.Expand(req.URL, map[string]string{
-		"bucket": c.bucket,
-		"entity": c.entity,
-	})
-	return gensupport.SendRequest(c.ctx_, c.s.client, req)
-}
-
-// Do executes the "storage.defaultObjectAccessControls.delete" call.
-func (c *DefaultObjectAccessControlsDeleteCall) Do(opts ...googleapi.CallOption) error {
-	gensupport.SetOptions(c.urlParams_, opts...)
-	res, err := c.doRequest("json")
-	if err != nil {
-		return err
-	}
-	defer googleapi.CloseBody(res)
-	if err := googleapi.CheckResponse(res); err != nil {
-		return gensupport.WrapError(err)
-	}
-	return nil
-	// {
-	//   "description": "Permanently deletes the default object ACL entry for the specified entity on the specified bucket.",
-	//   "httpMethod": "DELETE",
-	//   "id": "storage.defaultObjectAccessControls.delete",
-	//   "parameterOrder": [
-	//     "bucket",
-	//     "entity"
-	//   ],
-	//   "parameters": {
-	//     "bucket": {
-	//       "description": "Name of a bucket.",
-	//       "location": "path",
-	//       "required": true,
-	//       "type": "string"
-	//     },
-	//     "entity": {
-	//       "description": "The entity holding the permission. Can be user-userId, user-emailAddress, group-groupId, group-emailAddress, allUsers, or allAuthenticatedUsers.",
-	//       "location": "path",
-	//       "required": true,
-	//       "type": "string"
-	//     },
-	//     "userProject": {
-	//       "description": "The project to be billed for this request. Required for Requester Pays buckets.",
-	//       "location": "query",
-	//       "type": "string"
-	//     }
-	//   },
-	//   "path": "b/{bucket}/defaultObjectAcl/{entity}",
-	//   "scopes": [
-	//     "https://www.googleapis.com/auth/cloud-platform",
-	//     "https://www.googleapis.com/auth/devstorage.full_control"
-	//   ]
-	// }
-
-}
-
-// method id "storage.defaultObjectAccessControls.get":
-
-type DefaultObjectAccessControlsGetCall struct {
-	s            *Service
-	bucket       string
-	entity       string
-	urlParams_   gensupport.URLParams
-	ifNoneMatch_ string
-	ctx_         context.Context
-	header_      http.Header
-}
-
-// Get: Returns the default object ACL entry for the specified entity on
-// the specified bucket.
-//
-//   - bucket: Name of a bucket.
-//   - entity: The entity holding the permission. Can be user-userId,
-//     user-emailAddress, group-groupId, group-emailAddress, allUsers, or
-//     allAuthenticatedUsers.
-func (r *DefaultObjectAccessControlsService) Get(bucket string, entity string) *DefaultObjectAccessControlsGetCall {
-	c := &DefaultObjectAccessControlsGetCall{s: r.s, urlParams_: make(gensupport.URLParams)}
-	c.bucket = bucket
-	c.entity = entity
-	return c
-}
-
-// UserProject sets the optional parameter "userProject": The project to
-// be billed for this request. Required for Requester Pays buckets.
-func (c *DefaultObjectAccessControlsGetCall) UserProject(userProject string) *DefaultObjectAccessControlsGetCall {
-	c.urlParams_.Set("userProject", userProject)
-	return c
-}
-
-// Fields allows partial responses to be retrieved. See
-// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
-// for more information.
-func (c *DefaultObjectAccessControlsGetCall) Fields(s ...googleapi.Field) *DefaultObjectAccessControlsGetCall {
-	c.urlParams_.Set("fields", googleapi.CombineFields(s))
-	return c
-}
-
-// IfNoneMatch sets the optional parameter which makes the operation
-// fail if the object's ETag matches the given value. This is useful for
-// getting updates only after the object has changed since the last
-// request. Use googleapi.IsNotModified to check whether the response
-// error from Do is the result of In-None-Match.
-func (c *DefaultObjectAccessControlsGetCall) IfNoneMatch(entityTag string) *DefaultObjectAccessControlsGetCall {
-	c.ifNoneMatch_ = entityTag
-	return c
-}
-
-// Context sets the context to be used in this call's Do method. Any
-// pending HTTP request will be aborted if the provided context is
-// canceled.
-func (c *DefaultObjectAccessControlsGetCall) Context(ctx context.Context) *DefaultObjectAccessControlsGetCall {
-	c.ctx_ = ctx
-	return c
-}
-
-// Header returns an http.Header that can be modified by the caller to
-// add HTTP headers to the request.
-func (c *DefaultObjectAccessControlsGetCall) Header() http.Header {
-	if c.header_ == nil {
-		c.header_ = make(http.Header)
-	}
-	return c.header_
-}
-
-func (c *DefaultObjectAccessControlsGetCall) doRequest(alt string) (*http.Response, error) {
-	reqHeaders := make(http.Header)
-	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
-	for k, v := range c.header_ {
-		reqHeaders[k] = v
-	}
-	reqHeaders.Set("User-Agent", c.s.userAgent())
-	if c.ifNoneMatch_ != "" {
-		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
-	}
-	var body io.Reader = nil
-	c.urlParams_.Set("alt", alt)
-	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "b/{bucket}/defaultObjectAcl/{entity}")
-	urls += "?" + c.urlParams_.Encode()
-	req, err := http.NewRequest("GET", urls, body)
-	if err != nil {
-		return nil, err
-	}
-	req.Header = reqHeaders
-	googleapi.Expand(req.URL, map[string]string{
-		"bucket": c.bucket,
-		"entity": c.entity,
-	})
-	return gensupport.SendRequest(c.ctx_, c.s.client, req)
-}
-
-// Do executes the "storage.defaultObjectAccessControls.get" call.
-// Exactly one of *ObjectAccessControl or error will be non-nil. Any
-// non-2xx status code is an error. Response headers are in either
-// *ObjectAccessControl.ServerResponse.Header or (if a response was
-// returned at all) in error.(*googleapi.Error).Header. Use
-// googleapi.IsNotModified to check whether the returned error was
-// because http.StatusNotModified was returned.
-func (c *DefaultObjectAccessControlsGetCall) Do(opts ...googleapi.CallOption) (*ObjectAccessControl, error) {
-	gensupport.SetOptions(c.urlParams_, opts...)
-	res, err := c.doRequest("json")
-	if res != nil && res.StatusCode == http.StatusNotModified {
-		if res.Body != nil {
-			res.Body.Close()
-		}
-		return nil, gensupport.WrapError(&googleapi.Error{
-			Code:   res.StatusCode,
-			Header: res.Header,
-		})
-	}
-	if err != nil {
-		return nil, err
-	}
-	defer googleapi.CloseBody(res)
-	if err := googleapi.CheckResponse(res); err != nil {
-		return nil, gensupport.WrapError(err)
-	}
-	ret := &ObjectAccessControl{
-		ServerResponse: googleapi.ServerResponse{
-			Header:         res.Header,
-			HTTPStatusCode: res.StatusCode,
-		},
-	}
-	target := &ret
-	if err := gensupport.DecodeResponse(target, res); err != nil {
-		return nil, err
-	}
-	return ret, nil
-	// {
-	//   "description": "Returns the default object ACL entry for the specified entity on the specified bucket.",
-	//   "httpMethod": "GET",
-	//   "id": "storage.defaultObjectAccessControls.get",
-	//   "parameterOrder": [
-	//     "bucket",
-	//     "entity"
-	//   ],
-	//   "parameters": {
-	//     "bucket": {
-	//       "description": "Name of a bucket.",
-	//       "location": "path",
-	//       "required": true,
-	//       "type": "string"
-	//     },
-	//     "entity": {
-	//       "description": "The entity holding the permission. Can be user-userId, user-emailAddress, group-groupId, group-emailAddress, allUsers, or allAuthenticatedUsers.",
-	//       "location": "path",
-	//       "required": true,
-	//       "type": "string"
-	//     },
-	//     "userProject": {
-	//       "description": "The project to be billed for this request. Required for Requester Pays buckets.",
-	//       "location": "query",
-	//       "type": "string"
-	//     }
-	//   },
-	//   "path": "b/{bucket}/defaultObjectAcl/{entity}",
-	//   "response": {
-	//     "$ref": "ObjectAccessControl"
-	//   },
-	//   "scopes": [
-	//     "https://www.googleapis.com/auth/cloud-platform",
-	//     "https://www.googleapis.com/auth/devstorage.full_control"
-	//   ]
-	// }
-
-}
-
-// method id "storage.defaultObjectAccessControls.insert":
-
-type DefaultObjectAccessControlsInsertCall struct {
-	s                   *Service
-	bucket              string
-	objectaccesscontrol *ObjectAccessControl
-	urlParams_          gensupport.URLParams
-	ctx_                context.Context
-	header_             http.Header
-}
-
-// Insert: Creates a new default object ACL entry on the specified
-// bucket.
-//
-// - bucket: Name of a bucket.
-func (r *DefaultObjectAccessControlsService) Insert(bucket string, objectaccesscontrol *ObjectAccessControl) *DefaultObjectAccessControlsInsertCall {
-	c := &DefaultObjectAccessControlsInsertCall{s: r.s, urlParams_: make(gensupport.URLParams)}
-	c.bucket = bucket
-	c.objectaccesscontrol = objectaccesscontrol
-	return c
-}
-
-// UserProject sets the optional parameter "userProject": The project to
-// be billed for this request. Required for Requester Pays buckets.
-func (c *DefaultObjectAccessControlsInsertCall) UserProject(userProject string) *DefaultObjectAccessControlsInsertCall {
-	c.urlParams_.Set("userProject", userProject)
-	return c
-}
-
-// Fields allows partial responses to be retrieved. See
-// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
-// for more information.
-func (c *DefaultObjectAccessControlsInsertCall) Fields(s ...googleapi.Field) *DefaultObjectAccessControlsInsertCall {
-	c.urlParams_.Set("fields", googleapi.CombineFields(s))
-	return c
-}
-
-// Context sets the context to be used in this call's Do method. Any
-// pending HTTP request will be aborted if the provided context is
-// canceled.
-func (c *DefaultObjectAccessControlsInsertCall) Context(ctx context.Context) *DefaultObjectAccessControlsInsertCall {
-	c.ctx_ = ctx
-	return c
-}
-
-// Header returns an http.Header that can be modified by the caller to
-// add HTTP headers to the request.
-func (c *DefaultObjectAccessControlsInsertCall) Header() http.Header {
-	if c.header_ == nil {
-		c.header_ = make(http.Header)
-	}
-	return c.header_
-}
-
-func (c *DefaultObjectAccessControlsInsertCall) doRequest(alt string) (*http.Response, error) {
-	reqHeaders := make(http.Header)
-	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
-	for k, v := range c.header_ {
-		reqHeaders[k] = v
-	}
-	reqHeaders.Set("User-Agent", c.s.userAgent())
-	var body io.Reader = nil
-	body, err := googleapi.WithoutDataWrapper.JSONReader(c.objectaccesscontrol)
-	if err != nil {
-		return nil, err
-	}
-	reqHeaders.Set("Content-Type", "application/json")
-	c.urlParams_.Set("alt", alt)
-	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "b/{bucket}/defaultObjectAcl")
-	urls += "?" + c.urlParams_.Encode()
-	req, err := http.NewRequest("POST", urls, body)
-	if err != nil {
-		return nil, err
-	}
-	req.Header = reqHeaders
-	googleapi.Expand(req.URL, map[string]string{
-		"bucket": c.bucket,
-	})
-	return gensupport.SendRequest(c.ctx_, c.s.client, req)
-}
-
-// Do executes the "storage.defaultObjectAccessControls.insert" call.
-// Exactly one of *ObjectAccessControl or error will be non-nil. Any
-// non-2xx status code is an error. Response headers are in either
-// *ObjectAccessControl.ServerResponse.Header or (if a response was
-// returned at all) in error.(*googleapi.Error).Header. Use
-// googleapi.IsNotModified to check whether the returned error was
-// because http.StatusNotModified was returned.
-func (c *DefaultObjectAccessControlsInsertCall) Do(opts ...googleapi.CallOption) (*ObjectAccessControl, error) {
-	gensupport.SetOptions(c.urlParams_, opts...)
-	res, err := c.doRequest("json")
-	if res != nil && res.StatusCode == http.StatusNotModified {
-		if res.Body != nil {
-			res.Body.Close()
-		}
-		return nil, gensupport.WrapError(&googleapi.Error{
-			Code:   res.StatusCode,
-			Header: res.Header,
-		})
-	}
-	if err != nil {
-		return nil, err
-	}
-	defer googleapi.CloseBody(res)
-	if err := googleapi.CheckResponse(res); err != nil {
-		return nil, gensupport.WrapError(err)
-	}
-	ret := &ObjectAccessControl{
-		ServerResponse: googleapi.ServerResponse{
-			Header:         res.Header,
-			HTTPStatusCode: res.StatusCode,
-		},
-	}
-	target := &ret
-	if err := gensupport.DecodeResponse(target, res); err != nil {
-		return nil, err
-	}
-	return ret, nil
-	// {
-	//   "description": "Creates a new default object ACL entry on the specified bucket.",
-	//   "httpMethod": "POST",
-	//   "id": "storage.defaultObjectAccessControls.insert",
-	//   "parameterOrder": [
-	//     "bucket"
-	//   ],
-	//   "parameters": {
-	//     "bucket": {
-	//       "description": "Name of a bucket.",
-	//       "location": "path",
-	//       "required": true,
-	//       "type": "string"
-	//     },
-	//     "userProject": {
-	//       "description": "The project to be billed for this request. Required for Requester Pays buckets.",
-	//       "location": "query",
-	//       "type": "string"
-	//     }
-	//   },
-	//   "path": "b/{bucket}/defaultObjectAcl",
-	//   "request": {
-	//     "$ref": "ObjectAccessControl"
-	//   },
-	//   "response": {
-	//     "$ref": "ObjectAccessControl"
-	//   },
-	//   "scopes": [
-	//     "https://www.googleapis.com/auth/cloud-platform",
-	//     "https://www.googleapis.com/auth/devstorage.full_control"
-	//   ]
-	// }
-
-}
-
-// method id "storage.defaultObjectAccessControls.list":
-
-type DefaultObjectAccessControlsListCall struct {
-	s            *Service
-	bucket       string
-	urlParams_   gensupport.URLParams
-	ifNoneMatch_ string
-	ctx_         context.Context
-	header_      http.Header
-}
-
-// List: Retrieves default object ACL entries on the specified bucket.
-//
-// - bucket: Name of a bucket.
-func (r *DefaultObjectAccessControlsService) List(bucket string) *DefaultObjectAccessControlsListCall {
-	c := &DefaultObjectAccessControlsListCall{s: r.s, urlParams_: make(gensupport.URLParams)}
-	c.bucket = bucket
-	return c
-}
-
-// IfMetagenerationMatch sets the optional parameter
-// "ifMetagenerationMatch": If present, only return default ACL listing
-// if the bucket's current metageneration matches this value.
-func (c *DefaultObjectAccessControlsListCall) IfMetagenerationMatch(ifMetagenerationMatch int64) *DefaultObjectAccessControlsListCall {
-	c.urlParams_.Set("ifMetagenerationMatch", fmt.Sprint(ifMetagenerationMatch))
-	return c
-}
-
-// IfMetagenerationNotMatch sets the optional parameter
-// "ifMetagenerationNotMatch": If present, only return default ACL
-// listing if the bucket's current metageneration does not match the
-// given value.
-func (c *DefaultObjectAccessControlsListCall) IfMetagenerationNotMatch(ifMetagenerationNotMatch int64) *DefaultObjectAccessControlsListCall {
-	c.urlParams_.Set("ifMetagenerationNotMatch", fmt.Sprint(ifMetagenerationNotMatch))
-	return c
-}
-
-// UserProject sets the optional parameter "userProject": The project to
-// be billed for this request. Required for Requester Pays buckets.
-func (c *DefaultObjectAccessControlsListCall) UserProject(userProject string) *DefaultObjectAccessControlsListCall {
-	c.urlParams_.Set("userProject", userProject)
-	return c
-}
-
-// Fields allows partial responses to be retrieved. See
-// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
-// for more information.
-func (c *DefaultObjectAccessControlsListCall) Fields(s ...googleapi.Field) *DefaultObjectAccessControlsListCall {
-	c.urlParams_.Set("fields", googleapi.CombineFields(s))
-	return c
-}
-
-// IfNoneMatch sets the optional parameter which makes the operation
-// fail if the object's ETag matches the given value. This is useful for
-// getting updates only after the object has changed since the last
-// request. Use googleapi.IsNotModified to check whether the response
-// error from Do is the result of In-None-Match.
-func (c *DefaultObjectAccessControlsListCall) IfNoneMatch(entityTag string) *DefaultObjectAccessControlsListCall {
-	c.ifNoneMatch_ = entityTag
-	return c
-}
-
-// Context sets the context to be used in this call's Do method. Any
-// pending HTTP request will be aborted if the provided context is
-// canceled.
-func (c *DefaultObjectAccessControlsListCall) Context(ctx context.Context) *DefaultObjectAccessControlsListCall {
-	c.ctx_ = ctx
-	return c
-}
-
-// Header returns an http.Header that can be modified by the caller to
-// add HTTP headers to the request.
-func (c *DefaultObjectAccessControlsListCall) Header() http.Header {
-	if c.header_ == nil {
-		c.header_ = make(http.Header)
-	}
-	return c.header_
-}
-
-func (c *DefaultObjectAccessControlsListCall) doRequest(alt string) (*http.Response, error) {
-	reqHeaders := make(http.Header)
-	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
-	for k, v := range c.header_ {
-		reqHeaders[k] = v
-	}
-	reqHeaders.Set("User-Agent", c.s.userAgent())
-	if c.ifNoneMatch_ != "" {
-		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
-	}
-	var body io.Reader = nil
-	c.urlParams_.Set("alt", alt)
-	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "b/{bucket}/defaultObjectAcl")
-	urls += "?" + c.urlParams_.Encode()
-	req, err := http.NewRequest("GET", urls, body)
-	if err != nil {
-		return nil, err
-	}
-	req.Header = reqHeaders
-	googleapi.Expand(req.URL, map[string]string{
-		"bucket": c.bucket,
-	})
-	return gensupport.SendRequest(c.ctx_, c.s.client, req)
-}
-
-// Do executes the "storage.defaultObjectAccessControls.list" call.
-// Exactly one of *ObjectAccessControls or error will be non-nil. Any
-// non-2xx status code is an error. Response headers are in either
-// *ObjectAccessControls.ServerResponse.Header or (if a response was
-// returned at all) in error.(*googleapi.Error).Header. Use
-// googleapi.IsNotModified to check whether the returned error was
-// because http.StatusNotModified was returned.
-func (c *DefaultObjectAccessControlsListCall) Do(opts ...googleapi.CallOption) (*ObjectAccessControls, error) {
-	gensupport.SetOptions(c.urlParams_, opts...)
-	res, err := c.doRequest("json")
-	if res != nil && res.StatusCode == http.StatusNotModified {
-		if res.Body != nil {
-			res.Body.Close()
-		}
-		return nil, gensupport.WrapError(&googleapi.Error{
-			Code:   res.StatusCode,
-			Header: res.Header,
-		})
-	}
-	if err != nil {
-		return nil, err
-	}
-	defer googleapi.CloseBody(res)
-	if err := googleapi.CheckResponse(res); err != nil {
-		return nil, gensupport.WrapError(err)
-	}
-	ret := &ObjectAccessControls{
-		ServerResponse: googleapi.ServerResponse{
-			Header:         res.Header,
-			HTTPStatusCode: res.StatusCode,
-		},
-	}
-	target := &ret
-	if err := gensupport.DecodeResponse(target, res); err != nil {
-		return nil, err
-	}
-	return ret, nil
-	// {
-	//   "description": "Retrieves default object ACL entries on the specified bucket.",
-	//   "httpMethod": "GET",
-	//   "id": "storage.defaultObjectAccessControls.list",
-	//   "parameterOrder": [
-	//     "bucket"
-	//   ],
-	//   "parameters": {
-	//     "bucket": {
-	//       "description": "Name of a bucket.",
-	//       "location": "path",
-	//       "required": true,
-	//       "type": "string"
-	//     },
-	//     "ifMetagenerationMatch": {
-	//       "description": "If present, only return default ACL listing if the bucket's current metageneration matches this value.",
-	//       "format": "int64",
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "ifMetagenerationNotMatch": {
-	//       "description": "If present, only return default ACL listing if the bucket's current metageneration does not match the given value.",
-	//       "format": "int64",
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "userProject": {
-	//       "description": "The project to be billed for this request. Required for Requester Pays buckets.",
-	//       "location": "query",
-	//       "type": "string"
-	//     }
-	//   },
-	//   "path": "b/{bucket}/defaultObjectAcl",
-	//   "response": {
-	//     "$ref": "ObjectAccessControls"
-	//   },
-	//   "scopes": [
-	//     "https://www.googleapis.com/auth/cloud-platform",
-	//     "https://www.googleapis.com/auth/devstorage.full_control"
-	//   ]
-	// }
-
-}
-
-// method id "storage.defaultObjectAccessControls.patch":
-
-type DefaultObjectAccessControlsPatchCall struct {
-	s                   *Service
-	bucket              string
-	entity              string
-	objectaccesscontrol *ObjectAccessControl
-	urlParams_          gensupport.URLParams
-	ctx_                context.Context
-	header_             http.Header
-}
-
-// Patch: Patches a default object ACL entry on the specified bucket.
-//
-//   - bucket: Name of a bucket.
-//   - entity: The entity holding the permission. Can be user-userId,
-//     user-emailAddress, group-groupId, group-emailAddress, allUsers, or
-//     allAuthenticatedUsers.
-func (r *DefaultObjectAccessControlsService) Patch(bucket string, entity string, objectaccesscontrol *ObjectAccessControl) *DefaultObjectAccessControlsPatchCall {
-	c := &DefaultObjectAccessControlsPatchCall{s: r.s, urlParams_: make(gensupport.URLParams)}
-	c.bucket = bucket
-	c.entity = entity
-	c.objectaccesscontrol = objectaccesscontrol
-	return c
-}
-
-// UserProject sets the optional parameter "userProject": The project to
-// be billed for this request. Required for Requester Pays buckets.
-func (c *DefaultObjectAccessControlsPatchCall) UserProject(userProject string) *DefaultObjectAccessControlsPatchCall {
-	c.urlParams_.Set("userProject", userProject)
-	return c
-}
-
-// Fields allows partial responses to be retrieved. See
-// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
-// for more information.
-func (c *DefaultObjectAccessControlsPatchCall) Fields(s ...googleapi.Field) *DefaultObjectAccessControlsPatchCall {
-	c.urlParams_.Set("fields", googleapi.CombineFields(s))
-	return c
-}
-
-// Context sets the context to be used in this call's Do method. Any
-// pending HTTP request will be aborted if the provided context is
-// canceled.
-func (c *DefaultObjectAccessControlsPatchCall) Context(ctx context.Context) *DefaultObjectAccessControlsPatchCall {
-	c.ctx_ = ctx
-	return c
-}
-
-// Header returns an http.Header that can be modified by the caller to
-// add HTTP headers to the request.
-func (c *DefaultObjectAccessControlsPatchCall) Header() http.Header {
-	if c.header_ == nil {
-		c.header_ = make(http.Header)
-	}
-	return c.header_
-}
-
-func (c *DefaultObjectAccessControlsPatchCall) doRequest(alt string) (*http.Response, error) {
-	reqHeaders := make(http.Header)
-	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
-	for k, v := range c.header_ {
-		reqHeaders[k] = v
-	}
-	reqHeaders.Set("User-Agent", c.s.userAgent())
-	var body io.Reader = nil
-	body, err := googleapi.WithoutDataWrapper.JSONReader(c.objectaccesscontrol)
-	if err != nil {
-		return nil, err
-	}
-	reqHeaders.Set("Content-Type", "application/json")
-	c.urlParams_.Set("alt", alt)
-	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "b/{bucket}/defaultObjectAcl/{entity}")
-	urls += "?" + c.urlParams_.Encode()
-	req, err := http.NewRequest("PATCH", urls, body)
-	if err != nil {
-		return nil, err
-	}
-	req.Header = reqHeaders
-	googleapi.Expand(req.URL, map[string]string{
-		"bucket": c.bucket,
-		"entity": c.entity,
-	})
-	return gensupport.SendRequest(c.ctx_, c.s.client, req)
-}
-
-// Do executes the "storage.defaultObjectAccessControls.patch" call.
-// Exactly one of *ObjectAccessControl or error will be non-nil. Any
-// non-2xx status code is an error. Response headers are in either
-// *ObjectAccessControl.ServerResponse.Header or (if a response was
-// returned at all) in error.(*googleapi.Error).Header. Use
-// googleapi.IsNotModified to check whether the returned error was
-// because http.StatusNotModified was returned.
-func (c *DefaultObjectAccessControlsPatchCall) Do(opts ...googleapi.CallOption) (*ObjectAccessControl, error) {
-	gensupport.SetOptions(c.urlParams_, opts...)
-	res, err := c.doRequest("json")
-	if res != nil && res.StatusCode == http.StatusNotModified {
-		if res.Body != nil {
-			res.Body.Close()
-		}
-		return nil, gensupport.WrapError(&googleapi.Error{
-			Code:   res.StatusCode,
-			Header: res.Header,
-		})
-	}
-	if err != nil {
-		return nil, err
-	}
-	defer googleapi.CloseBody(res)
-	if err := googleapi.CheckResponse(res); err != nil {
-		return nil, gensupport.WrapError(err)
-	}
-	ret := &ObjectAccessControl{
-		ServerResponse: googleapi.ServerResponse{
-			Header:         res.Header,
-			HTTPStatusCode: res.StatusCode,
-		},
-	}
-	target := &ret
-	if err := gensupport.DecodeResponse(target, res); err != nil {
-		return nil, err
-	}
-	return ret, nil
-	// {
-	//   "description": "Patches a default object ACL entry on the specified bucket.",
-	//   "httpMethod": "PATCH",
-	//   "id": "storage.defaultObjectAccessControls.patch",
-	//   "parameterOrder": [
-	//     "bucket",
-	//     "entity"
-	//   ],
-	//   "parameters": {
-	//     "bucket": {
-	//       "description": "Name of a bucket.",
-	//       "location": "path",
-	//       "required": true,
-	//       "type": "string"
-	//     },
-	//     "entity": {
-	//       "description": "The entity holding the permission. Can be user-userId, user-emailAddress, group-groupId, group-emailAddress, allUsers, or allAuthenticatedUsers.",
-	//       "location": "path",
-	//       "required": true,
-	//       "type": "string"
-	//     },
-	//     "userProject": {
-	//       "description": "The project to be billed for this request. Required for Requester Pays buckets.",
-	//       "location": "query",
-	//       "type": "string"
-	//     }
-	//   },
-	//   "path": "b/{bucket}/defaultObjectAcl/{entity}",
-	//   "request": {
-	//     "$ref": "ObjectAccessControl"
-	//   },
-	//   "response": {
-	//     "$ref": "ObjectAccessControl"
-	//   },
-	//   "scopes": [
-	//     "https://www.googleapis.com/auth/cloud-platform",
-	//     "https://www.googleapis.com/auth/devstorage.full_control"
-	//   ]
-	// }
-
-}
-
-// method id "storage.defaultObjectAccessControls.update":
-
-type DefaultObjectAccessControlsUpdateCall struct {
-	s                   *Service
-	bucket              string
-	entity              string
-	objectaccesscontrol *ObjectAccessControl
-	urlParams_          gensupport.URLParams
-	ctx_                context.Context
-	header_             http.Header
-}
-
-// Update: Updates a default object ACL entry on the specified bucket.
-//
-//   - bucket: Name of a bucket.
-//   - entity: The entity holding the permission. Can be user-userId,
-//     user-emailAddress, group-groupId, group-emailAddress, allUsers, or
-//     allAuthenticatedUsers.
-func (r *DefaultObjectAccessControlsService) Update(bucket string, entity string, objectaccesscontrol *ObjectAccessControl) *DefaultObjectAccessControlsUpdateCall {
-	c := &DefaultObjectAccessControlsUpdateCall{s: r.s, urlParams_: make(gensupport.URLParams)}
-	c.bucket = bucket
-	c.entity = entity
-	c.objectaccesscontrol = objectaccesscontrol
-	return c
-}
-
-// UserProject sets the optional parameter "userProject": The project to
-// be billed for this request. Required for Requester Pays buckets.
-func (c *DefaultObjectAccessControlsUpdateCall) UserProject(userProject string) *DefaultObjectAccessControlsUpdateCall {
-	c.urlParams_.Set("userProject", userProject)
-	return c
-}
-
-// Fields allows partial responses to be retrieved. See
-// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
-// for more information.
-func (c *DefaultObjectAccessControlsUpdateCall) Fields(s ...googleapi.Field) *DefaultObjectAccessControlsUpdateCall {
-	c.urlParams_.Set("fields", googleapi.CombineFields(s))
-	return c
-}
-
-// Context sets the context to be used in this call's Do method. Any
-// pending HTTP request will be aborted if the provided context is
-// canceled.
-func (c *DefaultObjectAccessControlsUpdateCall) Context(ctx context.Context) *DefaultObjectAccessControlsUpdateCall {
-	c.ctx_ = ctx
-	return c
-}
-
-// Header returns an http.Header that can be modified by the caller to
-// add HTTP headers to the request.
-func (c *DefaultObjectAccessControlsUpdateCall) Header() http.Header {
-	if c.header_ == nil {
-		c.header_ = make(http.Header)
-	}
-	return c.header_
-}
-
-func (c *DefaultObjectAccessControlsUpdateCall) doRequest(alt string) (*http.Response, error) {
-	reqHeaders := make(http.Header)
-	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
-	for k, v := range c.header_ {
-		reqHeaders[k] = v
-	}
-	reqHeaders.Set("User-Agent", c.s.userAgent())
-	var body io.Reader = nil
-	body, err := googleapi.WithoutDataWrapper.JSONReader(c.objectaccesscontrol)
-	if err != nil {
-		return nil, err
-	}
-	reqHeaders.Set("Content-Type", "application/json")
-	c.urlParams_.Set("alt", alt)
-	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "b/{bucket}/defaultObjectAcl/{entity}")
-	urls += "?" + c.urlParams_.Encode()
-	req, err := http.NewRequest("PUT", urls, body)
-	if err != nil {
-		return nil, err
-	}
-	req.Header = reqHeaders
-	googleapi.Expand(req.URL, map[string]string{
-		"bucket": c.bucket,
-		"entity": c.entity,
-	})
-	return gensupport.SendRequest(c.ctx_, c.s.client, req)
-}
-
-// Do executes the "storage.defaultObjectAccessControls.update" call.
-// Exactly one of *ObjectAccessControl or error will be non-nil. Any
-// non-2xx status code is an error. Response headers are in either
-// *ObjectAccessControl.ServerResponse.Header or (if a response was
-// returned at all) in error.(*googleapi.Error).Header. Use
-// googleapi.IsNotModified to check whether the returned error was
-// because http.StatusNotModified was returned.
-func (c *DefaultObjectAccessControlsUpdateCall) Do(opts ...googleapi.CallOption) (*ObjectAccessControl, error) {
-	gensupport.SetOptions(c.urlParams_, opts...)
-	res, err := c.doRequest("json")
-	if res != nil && res.StatusCode == http.StatusNotModified {
-		if res.Body != nil {
-			res.Body.Close()
-		}
-		return nil, gensupport.WrapError(&googleapi.Error{
-			Code:   res.StatusCode,
-			Header: res.Header,
-		})
-	}
-	if err != nil {
-		return nil, err
-	}
-	defer googleapi.CloseBody(res)
-	if err := googleapi.CheckResponse(res); err != nil {
-		return nil, gensupport.WrapError(err)
-	}
-	ret := &ObjectAccessControl{
-		ServerResponse: googleapi.ServerResponse{
-			Header:         res.Header,
-			HTTPStatusCode: res.StatusCode,
-		},
-	}
-	target := &ret
-	if err := gensupport.DecodeResponse(target, res); err != nil {
-		return nil, err
-	}
-	return ret, nil
-	// {
-	//   "description": "Updates a default object ACL entry on the specified bucket.",
-	//   "httpMethod": "PUT",
-	//   "id": "storage.defaultObjectAccessControls.update",
-	//   "parameterOrder": [
-	//     "bucket",
-	//     "entity"
-	//   ],
-	//   "parameters": {
-	//     "bucket": {
-	//       "description": "Name of a bucket.",
-	//       "location": "path",
-	//       "required": true,
-	//       "type": "string"
-	//     },
-	//     "entity": {
-	//       "description": "The entity holding the permission. Can be user-userId, user-emailAddress, group-groupId, group-emailAddress, allUsers, or allAuthenticatedUsers.",
-	//       "location": "path",
-	//       "required": true,
-	//       "type": "string"
-	//     },
-	//     "userProject": {
-	//       "description": "The project to be billed for this request. Required for Requester Pays buckets.",
-	//       "location": "query",
-	//       "type": "string"
-	//     }
-	//   },
-	//   "path": "b/{bucket}/defaultObjectAcl/{entity}",
-	//   "request": {
-	//     "$ref": "ObjectAccessControl"
-	//   },
-	//   "response": {
-	//     "$ref": "ObjectAccessControl"
-	//   },
-	//   "scopes": [
-	//     "https://www.googleapis.com/auth/cloud-platform",
-	//     "https://www.googleapis.com/auth/devstorage.full_control"
-	//   ]
-	// }
-
-}
-
-// method id "storage.notifications.delete":
-
-type NotificationsDeleteCall struct {
-	s            *Service
-	bucket       string
-	notification string
-	urlParams_   gensupport.URLParams
-	ctx_         context.Context
-	header_      http.Header
-}
-
-// Delete: Permanently deletes a notification subscription.
-//
-// - bucket: The parent bucket of the notification.
-// - notification: ID of the notification to delete.
-func (r *NotificationsService) Delete(bucket string, notification string) *NotificationsDeleteCall {
-	c := &NotificationsDeleteCall{s: r.s, urlParams_: make(gensupport.URLParams)}
-	c.bucket = bucket
-	c.notification = notification
-	return c
-}
-
-// UserProject sets the optional parameter "userProject": The project to
-// be billed for this request. Required for Requester Pays buckets.
-func (c *NotificationsDeleteCall) UserProject(userProject string) *NotificationsDeleteCall {
-	c.urlParams_.Set("userProject", userProject)
-	return c
-}
-
-// Fields allows partial responses to be retrieved. See
-// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
-// for more information.
-func (c *NotificationsDeleteCall) Fields(s ...googleapi.Field) *NotificationsDeleteCall {
-	c.urlParams_.Set("fields", googleapi.CombineFields(s))
-	return c
-}
-
-// Context sets the context to be used in this call's Do method. Any
-// pending HTTP request will be aborted if the provided context is
-// canceled.
-func (c *NotificationsDeleteCall) Context(ctx context.Context) *NotificationsDeleteCall {
-	c.ctx_ = ctx
-	return c
-}
-
-// Header returns an http.Header that can be modified by the caller to
-// add HTTP headers to the request.
-func (c *NotificationsDeleteCall) Header() http.Header {
-	if c.header_ == nil {
-		c.header_ = make(http.Header)
-	}
-	return c.header_
-}
-
-func (c *NotificationsDeleteCall) doRequest(alt string) (*http.Response, error) {
-	reqHeaders := make(http.Header)
-	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
-	for k, v := range c.header_ {
-		reqHeaders[k] = v
-	}
-	reqHeaders.Set("User-Agent", c.s.userAgent())
-	var body io.Reader = nil
-	c.urlParams_.Set("alt", alt)
-	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "b/{bucket}/notificationConfigs/{notification}")
-	urls += "?" + c.urlParams_.Encode()
-	req, err := http.NewRequest("DELETE", urls, body)
-	if err != nil {
-		return nil, err
-	}
-	req.Header = reqHeaders
-	googleapi.Expand(req.URL, map[string]string{
-		"bucket":       c.bucket,
-		"notification": c.notification,
-	})
-	return gensupport.SendRequest(c.ctx_, c.s.client, req)
-}
-
-// Do executes the "storage.notifications.delete" call.
-func (c *NotificationsDeleteCall) Do(opts ...googleapi.CallOption) error {
-	gensupport.SetOptions(c.urlParams_, opts...)
-	res, err := c.doRequest("json")
-	if err != nil {
-		return err
-	}
-	defer googleapi.CloseBody(res)
-	if err := googleapi.CheckResponse(res); err != nil {
-		return gensupport.WrapError(err)
-	}
-	return nil
-	// {
-	//   "description": "Permanently deletes a notification subscription.",
-	//   "httpMethod": "DELETE",
-	//   "id": "storage.notifications.delete",
-	//   "parameterOrder": [
-	//     "bucket",
-	//     "notification"
-	//   ],
-	//   "parameters": {
-	//     "bucket": {
-	//       "description": "The parent bucket of the notification.",
-	//       "location": "path",
-	//       "required": true,
-	//       "type": "string"
-	//     },
-	//     "notification": {
-	//       "description": "ID of the notification to delete.",
-	//       "location": "path",
-	//       "required": true,
-	//       "type": "string"
-	//     },
-	//     "userProject": {
-	//       "description": "The project to be billed for this request. Required for Requester Pays buckets.",
-	//       "location": "query",
-	//       "type": "string"
-	//     }
-	//   },
-	//   "path": "b/{bucket}/notificationConfigs/{notification}",
-	//   "scopes": [
-	//     "https://www.googleapis.com/auth/cloud-platform",
-	//     "https://www.googleapis.com/auth/devstorage.full_control",
-	//     "https://www.googleapis.com/auth/devstorage.read_write"
-	//   ]
-	// }
-
-}
-
-// method id "storage.notifications.get":
-
-type NotificationsGetCall struct {
-	s            *Service
-	bucket       string
-	notification string
-	urlParams_   gensupport.URLParams
-	ifNoneMatch_ string
-	ctx_         context.Context
-	header_      http.Header
-}
-
-// Get: View a notification configuration.
-//
-// - bucket: The parent bucket of the notification.
-// - notification: Notification ID.
-func (r *NotificationsService) Get(bucket string, notification string) *NotificationsGetCall {
-	c := &NotificationsGetCall{s: r.s, urlParams_: make(gensupport.URLParams)}
-	c.bucket = bucket
-	c.notification = notification
-	return c
-}
-
-// UserProject sets the optional parameter "userProject": The project to
-// be billed for this request. Required for Requester Pays buckets.
-func (c *NotificationsGetCall) UserProject(userProject string) *NotificationsGetCall {
-	c.urlParams_.Set("userProject", userProject)
-	return c
-}
-
-// Fields allows partial responses to be retrieved. See
-// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
-// for more information.
-func (c *NotificationsGetCall) Fields(s ...googleapi.Field) *NotificationsGetCall {
-	c.urlParams_.Set("fields", googleapi.CombineFields(s))
-	return c
-}
-
-// IfNoneMatch sets the optional parameter which makes the operation
-// fail if the object's ETag matches the given value. This is useful for
-// getting updates only after the object has changed since the last
-// request. Use googleapi.IsNotModified to check whether the response
-// error from Do is the result of In-None-Match.
-func (c *NotificationsGetCall) IfNoneMatch(entityTag string) *NotificationsGetCall {
-	c.ifNoneMatch_ = entityTag
-	return c
-}
-
-// Context sets the context to be used in this call's Do method. Any
-// pending HTTP request will be aborted if the provided context is
-// canceled.
-func (c *NotificationsGetCall) Context(ctx context.Context) *NotificationsGetCall {
-	c.ctx_ = ctx
-	return c
-}
-
-// Header returns an http.Header that can be modified by the caller to
-// add HTTP headers to the request.
-func (c *NotificationsGetCall) Header() http.Header {
-	if c.header_ == nil {
-		c.header_ = make(http.Header)
-	}
-	return c.header_
-}
-
-func (c *NotificationsGetCall) doRequest(alt string) (*http.Response, error) {
-	reqHeaders := make(http.Header)
-	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
-	for k, v := range c.header_ {
-		reqHeaders[k] = v
-	}
-	reqHeaders.Set("User-Agent", c.s.userAgent())
-	if c.ifNoneMatch_ != "" {
-		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
-	}
-	var body io.Reader = nil
-	c.urlParams_.Set("alt", alt)
-	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "b/{bucket}/notificationConfigs/{notification}")
-	urls += "?" + c.urlParams_.Encode()
-	req, err := http.NewRequest("GET", urls, body)
-	if err != nil {
-		return nil, err
-	}
-	req.Header = reqHeaders
-	googleapi.Expand(req.URL, map[string]string{
-		"bucket":       c.bucket,
-		"notification": c.notification,
-	})
-	return gensupport.SendRequest(c.ctx_, c.s.client, req)
-}
-
-// Do executes the "storage.notifications.get" call.
-// Exactly one of *Notification or error will be non-nil. Any non-2xx
-// status code is an error. Response headers are in either
-// *Notification.ServerResponse.Header or (if a response was returned at
-// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
-// to check whether the returned error was because
-// http.StatusNotModified was returned.
-func (c *NotificationsGetCall) Do(opts ...googleapi.CallOption) (*Notification, error) {
-	gensupport.SetOptions(c.urlParams_, opts...)
-	res, err := c.doRequest("json")
-	if res != nil && res.StatusCode == http.StatusNotModified {
-		if res.Body != nil {
-			res.Body.Close()
-		}
-		return nil, gensupport.WrapError(&googleapi.Error{
-			Code:   res.StatusCode,
-			Header: res.Header,
-		})
-	}
-	if err != nil {
-		return nil, err
-	}
-	defer googleapi.CloseBody(res)
-	if err := googleapi.CheckResponse(res); err != nil {
-		return nil, gensupport.WrapError(err)
-	}
-	ret := &Notification{
-		ServerResponse: googleapi.ServerResponse{
-			Header:         res.Header,
-			HTTPStatusCode: res.StatusCode,
-		},
-	}
-	target := &ret
-	if err := gensupport.DecodeResponse(target, res); err != nil {
-		return nil, err
-	}
-	return ret, nil
-	// {
-	//   "description": "View a notification configuration.",
-	//   "httpMethod": "GET",
-	//   "id": "storage.notifications.get",
-	//   "parameterOrder": [
-	//     "bucket",
-	//     "notification"
-	//   ],
-	//   "parameters": {
-	//     "bucket": {
-	//       "description": "The parent bucket of the notification.",
-	//       "location": "path",
-	//       "required": true,
-	//       "type": "string"
-	//     },
-	//     "notification": {
-	//       "description": "Notification ID",
-	//       "location": "path",
-	//       "required": true,
-	//       "type": "string"
-	//     },
-	//     "userProject": {
-	//       "description": "The project to be billed for this request. Required for Requester Pays buckets.",
-	//       "location": "query",
-	//       "type": "string"
-	//     }
-	//   },
-	//   "path": "b/{bucket}/notificationConfigs/{notification}",
-	//   "response": {
-	//     "$ref": "Notification"
-	//   },
-	//   "scopes": [
-	//     "https://www.googleapis.com/auth/cloud-platform",
-	//     "https://www.googleapis.com/auth/cloud-platform.read-only",
-	//     "https://www.googleapis.com/auth/devstorage.full_control",
-	//     "https://www.googleapis.com/auth/devstorage.read_only",
-	//     "https://www.googleapis.com/auth/devstorage.read_write"
-	//   ]
-	// }
-
-}
-
-// method id "storage.notifications.insert":
-
-type NotificationsInsertCall struct {
-	s            *Service
-	bucket       string
-	notification *Notification
-	urlParams_   gensupport.URLParams
-	ctx_         context.Context
-	header_      http.Header
-}
-
-// Insert: Creates a notification subscription for a given bucket.
-//
-// - bucket: The parent bucket of the notification.
-func (r *NotificationsService) Insert(bucket string, notification *Notification) *NotificationsInsertCall {
-	c := &NotificationsInsertCall{s: r.s, urlParams_: make(gensupport.URLParams)}
-	c.bucket = bucket
-	c.notification = notification
-	return c
-}
-
-// UserProject sets the optional parameter "userProject": The project to
-// be billed for this request. Required for Requester Pays buckets.
-func (c *NotificationsInsertCall) UserProject(userProject string) *NotificationsInsertCall {
-	c.urlParams_.Set("userProject", userProject)
-	return c
-}
-
-// Fields allows partial responses to be retrieved. See
-// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
-// for more information.
-func (c *NotificationsInsertCall) Fields(s ...googleapi.Field) *NotificationsInsertCall {
-	c.urlParams_.Set("fields", googleapi.CombineFields(s))
-	return c
-}
-
-// Context sets the context to be used in this call's Do method. Any
-// pending HTTP request will be aborted if the provided context is
-// canceled.
-func (c *NotificationsInsertCall) Context(ctx context.Context) *NotificationsInsertCall {
-	c.ctx_ = ctx
-	return c
-}
-
-// Header returns an http.Header that can be modified by the caller to
-// add HTTP headers to the request.
-func (c *NotificationsInsertCall) Header() http.Header {
-	if c.header_ == nil {
-		c.header_ = make(http.Header)
-	}
-	return c.header_
-}
-
-func (c *NotificationsInsertCall) doRequest(alt string) (*http.Response, error) {
-	reqHeaders := make(http.Header)
-	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
-	for k, v := range c.header_ {
-		reqHeaders[k] = v
-	}
-	reqHeaders.Set("User-Agent", c.s.userAgent())
-	var body io.Reader = nil
-	body, err := googleapi.WithoutDataWrapper.JSONReader(c.notification)
-	if err != nil {
-		return nil, err
-	}
-	reqHeaders.Set("Content-Type", "application/json")
-	c.urlParams_.Set("alt", alt)
-	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "b/{bucket}/notificationConfigs")
-	urls += "?" + c.urlParams_.Encode()
-	req, err := http.NewRequest("POST", urls, body)
-	if err != nil {
-		return nil, err
-	}
-	req.Header = reqHeaders
-	googleapi.Expand(req.URL, map[string]string{
-		"bucket": c.bucket,
-	})
-	return gensupport.SendRequest(c.ctx_, c.s.client, req)
-}
-
-// Do executes the "storage.notifications.insert" call.
-// Exactly one of *Notification or error will be non-nil. Any non-2xx
-// status code is an error. Response headers are in either
-// *Notification.ServerResponse.Header or (if a response was returned at
-// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
-// to check whether the returned error was because
-// http.StatusNotModified was returned.
-func (c *NotificationsInsertCall) Do(opts ...googleapi.CallOption) (*Notification, error) {
-	gensupport.SetOptions(c.urlParams_, opts...)
-	res, err := c.doRequest("json")
-	if res != nil && res.StatusCode == http.StatusNotModified {
-		if res.Body != nil {
-			res.Body.Close()
-		}
-		return nil, gensupport.WrapError(&googleapi.Error{
-			Code:   res.StatusCode,
-			Header: res.Header,
-		})
-	}
-	if err != nil {
-		return nil, err
-	}
-	defer googleapi.CloseBody(res)
-	if err := googleapi.CheckResponse(res); err != nil {
-		return nil, gensupport.WrapError(err)
-	}
-	ret := &Notification{
-		ServerResponse: googleapi.ServerResponse{
-			Header:         res.Header,
-			HTTPStatusCode: res.StatusCode,
-		},
-	}
-	target := &ret
-	if err := gensupport.DecodeResponse(target, res); err != nil {
-		return nil, err
-	}
-	return ret, nil
-	// {
-	//   "description": "Creates a notification subscription for a given bucket.",
-	//   "httpMethod": "POST",
-	//   "id": "storage.notifications.insert",
-	//   "parameterOrder": [
-	//     "bucket"
-	//   ],
-	//   "parameters": {
-	//     "bucket": {
-	//       "description": "The parent bucket of the notification.",
-	//       "location": "path",
-	//       "required": true,
-	//       "type": "string"
-	//     },
-	//     "userProject": {
-	//       "description": "The project to be billed for this request. Required for Requester Pays buckets.",
-	//       "location": "query",
-	//       "type": "string"
-	//     }
-	//   },
-	//   "path": "b/{bucket}/notificationConfigs",
-	//   "request": {
-	//     "$ref": "Notification"
-	//   },
-	//   "response": {
-	//     "$ref": "Notification"
-	//   },
-	//   "scopes": [
-	//     "https://www.googleapis.com/auth/cloud-platform",
-	//     "https://www.googleapis.com/auth/devstorage.full_control",
-	//     "https://www.googleapis.com/auth/devstorage.read_write"
-	//   ]
-	// }
-
-}
-
-// method id "storage.notifications.list":
-
-type NotificationsListCall struct {
-	s            *Service
-	bucket       string
-	urlParams_   gensupport.URLParams
-	ifNoneMatch_ string
-	ctx_         context.Context
-	header_      http.Header
-}
-
-// List: Retrieves a list of notification subscriptions for a given
-// bucket.
-//
-// - bucket: Name of a Google Cloud Storage bucket.
-func (r *NotificationsService) List(bucket string) *NotificationsListCall {
-	c := &NotificationsListCall{s: r.s, urlParams_: make(gensupport.URLParams)}
-	c.bucket = bucket
-	return c
-}
-
-// UserProject sets the optional parameter "userProject": The project to
-// be billed for this request. Required for Requester Pays buckets.
-func (c *NotificationsListCall) UserProject(userProject string) *NotificationsListCall {
-	c.urlParams_.Set("userProject", userProject)
-	return c
-}
-
-// Fields allows partial responses to be retrieved. See
-// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
-// for more information.
-func (c *NotificationsListCall) Fields(s ...googleapi.Field) *NotificationsListCall {
-	c.urlParams_.Set("fields", googleapi.CombineFields(s))
-	return c
-}
-
-// IfNoneMatch sets the optional parameter which makes the operation
-// fail if the object's ETag matches the given value. This is useful for
-// getting updates only after the object has changed since the last
-// request. Use googleapi.IsNotModified to check whether the response
-// error from Do is the result of In-None-Match.
-func (c *NotificationsListCall) IfNoneMatch(entityTag string) *NotificationsListCall {
-	c.ifNoneMatch_ = entityTag
-	return c
-}
-
-// Context sets the context to be used in this call's Do method. Any
-// pending HTTP request will be aborted if the provided context is
-// canceled.
-func (c *NotificationsListCall) Context(ctx context.Context) *NotificationsListCall {
-	c.ctx_ = ctx
-	return c
-}
-
-// Header returns an http.Header that can be modified by the caller to
-// add HTTP headers to the request.
-func (c *NotificationsListCall) Header() http.Header {
-	if c.header_ == nil {
-		c.header_ = make(http.Header)
-	}
-	return c.header_
-}
-
-func (c *NotificationsListCall) doRequest(alt string) (*http.Response, error) {
-	reqHeaders := make(http.Header)
-	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
-	for k, v := range c.header_ {
-		reqHeaders[k] = v
-	}
-	reqHeaders.Set("User-Agent", c.s.userAgent())
-	if c.ifNoneMatch_ != "" {
-		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
-	}
-	var body io.Reader = nil
-	c.urlParams_.Set("alt", alt)
-	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "b/{bucket}/notificationConfigs")
-	urls += "?" + c.urlParams_.Encode()
-	req, err := http.NewRequest("GET", urls, body)
-	if err != nil {
-		return nil, err
-	}
-	req.Header = reqHeaders
-	googleapi.Expand(req.URL, map[string]string{
-		"bucket": c.bucket,
-	})
-	return gensupport.SendRequest(c.ctx_, c.s.client, req)
-}
-
-// Do executes the "storage.notifications.list" call.
-// Exactly one of *Notifications or error will be non-nil. Any non-2xx
-// status code is an error. Response headers are in either
-// *Notifications.ServerResponse.Header or (if a response was returned
-// at all) in error.(*googleapi.Error).Header. Use
-// googleapi.IsNotModified to check whether the returned error was
-// because http.StatusNotModified was returned.
-func (c *NotificationsListCall) Do(opts ...googleapi.CallOption) (*Notifications, error) {
-	gensupport.SetOptions(c.urlParams_, opts...)
-	res, err := c.doRequest("json")
-	if res != nil && res.StatusCode == http.StatusNotModified {
-		if res.Body != nil {
-			res.Body.Close()
-		}
-		return nil, gensupport.WrapError(&googleapi.Error{
-			Code:   res.StatusCode,
-			Header: res.Header,
-		})
-	}
-	if err != nil {
-		return nil, err
-	}
-	defer googleapi.CloseBody(res)
-	if err := googleapi.CheckResponse(res); err != nil {
-		return nil, gensupport.WrapError(err)
-	}
-	ret := &Notifications{
-		ServerResponse: googleapi.ServerResponse{
-			Header:         res.Header,
-			HTTPStatusCode: res.StatusCode,
-		},
-	}
-	target := &ret
-	if err := gensupport.DecodeResponse(target, res); err != nil {
-		return nil, err
-	}
-	return ret, nil
-	// {
-	//   "description": "Retrieves a list of notification subscriptions for a given bucket.",
-	//   "httpMethod": "GET",
-	//   "id": "storage.notifications.list",
-	//   "parameterOrder": [
-	//     "bucket"
-	//   ],
-	//   "parameters": {
-	//     "bucket": {
-	//       "description": "Name of a Google Cloud Storage bucket.",
-	//       "location": "path",
-	//       "required": true,
-	//       "type": "string"
-	//     },
-	//     "userProject": {
-	//       "description": "The project to be billed for this request. Required for Requester Pays buckets.",
-	//       "location": "query",
-	//       "type": "string"
-	//     }
-	//   },
-	//   "path": "b/{bucket}/notificationConfigs",
-	//   "response": {
-	//     "$ref": "Notifications"
-	//   },
-	//   "scopes": [
-	//     "https://www.googleapis.com/auth/cloud-platform",
-	//     "https://www.googleapis.com/auth/cloud-platform.read-only",
-	//     "https://www.googleapis.com/auth/devstorage.full_control",
-	//     "https://www.googleapis.com/auth/devstorage.read_only",
-	//     "https://www.googleapis.com/auth/devstorage.read_write"
-	//   ]
-	// }
-
-}
-
-// method id "storage.objectAccessControls.delete":
-
-type ObjectAccessControlsDeleteCall struct {
-	s          *Service
-	bucket     string
-	object     string
-	entity     string
-	urlParams_ gensupport.URLParams
-	ctx_       context.Context
-	header_    http.Header
-}
-
-// Delete: Permanently deletes the ACL entry for the specified entity on
-// the specified object.
-//
-//   - bucket: Name of a bucket.
-//   - entity: The entity holding the permission. Can be user-userId,
-//     user-emailAddress, group-groupId, group-emailAddress, allUsers, or
-//     allAuthenticatedUsers.
-//   - object: Name of the object. For information about how to URL encode
-//     object names to be path safe, see Encoding URI Path Parts.
-func (r *ObjectAccessControlsService) Delete(bucket string, object string, entity string) *ObjectAccessControlsDeleteCall {
-	c := &ObjectAccessControlsDeleteCall{s: r.s, urlParams_: make(gensupport.URLParams)}
-	c.bucket = bucket
-	c.object = object
-	c.entity = entity
-	return c
-}
-
-// Generation sets the optional parameter "generation": If present,
-// selects a specific revision of this object (as opposed to the latest
-// version, the default).
-func (c *ObjectAccessControlsDeleteCall) Generation(generation int64) *ObjectAccessControlsDeleteCall {
-	c.urlParams_.Set("generation", fmt.Sprint(generation))
-	return c
-}
-
-// UserProject sets the optional parameter "userProject": The project to
-// be billed for this request. Required for Requester Pays buckets.
-func (c *ObjectAccessControlsDeleteCall) UserProject(userProject string) *ObjectAccessControlsDeleteCall {
-	c.urlParams_.Set("userProject", userProject)
-	return c
-}
-
-// Fields allows partial responses to be retrieved. See
-// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
-// for more information.
-func (c *ObjectAccessControlsDeleteCall) Fields(s ...googleapi.Field) *ObjectAccessControlsDeleteCall {
-	c.urlParams_.Set("fields", googleapi.CombineFields(s))
-	return c
-}
-
-// Context sets the context to be used in this call's Do method. Any
-// pending HTTP request will be aborted if the provided context is
-// canceled.
-func (c *ObjectAccessControlsDeleteCall) Context(ctx context.Context) *ObjectAccessControlsDeleteCall {
-	c.ctx_ = ctx
-	return c
-}
-
-// Header returns an http.Header that can be modified by the caller to
-// add HTTP headers to the request.
-func (c *ObjectAccessControlsDeleteCall) Header() http.Header {
-	if c.header_ == nil {
-		c.header_ = make(http.Header)
-	}
-	return c.header_
-}
-
-func (c *ObjectAccessControlsDeleteCall) doRequest(alt string) (*http.Response, error) {
-	reqHeaders := make(http.Header)
-	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
-	for k, v := range c.header_ {
-		reqHeaders[k] = v
-	}
-	reqHeaders.Set("User-Agent", c.s.userAgent())
-	var body io.Reader = nil
-	c.urlParams_.Set("alt", alt)
-	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "b/{bucket}/o/{object}/acl/{entity}")
-	urls += "?" + c.urlParams_.Encode()
-	req, err := http.NewRequest("DELETE", urls, body)
-	if err != nil {
-		return nil, err
-	}
-	req.Header = reqHeaders
-	googleapi.Expand(req.URL, map[string]string{
-		"bucket": c.bucket,
-		"object": c.object,
-		"entity": c.entity,
-	})
-	return gensupport.SendRequest(c.ctx_, c.s.client, req)
-}
-
-// Do executes the "storage.objectAccessControls.delete" call.
-func (c *ObjectAccessControlsDeleteCall) Do(opts ...googleapi.CallOption) error {
-	gensupport.SetOptions(c.urlParams_, opts...)
-	res, err := c.doRequest("json")
-	if err != nil {
-		return err
-	}
-	defer googleapi.CloseBody(res)
-	if err := googleapi.CheckResponse(res); err != nil {
-		return gensupport.WrapError(err)
-	}
-	return nil
-	// {
-	//   "description": "Permanently deletes the ACL entry for the specified entity on the specified object.",
-	//   "httpMethod": "DELETE",
-	//   "id": "storage.objectAccessControls.delete",
-	//   "parameterOrder": [
-	//     "bucket",
-	//     "object",
-	//     "entity"
-	//   ],
-	//   "parameters": {
-	//     "bucket": {
-	//       "description": "Name of a bucket.",
-	//       "location": "path",
-	//       "required": true,
-	//       "type": "string"
-	//     },
-	//     "entity": {
-	//       "description": "The entity holding the permission. Can be user-userId, user-emailAddress, group-groupId, group-emailAddress, allUsers, or allAuthenticatedUsers.",
-	//       "location": "path",
-	//       "required": true,
-	//       "type": "string"
-	//     },
-	//     "generation": {
-	//       "description": "If present, selects a specific revision of this object (as opposed to the latest version, the default).",
-	//       "format": "int64",
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "object": {
-	//       "description": "Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.",
-	//       "location": "path",
-	//       "required": true,
-	//       "type": "string"
-	//     },
-	//     "userProject": {
-	//       "description": "The project to be billed for this request. Required for Requester Pays buckets.",
-	//       "location": "query",
-	//       "type": "string"
-	//     }
-	//   },
-	//   "path": "b/{bucket}/o/{object}/acl/{entity}",
-	//   "scopes": [
-	//     "https://www.googleapis.com/auth/cloud-platform",
-	//     "https://www.googleapis.com/auth/devstorage.full_control"
-	//   ]
-	// }
-
-}
-
-// method id "storage.objectAccessControls.get":
-
-type ObjectAccessControlsGetCall struct {
-	s            *Service
-	bucket       string
-	object       string
-	entity       string
-	urlParams_   gensupport.URLParams
-	ifNoneMatch_ string
-	ctx_         context.Context
-	header_      http.Header
-}
-
-// Get: Returns the ACL entry for the specified entity on the specified
-// object.
-//
-//   - bucket: Name of a bucket.
-//   - entity: The entity holding the permission. Can be user-userId,
-//     user-emailAddress, group-groupId, group-emailAddress, allUsers, or
-//     allAuthenticatedUsers.
-//   - object: Name of the object. For information about how to URL encode
-//     object names to be path safe, see Encoding URI Path Parts.
-func (r *ObjectAccessControlsService) Get(bucket string, object string, entity string) *ObjectAccessControlsGetCall {
-	c := &ObjectAccessControlsGetCall{s: r.s, urlParams_: make(gensupport.URLParams)}
-	c.bucket = bucket
-	c.object = object
-	c.entity = entity
-	return c
-}
-
-// Generation sets the optional parameter "generation": If present,
-// selects a specific revision of this object (as opposed to the latest
-// version, the default).
-func (c *ObjectAccessControlsGetCall) Generation(generation int64) *ObjectAccessControlsGetCall {
-	c.urlParams_.Set("generation", fmt.Sprint(generation))
-	return c
-}
-
-// UserProject sets the optional parameter "userProject": The project to
-// be billed for this request. Required for Requester Pays buckets.
-func (c *ObjectAccessControlsGetCall) UserProject(userProject string) *ObjectAccessControlsGetCall {
-	c.urlParams_.Set("userProject", userProject)
-	return c
-}
-
-// Fields allows partial responses to be retrieved. See
-// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
-// for more information.
-func (c *ObjectAccessControlsGetCall) Fields(s ...googleapi.Field) *ObjectAccessControlsGetCall {
-	c.urlParams_.Set("fields", googleapi.CombineFields(s))
-	return c
-}
-
-// IfNoneMatch sets the optional parameter which makes the operation
-// fail if the object's ETag matches the given value. This is useful for
-// getting updates only after the object has changed since the last
-// request. Use googleapi.IsNotModified to check whether the response
-// error from Do is the result of In-None-Match.
-func (c *ObjectAccessControlsGetCall) IfNoneMatch(entityTag string) *ObjectAccessControlsGetCall {
-	c.ifNoneMatch_ = entityTag
-	return c
-}
-
-// Context sets the context to be used in this call's Do method. Any
-// pending HTTP request will be aborted if the provided context is
-// canceled.
-func (c *ObjectAccessControlsGetCall) Context(ctx context.Context) *ObjectAccessControlsGetCall {
-	c.ctx_ = ctx
-	return c
-}
-
-// Header returns an http.Header that can be modified by the caller to
-// add HTTP headers to the request.
-func (c *ObjectAccessControlsGetCall) Header() http.Header {
-	if c.header_ == nil {
-		c.header_ = make(http.Header)
-	}
-	return c.header_
-}
-
-func (c *ObjectAccessControlsGetCall) doRequest(alt string) (*http.Response, error) {
-	reqHeaders := make(http.Header)
-	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
-	for k, v := range c.header_ {
-		reqHeaders[k] = v
-	}
-	reqHeaders.Set("User-Agent", c.s.userAgent())
-	if c.ifNoneMatch_ != "" {
-		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
-	}
-	var body io.Reader = nil
-	c.urlParams_.Set("alt", alt)
-	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "b/{bucket}/o/{object}/acl/{entity}")
-	urls += "?" + c.urlParams_.Encode()
-	req, err := http.NewRequest("GET", urls, body)
-	if err != nil {
-		return nil, err
-	}
-	req.Header = reqHeaders
-	googleapi.Expand(req.URL, map[string]string{
-		"bucket": c.bucket,
-		"object": c.object,
-		"entity": c.entity,
-	})
-	return gensupport.SendRequest(c.ctx_, c.s.client, req)
-}
-
-// Do executes the "storage.objectAccessControls.get" call.
-// Exactly one of *ObjectAccessControl or error will be non-nil. Any
-// non-2xx status code is an error. Response headers are in either
-// *ObjectAccessControl.ServerResponse.Header or (if a response was
-// returned at all) in error.(*googleapi.Error).Header. Use
-// googleapi.IsNotModified to check whether the returned error was
-// because http.StatusNotModified was returned.
-func (c *ObjectAccessControlsGetCall) Do(opts ...googleapi.CallOption) (*ObjectAccessControl, error) {
-	gensupport.SetOptions(c.urlParams_, opts...)
-	res, err := c.doRequest("json")
-	if res != nil && res.StatusCode == http.StatusNotModified {
-		if res.Body != nil {
-			res.Body.Close()
-		}
-		return nil, gensupport.WrapError(&googleapi.Error{
-			Code:   res.StatusCode,
-			Header: res.Header,
-		})
-	}
-	if err != nil {
-		return nil, err
-	}
-	defer googleapi.CloseBody(res)
-	if err := googleapi.CheckResponse(res); err != nil {
-		return nil, gensupport.WrapError(err)
-	}
-	ret := &ObjectAccessControl{
-		ServerResponse: googleapi.ServerResponse{
-			Header:         res.Header,
-			HTTPStatusCode: res.StatusCode,
-		},
-	}
-	target := &ret
-	if err := gensupport.DecodeResponse(target, res); err != nil {
-		return nil, err
-	}
-	return ret, nil
-	// {
-	//   "description": "Returns the ACL entry for the specified entity on the specified object.",
-	//   "httpMethod": "GET",
-	//   "id": "storage.objectAccessControls.get",
-	//   "parameterOrder": [
-	//     "bucket",
-	//     "object",
-	//     "entity"
-	//   ],
-	//   "parameters": {
-	//     "bucket": {
-	//       "description": "Name of a bucket.",
-	//       "location": "path",
-	//       "required": true,
-	//       "type": "string"
-	//     },
-	//     "entity": {
-	//       "description": "The entity holding the permission. Can be user-userId, user-emailAddress, group-groupId, group-emailAddress, allUsers, or allAuthenticatedUsers.",
-	//       "location": "path",
-	//       "required": true,
-	//       "type": "string"
-	//     },
-	//     "generation": {
-	//       "description": "If present, selects a specific revision of this object (as opposed to the latest version, the default).",
-	//       "format": "int64",
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "object": {
-	//       "description": "Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.",
-	//       "location": "path",
-	//       "required": true,
-	//       "type": "string"
-	//     },
-	//     "userProject": {
-	//       "description": "The project to be billed for this request. Required for Requester Pays buckets.",
-	//       "location": "query",
-	//       "type": "string"
-	//     }
-	//   },
-	//   "path": "b/{bucket}/o/{object}/acl/{entity}",
-	//   "response": {
-	//     "$ref": "ObjectAccessControl"
-	//   },
-	//   "scopes": [
-	//     "https://www.googleapis.com/auth/cloud-platform",
-	//     "https://www.googleapis.com/auth/devstorage.full_control"
-	//   ]
-	// }
-
-}
-
-// method id "storage.objectAccessControls.insert":
-
-type ObjectAccessControlsInsertCall struct {
-	s                   *Service
-	bucket              string
-	object              string
-	objectaccesscontrol *ObjectAccessControl
-	urlParams_          gensupport.URLParams
-	ctx_                context.Context
-	header_             http.Header
-}
-
-// Insert: Creates a new ACL entry on the specified object.
-//
-//   - bucket: Name of a bucket.
-//   - object: Name of the object. For information about how to URL encode
-//     object names to be path safe, see Encoding URI Path Parts.
-func (r *ObjectAccessControlsService) Insert(bucket string, object string, objectaccesscontrol *ObjectAccessControl) *ObjectAccessControlsInsertCall {
-	c := &ObjectAccessControlsInsertCall{s: r.s, urlParams_: make(gensupport.URLParams)}
-	c.bucket = bucket
-	c.object = object
-	c.objectaccesscontrol = objectaccesscontrol
-	return c
-}
-
-// Generation sets the optional parameter "generation": If present,
-// selects a specific revision of this object (as opposed to the latest
-// version, the default).
-func (c *ObjectAccessControlsInsertCall) Generation(generation int64) *ObjectAccessControlsInsertCall {
-	c.urlParams_.Set("generation", fmt.Sprint(generation))
-	return c
-}
-
-// UserProject sets the optional parameter "userProject": The project to
-// be billed for this request. Required for Requester Pays buckets.
-func (c *ObjectAccessControlsInsertCall) UserProject(userProject string) *ObjectAccessControlsInsertCall {
-	c.urlParams_.Set("userProject", userProject)
-	return c
-}
-
-// Fields allows partial responses to be retrieved. See
-// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
-// for more information.
-func (c *ObjectAccessControlsInsertCall) Fields(s ...googleapi.Field) *ObjectAccessControlsInsertCall {
-	c.urlParams_.Set("fields", googleapi.CombineFields(s))
-	return c
-}
-
-// Context sets the context to be used in this call's Do method. Any
-// pending HTTP request will be aborted if the provided context is
-// canceled.
-func (c *ObjectAccessControlsInsertCall) Context(ctx context.Context) *ObjectAccessControlsInsertCall {
-	c.ctx_ = ctx
-	return c
-}
-
-// Header returns an http.Header that can be modified by the caller to
-// add HTTP headers to the request.
-func (c *ObjectAccessControlsInsertCall) Header() http.Header {
-	if c.header_ == nil {
-		c.header_ = make(http.Header)
-	}
-	return c.header_
-}
-
-func (c *ObjectAccessControlsInsertCall) doRequest(alt string) (*http.Response, error) {
-	reqHeaders := make(http.Header)
-	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
-	for k, v := range c.header_ {
-		reqHeaders[k] = v
-	}
-	reqHeaders.Set("User-Agent", c.s.userAgent())
-	var body io.Reader = nil
-	body, err := googleapi.WithoutDataWrapper.JSONReader(c.objectaccesscontrol)
-	if err != nil {
-		return nil, err
-	}
-	reqHeaders.Set("Content-Type", "application/json")
-	c.urlParams_.Set("alt", alt)
-	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "b/{bucket}/o/{object}/acl")
-	urls += "?" + c.urlParams_.Encode()
-	req, err := http.NewRequest("POST", urls, body)
-	if err != nil {
-		return nil, err
-	}
-	req.Header = reqHeaders
-	googleapi.Expand(req.URL, map[string]string{
-		"bucket": c.bucket,
-		"object": c.object,
-	})
-	return gensupport.SendRequest(c.ctx_, c.s.client, req)
-}
-
-// Do executes the "storage.objectAccessControls.insert" call.
-// Exactly one of *ObjectAccessControl or error will be non-nil. Any
-// non-2xx status code is an error. Response headers are in either
-// *ObjectAccessControl.ServerResponse.Header or (if a response was
-// returned at all) in error.(*googleapi.Error).Header. Use
-// googleapi.IsNotModified to check whether the returned error was
-// because http.StatusNotModified was returned.
-func (c *ObjectAccessControlsInsertCall) Do(opts ...googleapi.CallOption) (*ObjectAccessControl, error) {
-	gensupport.SetOptions(c.urlParams_, opts...)
-	res, err := c.doRequest("json")
-	if res != nil && res.StatusCode == http.StatusNotModified {
-		if res.Body != nil {
-			res.Body.Close()
-		}
-		return nil, gensupport.WrapError(&googleapi.Error{
-			Code:   res.StatusCode,
-			Header: res.Header,
-		})
-	}
-	if err != nil {
-		return nil, err
-	}
-	defer googleapi.CloseBody(res)
-	if err := googleapi.CheckResponse(res); err != nil {
-		return nil, gensupport.WrapError(err)
-	}
-	ret := &ObjectAccessControl{
-		ServerResponse: googleapi.ServerResponse{
-			Header:         res.Header,
-			HTTPStatusCode: res.StatusCode,
-		},
-	}
-	target := &ret
-	if err := gensupport.DecodeResponse(target, res); err != nil {
-		return nil, err
-	}
-	return ret, nil
-	// {
-	//   "description": "Creates a new ACL entry on the specified object.",
-	//   "httpMethod": "POST",
-	//   "id": "storage.objectAccessControls.insert",
-	//   "parameterOrder": [
-	//     "bucket",
-	//     "object"
-	//   ],
-	//   "parameters": {
-	//     "bucket": {
-	//       "description": "Name of a bucket.",
-	//       "location": "path",
-	//       "required": true,
-	//       "type": "string"
-	//     },
-	//     "generation": {
-	//       "description": "If present, selects a specific revision of this object (as opposed to the latest version, the default).",
-	//       "format": "int64",
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "object": {
-	//       "description": "Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.",
-	//       "location": "path",
-	//       "required": true,
-	//       "type": "string"
-	//     },
-	//     "userProject": {
-	//       "description": "The project to be billed for this request. Required for Requester Pays buckets.",
-	//       "location": "query",
-	//       "type": "string"
-	//     }
-	//   },
-	//   "path": "b/{bucket}/o/{object}/acl",
-	//   "request": {
-	//     "$ref": "ObjectAccessControl"
-	//   },
-	//   "response": {
-	//     "$ref": "ObjectAccessControl"
-	//   },
-	//   "scopes": [
-	//     "https://www.googleapis.com/auth/cloud-platform",
-	//     "https://www.googleapis.com/auth/devstorage.full_control"
-	//   ]
-	// }
-
-}
-
-// method id "storage.objectAccessControls.list":
-
-type ObjectAccessControlsListCall struct {
-	s            *Service
-	bucket       string
-	object       string
-	urlParams_   gensupport.URLParams
-	ifNoneMatch_ string
-	ctx_         context.Context
-	header_      http.Header
-}
-
-// List: Retrieves ACL entries on the specified object.
-//
-//   - bucket: Name of a bucket.
-//   - object: Name of the object. For information about how to URL encode
-//     object names to be path safe, see Encoding URI Path Parts.
-func (r *ObjectAccessControlsService) List(bucket string, object string) *ObjectAccessControlsListCall {
-	c := &ObjectAccessControlsListCall{s: r.s, urlParams_: make(gensupport.URLParams)}
-	c.bucket = bucket
-	c.object = object
-	return c
-}
-
-// Generation sets the optional parameter "generation": If present,
-// selects a specific revision of this object (as opposed to the latest
-// version, the default).
-func (c *ObjectAccessControlsListCall) Generation(generation int64) *ObjectAccessControlsListCall {
-	c.urlParams_.Set("generation", fmt.Sprint(generation))
-	return c
-}
-
-// UserProject sets the optional parameter "userProject": The project to
-// be billed for this request. Required for Requester Pays buckets.
-func (c *ObjectAccessControlsListCall) UserProject(userProject string) *ObjectAccessControlsListCall {
-	c.urlParams_.Set("userProject", userProject)
-	return c
-}
-
-// Fields allows partial responses to be retrieved. See
-// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
-// for more information.
-func (c *ObjectAccessControlsListCall) Fields(s ...googleapi.Field) *ObjectAccessControlsListCall {
-	c.urlParams_.Set("fields", googleapi.CombineFields(s))
-	return c
-}
-
-// IfNoneMatch sets the optional parameter which makes the operation
-// fail if the object's ETag matches the given value. This is useful for
-// getting updates only after the object has changed since the last
-// request. Use googleapi.IsNotModified to check whether the response
-// error from Do is the result of In-None-Match.
-func (c *ObjectAccessControlsListCall) IfNoneMatch(entityTag string) *ObjectAccessControlsListCall {
-	c.ifNoneMatch_ = entityTag
-	return c
-}
-
-// Context sets the context to be used in this call's Do method. Any
-// pending HTTP request will be aborted if the provided context is
-// canceled.
-func (c *ObjectAccessControlsListCall) Context(ctx context.Context) *ObjectAccessControlsListCall {
-	c.ctx_ = ctx
-	return c
-}
-
-// Header returns an http.Header that can be modified by the caller to
-// add HTTP headers to the request.
-func (c *ObjectAccessControlsListCall) Header() http.Header {
-	if c.header_ == nil {
-		c.header_ = make(http.Header)
-	}
-	return c.header_
-}
-
-func (c *ObjectAccessControlsListCall) doRequest(alt string) (*http.Response, error) {
-	reqHeaders := make(http.Header)
-	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
-	for k, v := range c.header_ {
-		reqHeaders[k] = v
-	}
-	reqHeaders.Set("User-Agent", c.s.userAgent())
-	if c.ifNoneMatch_ != "" {
-		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
-	}
-	var body io.Reader = nil
-	c.urlParams_.Set("alt", alt)
-	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "b/{bucket}/o/{object}/acl")
-	urls += "?" + c.urlParams_.Encode()
-	req, err := http.NewRequest("GET", urls, body)
-	if err != nil {
-		return nil, err
-	}
-	req.Header = reqHeaders
-	googleapi.Expand(req.URL, map[string]string{
-		"bucket": c.bucket,
-		"object": c.object,
-	})
-	return gensupport.SendRequest(c.ctx_, c.s.client, req)
-}
-
-// Do executes the "storage.objectAccessControls.list" call.
-// Exactly one of *ObjectAccessControls or error will be non-nil. Any
-// non-2xx status code is an error. Response headers are in either
-// *ObjectAccessControls.ServerResponse.Header or (if a response was
-// returned at all) in error.(*googleapi.Error).Header. Use
-// googleapi.IsNotModified to check whether the returned error was
-// because http.StatusNotModified was returned.
-func (c *ObjectAccessControlsListCall) Do(opts ...googleapi.CallOption) (*ObjectAccessControls, error) {
-	gensupport.SetOptions(c.urlParams_, opts...)
-	res, err := c.doRequest("json")
-	if res != nil && res.StatusCode == http.StatusNotModified {
-		if res.Body != nil {
-			res.Body.Close()
-		}
-		return nil, gensupport.WrapError(&googleapi.Error{
-			Code:   res.StatusCode,
-			Header: res.Header,
-		})
-	}
-	if err != nil {
-		return nil, err
-	}
-	defer googleapi.CloseBody(res)
-	if err := googleapi.CheckResponse(res); err != nil {
-		return nil, gensupport.WrapError(err)
-	}
-	ret := &ObjectAccessControls{
-		ServerResponse: googleapi.ServerResponse{
-			Header:         res.Header,
-			HTTPStatusCode: res.StatusCode,
-		},
-	}
-	target := &ret
-	if err := gensupport.DecodeResponse(target, res); err != nil {
-		return nil, err
-	}
-	return ret, nil
-	// {
-	//   "description": "Retrieves ACL entries on the specified object.",
-	//   "httpMethod": "GET",
-	//   "id": "storage.objectAccessControls.list",
-	//   "parameterOrder": [
-	//     "bucket",
-	//     "object"
-	//   ],
-	//   "parameters": {
-	//     "bucket": {
-	//       "description": "Name of a bucket.",
-	//       "location": "path",
-	//       "required": true,
-	//       "type": "string"
-	//     },
-	//     "generation": {
-	//       "description": "If present, selects a specific revision of this object (as opposed to the latest version, the default).",
-	//       "format": "int64",
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "object": {
-	//       "description": "Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.",
-	//       "location": "path",
-	//       "required": true,
-	//       "type": "string"
-	//     },
-	//     "userProject": {
-	//       "description": "The project to be billed for this request. Required for Requester Pays buckets.",
-	//       "location": "query",
-	//       "type": "string"
-	//     }
-	//   },
-	//   "path": "b/{bucket}/o/{object}/acl",
-	//   "response": {
-	//     "$ref": "ObjectAccessControls"
-	//   },
-	//   "scopes": [
-	//     "https://www.googleapis.com/auth/cloud-platform",
-	//     "https://www.googleapis.com/auth/devstorage.full_control"
-	//   ]
-	// }
-
-}
-
-// method id "storage.objectAccessControls.patch":
-
-type ObjectAccessControlsPatchCall struct {
-	s                   *Service
-	bucket              string
-	object              string
-	entity              string
-	objectaccesscontrol *ObjectAccessControl
-	urlParams_          gensupport.URLParams
-	ctx_                context.Context
-	header_             http.Header
-}
-
-// Patch: Patches an ACL entry on the specified object.
-//
-//   - bucket: Name of a bucket.
-//   - entity: The entity holding the permission. Can be user-userId,
-//     user-emailAddress, group-groupId, group-emailAddress, allUsers, or
-//     allAuthenticatedUsers.
-//   - object: Name of the object. For information about how to URL encode
-//     object names to be path safe, see Encoding URI Path Parts.
-func (r *ObjectAccessControlsService) Patch(bucket string, object string, entity string, objectaccesscontrol *ObjectAccessControl) *ObjectAccessControlsPatchCall {
-	c := &ObjectAccessControlsPatchCall{s: r.s, urlParams_: make(gensupport.URLParams)}
-	c.bucket = bucket
-	c.object = object
-	c.entity = entity
-	c.objectaccesscontrol = objectaccesscontrol
-	return c
-}
-
-// Generation sets the optional parameter "generation": If present,
-// selects a specific revision of this object (as opposed to the latest
-// version, the default).
-func (c *ObjectAccessControlsPatchCall) Generation(generation int64) *ObjectAccessControlsPatchCall {
-	c.urlParams_.Set("generation", fmt.Sprint(generation))
-	return c
-}
-
-// UserProject sets the optional parameter "userProject": The project to
-// be billed for this request. Required for Requester Pays buckets.
-func (c *ObjectAccessControlsPatchCall) UserProject(userProject string) *ObjectAccessControlsPatchCall {
-	c.urlParams_.Set("userProject", userProject)
-	return c
-}
-
-// Fields allows partial responses to be retrieved. See
-// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
-// for more information.
-func (c *ObjectAccessControlsPatchCall) Fields(s ...googleapi.Field) *ObjectAccessControlsPatchCall {
-	c.urlParams_.Set("fields", googleapi.CombineFields(s))
-	return c
-}
-
-// Context sets the context to be used in this call's Do method. Any
-// pending HTTP request will be aborted if the provided context is
-// canceled.
-func (c *ObjectAccessControlsPatchCall) Context(ctx context.Context) *ObjectAccessControlsPatchCall {
-	c.ctx_ = ctx
-	return c
-}
-
-// Header returns an http.Header that can be modified by the caller to
-// add HTTP headers to the request.
-func (c *ObjectAccessControlsPatchCall) Header() http.Header {
-	if c.header_ == nil {
-		c.header_ = make(http.Header)
-	}
-	return c.header_
-}
-
-func (c *ObjectAccessControlsPatchCall) doRequest(alt string) (*http.Response, error) {
-	reqHeaders := make(http.Header)
-	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
-	for k, v := range c.header_ {
-		reqHeaders[k] = v
-	}
-	reqHeaders.Set("User-Agent", c.s.userAgent())
-	var body io.Reader = nil
-	body, err := googleapi.WithoutDataWrapper.JSONReader(c.objectaccesscontrol)
-	if err != nil {
-		return nil, err
-	}
-	reqHeaders.Set("Content-Type", "application/json")
-	c.urlParams_.Set("alt", alt)
-	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "b/{bucket}/o/{object}/acl/{entity}")
-	urls += "?" + c.urlParams_.Encode()
-	req, err := http.NewRequest("PATCH", urls, body)
-	if err != nil {
-		return nil, err
-	}
-	req.Header = reqHeaders
-	googleapi.Expand(req.URL, map[string]string{
-		"bucket": c.bucket,
-		"object": c.object,
-		"entity": c.entity,
-	})
-	return gensupport.SendRequest(c.ctx_, c.s.client, req)
-}
-
-// Do executes the "storage.objectAccessControls.patch" call.
-// Exactly one of *ObjectAccessControl or error will be non-nil. Any
-// non-2xx status code is an error. Response headers are in either
-// *ObjectAccessControl.ServerResponse.Header or (if a response was
-// returned at all) in error.(*googleapi.Error).Header. Use
-// googleapi.IsNotModified to check whether the returned error was
-// because http.StatusNotModified was returned.
-func (c *ObjectAccessControlsPatchCall) Do(opts ...googleapi.CallOption) (*ObjectAccessControl, error) {
-	gensupport.SetOptions(c.urlParams_, opts...)
-	res, err := c.doRequest("json")
-	if res != nil && res.StatusCode == http.StatusNotModified {
-		if res.Body != nil {
-			res.Body.Close()
-		}
-		return nil, gensupport.WrapError(&googleapi.Error{
-			Code:   res.StatusCode,
-			Header: res.Header,
-		})
-	}
-	if err != nil {
-		return nil, err
-	}
-	defer googleapi.CloseBody(res)
-	if err := googleapi.CheckResponse(res); err != nil {
-		return nil, gensupport.WrapError(err)
-	}
-	ret := &ObjectAccessControl{
-		ServerResponse: googleapi.ServerResponse{
-			Header:         res.Header,
-			HTTPStatusCode: res.StatusCode,
-		},
-	}
-	target := &ret
-	if err := gensupport.DecodeResponse(target, res); err != nil {
-		return nil, err
-	}
-	return ret, nil
-	// {
-	//   "description": "Patches an ACL entry on the specified object.",
-	//   "httpMethod": "PATCH",
-	//   "id": "storage.objectAccessControls.patch",
-	//   "parameterOrder": [
-	//     "bucket",
-	//     "object",
-	//     "entity"
-	//   ],
-	//   "parameters": {
-	//     "bucket": {
-	//       "description": "Name of a bucket.",
-	//       "location": "path",
-	//       "required": true,
-	//       "type": "string"
-	//     },
-	//     "entity": {
-	//       "description": "The entity holding the permission. Can be user-userId, user-emailAddress, group-groupId, group-emailAddress, allUsers, or allAuthenticatedUsers.",
-	//       "location": "path",
-	//       "required": true,
-	//       "type": "string"
-	//     },
-	//     "generation": {
-	//       "description": "If present, selects a specific revision of this object (as opposed to the latest version, the default).",
-	//       "format": "int64",
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "object": {
-	//       "description": "Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.",
-	//       "location": "path",
-	//       "required": true,
-	//       "type": "string"
-	//     },
-	//     "userProject": {
-	//       "description": "The project to be billed for this request. Required for Requester Pays buckets.",
-	//       "location": "query",
-	//       "type": "string"
-	//     }
-	//   },
-	//   "path": "b/{bucket}/o/{object}/acl/{entity}",
-	//   "request": {
-	//     "$ref": "ObjectAccessControl"
-	//   },
-	//   "response": {
-	//     "$ref": "ObjectAccessControl"
-	//   },
-	//   "scopes": [
-	//     "https://www.googleapis.com/auth/cloud-platform",
-	//     "https://www.googleapis.com/auth/devstorage.full_control"
-	//   ]
-	// }
-
-}
-
-// method id "storage.objectAccessControls.update":
-
-type ObjectAccessControlsUpdateCall struct {
-	s                   *Service
-	bucket              string
-	object              string
-	entity              string
-	objectaccesscontrol *ObjectAccessControl
-	urlParams_          gensupport.URLParams
-	ctx_                context.Context
-	header_             http.Header
-}
-
-// Update: Updates an ACL entry on the specified object.
-//
-//   - bucket: Name of a bucket.
-//   - entity: The entity holding the permission. Can be user-userId,
-//     user-emailAddress, group-groupId, group-emailAddress, allUsers, or
-//     allAuthenticatedUsers.
-//   - object: Name of the object. For information about how to URL encode
-//     object names to be path safe, see Encoding URI Path Parts.
-func (r *ObjectAccessControlsService) Update(bucket string, object string, entity string, objectaccesscontrol *ObjectAccessControl) *ObjectAccessControlsUpdateCall {
-	c := &ObjectAccessControlsUpdateCall{s: r.s, urlParams_: make(gensupport.URLParams)}
-	c.bucket = bucket
-	c.object = object
-	c.entity = entity
-	c.objectaccesscontrol = objectaccesscontrol
-	return c
-}
-
-// Generation sets the optional parameter "generation": If present,
-// selects a specific revision of this object (as opposed to the latest
-// version, the default).
-func (c *ObjectAccessControlsUpdateCall) Generation(generation int64) *ObjectAccessControlsUpdateCall {
-	c.urlParams_.Set("generation", fmt.Sprint(generation))
-	return c
-}
-
-// UserProject sets the optional parameter "userProject": The project to
-// be billed for this request. Required for Requester Pays buckets.
-func (c *ObjectAccessControlsUpdateCall) UserProject(userProject string) *ObjectAccessControlsUpdateCall {
-	c.urlParams_.Set("userProject", userProject)
-	return c
-}
-
-// Fields allows partial responses to be retrieved. See
-// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
-// for more information.
-func (c *ObjectAccessControlsUpdateCall) Fields(s ...googleapi.Field) *ObjectAccessControlsUpdateCall {
-	c.urlParams_.Set("fields", googleapi.CombineFields(s))
-	return c
-}
-
-// Context sets the context to be used in this call's Do method. Any
-// pending HTTP request will be aborted if the provided context is
-// canceled.
-func (c *ObjectAccessControlsUpdateCall) Context(ctx context.Context) *ObjectAccessControlsUpdateCall {
-	c.ctx_ = ctx
-	return c
-}
-
-// Header returns an http.Header that can be modified by the caller to
-// add HTTP headers to the request.
-func (c *ObjectAccessControlsUpdateCall) Header() http.Header {
-	if c.header_ == nil {
-		c.header_ = make(http.Header)
-	}
-	return c.header_
-}
-
-func (c *ObjectAccessControlsUpdateCall) doRequest(alt string) (*http.Response, error) {
-	reqHeaders := make(http.Header)
-	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
-	for k, v := range c.header_ {
-		reqHeaders[k] = v
-	}
-	reqHeaders.Set("User-Agent", c.s.userAgent())
-	var body io.Reader = nil
-	body, err := googleapi.WithoutDataWrapper.JSONReader(c.objectaccesscontrol)
-	if err != nil {
-		return nil, err
-	}
-	reqHeaders.Set("Content-Type", "application/json")
-	c.urlParams_.Set("alt", alt)
-	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "b/{bucket}/o/{object}/acl/{entity}")
-	urls += "?" + c.urlParams_.Encode()
-	req, err := http.NewRequest("PUT", urls, body)
-	if err != nil {
-		return nil, err
-	}
-	req.Header = reqHeaders
-	googleapi.Expand(req.URL, map[string]string{
-		"bucket": c.bucket,
-		"object": c.object,
-		"entity": c.entity,
-	})
-	return gensupport.SendRequest(c.ctx_, c.s.client, req)
-}
-
-// Do executes the "storage.objectAccessControls.update" call.
-// Exactly one of *ObjectAccessControl or error will be non-nil. Any
-// non-2xx status code is an error. Response headers are in either
-// *ObjectAccessControl.ServerResponse.Header or (if a response was
-// returned at all) in error.(*googleapi.Error).Header. Use
-// googleapi.IsNotModified to check whether the returned error was
-// because http.StatusNotModified was returned.
-func (c *ObjectAccessControlsUpdateCall) Do(opts ...googleapi.CallOption) (*ObjectAccessControl, error) {
-	gensupport.SetOptions(c.urlParams_, opts...)
-	res, err := c.doRequest("json")
-	if res != nil && res.StatusCode == http.StatusNotModified {
-		if res.Body != nil {
-			res.Body.Close()
-		}
-		return nil, gensupport.WrapError(&googleapi.Error{
-			Code:   res.StatusCode,
-			Header: res.Header,
-		})
-	}
-	if err != nil {
-		return nil, err
-	}
-	defer googleapi.CloseBody(res)
-	if err := googleapi.CheckResponse(res); err != nil {
-		return nil, gensupport.WrapError(err)
-	}
-	ret := &ObjectAccessControl{
-		ServerResponse: googleapi.ServerResponse{
-			Header:         res.Header,
-			HTTPStatusCode: res.StatusCode,
-		},
-	}
-	target := &ret
-	if err := gensupport.DecodeResponse(target, res); err != nil {
-		return nil, err
-	}
-	return ret, nil
-	// {
-	//   "description": "Updates an ACL entry on the specified object.",
-	//   "httpMethod": "PUT",
-	//   "id": "storage.objectAccessControls.update",
-	//   "parameterOrder": [
-	//     "bucket",
-	//     "object",
-	//     "entity"
-	//   ],
-	//   "parameters": {
-	//     "bucket": {
-	//       "description": "Name of a bucket.",
-	//       "location": "path",
-	//       "required": true,
-	//       "type": "string"
-	//     },
-	//     "entity": {
-	//       "description": "The entity holding the permission. Can be user-userId, user-emailAddress, group-groupId, group-emailAddress, allUsers, or allAuthenticatedUsers.",
-	//       "location": "path",
-	//       "required": true,
-	//       "type": "string"
-	//     },
-	//     "generation": {
-	//       "description": "If present, selects a specific revision of this object (as opposed to the latest version, the default).",
-	//       "format": "int64",
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "object": {
-	//       "description": "Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.",
-	//       "location": "path",
-	//       "required": true,
-	//       "type": "string"
-	//     },
-	//     "userProject": {
-	//       "description": "The project to be billed for this request. Required for Requester Pays buckets.",
-	//       "location": "query",
-	//       "type": "string"
-	//     }
-	//   },
-	//   "path": "b/{bucket}/o/{object}/acl/{entity}",
-	//   "request": {
-	//     "$ref": "ObjectAccessControl"
-	//   },
-	//   "response": {
-	//     "$ref": "ObjectAccessControl"
-	//   },
-	//   "scopes": [
-	//     "https://www.googleapis.com/auth/cloud-platform",
-	//     "https://www.googleapis.com/auth/devstorage.full_control"
-	//   ]
-	// }
-
-}
-
-// method id "storage.objects.compose":
-
-type ObjectsComposeCall struct {
-	s                 *Service
-	destinationBucket string
-	destinationObject string
-	composerequest    *ComposeRequest
-	urlParams_        gensupport.URLParams
-	ctx_              context.Context
-	header_           http.Header
-}
-
-// Compose: Concatenates a list of existing objects into a new object in
-// the same bucket.
-//
-//   - destinationBucket: Name of the bucket containing the source
-//     objects. The destination object is stored in this bucket.
-//   - destinationObject: Name of the new object. For information about
-//     how to URL encode object names to be path safe, see Encoding URI
-//     Path Parts.
-func (r *ObjectsService) Compose(destinationBucket string, destinationObject string, composerequest *ComposeRequest) *ObjectsComposeCall {
-	c := &ObjectsComposeCall{s: r.s, urlParams_: make(gensupport.URLParams)}
-	c.destinationBucket = destinationBucket
-	c.destinationObject = destinationObject
-	c.composerequest = composerequest
-	return c
-}
-
-// DestinationPredefinedAcl sets the optional parameter
-// "destinationPredefinedAcl": Apply a predefined set of access controls
-// to the destination object.
-//
-// Possible values:
-//
-//	"authenticatedRead" - Object owner gets OWNER access, and
-//
-// allAuthenticatedUsers get READER access.
-//
-//	"bucketOwnerFullControl" - Object owner gets OWNER access, and
-//
-// project team owners get OWNER access.
-//
-//	"bucketOwnerRead" - Object owner gets OWNER access, and project
-//
-// team owners get READER access.
-//
-//	"private" - Object owner gets OWNER access.
-//	"projectPrivate" - Object owner gets OWNER access, and project team
-//
-// members get access according to their roles.
-//
-//	"publicRead" - Object owner gets OWNER access, and allUsers get
-//
-// READER access.
-func (c *ObjectsComposeCall) DestinationPredefinedAcl(destinationPredefinedAcl string) *ObjectsComposeCall {
-	c.urlParams_.Set("destinationPredefinedAcl", destinationPredefinedAcl)
-	return c
-}
-
-// IfGenerationMatch sets the optional parameter "ifGenerationMatch":
-// Makes the operation conditional on whether the object's current
-// generation matches the given value. Setting to 0 makes the operation
-// succeed only if there are no live versions of the object.
-func (c *ObjectsComposeCall) IfGenerationMatch(ifGenerationMatch int64) *ObjectsComposeCall {
-	c.urlParams_.Set("ifGenerationMatch", fmt.Sprint(ifGenerationMatch))
-	return c
-}
-
-// IfMetagenerationMatch sets the optional parameter
-// "ifMetagenerationMatch": Makes the operation conditional on whether
-// the object's current metageneration matches the given value.
-func (c *ObjectsComposeCall) IfMetagenerationMatch(ifMetagenerationMatch int64) *ObjectsComposeCall {
-	c.urlParams_.Set("ifMetagenerationMatch", fmt.Sprint(ifMetagenerationMatch))
-	return c
-}
-
-// KmsKeyName sets the optional parameter "kmsKeyName": Resource name of
-// the Cloud KMS key, of the form
-// projects/my-project/locations/global/keyRings/my-kr/cryptoKeys/my-key,
-//
-//	that will be used to encrypt the object. Overrides the object
-//
-// metadata's kms_key_name value, if any.
-func (c *ObjectsComposeCall) KmsKeyName(kmsKeyName string) *ObjectsComposeCall {
-	c.urlParams_.Set("kmsKeyName", kmsKeyName)
-	return c
-}
-
-// UserProject sets the optional parameter "userProject": The project to
-// be billed for this request. Required for Requester Pays buckets.
-func (c *ObjectsComposeCall) UserProject(userProject string) *ObjectsComposeCall {
-	c.urlParams_.Set("userProject", userProject)
-	return c
-}
-
-// Fields allows partial responses to be retrieved. See
-// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
-// for more information.
-func (c *ObjectsComposeCall) Fields(s ...googleapi.Field) *ObjectsComposeCall {
-	c.urlParams_.Set("fields", googleapi.CombineFields(s))
-	return c
-}
-
-// Context sets the context to be used in this call's Do method. Any
-// pending HTTP request will be aborted if the provided context is
-// canceled.
-func (c *ObjectsComposeCall) Context(ctx context.Context) *ObjectsComposeCall {
-	c.ctx_ = ctx
-	return c
-}
-
-// Header returns an http.Header that can be modified by the caller to
-// add HTTP headers to the request.
-func (c *ObjectsComposeCall) Header() http.Header {
-	if c.header_ == nil {
-		c.header_ = make(http.Header)
-	}
-	return c.header_
-}
-
-func (c *ObjectsComposeCall) doRequest(alt string) (*http.Response, error) {
-	reqHeaders := make(http.Header)
-	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
-	for k, v := range c.header_ {
-		reqHeaders[k] = v
-	}
-	reqHeaders.Set("User-Agent", c.s.userAgent())
-	var body io.Reader = nil
-	body, err := googleapi.WithoutDataWrapper.JSONReader(c.composerequest)
-	if err != nil {
-		return nil, err
-	}
-	reqHeaders.Set("Content-Type", "application/json")
-	c.urlParams_.Set("alt", alt)
-	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "b/{destinationBucket}/o/{destinationObject}/compose")
-	urls += "?" + c.urlParams_.Encode()
-	req, err := http.NewRequest("POST", urls, body)
-	if err != nil {
-		return nil, err
-	}
-	req.Header = reqHeaders
-	googleapi.Expand(req.URL, map[string]string{
-		"destinationBucket": c.destinationBucket,
-		"destinationObject": c.destinationObject,
-	})
-	return gensupport.SendRequest(c.ctx_, c.s.client, req)
-}
-
-// Do executes the "storage.objects.compose" call.
-// Exactly one of *Object or error will be non-nil. Any non-2xx status
-// code is an error. Response headers are in either
-// *Object.ServerResponse.Header or (if a response was returned at all)
-// in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to
-// check whether the returned error was because http.StatusNotModified
-// was returned.
-func (c *ObjectsComposeCall) Do(opts ...googleapi.CallOption) (*Object, error) {
-	gensupport.SetOptions(c.urlParams_, opts...)
-	res, err := c.doRequest("json")
-	if res != nil && res.StatusCode == http.StatusNotModified {
-		if res.Body != nil {
-			res.Body.Close()
-		}
-		return nil, gensupport.WrapError(&googleapi.Error{
-			Code:   res.StatusCode,
-			Header: res.Header,
-		})
-	}
-	if err != nil {
-		return nil, err
-	}
-	defer googleapi.CloseBody(res)
-	if err := googleapi.CheckResponse(res); err != nil {
-		return nil, gensupport.WrapError(err)
-	}
-	ret := &Object{
-		ServerResponse: googleapi.ServerResponse{
-			Header:         res.Header,
-			HTTPStatusCode: res.StatusCode,
-		},
-	}
-	target := &ret
-	if err := gensupport.DecodeResponse(target, res); err != nil {
-		return nil, err
-	}
-	return ret, nil
-	// {
-	//   "description": "Concatenates a list of existing objects into a new object in the same bucket.",
-	//   "httpMethod": "POST",
-	//   "id": "storage.objects.compose",
-	//   "parameterOrder": [
-	//     "destinationBucket",
-	//     "destinationObject"
-	//   ],
-	//   "parameters": {
-	//     "destinationBucket": {
-	//       "description": "Name of the bucket containing the source objects. The destination object is stored in this bucket.",
-	//       "location": "path",
-	//       "required": true,
-	//       "type": "string"
-	//     },
-	//     "destinationObject": {
-	//       "description": "Name of the new object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.",
-	//       "location": "path",
-	//       "required": true,
-	//       "type": "string"
-	//     },
-	//     "destinationPredefinedAcl": {
-	//       "description": "Apply a predefined set of access controls to the destination object.",
-	//       "enum": [
-	//         "authenticatedRead",
-	//         "bucketOwnerFullControl",
-	//         "bucketOwnerRead",
-	//         "private",
-	//         "projectPrivate",
-	//         "publicRead"
-	//       ],
-	//       "enumDescriptions": [
-	//         "Object owner gets OWNER access, and allAuthenticatedUsers get READER access.",
-	//         "Object owner gets OWNER access, and project team owners get OWNER access.",
-	//         "Object owner gets OWNER access, and project team owners get READER access.",
-	//         "Object owner gets OWNER access.",
-	//         "Object owner gets OWNER access, and project team members get access according to their roles.",
-	//         "Object owner gets OWNER access, and allUsers get READER access."
-	//       ],
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "ifGenerationMatch": {
-	//       "description": "Makes the operation conditional on whether the object's current generation matches the given value. Setting to 0 makes the operation succeed only if there are no live versions of the object.",
-	//       "format": "int64",
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "ifMetagenerationMatch": {
-	//       "description": "Makes the operation conditional on whether the object's current metageneration matches the given value.",
-	//       "format": "int64",
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "kmsKeyName": {
-	//       "description": "Resource name of the Cloud KMS key, of the form projects/my-project/locations/global/keyRings/my-kr/cryptoKeys/my-key, that will be used to encrypt the object. Overrides the object metadata's kms_key_name value, if any.",
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "userProject": {
-	//       "description": "The project to be billed for this request. Required for Requester Pays buckets.",
-	//       "location": "query",
-	//       "type": "string"
-	//     }
-	//   },
-	//   "path": "b/{destinationBucket}/o/{destinationObject}/compose",
-	//   "request": {
-	//     "$ref": "ComposeRequest"
-	//   },
-	//   "response": {
-	//     "$ref": "Object"
-	//   },
-	//   "scopes": [
-	//     "https://www.googleapis.com/auth/cloud-platform",
-	//     "https://www.googleapis.com/auth/devstorage.full_control",
-	//     "https://www.googleapis.com/auth/devstorage.read_write"
-	//   ]
-	// }
-
-}
-
-// method id "storage.objects.copy":
-
-type ObjectsCopyCall struct {
-	s                 *Service
-	sourceBucket      string
-	sourceObject      string
-	destinationBucket string
-	destinationObject string
-	object            *Object
-	urlParams_        gensupport.URLParams
-	ctx_              context.Context
-	header_           http.Header
-}
-
-// Copy: Copies a source object to a destination object. Optionally
-// overrides metadata.
-//
-//   - destinationBucket: Name of the bucket in which to store the new
-//     object. Overrides the provided object metadata's bucket value, if
-//     any.For information about how to URL encode object names to be path
-//     safe, see Encoding URI Path Parts.
-//   - destinationObject: Name of the new object. Required when the object
-//     metadata is not otherwise provided. Overrides the object metadata's
-//     name value, if any.
-//   - sourceBucket: Name of the bucket in which to find the source
-//     object.
-//   - sourceObject: Name of the source object. For information about how
-//     to URL encode object names to be path safe, see Encoding URI Path
-//     Parts.
-func (r *ObjectsService) Copy(sourceBucket string, sourceObject string, destinationBucket string, destinationObject string, object *Object) *ObjectsCopyCall {
-	c := &ObjectsCopyCall{s: r.s, urlParams_: make(gensupport.URLParams)}
-	c.sourceBucket = sourceBucket
-	c.sourceObject = sourceObject
-	c.destinationBucket = destinationBucket
-	c.destinationObject = destinationObject
-	c.object = object
-	return c
-}
-
-// DestinationKmsKeyName sets the optional parameter
-// "destinationKmsKeyName": Resource name of the Cloud KMS key, of the
-// form
-// projects/my-project/locations/global/keyRings/my-kr/cryptoKeys/my-key,
-//
-//	that will be used to encrypt the object. Overrides the object
-//
-// metadata's kms_key_name value, if any.
-func (c *ObjectsCopyCall) DestinationKmsKeyName(destinationKmsKeyName string) *ObjectsCopyCall {
-	c.urlParams_.Set("destinationKmsKeyName", destinationKmsKeyName)
-	return c
-}
-
-// DestinationPredefinedAcl sets the optional parameter
-// "destinationPredefinedAcl": Apply a predefined set of access controls
-// to the destination object.
-//
-// Possible values:
-//
-//	"authenticatedRead" - Object owner gets OWNER access, and
-//
-// allAuthenticatedUsers get READER access.
-//
-//	"bucketOwnerFullControl" - Object owner gets OWNER access, and
-//
-// project team owners get OWNER access.
-//
-//	"bucketOwnerRead" - Object owner gets OWNER access, and project
-//
-// team owners get READER access.
-//
-//	"private" - Object owner gets OWNER access.
-//	"projectPrivate" - Object owner gets OWNER access, and project team
-//
-// members get access according to their roles.
-//
-//	"publicRead" - Object owner gets OWNER access, and allUsers get
-//
-// READER access.
-func (c *ObjectsCopyCall) DestinationPredefinedAcl(destinationPredefinedAcl string) *ObjectsCopyCall {
-	c.urlParams_.Set("destinationPredefinedAcl", destinationPredefinedAcl)
-	return c
-}
-
-// IfGenerationMatch sets the optional parameter "ifGenerationMatch":
-// Makes the operation conditional on whether the destination object's
-// current generation matches the given value. Setting to 0 makes the
-// operation succeed only if there are no live versions of the object.
-func (c *ObjectsCopyCall) IfGenerationMatch(ifGenerationMatch int64) *ObjectsCopyCall {
-	c.urlParams_.Set("ifGenerationMatch", fmt.Sprint(ifGenerationMatch))
-	return c
-}
-
-// IfGenerationNotMatch sets the optional parameter
-// "ifGenerationNotMatch": Makes the operation conditional on whether
-// the destination object's current generation does not match the given
-// value. If no live object exists, the precondition fails. Setting to 0
-// makes the operation succeed only if there is a live version of the
-// object.
-func (c *ObjectsCopyCall) IfGenerationNotMatch(ifGenerationNotMatch int64) *ObjectsCopyCall {
-	c.urlParams_.Set("ifGenerationNotMatch", fmt.Sprint(ifGenerationNotMatch))
-	return c
-}
-
-// IfMetagenerationMatch sets the optional parameter
-// "ifMetagenerationMatch": Makes the operation conditional on whether
-// the destination object's current metageneration matches the given
-// value.
-func (c *ObjectsCopyCall) IfMetagenerationMatch(ifMetagenerationMatch int64) *ObjectsCopyCall {
-	c.urlParams_.Set("ifMetagenerationMatch", fmt.Sprint(ifMetagenerationMatch))
-	return c
-}
-
-// IfMetagenerationNotMatch sets the optional parameter
-// "ifMetagenerationNotMatch": Makes the operation conditional on
-// whether the destination object's current metageneration does not
-// match the given value.
-func (c *ObjectsCopyCall) IfMetagenerationNotMatch(ifMetagenerationNotMatch int64) *ObjectsCopyCall {
-	c.urlParams_.Set("ifMetagenerationNotMatch", fmt.Sprint(ifMetagenerationNotMatch))
-	return c
-}
-
-// IfSourceGenerationMatch sets the optional parameter
-// "ifSourceGenerationMatch": Makes the operation conditional on whether
-// the source object's current generation matches the given value.
-func (c *ObjectsCopyCall) IfSourceGenerationMatch(ifSourceGenerationMatch int64) *ObjectsCopyCall {
-	c.urlParams_.Set("ifSourceGenerationMatch", fmt.Sprint(ifSourceGenerationMatch))
-	return c
-}
-
-// IfSourceGenerationNotMatch sets the optional parameter
-// "ifSourceGenerationNotMatch": Makes the operation conditional on
-// whether the source object's current generation does not match the
-// given value.
-func (c *ObjectsCopyCall) IfSourceGenerationNotMatch(ifSourceGenerationNotMatch int64) *ObjectsCopyCall {
-	c.urlParams_.Set("ifSourceGenerationNotMatch", fmt.Sprint(ifSourceGenerationNotMatch))
-	return c
-}
-
-// IfSourceMetagenerationMatch sets the optional parameter
-// "ifSourceMetagenerationMatch": Makes the operation conditional on
-// whether the source object's current metageneration matches the given
-// value.
-func (c *ObjectsCopyCall) IfSourceMetagenerationMatch(ifSourceMetagenerationMatch int64) *ObjectsCopyCall {
-	c.urlParams_.Set("ifSourceMetagenerationMatch", fmt.Sprint(ifSourceMetagenerationMatch))
-	return c
-}
-
-// IfSourceMetagenerationNotMatch sets the optional parameter
-// "ifSourceMetagenerationNotMatch": Makes the operation conditional on
-// whether the source object's current metageneration does not match the
-// given value.
-func (c *ObjectsCopyCall) IfSourceMetagenerationNotMatch(ifSourceMetagenerationNotMatch int64) *ObjectsCopyCall {
-	c.urlParams_.Set("ifSourceMetagenerationNotMatch", fmt.Sprint(ifSourceMetagenerationNotMatch))
-	return c
-}
-
-// Projection sets the optional parameter "projection": Set of
-// properties to return. Defaults to noAcl, unless the object resource
-// specifies the acl property, when it defaults to full.
-//
-// Possible values:
-//
-//	"full" - Include all properties.
-//	"noAcl" - Omit the owner, acl property.
-func (c *ObjectsCopyCall) Projection(projection string) *ObjectsCopyCall {
-	c.urlParams_.Set("projection", projection)
-	return c
-}
-
-// SourceGeneration sets the optional parameter "sourceGeneration": If
-// present, selects a specific revision of the source object (as opposed
-// to the latest version, the default).
-func (c *ObjectsCopyCall) SourceGeneration(sourceGeneration int64) *ObjectsCopyCall {
-	c.urlParams_.Set("sourceGeneration", fmt.Sprint(sourceGeneration))
-	return c
-}
-
-// UserProject sets the optional parameter "userProject": The project to
-// be billed for this request. Required for Requester Pays buckets.
-func (c *ObjectsCopyCall) UserProject(userProject string) *ObjectsCopyCall {
-	c.urlParams_.Set("userProject", userProject)
-	return c
-}
-
-// Fields allows partial responses to be retrieved. See
-// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
-// for more information.
-func (c *ObjectsCopyCall) Fields(s ...googleapi.Field) *ObjectsCopyCall {
-	c.urlParams_.Set("fields", googleapi.CombineFields(s))
-	return c
-}
-
-// Context sets the context to be used in this call's Do method. Any
-// pending HTTP request will be aborted if the provided context is
-// canceled.
-func (c *ObjectsCopyCall) Context(ctx context.Context) *ObjectsCopyCall {
-	c.ctx_ = ctx
-	return c
-}
-
-// Header returns an http.Header that can be modified by the caller to
-// add HTTP headers to the request.
-func (c *ObjectsCopyCall) Header() http.Header {
-	if c.header_ == nil {
-		c.header_ = make(http.Header)
-	}
-	return c.header_
-}
-
-func (c *ObjectsCopyCall) doRequest(alt string) (*http.Response, error) {
-	reqHeaders := make(http.Header)
-	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
-	for k, v := range c.header_ {
-		reqHeaders[k] = v
-	}
-	reqHeaders.Set("User-Agent", c.s.userAgent())
-	var body io.Reader = nil
-	body, err := googleapi.WithoutDataWrapper.JSONReader(c.object)
-	if err != nil {
-		return nil, err
-	}
-	reqHeaders.Set("Content-Type", "application/json")
-	c.urlParams_.Set("alt", alt)
-	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "b/{sourceBucket}/o/{sourceObject}/copyTo/b/{destinationBucket}/o/{destinationObject}")
-	urls += "?" + c.urlParams_.Encode()
-	req, err := http.NewRequest("POST", urls, body)
-	if err != nil {
-		return nil, err
-	}
-	req.Header = reqHeaders
-	googleapi.Expand(req.URL, map[string]string{
-		"sourceBucket":      c.sourceBucket,
-		"sourceObject":      c.sourceObject,
-		"destinationBucket": c.destinationBucket,
-		"destinationObject": c.destinationObject,
-	})
-	return gensupport.SendRequest(c.ctx_, c.s.client, req)
-}
-
-// Do executes the "storage.objects.copy" call.
-// Exactly one of *Object or error will be non-nil. Any non-2xx status
-// code is an error. Response headers are in either
-// *Object.ServerResponse.Header or (if a response was returned at all)
-// in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to
-// check whether the returned error was because http.StatusNotModified
-// was returned.
-func (c *ObjectsCopyCall) Do(opts ...googleapi.CallOption) (*Object, error) {
-	gensupport.SetOptions(c.urlParams_, opts...)
-	res, err := c.doRequest("json")
-	if res != nil && res.StatusCode == http.StatusNotModified {
-		if res.Body != nil {
-			res.Body.Close()
-		}
-		return nil, gensupport.WrapError(&googleapi.Error{
-			Code:   res.StatusCode,
-			Header: res.Header,
-		})
-	}
-	if err != nil {
-		return nil, err
-	}
-	defer googleapi.CloseBody(res)
-	if err := googleapi.CheckResponse(res); err != nil {
-		return nil, gensupport.WrapError(err)
-	}
-	ret := &Object{
-		ServerResponse: googleapi.ServerResponse{
-			Header:         res.Header,
-			HTTPStatusCode: res.StatusCode,
-		},
-	}
-	target := &ret
-	if err := gensupport.DecodeResponse(target, res); err != nil {
-		return nil, err
-	}
-	return ret, nil
-	// {
-	//   "description": "Copies a source object to a destination object. Optionally overrides metadata.",
-	//   "httpMethod": "POST",
-	//   "id": "storage.objects.copy",
-	//   "parameterOrder": [
-	//     "sourceBucket",
-	//     "sourceObject",
-	//     "destinationBucket",
-	//     "destinationObject"
-	//   ],
-	//   "parameters": {
-	//     "destinationBucket": {
-	//       "description": "Name of the bucket in which to store the new object. Overrides the provided object metadata's bucket value, if any.For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.",
-	//       "location": "path",
-	//       "required": true,
-	//       "type": "string"
-	//     },
-	//     "destinationKmsKeyName": {
-	//       "description": "Resource name of the Cloud KMS key, of the form projects/my-project/locations/global/keyRings/my-kr/cryptoKeys/my-key, that will be used to encrypt the object. Overrides the object metadata's kms_key_name value, if any.",
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "destinationObject": {
-	//       "description": "Name of the new object. Required when the object metadata is not otherwise provided. Overrides the object metadata's name value, if any.",
-	//       "location": "path",
-	//       "required": true,
-	//       "type": "string"
-	//     },
-	//     "destinationPredefinedAcl": {
-	//       "description": "Apply a predefined set of access controls to the destination object.",
-	//       "enum": [
-	//         "authenticatedRead",
-	//         "bucketOwnerFullControl",
-	//         "bucketOwnerRead",
-	//         "private",
-	//         "projectPrivate",
-	//         "publicRead"
-	//       ],
-	//       "enumDescriptions": [
-	//         "Object owner gets OWNER access, and allAuthenticatedUsers get READER access.",
-	//         "Object owner gets OWNER access, and project team owners get OWNER access.",
-	//         "Object owner gets OWNER access, and project team owners get READER access.",
-	//         "Object owner gets OWNER access.",
-	//         "Object owner gets OWNER access, and project team members get access according to their roles.",
-	//         "Object owner gets OWNER access, and allUsers get READER access."
-	//       ],
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "ifGenerationMatch": {
-	//       "description": "Makes the operation conditional on whether the destination object's current generation matches the given value. Setting to 0 makes the operation succeed only if there are no live versions of the object.",
-	//       "format": "int64",
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "ifGenerationNotMatch": {
-	//       "description": "Makes the operation conditional on whether the destination object's current generation does not match the given value. If no live object exists, the precondition fails. Setting to 0 makes the operation succeed only if there is a live version of the object.",
-	//       "format": "int64",
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "ifMetagenerationMatch": {
-	//       "description": "Makes the operation conditional on whether the destination object's current metageneration matches the given value.",
-	//       "format": "int64",
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "ifMetagenerationNotMatch": {
-	//       "description": "Makes the operation conditional on whether the destination object's current metageneration does not match the given value.",
-	//       "format": "int64",
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "ifSourceGenerationMatch": {
-	//       "description": "Makes the operation conditional on whether the source object's current generation matches the given value.",
-	//       "format": "int64",
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "ifSourceGenerationNotMatch": {
-	//       "description": "Makes the operation conditional on whether the source object's current generation does not match the given value.",
-	//       "format": "int64",
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "ifSourceMetagenerationMatch": {
-	//       "description": "Makes the operation conditional on whether the source object's current metageneration matches the given value.",
-	//       "format": "int64",
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "ifSourceMetagenerationNotMatch": {
-	//       "description": "Makes the operation conditional on whether the source object's current metageneration does not match the given value.",
-	//       "format": "int64",
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "projection": {
-	//       "description": "Set of properties to return. Defaults to noAcl, unless the object resource specifies the acl property, when it defaults to full.",
-	//       "enum": [
-	//         "full",
-	//         "noAcl"
-	//       ],
-	//       "enumDescriptions": [
-	//         "Include all properties.",
-	//         "Omit the owner, acl property."
-	//       ],
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "sourceBucket": {
-	//       "description": "Name of the bucket in which to find the source object.",
-	//       "location": "path",
-	//       "required": true,
-	//       "type": "string"
-	//     },
-	//     "sourceGeneration": {
-	//       "description": "If present, selects a specific revision of the source object (as opposed to the latest version, the default).",
-	//       "format": "int64",
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "sourceObject": {
-	//       "description": "Name of the source object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.",
-	//       "location": "path",
-	//       "required": true,
-	//       "type": "string"
-	//     },
-	//     "userProject": {
-	//       "description": "The project to be billed for this request. Required for Requester Pays buckets.",
-	//       "location": "query",
-	//       "type": "string"
-	//     }
-	//   },
-	//   "path": "b/{sourceBucket}/o/{sourceObject}/copyTo/b/{destinationBucket}/o/{destinationObject}",
-	//   "request": {
-	//     "$ref": "Object"
-	//   },
-	//   "response": {
-	//     "$ref": "Object"
-	//   },
-	//   "scopes": [
-	//     "https://www.googleapis.com/auth/cloud-platform",
-	//     "https://www.googleapis.com/auth/devstorage.full_control",
-	//     "https://www.googleapis.com/auth/devstorage.read_write"
-	//   ]
-	// }
-
-}
-
-// method id "storage.objects.delete":
-
-type ObjectsDeleteCall struct {
-	s          *Service
-	bucket     string
-	object     string
-	urlParams_ gensupport.URLParams
-	ctx_       context.Context
-	header_    http.Header
-}
-
-// Delete: Deletes an object and its metadata. Deletions are permanent
-// if versioning is not enabled for the bucket, or if the generation
-// parameter is used.
-//
-//   - bucket: Name of the bucket in which the object resides.
-//   - object: Name of the object. For information about how to URL encode
-//     object names to be path safe, see Encoding URI Path Parts.
-func (r *ObjectsService) Delete(bucket string, object string) *ObjectsDeleteCall {
-	c := &ObjectsDeleteCall{s: r.s, urlParams_: make(gensupport.URLParams)}
-	c.bucket = bucket
-	c.object = object
-	return c
-}
-
-// Generation sets the optional parameter "generation": If present,
-// permanently deletes a specific revision of this object (as opposed to
-// the latest version, the default).
-func (c *ObjectsDeleteCall) Generation(generation int64) *ObjectsDeleteCall {
-	c.urlParams_.Set("generation", fmt.Sprint(generation))
-	return c
-}
-
-// IfGenerationMatch sets the optional parameter "ifGenerationMatch":
-// Makes the operation conditional on whether the object's current
-// generation matches the given value. Setting to 0 makes the operation
-// succeed only if there are no live versions of the object.
-func (c *ObjectsDeleteCall) IfGenerationMatch(ifGenerationMatch int64) *ObjectsDeleteCall {
-	c.urlParams_.Set("ifGenerationMatch", fmt.Sprint(ifGenerationMatch))
-	return c
-}
-
-// IfGenerationNotMatch sets the optional parameter
-// "ifGenerationNotMatch": Makes the operation conditional on whether
-// the object's current generation does not match the given value. If no
-// live object exists, the precondition fails. Setting to 0 makes the
-// operation succeed only if there is a live version of the object.
-func (c *ObjectsDeleteCall) IfGenerationNotMatch(ifGenerationNotMatch int64) *ObjectsDeleteCall {
-	c.urlParams_.Set("ifGenerationNotMatch", fmt.Sprint(ifGenerationNotMatch))
-	return c
-}
-
-// IfMetagenerationMatch sets the optional parameter
-// "ifMetagenerationMatch": Makes the operation conditional on whether
-// the object's current metageneration matches the given value.
-func (c *ObjectsDeleteCall) IfMetagenerationMatch(ifMetagenerationMatch int64) *ObjectsDeleteCall {
-	c.urlParams_.Set("ifMetagenerationMatch", fmt.Sprint(ifMetagenerationMatch))
-	return c
-}
-
-// IfMetagenerationNotMatch sets the optional parameter
-// "ifMetagenerationNotMatch": Makes the operation conditional on
-// whether the object's current metageneration does not match the given
-// value.
-func (c *ObjectsDeleteCall) IfMetagenerationNotMatch(ifMetagenerationNotMatch int64) *ObjectsDeleteCall {
-	c.urlParams_.Set("ifMetagenerationNotMatch", fmt.Sprint(ifMetagenerationNotMatch))
-	return c
-}
-
-// UserProject sets the optional parameter "userProject": The project to
-// be billed for this request. Required for Requester Pays buckets.
-func (c *ObjectsDeleteCall) UserProject(userProject string) *ObjectsDeleteCall {
-	c.urlParams_.Set("userProject", userProject)
-	return c
-}
-
-// Fields allows partial responses to be retrieved. See
-// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
-// for more information.
-func (c *ObjectsDeleteCall) Fields(s ...googleapi.Field) *ObjectsDeleteCall {
-	c.urlParams_.Set("fields", googleapi.CombineFields(s))
-	return c
-}
-
-// Context sets the context to be used in this call's Do method. Any
-// pending HTTP request will be aborted if the provided context is
-// canceled.
-func (c *ObjectsDeleteCall) Context(ctx context.Context) *ObjectsDeleteCall {
-	c.ctx_ = ctx
-	return c
-}
-
-// Header returns an http.Header that can be modified by the caller to
-// add HTTP headers to the request.
-func (c *ObjectsDeleteCall) Header() http.Header {
-	if c.header_ == nil {
-		c.header_ = make(http.Header)
-	}
-	return c.header_
-}
-
-func (c *ObjectsDeleteCall) doRequest(alt string) (*http.Response, error) {
-	reqHeaders := make(http.Header)
-	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
-	for k, v := range c.header_ {
-		reqHeaders[k] = v
-	}
-	reqHeaders.Set("User-Agent", c.s.userAgent())
-	var body io.Reader = nil
-	c.urlParams_.Set("alt", alt)
-	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "b/{bucket}/o/{object}")
-	urls += "?" + c.urlParams_.Encode()
-	req, err := http.NewRequest("DELETE", urls, body)
-	if err != nil {
-		return nil, err
-	}
-	req.Header = reqHeaders
-	googleapi.Expand(req.URL, map[string]string{
-		"bucket": c.bucket,
-		"object": c.object,
-	})
-	return gensupport.SendRequest(c.ctx_, c.s.client, req)
-}
-
-// Do executes the "storage.objects.delete" call.
-func (c *ObjectsDeleteCall) Do(opts ...googleapi.CallOption) error {
-	gensupport.SetOptions(c.urlParams_, opts...)
-	res, err := c.doRequest("json")
-	if err != nil {
-		return err
-	}
-	defer googleapi.CloseBody(res)
-	if err := googleapi.CheckResponse(res); err != nil {
-		return gensupport.WrapError(err)
-	}
-	return nil
-	// {
-	//   "description": "Deletes an object and its metadata. Deletions are permanent if versioning is not enabled for the bucket, or if the generation parameter is used.",
-	//   "httpMethod": "DELETE",
-	//   "id": "storage.objects.delete",
-	//   "parameterOrder": [
-	//     "bucket",
-	//     "object"
-	//   ],
-	//   "parameters": {
-	//     "bucket": {
-	//       "description": "Name of the bucket in which the object resides.",
-	//       "location": "path",
-	//       "required": true,
-	//       "type": "string"
-	//     },
-	//     "generation": {
-	//       "description": "If present, permanently deletes a specific revision of this object (as opposed to the latest version, the default).",
-	//       "format": "int64",
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "ifGenerationMatch": {
-	//       "description": "Makes the operation conditional on whether the object's current generation matches the given value. Setting to 0 makes the operation succeed only if there are no live versions of the object.",
-	//       "format": "int64",
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "ifGenerationNotMatch": {
-	//       "description": "Makes the operation conditional on whether the object's current generation does not match the given value. If no live object exists, the precondition fails. Setting to 0 makes the operation succeed only if there is a live version of the object.",
-	//       "format": "int64",
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "ifMetagenerationMatch": {
-	//       "description": "Makes the operation conditional on whether the object's current metageneration matches the given value.",
-	//       "format": "int64",
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "ifMetagenerationNotMatch": {
-	//       "description": "Makes the operation conditional on whether the object's current metageneration does not match the given value.",
-	//       "format": "int64",
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "object": {
-	//       "description": "Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.",
-	//       "location": "path",
-	//       "required": true,
-	//       "type": "string"
-	//     },
-	//     "userProject": {
-	//       "description": "The project to be billed for this request. Required for Requester Pays buckets.",
-	//       "location": "query",
-	//       "type": "string"
-	//     }
-	//   },
-	//   "path": "b/{bucket}/o/{object}",
-	//   "scopes": [
-	//     "https://www.googleapis.com/auth/cloud-platform",
-	//     "https://www.googleapis.com/auth/devstorage.full_control",
-	//     "https://www.googleapis.com/auth/devstorage.read_write"
-	//   ]
-	// }
-
-}
-
-// method id "storage.objects.get":
-
-type ObjectsGetCall struct {
-	s            *Service
-	bucket       string
-	object       string
-	urlParams_   gensupport.URLParams
-	ifNoneMatch_ string
-	ctx_         context.Context
-	header_      http.Header
-}
-
-// Get: Retrieves an object or its metadata.
-//
-//   - bucket: Name of the bucket in which the object resides.
-//   - object: Name of the object. For information about how to URL encode
-//     object names to be path safe, see Encoding URI Path Parts.
-func (r *ObjectsService) Get(bucket string, object string) *ObjectsGetCall {
-	c := &ObjectsGetCall{s: r.s, urlParams_: make(gensupport.URLParams)}
-	c.bucket = bucket
-	c.object = object
-	return c
-}
-
-// Generation sets the optional parameter "generation": If present,
-// selects a specific revision of this object (as opposed to the latest
-// version, the default).
-func (c *ObjectsGetCall) Generation(generation int64) *ObjectsGetCall {
-	c.urlParams_.Set("generation", fmt.Sprint(generation))
-	return c
-}
-
-// IfGenerationMatch sets the optional parameter "ifGenerationMatch":
-// Makes the operation conditional on whether the object's current
-// generation matches the given value. Setting to 0 makes the operation
-// succeed only if there are no live versions of the object.
-func (c *ObjectsGetCall) IfGenerationMatch(ifGenerationMatch int64) *ObjectsGetCall {
-	c.urlParams_.Set("ifGenerationMatch", fmt.Sprint(ifGenerationMatch))
-	return c
-}
-
-// IfGenerationNotMatch sets the optional parameter
-// "ifGenerationNotMatch": Makes the operation conditional on whether
-// the object's current generation does not match the given value. If no
-// live object exists, the precondition fails. Setting to 0 makes the
-// operation succeed only if there is a live version of the object.
-func (c *ObjectsGetCall) IfGenerationNotMatch(ifGenerationNotMatch int64) *ObjectsGetCall {
-	c.urlParams_.Set("ifGenerationNotMatch", fmt.Sprint(ifGenerationNotMatch))
-	return c
-}
-
-// IfMetagenerationMatch sets the optional parameter
-// "ifMetagenerationMatch": Makes the operation conditional on whether
-// the object's current metageneration matches the given value.
-func (c *ObjectsGetCall) IfMetagenerationMatch(ifMetagenerationMatch int64) *ObjectsGetCall {
-	c.urlParams_.Set("ifMetagenerationMatch", fmt.Sprint(ifMetagenerationMatch))
-	return c
-}
-
-// IfMetagenerationNotMatch sets the optional parameter
-// "ifMetagenerationNotMatch": Makes the operation conditional on
-// whether the object's current metageneration does not match the given
-// value.
-func (c *ObjectsGetCall) IfMetagenerationNotMatch(ifMetagenerationNotMatch int64) *ObjectsGetCall {
-	c.urlParams_.Set("ifMetagenerationNotMatch", fmt.Sprint(ifMetagenerationNotMatch))
-	return c
-}
-
-// Projection sets the optional parameter "projection": Set of
-// properties to return. Defaults to noAcl.
-//
-// Possible values:
-//
-//	"full" - Include all properties.
-//	"noAcl" - Omit the owner, acl property.
-func (c *ObjectsGetCall) Projection(projection string) *ObjectsGetCall {
-	c.urlParams_.Set("projection", projection)
-	return c
-}
-
-// UserProject sets the optional parameter "userProject": The project to
-// be billed for this request. Required for Requester Pays buckets.
-func (c *ObjectsGetCall) UserProject(userProject string) *ObjectsGetCall {
-	c.urlParams_.Set("userProject", userProject)
-	return c
-}
-
-// Fields allows partial responses to be retrieved. See
-// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
-// for more information.
-func (c *ObjectsGetCall) Fields(s ...googleapi.Field) *ObjectsGetCall {
-	c.urlParams_.Set("fields", googleapi.CombineFields(s))
-	return c
-}
-
-// IfNoneMatch sets the optional parameter which makes the operation
-// fail if the object's ETag matches the given value. This is useful for
-// getting updates only after the object has changed since the last
-// request. Use googleapi.IsNotModified to check whether the response
-// error from Do is the result of In-None-Match.
-func (c *ObjectsGetCall) IfNoneMatch(entityTag string) *ObjectsGetCall {
-	c.ifNoneMatch_ = entityTag
-	return c
-}
-
-// Context sets the context to be used in this call's Do and Download
-// methods. Any pending HTTP request will be aborted if the provided
-// context is canceled.
-func (c *ObjectsGetCall) Context(ctx context.Context) *ObjectsGetCall {
-	c.ctx_ = ctx
-	return c
-}
-
-// Header returns an http.Header that can be modified by the caller to
-// add HTTP headers to the request.
-func (c *ObjectsGetCall) Header() http.Header {
-	if c.header_ == nil {
-		c.header_ = make(http.Header)
-	}
-	return c.header_
-}
-
-func (c *ObjectsGetCall) doRequest(alt string) (*http.Response, error) {
-	reqHeaders := make(http.Header)
-	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
-	for k, v := range c.header_ {
-		reqHeaders[k] = v
-	}
-	reqHeaders.Set("User-Agent", c.s.userAgent())
-	if c.ifNoneMatch_ != "" {
-		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
-	}
-	var body io.Reader = nil
-	c.urlParams_.Set("alt", alt)
-	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "b/{bucket}/o/{object}")
-	urls += "?" + c.urlParams_.Encode()
-	req, err := http.NewRequest("GET", urls, body)
-	if err != nil {
-		return nil, err
-	}
-	req.Header = reqHeaders
-	googleapi.Expand(req.URL, map[string]string{
-		"bucket": c.bucket,
-		"object": c.object,
-	})
-	return gensupport.SendRequest(c.ctx_, c.s.client, req)
-}
-
-// Download fetches the API endpoint's "media" value, instead of the normal
-// API response value. If the returned error is nil, the Response is guaranteed to
-// have a 2xx status code. Callers must close the Response.Body as usual.
-func (c *ObjectsGetCall) Download(opts ...googleapi.CallOption) (*http.Response, error) {
-	gensupport.SetOptions(c.urlParams_, opts...)
-	res, err := c.doRequest("media")
-	if err != nil {
-		return nil, err
-	}
-	if err := googleapi.CheckMediaResponse(res); err != nil {
-		res.Body.Close()
-		return nil, gensupport.WrapError(err)
-	}
-	return res, nil
-}
-
-// Do executes the "storage.objects.get" call.
-// Exactly one of *Object or error will be non-nil. Any non-2xx status
-// code is an error. Response headers are in either
-// *Object.ServerResponse.Header or (if a response was returned at all)
-// in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to
-// check whether the returned error was because http.StatusNotModified
-// was returned.
-func (c *ObjectsGetCall) Do(opts ...googleapi.CallOption) (*Object, error) {
-	gensupport.SetOptions(c.urlParams_, opts...)
-	res, err := c.doRequest("json")
-	if res != nil && res.StatusCode == http.StatusNotModified {
-		if res.Body != nil {
-			res.Body.Close()
-		}
-		return nil, gensupport.WrapError(&googleapi.Error{
-			Code:   res.StatusCode,
-			Header: res.Header,
-		})
-	}
-	if err != nil {
-		return nil, err
-	}
-	defer googleapi.CloseBody(res)
-	if err := googleapi.CheckResponse(res); err != nil {
-		return nil, gensupport.WrapError(err)
-	}
-	ret := &Object{
-		ServerResponse: googleapi.ServerResponse{
-			Header:         res.Header,
-			HTTPStatusCode: res.StatusCode,
-		},
-	}
-	target := &ret
-	if err := gensupport.DecodeResponse(target, res); err != nil {
-		return nil, err
-	}
-	return ret, nil
-	// {
-	//   "description": "Retrieves an object or its metadata.",
-	//   "httpMethod": "GET",
-	//   "id": "storage.objects.get",
-	//   "parameterOrder": [
-	//     "bucket",
-	//     "object"
-	//   ],
-	//   "parameters": {
-	//     "bucket": {
-	//       "description": "Name of the bucket in which the object resides.",
-	//       "location": "path",
-	//       "required": true,
-	//       "type": "string"
-	//     },
-	//     "generation": {
-	//       "description": "If present, selects a specific revision of this object (as opposed to the latest version, the default).",
-	//       "format": "int64",
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "ifGenerationMatch": {
-	//       "description": "Makes the operation conditional on whether the object's current generation matches the given value. Setting to 0 makes the operation succeed only if there are no live versions of the object.",
-	//       "format": "int64",
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "ifGenerationNotMatch": {
-	//       "description": "Makes the operation conditional on whether the object's current generation does not match the given value. If no live object exists, the precondition fails. Setting to 0 makes the operation succeed only if there is a live version of the object.",
-	//       "format": "int64",
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "ifMetagenerationMatch": {
-	//       "description": "Makes the operation conditional on whether the object's current metageneration matches the given value.",
-	//       "format": "int64",
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "ifMetagenerationNotMatch": {
-	//       "description": "Makes the operation conditional on whether the object's current metageneration does not match the given value.",
-	//       "format": "int64",
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "object": {
-	//       "description": "Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.",
-	//       "location": "path",
-	//       "required": true,
-	//       "type": "string"
-	//     },
-	//     "projection": {
-	//       "description": "Set of properties to return. Defaults to noAcl.",
-	//       "enum": [
-	//         "full",
-	//         "noAcl"
-	//       ],
-	//       "enumDescriptions": [
-	//         "Include all properties.",
-	//         "Omit the owner, acl property."
-	//       ],
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "userProject": {
-	//       "description": "The project to be billed for this request. Required for Requester Pays buckets.",
-	//       "location": "query",
-	//       "type": "string"
-	//     }
-	//   },
-	//   "path": "b/{bucket}/o/{object}",
-	//   "response": {
-	//     "$ref": "Object"
-	//   },
-	//   "scopes": [
-	//     "https://www.googleapis.com/auth/cloud-platform",
-	//     "https://www.googleapis.com/auth/cloud-platform.read-only",
-	//     "https://www.googleapis.com/auth/devstorage.full_control",
-	//     "https://www.googleapis.com/auth/devstorage.read_only",
-	//     "https://www.googleapis.com/auth/devstorage.read_write"
-	//   ],
-	//   "supportsMediaDownload": true,
-	//   "useMediaDownloadService": true
-	// }
-
-}
-
-// method id "storage.objects.getIamPolicy":
-
-type ObjectsGetIamPolicyCall struct {
-	s            *Service
-	bucket       string
-	object       string
-	urlParams_   gensupport.URLParams
-	ifNoneMatch_ string
-	ctx_         context.Context
-	header_      http.Header
-}
-
-// GetIamPolicy: Returns an IAM policy for the specified object.
-//
-//   - bucket: Name of the bucket in which the object resides.
-//   - object: Name of the object. For information about how to URL encode
-//     object names to be path safe, see Encoding URI Path Parts.
-func (r *ObjectsService) GetIamPolicy(bucket string, object string) *ObjectsGetIamPolicyCall {
-	c := &ObjectsGetIamPolicyCall{s: r.s, urlParams_: make(gensupport.URLParams)}
-	c.bucket = bucket
-	c.object = object
-	return c
-}
-
-// Generation sets the optional parameter "generation": If present,
-// selects a specific revision of this object (as opposed to the latest
-// version, the default).
-func (c *ObjectsGetIamPolicyCall) Generation(generation int64) *ObjectsGetIamPolicyCall {
-	c.urlParams_.Set("generation", fmt.Sprint(generation))
-	return c
-}
-
-// UserProject sets the optional parameter "userProject": The project to
-// be billed for this request. Required for Requester Pays buckets.
-func (c *ObjectsGetIamPolicyCall) UserProject(userProject string) *ObjectsGetIamPolicyCall {
-	c.urlParams_.Set("userProject", userProject)
-	return c
-}
-
-// Fields allows partial responses to be retrieved. See
-// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
-// for more information.
-func (c *ObjectsGetIamPolicyCall) Fields(s ...googleapi.Field) *ObjectsGetIamPolicyCall {
-	c.urlParams_.Set("fields", googleapi.CombineFields(s))
-	return c
-}
-
-// IfNoneMatch sets the optional parameter which makes the operation
-// fail if the object's ETag matches the given value. This is useful for
-// getting updates only after the object has changed since the last
-// request. Use googleapi.IsNotModified to check whether the response
-// error from Do is the result of In-None-Match.
-func (c *ObjectsGetIamPolicyCall) IfNoneMatch(entityTag string) *ObjectsGetIamPolicyCall {
-	c.ifNoneMatch_ = entityTag
-	return c
-}
-
-// Context sets the context to be used in this call's Do method. Any
-// pending HTTP request will be aborted if the provided context is
-// canceled.
-func (c *ObjectsGetIamPolicyCall) Context(ctx context.Context) *ObjectsGetIamPolicyCall {
-	c.ctx_ = ctx
-	return c
-}
-
-// Header returns an http.Header that can be modified by the caller to
-// add HTTP headers to the request.
-func (c *ObjectsGetIamPolicyCall) Header() http.Header {
-	if c.header_ == nil {
-		c.header_ = make(http.Header)
-	}
-	return c.header_
-}
-
-func (c *ObjectsGetIamPolicyCall) doRequest(alt string) (*http.Response, error) {
-	reqHeaders := make(http.Header)
-	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
-	for k, v := range c.header_ {
-		reqHeaders[k] = v
-	}
-	reqHeaders.Set("User-Agent", c.s.userAgent())
-	if c.ifNoneMatch_ != "" {
-		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
-	}
-	var body io.Reader = nil
-	c.urlParams_.Set("alt", alt)
-	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "b/{bucket}/o/{object}/iam")
-	urls += "?" + c.urlParams_.Encode()
-	req, err := http.NewRequest("GET", urls, body)
-	if err != nil {
-		return nil, err
-	}
-	req.Header = reqHeaders
-	googleapi.Expand(req.URL, map[string]string{
-		"bucket": c.bucket,
-		"object": c.object,
-	})
-	return gensupport.SendRequest(c.ctx_, c.s.client, req)
-}
-
-// Do executes the "storage.objects.getIamPolicy" call.
-// Exactly one of *Policy or error will be non-nil. Any non-2xx status
-// code is an error. Response headers are in either
-// *Policy.ServerResponse.Header or (if a response was returned at all)
-// in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to
-// check whether the returned error was because http.StatusNotModified
-// was returned.
-func (c *ObjectsGetIamPolicyCall) Do(opts ...googleapi.CallOption) (*Policy, error) {
-	gensupport.SetOptions(c.urlParams_, opts...)
-	res, err := c.doRequest("json")
-	if res != nil && res.StatusCode == http.StatusNotModified {
-		if res.Body != nil {
-			res.Body.Close()
-		}
-		return nil, gensupport.WrapError(&googleapi.Error{
-			Code:   res.StatusCode,
-			Header: res.Header,
-		})
-	}
-	if err != nil {
-		return nil, err
-	}
-	defer googleapi.CloseBody(res)
-	if err := googleapi.CheckResponse(res); err != nil {
-		return nil, gensupport.WrapError(err)
-	}
-	ret := &Policy{
-		ServerResponse: googleapi.ServerResponse{
-			Header:         res.Header,
-			HTTPStatusCode: res.StatusCode,
-		},
-	}
-	target := &ret
-	if err := gensupport.DecodeResponse(target, res); err != nil {
-		return nil, err
-	}
-	return ret, nil
-	// {
-	//   "description": "Returns an IAM policy for the specified object.",
-	//   "httpMethod": "GET",
-	//   "id": "storage.objects.getIamPolicy",
-	//   "parameterOrder": [
-	//     "bucket",
-	//     "object"
-	//   ],
-	//   "parameters": {
-	//     "bucket": {
-	//       "description": "Name of the bucket in which the object resides.",
-	//       "location": "path",
-	//       "required": true,
-	//       "type": "string"
-	//     },
-	//     "generation": {
-	//       "description": "If present, selects a specific revision of this object (as opposed to the latest version, the default).",
-	//       "format": "int64",
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "object": {
-	//       "description": "Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.",
-	//       "location": "path",
-	//       "required": true,
-	//       "type": "string"
-	//     },
-	//     "userProject": {
-	//       "description": "The project to be billed for this request. Required for Requester Pays buckets.",
-	//       "location": "query",
-	//       "type": "string"
-	//     }
-	//   },
-	//   "path": "b/{bucket}/o/{object}/iam",
-	//   "response": {
-	//     "$ref": "Policy"
-	//   },
-	//   "scopes": [
-	//     "https://www.googleapis.com/auth/cloud-platform",
-	//     "https://www.googleapis.com/auth/cloud-platform.read-only",
-	//     "https://www.googleapis.com/auth/devstorage.full_control",
-	//     "https://www.googleapis.com/auth/devstorage.read_only",
-	//     "https://www.googleapis.com/auth/devstorage.read_write"
-	//   ]
-	// }
-
-}
-
-// method id "storage.objects.insert":
-
-type ObjectsInsertCall struct {
-	s          *Service
-	bucket     string
-	object     *Object
-	urlParams_ gensupport.URLParams
-	mediaInfo_ *gensupport.MediaInfo
-	retry      *gensupport.RetryConfig
-	ctx_       context.Context
-	header_    http.Header
-}
-
-// Insert: Stores a new object and metadata.
-//
-//   - bucket: Name of the bucket in which to store the new object.
-//     Overrides the provided object metadata's bucket value, if any.
-func (r *ObjectsService) Insert(bucket string, object *Object) *ObjectsInsertCall {
-	c := &ObjectsInsertCall{s: r.s, urlParams_: make(gensupport.URLParams)}
-	c.bucket = bucket
-	c.object = object
-	return c
-}
-
-// ContentEncoding sets the optional parameter "contentEncoding": If
-// set, sets the contentEncoding property of the final object to this
-// value. Setting this parameter is equivalent to setting the
-// contentEncoding metadata property. This can be useful when uploading
-// an object with uploadType=media to indicate the encoding of the
-// content being uploaded.
-func (c *ObjectsInsertCall) ContentEncoding(contentEncoding string) *ObjectsInsertCall {
-	c.urlParams_.Set("contentEncoding", contentEncoding)
-	return c
-}
-
-// IfGenerationMatch sets the optional parameter "ifGenerationMatch":
-// Makes the operation conditional on whether the object's current
-// generation matches the given value. Setting to 0 makes the operation
-// succeed only if there are no live versions of the object.
-func (c *ObjectsInsertCall) IfGenerationMatch(ifGenerationMatch int64) *ObjectsInsertCall {
-	c.urlParams_.Set("ifGenerationMatch", fmt.Sprint(ifGenerationMatch))
-	return c
-}
-
-// IfGenerationNotMatch sets the optional parameter
-// "ifGenerationNotMatch": Makes the operation conditional on whether
-// the object's current generation does not match the given value. If no
-// live object exists, the precondition fails. Setting to 0 makes the
-// operation succeed only if there is a live version of the object.
-func (c *ObjectsInsertCall) IfGenerationNotMatch(ifGenerationNotMatch int64) *ObjectsInsertCall {
-	c.urlParams_.Set("ifGenerationNotMatch", fmt.Sprint(ifGenerationNotMatch))
-	return c
-}
-
-// IfMetagenerationMatch sets the optional parameter
-// "ifMetagenerationMatch": Makes the operation conditional on whether
-// the object's current metageneration matches the given value.
-func (c *ObjectsInsertCall) IfMetagenerationMatch(ifMetagenerationMatch int64) *ObjectsInsertCall {
-	c.urlParams_.Set("ifMetagenerationMatch", fmt.Sprint(ifMetagenerationMatch))
-	return c
-}
-
-// IfMetagenerationNotMatch sets the optional parameter
-// "ifMetagenerationNotMatch": Makes the operation conditional on
-// whether the object's current metageneration does not match the given
-// value.
-func (c *ObjectsInsertCall) IfMetagenerationNotMatch(ifMetagenerationNotMatch int64) *ObjectsInsertCall {
-	c.urlParams_.Set("ifMetagenerationNotMatch", fmt.Sprint(ifMetagenerationNotMatch))
-	return c
-}
-
-// KmsKeyName sets the optional parameter "kmsKeyName": Resource name of
-// the Cloud KMS key, of the form
-// projects/my-project/locations/global/keyRings/my-kr/cryptoKeys/my-key,
-//
-//	that will be used to encrypt the object. Overrides the object
-//
-// metadata's kms_key_name value, if any.
-func (c *ObjectsInsertCall) KmsKeyName(kmsKeyName string) *ObjectsInsertCall {
-	c.urlParams_.Set("kmsKeyName", kmsKeyName)
-	return c
-}
-
-// Name sets the optional parameter "name": Name of the object. Required
-// when the object metadata is not otherwise provided. Overrides the
-// object metadata's name value, if any. For information about how to
-// URL encode object names to be path safe, see Encoding URI Path Parts.
-func (c *ObjectsInsertCall) Name(name string) *ObjectsInsertCall {
-	c.urlParams_.Set("name", name)
-	return c
-}
-
-// PredefinedAcl sets the optional parameter "predefinedAcl": Apply a
-// predefined set of access controls to this object.
-//
-// Possible values:
-//
-//	"authenticatedRead" - Object owner gets OWNER access, and
-//
-// allAuthenticatedUsers get READER access.
-//
-//	"bucketOwnerFullControl" - Object owner gets OWNER access, and
-//
-// project team owners get OWNER access.
-//
-//	"bucketOwnerRead" - Object owner gets OWNER access, and project
-//
-// team owners get READER access.
-//
-//	"private" - Object owner gets OWNER access.
-//	"projectPrivate" - Object owner gets OWNER access, and project team
-//
-// members get access according to their roles.
-//
-//	"publicRead" - Object owner gets OWNER access, and allUsers get
-//
-// READER access.
-func (c *ObjectsInsertCall) PredefinedAcl(predefinedAcl string) *ObjectsInsertCall {
-	c.urlParams_.Set("predefinedAcl", predefinedAcl)
-	return c
-}
-
-// Projection sets the optional parameter "projection": Set of
-// properties to return. Defaults to noAcl, unless the object resource
-// specifies the acl property, when it defaults to full.
-//
-// Possible values:
-//
-//	"full" - Include all properties.
-//	"noAcl" - Omit the owner, acl property.
-func (c *ObjectsInsertCall) Projection(projection string) *ObjectsInsertCall {
-	c.urlParams_.Set("projection", projection)
-	return c
-}
-
-// UserProject sets the optional parameter "userProject": The project to
-// be billed for this request. Required for Requester Pays buckets.
-func (c *ObjectsInsertCall) UserProject(userProject string) *ObjectsInsertCall {
-	c.urlParams_.Set("userProject", userProject)
-	return c
-}
-
-// Media specifies the media to upload in one or more chunks. The chunk
-// size may be controlled by supplying a MediaOption generated by
-// googleapi.ChunkSize. The chunk size defaults to
-// googleapi.DefaultUploadChunkSize.The Content-Type header used in the
-// upload request will be determined by sniffing the contents of r,
-// unless a MediaOption generated by googleapi.ContentType is
-// supplied.
-// At most one of Media and ResumableMedia may be set.
-func (c *ObjectsInsertCall) Media(r io.Reader, options ...googleapi.MediaOption) *ObjectsInsertCall {
-	if ct := c.object.ContentType; ct != "" {
-		options = append([]googleapi.MediaOption{googleapi.ContentType(ct)}, options...)
-	}
-	c.mediaInfo_ = gensupport.NewInfoFromMedia(r, options)
-	return c
-}
-
-// ResumableMedia specifies the media to upload in chunks and can be
-// canceled with ctx.
-//
-// Deprecated: use Media instead.
-//
-// At most one of Media and ResumableMedia may be set. mediaType
-// identifies the MIME media type of the upload, such as "image/png". If
-// mediaType is "", it will be auto-detected. The provided ctx will
-// supersede any context previously provided to the Context method.
-func (c *ObjectsInsertCall) ResumableMedia(ctx context.Context, r io.ReaderAt, size int64, mediaType string) *ObjectsInsertCall {
-	c.ctx_ = ctx
-	c.mediaInfo_ = gensupport.NewInfoFromResumableMedia(r, size, mediaType)
-	return c
-}
-
-// ProgressUpdater provides a callback function that will be called
-// after every chunk. It should be a low-latency function in order to
-// not slow down the upload operation. This should only be called when
-// using ResumableMedia (as opposed to Media).
-func (c *ObjectsInsertCall) ProgressUpdater(pu googleapi.ProgressUpdater) *ObjectsInsertCall {
-	c.mediaInfo_.SetProgressUpdater(pu)
-	return c
-}
-
-// WithRetry causes the library to retry the initial request of the
-// upload(for resumable uploads) or the entire upload (for multipart
-// uploads) ifa transient error occurs. This is contingent on ChunkSize
-// being > 0 (sothat the input data may be buffered). The backoff
-// argument will be used todetermine exponential backoff timing, and the
-// errorFunc is used to determinewhich errors are considered retryable.
-// By default, exponetial backoff will beapplied using gax defaults, and
-// the following errors are retried:
-//
-// - HTTP responses with codes 408, 429, 502, 503, and 504.
-//
-// - Transient network errors such as connection reset and
-// io.ErrUnexpectedEOF.
-//
-// - Errors which are considered transient using the Temporary()
-// interface.
-//
-// - Wrapped versions of these errors.
-func (c *ObjectsInsertCall) WithRetry(bo *gax.Backoff, errorFunc func(err error) bool) *ObjectsInsertCall {
-	c.retry = &gensupport.RetryConfig{
-		Backoff:     bo,
-		ShouldRetry: errorFunc,
-	}
-	return c
-}
-
-// Fields allows partial responses to be retrieved. See
-// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
-// for more information.
-func (c *ObjectsInsertCall) Fields(s ...googleapi.Field) *ObjectsInsertCall {
-	c.urlParams_.Set("fields", googleapi.CombineFields(s))
-	return c
-}
-
-// Context sets the context to be used in this call's Do method. Any
-// pending HTTP request will be aborted if the provided context is
-// canceled.
-// This context will supersede any context previously provided to the
-// ResumableMedia method.
-func (c *ObjectsInsertCall) Context(ctx context.Context) *ObjectsInsertCall {
-	c.ctx_ = ctx
-	return c
-}
-
-// Header returns an http.Header that can be modified by the caller to
-// add HTTP headers to the request.
-func (c *ObjectsInsertCall) Header() http.Header {
-	if c.header_ == nil {
-		c.header_ = make(http.Header)
-	}
-	return c.header_
-}
-
-func (c *ObjectsInsertCall) doRequest(alt string) (*http.Response, error) {
-	reqHeaders := make(http.Header)
-	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
-	for k, v := range c.header_ {
-		reqHeaders[k] = v
-	}
-	reqHeaders.Set("User-Agent", c.s.userAgent())
-	var body io.Reader = nil
-	body, err := googleapi.WithoutDataWrapper.JSONReader(c.object)
-	if err != nil {
-		return nil, err
-	}
-	reqHeaders.Set("Content-Type", "application/json")
-	c.urlParams_.Set("alt", alt)
-	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "b/{bucket}/o")
-	if c.mediaInfo_ != nil {
-		urls = googleapi.ResolveRelative(c.s.BasePath, "/upload/storage/v1/b/{bucket}/o")
-		c.urlParams_.Set("uploadType", c.mediaInfo_.UploadType())
-	}
-	if body == nil {
-		body = new(bytes.Buffer)
-		reqHeaders.Set("Content-Type", "application/json")
-	}
-	body, getBody, cleanup := c.mediaInfo_.UploadRequest(reqHeaders, body)
-	defer cleanup()
-	urls += "?" + c.urlParams_.Encode()
-	req, err := http.NewRequest("POST", urls, body)
-	if err != nil {
-		return nil, err
-	}
-	req.Header = reqHeaders
-	req.GetBody = getBody
-	googleapi.Expand(req.URL, map[string]string{
-		"bucket": c.bucket,
-	})
-	if c.retry != nil {
-		return gensupport.SendRequestWithRetry(c.ctx_, c.s.client, req, c.retry)
-	}
-	return gensupport.SendRequest(c.ctx_, c.s.client, req)
-}
-
-// Do executes the "storage.objects.insert" call.
-// Exactly one of *Object or error will be non-nil. Any non-2xx status
-// code is an error. Response headers are in either
-// *Object.ServerResponse.Header or (if a response was returned at all)
-// in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to
-// check whether the returned error was because http.StatusNotModified
-// was returned.
-func (c *ObjectsInsertCall) Do(opts ...googleapi.CallOption) (*Object, error) {
-	gensupport.SetOptions(c.urlParams_, opts...)
-	res, err := c.doRequest("json")
-	if res != nil && res.StatusCode == http.StatusNotModified {
-		if res.Body != nil {
-			res.Body.Close()
-		}
-		return nil, gensupport.WrapError(&googleapi.Error{
-			Code:   res.StatusCode,
-			Header: res.Header,
-		})
-	}
-	if err != nil {
-		return nil, err
-	}
-	defer googleapi.CloseBody(res)
-	if err := googleapi.CheckResponse(res); err != nil {
-		return nil, gensupport.WrapError(err)
-	}
-	rx := c.mediaInfo_.ResumableUpload(res.Header.Get("Location"))
-	if rx != nil {
-		rx.Client = c.s.client
-		rx.UserAgent = c.s.userAgent()
-		rx.Retry = c.retry
-		ctx := c.ctx_
-		if ctx == nil {
-			ctx = context.TODO()
-		}
-		res, err = rx.Upload(ctx)
-		if err != nil {
-			return nil, err
-		}
-		defer res.Body.Close()
-		if err := googleapi.CheckResponse(res); err != nil {
-			return nil, gensupport.WrapError(err)
-		}
-	}
-	ret := &Object{
-		ServerResponse: googleapi.ServerResponse{
-			Header:         res.Header,
-			HTTPStatusCode: res.StatusCode,
-		},
-	}
-	target := &ret
-	if err := gensupport.DecodeResponse(target, res); err != nil {
-		return nil, err
-	}
-	return ret, nil
-	// {
-	//   "description": "Stores a new object and metadata.",
-	//   "httpMethod": "POST",
-	//   "id": "storage.objects.insert",
-	//   "mediaUpload": {
-	//     "accept": [
-	//       "*/*"
-	//     ],
-	//     "protocols": {
-	//       "resumable": {
-	//         "multipart": true,
-	//         "path": "/resumable/upload/storage/v1/b/{bucket}/o"
-	//       },
-	//       "simple": {
-	//         "multipart": true,
-	//         "path": "/upload/storage/v1/b/{bucket}/o"
-	//       }
-	//     }
-	//   },
-	//   "parameterOrder": [
-	//     "bucket"
-	//   ],
-	//   "parameters": {
-	//     "bucket": {
-	//       "description": "Name of the bucket in which to store the new object. Overrides the provided object metadata's bucket value, if any.",
-	//       "location": "path",
-	//       "required": true,
-	//       "type": "string"
-	//     },
-	//     "contentEncoding": {
-	//       "description": "If set, sets the contentEncoding property of the final object to this value. Setting this parameter is equivalent to setting the contentEncoding metadata property. This can be useful when uploading an object with uploadType=media to indicate the encoding of the content being uploaded.",
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "ifGenerationMatch": {
-	//       "description": "Makes the operation conditional on whether the object's current generation matches the given value. Setting to 0 makes the operation succeed only if there are no live versions of the object.",
-	//       "format": "int64",
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "ifGenerationNotMatch": {
-	//       "description": "Makes the operation conditional on whether the object's current generation does not match the given value. If no live object exists, the precondition fails. Setting to 0 makes the operation succeed only if there is a live version of the object.",
-	//       "format": "int64",
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "ifMetagenerationMatch": {
-	//       "description": "Makes the operation conditional on whether the object's current metageneration matches the given value.",
-	//       "format": "int64",
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "ifMetagenerationNotMatch": {
-	//       "description": "Makes the operation conditional on whether the object's current metageneration does not match the given value.",
-	//       "format": "int64",
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "kmsKeyName": {
-	//       "description": "Resource name of the Cloud KMS key, of the form projects/my-project/locations/global/keyRings/my-kr/cryptoKeys/my-key, that will be used to encrypt the object. Overrides the object metadata's kms_key_name value, if any.",
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "name": {
-	//       "description": "Name of the object. Required when the object metadata is not otherwise provided. Overrides the object metadata's name value, if any. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.",
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "predefinedAcl": {
-	//       "description": "Apply a predefined set of access controls to this object.",
-	//       "enum": [
-	//         "authenticatedRead",
-	//         "bucketOwnerFullControl",
-	//         "bucketOwnerRead",
-	//         "private",
-	//         "projectPrivate",
-	//         "publicRead"
-	//       ],
-	//       "enumDescriptions": [
-	//         "Object owner gets OWNER access, and allAuthenticatedUsers get READER access.",
-	//         "Object owner gets OWNER access, and project team owners get OWNER access.",
-	//         "Object owner gets OWNER access, and project team owners get READER access.",
-	//         "Object owner gets OWNER access.",
-	//         "Object owner gets OWNER access, and project team members get access according to their roles.",
-	//         "Object owner gets OWNER access, and allUsers get READER access."
-	//       ],
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "projection": {
-	//       "description": "Set of properties to return. Defaults to noAcl, unless the object resource specifies the acl property, when it defaults to full.",
-	//       "enum": [
-	//         "full",
-	//         "noAcl"
-	//       ],
-	//       "enumDescriptions": [
-	//         "Include all properties.",
-	//         "Omit the owner, acl property."
-	//       ],
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "userProject": {
-	//       "description": "The project to be billed for this request. Required for Requester Pays buckets.",
-	//       "location": "query",
-	//       "type": "string"
-	//     }
-	//   },
-	//   "path": "b/{bucket}/o",
-	//   "request": {
-	//     "$ref": "Object"
-	//   },
-	//   "response": {
-	//     "$ref": "Object"
-	//   },
-	//   "scopes": [
-	//     "https://www.googleapis.com/auth/cloud-platform",
-	//     "https://www.googleapis.com/auth/devstorage.full_control",
-	//     "https://www.googleapis.com/auth/devstorage.read_write"
-	//   ],
-	//   "supportsMediaUpload": true
-	// }
-
-}
-
-// method id "storage.objects.list":
-
-type ObjectsListCall struct {
-	s            *Service
-	bucket       string
-	urlParams_   gensupport.URLParams
-	ifNoneMatch_ string
-	ctx_         context.Context
-	header_      http.Header
-}
-
-// List: Retrieves a list of objects matching the criteria.
-//
-// - bucket: Name of the bucket in which to look for objects.
-func (r *ObjectsService) List(bucket string) *ObjectsListCall {
-	c := &ObjectsListCall{s: r.s, urlParams_: make(gensupport.URLParams)}
-	c.bucket = bucket
-	return c
-}
-
-// Delimiter sets the optional parameter "delimiter": Returns results in
-// a directory-like mode. items will contain only objects whose names,
-// aside from the prefix, do not contain delimiter. Objects whose names,
-// aside from the prefix, contain delimiter will have their name,
-// truncated after the delimiter, returned in prefixes. Duplicate
-// prefixes are omitted.
-func (c *ObjectsListCall) Delimiter(delimiter string) *ObjectsListCall {
-	c.urlParams_.Set("delimiter", delimiter)
-	return c
-}
-
-// EndOffset sets the optional parameter "endOffset": Filter results to
-// objects whose names are lexicographically before endOffset. If
-// startOffset is also set, the objects listed will have names between
-// startOffset (inclusive) and endOffset (exclusive).
-func (c *ObjectsListCall) EndOffset(endOffset string) *ObjectsListCall {
-	c.urlParams_.Set("endOffset", endOffset)
-	return c
-}
-
-// IncludeTrailingDelimiter sets the optional parameter
-// "includeTrailingDelimiter": If true, objects that end in exactly one
-// instance of delimiter will have their metadata included in items in
-// addition to prefixes.
-func (c *ObjectsListCall) IncludeTrailingDelimiter(includeTrailingDelimiter bool) *ObjectsListCall {
-	c.urlParams_.Set("includeTrailingDelimiter", fmt.Sprint(includeTrailingDelimiter))
-	return c
-}
-
-// MatchGlob sets the optional parameter "matchGlob": Filter results to
-// objects and prefixes that match this glob pattern.
-func (c *ObjectsListCall) MatchGlob(matchGlob string) *ObjectsListCall {
-	c.urlParams_.Set("matchGlob", matchGlob)
-	return c
-}
-
-// MaxResults sets the optional parameter "maxResults": Maximum number
-// of items plus prefixes to return in a single page of responses. As
-// duplicate prefixes are omitted, fewer total results may be returned
-// than requested. The service will use this parameter or 1,000 items,
-// whichever is smaller.
-func (c *ObjectsListCall) MaxResults(maxResults int64) *ObjectsListCall {
-	c.urlParams_.Set("maxResults", fmt.Sprint(maxResults))
-	return c
-}
-
-// PageToken sets the optional parameter "pageToken": A
-// previously-returned page token representing part of the larger set of
-// results to view.
-func (c *ObjectsListCall) PageToken(pageToken string) *ObjectsListCall {
-	c.urlParams_.Set("pageToken", pageToken)
-	return c
-}
-
-// Prefix sets the optional parameter "prefix": Filter results to
-// objects whose names begin with this prefix.
-func (c *ObjectsListCall) Prefix(prefix string) *ObjectsListCall {
-	c.urlParams_.Set("prefix", prefix)
-	return c
-}
-
-// Projection sets the optional parameter "projection": Set of
-// properties to return. Defaults to noAcl.
-//
-// Possible values:
-//
-//	"full" - Include all properties.
-//	"noAcl" - Omit the owner, acl property.
-func (c *ObjectsListCall) Projection(projection string) *ObjectsListCall {
-	c.urlParams_.Set("projection", projection)
-	return c
-}
-
-// StartOffset sets the optional parameter "startOffset": Filter results
-// to objects whose names are lexicographically equal to or after
-// startOffset. If endOffset is also set, the objects listed will have
-// names between startOffset (inclusive) and endOffset (exclusive).
-func (c *ObjectsListCall) StartOffset(startOffset string) *ObjectsListCall {
-	c.urlParams_.Set("startOffset", startOffset)
-	return c
-}
-
-// UserProject sets the optional parameter "userProject": The project to
-// be billed for this request. Required for Requester Pays buckets.
-func (c *ObjectsListCall) UserProject(userProject string) *ObjectsListCall {
-	c.urlParams_.Set("userProject", userProject)
-	return c
-}
-
-// Versions sets the optional parameter "versions": If true, lists all
-// versions of an object as distinct results. The default is false. For
-// more information, see Object Versioning.
-func (c *ObjectsListCall) Versions(versions bool) *ObjectsListCall {
-	c.urlParams_.Set("versions", fmt.Sprint(versions))
-	return c
-}
-
-// Fields allows partial responses to be retrieved. See
-// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
-// for more information.
-func (c *ObjectsListCall) Fields(s ...googleapi.Field) *ObjectsListCall {
-	c.urlParams_.Set("fields", googleapi.CombineFields(s))
-	return c
-}
-
-// IfNoneMatch sets the optional parameter which makes the operation
-// fail if the object's ETag matches the given value. This is useful for
-// getting updates only after the object has changed since the last
-// request. Use googleapi.IsNotModified to check whether the response
-// error from Do is the result of In-None-Match.
-func (c *ObjectsListCall) IfNoneMatch(entityTag string) *ObjectsListCall {
-	c.ifNoneMatch_ = entityTag
-	return c
-}
-
-// Context sets the context to be used in this call's Do method. Any
-// pending HTTP request will be aborted if the provided context is
-// canceled.
-func (c *ObjectsListCall) Context(ctx context.Context) *ObjectsListCall {
-	c.ctx_ = ctx
-	return c
-}
-
-// Header returns an http.Header that can be modified by the caller to
-// add HTTP headers to the request.
-func (c *ObjectsListCall) Header() http.Header {
-	if c.header_ == nil {
-		c.header_ = make(http.Header)
-	}
-	return c.header_
-}
-
-func (c *ObjectsListCall) doRequest(alt string) (*http.Response, error) {
-	reqHeaders := make(http.Header)
-	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
-	for k, v := range c.header_ {
-		reqHeaders[k] = v
-	}
-	reqHeaders.Set("User-Agent", c.s.userAgent())
-	if c.ifNoneMatch_ != "" {
-		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
-	}
-	var body io.Reader = nil
-	c.urlParams_.Set("alt", alt)
-	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "b/{bucket}/o")
-	urls += "?" + c.urlParams_.Encode()
-	req, err := http.NewRequest("GET", urls, body)
-	if err != nil {
-		return nil, err
-	}
-	req.Header = reqHeaders
-	googleapi.Expand(req.URL, map[string]string{
-		"bucket": c.bucket,
-	})
-	return gensupport.SendRequest(c.ctx_, c.s.client, req)
-}
-
-// Do executes the "storage.objects.list" call.
-// Exactly one of *Objects or error will be non-nil. Any non-2xx status
-// code is an error. Response headers are in either
-// *Objects.ServerResponse.Header or (if a response was returned at all)
-// in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to
-// check whether the returned error was because http.StatusNotModified
-// was returned.
-func (c *ObjectsListCall) Do(opts ...googleapi.CallOption) (*Objects, error) {
-	gensupport.SetOptions(c.urlParams_, opts...)
-	res, err := c.doRequest("json")
-	if res != nil && res.StatusCode == http.StatusNotModified {
-		if res.Body != nil {
-			res.Body.Close()
-		}
-		return nil, gensupport.WrapError(&googleapi.Error{
-			Code:   res.StatusCode,
-			Header: res.Header,
-		})
-	}
-	if err != nil {
-		return nil, err
-	}
-	defer googleapi.CloseBody(res)
-	if err := googleapi.CheckResponse(res); err != nil {
-		return nil, gensupport.WrapError(err)
-	}
-	ret := &Objects{
-		ServerResponse: googleapi.ServerResponse{
-			Header:         res.Header,
-			HTTPStatusCode: res.StatusCode,
-		},
-	}
-	target := &ret
-	if err := gensupport.DecodeResponse(target, res); err != nil {
-		return nil, err
-	}
-	return ret, nil
-	// {
-	//   "description": "Retrieves a list of objects matching the criteria.",
-	//   "httpMethod": "GET",
-	//   "id": "storage.objects.list",
-	//   "parameterOrder": [
-	//     "bucket"
-	//   ],
-	//   "parameters": {
-	//     "bucket": {
-	//       "description": "Name of the bucket in which to look for objects.",
-	//       "location": "path",
-	//       "required": true,
-	//       "type": "string"
-	//     },
-	//     "delimiter": {
-	//       "description": "Returns results in a directory-like mode. items will contain only objects whose names, aside from the prefix, do not contain delimiter. Objects whose names, aside from the prefix, contain delimiter will have their name, truncated after the delimiter, returned in prefixes. Duplicate prefixes are omitted.",
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "endOffset": {
-	//       "description": "Filter results to objects whose names are lexicographically before endOffset. If startOffset is also set, the objects listed will have names between startOffset (inclusive) and endOffset (exclusive).",
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "includeTrailingDelimiter": {
-	//       "description": "If true, objects that end in exactly one instance of delimiter will have their metadata included in items in addition to prefixes.",
-	//       "location": "query",
-	//       "type": "boolean"
-	//     },
-	//     "matchGlob": {
-	//       "description": "Filter results to objects and prefixes that match this glob pattern.",
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "maxResults": {
-	//       "default": "1000",
-	//       "description": "Maximum number of items plus prefixes to return in a single page of responses. As duplicate prefixes are omitted, fewer total results may be returned than requested. The service will use this parameter or 1,000 items, whichever is smaller.",
-	//       "format": "uint32",
-	//       "location": "query",
-	//       "minimum": "0",
-	//       "type": "integer"
-	//     },
-	//     "pageToken": {
-	//       "description": "A previously-returned page token representing part of the larger set of results to view.",
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "prefix": {
-	//       "description": "Filter results to objects whose names begin with this prefix.",
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "projection": {
-	//       "description": "Set of properties to return. Defaults to noAcl.",
-	//       "enum": [
-	//         "full",
-	//         "noAcl"
-	//       ],
-	//       "enumDescriptions": [
-	//         "Include all properties.",
-	//         "Omit the owner, acl property."
-	//       ],
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "startOffset": {
-	//       "description": "Filter results to objects whose names are lexicographically equal to or after startOffset. If endOffset is also set, the objects listed will have names between startOffset (inclusive) and endOffset (exclusive).",
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "userProject": {
-	//       "description": "The project to be billed for this request. Required for Requester Pays buckets.",
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "versions": {
-	//       "description": "If true, lists all versions of an object as distinct results. The default is false. For more information, see Object Versioning.",
-	//       "location": "query",
-	//       "type": "boolean"
-	//     }
-	//   },
-	//   "path": "b/{bucket}/o",
-	//   "response": {
-	//     "$ref": "Objects"
-	//   },
-	//   "scopes": [
-	//     "https://www.googleapis.com/auth/cloud-platform",
-	//     "https://www.googleapis.com/auth/cloud-platform.read-only",
-	//     "https://www.googleapis.com/auth/devstorage.full_control",
-	//     "https://www.googleapis.com/auth/devstorage.read_only",
-	//     "https://www.googleapis.com/auth/devstorage.read_write"
-	//   ],
-	//   "supportsSubscription": true
-	// }
-
-}
-
-// Pages invokes f for each page of results.
-// A non-nil error returned from f will halt the iteration.
-// The provided context supersedes any context provided to the Context method.
-func (c *ObjectsListCall) Pages(ctx context.Context, f func(*Objects) error) error {
-	c.ctx_ = ctx
-	defer c.PageToken(c.urlParams_.Get("pageToken")) // reset paging to original point
-	for {
-		x, err := c.Do()
-		if err != nil {
-			return err
-		}
-		if err := f(x); err != nil {
-			return err
-		}
-		if x.NextPageToken == "" {
-			return nil
-		}
-		c.PageToken(x.NextPageToken)
-	}
-}
-
-// method id "storage.objects.patch":
-
-type ObjectsPatchCall struct {
-	s          *Service
-	bucket     string
-	object     string
-	object2    *Object
-	urlParams_ gensupport.URLParams
-	ctx_       context.Context
-	header_    http.Header
-}
-
-// Patch: Patches an object's metadata.
-//
-//   - bucket: Name of the bucket in which the object resides.
-//   - object: Name of the object. For information about how to URL encode
-//     object names to be path safe, see Encoding URI Path Parts.
-func (r *ObjectsService) Patch(bucket string, object string, object2 *Object) *ObjectsPatchCall {
-	c := &ObjectsPatchCall{s: r.s, urlParams_: make(gensupport.URLParams)}
-	c.bucket = bucket
-	c.object = object
-	c.object2 = object2
-	return c
-}
-
-// Generation sets the optional parameter "generation": If present,
-// selects a specific revision of this object (as opposed to the latest
-// version, the default).
-func (c *ObjectsPatchCall) Generation(generation int64) *ObjectsPatchCall {
-	c.urlParams_.Set("generation", fmt.Sprint(generation))
-	return c
-}
-
-// IfGenerationMatch sets the optional parameter "ifGenerationMatch":
-// Makes the operation conditional on whether the object's current
-// generation matches the given value. Setting to 0 makes the operation
-// succeed only if there are no live versions of the object.
-func (c *ObjectsPatchCall) IfGenerationMatch(ifGenerationMatch int64) *ObjectsPatchCall {
-	c.urlParams_.Set("ifGenerationMatch", fmt.Sprint(ifGenerationMatch))
-	return c
-}
-
-// IfGenerationNotMatch sets the optional parameter
-// "ifGenerationNotMatch": Makes the operation conditional on whether
-// the object's current generation does not match the given value. If no
-// live object exists, the precondition fails. Setting to 0 makes the
-// operation succeed only if there is a live version of the object.
-func (c *ObjectsPatchCall) IfGenerationNotMatch(ifGenerationNotMatch int64) *ObjectsPatchCall {
-	c.urlParams_.Set("ifGenerationNotMatch", fmt.Sprint(ifGenerationNotMatch))
-	return c
-}
-
-// IfMetagenerationMatch sets the optional parameter
-// "ifMetagenerationMatch": Makes the operation conditional on whether
-// the object's current metageneration matches the given value.
-func (c *ObjectsPatchCall) IfMetagenerationMatch(ifMetagenerationMatch int64) *ObjectsPatchCall {
-	c.urlParams_.Set("ifMetagenerationMatch", fmt.Sprint(ifMetagenerationMatch))
-	return c
-}
-
-// IfMetagenerationNotMatch sets the optional parameter
-// "ifMetagenerationNotMatch": Makes the operation conditional on
-// whether the object's current metageneration does not match the given
-// value.
-func (c *ObjectsPatchCall) IfMetagenerationNotMatch(ifMetagenerationNotMatch int64) *ObjectsPatchCall {
-	c.urlParams_.Set("ifMetagenerationNotMatch", fmt.Sprint(ifMetagenerationNotMatch))
-	return c
-}
-
-// PredefinedAcl sets the optional parameter "predefinedAcl": Apply a
-// predefined set of access controls to this object.
-//
-// Possible values:
-//
-//	"authenticatedRead" - Object owner gets OWNER access, and
-//
-// allAuthenticatedUsers get READER access.
-//
-//	"bucketOwnerFullControl" - Object owner gets OWNER access, and
-//
-// project team owners get OWNER access.
-//
-//	"bucketOwnerRead" - Object owner gets OWNER access, and project
-//
-// team owners get READER access.
-//
-//	"private" - Object owner gets OWNER access.
-//	"projectPrivate" - Object owner gets OWNER access, and project team
-//
-// members get access according to their roles.
-//
-//	"publicRead" - Object owner gets OWNER access, and allUsers get
-//
-// READER access.
-func (c *ObjectsPatchCall) PredefinedAcl(predefinedAcl string) *ObjectsPatchCall {
-	c.urlParams_.Set("predefinedAcl", predefinedAcl)
-	return c
-}
-
-// Projection sets the optional parameter "projection": Set of
-// properties to return. Defaults to full.
-//
-// Possible values:
-//
-//	"full" - Include all properties.
-//	"noAcl" - Omit the owner, acl property.
-func (c *ObjectsPatchCall) Projection(projection string) *ObjectsPatchCall {
-	c.urlParams_.Set("projection", projection)
-	return c
-}
-
-// UserProject sets the optional parameter "userProject": The project to
-// be billed for this request, for Requester Pays buckets.
-func (c *ObjectsPatchCall) UserProject(userProject string) *ObjectsPatchCall {
-	c.urlParams_.Set("userProject", userProject)
-	return c
-}
-
-// Fields allows partial responses to be retrieved. See
-// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
-// for more information.
-func (c *ObjectsPatchCall) Fields(s ...googleapi.Field) *ObjectsPatchCall {
-	c.urlParams_.Set("fields", googleapi.CombineFields(s))
-	return c
-}
-
-// Context sets the context to be used in this call's Do method. Any
-// pending HTTP request will be aborted if the provided context is
-// canceled.
-func (c *ObjectsPatchCall) Context(ctx context.Context) *ObjectsPatchCall {
-	c.ctx_ = ctx
-	return c
-}
-
-// Header returns an http.Header that can be modified by the caller to
-// add HTTP headers to the request.
-func (c *ObjectsPatchCall) Header() http.Header {
-	if c.header_ == nil {
-		c.header_ = make(http.Header)
-	}
-	return c.header_
-}
-
-func (c *ObjectsPatchCall) doRequest(alt string) (*http.Response, error) {
-	reqHeaders := make(http.Header)
-	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
-	for k, v := range c.header_ {
-		reqHeaders[k] = v
-	}
-	reqHeaders.Set("User-Agent", c.s.userAgent())
-	var body io.Reader = nil
-	body, err := googleapi.WithoutDataWrapper.JSONReader(c.object2)
-	if err != nil {
-		return nil, err
-	}
-	reqHeaders.Set("Content-Type", "application/json")
-	c.urlParams_.Set("alt", alt)
-	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "b/{bucket}/o/{object}")
-	urls += "?" + c.urlParams_.Encode()
-	req, err := http.NewRequest("PATCH", urls, body)
-	if err != nil {
-		return nil, err
-	}
-	req.Header = reqHeaders
-	googleapi.Expand(req.URL, map[string]string{
-		"bucket": c.bucket,
-		"object": c.object,
-	})
-	return gensupport.SendRequest(c.ctx_, c.s.client, req)
-}
-
-// Do executes the "storage.objects.patch" call.
-// Exactly one of *Object or error will be non-nil. Any non-2xx status
-// code is an error. Response headers are in either
-// *Object.ServerResponse.Header or (if a response was returned at all)
-// in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to
-// check whether the returned error was because http.StatusNotModified
-// was returned.
-func (c *ObjectsPatchCall) Do(opts ...googleapi.CallOption) (*Object, error) {
-	gensupport.SetOptions(c.urlParams_, opts...)
-	res, err := c.doRequest("json")
-	if res != nil && res.StatusCode == http.StatusNotModified {
-		if res.Body != nil {
-			res.Body.Close()
-		}
-		return nil, gensupport.WrapError(&googleapi.Error{
-			Code:   res.StatusCode,
-			Header: res.Header,
-		})
-	}
-	if err != nil {
-		return nil, err
-	}
-	defer googleapi.CloseBody(res)
-	if err := googleapi.CheckResponse(res); err != nil {
-		return nil, gensupport.WrapError(err)
-	}
-	ret := &Object{
-		ServerResponse: googleapi.ServerResponse{
-			Header:         res.Header,
-			HTTPStatusCode: res.StatusCode,
-		},
-	}
-	target := &ret
-	if err := gensupport.DecodeResponse(target, res); err != nil {
-		return nil, err
-	}
-	return ret, nil
-	// {
-	//   "description": "Patches an object's metadata.",
-	//   "httpMethod": "PATCH",
-	//   "id": "storage.objects.patch",
-	//   "parameterOrder": [
-	//     "bucket",
-	//     "object"
-	//   ],
-	//   "parameters": {
-	//     "bucket": {
-	//       "description": "Name of the bucket in which the object resides.",
-	//       "location": "path",
-	//       "required": true,
-	//       "type": "string"
-	//     },
-	//     "generation": {
-	//       "description": "If present, selects a specific revision of this object (as opposed to the latest version, the default).",
-	//       "format": "int64",
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "ifGenerationMatch": {
-	//       "description": "Makes the operation conditional on whether the object's current generation matches the given value. Setting to 0 makes the operation succeed only if there are no live versions of the object.",
-	//       "format": "int64",
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "ifGenerationNotMatch": {
-	//       "description": "Makes the operation conditional on whether the object's current generation does not match the given value. If no live object exists, the precondition fails. Setting to 0 makes the operation succeed only if there is a live version of the object.",
-	//       "format": "int64",
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "ifMetagenerationMatch": {
-	//       "description": "Makes the operation conditional on whether the object's current metageneration matches the given value.",
-	//       "format": "int64",
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "ifMetagenerationNotMatch": {
-	//       "description": "Makes the operation conditional on whether the object's current metageneration does not match the given value.",
-	//       "format": "int64",
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "object": {
-	//       "description": "Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.",
-	//       "location": "path",
-	//       "required": true,
-	//       "type": "string"
-	//     },
-	//     "predefinedAcl": {
-	//       "description": "Apply a predefined set of access controls to this object.",
-	//       "enum": [
-	//         "authenticatedRead",
-	//         "bucketOwnerFullControl",
-	//         "bucketOwnerRead",
-	//         "private",
-	//         "projectPrivate",
-	//         "publicRead"
-	//       ],
-	//       "enumDescriptions": [
-	//         "Object owner gets OWNER access, and allAuthenticatedUsers get READER access.",
-	//         "Object owner gets OWNER access, and project team owners get OWNER access.",
-	//         "Object owner gets OWNER access, and project team owners get READER access.",
-	//         "Object owner gets OWNER access.",
-	//         "Object owner gets OWNER access, and project team members get access according to their roles.",
-	//         "Object owner gets OWNER access, and allUsers get READER access."
-	//       ],
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "projection": {
-	//       "description": "Set of properties to return. Defaults to full.",
-	//       "enum": [
-	//         "full",
-	//         "noAcl"
-	//       ],
-	//       "enumDescriptions": [
-	//         "Include all properties.",
-	//         "Omit the owner, acl property."
-	//       ],
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "userProject": {
-	//       "description": "The project to be billed for this request, for Requester Pays buckets.",
-	//       "location": "query",
-	//       "type": "string"
-	//     }
-	//   },
-	//   "path": "b/{bucket}/o/{object}",
-	//   "request": {
-	//     "$ref": "Object"
-	//   },
-	//   "response": {
-	//     "$ref": "Object"
-	//   },
-	//   "scopes": [
-	//     "https://www.googleapis.com/auth/cloud-platform",
-	//     "https://www.googleapis.com/auth/devstorage.full_control"
-	//   ]
-	// }
-
-}
-
-// method id "storage.objects.rewrite":
-
-type ObjectsRewriteCall struct {
-	s                 *Service
-	sourceBucket      string
-	sourceObject      string
-	destinationBucket string
-	destinationObject string
-	object            *Object
-	urlParams_        gensupport.URLParams
-	ctx_              context.Context
-	header_           http.Header
-}
-
-// Rewrite: Rewrites a source object to a destination object. Optionally
-// overrides metadata.
-//
-//   - destinationBucket: Name of the bucket in which to store the new
-//     object. Overrides the provided object metadata's bucket value, if
-//     any.
-//   - destinationObject: Name of the new object. Required when the object
-//     metadata is not otherwise provided. Overrides the object metadata's
-//     name value, if any. For information about how to URL encode object
-//     names to be path safe, see Encoding URI Path Parts.
-//   - sourceBucket: Name of the bucket in which to find the source
-//     object.
-//   - sourceObject: Name of the source object. For information about how
-//     to URL encode object names to be path safe, see Encoding URI Path
-//     Parts.
-func (r *ObjectsService) Rewrite(sourceBucket string, sourceObject string, destinationBucket string, destinationObject string, object *Object) *ObjectsRewriteCall {
-	c := &ObjectsRewriteCall{s: r.s, urlParams_: make(gensupport.URLParams)}
-	c.sourceBucket = sourceBucket
-	c.sourceObject = sourceObject
-	c.destinationBucket = destinationBucket
-	c.destinationObject = destinationObject
-	c.object = object
-	return c
-}
-
-// DestinationKmsKeyName sets the optional parameter
-// "destinationKmsKeyName": Resource name of the Cloud KMS key, of the
-// form
-// projects/my-project/locations/global/keyRings/my-kr/cryptoKeys/my-key,
-//
-//	that will be used to encrypt the object. Overrides the object
-//
-// metadata's kms_key_name value, if any.
-func (c *ObjectsRewriteCall) DestinationKmsKeyName(destinationKmsKeyName string) *ObjectsRewriteCall {
-	c.urlParams_.Set("destinationKmsKeyName", destinationKmsKeyName)
-	return c
-}
-
-// DestinationPredefinedAcl sets the optional parameter
-// "destinationPredefinedAcl": Apply a predefined set of access controls
-// to the destination object.
-//
-// Possible values:
-//
-//	"authenticatedRead" - Object owner gets OWNER access, and
-//
-// allAuthenticatedUsers get READER access.
-//
-//	"bucketOwnerFullControl" - Object owner gets OWNER access, and
-//
-// project team owners get OWNER access.
-//
-//	"bucketOwnerRead" - Object owner gets OWNER access, and project
-//
-// team owners get READER access.
-//
-//	"private" - Object owner gets OWNER access.
-//	"projectPrivate" - Object owner gets OWNER access, and project team
-//
-// members get access according to their roles.
-//
-//	"publicRead" - Object owner gets OWNER access, and allUsers get
-//
-// READER access.
-func (c *ObjectsRewriteCall) DestinationPredefinedAcl(destinationPredefinedAcl string) *ObjectsRewriteCall {
-	c.urlParams_.Set("destinationPredefinedAcl", destinationPredefinedAcl)
-	return c
-}
-
-// IfGenerationMatch sets the optional parameter "ifGenerationMatch":
-// Makes the operation conditional on whether the object's current
-// generation matches the given value. Setting to 0 makes the operation
-// succeed only if there are no live versions of the object.
-func (c *ObjectsRewriteCall) IfGenerationMatch(ifGenerationMatch int64) *ObjectsRewriteCall {
-	c.urlParams_.Set("ifGenerationMatch", fmt.Sprint(ifGenerationMatch))
-	return c
-}
-
-// IfGenerationNotMatch sets the optional parameter
-// "ifGenerationNotMatch": Makes the operation conditional on whether
-// the object's current generation does not match the given value. If no
-// live object exists, the precondition fails. Setting to 0 makes the
-// operation succeed only if there is a live version of the object.
-func (c *ObjectsRewriteCall) IfGenerationNotMatch(ifGenerationNotMatch int64) *ObjectsRewriteCall {
-	c.urlParams_.Set("ifGenerationNotMatch", fmt.Sprint(ifGenerationNotMatch))
-	return c
-}
-
-// IfMetagenerationMatch sets the optional parameter
-// "ifMetagenerationMatch": Makes the operation conditional on whether
-// the destination object's current metageneration matches the given
-// value.
-func (c *ObjectsRewriteCall) IfMetagenerationMatch(ifMetagenerationMatch int64) *ObjectsRewriteCall {
-	c.urlParams_.Set("ifMetagenerationMatch", fmt.Sprint(ifMetagenerationMatch))
-	return c
-}
-
-// IfMetagenerationNotMatch sets the optional parameter
-// "ifMetagenerationNotMatch": Makes the operation conditional on
-// whether the destination object's current metageneration does not
-// match the given value.
-func (c *ObjectsRewriteCall) IfMetagenerationNotMatch(ifMetagenerationNotMatch int64) *ObjectsRewriteCall {
-	c.urlParams_.Set("ifMetagenerationNotMatch", fmt.Sprint(ifMetagenerationNotMatch))
-	return c
-}
-
-// IfSourceGenerationMatch sets the optional parameter
-// "ifSourceGenerationMatch": Makes the operation conditional on whether
-// the source object's current generation matches the given value.
-func (c *ObjectsRewriteCall) IfSourceGenerationMatch(ifSourceGenerationMatch int64) *ObjectsRewriteCall {
-	c.urlParams_.Set("ifSourceGenerationMatch", fmt.Sprint(ifSourceGenerationMatch))
-	return c
-}
-
-// IfSourceGenerationNotMatch sets the optional parameter
-// "ifSourceGenerationNotMatch": Makes the operation conditional on
-// whether the source object's current generation does not match the
-// given value.
-func (c *ObjectsRewriteCall) IfSourceGenerationNotMatch(ifSourceGenerationNotMatch int64) *ObjectsRewriteCall {
-	c.urlParams_.Set("ifSourceGenerationNotMatch", fmt.Sprint(ifSourceGenerationNotMatch))
-	return c
-}
-
-// IfSourceMetagenerationMatch sets the optional parameter
-// "ifSourceMetagenerationMatch": Makes the operation conditional on
-// whether the source object's current metageneration matches the given
-// value.
-func (c *ObjectsRewriteCall) IfSourceMetagenerationMatch(ifSourceMetagenerationMatch int64) *ObjectsRewriteCall {
-	c.urlParams_.Set("ifSourceMetagenerationMatch", fmt.Sprint(ifSourceMetagenerationMatch))
-	return c
-}
-
-// IfSourceMetagenerationNotMatch sets the optional parameter
-// "ifSourceMetagenerationNotMatch": Makes the operation conditional on
-// whether the source object's current metageneration does not match the
-// given value.
-func (c *ObjectsRewriteCall) IfSourceMetagenerationNotMatch(ifSourceMetagenerationNotMatch int64) *ObjectsRewriteCall {
-	c.urlParams_.Set("ifSourceMetagenerationNotMatch", fmt.Sprint(ifSourceMetagenerationNotMatch))
-	return c
-}
-
-// MaxBytesRewrittenPerCall sets the optional parameter
-// "maxBytesRewrittenPerCall": The maximum number of bytes that will be
-// rewritten per rewrite request. Most callers shouldn't need to specify
-// this parameter - it is primarily in place to support testing. If
-// specified the value must be an integral multiple of 1 MiB (1048576).
-// Also, this only applies to requests where the source and destination
-// span locations and/or storage classes. Finally, this value must not
-// change across rewrite calls else you'll get an error that the
-// rewriteToken is invalid.
-func (c *ObjectsRewriteCall) MaxBytesRewrittenPerCall(maxBytesRewrittenPerCall int64) *ObjectsRewriteCall {
-	c.urlParams_.Set("maxBytesRewrittenPerCall", fmt.Sprint(maxBytesRewrittenPerCall))
-	return c
-}
-
-// Projection sets the optional parameter "projection": Set of
-// properties to return. Defaults to noAcl, unless the object resource
-// specifies the acl property, when it defaults to full.
-//
-// Possible values:
-//
-//	"full" - Include all properties.
-//	"noAcl" - Omit the owner, acl property.
-func (c *ObjectsRewriteCall) Projection(projection string) *ObjectsRewriteCall {
-	c.urlParams_.Set("projection", projection)
-	return c
-}
-
-// RewriteToken sets the optional parameter "rewriteToken": Include this
-// field (from the previous rewrite response) on each rewrite request
-// after the first one, until the rewrite response 'done' flag is true.
-// Calls that provide a rewriteToken can omit all other request fields,
-// but if included those fields must match the values provided in the
-// first rewrite request.
-func (c *ObjectsRewriteCall) RewriteToken(rewriteToken string) *ObjectsRewriteCall {
-	c.urlParams_.Set("rewriteToken", rewriteToken)
-	return c
-}
-
-// SourceGeneration sets the optional parameter "sourceGeneration": If
-// present, selects a specific revision of the source object (as opposed
-// to the latest version, the default).
-func (c *ObjectsRewriteCall) SourceGeneration(sourceGeneration int64) *ObjectsRewriteCall {
-	c.urlParams_.Set("sourceGeneration", fmt.Sprint(sourceGeneration))
-	return c
-}
-
-// UserProject sets the optional parameter "userProject": The project to
-// be billed for this request. Required for Requester Pays buckets.
-func (c *ObjectsRewriteCall) UserProject(userProject string) *ObjectsRewriteCall {
-	c.urlParams_.Set("userProject", userProject)
-	return c
-}
-
-// Fields allows partial responses to be retrieved. See
-// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
-// for more information.
-func (c *ObjectsRewriteCall) Fields(s ...googleapi.Field) *ObjectsRewriteCall {
-	c.urlParams_.Set("fields", googleapi.CombineFields(s))
-	return c
-}
-
-// Context sets the context to be used in this call's Do method. Any
-// pending HTTP request will be aborted if the provided context is
-// canceled.
-func (c *ObjectsRewriteCall) Context(ctx context.Context) *ObjectsRewriteCall {
-	c.ctx_ = ctx
-	return c
-}
-
-// Header returns an http.Header that can be modified by the caller to
-// add HTTP headers to the request.
-func (c *ObjectsRewriteCall) Header() http.Header {
-	if c.header_ == nil {
-		c.header_ = make(http.Header)
-	}
-	return c.header_
-}
-
-func (c *ObjectsRewriteCall) doRequest(alt string) (*http.Response, error) {
-	reqHeaders := make(http.Header)
-	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
-	for k, v := range c.header_ {
-		reqHeaders[k] = v
-	}
-	reqHeaders.Set("User-Agent", c.s.userAgent())
-	var body io.Reader = nil
-	body, err := googleapi.WithoutDataWrapper.JSONReader(c.object)
-	if err != nil {
-		return nil, err
-	}
-	reqHeaders.Set("Content-Type", "application/json")
-	c.urlParams_.Set("alt", alt)
-	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "b/{sourceBucket}/o/{sourceObject}/rewriteTo/b/{destinationBucket}/o/{destinationObject}")
-	urls += "?" + c.urlParams_.Encode()
-	req, err := http.NewRequest("POST", urls, body)
-	if err != nil {
-		return nil, err
-	}
-	req.Header = reqHeaders
-	googleapi.Expand(req.URL, map[string]string{
-		"sourceBucket":      c.sourceBucket,
-		"sourceObject":      c.sourceObject,
-		"destinationBucket": c.destinationBucket,
-		"destinationObject": c.destinationObject,
-	})
-	return gensupport.SendRequest(c.ctx_, c.s.client, req)
-}
-
-// Do executes the "storage.objects.rewrite" call.
-// Exactly one of *RewriteResponse or error will be non-nil. Any non-2xx
-// status code is an error. Response headers are in either
-// *RewriteResponse.ServerResponse.Header or (if a response was returned
-// at all) in error.(*googleapi.Error).Header. Use
-// googleapi.IsNotModified to check whether the returned error was
-// because http.StatusNotModified was returned.
-func (c *ObjectsRewriteCall) Do(opts ...googleapi.CallOption) (*RewriteResponse, error) {
-	gensupport.SetOptions(c.urlParams_, opts...)
-	res, err := c.doRequest("json")
-	if res != nil && res.StatusCode == http.StatusNotModified {
-		if res.Body != nil {
-			res.Body.Close()
-		}
-		return nil, gensupport.WrapError(&googleapi.Error{
-			Code:   res.StatusCode,
-			Header: res.Header,
-		})
-	}
-	if err != nil {
-		return nil, err
-	}
-	defer googleapi.CloseBody(res)
-	if err := googleapi.CheckResponse(res); err != nil {
-		return nil, gensupport.WrapError(err)
-	}
-	ret := &RewriteResponse{
-		ServerResponse: googleapi.ServerResponse{
-			Header:         res.Header,
-			HTTPStatusCode: res.StatusCode,
-		},
-	}
-	target := &ret
-	if err := gensupport.DecodeResponse(target, res); err != nil {
-		return nil, err
-	}
-	return ret, nil
-	// {
-	//   "description": "Rewrites a source object to a destination object. Optionally overrides metadata.",
-	//   "httpMethod": "POST",
-	//   "id": "storage.objects.rewrite",
-	//   "parameterOrder": [
-	//     "sourceBucket",
-	//     "sourceObject",
-	//     "destinationBucket",
-	//     "destinationObject"
-	//   ],
-	//   "parameters": {
-	//     "destinationBucket": {
-	//       "description": "Name of the bucket in which to store the new object. Overrides the provided object metadata's bucket value, if any.",
-	//       "location": "path",
-	//       "required": true,
-	//       "type": "string"
-	//     },
-	//     "destinationKmsKeyName": {
-	//       "description": "Resource name of the Cloud KMS key, of the form projects/my-project/locations/global/keyRings/my-kr/cryptoKeys/my-key, that will be used to encrypt the object. Overrides the object metadata's kms_key_name value, if any.",
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "destinationObject": {
-	//       "description": "Name of the new object. Required when the object metadata is not otherwise provided. Overrides the object metadata's name value, if any. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.",
-	//       "location": "path",
-	//       "required": true,
-	//       "type": "string"
-	//     },
-	//     "destinationPredefinedAcl": {
-	//       "description": "Apply a predefined set of access controls to the destination object.",
-	//       "enum": [
-	//         "authenticatedRead",
-	//         "bucketOwnerFullControl",
-	//         "bucketOwnerRead",
-	//         "private",
-	//         "projectPrivate",
-	//         "publicRead"
-	//       ],
-	//       "enumDescriptions": [
-	//         "Object owner gets OWNER access, and allAuthenticatedUsers get READER access.",
-	//         "Object owner gets OWNER access, and project team owners get OWNER access.",
-	//         "Object owner gets OWNER access, and project team owners get READER access.",
-	//         "Object owner gets OWNER access.",
-	//         "Object owner gets OWNER access, and project team members get access according to their roles.",
-	//         "Object owner gets OWNER access, and allUsers get READER access."
-	//       ],
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "ifGenerationMatch": {
-	//       "description": "Makes the operation conditional on whether the object's current generation matches the given value. Setting to 0 makes the operation succeed only if there are no live versions of the object.",
-	//       "format": "int64",
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "ifGenerationNotMatch": {
-	//       "description": "Makes the operation conditional on whether the object's current generation does not match the given value. If no live object exists, the precondition fails. Setting to 0 makes the operation succeed only if there is a live version of the object.",
-	//       "format": "int64",
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "ifMetagenerationMatch": {
-	//       "description": "Makes the operation conditional on whether the destination object's current metageneration matches the given value.",
-	//       "format": "int64",
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "ifMetagenerationNotMatch": {
-	//       "description": "Makes the operation conditional on whether the destination object's current metageneration does not match the given value.",
-	//       "format": "int64",
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "ifSourceGenerationMatch": {
-	//       "description": "Makes the operation conditional on whether the source object's current generation matches the given value.",
-	//       "format": "int64",
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "ifSourceGenerationNotMatch": {
-	//       "description": "Makes the operation conditional on whether the source object's current generation does not match the given value.",
-	//       "format": "int64",
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "ifSourceMetagenerationMatch": {
-	//       "description": "Makes the operation conditional on whether the source object's current metageneration matches the given value.",
-	//       "format": "int64",
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "ifSourceMetagenerationNotMatch": {
-	//       "description": "Makes the operation conditional on whether the source object's current metageneration does not match the given value.",
-	//       "format": "int64",
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "maxBytesRewrittenPerCall": {
-	//       "description": "The maximum number of bytes that will be rewritten per rewrite request. Most callers shouldn't need to specify this parameter - it is primarily in place to support testing. If specified the value must be an integral multiple of 1 MiB (1048576). Also, this only applies to requests where the source and destination span locations and/or storage classes. Finally, this value must not change across rewrite calls else you'll get an error that the rewriteToken is invalid.",
-	//       "format": "int64",
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "projection": {
-	//       "description": "Set of properties to return. Defaults to noAcl, unless the object resource specifies the acl property, when it defaults to full.",
-	//       "enum": [
-	//         "full",
-	//         "noAcl"
-	//       ],
-	//       "enumDescriptions": [
-	//         "Include all properties.",
-	//         "Omit the owner, acl property."
-	//       ],
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "rewriteToken": {
-	//       "description": "Include this field (from the previous rewrite response) on each rewrite request after the first one, until the rewrite response 'done' flag is true. Calls that provide a rewriteToken can omit all other request fields, but if included those fields must match the values provided in the first rewrite request.",
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "sourceBucket": {
-	//       "description": "Name of the bucket in which to find the source object.",
-	//       "location": "path",
-	//       "required": true,
-	//       "type": "string"
-	//     },
-	//     "sourceGeneration": {
-	//       "description": "If present, selects a specific revision of the source object (as opposed to the latest version, the default).",
-	//       "format": "int64",
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "sourceObject": {
-	//       "description": "Name of the source object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.",
-	//       "location": "path",
-	//       "required": true,
-	//       "type": "string"
-	//     },
-	//     "userProject": {
-	//       "description": "The project to be billed for this request. Required for Requester Pays buckets.",
-	//       "location": "query",
-	//       "type": "string"
-	//     }
-	//   },
-	//   "path": "b/{sourceBucket}/o/{sourceObject}/rewriteTo/b/{destinationBucket}/o/{destinationObject}",
-	//   "request": {
-	//     "$ref": "Object"
-	//   },
-	//   "response": {
-	//     "$ref": "RewriteResponse"
-	//   },
-	//   "scopes": [
-	//     "https://www.googleapis.com/auth/cloud-platform",
-	//     "https://www.googleapis.com/auth/devstorage.full_control",
-	//     "https://www.googleapis.com/auth/devstorage.read_write"
-	//   ]
-	// }
-
-}
-
-// method id "storage.objects.setIamPolicy":
-
-type ObjectsSetIamPolicyCall struct {
-	s          *Service
-	bucket     string
-	object     string
-	policy     *Policy
-	urlParams_ gensupport.URLParams
-	ctx_       context.Context
-	header_    http.Header
-}
-
-// SetIamPolicy: Updates an IAM policy for the specified object.
-//
-//   - bucket: Name of the bucket in which the object resides.
-//   - object: Name of the object. For information about how to URL encode
-//     object names to be path safe, see Encoding URI Path Parts.
-func (r *ObjectsService) SetIamPolicy(bucket string, object string, policy *Policy) *ObjectsSetIamPolicyCall {
-	c := &ObjectsSetIamPolicyCall{s: r.s, urlParams_: make(gensupport.URLParams)}
-	c.bucket = bucket
-	c.object = object
-	c.policy = policy
-	return c
-}
-
-// Generation sets the optional parameter "generation": If present,
-// selects a specific revision of this object (as opposed to the latest
-// version, the default).
-func (c *ObjectsSetIamPolicyCall) Generation(generation int64) *ObjectsSetIamPolicyCall {
-	c.urlParams_.Set("generation", fmt.Sprint(generation))
-	return c
-}
-
-// UserProject sets the optional parameter "userProject": The project to
-// be billed for this request. Required for Requester Pays buckets.
-func (c *ObjectsSetIamPolicyCall) UserProject(userProject string) *ObjectsSetIamPolicyCall {
-	c.urlParams_.Set("userProject", userProject)
-	return c
-}
-
-// Fields allows partial responses to be retrieved. See
-// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
-// for more information.
-func (c *ObjectsSetIamPolicyCall) Fields(s ...googleapi.Field) *ObjectsSetIamPolicyCall {
-	c.urlParams_.Set("fields", googleapi.CombineFields(s))
-	return c
-}
-
-// Context sets the context to be used in this call's Do method. Any
-// pending HTTP request will be aborted if the provided context is
-// canceled.
-func (c *ObjectsSetIamPolicyCall) Context(ctx context.Context) *ObjectsSetIamPolicyCall {
-	c.ctx_ = ctx
-	return c
-}
-
-// Header returns an http.Header that can be modified by the caller to
-// add HTTP headers to the request.
-func (c *ObjectsSetIamPolicyCall) Header() http.Header {
-	if c.header_ == nil {
-		c.header_ = make(http.Header)
-	}
-	return c.header_
-}
-
-func (c *ObjectsSetIamPolicyCall) doRequest(alt string) (*http.Response, error) {
-	reqHeaders := make(http.Header)
-	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
-	for k, v := range c.header_ {
-		reqHeaders[k] = v
-	}
-	reqHeaders.Set("User-Agent", c.s.userAgent())
-	var body io.Reader = nil
-	body, err := googleapi.WithoutDataWrapper.JSONReader(c.policy)
-	if err != nil {
-		return nil, err
-	}
-	reqHeaders.Set("Content-Type", "application/json")
-	c.urlParams_.Set("alt", alt)
-	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "b/{bucket}/o/{object}/iam")
-	urls += "?" + c.urlParams_.Encode()
-	req, err := http.NewRequest("PUT", urls, body)
-	if err != nil {
-		return nil, err
-	}
-	req.Header = reqHeaders
-	googleapi.Expand(req.URL, map[string]string{
-		"bucket": c.bucket,
-		"object": c.object,
-	})
-	return gensupport.SendRequest(c.ctx_, c.s.client, req)
-}
-
-// Do executes the "storage.objects.setIamPolicy" call.
-// Exactly one of *Policy or error will be non-nil. Any non-2xx status
-// code is an error. Response headers are in either
-// *Policy.ServerResponse.Header or (if a response was returned at all)
-// in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to
-// check whether the returned error was because http.StatusNotModified
-// was returned.
-func (c *ObjectsSetIamPolicyCall) Do(opts ...googleapi.CallOption) (*Policy, error) {
-	gensupport.SetOptions(c.urlParams_, opts...)
-	res, err := c.doRequest("json")
-	if res != nil && res.StatusCode == http.StatusNotModified {
-		if res.Body != nil {
-			res.Body.Close()
-		}
-		return nil, gensupport.WrapError(&googleapi.Error{
-			Code:   res.StatusCode,
-			Header: res.Header,
-		})
-	}
-	if err != nil {
-		return nil, err
-	}
-	defer googleapi.CloseBody(res)
-	if err := googleapi.CheckResponse(res); err != nil {
-		return nil, gensupport.WrapError(err)
-	}
-	ret := &Policy{
-		ServerResponse: googleapi.ServerResponse{
-			Header:         res.Header,
-			HTTPStatusCode: res.StatusCode,
-		},
-	}
-	target := &ret
-	if err := gensupport.DecodeResponse(target, res); err != nil {
-		return nil, err
-	}
-	return ret, nil
-	// {
-	//   "description": "Updates an IAM policy for the specified object.",
-	//   "httpMethod": "PUT",
-	//   "id": "storage.objects.setIamPolicy",
-	//   "parameterOrder": [
-	//     "bucket",
-	//     "object"
-	//   ],
-	//   "parameters": {
-	//     "bucket": {
-	//       "description": "Name of the bucket in which the object resides.",
-	//       "location": "path",
-	//       "required": true,
-	//       "type": "string"
-	//     },
-	//     "generation": {
-	//       "description": "If present, selects a specific revision of this object (as opposed to the latest version, the default).",
-	//       "format": "int64",
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "object": {
-	//       "description": "Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.",
-	//       "location": "path",
-	//       "required": true,
-	//       "type": "string"
-	//     },
-	//     "userProject": {
-	//       "description": "The project to be billed for this request. Required for Requester Pays buckets.",
-	//       "location": "query",
-	//       "type": "string"
-	//     }
-	//   },
-	//   "path": "b/{bucket}/o/{object}/iam",
-	//   "request": {
-	//     "$ref": "Policy"
-	//   },
-	//   "response": {
-	//     "$ref": "Policy"
-	//   },
-	//   "scopes": [
-	//     "https://www.googleapis.com/auth/cloud-platform",
-	//     "https://www.googleapis.com/auth/devstorage.full_control",
-	//     "https://www.googleapis.com/auth/devstorage.read_write"
-	//   ]
-	// }
-
-}
-
-// method id "storage.objects.testIamPermissions":
-
-type ObjectsTestIamPermissionsCall struct {
-	s            *Service
-	bucket       string
-	object       string
-	urlParams_   gensupport.URLParams
-	ifNoneMatch_ string
-	ctx_         context.Context
-	header_      http.Header
-}
-
-// TestIamPermissions: Tests a set of permissions on the given object to
-// see which, if any, are held by the caller.
-//
-//   - bucket: Name of the bucket in which the object resides.
-//   - object: Name of the object. For information about how to URL encode
-//     object names to be path safe, see Encoding URI Path Parts.
-//   - permissions: Permissions to test.
-func (r *ObjectsService) TestIamPermissions(bucket string, object string, permissions []string) *ObjectsTestIamPermissionsCall {
-	c := &ObjectsTestIamPermissionsCall{s: r.s, urlParams_: make(gensupport.URLParams)}
-	c.bucket = bucket
-	c.object = object
-	c.urlParams_.SetMulti("permissions", append([]string{}, permissions...))
-	return c
-}
-
-// Generation sets the optional parameter "generation": If present,
-// selects a specific revision of this object (as opposed to the latest
-// version, the default).
-func (c *ObjectsTestIamPermissionsCall) Generation(generation int64) *ObjectsTestIamPermissionsCall {
-	c.urlParams_.Set("generation", fmt.Sprint(generation))
-	return c
-}
-
-// UserProject sets the optional parameter "userProject": The project to
-// be billed for this request. Required for Requester Pays buckets.
-func (c *ObjectsTestIamPermissionsCall) UserProject(userProject string) *ObjectsTestIamPermissionsCall {
-	c.urlParams_.Set("userProject", userProject)
-	return c
-}
-
-// Fields allows partial responses to be retrieved. See
-// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
-// for more information.
-func (c *ObjectsTestIamPermissionsCall) Fields(s ...googleapi.Field) *ObjectsTestIamPermissionsCall {
-	c.urlParams_.Set("fields", googleapi.CombineFields(s))
-	return c
-}
-
-// IfNoneMatch sets the optional parameter which makes the operation
-// fail if the object's ETag matches the given value. This is useful for
-// getting updates only after the object has changed since the last
-// request. Use googleapi.IsNotModified to check whether the response
-// error from Do is the result of In-None-Match.
-func (c *ObjectsTestIamPermissionsCall) IfNoneMatch(entityTag string) *ObjectsTestIamPermissionsCall {
-	c.ifNoneMatch_ = entityTag
-	return c
-}
-
-// Context sets the context to be used in this call's Do method. Any
-// pending HTTP request will be aborted if the provided context is
-// canceled.
-func (c *ObjectsTestIamPermissionsCall) Context(ctx context.Context) *ObjectsTestIamPermissionsCall {
-	c.ctx_ = ctx
-	return c
-}
-
-// Header returns an http.Header that can be modified by the caller to
-// add HTTP headers to the request.
-func (c *ObjectsTestIamPermissionsCall) Header() http.Header {
-	if c.header_ == nil {
-		c.header_ = make(http.Header)
-	}
-	return c.header_
-}
-
-func (c *ObjectsTestIamPermissionsCall) doRequest(alt string) (*http.Response, error) {
-	reqHeaders := make(http.Header)
-	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
-	for k, v := range c.header_ {
-		reqHeaders[k] = v
-	}
-	reqHeaders.Set("User-Agent", c.s.userAgent())
-	if c.ifNoneMatch_ != "" {
-		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
-	}
-	var body io.Reader = nil
-	c.urlParams_.Set("alt", alt)
-	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "b/{bucket}/o/{object}/iam/testPermissions")
-	urls += "?" + c.urlParams_.Encode()
-	req, err := http.NewRequest("GET", urls, body)
-	if err != nil {
-		return nil, err
-	}
-	req.Header = reqHeaders
-	googleapi.Expand(req.URL, map[string]string{
-		"bucket": c.bucket,
-		"object": c.object,
-	})
-	return gensupport.SendRequest(c.ctx_, c.s.client, req)
-}
-
-// Do executes the "storage.objects.testIamPermissions" call.
-// Exactly one of *TestIamPermissionsResponse or error will be non-nil.
-// Any non-2xx status code is an error. Response headers are in either
-// *TestIamPermissionsResponse.ServerResponse.Header or (if a response
-// was returned at all) in error.(*googleapi.Error).Header. Use
-// googleapi.IsNotModified to check whether the returned error was
-// because http.StatusNotModified was returned.
-func (c *ObjectsTestIamPermissionsCall) Do(opts ...googleapi.CallOption) (*TestIamPermissionsResponse, error) {
-	gensupport.SetOptions(c.urlParams_, opts...)
-	res, err := c.doRequest("json")
-	if res != nil && res.StatusCode == http.StatusNotModified {
-		if res.Body != nil {
-			res.Body.Close()
-		}
-		return nil, gensupport.WrapError(&googleapi.Error{
-			Code:   res.StatusCode,
-			Header: res.Header,
-		})
-	}
-	if err != nil {
-		return nil, err
-	}
-	defer googleapi.CloseBody(res)
-	if err := googleapi.CheckResponse(res); err != nil {
-		return nil, gensupport.WrapError(err)
-	}
-	ret := &TestIamPermissionsResponse{
-		ServerResponse: googleapi.ServerResponse{
-			Header:         res.Header,
-			HTTPStatusCode: res.StatusCode,
-		},
-	}
-	target := &ret
-	if err := gensupport.DecodeResponse(target, res); err != nil {
-		return nil, err
-	}
-	return ret, nil
-	// {
-	//   "description": "Tests a set of permissions on the given object to see which, if any, are held by the caller.",
-	//   "httpMethod": "GET",
-	//   "id": "storage.objects.testIamPermissions",
-	//   "parameterOrder": [
-	//     "bucket",
-	//     "object",
-	//     "permissions"
-	//   ],
-	//   "parameters": {
-	//     "bucket": {
-	//       "description": "Name of the bucket in which the object resides.",
-	//       "location": "path",
-	//       "required": true,
-	//       "type": "string"
-	//     },
-	//     "generation": {
-	//       "description": "If present, selects a specific revision of this object (as opposed to the latest version, the default).",
-	//       "format": "int64",
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "object": {
-	//       "description": "Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.",
-	//       "location": "path",
-	//       "required": true,
-	//       "type": "string"
-	//     },
-	//     "permissions": {
-	//       "description": "Permissions to test.",
-	//       "location": "query",
-	//       "repeated": true,
-	//       "required": true,
-	//       "type": "string"
-	//     },
-	//     "userProject": {
-	//       "description": "The project to be billed for this request. Required for Requester Pays buckets.",
-	//       "location": "query",
-	//       "type": "string"
-	//     }
-	//   },
-	//   "path": "b/{bucket}/o/{object}/iam/testPermissions",
-	//   "response": {
-	//     "$ref": "TestIamPermissionsResponse"
-	//   },
-	//   "scopes": [
-	//     "https://www.googleapis.com/auth/cloud-platform",
-	//     "https://www.googleapis.com/auth/cloud-platform.read-only",
-	//     "https://www.googleapis.com/auth/devstorage.full_control",
-	//     "https://www.googleapis.com/auth/devstorage.read_only",
-	//     "https://www.googleapis.com/auth/devstorage.read_write"
-	//   ]
-	// }
-
-}
-
-// method id "storage.objects.update":
-
-type ObjectsUpdateCall struct {
-	s          *Service
-	bucket     string
-	object     string
-	object2    *Object
-	urlParams_ gensupport.URLParams
-	ctx_       context.Context
-	header_    http.Header
-}
-
-// Update: Updates an object's metadata.
-//
-//   - bucket: Name of the bucket in which the object resides.
-//   - object: Name of the object. For information about how to URL encode
-//     object names to be path safe, see Encoding URI Path Parts.
-func (r *ObjectsService) Update(bucket string, object string, object2 *Object) *ObjectsUpdateCall {
-	c := &ObjectsUpdateCall{s: r.s, urlParams_: make(gensupport.URLParams)}
-	c.bucket = bucket
-	c.object = object
-	c.object2 = object2
-	return c
-}
-
-// Generation sets the optional parameter "generation": If present,
-// selects a specific revision of this object (as opposed to the latest
-// version, the default).
-func (c *ObjectsUpdateCall) Generation(generation int64) *ObjectsUpdateCall {
-	c.urlParams_.Set("generation", fmt.Sprint(generation))
-	return c
-}
-
-// IfGenerationMatch sets the optional parameter "ifGenerationMatch":
-// Makes the operation conditional on whether the object's current
-// generation matches the given value. Setting to 0 makes the operation
-// succeed only if there are no live versions of the object.
-func (c *ObjectsUpdateCall) IfGenerationMatch(ifGenerationMatch int64) *ObjectsUpdateCall {
-	c.urlParams_.Set("ifGenerationMatch", fmt.Sprint(ifGenerationMatch))
-	return c
-}
-
-// IfGenerationNotMatch sets the optional parameter
-// "ifGenerationNotMatch": Makes the operation conditional on whether
-// the object's current generation does not match the given value. If no
-// live object exists, the precondition fails. Setting to 0 makes the
-// operation succeed only if there is a live version of the object.
-func (c *ObjectsUpdateCall) IfGenerationNotMatch(ifGenerationNotMatch int64) *ObjectsUpdateCall {
-	c.urlParams_.Set("ifGenerationNotMatch", fmt.Sprint(ifGenerationNotMatch))
-	return c
-}
-
-// IfMetagenerationMatch sets the optional parameter
-// "ifMetagenerationMatch": Makes the operation conditional on whether
-// the object's current metageneration matches the given value.
-func (c *ObjectsUpdateCall) IfMetagenerationMatch(ifMetagenerationMatch int64) *ObjectsUpdateCall {
-	c.urlParams_.Set("ifMetagenerationMatch", fmt.Sprint(ifMetagenerationMatch))
-	return c
-}
-
-// IfMetagenerationNotMatch sets the optional parameter
-// "ifMetagenerationNotMatch": Makes the operation conditional on
-// whether the object's current metageneration does not match the given
-// value.
-func (c *ObjectsUpdateCall) IfMetagenerationNotMatch(ifMetagenerationNotMatch int64) *ObjectsUpdateCall {
-	c.urlParams_.Set("ifMetagenerationNotMatch", fmt.Sprint(ifMetagenerationNotMatch))
-	return c
-}
-
-// PredefinedAcl sets the optional parameter "predefinedAcl": Apply a
-// predefined set of access controls to this object.
-//
-// Possible values:
-//
-//	"authenticatedRead" - Object owner gets OWNER access, and
-//
-// allAuthenticatedUsers get READER access.
-//
-//	"bucketOwnerFullControl" - Object owner gets OWNER access, and
-//
-// project team owners get OWNER access.
-//
-//	"bucketOwnerRead" - Object owner gets OWNER access, and project
-//
-// team owners get READER access.
-//
-//	"private" - Object owner gets OWNER access.
-//	"projectPrivate" - Object owner gets OWNER access, and project team
-//
-// members get access according to their roles.
-//
-//	"publicRead" - Object owner gets OWNER access, and allUsers get
-//
-// READER access.
-func (c *ObjectsUpdateCall) PredefinedAcl(predefinedAcl string) *ObjectsUpdateCall {
-	c.urlParams_.Set("predefinedAcl", predefinedAcl)
-	return c
-}
-
-// Projection sets the optional parameter "projection": Set of
-// properties to return. Defaults to full.
-//
-// Possible values:
-//
-//	"full" - Include all properties.
-//	"noAcl" - Omit the owner, acl property.
-func (c *ObjectsUpdateCall) Projection(projection string) *ObjectsUpdateCall {
-	c.urlParams_.Set("projection", projection)
-	return c
-}
-
-// UserProject sets the optional parameter "userProject": The project to
-// be billed for this request. Required for Requester Pays buckets.
-func (c *ObjectsUpdateCall) UserProject(userProject string) *ObjectsUpdateCall {
-	c.urlParams_.Set("userProject", userProject)
-	return c
-}
-
-// Fields allows partial responses to be retrieved. See
-// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
-// for more information.
-func (c *ObjectsUpdateCall) Fields(s ...googleapi.Field) *ObjectsUpdateCall {
-	c.urlParams_.Set("fields", googleapi.CombineFields(s))
-	return c
-}
-
-// Context sets the context to be used in this call's Do method. Any
-// pending HTTP request will be aborted if the provided context is
-// canceled.
-func (c *ObjectsUpdateCall) Context(ctx context.Context) *ObjectsUpdateCall {
-	c.ctx_ = ctx
-	return c
-}
-
-// Header returns an http.Header that can be modified by the caller to
-// add HTTP headers to the request.
-func (c *ObjectsUpdateCall) Header() http.Header {
-	if c.header_ == nil {
-		c.header_ = make(http.Header)
-	}
-	return c.header_
-}
-
-func (c *ObjectsUpdateCall) doRequest(alt string) (*http.Response, error) {
-	reqHeaders := make(http.Header)
-	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
-	for k, v := range c.header_ {
-		reqHeaders[k] = v
-	}
-	reqHeaders.Set("User-Agent", c.s.userAgent())
-	var body io.Reader = nil
-	body, err := googleapi.WithoutDataWrapper.JSONReader(c.object2)
-	if err != nil {
-		return nil, err
-	}
-	reqHeaders.Set("Content-Type", "application/json")
-	c.urlParams_.Set("alt", alt)
-	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "b/{bucket}/o/{object}")
-	urls += "?" + c.urlParams_.Encode()
-	req, err := http.NewRequest("PUT", urls, body)
-	if err != nil {
-		return nil, err
-	}
-	req.Header = reqHeaders
-	googleapi.Expand(req.URL, map[string]string{
-		"bucket": c.bucket,
-		"object": c.object,
-	})
-	return gensupport.SendRequest(c.ctx_, c.s.client, req)
-}
-
-// Do executes the "storage.objects.update" call.
-// Exactly one of *Object or error will be non-nil. Any non-2xx status
-// code is an error. Response headers are in either
-// *Object.ServerResponse.Header or (if a response was returned at all)
-// in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to
-// check whether the returned error was because http.StatusNotModified
-// was returned.
-func (c *ObjectsUpdateCall) Do(opts ...googleapi.CallOption) (*Object, error) {
-	gensupport.SetOptions(c.urlParams_, opts...)
-	res, err := c.doRequest("json")
-	if res != nil && res.StatusCode == http.StatusNotModified {
-		if res.Body != nil {
-			res.Body.Close()
-		}
-		return nil, gensupport.WrapError(&googleapi.Error{
-			Code:   res.StatusCode,
-			Header: res.Header,
-		})
-	}
-	if err != nil {
-		return nil, err
-	}
-	defer googleapi.CloseBody(res)
-	if err := googleapi.CheckResponse(res); err != nil {
-		return nil, gensupport.WrapError(err)
-	}
-	ret := &Object{
-		ServerResponse: googleapi.ServerResponse{
-			Header:         res.Header,
-			HTTPStatusCode: res.StatusCode,
-		},
-	}
-	target := &ret
-	if err := gensupport.DecodeResponse(target, res); err != nil {
-		return nil, err
-	}
-	return ret, nil
-	// {
-	//   "description": "Updates an object's metadata.",
-	//   "httpMethod": "PUT",
-	//   "id": "storage.objects.update",
-	//   "parameterOrder": [
-	//     "bucket",
-	//     "object"
-	//   ],
-	//   "parameters": {
-	//     "bucket": {
-	//       "description": "Name of the bucket in which the object resides.",
-	//       "location": "path",
-	//       "required": true,
-	//       "type": "string"
-	//     },
-	//     "generation": {
-	//       "description": "If present, selects a specific revision of this object (as opposed to the latest version, the default).",
-	//       "format": "int64",
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "ifGenerationMatch": {
-	//       "description": "Makes the operation conditional on whether the object's current generation matches the given value. Setting to 0 makes the operation succeed only if there are no live versions of the object.",
-	//       "format": "int64",
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "ifGenerationNotMatch": {
-	//       "description": "Makes the operation conditional on whether the object's current generation does not match the given value. If no live object exists, the precondition fails. Setting to 0 makes the operation succeed only if there is a live version of the object.",
-	//       "format": "int64",
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "ifMetagenerationMatch": {
-	//       "description": "Makes the operation conditional on whether the object's current metageneration matches the given value.",
-	//       "format": "int64",
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "ifMetagenerationNotMatch": {
-	//       "description": "Makes the operation conditional on whether the object's current metageneration does not match the given value.",
-	//       "format": "int64",
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "object": {
-	//       "description": "Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.",
-	//       "location": "path",
-	//       "required": true,
-	//       "type": "string"
-	//     },
-	//     "predefinedAcl": {
-	//       "description": "Apply a predefined set of access controls to this object.",
-	//       "enum": [
-	//         "authenticatedRead",
-	//         "bucketOwnerFullControl",
-	//         "bucketOwnerRead",
-	//         "private",
-	//         "projectPrivate",
-	//         "publicRead"
-	//       ],
-	//       "enumDescriptions": [
-	//         "Object owner gets OWNER access, and allAuthenticatedUsers get READER access.",
-	//         "Object owner gets OWNER access, and project team owners get OWNER access.",
-	//         "Object owner gets OWNER access, and project team owners get READER access.",
-	//         "Object owner gets OWNER access.",
-	//         "Object owner gets OWNER access, and project team members get access according to their roles.",
-	//         "Object owner gets OWNER access, and allUsers get READER access."
-	//       ],
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "projection": {
-	//       "description": "Set of properties to return. Defaults to full.",
-	//       "enum": [
-	//         "full",
-	//         "noAcl"
-	//       ],
-	//       "enumDescriptions": [
-	//         "Include all properties.",
-	//         "Omit the owner, acl property."
-	//       ],
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "userProject": {
-	//       "description": "The project to be billed for this request. Required for Requester Pays buckets.",
-	//       "location": "query",
-	//       "type": "string"
-	//     }
-	//   },
-	//   "path": "b/{bucket}/o/{object}",
-	//   "request": {
-	//     "$ref": "Object"
-	//   },
-	//   "response": {
-	//     "$ref": "Object"
-	//   },
-	//   "scopes": [
-	//     "https://www.googleapis.com/auth/cloud-platform",
-	//     "https://www.googleapis.com/auth/devstorage.full_control"
-	//   ]
-	// }
-
-}
-
-// method id "storage.objects.watchAll":
-
-type ObjectsWatchAllCall struct {
-	s          *Service
-	bucket     string
-	channel    *Channel
-	urlParams_ gensupport.URLParams
-	ctx_       context.Context
-	header_    http.Header
-}
-
-// WatchAll: Watch for changes on all objects in a bucket.
-//
-// - bucket: Name of the bucket in which to look for objects.
-func (r *ObjectsService) WatchAll(bucket string, channel *Channel) *ObjectsWatchAllCall {
-	c := &ObjectsWatchAllCall{s: r.s, urlParams_: make(gensupport.URLParams)}
-	c.bucket = bucket
-	c.channel = channel
-	return c
-}
-
-// Delimiter sets the optional parameter "delimiter": Returns results in
-// a directory-like mode. items will contain only objects whose names,
-// aside from the prefix, do not contain delimiter. Objects whose names,
-// aside from the prefix, contain delimiter will have their name,
-// truncated after the delimiter, returned in prefixes. Duplicate
-// prefixes are omitted.
-func (c *ObjectsWatchAllCall) Delimiter(delimiter string) *ObjectsWatchAllCall {
-	c.urlParams_.Set("delimiter", delimiter)
-	return c
-}
-
-// EndOffset sets the optional parameter "endOffset": Filter results to
-// objects whose names are lexicographically before endOffset. If
-// startOffset is also set, the objects listed will have names between
-// startOffset (inclusive) and endOffset (exclusive).
-func (c *ObjectsWatchAllCall) EndOffset(endOffset string) *ObjectsWatchAllCall {
-	c.urlParams_.Set("endOffset", endOffset)
-	return c
-}
-
-// IncludeTrailingDelimiter sets the optional parameter
-// "includeTrailingDelimiter": If true, objects that end in exactly one
-// instance of delimiter will have their metadata included in items in
-// addition to prefixes.
-func (c *ObjectsWatchAllCall) IncludeTrailingDelimiter(includeTrailingDelimiter bool) *ObjectsWatchAllCall {
-	c.urlParams_.Set("includeTrailingDelimiter", fmt.Sprint(includeTrailingDelimiter))
-	return c
-}
-
-// MaxResults sets the optional parameter "maxResults": Maximum number
-// of items plus prefixes to return in a single page of responses. As
-// duplicate prefixes are omitted, fewer total results may be returned
-// than requested. The service will use this parameter or 1,000 items,
-// whichever is smaller.
-func (c *ObjectsWatchAllCall) MaxResults(maxResults int64) *ObjectsWatchAllCall {
-	c.urlParams_.Set("maxResults", fmt.Sprint(maxResults))
-	return c
-}
-
-// PageToken sets the optional parameter "pageToken": A
-// previously-returned page token representing part of the larger set of
-// results to view.
-func (c *ObjectsWatchAllCall) PageToken(pageToken string) *ObjectsWatchAllCall {
-	c.urlParams_.Set("pageToken", pageToken)
-	return c
-}
-
-// Prefix sets the optional parameter "prefix": Filter results to
-// objects whose names begin with this prefix.
-func (c *ObjectsWatchAllCall) Prefix(prefix string) *ObjectsWatchAllCall {
-	c.urlParams_.Set("prefix", prefix)
-	return c
-}
-
-// Projection sets the optional parameter "projection": Set of
-// properties to return. Defaults to noAcl.
-//
-// Possible values:
-//
-//	"full" - Include all properties.
-//	"noAcl" - Omit the owner, acl property.
-func (c *ObjectsWatchAllCall) Projection(projection string) *ObjectsWatchAllCall {
-	c.urlParams_.Set("projection", projection)
-	return c
-}
-
-// StartOffset sets the optional parameter "startOffset": Filter results
-// to objects whose names are lexicographically equal to or after
-// startOffset. If endOffset is also set, the objects listed will have
-// names between startOffset (inclusive) and endOffset (exclusive).
-func (c *ObjectsWatchAllCall) StartOffset(startOffset string) *ObjectsWatchAllCall {
-	c.urlParams_.Set("startOffset", startOffset)
-	return c
-}
-
-// UserProject sets the optional parameter "userProject": The project to
-// be billed for this request. Required for Requester Pays buckets.
-func (c *ObjectsWatchAllCall) UserProject(userProject string) *ObjectsWatchAllCall {
-	c.urlParams_.Set("userProject", userProject)
-	return c
-}
-
-// Versions sets the optional parameter "versions": If true, lists all
-// versions of an object as distinct results. The default is false. For
-// more information, see Object Versioning.
-func (c *ObjectsWatchAllCall) Versions(versions bool) *ObjectsWatchAllCall {
-	c.urlParams_.Set("versions", fmt.Sprint(versions))
-	return c
-}
-
-// Fields allows partial responses to be retrieved. See
-// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
-// for more information.
-func (c *ObjectsWatchAllCall) Fields(s ...googleapi.Field) *ObjectsWatchAllCall {
-	c.urlParams_.Set("fields", googleapi.CombineFields(s))
-	return c
-}
-
-// Context sets the context to be used in this call's Do method. Any
-// pending HTTP request will be aborted if the provided context is
-// canceled.
-func (c *ObjectsWatchAllCall) Context(ctx context.Context) *ObjectsWatchAllCall {
-	c.ctx_ = ctx
-	return c
-}
-
-// Header returns an http.Header that can be modified by the caller to
-// add HTTP headers to the request.
-func (c *ObjectsWatchAllCall) Header() http.Header {
-	if c.header_ == nil {
-		c.header_ = make(http.Header)
-	}
-	return c.header_
-}
-
-func (c *ObjectsWatchAllCall) doRequest(alt string) (*http.Response, error) {
-	reqHeaders := make(http.Header)
-	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
-	for k, v := range c.header_ {
-		reqHeaders[k] = v
-	}
-	reqHeaders.Set("User-Agent", c.s.userAgent())
-	var body io.Reader = nil
-	body, err := googleapi.WithoutDataWrapper.JSONReader(c.channel)
-	if err != nil {
-		return nil, err
-	}
-	reqHeaders.Set("Content-Type", "application/json")
-	c.urlParams_.Set("alt", alt)
-	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "b/{bucket}/o/watch")
-	urls += "?" + c.urlParams_.Encode()
-	req, err := http.NewRequest("POST", urls, body)
-	if err != nil {
-		return nil, err
-	}
-	req.Header = reqHeaders
-	googleapi.Expand(req.URL, map[string]string{
-		"bucket": c.bucket,
-	})
-	return gensupport.SendRequest(c.ctx_, c.s.client, req)
-}
-
-// Do executes the "storage.objects.watchAll" call.
-// Exactly one of *Channel or error will be non-nil. Any non-2xx status
-// code is an error. Response headers are in either
-// *Channel.ServerResponse.Header or (if a response was returned at all)
-// in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to
-// check whether the returned error was because http.StatusNotModified
-// was returned.
-func (c *ObjectsWatchAllCall) Do(opts ...googleapi.CallOption) (*Channel, error) {
-	gensupport.SetOptions(c.urlParams_, opts...)
-	res, err := c.doRequest("json")
-	if res != nil && res.StatusCode == http.StatusNotModified {
-		if res.Body != nil {
-			res.Body.Close()
-		}
-		return nil, gensupport.WrapError(&googleapi.Error{
-			Code:   res.StatusCode,
-			Header: res.Header,
-		})
-	}
-	if err != nil {
-		return nil, err
-	}
-	defer googleapi.CloseBody(res)
-	if err := googleapi.CheckResponse(res); err != nil {
-		return nil, gensupport.WrapError(err)
-	}
-	ret := &Channel{
-		ServerResponse: googleapi.ServerResponse{
-			Header:         res.Header,
-			HTTPStatusCode: res.StatusCode,
-		},
-	}
-	target := &ret
-	if err := gensupport.DecodeResponse(target, res); err != nil {
-		return nil, err
-	}
-	return ret, nil
-	// {
-	//   "description": "Watch for changes on all objects in a bucket.",
-	//   "httpMethod": "POST",
-	//   "id": "storage.objects.watchAll",
-	//   "parameterOrder": [
-	//     "bucket"
-	//   ],
-	//   "parameters": {
-	//     "bucket": {
-	//       "description": "Name of the bucket in which to look for objects.",
-	//       "location": "path",
-	//       "required": true,
-	//       "type": "string"
-	//     },
-	//     "delimiter": {
-	//       "description": "Returns results in a directory-like mode. items will contain only objects whose names, aside from the prefix, do not contain delimiter. Objects whose names, aside from the prefix, contain delimiter will have their name, truncated after the delimiter, returned in prefixes. Duplicate prefixes are omitted.",
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "endOffset": {
-	//       "description": "Filter results to objects whose names are lexicographically before endOffset. If startOffset is also set, the objects listed will have names between startOffset (inclusive) and endOffset (exclusive).",
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "includeTrailingDelimiter": {
-	//       "description": "If true, objects that end in exactly one instance of delimiter will have their metadata included in items in addition to prefixes.",
-	//       "location": "query",
-	//       "type": "boolean"
-	//     },
-	//     "maxResults": {
-	//       "default": "1000",
-	//       "description": "Maximum number of items plus prefixes to return in a single page of responses. As duplicate prefixes are omitted, fewer total results may be returned than requested. The service will use this parameter or 1,000 items, whichever is smaller.",
-	//       "format": "uint32",
-	//       "location": "query",
-	//       "minimum": "0",
-	//       "type": "integer"
-	//     },
-	//     "pageToken": {
-	//       "description": "A previously-returned page token representing part of the larger set of results to view.",
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "prefix": {
-	//       "description": "Filter results to objects whose names begin with this prefix.",
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "projection": {
-	//       "description": "Set of properties to return. Defaults to noAcl.",
-	//       "enum": [
-	//         "full",
-	//         "noAcl"
-	//       ],
-	//       "enumDescriptions": [
-	//         "Include all properties.",
-	//         "Omit the owner, acl property."
-	//       ],
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "startOffset": {
-	//       "description": "Filter results to objects whose names are lexicographically equal to or after startOffset. If endOffset is also set, the objects listed will have names between startOffset (inclusive) and endOffset (exclusive).",
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "userProject": {
-	//       "description": "The project to be billed for this request. Required for Requester Pays buckets.",
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "versions": {
-	//       "description": "If true, lists all versions of an object as distinct results. The default is false. For more information, see Object Versioning.",
-	//       "location": "query",
-	//       "type": "boolean"
-	//     }
-	//   },
-	//   "path": "b/{bucket}/o/watch",
-	//   "request": {
-	//     "$ref": "Channel",
-	//     "parameterName": "resource"
-	//   },
-	//   "response": {
-	//     "$ref": "Channel"
-	//   },
-	//   "scopes": [
-	//     "https://www.googleapis.com/auth/cloud-platform",
-	//     "https://www.googleapis.com/auth/cloud-platform.read-only",
-	//     "https://www.googleapis.com/auth/devstorage.full_control",
-	//     "https://www.googleapis.com/auth/devstorage.read_only",
-	//     "https://www.googleapis.com/auth/devstorage.read_write"
-	//   ],
-	//   "supportsSubscription": true
-	// }
-
-}
-
-// method id "storage.projects.hmacKeys.create":
-
-type ProjectsHmacKeysCreateCall struct {
-	s          *Service
-	projectId  string
-	urlParams_ gensupport.URLParams
-	ctx_       context.Context
-	header_    http.Header
-}
-
-// Create: Creates a new HMAC key for the specified service account.
-//
-// - projectId: Project ID owning the service account.
-// - serviceAccountEmail: Email address of the service account.
-func (r *ProjectsHmacKeysService) Create(projectId string, serviceAccountEmail string) *ProjectsHmacKeysCreateCall {
-	c := &ProjectsHmacKeysCreateCall{s: r.s, urlParams_: make(gensupport.URLParams)}
-	c.projectId = projectId
-	c.urlParams_.Set("serviceAccountEmail", serviceAccountEmail)
-	return c
-}
-
-// UserProject sets the optional parameter "userProject": The project to
-// be billed for this request.
-func (c *ProjectsHmacKeysCreateCall) UserProject(userProject string) *ProjectsHmacKeysCreateCall {
-	c.urlParams_.Set("userProject", userProject)
-	return c
-}
-
-// Fields allows partial responses to be retrieved. See
-// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
-// for more information.
-func (c *ProjectsHmacKeysCreateCall) Fields(s ...googleapi.Field) *ProjectsHmacKeysCreateCall {
-	c.urlParams_.Set("fields", googleapi.CombineFields(s))
-	return c
-}
-
-// Context sets the context to be used in this call's Do method. Any
-// pending HTTP request will be aborted if the provided context is
-// canceled.
-func (c *ProjectsHmacKeysCreateCall) Context(ctx context.Context) *ProjectsHmacKeysCreateCall {
-	c.ctx_ = ctx
-	return c
-}
-
-// Header returns an http.Header that can be modified by the caller to
-// add HTTP headers to the request.
-func (c *ProjectsHmacKeysCreateCall) Header() http.Header {
-	if c.header_ == nil {
-		c.header_ = make(http.Header)
-	}
-	return c.header_
-}
-
-func (c *ProjectsHmacKeysCreateCall) doRequest(alt string) (*http.Response, error) {
-	reqHeaders := make(http.Header)
-	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
-	for k, v := range c.header_ {
-		reqHeaders[k] = v
-	}
-	reqHeaders.Set("User-Agent", c.s.userAgent())
-	var body io.Reader = nil
-	c.urlParams_.Set("alt", alt)
-	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{projectId}/hmacKeys")
-	urls += "?" + c.urlParams_.Encode()
-	req, err := http.NewRequest("POST", urls, body)
-	if err != nil {
-		return nil, err
-	}
-	req.Header = reqHeaders
-	googleapi.Expand(req.URL, map[string]string{
-		"projectId": c.projectId,
-	})
-	return gensupport.SendRequest(c.ctx_, c.s.client, req)
-}
-
-// Do executes the "storage.projects.hmacKeys.create" call.
-// Exactly one of *HmacKey or error will be non-nil. Any non-2xx status
-// code is an error. Response headers are in either
-// *HmacKey.ServerResponse.Header or (if a response was returned at all)
-// in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to
-// check whether the returned error was because http.StatusNotModified
-// was returned.
-func (c *ProjectsHmacKeysCreateCall) Do(opts ...googleapi.CallOption) (*HmacKey, error) {
-	gensupport.SetOptions(c.urlParams_, opts...)
-	res, err := c.doRequest("json")
-	if res != nil && res.StatusCode == http.StatusNotModified {
-		if res.Body != nil {
-			res.Body.Close()
-		}
-		return nil, gensupport.WrapError(&googleapi.Error{
-			Code:   res.StatusCode,
-			Header: res.Header,
-		})
-	}
-	if err != nil {
-		return nil, err
-	}
-	defer googleapi.CloseBody(res)
-	if err := googleapi.CheckResponse(res); err != nil {
-		return nil, gensupport.WrapError(err)
-	}
-	ret := &HmacKey{
-		ServerResponse: googleapi.ServerResponse{
-			Header:         res.Header,
-			HTTPStatusCode: res.StatusCode,
-		},
-	}
-	target := &ret
-	if err := gensupport.DecodeResponse(target, res); err != nil {
-		return nil, err
-	}
-	return ret, nil
-	// {
-	//   "description": "Creates a new HMAC key for the specified service account.",
-	//   "httpMethod": "POST",
-	//   "id": "storage.projects.hmacKeys.create",
-	//   "parameterOrder": [
-	//     "projectId",
-	//     "serviceAccountEmail"
-	//   ],
-	//   "parameters": {
-	//     "projectId": {
-	//       "description": "Project ID owning the service account.",
-	//       "location": "path",
-	//       "required": true,
-	//       "type": "string"
-	//     },
-	//     "serviceAccountEmail": {
-	//       "description": "Email address of the service account.",
-	//       "location": "query",
-	//       "required": true,
-	//       "type": "string"
-	//     },
-	//     "userProject": {
-	//       "description": "The project to be billed for this request.",
-	//       "location": "query",
-	//       "type": "string"
-	//     }
-	//   },
-	//   "path": "projects/{projectId}/hmacKeys",
-	//   "response": {
-	//     "$ref": "HmacKey"
-	//   },
-	//   "scopes": [
-	//     "https://www.googleapis.com/auth/cloud-platform",
-	//     "https://www.googleapis.com/auth/devstorage.full_control"
-	//   ]
-	// }
-
-}
-
-// method id "storage.projects.hmacKeys.delete":
-
-type ProjectsHmacKeysDeleteCall struct {
-	s          *Service
-	projectId  string
-	accessId   string
-	urlParams_ gensupport.URLParams
-	ctx_       context.Context
-	header_    http.Header
-}
-
-// Delete: Deletes an HMAC key.
-//
-// - accessId: Name of the HMAC key to be deleted.
-// - projectId: Project ID owning the requested key.
-func (r *ProjectsHmacKeysService) Delete(projectId string, accessId string) *ProjectsHmacKeysDeleteCall {
-	c := &ProjectsHmacKeysDeleteCall{s: r.s, urlParams_: make(gensupport.URLParams)}
-	c.projectId = projectId
-	c.accessId = accessId
-	return c
-}
-
-// UserProject sets the optional parameter "userProject": The project to
-// be billed for this request.
-func (c *ProjectsHmacKeysDeleteCall) UserProject(userProject string) *ProjectsHmacKeysDeleteCall {
-	c.urlParams_.Set("userProject", userProject)
-	return c
-}
-
-// Fields allows partial responses to be retrieved. See
-// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
-// for more information.
-func (c *ProjectsHmacKeysDeleteCall) Fields(s ...googleapi.Field) *ProjectsHmacKeysDeleteCall {
-	c.urlParams_.Set("fields", googleapi.CombineFields(s))
-	return c
-}
-
-// Context sets the context to be used in this call's Do method. Any
-// pending HTTP request will be aborted if the provided context is
-// canceled.
-func (c *ProjectsHmacKeysDeleteCall) Context(ctx context.Context) *ProjectsHmacKeysDeleteCall {
-	c.ctx_ = ctx
-	return c
-}
-
-// Header returns an http.Header that can be modified by the caller to
-// add HTTP headers to the request.
-func (c *ProjectsHmacKeysDeleteCall) Header() http.Header {
-	if c.header_ == nil {
-		c.header_ = make(http.Header)
-	}
-	return c.header_
-}
-
-func (c *ProjectsHmacKeysDeleteCall) doRequest(alt string) (*http.Response, error) {
-	reqHeaders := make(http.Header)
-	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
-	for k, v := range c.header_ {
-		reqHeaders[k] = v
-	}
-	reqHeaders.Set("User-Agent", c.s.userAgent())
-	var body io.Reader = nil
-	c.urlParams_.Set("alt", alt)
-	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{projectId}/hmacKeys/{accessId}")
-	urls += "?" + c.urlParams_.Encode()
-	req, err := http.NewRequest("DELETE", urls, body)
-	if err != nil {
-		return nil, err
-	}
-	req.Header = reqHeaders
-	googleapi.Expand(req.URL, map[string]string{
-		"projectId": c.projectId,
-		"accessId":  c.accessId,
-	})
-	return gensupport.SendRequest(c.ctx_, c.s.client, req)
-}
-
-// Do executes the "storage.projects.hmacKeys.delete" call.
-func (c *ProjectsHmacKeysDeleteCall) Do(opts ...googleapi.CallOption) error {
-	gensupport.SetOptions(c.urlParams_, opts...)
-	res, err := c.doRequest("json")
-	if err != nil {
-		return err
-	}
-	defer googleapi.CloseBody(res)
-	if err := googleapi.CheckResponse(res); err != nil {
-		return gensupport.WrapError(err)
-	}
-	return nil
-	// {
-	//   "description": "Deletes an HMAC key.",
-	//   "httpMethod": "DELETE",
-	//   "id": "storage.projects.hmacKeys.delete",
-	//   "parameterOrder": [
-	//     "projectId",
-	//     "accessId"
-	//   ],
-	//   "parameters": {
-	//     "accessId": {
-	//       "description": "Name of the HMAC key to be deleted.",
-	//       "location": "path",
-	//       "required": true,
-	//       "type": "string"
-	//     },
-	//     "projectId": {
-	//       "description": "Project ID owning the requested key",
-	//       "location": "path",
-	//       "required": true,
-	//       "type": "string"
-	//     },
-	//     "userProject": {
-	//       "description": "The project to be billed for this request.",
-	//       "location": "query",
-	//       "type": "string"
-	//     }
-	//   },
-	//   "path": "projects/{projectId}/hmacKeys/{accessId}",
-	//   "scopes": [
-	//     "https://www.googleapis.com/auth/cloud-platform",
-	//     "https://www.googleapis.com/auth/devstorage.full_control",
-	//     "https://www.googleapis.com/auth/devstorage.read_write"
-	//   ]
-	// }
-
-}
-
-// method id "storage.projects.hmacKeys.get":
-
-type ProjectsHmacKeysGetCall struct {
-	s            *Service
-	projectId    string
-	accessId     string
-	urlParams_   gensupport.URLParams
-	ifNoneMatch_ string
-	ctx_         context.Context
-	header_      http.Header
-}
-
-// Get: Retrieves an HMAC key's metadata
-//
-//   - accessId: Name of the HMAC key.
-//   - projectId: Project ID owning the service account of the requested
-//     key.
-func (r *ProjectsHmacKeysService) Get(projectId string, accessId string) *ProjectsHmacKeysGetCall {
-	c := &ProjectsHmacKeysGetCall{s: r.s, urlParams_: make(gensupport.URLParams)}
-	c.projectId = projectId
-	c.accessId = accessId
-	return c
-}
-
-// UserProject sets the optional parameter "userProject": The project to
-// be billed for this request.
-func (c *ProjectsHmacKeysGetCall) UserProject(userProject string) *ProjectsHmacKeysGetCall {
-	c.urlParams_.Set("userProject", userProject)
-	return c
-}
-
-// Fields allows partial responses to be retrieved. See
-// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
-// for more information.
-func (c *ProjectsHmacKeysGetCall) Fields(s ...googleapi.Field) *ProjectsHmacKeysGetCall {
-	c.urlParams_.Set("fields", googleapi.CombineFields(s))
-	return c
-}
-
-// IfNoneMatch sets the optional parameter which makes the operation
-// fail if the object's ETag matches the given value. This is useful for
-// getting updates only after the object has changed since the last
-// request. Use googleapi.IsNotModified to check whether the response
-// error from Do is the result of In-None-Match.
-func (c *ProjectsHmacKeysGetCall) IfNoneMatch(entityTag string) *ProjectsHmacKeysGetCall {
-	c.ifNoneMatch_ = entityTag
-	return c
-}
-
-// Context sets the context to be used in this call's Do method. Any
-// pending HTTP request will be aborted if the provided context is
-// canceled.
-func (c *ProjectsHmacKeysGetCall) Context(ctx context.Context) *ProjectsHmacKeysGetCall {
-	c.ctx_ = ctx
-	return c
-}
-
-// Header returns an http.Header that can be modified by the caller to
-// add HTTP headers to the request.
-func (c *ProjectsHmacKeysGetCall) Header() http.Header {
-	if c.header_ == nil {
-		c.header_ = make(http.Header)
-	}
-	return c.header_
-}
-
-func (c *ProjectsHmacKeysGetCall) doRequest(alt string) (*http.Response, error) {
-	reqHeaders := make(http.Header)
-	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
-	for k, v := range c.header_ {
-		reqHeaders[k] = v
-	}
-	reqHeaders.Set("User-Agent", c.s.userAgent())
-	if c.ifNoneMatch_ != "" {
-		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
-	}
-	var body io.Reader = nil
-	c.urlParams_.Set("alt", alt)
-	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{projectId}/hmacKeys/{accessId}")
-	urls += "?" + c.urlParams_.Encode()
-	req, err := http.NewRequest("GET", urls, body)
-	if err != nil {
-		return nil, err
-	}
-	req.Header = reqHeaders
-	googleapi.Expand(req.URL, map[string]string{
-		"projectId": c.projectId,
-		"accessId":  c.accessId,
-	})
-	return gensupport.SendRequest(c.ctx_, c.s.client, req)
-}
-
-// Do executes the "storage.projects.hmacKeys.get" call.
-// Exactly one of *HmacKeyMetadata or error will be non-nil. Any non-2xx
-// status code is an error. Response headers are in either
-// *HmacKeyMetadata.ServerResponse.Header or (if a response was returned
-// at all) in error.(*googleapi.Error).Header. Use
-// googleapi.IsNotModified to check whether the returned error was
-// because http.StatusNotModified was returned.
-func (c *ProjectsHmacKeysGetCall) Do(opts ...googleapi.CallOption) (*HmacKeyMetadata, error) {
-	gensupport.SetOptions(c.urlParams_, opts...)
-	res, err := c.doRequest("json")
-	if res != nil && res.StatusCode == http.StatusNotModified {
-		if res.Body != nil {
-			res.Body.Close()
-		}
-		return nil, gensupport.WrapError(&googleapi.Error{
-			Code:   res.StatusCode,
-			Header: res.Header,
-		})
-	}
-	if err != nil {
-		return nil, err
-	}
-	defer googleapi.CloseBody(res)
-	if err := googleapi.CheckResponse(res); err != nil {
-		return nil, gensupport.WrapError(err)
-	}
-	ret := &HmacKeyMetadata{
-		ServerResponse: googleapi.ServerResponse{
-			Header:         res.Header,
-			HTTPStatusCode: res.StatusCode,
-		},
-	}
-	target := &ret
-	if err := gensupport.DecodeResponse(target, res); err != nil {
-		return nil, err
-	}
-	return ret, nil
-	// {
-	//   "description": "Retrieves an HMAC key's metadata",
-	//   "httpMethod": "GET",
-	//   "id": "storage.projects.hmacKeys.get",
-	//   "parameterOrder": [
-	//     "projectId",
-	//     "accessId"
-	//   ],
-	//   "parameters": {
-	//     "accessId": {
-	//       "description": "Name of the HMAC key.",
-	//       "location": "path",
-	//       "required": true,
-	//       "type": "string"
-	//     },
-	//     "projectId": {
-	//       "description": "Project ID owning the service account of the requested key.",
-	//       "location": "path",
-	//       "required": true,
-	//       "type": "string"
-	//     },
-	//     "userProject": {
-	//       "description": "The project to be billed for this request.",
-	//       "location": "query",
-	//       "type": "string"
-	//     }
-	//   },
-	//   "path": "projects/{projectId}/hmacKeys/{accessId}",
-	//   "response": {
-	//     "$ref": "HmacKeyMetadata"
-	//   },
-	//   "scopes": [
-	//     "https://www.googleapis.com/auth/cloud-platform",
-	//     "https://www.googleapis.com/auth/cloud-platform.read-only",
-	//     "https://www.googleapis.com/auth/devstorage.full_control",
-	//     "https://www.googleapis.com/auth/devstorage.read_only"
-	//   ]
-	// }
-
-}
-
-// method id "storage.projects.hmacKeys.list":
-
-type ProjectsHmacKeysListCall struct {
-	s            *Service
-	projectId    string
-	urlParams_   gensupport.URLParams
-	ifNoneMatch_ string
-	ctx_         context.Context
-	header_      http.Header
-}
-
-// List: Retrieves a list of HMAC keys matching the criteria.
-//
-// - projectId: Name of the project in which to look for HMAC keys.
-func (r *ProjectsHmacKeysService) List(projectId string) *ProjectsHmacKeysListCall {
-	c := &ProjectsHmacKeysListCall{s: r.s, urlParams_: make(gensupport.URLParams)}
-	c.projectId = projectId
-	return c
-}
-
-// MaxResults sets the optional parameter "maxResults": Maximum number
-// of items to return in a single page of responses. The service uses
-// this parameter or 250 items, whichever is smaller. The max number of
-// items per page will also be limited by the number of distinct service
-// accounts in the response. If the number of service accounts in a
-// single response is too high, the page will truncated and a next page
-// token will be returned.
-func (c *ProjectsHmacKeysListCall) MaxResults(maxResults int64) *ProjectsHmacKeysListCall {
-	c.urlParams_.Set("maxResults", fmt.Sprint(maxResults))
-	return c
-}
-
-// PageToken sets the optional parameter "pageToken": A
-// previously-returned page token representing part of the larger set of
-// results to view.
-func (c *ProjectsHmacKeysListCall) PageToken(pageToken string) *ProjectsHmacKeysListCall {
-	c.urlParams_.Set("pageToken", pageToken)
-	return c
-}
-
-// ServiceAccountEmail sets the optional parameter
-// "serviceAccountEmail": If present, only keys for the given service
-// account are returned.
-func (c *ProjectsHmacKeysListCall) ServiceAccountEmail(serviceAccountEmail string) *ProjectsHmacKeysListCall {
-	c.urlParams_.Set("serviceAccountEmail", serviceAccountEmail)
-	return c
-}
-
-// ShowDeletedKeys sets the optional parameter "showDeletedKeys":
-// Whether or not to show keys in the DELETED state.
-func (c *ProjectsHmacKeysListCall) ShowDeletedKeys(showDeletedKeys bool) *ProjectsHmacKeysListCall {
-	c.urlParams_.Set("showDeletedKeys", fmt.Sprint(showDeletedKeys))
-	return c
-}
-
-// UserProject sets the optional parameter "userProject": The project to
-// be billed for this request.
-func (c *ProjectsHmacKeysListCall) UserProject(userProject string) *ProjectsHmacKeysListCall {
-	c.urlParams_.Set("userProject", userProject)
-	return c
-}
-
-// Fields allows partial responses to be retrieved. See
-// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
-// for more information.
-func (c *ProjectsHmacKeysListCall) Fields(s ...googleapi.Field) *ProjectsHmacKeysListCall {
-	c.urlParams_.Set("fields", googleapi.CombineFields(s))
-	return c
-}
-
-// IfNoneMatch sets the optional parameter which makes the operation
-// fail if the object's ETag matches the given value. This is useful for
-// getting updates only after the object has changed since the last
-// request. Use googleapi.IsNotModified to check whether the response
-// error from Do is the result of In-None-Match.
-func (c *ProjectsHmacKeysListCall) IfNoneMatch(entityTag string) *ProjectsHmacKeysListCall {
-	c.ifNoneMatch_ = entityTag
-	return c
-}
-
-// Context sets the context to be used in this call's Do method. Any
-// pending HTTP request will be aborted if the provided context is
-// canceled.
-func (c *ProjectsHmacKeysListCall) Context(ctx context.Context) *ProjectsHmacKeysListCall {
-	c.ctx_ = ctx
-	return c
-}
-
-// Header returns an http.Header that can be modified by the caller to
-// add HTTP headers to the request.
-func (c *ProjectsHmacKeysListCall) Header() http.Header {
-	if c.header_ == nil {
-		c.header_ = make(http.Header)
-	}
-	return c.header_
-}
-
-func (c *ProjectsHmacKeysListCall) doRequest(alt string) (*http.Response, error) {
-	reqHeaders := make(http.Header)
-	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
-	for k, v := range c.header_ {
-		reqHeaders[k] = v
-	}
-	reqHeaders.Set("User-Agent", c.s.userAgent())
-	if c.ifNoneMatch_ != "" {
-		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
-	}
-	var body io.Reader = nil
-	c.urlParams_.Set("alt", alt)
-	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{projectId}/hmacKeys")
-	urls += "?" + c.urlParams_.Encode()
-	req, err := http.NewRequest("GET", urls, body)
-	if err != nil {
-		return nil, err
-	}
-	req.Header = reqHeaders
-	googleapi.Expand(req.URL, map[string]string{
-		"projectId": c.projectId,
-	})
-	return gensupport.SendRequest(c.ctx_, c.s.client, req)
-}
-
-// Do executes the "storage.projects.hmacKeys.list" call.
-// Exactly one of *HmacKeysMetadata or error will be non-nil. Any
-// non-2xx status code is an error. Response headers are in either
-// *HmacKeysMetadata.ServerResponse.Header or (if a response was
-// returned at all) in error.(*googleapi.Error).Header. Use
-// googleapi.IsNotModified to check whether the returned error was
-// because http.StatusNotModified was returned.
-func (c *ProjectsHmacKeysListCall) Do(opts ...googleapi.CallOption) (*HmacKeysMetadata, error) {
-	gensupport.SetOptions(c.urlParams_, opts...)
-	res, err := c.doRequest("json")
-	if res != nil && res.StatusCode == http.StatusNotModified {
-		if res.Body != nil {
-			res.Body.Close()
-		}
-		return nil, gensupport.WrapError(&googleapi.Error{
-			Code:   res.StatusCode,
-			Header: res.Header,
-		})
-	}
-	if err != nil {
-		return nil, err
-	}
-	defer googleapi.CloseBody(res)
-	if err := googleapi.CheckResponse(res); err != nil {
-		return nil, gensupport.WrapError(err)
-	}
-	ret := &HmacKeysMetadata{
-		ServerResponse: googleapi.ServerResponse{
-			Header:         res.Header,
-			HTTPStatusCode: res.StatusCode,
-		},
-	}
-	target := &ret
-	if err := gensupport.DecodeResponse(target, res); err != nil {
-		return nil, err
-	}
-	return ret, nil
-	// {
-	//   "description": "Retrieves a list of HMAC keys matching the criteria.",
-	//   "httpMethod": "GET",
-	//   "id": "storage.projects.hmacKeys.list",
-	//   "parameterOrder": [
-	//     "projectId"
-	//   ],
-	//   "parameters": {
-	//     "maxResults": {
-	//       "default": "250",
-	//       "description": "Maximum number of items to return in a single page of responses. The service uses this parameter or 250 items, whichever is smaller. The max number of items per page will also be limited by the number of distinct service accounts in the response. If the number of service accounts in a single response is too high, the page will truncated and a next page token will be returned.",
-	//       "format": "uint32",
-	//       "location": "query",
-	//       "minimum": "0",
-	//       "type": "integer"
-	//     },
-	//     "pageToken": {
-	//       "description": "A previously-returned page token representing part of the larger set of results to view.",
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "projectId": {
-	//       "description": "Name of the project in which to look for HMAC keys.",
-	//       "location": "path",
-	//       "required": true,
-	//       "type": "string"
-	//     },
-	//     "serviceAccountEmail": {
-	//       "description": "If present, only keys for the given service account are returned.",
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "showDeletedKeys": {
-	//       "description": "Whether or not to show keys in the DELETED state.",
-	//       "location": "query",
-	//       "type": "boolean"
-	//     },
-	//     "userProject": {
-	//       "description": "The project to be billed for this request.",
-	//       "location": "query",
-	//       "type": "string"
-	//     }
-	//   },
-	//   "path": "projects/{projectId}/hmacKeys",
-	//   "response": {
-	//     "$ref": "HmacKeysMetadata"
-	//   },
-	//   "scopes": [
-	//     "https://www.googleapis.com/auth/cloud-platform",
-	//     "https://www.googleapis.com/auth/cloud-platform.read-only",
-	//     "https://www.googleapis.com/auth/devstorage.full_control",
-	//     "https://www.googleapis.com/auth/devstorage.read_only"
-	//   ]
-	// }
-
-}
-
-// Pages invokes f for each page of results.
-// A non-nil error returned from f will halt the iteration.
-// The provided context supersedes any context provided to the Context method.
-func (c *ProjectsHmacKeysListCall) Pages(ctx context.Context, f func(*HmacKeysMetadata) error) error {
-	c.ctx_ = ctx
-	defer c.PageToken(c.urlParams_.Get("pageToken")) // reset paging to original point
-	for {
-		x, err := c.Do()
-		if err != nil {
-			return err
-		}
-		if err := f(x); err != nil {
-			return err
-		}
-		if x.NextPageToken == "" {
-			return nil
-		}
-		c.PageToken(x.NextPageToken)
-	}
-}
-
-// method id "storage.projects.hmacKeys.update":
-
-type ProjectsHmacKeysUpdateCall struct {
-	s               *Service
-	projectId       string
-	accessId        string
-	hmackeymetadata *HmacKeyMetadata
-	urlParams_      gensupport.URLParams
-	ctx_            context.Context
-	header_         http.Header
-}
-
-// Update: Updates the state of an HMAC key. See the HMAC Key resource
-// descriptor for valid states.
-//
-//   - accessId: Name of the HMAC key being updated.
-//   - projectId: Project ID owning the service account of the updated
-//     key.
-func (r *ProjectsHmacKeysService) Update(projectId string, accessId string, hmackeymetadata *HmacKeyMetadata) *ProjectsHmacKeysUpdateCall {
-	c := &ProjectsHmacKeysUpdateCall{s: r.s, urlParams_: make(gensupport.URLParams)}
-	c.projectId = projectId
-	c.accessId = accessId
-	c.hmackeymetadata = hmackeymetadata
-	return c
-}
-
-// UserProject sets the optional parameter "userProject": The project to
-// be billed for this request.
-func (c *ProjectsHmacKeysUpdateCall) UserProject(userProject string) *ProjectsHmacKeysUpdateCall {
-	c.urlParams_.Set("userProject", userProject)
-	return c
-}
-
-// Fields allows partial responses to be retrieved. See
-// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
-// for more information.
-func (c *ProjectsHmacKeysUpdateCall) Fields(s ...googleapi.Field) *ProjectsHmacKeysUpdateCall {
-	c.urlParams_.Set("fields", googleapi.CombineFields(s))
-	return c
-}
-
-// Context sets the context to be used in this call's Do method. Any
-// pending HTTP request will be aborted if the provided context is
-// canceled.
-func (c *ProjectsHmacKeysUpdateCall) Context(ctx context.Context) *ProjectsHmacKeysUpdateCall {
-	c.ctx_ = ctx
-	return c
-}
-
-// Header returns an http.Header that can be modified by the caller to
-// add HTTP headers to the request.
-func (c *ProjectsHmacKeysUpdateCall) Header() http.Header {
-	if c.header_ == nil {
-		c.header_ = make(http.Header)
-	}
-	return c.header_
-}
-
-func (c *ProjectsHmacKeysUpdateCall) doRequest(alt string) (*http.Response, error) {
-	reqHeaders := make(http.Header)
-	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
-	for k, v := range c.header_ {
-		reqHeaders[k] = v
-	}
-	reqHeaders.Set("User-Agent", c.s.userAgent())
-	var body io.Reader = nil
-	body, err := googleapi.WithoutDataWrapper.JSONReader(c.hmackeymetadata)
-	if err != nil {
-		return nil, err
-	}
-	reqHeaders.Set("Content-Type", "application/json")
-	c.urlParams_.Set("alt", alt)
-	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{projectId}/hmacKeys/{accessId}")
-	urls += "?" + c.urlParams_.Encode()
-	req, err := http.NewRequest("PUT", urls, body)
-	if err != nil {
-		return nil, err
-	}
-	req.Header = reqHeaders
-	googleapi.Expand(req.URL, map[string]string{
-		"projectId": c.projectId,
-		"accessId":  c.accessId,
-	})
-	return gensupport.SendRequest(c.ctx_, c.s.client, req)
-}
-
-// Do executes the "storage.projects.hmacKeys.update" call.
-// Exactly one of *HmacKeyMetadata or error will be non-nil. Any non-2xx
-// status code is an error. Response headers are in either
-// *HmacKeyMetadata.ServerResponse.Header or (if a response was returned
-// at all) in error.(*googleapi.Error).Header. Use
-// googleapi.IsNotModified to check whether the returned error was
-// because http.StatusNotModified was returned.
-func (c *ProjectsHmacKeysUpdateCall) Do(opts ...googleapi.CallOption) (*HmacKeyMetadata, error) {
-	gensupport.SetOptions(c.urlParams_, opts...)
-	res, err := c.doRequest("json")
-	if res != nil && res.StatusCode == http.StatusNotModified {
-		if res.Body != nil {
-			res.Body.Close()
-		}
-		return nil, gensupport.WrapError(&googleapi.Error{
-			Code:   res.StatusCode,
-			Header: res.Header,
-		})
-	}
-	if err != nil {
-		return nil, err
-	}
-	defer googleapi.CloseBody(res)
-	if err := googleapi.CheckResponse(res); err != nil {
-		return nil, gensupport.WrapError(err)
-	}
-	ret := &HmacKeyMetadata{
-		ServerResponse: googleapi.ServerResponse{
-			Header:         res.Header,
-			HTTPStatusCode: res.StatusCode,
-		},
-	}
-	target := &ret
-	if err := gensupport.DecodeResponse(target, res); err != nil {
-		return nil, err
-	}
-	return ret, nil
-	// {
-	//   "description": "Updates the state of an HMAC key. See the HMAC Key resource descriptor for valid states.",
-	//   "httpMethod": "PUT",
-	//   "id": "storage.projects.hmacKeys.update",
-	//   "parameterOrder": [
-	//     "projectId",
-	//     "accessId"
-	//   ],
-	//   "parameters": {
-	//     "accessId": {
-	//       "description": "Name of the HMAC key being updated.",
-	//       "location": "path",
-	//       "required": true,
-	//       "type": "string"
-	//     },
-	//     "projectId": {
-	//       "description": "Project ID owning the service account of the updated key.",
-	//       "location": "path",
-	//       "required": true,
-	//       "type": "string"
-	//     },
-	//     "userProject": {
-	//       "description": "The project to be billed for this request.",
-	//       "location": "query",
-	//       "type": "string"
-	//     }
-	//   },
-	//   "path": "projects/{projectId}/hmacKeys/{accessId}",
-	//   "request": {
-	//     "$ref": "HmacKeyMetadata"
-	//   },
-	//   "response": {
-	//     "$ref": "HmacKeyMetadata"
-	//   },
-	//   "scopes": [
-	//     "https://www.googleapis.com/auth/cloud-platform",
-	//     "https://www.googleapis.com/auth/devstorage.full_control"
-	//   ]
-	// }
-
-}
-
-// method id "storage.projects.serviceAccount.get":
-
-type ProjectsServiceAccountGetCall struct {
-	s            *Service
-	projectId    string
-	urlParams_   gensupport.URLParams
-	ifNoneMatch_ string
-	ctx_         context.Context
-	header_      http.Header
-}
-
-// Get: Get the email address of this project's Google Cloud Storage
-// service account.
-//
-// - projectId: Project ID.
-func (r *ProjectsServiceAccountService) Get(projectId string) *ProjectsServiceAccountGetCall {
-	c := &ProjectsServiceAccountGetCall{s: r.s, urlParams_: make(gensupport.URLParams)}
-	c.projectId = projectId
-	return c
-}
-
-// UserProject sets the optional parameter "userProject": The project to
-// be billed for this request.
-func (c *ProjectsServiceAccountGetCall) UserProject(userProject string) *ProjectsServiceAccountGetCall {
-	c.urlParams_.Set("userProject", userProject)
-	return c
-}
-
-// Fields allows partial responses to be retrieved. See
-// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
-// for more information.
-func (c *ProjectsServiceAccountGetCall) Fields(s ...googleapi.Field) *ProjectsServiceAccountGetCall {
-	c.urlParams_.Set("fields", googleapi.CombineFields(s))
-	return c
-}
-
-// IfNoneMatch sets the optional parameter which makes the operation
-// fail if the object's ETag matches the given value. This is useful for
-// getting updates only after the object has changed since the last
-// request. Use googleapi.IsNotModified to check whether the response
-// error from Do is the result of In-None-Match.
-func (c *ProjectsServiceAccountGetCall) IfNoneMatch(entityTag string) *ProjectsServiceAccountGetCall {
-	c.ifNoneMatch_ = entityTag
-	return c
-}
-
-// Context sets the context to be used in this call's Do method. Any
-// pending HTTP request will be aborted if the provided context is
-// canceled.
-func (c *ProjectsServiceAccountGetCall) Context(ctx context.Context) *ProjectsServiceAccountGetCall {
-	c.ctx_ = ctx
-	return c
-}
-
-// Header returns an http.Header that can be modified by the caller to
-// add HTTP headers to the request.
-func (c *ProjectsServiceAccountGetCall) Header() http.Header {
-	if c.header_ == nil {
-		c.header_ = make(http.Header)
-	}
-	return c.header_
-}
-
-func (c *ProjectsServiceAccountGetCall) doRequest(alt string) (*http.Response, error) {
-	reqHeaders := make(http.Header)
-	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
-	for k, v := range c.header_ {
-		reqHeaders[k] = v
-	}
-	reqHeaders.Set("User-Agent", c.s.userAgent())
-	if c.ifNoneMatch_ != "" {
-		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
-	}
-	var body io.Reader = nil
-	c.urlParams_.Set("alt", alt)
-	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{projectId}/serviceAccount")
-	urls += "?" + c.urlParams_.Encode()
-	req, err := http.NewRequest("GET", urls, body)
-	if err != nil {
-		return nil, err
-	}
-	req.Header = reqHeaders
-	googleapi.Expand(req.URL, map[string]string{
-		"projectId": c.projectId,
-	})
-	return gensupport.SendRequest(c.ctx_, c.s.client, req)
-}
-
-// Do executes the "storage.projects.serviceAccount.get" call.
-// Exactly one of *ServiceAccount or error will be non-nil. Any non-2xx
-// status code is an error. Response headers are in either
-// *ServiceAccount.ServerResponse.Header or (if a response was returned
-// at all) in error.(*googleapi.Error).Header. Use
-// googleapi.IsNotModified to check whether the returned error was
-// because http.StatusNotModified was returned.
-func (c *ProjectsServiceAccountGetCall) Do(opts ...googleapi.CallOption) (*ServiceAccount, error) {
-	gensupport.SetOptions(c.urlParams_, opts...)
-	res, err := c.doRequest("json")
-	if res != nil && res.StatusCode == http.StatusNotModified {
-		if res.Body != nil {
-			res.Body.Close()
-		}
-		return nil, gensupport.WrapError(&googleapi.Error{
-			Code:   res.StatusCode,
-			Header: res.Header,
-		})
-	}
-	if err != nil {
-		return nil, err
-	}
-	defer googleapi.CloseBody(res)
-	if err := googleapi.CheckResponse(res); err != nil {
-		return nil, gensupport.WrapError(err)
-	}
-	ret := &ServiceAccount{
-		ServerResponse: googleapi.ServerResponse{
-			Header:         res.Header,
-			HTTPStatusCode: res.StatusCode,
-		},
-	}
-	target := &ret
-	if err := gensupport.DecodeResponse(target, res); err != nil {
-		return nil, err
-	}
-	return ret, nil
-	// {
-	//   "description": "Get the email address of this project's Google Cloud Storage service account.",
-	//   "httpMethod": "GET",
-	//   "id": "storage.projects.serviceAccount.get",
-	//   "parameterOrder": [
-	//     "projectId"
-	//   ],
-	//   "parameters": {
-	//     "projectId": {
-	//       "description": "Project ID",
-	//       "location": "path",
-	//       "required": true,
-	//       "type": "string"
-	//     },
-	//     "userProject": {
-	//       "description": "The project to be billed for this request.",
-	//       "location": "query",
-	//       "type": "string"
-	//     }
-	//   },
-	//   "path": "projects/{projectId}/serviceAccount",
-	//   "response": {
-	//     "$ref": "ServiceAccount"
-	//   },
-	//   "scopes": [
-	//     "https://www.googleapis.com/auth/cloud-platform",
-	//     "https://www.googleapis.com/auth/cloud-platform.read-only",
-	//     "https://www.googleapis.com/auth/devstorage.full_control",
-	//     "https://www.googleapis.com/auth/devstorage.read_only",
-	//     "https://www.googleapis.com/auth/devstorage.read_write"
-	//   ]
-	// }
-
-}
diff --git a/vendor/google.golang.org/cloud/.travis.yml b/vendor/google.golang.org/cloud/.travis.yml
deleted file mode 100644
index c037df0de..000000000
--- a/vendor/google.golang.org/cloud/.travis.yml
+++ /dev/null
@@ -1,11 +0,0 @@
-sudo: false
-language: go
-go:
-- 1.4
-- 1.5
-install:
-- go get -v google.golang.org/cloud/...
-script:
-- openssl aes-256-cbc -K $encrypted_912ff8fa81ad_key -iv $encrypted_912ff8fa81ad_iv -in key.json.enc -out key.json -d
-- GCLOUD_TESTS_GOLANG_PROJECT_ID="dulcet-port-762" GCLOUD_TESTS_GOLANG_KEY="$(pwd)/key.json"
-  go test -v -tags=integration google.golang.org/cloud/...
diff --git a/vendor/google.golang.org/cloud/AUTHORS b/vendor/google.golang.org/cloud/AUTHORS
deleted file mode 100644
index 3da443dc9..000000000
--- a/vendor/google.golang.org/cloud/AUTHORS
+++ /dev/null
@@ -1,12 +0,0 @@
-# This is the official list of cloud authors for copyright purposes.
-# This file is distinct from the CONTRIBUTORS files.
-# See the latter for an explanation.
-
-# Names should be added to this file as:
-# Name or Organization <email address>
-# The email address is not required for organizations.
-
-Google Inc.
-Palm Stone Games, Inc.
-Péter Szilágyi <peterke@gmail.com>
-Tyler Treat <ttreat31@gmail.com>
diff --git a/vendor/google.golang.org/cloud/CONTRIBUTING.md b/vendor/google.golang.org/cloud/CONTRIBUTING.md
deleted file mode 100644
index 9a1cab287..000000000
--- a/vendor/google.golang.org/cloud/CONTRIBUTING.md
+++ /dev/null
@@ -1,114 +0,0 @@
-# Contributing
-
-1. Sign one of the contributor license agreements below.
-1. `go get golang.org/x/review/git-codereview` to install the code reviewing tool.
-1. Get the cloud package by running `go get -d google.golang.org/cloud`.
-    1. If you have already checked out the source, make sure that the remote git
-       origin is https://code.googlesource.com/gocloud:
-
-            git remote set-url origin https://code.googlesource.com/gocloud
-1. Make changes and create a change by running `git codereview change <name>`,
-provide a command message, and use `git codereview mail` to create a Gerrit CL.
-1. Keep amending to the change and mail as your recieve feedback.
-
-## Integration Tests
-
-Additional to the unit tests, you may run the integration test suite.
-
-To run the integrations tests, creating and configuration of a project in the
-Google Developers Console is required. Once you create a project, set the
-following environment variables to be able to run the against the actual APIs.
-
-- **GCLOUD_TESTS_GOLANG_PROJECT_ID**: Developers Console project's ID (e.g. bamboo-shift-455)
-- **GCLOUD_TESTS_GOLANG_KEY**: The path to the JSON key file.
-
-Create a storage bucket with the same name as the project id set in **GCLOUD_TESTS_GOLANG_PROJECT_ID**.
-The storage integration test will create and delete some objects in this bucket.
-
-Install the [gcloud command-line tool][gcloudcli] to your machine and use it
-to create the indexes used in the datastore integration tests with indexes
-found in `datastore/testdata/index.yaml`:
-
-From the project's root directory:
-
-``` sh
-# Install the app component
-$ gcloud components update app
-
-# Set the default project in your env
-$ gcloud config set project $GCLOUD_TESTS_GOLANG_PROJECT_ID
-
-# Authenticate the gcloud tool with your account
-$ gcloud auth login
-
-# Create the indexes
-$ gcloud preview datastore create-indexes datastore/testdata/index.yaml
-
-```
-
-You can run the integration tests by running:
-
-``` sh
-$ go test -v -tags=integration google.golang.org/cloud/...
-```
-
-## Contributor License Agreements
-
-Before we can accept your pull requests you'll need to sign a Contributor
-License Agreement (CLA):
-
-- **If you are an individual writing original source code** and **you own the
-- intellectual property**, then you'll need to sign an [individual CLA][indvcla].
-- **If you work for a company that wants to allow you to contribute your work**,
-then you'll need to sign a [corporate CLA][corpcla].
-
-You can sign these electronically (just scroll to the bottom). After that,
-we'll be able to accept your pull requests.
-
-## Contributor Code of Conduct
-
-As contributors and maintainers of this project,
-and in the interest of fostering an open and welcoming community,
-we pledge to respect all people who contribute through reporting issues,
-posting feature requests, updating documentation,
-submitting pull requests or patches, and other activities.
-
-We are committed to making participation in this project
-a harassment-free experience for everyone,
-regardless of level of experience, gender, gender identity and expression,
-sexual orientation, disability, personal appearance,
-body size, race, ethnicity, age, religion, or nationality.
-
-Examples of unacceptable behavior by participants include:
-
-* The use of sexualized language or imagery
-* Personal attacks
-* Trolling or insulting/derogatory comments
-* Public or private harassment
-* Publishing other's private information,
-such as physical or electronic
-addresses, without explicit permission
-* Other unethical or unprofessional conduct.
-
-Project maintainers have the right and responsibility to remove, edit, or reject
-comments, commits, code, wiki edits, issues, and other contributions
-that are not aligned to this Code of Conduct.
-By adopting this Code of Conduct,
-project maintainers commit themselves to fairly and consistently
-applying these principles to every aspect of managing this project.
-Project maintainers who do not follow or enforce the Code of Conduct
-may be permanently removed from the project team.
-
-This code of conduct applies both within project spaces and in public spaces
-when an individual is representing the project or its community.
-
-Instances of abusive, harassing, or otherwise unacceptable behavior
-may be reported by opening an issue
-or contacting one or more of the project maintainers.
-
-This Code of Conduct is adapted from the [Contributor Covenant](http://contributor-covenant.org), version 1.2.0,
-available at [http://contributor-covenant.org/version/1/2/0/](http://contributor-covenant.org/version/1/2/0/)
-
-[gcloudcli]: https://developers.google.com/cloud/sdk/gcloud/
-[indvcla]: https://developers.google.com/open-source/cla/individual
-[corpcla]: https://developers.google.com/open-source/cla/corporate
diff --git a/vendor/google.golang.org/cloud/CONTRIBUTORS b/vendor/google.golang.org/cloud/CONTRIBUTORS
deleted file mode 100644
index 475ac6a66..000000000
--- a/vendor/google.golang.org/cloud/CONTRIBUTORS
+++ /dev/null
@@ -1,24 +0,0 @@
-# People who have agreed to one of the CLAs and can contribute patches.
-# The AUTHORS file lists the copyright holders; this file
-# lists people.  For example, Google employees are listed here
-# but not in AUTHORS, because Google holds the copyright.
-#
-# https://developers.google.com/open-source/cla/individual
-# https://developers.google.com/open-source/cla/corporate
-#
-# Names should be added to this file as:
-#     Name <email address>
-
-# Keep the list alphabetically sorted.
-
-Andrew Gerrand <adg@golang.org>
-Brad Fitzpatrick <bradfitz@golang.org>
-Burcu Dogan <jbd@google.com>
-Dave Day <djd@golang.org>
-David Symonds <dsymonds@golang.org>
-Glenn Lewis <gmlewis@google.com>
-Johan Euphrosine <proppy@google.com>
-Luna Duclos <luna.duclos@palmstonegames.com>
-Michael McGreevy <mcgreevy@golang.org>
-Péter Szilágyi <peterke@gmail.com>
-Tyler Treat <ttreat31@gmail.com>
diff --git a/vendor/google.golang.org/cloud/LICENSE b/vendor/google.golang.org/cloud/LICENSE
deleted file mode 100644
index a4c5efd82..000000000
--- a/vendor/google.golang.org/cloud/LICENSE
+++ /dev/null
@@ -1,202 +0,0 @@
-
-                                 Apache License
-                           Version 2.0, January 2004
-                        http://www.apache.org/licenses/
-
-   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
-
-   1. Definitions.
-
-      "License" shall mean the terms and conditions for use, reproduction,
-      and distribution as defined by Sections 1 through 9 of this document.
-
-      "Licensor" shall mean the copyright owner or entity authorized by
-      the copyright owner that is granting the License.
-
-      "Legal Entity" shall mean the union of the acting entity and all
-      other entities that control, are controlled by, or are under common
-      control with that entity. For the purposes of this definition,
-      "control" means (i) the power, direct or indirect, to cause the
-      direction or management of such entity, whether by contract or
-      otherwise, or (ii) ownership of fifty percent (50%) or more of the
-      outstanding shares, or (iii) beneficial ownership of such entity.
-
-      "You" (or "Your") shall mean an individual or Legal Entity
-      exercising permissions granted by this License.
-
-      "Source" form shall mean the preferred form for making modifications,
-      including but not limited to software source code, documentation
-      source, and configuration files.
-
-      "Object" form shall mean any form resulting from mechanical
-      transformation or translation of a Source form, including but
-      not limited to compiled object code, generated documentation,
-      and conversions to other media types.
-
-      "Work" shall mean the work of authorship, whether in Source or
-      Object form, made available under the License, as indicated by a
-      copyright notice that is included in or attached to the work
-      (an example is provided in the Appendix below).
-
-      "Derivative Works" shall mean any work, whether in Source or Object
-      form, that is based on (or derived from) the Work and for which the
-      editorial revisions, annotations, elaborations, or other modifications
-      represent, as a whole, an original work of authorship. For the purposes
-      of this License, Derivative Works shall not include works that remain
-      separable from, or merely link (or bind by name) to the interfaces of,
-      the Work and Derivative Works thereof.
-
-      "Contribution" shall mean any work of authorship, including
-      the original version of the Work and any modifications or additions
-      to that Work or Derivative Works thereof, that is intentionally
-      submitted to Licensor for inclusion in the Work by the copyright owner
-      or by an individual or Legal Entity authorized to submit on behalf of
-      the copyright owner. For the purposes of this definition, "submitted"
-      means any form of electronic, verbal, or written communication sent
-      to the Licensor or its representatives, including but not limited to
-      communication on electronic mailing lists, source code control systems,
-      and issue tracking systems that are managed by, or on behalf of, the
-      Licensor for the purpose of discussing and improving the Work, but
-      excluding communication that is conspicuously marked or otherwise
-      designated in writing by the copyright owner as "Not a Contribution."
-
-      "Contributor" shall mean Licensor and any individual or Legal Entity
-      on behalf of whom a Contribution has been received by Licensor and
-      subsequently incorporated within the Work.
-
-   2. Grant of Copyright License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      copyright license to reproduce, prepare Derivative Works of,
-      publicly display, publicly perform, sublicense, and distribute the
-      Work and such Derivative Works in Source or Object form.
-
-   3. Grant of Patent License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      (except as stated in this section) patent license to make, have made,
-      use, offer to sell, sell, import, and otherwise transfer the Work,
-      where such license applies only to those patent claims licensable
-      by such Contributor that are necessarily infringed by their
-      Contribution(s) alone or by combination of their Contribution(s)
-      with the Work to which such Contribution(s) was submitted. If You
-      institute patent litigation against any entity (including a
-      cross-claim or counterclaim in a lawsuit) alleging that the Work
-      or a Contribution incorporated within the Work constitutes direct
-      or contributory patent infringement, then any patent licenses
-      granted to You under this License for that Work shall terminate
-      as of the date such litigation is filed.
-
-   4. Redistribution. You may reproduce and distribute copies of the
-      Work or Derivative Works thereof in any medium, with or without
-      modifications, and in Source or Object form, provided that You
-      meet the following conditions:
-
-      (a) You must give any other recipients of the Work or
-          Derivative Works a copy of this License; and
-
-      (b) You must cause any modified files to carry prominent notices
-          stating that You changed the files; and
-
-      (c) You must retain, in the Source form of any Derivative Works
-          that You distribute, all copyright, patent, trademark, and
-          attribution notices from the Source form of the Work,
-          excluding those notices that do not pertain to any part of
-          the Derivative Works; and
-
-      (d) If the Work includes a "NOTICE" text file as part of its
-          distribution, then any Derivative Works that You distribute must
-          include a readable copy of the attribution notices contained
-          within such NOTICE file, excluding those notices that do not
-          pertain to any part of the Derivative Works, in at least one
-          of the following places: within a NOTICE text file distributed
-          as part of the Derivative Works; within the Source form or
-          documentation, if provided along with the Derivative Works; or,
-          within a display generated by the Derivative Works, if and
-          wherever such third-party notices normally appear. The contents
-          of the NOTICE file are for informational purposes only and
-          do not modify the License. You may add Your own attribution
-          notices within Derivative Works that You distribute, alongside
-          or as an addendum to the NOTICE text from the Work, provided
-          that such additional attribution notices cannot be construed
-          as modifying the License.
-
-      You may add Your own copyright statement to Your modifications and
-      may provide additional or different license terms and conditions
-      for use, reproduction, or distribution of Your modifications, or
-      for any such Derivative Works as a whole, provided Your use,
-      reproduction, and distribution of the Work otherwise complies with
-      the conditions stated in this License.
-
-   5. Submission of Contributions. Unless You explicitly state otherwise,
-      any Contribution intentionally submitted for inclusion in the Work
-      by You to the Licensor shall be under the terms and conditions of
-      this License, without any additional terms or conditions.
-      Notwithstanding the above, nothing herein shall supersede or modify
-      the terms of any separate license agreement you may have executed
-      with Licensor regarding such Contributions.
-
-   6. Trademarks. This License does not grant permission to use the trade
-      names, trademarks, service marks, or product names of the Licensor,
-      except as required for reasonable and customary use in describing the
-      origin of the Work and reproducing the content of the NOTICE file.
-
-   7. Disclaimer of Warranty. Unless required by applicable law or
-      agreed to in writing, Licensor provides the Work (and each
-      Contributor provides its Contributions) on an "AS IS" BASIS,
-      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
-      implied, including, without limitation, any warranties or conditions
-      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
-      PARTICULAR PURPOSE. You are solely responsible for determining the
-      appropriateness of using or redistributing the Work and assume any
-      risks associated with Your exercise of permissions under this License.
-
-   8. Limitation of Liability. In no event and under no legal theory,
-      whether in tort (including negligence), contract, or otherwise,
-      unless required by applicable law (such as deliberate and grossly
-      negligent acts) or agreed to in writing, shall any Contributor be
-      liable to You for damages, including any direct, indirect, special,
-      incidental, or consequential damages of any character arising as a
-      result of this License or out of the use or inability to use the
-      Work (including but not limited to damages for loss of goodwill,
-      work stoppage, computer failure or malfunction, or any and all
-      other commercial damages or losses), even if such Contributor
-      has been advised of the possibility of such damages.
-
-   9. Accepting Warranty or Additional Liability. While redistributing
-      the Work or Derivative Works thereof, You may choose to offer,
-      and charge a fee for, acceptance of support, warranty, indemnity,
-      or other liability obligations and/or rights consistent with this
-      License. However, in accepting such obligations, You may act only
-      on Your own behalf and on Your sole responsibility, not on behalf
-      of any other Contributor, and only if You agree to indemnify,
-      defend, and hold each Contributor harmless for any liability
-      incurred by, or claims asserted against, such Contributor by reason
-      of your accepting any such warranty or additional liability.
-
-   END OF TERMS AND CONDITIONS
-
-   APPENDIX: How to apply the Apache License to your work.
-
-      To apply the Apache License to your work, attach the following
-      boilerplate notice, with the fields enclosed by brackets "[]"
-      replaced with your own identifying information. (Don't include
-      the brackets!)  The text should be enclosed in the appropriate
-      comment syntax for the file format. We also recommend that a
-      file or class name and description of purpose be included on the
-      same "printed page" as the copyright notice for easier
-      identification within third-party archives.
-
-   Copyright 2014 Google Inc.
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
diff --git a/vendor/google.golang.org/cloud/README.md b/vendor/google.golang.org/cloud/README.md
deleted file mode 100644
index 10d3995d5..000000000
--- a/vendor/google.golang.org/cloud/README.md
+++ /dev/null
@@ -1,135 +0,0 @@
-# Google Cloud for Go
-
-[![Build Status](https://travis-ci.org/GoogleCloudPlatform/gcloud-golang.svg?branch=master)](https://travis-ci.org/GoogleCloudPlatform/gcloud-golang)
-
-**NOTE:** These packages are experimental, and may occasionally make
-backwards-incompatible changes.
-
-**NOTE:** Github repo is a mirror of [https://code.googlesource.com/gocloud](https://code.googlesource.com/gocloud).
-
-Go packages for Google Cloud Platform services. Supported APIs include:
-
- * Google Cloud Datastore
- * Google Cloud Storage
- * Google Cloud Pub/Sub
- * Google Cloud Container Engine
-
-``` go
-import "google.golang.org/cloud"
-```
-
-Documentation and examples are available at
-[https://godoc.org/google.golang.org/cloud](https://godoc.org/google.golang.org/cloud).
-
-## Authorization
-
-Authorization, throughout the package, is delegated to the godoc.org/golang.org/x/oauth2.
-Refer to the [godoc documentation](https://godoc.org/golang.org/x/oauth2)
-for examples on using oauth2 with the Cloud package.
-
-## Google Cloud Datastore
-
-[Google Cloud Datastore][cloud-datastore] ([docs][cloud-datastore-docs]) is a fully
-managed, schemaless database for storing non-relational data. Cloud Datastore
-automatically scales with your users and supports ACID transactions, high availability
-of reads and writes, strong consistency for reads and ancestor queries, and eventual
-consistency for all other queries.
-
-Follow the [activation instructions][cloud-datastore-activation] to use the Google
-Cloud Datastore API with your project.
-
-[https://godoc.org/google.golang.org/cloud/datastore](https://godoc.org/google.golang.org/cloud/datastore)
-
-
-```go
-type Post struct {
-	Title       string
-	Body        string `datastore:",noindex"`
-	PublishedAt time.Time
-}
-keys := []*datastore.Key{
-	datastore.NewKey(ctx, "Post", "post1", 0, nil),
-	datastore.NewKey(ctx, "Post", "post2", 0, nil),
-}
-posts := []*Post{
-	{Title: "Post 1", Body: "...", PublishedAt: time.Now()},
-	{Title: "Post 2", Body: "...", PublishedAt: time.Now()},
-}
-if _, err := datastore.PutMulti(ctx, keys, posts); err != nil {
-	log.Println(err)
-}
-```
-
-## Google Cloud Storage
-
-[Google Cloud Storage][cloud-storage] ([docs][cloud-storage-docs]) allows you to store
-data on Google infrastructure with very high reliability, performance and availability,
-and can be used to distribute large data objects to users via direct download.
-
-[https://godoc.org/google.golang.org/cloud/storage](https://godoc.org/google.golang.org/cloud/storage)
-
-
-```go
-// Read the object1 from bucket.
-rc, err := storage.NewReader(ctx, "bucket", "object1")
-if err != nil {
-	log.Fatal(err)
-}
-slurp, err := ioutil.ReadAll(rc)
-rc.Close()
-if err != nil {
-	log.Fatal(err)
-}
-```
-
-## Google Cloud Pub/Sub (Alpha)
-
-> Google Cloud Pub/Sub is in **Alpha status**. As a result, it might change in
-> backward-incompatible ways and is not recommended for production use. It is not
-> subject to any SLA or deprecation policy.
-
-[Google Cloud Pub/Sub][cloud-pubsub] ([docs][cloud-pubsub-docs]) allows you to connect
-your services with reliable, many-to-many, asynchronous messaging hosted on Google's
-infrastructure. Cloud Pub/Sub automatically scales as you need it and provides a foundation
-for building your own robust, global services.
-
-[https://godoc.org/google.golang.org/cloud/pubsub](https://godoc.org/google.golang.org/cloud/pubsub)
-
-
-```go
-// Publish "hello world" on topic1.
-msgIDs, err := pubsub.Publish(ctx, "topic1", &pubsub.Message{
-	Data: []byte("hello world"),
-})
-if err != nil {
-	log.Println(err)
-}
-// Pull messages via subscription1.
-msgs, err := pubsub.Pull(ctx, "subscription1", 1)
-if err != nil {
-	log.Println(err)
-}
-```
-
-## Contributing
-
-Contributions are welcome. Please, see the
-[CONTRIBUTING](https://github.com/GoogleCloudPlatform/gcloud-golang/blob/master/CONTRIBUTING.md)
-document for details. We're using Gerrit for our code reviews. Please don't open pull
-requests against this repo, new pull requests will be automatically closed.
-
-Please note that this project is released with a Contributor Code of Conduct.
-By participating in this project you agree to abide by its terms.
-See [Contributor Code of Conduct](https://github.com/GoogleCloudPlatform/gcloud-golang/blob/master/CONTRIBUTING.md#contributor-code-of-conduct)
-for more information.
-
-[cloud-datastore]: https://cloud.google.com/datastore/
-[cloud-datastore-docs]: https://cloud.google.com/datastore/docs
-[cloud-datastore-activation]: https://cloud.google.com/datastore/docs/activate
-
-[cloud-pubsub]: https://cloud.google.com/pubsub/
-[cloud-pubsub-docs]: https://cloud.google.com/pubsub/docs
-
-[cloud-storage]: https://cloud.google.com/storage/
-[cloud-storage-docs]: https://cloud.google.com/storage/docs/overview
-[cloud-storage-create-bucket]: https://cloud.google.com/storage/docs/cloud-console#_creatingbuckets
diff --git a/vendor/google.golang.org/cloud/cloud.go b/vendor/google.golang.org/cloud/cloud.go
deleted file mode 100644
index 96d36baf2..000000000
--- a/vendor/google.golang.org/cloud/cloud.go
+++ /dev/null
@@ -1,49 +0,0 @@
-// Copyright 2014 Google Inc. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-// Package cloud contains Google Cloud Platform APIs related types
-// and common functions.
-package cloud // import "google.golang.org/cloud"
-
-import (
-	"net/http"
-
-	"golang.org/x/net/context"
-	"google.golang.org/cloud/internal"
-)
-
-// NewContext returns a new context that uses the provided http.Client.
-// Provided http.Client is responsible to authorize and authenticate
-// the requests made to the Google Cloud APIs.
-// It mutates the client's original Transport to append the cloud
-// package's user-agent to the outgoing requests.
-// You can obtain the project ID from the Google Developers Console,
-// https://console.developers.google.com.
-func NewContext(projID string, c *http.Client) context.Context {
-	if c == nil {
-		panic("invalid nil *http.Client passed to NewContext")
-	}
-	return WithContext(context.Background(), projID, c)
-}
-
-// WithContext returns a new context in a similar way NewContext does,
-// but initiates the new context with the specified parent.
-func WithContext(parent context.Context, projID string, c *http.Client) context.Context {
-	// TODO(bradfitz): delete internal.Transport. It's too wrappy for what it does.
-	// Do User-Agent some other way.
-	if _, ok := c.Transport.(*internal.Transport); !ok {
-		c.Transport = &internal.Transport{Base: c.Transport}
-	}
-	return internal.WithContext(parent, projID, c)
-}
diff --git a/vendor/google.golang.org/cloud/internal/cloud.go b/vendor/google.golang.org/cloud/internal/cloud.go
deleted file mode 100644
index 8b0db1b5d..000000000
--- a/vendor/google.golang.org/cloud/internal/cloud.go
+++ /dev/null
@@ -1,128 +0,0 @@
-// Copyright 2014 Google Inc. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-// Package internal provides support for the cloud packages.
-//
-// Users should not import this package directly.
-package internal
-
-import (
-	"fmt"
-	"net/http"
-	"sync"
-
-	"golang.org/x/net/context"
-)
-
-type contextKey struct{}
-
-func WithContext(parent context.Context, projID string, c *http.Client) context.Context {
-	if c == nil {
-		panic("nil *http.Client passed to WithContext")
-	}
-	if projID == "" {
-		panic("empty project ID passed to WithContext")
-	}
-	return context.WithValue(parent, contextKey{}, &cloudContext{
-		ProjectID:  projID,
-		HTTPClient: c,
-	})
-}
-
-const userAgent = "gcloud-golang/0.1"
-
-type cloudContext struct {
-	ProjectID  string
-	HTTPClient *http.Client
-
-	mu  sync.Mutex             // guards svc
-	svc map[string]interface{} // e.g. "storage" => *rawStorage.Service
-}
-
-// Service returns the result of the fill function if it's never been
-// called before for the given name (which is assumed to be an API
-// service name, like "datastore"). If it has already been cached, the fill
-// func is not run.
-// It's safe for concurrent use by multiple goroutines.
-func Service(ctx context.Context, name string, fill func(*http.Client) interface{}) interface{} {
-	return cc(ctx).service(name, fill)
-}
-
-func (c *cloudContext) service(name string, fill func(*http.Client) interface{}) interface{} {
-	c.mu.Lock()
-	defer c.mu.Unlock()
-
-	if c.svc == nil {
-		c.svc = make(map[string]interface{})
-	} else if v, ok := c.svc[name]; ok {
-		return v
-	}
-	v := fill(c.HTTPClient)
-	c.svc[name] = v
-	return v
-}
-
-// Transport is an http.RoundTripper that appends
-// Google Cloud client's user-agent to the original
-// request's user-agent header.
-type Transport struct {
-	// Base represents the actual http.RoundTripper
-	// the requests will be delegated to.
-	Base http.RoundTripper
-}
-
-// RoundTrip appends a user-agent to the existing user-agent
-// header and delegates the request to the base http.RoundTripper.
-func (t *Transport) RoundTrip(req *http.Request) (*http.Response, error) {
-	req = cloneRequest(req)
-	ua := req.Header.Get("User-Agent")
-	if ua == "" {
-		ua = userAgent
-	} else {
-		ua = fmt.Sprintf("%s %s", ua, userAgent)
-	}
-	req.Header.Set("User-Agent", ua)
-	return t.Base.RoundTrip(req)
-}
-
-// cloneRequest returns a clone of the provided *http.Request.
-// The clone is a shallow copy of the struct and its Header map.
-func cloneRequest(r *http.Request) *http.Request {
-	// shallow copy of the struct
-	r2 := new(http.Request)
-	*r2 = *r
-	// deep copy of the Header
-	r2.Header = make(http.Header)
-	for k, s := range r.Header {
-		r2.Header[k] = s
-	}
-	return r2
-}
-
-func ProjID(ctx context.Context) string {
-	return cc(ctx).ProjectID
-}
-
-func HTTPClient(ctx context.Context) *http.Client {
-	return cc(ctx).HTTPClient
-}
-
-// cc returns the internal *cloudContext (cc) state for a context.Context.
-// It panics if the user did it wrong.
-func cc(ctx context.Context) *cloudContext {
-	if c, ok := ctx.Value(contextKey{}).(*cloudContext); ok {
-		return c
-	}
-	panic("invalid context.Context type; it should be created with cloud.NewContext")
-}
diff --git a/vendor/google.golang.org/cloud/internal/opts/option.go b/vendor/google.golang.org/cloud/internal/opts/option.go
deleted file mode 100644
index c5ccf4f56..000000000
--- a/vendor/google.golang.org/cloud/internal/opts/option.go
+++ /dev/null
@@ -1,24 +0,0 @@
-// Package opts holds the DialOpts struct, configurable by
-// cloud.ClientOptions to set up transports for cloud packages.
-//
-// This is a separate page to prevent cycles between the core
-// cloud packages.
-package opts
-
-import (
-	"net/http"
-
-	"golang.org/x/oauth2"
-	"google.golang.org/grpc"
-)
-
-type DialOpt struct {
-	Endpoint  string
-	Scopes    []string
-	UserAgent string
-
-	TokenSource oauth2.TokenSource
-
-	HTTPClient *http.Client
-	GRPCClient *grpc.ClientConn
-}
diff --git a/vendor/google.golang.org/cloud/key.json.enc b/vendor/google.golang.org/cloud/key.json.enc
deleted file mode 100644
index 2f673a84b143c71c53fb2b1619a9c96f48ce1f54..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 1248
zcmV<61Rwj0Zv%9Mm*y(^-mW4!3RUy2jtHzDzqBac1!ANM5s{p;?JXvx&2>S>?&XkF
zbPIGkWM>T~87d^b%*>nJaAymr5U<`@59@t~4JOftxQT!nX^@`S7|o~~O+Q#D(Tea<
z0C6)A8SLE!<U$mE5v{iLO78DQzW1PMy_sw8IKl*4VFHTaQ~6vTBbkb4;hxzPp`-M)
z{UwL5M4Zb-AfxIrSn&+*iAkk@NEWee;JtjaAQ(QeIh*b7|JmZ(HeU_7k)dT`E5Xo_
zZW+Or5loy~JnD=nrIT0NOvnegUW)j7UK}S2W0%U=;N}xgf}Ogtjk6i!AJUUH3vi0t
z__Cy5f?&WWO!y;|d45&LlyLv_@c$_xF_4GQ0P{bqO!D_iSI`wRM;(dN!3MZXbcw^T
zUM_SQl2mb7^xe|dkZ5MLK2Q3WAOpk?<F|g!9PQ1&e$vX?58eM(%trgOqeyclhc3xv
zbH+-TX5JmM+$mm%M#UDw<*4L~8y<(s!y^4E!!v`5oN?#+86^p;e@&v=KP7!8Mduf7
zVk!@Mq(J%7+-~I}jzgC0nkJG<Im_D?_^5iO9N}3e;KFnf-r>UVU{sAQSPn29g38Y+
z<mAQnTTEhT&&qQB+8KQ=;;U;=r4QrG<7yk)VpOpeKb?k}H9i;Q1?MboL`gZF$i>rV
zh6d*@2I!vcc;^lf(cQ?Pz?3Ffe`floQ4ON~yPjBX#2YS)8P-#1)~jzFmH>!#k_@6*
z?Pa|=)iAO~EZEsyQPlyI@pPP|aa_}tTnzQ9mri9C=?}A^Int5dTDS)n9ga#mJv#L$
zBY9m{rCPaM=sSjZ=a3+0`3^E(t4n8bT_bUS3Mp<JmCCrI0vlYkubl^e>JWBpL&r6h
zJ%Xct#s$ZR(jRC3mjD0TPMY@#rsSEiCtk*Ko=v>Mh-?797)&q4y~SHHepsfE9xmSg
z4n8vqb#TmGqZ<!KGl^n5XZ-<{Pk4oy#rW?>t~l>S+M!&90~(5}z8lX}09MudKf5L=
zoQ7bN;+9yVdn_4$#-W-8a=%bwPC+qYzuI##;8LEi@-?!OqX9i;E%3&xZZ$lC!UKW0
ztI@XV?CzcLtFjWGYQ%v+Iu!2ou0&QhpI8MI0hRO^CO&sfNGho0#)!##9qVZs+e^Zn
zAM>BcIsA(NAq5bM;1+QtF)fOjm;*qDcL^dv{jdk9uv>HE?a0GDBGXJLK#`lp-e;&o
zjd}Qxu}rQ6d00k>F=`7~Y;Mfbj8Q+q+Lx(1k8^~qCv<H+7awIWwl3@e0Smzycmiur
zIp8p60E4KW!H=37LFtp%2T5E%nC>}{{z!kzo5=@e_E)7uoUE+8Hx*1ZStR~&B#Pa~
zJSQQ9U3v>5>e$B4bX1m8ykOK;!Ca5JLSVI-<Wle>@PG=TTEUyz&H?6DLda~RTskwU
z2NgP9h<51tLqz{r-|_ZmG$PUnKo>?$aw(m&R_rgQ%+~6fzd4b~_8Q{JATzF`8UL*a
zx%$Q*4uJL|74$eDw`n>9I1NL&1U~&?N&_!HUB@zp?uwL$D6`!7m4f{o_+fh{>s7&^
z`UClq@1IQ8yiYQ{rh=X+;)yZS@p`NPA$jn#OuY5sSx#Z>MroeKFfb+uaa7p&G)VRN
Kkn>IvykJ$=6K6R9

diff --git a/vendor/google.golang.org/cloud/option.go b/vendor/google.golang.org/cloud/option.go
deleted file mode 100644
index d4a5aea29..000000000
--- a/vendor/google.golang.org/cloud/option.go
+++ /dev/null
@@ -1,100 +0,0 @@
-// Copyright 2015 Google Inc. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package cloud
-
-import (
-	"net/http"
-
-	"golang.org/x/oauth2"
-	"google.golang.org/cloud/internal/opts"
-	"google.golang.org/grpc"
-)
-
-// ClientOption is used when construct clients for each cloud service.
-type ClientOption interface {
-	// Resolve configures the given DialOpts for this option.
-	Resolve(*opts.DialOpt)
-}
-
-// WithTokenSource returns a ClientOption that specifies an OAuth2 token
-// source to be used as the basis for authentication.
-func WithTokenSource(s oauth2.TokenSource) ClientOption {
-	return withTokenSource{s}
-}
-
-type withTokenSource struct{ ts oauth2.TokenSource }
-
-func (w withTokenSource) Resolve(o *opts.DialOpt) {
-	o.TokenSource = w.ts
-}
-
-// WithEndpoint returns a ClientOption that overrides the default endpoint
-// to be used for a service.
-func WithEndpoint(url string) ClientOption {
-	return withEndpoint(url)
-}
-
-type withEndpoint string
-
-func (w withEndpoint) Resolve(o *opts.DialOpt) {
-	o.Endpoint = string(w)
-}
-
-// WithScopes returns a ClientOption that overrides the default OAuth2 scopes
-// to be used for a service.
-func WithScopes(scope ...string) ClientOption {
-	return withScopes(scope)
-}
-
-type withScopes []string
-
-func (w withScopes) Resolve(o *opts.DialOpt) {
-	o.Scopes = []string(w)
-}
-
-// WithUserAgent returns a ClientOption that sets the User-Agent.
-func WithUserAgent(ua string) ClientOption {
-	return withUA(ua)
-}
-
-type withUA string
-
-func (w withUA) Resolve(o *opts.DialOpt) { o.UserAgent = string(w) }
-
-// WithBaseHTTP returns a ClientOption that specifies the HTTP client to
-// use as the basis of communications. This option may only be used with
-// services that support HTTP as their communication transport.
-func WithBaseHTTP(client *http.Client) ClientOption {
-	return withBaseHTTP{client}
-}
-
-type withBaseHTTP struct{ client *http.Client }
-
-func (w withBaseHTTP) Resolve(o *opts.DialOpt) {
-	o.HTTPClient = w.client
-}
-
-// WithBaseGRPC returns a ClientOption that specifies the GRPC client
-// connection to use as the basis of communications. This option many only be
-// used with services that support HRPC as their communication transport.
-func WithBaseGRPC(client *grpc.ClientConn) ClientOption {
-	return withBaseGRPC{client}
-}
-
-type withBaseGRPC struct{ client *grpc.ClientConn }
-
-func (w withBaseGRPC) Resolve(o *opts.DialOpt) {
-	o.GRPCClient = w.client
-}
diff --git a/vendor/google.golang.org/cloud/storage/acl.go b/vendor/google.golang.org/cloud/storage/acl.go
deleted file mode 100644
index 71c5800a8..000000000
--- a/vendor/google.golang.org/cloud/storage/acl.go
+++ /dev/null
@@ -1,176 +0,0 @@
-// Copyright 2014 Google Inc. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package storage
-
-import (
-	"fmt"
-
-	"golang.org/x/net/context"
-	raw "google.golang.org/api/storage/v1"
-)
-
-// ACLRole is the the access permission for the entity.
-type ACLRole string
-
-const (
-	RoleOwner  ACLRole = "OWNER"
-	RoleReader ACLRole = "READER"
-)
-
-// ACLEntity is an entity holding an ACL permission.
-//
-// It could be in the form of:
-// "user-<userId>", "user-<email>","group-<groupId>", "group-<email>",
-// "domain-<domain>" and "project-team-<projectId>".
-//
-// Or one of the predefined constants: AllUsers, AllAuthenticatedUsers.
-type ACLEntity string
-
-const (
-	AllUsers              ACLEntity = "allUsers"
-	AllAuthenticatedUsers ACLEntity = "allAuthenticatedUsers"
-)
-
-// ACLRule represents an access control list rule entry for a Google Cloud Storage object or bucket.
-// A bucket is a Google Cloud Storage container whose name is globally unique and contains zero or
-// more objects.  An object is a blob of data that is stored in a bucket.
-type ACLRule struct {
-	// Entity identifies the entity holding the current rule's permissions.
-	Entity ACLEntity
-
-	// Role is the the access permission for the entity.
-	Role ACLRole
-}
-
-// DefaultACL returns the default object ACL entries for the named bucket.
-func DefaultACL(ctx context.Context, bucket string) ([]ACLRule, error) {
-	acls, err := rawService(ctx).DefaultObjectAccessControls.List(bucket).Context(ctx).Do()
-	if err != nil {
-		return nil, fmt.Errorf("storage: error listing default object ACL for bucket %q: %v", bucket, err)
-	}
-	r := make([]ACLRule, 0, len(acls.Items))
-	for _, v := range acls.Items {
-		if m, ok := v.(map[string]interface{}); ok {
-			entity, ok1 := m["entity"].(string)
-			role, ok2 := m["role"].(string)
-			if ok1 && ok2 {
-				r = append(r, ACLRule{Entity: ACLEntity(entity), Role: ACLRole(role)})
-			}
-		}
-	}
-	return r, nil
-}
-
-// PutDefaultACLRule saves the named default object ACL entity with the provided role for the named bucket.
-func PutDefaultACLRule(ctx context.Context, bucket string, entity ACLEntity, role ACLRole) error {
-	acl := &raw.ObjectAccessControl{
-		Bucket: bucket,
-		Entity: string(entity),
-		Role:   string(role),
-	}
-	_, err := rawService(ctx).DefaultObjectAccessControls.Update(bucket, string(entity), acl).Context(ctx).Do()
-	if err != nil {
-		return fmt.Errorf("storage: error updating default ACL rule for bucket %q, entity %q: %v", bucket, entity, err)
-	}
-	return nil
-}
-
-// DeleteDefaultACLRule deletes the named default ACL entity for the named bucket.
-func DeleteDefaultACLRule(ctx context.Context, bucket string, entity ACLEntity) error {
-	err := rawService(ctx).DefaultObjectAccessControls.Delete(bucket, string(entity)).Context(ctx).Do()
-	if err != nil {
-		return fmt.Errorf("storage: error deleting default ACL rule for bucket %q, entity %q: %v", bucket, entity, err)
-	}
-	return nil
-}
-
-// BucketACL returns the ACL entries for the named bucket.
-func BucketACL(ctx context.Context, bucket string) ([]ACLRule, error) {
-	acls, err := rawService(ctx).BucketAccessControls.List(bucket).Context(ctx).Do()
-	if err != nil {
-		return nil, fmt.Errorf("storage: error listing bucket ACL for bucket %q: %v", bucket, err)
-	}
-	r := make([]ACLRule, len(acls.Items))
-	for i, v := range acls.Items {
-		r[i].Entity = ACLEntity(v.Entity)
-		r[i].Role = ACLRole(v.Role)
-	}
-	return r, nil
-}
-
-// PutBucketACLRule saves the named ACL entity with the provided role for the named bucket.
-func PutBucketACLRule(ctx context.Context, bucket string, entity ACLEntity, role ACLRole) error {
-	acl := &raw.BucketAccessControl{
-		Bucket: bucket,
-		Entity: string(entity),
-		Role:   string(role),
-	}
-	_, err := rawService(ctx).BucketAccessControls.Update(bucket, string(entity), acl).Context(ctx).Do()
-	if err != nil {
-		return fmt.Errorf("storage: error updating bucket ACL rule for bucket %q, entity %q: %v", bucket, entity, err)
-	}
-	return nil
-}
-
-// DeleteBucketACLRule deletes the named ACL entity for the named bucket.
-func DeleteBucketACLRule(ctx context.Context, bucket string, entity ACLEntity) error {
-	err := rawService(ctx).BucketAccessControls.Delete(bucket, string(entity)).Context(ctx).Do()
-	if err != nil {
-		return fmt.Errorf("storage: error deleting bucket ACL rule for bucket %q, entity %q: %v", bucket, entity, err)
-	}
-	return nil
-}
-
-// ACL returns the ACL entries for the named object.
-func ACL(ctx context.Context, bucket, object string) ([]ACLRule, error) {
-	acls, err := rawService(ctx).ObjectAccessControls.List(bucket, object).Context(ctx).Do()
-	if err != nil {
-		return nil, fmt.Errorf("storage: error listing object ACL for bucket %q, file %q: %v", bucket, object, err)
-	}
-	r := make([]ACLRule, 0, len(acls.Items))
-	for _, v := range acls.Items {
-		if m, ok := v.(map[string]interface{}); ok {
-			entity, ok1 := m["entity"].(string)
-			role, ok2 := m["role"].(string)
-			if ok1 && ok2 {
-				r = append(r, ACLRule{Entity: ACLEntity(entity), Role: ACLRole(role)})
-			}
-		}
-	}
-	return r, nil
-}
-
-// PutACLRule saves the named ACL entity with the provided role for the named object.
-func PutACLRule(ctx context.Context, bucket, object string, entity ACLEntity, role ACLRole) error {
-	acl := &raw.ObjectAccessControl{
-		Bucket: bucket,
-		Entity: string(entity),
-		Role:   string(role),
-	}
-	_, err := rawService(ctx).ObjectAccessControls.Update(bucket, object, string(entity), acl).Context(ctx).Do()
-	if err != nil {
-		return fmt.Errorf("storage: error updating object ACL rule for bucket %q, file %q, entity %q: %v", bucket, object, entity, err)
-	}
-	return nil
-}
-
-// DeleteACLRule deletes the named ACL entity for the named object.
-func DeleteACLRule(ctx context.Context, bucket, object string, entity ACLEntity) error {
-	err := rawService(ctx).ObjectAccessControls.Delete(bucket, object, string(entity)).Context(ctx).Do()
-	if err != nil {
-		return fmt.Errorf("storage: error deleting object ACL rule for bucket %q, file %q, entity %q: %v", bucket, object, entity, err)
-	}
-	return nil
-}
diff --git a/vendor/google.golang.org/cloud/storage/storage.go b/vendor/google.golang.org/cloud/storage/storage.go
deleted file mode 100644
index 8aa70ff42..000000000
--- a/vendor/google.golang.org/cloud/storage/storage.go
+++ /dev/null
@@ -1,350 +0,0 @@
-// Copyright 2014 Google Inc. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-// Package storage contains a Google Cloud Storage client.
-//
-// This package is experimental and may make backwards-incompatible changes.
-package storage // import "google.golang.org/cloud/storage"
-
-import (
-	"crypto"
-	"crypto/rand"
-	"crypto/rsa"
-	"crypto/sha256"
-	"crypto/x509"
-	"encoding/base64"
-	"encoding/pem"
-	"errors"
-	"fmt"
-	"io"
-	"net/http"
-	"net/url"
-	"strings"
-	"time"
-
-	"google.golang.org/cloud/internal"
-
-	"golang.org/x/net/context"
-	"google.golang.org/api/googleapi"
-	raw "google.golang.org/api/storage/v1"
-)
-
-var (
-	ErrBucketNotExist = errors.New("storage: bucket doesn't exist")
-	ErrObjectNotExist = errors.New("storage: object doesn't exist")
-)
-
-const (
-	// ScopeFullControl grants permissions to manage your
-	// data and permissions in Google Cloud Storage.
-	ScopeFullControl = raw.DevstorageFullControlScope
-
-	// ScopeReadOnly grants permissions to
-	// view your data in Google Cloud Storage.
-	ScopeReadOnly = raw.DevstorageReadOnlyScope
-
-	// ScopeReadWrite grants permissions to manage your
-	// data in Google Cloud Storage.
-	ScopeReadWrite = raw.DevstorageReadWriteScope
-)
-
-// TODO(jbd): Add storage.buckets.list.
-// TODO(jbd): Add storage.buckets.insert.
-// TODO(jbd): Add storage.buckets.update.
-// TODO(jbd): Add storage.buckets.delete.
-
-// TODO(jbd): Add storage.objects.watch.
-
-// BucketInfo returns the metadata for the specified bucket.
-func BucketInfo(ctx context.Context, name string) (*Bucket, error) {
-	resp, err := rawService(ctx).Buckets.Get(name).Projection("full").Context(ctx).Do()
-	if e, ok := err.(*googleapi.Error); ok && e.Code == http.StatusNotFound {
-		return nil, ErrBucketNotExist
-	}
-	if err != nil {
-		return nil, err
-	}
-	return newBucket(resp), nil
-}
-
-// ListObjects lists objects from the bucket. You can specify a query
-// to filter the results. If q is nil, no filtering is applied.
-func ListObjects(ctx context.Context, bucket string, q *Query) (*Objects, error) {
-	c := rawService(ctx).Objects.List(bucket)
-	c.Projection("full")
-	if q != nil {
-		c.Delimiter(q.Delimiter)
-		c.Prefix(q.Prefix)
-		c.Versions(q.Versions)
-		c.PageToken(q.Cursor)
-		if q.MaxResults > 0 {
-			c.MaxResults(int64(q.MaxResults))
-		}
-	}
-	resp, err := c.Context(ctx).Do()
-	if err != nil {
-		return nil, err
-	}
-	objects := &Objects{
-		Results:  make([]*Object, len(resp.Items)),
-		Prefixes: make([]string, len(resp.Prefixes)),
-	}
-	for i, item := range resp.Items {
-		objects.Results[i] = newObject(item)
-	}
-	for i, prefix := range resp.Prefixes {
-		objects.Prefixes[i] = prefix
-	}
-	if resp.NextPageToken != "" {
-		next := Query{}
-		if q != nil {
-			// keep the other filtering
-			// criteria if there is a query
-			next = *q
-		}
-		next.Cursor = resp.NextPageToken
-		objects.Next = &next
-	}
-	return objects, nil
-}
-
-// SignedURLOptions allows you to restrict the access to the signed URL.
-type SignedURLOptions struct {
-	// GoogleAccessID represents the authorizer of the signed URL generation.
-	// It is typically the Google service account client email address from
-	// the Google Developers Console in the form of "xxx@developer.gserviceaccount.com".
-	// Required.
-	GoogleAccessID string
-
-	// PrivateKey is the Google service account private key. It is obtainable
-	// from the Google Developers Console.
-	// At https://console.developers.google.com/project/<your-project-id>/apiui/credential,
-	// create a service account client ID or reuse one of your existing service account
-	// credentials. Click on the "Generate new P12 key" to generate and download
-	// a new private key. Once you download the P12 file, use the following command
-	// to convert it into a PEM file.
-	//
-	//    $ openssl pkcs12 -in key.p12 -passin pass:notasecret -out key.pem -nodes
-	//
-	// Provide the contents of the PEM file as a byte slice.
-	// Required.
-	PrivateKey []byte
-
-	// Method is the HTTP method to be used with the signed URL.
-	// Signed URLs can be used with GET, HEAD, PUT, and DELETE requests.
-	// Required.
-	Method string
-
-	// Expires is the expiration time on the signed URL. It must be
-	// a datetime in the future.
-	// Required.
-	Expires time.Time
-
-	// ContentType is the content type header the client must provide
-	// to use the generated signed URL.
-	// Optional.
-	ContentType string
-
-	// Headers is a list of extention headers the client must provide
-	// in order to use the generated signed URL.
-	// Optional.
-	Headers []string
-
-	// MD5 is the base64 encoded MD5 checksum of the file.
-	// If provided, the client should provide the exact value on the request
-	// header in order to use the signed URL.
-	// Optional.
-	MD5 []byte
-}
-
-// SignedURL returns a URL for the specified object. Signed URLs allow
-// the users access to a restricted resource for a limited time without having a
-// Google account or signing in. For more information about the signed
-// URLs, see https://cloud.google.com/storage/docs/accesscontrol#Signed-URLs.
-func SignedURL(bucket, name string, opts *SignedURLOptions) (string, error) {
-	if opts == nil {
-		return "", errors.New("storage: missing required SignedURLOptions")
-	}
-	if opts.GoogleAccessID == "" || opts.PrivateKey == nil {
-		return "", errors.New("storage: missing required credentials to generate a signed URL")
-	}
-	if opts.Method == "" {
-		return "", errors.New("storage: missing required method option")
-	}
-	if opts.Expires.IsZero() {
-		return "", errors.New("storage: missing required expires option")
-	}
-	key, err := parseKey(opts.PrivateKey)
-	if err != nil {
-		return "", err
-	}
-	h := sha256.New()
-	fmt.Fprintf(h, "%s\n", opts.Method)
-	fmt.Fprintf(h, "%s\n", opts.MD5)
-	fmt.Fprintf(h, "%s\n", opts.ContentType)
-	fmt.Fprintf(h, "%d\n", opts.Expires.Unix())
-	fmt.Fprintf(h, "%s", strings.Join(opts.Headers, "\n"))
-	fmt.Fprintf(h, "/%s/%s", bucket, name)
-	b, err := rsa.SignPKCS1v15(
-		rand.Reader,
-		key,
-		crypto.SHA256,
-		h.Sum(nil),
-	)
-	if err != nil {
-		return "", err
-	}
-	encoded := base64.StdEncoding.EncodeToString(b)
-	u := &url.URL{
-		Scheme: "https",
-		Host:   "storage.googleapis.com",
-		Path:   fmt.Sprintf("/%s/%s", bucket, name),
-	}
-	q := u.Query()
-	q.Set("GoogleAccessId", opts.GoogleAccessID)
-	q.Set("Expires", fmt.Sprintf("%d", opts.Expires.Unix()))
-	q.Set("Signature", string(encoded))
-	u.RawQuery = q.Encode()
-	return u.String(), nil
-}
-
-// StatObject returns meta information about the specified object.
-func StatObject(ctx context.Context, bucket, name string) (*Object, error) {
-	o, err := rawService(ctx).Objects.Get(bucket, name).Projection("full").Context(ctx).Do()
-	if e, ok := err.(*googleapi.Error); ok && e.Code == http.StatusNotFound {
-		return nil, ErrObjectNotExist
-	}
-	if err != nil {
-		return nil, err
-	}
-	return newObject(o), nil
-}
-
-// UpdateAttrs updates an object with the provided attributes.
-// All zero-value attributes are ignored.
-func UpdateAttrs(ctx context.Context, bucket, name string, attrs ObjectAttrs) (*Object, error) {
-	o, err := rawService(ctx).Objects.Patch(bucket, name, attrs.toRawObject(bucket)).Projection("full").Context(ctx).Do()
-	if e, ok := err.(*googleapi.Error); ok && e.Code == http.StatusNotFound {
-		return nil, ErrObjectNotExist
-	}
-	if err != nil {
-		return nil, err
-	}
-	return newObject(o), nil
-}
-
-// DeleteObject deletes the single specified object.
-func DeleteObject(ctx context.Context, bucket, name string) error {
-	return rawService(ctx).Objects.Delete(bucket, name).Context(ctx).Do()
-}
-
-// CopyObject copies the source object to the destination.
-// The copied object's attributes are overwritten by attrs if non-nil.
-func CopyObject(ctx context.Context, srcBucket, srcName string, destBucket, destName string, attrs *ObjectAttrs) (*Object, error) {
-	if srcBucket == "" || destBucket == "" {
-		return nil, errors.New("storage: srcBucket and destBucket must both be non-empty")
-	}
-	if srcName == "" || destName == "" {
-		return nil, errors.New("storage: srcName and destName must be non-empty")
-	}
-	var rawObject *raw.Object
-	if attrs != nil {
-		attrs.Name = destName
-		if attrs.ContentType == "" {
-			return nil, errors.New("storage: attrs.ContentType must be non-empty")
-		}
-		rawObject = attrs.toRawObject(destBucket)
-	}
-	o, err := rawService(ctx).Objects.Copy(
-		srcBucket, srcName, destBucket, destName, rawObject).Projection("full").Context(ctx).Do()
-	if err != nil {
-		return nil, err
-	}
-	return newObject(o), nil
-}
-
-// NewReader creates a new io.ReadCloser to read the contents
-// of the object.
-func NewReader(ctx context.Context, bucket, name string) (io.ReadCloser, error) {
-	hc := internal.HTTPClient(ctx)
-	u := &url.URL{
-		Scheme: "https",
-		Host:   "storage.googleapis.com",
-		Path:   fmt.Sprintf("/%s/%s", bucket, name),
-	}
-	res, err := hc.Get(u.String())
-	if err != nil {
-		return nil, err
-	}
-	if res.StatusCode == http.StatusNotFound {
-		res.Body.Close()
-		return nil, ErrObjectNotExist
-	}
-	if res.StatusCode < 200 || res.StatusCode > 299 {
-		res.Body.Close()
-		return res.Body, fmt.Errorf("storage: can't read object %v/%v, status code: %v", bucket, name, res.Status)
-	}
-	return res.Body, nil
-}
-
-// NewWriter returns a storage Writer that writes to the GCS object
-// identified by the specified name.
-// If such an object doesn't exist, it creates one.
-// Attributes can be set on the object by modifying the returned Writer's
-// ObjectAttrs field before the first call to Write. The name parameter to this
-// function is ignored if the Name field of the ObjectAttrs field is set to a
-// non-empty string.
-//
-// It is the caller's responsibility to call Close when writing is done.
-//
-// The object is not available and any previous object with the same
-// name is not replaced on Cloud Storage until Close is called.
-func NewWriter(ctx context.Context, bucket, name string) *Writer {
-	return &Writer{
-		ctx:    ctx,
-		bucket: bucket,
-		name:   name,
-		donec:  make(chan struct{}),
-	}
-}
-
-func rawService(ctx context.Context) *raw.Service {
-	return internal.Service(ctx, "storage", func(hc *http.Client) interface{} {
-		svc, _ := raw.New(hc)
-		return svc
-	}).(*raw.Service)
-}
-
-// parseKey converts the binary contents of a private key file
-// to an *rsa.PrivateKey. It detects whether the private key is in a
-// PEM container or not. If so, it extracts the the private key
-// from PEM container before conversion. It only supports PEM
-// containers with no passphrase.
-func parseKey(key []byte) (*rsa.PrivateKey, error) {
-	if block, _ := pem.Decode(key); block != nil {
-		key = block.Bytes
-	}
-	parsedKey, err := x509.ParsePKCS8PrivateKey(key)
-	if err != nil {
-		parsedKey, err = x509.ParsePKCS1PrivateKey(key)
-		if err != nil {
-			return nil, err
-		}
-	}
-	parsed, ok := parsedKey.(*rsa.PrivateKey)
-	if !ok {
-		return nil, errors.New("oauth2: private key is invalid")
-	}
-	return parsed, nil
-}
diff --git a/vendor/google.golang.org/cloud/storage/types.go b/vendor/google.golang.org/cloud/storage/types.go
deleted file mode 100644
index 060deb6ad..000000000
--- a/vendor/google.golang.org/cloud/storage/types.go
+++ /dev/null
@@ -1,417 +0,0 @@
-// Copyright 2014 Google Inc. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package storage
-
-import (
-	"encoding/base64"
-	"io"
-	"sync"
-	"time"
-
-	"golang.org/x/net/context"
-	raw "google.golang.org/api/storage/v1"
-)
-
-// Bucket represents a Google Cloud Storage bucket.
-type Bucket struct {
-	// Name is the name of the bucket.
-	Name string
-
-	// ACL is the list of access control rules on the bucket.
-	ACL []ACLRule
-
-	// DefaultObjectACL is the list of access controls to
-	// apply to new objects when no object ACL is provided.
-	DefaultObjectACL []ACLRule
-
-	// Location is the location of the bucket. It defaults to "US".
-	Location string
-
-	// Metageneration is the metadata generation of the bucket.
-	// Read-only.
-	Metageneration int64
-
-	// StorageClass is the storage class of the bucket. This defines
-	// how objects in the bucket are stored and determines the SLA
-	// and the cost of storage. Typical values are "STANDARD" and
-	// "DURABLE_REDUCED_AVAILABILITY". Defaults to "STANDARD".
-	StorageClass string
-
-	// Created is the creation time of the bucket.
-	// Read-only.
-	Created time.Time
-}
-
-func newBucket(b *raw.Bucket) *Bucket {
-	if b == nil {
-		return nil
-	}
-	bucket := &Bucket{
-		Name:           b.Name,
-		Location:       b.Location,
-		Metageneration: b.Metageneration,
-		StorageClass:   b.StorageClass,
-		Created:        convertTime(b.TimeCreated),
-	}
-	acl := make([]ACLRule, len(b.Acl))
-	for i, rule := range b.Acl {
-		acl[i] = ACLRule{
-			Entity: ACLEntity(rule.Entity),
-			Role:   ACLRole(rule.Role),
-		}
-	}
-	bucket.ACL = acl
-	objACL := make([]ACLRule, len(b.DefaultObjectAcl))
-	for i, rule := range b.DefaultObjectAcl {
-		objACL[i] = ACLRule{
-			Entity: ACLEntity(rule.Entity),
-			Role:   ACLRole(rule.Role),
-		}
-	}
-	bucket.DefaultObjectACL = objACL
-	return bucket
-}
-
-// ObjectAttrs is the user-editable object attributes.
-type ObjectAttrs struct {
-	// Name is the name of the object.
-	Name string
-
-	// ContentType is the MIME type of the object's content.
-	// Optional.
-	ContentType string
-
-	// ContentLanguage is the optional RFC 1766 Content-Language of
-	// the object's content sent in response headers.
-	ContentLanguage string
-
-	// ContentEncoding is the optional Content-Encoding of the object
-	// sent it the response headers.
-	ContentEncoding string
-
-	// CacheControl is the optional Cache-Control header of the object
-	// sent in the response headers.
-	CacheControl string
-
-	// ContentDisposition is the optional Content-Disposition header of the object
-	// sent in the response headers.
-	ContentDisposition string
-
-	// ACL is the list of access control rules for the object.
-	// Optional. If nil or empty, existing ACL rules are preserved.
-	ACL []ACLRule
-
-	// Metadata represents user-provided metadata, in key/value pairs.
-	// It can be nil if the current metadata values needs to preserved.
-	Metadata map[string]string
-}
-
-func (o ObjectAttrs) toRawObject(bucket string) *raw.Object {
-	var acl []*raw.ObjectAccessControl
-	if len(o.ACL) > 0 {
-		acl = make([]*raw.ObjectAccessControl, len(o.ACL))
-		for i, rule := range o.ACL {
-			acl[i] = &raw.ObjectAccessControl{
-				Entity: string(rule.Entity),
-				Role:   string(rule.Role),
-			}
-		}
-	}
-	return &raw.Object{
-		Bucket:             bucket,
-		Name:               o.Name,
-		ContentType:        o.ContentType,
-		ContentEncoding:    o.ContentEncoding,
-		ContentLanguage:    o.ContentLanguage,
-		CacheControl:       o.CacheControl,
-		ContentDisposition: o.ContentDisposition,
-		Acl:                acl,
-		Metadata:           o.Metadata,
-	}
-}
-
-// Object represents a Google Cloud Storage (GCS) object.
-type Object struct {
-	// Bucket is the name of the bucket containing this GCS object.
-	Bucket string
-
-	// Name is the name of the object within the bucket.
-	Name string
-
-	// ContentType is the MIME type of the object's content.
-	ContentType string
-
-	// ContentLanguage is the content language of the object's content.
-	ContentLanguage string
-
-	// CacheControl is the Cache-Control header to be sent in the response
-	// headers when serving the object data.
-	CacheControl string
-
-	// ACL is the list of access control rules for the object.
-	ACL []ACLRule
-
-	// Owner is the owner of the object.
-	//
-	// If non-zero, it is in the form of "user-<userId>".
-	Owner string
-
-	// Size is the length of the object's content.
-	Size int64
-
-	// ContentEncoding is the encoding of the object's content.
-	ContentEncoding string
-
-	// MD5 is the MD5 hash of the object's content.
-	MD5 []byte
-
-	// CRC32C is the CRC32 checksum of the object's content using
-	// the Castagnoli93 polynomial.
-	CRC32C uint32
-
-	// MediaLink is an URL to the object's content.
-	MediaLink string
-
-	// Metadata represents user-provided metadata, in key/value pairs.
-	// It can be nil if no metadata is provided.
-	Metadata map[string]string
-
-	// Generation is the generation number of the object's content.
-	Generation int64
-
-	// MetaGeneration is the version of the metadata for this
-	// object at this generation. This field is used for preconditions
-	// and for detecting changes in metadata. A metageneration number
-	// is only meaningful in the context of a particular generation
-	// of a particular object.
-	MetaGeneration int64
-
-	// StorageClass is the storage class of the bucket.
-	// This value defines how objects in the bucket are stored and
-	// determines the SLA and the cost of storage. Typical values are
-	// "STANDARD" and "DURABLE_REDUCED_AVAILABILITY".
-	// It defaults to "STANDARD".
-	StorageClass string
-
-	// Deleted is the time the object was deleted.
-	// If not deleted, it is the zero value.
-	Deleted time.Time
-
-	// Updated is the creation or modification time of the object.
-	// For buckets with versioning enabled, changing an object's
-	// metadata does not change this property.
-	Updated time.Time
-}
-
-// convertTime converts a time in RFC3339 format to time.Time.
-// If any error occurs in parsing, the zero-value time.Time is silently returned.
-func convertTime(t string) time.Time {
-	var r time.Time
-	if t != "" {
-		r, _ = time.Parse(time.RFC3339, t)
-	}
-	return r
-}
-
-func newObject(o *raw.Object) *Object {
-	if o == nil {
-		return nil
-	}
-	acl := make([]ACLRule, len(o.Acl))
-	for i, rule := range o.Acl {
-		acl[i] = ACLRule{
-			Entity: ACLEntity(rule.Entity),
-			Role:   ACLRole(rule.Role),
-		}
-	}
-	owner := ""
-	if o.Owner != nil {
-		owner = o.Owner.Entity
-	}
-	md5, _ := base64.StdEncoding.DecodeString(o.Md5Hash)
-	var crc32c uint32
-	d, err := base64.StdEncoding.DecodeString(o.Crc32c)
-	if err == nil && len(d) == 4 {
-		crc32c = uint32(d[0])<<24 + uint32(d[1])<<16 + uint32(d[2])<<8 + uint32(d[3])
-	}
-	return &Object{
-		Bucket:          o.Bucket,
-		Name:            o.Name,
-		ContentType:     o.ContentType,
-		ContentLanguage: o.ContentLanguage,
-		CacheControl:    o.CacheControl,
-		ACL:             acl,
-		Owner:           owner,
-		ContentEncoding: o.ContentEncoding,
-		Size:            int64(o.Size),
-		MD5:             md5,
-		CRC32C:          crc32c,
-		MediaLink:       o.MediaLink,
-		Metadata:        o.Metadata,
-		Generation:      o.Generation,
-		MetaGeneration:  o.Metageneration,
-		StorageClass:    o.StorageClass,
-		Deleted:         convertTime(o.TimeDeleted),
-		Updated:         convertTime(o.Updated),
-	}
-}
-
-// Query represents a query to filter objects from a bucket.
-type Query struct {
-	// Delimiter returns results in a directory-like fashion.
-	// Results will contain only objects whose names, aside from the
-	// prefix, do not contain delimiter. Objects whose names,
-	// aside from the prefix, contain delimiter will have their name,
-	// truncated after the delimiter, returned in prefixes.
-	// Duplicate prefixes are omitted.
-	// Optional.
-	Delimiter string
-
-	// Prefix is the prefix filter to query objects
-	// whose names begin with this prefix.
-	// Optional.
-	Prefix string
-
-	// Versions indicates whether multiple versions of the same
-	// object will be included in the results.
-	Versions bool
-
-	// Cursor is a previously-returned page token
-	// representing part of the larger set of results to view.
-	// Optional.
-	Cursor string
-
-	// MaxResults is the maximum number of items plus prefixes
-	// to return. As duplicate prefixes are omitted,
-	// fewer total results may be returned than requested.
-	// The default page limit is used if it is negative or zero.
-	MaxResults int
-}
-
-// Objects represents a list of objects returned from
-// a bucket look-p request and a query to retrieve more
-// objects from the next pages.
-type Objects struct {
-	// Results represent a list of object results.
-	Results []*Object
-
-	// Next is the continuation query to retrieve more
-	// results with the same filtering criteria. If there
-	// are no more results to retrieve, it is nil.
-	Next *Query
-
-	// Prefixes represents prefixes of objects
-	// matching-but-not-listed up to and including
-	// the requested delimiter.
-	Prefixes []string
-}
-
-// contentTyper implements ContentTyper to enable an
-// io.ReadCloser to specify its MIME type.
-type contentTyper struct {
-	io.Reader
-	t string
-}
-
-func (c *contentTyper) ContentType() string {
-	return c.t
-}
-
-// A Writer writes a Cloud Storage object.
-type Writer struct {
-	// ObjectAttrs are optional attributes to set on the object. Any attributes
-	// must be initialized before the first Write call. Nil or zero-valued
-	// attributes are ignored.
-	ObjectAttrs
-
-	ctx    context.Context
-	bucket string
-	name   string
-
-	once sync.Once
-
-	opened bool
-	r      io.Reader
-	pw     *io.PipeWriter
-
-	donec chan struct{} // closed after err and obj are set.
-	err   error
-	obj   *Object
-}
-
-func (w *Writer) open() {
-	attrs := w.ObjectAttrs
-	// Always set the name, otherwise the backend
-	// rejects the request and responds with an HTTP 400.
-	if attrs.Name == "" {
-		attrs.Name = w.name
-	}
-	pr, pw := io.Pipe()
-	w.r = &contentTyper{pr, attrs.ContentType}
-	w.pw = pw
-	w.opened = true
-
-	go func() {
-		resp, err := rawService(w.ctx).Objects.Insert(
-			w.bucket, attrs.toRawObject(w.bucket)).Media(w.r).Projection("full").Context(w.ctx).Do()
-		w.err = err
-		if err == nil {
-			w.obj = newObject(resp)
-		} else {
-			pr.CloseWithError(w.err)
-		}
-		close(w.donec)
-	}()
-}
-
-// Write appends to w.
-func (w *Writer) Write(p []byte) (n int, err error) {
-	if w.err != nil {
-		return 0, w.err
-	}
-	if !w.opened {
-		w.open()
-	}
-	return w.pw.Write(p)
-}
-
-// Close completes the write operation and flushes any buffered data.
-// If Close doesn't return an error, metadata about the written object
-// can be retrieved by calling Object.
-func (w *Writer) Close() error {
-	if !w.opened {
-		w.open()
-	}
-	if err := w.pw.Close(); err != nil {
-		return err
-	}
-	<-w.donec
-	return w.err
-}
-
-// CloseWithError aborts the write operation with the provided error.
-// CloseWithError always returns nil.
-func (w *Writer) CloseWithError(err error) error {
-	if !w.opened {
-		return nil
-	}
-	return w.pw.CloseWithError(err)
-}
-
-// Object returns metadata about a successfully-written object.
-// It's only valid to call it after Close returns nil.
-func (w *Writer) Object() *Object {
-	return w.obj
-}
diff --git a/vendor/google.golang.org/genproto/googleapis/rpc/code/code.pb.go b/vendor/google.golang.org/genproto/googleapis/rpc/code/code.pb.go
deleted file mode 100644
index cc5d52fbc..000000000
--- a/vendor/google.golang.org/genproto/googleapis/rpc/code/code.pb.go
+++ /dev/null
@@ -1,336 +0,0 @@
-// Copyright 2022 Google LLC
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-// Code generated by protoc-gen-go. DO NOT EDIT.
-// versions:
-// 	protoc-gen-go v1.26.0
-// 	protoc        v3.21.9
-// source: google/rpc/code.proto
-
-package code
-
-import (
-	reflect "reflect"
-	sync "sync"
-
-	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
-	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
-)
-
-const (
-	// Verify that this generated code is sufficiently up-to-date.
-	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
-	// Verify that runtime/protoimpl is sufficiently up-to-date.
-	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
-)
-
-// The canonical error codes for gRPC APIs.
-//
-// Sometimes multiple error codes may apply.  Services should return
-// the most specific error code that applies.  For example, prefer
-// `OUT_OF_RANGE` over `FAILED_PRECONDITION` if both codes apply.
-// Similarly prefer `NOT_FOUND` or `ALREADY_EXISTS` over `FAILED_PRECONDITION`.
-type Code int32
-
-const (
-	// Not an error; returned on success.
-	//
-	// HTTP Mapping: 200 OK
-	Code_OK Code = 0
-	// The operation was cancelled, typically by the caller.
-	//
-	// HTTP Mapping: 499 Client Closed Request
-	Code_CANCELLED Code = 1
-	// Unknown error.  For example, this error may be returned when
-	// a `Status` value received from another address space belongs to
-	// an error space that is not known in this address space.  Also
-	// errors raised by APIs that do not return enough error information
-	// may be converted to this error.
-	//
-	// HTTP Mapping: 500 Internal Server Error
-	Code_UNKNOWN Code = 2
-	// The client specified an invalid argument.  Note that this differs
-	// from `FAILED_PRECONDITION`.  `INVALID_ARGUMENT` indicates arguments
-	// that are problematic regardless of the state of the system
-	// (e.g., a malformed file name).
-	//
-	// HTTP Mapping: 400 Bad Request
-	Code_INVALID_ARGUMENT Code = 3
-	// The deadline expired before the operation could complete. For operations
-	// that change the state of the system, this error may be returned
-	// even if the operation has completed successfully.  For example, a
-	// successful response from a server could have been delayed long
-	// enough for the deadline to expire.
-	//
-	// HTTP Mapping: 504 Gateway Timeout
-	Code_DEADLINE_EXCEEDED Code = 4
-	// Some requested entity (e.g., file or directory) was not found.
-	//
-	// Note to server developers: if a request is denied for an entire class
-	// of users, such as gradual feature rollout or undocumented allowlist,
-	// `NOT_FOUND` may be used. If a request is denied for some users within
-	// a class of users, such as user-based access control, `PERMISSION_DENIED`
-	// must be used.
-	//
-	// HTTP Mapping: 404 Not Found
-	Code_NOT_FOUND Code = 5
-	// The entity that a client attempted to create (e.g., file or directory)
-	// already exists.
-	//
-	// HTTP Mapping: 409 Conflict
-	Code_ALREADY_EXISTS Code = 6
-	// The caller does not have permission to execute the specified
-	// operation. `PERMISSION_DENIED` must not be used for rejections
-	// caused by exhausting some resource (use `RESOURCE_EXHAUSTED`
-	// instead for those errors). `PERMISSION_DENIED` must not be
-	// used if the caller can not be identified (use `UNAUTHENTICATED`
-	// instead for those errors). This error code does not imply the
-	// request is valid or the requested entity exists or satisfies
-	// other pre-conditions.
-	//
-	// HTTP Mapping: 403 Forbidden
-	Code_PERMISSION_DENIED Code = 7
-	// The request does not have valid authentication credentials for the
-	// operation.
-	//
-	// HTTP Mapping: 401 Unauthorized
-	Code_UNAUTHENTICATED Code = 16
-	// Some resource has been exhausted, perhaps a per-user quota, or
-	// perhaps the entire file system is out of space.
-	//
-	// HTTP Mapping: 429 Too Many Requests
-	Code_RESOURCE_EXHAUSTED Code = 8
-	// The operation was rejected because the system is not in a state
-	// required for the operation's execution.  For example, the directory
-	// to be deleted is non-empty, an rmdir operation is applied to
-	// a non-directory, etc.
-	//
-	// Service implementors can use the following guidelines to decide
-	// between `FAILED_PRECONDITION`, `ABORTED`, and `UNAVAILABLE`:
-	//
-	//	(a) Use `UNAVAILABLE` if the client can retry just the failing call.
-	//	(b) Use `ABORTED` if the client should retry at a higher level. For
-	//	    example, when a client-specified test-and-set fails, indicating the
-	//	    client should restart a read-modify-write sequence.
-	//	(c) Use `FAILED_PRECONDITION` if the client should not retry until
-	//	    the system state has been explicitly fixed. For example, if an "rmdir"
-	//	    fails because the directory is non-empty, `FAILED_PRECONDITION`
-	//	    should be returned since the client should not retry unless
-	//	    the files are deleted from the directory.
-	//
-	// HTTP Mapping: 400 Bad Request
-	Code_FAILED_PRECONDITION Code = 9
-	// The operation was aborted, typically due to a concurrency issue such as
-	// a sequencer check failure or transaction abort.
-	//
-	// See the guidelines above for deciding between `FAILED_PRECONDITION`,
-	// `ABORTED`, and `UNAVAILABLE`.
-	//
-	// HTTP Mapping: 409 Conflict
-	Code_ABORTED Code = 10
-	// The operation was attempted past the valid range.  E.g., seeking or
-	// reading past end-of-file.
-	//
-	// Unlike `INVALID_ARGUMENT`, this error indicates a problem that may
-	// be fixed if the system state changes. For example, a 32-bit file
-	// system will generate `INVALID_ARGUMENT` if asked to read at an
-	// offset that is not in the range [0,2^32-1], but it will generate
-	// `OUT_OF_RANGE` if asked to read from an offset past the current
-	// file size.
-	//
-	// There is a fair bit of overlap between `FAILED_PRECONDITION` and
-	// `OUT_OF_RANGE`.  We recommend using `OUT_OF_RANGE` (the more specific
-	// error) when it applies so that callers who are iterating through
-	// a space can easily look for an `OUT_OF_RANGE` error to detect when
-	// they are done.
-	//
-	// HTTP Mapping: 400 Bad Request
-	Code_OUT_OF_RANGE Code = 11
-	// The operation is not implemented or is not supported/enabled in this
-	// service.
-	//
-	// HTTP Mapping: 501 Not Implemented
-	Code_UNIMPLEMENTED Code = 12
-	// Internal errors.  This means that some invariants expected by the
-	// underlying system have been broken.  This error code is reserved
-	// for serious errors.
-	//
-	// HTTP Mapping: 500 Internal Server Error
-	Code_INTERNAL Code = 13
-	// The service is currently unavailable.  This is most likely a
-	// transient condition, which can be corrected by retrying with
-	// a backoff. Note that it is not always safe to retry
-	// non-idempotent operations.
-	//
-	// See the guidelines above for deciding between `FAILED_PRECONDITION`,
-	// `ABORTED`, and `UNAVAILABLE`.
-	//
-	// HTTP Mapping: 503 Service Unavailable
-	Code_UNAVAILABLE Code = 14
-	// Unrecoverable data loss or corruption.
-	//
-	// HTTP Mapping: 500 Internal Server Error
-	Code_DATA_LOSS Code = 15
-)
-
-// Enum value maps for Code.
-var (
-	Code_name = map[int32]string{
-		0:  "OK",
-		1:  "CANCELLED",
-		2:  "UNKNOWN",
-		3:  "INVALID_ARGUMENT",
-		4:  "DEADLINE_EXCEEDED",
-		5:  "NOT_FOUND",
-		6:  "ALREADY_EXISTS",
-		7:  "PERMISSION_DENIED",
-		16: "UNAUTHENTICATED",
-		8:  "RESOURCE_EXHAUSTED",
-		9:  "FAILED_PRECONDITION",
-		10: "ABORTED",
-		11: "OUT_OF_RANGE",
-		12: "UNIMPLEMENTED",
-		13: "INTERNAL",
-		14: "UNAVAILABLE",
-		15: "DATA_LOSS",
-	}
-	Code_value = map[string]int32{
-		"OK":                  0,
-		"CANCELLED":           1,
-		"UNKNOWN":             2,
-		"INVALID_ARGUMENT":    3,
-		"DEADLINE_EXCEEDED":   4,
-		"NOT_FOUND":           5,
-		"ALREADY_EXISTS":      6,
-		"PERMISSION_DENIED":   7,
-		"UNAUTHENTICATED":     16,
-		"RESOURCE_EXHAUSTED":  8,
-		"FAILED_PRECONDITION": 9,
-		"ABORTED":             10,
-		"OUT_OF_RANGE":        11,
-		"UNIMPLEMENTED":       12,
-		"INTERNAL":            13,
-		"UNAVAILABLE":         14,
-		"DATA_LOSS":           15,
-	}
-)
-
-func (x Code) Enum() *Code {
-	p := new(Code)
-	*p = x
-	return p
-}
-
-func (x Code) String() string {
-	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
-}
-
-func (Code) Descriptor() protoreflect.EnumDescriptor {
-	return file_google_rpc_code_proto_enumTypes[0].Descriptor()
-}
-
-func (Code) Type() protoreflect.EnumType {
-	return &file_google_rpc_code_proto_enumTypes[0]
-}
-
-func (x Code) Number() protoreflect.EnumNumber {
-	return protoreflect.EnumNumber(x)
-}
-
-// Deprecated: Use Code.Descriptor instead.
-func (Code) EnumDescriptor() ([]byte, []int) {
-	return file_google_rpc_code_proto_rawDescGZIP(), []int{0}
-}
-
-var File_google_rpc_code_proto protoreflect.FileDescriptor
-
-var file_google_rpc_code_proto_rawDesc = []byte{
-	0x0a, 0x15, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x72, 0x70, 0x63, 0x2f, 0x63, 0x6f, 0x64,
-	0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x0a, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e,
-	0x72, 0x70, 0x63, 0x2a, 0xb7, 0x02, 0x0a, 0x04, 0x43, 0x6f, 0x64, 0x65, 0x12, 0x06, 0x0a, 0x02,
-	0x4f, 0x4b, 0x10, 0x00, 0x12, 0x0d, 0x0a, 0x09, 0x43, 0x41, 0x4e, 0x43, 0x45, 0x4c, 0x4c, 0x45,
-	0x44, 0x10, 0x01, 0x12, 0x0b, 0x0a, 0x07, 0x55, 0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x10, 0x02,
-	0x12, 0x14, 0x0a, 0x10, 0x49, 0x4e, 0x56, 0x41, 0x4c, 0x49, 0x44, 0x5f, 0x41, 0x52, 0x47, 0x55,
-	0x4d, 0x45, 0x4e, 0x54, 0x10, 0x03, 0x12, 0x15, 0x0a, 0x11, 0x44, 0x45, 0x41, 0x44, 0x4c, 0x49,
-	0x4e, 0x45, 0x5f, 0x45, 0x58, 0x43, 0x45, 0x45, 0x44, 0x45, 0x44, 0x10, 0x04, 0x12, 0x0d, 0x0a,
-	0x09, 0x4e, 0x4f, 0x54, 0x5f, 0x46, 0x4f, 0x55, 0x4e, 0x44, 0x10, 0x05, 0x12, 0x12, 0x0a, 0x0e,
-	0x41, 0x4c, 0x52, 0x45, 0x41, 0x44, 0x59, 0x5f, 0x45, 0x58, 0x49, 0x53, 0x54, 0x53, 0x10, 0x06,
-	0x12, 0x15, 0x0a, 0x11, 0x50, 0x45, 0x52, 0x4d, 0x49, 0x53, 0x53, 0x49, 0x4f, 0x4e, 0x5f, 0x44,
-	0x45, 0x4e, 0x49, 0x45, 0x44, 0x10, 0x07, 0x12, 0x13, 0x0a, 0x0f, 0x55, 0x4e, 0x41, 0x55, 0x54,
-	0x48, 0x45, 0x4e, 0x54, 0x49, 0x43, 0x41, 0x54, 0x45, 0x44, 0x10, 0x10, 0x12, 0x16, 0x0a, 0x12,
-	0x52, 0x45, 0x53, 0x4f, 0x55, 0x52, 0x43, 0x45, 0x5f, 0x45, 0x58, 0x48, 0x41, 0x55, 0x53, 0x54,
-	0x45, 0x44, 0x10, 0x08, 0x12, 0x17, 0x0a, 0x13, 0x46, 0x41, 0x49, 0x4c, 0x45, 0x44, 0x5f, 0x50,
-	0x52, 0x45, 0x43, 0x4f, 0x4e, 0x44, 0x49, 0x54, 0x49, 0x4f, 0x4e, 0x10, 0x09, 0x12, 0x0b, 0x0a,
-	0x07, 0x41, 0x42, 0x4f, 0x52, 0x54, 0x45, 0x44, 0x10, 0x0a, 0x12, 0x10, 0x0a, 0x0c, 0x4f, 0x55,
-	0x54, 0x5f, 0x4f, 0x46, 0x5f, 0x52, 0x41, 0x4e, 0x47, 0x45, 0x10, 0x0b, 0x12, 0x11, 0x0a, 0x0d,
-	0x55, 0x4e, 0x49, 0x4d, 0x50, 0x4c, 0x45, 0x4d, 0x45, 0x4e, 0x54, 0x45, 0x44, 0x10, 0x0c, 0x12,
-	0x0c, 0x0a, 0x08, 0x49, 0x4e, 0x54, 0x45, 0x52, 0x4e, 0x41, 0x4c, 0x10, 0x0d, 0x12, 0x0f, 0x0a,
-	0x0b, 0x55, 0x4e, 0x41, 0x56, 0x41, 0x49, 0x4c, 0x41, 0x42, 0x4c, 0x45, 0x10, 0x0e, 0x12, 0x0d,
-	0x0a, 0x09, 0x44, 0x41, 0x54, 0x41, 0x5f, 0x4c, 0x4f, 0x53, 0x53, 0x10, 0x0f, 0x42, 0x58, 0x0a,
-	0x0e, 0x63, 0x6f, 0x6d, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x72, 0x70, 0x63, 0x42,
-	0x09, 0x43, 0x6f, 0x64, 0x65, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x33, 0x67, 0x6f,
-	0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x67, 0x6f, 0x6c, 0x61, 0x6e, 0x67, 0x2e, 0x6f, 0x72, 0x67, 0x2f,
-	0x67, 0x65, 0x6e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x61,
-	0x70, 0x69, 0x73, 0x2f, 0x72, 0x70, 0x63, 0x2f, 0x63, 0x6f, 0x64, 0x65, 0x3b, 0x63, 0x6f, 0x64,
-	0x65, 0xa2, 0x02, 0x03, 0x52, 0x50, 0x43, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
-}
-
-var (
-	file_google_rpc_code_proto_rawDescOnce sync.Once
-	file_google_rpc_code_proto_rawDescData = file_google_rpc_code_proto_rawDesc
-)
-
-func file_google_rpc_code_proto_rawDescGZIP() []byte {
-	file_google_rpc_code_proto_rawDescOnce.Do(func() {
-		file_google_rpc_code_proto_rawDescData = protoimpl.X.CompressGZIP(file_google_rpc_code_proto_rawDescData)
-	})
-	return file_google_rpc_code_proto_rawDescData
-}
-
-var file_google_rpc_code_proto_enumTypes = make([]protoimpl.EnumInfo, 1)
-var file_google_rpc_code_proto_goTypes = []interface{}{
-	(Code)(0), // 0: google.rpc.Code
-}
-var file_google_rpc_code_proto_depIdxs = []int32{
-	0, // [0:0] is the sub-list for method output_type
-	0, // [0:0] is the sub-list for method input_type
-	0, // [0:0] is the sub-list for extension type_name
-	0, // [0:0] is the sub-list for extension extendee
-	0, // [0:0] is the sub-list for field type_name
-}
-
-func init() { file_google_rpc_code_proto_init() }
-func file_google_rpc_code_proto_init() {
-	if File_google_rpc_code_proto != nil {
-		return
-	}
-	type x struct{}
-	out := protoimpl.TypeBuilder{
-		File: protoimpl.DescBuilder{
-			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
-			RawDescriptor: file_google_rpc_code_proto_rawDesc,
-			NumEnums:      1,
-			NumMessages:   0,
-			NumExtensions: 0,
-			NumServices:   0,
-		},
-		GoTypes:           file_google_rpc_code_proto_goTypes,
-		DependencyIndexes: file_google_rpc_code_proto_depIdxs,
-		EnumInfos:         file_google_rpc_code_proto_enumTypes,
-	}.Build()
-	File_google_rpc_code_proto = out.File
-	file_google_rpc_code_proto_rawDesc = nil
-	file_google_rpc_code_proto_goTypes = nil
-	file_google_rpc_code_proto_depIdxs = nil
-}
diff --git a/vendor/google.golang.org/genproto/googleapis/rpc/errdetails/error_details.pb.go b/vendor/google.golang.org/genproto/googleapis/rpc/errdetails/error_details.pb.go
deleted file mode 100644
index 7bd161e48..000000000
--- a/vendor/google.golang.org/genproto/googleapis/rpc/errdetails/error_details.pb.go
+++ /dev/null
@@ -1,1314 +0,0 @@
-// Copyright 2022 Google LLC
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-// Code generated by protoc-gen-go. DO NOT EDIT.
-// versions:
-// 	protoc-gen-go v1.26.0
-// 	protoc        v3.21.9
-// source: google/rpc/error_details.proto
-
-package errdetails
-
-import (
-	reflect "reflect"
-	sync "sync"
-
-	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
-	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
-	durationpb "google.golang.org/protobuf/types/known/durationpb"
-)
-
-const (
-	// Verify that this generated code is sufficiently up-to-date.
-	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
-	// Verify that runtime/protoimpl is sufficiently up-to-date.
-	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
-)
-
-// Describes the cause of the error with structured details.
-//
-// Example of an error when contacting the "pubsub.googleapis.com" API when it
-// is not enabled:
-//
-//	{ "reason": "API_DISABLED"
-//	  "domain": "googleapis.com"
-//	  "metadata": {
-//	    "resource": "projects/123",
-//	    "service": "pubsub.googleapis.com"
-//	  }
-//	}
-//
-// This response indicates that the pubsub.googleapis.com API is not enabled.
-//
-// Example of an error that is returned when attempting to create a Spanner
-// instance in a region that is out of stock:
-//
-//	{ "reason": "STOCKOUT"
-//	  "domain": "spanner.googleapis.com",
-//	  "metadata": {
-//	    "availableRegions": "us-central1,us-east2"
-//	  }
-//	}
-type ErrorInfo struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// The reason of the error. This is a constant value that identifies the
-	// proximate cause of the error. Error reasons are unique within a particular
-	// domain of errors. This should be at most 63 characters and match a
-	// regular expression of `[A-Z][A-Z0-9_]+[A-Z0-9]`, which represents
-	// UPPER_SNAKE_CASE.
-	Reason string `protobuf:"bytes,1,opt,name=reason,proto3" json:"reason,omitempty"`
-	// The logical grouping to which the "reason" belongs. The error domain
-	// is typically the registered service name of the tool or product that
-	// generates the error. Example: "pubsub.googleapis.com". If the error is
-	// generated by some common infrastructure, the error domain must be a
-	// globally unique value that identifies the infrastructure. For Google API
-	// infrastructure, the error domain is "googleapis.com".
-	Domain string `protobuf:"bytes,2,opt,name=domain,proto3" json:"domain,omitempty"`
-	// Additional structured details about this error.
-	//
-	// Keys should match /[a-zA-Z0-9-_]/ and be limited to 64 characters in
-	// length. When identifying the current value of an exceeded limit, the units
-	// should be contained in the key, not the value.  For example, rather than
-	// {"instanceLimit": "100/request"}, should be returned as,
-	// {"instanceLimitPerRequest": "100"}, if the client exceeds the number of
-	// instances that can be created in a single (batch) request.
-	Metadata map[string]string `protobuf:"bytes,3,rep,name=metadata,proto3" json:"metadata,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
-}
-
-func (x *ErrorInfo) Reset() {
-	*x = ErrorInfo{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_google_rpc_error_details_proto_msgTypes[0]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *ErrorInfo) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*ErrorInfo) ProtoMessage() {}
-
-func (x *ErrorInfo) ProtoReflect() protoreflect.Message {
-	mi := &file_google_rpc_error_details_proto_msgTypes[0]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use ErrorInfo.ProtoReflect.Descriptor instead.
-func (*ErrorInfo) Descriptor() ([]byte, []int) {
-	return file_google_rpc_error_details_proto_rawDescGZIP(), []int{0}
-}
-
-func (x *ErrorInfo) GetReason() string {
-	if x != nil {
-		return x.Reason
-	}
-	return ""
-}
-
-func (x *ErrorInfo) GetDomain() string {
-	if x != nil {
-		return x.Domain
-	}
-	return ""
-}
-
-func (x *ErrorInfo) GetMetadata() map[string]string {
-	if x != nil {
-		return x.Metadata
-	}
-	return nil
-}
-
-// Describes when the clients can retry a failed request. Clients could ignore
-// the recommendation here or retry when this information is missing from error
-// responses.
-//
-// It's always recommended that clients should use exponential backoff when
-// retrying.
-//
-// Clients should wait until `retry_delay` amount of time has passed since
-// receiving the error response before retrying.  If retrying requests also
-// fail, clients should use an exponential backoff scheme to gradually increase
-// the delay between retries based on `retry_delay`, until either a maximum
-// number of retries have been reached or a maximum retry delay cap has been
-// reached.
-type RetryInfo struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// Clients should wait at least this long between retrying the same request.
-	RetryDelay *durationpb.Duration `protobuf:"bytes,1,opt,name=retry_delay,json=retryDelay,proto3" json:"retry_delay,omitempty"`
-}
-
-func (x *RetryInfo) Reset() {
-	*x = RetryInfo{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_google_rpc_error_details_proto_msgTypes[1]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *RetryInfo) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*RetryInfo) ProtoMessage() {}
-
-func (x *RetryInfo) ProtoReflect() protoreflect.Message {
-	mi := &file_google_rpc_error_details_proto_msgTypes[1]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use RetryInfo.ProtoReflect.Descriptor instead.
-func (*RetryInfo) Descriptor() ([]byte, []int) {
-	return file_google_rpc_error_details_proto_rawDescGZIP(), []int{1}
-}
-
-func (x *RetryInfo) GetRetryDelay() *durationpb.Duration {
-	if x != nil {
-		return x.RetryDelay
-	}
-	return nil
-}
-
-// Describes additional debugging info.
-type DebugInfo struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// The stack trace entries indicating where the error occurred.
-	StackEntries []string `protobuf:"bytes,1,rep,name=stack_entries,json=stackEntries,proto3" json:"stack_entries,omitempty"`
-	// Additional debugging information provided by the server.
-	Detail string `protobuf:"bytes,2,opt,name=detail,proto3" json:"detail,omitempty"`
-}
-
-func (x *DebugInfo) Reset() {
-	*x = DebugInfo{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_google_rpc_error_details_proto_msgTypes[2]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *DebugInfo) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*DebugInfo) ProtoMessage() {}
-
-func (x *DebugInfo) ProtoReflect() protoreflect.Message {
-	mi := &file_google_rpc_error_details_proto_msgTypes[2]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use DebugInfo.ProtoReflect.Descriptor instead.
-func (*DebugInfo) Descriptor() ([]byte, []int) {
-	return file_google_rpc_error_details_proto_rawDescGZIP(), []int{2}
-}
-
-func (x *DebugInfo) GetStackEntries() []string {
-	if x != nil {
-		return x.StackEntries
-	}
-	return nil
-}
-
-func (x *DebugInfo) GetDetail() string {
-	if x != nil {
-		return x.Detail
-	}
-	return ""
-}
-
-// Describes how a quota check failed.
-//
-// For example if a daily limit was exceeded for the calling project,
-// a service could respond with a QuotaFailure detail containing the project
-// id and the description of the quota limit that was exceeded.  If the
-// calling project hasn't enabled the service in the developer console, then
-// a service could respond with the project id and set `service_disabled`
-// to true.
-//
-// Also see RetryInfo and Help types for other details about handling a
-// quota failure.
-type QuotaFailure struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// Describes all quota violations.
-	Violations []*QuotaFailure_Violation `protobuf:"bytes,1,rep,name=violations,proto3" json:"violations,omitempty"`
-}
-
-func (x *QuotaFailure) Reset() {
-	*x = QuotaFailure{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_google_rpc_error_details_proto_msgTypes[3]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *QuotaFailure) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*QuotaFailure) ProtoMessage() {}
-
-func (x *QuotaFailure) ProtoReflect() protoreflect.Message {
-	mi := &file_google_rpc_error_details_proto_msgTypes[3]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use QuotaFailure.ProtoReflect.Descriptor instead.
-func (*QuotaFailure) Descriptor() ([]byte, []int) {
-	return file_google_rpc_error_details_proto_rawDescGZIP(), []int{3}
-}
-
-func (x *QuotaFailure) GetViolations() []*QuotaFailure_Violation {
-	if x != nil {
-		return x.Violations
-	}
-	return nil
-}
-
-// Describes what preconditions have failed.
-//
-// For example, if an RPC failed because it required the Terms of Service to be
-// acknowledged, it could list the terms of service violation in the
-// PreconditionFailure message.
-type PreconditionFailure struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// Describes all precondition violations.
-	Violations []*PreconditionFailure_Violation `protobuf:"bytes,1,rep,name=violations,proto3" json:"violations,omitempty"`
-}
-
-func (x *PreconditionFailure) Reset() {
-	*x = PreconditionFailure{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_google_rpc_error_details_proto_msgTypes[4]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *PreconditionFailure) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*PreconditionFailure) ProtoMessage() {}
-
-func (x *PreconditionFailure) ProtoReflect() protoreflect.Message {
-	mi := &file_google_rpc_error_details_proto_msgTypes[4]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use PreconditionFailure.ProtoReflect.Descriptor instead.
-func (*PreconditionFailure) Descriptor() ([]byte, []int) {
-	return file_google_rpc_error_details_proto_rawDescGZIP(), []int{4}
-}
-
-func (x *PreconditionFailure) GetViolations() []*PreconditionFailure_Violation {
-	if x != nil {
-		return x.Violations
-	}
-	return nil
-}
-
-// Describes violations in a client request. This error type focuses on the
-// syntactic aspects of the request.
-type BadRequest struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// Describes all violations in a client request.
-	FieldViolations []*BadRequest_FieldViolation `protobuf:"bytes,1,rep,name=field_violations,json=fieldViolations,proto3" json:"field_violations,omitempty"`
-}
-
-func (x *BadRequest) Reset() {
-	*x = BadRequest{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_google_rpc_error_details_proto_msgTypes[5]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *BadRequest) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*BadRequest) ProtoMessage() {}
-
-func (x *BadRequest) ProtoReflect() protoreflect.Message {
-	mi := &file_google_rpc_error_details_proto_msgTypes[5]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use BadRequest.ProtoReflect.Descriptor instead.
-func (*BadRequest) Descriptor() ([]byte, []int) {
-	return file_google_rpc_error_details_proto_rawDescGZIP(), []int{5}
-}
-
-func (x *BadRequest) GetFieldViolations() []*BadRequest_FieldViolation {
-	if x != nil {
-		return x.FieldViolations
-	}
-	return nil
-}
-
-// Contains metadata about the request that clients can attach when filing a bug
-// or providing other forms of feedback.
-type RequestInfo struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// An opaque string that should only be interpreted by the service generating
-	// it. For example, it can be used to identify requests in the service's logs.
-	RequestId string `protobuf:"bytes,1,opt,name=request_id,json=requestId,proto3" json:"request_id,omitempty"`
-	// Any data that was used to serve this request. For example, an encrypted
-	// stack trace that can be sent back to the service provider for debugging.
-	ServingData string `protobuf:"bytes,2,opt,name=serving_data,json=servingData,proto3" json:"serving_data,omitempty"`
-}
-
-func (x *RequestInfo) Reset() {
-	*x = RequestInfo{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_google_rpc_error_details_proto_msgTypes[6]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *RequestInfo) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*RequestInfo) ProtoMessage() {}
-
-func (x *RequestInfo) ProtoReflect() protoreflect.Message {
-	mi := &file_google_rpc_error_details_proto_msgTypes[6]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use RequestInfo.ProtoReflect.Descriptor instead.
-func (*RequestInfo) Descriptor() ([]byte, []int) {
-	return file_google_rpc_error_details_proto_rawDescGZIP(), []int{6}
-}
-
-func (x *RequestInfo) GetRequestId() string {
-	if x != nil {
-		return x.RequestId
-	}
-	return ""
-}
-
-func (x *RequestInfo) GetServingData() string {
-	if x != nil {
-		return x.ServingData
-	}
-	return ""
-}
-
-// Describes the resource that is being accessed.
-type ResourceInfo struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// A name for the type of resource being accessed, e.g. "sql table",
-	// "cloud storage bucket", "file", "Google calendar"; or the type URL
-	// of the resource: e.g. "type.googleapis.com/google.pubsub.v1.Topic".
-	ResourceType string `protobuf:"bytes,1,opt,name=resource_type,json=resourceType,proto3" json:"resource_type,omitempty"`
-	// The name of the resource being accessed.  For example, a shared calendar
-	// name: "example.com_4fghdhgsrgh@group.calendar.google.com", if the current
-	// error is
-	// [google.rpc.Code.PERMISSION_DENIED][google.rpc.Code.PERMISSION_DENIED].
-	ResourceName string `protobuf:"bytes,2,opt,name=resource_name,json=resourceName,proto3" json:"resource_name,omitempty"`
-	// The owner of the resource (optional).
-	// For example, "user:<owner email>" or "project:<Google developer project
-	// id>".
-	Owner string `protobuf:"bytes,3,opt,name=owner,proto3" json:"owner,omitempty"`
-	// Describes what error is encountered when accessing this resource.
-	// For example, updating a cloud project may require the `writer` permission
-	// on the developer console project.
-	Description string `protobuf:"bytes,4,opt,name=description,proto3" json:"description,omitempty"`
-}
-
-func (x *ResourceInfo) Reset() {
-	*x = ResourceInfo{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_google_rpc_error_details_proto_msgTypes[7]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *ResourceInfo) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*ResourceInfo) ProtoMessage() {}
-
-func (x *ResourceInfo) ProtoReflect() protoreflect.Message {
-	mi := &file_google_rpc_error_details_proto_msgTypes[7]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use ResourceInfo.ProtoReflect.Descriptor instead.
-func (*ResourceInfo) Descriptor() ([]byte, []int) {
-	return file_google_rpc_error_details_proto_rawDescGZIP(), []int{7}
-}
-
-func (x *ResourceInfo) GetResourceType() string {
-	if x != nil {
-		return x.ResourceType
-	}
-	return ""
-}
-
-func (x *ResourceInfo) GetResourceName() string {
-	if x != nil {
-		return x.ResourceName
-	}
-	return ""
-}
-
-func (x *ResourceInfo) GetOwner() string {
-	if x != nil {
-		return x.Owner
-	}
-	return ""
-}
-
-func (x *ResourceInfo) GetDescription() string {
-	if x != nil {
-		return x.Description
-	}
-	return ""
-}
-
-// Provides links to documentation or for performing an out of band action.
-//
-// For example, if a quota check failed with an error indicating the calling
-// project hasn't enabled the accessed service, this can contain a URL pointing
-// directly to the right place in the developer console to flip the bit.
-type Help struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// URL(s) pointing to additional information on handling the current error.
-	Links []*Help_Link `protobuf:"bytes,1,rep,name=links,proto3" json:"links,omitempty"`
-}
-
-func (x *Help) Reset() {
-	*x = Help{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_google_rpc_error_details_proto_msgTypes[8]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *Help) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*Help) ProtoMessage() {}
-
-func (x *Help) ProtoReflect() protoreflect.Message {
-	mi := &file_google_rpc_error_details_proto_msgTypes[8]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use Help.ProtoReflect.Descriptor instead.
-func (*Help) Descriptor() ([]byte, []int) {
-	return file_google_rpc_error_details_proto_rawDescGZIP(), []int{8}
-}
-
-func (x *Help) GetLinks() []*Help_Link {
-	if x != nil {
-		return x.Links
-	}
-	return nil
-}
-
-// Provides a localized error message that is safe to return to the user
-// which can be attached to an RPC error.
-type LocalizedMessage struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// The locale used following the specification defined at
-	// https://www.rfc-editor.org/rfc/bcp/bcp47.txt.
-	// Examples are: "en-US", "fr-CH", "es-MX"
-	Locale string `protobuf:"bytes,1,opt,name=locale,proto3" json:"locale,omitempty"`
-	// The localized error message in the above locale.
-	Message string `protobuf:"bytes,2,opt,name=message,proto3" json:"message,omitempty"`
-}
-
-func (x *LocalizedMessage) Reset() {
-	*x = LocalizedMessage{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_google_rpc_error_details_proto_msgTypes[9]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *LocalizedMessage) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*LocalizedMessage) ProtoMessage() {}
-
-func (x *LocalizedMessage) ProtoReflect() protoreflect.Message {
-	mi := &file_google_rpc_error_details_proto_msgTypes[9]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use LocalizedMessage.ProtoReflect.Descriptor instead.
-func (*LocalizedMessage) Descriptor() ([]byte, []int) {
-	return file_google_rpc_error_details_proto_rawDescGZIP(), []int{9}
-}
-
-func (x *LocalizedMessage) GetLocale() string {
-	if x != nil {
-		return x.Locale
-	}
-	return ""
-}
-
-func (x *LocalizedMessage) GetMessage() string {
-	if x != nil {
-		return x.Message
-	}
-	return ""
-}
-
-// A message type used to describe a single quota violation.  For example, a
-// daily quota or a custom quota that was exceeded.
-type QuotaFailure_Violation struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// The subject on which the quota check failed.
-	// For example, "clientip:<ip address of client>" or "project:<Google
-	// developer project id>".
-	Subject string `protobuf:"bytes,1,opt,name=subject,proto3" json:"subject,omitempty"`
-	// A description of how the quota check failed. Clients can use this
-	// description to find more about the quota configuration in the service's
-	// public documentation, or find the relevant quota limit to adjust through
-	// developer console.
-	//
-	// For example: "Service disabled" or "Daily Limit for read operations
-	// exceeded".
-	Description string `protobuf:"bytes,2,opt,name=description,proto3" json:"description,omitempty"`
-}
-
-func (x *QuotaFailure_Violation) Reset() {
-	*x = QuotaFailure_Violation{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_google_rpc_error_details_proto_msgTypes[11]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *QuotaFailure_Violation) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*QuotaFailure_Violation) ProtoMessage() {}
-
-func (x *QuotaFailure_Violation) ProtoReflect() protoreflect.Message {
-	mi := &file_google_rpc_error_details_proto_msgTypes[11]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use QuotaFailure_Violation.ProtoReflect.Descriptor instead.
-func (*QuotaFailure_Violation) Descriptor() ([]byte, []int) {
-	return file_google_rpc_error_details_proto_rawDescGZIP(), []int{3, 0}
-}
-
-func (x *QuotaFailure_Violation) GetSubject() string {
-	if x != nil {
-		return x.Subject
-	}
-	return ""
-}
-
-func (x *QuotaFailure_Violation) GetDescription() string {
-	if x != nil {
-		return x.Description
-	}
-	return ""
-}
-
-// A message type used to describe a single precondition failure.
-type PreconditionFailure_Violation struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// The type of PreconditionFailure. We recommend using a service-specific
-	// enum type to define the supported precondition violation subjects. For
-	// example, "TOS" for "Terms of Service violation".
-	Type string `protobuf:"bytes,1,opt,name=type,proto3" json:"type,omitempty"`
-	// The subject, relative to the type, that failed.
-	// For example, "google.com/cloud" relative to the "TOS" type would indicate
-	// which terms of service is being referenced.
-	Subject string `protobuf:"bytes,2,opt,name=subject,proto3" json:"subject,omitempty"`
-	// A description of how the precondition failed. Developers can use this
-	// description to understand how to fix the failure.
-	//
-	// For example: "Terms of service not accepted".
-	Description string `protobuf:"bytes,3,opt,name=description,proto3" json:"description,omitempty"`
-}
-
-func (x *PreconditionFailure_Violation) Reset() {
-	*x = PreconditionFailure_Violation{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_google_rpc_error_details_proto_msgTypes[12]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *PreconditionFailure_Violation) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*PreconditionFailure_Violation) ProtoMessage() {}
-
-func (x *PreconditionFailure_Violation) ProtoReflect() protoreflect.Message {
-	mi := &file_google_rpc_error_details_proto_msgTypes[12]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use PreconditionFailure_Violation.ProtoReflect.Descriptor instead.
-func (*PreconditionFailure_Violation) Descriptor() ([]byte, []int) {
-	return file_google_rpc_error_details_proto_rawDescGZIP(), []int{4, 0}
-}
-
-func (x *PreconditionFailure_Violation) GetType() string {
-	if x != nil {
-		return x.Type
-	}
-	return ""
-}
-
-func (x *PreconditionFailure_Violation) GetSubject() string {
-	if x != nil {
-		return x.Subject
-	}
-	return ""
-}
-
-func (x *PreconditionFailure_Violation) GetDescription() string {
-	if x != nil {
-		return x.Description
-	}
-	return ""
-}
-
-// A message type used to describe a single bad request field.
-type BadRequest_FieldViolation struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// A path that leads to a field in the request body. The value will be a
-	// sequence of dot-separated identifiers that identify a protocol buffer
-	// field.
-	//
-	// Consider the following:
-	//
-	//	message CreateContactRequest {
-	//	  message EmailAddress {
-	//	    enum Type {
-	//	      TYPE_UNSPECIFIED = 0;
-	//	      HOME = 1;
-	//	      WORK = 2;
-	//	    }
-	//
-	//	    optional string email = 1;
-	//	    repeated EmailType type = 2;
-	//	  }
-	//
-	//	  string full_name = 1;
-	//	  repeated EmailAddress email_addresses = 2;
-	//	}
-	//
-	// In this example, in proto `field` could take one of the following values:
-	//
-	//   - `full_name` for a violation in the `full_name` value
-	//   - `email_addresses[1].email` for a violation in the `email` field of the
-	//     first `email_addresses` message
-	//   - `email_addresses[3].type[2]` for a violation in the second `type`
-	//     value in the third `email_addresses` message.
-	//
-	// In JSON, the same values are represented as:
-	//
-	//   - `fullName` for a violation in the `fullName` value
-	//   - `emailAddresses[1].email` for a violation in the `email` field of the
-	//     first `emailAddresses` message
-	//   - `emailAddresses[3].type[2]` for a violation in the second `type`
-	//     value in the third `emailAddresses` message.
-	Field string `protobuf:"bytes,1,opt,name=field,proto3" json:"field,omitempty"`
-	// A description of why the request element is bad.
-	Description string `protobuf:"bytes,2,opt,name=description,proto3" json:"description,omitempty"`
-}
-
-func (x *BadRequest_FieldViolation) Reset() {
-	*x = BadRequest_FieldViolation{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_google_rpc_error_details_proto_msgTypes[13]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *BadRequest_FieldViolation) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*BadRequest_FieldViolation) ProtoMessage() {}
-
-func (x *BadRequest_FieldViolation) ProtoReflect() protoreflect.Message {
-	mi := &file_google_rpc_error_details_proto_msgTypes[13]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use BadRequest_FieldViolation.ProtoReflect.Descriptor instead.
-func (*BadRequest_FieldViolation) Descriptor() ([]byte, []int) {
-	return file_google_rpc_error_details_proto_rawDescGZIP(), []int{5, 0}
-}
-
-func (x *BadRequest_FieldViolation) GetField() string {
-	if x != nil {
-		return x.Field
-	}
-	return ""
-}
-
-func (x *BadRequest_FieldViolation) GetDescription() string {
-	if x != nil {
-		return x.Description
-	}
-	return ""
-}
-
-// Describes a URL link.
-type Help_Link struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// Describes what the link offers.
-	Description string `protobuf:"bytes,1,opt,name=description,proto3" json:"description,omitempty"`
-	// The URL of the link.
-	Url string `protobuf:"bytes,2,opt,name=url,proto3" json:"url,omitempty"`
-}
-
-func (x *Help_Link) Reset() {
-	*x = Help_Link{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_google_rpc_error_details_proto_msgTypes[14]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *Help_Link) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*Help_Link) ProtoMessage() {}
-
-func (x *Help_Link) ProtoReflect() protoreflect.Message {
-	mi := &file_google_rpc_error_details_proto_msgTypes[14]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use Help_Link.ProtoReflect.Descriptor instead.
-func (*Help_Link) Descriptor() ([]byte, []int) {
-	return file_google_rpc_error_details_proto_rawDescGZIP(), []int{8, 0}
-}
-
-func (x *Help_Link) GetDescription() string {
-	if x != nil {
-		return x.Description
-	}
-	return ""
-}
-
-func (x *Help_Link) GetUrl() string {
-	if x != nil {
-		return x.Url
-	}
-	return ""
-}
-
-var File_google_rpc_error_details_proto protoreflect.FileDescriptor
-
-var file_google_rpc_error_details_proto_rawDesc = []byte{
-	0x0a, 0x1e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x72, 0x70, 0x63, 0x2f, 0x65, 0x72, 0x72,
-	0x6f, 0x72, 0x5f, 0x64, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
-	0x12, 0x0a, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x72, 0x70, 0x63, 0x1a, 0x1e, 0x67, 0x6f,
-	0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x64, 0x75,
-	0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xb9, 0x01, 0x0a,
-	0x09, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x49, 0x6e, 0x66, 0x6f, 0x12, 0x16, 0x0a, 0x06, 0x72, 0x65,
-	0x61, 0x73, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x72, 0x65, 0x61, 0x73,
-	0x6f, 0x6e, 0x12, 0x16, 0x0a, 0x06, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x18, 0x02, 0x20, 0x01,
-	0x28, 0x09, 0x52, 0x06, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x12, 0x3f, 0x0a, 0x08, 0x6d, 0x65,
-	0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x23, 0x2e, 0x67,
-	0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x72, 0x70, 0x63, 0x2e, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x49,
-	0x6e, 0x66, 0x6f, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72,
-	0x79, 0x52, 0x08, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x1a, 0x3b, 0x0a, 0x0d, 0x4d,
-	0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03,
-	0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14,
-	0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76,
-	0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x47, 0x0a, 0x09, 0x52, 0x65, 0x74, 0x72,
-	0x79, 0x49, 0x6e, 0x66, 0x6f, 0x12, 0x3a, 0x0a, 0x0b, 0x72, 0x65, 0x74, 0x72, 0x79, 0x5f, 0x64,
-	0x65, 0x6c, 0x61, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f,
-	0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72,
-	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0a, 0x72, 0x65, 0x74, 0x72, 0x79, 0x44, 0x65, 0x6c, 0x61,
-	0x79, 0x22, 0x48, 0x0a, 0x09, 0x44, 0x65, 0x62, 0x75, 0x67, 0x49, 0x6e, 0x66, 0x6f, 0x12, 0x23,
-	0x0a, 0x0d, 0x73, 0x74, 0x61, 0x63, 0x6b, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x69, 0x65, 0x73, 0x18,
-	0x01, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0c, 0x73, 0x74, 0x61, 0x63, 0x6b, 0x45, 0x6e, 0x74, 0x72,
-	0x69, 0x65, 0x73, 0x12, 0x16, 0x0a, 0x06, 0x64, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x18, 0x02, 0x20,
-	0x01, 0x28, 0x09, 0x52, 0x06, 0x64, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x22, 0x9b, 0x01, 0x0a, 0x0c,
-	0x51, 0x75, 0x6f, 0x74, 0x61, 0x46, 0x61, 0x69, 0x6c, 0x75, 0x72, 0x65, 0x12, 0x42, 0x0a, 0x0a,
-	0x76, 0x69, 0x6f, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b,
-	0x32, 0x22, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x72, 0x70, 0x63, 0x2e, 0x51, 0x75,
-	0x6f, 0x74, 0x61, 0x46, 0x61, 0x69, 0x6c, 0x75, 0x72, 0x65, 0x2e, 0x56, 0x69, 0x6f, 0x6c, 0x61,
-	0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0a, 0x76, 0x69, 0x6f, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73,
-	0x1a, 0x47, 0x0a, 0x09, 0x56, 0x69, 0x6f, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x18, 0x0a,
-	0x07, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07,
-	0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x12, 0x20, 0x0a, 0x0b, 0x64, 0x65, 0x73, 0x63, 0x72,
-	0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x64, 0x65,
-	0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0xbd, 0x01, 0x0a, 0x13, 0x50, 0x72,
-	0x65, 0x63, 0x6f, 0x6e, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x46, 0x61, 0x69, 0x6c, 0x75, 0x72,
-	0x65, 0x12, 0x49, 0x0a, 0x0a, 0x76, 0x69, 0x6f, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18,
-	0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x29, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x72,
-	0x70, 0x63, 0x2e, 0x50, 0x72, 0x65, 0x63, 0x6f, 0x6e, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x46,
-	0x61, 0x69, 0x6c, 0x75, 0x72, 0x65, 0x2e, 0x56, 0x69, 0x6f, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e,
-	0x52, 0x0a, 0x76, 0x69, 0x6f, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x1a, 0x5b, 0x0a, 0x09,
-	0x56, 0x69, 0x6f, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x12, 0x0a, 0x04, 0x74, 0x79, 0x70,
-	0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x18, 0x0a,
-	0x07, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07,
-	0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x12, 0x20, 0x0a, 0x0b, 0x64, 0x65, 0x73, 0x63, 0x72,
-	0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x64, 0x65,
-	0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0xa8, 0x01, 0x0a, 0x0a, 0x42, 0x61,
-	0x64, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x50, 0x0a, 0x10, 0x66, 0x69, 0x65, 0x6c,
-	0x64, 0x5f, 0x76, 0x69, 0x6f, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x01, 0x20, 0x03,
-	0x28, 0x0b, 0x32, 0x25, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x72, 0x70, 0x63, 0x2e,
-	0x42, 0x61, 0x64, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x2e, 0x46, 0x69, 0x65, 0x6c, 0x64,
-	0x56, 0x69, 0x6f, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0f, 0x66, 0x69, 0x65, 0x6c, 0x64,
-	0x56, 0x69, 0x6f, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x1a, 0x48, 0x0a, 0x0e, 0x46, 0x69,
-	0x65, 0x6c, 0x64, 0x56, 0x69, 0x6f, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x14, 0x0a, 0x05,
-	0x66, 0x69, 0x65, 0x6c, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x66, 0x69, 0x65,
-	0x6c, 0x64, 0x12, 0x20, 0x0a, 0x0b, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x69, 0x6f,
-	0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70,
-	0x74, 0x69, 0x6f, 0x6e, 0x22, 0x4f, 0x0a, 0x0b, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x49,
-	0x6e, 0x66, 0x6f, 0x12, 0x1d, 0x0a, 0x0a, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x5f, 0x69,
-	0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74,
-	0x49, 0x64, 0x12, 0x21, 0x0a, 0x0c, 0x73, 0x65, 0x72, 0x76, 0x69, 0x6e, 0x67, 0x5f, 0x64, 0x61,
-	0x74, 0x61, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x73, 0x65, 0x72, 0x76, 0x69, 0x6e,
-	0x67, 0x44, 0x61, 0x74, 0x61, 0x22, 0x90, 0x01, 0x0a, 0x0c, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72,
-	0x63, 0x65, 0x49, 0x6e, 0x66, 0x6f, 0x12, 0x23, 0x0a, 0x0d, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72,
-	0x63, 0x65, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x72,
-	0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x54, 0x79, 0x70, 0x65, 0x12, 0x23, 0x0a, 0x0d, 0x72,
-	0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01,
-	0x28, 0x09, 0x52, 0x0c, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x4e, 0x61, 0x6d, 0x65,
-	0x12, 0x14, 0x0a, 0x05, 0x6f, 0x77, 0x6e, 0x65, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52,
-	0x05, 0x6f, 0x77, 0x6e, 0x65, 0x72, 0x12, 0x20, 0x0a, 0x0b, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69,
-	0x70, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x64, 0x65, 0x73,
-	0x63, 0x72, 0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x6f, 0x0a, 0x04, 0x48, 0x65, 0x6c, 0x70,
-	0x12, 0x2b, 0x0a, 0x05, 0x6c, 0x69, 0x6e, 0x6b, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32,
-	0x15, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x72, 0x70, 0x63, 0x2e, 0x48, 0x65, 0x6c,
-	0x70, 0x2e, 0x4c, 0x69, 0x6e, 0x6b, 0x52, 0x05, 0x6c, 0x69, 0x6e, 0x6b, 0x73, 0x1a, 0x3a, 0x0a,
-	0x04, 0x4c, 0x69, 0x6e, 0x6b, 0x12, 0x20, 0x0a, 0x0b, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70,
-	0x74, 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x64, 0x65, 0x73, 0x63,
-	0x72, 0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x10, 0x0a, 0x03, 0x75, 0x72, 0x6c, 0x18, 0x02,
-	0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x75, 0x72, 0x6c, 0x22, 0x44, 0x0a, 0x10, 0x4c, 0x6f, 0x63,
-	0x61, 0x6c, 0x69, 0x7a, 0x65, 0x64, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x12, 0x16, 0x0a,
-	0x06, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x6c,
-	0x6f, 0x63, 0x61, 0x6c, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65,
-	0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x42,
-	0x6c, 0x0a, 0x0e, 0x63, 0x6f, 0x6d, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x72, 0x70,
-	0x63, 0x42, 0x11, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x44, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x50,
-	0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x3f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x67,
-	0x6f, 0x6c, 0x61, 0x6e, 0x67, 0x2e, 0x6f, 0x72, 0x67, 0x2f, 0x67, 0x65, 0x6e, 0x70, 0x72, 0x6f,
-	0x74, 0x6f, 0x2f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x61, 0x70, 0x69, 0x73, 0x2f, 0x72, 0x70,
-	0x63, 0x2f, 0x65, 0x72, 0x72, 0x64, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x3b, 0x65, 0x72, 0x72,
-	0x64, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0xa2, 0x02, 0x03, 0x52, 0x50, 0x43, 0x62, 0x06, 0x70,
-	0x72, 0x6f, 0x74, 0x6f, 0x33,
-}
-
-var (
-	file_google_rpc_error_details_proto_rawDescOnce sync.Once
-	file_google_rpc_error_details_proto_rawDescData = file_google_rpc_error_details_proto_rawDesc
-)
-
-func file_google_rpc_error_details_proto_rawDescGZIP() []byte {
-	file_google_rpc_error_details_proto_rawDescOnce.Do(func() {
-		file_google_rpc_error_details_proto_rawDescData = protoimpl.X.CompressGZIP(file_google_rpc_error_details_proto_rawDescData)
-	})
-	return file_google_rpc_error_details_proto_rawDescData
-}
-
-var file_google_rpc_error_details_proto_msgTypes = make([]protoimpl.MessageInfo, 15)
-var file_google_rpc_error_details_proto_goTypes = []interface{}{
-	(*ErrorInfo)(nil),                     // 0: google.rpc.ErrorInfo
-	(*RetryInfo)(nil),                     // 1: google.rpc.RetryInfo
-	(*DebugInfo)(nil),                     // 2: google.rpc.DebugInfo
-	(*QuotaFailure)(nil),                  // 3: google.rpc.QuotaFailure
-	(*PreconditionFailure)(nil),           // 4: google.rpc.PreconditionFailure
-	(*BadRequest)(nil),                    // 5: google.rpc.BadRequest
-	(*RequestInfo)(nil),                   // 6: google.rpc.RequestInfo
-	(*ResourceInfo)(nil),                  // 7: google.rpc.ResourceInfo
-	(*Help)(nil),                          // 8: google.rpc.Help
-	(*LocalizedMessage)(nil),              // 9: google.rpc.LocalizedMessage
-	nil,                                   // 10: google.rpc.ErrorInfo.MetadataEntry
-	(*QuotaFailure_Violation)(nil),        // 11: google.rpc.QuotaFailure.Violation
-	(*PreconditionFailure_Violation)(nil), // 12: google.rpc.PreconditionFailure.Violation
-	(*BadRequest_FieldViolation)(nil),     // 13: google.rpc.BadRequest.FieldViolation
-	(*Help_Link)(nil),                     // 14: google.rpc.Help.Link
-	(*durationpb.Duration)(nil),           // 15: google.protobuf.Duration
-}
-var file_google_rpc_error_details_proto_depIdxs = []int32{
-	10, // 0: google.rpc.ErrorInfo.metadata:type_name -> google.rpc.ErrorInfo.MetadataEntry
-	15, // 1: google.rpc.RetryInfo.retry_delay:type_name -> google.protobuf.Duration
-	11, // 2: google.rpc.QuotaFailure.violations:type_name -> google.rpc.QuotaFailure.Violation
-	12, // 3: google.rpc.PreconditionFailure.violations:type_name -> google.rpc.PreconditionFailure.Violation
-	13, // 4: google.rpc.BadRequest.field_violations:type_name -> google.rpc.BadRequest.FieldViolation
-	14, // 5: google.rpc.Help.links:type_name -> google.rpc.Help.Link
-	6,  // [6:6] is the sub-list for method output_type
-	6,  // [6:6] is the sub-list for method input_type
-	6,  // [6:6] is the sub-list for extension type_name
-	6,  // [6:6] is the sub-list for extension extendee
-	0,  // [0:6] is the sub-list for field type_name
-}
-
-func init() { file_google_rpc_error_details_proto_init() }
-func file_google_rpc_error_details_proto_init() {
-	if File_google_rpc_error_details_proto != nil {
-		return
-	}
-	if !protoimpl.UnsafeEnabled {
-		file_google_rpc_error_details_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*ErrorInfo); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_google_rpc_error_details_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*RetryInfo); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_google_rpc_error_details_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*DebugInfo); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_google_rpc_error_details_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*QuotaFailure); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_google_rpc_error_details_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*PreconditionFailure); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_google_rpc_error_details_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*BadRequest); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_google_rpc_error_details_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*RequestInfo); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_google_rpc_error_details_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*ResourceInfo); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_google_rpc_error_details_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*Help); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_google_rpc_error_details_proto_msgTypes[9].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*LocalizedMessage); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_google_rpc_error_details_proto_msgTypes[11].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*QuotaFailure_Violation); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_google_rpc_error_details_proto_msgTypes[12].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*PreconditionFailure_Violation); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_google_rpc_error_details_proto_msgTypes[13].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*BadRequest_FieldViolation); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_google_rpc_error_details_proto_msgTypes[14].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*Help_Link); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-	}
-	type x struct{}
-	out := protoimpl.TypeBuilder{
-		File: protoimpl.DescBuilder{
-			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
-			RawDescriptor: file_google_rpc_error_details_proto_rawDesc,
-			NumEnums:      0,
-			NumMessages:   15,
-			NumExtensions: 0,
-			NumServices:   0,
-		},
-		GoTypes:           file_google_rpc_error_details_proto_goTypes,
-		DependencyIndexes: file_google_rpc_error_details_proto_depIdxs,
-		MessageInfos:      file_google_rpc_error_details_proto_msgTypes,
-	}.Build()
-	File_google_rpc_error_details_proto = out.File
-	file_google_rpc_error_details_proto_rawDesc = nil
-	file_google_rpc_error_details_proto_goTypes = nil
-	file_google_rpc_error_details_proto_depIdxs = nil
-}
diff --git a/vendor/gopkg.in/check.v1/.gitignore b/vendor/gopkg.in/check.v1/.gitignore
deleted file mode 100644
index 191a5360b..000000000
--- a/vendor/gopkg.in/check.v1/.gitignore
+++ /dev/null
@@ -1,4 +0,0 @@
-_*
-*.swp
-*.[568]
-[568].out
diff --git a/vendor/gopkg.in/check.v1/.travis.yml b/vendor/gopkg.in/check.v1/.travis.yml
deleted file mode 100644
index ead6735fc..000000000
--- a/vendor/gopkg.in/check.v1/.travis.yml
+++ /dev/null
@@ -1,3 +0,0 @@
-language: go
-
-go_import_path: gopkg.in/check.v1
diff --git a/vendor/gopkg.in/check.v1/LICENSE b/vendor/gopkg.in/check.v1/LICENSE
deleted file mode 100644
index 545cf2d33..000000000
--- a/vendor/gopkg.in/check.v1/LICENSE
+++ /dev/null
@@ -1,25 +0,0 @@
-Gocheck - A rich testing framework for Go
- 
-Copyright (c) 2010-2013 Gustavo Niemeyer <gustavo@niemeyer.net>
-
-All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions are met: 
-
-1. Redistributions of source code must retain the above copyright notice, this
-   list of conditions and the following disclaimer. 
-2. Redistributions in binary form must reproduce the above copyright notice,
-   this list of conditions and the following disclaimer in the documentation
-   and/or other materials provided with the distribution. 
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
-ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
-WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
-ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
-(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
-ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
-SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/vendor/gopkg.in/check.v1/README.md b/vendor/gopkg.in/check.v1/README.md
deleted file mode 100644
index 0ca9e5726..000000000
--- a/vendor/gopkg.in/check.v1/README.md
+++ /dev/null
@@ -1,20 +0,0 @@
-Instructions
-============
-
-Install the package with:
-
-    go get gopkg.in/check.v1
-    
-Import it with:
-
-    import "gopkg.in/check.v1"
-
-and use _check_ as the package name inside the code.
-
-For more details, visit the project page:
-
-* http://labix.org/gocheck
-
-and the API documentation:
-
-* https://gopkg.in/check.v1
diff --git a/vendor/gopkg.in/check.v1/TODO b/vendor/gopkg.in/check.v1/TODO
deleted file mode 100644
index 33498270e..000000000
--- a/vendor/gopkg.in/check.v1/TODO
+++ /dev/null
@@ -1,2 +0,0 @@
-- Assert(slice, Contains, item)
-- Parallel test support
diff --git a/vendor/gopkg.in/check.v1/benchmark.go b/vendor/gopkg.in/check.v1/benchmark.go
deleted file mode 100644
index 46ea9dc6d..000000000
--- a/vendor/gopkg.in/check.v1/benchmark.go
+++ /dev/null
@@ -1,187 +0,0 @@
-// Copyright (c) 2012 The Go Authors. All rights reserved.
-// 
-// Redistribution and use in source and binary forms, with or without
-// modification, are permitted provided that the following conditions are
-// met:
-// 
-//    * Redistributions of source code must retain the above copyright
-// notice, this list of conditions and the following disclaimer.
-//    * Redistributions in binary form must reproduce the above
-// copyright notice, this list of conditions and the following disclaimer
-// in the documentation and/or other materials provided with the
-// distribution.
-//    * Neither the name of Google Inc. nor the names of its
-// contributors may be used to endorse or promote products derived from
-// this software without specific prior written permission.
-// 
-// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-package check
-
-import (
-	"fmt"
-	"runtime"
-	"time"
-)
-
-var memStats runtime.MemStats
-
-// testingB is a type passed to Benchmark functions to manage benchmark
-// timing and to specify the number of iterations to run.
-type timer struct {
-	start     time.Time // Time test or benchmark started
-	duration  time.Duration
-	N         int
-	bytes     int64
-	timerOn   bool
-	benchTime time.Duration
-	// The initial states of memStats.Mallocs and memStats.TotalAlloc.
-	startAllocs uint64
-	startBytes  uint64
-	// The net total of this test after being run.
-	netAllocs uint64
-	netBytes  uint64
-}
-
-// StartTimer starts timing a test. This function is called automatically
-// before a benchmark starts, but it can also used to resume timing after
-// a call to StopTimer.
-func (c *C) StartTimer() {
-	if !c.timerOn {
-		c.start = time.Now()
-		c.timerOn = true
-
-		runtime.ReadMemStats(&memStats)
-		c.startAllocs = memStats.Mallocs
-		c.startBytes = memStats.TotalAlloc
-	}
-}
-
-// StopTimer stops timing a test. This can be used to pause the timer
-// while performing complex initialization that you don't
-// want to measure.
-func (c *C) StopTimer() {
-	if c.timerOn {
-		c.duration += time.Now().Sub(c.start)
-		c.timerOn = false
-		runtime.ReadMemStats(&memStats)
-		c.netAllocs += memStats.Mallocs - c.startAllocs
-		c.netBytes += memStats.TotalAlloc - c.startBytes
-	}
-}
-
-// ResetTimer sets the elapsed benchmark time to zero.
-// It does not affect whether the timer is running.
-func (c *C) ResetTimer() {
-	if c.timerOn {
-		c.start = time.Now()
-		runtime.ReadMemStats(&memStats)
-		c.startAllocs = memStats.Mallocs
-		c.startBytes = memStats.TotalAlloc
-	}
-	c.duration = 0
-	c.netAllocs = 0
-	c.netBytes = 0
-}
-
-// SetBytes informs the number of bytes that the benchmark processes
-// on each iteration. If this is called in a benchmark it will also
-// report MB/s.
-func (c *C) SetBytes(n int64) {
-	c.bytes = n
-}
-
-func (c *C) nsPerOp() int64 {
-	if c.N <= 0 {
-		return 0
-	}
-	return c.duration.Nanoseconds() / int64(c.N)
-}
-
-func (c *C) mbPerSec() float64 {
-	if c.bytes <= 0 || c.duration <= 0 || c.N <= 0 {
-		return 0
-	}
-	return (float64(c.bytes) * float64(c.N) / 1e6) / c.duration.Seconds()
-}
-
-func (c *C) timerString() string {
-	if c.N <= 0 {
-		return fmt.Sprintf("%3.3fs", float64(c.duration.Nanoseconds())/1e9)
-	}
-	mbs := c.mbPerSec()
-	mb := ""
-	if mbs != 0 {
-		mb = fmt.Sprintf("\t%7.2f MB/s", mbs)
-	}
-	nsop := c.nsPerOp()
-	ns := fmt.Sprintf("%10d ns/op", nsop)
-	if c.N > 0 && nsop < 100 {
-		// The format specifiers here make sure that
-		// the ones digits line up for all three possible formats.
-		if nsop < 10 {
-			ns = fmt.Sprintf("%13.2f ns/op", float64(c.duration.Nanoseconds())/float64(c.N))
-		} else {
-			ns = fmt.Sprintf("%12.1f ns/op", float64(c.duration.Nanoseconds())/float64(c.N))
-		}
-	}
-	memStats := ""
-	if c.benchMem {
-		allocedBytes := fmt.Sprintf("%8d B/op", int64(c.netBytes)/int64(c.N))
-		allocs := fmt.Sprintf("%8d allocs/op", int64(c.netAllocs)/int64(c.N))
-		memStats = fmt.Sprintf("\t%s\t%s", allocedBytes, allocs)
-	}
-	return fmt.Sprintf("%8d\t%s%s%s", c.N, ns, mb, memStats)
-}
-
-func min(x, y int) int {
-	if x > y {
-		return y
-	}
-	return x
-}
-
-func max(x, y int) int {
-	if x < y {
-		return y
-	}
-	return x
-}
-
-// roundDown10 rounds a number down to the nearest power of 10.
-func roundDown10(n int) int {
-	var tens = 0
-	// tens = floor(log_10(n))
-	for n > 10 {
-		n = n / 10
-		tens++
-	}
-	// result = 10^tens
-	result := 1
-	for i := 0; i < tens; i++ {
-		result *= 10
-	}
-	return result
-}
-
-// roundUp rounds x up to a number of the form [1eX, 2eX, 5eX].
-func roundUp(n int) int {
-	base := roundDown10(n)
-	if n < (2 * base) {
-		return 2 * base
-	}
-	if n < (5 * base) {
-		return 5 * base
-	}
-	return 10 * base
-}
diff --git a/vendor/gopkg.in/check.v1/check.go b/vendor/gopkg.in/check.v1/check.go
deleted file mode 100644
index bba8d8bf6..000000000
--- a/vendor/gopkg.in/check.v1/check.go
+++ /dev/null
@@ -1,876 +0,0 @@
-// Package check is a rich testing extension for Go's testing package.
-//
-// For details about the project, see:
-//
-//     http://labix.org/gocheck
-//
-package check
-
-import (
-	"bytes"
-	"errors"
-	"fmt"
-	"io"
-	"io/ioutil"
-	"os"
-	"path"
-	"path/filepath"
-	"reflect"
-	"regexp"
-	"runtime"
-	"strconv"
-	"strings"
-	"sync"
-	"sync/atomic"
-	"time"
-)
-
-// -----------------------------------------------------------------------
-// Internal type which deals with suite method calling.
-
-const (
-	fixtureKd = iota
-	testKd
-)
-
-type funcKind int
-
-const (
-	succeededSt = iota
-	failedSt
-	skippedSt
-	panickedSt
-	fixturePanickedSt
-	missedSt
-)
-
-type funcStatus uint32
-
-// A method value can't reach its own Method structure.
-type methodType struct {
-	reflect.Value
-	Info reflect.Method
-}
-
-func newMethod(receiver reflect.Value, i int) *methodType {
-	return &methodType{receiver.Method(i), receiver.Type().Method(i)}
-}
-
-func (method *methodType) PC() uintptr {
-	return method.Info.Func.Pointer()
-}
-
-func (method *methodType) suiteName() string {
-	t := method.Info.Type.In(0)
-	if t.Kind() == reflect.Ptr {
-		t = t.Elem()
-	}
-	return t.Name()
-}
-
-func (method *methodType) String() string {
-	return method.suiteName() + "." + method.Info.Name
-}
-
-func (method *methodType) matches(re *regexp.Regexp) bool {
-	return (re.MatchString(method.Info.Name) ||
-		re.MatchString(method.suiteName()) ||
-		re.MatchString(method.String()))
-}
-
-type C struct {
-	method    *methodType
-	kind      funcKind
-	testName  string
-	_status   funcStatus
-	logb      *logger
-	logw      io.Writer
-	done      chan *C
-	reason    string
-	mustFail  bool
-	tempDir   *tempDir
-	benchMem  bool
-	startTime time.Time
-	timer
-}
-
-func (c *C) status() funcStatus {
-	return funcStatus(atomic.LoadUint32((*uint32)(&c._status)))
-}
-
-func (c *C) setStatus(s funcStatus) {
-	atomic.StoreUint32((*uint32)(&c._status), uint32(s))
-}
-
-func (c *C) stopNow() {
-	runtime.Goexit()
-}
-
-// logger is a concurrency safe byte.Buffer
-type logger struct {
-	sync.Mutex
-	writer bytes.Buffer
-}
-
-func (l *logger) Write(buf []byte) (int, error) {
-	l.Lock()
-	defer l.Unlock()
-	return l.writer.Write(buf)
-}
-
-func (l *logger) WriteTo(w io.Writer) (int64, error) {
-	l.Lock()
-	defer l.Unlock()
-	return l.writer.WriteTo(w)
-}
-
-func (l *logger) String() string {
-	l.Lock()
-	defer l.Unlock()
-	return l.writer.String()
-}
-
-// -----------------------------------------------------------------------
-// Handling of temporary files and directories.
-
-type tempDir struct {
-	sync.Mutex
-	path    string
-	counter int
-}
-
-func (td *tempDir) newPath() string {
-	td.Lock()
-	defer td.Unlock()
-	if td.path == "" {
-		path, err := ioutil.TempDir("", "check-")
-		if err != nil {
-			panic("Couldn't create temporary directory: " + err.Error())
-		}
-		td.path = path
-	}
-	result := filepath.Join(td.path, strconv.Itoa(td.counter))
-	td.counter++
-	return result
-}
-
-func (td *tempDir) removeAll() {
-	td.Lock()
-	defer td.Unlock()
-	if td.path != "" {
-		err := os.RemoveAll(td.path)
-		if err != nil {
-			fmt.Fprintf(os.Stderr, "WARNING: Error cleaning up temporaries: "+err.Error())
-		}
-	}
-}
-
-// Create a new temporary directory which is automatically removed after
-// the suite finishes running.
-func (c *C) MkDir() string {
-	path := c.tempDir.newPath()
-	if err := os.Mkdir(path, 0700); err != nil {
-		panic(fmt.Sprintf("Couldn't create temporary directory %s: %s", path, err.Error()))
-	}
-	return path
-}
-
-// -----------------------------------------------------------------------
-// Low-level logging functions.
-
-func (c *C) log(args ...interface{}) {
-	c.writeLog([]byte(fmt.Sprint(args...) + "\n"))
-}
-
-func (c *C) logf(format string, args ...interface{}) {
-	c.writeLog([]byte(fmt.Sprintf(format+"\n", args...)))
-}
-
-func (c *C) logNewLine() {
-	c.writeLog([]byte{'\n'})
-}
-
-func (c *C) writeLog(buf []byte) {
-	c.logb.Write(buf)
-	if c.logw != nil {
-		c.logw.Write(buf)
-	}
-}
-
-func hasStringOrError(x interface{}) (ok bool) {
-	_, ok = x.(fmt.Stringer)
-	if ok {
-		return
-	}
-	_, ok = x.(error)
-	return
-}
-
-func (c *C) logValue(label string, value interface{}) {
-	if label == "" {
-		if hasStringOrError(value) {
-			c.logf("... %#v (%q)", value, value)
-		} else {
-			c.logf("... %#v", value)
-		}
-	} else if value == nil {
-		c.logf("... %s = nil", label)
-	} else {
-		if hasStringOrError(value) {
-			fv := fmt.Sprintf("%#v", value)
-			qv := fmt.Sprintf("%q", value)
-			if fv != qv {
-				c.logf("... %s %s = %s (%s)", label, reflect.TypeOf(value), fv, qv)
-				return
-			}
-		}
-		if s, ok := value.(string); ok && isMultiLine(s) {
-			c.logf(`... %s %s = "" +`, label, reflect.TypeOf(value))
-			c.logMultiLine(s)
-		} else {
-			c.logf("... %s %s = %#v", label, reflect.TypeOf(value), value)
-		}
-	}
-}
-
-func formatMultiLine(s string, quote bool) []byte {
-	b := make([]byte, 0, len(s)*2)
-	i := 0
-	n := len(s)
-	for i < n {
-		j := i + 1
-		for j < n && s[j-1] != '\n' {
-			j++
-		}
-		b = append(b, "...     "...)
-		if quote {
-			b = strconv.AppendQuote(b, s[i:j])
-		} else {
-			b = append(b, s[i:j]...)
-			b = bytes.TrimSpace(b)
-		}
-		if quote && j < n {
-			b = append(b, " +"...)
-		}
-		b = append(b, '\n')
-		i = j
-	}
-	return b
-}
-
-func (c *C) logMultiLine(s string) {
-	c.writeLog(formatMultiLine(s, true))
-}
-
-func isMultiLine(s string) bool {
-	for i := 0; i+1 < len(s); i++ {
-		if s[i] == '\n' {
-			return true
-		}
-	}
-	return false
-}
-
-func (c *C) logString(issue string) {
-	c.log("... ", issue)
-}
-
-func (c *C) logCaller(skip int) {
-	// This is a bit heavier than it ought to be.
-	skip++ // Our own frame.
-	pc, callerFile, callerLine, ok := runtime.Caller(skip)
-	if !ok {
-		return
-	}
-	var testFile string
-	var testLine int
-	testFunc := runtime.FuncForPC(c.method.PC())
-	if runtime.FuncForPC(pc) != testFunc {
-		for {
-			skip++
-			if pc, file, line, ok := runtime.Caller(skip); ok {
-				// Note that the test line may be different on
-				// distinct calls for the same test.  Showing
-				// the "internal" line is helpful when debugging.
-				if runtime.FuncForPC(pc) == testFunc {
-					testFile, testLine = file, line
-					break
-				}
-			} else {
-				break
-			}
-		}
-	}
-	if testFile != "" && (testFile != callerFile || testLine != callerLine) {
-		c.logCode(testFile, testLine)
-	}
-	c.logCode(callerFile, callerLine)
-}
-
-func (c *C) logCode(path string, line int) {
-	c.logf("%s:%d:", nicePath(path), line)
-	code, err := printLine(path, line)
-	if code == "" {
-		code = "..." // XXX Open the file and take the raw line.
-		if err != nil {
-			code += err.Error()
-		}
-	}
-	c.log(indent(code, "    "))
-}
-
-var valueGo = filepath.Join("reflect", "value.go")
-var asmGo = filepath.Join("runtime", "asm_")
-
-func (c *C) logPanic(skip int, value interface{}) {
-	skip++ // Our own frame.
-	initialSkip := skip
-	for ; ; skip++ {
-		if pc, file, line, ok := runtime.Caller(skip); ok {
-			if skip == initialSkip {
-				c.logf("... Panic: %s (PC=0x%X)\n", value, pc)
-			}
-			name := niceFuncName(pc)
-			path := nicePath(file)
-			if strings.Contains(path, "/gopkg.in/check.v") {
-				continue
-			}
-			if name == "Value.call" && strings.HasSuffix(path, valueGo) {
-				continue
-			}
-			if (name == "call16" || name == "call32") && strings.Contains(path, asmGo) {
-				continue
-			}
-			c.logf("%s:%d\n  in %s", nicePath(file), line, name)
-		} else {
-			break
-		}
-	}
-}
-
-func (c *C) logSoftPanic(issue string) {
-	c.log("... Panic: ", issue)
-}
-
-func (c *C) logArgPanic(method *methodType, expectedType string) {
-	c.logf("... Panic: %s argument should be %s",
-		niceFuncName(method.PC()), expectedType)
-}
-
-// -----------------------------------------------------------------------
-// Some simple formatting helpers.
-
-var initWD, initWDErr = os.Getwd()
-
-func init() {
-	if initWDErr == nil {
-		initWD = strings.Replace(initWD, "\\", "/", -1) + "/"
-	}
-}
-
-func nicePath(path string) string {
-	if initWDErr == nil {
-		if strings.HasPrefix(path, initWD) {
-			return path[len(initWD):]
-		}
-	}
-	return path
-}
-
-func niceFuncPath(pc uintptr) string {
-	function := runtime.FuncForPC(pc)
-	if function != nil {
-		filename, line := function.FileLine(pc)
-		return fmt.Sprintf("%s:%d", nicePath(filename), line)
-	}
-	return "<unknown path>"
-}
-
-func niceFuncName(pc uintptr) string {
-	function := runtime.FuncForPC(pc)
-	if function != nil {
-		name := path.Base(function.Name())
-		if i := strings.Index(name, "."); i > 0 {
-			name = name[i+1:]
-		}
-		if strings.HasPrefix(name, "(*") {
-			if i := strings.Index(name, ")"); i > 0 {
-				name = name[2:i] + name[i+1:]
-			}
-		}
-		if i := strings.LastIndex(name, ".*"); i != -1 {
-			name = name[:i] + "." + name[i+2:]
-		}
-		if i := strings.LastIndex(name, "·"); i != -1 {
-			name = name[:i] + "." + name[i+2:]
-		}
-		return name
-	}
-	return "<unknown function>"
-}
-
-// -----------------------------------------------------------------------
-// Result tracker to aggregate call results.
-
-type Result struct {
-	Succeeded        int
-	Failed           int
-	Skipped          int
-	Panicked         int
-	FixturePanicked  int
-	ExpectedFailures int
-	Missed           int    // Not even tried to run, related to a panic in the fixture.
-	RunError         error  // Houston, we've got a problem.
-	WorkDir          string // If KeepWorkDir is true
-}
-
-type resultTracker struct {
-	result          Result
-	_lastWasProblem bool
-	_waiting        int
-	_missed         int
-	_expectChan     chan *C
-	_doneChan       chan *C
-	_stopChan       chan bool
-}
-
-func newResultTracker() *resultTracker {
-	return &resultTracker{_expectChan: make(chan *C), // Synchronous
-		_doneChan: make(chan *C, 32), // Asynchronous
-		_stopChan: make(chan bool)}   // Synchronous
-}
-
-func (tracker *resultTracker) start() {
-	go tracker._loopRoutine()
-}
-
-func (tracker *resultTracker) waitAndStop() {
-	<-tracker._stopChan
-}
-
-func (tracker *resultTracker) expectCall(c *C) {
-	tracker._expectChan <- c
-}
-
-func (tracker *resultTracker) callDone(c *C) {
-	tracker._doneChan <- c
-}
-
-func (tracker *resultTracker) _loopRoutine() {
-	for {
-		var c *C
-		if tracker._waiting > 0 {
-			// Calls still running. Can't stop.
-			select {
-			// XXX Reindent this (not now to make diff clear)
-			case <-tracker._expectChan:
-				tracker._waiting++
-			case c = <-tracker._doneChan:
-				tracker._waiting--
-				switch c.status() {
-				case succeededSt:
-					if c.kind == testKd {
-						if c.mustFail {
-							tracker.result.ExpectedFailures++
-						} else {
-							tracker.result.Succeeded++
-						}
-					}
-				case failedSt:
-					tracker.result.Failed++
-				case panickedSt:
-					if c.kind == fixtureKd {
-						tracker.result.FixturePanicked++
-					} else {
-						tracker.result.Panicked++
-					}
-				case fixturePanickedSt:
-					// Track it as missed, since the panic
-					// was on the fixture, not on the test.
-					tracker.result.Missed++
-				case missedSt:
-					tracker.result.Missed++
-				case skippedSt:
-					if c.kind == testKd {
-						tracker.result.Skipped++
-					}
-				}
-			}
-		} else {
-			// No calls.  Can stop, but no done calls here.
-			select {
-			case tracker._stopChan <- true:
-				return
-			case <-tracker._expectChan:
-				tracker._waiting++
-			case <-tracker._doneChan:
-				panic("Tracker got an unexpected done call.")
-			}
-		}
-	}
-}
-
-// -----------------------------------------------------------------------
-// The underlying suite runner.
-
-type suiteRunner struct {
-	suite                     interface{}
-	setUpSuite, tearDownSuite *methodType
-	setUpTest, tearDownTest   *methodType
-	tests                     []*methodType
-	tracker                   *resultTracker
-	tempDir                   *tempDir
-	keepDir                   bool
-	output                    *outputWriter
-	reportedProblemLast       bool
-	benchTime                 time.Duration
-	benchMem                  bool
-}
-
-type RunConf struct {
-	Output        io.Writer
-	Stream        bool
-	Verbose       bool
-	Filter        string
-	Benchmark     bool
-	BenchmarkTime time.Duration // Defaults to 1 second
-	BenchmarkMem  bool
-	KeepWorkDir   bool
-}
-
-// Create a new suiteRunner able to run all methods in the given suite.
-func newSuiteRunner(suite interface{}, runConf *RunConf) *suiteRunner {
-	var conf RunConf
-	if runConf != nil {
-		conf = *runConf
-	}
-	if conf.Output == nil {
-		conf.Output = os.Stdout
-	}
-	if conf.Benchmark {
-		conf.Verbose = true
-	}
-
-	suiteType := reflect.TypeOf(suite)
-	suiteNumMethods := suiteType.NumMethod()
-	suiteValue := reflect.ValueOf(suite)
-
-	runner := &suiteRunner{
-		suite:     suite,
-		output:    newOutputWriter(conf.Output, conf.Stream, conf.Verbose),
-		tracker:   newResultTracker(),
-		benchTime: conf.BenchmarkTime,
-		benchMem:  conf.BenchmarkMem,
-		tempDir:   &tempDir{},
-		keepDir:   conf.KeepWorkDir,
-		tests:     make([]*methodType, 0, suiteNumMethods),
-	}
-	if runner.benchTime == 0 {
-		runner.benchTime = 1 * time.Second
-	}
-
-	var filterRegexp *regexp.Regexp
-	if conf.Filter != "" {
-		regexp, err := regexp.Compile(conf.Filter)
-		if err != nil {
-			msg := "Bad filter expression: " + err.Error()
-			runner.tracker.result.RunError = errors.New(msg)
-			return runner
-		}
-		filterRegexp = regexp
-	}
-
-	for i := 0; i != suiteNumMethods; i++ {
-		method := newMethod(suiteValue, i)
-		switch method.Info.Name {
-		case "SetUpSuite":
-			runner.setUpSuite = method
-		case "TearDownSuite":
-			runner.tearDownSuite = method
-		case "SetUpTest":
-			runner.setUpTest = method
-		case "TearDownTest":
-			runner.tearDownTest = method
-		default:
-			prefix := "Test"
-			if conf.Benchmark {
-				prefix = "Benchmark"
-			}
-			if !strings.HasPrefix(method.Info.Name, prefix) {
-				continue
-			}
-			if filterRegexp == nil || method.matches(filterRegexp) {
-				runner.tests = append(runner.tests, method)
-			}
-		}
-	}
-	return runner
-}
-
-// Run all methods in the given suite.
-func (runner *suiteRunner) run() *Result {
-	if runner.tracker.result.RunError == nil && len(runner.tests) > 0 {
-		runner.tracker.start()
-		if runner.checkFixtureArgs() {
-			c := runner.runFixture(runner.setUpSuite, "", nil)
-			if c == nil || c.status() == succeededSt {
-				for i := 0; i != len(runner.tests); i++ {
-					c := runner.runTest(runner.tests[i])
-					if c.status() == fixturePanickedSt {
-						runner.skipTests(missedSt, runner.tests[i+1:])
-						break
-					}
-				}
-			} else if c != nil && c.status() == skippedSt {
-				runner.skipTests(skippedSt, runner.tests)
-			} else {
-				runner.skipTests(missedSt, runner.tests)
-			}
-			runner.runFixture(runner.tearDownSuite, "", nil)
-		} else {
-			runner.skipTests(missedSt, runner.tests)
-		}
-		runner.tracker.waitAndStop()
-		if runner.keepDir {
-			runner.tracker.result.WorkDir = runner.tempDir.path
-		} else {
-			runner.tempDir.removeAll()
-		}
-	}
-	return &runner.tracker.result
-}
-
-// Create a call object with the given suite method, and fork a
-// goroutine with the provided dispatcher for running it.
-func (runner *suiteRunner) forkCall(method *methodType, kind funcKind, testName string, logb *logger, dispatcher func(c *C)) *C {
-	var logw io.Writer
-	if runner.output.Stream {
-		logw = runner.output
-	}
-	if logb == nil {
-		logb = new(logger)
-	}
-	c := &C{
-		method:    method,
-		kind:      kind,
-		testName:  testName,
-		logb:      logb,
-		logw:      logw,
-		tempDir:   runner.tempDir,
-		done:      make(chan *C, 1),
-		timer:     timer{benchTime: runner.benchTime},
-		startTime: time.Now(),
-		benchMem:  runner.benchMem,
-	}
-	runner.tracker.expectCall(c)
-	go (func() {
-		runner.reportCallStarted(c)
-		defer runner.callDone(c)
-		dispatcher(c)
-	})()
-	return c
-}
-
-// Same as forkCall(), but wait for call to finish before returning.
-func (runner *suiteRunner) runFunc(method *methodType, kind funcKind, testName string, logb *logger, dispatcher func(c *C)) *C {
-	c := runner.forkCall(method, kind, testName, logb, dispatcher)
-	<-c.done
-	return c
-}
-
-// Handle a finished call.  If there were any panics, update the call status
-// accordingly.  Then, mark the call as done and report to the tracker.
-func (runner *suiteRunner) callDone(c *C) {
-	value := recover()
-	if value != nil {
-		switch v := value.(type) {
-		case *fixturePanic:
-			if v.status == skippedSt {
-				c.setStatus(skippedSt)
-			} else {
-				c.logSoftPanic("Fixture has panicked (see related PANIC)")
-				c.setStatus(fixturePanickedSt)
-			}
-		default:
-			c.logPanic(1, value)
-			c.setStatus(panickedSt)
-		}
-	}
-	if c.mustFail {
-		switch c.status() {
-		case failedSt:
-			c.setStatus(succeededSt)
-		case succeededSt:
-			c.setStatus(failedSt)
-			c.logString("Error: Test succeeded, but was expected to fail")
-			c.logString("Reason: " + c.reason)
-		}
-	}
-
-	runner.reportCallDone(c)
-	c.done <- c
-}
-
-// Runs a fixture call synchronously.  The fixture will still be run in a
-// goroutine like all suite methods, but this method will not return
-// while the fixture goroutine is not done, because the fixture must be
-// run in a desired order.
-func (runner *suiteRunner) runFixture(method *methodType, testName string, logb *logger) *C {
-	if method != nil {
-		c := runner.runFunc(method, fixtureKd, testName, logb, func(c *C) {
-			c.ResetTimer()
-			c.StartTimer()
-			defer c.StopTimer()
-			c.method.Call([]reflect.Value{reflect.ValueOf(c)})
-		})
-		return c
-	}
-	return nil
-}
-
-// Run the fixture method with runFixture(), but panic with a fixturePanic{}
-// in case the fixture method panics.  This makes it easier to track the
-// fixture panic together with other call panics within forkTest().
-func (runner *suiteRunner) runFixtureWithPanic(method *methodType, testName string, logb *logger, skipped *bool) *C {
-	if skipped != nil && *skipped {
-		return nil
-	}
-	c := runner.runFixture(method, testName, logb)
-	if c != nil && c.status() != succeededSt {
-		if skipped != nil {
-			*skipped = c.status() == skippedSt
-		}
-		panic(&fixturePanic{c.status(), method})
-	}
-	return c
-}
-
-type fixturePanic struct {
-	status funcStatus
-	method *methodType
-}
-
-// Run the suite test method, together with the test-specific fixture,
-// asynchronously.
-func (runner *suiteRunner) forkTest(method *methodType) *C {
-	testName := method.String()
-	return runner.forkCall(method, testKd, testName, nil, func(c *C) {
-		var skipped bool
-		defer runner.runFixtureWithPanic(runner.tearDownTest, testName, nil, &skipped)
-		defer c.StopTimer()
-		benchN := 1
-		for {
-			runner.runFixtureWithPanic(runner.setUpTest, testName, c.logb, &skipped)
-			mt := c.method.Type()
-			if mt.NumIn() != 1 || mt.In(0) != reflect.TypeOf(c) {
-				// Rather than a plain panic, provide a more helpful message when
-				// the argument type is incorrect.
-				c.setStatus(panickedSt)
-				c.logArgPanic(c.method, "*check.C")
-				return
-			}
-			if strings.HasPrefix(c.method.Info.Name, "Test") {
-				c.ResetTimer()
-				c.StartTimer()
-				c.method.Call([]reflect.Value{reflect.ValueOf(c)})
-				return
-			}
-			if !strings.HasPrefix(c.method.Info.Name, "Benchmark") {
-				panic("unexpected method prefix: " + c.method.Info.Name)
-			}
-
-			runtime.GC()
-			c.N = benchN
-			c.ResetTimer()
-			c.StartTimer()
-			c.method.Call([]reflect.Value{reflect.ValueOf(c)})
-			c.StopTimer()
-			if c.status() != succeededSt || c.duration >= c.benchTime || benchN >= 1e9 {
-				return
-			}
-			perOpN := int(1e9)
-			if c.nsPerOp() != 0 {
-				perOpN = int(c.benchTime.Nanoseconds() / c.nsPerOp())
-			}
-
-			// Logic taken from the stock testing package:
-			// - Run more iterations than we think we'll need for a second (1.5x).
-			// - Don't grow too fast in case we had timing errors previously.
-			// - Be sure to run at least one more than last time.
-			benchN = max(min(perOpN+perOpN/2, 100*benchN), benchN+1)
-			benchN = roundUp(benchN)
-
-			skipped = true // Don't run the deferred one if this panics.
-			runner.runFixtureWithPanic(runner.tearDownTest, testName, nil, nil)
-			skipped = false
-		}
-	})
-}
-
-// Same as forkTest(), but wait for the test to finish before returning.
-func (runner *suiteRunner) runTest(method *methodType) *C {
-	c := runner.forkTest(method)
-	<-c.done
-	return c
-}
-
-// Helper to mark tests as skipped or missed.  A bit heavy for what
-// it does, but it enables homogeneous handling of tracking, including
-// nice verbose output.
-func (runner *suiteRunner) skipTests(status funcStatus, methods []*methodType) {
-	for _, method := range methods {
-		runner.runFunc(method, testKd, "", nil, func(c *C) {
-			c.setStatus(status)
-		})
-	}
-}
-
-// Verify if the fixture arguments are *check.C.  In case of errors,
-// log the error as a panic in the fixture method call, and return false.
-func (runner *suiteRunner) checkFixtureArgs() bool {
-	succeeded := true
-	argType := reflect.TypeOf(&C{})
-	for _, method := range []*methodType{runner.setUpSuite, runner.tearDownSuite, runner.setUpTest, runner.tearDownTest} {
-		if method != nil {
-			mt := method.Type()
-			if mt.NumIn() != 1 || mt.In(0) != argType {
-				succeeded = false
-				runner.runFunc(method, fixtureKd, "", nil, func(c *C) {
-					c.logArgPanic(method, "*check.C")
-					c.setStatus(panickedSt)
-				})
-			}
-		}
-	}
-	return succeeded
-}
-
-func (runner *suiteRunner) reportCallStarted(c *C) {
-	runner.output.WriteCallStarted("START", c)
-}
-
-func (runner *suiteRunner) reportCallDone(c *C) {
-	runner.tracker.callDone(c)
-	switch c.status() {
-	case succeededSt:
-		if c.mustFail {
-			runner.output.WriteCallSuccess("FAIL EXPECTED", c)
-		} else {
-			runner.output.WriteCallSuccess("PASS", c)
-		}
-	case skippedSt:
-		runner.output.WriteCallSuccess("SKIP", c)
-	case failedSt:
-		runner.output.WriteCallProblem("FAIL", c)
-	case panickedSt:
-		runner.output.WriteCallProblem("PANIC", c)
-	case fixturePanickedSt:
-		// That's a testKd call reporting that its fixture
-		// has panicked. The fixture call which caused the
-		// panic itself was tracked above. We'll report to
-		// aid debugging.
-		runner.output.WriteCallProblem("PANIC", c)
-	case missedSt:
-		runner.output.WriteCallSuccess("MISS", c)
-	}
-}
diff --git a/vendor/gopkg.in/check.v1/checkers.go b/vendor/gopkg.in/check.v1/checkers.go
deleted file mode 100644
index 032619792..000000000
--- a/vendor/gopkg.in/check.v1/checkers.go
+++ /dev/null
@@ -1,528 +0,0 @@
-package check
-
-import (
-	"fmt"
-	"reflect"
-	"regexp"
-	"strings"
-
-	"github.com/kr/pretty"
-)
-
-// -----------------------------------------------------------------------
-// CommentInterface and Commentf helper, to attach extra information to checks.
-
-type comment struct {
-	format string
-	args   []interface{}
-}
-
-// Commentf returns an infomational value to use with Assert or Check calls.
-// If the checker test fails, the provided arguments will be passed to
-// fmt.Sprintf, and will be presented next to the logged failure.
-//
-// For example:
-//
-//     c.Assert(v, Equals, 42, Commentf("Iteration #%d failed.", i))
-//
-// Note that if the comment is constant, a better option is to
-// simply use a normal comment right above or next to the line, as
-// it will also get printed with any errors:
-//
-//     c.Assert(l, Equals, 8192) // Ensure buffer size is correct (bug #123)
-//
-func Commentf(format string, args ...interface{}) CommentInterface {
-	return &comment{format, args}
-}
-
-// CommentInterface must be implemented by types that attach extra
-// information to failed checks. See the Commentf function for details.
-type CommentInterface interface {
-	CheckCommentString() string
-}
-
-func (c *comment) CheckCommentString() string {
-	return fmt.Sprintf(c.format, c.args...)
-}
-
-// -----------------------------------------------------------------------
-// The Checker interface.
-
-// The Checker interface must be provided by checkers used with
-// the Assert and Check verification methods.
-type Checker interface {
-	Info() *CheckerInfo
-	Check(params []interface{}, names []string) (result bool, error string)
-}
-
-// See the Checker interface.
-type CheckerInfo struct {
-	Name   string
-	Params []string
-}
-
-func (info *CheckerInfo) Info() *CheckerInfo {
-	return info
-}
-
-// -----------------------------------------------------------------------
-// Not checker logic inverter.
-
-// The Not checker inverts the logic of the provided checker.  The
-// resulting checker will succeed where the original one failed, and
-// vice-versa.
-//
-// For example:
-//
-//     c.Assert(a, Not(Equals), b)
-//
-func Not(checker Checker) Checker {
-	return &notChecker{checker}
-}
-
-type notChecker struct {
-	sub Checker
-}
-
-func (checker *notChecker) Info() *CheckerInfo {
-	info := *checker.sub.Info()
-	info.Name = "Not(" + info.Name + ")"
-	return &info
-}
-
-func (checker *notChecker) Check(params []interface{}, names []string) (result bool, error string) {
-	result, error = checker.sub.Check(params, names)
-	result = !result
-	if result {
-		// clear error message if the new result is true
-		error = ""
-	}
-	return
-}
-
-// -----------------------------------------------------------------------
-// IsNil checker.
-
-type isNilChecker struct {
-	*CheckerInfo
-}
-
-// The IsNil checker tests whether the obtained value is nil.
-//
-// For example:
-//
-//    c.Assert(err, IsNil)
-//
-var IsNil Checker = &isNilChecker{
-	&CheckerInfo{Name: "IsNil", Params: []string{"value"}},
-}
-
-func (checker *isNilChecker) Check(params []interface{}, names []string) (result bool, error string) {
-	return isNil(params[0]), ""
-}
-
-func isNil(obtained interface{}) (result bool) {
-	if obtained == nil {
-		result = true
-	} else {
-		switch v := reflect.ValueOf(obtained); v.Kind() {
-		case reflect.Chan, reflect.Func, reflect.Interface, reflect.Map, reflect.Ptr, reflect.Slice:
-			return v.IsNil()
-		}
-	}
-	return
-}
-
-// -----------------------------------------------------------------------
-// NotNil checker. Alias for Not(IsNil), since it's so common.
-
-type notNilChecker struct {
-	*CheckerInfo
-}
-
-// The NotNil checker verifies that the obtained value is not nil.
-//
-// For example:
-//
-//     c.Assert(iface, NotNil)
-//
-// This is an alias for Not(IsNil), made available since it's a
-// fairly common check.
-//
-var NotNil Checker = &notNilChecker{
-	&CheckerInfo{Name: "NotNil", Params: []string{"value"}},
-}
-
-func (checker *notNilChecker) Check(params []interface{}, names []string) (result bool, error string) {
-	return !isNil(params[0]), ""
-}
-
-// -----------------------------------------------------------------------
-// Equals checker.
-
-func diffworthy(a interface{}) bool {
-	if a == nil {
-		return false
-	}
-
-	t := reflect.TypeOf(a)
-	switch t.Kind() {
-	case reflect.Array, reflect.Map, reflect.Slice, reflect.Struct, reflect.String, reflect.Ptr:
-		return true
-	}
-	return false
-}
-
-// formatUnequal will dump the actual and expected values into a textual
-// representation and return an error message containing a diff.
-func formatUnequal(obtained interface{}, expected interface{}) string {
-	// We do not do diffs for basic types because go-check already
-	// shows them very cleanly.
-	if !diffworthy(obtained) || !diffworthy(expected) {
-		return ""
-	}
-
-	// Handle strings, short strings are ignored (go-check formats
-	// them very nicely already). We do multi-line strings by
-	// generating two string slices and using kr.Diff to compare
-	// those (kr.Diff does not do string diffs by itself).
-	aStr, aOK := obtained.(string)
-	bStr, bOK := expected.(string)
-	if aOK && bOK {
-		l1 := strings.Split(aStr, "\n")
-		l2 := strings.Split(bStr, "\n")
-		// the "2" here is a bit arbitrary
-		if len(l1) > 2 && len(l2) > 2 {
-			diff := pretty.Diff(l1, l2)
-			return fmt.Sprintf(`String difference:
-%s`, formatMultiLine(strings.Join(diff, "\n"), false))
-		}
-		// string too short
-		return ""
-	}
-
-	// generic diff
-	diff := pretty.Diff(obtained, expected)
-	if len(diff) == 0 {
-		// No diff, this happens when e.g. just struct
-		// pointers are different but the structs have
-		// identical values.
-		return ""
-	}
-
-	return fmt.Sprintf(`Difference:
-%s`, formatMultiLine(strings.Join(diff, "\n"), false))
-}
-
-type equalsChecker struct {
-	*CheckerInfo
-}
-
-// The Equals checker verifies that the obtained value is equal to
-// the expected value, according to usual Go semantics for ==.
-//
-// For example:
-//
-//     c.Assert(value, Equals, 42)
-//
-var Equals Checker = &equalsChecker{
-	&CheckerInfo{Name: "Equals", Params: []string{"obtained", "expected"}},
-}
-
-func (checker *equalsChecker) Check(params []interface{}, names []string) (result bool, error string) {
-	defer func() {
-		if v := recover(); v != nil {
-			result = false
-			error = fmt.Sprint(v)
-		}
-	}()
-
-	result = params[0] == params[1]
-	if !result {
-		error = formatUnequal(params[0], params[1])
-	}
-	return
-}
-
-// -----------------------------------------------------------------------
-// DeepEquals checker.
-
-type deepEqualsChecker struct {
-	*CheckerInfo
-}
-
-// The DeepEquals checker verifies that the obtained value is deep-equal to
-// the expected value.  The check will work correctly even when facing
-// slices, interfaces, and values of different types (which always fail
-// the test).
-//
-// For example:
-//
-//     c.Assert(value, DeepEquals, 42)
-//     c.Assert(array, DeepEquals, []string{"hi", "there"})
-//
-var DeepEquals Checker = &deepEqualsChecker{
-	&CheckerInfo{Name: "DeepEquals", Params: []string{"obtained", "expected"}},
-}
-
-func (checker *deepEqualsChecker) Check(params []interface{}, names []string) (result bool, error string) {
-	result = reflect.DeepEqual(params[0], params[1])
-	if !result {
-		error = formatUnequal(params[0], params[1])
-	}
-	return
-}
-
-// -----------------------------------------------------------------------
-// HasLen checker.
-
-type hasLenChecker struct {
-	*CheckerInfo
-}
-
-// The HasLen checker verifies that the obtained value has the
-// provided length. In many cases this is superior to using Equals
-// in conjunction with the len function because in case the check
-// fails the value itself will be printed, instead of its length,
-// providing more details for figuring the problem.
-//
-// For example:
-//
-//     c.Assert(list, HasLen, 5)
-//
-var HasLen Checker = &hasLenChecker{
-	&CheckerInfo{Name: "HasLen", Params: []string{"obtained", "n"}},
-}
-
-func (checker *hasLenChecker) Check(params []interface{}, names []string) (result bool, error string) {
-	n, ok := params[1].(int)
-	if !ok {
-		return false, "n must be an int"
-	}
-	value := reflect.ValueOf(params[0])
-	switch value.Kind() {
-	case reflect.Map, reflect.Array, reflect.Slice, reflect.Chan, reflect.String:
-	default:
-		return false, "obtained value type has no length"
-	}
-	return value.Len() == n, ""
-}
-
-// -----------------------------------------------------------------------
-// ErrorMatches checker.
-
-type errorMatchesChecker struct {
-	*CheckerInfo
-}
-
-// The ErrorMatches checker verifies that the error value
-// is non nil and matches the regular expression provided.
-//
-// For example:
-//
-//     c.Assert(err, ErrorMatches, "perm.*denied")
-//
-var ErrorMatches Checker = errorMatchesChecker{
-	&CheckerInfo{Name: "ErrorMatches", Params: []string{"value", "regex"}},
-}
-
-func (checker errorMatchesChecker) Check(params []interface{}, names []string) (result bool, errStr string) {
-	if params[0] == nil {
-		return false, "Error value is nil"
-	}
-	err, ok := params[0].(error)
-	if !ok {
-		return false, "Value is not an error"
-	}
-	params[0] = err.Error()
-	names[0] = "error"
-	return matches(params[0], params[1])
-}
-
-// -----------------------------------------------------------------------
-// Matches checker.
-
-type matchesChecker struct {
-	*CheckerInfo
-}
-
-// The Matches checker verifies that the string provided as the obtained
-// value (or the string resulting from obtained.String()) matches the
-// regular expression provided.
-//
-// For example:
-//
-//     c.Assert(err, Matches, "perm.*denied")
-//
-var Matches Checker = &matchesChecker{
-	&CheckerInfo{Name: "Matches", Params: []string{"value", "regex"}},
-}
-
-func (checker *matchesChecker) Check(params []interface{}, names []string) (result bool, error string) {
-	return matches(params[0], params[1])
-}
-
-func matches(value, regex interface{}) (result bool, error string) {
-	reStr, ok := regex.(string)
-	if !ok {
-		return false, "Regex must be a string"
-	}
-	valueStr, valueIsStr := value.(string)
-	if !valueIsStr {
-		if valueWithStr, valueHasStr := value.(fmt.Stringer); valueHasStr {
-			valueStr, valueIsStr = valueWithStr.String(), true
-		}
-	}
-	if valueIsStr {
-		matches, err := regexp.MatchString("^"+reStr+"$", valueStr)
-		if err != nil {
-			return false, "Can't compile regex: " + err.Error()
-		}
-		return matches, ""
-	}
-	return false, "Obtained value is not a string and has no .String()"
-}
-
-// -----------------------------------------------------------------------
-// Panics checker.
-
-type panicsChecker struct {
-	*CheckerInfo
-}
-
-// The Panics checker verifies that calling the provided zero-argument
-// function will cause a panic which is deep-equal to the provided value.
-//
-// For example:
-//
-//     c.Assert(func() { f(1, 2) }, Panics, &SomeErrorType{"BOOM"}).
-//
-//
-var Panics Checker = &panicsChecker{
-	&CheckerInfo{Name: "Panics", Params: []string{"function", "expected"}},
-}
-
-func (checker *panicsChecker) Check(params []interface{}, names []string) (result bool, error string) {
-	f := reflect.ValueOf(params[0])
-	if f.Kind() != reflect.Func || f.Type().NumIn() != 0 {
-		return false, "Function must take zero arguments"
-	}
-	defer func() {
-		// If the function has not panicked, then don't do the check.
-		if error != "" {
-			return
-		}
-		params[0] = recover()
-		names[0] = "panic"
-		result = reflect.DeepEqual(params[0], params[1])
-	}()
-	f.Call(nil)
-	return false, "Function has not panicked"
-}
-
-type panicMatchesChecker struct {
-	*CheckerInfo
-}
-
-// The PanicMatches checker verifies that calling the provided zero-argument
-// function will cause a panic with an error value matching
-// the regular expression provided.
-//
-// For example:
-//
-//     c.Assert(func() { f(1, 2) }, PanicMatches, `open.*: no such file or directory`).
-//
-//
-var PanicMatches Checker = &panicMatchesChecker{
-	&CheckerInfo{Name: "PanicMatches", Params: []string{"function", "expected"}},
-}
-
-func (checker *panicMatchesChecker) Check(params []interface{}, names []string) (result bool, errmsg string) {
-	f := reflect.ValueOf(params[0])
-	if f.Kind() != reflect.Func || f.Type().NumIn() != 0 {
-		return false, "Function must take zero arguments"
-	}
-	defer func() {
-		// If the function has not panicked, then don't do the check.
-		if errmsg != "" {
-			return
-		}
-		obtained := recover()
-		names[0] = "panic"
-		if e, ok := obtained.(error); ok {
-			params[0] = e.Error()
-		} else if _, ok := obtained.(string); ok {
-			params[0] = obtained
-		} else {
-			errmsg = "Panic value is not a string or an error"
-			return
-		}
-		result, errmsg = matches(params[0], params[1])
-	}()
-	f.Call(nil)
-	return false, "Function has not panicked"
-}
-
-// -----------------------------------------------------------------------
-// FitsTypeOf checker.
-
-type fitsTypeChecker struct {
-	*CheckerInfo
-}
-
-// The FitsTypeOf checker verifies that the obtained value is
-// assignable to a variable with the same type as the provided
-// sample value.
-//
-// For example:
-//
-//     c.Assert(value, FitsTypeOf, int64(0))
-//     c.Assert(value, FitsTypeOf, os.Error(nil))
-//
-var FitsTypeOf Checker = &fitsTypeChecker{
-	&CheckerInfo{Name: "FitsTypeOf", Params: []string{"obtained", "sample"}},
-}
-
-func (checker *fitsTypeChecker) Check(params []interface{}, names []string) (result bool, error string) {
-	obtained := reflect.ValueOf(params[0])
-	sample := reflect.ValueOf(params[1])
-	if !obtained.IsValid() {
-		return false, ""
-	}
-	if !sample.IsValid() {
-		return false, "Invalid sample value"
-	}
-	return obtained.Type().AssignableTo(sample.Type()), ""
-}
-
-// -----------------------------------------------------------------------
-// Implements checker.
-
-type implementsChecker struct {
-	*CheckerInfo
-}
-
-// The Implements checker verifies that the obtained value
-// implements the interface specified via a pointer to an interface
-// variable.
-//
-// For example:
-//
-//     var e os.Error
-//     c.Assert(err, Implements, &e)
-//
-var Implements Checker = &implementsChecker{
-	&CheckerInfo{Name: "Implements", Params: []string{"obtained", "ifaceptr"}},
-}
-
-func (checker *implementsChecker) Check(params []interface{}, names []string) (result bool, error string) {
-	obtained := reflect.ValueOf(params[0])
-	ifaceptr := reflect.ValueOf(params[1])
-	if !obtained.IsValid() {
-		return false, ""
-	}
-	if !ifaceptr.IsValid() || ifaceptr.Kind() != reflect.Ptr || ifaceptr.Elem().Kind() != reflect.Interface {
-		return false, "ifaceptr should be a pointer to an interface variable"
-	}
-	return obtained.Type().Implements(ifaceptr.Elem().Type()), ""
-}
diff --git a/vendor/gopkg.in/check.v1/helpers.go b/vendor/gopkg.in/check.v1/helpers.go
deleted file mode 100644
index 9e0d0bac4..000000000
--- a/vendor/gopkg.in/check.v1/helpers.go
+++ /dev/null
@@ -1,233 +0,0 @@
-package check
-
-import (
-	"fmt"
-	"strings"
-	"time"
-)
-
-// TestName returns the current test name in the form "SuiteName.TestName"
-func (c *C) TestName() string {
-	return c.testName
-}
-
-// -----------------------------------------------------------------------
-// Basic succeeding/failing logic.
-
-// Failed returns whether the currently running test has already failed.
-func (c *C) Failed() bool {
-	return c.status() == failedSt
-}
-
-// Fail marks the currently running test as failed.
-//
-// Something ought to have been previously logged so the developer can tell
-// what went wrong. The higher level helper functions will fail the test
-// and do the logging properly.
-func (c *C) Fail() {
-	c.setStatus(failedSt)
-}
-
-// FailNow marks the currently running test as failed and stops running it.
-// Something ought to have been previously logged so the developer can tell
-// what went wrong. The higher level helper functions will fail the test
-// and do the logging properly.
-func (c *C) FailNow() {
-	c.Fail()
-	c.stopNow()
-}
-
-// Succeed marks the currently running test as succeeded, undoing any
-// previous failures.
-func (c *C) Succeed() {
-	c.setStatus(succeededSt)
-}
-
-// SucceedNow marks the currently running test as succeeded, undoing any
-// previous failures, and stops running the test.
-func (c *C) SucceedNow() {
-	c.Succeed()
-	c.stopNow()
-}
-
-// ExpectFailure informs that the running test is knowingly broken for
-// the provided reason. If the test does not fail, an error will be reported
-// to raise attention to this fact. This method is useful to temporarily
-// disable tests which cover well known problems until a better time to
-// fix the problem is found, without forgetting about the fact that a
-// failure still exists.
-func (c *C) ExpectFailure(reason string) {
-	if reason == "" {
-		panic("Missing reason why the test is expected to fail")
-	}
-	c.mustFail = true
-	c.reason = reason
-}
-
-// Skip skips the running test for the provided reason. If run from within
-// SetUpTest, the individual test being set up will be skipped, and if run
-// from within SetUpSuite, the whole suite is skipped.
-func (c *C) Skip(reason string) {
-	if reason == "" {
-		panic("Missing reason why the test is being skipped")
-	}
-	c.reason = reason
-	c.setStatus(skippedSt)
-	c.stopNow()
-}
-
-// -----------------------------------------------------------------------
-// Basic logging.
-
-// GetTestLog returns the current test error output.
-func (c *C) GetTestLog() string {
-	return c.logb.String()
-}
-
-// Log logs some information into the test error output.
-// The provided arguments are assembled together into a string with fmt.Sprint.
-func (c *C) Log(args ...interface{}) {
-	c.log(args...)
-}
-
-// Log logs some information into the test error output.
-// The provided arguments are assembled together into a string with fmt.Sprintf.
-func (c *C) Logf(format string, args ...interface{}) {
-	c.logf(format, args...)
-}
-
-// Output enables *C to be used as a logger in functions that require only
-// the minimum interface of *log.Logger.
-func (c *C) Output(calldepth int, s string) error {
-	d := time.Now().Sub(c.startTime)
-	msec := d / time.Millisecond
-	sec := d / time.Second
-	min := d / time.Minute
-
-	c.Logf("[LOG] %d:%02d.%03d %s", min, sec%60, msec%1000, s)
-	return nil
-}
-
-// Error logs an error into the test error output and marks the test as failed.
-// The provided arguments are assembled together into a string with fmt.Sprint.
-func (c *C) Error(args ...interface{}) {
-	c.logCaller(1)
-	c.logString(fmt.Sprint("Error: ", fmt.Sprint(args...)))
-	c.logNewLine()
-	c.Fail()
-}
-
-// Errorf logs an error into the test error output and marks the test as failed.
-// The provided arguments are assembled together into a string with fmt.Sprintf.
-func (c *C) Errorf(format string, args ...interface{}) {
-	c.logCaller(1)
-	c.logString(fmt.Sprintf("Error: "+format, args...))
-	c.logNewLine()
-	c.Fail()
-}
-
-// Fatal logs an error into the test error output, marks the test as failed, and
-// stops the test execution. The provided arguments are assembled together into
-// a string with fmt.Sprint.
-func (c *C) Fatal(args ...interface{}) {
-	c.logCaller(1)
-	c.logString(fmt.Sprint("Error: ", fmt.Sprint(args...)))
-	c.logNewLine()
-	c.FailNow()
-}
-
-// Fatlaf logs an error into the test error output, marks the test as failed, and
-// stops the test execution. The provided arguments are assembled together into
-// a string with fmt.Sprintf.
-func (c *C) Fatalf(format string, args ...interface{}) {
-	c.logCaller(1)
-	c.logString(fmt.Sprint("Error: ", fmt.Sprintf(format, args...)))
-	c.logNewLine()
-	c.FailNow()
-}
-
-// -----------------------------------------------------------------------
-// Generic checks and assertions based on checkers.
-
-// Check verifies if the first value matches the expected value according
-// to the provided checker. If they do not match, an error is logged, the
-// test is marked as failed, and the test execution continues.
-//
-// Some checkers may not need the expected argument (e.g. IsNil).
-//
-// If the last value in args implements CommentInterface, it is used to log
-// additional information instead of being passed to the checker (see Commentf
-// for an example).
-func (c *C) Check(obtained interface{}, checker Checker, args ...interface{}) bool {
-	return c.internalCheck("Check", obtained, checker, args...)
-}
-
-// Assert ensures that the first value matches the expected value according
-// to the provided checker. If they do not match, an error is logged, the
-// test is marked as failed, and the test execution stops.
-//
-// Some checkers may not need the expected argument (e.g. IsNil).
-//
-// If the last value in args implements CommentInterface, it is used to log
-// additional information instead of being passed to the checker (see Commentf
-// for an example).
-func (c *C) Assert(obtained interface{}, checker Checker, args ...interface{}) {
-	if !c.internalCheck("Assert", obtained, checker, args...) {
-		c.stopNow()
-	}
-}
-
-func (c *C) internalCheck(funcName string, obtained interface{}, checker Checker, args ...interface{}) bool {
-	if checker == nil {
-		c.logCaller(2)
-		c.logString(fmt.Sprintf("%s(obtained, nil!?, ...):", funcName))
-		c.logString("Oops.. you've provided a nil checker!")
-		c.logNewLine()
-		c.Fail()
-		return false
-	}
-
-	// If the last argument is a bug info, extract it out.
-	var comment CommentInterface
-	if len(args) > 0 {
-		if c, ok := args[len(args)-1].(CommentInterface); ok {
-			comment = c
-			args = args[:len(args)-1]
-		}
-	}
-
-	params := append([]interface{}{obtained}, args...)
-	info := checker.Info()
-
-	if len(params) != len(info.Params) {
-		names := append([]string{info.Params[0], info.Name}, info.Params[1:]...)
-		c.logCaller(2)
-		c.logString(fmt.Sprintf("%s(%s):", funcName, strings.Join(names, ", ")))
-		c.logString(fmt.Sprintf("Wrong number of parameters for %s: want %d, got %d", info.Name, len(names), len(params)+1))
-		c.logNewLine()
-		c.Fail()
-		return false
-	}
-
-	// Copy since it may be mutated by Check.
-	names := append([]string{}, info.Params...)
-
-	// Do the actual check.
-	result, error := checker.Check(params, names)
-	if !result || error != "" {
-		c.logCaller(2)
-		for i := 0; i != len(params); i++ {
-			c.logValue(names[i], params[i])
-		}
-		if comment != nil {
-			c.logString(comment.CheckCommentString())
-		}
-		if error != "" {
-			c.logString(error)
-		}
-		c.logNewLine()
-		c.Fail()
-		return false
-	}
-	return true
-}
diff --git a/vendor/gopkg.in/check.v1/printer.go b/vendor/gopkg.in/check.v1/printer.go
deleted file mode 100644
index e0f7557b5..000000000
--- a/vendor/gopkg.in/check.v1/printer.go
+++ /dev/null
@@ -1,168 +0,0 @@
-package check
-
-import (
-	"bytes"
-	"go/ast"
-	"go/parser"
-	"go/printer"
-	"go/token"
-	"os"
-)
-
-func indent(s, with string) (r string) {
-	eol := true
-	for i := 0; i != len(s); i++ {
-		c := s[i]
-		switch {
-		case eol && c == '\n' || c == '\r':
-		case c == '\n' || c == '\r':
-			eol = true
-		case eol:
-			eol = false
-			s = s[:i] + with + s[i:]
-			i += len(with)
-		}
-	}
-	return s
-}
-
-func printLine(filename string, line int) (string, error) {
-	fset := token.NewFileSet()
-	file, err := os.Open(filename)
-	if err != nil {
-		return "", err
-	}
-	fnode, err := parser.ParseFile(fset, filename, file, parser.ParseComments)
-	if err != nil {
-		return "", err
-	}
-	config := &printer.Config{Mode: printer.UseSpaces, Tabwidth: 4}
-	lp := &linePrinter{fset: fset, fnode: fnode, line: line, config: config}
-	ast.Walk(lp, fnode)
-	result := lp.output.Bytes()
-	// Comments leave \n at the end.
-	n := len(result)
-	for n > 0 && result[n-1] == '\n' {
-		n--
-	}
-	return string(result[:n]), nil
-}
-
-type linePrinter struct {
-	config *printer.Config
-	fset   *token.FileSet
-	fnode  *ast.File
-	line   int
-	output bytes.Buffer
-	stmt   ast.Stmt
-}
-
-func (lp *linePrinter) emit() bool {
-	if lp.stmt != nil {
-		lp.trim(lp.stmt)
-		lp.printWithComments(lp.stmt)
-		lp.stmt = nil
-		return true
-	}
-	return false
-}
-
-func (lp *linePrinter) printWithComments(n ast.Node) {
-	nfirst := lp.fset.Position(n.Pos()).Line
-	nlast := lp.fset.Position(n.End()).Line
-	for _, g := range lp.fnode.Comments {
-		cfirst := lp.fset.Position(g.Pos()).Line
-		clast := lp.fset.Position(g.End()).Line
-		if clast == nfirst-1 && lp.fset.Position(n.Pos()).Column == lp.fset.Position(g.Pos()).Column {
-			for _, c := range g.List {
-				lp.output.WriteString(c.Text)
-				lp.output.WriteByte('\n')
-			}
-		}
-		if cfirst >= nfirst && cfirst <= nlast && n.End() <= g.List[0].Slash {
-			// The printer will not include the comment if it starts past
-			// the node itself. Trick it into printing by overlapping the
-			// slash with the end of the statement.
-			g.List[0].Slash = n.End() - 1
-		}
-	}
-	node := &printer.CommentedNode{n, lp.fnode.Comments}
-	lp.config.Fprint(&lp.output, lp.fset, node)
-}
-
-func (lp *linePrinter) Visit(n ast.Node) (w ast.Visitor) {
-	if n == nil {
-		if lp.output.Len() == 0 {
-			lp.emit()
-		}
-		return nil
-	}
-	first := lp.fset.Position(n.Pos()).Line
-	last := lp.fset.Position(n.End()).Line
-	if first <= lp.line && last >= lp.line {
-		// Print the innermost statement containing the line.
-		if stmt, ok := n.(ast.Stmt); ok {
-			if _, ok := n.(*ast.BlockStmt); !ok {
-				lp.stmt = stmt
-			}
-		}
-		if first == lp.line && lp.emit() {
-			return nil
-		}
-		return lp
-	}
-	return nil
-}
-
-func (lp *linePrinter) trim(n ast.Node) bool {
-	stmt, ok := n.(ast.Stmt)
-	if !ok {
-		return true
-	}
-	line := lp.fset.Position(n.Pos()).Line
-	if line != lp.line {
-		return false
-	}
-	switch stmt := stmt.(type) {
-	case *ast.IfStmt:
-		stmt.Body = lp.trimBlock(stmt.Body)
-	case *ast.SwitchStmt:
-		stmt.Body = lp.trimBlock(stmt.Body)
-	case *ast.TypeSwitchStmt:
-		stmt.Body = lp.trimBlock(stmt.Body)
-	case *ast.CaseClause:
-		stmt.Body = lp.trimList(stmt.Body)
-	case *ast.CommClause:
-		stmt.Body = lp.trimList(stmt.Body)
-	case *ast.BlockStmt:
-		stmt.List = lp.trimList(stmt.List)
-	}
-	return true
-}
-
-func (lp *linePrinter) trimBlock(stmt *ast.BlockStmt) *ast.BlockStmt {
-	if !lp.trim(stmt) {
-		return lp.emptyBlock(stmt)
-	}
-	stmt.Rbrace = stmt.Lbrace
-	return stmt
-}
-
-func (lp *linePrinter) trimList(stmts []ast.Stmt) []ast.Stmt {
-	for i := 0; i != len(stmts); i++ {
-		if !lp.trim(stmts[i]) {
-			stmts[i] = lp.emptyStmt(stmts[i])
-			break
-		}
-	}
-	return stmts
-}
-
-func (lp *linePrinter) emptyStmt(n ast.Node) *ast.ExprStmt {
-	return &ast.ExprStmt{&ast.Ellipsis{n.Pos(), nil}}
-}
-
-func (lp *linePrinter) emptyBlock(n ast.Node) *ast.BlockStmt {
-	p := n.Pos()
-	return &ast.BlockStmt{p, []ast.Stmt{lp.emptyStmt(n)}, p}
-}
diff --git a/vendor/gopkg.in/check.v1/reporter.go b/vendor/gopkg.in/check.v1/reporter.go
deleted file mode 100644
index fb04f76f6..000000000
--- a/vendor/gopkg.in/check.v1/reporter.go
+++ /dev/null
@@ -1,88 +0,0 @@
-package check
-
-import (
-	"fmt"
-	"io"
-	"sync"
-)
-
-// -----------------------------------------------------------------------
-// Output writer manages atomic output writing according to settings.
-
-type outputWriter struct {
-	m                    sync.Mutex
-	writer               io.Writer
-	wroteCallProblemLast bool
-	Stream               bool
-	Verbose              bool
-}
-
-func newOutputWriter(writer io.Writer, stream, verbose bool) *outputWriter {
-	return &outputWriter{writer: writer, Stream: stream, Verbose: verbose}
-}
-
-func (ow *outputWriter) Write(content []byte) (n int, err error) {
-	ow.m.Lock()
-	n, err = ow.writer.Write(content)
-	ow.m.Unlock()
-	return
-}
-
-func (ow *outputWriter) WriteCallStarted(label string, c *C) {
-	if ow.Stream {
-		header := renderCallHeader(label, c, "", "\n")
-		ow.m.Lock()
-		ow.writer.Write([]byte(header))
-		ow.m.Unlock()
-	}
-}
-
-func (ow *outputWriter) WriteCallProblem(label string, c *C) {
-	var prefix string
-	if !ow.Stream {
-		prefix = "\n-----------------------------------" +
-			"-----------------------------------\n"
-	}
-	header := renderCallHeader(label, c, prefix, "\n\n")
-	ow.m.Lock()
-	ow.wroteCallProblemLast = true
-	ow.writer.Write([]byte(header))
-	if !ow.Stream {
-		c.logb.WriteTo(ow.writer)
-	}
-	ow.m.Unlock()
-}
-
-func (ow *outputWriter) WriteCallSuccess(label string, c *C) {
-	if ow.Stream || (ow.Verbose && c.kind == testKd) {
-		// TODO Use a buffer here.
-		var suffix string
-		if c.reason != "" {
-			suffix = " (" + c.reason + ")"
-		}
-		if c.status() == succeededSt {
-			suffix += "\t" + c.timerString()
-		}
-		suffix += "\n"
-		if ow.Stream {
-			suffix += "\n"
-		}
-		header := renderCallHeader(label, c, "", suffix)
-		ow.m.Lock()
-		// Resist temptation of using line as prefix above due to race.
-		if !ow.Stream && ow.wroteCallProblemLast {
-			header = "\n-----------------------------------" +
-				"-----------------------------------\n" +
-				header
-		}
-		ow.wroteCallProblemLast = false
-		ow.writer.Write([]byte(header))
-		ow.m.Unlock()
-	}
-}
-
-func renderCallHeader(label string, c *C, prefix, suffix string) string {
-	pc := c.method.PC()
-	return fmt.Sprintf("%s%s: %s: %s%s", prefix, label, niceFuncPath(pc),
-		niceFuncName(pc), suffix)
-}
diff --git a/vendor/gopkg.in/check.v1/run.go b/vendor/gopkg.in/check.v1/run.go
deleted file mode 100644
index da8fd7987..000000000
--- a/vendor/gopkg.in/check.v1/run.go
+++ /dev/null
@@ -1,175 +0,0 @@
-package check
-
-import (
-	"bufio"
-	"flag"
-	"fmt"
-	"os"
-	"testing"
-	"time"
-)
-
-// -----------------------------------------------------------------------
-// Test suite registry.
-
-var allSuites []interface{}
-
-// Suite registers the given value as a test suite to be run. Any methods
-// starting with the Test prefix in the given value will be considered as
-// a test method.
-func Suite(suite interface{}) interface{} {
-	allSuites = append(allSuites, suite)
-	return suite
-}
-
-// -----------------------------------------------------------------------
-// Public running interface.
-
-var (
-	oldFilterFlag  = flag.String("gocheck.f", "", "Regular expression selecting which tests and/or suites to run")
-	oldVerboseFlag = flag.Bool("gocheck.v", false, "Verbose mode")
-	oldStreamFlag  = flag.Bool("gocheck.vv", false, "Super verbose mode (disables output caching)")
-	oldBenchFlag   = flag.Bool("gocheck.b", false, "Run benchmarks")
-	oldBenchTime   = flag.Duration("gocheck.btime", 1*time.Second, "approximate run time for each benchmark")
-	oldListFlag    = flag.Bool("gocheck.list", false, "List the names of all tests that will be run")
-	oldWorkFlag    = flag.Bool("gocheck.work", false, "Display and do not remove the test working directory")
-
-	newFilterFlag  = flag.String("check.f", "", "Regular expression selecting which tests and/or suites to run")
-	newVerboseFlag = flag.Bool("check.v", false, "Verbose mode")
-	newStreamFlag  = flag.Bool("check.vv", false, "Super verbose mode (disables output caching)")
-	newBenchFlag   = flag.Bool("check.b", false, "Run benchmarks")
-	newBenchTime   = flag.Duration("check.btime", 1*time.Second, "approximate run time for each benchmark")
-	newBenchMem    = flag.Bool("check.bmem", false, "Report memory benchmarks")
-	newListFlag    = flag.Bool("check.list", false, "List the names of all tests that will be run")
-	newWorkFlag    = flag.Bool("check.work", false, "Display and do not remove the test working directory")
-)
-
-// TestingT runs all test suites registered with the Suite function,
-// printing results to stdout, and reporting any failures back to
-// the "testing" package.
-func TestingT(testingT *testing.T) {
-	benchTime := *newBenchTime
-	if benchTime == 1*time.Second {
-		benchTime = *oldBenchTime
-	}
-	conf := &RunConf{
-		Filter:        *oldFilterFlag + *newFilterFlag,
-		Verbose:       *oldVerboseFlag || *newVerboseFlag,
-		Stream:        *oldStreamFlag || *newStreamFlag,
-		Benchmark:     *oldBenchFlag || *newBenchFlag,
-		BenchmarkTime: benchTime,
-		BenchmarkMem:  *newBenchMem,
-		KeepWorkDir:   *oldWorkFlag || *newWorkFlag,
-	}
-	if *oldListFlag || *newListFlag {
-		w := bufio.NewWriter(os.Stdout)
-		for _, name := range ListAll(conf) {
-			fmt.Fprintln(w, name)
-		}
-		w.Flush()
-		return
-	}
-	result := RunAll(conf)
-	println(result.String())
-	if !result.Passed() {
-		testingT.Fail()
-	}
-}
-
-// RunAll runs all test suites registered with the Suite function, using the
-// provided run configuration.
-func RunAll(runConf *RunConf) *Result {
-	result := Result{}
-	for _, suite := range allSuites {
-		result.Add(Run(suite, runConf))
-	}
-	return &result
-}
-
-// Run runs the provided test suite using the provided run configuration.
-func Run(suite interface{}, runConf *RunConf) *Result {
-	runner := newSuiteRunner(suite, runConf)
-	return runner.run()
-}
-
-// ListAll returns the names of all the test functions registered with the
-// Suite function that will be run with the provided run configuration.
-func ListAll(runConf *RunConf) []string {
-	var names []string
-	for _, suite := range allSuites {
-		names = append(names, List(suite, runConf)...)
-	}
-	return names
-}
-
-// List returns the names of the test functions in the given
-// suite that will be run with the provided run configuration.
-func List(suite interface{}, runConf *RunConf) []string {
-	var names []string
-	runner := newSuiteRunner(suite, runConf)
-	for _, t := range runner.tests {
-		names = append(names, t.String())
-	}
-	return names
-}
-
-// -----------------------------------------------------------------------
-// Result methods.
-
-func (r *Result) Add(other *Result) {
-	r.Succeeded += other.Succeeded
-	r.Skipped += other.Skipped
-	r.Failed += other.Failed
-	r.Panicked += other.Panicked
-	r.FixturePanicked += other.FixturePanicked
-	r.ExpectedFailures += other.ExpectedFailures
-	r.Missed += other.Missed
-	if r.WorkDir != "" && other.WorkDir != "" {
-		r.WorkDir += ":" + other.WorkDir
-	} else if other.WorkDir != "" {
-		r.WorkDir = other.WorkDir
-	}
-}
-
-func (r *Result) Passed() bool {
-	return (r.Failed == 0 && r.Panicked == 0 &&
-		r.FixturePanicked == 0 && r.Missed == 0 &&
-		r.RunError == nil)
-}
-
-func (r *Result) String() string {
-	if r.RunError != nil {
-		return "ERROR: " + r.RunError.Error()
-	}
-
-	var value string
-	if r.Failed == 0 && r.Panicked == 0 && r.FixturePanicked == 0 &&
-		r.Missed == 0 {
-		value = "OK: "
-	} else {
-		value = "OOPS: "
-	}
-	value += fmt.Sprintf("%d passed", r.Succeeded)
-	if r.Skipped != 0 {
-		value += fmt.Sprintf(", %d skipped", r.Skipped)
-	}
-	if r.ExpectedFailures != 0 {
-		value += fmt.Sprintf(", %d expected failures", r.ExpectedFailures)
-	}
-	if r.Failed != 0 {
-		value += fmt.Sprintf(", %d FAILED", r.Failed)
-	}
-	if r.Panicked != 0 {
-		value += fmt.Sprintf(", %d PANICKED", r.Panicked)
-	}
-	if r.FixturePanicked != 0 {
-		value += fmt.Sprintf(", %d FIXTURE-PANICKED", r.FixturePanicked)
-	}
-	if r.Missed != 0 {
-		value += fmt.Sprintf(", %d MISSED", r.Missed)
-	}
-	if r.WorkDir != "" {
-		value += "\nWORK=" + r.WorkDir
-	}
-	return value
-}
diff --git a/vendor/modules.txt b/vendor/modules.txt
index 882c5093d..9303c83fc 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -17,7 +17,6 @@ github.com/AliyunContainerService/ack-ram-tool/pkg/credentials/alibabacloudsdkgo
 # github.com/Azure/azure-sdk-for-go v68.0.0+incompatible
 ## explicit
 github.com/Azure/azure-sdk-for-go/services/preview/containerregistry/runtime/2019-08-15-preview/containerregistry
-github.com/Azure/azure-sdk-for-go/storage
 github.com/Azure/azure-sdk-for-go/version
 # github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161
 ## explicit; go 1.16
@@ -135,9 +134,6 @@ github.com/ProtonMail/go-crypto/openpgp/internal/ecc
 github.com/ProtonMail/go-crypto/openpgp/internal/encoding
 github.com/ProtonMail/go-crypto/openpgp/packet
 github.com/ProtonMail/go-crypto/openpgp/s2k
-# github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d
-## explicit
-github.com/Shopify/logrus-bugsnag
 # github.com/ThalesIgnite/crypto11 v1.2.5
 ## explicit; go 1.13
 github.com/ThalesIgnite/crypto11
@@ -489,51 +485,18 @@ github.com/docker/distribution
 github.com/docker/distribution/manifest
 github.com/docker/distribution/manifest/manifestlist
 github.com/docker/distribution/manifest/ocischema
-github.com/docker/distribution/manifest/schema1
 github.com/docker/distribution/manifest/schema2
 github.com/docker/distribution/metrics
-github.com/docker/distribution/notifications
 github.com/docker/distribution/reference
-github.com/docker/distribution/registry
 github.com/docker/distribution/registry/api/errcode
 github.com/docker/distribution/registry/api/v2
-github.com/docker/distribution/registry/auth
-github.com/docker/distribution/registry/auth/htpasswd
-github.com/docker/distribution/registry/auth/silly
-github.com/docker/distribution/registry/auth/token
 github.com/docker/distribution/registry/client
 github.com/docker/distribution/registry/client/auth
 github.com/docker/distribution/registry/client/auth/challenge
 github.com/docker/distribution/registry/client/transport
-github.com/docker/distribution/registry/handlers
-github.com/docker/distribution/registry/listener
-github.com/docker/distribution/registry/middleware/registry
-github.com/docker/distribution/registry/middleware/repository
-github.com/docker/distribution/registry/proxy
-github.com/docker/distribution/registry/proxy/scheduler
-github.com/docker/distribution/registry/storage
 github.com/docker/distribution/registry/storage/cache
-github.com/docker/distribution/registry/storage/cache/cachecheck
 github.com/docker/distribution/registry/storage/cache/memory
-github.com/docker/distribution/registry/storage/cache/redis
-github.com/docker/distribution/registry/storage/driver
-github.com/docker/distribution/registry/storage/driver/azure
-github.com/docker/distribution/registry/storage/driver/base
-github.com/docker/distribution/registry/storage/driver/factory
-github.com/docker/distribution/registry/storage/driver/filesystem
-github.com/docker/distribution/registry/storage/driver/gcs
-github.com/docker/distribution/registry/storage/driver/inmemory
-github.com/docker/distribution/registry/storage/driver/middleware
-github.com/docker/distribution/registry/storage/driver/middleware/cloudfront
-github.com/docker/distribution/registry/storage/driver/middleware/redirect
-github.com/docker/distribution/registry/storage/driver/oss
-github.com/docker/distribution/registry/storage/driver/s3-aws
-github.com/docker/distribution/registry/storage/driver/swift
-github.com/docker/distribution/registry/storage/driver/testdriver
-github.com/docker/distribution/registry/storage/driver/testsuites
-github.com/docker/distribution/testutil
 github.com/docker/distribution/uuid
-github.com/docker/distribution/version
 # github.com/docker/docker v24.0.7+incompatible
 ## explicit
 github.com/docker/docker/api
@@ -577,9 +540,6 @@ github.com/docker/go-metrics
 # github.com/docker/go-units v0.5.0
 ## explicit
 github.com/docker/go-units
-# github.com/docker/libtrust v0.0.0-20160708172513-aabc10ec26b7
-## explicit
-github.com/docker/libtrust
 # github.com/drone/envsubst v1.0.3
 ## explicit; go 1.13
 github.com/drone/envsubst
@@ -701,10 +661,6 @@ github.com/gardener/landscaper/controller-utils/pkg/logging/constants
 github.com/gardener/landscaper/controller-utils/pkg/utils
 github.com/gardener/landscaper/controller-utils/pkg/webhook
 github.com/gardener/landscaper/controller-utils/pkg/webhook/certificates
-# github.com/garyburd/redigo v0.0.0-20150301180006-535138d7bcd7
-## explicit
-github.com/garyburd/redigo/internal
-github.com/garyburd/redigo/redis
 # github.com/ghodss/yaml v1.0.0
 ## explicit
 github.com/ghodss/yaml
@@ -952,15 +908,6 @@ github.com/google/uuid
 ## explicit; go 1.19
 github.com/googleapis/enterprise-certificate-proxy/client
 github.com/googleapis/enterprise-certificate-proxy/client/util
-# github.com/googleapis/gax-go/v2 v2.11.0
-## explicit; go 1.19
-github.com/googleapis/gax-go/v2
-github.com/googleapis/gax-go/v2/apierror
-github.com/googleapis/gax-go/v2/apierror/internal/proto
-github.com/googleapis/gax-go/v2/internal
-# github.com/gorilla/handlers v1.5.1
-## explicit; go 1.14
-github.com/gorilla/handlers
 # github.com/gorilla/mux v1.8.0
 ## explicit; go 1.12
 github.com/gorilla/mux
@@ -1044,12 +991,6 @@ github.com/klauspost/compress/zstd/internal/xxhash
 # github.com/klauspost/pgzip v1.2.6
 ## explicit
 github.com/klauspost/pgzip
-# github.com/kr/pretty v0.3.1
-## explicit; go 1.12
-github.com/kr/pretty
-# github.com/kr/text v0.2.0
-## explicit
-github.com/kr/text
 # github.com/lann/builder v0.0.0-20180802200727-47ae307949d0
 ## explicit
 github.com/lann/builder
@@ -1217,10 +1158,6 @@ github.com/mozillazg/docker-credential-acr-helper/pkg/version
 # github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822
 ## explicit
 github.com/munnerz/goautoneg
-# github.com/ncw/swift v1.0.47
-## explicit
-github.com/ncw/swift
-github.com/ncw/swift/swifttest
 # github.com/nozzle/throttler v0.0.0-20180817012639-2ea982251481
 ## explicit
 github.com/nozzle/throttler
@@ -1491,7 +1428,6 @@ github.com/opencontainers/distribution-spec/specs-go/v1
 # github.com/opencontainers/go-digest v1.0.0
 ## explicit; go 1.13
 github.com/opencontainers/go-digest
-github.com/opencontainers/go-digest/digestset
 # github.com/opencontainers/image-spec v1.1.0-rc5
 ## explicit; go 1.18
 github.com/opencontainers/image-spec/specs-go
@@ -1556,9 +1492,6 @@ github.com/rivo/uniseg
 # github.com/robfig/cron/v3 v3.0.1
 ## explicit; go 1.12
 github.com/robfig/cron/v3
-# github.com/rogpeppe/go-internal v1.10.0
-## explicit; go 1.19
-github.com/rogpeppe/go-internal/fmtsort
 # github.com/rubenv/sql-migrate v1.3.1
 ## explicit; go 1.16
 github.com/rubenv/sql-migrate
@@ -1838,15 +1771,6 @@ github.com/xeipuuv/gojsonschema
 # github.com/xlab/treeprint v1.1.0
 ## explicit; go 1.13
 github.com/xlab/treeprint
-# github.com/yvasiyarov/go-metrics v0.0.0-20140926110328-57bccd1ccd43
-## explicit
-github.com/yvasiyarov/go-metrics
-# github.com/yvasiyarov/gorelic v0.0.0-20141212073537-a9bba5b9ab50
-## explicit
-github.com/yvasiyarov/gorelic
-# github.com/yvasiyarov/newrelic_platform_go v0.0.0-20140908184405-b21fdbd4370f
-## explicit
-github.com/yvasiyarov/newrelic_platform_go
 # github.com/zeebo/errs v1.3.0
 ## explicit; go 1.12
 github.com/zeebo/errs
@@ -2099,18 +2023,14 @@ golang.org/x/xerrors/internal
 gomodules.xyz/jsonpatch/v2
 # google.golang.org/api v0.149.0
 ## explicit; go 1.19
-google.golang.org/api/googleapi
 google.golang.org/api/googleapi/transport
 google.golang.org/api/idtoken
 google.golang.org/api/impersonate
 google.golang.org/api/internal
 google.golang.org/api/internal/cert
-google.golang.org/api/internal/gensupport
 google.golang.org/api/internal/impersonate
-google.golang.org/api/internal/third_party/uritemplates
 google.golang.org/api/option
 google.golang.org/api/option/internaloption
-google.golang.org/api/storage/v1
 google.golang.org/api/transport/http
 google.golang.org/api/transport/http/internal/propagation
 # google.golang.org/appengine v1.6.8
@@ -2127,8 +2047,6 @@ google.golang.org/appengine/internal/urlfetch
 google.golang.org/appengine/urlfetch
 # google.golang.org/genproto/googleapis/rpc v0.0.0-20231016165738-49dd2c1f3d0b
 ## explicit; go 1.19
-google.golang.org/genproto/googleapis/rpc/code
-google.golang.org/genproto/googleapis/rpc/errdetails
 google.golang.org/genproto/googleapis/rpc/status
 # google.golang.org/grpc v1.59.0
 ## explicit; go 1.19
@@ -2682,9 +2600,6 @@ oras.land/oras-go/pkg/registry/remote/auth
 oras.land/oras-go/pkg/registry/remote/internal/errutil
 oras.land/oras-go/pkg/registry/remote/internal/syncutil
 oras.land/oras-go/pkg/target
-# rsc.io/letsencrypt v0.0.3
-## explicit
-rsc.io/letsencrypt
 # sigs.k8s.io/controller-runtime v0.15.1
 ## explicit; go 1.20
 sigs.k8s.io/controller-runtime
diff --git a/vendor/rsc.io/letsencrypt/LICENSE b/vendor/rsc.io/letsencrypt/LICENSE
deleted file mode 100644
index 6a66aea5e..000000000
--- a/vendor/rsc.io/letsencrypt/LICENSE
+++ /dev/null
@@ -1,27 +0,0 @@
-Copyright (c) 2009 The Go Authors. All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions are
-met:
-
-   * Redistributions of source code must retain the above copyright
-notice, this list of conditions and the following disclaimer.
-   * Redistributions in binary form must reproduce the above
-copyright notice, this list of conditions and the following disclaimer
-in the documentation and/or other materials provided with the
-distribution.
-   * Neither the name of Google Inc. nor the names of its
-contributors may be used to endorse or promote products derived from
-this software without specific prior written permission.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/vendor/rsc.io/letsencrypt/README.md b/vendor/rsc.io/letsencrypt/README.md
deleted file mode 100644
index 99cc2f98b..000000000
--- a/vendor/rsc.io/letsencrypt/README.md
+++ /dev/null
@@ -1,9 +0,0 @@
-## rsc.io/letsencrypt is superseded by [golang.org/x/crypto/acme/autocert](https://golang.org/x/crypto/acme/autocert).
-
-The latest old rsc.io/letsencrypt is tagged v0.0.2 if you must use it.
-
-But don't.
-
-It hasn't been updated in years and probably carries security problems with it.
-
-**Use [golang.org/x/crypto/acme/autocert](https://golang.org/x/crypto/acme/autocert) instead.**
diff --git a/vendor/rsc.io/letsencrypt/doc.go b/vendor/rsc.io/letsencrypt/doc.go
deleted file mode 100644
index 63ebffe28..000000000
--- a/vendor/rsc.io/letsencrypt/doc.go
+++ /dev/null
@@ -1,11 +0,0 @@
-// Copyright 2019 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// Package letsencrypt is superseded by golang.org/x/crypto/acme/autocert.
-// Use that instead.
-//
-// Everything in this package has been deleted.
-// If you need the latest non-deleted copy, use v0.0.2
-// (but really, use golang.org/x/crypto/acme/autocert).
-package letsencrypt

From 7cb2fe60a5eec5e763cc3370979ed1b298f7fac3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Robert=20Gr=C3=A4ff?= <robert.graeff@sap.com>
Date: Thu, 7 Dec 2023 13:12:24 +0100
Subject: [PATCH 13/23] Logging during cleanup of integration test
 (run-int-tests) (#917)

---
 cmd/landscaper-controller/app/app_test.go     | 11 +++--
 test/framework/framework.go                   | 11 +++--
 .../deployers/management/dm_tests.go          |  9 ++--
 test/utils/envtest/retrying_client.go         |  2 +-
 test/utils/envtest/state.go                   | 43 ++++++++++---------
 5 files changed, 38 insertions(+), 38 deletions(-)

diff --git a/cmd/landscaper-controller/app/app_test.go b/cmd/landscaper-controller/app/app_test.go
index 2a787c719..315f5cfe8 100644
--- a/cmd/landscaper-controller/app/app_test.go
+++ b/cmd/landscaper-controller/app/app_test.go
@@ -10,20 +10,19 @@ import (
 	"testing"
 	"time"
 
-	lsutils "github.com/gardener/landscaper/pkg/utils"
-
 	. "github.com/onsi/ginkgo"
 	. "github.com/onsi/gomega"
 	"sigs.k8s.io/controller-runtime/pkg/manager"
 
-	"github.com/gardener/landscaper/cmd/landscaper-controller/app"
-	deployerconfig "github.com/gardener/landscaper/pkg/deployermanagement/config"
-
 	"github.com/gardener/landscaper/apis/config"
 	lsinstall "github.com/gardener/landscaper/apis/core/install"
 	lsv1alpha1 "github.com/gardener/landscaper/apis/core/v1alpha1"
+	"github.com/gardener/landscaper/cmd/landscaper-controller/app"
 	kutil "github.com/gardener/landscaper/controller-utils/pkg/kubernetes"
 	"github.com/gardener/landscaper/controller-utils/pkg/logging"
+	"github.com/gardener/landscaper/hack/testcluster/pkg/utils"
+	deployerconfig "github.com/gardener/landscaper/pkg/deployermanagement/config"
+	lsutils "github.com/gardener/landscaper/pkg/utils"
 	"github.com/gardener/landscaper/test/utils/envtest"
 )
 
@@ -84,7 +83,7 @@ var _ = Describe("Landscaper Controller", func() {
 			Expect(testenv.Client.List(ctx, deployerRegistrations)).To(Succeed())
 			for _, reg := range deployerRegistrations.Items {
 				d := 10 * time.Second
-				Expect(envtest.CleanupForObject(ctx, testenv.Client, &reg, d)).To(Succeed())
+				Expect(envtest.CleanupForObject(ctx, utils.NewDiscardLogger(), testenv.Client, &reg, d)).To(Succeed())
 			}
 		})
 
diff --git a/test/framework/framework.go b/test/framework/framework.go
index f8a3a5055..2b9fc71ca 100644
--- a/test/framework/framework.go
+++ b/test/framework/framework.go
@@ -16,8 +16,6 @@ import (
 	"strings"
 	"time"
 
-	utils3 "github.com/gardener/landscaper/pkg/utils"
-
 	"github.com/docker/cli/cli/config/configfile"
 	"github.com/gardener/component-cli/ociclient"
 	"github.com/gardener/component-cli/ociclient/cache"
@@ -37,6 +35,7 @@ import (
 	"github.com/gardener/landscaper/controller-utils/pkg/logging"
 	utils2 "github.com/gardener/landscaper/hack/testcluster/pkg/utils"
 	lsscheme "github.com/gardener/landscaper/pkg/api"
+	utils3 "github.com/gardener/landscaper/pkg/utils"
 	"github.com/gardener/landscaper/test/utils"
 	"github.com/gardener/landscaper/test/utils/envtest"
 )
@@ -357,7 +356,7 @@ func (f *Framework) cleanupBeforeObjectsInTestNamespace(ctx context.Context, nam
 		return err
 	}
 	for _, obj := range instList.Items {
-		if err := envtest.CleanupForObject(ctx, f.Client, &obj, time.Second); err != nil {
+		if err := envtest.CleanupForObject(ctx, f.logger, f.Client, &obj, time.Second); err != nil {
 			return err
 		}
 	}
@@ -367,7 +366,7 @@ func (f *Framework) cleanupBeforeObjectsInTestNamespace(ctx context.Context, nam
 		return err
 	}
 	for _, obj := range execList.Items {
-		if err := envtest.CleanupForObject(ctx, f.Client, &obj, time.Second); err != nil {
+		if err := envtest.CleanupForObject(ctx, f.logger, f.Client, &obj, time.Second); err != nil {
 			return err
 		}
 	}
@@ -377,7 +376,7 @@ func (f *Framework) cleanupBeforeObjectsInTestNamespace(ctx context.Context, nam
 		return err
 	}
 	for _, obj := range diList.Items {
-		if err := envtest.CleanupForObject(ctx, f.Client, &obj, time.Second); err != nil {
+		if err := envtest.CleanupForObject(ctx, f.logger, f.Client, &obj, time.Second); err != nil {
 			return err
 		}
 	}
@@ -387,7 +386,7 @@ func (f *Framework) cleanupBeforeObjectsInTestNamespace(ctx context.Context, nam
 		return err
 	}
 	for _, obj := range podList.Items {
-		if err := envtest.CleanupForObject(ctx, f.Client, &obj, time.Second); err != nil {
+		if err := envtest.CleanupForObject(ctx, f.logger, f.Client, &obj, time.Second); err != nil {
 			return err
 		}
 	}
diff --git a/test/integration/deployers/management/dm_tests.go b/test/integration/deployers/management/dm_tests.go
index 14a5938a7..c1fab548e 100644
--- a/test/integration/deployers/management/dm_tests.go
+++ b/test/integration/deployers/management/dm_tests.go
@@ -10,8 +10,6 @@ import (
 	"sync"
 	"time"
 
-	"github.com/gardener/landscaper/controller-utils/pkg/logging"
-
 	cdv2 "github.com/gardener/component-spec/bindings-go/apis/v2"
 	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
@@ -23,6 +21,7 @@ import (
 	"github.com/gardener/landscaper/apis/config"
 	lsv1alpha1 "github.com/gardener/landscaper/apis/core/v1alpha1"
 	kutil "github.com/gardener/landscaper/controller-utils/pkg/kubernetes"
+	"github.com/gardener/landscaper/controller-utils/pkg/logging"
 	"github.com/gardener/landscaper/hack/testcluster/pkg/utils"
 	"github.com/gardener/landscaper/pkg/agent"
 	"github.com/gardener/landscaper/pkg/api"
@@ -84,7 +83,7 @@ func DeployerManagementTests(f *framework.Framework) {
 				if previousDeployerRegistrations.Has(reg.Name) {
 					continue
 				}
-				if err := envtest.CleanupForObject(ctx, f.Client, &reg, 2*time.Minute); err != nil {
+				if err := envtest.CleanupForObject(ctx, f.Log(), f.Client, &reg, 2*time.Minute); err != nil {
 					allErrs = append(allErrs, err)
 				}
 			}
@@ -95,7 +94,7 @@ func DeployerManagementTests(f *framework.Framework) {
 				if previousEnvironments.Has(env.Name) {
 					continue
 				}
-				if err := envtest.CleanupForObject(ctx, f.Client, &env, 2*time.Minute); err != nil {
+				if err := envtest.CleanupForObject(ctx, f.Log(), f.Client, &env, 2*time.Minute); err != nil {
 					allErrs = append(allErrs, err)
 				}
 			}
@@ -160,7 +159,7 @@ func DeployerManagementTests(f *framework.Framework) {
 				// remove finalizer from testenv
 				env := &lsv1alpha1.Environment{}
 				env.Name = "testenv"
-				testutil.ExpectNoError(envtest.CleanupForObject(ctx, f.Client, env, 5*time.Second))
+				testutil.ExpectNoError(envtest.CleanupForObject(ctx, f.Log(), f.Client, env, 5*time.Second))
 			})
 
 			It("should create and delete new installations for a new environment", func() {
diff --git a/test/utils/envtest/retrying_client.go b/test/utils/envtest/retrying_client.go
index e18044c2d..52fd549a2 100644
--- a/test/utils/envtest/retrying_client.go
+++ b/test/utils/envtest/retrying_client.go
@@ -6,7 +6,6 @@ import (
 	"time"
 
 	"github.com/pkg/errors"
-
 	"sigs.k8s.io/controller-runtime/pkg/client"
 
 	"github.com/gardener/landscaper/hack/testcluster/pkg/utils"
@@ -128,6 +127,7 @@ func retrySporadic(ctx context.Context, log utils.Logger, fn func() error) error
 			log.Logfln("retrying client: all attempts failed: %w", err)
 			return err
 		} else if !isSporadicError(err) {
+			log.Logfln("retrying client: stop retrying after non-sporadic error: %w", err)
 			return err
 		} else if ctxError := ctx.Err(); ctxError != nil {
 			log.Logfln("retrying client: stop retrying because context is closed: %w", ctxError)
diff --git a/test/utils/envtest/state.go b/test/utils/envtest/state.go
index af76a0c85..468031023 100644
--- a/test/utils/envtest/state.go
+++ b/test/utils/envtest/state.go
@@ -351,14 +351,14 @@ func (s *State) CleanupStateWithClient(ctx context.Context, c client.Client, opt
 
 	s.log.Logln("cleanup deploy items")
 	for _, obj := range s.DeployItems {
-		if err := CleanupForDeployItem(ctx, c, obj, *timeout); err != nil {
+		if err := CleanupForDeployItem(ctx, s.log, c, obj, *timeout); err != nil {
 			return err
 		}
 	}
 
 	s.log.Logln("cleanup executions")
 	for _, obj := range s.Executions {
-		if err := CleanupForExecution(ctx, c, obj, *timeout); err != nil {
+		if err := CleanupForExecution(ctx, s.log, c, obj, *timeout); err != nil {
 			return err
 		}
 	}
@@ -372,42 +372,42 @@ func (s *State) CleanupStateWithClient(ctx context.Context, c client.Client, opt
 
 	s.log.Logln("cleanup data objects")
 	for _, obj := range s.DataObjects {
-		if err := CleanupForObject(ctx, c, obj, *timeout); err != nil {
+		if err := CleanupForObject(ctx, s.log, c, obj, *timeout); err != nil {
 			return err
 		}
 	}
 
 	s.log.Logln("cleanup targets")
 	for _, obj := range s.Targets {
-		if err := CleanupForObject(ctx, c, obj, *timeout); err != nil {
+		if err := CleanupForObject(ctx, s.log, c, obj, *timeout); err != nil {
 			return err
 		}
 	}
 
 	s.log.Logln("cleanup target syncs")
 	for _, obj := range s.TargetSyncs {
-		if err := CleanupForObject(ctx, c, obj, *timeout); err != nil {
+		if err := CleanupForObject(ctx, s.log, c, obj, *timeout); err != nil {
 			return err
 		}
 	}
 
 	s.log.Logln("cleanup secrets")
 	for _, obj := range s.Secrets {
-		if err := CleanupForObject(ctx, c, obj, *timeout); err != nil {
+		if err := CleanupForObject(ctx, s.log, c, obj, *timeout); err != nil {
 			return err
 		}
 	}
 
 	s.log.Logln("cleanup config maps")
 	for _, obj := range s.ConfigMaps {
-		if err := CleanupForObject(ctx, c, obj, *timeout); err != nil {
+		if err := CleanupForObject(ctx, s.log, c, obj, *timeout); err != nil {
 			return err
 		}
 	}
 
 	s.log.Logln("cleanup generic")
 	for _, obj := range s.Generic {
-		if err := CleanupForObject(ctx, c, obj, *timeout); err != nil {
+		if err := CleanupForObject(ctx, s.log, c, obj, *timeout); err != nil {
 			return err
 		}
 	}
@@ -419,7 +419,7 @@ func (s *State) CleanupStateWithClient(ctx context.Context, c client.Client, opt
 		return fmt.Errorf("unable to list pods in %q: %w", s.Namespace, err)
 	}
 	for _, obj := range pods.Items {
-		if err := CleanupForObject(ctx, c, &obj, *timeout); err != nil {
+		if err := CleanupForObject(ctx, s.log, c, &obj, *timeout); err != nil {
 			return err
 		}
 	}
@@ -451,7 +451,7 @@ func (s *State) cleanupNamespace(ctx context.Context, c client.Client, namespace
 			return err
 		}
 		if options.WaitForDeletion {
-			return WaitForObjectToBeDeleted(ctx, c, ns, *timeout)
+			return WaitForObjectToBeDeleted(ctx, s.log, c, ns, *timeout)
 		}
 	}
 
@@ -465,7 +465,7 @@ func (s *State) CleanupState(ctx context.Context, opts ...CleanupOption) error {
 }
 
 // CleanupForObject cleans up a object from a cluster
-func CleanupForObject(ctx context.Context, c client.Client, obj client.Object, timeout time.Duration) error {
+func CleanupForObject(ctx context.Context, log utils.Logger, c client.Client, obj client.Object, timeout time.Duration) error {
 	if err := c.Get(ctx, client.ObjectKey{Name: obj.GetName(), Namespace: obj.GetNamespace()}, obj); err != nil {
 		if apierrors.IsNotFound(err) {
 			return nil
@@ -479,7 +479,7 @@ func CleanupForObject(ctx context.Context, c client.Client, obj client.Object, t
 			return err
 		}
 	}
-	if err := WaitForObjectToBeDeleted(ctx, c, obj, timeout); err != nil {
+	if err := WaitForObjectToBeDeleted(ctx, log, c, obj, timeout); err != nil {
 		if err := removeFinalizer(ctx, c, obj); err != nil {
 			return err
 		}
@@ -505,7 +505,7 @@ func (s *State) CleanupForInstallation(ctx context.Context, c client.Client, obj
 	}
 
 	var innerErr error
-	if err := wait.PollUntilContextTimeout(ctx, 1*time.Second, 10*time.Second, true, func(ctx context.Context) (done bool, err error) {
+	if err := wait.PollUntilContextTimeout(ctx, 1*time.Second, 60*time.Second, true, func(ctx context.Context) (done bool, err error) {
 		innerErr = s.addReconcileAnnotation(ctx, c, obj)
 		return innerErr == nil, nil
 	}); err != nil {
@@ -515,7 +515,7 @@ func (s *State) CleanupForInstallation(ctx context.Context, c client.Client, obj
 		return err
 	}
 
-	if err := WaitForObjectToBeDeleted(ctx, c, obj, timeout); err != nil {
+	if err := WaitForObjectToBeDeleted(ctx, s.log, c, obj, timeout); err != nil {
 		if err := removeFinalizer(ctx, c, obj); err != nil {
 			return err
 		}
@@ -524,7 +524,7 @@ func (s *State) CleanupForInstallation(ctx context.Context, c client.Client, obj
 }
 
 // CleanupForExecution cleans up an execution from a cluster
-func CleanupForExecution(ctx context.Context, c client.Client, obj *lsv1alpha1.Execution, timeout time.Duration) error {
+func CleanupForExecution(ctx context.Context, log utils.Logger, c client.Client, obj *lsv1alpha1.Execution, timeout time.Duration) error {
 	if err := c.Get(ctx, client.ObjectKey{Name: obj.GetName(), Namespace: obj.GetNamespace()}, obj); err != nil {
 		if apierrors.IsNotFound(err) {
 			return nil
@@ -543,7 +543,7 @@ func CleanupForExecution(ctx context.Context, c client.Client, obj *lsv1alpha1.E
 		return err
 	}
 
-	if err := WaitForObjectToBeDeleted(ctx, c, obj, timeout); err != nil {
+	if err := WaitForObjectToBeDeleted(ctx, log, c, obj, timeout); err != nil {
 		if err := removeFinalizer(ctx, c, obj); err != nil {
 			return err
 		}
@@ -553,7 +553,7 @@ func CleanupForExecution(ctx context.Context, c client.Client, obj *lsv1alpha1.E
 }
 
 // CleanupForDeployItem cleans up a deploy item from a cluster
-func CleanupForDeployItem(ctx context.Context, c client.Client, obj *lsv1alpha1.DeployItem, timeout time.Duration) error {
+func CleanupForDeployItem(ctx context.Context, log utils.Logger, c client.Client, obj *lsv1alpha1.DeployItem, timeout time.Duration) error {
 	if err := c.Get(ctx, client.ObjectKey{Name: obj.GetName(), Namespace: obj.GetNamespace()}, obj); err != nil {
 		if apierrors.IsNotFound(err) {
 			return nil
@@ -572,7 +572,7 @@ func CleanupForDeployItem(ctx context.Context, c client.Client, obj *lsv1alpha1.
 		return err
 	}
 
-	if err := WaitForObjectToBeDeleted(ctx, c, obj, timeout); err != nil {
+	if err := WaitForObjectToBeDeleted(ctx, log, c, obj, timeout); err != nil {
 		if err := removeFinalizer(ctx, c, obj); err != nil {
 			return err
 		}
@@ -586,6 +586,7 @@ func (s *State) addReconcileAnnotation(ctx context.Context, c client.Client, obj
 		if apierrors.IsNotFound(err) {
 			return nil
 		}
+		s.log.Logfln("addReconcileAnnotation: failed to get object: %w", err)
 		return err
 	}
 
@@ -595,7 +596,8 @@ func (s *State) addReconcileAnnotation(ctx context.Context, c client.Client, obj
 			if readError := c.Get(ctx, kutil.ObjectKeyFromObject(obj), obj); apierrors.IsNotFound(readError) {
 				return nil
 			}
-			err = errors.Wrap(err, "Failed to add reconcile annotation to installation during cleanup")
+			s.log.Logfln("addReconcileAnnotation: update failed: %w", err)
+			err = errors.Wrap(err, "Failed to add reconcile annotation during cleanup")
 			return err
 		}
 	}
@@ -650,7 +652,7 @@ func updateJobIdForExecution(ctx context.Context, c client.Client, obj *lsv1alph
 }
 
 // WaitForObjectToBeDeleted waits for a object to be deleted.
-func WaitForObjectToBeDeleted(ctx context.Context, c client.Client, obj client.Object, timeout time.Duration) error {
+func WaitForObjectToBeDeleted(ctx context.Context, log utils.Logger, c client.Client, obj client.Object, timeout time.Duration) error {
 	var (
 		lastErr error
 		uObj    client.Object
@@ -661,6 +663,7 @@ func WaitForObjectToBeDeleted(ctx context.Context, c client.Client, obj client.O
 			if apierrors.IsNotFound(err) {
 				return true, nil
 			}
+			log.Logfln("WaitForObjectToBeDeleted: failed to get object: %w", err)
 			lastErr = err
 			return false, nil
 		}

From 5df091e70fa2cfd98a21aff0504fb99750cad543 Mon Sep 17 00:00:00 2001
From: guewa <72857276+guewa@users.noreply.github.com>
Date: Thu, 7 Dec 2023 15:24:21 +0100
Subject: [PATCH 14/23] Caveat using same cluster more than once (#918)

---
 docs/development/testing.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/development/testing.md b/docs/development/testing.md
index ad7a23394..74b66743c 100644
--- a/docs/development/testing.md
+++ b/docs/development/testing.md
@@ -82,7 +82,7 @@ make integration-test KUBECONFIG_PATH=<path to cluster kubeconfig file> USE_OCM_
 
 The tests set up a local OCI registry, install/upgrade the landscaper and executes the integration tests.
 
-It is also possible to execute the tests with Gardner shoot cluster creation and deletion with:
+Caveat! It is not recommended to use the same cluster more than once. The better possibility is to execute the tests with Gardner shoot cluster creation and deletion with:
 
 ```
 make integration-test-with-cluster-creation KUBECONFIG_PATH=<path to Gardener kubeconfig for project laas on the Canary landscape> USE_OCM_LIB=false

From 22070342369558a1230edf79e22885d55fd3b524 Mon Sep 17 00:00:00 2001
From: achimweigel <achim.weigel@sap.com>
Date: Fri, 8 Dec 2023 11:18:17 +0100
Subject: [PATCH 15/23] Improve PR template (#920)

* improve PR template

* improve PR template
---
 .github/pull_request_template.md | 24 ++----------------------
 1 file changed, 2 insertions(+), 22 deletions(-)

diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
index dedeee024..1fe33e507 100644
--- a/.github/pull_request_template.md
+++ b/.github/pull_request_template.md
@@ -1,22 +1,3 @@
-**How to categorize this PR?**
-<!--
-Please select area, kind, and priority for this pull request. This helps the community categorizing it.
-Replace below TODOs or exchange the existing identifiers with those that fit best in your opinion.
-If multiple identifiers make sense you can also state the commands multiple times, e.g.
-  /area control-plane
-  /area auto-scaling
-  ...
-
-"/area" identifiers:     backup|certification|cost|delivery|deployers|manifest-deployer|helm-deployer|container-deployer|dev-productivity|documentation|high-availability|logging|monitoring|oci|open-source|operations|ops-productivity|performance|quality|robustness|scalability|security|storage|testing|usability|user-management
-"/kind" identifiers:     api-change|bug|cleanup|discussion|enhancement|epic|impediment|poc|post-mortem|question|regression|task|technical-debt|test
-"/priority" identifiers (numerical value): 1 (blocker)|2 (critical)|3 (normal)|4 (low priority)|5 (nice to have)
-
-For Gardener Enhancement Proposals (GEPs), please check the following [documentation](https://github.com/gardener/gardener/tree/master/docs/proposals/README.md) before submitting this pull request.
--->
-/area TODO
-/kind TODO
-/priority 3
-
 **What this PR does / why we need it**:
 
 **Which issue(s) this PR fixes**:
@@ -25,8 +6,7 @@ Fixes #
 **Special notes for your reviewer**:
 
 **Release note**:
-<!--
-Write your release note:
+<!--  Write your release note:
 1. Enter your release note in the below block.
 2. If no release note is required, just write "NONE" within the block.
 
@@ -35,6 +15,6 @@ Possible values:
 - category:       breaking|feature|bugfix|doc|other
 - target_group:   user|operator|developer|dependency
 -->
-```other operator
+```feature user
 
 ```

From 89c6f7305ab04f2c317a548cb14bb4e8f7356e8b Mon Sep 17 00:00:00 2001
From: guewa <72857276+guewa@users.noreply.github.com>
Date: Fri, 8 Dec 2023 15:21:05 +0100
Subject: [PATCH 16/23] Update to golang:1.21.4 (#922)

---
 .ci/pipeline_definitions        | 14 +++++++-------
 .test-defs/create-cluster.yaml  |  2 +-
 .test-defs/create-registry.yaml |  2 +-
 .test-defs/delete-cluster.yaml  |  2 +-
 .test-defs/delete-registry.yaml |  2 +-
 .test-defs/integration.yaml     |  2 +-
 Dockerfile                      |  2 +-
 7 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/.ci/pipeline_definitions b/.ci/pipeline_definitions
index 2c404f0c4..dbe3beb6b 100644
--- a/.ci/pipeline_definitions
+++ b/.ci/pipeline_definitions
@@ -53,7 +53,7 @@ landscaper:
             image: eu.gcr.io/gardener-project/landscaper/mock-deployer-controller
     steps:
       verify:
-        image: 'golang:1.20.11'
+        image: 'golang:1.21.4'
       publish-helm-charts:
         depends:
         - verify
@@ -76,7 +76,7 @@ landscaper:
           - false
           trait_depends:
           - publish
-          image: 'eu.gcr.io/gardener-project/landscaper-service/integration-test:1.20.11-alpine3.18'
+          image: 'eu.gcr.io/gardener-project/landscaper-service/integration-test:1.21.4-alpine3.18'
           output_dir: 'integration_test_cnudie'
         integration_test_ocm:
           execute:
@@ -84,21 +84,21 @@ landscaper:
           - true
           trait_depends:
           - publish
-          image: 'eu.gcr.io/gardener-project/landscaper-service/integration-test:1.20.11-alpine3.18'
+          image: 'eu.gcr.io/gardener-project/landscaper-service/integration-test:1.21.4-alpine3.18'
           output_dir: 'integration_test_ocm'
     pull-request:
       steps:
         integration_test_cnudie:
           depends:
           - publish
-          image: 'eu.gcr.io/gardener-project/landscaper-service/integration-test:1.20.11-alpine3.18'
+          image: 'eu.gcr.io/gardener-project/landscaper-service/integration-test:1.21.4-alpine3.18'
           execute:
           - integration-test-new
           - false
         integration_test_ocm:
           depends:
           - publish
-          image: 'eu.gcr.io/gardener-project/landscaper-service/integration-test:1.20.11-alpine3.18'
+          image: 'eu.gcr.io/gardener-project/landscaper-service/integration-test:1.21.4-alpine3.18'
           execute:
           - integration-test-new
           - true
@@ -126,7 +126,7 @@ landscaper:
           - false
           trait_depends:
           - publish
-          image: 'eu.gcr.io/gardener-project/landscaper-service/integration-test:1.20.11-alpine3.18'
+          image: 'eu.gcr.io/gardener-project/landscaper-service/integration-test:1.21.4-alpine3.18'
           output_dir: 'integration_test_cnudie'
         integration_test_ocm:
           execute:
@@ -134,7 +134,7 @@ landscaper:
           - true
           trait_depends:
           - publish
-          image: 'eu.gcr.io/gardener-project/landscaper-service/integration-test:1.20.11-alpine3.18'
+          image: 'eu.gcr.io/gardener-project/landscaper-service/integration-test:1.21.4-alpine3.18'
           output_dir: 'integration_test_ocm'
         update_release:
           inputs:
diff --git a/.test-defs/create-cluster.yaml b/.test-defs/create-cluster.yaml
index 6142e45b0..278dfe7da 100644
--- a/.test-defs/create-cluster.yaml
+++ b/.test-defs/create-cluster.yaml
@@ -16,4 +16,4 @@ spec:
     --id=$TM_TESTRUN_ID$CLUSTER_NAME
     --timeout=10m
 
-  image: golang:1.20.11
\ No newline at end of file
+  image: golang:1.21.4
\ No newline at end of file
diff --git a/.test-defs/create-registry.yaml b/.test-defs/create-registry.yaml
index 2929a5d4c..c8fef5194 100644
--- a/.test-defs/create-registry.yaml
+++ b/.test-defs/create-registry.yaml
@@ -17,4 +17,4 @@ spec:
     --dns-format=external
     --timeout=10m
 
-  image: golang:1.20.11
+  image: golang:1.21.4
diff --git a/.test-defs/delete-cluster.yaml b/.test-defs/delete-cluster.yaml
index 8f0c4990b..33e88509e 100644
--- a/.test-defs/delete-cluster.yaml
+++ b/.test-defs/delete-cluster.yaml
@@ -15,4 +15,4 @@ spec:
     --id=$TM_TESTRUN_ID$CLUSTER_NAME
     --timeout=10m
 
-  image: golang:1.20.11
+  image: golang:1.21.4
diff --git a/.test-defs/delete-registry.yaml b/.test-defs/delete-registry.yaml
index c7ca8ea57..4fff89b34 100644
--- a/.test-defs/delete-registry.yaml
+++ b/.test-defs/delete-registry.yaml
@@ -15,4 +15,4 @@ spec:
     --id=$TM_TESTRUN_ID
     --timeout=10m
 
-  image: golang:1.20.11
+  image: golang:1.21.4
diff --git a/.test-defs/integration.yaml b/.test-defs/integration.yaml
index 51574d51d..32959583f 100644
--- a/.test-defs/integration.yaml
+++ b/.test-defs/integration.yaml
@@ -16,4 +16,4 @@ spec:
     --ls-namespace=ls-system
     --ls-version=$(./hack/get-version.sh)
 
-  image: golang:1.20.11
+  image: golang:1.21.4
diff --git a/Dockerfile b/Dockerfile
index c2f176e6e..71a1d46ab 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -3,7 +3,7 @@
 # SPDX-License-Identifier: Apache-2.0
 
 #### BUILDER ####
-FROM golang:1.20.11 AS builder
+FROM golang:1.21.4 AS builder
 
 WORKDIR /go/src/github.com/gardener/landscaper
 COPY . .

From 3dc6c13b551bee731c69ffa69b4c9f6c84e914e9 Mon Sep 17 00:00:00 2001
From: Fabian Burth <fabian.burth@sap.com>
Date: Mon, 11 Dec 2023 09:06:55 +0100
Subject: [PATCH 17/23] upgrade go version (#923)

* upgrade go version and linter

* (run-int-tests)
---
 .golangci.yaml                                |  2 +-
 go.mod                                        |  2 -
 go.sum                                        |  2 +-
 hack/install-requirements.sh                  |  2 +-
 vendor/golang.org/x/sys/cpu/asm_aix_ppc64.s   |  1 -
 vendor/golang.org/x/sys/cpu/cpu_aix.go        |  1 -
 vendor/golang.org/x/sys/cpu/cpu_arm64.s       |  1 -
 vendor/golang.org/x/sys/cpu/cpu_gc_arm64.go   |  1 -
 vendor/golang.org/x/sys/cpu/cpu_gc_s390x.go   |  1 -
 vendor/golang.org/x/sys/cpu/cpu_gc_x86.go     |  2 -
 .../golang.org/x/sys/cpu/cpu_gccgo_arm64.go   |  1 -
 .../golang.org/x/sys/cpu/cpu_gccgo_s390x.go   |  1 -
 vendor/golang.org/x/sys/cpu/cpu_gccgo_x86.c   |  2 -
 vendor/golang.org/x/sys/cpu/cpu_gccgo_x86.go  |  2 -
 vendor/golang.org/x/sys/cpu/cpu_linux.go      |  1 -
 .../golang.org/x/sys/cpu/cpu_linux_mips64x.go |  2 -
 .../golang.org/x/sys/cpu/cpu_linux_noinit.go  |  1 -
 .../golang.org/x/sys/cpu/cpu_linux_ppc64x.go  |  2 -
 vendor/golang.org/x/sys/cpu/cpu_loong64.go    |  1 -
 vendor/golang.org/x/sys/cpu/cpu_mips64x.go    |  1 -
 vendor/golang.org/x/sys/cpu/cpu_mipsx.go      |  1 -
 vendor/golang.org/x/sys/cpu/cpu_other_arm.go  |  1 -
 .../golang.org/x/sys/cpu/cpu_other_arm64.go   |  1 -
 .../golang.org/x/sys/cpu/cpu_other_mips64x.go |  2 -
 .../golang.org/x/sys/cpu/cpu_other_ppc64x.go  |  3 -
 .../golang.org/x/sys/cpu/cpu_other_riscv64.go |  1 -
 vendor/golang.org/x/sys/cpu/cpu_ppc64x.go     |  1 -
 vendor/golang.org/x/sys/cpu/cpu_riscv64.go    |  1 -
 vendor/golang.org/x/sys/cpu/cpu_s390x.s       |  1 -
 vendor/golang.org/x/sys/cpu/cpu_wasm.go       |  1 -
 vendor/golang.org/x/sys/cpu/cpu_x86.go        |  1 -
 vendor/golang.org/x/sys/cpu/cpu_x86.s         |  2 -
 vendor/golang.org/x/sys/cpu/endian_big.go     |  1 -
 vendor/golang.org/x/sys/cpu/endian_little.go  |  1 -
 .../x/sys/cpu/proc_cpuinfo_linux.go           |  1 -
 .../x/sys/cpu/runtime_auxv_go121.go           |  1 -
 .../golang.org/x/sys/cpu/syscall_aix_gccgo.go |  1 -
 .../x/sys/cpu/syscall_aix_ppc64_gc.go         |  1 -
 .../golang.org/x/sys/execabs/execabs_go118.go |  1 -
 .../golang.org/x/sys/execabs/execabs_go119.go |  1 -
 .../golang.org/x/sys/plan9/pwd_go15_plan9.go  |  1 -
 vendor/golang.org/x/sys/plan9/pwd_plan9.go    |  1 -
 vendor/golang.org/x/sys/plan9/race.go         |  1 -
 vendor/golang.org/x/sys/plan9/race0.go        |  1 -
 vendor/golang.org/x/sys/plan9/str.go          |  1 -
 vendor/golang.org/x/sys/plan9/syscall.go      |  1 -
 .../x/sys/plan9/zsyscall_plan9_386.go         |  1 -
 .../x/sys/plan9/zsyscall_plan9_amd64.go       |  1 -
 .../x/sys/plan9/zsyscall_plan9_arm.go         |  1 -
 vendor/golang.org/x/sys/unix/aliases.go       |  2 -
 vendor/golang.org/x/sys/unix/asm_aix_ppc64.s  |  1 -
 vendor/golang.org/x/sys/unix/asm_bsd_386.s    |  2 -
 vendor/golang.org/x/sys/unix/asm_bsd_amd64.s  |  2 -
 vendor/golang.org/x/sys/unix/asm_bsd_arm.s    |  2 -
 vendor/golang.org/x/sys/unix/asm_bsd_arm64.s  |  2 -
 vendor/golang.org/x/sys/unix/asm_bsd_ppc64.s  |  2 -
 .../golang.org/x/sys/unix/asm_bsd_riscv64.s   |  2 -
 vendor/golang.org/x/sys/unix/asm_linux_386.s  |  1 -
 .../golang.org/x/sys/unix/asm_linux_amd64.s   |  1 -
 vendor/golang.org/x/sys/unix/asm_linux_arm.s  |  1 -
 .../golang.org/x/sys/unix/asm_linux_arm64.s   |  3 -
 .../golang.org/x/sys/unix/asm_linux_loong64.s |  3 -
 .../golang.org/x/sys/unix/asm_linux_mips64x.s |  3 -
 .../golang.org/x/sys/unix/asm_linux_mipsx.s   |  3 -
 .../golang.org/x/sys/unix/asm_linux_ppc64x.s  |  3 -
 .../golang.org/x/sys/unix/asm_linux_riscv64.s |  2 -
 .../golang.org/x/sys/unix/asm_linux_s390x.s   |  3 -
 .../x/sys/unix/asm_openbsd_mips64.s           |  1 -
 .../golang.org/x/sys/unix/asm_solaris_amd64.s |  1 -
 vendor/golang.org/x/sys/unix/asm_zos_s390x.s  |  3 -
 vendor/golang.org/x/sys/unix/cap_freebsd.go   |  1 -
 vendor/golang.org/x/sys/unix/constants.go     |  1 -
 vendor/golang.org/x/sys/unix/dev_aix_ppc.go   |  1 -
 vendor/golang.org/x/sys/unix/dev_aix_ppc64.go |  1 -
 vendor/golang.org/x/sys/unix/dev_zos.go       |  1 -
 vendor/golang.org/x/sys/unix/dirent.go        |  1 -
 vendor/golang.org/x/sys/unix/endian_big.go    |  1 -
 vendor/golang.org/x/sys/unix/endian_little.go |  1 -
 vendor/golang.org/x/sys/unix/env_unix.go      |  1 -
 vendor/golang.org/x/sys/unix/epoll_zos.go     |  1 -
 vendor/golang.org/x/sys/unix/fcntl.go         |  1 -
 .../x/sys/unix/fcntl_linux_32bit.go           |  1 -
 vendor/golang.org/x/sys/unix/fdset.go         |  1 -
 vendor/golang.org/x/sys/unix/fstatfs_zos.go   |  1 -
 vendor/golang.org/x/sys/unix/gccgo.go         |  1 -
 vendor/golang.org/x/sys/unix/gccgo_c.c        |  1 -
 .../x/sys/unix/gccgo_linux_amd64.go           |  1 -
 vendor/golang.org/x/sys/unix/ifreq_linux.go   |  1 -
 vendor/golang.org/x/sys/unix/ioctl_signed.go  |  1 -
 .../golang.org/x/sys/unix/ioctl_unsigned.go   |  1 -
 vendor/golang.org/x/sys/unix/ioctl_zos.go     |  1 -
 vendor/golang.org/x/sys/unix/mkerrors.sh      |  1 -
 vendor/golang.org/x/sys/unix/mmap_nomremap.go |  1 -
 vendor/golang.org/x/sys/unix/mremap.go        |  1 -
 vendor/golang.org/x/sys/unix/pagesize_unix.go |  1 -
 .../golang.org/x/sys/unix/pledge_openbsd.go   | 92 ++++---------------
 vendor/golang.org/x/sys/unix/ptrace_darwin.go |  1 -
 vendor/golang.org/x/sys/unix/ptrace_ios.go    |  1 -
 vendor/golang.org/x/sys/unix/race.go          |  1 -
 vendor/golang.org/x/sys/unix/race0.go         |  1 -
 .../x/sys/unix/readdirent_getdents.go         |  1 -
 .../x/sys/unix/readdirent_getdirentries.go    |  1 -
 vendor/golang.org/x/sys/unix/sockcmsg_unix.go |  1 -
 .../x/sys/unix/sockcmsg_unix_other.go         |  1 -
 vendor/golang.org/x/sys/unix/syscall.go       |  1 -
 vendor/golang.org/x/sys/unix/syscall_aix.go   |  4 +-
 .../golang.org/x/sys/unix/syscall_aix_ppc.go  |  1 -
 .../x/sys/unix/syscall_aix_ppc64.go           |  1 -
 vendor/golang.org/x/sys/unix/syscall_bsd.go   |  1 -
 .../x/sys/unix/syscall_darwin_amd64.go        |  1 -
 .../x/sys/unix/syscall_darwin_arm64.go        |  1 -
 .../x/sys/unix/syscall_darwin_libSystem.go    |  1 -
 .../x/sys/unix/syscall_dragonfly_amd64.go     |  1 -
 .../x/sys/unix/syscall_freebsd_386.go         |  1 -
 .../x/sys/unix/syscall_freebsd_amd64.go       |  1 -
 .../x/sys/unix/syscall_freebsd_arm.go         |  1 -
 .../x/sys/unix/syscall_freebsd_arm64.go       |  1 -
 .../x/sys/unix/syscall_freebsd_riscv64.go     |  1 -
 vendor/golang.org/x/sys/unix/syscall_hurd.go  |  1 -
 .../golang.org/x/sys/unix/syscall_hurd_386.go |  1 -
 .../golang.org/x/sys/unix/syscall_illumos.go  |  1 -
 vendor/golang.org/x/sys/unix/syscall_linux.go |  5 +-
 .../x/sys/unix/syscall_linux_386.go           |  1 -
 .../x/sys/unix/syscall_linux_alarm.go         |  2 -
 .../x/sys/unix/syscall_linux_amd64.go         |  1 -
 .../x/sys/unix/syscall_linux_amd64_gc.go      |  1 -
 .../x/sys/unix/syscall_linux_arm.go           |  1 -
 .../x/sys/unix/syscall_linux_arm64.go         |  1 -
 .../golang.org/x/sys/unix/syscall_linux_gc.go |  1 -
 .../x/sys/unix/syscall_linux_gc_386.go        |  1 -
 .../x/sys/unix/syscall_linux_gc_arm.go        |  1 -
 .../x/sys/unix/syscall_linux_gccgo_386.go     |  1 -
 .../x/sys/unix/syscall_linux_gccgo_arm.go     |  1 -
 .../x/sys/unix/syscall_linux_loong64.go       |  1 -
 .../x/sys/unix/syscall_linux_mips64x.go       |  2 -
 .../x/sys/unix/syscall_linux_mipsx.go         |  2 -
 .../x/sys/unix/syscall_linux_ppc.go           |  1 -
 .../x/sys/unix/syscall_linux_ppc64x.go        |  2 -
 .../x/sys/unix/syscall_linux_riscv64.go       |  1 -
 .../x/sys/unix/syscall_linux_s390x.go         |  1 -
 .../x/sys/unix/syscall_linux_sparc64.go       |  1 -
 .../x/sys/unix/syscall_netbsd_386.go          |  1 -
 .../x/sys/unix/syscall_netbsd_amd64.go        |  1 -
 .../x/sys/unix/syscall_netbsd_arm.go          |  1 -
 .../x/sys/unix/syscall_netbsd_arm64.go        |  1 -
 .../golang.org/x/sys/unix/syscall_openbsd.go  | 14 ++-
 .../x/sys/unix/syscall_openbsd_386.go         |  1 -
 .../x/sys/unix/syscall_openbsd_amd64.go       |  1 -
 .../x/sys/unix/syscall_openbsd_arm.go         |  1 -
 .../x/sys/unix/syscall_openbsd_arm64.go       |  1 -
 .../x/sys/unix/syscall_openbsd_libc.go        |  1 -
 .../x/sys/unix/syscall_openbsd_ppc64.go       |  1 -
 .../x/sys/unix/syscall_openbsd_riscv64.go     |  1 -
 .../golang.org/x/sys/unix/syscall_solaris.go  |  3 +-
 .../x/sys/unix/syscall_solaris_amd64.go       |  1 -
 vendor/golang.org/x/sys/unix/syscall_unix.go  |  1 -
 .../golang.org/x/sys/unix/syscall_unix_gc.go  |  2 -
 .../x/sys/unix/syscall_unix_gc_ppc64x.go      |  3 -
 .../x/sys/unix/syscall_zos_s390x.go           |  1 -
 vendor/golang.org/x/sys/unix/sysvshm_linux.go |  1 -
 vendor/golang.org/x/sys/unix/sysvshm_unix.go  |  1 -
 .../x/sys/unix/sysvshm_unix_other.go          |  1 -
 vendor/golang.org/x/sys/unix/timestruct.go    |  1 -
 .../golang.org/x/sys/unix/unveil_openbsd.go   | 41 +++++----
 vendor/golang.org/x/sys/unix/xattr_bsd.go     |  1 -
 .../golang.org/x/sys/unix/zerrors_aix_ppc.go  |  1 -
 .../x/sys/unix/zerrors_aix_ppc64.go           |  1 -
 .../x/sys/unix/zerrors_darwin_amd64.go        |  1 -
 .../x/sys/unix/zerrors_darwin_arm64.go        |  1 -
 .../x/sys/unix/zerrors_dragonfly_amd64.go     |  1 -
 .../x/sys/unix/zerrors_freebsd_386.go         |  1 -
 .../x/sys/unix/zerrors_freebsd_amd64.go       |  1 -
 .../x/sys/unix/zerrors_freebsd_arm.go         |  1 -
 .../x/sys/unix/zerrors_freebsd_arm64.go       |  1 -
 .../x/sys/unix/zerrors_freebsd_riscv64.go     |  1 -
 vendor/golang.org/x/sys/unix/zerrors_linux.go | 14 ++-
 .../x/sys/unix/zerrors_linux_386.go           |  1 -
 .../x/sys/unix/zerrors_linux_amd64.go         |  1 -
 .../x/sys/unix/zerrors_linux_arm.go           |  1 -
 .../x/sys/unix/zerrors_linux_arm64.go         |  1 -
 .../x/sys/unix/zerrors_linux_loong64.go       |  2 +-
 .../x/sys/unix/zerrors_linux_mips.go          |  1 -
 .../x/sys/unix/zerrors_linux_mips64.go        |  1 -
 .../x/sys/unix/zerrors_linux_mips64le.go      |  1 -
 .../x/sys/unix/zerrors_linux_mipsle.go        |  1 -
 .../x/sys/unix/zerrors_linux_ppc.go           |  1 -
 .../x/sys/unix/zerrors_linux_ppc64.go         |  1 -
 .../x/sys/unix/zerrors_linux_ppc64le.go       |  1 -
 .../x/sys/unix/zerrors_linux_riscv64.go       |  4 +-
 .../x/sys/unix/zerrors_linux_s390x.go         |  1 -
 .../x/sys/unix/zerrors_linux_sparc64.go       |  1 -
 .../x/sys/unix/zerrors_netbsd_386.go          |  1 -
 .../x/sys/unix/zerrors_netbsd_amd64.go        |  1 -
 .../x/sys/unix/zerrors_netbsd_arm.go          |  1 -
 .../x/sys/unix/zerrors_netbsd_arm64.go        |  1 -
 .../x/sys/unix/zerrors_openbsd_386.go         |  1 -
 .../x/sys/unix/zerrors_openbsd_amd64.go       |  1 -
 .../x/sys/unix/zerrors_openbsd_arm.go         |  1 -
 .../x/sys/unix/zerrors_openbsd_arm64.go       |  1 -
 .../x/sys/unix/zerrors_openbsd_mips64.go      |  1 -
 .../x/sys/unix/zerrors_openbsd_ppc64.go       |  1 -
 .../x/sys/unix/zerrors_openbsd_riscv64.go     |  1 -
 .../x/sys/unix/zerrors_solaris_amd64.go       |  1 -
 .../x/sys/unix/zerrors_zos_s390x.go           |  1 -
 .../x/sys/unix/zptrace_armnn_linux.go         |  2 -
 .../x/sys/unix/zptrace_mipsnn_linux.go        |  2 -
 .../x/sys/unix/zptrace_mipsnnle_linux.go      |  2 -
 .../x/sys/unix/zptrace_x86_linux.go           |  2 -
 .../golang.org/x/sys/unix/zsyscall_aix_ppc.go |  1 -
 .../x/sys/unix/zsyscall_aix_ppc64.go          |  1 -
 .../x/sys/unix/zsyscall_aix_ppc64_gc.go       |  1 -
 .../x/sys/unix/zsyscall_aix_ppc64_gccgo.go    |  1 -
 .../x/sys/unix/zsyscall_darwin_amd64.go       |  1 -
 .../x/sys/unix/zsyscall_darwin_arm64.go       |  1 -
 .../x/sys/unix/zsyscall_dragonfly_amd64.go    |  1 -
 .../x/sys/unix/zsyscall_freebsd_386.go        |  1 -
 .../x/sys/unix/zsyscall_freebsd_amd64.go      |  1 -
 .../x/sys/unix/zsyscall_freebsd_arm.go        |  1 -
 .../x/sys/unix/zsyscall_freebsd_arm64.go      |  1 -
 .../x/sys/unix/zsyscall_freebsd_riscv64.go    |  1 -
 .../x/sys/unix/zsyscall_illumos_amd64.go      |  1 -
 .../golang.org/x/sys/unix/zsyscall_linux.go   | 11 ++-
 .../x/sys/unix/zsyscall_linux_386.go          |  1 -
 .../x/sys/unix/zsyscall_linux_amd64.go        |  1 -
 .../x/sys/unix/zsyscall_linux_arm.go          |  1 -
 .../x/sys/unix/zsyscall_linux_arm64.go        |  1 -
 .../x/sys/unix/zsyscall_linux_loong64.go      |  1 -
 .../x/sys/unix/zsyscall_linux_mips.go         |  1 -
 .../x/sys/unix/zsyscall_linux_mips64.go       |  1 -
 .../x/sys/unix/zsyscall_linux_mips64le.go     |  1 -
 .../x/sys/unix/zsyscall_linux_mipsle.go       |  1 -
 .../x/sys/unix/zsyscall_linux_ppc.go          |  1 -
 .../x/sys/unix/zsyscall_linux_ppc64.go        |  1 -
 .../x/sys/unix/zsyscall_linux_ppc64le.go      |  1 -
 .../x/sys/unix/zsyscall_linux_riscv64.go      |  1 -
 .../x/sys/unix/zsyscall_linux_s390x.go        |  1 -
 .../x/sys/unix/zsyscall_linux_sparc64.go      |  1 -
 .../x/sys/unix/zsyscall_netbsd_386.go         |  1 -
 .../x/sys/unix/zsyscall_netbsd_amd64.go       |  1 -
 .../x/sys/unix/zsyscall_netbsd_arm.go         |  1 -
 .../x/sys/unix/zsyscall_netbsd_arm64.go       |  1 -
 .../x/sys/unix/zsyscall_openbsd_386.go        | 46 +++++++++-
 .../x/sys/unix/zsyscall_openbsd_386.s         | 15 +++
 .../x/sys/unix/zsyscall_openbsd_amd64.go      | 46 +++++++++-
 .../x/sys/unix/zsyscall_openbsd_amd64.s       | 15 +++
 .../x/sys/unix/zsyscall_openbsd_arm.go        | 46 +++++++++-
 .../x/sys/unix/zsyscall_openbsd_arm.s         | 15 +++
 .../x/sys/unix/zsyscall_openbsd_arm64.go      | 46 +++++++++-
 .../x/sys/unix/zsyscall_openbsd_arm64.s       | 15 +++
 .../x/sys/unix/zsyscall_openbsd_mips64.go     | 46 +++++++++-
 .../x/sys/unix/zsyscall_openbsd_mips64.s      | 15 +++
 .../x/sys/unix/zsyscall_openbsd_ppc64.go      | 46 +++++++++-
 .../x/sys/unix/zsyscall_openbsd_ppc64.s       | 18 ++++
 .../x/sys/unix/zsyscall_openbsd_riscv64.go    | 46 +++++++++-
 .../x/sys/unix/zsyscall_openbsd_riscv64.s     | 15 +++
 .../x/sys/unix/zsyscall_solaris_amd64.go      |  1 -
 .../x/sys/unix/zsyscall_zos_s390x.go          |  1 -
 .../x/sys/unix/zsysctl_openbsd_386.go         |  1 -
 .../x/sys/unix/zsysctl_openbsd_amd64.go       |  1 -
 .../x/sys/unix/zsysctl_openbsd_arm.go         |  1 -
 .../x/sys/unix/zsysctl_openbsd_arm64.go       |  1 -
 .../x/sys/unix/zsysctl_openbsd_mips64.go      |  1 -
 .../x/sys/unix/zsysctl_openbsd_ppc64.go       |  1 -
 .../x/sys/unix/zsysctl_openbsd_riscv64.go     |  1 -
 .../x/sys/unix/zsysnum_darwin_amd64.go        |  1 -
 .../x/sys/unix/zsysnum_darwin_arm64.go        |  1 -
 .../x/sys/unix/zsysnum_dragonfly_amd64.go     |  1 -
 .../x/sys/unix/zsysnum_freebsd_386.go         |  1 -
 .../x/sys/unix/zsysnum_freebsd_amd64.go       |  1 -
 .../x/sys/unix/zsysnum_freebsd_arm.go         |  1 -
 .../x/sys/unix/zsysnum_freebsd_arm64.go       |  1 -
 .../x/sys/unix/zsysnum_freebsd_riscv64.go     |  1 -
 .../x/sys/unix/zsysnum_linux_386.go           |  2 +-
 .../x/sys/unix/zsysnum_linux_amd64.go         |  3 +-
 .../x/sys/unix/zsysnum_linux_arm.go           |  2 +-
 .../x/sys/unix/zsysnum_linux_arm64.go         |  2 +-
 .../x/sys/unix/zsysnum_linux_loong64.go       |  2 +-
 .../x/sys/unix/zsysnum_linux_mips.go          |  2 +-
 .../x/sys/unix/zsysnum_linux_mips64.go        |  2 +-
 .../x/sys/unix/zsysnum_linux_mips64le.go      |  2 +-
 .../x/sys/unix/zsysnum_linux_mipsle.go        |  2 +-
 .../x/sys/unix/zsysnum_linux_ppc.go           |  2 +-
 .../x/sys/unix/zsysnum_linux_ppc64.go         |  2 +-
 .../x/sys/unix/zsysnum_linux_ppc64le.go       |  2 +-
 .../x/sys/unix/zsysnum_linux_riscv64.go       |  2 +-
 .../x/sys/unix/zsysnum_linux_s390x.go         |  2 +-
 .../x/sys/unix/zsysnum_linux_sparc64.go       |  2 +-
 .../x/sys/unix/zsysnum_netbsd_386.go          |  1 -
 .../x/sys/unix/zsysnum_netbsd_amd64.go        |  1 -
 .../x/sys/unix/zsysnum_netbsd_arm.go          |  1 -
 .../x/sys/unix/zsysnum_netbsd_arm64.go        |  1 -
 .../x/sys/unix/zsysnum_openbsd_386.go         |  1 -
 .../x/sys/unix/zsysnum_openbsd_amd64.go       |  1 -
 .../x/sys/unix/zsysnum_openbsd_arm.go         |  1 -
 .../x/sys/unix/zsysnum_openbsd_arm64.go       |  1 -
 .../x/sys/unix/zsysnum_openbsd_mips64.go      |  1 -
 .../x/sys/unix/zsysnum_openbsd_ppc64.go       |  1 -
 .../x/sys/unix/zsysnum_openbsd_riscv64.go     |  1 -
 .../x/sys/unix/zsysnum_zos_s390x.go           |  1 -
 .../golang.org/x/sys/unix/ztypes_aix_ppc.go   |  1 -
 .../golang.org/x/sys/unix/ztypes_aix_ppc64.go |  1 -
 .../x/sys/unix/ztypes_darwin_amd64.go         |  1 -
 .../x/sys/unix/ztypes_darwin_arm64.go         |  1 -
 .../x/sys/unix/ztypes_dragonfly_amd64.go      |  1 -
 .../x/sys/unix/ztypes_freebsd_386.go          |  1 -
 .../x/sys/unix/ztypes_freebsd_amd64.go        |  1 -
 .../x/sys/unix/ztypes_freebsd_arm.go          |  1 -
 .../x/sys/unix/ztypes_freebsd_arm64.go        |  1 -
 .../x/sys/unix/ztypes_freebsd_riscv64.go      |  1 -
 vendor/golang.org/x/sys/unix/ztypes_linux.go  | 13 ++-
 .../golang.org/x/sys/unix/ztypes_linux_386.go |  1 -
 .../x/sys/unix/ztypes_linux_amd64.go          |  1 -
 .../golang.org/x/sys/unix/ztypes_linux_arm.go |  1 -
 .../x/sys/unix/ztypes_linux_arm64.go          |  1 -
 .../x/sys/unix/ztypes_linux_loong64.go        |  1 -
 .../x/sys/unix/ztypes_linux_mips.go           |  1 -
 .../x/sys/unix/ztypes_linux_mips64.go         |  1 -
 .../x/sys/unix/ztypes_linux_mips64le.go       |  1 -
 .../x/sys/unix/ztypes_linux_mipsle.go         |  1 -
 .../golang.org/x/sys/unix/ztypes_linux_ppc.go |  1 -
 .../x/sys/unix/ztypes_linux_ppc64.go          |  1 -
 .../x/sys/unix/ztypes_linux_ppc64le.go        |  1 -
 .../x/sys/unix/ztypes_linux_riscv64.go        |  1 -
 .../x/sys/unix/ztypes_linux_s390x.go          |  1 -
 .../x/sys/unix/ztypes_linux_sparc64.go        |  1 -
 .../x/sys/unix/ztypes_netbsd_386.go           |  1 -
 .../x/sys/unix/ztypes_netbsd_amd64.go         |  1 -
 .../x/sys/unix/ztypes_netbsd_arm.go           |  1 -
 .../x/sys/unix/ztypes_netbsd_arm64.go         |  1 -
 .../x/sys/unix/ztypes_openbsd_386.go          |  1 -
 .../x/sys/unix/ztypes_openbsd_amd64.go        |  1 -
 .../x/sys/unix/ztypes_openbsd_arm.go          |  1 -
 .../x/sys/unix/ztypes_openbsd_arm64.go        |  1 -
 .../x/sys/unix/ztypes_openbsd_mips64.go       |  1 -
 .../x/sys/unix/ztypes_openbsd_ppc64.go        |  1 -
 .../x/sys/unix/ztypes_openbsd_riscv64.go      |  1 -
 .../x/sys/unix/ztypes_solaris_amd64.go        |  1 -
 .../golang.org/x/sys/unix/ztypes_zos_s390x.go |  1 -
 vendor/golang.org/x/sys/windows/aliases.go    |  1 -
 vendor/golang.org/x/sys/windows/empty.s       |  1 -
 vendor/golang.org/x/sys/windows/eventlog.go   |  1 -
 vendor/golang.org/x/sys/windows/mksyscall.go  |  1 -
 vendor/golang.org/x/sys/windows/race.go       |  1 -
 vendor/golang.org/x/sys/windows/race0.go      |  1 -
 vendor/golang.org/x/sys/windows/service.go    |  1 -
 vendor/golang.org/x/sys/windows/str.go        |  1 -
 vendor/golang.org/x/sys/windows/syscall.go    |  1 -
 .../x/sys/windows/syscall_windows.go          |  4 +-
 .../golang.org/x/sys/windows/types_windows.go | 28 +++++-
 .../x/sys/windows/zsyscall_windows.go         |  9 ++
 vendor/modules.txt                            |  4 +-
 351 files changed, 580 insertions(+), 482 deletions(-)

diff --git a/.golangci.yaml b/.golangci.yaml
index 2658cc315..73cfe5810 100644
--- a/.golangci.yaml
+++ b/.golangci.yaml
@@ -1,7 +1,7 @@
 run:
   concurrency: 4
   deadline: 10m
-  go: '1.20'
+  go: '1.21'
 
   skip-files:
   - "zz_generated.*\\.go$"
diff --git a/go.mod b/go.mod
index 254a92904..93bbbf117 100644
--- a/go.mod
+++ b/go.mod
@@ -2,8 +2,6 @@ module github.com/gardener/landscaper
 
 go 1.21
 
-toolchain go1.21.4
-
 require (
 	github.com/Masterminds/sprig/v3 v3.2.3
 	github.com/ahmetb/gen-crd-api-reference-docs v0.3.0
diff --git a/go.sum b/go.sum
index 4ba57b684..5198e7dc7 100644
--- a/go.sum
+++ b/go.sum
@@ -684,7 +684,7 @@ github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYF
 github.com/fatih/color v1.15.0 h1:kOqh6YHBtK8aywxGerMG2Eq3H6Qgoqeo13Bk2Mv/nBs=
 github.com/fatih/color v1.15.0/go.mod h1:0h5ZqXfHYED7Bhv2ZJamyIOUej9KtShiJESRwBDUSsw=
 github.com/felixge/httpsnoop v1.0.1/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
-github.com/felixge/httpsnoop v1.0.3 h1:s/nj+GCswXYzN5v2DpNMuMQYe+0DDwt5WVCU6CWBdXk=
+github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg=
 github.com/flowstack/go-jsonschema v0.1.1/go.mod h1:yL7fNggx1o8rm9RlgXv7hTBWxdBM0rVwpMwimd3F3N0=
 github.com/fluxcd/pkg/ssa v0.24.1 h1:0dn5FqyYdGa+VuDp5EJrkLbPq5xhhSAAkMgGUeMpOM0=
 github.com/fluxcd/pkg/ssa v0.24.1/go.mod h1:nEOUOwGotBlNZkTkO6GHPlI0U0BmHTavFd1Jk+TzsGw=
diff --git a/hack/install-requirements.sh b/hack/install-requirements.sh
index 6cedd3902..567c02b48 100755
--- a/hack/install-requirements.sh
+++ b/hack/install-requirements.sh
@@ -62,7 +62,7 @@ fi
 
 GO111MODULE=off go get golang.org/x/tools/cmd/goimports
 
-curl -sfL "https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh" | sh -s -- -b $(go env GOPATH)/bin v1.54.2
+curl -sfL "https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh" | sh -s -- -b $(go env GOPATH)/bin v1.55.2
 
 # install jq (needed for documentation index generation)
 if ! jq --version &>/dev/null; then
diff --git a/vendor/golang.org/x/sys/cpu/asm_aix_ppc64.s b/vendor/golang.org/x/sys/cpu/asm_aix_ppc64.s
index db9171c2e..269e173ca 100644
--- a/vendor/golang.org/x/sys/cpu/asm_aix_ppc64.s
+++ b/vendor/golang.org/x/sys/cpu/asm_aix_ppc64.s
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build gc
-// +build gc
 
 #include "textflag.h"
 
diff --git a/vendor/golang.org/x/sys/cpu/cpu_aix.go b/vendor/golang.org/x/sys/cpu/cpu_aix.go
index 8aaeef545..9bf0c32eb 100644
--- a/vendor/golang.org/x/sys/cpu/cpu_aix.go
+++ b/vendor/golang.org/x/sys/cpu/cpu_aix.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build aix
-// +build aix
 
 package cpu
 
diff --git a/vendor/golang.org/x/sys/cpu/cpu_arm64.s b/vendor/golang.org/x/sys/cpu/cpu_arm64.s
index c61f95a05..fcb9a3888 100644
--- a/vendor/golang.org/x/sys/cpu/cpu_arm64.s
+++ b/vendor/golang.org/x/sys/cpu/cpu_arm64.s
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build gc
-// +build gc
 
 #include "textflag.h"
 
diff --git a/vendor/golang.org/x/sys/cpu/cpu_gc_arm64.go b/vendor/golang.org/x/sys/cpu/cpu_gc_arm64.go
index ccf542a73..a8acd3e32 100644
--- a/vendor/golang.org/x/sys/cpu/cpu_gc_arm64.go
+++ b/vendor/golang.org/x/sys/cpu/cpu_gc_arm64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build gc
-// +build gc
 
 package cpu
 
diff --git a/vendor/golang.org/x/sys/cpu/cpu_gc_s390x.go b/vendor/golang.org/x/sys/cpu/cpu_gc_s390x.go
index 0af2f2484..c8ae6ddc1 100644
--- a/vendor/golang.org/x/sys/cpu/cpu_gc_s390x.go
+++ b/vendor/golang.org/x/sys/cpu/cpu_gc_s390x.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build gc
-// +build gc
 
 package cpu
 
diff --git a/vendor/golang.org/x/sys/cpu/cpu_gc_x86.go b/vendor/golang.org/x/sys/cpu/cpu_gc_x86.go
index fa7cdb9bc..910728fb1 100644
--- a/vendor/golang.org/x/sys/cpu/cpu_gc_x86.go
+++ b/vendor/golang.org/x/sys/cpu/cpu_gc_x86.go
@@ -3,8 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build (386 || amd64 || amd64p32) && gc
-// +build 386 amd64 amd64p32
-// +build gc
 
 package cpu
 
diff --git a/vendor/golang.org/x/sys/cpu/cpu_gccgo_arm64.go b/vendor/golang.org/x/sys/cpu/cpu_gccgo_arm64.go
index 2aff31891..7f1946780 100644
--- a/vendor/golang.org/x/sys/cpu/cpu_gccgo_arm64.go
+++ b/vendor/golang.org/x/sys/cpu/cpu_gccgo_arm64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build gccgo
-// +build gccgo
 
 package cpu
 
diff --git a/vendor/golang.org/x/sys/cpu/cpu_gccgo_s390x.go b/vendor/golang.org/x/sys/cpu/cpu_gccgo_s390x.go
index 4bfbda619..9526d2ce3 100644
--- a/vendor/golang.org/x/sys/cpu/cpu_gccgo_s390x.go
+++ b/vendor/golang.org/x/sys/cpu/cpu_gccgo_s390x.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build gccgo
-// +build gccgo
 
 package cpu
 
diff --git a/vendor/golang.org/x/sys/cpu/cpu_gccgo_x86.c b/vendor/golang.org/x/sys/cpu/cpu_gccgo_x86.c
index 6cc73109f..3f73a05dc 100644
--- a/vendor/golang.org/x/sys/cpu/cpu_gccgo_x86.c
+++ b/vendor/golang.org/x/sys/cpu/cpu_gccgo_x86.c
@@ -3,8 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build (386 || amd64 || amd64p32) && gccgo
-// +build 386 amd64 amd64p32
-// +build gccgo
 
 #include <cpuid.h>
 #include <stdint.h>
diff --git a/vendor/golang.org/x/sys/cpu/cpu_gccgo_x86.go b/vendor/golang.org/x/sys/cpu/cpu_gccgo_x86.go
index 863d415ab..99c60fe9f 100644
--- a/vendor/golang.org/x/sys/cpu/cpu_gccgo_x86.go
+++ b/vendor/golang.org/x/sys/cpu/cpu_gccgo_x86.go
@@ -3,8 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build (386 || amd64 || amd64p32) && gccgo
-// +build 386 amd64 amd64p32
-// +build gccgo
 
 package cpu
 
diff --git a/vendor/golang.org/x/sys/cpu/cpu_linux.go b/vendor/golang.org/x/sys/cpu/cpu_linux.go
index 159a686f6..743eb5435 100644
--- a/vendor/golang.org/x/sys/cpu/cpu_linux.go
+++ b/vendor/golang.org/x/sys/cpu/cpu_linux.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build !386 && !amd64 && !amd64p32 && !arm64
-// +build !386,!amd64,!amd64p32,!arm64
 
 package cpu
 
diff --git a/vendor/golang.org/x/sys/cpu/cpu_linux_mips64x.go b/vendor/golang.org/x/sys/cpu/cpu_linux_mips64x.go
index 6000db4cd..4686c1d54 100644
--- a/vendor/golang.org/x/sys/cpu/cpu_linux_mips64x.go
+++ b/vendor/golang.org/x/sys/cpu/cpu_linux_mips64x.go
@@ -3,8 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build linux && (mips64 || mips64le)
-// +build linux
-// +build mips64 mips64le
 
 package cpu
 
diff --git a/vendor/golang.org/x/sys/cpu/cpu_linux_noinit.go b/vendor/golang.org/x/sys/cpu/cpu_linux_noinit.go
index f4992b1a5..cd63e7335 100644
--- a/vendor/golang.org/x/sys/cpu/cpu_linux_noinit.go
+++ b/vendor/golang.org/x/sys/cpu/cpu_linux_noinit.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build linux && !arm && !arm64 && !mips64 && !mips64le && !ppc64 && !ppc64le && !s390x
-// +build linux,!arm,!arm64,!mips64,!mips64le,!ppc64,!ppc64le,!s390x
 
 package cpu
 
diff --git a/vendor/golang.org/x/sys/cpu/cpu_linux_ppc64x.go b/vendor/golang.org/x/sys/cpu/cpu_linux_ppc64x.go
index 021356d6d..197188e67 100644
--- a/vendor/golang.org/x/sys/cpu/cpu_linux_ppc64x.go
+++ b/vendor/golang.org/x/sys/cpu/cpu_linux_ppc64x.go
@@ -3,8 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build linux && (ppc64 || ppc64le)
-// +build linux
-// +build ppc64 ppc64le
 
 package cpu
 
diff --git a/vendor/golang.org/x/sys/cpu/cpu_loong64.go b/vendor/golang.org/x/sys/cpu/cpu_loong64.go
index 0f57b05bd..558635850 100644
--- a/vendor/golang.org/x/sys/cpu/cpu_loong64.go
+++ b/vendor/golang.org/x/sys/cpu/cpu_loong64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build loong64
-// +build loong64
 
 package cpu
 
diff --git a/vendor/golang.org/x/sys/cpu/cpu_mips64x.go b/vendor/golang.org/x/sys/cpu/cpu_mips64x.go
index f4063c664..fedb00cc4 100644
--- a/vendor/golang.org/x/sys/cpu/cpu_mips64x.go
+++ b/vendor/golang.org/x/sys/cpu/cpu_mips64x.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build mips64 || mips64le
-// +build mips64 mips64le
 
 package cpu
 
diff --git a/vendor/golang.org/x/sys/cpu/cpu_mipsx.go b/vendor/golang.org/x/sys/cpu/cpu_mipsx.go
index 07c4e36d8..ffb4ec7eb 100644
--- a/vendor/golang.org/x/sys/cpu/cpu_mipsx.go
+++ b/vendor/golang.org/x/sys/cpu/cpu_mipsx.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build mips || mipsle
-// +build mips mipsle
 
 package cpu
 
diff --git a/vendor/golang.org/x/sys/cpu/cpu_other_arm.go b/vendor/golang.org/x/sys/cpu/cpu_other_arm.go
index d7b4fb4cc..e9ecf2a45 100644
--- a/vendor/golang.org/x/sys/cpu/cpu_other_arm.go
+++ b/vendor/golang.org/x/sys/cpu/cpu_other_arm.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build !linux && arm
-// +build !linux,arm
 
 package cpu
 
diff --git a/vendor/golang.org/x/sys/cpu/cpu_other_arm64.go b/vendor/golang.org/x/sys/cpu/cpu_other_arm64.go
index f3cde129b..5341e7f88 100644
--- a/vendor/golang.org/x/sys/cpu/cpu_other_arm64.go
+++ b/vendor/golang.org/x/sys/cpu/cpu_other_arm64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build !linux && !netbsd && !openbsd && arm64
-// +build !linux,!netbsd,!openbsd,arm64
 
 package cpu
 
diff --git a/vendor/golang.org/x/sys/cpu/cpu_other_mips64x.go b/vendor/golang.org/x/sys/cpu/cpu_other_mips64x.go
index 0dafe9644..5f8f2419a 100644
--- a/vendor/golang.org/x/sys/cpu/cpu_other_mips64x.go
+++ b/vendor/golang.org/x/sys/cpu/cpu_other_mips64x.go
@@ -3,8 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build !linux && (mips64 || mips64le)
-// +build !linux
-// +build mips64 mips64le
 
 package cpu
 
diff --git a/vendor/golang.org/x/sys/cpu/cpu_other_ppc64x.go b/vendor/golang.org/x/sys/cpu/cpu_other_ppc64x.go
index 060d46b6e..89608fba2 100644
--- a/vendor/golang.org/x/sys/cpu/cpu_other_ppc64x.go
+++ b/vendor/golang.org/x/sys/cpu/cpu_other_ppc64x.go
@@ -3,9 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build !aix && !linux && (ppc64 || ppc64le)
-// +build !aix
-// +build !linux
-// +build ppc64 ppc64le
 
 package cpu
 
diff --git a/vendor/golang.org/x/sys/cpu/cpu_other_riscv64.go b/vendor/golang.org/x/sys/cpu/cpu_other_riscv64.go
index dd10eb79f..5ab87808f 100644
--- a/vendor/golang.org/x/sys/cpu/cpu_other_riscv64.go
+++ b/vendor/golang.org/x/sys/cpu/cpu_other_riscv64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build !linux && riscv64
-// +build !linux,riscv64
 
 package cpu
 
diff --git a/vendor/golang.org/x/sys/cpu/cpu_ppc64x.go b/vendor/golang.org/x/sys/cpu/cpu_ppc64x.go
index 4e8acd165..c14f12b14 100644
--- a/vendor/golang.org/x/sys/cpu/cpu_ppc64x.go
+++ b/vendor/golang.org/x/sys/cpu/cpu_ppc64x.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build ppc64 || ppc64le
-// +build ppc64 ppc64le
 
 package cpu
 
diff --git a/vendor/golang.org/x/sys/cpu/cpu_riscv64.go b/vendor/golang.org/x/sys/cpu/cpu_riscv64.go
index ff7da60eb..7f0c79c00 100644
--- a/vendor/golang.org/x/sys/cpu/cpu_riscv64.go
+++ b/vendor/golang.org/x/sys/cpu/cpu_riscv64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build riscv64
-// +build riscv64
 
 package cpu
 
diff --git a/vendor/golang.org/x/sys/cpu/cpu_s390x.s b/vendor/golang.org/x/sys/cpu/cpu_s390x.s
index 96f81e209..1fb4b7013 100644
--- a/vendor/golang.org/x/sys/cpu/cpu_s390x.s
+++ b/vendor/golang.org/x/sys/cpu/cpu_s390x.s
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build gc
-// +build gc
 
 #include "textflag.h"
 
diff --git a/vendor/golang.org/x/sys/cpu/cpu_wasm.go b/vendor/golang.org/x/sys/cpu/cpu_wasm.go
index 7747d888a..384787ea3 100644
--- a/vendor/golang.org/x/sys/cpu/cpu_wasm.go
+++ b/vendor/golang.org/x/sys/cpu/cpu_wasm.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build wasm
-// +build wasm
 
 package cpu
 
diff --git a/vendor/golang.org/x/sys/cpu/cpu_x86.go b/vendor/golang.org/x/sys/cpu/cpu_x86.go
index 2dcde8285..c29f5e4c5 100644
--- a/vendor/golang.org/x/sys/cpu/cpu_x86.go
+++ b/vendor/golang.org/x/sys/cpu/cpu_x86.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build 386 || amd64 || amd64p32
-// +build 386 amd64 amd64p32
 
 package cpu
 
diff --git a/vendor/golang.org/x/sys/cpu/cpu_x86.s b/vendor/golang.org/x/sys/cpu/cpu_x86.s
index 39acab2ff..7d7ba33ef 100644
--- a/vendor/golang.org/x/sys/cpu/cpu_x86.s
+++ b/vendor/golang.org/x/sys/cpu/cpu_x86.s
@@ -3,8 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build (386 || amd64 || amd64p32) && gc
-// +build 386 amd64 amd64p32
-// +build gc
 
 #include "textflag.h"
 
diff --git a/vendor/golang.org/x/sys/cpu/endian_big.go b/vendor/golang.org/x/sys/cpu/endian_big.go
index 93ce03a34..7fe04b0a1 100644
--- a/vendor/golang.org/x/sys/cpu/endian_big.go
+++ b/vendor/golang.org/x/sys/cpu/endian_big.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build armbe || arm64be || m68k || mips || mips64 || mips64p32 || ppc || ppc64 || s390 || s390x || shbe || sparc || sparc64
-// +build armbe arm64be m68k mips mips64 mips64p32 ppc ppc64 s390 s390x shbe sparc sparc64
 
 package cpu
 
diff --git a/vendor/golang.org/x/sys/cpu/endian_little.go b/vendor/golang.org/x/sys/cpu/endian_little.go
index 55db853ef..48eccc4c7 100644
--- a/vendor/golang.org/x/sys/cpu/endian_little.go
+++ b/vendor/golang.org/x/sys/cpu/endian_little.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build 386 || amd64 || amd64p32 || alpha || arm || arm64 || loong64 || mipsle || mips64le || mips64p32le || nios2 || ppc64le || riscv || riscv64 || sh || wasm
-// +build 386 amd64 amd64p32 alpha arm arm64 loong64 mipsle mips64le mips64p32le nios2 ppc64le riscv riscv64 sh wasm
 
 package cpu
 
diff --git a/vendor/golang.org/x/sys/cpu/proc_cpuinfo_linux.go b/vendor/golang.org/x/sys/cpu/proc_cpuinfo_linux.go
index d87bd6b3e..4cd64c704 100644
--- a/vendor/golang.org/x/sys/cpu/proc_cpuinfo_linux.go
+++ b/vendor/golang.org/x/sys/cpu/proc_cpuinfo_linux.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build linux && arm64
-// +build linux,arm64
 
 package cpu
 
diff --git a/vendor/golang.org/x/sys/cpu/runtime_auxv_go121.go b/vendor/golang.org/x/sys/cpu/runtime_auxv_go121.go
index b975ea2a0..4c9788ea8 100644
--- a/vendor/golang.org/x/sys/cpu/runtime_auxv_go121.go
+++ b/vendor/golang.org/x/sys/cpu/runtime_auxv_go121.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build go1.21
-// +build go1.21
 
 package cpu
 
diff --git a/vendor/golang.org/x/sys/cpu/syscall_aix_gccgo.go b/vendor/golang.org/x/sys/cpu/syscall_aix_gccgo.go
index 96134157a..1b9ccb091 100644
--- a/vendor/golang.org/x/sys/cpu/syscall_aix_gccgo.go
+++ b/vendor/golang.org/x/sys/cpu/syscall_aix_gccgo.go
@@ -9,7 +9,6 @@
 // gccgo's libgo and thus must not used a CGo method.
 
 //go:build aix && gccgo
-// +build aix,gccgo
 
 package cpu
 
diff --git a/vendor/golang.org/x/sys/cpu/syscall_aix_ppc64_gc.go b/vendor/golang.org/x/sys/cpu/syscall_aix_ppc64_gc.go
index 904be42ff..e8b6cdbe9 100644
--- a/vendor/golang.org/x/sys/cpu/syscall_aix_ppc64_gc.go
+++ b/vendor/golang.org/x/sys/cpu/syscall_aix_ppc64_gc.go
@@ -7,7 +7,6 @@
 // (See golang.org/issue/32102)
 
 //go:build aix && ppc64 && gc
-// +build aix,ppc64,gc
 
 package cpu
 
diff --git a/vendor/golang.org/x/sys/execabs/execabs_go118.go b/vendor/golang.org/x/sys/execabs/execabs_go118.go
index 2000064a8..5627d70e3 100644
--- a/vendor/golang.org/x/sys/execabs/execabs_go118.go
+++ b/vendor/golang.org/x/sys/execabs/execabs_go118.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build !go1.19
-// +build !go1.19
 
 package execabs
 
diff --git a/vendor/golang.org/x/sys/execabs/execabs_go119.go b/vendor/golang.org/x/sys/execabs/execabs_go119.go
index f364b3418..d60ab1b41 100644
--- a/vendor/golang.org/x/sys/execabs/execabs_go119.go
+++ b/vendor/golang.org/x/sys/execabs/execabs_go119.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build go1.19
-// +build go1.19
 
 package execabs
 
diff --git a/vendor/golang.org/x/sys/plan9/pwd_go15_plan9.go b/vendor/golang.org/x/sys/plan9/pwd_go15_plan9.go
index c9b69937a..73687de74 100644
--- a/vendor/golang.org/x/sys/plan9/pwd_go15_plan9.go
+++ b/vendor/golang.org/x/sys/plan9/pwd_go15_plan9.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build go1.5
-// +build go1.5
 
 package plan9
 
diff --git a/vendor/golang.org/x/sys/plan9/pwd_plan9.go b/vendor/golang.org/x/sys/plan9/pwd_plan9.go
index 98bf56b73..fb9458218 100644
--- a/vendor/golang.org/x/sys/plan9/pwd_plan9.go
+++ b/vendor/golang.org/x/sys/plan9/pwd_plan9.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build !go1.5
-// +build !go1.5
 
 package plan9
 
diff --git a/vendor/golang.org/x/sys/plan9/race.go b/vendor/golang.org/x/sys/plan9/race.go
index 62377d2ff..c02d9ed33 100644
--- a/vendor/golang.org/x/sys/plan9/race.go
+++ b/vendor/golang.org/x/sys/plan9/race.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build plan9 && race
-// +build plan9,race
 
 package plan9
 
diff --git a/vendor/golang.org/x/sys/plan9/race0.go b/vendor/golang.org/x/sys/plan9/race0.go
index f8da30876..7b15e15f6 100644
--- a/vendor/golang.org/x/sys/plan9/race0.go
+++ b/vendor/golang.org/x/sys/plan9/race0.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build plan9 && !race
-// +build plan9,!race
 
 package plan9
 
diff --git a/vendor/golang.org/x/sys/plan9/str.go b/vendor/golang.org/x/sys/plan9/str.go
index 55fa8d025..ba3e8ff8a 100644
--- a/vendor/golang.org/x/sys/plan9/str.go
+++ b/vendor/golang.org/x/sys/plan9/str.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build plan9
-// +build plan9
 
 package plan9
 
diff --git a/vendor/golang.org/x/sys/plan9/syscall.go b/vendor/golang.org/x/sys/plan9/syscall.go
index 67e5b0115..d631fd664 100644
--- a/vendor/golang.org/x/sys/plan9/syscall.go
+++ b/vendor/golang.org/x/sys/plan9/syscall.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build plan9
-// +build plan9
 
 // Package plan9 contains an interface to the low-level operating system
 // primitives. OS details vary depending on the underlying system, and
diff --git a/vendor/golang.org/x/sys/plan9/zsyscall_plan9_386.go b/vendor/golang.org/x/sys/plan9/zsyscall_plan9_386.go
index 3f40b9bd7..f780d5c80 100644
--- a/vendor/golang.org/x/sys/plan9/zsyscall_plan9_386.go
+++ b/vendor/golang.org/x/sys/plan9/zsyscall_plan9_386.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build plan9 && 386
-// +build plan9,386
 
 package plan9
 
diff --git a/vendor/golang.org/x/sys/plan9/zsyscall_plan9_amd64.go b/vendor/golang.org/x/sys/plan9/zsyscall_plan9_amd64.go
index 0e6a96aa4..7de61065f 100644
--- a/vendor/golang.org/x/sys/plan9/zsyscall_plan9_amd64.go
+++ b/vendor/golang.org/x/sys/plan9/zsyscall_plan9_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build plan9 && amd64
-// +build plan9,amd64
 
 package plan9
 
diff --git a/vendor/golang.org/x/sys/plan9/zsyscall_plan9_arm.go b/vendor/golang.org/x/sys/plan9/zsyscall_plan9_arm.go
index 244c501b7..ea85780f0 100644
--- a/vendor/golang.org/x/sys/plan9/zsyscall_plan9_arm.go
+++ b/vendor/golang.org/x/sys/plan9/zsyscall_plan9_arm.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build plan9 && arm
-// +build plan9,arm
 
 package plan9
 
diff --git a/vendor/golang.org/x/sys/unix/aliases.go b/vendor/golang.org/x/sys/unix/aliases.go
index abc89c104..e7d3df4bd 100644
--- a/vendor/golang.org/x/sys/unix/aliases.go
+++ b/vendor/golang.org/x/sys/unix/aliases.go
@@ -3,8 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build (aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos) && go1.9
-// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris zos
-// +build go1.9
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/asm_aix_ppc64.s b/vendor/golang.org/x/sys/unix/asm_aix_ppc64.s
index db9171c2e..269e173ca 100644
--- a/vendor/golang.org/x/sys/unix/asm_aix_ppc64.s
+++ b/vendor/golang.org/x/sys/unix/asm_aix_ppc64.s
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build gc
-// +build gc
 
 #include "textflag.h"
 
diff --git a/vendor/golang.org/x/sys/unix/asm_bsd_386.s b/vendor/golang.org/x/sys/unix/asm_bsd_386.s
index e0fcd9b3d..a4fcef0e0 100644
--- a/vendor/golang.org/x/sys/unix/asm_bsd_386.s
+++ b/vendor/golang.org/x/sys/unix/asm_bsd_386.s
@@ -3,8 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build (freebsd || netbsd || openbsd) && gc
-// +build freebsd netbsd openbsd
-// +build gc
 
 #include "textflag.h"
 
diff --git a/vendor/golang.org/x/sys/unix/asm_bsd_amd64.s b/vendor/golang.org/x/sys/unix/asm_bsd_amd64.s
index 2b99c349a..1e63615c5 100644
--- a/vendor/golang.org/x/sys/unix/asm_bsd_amd64.s
+++ b/vendor/golang.org/x/sys/unix/asm_bsd_amd64.s
@@ -3,8 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build (darwin || dragonfly || freebsd || netbsd || openbsd) && gc
-// +build darwin dragonfly freebsd netbsd openbsd
-// +build gc
 
 #include "textflag.h"
 
diff --git a/vendor/golang.org/x/sys/unix/asm_bsd_arm.s b/vendor/golang.org/x/sys/unix/asm_bsd_arm.s
index d702d4adc..6496c3100 100644
--- a/vendor/golang.org/x/sys/unix/asm_bsd_arm.s
+++ b/vendor/golang.org/x/sys/unix/asm_bsd_arm.s
@@ -3,8 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build (freebsd || netbsd || openbsd) && gc
-// +build freebsd netbsd openbsd
-// +build gc
 
 #include "textflag.h"
 
diff --git a/vendor/golang.org/x/sys/unix/asm_bsd_arm64.s b/vendor/golang.org/x/sys/unix/asm_bsd_arm64.s
index fe36a7391..4fd1f54da 100644
--- a/vendor/golang.org/x/sys/unix/asm_bsd_arm64.s
+++ b/vendor/golang.org/x/sys/unix/asm_bsd_arm64.s
@@ -3,8 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build (darwin || freebsd || netbsd || openbsd) && gc
-// +build darwin freebsd netbsd openbsd
-// +build gc
 
 #include "textflag.h"
 
diff --git a/vendor/golang.org/x/sys/unix/asm_bsd_ppc64.s b/vendor/golang.org/x/sys/unix/asm_bsd_ppc64.s
index e5b9a8489..42f7eb9e4 100644
--- a/vendor/golang.org/x/sys/unix/asm_bsd_ppc64.s
+++ b/vendor/golang.org/x/sys/unix/asm_bsd_ppc64.s
@@ -3,8 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build (darwin || freebsd || netbsd || openbsd) && gc
-// +build darwin freebsd netbsd openbsd
-// +build gc
 
 #include "textflag.h"
 
diff --git a/vendor/golang.org/x/sys/unix/asm_bsd_riscv64.s b/vendor/golang.org/x/sys/unix/asm_bsd_riscv64.s
index d560019ea..f8902667e 100644
--- a/vendor/golang.org/x/sys/unix/asm_bsd_riscv64.s
+++ b/vendor/golang.org/x/sys/unix/asm_bsd_riscv64.s
@@ -3,8 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build (darwin || freebsd || netbsd || openbsd) && gc
-// +build darwin freebsd netbsd openbsd
-// +build gc
 
 #include "textflag.h"
 
diff --git a/vendor/golang.org/x/sys/unix/asm_linux_386.s b/vendor/golang.org/x/sys/unix/asm_linux_386.s
index 8fd101d07..3b4734870 100644
--- a/vendor/golang.org/x/sys/unix/asm_linux_386.s
+++ b/vendor/golang.org/x/sys/unix/asm_linux_386.s
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build gc
-// +build gc
 
 #include "textflag.h"
 
diff --git a/vendor/golang.org/x/sys/unix/asm_linux_amd64.s b/vendor/golang.org/x/sys/unix/asm_linux_amd64.s
index 7ed38e43c..67e29f317 100644
--- a/vendor/golang.org/x/sys/unix/asm_linux_amd64.s
+++ b/vendor/golang.org/x/sys/unix/asm_linux_amd64.s
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build gc
-// +build gc
 
 #include "textflag.h"
 
diff --git a/vendor/golang.org/x/sys/unix/asm_linux_arm.s b/vendor/golang.org/x/sys/unix/asm_linux_arm.s
index 8ef1d5140..d6ae269ce 100644
--- a/vendor/golang.org/x/sys/unix/asm_linux_arm.s
+++ b/vendor/golang.org/x/sys/unix/asm_linux_arm.s
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build gc
-// +build gc
 
 #include "textflag.h"
 
diff --git a/vendor/golang.org/x/sys/unix/asm_linux_arm64.s b/vendor/golang.org/x/sys/unix/asm_linux_arm64.s
index 98ae02760..01e5e253c 100644
--- a/vendor/golang.org/x/sys/unix/asm_linux_arm64.s
+++ b/vendor/golang.org/x/sys/unix/asm_linux_arm64.s
@@ -3,9 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build linux && arm64 && gc
-// +build linux
-// +build arm64
-// +build gc
 
 #include "textflag.h"
 
diff --git a/vendor/golang.org/x/sys/unix/asm_linux_loong64.s b/vendor/golang.org/x/sys/unix/asm_linux_loong64.s
index 565357288..2abf12f6e 100644
--- a/vendor/golang.org/x/sys/unix/asm_linux_loong64.s
+++ b/vendor/golang.org/x/sys/unix/asm_linux_loong64.s
@@ -3,9 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build linux && loong64 && gc
-// +build linux
-// +build loong64
-// +build gc
 
 #include "textflag.h"
 
diff --git a/vendor/golang.org/x/sys/unix/asm_linux_mips64x.s b/vendor/golang.org/x/sys/unix/asm_linux_mips64x.s
index 21231d2ce..f84bae712 100644
--- a/vendor/golang.org/x/sys/unix/asm_linux_mips64x.s
+++ b/vendor/golang.org/x/sys/unix/asm_linux_mips64x.s
@@ -3,9 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build linux && (mips64 || mips64le) && gc
-// +build linux
-// +build mips64 mips64le
-// +build gc
 
 #include "textflag.h"
 
diff --git a/vendor/golang.org/x/sys/unix/asm_linux_mipsx.s b/vendor/golang.org/x/sys/unix/asm_linux_mipsx.s
index 6783b26c6..f08f62807 100644
--- a/vendor/golang.org/x/sys/unix/asm_linux_mipsx.s
+++ b/vendor/golang.org/x/sys/unix/asm_linux_mipsx.s
@@ -3,9 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build linux && (mips || mipsle) && gc
-// +build linux
-// +build mips mipsle
-// +build gc
 
 #include "textflag.h"
 
diff --git a/vendor/golang.org/x/sys/unix/asm_linux_ppc64x.s b/vendor/golang.org/x/sys/unix/asm_linux_ppc64x.s
index 19d498934..bdfc024d2 100644
--- a/vendor/golang.org/x/sys/unix/asm_linux_ppc64x.s
+++ b/vendor/golang.org/x/sys/unix/asm_linux_ppc64x.s
@@ -3,9 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build linux && (ppc64 || ppc64le) && gc
-// +build linux
-// +build ppc64 ppc64le
-// +build gc
 
 #include "textflag.h"
 
diff --git a/vendor/golang.org/x/sys/unix/asm_linux_riscv64.s b/vendor/golang.org/x/sys/unix/asm_linux_riscv64.s
index e42eb81d5..2e8c99612 100644
--- a/vendor/golang.org/x/sys/unix/asm_linux_riscv64.s
+++ b/vendor/golang.org/x/sys/unix/asm_linux_riscv64.s
@@ -3,8 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build riscv64 && gc
-// +build riscv64
-// +build gc
 
 #include "textflag.h"
 
diff --git a/vendor/golang.org/x/sys/unix/asm_linux_s390x.s b/vendor/golang.org/x/sys/unix/asm_linux_s390x.s
index c46aab339..2c394b11e 100644
--- a/vendor/golang.org/x/sys/unix/asm_linux_s390x.s
+++ b/vendor/golang.org/x/sys/unix/asm_linux_s390x.s
@@ -3,9 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build linux && s390x && gc
-// +build linux
-// +build s390x
-// +build gc
 
 #include "textflag.h"
 
diff --git a/vendor/golang.org/x/sys/unix/asm_openbsd_mips64.s b/vendor/golang.org/x/sys/unix/asm_openbsd_mips64.s
index 5e7a1169c..fab586a2c 100644
--- a/vendor/golang.org/x/sys/unix/asm_openbsd_mips64.s
+++ b/vendor/golang.org/x/sys/unix/asm_openbsd_mips64.s
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build gc
-// +build gc
 
 #include "textflag.h"
 
diff --git a/vendor/golang.org/x/sys/unix/asm_solaris_amd64.s b/vendor/golang.org/x/sys/unix/asm_solaris_amd64.s
index f8c5394c1..f949ec547 100644
--- a/vendor/golang.org/x/sys/unix/asm_solaris_amd64.s
+++ b/vendor/golang.org/x/sys/unix/asm_solaris_amd64.s
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build gc
-// +build gc
 
 #include "textflag.h"
 
diff --git a/vendor/golang.org/x/sys/unix/asm_zos_s390x.s b/vendor/golang.org/x/sys/unix/asm_zos_s390x.s
index 3b54e1858..2f67ba86d 100644
--- a/vendor/golang.org/x/sys/unix/asm_zos_s390x.s
+++ b/vendor/golang.org/x/sys/unix/asm_zos_s390x.s
@@ -3,9 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build zos && s390x && gc
-// +build zos
-// +build s390x
-// +build gc
 
 #include "textflag.h"
 
diff --git a/vendor/golang.org/x/sys/unix/cap_freebsd.go b/vendor/golang.org/x/sys/unix/cap_freebsd.go
index 0b7c6adb8..a08657890 100644
--- a/vendor/golang.org/x/sys/unix/cap_freebsd.go
+++ b/vendor/golang.org/x/sys/unix/cap_freebsd.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build freebsd
-// +build freebsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/constants.go b/vendor/golang.org/x/sys/unix/constants.go
index 394a3965b..6fb7cb77d 100644
--- a/vendor/golang.org/x/sys/unix/constants.go
+++ b/vendor/golang.org/x/sys/unix/constants.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos
-// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris zos
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/dev_aix_ppc.go b/vendor/golang.org/x/sys/unix/dev_aix_ppc.go
index 65a998508..d78513461 100644
--- a/vendor/golang.org/x/sys/unix/dev_aix_ppc.go
+++ b/vendor/golang.org/x/sys/unix/dev_aix_ppc.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build aix && ppc
-// +build aix,ppc
 
 // Functions to access/create device major and minor numbers matching the
 // encoding used by AIX.
diff --git a/vendor/golang.org/x/sys/unix/dev_aix_ppc64.go b/vendor/golang.org/x/sys/unix/dev_aix_ppc64.go
index 8fc08ad0a..623a5e697 100644
--- a/vendor/golang.org/x/sys/unix/dev_aix_ppc64.go
+++ b/vendor/golang.org/x/sys/unix/dev_aix_ppc64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build aix && ppc64
-// +build aix,ppc64
 
 // Functions to access/create device major and minor numbers matching the
 // encoding used AIX.
diff --git a/vendor/golang.org/x/sys/unix/dev_zos.go b/vendor/golang.org/x/sys/unix/dev_zos.go
index a388e59a0..bb6a64fe9 100644
--- a/vendor/golang.org/x/sys/unix/dev_zos.go
+++ b/vendor/golang.org/x/sys/unix/dev_zos.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build zos && s390x
-// +build zos,s390x
 
 // Functions to access/create device major and minor numbers matching the
 // encoding used by z/OS.
diff --git a/vendor/golang.org/x/sys/unix/dirent.go b/vendor/golang.org/x/sys/unix/dirent.go
index 2499f977b..1ebf11782 100644
--- a/vendor/golang.org/x/sys/unix/dirent.go
+++ b/vendor/golang.org/x/sys/unix/dirent.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos
-// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris zos
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/endian_big.go b/vendor/golang.org/x/sys/unix/endian_big.go
index a52026557..1095fd31d 100644
--- a/vendor/golang.org/x/sys/unix/endian_big.go
+++ b/vendor/golang.org/x/sys/unix/endian_big.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 //
 //go:build armbe || arm64be || m68k || mips || mips64 || mips64p32 || ppc || ppc64 || s390 || s390x || shbe || sparc || sparc64
-// +build armbe arm64be m68k mips mips64 mips64p32 ppc ppc64 s390 s390x shbe sparc sparc64
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/endian_little.go b/vendor/golang.org/x/sys/unix/endian_little.go
index b0f2bc4ae..b9f0e277b 100644
--- a/vendor/golang.org/x/sys/unix/endian_little.go
+++ b/vendor/golang.org/x/sys/unix/endian_little.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 //
 //go:build 386 || amd64 || amd64p32 || alpha || arm || arm64 || loong64 || mipsle || mips64le || mips64p32le || nios2 || ppc64le || riscv || riscv64 || sh
-// +build 386 amd64 amd64p32 alpha arm arm64 loong64 mipsle mips64le mips64p32le nios2 ppc64le riscv riscv64 sh
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/env_unix.go b/vendor/golang.org/x/sys/unix/env_unix.go
index 29ccc4d13..a96da71f4 100644
--- a/vendor/golang.org/x/sys/unix/env_unix.go
+++ b/vendor/golang.org/x/sys/unix/env_unix.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos
-// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris zos
 
 // Unix environment variables.
 
diff --git a/vendor/golang.org/x/sys/unix/epoll_zos.go b/vendor/golang.org/x/sys/unix/epoll_zos.go
index cedaf7e02..7753fddea 100644
--- a/vendor/golang.org/x/sys/unix/epoll_zos.go
+++ b/vendor/golang.org/x/sys/unix/epoll_zos.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build zos && s390x
-// +build zos,s390x
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/fcntl.go b/vendor/golang.org/x/sys/unix/fcntl.go
index e9b991258..58c6bfc70 100644
--- a/vendor/golang.org/x/sys/unix/fcntl.go
+++ b/vendor/golang.org/x/sys/unix/fcntl.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build dragonfly || freebsd || linux || netbsd || openbsd
-// +build dragonfly freebsd linux netbsd openbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/fcntl_linux_32bit.go b/vendor/golang.org/x/sys/unix/fcntl_linux_32bit.go
index 29d44808b..13b4acd5c 100644
--- a/vendor/golang.org/x/sys/unix/fcntl_linux_32bit.go
+++ b/vendor/golang.org/x/sys/unix/fcntl_linux_32bit.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build (linux && 386) || (linux && arm) || (linux && mips) || (linux && mipsle) || (linux && ppc)
-// +build linux,386 linux,arm linux,mips linux,mipsle linux,ppc
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/fdset.go b/vendor/golang.org/x/sys/unix/fdset.go
index a8068f94f..9e83d18cd 100644
--- a/vendor/golang.org/x/sys/unix/fdset.go
+++ b/vendor/golang.org/x/sys/unix/fdset.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos
-// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris zos
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/fstatfs_zos.go b/vendor/golang.org/x/sys/unix/fstatfs_zos.go
index e377cc9f4..c8bde601e 100644
--- a/vendor/golang.org/x/sys/unix/fstatfs_zos.go
+++ b/vendor/golang.org/x/sys/unix/fstatfs_zos.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build zos && s390x
-// +build zos,s390x
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/gccgo.go b/vendor/golang.org/x/sys/unix/gccgo.go
index b06f52d74..aca5721dd 100644
--- a/vendor/golang.org/x/sys/unix/gccgo.go
+++ b/vendor/golang.org/x/sys/unix/gccgo.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build gccgo && !aix && !hurd
-// +build gccgo,!aix,!hurd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/gccgo_c.c b/vendor/golang.org/x/sys/unix/gccgo_c.c
index f98a1c542..d468b7b47 100644
--- a/vendor/golang.org/x/sys/unix/gccgo_c.c
+++ b/vendor/golang.org/x/sys/unix/gccgo_c.c
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build gccgo && !aix && !hurd
-// +build gccgo,!aix,!hurd
 
 #include <errno.h>
 #include <stdint.h>
diff --git a/vendor/golang.org/x/sys/unix/gccgo_linux_amd64.go b/vendor/golang.org/x/sys/unix/gccgo_linux_amd64.go
index e60e49a3d..972d61bd7 100644
--- a/vendor/golang.org/x/sys/unix/gccgo_linux_amd64.go
+++ b/vendor/golang.org/x/sys/unix/gccgo_linux_amd64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build gccgo && linux && amd64
-// +build gccgo,linux,amd64
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ifreq_linux.go b/vendor/golang.org/x/sys/unix/ifreq_linux.go
index 15721a510..848840ae4 100644
--- a/vendor/golang.org/x/sys/unix/ifreq_linux.go
+++ b/vendor/golang.org/x/sys/unix/ifreq_linux.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build linux
-// +build linux
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ioctl_signed.go b/vendor/golang.org/x/sys/unix/ioctl_signed.go
index 7def9580e..5b0759bd8 100644
--- a/vendor/golang.org/x/sys/unix/ioctl_signed.go
+++ b/vendor/golang.org/x/sys/unix/ioctl_signed.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build aix || solaris
-// +build aix solaris
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ioctl_unsigned.go b/vendor/golang.org/x/sys/unix/ioctl_unsigned.go
index 649913d1e..20f470b9d 100644
--- a/vendor/golang.org/x/sys/unix/ioctl_unsigned.go
+++ b/vendor/golang.org/x/sys/unix/ioctl_unsigned.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build darwin || dragonfly || freebsd || hurd || linux || netbsd || openbsd
-// +build darwin dragonfly freebsd hurd linux netbsd openbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ioctl_zos.go b/vendor/golang.org/x/sys/unix/ioctl_zos.go
index cdc21bf76..c8b2a750f 100644
--- a/vendor/golang.org/x/sys/unix/ioctl_zos.go
+++ b/vendor/golang.org/x/sys/unix/ioctl_zos.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build zos && s390x
-// +build zos,s390x
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/mkerrors.sh b/vendor/golang.org/x/sys/unix/mkerrors.sh
index 47fa6a7eb..cbe24150a 100644
--- a/vendor/golang.org/x/sys/unix/mkerrors.sh
+++ b/vendor/golang.org/x/sys/unix/mkerrors.sh
@@ -663,7 +663,6 @@ echo '// mkerrors.sh' "$@"
 echo '// Code generated by the command above; see README.md. DO NOT EDIT.'
 echo
 echo "//go:build ${GOARCH} && ${GOOS}"
-echo "// +build ${GOARCH},${GOOS}"
 echo
 go tool cgo -godefs -- "$@" _const.go >_error.out
 cat _error.out | grep -vf _error.grep | grep -vf _signal.grep
diff --git a/vendor/golang.org/x/sys/unix/mmap_nomremap.go b/vendor/golang.org/x/sys/unix/mmap_nomremap.go
index ca0513632..4b68e5978 100644
--- a/vendor/golang.org/x/sys/unix/mmap_nomremap.go
+++ b/vendor/golang.org/x/sys/unix/mmap_nomremap.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build aix || darwin || dragonfly || freebsd || openbsd || solaris
-// +build aix darwin dragonfly freebsd openbsd solaris
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/mremap.go b/vendor/golang.org/x/sys/unix/mremap.go
index fa93d0aa9..fd45fe529 100644
--- a/vendor/golang.org/x/sys/unix/mremap.go
+++ b/vendor/golang.org/x/sys/unix/mremap.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build linux || netbsd
-// +build linux netbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/pagesize_unix.go b/vendor/golang.org/x/sys/unix/pagesize_unix.go
index 53f1b4c5b..4d0a3430e 100644
--- a/vendor/golang.org/x/sys/unix/pagesize_unix.go
+++ b/vendor/golang.org/x/sys/unix/pagesize_unix.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris
-// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris
 
 // For Unix, get the pagesize from the runtime.
 
diff --git a/vendor/golang.org/x/sys/unix/pledge_openbsd.go b/vendor/golang.org/x/sys/unix/pledge_openbsd.go
index eb48294b2..6a09af53e 100644
--- a/vendor/golang.org/x/sys/unix/pledge_openbsd.go
+++ b/vendor/golang.org/x/sys/unix/pledge_openbsd.go
@@ -8,54 +8,31 @@ import (
 	"errors"
 	"fmt"
 	"strconv"
-	"syscall"
-	"unsafe"
 )
 
 // Pledge implements the pledge syscall.
 //
-// The pledge syscall does not accept execpromises on OpenBSD releases
-// before 6.3.
-//
-// execpromises must be empty when Pledge is called on OpenBSD
-// releases predating 6.3, otherwise an error will be returned.
+// This changes both the promises and execpromises; use PledgePromises or
+// PledgeExecpromises to only change the promises or execpromises
+// respectively.
 //
 // For more information see pledge(2).
 func Pledge(promises, execpromises string) error {
-	maj, min, err := majmin()
-	if err != nil {
+	if err := pledgeAvailable(); err != nil {
 		return err
 	}
 
-	err = pledgeAvailable(maj, min, execpromises)
+	pptr, err := BytePtrFromString(promises)
 	if err != nil {
 		return err
 	}
 
-	pptr, err := syscall.BytePtrFromString(promises)
+	exptr, err := BytePtrFromString(execpromises)
 	if err != nil {
 		return err
 	}
 
-	// This variable will hold either a nil unsafe.Pointer or
-	// an unsafe.Pointer to a string (execpromises).
-	var expr unsafe.Pointer
-
-	// If we're running on OpenBSD > 6.2, pass execpromises to the syscall.
-	if maj > 6 || (maj == 6 && min > 2) {
-		exptr, err := syscall.BytePtrFromString(execpromises)
-		if err != nil {
-			return err
-		}
-		expr = unsafe.Pointer(exptr)
-	}
-
-	_, _, e := syscall.Syscall(SYS_PLEDGE, uintptr(unsafe.Pointer(pptr)), uintptr(expr), 0)
-	if e != 0 {
-		return e
-	}
-
-	return nil
+	return pledge(pptr, exptr)
 }
 
 // PledgePromises implements the pledge syscall.
@@ -64,30 +41,16 @@ func Pledge(promises, execpromises string) error {
 //
 // For more information see pledge(2).
 func PledgePromises(promises string) error {
-	maj, min, err := majmin()
-	if err != nil {
-		return err
-	}
-
-	err = pledgeAvailable(maj, min, "")
-	if err != nil {
+	if err := pledgeAvailable(); err != nil {
 		return err
 	}
 
-	// This variable holds the execpromises and is always nil.
-	var expr unsafe.Pointer
-
-	pptr, err := syscall.BytePtrFromString(promises)
+	pptr, err := BytePtrFromString(promises)
 	if err != nil {
 		return err
 	}
 
-	_, _, e := syscall.Syscall(SYS_PLEDGE, uintptr(unsafe.Pointer(pptr)), uintptr(expr), 0)
-	if e != 0 {
-		return e
-	}
-
-	return nil
+	return pledge(pptr, nil)
 }
 
 // PledgeExecpromises implements the pledge syscall.
@@ -96,30 +59,16 @@ func PledgePromises(promises string) error {
 //
 // For more information see pledge(2).
 func PledgeExecpromises(execpromises string) error {
-	maj, min, err := majmin()
-	if err != nil {
+	if err := pledgeAvailable(); err != nil {
 		return err
 	}
 
-	err = pledgeAvailable(maj, min, execpromises)
+	exptr, err := BytePtrFromString(execpromises)
 	if err != nil {
 		return err
 	}
 
-	// This variable holds the promises and is always nil.
-	var pptr unsafe.Pointer
-
-	exptr, err := syscall.BytePtrFromString(execpromises)
-	if err != nil {
-		return err
-	}
-
-	_, _, e := syscall.Syscall(SYS_PLEDGE, uintptr(pptr), uintptr(unsafe.Pointer(exptr)), 0)
-	if e != 0 {
-		return e
-	}
-
-	return nil
+	return pledge(nil, exptr)
 }
 
 // majmin returns major and minor version number for an OpenBSD system.
@@ -147,16 +96,15 @@ func majmin() (major int, minor int, err error) {
 
 // pledgeAvailable checks for availability of the pledge(2) syscall
 // based on the running OpenBSD version.
-func pledgeAvailable(maj, min int, execpromises string) error {
-	// If OpenBSD <= 5.9, pledge is not available.
-	if (maj == 5 && min != 9) || maj < 5 {
-		return fmt.Errorf("pledge syscall is not available on OpenBSD %d.%d", maj, min)
+func pledgeAvailable() error {
+	maj, min, err := majmin()
+	if err != nil {
+		return err
 	}
 
-	// If OpenBSD <= 6.2 and execpromises is not empty,
-	// return an error - execpromises is not available before 6.3
-	if (maj < 6 || (maj == 6 && min <= 2)) && execpromises != "" {
-		return fmt.Errorf("cannot use execpromises on OpenBSD %d.%d", maj, min)
+	// Require OpenBSD 6.4 as a minimum.
+	if maj < 6 || (maj == 6 && min <= 3) {
+		return fmt.Errorf("cannot call Pledge on OpenBSD %d.%d", maj, min)
 	}
 
 	return nil
diff --git a/vendor/golang.org/x/sys/unix/ptrace_darwin.go b/vendor/golang.org/x/sys/unix/ptrace_darwin.go
index 463c3eff7..3f0975f3d 100644
--- a/vendor/golang.org/x/sys/unix/ptrace_darwin.go
+++ b/vendor/golang.org/x/sys/unix/ptrace_darwin.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build darwin && !ios
-// +build darwin,!ios
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ptrace_ios.go b/vendor/golang.org/x/sys/unix/ptrace_ios.go
index ed0509a01..a4d35db5d 100644
--- a/vendor/golang.org/x/sys/unix/ptrace_ios.go
+++ b/vendor/golang.org/x/sys/unix/ptrace_ios.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build ios
-// +build ios
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/race.go b/vendor/golang.org/x/sys/unix/race.go
index 6f6c5fec5..714d2aae7 100644
--- a/vendor/golang.org/x/sys/unix/race.go
+++ b/vendor/golang.org/x/sys/unix/race.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build (darwin && race) || (linux && race) || (freebsd && race)
-// +build darwin,race linux,race freebsd,race
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/race0.go b/vendor/golang.org/x/sys/unix/race0.go
index 706e1322a..4a9f6634c 100644
--- a/vendor/golang.org/x/sys/unix/race0.go
+++ b/vendor/golang.org/x/sys/unix/race0.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build aix || (darwin && !race) || (linux && !race) || (freebsd && !race) || netbsd || openbsd || solaris || dragonfly || zos
-// +build aix darwin,!race linux,!race freebsd,!race netbsd openbsd solaris dragonfly zos
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/readdirent_getdents.go b/vendor/golang.org/x/sys/unix/readdirent_getdents.go
index 4d6257569..dbd2b6ccb 100644
--- a/vendor/golang.org/x/sys/unix/readdirent_getdents.go
+++ b/vendor/golang.org/x/sys/unix/readdirent_getdents.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build aix || dragonfly || freebsd || linux || netbsd || openbsd
-// +build aix dragonfly freebsd linux netbsd openbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/readdirent_getdirentries.go b/vendor/golang.org/x/sys/unix/readdirent_getdirentries.go
index 2a4ba47c4..130398b6b 100644
--- a/vendor/golang.org/x/sys/unix/readdirent_getdirentries.go
+++ b/vendor/golang.org/x/sys/unix/readdirent_getdirentries.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build darwin
-// +build darwin
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/sockcmsg_unix.go b/vendor/golang.org/x/sys/unix/sockcmsg_unix.go
index 3865943f6..c3a62dbb1 100644
--- a/vendor/golang.org/x/sys/unix/sockcmsg_unix.go
+++ b/vendor/golang.org/x/sys/unix/sockcmsg_unix.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos
-// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris zos
 
 // Socket control messages
 
diff --git a/vendor/golang.org/x/sys/unix/sockcmsg_unix_other.go b/vendor/golang.org/x/sys/unix/sockcmsg_unix_other.go
index 0840fe4a5..4a1eab37e 100644
--- a/vendor/golang.org/x/sys/unix/sockcmsg_unix_other.go
+++ b/vendor/golang.org/x/sys/unix/sockcmsg_unix_other.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build aix || darwin || freebsd || linux || netbsd || openbsd || solaris || zos
-// +build aix darwin freebsd linux netbsd openbsd solaris zos
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall.go b/vendor/golang.org/x/sys/unix/syscall.go
index 63e8c8383..5ea74da98 100644
--- a/vendor/golang.org/x/sys/unix/syscall.go
+++ b/vendor/golang.org/x/sys/unix/syscall.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos
-// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris zos
 
 // Package unix contains an interface to the low-level operating system
 // primitives. OS details vary depending on the underlying system, and
diff --git a/vendor/golang.org/x/sys/unix/syscall_aix.go b/vendor/golang.org/x/sys/unix/syscall_aix.go
index e94e6cdac..67ce6cef2 100644
--- a/vendor/golang.org/x/sys/unix/syscall_aix.go
+++ b/vendor/golang.org/x/sys/unix/syscall_aix.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build aix
-// +build aix
 
 // Aix system calls.
 // This file is compiled as ordinary Go code,
@@ -107,7 +106,8 @@ func (sa *SockaddrUnix) sockaddr() (unsafe.Pointer, _Socklen, error) {
 	if n > 0 {
 		sl += _Socklen(n) + 1
 	}
-	if sa.raw.Path[0] == '@' {
+	if sa.raw.Path[0] == '@' || (sa.raw.Path[0] == 0 && sl > 3) {
+		// Check sl > 3 so we don't change unnamed socket behavior.
 		sa.raw.Path[0] = 0
 		// Don't count trailing NUL for abstract address.
 		sl--
diff --git a/vendor/golang.org/x/sys/unix/syscall_aix_ppc.go b/vendor/golang.org/x/sys/unix/syscall_aix_ppc.go
index f2871fa95..1fdaa4760 100644
--- a/vendor/golang.org/x/sys/unix/syscall_aix_ppc.go
+++ b/vendor/golang.org/x/sys/unix/syscall_aix_ppc.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build aix && ppc
-// +build aix,ppc
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_aix_ppc64.go b/vendor/golang.org/x/sys/unix/syscall_aix_ppc64.go
index 75718ec0f..c87f9a9f4 100644
--- a/vendor/golang.org/x/sys/unix/syscall_aix_ppc64.go
+++ b/vendor/golang.org/x/sys/unix/syscall_aix_ppc64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build aix && ppc64
-// +build aix,ppc64
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_bsd.go b/vendor/golang.org/x/sys/unix/syscall_bsd.go
index 4217de518..6f328e3a5 100644
--- a/vendor/golang.org/x/sys/unix/syscall_bsd.go
+++ b/vendor/golang.org/x/sys/unix/syscall_bsd.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build darwin || dragonfly || freebsd || netbsd || openbsd
-// +build darwin dragonfly freebsd netbsd openbsd
 
 // BSD system call wrappers shared by *BSD based systems
 // including OS X (Darwin) and FreeBSD.  Like the other
diff --git a/vendor/golang.org/x/sys/unix/syscall_darwin_amd64.go b/vendor/golang.org/x/sys/unix/syscall_darwin_amd64.go
index b37310ce9..0eaecf5fc 100644
--- a/vendor/golang.org/x/sys/unix/syscall_darwin_amd64.go
+++ b/vendor/golang.org/x/sys/unix/syscall_darwin_amd64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build amd64 && darwin
-// +build amd64,darwin
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_darwin_arm64.go b/vendor/golang.org/x/sys/unix/syscall_darwin_arm64.go
index d51ec9963..f36c6707c 100644
--- a/vendor/golang.org/x/sys/unix/syscall_darwin_arm64.go
+++ b/vendor/golang.org/x/sys/unix/syscall_darwin_arm64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build arm64 && darwin
-// +build arm64,darwin
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_darwin_libSystem.go b/vendor/golang.org/x/sys/unix/syscall_darwin_libSystem.go
index 53c96641f..16dc69937 100644
--- a/vendor/golang.org/x/sys/unix/syscall_darwin_libSystem.go
+++ b/vendor/golang.org/x/sys/unix/syscall_darwin_libSystem.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build darwin && go1.12
-// +build darwin,go1.12
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_dragonfly_amd64.go b/vendor/golang.org/x/sys/unix/syscall_dragonfly_amd64.go
index 4e2d32120..14bab6b2d 100644
--- a/vendor/golang.org/x/sys/unix/syscall_dragonfly_amd64.go
+++ b/vendor/golang.org/x/sys/unix/syscall_dragonfly_amd64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build amd64 && dragonfly
-// +build amd64,dragonfly
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_freebsd_386.go b/vendor/golang.org/x/sys/unix/syscall_freebsd_386.go
index b8da51004..3967bca77 100644
--- a/vendor/golang.org/x/sys/unix/syscall_freebsd_386.go
+++ b/vendor/golang.org/x/sys/unix/syscall_freebsd_386.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build 386 && freebsd
-// +build 386,freebsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_freebsd_amd64.go b/vendor/golang.org/x/sys/unix/syscall_freebsd_amd64.go
index 47155c483..eff19ada2 100644
--- a/vendor/golang.org/x/sys/unix/syscall_freebsd_amd64.go
+++ b/vendor/golang.org/x/sys/unix/syscall_freebsd_amd64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build amd64 && freebsd
-// +build amd64,freebsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_freebsd_arm.go b/vendor/golang.org/x/sys/unix/syscall_freebsd_arm.go
index 08932093f..4f24b517a 100644
--- a/vendor/golang.org/x/sys/unix/syscall_freebsd_arm.go
+++ b/vendor/golang.org/x/sys/unix/syscall_freebsd_arm.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build arm && freebsd
-// +build arm,freebsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_freebsd_arm64.go b/vendor/golang.org/x/sys/unix/syscall_freebsd_arm64.go
index d151a0d0e..ac30759ec 100644
--- a/vendor/golang.org/x/sys/unix/syscall_freebsd_arm64.go
+++ b/vendor/golang.org/x/sys/unix/syscall_freebsd_arm64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build arm64 && freebsd
-// +build arm64,freebsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_freebsd_riscv64.go b/vendor/golang.org/x/sys/unix/syscall_freebsd_riscv64.go
index d5cd64b37..aab725ca7 100644
--- a/vendor/golang.org/x/sys/unix/syscall_freebsd_riscv64.go
+++ b/vendor/golang.org/x/sys/unix/syscall_freebsd_riscv64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build riscv64 && freebsd
-// +build riscv64,freebsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_hurd.go b/vendor/golang.org/x/sys/unix/syscall_hurd.go
index 381fd4673..ba46651f8 100644
--- a/vendor/golang.org/x/sys/unix/syscall_hurd.go
+++ b/vendor/golang.org/x/sys/unix/syscall_hurd.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build hurd
-// +build hurd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_hurd_386.go b/vendor/golang.org/x/sys/unix/syscall_hurd_386.go
index 7cf54a3e4..df89f9e6b 100644
--- a/vendor/golang.org/x/sys/unix/syscall_hurd_386.go
+++ b/vendor/golang.org/x/sys/unix/syscall_hurd_386.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build 386 && hurd
-// +build 386,hurd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_illumos.go b/vendor/golang.org/x/sys/unix/syscall_illumos.go
index 87db5a6a8..a863f7052 100644
--- a/vendor/golang.org/x/sys/unix/syscall_illumos.go
+++ b/vendor/golang.org/x/sys/unix/syscall_illumos.go
@@ -5,7 +5,6 @@
 // illumos system calls not present on Solaris.
 
 //go:build amd64 && illumos
-// +build amd64,illumos
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux.go b/vendor/golang.org/x/sys/unix/syscall_linux.go
index fb4e50224..a5e1c10e3 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux.go
@@ -417,7 +417,8 @@ func (sa *SockaddrUnix) sockaddr() (unsafe.Pointer, _Socklen, error) {
 	if n > 0 {
 		sl += _Socklen(n) + 1
 	}
-	if sa.raw.Path[0] == '@' {
+	if sa.raw.Path[0] == '@' || (sa.raw.Path[0] == 0 && sl > 3) {
+		// Check sl > 3 so we don't change unnamed socket behavior.
 		sa.raw.Path[0] = 0
 		// Don't count trailing NUL for abstract address.
 		sl--
@@ -2482,3 +2483,5 @@ func SchedGetAttr(pid int, flags uint) (*SchedAttr, error) {
 	}
 	return attr, nil
 }
+
+//sys	Cachestat(fd uint, crange *CachestatRange, cstat *Cachestat_t, flags uint) (err error)
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_386.go b/vendor/golang.org/x/sys/unix/syscall_linux_386.go
index c7d9945ea..506dafa7b 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux_386.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_386.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build 386 && linux
-// +build 386,linux
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_alarm.go b/vendor/golang.org/x/sys/unix/syscall_linux_alarm.go
index 08086ac6a..38d55641b 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux_alarm.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_alarm.go
@@ -3,8 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build linux && (386 || amd64 || mips || mipsle || mips64 || mipsle || ppc64 || ppc64le || ppc || s390x || sparc64)
-// +build linux
-// +build 386 amd64 mips mipsle mips64 mipsle ppc64 ppc64le ppc s390x sparc64
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_amd64.go b/vendor/golang.org/x/sys/unix/syscall_linux_amd64.go
index 70601ce36..d557cf8de 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux_amd64.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_amd64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build amd64 && linux
-// +build amd64,linux
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_amd64_gc.go b/vendor/golang.org/x/sys/unix/syscall_linux_amd64_gc.go
index 8b0f0f3aa..facdb83b2 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux_amd64_gc.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_amd64_gc.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build amd64 && linux && gc
-// +build amd64,linux,gc
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_arm.go b/vendor/golang.org/x/sys/unix/syscall_linux_arm.go
index da2986415..cd2dd797f 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux_arm.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_arm.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build arm && linux
-// +build arm,linux
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_arm64.go b/vendor/golang.org/x/sys/unix/syscall_linux_arm64.go
index f5266689a..cf2ee6c75 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux_arm64.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_arm64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build arm64 && linux
-// +build arm64,linux
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_gc.go b/vendor/golang.org/x/sys/unix/syscall_linux_gc.go
index 2b1168d7d..ffc4c2b63 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux_gc.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_gc.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build linux && gc
-// +build linux,gc
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_gc_386.go b/vendor/golang.org/x/sys/unix/syscall_linux_gc_386.go
index 9843fb489..9ebfdcf44 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux_gc_386.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_gc_386.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build linux && gc && 386
-// +build linux,gc,386
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_gc_arm.go b/vendor/golang.org/x/sys/unix/syscall_linux_gc_arm.go
index a6008fccd..5f2b57c4c 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux_gc_arm.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_gc_arm.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build arm && gc && linux
-// +build arm,gc,linux
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_gccgo_386.go b/vendor/golang.org/x/sys/unix/syscall_linux_gccgo_386.go
index 7740af242..d1a3ad826 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux_gccgo_386.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_gccgo_386.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build linux && gccgo && 386
-// +build linux,gccgo,386
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_gccgo_arm.go b/vendor/golang.org/x/sys/unix/syscall_linux_gccgo_arm.go
index e16a12299..f2f67423e 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux_gccgo_arm.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_gccgo_arm.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build linux && gccgo && arm
-// +build linux,gccgo,arm
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_loong64.go b/vendor/golang.org/x/sys/unix/syscall_linux_loong64.go
index f6ab02ec1..3d0e98451 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux_loong64.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_loong64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build loong64 && linux
-// +build loong64,linux
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_mips64x.go b/vendor/golang.org/x/sys/unix/syscall_linux_mips64x.go
index 93fe59d25..70963a95a 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux_mips64x.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_mips64x.go
@@ -3,8 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build linux && (mips64 || mips64le)
-// +build linux
-// +build mips64 mips64le
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_mipsx.go b/vendor/golang.org/x/sys/unix/syscall_linux_mipsx.go
index aae7f0ffd..c218ebd28 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux_mipsx.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_mipsx.go
@@ -3,8 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build linux && (mips || mipsle)
-// +build linux
-// +build mips mipsle
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_ppc.go b/vendor/golang.org/x/sys/unix/syscall_linux_ppc.go
index 66eff19a3..e6c48500c 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux_ppc.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_ppc.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build linux && ppc
-// +build linux,ppc
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_ppc64x.go b/vendor/golang.org/x/sys/unix/syscall_linux_ppc64x.go
index 806aa2574..7286a9aa8 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux_ppc64x.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_ppc64x.go
@@ -3,8 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build linux && (ppc64 || ppc64le)
-// +build linux
-// +build ppc64 ppc64le
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_riscv64.go b/vendor/golang.org/x/sys/unix/syscall_linux_riscv64.go
index 5e6ceee12..6f5a28894 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux_riscv64.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_riscv64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build riscv64 && linux
-// +build riscv64,linux
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_s390x.go b/vendor/golang.org/x/sys/unix/syscall_linux_s390x.go
index 2f89e8f5d..66f31210d 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux_s390x.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_s390x.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build s390x && linux
-// +build s390x,linux
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_sparc64.go b/vendor/golang.org/x/sys/unix/syscall_linux_sparc64.go
index 7ca064ae7..11d1f1698 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux_sparc64.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_sparc64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build sparc64 && linux
-// +build sparc64,linux
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_netbsd_386.go b/vendor/golang.org/x/sys/unix/syscall_netbsd_386.go
index 5199d282f..7a5eb5743 100644
--- a/vendor/golang.org/x/sys/unix/syscall_netbsd_386.go
+++ b/vendor/golang.org/x/sys/unix/syscall_netbsd_386.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build 386 && netbsd
-// +build 386,netbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_netbsd_amd64.go b/vendor/golang.org/x/sys/unix/syscall_netbsd_amd64.go
index 70a9c52e9..62d8957ae 100644
--- a/vendor/golang.org/x/sys/unix/syscall_netbsd_amd64.go
+++ b/vendor/golang.org/x/sys/unix/syscall_netbsd_amd64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build amd64 && netbsd
-// +build amd64,netbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_netbsd_arm.go b/vendor/golang.org/x/sys/unix/syscall_netbsd_arm.go
index 3eb5942f9..ce6a06885 100644
--- a/vendor/golang.org/x/sys/unix/syscall_netbsd_arm.go
+++ b/vendor/golang.org/x/sys/unix/syscall_netbsd_arm.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build arm && netbsd
-// +build arm,netbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_netbsd_arm64.go b/vendor/golang.org/x/sys/unix/syscall_netbsd_arm64.go
index fc6ccfd81..d46d689d1 100644
--- a/vendor/golang.org/x/sys/unix/syscall_netbsd_arm64.go
+++ b/vendor/golang.org/x/sys/unix/syscall_netbsd_arm64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build arm64 && netbsd
-// +build arm64,netbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_openbsd.go b/vendor/golang.org/x/sys/unix/syscall_openbsd.go
index 6f34479b5..d2882ee04 100644
--- a/vendor/golang.org/x/sys/unix/syscall_openbsd.go
+++ b/vendor/golang.org/x/sys/unix/syscall_openbsd.go
@@ -137,18 +137,13 @@ func sendfile(outfd int, infd int, offset *int64, count int) (written int, err e
 }
 
 func Getfsstat(buf []Statfs_t, flags int) (n int, err error) {
-	var _p0 unsafe.Pointer
+	var bufptr *Statfs_t
 	var bufsize uintptr
 	if len(buf) > 0 {
-		_p0 = unsafe.Pointer(&buf[0])
+		bufptr = &buf[0]
 		bufsize = unsafe.Sizeof(Statfs_t{}) * uintptr(len(buf))
 	}
-	r0, _, e1 := Syscall(SYS_GETFSSTAT, uintptr(_p0), bufsize, uintptr(flags))
-	n = int(r0)
-	if e1 != 0 {
-		err = e1
-	}
-	return
+	return getfsstat(bufptr, bufsize, flags)
 }
 
 //sysnb	getresuid(ruid *_C_int, euid *_C_int, suid *_C_int)
@@ -326,4 +321,7 @@ func Uname(uname *Utsname) error {
 //sys	write(fd int, p []byte) (n int, err error)
 //sys	mmap(addr uintptr, length uintptr, prot int, flag int, fd int, pos int64) (ret uintptr, err error)
 //sys	munmap(addr uintptr, length uintptr) (err error)
+//sys	getfsstat(stat *Statfs_t, bufsize uintptr, flags int) (n int, err error)
 //sys	utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error)
+//sys	pledge(promises *byte, execpromises *byte) (err error)
+//sys	unveil(path *byte, flags *byte) (err error)
diff --git a/vendor/golang.org/x/sys/unix/syscall_openbsd_386.go b/vendor/golang.org/x/sys/unix/syscall_openbsd_386.go
index 6baabcdcb..9ddc89f4f 100644
--- a/vendor/golang.org/x/sys/unix/syscall_openbsd_386.go
+++ b/vendor/golang.org/x/sys/unix/syscall_openbsd_386.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build 386 && openbsd
-// +build 386,openbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_openbsd_amd64.go b/vendor/golang.org/x/sys/unix/syscall_openbsd_amd64.go
index bab25360e..70a3c96ee 100644
--- a/vendor/golang.org/x/sys/unix/syscall_openbsd_amd64.go
+++ b/vendor/golang.org/x/sys/unix/syscall_openbsd_amd64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build amd64 && openbsd
-// +build amd64,openbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_openbsd_arm.go b/vendor/golang.org/x/sys/unix/syscall_openbsd_arm.go
index 8eed3c4d4..265caa87f 100644
--- a/vendor/golang.org/x/sys/unix/syscall_openbsd_arm.go
+++ b/vendor/golang.org/x/sys/unix/syscall_openbsd_arm.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build arm && openbsd
-// +build arm,openbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_openbsd_arm64.go b/vendor/golang.org/x/sys/unix/syscall_openbsd_arm64.go
index 483dde99d..ac4fda171 100644
--- a/vendor/golang.org/x/sys/unix/syscall_openbsd_arm64.go
+++ b/vendor/golang.org/x/sys/unix/syscall_openbsd_arm64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build arm64 && openbsd
-// +build arm64,openbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_openbsd_libc.go b/vendor/golang.org/x/sys/unix/syscall_openbsd_libc.go
index 04aa43f41..0a451e6dd 100644
--- a/vendor/golang.org/x/sys/unix/syscall_openbsd_libc.go
+++ b/vendor/golang.org/x/sys/unix/syscall_openbsd_libc.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build openbsd
-// +build openbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_openbsd_ppc64.go b/vendor/golang.org/x/sys/unix/syscall_openbsd_ppc64.go
index c2796139c..30a308cbb 100644
--- a/vendor/golang.org/x/sys/unix/syscall_openbsd_ppc64.go
+++ b/vendor/golang.org/x/sys/unix/syscall_openbsd_ppc64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build ppc64 && openbsd
-// +build ppc64,openbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_openbsd_riscv64.go b/vendor/golang.org/x/sys/unix/syscall_openbsd_riscv64.go
index 23199a7ff..ea954330f 100644
--- a/vendor/golang.org/x/sys/unix/syscall_openbsd_riscv64.go
+++ b/vendor/golang.org/x/sys/unix/syscall_openbsd_riscv64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build riscv64 && openbsd
-// +build riscv64,openbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_solaris.go b/vendor/golang.org/x/sys/unix/syscall_solaris.go
index b99cfa134..60c8142d4 100644
--- a/vendor/golang.org/x/sys/unix/syscall_solaris.go
+++ b/vendor/golang.org/x/sys/unix/syscall_solaris.go
@@ -128,7 +128,8 @@ func (sa *SockaddrUnix) sockaddr() (unsafe.Pointer, _Socklen, error) {
 	if n > 0 {
 		sl += _Socklen(n) + 1
 	}
-	if sa.raw.Path[0] == '@' {
+	if sa.raw.Path[0] == '@' || (sa.raw.Path[0] == 0 && sl > 3) {
+		// Check sl > 3 so we don't change unnamed socket behavior.
 		sa.raw.Path[0] = 0
 		// Don't count trailing NUL for abstract address.
 		sl--
diff --git a/vendor/golang.org/x/sys/unix/syscall_solaris_amd64.go b/vendor/golang.org/x/sys/unix/syscall_solaris_amd64.go
index 0bd25ef81..e02d8ceae 100644
--- a/vendor/golang.org/x/sys/unix/syscall_solaris_amd64.go
+++ b/vendor/golang.org/x/sys/unix/syscall_solaris_amd64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build amd64 && solaris
-// +build amd64,solaris
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_unix.go b/vendor/golang.org/x/sys/unix/syscall_unix.go
index f6eda2705..77081de8c 100644
--- a/vendor/golang.org/x/sys/unix/syscall_unix.go
+++ b/vendor/golang.org/x/sys/unix/syscall_unix.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris
-// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_unix_gc.go b/vendor/golang.org/x/sys/unix/syscall_unix_gc.go
index b6919ca58..05c95bccf 100644
--- a/vendor/golang.org/x/sys/unix/syscall_unix_gc.go
+++ b/vendor/golang.org/x/sys/unix/syscall_unix_gc.go
@@ -3,8 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build (darwin || dragonfly || freebsd || (linux && !ppc64 && !ppc64le) || netbsd || openbsd || solaris) && gc
-// +build darwin dragonfly freebsd linux,!ppc64,!ppc64le netbsd openbsd solaris
-// +build gc
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_unix_gc_ppc64x.go b/vendor/golang.org/x/sys/unix/syscall_unix_gc_ppc64x.go
index f6f707acf..23f39b7af 100644
--- a/vendor/golang.org/x/sys/unix/syscall_unix_gc_ppc64x.go
+++ b/vendor/golang.org/x/sys/unix/syscall_unix_gc_ppc64x.go
@@ -3,9 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build linux && (ppc64le || ppc64) && gc
-// +build linux
-// +build ppc64le ppc64
-// +build gc
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_zos_s390x.go b/vendor/golang.org/x/sys/unix/syscall_zos_s390x.go
index 4596d041c..d99d05f1b 100644
--- a/vendor/golang.org/x/sys/unix/syscall_zos_s390x.go
+++ b/vendor/golang.org/x/sys/unix/syscall_zos_s390x.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build zos && s390x
-// +build zos,s390x
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/sysvshm_linux.go b/vendor/golang.org/x/sys/unix/sysvshm_linux.go
index 2c3a4437f..4fcd38de2 100644
--- a/vendor/golang.org/x/sys/unix/sysvshm_linux.go
+++ b/vendor/golang.org/x/sys/unix/sysvshm_linux.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build linux
-// +build linux
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/sysvshm_unix.go b/vendor/golang.org/x/sys/unix/sysvshm_unix.go
index 5bb41d17b..79a84f18b 100644
--- a/vendor/golang.org/x/sys/unix/sysvshm_unix.go
+++ b/vendor/golang.org/x/sys/unix/sysvshm_unix.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build (darwin && !ios) || linux
-// +build darwin,!ios linux
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/sysvshm_unix_other.go b/vendor/golang.org/x/sys/unix/sysvshm_unix_other.go
index 71bddefdb..9eb0db664 100644
--- a/vendor/golang.org/x/sys/unix/sysvshm_unix_other.go
+++ b/vendor/golang.org/x/sys/unix/sysvshm_unix_other.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build darwin && !ios
-// +build darwin,!ios
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/timestruct.go b/vendor/golang.org/x/sys/unix/timestruct.go
index 616b1b284..7997b1902 100644
--- a/vendor/golang.org/x/sys/unix/timestruct.go
+++ b/vendor/golang.org/x/sys/unix/timestruct.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos
-// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris zos
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/unveil_openbsd.go b/vendor/golang.org/x/sys/unix/unveil_openbsd.go
index 168d5ae77..cb7e598ce 100644
--- a/vendor/golang.org/x/sys/unix/unveil_openbsd.go
+++ b/vendor/golang.org/x/sys/unix/unveil_openbsd.go
@@ -4,39 +4,48 @@
 
 package unix
 
-import (
-	"syscall"
-	"unsafe"
-)
+import "fmt"
 
 // Unveil implements the unveil syscall.
 // For more information see unveil(2).
 // Note that the special case of blocking further
 // unveil calls is handled by UnveilBlock.
 func Unveil(path string, flags string) error {
-	pathPtr, err := syscall.BytePtrFromString(path)
-	if err != nil {
+	if err := supportsUnveil(); err != nil {
 		return err
 	}
-	flagsPtr, err := syscall.BytePtrFromString(flags)
+	pathPtr, err := BytePtrFromString(path)
 	if err != nil {
 		return err
 	}
-	_, _, e := syscall.Syscall(SYS_UNVEIL, uintptr(unsafe.Pointer(pathPtr)), uintptr(unsafe.Pointer(flagsPtr)), 0)
-	if e != 0 {
-		return e
+	flagsPtr, err := BytePtrFromString(flags)
+	if err != nil {
+		return err
 	}
-	return nil
+	return unveil(pathPtr, flagsPtr)
 }
 
 // UnveilBlock blocks future unveil calls.
 // For more information see unveil(2).
 func UnveilBlock() error {
-	// Both pointers must be nil.
-	var pathUnsafe, flagsUnsafe unsafe.Pointer
-	_, _, e := syscall.Syscall(SYS_UNVEIL, uintptr(pathUnsafe), uintptr(flagsUnsafe), 0)
-	if e != 0 {
-		return e
+	if err := supportsUnveil(); err != nil {
+		return err
 	}
+	return unveil(nil, nil)
+}
+
+// supportsUnveil checks for availability of the unveil(2) system call based
+// on the running OpenBSD version.
+func supportsUnveil() error {
+	maj, min, err := majmin()
+	if err != nil {
+		return err
+	}
+
+	// unveil is not available before 6.4
+	if maj < 6 || (maj == 6 && min <= 3) {
+		return fmt.Errorf("cannot call Unveil on OpenBSD %d.%d", maj, min)
+	}
+
 	return nil
 }
diff --git a/vendor/golang.org/x/sys/unix/xattr_bsd.go b/vendor/golang.org/x/sys/unix/xattr_bsd.go
index f5f8e9f36..e16879396 100644
--- a/vendor/golang.org/x/sys/unix/xattr_bsd.go
+++ b/vendor/golang.org/x/sys/unix/xattr_bsd.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build freebsd || netbsd
-// +build freebsd netbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zerrors_aix_ppc.go b/vendor/golang.org/x/sys/unix/zerrors_aix_ppc.go
index ca9799b79..2fb219d78 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_aix_ppc.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_aix_ppc.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build ppc && aix
-// +build ppc,aix
 
 // Created by cgo -godefs - DO NOT EDIT
 // cgo -godefs -- -maix32 _const.go
diff --git a/vendor/golang.org/x/sys/unix/zerrors_aix_ppc64.go b/vendor/golang.org/x/sys/unix/zerrors_aix_ppc64.go
index 200c8c26f..b0e6f5c85 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_aix_ppc64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_aix_ppc64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build ppc64 && aix
-// +build ppc64,aix
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -maix64 _const.go
diff --git a/vendor/golang.org/x/sys/unix/zerrors_darwin_amd64.go b/vendor/golang.org/x/sys/unix/zerrors_darwin_amd64.go
index 143007627..e40fa8524 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_darwin_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_darwin_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build amd64 && darwin
-// +build amd64,darwin
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -m64 _const.go
diff --git a/vendor/golang.org/x/sys/unix/zerrors_darwin_arm64.go b/vendor/golang.org/x/sys/unix/zerrors_darwin_arm64.go
index ab044a742..bb02aa6c0 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_darwin_arm64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_darwin_arm64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm64 && darwin
-// +build arm64,darwin
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -m64 _const.go
diff --git a/vendor/golang.org/x/sys/unix/zerrors_dragonfly_amd64.go b/vendor/golang.org/x/sys/unix/zerrors_dragonfly_amd64.go
index 17bba0e44..c0e0f8694 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_dragonfly_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_dragonfly_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build amd64 && dragonfly
-// +build amd64,dragonfly
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -m64 _const.go
diff --git a/vendor/golang.org/x/sys/unix/zerrors_freebsd_386.go b/vendor/golang.org/x/sys/unix/zerrors_freebsd_386.go
index f8c2c5138..6c6923906 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_freebsd_386.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_freebsd_386.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build 386 && freebsd
-// +build 386,freebsd
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -m32 _const.go
diff --git a/vendor/golang.org/x/sys/unix/zerrors_freebsd_amd64.go b/vendor/golang.org/x/sys/unix/zerrors_freebsd_amd64.go
index 96310c3be..dd9163f8e 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_freebsd_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_freebsd_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build amd64 && freebsd
-// +build amd64,freebsd
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -m64 _const.go
diff --git a/vendor/golang.org/x/sys/unix/zerrors_freebsd_arm.go b/vendor/golang.org/x/sys/unix/zerrors_freebsd_arm.go
index 777b69def..493a2a793 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_freebsd_arm.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_freebsd_arm.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm && freebsd
-// +build arm,freebsd
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- _const.go
diff --git a/vendor/golang.org/x/sys/unix/zerrors_freebsd_arm64.go b/vendor/golang.org/x/sys/unix/zerrors_freebsd_arm64.go
index c557ac2db..8b437b307 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_freebsd_arm64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_freebsd_arm64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm64 && freebsd
-// +build arm64,freebsd
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -m64 _const.go
diff --git a/vendor/golang.org/x/sys/unix/zerrors_freebsd_riscv64.go b/vendor/golang.org/x/sys/unix/zerrors_freebsd_riscv64.go
index 341b4d962..67c02dd57 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_freebsd_riscv64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_freebsd_riscv64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build riscv64 && freebsd
-// +build riscv64,freebsd
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -m64 _const.go
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux.go b/vendor/golang.org/x/sys/unix/zerrors_linux.go
index f9c7f479b..9c00cbf51 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux.go
@@ -1,7 +1,6 @@
 // Code generated by mkmerge; DO NOT EDIT.
 
 //go:build linux
-// +build linux
 
 package unix
 
@@ -481,10 +480,14 @@ const (
 	BPF_FROM_BE                                 = 0x8
 	BPF_FROM_LE                                 = 0x0
 	BPF_FS_MAGIC                                = 0xcafe4a11
+	BPF_F_AFTER                                 = 0x10
 	BPF_F_ALLOW_MULTI                           = 0x2
 	BPF_F_ALLOW_OVERRIDE                        = 0x1
 	BPF_F_ANY_ALIGNMENT                         = 0x2
-	BPF_F_KPROBE_MULTI_RETURN                   = 0x1
+	BPF_F_BEFORE                                = 0x8
+	BPF_F_ID                                    = 0x20
+	BPF_F_LINK                                  = 0x2000
+	BPF_F_NETFILTER_IP_DEFRAG                   = 0x1
 	BPF_F_QUERY_EFFECTIVE                       = 0x1
 	BPF_F_REPLACE                               = 0x4
 	BPF_F_SLEEPABLE                             = 0x10
@@ -521,6 +524,7 @@ const (
 	BPF_MAJOR_VERSION                           = 0x1
 	BPF_MAXINSNS                                = 0x1000
 	BPF_MEM                                     = 0x60
+	BPF_MEMSX                                   = 0x80
 	BPF_MEMWORDS                                = 0x10
 	BPF_MINOR_VERSION                           = 0x1
 	BPF_MISC                                    = 0x7
@@ -776,6 +780,8 @@ const (
 	DEVLINK_GENL_MCGRP_CONFIG_NAME              = "config"
 	DEVLINK_GENL_NAME                           = "devlink"
 	DEVLINK_GENL_VERSION                        = 0x1
+	DEVLINK_PORT_FN_CAP_IPSEC_CRYPTO            = 0x4
+	DEVLINK_PORT_FN_CAP_IPSEC_PACKET            = 0x8
 	DEVLINK_PORT_FN_CAP_MIGRATABLE              = 0x2
 	DEVLINK_PORT_FN_CAP_ROCE                    = 0x1
 	DEVLINK_SB_THRESHOLD_TO_ALPHA_MAX           = 0x14
@@ -1698,6 +1704,7 @@ const (
 	KEXEC_ON_CRASH                              = 0x1
 	KEXEC_PRESERVE_CONTEXT                      = 0x2
 	KEXEC_SEGMENT_MAX                           = 0x10
+	KEXEC_UPDATE_ELFCOREHDR                     = 0x4
 	KEYCTL_ASSUME_AUTHORITY                     = 0x10
 	KEYCTL_CAPABILITIES                         = 0x1f
 	KEYCTL_CAPS0_BIG_KEY                        = 0x10
@@ -2275,6 +2282,7 @@ const (
 	PERF_MEM_LVLNUM_PMEM                        = 0xe
 	PERF_MEM_LVLNUM_RAM                         = 0xd
 	PERF_MEM_LVLNUM_SHIFT                       = 0x21
+	PERF_MEM_LVLNUM_UNC                         = 0x8
 	PERF_MEM_LVL_HIT                            = 0x2
 	PERF_MEM_LVL_IO                             = 0x1000
 	PERF_MEM_LVL_L1                             = 0x8
@@ -3461,6 +3469,7 @@ const (
 	XDP_PACKET_HEADROOM                         = 0x100
 	XDP_PGOFF_RX_RING                           = 0x0
 	XDP_PGOFF_TX_RING                           = 0x80000000
+	XDP_PKT_CONTD                               = 0x1
 	XDP_RING_NEED_WAKEUP                        = 0x1
 	XDP_RX_RING                                 = 0x2
 	XDP_SHARED_UMEM                             = 0x1
@@ -3473,6 +3482,7 @@ const (
 	XDP_UMEM_REG                                = 0x4
 	XDP_UMEM_UNALIGNED_CHUNK_FLAG               = 0x1
 	XDP_USE_NEED_WAKEUP                         = 0x8
+	XDP_USE_SG                                  = 0x10
 	XDP_ZEROCOPY                                = 0x4
 	XENFS_SUPER_MAGIC                           = 0xabba1974
 	XFS_SUPER_MAGIC                             = 0x58465342
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_386.go b/vendor/golang.org/x/sys/unix/zerrors_linux_386.go
index 30aee00a5..4920821cf 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_386.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_386.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build 386 && linux
-// +build 386,linux
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -Wall -Werror -static -I/tmp/386/include -m32 _const.go
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go
index 8ebfa5127..a0c1e4112 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build amd64 && linux
-// +build amd64,linux
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -Wall -Werror -static -I/tmp/amd64/include -m64 _const.go
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go b/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go
index 271a21cdc..c63985560 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm && linux
-// +build arm,linux
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -Wall -Werror -static -I/tmp/arm/include _const.go
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go
index 910c330a3..47cc62e25 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm64 && linux
-// +build arm64,linux
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -Wall -Werror -static -I/tmp/arm64/include -fsigned-char _const.go
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go
index a640798c9..27ac4a09e 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build loong64 && linux
-// +build loong64,linux
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -Wall -Werror -static -I/tmp/loong64/include _const.go
@@ -119,6 +118,7 @@ const (
 	IXOFF                            = 0x1000
 	IXON                             = 0x400
 	LASX_CTX_MAGIC                   = 0x41535801
+	LBT_CTX_MAGIC                    = 0x42540001
 	LSX_CTX_MAGIC                    = 0x53580001
 	MAP_ANON                         = 0x20
 	MAP_ANONYMOUS                    = 0x20
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go
index 0d5925d34..54694642a 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build mips && linux
-// +build mips,linux
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -Wall -Werror -static -I/tmp/mips/include _const.go
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go
index d72a00e0b..3adb81d75 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build mips64 && linux
-// +build mips64,linux
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -Wall -Werror -static -I/tmp/mips64/include _const.go
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go
index 02ba129f8..2dfe98f0d 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build mips64le && linux
-// +build mips64le,linux
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -Wall -Werror -static -I/tmp/mips64le/include _const.go
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go
index 8daa6dd96..f5398f84f 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build mipsle && linux
-// +build mipsle,linux
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -Wall -Werror -static -I/tmp/mipsle/include _const.go
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go
index 63c8fa2f7..c54f152d6 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build ppc && linux
-// +build ppc,linux
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -Wall -Werror -static -I/tmp/ppc/include _const.go
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go
index 930799ec1..76057dc72 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build ppc64 && linux
-// +build ppc64,linux
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -Wall -Werror -static -I/tmp/ppc64/include _const.go
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go
index 8605a7dd7..e0c3725e2 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build ppc64le && linux
-// +build ppc64le,linux
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -Wall -Werror -static -I/tmp/ppc64le/include _const.go
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go
index 95a016f1c..18f2813ed 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build riscv64 && linux
-// +build riscv64,linux
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -Wall -Werror -static -I/tmp/riscv64/include _const.go
@@ -228,6 +227,9 @@ const (
 	PPPIOCUNBRIDGECHAN               = 0x7434
 	PPPIOCXFERUNIT                   = 0x744e
 	PR_SET_PTRACER_ANY               = 0xffffffffffffffff
+	PTRACE_GETFDPIC                  = 0x21
+	PTRACE_GETFDPIC_EXEC             = 0x0
+	PTRACE_GETFDPIC_INTERP           = 0x1
 	RLIMIT_AS                        = 0x9
 	RLIMIT_MEMLOCK                   = 0x8
 	RLIMIT_NOFILE                    = 0x7
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go b/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go
index 1ae0108f5..11619d4ec 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build s390x && linux
-// +build s390x,linux
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -Wall -Werror -static -I/tmp/s390x/include -fsigned-char _const.go
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go
index 1bb7c6333..396d994da 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build sparc64 && linux
-// +build sparc64,linux
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -Wall -Werror -static -I/tmp/sparc64/include _const.go
diff --git a/vendor/golang.org/x/sys/unix/zerrors_netbsd_386.go b/vendor/golang.org/x/sys/unix/zerrors_netbsd_386.go
index 72f7420d2..130085df4 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_netbsd_386.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_netbsd_386.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build 386 && netbsd
-// +build 386,netbsd
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -m32 _const.go
diff --git a/vendor/golang.org/x/sys/unix/zerrors_netbsd_amd64.go b/vendor/golang.org/x/sys/unix/zerrors_netbsd_amd64.go
index 8d4eb0c08..84769a1a3 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_netbsd_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_netbsd_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build amd64 && netbsd
-// +build amd64,netbsd
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -m64 _const.go
diff --git a/vendor/golang.org/x/sys/unix/zerrors_netbsd_arm.go b/vendor/golang.org/x/sys/unix/zerrors_netbsd_arm.go
index 9eef9749f..602ded003 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_netbsd_arm.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_netbsd_arm.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm && netbsd
-// +build arm,netbsd
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -marm _const.go
diff --git a/vendor/golang.org/x/sys/unix/zerrors_netbsd_arm64.go b/vendor/golang.org/x/sys/unix/zerrors_netbsd_arm64.go
index 3b62ba192..efc0406ee 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_netbsd_arm64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_netbsd_arm64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm64 && netbsd
-// +build arm64,netbsd
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -m64 _const.go
diff --git a/vendor/golang.org/x/sys/unix/zerrors_openbsd_386.go b/vendor/golang.org/x/sys/unix/zerrors_openbsd_386.go
index af20e474b..5a6500f83 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_openbsd_386.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_openbsd_386.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build 386 && openbsd
-// +build 386,openbsd
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -m32 _const.go
diff --git a/vendor/golang.org/x/sys/unix/zerrors_openbsd_amd64.go b/vendor/golang.org/x/sys/unix/zerrors_openbsd_amd64.go
index 6015fcb2b..a5aeeb979 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_openbsd_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_openbsd_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build amd64 && openbsd
-// +build amd64,openbsd
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -m64 _const.go
diff --git a/vendor/golang.org/x/sys/unix/zerrors_openbsd_arm.go b/vendor/golang.org/x/sys/unix/zerrors_openbsd_arm.go
index 8d44955e4..0e9748a72 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_openbsd_arm.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_openbsd_arm.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm && openbsd
-// +build arm,openbsd
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- _const.go
diff --git a/vendor/golang.org/x/sys/unix/zerrors_openbsd_arm64.go b/vendor/golang.org/x/sys/unix/zerrors_openbsd_arm64.go
index ae16fe754..4f4449abc 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_openbsd_arm64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_openbsd_arm64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm64 && openbsd
-// +build arm64,openbsd
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -m64 _const.go
diff --git a/vendor/golang.org/x/sys/unix/zerrors_openbsd_mips64.go b/vendor/golang.org/x/sys/unix/zerrors_openbsd_mips64.go
index 03d90fe35..76a363f0f 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_openbsd_mips64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_openbsd_mips64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build mips64 && openbsd
-// +build mips64,openbsd
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -m64 _const.go
diff --git a/vendor/golang.org/x/sys/unix/zerrors_openbsd_ppc64.go b/vendor/golang.org/x/sys/unix/zerrors_openbsd_ppc64.go
index 8e2c51b1e..43ca0cdfd 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_openbsd_ppc64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_openbsd_ppc64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build ppc64 && openbsd
-// +build ppc64,openbsd
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -m64 _const.go
diff --git a/vendor/golang.org/x/sys/unix/zerrors_openbsd_riscv64.go b/vendor/golang.org/x/sys/unix/zerrors_openbsd_riscv64.go
index 13d403031..b1b8bb200 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_openbsd_riscv64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_openbsd_riscv64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build riscv64 && openbsd
-// +build riscv64,openbsd
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -m64 _const.go
diff --git a/vendor/golang.org/x/sys/unix/zerrors_solaris_amd64.go b/vendor/golang.org/x/sys/unix/zerrors_solaris_amd64.go
index 1afee6a08..d2ddd3176 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_solaris_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_solaris_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build amd64 && solaris
-// +build amd64,solaris
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -m64 _const.go
diff --git a/vendor/golang.org/x/sys/unix/zerrors_zos_s390x.go b/vendor/golang.org/x/sys/unix/zerrors_zos_s390x.go
index fc7d0506f..4dfd2e051 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_zos_s390x.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_zos_s390x.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build zos && s390x
-// +build zos,s390x
 
 // Hand edited based on zerrors_linux_s390x.go
 // TODO: auto-generate.
diff --git a/vendor/golang.org/x/sys/unix/zptrace_armnn_linux.go b/vendor/golang.org/x/sys/unix/zptrace_armnn_linux.go
index 97f20ca28..586317c78 100644
--- a/vendor/golang.org/x/sys/unix/zptrace_armnn_linux.go
+++ b/vendor/golang.org/x/sys/unix/zptrace_armnn_linux.go
@@ -1,8 +1,6 @@
 // Code generated by linux/mkall.go generatePtracePair("arm", "arm64"). DO NOT EDIT.
 
 //go:build linux && (arm || arm64)
-// +build linux
-// +build arm arm64
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zptrace_mipsnn_linux.go b/vendor/golang.org/x/sys/unix/zptrace_mipsnn_linux.go
index 0b5f79430..d7c881be7 100644
--- a/vendor/golang.org/x/sys/unix/zptrace_mipsnn_linux.go
+++ b/vendor/golang.org/x/sys/unix/zptrace_mipsnn_linux.go
@@ -1,8 +1,6 @@
 // Code generated by linux/mkall.go generatePtracePair("mips", "mips64"). DO NOT EDIT.
 
 //go:build linux && (mips || mips64)
-// +build linux
-// +build mips mips64
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zptrace_mipsnnle_linux.go b/vendor/golang.org/x/sys/unix/zptrace_mipsnnle_linux.go
index 2807f7e64..2d2de5d29 100644
--- a/vendor/golang.org/x/sys/unix/zptrace_mipsnnle_linux.go
+++ b/vendor/golang.org/x/sys/unix/zptrace_mipsnnle_linux.go
@@ -1,8 +1,6 @@
 // Code generated by linux/mkall.go generatePtracePair("mipsle", "mips64le"). DO NOT EDIT.
 
 //go:build linux && (mipsle || mips64le)
-// +build linux
-// +build mipsle mips64le
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zptrace_x86_linux.go b/vendor/golang.org/x/sys/unix/zptrace_x86_linux.go
index 281ea64e3..5adc79fb5 100644
--- a/vendor/golang.org/x/sys/unix/zptrace_x86_linux.go
+++ b/vendor/golang.org/x/sys/unix/zptrace_x86_linux.go
@@ -1,8 +1,6 @@
 // Code generated by linux/mkall.go generatePtracePair("386", "amd64"). DO NOT EDIT.
 
 //go:build linux && (386 || amd64)
-// +build linux
-// +build 386 amd64
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc.go b/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc.go
index d1d1d2331..6ea64a3c0 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build aix && ppc
-// +build aix,ppc
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64.go b/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64.go
index f99a18adc..99ee4399a 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build aix && ppc64
-// +build aix,ppc64
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gc.go b/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gc.go
index c4d50ae50..b68a78362 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gc.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gc.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build aix && ppc64 && gc
-// +build aix,ppc64,gc
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gccgo.go b/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gccgo.go
index 6903d3b09..0a87450bf 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gccgo.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gccgo.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build aix && ppc64 && gccgo
-// +build aix,ppc64,gccgo
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.go
index 1cad561e9..ccb02f240 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build darwin && amd64
-// +build darwin,amd64
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go b/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go
index b18edbd0e..1b40b997b 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build darwin && arm64
-// +build darwin,arm64
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_dragonfly_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_dragonfly_amd64.go
index 0c67df64a..aad65fc79 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_dragonfly_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_dragonfly_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build dragonfly && amd64
-// +build dragonfly,amd64
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_386.go b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_386.go
index e6e05d145..c0096391a 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_386.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_386.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build freebsd && 386
-// +build freebsd,386
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_amd64.go
index 7508accac..7664df749 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build freebsd && amd64
-// +build freebsd,amd64
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm.go b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm.go
index 7b56aead4..ae099182c 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build freebsd && arm
-// +build freebsd,arm
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm64.go b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm64.go
index cc623dcaa..11fd5d45b 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build freebsd && arm64
-// +build freebsd,arm64
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_riscv64.go b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_riscv64.go
index 581849197..c3d2d6530 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_riscv64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_riscv64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build freebsd && riscv64
-// +build freebsd,riscv64
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_illumos_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_illumos_amd64.go
index 6be25cd19..c698cbc01 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_illumos_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_illumos_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build illumos && amd64
-// +build illumos,amd64
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux.go b/vendor/golang.org/x/sys/unix/zsyscall_linux.go
index 1ff3aec74..faca7a557 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_linux.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux.go
@@ -1,7 +1,6 @@
 // Code generated by mkmerge; DO NOT EDIT.
 
 //go:build linux
-// +build linux
 
 package unix
 
@@ -2195,3 +2194,13 @@ func schedGetattr(pid int, attr *SchedAttr, size uint, flags uint) (err error) {
 	}
 	return
 }
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Cachestat(fd uint, crange *CachestatRange, cstat *Cachestat_t, flags uint) (err error) {
+	_, _, e1 := Syscall6(SYS_CACHESTAT, uintptr(fd), uintptr(unsafe.Pointer(crange)), uintptr(unsafe.Pointer(cstat)), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_386.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_386.go
index 07b549cc2..4def3e9fc 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_linux_386.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_386.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build linux && 386
-// +build linux,386
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_amd64.go
index 5f481bf83..fef2bc8ba 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_linux_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build linux && amd64
-// +build linux,amd64
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_arm.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_arm.go
index 824cd52c7..a9fd76a88 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_linux_arm.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_arm.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build linux && arm
-// +build linux,arm
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_arm64.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_arm64.go
index e77aecfe9..460065028 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_linux_arm64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_arm64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build linux && arm64
-// +build linux,arm64
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_loong64.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_loong64.go
index 806ffd1e1..c8987d264 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_linux_loong64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_loong64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build linux && loong64
-// +build linux,loong64
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_mips.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_mips.go
index 961a3afb7..921f43061 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_linux_mips.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_mips.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build linux && mips
-// +build linux,mips
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64.go
index ed05005e9..44f067829 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build linux && mips64
-// +build linux,mips64
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64le.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64le.go
index d365b718f..e7fa0abf0 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64le.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64le.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build linux && mips64le
-// +build linux,mips64le
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_mipsle.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_mipsle.go
index c3f1b8bbd..8c5125675 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_linux_mipsle.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_mipsle.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build linux && mipsle
-// +build linux,mipsle
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc.go
index a6574cf98..7392fd45e 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build linux && ppc
-// +build linux,ppc
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64.go
index f40990264..41180434e 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build linux && ppc64
-// +build linux,ppc64
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64le.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64le.go
index 9dfcc2997..40c6ce7ae 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64le.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64le.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build linux && ppc64le
-// +build linux,ppc64le
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_riscv64.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_riscv64.go
index 0ab4f2ed7..2cfe34adb 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_linux_riscv64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_riscv64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build linux && riscv64
-// +build linux,riscv64
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_s390x.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_s390x.go
index 6cde32237..61e6f0709 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_linux_s390x.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_s390x.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build linux && s390x
-// +build linux,s390x
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_sparc64.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_sparc64.go
index 5253d65bf..834b84204 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_linux_sparc64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_sparc64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build linux && sparc64
-// +build linux,sparc64
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_386.go b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_386.go
index 2df3c5bac..e91ebc14a 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_386.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_386.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build netbsd && 386
-// +build netbsd,386
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_amd64.go
index a60556bab..be28babbc 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build netbsd && amd64
-// +build netbsd,amd64
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm.go b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm.go
index 9f788917a..fb587e826 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build netbsd && arm
-// +build netbsd,arm
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm64.go b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm64.go
index 82a4cb2dc..d576438bb 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build netbsd && arm64
-// +build netbsd,arm64
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go
index 66b3b6456..88bfc2885 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build openbsd && 386
-// +build openbsd,386
 
 package unix
 
@@ -2213,6 +2212,21 @@ var libc_munmap_trampoline_addr uintptr
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func getfsstat(stat *Statfs_t, bufsize uintptr, flags int) (n int, err error) {
+	r0, _, e1 := syscall_syscall(libc_getfsstat_trampoline_addr, uintptr(unsafe.Pointer(stat)), uintptr(bufsize), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_getfsstat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getfsstat getfsstat "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -2229,3 +2243,33 @@ func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error
 var libc_utimensat_trampoline_addr uintptr
 
 //go:cgo_import_dynamic libc_utimensat utimensat "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func pledge(promises *byte, execpromises *byte) (err error) {
+	_, _, e1 := syscall_syscall(libc_pledge_trampoline_addr, uintptr(unsafe.Pointer(promises)), uintptr(unsafe.Pointer(execpromises)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_pledge_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_pledge pledge "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func unveil(path *byte, flags *byte) (err error) {
+	_, _, e1 := syscall_syscall(libc_unveil_trampoline_addr, uintptr(unsafe.Pointer(path)), uintptr(unsafe.Pointer(flags)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_unveil_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_unveil unveil "libc.so"
+
+
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.s b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.s
index 3dcacd30d..4cbeff171 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.s
+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.s
@@ -668,7 +668,22 @@ TEXT libc_munmap_trampoline<>(SB),NOSPLIT,$0-0
 GLOBL	·libc_munmap_trampoline_addr(SB), RODATA, $4
 DATA	·libc_munmap_trampoline_addr(SB)/4, $libc_munmap_trampoline<>(SB)
 
+TEXT libc_getfsstat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getfsstat(SB)
+GLOBL	·libc_getfsstat_trampoline_addr(SB), RODATA, $4
+DATA	·libc_getfsstat_trampoline_addr(SB)/4, $libc_getfsstat_trampoline<>(SB)
+
 TEXT libc_utimensat_trampoline<>(SB),NOSPLIT,$0-0
 	JMP	libc_utimensat(SB)
 GLOBL	·libc_utimensat_trampoline_addr(SB), RODATA, $4
 DATA	·libc_utimensat_trampoline_addr(SB)/4, $libc_utimensat_trampoline<>(SB)
+
+TEXT libc_pledge_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_pledge(SB)
+GLOBL	·libc_pledge_trampoline_addr(SB), RODATA, $4
+DATA	·libc_pledge_trampoline_addr(SB)/4, $libc_pledge_trampoline<>(SB)
+
+TEXT libc_unveil_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_unveil(SB)
+GLOBL	·libc_unveil_trampoline_addr(SB), RODATA, $4
+DATA	·libc_unveil_trampoline_addr(SB)/4, $libc_unveil_trampoline<>(SB)
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go
index c5c4cc112..b8a67b99a 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build openbsd && amd64
-// +build openbsd,amd64
 
 package unix
 
@@ -2213,6 +2212,21 @@ var libc_munmap_trampoline_addr uintptr
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func getfsstat(stat *Statfs_t, bufsize uintptr, flags int) (n int, err error) {
+	r0, _, e1 := syscall_syscall(libc_getfsstat_trampoline_addr, uintptr(unsafe.Pointer(stat)), uintptr(bufsize), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_getfsstat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getfsstat getfsstat "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -2229,3 +2243,33 @@ func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error
 var libc_utimensat_trampoline_addr uintptr
 
 //go:cgo_import_dynamic libc_utimensat utimensat "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func pledge(promises *byte, execpromises *byte) (err error) {
+	_, _, e1 := syscall_syscall(libc_pledge_trampoline_addr, uintptr(unsafe.Pointer(promises)), uintptr(unsafe.Pointer(execpromises)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_pledge_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_pledge pledge "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func unveil(path *byte, flags *byte) (err error) {
+	_, _, e1 := syscall_syscall(libc_unveil_trampoline_addr, uintptr(unsafe.Pointer(path)), uintptr(unsafe.Pointer(flags)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_unveil_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_unveil unveil "libc.so"
+
+
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.s b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.s
index 2763620b0..1123f2757 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.s
+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.s
@@ -668,7 +668,22 @@ TEXT libc_munmap_trampoline<>(SB),NOSPLIT,$0-0
 GLOBL	·libc_munmap_trampoline_addr(SB), RODATA, $8
 DATA	·libc_munmap_trampoline_addr(SB)/8, $libc_munmap_trampoline<>(SB)
 
+TEXT libc_getfsstat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getfsstat(SB)
+GLOBL	·libc_getfsstat_trampoline_addr(SB), RODATA, $8
+DATA	·libc_getfsstat_trampoline_addr(SB)/8, $libc_getfsstat_trampoline<>(SB)
+
 TEXT libc_utimensat_trampoline<>(SB),NOSPLIT,$0-0
 	JMP	libc_utimensat(SB)
 GLOBL	·libc_utimensat_trampoline_addr(SB), RODATA, $8
 DATA	·libc_utimensat_trampoline_addr(SB)/8, $libc_utimensat_trampoline<>(SB)
+
+TEXT libc_pledge_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_pledge(SB)
+GLOBL	·libc_pledge_trampoline_addr(SB), RODATA, $8
+DATA	·libc_pledge_trampoline_addr(SB)/8, $libc_pledge_trampoline<>(SB)
+
+TEXT libc_unveil_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_unveil(SB)
+GLOBL	·libc_unveil_trampoline_addr(SB), RODATA, $8
+DATA	·libc_unveil_trampoline_addr(SB)/8, $libc_unveil_trampoline<>(SB)
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go
index 93bfbb328..af50a65c0 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build openbsd && arm
-// +build openbsd,arm
 
 package unix
 
@@ -2213,6 +2212,21 @@ var libc_munmap_trampoline_addr uintptr
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func getfsstat(stat *Statfs_t, bufsize uintptr, flags int) (n int, err error) {
+	r0, _, e1 := syscall_syscall(libc_getfsstat_trampoline_addr, uintptr(unsafe.Pointer(stat)), uintptr(bufsize), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_getfsstat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getfsstat getfsstat "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -2229,3 +2243,33 @@ func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error
 var libc_utimensat_trampoline_addr uintptr
 
 //go:cgo_import_dynamic libc_utimensat utimensat "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func pledge(promises *byte, execpromises *byte) (err error) {
+	_, _, e1 := syscall_syscall(libc_pledge_trampoline_addr, uintptr(unsafe.Pointer(promises)), uintptr(unsafe.Pointer(execpromises)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_pledge_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_pledge pledge "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func unveil(path *byte, flags *byte) (err error) {
+	_, _, e1 := syscall_syscall(libc_unveil_trampoline_addr, uintptr(unsafe.Pointer(path)), uintptr(unsafe.Pointer(flags)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_unveil_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_unveil unveil "libc.so"
+
+
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.s b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.s
index c92231404..82badae39 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.s
+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.s
@@ -668,7 +668,22 @@ TEXT libc_munmap_trampoline<>(SB),NOSPLIT,$0-0
 GLOBL	·libc_munmap_trampoline_addr(SB), RODATA, $4
 DATA	·libc_munmap_trampoline_addr(SB)/4, $libc_munmap_trampoline<>(SB)
 
+TEXT libc_getfsstat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getfsstat(SB)
+GLOBL	·libc_getfsstat_trampoline_addr(SB), RODATA, $4
+DATA	·libc_getfsstat_trampoline_addr(SB)/4, $libc_getfsstat_trampoline<>(SB)
+
 TEXT libc_utimensat_trampoline<>(SB),NOSPLIT,$0-0
 	JMP	libc_utimensat(SB)
 GLOBL	·libc_utimensat_trampoline_addr(SB), RODATA, $4
 DATA	·libc_utimensat_trampoline_addr(SB)/4, $libc_utimensat_trampoline<>(SB)
+
+TEXT libc_pledge_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_pledge(SB)
+GLOBL	·libc_pledge_trampoline_addr(SB), RODATA, $4
+DATA	·libc_pledge_trampoline_addr(SB)/4, $libc_pledge_trampoline<>(SB)
+
+TEXT libc_unveil_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_unveil(SB)
+GLOBL	·libc_unveil_trampoline_addr(SB), RODATA, $4
+DATA	·libc_unveil_trampoline_addr(SB)/4, $libc_unveil_trampoline<>(SB)
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go
index a107b8fda..8fb4ff36a 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build openbsd && arm64
-// +build openbsd,arm64
 
 package unix
 
@@ -2213,6 +2212,21 @@ var libc_munmap_trampoline_addr uintptr
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func getfsstat(stat *Statfs_t, bufsize uintptr, flags int) (n int, err error) {
+	r0, _, e1 := syscall_syscall(libc_getfsstat_trampoline_addr, uintptr(unsafe.Pointer(stat)), uintptr(bufsize), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_getfsstat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getfsstat getfsstat "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -2229,3 +2243,33 @@ func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error
 var libc_utimensat_trampoline_addr uintptr
 
 //go:cgo_import_dynamic libc_utimensat utimensat "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func pledge(promises *byte, execpromises *byte) (err error) {
+	_, _, e1 := syscall_syscall(libc_pledge_trampoline_addr, uintptr(unsafe.Pointer(promises)), uintptr(unsafe.Pointer(execpromises)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_pledge_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_pledge pledge "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func unveil(path *byte, flags *byte) (err error) {
+	_, _, e1 := syscall_syscall(libc_unveil_trampoline_addr, uintptr(unsafe.Pointer(path)), uintptr(unsafe.Pointer(flags)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_unveil_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_unveil unveil "libc.so"
+
+
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.s b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.s
index a6bc32c92..24d7eecb9 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.s
+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.s
@@ -668,7 +668,22 @@ TEXT libc_munmap_trampoline<>(SB),NOSPLIT,$0-0
 GLOBL	·libc_munmap_trampoline_addr(SB), RODATA, $8
 DATA	·libc_munmap_trampoline_addr(SB)/8, $libc_munmap_trampoline<>(SB)
 
+TEXT libc_getfsstat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getfsstat(SB)
+GLOBL	·libc_getfsstat_trampoline_addr(SB), RODATA, $8
+DATA	·libc_getfsstat_trampoline_addr(SB)/8, $libc_getfsstat_trampoline<>(SB)
+
 TEXT libc_utimensat_trampoline<>(SB),NOSPLIT,$0-0
 	JMP	libc_utimensat(SB)
 GLOBL	·libc_utimensat_trampoline_addr(SB), RODATA, $8
 DATA	·libc_utimensat_trampoline_addr(SB)/8, $libc_utimensat_trampoline<>(SB)
+
+TEXT libc_pledge_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_pledge(SB)
+GLOBL	·libc_pledge_trampoline_addr(SB), RODATA, $8
+DATA	·libc_pledge_trampoline_addr(SB)/8, $libc_pledge_trampoline<>(SB)
+
+TEXT libc_unveil_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_unveil(SB)
+GLOBL	·libc_unveil_trampoline_addr(SB), RODATA, $8
+DATA	·libc_unveil_trampoline_addr(SB)/8, $libc_unveil_trampoline<>(SB)
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go
index c427de509..f469a83ee 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build openbsd && mips64
-// +build openbsd,mips64
 
 package unix
 
@@ -2213,6 +2212,21 @@ var libc_munmap_trampoline_addr uintptr
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func getfsstat(stat *Statfs_t, bufsize uintptr, flags int) (n int, err error) {
+	r0, _, e1 := syscall_syscall(libc_getfsstat_trampoline_addr, uintptr(unsafe.Pointer(stat)), uintptr(bufsize), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_getfsstat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getfsstat getfsstat "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -2229,3 +2243,33 @@ func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error
 var libc_utimensat_trampoline_addr uintptr
 
 //go:cgo_import_dynamic libc_utimensat utimensat "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func pledge(promises *byte, execpromises *byte) (err error) {
+	_, _, e1 := syscall_syscall(libc_pledge_trampoline_addr, uintptr(unsafe.Pointer(promises)), uintptr(unsafe.Pointer(execpromises)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_pledge_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_pledge pledge "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func unveil(path *byte, flags *byte) (err error) {
+	_, _, e1 := syscall_syscall(libc_unveil_trampoline_addr, uintptr(unsafe.Pointer(path)), uintptr(unsafe.Pointer(flags)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_unveil_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_unveil unveil "libc.so"
+
+
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.s b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.s
index b4e7bceab..9a498a067 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.s
+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.s
@@ -668,7 +668,22 @@ TEXT libc_munmap_trampoline<>(SB),NOSPLIT,$0-0
 GLOBL	·libc_munmap_trampoline_addr(SB), RODATA, $8
 DATA	·libc_munmap_trampoline_addr(SB)/8, $libc_munmap_trampoline<>(SB)
 
+TEXT libc_getfsstat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getfsstat(SB)
+GLOBL	·libc_getfsstat_trampoline_addr(SB), RODATA, $8
+DATA	·libc_getfsstat_trampoline_addr(SB)/8, $libc_getfsstat_trampoline<>(SB)
+
 TEXT libc_utimensat_trampoline<>(SB),NOSPLIT,$0-0
 	JMP	libc_utimensat(SB)
 GLOBL	·libc_utimensat_trampoline_addr(SB), RODATA, $8
 DATA	·libc_utimensat_trampoline_addr(SB)/8, $libc_utimensat_trampoline<>(SB)
+
+TEXT libc_pledge_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_pledge(SB)
+GLOBL	·libc_pledge_trampoline_addr(SB), RODATA, $8
+DATA	·libc_pledge_trampoline_addr(SB)/8, $libc_pledge_trampoline<>(SB)
+
+TEXT libc_unveil_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_unveil(SB)
+GLOBL	·libc_unveil_trampoline_addr(SB), RODATA, $8
+DATA	·libc_unveil_trampoline_addr(SB)/8, $libc_unveil_trampoline<>(SB)
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.go
index 60c1a99ae..c26ca2e1a 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build openbsd && ppc64
-// +build openbsd,ppc64
 
 package unix
 
@@ -2213,6 +2212,21 @@ var libc_munmap_trampoline_addr uintptr
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func getfsstat(stat *Statfs_t, bufsize uintptr, flags int) (n int, err error) {
+	r0, _, e1 := syscall_syscall(libc_getfsstat_trampoline_addr, uintptr(unsafe.Pointer(stat)), uintptr(bufsize), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_getfsstat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getfsstat getfsstat "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -2229,3 +2243,33 @@ func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error
 var libc_utimensat_trampoline_addr uintptr
 
 //go:cgo_import_dynamic libc_utimensat utimensat "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func pledge(promises *byte, execpromises *byte) (err error) {
+	_, _, e1 := syscall_syscall(libc_pledge_trampoline_addr, uintptr(unsafe.Pointer(promises)), uintptr(unsafe.Pointer(execpromises)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_pledge_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_pledge pledge "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func unveil(path *byte, flags *byte) (err error) {
+	_, _, e1 := syscall_syscall(libc_unveil_trampoline_addr, uintptr(unsafe.Pointer(path)), uintptr(unsafe.Pointer(flags)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_unveil_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_unveil unveil "libc.so"
+
+
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.s b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.s
index ca3f76600..1f224aa41 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.s
+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.s
@@ -801,8 +801,26 @@ TEXT libc_munmap_trampoline<>(SB),NOSPLIT,$0-0
 GLOBL	·libc_munmap_trampoline_addr(SB), RODATA, $8
 DATA	·libc_munmap_trampoline_addr(SB)/8, $libc_munmap_trampoline<>(SB)
 
+TEXT libc_getfsstat_trampoline<>(SB),NOSPLIT,$0-0
+	CALL	libc_getfsstat(SB)
+	RET
+GLOBL	·libc_getfsstat_trampoline_addr(SB), RODATA, $8
+DATA	·libc_getfsstat_trampoline_addr(SB)/8, $libc_getfsstat_trampoline<>(SB)
+
 TEXT libc_utimensat_trampoline<>(SB),NOSPLIT,$0-0
 	CALL	libc_utimensat(SB)
 	RET
 GLOBL	·libc_utimensat_trampoline_addr(SB), RODATA, $8
 DATA	·libc_utimensat_trampoline_addr(SB)/8, $libc_utimensat_trampoline<>(SB)
+
+TEXT libc_pledge_trampoline<>(SB),NOSPLIT,$0-0
+	CALL	libc_pledge(SB)
+	RET
+GLOBL	·libc_pledge_trampoline_addr(SB), RODATA, $8
+DATA	·libc_pledge_trampoline_addr(SB)/8, $libc_pledge_trampoline<>(SB)
+
+TEXT libc_unveil_trampoline<>(SB),NOSPLIT,$0-0
+	CALL	libc_unveil(SB)
+	RET
+GLOBL	·libc_unveil_trampoline_addr(SB), RODATA, $8
+DATA	·libc_unveil_trampoline_addr(SB)/8, $libc_unveil_trampoline<>(SB)
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.go
index 52eba360f..bcc920dd2 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build openbsd && riscv64
-// +build openbsd,riscv64
 
 package unix
 
@@ -2213,6 +2212,21 @@ var libc_munmap_trampoline_addr uintptr
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func getfsstat(stat *Statfs_t, bufsize uintptr, flags int) (n int, err error) {
+	r0, _, e1 := syscall_syscall(libc_getfsstat_trampoline_addr, uintptr(unsafe.Pointer(stat)), uintptr(bufsize), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_getfsstat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getfsstat getfsstat "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -2229,3 +2243,33 @@ func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error
 var libc_utimensat_trampoline_addr uintptr
 
 //go:cgo_import_dynamic libc_utimensat utimensat "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func pledge(promises *byte, execpromises *byte) (err error) {
+	_, _, e1 := syscall_syscall(libc_pledge_trampoline_addr, uintptr(unsafe.Pointer(promises)), uintptr(unsafe.Pointer(execpromises)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_pledge_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_pledge pledge "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func unveil(path *byte, flags *byte) (err error) {
+	_, _, e1 := syscall_syscall(libc_unveil_trampoline_addr, uintptr(unsafe.Pointer(path)), uintptr(unsafe.Pointer(flags)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_unveil_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_unveil unveil "libc.so"
+
+
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.s b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.s
index 477a7d5b2..87a79c709 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.s
+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.s
@@ -668,7 +668,22 @@ TEXT libc_munmap_trampoline<>(SB),NOSPLIT,$0-0
 GLOBL	·libc_munmap_trampoline_addr(SB), RODATA, $8
 DATA	·libc_munmap_trampoline_addr(SB)/8, $libc_munmap_trampoline<>(SB)
 
+TEXT libc_getfsstat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getfsstat(SB)
+GLOBL	·libc_getfsstat_trampoline_addr(SB), RODATA, $8
+DATA	·libc_getfsstat_trampoline_addr(SB)/8, $libc_getfsstat_trampoline<>(SB)
+
 TEXT libc_utimensat_trampoline<>(SB),NOSPLIT,$0-0
 	JMP	libc_utimensat(SB)
 GLOBL	·libc_utimensat_trampoline_addr(SB), RODATA, $8
 DATA	·libc_utimensat_trampoline_addr(SB)/8, $libc_utimensat_trampoline<>(SB)
+
+TEXT libc_pledge_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_pledge(SB)
+GLOBL	·libc_pledge_trampoline_addr(SB), RODATA, $8
+DATA	·libc_pledge_trampoline_addr(SB)/8, $libc_pledge_trampoline<>(SB)
+
+TEXT libc_unveil_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_unveil(SB)
+GLOBL	·libc_unveil_trampoline_addr(SB), RODATA, $8
+DATA	·libc_unveil_trampoline_addr(SB)/8, $libc_unveil_trampoline<>(SB)
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go
index b40189464..829b87feb 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build solaris && amd64
-// +build solaris,amd64
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_zos_s390x.go b/vendor/golang.org/x/sys/unix/zsyscall_zos_s390x.go
index 1d8fe1d4b..94f011238 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_zos_s390x.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_zos_s390x.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build zos && s390x
-// +build zos,s390x
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsysctl_openbsd_386.go b/vendor/golang.org/x/sys/unix/zsysctl_openbsd_386.go
index 55e048471..3a58ae819 100644
--- a/vendor/golang.org/x/sys/unix/zsysctl_openbsd_386.go
+++ b/vendor/golang.org/x/sys/unix/zsysctl_openbsd_386.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; DO NOT EDIT.
 
 //go:build 386 && openbsd
-// +build 386,openbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsysctl_openbsd_amd64.go b/vendor/golang.org/x/sys/unix/zsysctl_openbsd_amd64.go
index d2243cf83..dcb7a0eb7 100644
--- a/vendor/golang.org/x/sys/unix/zsysctl_openbsd_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zsysctl_openbsd_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; DO NOT EDIT.
 
 //go:build amd64 && openbsd
-// +build amd64,openbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsysctl_openbsd_arm.go b/vendor/golang.org/x/sys/unix/zsysctl_openbsd_arm.go
index 82dc51bd8..db5a7bf13 100644
--- a/vendor/golang.org/x/sys/unix/zsysctl_openbsd_arm.go
+++ b/vendor/golang.org/x/sys/unix/zsysctl_openbsd_arm.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; DO NOT EDIT.
 
 //go:build arm && openbsd
-// +build arm,openbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsysctl_openbsd_arm64.go b/vendor/golang.org/x/sys/unix/zsysctl_openbsd_arm64.go
index cbdda1a4a..7be575a77 100644
--- a/vendor/golang.org/x/sys/unix/zsysctl_openbsd_arm64.go
+++ b/vendor/golang.org/x/sys/unix/zsysctl_openbsd_arm64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; DO NOT EDIT.
 
 //go:build arm64 && openbsd
-// +build arm64,openbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsysctl_openbsd_mips64.go b/vendor/golang.org/x/sys/unix/zsysctl_openbsd_mips64.go
index f55eae1a8..d6e3174c6 100644
--- a/vendor/golang.org/x/sys/unix/zsysctl_openbsd_mips64.go
+++ b/vendor/golang.org/x/sys/unix/zsysctl_openbsd_mips64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; DO NOT EDIT.
 
 //go:build mips64 && openbsd
-// +build mips64,openbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsysctl_openbsd_ppc64.go b/vendor/golang.org/x/sys/unix/zsysctl_openbsd_ppc64.go
index e44054470..ee97157d0 100644
--- a/vendor/golang.org/x/sys/unix/zsysctl_openbsd_ppc64.go
+++ b/vendor/golang.org/x/sys/unix/zsysctl_openbsd_ppc64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; DO NOT EDIT.
 
 //go:build ppc64 && openbsd
-// +build ppc64,openbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsysctl_openbsd_riscv64.go b/vendor/golang.org/x/sys/unix/zsysctl_openbsd_riscv64.go
index a0db82fce..35c3b91d0 100644
--- a/vendor/golang.org/x/sys/unix/zsysctl_openbsd_riscv64.go
+++ b/vendor/golang.org/x/sys/unix/zsysctl_openbsd_riscv64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; DO NOT EDIT.
 
 //go:build riscv64 && openbsd
-// +build riscv64,openbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_darwin_amd64.go b/vendor/golang.org/x/sys/unix/zsysnum_darwin_amd64.go
index f8298ff9b..5edda7687 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_darwin_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_darwin_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build amd64 && darwin
-// +build amd64,darwin
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_darwin_arm64.go b/vendor/golang.org/x/sys/unix/zsysnum_darwin_arm64.go
index 5eb433bbf..0dc9e8b4d 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_darwin_arm64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_darwin_arm64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm64 && darwin
-// +build arm64,darwin
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_dragonfly_amd64.go b/vendor/golang.org/x/sys/unix/zsysnum_dragonfly_amd64.go
index 703675c0c..308ddf3a1 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_dragonfly_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_dragonfly_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build amd64 && dragonfly
-// +build amd64,dragonfly
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_freebsd_386.go b/vendor/golang.org/x/sys/unix/zsysnum_freebsd_386.go
index 4e0d96107..418664e3d 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_freebsd_386.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_freebsd_386.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build 386 && freebsd
-// +build 386,freebsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_freebsd_amd64.go b/vendor/golang.org/x/sys/unix/zsysnum_freebsd_amd64.go
index 01636b838..34d0b86d7 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_freebsd_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_freebsd_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build amd64 && freebsd
-// +build amd64,freebsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_freebsd_arm.go b/vendor/golang.org/x/sys/unix/zsysnum_freebsd_arm.go
index ad99bc106..b71cf45e2 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_freebsd_arm.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_freebsd_arm.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm && freebsd
-// +build arm,freebsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_freebsd_arm64.go b/vendor/golang.org/x/sys/unix/zsysnum_freebsd_arm64.go
index 89dcc4274..e32df1c1e 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_freebsd_arm64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_freebsd_arm64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm64 && freebsd
-// +build arm64,freebsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_freebsd_riscv64.go b/vendor/golang.org/x/sys/unix/zsysnum_freebsd_riscv64.go
index ee37aaa0c..15ad6111f 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_freebsd_riscv64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_freebsd_riscv64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build riscv64 && freebsd
-// +build riscv64,freebsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go
index 9862853d3..fcf3ecbdd 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build 386 && linux
-// +build 386,linux
 
 package unix
 
@@ -448,4 +447,5 @@ const (
 	SYS_FUTEX_WAITV                  = 449
 	SYS_SET_MEMPOLICY_HOME_NODE      = 450
 	SYS_CACHESTAT                    = 451
+	SYS_FCHMODAT2                    = 452
 )
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go
index 8901f0f4e..f56dc2504 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build amd64 && linux
-// +build amd64,linux
 
 package unix
 
@@ -370,4 +369,6 @@ const (
 	SYS_FUTEX_WAITV             = 449
 	SYS_SET_MEMPOLICY_HOME_NODE = 450
 	SYS_CACHESTAT               = 451
+	SYS_FCHMODAT2               = 452
+	SYS_MAP_SHADOW_STACK        = 453
 )
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go
index 6902c37ee..974bf2467 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm && linux
-// +build arm,linux
 
 package unix
 
@@ -412,4 +411,5 @@ const (
 	SYS_FUTEX_WAITV                  = 449
 	SYS_SET_MEMPOLICY_HOME_NODE      = 450
 	SYS_CACHESTAT                    = 451
+	SYS_FCHMODAT2                    = 452
 )
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go
index a6d3dff81..39a2739e2 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm64 && linux
-// +build arm64,linux
 
 package unix
 
@@ -315,4 +314,5 @@ const (
 	SYS_FUTEX_WAITV             = 449
 	SYS_SET_MEMPOLICY_HOME_NODE = 450
 	SYS_CACHESTAT               = 451
+	SYS_FCHMODAT2               = 452
 )
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_loong64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_loong64.go
index b18f3f710..cf9c9d77e 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_loong64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_loong64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build loong64 && linux
-// +build loong64,linux
 
 package unix
 
@@ -309,4 +308,5 @@ const (
 	SYS_FUTEX_WAITV             = 449
 	SYS_SET_MEMPOLICY_HOME_NODE = 450
 	SYS_CACHESTAT               = 451
+	SYS_FCHMODAT2               = 452
 )
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go
index 0302e5e3d..10b7362ef 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build mips && linux
-// +build mips,linux
 
 package unix
 
@@ -432,4 +431,5 @@ const (
 	SYS_FUTEX_WAITV                  = 4449
 	SYS_SET_MEMPOLICY_HOME_NODE      = 4450
 	SYS_CACHESTAT                    = 4451
+	SYS_FCHMODAT2                    = 4452
 )
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go
index 6693ba4a0..cd4d8b4fd 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build mips64 && linux
-// +build mips64,linux
 
 package unix
 
@@ -362,4 +361,5 @@ const (
 	SYS_FUTEX_WAITV             = 5449
 	SYS_SET_MEMPOLICY_HOME_NODE = 5450
 	SYS_CACHESTAT               = 5451
+	SYS_FCHMODAT2               = 5452
 )
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go
index fd93f4987..2c0efca81 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build mips64le && linux
-// +build mips64le,linux
 
 package unix
 
@@ -362,4 +361,5 @@ const (
 	SYS_FUTEX_WAITV             = 5449
 	SYS_SET_MEMPOLICY_HOME_NODE = 5450
 	SYS_CACHESTAT               = 5451
+	SYS_FCHMODAT2               = 5452
 )
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go
index 760ddcadc..a72e31d39 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build mipsle && linux
-// +build mipsle,linux
 
 package unix
 
@@ -432,4 +431,5 @@ const (
 	SYS_FUTEX_WAITV                  = 4449
 	SYS_SET_MEMPOLICY_HOME_NODE      = 4450
 	SYS_CACHESTAT                    = 4451
+	SYS_FCHMODAT2                    = 4452
 )
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go
index cff2b2555..c7d1e3747 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build ppc && linux
-// +build ppc,linux
 
 package unix
 
@@ -439,4 +438,5 @@ const (
 	SYS_FUTEX_WAITV                  = 449
 	SYS_SET_MEMPOLICY_HOME_NODE      = 450
 	SYS_CACHESTAT                    = 451
+	SYS_FCHMODAT2                    = 452
 )
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go
index a4b2405d0..f4d4838c8 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build ppc64 && linux
-// +build ppc64,linux
 
 package unix
 
@@ -411,4 +410,5 @@ const (
 	SYS_FUTEX_WAITV             = 449
 	SYS_SET_MEMPOLICY_HOME_NODE = 450
 	SYS_CACHESTAT               = 451
+	SYS_FCHMODAT2               = 452
 )
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go
index aca54b4e3..b64f0e591 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build ppc64le && linux
-// +build ppc64le,linux
 
 package unix
 
@@ -411,4 +410,5 @@ const (
 	SYS_FUTEX_WAITV             = 449
 	SYS_SET_MEMPOLICY_HOME_NODE = 450
 	SYS_CACHESTAT               = 451
+	SYS_FCHMODAT2               = 452
 )
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go
index 9d1738d64..95711195a 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build riscv64 && linux
-// +build riscv64,linux
 
 package unix
 
@@ -316,4 +315,5 @@ const (
 	SYS_FUTEX_WAITV             = 449
 	SYS_SET_MEMPOLICY_HOME_NODE = 450
 	SYS_CACHESTAT               = 451
+	SYS_FCHMODAT2               = 452
 )
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go
index 022878dc8..f94e943bc 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build s390x && linux
-// +build s390x,linux
 
 package unix
 
@@ -377,4 +376,5 @@ const (
 	SYS_FUTEX_WAITV             = 449
 	SYS_SET_MEMPOLICY_HOME_NODE = 450
 	SYS_CACHESTAT               = 451
+	SYS_FCHMODAT2               = 452
 )
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go
index 4100a761c..ba0c2bc51 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build sparc64 && linux
-// +build sparc64,linux
 
 package unix
 
@@ -390,4 +389,5 @@ const (
 	SYS_FUTEX_WAITV             = 449
 	SYS_SET_MEMPOLICY_HOME_NODE = 450
 	SYS_CACHESTAT               = 451
+	SYS_FCHMODAT2               = 452
 )
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_netbsd_386.go b/vendor/golang.org/x/sys/unix/zsysnum_netbsd_386.go
index 3a6699eba..b2aa8cd49 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_netbsd_386.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_netbsd_386.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build 386 && netbsd
-// +build 386,netbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_netbsd_amd64.go b/vendor/golang.org/x/sys/unix/zsysnum_netbsd_amd64.go
index 5677cd4f1..524a1b1c9 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_netbsd_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_netbsd_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build amd64 && netbsd
-// +build amd64,netbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_netbsd_arm.go b/vendor/golang.org/x/sys/unix/zsysnum_netbsd_arm.go
index e784cb6db..d59b943ac 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_netbsd_arm.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_netbsd_arm.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm && netbsd
-// +build arm,netbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_netbsd_arm64.go b/vendor/golang.org/x/sys/unix/zsysnum_netbsd_arm64.go
index bd4952efa..31e771d53 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_netbsd_arm64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_netbsd_arm64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; DO NOT EDIT.
 
 //go:build arm64 && netbsd
-// +build arm64,netbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_openbsd_386.go b/vendor/golang.org/x/sys/unix/zsysnum_openbsd_386.go
index 597733813..9fd77c6cb 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_openbsd_386.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_openbsd_386.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build 386 && openbsd
-// +build 386,openbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_openbsd_amd64.go b/vendor/golang.org/x/sys/unix/zsysnum_openbsd_amd64.go
index 16af29189..af10af28c 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_openbsd_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_openbsd_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build amd64 && openbsd
-// +build amd64,openbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_openbsd_arm.go b/vendor/golang.org/x/sys/unix/zsysnum_openbsd_arm.go
index f59b18a97..cc2028af4 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_openbsd_arm.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_openbsd_arm.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm && openbsd
-// +build arm,openbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_openbsd_arm64.go b/vendor/golang.org/x/sys/unix/zsysnum_openbsd_arm64.go
index 721ef5910..c06dd4415 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_openbsd_arm64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_openbsd_arm64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm64 && openbsd
-// +build arm64,openbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_openbsd_mips64.go b/vendor/golang.org/x/sys/unix/zsysnum_openbsd_mips64.go
index 01c43a01f..9ddbf3e08 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_openbsd_mips64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_openbsd_mips64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build mips64 && openbsd
-// +build mips64,openbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_openbsd_ppc64.go b/vendor/golang.org/x/sys/unix/zsysnum_openbsd_ppc64.go
index f258cfa24..19a6ee413 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_openbsd_ppc64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_openbsd_ppc64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build ppc64 && openbsd
-// +build ppc64,openbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_openbsd_riscv64.go b/vendor/golang.org/x/sys/unix/zsysnum_openbsd_riscv64.go
index 07919e0ec..05192a782 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_openbsd_riscv64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_openbsd_riscv64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build riscv64 && openbsd
-// +build riscv64,openbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_zos_s390x.go b/vendor/golang.org/x/sys/unix/zsysnum_zos_s390x.go
index 073daad43..b2e308581 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_zos_s390x.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_zos_s390x.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build zos && s390x
-// +build zos,s390x
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_aix_ppc.go b/vendor/golang.org/x/sys/unix/ztypes_aix_ppc.go
index 7a8161c1d..3e6d57cae 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_aix_ppc.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_aix_ppc.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build ppc && aix
-// +build ppc,aix
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_aix_ppc64.go b/vendor/golang.org/x/sys/unix/ztypes_aix_ppc64.go
index 07ed733c5..3a219bdce 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_aix_ppc64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_aix_ppc64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build ppc64 && aix
-// +build ppc64,aix
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_darwin_amd64.go b/vendor/golang.org/x/sys/unix/ztypes_darwin_amd64.go
index 690cefc3d..091d107f3 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_darwin_amd64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_darwin_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build amd64 && darwin
-// +build amd64,darwin
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_darwin_arm64.go b/vendor/golang.org/x/sys/unix/ztypes_darwin_arm64.go
index 5bffc10ea..28ff4ef74 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_darwin_arm64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_darwin_arm64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm64 && darwin
-// +build arm64,darwin
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_dragonfly_amd64.go b/vendor/golang.org/x/sys/unix/ztypes_dragonfly_amd64.go
index d0ba8e9b8..30e405bb4 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_dragonfly_amd64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_dragonfly_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build amd64 && dragonfly
-// +build amd64,dragonfly
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_freebsd_386.go b/vendor/golang.org/x/sys/unix/ztypes_freebsd_386.go
index 29dc48337..6cbd094a3 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_freebsd_386.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_freebsd_386.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build 386 && freebsd
-// +build 386,freebsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_freebsd_amd64.go b/vendor/golang.org/x/sys/unix/ztypes_freebsd_amd64.go
index 0a89b2890..7c03b6ee7 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_freebsd_amd64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_freebsd_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build amd64 && freebsd
-// +build amd64,freebsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm.go b/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm.go
index c8666bb15..422107ee8 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm && freebsd
-// +build arm,freebsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm64.go b/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm64.go
index 88fb48a88..505a12acf 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm64 && freebsd
-// +build arm64,freebsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_freebsd_riscv64.go b/vendor/golang.org/x/sys/unix/ztypes_freebsd_riscv64.go
index 698dc975e..cc986c790 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_freebsd_riscv64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_freebsd_riscv64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build riscv64 && freebsd
-// +build riscv64,freebsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux.go b/vendor/golang.org/x/sys/unix/ztypes_linux.go
index 18aa70b42..997bcd55a 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux.go
@@ -1,7 +1,6 @@
 // Code generated by mkmerge; DO NOT EDIT.
 
 //go:build linux
-// +build linux
 
 package unix
 
@@ -5883,3 +5882,15 @@ type SchedAttr struct {
 }
 
 const SizeofSchedAttr = 0x38
+
+type Cachestat_t struct {
+	Cache            uint64
+	Dirty            uint64
+	Writeback        uint64
+	Evicted          uint64
+	Recently_evicted uint64
+}
+type CachestatRange struct {
+	Off uint64
+	Len uint64
+}
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_386.go b/vendor/golang.org/x/sys/unix/ztypes_linux_386.go
index 6d8acbcc5..438a30aff 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_386.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_386.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build 386 && linux
-// +build 386,linux
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go
index 59293c688..adceca355 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build amd64 && linux
-// +build amd64,linux
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go b/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go
index 40cfa38c2..eeaa00a37 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm && linux
-// +build arm,linux
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go
index 055bc4216..6739aa91d 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm64 && linux
-// +build arm64,linux
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go
index f28affbc6..9920ef631 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build loong64 && linux
-// +build loong64,linux
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go b/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go
index 9d71e7ccd..2923b799a 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build mips && linux
-// +build mips,linux
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go
index fd5ccd332..ce2750ee4 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build mips64 && linux
-// +build mips64,linux
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go b/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go
index 7704de77a..3038811d7 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build mips64le && linux
-// +build mips64le,linux
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go b/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go
index df00b8757..efc6fed18 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build mipsle && linux
-// +build mipsle,linux
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go
index 0942840db..9a654b75a 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build ppc && linux
-// +build ppc,linux
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go
index 034874395..40d358e33 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build ppc64 && linux
-// +build ppc64,linux
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go
index bad067047..148c6ceb8 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build ppc64le && linux
-// +build ppc64le,linux
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go
index 1b4c97c32..72ba81543 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build riscv64 && linux
-// +build riscv64,linux
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go b/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go
index aa268d025..71e765508 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build s390x && linux
-// +build s390x,linux
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go
index 444045b6c..4abbdb9de 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build sparc64 && linux
-// +build sparc64,linux
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_netbsd_386.go b/vendor/golang.org/x/sys/unix/ztypes_netbsd_386.go
index 9bc4c8f9d..f22e7947d 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_netbsd_386.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_netbsd_386.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build 386 && netbsd
-// +build 386,netbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_netbsd_amd64.go b/vendor/golang.org/x/sys/unix/ztypes_netbsd_amd64.go
index bb05f655d..066a7d83d 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_netbsd_amd64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_netbsd_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build amd64 && netbsd
-// +build amd64,netbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_netbsd_arm.go b/vendor/golang.org/x/sys/unix/ztypes_netbsd_arm.go
index db40e3a19..439548ec9 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_netbsd_arm.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_netbsd_arm.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm && netbsd
-// +build arm,netbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_netbsd_arm64.go b/vendor/golang.org/x/sys/unix/ztypes_netbsd_arm64.go
index 11121151c..16085d3bb 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_netbsd_arm64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_netbsd_arm64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm64 && netbsd
-// +build arm64,netbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_openbsd_386.go b/vendor/golang.org/x/sys/unix/ztypes_openbsd_386.go
index 26eba23b7..afd13a3af 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_openbsd_386.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_openbsd_386.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build 386 && openbsd
-// +build 386,openbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_openbsd_amd64.go b/vendor/golang.org/x/sys/unix/ztypes_openbsd_amd64.go
index 5a5479886..5d97f1f9b 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_openbsd_amd64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_openbsd_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build amd64 && openbsd
-// +build amd64,openbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_openbsd_arm.go b/vendor/golang.org/x/sys/unix/ztypes_openbsd_arm.go
index be58c4e1f..34871cdc1 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_openbsd_arm.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_openbsd_arm.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm && openbsd
-// +build arm,openbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_openbsd_arm64.go b/vendor/golang.org/x/sys/unix/ztypes_openbsd_arm64.go
index 52338266c..5911bceb3 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_openbsd_arm64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_openbsd_arm64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm64 && openbsd
-// +build arm64,openbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_openbsd_mips64.go b/vendor/golang.org/x/sys/unix/ztypes_openbsd_mips64.go
index 605cfdb12..e4f24f3bc 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_openbsd_mips64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_openbsd_mips64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build mips64 && openbsd
-// +build mips64,openbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_openbsd_ppc64.go b/vendor/golang.org/x/sys/unix/ztypes_openbsd_ppc64.go
index d6724c010..ca50a7930 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_openbsd_ppc64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_openbsd_ppc64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build ppc64 && openbsd
-// +build ppc64,openbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_openbsd_riscv64.go b/vendor/golang.org/x/sys/unix/ztypes_openbsd_riscv64.go
index ddfd27a43..d7d7f7902 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_openbsd_riscv64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_openbsd_riscv64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build riscv64 && openbsd
-// +build riscv64,openbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_solaris_amd64.go b/vendor/golang.org/x/sys/unix/ztypes_solaris_amd64.go
index 0400747c6..14160576d 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_solaris_amd64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_solaris_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build amd64 && solaris
-// +build amd64,solaris
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_zos_s390x.go b/vendor/golang.org/x/sys/unix/ztypes_zos_s390x.go
index aec1efcb3..54f31be63 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_zos_s390x.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_zos_s390x.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build zos && s390x
-// +build zos,s390x
 
 // Hand edited based on ztypes_linux_s390x.go
 // TODO: auto-generate.
diff --git a/vendor/golang.org/x/sys/windows/aliases.go b/vendor/golang.org/x/sys/windows/aliases.go
index a20ebea63..ce2d713d6 100644
--- a/vendor/golang.org/x/sys/windows/aliases.go
+++ b/vendor/golang.org/x/sys/windows/aliases.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build windows && go1.9
-// +build windows,go1.9
 
 package windows
 
diff --git a/vendor/golang.org/x/sys/windows/empty.s b/vendor/golang.org/x/sys/windows/empty.s
index fdbbbcd31..ba64caca5 100644
--- a/vendor/golang.org/x/sys/windows/empty.s
+++ b/vendor/golang.org/x/sys/windows/empty.s
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build !go1.12
-// +build !go1.12
 
 // This file is here to allow bodyless functions with go:linkname for Go 1.11
 // and earlier (see https://golang.org/issue/23311).
diff --git a/vendor/golang.org/x/sys/windows/eventlog.go b/vendor/golang.org/x/sys/windows/eventlog.go
index 2cd60645e..6c366955d 100644
--- a/vendor/golang.org/x/sys/windows/eventlog.go
+++ b/vendor/golang.org/x/sys/windows/eventlog.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build windows
-// +build windows
 
 package windows
 
diff --git a/vendor/golang.org/x/sys/windows/mksyscall.go b/vendor/golang.org/x/sys/windows/mksyscall.go
index 8563f79c5..dbcdb090c 100644
--- a/vendor/golang.org/x/sys/windows/mksyscall.go
+++ b/vendor/golang.org/x/sys/windows/mksyscall.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build generate
-// +build generate
 
 package windows
 
diff --git a/vendor/golang.org/x/sys/windows/race.go b/vendor/golang.org/x/sys/windows/race.go
index 9196b089c..0f1bdc386 100644
--- a/vendor/golang.org/x/sys/windows/race.go
+++ b/vendor/golang.org/x/sys/windows/race.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build windows && race
-// +build windows,race
 
 package windows
 
diff --git a/vendor/golang.org/x/sys/windows/race0.go b/vendor/golang.org/x/sys/windows/race0.go
index 7bae4817a..0c78da78b 100644
--- a/vendor/golang.org/x/sys/windows/race0.go
+++ b/vendor/golang.org/x/sys/windows/race0.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build windows && !race
-// +build windows,!race
 
 package windows
 
diff --git a/vendor/golang.org/x/sys/windows/service.go b/vendor/golang.org/x/sys/windows/service.go
index c44a1b963..a9dc6308d 100644
--- a/vendor/golang.org/x/sys/windows/service.go
+++ b/vendor/golang.org/x/sys/windows/service.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build windows
-// +build windows
 
 package windows
 
diff --git a/vendor/golang.org/x/sys/windows/str.go b/vendor/golang.org/x/sys/windows/str.go
index 4fc01434e..6a4f9ce6a 100644
--- a/vendor/golang.org/x/sys/windows/str.go
+++ b/vendor/golang.org/x/sys/windows/str.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build windows
-// +build windows
 
 package windows
 
diff --git a/vendor/golang.org/x/sys/windows/syscall.go b/vendor/golang.org/x/sys/windows/syscall.go
index 8732cdb95..e85ed6b9c 100644
--- a/vendor/golang.org/x/sys/windows/syscall.go
+++ b/vendor/golang.org/x/sys/windows/syscall.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build windows
-// +build windows
 
 // Package windows contains an interface to the low-level operating system
 // primitives. OS details vary depending on the underlying system, and
diff --git a/vendor/golang.org/x/sys/windows/syscall_windows.go b/vendor/golang.org/x/sys/windows/syscall_windows.go
index 35cfc57ca..fb6cfd046 100644
--- a/vendor/golang.org/x/sys/windows/syscall_windows.go
+++ b/vendor/golang.org/x/sys/windows/syscall_windows.go
@@ -233,6 +233,7 @@ func NewCallbackCDecl(fn interface{}) uintptr {
 //sys	CreateEnvironmentBlock(block **uint16, token Token, inheritExisting bool) (err error) = userenv.CreateEnvironmentBlock
 //sys	DestroyEnvironmentBlock(block *uint16) (err error) = userenv.DestroyEnvironmentBlock
 //sys	getTickCount64() (ms uint64) = kernel32.GetTickCount64
+//sys   GetFileTime(handle Handle, ctime *Filetime, atime *Filetime, wtime *Filetime) (err error)
 //sys	SetFileTime(handle Handle, ctime *Filetime, atime *Filetime, wtime *Filetime) (err error)
 //sys	GetFileAttributes(name *uint16) (attrs uint32, err error) [failretval==INVALID_FILE_ATTRIBUTES] = kernel32.GetFileAttributesW
 //sys	SetFileAttributes(name *uint16, attrs uint32) (err error) = kernel32.SetFileAttributesW
@@ -969,7 +970,8 @@ func (sa *SockaddrUnix) sockaddr() (unsafe.Pointer, int32, error) {
 	if n > 0 {
 		sl += int32(n) + 1
 	}
-	if sa.raw.Path[0] == '@' {
+	if sa.raw.Path[0] == '@' || (sa.raw.Path[0] == 0 && sl > 3) {
+		// Check sl > 3 so we don't change unnamed socket behavior.
 		sa.raw.Path[0] = 0
 		// Don't count trailing NUL for abstract address.
 		sl--
diff --git a/vendor/golang.org/x/sys/windows/types_windows.go b/vendor/golang.org/x/sys/windows/types_windows.go
index b88dc7c85..359780f6a 100644
--- a/vendor/golang.org/x/sys/windows/types_windows.go
+++ b/vendor/golang.org/x/sys/windows/types_windows.go
@@ -1094,7 +1094,33 @@ const (
 
 	SOMAXCONN = 0x7fffffff
 
-	TCP_NODELAY = 1
+	TCP_NODELAY                    = 1
+	TCP_EXPEDITED_1122             = 2
+	TCP_KEEPALIVE                  = 3
+	TCP_MAXSEG                     = 4
+	TCP_MAXRT                      = 5
+	TCP_STDURG                     = 6
+	TCP_NOURG                      = 7
+	TCP_ATMARK                     = 8
+	TCP_NOSYNRETRIES               = 9
+	TCP_TIMESTAMPS                 = 10
+	TCP_OFFLOAD_PREFERENCE         = 11
+	TCP_CONGESTION_ALGORITHM       = 12
+	TCP_DELAY_FIN_ACK              = 13
+	TCP_MAXRTMS                    = 14
+	TCP_FASTOPEN                   = 15
+	TCP_KEEPCNT                    = 16
+	TCP_KEEPIDLE                   = TCP_KEEPALIVE
+	TCP_KEEPINTVL                  = 17
+	TCP_FAIL_CONNECT_ON_ICMP_ERROR = 18
+	TCP_ICMP_ERROR_INFO            = 19
+
+	UDP_NOCHECKSUM              = 1
+	UDP_SEND_MSG_SIZE           = 2
+	UDP_RECV_MAX_COALESCED_SIZE = 3
+	UDP_CHECKSUM_COVERAGE       = 20
+
+	UDP_COALESCED_INFO = 3
 
 	SHUT_RD   = 0
 	SHUT_WR   = 1
diff --git a/vendor/golang.org/x/sys/windows/zsyscall_windows.go b/vendor/golang.org/x/sys/windows/zsyscall_windows.go
index 8b1688de4..db6282e00 100644
--- a/vendor/golang.org/x/sys/windows/zsyscall_windows.go
+++ b/vendor/golang.org/x/sys/windows/zsyscall_windows.go
@@ -253,6 +253,7 @@ var (
 	procGetFileAttributesW                                   = modkernel32.NewProc("GetFileAttributesW")
 	procGetFileInformationByHandle                           = modkernel32.NewProc("GetFileInformationByHandle")
 	procGetFileInformationByHandleEx                         = modkernel32.NewProc("GetFileInformationByHandleEx")
+	procGetFileTime                                          = modkernel32.NewProc("GetFileTime")
 	procGetFileType                                          = modkernel32.NewProc("GetFileType")
 	procGetFinalPathNameByHandleW                            = modkernel32.NewProc("GetFinalPathNameByHandleW")
 	procGetFullPathNameW                                     = modkernel32.NewProc("GetFullPathNameW")
@@ -2185,6 +2186,14 @@ func GetFileInformationByHandleEx(handle Handle, class uint32, outBuffer *byte,
 	return
 }
 
+func GetFileTime(handle Handle, ctime *Filetime, atime *Filetime, wtime *Filetime) (err error) {
+	r1, _, e1 := syscall.Syscall6(procGetFileTime.Addr(), 4, uintptr(handle), uintptr(unsafe.Pointer(ctime)), uintptr(unsafe.Pointer(atime)), uintptr(unsafe.Pointer(wtime)), 0, 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
 func GetFileType(filehandle Handle) (n uint32, err error) {
 	r0, _, e1 := syscall.Syscall(procGetFileType.Addr(), 1, uintptr(filehandle), 0, 0)
 	n = uint32(r0)
diff --git a/vendor/modules.txt b/vendor/modules.txt
index 9303c83fc..164590c10 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -1953,8 +1953,8 @@ golang.org/x/oauth2/jwt
 ## explicit; go 1.18
 golang.org/x/sync/errgroup
 golang.org/x/sync/semaphore
-# golang.org/x/sys v0.13.0
-## explicit; go 1.17
+# golang.org/x/sys v0.14.0
+## explicit; go 1.18
 golang.org/x/sys/cpu
 golang.org/x/sys/execabs
 golang.org/x/sys/plan9

From 1bc63473e4207fdd1f47641f49dc91bcadfa7bb2 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 9 Nov 2023 22:02:07 +0000
Subject: [PATCH 18/23] Bump github.com/sigstore/cosign/v2 from 2.1.1 to 2.2.1

Bumps [github.com/sigstore/cosign/v2](https://github.com/sigstore/cosign) from 2.1.1 to 2.2.1.
- [Release notes](https://github.com/sigstore/cosign/releases)
- [Changelog](https://github.com/sigstore/cosign/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sigstore/cosign/compare/v2.1.1...v2.2.1)

---
updated-dependencies:
- dependency-name: github.com/sigstore/cosign/v2
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .../go-cmp/cmp/internal/value/pointer.go      |  34 ---
 go.mod                                        |   8 +
 go.sum                                        |  18 +-
 .../distribution/reference/.gitattributes     |   1 +
 .../distribution/reference/.gitignore         |   2 +
 .../distribution/reference/.golangci.yml      |  18 ++
 .../distribution/reference/CODE-OF-CONDUCT.md |   5 +
 .../distribution/reference/CONTRIBUTING.md    | 114 ++++++++++
 .../distribution/reference/GOVERNANCE.md      | 144 +++++++++++++
 .../github.com/distribution/reference/LICENSE | 202 ++++++++++++++++++
 .../distribution/reference/MAINTAINERS        |  26 +++
 .../distribution/reference/Makefile           |  25 +++
 .../distribution/reference/README.md          |  30 +++
 .../distribution/reference/SECURITY.md        |   7 +
 .../reference/distribution-logo.svg           |   1 +
 .../distribution/reference/regexp.go          | 163 ++++++++++++++
 .../github.com/distribution/reference/sort.go |  75 +++++++
 vendor/go.opentelemetry.io/otel/.gitignore    |   3 +
 vendor/go.opentelemetry.io/otel/CHANGELOG.md  |  91 +-------
 vendor/go.opentelemetry.io/otel/Makefile      |  40 +++-
 vendor/go.opentelemetry.io/otel/README.md     |  28 ++-
 .../go.opentelemetry.io/otel/requirements.txt |   2 +-
 vendor/go.opentelemetry.io/otel/version.go    |   2 +-
 vendor/go.opentelemetry.io/otel/versions.yaml |  11 +-
 vendor/modules.txt                            |  15 +-
 25 files changed, 926 insertions(+), 139 deletions(-)
 delete mode 100644 controller-utils/vendor/github.com/google/go-cmp/cmp/internal/value/pointer.go
 create mode 100644 vendor/github.com/distribution/reference/.gitattributes
 create mode 100644 vendor/github.com/distribution/reference/.gitignore
 create mode 100644 vendor/github.com/distribution/reference/.golangci.yml
 create mode 100644 vendor/github.com/distribution/reference/CODE-OF-CONDUCT.md
 create mode 100644 vendor/github.com/distribution/reference/CONTRIBUTING.md
 create mode 100644 vendor/github.com/distribution/reference/GOVERNANCE.md
 create mode 100644 vendor/github.com/distribution/reference/LICENSE
 create mode 100644 vendor/github.com/distribution/reference/MAINTAINERS
 create mode 100644 vendor/github.com/distribution/reference/Makefile
 create mode 100644 vendor/github.com/distribution/reference/README.md
 create mode 100644 vendor/github.com/distribution/reference/SECURITY.md
 create mode 100644 vendor/github.com/distribution/reference/distribution-logo.svg
 create mode 100644 vendor/github.com/distribution/reference/regexp.go
 create mode 100644 vendor/github.com/distribution/reference/sort.go

diff --git a/controller-utils/vendor/github.com/google/go-cmp/cmp/internal/value/pointer.go b/controller-utils/vendor/github.com/google/go-cmp/cmp/internal/value/pointer.go
deleted file mode 100644
index e5dfff69a..000000000
--- a/controller-utils/vendor/github.com/google/go-cmp/cmp/internal/value/pointer.go
+++ /dev/null
@@ -1,34 +0,0 @@
-// Copyright 2018, The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package value
-
-import (
-	"reflect"
-	"unsafe"
-)
-
-// Pointer is an opaque typed pointer and is guaranteed to be comparable.
-type Pointer struct {
-	p unsafe.Pointer
-	t reflect.Type
-}
-
-// PointerOf returns a Pointer from v, which must be a
-// reflect.Ptr, reflect.Slice, or reflect.Map.
-func PointerOf(v reflect.Value) Pointer {
-	// The proper representation of a pointer is unsafe.Pointer,
-	// which is necessary if the GC ever uses a moving collector.
-	return Pointer{unsafe.Pointer(v.Pointer()), v.Type()}
-}
-
-// IsNil reports whether the pointer is nil.
-func (p Pointer) IsNil() bool {
-	return p.p == nil
-}
-
-// Uintptr returns the pointer as a uintptr.
-func (p Pointer) Uintptr() uintptr {
-	return uintptr(p.p)
-}
diff --git a/go.mod b/go.mod
index 93bbbf117..28964d8a1 100644
--- a/go.mod
+++ b/go.mod
@@ -5,6 +5,7 @@ go 1.21
 require (
 	github.com/Masterminds/sprig/v3 v3.2.3
 	github.com/ahmetb/gen-crd-api-reference-docs v0.3.0
+<<<<<<< HEAD
 	github.com/containerd/containerd v1.7.6
 	github.com/denverdino/aliyungo v0.0.0-20190125010748-a747050bb1ba
 	github.com/distribution/reference v0.5.0
@@ -89,6 +90,7 @@ require (
 	github.com/Masterminds/semver/v3 v3.2.1 // indirect
 	github.com/Masterminds/squirrel v1.5.4 // indirect
 	github.com/Microsoft/go-winio v0.6.1 // indirect
+<<<<<<< HEAD
 	github.com/Microsoft/hcsshim v0.11.0 // indirect
 	github.com/ProtonMail/go-crypto v0.0.0-20230923063757-afb1ddc0824c // indirect
 	github.com/ThalesIgnite/crypto11 v1.2.5 // indirect
@@ -325,9 +327,15 @@ require (
 	github.com/zeebo/errs v1.3.0 // indirect
 	go.mongodb.org/mongo-driver v1.12.1 // indirect
 	go.opencensus.io v0.24.0 // indirect
+<<<<<<< HEAD
 	go.opentelemetry.io/otel v1.21.0 // indirect
 	go.opentelemetry.io/otel/metric v1.21.0 // indirect
 	go.opentelemetry.io/otel/trace v1.21.0 // indirect
+=======
+	go.opentelemetry.io/otel v1.19.0 // indirect
+	go.opentelemetry.io/otel/metric v1.19.0 // indirect
+	go.opentelemetry.io/otel/trace v1.19.0 // indirect
+>>>>>>> adaa05bc0 (Bump github.com/sigstore/cosign/v2 from 2.1.1 to 2.2.1)
 	go.starlark.net v0.0.0-20221028183056-acb66ad56dd2 // indirect
 	go.step.sm/crypto v0.36.1 // indirect
 	go.uber.org/atomic v1.11.0 // indirect
diff --git a/go.sum b/go.sum
index 5198e7dc7..1af601074 100644
--- a/go.sum
+++ b/go.sum
@@ -622,6 +622,8 @@ github.com/docker/docker v1.4.2-0.20190924003213-a8608b5b67c7/go.mod h1:eEKB0N0r
 github.com/docker/docker v20.10.14+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
 github.com/docker/docker v24.0.7+incompatible h1:Wo6l37AuwP3JaMnZa226lzVXGA3F9Ig1seQen0cKYlM=
 github.com/docker/docker v24.0.7+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
+github.com/docker/docker v24.0.7+incompatible h1:Wo6l37AuwP3JaMnZa226lzVXGA3F9Ig1seQen0cKYlM=
+github.com/docker/docker v24.0.7+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
 github.com/docker/docker-credential-helpers v0.6.3/go.mod h1:WRaJzqw3CTB9bk10avuGsjVBZsD05qeibJ1/TYlvc0Y=
 github.com/docker/docker-credential-helpers v0.6.4/go.mod h1:ofX3UI0Gz1TteYBjtgs07O36Pyasyp66D2uKT7H8W1c=
 github.com/docker/docker-credential-helpers v0.8.0 h1:YQFtbBQb4VrpoPxhFuzEBPQ9E16qz5SpHLS+uswaCp8=
@@ -748,6 +750,8 @@ github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbV
 github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
 github.com/go-logr/logr v1.3.0 h1:2y3SDp0ZXuc6/cjLSZ+Q3ir+QB9T/iG5yYRXqsagWSY=
 github.com/go-logr/logr v1.3.0/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
+github.com/go-logr/logr v1.3.0 h1:2y3SDp0ZXuc6/cjLSZ+Q3ir+QB9T/iG5yYRXqsagWSY=
+github.com/go-logr/logr v1.3.0/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
 github.com/go-logr/stdr v1.2.0/go.mod h1:YkVgnZu1ZjjL7xTxrfm/LLZBfkhTqSR1ydtm6jTKKwI=
 github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
 github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
@@ -1429,6 +1433,8 @@ github.com/opencontainers/image-spec v1.0.2/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zM
 github.com/opencontainers/image-spec v1.0.3-0.20211202193544-a5463b7f9c84/go.mod h1:Qnt1q4cjDNQI9bT832ziho5Iw2BhK8o1KwLOwW56VP4=
 github.com/opencontainers/image-spec v1.1.0-rc5 h1:Ygwkfw9bpDvs+c9E34SdgGOj41dX/cbdlwvlWt0pnFI=
 github.com/opencontainers/image-spec v1.1.0-rc5/go.mod h1:X4pATf0uXsnn3g5aiGIsVnJBR4mxhKzfwmvK/B2NTm8=
+github.com/opencontainers/image-spec v1.1.0-rc5 h1:Ygwkfw9bpDvs+c9E34SdgGOj41dX/cbdlwvlWt0pnFI=
+github.com/opencontainers/image-spec v1.1.0-rc5/go.mod h1:X4pATf0uXsnn3g5aiGIsVnJBR4mxhKzfwmvK/B2NTm8=
 github.com/opencontainers/runc v0.0.0-20190115041553-12f6a991201f/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U=
 github.com/opencontainers/runc v0.1.1/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U=
 github.com/opencontainers/runc v1.0.0-rc8.0.20190926000215-3e425f80a8c9/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U=
@@ -1847,16 +1853,16 @@ go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.2
 go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.20.0/go.mod h1:2AboqHi0CiIZU0qwhtUfCYD1GeUzvvIXWNkhDt7ZMG4=
 go.opentelemetry.io/otel v0.20.0/go.mod h1:Y3ugLH2oa81t5QO+Lty+zXf8zC9L26ax4Nzoxm/dooo=
 go.opentelemetry.io/otel v1.3.0/go.mod h1:PWIKzi6JCp7sM0k9yZ43VX+T345uNbAkDKwHVjb2PTs=
-go.opentelemetry.io/otel v1.21.0 h1:hzLeKBZEL7Okw2mGzZ0cc4k/A7Fta0uoPgaJCr8fsFc=
-go.opentelemetry.io/otel v1.21.0/go.mod h1:QZzNPQPm1zLX4gZK4cMi+71eaorMSGT3A4znnUvNNEo=
+go.opentelemetry.io/otel v1.19.0 h1:MuS/TNf4/j4IXsZuJegVzI1cwut7Qc00344rgH7p8bs=
+go.opentelemetry.io/otel v1.19.0/go.mod h1:i0QyjOq3UPoTzff0PJB2N66fb4S0+rSbSB15/oyH9fY=
 go.opentelemetry.io/otel/exporters/otlp v0.20.0/go.mod h1:YIieizyaN77rtLJra0buKiNBOm9XQfkPEKBeuhoMwAM=
 go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.3.0/go.mod h1:VpP4/RMn8bv8gNo9uK7/IMY4mtWLELsS+JIP0inH0h4=
 go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.3.0/go.mod h1:hO1KLR7jcKaDDKDkvI9dP/FIhpmna5lkqPUQdEjFAM8=
 go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.3.0/go.mod h1:keUU7UfnwWTWpJ+FWnyqmogPa82nuU5VUANFq49hlMY=
 go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.3.0/go.mod h1:QNX1aly8ehqqX1LEa6YniTU7VY9I6R3X/oPxhGdTceE=
 go.opentelemetry.io/otel/metric v0.20.0/go.mod h1:598I5tYlH1vzBjn+BTuhzTCSb/9debfNp6R3s7Pr1eU=
-go.opentelemetry.io/otel/metric v1.21.0 h1:tlYWfeo+Bocx5kLEloTjbcDwBuELRrIFxwdQ36PlJu4=
-go.opentelemetry.io/otel/metric v1.21.0/go.mod h1:o1p3CA8nNHW8j5yuQLdc1eeqEaPfzug24uvsyIEJRWM=
+go.opentelemetry.io/otel/metric v1.19.0 h1:aTzpGtV0ar9wlV4Sna9sdJyII5jTVJEvKETPiOKwvpE=
+go.opentelemetry.io/otel/metric v1.19.0/go.mod h1:L5rUsV9kM1IxCj1MmSdS+JQAcVm319EUrDVLrt7jqt8=
 go.opentelemetry.io/otel/oteltest v0.20.0/go.mod h1:L7bgKf9ZB7qCwT9Up7i9/pn0PWIa9FqQ2IQ8LoxiGnw=
 go.opentelemetry.io/otel/sdk v0.20.0/go.mod h1:g/IcepuwNsoiX5Byy2nNV0ySUF1em498m7hBWC279Yc=
 go.opentelemetry.io/otel/sdk v1.3.0/go.mod h1:rIo4suHNhQwBIPg9axF8V9CA72Wz2mKF1teNrup8yzs=
@@ -1866,8 +1872,8 @@ go.opentelemetry.io/otel/sdk/export/metric v0.20.0/go.mod h1:h7RBNMsDJ5pmI1zExLi
 go.opentelemetry.io/otel/sdk/metric v0.20.0/go.mod h1:knxiS8Xd4E/N+ZqKmUPf3gTTZ4/0TjTXukfxjzSTpHE=
 go.opentelemetry.io/otel/trace v0.20.0/go.mod h1:6GjCW8zgDjwGHGa6GkyeB8+/5vjT16gUEi0Nf1iBdgw=
 go.opentelemetry.io/otel/trace v1.3.0/go.mod h1:c/VDhno8888bvQYmbYLqe41/Ldmr/KKunbvWM4/fEjk=
-go.opentelemetry.io/otel/trace v1.21.0 h1:WD9i5gzvoUPuXIXH24ZNBudiarZDKuekPqi/E8fpfLc=
-go.opentelemetry.io/otel/trace v1.21.0/go.mod h1:LGbsEB0f9LGjN+OZaQQ26sohbOmiMR+BaslueVtS/qQ=
+go.opentelemetry.io/otel/trace v1.19.0 h1:DFVQmlVbfVeOuBRrwdtaehRrWiL1JoVs9CPIQ1Dzxpg=
+go.opentelemetry.io/otel/trace v1.19.0/go.mod h1:mfaSyvGyEJEI0nyV2I4qhNQnbBOUUmYZpYojqMnX2vo=
 go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI=
 go.opentelemetry.io/proto/otlp v0.11.0/go.mod h1:QpEjXPrNQzrFDZgoTo49dgHR9RYRSrg3NAKnUGl9YpQ=
 go.starlark.net v0.0.0-20221028183056-acb66ad56dd2 h1:5/KzhcSqd4UgY51l17r7C5g/JiE6DRw1Vq7VJfQHuMc=
diff --git a/vendor/github.com/distribution/reference/.gitattributes b/vendor/github.com/distribution/reference/.gitattributes
new file mode 100644
index 000000000..d207b1802
--- /dev/null
+++ b/vendor/github.com/distribution/reference/.gitattributes
@@ -0,0 +1 @@
+*.go text eol=lf
diff --git a/vendor/github.com/distribution/reference/.gitignore b/vendor/github.com/distribution/reference/.gitignore
new file mode 100644
index 000000000..dc07e6b04
--- /dev/null
+++ b/vendor/github.com/distribution/reference/.gitignore
@@ -0,0 +1,2 @@
+# Cover profiles
+*.out
diff --git a/vendor/github.com/distribution/reference/.golangci.yml b/vendor/github.com/distribution/reference/.golangci.yml
new file mode 100644
index 000000000..793f0bb7e
--- /dev/null
+++ b/vendor/github.com/distribution/reference/.golangci.yml
@@ -0,0 +1,18 @@
+linters:
+  enable:
+    - bodyclose
+    - dupword # Checks for duplicate words in the source code
+    - gofmt
+    - goimports
+    - ineffassign
+    - misspell
+    - revive
+    - staticcheck
+    - unconvert
+    - unused
+    - vet
+  disable:
+    - errcheck
+
+run:
+  deadline: 2m
diff --git a/vendor/github.com/distribution/reference/CODE-OF-CONDUCT.md b/vendor/github.com/distribution/reference/CODE-OF-CONDUCT.md
new file mode 100644
index 000000000..48f6704c6
--- /dev/null
+++ b/vendor/github.com/distribution/reference/CODE-OF-CONDUCT.md
@@ -0,0 +1,5 @@
+# Code of Conduct
+
+We follow the [CNCF Code of Conduct](https://github.com/cncf/foundation/blob/main/code-of-conduct.md).
+
+Please contact the [CNCF Code of Conduct Committee](mailto:conduct@cncf.io) in order to report violations of the Code of Conduct.
diff --git a/vendor/github.com/distribution/reference/CONTRIBUTING.md b/vendor/github.com/distribution/reference/CONTRIBUTING.md
new file mode 100644
index 000000000..ab2194665
--- /dev/null
+++ b/vendor/github.com/distribution/reference/CONTRIBUTING.md
@@ -0,0 +1,114 @@
+# Contributing to the reference library
+
+## Community help
+
+If you need help, please ask in the [#distribution](https://cloud-native.slack.com/archives/C01GVR8SY4R) channel on CNCF community slack.
+[Click here for an invite to the CNCF community slack](https://slack.cncf.io/)
+
+## Reporting security issues
+
+The maintainers take security seriously. If you discover a security
+issue, please bring it to their attention right away!
+
+Please **DO NOT** file a public issue, instead send your report privately to
+[cncf-distribution-security@lists.cncf.io](mailto:cncf-distribution-security@lists.cncf.io).
+
+## Reporting an issue properly
+
+By following these simple rules you will get better and faster feedback on your issue.
+
+ - search the bugtracker for an already reported issue
+
+### If you found an issue that describes your problem:
+
+ - please read other user comments first, and confirm this is the same issue: a given error condition might be indicative of different problems - you may also find a workaround in the comments
+ - please refrain from adding "same thing here" or "+1" comments
+ - you don't need to comment on an issue to get notified of updates: just hit the "subscribe" button
+ - comment if you have some new, technical and relevant information to add to the case
+ - __DO NOT__ comment on closed issues or merged PRs. If you think you have a related problem, open up a new issue and reference the PR or issue.
+
+### If you have not found an existing issue that describes your problem:
+
+ 1. create a new issue, with a succinct title that describes your issue:
+   - bad title: "It doesn't work with my docker"
+   - good title: "Private registry push fail: 400 error with E_INVALID_DIGEST"
+ 2. copy the output of (or similar for other container tools):
+   - `docker version`
+   - `docker info`
+   - `docker exec <registry-container> registry --version`
+ 3. copy the command line you used to launch your Registry
+ 4. restart your docker daemon in debug mode (add `-D` to the daemon launch arguments)
+ 5. reproduce your problem and get your docker daemon logs showing the error
+ 6. if relevant, copy your registry logs that show the error
+ 7. provide any relevant detail about your specific Registry configuration (e.g., storage backend used)
+ 8. indicate if you are using an enterprise proxy, Nginx, or anything else between you and your Registry
+
+## Contributing Code
+
+Contributions should be made via pull requests. Pull requests will be reviewed
+by one or more maintainers or reviewers and merged when acceptable.
+
+You should follow the basic GitHub workflow:
+
+ 1. Use your own [fork](https://help.github.com/en/articles/about-forks)
+ 2. Create your [change](https://github.com/containerd/project/blob/master/CONTRIBUTING.md#successful-changes)
+ 3. Test your code
+ 4. [Commit](https://github.com/containerd/project/blob/master/CONTRIBUTING.md#commit-messages) your work, always [sign your commits](https://github.com/containerd/project/blob/master/CONTRIBUTING.md#commit-messages)
+ 5. Push your change to your fork and create a [Pull Request](https://help.github.com/en/github/collaborating-with-issues-and-pull-requests/creating-a-pull-request-from-a-fork)
+
+Refer to [containerd's contribution guide](https://github.com/containerd/project/blob/master/CONTRIBUTING.md#successful-changes)
+for tips on creating a successful contribution.
+
+## Sign your work
+
+The sign-off is a simple line at the end of the explanation for the patch. Your
+signature certifies that you wrote the patch or otherwise have the right to pass
+it on as an open-source patch. The rules are pretty simple: if you can certify
+the below (from [developercertificate.org](http://developercertificate.org/)):
+
+```
+Developer Certificate of Origin
+Version 1.1
+
+Copyright (C) 2004, 2006 The Linux Foundation and its contributors.
+660 York Street, Suite 102,
+San Francisco, CA 94110 USA
+
+Everyone is permitted to copy and distribute verbatim copies of this
+license document, but changing it is not allowed.
+
+Developer's Certificate of Origin 1.1
+
+By making a contribution to this project, I certify that:
+
+(a) The contribution was created in whole or in part by me and I
+    have the right to submit it under the open source license
+    indicated in the file; or
+
+(b) The contribution is based upon previous work that, to the best
+    of my knowledge, is covered under an appropriate open source
+    license and I have the right under that license to submit that
+    work with modifications, whether created in whole or in part
+    by me, under the same open source license (unless I am
+    permitted to submit under a different license), as indicated
+    in the file; or
+
+(c) The contribution was provided directly to me by some other
+    person who certified (a), (b) or (c) and I have not modified
+    it.
+
+(d) I understand and agree that this project and the contribution
+    are public and that a record of the contribution (including all
+    personal information I submit with it, including my sign-off) is
+    maintained indefinitely and may be redistributed consistent with
+    this project or the open source license(s) involved.
+```
+
+Then you just add a line to every git commit message:
+
+    Signed-off-by: Joe Smith <joe.smith@email.com>
+
+Use your real name (sorry, no pseudonyms or anonymous contributions.)
+
+If you set your `user.name` and `user.email` git configs, you can sign your
+commit automatically with `git commit -s`.
diff --git a/vendor/github.com/distribution/reference/GOVERNANCE.md b/vendor/github.com/distribution/reference/GOVERNANCE.md
new file mode 100644
index 000000000..200045b05
--- /dev/null
+++ b/vendor/github.com/distribution/reference/GOVERNANCE.md
@@ -0,0 +1,144 @@
+# distribution/reference Project Governance
+
+Distribution [Code of Conduct](./CODE-OF-CONDUCT.md) can be found here.
+
+For specific guidance on practical contribution steps please
+see our [CONTRIBUTING.md](./CONTRIBUTING.md) guide.
+
+## Maintainership
+
+There are different types of maintainers, with different responsibilities, but
+all maintainers have 3 things in common:
+
+1) They share responsibility in the project's success.
+2) They have made a long-term, recurring time investment to improve the project.
+3) They spend that time doing whatever needs to be done, not necessarily what
+is the most interesting or fun.
+
+Maintainers are often under-appreciated, because their work is harder to appreciate.
+It's easy to appreciate a really cool and technically advanced feature. It's harder
+to appreciate the absence of bugs, the slow but steady improvement in stability,
+or the reliability of a release process. But those things distinguish a good
+project from a great one.
+
+## Reviewers
+
+A reviewer is a core role within the project.
+They share in reviewing issues and pull requests and their LGTM counts towards the
+required LGTM count to merge a code change into the project.
+
+Reviewers are part of the organization but do not have write access.
+Becoming a reviewer is a core aspect in the journey to becoming a maintainer.
+
+## Adding maintainers
+
+Maintainers are first and foremost contributors that have shown they are
+committed to the long term success of a project. Contributors wanting to become
+maintainers are expected to be deeply involved in contributing code, pull
+request review, and triage of issues in the project for more than three months.
+
+Just contributing does not make you a maintainer, it is about building trust
+with the current maintainers of the project and being a person that they can
+depend on and trust to make decisions in the best interest of the project.
+
+Periodically, the existing maintainers curate a list of contributors that have
+shown regular activity on the project over the prior months. From this list,
+maintainer candidates are selected and proposed in a pull request or a
+maintainers communication channel.
+
+After a candidate has been announced to the maintainers, the existing
+maintainers are given five business days to discuss the candidate, raise
+objections and cast their vote. Votes may take place on the communication
+channel or via pull request comment. Candidates must be approved by at least 66%
+of the current maintainers by adding their vote on the mailing list. The
+reviewer role has the same process but only requires 33% of current maintainers.
+Only maintainers of the repository that the candidate is proposed for are
+allowed to vote.
+
+If a candidate is approved, a maintainer will contact the candidate to invite
+the candidate to open a pull request that adds the contributor to the
+MAINTAINERS file. The voting process may take place inside a pull request if a
+maintainer has already discussed the candidacy with the candidate and a
+maintainer is willing to be a sponsor by opening the pull request. The candidate
+becomes a maintainer once the pull request is merged.
+
+## Stepping down policy
+
+Life priorities, interests, and passions can change. If you're a maintainer but
+feel you must remove yourself from the list, inform other maintainers that you
+intend to step down, and if possible, help find someone to pick up your work.
+At the very least, ensure your work can be continued where you left off.
+
+After you've informed other maintainers, create a pull request to remove
+yourself from the MAINTAINERS file.
+
+## Removal of inactive maintainers
+
+Similar to the procedure for adding new maintainers, existing maintainers can
+be removed from the list if they do not show significant activity on the
+project. Periodically, the maintainers review the list of maintainers and their
+activity over the last three months.
+
+If a maintainer has shown insufficient activity over this period, a neutral
+person will contact the maintainer to ask if they want to continue being
+a maintainer. If the maintainer decides to step down as a maintainer, they
+open a pull request to be removed from the MAINTAINERS file.
+
+If the maintainer wants to remain a maintainer, but is unable to perform the
+required duties they can be removed with a vote of at least 66% of the current
+maintainers. In this case, maintainers should first propose the change to
+maintainers via the maintainers communication channel, then open a pull request
+for voting. The voting period is five business days. The voting pull request
+should not come as a surpise to any maintainer and any discussion related to
+performance must not be discussed on the pull request.
+
+## How are decisions made?
+
+Docker distribution is an open-source project with an open design philosophy.
+This means that the repository is the source of truth for EVERY aspect of the
+project, including its philosophy, design, road map, and APIs. *If it's part of
+the project, it's in the repo. If it's in the repo, it's part of the project.*
+
+As a result, all decisions can be expressed as changes to the repository. An
+implementation change is a change to the source code. An API change is a change
+to the API specification. A philosophy change is a change to the philosophy
+manifesto, and so on.
+
+All decisions affecting distribution, big and small, follow the same 3 steps:
+
+* Step 1: Open a pull request. Anyone can do this.
+
+* Step 2: Discuss the pull request. Anyone can do this.
+
+* Step 3: Merge or refuse the pull request. Who does this depends on the nature
+of the pull request and which areas of the project it affects.
+
+## Helping contributors with the DCO
+
+The [DCO or `Sign your work`](./CONTRIBUTING.md#sign-your-work)
+requirement is not intended as a roadblock or speed bump.
+
+Some contributors are not as familiar with `git`, or have used a web
+based editor, and thus asking them to `git commit --amend -s` is not the best
+way forward.
+
+In this case, maintainers can update the commits based on clause (c) of the DCO.
+The most trivial way for a contributor to allow the maintainer to do this, is to
+add a DCO signature in a pull requests's comment, or a maintainer can simply
+note that the change is sufficiently trivial that it does not substantially
+change the existing contribution - i.e., a spelling change.
+
+When you add someone's DCO, please also add your own to keep a log.
+
+## I'm a maintainer. Should I make pull requests too?
+
+Yes. Nobody should ever push to master directly. All changes should be
+made through a pull request.
+
+## Conflict Resolution
+
+If you have a technical dispute that you feel has reached an impasse with a
+subset of the community, any contributor may open an issue, specifically
+calling for a resolution vote of the current core maintainers to resolve the
+dispute. The same voting quorums required (2/3) for adding and removing
+maintainers will apply to conflict resolution.
diff --git a/vendor/github.com/distribution/reference/LICENSE b/vendor/github.com/distribution/reference/LICENSE
new file mode 100644
index 000000000..e06d20818
--- /dev/null
+++ b/vendor/github.com/distribution/reference/LICENSE
@@ -0,0 +1,202 @@
+Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "{}"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright {yyyy} {name of copyright owner}
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+
diff --git a/vendor/github.com/distribution/reference/MAINTAINERS b/vendor/github.com/distribution/reference/MAINTAINERS
new file mode 100644
index 000000000..9e0a60c8b
--- /dev/null
+++ b/vendor/github.com/distribution/reference/MAINTAINERS
@@ -0,0 +1,26 @@
+# Distribution project maintainers & reviewers
+#
+# See GOVERNANCE.md for maintainer versus reviewer roles
+#
+# MAINTAINERS (cncf-distribution-maintainers@lists.cncf.io)
+# GitHub ID, Name, Email address
+"chrispat","Chris Patterson","chrispat@github.com"
+"clarkbw","Bryan Clark","clarkbw@github.com"
+"corhere","Cory Snider","csnider@mirantis.com"
+"deleteriousEffect","Hayley Swimelar","hswimelar@gitlab.com"
+"heww","He Weiwei","hweiwei@vmware.com"
+"joaodrp","João Pereira","jpereira@gitlab.com"
+"justincormack","Justin Cormack","justin.cormack@docker.com"
+"squizzi","Kyle Squizzato","ksquizzato@mirantis.com"
+"milosgajdos","Milos Gajdos","milosthegajdos@gmail.com"
+"sargun","Sargun Dhillon","sargun@sargun.me"
+"wy65701436","Wang Yan","wangyan@vmware.com"
+"stevelasker","Steve Lasker","steve.lasker@microsoft.com"
+#
+# REVIEWERS
+# GitHub ID, Name, Email address
+"dmcgowan","Derek McGowan","derek@mcgstyle.net"
+"stevvooe","Stephen Day","stevvooe@gmail.com"
+"thajeztah","Sebastiaan van Stijn","github@gone.nl"
+"DavidSpek", "David van der Spek", "vanderspek.david@gmail.com"
+"Jamstah", "James Hewitt", "james.hewitt@gmail.com"
diff --git a/vendor/github.com/distribution/reference/Makefile b/vendor/github.com/distribution/reference/Makefile
new file mode 100644
index 000000000..c78576b75
--- /dev/null
+++ b/vendor/github.com/distribution/reference/Makefile
@@ -0,0 +1,25 @@
+# Project packages.
+PACKAGES=$(shell go list ./...)
+
+# Flags passed to `go test`
+BUILDFLAGS ?= 
+TESTFLAGS ?= 
+
+.PHONY: all build test coverage
+.DEFAULT: all
+
+all: build
+
+build: ## no binaries to build, so just check compilation suceeds
+	go build ${BUILDFLAGS} ./...
+
+test: ## run tests
+	go test ${TESTFLAGS} ./...
+
+coverage: ## generate coverprofiles from the unit tests
+	rm -f coverage.txt
+	go test ${TESTFLAGS} -cover -coverprofile=cover.out ./...
+
+.PHONY: help
+help:
+	@awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n  make \033[36m\033[0m\n"} /^[a-zA-Z_\/%-]+:.*?##/ { printf "  \033[36m%-27s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST)
diff --git a/vendor/github.com/distribution/reference/README.md b/vendor/github.com/distribution/reference/README.md
new file mode 100644
index 000000000..e2531e49c
--- /dev/null
+++ b/vendor/github.com/distribution/reference/README.md
@@ -0,0 +1,30 @@
+# Distribution reference
+
+Go library to handle references to container images.
+
+<img src="/distribution-logo.svg" width="200px" />
+
+[![Build Status](https://github.com/distribution/reference/actions/workflows/test.yml/badge.svg?branch=main&event=push)](https://github.com/distribution/reference/actions?query=workflow%3ACI)
+[![GoDoc](https://img.shields.io/badge/go.dev-reference-007d9c?logo=go&logoColor=white&style=flat-square)](https://pkg.go.dev/github.com/distribution/reference)
+[![License: Apache-2.0](https://img.shields.io/badge/License-Apache--2.0-blue.svg)](LICENSE)
+[![codecov](https://codecov.io/gh/distribution/reference/branch/main/graph/badge.svg)](https://codecov.io/gh/distribution/reference)
+[![FOSSA Status](https://app.fossa.com/api/projects/custom%2B162%2Fgithub.com%2Fdistribution%2Freference.svg?type=shield)](https://app.fossa.com/projects/custom%2B162%2Fgithub.com%2Fdistribution%2Freference?ref=badge_shield)
+
+This repository contains a library for handling refrences to container images held in container registries. Please see [godoc](https://pkg.go.dev/github.com/distribution/reference) for details.
+
+## Contribution
+
+Please see [CONTRIBUTING.md](CONTRIBUTING.md) for details on how to contribute
+issues, fixes, and patches to this project.
+
+## Communication
+
+For async communication and long running discussions please use issues and pull requests on the github repo.
+This will be the best place to discuss design and implementation.
+
+For sync communication we have a #distribution channel in the [CNCF Slack](https://slack.cncf.io/)
+that everyone is welcome to join and chat about development.
+
+## Licenses
+
+The distribution codebase is released under the [Apache 2.0 license](LICENSE).
diff --git a/vendor/github.com/distribution/reference/SECURITY.md b/vendor/github.com/distribution/reference/SECURITY.md
new file mode 100644
index 000000000..aaf983c0f
--- /dev/null
+++ b/vendor/github.com/distribution/reference/SECURITY.md
@@ -0,0 +1,7 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+The maintainers take security seriously. If you discover a security issue, please bring it to their attention right away!
+
+Please DO NOT file a public issue, instead send your report privately to cncf-distribution-security@lists.cncf.io.
diff --git a/vendor/github.com/distribution/reference/distribution-logo.svg b/vendor/github.com/distribution/reference/distribution-logo.svg
new file mode 100644
index 000000000..cc9f4073b
--- /dev/null
+++ b/vendor/github.com/distribution/reference/distribution-logo.svg
@@ -0,0 +1 @@
+<svg id="Layer_1" data-name="Layer 1" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 564.27793 654.82002"><defs><style>.cls-1{fill:#416ba9;}.cls-2{fill:#74c3d5;}</style></defs><path class="cls-1" d="M17.48582,567.55941c0-3.66375,2.2168-4.91716,4.91609-4.91716H36.66877c18.70153,0,28.24476,9.06127,28.24476,33.64387,0,22.26771-7.51889,35.57065-27.95526,35.57065H22.40191c-2.69929,0-4.91609-1.25341-4.91609-4.91609Zm20.33987,49.741c7.61539,0,10.60365-6.94043,10.60365-20.72586,0-15.13429-3.85568-19.376-10.70015-19.376H33.97v40.10182Z"/><path class="cls-1" d="M72.43613,567.55941c0-3.66375,2.21681-4.91716,4.9161-4.91716h6.36251c2.69876,0,4.91609,1.25341,4.91609,4.91716v59.38127c0,3.66268-2.21733,4.91609-4.91609,4.91609H77.35223c-2.69929,0-4.9161-1.25341-4.9161-4.91609Z"/><path class="cls-1" d="M99.718,613.05875l5.78405-1.06042c4.33764-.77092,4.53063,1.15692,5.78352,3.85674a6.70953,6.70953,0,0,0,6.5555,3.95218c3.56672,0,6.26548-1.83134,6.26548-5.59158,0-12.82046-27.6663-11.08561-27.6663-34.31724,0-10.79718,7.80839-18.1236,20.43637-18.1236,11.08614,0,16.96615,4.8196,20.05091,12.918.96445,2.31277,1.44641,4.7231-2.98826,5.59052l-5.20559,1.06042c-3.95218.77092-4.33764-1.06042-6.073-3.66269a6.39679,6.39679,0,0,0-5.49456-3.08475c-3.18125,0-5.20559,1.83134-5.20559,4.7231,0,12.24252,27.56981,10.60418,27.56981,33.73931,0,12.532-8.77231,19.66545-22.36422,19.66545-11.47159,0-17.93007-4.43467-20.82236-14.07387C95.57286,616.24,95.1874,613.92617,99.718,613.05875Z"/><path class="cls-1" d="M154.86187,576.62068h-8.09735c-3.66321,0-4.91662-2.21734-4.91662-4.91716v-4.14411c0-2.69983,1.25341-4.91716,4.91662-4.91716H179.058c3.66321,0,4.91609,2.21733,4.91609,4.91716v4.14411c0,2.69982-1.25288,4.91716-4.91609,4.91716h-8.09788v50.32c0,3.66268-2.21681,4.91609-4.9161,4.91609h-6.266c-2.69876,0-4.9161-1.25341-4.9161-4.91609Z"/><path class="cls-1" d="M189.76022,567.55941c0-3.66375,2.21681-4.91716,4.9161-4.91716h16.2912c15.13481,0,23.03969,5.68808,23.03969,20.05144,0,8.38684-3.27775,13.68787-8.29034,16.77369l9.35076,27.76173c1.34938,4.04974-.96445,4.62766-3.37425,4.62766h-8.67581c-2.89176,0-4.53063-1.92783-5.30208-4.7231L211.546,605.92532h-5.68755v21.01536c0,3.66268-2.2168,4.91609-4.91609,4.91609h-6.266c-2.69929,0-4.9161-1.25341-4.9161-4.91609Zm20.14688,25.35246c4.14517,0,7.61592-1.6394,7.61592-8.57984,0-7.61486-3.37425-8.19384-7.22993-8.19384h-4.43467v16.77368Z"/><path class="cls-1" d="M241.91422,567.55941c0-3.66375,2.2168-4.91716,4.91609-4.91716h6.36251c2.69876,0,4.9161,1.25341,4.9161,4.91716v59.38127c0,3.66268-2.21734,4.91609-4.9161,4.91609h-6.36251c-2.69929,0-4.91609-1.25341-4.91609-4.91609Z"/><path class="cls-1" d="M267.75024,567.55941c0-3.66375,2.2168-4.91716,4.91609-4.91716h14.94182c16.77316,0,24.09958,5.49508,24.09958,18.31659,0,6.94044-3.08475,11.953-8.96477,14.5553v.193c6.74744,2.31384,10.41065,7.13343,10.41065,15.80977,0,16.58069-11.3751,20.33987-25.449,20.33987H272.66633c-2.69929,0-4.91609-1.25341-4.91609-4.91609Zm20.72533,22.5572c4.33817,0,6.84447-2.12083,6.84447-7.32642,0-4.91716-2.79579-6.36251-6.84447-6.36251h-4.9161v13.68893Zm.386,27.95473c5.88,0,7.90436-2.40926,7.90436-7.80785,0-5.88-3.18126-7.80786-7.80839-7.80786h-5.39806v15.61571Z"/><path class="cls-1" d="M320.09776,567.55941c0-3.66375,2.21733-4.91716,4.91662-4.91716h6.362c2.69929,0,4.91663,1.25341,4.91663,4.91716v43.282c0,5.78457,2.3133,8.38684,6.748,8.38684,4.43413,0,7.13343-2.60227,7.13343-8.38684v-43.282c0-3.66375,2.21733-4.91716,4.91609-4.91716H361.26c2.6993,0,4.91663,1.25341,4.91663,4.91716v41.06573c0,15.80871-7.13343,24.00256-23.42516,24.00256-16.0982,0-22.6537-8.19385-22.6537-24.00256Z"/><path class="cls-1" d="M384.59236,576.62068H376.495c-3.66322,0-4.91663-2.21734-4.91663-4.91716v-4.14411c0-2.69983,1.25341-4.91716,4.91663-4.91716h32.29343c3.66321,0,4.91609,2.21733,4.91609,4.91716v4.14411c0,2.69982-1.25288,4.91716-4.91609,4.91716H400.6911v50.32c0,3.66268-2.21734,4.91609-4.91663,4.91609h-6.266c-2.69929,0-4.9161-1.25341-4.9161-4.91609Z"/><path class="cls-1" d="M419.49071,567.55941c0-3.66375,2.21681-4.91716,4.9161-4.91716h6.36251c2.69876,0,4.91609,1.25341,4.91609,4.91716v59.38127c0,3.66268-2.21733,4.91609-4.91609,4.91609h-6.36251c-2.69929,0-4.9161-1.25341-4.9161-4.91609Z"/><path class="cls-1" d="M443.20536,597.34654c0-21.30485,5.59106-35.57171,24.48505-35.57171s24.48505,14.26686,24.48505,35.57171c0,22.07472-6.84394,35.37766-24.485,35.37766S443.20536,619.42126,443.20536,597.34654Zm32.48643,0c0-16.29226-2.12083-22.26877-8.00138-22.26877-5.88,0-8.00085,5.97651-8.00085,22.26877,0,17.06212,2.4098,22.17121,8.00085,22.17121C473.378,619.51775,475.69179,614.40866,475.69179,597.34654Z"/><path class="cls-1" d="M499.69859,567.55941c0-3.66375,2.2168-4.91716,4.9161-4.91716h6.941a7.56728,7.56728,0,0,1,6.84394,4.43467l13.207,29.88363h.19247V567.55941c0-3.66375,2.21733-4.91716,4.91662-4.91716h4.62714c2.69876,0,4.91609,1.25341,4.91609,4.91716v59.38127c0,3.66268-2.21733,4.91609-4.91609,4.91609h-5.68756c-2.98878,0-4.72363-1.83134-5.977-4.43466L514.15792,593.5863h-.19247v33.35438c0,3.66268-2.21733,4.91609-4.91663,4.91609h-4.43413c-2.6993,0-4.9161-1.25341-4.9161-4.91609Z"/><g id="F1L4Xu"><path class="cls-2" d="M461.28162,365.26377c14.626-14.99573,31.51073-27.88581,43.901-45.3001,23.6055-33.17709,21.5881-53.98611-9.08528-79.89549-5.54727-4.68571-8.18237-7.96252-5.187-15.251,2.57641-6.26934,3.76528-13.21711,4.83156-19.981,5.90314-37.44659-11.00082-60.70078-48.64828-63.33267-13.137-.91842-16.45015-5.43062-19.21754-16.935-9.30387-38.67663-34.59038-53.67167-74.13662-44.585-10.18443,2.3401-17.05741,2.2529-24.8593-6.77926-30.175-34.93317-59.58084-35.22646-91.95222-.348-9.64337,10.39025-15.6225,11.83918-28.62783,5.4055-32.90341-16.27713-59.8387-3.10046-69.78437,35.47712-4.6848,18.17164-11.36854,26.3489-30.24471,30.1582-31.33028,6.32259-44.78933,33.5759-35.57532,69.531,3.76252,14.68215,4.6826,23.43655-10.28992,33.26423-22.74913,14.93216-25.22052,35.33713-11.0953,59.39875a163.06863,163.06863,0,0,0,18.46085,24.68707c6.40258,7.28037,13.94521,13.55817,19.80434,21.482C65.25053,338.04809,43.116,321.28746,27.8598,297.29993c-17.05057-26.80876-13.40609-48.15088,13.33187-65.26212,13.64688-8.73344,14.87507-15.92347,10.65871-30.93464-12.7269-45.31048,5.12054-71.29348,52.09339-78.34017,9.12234-1.36851,13.24368-4.37134,14.93358-13.09156a120.37358,120.37358,0,0,1,6.91928-23.66458C140.26672,51.59355,166.89048,40.64934,200.93587,56.76c12.995,6.14933,20.16447,5.77862,30.68022-5.2998C268.21035,12.90788,301.23887,13.957,336.089,53.95609c7.03437,8.07364,13.32723,7.58749,21.51782,5.54845,49.26567-12.26462,82.34232,9.66738,86.80352,52.02378.85563,8.12375,4.89151,12.49189,13.59822,11.06745a9.08058,9.08058,0,0,1,2.06083.01162c48.42775,3.32745,67.90447,29.37216,55.65225,76.28488-3.68675,14.11627-5.266,23.35647,9.83168,33.3918,24.025,15.96919,26.43605,40.908,10.89058,67.22194C523.519,321.384,492.3391,349.49056,461.28162,365.26377Z"/><path class="cls-2" d="M222.21166,412.15994c-43.3335,8.71069-88.628,7.98395-130.77907,28.38523,94.59324,34.57588,265.86321,39.32494,381.28659.87883-20.80256-13.03877-43.25235-15.46757-64.96771-19.52875-21.46582-4.01455-43.21049-6.53754-65.22855-9.773,2.32155-9.0906,5.71941-13.26155,14.6818-11.53506,34.9755,6.73747,70.6065,10.43856,104.30053,22.96341,8.18218,3.04152,18.89124,4.40911,19.86455,15.15614,1.09622,12.10448-6.10692,24.09739-16.79915,25.67409-30.25013,4.46064-56.38559,26.36212-84.9133,26.506-28.47048.14371-52.82989-.52977-79.492,14.17476-20.18156,11.13047-46.332,2.83194-64.16335-15.45408-6.83775-7.01216-11.13794-6.37864-19.02114-2.85829-23.91278,10.67842-47.24546,8.5124-67.31614-8.79886-7.10279-6.12627-13.27536-7.629-22.06165-6.68907a44.08867,44.08867,0,0,1-27.74743-5.86122C89.8179,459.38315,82.0507,451.437,82.898,439.18832c.77048-11.13889,11.49627-12.35089,19.55689-15.40536,33.62848-12.74306,69.18754-16.82889,104.26785-23.14551C215.75685,399.01074,219.15407,403.38339,222.21166,412.15994Z"/></g><rect class="cls-1" x="157.9184" y="278.28554" width="63.75238" height="63.75238"/><rect class="cls-1" x="241.008" y="278.28554" width="63.75238" height="63.75238"/><rect class="cls-1" x="157.9184" y="361.37514" width="63.75238" height="63.75238"/><rect class="cls-1" x="367.09657" y="153.06724" width="63.75176" height="63.75177" transform="translate(-13.91822 336.28471) rotate(-45)"/><polygon class="cls-1" points="239.799 221.785 239.799 222.389 296.3 250.79 325.004 193.987 268.201 165.284 239.799 221.785"/><rect class="cls-1" x="341.49858" y="264.8759" width="63.75384" height="63.75383" transform="translate(-59.8512 496.2174) rotate(-63.19922)"/><rect class="cls-1" x="157.9184" y="195.19594" width="63.75238" height="63.75238"/><rect class="cls-1" x="241.008" y="361.37514" width="63.75238" height="63.75238"/><rect class="cls-1" x="324.39973" y="361.37514" width="63.75238" height="63.75238"/></svg>
\ No newline at end of file
diff --git a/vendor/github.com/distribution/reference/regexp.go b/vendor/github.com/distribution/reference/regexp.go
new file mode 100644
index 000000000..65bc49d79
--- /dev/null
+++ b/vendor/github.com/distribution/reference/regexp.go
@@ -0,0 +1,163 @@
+package reference
+
+import (
+	"regexp"
+	"strings"
+)
+
+// DigestRegexp matches well-formed digests, including algorithm (e.g. "sha256:<encoded>").
+var DigestRegexp = regexp.MustCompile(digestPat)
+
+// DomainRegexp matches hostname or IP-addresses, optionally including a port
+// number. It defines the structure of potential domain components that may be
+// part of image names. This is purposely a subset of what is allowed by DNS to
+// ensure backwards compatibility with Docker image names. It may be a subset of
+// DNS domain name, an IPv4 address in decimal format, or an IPv6 address between
+// square brackets (excluding zone identifiers as defined by [RFC 6874] or special
+// addresses such as IPv4-Mapped).
+//
+// [RFC 6874]: https://www.rfc-editor.org/rfc/rfc6874.
+var DomainRegexp = regexp.MustCompile(domainAndPort)
+
+// IdentifierRegexp is the format for string identifier used as a
+// content addressable identifier using sha256. These identifiers
+// are like digests without the algorithm, since sha256 is used.
+var IdentifierRegexp = regexp.MustCompile(identifier)
+
+// NameRegexp is the format for the name component of references, including
+// an optional domain and port, but without tag or digest suffix.
+var NameRegexp = regexp.MustCompile(namePat)
+
+// ReferenceRegexp is the full supported format of a reference. The regexp
+// is anchored and has capturing groups for name, tag, and digest
+// components.
+var ReferenceRegexp = regexp.MustCompile(referencePat)
+
+// TagRegexp matches valid tag names. From [docker/docker:graph/tags.go].
+//
+// [docker/docker:graph/tags.go]: https://github.com/moby/moby/blob/v1.6.0/graph/tags.go#L26-L28
+var TagRegexp = regexp.MustCompile(tag)
+
+const (
+	// alphanumeric defines the alphanumeric atom, typically a
+	// component of names. This only allows lower case characters and digits.
+	alphanumeric = `[a-z0-9]+`
+
+	// separator defines the separators allowed to be embedded in name
+	// components. This allows one period, one or two underscore and multiple
+	// dashes. Repeated dashes and underscores are intentionally treated
+	// differently. In order to support valid hostnames as name components,
+	// supporting repeated dash was added. Additionally double underscore is
+	// now allowed as a separator to loosen the restriction for previously
+	// supported names.
+	separator = `(?:[._]|__|[-]+)`
+
+	// localhost is treated as a special value for domain-name. Any other
+	// domain-name without a "." or a ":port" are considered a path component.
+	localhost = `localhost`
+
+	// domainNameComponent restricts the registry domain component of a
+	// repository name to start with a component as defined by DomainRegexp.
+	domainNameComponent = `(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])`
+
+	// optionalPort matches an optional port-number including the port separator
+	// (e.g. ":80").
+	optionalPort = `(?::[0-9]+)?`
+
+	// tag matches valid tag names. From docker/docker:graph/tags.go.
+	tag = `[\w][\w.-]{0,127}`
+
+	// digestPat matches well-formed digests, including algorithm (e.g. "sha256:<encoded>").
+	//
+	// TODO(thaJeztah): this should follow the same rules as https://pkg.go.dev/github.com/opencontainers/go-digest@v1.0.0#DigestRegexp
+	// so that go-digest defines the canonical format. Note that the go-digest is
+	// more relaxed:
+	//   - it allows multiple algorithms (e.g. "sha256+b64:<encoded>") to allow
+	//     future expansion of supported algorithms.
+	//   - it allows the "<encoded>" value to use urlsafe base64 encoding as defined
+	//     in [rfc4648, section 5].
+	//
+	// [rfc4648, section 5]: https://www.rfc-editor.org/rfc/rfc4648#section-5.
+	digestPat = `[A-Za-z][A-Za-z0-9]*(?:[-_+.][A-Za-z][A-Za-z0-9]*)*[:][[:xdigit:]]{32,}`
+
+	// identifier is the format for a content addressable identifier using sha256.
+	// These identifiers are like digests without the algorithm, since sha256 is used.
+	identifier = `([a-f0-9]{64})`
+
+	// ipv6address are enclosed between square brackets and may be represented
+	// in many ways, see rfc5952. Only IPv6 in compressed or uncompressed format
+	// are allowed, IPv6 zone identifiers (rfc6874) or Special addresses such as
+	// IPv4-Mapped are deliberately excluded.
+	ipv6address = `\[(?:[a-fA-F0-9:]+)\]`
+)
+
+var (
+	// domainName defines the structure of potential domain components
+	// that may be part of image names. This is purposely a subset of what is
+	// allowed by DNS to ensure backwards compatibility with Docker image
+	// names. This includes IPv4 addresses on decimal format.
+	domainName = domainNameComponent + anyTimes(`\.`+domainNameComponent)
+
+	// host defines the structure of potential domains based on the URI
+	// Host subcomponent on rfc3986. It may be a subset of DNS domain name,
+	// or an IPv4 address in decimal format, or an IPv6 address between square
+	// brackets (excluding zone identifiers as defined by rfc6874 or special
+	// addresses such as IPv4-Mapped).
+	host = `(?:` + domainName + `|` + ipv6address + `)`
+
+	// allowed by the URI Host subcomponent on rfc3986 to ensure backwards
+	// compatibility with Docker image names.
+	domainAndPort = host + optionalPort
+
+	// anchoredTagRegexp matches valid tag names, anchored at the start and
+	// end of the matched string.
+	anchoredTagRegexp = regexp.MustCompile(anchored(tag))
+
+	// anchoredDigestRegexp matches valid digests, anchored at the start and
+	// end of the matched string.
+	anchoredDigestRegexp = regexp.MustCompile(anchored(digestPat))
+
+	// pathComponent restricts path-components to start with an alphanumeric
+	// character, with following parts able to be separated by a separator
+	// (one period, one or two underscore and multiple dashes).
+	pathComponent = alphanumeric + anyTimes(separator+alphanumeric)
+
+	// remoteName matches the remote-name of a repository. It consists of one
+	// or more forward slash (/) delimited path-components:
+	//
+	//	pathComponent[[/pathComponent] ...] // e.g., "library/ubuntu"
+	remoteName = pathComponent + anyTimes(`/`+pathComponent)
+	namePat    = optional(domainAndPort+`/`) + remoteName
+
+	// anchoredNameRegexp is used to parse a name value, capturing the
+	// domain and trailing components.
+	anchoredNameRegexp = regexp.MustCompile(anchored(optional(capture(domainAndPort), `/`), capture(remoteName)))
+
+	referencePat = anchored(capture(namePat), optional(`:`, capture(tag)), optional(`@`, capture(digestPat)))
+
+	// anchoredIdentifierRegexp is used to check or match an
+	// identifier value, anchored at start and end of string.
+	anchoredIdentifierRegexp = regexp.MustCompile(anchored(identifier))
+)
+
+// optional wraps the expression in a non-capturing group and makes the
+// production optional.
+func optional(res ...string) string {
+	return `(?:` + strings.Join(res, "") + `)?`
+}
+
+// anyTimes wraps the expression in a non-capturing group that can occur
+// any number of times.
+func anyTimes(res ...string) string {
+	return `(?:` + strings.Join(res, "") + `)*`
+}
+
+// capture wraps the expression in a capturing group.
+func capture(res ...string) string {
+	return `(` + strings.Join(res, "") + `)`
+}
+
+// anchored anchors the regular expression by adding start and end delimiters.
+func anchored(res ...string) string {
+	return `^` + strings.Join(res, "") + `$`
+}
diff --git a/vendor/github.com/distribution/reference/sort.go b/vendor/github.com/distribution/reference/sort.go
new file mode 100644
index 000000000..416c37b07
--- /dev/null
+++ b/vendor/github.com/distribution/reference/sort.go
@@ -0,0 +1,75 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package reference
+
+import (
+	"sort"
+)
+
+// Sort sorts string references preferring higher information references.
+//
+// The precedence is as follows:
+//
+//  1. [Named] + [Tagged] + [Digested] (e.g., "docker.io/library/busybox:latest@sha256:<digest>")
+//  2. [Named] + [Tagged]              (e.g., "docker.io/library/busybox:latest")
+//  3. [Named] + [Digested]            (e.g., "docker.io/library/busybo@sha256:<digest>")
+//  4. [Named]                         (e.g., "docker.io/library/busybox")
+//  5. [Digested]                      (e.g., "docker.io@sha256:<digest>")
+//  6. Parse error
+func Sort(references []string) []string {
+	var prefs []Reference
+	var bad []string
+
+	for _, ref := range references {
+		pref, err := ParseAnyReference(ref)
+		if err != nil {
+			bad = append(bad, ref)
+		} else {
+			prefs = append(prefs, pref)
+		}
+	}
+	sort.Slice(prefs, func(a, b int) bool {
+		ar := refRank(prefs[a])
+		br := refRank(prefs[b])
+		if ar == br {
+			return prefs[a].String() < prefs[b].String()
+		}
+		return ar < br
+	})
+	sort.Strings(bad)
+	var refs []string
+	for _, pref := range prefs {
+		refs = append(refs, pref.String())
+	}
+	return append(refs, bad...)
+}
+
+func refRank(ref Reference) uint8 {
+	if _, ok := ref.(Named); ok {
+		if _, ok = ref.(Tagged); ok {
+			if _, ok = ref.(Digested); ok {
+				return 1
+			}
+			return 2
+		}
+		if _, ok = ref.(Digested); ok {
+			return 3
+		}
+		return 4
+	}
+	return 5
+}
diff --git a/vendor/go.opentelemetry.io/otel/.gitignore b/vendor/go.opentelemetry.io/otel/.gitignore
index 895c7664b..7d29ed64d 100644
--- a/vendor/go.opentelemetry.io/otel/.gitignore
+++ b/vendor/go.opentelemetry.io/otel/.gitignore
@@ -14,6 +14,9 @@ go.work.sum
 gen/
 
 /example/dice/dice
+/example/fib/fib
+/example/fib/traces.txt
+/example/jaeger/jaeger
 /example/namedtracer/namedtracer
 /example/otel-collector/otel-collector
 /example/opencensus/opencensus
diff --git a/vendor/go.opentelemetry.io/otel/CHANGELOG.md b/vendor/go.opentelemetry.io/otel/CHANGELOG.md
index 24874f856..c2487d4e3 100644
--- a/vendor/go.opentelemetry.io/otel/CHANGELOG.md
+++ b/vendor/go.opentelemetry.io/otel/CHANGELOG.md
@@ -8,85 +8,6 @@ This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.htm
 
 ## [Unreleased]
 
-## [1.21.0/0.44.0] 2023-11-16
-
-### Removed
-
-- Remove the deprecated `go.opentelemetry.io/otel/bridge/opencensus.NewTracer`. (#4706)
-- Remove the deprecated `go.opentelemetry.io/otel/exporters/otlp/otlpmetric` module. (#4707)
-- Remove the deprecated `go.opentelemetry.io/otel/example/view` module. (#4708)
-- Remove the deprecated `go.opentelemetry.io/otel/example/fib` module. (#4723)
-
-### Fixed
-
-- Do not parse non-protobuf responses in `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp`. (#4719)
-- Do not parse non-protobuf responses in `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp`. (#4719)
-
-## [1.20.0/0.43.0] 2023-11-10
-
-This release brings a breaking change for custom trace API implementations. Some interfaces (`TracerProvider`, `Tracer`, `Span`) now embed the `go.opentelemetry.io/otel/trace/embedded` types. Implementors need to update their implementations based on what they want the default behavior to be. See the "API Implementations" section of the [trace API] package documentation for more information about how to accomplish this.
-
-### Added
-
-- Add `go.opentelemetry.io/otel/bridge/opencensus.InstallTraceBridge`, which installs the OpenCensus trace bridge, and replaces `opencensus.NewTracer`. (#4567)
-- Add scope version to trace and metric bridges in `go.opentelemetry.io/otel/bridge/opencensus`. (#4584)
-- Add the `go.opentelemetry.io/otel/trace/embedded` package to be embedded in the exported trace API interfaces. (#4620)
-- Add the `go.opentelemetry.io/otel/trace/noop` package as a default no-op implementation of the trace API. (#4620)
-- Add context propagation in `go.opentelemetry.io/otel/example/dice`. (#4644)
-- Add view configuration to `go.opentelemetry.io/otel/example/prometheus`. (#4649)
-- Add `go.opentelemetry.io/otel/metric.WithExplicitBucketBoundaries`, which allows defining default explicit bucket boundaries when creating histogram instruments. (#4603)
-- Add `Version` function in `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc`. (#4660)
-- Add `Version` function in `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp`. (#4660)
-- Add Summary, SummaryDataPoint, and QuantileValue to `go.opentelemetry.io/sdk/metric/metricdata`. (#4622)
-- `go.opentelemetry.io/otel/bridge/opencensus.NewMetricProducer` now supports exemplars from OpenCensus. (#4585)
-- Add support for `WithExplicitBucketBoundaries` in `go.opentelemetry.io/otel/sdk/metric`. (#4605)
-- Add support for Summary metrics in `go.opentelemetry.io/otel/bridge/opencensus`. (#4668)
-
-### Deprecated
-
-- Deprecate `go.opentelemetry.io/otel/bridge/opencensus.NewTracer` in favor of `opencensus.InstallTraceBridge`. (#4567)
-- Deprecate `go.opentelemetry.io/otel/example/fib` package is in favor of `go.opentelemetry.io/otel/example/dice`. (#4618)
-- Deprecate `go.opentelemetry.io/otel/trace.NewNoopTracerProvider`.
-  Use the added `NewTracerProvider` function in `go.opentelemetry.io/otel/trace/noop` instead. (#4620)
-- Deprecate `go.opentelemetry.io/otel/example/view` package in favor of `go.opentelemetry.io/otel/example/prometheus`. (#4649)
-- Deprecate `go.opentelemetry.io/otel/exporters/otlp/otlpmetric`. (#4693)
-
-### Changed
-
-- `go.opentelemetry.io/otel/bridge/opencensus.NewMetricProducer` returns a `*MetricProducer` struct instead of the metric.Producer interface. (#4583)
-- The `TracerProvider` in `go.opentelemetry.io/otel/trace` now embeds the `go.opentelemetry.io/otel/trace/embedded.TracerProvider` type.
-  This extends the `TracerProvider` interface and is is a breaking change for any existing implementation.
-  Implementors need to update their implementations based on what they want the default behavior of the interface to be.
-  See the "API Implementations" section of the `go.opentelemetry.io/otel/trace` package documentation for more information about how to accomplish this. (#4620)
-- The `Tracer` in `go.opentelemetry.io/otel/trace` now embeds the `go.opentelemetry.io/otel/trace/embedded.Tracer` type.
-  This extends the `Tracer` interface and is is a breaking change for any existing implementation.
-  Implementors need to update their implementations based on what they want the default behavior of the interface to be.
-  See the "API Implementations" section of the `go.opentelemetry.io/otel/trace` package documentation for more information about how to accomplish this. (#4620)
-- The `Span` in `go.opentelemetry.io/otel/trace` now embeds the `go.opentelemetry.io/otel/trace/embedded.Span` type.
-  This extends the `Span` interface and is is a breaking change for any existing implementation.
-  Implementors need to update their implementations based on what they want the default behavior of the interface to be.
-  See the "API Implementations" section of the `go.opentelemetry.io/otel/trace` package documentation for more information about how to accomplish this. (#4620)
-- `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc` does no longer depend on `go.opentelemetry.io/otel/exporters/otlp/otlpmetric`. (#4660)
-- `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp` does no longer depend on `go.opentelemetry.io/otel/exporters/otlp/otlpmetric`. (#4660)
-- Retry for `502 Bad Gateway` and `504 Gateway Timeout` HTTP statuses in `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp`. (#4670)
-- Retry for `502 Bad Gateway` and `504 Gateway Timeout` HTTP statuses in `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp`. (#4670)
-- Retry for `RESOURCE_EXHAUSTED` only if RetryInfo is returned in `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc`. (#4669)
-- Retry for `RESOURCE_EXHAUSTED` only if RetryInfo is returned in `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc`. (#4669)
-- Retry temporary HTTP request failures in `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp`. (#4679)
-- Retry temporary HTTP request failures in `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp`. (#4679)
-
-### Fixed
-
-- Fix improper parsing of characters such us `+`, `/` by `Parse` in `go.opentelemetry.io/otel/baggage` as they were rendered as a whitespace. (#4667)
-- Fix improper parsing of characters such us `+`, `/` passed via `OTEL_RESOURCE_ATTRIBUTES` in `go.opentelemetry.io/otel/sdk/resource` as they were rendered as a whitespace. (#4699)
-- Fix improper parsing of characters such us `+`, `/` passed via `OTEL_EXPORTER_OTLP_HEADERS` and `OTEL_EXPORTER_OTLP_METRICS_HEADERS` in `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc` as they were rendered as a whitespace. (#4699)
-- Fix improper parsing of characters such us `+`, `/` passed via `OTEL_EXPORTER_OTLP_HEADERS` and `OTEL_EXPORTER_OTLP_METRICS_HEADERS` in `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp` as they were rendered as a whitespace. (#4699)
-- Fix improper parsing of characters such us `+`, `/` passed via `OTEL_EXPORTER_OTLP_HEADERS` and `OTEL_EXPORTER_OTLP_TRACES_HEADERS` in `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlptracegrpc` as they were rendered as a whitespace. (#4699)
-- Fix improper parsing of characters such us `+`, `/` passed via `OTEL_EXPORTER_OTLP_HEADERS` and `OTEL_EXPORTER_OTLP_TRACES_HEADERS` in `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlptracehttp` as they were rendered as a whitespace. (#4699)
-- In `go.opentelemetry.op/otel/exporters/prometheus`, the exporter no longer `Collect`s metrics after `Shutdown` is invoked. (#4648)
-- Fix documentation for `WithCompressor` in `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc`. (#4695)
-- Fix documentation for `WithCompressor` in `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc`. (#4695)
-
 ## [1.19.0/0.42.0/0.0.7] 2023-09-28
 
 This release contains the first stable release of the OpenTelemetry Go [metric SDK].
@@ -260,11 +181,15 @@ See our [versioning policy](VERSIONING.md) for more information about these stab
 - The Exponential Histogram data types in `go.opentelemetry.io/otel/sdk/metric/metricdata`. (#4165)
 - OTLP metrics exporter now supports the Exponential Histogram Data Type. (#4222)
 - Fix serialization of `time.Time` zero values in `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc` and `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp` packages. (#4271)
+- The Exponential Histogram data types in `go.opentelemetry.io/otel/sdk/metric/metricdata`. (#4165)
+- OTLP metrics exporter now supports the Exponential Histogram Data Type. (#4222)
+- Fix serialization of `time.Time` zero values in `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc` and `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp` packages. (#4271)
 
 ### Changed
 
 - Use `strings.Cut()` instead of `string.SplitN()` for better readability and memory use. (#4049)
 - `MeterProvider` returns noop meters once it has been shutdown. (#4154)
+- `MeterProvider` returns noop meters once it has been shutdown. (#4154)
 
 ### Removed
 
@@ -431,6 +356,8 @@ This release drops the compatibility guarantee of [Go 1.18].
 - Clarify the `httpconv` and `netconv` packages in `go.opentelemetry.io/otel/semconv/*` provide tracing semantic conventions. (#3823)
 - Fix race conditions in `go.opentelemetry.io/otel/exporters/metric/prometheus` that could cause a panic. (#3899)
 - Fix sending nil `scopeInfo` to metrics channel in `go.opentelemetry.io/otel/exporters/metric/prometheus` that could cause a panic in `github.com/prometheus/client_golang/prometheus`. (#3899)
+- Fix race conditions in `go.opentelemetry.io/otel/exporters/metric/prometheus` that could cause a panic. (#3899)
+- Fix sending nil `scopeInfo` to metrics channel in `go.opentelemetry.io/otel/exporters/metric/prometheus` that could cause a panic in `github.com/prometheus/client_golang/prometheus`. (#3899)
 
 ### Deprecated
 
@@ -2735,9 +2662,7 @@ It contains api and sdk for trace and meter.
 - CircleCI build CI manifest files.
 - CODEOWNERS file to track owners of this project.
 
-[Unreleased]: https://github.com/open-telemetry/opentelemetry-go/compare/v1.21.0...HEAD
-[1.21.0/0.44.0]: https://github.com/open-telemetry/opentelemetry-go/releases/tag/v1.21.0
-[1.20.0/0.43.0]: https://github.com/open-telemetry/opentelemetry-go/releases/tag/v1.20.0
+[Unreleased]: https://github.com/open-telemetry/opentelemetry-go/compare/v1.19.0...HEAD
 [1.19.0/0.42.0/0.0.7]: https://github.com/open-telemetry/opentelemetry-go/releases/tag/v1.19.0
 [1.19.0-rc.1/0.42.0-rc.1]: https://github.com/open-telemetry/opentelemetry-go/releases/tag/v1.19.0-rc.1
 [1.18.0/0.41.0/0.0.6]: https://github.com/open-telemetry/opentelemetry-go/releases/tag/v1.18.0
@@ -2812,7 +2737,7 @@ It contains api and sdk for trace and meter.
 [Go 1.20]: https://go.dev/doc/go1.20
 [Go 1.19]: https://go.dev/doc/go1.19
 [Go 1.18]: https://go.dev/doc/go1.18
+[Go 1.19]: https://go.dev/doc/go1.19
 
 [metric API]:https://pkg.go.dev/go.opentelemetry.io/otel/metric
 [metric SDK]:https://pkg.go.dev/go.opentelemetry.io/otel/sdk/metric
-[trace API]:https://pkg.go.dev/go.opentelemetry.io/otel/trace
diff --git a/vendor/go.opentelemetry.io/otel/Makefile b/vendor/go.opentelemetry.io/otel/Makefile
index 35fc18996..28567c883 100644
--- a/vendor/go.opentelemetry.io/otel/Makefile
+++ b/vendor/go.opentelemetry.io/otel/Makefile
@@ -26,6 +26,7 @@ TIMEOUT = 60
 
 .PHONY: precommit ci
 precommit: generate dependabot-generate license-check misspell go-mod-tidy golangci-lint-fix test-default
+precommit: generate dependabot-generate license-check misspell go-mod-tidy golangci-lint-fix test-default
 ci: generate dependabot-check license-check lint vanity-import-check build test-default check-clean-work-tree test-coverage
 
 # Tools
@@ -77,11 +78,9 @@ $(GOTMPL): PACKAGE=go.opentelemetry.io/build-tools/gotmpl
 GORELEASE = $(TOOLS)/gorelease
 $(GORELEASE): PACKAGE=golang.org/x/exp/cmd/gorelease
 
-GOVULNCHECK = $(TOOLS)/govulncheck
-$(TOOLS)/govulncheck: PACKAGE=golang.org/x/vuln/cmd/govulncheck
-
 .PHONY: tools
 tools: $(CROSSLINK) $(DBOTCONF) $(GOLANGCI_LINT) $(MISSPELL) $(GOCOVMERGE) $(STRINGER) $(PORTO) $(GOJQ) $(SEMCONVGEN) $(MULTIMOD) $(SEMCONVKIT) $(GOTMPL) $(GORELEASE)
+tools: $(CROSSLINK) $(DBOTCONF) $(GOLANGCI_LINT) $(MISSPELL) $(GOCOVMERGE) $(STRINGER) $(PORTO) $(GOJQ) $(SEMCONVGEN) $(MULTIMOD) $(SEMCONVKIT) $(GOTMPL) $(GORELEASE)
 
 # Virtualized python tools via docker
 
@@ -121,6 +120,12 @@ $(CODESPELL): PACKAGE=codespell
 .PHONY: generate
 generate: go-generate vanity-import-fix
 
+.PHONY: go-generate
+go-generate: $(OTEL_GO_MOD_DIRS:%=go-generate/%)
+go-generate/%: DIR=$*
+go-generate/%: | $(STRINGER) $(GOTMPL)
+generate: go-generate vanity-import-fix
+
 .PHONY: go-generate
 go-generate: $(OTEL_GO_MOD_DIRS:%=go-generate/%)
 go-generate/%: DIR=$*
@@ -133,6 +138,16 @@ go-generate/%: | $(STRINGER) $(GOTMPL)
 vanity-import-fix: | $(PORTO)
 	@$(PORTO) --include-internal -w .
 
+# Generate go.work file for local development.
+.PHONY: go-work
+go-work: | $(CROSSLINK)
+	$(CROSSLINK) work --root=$(shell pwd)
+		&& PATH="$(TOOLS):$${PATH}" $(GO) generate ./...
+
+.PHONY: vanity-import-fix
+vanity-import-fix: | $(PORTO)
+	@$(PORTO) --include-internal -w .
+
 # Generate go.work file for local development.
 .PHONY: go-work
 go-work: | $(CROSSLINK)
@@ -226,6 +241,7 @@ go-mod-tidy/%: | crosslink
 	@echo "$(GO) mod tidy in $(DIR)" \
 		&& cd $(DIR) \
 		&& $(GO) mod tidy -compat=1.20
+		&& $(GO) mod tidy -compat=1.20
 
 .PHONY: lint-modules
 lint-modules: go-mod-tidy
@@ -236,6 +252,7 @@ lint: misspell lint-modules golangci-lint govulncheck
 .PHONY: vanity-import-check
 vanity-import-check: | $(PORTO)
 	@$(PORTO) --include-internal -l . || ( echo "(run: make vanity-import-fix)"; exit 1 )
+	@$(PORTO) --include-internal -l . || ( echo "(run: make vanity-import-fix)"; exit 1 )
 
 .PHONY: misspell
 misspell: | $(MISSPELL)
@@ -257,6 +274,7 @@ codespell: | $(CODESPELL)
 license-check:
 	@licRes=$$(for f in $$(find . -type f \( -iname '*.go' -o -iname '*.sh' \) ! -path '**/third_party/*' ! -path './.git/*' ) ; do \
 	           awk '/Copyright The OpenTelemetry Authors|generated|GENERATED/ && NR<=4 { found=1; next } END { if (!found) print FILENAME }' $$f; \
+	           awk '/Copyright The OpenTelemetry Authors|generated|GENERATED/ && NR<=4 { found=1; next } END { if (!found) print FILENAME }' $$f; \
 	   done); \
 	   if [ -n "$${licRes}" ]; then \
 	           echo "license header checking failed:"; echo "$${licRes}"; \
@@ -267,6 +285,7 @@ DEPENDABOT_CONFIG = .github/dependabot.yml
 .PHONY: dependabot-check
 dependabot-check: | $(DBOTCONF)
 	@$(DBOTCONF) verify $(DEPENDABOT_CONFIG) || ( echo "(run: make dependabot-generate)"; exit 1 )
+	@$(DBOTCONF) verify $(DEPENDABOT_CONFIG) || ( echo "(run: make dependabot-generate)"; exit 1 )
 
 .PHONY: dependabot-generate
 dependabot-generate: | $(DBOTCONF)
@@ -285,6 +304,12 @@ check-clean-work-tree:
 SEMCONVPKG ?= "semconv/"
 .PHONY: semconv-generate
 semconv-generate: | $(SEMCONVGEN) $(SEMCONVKIT)
+	[ "$(TAG)" ] || ( echo "TAG unset: missing opentelemetry semantic-conventions tag"; exit 1 )
+	[ "$(OTEL_SEMCONV_REPO)" ] || ( echo "OTEL_SEMCONV_REPO unset: missing path to opentelemetry semantic-conventions repo"; exit 1 )
+	$(SEMCONVGEN) -i "$(OTEL_SEMCONV_REPO)/model/." --only=span -p conventionType=trace -f trace.go -t "$(SEMCONVPKG)/template.j2" -s "$(TAG)"
+	$(SEMCONVGEN) -i "$(OTEL_SEMCONV_REPO)/model/." --only=attribute_group -p conventionType=trace -f attribute_group.go -t "$(SEMCONVPKG)/template.j2" -s "$(TAG)"
+	$(SEMCONVGEN) -i "$(OTEL_SEMCONV_REPO)/model/." --only=event -p conventionType=event -f event.go -t "$(SEMCONVPKG)/template.j2" -s "$(TAG)"
+	$(SEMCONVGEN) -i "$(OTEL_SEMCONV_REPO)/model/." --only=resource -p conventionType=resource -f resource.go -t "$(SEMCONVPKG)/template.j2" -s "$(TAG)"
 	[ "$(TAG)" ] || ( echo "TAG unset: missing opentelemetry semantic-conventions tag"; exit 1 )
 	[ "$(OTEL_SEMCONV_REPO)" ] || ( echo "OTEL_SEMCONV_REPO unset: missing path to opentelemetry semantic-conventions repo"; exit 1 )
 	$(SEMCONVGEN) -i "$(OTEL_SEMCONV_REPO)/model/." --only=span -p conventionType=trace -f trace.go -t "$(SEMCONVPKG)/template.j2" -s "$(TAG)"
@@ -302,6 +327,15 @@ gorelease/%:| $(GORELEASE)
 		&& $(GORELEASE) \
 		|| echo ""
 
+.PHONY: gorelease
+gorelease: $(OTEL_GO_MOD_DIRS:%=gorelease/%)
+gorelease/%: DIR=$*
+gorelease/%:| $(GORELEASE)
+	@echo "gorelease in $(DIR):" \
+		&& cd $(DIR) \
+		&& $(GORELEASE) \
+		|| echo ""
+
 .PHONY: prerelease
 prerelease: | $(MULTIMOD)
 	@[ "${MODSET}" ] || ( echo ">> env var MODSET is not set"; exit 1 )
diff --git a/vendor/go.opentelemetry.io/otel/README.md b/vendor/go.opentelemetry.io/otel/README.md
index 2c5b0cc28..9695fbefd 100644
--- a/vendor/go.opentelemetry.io/otel/README.md
+++ b/vendor/go.opentelemetry.io/otel/README.md
@@ -11,15 +11,19 @@ It provides a set of APIs to directly measure performance and behavior of your s
 
 ## Project Status
 
-| Signal  | Status     |
-|---------|------------|
-| Traces  | Stable     |
-| Metrics | Stable     |
-| Logs    | Design [1] |
+| Signal  | Status     | Project               |
+|---------|------------|-----------------------|
+| Traces  | Stable     | N/A                   |
+| Metrics | Mixed [1]  | [Go: Metric SDK (GA)] |
+| Logs    | Frozen [2] | N/A                   |
 
-- [1]: Currently the logs signal development is in a design phase ([#4696](https://github.com/open-telemetry/opentelemetry-go/issues/4696)).
+[Go: Metric SDK (GA)]: https://github.com/orgs/open-telemetry/projects/34
+
+- [1]: [Metrics API](https://pkg.go.dev/go.opentelemetry.io/otel/metric) is Stable. [Metrics SDK](https://pkg.go.dev/go.opentelemetry.io/otel/sdk/metric) is Beta.
+- [2]: The Logs signal development is halted for this project while we stabilize the Metrics SDK.
    No Logs Pull Requests are currently being accepted.
 
+Progress and status specific to this repository is tracked in our
 Progress and status specific to this repository is tracked in our
 [project boards](https://github.com/open-telemetry/opentelemetry-go/projects)
 and
@@ -27,6 +31,7 @@ and
 
 Project versioning information and stability guarantees can be found in the
 [versioning documentation](VERSIONING.md).
+[versioning documentation](VERSIONING.md).
 
 ### Compatibility
 
@@ -51,14 +56,20 @@ Currently, this project supports the following environments.
 | OS      | Go Version | Architecture |
 |---------|------------|--------------|
 | Ubuntu  | 1.21       | amd64        |
+|---------|------------|--------------|
+| Ubuntu  | 1.21       | amd64        |
 | Ubuntu  | 1.20       | amd64        |
 | Ubuntu  | 1.21       | 386          |
+| Ubuntu  | 1.21       | 386          |
 | Ubuntu  | 1.20       | 386          |
 | MacOS   | 1.21       | amd64        |
+| MacOS   | 1.21       | amd64        |
 | MacOS   | 1.20       | amd64        |
 | Windows | 1.21       | amd64        |
+| Windows | 1.21       | amd64        |
 | Windows | 1.20       | amd64        |
 | Windows | 1.21       | 386          |
+| Windows | 1.21       | 386          |
 | Windows | 1.20       | 386          |
 
 While this project should work for other systems, no compatibility guarantees
@@ -102,6 +113,11 @@ All officially supported exporters for the OpenTelemetry project are contained i
 | [Prometheus](./exporters/prometheus/) |    ✓    |        |
 | [stdout](./exporters/stdout/)         |    ✓    |   ✓    |
 | [Zipkin](./exporters/zipkin/)         |         |   ✓    |
+|---------------------------------------|:-------:|:------:|
+| [OTLP](./exporters/otlp/)             |    ✓    |   ✓    |
+| [Prometheus](./exporters/prometheus/) |    ✓    |        |
+| [stdout](./exporters/stdout/)         |    ✓    |   ✓    |
+| [Zipkin](./exporters/zipkin/)         |         |   ✓    |
 
 ## Contributing
 
diff --git a/vendor/go.opentelemetry.io/otel/requirements.txt b/vendor/go.opentelemetry.io/otel/requirements.txt
index e0a43e138..ddff45468 100644
--- a/vendor/go.opentelemetry.io/otel/requirements.txt
+++ b/vendor/go.opentelemetry.io/otel/requirements.txt
@@ -1 +1 @@
-codespell==2.2.6
+codespell==2.2.5
diff --git a/vendor/go.opentelemetry.io/otel/version.go b/vendor/go.opentelemetry.io/otel/version.go
index e2f743585..ad64e1996 100644
--- a/vendor/go.opentelemetry.io/otel/version.go
+++ b/vendor/go.opentelemetry.io/otel/version.go
@@ -16,5 +16,5 @@ package otel // import "go.opentelemetry.io/otel"
 
 // Version is the current release version of OpenTelemetry in use.
 func Version() string {
-	return "1.21.0"
+	return "1.19.0"
 }
diff --git a/vendor/go.opentelemetry.io/otel/versions.yaml b/vendor/go.opentelemetry.io/otel/versions.yaml
index 3c153c9d6..7a79d2fb0 100644
--- a/vendor/go.opentelemetry.io/otel/versions.yaml
+++ b/vendor/go.opentelemetry.io/otel/versions.yaml
@@ -14,12 +14,13 @@
 
 module-sets:
   stable-v1:
-    version: v1.21.0
+    version: v1.19.0
     modules:
       - go.opentelemetry.io/otel
       - go.opentelemetry.io/otel/bridge/opentracing
       - go.opentelemetry.io/otel/bridge/opentracing/test
       - go.opentelemetry.io/otel/example/dice
+      - go.opentelemetry.io/otel/example/fib
       - go.opentelemetry.io/otel/example/namedtracer
       - go.opentelemetry.io/otel/example/otel-collector
       - go.opentelemetry.io/otel/example/passthrough
@@ -32,19 +33,25 @@ module-sets:
       - go.opentelemetry.io/otel/metric
       - go.opentelemetry.io/otel/sdk
       - go.opentelemetry.io/otel/sdk/metric
+      - go.opentelemetry.io/otel/sdk/metric
       - go.opentelemetry.io/otel/trace
   experimental-metrics:
-    version: v0.44.0
+    version: v0.42.0
     modules:
+      - go.opentelemetry.io/otel/bridge/opencensus
+      - go.opentelemetry.io/otel/bridge/opencensus/test
       - go.opentelemetry.io/otel/bridge/opencensus
       - go.opentelemetry.io/otel/bridge/opencensus/test
       - go.opentelemetry.io/otel/example/opencensus
       - go.opentelemetry.io/otel/example/prometheus
+      - go.opentelemetry.io/otel/example/view
+      - go.opentelemetry.io/otel/exporters/otlp/otlpmetric
       - go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc
       - go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp
       - go.opentelemetry.io/otel/exporters/prometheus
       - go.opentelemetry.io/otel/exporters/stdout/stdoutmetric
   experimental-schema:
+    version: v0.0.7
     version: v0.0.7
     modules:
       - go.opentelemetry.io/otel/schema
diff --git a/vendor/modules.txt b/vendor/modules.txt
index 164590c10..853ba7a74 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -472,6 +472,7 @@ github.com/docker/cli/cli/context/store
 github.com/docker/cli/cli/debug
 github.com/docker/cli/cli/flags
 github.com/docker/cli/cli/hints
+github.com/docker/cli/cli/hints
 github.com/docker/cli/cli/manifest/store
 github.com/docker/cli/cli/manifest/types
 github.com/docker/cli/cli/registry/client
@@ -498,6 +499,7 @@ github.com/docker/distribution/registry/storage/cache
 github.com/docker/distribution/registry/storage/cache/memory
 github.com/docker/distribution/uuid
 # github.com/docker/docker v24.0.7+incompatible
+# github.com/docker/docker v24.0.7+incompatible
 ## explicit
 github.com/docker/docker/api
 github.com/docker/docker/api/types
@@ -682,6 +684,8 @@ github.com/go-jose/go-jose/v3/json
 github.com/go-jose/go-jose/v3/jwt
 # github.com/go-logr/logr v1.3.0
 ## explicit; go 1.18
+# github.com/go-logr/logr v1.3.0
+## explicit; go 1.18
 github.com/go-logr/logr
 github.com/go-logr/logr/funcr
 # github.com/go-logr/stdr v1.2.2
@@ -1428,6 +1432,7 @@ github.com/opencontainers/distribution-spec/specs-go/v1
 # github.com/opencontainers/go-digest v1.0.0
 ## explicit; go 1.13
 github.com/opencontainers/go-digest
+github.com/opencontainers/go-digest/digestset
 # github.com/opencontainers/image-spec v1.1.0-rc5
 ## explicit; go 1.18
 github.com/opencontainers/image-spec/specs-go
@@ -1801,7 +1806,7 @@ go.opencensus.io/trace
 go.opencensus.io/trace/internal
 go.opencensus.io/trace/propagation
 go.opencensus.io/trace/tracestate
-# go.opentelemetry.io/otel v1.21.0
+# go.opentelemetry.io/otel v1.19.0
 ## explicit; go 1.20
 go.opentelemetry.io/otel
 go.opentelemetry.io/otel/attribute
@@ -1817,11 +1822,11 @@ go.opentelemetry.io/otel/semconv/internal/v2
 go.opentelemetry.io/otel/semconv/v1.12.0
 go.opentelemetry.io/otel/semconv/v1.17.0
 go.opentelemetry.io/otel/semconv/v1.17.0/httpconv
-# go.opentelemetry.io/otel/metric v1.21.0
+# go.opentelemetry.io/otel/metric v1.19.0
 ## explicit; go 1.20
 go.opentelemetry.io/otel/metric
 go.opentelemetry.io/otel/metric/embedded
-# go.opentelemetry.io/otel/trace v1.21.0
+# go.opentelemetry.io/otel/trace v1.19.0
 ## explicit; go 1.20
 go.opentelemetry.io/otel/trace
 go.opentelemetry.io/otel/trace/embedded
@@ -2050,6 +2055,8 @@ google.golang.org/appengine/urlfetch
 google.golang.org/genproto/googleapis/rpc/status
 # google.golang.org/grpc v1.59.0
 ## explicit; go 1.19
+# google.golang.org/grpc v1.59.0
+## explicit; go 1.19
 google.golang.org/grpc
 google.golang.org/grpc/attributes
 google.golang.org/grpc/backoff
@@ -2080,6 +2087,7 @@ google.golang.org/grpc/internal/grpcrand
 google.golang.org/grpc/internal/grpcsync
 google.golang.org/grpc/internal/grpcutil
 google.golang.org/grpc/internal/idle
+google.golang.org/grpc/internal/idle
 google.golang.org/grpc/internal/metadata
 google.golang.org/grpc/internal/pretty
 google.golang.org/grpc/internal/resolver
@@ -2100,6 +2108,7 @@ google.golang.org/grpc/stats
 google.golang.org/grpc/status
 google.golang.org/grpc/tap
 # google.golang.org/protobuf v1.31.0
+# google.golang.org/protobuf v1.31.0
 ## explicit; go 1.11
 google.golang.org/protobuf/encoding/protojson
 google.golang.org/protobuf/encoding/prototext

From 4b5e4888f329b1acd97cda2fda021c9125ec7bd1 Mon Sep 17 00:00:00 2001
From: guewa <72857276+guewa@users.noreply.github.com>
Date: Tue, 14 Nov 2023 08:21:50 +0100
Subject: [PATCH 19/23] run (run-int-tests)


From 3493d19ef7c18fd13d5c15582c8d0d3410e3b174 Mon Sep 17 00:00:00 2001
From: guewa <72857276+guewa@users.noreply.github.com>
Date: Mon, 4 Dec 2023 09:49:37 +0100
Subject: [PATCH 20/23] run (run-int-tests)


From 8ebc500c38987f8ff797b71773b019541d9574e6 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 9 Nov 2023 22:02:07 +0000
Subject: [PATCH 21/23] Bump github.com/sigstore/cosign/v2 from 2.1.1 to 2.2.1

Bumps [github.com/sigstore/cosign/v2](https://github.com/sigstore/cosign) from 2.1.1 to 2.2.1.
- [Release notes](https://github.com/sigstore/cosign/releases)
- [Changelog](https://github.com/sigstore/cosign/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sigstore/cosign/compare/v2.1.1...v2.2.1)

---
updated-dependencies:
- dependency-name: github.com/sigstore/cosign/v2
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .../go-cmp/cmp/internal/value/pointer.go      | 34 +++++++
 go.mod                                        |  8 --
 go.sum                                        | 25 +++--
 vendor/go.opentelemetry.io/otel/.gitignore    |  3 -
 vendor/go.opentelemetry.io/otel/CHANGELOG.md  | 91 +++++++++++++++++--
 vendor/go.opentelemetry.io/otel/Makefile      | 40 +-------
 vendor/go.opentelemetry.io/otel/README.md     | 28 ++----
 .../go.opentelemetry.io/otel/requirements.txt |  2 +-
 vendor/go.opentelemetry.io/otel/version.go    |  2 +-
 vendor/go.opentelemetry.io/otel/versions.yaml | 11 +--
 .../golang.org/x/sys/windows/registry/key.go  |  1 -
 .../x/sys/windows/registry/mksyscall.go       |  1 -
 .../x/sys/windows/registry/syscall.go         |  1 -
 .../x/sys/windows/registry/value.go           |  1 -
 vendor/modules.txt                            | 14 +--
 15 files changed, 145 insertions(+), 117 deletions(-)
 create mode 100644 controller-utils/vendor/github.com/google/go-cmp/cmp/internal/value/pointer.go

diff --git a/controller-utils/vendor/github.com/google/go-cmp/cmp/internal/value/pointer.go b/controller-utils/vendor/github.com/google/go-cmp/cmp/internal/value/pointer.go
new file mode 100644
index 000000000..e5dfff69a
--- /dev/null
+++ b/controller-utils/vendor/github.com/google/go-cmp/cmp/internal/value/pointer.go
@@ -0,0 +1,34 @@
+// Copyright 2018, The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package value
+
+import (
+	"reflect"
+	"unsafe"
+)
+
+// Pointer is an opaque typed pointer and is guaranteed to be comparable.
+type Pointer struct {
+	p unsafe.Pointer
+	t reflect.Type
+}
+
+// PointerOf returns a Pointer from v, which must be a
+// reflect.Ptr, reflect.Slice, or reflect.Map.
+func PointerOf(v reflect.Value) Pointer {
+	// The proper representation of a pointer is unsafe.Pointer,
+	// which is necessary if the GC ever uses a moving collector.
+	return Pointer{unsafe.Pointer(v.Pointer()), v.Type()}
+}
+
+// IsNil reports whether the pointer is nil.
+func (p Pointer) IsNil() bool {
+	return p.p == nil
+}
+
+// Uintptr returns the pointer as a uintptr.
+func (p Pointer) Uintptr() uintptr {
+	return uintptr(p.p)
+}
diff --git a/go.mod b/go.mod
index 28964d8a1..93bbbf117 100644
--- a/go.mod
+++ b/go.mod
@@ -5,7 +5,6 @@ go 1.21
 require (
 	github.com/Masterminds/sprig/v3 v3.2.3
 	github.com/ahmetb/gen-crd-api-reference-docs v0.3.0
-<<<<<<< HEAD
 	github.com/containerd/containerd v1.7.6
 	github.com/denverdino/aliyungo v0.0.0-20190125010748-a747050bb1ba
 	github.com/distribution/reference v0.5.0
@@ -90,7 +89,6 @@ require (
 	github.com/Masterminds/semver/v3 v3.2.1 // indirect
 	github.com/Masterminds/squirrel v1.5.4 // indirect
 	github.com/Microsoft/go-winio v0.6.1 // indirect
-<<<<<<< HEAD
 	github.com/Microsoft/hcsshim v0.11.0 // indirect
 	github.com/ProtonMail/go-crypto v0.0.0-20230923063757-afb1ddc0824c // indirect
 	github.com/ThalesIgnite/crypto11 v1.2.5 // indirect
@@ -327,15 +325,9 @@ require (
 	github.com/zeebo/errs v1.3.0 // indirect
 	go.mongodb.org/mongo-driver v1.12.1 // indirect
 	go.opencensus.io v0.24.0 // indirect
-<<<<<<< HEAD
 	go.opentelemetry.io/otel v1.21.0 // indirect
 	go.opentelemetry.io/otel/metric v1.21.0 // indirect
 	go.opentelemetry.io/otel/trace v1.21.0 // indirect
-=======
-	go.opentelemetry.io/otel v1.19.0 // indirect
-	go.opentelemetry.io/otel/metric v1.19.0 // indirect
-	go.opentelemetry.io/otel/trace v1.19.0 // indirect
->>>>>>> adaa05bc0 (Bump github.com/sigstore/cosign/v2 from 2.1.1 to 2.2.1)
 	go.starlark.net v0.0.0-20221028183056-acb66ad56dd2 // indirect
 	go.step.sm/crypto v0.36.1 // indirect
 	go.uber.org/atomic v1.11.0 // indirect
diff --git a/go.sum b/go.sum
index 1af601074..1afb0d52f 100644
--- a/go.sum
+++ b/go.sum
@@ -354,6 +354,7 @@ github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnweb
 github.com/bmizerany/assert v0.0.0-20160611221934-b7ed37b82869/go.mod h1:Ekp36dRnpXw/yCqJaO+ZrUyxD+3VXMFFr56k5XYrpB4=
 github.com/bshuster-repo/logrus-logstash-hook v0.4.1/go.mod h1:zsTqEiSzDgAa/8GZR7E1qaXrhYNDKBYy5/dWPTIflbk=
 github.com/bshuster-repo/logrus-logstash-hook v1.0.0 h1:e+C0SB5R1pu//O4MQ3f9cFuPGoOVeF2fE4Og9otCc70=
+github.com/bshuster-repo/logrus-logstash-hook v1.0.0/go.mod h1:zsTqEiSzDgAa/8GZR7E1qaXrhYNDKBYy5/dWPTIflbk=
 github.com/buger/jsonparser v0.0.0-20180808090653-f4dd9f5a6b44/go.mod h1:bbYlZJ7hK1yFx9hf58LP0zeX7UjIGs20ufpu3evjr+s=
 github.com/buger/jsonparser v1.1.1/go.mod h1:6RYKKt7H4d4+iWqouImQ9R2FZql3VbhNgx27UK13J/0=
 github.com/bugsnag/bugsnag-go v0.0.0-20141110184014-b1d153021fcd/go.mod h1:2oa8nejYd4cQ/b0hMIopN0lCRxU0bueqREvZLWFrtK8=
@@ -622,8 +623,6 @@ github.com/docker/docker v1.4.2-0.20190924003213-a8608b5b67c7/go.mod h1:eEKB0N0r
 github.com/docker/docker v20.10.14+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
 github.com/docker/docker v24.0.7+incompatible h1:Wo6l37AuwP3JaMnZa226lzVXGA3F9Ig1seQen0cKYlM=
 github.com/docker/docker v24.0.7+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
-github.com/docker/docker v24.0.7+incompatible h1:Wo6l37AuwP3JaMnZa226lzVXGA3F9Ig1seQen0cKYlM=
-github.com/docker/docker v24.0.7+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
 github.com/docker/docker-credential-helpers v0.6.3/go.mod h1:WRaJzqw3CTB9bk10avuGsjVBZsD05qeibJ1/TYlvc0Y=
 github.com/docker/docker-credential-helpers v0.6.4/go.mod h1:ofX3UI0Gz1TteYBjtgs07O36Pyasyp66D2uKT7H8W1c=
 github.com/docker/docker-credential-helpers v0.8.0 h1:YQFtbBQb4VrpoPxhFuzEBPQ9E16qz5SpHLS+uswaCp8=
@@ -687,6 +686,7 @@ github.com/fatih/color v1.15.0 h1:kOqh6YHBtK8aywxGerMG2Eq3H6Qgoqeo13Bk2Mv/nBs=
 github.com/fatih/color v1.15.0/go.mod h1:0h5ZqXfHYED7Bhv2ZJamyIOUej9KtShiJESRwBDUSsw=
 github.com/felixge/httpsnoop v1.0.1/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
 github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg=
+github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
 github.com/flowstack/go-jsonschema v0.1.1/go.mod h1:yL7fNggx1o8rm9RlgXv7hTBWxdBM0rVwpMwimd3F3N0=
 github.com/fluxcd/pkg/ssa v0.24.1 h1:0dn5FqyYdGa+VuDp5EJrkLbPq5xhhSAAkMgGUeMpOM0=
 github.com/fluxcd/pkg/ssa v0.24.1/go.mod h1:nEOUOwGotBlNZkTkO6GHPlI0U0BmHTavFd1Jk+TzsGw=
@@ -750,8 +750,6 @@ github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbV
 github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
 github.com/go-logr/logr v1.3.0 h1:2y3SDp0ZXuc6/cjLSZ+Q3ir+QB9T/iG5yYRXqsagWSY=
 github.com/go-logr/logr v1.3.0/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
-github.com/go-logr/logr v1.3.0 h1:2y3SDp0ZXuc6/cjLSZ+Q3ir+QB9T/iG5yYRXqsagWSY=
-github.com/go-logr/logr v1.3.0/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
 github.com/go-logr/stdr v1.2.0/go.mod h1:YkVgnZu1ZjjL7xTxrfm/LLZBfkhTqSR1ydtm6jTKKwI=
 github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
 github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
@@ -1020,6 +1018,7 @@ github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORR
 github.com/gopherjs/gopherjs v0.0.0-20200217142428-fce0ec30dd00/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
 github.com/gorilla/handlers v0.0.0-20150720190736-60c7bfde3e33/go.mod h1:Qkdc/uu4tH4g6mTK6auzZ766c4CA0Ng8+o/OAirnOIQ=
 github.com/gorilla/handlers v1.5.1 h1:9lRY6j8DEeeBT10CvO9hGW0gmky0BprnvDI5vfhUHH4=
+github.com/gorilla/handlers v1.5.1/go.mod h1:t8XrUpc4KVXb7HGyJ4/cEnwQiaxrX/hz1Zv/4g96P1Q=
 github.com/gorilla/mux v1.7.0/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs=
 github.com/gorilla/mux v1.7.2/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs=
 github.com/gorilla/mux v1.7.3/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs=
@@ -1433,8 +1432,6 @@ github.com/opencontainers/image-spec v1.0.2/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zM
 github.com/opencontainers/image-spec v1.0.3-0.20211202193544-a5463b7f9c84/go.mod h1:Qnt1q4cjDNQI9bT832ziho5Iw2BhK8o1KwLOwW56VP4=
 github.com/opencontainers/image-spec v1.1.0-rc5 h1:Ygwkfw9bpDvs+c9E34SdgGOj41dX/cbdlwvlWt0pnFI=
 github.com/opencontainers/image-spec v1.1.0-rc5/go.mod h1:X4pATf0uXsnn3g5aiGIsVnJBR4mxhKzfwmvK/B2NTm8=
-github.com/opencontainers/image-spec v1.1.0-rc5 h1:Ygwkfw9bpDvs+c9E34SdgGOj41dX/cbdlwvlWt0pnFI=
-github.com/opencontainers/image-spec v1.1.0-rc5/go.mod h1:X4pATf0uXsnn3g5aiGIsVnJBR4mxhKzfwmvK/B2NTm8=
 github.com/opencontainers/runc v0.0.0-20190115041553-12f6a991201f/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U=
 github.com/opencontainers/runc v0.1.1/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U=
 github.com/opencontainers/runc v1.0.0-rc8.0.20190926000215-3e425f80a8c9/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U=
@@ -1559,6 +1556,7 @@ github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTE
 github.com/rogpeppe/go-internal v1.8.0/go.mod h1:WmiCO8CzOY8rg0OYDC4/i/2WRWAB6poM+XZ2dLUbcbE=
 github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs=
 github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ=
+github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog=
 github.com/rubenv/sql-migrate v1.3.1 h1:Vx+n4Du8X8VTYuXbhNxdEUoh6wiJERA0GlWocR5FrbA=
 github.com/rubenv/sql-migrate v1.3.1/go.mod h1:YzG/Vh82CwyhTFXy+Mf5ahAiiEOpAlHurg+23VEzcsk=
 github.com/russross/blackfriday v1.6.0/go.mod h1:ti0ldHuxg49ri4ksnFxlkCfN+hvslNlmVHqNRXXJNAY=
@@ -1853,16 +1851,16 @@ go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.2
 go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.20.0/go.mod h1:2AboqHi0CiIZU0qwhtUfCYD1GeUzvvIXWNkhDt7ZMG4=
 go.opentelemetry.io/otel v0.20.0/go.mod h1:Y3ugLH2oa81t5QO+Lty+zXf8zC9L26ax4Nzoxm/dooo=
 go.opentelemetry.io/otel v1.3.0/go.mod h1:PWIKzi6JCp7sM0k9yZ43VX+T345uNbAkDKwHVjb2PTs=
-go.opentelemetry.io/otel v1.19.0 h1:MuS/TNf4/j4IXsZuJegVzI1cwut7Qc00344rgH7p8bs=
-go.opentelemetry.io/otel v1.19.0/go.mod h1:i0QyjOq3UPoTzff0PJB2N66fb4S0+rSbSB15/oyH9fY=
+go.opentelemetry.io/otel v1.21.0 h1:hzLeKBZEL7Okw2mGzZ0cc4k/A7Fta0uoPgaJCr8fsFc=
+go.opentelemetry.io/otel v1.21.0/go.mod h1:QZzNPQPm1zLX4gZK4cMi+71eaorMSGT3A4znnUvNNEo=
 go.opentelemetry.io/otel/exporters/otlp v0.20.0/go.mod h1:YIieizyaN77rtLJra0buKiNBOm9XQfkPEKBeuhoMwAM=
 go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.3.0/go.mod h1:VpP4/RMn8bv8gNo9uK7/IMY4mtWLELsS+JIP0inH0h4=
 go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.3.0/go.mod h1:hO1KLR7jcKaDDKDkvI9dP/FIhpmna5lkqPUQdEjFAM8=
 go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.3.0/go.mod h1:keUU7UfnwWTWpJ+FWnyqmogPa82nuU5VUANFq49hlMY=
 go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.3.0/go.mod h1:QNX1aly8ehqqX1LEa6YniTU7VY9I6R3X/oPxhGdTceE=
 go.opentelemetry.io/otel/metric v0.20.0/go.mod h1:598I5tYlH1vzBjn+BTuhzTCSb/9debfNp6R3s7Pr1eU=
-go.opentelemetry.io/otel/metric v1.19.0 h1:aTzpGtV0ar9wlV4Sna9sdJyII5jTVJEvKETPiOKwvpE=
-go.opentelemetry.io/otel/metric v1.19.0/go.mod h1:L5rUsV9kM1IxCj1MmSdS+JQAcVm319EUrDVLrt7jqt8=
+go.opentelemetry.io/otel/metric v1.21.0 h1:tlYWfeo+Bocx5kLEloTjbcDwBuELRrIFxwdQ36PlJu4=
+go.opentelemetry.io/otel/metric v1.21.0/go.mod h1:o1p3CA8nNHW8j5yuQLdc1eeqEaPfzug24uvsyIEJRWM=
 go.opentelemetry.io/otel/oteltest v0.20.0/go.mod h1:L7bgKf9ZB7qCwT9Up7i9/pn0PWIa9FqQ2IQ8LoxiGnw=
 go.opentelemetry.io/otel/sdk v0.20.0/go.mod h1:g/IcepuwNsoiX5Byy2nNV0ySUF1em498m7hBWC279Yc=
 go.opentelemetry.io/otel/sdk v1.3.0/go.mod h1:rIo4suHNhQwBIPg9axF8V9CA72Wz2mKF1teNrup8yzs=
@@ -1872,8 +1870,8 @@ go.opentelemetry.io/otel/sdk/export/metric v0.20.0/go.mod h1:h7RBNMsDJ5pmI1zExLi
 go.opentelemetry.io/otel/sdk/metric v0.20.0/go.mod h1:knxiS8Xd4E/N+ZqKmUPf3gTTZ4/0TjTXukfxjzSTpHE=
 go.opentelemetry.io/otel/trace v0.20.0/go.mod h1:6GjCW8zgDjwGHGa6GkyeB8+/5vjT16gUEi0Nf1iBdgw=
 go.opentelemetry.io/otel/trace v1.3.0/go.mod h1:c/VDhno8888bvQYmbYLqe41/Ldmr/KKunbvWM4/fEjk=
-go.opentelemetry.io/otel/trace v1.19.0 h1:DFVQmlVbfVeOuBRrwdtaehRrWiL1JoVs9CPIQ1Dzxpg=
-go.opentelemetry.io/otel/trace v1.19.0/go.mod h1:mfaSyvGyEJEI0nyV2I4qhNQnbBOUUmYZpYojqMnX2vo=
+go.opentelemetry.io/otel/trace v1.21.0 h1:WD9i5gzvoUPuXIXH24ZNBudiarZDKuekPqi/E8fpfLc=
+go.opentelemetry.io/otel/trace v1.21.0/go.mod h1:LGbsEB0f9LGjN+OZaQQ26sohbOmiMR+BaslueVtS/qQ=
 go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI=
 go.opentelemetry.io/proto/otlp v0.11.0/go.mod h1:QpEjXPrNQzrFDZgoTo49dgHR9RYRSrg3NAKnUGl9YpQ=
 go.starlark.net v0.0.0-20221028183056-acb66ad56dd2 h1:5/KzhcSqd4UgY51l17r7C5g/JiE6DRw1Vq7VJfQHuMc=
@@ -2219,8 +2217,9 @@ golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.9.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE=
 golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.14.0 h1:Vz7Qs629MkJkGyHxUlRHizWJRG2j8fbQKjELVSNhy7Q=
+golang.org/x/sys v0.14.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
diff --git a/vendor/go.opentelemetry.io/otel/.gitignore b/vendor/go.opentelemetry.io/otel/.gitignore
index 7d29ed64d..895c7664b 100644
--- a/vendor/go.opentelemetry.io/otel/.gitignore
+++ b/vendor/go.opentelemetry.io/otel/.gitignore
@@ -14,9 +14,6 @@ go.work.sum
 gen/
 
 /example/dice/dice
-/example/fib/fib
-/example/fib/traces.txt
-/example/jaeger/jaeger
 /example/namedtracer/namedtracer
 /example/otel-collector/otel-collector
 /example/opencensus/opencensus
diff --git a/vendor/go.opentelemetry.io/otel/CHANGELOG.md b/vendor/go.opentelemetry.io/otel/CHANGELOG.md
index c2487d4e3..24874f856 100644
--- a/vendor/go.opentelemetry.io/otel/CHANGELOG.md
+++ b/vendor/go.opentelemetry.io/otel/CHANGELOG.md
@@ -8,6 +8,85 @@ This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.htm
 
 ## [Unreleased]
 
+## [1.21.0/0.44.0] 2023-11-16
+
+### Removed
+
+- Remove the deprecated `go.opentelemetry.io/otel/bridge/opencensus.NewTracer`. (#4706)
+- Remove the deprecated `go.opentelemetry.io/otel/exporters/otlp/otlpmetric` module. (#4707)
+- Remove the deprecated `go.opentelemetry.io/otel/example/view` module. (#4708)
+- Remove the deprecated `go.opentelemetry.io/otel/example/fib` module. (#4723)
+
+### Fixed
+
+- Do not parse non-protobuf responses in `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp`. (#4719)
+- Do not parse non-protobuf responses in `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp`. (#4719)
+
+## [1.20.0/0.43.0] 2023-11-10
+
+This release brings a breaking change for custom trace API implementations. Some interfaces (`TracerProvider`, `Tracer`, `Span`) now embed the `go.opentelemetry.io/otel/trace/embedded` types. Implementors need to update their implementations based on what they want the default behavior to be. See the "API Implementations" section of the [trace API] package documentation for more information about how to accomplish this.
+
+### Added
+
+- Add `go.opentelemetry.io/otel/bridge/opencensus.InstallTraceBridge`, which installs the OpenCensus trace bridge, and replaces `opencensus.NewTracer`. (#4567)
+- Add scope version to trace and metric bridges in `go.opentelemetry.io/otel/bridge/opencensus`. (#4584)
+- Add the `go.opentelemetry.io/otel/trace/embedded` package to be embedded in the exported trace API interfaces. (#4620)
+- Add the `go.opentelemetry.io/otel/trace/noop` package as a default no-op implementation of the trace API. (#4620)
+- Add context propagation in `go.opentelemetry.io/otel/example/dice`. (#4644)
+- Add view configuration to `go.opentelemetry.io/otel/example/prometheus`. (#4649)
+- Add `go.opentelemetry.io/otel/metric.WithExplicitBucketBoundaries`, which allows defining default explicit bucket boundaries when creating histogram instruments. (#4603)
+- Add `Version` function in `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc`. (#4660)
+- Add `Version` function in `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp`. (#4660)
+- Add Summary, SummaryDataPoint, and QuantileValue to `go.opentelemetry.io/sdk/metric/metricdata`. (#4622)
+- `go.opentelemetry.io/otel/bridge/opencensus.NewMetricProducer` now supports exemplars from OpenCensus. (#4585)
+- Add support for `WithExplicitBucketBoundaries` in `go.opentelemetry.io/otel/sdk/metric`. (#4605)
+- Add support for Summary metrics in `go.opentelemetry.io/otel/bridge/opencensus`. (#4668)
+
+### Deprecated
+
+- Deprecate `go.opentelemetry.io/otel/bridge/opencensus.NewTracer` in favor of `opencensus.InstallTraceBridge`. (#4567)
+- Deprecate `go.opentelemetry.io/otel/example/fib` package is in favor of `go.opentelemetry.io/otel/example/dice`. (#4618)
+- Deprecate `go.opentelemetry.io/otel/trace.NewNoopTracerProvider`.
+  Use the added `NewTracerProvider` function in `go.opentelemetry.io/otel/trace/noop` instead. (#4620)
+- Deprecate `go.opentelemetry.io/otel/example/view` package in favor of `go.opentelemetry.io/otel/example/prometheus`. (#4649)
+- Deprecate `go.opentelemetry.io/otel/exporters/otlp/otlpmetric`. (#4693)
+
+### Changed
+
+- `go.opentelemetry.io/otel/bridge/opencensus.NewMetricProducer` returns a `*MetricProducer` struct instead of the metric.Producer interface. (#4583)
+- The `TracerProvider` in `go.opentelemetry.io/otel/trace` now embeds the `go.opentelemetry.io/otel/trace/embedded.TracerProvider` type.
+  This extends the `TracerProvider` interface and is is a breaking change for any existing implementation.
+  Implementors need to update their implementations based on what they want the default behavior of the interface to be.
+  See the "API Implementations" section of the `go.opentelemetry.io/otel/trace` package documentation for more information about how to accomplish this. (#4620)
+- The `Tracer` in `go.opentelemetry.io/otel/trace` now embeds the `go.opentelemetry.io/otel/trace/embedded.Tracer` type.
+  This extends the `Tracer` interface and is is a breaking change for any existing implementation.
+  Implementors need to update their implementations based on what they want the default behavior of the interface to be.
+  See the "API Implementations" section of the `go.opentelemetry.io/otel/trace` package documentation for more information about how to accomplish this. (#4620)
+- The `Span` in `go.opentelemetry.io/otel/trace` now embeds the `go.opentelemetry.io/otel/trace/embedded.Span` type.
+  This extends the `Span` interface and is is a breaking change for any existing implementation.
+  Implementors need to update their implementations based on what they want the default behavior of the interface to be.
+  See the "API Implementations" section of the `go.opentelemetry.io/otel/trace` package documentation for more information about how to accomplish this. (#4620)
+- `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc` does no longer depend on `go.opentelemetry.io/otel/exporters/otlp/otlpmetric`. (#4660)
+- `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp` does no longer depend on `go.opentelemetry.io/otel/exporters/otlp/otlpmetric`. (#4660)
+- Retry for `502 Bad Gateway` and `504 Gateway Timeout` HTTP statuses in `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp`. (#4670)
+- Retry for `502 Bad Gateway` and `504 Gateway Timeout` HTTP statuses in `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp`. (#4670)
+- Retry for `RESOURCE_EXHAUSTED` only if RetryInfo is returned in `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc`. (#4669)
+- Retry for `RESOURCE_EXHAUSTED` only if RetryInfo is returned in `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc`. (#4669)
+- Retry temporary HTTP request failures in `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp`. (#4679)
+- Retry temporary HTTP request failures in `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp`. (#4679)
+
+### Fixed
+
+- Fix improper parsing of characters such us `+`, `/` by `Parse` in `go.opentelemetry.io/otel/baggage` as they were rendered as a whitespace. (#4667)
+- Fix improper parsing of characters such us `+`, `/` passed via `OTEL_RESOURCE_ATTRIBUTES` in `go.opentelemetry.io/otel/sdk/resource` as they were rendered as a whitespace. (#4699)
+- Fix improper parsing of characters such us `+`, `/` passed via `OTEL_EXPORTER_OTLP_HEADERS` and `OTEL_EXPORTER_OTLP_METRICS_HEADERS` in `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc` as they were rendered as a whitespace. (#4699)
+- Fix improper parsing of characters such us `+`, `/` passed via `OTEL_EXPORTER_OTLP_HEADERS` and `OTEL_EXPORTER_OTLP_METRICS_HEADERS` in `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp` as they were rendered as a whitespace. (#4699)
+- Fix improper parsing of characters such us `+`, `/` passed via `OTEL_EXPORTER_OTLP_HEADERS` and `OTEL_EXPORTER_OTLP_TRACES_HEADERS` in `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlptracegrpc` as they were rendered as a whitespace. (#4699)
+- Fix improper parsing of characters such us `+`, `/` passed via `OTEL_EXPORTER_OTLP_HEADERS` and `OTEL_EXPORTER_OTLP_TRACES_HEADERS` in `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlptracehttp` as they were rendered as a whitespace. (#4699)
+- In `go.opentelemetry.op/otel/exporters/prometheus`, the exporter no longer `Collect`s metrics after `Shutdown` is invoked. (#4648)
+- Fix documentation for `WithCompressor` in `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc`. (#4695)
+- Fix documentation for `WithCompressor` in `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc`. (#4695)
+
 ## [1.19.0/0.42.0/0.0.7] 2023-09-28
 
 This release contains the first stable release of the OpenTelemetry Go [metric SDK].
@@ -181,15 +260,11 @@ See our [versioning policy](VERSIONING.md) for more information about these stab
 - The Exponential Histogram data types in `go.opentelemetry.io/otel/sdk/metric/metricdata`. (#4165)
 - OTLP metrics exporter now supports the Exponential Histogram Data Type. (#4222)
 - Fix serialization of `time.Time` zero values in `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc` and `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp` packages. (#4271)
-- The Exponential Histogram data types in `go.opentelemetry.io/otel/sdk/metric/metricdata`. (#4165)
-- OTLP metrics exporter now supports the Exponential Histogram Data Type. (#4222)
-- Fix serialization of `time.Time` zero values in `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc` and `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp` packages. (#4271)
 
 ### Changed
 
 - Use `strings.Cut()` instead of `string.SplitN()` for better readability and memory use. (#4049)
 - `MeterProvider` returns noop meters once it has been shutdown. (#4154)
-- `MeterProvider` returns noop meters once it has been shutdown. (#4154)
 
 ### Removed
 
@@ -356,8 +431,6 @@ This release drops the compatibility guarantee of [Go 1.18].
 - Clarify the `httpconv` and `netconv` packages in `go.opentelemetry.io/otel/semconv/*` provide tracing semantic conventions. (#3823)
 - Fix race conditions in `go.opentelemetry.io/otel/exporters/metric/prometheus` that could cause a panic. (#3899)
 - Fix sending nil `scopeInfo` to metrics channel in `go.opentelemetry.io/otel/exporters/metric/prometheus` that could cause a panic in `github.com/prometheus/client_golang/prometheus`. (#3899)
-- Fix race conditions in `go.opentelemetry.io/otel/exporters/metric/prometheus` that could cause a panic. (#3899)
-- Fix sending nil `scopeInfo` to metrics channel in `go.opentelemetry.io/otel/exporters/metric/prometheus` that could cause a panic in `github.com/prometheus/client_golang/prometheus`. (#3899)
 
 ### Deprecated
 
@@ -2662,7 +2735,9 @@ It contains api and sdk for trace and meter.
 - CircleCI build CI manifest files.
 - CODEOWNERS file to track owners of this project.
 
-[Unreleased]: https://github.com/open-telemetry/opentelemetry-go/compare/v1.19.0...HEAD
+[Unreleased]: https://github.com/open-telemetry/opentelemetry-go/compare/v1.21.0...HEAD
+[1.21.0/0.44.0]: https://github.com/open-telemetry/opentelemetry-go/releases/tag/v1.21.0
+[1.20.0/0.43.0]: https://github.com/open-telemetry/opentelemetry-go/releases/tag/v1.20.0
 [1.19.0/0.42.0/0.0.7]: https://github.com/open-telemetry/opentelemetry-go/releases/tag/v1.19.0
 [1.19.0-rc.1/0.42.0-rc.1]: https://github.com/open-telemetry/opentelemetry-go/releases/tag/v1.19.0-rc.1
 [1.18.0/0.41.0/0.0.6]: https://github.com/open-telemetry/opentelemetry-go/releases/tag/v1.18.0
@@ -2737,7 +2812,7 @@ It contains api and sdk for trace and meter.
 [Go 1.20]: https://go.dev/doc/go1.20
 [Go 1.19]: https://go.dev/doc/go1.19
 [Go 1.18]: https://go.dev/doc/go1.18
-[Go 1.19]: https://go.dev/doc/go1.19
 
 [metric API]:https://pkg.go.dev/go.opentelemetry.io/otel/metric
 [metric SDK]:https://pkg.go.dev/go.opentelemetry.io/otel/sdk/metric
+[trace API]:https://pkg.go.dev/go.opentelemetry.io/otel/trace
diff --git a/vendor/go.opentelemetry.io/otel/Makefile b/vendor/go.opentelemetry.io/otel/Makefile
index 28567c883..35fc18996 100644
--- a/vendor/go.opentelemetry.io/otel/Makefile
+++ b/vendor/go.opentelemetry.io/otel/Makefile
@@ -26,7 +26,6 @@ TIMEOUT = 60
 
 .PHONY: precommit ci
 precommit: generate dependabot-generate license-check misspell go-mod-tidy golangci-lint-fix test-default
-precommit: generate dependabot-generate license-check misspell go-mod-tidy golangci-lint-fix test-default
 ci: generate dependabot-check license-check lint vanity-import-check build test-default check-clean-work-tree test-coverage
 
 # Tools
@@ -78,9 +77,11 @@ $(GOTMPL): PACKAGE=go.opentelemetry.io/build-tools/gotmpl
 GORELEASE = $(TOOLS)/gorelease
 $(GORELEASE): PACKAGE=golang.org/x/exp/cmd/gorelease
 
+GOVULNCHECK = $(TOOLS)/govulncheck
+$(TOOLS)/govulncheck: PACKAGE=golang.org/x/vuln/cmd/govulncheck
+
 .PHONY: tools
 tools: $(CROSSLINK) $(DBOTCONF) $(GOLANGCI_LINT) $(MISSPELL) $(GOCOVMERGE) $(STRINGER) $(PORTO) $(GOJQ) $(SEMCONVGEN) $(MULTIMOD) $(SEMCONVKIT) $(GOTMPL) $(GORELEASE)
-tools: $(CROSSLINK) $(DBOTCONF) $(GOLANGCI_LINT) $(MISSPELL) $(GOCOVMERGE) $(STRINGER) $(PORTO) $(GOJQ) $(SEMCONVGEN) $(MULTIMOD) $(SEMCONVKIT) $(GOTMPL) $(GORELEASE)
 
 # Virtualized python tools via docker
 
@@ -120,12 +121,6 @@ $(CODESPELL): PACKAGE=codespell
 .PHONY: generate
 generate: go-generate vanity-import-fix
 
-.PHONY: go-generate
-go-generate: $(OTEL_GO_MOD_DIRS:%=go-generate/%)
-go-generate/%: DIR=$*
-go-generate/%: | $(STRINGER) $(GOTMPL)
-generate: go-generate vanity-import-fix
-
 .PHONY: go-generate
 go-generate: $(OTEL_GO_MOD_DIRS:%=go-generate/%)
 go-generate/%: DIR=$*
@@ -138,16 +133,6 @@ go-generate/%: | $(STRINGER) $(GOTMPL)
 vanity-import-fix: | $(PORTO)
 	@$(PORTO) --include-internal -w .
 
-# Generate go.work file for local development.
-.PHONY: go-work
-go-work: | $(CROSSLINK)
-	$(CROSSLINK) work --root=$(shell pwd)
-		&& PATH="$(TOOLS):$${PATH}" $(GO) generate ./...
-
-.PHONY: vanity-import-fix
-vanity-import-fix: | $(PORTO)
-	@$(PORTO) --include-internal -w .
-
 # Generate go.work file for local development.
 .PHONY: go-work
 go-work: | $(CROSSLINK)
@@ -241,7 +226,6 @@ go-mod-tidy/%: | crosslink
 	@echo "$(GO) mod tidy in $(DIR)" \
 		&& cd $(DIR) \
 		&& $(GO) mod tidy -compat=1.20
-		&& $(GO) mod tidy -compat=1.20
 
 .PHONY: lint-modules
 lint-modules: go-mod-tidy
@@ -252,7 +236,6 @@ lint: misspell lint-modules golangci-lint govulncheck
 .PHONY: vanity-import-check
 vanity-import-check: | $(PORTO)
 	@$(PORTO) --include-internal -l . || ( echo "(run: make vanity-import-fix)"; exit 1 )
-	@$(PORTO) --include-internal -l . || ( echo "(run: make vanity-import-fix)"; exit 1 )
 
 .PHONY: misspell
 misspell: | $(MISSPELL)
@@ -274,7 +257,6 @@ codespell: | $(CODESPELL)
 license-check:
 	@licRes=$$(for f in $$(find . -type f \( -iname '*.go' -o -iname '*.sh' \) ! -path '**/third_party/*' ! -path './.git/*' ) ; do \
 	           awk '/Copyright The OpenTelemetry Authors|generated|GENERATED/ && NR<=4 { found=1; next } END { if (!found) print FILENAME }' $$f; \
-	           awk '/Copyright The OpenTelemetry Authors|generated|GENERATED/ && NR<=4 { found=1; next } END { if (!found) print FILENAME }' $$f; \
 	   done); \
 	   if [ -n "$${licRes}" ]; then \
 	           echo "license header checking failed:"; echo "$${licRes}"; \
@@ -285,7 +267,6 @@ DEPENDABOT_CONFIG = .github/dependabot.yml
 .PHONY: dependabot-check
 dependabot-check: | $(DBOTCONF)
 	@$(DBOTCONF) verify $(DEPENDABOT_CONFIG) || ( echo "(run: make dependabot-generate)"; exit 1 )
-	@$(DBOTCONF) verify $(DEPENDABOT_CONFIG) || ( echo "(run: make dependabot-generate)"; exit 1 )
 
 .PHONY: dependabot-generate
 dependabot-generate: | $(DBOTCONF)
@@ -304,12 +285,6 @@ check-clean-work-tree:
 SEMCONVPKG ?= "semconv/"
 .PHONY: semconv-generate
 semconv-generate: | $(SEMCONVGEN) $(SEMCONVKIT)
-	[ "$(TAG)" ] || ( echo "TAG unset: missing opentelemetry semantic-conventions tag"; exit 1 )
-	[ "$(OTEL_SEMCONV_REPO)" ] || ( echo "OTEL_SEMCONV_REPO unset: missing path to opentelemetry semantic-conventions repo"; exit 1 )
-	$(SEMCONVGEN) -i "$(OTEL_SEMCONV_REPO)/model/." --only=span -p conventionType=trace -f trace.go -t "$(SEMCONVPKG)/template.j2" -s "$(TAG)"
-	$(SEMCONVGEN) -i "$(OTEL_SEMCONV_REPO)/model/." --only=attribute_group -p conventionType=trace -f attribute_group.go -t "$(SEMCONVPKG)/template.j2" -s "$(TAG)"
-	$(SEMCONVGEN) -i "$(OTEL_SEMCONV_REPO)/model/." --only=event -p conventionType=event -f event.go -t "$(SEMCONVPKG)/template.j2" -s "$(TAG)"
-	$(SEMCONVGEN) -i "$(OTEL_SEMCONV_REPO)/model/." --only=resource -p conventionType=resource -f resource.go -t "$(SEMCONVPKG)/template.j2" -s "$(TAG)"
 	[ "$(TAG)" ] || ( echo "TAG unset: missing opentelemetry semantic-conventions tag"; exit 1 )
 	[ "$(OTEL_SEMCONV_REPO)" ] || ( echo "OTEL_SEMCONV_REPO unset: missing path to opentelemetry semantic-conventions repo"; exit 1 )
 	$(SEMCONVGEN) -i "$(OTEL_SEMCONV_REPO)/model/." --only=span -p conventionType=trace -f trace.go -t "$(SEMCONVPKG)/template.j2" -s "$(TAG)"
@@ -327,15 +302,6 @@ gorelease/%:| $(GORELEASE)
 		&& $(GORELEASE) \
 		|| echo ""
 
-.PHONY: gorelease
-gorelease: $(OTEL_GO_MOD_DIRS:%=gorelease/%)
-gorelease/%: DIR=$*
-gorelease/%:| $(GORELEASE)
-	@echo "gorelease in $(DIR):" \
-		&& cd $(DIR) \
-		&& $(GORELEASE) \
-		|| echo ""
-
 .PHONY: prerelease
 prerelease: | $(MULTIMOD)
 	@[ "${MODSET}" ] || ( echo ">> env var MODSET is not set"; exit 1 )
diff --git a/vendor/go.opentelemetry.io/otel/README.md b/vendor/go.opentelemetry.io/otel/README.md
index 9695fbefd..2c5b0cc28 100644
--- a/vendor/go.opentelemetry.io/otel/README.md
+++ b/vendor/go.opentelemetry.io/otel/README.md
@@ -11,19 +11,15 @@ It provides a set of APIs to directly measure performance and behavior of your s
 
 ## Project Status
 
-| Signal  | Status     | Project               |
-|---------|------------|-----------------------|
-| Traces  | Stable     | N/A                   |
-| Metrics | Mixed [1]  | [Go: Metric SDK (GA)] |
-| Logs    | Frozen [2] | N/A                   |
+| Signal  | Status     |
+|---------|------------|
+| Traces  | Stable     |
+| Metrics | Stable     |
+| Logs    | Design [1] |
 
-[Go: Metric SDK (GA)]: https://github.com/orgs/open-telemetry/projects/34
-
-- [1]: [Metrics API](https://pkg.go.dev/go.opentelemetry.io/otel/metric) is Stable. [Metrics SDK](https://pkg.go.dev/go.opentelemetry.io/otel/sdk/metric) is Beta.
-- [2]: The Logs signal development is halted for this project while we stabilize the Metrics SDK.
+- [1]: Currently the logs signal development is in a design phase ([#4696](https://github.com/open-telemetry/opentelemetry-go/issues/4696)).
    No Logs Pull Requests are currently being accepted.
 
-Progress and status specific to this repository is tracked in our
 Progress and status specific to this repository is tracked in our
 [project boards](https://github.com/open-telemetry/opentelemetry-go/projects)
 and
@@ -31,7 +27,6 @@ and
 
 Project versioning information and stability guarantees can be found in the
 [versioning documentation](VERSIONING.md).
-[versioning documentation](VERSIONING.md).
 
 ### Compatibility
 
@@ -56,20 +51,14 @@ Currently, this project supports the following environments.
 | OS      | Go Version | Architecture |
 |---------|------------|--------------|
 | Ubuntu  | 1.21       | amd64        |
-|---------|------------|--------------|
-| Ubuntu  | 1.21       | amd64        |
 | Ubuntu  | 1.20       | amd64        |
 | Ubuntu  | 1.21       | 386          |
-| Ubuntu  | 1.21       | 386          |
 | Ubuntu  | 1.20       | 386          |
 | MacOS   | 1.21       | amd64        |
-| MacOS   | 1.21       | amd64        |
 | MacOS   | 1.20       | amd64        |
 | Windows | 1.21       | amd64        |
-| Windows | 1.21       | amd64        |
 | Windows | 1.20       | amd64        |
 | Windows | 1.21       | 386          |
-| Windows | 1.21       | 386          |
 | Windows | 1.20       | 386          |
 
 While this project should work for other systems, no compatibility guarantees
@@ -113,11 +102,6 @@ All officially supported exporters for the OpenTelemetry project are contained i
 | [Prometheus](./exporters/prometheus/) |    ✓    |        |
 | [stdout](./exporters/stdout/)         |    ✓    |   ✓    |
 | [Zipkin](./exporters/zipkin/)         |         |   ✓    |
-|---------------------------------------|:-------:|:------:|
-| [OTLP](./exporters/otlp/)             |    ✓    |   ✓    |
-| [Prometheus](./exporters/prometheus/) |    ✓    |        |
-| [stdout](./exporters/stdout/)         |    ✓    |   ✓    |
-| [Zipkin](./exporters/zipkin/)         |         |   ✓    |
 
 ## Contributing
 
diff --git a/vendor/go.opentelemetry.io/otel/requirements.txt b/vendor/go.opentelemetry.io/otel/requirements.txt
index ddff45468..e0a43e138 100644
--- a/vendor/go.opentelemetry.io/otel/requirements.txt
+++ b/vendor/go.opentelemetry.io/otel/requirements.txt
@@ -1 +1 @@
-codespell==2.2.5
+codespell==2.2.6
diff --git a/vendor/go.opentelemetry.io/otel/version.go b/vendor/go.opentelemetry.io/otel/version.go
index ad64e1996..e2f743585 100644
--- a/vendor/go.opentelemetry.io/otel/version.go
+++ b/vendor/go.opentelemetry.io/otel/version.go
@@ -16,5 +16,5 @@ package otel // import "go.opentelemetry.io/otel"
 
 // Version is the current release version of OpenTelemetry in use.
 func Version() string {
-	return "1.19.0"
+	return "1.21.0"
 }
diff --git a/vendor/go.opentelemetry.io/otel/versions.yaml b/vendor/go.opentelemetry.io/otel/versions.yaml
index 7a79d2fb0..3c153c9d6 100644
--- a/vendor/go.opentelemetry.io/otel/versions.yaml
+++ b/vendor/go.opentelemetry.io/otel/versions.yaml
@@ -14,13 +14,12 @@
 
 module-sets:
   stable-v1:
-    version: v1.19.0
+    version: v1.21.0
     modules:
       - go.opentelemetry.io/otel
       - go.opentelemetry.io/otel/bridge/opentracing
       - go.opentelemetry.io/otel/bridge/opentracing/test
       - go.opentelemetry.io/otel/example/dice
-      - go.opentelemetry.io/otel/example/fib
       - go.opentelemetry.io/otel/example/namedtracer
       - go.opentelemetry.io/otel/example/otel-collector
       - go.opentelemetry.io/otel/example/passthrough
@@ -33,25 +32,19 @@ module-sets:
       - go.opentelemetry.io/otel/metric
       - go.opentelemetry.io/otel/sdk
       - go.opentelemetry.io/otel/sdk/metric
-      - go.opentelemetry.io/otel/sdk/metric
       - go.opentelemetry.io/otel/trace
   experimental-metrics:
-    version: v0.42.0
+    version: v0.44.0
     modules:
-      - go.opentelemetry.io/otel/bridge/opencensus
-      - go.opentelemetry.io/otel/bridge/opencensus/test
       - go.opentelemetry.io/otel/bridge/opencensus
       - go.opentelemetry.io/otel/bridge/opencensus/test
       - go.opentelemetry.io/otel/example/opencensus
       - go.opentelemetry.io/otel/example/prometheus
-      - go.opentelemetry.io/otel/example/view
-      - go.opentelemetry.io/otel/exporters/otlp/otlpmetric
       - go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc
       - go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp
       - go.opentelemetry.io/otel/exporters/prometheus
       - go.opentelemetry.io/otel/exporters/stdout/stdoutmetric
   experimental-schema:
-    version: v0.0.7
     version: v0.0.7
     modules:
       - go.opentelemetry.io/otel/schema
diff --git a/vendor/golang.org/x/sys/windows/registry/key.go b/vendor/golang.org/x/sys/windows/registry/key.go
index 6c8d97b6a..fd8632444 100644
--- a/vendor/golang.org/x/sys/windows/registry/key.go
+++ b/vendor/golang.org/x/sys/windows/registry/key.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build windows
-// +build windows
 
 // Package registry provides access to the Windows registry.
 //
diff --git a/vendor/golang.org/x/sys/windows/registry/mksyscall.go b/vendor/golang.org/x/sys/windows/registry/mksyscall.go
index ee74927d3..bbf86ccf0 100644
--- a/vendor/golang.org/x/sys/windows/registry/mksyscall.go
+++ b/vendor/golang.org/x/sys/windows/registry/mksyscall.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build generate
-// +build generate
 
 package registry
 
diff --git a/vendor/golang.org/x/sys/windows/registry/syscall.go b/vendor/golang.org/x/sys/windows/registry/syscall.go
index 417335123..f533091c1 100644
--- a/vendor/golang.org/x/sys/windows/registry/syscall.go
+++ b/vendor/golang.org/x/sys/windows/registry/syscall.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build windows
-// +build windows
 
 package registry
 
diff --git a/vendor/golang.org/x/sys/windows/registry/value.go b/vendor/golang.org/x/sys/windows/registry/value.go
index 2789f6f18..74db26b94 100644
--- a/vendor/golang.org/x/sys/windows/registry/value.go
+++ b/vendor/golang.org/x/sys/windows/registry/value.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build windows
-// +build windows
 
 package registry
 
diff --git a/vendor/modules.txt b/vendor/modules.txt
index 853ba7a74..47712b5cf 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -472,7 +472,6 @@ github.com/docker/cli/cli/context/store
 github.com/docker/cli/cli/debug
 github.com/docker/cli/cli/flags
 github.com/docker/cli/cli/hints
-github.com/docker/cli/cli/hints
 github.com/docker/cli/cli/manifest/store
 github.com/docker/cli/cli/manifest/types
 github.com/docker/cli/cli/registry/client
@@ -499,7 +498,6 @@ github.com/docker/distribution/registry/storage/cache
 github.com/docker/distribution/registry/storage/cache/memory
 github.com/docker/distribution/uuid
 # github.com/docker/docker v24.0.7+incompatible
-# github.com/docker/docker v24.0.7+incompatible
 ## explicit
 github.com/docker/docker/api
 github.com/docker/docker/api/types
@@ -684,8 +682,6 @@ github.com/go-jose/go-jose/v3/json
 github.com/go-jose/go-jose/v3/jwt
 # github.com/go-logr/logr v1.3.0
 ## explicit; go 1.18
-# github.com/go-logr/logr v1.3.0
-## explicit; go 1.18
 github.com/go-logr/logr
 github.com/go-logr/logr/funcr
 # github.com/go-logr/stdr v1.2.2
@@ -1806,7 +1802,7 @@ go.opencensus.io/trace
 go.opencensus.io/trace/internal
 go.opencensus.io/trace/propagation
 go.opencensus.io/trace/tracestate
-# go.opentelemetry.io/otel v1.19.0
+# go.opentelemetry.io/otel v1.21.0
 ## explicit; go 1.20
 go.opentelemetry.io/otel
 go.opentelemetry.io/otel/attribute
@@ -1822,11 +1818,11 @@ go.opentelemetry.io/otel/semconv/internal/v2
 go.opentelemetry.io/otel/semconv/v1.12.0
 go.opentelemetry.io/otel/semconv/v1.17.0
 go.opentelemetry.io/otel/semconv/v1.17.0/httpconv
-# go.opentelemetry.io/otel/metric v1.19.0
+# go.opentelemetry.io/otel/metric v1.21.0
 ## explicit; go 1.20
 go.opentelemetry.io/otel/metric
 go.opentelemetry.io/otel/metric/embedded
-# go.opentelemetry.io/otel/trace v1.19.0
+# go.opentelemetry.io/otel/trace v1.21.0
 ## explicit; go 1.20
 go.opentelemetry.io/otel/trace
 go.opentelemetry.io/otel/trace/embedded
@@ -2055,8 +2051,6 @@ google.golang.org/appengine/urlfetch
 google.golang.org/genproto/googleapis/rpc/status
 # google.golang.org/grpc v1.59.0
 ## explicit; go 1.19
-# google.golang.org/grpc v1.59.0
-## explicit; go 1.19
 google.golang.org/grpc
 google.golang.org/grpc/attributes
 google.golang.org/grpc/backoff
@@ -2087,7 +2081,6 @@ google.golang.org/grpc/internal/grpcrand
 google.golang.org/grpc/internal/grpcsync
 google.golang.org/grpc/internal/grpcutil
 google.golang.org/grpc/internal/idle
-google.golang.org/grpc/internal/idle
 google.golang.org/grpc/internal/metadata
 google.golang.org/grpc/internal/pretty
 google.golang.org/grpc/internal/resolver
@@ -2108,7 +2101,6 @@ google.golang.org/grpc/stats
 google.golang.org/grpc/status
 google.golang.org/grpc/tap
 # google.golang.org/protobuf v1.31.0
-# google.golang.org/protobuf v1.31.0
 ## explicit; go 1.11
 google.golang.org/protobuf/encoding/protojson
 google.golang.org/protobuf/encoding/prototext

From 076e311e564e9ef472efa645ee652fb632070637 Mon Sep 17 00:00:00 2001
From: guewa <72857276+guewa@users.noreply.github.com>
Date: Tue, 14 Nov 2023 08:21:50 +0100
Subject: [PATCH 22/23] run (run-int-tests)


From 6ea7710f6d472e7f6fa6c42c466365594d9523bb Mon Sep 17 00:00:00 2001
From: guewa <72857276+guewa@users.noreply.github.com>
Date: Mon, 4 Dec 2023 09:49:37 +0100
Subject: [PATCH 23/23] run (run-int-tests)